From 88f142664ff6e50e9f1c0d7d65969de5c5e9e542 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Wed, 18 Dec 2019 03:13:14 +0000 Subject: [PATCH 01/44] Strelka - intial config --- salt/strelka/files/backend/backend.yaml | 423 ++++++++++ salt/strelka/files/backend/logging.yaml | 78 ++ salt/strelka/files/backend/passwords.dat | 2 + salt/strelka/files/backend/taste/taste.yara | 748 ++++++++++++++++++ salt/strelka/files/filestream/filestream.yaml | 20 + salt/strelka/files/frontend/frontend.yaml | 11 + salt/strelka/files/manager/manager.yaml | 4 + salt/strelka/init.sls | 149 ++++ 8 files changed, 1435 insertions(+) create mode 100644 salt/strelka/files/backend/backend.yaml create mode 100644 salt/strelka/files/backend/logging.yaml create mode 100644 salt/strelka/files/backend/passwords.dat create mode 100644 salt/strelka/files/backend/taste/taste.yara create mode 100644 salt/strelka/files/filestream/filestream.yaml create mode 100644 salt/strelka/files/frontend/frontend.yaml create mode 100644 salt/strelka/files/manager/manager.yaml create mode 100644 salt/strelka/init.sls diff --git a/salt/strelka/files/backend/backend.yaml b/salt/strelka/files/backend/backend.yaml new file mode 100644 index 000000000..40ea1b5b3 --- /dev/null +++ b/salt/strelka/files/backend/backend.yaml @@ -0,0 +1,423 @@ +{%- set ip = salt['pillar.get']('static:masterip', '') %} +logging_cfg: '/etc/strelka/logging.yaml' +limits: + max_files: 5000 + time_to_live: 900 + max_depth: 15 + distribution: 600 + scanner: 150 +coordinator: + addr: '{{ ip }}:6380' + db: 0 +tasting: + mime_db: null + yara_rules: '/etc/strelka/taste/' +scanners: + 'ScanBase64': + - positive: + filename: '^base64_' + priority: 5 + 'ScanBatch': + - positive: + flavors: + - 'text/x-msdos-batch' + - 'batch_file' + priority: 5 + 'ScanBzip2': + - positive: + flavors: + - 'application/x-bzip2' + - 'bzip2_file' + priority: 5 + 'ScanDocx': + - positive: + flavors: + - 'application/vnd.openxmlformats-officedocument.wordprocessingml.document' + priority: 5 + options: + extract_text: False + 'ScanElf': + - positive: + flavors: + - 'application/x-object' + - 'application/x-executable' + - 'application/x-sharedlib' + - 'application/x-coredump' + - 'elf_file' + priority: 5 + 'ScanEmail': + - positive: + flavors: + - 'application/vnd.ms-outlook' + - 'message/rfc822' + - 'email_file' + priority: 5 + 'ScanEntropy': + - positive: + flavors: + - '*' + priority: 5 + 'ScanExiftool': + - positive: + flavors: + - 'application/msword' + - 'application/vnd.openxmlformats-officedocument' + - 'application/vnd.openxmlformats-officedocument.presentationml.presentation' + - 'application/vnd.openxmlformats-officedocument.wordprocessingml.document' + - 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet' + - 'olecf_file' + - 'ooxml_file' + - 'audio/mpeg' + - 'mp3_file' + - 'mhtml_file' + - 'application/pdf' + - 'pdf_file' + - 'text/rtf' + - 'rtf_file' + - 'wordml_file' + - 'application/x-dosexec' + - 'mz_file' + - 'application/x-object' + - 'application/x-executable' + - 'application/x-sharedlib' + - 'application/x-coredump' + - 'elf_file' + - 'lnk_file' + - 'application/x-mach-binary' + - 'macho_file' + - 'image/gif' + - 'gif_file' + - 'image/jpeg' + - 'jpeg_file' + - 'image/png' + - 'png_file' + - 'image/tiff' + - 'type_is_tiff' + - 'image/x-ms-bmp' + - 'bmp_file' + - 'application/x-shockwave-flash' + - 'fws_file' + - 'psd_file' + - 'video/mp4' + - 'video/quicktime' + - 'video/x-msvideo' + - 'avi_file' + - 'video/x-ms-wmv' + - 'wmv_file' + priority: 5 + options: + tmp_directory: '/dev/shm/' + 'ScanGif': + - positive: + flavors: + - 'image/gif' + - 'gif_file' + priority: 5 + 'ScanGzip': + - positive: + flavors: + - 'application/gzip' + - 'application/x-gzip' + - 'gzip_file' + priority: 5 + 'ScanHash': + - positive: + flavors: + - '*' + priority: 5 + 'ScanHeader': + - positive: + flavors: + - '*' + priority: 5 + options: + length: 50 + 'ScanHtml': + - positive: + flavors: + - 'hta_file' + - 'text/html' + - 'html_file' + priority: 5 + options: + parser: "html5lib" + 'ScanIni': + - positive: + filename: '(\.([Cc][Ff][Gg]|[Ii][Nn][Ii])|PROJECT)$' + flavors: + - 'ini_file' + priority: 5 + 'ScanJarManifest': + - positive: + flavors: + - 'jar_manifest_file' + priority: 5 + 'ScanJavascript': + - negative: + flavors: + - 'text/html' + - 'html_file' + positive: + flavors: + - 'javascript_file' + - 'text/javascript' + priority: 5 + options: + beautify: True + 'ScanJpeg': + - positive: + flavors: + - 'image/jpeg' + - 'jpeg_file' + priority: 5 + 'ScanJson': + - positive: + flavors: + - 'application/json' + - 'json_file' + priority: 5 + 'ScanLibarchive': + - positive: + flavors: + - 'application/vnd.ms-cab-compressed' + - 'cab_file' + - 'application/x-7z-compressed' + - '_7zip_file' + - 'application/x-cpio' + - 'cpio_file' + - 'application/x-xar' + - 'xar_file' + - 'arj_file' + - 'iso_file' + - 'application/x-debian-package' + - 'debian_package_file' + priority: 5 + options: + limit: 1000 + 'ScanLzma': + - positive: + flavors: + - 'application/x-lzma' + - 'lzma_file' + - 'application/x-xz' + - 'xz_file' + priority: 5 + 'ScanMacho': + - positive: + flavors: + - 'application/x-mach-binary' + - 'macho_file' + priority: 5 + options: + tmp_directory: '/dev/shm/' + 'ScanMmbot': + - positive: + flavors: + - 'vb_file' + - 'vbscript' + priority: 5 + options: + server: 'strelka_mmrpc_1:33907' + 'ScanOcr': + - positive: + flavors: + - 'image/jpeg' + - 'jpeg_file' + - 'image/png' + - 'png_file' + - 'image/tiff' + - 'type_is_tiff' + - 'image/x-ms-bmp' + - 'bmp_file' + priority: 5 + options: + extract_text: False + tmp_directory: '/dev/shm/' + 'ScanOle': + - positive: + flavors: + - 'application/CDFV2' + - 'application/msword' + - 'olecf_file' + priority: 5 + 'ScanPdf': + - positive: + flavors: + - 'application/pdf' + - 'pdf_file' + priority: 5 + options: + extract_text: False + limit: 2000 + 'ScanPe': + - positive: + flavors: + - 'application/x-dosexec' + - 'mz_file' + priority: 5 + 'ScanPgp': + - positive: + flavors: + - 'application/pgp-keys' + - 'pgp_file' + priority: 5 + 'ScanPhp': + - positive: + flavors: + - 'text/x-php' + - 'php_file' + priority: 5 + 'ScanPkcs7': + - positive: + flavors: + - 'pkcs7_file' + priority: 5 + options: + tmp_directory: '/dev/shm/' + 'ScanPlist': + - positive: + flavors: + - 'bplist_file' + - 'plist_file' + priority: 5 + options: + keys: + - 'KeepAlive' + - 'Label' + - 'NetworkState' + - 'Program' + - 'ProgramArguments' + - 'RunAtLoad' + - 'StartInterval' + 'ScanRar': + - positive: + flavors: + - 'application/x-rar' + - 'rar_file' + priority: 5 + options: + limit: 1000 + 'ScanRpm': + - positive: + flavors: + - 'application/x-rpm' + - 'rpm_file' + priority: 5 + options: + tmp_directory: '/dev/shm/' + 'ScanRtf': + - positive: + flavors: + - 'text/rtf' + - 'rtf_file' + priority: 5 + options: + limit: 1000 + 'ScanRuby': + - positive: + flavors: + - 'text/x-ruby' + priority: 5 + 'ScanSwf': + - positive: + flavors: + - 'application/x-shockwave-flash' + - 'fws_file' + - 'cws_file' + - 'zws_file' + priority: 5 + 'ScanTar': + - positive: + flavors: + - 'application/x-tar' + - 'tar_file' + priority: 5 + options: + limit: 1000 + 'ScanTnef': + - positive: + flavors: + - 'application/vnd.ms-tnef' + - 'tnef_file' + priority: 5 + 'ScanUpx': + - positive: + flavors: + - 'upx_file' + priority: 5 + options: + tmp_directory: '/dev/shm/' + 'ScanUrl': + - negative: + flavors: + - 'javascript_file' + positive: + flavors: + - 'text/plain' + priority: 5 + 'ScanVb': + - positive: + flavors: + - 'vb_file' + - 'vbscript' + priority: 5 + 'ScanVba': + - positive: + flavors: + - 'mhtml_file' + - 'application/msword' + - 'olecf_file' + - 'wordml_file' + priority: 5 + options: + analyze_macros: True + 'ScanX509': + - positive: + flavors: + - 'x509_der_file' + priority: 5 + options: + type: 'der' + - positive: + flavors: + - 'x509_pem_file' + priority: 5 + options: + type: 'pem' + 'ScanXml': + - positive: + flavors: + - 'application/xml' + - 'text/xml' + - 'xml_file' + - 'mso_file' + - 'soap_file' + priority: 5 + 'ScanYara': + - positive: + flavors: + - '*' + priority: 5 + options: + location: '/etc/yara/' + 'ScanZip': + - positive: + flavors: + - 'application/java-archive' + - 'application/zip' + - 'zip_file' + - 'application/vnd.openxmlformats-officedocument' + - 'application/vnd.openxmlformats-officedocument.presentationml.presentation' + - 'application/vnd.openxmlformats-officedocument.wordprocessingml.document' + - 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet' + - 'ooxml_file' + priority: 5 + options: + limit: 1000 + password_file: '/etc/strelka/passwords.dat' + 'ScanZlib': + - positive: + flavors: + - 'application/zlib' + - 'zlib_file' + priority: 5 diff --git a/salt/strelka/files/backend/logging.yaml b/salt/strelka/files/backend/logging.yaml new file mode 100644 index 000000000..b21d3c396 --- /dev/null +++ b/salt/strelka/files/backend/logging.yaml @@ -0,0 +1,78 @@ +version: 1 +formatters: + simple: + format: '%(asctime)s - [%(levelname)s] %(name)s [%(module)s.%(funcName)s]: %(message)s' + datefmt: '%Y-%m-%d %H:%M:%S' +handlers: + console: + class: logging.StreamHandler + formatter: simple + stream: ext://sys.stdout +root: + level: DEBUG + handlers: [console] +loggers: + OpenSSL: + propagate: 0 + bs4: + propagate: 0 + bz2: + propagate: 0 + chardet: + propagate: 0 + docx: + propagate: 0 + elftools: + propagate: 0 + email: + propagate: 0 + entropy: + propagate: 0 + esprima: + propagate: 0 + gzip: + propagate: 0 + hashlib: + propagate: 0 + json: + propagate: 0 + libarchive: + propagate: 0 + lxml: + propagate: 0 + lzma: + propagate: 0 + macholibre: + propagate: 0 + olefile: + propagate: 0 + oletools: + propagate: 0 + pdfminer: + propagate: 0 + pefile: + propagate: 0 + pgpdump: + propagate: 0 + pygments: + propagate: 0 + pylzma: + propagate: 0 + rarfile: + propagate: 0 + requests: + propagate: 0 + rpmfile: + propagate: 0 + ssdeep: + propagate: 0 + tarfile: + propagate: 0 + tnefparse: + propagate: 0 + yara: + propagate: 0 + zipfile: + propagate: 0 + zlib: + propagate: 0 diff --git a/salt/strelka/files/backend/passwords.dat b/salt/strelka/files/backend/passwords.dat new file mode 100644 index 000000000..e9541f540 --- /dev/null +++ b/salt/strelka/files/backend/passwords.dat @@ -0,0 +1,2 @@ +infected +password diff --git a/salt/strelka/files/backend/taste/taste.yara b/salt/strelka/files/backend/taste/taste.yara new file mode 100644 index 000000000..15d2dffbb --- /dev/null +++ b/salt/strelka/files/backend/taste/taste.yara @@ -0,0 +1,748 @@ +// Archive Files + +rule _7zip_file +{ + meta: + type = "archive" + strings: + $a = { 37 7A BC AF 27 1C } + condition: + $a at 0 +} + +rule arj_file +{ + meta: + type = "archive" + condition: + uint16(0) == 0xEA60 +} + +rule cab_file +{ + meta: + type = "archive" + strings: + $a = { 4D 53 43 46 00 00 00 00 } + condition: + $a at 0 or + ( uint16(0) == 0x5A4D and $a ) +} + +rule cpio_file +{ + meta: + type = "archive" + strings: + $a = { 30 37 30 37 30 31 } + condition: + $a at 0 +} + +rule iso_file +{ + meta: + type = "archive" + strings: + $a = { 43 44 30 30 31 } + condition: + $a at 0x8001 and $a at 0x8801 and $a at 0x9001 +} + +rule mhtml_file +{ + meta: + type = "archive" + strings: + $a = "MIME-Version: 1.0" + $b = "This document is a Single File Web Page, also known as a Web Archive file" + condition: + $a at 0 and $b +} + +rule rar_file +{ + meta: + type = "archive" + condition: + uint16(0) == 0x6152 and uint8(2) == 0x72 and uint16(3) == 0x1A21 and uint8(5) == 0x07 +} + +rule tar_file +{ + meta: + type = "archive" + strings: + $a = { 75 73 74 61 72 } + condition: + uint16(0) == 0x9D1F or + uint16(0) == 0xA01F or + $a at 257 +} + +rule xar_file +{ + meta: + type = "archive" + condition: + uint32(0) == 0x21726178 +} + +rule zip_file +{ + meta: + type = "archive" + condition: + ( uint32(0) == 0x04034B50 and not uint32(4) == 0x00060014 ) +} + +// Audio Files + +rule mp3_file +{ + meta: + type = "audio" + condition: + uint16(0) == 0x4449 and uint8(2) == 0x33 +} + +// Certificate Files + +rule pkcs7_file +{ + meta: + type = "certificate" + strings: + $a = "-----BEGIN PKCS7-----" + condition: + (uint16(0) == 0x8230 and uint16(4) == 0x0906) or + uint32(0) == 0x09068030 or + $a at 0 +} + +rule x509_der_file +{ + meta: + type = "certificate" + condition: + uint16(0) == 0x8230 and ( uint16(4) == 0x8230 or uint16(4) == 0x8130 ) +} + +rule x509_pem_file +{ + meta: + type = "certificate" + strings: + $a = "-----BEGIN CERTI" + condition: + $a at 0 +} + +// Compressed Files + +rule bzip2_file +{ + meta: + type = "compressed" + condition: + uint16(0) == 0x5A42 and uint8(2) == 0x68 +} + +rule gzip_file +{ + meta: + type = "compressed" + condition: + uint16(0) == 0x8B1F and uint8(2) == 0x08 +} + +rule lzma_file +{ + meta: + type = "compressed" + condition: + uint16(0) == 0x005D and uint8(2) == 0x00 +} + +rule xz_file +{ + meta: + type = "compressed" + condition: + uint32(0) == 0x587A37FD and uint16(4) == 0x005A +} + +// Document Files + +rule doc_subheader_file +{ + meta: + type = "document" + condition: + uint32(0) == 0x00C1A5EC +} + +rule mso_file +{ + meta: + type = "document" + strings: + $a = { 3C 3F 6D 73 6F 2D 61 70 70 6C 69 63 61 74 69 6F 6E 20 } // + condition: + $a at 0 or + $b at 0 or + $c at 0 or + $d at 0 or + $e at 0 or + $f at 0 or + $g at 0 or + $h at 0 or + $i at 0 or + $j at 0 or + $k at 0 or + $l at 0 or + $m at 0 or + $n at 0 +} + +rule json_file +{ + meta: + type = "text" + strings: + $a = { 7B [0-5] 22 } + condition: + $a at 0 +} + +rule php_file +{ + meta: + type = "text" + strings: + $a = { 3c 3f 70 68 70 } + condition: + $a at 0 +} + +rule soap_file +{ + meta: + description = "Simple Object Access Protocol" + type = "text" + strings: + $a = { 3C 73 6F 61 70 65 6E 76 3A 45 6E 76 65 6C 6F 70 65 } // + $c = { 3C 73 74 79 6C 65 53 68 65 65 74 20 78 6D 6C 6E 73 3D } // . +{%- set MASTER = grains['master'] %} +{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %} + +# Strelka config +strelkaconfdir: + file.directory: + - name: /opt/so/conf/strelka + - user: 939 + - group: 939 + - makedirs: True + +# Strelka logs +strelkalogdir: + file.directory: + - name: /opt/so/log/strelka + - user: 939 + - group: 939 + - makedirs: True + +# Sync dynamic config to conf dir +strelkasync: + file.recurse: + - name: /opt/so/conf/strelka/ + - source: salt://strelka/files + - user: 939 + - group: 939 + - template: jinja + +strelkadatadir: + file.directory: + - name: /nsm/strelka + - user: 939 + - group: 939 + - makedirs: True + +strelkastagedir: + file.directory: + - name: /nsm/strelka/processed + - user: 939 + - group: 939 + - makedirs: True + + +#so-strelka-frontendimage: +# cmd.run: +# - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-strelka-frontend:HH1.1.5 + +so-strelka-coordinatorimage: + cmd.run: + - name: docker pull --disable-content-trust=false docker.io/redis:5.0.5-alpine3.10 + +so-strelka-gatekeeperimage: + cmd.run: + - name: docker pull --disable-content-trust=false docker.io/redis:5.0.5-alpine3.10 + +so-strelka-backendimage: + cmd.run: + - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-strelka-backend:HH1.1.5 + +so-strelka-managerimage: + cmd.run: + - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-strelka-manager:HH1.1.5 + +so-strelka-backendimage: + cmd.run: + - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-strelka-backend:HH1.1.5 + + +strelka_coordinator: + docker_container.running: + - require: + - so-strelka-coordinatorimage + - image: docker.io/redis:5.0.5-alpine3.10 + - name: so-strelka-coordinator + - command: redis-server --save "" --appendonly no + - port_bindings: + - 0.0.0.0:6380:6379 + +strelka_gatekeeper: + docker_container.running: + - require: + - so-strelka-gatekeeperimage + - image: docker.io/redis:5.0.5-alpine3.10 + - name: so-strelka-gatekeeper + - command: redis-server --save "" --appendonly no --maxmemory-policy allkeys-lru + - port_bindings: + - 0.0.0.0:6381:6379 + +strelka_frontend: + docker_container.running: + - require: + - so-strelka-frontendimage + - image: docker.io/soshybridhunter/so-strelka-frontend:HH1.1.5 + - binds: + - /opt/so/conf/strelka/frontend/:/etc/strelka/:ro + - /opt/so/log/strelka/:/var/log/strelka/:rw + - privileged: True + - name: so-strelka-frontend + - command: strelka-frontend + - port_bindings: + - 0.0.0.0:57314:57314 + +strelka_backend: + docker_container.running: + - require: + - so-strelka-backendimage + - image: docker.io/soshybridhunter/so-strelka-backend:HH1.1.5 + - restart_policy: unless-stopped + - binds: + - /opt/so/conf/strelka/backend/:/etc/strelka/:ro + - /opt/so/conf/strelka/backend/yara:/etc/yara/:ro + - name: so-strelka-backend + - command: strelka-backend + +strelka_manager: + docker_container.running: + - require: + - so-strelka-managerimage + - image: docker.io/soshybridhunter/so-strelka-manager:HH1.1.5 + - binds: + - /opt/so/conf/strelka/manager/:/etc/strelka/:ro + - name: so-strelka-manager + - command: strelka-manager + +strelka_filestream: + docker_container.running: + - require: + - so-strelka-filestreamimage + - image: docker.io/soshybridhunter/so-strelka-filestream:HH1.1.5 + - image: docker.io/wlambert/sfilestream:grpc + - binds: + - /opt/so/conf/strelka/filestream/:/etc/strelka/:ro + - /nsm/strelka:/nsm/strelka + - name: so-strelka-filestream + - command: strelka-filestream From c597dd2fb4dad5a64f7bab4cd165fc450f760716 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Wed, 18 Dec 2019 03:22:30 +0000 Subject: [PATCH 02/44] Strelka - Filebeat config --- salt/filebeat/etc/filebeat.yml | 16 +++++++++++++++- salt/strelka/init.sls | 6 +++--- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml index 0da9b68bc..1fdfc68e1 100644 --- a/salt/filebeat/etc/filebeat.yml +++ b/salt/filebeat/etc/filebeat.yml @@ -3,6 +3,7 @@ {%- set BROVER = salt['pillar.get']('static:broversion', 'COMMUNITY') %} {%- set WAZUHENABLED = salt['pillar.get']('static:wazuh_enabled', '1') %} {%- set FLEETENABLED = salt['pillar.get']('static:fleet_enabled', '1') %} +{%- set STRELKAENABLED = salt['pillar.get']('static:strelka_enabled', '1') %} name: {{ HOSTNAME }} @@ -66,7 +67,7 @@ filebeat.modules: # List of prospectors to fetch data. filebeat.prospectors: #------------------------------ Log prospector -------------------------------- -{%- if grains['role'] == 'so-sensor' or grains['role'] == "so-eval" or grains['role'] == "so-helix" %} +{%- if grains['role'] == 'so-sensor' or grains['role'] == "so-eval" %} {%- if BROVER != 'SURICATA' %} {%- for LOGNAME in salt['pillar.get']('brologs:enabled', '') %} - type: log @@ -126,6 +127,19 @@ filebeat.prospectors: clean_removed: false close_removed: false +{%- endif %} + +{%- if STRELKAENABLED == '1' %} + + - type: log + paths: + - /opt/so/log/strelka/strelka.log + fields: + type: strelka + fields_under_root: true + clean_removed: false + close_removed: false + {%- endif %} #----------------------------- Logstash output --------------------------------- output.logstash: diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls index 0369f351e..803886d2b 100644 --- a/salt/strelka/init.sls +++ b/salt/strelka/init.sls @@ -55,9 +55,9 @@ strelkastagedir: - makedirs: True -#so-strelka-frontendimage: -# cmd.run: -# - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-strelka-frontend:HH1.1.5 +so-strelka-frontendimage: + cmd.run: + - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-strelka-frontend:HH1.1.5 so-strelka-coordinatorimage: cmd.run: From 2888dce48f38dcf21fcbaa5100c8d326edfe0a11 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 18 Dec 2019 14:11:26 -0500 Subject: [PATCH 03/44] fix ssl verify hive_init.sh --- salt/hive/thehive/scripts/hive_init.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/hive/thehive/scripts/hive_init.sh b/salt/hive/thehive/scripts/hive_init.sh index f726ae229..6c5168a66 100755 --- a/salt/hive/thehive/scripts/hive_init.sh +++ b/salt/hive/thehive/scripts/hive_init.sh @@ -16,7 +16,7 @@ hive_init(){ COUNT=0 HIVE_CONNECTED="no" while [[ "$COUNT" -le 240 ]]; do - curl --output /dev/null --silent --head --fail "https://$HIVE_IP:/thehive" + curl --output /dev/null --silent --head --fail -k "https://$HIVE_IP:/thehive" if [ $? -eq 0 ]; then HIVE_CONNECTED="yes" echo "connected!" From 0d541f49498b52858d42d5ad956ef45110237ac0 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Thu, 19 Dec 2019 10:49:23 -0500 Subject: [PATCH 04/44] initial commit - so-component-restart scripts --- salt/common/tools/sbin/so-cortex-restart | 20 ++++++++++++++ salt/common/tools/sbin/so-filebeat-restart | 31 ++++++++++++---------- salt/common/tools/sbin/so-playbook-restart | 20 ++++++++++++++ salt/common/tools/sbin/so-soctopus-restart | 20 ++++++++++++++ salt/common/tools/sbin/so-thehive-restart | 20 ++++++++++++++ 5 files changed, 97 insertions(+), 14 deletions(-) create mode 100644 salt/common/tools/sbin/so-cortex-restart create mode 100644 salt/common/tools/sbin/so-playbook-restart create mode 100644 salt/common/tools/sbin/so-soctopus-restart create mode 100644 salt/common/tools/sbin/so-thehive-restart diff --git a/salt/common/tools/sbin/so-cortex-restart b/salt/common/tools/sbin/so-cortex-restart new file mode 100644 index 000000000..aab452475 --- /dev/null +++ b/salt/common/tools/sbin/so-cortex-restart @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-restart cortex $1 diff --git a/salt/common/tools/sbin/so-filebeat-restart b/salt/common/tools/sbin/so-filebeat-restart index 85faf7499..d9cdeeec8 100644 --- a/salt/common/tools/sbin/so-filebeat-restart +++ b/salt/common/tools/sbin/so-filebeat-restart @@ -1,17 +1,20 @@ #!/bin/bash - -# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC - -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -docker stop so-filebeat && sudo docker rm so-filebeat && salt-call state.apply filebeat +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-restart filebeat $1 diff --git a/salt/common/tools/sbin/so-playbook-restart b/salt/common/tools/sbin/so-playbook-restart new file mode 100644 index 000000000..f05222eae --- /dev/null +++ b/salt/common/tools/sbin/so-playbook-restart @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-restart playbook $1 diff --git a/salt/common/tools/sbin/so-soctopus-restart b/salt/common/tools/sbin/so-soctopus-restart new file mode 100644 index 000000000..144ddbf3e --- /dev/null +++ b/salt/common/tools/sbin/so-soctopus-restart @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-restart soctopus $1 diff --git a/salt/common/tools/sbin/so-thehive-restart b/salt/common/tools/sbin/so-thehive-restart new file mode 100644 index 000000000..4b28c0030 --- /dev/null +++ b/salt/common/tools/sbin/so-thehive-restart @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-restart thehive $1 From 2b20d009e1dc17aa641caf6025cbf539de54d59e Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 19 Dec 2019 15:50:22 -0500 Subject: [PATCH 05/44] Fixed cyberchef container image version error. Cyberchef container image v1.1.4 has not been built yet, revert to 1.1.3 for now --- salt/cyberchef/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/cyberchef/init.sls b/salt/cyberchef/init.sls index 8d33f38d5..aa04d3725 100644 --- a/salt/cyberchef/init.sls +++ b/salt/cyberchef/init.sls @@ -42,7 +42,7 @@ cybercheflog: so-cyberchefimage: cmd.run: - - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-cyberchef:HH1.1.4 + - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-cyberchef:HH1.1.3 so-cyberchef: docker_container.running: From 7653959d60cfd15f8aa088369065179d9f4bb566 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 19 Dec 2019 17:50:45 -0500 Subject: [PATCH 06/44] [BUG] Updated missed text in cyberchef init.sls The docker pull command was updated but not the run instruction --- salt/cyberchef/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/cyberchef/init.sls b/salt/cyberchef/init.sls index aa04d3725..ff258c293 100644 --- a/salt/cyberchef/init.sls +++ b/salt/cyberchef/init.sls @@ -48,7 +48,7 @@ so-cyberchef: docker_container.running: - require: - so-cyberchefimage - - image: docker.io/soshybridhunter/so-cyberchef:HH1.1.4 + - image: docker.io/soshybridhunter/so-cyberchef:HH1.1.3 - interactive: True - binds: - /opt/so/saltstack/salt/cyberchef/build:/prod:rw From b97ff72bc25be80f0817a648f97d750d76a543b4 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 18 Dec 2019 14:11:26 -0500 Subject: [PATCH 07/44] fix ssl verify hive_init.sh --- salt/hive/thehive/scripts/hive_init.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/hive/thehive/scripts/hive_init.sh b/salt/hive/thehive/scripts/hive_init.sh index f726ae229..6c5168a66 100755 --- a/salt/hive/thehive/scripts/hive_init.sh +++ b/salt/hive/thehive/scripts/hive_init.sh @@ -16,7 +16,7 @@ hive_init(){ COUNT=0 HIVE_CONNECTED="no" while [[ "$COUNT" -le 240 ]]; do - curl --output /dev/null --silent --head --fail "https://$HIVE_IP:/thehive" + curl --output /dev/null --silent --head --fail -k "https://$HIVE_IP:/thehive" if [ $? -eq 0 ]; then HIVE_CONNECTED="yes" echo "connected!" From 2b6e2e04656943d1b9b95ee25f50947d0b667f0c Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 18 Dec 2019 21:55:24 -0500 Subject: [PATCH 08/44] Initial changes to add new auth framework * Changes to evalmode only at this time * Cleaned up nginx eval config --- salt/auth/init.sls | 44 ++++++++++++++++ salt/common/nginx/nginx.conf.so-eval | 76 +++++++++++++++++----------- salt/cyberchef/init.sls | 4 +- salt/top.sls | 1 + setup/so-setup.sh | 1 + 5 files changed, 94 insertions(+), 32 deletions(-) create mode 100644 salt/auth/init.sls diff --git a/salt/auth/init.sls b/salt/auth/init.sls new file mode 100644 index 000000000..45254e177 --- /dev/null +++ b/salt/auth/init.sls @@ -0,0 +1,44 @@ +authdir: + file.directory: + - name: /opt/so/conf/auth + - user: 939 + - group: 939 + - makedirs: True + +authfilesync: + file.recurse: + - name: /opt/so/conf/auth + - source: salt://auth/files + - user: 939 + - group: 939 + - template: jinja + +so-auth-api-image: + cmd.run: + - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-auth-api:HH1.1.3 + +so-auth-ui-image: + cmd.run: + - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-auth-ui:HH1.1.3 + +so-auth-api: + docker_container.running: + - require: + - so-auth-api-image + - image: docker.io/soshybridhunter/so-auth-api:HH1.1.3 + - hostname: so-auth-api + - name: so-auth-api + - environment: + - BASE_PATH: "/so-auth/api" + - port_bindings: + - 0.0.0.0:5656:5656 + +so-auth-ui: + docker_container.running: + - require: + - so-auth-ui-image + - image: docker.io/soshybridhunter/so-auth-ui:HH1.1.3 + - hostname: so-auth-ui + - name: so-auth-ui + - port_bindings: + - 0.0.0.0:4242:80 diff --git a/salt/common/nginx/nginx.conf.so-eval b/salt/common/nginx/nginx.conf.so-eval index b5cf6ef5a..f506499a7 100644 --- a/salt/common/nginx/nginx.conf.so-eval +++ b/salt/common/nginx/nginx.conf.so-eval @@ -58,9 +58,9 @@ http { # } #} server { - listen 80 default_server; - server_name _; - return 301 https://$host$request_uri; + listen 80 default_server; + server_name _; + return 301 https://$host$request_uri; } @@ -88,8 +88,8 @@ http { # } location /grafana/ { - rewrite /grafana/(.*) /$1 break; - proxy_pass http://{{ masterip }}:3000/; + rewrite /grafana/(.*) /$1 break; + proxy_pass http://{{ masterip }}:3000/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -100,10 +100,9 @@ http { } location /kibana/ { - auth_basic "Security Onion"; - auth_basic_user_file /opt/so/conf/nginx/.htpasswd; - rewrite /kibana/(.*) /$1 break; - proxy_pass http://{{ masterip }}:5601/; + auth_request /so-auth/api/auth/; + rewrite /kibana/(.*) /$1 break; + proxy_pass http://{{ masterip }}:5601/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -114,7 +113,7 @@ http { } location /playbook/ { - proxy_pass http://{{ masterip }}:3200/playbook/; + proxy_pass http://{{ masterip }}:3200/playbook/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -126,9 +125,8 @@ http { location /navigator/ { - auth_basic "Security Onion"; - auth_basic_user_file /opt/so/conf/nginx/.htpasswd; - proxy_pass http://{{ masterip }}:4200/navigator/; + auth_request /so-auth/api/auth/; + proxy_pass http://{{ masterip }}:4200/navigator/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -139,7 +137,7 @@ http { } location /api/ { - proxy_pass https://{{ masterip }}:8080/api/; + proxy_pass https://{{ masterip }}:8080/api/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Upgrade $http_upgrade; @@ -152,7 +150,7 @@ http { } location /fleet/ { - proxy_pass https://{{ masterip }}:8080/fleet/; + proxy_pass https://{{ masterip }}:8080/fleet/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -163,10 +161,10 @@ http { } location /thehive/ { - proxy_pass http://{{ masterip }}:9000/thehive/; + proxy_pass http://{{ masterip }}:9000/thehive/; proxy_read_timeout 90; proxy_connect_timeout 90; - proxy_http_version 1.1; # this is essential for chunked responses to work + proxy_http_version 1.1; # this is essential for chunked responses to work proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -175,10 +173,10 @@ http { } location /cortex/ { - proxy_pass http://{{ masterip }}:9001/cortex/; + proxy_pass http://{{ masterip }}:9001/cortex/; proxy_read_timeout 90; proxy_connect_timeout 90; - proxy_http_version 1.1; # this is essential for chunked responses to work + proxy_http_version 1.1; # this is essential for chunked responses to work proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -187,19 +185,19 @@ http { } location /cyberchef/ { - proxy_pass http://{{ masterip }}:9080/; + proxy_pass http://{{ masterip }}:9080/; proxy_read_timeout 90; proxy_connect_timeout 90; - proxy_http_version 1.1; # this is essential for chunked responses to work + proxy_http_version 1.1; # this is essential for chunked responses to work proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; } - + location /soctopus/ { - proxy_pass http://{{ masterip }}:7000/; + proxy_pass http://{{ masterip }}:7000/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; @@ -210,17 +208,16 @@ http { } location /sensoroni/ { - auth_basic "Security Onion"; - auth_basic_user_file /opt/so/conf/nginx/.htpasswd; - proxy_pass http://{{ masterip }}:9822/; + auth_request /so-auth/api/auth/; + proxy_pass http://{{ masterip }}:9822/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; } @@ -237,15 +234,34 @@ http { } location /sensoroniagents/ { - proxy_pass http://{{ masterip }}:9822/; + proxy_pass http://{{ masterip }}:9822/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; - } + + location /so-auth/loginpage/ { + proxy_pass http://{{ masterip }}:4242/; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + location /so-auth/api/ { + proxy_pass http://{{ masterip }}:5656/; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + } + + error_page 401 = @error401; + + location @error401 { + add_header Set-Cookie "NSREDIRECT=http://{{ masterip }}$request_uri;Domain={{ masterip }};Path=/"; + return 302 http://{{ masterip }}/so-auth/loginpage/; + } + error_page 404 /404.html; location = /40x.html { } diff --git a/salt/cyberchef/init.sls b/salt/cyberchef/init.sls index 8d33f38d5..ff258c293 100644 --- a/salt/cyberchef/init.sls +++ b/salt/cyberchef/init.sls @@ -42,13 +42,13 @@ cybercheflog: so-cyberchefimage: cmd.run: - - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-cyberchef:HH1.1.4 + - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-cyberchef:HH1.1.3 so-cyberchef: docker_container.running: - require: - so-cyberchefimage - - image: docker.io/soshybridhunter/so-cyberchef:HH1.1.4 + - image: docker.io/soshybridhunter/so-cyberchef:HH1.1.3 - interactive: True - binds: - /opt/so/saltstack/salt/cyberchef/build:/prod:rw diff --git a/salt/top.sls b/salt/top.sls index 265214216..4a2ccdd2b 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -48,6 +48,7 @@ base: - firewall - master - idstools + - auth {%- if OSQUERY != 0 %} - mysql {%- endif %} diff --git a/setup/so-setup.sh b/setup/so-setup.sh index 6c26783ae..5fa4fa7b7 100644 --- a/setup/so-setup.sh +++ b/setup/so-setup.sh @@ -655,6 +655,7 @@ if (whiptail_you_sure) ; then echo -e "XXX\n95\nSetting checkin to run on boot... \nXXX" checkin_at_boot >> $SETUPLOG 2>&1 echo -e "XX\n97\nFinishing touches... \nXXX" + salt-call state.apply auth >> $SETUPLOG 2>&1 filter_unused_nics >> $SETUPLOG 2>&1 network_setup >> $SETUPLOG 2>&1 echo -e "XXX\n98\nVerifying Setup... \nXXX" From eea08f35153b4d13857d91e493870a51ebb45163 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Fri, 20 Dec 2019 01:24:20 +0000 Subject: [PATCH 09/44] add back helix --- salt/filebeat/etc/filebeat.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml index 1fdfc68e1..4706e4c5a 100644 --- a/salt/filebeat/etc/filebeat.yml +++ b/salt/filebeat/etc/filebeat.yml @@ -67,7 +67,7 @@ filebeat.modules: # List of prospectors to fetch data. filebeat.prospectors: #------------------------------ Log prospector -------------------------------- -{%- if grains['role'] == 'so-sensor' or grains['role'] == "so-eval" %} +{%- if grains['role'] == 'so-sensor' or grains['role'] == "so-eval" or grains['role'] == "so-helix" %} {%- if BROVER != 'SURICATA' %} {%- for LOGNAME in salt['pillar.get']('brologs:enabled', '') %} - type: log From 124c552fca2e979c54caeb45d3a55891ca014e16 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Fri, 20 Dec 2019 15:49:22 +0000 Subject: [PATCH 10/44] remove Cyberchef from top file since it is now in so-core --- salt/top.sls | 2 -- 1 file changed, 2 deletions(-) diff --git a/salt/top.sls b/salt/top.sls index 265214216..8e8b286cf 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -58,7 +58,6 @@ base: - suricata - bro - curator - - cyberchef - elastalert {%- if OSQUERY != 0 %} - fleet @@ -85,7 +84,6 @@ base: - ca - ssl - common - - cyberchef - sensoroni - firewall - master From ed28be4ba9f4f37b407fc6d801cc6da2fdad5bee Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 20 Dec 2019 11:32:55 -0500 Subject: [PATCH 11/44] rename logstash config for storage to search - https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/176 --- .../conf/{conf.enabled.txt.storage => conf.enabled.txt.search} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename salt/logstash/conf/{conf.enabled.txt.storage => conf.enabled.txt.search} (100%) diff --git a/salt/logstash/conf/conf.enabled.txt.storage b/salt/logstash/conf/conf.enabled.txt.search similarity index 100% rename from salt/logstash/conf/conf.enabled.txt.storage rename to salt/logstash/conf/conf.enabled.txt.search From beb12663f5c0a05c9092a7ef68ea3cd2f82e8e50 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Fri, 20 Dec 2019 13:10:53 -0500 Subject: [PATCH 12/44] more so-restart scripts --- salt/common/tools/sbin/so-curator-restart | 20 +++++++++++++++++++ salt/common/tools/sbin/so-elastalert-restart | 20 +++++++++++++++++++ .../tools/sbin/so-elasticsearch-restart | 20 +++++++++++++++++++ salt/common/tools/sbin/so-fleet-restart | 20 +++++++++++++++++++ salt/common/tools/sbin/so-grafana-restart | 20 +++++++++++++++++++ salt/common/tools/sbin/so-kibana-restart | 20 +++++++++++++++++++ salt/common/tools/sbin/so-mysql-restart | 20 +++++++++++++++++++ salt/common/tools/sbin/so-redis-restart | 20 +++++++++++++++++++ salt/common/tools/sbin/so-restart | 1 - salt/common/tools/sbin/so-zeek-restart | 20 +++++++++++++++++++ 10 files changed, 180 insertions(+), 1 deletion(-) create mode 100644 salt/common/tools/sbin/so-curator-restart create mode 100644 salt/common/tools/sbin/so-elastalert-restart create mode 100644 salt/common/tools/sbin/so-elasticsearch-restart create mode 100644 salt/common/tools/sbin/so-fleet-restart create mode 100644 salt/common/tools/sbin/so-grafana-restart create mode 100644 salt/common/tools/sbin/so-kibana-restart create mode 100644 salt/common/tools/sbin/so-mysql-restart create mode 100644 salt/common/tools/sbin/so-redis-restart create mode 100644 salt/common/tools/sbin/so-zeek-restart diff --git a/salt/common/tools/sbin/so-curator-restart b/salt/common/tools/sbin/so-curator-restart new file mode 100644 index 000000000..043f04b7d --- /dev/null +++ b/salt/common/tools/sbin/so-curator-restart @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-restart curator $1 diff --git a/salt/common/tools/sbin/so-elastalert-restart b/salt/common/tools/sbin/so-elastalert-restart new file mode 100644 index 000000000..46e66ec40 --- /dev/null +++ b/salt/common/tools/sbin/so-elastalert-restart @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-restart elastalert $1 diff --git a/salt/common/tools/sbin/so-elasticsearch-restart b/salt/common/tools/sbin/so-elasticsearch-restart new file mode 100644 index 000000000..e13a89ba8 --- /dev/null +++ b/salt/common/tools/sbin/so-elasticsearch-restart @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-restart elasticsearch $1 diff --git a/salt/common/tools/sbin/so-fleet-restart b/salt/common/tools/sbin/so-fleet-restart new file mode 100644 index 000000000..264e9f8a7 --- /dev/null +++ b/salt/common/tools/sbin/so-fleet-restart @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-restart fleet $1 diff --git a/salt/common/tools/sbin/so-grafana-restart b/salt/common/tools/sbin/so-grafana-restart new file mode 100644 index 000000000..52ebbacda --- /dev/null +++ b/salt/common/tools/sbin/so-grafana-restart @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-restart grafana $1 diff --git a/salt/common/tools/sbin/so-kibana-restart b/salt/common/tools/sbin/so-kibana-restart new file mode 100644 index 000000000..0349348cb --- /dev/null +++ b/salt/common/tools/sbin/so-kibana-restart @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-restart kibana $1 diff --git a/salt/common/tools/sbin/so-mysql-restart b/salt/common/tools/sbin/so-mysql-restart new file mode 100644 index 000000000..1fcb885a4 --- /dev/null +++ b/salt/common/tools/sbin/so-mysql-restart @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-restart mysql $1 diff --git a/salt/common/tools/sbin/so-redis-restart b/salt/common/tools/sbin/so-redis-restart new file mode 100644 index 000000000..b1e1293b8 --- /dev/null +++ b/salt/common/tools/sbin/so-redis-restart @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-restart redis $1 diff --git a/salt/common/tools/sbin/so-restart b/salt/common/tools/sbin/so-restart index e07fd5010..0bf5b7736 100644 --- a/salt/common/tools/sbin/so-restart +++ b/salt/common/tools/sbin/so-restart @@ -31,6 +31,5 @@ fi case $1 in "cortex") docker stop so-thehive-cortex so-thehive && docker rm so-thehive-cortex so-thehive && salt-call state.apply hive queue=True;; - "fleet") docker stop so-fleet so-redis && docker rm so-fleet so-redis && salt-call state.apply fleet queue=True;; *) docker stop so-$1 && docker rm so-$1 && salt-call state.apply $1 queue=True;; esac diff --git a/salt/common/tools/sbin/so-zeek-restart b/salt/common/tools/sbin/so-zeek-restart new file mode 100644 index 000000000..29c50f27a --- /dev/null +++ b/salt/common/tools/sbin/so-zeek-restart @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-restart bro $1 From 2feb14503c6fcb0c07472472791cb5cc21529f27 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 20 Dec 2019 14:40:08 -0500 Subject: [PATCH 13/44] changes for https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/157 --- pillar/top.sls | 11 ++- setup/functions.sh | 197 +++++++++++++++++++++------------------------ setup/whiptail.sh | 6 +- 3 files changed, 99 insertions(+), 115 deletions(-) diff --git a/pillar/top.sls b/pillar/top.sls index 17bf33e02..d8c519eac 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -3,20 +3,20 @@ base: - patch.needs_restarting 'G@role:so-sensor': - - sensors.{{ grains.id }} + - minions.{{ grains.id }} - static - firewall.* - brologs 'G@role:so-master': - - masters.{{ grains.id }} + - minions.{{ grains.id }} - static - firewall.* - data.* - auth 'G@role:so-eval': - - masters.{{ grains.id }} + - minions.{{ grains.id }} - static - firewall.* - data.* @@ -24,13 +24,12 @@ base: - auth 'G@role:so-node': - - nodes.{{ grains.id }} + - minions.{{ grains.id }} - static - firewall.* 'G@role:so-helix': - - masters.{{ grains.id }} - - sensors.{{ grains.id }} + - minions.{{ grains.id }} - static - firewall.* - fireeye diff --git a/setup/functions.sh b/setup/functions.sh index 6ebcd7a89..474f26863 100644 --- a/setup/functions.sh +++ b/setup/functions.sh @@ -270,9 +270,9 @@ copy_minion_tmp_files() { if [ $INSTALLTYPE == 'MASTERONLY' ] || [ $INSTALLTYPE == 'EVALMODE' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ]; then echo "Copying pillar and salt files in $TMP to /opt/so/saltstack" - cp -Rv $TMP/pillar/ /opt/so/saltstack/pillar/ >> $SETUPLOG 2>&1 + cp -Rv $TMP/pillar/ /opt/so/saltstack/ >> $SETUPLOG 2>&1 if [ -d $TMP/salt ] ; then - cp -Rv $TMP/salt/ /opt/so/saltstack/salt/ >> $SETUPLOG 2>&1 + cp -Rv $TMP/salt/ /opt/so/saltstack/ >> $SETUPLOG 2>&1 fi else echo "scp pillar and salt files in $TMP to master /opt/so/saltstack" @@ -545,7 +545,8 @@ got_root() { install_cleanup() { - echo "install_cleanup called" >> $SETUPLOG 2>&1 + echo "install_cleanup removing the following files:" + ls -lR $TMP # Clean up after ourselves rm -rf /root/installtmp @@ -556,6 +557,8 @@ install_prep() { # Create a tmp space that isn't in /tmp mkdir /root/installtmp + mkdir /root/installtmp/pillar + mkdir /root/installtmp/pillar/minions TMP=/root/installtmp } @@ -595,47 +598,50 @@ ls_heapsize() { master_pillar() { + PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls + # Create the master pillar - touch /opt/so/saltstack/pillar/masters/$MINION_ID.sls - echo "master:" > /opt/so/saltstack/pillar/masters/$MINION_ID.sls - echo " mainip: $MAINIP" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - echo " mainint: $MAININT" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - echo " esheap: $ES_HEAP_SIZE" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - echo " esclustername: {{ grains.host }}" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls + echo "master:" > $PILLARFILE + echo " mainip: $MAINIP" >> $PILLARFILE + echo " mainint: $MAININT" >> $PILLARFILE + echo " esheap: $ES_HEAP_SIZE" >> $PILLARFILE + echo " esclustername: {{ grains.host }}" >> $PILLARFILE if [ $INSTALLTYPE == 'EVALMODE' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ]; then - echo " freq: 0" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - echo " domainstats: 0" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - echo " ls_pipeline_batch_size: 125" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - echo " ls_input_threads: 1" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - echo " ls_batch_count: 125" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - echo " mtu: 1500" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls + echo " freq: 0" >> $PILLARFILE + echo " domainstats: 0" >> $PILLARFILE + echo " ls_pipeline_batch_size: 125" >> $PILLARFILE + echo " ls_input_threads: 1" >> $PILLARFILE + echo " ls_batch_count: 125" >> $PILLARFILE + echo " mtu: 1500" >> $PILLARFILE else - echo " freq: 0" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - echo " domainstats: 0" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls + echo " freq: 0" >> $PILLARFILE + echo " domainstats: 0" >> $PILLARFILE fi if [ $INSTALLTYPE == 'HELIXSENSOR' ]; then - echo " lsheap: 1000m" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls + echo " lsheap: 1000m" >> $PILLARFILE else - echo " lsheap: $LS_HEAP_SIZE" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls + echo " lsheap: $LS_HEAP_SIZE" >> $PILLARFILE fi - echo " lsaccessip: 127.0.0.1" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - echo " elastalert: 1" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - echo " ls_pipeline_workers: $CPUCORES" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - echo " nids_rules: $RULESETUP" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - echo " oinkcode: $OINKCODE" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - #echo " access_key: $ACCESS_KEY" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - #echo " access_secret: $ACCESS_SECRET" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - echo " es_port: $NODE_ES_PORT" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - echo " log_size_limit: $LOG_SIZE_LIMIT" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - echo " cur_close_days: $CURCLOSEDAYS" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - #echo " mysqlpass: $MYSQLPASS" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - #echo " fleetpass: $FLEETPASS" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - echo " grafana: $GRAFANA" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - echo " osquery: $OSQUERY" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - echo " wazuh: $WAZUH" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - echo " thehive: $THEHIVE" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls - echo " playbook: $PLAYBOOK" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls + echo " lsaccessip: 127.0.0.1" >> $PILLARFILE + echo " elastalert: 1" >> $PILLARFILE + echo " ls_pipeline_workers: $CPUCORES" >> $PILLARFILE + echo " nids_rules: $RULESETUP" >> $PILLARFILE + echo " oinkcode: $OINKCODE" >> $PILLARFILE + #echo " access_key: $ACCESS_KEY" >> $PILLARFILE + #echo " access_secret: $ACCESS_SECRET" >> $PILLARFILE + echo " es_port: $NODE_ES_PORT" >> $PILLARFILE + echo " log_size_limit: $LOG_SIZE_LIMIT" >> $PILLARFILE + echo " cur_close_days: $CURCLOSEDAYS" >> $PILLARFILE + #echo " mysqlpass: $MYSQLPASS" >> $PILLARFILE + #echo " fleetpass: $FLEETPASS" >> $PILLARFILE + echo " grafana: $GRAFANA" >> $PILLARFILE + echo " osquery: $OSQUERY" >> $PILLARFILE + echo " wazuh: $WAZUH" >> $PILLARFILE + echo " thehive: $THEHIVE" >> $PILLARFILE + echo " playbook: $PLAYBOOK" >> $PILLARFILE + echo "" >> $PILLARFILE + } master_static() { @@ -695,53 +701,39 @@ network_setup() { node_pillar() { - NODEPILLARPATH=$TMP/pillar/nodes - if [ ! -d $NODEPILLARPATH ]; then - mkdir -p $NODEPILLARPATH - fi + PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls # Create the node pillar - touch $NODEPILLARPATH/$MINION_ID.sls - echo "node:" > $NODEPILLARPATH/$MINION_ID.sls - echo " mainip: $MAINIP" >> $NODEPILLARPATH/$MINION_ID.sls - echo " mainint: $MAININT" >> $NODEPILLARPATH/$MINION_ID.sls - echo " esheap: $NODE_ES_HEAP_SIZE" >> $NODEPILLARPATH/$MINION_ID.sls - echo " esclustername: {{ grains.host }}" >> $NODEPILLARPATH/$MINION_ID.sls - echo " lsheap: $NODE_LS_HEAP_SIZE" >> $NODEPILLARPATH/$MINION_ID.sls - echo " ls_pipeline_workers: $LSPIPELINEWORKERS" >> $NODEPILLARPATH/$MINION_ID.sls - echo " ls_pipeline_batch_size: $LSPIPELINEBATCH" >> $NODEPILLARPATH/$MINION_ID.sls - echo " ls_input_threads: $LSINPUTTHREADS" >> $NODEPILLARPATH/$MINION_ID.sls - echo " ls_batch_count: $LSINPUTBATCHCOUNT" >> $NODEPILLARPATH/$MINION_ID.sls - echo " es_shard_count: $SHARDCOUNT" >> $NODEPILLARPATH/$MINION_ID.sls - echo " node_type: $NODETYPE" >> $NODEPILLARPATH/$MINION_ID.sls - echo " es_port: $NODE_ES_PORT" >> $NODEPILLARPATH/$MINION_ID.sls - echo " log_size_limit: $LOG_SIZE_LIMIT" >> $NODEPILLARPATH/$MINION_ID.sls - echo " cur_close_days: $CURCLOSEDAYS" >> $NODEPILLARPATH/$MINION_ID.sls + echo "node:" > $PILLARFILE + echo " mainip: $MAINIP" >> $PILLARFILE + echo " mainint: $MAININT" >> $PILLARFILE + echo " esheap: $NODE_ES_HEAP_SIZE" >> $PILLARFILE + echo " esclustername: {{ grains.host }}" >> $PILLARFILE + echo " lsheap: $NODE_LS_HEAP_SIZE" >> $PILLARFILE + echo " ls_pipeline_workers: $LSPIPELINEWORKERS" >> $PILLARFILE + echo " ls_pipeline_batch_size: $LSPIPELINEBATCH" >> $PILLARFILE + echo " ls_input_threads: $LSINPUTTHREADS" >> $PILLARFILE + echo " ls_batch_count: $LSINPUTBATCHCOUNT" >> $PILLARFILE + echo " es_shard_count: $SHARDCOUNT" >> $PILLARFILE + echo " node_type: $NODETYPE" >> $PILLARFILE + echo " es_port: $NODE_ES_PORT" >> $PILLARFILE + echo " log_size_limit: $LOG_SIZE_LIMIT" >> $PILLARFILE + echo " cur_close_days: $CURCLOSEDAYS" >> $PILLARFILE + echo "" >> $PILLARFILE } patch_pillar() { - case $INSTALLTYPE in - MASTERONLY | EVALMODE | HELIXSENSOR) - PATCHPILLARPATH=/opt/so/saltstack/pillar/masters - ;; - SENSORONLY) - PATCHPILLARPATH=$SENSORPILLARPATH - ;; - SEARCHNODE | PARSINGNODE | HOTNODE | WARMNODE) - PATCHPILLARPATH=$NODEPILLARPATH - ;; - esac - - - echo "" >> $PATCHPILLARPATH/$MINION_ID.sls - echo "patch:" >> $PATCHPILLARPATH/$MINION_ID.sls - echo " os:" >> $PATCHPILLARPATH/$MINION_ID.sls - echo " schedule_name: $PATCHSCHEDULENAME" >> $PATCHPILLARPATH/$MINION_ID.sls - echo " enabled: True" >> $PATCHPILLARPATH/$MINION_ID.sls - echo " splay: 300" >> $PATCHPILLARPATH/$MINION_ID.sls + PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls + echo "" >> $PILLARFILE + echo "patch:" >> $PILLARFILE + echo " os:" >> $PILLARFILE + echo " schedule_name: $PATCHSCHEDULENAME" >> $PILLARFILE + echo " enabled: True" >> $PILLARFILE + echo " splay: 300" >> $PILLARFILE + echo "" >> $PILLARFILE } @@ -1105,51 +1097,44 @@ salt_install_mysql_deps() { } sensor_pillar() { - if [ $INSTALLTYPE == 'HELIXSENSOR' ]; then - SENSORPILLARPATH=/opt/so/saltstack/pillar/sensors - mkdir -p $TMP - mkdir -p $SENSORPILLARPATH - else - SENSORPILLARPATH=$TMP/pillar/sensors - fi - if [ ! -d $SENSORPILLARPATH ]; then - mkdir -p $SENSORPILLARPATH - fi + + PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls # Create the sensor pillar - touch $SENSORPILLARPATH/$MINION_ID.sls - echo "sensor:" > $SENSORPILLARPATH/$MINION_ID.sls - echo " interface: bond0" >> $SENSORPILLARPATH/$MINION_ID.sls - echo " mainip: $MAINIP" >> $SENSORPILLARPATH/$MINION_ID.sls - echo " mainint: $MAININT" >> $SENSORPILLARPATH/$MINION_ID.sls + touch $PILLARFILE + echo "sensor:" > $PILLARFILE + echo " interface: bond0" >> $PILLARFILE + echo " mainip: $MAINIP" >> $PILLARFILE + echo " mainint: $MAININT" >> $PILLARFILE if [ $NSMSETUP == 'ADVANCED' ]; then - echo " bro_pins:" >> $SENSORPILLARPATH/$MINION_ID.sls + echo " bro_pins:" >> $PILLARFILE for PIN in $BROPINS; do PIN=$(echo $PIN | cut -d\" -f2) - echo " - $PIN" >> $SENSORPILLARPATH/$MINION_ID.sls + echo " - $PIN" >> $PILLARFILE done - echo " suripins:" >> $SENSORPILLARPATH/$MINION_ID.sls + echo " suripins:" >> $PILLARFILE for SPIN in $SURIPINS; do SPIN=$(echo $SPIN | cut -d\" -f2) - echo " - $SPIN" >> $SENSORPILLARPATH/$MINION_ID.sls + echo " - $SPIN" >> $PILLARFILE done elif [ $INSTALLTYPE == 'HELIXSENSOR' ]; then - echo " bro_lbprocs: $LBPROCS" >> $SENSORPILLARPATH/$MINION_ID.sls - echo " suriprocs: $LBPROCS" >> $SENSORPILLARPATH/$MINION_ID.sls + echo " bro_lbprocs: $LBPROCS" >> $PILLARFILE + echo " suriprocs: $LBPROCS" >> $PILLARFILE else - echo " bro_lbprocs: $BASICBRO" >> $SENSORPILLARPATH/$MINION_ID.sls - echo " suriprocs: $BASICSURI" >> $SENSORPILLARPATH/$MINION_ID.sls + echo " bro_lbprocs: $BASICBRO" >> $PILLARFILE + echo " suriprocs: $BASICSURI" >> $PILLARFILE fi - echo " brobpf:" >> $SENSORPILLARPATH/$MINION_ID.sls - echo " pcapbpf:" >> $SENSORPILLARPATH/$MINION_ID.sls - echo " nidsbpf:" >> $SENSORPILLARPATH/$MINION_ID.sls - echo " master: $MSRV" >> $SENSORPILLARPATH/$MINION_ID.sls - echo " mtu: $MTU" >> $SENSORPILLARPATH/$MINION_ID.sls + echo " brobpf:" >> $PILLARFILE + echo " pcapbpf:" >> $PILLARFILE + echo " nidsbpf:" >> $PILLARFILE + echo " master: $MSRV" >> $PILLARFILE + echo " mtu: $MTU" >> $PILLARFILE if [ $HNSENSOR != 'inherit' ]; then - echo " hnsensor: $HNSENSOR" >> $SENSORPILLARPATH/$MINION_ID.sls + echo " hnsensor: $HNSENSOR" >> $PILLARFILE fi - echo " access_key: $ACCESS_KEY" >> $SENSORPILLARPATH/$MINION_ID.sls - echo " access_secret: $ACCESS_SECRET" >> $SENSORPILLARPATH/$MINION_ID.sls + echo " access_key: $ACCESS_KEY" >> $PILLARFILE + echo " access_secret: $ACCESS_SECRET" >> $PILLARFILE + echo "" >> $PILLARFILE } diff --git a/setup/whiptail.sh b/setup/whiptail.sh index 2d48e890c..a3bee17ea 100644 --- a/setup/whiptail.sh +++ b/setup/whiptail.sh @@ -90,7 +90,7 @@ whiptail_cancel() { whiptail --title "Security Onion Setup" --msgbox "Cancelling Setup. No changes have been made." 8 75 if [ -d "/root/installtmp" ]; then echo "/root/installtmp exists" >> $SETUPLOG 2>&1 - install_cleanup + install_cleanup >> $SETUPLOG 2>&1 echo "/root/installtmp removed" >> $SETUPLOG 2>&1 fi exit @@ -685,14 +685,14 @@ whiptail_set_hostname() { whiptail_setup_complete() { whiptail --title "Security Onion Setup" --msgbox "Finished installing this as an $INSTALLTYPE. Press Enter to reboot." 8 75 - install_cleanup + install_cleanup >> $SETUPLOG 2>&1 } whiptail_setup_failed() { whiptail --title "Security Onion Setup" --msgbox "Install had a problem. Please see $SETUPLOG for details. Press Enter to reboot." 