From c5af37c6f50732153c31598f2dc9164c418f8918 Mon Sep 17 00:00:00 2001 From: Marco Walz Date: Wed, 6 May 2026 16:57:34 +0200 Subject: [PATCH 1/9] docs: add node infrastructure concept page (IC-OS, GuestOS, TEE) Migrates two Learn Hub articles from the "Node Infrastructure" section into a single docs/concepts/node-infrastructure.md page covering the IC-OS stack (SetupOS, HostOS, GuestOS) and TEE fundamentals (SEV-SNP memory encryption, VM launch measurements, attestation, and sealing keys). Updates docs/concepts/https-outcalls.md: replaces Learn Hub TEE link with the new internal path and removes a stale Learn Hub further-reading entry. --- .../node-infrastructure/overview.md | 56 ---- .../trusted-execution-environments.md | 315 ------------------ docs/concepts/https-outcalls.md | 4 +- docs/concepts/node-infrastructure.md | 91 +++++ 4 files changed, 92 insertions(+), 374 deletions(-) delete mode 100644 .migration/learn-hub/how-does-icp-work/node-infrastructure/overview.md delete mode 100644 .migration/learn-hub/how-does-icp-work/node-infrastructure/trusted-execution-environments.md create mode 100644 docs/concepts/node-infrastructure.md diff --git a/.migration/learn-hub/how-does-icp-work/node-infrastructure/overview.md b/.migration/learn-hub/how-does-icp-work/node-infrastructure/overview.md deleted file mode 100644 index f8e5a6ed..00000000 --- a/.migration/learn-hub/how-does-icp-work/node-infrastructure/overview.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -learn_hub_id: 46135518360212 -learn_hub_url: "https://learn.internetcomputer.org/hc/en-us/articles/46135518360212-Overview" -learn_hub_title: "Overview" -learn_hub_section: "Node Infrastructure" -learn_hub_category: "How does ICP work?" -migrated: false ---- - -# Overview - -IC-OS is the operating system that runs on Internet Computer nodes. It's based on Ubuntu Linux and customized specifically for the IC. - -IC-OS is actually three different operating systems that work together, each with a specific job. - -### SetupOS - -**SetupOS** is used when setting up a new node for the first time. Node providers download the SetupOS onto a USB drive, plug it into their node machine and boot from it. The SetupOS automatically sets everything up and then the machine reboots into the HostOS. - -**What it does:** - - * Checks that the hardware meets requirements - * Tests network connectivity - * Installs the other two operating systems (HostOS and GuestOS) - * Sets up the node with necessary settings and security keys - - - -### HostOS - -**HostOS** runs directly on the physical hardware. Its job is to configure and run the Guest virtual machine. - -**What it does:** - - * Runs a virtual machine that contains GuestOS - * Manages hardware resources - * Handles system upgrades - * Provides a security barrier between hardware and the ICP software - - - -### GuestOS - -**GuestOS** runs inside a virtual machine on the HostOS. This is where the actual Internet Computer software runs. - -**What it does:** - - * Runs the replica - * Runs canisters and manages their state - * Participates in consensus with other nodes - * Manages cryptographic keys and operations - - - -Running GuestOS in a virtual machine ensures every node has the exact same environment, regardless of the underlying hardware. Furthermore, running GuestOS in a virtual machine allows better separation from a potentially malicious host. - diff --git a/.migration/learn-hub/how-does-icp-work/node-infrastructure/trusted-execution-environments.md b/.migration/learn-hub/how-does-icp-work/node-infrastructure/trusted-execution-environments.md deleted file mode 100644 index 0c8cd12e..00000000 --- a/.migration/learn-hub/how-does-icp-work/node-infrastructure/trusted-execution-environments.md +++ /dev/null @@ -1,315 +0,0 @@ ---- -learn_hub_id: 46124920595988 -learn_hub_url: "https://learn.internetcomputer.org/hc/en-us/articles/46124920595988-Trusted-Execution-Environments" -learn_hub_title: "Trusted Execution Environments" -learn_hub_section: "Node Infrastructure" -learn_hub_category: "How does ICP work?" -migrated: false ---- - -# Trusted Execution Environments - -The Internet Computer Protocol strengthens its confidentiality and integrity guarantees by running nodes inside Trusted Execution Environments (TEEs). - -This work is part of Milestone Magnetosphere and is being rolled out gradually across the network, with the first machines already live. In this article, we explore the security properties TEEs provide and how the Internet Computer Protocol leverages them. - -![Securing the Internet Computer with Trusted Execution Environments](https://learn.internetcomputer.org/hc/article_attachments/46126182872340) - -## The Internals of an ICP Node - -The Internet Computer is composed of many nodes distributed across the globe and operated by independent node providers. Each node is a physical server running a host operating system (_HostOS_), which in turn runs a virtual machine (_GuestOS_). - -All critical components, such as the orchestrator, the replica, the canisters, and their associated state, run inside the GuestOS. The GuestOS is logically isolated from the HostOS, which is treated as untrusted. - -## TEE Foundations for ICP Nodes - -While this virtualization-based isolation has always been in place, it was previously possible for a highly sophisticated attacker with physical access to a node to compromise the host and inspect or tamper with the memory and state of the GuestOS. - -TEEs address this by providing hardware-enforced isolation between a virtual machine and its host. Even if the HostOS or hypervisor is compromised, the confidentiality and integrity of the GuestOS is still preserved. - -The Internet Computer Protocol currently relies on AMD’s TEE technology: **Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP)**. SEV-SNP provides four core features that make it possible to place trust in a GuestOS running on a potentially compromised host: - - 1. **Memory Encryption** \- Protection of the GuestOS memory from unauthorized reads or writes by the host. - 2. **VM Launch Measurements** \- Cryptographic measurements that capture how the VM was initialized. - 3. **Attestation Reports** \- Verifiable evidence that a VM is running inside a genuine SEV-SNP TEE with a specific configuration. - 4. **Sealing Keys** \- Hardware-derived keys that allow data to be securely encrypted for persistent storage. - - - -In the following, we will highlight each of the four features in more detail and explain how they are used by the Internet Computer Protocol. - -### Memory Encryption - -SEV-SNP encrypts all memory pages of a virtual machine using keys protected by the CPU’s secure processor. This means that even if an attacker gains full control over the host machine, any attempt to inspect the VM’s memory will only result in encrypted blobs. - -This is important for the Internet Computer, as a node’s runtime memory contains highly sensitive data, including canister state and cryptographic material (e.g., signing keys and threshold key shares). - -### VM Launch Measurements - -A VM launch measurement in SEV-SNP is a cryptographic fingerprint that represents the state of a virtual machine at launch. It is computed by the SEV-SNP secure processor and captures both the contents of the VM’s initial memory and relevant configuration metadata. In effect, the measurement uniquely identifies what software was loaded and how the virtual machine was initialized. - -The launch measurement is derived from inputs such as the CPU model and firmware, the guest kernel, the initial ramdisk, and the kernel command-line parameters. Because the measurement reflects these inputs exactly, even a single-byte change in the guest software or configuration results in a different launch measurement. - -Importantly, the launch measurement can also be computed offline, using the same inputs that are used to initialize the VM. This makes it possible to know the expected measurement of a VM before it is ever started. - -The Internet Computer Protocol relies on VM launch measurements to securely identify different versions of the GuestOS. For each GuestOS release, the expected launch measurement can be computed ahead of time and published as part of the release process. As long as nodes run the same GuestOS version, their launch measurements will be identical across all Internet Computer nodes. - -The kernel command-line parameters included in the measurement contain, among other things, the expected hash of the root filesystem, which is verified during early boot. As a result, any modification to the GuestOS, whether in code, configuration, or filesystem contents, leads to a different launch measurement. - -These measurements play a central role for both remote attestation and sealing keys to bind trust and confidentiality to a specific, verified software configuration. - -![SEV-SNP attestation report](https://learn.internetcomputer.org/hc/article_attachments/46124888515860) - -### Attestation Reports - -An attestation report in AMD SEV-SNP is a cryptographically signed document produced by the SEV-SNP secure processor. It serves as verifiable evidence that a virtual machine is running inside a genuine Trusted Execution Environment (TEE). - -The report includes important information such as the VM’s launch measurement and a unique hardware identifier of the CPU. By examining the launch measurement, a verifier can determine precisely what software and configuration were used to initialize the VM. In other words, the attestation report allows anyone to confirm what is running inside the VM and that it is indeed protected by SEV-SNP. - -For the Internet Computer Protocol, attestation reports are critical to trust and transparency. They allow nodes and external parties to verify that a machine is running an approved GuestOS release, tying the VM back to the code base. - -### Sealing Keys - -A sealing key is a cryptographic key generated inside a Trusted Execution Environment (TEE) that cannot be accessed outside the virtual machine. In AMD SEV-SNP, sealing keys are derived from two sources: the CPU’s unique hardware identifier (chip ID) and the VM’s launch measurement. - -Because of this derivation: - - * Each machine produces a different key, even for the same GuestOS release; - * The key is tied to the specific software and configuration of the VM; if either changes, the key cannot decrypt previously sealed data. - - - -Sealing keys can be used to encrypt sensitive information such that it can only be decrypted inside the original VM with the original configuration, providing a strong guarantee of confidentiality and integrity for stored data. - -In the Internet Computer, sealing keys are used to protect the persistent state of a node. By encrypting this data with a sealing key, the protocol ensures that it can only be accessed by the intended GuestOS running on the intended hardware. This provides a powerful security guarantee: even if an attacker gains physical access to a node or copies the disk elsewhere, they cannot decrypt the node’s persistent data without the exact VM configuration and CPU. - -## Practical Considerations of Running TEE-Protected ICP Nodes - -With the foundational features of TEEs in place, running Internet Computer nodes inside AMD SEV-SNP environments introduces new operational considerations. The protocol must handle challenges such as: - - 1. leveraging sealing keys for disk encryption, - 2. enabling remote attestation to allow externals to verify that the nodes are running an approved GuestOS version within a TEE, - 3. securely upgrading nodes to a new GuestOS version without data loss and leakage, - 4. allowing failure recoveries in emergency situations. - - - -In the following sections, we explore each of these topics in detail. - -### Leveraging Sealing Keys to Encrypt the Disks - -#### SEV-SNP and Persistent Storage - -Out of the box, AMD SEV-SNP provides memory encryption for virtual machines, protecting runtime data in RAM from being accessed by the host. However, SEV-SNP does not automatically encrypt persistent storage. Without additional measures, data written to disk remains readable by the host operating system. To fully protect node state, persistent data must be encrypted before being written to disk using keys that are private to the virtual machine. - -Sealing keys provide a solution: they allow data on disk to be encrypted such that only the intended GuestOS, running on the intended hardware and version, can decrypt it. - -Partition name ---- -EFI -GRUB -config -boot (A) -root (A) -**var (A)** -encryption key based on VM A's measurement -boot (B) -root (B) -**var (B)** -encryption key based on VM B's measurement -**store** -(2 encryption keys based on each VM's measurement) - -#### Guest Disk Layout - -The layout of an Internet Computer GuestOS disk is fairly standard, consisting of partitions for boot, root, var, and a shared data store. However, the ICP node’s upgrade mechanism introduces a key twist: some partitions are duplicated across two sets (A and B) to allow safe upgrades. The full disk layout is shown on the right. - -Each partition set (A and B) contains a boot, root, and var partition. This design allows the node to download and prepare the next GuestOS version into the inactive partition set while continuing to run the current version. In case of a failed upgrade, the node can simply boot from the previous partition set. - -Only partitions that store sensitive data are encrypted. The var partitions are private to the currently active GuestOS, containing runtime data for that VM. The store partition is shared between both VMs and contains persistent data accessible to all GuestOS versions. System and configuration partitions (boot, root, config) are not encrypted, both because their contents are not confidential and because, in the case of the root partition, their integrity is protected via the root hash included in the VM launch measurement. - -#### Traditional Disk Encryption - -Internet Computer nodes have always used disk encryption for the data partitions. However, the encryption keys were independent of the GuestOS and could, in principle, be accessed by a malicious GuestOS. This left a potential attack vector: a highly skilled adversary could compromise the GuestOS and read the encrypted data. - -#### Using SEV-SNP Sealing Keys for Disk Encryption - -With SEV-SNP, encryption keys can now be derived from the VM’s sealing key, which is tied to both the CPU’s unique hardware identifier and the GuestOS launch measurement. This ensures that: - - * Each node has a unique key. - * Only the GuestOS that was used to encrypt the partition can decrypt it. - * Any change in the GuestOS version or hardware prevents access to previously encrypted data. - - - -When a node is deployed from scratch: - - 1. Encrypted partitions are created. - 2. LUKS passphrases for each partition are derived from the SEV-SNP sealing key using HKDF. - 3. Each encrypted partition receives a unique passphrase. - - - -The figure below shows how the LUKS encryption key is derived and ultimately depends on the specific GuestOS release and CPU: - -![SEV-SNP key derivation](https://learn.internetcomputer.org/hc/article_attachments/46124920593428) - -On reboot, the GuestOS requests the sealing key from the SEV-SNP secure processor. As long as the launch measurement has not changed, the same sealing key is returned, allowing the node to decrypt the partitions. If the launch measurement changes (e.g., after an upgrade), a different sealing key is generated and the encrypted partitions can no longer be accessed. - -This approach tightly couples data confidentiality and integrity to the GuestOS version, ensuring that persistent storage remains protected even if an attacker gains physical access to the host. At the same time, it creates a dependency: before a new GuestOS can access the data, we need a way to verify the integrity and authenticity of the new VM. This is where remote attestation comes in, providing the foundation for trust between nodes and enabling secure upgrades. - -### Remote Attestation of TEE-Enabled GuestOS - -Running TEE-enabled GuestOSs provides strong confidentiality and integrity guarantees, but those guarantees are meaningless if nobody can verify them. This is where remote attestation becomes critical: it allows parties, whether other nodes or external users, to confirm that a VM is running a genuine, approved GuestOS in a secure TEE. - -#### Node-to-Node Attestation - -Before sensitive data or secrets are shared between nodes, SEV-SNP-enabled nodes must attest each other to ensure that the other party is running a valid GuestOS. This is already integral to the upgrade process, where a new GuestOS running in an Upgrade VM must provide an attestation report to the old GuestOS before receiving the disk encryption key. - -As SEV-SNP adoption expands, node-to-node attestation will be extended to connection establishment across the network. When two nodes communicate, each attests the other, guaranteeing that secrets and sensitive data are exchanged only with trustworthy nodes. - -#### External Attestation - -Remote attestation is also important for external parties, such as IC users, who want to verify that the nodes serving them are running TEE-enabled GuestOSs. -To balance security and accessibility: - - * SEV-SNP-equipped nodes provide a dedicated attestation endpoint for external verification. - * Access to this endpoint is restricted by strict firewall rules and is only available via API boundary nodes (API BNs). - * External parties indirectly attest individual nodes through these API BNs, which in turn verify the nodes they communicate with. - - - -This layered attestation approach ensures that both the network and external users can trust the integrity and confidentiality of TEE-enabled GuestOSs, while maintaining security and scalability. - -With an understanding of both disk encryption and remote attestation, we now have all the pieces needed to explore GuestOS upgrades. Upgrades must securely transfer access to encrypted data while ensuring that only verified, trusted GuestOSes are allowed to run: combining the protections of sealing keys and attestation in practice. - -### Upgrades of TEE-Enabled GuestOS - -In TEE-enabled Internet Computer nodes, upgrading the GuestOS introduces a challenge: the new GuestOS has a different SEV-SNP launch measurement, which means its sealing key, and therefore the derived disk encryption key, differs from the one of the old GuestOS. Without a special upgrade process, the new GuestOS would be unable to access the node’s encrypted data store. - -To securely transfer access to encrypted data, the old and new GuestOS instances run side-by-side in parallel. The key idea is: Both VMs verify each other using SEV-SNP remote attestation to ensure that they are running on genuine TEE hardware and an approved GuestOS version. Once the new GuestOS proves its integrity and authenticity, the old GuestOS securely shares the disk encryption key with the new GuestOS over an encrypted channel. - -This ensures that only a legitimate, verified GuestOS can obtain the key and decrypt the data. - -#### Upgrade Process in Detail - -**Preparation** - - * When a new GuestOS release is approved, its attributes (e.g., root filesystem hash and launch measurement) are published to the NNS Registry, which serves as the source of truth for valid GuestOS versions. - * A malicious GuestOS cannot participate because it will have no entry in the Registry. - - - -**Initiating an Upgrade** - - * A proposal to upgrade a subnet or a set of nodes is submitted and voted on by the ICP community. If the proposal is accepted, the upgrade starts. - - - -**Deployment to Inactive Partition** - - * The nodes download the new GuestOS image into the inactive partition set. - * The old GuestOS continues running from the active set. - - - -**Launching the Upgrade VM** - - * A temporary Upgrade VM boots the new GuestOS while the old GuestOS is still running. - * The Upgrade VM cannot yet access the encrypted store or var partitions because its sealing key and derived disk encryption key differ. - - - -**Mutual Attestation** - - * The Upgrade VM generates an attestation report, which contains its launch measurement. - * It sends the report to the old GuestOS (key exchange server) over a TLS channel. - * The old GuestOS verifies the attestation report against the NNS Registry to ensure the new GuestOS is approved. - - - -**Secure Key Exchange** - - * Once verified, the old GuestOS shares the disk encryption key with the Upgrade VM. - * The Upgrade VM can now decrypt the partitions. It then replaces the old key with a new key derived from its own launch measurement. - - - -**Completion** - - * Both the old and Upgrade VMs shut down. - * The new GuestOS boots from the upgraded partition set and can access the data using its own derived encryption key. - - - -This process ensures that encrypted data remains confidential and is accessible only to a verified GuestOS, even during upgrades. The same procedure repeats for future upgrades, maintaining security across the node’s lifecycle. - -### Emergency Recovery of TEE-Enabled GuestOS - -TEE-enabled GuestOSes are designed to lock anyone out, including node operators, hosts, and potential attackers. While this ensures strong confidentiality and integrity, it also creates a challenge: if a node fails or its GuestOS becomes unresponsive, there is no simple way to intervene. - -Even though every GuestOS release undergoes extensive testing, unexpected failures cannot be completely ruled out. Bugs in rarely executed code paths, hardware quirks, or unforeseen incompatibilities may cause a node to crash or prevent the GuestOS from fully starting. In these cases, the Internet Computer Protocol needs a secure way to recover the node, even if such events remain extremely rare. - -Historically, emergency recoveries have occurred only a few times, and the frequency has decreased as the platform matured. For example, during 2025, not even a single emergency recovery was necessary. - -Recovery is never automatic. It is always coordinated by a recovery coordinator and must be approved by the