8 75 - install_cleanup + install_cleanup >> $SETUPLOG 2>&1 } From ac800782f7d79f97763d7daf69d47089b509e2bd Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 20 Dec 2019 15:34:23 -0500 Subject: [PATCH 14/44] [BUG] Remove unneeded dir from auth salt file Auth no longer needs a volume mount, so remove its directory --- salt/auth/init.sls | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/salt/auth/init.sls b/salt/auth/init.sls index 45254e177..ce9eda44f 100644 --- a/salt/auth/init.sls +++ b/salt/auth/init.sls @@ -1,18 +1,3 @@ -authdir: - file.directory: - - name: /opt/so/conf/auth - - user: 939 - - group: 939 - - makedirs: True - -authfilesync: - file.recurse: - - name: /opt/so/conf/auth - - source: salt://auth/files - - user: 939 - - group: 939 - - template: jinja - so-auth-api-image: cmd.run: - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-auth-api:HH1.1.3 From 1b8bb8e761668ce0a026f6902b84bd31c467be1c Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 20 Dec 2019 16:02:20 -0500 Subject: [PATCH 15/44] fix writing to PILLARFILE --- setup/functions.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup/functions.sh b/setup/functions.sh index 474f26863..b102b531d 100644 --- a/setup/functions.sh +++ b/setup/functions.sh @@ -601,7 +601,7 @@ master_pillar() { PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls # Create the master pillar - echo "master:" > $PILLARFILE + echo "master:" >> $PILLARFILE echo " mainip: $MAINIP" >> $PILLARFILE echo " mainint: $MAININT" >> $PILLARFILE echo " esheap: $ES_HEAP_SIZE" >> $PILLARFILE @@ -704,7 +704,7 @@ node_pillar() { PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls # Create the node pillar - echo "node:" > $PILLARFILE + echo "node:" >> $PILLARFILE echo " mainip: $MAINIP" >> $PILLARFILE echo " mainint: $MAININT" >> $PILLARFILE echo " esheap: $NODE_ES_HEAP_SIZE" >> $PILLARFILE @@ -1102,7 +1102,7 @@ sensor_pillar() { # Create the sensor pillar touch $PILLARFILE - echo "sensor:" > $PILLARFILE + echo "sensor:" >> $PILLARFILE echo " interface: bond0" >> $PILLARFILE echo " mainip: $MAINIP" >> $PILLARFILE echo " mainint: $MAININT" >> $PILLARFILE From ffc116085e343e2da9bbd47b480db1b527d62baf Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Mon, 30 Dec 2019 17:32:54 +0000 Subject: [PATCH 16/44] add auth log path for Centos --- salt/wazuh/files/agent/ossec.conf | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/salt/wazuh/files/agent/ossec.conf b/salt/wazuh/files/agent/ossec.conf index 5b02910f9..192e21abc 100644 --- a/salt/wazuh/files/agent/ossec.conf +++ b/salt/wazuh/files/agent/ossec.conf @@ -179,12 +179,17 @@ syslog /var/ossec/logs/active-responses.log - +%- if grains['os'] == 'Ubuntu' %} syslog /var/log/auth.log - +{%- else %} + + syslog + /var/log/secure + +{%- endif %} syslog /var/log/syslog From df722c173f940ffb1a780002e0a449d61508eca1 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Mon, 30 Dec 2019 17:47:00 +0000 Subject: [PATCH 17/44] fix typo and prevent agent from getting re-added --- salt/wazuh/files/agent/ossec.conf | 2 +- salt/wazuh/files/agent/wazuh-register-agent | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/salt/wazuh/files/agent/ossec.conf b/salt/wazuh/files/agent/ossec.conf index 192e21abc..2a7fe6d6b 100644 --- a/salt/wazuh/files/agent/ossec.conf +++ b/salt/wazuh/files/agent/ossec.conf @@ -179,7 +179,7 @@ syslog /var/ossec/logs/active-responses.log -%- if grains['os'] == 'Ubuntu' %} +{%- if grains['os'] == 'Ubuntu' %} syslog /var/log/auth.log diff --git a/salt/wazuh/files/agent/wazuh-register-agent b/salt/wazuh/files/agent/wazuh-register-agent index 4197a5334..12ab7dc8a 100755 --- a/salt/wazuh/files/agent/wazuh-register-agent +++ b/salt/wazuh/files/agent/wazuh-register-agent @@ -31,6 +31,7 @@ USER="foo" PASSWORD="bar" AGENT_NAME=$(hostname) AGENT_IP="{{ip}}" +AGENT_ID=001 display_help() { cat < try to register the agent sleep 10s -register_agent +STATUS=$(curl -s -k -u $USER:$PASSWORD $PROTOCOL://$API_IP:$API_PORT/agents/$AGENT_ID | jq .data.status | sed s'/"//g') +if [[ $STATUS == "Active" ]]; then + echo "Agent $AGENT_ID already registered!" +else + register_agent +fi #remove_agent From f597b9f4e5b8c4482d0b4f2be0d7804d6040a992 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Mon, 30 Dec 2019 19:04:54 +0000 Subject: [PATCH 18/44] add AR whitelist for Wazuh --- salt/common/tools/sbin/so-allow | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/salt/common/tools/sbin/so-allow b/salt/common/tools/sbin/so-allow index 1685e386a..5802427fe 100644 --- a/salt/common/tools/sbin/so-allow +++ b/salt/common/tools/sbin/so-allow @@ -40,3 +40,21 @@ fi echo "Adding $IP to the $FULLROLE role. This can take a few seconds" /opt/so/saltstack/pillar/firewall/addfirewall.sh $FULLROLE $IP + +# Check if Wazuh enabled +if grep -q -R "wazuh: 1" /opt/so/saltstack/pillar/*; then + # If analyst, add to Wazuh AR whitelist + if [ "$FULLROLE" == "analyst" ]; then + WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf" + if ! grep -q "$IP" $WAZUH_MGR_CFG ; then + DATE=`date` + sed -i 's/<\/ossec_config>//' $WAZUH_MGR_CFG + sed -i '/^$/N;/^\n$/D' $WAZUH_MGR_CFG + echo -e "\n \n $IP\n \n" >> $WAZUH_MGR_CFG + echo "Added whitelist entry for $IP in $WAZUH_MGR_CFG." + echo + echo "Restarting OSSEC Server..." + /usr/sbin/so-wazuh-restart + fi + fi +fi From bc533bef249b190a75efa70947cea2ad57fa8211 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Mon, 30 Dec 2019 21:10:56 +0000 Subject: [PATCH 19/44] update TheHiveAlerter module --- salt/elastalert/files/modules/so/thehive.py | 131 ++++++++++++-------- 1 file changed, 77 insertions(+), 54 deletions(-) diff --git a/salt/elastalert/files/modules/so/thehive.py b/salt/elastalert/files/modules/so/thehive.py index 42b6f9e1d..af18b412e 100644 --- a/salt/elastalert/files/modules/so/thehive.py +++ b/salt/elastalert/files/modules/so/thehive.py @@ -1,84 +1,107 @@ # -*- coding: utf-8 -*- -from __future__ import unicode_literals +# HiveAlerter modified from original at: https://raw.githubusercontent.com/Nclose-ZA/elastalert_hive_alerter/master/elastalert_hive_alerter/hive_alerter.py + import uuid -import re from elastalert.alerts import Alerter from thehive4py.api import TheHiveApi from thehive4py.models import Alert, AlertArtifact, CustomFieldHelper + class TheHiveAlerter(Alerter): """ Use matched data to create alerts containing observables in an instance of TheHive - This is a modified version for use with Security Onion """ required_options = set(['hive_connection', 'hive_alert_config']) - def alert(self, matches): + def get_aggregation_summary_text(self, matches): + text = super(TheHiveAlerter, self).get_aggregation_summary_text(matches) + if text: + text = '```\n{0}```\n'.format(text) + return text + def create_artifacts(self, match): + artifacts = [] + context = {'rule': self.rule, 'match': match} + for mapping in self.rule.get('hive_observable_data_mapping', []): + for observable_type, match_data_key in mapping.items(): + try: + artifacts.append(AlertArtifact(dataType=observable_type, data=match_data_key.format(**context))) + except KeyError as e: + print(('format string {} fail cause no key {} in {}'.format(e, match_data_key, context))) + return artifacts + + def create_alert_config(self, match): + context = {'rule': self.rule, 'match': match} + alert_config = { + 'artifacts': self.create_artifacts(match), + 'sourceRef': str(uuid.uuid4())[0:6], + 'title': '{rule[name]}'.format(**context) + } + + alert_config.update(self.rule.get('hive_alert_config', {})) + + for alert_config_field, alert_config_value in alert_config.items(): + if alert_config_field == 'customFields': + custom_fields = CustomFieldHelper() + for cf_key, cf_value in alert_config_value.items(): + try: + func = getattr(custom_fields, 'add_{}'.format(cf_value['type'])) + except AttributeError: + raise Exception('unsupported custom field type {}'.format(cf_value['type'])) + value = cf_value['value'].format(**context) + func(cf_key, value) + alert_config[alert_config_field] = custom_fields.build() + elif isinstance(alert_config_value, str): + alert_config[alert_config_field] = alert_config_value.format(**context) + elif isinstance(alert_config_value, (list, tuple)): + formatted_list = [] + for element in alert_config_value: + try: + formatted_list.append(element.format(**context)) + except (AttributeError, KeyError, IndexError): + formatted_list.append(element) + alert_config[alert_config_field] = formatted_list + + return alert_config + + def send_to_thehive(self, alert_config): connection_details = self.rule['hive_connection'] - api = TheHiveApi( - connection_details.get('hive_host'), + connection_details.get('hive_host', ''), connection_details.get('hive_apikey', ''), proxies=connection_details.get('hive_proxies', {'http': '', 'https': ''}), cert=connection_details.get('hive_verify', False)) - for match in matches: - context = {'rule': self.rule, 'match': match} + alert = Alert(**alert_config) + response = api.create_alert(alert) + if response.status_code != 201: + raise Exception('alert not successfully created in TheHive\n{}'.format(response.text)) + + def alert(self, matches): + if self.rule.get('hive_alert_config_type', 'custom') != 'classic': + for match in matches: + alert_config = self.create_alert_config(match) + self.send_to_thehive(alert_config) + else: + alert_config = self.create_alert_config(matches[0]) artifacts = [] - for mapping in self.rule.get('hive_observable_data_mapping', []): - for observable_type, match_data_key in mapping.items(): - try: - match_data_keys = re.findall(r'\{match\[([^\]]*)\]', match_data_key) - rule_data_keys = re.findall(r'\{rule\[([^\]]*)\]', match_data_key) - data_keys = match_data_keys + rule_data_keys - context_keys = list(context['match'].keys()) + list(context['rule'].keys()) - if all([True if k in context_keys else False for k in data_keys]): - artifacts.append(AlertArtifact(dataType=observable_type, data=match_data_key.format(**context))) - except KeyError: - raise KeyError('\nformat string\n{}\nmatch data\n{}'.format(match_data_key, context)) + for match in matches: + artifacts += self.create_artifacts(match) + if 'related_events' in match: + for related_event in match['related_events']: + artifacts += self.create_artifacts(related_event) - alert_config = { - 'artifacts': artifacts, - 'sourceRef': str(uuid.uuid4())[0:6], - 'title': '{rule[index]}_{rule[name]}'.format(**context) - } - alert_config.update(self.rule.get('hive_alert_config', {})) - - for alert_config_field, alert_config_value in alert_config.items(): - if alert_config_field == 'customFields': - custom_fields = CustomFieldHelper() - for cf_key, cf_value in alert_config_value.items(): - try: - func = getattr(custom_fields, 'add_{}'.format(cf_value['type'])) - except AttributeError: - raise Exception('unsupported custom field type {}'.format(cf_value['type'])) - value = cf_value['value'].format(**context) - func(cf_key, value) - alert_config[alert_config_field] = custom_fields.build() - elif isinstance(alert_config_value, str): - alert_config[alert_config_field] = alert_config_value.format(**context) - elif isinstance(alert_config_value, (list, tuple)): - formatted_list = [] - for element in alert_config_value: - try: - formatted_list.append(element.format(**context)) - except (AttributeError, KeyError, IndexError): - formatted_list.append(element) - alert_config[alert_config_field] = formatted_list - - alert = Alert(**alert_config) - response = api.create_alert(alert) - - if response.status_code != 201: - raise Exception('alert not successfully created in TheHive\n{}'.format(response.text)) + alert_config['artifacts'] = artifacts + alert_config['title'] = self.create_title(matches) + alert_config['description'] = self.create_alert_body(matches) + self.send_to_thehive(alert_config) def get_info(self): return { 'type': 'hivealerter', 'hive_host': self.rule.get('hive_connection', {}).get('hive_host', '') - } + } From c7e98f17e14c3656e451fe94a0d16720dd7e9d37 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 31 Dec 2019 17:19:57 -0500 Subject: [PATCH 20/44] Add volume binding to so-auth-api --- salt/auth/init.sls | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/salt/auth/init.sls b/salt/auth/init.sls index ce9eda44f..0d82f6cb9 100644 --- a/salt/auth/init.sls +++ b/salt/auth/init.sls @@ -1,3 +1,10 @@ +so-auth-api-dir: + file.directory: + - name: /opt/so/conf/auth/api + - user: 939 + - group: 939 + - makedirs: True + so-auth-api-image: cmd.run: - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-auth-api:HH1.1.3 @@ -15,6 +22,8 @@ so-auth-api: - name: so-auth-api - environment: - BASE_PATH: "/so-auth/api" + - binds: + - /opt/so/conf/auth/api:/data - port_bindings: - 0.0.0.0:5656:5656 From c4f57f09eefe47a8c859ef5894d170ef2f3fb5a0 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Thu, 2 Jan 2020 15:13:46 +0000 Subject: [PATCH 21/44] add Zeek clean script --- salt/bro/cron/zeek_clean | 34 ++++++++++++++++++++++++++++++++++ salt/bro/init.sls | 15 +++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 salt/bro/cron/zeek_clean diff --git a/salt/bro/cron/zeek_clean b/salt/bro/cron/zeek_clean new file mode 100644 index 000000000..9e3bc86dd --- /dev/null +++ b/salt/bro/cron/zeek_clean @@ -0,0 +1,34 @@ +#!/bin/bash +# Delete Zeek Logs based on defined CRIT_DISK_USAGE value + +clean () { + +SENSOR_DIR='/nsm' +CRIT_DISK_USAGE=90 +CUR_USAGE=$(df -P $SENSOR_DIR | tail -1 | awk '{print $5}' | tr -d %) +LOG="/nsm/bro/logs/zeek_clean.log" + +if [ "$CUR_USAGE" -gt "$CRIT_DISK_USAGE" ]; then + while [ "$CUR_USAGE" -gt "$CRIT_DISK_USAGE" ]; + do + TODAY=$(date -u "+%Y-%m-%d") + + # find the oldest Zeek logs directory and exclude today + OLDEST_DIR=$(ls /nsm/bro/logs/ | grep -v "current" | grep -v "stats" | grep -v "packetloss" | sort | grep -v $TODAY | head -n 1) + if [ -z "$OLDEST_DIR" -o "$OLDEST_DIR" == ".." -o "$OLDEST_DIR" == "." ] + then + echo "$(date) - No old Zeek logs available to clean up in /nsm/bro/logs/" >> $LOG + exit 0 + else + echo "$(date) - Removing directory: /nsm/bro/logs/$OLDEST_DIR" >> $LOG + rm -rf /nsm/bro/logs/"$OLDEST_DIR" + fi + + + done +else + echo "$(date) - CRIT_DISK_USAGE value of $CRIT_DISK_USAGE not greater than current usage of $CUR_USAGE..." >> $LOG +fi +} + +clean diff --git a/salt/bro/init.sls b/salt/bro/init.sls index 422e7fbf9..6a972cbe7 100644 --- a/salt/bro/init.sls +++ b/salt/bro/init.sls @@ -79,6 +79,21 @@ plcronscript: - source: salt://bro/cron/packetloss.sh - mode: 755 +zeekcleanscript: + file.managed: + - name: /usr/local/bin/zeek_clean + - source: salt://bro/cron/zeek_clean + - mode: 755 + +/usr/local/bin/zeek_clean: + cron.present: + - user: root + - minute: '*' + - hour: '*' + - daymonth: '*' + - month: '*' + - dayweek: '*' + /usr/local/bin/packetloss.sh: cron.present: - user: root From 566d3ed2805d726e95eac8406754e61b471a6248 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Thu, 2 Jan 2020 15:20:34 +0000 Subject: [PATCH 22/44] revise message text --- salt/bro/cron/zeek_clean | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/bro/cron/zeek_clean b/salt/bro/cron/zeek_clean index 9e3bc86dd..1594b7752 100644 --- a/salt/bro/cron/zeek_clean +++ b/salt/bro/cron/zeek_clean @@ -27,7 +27,7 @@ if [ "$CUR_USAGE" -gt "$CRIT_DISK_USAGE" ]; then done else - echo "$(date) - CRIT_DISK_USAGE value of $CRIT_DISK_USAGE not greater than current usage of $CUR_USAGE..." >> $LOG + echo "$(date) - Current usage of $CUR_USAGE% not greater than the CRIT_DISK_VALUE of $CRIT_DISK_USAGE%..." >> $LOG fi } From 82f1d5718a674b82eddb828d57a0b999867ebcf7 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Thu, 2 Jan 2020 15:39:38 +0000 Subject: [PATCH 23/44] add exclusion for Zeek clean log and extracted file mgmt --- salt/bro/cron/zeek_clean | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/salt/bro/cron/zeek_clean b/salt/bro/cron/zeek_clean index 1594b7752..918d68a66 100644 --- a/salt/bro/cron/zeek_clean +++ b/salt/bro/cron/zeek_clean @@ -14,7 +14,7 @@ if [ "$CUR_USAGE" -gt "$CRIT_DISK_USAGE" ]; then TODAY=$(date -u "+%Y-%m-%d") # find the oldest Zeek logs directory and exclude today - OLDEST_DIR=$(ls /nsm/bro/logs/ | grep -v "current" | grep -v "stats" | grep -v "packetloss" | sort | grep -v $TODAY | head -n 1) + OLDEST_DIR=$(ls /nsm/bro/logs/ | grep -v "current" | grep -v "stats" | grep -v "packetloss" | grep -v "zeek_clean" | sort | grep -v $TODAY | head -n 1) if [ -z "$OLDEST_DIR" -o "$OLDEST_DIR" == ".." -o "$OLDEST_DIR" == "." ] then echo "$(date) - No old Zeek logs available to clean up in /nsm/bro/logs/" >> $LOG @@ -24,10 +24,24 @@ if [ "$CUR_USAGE" -gt "$CRIT_DISK_USAGE" ]; then rm -rf /nsm/bro/logs/"$OLDEST_DIR" fi - + # find oldest files in extracted directory and exclude today + OLDEST_EXTRACT=$(find /nsm/bro/extracted -type f -printf '%T+ %p\n' 2>/dev/null | sort | grep -v $TODAY | head -n 1) + if [ -z "$OLDEST_EXTRACT" -o "$OLDEST_EXTRACT" == ".." -o "$OLDEST_EXTRACT" == "." ] + then + echo "$(date) - No old extracted files available to clean up in /nsm/bro/extracted/" >> $LOG + else + OLDEST_EXTRACT_DATE=`echo $OLDEST_EXTRACT | awk '{print $1}' | cut -d+ -f1` + OLDEST_EXTRACT_FILE=`echo $OLDEST_EXTRACT | awk '{print $2}'` + echo "$(date) - Removing extracted files for $OLDEST_EXTRACT_DATE" >> $LOG + find /nsm/bro/extracted -type f -printf '%T+ %p\n' | grep $OLDEST_EXTRACT_DATE | awk '{print $2}' |while read FILE + do + echo "$(date) - Removing extracted file: $FILE" >> $LOG + rm -f "$FILE" + done + fi done else - echo "$(date) - Current usage of $CUR_USAGE% not greater than the CRIT_DISK_VALUE of $CRIT_DISK_USAGE%..." >> $LOG + echo "$(date) - CRIT_DISK_USAGE value of $CRIT_DISK_USAGE not greater than current usage of $CUR_USAGE..." >> $LOG fi } From 82abdedb029eb8af5ef6649a8ec5d882f73370e5 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Thu, 2 Jan 2020 15:55:52 +0000 Subject: [PATCH 24/44] add license --- salt/bro/cron/zeek_clean | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/salt/bro/cron/zeek_clean b/salt/bro/cron/zeek_clean index 918d68a66..af47611bc 100644 --- a/salt/bro/cron/zeek_clean +++ b/salt/bro/cron/zeek_clean @@ -1,6 +1,21 @@ #!/bin/bash # Delete Zeek Logs based on defined CRIT_DISK_USAGE value +# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + clean () { SENSOR_DIR='/nsm' From 5a772e4f1ca0be3585bdc02a8782bbdeffb75a3f Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Thu, 2 Jan 2020 11:43:28 -0500 Subject: [PATCH 25/44] Break out FS & DS into their own states --- salt/domainstats/init.sls | 51 ++++++++++++++++++++ salt/elasticsearch/init.sls | 92 +------------------------------------ salt/freqserver/init.sls | 52 +++++++++++++++++++++ salt/top.sls | 17 ++++++- 4 files changed, 119 insertions(+), 93 deletions(-) create mode 100644 salt/domainstats/init.sls create mode 100644 salt/freqserver/init.sls diff --git a/salt/domainstats/init.sls b/salt/domainstats/init.sls new file mode 100644 index 000000000..01e673764 --- /dev/null +++ b/salt/domainstats/init.sls @@ -0,0 +1,51 @@ +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Create the group +dstatsgroup: + group.present: + - name: domainstats + - gid: 936 + +# Add user +domainstats: + user.present: + - uid: 936 + - gid: 936 + - home: /opt/so/conf/domainstats + - createhome: False + +# Create the log directory +dstatslogdir: + file.directory: + - name: /opt/so/log/domainstats + - user: 936 + - group: 939 + - makedirs: True + +so-domainstatsimage: + cmd.run: + - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-domainstats:HH1.0.3 + +so-domainstats: + docker_container.running: + - require: + - so-domainstatsimage + - image: docker.io/soshybridhunter/so-domainstats:HH1.0.3 + - hostname: domainstats + - name: so-domainstats + - user: domainstats + - binds: + - /opt/so/log/domainstats:/var/log/domain_stats diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 6036d5da8..4c5d3e644 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -1,4 +1,4 @@ -# Copyright 2014,2015,2016,2017,2018 Security Onion Solutions, LLC +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -16,22 +16,16 @@ {% set esclustername = salt['pillar.get']('master:esclustername', '') %} {% set esheap = salt['pillar.get']('master:esheap', '') %} -{% set freq = salt['pillar.get']('master:freq', '0') %} -{% set dstats = salt['pillar.get']('master:dstats', '0') %} {% elif grains['role'] == 'so-eval' %} {% set esclustername = salt['pillar.get']('master:esclustername', '') %} {% set esheap = salt['pillar.get']('master:esheap', '') %} -{% set freq = salt['pillar.get']('master:freq', '0') %} -{% set dstats = salt['pillar.get']('master:dstats', '0') %} {% elif grains['role'] == 'so-node' %} {% set esclustername = salt['pillar.get']('node:esclustername', '') %} {% set esheap = salt['pillar.get']('node:esheap', '') %} -{% set freq = salt['pillar.get']('node:freq', '0') %} -{% set dstats = salt['pillar.get']('node:dstats', '0') %} {% endif %} @@ -150,87 +144,3 @@ so-elasticsearch-pipelines: # Tell the main cluster I am here #curl -XPUT http://\$ELASTICSEARCH_HOST:\$ELASTICSEARCH_PORT/_cluster/settings -H'Content-Type: application/json' -d '{"persistent": {"search": {"remote": {"$HOSTNAME": {"skip_unavailable": "true", "seeds": ["$DOCKER_INTERFACE:$REVERSE_PORT"]}}}}}' -# See if Freqserver is enabled -{% if freq == 1 %} - -# Create the user -fservergroup: - group.present: - - name: freqserver - - gid: 935 - -# Add ES user -freqserver: - user.present: - - uid: 935 - - gid: 935 - - home: /opt/so/conf/freqserver - - createhome: False - -# Create the log directory -freqlogdir: - file.directory: - - name: /opt/so/log/freq_server - - user: 935 - - group: 935 - - makedirs: True - -so-freqimage: - cmd.run: - - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-freqserver:HH1.0.3 - -so-freq: - docker_container.running: - - require: - - so-freqimage - - image: docker.io/soshybridhunter/so-freqserver:HH1.0.3 - - hostname: freqserver - - name: so-freqserver - - user: freqserver - - binds: - - /opt/so/log/freq_server:/var/log/freq_server:rw - - -{% endif %} - -{% if dstats == 1 %} - -# Create the group -dstatsgroup: - group.present: - - name: domainstats - - gid: 936 - -# Add user -domainstats: - user.present: - - uid: 936 - - gid: 936 - - home: /opt/so/conf/domainstats - - createhome: False - -# Create the log directory -dstatslogdir: - file.directory: - - name: /opt/so/log/domainstats - - user: 936 - - group: 939 - - makedirs: True - -so-domainstatsimage: - cmd.run: - - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-domainstats:HH1.0.3 - -so-domainstats: - docker_container.running: - - require: - - so-domainstatsimage - - image: docker.io/soshybridhunter/so-domainstats:HH1.0.3 - - hostname: domainstats - - name: so-domainstats - - user: domainstats - - binds: - - /opt/so/log/domainstats:/var/log/domain_stats - - -{% endif %} diff --git a/salt/freqserver/init.sls b/salt/freqserver/init.sls new file mode 100644 index 000000000..783d11b6a --- /dev/null +++ b/salt/freqserver/init.sls @@ -0,0 +1,52 @@ +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Create the user +fservergroup: + group.present: + - name: freqserver + - gid: 935 + +# Add ES user +freqserver: + user.present: + - uid: 935 + - gid: 935 + - home: /opt/so/conf/freqserver + - createhome: False + +# Create the log directory +freqlogdir: + file.directory: + - name: /opt/so/log/freq_server + - user: 935 + - group: 935 + - makedirs: True + +so-freqimage: + cmd.run: + - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-freqserver:HH1.0.3 + +so-freq: + docker_container.running: + - require: + - so-freqimage + - image: docker.io/soshybridhunter/so-freqserver:HH1.0.3 + - hostname: freqserver + - name: so-freqserver + - user: freqserver + - binds: + - /opt/so/log/freq_server:/var/log/freq_server:rw + diff --git a/salt/top.sls b/salt/top.sls index 8e8b286cf..b6bd14bd7 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -4,6 +4,9 @@ {%- set GRAFANA = salt['pillar.get']('master:grafana', '0') -%} {%- set THEHIVE = salt['pillar.get']('master:thehive', '0') -%} {%- set PLAYBOOK = salt['pillar.get']('master:playbook', '0') -%} +{%- set FREQSERVER = salt['pillar.get']('master:freq', '0') -%} +{%- set DOMAINSTATS = salt['pillar.get']('master:domainstats', '0') -%} + base: '*': - patch.os.schedule @@ -77,7 +80,12 @@ base: {%- if PLAYBOOK != 0 %} - playbook {%- endif %} - + {%- if FREQSERVER != 0 %} + - freqserver + {%- endif %} + {%- if DOMAINSTATS != 0 %} + - domainstats + {%- endif %} 'G@role:so-master': @@ -113,7 +121,12 @@ base: {%- if PLAYBOOK != 0 %} - playbook {%- endif %} - + {%- if FREQSERVER != 0 %} + - freqserver + {%- endif %} + {%- if DOMAINSTATS != 0 %} + - domainstats + {%- endif %} # Search node logic From 4b23d333ef6e89d15a6ec333da4f8a737e14c73f Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Thu, 2 Jan 2020 12:29:56 -0500 Subject: [PATCH 26/44] so-stop scripts - initial commit --- salt/common/tools/sbin/so-cortex-stop | 20 +++++++++++++ salt/common/tools/sbin/so-curator-stop | 20 +++++++++++++ salt/common/tools/sbin/so-elastalert-stop | 20 +++++++++++++ salt/common/tools/sbin/so-elasticsearch-stop | 20 +++++++++++++ salt/common/tools/sbin/so-filebeat-stop | 31 +++++++++++--------- salt/common/tools/sbin/so-fleet-stop | 20 +++++++++++++ salt/common/tools/sbin/so-grafana-stop | 20 +++++++++++++ salt/common/tools/sbin/so-kibana-stop | 20 +++++++++++++ salt/common/tools/sbin/so-logstash-stop | 20 +++++++++++++ salt/common/tools/sbin/so-mysql-stop | 20 +++++++++++++ salt/common/tools/sbin/so-playbook-stop | 20 +++++++++++++ salt/common/tools/sbin/so-redis-stop | 20 +++++++++++++ salt/common/tools/sbin/so-soctopus-stop | 20 +++++++++++++ salt/common/tools/sbin/so-stop | 27 +++++++++++++++++ salt/common/tools/sbin/so-thehive-stop | 20 +++++++++++++ salt/common/tools/sbin/so-zeek-stop | 20 +++++++++++++ 16 files changed, 324 insertions(+), 14 deletions(-) create mode 100644 salt/common/tools/sbin/so-cortex-stop create mode 100644 salt/common/tools/sbin/so-curator-stop create mode 100644 salt/common/tools/sbin/so-elastalert-stop create mode 100644 salt/common/tools/sbin/so-elasticsearch-stop create mode 100644 salt/common/tools/sbin/so-fleet-stop create mode 100644 salt/common/tools/sbin/so-grafana-stop create mode 100644 salt/common/tools/sbin/so-kibana-stop create mode 100644 salt/common/tools/sbin/so-logstash-stop create mode 100644 salt/common/tools/sbin/so-mysql-stop create mode 100644 salt/common/tools/sbin/so-playbook-stop create mode 100644 salt/common/tools/sbin/so-redis-stop create mode 100644 salt/common/tools/sbin/so-soctopus-stop create mode 100644 salt/common/tools/sbin/so-stop create mode 100644 salt/common/tools/sbin/so-thehive-stop create mode 100644 salt/common/tools/sbin/so-zeek-stop diff --git a/salt/common/tools/sbin/so-cortex-stop b/salt/common/tools/sbin/so-cortex-stop new file mode 100644 index 000000000..727b2c7fa --- /dev/null +++ b/salt/common/tools/sbin/so-cortex-stop @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-stop cortex $1 diff --git a/salt/common/tools/sbin/so-curator-stop b/salt/common/tools/sbin/so-curator-stop new file mode 100644 index 000000000..9aab50c8c --- /dev/null +++ b/salt/common/tools/sbin/so-curator-stop @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-stop curator $1 diff --git a/salt/common/tools/sbin/so-elastalert-stop b/salt/common/tools/sbin/so-elastalert-stop new file mode 100644 index 000000000..731312e8c --- /dev/null +++ b/salt/common/tools/sbin/so-elastalert-stop @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-stop elastalert $1 diff --git a/salt/common/tools/sbin/so-elasticsearch-stop b/salt/common/tools/sbin/so-elasticsearch-stop new file mode 100644 index 000000000..9d03a64ae --- /dev/null +++ b/salt/common/tools/sbin/so-elasticsearch-stop @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-stop elasticsearch $1 diff --git a/salt/common/tools/sbin/so-filebeat-stop b/salt/common/tools/sbin/so-filebeat-stop index 3b7419db7..7a5e2f28e 100644 --- a/salt/common/tools/sbin/so-filebeat-stop +++ b/salt/common/tools/sbin/so-filebeat-stop @@ -1,17 +1,20 @@ #!/bin/bash - -# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC - -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -docker stop so-filebeat +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-stop filebeat $1 diff --git a/salt/common/tools/sbin/so-fleet-stop b/salt/common/tools/sbin/so-fleet-stop new file mode 100644 index 000000000..d22df4704 --- /dev/null +++ b/salt/common/tools/sbin/so-fleet-stop @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-stop fleet $1 diff --git a/salt/common/tools/sbin/so-grafana-stop b/salt/common/tools/sbin/so-grafana-stop new file mode 100644 index 000000000..bb0a19545 --- /dev/null +++ b/salt/common/tools/sbin/so-grafana-stop @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-stop grafana $1 diff --git a/salt/common/tools/sbin/so-kibana-stop b/salt/common/tools/sbin/so-kibana-stop new file mode 100644 index 000000000..007ee54d4 --- /dev/null +++ b/salt/common/tools/sbin/so-kibana-stop @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-stop kibana $1 diff --git a/salt/common/tools/sbin/so-logstash-stop b/salt/common/tools/sbin/so-logstash-stop new file mode 100644 index 000000000..528216ca3 --- /dev/null +++ b/salt/common/tools/sbin/so-logstash-stop @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-stop logstash $1 diff --git a/salt/common/tools/sbin/so-mysql-stop b/salt/common/tools/sbin/so-mysql-stop new file mode 100644 index 000000000..998a48ac0 --- /dev/null +++ b/salt/common/tools/sbin/so-mysql-stop @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-stop mysql $1 diff --git a/salt/common/tools/sbin/so-playbook-stop b/salt/common/tools/sbin/so-playbook-stop new file mode 100644 index 000000000..a1ebd7503 --- /dev/null +++ b/salt/common/tools/sbin/so-playbook-stop @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-stop playbook $1 diff --git a/salt/common/tools/sbin/so-redis-stop b/salt/common/tools/sbin/so-redis-stop new file mode 100644 index 000000000..34577814c --- /dev/null +++ b/salt/common/tools/sbin/so-redis-stop @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-stop redis $1 diff --git a/salt/common/tools/sbin/so-soctopus-stop b/salt/common/tools/sbin/so-soctopus-stop new file mode 100644 index 000000000..f38eecc08 --- /dev/null +++ b/salt/common/tools/sbin/so-soctopus-stop @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-stop soctopus $1 diff --git a/salt/common/tools/sbin/so-stop b/salt/common/tools/sbin/so-stop new file mode 100644 index 000000000..6fb369826 --- /dev/null +++ b/salt/common/tools/sbin/so-stop @@ -0,0 +1,27 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Usage: so-stop filebeat | kibana | playbook | thehive + +. /usr/sbin/so-common + +echo $banner +printf "Stopping $1\n" +echo $banner + +docker stop so-$1 + diff --git a/salt/common/tools/sbin/so-thehive-stop b/salt/common/tools/sbin/so-thehive-stop new file mode 100644 index 000000000..6c56e0473 --- /dev/null +++ b/salt/common/tools/sbin/so-thehive-stop @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-stop thehive $1 diff --git a/salt/common/tools/sbin/so-zeek-stop b/salt/common/tools/sbin/so-zeek-stop new file mode 100644 index 000000000..1e39a2c49 --- /dev/null +++ b/salt/common/tools/sbin/so-zeek-stop @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-stop bro $1 From 3d436037e273a64a6c92883e133fb3762c5d4b8d Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Thu, 2 Jan 2020 15:58:15 -0500 Subject: [PATCH 27/44] SO Scripts - start|stop|restart --- salt/common/tools/sbin/so-cortex-start | 20 ++++++++++ salt/common/tools/sbin/so-curator-start | 20 ++++++++++ salt/common/tools/sbin/so-elastalert-start | 20 ++++++++++ salt/common/tools/sbin/so-elasticsearch-start | 20 ++++++++++ salt/common/tools/sbin/so-filebeat-start | 31 +++++++++------- salt/common/tools/sbin/so-fleet-start | 20 ++++++++++ salt/common/tools/sbin/so-grafana-start | 20 ++++++++++ salt/common/tools/sbin/so-kibana-start | 20 ++++++++++ salt/common/tools/sbin/so-logstash-start | 20 ++++++++++ salt/common/tools/sbin/so-mysql-start | 20 ++++++++++ salt/common/tools/sbin/so-playbook-start | 20 ++++++++++ salt/common/tools/sbin/so-redis-start | 20 ++++++++++ salt/common/tools/sbin/so-restart | 4 +- salt/common/tools/sbin/so-soctopus-start | 20 ++++++++++ salt/common/tools/sbin/so-start | 37 ++++++++++++++++++- salt/common/tools/sbin/so-stop | 4 +- salt/common/tools/sbin/so-thehive-start | 20 ++++++++++ salt/common/tools/sbin/so-wazuh-start | 2 +- salt/common/tools/sbin/so-zeek-start | 20 ++++++++++ 19 files changed, 338 insertions(+), 20 deletions(-) create mode 100644 salt/common/tools/sbin/so-cortex-start create mode 100644 salt/common/tools/sbin/so-curator-start create mode 100644 salt/common/tools/sbin/so-elastalert-start create mode 100644 salt/common/tools/sbin/so-elasticsearch-start create mode 100644 salt/common/tools/sbin/so-fleet-start create mode 100644 salt/common/tools/sbin/so-grafana-start create mode 100644 salt/common/tools/sbin/so-kibana-start create mode 100644 salt/common/tools/sbin/so-logstash-start create mode 100644 salt/common/tools/sbin/so-mysql-start create mode 100644 salt/common/tools/sbin/so-playbook-start create mode 100644 salt/common/tools/sbin/so-redis-start create mode 100644 salt/common/tools/sbin/so-soctopus-start create mode 100644 salt/common/tools/sbin/so-thehive-start create mode 100644 salt/common/tools/sbin/so-zeek-start diff --git a/salt/common/tools/sbin/so-cortex-start b/salt/common/tools/sbin/so-cortex-start new file mode 100644 index 000000000..db383e2e8 --- /dev/null +++ b/salt/common/tools/sbin/so-cortex-start @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-start cortex $1 diff --git a/salt/common/tools/sbin/so-curator-start b/salt/common/tools/sbin/so-curator-start new file mode 100644 index 000000000..676da0d2e --- /dev/null +++ b/salt/common/tools/sbin/so-curator-start @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-start curator $1 diff --git a/salt/common/tools/sbin/so-elastalert-start b/salt/common/tools/sbin/so-elastalert-start new file mode 100644 index 000000000..7101eec15 --- /dev/null +++ b/salt/common/tools/sbin/so-elastalert-start @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-start elastalert $1 diff --git a/salt/common/tools/sbin/so-elasticsearch-start b/salt/common/tools/sbin/so-elasticsearch-start new file mode 100644 index 000000000..76a3baac6 --- /dev/null +++ b/salt/common/tools/sbin/so-elasticsearch-start @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-start elasticsearch $1 diff --git a/salt/common/tools/sbin/so-filebeat-start b/salt/common/tools/sbin/so-filebeat-start index e5ce6ed88..e15c2e5e9 100644 --- a/salt/common/tools/sbin/so-filebeat-start +++ b/salt/common/tools/sbin/so-filebeat-start @@ -1,17 +1,20 @@ #!/bin/bash - -# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC - -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -docker rm so-filebeat && salt-call state.apply filebeat +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-start filebeat $1 diff --git a/salt/common/tools/sbin/so-fleet-start b/salt/common/tools/sbin/so-fleet-start new file mode 100644 index 000000000..06133ef58 --- /dev/null +++ b/salt/common/tools/sbin/so-fleet-start @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-start fleet $1 diff --git a/salt/common/tools/sbin/so-grafana-start b/salt/common/tools/sbin/so-grafana-start new file mode 100644 index 000000000..660d1d31b --- /dev/null +++ b/salt/common/tools/sbin/so-grafana-start @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-start grafana $1 diff --git a/salt/common/tools/sbin/so-kibana-start b/salt/common/tools/sbin/so-kibana-start new file mode 100644 index 000000000..edf7ec61f --- /dev/null +++ b/salt/common/tools/sbin/so-kibana-start @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-start kibana $1 diff --git a/salt/common/tools/sbin/so-logstash-start b/salt/common/tools/sbin/so-logstash-start new file mode 100644 index 000000000..cd2e168f4 --- /dev/null +++ b/salt/common/tools/sbin/so-logstash-start @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-start logstash $1 diff --git a/salt/common/tools/sbin/so-mysql-start b/salt/common/tools/sbin/so-mysql-start new file mode 100644 index 000000000..1a02b7658 --- /dev/null +++ b/salt/common/tools/sbin/so-mysql-start @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-start mysql $1 diff --git a/salt/common/tools/sbin/so-playbook-start b/salt/common/tools/sbin/so-playbook-start new file mode 100644 index 000000000..34ddf18aa --- /dev/null +++ b/salt/common/tools/sbin/so-playbook-start @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-start playbook $1 diff --git a/salt/common/tools/sbin/so-redis-start b/salt/common/tools/sbin/so-redis-start new file mode 100644 index 000000000..3ef2d3c01 --- /dev/null +++ b/salt/common/tools/sbin/so-redis-start @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-start redis $1 diff --git a/salt/common/tools/sbin/so-restart b/salt/common/tools/sbin/so-restart index 0bf5b7736..968b7233a 100644 --- a/salt/common/tools/sbin/so-restart +++ b/salt/common/tools/sbin/so-restart @@ -20,7 +20,7 @@ . /usr/sbin/so-common echo $banner -printf "Restarting $1\n" +printf "Restarting $1...\n\nThis could take a while if another Salt job is running. \nRun this command with --force to stop all Salt jobs before proceeding.\n" echo $banner if [ "$2" = "--force" ] @@ -31,5 +31,5 @@ fi case $1 in "cortex") docker stop so-thehive-cortex so-thehive && docker rm so-thehive-cortex so-thehive && salt-call state.apply hive queue=True;; - *) docker stop so-$1 && docker rm so-$1 && salt-call state.apply $1 queue=True;; + *) docker stop so-$1 ; docker rm so-$1 ; salt-call state.apply $1 queue=True;; esac diff --git a/salt/common/tools/sbin/so-soctopus-start b/salt/common/tools/sbin/so-soctopus-start new file mode 100644 index 000000000..e0d2a2a35 --- /dev/null +++ b/salt/common/tools/sbin/so-soctopus-start @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-start soctopus $1 diff --git a/salt/common/tools/sbin/so-start b/salt/common/tools/sbin/so-start index 8ad0326db..70b8d6aed 100644 --- a/salt/common/tools/sbin/so-start +++ b/salt/common/tools/sbin/so-start @@ -1 +1,36 @@ -sudo salt-call state.highstate +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Usage: so-start all | filebeat | kibana | playbook | thehive + +. /usr/sbin/so-common + +echo $banner +printf "Starting $1...\n\nThis could take a while if another Salt job is running. \nRun this command with --force to stop all Salt jobs before proceeding.\n" +echo $banner + +if [ "$2" = "--force" ] +then + printf "\nForce-stopping all Salt jobs before proceeding\n\n" + salt-call saltutil.kill_all_jobs +fi + + +case $1 in + "all") salt-call state.highstate queue=True;; + *) if docker ps | grep -q so-$1; then printf "\n$1 is already running!\n\n"; else docker rm so-$1 >/dev/null 2>&1 ; salt-call state.apply $1 queue=True; fi +esac diff --git a/salt/common/tools/sbin/so-stop b/salt/common/tools/sbin/so-stop index 6fb369826..108424bb9 100644 --- a/salt/common/tools/sbin/so-stop +++ b/salt/common/tools/sbin/so-stop @@ -20,8 +20,8 @@ . /usr/sbin/so-common echo $banner -printf "Stopping $1\n" +printf "Stopping $1...\n" echo $banner -docker stop so-$1 +docker stop so-$1 ; docker rm so-$1 diff --git a/salt/common/tools/sbin/so-thehive-start b/salt/common/tools/sbin/so-thehive-start new file mode 100644 index 000000000..17ec7bfaa --- /dev/null +++ b/salt/common/tools/sbin/so-thehive-start @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-start thehive $1 diff --git a/salt/common/tools/sbin/so-wazuh-start b/salt/common/tools/sbin/so-wazuh-start index 195287314..dd64354c7 100644 --- a/salt/common/tools/sbin/so-wazuh-start +++ b/salt/common/tools/sbin/so-wazuh-start @@ -14,4 +14,4 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see . -docker rm so-wazuh && salt-call state.apply wazuh +docker stop so-wazuh diff --git a/salt/common/tools/sbin/so-zeek-start b/salt/common/tools/sbin/so-zeek-start new file mode 100644 index 000000000..ccd475bb6 --- /dev/null +++ b/salt/common/tools/sbin/so-zeek-start @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-start bro $1 From 7415ed8dd080ba68067986e9f9931e72f2cbc0d5 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 3 Jan 2020 13:31:19 -0500 Subject: [PATCH 28/44] manage threshold.conf with Salt - https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/127 --- pillar/thresholding/pillar.example | 44 ++++++++++++++++++++++++ pillar/thresholding/pillar.usage | 20 +++++++++++ salt/suricata/files/threshold.conf.jinja | 32 +++++++++++++++++ salt/suricata/init.sls | 10 ++++++ 4 files changed, 106 insertions(+) create mode 100644 pillar/thresholding/pillar.example create mode 100644 pillar/thresholding/pillar.usage create mode 100644 salt/suricata/files/threshold.conf.jinja diff --git a/pillar/thresholding/pillar.example b/pillar/thresholding/pillar.example new file mode 100644 index 000000000..705cb606c --- /dev/null +++ b/pillar/thresholding/pillar.example @@ -0,0 +1,44 @@ +thresholding: + sids: + 8675309: + - threshold: + gen_id: 1 + type: threshold + track: by_src + count: 10 + seconds: 10 + - threshold: + gen_id: 1 + type: limit + track: by_dst + count: 100 + seconds: 30 + - rate_filter: + gen_id: 1 + track: by_rule + count: 50 + seconds: 30 + new_action: alert + timeout: 30 + - suppress: + gen_id: 1 + track: by_either + ip: 10.10.3.7 + 11223344: + - threshold: + gen_id: 1 + type: limit + track: by_dst + count: 10 + seconds: 10 + - rate_filter: + gen_id: 1 + track: by_src + count: 50 + seconds: 20 + new_action: pass + timeout: 60 + - suppress: + gen_id: 1 + track: by_src + ip: 10.10.3.0/24 diff --git a/pillar/thresholding/pillar.usage b/pillar/thresholding/pillar.usage new file mode 100644 index 000000000..1626433b1 --- /dev/null +++ b/pillar/thresholding/pillar.usage @@ -0,0 +1,20 @@ +thresholding: + sids: + : + - threshold: + gen_id: + type: + track: + count: + seconds: + - rate_filter: + gen_id: + track: + count: + seconds: + new_action: + timeout: + - suppress: + gen_id: + track: + ip: diff --git a/salt/suricata/files/threshold.conf.jinja b/salt/suricata/files/threshold.conf.jinja new file mode 100644 index 000000000..6c40f6cb9 --- /dev/null +++ b/salt/suricata/files/threshold.conf.jinja @@ -0,0 +1,32 @@ +{% set THRESHOLDING = salt['pillar.get']('thresholding', {}) -%} + +{% if THRESHOLDING %} +{%- for EACH_SID in THRESHOLDING.sids %} + {%- for ACTIONS_LIST in THRESHOLDING.sids[EACH_SID] %} + {% for EACH_ACTION in ACTIONS_LIST %} + + {% if EACH_ACTION == 'threshold' %} +{{ EACH_ACTION }} gen_id {{ ACTIONS_LIST[EACH_ACTION].gen_id }}, sig_id {{ EACH_SID }}, type {{ ACTIONS_LIST[EACH_ACTION].type }}, track {{ ACTIONS_LIST[EACH_ACTION].track }}, count {{ ACTIONS_LIST[EACH_ACTION].count }}, seconds {{ ACTIONS_LIST[EACH_ACTION].seconds }} + + {% elif EACH_ACTION == 'rate_filter' %} + {% if ACTIONS_LIST[EACH_ACTION].new_action not in ['drop','reject'] %} +{{ EACH_ACTION }} gen_id {{ ACTIONS_LIST[EACH_ACTION].gen_id }}, sig_id {{ EACH_SID }}, track {{ ACTIONS_LIST[EACH_ACTION].track }}, count {{ ACTIONS_LIST[EACH_ACTION].count }}, seconds {{ ACTIONS_LIST[EACH_ACTION].seconds }}, new_action {{ ACTIONS_LIST[EACH_ACTION].new_action }}, timeout {{ ACTIONS_LIST[EACH_ACTION].timeout }} + {% else %} +##### Security Onion does not support drop or reject actions for rate_filter +#####{{ EACH_ACTION }} gen_id {{ ACTIONS_LIST[EACH_ACTION].gen_id }}, sig_id {{ EACH_SID }}, track {{ ACTIONS_LIST[EACH_ACTION].track }}, count {{ ACTIONS_LIST[EACH_ACTION].count }}, seconds {{ ACTIONS_LIST[EACH_ACTION].seconds }}, new_action {{ ACTIONS_LIST[EACH_ACTION].new_action }}, timeout {{ ACTIONS_LIST[EACH_ACTION].timeout }} + {% endif %} + + {% elif EACH_ACTION == 'suppress' %} + {% if ACTIONS_LIST[EACH_ACTION].track is defined %} +{{ EACH_ACTION }} gen_id {{ ACTIONS_LIST[EACH_ACTION].gen_id }}, sig_id {{ EACH_SID }}, track {{ ACTIONS_LIST[EACH_ACTION].track }}, ip {{ ACTIONS_LIST[EACH_ACTION].ip }} + {% else %} +{{ EACH_ACTION }} gen_id {{ ACTIONS_LIST[EACH_ACTION].gen_id }}, sig_id {{ EACH_SID }} + {% endif %} + + {% endif %} + {% endfor -%} + {% endfor -%} +{% endfor -%} +{% else %} + +{% endif %} diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls index a30010d5e..ac876212c 100644 --- a/salt/suricata/init.sls +++ b/salt/suricata/init.sls @@ -70,6 +70,14 @@ suriconfigsync: - group: 940 - template: jinja +surithresholding: + file.managed: + - name: /opt/so/conf/suricata/threshold.conf + - source: salt://suricata/files/threshold.conf.jinja + - user: 940 + - group: 940 + - template: jinja + so-suricataimage: cmd.run: - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-suricata:HH1.1.1 @@ -84,9 +92,11 @@ so-suricata: - INTERFACE={{ interface }} - binds: - /opt/so/conf/suricata/suricata.yaml:/etc/suricata/suricata.yaml:ro + - /opt/so/conf/suricata/threshold.conf:/etc/suricata/threshold.conf:ro - /opt/so/conf/suricata/rules:/etc/suricata/rules:ro - /opt/so/log/suricata/:/var/log/suricata/:rw - network_mode: host - watch: - file: /opt/so/conf/suricata/suricata.yaml + - file: surithresholding - file: /opt/so/conf/suricata/rules/ From 4dc667d8051bb3dee07258447103973590f90fa5 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 3 Jan 2020 14:50:32 -0500 Subject: [PATCH 29/44] change threshold.conf template - https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/127 --- salt/suricata/files/threshold.conf.jinja | 50 +++++++++++++----------- 1 file changed, 27 insertions(+), 23 deletions(-) diff --git a/salt/suricata/files/threshold.conf.jinja b/salt/suricata/files/threshold.conf.jinja index 6c40f6cb9..45642404a 100644 --- a/salt/suricata/files/threshold.conf.jinja +++ b/salt/suricata/files/threshold.conf.jinja @@ -1,32 +1,36 @@ {% set THRESHOLDING = salt['pillar.get']('thresholding', {}) -%} -{% if THRESHOLDING %} -{%- for EACH_SID in THRESHOLDING.sids %} - {%- for ACTIONS_LIST in THRESHOLDING.sids[EACH_SID] %} - {% for EACH_ACTION in ACTIONS_LIST %} - - {% if EACH_ACTION == 'threshold' %} +{% if THRESHOLDING -%} + + {% for EACH_SID in THRESHOLDING.sids -%} + {% for ACTIONS_LIST in THRESHOLDING.sids[EACH_SID] -%} + {% for EACH_ACTION in ACTIONS_LIST -%} + + {%- if EACH_ACTION == 'threshold' %} {{ EACH_ACTION }} gen_id {{ ACTIONS_LIST[EACH_ACTION].gen_id }}, sig_id {{ EACH_SID }}, type {{ ACTIONS_LIST[EACH_ACTION].type }}, track {{ ACTIONS_LIST[EACH_ACTION].track }}, count {{ ACTIONS_LIST[EACH_ACTION].count }}, seconds {{ ACTIONS_LIST[EACH_ACTION].seconds }} - - {% elif EACH_ACTION == 'rate_filter' %} - {% if ACTIONS_LIST[EACH_ACTION].new_action not in ['drop','reject'] %} + + {%- elif EACH_ACTION == 'rate_filter' %} + {%- if ACTIONS_LIST[EACH_ACTION].new_action not in ['drop','reject'] %} {{ EACH_ACTION }} gen_id {{ ACTIONS_LIST[EACH_ACTION].gen_id }}, sig_id {{ EACH_SID }}, track {{ ACTIONS_LIST[EACH_ACTION].track }}, count {{ ACTIONS_LIST[EACH_ACTION].count }}, seconds {{ ACTIONS_LIST[EACH_ACTION].seconds }}, new_action {{ ACTIONS_LIST[EACH_ACTION].new_action }}, timeout {{ ACTIONS_LIST[EACH_ACTION].timeout }} - {% else %} + {%- else %} ##### Security Onion does not support drop or reject actions for rate_filter -#####{{ EACH_ACTION }} gen_id {{ ACTIONS_LIST[EACH_ACTION].gen_id }}, sig_id {{ EACH_SID }}, track {{ ACTIONS_LIST[EACH_ACTION].track }}, count {{ ACTIONS_LIST[EACH_ACTION].count }}, seconds {{ ACTIONS_LIST[EACH_ACTION].seconds }}, new_action {{ ACTIONS_LIST[EACH_ACTION].new_action }}, timeout {{ ACTIONS_LIST[EACH_ACTION].timeout }} - {% endif %} - - {% elif EACH_ACTION == 'suppress' %} - {% if ACTIONS_LIST[EACH_ACTION].track is defined %} +##### {{ EACH_ACTION }} gen_id {{ ACTIONS_LIST[EACH_ACTION].gen_id }}, sig_id {{ EACH_SID }}, track {{ ACTIONS_LIST[EACH_ACTION].track }}, count {{ ACTIONS_LIST[EACH_ACTION].count }}, seconds {{ ACTIONS_LIST[EACH_ACTION].seconds }}, new_action {{ ACTIONS_LIST[EACH_ACTION].new_action }}, timeout {{ ACTIONS_LIST[EACH_ACTION].timeout }} + {%- endif %} + + {%- elif EACH_ACTION == 'suppress' %} + {%- if ACTIONS_LIST[EACH_ACTION].track is defined %} {{ EACH_ACTION }} gen_id {{ ACTIONS_LIST[EACH_ACTION].gen_id }}, sig_id {{ EACH_SID }}, track {{ ACTIONS_LIST[EACH_ACTION].track }}, ip {{ ACTIONS_LIST[EACH_ACTION].ip }} - {% else %} + {%- else %} {{ EACH_ACTION }} gen_id {{ ACTIONS_LIST[EACH_ACTION].gen_id }}, sig_id {{ EACH_SID }} - {% endif %} + {%- endif %} + + {%- endif %} - {% endif %} - {% endfor -%} - {% endfor -%} -{% endfor -%} -{% else %} + {%- endfor %} + {%- endfor %} + {%- endfor %} -{% endif %} +{%- else %} +##### The thresholding pillar has not been defined + +{%- endif %} From a646c1123f3d0121ce52d9b951c69e79bd7faf7f Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Fri, 3 Jan 2020 21:31:40 +0000 Subject: [PATCH 30/44] fix typo --- salt/tcpreplay/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/tcpreplay/init.sls b/salt/tcpreplay/init.sls index a6cc62c32..3050b97f5 100644 --- a/salt/tcpreplay/init.sls +++ b/salt/tcpreplay/init.sls @@ -7,7 +7,7 @@ so-tcpreplayimage: so-tcpreplay: docker_container.running: - require: - - so-tcpreplay + - so-tcpreplayimage - network_mode: "host" - image: docker.io/soshybridhunter/so-tcpreplay:HH1.1.4 - name: so-tcpreplay From 5ce5a46292e5a8bd5c0cf78e370cee83eae5595e Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Sun, 5 Jan 2020 21:25:01 -0500 Subject: [PATCH 31/44] Playbook - redmine.db schema changes --- salt/playbook/files/redmine.db | Bin 2207744 -> 2207744 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/salt/playbook/files/redmine.db b/salt/playbook/files/redmine.db index 7d84b5856cd5da11e7431b3bebcefaa6443b4fa1..52f171833057343cb6df144bf88c5ba79b1dd785 100644 GIT binary patch literal 2207744 zcmeF431A!5nfOPyM$*ifgv1F+$iy6uli1dMaf-wwhLD6DTm_V|G_pl>7-^KmKmkoy zN?o8Vr3F$56ew3IP?`eEQrcxHWm&dmyDV*47J5*Ywj3>`Kq>$B|Gjymv1BO@p-G6- z&y&pizIVUhJ7z|2=Djs1FV8Bnm?@U>k|G9}HpXOPjul0QIc1Px%(EEAq%aI~D#&+& zX@&o_KT}QEu?cbXc;hzk;1(V;gYl^FqVRvh&xPlOr-dhk$Ak}rXN7l!H-(3H90$4} z0VIF~kN^@u0!RP}AOR$R1dsp{KmyE->NKFRzIp+ivsHLzXKq%HfODq07|sVC38#~* z(Xl@dbD6;(~IS zgx@pp5C4z=5E;%5(#<-rc$Y3BpphH!CS`X3x{I<0G&IJcKbu3FAxvJ z;y!;*07AqdeP68C8wIG}-nYR{kULJek70$ijPM6omp>!?Ncg<)72$m0TVREMNB{{S z0VIF~kN^@u0!RP}AOR$R1dzZ41lm~3VWw<;xL8t>u(@8oY@TYdEHudlX&@)3lX-Yw zKPQ(RQyi9sY_?pk$jOqN(|+D4x7i?QUd|85rDUlHzHA=5WsYf+JTO!&ZYVp2?=W_T zaXKyS?56C7Y#DMfbzDxSS}mQHRHY0*nItz#xr$t7ZrJWJTV|S+;s&`;&bm#OIm{+W zNe#)RGWq@=HvPjtB!C2v01`j~NB{{S0VIF~kN^@u0!Uy#Ccrrt!Y>G~GJ?!M&xg3r zdv5e}y038k-gPGXJr*1s!}kBMK4d-Ia;5n_vvab7Q0LB=&UDY2rp|@mJDeMWd{)k-SLLLU0r;gQmn|#Z-QBKkv2U{?mkLr2#QuUIri%G|_ogho zV=_|C7YpEM*bG#%IVIa*1xqxf>b>Np+$O0c*IN}8_%){9Vz{^oex4bUb2%4R%LC*{ zoL8z0jPwpk<)L^2R(;qguc-`^Uz+0aWngz|RvGFqq_dffT!OVB5~-A2F1sqFTyj`a zNbcieXQxX}XO*NP4JOOVNKV$Qs=2v9sB2oaS0}{68#rwBq@zDN-89?#pD`UDy4?RZZSK&C=D;}WDAQ(eiuPDpoEM2R<`z`uK{ePMZVS>NK+Dgi2_Yt$yvtMRAP+c`MU=9k569 z#m|O(%{1~w8b_;qk?vCi)wU-ybenq?G}rEF-#e_hz0)bx3EQ;*N5$LG`I^Xc*V^!R*w zd_FxspB|r2kI%2i=hx%&>+$*Z`22c&emy?F9-m*2&#%Yl*W(N5@dfnw0(yJ_J-&b* zUqFv9pvM=`;|u8V1@!oWdVE1WzMvjoP>(OD#~0M&3+nL&_4tB%d_g_FkRD%1k1wRh z7t-Sk>G6g1_(FPoAw9kj#0SgRoL&_Vf@az~jrMA%i8j+yn;ON+VY#IJ-Y(_D6-7lZ zlfG%)ZS6HvfkB&`lAE$=Whe=qqF7O&!}~g2)#yyf;;dUqHU+m2o;_GI)dQz#Io?^jhpQP} zeW0zoKW=84E@Bh5^(hBHwrW=mr^z|3^;IKLf!B3Q^fG2%3%zl- zJY$TYm)PbpVzsQ@Lc#qLDYI+0Wod`Nyf8Sl3y?Rs1<+dFj>oUQHR8#nyOW&R_k7M^ z*iv}N*wm@D+a(HZPSe18a{rQSL18~`mYV9S=z^EmxM(a%rq9 zl7Y5c?DT8rfOZaQ=a6;|Yv+h|j%w$acJ@IPKrkN-?W4hcG`x>S;DZ>PyQ_FD#@Om1 z&blsBD{x_p58O3e2%<_w~CiUo9Y3XP6;7 zb9c&XfM=+l8Bi>x6$4wg{ub1wutA2(Jr|3ttxoh4sSe!aob!gjnPYO{l3w+bIH{8+JUGr;m7tIZ6C*$Vcslz@$oG55Rv3X1t4 z;ZMTb!f%CFg#Q(u7k(%_CH#x&Czd4YHGChi0758UhAueg`EA9K%g|HeJe{WG_n z`#N_!cN2FV_mA8tw}rcat8fKwkXz54&aLK7>2TtJR3Y|&sm;RJS#oRJPA+S z6YwnZ9Oh~Fw0T&M+5KntJMK5!ueyKY{!jPQ?tgVZ>i(AdUiTgDo88yDuXcaVeTn`tS@eu2mm~ zAg2FO9~uDTY4xEK!T2}zp+#Ukr9LzTjPI)t4ukQe`rw&hd{2FFB^Xbr5Bk7(RDJLe zFdkGNw1M%@>bEw4@re4Z{(59*1 zm;=Uv>iq>UrmFV?Eb|og{^P(nK)oN*Gqhj%7?S$+v%y%eetj_* zN%iZHCDYmJ*Uey@rQSn$o~hn*5*VLS?}1#KmZk5=y{DFoHKNhSj7-6w$ISMOd3hF86t)NQYNmjXtQdRGdJx$0e{iXT&N zodL!a^)6T`-85Cb%Lm56>Rq$In4{iBYI?SM=VmZwsCS+L#&q@0C14z>-bq^45$c^J z_zLw7fMq&Ky<-rJ6V*FNvpGS%BLK!S^$t>hOVvBzyKB?&>g@zpPQ9I!;eGY?RbafQ z-cEqLtKNPX7=Ki6ZwKQY^{eND@dx#*G8k{GUnPy`_v%-V2IF_?S4o_2sb3{{-c)ZR zWq(7xO#TS&L~mU_#nU~E@!Nr3T9^%j!d2h>|gEBJ=`l`vI6OxpD!>P>`ohk6rX zJx{%fa1qs;y1@vkH<4K4>P@65QFYrU;mC3M46ECq?9BV>wg?#SsoUm(@vgef4aOhU z8_xyf59*Dp!FXG}@klVJ3Z5__cZi@MK<7Z-5GC z{!jffR1Wj1`empb=2z;Mp~9J8s$Yf*XMUl6xebh;sav7vFwd)7fi?3Zb!#UW&#GIA z+Yi<20T%O&dOh%D{$0JEWcMlcdJ&8#)$3hgd{4bD2gVcXbc|oV@>UbB-|lLeDDC9QV&b#6Ki}1dsp{Kmter3G5jHm&!IL z!MX48Y1gNu6XT&9&|d87zt&9pcdw zc}hu&*qfF&_7-40j3%#un?y$b;KS=&LF_JP>by^oxKgSVAZ{5#cz2loAtcrc)UP5g z>tD0>`2OX6ouYV%2s8?^s1(JFl!MA2E|y`DhK(|iqGr82ti7aR6>CH}mzIc;hS8|j6*d%#n+i}@WF3jPwqOM3f>oJnl>jSz&_zGyrch3w(_ob_)->Zlp!3VAib57r z7Y9Z}STsxA2+L4GLl*PdGAwS98X|b|GW3)*pogWnr4gj&6dZTPk$- z892K2n7dEXIV8QDYq*px!U7~CFgTEbtp*pHI2;abS#2U!JB?H=Su+PKl{ARSSgF2vDB1)4I~4VjUkq%*YmD%r@E*+m zzX2ltApsko0 zmxKp}F9-V1eus-W!sP5GanUWH z;Qa~MZY)*NULPZG>X?`4+G2Q{Xb@gBTV!`JK9+`ASC-)&v3l?0eb2YKn7JlrC!{c| zKTmdlfoN>nb`7iamoLapFz~tr!yICT3{$`D>q>)AC~K2PKf}zkxR`0Ww`CC4(&Q;{ zn3=@HYN@UuTZ-k(4W8hQAqjR~U__IPnaXOpo4LHWslgBIR|B~s&;Ja3Spd)f-ytIY zAps{}OHX4Bxd9wlwUrNbLu>cENc0xS)k>s#6C?|8$NU@^CVFAFL zoYBl~Snac1k;_t46b&H{yeZBT2SknY{Bq?W!&_ z!D@(G1eTkqNIS@i_^GpuWQp85iTI#YP?Y3(#bO>->~raA9?Cfcc?j<|VAYdhVMncc z>=Tt`QdJME>`&Ih$G=@8P<#J>*FvFhB!C2v01`j~NB{{S0VIF~kN^@u0!Uyo5#X%< z%J7yq8R1f4F<;`lxF5R@cjehLoU^W)%rU8( zv@LWtk^ORDE1Q~m%;MF3iM4&=+Qf0o`^1i#b%!{=Bb)AkeY9YO6j%^t)$0C}601)a zPwYEgOsreGvVR4HJE?EQT5-in_`h!X@@U+HZj?%?A=uVyN#F5_b<5Yn z@Aj>I*C$l->#g?+dv}#!dmbY@UGA4nZ%q1{*`Esldu=b@UFB2T4tBK9oN3x}zSe@3 z;s)5ijh^QksAdw#&%Wq53C-5aG`WvmO#5AM)o3g)$7 z778Z6Iz+Omn*wVdHMIRL$ITJ=+%!OMx8ZOZmXJr;Kr0#s#qx~ z#u(HhjxM#$?P%}pG;K+0_)-;Urun4S6v_>Xrx9p_+s7hHW5}Kd4W(i1ouGx*1*sca zTNH~hpe2EM++2F+AoaFS@OM?iE=PMTW>OvXNVJH`Nu>lEAi~9{KKe0RcS}g)f)ZNw z!FQfJJ<*+bgp9L0&bZ!?$7Q@`>zXLzHBY;q@fN+OMQwF)Cow1No}u@Q9(#LtyXhir zl-ZQskgXqPG~KJ0R3B%?`=JAkW=o1&SAec+U$>*Zz1^f{wRWNT(N4XM@QlFqZS*7E zjnt)98*J*wRoHc}q-gIDj2lntZfNNCqs?93XGGKmq(^rT?Y}jaRd%>0EHs_2@hqR4 z%PKOwfdN|_7Ed zWJJ?1yAq7(6J2&&x_2ea_V#tXJ0eqtJM6ra%x4En5?ODsob)wWSvH#-?Y+IG>Rei1 zFgL`Xg}vm|8{Gv|1L@mL>VJm2*!bay+Bw_k6c>bi{m zfIr3gp7jCexz2NUCBNtw2_OL^uqO$qXP@n8pEu9+5Ben1kW?6y;Y&UE5ws>9(fIS| zm;?D;w0`cO_VfO@ABf4d0e>tM&qj4tJ_`O<>gM1oECoYYtords9@>@0i#d^Glaw<>CIsT;!J@^jiw~2dK z)w06To>*wAc51)v%LVPylgt;>m7H8Z>od-!U#G6m|BQ33o0O(ALF3$;=7biUaxZPALly0)<5oy5mXDA4jIE*YY<)415R+XAJu89o~R+y=OF1^Z<1FVRTGJY=lu`HwHpRuk9K<%h4W~W2(Bf zOz2Z3^=-Rmby#C9)vTLZbIoCVGv-cawth@fdpKCteVU`a4ciHCA!y;$hf>^; zdo8n#FNPRbkH*)Q(oiy(P1Rrf>#9yU+R+|?2BQyhMqf*6sg@zlx@)j*nb0Zhum_KY z9p8oZ7zin&$CGjy#U!I#l|PEMn-jGvF+4(Uv=9HAERJogmL~V6J3f2Wv_0$Sl7Ia zZ{y`uDLYJN=Ett?`a~*k{=9vfJ4^*&Eoa*h|>WY=%99UBMp5hS>$|!R!>)?)<>{rt=rh z=bcYGA9Ft7yxqCgd8JczZgigGJlnb2dAu|3>~VHDr#oGazc}7@yy|$t@dL->jt3og zJGMElc3kQ>&rxs;I8Je#;5gdh-%pN3j{V}Wd-m*My>Raz`^unb9cAnc!_K$jH%I$G zmAD?Y-n|cGW1r0eTq>cp+AOTubcJJyA%D)X%8)T~~{>$(z?&DfcH(1mhTO|u$ardvTWdv&SZ(~%x=`>r9+aG4Exx{EjD16>Ch@)XzM zhTP`z8#3=Y+K@f26AanqI>nHkt^q@~y9$PEb)9F(X4j>L%($+u$;@9|+YI?b*WHHv zf$Kp-e&6-DA;0VTfg!)+dclz2cD-uIzjM89$Zxv-V#u$%U55M{_jE&k&D~+huey5- z`4xBEkbmJm-jILhUTw%Pxz9G_7v1L=@(b>bhWrz^YRJ#KuQcT6+*=L#NABAV`C0b^ zhWrEfV}|^U`)Nad+WovCKjr>~AwTJU(~zHVe_+Uud+dh%UC$Ile#~>QAwTL_V91Yn z!iM~?=Qu-t(6hpjw|mYo4=-+w&zuzSDDyA>Zz~*N|`X zJYvYVc%C%mn>{}==Uqd-jx!tbmpI;#ui*|dC$R`qb{xDFV>|M{HQK1=daPF z6Zmbqw2Z$~myYKj(4{5(qq=k)|D-M*%Rj42NAoY}(vkctx)kT%)TJo@zAl9Yvn~Y% zk1qLz>AK_@iU!fCP{L5$V}yLfV1fm;Z5O1;c4Mv;dWU0?_wb@oFOa~ zg2Ft3=l{&V2J8Gi&flkb{p7NXDI)E1tR53s&5i74re}r8QvXuCscT`Qk>fa@AS=h`9!KeKpzZtR7>&@NKZN)mh!m zT>T1IS?a95#9U3*<@=z{N@f1B2dw_YS=&vNM2@*?DcJme%;q%a^Jjw1D`PgtF;|wr z=IJq;Ma&hS0h@mtvzftMz76012PXK31dsp{Kmter2_OL^fCP{L5Nh1Tr;)XI^*FV(lkBWY8+#8CALOroiAQ%oAEB;4BUj&x>Cz}F9{Lx6jKdcAt z9xfHrW*d~tB>b728O_++<;3)m01`j~NB{{S0VIF~kN^@u0!RP}Ab~wh;Q!e<_CChJ zE;S1a_|@!EZmQ=9_Yd6zu0OI%8;?Dl5sV%QAOR$R1dsp{KmwDEK&IQluv5=UB&6YN zSoVi9UMb`EM+QQ2X23Tf$$@k_lFAJD(*xmPI+Y3g1769PqJd4BBXNH)9*Fb=V}YnQ zwqqC1?WS)|Ha36f`Q5PA!I)-2({PmKav7%YQYn8dA`eJ0Ns@g2fmkXy;2p?B2K*`6 z@ALbkvNx51y}1KgEAaWceb7Dv@t~JX;rYC52Ku^RQ4urhttcG?-64TR) zL?U5tCL={-(Qqmg^JZk(>ks%+v2aF8#UjB_C>)JuQnbbSyksKL7m5e{WFj%(4|yYD znhS4tz(=+YC;wtS;b_Poj%NK(uy#@~h&5df1Vdq;Kbr9c(y>f*APPB^(ivYW5R-j= zc_11LMZI1Lx`n=@Io*pq7>tMfJ+Kpb&`*p}bVib6VaRXD2R0FJDiBGHD^&otYVYyIqLI3pSZ(k1V4Vy981wvI zE7e|0D9h>1!mc%oNIIC7Qr@sH5(|bizHl10u8(@tQLis8LBmW#JBOB^0b8=seQg(e zXo1044>ZeAi1ve)E{yO+Cbzc=He`XWMVh--Ea*S6K+Nx#yqST4Sil$aOKIOgFeCY3 zY!8Ma(6>NH2Whd48TxSC>+1=HqM?A^+FQAh5^dN^#o~mQ7_;y#M)-m7EjS+AOUYs~ zNB{{S0VIF~kN^@u0!RP}AOR$R1dzba2(;Us%wbNG)6A~P4(27XKR;Y7DQ44Od8?C| z=44qjOFj`W{S_kWm^d=dBQbXOg=TIk|2zJ({A~Ayo5QV-Li=-X32NUM`8qg~o~2 zKr9|4Uk1l~A$_j0HvjI2*9t;C(Qqgd2(K&4r9!bF`_o}591F@`?|?U*i9`ebv>Y6e zWxte4MIy0=S6ZTREe7Ef#?CO+PdTPCv(B0|%h^!Sf|MI6E9n$WqXz=;u0lYTLcvff zB|*&o3{0xZnP4d9j|~K%Kz@mO*A2hd@9p;bV9r?d`pJt4fk02x2h;R{S{b1v@X`W& z{S2=&z^rQ|8uIFs$>2i2i-!5wa8J}9fj1#)WeiENflw&qi^#rAC>4fNFq27xAw`4f zfmFnp=^u+hIHkJUG?i&TtGyj6lG7@3DyhhHK3fRO0dFMcONGOgZ%-iL4F(`AnIt#njDzH549IDq?vTrL_2g;VfqQXm>gM*}cT9q~oeKEFg}tR<+~|qj^pM!oeU{c zC)35i=jhN5M)JkV_;1hQ^`&T!pS&2NGp@^};bH_PnJN}?BgyG$_|W8OeW|K7bWO~YkrsaP3?h)&YtNt?A~7B(bf zWNU&{!hV0anLkNIbJ0>U;(<}(?%g|5?5Wtu`hQH@o{AmgMFL0w2_OL^fCP{L5JL-@Z@_mn_RUYXv#ENgf!2-RRoXIp!|-jDRd)3ST7n!rnle zI=jv)>W>9OZR)I=l@C6QfDcciZR$aqRRmP{U;!3d^tGuob*rE+24AkgdUWLgARE3QIJBwL3@gZ9$nS?t9H?9Qy%8@gbLjH)eHe6it;LKz`oTZ2`|4*`V+EBJb)P33D=UcWC8 z2>QW_GpwN0kTrw+NVKefdy$B0uWOGMuMv zJp;}MUVAj8{^FNlJwH?XbzV3xzwt;opS;Zs_CNSXS$L5wv;j6Nw}F4=KQ5msyh&}C z6GqpA&9^_d3eHpDf8C!AWSj6yIGeT#e-{2Iye0fv_@(f_bzV?J0!RP}AOR$R1dsp{ zKmter2_OL^fCTn&0`w<=bJgYWfL~Re3}d!e`$1k^1(|ts33>nDBs|9m&zY5d_1MP| zWA=8L0JnaZgJ1w8fCP{L5}+$I9q%|^b^OHfwBu37y^fn5S353oY;+7c z&TuSu9PRKrIvfW&?DqHVzp=k)|AGCx_6O{@*}r7J%zmCdXFuD%%6^u`y@3C&P zUS(CSiZx?B&3c0MNNbN(v`(>FE$>=hv%Fw=#`2iue#Gu1XxZ6nnxR8y!{rdo+==TdE$YDKCQsFtT% zj%pjIb`I6DR2!n&Ak{Kdlc|=bT8e4|RFkN-o@z;|olUi~sCFjRK1H=NsCGKlPNUkX zR6B)g>!`MtYHO&rnrbIgZ57p4Qf&p*PNLd!s+~x+6R6ftwPjRWO10yu)hiZ$c zwuovAsJ4J=^QktUYKK$paH<_jwL_`aLA4I5iBuD*b}-crrrK<(&8FHxR6B@jGpII$ zYSXDUooWYC?Lewcq1qIxwNb5&YCP3=s(Gm9p_+?oE~+`H=A@dPYIdqwsb-~`nQCUL zF;rtTjrohFF@K@jhgAEJY9CPT1FF4GwfCv^F4f+p+B;NxhiY$A?QN?4j%vT7+M85+ zlWMP1?RBdChHAf|+G|vMjcTt_?NzG1LbX?@_6w^0f@(jb+Rv!=64hR!+KW_sk!mkc z?FFj+gla#b+VfOb&!{mx?jxJszC_)=D)#Rf!`Djf(Qj?F=vP+Yln(WkMyC&N;*{aD_O}1#V#U*?I^Z)O_^FKVB?+1tL z%E^DQ-~V`rb159hz!8C?7miLi=EBhqhX9Ae>2UlNj`!er3y%MT<7GI0495@Q_&yxp zf#V@K?t|kFIBtUDS~xxr$7kTU2#!r~6yX?zBMHZ;aIA!5DICYZ5rLx@j!rn{!qEgJ$sCUx^v-CU`gOLg-Y-HhmFuWokg=3L!u*G)k;9n^IG zRX5+$&9`*(|8(1I(k z2X!;4o2OC}ULw4h@W#JSh5-MlW&ha3+5GM&0}xY10-qEC;REyVCzUp)`}aq{W-*y8 z7AQA-9KgAM&e)w-GyIQvv#03#E&B*4_=g0L01`j~NB{{SfxSvVJxmZ7=8)kW0yII_?t1cyU-RNlLL47dwvXAQl^?TtzMuw{EdB z*y$=Ol2R#uH1EDn7fGU9jMGp=N@bG%KurkNgiuY0=t7v7mEp9c$mwLUpvTiKX46_u z(sDUP=V(r@$fXf8NhYoo6)7hTYsz^Y{qUNxCp zF?c0%xsTtfCQCDczI)|f?Y|Qywx!L(Gi+juj~$_XyROYHF6Q%z=c5liSy2~TwJaj$M^9{R!N;aot$5}#WN;P`ROSw%_Np7?(DnoLq(Q3H3NiLO# zy=QyMd=!7W@U(T4HDdXzWxM4(%W)Q~`M>_2neR7cuTJf;Ge=bW62rO5V7360 z7IZ_Y(KQPAQ%fRl`tTNPJNM|z{xg-~qgtkuQwj>_V_}PNHE$P zwK3gXVz4A_loY9yOv@Rml2d4aaJN4w`uy=gEFOsTgkk&7NaV}XMk9f67(xrR(7EEElFiFWxj?3M(%$B9 z-X7SVGvW(ILpJ6pBV4LfgsC09-~ckyGGsIw3`ZmVK^qe|qLw1~H8Klwc@dllOjz`T ze&5u;q*W#&G1ve!8V-!hd^wpZmhzGUznBmDT80aTVZYI%{Whj=YN8|$7t2|gd>ctZ z!ISB1nN&T@PytBTAGKBZa3mHAhI@TBW}%RP-|LgoaCSmk;Xp7J4Y467gqW336?2t*L7T(u7L8wq^@a`2 zn*3r;ekdnql$vBRpl(i)mXkL6NIVdZ`}{qyv1>T&?e4ZQokHTAacyATY-+6m2yU7&8CS(CJWOd zdX0y=13u9giTgt&#i&2%5BU2QK#Q4|&^u!-aJkm6VR}{vL#AwLIUA#ap5~AEmUls~ zi8M!(FQzLwS&xFU*T6zEZW&uR3_A^nBlB&{5khlp!=@k+M zc~dg0$oXVmE>x0=G@u8eHRO-`p^5l=g3&-I81Wx&V|+qF8LH$53Q{ #>69X@kJ6 zClK?6fh?#;km!xXeZC&Q z7ur;qo5C#pNGVP1=?IgJnHxw*!^24>tK{S*vI5s^cx6GGVbAb{mvOc0UHdojaJ>n0A+q7F08pU9# zSQ$=A<#Kkg0AsGwn!7IqgHl+aw>G(A8HR((FbwEq%%NFtot`%q@P_$yj5P#ndBwOy z<4qX=P^5CLRm07OPxJ=j-dH>sfm^{~AQJU+&^``GzzaGX;9@_Vg%^Re%Y+ zhtc9FkBwOhw}B1!f3&d1J3uW<>5amTRAiAGhSLKQ8Cg#2jS)7u*KUmsmfAJQ7m4@- zv0fK62QINGyCDl1%ny_IiJ%Hv1_;OC5*cJ|ObBu(rG{$5HF>>>+;)x66io)M(a``5 z99Ca1WNcPKzhWiJsr(M_q`f^Mug@0@E_A>R*R%w*GNlOjN<)e=+%jk2I}{7sVfg7v z3>D!HhFslp#gvpI8axOzbw`@Fpg-!5g>BHU4oFDkbpRMGwEk4PS_E2`DG-E)7`4KP zbpYJ|NTt*e+@P1?kpgbm;W9f6mlt2_kp74_>Jid3_7bHs&y>E;$F4C2Q1M0`d7naJTE#s!FOT#f+>#9#cbb?UT#0Qa0`v#-3h) zc^Gb5eRTc*KQh7}Cm!w56$u~#B!C2v01`j~NB{{S0VIF~kN^^xWCU3F>6V?wo(ew$ zxghH%;X?-g;U5w}0!RP}AOR$R1dsp{Kmter2_OL^upbhzSXh?K|C@!o7~!XI!apQ{ z1dsp{Kmter2_OL^fCP{L5|8EvvVT4zN_deMIV(Lf$ z2_OL^fCP{L5Cy*4j*q zuk*5ZwGu#X(sn2s!KR*v`f4#LvMm4P0JzZcd`PDur+ zG?FUz!d8~~Y^ocqx)oW<_YUNW1HE}zxl=CbZsp#!uv%J}o_j{5JY>8vYFNG(w#e*( zl?h97Pq8%E3oA1Y6|%5$Yb`A2f_1`%$flXAB&C#1Z4i%xr5It^IbZ;*aG>vi>z|kMCdJ*C~pJh(Mzti%L<$ylA-8d1)rC1RvuG^%xl4Ta*S0@RhfQO?E1q3qxg z=TfA>vf)K<6nY~~>W#G4baYpRw5-;X%E3s`w`HY?Wmxvo6qhiqU%y_YjZezSu%0&u zi&3WKfy&^xZba7wEsLwj#))gl#)%@V)CX&0iaIgL0|@i|6KKabQG*#g@g5 zu$C|sT+C<7uoiU+iXw`685(RF2*7rZa!E@L8gywyFQ6tT%g~q$gSwR{QV-&MfI^lT zO~*TeUT=q(Sg`~;DY1gaF7@;kVDWPK6q;s_&N@Ed-?Kmr!v9duf-VwdtU~L;E`t>Z z$A=6+0M3;yq~*=fN1*e-vXMjG1F+m>xqAWUBC8cbzcX-jQykp{N4Hey?lW+7>oIqq zq;p7mIanN>u5$`~l#DMm_y7ooC0NBYE`ldzWEj$r3NX?^J=Iqzydn^Y`yxHTkT)2O zTIl@$yYT(L@a|+9>M^fK00|%gB!C2v01`j~NB{{S0VIF~kigCe*eoWK*&je&)oq6{viP*fCP{L523Dn|3Gj?l|#|6Yn_jzPl&hPqw&W z;+@RATb9ybS{WApsaaN0VIF~kN^@u0!RP}AOR$R1dzbw zCxG++lfMqJ1V{i0AOR$R1dsp{Kmter2_OL^fCP3%0O$XAMhM-J01`j~NB{{S0VIF~ zkN^@u0!RP}Onw6R{6G2Y5KDjrkN^@u0!RP}AOR$R1dsp{Kmtf$X9URm|0dyeMtEI# ziX1!hkM2kS2_OL^fCP{L5d7k6y6|5op%(G01`j~NB{{S0VIF~kN^@u0!RP}Ac4tDKzr%m##k&Y z%b7Dw!rX3VUtk|*zr-r+YPN@UIbU`DtMex3`OZ_FL1&xeb;ncolN=@Y#kS?Pnbx@D12*F5 zdN*S-u_mX}$1rw_<Y4PIC$@p8Z%yWwM%T*||5OyI*8 zF3D25Sjdgo3g+NGP%6yABqA_>v`1@SENx%423Xg;BDLn#IofS_73SERz1I0$G_g;A zEl%%fm*I0>t2l>C#dGA8lFX)SLFSImCqbZ3&`wj!$5@}S7nzqQQ5EcJR_AUx4FH%} z3czX%31a{pUu4{RtiI78@$4j?0kGkDtb$t+4%8(u7G^8~anw(I7>NUK!Y*^7+-FJ@mPVCcH^C@mQo#ap-TCEmyEdyhPVE@cG38nd? z5#m+LDJ0(lkD%a@8h_K#|r_oP~?1@#k=0~q)tF5^N z^Qx|fXe=$W<7o8LGCTH0KP|IkYsgN^Xsq?oSgb9xV`}u%G9GBYW0Wn{R@u3zJ~x&Y z4N$xge6Y2uYK2BTzrja~oQUT&_-K)jxg(m79rs1|t&Br!WQ)P0(a4Paj`atlk%^7@@X`O2$dU4Ac#H%qHwBY6Wkn!qc=0`NN6!L3^!BZF9_z@Sxf8E-WItti-5J^Wqon8)@lX2GIGVS=nb?j>Z@yX4S1m)3K$rp<5-6pyTHsJU2XV?7t`<(-iPySX zSY>$KK@JRFzR{J2UufSga?q-MuQ0;2&b1N!{Lzzk;?<}Q-{=X3*VZ{{z9Hxu?Ki?e zNm~qF^{kf}ej(Q_{MNBvx)ZN;tdBRm?jQ#S4Bu#<;TKBSA_uKlFEPTj&UIb%#~NN+ zN8b#P6W(IX!mkd?oq8%~`|6Rh{@cjP<1MmL73kSaczc1Du<_QTP0VIF~kN^@u0!RP}AOR$R z1dzb45THK+{25*k)PDf5F=hyF7JdO|lUew^ChSU#=obkf0VIF~kN^@u0!RP}AOR$R z1dsp{*jETV=d!`aKxVt$YP$vU^j}nk&w{wmkoEtWwtXd|m=7d?1dsp{Kmter2_OL^ zfCP{L5ZxPV80>JtIeXCM1 zH%I^pAOR$R1dsp{Kmter2_OL^fCP3k0nTh=c;=^O{(0`_oa}kp<8VE|9^w41=?lzH zEr(eD)BZL0r&}FNQJA`$v$A`mt47Xqv=`@?s>N&}EpOIN$xV`y8j?%pWU)YHX&@)V z#w|&ykgl^(Muz2@*Yx7meTlVwV*iRIeW!^XyBtr4xN?QqQH!lZoKIyv;f_VRo2HX= zJGzEP9PP(I#t+y*#w%rQvzc0yshwp|_urh6nnRc63e&;6m;SEBX1Rjdwre4Fmv2b< z(4ECK^l3-?5i?Cywyr*u;s&{(H6tA&wHRzw7fpU?O;BsnAdGsjooHIJv)t?ncl$Et znLQEjo{tl9KBY00%@;b_7tb?QXV%qLYDg*!%4J!pudy-9p;omv=1c~QS`}%XdCaMy z_8d{u`o_HM9gTg6d2R2cG(jqmiPQwnyThsKy2#PK5~|j>!>TRG!$sJgv{)K}L4B;6 z&e?edH-w}ebSyln=0*=)>_eu@c1NN9<~RWSU;pMvb~yq_^|QMiXio$f$vN7)4>MJ} zwKg$WDprQeT5l~w3ndKjw)f&hxaG_$aypqQ74wD{sKctgYI3xn2yLjV zZb+-oD!KL;Dc3vX^x`$#mezY{2uWLYy)$88MBLF;J$BI1K4*?eU86yTOQn)643=wV zPb18l^>~oALW^}op&1vXyxbvflu9t7mgf6Ip)PSr-|>lc%h!sXo%M`2O1TR7ROHQy z;iJ|ShSL&3SS)miL{hSOxxr6YbwA@+dwC>Bz3c|ymPjcs5;zvCN5 zU3=JZ4wwv+Au9PppK|IZ4~F~Wz!d+_}KhVYv3OW`Hq zr(lJDNB{{S0VIF~kN^@u0!RP}AOR$R1dzZ!Ou%YkOe{G$$;m-Zc5z@08jo5<0Qqw_5UYZrDA@O01`j~NB{{S0VIF~kN^@u0!RP}>^cEl|9{t+ zVF)CE1dsp{Kmter2_OL^fCP{L5Lz)lfSW;+q+I~^=k6MUod-VcGdmv!0u2H0c zoLnmA_K9l~$1U#@J6d?@5a(;w$!xkq%oY@RP%eop zR<0FStXsZ(k=Rk6L`y$i7go=Av@e}&uFlIA((-2QluQ>>mAqU~%E@9OnJUSW0@*AU z3~T1=dd~V+Ea^KMal)#9F z`NGb#Fcz#;9_n1XHdIF(?V-7*s-We;NF_O3DxM>!l=_tU#)Mn>ZIRqqL>*n~jOu1b z``o#vEf;Cc!HB{TxW<|{>ndJML)uC< zFE{w<@@%yq^ijLje&Elu)wb{xD~4yQ_1?XkIHY*w-c1oxLjs>P0nb*`@t<@aCV%=> zwtB9k{lqSFwX5z%VN-TPHd&I>*%Dl)wfhy#CYx?_U`89S+Vqa4(GR)V(F4;9c%w79 z_ST%cs_yErqrI=oR1IlSHF~W@lhm%7jcx}wW~9-vG2qT}0ato@S?*G&REv)Gt}fG- zq;^Nq7;B?8yYb$l(eWeRU}%9_-G~@jYPwUYQrU(S8Ixpq;99=TxPv6!XbUR?el%^Z^YX0m?0` znXl>HY2Awclh^f$`V&zLpCkg>qgyy?PepZ!g69tCOXQJ{h+XgmIaL1y*&>P-R?OXv zeZ7U3RtXzV0`*-^&q}LdU{lERJLa{hV00|%gB!C2v01`j~NB{{S z0VIF~S`fhJ{}xct3JD+qB!C2v01`j~NB{{S0VIF~kidRMfV2FH;Z57k+;KLO<5b&& z?kilEuv^)~g)dst=EF_f9UoZUu)JYvYdY>Uk;7p*n)&p8fW&er^OZ?cjAAtg%U#Yg zRj1MAE{CMTpj?(=0bN+#orvQlQ#`joJWrj(*9((8-Y&-Zm1YtA>WUq37< zL;Aw?bxU7nO0X1Yol|Y?dwsE5&AB9R%$Buf@5ir@Z>)Q}6AuF=sgQ!yTZM;R8p4kD z*gSK!dwhMBVjHiZrEX!)%kCzF$hH}O>@pFbh8Dr0;v{rN0(J$oTPPE zE!D-2_QXO{wNuNum+Ne~T#;cp?VLnM((j)oIO6BL-{+Y*GjqOkIp@1)W=^4p23@|y ztO^Pfe9fjL)T{pXKp1QP)8(V`yKWnZo|^_LB(xv zX>RaH>G=aE`wObNIA5ifpFD`OEZyneG`xz;!e>=7ZHo#n>61OxT_M!1w%`Q6 zx(Wd{4r|z z41R<3M^^q|;P;gF*49kU|B_KLM7pV`3onLy9R!^j^p3)_jWHxUN)6g_7=I{zdsNj{%7Q+ zJb{mJ4V6P5;c88{E=YF^X@_o}0$l?xrZ)j|5KG3wz^}!^sc{8V-F>i9kw3(A8pHork&y@Xl(|(`%oRAXS6P0tT7Eo~YX)8`mChBe zqZmElP5OLLl3;TEJ`vn2FFNt;d9=`}NXvg?oL z!=eOWxyX`qQ?8ifCGV4C@q~RcML|_p_0FfgWsg^1>UHHH%iw2JxYweB_tZm6mcpQH zcy}!15kGa}7Y(wEZ>BfV;@WLtYpH)v6UO0O{7hWu9W!2gF zGidqH{^T-`{#^UgG%P#wR;&3~y0^zNzt*ivy#FuW)dUg@2nGZLf&syR zU_dY+7!V8y1_T3w0l~oG%0NN?v%T!^hwC+p>k81A+m;fM7r{AQ%t~2nGZLf&syRVBoN2z?}e~D&91J2wWtU zq)0^94RwUHMXi)z_5WYkAK0(i&)5&yci7k2m)Pgor`Szw1#4r?Y!;i$PGE61ko9Jo z^PaQEdEI&0dEVLTJn1~@Jm{= z8~T^@&*`7gFVWld`TA^ql3u5e(kt{nx~BbE`ow6AGj)IOtqOuI^3u3f0j z(WYo)wJ}r+f`WN;0>MzwFtKU`cQ`f1tsH@c#YJ+;FI#nH`R#OEmK{37RsYWMQZ2%9Mk{l%pXefOAP-1u#p`dmBR-plUZE2K# zB@Z2`-{fMyC?oVw^MGOcJsc0wzshl?{%wvc^dE9OSbyHdenJEF9Xw!wzMJEI`a2x= zH7Lh@jNTmgHU@KCW{l+6F={xrj0qeY#!QYi<2;V3vB<@KffOUl1Bl^Wz8@eNYYG9< zdxm%UUVyaM;MXs`WAN*j-ZuF4OK%zc`lUU_&v`;`8o%ZE4dYK7?>4;4_cPdK^6Qsg zH~IBTubTY&rB_UT{nAd8U%#}&{sqU*Y%}(;EQ1G`E_(|4UDsy#Gs2nY{l?TTI^nrOhVq|I(8d z@Bh*h7UStZZXLz(CTlpyk6B5MAGJ>A_z~-LjyGCobNsN?#PLH`JI4=NmvX$px|ZVy ztWR)!pY=J8@3p?f@p|h~7yIPiZEfZOcUjMJe5bXY<8{`n9N%H>;rMnNQt`)i={DPT zv7hK#yFU-O)gH?6Ewhrb7O#}JD&{DY0l>YbgFZIfTlQK3(zFz+X0&3{2)N5I6n>0 zNzShVG|u^bfW|t14p5!*j{w!MNPtqz4p4%X2Pnpl3D6ie3XoSdqgYMg9LY`z&uEb_7Ucy8=XEslVT}6t{i3e*}Q}|7soR|AfTeWPf76W4~lSVc%!p zVqaxnWS?c9VAr!NSQlH$8rj)w2Ajz0+3{>BJBsyUs`F3hug+`EZ=9byKXSh7e8c&& z^9ASA&c~dqolBjIokh+C&Y8|M=VYhaInFu8DR*oqV*kVbv;BMfSN2csAK2fvzh>WW zf6o3SDB|$n0Y=#sb{|`__F8XPJFOS2t=1FPM(aLnopp<~+FD_?SQlAyty8UWR?He= z^|LHXGWVFTn%m81&CTYc<_7aFbFF!uxytM?o6U2~>ER>9^>s z^%eR;{XBi9K0&Y1N9u$1-a6IZ(ROP)wCA;_wa2xGwR^QYw41eVZ5e3#&|e5NLw!$u zQ+-8!QGG^zQhh{yK)qAFRlP>NL~Tyn84CCS*NJRo@3KLc>9^qw0f_wNCdIKEMx&GGf>e2%YG7jt~I zn&bE?^-7NOYM_50%`4Q~x&JbCJ;#@-4{^Lw-Nf;7^(l_K)NLGR)t5QGSlz{OyZScA zt(wB|QvVMC(Fl|wQ_%l_7ZvnB;B-O%18yqlf543e{SUaIp#K41P|*K?&(}J5Ugv77 zI6hmuj^laST8_`u?&A0iZ3D-%G*19{<(#1f&;OAA>00po4|tjuJpTipss+#gfG2Cg z^FQE;Iy~^Z&;NkO>lVi+>-{)BQ6Iwb33`mou3hv^S;JVbwt<4S!C#})c>91qrC;&`C`I>!U_w>a)+ z5RUsA4#$0r0UY->hH+eGcml{Pr(*>A2g+|5f&Kw(7=iu)tQmp+0ZffR{{U8uK>q+H zMxcKHOUA8*yx^|@cXGVfc!1+~j7KoJb+wzhD5m-QUScUmuTyv}-^<2$UkIKJH`9N%U;9Iv$paD1yhjN{-B0B-x2xc&#s z^*>;){{eIT518wJz+C?W=K3G-mG&*3GLz)X?K=Xr%3dF!OY8>&w8DNgK+EhW1C+D3 z2B_11K0qDz%K>V$Uk^}=y(d6R?Dqn+*wF&C(CHnZW@li47C6HKbdeJa(1p&}0L^zM z1?W6yW`NFd&I!<2&Vm5Vby@;6$5|Gj+0K;#n(5pSpy|%q0G;OC8K6_0`vNq@c{o6m zoJ|3m;A{!dDbBM2I>~u4K;xX90UGP<4p5!*c7SRa2~dhz0ZOpG0gADT0F7ZI12l@I z0yL7H6rd68)Bp`*a{@Gk%@0r|TNt1U))An=?2-TtWUB)-fZZIRe(d%D^<{Sls1Mr^ zpx*3}0F|*P0_3o#17xvn0W#Q20n*s30iy7AKUe!pGH8Fv)BbQ5g#U#87yADL`g_A+ zq5joTAFTSP)_-69E0=p+|3h#P`u{^v3A_kG|8pvO1VaCN3Q*{O|8ECE{|o)^wFH<0 zFo$bJq5pkOg#Pz=5c*%}f1&@y`+skRfO!9Z=*Hk^#=W&{ zJ=E@R!x9|pO_=BZy!Djzn6<&W6K45$TRCf?b&ho!%<&&%Ram_(#e559_`hgwH6J%0 zGVg}@{nwZ)%q8Z0b0*C0Prz#bzNTip19SUdGM+V_G&UOd!khgYj8#UPagi|x=JnSY zBa8utrN0NW`giEt^ey_M`U5bh|7QJ4y;E=2&(crT$HIF5!Friav_0A@+6yqBf0Op0 zc9(Xmwi;&hFV@b}rfaoYm3EY7tN()4{=ZXyuKqy%rurrIv+BpxyqZe=cv^#paa zdbHY0jnKc*KhR&&AJK2quh7raPtdFBa+;y%(;4(+8mGt7BdHqwNA!=;Uq^ou{ciMY z(RTIMIS#E*eM|J>L#xCe?$W~GtU?Lhm4}LaQ}i)p-57le zS=UFON7l8`oyfX6`X;ijf~n8NH1pI!))jOhvM!?|k##ApL)J<<1zF4KTx5081<1wL8z zvd&e9A?s{d{a@s4o;m?pXTt3NV%Qn#g~*zvwjgVUdI_>lSFc0XG+6y#Ol2y}{x4dS z)rXNaQGEhgQi~xguAPLeq^@?#ivUVEhB5MaM|1XyMWupsOFBw-MYrFArWW8v74p}c4Uq;sR#$a=z@hpflV zCS+|gFGkj5u=>AP>PO9+koAc98DwoV??=|d<~NY_kokRNJqWA+i)n5!e~YXK%s(UR zKJ%Z*x)*lGDxSCA>W{3uVfBA8>@KSsS$A3!k+se`16g-i4amCPYDLy<)}_c=Yh915 zTdhwa>lW)CWZi6i4Owff?;`64>nF&%&iXa7uCe}ztku>(kkxIg$hy)#!k@qapGd#l zKAPiI_Hi6vV%KuK!k)U%_#UeIv(9>|p-~ zh`-nl_J07p5LW+t%as5(+rj=1fEU=o{ttjJvVX?oTxkD>+IIeTP$8nAG6OL1``oC~)!ubQo zG3T!wk8%FR@hE0;JQ7y_7tS5Qj^%h5JD%eq>;#T0*;I}z*qIy;hUNc-bOy4e91md2 zIqt`<;k+J?KGS>e@?x+0;rP5b>7g<>U6B+A&B4hneWUT*T(L2)ru`SpO3V>wh9){ZAyU|A~b4KasHhhn@0}{wLB4#+T6*J#Tyq zSy=xQ3G06%Vf{}etpACG^*@1~^NRYPz}|U9{ZC-`yrTXmuzy}r{}T!8ep z^gk@TNBSR@-Xr}Fi|>*CcbDH6^}o9S|A>NKB1r!er2h%h{{-oOg7iN@`kx^EPmum6 zNdFV0{|VCn1nGZ*^gluRpCJ8Dkp3q~{}ZJD3DW-r>3@RsKSBDRApK8}{wGNP6QutM z(*FeMe}eQsLHeH{{ZEkoCrJMjr2h%h{{-oOg7iN@`kx^EPmum6NdFV0{|VCn1nGZ* z^gluRpHwog{|VCn1nGZ*^gluRpCJ8Dkp3q~{}ZJD3DW-r>3@RsKSBDRApK8}{wJRP zC+^OFLjQkwX8;@)>i?d@31ML;9bF^gj*he;U&NG^GD&NdME2{-+`RPeb~jhV(xT>33WBpG<`k#jMKMm=B8q)tXr2nae^*;^ie;U&NG^GD&NdME2{-+`RPeb~jhV(xT z>31ML;9bF^gj*h ze;U&NG^GD&NdME2{-+`RPbIAXsf6`E4e5Ux(*HE1|7l47(~$nBA^lH7`k#jMKMm=B z8q)tXr2lD1|I?8Ery>1MC9MCcg!MlS>33@p!KSlbVBK=R1{-;R)Q>6bX(*G3ce~R=!Mf#s2 z{ZEnpr%3-(r2i?>{}kzeiu6B4`kx~GPm%toNdHr$|0&Y{6zPA8^gl)VpCbKFk^ZMh z|5K#@DboKG>3@p!KSlbVBK=R1{-;R)Q>6bX(*G3ce~R=!Mf#s2{ZEnpr%3-(r2i?> z{}kzeiu6B4`kx~GPm%toNdHr$|7j2J|KXzm5%#*o-e7-&AMu}HKrkQ}5DW+g1OtKr z!GK^uFd!HZ35`u|T7`@8!Ez(e{1Md1Ylf&syR zU_dY+7!V8y1_T3w0l|P^KrkQ}a2Ze{y8Hba1_YVMy;Y^i|fL$WkHnxH_veVc= z=LzQ*&i&4F*HdQkHaf+kbSLof#}@|Iz&?=oAbH1_T3w0l|P^KrkQ}5DW+g z1OtMB4>1FM6?wEgXj(Sgm7ds@&9%2q$)sDF2YK%PrSAToyI-lhpXWZZ)O{q2y89=1 zfk&4H9__gYm%0ag?g6Fl0iL^8sk@iwE-Q7Hd2XlF?Raih>SmsMV5xf`?7&yvL&bTq zjndeL=RT^`eU#_cO5K|0R!iNg=cc7@%Kj*g>7gY1ae0Z9mnKr~xk;(pmHS8TlaK)( z%63TXFYI0R7W)I+!FKHvNjL-pf&syRU_dY+7!V8y1_T3w0l|P^KrkQ}_>eQ8L?oHH z2giNsZ@GxN2irXuA^pG0{|mr}{DMUB1OtKr!GK^uFd!HZ3Nm0LdB&B1_T3w0l|P^KrkQ}5DW+g1OtKr!GK_(2L^=x?|~HI5)23i1OtKr z!GK^uFd!HZ31IP4*}D zJN6Qo;y=NFU_dY+7!V8y1_T3w0l|P^KrkQ}5DW+g4jBgAE&f$+$A2htRC1Bx9wP36 zL?V)Iu)XkkfWN!%|KB`hE=v?tFd!HZ3+jZU)~~D|Ti>z1YJI`_q;;*e(pqX=V9m0|TS;rERc`6#yXK$F-n zSC3N%sZ5pWU+M4ZFX#{Hx9FGY=jg}jRkVvPqUX}n>524sdJH{+Mx%d^z83ve^vBWf zM87KjeOMSM_9TG>10Mn!yYWX)A)B5RI1A6c{2 zCCHkou0Ymw^%`WIrmjWSsp{Rxnxa00tV!zQ$eN&TMb;_mi^w`jeHB^b)VGi|R#T8w zr}aiwjaGrIlr{!g32hv*V%llQ8l#OP_))L!XN* zO<#a4s&^nu(Jx09(bphL((fo*(tG-S$l9wvf~mOZ|ZxI z^@d>}Yq!x4S-Xs3$a>vKA?sCR0vfSX`PC!b=FzPy2ENl*6mg&vTn1kMAlmC zW@O!JtwYu=)&t18*?JUNYpgBEy209ptm~{D$hyXQ16ixB_mI_XTgbZ7?kB;->S#ok z>E-qij#t?+jxVvtalFDlmE&dhT#j@0MI3k9EgW~)D>!bmS99EA-@@?{dmYD%?fW=h zXm8}W*?xlK1@=~sFS1|Y_(FRp$MfwsI6lwb%kepm#_?HBACBib6&%lTMsYmbspEL2 zGl}Er&TNiPbLMk=s}AIPS~Va@>dA#c^-8f#WjvD8~-l%&`UU=nH8YY&*xAyS0DNo+*2W zW5sLX5%=j)l5F_H040MY_AYyi{e|sfe}KON{F=SMeg8$f380Xe??fQU#~CIoAlZGiTX&rTvxQeXfJ6$(jJAs9o(v2p|xn|YE!hN zR-xJIJL(_QZR&T`2jMRU*Qs6V0(F);POVb=suB7I{WX1>euJ)uzY|R<ti+XnzHUFa@AF*s==jTSE?qSD(jALS1ewas7=Ppx=F~D zOhPQ#cg5-x@dV_NN|tp?$Q4V~RmaNmR|KxwWGtS5w5rSUmxo=k+Oqs*1y`av9#7O( zC(H7y0#|jSE>@pRr0UD^mtt3SXNcEzic;OZ>8;`OQ8 zYAF51o+|~{2ZW{KDTvikaK-Auos2Vl50@?$tn*rE1FZ>A)3>L0Zt{fWl_(f=f@vlR$Kn?{Y6X4pke2SPKGI zZK6I_8-oid%QqHWa8^8CQw=9xgj}&yA_=h?xXW#;)k!Gog@LOkmH>i0*9Czq5wC>{ zf<{)BpU+*;5KK z%l%p06_3}YYGdG<7r5eaw|CSepdROXF1JrXdq~wo=gXg2Z~q1hjy%{4C!ET`C4m&TA$!0~d7kcugwi_OuxV7x0oucr`RV)#LsX|dx+?9lm?2U!Vu*VY-^Rpbt7v5*S_%JRn-T+lm`v6S1b#&A~(x@g=T???MCpr$?! zUEVF~sK5pN0$O3c+a`_+Trg_HYhg%+v_>Kqj2!M|R|PI;OTb?u4&@pVxZDO_pM=4$ zEI&NtO1b0LFxTaFDQGzm(;a<>a+h0(S~vM2+yw&+xPXacu?q$TxS-0AtJ)ngk14pI z;E7bqja3o2pcg|2hatW!e{{hGthzTHxW>T+7Yws7ez`;s3S2Q5x@wX&E)xR_E+8-t zcNpO7sIbeu84d`!YTT;rA9lqdt$ra_wM$`n$dyV#T7APVca%FaOY%!Lv+Ro?#c<=Ac|o$W`Y)V%Q;9t$XjV!Y+6k%9|lqjeAEn zLau7JTzbfraw*h8uB6*c)Q}50X<6QT{(|-ub89FGJ-jUMJ%4c*3{Pcw@A<3fa@(r+ z{KZ`{x8-=xUj=UdR(G^ParG15b>QntO}z9=yO)4No92u0z#$&s{|i-0{4} zF64=qc~4#7aqr47l)?DzJ#@Jq_n9>gkEvxjpIq=HVUTny-FxKn;y_=5J3*?`V)rK%UF7~GqYK@iL^SRG#G}pbPfTed zz3S_g1#qlW8sS*0Tm;7&r2&rB%7t)DDHp&osmzCCLOCCfapgQX#*}kOuey5W95~h~ zXTz~pISY<8$~-t$D|6wPQqF{9QketCgmMNP**)8Sa7 zoDRoo*JloR0?SH{6Hrkp@}Ro5$H;aI2C!?9MWgJX?S3&(1u297DE8jeXN1;>Pv zgkxMuz%i!8Nv~AB5`$x%ay%Ssl`(LvQAWeDS{Vh$lyV##lgdaqCX^~T#+4Cpj48uO zuVlS4432fmP&n2qL*Q7W91F*4r4o)Q1DaD3kQnBEeP)s<+6$6g32u$j)k7$I|MO4CSBb2b3NR+VZh(cH@5+N)ZA%rDB z0J6BDY>>7n>;Kp9{}pSGwbR-L+I*w6-dby|wsKapHP@O1>U@aR$5PBa=1y~)x!K%k zt~b}3tIZrJ^tt9FGi44j`^k#joK1omML-anN*7s;TwQbsFZKJkcTdS?sa$2)CSDU1zv>{p_ zO;Pu#J3+H=RyV5a)wSwsHK#VKbJa;|N*$v1Q5Cv}?xfr3X1WoS`&zo1=4dmWODEA3 z9YXt1CAufNGrBFhIl3{rKDsu#8uWW}bZ&G~G!-2Z?Gsg$J<3jHo3dHisH_+NJ~RxZ z6!fp~XOWNkubETp{+k@AFkHzu$!nBNlIG^?**D5JC|i+zy?mXr9og5)*C@M?eYLz= z*^BI}?kS~vpLiT0ys^~amUn*Y`osR64@`~tuWG|POMO%>FCFi26 zke!t~qic|TvD^_|hwOH_ExG~Ot#V6r6S9}eOQKtmoskzuw#qtlUnu6z!ikL~ev{=%bT6_e z$`e!z+2iF?)Pcx8Sw2Y}h3pgMaq2i^pCFG_rz5*wu7kJ##r$gJ8np%4)pAN*h3ur9 zP}d+kF2~e$$Ua^kqi#U#ry`y1GMSL?kD%t<|DhW+*fNsb|1NqwhGz3<=)yF zWS7Zh+B#%AvZHN4wk2EICS)73p>0LBCTrSuWK)@HyO6EOinbToL?*h0Y)O{j?LWUh z={z%WWOW5qfbZn+tS)t zza+h6j6(KyX}d8F*)K{j8q<;eg7kthAKA}K&l@es-X?7`Rw4U2={aK!vY(ZnHP#{f z8R;2g1G2YDTa8V~ep-6k*oy3@q^FGS$lfAtF?Jz)v$WaRi|i+*Cru04Pe@Og1Cjl> z^td?+*_)(I<~U?OCOu|ONA{!Aqvm{MKO#M1wjg_>w9#CJ?1!a?%{9n=NP5UzhwKNX z2h9!0-XLv&xBtcZdq8@?+=}e`r2EY6$i7#)*W88d_0oECFS75J?zSvs-zD8;4Mg^x z(w){QWUrIfS>up>hjfQE9oe@_w_Ed(eVcTf)q?D`(pqa3vTv1cwbmf}7U>pi9kOqh zZniccdyTZl+Jx*Iq#LZQ$i7ax&f1RbYou$eUC3T7t+w_eyIXSK{ulYYQbO{= z{{JHM{{KSs{(nAt|9>8O|9=j8|9=*G|34SK|DS{2|IbG6|7W82|I^X?|I^U>|5MTX z|0(GG|0MMOe*${{e+qj4e-e8CKMuYBAB*1q*P-|SHR%0+3cdeNp!feV^!|SgdjCHP zz5gGH-v5t4@BfFP_y0rC`~OPx{=Wjf{~wIr{|`j({|BJ=|NYSW|Gwz`e;@Szzc+gS zUxwcQJLvtth2H-g=>5O8pZEWY_x>Ng{pY>^H{1v6G6~-QyFmOW7!V8y1_T3w0l|P^ zKrkQ}5DW+g1OtKr!NB3jfYASkW37s75)23i1OtKr!GK^uFd!HZ3~3}*d!0Q7-vBs`O@J>0JOKLxPJk1{e}VzQfM7r{AQ%t~2nGZL zf&syRU_dY+82CsrpenK~52Ay--+^?X|EnD3{q|SNz2AOHU+=eEInw(*Qt9pg(j&az zUP_twTc$AYmnn|->nOJO+m8XkYrfA-;s;J&CRoor_VO@Xm zKhHlv>F50tg+K`G|L^`pnEOdU`EuCz|C=5xo+OZ9KrkQ}5DW+g1OtKr!GK^uFd!HZ z3c^()#<<@^OC{RG{QnQG5=F{_0l|P^KrkQ}5DW+g1OtKr z!GK^uFd!KCurT22e}!Ew!L0u8vGoANe}VzQfM7r{AQ%t~2nGZLf&syRU_dY+7!VA6 zFbw$b=;QUHV|AkwH5Ku?vDNXhso0phx>Ri{u9OBtSaNKOsrHc82fk82 zL-}6h-N<4xvhYuCm)`ndET%swYWcCp%GaHoYh2KhZp`Hxn-;gG+j3b1>BKpc z$IqQyF?alg>60reQAlOQh{{ZJWksefmtK_ate81#ZpF-b)2CO=o-=L6_&MiRoId&7 zQ5BUvub%2vPE&iUS2Km*Bf`~Ea36G?c&VkE8*(c<(v=m< z8ata7H+GIl#;PhNO`bA--t@T@!-w-4^=h$j2Cni#+!&79*p*w{-r4ZJ@tWG9;k4x{ zD{|=-Ii9WCg53N%p*=$R+S@8CngQi9t!bP|SBLA}Pk2?Hb&pod&p4Lkt21rQ=@s6g z0kvI7x1l+cUD~iP(~@p$Y{iXV`c}a0w3(A8pHor!{wG&f%$m7R*9awFS(TsEJxVR_ zf+AhI|021RG-le;E_)4)ZOsiuhg(tT0;G)xQOM%iJto&AyrCq2 zA}U*Jx^)2zQJw8j*E5P_q0*y0l?%t%_k6!#IF47QP#%?4tR=GP zpl+leR3s?C2_ID2AEk8VzkQUhR$MDEke9j#z#~L|IrIpzpuMrP*&9z<8nd~E)^s-8 zxX2xb{D8KeMw0!W;}0T!useK|Bw1P2(A{4xKOTw@@dmaap^nb>B`{d?Oecji-6vLQ zHpTNRtGZWp_fyOJ_m{6e(|dyVPxg-!gLDH?>O9_hEM5J59;` z@*wVA9qrkSe{(D7yOJAVuDv7El!YhMF83L}G*alk8`R~&MJ}zXeUc7tt{sh??gPaB zo`$NRp{@O}bvLyB|1z=u|HD>0qCA2D!GK^uFd!HZ3w9UciyxXI7981?FZ~F?8oNaY?V35e3pIH{Jr(6nP!Wv71mSMM*AXbJ=?*? z3i<^Df&syRU_dY+7!V8y1_T2KWS~!Ew7jUZaam)ov9qB$y|A&XC092fQZF~Px3*?- z4P710jk$Eg()7yZ?VZipS`^gMz9^SzO*f?58W*&rn`;I}PAr_&)Y+cRHgt5hFG)A$ z8amSptIH$FLLitty;L~8Y{SC#&eq0UF4MLsSrM5mccweqvzc6b=gJ1iuAw=T?PzHP zoPn|>j))v5XIEw$8apzDLd5$;s^!M6T>HXwu4!>Y)8fXqMd@rhmyNN=v2sw-hHO*o z@kd2YkULts7G>I?e9f(ywseD=^n&*GrDJ+UhRaK`?QI=}WJkL+b*8g9oY$zz$TT^d zzPKyhmdiA@@XO6KyN-pKbZ7QB_Zk9L3*p&@TxVm`(sXA-ra3#(C2gMwt?kWSE$M8P zTgH6?JGvIMWST}C8982VOD}K8S`@)9h>GaZy z;gK_C2y99hT2n&{)InF{qO_Z)TZ@a*&6&2NM?~fwC|+Y*d)vy^_O9$;x9kNH3P}yJ zB7@|vOhayQx-~s;P~>Delg)Oep&P;A)KbPlFh)YVg+^v*Fjcqwd3#ujSx6{6E z+xOCj3R%(74rF=l_eeK+xXcFVSxce8d;B#tH?GX~aj&_wG)K4>Qs@BLt_4Bw%KF95 z_8uK+;5_-~`W53T!G&Q&X`^9HoP^fQ1L2`}RrCG9 z+O6UisbDm;ceo^GBW01H^73>GlrrrVg;NCy7XyUL#-Ym#28>*L2ax=UeBX=!h2Y;mW}kMU3<7Ox*2s~(-G zt4PGg#!_Pwi81k1s=g-fht!WwBrD=|V-q!FW63dfb;(2`Iakpn`2;sfwXv@q13V z21;BJPmE30k4>e<)FzXuWc@w~$Lhu;Ymznb6c9h_AjvWRNnO`waFur6A*FUZGQCHEY zqxVMR%H5GiBFB+#={o5;{qOp2tM7mKTJu(SMEwt^d8j0pZ^&P!mS2`6-TgCd&FK~1 zp`o)KHdSe8g+E8Z79@cM`(e0l*o&p1v8_222)-W9kiI%`&gAiPCs)jyIqi&jlPjjp zoHY5Iipu|M4wV(NW>!@8kWXdB2+s|rs2o*MiA(Les+=E66$h%0{Lt>+YWW4D<@^jp zfxr8PyQRk>*vJIffa~|S{&08HXor+bV=N6WH*}q)k@ii-zpm1F?nQ;OtE|ea-M!TE ziBQnv{DOKrxu7Bzwh`L5Y`sd#w*NEtUz}p zDdXo&pIZ^*CqYDa3zN!=jh!QEVpSD|Xv2r&cqI()lc-yUs=V24s^v3=ll*AZ zK7yTBpulag1B%-?x^jzQ+n!8wC`7udgn74F|>aOV4)$-xP<*Tmn>N}K3$Vi53Iuv%W)g0u? ztE12ypk_JC#l}*oTDP(whP&HMWrcg>l^%q+8+Ez0RcsmYSR#en2AuA1S~tGxpO?8iJF(_EO9UbHt-aH;1duOET1O zcvQCm6;s={DtSbge-yDQ-=|wu%g5Ks`4jhPOZ=pU%|mL!CG7DsytCh@NTCzm z5&J5+n?f6}m9IW#pVr2651myYwtD}qkDqvutuT~+PlFRQmO}sdzqM3oUX7I%3tHM2 z^w3fZJ318`YfVW@{h*t((H(_hZ)kYf3-+f>%URiKQY=@29ydCbm5NU0=Y50v7 z$8g(h@m#-w;BdE+PQ>b9sYB)bF{pFlGrV5lZqk-%#_r1wrX=3xZf+gBj~MuD zugCa_!cEV8PAs1VWr!c341CwDa5+{TOgYfGJ(mSXsJghDKreyf_;&(a?qG+ua1q9a zi_l~Ip0oAu*KXHb-Yu);CqSM@c@%`wDBhm2yZ!*V7SHH8Uld+-)v4W*T0V5Be9f8O zpn&thxHiZyc+|i_2ifycu03^Z-dIYXR$xHjMDY_#?oNx_yE@?pw6LYUF^6v}@7I}w zTNti?o<-pf1o>w>-0k@a_b!}4ZYAv5w(ngF&dIex=Uv=$kh@V~k0GdU_IR5_x0!vz ztMaq+SGaXax?u=(A0J!2&HlWt05O)n7OqSjR$7_pQL$qDyt%Wc&4hDjOr8l(lEKrY zTR%ZYJv?hdsJDY=k2iM+Y+ta%eH1FN4j$M5G7FC?{=-HUe8#@^Kr%yw^~iu>JS=UY z9YbK{|8Cd=a69`MdzyWhJ<7hq?q#24YuSygo2_IWY!SPV&12KqL^hVi*$8$t>&tAW zIPW@dI-T9bvjdPikbCx;_oO7Mo&Q#|lr`j3i9P12l zdO4c?FZ(U~PxemxSN3!E5ADb8`|MloRrW%AwmsG!VmsE`)(&f{^@w$sb%T|&F0@Xy z64pSAns1mdnw!lB&D%j1w3ug^ru2aw^b_=$K2#r| zGhNaCq3zawr@f&4SbI|YhPFZbymp&*qjsg%r7h7Kw7J?e?IbO!jnD>Zy){+ctNulO zMg5iftonWRG4(6zdiB%l&FWR^3bj>Tpq{NxSI4V0>Tzm?dZcR5f6+bkHTn|$8GVX= zn?6jxNY~Mi(`)FZwBtYbug5AEPQid+Krry%WKTuJ1W0bEYxa#sMe zM9v2AVj^E0z;+_H2e6gMtpQw0XAyZ;0A~<+MgUJI^63Gb zM&xM$oJ!=W0h~xo<+z*-{L2C$mQ z)d5TrIT^q>k>de8p2)`sa1@b81#l#hM+R^Nkw*k@7?Fnsa0roy1hA6Gl>w|Eazy|K z6M1j|2NHQ;00$6xKmhv@xnBVL61i^x`w+QL0DBX;cL2+XToyow$W8z)B3l78h-?H< zBeE7iN@N;9g~&<(36V(vB_ao%L3)o!@A+P7FOl{J@Esz(6Tr8L^mYK>BGOv{+(V>2 z0eq84ZwBxUBE1p7-9*|Qz+FVz6~Nbt^m+haCDN+_e1%A_1aK#jb_Q?|Wg@*C zz?X>hQUJFTX?p-)B+`oke1S+W1n_wxJs-erMA{a>=ZN%N0G}n&vjKdDNY4atE0MMa z@M$7F9l)oE^ps&dC3%xp3uB42g-BZrS>c0aWSI|gBW^(&2+P(&mE}(&B?9 zWQh+Jlf^z*NEZ5_nKb)g0a@UKi^xSjxR6}vgZX5>56&a!`QRLKjt|ZvXZc_*nd^f& zWR4GJli5C)NoM+BI+^Z+)5vK)IF+30gDGT+4b^A z3R2;N!DO%x29kk37(fR2pdabygTAD%5BiWkKIlz)`=E@J`M@EL4=iH&z#xVXG@|){ z66ynmC_adgh{4{GBJ33j_Wt`T{D}Vq1A+m;fM7r{AQ%t~2nGZLf&syRU_dY+7&v4Z zpbGqPNL8YWuFDb6pad=kz6oH%k1dx;$Ur$v{} zIXuv`riGan_!cUfQ(by8d^pzq5-k*@r-`@T_eK2=ee(G;r70}Tv}Ll3(=fpXJ}ldk zZfxTbLNmJy^Nt!}j&D!Xa|`p1dJL~x*6lW;L2@21b|_4}awib->BZa`@Ew}e&jaxp z{tUK4kXs`>F_=17+kL!R-VQmpqp5?1$lhc~e{wQRr3@BW1cB~q1E{t_)C=FQJjK&` zOlRLx;uGBU6Ghu=F7B+yvF@x#l0P059X_Mmn)bf^+UCt>4l;93!9mg^J(U;7aIYPm z?3WKm2--H3EGUoOUGL6Il|$3<@fmKC#W{R9-%&ykM6=E3f>#>L_`=&N;_*D z&$dHM6{gLVrc?MdaB*VYJ~7J%IQ}4ymLci zbF=$_Tz?f$Fwm8RNE>==8~Z&yXdB^hw=N6gXjONryGAWP?l`h~kl!}KaZB_6Oi2?7 z$3DnbQplXsjpjZEByb9GO&xTjXlsWLcCUP&dM^ypg?Xs%99*1RVUX@IyeiMStJU%| zV1-K(4LD6*S=hy>0X`Pq0$)H54;rDcl|9vCC`QTI!H|g4FCBBP&UUA~1^n`g@x}~!R=<>2i0OUcS&HvUkQSr ziQMPChAd3*Z}M+6=&=R|rF$BnaD*PmCmdm);i;}W?mdOvko4*a$HiC+R|XC`NdEtC zW7GZ@V7fc!@j)cCP%~(u?z(_|tAam-G_`lN6%#0J-i=LOIIN1yW|y~jLURe0gz|{q zaJ8T@n{H@^C4GejqlxP3;##XhUb$RnLreRj42oC!3=~2_cJ-xka|8)Z^^58+C z0pvgrgDvVxuKpMM{~h$72Sh}{fM7r{AQ%t~2nGZLf&syRU_dY+7!V8`k_?Fb{}0J( z6NMHG2nGZLf&syRU_dY+7!V8y1_T3w0l~n(#emTN{}x>$vS2_kAQ%t~2nGZLf&syR zU_dY+7!V8y1`bIE3i_Y@jEwpVG?Ib?Q*Mk)9k~A5BDFja)!pBMtHnh`L<+qITy2 zl5Xps3cHr{m-D^Q{z2ZCIg20aKEUZ8L{NT3_iT4pKl!Su-VPnD>DC4CA?e_!e|TSx zzo_@QyZ}?Mu>4Is64nz6nMsVvl<_6_N~guJE>|@^*sCz}M%!4`%Lv zABn0Jc+qV=Y;qbNI8PF=BAh=Z)vU3X(RAj*= zUHyI~;5F}lwYYGaOF$u@DzA1=htKuGwu2Kr?hBFjbI~KiIqoO+`(7$+gA$zTk?L>T z*FB~CbhUiYAbE9z*8>WP7k)72F5e32=URTcAS24K;Bb`CvD+DNxEcR_ifk z=o9%du}_@$ZR zAQ-YHyX4CIAvf3A*tFF9;JROw+<|i~Mla12g;eDu-IHLzhD`B*UA)$XnH4Zl!|p;^ zcTdOy$JqmCU3yY!0rm;6x~zMmT0RX*F|@~a1sh6b7PYy1v$pdxbRM`2;ZsUWP!b9? zKH)$$4!7O(qV~>WjbD7=%u)Q(oN*Ae?C}SBbjs!$b6r_}#T^IEl*ca3vKUa+(0z(p zemw9T@p;Z>Vaq|Zd#hjZ{Yo+_jrIT7`w{>-it6v4vybT`2_Xp~36qeJY{+c7d+s$H zIY}TFIUs?BWsaWRNoHr3nb};N8IpiWKtv=P1VlsyJ_JMrL`0NBL_{tT5fBg&5drxF zBBFk;t9p96W@nEasL{^AzIv~!>-g1O^{T2q0L#UrP22L7W9X5G9OAebUt))S#D7N` z{u-SQ77nt@u@qXfQ?T4ZXNf{1>r!`8ACH+AdYOZ<$&;;D*7biuA2fpLZn(M(3Io0k z+4RL2s9E#Yj77EQGThWM!*pRuMqRlyoz!_^Z8l6d7H@i0Fw;?;N3}-JbYbx(S4gd` z*8SeM!V#UkrM<58w{?Lvyoa>T4Zu?@_XBadkk{JKMaTn0NGriLsE||XwhkEk!qsb; zTp>}e&#_vsYo@<0Le-A2FMGXr?8{E?GW)WFOEe)D^)bi*x5A}zg%YHKxV+UGNBsiV zqv3YMCg*0QzVU?1DD@V^xF509hW$eI&a|SgtgG$$w6+0{SWGv1uLlvvpId6b=>Sz? z(}8}8^-<8PK$Lp*D&{AsCpB(=tc%g^!NsU{ZK&Cko4%tVRrPMkri!;RgC5z`RGkl! z;gQ_I4H_xJTkC+gT3P%{mn~Q{bJ=SD33FFNGtu{Dgk*bT!L;uYDEL=PX*Lf%kyflP z$JGl^`>P&$1JuL`r%^OKbt$eDWa;bT(b7WkA#teinm81GJ+1ZmGRMW{wD4ohg z)S#RQh&|LD|H+AI6gNGAsgxRzYRN=Akw_?NGM)-0RsdzLL4o70KOe(%icN`3bBZ?Z!D8Y0*6HCVA zNIa3wD5+pvQ&cS(3x#8{oB(LW_ozUl=rxq-J|{v6@H`lc#?+V`0#8%PSUQu?;t@5X zh82)R0f>3C2D7&9?J zdU_8N2yn)OaaB#onPf5^RN`tPtt3O4gaU;v6pjMaU`U5tkdDDaXW#$7&)IH!U?X57 zU?X57U?X57U?X57U?X57U?X57U?cD!kAUFnp@ujnQ?4fIBJnlh5dJ&-V&5aaCEU}@ zMrJ5|qvuN=(J|Te2=y6C{f|$~rx(Es&aJf3BS(&OTzD!{pDq@1S_%E}ljct)P~;1&E`Pi z)l{D&-q)OLD4!6Tbh-lfAU=gRgo)4er>o(i+Hx@qI!glvT>mxjZ74(9IurRsd!vVp zYfoVUP9?1jFts;Iep9Y;B0ch`Lmit1i&B+wR76)@GBnf;$@)ebOTArV)hWw?ld7J3 z6BK26Pl|J8R^<$=-+wYHpoV&6sY)l1#ncpoqVxXMUxK%%QyuV7>i}A81D0t}g#xdN zg+#hD0S{f*t3wg_X1q$C%$6bRdX;g=*s3~I17%B6b&jo^4ti>nNbTpMhGGjk-dJ(2 zrdw*YIjvEaTOA+;H_JI7T}jPqk5trZ_Dx&3%4z6X;R|t=THRXB0Wxc?R)cJaY6)rp zpH&~WyI6Yz*Hk$pRoLp@=q2AC)>YS_vFhhBV5DAY4Q2}Q8Zde=m^d_IM#Ipj?MlEa z&{{rKNJCAoHBgaIuP22erh{{+ZGh?mr7=@z@Jcr%DVv5CDhq`Wp4zQ{;n;{3lxCw0 z_AbgYcrl>5Y?D@LrAJ2L{F1}c{umjDPLhCfX_cjRH7bi$TfH12O;o)AR)u;=K_@!2 z%BlT_0}8IykEkmK3I}P!)`z1Do3@-(IR!OX7oCS1tg4??dKg)%tKvbHXrgO1iwId# z2UPCvD0FIF&~5b2Ra6WiPrJI4xooO;mJ+Sgz&gbP=022=!6-`)q9EcHuy-{lV!YQn z%=r#@cDmeVc4+mjHZk6)Hp;cbB)y|$RG+HT!KlMGZLF-;4?H@E1CO0rsRUVBci^!q zjWsIARZG3TSaV1(&Q&|TI9lwQ)>T%)xe*B4dQzzBSog?Ou&)YR2MXH!qB>Z>3DHBY zSv75TR!*izo&X^?S=xtcAbQ9-c8##-;egLJ> zC|>VE;e1DGElf#zMYCzMzp@<8Paf*ryppIJ=nS}CHH=X=Iyh-`G^i9I2h^91oL;$j z!HFy9`WGyoGj|nq`si3h?;(AiC)FZ`ywVFtb%d|yvt_W?U0DVV2TU)>hQo|v&8-pS z2C{7Tical=UQw`EHC6Bb+mpG5?bb%XM!-hEM!-hEM!-hEM!-hEM!-hEM!-hEM&Q6g zz}Ejiu=2}}t&M<xx=~d|g>3V4^80~*H z0yY9R0yY9R0yY9R0yY9R0yY9R0yY9R0yYABg}^x1Oou8f@qio)s1d&sYY7Eg8}T;-hOl$~RojI>_rlCn}#I#pUBEt2L*$4Ku;F-ei8N{35hq=O| zake-^42#X;Wa*cpUpzz{Ci+CT@OR-u;T_=(;T7pg;d$X{;W6PM;XdIm;Wpt$;X2_< z(ocoUg^Pu4!g<05;Y?wTkP=!UA}rMJ6i|Iig0W+YK4Or-T5)U^q^Ft4;ieQ#YD2 z1^kZ(V@i;^p-vW(Rq7j9CPN(5C=`ac9HYK&k?C=XLKt7O$Ydo3vIuoODGNr`DD~Ak zSy+x!*VSZ@1T_=_cV97OiW*cQGu1eCZA}I^%i(xXp}t&`$&hRCMrEA3#+1n_#4i{D zT&}Lk08u5RmzS&RWvWblsZJJwJioGDrYO|zI$0Pn?WvQ6LNc|hUM5GVE9zuH!0Ltr(2-%CkZP_J*FtCPioVd|1PSu`A_F0Pj;5o%|h zED}t#@$x75jGC|4Jd zG8IZbRjHHddA_+$7J|5(Kg`txyN6I0WW5ZjP$SN>h`=HkR+V$BA~`CDz+EsLJExZ@ ze0DF9e3mJSC?UPV$?_&s6qcdIgoMf)>qT;SLoboC-V}xODgc!#xUMFWBOr=}L){ip z5ZYQuSlJ?inx`niP>B$!&~Sx|rYH!tQw>Gc(3v%n5`!PawaX%cHYcQn;{`$lpQ(|& zDS~RL#Gz}5cG9kc9Eu#vVH#bFX=Dwi;Vh=14orjXn5r2}6%A84E&bFvY~TA->8Fn0 z?gw9h3eEFs0Eb1xFm<_bh{*0(ZBkZ_w$tWmh_zTpmdvbm2{C*md=nC!mM?o zG(`MFd_#OjydUPJJ>nLzOKcVAiy@eK^1?^LYr+%4y}}JJw>)3S39E!Tf-H;?82)|! zW&Sb#ZvJ}yQvPhdgI~cP%TMD+@orcfc)|CG?+)L!zMbqOb|~|A<`2v-m>)9VWOg%K znKPNwm<3Fj8P5pxU+Le`PtxC~Z=}CSZ>Brx)%09ip~up!_XF=M-k*8D>;0Pd^S-UV zbA9W5UB0X@={prx8W#DEgVlz(PxT$?o9G+s8{w0DjL*USjeDQ_6Zbmz8}2#oN$yeZ z0q$PzJKU|@4cu3_E4eSgdc;=lTy8zr#bvn^*UGKr7IVjO$8vE_<&NYga$~uX+z^iC zob2D&_t`(Oud}~_6^kd?pTere_t`tyTiF}fudr9LUto8#TiNs24eXih8aBnYvMbre z>~ZX|Y#f1a|FIFU5wH=k5$Fp6JOI|G!fFskqY*ji7)!`vYCIHnjH$_BWT;P8V~#@& zSrm8}Lc&B|af~))FvwFvA($9A4zb7}92v&Aj!~uzCa?NbH!M3w)?^SHSfNm5#|VoI z)+fTM8g?9P%2XJ9hv9$OG2D>B7#I!R6^P$Krc6;Iay%3ds*Yi%OkZ<|L3(A!&^lRI zjX8$Y$v|z;A=P9sxef+Hs^SnWGJrr|MR5pKnH+|RbR-DV1qW}+K*vzWPmMTyHJKcO zX)P=jI5C?!3Bt@^AS;wLqwjZ`xT{iCK8{ENNf%w(bg%Df zmL*dknlhMnLpu@=hp7+hWvWWOPs(7yQKkORDucOp6xPAsGi0zP2@8Lq!wl;)f3C@( zQHL2mtTVl9%3zgEpS;8R?>lv}XjrA*uF3!tSnLSNklsJlWY8{!U`;7Ry=BT^4Hr6v zpc&Y=C1m)#dgbZ>G)*GL*$RIATW*w$}X^}y<5rXcLde)S|Dlrt92&}dJ z!jS20I+PXYDi!LPnoM7&f^IBEJzXbLgCXiEQzk<1e8RTvx1RDF)qZS!-pCQsr&Hl@IwmJ0fk1#OXT{+o zS~CV~#&FFTsu^Q7W4vZmWQ$o3(+E+qgrZb^$(Gt6b?YEShC|3fK(Z~X=RC#_K~zo@ z%WZmY8P3vRYhkrgISY9RsqQFr7puUg3!uLZ1tN=q0sSht)GZQFV}4a`3CS(NNOLd* zDgdE68>K~7nxn8;u0*$T4qP4=)s@FoP)#R-k)W2;G|}z5rLiQa0ZHMG>VGPDwlz4L-8n$Spt}x2_-GiV&6^q2t{9pPLCH)2d*#B$< zYy@lsYy@lsYy@lsYy@lsYy@lsYy@lsYy=K`1Q@56adfsKHTfQ^8SfQ^8SfQ^8SfQ^8SfQ^8SfQ`WaC<45jJ=C!jD-SsVgSv|; ztMC6wuSu`{k0N9z+eW}fz(&AEz(&AEz(&AEz(&AEz(&AEz((M|1%WYrB}BjfkCl$4 zq_?H#rH7^4rE8=M;RU-@AhQ422-pbN2-pbN2-pbN2-pbN2-pbN2-pbN2-pZ12#j<) zraRab*-mY4zFgdhF7$wFHCQBPddZm)Zb!gD&ncw3JK;`>*~YaSG!lF3#omM5j>!%W zy0T=cabbrC$=rm@jbtuD=0Y+jA#)COvy)j;1nF={ALyxhQu;u8(@2(0Yy@lsYy@ls zYy@lsYy@lsYy@lsYy@lsYy@ls4panuwTS=N>vA~V;z^wJ3FXr7|9j8A0kDRSZL$%t z5wH=k5wH=k5wH=k5wH=k5wH=k5wHyFbc}kKR`vb=KS{rpekJ`}dPw@7^eyQd z($&%zq|Zv{N!`*~DIuLKEs|zSacR0VNjg*-D$(NK#s3rkApS=Dh4@qPhvHr0H^r}t zyT#9mTg9`)GsSlCG;z7OKs-hai${v%#gU>Qx`e+9?+CvWel0vH{8;$D@NMBn;mg7o zg&o5ALRsh#T7{*;93du56a2z(f#E;l-{oK9pW`3n@8|E}Z{V-uFXgxJ8~7Z52ET%z z&(Gjxej-1L=XuKazV8j+3%)0O5Bl!*-R!&8ce(E(-`Tz{U)s0Ix6pU2FXWrz8{-?| zb8{bYZ*ebk&v1`$_j0#!*K|qhF_=ryr+(MBho@L|;Q+MsK4x(Rn&apF|%|A5E+O zCBJF(f5p$sf4V>Sx&Qj#fX%|c$box1<%Ro4rns;97X@es(+>jNz3!X(vHqX8g02!u ztH(t-9T(GcO!E$UscHT!-D;XIq&rOWR=RAOFQCsi&70|+rujU&$26ZqUvHYvqHiOmm7k z)-)%Wg{HZUS!J3}W74MiRHn-`uV&6R%_lP#ndX(u<)(Q#bFFDUk-6D4FJbOB&5M`^ zP4fxN6Q+3q^MYwUj(Nj0&t={>&9hm`G|yyt(|im&$}}IvPBhJ*VP(@CXJ?q^C_CRY zhuIaTImn)2niV!@ny0hpQhc=%p;9!BMeQFlPi3z#T~1-IGtEb^x0vRM>^-J=0{gIO z_Onl!=5g#xrg;qerfD9{erTFUaZb}bf)h>iaBj3|9>yJEnulL1)Sruh@@Ce!>ecc*Foi2IRg{*ZgzG{4V1 zZ<^oZUN_C}a_^bux4D0q=C^#DX@1i;!Zg3(n_!w>_cfd5*L*Fe`BmRM)BLh;nQ4B> zce-hQ!MDaVKkr*-nxFGkO!Kq8OHA`KzAH`hQ@*d8<|ll&o94%T_nGF$e2<#uM}5zl z=0|+5n&yXnZ=2=^eIJ|VAMsw(d_O0&CfE;ck+u(^Bw#t zrulY0W14T{i>CP&{#?_1Gr!$5-^5>Gns4B*GtFP;Z!yi+^Y@tM>-dLF^R@g_ruiEF zCDVKr|E6ialK;>&_XtkYe1#yI=F5fAruj1A2-AG2pql1OgriOKPT_ddyj?iSG+!hn zP4hM(Z<@CVn@n>>*k+o~7cQkdl)fi>u5hJcI$OBjFl`cUF-#kTyA9Ji;YWt4EIekI zio&yosY`g-Fy)0e4O32d-!QEa{$ZFpM8+^>#9@XhEsilvN%087bcQG!rqjh1!_+Fy zF-)h3iw)B%ag|{@NlY516=KdXEfd!nrlsQfhH0_5-7qZ_FE>obi`N*Y`QiZkVQLZIHcT<`Bf}JtoQ5eR@rFs2Mi?ep@*AdR zX{uqGCWQ>sROx8LG)0M~5@q)motjI_ltjg~GkOrxY8 z!!$y=&M*y^ZZ=HAq&p4M5b1uyBubAOCSH2RFmcjLhKZ5hFic+QFNVpD_Wz+9f?g2* zanh@B{{I0=dO*4u3G6>M0yY9R0yY9R0yY9R0yY9R0yY9R0yY9R0yYBwi3p5y&2%Vn zIi`k{U@)S}ZHex3p)*m=7V^zq8}&E;#`PU-fj^QO>YPdWLfo~m8y)k0&wHBZB=>Xf z(_AlzbA_7(KYycZne$0-@?ZClKhpW~e@3DpCMW%8#H3d&_#++P>m{@ZHuIG;>5*f{ zIyYy_iDXV&uO&MQg|($BrS6}-Z0^hzbNwr3&RRIvKcOn0;GZ%fo1Wm$=F3{UR`f4j zwqViBWvl%s%w6rDxpKvl1&iUkMROOg@Go8h|F2xQaGHNYcQH4?zb;WsbtH>WbMyFYKCNv)f7;d;ifc2u!unEMA>URmCQ@s)B79|vsk@9wE?7Kg z?kfL;e!rUFU$Pj|QT0+!NX^R$O`E-y0zGokVUEp#zG9Hq*0+_)iE?+z8i~~d#)0^* zK{QBvfMN|mG2TH!kzJc@>q@k12#c;n5w0QCV_}Mu4WnUN>j;`(8F4Tzbu4O@O&cm% zdgN?~z#OxLNN(VjiC5(%>IyN8FC~etv zTOyxsD_4_vUcUibT-SvP*{c^Sl-#YwN{Svia-?I&Y*eODlF*;S$&!R*gDgb3LVFep zfzhOzxjcEYHJdvUr4A@9U5Qc&T0JNfhVv;Qxv7s>CCOoKJLWHOIj|9p@7DZc%}) z79}z=iFBtP<9^E}Zd-d7O2wKgJ=8XoezG1^gEhLGTq57z4b5dOAyAj9ZYEEL?5Qgn zW{*~NWO&rD($%@??$WDcUB#?(gGxg+3(S}pfn?LroWuRoZPuQ$-ce^Fn`_G#%Gpdd zg@%b{+Dw-u=A}fgY`U2e3Dp2Fg6-@EETL1*w`;hV4BT=+SxOt9^poDE%|j|ldgPLT zW3y6M(b~F-T1JEJD}}oY!2ehvf{AF!J+00ENmpY(ywCS1OyZR`o z@9NarHWl)8CZm#$~vA})hOp1eSx#w zw9)g!@C%LRItLid6>{kYqq&m@44wF{K^#c?rp+TOIeO$=K;UGA!1}eB5>9h<^jZ7B zOv@rN7X5wGAO=+w^ul2dn)M#377_qHq3MEXWi37Ou)`eNj>5y8>e$$f$7He!nDRlE zeM{&A6n|@8^zHzNszQ#I`}ensME|a!gUq()HK;)Sc29bTQ78`Jh-l`gSUXRnHfORL zB)0E9)^Jwr&ebY(FMpZ@=TlVFxt8J|^7eQmUe5E9=UbkOJy{Rqe!;!Tz1Tg$^?~bh zSBJ~X@8&!CWBIYZ_k2J0eF-${=lTxeKH#3>zRqpp7IEX*57)G?!73>t|Z_Lk` zuY&&j@ys~-&-6p|ZaOD@S;~tM(c%2Eb1m_UI{W$ULo4IVQt#~9=kUe%_v{P$6l%vF zf3bRxznHvdUwq20;nD~wHK9EXMcJ{~M>$x=!7$4Bv0mrNMk}#YD|Tj~<`nYT67-AN zbua{i2}-(<&ux@5TwQ-m;p3x-!zb0wHg`sH})bjQ@5`(1AyeZ8znbV4WVg!x9J#S-pFyR=C(YL zTczrD>h_Z9wy#K-ka$9Sk<6y;XPP1O5py$urtMt=xivBOruHH-9~(bSlkX7$gPQ}e+RF- zWsQcmmN+Y*KHW(bbXToN)!a1g;J^(Ytw35#$Q$7~We01zg`_laYr;8Y2Qz?E6V0X_ zwCS{u7?=P}+2J+aHjaVCsb>JE7APIMQxhjMVKtbh?x4U)|0Abbo3{Nt(=o)d)&#j))2Np$)+cs9G$Rm!cg`R1FU=)3E|}Bemot%6 zFsj5griU8LR9C6&T8MmIiF|dB)8tGnk&J}{av~KEgw$X%kcb8oftZpErlLtDk%&h} zRCb+!J~|A4G{y{dcxBfDWOFFCIb=O7u)${Wn98pCNPZ-ik4hCfI|E=DC~Yit7V<+Y zyN*Nl2V?t@9ohDd3;mT{^JqQEmnc|#@L6Z23b|aOtE5diDXXpbFVD7jCYrbzuta?H zj8q}5`BShNQ95eE#zbds!qFUuw(nZ}i?XR=p;X9}{j;+9L~)~kd3UKRo5~itOa9pq zmF~Q;e(#@~Pj?kyC!NctTl|9ogTq@S;CMrqR)p=pd^wTh(po81%y#Khkrw|PP2U47 z`C;=<+n}Yo(aIjIfB9jB*{?4_0z&=_tOUa5eF9}_Hs9_q)uNaNC6sKw#MPGRTR1=b z3-~+A<*ri8^y%gG*)q)an*rD9i`qI8?d{ppbR4tkaaoRrlwc?-2g9*gJQ4}-!N-am zRHN~DBp6ebpd5)r!zzbY-CF$fa?qMVqL#r@Ij3*8wD?t7iA|Sd(}OZsPPCV*(M*)f zpefLt)7K*sxwg*2I!y=4h=*ZYRunnR!9Eh+YsBBe25P!HRc`ScB?)~3`xEQ3DF_ai z9za_MSjXD1&RJOIirwRI|v z6GSqNrpJJsW?;l+61fugC%aBFb8Pa;{MvkBeSR{R)7ELZ7QbF2IgXn#U9VV| za*NptwFas=6IhPgzt-tXpz%N@E|K%kTs+4Qpd)RPmY~j>nTy3x*AmUO@~f9#%SXtz zQ5l}ncbPQ8tH~)h<`ZL(tYhdzjEOO$Qvdvb)PreErbyz$SkSG`1Ui71kpvyJn)Y zaSSd9blW_=@cWnQwMZ}hZJbf;p%fi!Ek&bGs_Z%jm-DgsTj&02)eoucIvNEv341)$ z+N>T^*>x1MJQG`b%`!CTo{T?=8cK{LAZ?$qq|G%3dgm4-z`e7pzIWbsdSzD}CH~?7 ziiYc8yI(EY{VH^CbM1Z=P}ui=m7-h^5S7$sYy@ls4kQEw?i+9^&C3+^A@wrs4ALHZ~~mIs)bN2e>wbUD;$W?ok0San&zn2x7GCoo^q+O%~E zU84Za5CVR~60c+E;(y(I-I&)-ZLQ`~GsL1c*{;optn>NmY)zkv>;EkCq6J;OXZ4EQ zY|NFhb2Qag;%c)Ji8Zo`>Nb5@MEkPn)2nzNU#JbE1%azdUtg$wSp@sC2=!$V?#rUD zl&gKETbibhD*9OZAQuG71wYaRh1Q_hRe(9V zrms4cwayYO-$5e*t2RV?;Lj8boz;fIXeIomt^};rR+mybwRE<-v-eucX1cQLR6NN% z4>z6WV#>d~DS>wV6id7A)z?*4TLsKkUuD-S6x;1Ij_rZ4t}>;Mg%!&x#?)4#g{faz zskJlux(i+dnWCR8nF0%S)pf(RY*)(^y)m&ateEYHzNVrWO^0cQI%ArlnwVy&8CA31 z41n46Q};t}0ZeC5)ZvnR^@s{^a2=i-EW`@@)`JbS1$NsIz*#zw$Kz(&AEpdJAM1PO9L%L&#_H|}8*95+yhIw(r|gY*-4^>3GylundB zp#JY*NfcHWgUXZvSu)UR9eugfOJDu~;|})RG}MB(xrVgbxWZV-j!zC6oZ2Avh$|jco8C zA;xk@sEp)T4VkG|Lxw{_C1j5e2{Gu9(6$+sT}9OF?8FBUn7vmwnzPgo2UCjvWw1wF zgl+xh%jf%7bm#M04rv<=Ce?eOZB$y9>VVTFe*KSr-e(yE4{A=GATL=|k8~@fd!!#0 z$`#PaC*jz^SG zETpROSST0^g_V%0QnWnLnJxNj-_#EL#HY*ZbS2VAt*BoeBBOyv_xpjiMj37fB9)9l zDJdE;M5#ov84ec(19CJV%j&;F?a0Wm!Dt=n%0tW1jfqPkSK!nUWJ~P?5vhY@Zo2Cq z!NDS>ro*C3^nW02X;Jq03{N*c!c$c{!6$g?5Ae*d>^c*7+YZ!eGN#VSo);EqIl52{ zHChf`X{2BkFmS)st~?5ETN@7UKu{VPl+K8yc=WF_f^03N1Jzla(SBstOOHe^5xR~A z9It6n2G+3XryZ*)SnSp5nNF0M`1B0ZK)=E$aggmfYqpOrRCcY!g=`7Vb#rX^skMS* zE4$X9IN&2I%+UG9Y~|Hz5Gy&@`%wcpU20 z$DuJ@wLE2MMZEerR9BOCIPf^sJ8m%g-!KkMppWo4)H_B_Ce@g%swo(Uwjmol4)t2b zp{FA`9*27C$Ds#RcAbXo4?zuwcO=&56sWhT!>GF`$IFg8#WTbu;?ctIxsSQuaSw6d z1A}-`-b?>k#IV{3}^mxM^t)T$O3n2Tz{Qfj}y7X zvE)W?jaPccpNP?#?bh`ZEufL(r^aFxjyOvyOy6t%sqn zw)ocr25@NIpWNstB2c}a8adU9{mduUbfw_@Z7S7_&j&YW3)5G?HRm&p(+f2)R?QT~9M2q=m^QaAGvPY}?- z`?@RzW%6o{8d-|-RL|5_BUcAfnIN!~{f&*l zzYzf#5)DCx91n>&H1>@_dns9J9S39I9uW!fFpV1*PR62Y0+wHcNf@Dp!YL&X3n}qH z2CnEyCu4Frm`K1lNCM60EIL z;;w87x<(By6q*kYO0}(AK6lx2xY=cIw(j~_z-(|?RKIJ-(D$ta1mWTtxM(W@`-8ns zsKO917DF9$z;7%b#{+T*7LS!a&iyr9F70)P%<@VPjk`ai!kXizeadU7@Lp80jM;@g zV)9r8%ms&5dfX`FZIf{=JFrGfeO_cl6f-UKV8dNoG zX=+2NJzpLbxGz#1bs5EFxCQJ6ww-PE9_5|pJ=F6X5E{QPQw#O3<`U{0_)!M8e>xw} zOTGNrKEKivLM7&lcx_+Y>vnl*VZBy_iCiw{U#yka!+rDmO31FC6SsvfIG65+_7p_} zc8;pifcamlLxbJ1OrdDKKCg^sS!jbyzl1OCHw4vlyfAG{uYq@WbOnWtuxsPD9IW?G z(VE+vQ9AwA`>wXIuyXdstm?)70dWKilPp+sE6r$xUXnP0VQfza{{JEq5n1 zbUncOL^;)Q%(|oIEG!?tV#A`7Pf-hv_ST?>fU5)>wtJCJyO*%sqGz7U?=rJ%Fgs)z z#p+dQ_PP9K^}qdGzT7M~8+(}gW|wsnw6vgWT?9rL=qke6jSef}UPX|?!}H$J(3vQ5&xO`(`Rs-qJHJxIylge?&>tp=fm@sy$|QdDm_8eALF$? z(d_p1qxl0=U+BwKOJ6SPox5TcFk5q#9vKgz@%^sifzY`R?l3*sF!aASY9FV!9H&P$ z1|wowVCr3QP_;4FqH4ECqV*_Li59PDwbUV_5)FJ-e}G=UHd+ep@d8x1(lZ^^0DMW1 z*kA#waV3SS(`>Ceqc<@ z22m$D#2mlEGo@)*P1Bll`X89kPG1LC>o+G#T^o*pEAF!CqvpUpdb2{H@~gzd$hzg;#33#EZVCQ$Cs_f`WP z-THNai0JF3FxhWYRedWtcL9tl@QVT4PQ|G_5Ju5>YzOZRD02Usiuh)Cbjh}H8-8mm zUc(5gt*yBd9COg8-t{Bw<6vC^&QHulFAKCxkvAwI*if%39D-UQNMuDGP_J-Nwlljn zQQl;{XQ1zKFI+xz`Eoz@nX3&4_k8gT_9N$_VGUNp7}8)kXe`feo>%FajY@Lm9Gu7I zaId;bg!KXR)f^nZ^&Qz%hd&F;M;qbM2e@EeUmr44qXPoxdEia>C9~%)U*2}&%DKx{ zxA_+?ShQfp+&OIv7SCIweeJS4}1fvA#9 z1wz48Fc3?D=8l%iq|{hCl?kWguo1KbeS|lHhQLNpBpnXMf??PQT7+!yM$iz;Mi71& z1aAZlX|NH5-vGfIK||0+5RA?7Gaq;ndx$>I#qW9;0>;xxO{lg>jVXL$z0iNiXxMU^ zg<@!gG&Bz_7W;KtwEQX2sqf&WPaU@ILzk%V{VM6{J2fd&)5Zh#w1aok`wDxejz zzL6jv#;vS-MFE=BxTQ%I$Hc;ssHP-B3N)!vOOq;En$!rA<0e(CZ&HU;dcw&5Ak-a* zBVip96hLqNpUlexGtn2Wuk;*`1}C3u!+rW*@3;*x7C>8WgX#MBV9V`4YW#!-r~{9o z`q91kH%x5wL3Qm>uKhi|X|xN7HC=JI#@*Z{7|p5(K2smIk+Q5FQ&KS^^l5J!TBaR% z)8Fz|Rdq&VPH4>eOl?DmoXMC|7@Ydacw#eI=lnG#7M+3fb9jzpwQO`j^qy#j)E}f1 z9An`9zYi#Q=<@^mBl_2L7v1Lly+`w`@XU7q*>Sh@d+Ep0tdj1Q1g+G&D#UIB<_(}Y5-o?B6X$}93RSNoXF=#7DKyc8Gu|w!`m!Uojcez7M zh5i$f)EM?3#vDRjwTC|c%bafuReH`qZT8O9sLdX>*KPJPq{f~0F9mf4T~8M^(jhn+ zt)`+{Aeu_5flxf04#bj?Ae^UABQY(S%%mgHJ!qu$W5DLtzrT?2C*T=4U3vq`hvDD_-Uy&EGcH& z;myC?JXp?JjNT@jTulvbf9e$$jHau;5t`as{fyLtFq)y7btF`C(5NXI+(x!u(sacA z*&JxY!5b6)r2d2jA|myY+Z{h z>w&Ps*Q;<<%ZOQe^i5lQi9F<1^*OyMp#D~Mi5B)?tmX*3aKRHmY z^cZgx7_DW4rMkT+l>?SXC<@jG35Jbsuk@_O#SgC;4l~yQ_j?lwJF=@#e};EthY>rn zV=Fx;Bg+6Tkly-UfTC#szpOX21F{jY5wH=k5wHad6HaUZlOlIpQiW+e82SV@NM!fWshN-*|AK>Gl6B8H<%}wA9xt| z)67m-1-L}~h`CyPoPUqMo&O3yr}}do?Fa}o^)dAd^#t_;>J|omkc(q0yYV4)O6Oor z*hkGqhQ0s8Tur^d_g^2FU-~|BkuM=1n8~nXZ6mOM5b%9O`TO$;n%uK3P44h<3g{T< zyIg^2C>aWbBKjGhbT}MH27^i_s0CG6%Yr8NEK8F+d`ui}l8eTJ;nX&0)7RmZHXoWR z4d45fHn^*4IUEB*&$ff9tY4v5^3U$jkKm;7d89$am4mCcknTSyYP1-7EpYiB@&(;j zTD_D{UmEhmafEf*6dV^Y11=c>_p^qk>oqmQ6P<~YmZ}~CMK|VIw3&1@reeA)(2-pO zm;31)+*XP-nratez&9Z{J8CYi)n8||U)S#2iduW^Y>wq{sJUQ49NIIb<|>x~RS7OT zD0VK#xV0`#6k%meKRnfHi00&Sy`S5Jv!(bpK=d&}UU#k)TQkc6o1C^Bj)FmkE!B#; za{C^6Fh|R8T(KPdubvs}=SmG7gu$#)BK7;O0xpXs3|qk8@HA=tp23PrPd8q}z;_7^ zHg{7c?eIRT1fGe?Fkapp-e8^4sAEu;tk+Hs9}VYT3%FY0bFahArNKRK+F^Mw zkD?L4T~@Dq1f?hU-wxdB%5Dxv9AC;aVvpMcRS8s=j01&YpqwbJ?QAciz69C;e0Kw` zawDJ)?q)2l#0Ulsm*5*7@!^u;=t{)Cv-g6NE4%So_zUs$YQ%w6W&aiGwy^J<(f^sX zt?qc%>_jfNq6n`8w@jIuPPW4d>#k;a^c-FHsSDuMVGRietcqCIb&=LtC~ib|h*_5T z_eLRiH@=Sm*S-;b*S^g|E4%T%1Qo2fG{UTHdP&reZR4nQ;;5nRDsrL-S(i}h7}6CF6b4I7To`|Dc07M%2bObbd#vllc86xp0I<7zviSG65i*^RGr zn~v)B2yZX^U}QYKztM4>9p@Y7IN9|jO8QuOUwT`5LwZ&Ewe*biGwEUJ2h!c}BEU`3 zSEZ|9|Nj!{Lg{>;&*$d;?)nnj&F0~*fHPPR^AF}P%)87NnM;@pne$z5Ff$n^?e+fH z^Ha}G_oeO=nIACUV!sTh3O>(m;I8Aoau0L+T(7vEcRl8M$aRM_cPv;y_>yPc)#oYh4&+RIDIr7r4#fy^f%~x`QP&| z^S|Ps;(y9N$bX-|lfRX}0oF{e1U-qJ{8s*4em&pCXZa+5D!+nX#Lwf85iSxo3!8+J zkP|fFbm3%SsjxtpC45E*2?5~<*L|+1U4M6d=x%mTb|3Ga?asK{+@Ez<+-JG3aqn{9 z<9@{bp8JpP*W539M9&z{JkK$nm`Cv>Jzbuyo^w54@m%S-)$^d|ZO`vLFMEFF<-DW3 zA#cDt%bW9R-qXFG^Iqh=-TVK%_j}*;{?_|~_n)*t%XAZc3cZ}}pf96$&|B#5(6`X9 z)4!pgqo1VzM!(MtVOXYx2{O}|Nz7@?Nz4+a$b6N#in*Kl1M@2LYvvi|XUxOwcy=^< z5X-a6*b~?}>``oloz8A&f5d)|y@UNG`xg5<_9gb0+*ob|Cvgnt;Ev;t<>H*moyo1? zQd}!{Id?Jl7~DpAA9ok`A@>gV2KS0@vM=mAvHs`19}sxNbE|N@aJ6@o=WXU;@Z&i6 z<}u$PzKriI&x68`UH1w1d$zj%4k%WH?+T9tiq`;Q3Lx|=KqCh@yy^a|@C#ZHUT_}| zX}^sAjcu z!Zu8{V&M`*d}}dTgN3JJatb2CMVMTOg)1>xfrZ;K`79y~_Jz-2;Z96;Ai^gwIRgtn zhshH$K1PHu zV!Iy9l`yv(5#I-xypM%fV{#QHU&7={M11dH@-`y;25ff?<~CyP%ZT{?fVr<=axEgv z(TMOo7Je0z>#*=#%w3N;8k6&|@N0-LVJsYlg*Rey118_VSa_XGUFeb^4#eW;Yez1RuP93E$m4+rEk0>a-3_&eUnfcvp$IGH{pnMNKxfW7_^ zCO^b3G1fizXU`EWqOli2PFOn#2Zd|wUTaTT*gvpDTynqRgneaU3euW5heR?)}gP5q8D2NEJV)6M0`ft-@wA(WAZvCzr(};^0$cdVa&X4#KD*W1?$Abft}#=`EdG#KOiB4YYu}e z7h}`_BiKJ7C&F8p{1KBk5%C$p8fo}5wtE+ocQAPyyTmB@43s{^b{}B!J|_Q%$$Nub6y<$zKrRCt)%X3;%)1-!b_FlfNOtdUq)^rg|UJ!XL1R@H2cT z_T_}1c-e6i$6cgcPS-;%=a~l27-mN5n;Z`zfIks+r5ZF0D@e;h+G=}`2I>M zx|6?BQ!zOl6FpcE>X8S6zWb~7JK<_%2Sm36qK9t$15Wo7i0&s4-A^F8pFng!fmpsn z(dBUU6-tN`ikO^lvJ8_Ym@LF(0VeY? zIS!L~n9Rjw4koi94SSS6T*o-0j#aQPn=v^blk+e+7n5@^IUAF+FxiBO(PnMHoY7{j z!(2BeWkk4NWAZ%gnN|mbkO5K=WdIOM#x)dzWBcEKFannRLpklhy^{m?P7d6wQI{e+ z>S9cGVzL7h+%ZrWVs0BITQS*!2`;A8`5u?U;XV)jJs15w3;o@M{%#Z;A5uddO)l2Q zT*Um5d78;Hapr2~9>=|o%N$M4SiNzpKq`JoN4C?&KBn=C++x9|24w7FL@)k z`$^_(qR!Y)UN!VatL(-%e{cQ_T6!5}t{0WMOK?Ct3-40F^?vL9%T_M-!~Fq%xF{7i z(8|ObP$F;Da?j@d@VZ~^>kJ&g)`~||c3UsG9!02aPV+BB+uut(Dzl@Zxe4PGy5Nz3R)1Sbe+*#{>LHts}7x@}$UdZ3}dze+|D^wy@9+ zH{NTxbg7L)%J9rBp1pb$Vqel^e`_OPBVZ$NAS0kub`M4U09I@qF%F*5jK{)3Ef7kB zf=wt9mEmglNG6borxL+vIu?zj;cEBY_}X}5=WPrq-^9WxEfs_97#?|t_uoet`|rDl zS^An0hw)1&z6#o~%I<@ZB|gMA0w3Z7+u@bn_|kc-0x+Vc0?}gZqHy4+JiH7|Hgf)zV&(fzA$*Ox*`4S1vk=b+1sPU`o&G? ztxK%>0$`@QQ}F1eaiSOPd>T3rEq*vT*jdPf-c?yk>6aJdZ%Q!4v#`1vQBCQnc307U zI5dn-0;3&Se5_9o%G_nFsXXaNhKc>yn(L~SxigEcQiXgPw9#}uGBY*%a-0~d->7N@ zwbIQ@Ww#&ItqN9d7-i}R=r_@3vPDhXi0|>z%gJ;@%?w6uTB4Zh(682lHIk1PnP6U8uF;YEwJc0EzlZ3_ko!)K@UbX2-p@DoPr6OIPP$y$CT)<` zNUhRh=~zjXCQ2hDM*LWOOMFTEk$8vrb@2&!C2*NIM~sM5#L*%z{6lzGcvW~tcv!ew zxJtN0IA6F)Xc49fETyQ@Jsm z$i>)4*n8NU*=yKK*$P``Gwdq%cyPS5+E*FDd99`)Soxy5s>=Q7V0&pMCnnE-brdfgwn-*mqKcO>5LzTJJj z`wI6(?oIBT`*inGH|P4q^|tF}*Hf+sKegYTt{Yrex^}wGb#=Ltt`)9%u9$18Ym7^D zQO@_AuQ{J}KH|K`d9(8x=cUeyv+T?`S2>S&&Tuw6{mx<5rWzI^~eP2-;M(ymV`3YP*!DR?eBe)d7B?&G;aAy!) z8^N7UaHkPmE5V&gaHkO5YJyuua3?dj?JG({sGZAdegbzQ!7U}YB?PyK;1&|x2?TdM z!7U)T`2=?y!ObJMxdb11nx0{`zgUaPH;aVxJL-? z#{~B%_~&ZQ=%T zjo2zKW*%YgVQyxwVJ>AVOqt0rtC-`N8B8)o2%sa;$@lNrM_VS*8c;5BA>UqZVu;(VvRh~;c zcYDtFw0Nd@#(9Q#obLDCue+afKkB~MeT(~A_hs&N?hf}U?k(=&pbqwt>rK}SuE$;X zyKZ+~@4CWuk!zDH=Q`cB)HTZ$a=z_++4+?7LFb*$8=O}*%j}kYUe)*JExV~`FDc*gy8;0aF($a_-PrV0cRPb0cRPb0rw%{ zi)D-kc9t<3aF#I|aF#I|aDS$++gHrSQ9CW8GTxR(j;Hw0%Hqk*56F&c1|F&c2cX7+i;JBHe68KVJb8I=L|bS-AU zJwDA;4EV;aA_H%0cRPb0cRPb0rx23i)D-kc9t<3aF#I|aF#I|aF#I| za1XMdQ1hyN+TPPz%%)KnZzH&^1h<9YDg?Kg;Lazw^9b%-f;)%c&L+6C2yPR>Z6vr2 z1h<~x*7^3i|C>r(d}hs0;JOH|KyZ12%MsjKf?GpyS%T{zxORfe5S&JEX@W};T$11t z1a}61(!RD*Q>cqit@#PuDFnBg;8qdb$pp8O;8qaaa)Mh%a3>PnQi5ATaEl3U5y34a zxDyEOc!FCX&2W6Q_w~;H@<2tPRtiQ_JAXiMmN_oieV?$qm*DOpxbG6&-2`_R!QDx4 z-yyg=2=3bicRRs-i{Ne}xLXPC7RaT&QXQ`O0{eA065I_0_YH#kI>B8}a9<_3>j>^E z1a~dLeOd5sp@vbXQobSF-?(3M4{$efWjJ@e$h*?ZcrNf1J@egfxPR$>*zE;J)!#hv zWk=Dm+A-e|bsXV1*r6W}>V0PFLeON7BAuU0jzVfSqxV{$Znmz@Q(j&!X4h)yo_hU$ zh6VXGSp5nq*F}PIJQ50P0Yz2Qflw-(3?!3kGN7tjC=*YqnM6o!d~sF+RP^C$resco z>%=P@RNe+Qoz(l z3#f7=7**4Xl9utM9kus7klr2k2K#~n!3tGyH&?tah+sfbAOI~;$|oSiatFL!2r!fa zS@>Vq-kIJ=3vZws@WbK8ijDeXiv@TteF-GlKOd)gntxudP|U(viDiXy$29-UoVK=v zPBfGgU4?bi{Do2~ttXBAYB#08Y86P7V zy>BXiy%2=9PDKIYn`cHhIHh9V`?OoJMs4(FsWIgVw~c^}fPnxU$!M}1$rz;{$%x3%7EiG> zc%$G>?A?=*03RJ0HBMHw|Iglcz*kXh|KEFeXSVMGA_5{_5E0OX^n#$$L6D9DB9L-{ zKuAIoIs(Q<36O-EfQnraeWE@EE7(Ovuprp`54+gA|Fh@p-MvX}An?Se|3_{<^F1>= zGdq2!oH-|ylpacm2_>Y1fL55p#H1&rrp1g;&P+^*PZ*z-oR$VxN7`Z_x;oOdMMic? zR>t^HCdkCDY=ckezDLuD`yQvDJKgtaTJydKTsdit&*{oZQ@nDrXmUwqD;x+{^d{c$ zBc8O@pMe*&CaQkk_V6PhhW?01dW49N-%TyfT03;_gX1Z#iI zM|Ql`IsBvfsN;Hi(pENh}QMEhBL zQ(K{xXd{)olxu;*{&?Pmea4<+_kbKZTQ}fYtX-gG_~-xK|GEER|2qFX|B3KZeLwm3 z`(E`u>AM~D=PmKg_T|9O=VQ13(>|1b;pnG$!_j}mk-tGt7StmTeJtd$68Qh61Yl}= zK28?tws8x4YMYh8F3+)@RE{Jn((%00aM+i@#C{H(_q3o2&1D3Z;OZt??7~? z32%!i6W#&%oF=?2aKa0-;Is(G=ID6&?2^j!a2C8IgtOolM?4E2ls_X>I20rV=LTUa z0z!fl6M{o%n{}AI&6*wT?rgK-Hg0`N<}jwg5pR#&+s*d&c40?1oGx2iVbr6lq)-&&mo*N$UA`)EvV23%Rq%by;~g^k_pnBq_d+*X|cm^CpkXX><24P6Rw0XC&$ zLh{j`gL*reL-Bqz&O18Ulg4`ZJ&eW9kySU09sRI7 zI%9{ulX-5WgM4Z0lFGiAx+{_?b^qB`W>`gROc0t};VhbNB01JRFUWIMYS80gJGh@c z)>hry$y=d+b_=9}zi7{~c0%sQ;R7^AoMymIK^q(jKIJKm*57rx< zeYJ?PAxupXD!6xK1vl?iQrQa~=2P{$yTK7Duis$StfaCh#zY!GTT~Mzm0D8S10QD4 zYj{NT;SsTpks3B^Px}Am!+tCu$4cN&EdiJlo{jyAW{S=2nPRd%Cp-&Xof9g1PS^z< zXinI?Wql5?VNTc?1JRtYd5i3n^sMBJ)6q+7zmVtbfs_mIkVYJe=AD4XZHN*h9zZCyDicC4bd7>8~mKgeCLb%(a3B z7bSB!MPp&wJw3w~*-1Ske#ymdzU)A?TWReu%CMS3P5zn;9(&8*wFDBE6uM3Cl;}+_ zyxfZzl@pdsb=#gDs&?Cp5=eXISmXP0V|2SywBYR&_fgxrQ_hp64~ zY6LJl9h(RKcPcm9TT_;dhU!yr;tw;c`cDH>mRuMaFiO4GHJ4j5Dl%Y{FKZnElb4Ld zfHZBWe@Y?S5y}ao6~aH>EoI5Dh%y!HUp6UAhDHWFoLU?b8Srpwad1Q}inWJ}I%?nW zXZz0Zea}IrUkh!IcCGq5$lP134pQRe@8t*O68;!32Yqvm{X6}YzV8JVcs5WjOy;Mu zPuXUFyl@V?f{kLaa4Ub0xKTb|yiz_%`bpX&t%n=`!=&b*)y@6Eo%rx?iLyjs_Kz); zJ~T|L%=ciF-%)HnDWw@uTJBVt)w{R?fw<+p+=6a(Qj~%&hT8#?LxmBOh(N%XeAt;u zC>?`Iw6_jm*2|(ah1%2J_|l8qeA$6&=c{%Y;RfIG!%p4N3y@lx?dBU+F|7WbF10kP zTFCnMy42FlY9XVPbsgPDY`2`oYkTx;7_B+PCx_QDDWy4X<-j)~O6An`lKH-ZqgUXy zV@@o!2O-+Ef=O?*rWa+_n^0Pv@c6OlwY?B+m|(r^c$sxMaC;1 z%C8%5yXAJHS8(Yby%o91O)bsEXzh}+ThZb4kIB_SMoE1g4KTHIQnirv?;re!!{0Ks z$5(gDG+N`UG4qWr?TI1mh5=LMC=H`V042u<|EJV$_|;re%TIC>0t1ogHc4;qwvOUz zRo=o58E(uXbAx)VxmEdz)%-+j@u}sJTY?dt;*co_mgAP7a**!SsvP(J!if~T{CSB? zDVqg}49{XcABTK@`!Z^32kEO34Z3qgIfJUaaMwTNTT)BUtQPWc8g!>>A?x3uQ%ch@ zq@6S9eo;o2IvRzR3ha>ol)u#Sn27R;Xu$QTlcdOyhgF-2)j}RlZ6;I;c{sHhk0Gfx zqkSjps7+n{%eG8QW8KWblrGv4Qtdfid@0qRoi963?JiY2jCtj;U8{de|NLvxnONG| zZF(@Hi`Mj_Oz9FzTe*G84pqDDMF|8#$7lUDnL75CY9(L^X=;J@%E^ziTgFTD2HE00zQ02|wAQUIA~|e&W~g7k(*l-1n%Lmy=Ptqh_A>F!fXW?GvVkIq5|H%32@)7aMl@)h>9$b zsE`>7PAdYB#rcjR%1|&XKihsYAgD>4SsaA-+G*+0r~4q#2~;>8B5P-BPXyr%ARlAu zG*H!(-5yH4Frw6h4SRs59pDztFA5IL&6tt_!ZF5{R9-|(v>mBt+^l8+L^C{#q2<*i9S<`G~nvn8vu52BfKJhnS!)i6qp`>yuri(6b203OU zvJ@lB7 zkNBof?GG>B=&4U;593D9pZ4*He$xkT7lgucgW@{IryS(!4@$9_S&&y0%0iJ!p_v7? z+#EI~Tm2>*w8JHc^R*)6BQr8|eJ>f+d5;MC zZrzuL@@m~0s&$uoPDy1J&3H(NQcL&R&|x%{BX1-y?qp*BcE%n1>QF|cgM8`GlFD(I z!YiE->mPM>s2w!SfkWKJ8lPB8zaU);a)c(dgNs46Tcg(;sXf-wAlp-GI1Y!c0lKn(EzZ}wZcRySj+o}-V@3P4VOy3|ba^Z(;_@oV`KKFzw=7;Q8$ znEtvx2PEZd5WxBQzVf~8+X+ATYgWEbOZ*%Cn_f|W(wTGEu7_k ztU4McRaQjXXbs~>6)94t0j0HUZ4mqXQ_JmGx{sB>u@d-ult81BDgj3tnuP@IbyIu- zxCUyt#-%30Amoo2m4dLEs`8-&t)_x4)3Xzk5>rATGb|}J1th;FCB|fAWo5*q!{RC~ zB{O?`Vxp~hem(}G)l{%WXncHDTw-cU60D{!#wWCz3P!A^=At{Trh-vcQ*-b+t)_yw znp${LN#$%Doy(kHN4}b}_uuN;xFS&r^~m>OEUf-!8<02wJNPE#q1I-J`Gv9Bp^o-y zEH@`JCVOI5K@9C^#$?gHY7EGufKQ<#N0{U-&>F~{hTFmzLdCID!uqpmsh1Z63pI$e zFr#o*$E>W>gp{QKW0?Wh)d ze4|m2RL6{r#FWIuv~-AddQogzvJ;Y7cFr~R!QY793d`Er4s;m{)UUhBWtsNLTe32@h7!YSZK_|;gRN! zL3=SeBho?kjV`G&XeLV{d0YQyi_s{nB5yeYcP(2-Srxe=d8@RDw6$*Dt)xmthZ!`- zc8@N?Lcr|>oPBg*i~kPg1YEpH9xl&d!Zz+`PTExC8vi2UeIGkt z94fx8e`WMDdRRY!Ho#9oAK;sy5%2|&46q%v0^SXJ0dEA&fNMZE;3BI;zeqn{9|-#L zx`O_=Rr)ghN__!n>$@KG^{oPpeOIyt`YbjJ^ao64+3X@Vko5sQfJ;GB-g3~DcL`|A zD*}CapXi0^`}$_#58+3#wb&mt`E3v@#m878==wVqwEdj``u-GsBit_d1+@NsE`G%O zftJ87peL{+XbNlvx&n{mI%n*6{Re9f=qsFJjkm^HBdo#JxmI_pvy}`Q3{L|chRr~W zp$2*ke*=AZ<)9JoQqYMv4YcA-0KIr4K{H+#(2Um+bmO%G?Rdu-I_z`&u73;~@?HlW zdC!BEyhlJ!-u1%!!U6F_&@yORZ_r1$SKQ5h0PTez zqyEC@*(0F4a5L&ZoGN932E^g8x6&K5Af|&J#M40&;z^(j(UN4?Yx$Xf0~!%O1Z{|~ zf?mXDKr`Y4pd0aaeiOfjujS=@F~5}0<7l9_nIiSmN3TSg23;G-fgGR^hpwlrKv^t&!dL5g|jbsh9JN^dx9lwJl@luYeyr2F`|{%?Od>DFm$vS`h?o;A|MdP;!K;etw@%n(vdK z*VlsDN;ZT~d@br4AM}kF3&lSG!MulT18oqk@dTJk&M*m1(yQlHv?fsSe^c<01S81t zUb10EL~EjL6V2J=coD&9f(r>o*&tduXfy94$8iK>3C7qUT9XMTp`*Eto;k_I8sg@| zZRYK_S6Zf&zkkf;@sLHgNNPg019u0m1nQ zCY6LWoE)9v!9o@-Y#*Y94NA0}>cBb@t@9{Ae}aAl=Mwa_fip}lXT@a0RCDt=vSF$@ z!&Gx~2RTylFf32bs5}`~fM{KAdl9Y62reZkA-IHK0l|ENc?1^|%q5sZ;MDu`wvC$) zAh1UXwv*$7WOJI0)1)?$<81^R32r60ncyaZ>jltVD}pZxz99IV;4^|x2|gkC zm|#Bw&n1{lFo_@s!F-EsV+bxH$2Z7^eUtOS(3#*&f=&eK2jKmAv^lIa1LvDmv5YaUapM4+$uL z>~*qH#@IfznGca8CCPjQZ5m}$OC?(hg3^NEM1tl7%?O$joIpSs1L4s)7Hqdcw8jyP zCBO<0Evx|18cmKD5{$BeYyAoO5u8iVo1h0lcYNAoIzrwN`S zc!JoEq9%}M+Ov}qKX79v|V0i{f% z7O7zoaLp-#k>rJj1Z_CksF`Z?B5e>ko`+z*Oz;xHZh{vGo+o&g;2DB<2<{?yo8V0X zYA>eKP+ld+R|syiLA0;}L<=iGw7QbxIRsQ4=DQT&26D_Kz*LJ?AF^SkidHYOVOJ9^ zs$zy26Rl!;MrFpRF|fY2BWD;3XVf$p#=;rK!kH6`lgC5dpPdNO3DO9#cZk**woSB7C&wg$M1ll@c!D^Bjs!GLFd8Qq#==>9de#p3;>XlA zy*uXqpO%1K$f8wAu$EvA!D@n41S<(v5L6J96O<7wCs;!O@^_da{wjVdUhUuL{>uGR zQTt!4?9xENFgaqv_iAlgkm!6!E2pI^g9E?;R<7t0M2h}ef6B4Q&on&Pc#)7`Y#F)6` zn7Fv~qjVb5BUF@Cm{VY1bq8tNjzHyzD)P=Vy5~dm0_tpoq<`-GG6^g6(pqWK0N+Eyw^>mNtJ~^~U4A zi8k@QhvA0P9{vs?o;%9ef0@+99f5ynxtfcB>d?j6MYE$E4Q&r1|!+|!ucFFjBfp7n(zlp~(|36m(z$MfS zy9MzMwYJ4;$Jty$O(QyQYnw~x1au%Sq1G+4;*wI+fX_ZAIWZBqgi^8+V&F1GC?+#0 zD=jHAD-pOYK;=qR6AVOLLake5#HS}^gfbEn8<$iy#wWxj)Y{_`syYtciQT7lO)jD1 zN~#*+^Ja9Ad;+P{UBpVN8sgYeK8GG0@m#LXY5Wn9Cj3x%WXPY(@Vek7~7f znWHqMC@wB80Y5zvTr1Efsyo50%1~iO?${}yZ^gb!Sp6xe`i2`A#W~;sc*j6vv-8-Q z`lZLjCBf7$>Cc<`fzoSyg+0r1l}M+$PGO}h5gPSCvqo`fN@7AaWfwGE11=_;86n<_ z62tcgH(LufsBW2_F)g<^D>o+=yjBa7PoaZc@665I*4TM2c{v1@Q6(YRB4hOG)adVBpfg~eP-GSe6NQU}AwqBA-@-O? z5NI0s(fC68QTkkZPkI$jkhhz0(!J7c(gtajwAlE-oUJ{hZPV_9li?e+^`MP#v37|z z6HbN4YooOxS|2zOPSQGPL9L0VYXS8~^$Ya_^)+>u`lR|GoG#y@UahVKNrns5>A-1_ zsg6(ws6Et9Y8;$Jw@@3Yvhus~t?~(+pYI7AP@Y#FQ?|kh`i;surChmExmYPua+I;k zaHXHpRY_4!SAuYQuF8MN-^w4$ZwW2rm*DLDA^9%(=D;t359Rf8xqJnjn-|C-d6Ya* z?qP=HbT~0TMQ$n^<|wnL956c>`;48&W5yQacJox@I%AF5+*oAHGp)c2oU>oq*K9v~ zlfB5EVh^&->?XF3m9fj&Y?jZmh0mn<>_XOCcu&|X>|`gi|u}G5>Bt6`@Dj@+#@gZ z$V*+)|C&qsE^)JSu}jT$saY;H)1_v()O44c=2FEjRpe5IE;ZGq3S4TwOU-eq*IH!?-q}9wYDe40~vad(F1F5KY@my0q@^p_p)gw>#$YvgSoJSfi z$rD`CSL%^hgh@gB#UsD-$S*zeV~>2_BVYB%-5&X@M?T?^k9g!(m*fGL^zU;?-vX!W zh}zvQb-PR5>{8dd)H;`1Qc@~7Z5dPECb3JnSh!c_QzhN5hozRaAbe3 zV8F?7sf%1{uuJs}Q*5Y94RI;g9~A_*QNTn zRBxB+MVy6xbykp0{boO#tyjDhc4B{r8>LRnJ(4IrNVg= zSeomW>QYHAmFQ9l_Dn>9`q&pHo(~h-!^FSCM0}Wt3lkl~L~NLd2@_|8iS}Wloq4Z+ zQ~idaW4`{|B@iA*n0~!SUS)qLz zm@vJd`wB4a-J;&Eu2D;2jXzl( zrw&)!vu}a-{w?+rdzw9@9tW%ZuYpJY4Q01-BfE>;47U@?L1V!jSmjqJ3zhTPR5k%_ zCk$nM+1V_aoz7apodbgj;!on2;)mkv;%@ON;FNz#zFd4z+-$F@K_|j&IbY6}N6G_$ zFFs9#Vg^iK!1B@ zM)*PaOxPnlD{OFdSqLT;M6)~Um$j3eM(Qpg`bCM3h zn3HsyTdl>A55-pgjVobnO z?@};Tb=+X8>QMb%s-H{2^woI^(^7|mX{kfOwA7(sTIx_REp;fEmO2znOC744OLcWA zn5sHY&kh$nGvD#Zw>&bu)x?<@-T(n|ujgS;m=w*IJ@Q45+~tuwJ@Pq^+(9H%v-wQe zRWP6ST%YntXMtqxtIL_tG&&~%p4gk<&eLnoIKRFezGv9y!$` z3p_I4BlA4cnV4}=v~oSy$sXzK5!oJcJlBaXX}TGLTRE<)HQpmb9vP9|EZ3DMxunnO z{_r;6;;^e=jq}K{9y!J%FY?II9(kchj`GNn9y!7zFYw6oUDEWjX%&ZEMa!Aj+CAOb zqp-=0um`~!?vh+olyN>a@`D0?eQuMJtSiHQndNLN*p1+Fas@RAR_8Futn@G`S}9>t zuoA;0w_=Fo5Nwf0h6g**JYPEz?_hb)+%_m#&V1eu93C=7_A)Kvxj4`6I&y%EMla`m zu%36@iDWJJ;#}sDOI^Rr={f>jkaW6^O*&o2Cf%+hS?*VWF{kU;9^95DSpSFS1FeYHiZ3TFG)gV79B%p={FaP?ELUi`VHowg;z3 z>_Y_2OOEr=x04h8$^sew=)-5t>1Gg&Io-@Ao%Uyw6SU4g%~=+~Scpd*n?Xd80?(;E~S8iapQ2&U3xi zBR5!g`@)OM;O=lQ`og0td@Y^Nh`m7&9`Aq*50gNKhg2Y)q1yKA4AnO2MkW}} zN5OVo5`M8@I3Hx&)%m#CUGr?W)`GM-%)z(c0yCkwt>;Xd6vuxIEn~!~H#`sY2tbQQiHNX?%65?Xw z;$z}cf^i9*;?g_CC&s44r^cnFM0=8&n3@`&);16bbnzWcL510E?5uz$wJ2Gs%|;q6 z7YVT`DRHTB>9uo_5Niu4PD^ML5MbecG;RV8?PMIY~%;+Z1j#=8Mb7UI;DI?%TQdbT`9@QwKEhKo0gcCmKYZdh~m1V znxX8L;d+VEQEF*lh?0xA^w`woq`2gSTDgEHX=y2m>2WOsjLkZ#xtQC+&P7JlYKh>K z9|GD3a&r?CK=Hto{Nhk>*hE`#V6Z!w_IMC2cWKbH;uGWH%1Mo}AucTzI#gOpQVZBl z>3>vnH?_H)yS|XS+I^>cer85)@la6LFgX+)RG4q`I|lpaO`;JlT0e?QjZK3KFp0IB z9Xv@-fKe^6c|eldAJr_)X=-Q59&lu^sG{pPL;jj82;WEe6R0 z3ig;br65`+l4H|S;^UK`$<=IhDY0?D#+;PWBp}P%j%p?f8iyNQ?HU@=V^DBt2z7Z* z4*^wdS5Z;0`^1dA38Cz0IZDFLk_>mYYUU_8HV(MB(^DG<6y>s`nxo7{c8+4AR*U-~ zg&tH_tt7^#r>Dm!Mrm3}vGJ)%Fi~g}P}K{LY96LGu=CI_Y98Frs5il(*47odprchw zVr*Pod~&pENsNt8PDo2iZxGP5qdOE7m~}U_h_QP>sCY(x;bgeWl$S??TT!$eCB(v* zoR$#fYm^Y1kd&O99%n+1zB#IuG*P#6lpeK`22aZ^f=?@&$oQzlPoY)GlYYzg$yLJzDn^lkj-y2(-QBihQZgI4H z#Kp!#xx>V*R@aYb8uF7Cn`lq#5_!O~u05*xxkME03{8!iA@?3*uv<(GcT&t$f$}tb2u5gol9N|1xW!b(X$KFVjcq zef5*o&FTh_*>{1g!P)j6knwhdlrN2u`Uu|vUw>0U3cTxY2m;H#geYqK0>kXI(_bVV zcJnassDGDdt3~xGsTxf8F#UK}s-1fYxWHBkR#cpukr|6J?%|Sl8cD_N=v?=S319b# z0r9$pQ*0UcgYZ5U-S2H@-vJ&N=^$U)ucT@K-2s;9b^nArz;p#TC%aR8+`;8@(#4|g zqdScr?FbwmJ-R4-vuJc~5e&`t4R1S=AVrE7goox&E6fT-1P)&=jtD%XXbPxqn?4Z~ z4cJi}>Y}eZ^(dZLm_Kd8#Gn&pc%gM3+&-E>SGBwgz=y9JqjgEud04?DZns^O3&6Sg zGoTstk8B3bXO>j;qehoOt-!tfJFN(kWp4vb2@8FV$iR^Ef=~v<`C0k7K@ev!B|k3* zblupC5xQ1puSu|wZEv{l0$()>F80)ts&g?hUFg*f2W5a7zsayv%a}Gh1UIAl4(J^m z27;;KR$>SANVgK(MBGYjkM49Uu}#feiK!)3eet=IH&5b9u7;IiH&Rh@CnTR0yFp0-DPDcM_1R@*Meo5}Ub@nPId1~KeK zIiUPBVpl%cEi^G>I&AtB9^@wSgq-4u(=t(-e{cJfH7Fx%az}4xKiWm(x-JPj_mDw) zK3qBui!T5Oho-Ik`w%3cc zVJS;S&V03mUbJ~R1%$z*B4P5IQDnzV~k1FQg5tngrG51L&RcB%YyO3IvJ7qgW zvBP(`6NYm-j6FX~k93era!RVwu$5lko#Osy&ClWwK0kA73WTd*MR_%Ks0meFo$f!G zJ%LKER4o3psjQ>So;>j>DUlV`JfWm2867U5pzZ|fpgp!}NmUYtI)y?tjOa&gN~#j^ z*_rf=*O6oEUx7*g&;YWnyP#D98Z{3lv3AUoOdB~|UvopivpIUy`U3vz9r`quwX$=>D9$PMM6w5IAia38-wO;de5N3MiB_qTwo_ld%- z;!iwXdPd%=_JN!IUuoOaE&2#OP7eyZ#eLi_DRR7$uCCSh>UZi3#i{aceXahLK2d6~ z{HQL}+G)G^CBkNLGdm!~1AlcxK3M81w~{YW8Y;UqS)U2g{udY%)vt8f7-XawK|>ZU z0eJ;mL00^&yf6P)nhMhFXTd%Hr`0koO}o?BX53=DWBe#=7yB|l2z&3!%cUIY61ly+ zS;eC=~V6WcCXlk}Io0_ulleh?O4pj14pe=E`{ISwk*$eUoCaT-CaoSq#9lf2t zK;NeCH{w9gKpEWo-zD@F_JPFu15ztxu)0@#1|)DR{8p*2P%gq<4AzWoW&5mgpuu2} z)yFyq%d`TRymJ@s+vXe8=2t?gA+VUF8GvwIHA0FKw1Gq=tMupUPXY z-Ru$;FTM*m0=fzZgbd+YxJhv>Tf}!uTNS?