community. Without an elected proposal, neither the coordinator nor node operators can modify the node. This ensures that recoveries maintain the security guarantees of the TEE while respecting the decentralized governance of the Internet Computer. - -The recovery approach depends on the severity of the failure. If the node’s orchestrator is still responsive and can interact with the NNS registry, existing recovery methods can be used. If the orchestrator is unresponsive, new strategies are required. These include a manual rollback initiated by the node provider and, if that fails, the deployment of a specially crafted, community-approved Recovery-GuestOS. The following sections describe both approaches in detail. - -#### Manual Rollback of GuestOS - -Manual rollback is the first line of defense when a node encounters issues after an upgrade. Its success assumes that the previous GuestOS version was stable and fully operational before the upgrade. - -Thanks to the dual partition setup, the node maintains two sets of partitions (A and B), allowing the new GuestOS to be downloaded into the inactive set while the active set continues running. In the event of a failure, node providers can simply switch the active partition set back to the previous version. This action can be performed from outside the GuestOS, via the HostOS limited console, without compromising confidentiality or integrity. - -The full process is as follows: - - 1. The recovery coordinator submits a proposal to the NNS marking the problematic GuestOS version as broken, including a description of the issue. - 2. If the community approves the proposal, nodes will refuse to upgrade to the broken version, even if the subnet record still references it. This ensures that nodes do not immediately upgrade again after a successful rollback. - 3. Node providers activate the rollback function via the HostOS limited console, switching the active partition set to the previous GuestOS version. - 4. If successful, the previous GuestOS boots, and the node can resume normal operation. With the orchestrator responsive again, standard recovery and upgrade procedures can continue. Once a fixed GuestOS version is released and approved, nodes can safely upgrade to it. - - - -#### Booting a Recovery-GuestOS with the Same SEV-SNP Measurement - -In rare cases, a node may be so severely broken that manual rollback is insufficient. Even the previously working GuestOS may fail to boot, leaving the node’s data inaccessible. Because the persistent data is encrypted with a key derived from the broken GuestOS’s SEV-SNP launch measurement, it cannot be accessed by any other GuestOS version. This creates a fundamental challenge: how can the node be restored without losing access to its encrypted state? - -The core difficulty lies in the tight binding of the disk encryption key to the GuestOS launch measurement. SEV-SNP ensures that the key is only available to a VM with the same measurement, which depends (among others) on: kernel, initial ramdisk, kernel command-line parameters. - -These components cannot be changed, as any modification would result in a different launch measurement, making the encrypted data inaccessible. The root filesystem, however, is indirectly part of the measurement through its hash: the kernel command-line includes the root hash, and the filesystem is only mounted if the hash matches. Normally, this prevents any modifications to the root partition. - -To overcome this, the Internet Computer introduces a Recovery-GuestOS mechanism. The goal is to provide a “fixed” GuestOS that can boot and restore node functionality, while using the same launch measurement as the broken GuestOS such that it retains access to the encrypted data. - -This is achieved by keeping the kernel, initramdisk, and kernel command-line identical to the base (broken) GuestOS, while replacing the root filesystem with a version containing the necessary fixes. - -The table below highlights the key differences between a standard GuestOS upgrade image and a Recovery-GuestOS image, illustrating which components are preserved, which can change, and how the Recovery-GuestOS is authorized to access the disk while maintaining the original launch measurement. - -| upgrade image | recovery image ----|---|--- -**can be reproduced and verified by the community** | yes | yes -**kernel, initrd, kernel command-line** | arbitrary | same as in base image -**root filesystem hash corresponds to the** _**root_hash**_**kernel command-line parameter's value** | yes | no -**boot partition contains NNS proposal with root filesystem hash** | no | yes - -The system introduces a special NNS-approved override mechanism: during early boot, if the actual root filesystem hash does not match the expected hash in the kernel command line, the node checks for a `BlessAlternativeGuestOsVersion` proposal. If present and valid, this proposal allows the Recovery-GuestOS to mount its new root filesystem while preserving the original launch measurement. This ensures the disk encryption key remains unchanged, so the data stays accessible. - -##### Recovery Process - -The Recovery-GuestOS procedure works as follows: - - 1. The recovery coordinator identifies the affected nodes and collects their chip IDs and the base GuestOS launch measurement. - 2. A Recovery-GuestOS branch is prepared in the Internet Computer repository. - 3. A root filesystem image for recovery is created, and a `BlessAlternativeGuestOsVersion` proposal is submitted to the NNS, containing: - * Recovery root filesystem hash - * Base launch measurement - * List of authorized node chip IDs - 4. Once the proposal is approved, a Recovery-GuestOS upgrade image is built, combining the base kernel, initramdisk, kernel command-line, the recovery rootfs, and the signed proposal. - 5. Node operators deploy the Recovery-GuestOS via the HostOS limited console. - 6. During early boot, the integrity checker detects the root hash mismatch, verifies the NNS proposal, confirms the node’s measurement and chip ID match the proposal, and then mounts the recovery root filesystem. - 7. The Recovery-GuestOS boots successfully, allowing the node to resume operation while maintaining SEV-SNP privacy guarantees. - - - -Since the integrity checker is part of the initramdisk, a malicious actor cannot tamper with it without affecting the SEV-SNP launch measurement, preserving the security of the node. - diff --git a/docs/concepts/https-outcalls.md b/docs/concepts/https-outcalls.md index e34c663a..fffef8d8 100644 --- a/docs/concepts/https-outcalls.md +++ b/docs/concepts/https-outcalls.md @@ -86,7 +86,7 @@ For exact pricing formulas, see the [cycles costs reference](../references/cycle - **No streaming or WebSocket.** Outcalls are single request-response pairs. Long-lived connections are not supported. - **~30-second timeout.** If the external server doesn't respond in time, the call fails. - **Rate limiting.** All canisters on a subnet share the same IPv6 prefixes. If many canisters on the same subnet call the same server, they share its rate limit quota. Using API keys with per-key quotas mitigates this. -- **Shared API keys are visible to all replicas.** An API key stored in canister state is readable by every replica. A compromised replica could use the key to make entirely different, unauthorized requests to the external service: not just replay the canister's intended request. [TEE-enabled subnets](https://learn.internetcomputer.org/hc/en-us/articles/46124920595988-Trusted-Execution-Environments) mitigate this by running replicas in hardware-enforced enclaves, preventing node operators from reading canister memory. Consider deploying canisters that store sensitive credentials on a TEE-enabled subnet. +- **Shared API keys are visible to all replicas.** An API key stored in canister state is readable by every replica. A compromised replica could use the key to make entirely different, unauthorized requests to the external service: not just replay the canister's intended request. [TEE-enabled subnets](node-infrastructure.md#trusted-execution-environments) mitigate this by running replicas in hardware-enforced enclaves, preventing node operators from reading canister memory. Consider deploying canisters that store sensitive credentials on a TEE-enabled subnet. ## HTTPS outcalls vs. oracles @@ -111,6 +111,4 @@ One extension is under consideration that may affect architecture decisions: - [HTTPS outcalls guide](../guides/backends/https-outcalls.md): practical how-to with code examples in Motoko and Rust - [Chain Fusion: Ethereum integration](../guides/chain-fusion/ethereum.md): uses HTTPS outcalls via the EVM RPC canister - [Cycles costs reference](../references/cycles-costs.md): detailed pricing formulas -- [Learn Hub: HTTPS Outcalls](https://learn.internetcomputer.org/hc/en-us/articles/34211194553492): additional learning material - diff --git a/docs/concepts/node-infrastructure.md b/docs/concepts/node-infrastructure.md new file mode 100644 index 00000000..31d32197 --- /dev/null +++ b/docs/concepts/node-infrastructure.md @@ -0,0 +1,91 @@ +--- +title: "Node Infrastructure" +description: "How ICP nodes are structured: the IC-OS operating system stack, virtual machine isolation, and Trusted Execution Environments." +--- + +Every node in the Internet Computer network runs **IC-OS**: a custom operating system stack based on Ubuntu Linux and designed specifically for ICP. IC-OS provides a consistent, secure execution environment across all nodes regardless of the underlying hardware, which is a prerequisite for the deterministic execution that consensus requires. + +## IC-OS: three operating systems in one + +IC-OS is not a single operating system but a layered stack of three systems, each with a distinct role. + +### SetupOS + +SetupOS is used once: when initializing a new node for the first time. A node provider boots from a USB drive containing SetupOS, which automatically: + +- Verifies that the hardware meets ICP node requirements +- Tests network connectivity +- Installs HostOS and GuestOS onto the machine +- Configures the node with its identity and initial cryptographic keys + +After setup completes, the machine reboots into HostOS. SetupOS is not used again unless the node needs to be re-provisioned from scratch. + +### HostOS + +HostOS runs directly on the physical hardware. Its sole purpose is to configure and run the GuestOS virtual machine. It: + +- Launches the GuestOS virtual machine +- Manages hardware resource allocation +- Handles GuestOS upgrades pushed by the NNS +- Provides a security boundary between the physical hardware and the ICP software stack + +HostOS is intentionally minimal. It treats the GuestOS as an untrusted workload running in a virtual machine, which limits what a compromised GuestOS can do to the host and what the host can do to the guest. + +### GuestOS + +GuestOS runs inside a virtual machine on top of HostOS. This is where the ICP software actually executes. GuestOS: + +- Runs the replica process (implementing the four-layer protocol stack) +- Executes canisters and manages their state +- Participates in consensus with other nodes in the subnet +- Manages cryptographic key material and threshold signature operations + +Running GuestOS in a virtual machine ensures every node presents the same software environment to the replica, regardless of the underlying hardware. It also enables the Trusted Execution Environment (TEE) protection described below. + +## Trusted Execution Environments + +Running the GuestOS inside a virtual machine provides logical isolation from the host, but a sophisticated attacker with physical access to a node could historically inspect or tamper with GuestOS memory by compromising the HostOS or hypervisor. + +Trusted Execution Environments (TEEs) address this by enforcing hardware-level isolation between a virtual machine and its host. Even if the HostOS or hypervisor is compromised, the confidentiality and integrity of GuestOS memory and state are preserved. TEE-enabled nodes are being rolled out across the network as hardware is upgraded. + +ICP uses AMD's **Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP)** as its TEE technology. SEV-SNP provides four capabilities that together make it possible to trust a GuestOS running on a potentially compromised host. + +### Memory encryption + +SEV-SNP encrypts all memory pages of the GuestOS virtual machine using keys protected by the CPU's secure processor. A host that gains full control of the machine can only read encrypted blobs from the GuestOS memory: canister state, cryptographic key shares, and other sensitive runtime data remain confidential. + +### VM launch measurements + +A VM launch measurement is a cryptographic fingerprint of the GuestOS at the moment it starts. The SEV-SNP secure processor computes this measurement from the guest kernel, initial ramdisk, kernel command-line parameters, and CPU configuration. Any modification to the GuestOS software or configuration produces a different measurement. + +For each GuestOS release, the expected launch measurement can be computed in advance and published as part of the release. Nodes running the same GuestOS version produce identical measurements, which provides a basis for verifying that a node is running approved software. + +### Attestation reports + +An attestation report is a signed document produced by the SEV-SNP secure processor. It contains the VM's launch measurement and the CPU's unique hardware identifier, signed by AMD's root of trust. This gives any verifier, whether another node or an external party, the ability to confirm that: + +- The VM is running inside a genuine SEV-SNP TEE +- The specific software and configuration that were loaded match an approved GuestOS release + +ICP uses attestation during GuestOS upgrades (nodes attest each other before exchanging disk encryption keys) and exposes attestation endpoints for external verification through API boundary nodes. + +### Sealing keys + +A sealing key is derived from two inputs: the CPU's unique hardware identifier and the VM's launch measurement. This means: + +- Each node produces a unique sealing key, even for the same GuestOS version +- If the GuestOS changes (for example after an upgrade), the derived key changes and previously encrypted data becomes inaccessible until a secure key handoff completes + +ICP uses sealing keys to encrypt the GuestOS disk partitions that contain sensitive runtime data. This ensures that even if an attacker copies the disk to another machine, the data cannot be decrypted: the sealing key depends on the specific CPU and the exact GuestOS configuration. + +## Disk encryption and upgrades + +GuestOS disk partitions containing sensitive data (canister state, cryptographic material) are encrypted using keys derived from the SEV-SNP sealing key. Each node maintains two partition sets (A and B), allowing a new GuestOS version to be prepared in the inactive set while the current version continues running. + +When a new GuestOS is approved by the NNS, the upgrade process runs the old and new GuestOS instances in parallel. They mutually attest each other using SEV-SNP before the old GuestOS shares the disk encryption key with the new one over an encrypted channel. This ensures that disk access is transferred only to a verified, NNS-approved GuestOS version. + +## Further reading + +- [Protocol Stack](protocol/index.md) — the replica software that runs inside GuestOS + + From a8770d589d8726837f08958d70deb6e70ce9387a Mon Sep 17 00:00:00 2001 From: Marco Walz Date: Wed, 6 May 2026 18:38:18 +0200 Subject: [PATCH 2/9] fix: replace em-dash with colon in node-infrastructure Further reading --- docs/concepts/node-infrastructure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/concepts/node-infrastructure.md b/docs/concepts/node-infrastructure.md index 31d32197..1507d263 100644 --- a/docs/concepts/node-infrastructure.md +++ b/docs/concepts/node-infrastructure.md @@ -86,6 +86,6 @@ When a new GuestOS is approved by the NNS, the upgrade process runs the old and ## Further reading -- [Protocol Stack](protocol/index.md) — the replica software that runs inside GuestOS +- [Protocol Stack](protocol/index.md): the replica software that runs inside GuestOS From 60ef25b01bc1180465f90e067578110ff4a605bb Mon Sep 17 00:00:00 2001 From: Marco Walz Date: Thu, 7 May 2026 12:25:07 +0200 Subject: [PATCH 3/9] fix(brand): expand NNS on first use, replace banned term workload - Expand NNS to "Network Nervous System (NNS)" on first occurrence - Replace "untrusted workload" with "untrusted process" (workload is banned vocabulary) --- docs/concepts/node-infrastructure.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/concepts/node-infrastructure.md b/docs/concepts/node-infrastructure.md index 1507d263..7e624f81 100644 --- a/docs/concepts/node-infrastructure.md +++ b/docs/concepts/node-infrastructure.md @@ -26,10 +26,10 @@ HostOS runs directly on the physical hardware. Its sole purpose is to configure - Launches the GuestOS virtual machine - Manages hardware resource allocation -- Handles GuestOS upgrades pushed by the NNS +- Handles GuestOS upgrades pushed by the Network Nervous System (NNS) - Provides a security boundary between the physical hardware and the ICP software stack -HostOS is intentionally minimal. It treats the GuestOS as an untrusted workload running in a virtual machine, which limits what a compromised GuestOS can do to the host and what the host can do to the guest. +HostOS is intentionally minimal. It treats the GuestOS as an untrusted process running in a virtual machine, which limits what a compromised GuestOS can do to the host and what the host can do to the guest. ### GuestOS From 6684893ce15c47ed9c3853e584008605e8289e60 Mon Sep 17 00:00:00 2001 From: Marco Walz Date: Thu, 7 May 2026 12:47:45 +0200 Subject: [PATCH 4/9] fix(glossary): link node provider, NNS, and replica to glossary on first use --- docs/concepts/node-infrastructure.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/concepts/node-infrastructure.md b/docs/concepts/node-infrastructure.md index 7e624f81..d6a16967 100644 --- a/docs/concepts/node-infrastructure.md +++ b/docs/concepts/node-infrastructure.md @@ -11,7 +11,7 @@ IC-OS is not a single operating system but a layered stack of three systems, eac ### SetupOS -SetupOS is used once: when initializing a new node for the first time. A node provider boots from a USB drive containing SetupOS, which automatically: +SetupOS is used once: when initializing a new node for the first time. A [node provider](../references/glossary.md#node-provider) boots from a USB drive containing SetupOS, which automatically: - Verifies that the hardware meets ICP node requirements - Tests network connectivity @@ -26,7 +26,7 @@ HostOS runs directly on the physical hardware. Its sole purpose is to configure - Launches the GuestOS virtual machine - Manages hardware resource allocation -- Handles GuestOS upgrades pushed by the Network Nervous System (NNS) +- Handles GuestOS upgrades pushed by the [Network Nervous System (NNS)](../references/glossary.md#network-nervous-system-nns) - Provides a security boundary between the physical hardware and the ICP software stack HostOS is intentionally minimal. It treats the GuestOS as an untrusted process running in a virtual machine, which limits what a compromised GuestOS can do to the host and what the host can do to the guest. @@ -35,7 +35,7 @@ HostOS is intentionally minimal. It treats the GuestOS as an untrusted process r GuestOS runs inside a virtual machine on top of HostOS. This is where the ICP software actually executes. GuestOS: -- Runs the replica process (implementing the four-layer protocol stack) +- Runs the [replica](../references/glossary.md#replica) process (implementing the four-layer protocol stack) - Executes canisters and manages their state - Participates in consensus with other nodes in the subnet - Manages cryptographic key material and threshold signature operations From 8aed473374638b47650bea14cf140bdf81decb16 Mon Sep 17 00:00:00 2001 From: Marco Walz Date: Thu, 7 May 2026 12:56:33 +0200 Subject: [PATCH 5/9] fix(validate): replace cross-batch protocol/index.md link with glossary link --- docs/concepts/node-infrastructure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/concepts/node-infrastructure.md b/docs/concepts/node-infrastructure.md index d6a16967..7bf5a7cf 100644 --- a/docs/concepts/node-infrastructure.md +++ b/docs/concepts/node-infrastructure.md @@ -86,6 +86,6 @@ When a new GuestOS is approved by the NNS, the upgrade process runs the old and ## Further reading -- [Protocol Stack](protocol/index.md): the replica software that runs inside GuestOS +- [Glossary: replica](../references/glossary.md#replica): the software stack that runs inside GuestOS From c2ea9c3b46e2119fc167668c67377b90ffec2b67 Mon Sep 17 00:00:00 2001 From: Marco Walz Date: Fri, 8 May 2026 14:09:34 +0200 Subject: [PATCH 6/9] docs(node-infrastructure): restore missing TEE content and images from Learn Hub Adds three missing images (TEE overview, attestation report, key derivation diagrams). Restores content dropped during initial migration: node-to-node and external attestation paths, encrypted partition names (var/store vs boot/root/config), HKDF/LUKS key derivation, detailed GuestOS upgrade process with Upgrade VM and mutual attestation, and the full emergency recovery section covering manual rollback and the governance-gated Recovery-GuestOS mechanism. --- docs/concepts/node-infrastructure.md | 37 ++++++++-- .../tee-attestation-report.svg | 65 ++++++++++++++++++ .../tee-key-derivation.svg | 62 +++++++++++++++++ .../node-infrastructure/tee-overview.jpg | Bin 0 -> 176749 bytes 4 files changed, 160 insertions(+), 4 deletions(-) create mode 100644 public/concepts/node-infrastructure/tee-attestation-report.svg create mode 100644 public/concepts/node-infrastructure/tee-key-derivation.svg create mode 100644 public/concepts/node-infrastructure/tee-overview.jpg diff --git a/docs/concepts/node-infrastructure.md b/docs/concepts/node-infrastructure.md index 7bf5a7cf..f21406b1 100644 --- a/docs/concepts/node-infrastructure.md +++ b/docs/concepts/node-infrastructure.md @@ -50,6 +50,8 @@ Trusted Execution Environments (TEEs) address this by enforcing hardware-level i ICP uses AMD's **Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP)** as its TEE technology. SEV-SNP provides four capabilities that together make it possible to trust a GuestOS running on a potentially compromised host. +![Securing the Internet Computer with Trusted Execution Environments](/concepts/node-infrastructure/tee-overview.jpg) + ### Memory encryption SEV-SNP encrypts all memory pages of the GuestOS virtual machine using keys protected by the CPU's secure processor. A host that gains full control of the machine can only read encrypted blobs from the GuestOS memory: canister state, cryptographic key shares, and other sensitive runtime data remain confidential. @@ -67,7 +69,12 @@ An attestation report is a signed document produced by the SEV-SNP secure proces - The VM is running inside a genuine SEV-SNP TEE - The specific software and configuration that were loaded match an approved GuestOS release -ICP uses attestation during GuestOS upgrades (nodes attest each other before exchanging disk encryption keys) and exposes attestation endpoints for external verification through API boundary nodes. +![SEV-SNP attestation report](/concepts/node-infrastructure/tee-attestation-report.svg) + +ICP uses attestation in two ways: + +- **Node-to-node attestation.