+RQIcQsx#GdRGBxE`zrgDJB4(uK$t4t z%08B6$+xNvv~#o{wWpPl`ZzsJ+afFyx3kUsfb_1?N*$-a1DX)ZgsxJ#UZDS|pTnL} zwyA?aF8?hoU6>_iuxt6dVncB-o5in{ev)(K?aEY;y#7IlQ?(-s;}8+RJ}jjx1f#8ymUBiT>95_Bdkl6K2e z@|H(Iq#Ddb%WNxE^p8o@RL+&K5cF@x0rXDx0oA1az&ZB&|F~7Gz-j$<~VZ%$g1dL zo@1sdvy}GoKG2YmE`2OWf**94l`SQ#xYNdfZ(Rq%&AY5@hxmWthzNRPH*K{X)`Ch_x=MXOYf^d19joi2F zGqP7=J_5e={m8!J7ka+pC&E?#CR{Uup07KfaG4YTs{82qGAG?@Mv;A`MOb+P;R?s! zs^@Hbz*lh>;ra~1Wsee8HnS1Zw~g$}oqR3Fd_j4?K<+EB{Gi-+lK=8g$$i}ugv&M& zmVZvqmu)1hj3M`RQwYm;6Rw#`&)4LWePu(!^)m>Ut)}Oz-XmPLl5j;SJzw{e5 z1HQ74$p4!4gsU46t~`zZWOGk}4hzi3GN&DurP+3<-?PZQ64Mp%tyo6xtFZn9zBPA~ zea&XVm1mOw^%CJS>}T9piS-5XwIlcCPCYJn+*dp0yW)L%zWOv9xv!#$R9P*3$I>G_J54t_}f*6bkr$}WWKo##t`qvxwJ-Q2hI7ka+NY5%LyKa?-l zC*;>@S8Lv(a1~EVA4jHd>Hm>?<>iD+o%b(CJG7H4DgLrw>G_)P30Ds$tTpH;g>LgExvy|OGi9xv=Rv}9OfL7W9Z3Gxo~bT~%zowDjf!6@AEk^{s>zBj|bMcZACkxo`P5>W0X8SDZ`FSKmfhF-qMP`FuIP7s5H|FJD0Z zsxTc;%!9QCk^a~H%XuG`1B7$Ran*^oJNK=;g>dyFgU@L^*;jSc z2UYX`m=jMnVfpRkuN>RTfBwX5}8s)bwa_;cc4f$ao_U#I?7ZliEj*sft(fS(a~ z9{wyj^}TkZUacKeIG@*w%bf5|`K)}|s8;_K1@!)kJjdUSgcaX9?q3tGT1f7z78`vc z)4z6;<6h+Wn@aYo2ORf{9QO;2nUUdE^>*BQI{sgD{ELozz^K;lSAItBD?f4k?QBkOuCeK>7Ot5S?gR&8$lscdW?H1bwN5;1op{#n zCI4&pkpH!hI`(bwDOqcOPX2Cxl)j~X9ZYnvrGqkI=>Z2{ckpos?{ILfgC!15aqt2M zyE=HfgU1st`NP4F9el~bhinY^miBWn*+Cp{!CfVL={F8K{iF0r$9|`SPQNI1+I?xh z<37^C?hZQjTZ;7^@Rd64WrZa!?0$$3#9$s1goYhb0tXpTWFS; zbIs|na+(BE0EU>oVBM4itK}AE15-7AH@-GLGF~%YhV|Wpu)@2+xZ0>NN{uUEoj%(r z2910ZjnT&WpmA@Te!qT?eg~}It^@sotAQI~v3{98PoJq5>bd%OSeuU0hv@@A|6n)0 zv!0^I3HO8Myxsh9xI@2@U&YHnTi$e@!$i`MD`o|o_z`O7~h4~@)CQFJ;5Gk_pv+Kt?W9G%eay)1t}8qp=PGCNi2(v zX2aP4)|;Kf(pdsXk!ZtCVojLE;3_BFp7}=n3}i{XCB7=|5}y&aiI0IS30qg>&8Y2? zbVptcx-Y}pB!_|~%$}gt(AF^79`s^5Iwx%{nXset3Fx7G19)|IGC>LGaK#729qJN+ zpMT)DFZcX!{sm6_d*>VL$mn6$o6(&r>|a=kcaY^)wA@0L>(O!@S*}9Mda|rR3+kr{ z=;dfZ6*K{T30hFgOhCUJEtgT4`DmF(mRV?-NtPnC6q02MT2S#-K%an?@$@7EEvWV? zpkIgeo;(0DE1E z_ky#Rq#1`7d;!HWp8%^sU>8fJ5pm9;XS1b$ML13;$7uw`1Vz&05niT}V}bNtgd^6T zK#CsWmNR+DA(%)oK~^IIpcXQ?%`6X!aKxI18_X173<0V;6WD07T}Xha<=F7OFVlu! zeHQ{40iVs_X~@3wY%qPc&|agl?`#{IV;LJkJd85hVvjM-z-y~U0xGOE(tNfuTjMMr ztWKuGGX5w=WBJRhUp7vVTWeImlvOMNNA)=AwTVM85Q0UoP2G#^LvVKld( zc^8_S(7XxF4QN)Oxf0D~Xf8yv1kJf*uvk#giE3Pv%N}n$U%{Vmao6!bo66HXAkd4qqN0XxohMgXHGMbsjS|7M0 zeHNO@Xf{MswoT~+G+#&aN!#Q(#>Q|cj^AE>k#Vo`HgRdc{dV@7**fgP4w$hn{h`^(rT3ZrU3xc$dfpu2x@w(DvKUL-SlTaSp-yAl)0yUTF426X#M4rxq~xw!@x{CYCcu zM7Lc!qj@HpozP52GYw6ge6S>>6VXgS6HAZ9A>9$pSTtkMJOj=4XtuNN_dy%`EC1~G z`uD;csb$vl)pjT!P7!^Vi-O{xZyU2z;~IYt_MRVf#?MfCDQSG1d@h{v*Ud3 z+TH{F9_vQ9@vsIs92Qw~tYVORI2O*{2V3V_-K}IR7Ea!q!TyJ4{$_p;J0I_wubD4_ zW`mVxmO0#PV>SV)hOhFGAnz{$b}VL@_gVK_AF%f%ng7f`<8Mh>(tKr@QUJQ`Zw9%B zOI)4yqd=d1SeyNc(i2)^xK(kVbf;!W*GcQ7l^U0ps((mVfJTD@e46@+`o1(=8X)zS z&XLm9H>A_0HquGzD^e46CrA$*&2Ivo_fM(Y)UBZN;5PLJ^(wwrU9B$Hc4&`jA8Bvv z4Ya+yoKMgdy_24(p8-22kLX+YrLd1OSlf)8_4Bm{`CR>a*lAg1oM<#Q41?=` z!1?|G{S*Ct{SEyUeWy`wEH-u-&lryy4;c681NE-@sd`KO1nn2?TkUggx4ICd5zbbN zK-WS@9iv{L4pRH7-PAKdN?{CWTsT>6sy0+rRZxCazEi#cnT+o!`;-@zXO+j5hm?Ck z^TI94wMvz;;^_WZOOWr_05}Q);xFR2pgrLu@ojN0@U86lvsUHyK98_fxJ$TAxIwr| zSWW%Hm|%>vJ~c)fLyUe#52K5<$J%bB7#)EVqLtCyIL_K+=myh&*MHEzGH$PDhd$=* zSP2}g1k~m3G?SZm*|Rvoc#z-$f_n+>A;6sn!N669VBpq+U~HggD+y2mE(oz98%_`f zgI2f(t#FOm^bEHbxY3Jjq=eZjv~8R;fO8AC3Alx86>d4<{zYDJt->u@uo}43;TEk% zjSBR_a1F*8PER?z9A9K&RyezaY?xbaQf|%rF`S7@E5Y1Cw)@B@mIMgzL`Tv_&aDf{ zhD%#+jUd|v2qvbCTf@n57{O42Aq0a7aPbT>5pA1b?jm@YU?+NUw5?nH&}Q`|=uLnn z$So>C^L%pbPJr7foYZY|>ulQ*#1#`zff%>}Bp6u8f>A=xsCW$8j4*JOC>V3;*(?Iu zelVtyt(c&Q0IN|ju#N;^>%!OO6HFn%(iIFWPrlnXTwn{vjr8n#f@=tHNeu#-$To*y z20xPA^4bJzYW~NT`O+okZl6Nc!Cf?HUSnnw=&6=K`@$N6oJ!a29a$b!FdGz z3C<Fq*r&ObOEzqgl8n8ITi7?bg{_raQ*1Aij6Fw^vFAwg zI@?h&uB6~a1o`B13Bh85Mf7Ys!88IK860rrTLYKpNQv(!nlRDfTlE1d3jK^adXV_g!XhlyFQS$b&7!N9I-Lmvt2n+k{@&Z3G($ zZneCPKhAC@$D1r~$B(n?$njc&4FuO%oxQ9u>_D8Yx28lmQav!L2S)Y4s2&(qDqCTB z8-E-apP>zLR%UIAh=m#?qXx;SMFI0R`dnyjuU!N;Sf3tJ8XyKYZ-b(9Ue)!KF1{o0fAaL{0P8*&63us*X!gVw)6uqN(dodq1}3Dy~~E^cl$woKqj z517Bg+V~Um1M@B5N`Dcw0NepQ)boIMdI0cDrvP_$2Usa{(`Wo_d~1ARykYDBKKM<* z1wI5;;=OGKYnh$gXyrJ#^eE@e!Gqg`Y%1K-4U;4TFX#IRWO>Yc$ z3!c+%(JlkN{LXr@o~Jd{Z_uw+zXff9o8V4C1)P|_2y0_m`v5c!u7|q_!?ZZy9)D2N z^?UVqfM@=3b%XwzAxifeH^FK8BqmEQiZfcYAu~8 zHI@vC^FR2H`~d%izt7*`ukfAxssF)WL#~2A-e1{w>~Z!GyO;fo-NLSARcr-tfLzYz zu^Fs@<*-c9u{aF&AA7+*Vj7EQ9oQ+X1?XBdnZ$gc6XI*}Q}F}wO>qxsTzp#GF5WNR zEp8HT6t5Q7fR@EYVu?6MEEcDT<3SI@2yw7@uGn4dEGCPw;%Qu|}@(cJNxTn&MpUIx(Nj!$PZJQ!r=@T&w9i!nV7&hQJck;do>pnaTe)jS2L>MzD`yFEm;@EBe^-Jj6ja_MRKbQPL#o-G6amrWawBaL0#D8{GD z(S*}(@PlWZ#$!n1si#qdPZyyHXW`%nyQ}di(%6BGLVS8DnkBmFreVA7Vqm8=rs7j7 zB`gP{KR(^2C%FC#(9aAsF^>jzU*i$|QP)pCKBd^uzcCo&c?!)uG^e1S$!JbOmzii% z%s7f_cwVb@K|gq2Yd{--)Xqn94w|#^DW2DADd@5T&8PK`d~_0Dqp{)B7tnmx7;`Z7 z3+QK;ZK}`Oru;3M-=O(5ng`JQ3e7Lk`~uC-(fka}Ptp7Y&5zOCZ`|bru7dyk&yLN! z3get*xP3vMVeIk|=K;LJeky%nyjR2Jb~%C>Lvx?mx$cr=FQcEA z(0mci-R7|BF|(cM{=9jakN6}Gl5zA2?H1Co-Mpus{_z{i{%wABkaRA_II)i~=pzvS zm1tgp=H*t~aO;J8()QCaXkLWoXf!WGa}=5*(HvoAx}k=lOFWu!Xm&(17R?wmtMLaw zAuK*fLHvb}>;wOKwlT*xX4Cn=ED__?3o?@X4#-!@O(B9I9R%} zPArj~!A_+!X#30_?nc-g1rM9I0$0I0b0u(k!-+KiOnjT~f>Y_g$G_}X zg9jekD6}mFYIqCVY;#6PO{m=f55_mpK9<-mm@{!Yw9#S8c}g!aA6oId(reO7;zZyc zvD;x_d;J1Jss@=$Y@gVSh+yR^)8?;KB^TK$`c-7cto@6#LEmH>m zkpX6J(11CUI83actgo$4tq-g>finOU_CTjhJCcDx_#?^|A0LMkQiwCW7c3aVajK=h zju1Yo+D5iV2yh7@0{67NS};Zs&=gJUO}0x3@B~88dZ10~PS6d(e3ZNlA=^^~cz_|8 zcz_|8kCWqLRQuS+C{epAmZazakGYDu^W4vP9Kvyq1hR;bClMVN*L0Jt2 zpy~&CEp~1VT3Q)<$c85};jJ^anb4$P2DOM7Bqxm$+cF_j8;-ij#^*+aqg{KIJvFeNrQW z`%ZSn(ebm$JCQA2?j9LD{0c(yf;kd77OTh;$T41?b2zI#kvE}m$IG80KY8^R{i!zl zMFL%p5DtYY3(jOd}{JC^A??oKwlMz!+I)oVny>GC^O0J_I-m5?L>@^(5#) z(A}6@b1V?qIrQvog0sxtzQ_OGwR7myVOF$3=AC#A=+OS_+Y(~^@!Xs)U z%qMCUt2W$x7ac9lt6L4H9HKVZ8jE+B>hs<|#SbPP&g$?B+X_zn>u9ZT;TXNNjyV4p ziIoKO4B|7ofg}2G4;u9I!pfk=CkxaNl24rFiFk$U@Z|p)a=EV)3;5(bxsz;3A4pqa z6`d)iN*aHS-v|=r(s*NbfIY~{U@hB`1+14rD&QQeuXP-p_}>6h(ng!78NV1W7*)m; zqpNYez8_A^7wG-;hT0q2op9nlP;0GzukKK}mC9;>_yygW1IX2YY%X&-e=e{38ihuP}1C|G9d3Jm%?dUjiM<=V(6AwC$JW_=YFJ z{qPGwWz=}k2{9;CI3)*!i|6OXr`kII^7C?MC6v#0J-3SPxwsG{iH8cu=46KhwJ)FL z2C||Da$nHCeCDD2CWPZnD4*f_ts^m@WnvO&zKTdpuzb252(+5Y@TG{z?y$lP)XtWl z*Q$J)?FGt&yohd*cz#mKi@}eArFQyB-1XrVT0ur3h$9~hB{(e<@&5SoA~zr;I!eHt zqOl;ddU^(^B63T;&<%4+)G%Qg*AXv@EuZQJIx%V>M>kLSE$zz-+yKxJqNFT7CG59d zdA{oxsx*q;oivHay?{sOsF`~4GFavEoANf zm{`%=4Fvr$TA(N$vSURvHxzWpXrXHK$PN`v-4M_pqJ{9fWc!K}T+h%UqIq`vWc!LH zhw|%o$_^FByMF6Rgxh}-DjK_<>nP6R+TVwY@Xq}+W$`-(<~^6U1{go=i)-#QXg zyNjk)G;jmK!0wIx^=L}40CO54ye?YEXidp<13^=Y7AR^{GTczml%j>I)s%EM1k_@* z5Rpwub3H?aMDrZcl+;7{jc7`W>$k2%xHX+n0sFZJFV1L9Npb_#k#hG1?JM}9{6;h- z=K8IpZfiHCRu!ThC_LJWUYCp*M=OMCe!S_I=O?uy;JzH1r01m`P15g%gk(nx8LdhB z+(6JIqXmlAB+KW!p`b}d3stj8md|rTKx>E=BBDu_U+j8@ijC&kYm()259QZwlB%BV zpUTegsq;W8d?DQ49!ynL3@PLs8@`WB;)rAniuZc+!}A!yB8z$r!psSjv1cuU<2yyYVMo&CtZW}mT- zKz`qAz{{|cJggRhklAWLwe`W)yg7_Cjzp4NT@4Fe!w$&@XW!rQFZh1`9&r5c0a*t-KrZ6Ld<*cKZvu{s4ZMo4+%ujIzE zDW}N^aQC3Ce6HLBc8(^>neu4)2Kj1vty}?T<&Vmr$sft@$gjbzg&&pHaJJq=X`m!2 zu}XiCF>#JEMkxUaiPMz=Ws7o`vProKBo>sZi`C0Oy5f@{%iwt#O1nqo~{eQ03L(9}kwJWp*+H9>@yBGGFHflG(3H&?SYud|t6TN}1 z>Z0CS@1>su=kH1S5aZYXKYqa5QumK;Bdi7O4~xZ1#kt}%F;AQzjsxuoL&Sb!53!4w zB6bwpiLJ!u;&HX6*=&%_=JYrI6QA@r&cwIs-~tOAnwyNr)?_yZmwNE5$pPg=o7Yll zj%G77o1%FFnoZC=9?iyR9*1TlG#jGX08I-`6HNn6;M|6oH8fQ;6*OfuB{Vsj49x(V zAh8ER0r#IAkpDpQcQk)P^H(%~LGx!ce?s#|G=D%7xE&!Za65tt+>T%ZS0k9f)d(hV zHG&CTjbH*-qa4tH^ASv<_aps2n(v|cCYr!q2!38ga}S!k(F86_a0f0+Fn6H&1e(YR zt387B!)R_r6FBI>=iO-Dh34&OZbI{BG;cx^xOBni1~k{9S%oHW-Gci{G?$~f3{Bt= z1b5&N1QWPr!7M@ZVl?O4rqTjwEFTTHKA{BY?Oo8lGn&AW3hq~-NhJe3tq>dVw1WE* zq=Ca1M$ZqBJ{Qg2=<+(!{n6})F2I{92Y4=;lhK@nW{z#@Sj!sLrY(I7-trwj%|UxY5$8bRQQ{ZvO2TbFho(%7DLY`1)f?ZOA6dmA)QMzbZF z*#2c~pLz#$`G4$v34Bynx%i#^&U&GCp-AbK);6WgWcDScG(ez%vP2RJt+8-t=7vm} zWYU=lB;ADRhAlf3QW7e!Zn(ABy6{|4YadU271xJa6@6OKrxmw8p3mz4JKs4ob5Al! zCIQs?5BYJ{ywE>s}`TbqYvlByHQI1FP_e1#fTNr*5!*5`S{Uz44 zpe)X*31<*64U&Q@5d0RA-#Bhyxt9FKSu^3R0X{-fa6C;oQ^dX&q~MGYn_BQ2XAPtp z$#0xBz+lL4oGD^c3x4D55Ib7%yB0&79TUzDNJEnJ>qzJrz;Hi?`!L)^Lb!V(PwD=` zJqTD9NqIkphcSE?hEI{ujx*(Wn*0{Atayg}cH)>28Fu)+1Vh|$P88mir zRpG?-`_0y53Ywp{?IVemlD`%wX7wPw@=_ z?}VpzY@J9zL(Xmt^BCfKCYl7$I(@ed>m8pRSxz7FW4}OK6UvHl#~((`k3BMBkL*~=)a|@_)Kav+w5_|H zEu-eg{t}CS@P_v}9~_~-xa&dV6mpvNn17S=qa)bjUpxI_IrUH-w?5!Qoy&@|veBoR|^pMs<~d8@q`?g1kKs7V7U zyIlFw?|;FkhcJAnYik*cBPnJZhE~^;#r$SF=6pYh6%=cGAEvz5#k5bLe%$Y7hwEFV zJRih7A8@_Q>Mxf4kn4A)JRg%L4L=%UuQaWc^W#!dpmrd~ff3`Id;!DHOWUi%EzOrm z&yKp%{zH16A3f8H(ks=~Z~8iPWRRMj&GBAc29$#xha3kSdqKK=i-S<@8^FKYonRmC z4xler04-mnqC7xx&H(zJ(O34rfUh`0^E0{&H~`0y6Huhbo&-O5yESxLC(x~Npk9kK z+#H}~{Xn;u={r$N_Yvya_6@MSU!)4328#PBp!JLN;%Hop=|lJyz_DPw3(7-a6ljT; zu%$$s0#^YjRYG%9sXoja&(!yGxvjA}wC#PylBDxD_6hXiZt})5ro9`l%-DEVrW_;E78{=v4X!t$jH;rF4e#!V*<0p(qjPEx-W$ZWZ zHEuILY<#=1$9R|VPGiE@YFuetX1v*04}Ko~#_Nq&8?P{4YLwuRk#>>ID4``5i*y4K zo3ThJ`f8z8T`W?RCPru!rV&cxTBtCug<5>ENGSShk$g0ZmqxWTLb)CbwPjAQKe}GEuQ06B7%vqoBRf zMx~p@Kav)VB8p!dsrIUon(;Q8sK74Kwqyqyj>v8dCq}0{Ixv7#7u6_iBD$!?x069N z*qdmC3&UXhZ-i`L!H9|Vi&O%fX%kR8NCs*X#=wly6)m&3U^x?&=Qq_LL`?{l%!^ae zeE~24urdx91Fdx{8*ndB8wVT_!W%IJyd1P90jG!XW()zRhu;e@Y`_q3deEQ6 z(Dr@uTYMG6M@b0$NfH9K3SoeRy6<85T?|j+QrUswb_};+2&G_aJ%%CF1Ha#aA>twu z;v&++n1a}h^dSCz0K)=?n=ypZhO&quNr)jy_hHJt7$S}(A>Jt=-YFs8DIo?UA%-L& z7AqmnCn3%!Ar>nkCMO~OCm}X0AvP=_RxKe`Eg|+MAwDW0J}R|iyX!DSTv<}_H{!%n z0)NLbM66wcafA0?gW(+*BDO6dwk^FCQ*OubHVhH7myq6&Zp9R&I;0l--Haj99@1Oz zcN2!oF+@s+DAPlWOEA0z!^Idb!Vp#hJcX42A*=)lVI@EaD*-}S0}#%`a4v@R7~Vue z*N-tgh2f7d{2_)v!0;suVf{c(SRoL?3V{$;i0eP`_jfS-HiqBA@S7NZ1H-Rlcml(( zVfZ43|AFCGG5iXKU&ip?F+7gpzhU?ShF`+)c?`dZA!1#w&*Sf77=8}J&tmu)3_p$G zr!f2^hX0D;Q4BwU;m0xj7=|Ck@L3E$h~c|2JcuE#e;2My7p@r>&Zf(XPelwZ7@9FO zVQ9qAfT12k9fkr4oqxsfFBrat;h!=5KMenb;s0WI7Q_F+@Kp@|h~XbF{5^)h!|=Bl zp26@p7`}qxuQB`;hX0M>FERWDhNm(7IfgG|_%jTDis64@_!A6q%{Xz*IC0H5am_e! z%{Xz*IC0H5am_e!%{Xz*IC0H5am_e!%{Xz*IC0H5am_e!%{Xz*IC0H5am_e!%{Xz* zIC0H5am_e!%{Xz*IC0H5am_e!%`okITr*6A9@mT$*NhX_j1$+46W5Fr*NhX_j1$+4 z6W5Fr*NhX_j1$+46W5Fr*NpQy92s0W&X3^lBN#q|;nNs?7{d=?h^x!_0sQ@b3=d=Y zJ`CTB;d?N|73h2y{(cI>f5Gq&hVR7iNepq7ItTD~KZXY|d;-Hh4EJNW55vbX+>7BJ z40mI=3&Wil?!a(6hTAa2UEq8Se?N-hJ22dW;UgG6jNwBVK8WE17#1+xjNv8>-;Uw^ z7~UrchB4VX9|yrUQDkBS{%J;lU~3ZYZV7j{gu7e9-7VqnmT-4Vdu+~nU6-L=FswFg zGV~b^8;%-I7|s|);}+v_pvexIromMYM1#GePf&aUcw$tFDy&Y`iZ2_x&N8zr$ z&$$Jt{KNL6K>MGxpN3m$*+H!5HG-GEoxo4n1YY|Nfk(fiP62Gnp8*YlQ;w646L1Sz zZ(Ix1W4pNr{Pi6&9~IY{Pg%U;F|Y-H2xJS6ThCh0*kqvKkJ%?V>J3eXc0-Thh~czx z5?E7PZEOOnug`eccoewU$G~@6Biv;7fnBxJmPwYVrQNd0(q}mWchi01VevTV8*H%& zAj{BbtG8_eS%)rLyX}zeIC!U*?NfjY(d3u{cgCV=wOKR^aF>4uyuY0?oiv>=9XB6` zTluv>Y45Zg2DyPFR@piQ?z4$U<+EUw?=;+WpA=76H(7h&M!Vfs19#acY-hkWp%?Gx z`<$}#I9Nm6Gwz7{MV9(Q`dTVf4( zo$msFibq^$q)Aevv`IPxJeea-(HV6KQj?)x>=F-I>&^8hFWmkg18<6loI9PHz~kU* zYm;>++^iq5o-!OVoH86YoHPo?DaJ-)7g(t~VmtwMtfqh!{2JitM?orKC(z=Xz?WSY zNF*EuX@$dPFUSIHG9L!XfwSf_7TMBhsRw>VqgW5z3a?lLG80q8Ng$ITSk79`fIj^x z;8L8h90%!%qbAXK)_4Z!^;5=^hP8$*U=9DQ(QA^;lR%SXEyx@kF`opx4uYiy>?byf ztHmwiQLu8@XFX;;ZJT6^NESu>Day zDu};Li_nk$fkokQ^e<`=b~;JASvY|HZbe}i`W=S!t7-ne-_Uqx9m|J)Kq22t>^bvC zdLT?-QP|4-%pO4Z+E7muD;KBFccDL1$cKJxq1}zF+>y_rKET+g$89`oV?g=r0xOLw~oTu#Ju5u8V2@$FC$Ylt01B$7sBZ z&C4$In+oHLep4Yvf4~s0X8D)1{PP%$ev_e{HVW_dvGm;}wg>}kzP5dqr5~p0yJnIY z-s5Eo?_E!yKfayD+iz!a1B*Q@MnA2hupRxhLc8dv6=LQ;_Q0Q6KGu)ztRLIa|EopV zRZpHU)%>v*)|e53fbo zjxppzf6b8Z5X<*8jdwjmF=TW9>@Iw^(>_6yJoTYQWgs|-uX)wf1AahV==B%QP{bM!S}Iv9gA16 zcs7f#VX;Kx9skQ>HeNgagTbF*@xQS6F&giQk{IUic^dC-rEx!=hp?|tQ}}VVZ}%)C zFs!>dEPs~e{{e%y(D?C}Nh}I`k`&%yX3w9b@xJe}_=_z5FpJqb--qkmBJ9Kc3Gqty z{3aG($Ks1<{5acxd+sGLyk84V-~CY<_y3;6(4W81_%XIF9>ez#g~!-??8kG&BJ6)7 zEw>-n1GJC%VP5gPh4YcElRdj>z8!uRPowp3W#`dWtOv&7eeC($SbQ_hx9?(>pTT=R z!=Ar`#W@=9{xQwBAI}e{@0;xT$5{MM8t=z?;5}cZ`S<*SrtiV?&?4-y)AW7U(|AAb z8yGJ(&U@}=`Qt2J!s0NAAs?HU{kTp5X7jaYCwVRk`|n`+a6Uz0-&|UL$5&{)hwYR7 z*e@uL;|}F;{{hU_#eTMq_TYYlbT(i6RFhk( z&(`1GH?VYeo;`u}nS}v1-%sHC0*v!%5uU*M0A}<21RL+iK2O_!g3Z@s|H)wNpGA1= z*9>O!zSY2BHcwkGXE0lLTWcB2*5B3z3})}OcO`}QvVE}kItp)nD~zkM+F5=M^?!*yzlS|% z-|xO=mcGk%NSlA}6Rs1&B<;AeeD7oB*?Q!r127|P*y7wCb0R{j#HOZ&VJ=#4TA=j>l;`~5h+ zaK2ci)91%xByIokjkNy0r(p~=^VrYug~t`A<#)mxgopq>-i`s4zQxh$hym4lk^Rq> z4*|U^TO{*`z$)EK#;+K!f^6(h|H!(+fs{qKOsCs%(;}kbIrEZx?nz|QX{9Tt*4&y> zH_FYabsfrew%J`-b{jJ`MqWx(aXZ&R9yOiJ*;2_mITj8?)Tk12M|=UFJJ=R! zbH|g3h}$3chLX{6#G42PY)Lhj$fmmTpvGG#H>i2ghRw+fdelUBUWupGoV+oWZ_jk+ zvGH5gEYbI!)le=pt0|jFb|><)=4U#(l+Io`om#J^d*uXZSLW3u7MHtv{c4YD%jK1P zcdkxWd%EEDJ3#$aN!zk&8z{1NCe&P=O@@DNxjmon%GK4@=HMl=Y8v|KNn|=|JGzs} z-i<`D* zpagtsBp3~ZqM?Kmi1__#LP`2!$w)L94Ep@BfRbqQ#UpVwUYo>mfu7rxZWxVhoxD`Z zu7?>}rlxYXB)n6d?DzVjwLV|1-*4;4BvWlE6{Y|ZV5t zO?kG$Xn7f5Es^O=rs&%B$(c4e->!DpVCZ2B&>Gz`lG84KmCQ=+VO_R6N@C+uC|lY4wt9HJW_d)eQOM zI*9=R z_=dnoV@am?;aFqS?u#Ki1(r-gyJV)O3kTw~%|*0L{e}I8Oeq{t@CB}-%}v%E#PbRV z*5b2`^qF~FpH4wA5)*P0|0YIYVg&xb9)XJr2i}V3$z^z+)V#69=k-S+_4dK3-T)ko zw_z&%xYk_hD;!vj2`g#g>538vDPe!a9SF3=-NB?c=vI8;kUJR&#Dhv3prC5>(!zmN zSm;VxXj<5(LT;ZDy|{2-B|dp0eR4U&^rjUKv|#%6G<`|}&>c5CbW^Nva^XNTKEH%M zzpOpAuKnR_3I|r;slD|^nmlgmWNE4+wO+~J4VYIp)4i@;W}j<$h1!wHtAHnWD(h5& z>LW=~%^*}JNxE}T4?*!dDzvy_sSGG^J_8h%9PgC@+fC&&1i_G%1P~TELLjAcKwXh+ zm;kvp<~jh{(4GPM0+4Ob2$V<{ygz&@(@NYEhtGX2;`-iDtuIuYCIpF+c6VepU^mIw zXFF<3v<{#KKt`45h9)JS?OiW7WtHx`RiJeiExTE6Q4{Uw6{9brRkFN*;6{rY>SUj{ zgbcMP*>!4uQ3s4Cpwjc}TG>)+g%y)mI|BYz94aymp1k_>@-ZZ78*U%YbsQRe1kT<~R1oFrq<&$z=uQz0?jN*eCt0H<&HpWoo-l;1H z7wKG+rGl#u{JMV=WcgjT8?1MTk6J!z{=QjfnqpjF*rY$I`?1aiS)U&D?}DDF@CIuy zWCM3Cz8oy=+yYHl1s(jFJC|@xhy@?PxI$eAlzO&T2CEY}_(e#1c_}Pyr8AZ5$mz{~ zuixwT`rO{I?Df}qV|4+a$LkNpg3(G(e8Fhg7hSB^>u(d*T);kcHB@dtdqNVHLJFudu4cB^e6=~k#>x0Wht z#!y-Yv{q7XN_D9frpF)icmqDaFEped@WdAi_@m*4(2tidXg?ASq#v~v`>~+JrIJ&f z^4x~zN}Y&$eEy&pPKCj%&mZ;pgRwv?)Sx#S|Mh});;wnaZyU`TyG8AdXOwJGUZV68 zj@y!qlC0FFh{qcXd42w&U5a@8{y-=en5Q?Hp1Po2+H9^Ted?|_F`7OBExj(QbU&@nSFK9=5=8%5gHd;TMDH9bi z4p@qcylUwp(z#rBhnlT4g&~hG9P`BjLwgqT1iZnR-#NmUeVo2x>{+%e4cXQz%MPCQsz%oAXnhFX!%lkJsh9uROfo&A6P2&F$_mYC>$M% zfBC|mFx&$Ag0u9Jbk&9Jqh%)P^~cs#rf--&W$HIQ0AA9A;1%7e`-$#(-DA4D zbyp7gds4Secdu@}?snZ=ofn?EgxBCt_l&TY4CO!8KjXJYexFr^{z>%uhjJ`E!(Tbc zHROs;&Z&7hMHq4!IoF}2(>KU%-C4M{&B}zsMp$;8D)54m*EtLQ5^^pnN7XYmROokM z!rPE%=_%bbk)xTgJ>iy@>|2%I3==)5KTOt7=eG15xA((Z^5lXFGOa+g$QsVV56Ebm2T8oaP`q| z!UTHtF>87(?rn=IVV^tZi~HTdaInp-B-FUu8}dg~uM&ihjQ7$)zYz=3gJjk;MU6z2 zSVUDWF7)g13BCH5RlfS@*I_!n`j|EN>f;TCey~*o@(!2d#-4Q<72tS8C>(e@o>|-O zq7TM>`7t(Jg34r7F%+e{15Qq=qM#N*S2A(p!a#0E%7Gl9gh*;3)a=}x3^sKEof+Y3 zBc5r`bmdT5ir#8~5L2{PiFXreGB+H|Za7-qS;pLT1BVv`jX*5R4gL%AZoiw5mzWbc zy`3o#!Av>;`#_B15>gbP;k3$TM_hHpp{3^B_UaAZ$Gi53qxSt{p_s~sPl9~D&FG#q!y$??bc6t%1sC%^uVr${RJ@i$tqpx~y zLQzA+c5;OSchmY;(fTXkP#0i|pr5_keomcTIM9O$>*;Hh@T)2hnVE$H8?pS&wEW}| zxA+Z(0~;`Rism+t?Jxz6_jmo1d{rm9F);%Fj3WSoGI!w)r`Y05B0dui!m-nZsr0;^ zNd#pwm_V_`nbWHgTL(dzPAo*R#hKH*J|EnBDc%?e%B1lL#TI9lvBd-HF`Z(IGlyb} z2kyk@6kD9hutlf-Q^FO(b7t!&tnalxE`H8*2K3n1f?l=9^eL;!Iz`u^TTUo={aRN> z_?7T|{Z#uWgco#w0{Z{B>0#kxx@U`j`g`>s06VkfT0+nr(H+rF`CwT4Oc3A|$OUM% z|8z$HBllxp=oovioLuOig$Yy&$cs`ykn1{aF8K2G*Ju+&NO-e0Vd{;A{;M&e0}pL) z=@S8xzN);Da6NNGMu(8lRIOkTEe@pkRagNf#l1W!ep8`;20o>Txwir-J{r^2^cEme z0$2%Mc3!gVqCp@pyqHQCjCWd6@h5#s5XlP2gjKt}0k_xhZfRTsKVWd?0m_ujWU{$hV4z$>KmP2+Dt!Ez%;z(4Q^07t=xdyRf0ywgF3GU!VrlWvfyOt^z_CF%yYd)%D}D?xuS z2pT@gAQXC|rjTbk=nMtI3DxgbRc{C+FcsAuOTvbXDS?wy8>sbGB-cS)FB;?t zbu9%?R4dMxno|X#$ViD=uOQe6>Lyega${WWXkFEjYRYbCUcgI5Vlg77Lv+2aB^e3R z*^^AC$4-Th^OP@A+Lgr@;Ujgi<|E}9-$x4YfN59@#V0&hf|=w({}q@-zp|dvS9U6< z(vO*ES~MO2A?J8p1t#7Ud_upn9?e(wGEApmSrJI+_~Om~KOCW%VWhnAMly`*YsB96uB&^k0wj|L7`;o}I^Id^8*s z&+=-%P-8gDt3|N?zdzG`zS6$Y9_ovhH7sA%tdUkHhdPibcwUzz-2p19la|HRhvAxD zkn{QhN1^{(dTv?ix_w=pTRz{&2N#=#@-(o6OEVE;KaWP;j^}bH+4O%FKCX8OU{QaI z?QZb@cL&&0n`aB!t^vDyHtV0k)88rUH^AH8$HBH;+}Z;E+oIN);L*+H^1H5fUFs5@ ze{%lH`9rXw_66s?&Q7qIw!+!q41=|`sZNLEFJSNQCysA9UT_?Be84dveh2L1e^UGq zc#7L87Qm-n8(4r_EY21^;zgp-@~S9@T&5;MML| zV3F<%=8u|xXzm1Cax2UY<}la~oN9J}50*2gpMclB7r@uvfN49}v1W*6?n_KCoDKw;>I- z2Im=qhCB4H=uhdtp?_Zgas6Ta0sU6}{rWC_T;HN!sGq5yrg!P1VCAsRG0QO>YzOM? ze*ixSC+%MbPl!*0MZewl2kjfcQsNBoTW7YN1wVE#*s8lj*Y{jsb$u3W3O?o93my`CTz9%!UCY3x2m9wV zUZykPzMLa$U&cX8IcNz7E$5)c9JGjo8ae1@4qC`T3pl8OgXVM4JPw-6LG>JT69>&P z&Jd!-o{uFi*D_n!9_6422ZcE(#z8?23UH90gM1w1<)B&)@^FxwgJyBi^&B*lgRbMC z8q=-kI!blI_N&Tu0`w*hk~!!~4w}J1S8&iY4tgU8P354=IcN$8UB*F|a?m9lbTJ3L zfrBpMpvfS!e~v3FDr~ox>jcQgK~@fOaFB(A%p7FmAR`AEI7rVyIt~)F(6+yF&|f&{ zH4geS2mPPrsdF8ru(0iq$B;m&r_KG(VR2-^;p>jY?kgZeq>00;GP(0&fu$3c&C&|VJO!$G?_Xcq_V#zCzd^i~eKor7-Upw%3-ii2+Dpp_id;(SzCINXd?pI)xhFKj!`LI1`< zFL2P8IOur}`XUE?frCEJLB}}ga~$+p4*CoSeVT(l#X+Cspnv6{qkx5k)01KU%(R`3%?r+--TAWr^OZ`!!@7^rusGExP$SzwS-CNxBVM zNcbP&W#QYx^TKoRr|TON@3XL?(7znnL=REEcu>FSmIVt|w}4%!Bq)@j;?;uA4Ipig zHsEH-Anp#boM4s@MD9_scu6V_f_=R*C}JzrK!`t~bjn?6knSbTrLr=J_%mH|xXVc;igm(6xoO4n z`3stx*UW8cnG4#OU|1uup4o7Nf@$`Cq(j6^6$nt0DrE&k4$;sCsFs25I_qFgo{^&} zb>xCZcCQC5f;^<;W)StWbs$p-(urVV5gt;bdZgb9RE$PSI+R2^=nZ(L6#AFpH3Bs* z6`b5W56mv+Ks!|JoK@&wiqCFA`aftMMTO6qHw|?l|My?r6K^mv0uv)JF#>;&5rA9T zM$Ij)pD2plj0se%!#^GLK|%pl3A*9h*y{!*?GUJpctOe|oM>wcMkDb^GzOAf3$YNr zWA;yr`(l1yQVn~d{sr3l-w2n^4VXYLo&B0i=lPgUFP;4rE}iG$bNX@hxZpeX$S_AYuv!WH@HFmP}uiu^vP|ma3iIt<0QBuC^^^zV; z&ZV0-D_dD`1LPj+wM%ePC!jm9z;D7tD)-pTa-eMC zz@*=xo%E?)h5kC6^UZIeWlLhY7jCOxQRt81OSoy1lLzncNTEN985EkqT>UtL#Pim_ z$M zzBXR~Bw~YrNhKozH(33LK#eK>HYF5|Me&62%tBtc`6SG!ih(L!l4 zFAB|aD+NxL?$qjlFTTi#Oi-cWooStAoY_=QR>3~~;k-BLBYAT?WvKn%dY(fm4$ zY`X27M4*8Pcnf~UDG?B?Km@Qg4n)A)FefDigI5Augc>WSY?0u!ws08KT9md3a6zbP za>@k>YPcZOLOJDv1S@bss4;SO#ZVNzr}oBKyMzR#2F6(eQ5tO0zS&f}OSkKs5uAw% z&ff@x3;in2&>B1e!{&;nn=6@Gl)i47YH5g5Y=fZ7>#@k7B4}lH9ly0@|W?fi!h0Y=TpYTiJ zyYM&aKbN8>=G!O!jei7OitxMfmwr8#bQk*X!8N}WKkZSi3#^Kkp@WKwMD#b zJ|9qeIV?mez3{Z8FC2)1D}f+Tdeq_$rS!rYN{`yyp_E>@0;NYy@K8!GjFjG%*@ga2 zl;a~zG0(KQg z;J1Q|8`^5-YMUeaP;UEEj58S%+>n*?kxEJ%`?xktxXvs zEeJ*ri#GmS!Nz}?DGF1nq|#s=vBcsb%>c_&!&7WgJGx4@^5il3N3*cY`vx#WTq(!Q z*126>!##u+u3n)gdJ}2Y6Hj$kDi2vkXnZ9|D&|_7y5rEpVM^014OFbMl&2CqbWEIb zV1|dO_b)eyX97bXoLP7WImt!d7>=qN%p#L1p(%rOpIHv3`pofJhq}(XztG=7IjtR( z&rssD{;k$JoVU~#7&~tXvx*u4V+rDe_Z9l@#Fu=>dis*D2QDr3WDC4dUx3rM)_Az( z_8#z6D+xyo+I;2RSKfYP|CKh|Abx6bHxA;Z(mepnmvD5E&C2aN`k+)Nyjp43Y0L1N zP5WeM{dC`y_7-F=RbPAsmZh|}AkV0b-s-!)H&X&PT!AlK z+>^sQ_N6;ov%6t8v}@6ksrMH8*U=rzzW60UlE2MI^zuSKbx8eYx)&#FKc+B9YeyTX zb9oNz0&0+yjWL=l^g0cn6Q&4{>FqBX{Pxf2;r3qqnD}nX7mXK-JH(8*O1#nVBk^MK zTJeOV(f;4|57`UChlK&*vErZpRsGM%AAPg(uW`JovoJtS=+MKf4oZ;*m}#9)lG~n=8bWIVEJvie(0?bpKq^1mSbnBG54iFjxpr_H zPE-ci^;4=79FrwADQZtbO%r&?MHf9{aaYyRN>?pk6%Mw-zw!Yz=*&d1!KImGcUrAm z2FTrLmrbL)t2(FqrlvwaHHE%;GOm|sg@dITys(3LXBA9AgS2NFJd)=?O@#WD0tF0$ z8h7X52WW&qoXu?(3;p-uA}r`=rKMAZh@)vRXNGd;Wbpn8UR1FP;`1F_18opY1I>-1 z7b_W1^E{w;8B|;WkBsR|W_>OCF$XlcjIAeAS&&))G+fPzF9`BTTg_J(uxSXe==4}3 zM zHSaVAg6MBQ3nP#{N>`T$eA#=l-JP|0CAU6Tn+V0#wop9c27&LOJD3Q9fxbjrz?}>w zLWxK;5Ch4NvKe{p7otpVp+Je(Hx4xU0$ZH(m8m0oa10@3X0{fWdk)T#GVR02n3+gp z&>c`(`9yvh48;Q-2#C9fZH&sLi66!^Xo%$rEt?y@GHufwE=eR-nwKwZSv7aX0u5GK z)DRnlQv&)}dXI{POl1ONtY;2Ki42zbSXvk`P^`vIcWa3b8Rz1I@2*{gH$~AL-T-wX zLy?ClMIJ6K3|KXsn&`9$xU5VBy+PpA3{X!Rlv5Keb7}^tFAd76i4Nt|3{ck^lv5LB zck%<&K?cPGq69IZo-tU0Xf+5ndJNVU1}5VxQK6JN^XOj~dyh~*(iuA1GmwNC5GYnc z8;!oMu#!PER;p}_kDwx&%?b;hVG)Ex!7bV<7x!o@I);NSJ!F?cu|enw?$OrrCN1yM z3iUzpVK5WMcp<1saldLdY*|Kr(3T}6AL1~h;U=SgyUv9yay(L8vDXv^F2NN`Wn$_o zpeQB5_yKC{lHtQsfxx+6yHTeCfkAycPy!>$5g4}>2Hrr=399~CSHfGE)FimLCyqi9 zTOp1O(Z!~A|A3M$_0kdtWQKUoP}@}CrGUeE&kcnEYN3)+R&|r>HM*r>*;xe^9q~ST z-7J~2qAJ&90av^Z+#U3ew$CP>PmI9C2%P5;a9ZvH{r~#}=>hw3`*Zd^_IvD#eU|-= zc9ZQlmK(r5ih~zJM28K!(bK z>o9=rikg-i6=j`V1Lpk|II6YO2Ro@N(HzY4?Hb|+w*ydg_Da-ff(OLVy`c+zEu*13 z;PNO%NNc!~0cT!nnZ#&72aMEApYgA<>-Q;Hx&042E6o(Pru5u zOO(M#tE9pb8|UHzJiS(fpUftRJM~3DF__un1Avsc@f9DTNXhKi74AIj^~9pmA|y+2 zun2jjg;+CFv+zobl5p)<`k*yOkzx(D&P#j~w0RUk@9K`sb3tL*1^i~5zL3w0#8Xg(-MnQRGbrpDI)b9)Bk<}rO?2&L`U@9Jr+vz!0H*Qo~OYyIu2Bcaj zXJ9_L#{eQ8@#tzgZ>#9k^*pc}s>Gf(JcuF!?eoUGfH?TTxU*DT!SCg6x1?^R&+}WK@V_z#` z;dy0Uj=IlrGfQveLX;X(V~e9i%XmXYimRLy4i2NR$ryJ$nm(9+-&+{CoT4-dL?r4e zV(C>b<*_ber|n+Q|34uJXM_{dbJ7!1QfiiNv@NjJSbu8$rd2UNXMW1O%k+ZIRQv;4 zzh6iRtA%+`bey-v%O530wgMeFg$^Jl74n<9L9!seWJ7=S{f%N)&v2MWSu)Xfhda zhZKJ_(iZnCUe#OqjH!64YA&9sU;t~GIJjA`0jP4h*m|y{t*)i-M>tYbogO#`yTSco zZ>`elPIcz984_mPML*hbOYR1q0SINb^+LPujU6eF)&$rMlq-83=sUX3)<~(=4uAA6 zQ#1ZRkGD3LTGt7j50C?mD>=0mtSH87I}~tTm96bnvP$hbwQ~*W`kHj-`Zb_E4ZLVb zziNpuroArp25WtxN~{awpexMp@$%N^kL0c_$TcMLbztMM69fcuq!csHSVtU7cfg0S z#OJ2RNy*7d1?OCTDzivVR1G~?&R9HZiL@(ofewv;e1He2f6qoWP7PaK=Ye5-5kO*qDJm0!9PcQ z=(@tdeC+I_)KJ}=*A>sm@8!h6w0pm1CT#Xrw%c2ovwD8Jw+`O#tu^#kR$CHR9NGMp z4h&5VWFu56Pxy=F6Gl^j9x+g))B<5pX`3FlsJ5+Eva^c~^Sha=xK(Z?Te($c7ta)= z8(5o2x2-k>HYwmK(w$j>2{z1@A70c|dx{J>S75`;)zGbT zrq&k*sI9#meS;FqYz!#F<%I!invdQr&*5&C1BC%g>##SeVLAU>gd!`Vf?Aq>gb>1C&Fw{V$GC+MEg^=jzs;~dwF zbNw{M7XT02v3L^ZQNbs49_zu}@&Gl?KnK3QIPk!8pynAU&!N5o&w(0hpgf0qRB%KI;f&4+cyo}y46Rtrg zmEFoA+aeMV27=KTSY8Z8lI|e*DR;-b(WE=9_#*K(pQ6U1ZDU|t09Cy%t90aOqkwpl zi*0abP-;{L(dkZxKWGpZf=_~dW~7K^6sCta&yB#uNM;f_&$>)z9cVbhoqcVti%7cx z4GE4EYLm6TNLO=9!?G^Ln`;YqHL5GxyK@^>-5k!gv?o#vqVsdBTbk1iE9c(c(3`2u zKPj2}ix7X{z<=P`2XZC;!4L)l!P-Fp94J6C6ClE{GKa1vhz06&1~?Dv$k?={P)`?l zA1aWEGy_Z$2$>L<7nIwxs6h@?m_!-bGP!HV!m7{+R}ksYLHemzQKNip6%`dsW%(*l zCC-2??M_fSR?^T7&{Kw9ZBTQwWYx3ILuY)I8drO?TFE5}fD8qi`_t;mm6^b$$1p;m zc{&&Te$Zb{KGovqmq7H1q#2FW*J_CbtcOJ8zK*P0>g-}(^{HQ*BOM?;bn%1 zz=I-flbUTK%Y!^0+F?4w%!@268>F2o=466Ktqb9uhN-NWWzo_Fm0K%jP?AYdfhpyI zml)MoFuuB5u8PgA6b4!;ArwF=p}xeTIFCCM&TMKWj-AOTg}EEp88(Vg6xhSHP3fVx;<@5divsIUa_T{+~mniK1aRo2i#I zdN$7?^#4-Kwvw_(r&n|H3v}rcEJU%CIn#oPXxNvCB*EV8z+!wt$K*=ofmEr-UEN!zmE%T2tQg^ z7|0@8wO7Sn&O0BJ=`Ct+Jfmcj@)8B)p7ZF~4~ft~P*J@8kl!8l24e1@x2??$@;nd( zVr|KALJdZe(aOR{L_8ntAkk`p1SB`7Mb&Q&^~;$+D&qp&jp!U#nA#piGDObEi1{w)2)8Ri=5ntI%+zz$1L9TS~ z2m~!?Ua6hEZEX;(TSwFd+H1jrxSFeFNKkE71;v4Uwzn3nD5{hGyz#!+Xa#~ zwK0D!(&wWP%BaQ+Ch9vf$rN0lg2cYx>!XR|Qy3uR9!EW|Q19vnZF!=U0A`h%@l8tv zG;s(CZ=M2G`kdTa91XVCz?%+T8z8^{^UoYN%8j=ySt+*@A{OY%9Ejwf+W-wuhOa5k zURfdl>H0+tb+Sgwn%7+}VecincbHyPBqj&vZ3fYed@A1!Yf78HXcuQNUF#+Pg8mqx z{DHpBku6a}_QrLCUJJ5?s?A7hR7j2GorSekqE1UgHjFgZ49z_onR3{#-Gp}lDm$a`r^TOTS_vCK|z*m~u45Y6zk8ld8kwBIpKCq@RKn(;wQcLILb;T(dq}PpXzcs+4 zR6N|7LHGv6jo(^4`-+EOnSdUeMSD6BWfOAbkbi?L!W2)78geoKQ-SV$_`!|~Wh`WP z@hv!fpiFTG;A^RX0hc^EGeL@moLqIX*Ou??0;VM}B5i|ZFE;}{OO3b{sQ%Hs3N-iM z?bv`NskQGmZ|Y{Cu-DULg5KrNE0OvCV0g_)I1P;Xop=gR9>P41hX5v?Quy!|y63b! zgi6yd2&S9>PSZN!O}ej{tS78TtbNu;tR2><^;%=Wc)Q^h z(>n}%^;ei~H7(G6&GAvwER)0d2jlmQ?=kh5J|#Y9dQwb?E5z$;*NRg_i{=)i`S3EB$>simsTb7{>S`dBjjlW7BF zS%z-NWSoE-1!#2#rILZ}CY-7q$)K@&Q3LLq-Cz|e-wU40a8$3mx-jr|MC5LuP4QTs zTwh#-(+dOCh!G{S8q7lm)8s20bYfL(6;6+bW6@|d8FUAtpg$7~B~)TVFXm3hfb|zv z!x1oWacSWoHCaX(s14K9a2t4C2fK$C7YK?J9&leq&0a=5fPu7m`wO|yon;%la_ zUtTy!Z9`E^c_BB37ZnalSOw)iHxTZ#KO&ygU&^&K0Zfd5083k|Q@n7}tx7hP=>`ER zFed_XL$La&PBC4u3&{$es#%{4#WxoYQtP}o;&xtG;Y?cDxgJ!JprqDn@4~4|3J0mt z-py88bofI@CPx*xB1mrq7XjW=iACj$4lyZ6)(lxabv3Q6z`^ZGts#t2!mujB$#p#B*VYIw zLzC%jSAu3y+R3Mp{@w^5OLpsnm8Ek^F1L|B1CzVqNLYzS+I*3i8uIznfH#@+Clf(m zJQ;|VRkpEYtS#zm3&rAzP&63w`}`5mVoyM+Kr|dulb}|Fxzvcy+vblZLor1O`D4j& zB<4>j;kGt!Lh;1|!O|dLZg}PPbk~{yElUP~48)qHnXJlgk?0f1rYc>)V252vQ#x`W z3D}umGrAZ}rR{l6_|d~R7Y6bBiss( z2hXph7z@{EDy-Z!>INl8Og<3SZb>^Hv}XO(b#f^w=k*0*74Q3Im2thYN-j8z34@sI z`H_(w>6Q;=nHi=Jm$6_=4Mb?sqyw=LHvIitrE52;`42anpnY6^UL+&rYe%3V@DUaD ztaNpSX2!MtpE+gHL8v^P3Pk9Kx#=oW2WjB?r|V$xQ9RW)^y0}W{8pGDd{B@+ASGSD zcNJWdorj#Yj?X%l+F!D-xBba>tMzBrywxDCvAklr&*CumoBqf2u;~)xyNvqlxu^Q>WBvB7!cXfWdO`(u$}xj zSU-*i!yZ3KLxh9+hUy!fQ*3a~I2sIj0^V3C=+l3!`UYng8=O6k27{hJ0KR-a!!^}6 zSXXSYZX68;JYdY)7YP~mSKnZ?*kE)V4f;K>M!o)+QLMhfaIwMgI2!bMg0LyPVPkLg z4F-!12FKB$*At9+175%Jm(@4uFE;2OdxO51C*%u7B7W0bt8dU-Y|uN72BV%xAR3Cr zOkb_OK~J$k&o~;4ctRntHWe^;Ro&pmSypnEZoYP|I7`zaH8KivEqUSwt^p8XFlw5F z?|yS?U5Ap8)od1oCN{RKoifusAz#x4X|TsJm)yHD(VC&huP^Kg6T_uJ^N*{3$A+23 zL7Ay}#VXHxU&s@VdL!Y8WkvN3))X788ApRbPdMTa2P2j*R^Q+?#Rjh#M}q-RB zf?}}x2CptQc=b3M^m`()0JJEcth&LCGfL}hhNi^}x6XX_(x;su*_Zv@^k8uWYZ^;N%P!<6EnOwqhzmDBDGdtxDfI2yHor1}OgEjD=R zxEchKD;5noW>nwc#l;3M9!G;Ak2eG?hKOTN^$lKBZ1AFSG#K;%7bF<;IgQmfIH}m+ zq;WJD@Bm@}2%fXM`UYLa23_N5&<`|-FBtMUU#`AEN3lW2I2!bMd@(S07;&wtzCl~D zLEAVQ^m+o|111o29k0GYvDlzE)&`?>p%~C0p^(=n#j0=6Tx`%hjs~NI=!r#r(zmN` z5U_blxEjaNU<8IV0w3P%3|NbEu4tgO45D#iFd(ZRj9UhPhOL&yb?V*)^8eo##987S zEWfvW-|~6OR?9sWRhQ8PCH1rec>NuNGD!nVgx2eU}6L&Mqo@M0FoMS##5h4YAhs@8pOW%!K*Qq-MPb^ z@J9gToS}wsJU`_g}ktQg?x}&B&S!%3kP2zgP6;7d@m~IvalrPvSWGS;1&2qeW!$< zuZ82jcdK|O2oAsHYPx(bS8r8G7*x1k8ze7LzQ~Hy`h0MgRq^I)(Crpz;*V-T7VdU9 z1-50N(MKh(Kmk&2SHL1D;3rhq4vgZKZnWBfFGsF!QAaFCEDksKcH}@WiDn&q&o#s_ zZArJRbUzGOi;v#%k^3eB74M@PO$qVH!CoSorB*_U6^SK&gI{3Gy#QiRy&$R!#Jxgiau0b9JWAiZm<-kq&@I>mb|jrJ%7Q97MXJ5 z-SP@GxdikSK~uG;<42n4&bbr7sRv6~8)`cfO0E_argF6{bA1uF&ledqr&_@eI#O`R zlw`9O+|^BWrf=3Re>oBfM#JD^4a895N+bgGawHmRQV~U5`l<9C>A3Vs=|j?!(rRh3G+XjWvUHJTbiL|2?fRbU ztFF(wj<}w3?R7ou>TzA|y3{2)|K$9Y^M}q8&M!DW>U^)W&-tkHUT3Fst#gI5!SNTz z8OKi?-*UX*IO_O-W5BW9_N?vQwtcoOw!3X<+a0zho6Y)X>nqk%)^Av!w|?Au*m}Ua z)q20R%Nn<~SQmmFf|=q^#qWs6#ZQVK5}y=ziUlz*wu!67#o}yH7B3QwqQ~-C%Mr^{ zmc5pTEj^YyEv=SimU@fda<%1B^PkMWGXKybn)}R;n(sAtn%9C1LxVYNt}#zFJ4}Bu zoiTmO^n&TA=_jVFDG62%8clUz<6ydJl1UGC4qi5%G=ACmwDFK}xAD`)CB`{MuW^R) zVx!q`*6>TiONJK>#~hm+Sx3@wtE16TXa9r!W&26{m+hanKW#r`-)(=;zQNvZzumsX zKF990&#+%?d(n2xRez!W49^t6vajc@3m z*MD4pSbspjRe!&}OCQ&_=ojjv`kDG^dRKYr>YgqCp7`~TKLSqUWjZPk)FSMNa!`bW z!WJ~uDhFN8K~v1{J=alc5_Vivt`nfi95ji8-oQaF4svpk zgM;iGWaA(!2ZnJS|w!d7i6QG}Q&`&w&=N$AC z4*D?%o#LP$anKJr=m#A15(j;sgTBW>-{qi_9Q2jdZo2Yro$ zUgV&!a?n>e=*t}R?;LcTgZ_fG?fFwPAW8t6&C7e5`7ET3QX3N27 zPZmVzI*9x&_-J3B&vc<;4)`=o6LV>9jp%mcR5$?Tk-7^K;5T3aDgoXI65xKH7pke# zRzoDfsY6*R0p2)WO-6!kY9!>2gknK=FdmG%6*Ulb!+$lS6X0IzH%o^sy@o2LmYmy^mUI zY#g`rx5n-Ia7s^ThpC$0k3ksx0;qjekQ6TpTN3>-5Y6n!WfPu`R00H{Gi`bFJgRoO zS2oucWjo#Lx>HG|GojWh$qlJo2K=?mzjc9|ctUY|BcOJzbm!YM**XxTuB1^`mPC)$ zdPB9oP$fA-rmeQ7sI4|wj1bl$OG+qNu-@PcK+|ro*FQ*ty*eMJNi|O$#!?$eLuAcm z>YFJ8&U~%m~1PW zo59RhCOh0?Jb>8w1C2rdvJ1hR&ls|gA!|4|Oy&-H5H7oU-~9{^p1{a}rz`Ri3Ja&0vuv0ScGd-eGgh%@J#R#NW>_S(awv%8Hf+!#qv2XEPnc zjV{@S!;~YBw4+x^0CB(I(|9rkq zBlu+bw4W?uDAcP>5FcJuI9Q7>v5kF@UJs@sYrs+(STh6_B;LbnvV1J9A!AsF8o`5n zoRm)|ayC)hlGNJtAP23bgQ#>yffYt@z*0Vhh;c=lP&{~wDW$`PB~&_K23M;&T#D6< zaG;Ekg)IBQl~<^VZUI&gcWCfwq&i3`)d)T24hfdKd@!_XP6qaH&}mRgjaUuPrdQ%@aHy8^X=T)R82D*2pyrmd6M4wb7xY|8Fx{A0EZ z4k+e|kuU&qV^+}ePHkJZI%U=>&>s4e`fxg z{xbTfdrtS1E~g6%ujyREYr?OTsYBYg318OTD{L71o1AM2X{v5%b#+Kn zh5yBz@Z&qx6?r}70(xLBp2+n0T|D^~CEE$E?$z8ig@Xm(7nd~cx4@G{h(qsWRgRn2vVu8*r7k&hc@;Pf@>0-aC7vof za@3n{6}_+QO&1hdK?#;tT69=S{AK1wV2osv$qm3|=*XzGz-a(O(7{@tw^mb=yE_MF zCEe@NK&qwN(#pD=JJsn%R2tC0wCV=zG0~j|tJLmH7m0H2_Ea(nY?U^k-rT@1$z;1B z5wg{m*(0MOG#N^14Pxoj=rrzK`Z^YVo)tLCm)(7Lq9G-@rH zVqezMI=?#$4ngy`l5x*;wxSVenK*fo7Ze9YUQP!EoHw@KjAOVE#;^kGV@xeI6Gt+6 zPzncc5xE6DsXVEEg-U25n5?ClWF_Xxxwo*C`sZcsmOFt1+k$=_o7McSO1hiUCzS|q zoRdmyvC%bbHLDV5s-${5ig|Q6bXfi}Lk+A^14FHXwk{C;!y4=!tgpM-P&n8~N&Jlz zi7S!#f75*hN9xVmBbD$07HSj3hi)hwT!3%-=sNnQuLnLri48CY_o<~-uGzB1J=-e7 zrX9R%>9%bx?R~O;Tgw}`wY-DLCev(UMw5=%V5!zh4OiI3*aWwcFIX%5W**{$qr9h! zTY5Bld$f;Rnbsb=7cQwsxV$1l1uK2NcBN1C6b{bAgynRdm+Z`GP7j&;ItqgH5y6VJ z&ng_O$HKSJ!sb!>1clD0V;h^bPdCTVC>VAcwiu%z<6dKwjZ=)1jG|EhN%u2`(}q)q zlZF$9&wW*=gBg*#wgKU6yvs zTFYunlcf>l@uL>6rN$!L+HI?Cjkc(*#x}(=#WKkvS_Jc1^BMDL^C|O5^9l2D^D*;L z^AYo5^C6Jh-)Y`r-em4EcbVHkc7L_#6>C81e~LIs6valdN9+>Y#kHUfuthv79uW_V zr^Qp^S?d(*Bx{Ye(OPd^ZS4VFf-UALV5hLj+-R7?m|>9{DkjybnDH#vKpUCwsUU|8*JayB~aol&RPwc6G0>H(dICaF=Xm!gtassYW2 zDbgfKG^{nO25I|7!%@Q#!(qcAL!WVzvB%hDY&Who9yJ~@9tI79KI0kVY2zu-C^%uN zG0CPWpkpAKj)CsM5z}GQAyc1er)i666Zlo^GPRr5npT^d#CkC*Hi?_WLt-CjKAaR! zh{qjWj^N4>-AkR6j8CmqK@v*NTzm&GtN_>k8#X-1pGMcbe#pw zjgzk9(rM`==x!Wx?Uas~qh{H*7PK$wZE)#hnipRu2|pK=^>^f`7qwm3FPXAPSSJ%%nryK%L#$=GPD2VIML%UR1A%W2Cg%SqQ6 z*D2Qt>6moNb<}m()#utG9X8ikk6Dj`Ps+pAL)Jc9kL{4H&$iQc)ONyl#&+5++6B98 zsFzNF#!9=iR_c>>N?W9(hMi+w!*peieKi(O2E!IXB)=^NoxvsSJ;34zS=`Cu)g+dL zoo`|B4J>{$i(MoZh5dhK@yjH336EQ8y!W>({yvMp#Nua2EDBGoVeujs2UvUsi!C(n z!+J!a?dhV(7HBcJUBbS344%c}OKAM~Ur7w* z{)@%`!JgxIKsg)_h}nGZWAnKW=Tj68NUYrdk{J5`Ef#;4*3)+}jrYIC;-9nl>nuLX zV)nlKvEMFX{|1(h^9k@`1_xO@oy8)J_x+B=IG-+I*AFPX>o|*_WpO`?A7XKa#ka9| zK8xKfzKq5@n`u076^WtW*Rb?4usF}+J6PPvVn2(gvDi%G$Ih_$dn|sQ z#G)`TgT;0l_y3W_KVtE}v-mj{A7t?(EWV4yx3jo`#U2(aZ2Y$uk@30uh55^zI z4`LiYh;jTN#`%DF1ui)(u-n+uusz?F(33%VK;# zm#`h*59R~k&n5KL)8~CyKRoYZ@U5&ITaVlSjlmybF2vp{Mwb`CG>H zy$0S#Vp#X@W$-Qr?_}`348DiKZ46c!+{EDJ43054N@5s?f4A){e>VYsm8GAu9Tlcj z>Mwo14bLG-*ygmI(3an}j6ILqPIKw_evn_a3&JFAy)6GOyIe8-Gwk{M>`|`1U$XRX z*qgNJ+b^Z*+XZ_&myYMEBy4xvd${!5>_<5G`>gzzSo{o&pJ4F=Ebg=)|jOD zf*sLQtcM-+^!~q@d3X1HARr9kK6)4O`S8ql-m>rePJ7GqJ`dLp;PI|OB>WWD7{Xx} z*A9q(n2W1FSaGe$#z#3ev2s7hetULEa{?h?E|)|t4O)NP}dTEUEM%h3{!q&rUd zIQJmJN4dwh*-n3SSMu@ZC)_g#pXP3}eV1%>ui)b?dB(kp@I7vF-5V97{gza@$@O1y zwwql4B`10Wl232Xc%GXE82L0E&7}TZqhBu=JYRqQ-NJmgFYDKMX#KzUY}~cNsgduJRu8TJEW86V*B#H@R@HKj&{??F zV)5pD?6G6K_=0PQ>ljxr=LmU>>pTI1~jea(`dM|)2ytEei4E!+_m zH6`92Rg=q7JrlLpj@GBAQbt0}*|KiTcVtPbtgHyr{+g{}EJqZTRhPndyeI; zJ*a9&)Q%STy|e%p%TxL*z*sCFa#&$35sjsS!TeBhER`SjCkpcusp3d}Q8D%=On`H; zP%X%i+u(b=1lq9Erk2{Zm2qMd|8%_PHJ{oOD$2?#U|oG8Gjgw4#%FFRjR@r_?Rq7vrnArK z;DO$NKmBp?_BXDk{;8<$<2{yrwAks2a(rBhN{;JZTCRU_y7xWygk)LSsH!9`VP=*2 zxb8TtNy5i__r9YCoEY;B95UqC-kFGfkL^uz?YpxdVV|{~{Rj)jkDNa2)M2NcF>F`A zvAwN-xbrOI_hV@7sV}u@8!*_$5AB@s?bbC4u*;&?SpFW*F1(*yl`O~C)@UWf^G^$$ zr2R8uz{OD^+r`0YL1fxP%l9Hyg&w`q4c2Riw85+f#YlX!i&EKAZT~o7`7&F$Hh(CS zJ={2H+9G|j4Wg^$2eeKDSMXlDw?=Ph;P0q|Kd|=NbM@Dy(PbTyS)bp-rx?qO6ZCux z_aH<5APCTIny8;Lw3~()eng;`RIHyh^pb`g5}i;On~;hmlF&;k)I$sEZdeSfnn?t4B+@mwu9j7|}5tqShe z8rBu=)ynh}hI_SPa@%7hC^(;`M>7n8dZiuuh}U6*)ashHY>qrQRO>ipKRX7&Q+5V|uE}O~QdWvjyz$ zf7f#ZEcU(SdeC))Yqo2Y>jYQ6QlSjDooef2%f-6%8PZAO*EzE@e>FLyau(*?4XXfe z2y5}j{lm)le^`AyCny}l6<|*e|5V$Wqc_%I{lcGi=*Y=>&tSsjGH7NMlqIKYAIfkn zSQtyj3jN|DOVh7rANkc7+ef&vxVF`)-+*(Cd%VDOhq)kGU5z1bv3KC)Nf@c7cQKDD zslqM*Z5%vgWdD&P^{(=SAiQvdg3poyd~O<;7L0;%cp9U~~_CyXc*tSE)HvDJt?Y-y@|Jy)~bb zX%8_YQq^!)g6Wb}O>gXsO_r8b_der<6MZE$lQM%4bmie_J)@dBs-$94vf5jathw;~ zl&L=R9&Eu)dv)5r19(E8j1Jq#=}_^V6bg>bT$F5=Yh+Ebss`$xm@Mk!EuUOgreBLp z2bt?^wKXik4FSDfZ0#)@XAG|N)EO;H3_JX3MapDNO|s~GU$x(lTXMIwDBIp6Sy0>R zFkbYX^yj@G(?K(TA=TPeJNGpyK;NhpDn^}ia*WPWfpXa&Yg=vl&t4fbe)jj!H!`|F z*c2Jxou1JNWBZKF+%sb{H%<1g*}gx*-#gfxpZYa*zukPX?M)x#$l6w!`*IfSst3_3 z@t3%3ZBA{gs9)mCs*OvW=|WWgmR^?HD|g?$D7)6STJ>f*%4ma5=v9nV*UlO$bFI(LgW}!z{*ydLm;MW7r|#Xd;#jqYH{z zjA?p^F^e&bo5h%_pEqVPhP5$^F+~qIW-*58vlv%ES$nenlD>MV{t6mqx|`kh5LEA0 z?@om?oxjvHbka*TlNHIbw)@(dZu8Dpw{~2S+C`6*b)_bi)>Nf@6;%^^YwLgIr59)p z^7KpEyRE(&I%DxL?VoYKn(e&qY^a%?4Nmm-2YLtE(YOrEm%-^>; z*W`@Oc{t}Sw*UWg>1pZd|LA+jp+D(5AHW+Wu5vE^* zBe55=N*nl(oLs5x2GoY%Q%YgQ$J=A%$bz2UBz9)%qiW1Lu!Wk*RfaQ5&Eaz@RT%OI zf}#Axgu>$da4HqgPbQQ8{9q~)juaNAilfCvd+@5%2K@L%eWG6*z9+pXgf^zv0@8bM zeBRS5;nFsV6NMEOHD35m?q4t%QvhXUN9*yiic{^Kh-Dpa$qyT6tEN|C=|f*Ms4PQh zO=?<=H{G|#(jVqL5R6o8!{)AL4R-zT2JnJpuiC6Vv8mYfSy@(5TI16ua!{e-ilS;C zrW;b_y)_G8)iu2fvios+4=%^FLRncp8lcVhIsfuD-hix3c+m&4`(#U}mX?*BpGs9u z)z-tde~HK2b$UYEsfq2xRnvEToqKn-gO+nbt-r>P8g%NAp=|V--gtKc7U`-gV2Z0| zEIS-Kq&hh^bL$phW&x(Psr)OLyRhMdWRK)(yP7+M5m>La_9a>$g?F7yw*x_@g6(QZs8Ix4omu@Ftywl6e zO3zP~O;3NYvVLV9+iz4oq_$Pnzcj}CrC`V2S*uGAH+p9UdhhI#+E%arR+>3U|JIGz z&2OFlxU|cIf{B|ya39DK+Dy)2{0Zd>du{8XMi0_(yfNbUFq6Zra!~_UJFIe@R;Vd5 z^y#5LM(O9MjRz_7BLTKD5#&IOo6Ywe_;FecFo4%?lj z+JkCabM-{VBwE2CnN{lpYFpiUh%t#)ke)-+xr57e96CR3GLX%Zn#zwvBXS*i%Z&Csgz$gi%f&^80)8$($v z@+04xR28~d)v0`@`d@w7$+fM9Df25Y)q4!1en(w+U26;$q0{?9`WS|vQrV6-Q;JAc zk7eo?Wz)A`dBq$}@nrP!u}G^;V^nF@na6qyVAv^Dl4lJ;U1+k1X_ z#nfu=)RO6E)wcSLj_DD`ZASXn+PGe~VrI-!ZI>TPoGRD0v=nO^HOB3X$sKL33JNV+ zWxCY1_SRqNEb~tM_8oMY4HpMSmw6P-%J9XN9}uo@pQn8v<$~{_;iABpxgMpB!wsJV z?1UnJA#~sMk0S|ht9n#dXRGzoT_@=X?P!6H7Wn?Gu$sVC~vI7CU5PIlm zjd#cht&@F}e!}Qvk2q|1RwK~KK2lF)d~Ze^5)X%?!NQ`#Fgn?X>mf!bdqldEjk(Z2 z>gU;7%l31j2iCTB*TW4vpd&JNKye}N{~cb8tDr>{(?5Lkjx#=drdOBfXG>pPPeKhh zKPh%ZwZ#tprwVJlIVI9`3!u{4Y zg6C_`ho0A9P3-~CZJt(GQ>*pVcqYK+-6^Rbq=WsyR;67M-TWp_WzXUe>3hkrpC&3zBFZ&^OxAL{}q4Jtt zfEB!2rACN`nZmE9R{0x z7U#FlkDMEvjn2!RQ=BEvvz$YmePJ=LyYm32?AYq~)bY0C1;-lL>ucvf>s{6xtqZNQ ztQT6#tmnca;Q(vcdZaba>ahIF@}*^?qgmisI#EQ>93ESFd+Erpg*mXj=TOE1eI z7S5k%&RxI5@6G>kk+a@B&lBqZNT@p@&d)t!dZnXY?N5mFbB|x|M8Y^f_XzWlFgGEUkc$xK=N`E@NSIw7vA1nDL8!N8^8{H4L& zpw|e!N@xS2zY}_y5a-z*d2*iZK`)Y+FA#d3&~t>ICG-p-&d)u5f%9_@dfNWP-nP!+x&-S1zNz5zU{r0w%&JyZoWb*`F zO6U^LegZdoAYm61`ZJ*m2~8(7jnGs=QwU8aR70qmP!*vI2vriQK(BZ&d&Xmgy7RJm zf=UUM5SmCRMW~oi5urjtNkZcZjU#j}p>rIfU%1=)hyaW1eWaszG5ReLyNd^iGJFE) zqu(~?3w*GOzuzwB3l#N7^>g*zozED!Ho0DLJq5e=`i#L&M%Z`2=KQWl*lo`-d}-fk zf7$+oKG#6z7%;o=wKmJ3tW_RRZc|$IxduAN@FtsOSZ-^wT?r2d+FZkdHd+1w-V5H4 zpOGJwZ*aI|2x|@< z|9(#`;1)Yu3@v1#R%po2KHHT-J@;k-O(0?1dj?_Ldj`b4XF%M029%UW@9o>MT&N$L zEeq&uLT3>=lh7DKXAl}q=yXD(2#q8(g3xe61%yr`G>p(tLPMlagkHOM8_^4RG{rwr z>_xFB#U2!oqIjh3aN*e9E7Fd!xU6Of4c#buDgJ@tVH6LccreAT6uVH&qu80^K@<<9 zcmT!yDegzH6UAKRl)b&@FA*A?**gT}AY><`5RwT=ghWDCLKZ?fgan@I|4rx@LO&Dw z7ondB{b;Y;+g7?rsQ)gTC+J&3-w^tm&=x}fB=jYrF9>~3=rcl}68ePDWj}N+ zd}wc5X_`>~Og2x@Iznp+Jx%CILQfESoX}&09woGf&?AH%CiFK#4-tBh&;x{4!?yii zj#Q=y_4j1+1l>*OE<$$_T1n^*Lbns*W|r^^x00}12;EF*1);wZx{1(V2;E5N213i- z2kmW})d=<1X7dCsCA5UlVnT}uwGe71#LZ0L7Z#APCPMQGH4z@R(BfR3RhhMxkm_bi*@y~SQ{pCu{cR&g^{@D-Pk_F#u~{Ppl>w+4RgRuVsV)8O~6ME8GJ zpnJlL>ptU!Eh^p*RHlR{IwFX3SM=u&=kT<^15y&^;QKz(3y@_~{!2ABS;x?CSx~eR=SD zs9+XjtFlG+gSbKS7YNUOt8~wZ%XA-tv*1l|TE=T)0emR-gO5Q!=T%Y2`sCX)&yIWU zKhN;U2w#NoA}M>}qcJz*lTm=T#En_cjJx)esCg39d{L(TD(*OV={WPh+ya^(lw4t{ z?w`dYEd2}PMooh280-F8z!z%VNtm~vA?N;!$&Z-S{d;v1=B{RZ1Cw)^oXTX9N!{NV z;)faQe#^kR-?C1^oUe`ZbKYiB_y2_Ry8kCg-TxD$?*9q0oW&c%r0%Z<=XHNIkh;Gb zNZnseC*d01Uk#-0uLe^0SA+JLsHKM-&SW1Z4`)&}zJI)WHpnz z|Fc|SiS8#2QumVvsrylb)cvjH3X8uq;xE?yv4J0Dd@GX+n7ow9^OzjPWM3wGFxknF zi+*DAA56Z;q<-CUg+=;xgVe7Zq<-BX_3H+CDvKXsQon9EuV1%Zp+)yo2l=iM-m;d- zyO>UdYP5@Es%l!l#+k{q5xn3zsmyg2@Ud&t&ohCi9up?>D5=@3&lGfquV1>h~Mu z-;8(*bboSS-G3b9bauXo$)QZfnC!-+!;nq-bCN4G>CXw|Q|$aoCRw?gSh<^6xtmzI zn^?Ji+I>h55RlJ4p8Y%xBNfe2)>Y@kb`v zeb}hKKXQde-H#w7yPl2u^~C$9Sc?xij7ioWjZ;`Y>^e7|!Z^g_VN9~?+`z7L1G_&P z)*0aqcQeWE&xR`*S2B4PlLMLbF`37t#gO%%Gx<7`k1}}+lM9$+&ux7vWA@zE_hrnU z+j{og*0JZdj^_>ihB0fGx$HigdkH&V!sKu!k74pi zCUXrrXB(3rF!>yl_c6JQ$*Y;1%;Y#G2Q$g;mpO+rwi)u8ub6y`$tN|5`%r%lA@%n2 z2ut+#gVfs(Qg1&h4^qFcAob@EQhyF1_2&>$e-0t_=g=c8)}KR2z5O5` zHp;Ph1(S_TUc{vS9YZ|5{UG)BgFJ$TyA8Q$E0dd;)Z5P^EYjN#Qg1&Xh$wQcw4cW4VNxl6%LJMoZmj7et7cr?n4+uYx@hB$yGTD>K{S4Xs6O;P$;1Qbj z=K+$HyZJg6KATBa?&fnCvvN1HayPSbH?wjtWaVD?rV)SP6HMO0WDAqEOqMY@n#q1l z_F{5>LoWE4$&ZT$>hEojFrPg? z^IgXI#vhnu_hI9+jPGTVUC%~#JsYdpd3HS;PiE|A@?a*}^=x3*vw_`*4Nn>24J(;s z_hG|jj3+s)y@aUMDR>_9+~7%hj>EzSTX+-CO-iy<45E#$4Or58z_g@va=_>oOM!Hv;Dka39 z#J`D`iv2~a^-1eh*1=epe*QoDcZa18`tHLmLCgL*-{!oUb6-w#&a|8}bNb{Q{3|1) z4rTaXX`tU&Fz)5P=8JTgwSP{~AN1$@1Nr`_*B|WTPxJ}LeBp4yACH$=O9Z&!+3CNw zQ%8N_L?9LjoM*ksMCyny5{$&du@dWtCQ^rek$5Z=2~7~Yn@An(H<3E% zi$+3;XtYplHIX{ti^c=kusL3Q+eB)=FBXVJLy>c(u6v$3l<>tv@nASIRvKd>b=((= z#r+}wS<*risbjvlKNt*##z?Q2NFDXXBY~(tHd@}#MCyny9*&0s;ZbsdiPT|VA{>ZE z5+me!CQ^rdi9`UuULZebB6ZN0h(>V9hS?k@QU~zc@pvLJ#5TxOYJU*VN&FPsl_paA zeg1gJ9}Ew&J+bGhg9)EM6bJ?)Cn**aspGytFzgTb2P*wcq>lOgi3rTL4p1&Jkvi%N zgo3enxS#TniPRBaAesmyLVcAVO{5O{g8pbImN?cPH<3Ez3&z5cK%|d-iiy-gpY}Qr z`Q!F`Or#F@LV<)o=8xLHHj&!z3*mx=!eNJh&r=5yzECuQzo4VsMCv%cg3(AK>UZ2` zA~n9i!6^J%`W&B{NR2OWEE0_ek9PJjks4oMe=w2o_i|1!ks4p%a3B_n^>E&3B6Y|Y z4aEHM=#kD%CQ{=IjBkNIak$HCA~n9i(O@DN@9sL+L~4A2{fS^C;&m= zBf-O5Z<|Z~2Oa-d3tWD@>=yEK?8?lG58i)& z`;{l8jmqX5p51D!`T6;dd~cs>SOXge-x*b?vOw)5% zR8cvd!%W<9mdOp~>!!d=89NJS$Vs@AgKc-synBAWw_DZZ!s)$BlGP=B`fG0Z zQp^T%pFV?d?hLrp8w}sK6DFi!W30yT-0Oh#_em%utbtdLLpI}J;H>C;7#QngDmSl} zt2Mm*1~h{jnc5)Jqx{+#uJ$`bGAfroT@0VasIbwD#!0@!thD1wi%l1pD;-J(dmvG* zgrpj0pR;|L^)s22=_2cAw<|Hu%}rR{LN~izY3j7Ub_XSJSyENHEf03LyLkJ%n*BgYMaB7<+j5fTT^qLS(|Pl(*JXzj6;sPm#%wCqXl7vHpYlm4eHLRC#f-DpMr5M3}6((#e#GoX`tJ&aeWIb9&A&A!AgG{cwi$(1~z@ ztzR!KJE6R-dn*s!pX}8@T%V%Rq~$ zoz)u3_(?uwyL(iNoGnfE?V_K{{rGGEW|g3!hTk|0b)8mY2i$di{<*VEQLbZ#Dj-#C_$`UjyUg$KTl6 z_YcY2`2&`H&X7O-Fr`nB;?gMT((dHjB?uN@M^~_;1$M6mE-!-(sXr+8oZ1S#ubk*# zUQs@M5_~ROSWid4S^3Yreqz_3Z#~MczPo$+X4f;^{spU_)L(DL3-fo-yVm>CneQok zyX;Nx8X5kcUQV@xa#W$4Vz*y@x^}w>@Eza;*}k)@-xIWt zx5KU4=6#gDBirnI?AXbqU)AmJ#B^VZe{8hE^Q@=IJR@!PXY?pszlYr54y#WHL(@mR zOgvGvS=U*wu@1F*Jnws!dkQ_>-J4+Vuh89H-J~v83)Sw}oxj{w=<4p=r9!E@xM`pLEf=@@ zvpj}9@3pXVH^9=}V#(Q*^H|REoZ6hioB=uAb1dOtT=QA*2Wx-$7GAb{Z@G?GzyB7% z?Y^t&ur?;s5`7|AaSCEhIdqY=%tY$2FAxs}BjF3Jx0pzc6(_991|!p~n@yy~iW3wN z{J|;WktR|He8B`}W+OFXv5C}Jal#CxKU^g)-}BVrgfHw5heEMR$s+XIoBIxrxP_{9 z1pIwMabF|~tIZMNHEDq0-Btc=r;lmrL*an%id1VRebg8A`>|v$yevItCVj+*Ma*C% zD6E$)X3~d!(O4o9hzT#qrs|KysYC>82Euc)srmDhzifhrs^NSGEX?-j|*#U zrt0s<{CEV*CBjoSGxf*fJD%wP+V2UQnfeFgKIrE7BYxpAo0<9tu}~F{M8Z*F4Oaj6 z{QeC_p|BB-$AZGcimCcXeSU2zIxIY-n5uuo=f_Je78V{*Ow~UO6IM7))j#43CE^ME{!LC( z^$$ZSA?U~Z<3^{c`iFdB=nX~v!g8mn`Ujy>0o{U#u*_wu{sCV^d;P_QR+p*z`+dBgqtU1^&uyyyP`ZOdjYL40<2F@) zsNDs_0e?ie+HI=-eqSPl{zpKV<=NxHmi@7>LHheslW&7|LlCkC@Z{*9LOf=Mpxn|Bqo@C}3LuKL{ngK*Fs4 ze;}gmTrjKuA4K;*7&NQ@9}Fg9iG*4G|6tUQ!KYdMe{JX(4w%*dhk7q&Zp`ZcV^$Kw zF0=aoXmRM1o7Mjh<9hj{X7&HEjZNEZVp9Jfn;!5=H>>|23t@9m!mR#(B%m+BA`-+`)SUi5rc{HmL_A_n{~urANGu+Y znbZHr8dVGv!U41T|9Cmz#b{RlKNx`)e!#5$e*iC*NX)GMKUPuD!#1n`k12fYsxqtp zkMCF_9x$u_A3{Gh5!#9VKjv34JsA)Es{TKQaTfV~!G0e8>-g8v0v#>T(E=SU(9r__ zEiG_`tY8xkwsBq7jj5(iuBn)$@3jz_wqTpue>>A2uu+fh(IJt8b{E+wE-^ zyRj95==7mlrZ#c$Dxm*~En)v#8ufGcx4DJRxDn?MHFksP8^O~0(VAW-xARNCK{);` z?F7^HNqHUA?R8T1!t)U_w>y85ZIEc=)c^9BQKe5mB|D({Kj>OFC|3^`^P{h3cKlBH& zAZK3xAFEPWxi+u=9}gwM&_6S+{~yQh4wT=t{y+2wLy>@a{eLXfU<-hG{r^M^%c(K* z`u{Lz7LG^E>;G$yMlfMk{~!8;&>oJ*&FcThd{DlGUXywK{{WVBas5r}{|BNGSTHiL z{|_U8Fgayj|6f}k2?osT|3m*B2Jr;b`u`#9|AGFhY5o6DG=MD(=Jo$W&`iVr3)A}l zp?DlG0Q36)VJs0tf8DhHKQ>QbiQ2sWKdgRX3zB*Lf9TH#gK_iv{}JeVg#zaF|Dl|R zEi~r!|8es|LC?JYKfYhk2{Et#9}9&;iJ*D?|9Ajzz`fA_hwZdjBw=3vKOPT8Lw@u6 z{|Q(UjmFLE|6}(KjOLov|HuBRa0E?YR{tMLcVR!Q{+ZSPhuR%dk8L}u7|`UJTYaeQl=!uV?@6)+WvwvL_Ao$ zP+2clDo@$>vk$f(Z;#l=*{`wB6z>!}*{8bxE&kPhn|-;%m$~C ztT$U*t@Ew3T*IsvTdS-S?H^djst4LPSchAmadlTmsW&RBqqpO5M;EJT*=G6D@_}W8 z<$0G2yZP_8+-ASea=p69zCfL4^*Fy*Ur-;n{a`N@>%_~IH-#| z%g&qKxynD>lDOD?tUKVo#P+@tvpoy%1nRAwD7_)QAU!Uvl5U3;gJx-tG*g-)oiB}-PM1!Rj+eqx zPw6mee|Ql5S^Qf3SbST2NqkCt(Efxn!08YtII6_4N}iZw{azey{Y-?mru8K2G1iS% zzx7qy=hh>fK5JLoYs%5KHR@{h|I~}sYPD1y=NRs2bRMquQzL3G)eg^w@3>xeJ?(6D z&T>|{ZgMSg)w?P@-#Jcnob9;CIng=R`Ksd+_!|7HW2y5r=RoH(t{hkA-^!oU*Y=-7 z%E`&GD5B{24sIxS^3RB56Gio(*~2fgho5H;Kg%9|l0DpuZzD2|%U9-f^(w5q3P4jpf058sr(6C}Zoi(EhxP9_s|O!jbuk%1zrr)7=?r!!R_P9G`LjU+a-^w#X*51B)^tUQ^HtUjAL zdYVO$CHo=S!-KPjU9*Q>vWI!u!_L{mgR+MQW)Ba@9`2t#+%J3BDSar~bF+t@?4dh* zsAdmc*+Xac(2+f~XAhO^p)GqTXAh<9p_o0irVp)lOZG4)dnjZMm49asf5{&HoIU(k z_VB0d;g8wFZP~;0C6uj7`V!*s`)q{o*cFtOZ!<^VWRAYh9DS8J+LAf?XXfb3%+VK_ zqt7!(pJk3d%^ZD_Ioj+vMtF87ubbc7X`@{g(dOyPniz-2rO!&9W720OPoMNz(GyRf z6+N-^S*s_KK5O-ajmA<$Pmnd6=n14_%AVfon6k&Gg)4ZAdyY1aY@+8+MzHp3ct3l{ zUNzcT_U6+LUr$F6-RyNI%c7gTea5jA><1l?EBSKC#uQk~m(hmUQ{$f8j`;L4(^K*}7jvmb>`*$|8Co*T1+wIG; zIjqa1dn$AEWIC>>er10&bNczr(R0}dUpo5enQ2!*9i+ujw3qkE=@?e^-RvQ|0{9{+ z*JRErS7#4rXMW;^^hr^MpqVr6Lk%JlLk>8pFKP$eP~tBa?al&5372H^PV=& zjxv(rc6M8wpKTXGJImhZiY%!U(mx@pMVVyk&#n`8NG7V^rsGO#X*#Z`ewsbYzW7=% zCi^T)e>EcD0hVrZ74ML*Rn0usl614{&g~*-cM9u+XgS=P&Fq%+4~xzb*~4_ZBUyoZ z>UNoFIoy_xYjqCI9%gPZt21*mTAin;2N)L=kI9Rfqi3?oPELQRQRR0s5!PoT49p&$ zkUborUM1M|+r~Jjwb-Wgt>ZjCbJRC;bX?}>SoICThP3IFqWX3Aa7+5os(z435z8D! z)4`&e{>q}`_nrG-;b{IQ-qmqB2g#l8OyGvHx=(KFG0DbF_e>Di=AJFYcJ&K83Cm_? z_o%}3oy6L=r;RdbpO;%<3ZU2S{a8AY9wbDj6-};xW&3&@O@{)S)SuOKF=RKxt<*N*X|G8uehId-{=0TyTv`*eWCk&_gME(^&9m= z^;PvL^?r4Qx=6iR{j*x8o}&&^k5~O_H+4VN>RRQx*|pepjq4)Et&XMe8hDAL0$%Tj zI|evH7~vo2knIm*mf%|ZJo}~gN_)~i!hV81Y(K(&klm(yf)V|*@Mk|mxd0XgM=ArA zh;pRTSy61;Y@gcRvOQ@Yz}4Ngze{v}=lsa|x^t~_weuF|66YM}#m;i)IOhRQ z$??78W5))^I>!UIy}{aKy}~-hI?*}?eiZvy|71PHs#<=r{L`}0@)Bl9?zY@$ zSzx)+GSyOIIn#2AoPXzR$=-W8k7bWLj(&eFfCu)lotN4zcD7gtYtAQx zMxo&&ivOVaA;k|UZld@;#f=o-qxdexcPPG1@hysPQhbBr28yp!d`)%;$L_pwb{)cH zRWCHWL~%XE7b(6#@p+2RQGAx-GZfcRTubq3ice8|lHwB-AE)>j#Yb%?woB8^6B-`m zat1y?aW%ztQ=Cn47R9S5UPDSkuoYl>e{+(Pl66u+eS1;x)Pe&%|5H~T8M&C0m6!1F1dN3oP*35?*i z$2GcAXei=x1{P9GQXEh5T#DyV982+Rif2(glj0bPXHXnX@pOu#D2}8!!ZV~@nhwvP z!sUFq&@hzZ5Q?W#JcZ&QiYHS%iQMDfXjyJjK2gkE5vFfbDS;)(Q5AG0p<#AZI^k-064r zaC)72&RnPB6dYR}TO6Am8!@V0j}`7Uj#ZA8junn&juuC~W0qrvW16GVQG$7eF^&Sq zAV)t(+~IfhaCjYgj$DW05bRs+TkM+NgpYwWA+EA1=n%j~o4Gwjna?@%JH z6IY8ji;KkB;&ic8JX0Kuv42moi)goQvwmWI!@5rVM0~@#8oCRMth24t#ckG7>zUU6 zo|T?@>tLx=I#U`fB|Muw8$4@0tK3`NTil!NXWEC```ZKdZuU<09OWzJedQ(PQRPnM zdZj^`i8+m=GF<7e1e9({Cnd-BmF<1oOSVUCciOJEHDE^L0$b8H+}7U~uywO_vgOEM zL2Kb9`BC{!`FhN2%#<&Xlk#x6zcp!{X}#Y1sP%m@N9-o{7n9;l@p|!5@qH;Eb(1)=8_So25n4Y-zf^1@k=9JSCnno)92uIrt=ks6mE(^bvg|8JaAmMkh@W)vAQn7)AU&+EZ zu<%OpP7;0=3;%+J4-{V_;XWh0!OFt(#IN}9#W%9>E=Ks`d6JzEU!u4BfkMLtQkU#` z@YzyN!Y4}HJ%RAvMt)0WDVdGeNm#Ol{oYkZ_>woJ3rP4A(#$L$C^X(6H4vUFT~Bzb zbSL4Y^eEv|rI!eYrS}Q{LHdfYL(bv3;aj;A;rHZjgrAWEgzu3D6Ta4{Z{5G-Gx_s% zAIYVJ*UQrhKOoO0e51UG@I3iu!qeo{gbU?$gons)5RS>85bh>#BkZ)ZWD}E@Fj>On z2quqZ@<=8PM>eP(det4uz^ee!5_j%n?##b`Q?(@2{7_pP+|!TnF`fd# zM|j2)&h=FC-1w7c2H}r9Eree*%C)4$vqs2ktBqKAEi3FGumb1f0@vD30G#|#S|~1$gcn+@`W^%U&TczzlsZ-N+VC9IGJJ%#cGOG6!}G6 z{1CsW3*;Adf#voG+okDRg~k%D7{G}XCs5?q4-vVThVpBG2<6uRf&3aEkY57?j-y$f zOOam^L}Y$R5XdhH0{JCDAipFC90N7>_E>IODm3y-g1`}6nSsM87El~Ukze#fT7J0~d;(HX|rT9)eE%>hx8aHq`17D~3 z8pT&BzC!V3iZ4-IPw_>HFHn4*;&T+ArT7fRbrjc9e464@u2s9a{*MdFui^svRa_vy ziVGajP7D5vg+_iA7kDgJ1>i9h`%p|!j_@g5u#6|46Yr#cmY66#qc+Fp7s#JcQ!G6uVOFLNSkGXNuZ3 zr1p3NLv^APmoqSzqKBfJqDs+4(Mi$4A>NZ8II!M!ixr!%Zr#T_0NU37{|}A-<(S-K z7yAEB@n7N>QrBJU|6`T?u3y~&KxP0O547)}yYJrX|GWF<{N8q}{I3o0x34drP!D&G zdw?Gh<}anl59$!Qn1(K**g~}=~#sfCev<(#NDb`V(M{zF2Inw9t z^3Gi)%;yJnKz>jMyqx=8AU_}k*3!_K6lYN6$7x8*kMV%~7!P<6P5Wnx7gC%~kssqB ztEn_}N;{44?-S-D1M*`$AV0}=~#sdy&r}6(?!u$bTF@XIk_M^xTClI+W4dsUf2<3+aKz>L7 zn1kEZ=F-DOeAs{V3LICn31Ry^`00!G>{J&C|pU;&F$d3?!f1;tiDE6Ru6h(eW zfUNi-0gxXO0Qn&SkRK8N`5^&%uK(bE=wV_0LlhsR_yEP#6jxEa-*sBMd}1CF=HJET z47`)#N{atS@pg*0QM{GnEfjC2xPszeDc(f!FBEU2cmu`d6t9QEe?He&+4Uip7T1>_ z;{o|G9*`g70r@c=@Q`+z4!A>@-VG}J|r zALAjigNE8EDim$d|37ut*J-yyxtwnk=36M{P!tF@{+r@26o01pFN!}={E^}|id!lE zK=FHu-%kYm?g9(ExI zNB#S2iVHc=ofpIrlM7RmtG$DgMdy1*RaBH&WO&i_=lcWs{;1acra&={CQE3ILQ(8Wy0$xr^ zE6UrdPaO4$1^kH}>l61yG`Fz9a*M^%uutoAL77$`?d`DRH5pY^T6BJ4MU8i8vTSOy zD&-xKDyk^=_Ajc@{FY2_t4c9n7$$pRH+6?g6!XC!bRZlkvskT#`?N|G=V?_sxy>q# z%wC%lDki}XO>tRidCGfYby2c1)mDX~K3H&$1p+%(DC&y_18}x{o<$V>`?Nx3C0d30 z|5}AkuTFU@CU^^~DvF9HPpWLIHWA!ck$AX`Cn(~JhU2kds06k7_dc!7qzPJWPWZLj zoRBOlnp~Ewsi^XvUY(rS=EVv7B5}=a^o|!N?2CnCF#kHiB1uo~)9Mr#Yt;#~S)Bo; zHPy-DNu}l9fpB!O5wkp$e+!|(U@FT9X17KGE@IFiYY`?MD47izUQzRg;k zQCePHF}2z|HC0$$k}50n7FDHo`c4b_qLGkhc6x`(1bs0$+71T_EjC+npH^nl_?_Qj zr}sa>J79Wcvbx$kr8Mb1aZ0MZ#yh$+H8oY$*0l-vqVYh$-^Sw~@WHh}BoQBPQIzBM zX>~3 zZRnj)RWZpsD%IwvDHQX?{dfoN_%26CBA9^N^D!2ubKll!=AomzqEa)v{aUTkuf(Cr z@`8UUYRQlun#nwX;uMDC|pw1M$d?-S<$$=a0j8jems2?LK3l)^}Qg zcE!$Yv$h5J$W6uF<{gOMAnG_GHL0Q|P*Yz~b?A+ov@v8K%`tbKth)z~qdfgV~pRu$oeZ%;LEL$8;?c%E3GW7Q zuMh|fv*0K8X-zH}qSYkTW=+x~EB)hER8gGLuFL3DRZ&@WX|Z=yvT7nebXt!d-}bhy zQ~*~hj#vJUR|?)20*P?MKSZyeR>zKi9WBt&0v#>T(E=SU(9r@NEzr>d9WBt&0v#>T z(E=SU(9r__y)EFdCWY6mXA016f5ZBfXonTKgg6{l@Mgju-kst)+cH}VtnAOS&9F_g zRoY5y<85PX1-3!9ezv&HpSGZ9A8#LHFR%}?_p`_CetQqQ*Pdt3wQDwpwklhc&B{h) zgR)*(tE^F0DJzu~$})HvtXF2iy8kp-;)6xLJ++eX`Z+Zx--UEA7&SHNy^Cpky@N_t;BDXKe*qOVf4%Ju5tI*xQ4(z|HOruqL?9`o49W*a>zA`@;g^1+YbU zy|~)m;_m16yS?sQx1erOH>&H^HR{U$lD`%38=?P+>vsQc+4cSC+~A(!p60H1uW+w* zukviQCU7^Fq^(D~$G8jJmF^Pm-YMB_yOHs<^-A|3_jr2&9vH#9tJi{Npd$}^zj=Fr zc|wC^otZVrktfvuleY&5e$#qA34g+RC*j+9`+tbvqWw;1=%}*ad(iqxHa^bl28&RR zmw20qIIkNt!uic2XZH%{bvuAK|1)m~5a)IKe|f_E{Y1|070&AhaB%)8*hI|OT*P_Z zKn~6yCr&5lbptv$Ka#fti1@mJ9h@%}Z|37S=>~Xkex~>+Ijs=_1fRj%{{#1zdXo5mk~sTc2tPpL+96M<`$amFk6*W0Dkc1~ z#I*zBKP1g2;WtT(2-izD6TVPdO}JQEM|ha@2H}MC3E@9V+X$<&o#%N!$Xy7(FZU$; ztehZxuRNIWb@G{nXY=;|@`QOcy!}7$INtsrcrb7O4;j3)%Hqcp{6Z+Yjq3EY$7fL0XLS3v|0`xLzHKiy{L#WYwty@y%(|eUc}nF zg|&CfMk9X9GY-y9J+Mmd(= z!ekSZx;?ng!cyH%9;9w34^sbJL+bVeAw5R?CEJ+%fXU~XykC>JKi+k6_PxORdjwLq zqlb38p2gSgn}H`gIs0E|pQySjXU)E9gN}UneG3@(LDMXCZT5YTCp1;58wih8HxoWd z-AdT+RtR@>=Mfg&J$Rn~r8`b|gL@F+$J`r*`h8#f-Twunof_-h zW_wl=u7+JeuKW$>@b>?Z-^m{GerO2r_WuxmFj}x}`+wW}|C{bPZ`c0+;N7nGuX+Id zU$X#6JOH-u?tjMv9rpir|M~y#jk(+Q|6UN9rgFP|fKw<=rZ|maHN`55{0?yB%Q~<7s4mLpVbD4dFn3Lpbo5cG~~HR%nWF#Q^dzhM~2Zx{x8+R5SH6GD@N zD+bU`k>42KOxNLw*&+EEx|y3OYqA=(<1JNfGrf8 zDK4bAfMOHH`R!y5aJ|qpkINZ2m*O0X*HD~IaTdj^C|*hN3W}Fgyo_Qk#hDamP`s4l zB@{2-ZTo+?p!}w8Ait>_$ZzTfZd1Q$m%Y}H3G=_@$_)I5;@1?vqWDjWUsB|EaUZ&cJslzD@Bhif>TdK=E~ouTgxJ z;wu#YPVr@mFHu}i@kNR+P<$SviuTyy4|^qRxtxJdQ+$fzlN2AP_!z}UDXyXT2*rof z_WyRU{?|Sp09O5~2Y?56>H**r-2=c@otY4-o*)Az~(;CjvepY=Ug zz}4Ngze{v}=lsa|I{X=~cHZJ#;+*5W*jerz2M>n*9p5`XhOfeP?LGSM82|tGj_LQL zX50h3Nmy_?#ZeSTQXEZjIK={rr%@b6aVSN86o*prBS0WO0t61GX$Mg}nc_(lPi!aq ze;b7b$8$LY`%>hGdD_r zc4@k|g#`z2zYFAte85gLlppdTbblJ^rl?YMQFKz|hkVG{PD2%nHi|Mui6TD&M9%yO z5NNSK(=ILfrqINX0D=7Y0mu&+fZMo20=H7+2O9|eo`!x$@mq@DP~-;;$m%N^x`iS? zen4b?`~c*~4?uqW0OZFHz)zi0yENEDpw5PEA3?e?=_)` z9{~dS5g_n+?stLDQGABtI*R;|4{4vKq5O~!p-eD_Y`>g zdHf!)C)Xpur~O9vdiNUlO7}A8SI>YR^>}Dgx22uFOs!XEsFmt?wLtBs`qeyDacy;N zc5QI2b**x(aJ9H*xu&^FTw`2=Tya+qSDs68Zgp;k4*yzBPv6<%oaLP6EOCx;4synw zJ)C(?#j(}iB5oAdiYvtyafVnT7Km}tD=OA4)(vUxZpT_que-%j@0hixdkXApw4Dg{ z71)t5t37r$V5dO|_8N@AZi7MCZxF|hgC2@k$-}M#s9)N)V&}nT>^<0k-3M#2|6mn% zAgtK6e!H!Q&5L=CT$^GO)K7{_eyNA#mGZ<5@RqnjtQV(=t^eEDOXY?LEI{C z5jX$7|Mp}&{@aLa<@A2K2upRn(L7=4tyWI&3+I^{|I!6wZdQ*7=XL#1#GfH@dS5ty zzM)68^gOX2iLd*$Mf_3X7;?TZi+`M0NzV6R=Z_L+k@LELVC0i4F5}NH`N@dCg^55%H4dE5wE$PNmlOWV#ci8&8*zbtlZ74+zVN` z7rt-AU-&GO_cD1Mle3wuX7U^+Pi8W}WLG9dLoWD|$qh_C%H*v~>UzIjgasEfp2*~I zCXZqA2qxWzZ2F!_T_3uO(DV#rUC$fL%H71u-Nee>#LC^o%H71u-E=TZFBx+FKbd@k z$;X+zoyis^YneQc$x%$|&vh4JzWy9T?r)rL{Dnz&A2z3K zi%|a-<0qNCgULlqvgfmY5@Ys!)(>FJp3i#reAcn&vyQb(9eY0O*nM8dp3k}lBYhpa z&+Af-E!p=P-gC=YIJ@ub`Y=A6Np}Ct+iLJU)=u--^E!_`uk%9x}?EaZs%g&cEc{-EFGueyD0}MImXC^;pay^r}K6@8o z&W()cF*%*dA|{72$?l&y-55I!dChlBzQ^P`r$E|wj+6TiqP?d$y(D~`(@%J?llu-L ze#lus!Vh(hCv0<8^1S#f=M2JcIqL~O;ao=e4(w-8v>t|5{ybrEi*pU(TIYJglj#0{ z#b;3c|Hb`X0*U`8S1#cLTwb0R{o?Wy-i)adt~`rgb`=nQ$TgnuO|DA9^{yF&FLc!t zE_N*=Jj}I{aNMLq-g8mIcw#&u}9LM8g| zEtM+Q56Tl-&QeQAJ_FThgnO%8KM3*j)D{w+qpsk&`7@R42jvOPuTuU0=7*^MfAe3c z{(o~F)&Fn4km~<87g7EH=3!L-zd26z|C_s0{r_f{o78{d_ij@Eg&WfKzi^hD)PG@>doABS3&*-Q5I)JhnXuozm2el2LfGob<9Wdso*sl>_rwXW z@eCq-i)Res`JNKO7kQ=;p5U29xWLmwxQ}NA;ln+v2&|K+In>xIsm)g1ArX>*qh!-eM-F_JGmFBSF3+k%hYq!Ve0W1_jgnG zQ?0IVUH@>s=DNmlt7B{v;us>se&|Yaz+DF(=u!rqO*blPXU^&3h0C-4gRq9|V z;Py7x|F6?E0E%p*Y$w{PcC!9|Iy3-!$X#TI9FrcwDEE4)QMyd3ky6rV>12#+drDm; zr}%~VuJ|H60j?1zixb2%FtSaEy~Kk>m-T1sm)7^Jng+lP@Bw&{Ytpaj062rX4!{QJ z0kq?vduTiO{~Oxj|L?akV&Cmja5Hw_3kyRO!xZ@yU_|CufPuYfWFN(RibqrY6UAN> zds5^Vgz>xlf-vw%8uq0XenN3G#g8d|M3G+sM$Y^SFz^E!d6WIpc4@jVg#~YO zIRp6>U?9H&419-1=GPAq%C8>+`Sn8}zkUdOg=Y14iZ4@qiQ;;S{Q4ns=GPB_{Q4pA zImh?y(sZ8-3;5+kAitalxV#o{Se5n9|9ldst^1d#fK<9Nbv!R z{Q4oX;@1y>{Q4n~Uq8fx|1>Tu;8YHO6c&!4INTLzmuBB8EF8k+3_O+MDHI1&JelH2 z6i=i$km3mx2T<%!u^+|bDfXp!9K~ZP9^+cvE=`ASK$OcF7~v4t_g?kYcKM-Cg#|0Q zoPqrMFpys#2J-8}Kz>0O$S(*3Z>Bk~p!ipcH&Ofx#TzN!K#^Y%#_#eA!oX!T@^$W^ z?b39cg$0YboPmodwoq)w&VrqIsz%y{G;$Ng`4k%|Hc+gmSVwUl#kmycP`rlX)&I}l za{#tgUHi19r$tyHgXDz(u?@1dharID1QN)05(1bcPtud6M3x*4J7$%LQ7BNtvK_m> zG4!{Mf7?%?zk`lnXiHm0DNx!E9TZwR=%&9drR9%vhu*NBBwLu2P+KiG=k9ynUFY00 zl;F)u@Fuvk&&2%-HmK`lH3L{ug8P-=wMy_kO7LnWc$E^oQVCw61P58odCZv_j)B+z zad`3P;FW(IUiLY#H8&0~_?+z}+qi8Pyk0Z#LVYb*{bS&z`C52QX5hv6T6h&^fL^{< ze;&L5Kdie}cb<;XKCHb~d!CljJgnKJ;lP#O+w`-YXX9*)^(E`W)^Y2#)?L=~tell$ zUjiwBad`RP#h%A#X~!EWA8Pgbz*U$>bGr7WM#=|U!IPZ_`hTjfq45V= zz2H;G6VjZbYiRu72?ZRTg#sE**UL>2j6cIyz6td=7Q??_jtj1BzW=*YZmGo z8o#I2?}-FLAo9M{~TP zk@361A7ua*ctCTkp^@>sgROy3I2a6TjxjVeesH+x4f=y_jlUK4eot#CfLyd`jK+q>58ms-u)+E@deijB?`{u( zlQ{68=5cGZrseggZGAMU^49M8x6 z1>WEfdqO^cnE9onk@5TC zejWjLmSN`Sj)uk`08fJ+Z@|mE0{n*Qe}6yR&ylBiKl2l3L*s}0Ib1N{`@iIDX#8+L z2LuLu%!|&3#_wqjxcy95HRruu)W3$A zA^Lw8a~|NZ;XjrA3G)YFeS1R@jaxH5?e7ESVShr-%Y&L$;16)MI;Y;g8`ft89MCsT z|9gS@4!s5X-wRHngTcn>e_tfv3%mvT--n#ydK#zy{k{lvp>g^j))z2P8mIsL;V`1# z8m9jPfj}e>Y@GfN!1fY;3-o``=Lv@10{sszfqlMk!+QO8*DJKQORge2voo0Vogd zg~PM-f3357HfzFSsxAM2nRBgEK`apj8R7O3C;cj%wD-j5>hE%nZpSz!CU2S-SwrB*0PXo66MJmEd2L;GdP?pOm0X zs2kNR69`A3OduSAe^8eFy%LlOgrm&ARi?@W!cpq4XGZ>CV`PSYCTj@5SCrsSmEg~n z;LA$zB_;S{CHSHelnHgCZv0T0Dia7tsoz(ozMuqU0^umLOduSA-&1D(?##&lYxK;} zw`Da0D3bt3sozqjKCJ|wP=b#u!N-)~Hh{q zpHQZLTnWnLhf!vk{4fG1X2xirhGB+e^1}%HkgOX3%H)Sps!V=!RV68^CLnnXjH9f&Vv|p?$KN0US_*{YtQ?1oPlbuZsLX zRFzX^-m3)rlwei~W|UyB5=<+>JxXx55=<$dhum)%bdw_ohi-5lbZGq>(D&RMPCvd=V6ZX9h{?&C4=q7ac zf(F6!;IICh;IaO5;IaNN=o5_C4_IHYK4X2v`hfLb>mAnp*1cBVy2;vM^;nl!=U6rD zYwXMHGwdVm1MI!*9qfK~FUzx=*bdgiE@9`e8p~^zmo3j&99BY#ODuCN8uM%Bm(9^s^>-Xw; z{U&{f-lJclpQG34Uemp-dj{+XY}VbO+ppWJ<82#3j=>F@499>j!ymvZqG%z};dY$l zFx&sCOX&u6H|q}S9@0IgdqMZA?hU;~KTqEb)(O_=FVUy;gZi8G2lW&BhxCu>U(mm* zf5Tug%mbSS5yKk8C5Dt?&~UTipkc!Bs^JZz1*{-68zaUw#!HMTOUSqz*oH7rZZ#Ew^ zPnaJvKW2Ub>@>V#u~_C=nk^B_8p|b?lx5Izv*n;=!t#*iF|h9Ns^tyV!p>ux*$BIa zy@XA%gY3=hL3VPa z5NsiH&`Dt$9>nnrn6Y1>cnF`P;eV2R2WdU!-XEmx(B3l#dq}<^Y%mMzzna4L((-pv z_!bIJP#7DCg8W~m@J^ckT?((E@UJQCBjKoq!r0K(LS}R>g|WdcfLjTC4>r67@Jb4Q zpM;~AQWzU3gY-TMe}bmpK;a<@k5TwN6n=ohDGGms!d(=8k;2O<{3i-8BjFfJ;bSPw zk??M8U~3^W7NjsXv<2{53S)y?07of|4Q~OA4OT5=?xy%2yPc*}e2;yY!W7?QU!X9> z_t-NOruZJihO(eOpW!k2bi4ax!wU-7WV~4p-}M@)XAB$MTFBh>0|I~GI1=9VD21_s zE=a$h!spTSQ3_v7;p-`k4WdDQZ18I#^8suq4d87w9UBG%nAYT zz$X|FD*DS9C*<&*zh>W1z<3=jVs4>$zZ0(qfa!O+^Dt^3VEWzeypzDUI!M3nyo$o7 zQaC~3b_#E#Fb)?ocSb0T^8t*@En;rP^#F|5E5LV<@^|2M4e&=P{0c4qB?^C=!r!6r zLlnmAd?9nkeFVOZ?jLvDN@2R5?&znm3x$w>7ll_)_(BSAr?8*GSqd+rFkMe~V1t#5 znA_-jI)DvV0!-J_fgjQQbUhuwA*BD1)OX;MG@Y)e1Gt_=%==lIj@tp4qcH9Vz#$6b zbr0}53a>;Vz}V2+LgoP8Hvry8(=i?ZzKz0o-vRhT1il^bO8{fME@W=U`xd|$?*QX{ z4d9>A{CM93`0o_H3x$iA+viaDY6>r-a1Vu-Q+N}FH&gg*3MVOiI)$&HFy3FF{<{hM z{=d=mf1@y+FSkET;iqW&_bB{13jc<}biN$WQkc${11C{m|B8BOEx%L07pbLub10?^guUh9R;AgGP z3iylGhywnIb&Uc(V7){EUujJ#V8J@5fHzogR=^SKK?S_jI-!8=)`#TqEw5W2Q@}4< zUsk|Rka6Ae1?yiGG#QB={+-P%&p!OT?IZ>KWm}U1K5Pps;5%)r74X%z?Fu+yyHS_b~dbN9!NK z&j&t1L%fYHU_MZyFkX%Tjp<7p2e19}1qzwam?;O{Ai%>E(3 zpL59U9|C+I*!@#0caz-S-vZ{~v83IRFOcwHlVj5Dn8c6aV;Qco_&A0TAD|3SkK((oo4;^PVOT~6T(Xy~Eg z0vgVzA)VI;e@Ebh&(rWLH2gRXhiG^$4R_OU3k}bKvGz@6yfc-@uIpgtX}_v*{?hpv z*#5uAxzoAM83c-aDZJPpWG^s3Xa0)$lcuQdKHc%U>vX%dZ)m@&Yt?l*hR9DlXf0}c zw1{sq`!|b$Y8Zf7c4oD-$?=faJvpux>@7{KGct3vnyqW{`J%vlZ&5H57NUWK-vv5m zA(uZY1YO~%5OPJ_0l^P)JJEoTpIe$(i%Tu0r55tRL_FjP#5^aKCRXF5lWEf2ST0pa z#rU+NG_fA1*lEgQtF_1+tL)uzrHKtV(_ETq!4{9#<2j);aUqUgK%?gkq%!gBKz>1K zVhv7MMiWkoWqW&Fkm~BoWn=F>t2A+e361al0?ly3l~=~H=``P$7n-)EgaNKA)ziy2 zvuF3^gmcc0W#a-DOY`~s@>2%+-t;Nwuxue!NDJ-U%3QXuPsrstVP9W53uDUkaGl#$ zxj+;u@P%B(}30{JFSfq0pCaZ)+PE7-&rnMsumSi_h@s!F(#;3aD+% z^Sym(q0P(tdBGd@$3nqGI2caE0-m@p8Vv^Gd^pDQK_S7%q9J!E;SC0&-ayRfPJq-~ zz#R<*qoII1bgq!;Pvx>1H1sv`xykf$A#?iP<>f94y-^{a z!pYHewx=z>M@S2WY{nH!XY)eA)th%^6NywzaP=3{86n3 z$qu;qXtr25J)bS+V#0Em3aRwz#e8A8CjesDpor~thkc;!<%Y-Ik`*%u^BFcR^b6^BuDnCA z?AdK-0iJVq8(NI))mN9+lqSx{>-Po?UBAbaKmU=Rq4JiG#<>YQ@G8X)?0}e+iWqY# zQ<~@`7{7>O+&Ov2Tm}1Mp(8E8rqh|tBvL)KcF#mAT@Z5Ztc%-Q6kx96S%m+&GhfKT zCQ4#Bn#?u9oX8Y*!dB|xI@Yh`V9xK%@V!F&x>PKe&1VyZZr8YsxO!8WVgcqo=Vl9oeXyqZ%wWYNUtgM7fib?{N-=KQc|KY<+{W_4 z*~yld47+np2Jk85@%ghh+ryoY7vD}+w(Q`ub|^mU{6cBsJkrL+v<>YMIbr6PCeFn@ zIgK_uN4_t*OB3hd)J-(iSpSf9{6e=xd1sh~W-%~}0TBc1N)ubiQn!#*^}KP_J|R{t z@X@q@Zjf;>EI7kjpIsSLL@gKo^(47WB5_X#-I;Sxx;Rc;&Hb|C_4-XPZg*8c%l z{0Lt3^osu+T=CuhAnaLT`JVOMVxUbzIEK10d2XRQ0qPPV5AO#m!jF?E74e*mitynCN<}=Uq#}+lO?Ywg zJc7{Y=JvwHv)F6b4g>x2uZ-DeUSN9D^iy~p{|wmq%jhrDFNgQ$&+59Ef7Ny9+H~{m zr<8xXx!S*Kf2{qQ?Kj$C?I&#a!F%X6wrk{Ag-RRx(@roaRu;St&T|)@4)3Ms`E&1% z^IUe^wYL;4wjY$@L^@QpxGgP0ji z543^_z*bL-c#GJuS$>gFFP4VYlTK#yg_h>#diRM7`F@_;T+Cz;2|17|B)QE(Z?+%+ z(HAZD^gt{t-6wq0zE9|HXG)b5;Yh|DTbgj=1#<#jFvn!F839&!8;+$6falQlvsDpe z-c_17lWbmXwCG#C3$f(lC;Mv9>KTew=l7K+T1cxKXshDwi03Zs*w#@du(+K3tL4a7 ziqDNLoW!=E{cVa=@56&<@3ekF264n zf(t^>?{X)C-gwjvR_T5SBDlRml!qobMH36)%CH#6&@02UvMa+P zoItM(&sJO+PR7af%J3|`GQ4+dX<{MXYHly5G|Z6fD(3rAu~fF02QnPkmK%XS71hZa1;edV%jU<~WPO_gW3l2SufkqDr6UfEmlUv zD_NBcqdDOS?uJK4Q#V{vn(*N5?v^F=X4UX^SN{TpcfG05i0V%*Z`)N*ea};S0!Za! z*?!=X;^pPyMCL!x$47YUStij`l_b^j7V;P%?2Dy~h(%E5;i6qiv4bsZp@h|PiLN4L z$(B|nvv^^q4XJGo_>C)*Ex;oh?M01u2-4bAH;^*3mA+3@Tk>|pJxoM*0b|G+&M~}T z_=NGdrmq+uGaWMj(D{V(kTd5z&&irU=lHqf0moI2jgF=E*X&=g-)P@tKh5@6+t-2e zzueYreZ%@q>)qC!)-&0^vQM!e0_pDc>{83?mTy_^v+T31GaL_6>Hn#}Q{SUMOMi^+ z72PLwSL!ZM|7m}Ne@`;sQv8mNtzx#9|Ew7B44-3VG#b#7FngAqtk+$f&Fx75A-z$^ z^`_vqkz?HkvE5R(=g`D2U3yWHEaf#;6kuZ9xn` z{4QNSdGpSDp!`*O~qQP%LmmooG~`*;aM3c!$mv2enjnP-RA}Y#Xu6VIKL1 z4(zQqzGP^l{B!HomXUX8CCY>MJy@Mm7HLqryt~#%C)$GaEaDsLfg)th!fs{|cX9ceC2}gV?W}DmA(n!TU9Hrl;j|11VhK1()k;Wb zY4cEA%nWC#T4wPu^$zi3Uf6Wh@~T_~hj!E}q=u@?#6o~7>A}8f~LKf$9 z&a0do9Irc`a1-fKV4_6ytRZM@BI{f_m6)&O|d8)cKAh5rO--JfZG68z|` zF`sOD)HDKq0gpF+2{h&%hMyRA7(Duq>95iKRriG9ZeyqMkEXwyud!aG8`iaH|DwI# zX0e~3-JtoI=3|M$VYRfIE zZ9G-Jo@W#-UQ!S+snXTT;ptCf{L}5FXLOCM9kmWtw$pO34a$)D4)-*J$`qCn?+06P zW=iK9D%XaTSFeA8xn#;CFuaeMvZ_bR!RESMmKXyEo9cC0%xicbbYuHe`#ilaFRj;Q z+4g<#lsa9O@)|zPu%yF_MiJ3xwxDmrFyhrrI;xBj#x>QkG0g{07CVf#L6vDC9wAK! z7mEEwc`IjynAIqhySsQ4ky&O+qe@q4S$}^y^(oPOaBjWsN|edL6YF$W%xc;rb$6A# zyCSPj>TdJFIrX|A5>ibEkEzoIF{|mdX?(SogI2K*RTi^Eb~PVl#ZI8im7h(@Yc5EL zI3G%h-%UJJ<%pQpp(yr2ed>tkr}=fM3+T!sc0oL$WnCC~53UxS{8eVJc!)QRTvMkD zVphvNjT~+xgJNHRoKagzmAkTMWS`h6RH*XXRF+|bOmNEUTg>Pi$&1~COOjgmRBlP$ zk(}5+RI0LnDuvi57_Zpwl>X5+(kpfj$W67*O}Zzyj-=F^D z-n+^&w%eLUH$W+Jvw?*sc19v5#l_PyA`zaj-AFsWlvlbuG>;H^lU_8$(@ZU|{W!-$ z=8Q>Lss^@oPO}uoe;X*p%n@7+^ z7rr>m8`R~>DJ{!8Dkr2>Z_;8Xnn%!WQKWR#Iw79hO(SU1kv_n8R_TM7)p^P^j_nc5 zsK&fjRISP_Lp+O{Mpo46f|#{=RN_`tp?_sqK(8Y;u^^tsO(W=aq!t#$tj@#JIkrd8 zgHY}1APsH=y#&>q4q{$d1yjCNH;;J4PE`38;#q7r6yY%LXV|Z^huNj<9Lo=ly~fLo zYYg9qNcuB;&G2F7ayXKDm>%;V@p>F&;AUF)4~orG&2;k>rNb++OwC;}B2)8t!!k88 z5kew+4hqAYLEwpqPJu2+XKx%y_F>5yQ1}JUnE|iM9rg$=Kj{9t!tOuZUGY@DFU=1U(cPJ-kS|1YSrE&R)ukq6SKiuTFS&XSl*bn5}l`X zm?*Ay(Z!~shgPwL!Kx+t>{P?;@%j6i(&6PqwJb|35>?BN*ac{Q>G0Wjd!edkk1JHo zf~CV};nd4%2aQujFvA#Ta?_oyYZe2u7?{PtQG)@y<~HVZ=0V1IJ3N_f2d)3pbn~>Y z!0Y@&%!|x}8eZeqShTlj{kk{60${&^(SOGnGX@Pma()MN1D1nNz(bCR!vwbdciS1; z6Sh6JbFIIu^@FC~+K*`-zFf}T(5Y~mMD9k@aJR@|0Zxec)*~?=Wm%JTvWgs`mf@J# z17PE+^+0-WX&#P>^`guwJU@}iqdjICOrBv$0s#$81q~u+tZ8_g*avkqh*`BenN#ac z-lpM9o$90!eRet{N{MK#G9vL4=+;exDd!!=(mzxVR25Z~Z!n%=EMQtgqQA0??psWA zJ>=o^=HX(!p^9ACrr|;zY>Qd-2d0DVY`rdsU(q)#i7dezk=k4<-&19hF5Y1xyM(yi zs8r?5S1DvTlj)oi3ae*o8NN~+S+(UUF8k);D@5#8S)O8E!xyHG-nL=%%1ju+@Oq_& zvPsWZt;0lG8KDc6s6^MK0!9mSN_8xtl;#m*oxw@(G{&z@V@0)$XvEP~L9thSPiY=u z>h(g*>m5eI>;!G_cBO_km8Z4i40ZRcN<>+(`R~g3nT|0BnB6m7=RdqY(-Ut;7c6H_ zU1sO)Xn)#u!lHQ_{@Bi=3=M`ay$x7ktQQ_-XwZLV=Fwogh}kw1wKk2o#Z4G4S1QlG z;xT6%n))%U2T8h1&fMiE^AK_65!kwZ2qd**qhsik(7*Do@?Y zGWPE_CZ4lc>>gZ))Vil~AM%bY68ncrRrXJ%kYo4s#dGF~orBAVTIVL+K3Ydk5<7-U zRCa7q0jIg4Z+e{AuPWcP@;=}hIachN`ZujC#e2bj9R zXUm95>{YePnW*n;XYXR>Fn?#9pEs^Fp5YvJ^3Dy;FuRs*wS3$1CCh4KjNNaXXLtaz zlz&$-=Nn>%o1C8k|9n(C($H@>c_wzLBU;DJz#qR9^R@4!7RsJ%SO{T7I-89rvqdmj zj?9*KCHY(*0awEtKDQ;CO=J0kgfA2X83QosWY^z>bw|5`bS# zBtt~i3SfNT(vlf*Fq7m3kp#9k8%IWs!0bH8Cy+>wn*0Gg*;Fws5)QpxhDAIw`$bq3 z;3{|>F7T-gm_rsHjOdepxAXVmQ$iuS{Q)>4yh!m(=-+8ZH1k^wJk!35KXi7P0TX+I_zYObS+_ zi*sF=&t}fgrsE(eQ_&{px-`{?-X+(=Jg3QGd;W&nTiLk*j4r4(sU4gofsgg)?%0Ol2!!FO8* zHp%FcR>%-k$_~U!hc6+IaUt^7^`!W$Uv2eCACE1Yf3KERnxpUzxLy99|D@xD(%}nm z47DToxMWA}@cB4_+L3!)X-DpcU8Td@aF=gsqg_72ul{e<9(%LGAbV2^`4-sO2a;9o z=&@f~I#`N?zHdvI#IemNT4u^!w#ZQ>;^ObFSk~QW>2`B1xL#COH`nco(b#TRyqrW9 za<^0scv(qZC0jCufg9C-ln1YkG2NWPmr4hDV?6SrT~!0+RWrXqtr zw{)2J1fvFiA7AK?d17&o5C}V;CZ08qEgdGFaHxUu$LAucQy9avoTstYzcU}P+`u^B zaQ@NxYv(J@A34A0{I>I(&PSY|cYezGap#Af9|W$z0n4rIgX}lhhuQzLF0dYNJ;xfd zCat{nYHPoB+|F``&)}LE{Z2hA3)7F2te$;xW^%m>()~xkXYnOGcb(Pg^ZML3bwS&dN*VtdN zKLxvm53&Es{tG+A-fp?Ua+uu+p6btH{p{)NVs;M8THdt$+42kEh`eBVmc4?_vw~%m zy$LuV-?iLtHCkR`b*zis!KT?C+ALP%bbprnE%!s|>OX<4{>wves{AYif&!D%L!iwh*n|V8mp~gxupR{_r=LJ; zNpKN~3}MI_AdxWwg$cxyU>6B`NRYsRl|WVs2_%wW!r6`>ll@C164zp~f0;!7CyAtE zPhrS;7Ky}IGFveU%+^atBu0VB{xF8@X%dN1V6uM&K_>enB$A-ON>E_kNYcJWg0GS+ z>qtOQV8tjfTQ4M8zD|NiNf!Evzeys$K_XX@ppyhENZR8hc#K4zOM-Jqu$%;EqrhZ; ziUi*x!ILC-0tIF(`3}|~iF}#_-?p8Gyuz3Na84(#+T_Glo9xe$oX^-gCg(KSpCf7C zvF%|Nmg|@tk}TgN!FO%<)XVui$@yQlFW1ZYeUkG9+fSHEj|C*{ha~uc-Bz!%7fH?^ zInJvXro({K99j~9xn6|p|0BWwlHg4e{G9}UBf%Ra_$vus$AQC0pr4T7B@+CY1b-yK z?@91m68we)zb3(}B={u>enEntli+70c!dQ2O@cp=;CCeWDGJOiuG7rYI{!k_{!D_` zNR}UvfFRjn!f6gY33MdTkSrhurdfeMyJiguD0CKqh~X;@dA!z~P9hhRfS5Se%pnl5 zeWcN0hN9OODKV|+n(D*;M{s}1jGwn9Zn}{-IHv%Qz=DgW*FVLFn zfLrh>%TnMQeAE1f`P=3XBYuLJGtV<03mk@TJ3kB*^j(&eQ!VU2OU!yTUZVo@E+i{lGEkvF|b`%sb7mSR9tHjK;B>|ag4wEcnouH9fh z+w`*O`_@ZMcVkY(#nxwR7U0AD1o2*M-vVC^U&dUP{{lY8Q|xQN!wH!Sz{6PuT#&1Q zt8)wcL+iM?)B5kGCxKt{Z?+HFi}t6>TpEYdVaEIz;Hm(B#f$haj&8?Z$K8$zXUTb` zvtYVysz0&-X8${jfmsa9Vqg{nG7Q*0#Fzj?N3+54APV#je9zW9K1LvXBiB3d6<+Va zcYeJCU-tD5Oe+|iH{hJkJgEiWD+~^NuP`|9YaTA`Y_3Y2|2xO3x=Em zNyGPSy)#Roey#H6CZc_o29NwVC611A}@{Y?U0OS0gV zW3Z8)IZGt+?<5OdB%i>L4R=Cs$IHTC{~L~Uyg&+koMgd!f!=;OiF^YEdOQBM2K&cI z7Cg%hj_;E!eLuve3znCyK%TI*xSwfE1V@Sx6coUksK7IMOno1oKF65((y# z;6xIfKmts@7%ayT=vWfWL4lDlt&C0=j&$CL0==_m;w%OuUf~8K zS-#FNF6Ru9Acz7Z;kX%$cr_Y8s~RE=Mp_v`Bw=pawGf2=vBJu8~xBrqrc#qWEG3NEQ(@4%!QDCtD2g&jayX}3< zN^Ls>-u`&!GRLPJ?{&1nyZZtAHlQ3oW7}bCvHr#SsP%xg+v>3z+3&OWv)8lRfx^^U zzGwM2;1O)LoNoS``6=^3bKLATy=nS}Y0Q*0tuUQv{1x^HAQ;0&tKmh%1BUAj7aLmi zf7U;&f4_daeyQ$t-4nVG>T}i7Ppm|3}_pZjK3qLGL=%3w933=!~{HQr%LB4mA$-U zCy1l3Qm9e~t7Qy1*COaeYE>$I^NKUAWlYjrtCm^(a4lm*UyXic)tber)-om;r>|DC zs7~K9My%7JVuP<*Qi+hBF$qKadcHWAzPznF>jR*BC`fFW)d@3saUo~iS>pW9TqX{9g{5e z!;DtLgxVU_i=9CRI#fQ3>KfIFrI4Kpl~NUJR4bOK(mAy?s;O6~a*Z~RAyX5?a5wrE zl}f475^Wwuo&{>=mFB}J@+?p@uQbm_udbI@T%XOOSJlZYEzjmrWY(lsAEedUJbFdF zyyDbp8bw|WNWExER^m)tn@yw0mqD$pGAs;;S=GOUv@)AU`^CKKJrF-c(zE! zx@;arc5`atOI9s%olvV9Z>C{Y1n&emk8H%8Q+WEug0RiO}dSF)w^j zwY*h6sB@_C54uCvrfUDHwCNp{%+jAt8Lv~9L88&5F&#qcA;R}8lrcNy;yf7^|t z#+!^c$tlCxf4^%nu>Z``;Vf1#EL}i!d7l#1j|T<@TKfb6{xi@P1*Zha-$1C%<7x8- z+k}06>1-|q{sv;bapY@&&$xtmkKl^&dBFvK5?pYs5ibHRnHPbwx^h9)yMd5#74vQB zR5Zuu2HRq>P{8l?`w;nV}eSo z;E!sqqFsy>W&uh00@9OZp(SBoJL*Ngz~__T_<}FwT`er`5^|M+{7zs^_&C>@6XI|# zrucLoJZgYSJX^kdv~&JxTcf_Fba)R@P2EF3go=jjT5#M^fKe6%j*s`IGSrJlzraCn z_vBkycITQ5^2iKsD>6OY+H4P49~aW`{7zP;gv@Tl2f93FYhK8$EFDf^<*f2d5OrgV zdC=%adj15ZU@ZeMl-+|Jc*KxdfH()Cx_vkcRjzvqDc8Au z?8kLfrcR!D_TRG@n8iRX48U@V%9qoVXgP&Lun>9qLVObGs_w!ubOU;F(Nyde!3MMw zm!jL@lM8uIK=23Sf&d%PYUWre%DkE&hcadCX10OreD!Gjo_|LE45E#_hZF#r{VYhq6}H`tD> zFQGC!p%%&g7(~X4u|hjHK(5zdR}JWh0(kHu#YKBk1VrP-Hon@CA24zeM0e|DqJ0|K zeG=v2@U5Do&c9?9qr{3?uxkc)Q&PW+la;5VtGuTYtfSj%6?0Q{Z^&t&1Hj%E+}J9O zN5O_L>3(K6Joj|_f;7?&o4u2DI7?1`I7)vy`i@t+rMBV9zKZ52<;s3pR!V zuwTGcs?4PqF&imkM@`>3+OpDw29p@)(tS{c8?`mFCzBn>Tv$5%9>TfO(Yzw#h%R{! zm}#*0APy2tZa$ZSo+onIUXJIa{QVs!XR|>yN0;?$}k;;XE6ud^}a22th^dJ!G za78V^bGgS8_Jsn$aKsx4c)k9x&l@P^OA{v%rT}I9KYJ8Yqg9^4n_|gWAH0P}d_iPM zn?fFMAY7Lokr5u9fOT#odMxe&49Ai(62v#{7jef{-S_^9SHkSjXEE?D#DKRnVZ&4@ z-AkWd6ykkho(HaEILJp_em(*2Ut$4|D;P}(ejyM^cmw{qr3ou8MITY0Uda1GF+LLV zd5uo<=XfzTgR^2@8&<&$3TT z&$1I{oIsytpH@E0-nz6jVZ;Z;NPu!e8h&k?Dq90TyG;dy(|C4kfNLYZVx5oV*uZPY z=4>G;IkN#dH+P%IKiQd$8$8^2YCPM?n9pyK<*t0Kn<2(~Wu-E{`deeaE31~_LBVg| z_;xbk)t({aLPE&o1>n~6d3Y$K&veowq%U}+9w9{zHNjM8yNs(YF=NFlX&rytCy9eJoXwnM1H&?tNPnD zh<(D7S{~#v`vvh0o3g}}PKwUP)W|t!xAo&~<$+Y-^08bBxqO0-@f?UO3tXDd^c11n^Gg%QW4zEOfoBy@0?nm~<8UgK zaCz2PgCKzm)wJyY+o6CNgixJ7ac**+>-d4mZCYfqLBvIxOEec~0-B{@pz(F)XUun) zN0|HJSN%`3hly8Dov9S<(wVAhww|LM1NK!%`v_+HKZ}8P5eD{0N)z4WIOoYx`8;NB zwzst*k|ZhYI% zEu7r*AxM|36*AfWY?*xkc0!FA+g$3y~Q+N$P#HB)S$|^F5p46tx$6)<;%WUFCk>OjcFd3^;nvw zO6AE|tY*!tx2#($br(}V98w6+C$mKOs9L>yK<2f2&B)WGNIgsz2qJ0g;Y;)rX(8;a z5*N5QJCF_f#Q~|IYn?bC5gQd>A2l!gD%(=|A`f0My9&j4DocE0Dl&Afyr>*of$ED= z1w2($`;uSRw<^<98xK-P#141S&8VB}Os8P4!2_mPD0cwn5^xtl1W2CP0lU;XK0N^R zfP^Hm+R91X3nGyq>payCa$?8CIy>=JDDQ(b9x1!ZIMlLue635ZV%;M0Dn*6ah z3q)33T8ofN?6KP1%ZclNt26(PWN+!XMC7-wU$sRVMm>#EiOnl|D&Lqc_H0LF^41I@ zl(QL7<0P9n@IhdUK{4ClF%$9MB!$!IOZe?7O>8G*J7q0Aufkd=^D`RMD}@V!!h7lS z^Y`0I6U5tb$wV&*BDVnUAsoy{5N?FAAz?w_BNG@2JA#vGzQCn`K`;ms#h_3+I0}H0obx5{ z`S` zVX3zRDWc}Ttbfy=Rx`tF;w%PcG4Rigfn!UD&V&t2qalx&JJ1_u$Y(DdIs?ZNVr|D_ zPw7w#jv()@I~EB(Z%ptf0xo|r7IgVz{*Wum2P3XPT=2yro`^3N51m*#)Qk&}XV)DI zgJHoN4F)3a<4cE@;S};lx}*F=y0CQUbR2&M-raXdFQmYyhofsw>CkC7oxIlWz>l>z z21GYW#+;6)&`CJ@9ppp z060ZklZD>2_@cXx&+RGZx%EOSFFojn+uR;tCN%O!7^+ZIg!g8pCL((C0hJa+S+;Xz z-b_I|aaBLuu-B|?=R)HBk0>mPAbCrI2d7N706HU>oRjnyac1-lg}9{hC>D{vs8m8s zlz(E9JdHOaxXca0TgV&?RRM*)}ynV#BDNwLzQrFh}&50Ql<3d_yt zWPsh|6ufHbZsLH5CGrUKb*GmOakwWpE+;)X!h9c?@6$FMLv6x<@tIIHJ2Hq2lFgQ8 z%zTl_(8(ta$}3G1iQo}ee_c_!Deqoy<>J4*bZ9aDcD>|7sa*SOPf7Uri{u}F{*|Re zCzDy&L#h<7^hab%JgIbOA@0vo()t|PmIWuv0-Qz^hISaIieiS*ZU5)KSj>)o76UVn z0l2OrDZKJ^wHq5-3Bs0gf^19aM%PvJ=C9F^>uNWcTJd>6N-*IH#{yvMDG~FzqVBNI z6^nTSk!UOu^2DNWT}7e*8V$Lwb}tMD!hRng@_FF8ItQna>uR^`x_S(bC)d^P$=6l8 z^BHE2aVO*au=6Hor_<~Bwr$MzKHH%6Hq+@QyYaWi?;5{gywO-R?gUu?{A0e$e2lr4 zIh*+a;O>o?$KOAs#_6#woX;4jJI8-WXJ;Fo#lS2EW-)LSU;qxo75MleyqjJ4FbuWK#7FgzC* zB8TCwh2cmj1{NX$0XPho;}mij?vfpbXXAKs819;U7@kl%bQVrO8Q-&a%>{|Q0%FDA z6fGTU#{|F~0g}`(|7L4PC%0m-j|a{Tm0C1;i_&Z<2&Sgr4B`bMQV1mau`XR5n>uHvc4KQa!!Ad!Mg0BNUK{6_B(Dw|N3> z$UX$HTk@_VA9In0z$hz{yTCML|3JJcNgf9{BB+eBw{V8A&^&&P(d^wnu5_v!hseZ&+l9`!m zgnNTceT)q02}StNE!vx;W2Kp1v!F$ETRI1p+mq>!i$ zcS*;(wPNRpC@f(zA*)#BZ;D=3Ne`fVSgvMLAEY9^z4%qLf@vhj5R#E?;$(w?hp{*Z zTnSE5J=ffTL9GJcBhF?j$6r&(9~ckB4)IQz9b&=f^ zTj@{`W8)oRo_jPJz4kVg^vUW z#P!+K5K~ar!^zw}`GSX@$k)3hS%r*ER|qJeev_q+(`n}x>(;G6TA!HN~Mvvepx7X*;c`5mQ0J{(ab zvsB~_PUq~MS32ayl@JwxU5ZEgrqUq~P9z!tyNor^2baROX3;?mY9dDC_*o*?P33q(h zuaStBMnf(dQABKR!x4noj4tv;5}pKTVY?zh9|#J7d;nP4PXt}O-|Y|bd|2>DBS35- zDXKE(HM%h34uJ0jUjhjVbm0_2Y({0o=4KpEh|Q=9vAGGS6Jj$e5}WUXTi`}~h}}bO zfzgJE%`%lYAVl$90(mjO;?kJZoXWVTKx)E+6BbAi8$l$C*b)blZeRrujE|&Z9Ap9M zwSu7X#=mh3x2mg?%N3z4y8VMJcs>h6APC68KS886CWzG93SqDa!nB~(cP5w3$Kpr^ z07;-12Bio52+}F=dM9gSgF6zpU+q;NwFl%WZfDYU9}$Yws;+o-p8**M)=X5_ZxDtL-7@L)X>$j5HbI4txPquoGC=d#&CH=(+EKrEIwDsiWhnV6mA z%}BZU+M8O?PDJGG;a|yp^q+l6(CR=!DK#2K5-ey_ku?SdAd>DW#9T3kVJiWRqR9mE zq`tJk#({K6aI-bqg&HNT{My57L7N3MTzeo;A#4lXcwd-C)qQEABvsoDRP}4aTcOSO z8%u{SBE`SDd1$Xqdu!p0q93IFpj~^V& z$#$)VJ>H2;qJ1*e3(A^1!M#9I-V)xG)mV^p9bwHwqT^S`xMLF zJ78YdR0cZ*Ue`+OLMjhJ6mUQgcMs*}z=JDp4oO$==;2z8%T<1EMcOM!lmdLmUbikb4^C1arx z*#q$wL76fw-69?(=>?P~zsyt=;@S#1Krx8Ll>K~(ybKvXu4WanY~LVw1)963HjuM+~DlFJY^-z1C%jRr?TqaPTfug^`Df;+`5Wf@&8yAFnFq`VwI1#9 z8oO?p_GbJ2<)3z+w#W3E_Hpe4+HvhQ+Forp`YC%@8AH>xx4)B}6qU54aVwsI*O84R zDSm1hmI&&MS?xvKgCH5O&K-QacX4Ayh2L6%=3o*jbAO<^$9Z&L&%R{l3#*tC) z@}7{KZ@x+YgBqimO`65PECyyVa5Q4TQySOey^b&n5{p8PqC&zec*6mB3q>9cHJTIf6(@lWV!(ciod1>g z)5K!i5Hm-CtYb^#$YEfatC2vOBR<4+cn^*xT!(~=>wugpmbnfICD-A`vrC7r!e`5^ zDbk6C*$cJ!#aMk~3b+DO55yKUSb=H>ITplM&C4A{BEk%8Y?S%x{{Y^uIxD2Qeu&)P z(3(PiGl=b`2iK=!dqlTG?ug$Vc6Vsc$RAKBU%+!Q$o3+c`Zn;M0IY@S z3h)=uJUIev207h@J%*P#@szxmsCY?`L{f_=e_JBI0gN8FM9Me{QpWO&2HZ63@eO36 z9z@bZ(xC7n-3e9B0DXlhQ~k+QPqLEczp!-ZNs0LSsZqqhB-l#XH4%i4LV;m-(Y6U zJ?0IjpPL>q&oxI(W6qd!ozrA)a=h1Wx4o(TgC;Nj{-$|V^E~>M+n4{l9QRHLwN~a& z?}UEPK9u&A#+&dOzJbSUc(>|q+CNw}a9ut_!{I={9|-#VkwDlN4tN4S(Tlx&8(vMV zY|D!UeEwj-?+JnDzaZGBD)U_H6$`n&Avmr>!B995@ruQeo@N5xkA*=2zg}Qd-qh?i zXcG#2E|x?}qVPHpY|BOy#XPa^S+>PJkV?mi4KCCXY8-rk_&5YP);_2j%k;Jtk+ocq z9nK(Am)MLqrPN)>wT26{Nl`o`yFiPwi1a%1pk^8qzzlI5v{B&+h1TiHbR{z7X|o)Ao#RixfDkT4aRBrJ^-#FYvj5}7=(EQJ;>L{w2cSTIi2FcQza)IiIh({pvqp- z0%fDvwX0p9%IxMlL58Pxwk zd5~5_4R3)r^=eq6L)k1OupVN+uyIwr(W7s)B?bF-7aZx}kT(f-zR`!T>?^Gt?s~b^ z*v@yAeCGpq0Y3YNva69Q*=Thgool;dd?o{KqG~paL`;FL5EnYY?I<)~B{v#Q7cuv} zHM6$}wz+FfJDL+I%WV{Ly(zHwPUn5)@MSgE%}d8dtM7=y7FMOdYcjxdNvF$wUIAh$ zxoUF@^TPHb75^)2Y9*4fyXs< zgrPiWyI&2;qE+|uu4Hz=MNTBL=~Ss~V;1}oqRpX7dU@d4d~!2iSPlHmdKtm;Ul+3P zwxx69RI^^ZZcUY}XmYIDhu#y3*|!?mV8bX|JgAauWp*lcbrq0{#!kMkP|OKvcd55) z;?Z`3&*m!4qVGjq{H?5h0^v;QR9`d;{vcp!!)8#Zb^@Wi=V$lTscjAHCi`GNDG0qa zIyTi43Fd(SZ>d#kqO$~?rEgC4fogm0Y^!>JtDeUzp>{^lS}owOUng4^Ie=^Df^E8^ z8b;Ugsq|(Z{7_Zv`Fdf%wHhSz2GOFc(oPqA7VwJRQ2;hRNT64n4ir}_JG%xmu_{%G zs}2@ZjnBMlUtc<#D!49;f)|zARc!%(AuznILarFAb`a54w`IYP$Cey8GpSM~8tBDv zp!NZ|Pz_FQct|1wo2O(yNy}+Oe???O|06~Kr6Nj)DhMKB{zkeItWKpU$qop#ONwmPOH)>nr#al zMRmT>#jpo}C--_4;!$p`w*BK&?4hvwp|u$VXgczRv`}p-;9Kqaxnio?(YJcbmW?jB zm!+y5SGa~Pxgy{%zA_slZ)mkK1U3TsOg6>W&INKSt1`uEJ1IqW$L5VwIZAVd`nfg( zzay6yR<7?_o6YViRzo{&xNF^tDP8a}{gpyD%`2qgs##m9!U5YTfRYzEiMcI8zK}2T zq_CU~B6QJTrNGUMaRBO7WH)@BIY!4ZmY-OjvV77qV!6h$#uB!i;>=wEPlI=-dj z9A9*Nto+kH2l@b6-8S7SonN<9cdYK%dMzA9>AGvRhNGyvvt3okfa5x5t$NDzW3Tg< z#?Qhm;Ttc(?7Q?)%o3IvQ$TuU84x-IG8ZnrwdJC^+v3??pj&ssT?n=?q+$k_848I+ zJg|}{Wvt6j-jag@E(&IzsRLwqM}obT>i|w)KQiVfX_HOg672qDX*`TS+;v1#C9M^k z6X0MHU{?km4>Gbg*rkCPxChw9eOX|D4q`J`L?s3?#lQqDjK8cVlIM8fV)P=5c1X+> z*-!@uX9;1TY@?Pc>BO;QZx-w?AYMgp9|-w^5pK9NgP-KYAmJke;~0;Xi-OV)FtZcj z6t>(BmjfrqP=7X>M^qK&U?Y#Qq9=QBriQ!S>bOofNds&8GkvziECyyVP>BI})FH-~ z>7x!Zuiyu(qT_D4JOr3m7;nQ7M1o=WqJ%pZkGuV0SJ)emfj_4Z?+WwqpJ+J52f)W@ z+?|MnTt+J{MC3AdFAN631Vg|rL_m;&I6WnT6uV`D6vXW*5v16y6r?z&G){b=60>u= z=YnU@n-`YGoAE|?XES+#nhD{G%7-g#W??FWt}9`CpF)+AA0Q6mZG-o~=}UgV0-XF#Ia7utrXV%3 z6sE@6TRK*p12|oZG*IE+@T?q9B~qYX3ipIOa+VU~28F_zU_uEFdeGQ~>p~2;&$M6@ zn0Y{@ATw}!@^F(N0yJ<9h`}Qrct}Mmz*#WMu(E3{x3`Ea;N~R@{N!WqNbV@WuTQ*! z(QkZ80e&QQ8l>vm`Mh4HdSN@Nq;;M5F-?`*ZeG|_ZFZurO zQPtJm)oMvIgMswOhxA_c)>H5Cod0LtzdLVR_nDrwQ*v(XaTq_&JDo$$e&0VTDP!Q!qz-rz+gocu4Fo zhHTFESB7jj25HUNd*JoN%x` zWCl=>`?8SHH8uQ{t8QRB^;Fk0pRvUq6sCQARhbMXeTBarZy&` zL7y+;iH5GwPqAEyEN?{0%o~BjcsuRF*`aH@zgrtq&tQj{D4T*P8;JNIYO)-SOw>$S zL`{~Zk+U(CqUNW7*K#{OgulS>T2gBkD;qFCRIpqL&FrPZieP*5QSUhwpiN2*L;79) zrD#fR6`U)F{e#fvi_lBePI4=fC3W$Ivw9$ZWu11}S&-{0C|q%sthBjOwJll{+vWaD ztg32S<1TM{$6qkezGXy}>U1R4nFRa3A*?V%HPqzejF)0+@{Gw#kt7>~>7&s3ho4DMA0$x$*c5JchQG^`Z~rRzKe}17X)5g zv||0iB*SP$Ofu#|gnvwN zjHT2ts}UjJD2{zOvBF}o@vS-p;6DA-ezp)wj^#Tzy+FM$?eS+_iM#DnZ7T@ zGAs0h5Bcyac#)c>y&Y4+rNTa;`!BnHzx!18r@LpnKhnLW`^t_T9Ruy(Z~u$-Uuzv} z-P-DHc@d5Hk8{%bDE@oMIZA%4LpndTPCs>w((?<93(2jSD>zV!Yo!7}W0h%WUh2s~dX0JNfQy*rtPe;&y? zR>aEF^0tito(Mzla>KxJoxF>??hsfeGcdf1?j*6~&d4d_L95W#mN*ikp;oNs1;3^x3n_!)d-MHGltK*Bn-{n~xko?6z`P&rW>0(<-}3dM=y0=^ z7dTIRL2g?(EEE3-zOG|@VWWZdK1ajysxEh~SjuD+zL;Y}#%+xiOaXrB8b)!|pt0%| zT<%GiZAD)a`$yk`tX5J()@$vUe6f-S#&SiYhHOI3>3u%F9KamasAS7n)SL}xVC)C1 zMk`u$Zo{a4ilIfboI^SDeqZf{0C_h~C&6%ha}}tl@7GVsv{GU#zP|__WZa7P}{x%~$UYT-%`Fnyro}aU(qAg=kmembR>&4qz@G5IG6yoOU zPNsg$-ov6cqPtRc0U?5TTR@9cRetNOw~3Qr%JbA0vn)!JOd3oc(kfG&Qt^ZFT3l+k zj9pny#zv?gbMBbqvORI)ENDd{-Qzb|EG9F^lm+3wi@k$|i{FBL9tq@Cpri%*AW>A9 zbf9alPTWA1qJv3I=dbRlb-w8BI3Qf(I3sjj+vVu|yUuTS{zB)YorMmm;}R3jB}>-uUmf~$o`vKf8Dvh>-V~T(Q&5wr|YwhtzBojezxnAU4^cA*RHOJ zQ*ivy@x0?(j&EJyv%ceiIbvU8K%+rY3m?V>jmvk~Pf z?sCwppKiBYfB8**=p=%^fGYXC3cMS`K0xsK6-`oo-gqz+Q6p+R{6773o8|h;Zv^gd zLREs%;3fKL2d!a#ih1Iv_{mNBX@S1vrx_ESU-PxKpN7VXV@$aq(g0PeK3d7F?XN3Y zV+XQ(I55 zUj1|jT{cYBkiYhF{WOCSXIxXh%r%{65ax_)%GYpB3`Cr9P5DbQ2vh|}#t_8$*hH_v zaLajtOHb&h7>fAAx6)mhe;4aDY`*MBY$#@a+KO-6$R=RB-^v32>fwMw`l*l64?V#M zZ6om4SwHw{R&43~h7akd7`F5-HdOiKwB6B=@{iLeGbuk`A?07EpJGWpgKVsJ+ZT^G zuUq-a-fa0FjsgfM$kQdpZrB{db;QEG&vLfqh{Tzr1x(`1ZCZ)#0}^MJc487|ZX;yP zLD>(*v`2iez1un#4Z5-M-bYs{SUXqnlId>K$8MZ3N)rbFPhxm`X!<7 zulmmR-4CpPaosFx_+zcV_n<3Hgx`d=O1+bZ0A(xEuDR?7hS*W`n2mF*PzSM@!vcCQ-{{! zZvU6|KW{(XUTWXfzOn6%wm)k7xwd56Ep2_RFShoMK1&5>4 z;c|Hep|zv^Faq-v&1_<6yb*uCPxhIO>kMoXuK(n^Ms0n@ga=Ocnr-V%!ZL7=*|^RmOtSe-cAIUlv!_I|Faa$F zL3T7|<3HJDcDmlalcD#RNUBCJ_sLGP*ERON3Z*zfxHWqCPP)t}b>p9wp>4mQDjF+s#g(Z=1Q@?DtYzqsG>~)Y`DI`Q-*qwlr*PuC;-aNa<7F|8{fs zS@x2nQDf^~5*jux@1=!Ln2oX8?50uPOA8-2+twkoWiKr}Xg01hut~W7g$Ek7E$^j; zkC|=jO~Nwp{bu7jlPK?{g*me=ma82lZ1&Q^akCTll3gdey|gfE_QGDW>s7s%7G}&I zbtY%CmljHmI@#={g`(LB^le>!FD(=rHMZ=fg?z)t=9e2-xUXU3@?KiVHEdkoOAFaX zjV*g=A=9w2WiO@8##n83q_ga$l-afpnXP+i+H72BV3TnD3&$F@wd|#&*|y#!ECWxO zjq6OpvX>^!wpgxql(5@N39}RSl3gd;y`-7Fu$Sz5)$AqJ>``ZOc6&)_)X8oy#m!Ej zZ%c!{BsXeo-Ang2Y;1nHfrW{NjV*iWqYWEd_R>chHMZ`hSi{Day>yS+7^}^Wbmm^_ zb^f%l-su+BecS2oxv}Spp4M((d$#>hd!$`#?`!*i+rH8E<-T0s*t!>tA7PJEb&ff& zbG8a!cl@Jp)bT$Y-*9}{vEcZ;W8H(!?M)fxy-b07_0#K_BZ8Ny-EAy$2MyQsHR5Tk zd$48WdzpsKcWY8$trUO<#QUk$i#a6}VI@4hkrps3VQ~{&Pqm1W2udMO6d~pKRf@(F zisaQ0I;DD)aNLXF^3yD{9J3M@H_D1X>J3GsD#mA7-T3(MOFhjJ!7;O8v1~Rx&C<{@ zvthB?YjK^fvwU`{)7kr8GN0*6id{$KFT%d{#n)6-0|0so5{MlT`!1 zA?jLcpC>J}Oq{oz%MHqzxxsuX<1Qi!so>VUemNfY`lV0+>mU&K0dqhF@IVORbFv%^ z_@c7n=AK1Hw0P|(5pTk;_#%p=Aa}cjtb!_#?0j)ajz+xEh>Be9nz!*N(QqOX4r&p} zqj`XO;0N?U#2ZW?0b5XuhP`n)91OTGuv4q)gj9BEvidU7H?Ig0le7VG|M0L)^w=H4 zTT{b30>kR$aA2CQS}C7ml`4=HDGO# zj-edS%X~RE58Q>OTT8<`?;hSaxz#(oa}W7@Zg}VLurj%IW_ZWl!}48Q3&T4OVm8F{ zwc&u%q-}h1t8aK)c38b@>;2?!j5SN98K2#n9^NrM94D`_!U1t z^522Aazgg~uyU1^@%Kmmw-j-2 zMYN|Gu0MKTiMkevJM!65jym=8#3JII$zlO+ODt6`b6c9Ja9bMGPqRdWd^(lM0O{kz z{c=W2iQ9JX7I$Z5;#+QphfG%32j@oTuw&lwsAJYK`(Aq2chtK$uKw{%$EQC= z@UWZ?W-t_<*(7UnJg6x_DXw_~2<7(@BpcXiG=Bhy)DgcYsQ9kbA0yybP6x9X3eRkm zWv|Z@QncU|`eXOfDrO-Ro-s^>*XWN;&jf1n^mQ33aFJCKv>R60PHDB{!q2ePsx@t#ZnHK6QFw@3H<1o7%uGgV8pPyI0gUa zqJ+%Kz)YExk{JmEk;?h(B$D(-f)xedCMOqRIa7dTkFA zHVwwuk40Y9>bSR@p;+IM};9KU9zKvI-{T_jT{}5Hgl-oZ;t_1EpF2YtSFFC zN-4RR&D%VEQdTE{18Uk+%3op!t*LqS`W-kNhPX#llfVf<=57Ef*3y4UQS2Uv;+kjG zX}WWK&u(!izKlp>VhU5)oZVxlm9%R6AW~8LD7)q+RSaWwjAcyn`^*QD8uE{zDUsT} zSbj5F-Ri^H*=#6aR+m?0+LkDLYH3p2uy&T^1#l=?D9I^6zm(Ku*2bJ4D>oh6cBfqf zSCboN7o| zZ{KPdCoWGfWj3&Ug91)$ja$*l=;h6jW>q$?W8YhdDFT*$hnIHmw>Vttjh_AshVo{Xt)+6wOQMT zr!<-hzWTV$+ILxw$QNVbS9~C2!5z>F0F}ofiw$D)wt3rqov+>3wGH37uUA0`bLkE4 z9UV6*VDVDfQpS2Su5oHCCOBM`x4YO+(CRAMTQ1s~PS(1bp6q(8?!!yVDFmyY$8NXk zUc9vC8MvRSo06j1cI0xYX-Nxf+NNuUOe^L}sBO(o;OepYDO)=eevZ|)r^i@rd%EkZ zTeHHNx$s?TPL`njS-vr^u6;(n=8aL(f5Fm+9L!8-va^{AfXW(grryp;p;!0~p>JPb zq%+!ijq6vt?sm->L%%viL_jL%Y;@zFN@u>zGDe`=1&jL)uFW*jROAbTaVB=f-G z{o+_DF79Vyh*qEyp~vUYk+S{vGH87` zQkoKo-><;4FXUvx?L+J$d3{1i%Ify{-9=5AB63AaLK1^K5Z^Kqf2M?l79?GTG&P%( zh<9V5S{9_(@^kTg61ado)gB$5r8&KwWHg<-mH5|a$BRSZKs4Y{6(tz=M-tIQH13r> z2~7@%JSub$VSi8!t5I(}(CAc$;^;ADZ%M8vYr;|A%DGX-wlgO4copiJ1 zFtLSvd_){`skh%wo@LqsqMjgkkqHsFtW2BCAZlJtO~?unrz<-`-VH{pi+mnmbrI5) zRTfQxz`h1@dDQLoxP5_(B~F()Ddy!_=2~~o=E{5=Aym0)G9E8iSuSgnMXZC!x}wwc zp&Rta^7JHnB+O4D(>e4aY&pa4^WCu7jJaBKX|Hgb8C~r+m{Gf`t))MxKbEB*>S31m zM|k$V;n8Z{3CJhKH-b34cbk|@L!B}Kz1q|eYWO~A1ns!&eOUJWTz$Hy&H7^*dX?YK zH;Qc}8RcLK`eP~jt$12z;aNK;&I^90ZqOei*mq6`^Wzkrt#ITV&>uTSYq^^GS*s^! zE$a{z7SEskc{@f}r$0t;2%Qe*`z<`X4kZMLuw3Hmnig(oG#B(Dc!T9$8~Wtd3k?F@ zXcEo(CIy-lXj0(9Q{XcFF_MzV>0ltP!ZQTLHSEW!N74_Or`|IJd-UXmfBXd-vDdXE zT;;gh>G1UZcHe*MlZhUn@4CJ&*JoXaJN~fqmpTU9ztuU}d9Z!bvCnZ$XQ=c2ole(( zcRgwTEOmapbFTA8oj-!KkN>`7|KUA7tC^f@X}!MKL%$^hsTZCjDD^OEmuMk3YCl_P z)c(w6`eHZbRepw>wVzwFD&j68BZ~*LNrI9-N0krJFyz{BJS-`i-zNp4sz;IoazIMN zwFKn$XwVZ^?NtF4S&)ZSBmpSM`6QGJX?YG>1y~w^z|OK&5+ik4$;+NjGF?o9bJX%^ z3^R0^85`wzwuCGg=uns|6t#3Y{Uxoxi7L>N8HmuS6in14k1SCe44QJ|crsnei${~0 zOcGLdDwWLKBxVbWN^}Lps9BurGST#zH0iBG(?_A#?I8%`34nBEOe;oNuAhWWxfG|$ z2gv@&=7BUPO4bdtU^=NtC?eX8v>U=j+?__YLJb*hXuC6P~!x?;L3 zoF-{DdVB@rHENQ}!k~?96Qhc-Jj`vFM7>Vr>mYm#xng2GYea!HwO2b-M6%L_z%?$G zFV0I2Vm$uqZbIc9rKHOL-YJ8khLVR#gIs}WX~fE{<66=#6y-@Xpw@7iNET?~kU9Pk zUJT_Cye`;UDi?XewP|MJ`eGLo;rvY8d(PC0T)_SL5q+_PJ*A&N<@|*D8g2QBK7FyB zK0)W=(Q`IpE1Zj%=Dj`u3j4g)4?sU@`D60WSo;BMKHZ5+^u<;-r#}AH&L8^$@6i`Y zVh*R{Exq#;?xd2S9lU5s3 zgABb$vg(+8;d8FeFRw&~UL*;0%Dp!9{aM>R78*2vZBn2~fhGl-6gYnhK%yu4o=l1U zSxEG-dZGA%>SEZ(P)sruRkVgB4e~!pKV+WR&*D;gjN~6O{jHzfv=R$4{H;kEBJ)yu zc4HzM2?Zh^zYKrt8Cu0JrDu&x2_y)fKN*@MG%3)eK$8MZ3N$Iuq(GAbO$szA(4;_< z0!<1uDbS?AdyWFVNa%A}>lH%lTdn_3&mBECb$`G6+ugs~)!%hxS6k=%+rHZR-&)VL zezCRKdRyyFX!e%z)AoyPpJ_WPd{_8mVad@e{HySH?04bkg-;13K@k+gf$RljU_J7V zqFY;cOEW|BJL-!xC-aV?0GwC`sEUz0H$6|Cn?f*R_0wW*)_R^;+_umXZgG2lQzGn> zWk1j(0*K>~0!mnw;%XQkDiJvz2_z8P5s$;-wwdR9_^Rt4;^^x_O=k2H`yju(7G6eU7Hu4x^aB8&?*4eLbHL ze)Apm85&IH5tzF_Kn=g2=N8lF*X(O#aq~W~Z9kljSdff(us|Rt#>YnX?WGP#EBU-D za6mGF^%3c0##@mG7Z9LAPz;PH9RPQb2^8UekRf3kb^Lrdmc?{7e}5)9ot>fHJ`8xm z@AgQlJSS!I5<-fKB?K+OZG8qYOOt?}C?L9tx+)D$72)5*Tp5grf;6a5O4G4EoY9Ji z&Y4EEAVs!t=hd7vl{|(Nd<4m2DmyC`v%Emcs|5r-sqigIXW?6v%SrsT3KEhdWe{vd zd~;HBq)R$GqX7j2K*EzizQ|yzKG~~<{c}gCJWt(LF4S^+rz|ua>>@o7jf0)|D_mPq;?igI#Z8nJ58uOSaemG< zECPC{OA=`?Aah}(zfQp45xdH8YGc*n7KYoNRENAYoCWS>6BzQKIHiOyLI1PSLnH<``@}> z>;7w3!F7-87T5JISI2iczR~em>m#jGt(#hVTDCbpSozZ$X#Ie2U(0JP-)Z?q%Wt&& zV#{Y*K2vwTE&tZ?V?w^GJEevd4@LFGJLui_h|CVR7vIHqpCt}-3j#rB3raqjD-!OS z<_C$zlyXTwy=v>+mRkk}j}^*^jY#H`!I?N41vPXu6vz#8iyR)??!IGe6#sP}+B%H? zj#5+|ag+l1kzn`o_34KQAg8oEh3-lxGr&wM42hmDVCHE*QY8=<$2KT0{;3 z;C1n4TE%s8FIaSPL$reH)ekq{zr8}MleCMp9$J$PU@RamX$-B+csqEDnjO9n!ZfzQK2u|$HCL+3$Gb*O;~ zIe4)`QMC}sG5qi_NFN3HM zdD?QX7-BmqW*CJ47?QFyw2Oxc4nmtYIIG1Kifh*%X79^voXGCW45a{R=sRvTLw(^5@Cf`GXhyZ z=ubK3ihdRAZFP^V*Ofo3AydBW(Rx1o_`Uj~pRTYIZhrjRaLdL*Upp)7t610@68fT- zJ@sb(RFjtlX0LgyU4TO!tgeSXo8!j3P@yIp&==jbmgB~}(7qg@!J%AS*`>Gbe+lay zhlIY@`=0B2s^@2V9_aZ<&$gca?tg?Qz@N7LR@*PMZEp*-{*L32`E$S#aop&*+~E}7 zz>odEdgYE8;m51*>+w0hW zKbcFU)I6Kp0bmwr<5SuQKndzTj`Ea#AL}u~0=Xv+lrn(dkD1T1d%2i+Oa`z#)v3UC zz*H*b*;f;$re?Ti_;M5bSLcsd?j6k;Q|gGzy`1sIY+hrKVNq!LBfEDGG`v5oCS@bP z>aYSM907GWpZnuMeQ|=F-fra? z;R?bRH+eO`-x~}oQqUjwN&&A7r@gqMNa2Vlj{gKBzDNWL!ZF&5Gqf*m3}^}2r-iiu z6ohxtDy|@W(V`&SPb;{B@WmPh;XYc;6@)Ju3PMR=+)Hox&+THe+KX#e5H_?UP%Ys~ z2(St*q2t(8G{LT>}gGE)PZyriMtvsw^qppXWv z*2HqHMFUo=FCT#S+#}4=*XI0RAt=TXwl2DDH)q7X#l<;G9C@xr7u^f_^EGQ2bKd6Y)!m z;tfXQN;K?M;;Y!Fgu_=zN;2Ydifn8YwFyFlq2o4X1(JBJ0&c%P++1Fs9b}MJ#Dt6W zR|GRpeMt9eS)c#7$6ZKHre$}+A5?%+4>xH!5)G;FjP@oH!9Y-nd!tdmH|h=h!X6l4 z-1!oL*XIas?(*a;zfJ&-pHXl^VMYd!tuQzTk5(I7Lj6MoCI-U?bdQ{$Mh=9%TCzY~ zKn1~Zrr|v$4m^bch*b)d|W?C(8e5&-wCpbzRk*)wYVm7mqg;;Nc|hl zW7eX58HaGF6^RyrIzAHbja`|U?6ek>wxv?LGRKhD084o=SMV~WfLVPwo#Y#eRGMQm zWyuZz)JZ$`@82&M3M2)Ar9Z8@Qv`YU~aI_%N;8eEAA7_%?^4$pR+fL*| zMD~sHSKAJ_M)F1W8ObRvbp}0#M|O_^%re6|nnSZMYBVA?(aF55YQqXm&S)8j&T~x5 zlRS9`GxwF?sb2Hpc{No#Y58=L`sR}{svc(@Ykx(A$n=psWv;-VF^apLsDrA9BN<9Tmpt%2D=LRotPKpZ z6|o0uHcQt{)pKYQEWgZ{Jfm6L@z1fNl*4AQsW8^f@U}5)ZPoCj8Ir9Ov)EQ*`5iU7 z@hmT3jI+ORP##HJNq7J;5l9m#9n2A2SJI_w@R2D^nT|<^_E?6apLX}y@R)`zW$Y%R z=A{+n*kW*ryo)&^T8tqyBPOwflWj=Lxcjqt(1C0tOQAXUY+>qvT-;eK(&NG$v~q`) zIhOH}{kEeR4ho0&?6TC;Pc(WQ;sI4YvO~M-8MF=dQvn)E0&Q#QzAYP*s(bT~J61$? z)|fOR=SZ*%*-^_L5mXmEl2xsvQ?jxgp4%!PCFNgHm@9=Gei z3p?yM_80(zEw4m-RGyht^f0~*{$E49hNZ7jvsWt~Najc?qw-;D)QwK&5nM!<7pbi? z_I~VKN?4l__K&dx-=+%Z&9EIA_Q=W90U7Cftuxw7Y|A@gke?&V)-u`{xrq13%5V|h zA#suow*Ex7jf~A@6ia90J?V<9BKs&y6%~{2h-V9S^E5h-BR4N5J66n>6nacn9pHzu zxGu&4YD@2WW5tnaABHuBWs#~sXFP>`xB~>>*KX#8Q8;|sRE&-7Y{0$XWT0_b`*A2D z%L#o&bLtd+8vA_AZi5=<-0r=1+EAMkb1Osy#rmDtQcV`M-PoD+xF(h{)n-hC)?4Rt zIJpiEkJ!BNI0^HzDL;%20%zTdu2n0UPWhmf#i1oMzhrq=&{sH+RHlau#gu0K8jSha zo-ZZsuCSfsb9)HEEqQPho6fKCslbFvLJ?MG=s3a@>~sq z4IkKF_pHtrjjAeg7@ZG*kIomgZF|RdXS35KD}9V6V|%t*SSoY*Fb12lrb)scQ0}y$ z`DY z?FOOaSjQb5zV4QetJ;6i{++I~T_5lIK-c=tKkN8J`cpds=#BfKE0|S{B-AY_4$|Vv|j=4xAuLp8!OcLQiLPpwTf+P=xUPPji=|!nj zOs10elV{GRlO!BHC6_YFl$0}7pc48*I8Y_>zix9H2cd zC58UP|J}Ir#;^723&geE;b8Wz@lA4A4r?AQD0$Ujm}F5&NKqvik)jDL7*{-gBz5(@ zPhYr&c4FqP@r{ax6e|&5B6_*LK)l`^929=sFm`R!7l^yN!@>M!$IG@Zs_U)3|9nIR|l3QX*OF+U>RLjIjF-S{&Dt7JFaLc z%ir+LN`XHkCFNYzBzvJn4NC1$yRmOHb%;i=rITbK7l^YKA9gmbrJ)MXR29Jk=Qt^< z;t@$}HCf12wJyvkq@*FMXYq960q7!>kdqXjK_pt9JmrU(nE?)DBAdH-C@G6(@H$Nf zZ1Ia)JwLcrUm(F+4#zB8Nj6?lkZub}=xzpq@Nr)Wd2kD2qLhajBrhV2j+|G6*ghms z%h*1LHsJ6Zr7QFVKm1JBCcMh#g7sw%LwSr)02&B^u|x#(ff7nSTQEZTPzXJU5iU^p zpuVt;KI~RDWiu%3z@WJ0!x?!>hCW#Hc>6Jlk%~!Jy`IjK=y+oi-(tM+_%(vi`r0ZE zoMzJ|1)3CSQs7-lf!_8n3YR)QFLZvgGuyeZGu-)p*DJ2?y8fX3qwT}(Lfa49ime?j zKWh1#mcMX(-u#(CEWmA!8-yPU&kIirS>dDjA^+I_TIuk#aI^K#Rs4>5y|s$w?}?_L zyiH$-Gj1?VFT^8j_NlP&B-;RYg$tfA9V|9-TubMu+mlZT1bu!rD5-%6{Ju1#6GVup zUkWGU36BzoBUm`tRgpQc4BVx%QHl7%MwP)rq;uIkEO#P956dEJq2W(ZfhlF^aUrtumL%Yj&?**NJ-!s-sWdSOH*@0d4GUkU2yn9^@iIx+x~3C; ziMW54jfgaGl(?u^T+hX>2A)8WGGxlkFe&2*bp!&3bFYQNIYMNt32T8%pVAjTN>|>) z!))cftK^VSg&a~xRDd;*eNBANRX{q~Z=bT_cJ+W1v-$#w7H~LDOfXv8aOxLn{ouos zpaO%}J+k3eeSw4%I2`=IF`0W=T-gr4T3Q$vkG?I|wL0OKgJ|(XC5>NsW$7Y9vDS-}c3`JzW#}^GHpadeW%Z3u@kVOf! zmzFan&>2x?du6b98{j~gX%YSK^2fp7_%i)&o*MD?N^^uJ1)3B%KMKhD!YtEZ`KiEq)O3hZvr1ubGMk-*kr@VfcOeH)6cvbZ z2uO3QZf`g@Hok3dPWBWMq1;aGz*MO)b9hH6KR%@-MFP${urJYEld z)i7pGCK~Vr=>JEf0Y6+yh-gRt5#N?Ad-sitTehqzY;a354Ttv$0uej}4fphS2f)IkjloW?kT|pY?qS2S4#l$u~mxE_r3eGNw?1J5g z1QifRm<*f%AtL9C1&e3T>J0`r>I(&W@ZHW%IU9Qc$IHVJnYSL18%|uKFWg6uNS%Q& z95prkP#BP1+W`4Jd8;Hi#;wZxbhP1Dyb^CudKg3|9og6cGeL+shd_H3usm zvj-wy4(x!51ngkM_64WLc=kAlQWO#VB@@V_0?Y?FI$>r$I9g#o7}6KAv~rTYx7B>m znB;vw6!x9pHCNFaisoZGIAT#WtF)XcnvYZ~nlIBA6k5-)HI8s-4ZP9%innV1(WF3= z0!<1uDbS=qlLAc&G%3)eK$8MZ3N$Iuq(GAb?|lmNIvhf;@MkS;A8!3>o7m=RJ>8mW z{Z8u-g+Fur!10rgPdM&0e}2dD%Z{IN{DdP5@BdN9^^Qv&^dB5J0zzQ5l)_`jR@KXfW^!t3CS3PWpV705xW#rQ5F|D+d7^ho|>ARF4JV zF}P@-UN+|q`}C6?%(B9e#ABwqj(CCt{)ly64Orn-`pI_sjO*Dm)?2XsT7Te7ukiJn z&6*TAKMFuK`f<7tnQHXtra(Lrg&J6vq6oc~0>m3vPN;CiO+;lmp!z)i2nob~kal9K z(W4u+P*C&5{fZwd&N*7cRGde-iW3^yPtanvrH)>UN%t5Nzf?a7xKr2^nG*LX^%nM{ z7JAl?(F&$#J!;Xj-cQS!p7m(8p7m#M))$V`4ZFyd)EB~cx3O}Yy63KheyecLeMcAs zmhtetfVO4Ry|p4Pi9pf~i9ja^(_HsaJM>f-wMkaD3G!dqM1YIQqRFiRO9B6yoLh-G zP}LH^sARsEn*k0Ljtk0C|vP5Cy0MNo~#=z%m1DGZJ}4Lz={0+e8>0 zVGAV1BETQX|Ix4*$E@v5?e?|Z zi4ni1lvwm@3Voj1GT8cS+EK%QO(`+z*Up}}0@O4megQUx{@OS zQwC>;nlj??P*X_UA8ZQ!wcUwhL`_St&B~!J6SXa)HVcn9Q`EGCXGLw9&2!*c5wsyZ zalEMMPrWc|ONmQHZ7K23s3|4R8a0K)bEBq^xN)#Tg5jy)vqa-v0P8EBn%{+sacEzh<*-SH_S-f z2Bfg>#Mx+q`WKnVK)_aIQSN{+rIGD1H?qhvErOh)E=}f{!AB$RHG>>7bvN*%iDwuh ze5MF2HKLtj;z(>L79-f>g&6*!7VC1lm_?{N{vzIL)`3`ZT6U^c4pjEAs)A^;K6}f+ z>{J#&KJ3XcH<(NE1SCl1lbK0sv&7-5fxi_3hT)E7a<%&jR(C#Qajfz}c94+{kTP!R zWCj4bV0S%T@Mi*BFK6buZgCSBGcc?0O1-V?!3VeK=PrYE=X9{3ci|};oz1~a3K&GG zxuAY-J#BjrUnphG4ELAf6U=e88!mZdf`twGxl3qA=HetgRpH}wgMNF3@@hhb8$@Dy@=oV%i;#C4)wKj)x}{lv%EJABjh+bsf;jzG>5 zpWQpMQ<>fJ`0NNpbSo9yNIvb01ijv15I7OY1r+v_0qFo(FbL8PB9omPPIA))cOnu_ zc$EMI`mly{<4Pa|c(p`8BD_*S@q`r3;j4r-Fu>ywd3ClQh&2z-|`HLhq% zSP92vzfV6$RMSoln<#v9ldO2d!El&BH==DI;q^(;NZcdIiYjaIa9EQg!7KH19kdry z*9qU;7*F`(0omixF4xbs&?=^{6TZn6cG%}cZ(iQ{*Y@>!J7ks^<&E|X^iaEdq7L| zx;@cqB^|I)wMl>$4H-$mCk%TF<*%@ADnW-D0}NT&Ad^Sqa@~OFRxG)u24Z}<#7NSY zl!-Y+T9bd!G}Y~KfUsAYNwbfg6j4V^7_Q8KTcGgr1tVmeVJdXh@J)SR7m{zwVf)C{ z`njvvKD~|~Yir)8_IwrHomxo4@fQW7qJGt$-y- zEst~+TXo&R;KkZT7LAH^9}&HZMV1jqh73Vwpe)630o_C|u&7(C(oEG@7O~#?#G0L3 zmS;pF&D1CZ4ADj;l1+_Z?pddtJ8*R|yXY zJ!3tAo@;u9?mz8*qWiR~v*Ukv{A$OSItE+6-}>#=ueY9cY;z1c`h*_|-xGdK_-S=8N&x6lm%&idp-Fr!8!Q zhgNX5;ps}Y;Zpsan^s@J4x^_je$OKx)z1ymL+bO)N+>+N=0j@KKujSF#9knEvjUQE zN!-rvW~7J{SMvU=IIt?%339Pg4~0ZNngcv*8+zZ5_~$>SF7Nwh!M5~dlKYx>nf%?HB+gFr5iKW zF1}-BrMYBLV{Q$ik~6y-E0%Yq>ca9uEf2_-XZ8B59oJZTF}^&@Lzp#mRoavrixE`~ zb%ZN8KFi3BtA|*>S3lQJ*U||$zW{6%hHOE1P3$6h9T~1V;8!PM1|nN#qRYA|YPJcM z@Ro`tykSH?x0#mA@`sw5$5ox%&_muxhv9n2rz`Z39{t=0Y3*J7A?=N6*^_QjS99Sv z+cqiCq`>MZ047R0}5g{j?WnlAqcb zl_P2d|M7rHzJ^wDCiy7~le~dea3=YwN+$Vz`njuV_50aL^3;`v1Ovn1Pp|Ino2{D^ zXj0%JQlJ-O54QsU?=Sn#^v(6{?z?i`i|c-K-TmuE*InKF_r2ff{h8jW-kW>-dVbLJ zm7Yg?VmvU_V zwYBBXTYkPJ-7?&Ax$_n0*PLH;D$bCz)A5|+%MRUf(6L4MN8$G`A}N|fH!0Ahz=|l~ zo7cJphr{J?xxClCzqPdknV+Vi#h8VR$kW6l%te{j@)Jpw0DxsPsX5=g+Ncv09LJ!1 zvUD1lSIkc9-{0C|^CVxyc*4MZykX;Txv|`^aj@L@-iD3+<;D|@8hbH-FG&+kX4PP)VKEtcJO{qy@8wY7Yt+Vrv6l7sWNo1L&FZ8}x$Nbme@W(WJ3)ow`d{H+c8)b7WD z`CHJ3-MIJ$Z7sDouJsVHEe7y#)0{0!^Y;G9GH(ZYFyrw1M}gAjm=#- zFdu5z*jzmQ^FgyQmZTl&%zfEEA86FpLJPmyw$3Lh@67&rpV_$1B+M_;KkseS*4&!| z^B%Kpy-8RGcAJgsOv2oq{quv3+L{#h%}ZumYyvw9*X~dM{7q&j>`%K+HXGDE{~@y% zHmF^%svYW^A255=nOyA__09J;>SVV^x0s#qEm|Aw(ajATn;&jq{>FxlE$i}w4I7(# zwAXosaJl2NLeEe2e4_hvZQp1+*Y;>zuI*skwQaqvKkC!_)V{0xI@YCo{;lV=o@X7O zHGgh!bP4}Qcv<)>;ScFgjojb}2~#zN7oni%R~#1_N#G*Pas@-4Xww(xn00B6X-;1@ zT{tJ$dvr z(e5RO^4-|%0`vN1g+pkm6s}wDwpev1P9jX;Lg)8 zap&pJ?$8%idT9LIgY3|FY0bVz7C>WoFeCH1--p=oBAft=bIeV01@CU3FVy0#jC+%Y zqa!UQBxsfRA0u{zJ&iyDt27N}ev;-)FW5UVncmB${|WIgMiQ{u+1bG_W8m- zUo;X5$%&v(^QnktRuWMpV@)73S`PYF?Z-(Ry6m%XMS`a5=&{nVQsCnIV_94u%1&CQ zN0qSW{k4Z|2(u#U z)ikoDSGm;+DI~6nCgLio(BQ=f4`^g-Y560&cXPVf`>&BSyfyjEw%aD>B}Wo>jfX>| zD$12!^Tlj7RS-+$?1I-O0cwJ`WU`peqrj59*Kl#G=T(0qqc1A-EPv=uewI@P@NGEP z)_9^B-PU}T;l_>AYt6WE;lZ~^5*VA&KrgxaP72{Quo)QWxOJeH$Bhm6*wr`~e!)o$0zv0usGe382}oG0s*n?3792G^^GZD!;=_e z)iS{i`XWin;B;`uyO%2*@2=Jt@1wO0o=teU-9m1xdwC6Of8||zTdx)_b9~p)d8g|S zI&bQ{%ykBK`|rB`uj}rX*ITJ8t^{VUD@^evsb@{J%>2Ix)@Z`I5>UvsV>SYJpF1CJOdG8%;12Hk?-nI9R z(UI{32lwvXwRcBMY?#@7k36$0Lu_g$kO2FWL_Zn&#vyU_Py(Cvr5?JCZ|C&3IoUWS z$02>Gi+-CE+_UZ#^K3DMqa>Xofr%^?$YDcxib8TSgL8%ZOG9qTl7uretSOjC9PbfTKI0WI154}Z_cBU=H?Y)QQL@4HYRfIv zG-&?aq(GAbjVW-MzQm&axr*&&qGE$)LtkRRAKXj%g346L~-fx+GYu$4z;LR#G?5a7m%I?-@H|EnC?so8p zURw<~;)wx8z@BYxXrDLo_NufgNJoW8V(4-0_o}T9vI@G-h@QDP@&E0=D14x$OX#_# z`~Pv*91 z=B_{Nn(Ml{tD|$!^)1&|U5~j&*w6Xw-e%t>1uhf?u&`H!Msea=eQ7fjZY3t%zG@1$ z#EMuLOc&J5ped75nN^W9aV?*ha|w;euRg+!_&sh#&J{~}4R%C;9L~Zwo){4oO(M`s zun<9z!VG>{dNgvXeSWM~;z6jUf3A1M|J0lKfirLIf zVz!{DWPhYfFoVqn^d%On%9Td1wy%up9mj-DdKy4z9HfF57aCvPq$2-AB;-{kCFlYE zixLh?aT)k8K3^a%M|`Ts>y2EgFEPvrE;PQn(W`iUir1q8Hg1W*L~sS%t7Q>yX}~Jt zy;>>aU9Kq=CW3;&zB_E*U8zmdM zUK4)hLY;^gX`HyebSqn7ezqK5GtW(nzzAC?4ojpcP_k~hn8h)QLrs;6nw+k1USo9y zH-Q53v;Q5OlhY}X<`yeyULz#FxuV4N5q)Wh&7_~t35mQbfUnIcKZUh zDmr6pRtxUfM{ld({s6>tn%(9Bu;n#57%1CCr%3b*503Vn`e1lMh@epgq=KXm+c$El7lbj)_#+j?{BH7#ESlK;mY&lo?g z*R-E*|5SUa{jT=g+a>aIv5tY}xaUWKhpy9??xM%&BVKkdzJ7kZ5X(0))Fp}cm2kl` z=S}+SM4_060Bg8&vT7rNz=eT5t0x8yD!CMu6SwT$H*P$#CiwwzfMUFg-$xT1nA?_M zo_&y2eGuSc4IQCIn2V;kAKpkQaTmCsf<-i3lheR{dNp%h_3Jj=B*(`Cqp;7)D7;QM zw7nG^+UurdN8AM

mvndI;yS<1v5oph40Y+DH7`bDTB3dpIz@klv82d8g_^SDu8 z+C!hnnd#Tp-#I7GihJN}1rOI`1}khgt>+Lq=0p!p5E#zkJCI#Nb6ad@5gKiQ- zUZjyGVH9t#DfS~R#?mM)=JNk*L>kyeOSm-f+NPifc=|pS={5YGkQDI51Ax8-baf~Z zjCz!aH{l8UAq|YsUR)Y@ZKFR7jDE$V1R)I!(<&|vyk?OGK1?eNd9P9$Sg$YLPOC5D zV%C*_`}pFm`qFLm3|dI?;x#kt^`th+p0DJkSHPZMPzl!LgV!jyR&&VSu5?ySCXyQP zeW6PR+YFHUz%l~C1=OxwEM|Mc1o4(cs;+oI%cupSTpbcO$I3X`hN;`O6?8>J32U?w zMT>WHCF5>h?2Jd>Of;ulUs3MO>n63LQC9oZ>VabSk)bMQ!N-Z+H%ry|*2>xeH^-E; zI<3uFTiL$|2;)v6fT8~6=va*hvK3`EyA@+#GJl#^KuzXr$~bZ{D>q@(CoDMXRiCql zVi1}t=g6NHLxs1p#_oH9420xt0tWL*XN>=`?NB`fx0+2OVd-Yx>3Xhf^~sB4Jw>f_E`@)tq{h0!<1uDbS=qlLAc&G%3)eK$8MZ3N$Iuq(GAbO$w}p0==CD zVT1Eeg_e)CBwNOMukCH?dAa9XJ-^-aK+mzBvCdmMH@W`M^_#ATJG$EcPy5U5Q!Qs( zKHm~(xu!*M{;B!%g!44)e4{IQUb9V;0;{D!|B5=mQpRvJxTWlkP2p%5e!!|C1p*{V zBuVWWO?Z*7I-+P=BCZ8Pp*SpMIjg1Yjg5-et9b(91aT71SS@95SS)2}tEKFXN=wcznX=Db@aFb*s)2CxV>izxoo~D4o_;CBDK1$gn%osx)}j(vUqq;Qj8mq zh95z_rx%bpm9?gxA6(&EFfDHOv7pq^%uBp5cy8+obhrXwl&ryM%4BK|eyc<^T`IuV z7V-Hb(NH)P35TK)4;;z4ve+(g)uwOM3zJ>Q@AvqkUf+2;ui2#Pg)41=;96xAjnB*s zbMpXDp>8s2=3+*4*i5rcwdAm_48%s&NzMH1Ws8iRHr`g(4V`*r?#6PYT8-y4f*_7D zXB8d<@rLOnzPgXHrq6+`#sC@l=6i!|zA5YGd&8yA=u4AyiVxqzx7d5bW6Jv3;R#jq z)%&}W8C5$z1pC+|c0*xGifeMQAPsb76#x`ksqOe?r=)9aNS8~Cn6 zw3_o>ub25QI9VQ~m%?X_u50GIY`h~Wm$j0YUImwRL3}^UJQQ>5l|m3>;(XwDdJJv z&{@UsktY4A>&<}0G1&(1!}LvNBinIiRZbBN7_}O{theQH;TqvD9W4Vbm-XfQ?&-U# zuYKLa&;#`L{AHH`%`vu!~^u5@!x8)Y+mxX^4{zmxA>Yu*9 zZAr95$q&x0mOGu#|2U4Xb^7C1(A~^ggtx%#J z(aMzIp?%Xw=i)x^$lXWwruH5?Fs|;rBNtDvAQd;q!Q7tDrndsuI}{kBaRTS%Fn_Q9 z_@zvY;0d_jvSAes{EYhepB5_d=txTm?k|S?$?vZ>sLO5u_gCJ!tlmJh?&IsNC2wsw zsz1)~@lIUNSi-j~yeI)T4+Tto&}zDf@D3zSTMW$900LAv$|!*!Z@W?!tMIMCvR{Ln3?caCO`OOA{HLIHxct=yK;p@2ubQh&Ui_Tm!G zn;ZSnh)>ZH3Hb{B@m5;JC7d_Q63*icZjp;AZ&pe;m+Ox+s6!51@g@hZc-X5y?w}Xy zXYOJ*)|+dVZ>;GPkRZI2SAWqAYG$*qd@8n_r%hj|oKCj0$vy zY-XtJcU?!K_;Dsm*s4FyKtxM?&D!dc8+}kPbPQC~*seq={BbKo_ohpi^`!^t{&<*& z(Z2Z}loR+8Xc+#w+zv16e^-x?^q{`<0ORU;6xo|LT>ZsdaQN^HMAlde8*bN^?x#y3 z%a@qR$glV?f*dhNhcIr5^)$y0P`FuM3J!1aX8ST^#WlF~Jg>qH`r{1xn(MINs?cGd z=itrmO$szA(4;_<0!<1uDbS=qlLAc&G%3)eK$8MZ3N$J3E}%fK<96W^;oHKx%hox1 zf7t7BrCnpLfa@BU(DA1oPjsB__)JGZ_*XRGKaNgr`Tqmq%fc@SpB3&CCh)U|zN+Jq zYKUV&=$L*xsjx*q!%}<>GqueV70QmA0A2=nXF#{@l;z0}>t|-De&#;jw%t%yiwDZN zsrQa=8ykdDRNO|;h~Zeg!aJO`F_o3H7U@fK$8MZ3cPzMaG8FF1uAj7 zz*mU%*yBeri$t;(hXE&kCTq1K(AE*)hM!@{B_R>GLO*kiKAGE^zf!g} zpJCAy+}8Y+N?Y^$^fN59f_u|`#q_3q^fvtr3$ggpG`n-ZvSw@Z-fVHdR-BW?1BhG7 zrf226R%vct$=lo8i*2)Wna?9}Qv7)o#fxO#Kq%Af6j%$Ir&T*nl5-T1s@1^ZLTYHt zj{Jo}690tctt?GE@X3%XUM;0G8u3H|F3>HR({7^m0J=inR|d0x4Bo6r^g+N{)jYt% zsKItbOcq3jJ%+6G$V|`OTSXc-MSNiCqm`6~8K@kUe^#3*5*&Whx7Hd?b(1)rO^XM$ zRI#8;CCh%mHL+9$c=YDA6he|{CLFZRXEhZ-z=%_la^%yv!;whXZ^h19g+H!sd^naBY%7kAcjk$oWA4J%%KtF!6YN7uXActfC3H50>ryRwn=w z|23S;ZIg>~jG|)3#adj@|)#R{0r1% zxTxdCFs!Dr1&xhd<3(QMFMVQ2Ka-%gYMlqNeZ_P>Sow}Hoax{8y?|?@B7EvA@Oe0+ z(o^2JNL&w1>1P!Bil4fjpVDu$&%+jm_q}H9@P2{`P8R}MhkP_FD0$GbP=*i-XY2sJ z1^6Do%135#{2Pq%oj~@*z60eElWBQUn;?jZWEAW2Up8wM-va#@OGLl<~7KVctG= zw_VxwV)Y2*z2KwzT0SWB9qb!f_wAmZ?tkfirOVm!_buOTd7|ZH%O{DqKdO%lK_MZG z8%)=6!E5}w!vAmiRCPn=uUD5e|87#?9Z7-9^s~&3le6YeFphnlewO)Z@}u(!@Ze|L z=wZrv@FzCKqu^IUo`jT8RT9S*^h*&9zscS($zL4}$K%LueU>?OavuDNjlO8u7Yuu& zK7+7m@U!lmf4Ag5)wS-hr~*b z+NyP2hNC9j0LASsOc7jL$`yk@47xpGH_)n!BugZlheYNfWr}J+f@)GCbEsys^Vw|L zAM(*ba@j(Wq^CrtZ2XS|*m$5|uveGZt4rk7>40QB2Apg>%Xm2{hlGlfxB5Y3*2R3O zP@I)#H2Sy$8jHLuxW{rxFOlCZ#|zR{2qW(CQZbtccP$~+nM6n^O=h!d28_0}<_TD5RihArOR*l)*B#qrYHa@zizxu(H-2zRJOfH+xXJ-e~ik#5c6xgp)3Qu-t zv{|H?L;5f!KbI>?W%*5#^F)v;NC2CV3OOXAr8ZWUYiuhh7XO3JMY}RC&t#JSp7Q2m!@=b&xvkO18g3d zKbblUtFs6*CbIQ~6=ooiBefvbwRzqdQjL91_J?Hs%*PqK&t06KFeRGvJduojbP>-Y z;}LJ;DP%nIVw^w5*cbfdftdH8Rm^*W2!0P#l(-&-dhTO%C47df=bm_b1;5SbEBIB& zeN2d~5&O0nhZNbTF@B)Mj1!HBW=4Y;KgMF_@xd-j2#4gLh}}988zSw=DZ~WE+hf+V z%skA_9V*1#|2b55$i(a;{a*mK|o*vn^Cl7l#>M7pGZ_9cTPJi-}}3>mf!u zk{2TfS$R~vig~2<_it_h9f?^XT$ ziDS_5M~>feoOFEN@iB+&*yp&_@gc|6j;mKD$2tC|@Xn2BcKp!pCEh(+i-LZZ=N;$L z=-13eD2o=s$&5@R%2lO6bM4&3?HN=^LTieo!6MTwJz1VODA)!k2Su(+>))WCWjU;Q zyvf%pTrm9l+3V=7bC_+6uUVsCM%cr}G4{Ca#QL#4n}P_@ce3q&*?o;>S(5@y3N$Iu zq`4tgw1nSXPi{(hgMM#94oJax1Zb}QfKQ4fLJ|PuwWDuS3-)_ zC{c5og1mzY(Hqf+LD2_Cgdz<2qFg{ExRxPTKc7)DlhBa84B5PFwVhUEF6908dzMjn zRvApw&_Lq3QW9EC;zBX)j{5!nNVQf@&gBNd`wznG<_28lbio}!n)^t|1BZfm(2JCq z;jk3dJW(kal~sQr6p#86YU5FWzMyItLGt@Tekl+Q04~_C`6W344}_>126k}3{q}0& zU=9}nua*@@@lU)>thI<=cqP)oOe#4|blKI2YBj>viQDwEmoqVk>kFPVHAgG`w1&cC ztsk|1{}p{soC=p!96V5qoV~Q7#HA07!kom=d zMzFB;4ydyDzIto4te@rhSzHzQq>cD)F3>g0>t|U&ym1q3*r%UeM?dfhqsWw$3Tr$Y zAqDl)WyGbRCo80&59()oXsxlJ+Urmgx4L{$Z}whCi*S|jrr_x4ysi5#*I&B+u;bO% z&$)ix^+ngL>m#j)T|U>2*5SS{0voVTcyry$y@8hRwt8G|8b7W5t$m$;(f75MfA0Kr z%Xd3xJ7-UC!<#w!zILU2uY>2MO(r{yJ>4JQrl`*eckl6uhrT`+t*h6tVQ(M|J-}e z_sw@RUsi&x{*!4voV(xq-E;4`=bm$JDjti(;_d`!bGm~fyu~1b(_VKX8cC$U>wX~W zi>+H(+%pr_VU1=3bD!8bX6{+xQe`&W;O4Te;Qc-WhCg!_E_5x-ib={xkEBtf;iEh9 z?de21+mUxIMV(1kNw`K;2S9dD8bhxLfwczl8Yn4ryXLOxpxnLdl3ccOeGH3}l>7iJ%TH(TUF+3 GFL;Ivg?*85IOtnd+;cW7tBwt-D!aNmlkLh_ z$H=WZpVS;EHNNt%fAEt zVx0>Em5-21`X$af8g{LMgOXUlbi+jo8L90PY``7vX ze%iZ-gh+!ap2gx_dqx?X0x2G6Em%5$J(S!L#T}Rb(d` z;YpP}M!Kv}p17J91=>=1UtT_Cz#%*u36l2+qyAtp8jVG)s`*4Pp#^2^RbZ>xo>t}t zkJT|aWrw5Qh(8wg!&-c%axH#x5}31)6P#9q<}6Qw%qHaZLP8?5kr(YJ$t5f~ziBmi z3H#*KWI_}JO<=DI)+=yF=8uT(s5c&T$HCAy83`m}!34R4t)sc{686a{aX9pe-cTqG zSFYrEr`1S~#yD{fjh>~DvT(qv##Z-fPK4;3yh3+`m$$%r9oNR3ptAqEHz`8M0U`7*e zh$U9t?o=}8j(59>HApAH#rCwjC7XroSIY142Hw=*Jiodds-Y$!UF~3Dl7Yu73w0eJ z*AkO?Vu}LB6TZ63JCe!n!c<($WHVqTo^&s66EmLnWYd7E z%5M$93_KPH1|#mIFBx?QeZdsWP4IpYju0tVDkO^D*uVylmK@cLe5{~n3_7XMDLR1g zdMKFn!=-u(uIp(an2C%@um*&A?C+dQZ-U|hU=ZP$%-N&8N6CgAIq8Zc?Ttpi%UpvF)IzxVoY_uOvYMk79@^CqL z41gZTx9qM!SNqVVj&ud5qYmT)MkKsz{xW%@*qTp)u@|HRvnD32EYamyMr)AVBW^kB z5U5Keix(C5*3k9)&MdCqvMg>~*C%QJBt{~~Y-N%v8S9!Pc zl#8U4YgIK^e>6&~QzI@<#DoGWOxMMtnpAbw`Br$J{koVg|@}78du$=nB(gVoUi` zvg8c33dshZcfq|{1~^BeOQxf(R8h6UUBbY+W6v4thR%4;}s2s%UUAO6EiL<_5?Ri@K7nKU2Fp86(oLy zS!Ha!7zfJ*V02P&|0|^;T6HeM!;;+R5CLI|N)W;D7?dtu*_;dRj8i%C&>z^aXI%+k zlfh9`3n_ylkko&9l&(I4#l4GY3s&M#a>co-b8z0MImdNTytN~+3heCLT-9JB zF4oi(_g+r(q2}yCwwiS*mUs$HZI=p(&NjCh{I|O48iQ9Es$?+XqOi zT2iS(zAgzOoc4xga~8FW-h5NIeST_bOGmzQ`6c1pvX(@8Zgh5j#j=LhIak(SJ*PW6 z7A>kkcvzzfuaD?@9dm~uOe7>9U1X8TnM+fNZa74H;^|CDN+d^LnFp(p#wD;_rxS3} zDoa5GI^g?{G+!;cBr}=^;=*B)EVz8`&}E28kX#N^NHP`gXqJmnld=rrIZ%3KdPosR zytwy5#uf*V&SVM4IL$!T$*h|6pE7#QjF&4 zKisl3#=0?zqR~_ z6qRqLu&R=KML&>Hxxqua62G0pxr(@x7G%jw4F_4nvk>HT_x z?gd@1u2pxg&ZvDs+pA4$&mYZCI9T>Ox-Hyr^Ct6PRc2DDNF|e} zHzH@6tXdPiKzjq&N=mhOdc(>LDzyyA;Oh;^8PvxN*dJ1ZqAR}MpfZn2CFOZ)d;O3{ zBYj7M%E$3XrC!wb&QvDW50m&zWn$fsiEDaKlba6HX~?w3_q3;~&dEyP|JNf>(`%O} zobxoj+En&QGuiYEykPV1`d7XCDw!CdBPzro_X8~6uKRcG#)rRMHM?(A&Zr^3M9uCN zWm>i6PX22CU2EmE(_yBX%6CL+1fR+&R(JoduHiDNEbqHI@QQY5k?%t(Mac)(AzxH^_+xX@oq+HM`QorIkm`zpF$B zFtyc2t(}r-PI72;?3KLeht4Yo^Sv}VPrmA+gMa}^uq(*lNYS?WaHnBXMwYyEj zCYC2a?QY|+iA&V5+b~>W1vTu}51Y6|4ZC&2CYHZz&2Fun80L%G(3PlRw?zD=H&U8G#S~2*3>~vjxK&(t~hA z>Wc;7KH^&CeZ)a>L)u6~@P_o@R9_;QjDdPKyibsbxr32#%pHq0HMzt7aLOMK#A3d9 z6mCebp}Fve^x%{xUm}$Z`(h&8kglXrctd(naYMR-M&J$ULH>pmbR(D3XmsaxPhg7%bfZgR)(#Q{<34!IV42#P*>Ks-aIFVo2FsKyP_;R=OiZCpC8n^JY4w+N ziK+Oiw|o`-E5(iELYNJw+cm%q2iQXw(h0HETJAV+VsY=4bYUq@XLqp&yPfOSGbfHChxzM$cwCl1|H+l6X@7O*%tx{0M zyngm^=geq>?bN-V7xqq)&9V*#YI{4Ce# zohAYuj$M=6q5p<(yyg#r;|q>Gj*X6P^Y6?*G9NH+H{WcYXAYWA({Ipcb${2rs(VE9 z2l@9?@cAFrd|tB|JOZ?7uF))jALlGz^H(0{mWpviG+!4!F^O0Oa z?q!estV^@y;h7Kd@-W!TF67zHx1F6>4K%JowH*mz-0d0>IE=&Tz0*~%xlW=h_d%)*f{C+Ci$$*DV zm`9d8>@M6xKhI2py@I{-(}R1(GxFBV*(h`SGqXY<_73!cy>zBCyBaJN6rJuOd#7x2 zOkdoS`|e_IMZgYyBi-rH*x(s%hxQcrvX@klV|d1>C|z|(1wmK2`uvx!ES1VXx+4I> zoC2j*6n`8d!W`--BClju4-sKbj)tHx=g`!6D(M%4;HV$0@u?j?yn8A}MKH$q`V!y> zGynjEIcsPx6y_Y75=w*VyB4xliy8B2)p+xf2ZS;5qJ89`<)?4@ft4w+lUyLaljt?JETb zM?L~%E+2$*1*Orj%x*~Hl|~WF|5{Szit@FM@UAJCH>$-*7R2R3kH+>E@U+pKE(tK0 zu!B6e2@V-D&FRb_B9=xXFi7(Gls435E$?a}ypc-tGGNyTwvsvNwE|@e+R0(wol%R* zQy;DHxTKz~G><})I17Z>hAPUpIQJVMiOl2DV@|?${@;qm5CkH)C;QXe! zU`m(#Rg$?4?<3F%GN0kl;m$|_rCChl<%vtNM3Nj(lEW+ik8YDG2@gi^8PQ>W1td*B z7tBwYcbV6kmzlk0yXke)w@sfm-DbMR6fvD({HyVM#=XWnjH`_287CUvHXJhCYq-`> zt$$1ZoW56|(_f;Wtb0TEjBW?$`Cp_vQTv+qN$tn9OSLY|A2nan+^uQUcr|*cVtju? zb6vH4SIdeJp!lJxh$pM!)by>C6NBQ1TH=zDNZ*R#(w4MO`j*RS2Wy0)V50BIbg&0$ zgsgqy@4He?3mPSA4OY=8>02ge0*w;2OwvSBC>+-HHORR@qeLy&0F4rV-%>fpAdOSe zYwWvXxJ>1GjWvBsAd_T%pr)7^@Jf1dHGPYRNn29-s_9!aTw29vyL`B`ig~thxU{my zS54n#!=x=KeAV<_I$T;=->bTBft(hmnTlGmtie^&H(yQ)(^n;FNr9`n?-Dt!da?3| zRrk#sCaFw7HGOmCq=U3TQS2N!t$GV&^6~Y}mXpE^Rq0qc_4xZPmh%AhsN_*09#3Dr zoC%0WCDQ=f@%3FKXHaihIqCTNE*vILIpw(eE`U553o+aQUkWC(qQkfd zd@hNsG^|WQ%zsLy$hIb>B-8td)ero!iVSKsP4AnEI`w`LOB_WS)w%+F8kM?SeZ)G)B8{P1RjxiCmqeu| zSD%+lqEgZHzB*-NjA}Ja@AL3!RH~ZZ=jPL>)aB|s2hx~_?i4XJDkV{=$<g~?^#Nb1OY`MzbF<$B9Z^V{a<%)7zM-%&s5u6Ql|vJvub);B|pZsy(KkDl31lLrNsW;lJ+DtN3G=YDdX=|Dp0D{ zP@XB!TT-Bed8SsA%8Uv05)Dd5VI-GIXH;_4^%7l5mJ4Q$T3rKXO!W7KL=nK6N0 zqMTXErBanjuDV{Lr^#}`JX5P{z^tk3C0d%L94hq;$l>oLDw-?@%rmt*)TRtk(=26D zsYWdm(bFttQu+GjQ^wy*6*cJ=NSdcoQ+cMEUZT1w=|!vh(U!MOhejiuE<7PPH#(y?(FT>jT$PF0X%<&pXTO^Z0^(Zz!zk6x<`NQ<&Rhlq+2~hDyC2U&!YR z1vGyeRi%2l(mO|4sW&z&6oZ~dW8skY`cYM?l`Acdq0*?w2Y$Oke(g_3RVh44hu`$} zF;p7y_Xim}e%&0fts;Dtv5DOjfDj}G%!Bc#5(s}awUJ{Jx z8q&>eV#1Zm<>0}-t`=}p15ahsSF6FWZEmZWFVwe!cN=hRlW9sf514o4YlJ=iP&nib z>;5?6HqN=(Oxg%D{bofIM>5e#g&|U**B{kiGx7>=lq$S&3>5}F0eFEv7SMlxs#BfdKelGigR%VMeMjGlmMIo{&H44f;*F zkyqF%RoFU)3L~DdH|q61p9SJ)&~*ffR;gPur;(1j&D@(Pnug~>5g81O{=VSm7H**o$I<5Gq3F;wXHL`aQ6 z>!~BJ@Or7j>&H-`&l3&!;Uik_9(je=Nfll zNF?aDtsZ%WS4$OMJ%$RSo|rcPJ|%6x9C?K+qzYGzp~8qK76<{0VZVIj6<#G(c-0sx z40~cxe=HoaKQ;0Smq`^a8$*R5Pb?gbh60Ydkyp4>s&MI;D)h#JVPDAc;K(anB2~C# z3>6Y4DjW@Zt0s)R!bMVri^fo4z~dz!F;rC?d4&t53Kx!{Lcho74+i|fs{b8%g_lYd zUOI*f;lu|#hA-+&j=aM8Qib!!P@&i34}`tGnDeJ2uW+7J;k?mT=!cVDC>o8$;OsNf z^N&@(T==~1F~Rw!^Eb{PJD+iW$@y95cISF$H)sP~<6P)Gzv^#QuU7q}>RVM`uG(9* zqw4Oe8>?1VHCA0-bwO2Km8)t(mDceU$HSm0@NvgYpe=B%W0B)Rhu1OPalAukf6M+m z`_Js(u|ID8ymhyAgY{Nx)_T453hTwzfb~r4NmirfAC}iFFIm28`I@EOB3hPOW?O=m zvn(fDOyO8+DMqxw(j@6#XD&)3KFwff0=yYByVf6@I~_q^_D z-DCDP`*rrk_KWO3`{}lygEqtyw$Isi+3vC3V$0Z8*_PPqZGPJswi9gz>)X~pSYNb$ zb^Lz1PwTeo?$UMYnsqC53v{z|Gj&sR4(+G*gA`f8^2EdGs|N{R5Bwo=1Pj zqrc_RS9$a|Jo*ZczHHbcoHy2?RTMQv*#2KU`Vx=6$fLjD(Vy|?PkHnwJo;lE{ZAf! zfk&U`(I4^X4|((lJokHw(nDv4Cv>0^bsC? zm`6X)qo3u`&+zC&Jo;%K{S=Sx;n4?q^piZ=$D_SGx|>IL@#q7V+s0)iPZqXsRg?_q zeLT8_NAKs+O+31hNAKm)4Lo`ekA8wjKhC3f^XPgW{TPp~@{ zC>hXOdGr<@y_rXE;?WyuxS04QfkNyvj{>ky}acR}@!uA^!B?Fq~(H0(U=Fuh|P4Z}hN8>yy^62$E zx{61y#9*y#7gh#_X z8sgC)j|OX@mt4F!B&7s0R}n!+aIw% zVE=^uW{?65cKY9E>9yQzxecTM15f|`c>Z5wj+-0IbIhT#(|-=n|6$XqCX4ZiX@=s| zU(L?_crx&KamlYTjz{W}Ib_1jOd>urCx{T@#LgP;1J8^2S3 zsieyJf2>E!k5WDb0SAN~-{R3{cvN}DgT%^X8=%S~AD{;fmyF9&=o5A*&v<}7p=cGL z$}=9IU*ltyXFP~ip78)xp78+v0-yIW9(|NY5Af)J@aTRX?dMVD84v1J9@_x@oUu4A zLsuv4ct}w%pvp5Ipvp5Ipr7FrE6;ckt32ZY+Q%pE<joIl>O*84pn984pn984pn9`4CX$84u9A_>%AB(K~pw$fG?x zdOMFQ&v;PLt$ge)JbE*a-o&FfT7u&;V{3&S$}=9I$}=9I$}=9I$}=9I$}=9I$}=9I zSw))x&G2X&kGAsYY93Xd5TGdK2?0>$2?0>$2?0>$2?5ZQH9IatS1s&N9vA>s9vA>s z9vA>s9vA?3nls zhVFD>$23LBfKKJn(|B|Wk51;%i9C8LkDkJ#C-dk@JbEIJp1`BW^XLQ~J&s46JX*!0 z#NOYjV7DBagmAoY=y+$es?D*({;b_#n_-=ANt*95J!brk;ZKH1`g&cP_5sZ^!XZd{ z{Rn=F(ggwX#JPZRM|!68oHz;09eO51(Hioz)YpR^xu6C2)`EUXHlI&}@-}&dtrebQ zrM|6~x1iR!oAbcf8w`O~w;MkDEM-V$vGRZ3x1i zNH7$LgwwGea`1wk2v5?ba-C^- zJ9SA8o=JxOHnfXf8MR)8Jdvm`3~wNp*-U`il^;~u0>T!pPG>*Hy~^|)M|wpBbmhHj z=*YLH6X`7I=u7>XP2MAd=jqhC6!d_;cEk%E8fXR*1YJ3>QwRu~pi3_w<1S@;s-!NJ zPt^8&j!ZOHLToQ|{fl39oFy zGg__`>v!JcS_ZE_W?b;B7JSuAvs$;kL=82j_8mbJ4^|PMUs$g-nXWj--Co^eB;S!d zk*mIrz{}6Bd?&mvl`pvJ69srqtk6BMKg^CQ7V(2_bopllvo3f*J{S|$Y0c)D$GATo zJ$llgD+cY)fOWBq>f(+FbrRfTlPu6z&tG!356p< z5&HG|G45B7&?AtJHLG?^qC4Ej;7L{G<|gJ+nF1J~!2{@pY)*AvMm%27*#|p;vR;Bc z97K7e!tGkC^;uyR)PJo0Zn>58knlOmosGN=BIuQzSC^9WikCRAIJ`{Plr7un$hQi6 ze7+zUdX)E%*wXpJfxxX=o9(m5w0k$-EOk%0hOq7_KG)n#B1@P@#j~~eTpWE%UTuzs zKn*(Liv-GhM-2D8!JzkMt=*nJro9tyB)ual!{xo34c3f6cdahgH?=MVJwBL#Auy*^ za#!Tj5iRyWFciE|>u|)5X%{kUNf+j-c0uuh*b{TEY?EttK0(+mwf+P^ZySt*2kh6R zKg80|3wCj9wN+JB$Fx8BPST%&TvgeGo1M)Ra@khb5|QlLa~3Xyg>w=G)$MsYZ9o_qzL2aHXkYTt+0NqRxWzo2zG z_Z-u%H04NFLaJR^k|&#$eBh!Ru-Yf_dIG^9u|X`O8)AM5=83_a7AiQV{jgg0XfnEb z!SD#&jPEpTHr#FKF?1W&7}5sOu+ngaVS%CE5Ht8dM}E3tqAsnwTla|WIo<1ei@rv` zK%ds%t$zgG0esys!C*0HEIXYo&g-2koJ*YZofkQyPOr1t>2jV58U$wWEO@x;jjGqG zUaoqv>iMc?s}5E@UUi`A;i?D0s$f&q`l{Qj)>gGwwNzbSwW4ZC)%>c9s-jiis%o$? zIJN4yDsz?KIP7@C@tWgh$BT~V9nU%rIv#f%0G)#e9XlMG9P1soJJved9W9RQ9V;A5 z9P=F)Iie1){bl<>`-Ao+cCY<7+Z(p$Z3k?dZ0*k1Y!}&FHo^L`b%ix*J=Jnpx5jR^ z&$mDB+~hpqd|6j-Kh?g%{;YGod9%64dC>WWd5!56(+fHgY!6;Hi{>lL^=6-Wx_N^6 z74r+`r_GO=_gIg!daX;W?Y2{GQQKPE4%_3l7j1`4Pn#Y!?XesHOMusOE6tCXp8y|; zFIgV8nyrGh+Ul~-w_fC^cDNj;I*xOg9fJL^{SEtT_VxDL!3RUTy~TdL?Rwh^+Y;-u z)`Ql^tp}_RTOYLUux_%hx881DtJ|Y{6s!_n(7mF2Q?Joa&`;O<^!55H^rC)^zDK`V zzX!A$p4Pvhe?|X}WwYgOOOK`7vc{4ION*73D=Z5v^_G~$XQ{DFw@kE5uvlQbe#iW# z`E|=1V3qN*vJZgHx^n~d-(@Ul|&BW=&M01TfW?o=kX-=EF&3Bu33iq~} zbQ;}c;a*W6Ba$I_6N=%T1Wpp}?LmB_ekB+G8I0eK@n6$-W4xeSP)Z5P)$gzrTdEk` z{2t4>>i~m0^$c!!pTX_d5I9-bavs7nSopmsBHn=Tdd+?C)0W?^f*ZR_yOq?C)0W?^Y|zcOU((lZE@}cLn$? zhChZ7`*q*P5MP6keqTtRMSLZ~*#u4!b|Kwv--kHT`SwGIpXl&mm5~`y^p!BjQL;J1KolhHG1v zeg|zQ;MXI53#O;#K>J$|{{)MF;0y+L(fKk-c)*VMFB#nVHsXIn{AC7rOYQwG!6yrw zFGmcx?It#^XHQgyXOY`@adl+onq}9qm7qGZ}Fl z?@e?+m@I6>@3axu!Hx8LLO6csjg8jp1tPB_*(V9Rad>xSSaF+QMfgL6Pa^y*Lb^;r z_vkVOup7e@1j4pOKMRygr!~M33x6Pn@pQUCI3)vslnh|_7h^o_4upT2;k!3r{uIXR zt@H=ywj=p%o513C z9A}TJ<-h-3`zE#U?esfM67K&U=AS{}WZ|CwLHIL-KSlTrgpVM+&;GDlx%dCbt~!sl z)A<4QJx=n&vT>fXT{ZuwuzZ|%_u%q!&r%FO58>Gek7Mu?M-cuNA*C~@50|C;3nU!y z>k!UI=tnpOp@G4ze?~~zqDjJ5%02=7Jce&Wi1TAB&V#M^y|?0b-HP9D>+vl8eeWUs zJ;LV^eih+E2Xzp)oYEs}Wv_@Ir(&2fFvz|GZ>X0 z;HgYHr^zQb=`1Im?xgdcbOOXPp?pe|&W+MZQaW2c4d*;K?KuxS-*CR>eA)S;^Lgj9 za5{e+&g>66A9U`3)BAeo?asB%_J21ygvuHJW&4Zv=RxD*p#5?C0sF%srPyKLq&)e9 z1Y!xuBrdW?L3&YbcY#deIFM2Zw!FlN;FPgQO#B^V+IG-f^n!IGY)y9*3=OSYHF#$BWkI)#VD-c54e*YODZx#(e8V zAR+NmS;eU!;{dsZ*zifWd{Ji;D^Fj0D<^$%3%@3M)m^Yc%!#q3YzwhaK1ecQh z2L79n%W1;>l#BtsqT4f&ymV^@hOjbpX?_FJ?G(HNOCJi?Ju)EwD?)Ur^n=CeCycIM zy>I9d(Tk%jZ}TYAKOs~P))!^CVIrs?9m79E4L|;5CQKFXn~Cr)gl!1vxeVg#5kDE> zFA;tl;Q@rZ5Na6Q8bml1p&8@<#^4spI87C{-h=U-2(L$YDW;@?wiy37Kk%Qe7nv2^$U2f`f)dl1rd2c)|a@e2{wAUvMIt&}{c z30vv11duLE0O_&>5Zk>K+r1Ury%pQN72CZP+r4!fmTO_~zW+t|-w3~h@KJ=j5w1g+ zLAU}T($9TJKlh!2;aUc_;5^*&GsNk#Hci-q-*XFo&n(xY=rnd zH{2nj(=SCctjYyvxah`8P`rLRw%fAul`NlNjIL|j;fOs`RoG52v;JU zjnISeRD>D^@A(tLpCEh+;ll{GAiM=(Gr}tn;(WR1EX17*e&QX3uOj>bfm4Ouls*CO zMEp*K8H9A6Lwr5rGZCK1;I8)(zJ~BW5k86Vvj{gKyb)mn;pGS;2;* z#~UD>hXCn#1Ek{(kd8M%I^F>3JOp?REAN512Q4R-#>-rKlA@r z?)R@``A_}-Dg6EowEU;u|G@sgxNKya#{-)C0gbRQ&!)9soM1 z2Y@>V_xmS%02s>e-!bq2P_h3%R@~=@sa%CU&n3dnJv{m#kA9Lz`*^gMM|bn+F2hyh zVskYYxK>5UfNtf{`*>7oE)Iz|^Rb(FbR&=6%cC23^d25nT5&@~ALnE5=F#;$`Y|3= zT7W}QcNsU2%h1ghcHX9_2+&)3^cEhyokwrt(HnWRn@893Xcv!m@~G0}8(LN1WAi+! zH2H?aYxvl99?hD*KQ2R8FYHV!N(QurN1J){1|CiEXp%=0JR0Xwkw>rR(N#Qp9gkki zqm4Xz4UZ~KzM+FFEv9i9x(kJ!4T_2YRoZw1dIcZ5j7Jyq=pr7yoJSY(=w&>5DUT{G zgrONq3t>Q&7Q%qe&4?Tbmt2@FHqDA==nUVG#G|hrNJ1^m9D=2#@aN(a-YeXL$4>9{n_reoBGD2R(yFPv_C;JnG`n zX*@cWM^EF?DLguvMIHNHk1B1vAy#SQ4XA@p zZ0AuMk6L-u!lPy$HSwsCM-4ox=TRMxYI#)S{L;7#T}0UNo}y$x-{sLGJo*lg{)0!~ z=Fz|N=vzGczdZUk9(|KX-{8@|^5|c9^v^u{KRo&;IIfI`&qDB%@_TafaV-Pm)R@&x zVAzY$htQ8OfG~(KgfNUSf-s5@%Zp%n5iBo)8H<+<-t=!49D{PSe_rt^J95_EH8lN1+csTmKVVC0$5%E z%L`z60W2?oefW?*d`KT)5Xim* z(uWV}!-w?YL;CO`efW?*d`KTYqz@m`2N>wF@{m5j+!t|dAJT^p>BEQg;Y0cWb9|N_ z>BEQg;Y0fHA$|CeK72?YKBNyH(uW`E1MKB#d0_g4khRZ`^Z_q(VmND`AL#?^SuvcA zpC9SNkM!Y3`ha&JSvsT-KhlRE>BEoo;Ya%LBYl8*9LtCF;Ya!ayKf9<-`DTQ_91=v zkv{xLAAY0{Khg&n6tetCAAY0{KhlRE=>r~&!E|iC_>n%q?3{%oeSkj!#BuzPKKw`@ zexwgS(uW`E!;kan%q92(Q(d_nqvC;wPD z(uW`E!;kan&RNFRQr4?og}AL#=gR$}EMefW_+{74^u zq>lj7M*!&~fb;=ov^0MJ=_7#j0gpssIO{JMdn3-iZvg2dfb;=Q7g#*f2iUnH&e|71 z`UoI>fGs7)V|hp)0i=%r(g(a5$I{{c0p`GnWBZUk0!SYLq>lj72fWL~(j$EYkUj!P z9|5F~0MbVQ_m2S52fQ80@*{l&kUj#qe*};|z~BEF9@0fbz=Nik4#yAaBY^Y~K>7$E zeFTs`0!Sb53NFi!^Z^#Wh+}z39|7Dy0!Sb5t|?20^btV%0Dm$Vj{U{`1KcZMIQAFm z1D^C_;Yc3=qz~|(f#Fyl(nkR4BY^Y~K>7$EeFTs`f=C}hq>mudM-b^Fi1Y#OIA}dV zq>mu(A3>y#Ao5q>mW8E5`UoO@1d%?1NFPDmKY~afL8Ol$(nk>Y53uEBxKur9}RZ2W>qA3>y#Aks$==_82r0S~6Jd`KTbq>mudM-b^Fi1Y!zJ1{-_9^g)Z z;Yc4rq>mudM-b^Fi2Fwn=_82r0rtw6AIn4f2qJw1kv_mJ7E6cwM-b^Fi1ZOe`Uv9w z5k&e3B7MMHdn`ZFM-b^Fi1ZOe`UoO_6-4?7B7FprK7vReL8Ol$(nk>KBZ%|?{v}v_ zxPJtZK7vReL8K2b*JkOEK7vReL8K3Og&5}SoI4`IvGg_Z@G zWV)#-Mf||j(--Zn9l6$3?P38uYGr1*S_*~s{H(e`N=H=mWZRz{#Q0+kV{j6h`sDkD%C zfyxL}MxZhRl@X|nKxG6fBQUlRaF~BAOw`x~=ZlVjW1{_t{T2JS!3zCWd$WBB*kj*h zKEpi0^n1fL!<~klVTR`On)@}Knrk%|YwXfbI3m2NX%yB$K?V5XpMIWxp7ifB_`GmV zS=b-}P-^QSQR5!$FYXH(g;TVeE9vvG_2 z)>zML&!sLnkNBc>C0gNegY!@C7Ta1+zrboOqzgpyBRgOxu22=;YD-?0JJTZZCu&V6 zXSqf)4Ay)>EOg{&5f|a9T)GX!Rbs0(nF2TV>2~6`S*jE~_Gi0NxrUY$JhsqK$bt9p zyh|jHGl1jVLe`b*$iOoUV&0Vp_xCPv_Ke9P&;$Rs=2BD`25%V5vbx~UEsMaKL0Z-k z_rOrrwFfeVU|lI^UA#3LuWJ**UwN)>>D>A`m(TUIC9NO}lS@GX8u)}|ex|W-3@(6X zMi_$P)sPV{J`!rdmOs3Y2EG zo>xbR=YsR<2q9T-x#g1LJ~ySv+mP~(ljN?Wo^(~kedo}k99UEpgv{hZ%y(W^+*eCU z{cZ!Mat;f;qP3h*L$i6Av3NwEe$fiLc46}}YVfs&y1rrjKJ{gO4 zRl{Ip3afzleXjaNbKp^w=2aQ7Ej8=%bRw6{XPXL*Zk!a2?uPDsTQ<{Jw-^YYPGNX$ z1Tx99=x7V8p-rexlle^q-z~GMYa6*~T_e}Ec&Upu9SBhLC?|Dwt=wS6G;VY?$`iS< zrnZLFr6@uwH(+OpYNQ)7h{Kecui89`Vf^DXW;ka^x+Yo)_EiiNm6m(J$k zX#!YPU=0+>hbJEm9(U;|z-)GTt%dG(SaZZociHrvQQTKUXV`@}n@p?b5n_O~6{%sB z73lybV>LG!CoL=Pn?dJd&ncK&%eIfBT*)UE_nl2^Is=QHpjbd7#eHYd$W<6=9PyUr z{EP0Eapw&x1y)9&G6KVozzM~DE=sq!R=hPCluLtN2%a`D7#J#8Y^Ks++za2D20Zv_ zGz59@x285F<6&UJ1MZj@^|^zoP{J(+qD}6U7z>ELa8o!LNdON%h2}yY{H-bQa#zX= z+8}Y@!6(ru#eJvH1@Yr` z7&m4k!|EBR-crG|+?w@P&_txf4vYf?UH zD2m7avv(MUC>M|OP?9^exPF+evkexa_HROu~V_q@h_W42}(u^j;Zg@u0@Aiqo zs1MWwlOZt*?9>993)!i|Q=*{o3@?d!eZWp#LZgtKI;>!)=Ftdbrw;S%6zoTHX*BLf zhp9;OuJ+=-Ih2+9#A3!u9Ue0)B|r4q(2{O*&4J@T*|}Xy;MqcW=oNUL6n)|~pNzx) zT_D0R%4CgXJVwD}k+MY)U(%QAK(;EnG9Z@ClO}cK$!oKU`aQ0C7Lx!@DxQJ_Oae+? zpmnvuyNc|AQ;@>ufh7acD3y}pJAR%a1fgABU7jX*GA`AfqS8b8 zw!uW8ia}>g8WAxnxUCZBMMBd_KDc!X#C+$`cA=Q>uu{x-QE}h7G*W7yar6T$2)YwL z44ZbPjg=Ajphf@~#4x2RNn{TUB9pg;lxxJ>(;S+Yg_DIx1mim69OpyMEzXIyf7pI! z`?2lorW1@Fqto!V;TML_816INthrsYOd|+?fyDf8zUDaLedri@{Po!V)fe}zrcKYY zrR+VGm2hDSZsTABC{SLCTx};)@s4JATDBQ(mb0yS*!*r#_W!*}ON#r_Y>9MYx!Q$d zM<&tY3J2YBc;P!w?y2cbdJ|klx(Y2R*V=G!703Y-o~~rx1vhJ?Hc~|*87FL|r@FYW zh1OD!MNYUl)!hMCJ(+a=99K4cIxDgJsIf~WW+QxhpM0=DY`&_oI*-C$K2amPZSo#c(fOTH^6+#yF-c2jL184FOo=t;xRiGXuIgMzYpMoT%qwUKxMChLE^nZELqwxv zHvV%?F53==P8jWDyVKl#R&n3ebWPq8!w!vEC^2|9sPJJVpK%nzhc2dURhM88RIyN( zDNpu77MKT31fqOIZ+SrCkaH#RartyAuROJn>I13?2nOETu%q?RH$8Ao1Qx!>NLQ+K z${$QlfCE_4lp<{=e^ikQhn0^VQi|Z3J*)9b7~_0nW3A@~kVdI!IB{t@K@2opnj7-N zCh3feBSmrrU=Q^H2@4Ot#?S3LLlFJYe3Sew3aq2G)|Quff&!+ColD6tcPe&{}CAR9(p} z$Mlj9_Ky`b6lFd~h|Fg>7h+y_T5;c1bd9^G2G_U`vCLfi;4gBQ>l&ku;?=DyTAx#?UbWl781 zT9yP_OuJetv5|GTEG5wAa7|;aN7cIOMT?iorJ`ma)zwoHCwwua&6;5)azkvfMg+#>(1!eQZl#`S7++Joi%ulAr?XnDH9Lq0Zm)CU%GZE;^K8+TkI-#fZBvP>;= zUA)+@r8R5_uu1m*(bX_&HQ#Yj%`K6$av>%vx~b-TXO3x}Qytzx^lBmLvQ%4pBmC9Y zkOg*#a^%X0TC$?N0n0}_u`!^s8^W%QQ=y5rc<_&CnAyG{OVqhU8yAt^;A0g$AH}t?LzsXP~&RsEk?n2Mp6?2FDa2`)%qx64R z43pU|V0A$sypU=O`1uK-*aC-N)R*GSan)zCa1+{XJ({Kb`eMI^(J|`ly|1#AOJ)FL zUbXuL<*NPuq}j!Nx6zO;ByD-o?u4Up77Rs1+BZ0M5rw;43NMX`35<(shDJ|hi~D=0w1Ee&j<$7c zi~HIc+qep2#w?(euiMAtvWdzxM>1F=kZB(EE!+_LQ3{*Ag^L$nT;Je^W93f*b7Nl43Viz5+d~ zFwu*L18p+i?1oE1(6+)mMK`;oV>(un8R_7cg-T6(pSKQt54UB(IUE?yQd84dozGVX z4*pcETE`}fCEk(IERxN<4@fe5b1IX}cY!r8sM$B-t*WZtmQo+zooE_L0bf;LYuF3p za>e?dvy1z(l=zD0BJs)UTjMsb$g$w)XA~@L8M=N*OB)dcws9e5hw(PyBuy95|No`4 z+q%)(ZN1uBZ#^4cc>k55_lfYA(>6rLhV>v7cj~ zWS=yGHD7azuww+t#v#e4$Dxd4S;V?Ci~UpREV?H`XOTu2^Ag?wmpsHUbOkIuNx0Wp z2AU3ZC60t6u_Sm*bqAXw@Sjl1?~bKl0}~VBa3Yk7dxJhv-9n#eImnks@k45=y*SCc5LP+*)_57|)k9SDVF5Gg!;IVFB$R*2-e5n>w&` zi|qw>LTqan)6E%o0qz`AU|G953wo{@WnxgaXcseN-7YPl(K?^M4xEyztd(Ghp9JG) zsAiSO9Bz^`w``*XS5#p0&jsbZUhp@3jBc$I7XBbWfR2C#@PN-jTO%7ADUAB*Rflpl zT>{P^h>6#nj<)vFJ(iqRVY$CJmj=BVv2`Bkw-8h1;Y(5I$@<8gfl1Uhh|PURrZv4f z1;={aT?V&f>N%m_36VhOl(wfJsZ&DbU@Ve=OJ8O4*eW`2S%9V3n+*)P{%K z_lZG}F9JmGpuxxiz7L1nemf1p!|nT1qbYyfA56sHT$=<{qOj<7$Aj@Wc(w^e;=xqd z7mXxODfZiFE6&>T>fXFRX1-{kB$V<*BkAo3PN$Lsj8TblW$l`g@=G1@f_JUY>ml|# z`SxtVlT4x6POvUcbwGgy0>??rB*@*R&=GYrZJ$A{cfd#oo-p9Jm{FY((FanD`9Shx zNqlJF17L|t${b3ex$0pN4wJQb&x9%;GT$?hWui&d3sl}SkplUPCRVXru7aN$uAu|V z#k-~f1qMsXEW;J3yltYNhkR`EM|7F$((LLb&YW8R<(`Nke*+T2<^fFy_$B z#0c+~_}X!zdszMTbcvN#f5M~cxDc~LvsXAx=rb4}Gu~&s(YQ+Ub0e^n_HWtu+Ksli zY`0pDSYEUI%yQ89eZ%h!-!be5OMq()ml=YZ7R`AYi|`Mjuk81C;Z^Vn@Phibt64r8 z?aeET{b(x3M4%eI3Wuu@;&5ly_)Qx2u&i4amVjDDC1j`bl-ger6ZP3{f?D znH%N`g>%gusa#;cFQTJ~?6-ahJ^yoy{mhW7nX$uqVt=o;$Uj;h6nQE?qE`Ea*ItVpW83O%T{7E5QWwRx~dV?GC9uVX6qp#J27qFh~Kra=6vg7c)-4q_Td zDkM$`sPaEBLIqGaRzI46UM6#53O7ssI(Vu{MOvCn=M&jZ@F~e3CO}FGPcSh~5>EwT zw>JQ%O5d?M6%61Tm3KppY)nfMPtq`=m=BEpqGhi7E0@h*ymY~`m5uB(&v4O}E0{!? zI~_!zS)T+yj4sgGhA&c(hN6L*un;|;q)Q|Tzz+p+kl6{}fLJ54ZwdLx7l9kYG-!N- z{63ZGOy{y0;z4(K`6wKtnTug|jMivT1-zg67iOHFMoTz9=2BP+F&A$u_A__FceNq4 z9G!S_)XIlUHEw)-jHXM@L5cD(B_Z;;YX_>Y(XYN}S)<~k<5wTfRp)Y5x>RVU`9|%R zGgs_)vqL}wegYN#cEH>^`dI~YLFs{3qn*?FV%SE-(=xBIy&!aPP8r%+5tmcco#?Q zUE$2(#_ybBKeKmOz?MM6X$>9p+O?^p6=YRQTE*@Kb7r|hqOZvx7E|82#s1}VDY%KH zH*zbLGJ+Mw{zkj*=(EOs5Rt=G|&@*WgP z7{|Era&CW=js>iOc<%KkN@DK_DLv`xEY9EERxj`%ui?6b=PKO+J5;ywE;! zm-}Q9AH~q9vxCRzf_nhpMrE)0L<{|9JjXUb!%5QVV zi?S0^%2t#((t*4yoHn||TnbdvOAgH>cCTu|39O|4PQlN~`iiT5TEA+Hlg4es04DS* zB@=4on9#F|{a4c1b8%lX4l>ffg~rPEl}bQm1S%si^ay~gatWm{l)LIB4gUVcG#ED& zJ(0UEq9J(up`RM|Hu=J0EbLCkBVKsODHV4|n<8PiFB}O6Qh`7q6!U_t@^YFB<*xcE zsaP@`PBw-8!1OW4swk_}D`b_-zbYP^^}MX|#9}{lq$*usNgDjgV*h-)UT#43PyLv= z$Wh%RQ32*i24fVwrOe+Do?Cf8HiRnZQEN)GOE_K!pD2(PKy4gkqf~jcMa<>AsqQ+) zCfCJcey=y`i+W?;V9*x}z*F)Sm3!bWs3L(mj$aggQMFL^G+BQP%UsL zN|`XI#Kez6qB@pa-EyY12Z;I-CfLI30=<0AK8|xxQaT;g>;p!ac}$kpEy5ZzC&^L> zQ6XjiktG#U{n2s8Wh$f&>n}n7|6W1!uJilOFF1ENfY`eSx!IRDM^b=ibsKl2ZE0y3