** Before sensitive data or secrets are shared between nodes, SEV-SNP-enabled nodes attest each other. This is integral to the upgrade process (see below) and will be extended to all network connections as SEV-SNP adoption expands: each node pair attests the other at connection establishment, ensuring secrets are only exchanged with verified nodes. +- **External attestation.** SEV-SNP-equipped nodes expose a dedicated attestation endpoint for external verification. Access is restricted by firewall rules and is only available through API boundary nodes. This allows IC users and external parties to verify that the nodes serving them are running TEE-enabled GuestOSes. ### Sealing keys @@ -78,11 +85,33 @@ A sealing key is derived from two inputs: the CPU's unique hardware identifier a ICP uses sealing keys to encrypt the GuestOS disk partitions that contain sensitive runtime data. This ensures that even if an attacker copies the disk to another machine, the data cannot be decrypted: the sealing key depends on the specific CPU and the exact GuestOS configuration. -## Disk encryption and upgrades +## Disk encryption + +Each node maintains two partition sets (A and B). This dual layout allows a new GuestOS version to be prepared in the inactive set while the current version continues running. Only partitions holding sensitive data are encrypted: the `var` partitions (runtime data private to the active GuestOS) and the `store` partition (persistent data shared across GuestOS versions). System partitions (`boot`, `root`, `config`) are not encrypted: root filesystem integrity is covered by the root hash embedded in the kernel command-line, which is part of the VM launch measurement. + +LUKS passphrases for each encrypted partition are derived from the SEV-SNP sealing key using HKDF, so each partition gets a unique passphrase that is tied to both the CPU and the exact GuestOS version. + +![SEV-SNP key derivation](/concepts/node-infrastructure/tee-key-derivation.svg) + +## GuestOS upgrades + +When a new GuestOS is approved by the NNS, the upgrade process runs the old and new GuestOS instances in parallel using the A/B partition layout: + +1. The new GuestOS image is downloaded into the inactive partition set while the current GuestOS continues running. +2. A temporary **Upgrade VM** boots the new GuestOS. It cannot yet access the encrypted partitions because its sealing key (derived from the new launch measurement) differs from the current one. +3. The Upgrade VM sends its SEV-SNP attestation report to the running GuestOS. The running GuestOS verifies the report against the NNS registry to confirm the new GuestOS is an approved release. +4. Once verified, the running GuestOS shares the disk encryption key with the Upgrade VM over an encrypted channel. The Upgrade VM re-encrypts the partitions with a key derived from its own sealing key. +5. Both VMs shut down. The node boots into the upgraded GuestOS, which can now access the encrypted data using its own derived key. + +This process ensures that disk access transfers only to a verified, NNS-approved GuestOS version. + +## Emergency recovery + +TEE-enabled GuestOSes are designed to lock everyone out, including node providers, unless a specific recovery process is followed. Recovery is never automatic and always requires an NNS proposal approved by the community. -GuestOS disk partitions containing sensitive data (canister state, cryptographic material) are encrypted using keys derived from the SEV-SNP sealing key. Each node maintains two partition sets (A and B), allowing a new GuestOS version to be prepared in the inactive set while the current version continues running. +**Manual rollback** is the first option when a node fails after an upgrade. Because the previous GuestOS version still resides on the inactive partition set, node providers can switch back to it via the HostOS limited console without breaking TEE guarantees. -When a new GuestOS is approved by the NNS, the upgrade process runs the old and new GuestOS instances in parallel. They mutually attest each other using SEV-SNP before the old GuestOS shares the disk encryption key with the new one over an encrypted channel. This ensures that disk access is transferred only to a verified, NNS-approved GuestOS version. +**Recovery-GuestOS** is used when manual rollback is insufficient, for example when neither partition set boots. The challenge is that the encrypted partitions can only be decrypted by a GuestOS with the original launch measurement. To address this, the Internet Computer supports a specially crafted Recovery-GuestOS that keeps the same kernel, initramdisk, and kernel command-line as the broken GuestOS (preserving the launch measurement) but replaces the root filesystem with a fixed version. The mismatch between the root hash in the kernel command-line and the actual recovery root filesystem is allowed only if a `BlessAlternativeGuestOsVersion` NNS proposal is present, approved by the community, and lists the specific node's chip ID. This ensures that recovery access is always governance-gated and auditable. ## Further reading diff --git a/public/concepts/node-infrastructure/tee-attestation-report.svg b/public/concepts/node-infrastructure/tee-attestation-report.svg new file mode 100644 index 00000000..6df2d8c7 --- /dev/null +++ b/public/concepts/node-infrastructure/tee-attestation-report.svg @@ -0,0 +1,65 @@ + + + + + + + + + + + + + AMD SEV-SNP Attestation Report + + + + 1. VM Launch Measurement + + 3a7c...8b2f [SHA-384 Hash] + + + + 2. Hardware Chip ID + + 9f8e...5b4a [Unique HW ID] + + + + 3. Custom Report Data (Nonce) + + d4e5...1a2b [64 Bytes User Data] + + + + + ... + Additional Fields ... + (TCB Version, Policy, Family ID) + + + + + + + + SIGNED BY AMD CERTIFICATE CHAIN + + + \ No newline at end of file diff --git a/public/concepts/node-infrastructure/tee-key-derivation.svg b/public/concepts/node-infrastructure/tee-key-derivation.svg new file mode 100644 index 00000000..8802582a --- /dev/null +++ b/public/concepts/node-infrastructure/tee-key-derivation.svg @@ -0,0 +1,62 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + GuestOS image + + + + + AMD SEV-SNP + Launch Measurement + + + + + AMD SEV-SNP + Sealing Key + + + + + Partition specific + key material + + + + + LUKS + Encryption Key + + + \ No newline at end of file diff --git a/public/concepts/node-infrastructure/tee-overview.jpg b/public/concepts/node-infrastructure/tee-overview.jpg new file mode 100644 index 0000000000000000000000000000000000000000..bc33a7596a537c34d28d9e619e79b931337acc44 GIT binary patch literal 176749 zcmb4qcTiJZ^lcIXgdTdRLP)5gN)u2*PXU3@LJv*p0-}IeLNydAA%uWPld7PhDuNn% z5fuRu5$UL?C?JAZU%ua)H*ewjL{JP1aDX|vxFJ03?m#F22m*7mT?TV=a6x#ugn%GncE2Jgmx!(fx3efbAQqyRB4$}w z%_FWv2yE>;8uvm1VU@bFEvauEbe7t-gLDZ_E2_EK-Vak&F|cusr%kCEyPc}-7%;RA zNnicX1>pbd0{aL1zb@Fby#;b`fY=^zg1NcDAP%-m9AIHiMO_gKF6RJIcx(!{USV}> z-wQD%OTuC3_%|S2lb5{OVxtiXep0|Rd@syy&rFg01!7OaGpS~_ltsb+

z;dnLGcLYR(1PD#Bh$ci4K{@~dcqd3V!Yg+S)~3}JsLIvEFydP+SqU4ChZgBP`okJn z8J0kBa~rWJcAmYuKsfx}WIR)_b*^uU#c4r4GyI>8v|1v%0GhdO-C3aEBx{W%D_5-_ zKn)6j9dalTL_TOW=m6;vPEX_yibjOenK;`QFw5f<2&Owrt-vznw;!lJtI>Z- zyt&vRB+bd`9{`p|cQzq-F@pQ4C*%+M{q$?2>y*g5*w*zQTQaNwavj%kEU5`|} zG^mRwiY@eVnXao`spX?~^H#0IdHHG&*ip)~MO*X1DdM(<6zNmyd-DVYDZ~q3w?edRI?|rY{WmxjE}agtG{a4#_V zQozkI3mjSEci)!-j;GGJ7uM*o# zYf8pkpQzQ$eHlOfJvXUIP4Sn_&fG|${S+kn#Rc8)Xu`uq?W;(U^^wxup%=D@`)Ul7 zU2U*kkVph-gdtl1|FExH*Xqi;0(qnzB%gd!J{*5vH{L$1S==69t8qVv6y#tyk(4rJ z7y3}lK|gz@FfL$iJ;))1R5q6ukz|fdRlo(T6|HQdbU9f zyyd?psN|?H#b+)|swMa$bpsWf$xpU`ut4VfL#w)!4Atc0J=VLx$%@HM60J>wJF##q zFbeP~6;J|ZnONXNtk9nF09)$hr;5o%ArQn#D6z0^gqm{FrnL0I!S@TQEKy&b)~|~mQ=Wj zXY_ecZ!O1!MLbMy!H8|vKNh2)&pDY0M4`Wm(CsNYn%O6-);jFn`6+D=jTQ&3q=cz( z4&?J75jwt#Wz};&F%6D#JIu-3Q41a=5ETR)vNnT;HnM9=5K$9ys0S$bWcFY9i3fPM z!0nH;Al*|UYYY*suo;rIUV;D!$+G)I-++3GjsColL&Z;_4SyR6A4esQk$!oa`mSx{ zA})X|P82Fpfz(k0?(Ta~XrU}H=y2c;S3l4>AdzZKNa1ArxvWvh42^`xu<8zUm2#Tp zszBm$mirNXnXteNv2Q}@SpzCrznu}aOipb=6kv{3JLd-wYvdLhJjpWvDkhCA%D`kG z(l2AS=K|6}=b|sc35YyXN?;7jReBgiAWC}muuek7^N&PDPnFyWH-)6u}hkIEANCl2QGltGszoPSu&kh$X01CC;0jArT$p^*^ zK=PxO2l(Nf8J=D5lweA=86@+lG8O(vZui?2qyc^s@B%|0797Cg3{f|;$b?x~c5*9L zu_u6BF=nt_=wzTynhd~jjgd(i-~(tbO7fF+X0WRuX&zJVeX=E|gjS#qSxw1pLL++& zW>0R5Ov;Fmg}eaG80z#;X4jE0UXQXU9f0uGcL7~Q4z_^S zbQZ6=DLQEMG{;$BK7#DJ+`0;so+DVC))`wLE|@R+HLybo(F4(j`c^rq&B{uupS@(8 zYBQX=!Hd#Jf@LV8GuKgq%~yPI|L!@rnHCkbM_cP>1VmjTON7gv3HgzUabYR=l*Z7KBx z+_;Ksq@QwrhNw-dv**8jO(MF&S^aYI_41|B-J<0)l9=;rq+^ry@s~6| z1liqAJZ=B7sC;eOKRLxsBa6~vrH&3sM=@rkzc?@&IlE%7Fb zvXr5V!B<{1eEY))HA#a30e^fS+J$s5D@Jjjo!87q9`$BS^HOFKb84Iox`vK&^w?T1 z505EZz3#QB`Si6k4+aA|kWi)+TUukBgDdx;M;8AW)c3t$R+X?1;HcS9_w zCF^+2-Xcy#Y@7zX#}WEK`>cfXb52napyEB<^Pc&tyRLR%o7UGfoD6Lufj$2O4hiZ6 zhzy#CcE-7=QV6~&tC~dh80h`C=DB7#AGAwQ_jjFDeGNdgwP&I9bNJfj#yyea{9F_a%T)UvnQG5RWaxk(+?W`Vk`K56BzzHFbt3i z=6oUUuS*`yVdXdm2&elnAS8B*z^???1_Q!W815D9$0}5Chsz$84HgaMzki%uTfZ4$ z#%1rfp%Djz@KbcSdiE)yV>xI7CZ=#gLyt75pc5Ua6KvB9X_)zqeo_d*KDZZQ89?v* z0>`RpUEe0*<9G<@J5LB+N0 zRw8u3&(D)0YW!XRP;mn#x`3OKY&~pxZ3^VmYmS2nol2_%h!M?nHDWE_PNXM`wWdoj^c*~+T`t_JBUDHK`5nInQFhsp?fm_#PPc>cdu*0RSdXjY0R^dk?hk$yE+B6x@dG<_)?|y4=%&eIqK@ zbI&7D#V5eCzAMx|>lz(rNGyk^4Z)iveF*xyjZCF8q4!WPkRr?2yeeYr)$9S`?eGg( z`7hTO%TCFDvQqZ?s8cRc--c6uRIKjPi2^Nn8U8%pqOnD|_R#UR8shJ%24aiX8;9Fo zC9iV5{YBR!C2!xnD|XY+apb+*^HVn*oE{%n&wtA!qtYs&8G0}pM*pd?@7lC?*WA2x z*NF1v+^_2y$8pgPJHKx)-#3hF3=M87!9B?OXx?6g(o1-sBC#>HaXc@XM@cVAw@ATp zqLaG0o=-0$-1r5Gd_Q?PMh*3=jJ>8TEx9!XIpWdo)c&RB%bs$G(X_ zFIDa~9#+>ly*yW4?ekrdA(Wv-vL5JGu$Ng}`8AUF;}y1Z>bvR#-A$Kl`iaChlRvdT z{PKAGvLivGYvHDf*penH`tNjaIc9F;$W-2Ltb@;MlZMSOahNc9o#z#zh{P)l% zV>ip5H7LKTm9sEXHlSYasqk~?cA9*I>Tv0XvbJN8bOfhMKi(uU=jK?x>Uw=d*A2tO zZrF5MpY@>WqBeU{xgXBqG30?6W16T=jJ<`*nX8E}hqaNp}i-`UO7J=aMZFMg5cOMOgU&?=s9eO1%e^TB&hgej!V?_MCBFj4WAMRuy2WJw@N~RVTWit1YbPC*0AKFN<`$C3`^u^JE(Qtc8tJ~@C zR4CxVy;a3rimS53fPxn7AZ|RrUW8+!2{E9^E4goKfIkII|0>KrXJEhn z*9Q{8s4&>Q1*$r|u;9Hm6NfBlKw)N9<54#9l6gdN=FO33ToeG~m8>;%c0jzndtSWy z0>;(#g#d|cDg*O)AY8BKD*aBWjxr56laYQpWQY>K^6hJRU2zg+g@nF)l48N`_^p~vHmwSPiw(D zMG&Q4&Cw^A<9yW8j($_0pOnD*wmgqj`D*d5UrUzJl_(XGWLxf*``|Y&% zZ_3KfdHaW)%e~P4@pmPoHMcJfe``YO)Mas^h}i|tc2J6oPj!~&mq9xjzqj5`cs=cI z_&MFg-E<9kDH?(ac6lj%*b#oK(XGhj;xLXoU@qCl!3+h9t6$G8Z4V1CTwNp1bf#YH zpw%x*d)hPCT_E#_v!`A$ra!c9B@SA-^$yQ@dM@%rJ#y7?DQQnaP4nj1 zM4*d`^jMCs<@;;)4~l&>J~8)m$D`Gay}_%if4-d5Zh7c@ed^?mm#2AsI$g3I=r{Ct zn)^H9t*Y+tmn)A}|KUBnE%WrD z6Z zO?5dujZ17C%zRkWxuh^(eJ1vMfr~wa)KM7%DV92&TIyE2gz!Z?HMH=ky2`o}^X$1Y zYQ4?z(e{tIJH%6nx8=VW4>STxnbG?jR8yu$=n7u-hO|WM=^+<=eg!?L^ z=!CPxcX)$Dx5x-1^z-<7h7%40M>+DhH1mzjqU=2cSDSr*S%vUUqH0+Bm>a4YD)?R# zQqid5G;1)+Q2|ph!0QSK0tN?;0<{!Sve0!14_?7sC(Dtefa^-4=t7%m)xhb%p-~>t z7H4ZApl7w{U+rjO1-ij$I%bl;0tT64m23gSBe-8bKb3eGr8JW&W|NYM zC4n$%-MuGu2KYTXSFsqkP=%5sxiZUsWJ(excg zOXK&onNv$Q!bu^?A}4o@Sz{!iw|~yyGQ?FTRv;Z`S(<*7QOHcW?eriWoN`j&2Xrh_ z&l}Kqt@zM-ugdwGSd*#TpB1VK#LZqiBvO%?g&|ZW!1)m;r3?gD5wtF#m-R`hVF;VSrmiWvI^BfI#W>%cKD%021``-f~~2oR;-$(U&06J`HCj2EIZ`R&nrRPDPmZYd}s?~vdItbK77E5sD(x(q_f(+!rJVxxSKjm0lSg?9qSG5SDTC2O= zU4)k3>}#3fowetZ=b4glE-C~&(}INE`MlD8#wTV$Up-BERQznlwaC3nffG&G!$-}> zl{%&`B2BVRehOJna-^J~HabV=RmwN~p7>@TAwJYDaAC(j2wLiV%0~V$A30- z|BHCla^%Yw#3ME)^0@ym{A`76`jep#YP#U#Gu107q4@j1Z@QdaernkBRL$7@{)fm% z)XwV{ZC8aGdk-AHBpQwWC}$yG6#oNIUuIUfs5;oD{O$S&poL%gES}&Y*tYrYA3!O= zW7EA~OtzTk+~N6O3C6!SUiy5R!SVcvFTyLQ#_@)$QMs;xb#dQ)(&jRI&&@k#?p;!E z4%go>KDd1O>h*|6MmzHNcwEw4Hy=HD^76pgB7;PX(xH{@O(-ynY*gW1R}>HJ+)NG( zOe13ii;tnk9omYYImOoyEsZfU{cBN!&e<#CCmA&ZPDd8gAkwO?GdNVpHR~^hiPR?5 zBK_Rc17v|;|< zmHcJm)++tH?vT-zliOB-b4d@Gc#CR4y;2cs@y-b7oCeqrjDp{MxKves+uKfD()Hr2 zciA`0BYKb67vBExEb``$=)u+t_JxHy4{#UVA8)~)iknq(9zBf+)c{IZUT-7r_eONy zkX{-TySY_Ao&EY-#xubsi=D3ankVAs$wJBphvu(>J}g#zPlJCyCeox6{?cXjD2J?G zbNW-{qm|cJEdLg6T)3Orsi~w#{h0a}Ir4mTzlCGi#IQ#khOfW0rdj#nuYbV%e*obd zmrIK4T!T^92+D!kT)yWbJ59p4hSbdNzWVZO#Ad~xZ+!Fi?PAKl-)Y6QO4;dF0<$%# zai3Nq?Eeo?^eeyI!&F@1>Gf<^duOdW^)N)GhwjJL>L~6E$e)}&Gm`{K(WG<8$NQBZ zUAtc%y!13awsK`F=cUP!(MLl+#Z8J!L`(hw+W+8Y9(-yNpB@QRW`vwvI+UDyjCQ+o z^!vs?z~_Ge=O*2Y)9EucJ&=jcz4ij8i=G348uj@MA7OU9!{_u#O>>){l9s!Fb7`Ay zRO-?v^O>LKRYyd`{#aP|7FSAYoiyeuyTB}ZW z^4HJL_j$;6Np3)si~GGO_1jl}{{#F3yej)Te%!L2kXiLcsNeY9dO}M*sR=K!ekL?z z%)UtDdIY5lDdH{OOpomuYE_HiuMVajzbk1yTpp8MAL*w}^nvX<(3(55_A~Q7kI-=M z5E|Eqc9O-$NOc#l=2B?bI2YXon*UzEXVUdJc09swpI7d_?%n&~PE>LDlQ!Vy6TvZn}xk*_|5qnRGU&JvP zj|#&BJ3t5fS)wvzE~kK@mFaQCAuULY{p^3P%fVZ>glKjcLWz;EM!}{9kF-zDzy^PT zn1~_yB1tvjEKrS~oxt!@;u{?fkydNjQI{;Y71)7bXl+q2P zr9D1H9#7kaZY8=?^+-c%n6sO_!L~#VlX9rmq?B_3I~+45c+|Kl{EX2S>(7PX$q%#x zPTmQS3J+EQKh}g2Yj;7wh1fwZYrj#K-9|yfO#4SDm%yi60yK7cNluMy`2m%*I1siM z{ivXo!;wln|8`lAbO6s%fL{K-teJZch+A?(R%zM0l9%PG3E!?PBuaQpkPm$iL5Od9y4p_|MZp-fHsf0;xoRqlV{nf>Ap779 zK|!UKP>(Ru84C_!iuqGauy}Z50iSi_7d;}7QRClhj#b#1d}{bi3nEg{ zZ^!{E;og|q&0oyN!Le`)AJ7-LeT`IC1&XxR@KmMQzH9;y#uwvLu$PT9v(-xwg=#J@ zS8Bl}hcu#)i%1jBQTQ#R_@m2BZna*-SOR+rH}51bJs# zbBh-C`~_n!L%>FI>r}dy&vWXDKK&wT;{a zwY4Lsi45?(T3XyCftn$;yK(h@Yflz=FAv^v{k-BMYLikm1MYne@O3!2+hJ1KmiaYE zA~v=R8%GM9arvPB&S_@zsBlOJtNz5QW|~W0;BmXpb<E49sCz03qVL!YOZ49FasmX0dw+_=0}EFrSx5A#$K7U)h8BfIZ1+Btbt1jTaqqG z2O`hxs&2o$b<Kj7_f`DJW@|0aMW;1Vt|?zN2sn_oyuyiY08PSu=lA9k`7yMBITs* z!BP205e>$%oS;^F`j9$ab%`;Wo*mqlO(z;9K0po8aHoX){IoDN&KksTHU)|5u{Ijg z_jKd^?31jULQf-xn!dQG7H`hXGv?*uT-VmsF45SGS>jyFNPv3@qSvP&4{oqDg}CLs zCyothI>?a(8K=sbQC43ou4-en8o>HG2FxSasRgv{%FGyN_4F7F!x=4Ag9W)XnhrEj z38Q13jKMrkvcL#bgl=h!*a3`@$d93dg*?#;a&dBVEF#_M$i$0dZ#Xn5i?N?TiO5T& z4uSQ~IPO+q&auL@W3p&7c^Gd?*Necnl6TPf5^{G^_RZSVNy%YL@^ZzbluqE|>yEWt z_A-{L;R3>1{EY@Ft|)xJlcBu$TYxu;m(5dVB z#PaynoG%WB$bDVTu`lE?L9ci0h$Z&%v?;qr{Q{@1C8zZg{iOmR9VRVL%s4j-u{`q} zaDJzYcRwwHejI|Y4e-&)t$2RRN{z=l5)B0f1OvXUP(Jvek#p4RKUFA41s4%oVFzc{ zI(UJ??XWG7!OqiqtrAiB+;e{w{(Lx0lRBPQHod6AU#_Dne$<$cm)57ljwAp(<7xLjKP&_DPp$|?P0-%_^*pH zb!>&e7g_7-R%Ui-=RB$(sUXhvplYsM7dP-n0ozJdKp0ldcAS)g7X|uLA^~!}wSz07 znGR@T<-YYEb3l=Jii=-&#*dRT|EW;ABVHUgbFq>rA_K_?P`Q-rh*yEQ=$?cnvo%*~ z5W>mp3|a-ctcVSgLX@LFn$GjXWBM9f&t4(wWcGoY2X{hsvijlA=1;EorSkxaBeCQP z>ai~*ejS-iIA8!m@G%GNlXXV1o!93Dt?CLYgiI~csS9dn9y#8(E?iay5^49pr-~=qb!}*+y5R69WaSJiA?p~Y8FZQP;-&iEy z`ZaTU>UV4FH~AoyzO8Pn#@9z0<5$lUMmAhk6D_dhPr|4BjtoK`=O-H zsL=no4LtIwm;v8B3LhkhWjt}YpFH$LO0DdR%P~@k&|Z%7HG@aPh?xh(gPfpu3LSIB zmtl36=t(@pFzSq)h8)FEXF69s4$+&#zi&0G?Cdt(1Pg>b{@(TBm? z76vq5C7r-ThhzP*Ub=3$nty;(jSntOB_2R=Vjm5Rdkx;gTCiHB(j9AwY|K*cJfG_W z>j|(J-us$L4yC)#@zWPn=!j|AOAVZ-5*2%b`D0i9W?63q-sCw+_Z{dxTNnW9aMSaATefpvL?bjTUcK}kaL$Ag z3D+x9f95B=e#!60@aBlaJ9}2!h1z%a0Scc=@CHp`uYRB9p0N9JbFR_$(xXbk#yfAN z2a_lAziYbLcCN*Tosd8N?xAGK?ZeX-FW!53;?8%O+uzNjo_nT79;$jzuk7~HX1@NS z4psihxjp;hQFR#ZZF1wjfRgppo{6tS$Bci{S(P37iH&qN75NWfVPBf_al~2RwN!Wk z*Y`%mH&+=mp!p5|Vlm=DHXQ=|+Zvb5_(mjZ5VgDd*|=mw9c^ASM~$YJ?tLuTrm@EPvn!f={EBL;-XprZ zVQhz|NCQ8hl}j^6Bh&`@C}2whvO1T4{`g9fMl4HAU|!CQch=(Fn<+V6A8g&-Mz-#( zT4$H*+cDX*B66rxGWwtu0B~MTFD8{03CC`RMBWx&MCvj#(OP~os)a4BSlir0o#av80#lvwDjeOV&L?aZaj?HH21~bK?^K@o(osM%Auox39dwl;l0Q2 zfx+IA&KLwYTcrWYbU~Ph@*O1`j+^D6iHuunh{Acv_$Q(q*DNemRNGL$_*La{FAmd% zf;X+8g%N{AEV259&MM$J_FYRDH7L1)X|*9mmjhi)DQpqL9Sm}R9#Px_WK{70tdNBd zoGKJQ!!I}=XR4VoXj$H^ZU#!B(d>_Tvn1!vh|qZyoB?SfIEUiK)TgX0yb_WuFFOz* z!qJ)~g-RRr&=H+VX)NJp*EnO&o{Cx)nVVL7)#r{q)>WL!AUvTBAj(uyu+dAojyOPu z*mWZ|dj`-@cRoM=LO~$>v<`s1$oo*Pet_ECekLBVSHltUSNOPUaGPj{oN7gZ$b{Yb zv^s8#nf2c*vw}1nQPCN3-69=R6MZ}7KMlpXihh0t4(b=9Ep8m(7{WL~lYP!mEESAUblKM&6=#0pPkL@2x(z0$0#Ga9B?WU?3lowW{Q{A`tWA>6wyXFBraRst2jYIS?k%x(Yzs1n&tH=&3t7P zRgF-748AZl_BjxT8u3T@47D!QIE5VL>ozqK4%e+MJEgw?E%~0K)R#BQ>+z0r1Ulqc zB!?B8+&Kfsgh#qZA?~(6FDTu`{v8fL9lySD;)Py)-DCdxpSw8-_L>eesvp1SQN6eKYOYfI9d8D@FM zN;IT)+q5-hC@P(NC);Aj$EE)s(P6UeAvaDNvgk4!7<6ZzedzMh-T%YB)Abwe2AZxv zlg^52>V-k6oh>%xIJErwup6&lcO_15uSNO2=c8*a%0-u!O5ShVjrschsQ7rseQ-f% zwp@wJGk7KOVt*wxcJx`Csy9 z;PxFV7?}%OQk$etvb+17I4D9AHN3qOHEOlxIO*0T=kn2{DE9Bk7e@a8x!S*#o?I^8 z{j6ECU-tu!_@?=Ma{S;Z_OpFrtubPV(MFgIiuEFDkbZXOcyQ`vkG2cZVBK*+PXolE zU+j9%Y?DOhpVF$b{zuUTq(Y9 zbU$ZiS>mV7Sh4;jFT)s<^$Z*fZ7k{_Dp3GPwx~y}`>8OvY7y*8x-pQM>z%9noM5e}Z$Q)2NT zsHBglT#4yLkJm(JCMd10D961FJ%wHP2voA~i&7_RpIvz*!VeT+{FLGrg{bd3Qcy9f zRl{Wxn?WR4=$zoAvvqH}#LZR<|E%Uix1%6Gr;GVkbL6%mI z0v_<&+VDkOqBxf0N%EXEz2EX`oFH59rb4EA4TJXPSz-m_S~h*;PTeFFtS|tuxt@*T zoc}Y(*+e0TYz%ev3dK&7%ys03-n>e*WfDvGC0gf3CN_ij3)Ik=!p0=vIWFjCFs%qq z7f9D5%32aDhY{t5mK_y_Y}r&Uos+;2hlR+Et=m)@PL2gf)748Nj@0TAWu$;Eb!9sW z1sP}w9f7IAt9TAgI$$MhO9adZ?f|c3Tf|)oc!0%&s9OBI+Ddf=JzMvLPqWn)HX=Ue zx@x3?PqLH(2>@4pJoA7Iz<;sEdCJsfW41)6`cRzz025r zl%6>7-Os_5T&|wMJtmKnQc(0Z3!wGD-QAU|#0W=g^g`l(O3e`aLDOWo@(Dk9sn;mF8v;Sg2!R1UP zevm6rsWpus*enB_un-8&c58tiShGcO3x&c{L!n5LwLyvx#=UUDLQoqFhOUY?XHAV3 zQ=>vNnX138@&>+24|S(V{+eV{Qfwvh@P7J$O%y35j7M=59D!0RtFS^N=p3ucieIvW zDatr(O9J{yV5} zhx2kzo#Ww^L)BaBZ|rW{JK^q18}wa640@5zO5EX9F13GYuKD3bqxh~b~-O&j-v!g@h-Zr8qsr+80d28L)OEmdmRDP-b&DMOq4<}M#Bh-aDHh)ap zW|vmQfI2W4M~eh>UnO{|mW8c#7xbEx2&&!4b=C4=-5_jk967di``}8sn|fR0&#>m7 z^nP0Cod?f1-bJ+X+n!e>oObX;&~c_hiR0DS=}dl^tXu8lMBP&|65Y9sN5f*P%yGJp zQLJDEuUDV_%VRM|4y|&gf;7Dd*dysCM8(1CsMRxqj69Wsi*fGbMK3Ny9><-VT_e=h zc>f+$4F6kr@5P#A-0u0y;Lda3OC1jbm)0-#*cBeF*Q*_8?PjWYHW~iX1P|p8Dw`a0 zuakXe*F5{MqXG4-#$V#G%UO%=}YsmE8(#_ff~+v;N*g z(&D!cJ`MdgGRak0PPpYp1$~nb?2p-I8X)<6zBf#b@tE7#>VG%U_=x&5oc(E&&!+CX z(y@yY!g~oH{yrg|?mKaQqO|Df+R@h6QfYiem>E~Kf?HPv1Bf1F0kc0TYoBC2av~!V zsZ(OhGa+1yU(1_e@qekPjhF|GV|LHauzsbfpI*2z6RB(b%xQT2WmT*9TF0oLF=`<5}2!Z&16$~2JhBwRoQJfxgoyB>)!(Zt2mTa}ZukKwxu@mpNA)1$< z;r@JXsP%IY4%OnXmV*nCaBZ)BoNO~jyWdM|(hQPNW=km4i<^*U9p3%wVKnka%_44I z9E-@j>WGZX9_}yU{i#p9uMrAv1>Vc_DaN7P6dv7y&y3Gosv$~*gZ*GFI%2f1{7MvQ z_M_FRF5U0#s!i;IFzFfzEaE=}f^d#~1ps}?tvP_xJ@V(toL)Fe^yD85t<3?v)GIYt zQBdDk<%p!UHmDFv7s7JH%|I6JB%p#^yOh$(4p5hD6wQqqP5 zZiPw?`qRYnn>m?aw)}ZDREfb);rqsS7D&zTrN|dZ4mPLWI3zz3A_*rPA@Vnl1rwr+ zf3o~4h<6sy{@f{UArQXh0}dugxLM*mpq7t(d{H5hDG^sVKgkX;oKU-6^26ig5&Yu~ zU_7kW%!qR*nG6!`8leQv3_0;8`++_@i6b7C=0puzC2Hra6cOX(-?P6=tFCK_b2PV( z3Uv;MRR}j5r1L)SNm*1vmZw-)Urms;rXTT-JO1^Eeti3zZ3d1Z0g}>8gZNs-T~VdR zlEcvws2$_T;?dj0?o52ZAona%Vc5oXgi|YEThFo^ITL6%5cm;?Q4shFTA-zCxGf%m zL@J19#`&oLKpll47P&>4YR+d9vasusaB&3SJ>_yCvu{;Uyw?O1T#${pwb*KGU2sE& zP6jq6kdKK`u|c9!BbfC2l2`jxKus3BOJ}(_YRjfYGxg8}mP9X%R0F!%t;tUx2mmzJ zmCtjvfoDsM(g5nTjg(axfuc-68^>4n4wWL8hg)2*aSgEYvhf=Rt#<(8fY#xr?igF| zEt||8(+LpGS#KrkmmG%;5}!JUl{ zC{`&woEOu{0<-|1EL`#vuS+4$@7;ilU1NaAf;!XAFa> zmOrjKZ1GNqL~*Kr^I_Pghpk7EbQeWoBF+IvEu`%^MeKvApSJ_V#>{ey$t-SNn5F(} z9@EZ0H8TBbF$*I@ttfMjhCg9huka1UTAzISXZOBJ8J>UnHT;(e9yJ>-osoAPKkxI@ z=7{Luf-kizm$1)`kM+@R;;#lolxT$yBxbulDKI74-Txtqxm)KsD`Qp}^Z}=PE z870#M#t`Xn{Je?*tu#X5bgX=O$=UqiFbO%Ue)2lEj(#ik9>>PEy}!$-n#`U_Re?Cj3|O;aJS;tEy)0XZ2OD3#=Upc3K@TiGa0f zs}7aN!n3jw5{5Y?v%2#O^#NevriX!ZjH$d~{g;Q?SpgCat=Ev<)-NT`$-{qa2Vnzf zD0+AMA}TB2pp`HK!VieyRI3V_QV{9aXqVv5_BBh&xL7YA1x=WJOytV??5C;Dj|E?a!TxWk`kTG8+qN6X(V+=}^l zd7lj*i+gI|L%UZFD2guG-mq!)0*hT*!zo#`V3|(CO`;kWaef|TA{iS~?jrvLR@-|< zJFxx3#}G;DO;H?XuWM~O6h{kvRloT%o92Hi#Cu`EbJk4_J9K#WQ@+*fpXYY+I%olx z-1_^|zzt&6CGW1R(Ty%|{#LsB(oCGEfzVI3e}%cc8D zI3rU#MSIwg(zxz=1zVO!v$#|2F)ujR6hQ~yD3(0H)MW3dTuPtg8P7JL6Aj(}3oQy6m6k8ZS5 vZ+F_@{U zqnf0mNqcnkA(ukXC5*C;Ks*p4zpRi{LZ8?3 zT3zE&-mQ9M^zf!wV}=khQgn(8aj5(RBC@xuG^b*|3KqOo@X9*9JRrhl#@3So)T~9g zLjl|y(6_3zHckx;A`c!@Fo!AY9a7j4G4YffH183b%EE&d7Ph#A6@h~o-eM7h%TRz= z4G-XGPA>q28#sS;6V2%zYT~ph>TGekTL45vIMp3B=u$=iB+vmsjq~U>4zv-D8)y}{ zV;m|y2H}V~QG-OhP=hvdg6sF+sniKgr51b6MRDTB{U;nP=IcXrb~2}W~!rhKuLKx0*02IH&!6>)FI&nIRw zH9Qr{QqFAfx~`5=>$s2PT6t;|Jb4ppAw6nguJOzAgiW%}+tRClLfzXCl=zCT&?!uf zRqb^cp{vbP+4W`9q~?TGqFMyk|Dx!u!$3Mxq+J>URc4RepT! zVmdA58LhuJEBq^ew_kww72m%9{0=#I^PMN zgb-X${wZ_jb-~x==4vT#-(p`nN-fW_!c5Kg{iJ(uoL% z)0RNmC6rBYis_9vHxFV^|NDYuxPDOM;k%ZOqMl4n-@P>b9+xZeu{b_)L&vB+R_9XV z7F(En-n>lwCm^pUo)jr7=4m=Yojj1H_H9ns@(Fpl`9!)XitRL|++k7xk2-%U+}BYD zI+n@m(>kjD%3Q3P(oSSQ1wGjg1{c6 z;BlU7@>Y|>r;a5Cy)1)v+~ot#g=0NR#JEugq3^VwnH|k^Gh3=?KzV*QD%$KhmVEYs zb|fn!?EDPGa6y&PR6aer-bDNp*%Z1{aEkZp&p}=Kg54SV4csa}H5<(_X-byG9CPkE z*4@&v0O=0=xlmfVv+ddT;dVypP`rYt<7ewNn`6Kq>G=z`s$~L$nuToGXw&Q03;Y)5 z!d9jA zLOqSq#W1$PlK>dF$+(@?>X>tJLOlnz)~bPAu7cawbSY%DM|TFDB9>rFfc2VX(y@ci z7W?>5G)CPl;M90Y1p!i;bu?@6<{ClL6OvDP|4Y!v(*+C89JQ*AS`yCL^NF#=ny*1M zK;N!4q9w*NcFK+V8yqR^gD9fEOa)-+ZSV%6n8xu6zw`iqp>?~WINI1dW#tgE6g9F~ zY;B=EEQqZr70CMVYa}+w&{$MOKQ>5&N{rAx%$CK6()P-Ona}zgSCXIO zbb|M9h10RwG7&-R*uPKJumWUhT@vLT`vf&elZvltH?ePQWJWp zQZx>yh;R5gV2)Bh`hykve0xpci;CmZL(W(9yL1}Ogn-vIDT;d$%g;9Qy$Fc@^!;7` z^HM*meOn9c@!nx}3{#k0=EQ3xN%T{e0`A70x(rXmk5nSyw9Xj`Pe>9*1atUEbyCo4 z9P+Q^k-xyQcbppnjMmg^YDZ(P=6+@+S4tgFEa8x`nd+YN7TOrnTt7K8nzs#Q@o?-Y zzmOsBsJVXHuC8xAqJxm9Vi3pd@mhl$Uvha$jVYWfhO8EtIY`i|rZgz4$t*|XTH`8y zJFAI51vAFUB1nqO`Xf~vRO9XnDj0gO97bnQn{N1-4WGC8j8}L`ul!50tr8M(&g_Q1uhxgac`Oq)C@jv!Y;;lnN|+Upfg6s6C-eIC&Y+ zD$omuX&h2>F1T_J$h4gTB}m{}B)ZKMrmhcX5yY{p`8!PvMw-TJJ2rO_N9RSW5qjsq zf^k|yp3Y5h&_@8=58Ner201fgQ{B&a8+*3cR;Wi}WVTohUj98qQlKS5hgDv56mfj7 z^)LVd$;NkCr2(PwIcckwv5p?&oSku$))HKaap8TFNEOw7pdCn$??2d9BD~Wr0!sAsF#_JAHLXtE^4n>efzoD!W znDiAQUxvBk3(flpk^HW*^D-Ci+kGKro$%7Uy8Q?}H-9PGOkb;?T2E6P-1CY6lWY<9 zbR7aDpwrQkg+;e^eDcO-Xca9G{4Dix8LPz)Mma_4(QYY>q#o5?;lU?lfWO-ydOF9N z-{G#J)M)Bl&J$DrmdD%&2=i9{qbHTA5{cUh#cmaI2pq4jC`0EP8p+v#I4uyc^bJx; zlGh!tC@XZG-rKoLOSIj}t{I1DNQL6f+a!jD)O@6)K1;JLXftx=)~P^pJI^_hjB9Np z4|T#w+XTYoRo*ap1a02g_;24E8NI99&lYx9uKy22{-~NJj++DKRWc}>z9qJxFk;3} z2K>@8_XqHR-j+h*c9QsP8yje{5wvhious*(9ILLDK~&j35CW-|eR|taWx7Nz{7mh} zDBgK8^dx47*j+&t3A4hq#SH0{6N29czf`QSzmQ+~CikSo=C$HB z3kb#=;@xApIbIe zo<>I-6t&7Kf+sA(O)XruN1m^qDYhU{(__{J$ZRw-{Q6lh6Zky11>~aa!^%Iwy3N(U zAR-D?VzUg@N3g>)_O|tii9TpFxlx(OojqzZ9~aNBC31<>Y%(ops0p)WZ*-c##r%Lc9_N!L`kLm98gcL($O6gYEzJf zp!m4^S<26oSNn-px+;%7=n>dZmDOeihC z`Y<@7kolwUqv57$D~xw?6}JlL%O527csPta4v;%9%@@%TNe-mAVHPS>8#TStpH2WtXw|O7d4< zyUg*j2!YqbQ8aJiH!2_>ArO{IRwf`P#WpYBvxE9^BeN&4f(Qh@r`H46qlZ6gLP%R$ z$EYJJxs6BLL_pppyhfI{E3(~>e;lhV5_sCE*2r*oYyp&&Q`OIQU6I{j4q$liO&+%g zEK_d822fyK=p8lyQ{HI;mM0-V;sDg9&PuCr;6&lU$rl-EE6&-kZRm@Yk%tE70KQ$m zgq`_S%2R6!s=t3J%;}dAgjj05v3Sjnyzp-hSOFHqpGMvT&mqzV6>5wEfE>7LkLKS- z{xi!t$vEzdkNgE`M{lFZ-sTm!Sd1zc_jAORv;2e(4P$EE*xK1 zl3ao%H}1%1r|E@F>0w}PiVVP4OPYap(Psa?8Bc?mS)`hU5Ta?>^f*vZve;NdJp8+V zNkfcwQG%p$8@@DE%R^u}ZA6R4Oj%PB09oiv0`>%Eh9Xg#T;UUlAZgApE=WcGh!iQK za+($l=t2{e>hvNnT^)1q2Psf$)YN0RQ5sPnDcK3YA4NfrYa&BNl5C5_`PLG4v2sDU z(ObNv8Q4~0yI<^3ND`D~n-s;eYIYA9TM=VjwDS*YviXkL6fThsOcP8zvp=e`^ zO_h)`YGBo;x{3It98DZx7MQYj#wbz!X&5d@*AXYI^Kri(1KOQu2{1&V&HFycZ)QnaniUoSrYko0$FxrPMtfDC!T6SdQVZ-?n? zs-&HnZ-VJ}CasB~v~v^;(4Zk-`ln7CjZij%@QhF8vo5T?kLk%yCnirRfxDfckFB5KBEtiNBFRPucUpRPI@(pZZZA$ zPVBGne;~>0yU(3`&7{hVm6@rwi>Lg*_t8mNi^i>);>N=in^1#hTtCvF5qH{#eYrsU zpWKsS=}sNl0*R1;ohQ35=1i9MRy=qN0&MUb=1tN{+w7fi<=iL$2eOyPqkRhX*Sxdq zZ)j0UlInG&QTeoBxac;=1ag?!a<;ApND zfq+j%Z$A^DS%3Y;$4W8Ut#5sr?}{L;y^;0*G8PA>dnnaD3rY5V^NP-y?@;anEU#fU z{z(8^uqDuMmO+Ecl1Arw`DCjacb8fUpE(5j;Io5BBc>}KU?0+O9H~X|71q-)dgEwd zJndn8Rn91s37uASz6QgY%>TtU$Cl~9!ZwRkbM>*3e!3%i5j85;GL1;wRiRI$Zcn8Q zp3-wNN+ISCO%yeRjaG${&6me&7mSvd?ei^6Sz?X0TF!)MVbvM*x_VHn>PNdiiWPKm z^Y47+^a{-muOe`Gj&$!!=CX(C7z69i8=qDDaL^Su7vNhMS(X+n9a>)41nfjLmA($7 zB_q^9fVU{KqJ(q&y-{l3lrX%s-Xh=X?IbinHCl zYvF68X)+JX#0Lh#Apr|4o;z7rCeKIUE97WKclYC7zG$b)PX&)~uZ{i#jWCDs$?R(R zZ+!C%u}nLnv`M+s8`_}X3cO%h^$9Hb-o9Dl=^_L4CwYpVdoau8eUslVVD)^iwW`wDQj8BV7 z%YUXsXx$W^Mx#*AT(Jsm^+13pva@Nn_|L|r^OPs}2`@kq{%mL%-0Ri9lt z@h*f}3rXFRf8z*z#&e-YZpxJ-Mv%|bB2$6pMTX3qX;u&gvJ*AFrRz7y2ku;veWElOxwDNSML=`I(J zotvJ`BC*;~W%BZ@XGSK*y%6mO#}W{3ab)Tw-9;lmf54KZXtk_#Y^cqWa%$1DEdiOS z@fA+1J7ow0W8?zMD}K_99kXLK%AN6#>ORSD=68X90%Y&lL_p#5p$(>f=@9KuHSw|j zQto-~o%XMiyvf{HQ$G7E1Ws6dqup1*h?#~Y{bt`~!ikT^7jI7YpKsrNjYyU$WO3hL zx4fM_{SWlyw^GqXY4vyGj98~N{lUihTOILcq@v=oyde1=?*if0i?)#OVh<-yF4^63 z-@H`UPX$(b?>^ioXm?3ww|QTEZ>r*(t4~-oVIeL z$>oS%qr57z+MXj0+oV!FleClaZ2~(ma%)Dbn3UyWxACdq@BAgpNgTv03isKviv|s` zKkEAe($5k-A}!fap`uw+5XA;@VWW#%Z2@xbf>_<=#nx*0&mtfay&-BUYfOukeTs?gCd++$&--#X zHLbdPAcfE{UULX?8N_re8`&!zWl}?>XbU8Cq+M24u@}}K)n5b$N`!9Y=)VP-uBo4= zX3#WPNr(=1+Umf}fk;g`kuUjs7Egf>(qMIT2Bj^flXRub1Qu-0yc{vU=csC?AoIu0 zG~kV>P`{BA&5c?BD(C6elj~s7|D#~CHoO6gLbG6|;Y*h!IMy70QM5{rc0Y;Vh!6N7{yRPB&Ks6K$VqWvV3G9TDJBq<`Big{_As$MO?IZKne_Ksuy6( zyb|PGKeXA5`2_)#bD!Kwx+$g-rzYk7F|h9{7MC+kD1w1+CCpw<8_tF!E6s){K~^yXw5pCH~ z)P_-Qmwjg*I3-{aDM-e zw$MO3hnV{JtF-v9x)t87LMxlk*-zFn_0Yl0%YeJwh!nAUc*o+QgR;!>mf!a23QaM` zI!#)J3Yo2W&YABzBWD-BE}4nrN7fS6g{bbxHm$aJU!<(LW}U+Bv`Do%Gu>x~g)d1A zrfgERc3fdZK8h1|7pZ@ksJgn|$oz8(-Vf5+k#e5SUa4cQpUx|q>n_r)_0mu){9`eh zewOZp)<9If&6#qr-{Tt_xT()vFO02De3)N~}6%Za?G3-81ss`I&Q~9OD_PL2nY$KDYWjJoVsCaVw;k&RS%> z>Q-?k-Ku+5;N891h#XSa0BvaUX*Q12J)qW_QwYK>V&9LFuUQ*e1*M-f-G7(jV8r0b;x z%RL-;38$7zY%#_~QrdEeeZ;2>r6w3!j-=LeX{olTo8yC+SiSf=g4$aaSIu6LTiGbJ z6G|`H!M4|LhkdicTLv2Q%HCEccGd#AAru<6CIPVLlBDAi%~K;&F;togvzQ4Xx-kb< zAP_JZ10cV(@$>Ui?qLyUuvZF`D`IhBL17mMyU?{bkm@7@#MjfO)zv}4smy=V< zs%f{#C#)xq!Ti2D=}>j?RoWAUrFA?r5^s?D(W_WKO4IZ$+y3FTdU1hq#@!(@Y_ug^CzH=Z^1liWJbHSr`{}SbHS8JtN zqu=fzvZOis~dgwnzX%d-J7!gE=| zVH!F+?4Zd4s`LT&2pKJ3SuUoZ!~Yh;%MGPvyp8&gGasB1CUc&4qauI(=`n)H3eD(x zeEXJumCbzBn>sQF)5hZNwP$a#tKlAaN$}>UIh-~-&FN0hi`zIGJAW=~Z22E+{MZs* zZ!bx$UbgFn)_C{&RxeuL4X|jc{r;2|3f(z4PBO#yDHI?dB_xC`?jRBGHY2jN{^{Ml zOqX2>74dZ`SgNZn*m;${-$zjH`oLWloNRKxa(x-G`#K?#uB`f6OE^a_2VpkxcE8m0 zb=a(6v9jC+4m}mbiA>ya>XBU43o1145#IyIs_9KyX|?sfNpCj8udmH&;j^1;C2Uls zR4f0s;7{_e+C~g)B{GQyeIW4rqO$j0u@P<(Zx);Aw6PUmY0rAKC0mQFhwa?Frercq z;Z<+BtJRUJW;V_+k#o(4=>9`kJvfF_=3AJTkmHQ}V=>`)`to~m?GCoE$T~;Q<5UXN z&P;VlLAP6SuDC@sdRjFf%4JWuoR}S75UN=EZn#@$WJhuKkG0s<`x!?6!GW73j-Xy* zbIxW#el+>^vM$KS?54OPcOg{T%UX7|FDdwCMA;W}k8C?y=Jep;f50rUep(ecaj!C% zCX{)yLW>#-s(I>$O4@W4tSt3?95zzC_(qF(c2sFJpv{|aO{=yjQ`2$99sY8QKV`YI zVR=tk+x~r`+K@(e8zg6&9zgU(G4&G%pvQum;r7+z$&VtmeTd}L&A7~n^~&x!GAYYJ zUj|b)Z-&}4K&L3YW%VdLKtyzm->AiwQ~3&*r&z#SvtrzWpknr>U51Q)T&xWy1+1q@ ztg`~hT#h89En4oW2vv!uHkNR)K9yM>(-D>*t=o6~X}l(yv~T|+-z!iaexV!LfOEgR z+Ym`4vR_Zf3I#|{`yznuJO~lq4|^+aKVtB~()<6e6G-dp|D*g=)JlU$<|%b1pnyLT zA5e`|0B$Zq$`1b!Fs|$FOAd@56os&i7b=#!BSh z+nF>v(rmxq+NJ|Hn#68rMqUq*c2Q=t)g+HIvwi_HsN)_OpC}6A;+oYQwaKZUw|L<0t)r)tVAgJqFPJ+-HB^AWs4?e;3CFfKmm(ji3D~kPr$C zN552%H?oO8i)EOIdJek^lqQ|D=UAyy)~xl5dTx|6rB3%~l?xq-<=C3bvW4iUIKr34 zW?2TjE-Ye?A~_Jx@87~fx=^f#j9x)JF!pou45C25?qh~!&x9=|9m`8r9`T`H+>%K0 zHR8S_28XZc2ja||JJYY_P8=dZ=6qFqBo96 zNB5`xz}!VPW~(MyG$*fTv{CMTV~PBeRdtqlbuIMG=geb9{%ETe5kJ|40wssmlfd^K zMz!raCOKCxa(}=0HCf1^L7njyVV<^i(y))%Sl6<9G*c;)IK*JWhdg81dTn;C;~3}W zZP}wKP0&rl?}(y{Uy$-4mBRJ){H8n8xg?@{$v>bgqCH2e59VBdt3lCPrdN&d`Zbe1 z)llyf+Hj-W-5>x7$Vsot3VbSQp4Jp}I`HVy94usd@N6@ERKApWCB(ABu%Y5A-3u;h z6qX*lo#RAt(IDLjp`U$lvpls20(!V?? zHLL2KcD=28Y5)BBd>K7MPwQ;_^Fhb?DRd@`f*Xx2UsYMw{P69wtmm)pwGtioRBFm< z?ts?R;f~2VzOdl<%eI|QBS{$6spF@`nj{OgYZZw);+ZL5Br2z&Ox18X6oG$bql6O2 z`#>))1oL_C1K#=EC&~*v)xjhz`9dv*ge-)n!eBu2hDsNpViu^q7&a?`0U9SA)*;D| z1K$|t@ksukPs^3v`pt9m+EpMitJr2^{`RV!e1(F~D;%(jf{+4OQe9E2m^-*;Ef2tr zG$s1L{h92G<(?`Za-i1AgZRz;pmg#Y$c>?bDG2z~esLh3yE$E=B~f0%tW&HymGJF@ zsoy2G;N(EMpktFA28KHgbIU27hj4v*cO0`S8>W$CBBMzn$%C;UI1?eHO0iM8#kQc%_esQSVD!l^2ONqa zcfNcW7GmMX`E9rU*YtXGB8ZO>-zSA*k80eSmY`Q{7CnNH~aW%%RHMek>=Aw#WU=>>8_OMT@RXEGwPfjD$0v;nhU zCcs9sQ)`?S(Dwrqe%gM}v=se$A&G9K$>gh!Dfv93H+-9Zt_C1&etN8iiLEDBoL)jJ zfAh7-8I;V*h9n{@p?FSxr;QOm=0w4*(p+N~Aqjysdex0eL$cmboRdURQ^K$Q9h}(e z#Sm&73V`ek3T2}i^ZUe;>LFymNF(Xj2R)xBHda*BxMWYX$a1qX`dyp(9DVN1|0UN% z)~;lJ-X;}Cyxf#>@ik4PCNk9!=B&62{|~gK@gFE&*5in@gI-?i1B_yuf;g#dR%d9frm(}bnj77;x%m%LBgaXUgWZR;x(`6MB*1h)0~iz zF4c@jLL;kSJbMx(2z2^Q1s9+Jf;2iPWUPj-*J}a?k-203=-;{ zcoC~eY#hID{Zn#en`V@MtWw5^d>t@k>3m<(1ek3E$gn{1Y$ zxOt3(IHlAVe+vr8A;2BUs9V|c$)H6sjRCo|cvX1D!xy{MPMY^aZ#Gfj*lU|5Uc#&n zEJP9hk3?isWQ*R|F~Ho)prw#LqK?&LAWjr%J-AaxWpp0?R zr2NUBpI<3yNBjrMPfH*C=Kg~x^!5Q|_M9L-;tqNDh?-9|+L(l8jbseHQ%W|M36-4q z>iFs1&mdx>_@8bjVGM$(_V77_b3lWXS@^ye;L%v)#nn1{_bk}qw)^2uNxovvMgSByf_Wit9Tda9dXty>s*RJTVOY44=PX7J{)D^OoxEs;1`*t|QYtsjL&} zP^AUCq~6*@-_9aMryx|ATDk1ejiI6H905zVf(W+nz-NxNNvcQ0Tm2M|5n;E>isScf zATXW>+7plu^{B`3uLscKbDbvTYJnrynbsZDE0UT&lhPgzGz8JV@~o z`*~&T)MzV0v%CROvp5Ef)q|4%q;*4@B&54@{Pl8IUlSecG-Z`Rh{z7)HER($x)Nb~ z%nBsc*VWSEE$h~Gb$%1#V5;1Q%R#>4@5F2;U}Px7ICD_zMQ-1to6KaPCr@adc<2Rl z4U9iCx!fBshw0dweD!i@mt4GJ^lh){Qk1X$NGkh?!`^uL^w;87d*fEz3CSl_S-5;J zVP@ex68|hlz7Jc`&4wW}iG5=xez($z(55z`9FLh9rY^H}Q-i)&D6mpiN> z=`?8cW0+ou*`Qqd@ZL`|+>RBlrZ?|uUG)6_ff6q4d zy7$Ux+x2pobLz(9U^4elI-~iAXsEvb7d3=_I36xKZN@v}D@f&i#I6geD_+LWQNF9` z=C6Ec1hxu3jiV1@Cjnb-2KV-HaBevyn$=N|hyh)Cw{JRADKZkYD;1<)>oRMs*69qiYf-+pR+ck6{F70PDM{XkN-dpqSyM(KbJrDz_PWyxU+Y`6^!*`F5B+S#1_fsqq;ho5Zmtp zr1n=ZYV(vyzFXJZrF#f__n+64Hk=x*uv(JT7AZrk=V1Y z6dBb3nuh0I4@k~7BN?ik`5rTYAhBJujOp8c*pPq`Eht0{{NYU;5(e)bn`2<2RFC;E z1O{TS`^{=EV+ctV{22$u|6(_j4kW>=a@b&1g>|vq!>1bA<+Lo($(z$ftE~%u5UCl%H&d)E!=XYUnrX@y*O0>R^4A# zA);l7YCW2TVbLm-8Reap|KB#3`SS7(Ie9Os)kTcIh*a3fu|?K@pi`$Q3mcfz0&e<$ zpyhm4lP!_!MVsV1vTUi9y*fiS$d)7=xikLMx5tbRb6vW`D2-$T=VjB%C})}FrDs_E zCGVmsOu+uKEfJlu7j8>IX}^({rPf~7o!4NO2us^#NEHoHVX(8qqAPUZjtB z#irk7X24c4Q}eOFHnR1jnQ_HGR6h*ca+r`EprH!xQT7`iexI>>Ob?EGg*RoTV%4ES zhDrB6rfXPkwC-gW)VGHuYm3rpBy~Ob&=1F729a!CQmWw5F&|+e>2o+7G2=giNXq|F z$S_%ap2j=2H8@kiH#S2*+bkKy{@s&kafF2`Atdo1*u~!IClabYj&tK29ufZP@-Iod zOPuez{v{=Mv+d2wGLQ(Dq4{W2R+Ym$qfuz5M07vjZ2if2B8YPQL4Q330WCNMi|tcr54w16f(c1jJFx zzj{tk`@KMDlm?WYR@v1q&d^qSi`yGpWY>-~2ZYq{d4w6DX4AZ# z`S!xB$Wyy}Z~|VOAQDm+wWQ2Rq(yK$P)zH>}hSTLUT6*ZrfqPWf8r<1ZHaxZK;Xtf|+3 z?zxq3m`MHui7Q8KwM>SJ8fU1q_PmB`4P}`QTXkVnEKsWS0aSu&z-G+lzynFwN_@6y z0%;ubpyzRiqg^d2!ZR|fiBqV|#T)*7?Wn1S=_;#rPxg9PEENcDav3O}P7r;(nOMF} z8O`~lm11oiKGZYUVPdx&~o6JnLh4najJ96wA5(}Gesyh=U1(M z_|S<6mF}|8(*=i{atZG~uW!JKaK z|4KiD}hM#^$_s16;b0j@V4cb0>$ZG)qjuwn_LAVWKyA?#~SY}7?UIx<06C%6(# zmr`D+LA5bjkZVYKv`5#dW04{+KB-{uB^YOSMsfZ}xH5&UY)#D}Gz&(V_1eq`&To%9 z&GP!wjxg@PgR*vn$HIxwo6x^#maP{1s!&W|xT0020{9vYQFm96T^ITr*PO)fyZ^(V zQ^V@O-45N@ST*E^K&euosD>gzfdXsy_M(`>9CHmbJ*$JndKc2N>q3f_@ujsyv%HikFFDh5YeCFYBi)YyQl)<3 z@d9rgKW;SEXQ6o?Fa3K~R-0*(-0%eRoA0ZMc3}gFW|cl(|7l(yl&7c!%wN~XHPBFB zQHd$xwlm_<<>uI~waMr0c-Lb|G$T0P3{j%s=g}QPKbB|Aa9O70a9R{t;0x{he4aSW z?1%omrr)y;e&eM_&Ocaf+ZuZu`6t6mj7=|WY=>^JVk<clj0I*G-v`2(36 z2cFe?B{xPSlI?#>6;E)|g2?74|g*j0k?zJBC1&jHCPl1|+6t&|FZwG6u#%r^6T#RNi z%Cpg~azm5{Ka3b(w!j*9$Fu_MYUTs!Onnmuwi)%esV<+$gilt=j0vG_;=v3Ub=*?d>~SX2 zz0_a)FdH0hr#%z@telhT1rAQ@j{${w6R{9~9?yC{w+nuV)fCAF0Bap-)wI|z;Y}2w zoX!vL1E3i7yu;d;U$oz3Grga%lXy+`<}h8aRD&1^-!AD+uU=V*GCCvh7F5v zC-kcX+;a@m@WKgzl&PH|E(QLq{RSv{l4}lZPB3(lf=8lG`Z0+Rkos`;uP z8Zn5i@`Z2-`{f;{=`f|%3s=Weke3e2J1R465Ri4hRvT`JGy(7PZ?SkQ1mQG0cP;l@ z({Xl)tmAbH>fi}lUq!Z4;J*Nn+x;|V?he4Ye1rgskA2QZS}xyjP2W^^or?qR30t3nk>Y!@S|%VEkO{wKOC*i`M{~bS!Zo3ELbiwH zsDco7Fi9^2<3q(TGaZOPAm5<98{?R)|OGgRPYqzR>z?%s*7xaZs*3(#&x}_|c>Ii6I=oWw6A^ae`{6*#6k;ibB{ITXp~#vN0mt z(6z#}FB^D5(J}JAGH(Q$8CXM~*2|8EDB-#nU?a51u zhzK~I1v({@8VDwLZW*$YXf+1$Qgo4&@c}XdNG1G(E`T{@7$H1^owtn*0ayuG z+RL<&D3B8^{Qw5Cl*&ITat@~8-yyJsBl#G6si=1xSvI!rbD`fagAhAxTy~MW2mS(! zOsT95h>7bjaI{)8GedcAgFxPv2hZG)LHGQxMNPBwzn3hBmVfjJQZNkRwlJUlZ1X2Y zR|3j+Y*R}TujC{x%(F#;gINxXx9U9N%X|;vpPPT#FtNz&{}`5H%zX`+*MOr3PMBg6 zojpe+JgPG}q55&$f)Q?FaMPy9mnwd^&c6d2&L2J`|1kH=jYzvsE1<1ws4?wMhU30nzRFEOlZGto_^MKCq*{ z`Gnq-6tYk~sx{)bE)a*PpeO|km)PP-QsvO49BW_em$^a~(WcgrqiqM1*qz7UIpL3hvQ2j!!nY}OKD{t@lk@@#+Z zt8=4JN6;_Ly?>7*_}+`_J5U*p@hBwM20ND58X`=Fn%OoVB?0+bgecNwzm&?bI8Ki` z1Ef#Q0}ochwGr99*yH?gtD8FtlFqaqty!NwFaVc?lQaN zSv5ZH+RqEqhbl7TB6{)ym!Cn%cXfC(iV}lHbyqpBZZsCY!%F^g&-F|@_a4mbip49 zZ%d%)iQxFev&rbaz2(L-2`UUPd~ER{5M9YrY>^fB%6z3T`ngaw)8A@x#fa%)%=5X{ z8O1jWMV54fy!p$TymI+Elg3GCxrBO0y)1q&$?-Fyxsg*PotuEUPt z_oz=(vIQSR7N~T&btb|$_?qvSwCYn-9wc<@Jc0HZ=Wd>H17p_Y&r1S zZ&~v=SLMfjmUA{4`cp}bBO;}>*GXF*8wK0z!swkU*@EcS@EtqFcsDvt zwB1vsN?iV-aqc;?b~_zL_xE$DJ$9!Vui5zYc!#GJ(6_J`+jfhu>$(C0i%knx>#mQk z^Mmv#<81?~9}UzPa$087yruJ>2LFQeOl9IFDe-^~N;m1y^5V!e=PM1Br01z ziaOqOO9(LO=&imW?-bZmI=vFGJN}#-__F2&P(G5+s=NgVDenYApKVy`+Og(^yX^cl z?tE-ZViS~gJd#1g{VlOcs~@oD|A`_TYO~;B!fRw+XH}rk)E1uQY|n@WpjI0O0&psI zZCXLlH0LvRtkXOn?4#4mNWxJpOC7-oLOiU#V__@Dxma*zY`0>2PK6^`eZK$jD#S>`!V`!}_$_y0uli@ZxwMoJpiQC`x%M?Pd= z$&N&!G?jOoYbuuXomhg{DgDnQ;Usw^Z!fVwz2kosH#Fhr0b0QSm14ortc2%NaRx-0 zX`vkBB5VEPwr5nIfdl|W1aG7dg?aojou*}}DGyK>_UVsfn5e4vP*e~IQT=0&JO@9S z_NCogn}Wfg42UBg{m~w&46x7Qb**y?Hc>9yw8`udJ1bAMDFm?yCZbEe<)MH!zT&z5 zZ$U&H^EGiVgMyB+<7l}*9rbA6^AS5Mc14!p(Hr11fzc=|`w%riE`dL1mQnZbN+{1%ZsI z=wuQ-!0nOQAe1@_U!*%7hnly&oF<&Z_7zasl+^^09*nFRx4n@HUh9x-iDma@( z;5x#}j-em_Fqlk51au@@cPJ5cbRO6ndOaF zZY?xVo~SK;0(HYU$usm0;SRqueQTK~!y=d>Zo#wSkVyBLuUC-OV^IMvwLLwepSV*$ zX04u_MO)gsBm{zRzsD<16l-sP!_-!Qq4`lOuSnin-1lT42701=f)&lB%WK?>SN)Ga zV215xPbniiU`D)RJz37ow6QbuN#&j2oyz72q%dvsg5C1+%AVvlD+)-q?dD5fSX@2f zlz#U3iCaQ=Mqf3I-9grp00Ziph4>}+hTC%{T_Gmn-?MU8ZWt-v8J@*_lY=ZC>@7|U z?&>&H`}w4bxv@Fb7FwViYfcTKGbSE5U!{5f2hw}rQmW1$s2s0!#`(mHWyXR#4zJ7< z$F(0$NE(d60GJtZ&I5W1iW>H&I^@7#P?~Z3+(r{dv~)^Y<*7 zNP}VCoY!BfA4@dijxp>r>KiY_qH;`*rWIutYu=BN%Jq$AzIZv3A7$TF#8e?a$hFx8r5dB?Q#(^)OZL_{>ti?(5A zp}u(W-t4hw?G*~YTJKVc7OK--EEvWDuTg=*&Xaz*DYijH-IGK)fR)y&g>coLWKZem z^3Z5Q!|J7pLsGEMgMODfW}&Pg3!Mj?i>{fvrl!o}-Ax*wQyWwZAW*tuLPN4zyNcz9 z$xGLkGa_x6fTiHgk4?XRl_4fz zEwsmc4n1MC*8P#b@?BY`P>?+(BDz8e!_PH}mp|Xc)tOYyh*9WioEjg+FdXOX60EvF zZIZYhrG}Z)-%&awdytmH@g3{!6DT0L$?4>FO?6p0%74hRN#^A|yk=7nsV-f`3G?$i zO+6Ox2s4wQ&gdFq9t-;K&|hAuR0Z!?6Q_WBW|ltY!8H=Z2?jdW`qC|vKYu)%$0E84 zQ$L}y95RGaP1!>~{-}J$cj>QB`d(ASBxT%`8Fieg3&zhk5o@nosJScWLi2vLu;C0V zvTvCt&T_KiL5y;n)~i;=i|ww3t4lRWm~OC81Fqb z?#g!O6F8t6LVP52>-H&yd3{t}UK?%D%ceGbBD%G36)-KOi!kKz3z&iCd4TNfvocFhWW(Rx5r&_RA%>9OjmC5eT z^K;|Yx;hI}0PLnv(gHz%NrHC7I-upw_M)d`tUfO>Sp@Q@K*n`;NSL~Qb8y{a)^78r z(e7vYVF_AJo5|T?@*Q#8CBX3`>D{oej&svj`}S7eX~XL(ffrA|?J+Y9ikfNZtHv?A zyVI1T&hLW-V3uKHqAs`-f~iy{yN{oa$Kc7%Nyk)=*IJRI0wY>@8B~c(?n`Ii>T{k~ z9En5&on)FtoyzeQfSG|uDhS94H{mj0lb8%Y-fq#HnSeOXDLm-BO?v_`oDEi)pZuCN&RAR#tfn zs0hZAohGq>NP(+&U^6d<6(k#hW@32SP0HynsYb=q{(BSR=*>~=xJPV(F|;PEIii)1 z@JO_Co|4og{N-~QXTVLu@p|)a^F#G>IdPDAX*nGYI9n$k>%`Nzn-j-M9JjC*d%HzQ z|H|qQfJGrx7idX1WTk}E-b9{>;~k}%%Z#4E9larume8vNLgoIrUCyP~TKfi~NBexEPRA3OT;nk~`HNg+w7>jMCCXL#~Co4s`#4bZdS7 zEs9;`e(i$~Y^Ge_Bl(xnJQE2(e*U*?@Pz4U4+x&=2fWnPxwoCCve5qJ-{Y>2x%Tak zbXXs+njT#DsfsLY&2@Mco0U17wlR6vf<$Mpv&Sq<=BEn_jV`3TgIC_L z;wSByZ)Bi_$Nmo z+QZ_@{XPw~(440Bwae&QQ`;eVdkG%)bYDOBESFL!yG%yY)d;>C3h~3=*Qqn@>BDik z`o0xAgIYvCGrU;&%-qj6Vw;_B6o?P_2#(~<5(I%j1n->AQlI|SuCaI?a$~Ug!c<4{ zt<<$AP^tQRKk528^gqy*sn|$P+GWL`lpmi?Tf(or14m!)?B80yIMn?QlywJSoi`~Q zrLFzbx^ekL9k;8BHRJjZM6^=|gfHF2{sX;_2V6>Bb$zcspR!5Me%|k!)-G&4zvn*U z`2|tkn9l!BTaEpUGXbSN!d358_c5!(%GkaoMAUw)vAMC_*a6S8pmR0IbQuKVNE8#1`+9*{f5Q7=Zi*sTvu-sQN zew<$_1B=Bu!2l2RlThKKaT3KdJ1YwLtETzp+%l^pS?r$klG_O~+~S;wFwaziB*T&{ z&P+H}x9|n*UQwq6aw+6&KRms|We+1fq0&7f!z7LTV`g`1E_+9jAEykQv#eyHNYDyE8PiBrkf>EU7)dzh*ARRMvHeXS9%geQ}e z{$j00y)v~CWzH-6Qg5cn^4SD17&gEJUGW_(3?v`rKFHT`VX^ds<^xHbV#g%q$OuON)THG zqnJy0;X29HrxBbG&10}R4tQ_8mQEyfWOBswVsnIN#TaTy&$Ga{r9bv^1{MYvJ?j_3 z1V=D0oCgfOfF%F3j!P6c^A} zvC7g#zbh-#=%Da4#$_^Xc+06Q-3b&lsB5fj{kMNCSu+>dl{qQ?)&Hd~_^G;9Pl8&| z6f=S>h%;`9y}>r{ZJWUf1>T+ChxSosdBCCg`EDD;fU>|yt(Ca+8KkZDKTz+E#KuUm zwBd$ADEz((0p#rpKdFVm9#+{*?v9m7<7Fhx;z`vTDW8hxd z!X{Tn#dyo2^V2aSZAj14_`mH7cH^pjx@4h7 z8M~O&ARY=mFcl(eI}+jeA#3{NiAgx$$6Ger{OGS;Z=a@R?18_a?`HqG({4ch^JGsR zpwk)iE@aE`RYNThLRBZ2mo=_JG0S%tQY$}Z2_ZVE+b=Fm5B5sYKINX@a2 z{=J>8N=e z;J0D9>g-N+)dtR|C&g^=de6b^^(*v$AYRl)$fQPwlw@+2RU_&l1OKF;Mws>bh*?|B z=U=iC9+#Fs7RRP~kzeS3!&hgPic0(p?}mqPPZ&8fvp z!*k;$My$@CvWMhI8_LS6MypMyv=T>a=8cdq>nJSI>SxM3<`w*N-{IeM>#)l2wcf14 z{kWM!IW*EQ2~1gD@l@dLY-DXz`42WrodqX*?h_R~G%v#eCGgfcIopMoHF|GwS_GRy z-MwAy)t@Y_ABE$CuUO@R%|*(7Dc`0xNx2%M&whz6Y+3ZQJkOE+fYhL+QD|P5QH->k z;yH4om%dU{3(wOoAl>|8*5C9)Xrw&R?mW!%C5!84r9VTBU43;=p3Wz0?bIe!KKl8C zL$Bar3E9SfAX1|LK+_c>V!d8u|2ADhE)v4OWW5zWW){wzXFAC9rS{4pPNAD*R`dVC zoCppSBm%ZF6r%dnJz)DgKR3$9-j(V(e%xa9IOVe@#EA053&SYf?~YbSFpc=oT3!+K zgn-fsNGBG?k|H1=O<)oNZIxKZHRCJeUk=_O5ZV(9Y4O)fBH1Wq7o=y_vN{7YBApDs zlt}6v1zP~7COnk}+M%VKq`=ehMpFQ&PDB`x0T`Oj`=y-8tdDy|Tul1tJc_ejbi+oW z7zduJq-~LiXDT0|=)DX29Bu;YY#<$KJh2LSmqh;y*awl&*!erz;ekSj%9ka^R(Q08 z2UYp;spjopN6~nICdLmOnsTor{q(5PE3^24I!Izu?x1zCj_K*m@OBz!C;bLgc{`SP zvPdlhG`n?Onaz?`j9kBtr!;lfzwqdw%^pUxMN05QgUrni%!w2AVLp*}gnX$oo;ezH zNqE`7$4TJoCg-u7{yZu^0Q&6p182W*AeKTXG(HjUbR4r#=6qWUVHUsCgm%mD0|6c+ zYc%$Pjyj!Ek0%lcp$rq~liUmvD(dE`{c;n>KTl1k0QD%1RO;2{f*+-b9`8bn^=r2; zBOFQ3LtL^c01Xk43VH1K(vg|(Iu}F&iIwdre+1d$j?zfoA@1TxrCeyuqOX`zfY>IO z4z#IhY%$X;1KAX9m<3*G6x$>3f{1|odD{X8@L|6`Ry|D20=SCke@Yw5tgye1fLDO2 z2$BMnL}P@_7}|-P7#teI012uBw8Uu@AT(5)F#tAHCZPziUj!7CSTvd|m%@`C$Gtx4 zM4!(1j6yC{3s5K3JiQZ3IAz-zV$XvXDh_w^3jy1}qekRY`&bT7fQd{f8=&)~CXH}- z4e*DEU28*b>A3z{|8q~$cT8GUCbchN_?Xt~zVP}F3`Kf6^S6TXAwuQ1AjZ504}`HK zBWRy>-(kh4SD?T9YUNYg)<)&I>SxJg72nXF(EE(ZT4P+=7%0q0`)$uM-T@mkIh3Lt z^-+Qa!vhJ%=g*|Dk@a-GDAej!iSy!6)A;FkAdpZ$0{OtiIFA*&$EyjZd7Uaco1s(h z3>9U|^rl#|0?HNnEr}Gl#zKndGN^Etgu1>;?8&UaLhGC2NFNznHpP1-`%;Or_u~a_ zS8Y7?pnclGf4GWgQ=VF30~-;Ijmr67)A(NnnH*iW&q&^8qABfSs8}1*`tQaR_E*YD zqfq=s>Q+3BvdLLYd+wB-d|$ZqiegP#3_pUS^xKKJw?fQsC-Rza+juBpqr%YnUXnp% z1V6ZP*BDcE!#@$=rJ%Am{PpXx7X_>F-4sbrmnw6N3SQ5V?*mN1JTvnr-+K24%HGE& z5@tr^OZy9whcJxRVS{wITMRRzpJImzKhk0syI)(ACxpsjL>?Y~{!`+rw?O9qJW4!G zV&ghj#ueHoNlWlB)`0aVa*V-Fh|emC+cQt>=BwQG4{+UZ)6d!ouDDgyLNxlQYD&gg zA(#th?1Hs`nyT1dD>y=RFZX}{%$9i3)ub+Dn(e&zABf-SLnSPSqU|wI9*A_vmT(c!ISM_HdN|N%=&94d)b`%(jkuMo!UFi4IPv1#64R?q zv?nEoED+AA34|(L=B!K$EZCp?_yPnzt1b+l8YS&^S4roAPrR-cx!kg$@5~pO82S8j zl*oG-akC~X_3qEKDs0~v6tZt1D7Y)%`~lGSg80YI_G=4ea3iO9EEE0RKdY=G+3W&G z*JIVzIevCpIJI*9tp@8b-|8D!|2C%l2J>Fh^{F6CQ%3TtGc)9I^?Gd}R&cul3>YHX zYn}9It)qCCWrh-9#`z;UBs!%QH9l;5RR*N+G4xRRXyW?=c!}^|o@~9BOol?t{Kv!Y zPzJ^u_1O%&|q~ z4~>O+1Bcp}9|l=KX4q4!Tw*dRYmtct&z_9hAC8AVbbS&1hVNcLwK=C5KNI*BYOffz zA3uTh7i$|r9ulIf`SfV9Ud{BOE6WOD!kL*L!gLNriL~XYJ}69(&q_dyEAt-Y#ps`F z=u6}vV#W*u>!n;hE5BJ(R{J5I+bcPrsMyU|#~H(I@?ZJZ`%pxus5j;N6Db?s8XWfz?>-l8IESk~xb?*%q8S@YAwn~o zGM=KOLc<(UB`o%nXC?iV(SXv?I?a?^6OV$DvImEc^YkZf20RuwqzUQdO$^G;ah6U6 z%O~<*n++vAf3$3h|BS?IOSiwrNMpH)D<6}2jAcwrE8tuI(Ok6)+c03+0-INYln0-51@OcXum%^|Z=OJTEa*UCZ7UK~7cNFy8T1FPL0a`k`@W_47xo z+h*9k3rzo`oWb{<(bW(2zo)vDDwX=egOe`{>V3nukDdHtU$&R%fB6sOC#e)ZI`I4b zXR$$J4rS@sT$5LP$OyhA_&6w;cWlUR4?;q3DDALgkj@e2^oiFX;(2gLOMsx$AgCrO z%&8on%Z7(=_QWzaIA%N1+_B@KnA;6;(vBb;0wAf{|C>Gt4hW$xAf%{XtRCT(csTGJ z`ykJoM8>%TY=S6B#I|N5wrFm!g};beAduQ2i9nMzbX9;HVH;5^hcJlQVHj)VdcC)hnvL8 zjyayGcs*^xQGi$5Le33PCIA7_UqhIVp~EnyMYb)KmtDjpKzPcYJZiaF=;kTGOZFk< zo8JT|6!x{sObAsbV-)Gc!ELFC$vX=wG;mrf;pQ~tIs{#`R5Q_HFA zKl^*-T+*6JE4s#iZKRQcG5Z#!X7Mr#MEC){*QfN1jmNy1AS_u)M|j!pklMPN3Bf<= zKMrD=PFA$m#6}5wr}}{PZR24C-LVGT#1Umr+9e#Bf9f3LL7fX^U#LM#fonj-*m5rz z7QPWeYCz&ks7~^WnL1nB6spbb0Ow$JBK%(Y%PqpC6_x}FEhfCp&gvgWbm@&m5x zL1J1>(CsJ|?VPG+fCkI0a$u=pm{IG@DGJAQd7gLceUclobTa{yuLUEz^kPem739zfUs@%6p@*g^WfgeOSxVS%YjeNH z14Q5z%zr>FP65eL&Ij=g5;I4T`#x$1soCxj2pi{x)-r&l60sZm{a>akB40K>l`vi z>Ha9Q4y#LPSdl{^J5Y025emhue)n~Fy)na{uHos2 z%CiaZRNfy4J^%#iO^|1&L<(LzxGs?PZD`yz-l%@RwYjo>bN^Wh|36DM6I}z**ka>^ z05ljAF-3Os?@8LHh3kS148BLH&9um$&n^eXk5EG%ZhGm8v?K{GjLu2=c*)O@6;Wa! z+3?v`eD7Mzod;N7TM%KDkW)zrnf<-ECE|kx=C{#j0SxL1tvZ1O8MORXQqsDt=OJn~5mwJoSbmlLh)Rsw^cO5Ta*fbT`)2lFh2&4hv!wFIpkwb^C`I|?Fhl~dDEprHr$yye#>gEwq2I-L+kk9Y zarIdu?xyVsqr^Wb5#0k{p56xyE=vd0vyrYZB|^qs#&BOfT}za%^U8#n&*Q3fg6`3u zHPqT0R8hfy8{$tgKGqZ0BM%fV^V5CBSG9!%{<<%`dC;ZgE%{KCCbccI$6f~Um-59Mhf*OCzszT<_a5Zq6zS`v@4dS(hOsE}@rwZKk3{;7n{T@b+&#X=?CV@)mez#(IeMg$Bu9g~2foaOp`ffI0cxJoeAdjSca0Da%!}rmqdm!Y51y?U&@jsT7by^p z7ZO&j9TB4z&;iT)K^$q`W?27}L5pF#cwBw{@F3E({|EW|&wQ0vuhI!-UHeo8jq$mi z!pY7-;1e6F95KpLOeuqO-2rmsv1%o1AuHrlv=dj*=`?iV*T9nW;k?7{{*~h!VOK@_ zp-5-eu`oltGaVLj_?|6GyZ|y#?a|v1Z2TZO^wjz2MalP1?LSIe4?K=-*BPiMJX_#n zQOSr@#QAiYg~ndOAQc36&yllJ>~ie9Oc7(xCz^e8#U_`Yg%FhpaSzsv4U%i@es25a z<9>2Z+!WNn6}fFL7NB$Ra{gc6BJ;X~jM3q$gH(RjBdR=u(?^^cGdIF^)-}7e4lmoR zQk;t*?=Kl|E9MJnLKf|}tLkK&1Ku+Y+~yZSvCy}-!`Pe^<|M%pvu@mvy2*0o(t!)r zLzekytSQ3oZomF>$C?~pXZck~*zU3Gf1t1P*?Rj@|A8)k^Sx8jecNSo-885#_Pn^T z=?7iASLR@461g9U^n2M4W>I3Q*0{D2?O?EdW?)n>JwT}(tQ6;k+b7=n&Farh%??#! z%COW|NuLbV+%k5!$4jI)P%jQjlM0RiDUFhYfUb=dKiO}&N@BV6jvwG+B3$~qwB!bL zm)b`e5|vpL6kz^cBLHjx-Ic((8+Wm?w%0$ z?!)awO~O!eoo3tOQCR2ah=fDV$23-}Y>yqf)bhH;S+wKpprw+0y^N2wG;LgGQ8mpW z=*vk$BSm$-K2k$yb1gu?pw4YpE?6SGRE~bY(Rsjg>>`j(zgB$`&88$74E%=gu(Sh5 z(c}VxK*-DracPkF$C=c|94uy)ejWt%pmbI( zp#Mqb^<*tKq@FJJW6}eN#O=-ydXO@L_BNG!uUL)wefKR-ul1p$c@C|@Po4xm2x;g= z1b{O}!i{f$NdY;SN%tL3yb1gqrDv%$lse3s&S9N&5qs!J=Hz`dTD`2mgdoliuh%<# zM(}|9VM8!*xe}VwOecEmNUao!psP$7McA-D)HI5dP==G!^oI`34RT|$Nolh|rlIYe zaB^G(da!3zfCE$+A+oV$K)j8%ajJr_d!W=d2}uwUJB0r4s4~A%&QlZD@Q(o?rH)7|d$~PQ7 z2Ud2ViEFU_M}3kXrGcQvyzc|>ON#9HiX_at=){LSE;O!9L5XJ6!`&?JJX05Qplt^Ex z=BYk#@%i7%xo; ziG!$8kc7lCR!h9KS42Fp2E7Nx10)o% z&lYLFW0PHFFm@Uuiw+aF;Ge5OH;lroAK zFHeJ*(~d{0#UZQSpcPx){J?n2N5zVQ#J#OwXDKq?ikRnijME?ZZI{%3bJd&9?pZBOJ)d;shkf?}XO2_4 z!z=vqd((2CW^=`DhwN*x@KIMEd%8|$(-SJI0WB2fKg@p?1(5lhCh&?gE-@y{LJ!g$inwt&0 z3JG6!H8=ajv|va!p0S;=y?%NTV!l>j%{1}KQ0OghJOus7iB{NJbiA^r5fPJ&7lI*T zCi-NA81b$cgDhDKPE>j|aAn{zzMrmI@9?>w>BveR1%4Hq__#lUpZ|STxOMGCP zncs3AZ@B;ZEG|C9WdZ^^VAW~0l5j+SJlSB%UnBxEj#~f_btihN{g`CCR;z zeLnPuFpfjFR}2jKt@l_Sbi`U{^_uefz3qA2^g$A5Z&mr5P0H21?#R;QBFHsObRq}1 z!V-o_71i$>4kd0ISVJlD%gi8L<~YpfZ#wUbtD)x=CEZ8$x1PbI6%LdJ(~oBuzL9B3 zHR%ZN^KoGEr&K&WSsQr6Q5~-iL(7aVjBnyV<4chC)RFfvaJ>8T z74rkti*dM@yn*13r+F6T%EMI4w}z|QQc@P73vo!rBPJ#g}c)!-ff~X`OSm!OF*^BIC<1|Ekwc&ZHa7MRK%dfKzAVfvi~msgEdq zU)*e8s%3s9qxtUTXcHHGE!h(xf?4B&$LUxJm8ZdicAKAYKN@SD@9Nyw{jxFeFbRyY z&2oP`!KSPofUMrlof)?0c=hG8DygT?rOW%h-=aW8;36So?;hWyU$vi^E*XtfI$xl= zR8H#SyB%Yh`pD8enstPFBYuFhtd860@Zh&V>EXK@A~Az}m233WDN%qk}& zfP-(Ntel(WbOaPlZ#_sH8{e>(K8yz92#hub{pH9(27T215dw-i0RMytA+-EAI;g-{ zWu=--BoG-wa2XNO&fBGO3?Q*ffBYbL84T+DY@OWZ_tLJ3b;ofcuI(7e#|Xm(*2x}a33-XN3OS% z;1U~>Nt#0==R~2=P;5Z-~lV~k` zH6p4jY@5K%;PC{_vQJ_(vkw}i+#Xfj@@N<}-TpDE_btN!bN~%N*dLkSQJhA^tOc8e}-`rXv8Eajm3+h|OM><&`x@XbV=x z-v5)p#$!oNdl8yTG0eC!d6O$Xp+_nDvSN;nCmoA`rjE=Bkb`Wumpf172MLDr)LNd2 zfyj`$;-svUgQog?-mDZOjP(Ux33{$z`Ea=<4st+21Bp{ok2V(9s8TVTVpWg8S@!H4 zI{}VkWUlparKH_!+lbFgP;3-Ct6)jtMGPNZi%jMBj|{OwR-hX#CrKn@jvR2Mdg-X2 zNC07=MA#JyIGB^Fi8fsscHQol9nbv-3Q>*RE;%G@+qwqo{xYw~Qnym%z}QUjSo6IY zySTn!8S(6i350yC5%$UO$&0af(yd>su(qz#m=ehFp9T4gJN9>R6Jmk7h6V4xdoPOm za>PfQaKj82veF;s#`j7dCF#9;fH^$ptH@HZFtNfe&Knu7c#o#LVsfaGg~ot9%eCvC z6(uqz3AwUWU9Fh2nD3G%B%eI_qP0-{Nk(^+?_SOU^&o)={ry@(UC z_Rk{j)jKEFv^W1+%_b)8iU>#{-@dw=r8QbZLpr#zE5lK1{zt-HFtfi0aDa(^9ZIp1 zw2)Cesy0O25n<16wLvS0(XsX@agX44*k)9xr`ghe;B!q4Or-fUh?(bT_ktxpe(W@F zSpDffU;Tae=tYN8kCWn5I}<&*L;C*6FLtaDyh6c0$?&ZCH`!~EwArW*L(Lq6_*6>@ z)Aa`pFv=XjM4LUX&ttCf8hk<=TijR`TWUT#W8RaXVo_$OrG-Y1&>HW;&U+uX=EFCj zW=J?}ztWp)lPmPSh{vKu^^SE7F6Dt^F&?r&-?lV=IS$SZvyDRhq3HRpJf$SmHI$~9F*NOV zuPJa>zzF%o{iCRzKN;8|iF&EQj$*nu;t}y)|F>+E}&pOxP&d*mes$ z4}*;??ZNzMP--GHMTr~IN=eXJ7d}M$E$+=Pe7lRbW#P`H-b7}#v54}T zbdZDF?5O)#E;uzryjn<~`XVV?(n3&)(Gc?b74N&OKt>^*?Z0J-`NP7mFQ4D zU1`Z_2A|C1ZOGb9SrJ+zcZ3QgT^mpqlV@cad2% z9_|ZbH(%^Zj8+xt$DjY=)TUVQcbLyyKbu@V7pb5s48r!zl%rm0)TPXX477BNKG(=g zpdv%jWYM3(%L{D|+cRIju#r*h0C-DW5y@gVXASI*9u4-HT##@+EU$XCWX|Al$8yX^-& zee07b3143xA6neY)L*1SxaJp6U>bH=48cm{@co6;04t{ICn`7&VtAJI+NzNEQ(99S zQMI-VN(h=0wva85OPPO{Q&ougx|RUaoZ2M5rSMeP^)8cVF6`v7Wv-qZf_4S zta@O;re}8rHo^n2URS?Q76=p9<$@H&tm*eSi>}m-xAHQVq#{zH&S;4tbpy-ZAf^P1 zIpP(B8CRY_XpZx{JFWqsRe&eoyX{$xj++!&$YjA4;QLZSD8u21XLg~F;uPJ5sa52hz9XYkAEvw%80Tg2|N%-x<$ zQ<#@aSlMliz7S;>&!(i;ti|Ek^wx)-mS7hqOD$}snKuN+?4W<7VjdHkQ2B(0Yqm9`%=_q0Cf z!KazGd7D947J+q5Q8jO(U$nv@B-0oX;KRojKONWtxRW4~(Kg8-%5^C<%}~%UaC(nR z+&DQXSVG8`7}D)muOdz$GDYkPCe%~A9}ltsWjIX{?? zUbe8f11X152msPDivM7pqyVH+%{-{%I|;$T5%|~i=!Pvx-ggE>1YUl;HIXj4RP)an zyEc4ohTAjT{3WyRraX!k@^bavBI^4e&e{omJ7}9*shlRxqMlXI77FxST8JdVw%~?P zT5&G?KMQz27R zl`0VP&Y*P?7=?tw(=#foO};RT#4#a^o27qzqwX8zi6{OI1_;zaewQN<`QCWZ9l*u( zPEU~YMhlxU8Vr$EB!v7v187&U1X`La`aNvAeUa9$Ljq+8&jRC(nuP5F6;_M>Myp|5 z&q7FR-IoVFBo9Dm^$FuC1iDB;j422}Pa@RzQ$7Op2ig;7Pj`>RDmMb9Pb3d{MNbV@ zhnW+61vwlLh7iCh3}~pnLzwV#8ELnZPRZL zynAdrdlJ3bB%b8saj>Xx@BNdRLPq}6EwD$+P01l}6olF8NEDdY8~DQH5Iz)ju5Gci$O?acmwgE& z60$tDcPOO0v4!&@b&GwvQocWKaF~&aUc&J!L z5T(I4{g-rb$?^SlX7`jCs;5FfLsM-VWmaCLHn{Y?HwOp5O;@dadd^~GnT+L3F8{Fg zi(G}Bhd4>iM2|v{`!KkVgG{f?gXD8Arj?W1jD`Cb!yG5n3zVW7`MOfku#iInb>;gU zH|(`2q?KX>5cFil+pui)l2BtAW=Lv&#f~QRkbgLrgwr`?9n6I{g9z~#k#KsWEk5_R z?+;q<(?WBORnO3fn_tq)4Qs5yWZpA$3TV}3cV~)k!0BpyI5p0X=F7mkwDeg?-^xKx zQ?0^{bWQS8=_O;0q&x>v44sYv-Fw*u5f7wwvcLO$R|QF{f+rU7aI(8OIj7~tN~>>v=EPo$sh!ZUvKx6KpcvEgy67YGO z0j`_PdbCY%$PV~6j}w|RAAk_RF& zrG_;XrrAx|fgL2=*GJ4rWyr!yH)XpQ%|BXjHRv~J_LEF%fT4wf+3@_j)J_axC}W-9 zuYpEUCM?sQxZCRYu`x40yU1Dix>Ta&GUtbXjxotJ6*7{wMQ_iUv)!yRFKt`B_L5gj z;|y^&INq36d?t5qRWdc8WamL?xlhQXJZ&~(Xrp~fFF$+X{<_)}meWLaWpyyaFva>oIsXL6&Eznb*dZ&PXD;mXHFH2-kZ)*U zgmmxdKG9iS`jFFB#>8}Zm7A!^sePaB8(7Zl!*~T3{;YdgWl@WPKlFCQH55P@NaE)4 z1sd0Z`N`c1?0vFLbTtoU0$+=0x^rB=X0E~xb;Z00Vn%(q5SY5raj43r!tkkIkcuCL zJqu7wR`i4TsC~2x-DIH2^_2dj01xG#9+jw&jB1fImHZ7x8gS|1s}*$a|MY8+k<&=! zZw+E)rZI?