jr-wMMKKhMz>XYE zxxpX-(5A2m7o^?*JoGY(O$a<_Q`;+egb+kKxw3vXyk-Iq ziNJ+e64d*%%^h&Q#cLS2AxmdEv#V1e18`Bt9hp?YMZ1urcWv~QKJq$YhIDA)#o*wt z61Hb^;1S%@md_)8$;btn+>@H9z;3+ZR?H0k$cREEL zog`-aZg2ul>@!ksc(ZYJA=~aQNgv$VCU}<;FB|1elha~UUKRR4Nm1>pP%dI9!A2NN z&W_DfiKVS-pf(y#iqbwshPtF*m!>l-m*V4%1X+v2Jjmqefc zlJ^}IE>4t`1^2KD!lJS-{+3orS3`@&WJwtLy6j5#s6E%nWfFfW)dMJ$(I;`VqUhXE zQnz8Ac^q^rEJ@u)e|tQm*q@~=!G%aoDl#`DPMCs9Q&5e0QV%c&ZHzOPI12e9|#H21bsgC+Bn$YI{&1<_Fu!tRcft_KxG6z(jx%E$R@f-p)k@& z6emMOaWX}Naj!QLVPukqpfJ)nbtHGYa1u<=Tquk*PLVIb;UviXL*u$_RGb8vn`k@< z8u^nTe2((_Y=`}zaH8QVt>IUO?;E~kf5d)|J!n7O_B-o3Yrz_~e9G8kOdBsX`iv(V zZZotQuF`y7{@tUwQFEzgvF3cuOwB}autoI#pA)_!d`7rW=z(9H{sc`Pl}87g4#vSE z{$=5YFA3YmQu(p`}|m1RmoEsfyxMcpd)ZXasTnk&B01GhnTmjxPO9jbFjkZ zu>Uya=3t$gNQM$k$*9*YilHWVFqrVVV+p_44bQhEf?~?&PX!XN_uQ;3-b{)QgDb24 zo0P?y$=-9LvUu~aS{0cXra=@k&Ghm`lP-Uq@N)8OJqS& z8w8eFcs&Kwxj|e=%*U315Rb@0l$UKFW<*;&Tl<0*gLVkwXN;!-B}()wj?P)v6>fW{IL3@%L(5sarj z*;I0p0`ED4EKk)*3RoLJOIla8f$l%mR3|bjSsMukk-Qnbiu|86D+eBFxCEfV6!W^& z<-5|Q+z0w{pi-JAO9ohzXViiu7-VSVMMd(FL6<){gwOavq-2WwEKy+#Kwh(EGC}mP zRdz$ub8d0Jg&ovW?8Ix8rDkK9R7wHa2Qi&s(PMr9kR!H&JZwKR{g*<_#jA_^nc4qc z?3Fl;^`jvVQ%iUOln&x#fI8|ZSLzzL)xC>nHr!q-w- z5o@fImKFEw=!ERSvyW9fF01Fn;(je{rZfkXF9pJus-clmoklt?piFhq2fDRaDyxjZ zM`#2bmP5h>&CdkqCg&Pwt@TspuNdC3wt^49d$e}zT0WcFR$AlixFRd^nei#xD(NMG@OLX;#eT~v6kX~7hTvl;*ElR%&hqQ zbds>qa4!Y!&50{dawVTj(+3hMhdz=9sq=?$KTQoQfj6H8k17^`O(%Ew^_s*p&~W` zzy*Kl@_InBM!c@~K%!Fm0^BmoY^?H94hnAMT+0w1mn(ASQrFD+u9*$4ne{I6uuP&O zJ)k5mIlOSSe8HkQi1)Faor#uoYm&@V{0ww7R0;;g6r!}!4n`QDuL9|*4G+FRLC4nZYRkhN zYAQh#6QqVHrh{~{P&L=M3z$OYf%M}d;|lE`VwQV=(S>5b2fT)%oVVrGkEZGl!6 z)ryN{dES#kV0BnU9AVD7TvFm`bW6U5Q0=0zbk-JI**jCp7moP4m4vH!8-qUXp}2Hb z5-+(?XA@wk>+;5#OG(G(mkMp1*+4?-;XmYw6++Sj3t-hKTS%Y3l1N)Y+oS-P-0+6S z@XvS*xeJs|G@~~-DH@CWnOo31Zo=8Ca;8zCs(%r=4nwG8v~{u4mG9QkxdsB+-dU74 zK-r#sN|QGkjyEO3M7GDgexPj6u8{39cS0zlv-7gO3B~=)%Li%_+KDD1oEw=N4?N}D z$+@3-?vO&v)-MWGB{t^x;(q241TDzyXhF80^R#N8g+MOxc^jIu(Xs;;0__R#r@!a z?-Z?OF4kfkY7d1zUp&TsV>X8w4t&D51=}OGk89($CDsGxN6nu!Z!rB@?=yFqSC}s} zpQ(G-^mntvZnphV*JOK9`#VUEKkcj97qs8d_G@=(cPZP!W6GF8|E-&@J$}&0;UeyU zO^w-8twXK#<37a9tb+SfGGy>%9AU%Sb1CZ85ct-{M!1ifBa&Bofh!}N<52O#3YtOb zkreKNi!ChIH80zmgu_*dRU5tV`L^QzIwmb{V^g|HyF3+#(_jv~M*Tnbz67w1;@n@W z`&JT;KnNg?LXt-E>XyP4*-;XQIEmvpCc!l5SlPm|Wh6O{1GHG&XMxv?qb>BcJZN7- z8@nxiZC|0U2lS?|7yb80Ur&0y*PGt|-^`BIJCW>I!ls4F&Sd?Y*`4Ftnc10dzJu&> z$VO>2IX>d1Zc$*>ib~ppZICXEVW$L-$YkdOKbm8Cx(`aaONxPr{DgZnpG?EV!#K&4 z_*EerN(e9(@DTnemy_wCYbu9iC7?;BU%sTyVsRt!5aJ#!l(1dhkJ2;JDBO?`V#w@< z7h=b0a!KV-f)b(Pl8LZHnLSElrO{lPI)r0yuSxD6?k*M{{7BtOk?ld^*)ICXw^B zs9*Gp5fOflGEk5VW&-dPA^LC>?GL9Te%PM~i{eeID~H0gDR(lnm(He{L_OqvmE1k# z?c)`qa-?UF-8Fg!9FF$kTLTKz|CsbqtZY)j>=ZmBL%FK(QtTi*fil^U#tE~N47 zjLk{bLLwBS51mJ&*^be+e`}$yO}cqRUCPjI!a%YK-~1LgkQbmwf80qm_Kt0hJNTurewc z#z^e14#gS2u7q)=Qo11dRyjy=w({^|c~nPRHA~)y?y>CS%{`mXEFt_2pI_Tj8XH>z zPGbG+lfR@)JHT1zTfP9ps!5g%IxJ^-(YeAN(5yPv`jw=kVO~1Qsv~A8_wjgT<&cLa zZ(_aPI48YPkB#(pHgJ}#SW!8&fyOYpE#b5(&aE8kpsDQSXNhsv)gX@CKR2HSweD$A zphbaya0)o|2F>w8uk8PCwe2cf+P1;=O54fSzgnNNzTfbS;XMYgVWob*@Hc%%zf*(B<++idiIGMn(3jE*;^=u82LD zH&3U&)2(wUJwihUI-uQ`@XdzkMRvN7~v&j{1OZPuz- zA7_Gs$fa%+FR5BUiN+#f*cp!!MU_A}==X=N7b=G?qcy#WDWWcWIjyGD>=P_~Hstf0 z3#BqWEaef_0qtU;+smZSOP>TXB3bZKjVp0GzbC3FqvVNM-q#^AfMI>;xy6IDlv$bTU6b!*bNhFy;5wfwt>IV80 z@VaC>gN)a;M8)fp%?+}h`x2hl12GhWXrpM9eE8E;s6duf&q4gs*Hq zpTnmXS1DZ>F2VXyR)UGBsyk`AuA9-p0)y5I56oVefoh`$s@uZ8q(2shzs#sF3HO;< zN%F)((A*280uo6HA(7eV#ozj8o3yWKmX+dohpb zs=|`9s$qF6hc1?vtQX5Gt0jsW)}nR3>ZY!_ZigvMHcncd!pKTowntixF*^)z(kv6c zse!)#sI}V~wVn#Ae_yfur{&*VSGzVCwz&NIUD|%_7Hw4crt*8AaI@xhLI&FZQQ;in zctNZAKm0D(kFa0UzhIfwWTbzjChBDxaY^OSIPI~M?DKZK(qnP7U6!yDCZ1*6sutjs zGcL91w_)ro3Yn4zX39M5DICtWp(n{!2U$-#p7br*&|o#jd|jz>NVX+-6Zv5sz_N=F-$fH3(Ok=9p9d^9ecJ9%a0 z5VP~vEl-ul*V*0oqrKV+*` zY%{z}wHcNTSFz3TGJZ1*!H*Qpk_mn+qk3MPmNe+egl=72%nT#jFgGoQhvly`4VCI{Byu%|fW?khkt7ix--;gc=qlvbZ!IV9U}ZDR{YV$yu+sSZ=o@jUO?-%XqKh=T%96TrU#bu@M|U&bHsdeGGCvujXUy%+)+;TaEPgh3b<#y#JTs6 zOL=_xW`ZR!0|)%9Q`3S|n~ARGWgo5F)5bg5LLma}1^ddA0{S^$D;l_xi%ILw1$ z{Mab*dk0T?CAc+*Mu%s7EO`uhF4-$zNMYqGHnVFP`AU*PZC?3UNe8z+6k05<^bGsB z4pW*k{|Qf){7_Bus(NW#+D%LY%FYG*>AUXlp>`WfGE#TsT2`~7raD(XvvnjnyQ)t# zxpIm_zoVAmDEt}NKevM=Mj8(W5bDW3)@{tgm(fz{k6Ty_Mq)f+ns;sX0(cLQQ+@I0gNEAk+O0B36&{Xf00Q~UR;%)Jh3t*DA zmKQItx>LU~TbbHHmx6bkC+~GGexW=iDihC^Tp^Dy9Q0AC$OwEvL}LE5CzO`_@IV&{ zd6I!l3jZa+PKrhS5h>dM3kfUs@j@{p8#5$=_hZDz8f;cT@I9rNI;2|iJ?XB2VOavI zYSj>&AjYyO)v0cMxxp$|Xnzjw)XD`gw8~?~8<@$zV7v1tX&0mz1Jy(B02ZfaBA~L?5eCgk%dn zIFTymGT<%Ax6p!1Ny4&w!R210vTe|rxd4XQj=^ez>Y$&f4%RVeSIcZtd2a(dDG+|K z*h#XnKqB1;Tl0O}cW&?|E=kO=Rc4Zp?jiC$^*AQ;W06z`R;|&z$^Dh7?R2PJcPSfc z9GhhE`_5{pG|_k$V#?!KnHg^@N~eTOjqQuGa59mi`puCDfUr zW>^PA$~l>rieG+_p-f1XLav@nM=0k&1SAne&$+MnUbyevLoqE zs(IxwzCm-6=2L?0c>YZ!+yPt=B!F`HSX9nx{@ND~!-R3Nb3; z5d$94@7c9^EB-)x+F?3BQz$^&U)gAICTV9JMPsKCfGStLoyIH*W^-7}7K4$+-+Zur zMLq9z<0)ylAM_+tB-%L2$(ejAr+Tt_xLrNjD(z1XGW&w`p$0Z5Dy5~P-{G9vNF9|a z+2{MXyzbl1?Np@szToTDSEdfok#J*yW%LqW_p4U(^64RSP^j`^Mqje}E!TI5CckX{ z2oi>o%hGVb4{sbZ@B3Igg!xVnGy8?cj~drirpDi=~38P&yLENB1?f2=>w4Uj69egMW}K zo9qWBxEQnPzIp8jID0DFSJ>8QpQfeqR&GH62~43lB?FzF&I z0+LG-fu*G6m&0CJY z_yQiD?a_hC!?Nt@q%2FTd4HYdc02=4zdMcIQ*F3Iw*NLR?JvU?U4B*N zVcDL%>~2o;e(sQAt$SBt*xf7T%OyBgUsHKl7Dh}kq8Jro?3^J+oV^Zw(f?<*x7&(u zQJ_VE76o3~6gaN(uUFic+z4l4BKGQXebNEfDg-uukzkYGrcn7kA?g&eC<1-^6)OYEtB_N zn(3Ln*Tb^tlf3uROdq}XdRRVwmG@qnX}b5iv$yhaH)T)0SvI1snQod<-!tQHbq8^9 zN8P9qoiu#WU`f>7GnOiqix5mw@V8A(b5~ z$+hqd7REifGW?H>c!rZh5{#n5VJxYi2PRZ=IK`+VQZx&rzf3xua(QWEhy3sC68`eSDS%ZPz7>7aYn#@vC`FV^9J!uKbNC{(wNzA|`* z$>+(rz>JX6T*lViReizo1eQ*N?wO}pw(1+)gL5U%nL1bE>}j*6%$6`q{4CKUvo_d0 zn45(ZNXg8RG-sMr@4;<_9mUz=3$rF%3Z;P@X-dZhPd1 zFjLK%A(U|EOia(6I#-3rexYvrtF@v#je7aR8+Dxue!&ZN~l$TisqfV!y4E7Tn|I~|7O>O z>k8MUuC1;MTwd4dt|czP`77u5oL_c+!gHQboSrae_;Qr{ZsbG?T^~;v)^XF+WIc*1J*mN?bd+xZ0iYD zqviLOA6uTaeA@CM%fDORY`N3&8q269Y1wJ%Fh6g8&ioDYXUrcqzuWv4^J~r5f-jLW z_n0@B&oM7Io6RB9M@)xIZ#CUznlu$nY11xK!W4#N!bv8J@u$Xb8b4?Jqp@Nv88gOS z<3?k|xXO64(Q5dU;b(?#89onxh7TF;F?`gp$q+THHmoq%^ncd>T>owT7xYi)->ZL{ z{$KRh>&Nt2eV^X0`-|=uy6@<|sC!a(*gkB3m3_N?z1?R&(|(*?Z~Lw7hqn7|x7)6< zjo9|tcG%)JzwIpB@iqfABz|Q5y7g)6e=PK`?q7AU)7_xkuN%-^qU+SH)4fu+Qs>bA zRr|l%Bid)QAJa~0->!YV_D1cvc2K(qJ{!){uGO9jKaGDARNfhckG-_lwEyh2cj}jG znT7dFHTPY^!>f6C6%P;caDs;icsOp@tvSD0Vym*+qq(oh!z+0>%EJN=M|e2Q!#od% zcz6X5b37d6;Q$Y_Jd}8t;bEGGDdXJ>Lb^W9ef_GO0Wam@ULIb?!%KMB$HUz`?B(Gu z9`^8XCl9-MxPyn=dAN;-T|C@s`s{*`u2*y4Mpe#$2_A0X;U*ro^DxfC^*p?YhZpkj z0v?{v!}EB!j)yTGMtKv{M(9{vjt@8RLyJiLpCujS#LJiNoPZ9xc&HN(xSoB?m*;f*}Jfrr=eu)@Ph z9$w4C*YNPwDv0+haPZ#0@$j!a{0k5N%)>wN@Q*zF0}r3);qQ6)J0AX)hri+BubsCn z$UExN-1`ev&VWDX;m>&ZQyxCY!yohTM?Cx?4}ZYJ@AL3`Jp3OXewT+wc=#P2ew&Bi za(#S3NO!U3-mj~22K*Wizskd}@bJHR_$3}b!^1D~@C!WrJP$v|!_V^YGd%n>51;1Y zQ#||>7U@kd)Ey?H#-jPA#`vu9QN#C4&l^^2-(-5f>FtPOzovtx%T3!%Yp}mIlHZvv z0gqf9ZDhoAVCQHP2E7H+wj~`nKgCkp$yT&`(hBu0GU091~n{y<3d&6Gsg_a!g* z?t@_Hc!zW8Vxd&XmZ`M<=ui%PeK-d7`Pu?vTMA71v?pE6d(wkadWaae8_$&oJ!!Dd z$q{;+QWK)0Tqau4QU;dts*?W^;)Z2J8uye7u!2{_L46V)P)9~fFyu6mFC;TF8K~PY z4HTtNsM>z;`6J2>W^k;lc>sBX4$IqP zTjdJRq{56@-B`~kI&htvY4kB&8LE!=s-1~=2^@yliOQ*AAcjrI#T~4?D`hRKyv>M-{K#Kx@R|+`Yn$zc~0JQQ?p<79&;M+}1 z;fNvV;GaaJnL2OxX_DykB_sZrCl*bHVfF-m$Dv#gzvJ0(Hk`?T0UCqho9X5BDW=Zb zy)qQ^hk~h$FSD#NeH=|x=)A@%9wX#!Ia?&gKm@5olBmr;(&{j&Cz(7h1i=r#N*YAa?QL~B3*{U3?pLs^+~ zGJWdGjjwed&FiUgDh{c4!r`muRGb(GRWq^Y!~B;ewVOHuXyDPK4+8i{7xXxQ&${VD z0X`cwRgZl%z(3pg0m0&H0jOB0Gd^(SYM;Bt%~D+>C)=H*JQMUpJXO3TA%Y zWQDC?H&tQq*G-*a_18^qQ<(jAlRYw%ziwLF>}gd_G6+VP{WTKcYi4esrvY=_ARi3O zbw?XLBarW?FEdRU=JMAPadKM1YH=_o3E$oat!0SzMx2FHkErOd=B}j z63lJI_^1I1A^)_SqwR@=91|7m-N?N-As z+hw+r>vC6z^AFA+IX{fs*st)v2CMKv;jO|Q%pyQSNT@prYy@x^Y1bWJnLdxMnQml@ zu-=!)fv!Ad$cDmTJ6L5Ctd3>j;nH9^NtDNqWiPC&XY;POyM(i>5uBT)Cfq%{J2r3c z+2w{|^pYfv5Jmp2Qh6|$$9*sCU{k70pG{xPburc<>l|$ML{!p7uTxhSJ(p1=L@h0 zFhH#WL-1h2J&5~BgzAwt)g#_!%_!Ik+CgS&uMTdkdi{M z_L>Yu0-m5GC9(6(Mm$+D2D7eWBpe84ZaKd)y_$~0dj{AzT!>92_jRBu&GV^D13OAp z0rkIkb8N&iIfw!!^PX%0%Pz<;mAoaG>F^ec18ro#Lv)wLHi$Wi!M1ToKzTC7WVYO( z+l63C62nqD;|~NSKNu6KOxPC+2V+?&2&1dXSSTn4Vv$%fosC9gnTQk&B_q*TG$f@$ zA|hi)yIo*Qvg&S-)YA)T24ZFTVv0uRwPk zGyZPkt^-Q6nXz=)Js_25zk6e@D2*fAW8GXDOlAt>>B8s)vp!SJa`E;CioguNxQ7-z ztlG*HO(%<9(jTa~UC}?wlE3~3SI*(@^x0(_1sMLxjSbhj&8Rpk)2rwNcD;p7V2Ze9 zlLNgv$d2JzWxz>4$*vCVNhIuGZ+mjP%i1whr!*t(b!I>7~((^Vzd9 z19{L?Cgu-^emU(9qM&1jjz^=2o#;e z#h9vfeyVB$%&I-{*V+Ul=rnYj)((y6Rpnald=WHuw#D9>s$ zl8|I7>#v#1`pIN=^i4-iVKaGh_s&dU{cHw9K8=V#sy@zz5!E&!(6BQS*IPCJvKWh{ z7m(+ILJ3CM(`2r|(>_;8A8qpnrXBhEKDcR0uXCxO2mVve<2w#;A+- z>{vcOfv=`t^oTx>7 zluYH(KjG#fH!z$`yQN~WP=w$!STh4K!9gr=U^|q^Crjlx@%luZGGucDwSCwh^J4n} z16z7c1NBT)&R2*dGX)zW4hqEyZ8#j!k2O^2I;Bwg;IpwpBi>jb02h1upEOixR4G(u zP&HO)*c*#QgQ1vVUqgk4l|mzp4{d)4g~ohh*zo0s3JofShMFoA^JB~(Hg;+fm90uv zU5#fI2z$ffV89>wN1LA)YRXMi7G@SrR2F7pOjH(TuKPPqUkf!OB`OOu$s{TZGjAj+ z3o{iYDho5Z6BWNQv;&O~ZGX_~16M5?OjJZAA72ys1iZe0&mV~;Dqba@wkGoNdwrp3 zBoIzi)++g|Z6Y7h>-WWAvocXxqvW%u@qBzSuRj#lqD)vRZfmjGStcl9mNdkx$qQRn}Mp`JAcbb7m9yguKB(3{^^0 z+)6&~Ch`e-gR!7L7)?}8Q}Q{jiF^XyU=(Y^@PW$8nOD40mC@q8V!t;O3dKTr#VeF1 ztWcFa-&gGOhJt7UKF}vA`JB{5KB5=O$MA=osGO+eb7JH9h%qnL3s~GGD#t7N9N$Df zQM&N(`4g38N^Xk;+p z6AD_b_LGa;&XLM6X=cYUn%P$<4rOunPvrvOn7vr9Nq(;gNA1|F)-=iQ_50zRJ}eAt zb-K4Na+4-1L!?Q2>NZJs2nS_s82C*n3e#JwCY|FW1)L8~)N7s3>+@q5?yGH`&l@0b z(kBdQ_4@sb+`8dPj>7>;IjzCayT~m%SQ)6k zFH9k%ZK_FR`=~V12NM+JOp}RfK|#GVDy4JT9Fevm)+i=SbzWF7=JiEEkm8R8 zgJM(|&>D^BFLLuHg^EPlm#h26s`G?Tgj>)-iTLb*>V2{_QW zT!g+KC==8)DS}lcOqYm48cq7rA~)$(l_Y7>S#@7rVuTt)c6TN&sn-N7$HUN?h}JeC zj3)T~{*aK=n$7>U$W55ERrZlKTvN9VsxP$4!hPqAg?ku+L3f0yds%RfeCCLpK)nWs zynz5XqqX0&Aa)e!ppl@kPiwKfbFmvNR4$u+w5b|=$@ZP@>N`|5o*gQ>iJWo0W(G0W z$3oFq?R&+BCm4x@W5Q)xt95jdo0+U!N?N(P?rW_MFlwo%?wo-o26pk`Is**bEuRlB zQMgoVvu$7GRvfJCA+5Nyek*320BxY|h)V9=g*^NpU`<6tMX(eZg&CrHFUjvk3w$BW z9!IUMf_^V%#6VOO_Gs<)$RalnYskK8U#$JIbtzU=nBgWj8Z|;JI8mofY+*^iZ)j%S zFB}#gVf4m2ozaJO2C@AX`m_$msf*oCO{JH#bD-{fZ0HQN-rE$xA;FAUyYLE%-jE-T z+(n@mt^D~Sw{ob`LmGKO-A1Y=7Va3oPJ03|w8tN=^T9?6Y?;AZi_oKWI-gkN_KZ}z zNqg#luvP6jTGOpwlgLT~TrBL)jv8Ws5M#2bPEx~N~+u0_9CTl z+CFZ3x9M@y?WWzP4W^Tgj~gF0zRqx;@Wbk_>s^Km3|adBc43dONeDst|DWT>^t@hr zNwxGQ=$!OYVXiyn(?FrGY1!h&zA;qdSWHJ^n1oUupD!wTf)Rhplggwbo>(drNd<$! zblMl2kHj(imX+WhiJB#JXNz$DSCobekS#4qMQE_iA#BX74yFskZCkf*ZIAbOu=FJM z2pJ?I$Emhq9N0_6wu#|<+ji)t7Q1>B{!!xTi@Z8)`D+vi`=Ne9oL|;Yln$h&+5J6TO-KOW zn5A{@b4h2IOZTv@Y9A9&s}-l69IH(4qGR?tW^k}i5vN_)uKf4x#Pzx_gi&P|aZEh5 zkBFzrUg4@S=F2M6vO~DZ)s*`!^t~|YRO|U|Wbb|9`E8>`=|bx@*Fd;%2Nm37!i9Zv z3Kwptw^nPn0vaIOXbjT;>CVdt^N9XzI2jc)kzm9J4TKH!DW-wYyD}7xiOFy*O)RCf(h7fzZoqAi!qJdYXKKJWcgdn=LoIqB4CE{j}Z6R8D)FUye4UC`&D>%!3s3S&dSk zm?d|k;^K3xP{|hvrgNc02HV_3_oOshkPUugofaiVy5T|_D!)XBc(9B`XdO44a~dbW z>L(3*x@@7PHc$`|l|`dUdVOYS+z=gE`R<#6_C0L{H3WM|lnp1Ux*LzK-y32)7~p0O0|| z>u`Mz;rj@m14b2vM-ZS=BD@pf-3UKMcrC(@kS-uV9$L5^;SPlFB76_wR>YeSEC^O$ z_-_~fh5+l$!ea>kjqqiJyAZyL@K%JMAbbYlhX{8fya(YB!W$57M7SH_W`tW1?nSsC z0ZITuJIYv&>k)*52(JS^1y@q{N6}FD)DvO|K7<6q4uri3g9uL`{1?J&@C=~|p(p4- z>GytI2`wK)Aay47`78?`#PvV$458N_5%wc|2;q7JLenD%e`0@=`sWaa5J-FxfwZ%L zFp6*`!U2Q{gtsC5l?Bk3wujK=9SDT(gpLm*JcsZ@lz$SgV+iCPob%B4cpa{=FF|QH zjOzywu0%5I}paT@FGCm;~}ZmLQOK zwUpgo!Sw{-S0Rve#M5-pS9mqT)d(b>gnJOkvsWR2ZuA|xSR6?s@79ZW64!=sB7z@b z5+Q&PMA(2p=zS_e7QupWKD%zj^&tcafzaRzgggQ%kJN+Erb??H;BP|5aRktn()Z`M zK8!%#Df$ud%_#g1;dz9=pk5#x8BeqikoQX74W6gttpk650e>5D%_4jW;VTG#MjZMj z4TPScF>N2(p1IYJF2&8Xk5J+DmX}CuN`f0v`@I{2D5I(`K z1e5rWvVix}`e{+1MS&ItS`=tephbZe1zHqnQQ+lG0f()qIYDR9xPIdLjO(!Ljjp6? zyDMso*-o*(-FlDZXXf>0uX&}(uN&6&=z_Xabe8I`_7~d6wGV6k+CSKe$fWi2PeK9h z)tVLcn~GlWk@_hwfmm?S3TiIeo>Rc{9-%Re=eiBl@INHkFRSI9w_vB||V4mklB| zl?`Q~_TYmqM>HrxGY<-n>97<^B~wyV5~HFN^d*x=o01b}nC@z$uQOct80EVA7N6_h zAq#a73FR573MM?Urb@NytCrtvsg5ycVpqxCvpK$Ddtb-)9edmx5?d3y66{7uN@Oq& z3M1c{Yp}?Ya(W-dHF^r%s zeCNcJnB%5IB8M@^#h9;yoWua7#*MNW5@F8^6U2b16y&egSv~G6$1sTHo72mc& z5f_@(Piu7u%$VV-4g%`5mGt|5RmYz(=fy_AF>Q9Kroy=-(^V$Cd<~oMnmnU2ou%)p zA}jn0d+G?aEZ9hD(p@R~n8fw56{X5_hE{u$9cS-RY;`T>r)WiGI!!C`3ihq$JdTDc z(DJF{3w=yCIGnp9FtFSG(geI|VNuO$4(nk~6wxo~WmOvC|H%(@u zIDJ$U$6*}T*oCCVbei$U#;+RtjB5?|nR5DH3rXY0jfY){>aX#B<1NN<@;gHk9?irr z{9nd*Yd*B_xxOel-UO?-SJSW8oy;okr7z(H()J=Oc4O5m*_SIxRNtE1S0Zvq1St!znb)`4-09&`d9<21T*_6eN1lxwBne8kh=H_t5hk1wE1Qp9 zwQc(@_bR%L*hehD62r0mDzX68QihAH5=UJMxj~^5sfZF04pys*sG}%_7@k;4mPp~~ z27DChNC|4H0al&!s0vimPRU%Z9!Ex69!E*U$i!r=QPFYrvDe2;!CTfpRV{-Xw`4nc zW@Y*+c^NF*&k`=JvkdMSE0v*Kk{lg{h6dd$P!0zAo2+SG)yZ%tGZ|u>qm<7L48qFe zU~&ZeOKdpl4HIs1x7WREVw5m|@)O{hPqer+KiXzF;LJqnU*ylGugU2bpV(K^teGI)rDRun4HsiZOi>-PhkS;wq%qYk#A)+k zis3UnN}pn%;XNxe$v`FwwJrX@87++Alw@KSlFS-C>REeXfUb`hT-) z!gYn~QrA}31un1abk`D>;QW>Id(JOAKjA#+9CG$MyPOv~+njFaQm5AOYsdE;UvYfW z@d3vpj(Z)qI<9hvjx!v~96I}N>_4!7)&42_m5t*0ZfA zSdEt7TYhYL*79k~hb;eYd9&qC%WEv7mZW8;rNjKZ`8oI(_>B3(=69RlVt%dpTJx3W zl)1;e!F-N+x!G(EnLc7VWO}RVF4Lr`XiA%QnG&Y3>0HxECX4Z>#%~%wXZ)kFVk{Xm z#$Mw_W5l@1c(T!I_>5Svi+)U>)%WSI*V}b}(fvaA9o-joPwEcC6T++P+hH5QXFt<^oLz7Gt?h@lui0+5 zU1J-u?X&H$#ch7uS+?VC2J7#vKeB$^`n2^w7W!A`(Ee5XzuF_(XS5&FPHEq+eLddF z`FLb@T%{ZUoUfDs;sc^KnikcR;t`g!Q%p~%BF z9(sA`;o({yzLJM)c(|H}t4yC=5Ypu|_n)cC8So4qx_NjO4^QLasXScC!&7*;f`=#b z@FX5C=i!MwJb{PD^YAzxF0+^xgmeR%`|YZn0c||A^3cIUGY?HXH1g2ELp=|5Jk;_~ z;Gu?t_x+8Bf92s{c=%^)`+|^8(%koZRnCCFUr z#=|lXOFS&{@Jb$z^02_e5grcnFwesw$3+W5SS%86FmGl5C4mYALHSZJbZ$OALZeH^6(=({4ftc#KZsK;RjtG zUl2;})7&?$${BEqhlhFiULHQi!$UlLHxK`vhwtLyJ9+ph4=vCN~Ip%Dl3~^rCb7sgm6|@guyfzTvHvJ`Wu!WJhw7s zp$Ay(^e<88&{XlZIb~L#btP7GSEfv~Q%o+Ex2_50EVDFL!r5r90Ee0E=)Gzd&W-jJ zA;g;-!2zjz492mCA-xItan_s_l_?`Fh6(5;I03yil_>*FO|TM;bCJfrM*B#!o88uP zEegC?6xdjqa?oDQ4ALYNMspda4bUdopVC`C@RD0lTs=9O?7> zLU2d!tW4RtL5g$qDH|7KKCUvQp)qVK?;x(KW8w{0R1P1Y!}&JZ8>rCHv>wYgsazU# z?|`>g_r^jIf(b;Lf@-Y<{C+7DlhU4SI+^kWvtbwvO$LG4mYpfBC{cwJn4zyKB2<~`MCLw=`9_+MC}D|F zrnd4R@n-KS!c0@Lm>y*8d0$&iq z^4Q3Tl*g?y6JBMEQ}ng@WAzL>12WAI` z>ftdi#$0(#<#3tS@`hnn%a`!FYc@p;+B5pGB4Aykf2MErlg`oamV3v1+@x=-JM)Yd za|NPDw$9zSWLd0oxJ2Jdn!SNKOQczQAzmpbv(&L7Q8_HjEM3L2Q`SuK0Gam$x1w@b z7Gq)yr4DYPbXMiCtoayW#Te^S24A>Y^geIYSEiiu=U`mUBGL5cV6HV9{VGU)STU4R zei$-LhCIPwD&&d6hO{RMv&flXBn36cVEt*X?x&*p)#n_Vij97X>rMA_+VLxsgJZ>D zA2)BSJ|!^Wj4$M(Pvo6Mfez-6i7`G!;8QloS5@XBnuO$s-KuPbNF2;FcdS$POfy@i zTJ=KyHnwG&^S0{NY0bH^N$7fC3o3j$0wGMfvex?gg;g`nb6N|;5Pl6eD?{w?uq>>| z#11=7o6o9ddF8My(8$CNJ66I=T{H_-)94A6!&lKFnDl?gjP(CuS-y}-|99}x|HoGj zPtfO1W`lgW{Izq~Z_zB#-KMdZ?7Qse+1<9E*uHLi5;g$VI6vilpYvMXZO##AzvK7v zFXn)2UaXaFopNk2)zNn7O+)cay!~K&QzE`M-d-j+H4q<&cSK421c^@#kn}zAz1_eZ z3vNyFlAQrY#*^LcVtjK~d{1}#P<)d}@L0Sf z9^X1n;yX$F7)jqd(4Hrl&wa~iX7jeey_Q&&70Z}*WblH=`JQcYApOtO;i*b;BQBED%Lo*|9cREl3RPUtigmq=sy zvbJp6R><^)ikAeojY`AvJDBW?jmbInbhqz_cLd|z>lD?N4#7+D7P( zR^iol#-;A|UF;R-X%A%ttF}ud?M7b)Ne9|P@r_-qFZYrTS3c_9kf!%NU6F4zzEKClc|Uag2ckC_K=< zDUP1DZ6JPh)4St6@%Em0qBq{%-JT#l8YJ8vPwXMx%^%;;&3eMl&fcNj?K?Ndw(J_( zyJOoGa$!9iw`}b0-I?v_4Q<+WaF57Wc6YqJGrqAizO%c%J)Y<$gKbMZ0n!bi18&$8 z-^TLZofz!d*}E}uiJ0HMb13TH##$neg+W4PP_1XCH&NV6s6@vAod@}%NteiM+TBCm z9j?7e)w{!pAtMJ*f!29a!D`QwaW{E4m_=#N8#=1zZ6lpS+`D@V>3z8FERdquXzmW6 zhg`BV-#bkD($4(uO@rk2A-O&1Db-v>k~`i~wU1H^a-k>D+R(|7Z&7u8&_3-a&&#=z zVSqNW35wB(j-w2n)99>@K`0kR2P63`@R_Gb=kJU8Svx>A)PHY&%`s11W}I)d!@XrV z=$3F=k%6Df9mMerb=d5_SehVSX6Sha+q%2K0))+*8J z%RNE86-i(#GIczSVOx>JY4h1iFRx4;N1tL_k;F=Pi-!_aFqt}`GPRT@v8_mAW-Bta zgeI`9NP^#rEUQepXfjhoPEbW;*IS8k>DJGSLxE&v>MWV1$t;0vqAbmIZEb|32_s8` zh5WEon&Ejv1U=Fw#@hToSXv@nZ^GsV3*Cb)H8c&&9vD?3o?SiRphvdTQffmVJd?g? zrm44yoG_fh#h9_?J)Oq%uqAIDme~#o{4SYQ>xOTHatYa-#$~f&UuEi4xji11kHRY> zwNed8RykQU5+{rDVv{IEvO`GKh~-A<8I`G(v{0rrx@qZ_!r+K|YjQXR^R$V@ZFs9;EeiZ2Qb0I) zL2HHMfwh!t$&Lp$k>i0VIUaZ=$3Z2>18ZmuJ093{TGk&8sb8DKBQ?t2yvlU)U${rE-Y8Sp0J`~i;x#e zhnQk?Moh5|yL^F#6WO6#)k3@?ZwS#uUI0awP9)NYYAJMxFjkKPm{g(Sr(h;a^#jVu zIg?{-LL_CTCe=J5f-JSS&n?wb=YC$a zrS^t7lSKT7DO_6A<^r8b=iCmd4@ruMO_?8uxlF}07?5saz5sVYe_x0Fns=W0b} zYHzBQo2k8r(d1Y{G_?;_sZx~~m`$Rl_Q`r;HMMtDDRWF2n>vry6SS$lt&Y@9?M<_Z z;MCr!mcyw{jVI~~<<#CdtAtLSTh(GZwaF@(o!Z2B;#dMawa?5$il_FW8j+sbTWaKc zYHyi`kWZb5Y9xMY?@>fy<|qDBo53tHK(#kEDiBng!)#JPwRg@cB2?$rM&*TSv#3r1 zDxsm;n-mG6+N4@>qS|}v$QISPNf9urO;ee;+2?(P{)j*mci z$jz)IxT$a)RqYZ3=`_TeL!Ll1mW8jnY}AtqMl&9tFB*x8kyzH3PByTsN-9OD<#?Fg z^dvmV$@T>xq?awi(t8)Fo_CflREh1O%0-xkmojiRM@6Hq7|Tz1AQ}~FQ{;y{gD}d_ zrs!tD3)Ns!%DXowlLHI9+finMna#-#*mWN%s}-_P8)CeFX10+NYj!SGhXpe?R`(;b zZk?1HR2~QFJg)LkP$#uC$X8Fv6no;?lHj*smWR|H4eAuu-npwMzM-pg+roOJD<=mO z#c^itbx!TQS$E66h{!h3X*ifbzY2Inzef}UHL*w#eSB=tBjO+Kt*^kg1HRLsH0v(G zGXORJ-{#H~;VQ2PWm*^s$V0sxI`k!$=jI*CjdOoL+AC8r%B>lb<=r|t)#&*Sm+Mce zOoiz*b2DQkb-sjEUsM_^>H$d&$guH9HCt3FGRJZmLSG9R8?vVj)rey;s!_&bHURBI8WLuQz6(XuV8_NsQ<)u`P9yzN&GsREi{_oG@Ap6OpI|{p zX}g$oa3_%tj&Lz%>z6fWAFBy?D#$$rEp@}%V?EVMZ&9E{fffb+*(qSvAJKU9PiS0E zxUO}rcWInYIInfCcWN9@IIeZ9cWCTS*sq1vdyVZ0+qJg!HjVWO>$TSPR*mHe%e9vE z7LEA{*ymqw)|j3!U29rz(iopGUTa)$)EJ&HTx(cw(7>wxgNyh3&;IsW?Qc=w4uiXy=fmEx7!8O~;WoqN%{(7M z`C?Fv2)7s>Z07l(HyjKELlNO7LsRV!c*EeB1x4WoV^i(-dtodv;PVUD8JlXq59P;# z!H_U%Y^wdDHxdYopxWzxgpg$&DWoo?rcs}Bd zM#M-cCQO(bZ$F+7d!x~CG~^e?O-;2wYK%rrICyieWJl2nYppQ|Ec1mS)-?jC%bsSo(|za9rE){Nq~}jNo|;-=L7THq-uK*c%83eSxTu zv^LfLkQakD7!3&ftWC8)=nbF)L}S8bwx-%2@cJDFd4CxFr^nt*`vXyLFc=F3!a}#bnf3=F-XKax z`?uShX@4N>4f(}j%qMg?nrc73-{?J&sBp2PsrCo){r87rL7~&pRQvJ$_61LY2S^kmuBO@_BU`zaUF3z=(^nHb{=s)=)BzNb{ug$=(ybBwjZ%SXulkG0gu=o zv|VmDv|es?TaH*Bv|Mg+n~#_uG+%CZn~syIqf@2pK~CA28eqCkrRlmfHy2O?PBKm@gc|`siv?p^P=B}C6;i& z)Oh>xd<6Sre-Qhd{pP0HAIAPT76|)=vbm}DhrD2q#jw9Enwx5W&`VrUM1sPoxvBPJ zf94DM@%~0EO|{?e_50EOn2@(L)qd>H;6(%biz_TmwO{mNaToJPg+WU*?FWCrAH(<+ zg{-xi_JcnV4EZDBsF1NX(|+&=Lg;|ekdU%A(|+&=g0XNE@9%PJQ|%Ao`DhgU-B;O~ zYJZTlKZ^ZrzpbhE2fRTa7#uNSudS)}`@LXpV23JPVr#1XK5r1aBhe@9wl~#&5&L6o zP=mrQdo%3^e*pXIF!;ke?aj0w{DE*7+f%==!`@8$!5;`kqlCY)&CyKz!5_faKj4oD zTOCccpM1YTK2g}>XsZ3-@5cg>pikKBXsZ1IZzLuLB0gcGv#Iv`$^J6r4+$HbO|{?W zje@%z5QTPUQ|-t1Ta5a_A6oBhrv2a##BjcV`R77cGwsLoA_hP>BAoAPrv2a#!~y|K zK*Bm#Gwla|AQp=T!QYCynrc7z`>~i$3=3f_a@`2C{?u8&`qugJ{RV%>9~OeMKG;fV zQJ_VE76n=qXi=a=fffZ?6lhVPMS&ItS`=tephba~4Fw#gr!^-Cr)q2u*ebTPZHukV z`UmTetY0)$OoOK7CWG-=gH`{${)hS-gkhmq2n(kwzgo>_^=IqDn%gy77&(^lWI@(X z@-Z(lbVB7Z*-{xZVRq7t3A4v!8)Zx>{v_Un+3}Uf&Za79%-P~e%-Q0N$5kGa-EQ2@ zjF_F&v^M>Y0$fcKCH9@kky2rps`M6$?y(Wsn{)0U^xC`Hce;lQnOruPX4<{Pcv(7@ zO-WHH2EF=N#uF5iVNWa-ig_}b5L~KeqCp70&R@-bEj;kjnoO)!Inm&%F;;?uP$l|N~Z0GbcgU^f9+u zYxE@Zbz3Trola|UlaAHm<)MRqR1bj~x~hXvMf5s-V-3?-6(zMh!rpj?yM1CbSt?QEOY>>{{8xpr9y2Vt>ld1$g}R5O z@?arTnqwh2kSh<4rRV}s&I#YCE2MO}O-600d?D2)1tQs$Uy`!XEdGU(SkA(Fln>(j z*`Oan*x{_?gDO*~4U4~I8&<<`)3&cv7%QfwHhf?9OQm#M=g9uTkmO11hw-G{<3*V& z-qDiptgYc7Th$Gg%cH~!)QerIjfKo+DUVg=QMHnn`Rm+?bh^MTY@=-faq*X(bFL%Z zo^6F4^seh+ril9cVedp4R@q%b~GwcS*mQR>+L(|i>I1b1p&kGndYpLgzYeBV*9 z|IvPfeTi+*`fKZ}trpAcET@~_X%3n0Fr8%lSEJYPLBj_97xa5|hjkZdU$1ow2Lv55 zcwxWno0X`T%^K};p(Ab<%yeEh?#L%6-10ILJKEA%nrwBlWBL393}kV7zrJ-MB&TrNS0hd8`C8k7akc z;NFlc5leL$Y%6M%)ANi%HyK!kAtnpDdN*dE$r?b|bU7fjYzy zy)kGd21DAx2I`rpXcgjURn?r=8xe^nZVZBw!KiLY1BD)_Xl96`QI)z##6dlyUdU5I zqDOZ_1NBTyzPd^r&0kg3oG)>rL<}hsi|RcM6nbFtYK1tOKdVYzJmNsy82X%%p#E(Q z)H5-8P$AAARn?p?al&37WPHVdVR=J^9#9H>zKKFZC^Q%nqlViXDimVa@~ox#T@!^u z8af;aMMa~~P@!d|(BCvsC`72CBkcDZ_cv5%Q7QCSO%w{b>p%dik;b1kROqNu=>IiQ zsL$(%sJ`D1RsIG(3X>yBp}%ONP)K-(0;1oK@7eqdJusP{8QMQnmAYs{n@EyJAqg2a zU(-N66O&gc#QBM;n)4jm5I+wIi9#dZK+q4Z56eJ9g=UpPf7nE! z5OjwguP|1?o35vh+s>D~Ith6=r0DfCDa zg$BH#fIkovZRa&q=&O`MzuiQkeh9xqxi?_@UIT?5nCzb!+TT=_x_CpI8exH!f&G#O z>Y13_s}ScKs%p-6XhZYc@5idf{<($x~x*b%ZchZ^4M8y`e&PD}{cwi9(^n z5DkSw5yuA_Ds-1p=$D%)G=i2w^gQHT+fbo9l|sMNM4?36F$8@B=R*w@xM4`}|hux7_#C2Okg>F>}{cID3LK!m<42l74Sm(b~NK9@~ z3jK5wg%S-;Um)bO>g}4lbcZ#rU%DQ4z0q~EYr=Jf>r&TN*99)G>vY!=m*D)B^Lx%O zJ3rxkzjMgh@9c73=xlSkolBis$FIRH_=@9`jt@8;)p3=Fr)HWB-Bu ztM*UXAGbehzt4V~{c7vGtPfc406!sMJ==PM)oA&><;Rw1EuXf0$nx)&H(Tzsyv8zW zNm_PVI?T_TpEG~M{2B9y&F?n9#r#^>7rfG(GWVD_n9ngUH=DtU_=xF{>8+-_Op~Uf zDQ((iN|?f?b4@3iEXJQ2ziIrO@sGxev1H5`dyN~75#uW3$wsT;PllfvzGe8l;XQ_j z4EGp5YPil2HLNzQFxd2e*8g1pZE!T6(7#vzHvPZouh(bwefrJ%G2LHuztDY0_eI^4 z;B_p}?<{o7J1%o-tipfK$I*%MPfo z(>xI2VVH*@9tL?B;Gy5JNppU)6j5b0sd->64`0c{H9Yk2a1{^F<>5Izd<75B=HXd9 zJd=lK@X*b}(|LFr4^QRcO5@!NLb}&z9$2o*8Sn%i9?!$$cz7ZYm-2844_!QT^3cIU zI}dF{1p#>$;1ES;s07p3qrc9H1|KJ${Fy-Jp2(4f5O8b@bLRQ{2mYg zhlk(g;SnBwhlk(h;kS7BO&{`@gKp8SuY(_$3}b!^1D|@bf(U z91lOs!_V;W(>#2dhfneFQ#|}64?n@fkMr=qu(nu;ug19M{{K|v4EPZqewc?Ja$M9} z$u#@5{>ONZf1w}b;p05~01w~K!}sxUnuk+7Jj}!Q^6))8e2j;Oc=>!3F93W19OP zQRNKyZ#;aMhwtFwzw+>HJbZ|U5AyJ>JbVie-^{}Ycz8b#@8jXUJbV)m-{^YZf{?DH zx&Izj&VYCG@Gc&{mWOxn@OB>F#=~2Acnc42=HX2|ype}D@bG#bUdO`<4<|8v7h=l2 zQgi>+R^1-WM|GVV^Lxz?neR4FVy~Svcbns8pZN^)QnO(CrRlq-XG~9;-fMcubT@X~ zSDKQhZd2UkGo4{tY7&gUG=A6kjPXh1dyNkn?>0^vuQVo&-Nv}lXFS8WRR5&@QT^Te z34K!EsrTtm)(g7lbkFEMsOxl{5}@GzFVKuPwMXl@8D_6y{_k7|L6KKY$<--^+nfH@Tu^)>piYVU|I1^uDifn zxz=^SHR>9KoyALBJ6xOLZz1XuU8`K~m*=nbN$aE5yR8$}q_xxPvz}}foR8a2whOlB zY|nsa@sRBn+m-e!?R)HT%Xh)mc*wrmeun*S<=bS^3Az(BZ`#kUBl7iLE5k{0U9NfU zU)c3W?D`D5eu!P)!LF}mSNkKjoUPjyvz=kHSbu4K_661w;|DglG#ZjSYOB;z_w-DB z6SbURwN0~Y7rRE;^-OX_d6&r72L^S|&XkAvcHJK|OB7Ph)X&52e>KEU)b&15zq;Q2 zZ~Pl8=QsMe`u;aQN8*=j?mAA-wf~L(&EnVSujKCk4;H^(e+w7?uPlDI{vj^@4i-P8 z{~#BCfW=Q5x%$76^@h9ND5t;HE?@8b9lIW3*H5$SG`qfqU2kUB61%>NT{p9#*<869rFnBfq+p3bfo`Fh*0+4WoO`YGed9G$lsS93UQjB(g)?BuZ3$n}Fa{KlA5 zr@!Ib#t9BTWxR#MhmH4g_yOai9KO-`K@N`^pXTshwxU>W8v4eUSc3#j+3aG~G-7{op^- zf2p|o!C#^2MfxulS3gL_)elx^{sjGZKmAvv|8AxKwv&H9@Gbi9@6msMArgsmkMt<$ z{Qpk}{-1#_4lMfY0Q~3wKep*(o8G(WF|QrKlJkFjj=kgz8=wEcFa#I^3;~7!L*Tmv0T6qx#}Uf&+>71=Lr8iL3?b<~ zFofh!cusO4`B{JR$NkCA_>-UZC%p%TP?h(<5R%>lLr8iL3?ca={;Is^hfwN0KZKd~B)#W{ko2A(Lh}1OBtY_`{^Upe$q)OJ-UCB;*Lz?H zN$-InB)tcQkbJ>kmG}G*O1@A)Alz2}FJ^qwC= za^6D%B%ksppY$g$_>)igljr@($NkC2{K+|ga@L=m@h7MK$y)!PUl-_}W+G9hUADpIqXjk`IGPVC-3$r_xh7}`ICG6$w7ZI^IftWv(I1%Fa#I^3;~7!Lx3T` z5MT%}1Q-Gg0fqoWfFZyTUvFa#I^ z3;~7!Lx3T`5MT%}1Q-Gg0fqoWfFZyTUvFa#I^3;~7!Lx3T`5MT%}1Q-Gg0fqoWfFZyTUvFa#I^3;~7!Lx3T`5MT%}1Q-Gg0fqoWfFZyTUvFa#I^3;~7!Lx3T`5MT%}1Q-Gg0fqoWfFZyTUvFa#I^3;~7!Lx3T`5MT%}1Q-Gg0fqoW zfFZyTUvFa#I^3;~7!Lx3T`5MT%} z1Q-Ggfj2k;{oL@roXCX2;ZW$uIJNnwT!)gp!y#%C zP!-U!gqm?ft5wYE+ymu;r5ieb+_DN?LByn^X*n%sGRuicM>7dAo=k?ga5!vjFfrQv z1w@Px*fqzDDSNsSm-(TRRa6UeL3E^|88Iy;lRii&YrRMOnH!|m+{HW-KE{9~v;hXVWa z)VNkL%T?a0@FVok(TY_r8aCGLL$f&XKJ2|PDnMFj2*Byg;R=9td!uUN%l=)|NlUai2?45B9<6_cq< zGQFIhcvO~^xRl}kDcsfd$_CR@ny(;wMgr*>ui0f&Gp(A<9~&CiO|`%eK?hF5>JUVd z9EFuFl@3@CWFRS(iKn@L2zPgXbc0Enoi8JjP6d*5>d*mxSk=zy7O;@9SuL-YrVRdg zMJ?H7t5W5Mri@ZGh&U-K$#IxR%lk`;%1SaVDcs+OdwL$(VB&J~B}802khl@6RIOMA z{-|0q3jBepQM7|d5u*|euVetP5P_7ml1y>m3P&Q+29r{lFVv^faw+7XrQy-0S+!Et z=0{Civ!;#8T+qs;WTH|ck zr#PfeA1Iv#?#>^rSegN12uXsF5-|7C+odU!sE zNP1gfhaE*S)jh^6f8b~k3CXCONs6fe5|U9xPNq{5_ZQ**{<#e%!J5|*31fjIc=>m& zq!$WE5N^)El|&RaCvsvrkAo5=kxaon`t$InO~*Evrs{ka(R3t`rc>klWA~1a!T)0? zhlk+*WBh&-#9~*72g9)?dA8FoM9)W1onkf}5 zRp)acNbo0)1qnn-JQ`1>;{gj2lqBRt5(J1p2?K;1Ow;uI!-%Hwz|Qgxz|o`pF+(>i zh)JBV(d0TlK62!6PvFa#I^3;~7!Lx3T`5MT%}1Q-Gg0fqoWfFZyTUvFa#I^3;~7!Lx3T`5MT%}1Q-Ggf!7X! z{=OaDo7)tw{d4W#+dkd?Q2RUDZ)*E??_c+RrMKMsaIf4`>Y3=dxBIE~Uu^q}wqI)d zT-%4+&a~avrqqAAVUBCR_}YCxYndVNY9nxy^9t9=Z3&0A9I)-05qjdb$$9xK&ZTrb4s^(38t5=_Hl^cnL`NRyP&yvpE*XZQClhf&&uVEwk84l8H@V`=+JQirQ>lw9XC5KYqg?z^xT zN38&!9{1icrxpu$+#QKj&1%6IBrf%^t4Dt5&^Y)xYdD0A9v(Xm?pJaJ;(#w=>Vy1R zdNg8J)oRTi@>Pphi?(^7WLEd9 z;F(9~t9iA`Yifzl8hp)085Xabwu-%3q7NO1!V-9diByc7Q9&*b?ZF5SKLVexR?GHa zELH_SSyiJFg~1Uks@1BQgSM~}%ozE^SSp^7laiE5rj$e`4US2ZORAWenTh7-vK3Po z)Drjt1^0@$I$JH43r0-T3|#_mkr_jjlF7I#YI-`J)H0fEWHWNYKrRMzxoiR^fu`l+ ziJYPvYC=z>lRCKOiW~ck(zIEzN(iF^`d%21k*Yf75(3{0Zs(AXFXHQvejLr#f$)-T zOd8Xw4XFAHt7wi!)LJ!fRR;M(YULa_{ zftyfc%Bsu_@@OuBTdqm1Vqny83y`VTwCW%@A;WVKI+l89B(K{B9WN3|qb?bN*{PQF zgJy}gfilsL!0*^SJ_jBvi_t@X@05Xnhz`}N;CK}|cZ?3fs5ntI3-<0ExOKO7d5yLE zhZU_wvr4*&>L29Y3MC%Cu#uE;b2+tO8)eIeho|e~i+uM{3*2m0v3EngXqH?TS&@P< zZ4?H1#Bm~#yJBeS-F;UKO~c3&Pt1=wFVEna>&(%ad&4!2*80n@`Zxu)IgNQ!o&9fu zoSHAE`{{ko%T-M6r6Q$vU@4y(1FlpZDj48K5j+v*%&C=lR?aNId>)JlJg^NIp}3Fm zpOZFrnpqzdq?q3ceNn1T0^^eSp~Is*jP%KpS~La^nOeoNtz30NI7No>gaG5PXq6^n zM}TSJ!H0Ya9v;PQpgt#c!R%3^-toM1tpj)${)DErEE%Y~c17UBjM+i-(ZH?jypV-i zXbZa|n1WUqce!F($U8I4df=8S0viDZ!?sq1QOyI>nJWWNP)l>mM(j@KWgGYE5beRP z$^B?jK>Ku7Oh)(bzXW?bR#a?BR21 z=Vc2Qs@00fOC86x{oboBX0i4d0t|r-MxejTp-)Z|icabyNKGNp2 zeU3xECfkp0@E5;PtMC0x_&aY@+8A97ft3*eoyrz0oKRiFlUNraUpni&vI)ye&yNtP z<;it#>^*K&T{pMHH|&vGwP0E2@P6KqC0SRbgdiH3xS+reRmd2UD&#;pBPOz0B_+pO z*w2rZ&<6cP$yRg5NWlc*`w(pBkJSo>O?L4)@Ssj(Ff{q9=G*xx@OoX#lI=Iz_`<%d z8mmCv6)dAS_Wfuxlmn-+#+-ql&VmRXtLD)zR;U=Zp;okf3~zuXIfguhqe^rEc7;{d zL^=gQ70UJfU13fD)kU=edtTTBg5C$7x7EsAG+!+iTG*|_hCGp>A4)gyRoL&#tL@R@ z6Xol@N7wvaQ{OfDH|nr8U!gncPTC@43H4>8mZK`@W2y&=u%91YnC#zpk(?8(O2*(*2T0(y4#r2p*fM(33QTujdZpTuW?uMS$Q z6@~yqfFZyTU-@XF(S5%g*dk8R80qKNo>`t z@o-`Vryw(Vqr^k#VQj7jp%Fc%bZ~qErgRVk)))6$9uyPNBm{*`#zPl4Va**e_H<`A z`pyyf%x68HX%Cq(u9l zx76sY+bA&(Cd^<>@B*djs0aa2WwGOQON~yujn1rt(iB9bhw$H-&QJ@D&N|h`fUkL4 z-Jk&v;3T7BCKFG}ozpFR=a^G*!LdD`xz-*@M8$MGlS*~|bxVzw-9{f>N23bFHJ8Mc z()CD7jh5U-t#vdShuGW+IiBwNT1$-<+(wCgcxwY*j>iA-+(yY|yw>^@!j`8YX1UTo+(M(X&dJ8qKII{GiV{W749&FagPvRM9R7^_prpqlgdem+7{&h5( zjwa#$U|Jq{Q%j8=b{i#@H7&s#2PT$I%d!L;!3Wp88Eomnv8VgoFMPgLSYW%Fil$&Y zr6^-hN8Ebezm9s6(Ug)B6Npmw!w_HyFa#I^3;~7!Lx3T`5MT%}1Q-Gg0fqoWfFZyT zUvFa#I^3;~7!Lx3T`5MT%}1Q-Gg z0fqoWfFZyTUvFa#I^3;~7!Lx3T` z5MT%}1Q-Gg0fqoWfFZyTUeYf?FL~1>s=>9*u{-mp?b63a7_VaBE;m?GAJ2bH5x5oWM!0$DF&x)_Z zw`Ny-;F=4w^Aopnp`Kk(Q3(C^3=MJJ92f2hb#v|a*Nn;>f6SON?P_JNE8MvxnxHtS zNDu`_fuJBkCCQYMP%_*fhQr|loO;clx>5z!{DX*$F?gnD85!d>yKHKvRkQhfP95dP zYgzti#X{i<4LgV?5#rrItO$sl=!=~Q)QZuhl#0u7?)SrOZ9^MO)BKI|4{QaZ=6eFE z8k;q=S`~$b#72Y9o@pD1Zov1pa}gO;XNP51)>N6y(O=cG}wAtQip z6!s(;Pbl&-x}hYQkx=lA-wn67-?qVY*XB>6zPvw>>d}f-E&~a?F~ z1X+|)f+RsOlOW2{K$!wzWR_C~QCHGpDxTzi8z}qd4X5mQbIR^jr&az~tyDrJ&6w3Z zOuV91HTY2@Tbr7K+#t#zfJ;(|E6e8}gmy`0AZ}BF`>k+C$CoykveNu9MA=ASpLyor zh@~6+QFY4T$ALsGA4F0zniNGvN-ys$6vIW5({b)M!=0V~b%RNIeEujR=}aI=jmc;8 z<5d-hK!thdp>)4h(2YtEeGq^(o`SKsoW4Xfm6VfGg8OQ?tLw=Prmr%87}0lMAblf6 z{hTq!kEmK6Sj$Mo(2Y{nR0}o?N{B2QM3xdwrZNc>esT%dj4RP}T!B!m+*iWg-4AXs zS<~|e5n1DbWDOTAOV3-ilFqB}|M9$9DU;+qs&f|Tuz@HO=l7*N#cGv z%tdb6VEStF_aOR$89$kEXeonvcGxNjjVZ`CpKB7t9aa)z053uDZ{uP-&V4By`T9mn zS?2tHL|Gxni-I%S5B)}c3RihF(#UOlcJdsX7u(+jDOpIn=h>8mLi{aj%-e_v< z`B6m8p+IVmS~EsvJZ}^V{J2&z%T=_dp*|Zbmq*pA8ZiFk4A3P@0jvW`Aedx2C30U3 z_kC)k>6+)}hY?{@frOnhvNk4b)TkO77OGC6ReA&@EyPR?!sO!bGv;QjiXJ3Z%4rCG z92XPI#Y!lF$g~+L#eE^%U)g9XOY`qWM6SA2k6JY(TaL|EjZzbdQBFnE=|ln~tEB@H zND>t>oshZDhc_MHXp)|ozZ;Q+wiqi){~+~GRn%fbDyG{2vV;eAS~8kZU;r*(tbuk( z1c5Wb{akoJ+Gq-A=kG!ko?4B<5nGEIvmjkrwTfo&`%UP0)di>bX$bBw%1W^PpXF+TPf-Ng@A{9VRA}S?;QjzQQ`)1#7_kFRi()G!%XS?!UN4k{G?{xl6=hwnt55E|m2;Up}o6!41 zbD=4Cxc>VJ_k-N`aF20$?j(0IbQgTE`_p!(`{xG!G5>bw%6(njmT<^P;UI{ieK+K* z)v`Spi%kJHs%4|F^NSrka&UNPT!7(y7FZQc#cGC;HBQ`k9*`=YTJ#`;2qt9!$&pF8a{Gjybhhxa00fByv{_W#4^Q3_TKg;)w^HEAJr< zyp1-{HMt*zSlEJCHtZdz4SO*5^6lOZ}YG*SAz;l zrhO-G*_w{vFV;$Cb&lUzsTGV}ck=J9_XfWcae8hx{rn&Xv3IoZmwD+}_)cOR%m3huVv?DHGm%yX;)K3+Iqn%%Q#8 z<7zUIPO7>f$thJ(^mtZKlPS=p8A(Ic^jtcp8(W+!d+=Mg)9SaWdLpZ(a*A<_b0vd| zZlguF&X^_Lnz3(luB36n4qEVL#JU7170RG|z0tXn!o|1H;w^b|D*xW2&XpwQ*dHFC z`L`@x62{G`qPo&DP&KOsV~{^Zz5_P-crQ{`XRv0?vrnetV8ql1`L)0hAXiE#uoVTp2$Cpau>u0= z*U@YpKD%Talg6})HVFR0DjI;1f;DAhQIrq{%4lQCs>}`6(U{bzJcnNfi1eCP9R&3! z9z%dF-D;87ZKFVTUL=X2I;sM2)dNLPDK;_*hC6mo6zzOfMW4R|*N^hikHAA&8EsTC z{>vYD8+k-4>bQ*O-^PPv#KS&sj?ZBM0(yZ65X&pBfO@G=h|9~X#qDZjxHKu9S-G@m zmMhb?;eWXq^|l7o+vjZm(=Grd8?<5PYUL)y8VFs`>4hf6S+i=ZdeJO3DPICTM$HAS z(N!b03hKa7vjRPfM+S6_rWG}$d7PNoO*#%#jyk}NW|%t$um-PWRY`}qRYyRSDd_G9 zrn_^rIj7^3j2Lfz(6tVK_4b31gMyhjVSZIJ*F58h^aIQ#XE}Wx-GGIs6Wahc!hRnIhdj`<>n|^&33K9bfDC zg^rin|6Azp(9Tc~_xIe_xKDA39|iXrdyhxs)Lo>9nF|l42s0O@e?nh2NqA+R!%1Ff=I(Vj2i& z1}>rk+K@*;({TY6(1w-?Xc{i20@@H3&@MgdT*=}NeExpYfkW#T&<-8o$LnHQU0Q3X zkFi*`7UEkF%T7U)cD+eYQ_Tf1k5c8ZVaf4XF=itH)Tc~AJ8?Tkg%(ggU_s9nZBW4^ z7BnVt+mlE%oP?*4E)wfl$dX)_`C#5efnCKaM%k)VW65+@lM{(tCM)XMq$=uhQBCJ$ zUDb10!-&g?q^ji%NmeqcY!1}ON<6DchMI*_?S!EujF>9N(+NG96XHrPB`9KC6EaYX zkd<;7T~;%qnlM~}@sL_M2X+#N4b$dh{JZZ{DDjXOjsN-Qy2JEC5ZW1=ZcDF-P4nF*100Yt1>`e%b^LP%_Eo* zQDJ8Y2|JU%obIP@aIQRz0lGx@jYF?vVTTA#fwGQwpa#kz{;|3Gs=o>kzLvE<>RdU4 zyXg=evq4LJV=llffR3H;b?jEbx$+RsxsTQnuJ5p$u=000S02PK?4>VkZpP7|>eIfe zJ5iM@EJ&ajHCkEo*|Q7*hCqu5fS`OF&q^vN?*l~DI068bEDTbsbvgwq81m*kjTU1cqw@pidB&BMG27>YtTto%s zeI7yiFfO2i@;<+y{3hqhAzb_x!g2O(0d-*2)YQVWuqqwItI`W}Rob_1VY#(494tGp z1&=kz&aE9`t)R>FNGjLye9|vFw|GkFioNSNXY)$Lk{FZZrRr2k0!cYYOkPoM+C_&s2s#{Xh|Hd?_jyp-RaLVD8i5@L@rm+&t1@bU z)$Ux&BJ;Y>XqRi_TI5IUafSdxfFZyTU%G6;D|LRc^Ru1LcUC)3cfPH2bH~56eXz}L+uHUs{nDn#`)}{>@B3feAM|~_ z?+bmO?t7u{fxi8HvHEZSP=BodE&XpH5QOh&5sI)9`b3Mbtor!HLFY;Y>l>fbh%Pd- zZhhl%FdPHxBwn@ogGWY&4o;4r9zQ;I2rCvdxm*sep=p8^j~jxbrjtT8uIWNN6Nh`q zsSH?@=GLHCte@n70X$zf14P!5$Yu?iMs{U&GeLBJ45^ch*(!R%_eBBriYqGEz%VhM zbQOP14J6|+q;K13^TiW3m{jqHkMlz(j^A_S*n#7xCn(TJuZe!hAv7{r^x)F60_{ZU z99W6g^@qWBYA2j4ZFuy|-%3Z1d)RhuU9{D?62=RdGsv0Wd%mb$OT5u zs_UUqw@uk)s~Xkvu5mnAOK7l)2s3%JY81eh7wQ$Vb7iX6(Y^N&3GRhe%^VmRVyo2pg||#PDW}CaTq}nQhZ(q#oo@M@2bLiv zNE8nw7a;&P+u17s{UGRU_`!_rWEzY-tbA5RS@ zhWC%bMbU(`UmhEi_s8Yr*pepWDfk)6BxNNr6dy?`W5copx4P5&!EsJNHxye>iF|6Oc5?ilOH53 zc;$`a@&mK^Tb-9|%xs*uQfA{CpIx8Xhdv2iU|r9=1MXeHERqTZDXmk@9+=y$Vi$(@58u28^BAdO9WRN|=4LFA`8ky~D5tG3lVF15H7mds|FjG(^ zEu&|^9-$u>(M2QESTwHm;R3p7Wc-T;+^p)w#nf;&gAI2fx5t-zL&+)`Kt?ytt&3F1 zwyw*U(+w6?9XN+tRAmCpxQKWOF2wj&u>H^W?9-fcr4!GjXDlk~zA>y6@h;}@@d?i^ zhHhh)UX_4*37&1tYIhQvYy=|LVwKp>eVe<5`(du{kNbYU&+b!uzY$4A-VwQ}=Rdl( zcMf&l(b?1St&UeZezfCzJDpCQTZBiK{DwAj|C{?;P$7Jodzt$r_kL~)|1KTPoi8uV zS!){Rpy-{0d$*1_S7JD4hK!rN?#`^Gi-w&i+dsV4k6_O+1Q-Ggfel6g0&TUt!32`O&qAYZ)=7g70Yk4L_`0~b*FYL8#Of_s&3#l<%fUc6^Z!J6s(@7$&a zQlRjP;zy{$Yp+k?m2$2KxO9>-^UnI^r&aIX^@lgu1=};=GKI$?%KNFyls)U#EO=IL zatjYD7}nBjEhre4Y9>`zWt^*6MfX-C5<1ZJZMd^pS02%@7dAw_>y|DxMVl)mUzUsWxGgs+ugXEjV}!^xs#2*2=9F1 z?i2BzcJ24GRdC5R4YyM3I&PSh%lERd3%VUoJ-RpAQ{M$`$GLPDv)j*xoT|sFFQAej;p^QSE=c+q1Tr^Lj~?1w;=3OcF_>? zm6k6WPdis`!`(Ii5bdsjZR?VY#_kYmezlkkUGJbJ-|ESMv9r}TcDCN@T)CBeOB?+b zSA1Uw`+~*g&A5KLxa{#QF1I^Zw&2njZOVI^LcSHedw-{~Rv zFa#I^3;~7!Lx3T`5MT%}1Q-Gg0fqoWfFZyTUvFa#I^3;~7!Lx3T`5MT%}1Q-Gg0fqoWfFZyTUvFa#I^3;~7!Lx3T`5MT%}1Q-I>6M_Ejr@33Xk8yqfN8iW$ z&iCnk_x9b=*WUZBZmoNN*DrQ0cD=u2vExTNKHUBbp_8F~p|^&5xPRgPi2F3WQvdxU z`0LlWqwtG%Z-0=kh~1 zgZRIGtnU7Lt8@85oKM_eKj!y-eUo$fG%h6}sUD*dsV?Q6%MXB$(@^O7A?$ecv30wR z9x*D_TGcG@VLG}^A&Wm7Y)n$4@cR&P%uu88?+Uaj&q8zNFwE#AN% z!Glv}!@iS;KvG(sH*MawibmBe8a8&O)$o+B!2a8%EYL#wjb`*jjRV>@e zLC7kr7&A&j&5q5OCEc2_1qcf`ZB$~aUNlP(w~AEgmeMb^WA$&R&XntcbZRBDs>so@ zTCmhY72>>9XROLO8@E$3W`wMoowM_5<(yDd3o~lP5UOfr%Bb2xO|XR${(7|lAEDJM z;8Izr=FQSMc&2pDj=3SLd_k&!cw>;4MJW>#<(RB&ydP|j$K8f=Y~rQ5jtVd2c!74{ z(&$q4XK<9sH9Y551kbKq7j4je4&qkoX4SMxgS_h>yGc;5T3}GG$Xzis5$?V#R<0O# zN1k|M{yyjODLmPp?jn=T4ajue2iB`Gq<}S@^s=T+ka5DB(f#!O&gJ8n;%AB1{m0%I z&bPgTcxQb`PVf^#4*iFWqzQvFWn<` zZaGG{bHhh>yk#HV?{qGY<8IzZMsa|LZaO1iKpgW9h^^gF$lCA0 zFA-ULcAG9KVlt^DG!U)Fa0wBuXFa0zD9$IM^{ijC-t1f+!KEZP#Vn57_sql2vvW|;^y^$^~^C}d?2C`&j_w?-f-S#Eg=GxSJVCP9&uibdIzZ`BjqE86#%HvFa#I^3;~7!Lx3T`5MT%}1Q-Gg0fqoWfFZyTUvFa#I^3;~7!Lx3T`5MT%}1Q-Gg0fqoWfFZyTUdBf7|ng&eNUubf!AK!Tmb-Gu(^ZMeZyV*MEN$Qw07&Z0wqY z_y;+^T~lQ-Bde02$tmy;l1`uC(Nsna*tmgm#R3N(;93uS(N%4J#;oS~tZExc zg*xHW`MTdbey0(git=Mct7=qtwdylOEtjKeX)ao+m10%Z2A_6GSxV`tlrF@jbVg8g z@T{n25-B0AX61M$7dJ%72=p6rCw~aM=z$x-!-i=`Tqk(xmo|asb@S% zj!8+^vxvZ})vBtULw+?haCm5yz-fn@S(U_e@-_9Mw_`W>yyNd38uqvtse2PaB`X!J zShjNEDy7YfODhy)Ke#w zW@Y2|5APq^KQ+|s)%%AFL-#Z*E@}Jg)yMf!t6*w#e8oWX7kL5#SDTd5AlEXyTGIKFRptFHt?X3hpmVuE9K`it zw@K$+7m4ee{@^m|9A>`6J?nYoqwuUZqx+KXTsCo&&u2)JZ$KY~yRlQj2|QzvSHgNa zD2L>^o``%;Lp1?)pxoy9Zi!nZX}#nY(9bDp%X8pS#LC=no|&L?8xyp9!mZQu)bP;6 z!}m_`#)RO$2Cf&$-16p-`Q*)U=a5^ihkAGZG~Pg8ytH1Fx3p%+b8B?l@K@v3zKb6^ zJj(ApeB?MRm($>pYZ7^=je4gg#&5~AY&77VpWuXY*Q&lDJr2fJ6CfIHBjuLeM(%Jf z=kd%Vo`%l{xQ*n&?^MZ}DZwP2@=nsNhI2Vb*uow%M}z!EUJs!Jd|Mj0W#ZfNyw5?T zPi#mzmv#K4O1`Lb?J#m&hw|MoakDRE2rvW~0^c17^!J_MZt4tk1AjO0dwpAb|E~83 zd!O&sdfOuZ5czsU=={GsKiBzz&e_g~J9l-y86NwT`#aB-xgqX(M8(4!M@rv`4sGLV zXEief7y=A||I`TF=q&VNftx5yFMv;ISxWai3lYy&;R5)CUg*IYMCW^9yQ=1tq^4^^ zCaysI6*;X4*|?k$;)<%KKtmW$rKC4G3*Go7qVv75Et8PbsdxtYgkI>xB}C_Yp`r6# z=)n0z=X=4g^S#MgXvd`_+{%S|xE0M=Xd}9Y6y7ylShv=9s9XkZ3=a8$!kbjV5wl%2 zOH<&dxvYXZcG^_=?37u`S=dMPT0jU^$od>dlTD|=pByHRhe5Tg8zk}yL|1YBJ?mHv zY?h$J;CDyiJ8&eH=nA1#ra*68%i>Tc2ag;a9vT;pR;;szR*jKlEL*U$v7%~MA->97 zu@E}~byp6J51S>mVj6aA7!w7mYW%1H(OvH3EnCyk7Z*|Bmbr!=ITMq_n4DauN0wru;_8t- zN@E@TWS4AX(wJ6lqEGe|dezLH>?#`kbzNG~(9K%$x~iSsm?uOth}~14H%hvVP#NTR zOb}oi-laVXiu0fjtg2?oKCc!E4b7s!?}(MHa;@A@x}vNSQY*qKLa|&$1wpFBCUIA& zwji=R(n`!(2;+I?93k_}RU=-{aaIqqa$QCkFtQM48AMZg0W_5hoHwI;!nyn;QG)Cu zL|vPrav5r%`?!D`B)X3a0ScOie&z}9r)@ptTs}`et(SaS_!>C{D2pD)Ef8hVh0V?9 z9VlWR!;cb0%!SUivqp|7WCp1eV0@gFG_1{0?-o9!Tq0p+2yoL|7e= zyT99vagWUW%RfUJLD+lRK3N=!_m z-5zX*4cNowt*W4deT0y&m8yaK4%}q{2*ib#Uq#|mlR5Ys=cl3u6?1n~?&g(EC=YQ85Z*Yg8J0?v;Z} zjn9EPr5KkdCIT#$CZP1xkyA;fNvS$LPKa)_PQapY)u-|((r)NR1*(}iWFIPzm8KeR zknf!=)x3%V??>~f2#@O^#X!Tx2-CeJiK}g*I~a#Zz!2D#M9Sr1Lg_UP%olCLD5Chm zc3GXl>MPr*D_MYrFV{3U8E4_mm`h(I+fVK(SJhCj{dzH^y1HRQS&_GqbuyuP6|1u! zSi-m9b+W#MZ-SgR`Et6S8F3bF!3e*vM%Te>(|gpXh`<9Qtjv+Qg8!U^h|Qo8tj``& zT(`o3RZ+sGIWXfUOR$;@9;yd|o)G9*pAcZq6s^)k>`2)l!JpLvdI=9;G&^>hMRm%U zEUTbI+qrvU!o#YFJ>F&NdL^@Ny2YXli04<^7_=5I=i$ z+ow8{I=UvwsA2x3v~2!#pR;f?9>((>bQlNd*VfLJV4~dQn51s9At1$Z6TC%~BHhP4LjG!h_ILacgsJ}`H}I8#pB#8( z;P9ru>R0=Z^zZH85qTxD5P3RsHgY6#Yox2^?>h<|CptE@f4lwh&==j`)1iGKA#_`) zhx=df>-%}aS$H?W%{;KQEOd^W_dWb-C;ECrZyXKfGq6D$BCLFz44aFuV^;3x{;PUK+3W$TE)sV*{(#2 zuXx}(TQOjze4HOgw^8_m7C9lcBMr{odc1QlgRt$I!CegC-20I^Jzuw{w;?ia8Khp` zD)Ho`)W))@suw|=2QdT2z%(43T2{g4Yc?3t)5B5_9!%JTLxxeBHY-*M?OK7?@ALBd zi(5e^x*O-r(0LSS4@+<6z=at;2j^>ityHsXAdnR5uz+S|FRq4aRxWNnTRU4*L}%eH zoP9s7-D}(01YwSAKl*AjN7f!gfFbb4L;zS*%FCJ@Q2I)lIIzMb&Zav?2Pu6MIEN~I zo$ab9rE|Il_dAm+{6{eoLPpJH1zFP-H7DsxHl6{cuY%vAN?&JNE}lzfGNK}Z(pSbs zRO#z@l)e%!ph{oIuk;1`BoPny~u%=6w6n!j!}u6yMJtrkaW)q-W6 zGRGe%fmW?#RQdg8!LTPrK(c~$IZFEg#64ot5~QMvz)jMEZj<_j`h8q{ z9TzDC1fFbKJ?1k_G*)$MmjY;!3xjYCYAU~69|eOj>KlYNlwcnWvqr$V^;v`TEO+{H zx}R=$7T$#i>N8ZRaNZcgIVca@j+}6Na)Nf{^1g)L+!cYN0b_O$B&8|1*KC6sn4wl} zVRr;8e)v@=Yh{&(X8fORr-tL@#h&lj@jnatRda zH{HE7($9MI5y0|1isdyZOOg7vQr2LFLq{`iwM4N@3d*Pisa{v%jp$?ohWtZSX{?W##Gotg~iWG*X};!iou~j8p)1Sy^uY;4_K&q9~|%@Q)$wuw==S%PCUWdB`%q6p{WAWFf> znr1}7fMOgk092N~w0TsWHg$fuRyk)>tDO&WVk;c!ozB8BT-{zeIJ2;<8CB&2@ zq!eVS2F7VZR?(91pLj}9)TFG+Sx{Qsi{GM3i;LSdC7zKJ@tgrli+gYpRa#v1C@tQD z3n-(#=vP|6`QCn9Owac&(wj=p-RUfh;Wg(2?;$Mp;=0uqURyJ|fGkzdBa^eWAh5b) zs#SH~!MYFk>XN%ruS*1AsTFNlP|cX<%-G1#F#&A9;)0kEL{WB4)Ufh=oyJl`7l0b` z){OR_R;{8LM126K8O9VWqJ#BCbrQ_Z@Np6r*X`wCmO0a{@3)zEGz6kmY8~LhL$!mU?U$Fb16YFWF35B=2S40&uCgEr5Z^w7rbctt_B~6tzK}ep!+u} z^%k2iv@PGvgp0u^s%GJ_*pbF9VDtrOryFn&xC;5OfycZ0yjrP<##{`PyVaT<%VeZv zN=&E3cpB~qNC~*6TR*{Qe(#XqS*aC_U3c>DrnP}_pKhqTmYj1)@~d|b7@rBeIx>Ur zF0i-X8<%@M8ff=MFx(uDX)7I;1TJg`4Hz7t->MqOSOQ%c@U{q7-uZ&>iOTYWk@@Y; z)pk6&oOfY?HZma41pC9xXD?Z!LyPmPeKM#o+QBHV{sa1 zlg&ZM0OiRdx-lFM5#>q9*q(_?*<@Oj1wE-I!Np55C1i3S!X)HmE|JQ~GPpn4;w+*Y z#o-W@t&DBCbT*Mm>2d8AXAyb)4u^>HBxE#{CyS5b0-`(#8Ghx-jm{$S2ObU)i;s|j zEk2$(N8e$ro6r`(M`y;%b%YH-8Q zfcqo{41+>L5#*Z8kfm&yPZ_wMmxyESg1|RaPH9kPN%ehxuzATbXR+jy4vZins@1NA zDPF|$s6NF(@L4SQa=QCNA?`-FelQTA{=x*qPF?)X&uZ?=7> ztt%W4Wx1!;_`4!ET3YyobLdts)T2Uv4;O;JhK9IqP%89b@G2^HKgjT_Zk z865={K=&5aiaI}Xatvt;GlCRPrNf=FD2sw931X5L9H#yY!#{CqW`w)fupoOLs;^Re1P(qNBiWEdpBAQ5~GpY1)f)deWIxVG?(0$=> z_(wOGAj>&`2pS6{=+O8*$A|cFbdZU3lJT`4k9}qO-gY| z2_QQjO{L>Yj@RP8*(@qlG^zf}Pn1-M}`6-0~_O+iQ#C9`~7O3`#8 zCCjPMNVv1}mJKGR;tU~T&_Vig=5gxKf#ox;F(QM=5@Aw_aVfr>EHMfNN=gn50a^dC z!DP*coqdQd6X*h_4}T4L*#4+7jc;%i)LIE7q{_<5wypp=~5Fsh(DX5Kh=O<^1@-ml zl#vC?W6(Ai3PGeO(R4Z~12qAph*BahiJ=6L@*5jWis{4=DVac0Jk$O7_{fpN0s8OP@R3%|(#lwAlKfJ-z6degsGqf5t*Du~PP zsaUl#NM&FTIR}QV$QCjPMKLO-;Xo~5sSu;G1YU)u(4FCdflqDlaLGHn5skqD=AjyJ zBiQ&H1@T|yM=Mqt)JOruNSUal$Vz(oY=#n)pU8xEhtXKr*xhM=`zda7I2rEx(XOps z&vunM|99t?yX3A@10NW8wCzh>V*~rc2M3gaJKz!e+xGiyUuyfewhy(7--0BC4$@oH$#;OkJ%jI&5wWju3+XlTz|+bP;>>Qbi3{QxlO z=O={htW|*!P;0Q+rzYMHfX)Bfqd>KOnSMUvEDm55qSHpPcP|>*aCM+=X}&zbBsJnM zX@wdX9`J~=y8hx$UPW%NN@^8s$l-iAo2!9B6dAtpMFY&N?H~Sa8$6pfq=AvoJot4o&wt(MTXNW6mGyh zy?O|oRAxXROUucdokiq0JRBk>yrGAv2`}i-yKp|$sy}o)2U)~x56wEW6%O4{;Dfqv z&Co-{Vi``vh$#X+5qrpUB1S9{=!w`v{u8kmrkzD%KJdwh$n1V--Dh9N40PENu7os9 zmDYk(3ujyCc8YsKf~-nZ2w^}PCH7H}2lsr5gAOnDD`x5K&ji!0cGBf4k)g7bwH7~vjd8~-5pTuc6dOUr^^FMNv8)CG`gJ> z2A#VvaT?mh`@#t9m%)XSCs+)2+~i*{APxb^-h|RC!_nfW=R|jPYoBiSozi zK+pwc;2hkLgsYe6DyM2g0y!Rqh{@?v%mYRaQ^>4xc>L`SNg~M2m5dD`^&!H>HB>5rS5!pXV*V<wfy#gU;fecysiRMJ7GP0q7NUBRh29Dz(nNU)xR9sE!*%kz? z;EkQ>ev3`~lYw+(RLT`FoFF1r-Cr5pYeH^kY*%vfxs_>dQQpK+E`)%JgHRQ7#W{h> zaE4&aYDPh5uy#Q&*#a2WfPW1E9H|IY=o84Rv7ozNXk~&0&ni*5i%K;h=%il-m)N8) zo2_OmuL*(cNwcaN7&TTWU!eDf6g5%3a#$zk_ z(P^-0uZj3|^RDAM^F^lR#C5ODA5u%;t+&GOJaps`k+2}7IKIt5o%*fDlxLkq;!|gS zlFnz>UTVV!CvgAW-t}M-tp{GOFQLiqi@nYwar^Qd@k$$-d>w1Tyz$b#69IX*@C<$G zY1lK|iH8ihVBmGl>>uHvL#xY*fzFVZ4RUCcjByANPX;;sK}I?9Fw}}pt~LJM@UyWF z?OczuxPxftLUh0eNC<0~EB;xsPRAE8UWu0=s;-#a`mnS34q|^uFL6w+qC9MQjoIof zz8%jR;GNB(-&uScE`5TcL$2L@b~MM6WEIk0fxZq3IR~Gk|;y;cEcH@ zXiX=9#l6M5NS{Hs8%WF{db{Dw_G~tl77bAYds{6hDDiY$NTdHq1_UT?h8|sGAHysm^BDUqt#p>Q3y!R7a zai*@(;>lrQb45uL%?Q;OED?pTQER*GUSfaW9CvGn9UA!Nz?UHcz(+gp8psda4;}#S z?){72-|8**7(L@XLp|^6tPDKf`IgT1j=${qsgBDX?}JxPxWCEJ+qr+@eu?`6_mkL< z;1{5#9~}6efyV|OBg`bUjk~u+wleTh2q@Uf&v#K|y}r5jYd45!g?9EVLx3UhIza$L z7UHCeiYzLKEFe=rHt|B`$tIG_0k0&ZB1wk$q@t3Hx;>rFfmweRE}Er81BGMM1UUDW z1YL$RZn&licQqxDWQfBmD#@tZR6QfZV_6*}nK7>b71TNEX1q@h+x^l=X0ZeNmIqjT#tPVv{Sc@ z0auqOs1>^Hqt@LI$pYN8pOgN;k&xPbvC~<+8xQ$sAE!h9b*v6- zY8W?u;^gTABl#=|(o@)fYGlYdMH2TOJ2^FV-+q!%Pn}fobMBx)4sisRYP?523ct6i+R)2s8k)e?J?=i@Ebb+m zHsXamqy{Jg>qBz=`aKe7hU)j!t;e0kJ*3t8;^OM}u8GHiR&NjweyY_|eOkR+oy80; zeH$J0ogNh7j_>cjP8MwTnGAt7BLHF?iGV_9+N7(HihGxd$=kU%Ig7+SA9ZJ;ZmF+5 zAghsxC{$LP+$JUrxE7qq#z9t#;d-dnY0@LBkq8x3R-5$8YM^xz@OxD2G)c8i{o()M zws02Lwy*7v+Ag#e27aY~v|sM$`wn&eZP(Yju6BL0%jr7UHQ4pG@P7|~Dtv!Zs8AMkMM0HV2L_GtXV+TF}=gu*m|$C zm?ujOwL>@DrDh#IPhf$W!u8Vy#@Ot2Qv${^Ib2GOWehi3=Gstd`*&{GGdS1r=PqaQ zDE=yc#MEWXRYRf<%;*nfVOTvTUJpv zKW(bWSxg=xsNmy!@~oPLYiZP1E!~~K3Vc8QJh}pFo9|U^Frz&<2N$d1sBGstNM^4v z1pZSY04utRClOuIHDb#Tv-uI6U7yWJF*AvCs6Is7p2~{JWKz|IxDii-y;mIh09CU> zDh&m?kxt}N;C+1YVf+?d?6qxbN`vRKGI$?foWMnNvDZ9{{X@8*&Nh}U_7CD>y4Y)V z@8b_Si>EQa`5@(|+WJ*5b$cwtpZt6dt76tddJC$U>%tBL?EUS$DkqYAMM+hXlBy@u zx+G;2*@T!$=9GkyO(=Q}x-2Pc2{ork@tm4LnQ)s#121RkIN0pT$*e|IGxf^=cC84$ z&7(OJE*{K*yCSO?104p6Z5GqjVvObsV5<}(kH$3JM&69lF|gCK;W>QE%0}7XK^DA? z=SxT_A=uy=9aKW^)XstKNywR{6pnxra06hex&IP%k{D0YZ{C04aEkuf@L7c%uxA=a zXK-$&#H5s~((IFuSrrBg}p(6c`yWrl{+Qf6dC9)&wa@{)#Hl%7c{Dct~mpk|GPMDRy7qaT6SbKqr9jRQxJvyuq1ekz$wLBvH#*R^CilUq`| zq$V{@RdjHkcbm4;#Y4iPg`1Rj zH7o^9bSqF=t|6O0>?}Tj`ODM2M0C_{xLyf*ejRUWu6J;)`ZV0Ro6bAG#h+)NRG)S`SDR?a(s0eQ3!YtVYN7g8n@@p;ik=N% zeMYTrfryw7wqy=iIUC!y){P7$XYn{5m?Q{%NNc`rYjEZMuCH)!=6<=Y_ZNGAtoMap zyLWHzyLxZ#TIibT+SRqC^Rw+AZl7D|uN+wd&>9*fLEbKSztp+h6fJ!@e5{iM3okr~Bf~&ebh=B0ooWT;}U| zIrXe>-jNSx>~!E`ZJ}o&L00wjdL*@|_gl=n69XNZtzv*rDPChEhMCh1UJQmc2E z(gzzubJfGL71(EEfookaIptg>29oo8DT5DK;dr|7SYuR3GFO((5*U@l!AX5of?o6L z&3I7GQ@y6?s_NFkzjruS$rVDXVl_86W#l`Zt2g3_G(?H+Yz}YlAGYm(?N(scGDF~v zfWS@8RdNTHEYt zR+n6nZD%S0jN+|cMqzGW%N7zC1@C1P<~ChbMNsc)5L)9Zx%NUCg;{45fKzMt|HG%b zn?v8^dcW5D3%#d1{{v$DeX;Y$J3r9*VCOxZ672HZH&r)fH>LXWeJA@yL*I0N-yVu^ z|HAzR_gi4~{{^>q8h^Q2fq#UO-1Q0$-TRHu_XoDYGCc?sorN+HUk_k0l6%f~V;bCQ zfDQoyt{G7XRv*h7W+ks?)rvJ8%hyUM0)qe%&;^j*Nn{M65g9`;O9J=<(XAOHq6{55RMnfu{jZr zxl7yOo@G3hO~^u4Qb27gt8kVXH&h{;HN;FBPRrt%6vW~tr|LvF<}PiMG{XWMUxFP@G~oQ*J=TLW z5wN_U%g%vQm?${U%NA+|9DJ)qAqU>fz`GNii5G0442p1}I%By@4j4S4PcdvEmB{1_ zDUnGgj7IG6Q59U5^24>tIip&o2io9?Plme};Fm8*Ne;I!5*wxl_Z-D~bh3kdsa7ap z6`ZT(^&Llp0}brm#nZ<`A-&Y!npef>s`Ok%ccrYs>fTH%@!mDf}p`shzTQ#q=oy`Vqva!4*v`PKUO49) z3tQ)VorSY_EI1u>GeULg$g?zDO#NZp;;H75+Z74+8FiH$wbQ+p1MG z6q$NdEtzJ4KV6%$?1DONpEKuZOx%Oc0=0hbqIJ0@$?NJQn6n$~|G(@1XYWnG55gDB`_W@A$pz|NiGs#rD9NAFTa-bi6>#m{mL;B$F z4F3Ayq5g07|78D<^k?DykNW*f{B`16iIv2AiESf)KC(RW=E$em&ow+=KJG0s4k@Sf zUhPnNOCxkGaZ2yiZc6WC-V$SSepey;VBWJ~KIktHG={@kPzRjj`WX5m?J5s^%>XGSWt6huo_HX+ub^ zYqMH*cuUMPJAY8V3Zi1EKYWqAI{advx3q=!o@4rAh#dPjtuXY*9f|B|^n#(DvS7AX!qu%zO+lhzcFI>Z0R#bI)2>48yA}j?oP&ps=kTVg_IhGyh=x;CpS?ac_z1y)don*lWQWhSP9j8IdwT z7SMm-SxbI*>J{>TrZ5P-TD)OR7r%jz0)k@hCT}SmzbE$EjT5?Vr@STR>3WinZ!q}s zDAOFYo@LQr7<~e29SCkNeR{LEw3BWR&Tf3wXE!b}FWUa?0CwXN6WVijBdVo3 zt!tperyUx%W}4A>eujAN+wo&t{y6qyu`kCKV>7Xt zEhHK)a$?`Y&p+r%k8Qc1m!QQi@mK#}tyQ4^r!P-s;iam#bUQuFzRX#xuYHKA{;M^& zVLrC^t?Q$^ZZ%u;EL2XgIhgjauY=5fqpZRf54g>eh)~D^TYzvESW}^AN{DJ1+c(OU zmPb1b&2s7q1j|e5Whg33W&TG^7m|qNnN-Q|qxY)t*-bQzdk4^6dr0&VYCxVVBRrIg zOovqBBI2~!pt|>?>-Uy-mUM3%-Q$-U=@NMg^RB^`=Ta}KOHxQz#b(8pxmId2e;d@@ zC+M#EiDR6+yJ8aH(t{?~ysGFb0?KFPys8(#0W0JX=R()yl2%P;bI8z)bo7N4>5T0P zN!@j>Zyu=&q;qPDh-AzIZFhFuZZ%UDr4hY(c!q=Esc(jN}Y+2f^+R| za;LJpkO&D;r1$KjW&G(3SIX{V-})l;gp|@DZ?s8(9`zxdV4bsz8tL3qo}N~7`2rLd zR5g>#Wu^2(_p04pL6zP0>4tP=m5~vLCPI?!3X!}^Fb7C0-2imP&ky*nKJk(F4*ah1 zv9f;>GFmE=_H9w_k{BG9>^`Czmr6+`w;GGJx=+pO4z{2^X0}-4;m#tql_PzUb>^gP zyPqrv9SeuOlAKwSMm$5@v-_qV9VhH*^C*~{wJD<2&^p;}9IDl%=X9m0RgID&SJPn9 z!%R<=i`g8pcGncWq*gPz)75^n-2%DczZVKKpP)0R0Z!vNg+brO$TniE*+Y zplt%lxs?9wL!Z4@l^&8pb)K3ycA`w!5^dK^Ry0?-H=Mghi|c=HK@68yEws*{_&N(d=uvp?=+}INQd}LwzuBV+sS2Lla(sKt6A1IVE8IU5S?6{mgI58oYRAoY* z$Q2Hi4rFp_@o@fmX-Zb*oU9fhln=ca*?BWY&Jhs8W1&vn-8tFEJDVa^U$yE9Jy|*M zSnKI0+@nbsa+a=3Vm*X|i(@=Qp)&dugmbT!j!J~*ohgM+F$jceMj$*2wMEyAj4<^? zZXQmLa3yjnvtcFcI}quzB<>1Z74#v*AYJ{I?s=SgW8TtkO0#}Z=QL{|X}VHct3xv+ zt{vHSwKav#@~f@NKW0Fxfs@RFS8!J4Yea;`jB@>y;k6#+B3&RL5D*9m1Ox&C0fB%( zKp-Fx5C{ka1Oftqj}8Lc6TcYSGw@Vw=O6C;XFLD?&L7_S%+AMmW_Nxf@j_y1PY(aw!0THd+Ir{K!Nh+Wcq;KziEr=tr5*3@II^R#{UZDM=wKp7A`lP= z2n50i;F!EDzba5iWs#A%Qt0b@(rT_)g;#Mz8rESDl+i14DVNsZG&GwlD%DInQ%t}7 zNpC4j8Q!mz7{mMZD^}8IIxT7vq-#wVx(yPXT$*OXnYCSqnksFiKO0cbI7Q6CyPI+( zC~(ZVb~D^2H9B%MVygmCex1mMh$T5OM5)2p943DVnYXqXQi$Dubn@uI15+~m3KQ{n ziv8N9sj*nEk>t~^ReLryId#x#Xe|qh8z<0Dx31+tMMkVZj%x?dS$EIj*-G#0NlNb60Rb$BR1RfU7~NWD)el0(u;EVFp80}%^6lC3h-+4MMoRDSvevtc+y;}909dK`oTCnv0rW z&e-oQeTtSH=Vb?1oh9KT1k$VfX<;tCdi~C=&&F;EpVI8#uo+(JcCZh@{p z3rEK_?qA=Xu4>gnx?&=#)>47i%r)*`?`YgFR;yur|2n* zjOzE4NZwdTFF$2?>;DwHr?>CjDfo&7_42>kwd23^4R)6izx~Za;CXLpg6&`y`6~8C z#BM)K3`j#JqJ|0CyFo5q=I@%hZ_$jpg)0lbE{Gv1Jjd9zjtw!np^ki&jk7NCz3@h0q!hA3<;KCxpc$5^jllIe(*=PsKjO>MPR^N&#P-?Q z6bNK=C#vpOT!#&r4M4)bJs5%(4R=O-A4hPA-v~qrsyoQ4W z-u#gK$<@iwfdD4=&}5FuYs4mrc?0A`;A?v}q7#dAiaFrs=hSPv4O7+A1(*imoMIjU z`8oAk=$yKfw$0C}*SgQCTf8OaE|6OWy%tyoZO7*6A4tW9-x+>&_}oA${-g2dkg!=!dVt`1gPK`uvgX z@wR{PksOv76cBj%khgS%UURQ4FpBk!;Mqank@U)%C0cjX;}jHlb19{ent}H*;t_*{ zY=o<_YRj(64Hq%L49i6rFT61WZ8TENBD84R6&5&bL38!lhvy%BG~-UsJ^I8W>SNBm zRj4=PP5&S*m#mogx(}+kdM4*|YOxyZmPe~_f(4%)zK;%gKZAz`$CaV@*IJYp%o^UQ zrVJ%#xvlAPWwEI_PNzFAo_er;pre7)ky9p~!-!7Sc2dPcI-Siz`#q0fX*42M&^mFn zm8@HO%O+mA=(lD=#y3z0rH(@3Y1AOjx>DRrQOYnY?U@-^S-`cO?ZWdL=n&ag(GTi% z7h7<>W5DT-)uN+vnl`G}_}~gDV@8JaAHNkQh+DjXB=wHD0lT3Tz7xg!a`?A%rx zuWSRJx%_E^Ka)bLVJ@(qw9J|b!bEN~9T?gz)@;q_Km=G^<(#TS^eCHRc+%#ZO}Nyf z2GlZ~n7L*RWEYv9Srg3?fd3Vs%hic=G1KEU{bD7-BGirM!|YDe$eBP3NE;TgcN7VTR~?C<{EiB#p&} z!C55Db|uBEUQ>sUoSZr(pBiVO>$-lMK7}QI+N`;VjB8Cpi57I^^oi34j~*E(ToVvW zkA{h*H^>X=k*<{C*QdRu!*sL#n9MiZ)jgVl5ti~;LYB_9&DJ7QcBcQF1_6wz@YSDL zwr`ULVKl(W~eo11qW zN`n(VN*SE9n(5;I@Wo3u3Jq}Ymk4r$I-^U0(FX-=zYb#J2467c2gl1}v^w2xE;4hx zhs)(hj!qstaP;KlfztVV;jVQ#mvnqXyHwPxVc z?7%VFK4OcMrKtl?PL!obA3u7`cXrmX>RY4KfnzY#W5GzEU%a`vuWY;yTQI-yn_mES*i`guu4jei}J~=db?7)%Z zm>(CTV=7s|=RDLUK0WFnf!z9i|gVj*( zDvEZ4BD3bXwMv!cCN_KrYT7K0XT9c-{-Q%O=n$6G1k8sP?S@$%J4{kfk-uOv3foq` z7NJoNh}c%7J0bwV-^_eS(n2L-r{hM@aIm08`E1)VU4Q(cm{p-(CO?liJp(sfKpI6x zbozWni^vH2IGUWV_%((CVF80sQ#~2H#&CL9jee8i0;sXmRMj?Mv4x|OEF)Umf@Zlm zrw|RDoqD681gnDpJ|P@&h7uzdI-dl;>#Oq5vfmFF#*qf+3Ur-hbizRaoWq3k3BU}K zXliw>E5+5Y<3c6yd%LE!SXu`HvOXMguXh#3O6o~FN6TE&&UhWJM##eW@_jc6s$L)< z5D*9m1Ox&C0fB%(Kp-Fx5C{ka1Oftqk3It12mW&`5&NZB;ztv;#4U;bk^g=0#|FPV zxHy{ny2#7@S3K6XET{6C4`7_9jJ{;vK1RYX!&sf^&Q2dRu8K6k|$v&_?n zbeMQbpI}lWD5wxGLWG?!9cX|>Tw?*9%&eBLq;q*WV`kyo46$3~V#!F$1ua`Bn1+!r zsksd(&-#A;I}xOzAOpT*9X@)9n;fk|0^1Ph|IDYq*5%Qix@%uYXErSTdBm*Q&QwF2 z3&eM&3}inF+^}UK|A7Omf)cp)3One(4?aS`XNE)hgOJx*j?+Ipwfdsfg?@$2^ti4sk_)2dm*2_M6q={9I6iEcFsXs z*4rj`TSi=%bv&5)<)Zx1QhoV`4X52yXt{=4+KF?vYw1DkD_Gks;IEf=4I0Qh29*)={l{Bp{>$TXE-JI34l5DS2< zI>NX?djOjA`yl-a9Yb825?GuzQ$HD15y5RdkLNo)R1*ehGeb@Lz-D zVpZK(rT(tuB}2zUP&JhccJhN`fG34_(yIEy+n#&1JwAC#+84$RGHisy@I}*|O^z)` z8tBR9n;Y5T#=47zyVP5WzomH#kXBRAcyuF&b~3Uz;4OB86hx@ZC!d+}4A|RqV_SgYn%P{SG=EOff7oi!v>eRr-V@mk`R@`;cyEw{}d2iPyZ z3R2}$-o^d&@OXq*+NH_cLuh2Zi~DHtr+M+gjlma-4aiq{%!$th0s;Ynz(*f}?fril zyDfgPFL5HFCT<(~|3?1V$p1X@ZvU?j-qwG7;J=UXun> z4m4k7xKp-f5KB`g8dSb+EL3KhcBpJMrF64TBN+3F-qxD7J+Ka zYQ<}K7n#-1OONw@d^8Aj(C2}UXYvfkAqnGFiUWDpUMes^@VVrFF8QB_6m~A3zB_-L zckv*l%{*ow6t726ct=gB5QA`bP3hQ~aS{_!+ShK>tT_@k9Kj)Be~g&1u;_w5ET~On zhm5-r0WdL5Vyhs&BaJ$F)SdxXjChirPGAtkA@)&XuHEB3_6y#{?`3r33||fb-DoxD zeMTCb)UJcheLTW*T|-z`vsJfTYA6oK!4TsifP(dmfS7DO)9~ZT{ocigD9OmI!Q%D7 zbs8G@R%|QZ)M@YHG5Q@d)QZ>lWYv;UsirG(Q7cvCY=wlWua-&(GM>#=l$>JfMdMcQ z;!*mQKM}k0hMLc-nG9mpUwn*aF+;6*y<@0#@d(XehFbA@x1rWe-bJPs{c(=pt>h^W z0)2vh#0m5|c`JwQ@8b30!BXs|?js6ij(2@^CsLTPoL|qbk>fXe7bj^cX5$vG6C1a5 z;S=7)hiUSsct>tLZp}$krs+a;U&9JWRJWMj?TOz60s?_+iU2kzGg;@GbB@HI%jB_- zi{YI;2TRk7%z&LAU~_vmBB8(m#;n`<0XDb0s%O-yl2@xZz_PRnet^w|4zLW(;0M@T z&jH3P-}wPHM-Q-AtnX?$kJl7eQQ3zMftSIPdW6yzKfrlX^(z+itwR)0*Ek!w{4Ybg zcU?%I%a+0g1Qq3s29X9`a{C98z}1)j+75cI=dR zBPLueEziR&M9YM>5B_XyB(BB=ox!nzpC9_#!0Gs34H-ixw}bz5 z@MpGU0x(ozcC$3zPAZ$v zXgt1UAYo<%NYPwjd=xO!g z&>QWD@t~?GfuU!8hB)^^WIb*P%8L@znUl(d5Ka6I?KLV)D$y$rHyAdKZN2ZQUhJK$sed_4s1T$-#_Vdg5q z49sXFeA-k~TY#3sOyG%z#%H=J9?j>xi%&5&NQxg35iFW^W3GW6d8MqD=e>(hvNo6t zptv2dS~?;+FzyJmMyi2Z6Qxo_{19~WVvPHs`lOpRNaO4U@P=%w;o{%zO3i}jf)>?E zc+zq#JDKw?o~93h&+swc2#9Aj1mt>D(`N3Ix|N8IX|1`oBOQkZ(SzQ_Q}n|*{$Yqo zv!S^envcEv!M$VfIQtA89%r)Hgjw_Hu9V@SpSwJ7lBnTKR}H&jvEfHQxEP3@2?PWJ z0s(=5KtLeyK}KME|3YkM{A_Ia9}j^e0(nU&3G<;M|>pq7qLHx{YLCJ`kn!I_Zjl{b^jB8B+C6OacFqmyRzX1UxZp) zlM?PPpJDXx*^kDPJ0ut$+t=+|$KbwosP_}r^oZa=9cd^c1hg(L< zL%$OdPFZ((7i+YB=7KeTwo7qS@h;BM+$VTbVHd1x%tS1ep!t2AmTgPnh`b#m0ZI(>E<~eXa zd4;l!C;{jiGR{j`C+13&1_{YTv0ZqQuC zOjvUrtRuq`l7Ql369K7bNL~_Q-WSMDBJ#p=l!)v=mJ*Q{$WMdWtmOA(nNSyLBm1ASH#0^Rt z2riN?sl^;T1-Hzm-Evbl{Qu2cCS=6K;V)T}o2ob93z*iI|M%Y%+a3SD__hn%et6sS zBdOt~ksF5pV)&Kelf(aL_;+gll=1kX#y7{TLwG+7A5FRlgGoXyelgHWn2l_eck zmI;`Dn&-yg?{@~S5u8~W%Gs_Xk0z*VW{4Q!Pggp5=maE~Emt~hx8P{pfPgpj`oDa& z`;xaZKxazlh)2BrLy9^f)&*47Kj*D%VXtv64|amrI5-37Eq{oU&}f=VP6aqjCNbMI zgm1wZaPaXlNYI_9Ndyj})^CtZGTL3<3L*pD+85_DR&Jyp@K=Cy=N;b4Hk!g|b7wVezOt2ObK2aYwE6Si$_N`dmr^@j$}+^ivAM|n z+*2p@?kw?L9k?AQ>MNy`qK3Sv12AHjLW&T#6vQIHk@1<`o|%AOb(%+S`Yxvju{_8c`;-VUXzy}|Jo4u8r=oa8C0*5G?r`21%m7O%1 zzu}$TIi1`?#SB8Gt!$@R{0;B;Z+LJEo~0T5PCL8DDCG>Zn9a$RVn&yuvr^6Lgj=u}Zt3i9)hK2)c>2zN%)8j8SuC(r{A>_p?c#GZogYzW@7%dgfAh4{eEl7STq;6N-bI%lXg?5VC+XQM<~3}9 zUyaBE(nip`4EDkmuz!QsY*?iy>bY%L@R&{9rBmWI^n3>5o3FDQ7C@|emEh8lsHcDF zE-rUqqKLaBE{BLHPa~7Ek3zROq6ut1B*#yWt}6 z>CwsY14pN)o}M~2acsZuj;3xJR=eKokme@uqC+Qtz~3bm!xrt3Hwu=w1b!y&Emqz-Sb04`cO`c(5-Yh8yC zc?;O>mTt0z4v%f-41{oF68x!=5P;J(+688TwuD5Y`Z*@SxeJN1f@vZ%Lnevl2VrU1 zuVjm@f4E>etx-Hv=qm+}6k1F4cI+2oUypq;){1?O{?Hvd&>Jx@-iX}0o1OS~HoJiSv*SMW!`&Re>`O+b8MWS@o>kI7R)4pQ5YKl{h6TV9aN>6QMw9ynn zB#{NXhc+Ux`4nm(36%Cxf2#YXc?;fDsV_H)#Ph<1Y&yY9=af}%x1>*7jfRC-hc&R1 z?voB7^q^Ifo^H?B2tYXR%vp=~Nw%ZYNRRb4{A4bM=^<4~fv|z24XbLIc*jvz796H3 z*>%XaP~bmAT-HIpw-$9frMWh2alrF3WY^T{De%fFsk(-MMJ=A^q=;pBj{Tin)F5Ek zbef2Y-@bt7go7B7vt!ItCn1)|A6eR42BAx=b$X;JBtz}a3DH+y0O8~!78@Mh?Pbny z@&CIerwMBy2^J=>3c|Q0txEnTPn5lMM)yiQVl@1l7$nZ3$=RuxX1?GEgBbkM8rCzO zDsY2BT517CC~HZdL#J4CpOb=zER1HF;55SCrNM@G)kGb*wfK)dw)i^>akzsX5@v3# zfOvalnzihKmo!8w)ti z-*9chcKt-xfj9h&x3Zh{WIyl8)k!gWTp@nmTe*WZz}>;LH_WuZf?2`^j!- zq~#W@$6Jn>wA_@#%=NE*gSaA?S1^7nE|Oc3xdZc4h7Wry%r7?gu)Pr68Jv|R)e#{Z z`sGHu-lRk%vyLffCweQjWyB&);tOvKsQ2?ShOCeK!V#)7N zgZN9SAWWQV)@=B#Bh=jZlM^I5c0n!{pjOy1Ku|B+vopw;u8|L(l^KBMFd>iKW%|Fn)`8FT(R+tYsE+=2$a`G=d=&j`G z!SOm*!dbXt*3EiX1m)svWbBv0#kt%&ZynYOad~>KnIz{VebQ5XO{QN|Ol6c5yz5)! zPF-kOh_-`&$lwqW*S9ifA2>2@Sf=mVQC1I!y_h;^w;jiX(n2EzmW11O5FjUC$Re~( zDW551;Wo6Wc6@7f-Ns?gkpf{_`Wmxu7*Q}yud|L+iz!eOH&;H<(BaDPFYGE8iV>#H zWXqbd;MwRfT)7+vGX)%)lc$e^JjkSp_Z!COxjgCF-ce4!j2^=T90Km6RWRIoBdGM0 zI}+v{kCiZ6IwRRn38bKdSKy+{)n)>z9cQ#aw1^pZEr>WF2L}Pw!-s)EK(uSG zRVun`$;r>(?ycnL4)(r>6Ket0e65!Ctm`(3^~L2cXdH>mRV1fj7YJ3$d_?*w!(Y7D zTS?OqymCJu!H1Z9+{ZjkK|4p42$2X*>oiq94V(;>Wj{!XjGz@D#LB5jI5Vbt7g~)+ zH|eG=!#j|!AiCjB_U^gxj$<{29AAxh+%qG}O!U?Y*WOcv@2X3x*{*vNbjaMxx3h(^ zEDPv%o^z)bBDi+`#<^mH*%cPX$X}qlcK+Sija?)TG-e;67c^HRS&Zn#Y39NS%l&Ye zCRp4BWnAW-nJeQiu2#k!@2Yxm%?AUzq;+*m{2~w#2nYlO0s;YnfIvVXAP^7;2m}NI z0s(=5K;Uu_*xvt>u^s)T9XnGy%i_ z(O~?`eS?E1H+f{UFOHCr@m?k9)n}nVT%q8>1 zT(OXie}CW5(4I{m%*=~J{$P4n9$#?8PsYTlGtwy%LLzD`*t))l1&yMr7h*+ zU+NnkzG0Kca(>&317t8SM6S7zg*X-QK+YuTHB+N11ce@=_OoElyTq6w zYQ&jjzEH&U_0C=5Oabvv(PiB!3ivx zxXNNvgXSGMC5^^8B7~3Jfhy*(l+8vQlxni1meiaYKi`)~d}EWx=z1@ZF-}I#VQA5I z&P*C;WU}qnY7-e$F)QMp5vpUkQnHZCWiq8z%ai7mRJB;l#GmimwrzTo zM>yv_M@IPI8Y6_I3$ANv>cnwrqS3B%iFMR?ipio<%%&s8Q%oX2bgr0=Ki9W?yRymS zsd--fTOb3Ph#b&*LieaK z<&#Bt?8~h_6S3$DNhL?l%lHDu^y`~ECev$^F{Lo32=ZgKHDK?_hyLc0rECr+kG-># zPb!F|md?l9eLEq=-&}Ed&2!dXZj`=_@;nwbHCYTOqvSHZ1Ii_pLJ0>&-01^gn>--W zg7_m45C{ka1Ofs9fq+0jARrJB2nYlO0s;Ynz(*T_?HJy0-(#^YJNy2k@896aUUfd-Q)(M;E{2+K+sPxAa8F3MTdjEMu2W&=h7F8+&6OE@MyL)Nxx#2v9ULHYlW;)%BHIoG;zGEi90^- zEghpN%vLt`M#olm=_t)$wz9D|R@=%hJx;Tkt!(TKZY%pEHE-!LYNz%yk5D_c*c(@D zD;pAo_%vxrRdOIV2`Ex0ykeV@FBEOPn5r@HaWFqE~8?FIUS<98- z;=x>PFH0(0wA*gG!o2=3Xs$l{@ce_1X58tyN1u2^eayMH3Xl-};6Yk0SuyW*A5?So zOwKo~3_1oMVa&TOoc+`A0mRWlO39_vbPCRI9an~3W@}MiFl(@cGi9w|$ZbuRnY3+n z*TR;MaGP+-G<_@HVj-Q*!plfD4@2HU9{xqRiKpKa!-oG2cxY?cj$L)BWwF_iVgJh= z%mSa5fe;R6ib>g>lwnrdGc$1C)`B+=*OXn`uF2*(>Um`KINik-T+bPBI%l=$IGv`A zMl>=D7;YhD%*b{__S;ew*+EsN4oNVkMr&0pI5}%AcEZkd%$Lb@xUDuE$r+BR`zFz} z(uTRfdet%^a&}C)(R8Mp+G5Q{M4MIP2VAalPE{g$mkq^kK!_n<{3$Pl#Gg?;n}K9B z8S+TRX9S$_f>t!E@cg2b3Tm#Z!p1%eiM^>76+N53n=CpRhL&&$Li=u6qhA#%eDU!xw!)Q23yET()wks*82EQs! z>hO`1Q>Wxp3DLJzmak9*u zB9mg|Pp9Zci%}2Ger-|;zEvI^A6s3iZZ{XDa{1x%BS$9>9yoe(a`II9kV$-$m&>DN zzC+67gra{XaZFua6-?`*JaypM>hBPYOPV_HnX8!6wUzW z+O3+SjrAD86BmVR`lXjfrIcnEt7e3J!d>4VqG5O?>MP#4ixfX_=#Z2;GjgA z)6EvuB%u>IDx*KTrq7zAG+fx~QLS0H>NZ!GMStKeTQlZ~cXFyD7W`wh4E=~hnyX>1 zR&@ua_ARR-eQHYj)T7d;PD<+(#onUf%P>5?WHwgV(IqV0wrj3#8{QF4nlqYHXIO+f z+2h#KFWJ?LPo+>) z(Q6J_CNt=wD@~Bd4)D)Ec34WCl2YSR>WNjegtbdT%kdpg_aZ+7dMYPHD?LXARAV%v zv6iA>c^8uC0;hYL&Hf+BN9WMK?#{^R1DEJ+Myhxz2YX zha|xjx`r2!!z3mE!g}$b0JspFaH>m4cD9h=AQr#U&C-b(P6)=1A1~qt7hWbT&@>?S z&BnadvKutm0{0!emTQsi+kQND>1b=AM$@C7uk>`lVKVjld{HxbYo_@vrt5aqR1TlQ*`_7?#F4k02TVO1#ji3?D zZi@8Tk8qdV1u2}pFEntIRTim-cX)bdUE!|SsK0a=EBM9txw8mQg&0&de1dRP4c`Ym zynhiVoJioFE}8B%tOK}T&XTMYl;Zw%{Km0&e`5wN`0ZB9UP#t;t!gsvm5qD1B@@<@ zlVZtoO{+L55{D8TIe5mG(L6W?u!UKa4O?y!c9+~n08?il;eMsl>+lD99LoX2?qEpddA?2nrAx<3 zVlGv~Tms@@E)+m{l*}jbS<6UN-xVxrnEVNOr8Am(&1!b2*(j=tQb!G#;jntvAhNix zCf}Dn3#ioNGXDH0y`|4GPirNYi=i@ySzgdR*6LOfWDJsRD(uL;aPt|B}AWE^!ieyq#Ts zT;aXm(x>U9F*jqeH`jABw)Aw@{O&q`qqp=FTdgEEcRxX z^RxTBr6+0b5#Hm$_0dHjg6R(?xgdHa5ctp|u)Y7=v0d?}V>>5y{OOJ#+3}?v>h^!R z{TH|Y)b<;Ozcu_1hu<7t9RBR^zTsPj{<{Ag{Xf|MbpIn;ey?vh{^#-Ek3YTY=ikTw zN&Khd@5Nt_e}`+=%i$R4vA2g`JnbzH(yQc4TqOSXbtV8OZl>- zreR}+AGIvqTbA6#Ch|rvNoqWC5QMD%&+qsg2T_7>rUJxf#g zc7AJ5K4+vWW;Q1mVYn@4m26tBAb^3KD-<*pF%L8Z-~lIWk$%NFVQ=l$^U^zsm zTw0)6obUBki0?H|Gq~o~TitxGk9kXNn$54Nx47okD+j$Lm!5NPIP7$I>xwyFCv0v9 zy{5f>$o89r-61+Lj9XmRCsC=IG?ng9oN$+(Ms+mQ0HM+7)whv0h6}P8|ey zu!X3ZsY!p(NT=6gN5Lpe>O2blCf#m@f+G|QYBrNe=ko<9+(4NrAF#I`w^|^KB>Znt zYuNMmNe9ivHX^7uEJSX+f=HaXs7RcJEfT#gwXP9YRV9RW6p5124Igqa+Qtw};~_J+qik0Z;W z$B6d{evAZU`!(AlK0SY#n**nEiynRcsZ3aYXS-4mRCB4xs67@`GxpZik?}no(v#kj z%^G0gfn#q)kdv1^5g16LYaqK$drNiJj(^Yx1mx8njFa9{jaBT!c;nR`Hcxs>bF51L zG8?=`R|trS&2?z7eK3K*2cL;;`_8uC-1d*Qy}#{^ZS8FjZ<7apd*GMx-haOT_V^Fc zXn&tUA^HfCIyu`>*;e_m@ULpU60*F?_cJ((-??X6KEE>6@l9n|si+PVrrf5izZZji}{M2L)c|GtD99Bp#ya}Q^=U`JW)-T^7?w; z=hKynqG}M;OJ{uI- zA6#kVCBMd7ecvcv<>ZkLWiKuMdoEkmNjOGw`fbcuORueFIZSR!5%o3Ips!lf_WrryuG znnwXd-+~m?NrGd-VmWhZ%U8NMCVRc*TPVU@y!4g90L9fzrdVw7?w(^@BnSiq0s;Yn zfIuJ?1GRc%_`ZG{Y{BIlXo}C}-;=FE?35?bPSeE#*n%YmG_a}3h{v5avwB*A3({M? z<(>2^&K7)ocOh4(fKJatL2h|RR})Z>Ti#An_}l934x?~+8_nR1!neB_g|~RiTWL0b z$G?3mYz18yHPl`n@|F{n$oMh~vK@Q-idlt`0tm|Z+XxWROu9(jxb>ta0oSa{a4e)0 zrYb3gNRHMr@eDH}HX@K@%%ZhlV;d4nZWg~R#4Zals}QPml)N>#Z^mwpoxXYJ?K>XZ{_M7IZvEq}A4`mnn8WW3{mS5P4vq}m-*0buvF~F1KgIXN zPH*tX@b(cei89X2UVo3rO&8jZbJA49s#ZbqM!9=bi%B(?g%jo;?}*4r7YYSu%DUNVpZ2GZ*f_F%1T9)sO;%eL!;<1QTq>pjBNqgqI&Gt@P4x8H1a3^^Hy z>r2`Ay?uRsr#E>pRqq}$m`vng&S;H>Hr`s4PQn_^t`l43sG;PO>0D7Q_Bs?*^T`Yp z7ci82`nGJjYm)o~Xyo?hYQ2G?3mX6XCjISdHlS{&qyP&T20gideC9@edlg`HP z>g(^{vB`shriesF<3vu(A+xHrYtRX>7tGdFvu0Z^Rd}7KH(@|2O>t{S=>#*`A`+vh ziOVK4xlE}Lv7xfbY_X)~OK}Nf{mo4t>x{RD43#*d@7+)#hY63IJ|UfUps*P=mP|5} zEnw<;4~GoKg1k(855fg}eUryxdAt2Z*n7%7HFXqo)3PA1;}7k%j=FR*3rEU@h|#2z zxtxk|#&;t`z~Uy4rsnM;qltE;+{Mkd^*Qi5m;^LxdemfAEkO$0J3VSL2anN8I=%~G z0%kUOK<9_O+sKF(BG+0lqRx3oBu?#y)^=y@mh~*exyKHkgi#%_zGp7mov6_&$!r0k zD?q$<&ZE&l9|0a*t_HH4AjdmN&&kA;gPzUCx4~(xpgGwoxQ_1<) zGbZHZGsRp%iQfWO`kU|MMHIc#v95qXbjRKbVUw zQVt;j3M2%~4mkcVZ}OmQZyOm@^a1gxMS0JRLr&Sv%;5srVNqj3^c0-q#eDCW5IrS_ zNEAwZ8=U{&zR6>H%1e+j-5NPjI3OaT4Plib5K10V>Ny;t5Dq_!{b&H6@9yRm^AO{lfo0z!!f60s;YnfIvVXAP^7; z2m}NI0s(=5KtLcM5D*9m1Ox&C0fB%(Kp-Fx5C{ka1Ofs9fq+0jARrJB2nYlO0s;Yn zfIvVXAP^7;2m}NI0s(=5KtLcM5D*9m1Ox&C0fB%(Kp-Fx5C{ka1Ofs9fq+0jARrJB z2nYlO0s;YnfIvVXAP^7;2m}NI0s(=5KtLcM5D*9m1Ox&C0fB%(Kp-Fx5C{ka1Ofs9 zfq+0jARrJB2nYlO0s;YnfIvVXAP^7;2m}NI0s(=5KtLcM5D*9m1Ox&C0fB%(Kp-Fx z5C{ka1Ofs9fq+0jAh7ueY#)9-c2oT8v2DM&ZF$>E+iKgM*mlRZk*$9^Yz#jz^hZPg zdgz^j=LW2SGyVT1{`KJJjriI4Q}GAmL$N=L{rhdwwjHrW{DlAfS@@U8fA{}%{NBin zYn=GcuW^0frRrY(UT>u`6uY%A{+fNnaoT45xsN~hoNm`@TGKK2J!zQ>(v&q**Y+nK zXtvCU9?)&Wl=PbBI1k>nsMTwCJ(NhemRmE&q!YH|Se2S7O`SL{O*Gndv!%I~-AGu* zn53GfY25QdPO*NlvwlveVTb9;H>UKRBPFrrl4U#*Hg=E*8ZP#p#(lvuowX6z$ zA7%CGb)!?+xLvPn4dbZQ0BUd9yYq)lI`{*As~cQe+oA^gxR2h{W^HSG^UD z?xFMd^F4IKCatL*-pc0&$!^`w8`^=C>8_OFFYfkMK1;jv%3fY-=jtszfeq{)sF^KS z8n+u&Yi7OeUA1bMqOpW5oh38KriA`;8c1QI`IE%5rF}rF;Z9@MtI~nvha{}e=?1p! z*fC3Q*^XUx%kmkv_{#FsqEojU<yz8nFXv~Y#$tXO2S=iVxwq{ z#h&Gw_g0>vOXeBAJcgzZlifgCW7}am5xo(x*vegtZPy8J4HS!QF}_O|tY}ss@HYa1o4u7&bT{70cH`n5r$8QM zaAZt{kBr4T)85KSnsS;K+*37-Vph)=WlgQ-*6Sa-3%HdvNhK&>M9bxggkV{T6TK7|s3! z|L#^0pRNV^?d1o(m7|O*ws_tZQ^gbKnl;;UDS0~nMbNhxGYRW+M0m|9g)%xvB)8hJfk zEavodUNO~5p_o=xEvM#-*@w->yw$QBghoGNJg6!Py+S**IcdLzo3!PaNy|-bUb7KI zIPlZk^dUnC5}91|gf=I{cP8Nz`G;%t)gYa;-4JPCNGYY1n%gWA-6y;x>4b(ijoTs7 z&m1{^X7c2reNq2Uw6{(k8tiT_3%d18