~Q-T~_#5gJcHSPn}<09nsSWqo{QiD&hOU0=p(b_c_jEZ|6ym2;D+vH*4dqy z*{1<*VgV`!B?aO*B!FBCYBN@y+_-(T_mqm8=W}?a>se(=meG}LNH$5{p?CA*E>Zw% z-JWN`*j8)F?52lI1eb-?hm#|auaCZl>H=r7a~P*&ijrvImwVxPOK!f|b0*(@Lg$r; zYxDDs`4r6?bZs=~qXu-FJ<4Miiis_u_$K-^e%CJo;EutD_LV~ec72ID1E?Cw$jC0-hJg9W zH)irn-mL#80R?m()3Zw3aod4 zxD#9ahS}f*yn24b(AR*Qi?0ThgOZPkJq2@}L_{!2xJ4BHh@eQd>5eEa6|#LTZD7an z4r}z+DTnBsm?Z(KlyH%@L@>_{pO_eUI6aG*s~4>aaR0Doa{fsT5Vo~R2FL*#8Q}ZFLod0r*q!GUP%Pnd` z=*hdK8bZaeOwWvSQS9ve$Py5yCc~L<>-=S7rk-#p{{C-j!Xh3++T&RPHr_!lnS9oO z4uydGnvJBXh%=m_uD4b);bZHtpT{(eBp{1AQ_hBv=Abw95jF#YuF15p_P@r*-_TaP zHQh|Xg5(L6rB&*(>!sp7)NK?FXKJ3l}mL9e;sKM^D_ zV(Z6FXf~c_Ax;t3w(Dwgyz4ZY&R2uRBZ>$E)fx}-pCapWp@UMOE5A*EYDpYS@#At( zFPh;AKH@$#xu4G#sNfgn6#-Qe>jR?VV*lb@D+P|jiB6X{9P`Q)~YM^Ik{U0`ryhgWrlZ!Kj(+LUib@(wJ? zA}!tSnzBB;d;Q!Xe;Za?oaZ6XR%{5>uMJ%POm3sE^*$p7rN9Ah!d7JpJ*_sKF0c7? zpodsPqC=zLVLLcv%7U{%Q5P($NO4-faOyL(J8a5TyFx|$iLTs2@^NxT&SHE8;;0&& zsPFan*XAFN@t~|XJ$3Ud0n(0N;8KHMES7eHq=ah^YF$=pVR;fR=vH6-Tj#38WZv>@ z>hI82!gvi0y#Ws!*D8cv@zA_&%YBHcp+@9K=GSMYcgo)Q%1KH(w!XM9dBxWD$>N2& z>B5JSh4=OK6=VEJqanBUj%f{K3=j~puA6#UNvFYA-1F(j_g`5ZLD5Su`ufGae+E%n zeu5SLG3oiT93v_eg#>52%<-kx!LzMtD6JMdor!9M@omarQ9Nl;D0xXyWkJT z4=OlIjrsI?sJQ~=m&X>|zkm5^pi2?I-R1%{V|)f-B=C2BLRNU^`-c~ApP?!AiA(y~ zC`3mDome+{`wZ^;hVj_G3v4|2gyJca=&8bt@9O~^=H8k53fxtl3U=X(-v-4(;@YXCbi|cl#LcjU%9TQ z*%*&Zt9mHTr8sR^I0Ayqn5ZySy{4+M)k$IfN&!~0N~}TM`~qr}wI1%=ul~KRK3Tmd z<5ZMKV}3lPPs~NP<&uBH;Ay z`oi|NfO8I1?AX$@N^YU06hl!1__+S{deSF@_UDYt@b7J=d*lN~Wg;J49X z|Eq+tmIqsNW`=(YGXX+xi_gEW1MQC++7B&lwmE6Dwhbo#)LLHfT(kjn+=bh#h5VUz zw`4C=CDepJN`IEuKyqvZ@>raBijj*bJ%t z(z14xV;H0-G}mg#ApVti>QackWRC!v-Y9lYi+suOr7mgt7;ai7Fdb&&o}(wiLal06WT_a1{#-8 zVxga642&_)wT0GpJ}V_|k$7=uGRMl}O)V8g|7R|zAlr6a2lK_tusp@Y?{ztc*U%{U zJiS5*_P!w-UGt79D5)(Jfdm;3MqwZ24yH`IhAEmHRhG=~_oj^0g(-@~Fiw|PxaXPm zhQoytPdlg>{sWmv!kaJ39u6qHA}yb;w|~3gcYI$--Ak3dyD2Wry2$wRKkBYzR)nxt zR9J?=p{=`i*+8&-HgR{6EmBVH(#7@T$}` z_KLK3*Q?=PYH7bqj$g=9BV}9jQ2Z0>?48$0Ed@JNeUuOLmd@!obmh&6DES9+^81?F zzI;w`cUmm1@3%|h?NC`X_#`XBJrX%;-1pddhap<2&+rnv4-8MW&7j z!jUPzZ=fERZi1VC;-og@{yqc>1e%f05=J-#EeNON67(;il7b{)&?c+Pm=I5*{;eZh zfPoiRA<;giI|G%#XyLWssP;(%37D>lym{@^2) z=1SSWrQ=jP7X;jX1TVP=>z^A?4Z4hF)q{OjiFoOrFj@ol?C;v^UJH(5h8FZ{&SP8f zr1eC%SKJ~%9^_3d)JX16EjoS9|eL~(-|Y_?vcjVK|ndTK=$m=MOzSfTaMF=_o><}H~~?r zAa@TLz+;1z8+m1T6OeyFu17XBgXThMq)}&>Nh`*#V|%1K#=%!59jqDHBK|FM>8maQ zrj+E(C|YFUPq6qQ_0lNM^!mje2>-`QwDfCdnmailqmi^q2?&hG=#VV18!6-nn>*F!%`*dgfI`L`^IphsZfQVkJG5T$1d+~)#fc-H?&ptdsfh|~W>5GF-% z6HwyA>QR>8v)&LWHUe{y9D)r_zuu=0i2!w)f(9kG$lhmw0tWZcYCFda(X^XYgleim z_UmeD`YqyM5U6uAoq%TDr)!C)Kb}s6a#PJBC5v9KPl>n@Xl2NtdlKbdov7w@&DGMAVT`hAOPsr}rCrQ$$bt(8DjsTIf3~L5cBwh{{l`Xu zwZUKkPCb=~pQ`e!Yez^sbDMKXXU6Amz42EQFf3xUIj`J0{C9%NbN3_J>vkWZ#jg7P zm6u7%#m2wOWs+*&;pZCEWu!D?!Wq3f1hIjWp6WQqzl4A9ng3%^ch3y7zC8^;3#h>N znE*6`M;o^*liuk$Ke`=stAhB-`(?k;vepYLx#BIT5PH>(IeRtfq2-Rx=1#v)c_XqKmKF4qR#zk@AlcObX5%WgtVGdz*H(J5+mgd7 zbTs>A92 z>W^0maMVsoHoM?36R;#Ut<$f3l{#7_Je9#S&?;EK%mJa?G%N^QO!?N7U~U++o2~r3K3xWi||i znpw5;Qm1bfGIb>Sye#HS#6arvShg`KeL-6c_?4he#9Mzd{Ke?@pHrVB()xGPzK2fub;k3jQS;Q?8#z(c zPM1T1)J;lMtsy2_M3OZuEzg`555pJdwF~`n9w4P_ZADImqZZ|dwt3%$k0-gm)9kc5 z+7(-?s@)Z$+EL2R+$=tG=6Swf>Si;6p)@HuEHr zzOSi2=8n(we__m1)GATgd(rZI7&)Uh^d7fdihN2|S=f#HSq3 z)qV$)oHs%78`l2-$~P%t8}`>=rbD*;@jUq=EE>7F+>Nz<5^5 zrrt)@z$k_vc*JzE47?796U>;btQRj~RTcGP&h5sXObM?yXrl=lbCCi@jp+S*+^aPu}~!&JUQsOT{shld`1A3PRG1$fOm^ zQ;W!7_(xaZ$JJJO@;kqyN-mzKaNqJT@gw6ZAiX14XL#=>uzLj7S&)(kt8)la_$)`w zVjp;%h&WkNfQS-N7!Z(4@L?Y%O?EHCsb}LDwI&Zr5+>GE%aJQlVX0~f1o}CJa#2}* zil+UXT%TjK>7GrX!}^(sWsKK{$ix#tNr}pvDM@sAvZTxbVfSSKMYxT1&397XGK0cy zKZ&5#E@%4;YEpRWYwTQ{m?^33$Icy;$fb2fhO}_}f>Hh$>QTWU73*E0NdOyns zmlDia^zMydI3lvzrD1aO6>P~^p{hv}=NWQ!OA^`Br6gSL@l%a8bvY?}%`Lq%$!)a? zalM^RuX(Iv)6CuVlA$t}kgDbfN^*@1#z?pVY{ehz6J++Q70Yk$Mw?GkojU1q=OOdo zQNGpI%wMSa624@)Q*jxyXeUjSH3@13E>d3lNf2AxxY@>yWxf`ECd!3`V{WO`S^og% zCnqroGRjlHv5cjKv7Vx$(fR@KjU&PMX37AInklOMXUs9<{vm(wy5AM}8mp!I=FdZz zz?O}A;KvXXVg~VITLBmq5==5%l}HKz77=uK5MTfT@gg^nCeIGG5x&C$T*D=nC=?ts z!rGyo2~Si6A5m$bbN*U|*O31!e5f zDLjESp28dj-T+SoC4-0uOigOq0>tu8=aB(9BDa4?28+uTM34up1+kOK56VF>7e(QV z$I=4S+hI~b4h#dQjf8*a0c==cE{iK7<-5RSMc`HM4a&)S5l-UJrO|8(Hz_9F;4+{q zGnEJoh&{^SG7}*V8UpyS2mp}$Kw6suiw5psEli0)`I-XdAOzVZn$WTsg(0-}Fr|@u z0bmkI>;wgg;p{4aVe7mF(Rn~n3{;=S0>t+e081DPqbGyu_K%<0^}t*No$V629dHCH z?c76>37dUlQ^8?Tu`2pQFEA9TOC%`m5;|BytyU@ZcZ(MTC6*~CQy+K+O8{A553D>% zDpRO!z2eot${^${800}Ah95=vPC1P42{q1OYggi!|EcQDIwq5_{QzZ^r8ox!AC zjm5TrkSN_Co4B+(SS2ihUR02K#Ev6aL#L1k4yGTBNDHVdVYs{q1t}$NdoYU!j|2-B zQMm^2430>~ zoB&6=zyK+8yacU~s!0W%?*Q2$Uhj;)G0SRaZiA>XHfOzt7pAicG0O;xY`&_pC6;B8ra1m#I9iD@rA-;o^#eO zh8~r5s#>da4hSgmPq~a?%`SWY02yYOJrobpHrj5rsA-#1mSg;{b^b+L^v`tW$jnmk2FQb1g?%SS0ah~WB1Ot??~0E1|$^(>)u_?uY!#5aKGXk#G>OV1}r z4p=)xCnvHdG~DIVk?2{s;47>cPe!ReD05z7!SHOgE{zpyOxd#)St>-v@a6;|1RX_5 zWa@TMal~`>{x#Ao>aR+p3CgZ0P6lw#4?>eCDP0>Xq=TA zdYoes0d*@{cTy2?BpvxzsEwst3hJ|068I&-&(x*tUJV8ziPhpYYpTR5S2}9RDwwqr zr5^7W!kj7X6j3Z9+&3o3%%~N0I9!jjNmH*7tkQ`xNba>ao6tEuqPg6<4J6)tmp@^T zB7`wr^11=GN3vXvS!nxdFzP_;2k!O>v}MB9g}UjYu)gz@)GV*MYH1q0N5@2pqsTwY>h z)TJEd8I@JEKdO+5?88kil_cnsOD*QB+%><}Fr6O%090c0_Z2^E{n=v%n-R@2rc%tq zusStU(@jVdOxcBMn#J$Jevy$z)w!w9km^xgG2qj!mK=!AUPW!BW6hMHuOgeh;^exP zFjnQ{%Cjd{vd%%mg-28|Nhb_QArfb=_T&MyhVv8rA=BJ7;`$bK9KYH9*?cznm)cld zYIQxFBILWCLDWvQ<2^*d=GXi(V?wryT(WB@{?Fm#G=pM%9Y<8Yb;;Dj<|!b?-rj_0 z$wvA;67$cx{(LW=$m(o7HA32|cRu&zeDN~2wx+seWnB4_Dps%^j>QdJ= zkdw4kgqG(#k}r}xmmEb>Cn))s^q@EV6Xn#XI8JCm0l(%aM@!+D=JHR_^{=Bf{@GXi zzx$E#+=5F1+B+HYdkoQN0XHTP$7=(m8}VoaXkbAO*MLx|YALbzhIPpV z{{Z&gCBO5@iYn*X%izpA&-^t02d8C}1Mw}J<&x=2@yj>--18c#r7b=f{?FoaS1rp* zqo3^lEa$pnRX5@5sY`GOI6s$_JxagYevz4W`flj|0M+;=XI*c7PtfLT@k(q*r+8*i z66T_29a~vYsii|q!#GL_VZ#Y$@rF>vXFkl#rE56cI<4}OIjMa$_@&DdX)(NWrFo+o z%e7KM@SH-HmTg?L)0>SdM!yXr{zYl_hK=2et0=~#Q_ktMpWbv8>1kIHjA1Ckaa*o3 z{QXRtOm>R3WfG>8DK?oVVA8o|*rh<+A4tn|X4Y2^?E6+xsjEg*p8OsE07Lpao4Wa) zWn|2)B+Hd737DoLw7j|*4#jHVsO*&PqiwYjuGBRfZ6?vztMXsW{JsV)T9Kx*&(O@B zmGFFplknV+fSI3T!l@HYPG=WcN=E8Dl1V>U@vEBiy}6xwpIT2W)KqSBa%ONkhRp(4 zD+mmo;=&ujT8Eg!$AYHv5*zS`h>hTYyLxRFN0OHEFglzwLl8%15YgmD@16|>wD5^^WULA4|VMVS+;v8P0J(>XOA+cyV6_AGw4bs3<$P6H3opT4Q7wrmKo&`|S*WLoe@Wo%tf1^NO z79<6UpHQ=#@BY~N`JY~6BqSub59ty*;1BflhKVA~BTe7w4UCo*uZL)`3bhiTQfy!> z><1t@KJjAUXyBH31{P-DSarbb3{qG(ZX$BYE1E!10NNb@2}l~ad&4eAOJFTQi}w5> z$y}9^9B^9j$zZUF1eZ~_FvM&{1_T|);}Vl3QbW3r)Wd)enaBI>0b<})0Pf7`Hti0U z004xLQm4MrAVQGDayDoIaw3A91n(9iz!Smd0g?eXAnm8L1dFRl0Ct8+qC^U@Cug)U z1b_*607oRTe$N3oVuc+iQRlQeXmk{$oz%zDCpjhHWVYvGARr{5kM=+XYI`-Ud%!Zl zx`=l+fNUZ@mn3^$0st&SeMb-yLYMS_0(Wj3c7OmojiDYp02FROJjCN*!@wMZ9Q(q7 z9FWh<00;qc0tx&eEGe3x#{59H9w!6w5iky)B_Vs(Oa8IYcxhu$ZTTK4^yahSnoIux zF@6V$QynM-T)cPEK3$^~(lH^)v?-9FDpVBUCg663c^y;B6rF=Z7RDJNQ*#jbEKqn6 zYbo3Ege>SKKiMaEh^eeHW`q?<@;X$YU5{%-`^ya=N%&r8FegYAEu=OWIgZFZpHpGrFRyrmv8ini=SuEng(bOVkWty`CB7*P3PJ zg-(j_aek<|I_4meX4ruc(oDm2x7_potNbkVW31tG^G;YrE+nL#IK~)6nw?Ezq5~{? zC@MB~I^LzGwd`k@{{So9f03DMb8&Aka$hI9K4~@wuFVpT4jo0qw=lnn9Z)j@tD*LrpOZ%Vbc=l$)Fz$|GQ!s9%(@s`k zOt86mXe6gXNVLj@pOqtoA{tkK=WnJHsj0I(1@&MKVyA(ozUj{^({eYY5BLT{uBheYX7#4edU> zO&-~ZNXnTyXNNea7sQeoa!|AOStqiT7|lM3Wd8sWjT|Z6T+45EFTa11>}tKAT#j=w z=4^j6Pej~Wu&EM*Q^}N&iBd=Ip(4p1-%}e37PM`aA}+k@l=UsWW9Cyq(9P96~xNoL$Ym&7Asb#{$k;lx^D4UqeM5Xh8D-A2;U= zmIQK%JR%esH#{^li|kP;q|AI{5yEgRIe5l5iAbZQlpbwGOwfcRd!MXiQK2f6QA;Is z>DRfap-L`K$!>T*RQ@z5WO$fAN-*!VEyy^vY^Ff|b zp@mN>rw^)=h~YEl)6`SW6C_TNFriYG3xy+eQWbmCS%(!Auj6o-ZI50(0M&4~J{xB^VpRvw^&9mG2UhC!M@_6(yr9-7Qit`sv z@k}oUR&vXgvN62AmFPId2GUeW0W;;FJcSZN1q~(HDpv5+ZfVYb%3kdM0G0kvxRG*P zoV41B(!we!Y8NhKxuRsHqGJ@OTqqH-8^5$>B^r=$n#z3V$duP7+*tSNeaRhJ_!y=5 zMC$iXDyi}5)YQ0TUTmeOmpYzIsY*#rcZ5h^j6y(IOSw{%2`5Z>4KJe`{X50d)-5ab zL#fF_FRADFGsZlZmOGnyYP9NFdl^UP*!iBLpnXNJn?qNUa5>qZ4aJmGgyR{0TB>R4 z2xmbcJgJFssS^SeoVaI;?0UVKO8=kq?I>6b#fQPEs8^sJy%$()mo#+lG%NSL#=8cq&A&^gu+PX+c5FWV+YGPYVoYgi%6oS zM)Rs>=?Bnqqv#yN(^IW3ifb>>Yg=oZ>b}a}4pQ=8i}GH)9zUHvE@`A0e4)1mM9^o!x zS18R104d8ic+fSz4>ram&zL_+^0joI0apVv%l`n}O^&O=>;1A{272$&uGiHP{$I@> z9#W`~3;o#Zs&ac2lgVmS6fRsmR#ha65TIN<1ybZLY!A_*9(xHPoD{qJ!tPY$jLff4 zDD#dDT(tn1IJGj#I{+r5e@IDvSMX*XdTWz7^ge5_hj+(QwP zg#DvTwWe^JFIZYZb_#oL(XEZUy0L_F)5H52qPDP=-JK{;Y+?O}pU7PLdSy{ds92P> z0=Yo>Rzv9|a?V?`#=*X%Zxtv;S;pedoT*Zs0_=AY31?!+MdbZ4_*9;{kA@75P!^=0 z)DnOxRm&9!@;!CNI?Z+crgOLOQoEK-hJ5LVPWqFqXUv6!V(KW<_KLa`s&EX}nPsH< zg+(^{mED{D%-ntrigpX9$zvgE8bkyBMNYGti!T-6`EwXBsW zjf0ZIXr}i1>rk$$*Opr2$cajGmSpm6K)D2S7>RBp;4yD;1yMEt!-*z^VmFHsOoB*J z0B+FfU`D~EL9GnAD;X{w;l*tPYz#Wa1kMFr_B{88iCmZk+;-j>av>tbg=|GB?EJ%| zCs7T}qC+TN#6Tul3DgTiq#0tJLvnu@kjn#;xqvdrEKA+s46;BOU{F&qfNbn4lta1V z0hG5Qg8>taj-ErPX<}jt%M|>?hzp}2q@;oG0O{Zz{opQ(2A?+8XbTfUKvUawiLWd-KKvv&d&Ps}qog&jS_ zB&ZaGz+V{vhOrxq0Rdup;QD-All70E&#+U#31CbEEzk)g@rH=WWK~|=JXsz_MQbit z!wk6)r%N^L*D)z%aY%8b!;K#>5<;8N;20A&0xU}iX!!_sBhmygiZ^E)UMvAllASO3 z!$*;m$R-j?zVPdj(h#5q2l0m-AzDBz54->-rz9PsQvld$QP`Mp6-o`LceBK;*z15F zGD$wr9^9K^%8@iDDCuRdIeWe({l7;t2hWdXS#S*I}c&YZrN_x6)l`lsA!%5;SZQElP^)qD{Y$}#i zrv?n{SgC=2eb3)-`jlVxSK`iRSpNXUe2-qo5TSzA z1Ap^%xC8i1X=$|TBAp@s0K6$L?MLxPfY#Jum@XQ;Ll&w`i6}rSnJ}<6*msVZQI@C{feR>kFiE9d3rc9LqT zE99oGlA#l2D0wGJSW;E&MWYW5JTuR3tS+r8I8}>_U72Dk7bu{HBT(FW#7dfyW-m@K z+0S)rr2R7L%_T+&)I66%ibz=?Dxy+%fa{|pZ^Rcdh^$Md2LX=j#FC9UjARfq^8DrU6zq~CTg{S=?Ri>j0=qY-~ zXY)qt&&0E$v2hNi=DGg>Gv%(e^rPY{;QoBP4rfSfusjZ)VpUt1r6076ScCqOrdy>F z$=XY#4s{n$?R4AiCtFT%s--XG;jb;9<)5(VwCk-iQqM&9eV)(kI!vq7EVtC$6l3{v zteJoW*3-=Sq^yS^_Z^PJMon51x0WT`rsmS6y-n7}OxeZQZaCxKD>0lIj;V?+Y$4KE zBcz1tQxYtfaRw0$U`2VZ*W|lIbRq|%#Ov^ikF?NLE?SMerJQynn1=*m-CA4SLB^z0 zI=l}*P*xPu<0Ud?AN0r`Q}5acUCxe5LZyAF3rUjNyjL1D_kEfx zRHWV)Cm&H&r!JW+KO@UJt?_Y?GDw+)kNg|$7wz~fFc2DCQ%PktL{p!0f z$KZ7uSA{Qc+NoRIhu;1kN6o!N>Q;8@mL>YnH)E3~1fST_%2t^&zq*HE@4u{cw)WI$ zM-WG%>AF>xmrtUMF#P-driBtwE?XpR$c(0EO|}%0f)ta++(Rw|Nil1&85m^*+(xXQ z3Q7vpN2DiCNKsOfMHn_agl1|VwqaEQVhxm?ihcV+G}9}qN_5^DH#uV*%^4dPPCt{e z+4L1Y8A8=8x@REoE@Bkvn1iuGfl1^=Rp?T?iiK5`_&+rK%y&*1%RMtDd^zX;0E)>o zYx--`N%$T#0Gl;tnR0M!MJ_^>CSsj5(*>SWsVcciOBBYY=UKPVrqWN9)hzxCzm{7^)twp0c}JyPFvYT#M9cJ; zW*H{FnrWt`K^o>QD@vBKNmA585;Z82!Jg5>>UC#zsnV-e=1wwMeoGij(Px9sZZ)k> zSfx^})bosdH_5ZtI&Hupc8S7Eb4=%jmSScs!IyH58mwP6<8=6aI3L?pEF=@y4b*)E zJt$VMK8jIo`W9PIy1uHZTfxdtvOHs`zZp1XGM9&Rw+IyrX8mc1A&{O4M7__ti2m$! zHhvweQxdwC7m|OO-06M%+H(_@@LE6q~w#*EEJ!+nWYi`0HK;AtMJ#mdj1Uc-=kOl z@}I1K&+5Czp0M8r`A1|Us$<2j@(6MO=PlOTQ zB~@j|ZMM$c@VI`a0G1SPO@|S2=1MD)B`HD%l!3nU~~U_;Jc~dGiD` zSZZ+g!|}-zOxj|DH9;bH04kk8k{p7A`{F#WU9)vHiqfUKa&5=I$l25IG<-p)M(;_l z8Qfztp_HV(VV|s@WVibdVHFZ8C5hD2QnXD#RJEl+Nl-fwMTqu}dP-5se4cf6LcN`7 zQLhIXt(to^@heod7PKne7}<$gCuSSN#R}w^9E*stBDTc|E+2sn+^#_>1iyH(Y*i-k z4-GEyVOx0^hlYjFoC4T1Cr0Mfh-m#@I?R(pu#K!D_9yl5C#nr)(e117vZ5sjGjXQ za%F$x0c2S?Xbgz#C{a^Cc$Bg-lgL+Ov^EkgPja)di85f{0+2r_3*g0H%5FZeJlM3G6F6b#@RJpAd1+jgI0|pQb zB9ylQKwcxI4x1nh?SJVA%VO|_U6hjl0F(vMcxTh;7ANT+Kc8U`072cvN?9yR0;sUR z@`g(Ut(cow!^e@uQheKs!vRs)9@dFVC4e9h+(VBZ0Ocdi0V1rh+j8+|Vb;h~aN9#9 zNm}e#xVv)<0CE`r09a`9I~9A72HXBH>yf*WoTa&k905LEFaW9riiviHOa&)mJK7kO zvPEhk$-fZE4uw*D*5o`e0Fv5)_p~&5B_R}|T}*u2!w!~3a88!DyaT0x5ToV=oU{Oh zn93z1@i5VQk}j9+dxsFfLWKbE61f2>1-2fhB_X%K5*Pq?Fv;YQ_w+F!LO?C(@DqVl zTxm|gz)ILx0l|QtNJy|S5&&5)U?T)4pUMJ4E*<~@Nl?FgLa(d@NMoe-cY<7iK?FP~ z5#Rs=$D{xv(o#OWKmaAwOKkw_f)xNCyabiZxF!Nt%mQYFD_T;d6p*y20u(zCV2q_2 ziN}(`luza#aq0;^iKJ>Vzo4Nf z@1x~kq(24A!E)cp2noLRXlsR#!h=swVKhCZ6g(dO4D$wHzo#Lp`Ht> zaEw-xl2#)-51N@32-hlhpD9ngBxeael=myAT7>F!DQ;n_%#sH^qSeWr2qucw8QvXo zSsGYVe(%#;Z_Ho9=xeqsDnFkt1B}|n~r<%yDrQvCRm_EuJAEw3< zy%=1>rLFrE-r2(LmLJw!Gu-H_sPXJBUMq*r@np|NscQ#+PjSq1wJ5kt5;+=_r$&7; zt>$ykxAEavQ>9dM%lh2{SY90WmQchN~$D{pEKvpw=;&bY!;n<|AiBcyi z3o;fILWcxyKC!EWD#9r>hIxLsr0N=NS1Q!nPlwt3%~fVGiBwEXxfLZ6L9~<>07k-{ z3UQ8F-^}JGQgVFkVpd9(T~9L&#Ho=wOw^Q3mo`{ZR+G3O?-pUDn7lvh$cVO{W3k}9 zP5m3+4SB~FpPO8 zg?$!D?Hk*F8tK&~({P7 zy3jx3*o`uzExncmbr$z__fhJjB_-ybe*+y*ZFU*T zgQR{i-AJXyu=q+Km8Rz5xPz$_$}b=^X;B0Y7{QcR?E1Mp>*8-6%~(cU!f-q*Fjdpg z*Dj;&bh74%t;cWCg_PF?0K>fPh1*x4v3 z>^dd{vZh_OCKa^7#SJcU7E6E*!`cionMVw@H0x5pHh%WBM(=`|DEBYL`We?gspW%( z^rNO&zBM+odSv*tl&vKJ!BJGz5iKFPQhi7E=S%qI%(zK`TZtBJ{ zUT^Z`^zMlMh_15I;u10br*&eBE+H&t;n+NbTRvzm=vtMgQg_@H#)jv_^qT3R48J$B z`#C)0T>53vDRoh@r7Du_{;K?Q_a9#L$Ke~{%ceq1^yLXym1K|y+p*OOm4ZIJt93&RuGHwa!wW6YU+o{!b&-ev!OKsb&gloE~go z(mMgS;Tm^Ba$me#934uvWj|=-+x2GVO;s*!mTB=RB1LjPv!0RUo;xUTuU=X(B~Erz z>VwQ5ZtLObOudz8``b&;&*E!y25`zfEyy_aZgs|_(t%e*@{o1SQ6hGhN?ey>$7>k2 zl^cyuQn!t~bF}yE{5{Q{o267D|bR9z^}#TATZ zymqS)s8DYjrg2u0*&}3+Km>G@t?ljO(?%*Q$sN_LrLC1OXF>`w@=G6U=k3XkiD^p% z3}hAsX$8ALD?pT>oKBfQn@>mc5nW%X{tT|;{{Rm){g?P3b^;Yh3vQc7nLn<4-yNpU zm_JFRu)dICNe67jB#-?R*y;Q_@p`@w@I7nj(og+oKkl>RNgJhOfgPPzo)2uE@-0aq zUgwsIilxC|AxUA{Ck>*R43z3g4`aMnj1}&NmXL)iVOoh`9ZDv^SYKi33Zj&oOOo36 zcUKWnt2ZRL%g#O?NWBV6voqc##L5{!mM_6*0X&t@NmQdOZbhOK#M3ICRJJb0b3Ijd z6-R`ohr>l6Sya<7615NjVAj~Z`HXm5$`=!xmdx}o75L&FB+;#Gp+}?Gt@qAeF}I=m zC-9d-CVVMmZD@ZJ0`mn23I<}`--7KPWvordS+0}fO&&2;_Ts})_SW-ooLXtc;jfvu z86yzN^((LGz9laX)a#prRiLj9oUZ9e^HV7P^tVfwGSzp%oT=9T0E)Bfx&Ht&(J6f( zX}%z}R(>eA_PF}Bp|x20K2(>ZPtVZJ!1{qlRftK;d7}-Pg5vXm5-95?1xup3kQDJ^LOCpvJMF|W-I3ITvp=+0 zDFYRJ!|;ZPt)ML>R~yBVDU^^>k_(d#mP&e%s}4vo=?d7Y1b_z+>0n0k1rep8qqzc` z7KiVUATIy_ohfqw3Ze;d00Ji)0U?(FLA&}yfQsDvzyJZ@88ndyE$;xt77YOLl0a`W z`aoKq`6IXu$%tzuiI5la`oWEh6IlTuDbHvU!0F^(9tm(;Q!k^AYI*V&D)Ao&%)mD(wjQ z9wLQa&zzN``= zv;>j=04RpBxD$9xDCJIGx|r4^RF3@uMbp|9FX&a674CB8d)uT*@+R;naV@vzDBswgIsXe(w@s#@ z->5ilABAQ)l$cb5E?$Hk0^kxjc-dQ2oats<6*7-8mTqE-bpU``|bArh7KWtVmM_)+6+pLWjyIbiIV0df<5BsP8B277nE5_tSZN61*(rpw0(mnRs_c!Ds>ZDB%O!1Ly$7xK#7zjJ7-+bOpiNy+`+Xp`!a z#XZk8>u*yrY1zGL$(FUyp0`p?le zhp0);*EFR4b04#@?O7k<3#D1v2$4^i(MMLM)k}zv2|)G=a+7;+8XJv1_JetjSDM`N zJzwb4#5z}0qfgpH&O5)0OOMFylA2us*BuHn~8YD>|kWpu)SQdu+$#}4%97A&iX%Z)s&iPMA1{wT8o zC(_`EQ2?aW5+7&L{t>*yR)GLyb#VAK-b$dpJ@5R(9EL+p-es5#VwST2;CfT}n zwB1+d^;g>Slj#ncd>DK`bl}p~Vi`tWKVM846}b5m?_>Rt0#%OAg5BNYm%P_COU$J{ zl>0|-zn{GGi|?d8e*R5Tnx_}pE&kV&=~Z+Ss5N;94$iq(Eg86M>SvKdN`RF}Ly#1i zL9BNT#}UBC#5!FaLUxs>iKolq`e)F(^T7Tm)pST|kxryq&rWkJZ@wQXo@0stDyCB` z_;XN7R)q#BP}~v0AB=VsT5wWZqs!}B&V;0pOzjlYU-)v($X%vzN%EJbf;41 z%$O2{j^#$tnF_gSMQ&n7oT|-23oY=G<(cQ==c5@7QzHsHy6+*}RsR!0KR^A!1qa`Z7{{Y92u zyEqVtI_>cuidly4t@IuDVKo(=BL5qE#@X#7SW66n2bFMN`u? zYif!;G@NG^(!x#j<2{yf-0Est#)MruFi9*tBx)yMwe%BaQq@vSl`>f&a;6}qXgq=q z-Z#B)sUEnshsHSh7;=P?#xPR1{pYozO1f|=lmQnT#bN<7l1NEA+T6qAVD2&lS4r8# z)W543#;pCuy%|+(IurOa?#V8!K3e|(dRUJ$fAJafbK0x;v*usYSuG=@xN6kyoWmyH z`Khtf_1jj?SU&&F)x5+;U>FsSJ|O?Gm%WTS#!W zEENQjE7^>liBewf-Qiml+F^J^s@w{v6`525&<}?xDgd|+Nq#tmsZuoSMh#~tqv;+H z({FqsUsbJF6(gK2yJPXmgeEKH3bzplnPDk31us>I`m{y`lyWS|9wH9L)(r-6$qG0= ziuhUmC;dC=-T{U5E3Nrnb`wQ|OEh#Dn-40VDM%9(M~@^8Xl+bXjX<;MPVvHP9viP- z?ycRtv();WUpx6e{{V@Bec_7t5dEs&Nw>^jKPTVdeV3NA7EkIXU6q^i7G$8tFuI`h z_4s884l9O<$#2?=_vCb~(JRU+)_maCNT7MDrjn8%&HT6^|6ZxHws zSxUC2_!qiA$o}pMo@}=)_7%RH;KY0se#w)_(Xvlt8F*Z>9Jydzj*6#syUfYUX@4N-EVv=mo4yCyRfbbW_PXr}Q?eu`LKOs4Q zu$&ShT38w^RgzD49idATc|M;=)LG-_=6#e!THS<5@!1OYcH$i@43WiDS-U_4+%Oz|Fv$Qku?l-Vp@2mK%n0;=mB@+? ztCkI85}pPFI}gSjWbh44OO89hFdXUxm$Cj(2VfMEkO$S^Bq29&ugU-k4*&ogJ3s+u zBtQgU%yx)x1YimTh9`3ioT5VU08Ux}6?^?42=^3icn0Yd9V2gO2x|c)fjyvGF_!=i zvfx}qH-K#*O_@(iB+aUrlmT~Anj#eHRhA&KEPCoZL2hu^w^y+o$%swL{Upn(#w#VO zMEpWw@aSoe@yz?=e(C`}(Y~dmQM8J!eKi&Qyvdu0X_T!g`)k?sujT$H^6U&FqtulZ zlCw8du|b)!Bq%OaikVGAO0CC-Ah;wQmc2^#8$#CA@egBZ9*B9bto|&jwxv>WbgiT8 z;QYR`__F@0^zu(pGTNzRB{J)&L0tsUmI+gQg}&(){0vT+s!qz`Nxa4E{vYIUzAy0A z4-n}Sqc5)=;{8`|gFbXJ=g69>YN}$IZlmoL&QXe4cqy%MZEV-Il3Ceh1NUR4a@^?fl+V-u0MPc6{{YC`B#-|9 zx@-Rc{#eh1Q+>C=E!`ctoe?wIGhnoSjdy(s?xem~+z z&OZ!Tg5-4`prkWlGt2f4nA&P-J0yL>uSc&)r{|UUKhX8e*@NZG&ZSZ) zauS36q5kOli0AdIy&}pkH8AJdM;ZC~ekUX1Jv+lU6dZ1;#!~ou-zV7nb0gpwHdmvN zYpBsvS|tHKttcQVO>&fybcf;N%vRE=_ z0Cv!;7}Cz1;`lF}wMttx_8i81!6nnxBNe7d37ct+!n^%rai-ii2Tok0itz=9v#72j zu%AC4^EvMsGRqY|dv6;z9;9M*>YRe)8fxSxVoEeQwyie|ZgK#?6)my7l5 zM!M=L$I44Tdc*s2WXA5|8)qxj`G4Y5^h@OQ=3Ex95$iT6ye>*-tkKKDWg?+&QDZQy zpbH!55$IkW@!iG6IpTs+TW2k=vmcqE@ehtJJUvP(6ndpEu-WwY;P2tXrpuL6gY^DI zbyT#CHMr8vQrvyumH85VQjrBaVr7v6epJw6dn zOo};DM7e3QCCf-iPp}(p8kg;5F0Nmx$5x!H%c`sDZ@b<7yn1Rpj^)EkBWpgEeWG^%#Ru%Ac8Xu3V#+hl+#*$(EE$kxn%fqyPY6wSW=fv9-Fo zo0c=3+h^OBI#tV~8g!{)MPYVcN0Ig0rrkd4HWON$8wrzyW0NV$X>$rG5V^9K_e$ls zOwcfF(m<}7`aF=6ubP>0zol8aNXhETr1sy>qNZ-_iStWu0E(x+8(7xlg= z{{RyBeTSJ|{T|D~^XjEb-Trv4elL{%J01xxs#ue*VhFv981AJ6p2iPUmd0F!iPuiX z+M31@#i7$I2^7;2Q%f|ZXfBfEG2q2gijwJ)*qK2~c6u%W@h6N+!zAEcP{Na$=&8_C zB6Uo{it2D(v{Zmppbp8H7M{Rw8cArK6}_d6Ph{UK8H4!8x5hXUQOt2Aly>>^C}k?; zVHlrB^94>ZFBQS1)=k6f(uq~F7D|$|1V8OSQb-C*06Ia%zLR3ni(`9s`s05EPEnQ< zPcf47&u8e(P2In;s`@xN+_jT44s57gswyQ*OofEh%&197lzR|v{*j+v=8YO^P44(L z7k8HSi{E?scRf2M^xFi=^$4v@p;K6krflSfN%Tn;jV)W+w+p9)bC-IBdg}|_USH;U zMlL|dr-be**UvhPW<}uUFEdIhg`K-yGI!%7^Ulx4f`buRf zT^PgFE?SmVnQ7&uB`!%a=CB>k_TD;Q4^1n?o9zDp1JwSFX9()j&+)RmB!jEjYzGS2GQsq8Zh?>8{^4qyf6d!->@V zEq7|%?S1$y@!c<_D|~S!`kzv!Z8dc?s@e*vQ>0W%Ovw|ZtSJ)^ zpbAu#4Z#O-9IsPNrgC|yN?2=iU6?Y)4Vh%ilZ@fwYNRVwEa_@gxzy_Y=~ECw<&&`~ zA;pYa3bUsD#&ntoj5V(gPd1f3*UTDHguXFpm~yc!<&^DN<7P?(f=t3I!_WupZJf$8ux}O;`Wvx{;cBqp)Z7%SHnA* z$M{XSF)@3buUwD_00%o5u`CVLh<4PNb-0q3Vpy?#w-D)Msk{M15pm2pTarSsb^wp8 zI#?CH0I*YUclz{;$;E)s4 zB8`A!0CfO{fSAj0*d3nG7AKH3-U31c274W?0MU6Si<0{Y2TuSga1{F(l(JhL&04g1&M4z z9DQ0R8x}=@Cs1~XEsGI}xAcIvFC_UvXddH=O~Shkp&G#PXVg*i<7uB}ilgQ*!>$Ew zOgo5Zk^nT@)+~=Br;%oEVTmeXyd0J;0I&iG9iq+waw?6Vv^04v&P7+WF)NV|q1fIX za5$=Pu=_EI0Tc*BcT+=0l2gGsR50stR6*JuEDn@N-I^=4`Bf4QXFdaXq51Y0o96{I|P0JU~I zj5`g(Fg!k15rW~;DXFBROsO&@1f?Ue0yGn;R=nLxl5M{;O;OIY-Ab}ZAuj+cfy4_ab zsY~6D7{leKhTHST5%bSeGMwClohx$SN`*YBg>_1`eXT?8RK>T0C*?xkKlbBnPzxdYZ07M;S_TeL+}z~K^2)KX|!B_ ztmv=pNBl_m>!g|Q7s(m1IgJ#OX3;8A? zwT11BX)ab8$DR*u%N<|H`TQ^Zl*E*|vcs;PsU95BXK)VV)Dj~_S5K*L$;sX6H2gP8{16A-7~k-VBx1z_Mfb$b9%>*W$a333!d`ArBq5@m3^H} zs_m&Dk_ha^I;d&%>rzvpET(9#{*LHWkF>I^+I^YTWzL{v?8Xx&mlKyNa)qST5iMVy z@rhp2=7P&xdK`WK0EP8kJ?3!A^IM~#Oo?+AlA=8b*v1o+TO&&7&JW&LJfGs8nM$a_ z6dVI8Xh`~}{9~~2gz&1T=8rG>N5ga%qx+8=pGz*9O6sd>Q6&hv*EL}wKIH8k!m6bD zW4rV`no*OMBfr4&?Dg?M(F}%zF0VJs#Hyv6(qS_G(6R2Jb}RAUoAX{RFD-PFrsiEuRN*F#RV7t5Gv*Uyrc|~|`a1hY z-j{}`Ql{$OR>V@v#>p>M{{ZO_)Sj92sdc?% z%xkU98G?AK#3ZC4D8uDx0TihSwVzVIi9~D!c$bQ`D?M9M>9mJU8fnHq+JDUcJ-rX9 zybItxJHob&(ucn;Tj$XpmZRb^1cK$>G?7Z0!aXG=6@);CIR3_L^npdlOn4& z^b)E@QO9Q`OPPfbrQvl;H(-DYsgG|B(m!%N55vDo8pfB3I*fg_H2LCbe1D7Qzp3WB z&w=eOoTqHMCFR-tyL^w%p1AZos=p1ntmN*mWcsWwp+#S0oTQag)d9T8Gn3?)owm4p zfNdW2qwCsUzisX8swpn(y7X(5{{XHJEY!4H{VJ=4cy#%BKZ7`=ViISaL1XA+Yb+Y| zm5h}xWXYr@K(SYwml0I4g5HGD>G_(Rf08*msSDDffRdFx!A(rjWA7SjGtJdx{Qm$W zUv#=8vU=ac&VS8WgD%#iI89C{ntGJWl{%@sWT!wa;*T<$jas`#k5ROvLZp3;W0l8m zu;g{B6z4d+Z;nq!qrz~kMQNXeVrc}c{w-8O77r|bRecCPk+1gCrrMl-YlE7rZ8%3` z=DggxiVWjjht)}1CP}WC6)kBX{Kvoh+($)CDNxGYWAHj^a#FV0{{Ro_4tH+x@fBhqwgB!s5A4@v`#HLa%c4MZNwaRT}23*oWR_WV@ zJBN+lg9y9T)U&faH|WL?sjJE|U&7h&*;O=}Rbn-@DVHtDT2Pc~VH4uv_hOljZkF=j-@HDDG|TbR53Bhw@*U#aH4umM>Oo zaZ1UP=AXYYPTt*wI*GlfLX8OY(^&W(xs(o!uZN?xDtLrT4B{{GE6My#thEif?+E!Z zUj?G!-V$7t%aS_)0p`QBK#k-Ing~6gcvhbx^T880Nh&wC@hc=V&GBZPj8siL&r!d; zSe6mdQdp#gOt2l43M{XlPlzja-N3 zc(O7@Z#hiTV|hOe#cNJEB5eFW6->Pnv3xj$PXKI{xG9{DbW92zfZj4AT4{9iA0xZ) z@6r~tqEL2K(zvy6dQ~vv>eFeo#iz~rk1Qlf&(sK=N&f)r>@re}pg8fQxm1#F*XO}_AS467XtpTTxoiTqEC=Hb zmP%zLDpm)W^A04Wutk@1=>p_Vri4+{%@zvgfNi`4bs|Kh!zhP%l(0i$EVv`q7+kPG zH&ChpDYtvTPf!ky9suefweNkJ0o0QQ!HiBeB`}1Ov`Twmp5#9$iAx2sk`#v)h{oe4 zg9BL_FLD?X!D?VnKJd?i=H}!3bn_ua%RpS72?1<*Bn7c~00a~75tWkAEMMso zT?gD)3*yiee5cX^_%pX(4M_iG_Lk?`0L=&p@52V z7>8qLiCHCNNs7{wq{A);iCMc43%%k;6qkUI5?p|8)`wgGg`NKZbYI#eZUCXWfV=|% z*aqAB!^eOEgA|ZG;zkvVDf_@N0lRvBa1bgL{k8kdrcfO7;ntEg-2y_yESv%SgJsPDx@bmiR_ho}GDo z-?Luo<-L;lvzk^9)vl~gRLokUeonwh4Mi-Z;#EmMyrAi)2e5T}M#J{aGe}MpQmIqV z_*drN+-H8#rsKmVHSk z@ua%HyuP1RX=llHUj%EeZm#d=*KsD_+`b6dolL-%8(J}=$y$m?3nUYNXNyuz7A2Ck zEoFgOZfydFPz8Ow_D>ws)Nc!SkNc={B*G zw~l;|leMKE^}T$5G`|zA_;k%#qXNu$o)?8;lT%MK2B@4ViFEkM)1__Rir6lDkB%U|J^))?1>K%7crqf~=rWqzpMKrT6Wa%nDv;??tc4Gek ziHwVCD&8$b-*`vD6#O!(dkV6YCx?fPpL3T`JUJ1Qle$pYO(Sx5h07UJ5ljoGjhMqG zH$xdDa&BTt=x3jNQ!Odz<$njql0WstZ1k6lrTum@Y$E>vXg*z|nWjpC{n+T`$-i*- zkJIna{{TI{4oG`{m399B{{SvLtHodQfBIwjo)hDRj}X-OL-0O}%~hXf%6Od8fUPtW zNJ$P4knb8eM>0m2L;nDqQU3gY6nt^hY`r_JxzJ$wzZID-T%0Ou>4iE%6CkCugrIpv z%yd^(p{LO5r4`D~d!L{eGq=(7$V!A3UOfI~*}tP%&!*GOU_z>Cr7h*+6b=ls_ELcJ zAo|>Tn2UWv+U^+6ACvsN#G`*>drPI^H_Ct34t{1MSB+v*u}n^*#-BYwbEcitc_-E` zYo&CVk))~8P>%@fCsrn3N^tZgPWaUA{{ZNb7*GB?_!{nq`+N8t?AhUSC8Zmvr62*h zC7K_I<(bi^l-c#KM88LG+9~AYy<)}CSxHi`d^%-_Zt?4k^>Kj{gA6 z{{SR#x`&Ed_ia`moBWaV=26KRUnOAD@GPN#QqWP#42pVbK?#24w?3xv#MZj6by3u- zCfhkm)#}%uT}d|0thp(c00?NWt2-38lsQ_xpcNzpv)n*S7?Y*IiOV58F-GH58DzdT zHCd}9<*eyP_DsQq%cx8F7HqV7g$sztx4XEtmsKfa@GPfRr6=yZ9yQcXfaWZ=rQ(@I zOT;Nte*oHg1HFge-;4T3W2bAD_dex+c3yp->GL)eu9a8s@^N^7Q8RX12A>SaYH8Ok zM_h%M2|R+8Z5zs(eXYb)rv%gPV_fLkZSGxKY2@(FkB^Psu4PJmvxH!j_+*vOl~yO> z3#ZpI-V+d#bc1u>+B#nccw6PID*lps~fC7HDuxc07yrXC-+bi zpFcndo`7FdlXmaKX}cXC3kV1n z0FHKv%VZV;7=lDW0VG=YYZ!Dc7=cSg!tCzv%u7k4Tw={`ed(q|>lRR{$vsQTv^drm zQj_9Q;u1u}1N+G)=uqKFAdU<@rRCO{a;`0A;Wgeb5B&alHJ8>FmsH(4uu@*9z`qs0 zp^9Etp{?pi!(M4Xp{GpBimbJd)!t0Bq^S561RY|`6Egn*#&(Zm@Ym9txT_0YQVq9+ zrxnllqxq-uJkwb46e`Ki$7jCJkF@x1OzARIB+O#UVq@1_lUYZax)Y}G*5{(HH0y zO+MN*z17+7ed9JlWYQzd<4CsvFy=h=68H8#Y_ATQ(@S@je5LwV^TIOs!>t6|GMzOu zKgz05r?OM~8T;~nk<)l~l-2iCyr1BDx6v(^?Oq^plgGNx&N}?djpkLRelb|3B|jvT zI6{4gAI>{zBz;Xv(%R2zYkxlFK`mg#&n6RMWs$=GT=C3G#zjdsdk$Vnmx0jA(#15$ z1V8Y_S>2v}cJp^XiLjPh?|W_S2_qfwW?^`KBaUK}*ftYNsns=8M7a{uE~OFx{%`4X z#8l-NuBkndMM)?}EXe8wHeA4SEp8c;@p-tGA5A;Mr>>bSB-H5uDQN@lm1-&HPM%&U zwUxzaMb%v`{oY?<72#9rXVzJV^n79SeiZPDcyk0kD7GVjccQr#fV5c z5_nPp@`UJ;~ zUo2`>*Y=s`ck;#kU+*)jQj+Q;yiq!N|mwM)^4)2LXF5MHG~kCscM6p*E$ zh{%k36ZVfDo&NyH^<6u`nqP$^wI34K_EK1Ir5rkveUt4K=HETIX45BS2^l_?p((^B zRa95a@oVSl@TE+dd!k74%NIS=e)5%OB~#ilBV*+VHPL37Us=nyh(HzuotJm56VmL0g)CXuwmK*A`Rr0Fk>a~Vkj3j zh{8rhWb(vVaNtBdm&LJ5z}JytU^^dZj2EY{gVH7K!D?>=AR8EB*u1e)%DT6JvM&M< z;fxr`bX&j=l=)0n`7KO}X8vB#79UXp;p69?qwN7y2^V2^-WUKp$LR3U9XyJpxZjvz zmm;YJj5^?PR>e2sBm_`zFz>WFdDyXVRFzXT1%vjgadab+iu&y7!@jFNhShA zy_7kC2rXgsfC;JWM=W3fJ1LpZ5Ca00r~?2DK}vVqXoj+Y1$=?LM@cDV3QK-4M0K#L zSlFfhu(BcWaXn|udFunDqLY;<*DDX6rT)0a>8Vv!I}Mfq^QJ<4%Xc>#fM+QpHu^<7 zM>i^)$#A^cvC}D8POQDQ@?Tah;Ys;7!u!4;=>Ayge2N5T9HWcN%r#XBB4%T$o+s2z zP(Eapf1_gHp&>1?0w+|v)TH_=Cm8u~zV1U(xYTP)*w>FlR}o7K9&69%leSu>Ek$JS z#AuR6wMH=j09Ztf5R;@461f3YDBP64Xl}d`n@1hiPP=rgpco0qx}BI4OjZxsF!>4b zDyoR#62;H=izISHZM5ws_f@Es7&g57eWsUJ@eZ4$QFE_REOzC;k@^1s@iX!J)vmit zsLQ!m#>&}cWTWgfRU}kZChTXV>23>DrE4OPOC;{-B|Q5}an$-Jv-L9kJ>shkMw+EJ(N%2YEuMWd$;+8% z+A{X;c9CjaF(xBOWWZa}%9Mf$bN<+rw;4c19V!ZFa>WDA{we04_#Uof{{SeFZ}o(1 zw9oun{<|5LQN?6@xhZ85$ZKfb_@56} z{{W^Zf_U{~#Fan0AHe!IHx;WW;zV&lJO09>Ngu3@CWN!AQ2zXX#E+Lg6X@pDbwYlL zYF3;gab|mJK>BYRJ!WbaNwe=?5Kb}EX(#9TA4D$=9y@3yJQuMM%SKBXM2OSa_XTL{EqWYYE~56@+rlqRF0Y9%3h@Z0O6_o zf6&W^SoZ90n10!xG-&DSY7QksDJm|ixmJJU5cMLR349rtpp_~7AK-qh$;7MalxCu! zrB(ouWe&uDSn-;a;OaDZ%eSXKO|}`C>1xm=)uc@Q+_#WSMg!H-(br6-u~jguuw zD@wsTknvwjOvKC203p?60Dw|;7kCLz03f7-lELCq$t!+J=4n|d zSa&fNxbSj${{W*|Gd{~Ru`E1Gs|jRQ$nwk`f#E~Y#@A2QuPh~qJjcoKUrxN% z**-A%#r+!nUh7_S%Jg|-Ibjr-9S7QmA&OO|VVf;0GPLQG2b{81_ki_}OYrZG>~!jN zXF5&E;}Pxln!RU6p1IJYE}T95&rtYj{T}}S4_^)mla5p1hcMJegdg@jcb&tGS~YlXVpXIK7;X%t)7cXc|p|dwbv3I*V%yTUo(Vj`>@g%iS{8&rg>` zcu(WO`43l!qE%v)q`G`g2dsSoL4NCVBoOU{{lE>&fm0~uX4CL=UVsxm-I*1?-wI39q;T&-x;sTz`5 zlz8$r&cc-HbXZ&Ze&IiUM16jqbhp^C^LX}{I-l~`_SLWrgoiB-^l#}nTgfb(92Z%l`r;S>FyXu z1sV{9-p9=~X~s7b+q*tj{VZw+;ktn(JLbwy{nYs1X!%!(dOyJRKcaoSOSkgN@IOCk zP{;}vVB7w2)Xm`fVdcoNC6(_L2-Zi^>>1yPl<>$)bJ;NDiF9=6)AGts@`~Rlomb4O z$@#WsNd-<)FWADq3Z}YI)!^wlKPODhs$pA;CUqVb2)wBcrhPy!VnH%eNAFBObP3*;LkWKVraL1epj256U1rObT~5X&(BKq!fUCr(&(u)Tfm#rtkVy)dlq81P zQC6i=>N_+#RE0{GOv#!Q5~UDyfb0n`a3g`!G#Zyz?uE;6QAy!^c1O;> z5c)W|yVd7ytEWlQ#GGC-_gifC&UxJU0Z3gzn^Lucxyw@4$!Ae6W7IN|Ngqgp4I;?%Y;yT<`5wNdv;YmU-bEcUwYM4re$*=+{NYqK= zlB8jHo;JU-;k1jLGf5>f$I3gCupXtM-AKW1RI0%|Wc?}V7@I4hSu&n$YL}MiQl%w9 zLedej8|@xBs7L+fS+4Sv`+xX6>rj{bbx-ddmxtzLIdk%kV;w0z#W0NO%c2V`)Z*FW z3!uc6moRE6*uE}+l`jmSXOb22s&v(U&O%6Y=Q@Z4r7PIo3Nn)Fdn3>^Pow+0yHE9o zr8RGEpVpoiQtyS9-=|J}aAF*ri005|^(zsTStV#1vgHs`F!^V+!lqqW4oB?(lx_PU zL&4QeN2Uw){=cl78^0WA-W#VYe+$v+d^*!!`~K?wACEq#OD<9*%S}9>iE_}8nR2Ds z631kXfb@i2QhT0Jd3kkzURA5j&T{3qmO!EtanE?kf<_})K?crwi&80;!RP4?RVi)* z*IB+wLGH>60JXsydI5Zxs8AQHjiakc}g z6H#yjTy}w?I+(9!ZeApRY3M?yDz^84j=Y4I`oLQmAzSi*e4x1lOam!wLPG#JfMp;* z^MJN8Bn6RVC7>-&0Qo^aune9^lc+mDSr#LII7YBr7D5^zzAtcTxi7p0$>VYXqnD#wOM-qwJ!Jcy&DJ3w0oAue7OqUf-_ z^)|v3wmwJHDFgr&A3QEkw1}j+)CbhVfD>z-p`tQ)2N1&wy-xf?Ca^l-LJ4N%!xAA$ z`JT}$W*K6sDrRkk;mbujb^~MDB@Qa=3XgV+BghKD-LBB%EQm-*bIsZ%axjZFBopq? z=w#LfQ8siQ+(1amAZkCH1PWE8rOn_ZAQvaT z&;ZIyy8(Cz6iYlgv>Cx6AzBJu$v=cfQ3BW>qZl%gJAx#9rUH<7glLcfq=hBk46+(c zoMvk1{vT6{OwG9)6PuRtxrz#%S%)NeHDqy7Ao(VO%v8aBlp||xs?9-Cx{9d}U#z|l z`bNUvP^hEq>#n$YK3Df;+wk-;X}YnDOAZz*IibU>i*06%k}wvosRBA`f9mIolP|}5iuc1T(aRq zf)69sG%}4!a&VHvUAvmeW-X=_Cz{{RWtimUo{KMI(u&|(V!1F}|- zq50~KPN@YN$@!srRHS-nl(X{(4&#r;H8M%885HUCtQ-85o%2RQt2KFd5h#?u?WpFR za%T_XLATT~_l!EQg-@=t_?kUm!g^k;y5|m={{S?0m(R@VLV8=&w1v~mmzA-VSjkdK zsA>xu_v%af^VsGyZb;0TDxg#2_+-gRQ9cy( z`Q^+X!m(rRzoc7AtSTgv-|stJD_zs|YI&nQ`=`qJa%g7F3UCNJ#qr;RpoCN16qQ^8 zcNT{&QCU3e;+YHo0D=1QHu21^8kW*eHpZ8<>5gW}kxQ^lp@S$hzhOHnL0i6MGP1l)R$O{04_LbX1b zte>H>wWD=!7*$zVJ&PcGQqW9HyfdhjDUzY(7@ayvOMeGTTI6E{=<~M@YQ%O zt668!{-=}mI}@YCdWntVSY-Ki6w|BbE=>7qbj(RMAp1t<(mgiOPiAyFbsChcDZ*oSQh)A}pu_W=RrRZ|zl32xPN)$s@N*n(G7~U?aHmFPB z&4eWVoYV4uf%>00QzX!tQ_>y6z0&sEnDQ!#IktHWdRL;D^gaFANj$Q#!WUWxVeaE zY;I{YY`{Dq6Z_v-%(ISLHadJ(TQs3TNM)dUS~eUbX^rxLG@XF_A~L`U8ds@8(HwyK zf~I*-5Mu(gT7d2AzoY`Pz?7@zNEfxYh;0ccgmd}Rsu?#TpvuKDAu_0?(MKTan6A(J zzgWw))9$Y&?k&98pJAn5-_3h9x0~ScPN4O3H|Mph4wApH;rg6Y)341ie-Y=~XzMKW zyK6+7-d=Byk=$5lww4jI*GiWO3RYjXclF2v>=&9 z^l}W!*;4LxOh_M$2(F~D7X1%lkb)9{!2bYjD_P*+Uh;3^WN1-I37A5NvF&JF;I5>4 zmJQ}>%(F9QVK}J6 zG@;UsT}PQ90>oS%BGnDajJjr@bJw%w1|@;~8ssc96QG$*GN(0Sl}VF18dPNzpdn!< z`b(tO z)JveCq?3OFsVqrcz#p?*qVaoDU9_ zg<$w)Jry*i6$v!bv;v}CN>?gUjmn8CQ7%a_Q+nP_9y8;?ZPEoVVNrvY7UZ77E*00>~+G z-WaA**cbf2IGiyY+5s(cValaZfVfHbfL=w_d(FcXwS+=vE?+yuESd4RD=WP~0!;sMhLduo8OFe`g^fVoN_ zI=C6BR(emIB1qK(YvA_w4~}S|Pb6A*F)oH;_UXCh`RWMW8QD zCIW&>g3uR1?ggcofz9A9O=J)m5n`|A`aopGtN?)9a(|pE$#Q!Npg^=v`7eXY6uYsB zE{hP5pg@4OEQ%Y3^@z$YQbH&b#7T5o5uGF*--ruh#ZxHx$@;)rp5P#97K1n~O$bUF z-^vlP_`QH`ZOlPzUgy+iK6qT8Y5?q@Y{JjXH~~oxJz`V93d}kDA@Hv(a0Q@pZRy@DM4=V{Q>6VN(CH*sx`T(}(8=Hv z$Pbi|_7KVBWyquimfzkUBY~aVvlwDmBFr`d9dJ0JW$h9=U|R!VHg}1}#DHAtJPskF zzzRe%cqKdmKmtd7p_b@%xm3_KIOZgD0EG}X-tZD4kU=EyVdJ>T>;ec=a(Ln-GFD5M zZ~zbtMFu1Q(DC31mn@e9zpP0)A#|ju7h)_R7zX9u0#J!1%Wi)-04XGm_kajM43^xz z-~fTgV*my0&;V1tj4X&?=EIm?1F(wR`^2}Am?6PD5C<&)Wsyh^e#Q~323Qrf;s)fZ zqK-vWwMwaym7zd|p<%%tn86y8r!2+c`S12KVbv`f!hCQGTo`|6Cx(rc9UAiLi<*OI=(3+zvj$zHRt1R5 zm5O0=EV>Hh>qee*{_oSgBL;%dTi z+%k17M5``LSzp>;(N!qTNj~d;>(ukFiP=h<(ac3Hy!jvY zglshYE2M4h((6ada_LGXC@3)r4&Kqx_2Nd-A6Wf5{SZ<_uY;va{{Z&3zy8da^8Wx5 zHuZn{WBHy7^oRcd)N}sqe*@_J&aF9H6dWfHoNfKZMxPs_LE+_{Vu$zR{v>=oGN_w^ z3AnM2k`Y)xMyVz2*TD#)qL8Gk=CdAc6}W?j#bmNnlJ^&QWSiVfVVk_So#`cD3dk9z zlzyw3SZbtKNS5>Hrxb*h0N^bI1nN%qaBR_wT8s9ItRCyJue!5tvab)UmNDjIV)$C{ zJjaL9RjypgQ>x^ylA=o9T}-mD%R%HH#5LL?a&w_3yqNT-*G7JLe}VdUQ(k5PDp9d4 zA7VKk@#Suw?DBY0#_W>HS5j3#u_9@e=hl3x90*xQ0VRm$Tb15qsd}ZUBz(>V$%tDI z7t)zUWTjG6XcJ1AE=$9$`7Nf@NY&Z`)d$y*hvAv;5s zCzC;&33*oi@97zKZ+2|-^_I;?I%75NZ64bYBqwME4fu(U;4*at>MRFxVVX>i=BGAi zthJGF^NHj5nq;NClFin$*a5s>Z)aZWYBbTAWvAWhRXv>;XVf=AGdSdvAW{-QdBH zN$yGBHysKq5m-j|*eYwL3k%3eIAT+qKgy}t&0>%!MKr8C!~&fMSyHCy7c&imlVAt~ zwG|;I@M2cCtu(OC>mX!==c&~d3am{%Jt~qW4K7st55UGH<@>WqC6>)TseLUuMm;%f z-Stza8EY@}#~j4)lub(HVAU#_F>?vj(v(SWr{@%D`lZ!-%5k3#OYu3%x{cM<8N#F4 zr}#7Rb0uU<(VsI-K3B`M!esiHrPQf`D3pNZa~7jyp&%6%8vq_Yh^uo((uAs2cuV^G ze2w;d^iqmilZ8_x4e8Nuq;T?n{!f$dH@>K! z^FPJ@hs-~ve3X1R;o(dlHd2890Q58Caipx?uY>##Q~D)_d_?5CLH=jw{TUho1T#lZ zBk2~hWhY5Xg9=p9pO>Vic=ar@ENW6O?jgT~qT%$=oAhU|$d-epBw6oXYQp;n^A>fqL&V*4_S=YtHPwG8=X@PowyEtIgA?Dv@PBn%ko^a zn%4YNr0A6Y0DCT}_Jntne-7Ukb?MDr3+O(Seswqn(bM;-3`9uJ&KD+DrIT{p6Rgm(LmUX!ES;pR>dfn=n}k;Rr~w5*?U+X7RG4Z*OS@3UR_;*5_Gir|G&ivbVIRp&swMesX-b z_b$k>Ic823C{|}W^Fjy;mxs$hU0l)JCBT-G`^zKH7>8G_;-3EihuU7fq~6P5RA#!h zQmYHgw8IOcm^4j9g*@5gpAu^Vr|cO%kgDIjw;|HOUJZoQ)>TWR!)Vt!Y{R7zr6tr) z`|%b@C_&0wBR@^i^$k|xQMIP!C)s{}M^>CCDddGquFjQcs;o*$7&Q{or3H>BOuA)< z-6LAKw()@~m23O7qwfCzGu!MvBHP3MAMk_~eP*JoT`a0G-KX2D$scoc4+6`n>0Sk! zuv`XB9ab%YQmVFSb*)M8!A!8VIq=f#5%Pu>w0XX#TBq&RAl_74{J&mL8}YY~HNA4Z zOFqA6Zk`o5?G(OT{{UPaVx%Di*k5uZT(@VLOMJJ;!5{#|;^?i4WE7+;c(Fxf$8F?s zYkEVaf*Z*gjpD?%6|yy&EL;@JkbI;y@61@ZD4WQoM23kdZG(n~Tngr}0s*m!D{msH zM7V%Xq$wv>n0W9;SP3disO=IROc!EYUI6N3`H!pt)WBFLSFPY3JOnrg+5&o*5>1Q) zCz1<5TAl*s!R-NRZv;C7-T~8i2Y3r2$V0$do528P^nkKFfY=fsEr~w!Ks> z9!YJ;58emCkp{vCm?zRJE{n(@FH1X;0@$~Z5C~%da(oDES_1gCD))fMgWOVH10pPj z@E50ru!{_Bx#9xYv0F%R53~i)VwD%T;vuf(spL>@M`(_wTM0ahY@-Zc2e>}47Orvv zklxV^WVS4+XbE5tJq@NDOi^P()5l_J48a#}iK&{8TFv;Lj2n0Can03J7EU_h+4r0Z@ zDd4Q7x7(PJlgJd88i}{3yh`Mecy$~1?G`72qWb_i^9XU*AYI8kM6O2>BsgQu#5mCv zNx4Wo#I2aZs@`8nWbyzE_xz$j3IgPtL#_sluvV~2fdlIjT8O_l;{X-S1T2Dmp`!Z| z1@4jP?+i+KD?Vgt4|4AS#8r!)L^60KZty9wXkyMtL)oAJ6oi%?kMe+yP^la>vUgmIGq|43z+*0S#mZA*_-Ux6_zHJAlNef=b(OXmA}W1%vrd2H zYkuy3%(#COWbUkQn)cr1Pv%@div14|>Lxo)nDgEvib|xPOsSO*GLE)ZnbMWYRzJbx zsnh6Ag`5+4*!la$J{;98HCnZ$9;i2!CAz_bK|xuH&P^s6L}$)gO3^6->In{iD9LUy z-cJbODtkIhGI%nu>{?EhP*%%27iHO%EbZa^Q&NsTIPN+zakl@us!Qd;qgQj?DdC9C*a&gz?t zprse+cX@lOqN;{YTI!w!FCD{?X>(?sH8lJ>CU5jHg(_|`>W8~8KR=2*qfqco_M2VY zX;mB~x9R>D@-+Vd5dQ!VH62Oljw_1v9;{{oB~qqO!DWB-jXDB>SL}!OyxkXJv5V}r zSXb;hv0o5nE;uVu{mTpRRr(*1~mQA&-i)&0KRBH?Z^B`_)srO-3H`& zM0C*lr|A7R)kZ%7#L~^oCDQ15(5xi5Ivh7<1wcxL&=y`oi_=%{cJzL{W`6tl}}DQLcpy) z2_b@s<@>$bJg2S7N0Cve(rt5+8KHqU`a#l3iH>G$2P|RpF-&g}l}#pCbxoYGkRu|EwOaD& zipgaQON+X`&XikzhmvRSirRUlcyCW+1u2SEUs8($-3dR;v~R5RAA72^J6$)yQh1%? z{{W?aXOiL=#x0n!1>$(_BQ~abl8Pl%iWm zV{;l!UO&8v$9SHPRa#!TH~H5bqR!br8_2jOBO+y8UIkP62-xB(8l`QmllfAgK9`ow(oAm}$<97NIAG z_DlNh>MB&@?xRsLGRpN3<;OnJGVX<|3{#iEpQ7|~rT(pu$xrqPe@NgPYHaxi^{0DL z{{U(JE&gZB{{W>&3ZTS(9#Qw&3{;|H$6s3N?5AZ!d=%%FU>+;9) zv-9$HPpp;Zp`4kc_htq$*G`r?e3&z3&!Ja`Ss`-BJCxYPIAN6|VU%YN@~(sr zFcX4^1F(Y$^GidgeZ_Y9HBgk{RQ z$4nOIL0Y|P`$1&2c>OjN{%w(P(@sG;u}Z*|)i3*|>6AaY=I)~qs5!jVdGzd5tsHlo z$)}e?Hg!suG%0gdr&5$%N>S&zKBhAx6&U#>W!u?YT+~$QMYj0_oIMhLLF%UVJ4P(-VJ722bw57GqFQ(s&q=peej==>!SMw1QeKKZitDhwiKaroZ#_TrlWe7X22Z3^?bCf#UsL_Iz#t>v1~$EJO$At1*znQ&=xKPRhU3nxB(1W0>tu23scD& zA*`7Z*c+GZOd)g_U@t<<;sVqx1<`qA{{V3Tkqv~}@5=}bh&_Nq7z~BDlP*IK&H~jX zfi&qlxPZDXIDiHudO%wi2DA5owLESG{H6lsEQ(8jU@lBj9lhaXTOGw(Tg?2zmc@#s z>QFDUz+D%)^(h1keIw^{?WMp0bUVd_ilPZ|00^MM-QknmXn>QXr1pjwMWMxuG&Dwt zt4SkQqeBcS026L42LX{vb}beb2u7DAAFMiS1EE%sr*2K5;yOsIrO%_7U`gav4btwy z(JPUKvWePA3(irhP%OiJVssycuhxwJS6KmeXy{{Scl zKsR2NhDe^^N=Z;8S{P>5HX#h-@Guj|ssxK~0V|RLcMWrM0R%R1lg}^#90Jb)A@+a( z01jFJ4-E?-BGfdNJlpVv6(S#*gam+rVn)$9WP?jB?-H883~X8_C;)A7$-FA$07woW zi$Kr{ScYhT0Spe21~NY=bg8%cMRg&R#A#&tE3Gmm)%8~zUy7iiUZRx^)5`)bBhs{q zIO)`vl034viZAqSX0;!!Ppj&^*Qut$vD`-nu0?7RvbkjFohgFS2xI7N8=u`)i;R~g z_nJS2yj?-MQgmwl-(k1Jx`mc%=x0{uOgPldN*bM1zq2Y=0czY1`Si}jm(=Ngv__H?q^=N^m9ryt6BuALN^iqe|d6Q!j<(CS>Yk{l0Tcxrbx@ysK$ zUS@5#jl3nJ!gji3TB#P-RF^NiH8Pf^Od&}mrof-hDy!7qTQrv!_j;6_O0#bzvk+DT z0xh&toD?c}J5PtsnB^X(W_&{d&NcI7CRQ4$v?`G>B}Q(vjfgL8R*iO{e{p3_Goc)| z_xK)r^oQaNU&A&KyRvxqu=dW}nr!{joW+nUr%J?W6uMJ2NvEtre`hp3ulG*YF}Ak4 zr*#DQen)5E{{W=TFI=~$POQ3WNi3(b&wM`TG*FZ%0*ixvLuh%>Qau)}rM2XGp!qp& zwr5<$)Bc^+W~`T(Yq0D_nx;qD>Zqzrsj}DN3+e}vZ(WY?P`37!dM1-zOy;#;4BK2& z=(&efWO?EEpy|(BsU_hb6`2>u!~#UA8Q(4?H293Mu<=j_hdm&0KxVb$GB&krvh7|M zc)i!i^XrcWYMK=NzKvJo32we!kGVfak4>;VkMQM)Qe-}((PsP_ZfU8iq{S#Cs#=g2 zDnrVhEV-94Bo_wUh~qWum{io0lIeKi`ZvS)9$DgR+w09y&hDQ@M3QUavF>=tLBXpf zuEkVyQhul+HIIy#`V8E4Y7+9Cf5eZ1S2N5@zp3InifOo?q;x&%F@AviLKK%mm8X)> z&Lx;d^t5$YiSkO)kKb0%H-eg#BM(z^hG0~*O4T@c%X=w8!`MYNB;~<_Qnc!DZ7Iye z*3(QvMW>_7{;-T%v3|x&(5rPyUU+Bd?N%~P5W^KtmCJCnsBVGI`;i`1?6Fm|%4yo- ztDIitQYy_X*?(Xnp%bODwVyJ5S}budlpRHx?SmO}WKE@da7{rrlQm2qurMUcRAi;U z0IO8fQn^!9q|7pch~X`3cY$DNVaIL)D&(%2GA7gbL@g~+l<#{8UBqygQ+fFo&Qhd( zu1v{7dS>Ya@^n}xcB88)lUO_@n*gnk)-mf^HM~tt)|*n6@!a0an=O81 z7X~mKTzNH)E;|}r-mqp#QWgQdzKM+c6|-i`PEX!6)92FD%UwlOxwo zPFRlS&MH%VFof^?=6kNFdZiOhEn$*|4`gs7r=bg4NzGGG8HK|DEf+-(mUb5Zw-RVgI0ZKTha=2hJMu(FS0xkGa% zO7(#L&lR}fsnai)ps>;iJG@3Pir#yf30%P>(#WWoge-!zrA!pY&)y@YOWtV4tws}l zQdw(*IOEk=MnuQ(s!DVzc!n7^RO!myDDc$ad%xusRJV<5nlf+dwEpySn!SW;{_;;~ zr}!U~g+3N0Q!Je>Ts^n#9`2>qx{s3X;hNI;zr@azy)#yseW6|qDbw3?XO$&TVi}VR z!|_ECO+ONmE_)I@ikK31;fenMeX6M`)2AuNl$-mRgvNHE#$~QOlgL{NEeoz)_D>RySvv)Dx`% zN+rrcFaG}k?jvV6mf9|@O)51X_Fv%7(aLlL&`Z*7;HJacJpDY$<_r#_`rkNuNSW zFF7|kUnJ&C`HRZRxlbewR$uuxzv^tHTT-RmXSf% zxu~NbH~248*|Prt!e>JMAM0szpT!Pjl{*_s1lmlOmumv%Ez1ubX<&ifh#$J87mj{< zrQQB%*{#2stYGr{-xm0j#q}j`qtfW2wsj=2_HB&%G~c0()X$0B?VfPI@((Rx^toFr zNO^Sl76yDYEhLlsRfK~uk--TEkaszDnk_nW_O%<7-!1+|$4Bs8g_PB6hU?aS<-&fE zdC$-6M>~aOO0h(YXCA9YA4&ITPx+<~;7;m{=}Mg~mhAR@E5X+_C@Z}}N|hfueP{4b z?(#P{9%aeYOPfJUi%*j_YbISrBTSXbCvdGGD?uC*75yTNRdZ63O?nM+q%SWTGNwqM7QP;o3uVye?Tl_s)M{8UVT;vdQ`r8{};OJ;L=r-ijm7N=-ow@_cMywlg6d}1OzO3yF(R?F=> zofBE`)r_4T9vw5oUeqJ3P-n)-##npRY)t5GFHo!rJwQu?b1@NH)D z_WuA-sZ!={Qp?@Eg&-g>EI-B|)VQ=`R?P`Tp28g^g4lYWq+bnF3cen)Py+t|!b zLt7RmAp~y_u(>Ww`j8|CVYcz}srK$zx>EXnuNDji01co4R2?t%iBANsMI@5&LQl<*+|L@14fSea&UAwf@-CH>;UQ^=$^ zbGQ%_+)$Lhr*1?#c_dY)&JCU&GQzTeT%OSDk=Fn>W6AV~Bn3xXdOQKa2nzEaARRoh z7qC2XBEm&c+{C6zVvy=1hT0r*yDcvJKM)Rt&^bInO4ynMGo9WYJb_y554%Gx*yvJO zTDyp3ut-VJ01+TUUHjSnpcx8T?Y9sUmy!_W;3R}Q`oIFLv3^LofC!aZ@Bm35k=g(t z8z0Ictbkz{00x)~?`Q$=P0RoXU`t*1fC2ytVcHoifD&~UJYFR%02O5xi2wlQqB>D2 zWD8MBm_$Tq?tC#;_6d*PakoQQ%0#36Dg{x)hcR03PRFSPa(mKr7pN(J&nB$ zYWj4XeXHs6$*{_Kw>9MaR!vr0tz4txq?B1mAe)UQ(N$}DRiM=TnW(?h^xOI}b!n{g zl(6z_^D&h>G*?exHPuW}?{yOx)bgn% zI*^V!o(!vtn`=a!X<wz-rWvNVbEgSD;B-r1G4E4B<2k`rvX=I7?wUoK$VrnJK1q%ey z$gxS<={7%valR#|PPNT7C6wd&pE3O{Sk<-Hp(e20cRt9OjbQnc51&bkkFiagB}i3l znQoN%NYteMc8*?jYg@(2o9bRn^Zg>Lj-^Sp#H0A17xfFFdF!WwUMGmimsf(;DE*5c z!=?$;bqVA4iLw>^DrI_ZW24jc8(YtE4-)=Yv;P1;iTVqmc&|#J{{RE@K62KOkbp{jt1jEHA3+{uqMX_0wBy_|%IW7O zY^64mK`G)Tq{e>o#F0%z=_{iW)|CP#1c`_~V5csAky|D)YEK4cBRxnV6ACI)P#JQA zs1DIwR^~k@ru>X43aaptJOMJ4s2Pdbd)+YjMe|X4OOo_gCS^?1g@qKYwW4AGDNlRC z#w#LwJSEmuhfQCJB9@&;#MJFDSgUb(Y@}ILE{5g7W-yZ?bj40WkvaTR;ic360DKhQ zMYnNjCG|{ds!5cq@akp{5TGmsn-Hy@FHJR+WmBsPzg28x;n}|xz>}bpK1lnDE`Ek9 zsclNC^(e2WQMh?qGf~zKy5#(oMN3y-HfrkU%37q+pm~*H&j1+B(ll#}nMyI>&G7#K zhHv#M)2B}zE0%oSpZevUx{EPV>#EH?2`5b@I><{sijL}!K(W!Std>&T_FW^wx^|Zp zB_65yz0HqCWzo;9tXkwtn6^Mm%6mB_yKTHvt97LmnTg^~x^bqHX>LDNtMHU~bX4_; zRPPX|p(_VS(#%_KAvD@GdZgsG6F|4F)TY+nXAv?~$&&%n7!CXVBXFXT)8Qh-ODHK) z*jnRn=@8yZ@slc4z<^!bWV|DbWm1F5pH3=jWK67;NikBX(W-RBr0GavZg|+mP1A&u zliirLYSN=pFq7U~BYlYAl+;y{aQrJ1HPaO(E1H>d+d_y3NWJYC)T_FXl&U2Zo;Ni1 z+Jvi7m1^r84C?;W~oM`RF?#(T*;VKbd(D&j%YppQv-`r zhsAy-yHbbyB>oTZKP;-GpVrDzBx#sHX!dF|%_HN>s(87Y^?!+Z1ryb!MjgDE(uZQ& zIqRdWlZZ)UGDOtOm#6|YB)D*Q4mOJ9`k>Nlp8dNE$!4$^Y6r+TVJo%v1%1P#8TmG;g)*1a)Q*{oTN{{<5{4D({ z6xu1}%MRfICC{LbJW}_YJ|nOH0E(BzpE3TF3R$b@?gLLENm}P-xiaM?DI~3CM9`Fg zE=l2|qVWA_M(w#gYSwF(%u}%7 z4#U%EM3fgyc0A)**L5v&cPQr z39=GTo?2DpSGsmTge;*MEa2&MpBQU;BzkS?d%jX#OYCKJRdqOpRLbhwmClwpd1+Ro1mVVzaAvRn5OY$#xLPO!CSByF+ztxvKWHBeG&Bl_VsnTd;*Os%7r` zm8lB34%UFB@M7W!Aq1p50__hS$AS7o@WPd=;oBt4nt}?l#r&QLB$Ly?gB#Y2egJwi93sT9HKL(GsBd<}8ZIOMS<1ZX(FVV5(AiAh2k3wkVXI z1yX=;H-}4dnMsQhRNh5VvmM^iVN|3mr($msljL5lh)5flo~9^-mn?aSSqz{X?qWr9 z@+1UxGC&z*fI68CgTOfr!$2}^5Lh$=<&a(hxg%Zsz*`rDNDC7bmr3`4wKkAc134d@ z1j89L2oei=z*v~7EFJ>Xz@YAXLd%lm^L8{O?6IWAAP z)4-%Qrsgh956Kvi70gHqv9e!d00>g$UZJ6rC2|ElyEUPQ5^cjnt_NHSZlZg{k|7F1 z`$MOZ)7t_ld9;W3dqXXmAYu|**xDUDmS-ZAokc^{q0`6+v2p}R>wz?o0(%H(k_B7< z`xte}V&D$Sa2Wc-fPp5!adQ%$2Tvj^N$>0hFfj2M7v`TxDo=~c~ zNfBb?WbgxK9j^{Dc@|<6Q)1V5fMoE>)`oST!-xkJh&KlOKmw^HiHjElbFly=)#(6m z4gyZiczmISQb;94#EhR}IMV)&0Aq1A3wppY335_5XaG`zAOVsK>hAy%Pq^&>5L^T4 zcmR*3H{#I`bOC#`M*sjrCjIv?q<12LOR)EN1CWaVJs>3$=>PzbL2LU&u0T?fo#Dob zTF7_?TLc178X@pUnety#=7H3lTq!pd(+DGo^gTEK00j?$;a(wG*Q@^kd72^sDN=)i zuQ2cH8M#?Cb5WF9I=;8kqHcT(2uf8m52jMQpD{AhBOgqE?B6%|ny(JZQq!d0X-LfK zc2mG|w^e4~IckK`$xPZ~CP`kasR&l&@=5$+yDIgo+51Y8&pCeqtgdQS(&bjC_Kikt zqO8JmHEk9vPvKNcoUaiCixPj^7gKPZBDxlqECf6 z3mc`uaCjia746l;dSvip>Y7zOR@Nb#-8;#Q8qnw_3&KtC}yjjcQS_Hy=jt1FJAwtpWZ4#UPCA@G%T4O*X67S3`10O220{)rsJ)w-^m z=bVYwT6&>~;8}v2T%Whns!d#^846CBnt)P(@a$Cf*tBy#AdS3kY0iw68hdu+ujvu_9m1RguaifgKyXPjyJbvJ!ZaO0_dC(9WZsrm1u zxUE|9Ha+%gY3fodaOu?Pok>-8B5Z|%g%-20Q*t9VrkQDZMk=b^aMQzI27TqJcy`BI zwu7%9c_oQ0n%lAJRamz|x`pu5nX|<%M8a?^=_a<2Rnkz@E5ivhke?QwQj4K0NmisK zz$11dH5t|Hb&3}L(awy#{ISHo9ht#9U4KULjlGWB|piIRQ z?Q%`a?Hy#ZgVm)H^vv-HOZi66%v9DzQF#p6ODdHx62fX<(&8(q{{V8yaa|AK{{RE@ zZcOANoQc%Rm=cfz!4E9yu#Yd2%-_WFeun0{UvesfWfdhpBQkWQqNB>vmg-3tWBEj? zk(}DY*q?0*wH-V>uT6{-HFMCjEhkK*YnbE*5B|gWME5d!V-}O{VJj3g)ks|`TU!+r z3n;PQ=?~CYsi~|pCRId}P2;L!kvTO1GSZUiP;k%MD4bLtN~$Lp#@I4(B&vN~M7&uD zr<#cgT(ruWWq|v4g;L7&G3d1ju8q)URD{T)q{U=-GE{uCh-Vr}az@b^K$c}GLFM@Z zWn|hpw^^x{iJDU}YV#D3!|4`AIgZ7!f|P%izQzV4E`<~l#RXQmlWw4!s1%!|+x^-t zr5DwPWzce!N7S&9h>E2dN($0cmHCj@YajN-?mZ?=&BCB2?u8Frbv{ zZY>E~jVh8^X*RehHEBYE&ib7_fX zsvHVUZ7po%n)*yaT!c$fwIN~r%)q|P<)aDSI`Pdu8K+v6#oDJTap{E9d3ev_Z0o79 z3Dh{%WUN9~4=B%9Ix>p%nF5eHCmzXfs<*5}E^%XSp zmG&PIN~4@6AZkH6Nlmp4h~UN@t;BC6rlQvP-D8Gno#*<(#&c0|w9>F0_Vlz|Vz{9aSPlEM0(7926o7WU zj5JE81d03xL5?Lt&y8t^24?(w~X{S+9 zNhEz?p!ixg^kZvhOQtK!@qgyou%Cx?_op&}#j0fH3{W5Vg%r>8St{)^U>~$Ec16F6 zF3ruvb02a)dpgx;rRfW*v+Jql*?y*WK+0WF_?qet6_zQeYR(+G*-|IYq@z)!!sIDq zQp!*QQUYAHpS|8OZf@-~iZiIUlvBcQ4ZLmZznWVfb>q*Zi0E2nO46#c74E?_oAgVT zdRNB3!`Do{9do7ukh*(UT{^LN7^uc3)=t!^vrNS$DhU=tr7pvU-sUvkAJwk)niVVD zVI?dqZG^v1HhE{!{<*Dqy4tPHw za{y3qN>m&;z5B-LRHIfsRHUT5(cfx1b<1#;ONY@w8KEaJN5(ALw)P9KNOtEgQpL_{4baJK9&{4{f zCQ1S%$drJDOGvOt0>A*)5#`aBR%F|4@1H+bd3>6aa(uFKr&jTFc`>B&6qX_TMX}u! zHiAx~SaTMo*rH8t62U~9f;NZ2Or)|1bg)q=O>`=A-s|T00FD@USn^;mivsuhL^p!y?8p#AA#_@J6z>6Q0R)%yFc}eP zqAy^37z~)TflcoLbaw;>L>k~#0?pjOTDTD07z?8CDsBjXwF&`a>j83kLaaQ)>j7eG zATbT#wLaiBzpNS9wKPrGh=$WHhX>T8IJl3TPq(tg(C)*FL#8}rC`wYI=W!M$ST2$P z3OvMt3Q_^@0^|zHTn11vVCm#lpf=GtXl$_*7_b{djw+ltXYCTXC2}J509f;34mcQs z=~PZyCoKqd6plMZi;=`qRj8l9v^eX5NCXha-X}ODQqIG6ygFp2D!^jgCf@MtfyBGS zlbi~@AUF=g^M{MrWsy|DdP(8Oyh$Rc07j8_?*im#gF#7fc-kz;!1obQnoEaQj<1&fxuKmivQ?RWr=Lyy7$0?LAj8$bw%FJgV50Gp)y{{Tn>xJVA; zv_=yEC*=_hU;=NvC=vX?dO!dd0pI|e2M{hmtdp^e30cWnfnrF2wP0kvfPWZ=z>gVc z$o)?ReM!aElm7rNnap|?n~&I`@H{_Vj&+*v`%Kd;vOrN{{Ki_{n*N`4wsw7NzJ5V_ z{;#C`JS0Xon%r&PeA&9EHTFol@^0_iyNb%_s6s`XNvzHj!bCT2Y{{XaC zrlitZ-_bAZBQzeHx!d9a!74RDo8(*#rk~IETsICGc=m6kB1{w zc2Dy;+~Ji)7JIGA8G1y?%9mKVRI*cbCVmWj5ms?k*^w%eO43f|JjHL5&iWt_EA zloVw#3j~cTu>@J8F(t{frPATlyP2~_1%psg%&tWGiPdryHDM$r5`4rZJ=EYiHi9m5 zn^9XMT~hAit@Pnb3Nidj@w`4=B#I11oOY;KlDa?MCVSdqdVlzu1^@c@XA~|Wd1ii^7dpwANbMm*`fGde~UiPcigtEQov zxisu*Crg$}WrML%W)V}JIJFkmUmm6fO7tm7Mp8+>H{`^vtW2r&=`#TFCm;rY-Vn2k zbfjd)9aNm6Ne58hD7Qjj(_O<;Y%8^X6q!Yq65^-vC zJz}<$&rX1cng@{azj(*?TbT2;cuo%kOT;G$G?OOI`$8ClNid5Bx{M11ojbq zNi07z9%VqEILwe2ASz%|C9CeR3_W7V$EG+kBTd2>miQ%YMFQz*{=-Q!MBOS2Q9G-+ zXeg?Yo6iK%g=o%7Z!5RJ*DkS0K@|xKUbmQ`XC!`6m5!!oDp7CT;PM}dTFFME2|`vJ zOPjg5xQ@reRNqBLdKZD|O+vGNhXs~~R;sD1R%681C&R;6WsR;hVPj8(olS|ku>#KMi(rMKBlxymZ`G8 zXo3fq%;O;f2?>&0UozR$SDpiU>7aYHE9iR)TdGHq1VFaaTn zZ=j61PK}&af6UCQD_t^@mNDqLI?St;uv|WQpO4F#T2(+MQc0!SVwRUlJll5OHMcjn z6=?q9<9_}}J*euH>)WSp`V*ELYm7bd@$)lRhvT%FI}V*wilKC&Qxi`{g?XitZl+-F zdHO=rm9xL7qP^^H_v~Y;w$-&t$}wtKS(lzTIb8Qwgz3a)W$Ze26(OWni4_Y9P*;R? z7Z$pl#>&nY9S~KTa!-}zosESmS25C@ZYHNZJ=V*<56X!Zfpw~y9rf9c@#}P3={``p zhx<(MyT8QUr$p&OVN-=L-|&o?CY}sA#ixKJ8d#I;A##e;TRZ;%hc1KC_47Gb<@`@I zOu{Iz{4I4;Y9!Kl(-yr+N+qNfC7i2!?duwiXI7SxZyJ$@RGY>g+kB5d`a$uPKLuG+ zttxJ#sPK|E*d+(U&qTV1gXMY^uc$e(c-=gsS5quX!!W6aa#B2lSK4MI-HFf&LEp-C z^Omuy(3GT=I#_!q`kMQ(_?kLZ{8i$;Hl@uGsjsg5=A6`EIw<1MOIO2Dd8xr*hg zClBnw>BU;qkmrL$L#g^J#8WU9|@5|0x{m)}E$G}=u ztzX)8DSp*omnr>R`bUPmx|8`FMj@H8>|Ylc_9>3mRaZKH&uVH{GHKE+=TRoycH%Rs z)1^iZ5sFFnNnq+NsZz1pic$XR>BqwuG3%=8u?pF^g>`J&iSy>FWckyk6|Q2<%9NvW zPje9%LY#VFl3qwIt5&#{X4`&mf4rqi(rj7p_(Yg8SPDr{ZCt}Nk&m6orvS0%c8E(N zzDg%~(o$5wf(Y(AA4nR(RH?#J>S;Dss)0_8T>6NZ$ElS`Hg!E7>Aq|0PI;urxmJ*_ zbn~vFp+oj`vPaJ~XRsV@O96EVruORJPqvkMuVwbP|d_OgCJ`k-C&zlk5i3S;^dM=6KG_R=KS}IQto5QL3gvnl*(CT ziwaz@fItqeVepD&Ex-s@%wkI0z@!7bJ`xeXA#MR2aS|_604|^o&=H)H%t?TZpfi#n z45C08Kv5t#fSjP%zyz=m6PAd6VmRUf;@Kc9CeRF-H-NP@f-rIK0P%Pg)urz67R9lc zKdV4p)K4fkJHS~Nuod#aSr#M(nPlbQE{j+p(&WAE0eoJ>akIc!n*bgA+5;ji3J?7v zFqv{}gsF%4LKjDYZ@CZ`DPa(T)({s)TY!K_1_L4waY*g7222>Fo;yHa2C@>|z+9h^ zTEGqy0di$z5n>=Li)19Y{NOE3p;ig}Azn+OzyK}z#O%ux71YP_v=108OdxLxWJT5iDXY)CM} zh_t26yF{))Rw_4FuISl?(PDh{3X@S{4p978>gN%|(s1S{fYb&0*qSn_r2S)H=f};y!69 zcE;rm{{V9%y@L_S?DAHu)$5pI}z&f(?V3L$Ept~l+tI_ zKcSB>B|Ub{*=VgP`({^{Jph+;Dy0MYO+Sor{x72?Z%(4@@%FFsJjdxi-BhrlF6vnP z{{SQOa*=fu)dISPdgV+)^(9GLG;mT-t4YR7DV{$?HHj~m$FcM0R=SDOtl!ogeK|rgJT{Qp#0a^fC0d8X|#@AA^wvA0beNkyYXD&Tde2=xf zDWmv;$HR8Ij*)QYrv&9nd&Rc5!+U-ME8#N{!FoN5b+;^aKL^LKoH>3aIm5LPSxu=S zN-ud+66NKPNGT!W<>H!EZzGxlin`NtJn!RFIajH88UEe5|J~`pw4d2J4I52u<%hj zbA4SeEZ8R*!lfF-PN$Y-PN&l{b6pBZa8muxXuzp$R!uZuRkgaBhWtJZELcdWrjd#o z)Xe)-fiuH*QV0yk@r$TVQEoWk$+C0nboz0Ryu_C}jNwyE!ztx)DS{nSCxcVsiv}B7%4|^ zrl6@Q-7Kd|sqevvblV%*q)C(H{gz!jEfW_#C{)|%B&&|b5k^px$yOyAl9xMi+{eY~ zs<66)NmR7WDQ8$N{;`ossjT43wVW$QsyiMl@j97`tHTv7inL5%-qG6lZF`eFGr;)h zs-L0f8D}#i0IIC4pNEQ-O~cnBOQ;VDVcB;FXy091PU109mN4>m8kLOiDbs`{(}^bi zSCLHodZv9MX_r?p%5bAAUzb}prta2>R`la8tZ(Ktbm}mx?NnD+nWW5liw(i)<>FP? zr8Ok9%u0Mpslh2xSCl6El6Z-dYA*=MacVDPyXjcQN9zi#6D(8WOH~q)Hg!_QibR+F zpncEyMza3^+0Ug)Zaenwa^4_xDn^WIRd8KPWuJS~ZVajvpi)sysj3qK3WT{TRgjSV zwu`zWDeyg2inTgphlRPBLqsZt83MF^~LH(O2&aM6b02tO*vY$%!+bo>@)}2|xn!0$3mUEtbj671V znwtTnuT63%PMI-sg&K<~2p1|Na2&=}H05o?KRtJScM zZX+LdJhtB1UU*yM(D`~vRH-!;?{9F zVquy45_}?2;^_IBUi{TrKi?4D$7{_;%);|8{-g0re zDiUZiJ`}1XEa?-{vbu!>#aB{S%KYs3gUYtdIzg(XVU--Iql-;(G4`QG3 zb2tA0S8tXNnf^XHBa|w$R$j&W%hW1dxr9++>zE{?_V|Tr=1hMIOoZHdW!_@Ep~mJn zx<;!~q#SKym(`9v-aPpE8?OR*kHwmGwbdOygRNS#Teq}Q&Rm!L(dC>T zZbkTP%A+aa6A%$mikX3Uop1!PnLF-(buQcyv~(1-+Se0RZsg@JF3aS4Mw8$Qx0U0l zc#gmA6?yi1s&V`?@<~57k1bV9+NG|hrgG*^nJ}ti)~6~a67_JgYB)pPaB)cOfN{yUxw`j4ZVb3j>CTd3Ty(LZ|@mj?u{{ZjIRMzG+_Q}@e z-kso7@}%S4SIr-(F!|C1>RNhPVxqFK8;ufy8UbXYZmdKv{foY+4CGB`#|iq$3j&JCe?WoA6AHxtI|G=ZSYygu zj1}kGaSoOlQ+X$e=@MhPWe}~yG&XAfiMr1y<$l!P#_4fbSX&OlLlEiVys_xwV~GoCL+Ki-W_0d$f^Oow|I54995*c zQjufY9B7C^QZKu}FrX+Mq0=RD1prD^{P1DoGIfn15~SO_NXt1C0v`U*3`f{N1W(H501CD+0I48ZN7>*2 z1}k_8!yEwC5D+Q?f`jb}kT9_zzj#;31^^@gLvUaL2qSS0urx~MZV2xZItaQ8-U1TC zK0nVZQo4nUYD=is%)f6j5$Ki)e#Z}i<65L!)av|Mg0f0TDcIb`OOEC;fC5IR)p8qn zI!X3yl=EiM)XS@qtt&!;kgmiV7#hMBbUmdhLHAfUQnO8FH=iYE48c;5v`nm*Hl}j~ zrNV(FhY>_+MwJOd9;OWJV{fKT-jeLjwRQMp--(1`IDLG&ihtL#)hc|2x)uvudR{PT zMoUS3OMEj{sLq##++?uv`J7IBN@eGqSqVF06I%ZO#A7ERKr1wgN(tSi*My+dk^;38e!DP?N zJ}&45A6~Ip>I|CcRMYW{T5zn_B@*#Ud5C+a!ALtLMJx%s*l;5vwvlV7T+^>rd(hzRue>*9sp=Fj zD=&JJ%zv*!+_BRP$(t0Ks<*?bOA$754z&)+Nx$Q0%&&7!lWA_vjm`8e+l)7F>^+Yq zWh@gXIo+_(CO4NHcJBT(h^4sxueifD|8#Z5K*8M$4sVB{M2# zEG06Da*|Rwgz3Rzgcjyz8&y;OPUx8;QmKsa7F*5~Ro*F_a`Ir@Q>N~=Z#elI3VMlY zn>gT0O!|@QPp`MC*dP&L^Q&am{b8MZ9F*b*c z0Qo=$zp6#=!E|cYgrwxX)#b^r#3xkH*Dji|15<>J0f4k-Qi_~T_yX=4P&XW>F{P7c?f_$iLnmk>H5!SLAs-!W0|g(WFAmVcFboxTYT;8upH4d*<e$u;9o_h`qqD*hLiSPEmrV^?i9UY1-ADDiNZw58~?Oteo{6s?`bAp(>gXu$hxL z24Nc#PVuyE9B2=d@+9th!GtGW7J{sp| z?yA&doi0@+Eqv6|CVm$&q{yD7NR~>{t&qF11(JJ%zGsH@dD_~0JDkcncznrj{?hAP zDwlN?ILnrKP9^a3iDb&18Rr(8f}%hlYdEZtF8!skI}c zyu#}FfFsr8pVswi6s;vf)pbjZN9;aw`ds=%({A)C_Ef8TN|V{)<$CYI_3c+tFw6`8 z00;Ez4-%#eD-^4i6)>ORL9#~oE>B>>Icj=k#n-=iEx(pLeBXbO@`Pw8LlEc8{MY>@ zJx-fl@k3Kcx$|l#QQ)+aswPZctxHz9h5LDCCOr#6p$Zy$ib+K`guWO)q52`x{hx(h zX@B=7-hBF27v6Zj5uIe#Rm!8AM>I^Bpp+S9{eg|zX>fWqYgZh!&Z!6}Whsh>XoR;l za*HiW$YPVe@Xvy&t&0)!2&~4E!D=sJVzy&WInGBCk`<{Tk0*DCTNJ8MkJUpkvkqP- z2uVj^IJkvrlu8IKv%9n@OQw3Sz~)<>jQmYtHPR)8OT($^>Zd6|^noQ(!T$iQF)^d@ zC3izdsr{@+@6Y6N{xXxHp|+kf@$x?Rnt+t3AXtVDBh7bmZ1QSrrC}7MBo;R93`FFY zBMZfmSw<|SxXuX;+AfOAD4W3PQ#4waV;*zB=`IKz;jqdan+p;{DZY^9a+Vnd!^12X zvXW>8Ko%w#smT*sVbZ{zNKz8kF(Nia5KD*%$`re>EdX^Q0w4~eUEk6Ia>L96CI&i4 zlgS)@FcO{sZ?V|k0n^G11&bVzkPARqn59-OZVUyH*n?3A z(gMiKaa@q(!GhSef)^lwC5bHoYI_6jj^lU-ToZT;qQGugz+V*z*cq76gJwBzwSL7lITXU@nIO=@$?g5n$57%i8VZ<_HCy*42kq(~4tAe$I`@0)MCz3^& z0UpLDfX)Oht9}|RL#BjKaONj0ex@N~#5lqi<{BiYxU&!&Q-kdeo(B|v4+SP~e4v@q#`VV%1~rbwm0e*NLo0<{9Ceh6r>79e?onBCw3Ens^dVUygH z*sf2sFyJ;0`)_y#h=2ibIg17&gM#Gk&k-w4pI|v;(ctH;GRH+zJ5SxrZ4xA!j5&IT%0yU@hJNAujHCfCaM!Gmu~#1ON3W}kkG)m@h(8I0+VJMgH1K^D1pB`sfgy+0jWrz9v z&_{nUk43TC(jNqQ9;YAol}ve<1gH&GBeZ2Ag#spUd#2;GNn~NT>PS!m*4P+^vQI-Q zT8JcUM&+U~N3%A)KA5?A?+PeYg>?W4KTYr`MH{^Rt6Gi4c74_QPKiJFL7I9GkPk2kfw zlzrLoeDPMzbvGVS@(0GBOf$|q)a(+s0n6($tFW^wqPBFvnNk%lVv8v5`d6?7$8n)t zTE>+}DQ=%16YC$KT~37`4p+CX@hDVnFErQdgG-URJ%Z(FXs^WDy16C%d8l-w`>8vB zILobdI*$?A9>sO2R=L_MrFk7`lJf%3pkdA93G!>UM(%`v^Dhu<16LqidJ_~$;^rvA zxc>mg)A^cYta$QNq5hR6w&X?i6Lg=z%S)<^z6|;-Pm*LVbzG8Er39pZD^i0|Z+F3L?p(a3U(q!lnDv%^$W;T*PS zPOU01>YFc8Bub{2FjOj4QfG-%>C|lC{N1A-3omXAOt)3xW-oNhr&gwYT*TGW2_jsU z2@VQ@HvHkb5-W@nkGlGqWkkuVpu?##3L>dGw2QjP(oX!hq$FX9JaSb|F@;G=65Q2d zYCx}<_9^OAq^*)xZbJr)`)Icf&8@Co71XfI70y@4<8mU_o=nvg%BpIC52?%D;81Cn zLZ0W4{7F_U)nR2sT3pfjraI3Kq?JR^JQYtK*W`JEs;&XtrqR+gcbx&7I!=@lbrbU> za{`32B8yJ}mxWZ-%PFOjR3^*_3JGwP8?(i8ojOb2d-(}c>Wvrgyfdb!!mzHE;}tZS zrcdiNrhq9DFsb0_n4sVlHtFZqFg>+xN|*aTyS^SydUuyP{j!y!=v`RMyQS&m`xeW` zYOyRThFsd?He9)9Opw4!48#%z%NTV+F>StB^0TK#y-Y_L@8)f?#bkvi5ulWb>z_WE zB9@k!F2&rEt_Kl|cLvmYb~SpHDJWBWB%8~BayAuplK#gp5}8veG}RT!{{X@ACVtgR z0f`~Ev{jea)6>71iAo7p_DV0QMf=Z!iMWk6slrT!Q%PLFsdA?)&GL=mp$YWiyqOee z)WmZ7pPDeyi2k>piX16R`$7<{Wk7_ad;b8t#j}f}4ylViYnroQPLpBj6-H{L)(i{U%B7_6xQqM`B%ZRVbBR{qzu_DHQSyDoEL~3?Z}B@0 zpizY9x%Giedk^Y~$-M@iMwKC2v*AJ(;fRr7l?O23wVuGu{OzrbL!h zl@&DVb+y+nX!9ZYO~;{(n`(8eXV*qpZ?|Xh?epZy)OA~}LZ3w2!ROsF!l(Qw;knZ> zHgD=jR5L|YeCkSB7=0X>i8AF;nTsn@CCfIK zX-NgQaOB2y?X|U~3UsMOB-?(k)toQVW|QIX3+S{oy9#TrTe&^t@$32|kE5w&c#G96 zd5+9uUgd}$AfTL2$`6UG-!nXXNoPEN#qni+y{MB;r+1eq_(&t@hx*5FWR*KeN7MYz zvOFDW{;lwpr53RI6Mq?d-!Qlb*T@eoupR9kS}&kz;#zT%P` zf^EDUqPZf*c&w%KgWbPJu6@Y4Q>^py{%4~It;gui9ubHtVrI+-y@ z1UKR$#TJH>$e^-WAiKk)V@_L*c)BSRPJUwsBzeA(Y*%(;$>eaR5415vr1&6Ofp>;T zsmLK@Cw^jZk&f7a)m-T=!a z1ExmO2#g}=y~xfl2>C8gatj?Jv<5_8K{41jcnhG~6_}s#fW9o2HieOs7AE2O zfim>=6o5R<5cx6_5xI$P92O?TP`jT00E|ZYEsFsF*u>)~wj_wlWwCn*yAu#PWKbWB z1<+^JZK};5Hz$+sE}(&82;*pxgi-@I;6ta8)5%yt8}cG~Bvn|DIEGBIF;>=N7DRON zR3`nX-xG^c<1k%Nx9I&jXa7$Vpa99N)HuVt6;ed(*Nk|QQ!;YRvq=XAYE#5{? zaRLEht9_xJ?JU zpEowP(IciJ(#1;x+`uwo+_snBcZ&%TOj1~L0V|PS;GLUz253@s0D)t{hfgC#?U4s| z_Z{L#4=(@^hx}jx74twk;2>&%hp-vc-mnTXMw6xh0(K7zAQ%WxBme?MoNoXCrQD7n z4B?7Hhj?`II(ZRWY3yP~OC&dxeV}|1#E*`1iuLDwRl|Ru&A}r zr}1RchwmlvH0EF^AYHCZWOB^K6@e76t20{nfvgbYgI$QKY9~pXC3;kq0u(n(7jY2c zrxutxYOEX|4E;vv)_EOE=?