+gqCPv+?QR=UD9P@kiov{EqlY>@Q+}5c`Ap)3FOz-HDA=u(GjY zAE;70yk&JTc57dJ`w_=!o3XDBzxb@TtPGK)FX=pO=X1~LcCDs09dqB4mboBJ)HKIE zP%~SuG;TMl*3ACI1I?EC&;z<{n39fM=fS%cwR-KYhZ2dZRddbOSVET0w$0Y!SVF=d z`p;>{ZCQ;OmcrAI;VV@#C}96u!0?3w9?RyW6vS$fNM?5bOq&sYt^UU16t z)S^?j8|Bnw(`;$3WjC}M`G~eb+F^AWnyV#GXf4!xq^`}FWBW$SqGja07@l#3joEg-}iXNLfarz)h=bt`#Wa`Ld==aIfr;bie zK29pzPe);qcBh+~J3F>-ygXJem)nlna`6B1DEV&x{shKko*N_MbzIGvl`E#^I`U|O z4qiGoB~4bVmTpQXTDH;FU1_SREi{0iG=Xkd4e2y0lnz;~M6+etEz4aTlhTQnsgZdi z7}u>v+cljrNlCbiO><1r8jFbsQe@5^dLTvSFY)~IpYxVeboS4u`0Ni&AJ%FPnzbFv zwdPG{I?-;-HSC2(A~AiWfw?sumvrN(JtG~q%$k7`<95BSHH@QH!%Q&XLn&Bv$*x7W z>-)TAnYB8{TkSh!x~A?r=%fUA^tP*2YIKr${z zq%(HQxDW8?X6-)of5B`uZL8tp-|b4xa%O>--IAWP9Lv7lTfUF>>2BVE8z0jgyCEH2 zZ0NH^Z~0R+Q{$O~8=s9>tl#}WZF$idfq+2ZBaHwK*n7hV>{sqgd&{4sDW};9_LV(K zCSA={D;e1+LlcUKd4 zeB4{Ui>BPc3*WxLZs|L`xdwIrfI&KFUxpK2*>$iBz63zYu&%Ra1g$dyj+I*>T7S zr5pUehTB(iZA!WrW(^lAtWZFkmgVLoagQE<1PwB6YR z=rc@FT2V_WrIgAjiMnlARm;T8&_q>9WmJ$dRnQs@V96*(S(Sk3grd3_e6f$Nh zo2#ZvdHvG0Sglfk#V6@D4VfmTWygTg;?^bC{fK!9u`ej?nl1{tJzgf+X|R5l*MaM{s)hU!LYKh#DSfwK2&* z@e@7ok?ljp*vDi4Di&Xe{j0?9C4MdOjl^4t#l(0*P3%f+8QL=V2ZKK|_~V1~{lC=z z_xs=JpNfBf@bmH5U-oDF?}+_Q>?gMTc7K2Db3;W`w))Rc#CEMtV!xy8Q_(qBmwI0E zmNWEL^ZX~)4bH5V&gCCWXVkn>Dx~$iW-5hhA*&P>rK+W|$hJ=vvOm=~|_f ztLREGUBTur=BpJ=&lU89e;|@WFj==-P3$&PPvT-oRjo!r#txJ55AyUeTR@nuY(VpFpwE{}tnW9GBcM1x#| zhC~y|Kk2ocHdM7>W=pb}$Jv|J3%Xn})T*p!bVbb;3Wcm*jJ|<+wYV)-RU3JUuYI$) zxXo~JQ3UnHN(NV_lVWwGR3)EL3h81#S1P4*=}e)Jzr^)cOsQ&0EhJoRCfGxo>uUO3 z(!k}`aLj3QUc+mYoprLrGhJ25_`j!An*58%(!M;f(bqwEX}j)8Ra zC#w(2(MfB3bseM`@&`vQvL9QW9d+oa-~kw&Gbo+7$|D5}`7ye-pX2NJ27lXJ=4@k= z90_ldcXlA<(XN!?7gcZh5xQ+&eu6jm(O{>A*Gg!mP-a(%>lQAyuX{lR%Z0Giy4J!a znPD3_KssD7LONa^7i_P$e3;JT!+g#nm|*-0!<0{SP5G{*w|t1E9OEAcysWiOrCr|g zIQ`<2{EHjI|Y)nfT?bxtNneOherox$gK{>Poaw)5?sU))(w{B`1Y z6Z;dlj$9o2-JyRm^v%JGeOmBSiT}6wH~a4Gdpz!JJrUR9+Td3Qzk0R(_{e@A|7PsI zjSdcT@$HS4{jijK1sA*MUB zcu-XoeuZwZ{i>SR3+a-kfg4xIqUl00tEIE)Tp^vwYejS;4Gx}e=vl2;Dk^y;qndi5 zs#eTO#en1>qJ96e4nO`bgMZR=eJNi$ZdFEKJY8(@oDqa(R?y^Mm7^KyvBzdCQ-phsui% zqv_ubm`vAyU4PeBG~Qy<6d?W_V5xFw$rDYou42K4p?k?$UH+0xva7s}I{dTDW%JLT@s`VUPS5Y>%RhpFMt9(q ztB`%BYaQ)6pYfJIP22SNJOAB)?*?IH=l1QozrGu{AcSwB8xXv|r|C#I@9*6%-rq5A z`6&kE2nTZT>ZTRyXrK77kY=Kv0s(=*bwmIx)hT)waZc+y;Iu;Wh)erq_^^G4uvDL* zDg3B?XU|4NwRmZrpkHy8>N~sh)vRI|dbJ3a>T#OIS*q{&EYatOt-A)}1OH**2ZrwK|CKFg2LE{Q-}L?HwoecK^5FZy&-V{D28)C8;F+O; zp+|;tL%HjSqG;-G1_I{`-ts)7IG$mb^Lqi24?U_`s3FZIn|d8;hD-$mkNE=80LUmQ zD47w}ec7nhppXG=Ke?{e7NAHMymeE7GRF+q2ki=d`yMy#bmp9rI&}2tNz?!xHlMa% zS9Gm{rI3MMr;2AWUZ;7b=+(SshxYxYM|j^qdQ>+|I)F1E&ZNn+6m<7}caL7m&SI)V zDUK8EMrfiUC$0heED`2=fBrmZn4E;bHF1=VrFR(XiGs!tZ72`0X!t8>qgi! zhNKxV<*>k&!OEH^8lHBI^Io{hC`@83*hPRD6Jl~CxPBW|(X)x#W&yNa+6V`H}f$BBzBm<25b&dW5p_^TCBk&U@D0A ztldI;z!laR1XobNHa+_}1^iwY1-#E&ZqVEVyvf0}XK3&*W9{pH_JB#SNIS@de(!ZN z2_W=4N3*%m?>#E?!7@ z0v~b&K&)GI>vLlLT|%r={fF7`iSRBV)@Nvn&llOV5g`MJ^(y^}6YKBp&KYVc12xnf zh;@Tzabo>lpIFCHsM8F76u#Si6n@NGuF&k;*-`%Pt&H)CiI~6slkuhR@s=0pZT7m# zua+wo{H%Q?QK61mC}}19C7YE(8u}*C+t>2xqO6z&NG)^GI1WD|JxM5Ql;iB@FTKJqKETl)T9U*A9N`^m%uJ12J* zM}BO?8h$VF3y}La5?@TThKBooJFz!0Jo0~!e0%3VPkcS`?}DFy>7Ocz;9q`<_`g74 zT?DZ1lywWN${hI>+?Zbo-~acVRodgx)ByOX&S8 zzJ#a^9}W>%@;gKjFH0?GgW=?(cTm2XG1H}DK{hIB7?A1Y4l3qhMV18*u9VXX_$&I# zfL1`q#PI-3y9`M89Svspb#0Ltg3$&g9GDuMH^4IMJ}B!qn6m)Mu=O^5VD9I71`fWc z5xX+uIrC4Jfg0|xe-H7G;eC)ti}5C%)VjfeAM zSV4}Q{c4XrqMA~&>!>b-EGV7^DO87WjbrKA>kLVact1J}TaY0eVGo zGo|-$y!1i2*SpY9zu{&w?+>nh2fZEJ=HHmNdKYdAUzG3fF6MHoSVmJAtVgE;&k9C!~6DdPoDZ3KiiQU-s)y>|8kJBRj3I9HM!Yk>WTK}Q0 za^e?(fIvVXa2W`IJNQEQXnBtuEyWz<1>YAwl-|1&by}BE@0Ax#dlzn|P4m{0WZd$jy)24WcZI_T{-%ghMxc z9xfOdfirR&B5QbGqq0U$4*MLTljaPOQ7%%ECEh>~E=tg|CGS4S{;1K+ePL0i-E!~{ zYZ1R6WF*{44i!sws?w<^9h5>9Au%YvMUBKE4H;aejmIP$fv|p4@*0ZxHN5PS#Mey? zzJQBN#XuhcO zKj{^#rc*;OksYTvm!`PB%TLoReVS&|*Xd~*qR`iTcfyeXv}VJvPNbytRS9$julEj( zpv*r&K@_Z2_{w!AS zz0Ni%1#E`97z2Q_8J4dRo1yFEz|)9%gyT=FW%9&gPT>5M;q!P3?qLsWE-qY-;1sOd zq1WZfkG_5)OhYa2da>$V*iHNTrTh72>ib~c*|@Ae==ZhsfxfH3Cb@%7K4+6GZ-7lA zdlz=mZyx81WAGB^MJzV3b(1!@s8%2#5D*A_SPpQ=9>$81t_Bnl@?t9q(*?Oq&hQ57?|DO1x#J^7b z>uWz=@2qzrM=$-C_+9X|>r6pkt*3nInVvq6iKuR$)p1b|&FO_%TdP~toEL_PlPzn8 z=;{)7z;WV?zmt7QJH#`zrj9-QRq0XpXJe_$m`jKn9->z-*JAtH?m|h)DpfNBnfwLj zKZt9weJvzvU>=0HsNrkfqK2Ei3(TDmSLpp3SLnUKd;)O-_G^TsWzK;7l;M_lfjRm) zKg9@vuU(p=ouZ=mtI_*LKQdu*^=rG%Lzt3gq%~K${#u~NO*j>SvJ{aRv5EG*4ilzD z6|c;|)SpQ$@%WT9q_^;G&9>kunea$bM8H3f6$3UIbO^K>ORltCB2p#7Ro`JiH!EkC zcYy_^@O#WdH|pwRKi9K^xZ3vBp*-SW>aV~vQS0s(=*2M+;AM_JSjE*)JaB8+Sr z=h^M(C1g-aHe_iTjkj;moG{fb`=%e$*;LC@r~|9^XL0^Y`X-w6ZY1%jk# z$%kxOp~tdpQ;dd~!43MPE?coK>#*VkE5*q zaUFjmO^K6#oR`M!43v}yCTX*d0nZM)BQyY2UTj~UDW!vhql_!uIQ zfp=!!<3I25KYxEo!_mO-^ZC*6Gq$6F!RYg&;b)vj1FX;tFP~eXe}-70eZIiuw;pl5 z9(fd4ngZuWj0T@JNg%R56=WBryUDSwvFe z`Iy`c)X`gkb6LVC5I{yb1u)NHs{Pg3f5MX_5m7D-SV@3RCc?-ORjR@{P%kRtNo@vL zK4V%%1XMinH-pAR!j?GKi;$+#_xIECNXlSW?NDCgx;K5n})s7t=X8 ziPQv9Nz)L9kVeu3%Tvvu==cgu597Oa!6D?MK9JS*valzrs3QHFJ-=dj5WC|M}T_j0-8o z>uY=!TN?dqG9}FbWu+m##)>9mPv|D!roboty$bdH|7PdK&PTg~op-hW_t5W$ex-db z@Sg+!G4QF-7elXv9oT3(xs4nj{Upzj^|x{mr?+8tSMjr5Cmw3 zf5G{{*PMJHR0Is@f~yE#qbh=Pj~N#Z(WUrN&R4#+>I2mtaK;_*iNt*jq2MG32T!*{ zkJ(64Nk$ZS`X{wGz>bqySxl?g^V3o~m&S3BS99tLd{E5XM)rs_JD#9Y8DozAL}`%2 z6?BJso8mhS5MW*t2vuL=khF(^9o-46L|s!5jc#RJkW(=!k&MOS2{{sv##6HFb_^}) zTpclS{v7_+ZqR!>grm@aRfJkU>bx)H`1&7T4F{5?ujB6Z$!BQ(NV~rS%dXJi#m^rY zJqnWaJ3X?m#Zvjpy|Z4GQ9sf%Wl$XHV}gQ>|f zu?iV7A8X&UweNK1SywRKtnZj(+gV!!2M-;yYUTQMvWq#g$I|?*<}};Btp0n2dv(o6 zq#j0E#2?cZ|ysb3lCA9%06DVLv!1>p~j30 zEYHT{{C)?xhwb2~KiK}#_u$p=D$p1mw`+`E>tD$!360S)yT<6XEovNjh!RM_28|Je z$TClMQ)2{e6@w7vR)E)tU4Ws6nkB)mzLfxdTyW%?d9APa)2;niLj&(wj{+VA-l-IT z@_dBuRa|*KN0jH$C^nx5X|ZXPB+By#>|5bnzqSIs9LRQUq6T_8PWZY5H@5^kdQ-i( zcU&L*?e^ac?rYx@xVhsWJHFlVMeB2^<8vLac0Air=s1B#tUvpAtI+%MmY_h#fA!tF z+K#+5U|h&jKIUVb=Xw2Y%p@6?$E0Gxb;IPNp`2K z&Q2l}!@Tx13H7jkOw;_V}jxhUGt!NtoVm5MG#Tt-3ohohwh8auspqUQ+O7+ga<**$P3k3X ztY*Wfbe+05n7?cI&-GoN)=oK|oYc{Giwb~~Km?6h%XHRJDeMcmqDdgD%h1W6oK)B_ zmk?DZl+&ZtaUe&GBg^!#5Dy_?Gb|RP%GlT_ED^)PD1z;6Wh9d<^0q1r!jD8pkm)rn zJUUg#oviu#5M_`e97Votq?W*Urz|vqh$G$R4ipQ~Ny{2Mpdie?M7@oc^qH@93bTlX zUfmleX+Q73Hw?wo{h{Zdf8MyjQhdx7n4Iyti+r@6U^&naj5_oKuUkUb1RwMAp;4QwxtKE9to=X`QG}~**M$nux0n>kiP3zX;K0dwF&j-JMF|P)RV69MG*u3-zg^R2XM4^#iD%;KIqbwS;>Zcz!!L=&@@ zJFJGfiM4sW!~nxgcO3Zb1NR@O@eLSQ2aOBQFkzsJG0SgQ%&WWp>R^G)r0W?EN1gEGs;fY)ymHG5w3 z`R5hm0?RBhEAuJhBCuLBZtzJ#>+Cy_0%=Y#c_LAi75@$07b7=C69%$@t0z3%igd*wsMg*-haJr-K>yUWV&3)m&XuHmT;TGBW|duyWg@|)Ri;yMMGiDl2Lz&88zxl-R&E!Lv|BK z-E%c-NBxDG;iK+~%?46;#WIJ~m75lkx?Qg^{_dZCvr6+R3s6STzDJ@GmC&jQnWU^_uMvzbAV zI5fV9m*RRFFHDJsKp8g(GreE)_1d_I_ZSx{^n`ma=PBFk*kat(_lZ`(N^P zp6dJ`o!{*I&CU;Y-r4!F)}L<8wr*|vjh1=;AGUq8?Ro!8-EXvMZF}3qwp-hL!M|_) zp84s{w*D2$ZngE1enqw3UlSDAXUz37p_O~MUbKYPWj$P@X*g=fQ^{mPiYFp+GI8d( zG1pCNJIAq|F20Rr(Z$?E0ir;KNTAg-lkLdC-2!ni1xh{;1*@afvD7A_4U;D_IP?(r z1;qyb;Fh}G+Ei+fJCPcYQLP97Mrvbk${Uq{UX#uVyT%JeRe(n;u{zr9vCSubE*o=Q zY?^SP@}i62N&}&4`RkYigC1I?7<;cV*Gab=ZriGM23>Y_ua6$UC(MQwYd>niXvR883)Hs%=0^C7n3U9@|!x)ZqV^S*}dh_A#A#@uGR zfN=4)&Bh#qh~|RH#VxTYqM);?mcq>r$mxr>-e}A*h*d5}T&&3va}05t%Mllya>NbB z+(z20xf*$5CbYm%wYijY5qhP$9!Cd*ZGXHH=hZm}fcC|{&M&mw+{EtV-Re=`T|t3} zF?SPPUtD`}u|J!L#}%j{#HgH;5WbaE#B@9t5u?dSBAbe;iC9|2Q-1qXZ}hLkK7p+T z%7@JXKi^v3*b<8*H7$a3`X=K7OJ!pkPd1zCY-|7l`v&mFZJpm($p&zNp;7aVo=O433&_SZ~xetP2dfpKn-iI5(``UkZHcT`?cLLB5SB@M5ZiH1uPAm9c*AZrps;t1z>@kTz^HJGt6+% z!PqnFA_G8{Yic?>XHW14Y@9t0PGpbR;0Mew#=(r8sbAcBS&L+(=*x25@5q{2Hy2^q zIVLqrts3)+qo76tVRT8 z2051!v$?2-oS)fzJTE6A2v>I3gxlioYWgf1Lrt=sAwijjWZh;=H^WSWXDI8J`|4g? zCvHm?#VUZ*_Y|_Rh1oBblPnj>DhWBKq|}HMl~qNRa`~LB#*;}2@F9_?mdYk&NzI0f zg)CfcNvwAmlpz@8Lz6Ri?3WX9Dz%D&iT<#nX0>QCpN(i*K9$G+!1XAJR5}mM0Vo@Z z0h%PQ$x$gDr_BPlAA*@4u2C#(!$4=nSzvAF#>0@)R3h!MzNO{2Qs3ZlT`mGLh4n3& zTGzf2g+rJTZj|M9hlezvW%OKlU+Gl&q$chmiiyXjD?4WD@QHhK9yMi4cor^Qlb)_F!@7z0EDt1EFTs`ggB6I zrG0{ULU_2K0%|}I_mpyiYb1KfdSqIV1rbpD?)TBE>ua^$?WXfJb*v_v-ME*&06oPv zx~098W6Z^ZrGZ<~>RO9M{nlL0Z;4(tEadg+)oPb;*ACye&13Q%`d^5qci2VK1){Cm z>L>}GnKb5Zr>p23SJ*AQjWy4UsF4Q-Gk`(BHbnk|J&yeML1`GKu2BM=w_ zYlEauVxzM?Ih_$?@)J84yIHVTPxiTnddaP|Dwl{lVlhK2;jpg8n`*$A6X-M;;Txxm zPFgr#I$0`DmoQ~+b4;1OqsAP|Lov(Id=@MP^VKkJea0NiBEfyB79474*_hixyTOry z7ur`qB%iPK58k0`+Z&cg0gnRjLJIV>Zi4-PyD#_$!T%Wiso-qzkzhKwwdJdAa?8%P z)|L(aGp+xn^*{Ny_uSh$*LtqC)Oxh_J*_`z>oY&C-)+0CMMuU-@^fhS zzGK_>8*?n#z${mazuA6O1Z@45&rFU4yB7mF;nuP@`+*${K*NMACKLrqI29o-Sp~qk zax|S+-Oh;Qo2~oqH4R+3C0kuEle4M@e7XVPEU@#@sGi$^*aN zq=8@2Ta7uE?!oNo#$)5<2}Osxvii(PE%?2_JAW^964d+kj-~+CfoNX`3uGOn5?C}l z?2BdrNJn!lp8(%27W!ABvd3=0(hcz4Vqr^KOGUJVmQ%1>unYoxw^*?47I)LO`5Ihs z?iM#0b1c08x2`W()^$j52j9^z%Nv|W0gnRLhyrIHFy`)|jQd9>IP14+E9h0RYz&8b z1+1C7ee{~Jsm&TvuTrS8Oll79%rc?b>}5G5et=P~pcF?Hn*N+>R_*3ADSBZEf=%FSkA8`&P$89r5yq*!p8wy>@8jEc8Ix48U)A`f! z%kiUxU$lRgxr6r;rSRj&J)um5dpp56~uz-ZwExNo%i7CqzJWHcBzUN?v=0E;%jyXD zER9{2t_db6hEvT=P+xY@H67Lvtx{oW9g(%Dsvj}t-p90%JX-q8ma@raEVK2xP}8MN z7pmjHyR%%KfQZM(0TbLlRx8)9eA!_vv)l!DE2V-~M8bw~rG(kTLo{{>N6J|!K+E{A ziae%M+B3qy-ookaNn`F|DyEGx?&!<**bQ4BT`1e}xNoE5=$H)}bB9?UKg?^R`q$xb zczSwzNTof?@{SF`XNq`Qjfpb+X5?fzN@9&CiH8~8Ek%ptL24(KRzoaj^Ha#7NxW&q z@$$4-sEW|ei4zLEcA&L|?vY&46uqETAp0J&%f4SGil>8)l3>TbYc3EEH9X>|q0i?F zY7QEBKRgO}6!0kEQNW{sM*)ulYe9jYmb-j6`G42fo9#_(_=gRDvEj!yNE`Y$boU$y zZR-5z&Ohn=YUdX_pY9y(d^qrTfnN=b1`hat*ZB$jLg2N)rvfhoDuMS0_6D{FuJivZ z`K(3n7ONu=^FO@UwRdm%^Ty=_W06^?w*QQaNU@$s78{Jqc0;QFOy7?fm$`AA0ap0W zSn>*jp|mP7jDuOHK;`%jle!gu0dqe@47gX00ooiu9cm$;N0Qc3m0QP!u}XPrQoq}{ z%*1RMx+r1?GvraFG8;r}$OM=-&{IeXCDQV5 z^29jOY!m@Y1H~!Ma}xh1oGK`SS~^XWv>+X(uo6Ck)xs+(8+$XfKK>-RkccZW}+BA zgcd3Xj_xd!;LC^j$z6J32<6RBAt#7LBUIOl!&sH5ojG|gaL^}bkC%n zIBlbyn4J-)baDqMM>LtWgz`JJnJHm6>ehD%Wj&`7J?O*~FnDI{!Gy9DjwGB|jA_!k z6mv6=s#;zv>Ds7v3aU>UX=t;ZT6)xan<=KgX?Nto%h1NMkVqE5OT(ucKvlb8UUc`dB zU&C96sjaFJW|Xj~ye7hi79AHWjTY6}xN(^U5*m*)K6BRc6kfC0v@Y`qo0UDl%RdXX z_GNp3mwz_+gmIb0cg=3+gS$F&Y6IZi0pqg3gqTj=fQt~*%p1ZO>=8%)*}nUY%l%Xi zU|t*k*+8=!#(;5|1sAc1C;#lm#g|^%xXeP0SXillw!Mj65eJU4_@T1~S9(xKPwQuV z-IeYqyAO6f*EZ9pwC!x$-nOCj8?C?DI*&`A^qumlzL@Wft-1B>6x{S$Y>jzeJqmaf zcz00%{Pb?RM>Fqx{~79a96_<&DW4Z7vB%qe`u%4Jn{5wW@So|Aq*6&OEyu*12CVW} zG@chzvJ@BN>1aBND^fB}*lc^~g8$5xsGQ8@V)gg!GFfaX4^v-{AU{2Y!>Lo2?MY93iYCc&N~rVTbpG>bO^S(^giKKy#Mr zTUYqdp3^xv^NeZ2vC0%=Sd}_AQ9$%%Yk;>bfzj5NYl)7NyiFp87ukqtCmBR-xuVyT z8aI>GEr<$1wh`zwps6{B1v#$MA~%p1!2#^eRrmV|ywm+cY!O*+J}7Jn`G)S3(dqR15N_Z~;(ba^gwjqfxyS6{Z}WVSB%oVnR#%-tqa z+ivVnTRpZ9+uUvzX@rf5lDf9fWY}(KZ8Y|Z`6h$vu+1#t6Iz$KIcCq&+)U=?6*Fly zD3+)_U$gs61K*?+;e1KvIC6AP!Ao>l08|)FAH9Oq%{{%J^KESVj<5Gv@BJG-x8cut6KUW#h_OUc7GwE{jO=c* zDkgw;n2ab9P0a)G;WA5x%VN0wXSZaL_%to$(s`&&j?*Ss47dNRO>J_FUSKiY{1=gD zog(2V)VRrnePKY?;7f(u4wkEjwd#yQp^MAJIH_;9^bva?!qrp{>9CY0ra=>DbR~v9 z%p%HEi9$`Kz;m}@EX83&Wg+Zvos55@Sz=|K8MT2z*ASk~*F}uWOu)2^hURlNWavW( zTtQ{Uy@jH75OF@RA1+k^eTnvVZPF$l9mGsB!AoncvWIMqHa>*uCz6TC!#-=zLd~OO zi`r66>Ml*1k1f$CyzuNz+63zXnbzsKrCUI5a=9k*N321074K7w9=_Uh3E-O)kXs? zww6a7Tg!EbWzw)09;T({UPwe&dz6p=Z1AjRTs}y*pYv(H{k)AuSDqzl)pGE5Dm@R_ zVp1Vs+82#o+GFQZ51VWE-?w zW+_2mzE&)?`Z|{oJgH6s0b)*koR z+)D%}xW1KX7IDYmx6`h;b6Su-#Y$V z#~%R)@ZYzNwH|Nz$ABETEzskC-TCqPTE4XAjH_3nMS)S{^7G6wMr14DWlLGiB48^g z%T!5OuGB15uuQ>rB!%N)c8$1=mElKU(s6_qXG9J#CqgTU(-Z6OIr|y-GC2dEb(9bX zpl4V&xC7A3S9b(9XvN`MlcP;?-oroxD?hszHyzi_6x;~GytCr z;{x42bi%H1{)BKDGs2!@Cj^9CBN~A0v~avbCJNX&kiQR}XvCLMLku-8fmdnaT5kP^bzbxt z!;4Lw0PTOD0%Y6~!@-!{sa^=hXtq7B4 zT`z#K6_}!3Kma+6nZi`5SXNZgxO|E}^$4Hw8y_iD3dj(G|I8?*@~L_^N6>f5PT!Z? z-KzEZ0)JsGEANX(fp;7QpzoQa>wtUDoU`;jWm?Snt8+x(Q=%n&U7qV#BGFVfu1au| ziKy^Khr^7LNG8Oj5|7H+s462R9`rpE^eL|IIk!cTQqgE4l9ZtDIY}>Zea|_YzUL`= zfp0nI8uUE{dYS8c&M|!te9_10PW3U3@0hFB_qgq}RF$)m5xc8$*6~DH!XHL0=k%e8 zLatKQ5iv*4daVSP@G$q47Gd4P9vZgG%Sa$(UL`)^5T|jwcB)D+h`Ij8Gz8mxln-j< zNc6N6)`_#a!_%E4ZM7Oik{g=Y)^gz{ZH-OmB7>TdTl^lpd3DoT81np9Xp1;Mlnbt)^A^MqULsk zE}_k#H!yw9B2{p1XK78+pb*xE^GZ?I8oFRUzeFdvN~xg|n{KJ5RpR6zj97hP#93&z z4E2)zUb8sTsOp)0%D6m6_m4BX`2Jxr&1=4luE7E_n^70CVD4J*Ry!8Z>HzT@MW;H@`g^rdfm**9@UE^UrSia@b$7} zLsqviaw2|Ks~DeCq!iOX}~i|MuT|)p-oN{>h)P zSINE`qA}l1C;JQg*kr%STK~3lZt+ZgD^8iW+PqOAb4g$8?(8kA57U%_&Qx?=r&^CT z($OpNDBw}Rqrj>tu)(-!PfqT?0aE8hmX@4Loj3H$si>CJl$5CCVp%bki$uk=qUA&g zoG8&^lC0!58yBCaybPB*Z`hJe=i`xVEDJ}5iw?!*4Y%HCTx5z%E{EPwlS3~)Lu=u3 z=nYOebfa-`hF)g)ivAlm7t7Nx?Kdu-rpL&Sb+BXPhEG{6#r61^gCk>niFi2Wb9kCsUZjC7X7BA14i5I84cMg{of5J6P5#7L6Z6t?m) zB;W;XVvzwS!r^edtm-0inTY%;_#4y$l;L4Jt^h&uVMQ5Z@ejg@vO<6)Cm=(f(ulzp z?g=jPoGwYxG#A@=JOkQ(%n4 z>BZnC_N`gw>=Q&ET+(3l2LLJDW2#dnO&t>U<>4AYRP;wDi&LeOJA{1#0Ti0R3{w#& zK*9@jqSptU5S(N{{YkjaR(9B41HlHs+Bf}bSf~%p(gP6C8DSicl52Px)zYWKwx@?o zRRXGLluLWR=KEi(+DqU54{b2!yX+F_O^{LNLynT*3u$A%lgX$GXWOr_jLJL%R_%(g zq7VVMG@nQY%JL)=w{!q7Z#$j2Z(C*{GcY!ZE063to*6z0rQbBxX$F6_hz0yO!Jraq z4hzR8A(d#E?L+1l>cQaF?3%Z9&)~A6Y-7UB<0HESCXLucT6swicUbHi42Vw}^Fca! zX2X2)xLCKaCy;ccE3|6?p%^EVZFytPb~xs2-vh>cJ1yaki8onxN4-3OdCS$&hR>5`PH&JhbL1Vs^mhR!BaY$%&EE7#MB_oLiGe}2_mqQxB&-?kH4mZ|gsuwAYSdl_a8VH=}y zEuT#%VxpE%;$kcblW8`aLpru}A|a>ZV4G8F6Ko?O`D&~o7_u=So(nZz5?xW?k(z~` zwsNWf3prwOs~kc{7+`upp*)2mqBtg|UBIZE(ro^wc3Zd`mk0j^BuoSfV2*`-+OlxS zlC)lKq&3!!d5<>mUl}-9kg;YmF04*w8mE8O{nB`qXql~RrmECrt`=zyewNlF=B<>W zBv~bEwK*;wJ#ZA;(IHD=U}S)=ZkCGxHdMQ}-L#=AXcraP=b z9kJ+6k!E((nWILblq*gF#c7hTTM$@EW~dwZE@H{T5;5~d>L%C4L5CX7hE2wmP4+GJ zJoo*)vXPc@z4>|YBv-C;lmuT08drMh>ORNay3W6ic@mq`CP^e>&2P**9uCN7b*;dh z%P8UgngbwdDR@ho1-FC4X=a-?mWIS1#N6) zn0QMrm>rnEKb-+!XqyMHMts8$$YUo zk*o2`qy?K|;5qQm@PRGq&nd-XO|T$$frV#ot@Usxcfz@vai0gnP61w0CP6!0kEQNW{sM*)ul9tAuKcogs`;8DP%fJXt30v-iC z3V0OoDBw}Rqku;Nj{@&J3iSA&^=F_*y;1*+sKG72uScw zf6&)Dl0(FLp*kZR(FnW{1(i8?Z1>S2wNMpy(^S0xFVe?xy;>;%{=FDzk4OFY5dGKue3X&SQFRHb%xY>N+M{u9U;&X{~Z}Tmv`|Vq%fd z332N**(hFHY0Pbaks%r5OU4=p7#WHrBGFjd_vJuq>)q=-z}bznkv@!Yw!?LZ`>a@Z z0_{a#m?rE-g7O?PAI;#KGFB?<)k2O&&es zj;4HX2HM&J>pbjJvl4l)1beb^RW^dB>{q5rNX%fpTHS4E(oiHCO{JraZ&VtJ#uKr4 z(zk%2{mD8HtvWkIhIYtxXtpVP95L<%WUvx;jTew^;xGf%b{UwQ#=z3iMB_Wdm1sPL zi@uA2_VzEV^T4vRJIKJ^>pHL_GgBvp+TP+ej1<;YQjW(P-jAFbil$<6BISD{(9!Yg zIu8RU!XO!k`-$-AR3Ue=hSo<`ogy5?o6?XwByUg8#G?S+rlOo2ic0BtGSN8Hw#eKj4Z4Y!|+b*ch+fN>!mSd}P{z?-G&UvO*564!03Shhp(`EP?UV zv0id?D4t5C5;5Nw0$p7f*L_3+8PSOAi?S~#!~zqbz(W<4$=vy)ZHa zC?{-(zMl?sch9Z!h-Np<_EYYo({)UIixc)2N;U*jVY*Nqw?juAKeC@f28~Qk()W6l zGF`44ql_7t!W?XTlk!j^EvM5_-)93oJ+tdP?o+c{$eVO$KWx0@PDR%eF=07?ZQslbK}xpf}e^RsX;xxRQ*dBWcO^lY!pe*gB7}ID50X zu{4fwZ@Ds&EtgN4{FJb(0;C`uY;FTe4JG1IBq2AHKaT<)1w0CP6!0kEQNW{s zM*)ul9tAuKcogs`;8DP%fJXt30v-iC3V0OoDBw}Rqku;Nj{+VAJPLRe@F?I>z@vai z0gnP61w0CP6!0kEQNW{sM*)ul9tAuKcogs`;8EbMOMxDLuTSv(U%uY+y*F(r_59DC z7rOtnd#vjRUC(y~Lq8ts?>vRL_*a6PJHF5%wqI`F)%IW79&i22)^f`~x14RcF7WRH zclj^*??nYy`}s*18j(o8mHq9ReK_a~Z1(RO3HpAECK+x&TvTR+0#c$^NF2XDmCGTr zEI(B&&LCdBE^I6+52YiiWGd!=!PiWqd#y%)a}|wBL+K>KFp~cN*;J#utww*n`9>q@ zp>#rurQ(57Q;qJl8vW`j8chwQ5y=%v2fp1@qYqk*{>rKvl@KDBO0~SdsYdU&8vW%} zG@2ZerFcq`T7IvoM(?#6{ZFfCG%sYX*) zqnB6FXbg>}5wqI1qp3y{R--?^ibe^*1)}QZw$C@!Xv}K#%d2RVfKDV6=|uZYO*I;^ z8hvvWjmij9mttwT{d`l6N>-x_t7sHp3<(+FA^^N-X73%c8ok(jqXZ}+LC`)rrkZMW zht=pCt7w$K8l(_L-tpb08XdG6eSH;;0$?B(O(f&N(WV+5uo``B6^)X(|5#dz1^=L_ zM(?s3om)ktBuF38`%>q=rW)O5HTpBFXq1G|Ba|}L`TZsuJw3a%ldvnZcY|N~f~{4( zs#K?RLD#B6wT!S^UC9<{H2l%R*o2Z3v`VF15vIqrk}#%~voL_hb;3KnsG+Sbh#vQ;u-*CSD2%Y^=@vh%!s?k2H(VuL-Q4(bx1$s!Nd$_4aZ?+o!%qkj1 zB(x01O75O-s?nRQMnAQRMoGkSIvG#*oM@ua)3Z0!R@oGMz6CP{n#oRjST^TC@se}{7n;$o}S%Mdm}$; zYjyqJ2(Z{W;=E$(=1SiPz|vyCy^(vr-c+L@tI?0FqEP^tp~z@vai0gnP61w0CP6!0kEQNW{sM*)ul9tAuKcogs`;8DP%fJXt30v-iC3V0Oo zDBw}Rqku;Nj{+VAJPLRe@F?I>z@vai0gnP61w0CP6!0kEQNW{sM*)ul9tAuKcogs` z;8DP%fJXt30v-iC3V0OoDBw}xYADbX`i8I9KjibP{-NIQ_5N}1uY~@O(5FIj=(f&S zN4Dc|$NlZ6{U5eI5Ba|5yX^1xOTN$hKH}49%c$XRucixcqh}+={PuR==79e=#b@;2 z+@DM5vsy|^i?WNft=mTWo_NyO7~^5v>A zKiolT{P7d)V&9F=KAS5Si^`;~4LnxRrUeT9yFGO8WJSCG-dtJLgdFgG_4~HYC=6q)L|hNQRK81Rm4a(uZb}wEsLp~ zq>6DhmP@Dd*=$lyhg40^RSJ{ULb)_7?AEGUuBr>#X)QNJiiC2W{~)Nux=3}H)WO0_ZXzRlCc%iBl3pxQR4l$U|Vbn6IRSFYYsj3u16)mq-v=Y)Y42J~# ziNbibI;jtb!()Z&_*8Z%SDpy#Q`uvh7A8Y08VMoGq5K z;R!$@YnAY^acw^uAF7_N)>U39mnVP$PHUem>(y{Xl4JBAQIbVDAu6@DL~9fx8=yF) zV?1I(Bg7Haa#h5aa7dY|j+ZOL!c$XEO~pc0Wy~6qQmrbvlS3-TTGF*q?UbTp47^MH zVpW#qR6|ijZY)YR6eXolu{@@irz$y(kr7nV#>$nMVPUdTCb=(0a}|wJjy{Y+bt+dK z7N!d&wLGok-ILc%-aNgoYeoA{@?v(CCnl7Vy1!7;o&(NwRVkGC_{dfACkl6GCUmtr z1Zvz(t6}Br3U0^yE@Cbf-EXL9WBRF_zUW0opJ=>x2W^!;T8T#JbwRiTbFnO-w==@t z!}<>4lvbG$O67t+)6lC4Jv&t>s*M$s!LS$Hczlq-`gIgD0`HcU2>h}zfY(r}j^YrIg^`21@jk{z zOUi^ce4vo4l=X7Hnh{U1O&}v4ozXFOGT}pbopiHMisT_{)v&r$1ry)49Sjc)W~_xj zC>%N>;J0mtk)>c3+ZOqtRV{l0m-rGlZ?-K?v#7Qt2e)qzq2JnRGRMZSx9H-ti)45ME=A(4%voarhVC@-&>y7ycZFVznV6RT zTKoVnZU?>Hc^;py^{?MXjHTCAj{+VAJPI^T0qm4J>^tSnw;q$FL=wgCZ75Dk*vk}fbibU?b!I(crFW62p<28O}>3WBw@RQhw|a-tMZ^D(^qKUpPv&BEn%NNE1y4QK?Ar zTr{Do2{D<*KTxSCVmhfRVpPo{!(=+8WFxA(%EO^&*>k!IodDI`9Iehku`;e9{nLJ> zG&ZG-X~F!4 zB@^UjsIxGJTsf>%%M*p1h$6A7DH9H*61%2{kI9jU#Qq&3%DDAb!HB}X2~3IS@KSa1 z9*3c!m_{#ang*h7vB_mMHH~n07*hR&QoS3x5%P>VQv{-$6T*8B9XT*^Ob9=~MKZUh zCiK&~O>@(PR^!BheY;2}p^RCXMq@&QB28VnPQ&V&fH_(!S55T>6d>6dGOd)UVpY(~ z!c?hPIH@5Atf`$~+mV~Dj?HWrEgfEZqe3HV%pYNLQIzjEZu*R?oncQH^M_a~+j%Qj zr%Py*ZHJ8cgR}+1+&Nuj+jV@O&A&;b-*#ZG9UG1Ld+6osS>O9MLkS7y_fcBNncpo$S$Eh`671UJ z+hmT0{TKI)*zf7P4J8NcC0qKsK3t;#IGA1Zs-3Zk$SB^~P%NjQrkHiM=l$|1;8DP% zz%`;kPv?K|_4vNw^L-<9Pj900`OeYcAB8>{e7x;jq0!KRwh#C>n4ivn>-3++PqAmR^k=9;%$e1rsR^nsNvy-EL z)pFy}DSfh#E0mGW_o3s5VRZxN&csF~mQP5qzegg`tQeE?2{Dz7Ma6tH647$0SUM_Y zS73=J(%wOcSCfkR-uDVqlSB@p<~T*rYfY<#3e31L1MeV`R&Jc|$FTSye=rpvAqno@ zzhBS`swNi8ib|z3YO2=VCD+B}sOjnHp*&jCW;AM3hZTM-TpcGiXGl@Hrc`p{#Jrvg zOX;vOS(PQRs#L}_;us)4rA#U%+$848mB})*Jn7uX&V~jt3{C+<<5h@R%^TLGWYm%= z_ZDIKf!D&3a&_D;JxYtZVGuBkd@Trg)o0_auZ&tfV9Y@LvOkZQo)dF?MSVfr-_7dI1 zRXi#ToK7XSFIRz^xJh*!MBHQ4Tg0Zm$L_$wY~{o}sFHO_rBb3PfyWFMkV@>?`En6T z6J3BBfhrAxYa8tui)C-{zb zbrPdFPk$)ZXZRnCX`_=0R39)fo3D=;wFeF!IwlO*t`F?W3}?*6LY9lQUigAB=Ue8z z_++eAV=f!JX?pRh%yqL&WyB&*E8$BfW7W>qPP32mB`0La%E@fcEc5(!{4HZCcRj6Y zM)FA0M)DbBUS+di;q%T#kFZ`VbGFr(&$8C1dF$?0>h(TE`;2*ovLSc!ZfvxlK3k3X zC+XEVzuNBl8lLujW-VE%wWj9q1IiBk4 zJ<$5m<(~4cdlc{};8EZjPypJz57G^aEBUs-dI_rlTK>6f(E3_7(G&Fft_!^C>-}!; zf9`#=_tU*f@1fpQ$1iq#yh9BBp#3*meh^#;em3x``3Y8o9|%4i+!ovv^pTJE=TTtI zC}2Ek%zucoZD+%bBN8l;$rcMBomMqP&1zcyeS3~P@_6`gd0ML+Ma)B?%FMK>L|Tfb z(^@_$sgazb%2Gs*#*=X+mq==r5A5HECiMw9Wcm%;THZ4; z2@MCB_@|&$3A0}g%W$!P$OAamLm&=Ml5WA6Uo3{DUr{2aU#EsB|@7&@?m&Kl&VZ`Li~|y^e008cIx|VyWM6c zhx@YmG6pl@T|{N2;mgroH92kY(82wO9y)Xo#m5e2gu&xX-$s5O!OvP-%uRWb>V(1F zBm4G0&ML8Fz*Sdv=-|HH`}eqZsaE-lyJj2G(j#0}nB2|n?T2d%lWJ<%f`K;;oA`ol z`Gu}V)>Mu8XPC5?%ty3?4Sro09B zEf+Q(P%0;(MLwt%5Xti3BTA)&?N8GYL2-)SsPjR$n-$udBf706=pOv4@3U*Rf3JB( z5CosM3xWa>D4%nb1Up-svkahy8AlC$K3{um&AaYZ=uyC<% zpr82NC!;uAChdny|7|ctmuU$%MECbgE3p5XQw!vD^Jcqtj%O{+n7LW6^!gYu^TyHD{=}FCb3xV(!sYJwBXrslPlMwpj ziCjd69#f2{T11Q`(^)Z{mhxgeCrjz9l8VJs`OU^cD}9P{62cZO3%@hscDBh_@Yy*6 zfpP>JjD>bu%FVjMZ9WuTXD`~?hc0%|5_=cp@Yh}l&|=P;2sPeh!A~!6-b8TnCg+RB z{DP`A955Yyc!&JoRJ2E(tNLTF{NOV>y#PW;GR0eYB@X&qGK z>)N85g4}WxTtx3y^BIIIW7NfG5c)zVvdR5e9yQH4U%R-_L%e zH#}u&s7-x0)ZK!m<%W{GrsIZ++o9oZK=!F=&mEO9UH6()#Wme)QkSXcUO{DUK8J4J zr;CJ&*~~ta{-VH33zP_yS5Qa0OO_woiN9J#=-_VGVUw3)!{34hq2H@ zuW}Q|)^=A88$@l&Prj$^cHbudbH1MIyZ?9hH@knM`}OW>ceeYH?pXWZwSTew>GsjK zuLe5X7TP}Rf6n{_4hIr}ZGlYzpZ|OQKlT5q`-=?xhLNG9^h=ySlGd)(TCYI+Ga_n#6x&|CR-_}A|jHDGcX@hDOFb{CW~5F zQzco;=Cir9mW^itdK8bvm3$1P*?c??O_ZES$f=kVOG&Y4I+xJmS%u&fN-0T;$%^uT z4Hj&ldY>#wFM_4pPCN4oR}gKx#)9qD;#5%!FWu(I$>{I}h9FB#?YVJ{I(##@sR@Yt zIRMVtipX6mjdA86Ru7&4`FCr%%FHC9C?2dwta4m65voWf5?{WE1FhHB?X-%Mcb_!G0a5`-at{z6?G!x3z;z7_)FD{ zu!q3pl}lP?crPhEM*i7F{(00n?rcs4hyxzTgmsPl=UJ6md^68yu)pQXq#mtAP$Ja~ z!m$})rn3~bE(2R@5m?NG>EAqA1{0QUw*finiK=65YMqep+wqgA{ugE#Xq^ zHtXcH-W(<)e{+HYu!&PZc^EMk?xas~TlY4{*(eMU42$hMgkw-Q9Ul@N%#Ds5J~j$0 zLt%hmsWKqT?YA2X+h`>`LVsJk)nsk5_hmbzQNW|XJA?w@6mO&ZC|CY% zCD=_;9L4?h#ZoefBj7!>n4e)=VG>=~LQD7&u(dxGk7skKY+Q^eS_&xI5lvLmK;Frw zQfV!r=H;{`L6LbYeTuW;TeoE62`!e2s|wVPx6n&m?YPyZcD$Kh;A+RMPPHQxpquGs z&hc)g3edCT#==dM6F&a{m+n@rjC7UJ7#{ZuhTMd@arI)SUA-uPb*yRknzxQwsxy0( zQ%zq6gr-P13TV|vU~K3>061G5odEA>!z#9ru`!V-TWeF0V9Kq3w60C)w}B~H95w~E zrc(YOOl5Y(7y@m1Ig|0(HCKfaz^b5fV6ncU9lnW=xIz7}h}LEi9S4VDc8^l+Y5xuo zPd@1jeKYjyp$nl`LeC)Xe|u}0YihfKa})hlpkaY{P?WMG2+Ok>^mBg~zyz^n@Q@Mu0IY6%I5 z_-Z6BrqX#yl(KOpoy+GVk|wQo1(Kk8GoGFqL0PaiR7`}iCK0THf(T=Zw-1Ot5_at9 zX$8>Wm8yMh^2uO&r4t1KkiDmXUJeEqLG)BTfceF7&cdevLI+GVB}-t!f#XkN?!_D= zDjit$)LEVc-k+K(may=$1>m^>?hTRpV?ewT^+_!U5Vf30;GwAu<+5fW^eqi$pIm-F zkit^rny%tuvd7i_uuKOtCU|^(Onqk1zM|<`Z@gv4?qYFIsal!gH@h!!SFrcv9E{A= zl>%k33c0-K5=`E1EQ~N!(X;GKy33&|x`s0W=Q#s;;^+BYL?&ebPG(8)%q_;k{j|F; z-p;#wjg?7E@3HQf=e3#B5MGX$bFM=&ff~%fb6lxSnq?Ilj%|VLD|7>^xyv`N(ikun z7^>C?e>W})O>=7E-7=sp^WFBHG#2h*GjR`p+>+oOOvoB-fzXN%Qyz_L#qV-R{?Ll2 z=~b>3zpLGqT<}nn*YJGus`4oC&ZYpCy#x1u8xh)~bfuYkyZ)H0#-waMFGiC|MT|w^ zf|AnYtQgVav8a?tYf=)aj}{n^ziB(!BE_>(RMoN?nqXl5d}rBqE5ta7Ho?WXZ8kA3 zOfPUTZktn#yUAD>qL<&pHl%Hv&4ctK?=cocx>Z^|a=C0bF}Yl}o10uNPuomS?6Q^PC{lYLHaWUhNZ4?~ zfHPZ^FeorXlx2q+-YbNGNxVyd0jjZOZiNzv4N5RAP|w%fpNRRX@mX$*;-)C#oI@;7 z0=GXk-tTIRVz=4&eVIi5!F)0iS}T!$x83@;3bPHD{muQbQLyOo{gv+q-wVFZSm%ww ze+mA1@Jqp;2pTP4Yx$|bfxtcf&--5Rf7Jhc?@xAh`N#eH{F3##G4zLc^j|~gLo=bV z&{*AZ_*Zqmm;CvJv2cuWlzfvOxH@5>0o1tV2fjy^?7_+};*4U*5B!W8u$@s14Tqmm z1I{yQqp`s72st9{07Il*V4(W^2pk}y6hqTDOM}(pdI@N11YVFL2qJkPu()X=GGcBl@tX?787HsgG!lmkX<`Pk`4iMo z$?};Imzf;&7{szyC^0~Ds4D~=f!_kLI^&^fMCctuMoUNK?lkqf{rW5s))MHktjlu03o9D6Xhu~5C+vhBpC|~o|vOH53B&Sx!+hg zL|=-?UqHM00*>+*(0Q=+V=JHU-klx=JPLReSU(EDY{+otxi#@FVoj8Z*>Iozbh(R2 zpbyg$E`i?FzY+~TB+!TGQ(OYQYfB2IMJ*!5h}n?kpy6lvUAD8FWuf6``CZPl9P%cE zc<1uwU6#D*^Z9>i{V3(tysi{@IboBH@TNpD+}rmU1o4nwXJzRMfQc7U!xg#l`X|FdUZaYo1$3ijmwx`1gmF zTc}F>(oYhX!J0&D6Xb0M@w>%>d5c@-Ad)L=YQhFbZ4;U;ZNXAjZOaj`PO@g=4AUdn zdd6*~RJ36iYXT1Y&BYw{qfywgm)q;Lr8IUihynlz(ZeL&)hLq;ct6bK-w-6IYpk;v zaUC(&ghC4^m{iQ&6$dPfpAC_$`Gi8wY1PyD^S%xKh_ClEz1iNwz3I-6c0S#COX#)W zm)oBURYFg;mHZL&6MA3hz5WRKH?*nq??SKo{-yKhL%-GeTOnU)T{q^HR*s?MS9zoDk>-$z4@3Xt33g$F|9_CL;zHh5|Ml~EywC>A$}7|sXT!McGP2nrYXoF zC7vQ?;T(Y;!A)X1>S+7l5_ zfG`1(L5Mv=xf)y+Bzs~YUM@L{A|R9(zHHaJH2dY&e|(#O?$cN%Hi&9Wpo+~6Ljx*fn!k& zTAO;~^j_H_x!UDnK7Z{O#tTtn;VDXum$*nbcy)^3rgIalamdl4!8UY0)|Ma%oZ*X* zx`^=Uj)Vmt%Gj44E1;{7?uBF-(a@#vo{Y8hXb6uzLjhfXnXROez5MoS3BRm`m*Fd~ z7J{8yS!Eua_+EJ=@^1as ze8sob_Z<`e|EGJ;0{{QM4ga>`FE)H;!;2dp>Hd}Oi`_rf_5TI`BKSM-4fuF)Iye#x z2XF3}>NwHos>`rOoE@BWqK;hoaunl2N|5V|9M^-SiciNNva9)+ zm``glNUB*?OsVOVn3N)FKB}ank!adI=btT?A8EP7TF#M{8PL3$>Y53g6mB|)%i`zJ@4ORz8mvZg-PDIVJ`66uViWpWHPY{1O){Im*TL% zQ=vDw&wR+Zw1u(4C;8&Bgw|^`TQ(S%SnMC?8N=WrFZJ2?*>Ld8&Bmo$Xg6QvduI3= zOOw|q=AbscGUnUN@K;G>J~G8J!^;CSHocG4M7Ah&eM(WQRLP3K%p&smNc!-74{In;N;xWwW-XSpFaTodtX8B|xb>-HI! zZlu$bOL<|3ly|>ziJ=;q#At8!W#AZ9uJR~d`f+}62K=18*+JMF3HZjBLiT011MJPE zPFlj*n;l5Bn~&zwvAC$_atP*)rlVpyABAEypNJ!jQ%U7hiOt3(264!j>W(crHK#)R z8%^A3Tw?fx+$z7LW|hCh@DI6FeuvX4e}i#}0UdHTxgDF?e)eLgajAu!{aoj^W7TKB zEj{1S$B#aCXuq%Jw!CZNb>-F@Qg4*y~3y(eOx_oXq*8S%_hnFs@{x2bnvZL-coz6C@kkyD`D84W zQ<8F0R-=-XPG|@c$mgQDXd)g@$gy-X2VA0POpc_}YP=DJ$YKj@*n2fAEb#VX$Q~SW zunDQf*@R{6aWK3|(QC^rkZ42pYDh}bNitvX-tfJ_mv}jrfS&3#Kr_qrbD6Vz_HN@+ zfUXAPKDHC@unu#@eM;CB#7l%2to>xbX2U>3`HsDVocav0)GP^}L0}|94n6xUAJ04Q z)CV$@IcdnWvCSL&Tn-SasXgmz&Un~GKSWQ0QT`%aj`&4pEu>~go|hecdyNH_=jC}` znRPTby9Xi^^;z1jJ9tg@d^*F%!ZY-u#xL44ur9mBquW#TX+9kXiLhU#C8j~6eUvHil2sqTN1!+izIM*poxm32@)m6G7s?cajDukI-SlhO9=kh$4&eyp$GWv3wGO7o2J$vAm)r z2|Rp4Z9>>^MDqjAlD3C<7#i{dB@*CCTvT(*fPzTTgvH}KRDUYmXNCo67L#EKEd4cr z_F=vwgd^vJtGSApjs!%dNB)?D;3Cc@83a(BDu61r=h;&nFyw%KU~*4sY_Y4A>LOPv zlR0Qz7rD4dmq$xLgQ@8$?fn+WB`V*!DIRH}!&12_u%Xxeq}A5BUfOh^Txw*k*~{~b zz@AV&kEwQaca_0vVv*zKYPzljB{T#8N6@%TL;@Bx&Ur97_(GR)DNI+~OKptRk>AE5 zfgQ&dtiSEO(}bo22M-++xEl+WkTPU{ zqMc2b`%=cG9khfSoMcOYS$jvLmly=>2%p^!nZ-#s0H2(An;xfL zw>=8HRVe`NID;eR+VL<&z=ZMt5(60KXHl4F$M2xK0O$R}{VTBqLp#2eK4luRwm_en zfJ!~DLOU+dOI-R7*QEbT43v{g|6!-}5A8Su=j7V)FxQU1RVnQC%cFot0gnP61w0CP z6!0kEQNW{sM*)ul9tAuKcobMW3iSAY-Ph;8%h!Ia{T`tGf4A)$ZNJ+6TK7k~4|U(y zy(#pu(1$|B&KKJCwokU5YI~w>XIppcKev9{|2hAx|E`A5bN;OVu>XGl4u79N=npp0 zOaCAFW}CQuJ#K9~xp=Mc6lKUTrl)A!(&pOy^C$EINd#)e*i##s4jejw{ZDIIIAW{B zUz$eTPnz-f(Dk063LUQNjXQL`w;PujLLkS0h_@fm3wuZ-Cr}{|Gidu#%WaGI-MivZ z;9X4tC~F_3D~u~^qfpjHNFpl6fJ!08U`Q9! zNhv3$lE^xgmE&31)S;|BXjj%ow?q=DTs)bI5m)B@c4ckUrmTI0Uf{~ws8d-B+b4rW zV(6jq>I5^~*HSYv*LGUhgJx(JcjpdQ)Jbu?@D!r2 zNP-tc0EyKyFAyuLPVq`u5@JA30I>vMrsa|@Qt(n7ONjd_&X7k)Dkiat#5q%A<9G;N zg>Q+Lj4JW`ay}e1F}j>|^AE|f*tAi^r;UQ1)k@hMo0aPci*xhgfgEX)kTltjxW#-CZ4KbH=5I>4G>D=L>@RWUtlKF&(&n z*pmi(5`$ticU`Su!R^t+bbm2^J!pSD$fv4L2mwcanE4_@f zBgUmkdOUsPX|@q1ukrD;#*kHZ_d?<>I6YCw5gwO1_br+|p4>%orv@1YKY*$-nXQD+ za3qSiZp(zt`|c(;5qCnDYxH@z72>MhqjBHF3GC7h?L}Kxg=&odJ&(4UPj7q7!(ReJeH@1s3lHQ$4 z?n>`YBzNseMq*Mlx=Y#_lXmTj?HZAHMx=z(!O?b>+gt&MK{TO}3d~^=(bx^+9;~5m z)vof9FPjVQ=+je$Y;oq;bU9Qz;+v1ge!{rKQ0QiP!i}VLOrJQgPpGvbj8v=?lNvxPNID1PE15)&1cG5v7co{Xmx~;)k|bO}?uZGN8Up>%N=SoPE|K)H*gROe z4bGXw``XU=ZgJg7!0)iQD9-OBUAoHIc+^_5v#ZHI_+m16EAES#v2N5(kuhIxcF_NGzEG{(~CHLv^Uq-I9B;#z-7ULLi{Z7;eSQJ^RIUf<3B zGrsOn*WY&ie%DvJX1mH=@9+56jz91CM2FF_r|spo={Bu(-hZa+!LHl8f}wv3{YmIT z=*L5c$;bB(zN#+^h`+-dj4KF!#kXJf-M{*?3Z41K)j$0K^eD0*($|eERRJa|0Lzv0H0h;qg6*(~AZ2}6;yfZ2F>J`=T5+;mA}ED5 zD1OM6=r=V|sca0^;bT@zvUKK7!bru=Cf+BJ)Kic4-w3K6k)=p1mQ9ONHi66oN(9#2 zs1g;WSXPb7ul6d_;<#|MP$`sFa`^o)PcZfxO-dqhBGL^` z0#AveNox0TlGh!3>>=b$bUZgm^!QbzYRu>9{cd5!i{KgV*O0;lCJ#Jqm+x_AF9%;F z8&?MCS}}N1#8<6DY#k>R(a#V*YL(Loo8#T~^X*lfcvtRnlmyQtjVpK3k-hi?JMmt9 z2cCFzCS|NGB10x%hR;9>VyI=zIY?A!>~?E5+GZes63RC^2~kHrzpVOf?-IM?)f}Q} z;|h!W%kekoqC#49%3~_95JAokz1p|WxU!YbgjqkY&r;8^mDtQKe2a1Ab~@8I{L!l$ z_tti+?Zy=rO}L9U)V>6Xy0-?#-=;^b*X_3v1+X9-hz_qp|8ONt=P=hlyxPAKK4!CV zWr#k-^$)LZ0SL2_RV7tL6OM5GSD}Bn!ou~r{^8Y{{^1IX#pn8mSL^i;S6DDU*FU_< z^$*t@R~TX~cRD+7MhIVVz}B88W4pyZw)6ebxR%eR6ERUsK&=u>Dyo=8u5(dNBV$r3 z9+Tvhim}~nAKUpY*+eXtOem=wMsgFq#7A=8HWG$O%13g(VI&Ncl#k@R6(QX6&9~9) w@w)0!z@vai0gnP61w0CP6!0kEQNW{sM*)ul9tAuKcogs`;8DP%fJK4-9|8TFsQ>@~ delta 100485 zcmeFa2b|o*^#`t<)oP_(mFvCxe9gY|_G07Saql)R_i<5dQz)KewNo_r7|g(P-M6(L6nEfBkgJ zcKE-bNS(Tr<4`fjSvJAHyt^(Sz>&tTyKZm2=2*$9^=R*E?b`i!WGvsK&3cIwI8GF; z`O=n^t5$Bz;;pr)W%I^O>((55QuFG~Z5y}k;mBVmC9%+ftc8|M>sGa`-MHLov6gaM znm4r^-?m|+(rMXav1XKHBazeE)R$Dha=v_pTsffh_rE<#J2)9pa7wg2QMl$m1GIbB#e49oRl`*w}Sz)-*0yxwdgmWaFB3YaNXh zi6dh+uUx%ps5ZzL4d?o@ZH9p-8q|ErV1xShU z>CuqLLF3awKt3@(9SEe?_!L5}+c>lmNSASF4v+)Jp)in-jYCC1J~9sRKt41MLe+2| z7zbN{yl)&_0A#;$a3~OcpK%Z;`krx61M-gXNd(Bhj8B#WdE5A8ERZ*iPa1)|VSEA^ z>JAk}o^ezPQqS5OH@~qKY2;|R3&pIGa89noW{K@F?19{x&DFgDT(T&f0#OPiQ zbRQ@4Ze|IVze!kYBeaS6V z2XWdVNb*DNJ?$;+Rqe0Z3)-KxC$&ek2ejX7d$rrOo3tCWtFTytqgIXNa;9wvQs&Oy?2UR$z#6blP z%5hMJgHjxn;Gh@>MK~zLK>-f(agc|DTz&Ep#esqY83#@r zIB+20K*WI^2LcXkIN)($#Q}nv<@av4@S{|#_B5{M9_?co;h*lz9L3+Kx!#ibd<&Yq zapUH;NgdaM_{rn}SM(Y<@I>-JVdSd4&sy$XQs53Zy4{T)cZJ72)a4uM_BHuKezz-V zzAzX)bhy+75t`iopg-j6yrmJ%_lUA~F(hl5Vam%j&_twz0woXFQtvrB&k&F79SHY7uSmu_|9+r zIg(=Yst)Z=tVXw5ElzXyQ%W%g>#chI5RtRwTa?k_Qc|RX$8}gyd4_reP2rHs753IQ z#iK4x6V(%Ja(lx5fTzAO9(7U5sP3VDPm|vp4Cp?0{or`q1?l3to5Dd)Ampwe6puPD zeN>-26!N(18{$#tq>Jim3j1`AKj5pckH?*rCay2s6b$=_zReN=BK9P<0?tK(58ri-cvnnD4W z&+V@t5RW@PUEDyE$L$M-g7sDLsAJPb^*04PevchN??y-lH@&ke1sEFN`Os;IilJ=EuI@`S=3pTE8|9ygpS zE{^JH3VLDS2-layqXyGQbp?aIptrs_9@XDJst%(OB5nn58Xq(;iix)9D<_FkH>B78#fu%khuL8(3?9-UE} z^;$e?aWbmTXeG!2=pC=i?+eze@wkP_xQ9peHhF_?$V9yokD8Y*s;4RB@wx)8dO037 zHy%|#Y_NwMz_1+j2He4VXFP6pJZ|5p?j}#z-9r37{>7u%tf-axe>#mpLQ8gM> z@1t%Y2d*YpFyw(YBgW$@X_EDXp$vjPh-!~Vb*76NYVtu=VXPP8QAHe8Z|ke@+(SW& zg}p&n*jI0h$F-+RHVDbW03NRA<56wtq6VN0!XaOv-Wrc;oxD+pSxkx?_+hYjg#y8P zcq&4*GoA1xqPo2m?(k5Tcc|apm0qBu@0!1J9fyG6X@c6BL!A~Vj>FvQMTGBcIQL(EstM}^sLf2+sU z>~Xa>G{po>RM6Ja;szz|bvHD|1dUYC4js9P=N>3O0&BeZew6fFpvt`ydlU^2+pXE394fPPkU>i z#n;x>Fd!xvKn3o0PiRG`CD77P6%$lp0o-_aMVo7d+tpARJ6?&87iYEyeXXHDb3;Y! za0N}Lc}1JM9aKWNp*$uir|H0O>hiU=v^SK+j+fCB!p+Tr_SVn}e?w_ZP)Y^u?V&)M z+XaG>n4lykaJ%9DT0EYH;+UYA3ZOn)Ty9sOt)VC;D58QkH}r~7AQWmSj0p;6K zd0N7)!G?mEpnwY8UT@gz@wc=zhZSw{0&-6pizOp-RoNs^m@GwYD}QU1m2L# z-3$fRpu_}9>>BPB?qI8{+1nt;1TqzbT357q+ufe#24_s*qykT~$K4VNuLw6dVgd&h z1cPCixA>s-NHKvFPb$z7@IW~>h%tdk1?`^J=H`%VMQejSCa_aMTdObF>!CA9>_JRRcfByt!NAjC{B$4{Z;a7dz59^X^5aO>fAG}N{Lj3*a ztk?7E5WkONn~h>yWeg9G(c@zD=9s+4yh<)wZiR;i=B!@Z2Y6k3oW-ggw0F*`ue`^C z@!MA2$%7uHOWYxZr)$_I!qY`+BjM>HbTHxRDsvFw=`yl`@N}72Pk6cxtRp;K=+zRQ zF63$mKY6l_A6E<{fUd==2~XEr0|-wSQ&ohgtEEc9)74M~;puXxobYr#Q$~2YUMVF! zU67Ozo~}5G;ZX$KJzY{15dmE@6cU~;3JM5MC;j<^r?dJz!qaJcF5&64Jcsaf-knW& zI{KQ^oqak9Pp6j-!qfSqM0h$s z6bVl!fOf)@8D5)!dEG*%a5f^Kb2OgtFbRXIu@at6vhV{a2mE6KTMbR>dz^MqI{-t@ z+c4<70>jQzFz`G8L(iQs`1}fnpUYtYx&Vft(_j$V3d7K97>Jg`P&5|?qe(Cv9i{03 z%>`ppHH=CHFfPfOpm8uZ^}^`%o-^~u|LH&eCBF3v`hReb;!8*Tn=hvM>FEUjrQ>>< ze5JoUFaD4}{fA8Kd!%KByTMQLA3}T`dDQRaLx=DE@ss-Cg@l#WG|F4x5^A*w~1}!Gm!)Xb=t?8gN)& zkHfk;9M;z2u%-rw0|(-;x*CTA2H>!&3Wt@IIIO6^VR<x%OYP7p8T)R$Ex-`c6(hF)@7p24O0 zq_|_Ita8%m9p;vM(eyxK>pZrZUQv-^JN>YOctd^HuszR_8Vc?BiIz zDZhS?B_sa7cMsg+F3SNMZ07tVySeerT>U@a%~b}#@3pkQO6A*rdRieY#s3RG{Rh9u z6^`%ti5bjKXTgua^OfKJ)4yH(qf7O)`4bKv*^iI>CqMl^Ir%?57p7PjA|dy10e2Lxi7-=s)e{w;XlEcRv6Zo;W1AO)pNP+wx)?-Ch^ZG%Z$J z6%wzC;k#q>xftC?sbq=K!Waz_>X3qTTi*5qCQk{x*{^Vo*G4(yMzBY%WeSNacbb`@9DN2aIsAKdKfFbk_x zhFOQ1Md?4P3D#kkN_nM!!$|8pjjrZ?4{NLMZ=`i3W=!85=chK(QVuiH`oC*-#o*|GyW+6f6^G5PIBa&sVY4eRtib`8 zU2)j#io<4C95%b+u-O%d&8|3NcEw?{D-N4oad?pDu-O%d&8|3XcEw?{D-N4oaoFsN z!)8|;HoM}m*%gP)t~hLV#bL864x3$Z*zAhKW>*|Gy8;_u9Dvyshs~}yY<2}!s5k(# zD~_05aoFsN!)8|;HoM}m*%gP)t~hLV#bL864x3$Z*zAhKW>*|Gy8`QA9Dvysht00Q zN*D)Vb_IsQH~_ON4x3$Z*zAhKW>*|GyMnzx9Dvys2WD3R2w{}xu-O%d2YJ|d!vUCG zaoFsN!)8|;HoF2VZXAHw6=!jnFATBO=`fMvk8lY8F-CCxr!<^}5nN9-a3_y__qh5W z#`tm6!jX^Q`u7;h|7}y-ZyBBS!-mCgiTESM3w_^9{%-{T-w6J{5gg{={~N*oLluy6 zy8gcr{747p|Bc}NUVZrA9Q^-NbMOi}2mgXwsyxkU`?P;*e}dQ5?$&PBuF@`n7u2?x zWuxqqbnO#(-Qg|mW$ih5TkZ~ciR~BK`P!-4$?)3RvDzGMqBaa(R2!h>YfkkWcs1=^ z_3!GR)ra9-wBM*#su!ud;O(<@YKyu+odWNhdDU9ASk+Xka!7d}b}0U$JO)2K-A~>l z>w6&hw||Z&eyE@RLnU-1>4^3HetO?S$BX~9pRLK(q~qWx{LTAOE{-1#e{SKm3(&oo zy$cc61lHFiy6BVcASL5D6*@}nPn>fYI*A*A&nZXZg~SSo7k`&H@*K4b5-6qWjGX;5`GEc7Zd&%!Y?BHLc%W~{CvXCBm7*#&msJ5!p|c7Ov29~{B*)k zBm7jd%`8kI;AkS4O!!HJpGf!#gdb1%afBaB_%VbZP54oSA4&KTgda}$qX<8Y@Iwh7 zCVYtSL7P>F4dws=ej@M@-b;87;oXFH5uR+v^JF_-Alvag*^U>;c05nE;{~!E&y($V zfo#X~WIJ9U+wnZvju*&wJdd~Ib&Eju<9V_lFOdCsp6tg9WIvuK`|(0C$pqPs7sz%z zPqyQEvK=pw?RbG~$Ma-6ULf1?JlT#H$aXwWw&Mk|9nX{Pc!6xk>paLF8eYBo?2pMjG25Y)sQ zpeSAhRq+HUi$8$6xE&P6b)YhS21?^xP#Xp)j?JJtR)X?a3hHAPD3I}>Lc*X#8bOUz zf+EQURU&~h`3lrY7bui}Df(;5UqP!ptvm?7NV=c=v+wtFhQI5le^-PbS+1wdp;+~u zzhlH7W1R`nz5jBB`nm|NNAfhG^Q4@%$2}INcB5DE=HGznlKtxR-q9zbk6Nsn@ zMAQT#Y61~8fry$wL`@)~CJ<2*h^Prf)C3}G0ueQVh?+n|O(3Es5K$9|s0l>W1R`nz z5jBCRnm|NNAfhG^Q4@%$2}INcB5DE=HGznlKtxR-q9zbg6Nsn@MAQT#Y61~8fry$w zL`@)~CJ<2*h^Prf)dV7H0ueQVh?+n|O(3Es5K$9|s0l>W1mdyEKtxRttF8Y-Y9jse z*G<_@}17CV;z_;*Jq;_+`vyZmYtJk0$k9jy!hyHy0mAy7rJW z=ueL`KM~bq`S>v}Fa9q5Pfss8GKn_?v`vz|I^cp z{woswTk`gOG9cdZ@BQ?DD|(0cL;v(2I>B#EPk62GPw#u+zl@LWm!t2U0dxH&{69<> znBYC#1$1EJ+t|U2-*^}@Smek;rh9w-Has$ZZQ;RCJ^tp_-FRR-hUc{}tzDRXjSgx{ z$)L8FOzaks_5T7gv71NM|8vO1ZWdYp&ma@KX=MFBg-q-wllA{ZGO-&^*8gMi#LhCB zEdNK6dEIcb{2xZzTWVwXqO|G8vdmra)cnPgt4k$Ig$mj6z&{1;(f2ZNfOtp9Cf zV#mI_6-+T>Wvfh*02v}@pn(>85_R;!8NpYlm~o_mhE23$=JQ8VD_?DNVU z%EiiNWxf(r3gpk^zsbLsFPBf2m&qgL3fba()A_LTTIWt@yK|zm&M7(egSWAp9OpXL zTAxY#o0VSlJta3lwOf&#jjR81!PM{6gu{K(Fb>Fulvzhx`Z$d7V0SIl=~z<=al+A< z&)t|>9QQ3YI3d=Pj^f~ScN29eHYg!KOpKj~VIN`*DaA>@Vd=!wS6Ce@PWnXhg}_T4 z_77Ie$`gK&d~u&(HR;6E57@xe;<)Rt>ONw)K5;xS|0b1m6c9Ry<%mi z7RNndWuy~R=U2LxS|0a!rKT3gy<92j#MH5soLU@rX5}oi>iq^8;+2YeuyUk6J?^wh zN-0h_suEL+adAF&G}hn26uSNa z(RFEt#Oq7>D>?09?OJUo_&J!U)oGHtAKuQn3APc}sx!d9aVEG@`HOO=a*1-1vOozb zh2Y}y@8ERm3i%ZISb3CODI@1w&ObV@bDr)z&N<0h?{qlccRb~|*>Rp@onxlM?Z}dP zq!*;$Nta4nq=iygDiXgC{~`WC{H3UitCowSVSCMLf7||u{d)T@`|en(IHv9+pmZg}?=$*R?EOxQr7wqS;_@_q%;d zQ;I>ex!i6~z_%o|H~`uKhMK_Qg!pjPBQjR(G~VAV8uz*1$q-4DuKVq`K&yly8JMPdOhH~ZC*Mt__G3UfOFG{y?#$9 zH?(= zIrn;}_m^YU6$1ZuVemFJEwwlZjw_+yLQ~U;eNZxC_mq@k9i{}}=?~nH9i39{17EIQ zAGo=ioK74B7l^LVq;z7h4_xE9C#Dla`}0AApO9J(+QZ{ z0)erq#Xgvbg>;Y4Hzu7NJiWPt{?X~g;6=|L4vtDK_JR*wpF12JnNE!T5Qf6~h;(wF z3#LQv;pxQgu*dHY9FDa1@+ecd&yqh}~frJ;SM&9a!v!bw{wzvLoTn6{dlpbv)sECUZ>Q zV8-C`fJeB))*Xq#nRtALzTi*2>;N$gFyM%{|FT2J3kQ(nuHp@*UUz`l17o|_-*??X z2WKeIkUtQ1`BN`DKpeosuRG$ zfY|SKK}S!$?C|<@qEdst)awp7-323@KbU&m;q^9wi)k2~Q!hI}>9Lg-y`#&In=`#!i(4ySF)awoqgS&3< zfS7vO0b-Zm6%PASFFQOicMpZ(-pI0}zdKuygHubNKahIe0aLsXc*+iVVcn5p*#Tmx zG*7^jdf5SDFFgAQgyPE%z2CwC`?L)C)2urJQ0({t16_CYTXsM{21nCjSDIx9bkvYL z90)VZj#-S4WDlr&KR5yPr(Jizun$F>Sa%%0>~O(ECKU9;2E9~$9WUW;$h^*J|I%Iu z-}}AVN7}1+OY+G^9@>$G1W{X^S5)7JUkl~SQg*FNW#%6D48Z`-@zwe3al z+4eAaY`Y!&wOt9`+RlYXXC2_FZ6)|=TL50##)FSGFF0tc1ovzjxQ+Y@T(i9ojwAmH zUwe5BTu1&6RyWsx^T^%m8LAHMBiE>{>SAypIawX02Em2oK($28RvoHE`BeEB+(`aY zS6)#5q&%eDt=y*Ep!^b+Lgy%_Dp6&NIj8ldw9;IHXQ1TU3vB_V`J@S6} z4fz%L8o;CSALKjbtKk<&_mkSb^{1y5^Uwb`e)Qf3aCBkJU0v(apNXcn49 znVD!NWoDoml$nmEQ)U{PMwzK-DrKgiDU>-H9Zi|ZXfkCcp-GgPh$d2I0-8XX@o2ng z)A7BIL*wY7v1lx1#-K5j8I49$W)vDlnUQEDWk#S8lo^hOQ|2gi6lI2?VU!t)hEgVs z!juW25M_cW2n;xHu>??n9`YkUWqim-887lu#)CYRaU(ZnT*yV4A!rC?notvE8c`!< z27_r3Dd0h95M>%r17+$_J!Zg|y$;pUL$#=uGBv1%G6T^-%2cCj$_zjQC{u;1C{u|l zDN}(eC{vEgDN}~ZC{v0`DN}+zt3Y9($7zQ50yBlBwTU9Xt_)IMXp-^1y_ z|NIjC&o9CMEBq4R?^E)7_c)Pj9LMEzCI?UXPnK89!^OXe_lUo?trX{pA^WTLr|s9+ zE)y@aE#zOZcr9hz*W5eYQxN@h?nJJYo5PL4vn|_vJP&KchExNs@bO6V?q{7I-RK%A zaQWbEmAGo=OA>D4bBwOxL_)nv^MzYhu5DenWn+oabrd;HU0Cx4ef*ea8ePMPoO+t( z^N(M7-0{0AjIN<}e4X>CcWgelqoZZr>eZbmJm&=WvPM_f{QL#y$#BsSIhneh=G8$) zm&)+{GIp9^bOk!Ec+qJ`aGu}1;bmuSrP1YM&nud5ba~134D2C$a~n)fPgjHH z%;%k1e4)|hF^_u1Sp=uM%|)*`M^03Xt{{892nU8R2dpJ<+fC#Ey=`mX+dh4n(bd@b z+AGdw){H^MzOf`O{fZPa*FEdZo0jmiuNeErFli%5d*5g#ZImMIeWS?ToJ)O(qg?aB z?P@{i&CfYQ){tVm0^Ip}IUy_zfDgMq=Xk)j*0ICU=E!r{q%(w1g?ELQgrhkx7=L|W zyNS!>ZsyJkz(+(o@rUQm&lv-g10lF<$wXn=*oua-Xn3tdxNq0Q2U$w$d0 zveWqw$t`6{oFIu0i&u+7#4>xY5E4JOeQLW2twQrr0F@!$@@Ftz{FUWYaG(#LpyeKc z|5v%ExqG?az%Tx18a+ZCve4IPt=bBkx&Fe;qDvl^!*K7LP2M860<+0nWswVk*=X*v z$dw_em<{9>X~jrTF|J?$N@6`z5>mO_=sJ-cpsx3&GV=|aT&?FBUF*nUIs`~1i7!e( zO{^gjIs{0}5U`pYr$s9DEm9Z)RuMTJ0wgj7oPLzibpk2pb5@e}BhewiJZ^iIuk#_B zd=O=w~uc4H{kT zB(c+vjU~4GH1+r9eeXKeOC9o?n$gupP9GVQb~)r?7)DyzixjOhx>{(C=%)xIv(YKH zKtZk`(P(d!GUqg}S-GKN%(~4RH^Rqr+Sb+?UCkr{{qBGym=D_I;(2fn$Fa%dQRZ0Y zfQTFGGID^Htk}0?cS4t1N-}iTaFTB^w{t|Xd>O*McnLX^7KfdVIf<%-D=lWOWXD%J zhPjfx-<6_9*CKMIv)jm(?75xy*yIn;AZTq1$(gjZ3AnX|@G!7|xqyIM+kCTKld+1K zMOvE6eMai!3|1OH{+M-U5bF z&W9a;aopkjjdQni395EZK(G{r6zN}_Vst;zqkN6gt(dpx$u)}OH?fBuP&-@9dotx( zxU-W;4ryz36fH8kGtE140HRIg?htgH(P9E?{LY;DE~SM&^nl*;8tCTZn{KzM~}3 zL7|9r^Y$V+H*9pB!eqwLH#0DroJ{0&G;xs8Wasfl*S5}YisXG*adepPm&$XY^rLJp zu)2w`2gFm0jjpYoZDsN=EQ6iJ9DGZhnc`#GH8)fZ?8r|@TBdD64v|q}m(WKsM>Wh_9voKG-_|oM$e3{B!$T>c7 zyy*C&;}S=^V={bg>^P}O7%mKk_iJ7=t19FTR`|Afr&%FSwq+RIwdArbq@$}Drn^cW zigIti8vuTm2=B!2XwdTk3Rfl=oyUr5xgTdKlX0bz7 zI}g6=R4nG~I{BZP(LI19vy@)Wd~j@eeI6uU#U@^4Of|YI&6Dfpry-{m=ClSG=4;*M z<_Qh*AY2t?BsRUSLaJg`;;TxKSSgd3f*X7ZIY1k{(zlY&5{z#6`WD>DMJJP7DY=_g zZdz?VTPIg_epw+u&reeL6A{JS=;lMuwQr zh2`>(H#}^oKUPMn}djNN2p=>=G@jXp+%Ajb5A1!L!Uvi=1QLwpgx%GMq{hXru}BoAyGjPazR# zt!D}5nt5^=9<1qtjvme=jbR#F(v!(q^d>TKW0*t^(2kPXw?ubNF}f$xYNsEb%FOL- zpC|tT%~$wmxFSml$G@eWpiSkkRpuyT6u10>bb-_%EtbYg_3**Xx5TGyt+sJCuZ_37 zYk7=+-g22`rKQAjp5nCdVbS0r%GYGb{TjFY#k}Py`fL^NBuv~m*PK!h_lF=yuD%Gt=|Gq-O(Pj5B4H;{au8z%Y8&F#E$k38QB ztJH3~9;JOahxTE(09};Q+Rwo~l`cnVPt7SaS4U`1T}!S@dumQeVlaV@Nmrw^W9Bd& zldeK(Gs@|kQ|M(UkQ8ah%%L4~q|r^+py#Y3+0TisQislyy`A$T@@L2ibNSAKHY!m$?_fM>huU-vjCYd@0G(%g+`A;4%4Mf!C_08pwUBDK(wV7z((_4 zxnU7MS}}U)G>$fwg7Olhht8#G9T)Vki^3J@DyLdV~1cV1c=QQ;FL= zzEckCaD{B90t%oSd$QOAusrKw*J}ku&ij}u$})QB%#$|q0y2H@=NUb8NkAKKK}n+9 z=NLT&Bzf9+3k%|{*KPDjL_oVizIo>T^1!TJHAat>rY|S)! z;M1OPUptN?Wu2d4Zof*NYp%IgK1Mfs=+cpvTz)ynK~|mQ3N)+vIIDh~Rl3NbS9q*=|6=M?I|M$(~mke{LscwrpQ7p;VRQVCFubYU3F5H4ug!Gu_`1LCPL z*VSoDE2Z~?R~I)Y8r%{*u9ln1TiFgX;~Uuv`i-t5N5*1f{RV>rT|CB8#T{xRZprIv z;r{6wf~_i;>Gc#d@ zIHP+TiD9g#89?S2d*qGSJN!r1{hZdLy`%jVOl9uZeyd%lU8bE4A2eLAwStMv(b{nM zg5dxy4~+f4R6hn!Vvno82LqW~)T`8s!FyN~Ok$R+bKr}rVRf)tu4bt=Fok(vc@@4p z-KpHDJf~ctTmTj@Cn+nHCCUuYd48o%DF(|Ii`=Wr@51Y8PsCGgeiTb&)wwa#YeTzG|TsI$>o;mmdl zj?Ww)I9_u+?|8&R;+y4iZXb+L82H8|Spv({RRtcsO` z!S@~XSM(IRAN>|xhb}{Bqf^j&)QT3MqtS5W!b2_nv)t1OjdZU?m-&1P{d8twWDg6j zOoD>QFIfOf&-gh7k;_@|3l{vG1(&hFOai?ia%mD3L@r^$#Vojp1sAelHw!Lc!TBsW zj|Jz(0RD!1LFAmIC_i#G3(jJ}nJhSi1*fxMCkswv!Kp0Rfq_oTK0jixqU|hTswh8l z3M)C81>0EA!GdTKmjxbokf@T&hPlD{ou`F1|f~722 zk_1_i#Vk0606J^QiY#J93t6y$1@l=jj|FpCFoy-RSul$QGi6?n_vEa|3|2Iq1=CnC zl?79hATx3_3nsH*5(_3KK}JNMz@qUi7{`LKEEvs#Q7jnAf)Okj&Vr*7KyS;43`-yY zLs<}JL5KxG76e$}PXaCCV}X|i9ty~}rL~AVDN-XtSkT0RMi#hOFo*>WEU0He9Sdp! z=&`|HjnuHBfh?$I!2lLiv7nL#6)Y%E0wq$$f>LI1Qz9j-s5lAaNFfUfSdh37Id@VLl%6%g7;alp8@*TeGJh8y7e{|+{%JmSa351 zME{^oOaY-y%#EW>OlhG_4>;s=xI?gx_%{}tZ^o9J{T7?BJnIs5ygK{(h}LIxb@uwd zyFUBY<=O2zS)JW?1nV=pI=lIZ)@O8ec0O63ef#oEr>nD5==v1P*{G&cP zGbyTzPG`Y17BJJ#y66m6ax@DjvtSYnCbD1xGykZIj%P*VSTL3aV^}bn1up2(o~ge%3_8tc00<)Q7#OWhiUvlRx#+;?Kvq(n1l7?2EU07wGySZN zma~#77L+pckLqX%D=KC|5eo`gP{4wG7UZ#jnTu9OnYn1S9?fRsWw9VL2?j(nSfH^$ zWr30eRZ(X8Srv7#5-AQ~{!tZ`;|K#g3z+F=Rn*2xcotY$fLLH*0mp#IHw4i6M^%JO zM(MMVst7X|t%`ifp7cc$R7O5$!DlS^lm&;9pdxaR1uz#)tbZ#ay{xE*1>G#@V!;6x ze9VH6SnweWK45{)%uFjH`&rRG7BCajipaaHgqfI@NB)(RltCt2`F61bw5vA|@( zr86Hc zXTeSuoW_DvV*u-)rsxhsfFj3)Znd|$AUkw;9eH|J_c~_Dv8{~itbK=;>cYr=w!iO7W^&=iXwNi;0_l2mIb$C z5bIq10Fd!=f}7kaW)FP&k8tVALAC0@& z?RUerF*S{(+r~w(ZSD>RVfUIfDJ%jrmL6)jNcZoH%uV~`8rX$*lg;IFqCJaB5~;%G z`VbF8xqm=QVn$jUwGHFT%U>)F?4_Ks-3C?oBy+9AvAKoIY>ZRR-N~W*(9N)SI}NaDUw`i|Hi)G{-pi4_RH)o_SyEM>^10Bq*%VRJZ-tratXA^5tbY{{Ti^( z?&03#-o&N|A%|rqcMM&Qo3ECms>~%u&pcXC^>mtL-mc}%fHw|$=9*7@48?ofuT@;U zbC@zHD;i_;Q1ieo^dw}Kmni;8U=~7+1Zfi~BX+e=tTV~Uv{=i8X)D*PT-CfOS}}QT zBQ@lNen9O7X+J0>{a{T?OR&}BZTGxGO2$w{;= z6yuCgLt@%ziu-2djIl<~R8qVb(2^>JS6hk|KR+G%HZ@?RO}hm5ZMO%GQv1c^QCARO zmNi=}!9AXuEz%xeQfB`C5HVcqnMkrn`+P}BBID5KsYx{L^Ce85A4krh`7i04f2dGu z15PWng!K6{N{yZ|^rm8`#SGUv?<)6o{``>q3bqd#O=6rHq{W+I{`pgRtoi5{@CWO z4X|^@ZCnxY5`4#*uo`+KoagV{vj9bky8A^cHUga*s-RTrd;qKA7Sv%JmJ?qFN z&!+EgRZt7tgPF>&;Z3uiwM1r6%gqYh%*==i^;k~Ddnd`Q+ZJ2X>+v?TOVcW>XXg?{Z{iNBuqGd(6 zJnECr(yPC7!t39UOs{IoD9?j53C_W`evC1!)c{7!& zBCr)2seR06SYNbWWX-n<=yhnf-*6vsSDVMoR3>FjGI|T?)v3L8b%y!%SISU$`=*x~ z2GWaF!_|AKsblPbcIR;BaJv+j{)(>q(aRWo|&J4Lk5SDRh4 zmHaBBm%j59ORH$B(VI23DJNtOGo#mzG#X ze#?fHn^v|ouMQf$nWPG1$q2Zh8(>P+OHD&*%N#&j=21Z(cs zEi7q6tSa$&SNMJ2kh?X<=(RHqu`1aRd#ME^&1Y5Ld}bQG)Dn^o%vEGyK5e4W%ahEX zp_6K=iciMwx~tr4etK1|Y(BX}adfU(sJsuuX|I)BdNGY_R&FiKF*}Y?a=k_`B9hom z;ReB4P*#aMRvNwVSuU_q+)3X%txCKab`=auy7}6dv0Pv9yXjMh`WUToAkL z2}_h(7*Dp5D-NIsGp99gShaa$#q_q78>@|;4k8;CJK^3XN&%iav!?HrbOcJ2D|8_C zeY{FM0#UnkTA-DE3-mPT!du84?V??{GS@tCRc=nA!2W817lV6FV#=igk2=(%omO^* zdF-)d)S-6lw6ZHo*kO?xw9~Sv0F%+44J5&0a%&aI+V7$E>ol_!eKQMcjJ!|?^}-qm z4=8cS2P}?e>s#P~fuF;_c1cLN;CCM>gV9XuTmSwKe_6`rbW`HOM6k`EWV#7PhHr}! zM!Y7P00QG>T&0fTL*UlR)$mda#(1B1#G=DWD{el3Yr1 zD9NTIi;_%AGB6R;dnmb^98^E2riucM!gqE#lzA3ieTPc_MakQgyhX{Im3sduZ3lzqyXO1*rKJloj~mcw<9y^i_P zThgggrg*zJ)&7C~9D9*)Ieek+CEH0h8-E=?()yY;Vl70spy`%pEhlpCP!|&(`?A_X z&LRyoE#s9ObMXu%b9^6n?Fsj(eLhtI?nS}xD!65Z?>QjDUW1c?x98x!Yzt=*%`S_Y zZ$6-^O~d-9NByn#PcPw#6)hXsCs#B3r$W85rb-2z@Vb4zfoNMbPNg}KsnMhHcwvz& zBF7UoIT8t}&ZiDt(@Uz+vH^YaH?D8~;(lLKrQ-E~pGyA#w6Y4PGAxllvv{;p+poOh zE@Jzq6qi(?WtHEZAL>XpRVv`z7QAIvqSgwWiaVK~A(NF{^NZ1nk|I;o@ocK(VlHXX zvhwfBRNOyps#HASPS_PLN3CUjGIi4!r7UH|#ogKVPc1GfL(5A0Se#0eqYKOVPR#oXW&RK^@kx@Ux3F`J?`FQ>7g9q>Gjn_sL(sh81_Kn<^Ez zCkPIri&1M)pE4UaPO0iwhj9^2WA%k7g&zdMWh6LzIa#UFHq1KwQJl7mwjlDxCaCMuQv@)P$w+&`tbBnK_a z{;vGQ9TcZb1-_Hu@@JzHvv4X*NiUtG^dHRQzKr{)6qjV7Wtn~Q)3?thTpp)NCFpXw zy}?YhJ_DzM-;JXh=CD5ZhDR<>)d~{MlKZ8ckYu1`TA%#&tv`rMeJb}$#f!g`0v_E% z8ah$!Q(liA-M_pbCF*{;UrGsyik2zgm7lnm=2WS81HrI6q@d$voJu%RUgl*}l$yTn zDdEq#e@Y2Y&uE$RyYdrv`1OOXooJDn;OaO4f&%M#Htd!JPL-BsK@ zb*fZ+;2huUwWGBHPGx-Zu0ETl4DOeoxF_rWDa9oMT4w8$pT6@taA-{(UZ+YW=z{Uw zZ$k#p<7Cz+GxWZomYU!Ntul~e?v!wn-9OE^`)qT>j1=7h+}soI*{RM82ZDZ&%Ziqv zK6ezR3Of01pO};FKs=SC1istg^}>fr5OP?bb14NDUYa6}G9Ps-oo2a5adn>TQEHK{9&*?$7FZeZR`p<#{UpiuN)SPU2x?D) z>rQZ83GP6G`#8aUl;A#0a33VN_a)oHSkn6w2lpko_Y&N@3GST)_pb!^c7l5=!M$mA z_?6G}+W2kQw3;M4Fv(UY*#SwmD#=zR*@`4vo@C3CY-xg3&mpW1rDoGg5{I?oBwLhZ z3zKX?f)!fhEU)Dz*__NyfOWs?0O$$p+>KTER56LtYq z0G{gDQZCo9WSZ$sWR_b`^E3R_)=u&c)`EppP9a_f49r@7nt%A+gkz}I|U%v>v zFw9{v=`0=!Pv)-fAI-Kto(^w2(eX?of_d{$rIH74SBb22elk>%ZD580E=9+1@{90l z@E-XLd956l>*Orwm*Q;EBUakG!IJv|dxc#SZUVlu zj9%(`=lqf6QCW@o;JroTI?p|zTn78gy)N?PZU=qvTw~7ImQ!d>?^RA|G8-QG6nK5~t@zDg}J zGhWOMf#;XrLCoX8nxfT4Zv#onpbwvGO!pyWIXsc3``Yx`W)1snbBxhjN0QhQyQ_N- zDFOTpyOtcK$qb~=HobvncZ;Xp+X~lZH@gSIv(4UtBtCsyII!>I!d>ueojT7tk3K^k znA_QLKryYb3)xGzyy-*jYWz^!1MV|=saXPZ6z{q8vK!&m_)$0A2&Yd!tINz8Un$jP zc}8zJ$qjw}SzVHN_zn-dOU(!8D7h1iUg}(dX1Kant zVp{}wmo3~0kNw|3rO?C%T88&=n(6$Mm|$FH=4Gf=S!g?2j%J_{h=WhV{Tf`c3^!+I zs88eX;g)4CFnVKKGc?-`xT24SN4~x6&P+p*-{_?~GfPR0HJHE1R2!O%Ug~&EnQE*nX=z*G4m1aY%}|YWlbSxYu1h|(?xow*G`n?uvzu-7(p_u1c~%$O zJln+?z0}9fxzw9M9p1Gt-~Uqao3G|(iRNDwwWf1Qo~q)WK7n>H`i#ELTv@0_1{=L} zbDNf19q#0GS37nD=%w4(#sX3?b>{AU&TMm6kvg}+ z=p9XNK9)k!QARJ_v|bg9`bClIh8+~TaZPOq>daxqYB}U_1UYpjjVYMVDQXk$({%Hi z_UT&Er{^Zh6tc{2W7p!kA4Za)g<0FTFi#(0^ins+=d2+Ys!iCC;OpV?`hqk8YUMzi zKn?ES0leWytsLmx)!-&T?HXtks3|k=J)n>#K&=~Sm#8U83_;KYsAUpu0yRt%pteag z*EM}}4Nbs9?us^nnphKX2)ivOSTBVIuGsE)415UQD&Ht)=+2Y09qLo+bme9xTWqrb z!Y&G%ZGX2-;(y0iS%1qH!xqPfwp~J<@C0n!-zFX{J}9klSRKpYLzHLB1Ldcc<*KNj zpqbVe`PXchORBgD+!QX5{@{qpWzN&I3)H`Gtag0k{F&^P|E{c69#Xez*IDo8PqSSkc8d!g zcRPkjSHZ`bk@I0~6MSuElyaqF6D#cJ3ZDzd*`Brygn3!{8U@MFi!lZ^BBjqjvDD4d6)A;ty?=*{k1wsIZHku>Q4Js;a|dR z+g-MS{DszUtZ(rr^G||9tFHxFxY<6@{)V_iDv>5g?>hE7M>ubgM=LUX4(9{)5$!>K zoo$0KTzp@=!|_{(Px`rhiSrA2skTP#RKv<;^4DNUce>CcEVn&s^Mbbv#dc)wR`yEZ8r*6N_KILLx09GQ`+lv$@$KcwKLVfsPo`k zs70dRel<)~w%Oja&EW6l>#dhsAK;JSdu`_lLxg9+IY_5COEjgG4hOi!{?vJ)JXn4~ zISyPnXQ>C(U#O+Z%gQ!oxcsK7+rNSjpPpd%2rmm)3gcjUcB5^BEuVi4zH>0u+GV|4 zhmHJa_;rvY3BJg2jqP&V0dT8%nXub#u@AC`?H7ZWlBdL*#OtIGc!hpm`jcafW256A zPQkg(dA##US(01jYm_12pXFKQ3FTFFqWT_uEa?vMap!o)`HoC!i@d@4iuO*I{UnuEhjJ zO-fc{k{Mlvi4Z*j6EXS=Otk3FF|kK~MhxDEbH{nbALDB19j?MB8=>5FJYIWDGN+zr#e_rc*Ql6E!-X z9E^^`M2n8a#2y_((c_q)=qOAwqa!g9q9ZWLi2ex^HTonbV)O}uw#Dl8RgCP>e`2De z=-)BTjQ$N1A^KNL(6-$KZ95;6jBTV{WJJmSuo@kL4~o$yOtfetCiduHdhj(&P_zM) z%xFC(LbMJO`?iZP$%v9YNHzL8Mw-6uVocTOAxy+5*{{{2WWUxPCHu7~O7?3rqh!BU zh?4zUbsK4c;x^I(Gopnw6|%7`M#%=H7R|#4?a^FJGNNQ>7)8nca%MCO9~7c`CZQdI z@G`qeNzT|t8e&F=ijmr(U?O(Nn1EX}Oza&FOi+i2NoI%LZb@u^W<;&{pc*9`x??fF4ovY;Q86DO5h}tm#6S1QT z6Ro2X6MIJmCa9y#esMAjk&o~}HS!@QV&nr%w8;CI*dzPxk0fHE$b0x;X5?K=gb3M6 zMjc*qu){+R@*QsbSMi*L@gcP%go)S@#6;@|U}Ep^ix(sk&WOB1Vn$vjF(WULn2{Gr z%*YFv2py!Yqsa3ZWk#MO2P4mtC>=**f;uJ6et7 zNy}{8ei#~cqNocn{;oF46M$w~KPHs)gO^#liDrGf*oPQd|;sKFAtzE~=0y(6?(RqnN*sA0#b8g`6B`wCymYOqpT*_zd(eJkA(&kIkm2fGEB zvSCCF;-gdz;xp0_>?+;gdbtqnEPc_6L=7Las)j=9&`?MP4W-koH9=vp@~Sn;JzKBv z1dr04j?kT+VMGl+&4?rT6sBo^Fd_t>V8k0lNw5bWlLxh{w)UsIrnP7#j4vWFjAK^~ zQZVTl!L54+`8+Lac(3vVAh#E2NYlMyv|2P2N)?TmQBiHr!r+Zgc% zQS$9U96$DOXGO)QPft&{7fV;dJsAzfl;5>DIYmJ5ATo&mK;?v$9oWqb19;e>jn#CR-qkh`{j+0qVB|M1{ zF+7nGH9Ub4$9duLF!&T4f*7z^PZ0AcLChlt$3L=MHhUb>dUJ2v7bZhoFMkj{xgNCd zjDijFqsD;^a$fZ0203CW^|8zCss)Mi6CvzXyPC$3MZS+BI}pKlgGIiMkYL=iSzb8S zgh=_52o4~-@*5!>Kz0S0W>;_=*%da9K;f*BNCOdi%ByChc8lC|sB)5GzbEn?5qx&r zm2U}6A@Vhme-VL41S|WC=<8eLSA+--61z%+M5T9{>cl*%NW?+JPQ*sUibVN~2##O7 zg6}H3@(V@&Oym@iABp@xA>KnMkq8cTyXrB1 z*a3Qy9Vs$_a_%64?^cJnjnYzxBoj%ZEI~qkLTd@(!_TgEA(TO+6OnWz%1-GGldny< zjC(GV<$N6acC{zv#G!9jyAtY5BtRq;i4u~xn~ctt=A}4fjIzt*ilnpk{8&B<%(y=@ zN;gRbm@WG8WpXdUbISgb_A*G3wtX_ccdH@0PDK8|ofeihi?49%U7k zFKrg5pnPGJ81e<8@-IYR89NL)AS&M=`r5e9kTV43TjRJP_emXRvSRf282$&t?=bwg zk#x1(rBXSG2z$^1YaFbOwm-xzCaHxZnEnffKV$e4hNmz@0kGImDlE32#Al50Cpz{r z*27aH`pDJtC94QD9;uesutxB zaK-KMXC*xW8yp3LSySy;jVb3&uVe4x$o<1gbj`ljj zcB+4VRz9-tIr#zjzdHKBb8=X)I?_$wv7N846Kobya0VQAwDpkD`z84j!SR7HJ}h-K zj=Ur%`yHp+lGz3JY7A$I;6Vg3WiaF(BX*C=H34&t7l*aw5=F5pE>}6`8ZPc>%jKpk z2V%+q3`;O97N5mjIf(Kw%*Bvmvc-?$O3%d9equ9M`edgkE>{=K)!CVexkfT1dYz?l zxjH(lO$jZ6OqAtxPsebYbGZq8y0YK4uQB|W^B|UIY<)#e7hD?&JpGFNqTsq2fgkhz z(;**X27c5#2k-t(sE^k5_a4nO>o>SzLsl=9uK}u5?s9j8^#VT5+}g zN^y$)avy-}?rUETkCKk=DRz&0wSAs@kL@G(t?t9_ zH*L-C6VMCayCZ)}0sCmFL@Ebc&hw;;VGH*{X@fLc%9K3PmC`}?&#qI@Lc?BcYFUyCn`hs2%oKyj&9DdvDp>JP*Y z^7nGHqft(meg(JfR_T2uAU!HwD}|+MB~vPux=2=~r&8+v8l1e3cE7BYD_y|t`*Qao z_f9Z5UFptocaZ;dHM%}L? z&dZ(4mAjo2l;@SFoq2M-JV|+9Ip*vrHiMVUC&m5nsg(r=rH6^#m0v|sIju^L@8ksO zq-t0D+A|%mJCBK*)w?Wb>;dUptI6uKmRn1$CDuh?6aPNzoz`2dA6VbE3D)0XjlCND zh)uAKww2pTZ9hkB-@{|;Yx^|Y3Ht=Q%YLEV>N@3k(d~B}aThrrcQ152~`ptHh9awfKnmuK2Ul+%MUhF*SoaQn)OI(sG z-PK!pRXOPlfZ4Va;}KW9wtgBJ=PttTz;{2nYtQwY-YfY&}eIxwU@OE><-CR zyPDkgkG+X(;=9JicjPX0_|;}JJ%o{_1Mom(qh7fcz7c>>vB%kHmI0 zk;O!YSQk`4rtFy2@u zr50I#Mf41Y^cHsE$EC&f8Y{};#E*B2_$|l@tNKw4j~JEj$wkJY59Hp)R`%=n_uz99 zlD}ZzD&~(c{1C$r*ah-TyzEU3U&ruO3}0cPT!Y~}jCmWwV;D0TLww;WcVYau7{Uh_ z+-nMk_&Q-9XktWAzQQQ@c7sAM#NTgW_y&frVf-}weH?#}!|(!(`8Nxtn=!l|!+jX; z!f-o=mta_r;Yth_V>q9M5or#BJ6Nc|cOZoD9SGrf7(W)n3Jl9I#Fw~KfWLcV*bT#U z43jZTzz|;=(j@jYbR1qeiu0%+C-; z1Qmrvz7>;EwpBYOqsXWp{CyLqqRgufj6oq%75u#)Q_p9iDq;)@vMS?m>;h>JraCbO z1zbh(jL6rsD5(&WU6_o6N(tfbYcaJCrn)f(g;Z7X_cfS$9;SLR21mJ?h`+DKRP0c- z1IFOESAF=~z|;t`PEEro_COHS&iH#DCSySownIX$s9iDj1m^6HA>Lm8C;sk%sk>O{ zhF*6HGIB-!1b+|1)XOjx#2HeDqnOAaAt=Y>?U)SAhvX3$^CAAOz~9?2l{oYc#(aR` zC=9n^>X-O?G=?;?-oxLUG4&t#dn|_Uk^EECCQLq#3F9%u0Vz+y-y1RYH5MvRArM=- z{Z#yYDW<-FsUKs^+ZfKk5J$ZG8T>s9L%K^f$-mB`+>fzP0Y*X5uVXj|!!Qfox8v_x z3}3-;K88USx=}pk1sL-p3zbjt_r;ic9sXW~Ayx4+{JjRkh~T~o!D0-b$8ZUTt6Av2 z0)H>X@L3F(VYrfoZfv)_9Al1RxC+A+n7R&suf^~Ph9uPW?6-mv6OlDcAm&_xzwt5! zMNB67cnagUV7Q)z$^#fWFlGmakF!v^4?}ze$vfF^#g3_$V~9MK?!@2Ju*e?>c4J5v zqZ~-s-|`-eKaJsD3=gtUnu#Ix?v)t-3x>qY+c0%9#t`$r!`}xmyb)8gG0dX&-HZue zVR#3I)Ze$@@6R!O2*U?iD8cRqqDK&!@plwM66GiH_Y*91e~KZ=)zcXNCWbFz7|X@ALH+17`}z6+c3moD1U+RC~B&e{Z^1i%Fp?7@oqIj`+I~!v+<0bg12GFHG%;VG;`!3x;Mjp(T$ZVvJSo&SLP3 z&^;c%&fJx1PHQfU6PA*Xck`5}>>=YmA3p`%W$OLL{iU5VQ?QI1)aTnK?o>p9;Vt$K zjJTYynHPhOl;ttY1JX0n7HOR26Q&>ns!DdtU$IZ#4)_5KpTpLL@Hu<{K9K1{`CjV} zpmF43iX_(GY$f23ZWj2T8E31oZLzI~?{TJFaus}|zhP^#odPweFF-fR4>~D>K>w*f zD9tReM|Rt{+b@Ng#1r<1K)2=}FrRqEA)+QqH&A-%2r4^c9VQ2xTx=y*$`G|9;a}j9H zDBu_9sA!0*K@ls%(Fj^KcRDtMVpcJz`Fs!leQva`fmv5iP|*1pRG}^h?W&=mS9IEX z9Mris!knWJ)R(@q9I@O0+EZ^ipOS8oE|)F>HLh8?%4N!CC8E?TE0hbBTBS;vtc(RU zoKmo>m3Zdm<=S1wkk5pD;rj z4jNE*sh`5Uc)e61FMuiabkL+41*%$uU?R@+gF1snsYFoTvPpkRP2iO6-_jS-$I`pt z%IQVWl9~x#l!`z#??G`sOzsjuX{p}&HHg+|%k;l252#8=o{B`pSRsA`zskAY6U4LaWn0&<}v4aDeDdjUw?^&pJ`Oz9R{ zQ!Q^gpE9Owko!dTI?F+YY`-`jRHY7sWOcN^0utCCRIjcAEx_MEjjje1>RwXM(5OoZ z)#Ijxul`e(mJ-IL`Q$Jz=_iG8=fxk! zJpf-27tVb_T<1>?BaDe_q& zI5YMI?`9}Pd!KT?$4HX)E+c;J4Mu#yFNh%XlC_r*g=8YQoa_tY=8!MQmeV6p8umr9 zhU?Ht8qR?IT9mG!t_a~aN3wQ5MOG3SK?M8W7eeNxXopy2vUVpUN!lHZ__doT=X@fw z7)jP}hb!U>?WWjmM8ZT?F_NNP$w;!cmysk57rg!24$6YJ@P+nMmQ56iEb)bic_D0) zFZ2jYOVKW&oa-1#((p$9h_;3<#18U>kbBA6GK|!4%g3kTZjw(!f$)V;1X8qxRN4Y6 z4V&iIX47^3h~Q>avNoO2G$P}Olo5#__foV83?^&i8A;NR!G7%m%CnS69c97s=hLpG zNMfG0k&wnniZ+OH4rC-r8^DNPqtU1xX2_@APFXS|1m7X@B9W&UN!5BWlA_^oNY;8V zl%#cM#IJQ?#Han6$R~^>Ybl7r4vPGX$j^+VYB)Aiv;>BdH7_Gcng_?9UvpyCa2k;g zl*dA-lt?a--i)MbI4Dy>zcZ8^`i+sK(65a6L%%TM3r`_}JWLM#z))(4#$SDm9LMpO zRR07e;;2js{fnXG&{vEkgn6hBFMGW5DvG%VVD$r4zmXDA+nE=)DRBJl+a_8^HECsh!KAXdo(Fz zqsUW~1&3j32*+P)2zxszRDoGSIYd$!S(X|)$Y@Fk$7pis03}v4;tyR-XgiVBj3kHl zFyaf(rbv8HB!zBdC^d8$BPpSsj3kF}q$Y>wFys$is(!`U9ih$sl<;+!HH`9{6uyQb zUl{M}596J@;a!vk3-yJu(3J2dibTmz3SUasZD7P74m08nhbYU%l!gO6C5%HmIgEoU zDH2{niHjNWhvzfm4bNjFHKY;2ftMP>ftwmCrpT^Dx)70&1X1)-gP#+6jmWD+9wLH| ztJL5Pgd*6O)Zhw&_=rdimJ`Y%;wNH7QvWlN4~RU=h(Cml@Q0=n8cL)O5gbka;Gc+s zIAHz3cL+ThA&Mg44_-lN9g$ihV~G?I!S?!t*j|5qBSzMLMFbn_ug8X_gplhgA?*8< z&`6dgC6q@52YO1#fx|x~h;2#<;uuQ_zJPgx_Ypx!NC|Exgx!=9#D=B>v7sqJY-mc* zhgs_XBJu+fY-mdTQw$}Cuw}_1l!WBa0v!IyAr$1~(0IxddteM8luP71A^{=_5j&D# zGm)Q&d`aYEB5x3Rp2#Ca?j^!TT0}?=8U#t6gKG(`B61OtSwyA~!C{;nEG3jfq&E?& zVGuh#IY>3E$G%Ul{~oi{e?|nK9+Bkww+T`e>z^bBq>Z%7OsR( z!Z&|-EXI~hy;N(!@U>o9h7QL@-U zL*7heU;iNeG?|H{qd$EGV|`yGtG{1AeG%S=j-mBE`xx2~{q%*HN~f&)+Kt`)m7EgW zGB_tj2G;11P+xXPsE8dBA_Hr5NT@G6Bt$0F=#Ws~bfdU0of9L&YII1bZ=khZa7c*E zrO_dwzT6=pvYJMRg!;xG5`xozWI&Bh|MkVwe{fQgOr@>G(@uRo3s5U zGr>aaX)>4=t1LSLMrH$J5#q)b`sw+2c5K^3ETNAt3TNeNg;}=UCT~lhA%$xfBBSWq zJ^}YdEhly1R2JFIq^kFcuR8FE>|7F$dZ!ypx+~ohHjUIz&%&GUu;I;n8{<3s2StZ; zS9AeRk&!J*YFTgN_$?g^z&rG5-h^gv^rC#4jBZjt^`?G;b9!^Jwy|@Ifvow(#d!s_ zc}2kgIhaEH@6GX_Y-Lg-ddD{c_+L#2>Zk*HV+TNmW^!EV%~(vfFo{jQ@hB}>!Q4z{ zPG zR~aNgI$2cR>@*a=GR!!fE-g3u_g9YZo72H61x)))^1HA}e2cu=5KEP=?rVgguuv!# zoaP^l!KKO!kKT}kH`qjt$co-ks+61i=nWmQ6?7Ok%R8}b*_u_W>T2fIE$yo}kp0S0 z*hg7LN|}-YgSVjrUO|JmKOM%+&dn{(&B?E=mGy>1jxGJ+;9f%lMi6)V$8&dErrtna z&G(GK`}FrkGsY_itZ>$}flOBtLo;E-HIR8flBP^!$p{5(Nj8uLOX}~;036B8$;++H zE`aN0t}2;eUa)~oR+0c@wh2H38Lgx$X2w_1t2dAhOJZFn8JAq7H#mW#RarQKC#Ihedok>P4iG%&(Ik>ThewsXV zZ>4th^F_y2C@F$X2GcD*!&a$u6+r=Eta}h>!(>$|^&qd^um;rES?R{8@$lr>1}#lT zHtnUBX0e0sCDESal|xqOr!-8{$yRBW2TZOiQxZ02=?!#JdTYx?V6OGnD3}gj&lsG- zF*wWEeR)#H$m+UPtD%qR7&&n{t5Zk4flh~$sAUCOr5+@U&VrL~frS%avf}vy zHKw!SBrI96Crd*f9S4uym`Mwr|Bgk75W$rSmMR_C*zJo+)UDant$A66bvd=g^T3jR1Al-&n~mMxT=lc#tG^|rH}pb|Ur~oQ z%l1VFFHpX>2{y`@L~ z@48E8&eDg1)Aax9Ej`leE*+hv3se99a>p0*Y#(WLZSQ&ko!gUVdvecr6ujGW4*FWY zU8Gh&MP(Z2GNw%9T*j1XoXeOpjdL?org1J~$|4%)Gp0=Ae8!Y%oX?mtZ61HuS{`sN zW6HD|K85oiQ>JnLW6HEv|1sc;tW4t^$dqZE1DT;3=Rjtt*6KiJP2Et9^B*%*t+;V@fr0GZVqlU8+rJt9Pk3o(GjY7{`OLJQ%}+(L5N%gONPAfb&IG zs#WkwBY05W28L+Ec`%Fz=kuVf4Gh+X@}QIlks&-9%!5HZ7|4SGJSgEoF%OD(P{@OV zRuHKhtmU^N0C_yfJd63D2er;f&)|UYKA{(gn;gfpvpcfB%@}LI~ zy7S;X9(3bDR~~@MVyiE*fm&xiDT4={c#zJ6G#&)nzyK|k2Yw!;@E|$ThDx-KJn-?L z0}qmTkiY{k4?H|jd7!j`NQox5p%P8vftv>|9yoa*^1#6ZdmAX$Y&@{W0P~hqtXcRZ zp$!yiCJu!D;=!LB(99eN{mz5mcq20`bn|N@52RHIye;XK~-N1wEd2n4Dh>Xy#ZA0bSH9WYQ2L=!J z@!(1x?B&589_;49t{7kvTdrNfCtc2i%XqMp2RnGMod?@^u(b^g*S7FrGXpV+9jY7d2lfg*6?684_5JDWg9p@ zqOIVNwwwpcc(Ak$6ogLj;GaDBj0d0c;1eEv+ydZ>sUY-G3u55IHjp3sfCvBJ!TUUT zuMOmd-sQnNJb0T2#}UvMQ(ovTKIu&!yupLldGHz!Ugg0nJb0N0FY(|-?u#ie^a7vs zJP)301G%ARd2o~mM|ki|8^{Sg&4Z_S5P6bEPw?O|9z4o}C=VXt!NWXwhzAey;DJ^U zsmlr7---Yn=D~eDxR(d_w1Mo<-8{I92ZwlYXB)^0-9aE{6+D2lLbvlt2YGNC4{n7? z%Nn*gzQQIeHEcm-j?&F>LVZi{UC>}q>*_oT3yL8md;nY!(tJc*rMf)oIvZs z04#458%IYdV5qKvEM?JpMo#>K0IX+_;VfFu$ielDtpoLj0<7b%MOeoiatBquKxqWe zSPkU*O>ool}h;*Wx-a zZyqoYHvk$YAxDX0dBibTr6VhWB*uAx)-C}tCIf)9N|(p2(v9VMCNI7%z=JXN(QK8J z#5%8KnU2i<5sUK}&&l3jEJAeGx9pSj*Bhqe9ccZrz&KH_bY;tN(=e8LBp)THQ$cQa zE%?%4Uc(xATZ{PtwvJh044$IgZ+QBt$;Q*SD{3?&q)Y?HhF~?77CyS`4YRP&A;zwy zux-Zt6^_#zXiFs~4Sp!P95cnL>QB)d$V4DXdfr)*K3#8^Nxee51O>+Lnlc9ZiuOBb z#1wdq8J8)UiJMpJ4dg-bvgz1|`M#*MQ<-lmU=AFUP3uhRrS6yA54!idHFu4>FBmhk zxqfsUciitd01A@>9D@BYs2I+&MyyM%vn-z)1?!ayTzW$gYj9Z)BV)BP#84LnT*lyk zxE;o{)@#qMAn-K>;BJ!x}}OlB5&4d(`>rzb~mpe?$ov2sUkQMxl3S%zhjj1O1>VeSROB^9icx;FmoTILzpjz8e^r!cpe zIeUrcPfJRLP(9-B>yrz=D9>a#l*42MHtHtn@!eeX_IjiV9ne z$me8dI3HPb8@n?!P#E>R)Jfa?A)T^!kS^M6lN8=&1X_> zyZYp3=I23gouj{6QiciD=l^|upixBy=V%o;5z5KQE6O@wm|w<9;XE|FEGXUD)h92r zIIk$@Ts_~CQYKUn{k!^rN1ptwY-ZR$oiiGOIxcXGa3vhO3K~_HKG_@}!2b{%#W3uc*VRZp3g&8qAmouAsrHfHIT(+L0 zf_eExMOo))YIY{26bRM%aTRRWf#3`yr?SI}};DYM%uw$!N< zw_{XRW=?T&@wp!2ttmov_TSVew-`L6fIqEs)+e_xk9kcKR%EeKxQD_hSNoR=lvJ1n z649PNttnYTb^pJwPi}TWUT*vPu$nTd$muVHGg&E|tF3gmQWDP}$PaIztlah^uQer8 zsO}e6pZMofZc!$TUhwYIuD_rZc*(&FxgU6t>C1}YJjndvR?6B{s0btvz5&{QPrywm zrLR!kC$2*Ak_~yYi@}pl`^PS%6lB9QtEi6<>CH-6&?Z1opLAnPcO|vr93E|0k=c1U z`R$(xttq{Q>Rwo}wjwLX$$@s2rYvYwJd{xtbyKbAHC7WO*o5j!r5c~{Gx)o?5w%@GKf&B z>8QzkjXB6k(sQm`TzgDMjgAMD3}f&CT~ON;6TvhYb2#2YQVsj1^}Z;t%w*sFrLv~eMTc`7?H#dM2Ur~ zyjVP4Rnq>dMp8qhi%Lk$3-!kHNX%zrpABSUKHM04sDsA{9a55`{cctUTRnOsIU3P( zW4Tt`(_vC3w1^bRs0Rl!Stk!8u?TTflHS;vWWAHIW21633X46*Kv}IZ1M4~@Rvgm? z?5sDE5?SnG|2(~sbmU@sa087G?^LGs(;L(9S`zMoX9@REy^&PT)=77vM+U8;K=6N_93p_uGP+aoi~VoIZ_=i`x)C7quXJnJ3L&-x5Slo zhIh9zGP?h;@*mc@#n{RXQ?ZqUjcXoO4l==~wPh0gK}_(IlC$6|D{o%yd}tx5;Ke%2 zxa1Kf3|&LZ>J&Mc$pfvU$0Ec_XX}l$hQ6i0@ytG0nacW8>SNd*Rep!c(F*#8uEyeP zlx{}<$CPDV^hSR9e6U}K9?qrO(qnJ1apW=OVT<0FWAwdNN%8d68?&)PM#UO))8k5) ziE)Dz>eZhUg+WXdXoZ|aVNkp%Y^&EB$(_(%(l8z5i|#zEd}mFUZ3|2R^II0@G3R0D z)y^%>C2**=hwV6=`u$$oWOO{DbP=V+wguwH;>S$0af{hIQg0lKP0(#v$5L9_`ScB? zr?g?E-bhQwnz z(H0jqdPsbupw`X1t!sY{c)u zfh=w`(w<9foUvC6?Ud2uV{psk1FA+FW>mGo@l{LI8)@$>1)D!O=E%il683}9ysmT1 zR}1XHK*tE^!7v2hh^ei8zj=h-I1VLpXCx-9$L~%XV0`v=f-~xR1DJW9JT1mC+~D z*RLvXnmy;~jdPGMgYbT3Y$dy6hh=M*j@BD#uSj>sQgCei_^r~tJVkG${RMiBl$|v= z;8jE$4f%APeN4^bMYW6INI}Nfnk9AfGAb7>uXA)at!8_j%O?O=`PJVt&y<>#n0eK* zH7jfDRzZi;>MwOq853qY+!2cqfu}RE3B=Q(jHk(g`GtA&iVA8VH@^v1=65VMb!T_( zQVw^f4H@dsq4E9cxV*jC@~1n72Gn9x%I=}Q#4F$~v8yh{;7hV1>cr&rWC(cXk zZqG5V?E_WQ$0o6_nCSS$@v-A5_+{4|b%MqGrTK01E#_tB3P^s{w9Q;(?qTj|wwX>N ze#~@-$uJqLlq|s#;<`#G zyDZ(<^(`K-YNQ5a7Mw8XgaIhdy;`_xXr5IO-yO&{i0?=_CDQqo}p&_q)QDsUKZ zDu;DNlfZFm7;vhI<_W~9Va9%+3I}7F;CmiE!iZ190$D9x34Efd0r6=V$ES681@UQE zJfFOJBTXE9$c$n5CA_1P-l$=#_t9%`7;{&)Z1G~_jn|bNHb-(t*RyVi7jB3owjW(? z{4-UZ0JEwf-xfB+>-h+A^HjZYEnaw8tR?IjcB=uWH(bWyZ`?{WBTfBWkX66QXMRUe zPpDnMgp8P>b~AD^)Fg}E)G0bTL)~ibr8m(;kcuhyj;dL?l$~^1)m?9*spb%@Svfmo z<4@d{t2fcHkv&r}euOW2eYtuYo0m1w2QYO@Idn^Q5jX^FO6F=_&bo!Zaj9F%4SNq2 zUj9w=i5sg$AbWmJ(cGfig4zyxQwQUp-zdJ3dQ&3T59RUw;M1Gv8<*s@yj5PeLJFOw z+C^Pkj+zz*Xj*h=k-`T+<)X<$9kG_0>oG3ssjdN)izbz?KXgTt!bgak2Ix&PUb>xp z_m#7*_`vvVos<@>>8CzvE)wCXXMzju+=asf5aH$`%Ke#olM5rpQ56KEu&3HNm0b)g zq3o}(-bAzXQL#ROV=V0SSrg6B=@~T~-=T%AEDY#PGPYA%`ry|cbbrCPVU{{5Y2#wOiQIc`qcSf*jUQw8P}LuuFiR~J{L0RjFDkfwE>mQhwvOjzvzaMz_rnWFqAQHtauu{XntEU(_Rfs) z1N~6mQm!7h0#~}@1;oS(`eGk+DA8+d9i=9g>rFI$pbAu=Qb!X_F=%X6(95Bt-bB+T z8Z{MxRu;mj>1}-OQ+;#wCR!$-x>v;49T-Zh2K4l*z^4~*fIs6^!DPN0$C3(hBglML zY~I!dMs+}aC@PIncbJFjP5caPq`#})L^CdW^^UYp9dkj(@Qdq~uFjaaX6`EZK3~3i z(XyrRsG*tu5aX{7Dye65)|)!>_w=vRn=(i&E{bu~KTcg`PTf5;2@b+G(M+9KHiGpT zEwoU(N5r=q?wF6I)5C3~cha&Y8I$W4uU=KVa8X9j(%RWWD<{ofv$C!iQ_x5;Z!@Vs zs-LO1fZd~yr6<68(>7_6biUNjX$OnL?{yFlip#(N(I`iW!(&@$n`$e!{%jOgs;@&= z)1-l9Z4}CyoKsYoSCd_nn{B;DxRQOxbT+1rSMxw-CSnUOBX*58c0b}PiM}^pO@|%) zrU}$~(ncC>9O)npG=@x8MR+39w1^r%nspb=gJKclrO*%b6}`C-c{iHIE$BI=7^PFx z<511996Ltifl9cDpEZs4Z!qgkq^fi&O_xUtM)m~tD&v=_>g;}c(EH zaU`ZrkKI2q4aNwJ#P-}7)5;xaM+II)?HI*+mFA$-tE1w3b#oWJiF|+V%*XqT@L|vhAy(iDp++(~gr7EE;zsaolZ!7r-Fwv`90&flH?aUOBxI66B#_RB$=<1_Qq=7Z*)=BaLv*=v-}QI8Aesm87h zFFQBcL=y=T?J+3YQa)@_)z%c`=eXS-WBvWoerfA0y=f7)YIh&w_bPQrv}~@LY#pLE z(INnGX!JQaMC$>>q0z{pOZ29NGzyj&_smxN886OPM}ch7mn=1WENeJ@y2c{JO-{Xu zK3TV0kg;RAuceQoO3$c&p?W(kBsS5^ixxk|vZNXo_ zu#Ppri|Ex^dQ%PZycgZayJ+pA#fvYht6RRdW_9ht3cYC#)!$6%cEh#AQ!*KzF=sFQ z!u_hbz8k|tpJtfEt}*fK+M232RbkP)XaJ7!MF-4PWwxl;M6*E>{n1SHnWN?=e(E-w zi9SvKNc2ai8-I;gnWN?=QpY3FA022Nogn&CjL%1@9U?Bd%Jh=})9`U}nVb)%;!v>2#4SCebpNBl_G^EqrdUW+wkq)o! z11p1Jc!gdH)|af0TkioIjeD(| zt&6R*trM(4@C;jI?PE>1daYJV6BreYd}=vndCu~PmMbh9ENd)(dv-Pc=&JgQ z`nCEYysw^7A5d>ouU2=c@u!NN%I{z)@ryNeRpBjdYT8xd?cAxFsxWu5qbkgu?5GOU z$qx1v%l`NhxFaN0VeSY?{Ehf)xcfxTc_SQORblQ3NmZCTLQ)mxj*wJ^&uRmAo}?{Lxvm^)8W6%Mvlb!M15Pck#iohO+Y=FXGM40Gp6W`wyTBs0R? z5t12U?gYt*$OPSs2a59E^u@SubT#XKnDL17!194_ENJ`eJE5Xo&rlfv0N z$l^hN9^~+#9}oKSpbrmv^PpENh}2CA_iRM~dhnn-56DLaIF$!}9;EOfz=I?nbmW1L2OR)_3uKhQ3E@OODS-!G9(Z`5@<8E% z%maxB?lv$!?Bbr?M3 zcOLx4gI{@Yh6l|&Xo>;${;AX&+mgm<4Lmr_gI{>?a~l||{ltS)Jou3ZCwcHa1F`qd zSnWT2(sw-gHxIt$!8bhkng{>l!B;%^k_TUK@1L>S=X}zMHZVr}Cl5a3!KXanP!DHO} zXQcKhpA_Z6BRqJR2M@J@3$zD$@Bk0)=fUANP@zTchO&`*w2F-;Ci;cMSpzCbv(G12iNf6>NXIm z4jXN#I=qhuSMlIV9_;189v=oV0uhcJyzu?6O=8T7tKk zt~6b0T4}1mg}^t|htyltJ*uuQSC=FEY$lUhY>BSepX zBE(Ba=uNcgw3&uvW$P-3!+6yvdvAYkl?ulin`p;r1I_3wX?6YU)#_TXA=$+5J5~B; z=uNTHW3;hdY3L)Q^NjR$YR}RXy=g5jQN)tY+Vh6h2-?u2b&yK?gu11)*S(7AgTUI+ z8pAPO?J}mgARo>;%&mca>891(ipMy%;z8TC#D{V5D;}HY=}mNyEVf)a&KJEVtWLqj zKH9UT6_2rO#Unc#Zou!=j%6zzv{y?j9%IuDeJ(BbEyaouf5rw{m$YETgEnJnv2QH5 z*hhP^RMWBXHH8f*+MK1Wsj;nFQ?lh&Q#au?6F7Gp4^G~?gZ^pR6nQ9^+V|Lhm)->mwm_A3ekStGcz^k!PxpJ=?XT20wE!|U~q)0=56U#I=tNlfYI{62a! zt;u)AkGo0yu6d5$Ol$K~Db4tJS7LXo^;*+JCimlDX|Op1Sx8HR6LD!UQdnF!e|}Bj zytTdtk$U$$Ge zYo<*ws{h1*Gzb+U7)NMpk2o?OIg(O1KYwn~{KA6y*?Kc+6Ot%SFlr)+=Ot_$tT%VS zXTjDb^o5OT!$xR+B4`rTBz|C)HZ0VeY2R|wP}o;j53xhAPUFRSiT8Q*X3{ydmx`O^>MwXFaC+>CLnSJ0^C;()o#H+chp!3;EHFNdm?pWl5`G$EFNuG;YUsa6AOxYiO^8CcV+#)-G-Rvwf?UfGuJ>aEft#gdJ zUp3TS>Na)5RWHlk1*LKCq{Dq(ZEjEYZazG$H#jZ14?KZv0{1R6o#p?N88EnH8LXe_%^7>#A8hgVW0*-{U$rkryrvWAgPkuX})P7ha6>`aUe zk06pwB$Wu-&hDh0LZqR!>`oe5$?l|~dF)Oa+9vO$ZJ;b@o4k{TM!Gv`Xq&u~)|b*c z5{a0QhR_Oorw|$^?-Y89B5xzIiwN4T?-ZIxXe^N;BAto2kpvrwoFMWFkq3!fPXxKv zDYzWXy>|*yvxCDau|JU%A{Hd|XwAG+{XYny9q{yUIYa5;EFx%^K0Rzhr2RiEh@}1ml1Tk01Yaa_7|CjsmOywELxC_hG!V`w z)SpNvA}FMRu#=D#iFTUENg`<8KA<5l0vh&mKtq-Uv5zvMZq8e(w3E`*+XdMVq4MTq-3Z2AG2!y^Nh=VH-I!*}3SRnKS zp}UCOLS!$I%ZXehT5i^qd zABp^v$j3z9Bk}@~XNcT~WHt7EY8Y;Bu7o#81&d7$=MV`Hu^`d#sh6r@p{W{{ma1Vf zsoFJ^fL)+(#n(r6uT`H!{S zQf?VwIbq2HFLmd+GcA5&r`Pj=amwonMCT=V_JSdCV`yD!_3dyEvvDNJV~iBjfeaFIz%_?-r-`zc>>)^Fs6$#>q#K9oF}=+87>Qlrcsuuu4FE9 zGDS{u_2VLOz=-mAR~Z*Mj&hE5O{K_QctadiqCCpAINtGvDA&5~!mP%s?cO4X>k|SG zZ1?tdxPLVwG-zPOUsfu{H{4xO8Dfls%}dA4_zP`H(djjP$}{|iu4+9srbCLDFS8bLRlWBELbI*itkFBVxlbgI=0CVP!@wC0}4|4FM^$n z(bsvqj7XR~*5o%duwo)a%MHnkVaVO5ii zXRi0&B*<4AN3WLCjrBKplhfsg+GV$+;M?r8?VxfciE90RZy=!D$>q=}M@WIwAutUw4)6C4FyF+cRW}$% z4#~FYz5wS*yRvaAI29D&Q>Bj4^^Sz!*;-XI>A2C%dkUL*7lL+9 zGby^!^lJ*6C6;ru#3|{Q0HTE=(VXa?{5tIDOoluQ!)s8+OjbHcW{rrd_`%F?Zi5K4aB3{~EZyt!nZysdqn3{OZu>I;irs~b4&$c917%pEl z{p#)1S#RbQ+ot$6y_wXKb<)6|Vif-7T?T6|bbydnu%_@USkNHSR3&ZYDaP^NyuH{e zO##-7R%s^VD$STyovmEV zrkYNQuc>T%8rD3nHQDy6PpWsR8IsF=#{I4PA$tY5c2&XQ>!-GA+v~Op$a23)Jz#p) zbdhO>=>k&`9FO*}5moKq)=O_DJ7IfBZ+m8|)x|efNWG#P?~*RE_JD@dGA}iJ1~eSh z(V(3xxpvM-H-7gebo2Dkn|X!28OC3!si_eddYs!P;2A9wQ>V-ThZN1U`b*525tv_4 zR9I6puQnH$LkqsdoEaQ*XvLS9Gb5fkKD~Jf)(+Qilj>%)F5qropf{7@u&ag`qpwOF z68+4V(8UI#OAEqulxT*brY4-1t2fgsaIB(i94z8`dxp3f1|O+6?o33PpJC{k%9GKq zfrOFZ?524EjuCyGao;*Pl({QCVF5f_cumI{aE!mX4$CA3-5Ewwr-ZywZ0jQ#x=wvd zJ)o{ur>Y66S=ldLC`|{WiB3snP#hc!t{&jdAMMi>3Y)+Q^>T) zG!0grps(*`ecjCh84T}Xv8NYCF6l)Mp$glL()pegHjw6GHE1AB$AOgB+7Zxl(vl=r zOb={7Pj8-$t-Epn7Bsz8c364QCSO7m(`0NWrAU&UX*g)Wrerf|Mp9wZ*r2Jxo713~ zmTv5JB;cSSJxG#^X>jxhEGgB^%V*C@Qhg-3n8wKk={}NNOgo2MOvM|~y8g6QvDgZ0 zV^gp>yYsO*(_%-YjNz%0%AWix9F%S*i-4CB>!ukux)VMIAt9~TSYw!wOvHP{BE*gT z^=8rp-%7_srr|D6biAAp0fP_C<4H*R8<9E?k~z7sa24t5ErPwBW?m_Lnt!O?JPu1< zLsb-v4;%@3nJIcRse;pb>9n)fOMB|gq!Laee45=@;Ydhj-8~wMqVAr`x;rV-!d|%Z zD6R=p*<*7KMi5`8$MaQo_A@0|7YMMTXQ*4nU&L3$InKeN$$A=8@ZYd5a1C^>aE^C% zbGe-FseRR`y3Dy*tyZhqJ6Y|^LiQK!HOJi9nxKpN88h-EW~{TySg|^gZ5#?qqk&zt z*R~^KoG43t$jIm7$@+A z%*?x_+pJbKYN}$7nrTe7>ak>!t(o{Jakmz){)pP>Al_$atCgBn#Rg6UuZu;9#*Y!$ zHnCPF{I2e)qDttlL5Vc8+zNwVyR$b+dm_sN_R}#X8s=)lYf5nFaG&7B$*D6l%n88dSk1 z%Ng1OqQ_SidwdmST^ZERkO7xFYmpDLS|5G87kThC&0J(ICZ^Rt30PXplo#>a9-iOMBL^a1txMkJ3ZoG;z{u&tKUq~Tce*L=Vvi9 z9MuLh!y%|o8#nb&oDF{lX7S!8!zVRkp$;tY?CF5qv|b9&j^1Rz4|*WWRKiG}QfqyUx`J{?L0lUvZ8W zzZWlJ9W_MsM5^O#GNEO?>lekFugodQ1#^yt1{cD z_iRH^m^UBJ9)n@0bCgnCSeT!iJ4?{2SSg&Pu_wyqI7?$WB{_weu<@Q#(7vSBlq#Wm z=HJvOryvt7#uc_R&xqy2(ckRC?3uzvGgv7@phsioBJ<{Zdc_;k%Fh8CYG9nPy@|Ni zlo>+x^#8Fw*(Hz{zSY6DR2+XW1x&OR7v)bEmP})%oZnU-^8!zwcJ;~5EGjO{JBMMf z{FanyLiNVs1I1+0vloNTb2zr z<5r8e$8(jE3rF9I@+S*xC$UmEn}c^R^t7`%m=E^x@`}%86|6O7 zl2ASI@9P7$+=`0gr4agy)f8;=bNPd5%iuWas7=#gBY2 z%nCQcluDs`TwJBf;~M~m;PSx&V|z}qQox*AVeU9Vm&f{{R=T;ZT7NF~jBHmUFii(N zcMf}ec`Yeph3YYJH3BQ6{j#(BwV9PI0;`b4#pkdK$4Y@wm{&YTIO`z{kJ%M!vTXg* zBw80+Y^ByGY#DH%<|gZ6>)X~J*&}t5)dOEKqy<7>G1W%+%0#dYa3&2O{`3t~9cX>o zCF*BL5rVWBs#~=f&hXkE)o@VPB*B0DgSS2Dz|h;in!WAwav=#mh)DT@K8UJYK8ONP zDN+KVcTIKtyXL9^`Wdnybtv{4BXtmX6Levp2^Fq`rjqKVr)6P{ddLx zn;0m3y7l1U4rdk4A|34QH=&34xk-ITJqRmp!&FuIRJmPQsgx@z@(=P+`AT`AJU~{Y z&!vZ?EwBpL&)w{P&b`|`)7{p1edVCJApa3F>oG%D<1Cvpc?}j#*xQm7ZlW$ zQ004)TiD;l7;y8lIXPb+TV##);$Ssb2?@79D+KeQT*}} zuhWvVKVYQZ#cuJeJHe8>Kh?P8P(r@j?>3puqFEHPQ;k!H5;__g_a=DFDU|h;o zD?;R`2WO#`%ZeN-Y7xG_okBw5AN+%V^^ec~W_I42>rJ=Y?c{BReidT9H@*A3S>8l% zoL74axMg{!r>iH5JvI5cvm<<(iPW|!yF8R+8Y@S_-GyNSHWyqNW|G@=i@$98Or|Xf zE)O%&me}bt6Ksy<5vt92d)&}`pHG`{w!|(FGuEAUmip}6nK5ojp}%QmGy2}N)piSW z>C8mWGvO_Ewjop*D9rh4m9-GRjWN z37(cNxq5EaejmLZVl#0oS;5g}u$!Gn{aFX3Xpk*py-3kOTf~SdO0$`;d0u`xOsX8% zP@6a014aHAZ3eirim4?y%y^UHHY%3BC%Z|-{y1&=OKH3|{p?Xm&8mgxWmk$wu4pg* zgS;^DT2nV9&pSDyH1a?GrTHK=JiKG*TS#a?`Pe=fjq#X(!*~n(!LDvK5##VSj)4z7 z)hKMl%iKV#1~CWxH$we@BUl1?el_}II6eYjIIq6JA#k@-^_>%N)KL;&As=s2A%Ed3 zHZrR&q}j^Mrb|ax0{0!!?BP;t@iF+O0M#7qJX1aK3b>!HT7?1l31cx3={SYS7>ssU ziC7s8w*XTa*o5g=hLczU_N{7uk*dW+KI+v~Ne{v>()_`u!$}_`@(mw40yW9Y@eN3O zh(m~v635_uEX6dQ3nPw3-~tR42M5+7eu8%~2|w~&ZQ?9^P5Lq7xBM>u zhu9Wtcup?qdLn!G)MX@t&rH?#U>23Za=hv|0hL4|6?r(rNfn7BAXCp9E7givo%kDe zVm4aiOYoVyI*&s9j$-_Qvnaw%oW|cM!9JAY7WN`hu73fEOPGt>*n*b$9M9qc9ni$y zj8ZE4728S6v0JejxscI@KnCzBvayikq!aTnAA2CP^C4bD{QwVNU?yf@5q4t^C;mlj zLE|Ja2+rYW{DLcZ2Ul?oX?Our_jLqr@bD+5Lat#qTKkvi zfkalm+J)!P0qxNdDUi$ZB;pZ+1*nNm=!}c#j!^W#Gw6fQ&=7HQ{i8^{hUd|Y#!HC_ zsDj350$KI4Vp;Jj9E~82$D#(J@f4)-I;e}s5s7+`4$2HZfx8`+&P2)emtNA7;0PpL z9}Vb;tO@C@R4ffJLPr*wG%mfD#-(#|Zc{uBsZ<)10dTI=Ap>&GlV@ Date: Tue, 7 Jan 2020 15:19:33 -0500 Subject: [PATCH 32/44] so scripts - elastalert dev --- salt/common/tools/sbin/so-elastalert-create | 1000 +++++++++++++++++++ salt/common/tools/sbin/so-elastalert-test | 142 +++ 2 files changed, 1142 insertions(+) create mode 100644 salt/common/tools/sbin/so-elastalert-create create mode 100644 salt/common/tools/sbin/so-elastalert-test diff --git a/salt/common/tools/sbin/so-elastalert-create b/salt/common/tools/sbin/so-elastalert-create new file mode 100644 index 000000000..2134bc8f9 --- /dev/null +++ b/salt/common/tools/sbin/so-elastalert-create @@ -0,0 +1,1000 @@ +#!