-4bsGJt8LkN($${bD!379^M3j8C;?r6Jfxzc@``wyM9 zD_3iOQj=K2W}mNFSmRkDZXr+RorbH&2^*;dX;}OV{UbL_xKwVEd`oZ8^iQJgWoer7 zrBUJ)Q;*MPzVwmdYNYVe4u&1Tj;YPF>Het{%#xInq=p)z9I`8In>sHxNyHRGf1bzz z{ZeA7JY2;Xb^ieI^w*;_vJ)<3*(P9NtP*=(GUnT*EO{C0-GfWW`UaB}K#*$aCQ8<{ z0u+47S{Ph<$0F%Vuii(W%7mPhX0|C@*>qoLtE8$*rpwe+fGsWl=^VweU1`Owiy=?i zsYX%4E18bf%$quVnTAK&P!T#@nXLrx(j0zKm2U+aX(nuKAfaxOdG#vu^sLa+I>YGs0LlGBW-dM}$yJl~%gS zne&pBVe(UOhI6;KJ>e&DI<;DB5yvJx@2gb2sTP!ClYLLj#KtP{+&dVo27O)(R8uaV znv4}L?Wid6+{7qKbQV4DP)fCHC_SpKTYr(Hz%h(gT$yN@MI|YfR!t>lx0yX5M&x%f zbEQr1lRew1)Niv}uPu$GP9a-gJ#(wn>rwM+-J5N@LP8OW#6p!CRA8eH4$~KS$_ zK07jx!4(E(xyk|70ppbb2N9{fsGZ!Yr0LPoAsCYnXZ(5=FV+%H5Vh;7}%A{D8{P_mH60=$FKXmTLqPZ zsXm?0X6a`{unOLt%de=Smr01?lT}qZqFkUBw*e?C{qv6Ug^$Pd zK2Z8mxTUQ4fvCUuYo~8Bkn6Q>C(v$|W*qU2$p{!u6H!wlXu2k;C?x}#Bn;XiIdklbormOnzt%aiE^X(yT^Y? zbj2g=)}cy@gmy_`dM@8_>sW0hj6RM<6q_Xo2_wI9ed8f5jWt%>%#``IO9!!t>M^8| zY`01nZxHt>mg5EKBg^hPLP)Ml2;1O!OBTkdm5L7vnu1)=iMWkq&kjl!Lxk$(O?@C0 z9s!D{R-HU&m%{G<0I$H;Tvm-eyZIYmv1Iv}1}#m5($B7)M@K4roMLj7C~7n1p+OSA zbcK-XbLb+MD(bv5j6TM?H7dHXlY4m_+^09)xM;~XD|M59FASMSf>P9{2{S1wsisV; zubEA#Az@2O5*FS@Ao`tN(Ojh#`Q3IEz1gPuyoI6hhGR-NkwsMMs#Qy`!{;hg=@UfB zGi9qvkf1>d1Z+X(A*jtb$z=&RLajGWYbl?hp9wz@l)n&NFhu-LsUPJQ5R}v7(rgOV zeG|YNCSU~i3QETT{MT30f7SPmMSHT{exD=4d`qLtM$}r0{oJ>Y=z1jCdI|T9YKvxu zQ%)jku`RKNOLG!$2yIqohry32d4(3+n6fJfp~-}Y4Gxh+q(fp)q%lmTxjtYItOYWX z!3%q_KhTOn3c0qu#Y#{@K z5}pep_X==_Jt7MfvJy(ggazs3QV1+yE=+(rfIPri88UF@0{FZDoBbd% zBFNg9z+D*-jXq~EkCP!X0OwbvL401}fVwP2CCZEPEdhFX6brmVSu!HUNdd|22xLL* z1$kcY0g(riz924K0ktQ1m9b=Y5#f``Y-O-FFsZTAj#8wk3yt@@Sr!0NNoPKw z!{rXR6++rlHa9UOh_Ik+3q!64Phc<}Qa3jdB#@(95o@snhzCqk2CXH`I^d8HRKzCW zZ4yAFf-ZO1_lpKk0_ZHHo4TDK1#pX*+j-GRoJpfxqPz zEEdF43wyvmNK#NpfyI~6)k~+SOzN6(JvZ?stwaS6 zLN+juuNXyAgwpp}vQ7mr6hfzEwW@mpS4v0iQS|%6)P50UYh!Ag3afN&P{h|dLd3+9 zg#+e$6rbr9G@k|djH8ZF(w8==Kq_vfEnaO(a`6&fG0N;$SEiL0B)CS~s(EgMCFX;J z;kC=1DKb!?XC;&gO~ts1EbC6aE~%}|4Jzt)^qktp=R2Gx>ZzmCzt|->`WVTik~VaH zyuK!+g%uNL9pfc5jMT7(2~kFk+;@e1iqTZ*C?FNfNn-a9k`<@e`y2FV^+I+plku*T z;)_X}h17ks34E*d!dJBeG@jYw?P>*Rdto-%y=nVG6E6{M*G zVO)hBl_-)@efU1n*jZdFt7Sg@&#!zjt<%?Zns*8N&0+dKBcG{4P!tp_V<_mB=4B+M zjFE_`2~h&JLXMHJWefgMT$=r+EW@uTtwx@Fna<5p(`wH%`|sn*Y^4;`&Jz+oMK>Sr@ai#fSu&v-a#>3Z@-K<0?KcS<5+;j%Bc<^CaHe_} zf+_z1#`zpxOsK>aClyW?m?<#jD+^j?uBizoYEJUgt73gG8=K`#!YWa3bAPQ;r~96| zZhrd4GllB#ZYVPi4i1_OPb}f9Ns))>TI%nqWB>>R@ZQl&r73%|*%%VBt8%JRxR=(J zRy!nVa}Fm^tUhGfvnEWKMzWv=jZPd!MG9+VjisFkMyiBX65H49Ha!wuMEZTe_qm0kRaMK1!a-wo`&BhKrlSz%9-^vN6Gumj;(96Q>BOlt(o=Fd zEy?vU5V55S(wtW8(rPzaKZoT~;=Hjby!pSglY`9J_PY~Ul}Mkn$z}-zl`GVq-jT4U zZwT(sCD(jwd8uZVzqt>+oZU>(Eh zf=Z2UmnN;+^_TdWt4l5XPIQn_r712?A~qdGGd3ANC{*V>)k%R<6*Sq8Jzu*l2T^`3 zSCau)_ExlXeA5r1*DdbC+Nlze4mV^YQ2}=Zk7!PRT zC6|`@K0>&uI`ySee7BZ-)B0EQr39{lQ}lLxl&*GYtN#EvbN!t>hL}yeufiVMqowd| ztxA{fbZG<>`@mGw$gTp1Vr|+M zMRGbED-fo`@GQSqib(rKB{n@#I%O)xw9H5nHH{|4#~T>Noj++Qbi7L&GeK~Ztnl|X z)vKhLNtknG1`criBNn5VBMTFfnPPIqM70quAlw8YM4g4MHi}=gPMjq!sV-SfJkGL; zIcW)&goCNC896q6I7D8#h%yZ2nR>Mudd`x2v`Xh9%LtB{V3JrQJD8T+dl>U;AUbBI z%v_j^G$UypA42-aj(k6LQj4fqXNx+C#Efc&T9{Q*D2-`uRGTR$g(PrG;c6CC@9kYT zv*kZu>yt^Y=`?kl3DTF=<}b;gr5H{tg66CSk2B@!^i|N}6sW19sg&h2r7a+(L$ia; z`^THgGlbk^w_87n^ZjU6wW}&sRwSMu$NKpSw6`0Wo|77HJP|f`hDgMl!`vt!Zx0fQ zNQF-7c4%U$J%Ht%;3$;02rAepeFOzVBo@3fXok>9dl+owOt3fs;0&@jAe6uayMfzy z03d_31g=Q{OS;l8}Gd0cvXkk_F5Kkz|0e zGB9^&3nKCd&9?cGGtO5>T$O) z$>4PGR;037i0=L2#};4&YKBY!q=V%@j5hEuEcq0~3HiBANIZd3N%b#lY); z79V&95CF3i<+1+&WHeaulLAs27-sTKUV~@>38Vz}zR(Ta1hadsa zA0W9tJkFBUD?MWgnJq~u#OH+t1|!a6(d{w&B|Lc^adMivo_ycpYSsHg;v-UkH`143 z>lp}D6v&_(QDTy9c%G5t2FQhl5RxyujiMX}RPu{yswU9R6*SY-g`rNBB(Vq5A;n2z zNJ-F))*3eJ%=9?w6E8H=scUOiNB~V9s(UZ%e^^*koIa!Z6-LrnYOj+v1HT zzoji(O`RV6uZsP9pQe1V@-IrL)cTypO`;)OyCs!sqsSxO_9xzK{G#{;1Sd8n5?r zcz%zw{Z9z3mX#!^Hj}aM9b6ib^wk+D!z;N>9xaIAbtZix!llg`DkMzvOPqo(l@5LP z97M{LXR{u)tvi_e+^!#!F)?a7Lr?nS19_B#{xKllWh%QK>Flq@E~P0qiE=Fo)TKXV zSDw$z)l?`bl8KB@?#1|Ka^%9BQ}$IQQk0~VbQJDAqIz?&GJ=xE4%?@FMa`8n4F)4a zGZ3ah0aFkfWU=2-vHHdp<)s+IsXQ}Nd1FEgsxPJe$EDEErkYBm&Kl5{OYQ6RjU4*p z*wEFC(!*OBQf6Uhg^s|$HW0g`SQo+7C!x$VJ=I964c@?p(>ePW@a!vWmB}Z z(~TgIOF!ckt(GCdi5`_4Tk)OpQ$AfxyfT4!f;@T@8!AFSY6gP;0QG$@5ZY6HJd2n* zlIhxByc$eqWQF2OmqA>q(v>wLT=}bVMv-TX+AYS8Ud-HBDJw+gw@ZX?^M6Zc(%|yz z@M)`<@{(p#OgAU^Pd?FyYpHcsahf%{cE1_iI96ESXZoIasng_6nN3ruDq8fZ3fvLi zH%q2VDD0!rQYvunc~``#@l}O4?@e#OM@yjX8J+Kfecx^JI6S$QaST)KQ|RzX)&Brx zq*U3aRINfnN8T~MuU?H5l;w=@blR2u8&wZ!H6E!Xy;-ouaOoIysw!$6!}`I0V(}`3 znQWOVVdVNwu1*qZvC5p&RVqdxD^R*jHbO|0rKaq| zakNyWR#B%KD>3gU&gC@K#N%xXXyzDsljUU4;+e|6x{Y{RDWph8>jhOUQiGC68d0nF zKpaNG7I3Fm+Bs)z8!y=GwAnk#^)QrizaJlo#^xO2aP=yZj!`odqNPq+Sh?JR-_*ub zBAiw@JnvolM2u9Z>9NA&tMp%)%GOp-s+ecZoK&S3C3ipfMpPh?K6EJ(%ZCgu#oR;oNAomwW;f#;}Oe`O?n<##(LbJ{U3 zD*HKmIBzH0%hi-kKE_@-n`Y*$YHl#9IZ_ayiBe=rR;?1yfP?}~$q7gg%REiJ1#d|~ zJoBH6c_>uyisVm8V5ciPk{P`s&X!|N32x7L=uSqNfZ!_3mGX*fD}X3TP36hleN|)h z0y(`(=i60O*VT{WeAo1s;x(yiAF)xFxlf#Tm-!x!h0EWabmB&C&w$@yjRx$z-M*ABDS;+cA(Q}EnB{KE>FeI`l?CSZP6vZZ@z zk6`fLlpvqZBGvaF~)RVkp>Q*d9lMwnD>nLKvN|&j4h20Ea*`D?crI}|xnQaP0D@U` zqulCOsM-%@I-5^|zhODN&ERZ8nHcQ}%rr?zoh*TgQ=u)PWZGy0WT=~ux}ta@8+c+2 zu1V6DOW@Si)23{-B&Tr_iOXCcPX3P%h+oxH{{Y|vIbr}xs9L7wnag%U%c^BDB-kjr zk{f+Pl!)cE{XakLRM+>vC;Fae+5>2GwV8pvaAa~JV!8(Bb3@@a1_p2 zBOT$QQr9jFK_DqQ^K=gpAyo{fiKv&ep)E%Az9^_GC8X6!km?eueFr7>(B#V?M0=`4<0O{aJ3sY%@C5#2I zV*#lr)&k`w(5e7io?tIr0s`o=KxD<_kQT-607)cvh1s=JHTHT zlq%G28<-4;0j}^D!Q?^Tv_!ZvQ^EmAFX?dzT?Q)mXbgzGiq-=>1+f%>ZSMhMD{ z;4EB{{J>isn5#{m0>sa(6LbP2=7jKl#u7ZF7=A!a8cUAQ$)q$uK>&IfV&MzvDQ)+G zato0>Kiwi7JeC1LluncH47Ot@f|aLrJ&IZ#J@PbIsz_5X+q^n?ED)rXI5yj8kQHbk zesJr7l#r^qcx3Qd9z-c}U;Xb5oQxqzA=9^Zi&p?C3EQ6LB|H``1zJHTm~oR4V1fs& zq0`9e;6`;4PW_>l%w+N+rLeKE8<=GBNTluQ=@uuE@|X#Cw*8_>6s6MIhr7h5hBQPe zH-30-Va87+CrBx4vu^+{MNrcByR*ZlIa-teakMhzkt~<<50)I2$p|DQ`oK7gONB(P zM?$3~fQKYiq_{sw35&uMf|5t4;}&v1Bs;tSDuX(|7ztbKDYN=OH~_MJ1WI@S1dykQ zU>5T~qyQ`VTh;&ygZZ8z?tlyd3gw|%zyU$fJxoB+12qhl{zV7t9kzpBRjoan<|iYoTBug* zOOuPqc&00b%Ej>v9&wX2;hGY(q!ORnCC&XKVR;x%F^s&YOF#*s^4rEJ;2t zW2IIbIZxqN%aVL4$M}*q_aBs58jXL$_p!?E5UE~-{m0dg&yx=s!K&~KMR;XVM~f)4 z%Tt9t!4Z8rk*ftI+}m1Ljm;%dEM&!;v7l*6L+;(;#krL5o-$OWs$p#!bnn|}2I=xE zmsM9oH8oU~3zW1g$fPNVKS+j?L`s}z2AbK8Q(sq$Rhqm;Xqh{e>AH_|5}!&j)fiHa zBDOMfm?mu}tpu&ZcZ8t**1b$?Xzwg}n#*Y^eT-ga^tM1iE$Ht7DmxY;V=y7#V-VIs z$IPOwrb||kNxNVD+9{HIiO}+Wi~2l1B2k(0)Xs%wtUw$~2$HF|BId61=>^p&KIU0A z{sa6G!gz~LbSwVVO?$G&eINOrP2*h#R@Yy)QeNcR&!hhUGw9i>S|(XXb8#AElSdB; zI6R}mz9Mky4xCk|In+`aSS4i9E~=tXaYZ>s#cBTl#i-a3vWtD;9VU}qR*$lq_m>{0 z(LYB1EdKym!D-dy`_#SM^CjJUSKx5N6~eI^B+sC&l|DkYnId3NKZI@_DZ*H1u+yhB z_gH2w9bH?2;wZ#$>BTDw`3TgN{{RUbk9e8VQ-ed+wvELX33oSmzE>IDO2@K>A1XqZ z{{SAOmavq_QwLgK?w`oT6zi*X(NXW&np$;br%6$+^W@Bo3#HgKB9l8Dsryoy{3H^Y zVEgW$cHteI;A zf5sc37Ia0KwAj@|fKxD)1qL9+5~iO9B}x&N=KBrIa;fWPuAW+}C7Mu~o<8#2{%shu zx0JZp)YY_g5>52H_U>PYR7;g738=zx6je+$C`8J2t-Qqw*lr#voLb6~$Ek~2GWX+F zI9TW4X))imOvWlzGE!trO-i-OO00qo-|yZs=qS2LXJc_-q5C9Oa+>7y47t=S8yBaS zg<|u?H01yRneq}g(s(hbxw4%ZImdKzx7tO;w53v-%H-ubr-akV%z|nqq#3m6Qi@y5 zZXfcD?KZ6EOCCoPs0@|mR1}V^VUHcRitejYwC5XbgFSree>JkZ#A21%Zk($3UQKC zO}S&;UTY;d-ebkHIl}NPI}N9mDwdQ}(@BtqQi%YPqse&7p>IaoQk!|t^@AeP&fde@ zSF0x6pHpw}M!J^?!09mjKw>p>KU~PJM2Qq05zwX~$t}yYHEW8qX+dHSxszJz;&&8% zoL8}wTXOH;A7SX(s*Zr;mDL&QSj+w<2Prae+%PD3sbvI`!O4C-V@Yi4Dt$D+dG9^h z!q~f+Si&}cy~SB(Qr{bkvMfOgilT8Ekyw;J%--5F`ErGIh5w} zpEGYA4wPzKRj)3tx0k-jCfR^yR#s1$QC~G`T9oB;mP(cG@h(uLx?r|BJ#WUkc9#!h zVwC2#+i0(|l1xe#LX;eVV(igVl$qojuDPjd)m*M7-=gE};K!@Mu>4j@O>HCgBrzVK z#gLq#!!%7CzB!U>aIIC8N9{5{gn5zg>FXKvtE!tmN@WQ)W#wFjM_Gk`mbu1!$}9#{ z!jU;7c$L!tb0$bTp6b~n@QQA)eVo+_E2^XWmz(^GCA;ZHw>4w6IhMH-rpZM;9W1{K z4#TB5mq{yxj^~o2a!DuA=uuQ-&Sd$1Wr{s9Fk~$O4u?-+-@oS<^s*sADHx{uwCpF+}MD(ZCOg&p(e`yGdX{5w-v)YaWo z{hdAi8|;sRDWs)Iv2NfUgn9~1K_2}iqZ}5lS^}9WxfTKc0Nli+`7oc`x_{GN&0ZTTPe@^!=`5jIWMIhK1`}PQ}s;D*ts(?D%SK0(IEu=#D}nT6SLb| z-zuKo>Ue#izN~(HxAPxOv%Q7FxV@>Fz9PP=IN*}4MaOG#8RqVLHV}Y7W)|iGhVlgv zfL%huBwmkkMN}4XS#q-@R+SarA~H6JB3QT?2H^rzP}lr_N-F5bCd%oQkf_p zx|E9~4#9_{WWt;&{Zuq*LX>e7C_)hFFxcEla%AAxwMGeEj6$6WQf`^jW(Q39YO;`_ z$Rqqi5DYCyMx=25MO7mi!wkyC=%}Tk7`_U%u7ag%@JiL@lCiv{_E2&C;6WSNFxuaf z5-SfGH1nrcQPfJrFzTgAsF1YGlR8?8RE4CtP$Oap1bW|yu5gV=ILU0nbg9*Ygw|8! z{Q&q%>$W4;?v4`3-`>1Ye%#sH!Te(??9z9O&X`oumAh_N9{NJ9`F_*5CAWD3s)gGF4ur_>kS|a3q7OebM8Q~((MwP0a@&*aiRq_ zmrF$Dj-KUfeMEr{I%2Wo@PRxGn5rIAs`qDyOk%a95n-{0O_P>{bf|m9k!Z0?C29<& zPk4Nx@+$9h6PAEQ1d>~BA@V$15nzB)creQtEKEi}?1#%F3IXmw?GBzsOjQC4MCFVj z3Lyl5$tTd6&5b2JXHFoACkroP4 zf1EmbL#Bm2$l1Ax8FC`Y3Ky}tKCtT;8v?TjaS})f06Rmj36CO{au2wP98$zyC2~w# z5suC6=?*vub}a4M01-gDll5q5jF<<^A%+6JTkcKF1fdP@-UZ1kkP8<4A@GJFC5vwG ztpel(uHWGhGQhk*4I$6TbHppiqML-j?%osu!$ht}!ay&7cpoH&AP8Bn02HrKQwQ{k z#!$-`I1h;|ij3pad6kl7y-pD`?NVEEk!7dwzxtv#8ZG0ty-T#Vf2pt3XsXul%MW3_29x?j=?)a;~b&LNk4I^1Tv~E>fHe zmz09u@t3D3QkP2eXI0@_7+*p#dn~kb*nV=v>F8C5eTGchIgSJ<)?Y zhHV{6sjDQ+l{E*=Eoov5Tkf@#JS3#KE0~mtx|hFk5Y|x5Wf|GbcyqAl`}k~DMb(WP+j&r| zvl%9z&${(T=%2&CUozjsS572m%pfM7x>HKU@ZS?s>1VT%>Vnx_Yq$BIKI>XF#*2L_6*paT>o!M2d=9sY;bmCSqMHLaafI zcuB>n!<1s#UDvX>jcQVAQF%>l(?`kuPw3V!(A>}9($1Q!BCcYN8(XdQjr=*E#F1w^ zfc@jNu)e2#L4PvkA7c0?#umOV)8p+nxPtfB8ST`&;r-t-+?!W|;&lY(I>kyt2u!q~ zuvz3NkCrU2Il?%mj-LMj+fjxnt>4^wP7_rx2wGQyrc{)(fP}hL@B6|vH6tpE-Z@*E zGOU`Y^39z^1dK*Xv0N%ZM8pkM6q>$P-AV2urBk8w$k)=XD|xDQID9|U#gde%1wv?I zEZl~RoKko;C2E$ZWj5SI;{}4MQY=$@@L^IFEOG=YY?-8{VGbEV_kv0+B^b#U$*odm zOVU({lGgI(qspX_vmPS3Q;fD{Qll1{mg~sLmsdKbp;M>KGZwN`wXby&cZ77*V}vTB z8c)i_!TT(sMd^<$^d;@4X}3&D|UHJ`xaa>iWBc&$D$Q<$?d@a59sik(84 za&`TpZ|-_=8+*HpnhHM39Z9@DG`!A-RKL`1WkNR8y85Q0EWC8DGo#Fy9LkwFQdTpU z5ti`Tn0ahgjZZqDfC{D(oAd9yVcOMH>elF=w3qVv8XGH>PIvO9SKCxlUhCOMIl@Oi zGX?>Lrtb5RrI9{ zbaqXr*rgPh);m`+wy|?n;)YdCLdukX7`@cDwS!Sx`WoFPn;==(UdRX|jUQL1qVtL~+$(;hM5~!$@O zDPEq@vyHUg#5-!QY!&1@J3DpDGMpammd7ED9^Oxv-AA@Cz47G(*;Fv^{Dn&fK5|ON^`l&?jNpepl#;M84 zw)tnqn#QMhtLhWGxOtSGehacR-CF9NQs`zuuFrY4wJ1c1ZBHN{+EmUU=#+uVi61}- zHU=)Yx2tzqQ>L;}rD+#>-k}>>3oX6<7k1ChEcw(7#nr6$h;;`w)OeMcjPkW4IYguj zCR#fsBEWXu?;eY5Z3{X|oO>Tn>3T)3i(v~&JV)<+-`ZjzX-EY?6&5`I0Noe0w#D;N z##z1T_Iau4zGhBm!m!LPwys=>lIatR(59kXwWwNRP^U>+e(4~wyGA9&qP(ZkCeqG! zc>a;2)vTd?MM83FDV~C!pXS{2E>~B6CpwEi1;XnRW>ZyS#Z#;C1b^b`X@$x-3OZ#Z zazJR;{@-h1Cu^rt>z5mBm#n47$GOWZ>J(eI(<${nGx@jQ9!EQ$bLLO0!%kM|pHHc< z%q=qknTXdlMk86IhE&O8N(vjS%F1EC~Q})+YGcL+IMSj0CI>N%@m49t@JjwQ3 zCGt4*6e?i|EHtq#v~07nx~sNXmN2TBpR|x(SZz~QbfqKI!gZqpRR=`e0}Pkq>Q*H= z{{XTMiAg@Ebzgu$^@{puKSGH@txrOXPZ`BAf`r!136&@`nt3P)mneSd=heEh42(I-9qwL2eQ@Sr;wL z&Uw!a%4wKoj6$^%RWS_d3R5_HMOEr5G-W>|Yqbipx3-kxveDP)>`$lJHmMn3E?~<0 zK9$JFkS7%_dROFFQmiJTP_$bKd0(xbkFsTcsjMPv%)xB!Gu)d zm9nU)=6$UdX$r%qN=g3!ISM*b-mm2;;X${Hqa`K2-hPJLt}%n0_QxmaZ^Pe9lhLk? zV7U@>pqkloe0)@b`s${#*Kxj=2p)(L=U3N1wqH)FpAKD!1;Zh45dg z*z04Z*|>_1Vp3TOR8HsG0+}>ANCnA&t+q9Za9|*bcDw{9DkPNvY0NB7-n1$JlGr?wXMH29(kzhPPTO0%xY?JvwTM>sZ0c>96(w5o+ z_=*Rl13N_Y`qB>)cad_CroqoWq0_+0!T_pymwlO9UdEl#HAlMXnn zlh5M->Ex`9^zd3NToMKf1tanA5}pAzg<42ZC!WR`Zii1GQa}e)p_aogMIh<~!zYo2 z1Zj3>i6m73#w9+$CiaINZiq`<{a_?R*oJN(AGogNC(;|Kl0$2VGo65hs2d1|u)s(A zu>-C54x-G$2e_}0LN$O(B!N5*LtyYdz=Gl80E9Sb07;iV+eGJJ3MERPDRi^tg(7MS zW+d{G7>E>{WST0i6)54K9p~%?SuZ)_nPP90(bTOn!+pbaANr&i^lM7dxV41*(aYDQ zp*I)7otCOG0fS7g%_vOl6(NyJQlb?-TqaRx9;aaoSubdzOY42h;%Tnw(3Jh1AFkJK z-xFJ!^C$UPj4v3IMk!@2DNMRjy+H^7BnKc9U?VQtinXWG-d~xw(&;@if~N^Q`I@Cj z1x^D3UgMaxyt6W;YL#AO@(J=1s~KVVBw67kV$K~#RJ?fonG`s+Dr)5J>hDz%@^#n$oe1J6k5IoR=f8T7G1n51}G3bqgw5g|nqTdp{@G(RhPH zp{`jvO(iwFU$0~Idmv|grPX|wMV_)YCW^Wm*+EifBE|M7P(Lb?Y(cmpJl3@;)^*(~ zs|_9ld1qS2;#6x#5?q$%e64_IY`;;JGffALO;9cX^Gi_KXgnwuAo@X0ty_AkwI_y* z{SR8b&~+GH+eyYzf6{(w_g&AIdWF+mU!~ac@JvownM$P-L0EuvPe*@64Tw8OZD)B- z`jVV>ebBl;M~od{Gq zdfIghmAX4TvDEqr(`BSo{g$I(nY$lj{`nFD~O%VU;wVd9rm&SIatC)RXn&>k_I)M8f8jo;ZF_ zV!3pxU_rL=C9;}pVk($Dn2t$=e36}qxqd)2i*oQUtV}t{(dE9CW~^fYUSmm>B2JYm zLMIaQP&ZI*hhle)b;hk}Lgi6=vqO2}Z93ldTCBNn&UjWR11(?z6vey05wlQFb9|wn zc&>FqH0V^p6Vh22w$C5WeesjnlJ$vOIuDA8jQ zs<0YdL3oxGGLA~Boc)}wzi6N009rP8nte;x4w{Y~FE1VaJ_h$!(dueds5sP=6*;N2 zzl$B8rekvjBg^&A9O@U|<+Ap1``^#8v8s@e zof72)hVp^!6t1l0o_|tPsW&M+wqaD$x>8AdmSYycqX@*AC1ENcIOZ)Wsk16F$PQhb zx8)L+S&rkmj=v}@13M6RixSSnbd+^hta)psStAU}*tR7v?UnoWOOvCwqs+}z0|y?K5~A7pg*rx|mmIcio{%aVRyHC0NI0_tY$rK_Jn zI2IAg)vr?KqpMTD+^$o$**qwD@J@gbg-h$qIUz~~mF zVAKjM5}szQF5V*8dj=lYcyh;domt_@_xNYYc^+{tn8+4G z06y)bX6KWnp7P1mm?ybrTcvnDiJPW`DP^(0UFcyNftXn zT9htmxJ|U5ICvLRwxxG#(^gGKz8*5Xncd3i<~LC|^&{eYKh)t8>WXHjnyG(i#xVd# z`Z)?OEi5d#x)1@jt)pJABT0VGrcvsB@w8W~eg0dV*X`6)l?^(Y+ic_SZ@V>l+p3sW zF_)%fo|@!ZYzqMK(z=CA{k3gckgqDIPb0bc5E6h+#NIBpv#$!?-sY!N-(|921^JnF zbR9dNXcs zs!^3ZH{7@ckXDrQcjUmhF{C?6Tc8lk*Y6Tz&7^u?!*)J;dsU6*+{aES@R^u;Y0YHy zgnrY+1SJ68Vu%OIm-T4Fyo0L5o0ND$rt3AMO@07cyH{{Yee3p$zt zQ@|h@JcTOL!~}&Tl{xJI1tr74I(cD$l0XC(fMmc;kE8{wfQyHKo(L~^2Tvq`v2X&A zLp`7^6<;xcwQk7Q9DcR%cid>JtT4+vyOfRI1FLSBE-6P z8=FI>GHHu2d5DQ5tw5v)KY)i%B&UE8vY(h`$jO0eI*NH4h;;HgcoB;{KT;h$70gL1 zHrmD|G5HrjNz#z^hfgCXffVQ(oH2_M!0F&sAgamj4w*UJtxiZ+0Ni(m8@Q%jw2}qf z2$b;41u029++Wfh2rYMOv-XBbfT|mqV%U|ETTq9O19!l!q=$(lQd<0SAOTf!g2p2`WHg^All6C@lXI4DR(hjSsx-(?+Hlk| zRZ^q|ND3u`h6ma@O*d183J#3+_3|}ZmYq8AZkycktlcv()nlubnJ~%Ne90_{R1+l` zVx0oP2?vi}caEmk6jU=w=RC7XOHY-QeeK)j`I_}gLRwi!wcam#mn6zTK~|CG4&Ko# zfzoLndDcF(r=_{83Bx|bDx}Y)RQj19=};PiMw7vJ-+0cnw~fpmc`)v-zh|08>m>Cf zB6TvDoVAT3?EpO58OqZ=2iW|>)HsT3TGye<*m^ejAW-ABuGna?I-@@uFoWQnx(GFIVf z*^eNGVhzD?ZX?fSO0}(5N~*(0huqs&w5;gXSd#NK+21JOx#s|zfaA2<F!|7n6Sa{6v>+~$yC(M@fu!`+m^QC-m#5!sax4m z>#M&RmBXgG z*7-Gwr`#b{jOQe6l-RX$6qJPm;BRO$nDLuT@$ZOgJVO)3aC$s14x3RiW`2~*K|i_l zA6V&hIZ}*f=J1a9!k2cIbgNabH58KM*JU1#8A?ten`i4R2&I;7{<69DAB<*PYOQ;; zKGRvP{UCKGOHN<)Kgk`0np$c~bW>7N%aDn7LM0`V1ID6F&RLVm<~Mg27nPk_^Kz5! zz;%Zc2B-Ae2&9Y&E|QsuQk9^p@oY*avQlZ%SSf?-UL7`!R9)8%t@G?(7}7ticI&*>*i zGWSR_xXZW_4C;xbD-gtHqzRQP9sdAzBKlLqy~!lcJ zp9aTCqZ`}E=BwQ&{44Ws%!ZBGaE@>p6md4uc2qJ8~K=3C_&Wg#{OnjQ_Y#9rswN}r6^Qcj?eEkx{al+-L#=y;yW|2lhReuOaB0b zPl;UVQ-n#Y9z2{nYW#d(5GMMQElPQ5KlsUwy@I0^UAaGDWdz#q{43|({0>3tadKAL zbv)ySzOT)k_Im4;CL@>5M##BZpDtyT%u43dC1Pay)gZbiR8Jrkslgy6k{-$K)GeGU zdrH%DsrN5LyBYd!pHdfI(&AlJJiL!A%sHd=gtbuN$|6&;<^%JA$FyuyI?8kslaz`w z_Bl5Ps!q35rP*m54)DTUQd5cDQ&m&e(~6o|sah7B5MVSlV&K|lb_a>e!K*)5%){yG z<{>0YmsWzLB}7?Tc2OJyZs6?;B;>J^0_unD5$VfI&=~GDjOIGQh+~+H%9*JQg0(VG zk+M>d07&!z2qP695fm+`+s72v40&rH0l?g}F!C%yfoE`e9iS)cz~Q|qlRpX;%ScYAALP1LV7 z6ui&2ei1$#rhGbO3eVT|(rU5nW@;v46Dd?oxhOzTM3j=w2Bi{qby~ta^IX*b0M>Ug zP*{W(-mkkpeeuVMW3S%EG(X|f)S8G1;tcttnVKn`Fn zPasmk4HJ#BS(LyCa6K;&JXj0`iHx6-pe{fOAwmM!y~g=Np70mPU@0VQiA}-D=vfFB_szh7p_E6^Ls#D z7B39}ba!H?9Y0tMi0p+`oOXb|JFz(TfVM1MLw?Y$mc*LCAn^)XkFG#ENh0=-n9sOH zSOHEqczCn|sB7Nv>5QAms{xop44A6@(_<5shg=F!-{K*bSt2bUJ9o4?W1%650+Xq| zA(JI?R!gNp+`KkN5T$#I18azM$4pgAa0C0^CnKgJlBC!w9WjJbLW__4p|Z)#6s093 zX=X6#j+t731eHUlu<3zm*rl28cx3QNT8`vcy9@CQnJbbgC7B}o3-b(~2NieRjp6c! zOsZfS%Ljd-qQ^~%rPK>Ow`hE{ID`|p{G!z?v6F3zqR9`xv@pw(wIn+wy;>PE&f=1- zH{KYWyoypmBn~cO%%RAz0Ab!4Fc7f>Llz+vmS6`LiBEBp6U@xe;|u%8j$i^5+vWDW zPFevJlrs;?46<^_JfXNf#4>vfm=$*Si5W2q?nDEC^L{pf1R#yX1jmpmOl)8rRT7ne z8*98PZ7>l_(h}-t^xh#LEyJj>TyCrE7$pqaiKqP>w1VEJu=Oz$oGGly;S|@ox3z~| zX<-eB;rN~pR&e}h51C6jJECZ3^&P}SWeKds=c`C~cI96vN*(yGuw2~v{Fmi(nc;xa9- zE85ShoUl_mDrbjvH{qKw;EG*$PwEwj(u@6$aRPchj?4Uyq;=LFA){LnukOD-&-5`T zWtiqClh;bbFq)~9Rn&8-Y9)VZDtxk)1I386bW5V7I^goW(S<5ghH{Uaej;nDvnN=8 zQDL;RYU(9Ol}{o>iDqKv6MZR2+_~B}x^+0h)7ndAzUMi6PF1ctVz)h);oJ0C^<7htni05}K2C40Oo%I+gq}&+7g#wYH0;YaeMZH}zNM%)4zGv&5yb z^_F7zOv&=F2{?X3#j7bQq*H`GD^hAabq~C?Gldbzx1@3w-Xyw&+qp_f`7Aa1{wCpB z&O35^^PDhw*>fJLz-x+r(MM9Lb95=gq>=bqI~#h?uT4~k499Vj*`onz)R3U78*j8; zM&&aBLxK3irZUM=%7F5@1MfhYbW>=bg}OQij`9Tt7cXX*@;YYkhvz&K~V$x_*9-`umU3 z%#ob3r&F@6CUVJG)QbE*vR8>Je3I|oCy=1m2IFEQ&Fj*wX<5^%u+iX`mUlK65~E%{ zGK<_y-;l68>xE9sxt|S9MKs{-Ln>N^%1PW2+(nl6buH)ZDLgc6^bLDb@b&V$v!6_t z*w>R?*Qe%u+0}lBW*(MS{h=wDS%ghr>}!HnN+jhi#QUVY3{^Cm2m3H1%AAuN^w zfFD5(VPj6h-BO1O=1!TV)6%S?Z%>8i>R@UXyk+4TxI?%|Z9)Cu=|Z)JBHct42Lp&O ziQfj7G6f|8Nh}Fav}9Yh@{9|nOpOLG=*Nn&}6QpsL2RWKze zGXQ(;@ahR}RXF7cLJ0FJ;BF4k>3JBlh9qHQnEnBmFz?oxj}((hOe`i(UY9+RHz&|V zl;~Ef@dc3~Z91G!JrhJ7tF z8_(=Ku@o7HJY(%iDytI2D$S+&rp=glJ_ zlNhC`#qoO8)#h0={$og)M5dmZN(V}bDqPYA-cCedQFU&wWjVp9LukL|&oA;`o0u+B zt#IX!bu1_6=FK-t`Wu^i$B&#h0hT1vN>DY}l;j@{Kt2Bec}IkcpFrj|7gzLb>2*tY z*?Io}k;(YG#u{gZH2GDo^E`X8T(|K2`yX8N zGR(=d=PV@>(goB>U;q(b^LURe-u5SO0`PL(rBms zwz&_l6quU^+f0$Zz^&Y{V0)b#MunUedi%}e3(Mo`dvAmM6!fl}`^242V!XY6K8*Rg zo{%HUEp|MU9W;+ioSchSF;b;?Ze8|;>CXl{k-Nw8y!^XCgw@wnqh2qDCbC?hmQ=JA ztto$Sjb6%(Xw{8r$w#xnsiA#N>ZGF&;duF*{I`SQs_4dJ%oAv(uBKKYM=DJ9BhM)c zDkKBz%u`j%_KI;&%+%gjs~t|2Jo~;zpCRVV$&xcvjKh*@OsrN=S}3Qcoii4NEhRdV z6c3$^l+HMbuSSi<7f!F$eE$GmLuyngUE4TTc#l3uU5a#qiv^|s0EB;t{L@t~zPaio zWy3#SFNu?~mKI2mgZuLs@&Sw=+hHf{EhCh+>c%3!R&y}E>uT3chq|_M?7n@^0qY-C z^Coh{1_eQZNXz+dl6%nL6eUVREWvYTtIa-P8>vL@zyKOEC{UCkmin9Joo1P3Z)qI$ z_0)W`ny08p7GRdNW+cs{--9JHN{;(Od&PU3tgo2n;FEMsbyF<))BC=n85kEf>Z)gT zDt$dfkx?mOXjpWq1Q0|9j&SIf7^?{cI*#rw22o4kT}J0)+!#6FrMHo3h9!yOGO&yi zhILg`^@K>Kku0rq6n^Sb1C!|t`eP2MY`n@VR;5NRRUQ&Pi|D7o4t31Sm5+6zwOBO~ zFZ!yLNnKRIVl^A4P(M`;!a1w|01;559*cF<{QED5pWu0)h`x~QwD;`nm$a7q{{Ra3 z`TUQovQ96=2ek`_olg7H$^)VJnDB(=jsBN}p9!C*-t$rg!7sj@Nc4k+j+ zm;f*UP)(Wu7(18vU3Ct&~(5(|g`B$XHd0QrDB9pC~$11Eo^1EwD+ z0Y8KUgmVBcNN&%@&<~6N>Ls26bAZ|GJ>VU1Pe=!g6+nTg3%mmXWz_*-LDT?I<^t8o z5&<{b8~95j$rLz9u@I%J0Dxu4L2hjKfVU&qmw>t~2T8Gjx-2jm5nxjm_kg|vHva&e zL*UAb4*PEiWI>7matN{7116jEAQv{`2f=(vr9Gmu_;M*xSGQ;jvdY)<7z?Aw32q=R zivoq1z+@+|s$=yRfW9oPL5AGGTM<}XdWc8KX#hzZZ4g+cgX_g4k#DSg#uqt?AmckV4^FQDT ziBAJ3krW6vyF-#Mh6CLGF)NXi6oNay@`vw%iu91gjp9?l>Eu-+=J4r`o&?f3?GBzs z5osv^w=m0+Q@{vGCfr<@ans3Ck{l!mc$NyFouQV%Dv}+NIJ7c(8>m8nz=bo!i~`F^ zNH+q-;>7!p9t2{SaSonG>Jdo=AiuOcc^y0mq_HPR)%@bb@H%B-1Q6t~iBBVPR-jm< z+-kH~n9E`vN=dg35;}QeFVpdh7UYNl4n^J>F_R|m3^0m8(gEXR5}pTG$d1P39`=Jf z{26ydc!*~)4@C!FVumFY$wgU}*MMU+7EEcYjK z8fvww)qe9hi>sTP%8qrVmQ2BxuuRWO_Do`h6Ou)>3#Zf_$I=Ql>d|WqYg?w1_)jo+kEAox48~9CPe4VD9;(9eP3#HQh*AL=xvn0%? zTBOgAsdEy1$XH@Nk(!!oDCy%;Gu|&KO+=OfzOf~!1aez`&=LZTM}Fb}5YvSKN=QrX z0&NCxYBP^cGEY!wl}nlMNpsbtr8NV~H3QK?{{Ta1&9&5S?5EXAO%zU&k)Y{s!#_nj zM~>9y{JE5*&&O)kRXZH7{jEwvStwEY02cCr8JC*%{rprVCZfA7k&7D|N_|+|?x)WR zLGawUvqrUNxtO8YsU=F7LX;f#?(ni1!5S2-AJi$t!;W&!a-sS%Qta?t8^QY5( zhNi3&k~c+ca!kw=tT)s+X$ZaS_xhqUs(roVk&4EL2PhQfZWgKPp$0H{%yu zuW4CCOPMH9XUl?I>T;>5Qxc*{8UW!O^?@7jRj#`d69O5p%*HTxtl96 z$XNZe67JA+$aT6NU2o=BDlc%~pzu~juFFJfSW@A-^%vE*;TQq*P!51-*tGA0NpORn}eU!|u z3Uqp&m2az4#J$O)Ugqx>z_9FIfpj%ga_7mM zf{Bu5pcJef!5qaDt4^IoB=FaAt2@h!D)FmIO*p)!eA(8ohMYqzDt2ecl=Et6L#m>H zI_A?3REv4j>2fc;cDi=83zzKcyi3os{U73eE#Ob3D}6#Sv(+WjQ-wa#c;Wd!H^XO< zs;LD<1vd#|40JJrJ;t6ThKgpD%tNIBkZoo#-6g6oJA#^~w-2cMUK>4f=OpfhxBc-h zF`mr}R^F9Z;%g^qlsda53QZPfrqHdv(G z#i`R(ht(o%wOlS*oHT2t8A0KrnW+ktrHQOE9+Ew}#RwNXf$*E})`>@?-@E-Bd zTIls8l&frw#kP%JORBcZ$ni{17U~yM@!>kJ?U=1{-$c1+)uYe=87Uut?;Ef7TS{w% z_?tHiYjuQ@GpX=Asgzb#)C_3U)XNR}p9Gwli`3gpoLv&f_jR8^7?ZD7zx*ie=J@+N z{l+}v>TZyj$5%0Wnm^Q;dPJ-X4G0J{SYc9CIDgK~K6$6yg#Q2th^1kfbya;&*N?Ep zsY4Ncd>yC5_rqo@)rpexK4mj-{Js=Oo|LrO!Wq*n9vt0f++4e3>KdIpCG4rCDgDv) z{{SP&{CV_=r+8X}p-U62_>RplS$>DrI1XCC@~#mpFJ)XRT^$sI`zbPk-;znXlzArR zIf+iCN&8BVGJa>sdfvBxuHMe-?ru_lV)RSyLCjdrUCCK~r!{8WT15sQMJUawtE!k1 ziD~4Le<8WpIf5S2wM7bRE%r1tt*c*GRH((a{EyEsjBkvLcj5;TpOLa8$@q3pl(te& zmTo3NaJj8?p~a>BRdxf>v^@$oa8;|U)P20a%=bSBcqWdGO{|*NVepDG119qpNZVnj$Xp7c>;TPfxL*;3g#s<5>lkxn>1GQlOBAs>_ZX8 z^DZGT##H*Lvgy+*Otd7ZqFNHcAOTRDwsD1*pPAXMEuxRp~W zwIfg|B_xX$C642WYP4foE)rQx%)GUsb8jfsS&x^)`ryBHi+;n0>++Z%bF&yl_h`jhct zO@?B5^8ldfu0*5~=F#BzWg@>=VoK5ir_D1i3X@=^umE{w{piqLYgXE0l7yXEzdjeC z#$WiaPw@O_3KI79-+s~ZPqEwQZ_x?RTtb}6$X!6p*evj$FWXltwnO(RC_?`L_2XM_ z;@jv;_s~*anNRL``;85!(vGi2U+om5CG(5ij?AL~Zu-%``=mT6Q^`toTrth4bJi>WX6dhvfWpV`mca`|IE zOTwzn1xk;AwKCJpv$Og}Y@+*@Tu@V4T%DA>R+%9aR=zrb`zZwv8U6ty)=ou=nNUxL+1)ip)R_fOSi@G_@7?%kKyN}{Sct=GFDw5Yf=hlVzq=!s+tYRD{m-&x|R{e-fEY3 z(*5MN@>?&k@oi_t8m_Y^?Pb#s9Nf9a1 z9pRF~F=afm)a)K4qE9R??f~8_Ab`6MSO9Ui)&L|%cfbWFPvHZ20l{$bD{v$NOOiuJ zk_ij}Nzz@Q05zTf2rOOz0S$NnhQ*)(lBTibzyLsY2aaGY9smIs1_8Q)3x|MU1LiOc zm|57o1Fk@_$tO$tKsX9Q&Y^Ee29E;&0E|m{E=+(hFk@_%C){AIAO?sXZY$ZMTESx2 zggd48XoAJCm5$+_Xs|C=dW^v_4ZBFJV-bZ0+6|G1C)6T}r!d(CLmMgA1E` zL#(2~RseedTZpkSlUOU^xOioegqS~ON=E*W>ygo2#hxt6WbgvSGeakWz!ZW-gfIxS zznEIrXk^Ar3l1B(h8;WzQZ?O7dq6gFDFG#h*MO37W9i0Wgn({hM@X8OHl}kEh7AOusDY)+#Bs2j8jSIjvTiAbO|Q(WlTIa| zpSG2RDqq*1Xv(#%bJx>NWX;oc4Mv4^PTMd0Jm>U0BCe+corq3GT*cR0O)X_9s8phj zP3avBsnmp5TEl0m+pE7}7jX`mKEk?)cZ4n-1atea5WoT4kE{WdMgWpUpbVlE1u5Z^ zUBf6<21pFvkji_IxdITSEV0~nf^8yS2gpAV)Zu++$5p2P0BQu<&!k78=(2LtY5Wa6 ze5o9%NtY~NfbSbjtdtbYDFxI&6AqRbB%3^+;(s~P(BbrXO)Jwfp#7mhz0e&a-to25 zsYS17VqfJ)r1GpECg$ACuMY&lDkmk}FHV$?s+u-4oj9&dbS-MngmxGg!=`1e{kA=c zNTfj@B(K^m{{Tp$S2W_bSu-hVm1ObS*HR6d6(2&ZO zl8f2mrm#;3Q_;S*^$(z#tvRP5V!=AuHI!4`RP{)Il44)*P+~YSg@0jbsZjQH*TJq= z!}K)z&WB^I+d5UFzh=2#*OB+%!;i(+PQD><#7n~G3_lx_EGoMLs95n4-EzMDo^hPLk7Z0%cqVDWXHiv4K6z7vIQ`&uBe52a#+7e_aVjo8z zFZF&nl+n+2O3(Il4`6=j_lzpGa*E7&G#A<(Ykz*0WgopARLQ|o!jeLqSc|`??-;!} zcxIhP-orGw>eQ8jP~Zd3@pUD!hjmSIYo)BtS(X9PIUBTPqg^>S2*4L-eX-pIP&NxQnk`m4?UNcr!oT~W{dQqSC}%1y2@`2PS~o)egJwmn%(Hw44!V&^ zM&&Oz`7ROA)wHEbUT@9*oFkH4pR`m83_6)}DkdqVqExb?rITO)a!c?YHc(3q@Vma> zGhcUcN`z%ntddK2my90y(2s)^NSPxx^`4tjffFfk5NtUHc?WKE3-==8G&kDHl637h z{@3aHpE>;?eJ@g_30Y|GGU3$af79xH9VSqfCS4sIpowTmLJ=t%Qjp950>CwzIpx#4 zmnX}2w-s(G%B^{IN?f3%05y}&@hfwnbnhHs2DU=poZ2668a?!ffdk=EJ zJUzXw#r0l_G0XfuA*X3~`rX>0Y@DS0yDvBBx!nBa_@MZ^&)*Yyj7X}NGYiXk+HBMJ<~PwUz;b;XNYQ9%u+KAmzsY%iXTErA!L}YAqZ!NJs`-DR<;a#2013Gc zW1#B7*y^U+EYuTiBW>CvsTDMemcRtI+eGIDGDt~6l5KRkc%59y6y;;ZohnwfB|eF8 z=jtLd`Aa4hc+_!z%_jX${#H3pOiVi{hxZ%-%Z$#rQ=i8#EP10zqIs${jy*8B!TePa@>UuRW8u1spTYMo_E z8?=27`Z4-bl(V*Q$Mg1QqL*1e1C>sUI!#otw91;YwwlG=U`u449yy;8UR0q%6rs0M z-TEF|^o6S2TGFR&Mf9n1*OB(T>Z0X^?{my>t><=l@~O7vC2COAP1+L)aAQfKLdwg6 zmVYLh&164=Plq0yW+R#M{{T;9E~G3f zofw4ql`^S_*vdr0LQCvRk;6u9eS1^6qwMEAd^X9Gsrb`g)F^uy)xz%5ODCo(pojCT zdzjWHq;Yj+m$@}K)}y}WCt`<=#bG6!4``fZqEc87h8t7ErLl!lSz$soT$^@@DQsl6 z;8;K?MZsu&@Bu=3Bia`%2HFk4oWmpmmezjIfHANw60!sa{`*6LH3oNptT4+UKtZ^M z0zd?S0yhdgzyRI=3P>Bk0YMDhz&=wL3%mr90#*qDDeginS^Xa`JSQpVxnEld|IIe@Yub|v9h1|S>2WWZ26Ld%mX42IjnnK0m-JVsHG5N=-V+(Nt;rUlsq2!iy* zRo$R2O?DE%-@V{1O$w(X&=YM ziBAOOilpk=89a_wtxQKdLoP{7QWX1b=?$I7$}3tmk0@*Qhl@$>GHr@bFQ{LbWXH|~ zHZ9s4sg9VM86=P1hED@$aY-bQJ6auXhAWtz4a_ol9XyJnNWXY=$xKu8eIe7x>EuAx zQ4h>Aco{qjrX@t5qeCZ@GTjJMtLfS-j|Gu=Wn?Sw0zR=~d1GaXGo3udj=3u!8xiRb z7Rv=$(io4xL#Epqa3bZB>wX-=rpCyH+S|jf222lUiOU!Y-%kb^Jb;SXzL3d|oUeQRC255{;E5MbM$`6jY;5tZ^i0F0|`w z$l_}c%s!2*ImoEEh{-*KO+u2aE zjv%-5Jvzfd)AVY66l1@3`DVu_f5a57(_>kvHtM4rP)pl8xCLsIATl$r-Dl|#NbIH2|S`C-%CDB_=%>KE3DY^(7TGEzaCV_ zq3CU`I-2w~6VzWAp%(fS=0$* zdx&1Fqb*`fD7^?S29gJ?L*Ragg7Yj86p{mO{Kai#Nk;;bl-;gW#6)2W(uJ53utC_3 zqNy#xB$-_uPAQl18hn2)VpHg=X(o7-^>mX;CQDavp?FrKIJi%A_S~xC+J)s8Myyn# z`#uk{{u4h)9S(4rPt(4))XAX5i%X%#R01ScshA0kX>$qY$tP_t1aSJ#hUG;%){8Ok z9_!)ej}`G(fGg?wxv=-C?%aFF;pV>s>coW2NLpBe0R$f7{r>>o(Z?s|d9vBy&}Z(N z^&mLQ-w9|qb`M|D`eF; z<2%1rVoyS56(wMEcHS&are>tDZL;4{ar~d*)5}-d>0b2n)J~A!bnZWtB}x#f=*?C3 zk8gRrec5@N-0|@T)10%GQI2A@lMy{+gkicKa?5?*2>vHw6j8CQQnyO`PCn;GyNz#V z)_qq8&7D&Cn(7XJn>z`@CLA9NStMbU9 zGlQcmlt4yx_TGKbhBKC6a8+u7Mj2dWW5#M90>6b+MgVxMx zBQN1)6pNaE)rrkUnKH|V*m;lerOZ=#eQTz}HD3Nplg_+j<82SZ*6rO@_xnYCXYxLy z>94~EO6ZK4HS(~}wc^vIdGT7gLs{?Pi-aZnIXsx;E9*72M$>qT?2nMVXY`Y+_@<+$ z88}h?RQ~`IwZrn&W-~na2nm*to?