/bin/bash +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# Original written by Bryant Treacle +# https://raw.githubusercontent.com/bryant-treacle/Elastalert-Rule-Generator/master/so-elastalert-create +# Modified by Doug Burks +# +# Purpose: This script will allow you to test your elastalert rule without entering the Docker container. + +###################################################### +# Universal Rule Options # +###################################################### + +################################# +# Function for Main Menu # +################################# + +main_menu() +{ +while true; do + +rule_type_select_prompt + read rule_type + + if [ $rule_type = "1" ] ; then + rule_name_prompt + index_name_prompt + cardinality_rule_prompt + realert_prompt + filter_options_prompt + alert_options_prompt + final_prompt + elif [ $rule_type = "2" ] ; then + rule_name_prompt + index_name_prompt + blacklist_rule_prompt + realert_prompt + filter_options_prompt + alert_options_prompt + final_prompt + elif [ $rule_type = "3" ] ; then + rule_name_prompt + index_name_prompt + whitelist_rule_prompt + realert_prompt + filter_options_prompt + alert_options_prompt + final_prompt + elif [ $rule_type = "4" ] ; then + rule_name_prompt + index_name_prompt + frequency_rule_prompt + realert_prompt + filter_options_prompt + alert_options_prompt + final_prompt + elif [ $rule_type = "5" ] ; then + rule_name_prompt + index_name_prompt + change_rule_prompt + realert_prompt + filter_options_prompt + alert_options_prompt + final_prompt + elif [ $rule_type = "6" ] ; then + rule_name_prompt + index_name_prompt + spike_rule_prompt + realert_prompt + filter_options_prompt + alert_options_prompt + final_prompt + elif [ $rule_type = "7" ] ; then + rule_name_prompt + index_name_prompt + new_term_rule_prompt + realert_prompt + filter_options_prompt + alert_options_prompt + final_prompt + elif [ $rule_type = "8" ] ; then + rule_name_prompt + index_name_prompt + flatline_rule_prompt + realert_prompt + filter_options_prompt + alert_options_prompt + final_prompt + elif [ $rule_type = "9" ] ; then + exit + fi +done +} + +############################# +# Rule Type # +############################# +rule_type_select_prompt() +{ +cat << EOF + +This script will help automate the creation of Elastalert Rules. +Please choose the rule you would like to build. + +For Cardinality rules: Press 1 +For Blacklist rules: Press 2 +For Whitelist rules: Press 3 +For Frequency rules: Press 4 +For Change rules: Press 5 +For Spike rules: Press 6 +For New Term rules: Press 7 +For Flatline rules: Press 8 +To Exit: Press 9 + +EOF + +} + +############################# +# Rule Name # +############################# +rule_name_prompt() +{ + +cat << EOF +The rule name will appear in the subject of the alerts and be the name of the yaml rule file. + +What do you want to name the rule? + +EOF + + read raw_rulename + rulename=$(echo ${raw_rulename,,} | sed 's/ /_/g') + +cat << EOF >> "$rulename.yaml" +# Elasticsearch Host +es_host: elasticsearch +es_port: 9200 + +# (Required) +# Rule name, must be unique +name: $raw_rulename + +EOF +} + +############################# +# Index Name # +############################# +index_name_prompt() +{ +cat << EOF + +What elasticsearch index do you want to use? +Below are the default Index Patterns used in Security Onion: + +*:logstash-* +*:logstash-beats-* +*:elastalert_status* + +EOF + read indexname +cat << EOF >> "$rulename.yaml" + +# (Required) +# Index to search, wildcard supported +index: "$indexname" + +EOF +} + +############################# +# Alert Options # +############################# +alert_options_prompt() +{ +cat << EOF + +By default, all matches will be written back to the elastalert index. +Please choose from the below options. + + - For Email: Press 1 + - For Slack: Press 2 + - For the default (debug): Press 3 +EOF + +read alertoption + + if [ $alertoption = "1" ] ; then + echo "Please enter the email address you want to send the alerts to. Note: Ensure the Master Server is configured for SMTP." + read emailaddress + cat << EOF >> "$rulename.yaml" +# (Required) +# The alert is use when a match is found +alert: +- email + +# (required, email specific) +# a list of email addresses to send alerts to +email: + - $emailaddress +EOF + + elif [ $alertoption = "2" ] ; then + + echo "The webhook URL that includes your auth data and the ID of the channel (room) you want to post to." + echo "Go to the Incoming Webhooks section in your Slack account https://XXXXX.slack.com/services/new/incoming-webhook," + echo "choose the channel, click ‘Add Incoming Webhooks Integration’ and copy the resulting URL. You can use a list of URLs to send to multipe channels." + echo "" + echo "Please enter the webhook URL below:" + echo "" + read webhookurl + + cat << EOF >> "$rulename.yaml" +# (Required) +# The alert is use when a match is found +alert: +- slack + +# (required,Slack specific) +# Enter the webhook URL below +slack: + - $webhookurl + +EOF + + else + echo "Using default alert type of debug. Alerts will only be written to the *:elastalert_status* index." + cat << EOF >> "$rulename.yaml" +# (Required) +# The alert is use when a match is found +alert: +- debug + +EOF + + fi +} + +############################# +# Filter Options # +############################# +filter_options_prompt() +{ +cat << EOF + +By default this script will use a wildcard search that will include all logs for the index chosen above. +Would you like to use a specific filter? (Y/N) + +EOF + + read filteroption + if [ ${filteroption,,} = "y" ] ; then + echo "This script will allow you to generate basic filters. For complex filters visit https://elastalert.readthedocs.io/en/latest/recipes/writing_filters.html" + echo "" + echo "Term: Allows you to match a value in a field. For example you can select the field source_ip and the value 192.168.1.1" + echo "or choose a specific log type you want the rule to apply to ie. field_type: event_type and the field_value bro_http" + echo "" + echo "Wildcard: Allows you to use the wildcard * in the field_value. For example field_type: useragent and field_value: *Mozilla* " + echo "" + echo "Please choose from the following filter types." + echo "" + echo "term or wildcard" + read filter_type + if [ ${filter_type,,} = "term" ] ; then + echo "What field do you want to filter on?" + read field_name + echo "What is the value for the $field_name field." + read field_value + + cat << EOF >> "$rulename.yaml" +#(Required) +# A list of Elasticsearch filters used for find events +# These filters are joined with AND and nested in a filtered query +# For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html +filter: + +- term: + $field_name: "$field_value" + +EOF + elif [ ${filter_type,,} = "wildcard" ] ; then + echo "What field do you want to use?" + read field_name + echo "What is the value for the $field_name field." + read field_value + cat << EOF >> "$rulename.yaml" +#(Required) +# A list of Elasticsearch filters used for find events +# These filters are joined with AND and nested in a filtered query +# For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html +filter: + +- wildcard: + $field_name: "$field_value" + +EOF + fi + else + + cat << EOF >> "$rulename.yaml" +#(Required) +# A list of Elasticsearch filters used for find events +# These filters are joined with AND and nested in a filtered query +# For more info: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl.html +filter: + +- wildcard: + event_type: "*" + +EOF + fi + +} + +############################ +# Re-alert Options # +############################ +realert_prompt() +{ +echo "The realert option allows you to ignore repeating alerts for a given period of time." +echo "Would you like to set a realert timeframe? (Y/N)" + read realert_option + + if [ ${realert_option,,} = "y" ] ; then + echo "Please choose from the following units of measure:" + echo "" + echo " - weeks, days, hours, minutes, or seconds" + read realert_unit_of_measure + echo "Please enter the number of $realert_unit_of_measure you want to use." + read realert_timeframe + + cat << EOF >> "$rulename.yaml" +# This option allows you to ignore repeating alerts for a period of time. +realert: + $realert_unit_of_measure: $realert_timeframe + +EOF + fi +} + +####################### +# Final prompt # +####################### +final_prompt() +{ +current_directory=$(pwd) +sleep 1 +echo "Writing rule to the following location:" +echo "" +echo " $current_directory/$rulename.yaml" +echo "" +sleep 1 +echo "Complete!" +sleep 1 +} + + +################################### +# Functions for Cardinality Rules # +################################### +cardinality_rule_prompt() +{ + echo "The Cardinality rule will be alert when the maximum or minimum number of unique values for a given field reach a threshold." + echo "What field do you want to be the Cardinality Field?" + echo "" + read cardinality_field + cat << EOF >> "$rulename.yaml" + +# (Required) +# Type of alert. +# The Cardinality rule matches when the total number of unique values for a certain field , within a given timeframe is higher or lower than a threshold. +type: cardinality + +# (Required, cardinality specific) +# Count the number of unique value for this field +cardinality_field: $cardinality_field + +EOF + echo "" + echo "To alert on values LESS than X unique values in the cardinality field: Press 1" + echo "To alert on values GREATER than X unique values in the cardinality field: Press 2" + echo "" + read cardinality_max_min + if [ $cardinality_max_min = "1" ] ; then + echo "The Minimum Cardinality value will alert you when there is less than X unique values in that field." + echo "What is the minimum Cardinality value?" + echo "" + read cardinality_min + + cat << EOF >> "$rulename.yaml" +# (Required, frequency specific) +# Alert when there is less than X unique values +min_cardinality: $cardinality_min + +EOF + + elif [ $cardinality_max_min = "2" ] ; then + echo "The Maximum Cardinality value will alert you when there is more than X unique values." + echo "What is the maximum Cardinality value?" + echo "" + read cardinality_max + + cat << EOF >> "$rulename.yaml" +# (Required, frequency specific) +# Alert when there is more than X unique values +max_cardinality: $cardinality_max + +EOF + + fi + echo "" + echo "The Cardinality Timeframe is defined as the number of unique values in the most recent X hours." + echo "" + echo "Below are the available units of measure for the timeframe field:" + echo " - weeks, days, hours, minutes, or seconds" + echo "What unit of measure do you want to use?" + read timeframe_units + echo "Please enter the number of $timeframe_units you want to use." + read timeframe + + cat << EOF >> "$rulename.yaml" +# (Required, frequency specific) +# The cardinality is defined as the number of unique values for the most recent 4 hours + +timeframe: + $timeframe_units: $timeframe + +EOF + +echo "The query_key counts by this field. For each unique value of the query_key field, cardinality will be counted separately." +echo "Would you like to set the query_key parameter? (Y/N)" + read cardinality_rule_options + if [ ${cardinality_rule_options,,} = "y" ] ; then + echo "What field do you want the query_key to be?" + read query_key + cat << EOF >> "$rulename.yaml" +# (Optional, frequency specific) +# query_key: Group cardinality counts by this field. For each unique value of the query_key field, cardinality will be counted separately. +query_key: $query_key + +EOF + fi + +} + +################################# +# Functions for Blacklist Rules # +################################# +blacklist_rule_prompt() +{ + echo "The blacklist rule will compare the values contained in a text file against the compare_key and alert if there is a match." + echo "What field do you want to compare to the blacklist?" + echo "" + read compare_key + echo "The blacklist file should be a text file with a single value per line." + echo "" + echo "The file needs to be accessible by the so-elastalert container." + echo "" + echo "Please enter the full path and filename of the blacklist." + echo "" + read -e blacklist_file_location + + cat << EOF >> "$rulename.yaml" +# (Required) +# Type of alert. +# The Blacklist rule will check a certain field against a blacklist and match if it is in the blacklist +type: blacklist + +# (Required, blacklist) +# The name of the field to use to compare to the blacklist. If the field is null, those events will be ignored. +compare_key: $compare_key + +# (Required, blacklist) +# A list of blacklisted values, and/or a list of paths to flat files which contain the blacklisted values +blacklist: + - "!file $blacklist_file_location" + +EOF + +} + +################################### +# Functions for Whitelist Rules # +################################### +whitelist_rule_prompt() +{ + echo "The whitelist rule will compare the values contained in a text file against the compare_key and alert if there is a match." + echo "What field do you want to compare to the whitelist?" + echo "" + read compare_key + + echo "The whitelist file should be a text file with a single value per line." + echo "" + echo "The file needs to be accessible by the so-elastalert container." + echo "" + echo "Please enter the full path and filename of the whitelist." + echo "" + read -e whitelist_file_location + echo "The ignore_null parameter If true, events without a compare_key field will not match." + echo "" + echo "Please enter true or false for the ignore_null parameter." + read ignore_null + + cat << EOF >> "$rulename.yaml" +# (Required) +# Type of alert. +# the whitelist rule will check a certain field against a whitelist and match if it is in the whitelist +type: whitelist + +# (Required, whitelist) +# The name of the field to use to compare to the whitelist. If the field is null, those events will be ignored. +compare_key: $compare_key + +# (Required, whitelist) +# ignore_null: If true, events without a compare_key field will not match. +ignore_null: $ignore_null + +# (Required, whitelist) +# A list of whitelisted values, and/or a list of paths to flat files which contain the whitelisted values +whitelist: + - "!file $whitelist_file_location" + +EOF +} + +################################### +# Functions for Frequency Rules # +################################### +frequency_rule_prompt() +{ +echo "The Frequency rule matches when there are at least a certain number of events in a given timeframe." +echo "" +echo "Enter the number of events you want to alert on:" + read num_events +echo "" +echo "Below are the available units of measure for the timeframe field:" +echo " - weeks, days, hours, minutes, or seconds" +echo "What unit of measure do you want to use?" + read timeframe_units +echo "Please enter the number of $timeframe_units you want to use." + read timeframe + +cat << EOF >> "$rulename.yaml" + +# (Required) +# Type of alert. +# the frequency rule type alerts when num_events events occur with timeframe time +type: frequency + +# (Required, frequency specific) +# Alert when this many documents matching the query occur within a timeframe +num_events: $num_events + +# (Required, frequency specific) +# num_events must occur within this amount of time to trigger an alert +timeframe: + $timeframe_units: $timeframe + +EOF + +cat << EOF +The frequency rule has the below optional fields: + - use_count_query: if true, ElastALert will poll Elasticsearch using the count api and not download all the matching + documents. This is useful if you only care about the numbers and not the actual data. + - use_terms_query: If true, ElastAlert will make an aggregation query against Elasticsearch to get counts of documents matching + each unique value of the query_key. This will only return the Maximum of terms_size, default 50 unique terms. + + +Would you like to set the optional settings? (Y/N) + +EOF + read frequency_rule_options + + if [ ${frequency_rule_options,,} = "y" ] ; then + echo "To set the use_count_query to true: press 1" + echo "To set the use_terms_query to true: press 2" + read frequency_query_type + if [ $frequency_query_type = "1" ] ; then + + cat << EOF >> "$rulename.yaml" + +# Only count number of records, instead of bringing all data back +use_count_query: true +doc_type: 'doc' + +EOF + elif [ $frequency_query_type = "2" ] ; then + echo "Please enter the query_key:" + read query_key + echo "Please enter the terms size:" + read term_size + + cat << EOF >> "$rulename.yaml" +# Only count number of records, instead of bringing all data back +use_terms_query: true +doc_type: 'doc' + +# Query_key count of documents will be stored independently for each value of query_key +query_key: $query_key + +# Term_size is the maximum number of terms returned per query. Default is 50. +terms_size: $term_size + +EOF + fi + fi + +} + +################################ +# Functions for Change Rules # +################################ +change_rule_prompt() +{ +echo "The change rule will monitor a certain field and match if that field changes." +echo "" +echo "The field must change with respect to the last event with the same query_key." +echo "Below is an example with a query_key of bob and a compare_key of source_ip:" +echo "" +echo " -username bob AND source_ip: 192.168.1.2" +echo " -username bob AND source_ip: 192.168.1.3" +echo "" +echo "The compare_key parameter names of the field to monitor for changes." +echo "Since this is a list of strings, we can have multiple keys. An alert will trigger if any of the fields change." +echo "" +echo "What field do you want to monitor for changes?" + read compare_key +echo "" +echo "The query_key parameter names the field that must be present in all of the events that are checked." +echo "What field do you want be the query_key?" + read query_key +echo "" +echo "The value of compare_key must change in two events that are less than the timeframe apart to trigger an alert." +echo "" +echo "Below are the available units of measure for the timeframe field:" +echo " - weeks, days, hours, minutes, or seconds" +echo "What unit of measure do you want to use?" + read timeframe_units +echo "Please enter the number of $timeframe_units you want to use." + read timeframe + cat << EOF >> "$rulename.yaml" +# (Required) +# Type of alert. +# This rule will monitor a certain field and match if that field changes. +type: change + +# (Required, change specific) +# The field to look for changes in +compare_key: $compare_key + +# (Required, change specific) +# Ignore documents without the compare_key (source_ip) field +ignore_null: true + +# (Required, change specific) +# The change must occur in two documents with the same query_key +query_key: $query_key + +# (Required, change specific) +# The value of compare_key must change in two events that are less than timeframe apart to t$ +timeframe: + $timeframe_units: $timeframe + +EOF + +} + +################################ +# Functions for Spike Rules # +################################ +spike_rule_prompt() +{ +echo "The spike rule matches when the volume of events during a given time period is spike_height times larger or smaller than during the previous time period." +echo "" +echo "Example to detect syn flood attack to public facing webserver:" +echo "Alert when the number of connection states to my web server per hour is twice as many as the previous hour." +echo "" +echo "The spike_height parameter is the ratio of number of events in the last timeframe to the previous timeframe that when hit will trigger an alert." +echo "Note: This value is a multiple!! 2 = 2x as many; 5 = 5x as many" +echo "What do you want the spike_height to be?" + read spike_height +echo "" +echo "What do you want the spike_type parameter to be?" +echo " - up: more than previous timeframe" +echo " - down: less than previous timeframe" +echo " - both: up or down" + read spike_type +echo "Below are the available units of measure for the timeframe field:" +echo " - weeks, days, hours, minutes, or seconds" +echo "What unit of measure do you want to use?" + read timeframe_units +echo "Please enter the number of $timeframe_units you want to use." + read timeframe + cat << EOF >> "$rulename.yaml" +# (Required) +# Type of alert. +# This rule matches when the volume of events during a given time period is spike_height times larger or smaller than during the previous time period. +type: spike + +# (Required, spike specific) +# The ratio of number of events in the last timeframe to the previous timeframe. +spike_height: $spike_height + +# (Required, spike specific) +# The spike being up, down or both +spike_type: $spike_type + +# (Required, spike specific) +# The value of average out the rate of events over this time period. +timeframe: + $timeframe_units: $timeframe + +EOF + +echo "The spike rule has the following optional parameters:" +echo " - field_value: When set, uses the value of the field in the document and not the number of matching documents. Note the value must be a number" +echo " - threshold_ref: The minimum number of events that must exist in the reference window for an alert to trigger." +echo " For example, if spike_height: 3 and threshold_ref: 10, then the ‘reference’ window must contain at least 10 events and the ‘current’ window at least three times that for an alert to be triggered." +echo " - threshold_cur: The minimum number of events that must exist in the current window for an alert to trigger." +echo " For example, if spike_height: 3 and threshold_cur: 60, then an alert will occur if the current window has more than 60 events and the reference window has less than a third as many." +echo "" +echo "Would you like to set one of these parameters? (Y/N)" + read spike_additional_options + if [ ${spike_additional_options,,} = "y" ] ; then + counter=0 + while [ $counter -eq 0 ]; do + counter=$(( $counter + 1 )) + echo "Please choose from the following options:" + echo "For field_value: Press 1" + echo "For threshold_ref: Press 2" + echo "For threshold_cur: Press 3" + echo "To continue: Press 4" + read spike_options_select + if [ $spike_options_select = "1" ] ; then + echo "What field would you like to use?" + read field_value_field + cat << EOF >> "$rulename.yaml" +#(Optional, spike specific) +# field_value: When set, uses the value of the field in the document and not the number of matching documents. +field_value: $spike_options_select + +EOF +# reset the counter for the while loop + counter=0 + elif [ $spike_options_select = "2" ] ; then + echo "What would you like the threshold_ref to be?" + read threshold_ref_field + cat << EOF >> "$rulename.yaml" +#(Optional, spike specific) +# The minimum number of events that must exist in the reference window for an alert to trigger. +threshold_ref: $threshold_ref_field + +EOF +#Reset the counter for the while loop + counter=0 + elif [ $spike_options_select = "3" ] ; then + echo "What would you like the threshold_cur to be?" + read threshold_cur_field + cat << EOF >> "$rulename.yaml" +#(Optional, spike specific +# The minimum number of events that must exist in the current window for an alert to trigger. +threshold_cur: $threshold_cur_field + +EOF +#Reset the counter for the while loop + counter=0 + elif [ $spike_options_select = "4" ] ; then + counter=1 + fi + done + fi +} + +################################### +# Functions for new term Rules # +################################### +new_term_rule_prompt() +{ +echo "This rule matches when a new value appears in a field that has never been seen before." +echo "When ElastAlert starts, it will use an aggregation query to gather all known terms for a list of fields." +echo "" +echo "What field(s) do you want to monitor for new terms?" + read new_term_field +cat << EOF >> "$rulename.yaml" +# (Required) +# Type of alert. +# This rule matches when a new value appears in a field that has never been seen before. +type: new_term + +# (Required, new_term specific) +# Monitor the field ip_address +fields: + - "$new_term_field" + +EOF + +echo "The New Term rule has the following additional options:" +echo " - terms_window_size: The amount of time used for the initial query to find existing terms. No term that has occurred within this time frame will trigger an alert. The default is 30 days." +echo " - window_step_size: When querying for existing terms, split up the time range into steps of this size. This is usefull when covering large timeframes" +echo " - alert_on_missing_field: Whether or not to alert when a field is missing from a document. The default is false." +echo "Would you like to set any of these options? (Y/N)" + read new_term_options + if [ ${new_term_options,,} = "y" ] ; then + counter=0 + while [ $counter -eq 0 ]; do + counter=$(( $counter + 1 )) + echo "Please choose from the following options:" + echo "" + echo "For terms_window_size: Press 1" + echo "For window_step_size: Press 2" + echo "For alert_on_missing_field: Press 3" + echo "To continue: Press 4" + read new_term_loop_option + if [ $new_term_loop_option = "1" ] ; then + echo "Below are the available units of measure for the terms_window_size field:" + echo " - weeks, days, hours, minutes, or seconds" + echo "What unit of measure do you want to use?" + read timeframe_units + echo "Please enter the number of $timeframe_units you want to use." + read timeframe + cat << EOF >> "$rulename.yaml" + +# (Optional, new_term specific) +# This means that we will query 90 days worth of data when ElastAlert starts to find which values of ip_address already exist +# If they existed in the last 90 days, no alerts will be triggered for them when they appear +terms_window_size: + $timeframe_units: $timeframe + +EOF +#Reset the while loop counter + counter=0 + elif [ $new_term_loop_option = "2" ] ; then + echo "Below are the available units of measure for the window_step_size field:" + echo " - weeks, days, hours, minutes, or seconds" + echo "What unit of measure do you want to use?" + read timeframe_units + echo "Please enter the number of $timeframe_units you want to use." + read timeframe + cat << EOF >> "$rulename.yaml" + +# (Optional, new_term specific) +# This means that we will query 90 days worth of data when ElastAlert starts to find which values of ip_address alr$ +# If they existed in the last 90 days, no alerts will be triggered for them when they appear +window_step_size: + $timeframe_units: $timeframe + +EOF +#Reset the while loop counter + counter=0 + elif [ $new_term_loop_option = "3" ] ; then + echo "Please enter either true or false for the alert_on_missing_field." + read alert_on_missing_field_option + cat << EOF >> "$rulename.yaml" +# (Optional, new_term specific) +# Whether or not to alert when a field is missing from a document. The default is false. +alert_on_missing_field: $alert_on_missing_field_option + +EOF +#reset the while loop counter + counter=0 + elif [ $new_term_loop_options = "4" ] ; then + counter=1 + fi + done + fi +} + +################################### +# Functions for Flat line Rules # +################################### +flatline_rule_prompt() +{ +echo "flatline: This rule matches when the total number of events is under a given threshold for a time period." +echo "" +echo "Please enter the minimum threshold of events." + read threshold +echo "Below are the available units of measure for the timeframe field:" +echo " - weeks, days, hours, minutes, or seconds" +echo "What unit of measure do you want to use?" + read timeframe_units +echo "Please enter the number of $timeframe_units you want to use." + read timeframe +echo "" + cat << EOF >> "$rulename.yaml" +# (Required) +# Type of alert. +# flatline: This rule matches when the total number of events is under a given threshold for a time period. +type: flatline + +# (Required, spike specific) +# threshold: The minimum number of events for an alert not to be triggered. +threshold: $threshold + +# (Required, spike specific) +# The value of average out the rate of events over this time period. +timeframe: + $timeframe_units: $timeframe + +EOF + +echo "The flatline rule has the following additional options:" +echo "" +echo " - use_count_query: If true, ElastAlert will poll Elasticsearch using the count api, and not download all of the matching documents." +echo " - use_terms_query: If true, ElastAlert will make an aggregation query against Elasticsearch to get counts of documents matching each unique value of query_key. " +echo " - terms_size: When used with use_terms_query, this is the maximum number of terms returned per query. Default is 50." +echo " - query_key: With flatline rule, query_key means that an alert will be triggered if any value of query_key has been seen at least once and then falls below the threshold." +echo " - forget_keys: Only valid when used with query_key. If this is set to true, ElastAlert will “forget” about the query_key value that triggers an alert, therefore preventing any more alerts for it until it’s seen again." +echo "" +echo "Would you like to set any of theses options? (Y/N)" + read flatline_option + if [ ${flatline_option,,} = "y" ] ; then + counter=0 + while [ $counter -eq 0 ]; do + counter=$(( $counter + 1 )) + echo "Please choose from the following options:" + echo "" + echo "For use_count_query: Press 1" + echo "For use_term_query: Press 2" + echo "For terms_size: Press 3" + echo "To continue: Press 4" + echo "" + read flatline_option_select + + if [ $flatline_option_select = "1" ] ; then + echo "Please enter true or false for the use_count_query field." + read use_count_query + cat << EOF >> "$rulename.yaml" + +# (Optional, flatline specific) +# use_count_query: If true, ElastAlert will poll Elasticsearch using the count api, and not download all of the matching documents. +use_count_query: $use_count_query +doc_type: 'doc' + +EOF +#Reset counter for while loop + counter=0 + + elif [ $flatline_option_select = "2" ] ; then + echo "Please enter true or false for the use_terms_query." + read use_terms_query + echo "Please enter the query_key field." + read query_key + echo "The forget_keys when set to true will, elastalert will forget about the query_key value, preventing any more alerts for it until it is seen again" + echo "" + echo "Please enter true of false for the forget_keys field." + read forget_keys + cat << EOF >> "$rulename.yaml" + +# (Optional, flatline specific) +# Use_terms_query: If true, ElastAlert will make an aggregation query against Elasticsearch to get counts of documents matching each unique value of query_key." +use_terms_query: $use_terms_query + +# (Optional, flatline specific) +# Query_key means that an alert will be triggered if any value of query_key has been seen at least once and then falls below the threshold." +query_key: $query_key + +# (Optional, flatline specific) +# If this is set to true, ElastAlert will “forget” about the query_key value that triggers an alert, therefore preventing any more alerts for it until it’s seen again. +forget_keys: $forget_keys + +EOF +#Reset counters for while loop + counter=0 + elif [ $flatline_option_select = "3" ] ; then + echo "Please enter the maximum number of terms returned per query, Default is 50" + read terms_size + cat << EOF >> "$rulename.yaml" + +# (Optional, flatline specific) +# When used with use_terms_query, this is the maximum number of terms returned per query. Default is 50. +terms_size: $terms_size + +EOF +#Reset counters for while loop + counter=0 + + elif [ $flatline_option_select = "4" ] ; then + counter=1 + fi + done +fi +} + +########################## +# Start Function # +########################## +main_menu diff --git a/salt/common/tools/sbin/so-elastalert-test b/salt/common/tools/sbin/so-elastalert-test new file mode 100644 index 000000000..575865bd0 --- /dev/null +++ b/salt/common/tools/sbin/so-elastalert-test @@ -0,0 +1,142 @@ +#!/bin/bash +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# Originally written by Bryant Treacle +# https://raw.githubusercontent.com/bryant-treacle/so-elastalert-test-rule/master/so-elastalert-test +# Modified by Doug Burks and Wes Lambert +# +# Purpose: This script will allow you to test your elastalert rule without entering the Docker container. + +. /usr/sbin/so-elastic-common + +OPTIONS="" +SKIP=0 +RESULTS_TO_LOG="n" +RULE_NAME="" +FILE_SAVE_LOCATION="" + +usage() +{ +cat < Write results to specified log file + -o '' Specify Elastalert options ( Ex. --schema-only , --count-only, --days N ) + -r Specify path/name of rule to test + +EOF +} + +while getopts "hal:o:r:" OPTION +do + case $OPTION in + h) + usage + exit 0 + ;; + a) + OPTIONS="--alert" + ;; + l) + RESULTS_TO_LOG="y" + FILE_SAVE_LOCATION=$OPTARG + ;; + + o) + OPTIONS=$OPTARG + ;; + + r) + RULE_NAME=$OPTARG + SKIP=1 + ;; + *) + usage + exit 0 + ;; + esac +done + +docker_exec(){ + if [ ${RESULTS_TO_LOG,,} = "y" ] ; then + docker exec -it so-elastalert bash -c "elastalert-test-rule $RULE_NAME $OPTIONS" > $FILE_SAVE_LOCATION + else + docker exec -it so-elastalert bash -c "elastalert-test-rule $RULE_NAME $OPTIONS" + fi +} + +rule_prompt(){ + CURRENT_RULES=$(find /opt/so/rules/elastalert -name "*.yaml") + echo + echo "This script will allow you to test an Elastalert rule." + echo + echo "Below is a list of active Elastalert rules:" + echo + echo "-----------------------------------" + echo + echo "$CURRENT_RULES" + echo + echo "-----------------------------------" + echo + echo "Note: To test a rule it must be accessible by the Elastalert Docker container." + echo + echo "Make sure to swap the local path (/opt/so/rules/elastalert/) for the docker path (/etc/elastalert/rules/)" + echo "Example: /opt/so/rules/elastalert/nids2hive.yaml would be /etc/elastalert/rules/nids2hive.yaml" + echo + while [ -z $RULE_NAME ]; do + echo "Please enter the file path and rule name you want to test." + read -e RULE_NAME + done +} + +log_save_prompt(){ + RESULTS_TO_LOG="" + while [ -z $RESULTS_TO_LOG ]; do + echo "The results can be rather long. Would you like to write the results to a file? (Y/N)" + read RESULTS_TO_LOG + done +} + +log_path_prompt(){ + while [ -z $FILE_SAVE_LOCATION ]; do + echo "Please enter the file path and file name." + read -e FILE_SAVE_LOCATION + done + echo "Depending on the rule this may take a while." +} + +if [ $SKIP -eq 0 ]; then + rule_prompt + log_save_prompt + if [ ${RESULTS_TO_LOG,,} = "y" ] ; then + log_path_prompt + fi +fi + +docker_exec + +if [ $? -eq 0 ]; then + echo "Test completed successfully!" +else + echo "Something went wrong..." +fi + +echo + + + From 79ef0b6e1f7f4ee7a9b4f3f72d07b4c0f0117bdd Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Wed, 8 Jan 2020 14:27:50 +0000 Subject: [PATCH 33/44] remove cyberchef from proxy conf --- salt/common/nginx/nginx.conf.so-eval | 12 ------------ salt/common/nginx/nginx.conf.so-master | 12 ------------ 2 files changed, 24 deletions(-) diff --git a/salt/common/nginx/nginx.conf.so-eval b/salt/common/nginx/nginx.conf.so-eval index b5cf6ef5a..23257b807 100644 --- a/salt/common/nginx/nginx.conf.so-eval +++ b/salt/common/nginx/nginx.conf.so-eval @@ -186,18 +186,6 @@ http { } - location /cyberchef/ { - proxy_pass http://{{ masterip }}:9080/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_http_version 1.1; # this is essential for chunked responses to work - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - - } - location /soctopus/ { proxy_pass http://{{ masterip }}:7000/; proxy_read_timeout 90; diff --git a/salt/common/nginx/nginx.conf.so-master b/salt/common/nginx/nginx.conf.so-master index 265413fa2..0a0c31d6a 100644 --- a/salt/common/nginx/nginx.conf.so-master +++ b/salt/common/nginx/nginx.conf.so-master @@ -188,18 +188,6 @@ http { } - location /cyberchef/ { - proxy_pass http://{{ masterip }}:9080/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_http_version 1.1; # this is essential for chunked responses to work - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - - } - location /soctopus/ { proxy_pass http://{{ masterip }}:7000/; proxy_read_timeout 90; From 209f60d99e1af70a25ba47a720da70e8176c5dcb Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Wed, 8 Jan 2020 16:13:10 -0500 Subject: [PATCH 34/44] soscripts - so-elastic-diagnose --- salt/common/tools/sbin/so-elastic-diagnose | 33 ++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 salt/common/tools/sbin/so-elastic-diagnose diff --git a/salt/common/tools/sbin/so-elastic-diagnose b/salt/common/tools/sbin/so-elastic-diagnose new file mode 100644 index 000000000..0a8acc0ae --- /dev/null +++ b/salt/common/tools/sbin/so-elastic-diagnose @@ -0,0 +1,33 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Source common settings +. /usr/sbin/so-common + +# Check for log files +for FILE in /opt/so/log/elasticsearch/*.log /opt/so/log/logstash/*.log /opt/so/log/kibana/*.log /opt/so/log/elastalert/*.log /opt/so/log/curator/*.log /opt/so/log/freqserver/*.log /opt/so/log/nginx/*.log; do + +# If file exists, then look for errors or warnings +if [ -f $FILE ]; then + MESSAGE=`grep -i 'ERROR\|FAIL\|WARN' $FILE` + if [ ! -z "$MESSAGE" ]; then + header $FILE + echo $MESSAGE | sed 's/WARN/\nWARN/g' | sed 's/WARNING/\nWARNING/g' | sed 's/ERROR/\nERROR/g' | sort | uniq -c | sort -nr + echo + fi +fi +done From 1bfb8bbea280a4e7067cdba81c1b81c0872a1bd2 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 9 Jan 2020 12:20:25 -0500 Subject: [PATCH 35/44] Update SO-Auth version --- salt/auth/init.sls | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/auth/init.sls b/salt/auth/init.sls index 0d82f6cb9..bed7d18d5 100644 --- a/salt/auth/init.sls +++ b/salt/auth/init.sls @@ -7,17 +7,17 @@ so-auth-api-dir: so-auth-api-image: cmd.run: - - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-auth-api:HH1.1.3 + - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-auth-api:HH1.1.4 so-auth-ui-image: cmd.run: - - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-auth-ui:HH1.1.3 + - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-auth-ui:HH1.1.4 so-auth-api: docker_container.running: - require: - so-auth-api-image - - image: docker.io/soshybridhunter/so-auth-api:HH1.1.3 + - image: docker.io/soshybridhunter/so-auth-api:HH1.1.4 - hostname: so-auth-api - name: so-auth-api - environment: @@ -31,7 +31,7 @@ so-auth-ui: docker_container.running: - require: - so-auth-ui-image - - image: docker.io/soshybridhunter/so-auth-ui:HH1.1.3 + - image: docker.io/soshybridhunter/so-auth-ui:HH1.1.4 - hostname: so-auth-ui - name: so-auth-ui - port_bindings: From 140feb5515a5f7952b82266bab8c4b792378e9ae Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 10 Jan 2020 08:58:50 -0500 Subject: [PATCH 36/44] Fix git merge leftovers --- salt/common/nginx/nginx.conf.so-eval | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/salt/common/nginx/nginx.conf.so-eval b/salt/common/nginx/nginx.conf.so-eval index 5c49c0100..d3e377881 100644 --- a/salt/common/nginx/nginx.conf.so-eval +++ b/salt/common/nginx/nginx.conf.so-eval @@ -184,21 +184,6 @@ http { } -<<<<<<< HEAD - location /cyberchef/ { - proxy_pass http://{{ masterip }}:9080/; - proxy_read_timeout 90; - proxy_connect_timeout 90; - proxy_http_version 1.1; # this is essential for chunked responses to work - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Proxy ""; - - } - -======= ->>>>>>> origin/dev location /soctopus/ { proxy_pass http://{{ masterip }}:7000/; proxy_read_timeout 90; From 7e1870e9d0961642bfe562587ec5bab36962c568 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Mon, 13 Jan 2020 13:52:30 +0000 Subject: [PATCH 37/44] update image versions --- salt/common/init.sls | 4 ++-- salt/elasticsearch/init.sls | 4 ++-- salt/filebeat/init.sls | 4 ++-- salt/hive/init.sls | 4 ++-- salt/kibana/init.sls | 4 ++-- salt/logstash/init.sls | 4 ++-- salt/wazuh/init.sls | 4 ++-- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/salt/common/init.sls b/salt/common/init.sls index e34431a46..12f229d4e 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -117,13 +117,13 @@ nginxtmp: # Start the core docker so-coreimage: cmd.run: - - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-core:HH1.1.3 + - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-core:HH1.1.4 so-core: docker_container.running: - require: - so-coreimage - - image: docker.io/soshybridhunter/so-core:HH1.1.3 + - image: docker.io/soshybridhunter/so-core:HH1.1.4 - hostname: so-core - user: socore - binds: diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 4c5d3e644..b3f2e0ce5 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -100,13 +100,13 @@ eslogdir: so-elasticsearchimage: cmd.run: - - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-elasticsearch:HH1.1.0 + - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-elasticsearch:HH1.1.4 so-elasticsearch: docker_container.running: - require: - so-elasticsearchimage - - image: docker.io/soshybridhunter/so-elasticsearch:HH1.1.0 + - image: docker.io/soshybridhunter/so-elasticsearch:HH1.1.4 - hostname: elasticsearch - name: so-elasticsearch - user: elasticsearch diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls index fce1c6b38..1eaa1ae5b 100644 --- a/salt/filebeat/init.sls +++ b/salt/filebeat/init.sls @@ -58,13 +58,13 @@ filebeatconfsync: so-filebeatimage: cmd.run: - - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-filebeat:HH1.1.1 + - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-filebeat:HH1.1.4 so-filebeat: docker_container.running: - require: - so-filebeatimage - - image: docker.io/soshybridhunter/so-filebeat:HH1.1.1 + - image: docker.io/soshybridhunter/so-filebeat:HH1.1.4 - hostname: so-filebeat - user: root - extra_hosts: {{ MASTER }}:{{ MASTERIP }} diff --git a/salt/hive/init.sls b/salt/hive/init.sls index 73b29b501..c08a74634 100644 --- a/salt/hive/init.sls +++ b/salt/hive/init.sls @@ -55,13 +55,13 @@ hiveesdata: so-thehive-esimage: cmd.run: - - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-thehive-es:HH1.1.1 + - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-thehive-es:HH1.1.4 so-thehive-es: docker_container.running: - require: - so-thehive-esimage - - image: docker.io/soshybridhunter/so-thehive-es:HH1.1.1 + - image: docker.io/soshybridhunter/so-thehive-es:HH1.1.4 - hostname: so-thehive-es - name: so-thehive-es - user: 939 diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls index 0d6262600..686564f34 100644 --- a/salt/kibana/init.sls +++ b/salt/kibana/init.sls @@ -56,14 +56,14 @@ synckibanacustom: so-kibanaimage: cmd.run: - - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-kibana:HH1.1.1 + - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-kibana:HH1.1.4 # Start the kibana docker so-kibana: docker_container.running: - require: - so-kibanaimage - - image: docker.io/soshybridhunter/so-kibana:HH1.1.1 + - image: docker.io/soshybridhunter/so-kibana:HH1.1.4 - hostname: kibana - user: kibana - environment: diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls index c2b80346f..6d9755c42 100644 --- a/salt/logstash/init.sls +++ b/salt/logstash/init.sls @@ -155,13 +155,13 @@ lslogdir: # Add the container so-logstashimage: cmd.run: - - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-logstash:HH1.1.1 + - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-logstash:HH1.1.4 so-logstash: docker_container.running: - require: - so-logstashimage - - image: docker.io/soshybridhunter/so-logstash:HH1.1.1 + - image: docker.io/soshybridhunter/so-logstash:HH1.1.4 - hostname: so-logstash - name: so-logstash - user: logstash diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls index a59a1d215..5825ed7d5 100644 --- a/salt/wazuh/init.sls +++ b/salt/wazuh/init.sls @@ -64,13 +64,13 @@ wazuhagentregister: so-wazuhimage: cmd.run: - - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-wazuh:HH1.1.3 + - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-wazuh:HH1.1.4 so-wazuh: docker_container.running: - require: - so-wazuhimage - - image: docker.io/soshybridhunter/so-wazuh:HH1.1.3 + - image: docker.io/soshybridhunter/so-wazuh:HH1.1.4 - hostname: {{HOSTNAME}}-wazuh-manager - name: so-wazuh - detach: True From c4626020a451cc8e00c1538f939c1b7e6a26e39a Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Mon, 13 Jan 2020 20:07:54 +0000 Subject: [PATCH 38/44] update so-allow to allow arguments --- salt/common/tools/sbin/so-allow | 118 +++++++++++++++++++++++++------- 1 file changed, 94 insertions(+), 24 deletions(-) diff --git a/salt/common/tools/sbin/so-allow b/salt/common/tools/sbin/so-allow index 1685e386a..ff5a8c893 100644 --- a/salt/common/tools/sbin/so-allow +++ b/salt/common/tools/sbin/so-allow @@ -1,4 +1,23 @@ #!/bin/bash +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +SKIP=0 + got_root() { # Make sure you are root @@ -11,32 +30,83 @@ got_root() { got_root -echo "This program allows you to add a firewall rule to allow connections from a new IP address." -echo "" -echo "Choose the role for the IP or Range you would like to add" -echo "" -echo "[a] - Analyst - ports 80/tcp and 443/tcp" -echo "[b] - Logstash Beat - port 5044/tcp" -echo "[o] - Osquery endpoint - port 8080/tcp" -echo "[w] - Wazuh endpoint - port 1514" -echo "" -echo "Please enter your selection (a - analyst, b - beats, o - osquery, w - wazuh):" -read ROLE -echo "Enter a single ip address or range to allow (example: 10.10.10.10 or 10.10.0.0/16):" -read IP +while getopts "abowi:" OPTION +do + case $OPTION in + + h) + usage + exit 0 + ;; + a) + FULLROLE="analyst" + SKIP=1 + ;; + b) + FULLROLE=beats_endpoint + SKIP=1 + ;; + i) IP=$OPTARG + ;; + o) + FULLROLE=osquery_endpoint + SKIP=1 + ;; + w) + FULLROLE=wazuh_endpoint + SKIP=1 + ;; + esac +done + +if [ "$SKIP" -eq 0 ]; then + + echo "This program allows you to add a firewall rule to allow connections from a new IP address." + echo "" + echo "Choose the role for the IP or Range you would like to add" + echo "" + echo "[a] - Analyst - ports 80/tcp and 443/tcp" + echo "[b] - Logstash Beat - port 5044/tcp" + echo "[o] - Osquery endpoint - port 8080/tcp" + echo "[w] - Wazuh endpoint - port 1514" + echo "" + echo "Please enter your selection (a - analyst, b - beats, o - osquery, w - wazuh):" + read ROLE + echo "Enter a single ip address or range to allow (example: 10.10.10.10 or 10.10.0.0/16):" + read IP + + if [ "$ROLE" == "a" ]; then + FULLROLE=analyst + elif [ "$ROLE" == "b" ]; then + FULLROLE=beats_endpoint + elif [ "$ROLE" == "o" ]; then + FULLROLE=osquery_endpoint + elif [ "$ROLE" == "w" ]; then + FULLROLE=wazuh_endpoint + else + echo "I don't recognize that role" + exit 1 + fi -if [ "$ROLE" == "a" ]; then - FULLROLE=analyst -elif [ "$ROLE" == "b" ]; then - FULLROLE=beats_endpoint -elif [ "$ROLE" == "o" ]; then - FULLROLE=osquery_endpoint -elif [ "$ROLE" == "w" ]; then - FULLROLE=wazuh_endpoint -else - echo "I don't recognize that role" - exit 1 fi echo "Adding $IP to the $FULLROLE role. This can take a few seconds" /opt/so/saltstack/pillar/firewall/addfirewall.sh $FULLROLE $IP + +# Check if Wazuh enabled +if grep -q -R "wazuh: 1" /opt/so/saltstack/pillar/*; then + # If analyst, add to Wazuh AR whitelist + if [ "$FULLROLE" == "analyst" ]; then + WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf" + if ! grep -q "$IP" $WAZUH_MGR_CFG ; then + DATE=`date` + sed -i 's/<\/ossec_config>//' $WAZUH_MGR_CFG + sed -i '/^$/N;/^\n$/D' $WAZUH_MGR_CFG + echo -e "\n \n $IP\n \n" >> $WAZUH_MGR_CFG + echo "Added whitelist entry for $IP in $WAZUH_MGR_CFG." + echo + echo "Restarting OSSEC Server..." + /usr/sbin/so-wazuh-restart + fi + fi +fi From 8c36b3b6953110157becc89b56ff86672b22ed33 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Mon, 13 Jan 2020 20:17:38 +0000 Subject: [PATCH 39/44] add quotes --- salt/common/tools/sbin/so-allow | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/common/tools/sbin/so-allow b/salt/common/tools/sbin/so-allow index ff5a8c893..d76ddc83e 100644 --- a/salt/common/tools/sbin/so-allow +++ b/salt/common/tools/sbin/so-allow @@ -43,17 +43,17 @@ do SKIP=1 ;; b) - FULLROLE=beats_endpoint + FULLROLE="beats_endpoint" SKIP=1 ;; i) IP=$OPTARG ;; o) - FULLROLE=osquery_endpoint + FULLROLE="osquery_endpoint" SKIP=1 ;; w) - FULLROLE=wazuh_endpoint + FULLROLE="wazuh_endpoint" SKIP=1 ;; esac From 8e7b2bc888c443da47e26bb480b16da08d412f82 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Mon, 13 Jan 2020 20:57:03 +0000 Subject: [PATCH 40/44] remove double bash declaration --- salt/common/tools/sbin/so-allow | 1 - 1 file changed, 1 deletion(-) diff --git a/salt/common/tools/sbin/so-allow b/salt/common/tools/sbin/so-allow index d76ddc83e..d24350611 100644 --- a/salt/common/tools/sbin/so-allow +++ b/salt/common/tools/sbin/so-allow @@ -1,5 +1,4 @@ #!/bin/bash -#!/bin/bash # # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC # From 1338f7125fcbf25eefb9bf794b8ec775110c968b Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Mon, 13 Jan 2020 21:12:33 +0000 Subject: [PATCH 41/44] update Wazuh init for whitelist --- salt/wazuh/init.sls | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls index 5825ed7d5..76d3fb1b4 100644 --- a/salt/wazuh/init.sls +++ b/salt/wazuh/init.sls @@ -62,6 +62,15 @@ wazuhagentregister: - mode: 755 - template: jinja +wazuhmgrwhitelist: + file.managed: + - name: /usr/sbin/wazuh-manager-whitelist + - source: salt://wazuh/files/wazuh-manager-whitelist + - user: 0 + - group: 0 + - mode: 755 + - template: jinja + so-wazuhimage: cmd.run: - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-wazuh:HH1.1.4 @@ -87,3 +96,9 @@ registertheagent: - name: /usr/sbin/wazuh-register-agent - cwd: / #- stateful: True + +# Whitelist manager IP +whitelistmanager: + cmd.run: + - name: /usr/sbin/wazuh-manager-whitelist + - cwd: / From a960083d6e558361fc5eb57521acd7da37478f51 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Mon, 13 Jan 2020 21:13:28 +0000 Subject: [PATCH 42/44] add Wazuh manager whitelist script --- salt/wazuh/files/wazuh-manager-whitelist | 33 ++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 salt/wazuh/files/wazuh-manager-whitelist diff --git a/salt/wazuh/files/wazuh-manager-whitelist b/salt/wazuh/files/wazuh-manager-whitelist new file mode 100644 index 000000000..0cf675f5c --- /dev/null +++ b/salt/wazuh/files/wazuh-manager-whitelist @@ -0,0 +1,33 @@ +{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %} +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Check if Wazuh enabled +if grep -q -R "wazuh: 1" /opt/so/saltstack/pillar/*; then + WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf" + if ! grep -q "{{ MASTERIP }}" $WAZUH_MGR_CFG ; then + DATE=`date` + sed -i 's/<\/ossec_config>//' $WAZUH_MGR_CFG + sed -i '/^$/N;/^\n$/D' $WAZUH_MGR_CFG + echo -e "\n \n {{ MASTERIP }}\n \n" >> $WAZUH_MGR_CFG + echo "Added whitelist entry for {{ MASTERIP }} in $WAZUH_MGR_CFG." + echo + echo "Restarting OSSEC Server..." + /usr/sbin/so-wazuh-restart + fi +fi + From 4917a7284db6980cb28ae6d2d0e0e1409d2973a4 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Mon, 13 Jan 2020 22:19:15 +0000 Subject: [PATCH 43/44] add initial replay wrappers --- salt/common/tools/sbin/so-tcpreplay | 28 +++++++++++++++++++++ salt/common/tools/sbin/so-tcpreplay-restart | 21 ++++++++++++++++ salt/common/tools/sbin/so-tcpreplay-start | 20 +++++++++++++++ salt/common/tools/sbin/so-tcpreplay-stop | 21 ++++++++++++++++ 4 files changed, 90 insertions(+) create mode 100755 salt/common/tools/sbin/so-tcpreplay create mode 100755 salt/common/tools/sbin/so-tcpreplay-restart create mode 100755 salt/common/tools/sbin/so-tcpreplay-start create mode 100755 salt/common/tools/sbin/so-tcpreplay-stop diff --git a/salt/common/tools/sbin/so-tcpreplay b/salt/common/tools/sbin/so-tcpreplay new file mode 100755 index 000000000..69cee2f68 --- /dev/null +++ b/salt/common/tools/sbin/so-tcpreplay @@ -0,0 +1,28 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +REPLAY_ENABLED=$(docker images | grep so-tcpreplay) +REPLAY_RUNNING=$(docker ps | grep so-tcpreplay) + +if [ "$REPLAY_ENABLED" != "" ] && [ "$REPLAY_RUNNING" != "" ]; then + docker cp so-tcpreplay:/opt/samples /opt/samples + docker exec -it so-tcpreplay /usr/bin/tcpreplay -i bond0 -M10 $1 +else + echo "Replay functionality not enabled! To enable, run `so-tcpreplay-start`" + echo + echo "Note that you will need internet access to download the appropiriate components" +fi diff --git a/salt/common/tools/sbin/so-tcpreplay-restart b/salt/common/tools/sbin/so-tcpreplay-restart new file mode 100755 index 000000000..61e9016d0 --- /dev/null +++ b/salt/common/tools/sbin/so-tcpreplay-restart @@ -0,0 +1,21 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-restart tcreplay $1 + diff --git a/salt/common/tools/sbin/so-tcpreplay-start b/salt/common/tools/sbin/so-tcpreplay-start new file mode 100755 index 000000000..e6886b80c --- /dev/null +++ b/salt/common/tools/sbin/so-tcpreplay-start @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-start tcpreplay $1 diff --git a/salt/common/tools/sbin/so-tcpreplay-stop b/salt/common/tools/sbin/so-tcpreplay-stop new file mode 100755 index 000000000..d12014260 --- /dev/null +++ b/salt/common/tools/sbin/so-tcpreplay-stop @@ -0,0 +1,21 @@ +#!/bin/bash + +# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. /usr/sbin/so-common + +/usr/sbin/so-stop tcpreplay $1 + From 348dbb752a6a683091b2c018bf88101fc7454e50 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Tue, 14 Jan 2020 13:48:57 +0000 Subject: [PATCH 44/44] source so-common --- salt/common/tools/sbin/so-allow | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/salt/common/tools/sbin/so-allow b/salt/common/tools/sbin/so-allow index d24350611..c6b756cd1 100644 --- a/salt/common/tools/sbin/so-allow +++ b/salt/common/tools/sbin/so-allow @@ -15,20 +15,10 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . +. /usr/sbin/so-common + SKIP=0 -got_root() { - - # Make sure you are root - if [ "$(id -u)" -ne 0 ]; then - echo "This script must be run using sudo!" - exit 1 - fi - -} - -got_root - while getopts "abowi:" OPTION do case $OPTION in