}@*?Tl)dRPEON`yN$Zyi>y6o=x#X@rTo|hs?Q* zV`HT074;gitx@#BynK7?X6QZ~ zzSpiI+Ucj9bsw8OQ|kv%y78N)XKtb6b1Em2Q%y>eQznrP{v4z`B|n+ml5ZZHXJpBdtX1|uc1QxOj`}1s;DYcf~^ZSuy2_6jvvG|-C4zXGsk>?dhTwZpKXtOoZyqrtC1Yr zO9!4w`=mAzUN&CfY#&1EjP`jUmEP12hFK;E79< zZ=?i;hXNTq@+)CVLEP;Vgb9F)x2zaQVmC1jv;-bjXiyy_s1RaPU_)XAH~}eivF{R= zO2&ua2m=NX0SC(dtpE}LColk0a>tkeiU1Z608ziv0n$il2`8igNC}T5fO0T*fR)HT zU_tKzYJ1?1=5I&`i`*k?@7e;z$p~=90>!%(c2mGQ`oM24s0#uR0CwU6&Io+0Lv1<@D=O}ju}7m&bYKvg6$Fc}bU0*e=jX)`JhBv+U*5Qan>BMmLsS`qSO!LTIQ zKWKvZ_5zEKtOfAh3Tz$%_=tCau>jfv_=vxn0>tnLM)FTk3PZdjco{r_Uo&@w9Xy|4 zwzS903E=y*jLC0EWw;1K7Kt4^ic%6U4xUF(08&6DyF`q)DN&DcZ4wLA*if#IUW$KUk>$jRWWq*#-@GI$(DBoJ&~9Cg4K^IE~7^47nw8Ar9+1Hqhm{1Kp3(0fbQ@J3Ig+zzNj*@c;lM5OmrbsA!6?z>iV>XGg%rX*df!4%bI_6R{BMASSq_&px40K%$hW?Ji*e8D93VzuTrjH zQD}6w*xY5#qhr}}U_z%FnpE7=%~$d~MHQ`KTecaizR_*2({Wug^GBEUJK|qGXPW7_ zb{SZ3yfxH?(#Sq__td@5uxRM??Gn=75uBG)y-wdi@K&3q(T!@W+Em%)@V*G*Xwro! zINZ6u@wcAGS2W_bHgxNkEqYTgc*dK{Fsdfj=T(#Df8g>+H=ITNqe-Yo_lVGHD;3wk z+$8D>KB6!Ig>NDdSUKOcKoIx-Pyrafrv@dwfm)VI0+Kf{C6ZFe56`My ziL^sQV{OkO>yN{|R(i!|=IpJBi5QH;{{Wm*R4Dj!lm&=CaQlKiqodL_w`&zjvdnz^ zj9QcSVSQ%|5zv%Ko|XF(*z@HS#Hp zr2#Tl)*;2e2+7JJOJjiej?1*w8CHW9RDh*Os_>Sy?gGV$`hobyZIwqEbeio&JSiRx zGM_}%I!O(`c-+P0)$Agr)X<+AnrhIbheD;Pln-~~=>)L$Vz}kya(dUn<}I8$o7Fj) z12JYf%EM`}ikj6;0E|I%zFJadrBd|iPNE6YO0O6ir$wHgtHvqGw727b{thqc565@@ z1Mu}5>Pbn?Y8ZY`f5T&?%Kd!G8J=9(G|4imWCCVWR4Yj=Sd^WKh*lLBJMKDx~RD_j&(qJr-LQ4a3 zSO<(t$XnXS_mfG!6MMefBGsx}NyRQ%(@mv8(vX31<}DZ;n-EawJbcjzNuL9tLRHS zb@tab*HrrHODpeR6n!V>LEw8t*tfsrA^_Rvk4Hz=!c&KAz{O=hK8=LH4AWA1n z#f5=9K-LJBPd@m8rIRv`46soXCuz5$BQC;CRgtZ`#!o7&q)3<&2y&hyc^PbLUn1d? zP7RGwVl!wHQ!1KzS2mq%DHB88E-oB)f@`iWBhsntswo{7F`x6FRxuiEiIVa}xoPo= z3-d8uZl3sFYFPHfq+tE*g z*+@*Bf2I-*KxQ#{jyN2Ouvi@eb`7X!H-Z}bk_vLA# zZ=IalfByhgw&p3PR{dP5LQ4XS`*`p#W2OlSvW6Z?qlUy+6O$KtM8G#&xg3l7(3Mwpa zG|8e|wYB*EkSBv0qsl!(us2?$p(A?Qdw=Fp728EIlkbF7R3^fggc*DmAOo(u^EN? zMT>HYRNNkr<}|8p$ff@PI3l+(s?-mNQ(}=86m?{tAS@aJiPYGRLcUPPm<)F$I!WMd z0ELN8%6I@`0WL%U1*caq01|Y(ShxkT2-cuDXbS+89gGAwfxuwU5!6Chf!+dJz%|+1 zm;@uaDfEY20RmaCv`7V@0zd(KH>>~%0B6x{-~c2N#6Sb7n6ZF$!4t6dfRaE;cp(q? zKsP9lc7T!s{{V~w#pHl8wR%8Uok#08n#ByGJQ zEro#_%G< z@O^?(QZ6Iq+@tQ~$O?Jw+9fhTbc>#0@_<#K5N&9jkCe*PlW-u*8!S*54JVj%@`;Fw z0IKmL3o=_4YeOkuoUs6L=8F>6OOi>6%NaHyN{Kdb z(Pn&y%3>%Me^&R4GDryW>22YYSRFA0r90p1VseK}1w6l}v55x6(r%C-7_ZH!H$Jce z7yTk=`^Dy zZw2U#+GVo5r*6?)(&^l;dztbl=pd}^%uwQ+$%i=Q9cD@;cxfQN?aXMkKX$52=XFJj z>)>y~S=@ect$Z4$)(d5lLmtqAkflW3Kb!yppy43i8*Bm~)5@FL6r469fMyT^*@4;A zcz_!bK}s5c5DS!zc45l+25!UEhGsk}MO>9R2%Lw~Ph+?~pvClVYg^B%o5L%f=ZSSY z;Zqo(6R|#VM$X3esEPdm#u<;ZsVizkOtMf)Ypt5}F)@&yoIZG7F zn4TRrnyy@uw8*GILc-8>Y<-M%_LHYlag-iY@-Q!Hr$L`CezTgHo*#%5R7gl0pQLnD z>9-R_8gp+LJ8X&2F1~d^X+}orJ~Lc}*)!EhWl8t(W@$rxV-D|8(=6BTYejt5+?@MWDSJYu^14!@>FFL%=~ z&;J0g7`J{k)T+Tkf>6R+<1c0Sp5Ld<(Y2@S)-e>mKcV4Y9bW-?^QPI9=MI8kc&dR!7aN1s8P36BWkGS&x08jESMtV_G zl6r5Jsqm~alMkJyML8tQR*TG9i6v_xA=F7FqtAb7t#^GI)uov>zodN!3p!SG;SA-h zZuvez6`ml}&*m@b9mEq+!O>MoO93hi3>@ELA&SyQElobK`VIGJo|1EfZaQ1lj-+%y zF{d(g>mQp)vZ3~xRT8NcNgF0)y_7C}L)eJMys@^wrO{qF_3pj~pH|WI{bGZsaUA(R z>)?II@Xztv)Bdu}m6Y>x24Bo&EQ(r{y**iHCRD@EIuysTR`KWBzlUzDAGD?K)AL-f ziu}>yejxC6p`%IEroE*vHOly}FH_wWPc2F_K?l|}DtjDzOx9*hwSeZ_I%W@URm=inK;a8ESF)J;lO1)3h@&Qi+=M9#_R}=y+}=D-pqKmxSXqQ)#MXsisM&mQbXhP(*c*=&J=dwA1g~?LL9D zyR*Nc8us&2gt%$tKZ88?uT_O~I9Uq&^IYlL$c(!xZB>zjs6nNlQ_gAR)#81$;?t_;x~I?gQS&c-tOsU}cI#5BcRWe;Np@T>$saQK zo5h|W@jYK{s8;toM}_i_`5W4dVvi1{T{aOV&Z4Q6bMB%~VX*%IWKgJ7sV=IoTi4%-{{V;%w$sros32f?1~E!2u&lp_ zPb#OGPvR&cQ&ifgEEFr|UL2c*&-o=8kdcD4QUp6t3(pL|L7R8^bZwCezMD`gLiUEkSbE*o%l%v$GnN zX;G@D7rNi(xE{Y7oj(dz4<`qrqn9$M)YK}LT7u`zX4Imk8v(Eu4q@R=JxXoxu)YT8 zU-4d}uh5Me=_tkLZtob&`^^?Bib=yLX4loM1WHLHa!&#;&JIc7;_}`#Q;25CSfu%$ zYKeseYywCun65I*D4rTSI+@^8%t%$jdqtd>Q+Q1En)4}N5HghM)As2Mr?3J_BNb!V zG>$$00L!G8oBU2oD&}fjwNsnu>M7SWV|Y67`3japA%AI=Feu+nj%$S+8DMZ8Jsc8fS6zo(1PzQU(y$(+-%7r*N zbz|mzar!CLCv^V+H7yDM0PWPJ__aDCi}6SNXnYS8`ca2X^%vzI&7V)s?sqDVQdq&{ za-PL1Dt*gCV8y9Cfz`X1c*U6Vk^_w-AE&%GNsTASR6$W=43-Kc_Z4p72xZBQDJQ@I zb_0#!@Qis#i%BNJ0-02K3j)LlGlL#d$_Wa%5e=fYo<|IpB#VylnPUgV(pd2pMQxVF z%6t|BsI{D08DNCb4Y!8E9Dyzz2v?BCK%||3yh`A8ki>()7~k@MPT)qN^X~u!(nr^{ z07o0dtmFdR!+{_GfK9;K01C9QXaHCMVhLyCcmP-caH}$m1f~!{7JzJ^18etyGMHc) zGC($RLv4fuCxQ*x_u2x~)(GGT2aDK;Yd~1JCHXu+Sf1cIwOjLmbnwY?J$)c9%E1DI z3-It3#i9lv+ioB(j>Om!kpX-d5)|%#oCVP2iVDAPcnpZ35JA5X8BpW^xUq`Nm@qMN z@Q;%wB-D{-h%#azAlyJ*7r2Tg$ao9j2nz*S05E`cz_5>!#layP88R4B#mE*|M4`{I zSRKTCw0+v11yDC&B2yV|g&-ZoIUt#21Kt@tlAZ-pe9WErh8b>zT37-EN_ZJO3ZO0_ z$xXH@&{c8m0L5!b01^Q7hEF7?fmj|P^2Zf+HXK7Il2gFC0DpdAkJuU zDFHik4xUHOQCgGFuV|hIOjUwdX+MNIW2c59l2|z2EKehqs1j^LbNEB1ST2#T*jRRk z1+x`Wl8_jk;kuaV6|~&!$B42d zr-29x+(RdU#WpRf!?ZHp02JUnPXl!_rJi>8hEF2_c2&5BB{4Jy9*_jJ zas>u04xUFVAe%MBI(Zmb3oLk1lAns@h$>7-@G z8yItD6(p(R+#>X_&m0r9R?P%&J!5AZ$5|Ae7{5c&DaSM-{Slc>P*6s-bF@(?Hi~B) z@NKY)I{aFtG?X;uWR}kR+Y3mrq1&&V3TkvRZ`5HnTt~ODYi|v zj$ZQT_L{v(Y;sq(D(a$=SV-CF^4>9Xv4%ME77+j{NGf2X01%zQ0JnGvTd`F!gOvc= zKr+}sw2hYjf*Yj})(EA(!)S-I6@e!1O`0ICQu6^1V*rihRD$Ix;Jx-R%1ttglTl`y zICRq>bsB^9W_ilAn1r&D0i1)WAd7&svVgwN8yjoet4SwHZ5Xni*hZr#d_D9xr+Rm@c>D|*MKiBl`BIV)nPDLTk{|kW7!Fc$ z&Pw`6r>q5%Ps~{V0M-!Jkxt=!8R4H#I9?aFepOTd0Q!^dQxpP1jiHmt>y~v~tf|ZU zEASSgU|}e@DhwF!8Bwh$Qd4|(K6}2lzwx(>s_FG=KW7;~f=i#9-~eE>H0#9cCDT(T zT(8?tAWQO(-cgK7bFWeKrsbEx@17m--k;(7XjB(lgtN>(wh__LvY~4@JDGdgO(n{Hr=(WVZFI;+rlnIA zUl3cr`ne!gl8B&Uk1MKRI{|Xr)@U+r@^b4DpbUYVSxta>|yaHjMkrHD=bq} zs~b^N#3%g9rHLQ&6C3$OHRCr)q+wmA=*hoB)%p$b(bW!%8f*hK)J@Eo1fUV%)lDX< zLIV%kO)f|uxVHyjL}@SlH)(vFq3%zezN`4J(Brkg1X${kbuIBuqw?cF*OB&jNPZyt zP1kH8Sf5WbJgSM3()Boe)|XXH$DUCx&-a6*@Jw+xx?TR8Q>MHyyFSn0{{UPw$Te*b zQ_*VlT|*wdpTV6?Q>Zdar-tS+Vrmoaj$b}>lO=UBjWqeU0hKvu4JxS~Nz(n4F5ZR5 zq-WXcH#&Vzsxrr?E9_@m;h!4o{uQ`Wv8vR2#qSoqV)pwtK4AEO_z184b%)fWsL4hO z7cps+DT%9ZD9|=Vfcc;OSnf1$6H>U0)1~jPUw7}{@%Wyztbe2(Dq1X8?7zSA&%2&I zT3(qt9+~u$BJ{45$jW#sB+gW}omo8iljeJ@?d%wOMVEJ1H&WD zlaKwXoG8XHj%U7KZ;{S*2dKF>ruZbx=hW=mPlr&U^;Fi+VzL92%TLWQU&4@2rqP!| zjY^XCbRn1Im*Qj5veb2Jg-Y5IsVBlqKR-l#f$L#(a%eW0kouxXgW@Tpm* zs3+~U6B8^Gku`P?Y$SW-OAWHKTuP zQeM_{m(`C8gpS)uyl~ZP+eIkC7*UGZBxH56ik}S2eLAN=K5UC3VyxdaML~-#S5)dR z?S4qBMU-WKc-Ql<@Ux7oO;WPL#JZgl(TIXT+>ANJE!xD7V+%CnQaJND+vg=#57gC(z9YE=u@RW!izmwg zE})$*6}f|<;HA72&z6KB%$ktFFMiQ&I!(Qdd9=4?{{X4q0pAyRzF5OEmRaea>pU|N zp-o_=psti^!n~4H@LKH=~Say3RL8p^g0_| zM#lc1UA0KgFT7f7?q^*-pv{u0(${4rgD1HB<03K260*#h(x*17JLU=XvMUpZr4*ra zYN~Edi9sbP17fD{%tR^5j5>`Uvv#zaYdL?3gN9U2#3zbeHbUoAPnr;kQstE?WR?H{ za!c_Sdp?DkY=XB%4|=27A4>Em^nGU>o4cFZuBB&|c&@3d>KesoTJC*M@HX>H@yo?4bZFby zreSAju_G38NL@s*iy~vnXf0+C#S@dmBLTPP0gov*z*)onA=1H%CxRpt*ntva&RA@O z@Hc>?EGS53C5VJ?Bm}7;&58GdF>Hp?GH`4s7ReiBsS9b8f`Sdn=PLHYUw~@85r0P_c3M=n@l3m-v^*zg_p9#2i0;S^pSgK6* zk>tWDCo)ib%vw*F`Xsa8QQAEBR`Io3jndQB7xOjvC;8<1r@+7H_iav!x$y()oBsgq z#rv!K(p$fTUNihm!|H#+PA4L4>}#bpe`=MjOE^Vjz$PF$I%ThAfGh%-`k2bm{AEev zmHyB9lH2CLPq5VZ=lve*(vO|?e95Tknud>gD{IPb6(h`A!(Xq(ZR7+^1uO`^CMVT~KueHdElipRhH!=)5rc@d1$rL$n4&TVku`_khZW zB7ni7vnBv*yO>AGl@b&JULeSiA^^dlE?Y4d^FUu0h5|s|0?;#?^9tJ;0cithR#_2Y z81W~pL25#;hzk-v$5z6|(elE0KIS1QB$l~{H(_rk0LEWy?Zr5*j(#)TvduO`Oc@RH-K^ytZ1DB@EofMQyfCM4+A^f!I|IZw zOC_ujOa+)5!jLS*t4VZ_JwyW}Q$A`Xe%fJVi;_z;JYgw3E=0Jxx3i+^*OH7^E$||0 z=_(Q9(@hIb;YltaojKEZn!$}@sn}{Xy`{B9IQgyr00O|JC=e7az2OY01ti({hUsN8 z2_t>|;u>hKO<+ZkO1WZmdYemHvVqV6^lxsW+g56 zzo?6?_N$*q_#Pqj^3(9G1^)n>{{XaelOW3Q0I5{63zU2$m$QAqhwc79a*5k%jGQO6RUmEx*j; zZfjJlT2(4Zw)?Z;T6s&7bgVUt{xRtZrxg7c;B*;ID99jouz%+gxe=|;Lg}t0O(Uh* zx|vEzn3_~5Ae)qsL;Vl*j2pL$s#)%Eo+E{4;%gi&n_rGkHJ3R{1xX}%tns*t!aWnE zVHsE^FHeDDvhhlaPaaT8(Kc4SB}rNog2#f&aqST}dq_B^xRvOt)FlPW$J`2xzcPG< zS7q9PUqq06NooH8j8i0WGG6WcLDS2{F-<%^OlZy1+Gy8cld-G|6qT7WjyF+<*3&Ol zJ#`%8E@BU&l3&pG4kBcf={j{HoL^_U3z`RyBXk^FN36!~xB3kjKs z%W$9ahYXSvIU>VU*&&j$U!`Ckq_PcGKJj%n5Esi#Y) zzf8D)2abG?uQE1x$URQL<>pL*n<%k5HGq6dS;1Nf`>Rcqg?|cwF~nTcy0fb3*Mp1o z{JhUCywk5V>W&u>aek*g*NOnCI7(8GPwng*_&JTohic-bSMWJ)cOJ?g7I_|S$8xqp z!e(YH*-Ea<L%x^b!x1_nltbJL`wRq+~hvL{>H5F}K!={>C)lSxlQo|xp zI#O963kcs^)2CrxoxK>S##wLGuRpZ!so7cR8l}CZoiz$`Qf+eEQCqh6WwVN8{2*Zt zeA9Z1TCK<3p^^SEl9PI@y&%8D%WG8jzAb)glK%h^m(|I@bQ7hHY$9LF+L&EfrIqzDNAeV{SinVjLF~O7TLVisQ&=8{{R7eJlej! z{{Ylq;b#ptSpNVcDpm-8)+n+60HR!GH2(l;kHFttd)H9-GaD=&Swl0eBjv;C$o~NG zsWEj$inRVL!@b^c{_)NnN>wbSsX(Z3kr@p(TP2wuvp?ZKtJ3;om%5)KW*lhq79NVZ zGH1^441ltHB(7?}loYgST0vNFum$ZJpZi0m)4P?uM&jby&u5N(c6)L68rv(18nw+@ z7LTf>Jmx>d(&fc>$EN;=tNbhc3uj4rx|2M0(*l=8hEOdv6j)5j=$g9ahA1lV)KVq8 z66MvUnTy6AvEoV*wUjJgWcG6HABV5?lgd1AyQ zwHb+R?0uupaL=6Xo2j0s$##0da)x)o=&)?zmT>G^k#yw!pAw*#JsfbbV7HZ86LY60 z7wGV6{5O4fZE-nJsVF$Tnr(mc^E`htd4sZjbs@h!6Vs`an!CHSPD-g$m@{S-YXn6%C5cT@4q942GV zk&8-2YDx`=Nk@i3_a-;?UNx@|cIJ#_>b>8`sM^x{QM!#bu4pIZ;@bOi&sFGm!mmeu zAL$WOl(28K;{G0*jB^o6X4ENM=(d?azQ_Qu4ogOtQr7Qv7S%~&InEa!=KWdcn(vD> zops7J=ZbCpSnR%jXQHZNQc6+Y#x&1!m*A~yQj3KT!VDx)R%l6^JG4sVz?|MixZW)8 zV@_FF0)ZifIgcqK076QK??6*2AlU?lLcZP2!Eab2T)Z^AAY>atH@Gv0^ zPQuWwM{=59~!`6KI(40tm@@SUQ!)2OH~K4kr6C%m7lX3tqA#@t3H zPRCZFIw!3pkXqJ*q*+BXS)F=!k$Rm%nk?gjrlDyKCbn9%Pm|k9#r}oU+(vzdr+uZ* zs@iz;d#CY76XKr&_#`74x(aLAQ*56u`k2`IJkHKuZMsFlEvTwf`Nbo01?L00BkVG2Q?R-Mc^wkP&cuKv)u3JOidk2af<(9`F{f2t$HBU>+nkI=vt)k0Cb= z0cv?6+js|y>;ga`P3&MTTm|0!;4X{U1wa-s7sQ%{hjLABU@ zBC{$X1;fHVOsH@o{$})uGGop~U7P#O0c2RKcX$ki$g2)Mu)RpJazSuEI8w#Ht1f<# z4dAjU5U-Ndut?2-W&+CEo4LK2BxJ=X4RaHgI+o%n zF*f2EG4g;?6}X3p3Q~|92%MsF#ZY?@5;9^cTMqEalbj1RDK5kFh94zuq=bt^<&v1C zB!Hj~v_5cHn2IGX!((@cOmy}YPDt!{5ZPlVf~6sWAqRWjEQ=X2H1N>lCM3iq-Jz3t z9IZf$HJ;Gf@+CdRDFm?`7<9{H!CIIA2L!x2dE{YAQc_OO%r-$4sX9n=W{V31Teg$2 zhEHjCo%ms)H6?QQ>XlRISV-lFaQS!Kk1S!-@k#>epVU{zn zi$Ne31hg`E;9{B7$eI*_oyR5_RFrrgGjZI*%lShuca~x4dGdgA|GvKCvJG2Hl0CFo0KN`Hj0lgojB8shUl@ zL^d}{WoB&036_`jJVNfnrU_LRhr*;z2g2WvCw6{qF|Wl6t#*Jbu0#niUAAuJVuKD070#8`sn-7`_HL7A@seY z>ycD1U$U#~j+Xr&Z<)~rkU(97ZZG&AL}=P+;hwn}!lYE9@}A@>)EpNE;KVT{z%>Uq z9%5BQ%a_#Pqj@BaYP zR2Tkd{?g?zD+ksqrS%!=T0Hu+i+BBq{s@y4Eq%+zMNFy?_#Qdn2ag|K{{YwiHgH{j zKsiqidmr+Ki+}n^+IV^Y0JqEguk${!@C2Xw>bIA%srY`mJqV*(Cdt%1+JOAySfu*$ z&pzwwlWh1-uT?%HKAC^$=Pe|AD2Vi`Qc|TC=#HwE^rHOHH4OyVaNpK0NPID7Oqz{C zT;%|yveG{I>|1f~4HdrRN|Ywlq_;&VAT@^jMdj)FkKv+V)AiaT2|SaqX^}RPp*56K zRVr+<^5#qOsRy_tXeRoW9^^?zOAOsg#qbPuAsMEN?3D^EaZEZ&K|Zr&h70#jm3zew z5{gO>E7$TcojFr}>)6B0Icm2FmYT(`T}>py(yQqeu2T18llN7|l>l$FSrnzm*i0mw z#|0TfJm&75W5~>z12fiPRnpr{MHJ$lKwnCS%C!Fg3V|Mx6|JaU()M-Wr5{!Jc@Sd(lPy7$=2br0y_KZ)5vS8U zBWptPq~THYJbS$T{$F|IddJa~oqNc&QL0?@_xLCJpC5G-tDQya{x&lgQ1dNbDLfKo z3DX%ef!!!TWT1K^0Uh1Fl?zyO(vCl`Gp5tDO*=-V?Coi&uf6EEZQo%;6sJk1RdNE(|WR`r9zRDCRKL{D+ zatD}Z%poTGvS&h6{{Wj(PrPOM8f{tU#kOlZbkzI}MkZ=y{3c-1)|N_og@}GXW2NRY zVxqNaC;W@?kr~H~W&Z%Azs6wo4>@J*bEMe=EMb-Ab!HDE5l$y3LX+VtZCRNtIkEDw zvyWJtcvOYeX|=O!A7PEBT3l1tF6+)XjQVe1cKwkNlO_B0 zFGDu0@pTV@c2dL8ytA1kq_(^^Kn^=p$tU{3UR^V%FIG`{{rZ32{DtWkMrU<@ta)>% z2^wVLShT5ivjJ@s$yT}Q9->fL9-u^C-zz&Rwcqfj*T;qTn%@v=aMCnt*K&C2i)-Tc zUwQhKipaxNK&&QRB&5-%Sd}i5!X6lu63Iq}VgLX$Gg>^Zo_Ut}=k-2Ow(%CFX{kc~ zg-05Zc~V)$c=uZRAZ>n$V1HnCSuGIZ`KN1|>?H;LnEC$?O^Sm5-Pqr;fAHGv?% zzR{1B*!gQ#x1E*UN)MQ}zRjQBzQZFIQ4+BBEPl*?q!Ha5)`d}i*I9a)$|M&Gw{s4W z(n+?8r!7Rg?qI@ZEk@HZ<`TdI%v!iHCBUlEPNEY9DDeMD4Voq;30SrJJKw`GS02@T) zSCSpasJuZ3OVMmk62UY4yk`rmT#AZnX{J=f07xY*aBN4Rj(^25jP!no!)xe zT|R~9(lU)$<$D?D?T_`g=g@g?t+aTCiY(tLG?VOsScIPmf8PDit-W}UHmPFNeaDoK zzHdA^TG@5mwBYuaW}6*5FgR7yvDy@5 zlO9qOqveKJ7EK`6Vz^FUpqYzfc$GaRG?Z$cQBycemVw-p4H|Nsl7h)hY1O!>snSkT zd?d2ZA?gRlEk!w*gmjY!mp)-h0~y57p(P67qEIPZ&vg`zSwc6q{vVxceRbX!mvgVM z@Fm4~drSFru6kDQ=J-p~cknz@Fyh&hAI9fndABgl#OvzTCR9~Tkt$QT14>aT2}no) z0b+ZSZyt-``gG{ns&v*8etGggJ3rEL#@9~zOqDBji2FD{#dF_|OjQ)Ahz)o4% zw7_f(NWv(&-T)@2`Hi3e>L8F$7KTY+0v)dm0du?n5Ty$|00u3z1U!b$e<%Skqi2AT zoEtm<4omic0yeY&LEP|Q0&@M}0zf*;ApqFGSh0YHd%!$-0RZm-Vq~-f$C4H{FcvOA zb!lB@$5VtU;s8C2lz*`;# z-sU0Tx+su^ky&Jby&xzCFb5O+LN0F( zN_Z7OUfb;e>4;LGVbjRnK#3(himR!;B2&R42C#ohc@Z%?fxrq;B zv4)G-aV8*q-*{daWZT%SX-N(^H~eD7xoUYU33X{E#Jl>#rLiSzXDK23LnncvEXFBG zW_WVc@>W9<9?ZraJd!C%00Dmfu>D&N)wx>b>Mrg5A%{-_1n@%_*zpY(Sf#Lw@`8hY z?G`37-3qbZ?-oV&9X*QF0)cJBI(QvC3a}Iy28UaYBK~6y7uaOLQ1&)DZw}r@D^fyb zl1{^s44z3_gF;9kn-LNmF%$?4PqaFDEr<$r20i(S7($W@6SM%fWotT;p5(K@SSpmx zmh^{PlA;2#NG-5vkj6G66qh0;JPoq}0GDW07L9vRc!)z(_< zmn`P7%+-lh%hN~&{dyvqqPfcaKzRSBz6ll2bnn zLY6@bnxbE`h}y=BPbuLZNh;paxlLuh<_xOCOr%Ug&y@K?y9mkY$}wjSaRiV@XTe(NF5jx52&F!;eF>$~o&T=R{3T6J0Ou6wUUU zLo^wZpJyAfV#k&}qmI?Is`^~lR`Hh)%=)*&J~Pw2V`S@FCmBZ_QGBQPKasSU08wbw z=OR)-YkEe|)3ug*KSpsB zo{)7oOi0!Gs(~p`;p$WjYV|#??Z3SL03(a>TgI!WMnBH~00NwwoN}%i@XMO=eMTmc zi(+}2f_*g}g6oqiQuQtN0o2g~d9k zvl*$$l=%u|$wLgL#3o`ArHNxus9dy5QnhZ{P@6_;r%qQs+aC5Y_qX|*1!G73V=K&i z(vM5{XC{WSQ7F|di0mTh?#$>@_l}dOlIbckZbGV&T!qa}T$v`KQWgo4Q(aMI09_=7 zB;SJ+(CYTpV%Ev6{Pr}~)Flhcme(?0;bulJONG;PK7zVcG`}8hV3;S=k>^-Ulz@_Z z0!f98rTc5&Zj+m-TD$Qxrr)}uoPCC$CD)~RCOnYf8VO9>{{Y4%Moq@*K945a>8VPe z_rD|PkI}7?>8m=Kk98vvrwWyWVZxS?Ky5yuM^PT4S`-hY!QMH472W>;veUPV-fu79 zzs&KkrhR61`b8TWPkN6nFD3qG*qE&`r=O)00ZNdSB#&2)Qk=T5kDYAqmCPFcQ-|v` zuzE|F*aCl6gSY(bxXPpN*Mwi0?jJ#ullnuo#~n33=p9{WpAejtb2WeVj9}B+CyjWb zPyKapzqc>MyBGm7=wFI>cyi7!LYn=)x5UC!&BzV}TF#zTFvVJplHSoNWW%XEl&Q_n zc7{s^E2*%m7BMCrNj4!37IrZuG7+hVV+|7;to8v6PnFx4V-3mV3SN}~+_W2zo;e&M zVUj15GD`GT&F0`b}ihi^CWf4-nHuO<;-&0G8SeZIT|~ zXFPrp0`#2^O2(YqHqZWKvw!ah(0G~u0J|go@6`Hl{T0@Jk{|wz{{Y1k&?*8{RFFt= zS@@1Kr={$El2cn5xobJ*9G@_ZCcjjL7hN3kRViM<-6xk#{q~A#P@`FHxAQPB^m|+N znJi1qbMx~(A1d`Jn$IX{B!@q79+!!tin^RH7e1maoK7hOq2%~EMnG{};Ff>^LW#9dvxrB%;_cB7WFOFQo(e z#^*wKwQJY%N96bVS1)DssU-gZ{8aw_qP`!#@w;3fHLe6&h$qq{Z0&$ROh*X}#w9F_ zMr)gq6P#=V5Z{C_5PYrb@BlsF0swT}^8gY8F}^~TX$;U3M4ctt02m!f_kaQ{8UQBZ z03mj?00$s|L<2-H4!nr>Z%7Lw_rO}u>j7fq3QpjkXbTr4YrF-Ek^)G+{h%C&X7Abp z#jzXA@E1pYz(XORE`SPjmj`GImmyV)`arfXk6~T+5E)Qno7nbe2xf}g!IcM) zDOy}KE8NM4C2Qg!%0yCF3&2{1T3w66K1)^!ig z89WkHP{8Ws@eZB~6WFd~qL(fR?G`37ViezIv^sehNr52+hc68rj+m=TijBYrZ&EYJ&CECpaz_vn zo&+QjxMy*AbjuWws!1+D+9Yu_gpuXm0#n?q%Q_y>D`r`p#ZYD*ko=5*Ie;1qhGu|- zh>(->2nl|GP#b(cy!)@XlCA4|3#G-u>9<;ScTTF~zhM@w1gW>#_>0oQ zHM#Q}3!gD7T&ZLv>1|35!U-jV9(^lvoNGAcEQy8B$Mc>eB9@w3NlK@zBtNHf>ACF} zQMRphKAK3wQN8 zZHYD2sHIJ41r|#w8k1}P08tju{{V^de}Up(PFv^}{{Z@r{3EO}Svmq0DBuB54HPrzq@pA>t{WmI$e^wpF(MKZW5KvN?M+_Nz*z> z{uKeYp>gRMwt9`tl(SA-d3I$~E~{G9>Vy40XMuGi;fpP0X2XK2UGG zfbKm~{=i3HWv$xXu9; zi=y9g`j!PzWfT0Ng?xca0p0zc0t|VnT2ddsc!bc=`pD?3>A(6TlUSfahBq-k`y@si z%e-sQ)v5mgza<~+FYz00t;nZd7m?)4mJ<0kKu~7Xd|CH~(8o;oOLj%IGB}%5nku4SSLTx!HR-^;$ zVyd*^T2YkN@#E%duPkU?*QHvb_o?R}GX`9fDp*QX-nZTz$i2mPHq<#zy00p)H451R zo>^K}g+8R|)BM~u;at+Hq0-)bj-H2wrE#K4{nSY=*yPp}%a{YO3Svvz7~^F69_H4I zCeEm$7_KWd6cnmrne|)DZV-*t{Jmi%RYmlz*{QFn#x*)%vfuT&PGrX9RONX&Cks&+ ze2S&irE}6eRZLPsNw&d~EajhgwuQg%J*?jN;TmdMdzI_FtF)TO$m+fx{ug?;)w+B| z8E+3=6$I2J2*vR^YL`q(W+6&IQypp-vO(-w;~P-atSsY+Jj=;F*TmEKlf+t9i%Jf( z{p9n7&OamVZ-@Sf;eQU@JUKRt6kUB?MM|piI@L??#OcH(K2*6WNJ>Bf$>i@Id#PSa zP`gzc!b=HybNHV*_^(?30JM6OyOP375nfC6$>^A*)vLfS{)cbEF{$CR$8<@)s;kw0 z2NTurH%l`TUwk>4{{ZJv8McczP+q6d-$3*K0Qnx(dQ|@a0n`;0)UIJWsbv2E)-i!i z<~clr#f#bN_eu7tCH6LCV}ICC{{Ybu`3QKXju%3I?X{n&uTUfwJjJVnqm;;^<>A)` z9ZBG=N(bH8>c|=ez^oNSv#B2LB4oq>bofp4a8IN&gq%IxXVlwU=@jEr{iiD(kyJ?9$S4^~3Vsb(P%DiRCb!shUNFU31RG0AX zVAZm;)Rdzb^tHcNnG;=1kdG2zK$u!yzbl>t_uk%+?k@*7Q%SszdSc!=FG7UGg-b3J z9V!LEgpzAxRMs8^U6pYN)&X*KohnJ0nx~Lis1`^4bjLa3e62nY`(KkjoBsesRsR6; z9Y_BFkw5W7?o~ACa$nTPB7T%cJCvzzToL%e(~{ntEzDePTChs7Z}_tR0PL7(FMT3m z6#$(_w2jlPSute3CkkIAp}wR!qefBG>00Ng8TAT`=IFyQ&3 z90Y(8Z5OTvd^R?%=^0D#PUKmisI001sb075PgXaN&YVtYVXw+scVW)eXS>j7f(AhF$` z91KYf0bvb;`m_a!u0Y23XB)s+5Oxjq?*VL9!mH#h0d#l)AgSOlk0DVSK;{D?9fVN{ z{{Un|;K+#q1h=Fil}rmZ`ov3vCITwqp$w>Z6oQf*@etk&m=L6Z<{`Y7AQ)2k@&j|E z7=&LGDc^V-*uE$Y2xLJFQd+_TB`t}d@?l%Z=`tt;h%&~)KFVRI>mMqgYmj=t1W*PH z;Fp0I1cu%pD4gxEsz@$cB$dGwkXZV}<&B&PU|obVWTx^%b9j-{E7HswA1HB4kY8tp zOa&?PIUdmCCLw*u`uB;;A2<+))FGnt$oWNc5>Q)%6Py#A3l=6aWGM%64w%Wjm8}XU z!($Ad3t}pel9;hKfwELm#{G;s+;qx_BE%OE>E#WUDuvIN@`g-kzcQtv?w-vSCRmwL z(gI&ee^{|LiA+*~@{d-AOmy}YNPB?CW{Dmwsc07jZ_lh)n8FZJRF`qMv^-u|@ocP; z;3+Kp!zNi4#8?bPu5A`BOB2ajrIK|dZM-B;8q8yzlG%!-+YeyN-h zO&~5}(N?9hgvPM;jCz#ZC)T(0Ic;A@S9NmZl+5e{KhxICH2H;Tl%XrhF#^gXxbGPq z4dbV|!|NUksTb`ncU{rK^&{ffFW@xw7-vl|#bULxP@z>_H3c#$4%g*n{e*9AbRMZj zR}$%6lJ0QTG`g^#MNN;HbGCEMdH(<$Rx_M)6zbWobRlZ;Aa+W2Om;Tbw)V@WoN#R| ztm#|9w2bvpnbrDsy5cQ$<&`Xgi@ zFFm0y+UW@OviJ3mJo-(4ySDkCMtu%LqQ>LmkFV=c5kE=o9#sXC+GQ-FvGR{-d?OO0 zVkibt=ZKRP@+8Fsf*f5i5G0$SLHFD75pBB7W$|$FxUd4yH0P zr!54Osk<@SB{>wiw3)(nFQGXrsRec7pY?VotNpr_API-G#8@xh$JRG?8pXw%N&C_A zf2p5gtk$%a8|sgfK6>g$NORXrCu+wq(@{cJ((yV#S18`vwkSS|1JU=6&d*b{zF4O5 zFDK9WorRvMXL_+tTlqeJ%;hCjOIdACcHT47P2n3HWV{BtUhp@88+jILM~2>(f9*xOW)!a9_P_R{%0Ead3G1FEGfmftm0Opjr7^nj)KqPnU)Jo^SiEW9 z^+@qTkfbK=;>Waft%)fGGW3mI_9K`=i9CuzH0x0fxg_ls$v#n!Hj>GFye}2R=tQ$n zY4GGN)jFbaM3A621MjJu z)-}?>3BKr-Y(2}LXq6h3pOW-6QjOKrx~J~N@|Wstx_{H|t99owu7f7v^;n$UL+y3T zTS}$`urnqogrs&3<*W|T6>co_`fgPkUQ4_98tp?-(zH4bb>yPH_wZkt^_N7x0Qz^3 zQ%#R`E_yRACXf_qr%V3;F_5e6FL|xqY(IoYAE@|_=DuM^-H+bS7V#g_HQnB6Sgwfq z{{RzTf<5gs6HhHP(o&R5lz^F1&@`nWYycJm&_^_52maL&u(JOE z#zW$L7xWD!{{Z_Q)8SM6DC(2*5;-dVajc{D4y@`SxEEqsw^ojM0}c{L3PhauJA7NvTYkss%_B5S8g9S;nTfXxCMy=~Qs? zXDeQlx44xy{;S8>c0DOt6Pc&!QIgMXK~E{UA+A z;kq+R?TOdUs7eV6Q1*SVXyjvtewNcpTcLH9cl@E!SuMgS#g+ySR$c!9&1QeuF!1{5 zAisSdiu_L;!pH2A2kwTBhq65)vR!ZHZD}}H zYJ0tmZlS^Rq*mJysYTdZ+Aqo{3@HEy9KyZETL)`Gj7B}7(gC!j8^nPDWtad9A>1Ay z0v5A&fB^uHDUtz`$i+TguJ95At+qde05B?hhyXAFAOb)HVY5J45?$}w0>TD7{a`GM z_d*)vhzk=X#@urOU^flx0Q+Eph%dwgrVWFQ#?TkV>_QHZ8UpC>O(7xK++09k9ze0Q z1@Yww!tc)U4}&HoM{@{dLGCFhn2B&@LxD)NA(u>2qN4n93nMBx3W#eSZwg%%kyK5~ zz+}f^Qa3O7L~x6uDens2=0sNG5qk}UE6z-)Af%EU#664G0fj6?&<)@jBkYg^IT7-? z_K#2tJ%j@-!V5qGsUU_HfN1g}hLX-9lNc%*OFS?YtT_2w)+KTP<>AKa0_?}u0n@;X zaE54gx+Oe=kM&`bz{O=Q8R5q25okN`AQ>o=)X(Wyfgi6=|b}AvgBE-uR z74;VfZQ;|%>Ey0rLlm8zq0nX7W^0I$Do`PmQUN`TI(aONiqr~&H{N%LOmy-p!+FZD4xR^( zB}zyoo7x<7#Vo54#4=@x;6(r!@qJNjcpRvuNxN+fo(7MQs{zOg7xjx4#jz_RK!2f! zC%y$G-`*WD)9eM3vPc{H#F8({EzCN30=4;NyX_3QEL;kAX5rz$fFuNvcG>~Tjnqef zNCsSiY!nF(W`J=53P>*wo=I;ak>+n$l2gGM(EXq%xB^HP?Jm#n5?tSZaV4Ga*E6H7aFAd1$@~QHPY(jf(*IRg91IcFj1SF zb2WxnZl_+KT;qcdP9V8OXK+Dwvj&XVQ}>WnwoVNBwtjD_p-we`QX@&M#HSTadz5N6 zXzyuT#(vIkl#$~)m85E3&Tq`q6q<#p33A|SF2qK57BXT~q`FLuXAnjuUT30?T{ulT zWuQqmIzu`2F;zHpEN3PQq@vHO{{TcmBg`e3VU`R=p@6lfyzTQrN|~ytcEZ z>Q$0SdAt@%kv3eT;t~z4`v>MS>C@?#Tj3uy{U-RPhl^^_)3n&SiZX4r=Y+Ax=0Av) z60qQtU_?;}VK%rvhtX{+>E0cq3i~)yihn4g#gb+v1v@pqkX$TV!_e?gqX~8R+VV?| znZLG22k{Dx85)$6fAWff{a$Qr{5u?9yniD;y6_+T@~{4lPw=C;mY@R!n&^wkcZ+!*rO=Oj(9aOr=xQ%1p#8GNsH&DNyV| z+(V~0yvJrxt49aLqXPX7R5q@KScGoN_9EHgG7oh^L%H5~?*L}wr_UT0a*NYuuiH*NSa zg0udxdu`MCnu#ebZd1nH3-L4h!jUS2r)sbY$yEOU{{Rs`{32{0zjD8|{{Xfn+FRP` z`uoEQkyjJ5~yr^9H1@Yw_-{yw=FW^LJ3QB%BWd!|O4OMt_!`mYzvk zfNg?6WP$h%>><*lZBMRkCFcJCt=U~!+3ECMTC!0~miYd@2hx2C{T>wxRW@Yno+IVd znTgBzeBYS3I%iHCZVFL<;}Op49wdZQg|FKG03>;Dh`y63(f!t%v;C*X$sbc?yt9>Z zZVxK~$~YA!8%0i?GHEE}1R*VFVYxh=%yKoZt5=(qN0;h&wxO!uYE_*}iMc;hC36nV zykj=mr>QlZl}wmel0ody$uwckX%tke_6jY!Px6bF#wBUy58!6vsdY%d`T-9}^9>4L zy|4Z6)Z;p*<>|gYKk^~}0KG(K*=>6diS%#KE6>tJoAjyv6m?(?N>D$1oxNjMM`#{F z<5_>+d)5B{n?La~>}&fP5!zSu5o9?yO&Wjgb$%uY*uT;*#@RQHdjOX&4!1Ds%YB8I z91nQ47_y$lN(IfK%z4f3AsYP}9v@o*Q@GnR3kU+M&TdMJwkF z31uEP0tZe>W$Dnw>Kd?vwn(h>nM| zN0#dTAJlZ2ziS86=C@49QBVa$GJWF2k)V{i7Um{k%~^LRVG74Hb~Pr7j$h3>re=^! zYzN*xfywO`QiSSHrkrx$k%uT%x}QW7Z_xSIs{a5PxW+X(cvngA#NpKMq~kSmQmTo8 z$nqoQK=oFm=#w1{rjOI_S9yL$>f6KW3$E$q^N!y$#qmT|RSK+c8?C6TtgP`2+Pamh zWZA45>QN6e#d>c69J^ri6!hvf@D5ySSH9D7Bz zRqKtTHQSW?Wa(&eI!s1FYcTqOH3}YUvXFZyaU9iKO7^u~I;$8y?C^h&d@JLP%63@LIA)lB#Kg*y%Abg6caMf5nD8*W!5=9X$!BmI=Ouu=+CjCvmA0lkg_$%nr%i8Mq3N;$cX|3lk zB%{v$Zwt+tW_tWGibQDyU26_Yb{s~1D;iMU?$6ENr2hc)sqvqUob5D+`z5o=_h0WM zzqKygc8|j?0!*dQdO>NI<;iwC(C=c@qNoe^#B>J@skyVGD#q| z_ud`uNI+oFCxK*3@{|hVT$x0!Wm(CHQ~{Ly&tw1b}4w5SJh}!rrhJM1eX}zQzIL$peS9 z1432Y$%g=TcnpYgDvQ6lgl{HXI2BIE%68qN45)AgL%*uiso&+g=JAwg%0llClCViBIk{P{YTU3-Jr`PQXGh|l)%OAEe2TPG1XyayfR~^ zfTV>6N&F$xBvKRsL;i5&tmHzT!-xmV5kVz7fxE+}k<%(uxo@m8Wak7u$9Qzh6WmpS zq}m@iL*)pdHImTjj+s)>Kn$K@#mLE(sVZY`VbdNw2&9pAzi52qlC}jQCwII&S!$75 z_g10C(PCqj%oi50;kJj188He80f)Rg_;7;^O4HP7Hc_ZboMMvsX-|PB(?X6 zT#lL$qy;!HZH!u2xDse|h8)9;o&;J-ijr*24w&hP$p=b{y~FVj9!E_GwEfUFhfQRW z07=|?!>5tg0+gFw%WnZ7P`enmEOo(J*(JrT#6EIJr79Z+fPCkH6jG209*`0%aChb4 z9Wf1<3y$$A;gSwYj52AHu&;J_k-!RvJlX)l3!d-*s|R=hM>{0m5tD{_f5j-%m2j0z zmUMo(LS{_T;Rz{FbJ#~iph_{VH=XcvUMzBso7EMZKZ)iTo=crBo^?egBO+|7WCbX` zok4*lciet4yoRY2H5tLIo>fCvqf%Wp78%PdifR5bR8EBkaN8fwHrVS}H%=bXmd}#B zUa$P1#U^4%p_58xf1;-cNV6aDjN3^2D5Ty+r$^aQ>2ExrCgb5!vC81&kG4$n9#yEv zq+4%7Eb(ncHFGbCn}AEfRY{6Z$16;kk|;G$OG~`z+L8iKrjnx*Rn|@ln$BMSiyx_| zxNj>40_ICpu%H+yF$Z*rA0{;7l0LWn5%Z)-tj}~oM3eR+;O-h_{{SfS52UzCR4t_Z z<@hi2J*ViIH$vxcBkUT9f@Jcm3vnJF&I(pR@~3_xQf$JlRurR|K0fb>bv72c zgesuu3gePJq2o=px#b=x`cBg{j;dDQy{Y85Pt}vPT@5yQ)}!OU9C+gDcDhXmN|V{OyWh@DB)v+J zBB?V1=K_@O9J%_o(M4Ap%cU$O_npsyJOw`q%2zivdg{$#F z?XGKI)?GAJDv8PQmX;Fp&!$gCnJ}o8+*#XZj&?D`ndFmesg)IJ+{LMEV^nxz9c`)1 zJXev4C&>Z(z`Mn`G3LZj*2(T1m~1l^rZ6E;NnvB@5~5;Bn7G~IYDxTdBe=MXnl)=spIjap6mIKVRaGg;rn{rW`kU~onPO%s(<-$nu`0srCO4)H;OU!85Ky!bojzyZ{gKsXSt)sxS-H(w{{S;} z0}!Q^h|HN)IVhJRhK`b)B@)t+r84EpmI6ci2T|S3Rc~cR+74@M?%VxMWjksXac)oI z+3ejE{U6!yI~h3t09R_}<@_ydudqu1*G*31*G!lGAXRUdnAG3+iqhG1Tduh-{g>)+ zejxfm(=^yhm8L3B)9SCEf57^`r+p^rzeuoSf%N+sD zfCO>38im!|`s&Ls?q39WuCd}BPg<+jaXhZeviL3y)YYhgrC*F;Hs2>TQfY~-Boa?C z1{CTrDquGz8Y^=Sr9@P{qU4Qy>TFX`UP{CL(+`b|YLk5u_!|sRzk)&k06-vuc|6-f zmTFgT`M*<&>bw5{!LB`f{fvL_W&Z$-XV|RX!1_n%2j2QewfIl`DC=S()vjR zxF3bgJvQYInv3;2YA|&vN;SFR7;|w7>6M1MVu_v(tw=0EBHBpp2eXQJiCpMYoj+wY zl>2ruI-T(!n7Un%(}>E$q*m3iR{jTSxPi{{q@kfKK zV=rw%^epa|e*XX?=WNHGGlx@i1guj(W~uXnlu~Lci^`CWd^8U#MXUo{-JwE#QmINCDq6_@0C5XC5UQ~ylx*}}dt30%qZ{oi;#6vF4flYJz&2tw<^f(q0Lh>N z#NGmPkf(5?v;as6T#?iDfU#^8m%H1SfU$A{dq7>v*epy1i-I^%8ekqglW(BB1({d} zA_C}PAP{u0-JmUp1l`+s42bdtHMGJ!;K_np3SEgGSc4)UNCZCc84z2FqB!prnQ-7$ z6x?$GlL0t{cru`Zr43IIWJL=wxVLyl_b-SE^00xtnNcD@2k8pUr(14WfgvdVadTcOivLV}}i(8=I&7KN8BygvgXrKQf5521?_&gF@+vVttAbjAXb z0$fAoj~NuLETelA?+%^|6Ukc8q>D9+h;-UxC%B4bjY;Y8^b0)2(DzZr~IMQz+_MW0Ji0}iRxshfhI9g1bRabxD3 zz&TpfZW<;$lDQOJj5y(d010v+04&*{0Tev2kCBrpsidQ>r&T3%giV&PLgmarP*C*- z8l6efmsDOE6M~wQ}kdymlY>|+7Ovh8}X+{uQ_rl<-&S%_io4#ay$X--t?Q|qTJqgivO z*06_6md3{`;CLNcYE_P6vnf!S1j#Zb1*uBx-MJ&}%jz+3+$l8~hOaA0 z%N3ZuD?VJgSagg%3oA_GUsjL~pvP}W$(2~RMyIq;isio}R|;2G^Hi;(f9*$sDV%S|ORnaZ|H7YorPset)kZ`nJbMx)~XQgO=Mz=K_ zYU(W|&r0X!eR0zsl62#t*?8rSn`Mf8Hk7fPWx1I-U%fGEB}+b}`!soesi|J-_1$Zk zW%lx41KBjaGS5l2RA@m(FY9xCE==09s!-CC_s-w#jdG^sa~>%1?t|f~Z`)K-pJ=DM zFYzcaz&ul`Vc6+9zJq}lCkUQ9El0;+Nf$Dsr_*$(K6n1Ju@zTYR!SwINJ@>-El#Bm zQ~v(|Sf75P$=uj@3&LInwO6|3bt;~?#(a|H`WDKQDpE?P>C^NH9_OEL=M143Zq8F* z`dZXAIlVi>bR1&#Qc3kS+X-yH5-PTA@uHeumJCXUpP(Ea#~z9FpN zRv$+)evS4ud5<<_%$bL;7|l53nrUBoQ|17rmaqeL6W9Vz0xY9xRDT; z-Iv9i`m)fxJua&4TvuPg7w#whr|IO4hEM6XQOHT1QG!w~Wo1YoZp5pX;?-2G{%Mm9 z&-X(Cz>Eu>Lgx1hPu=qDb2`U~bxmqmt1g;rh{tHJk-V8TMMu||$5Fw|w1qnYOjwd= z#jFKQ^63WqLoJL~z>2dmT2t?heRDN~j_ z*JtrBu-9+&n!R)?W6gGd6UI7&@WYQ~c}v7{Wm>UXM2A%}(gj4Z*@c!pujw5%j=4&- zlCAE)KF{<$8%FWREN_rDcik!29ikwi(0)8=El&+zF z-8)N9qCmGQ-Z>pZS-ih^oUtDz!Q#Fm@rJLhOQuulr~Iprx0ZLyoK%uDHy+WZerF3& z@0KE#tAcikPbMtt;8LPP7!iR|sH6iHVIvB4Spong!=z$PO_j__k}tEvM8T;o$|l?? zCy@?QDK3_5F%jjEKjs8Xc|6<0^I5L{0JZ*S8P$}Z_%z3xnp6+{thm_NNBy!7)cRlj zAE*BS@-?@@f8j@8F${u*3#U-GylSoZZ1F!EO+OauANtil#>|YvCU4m2D!eifWU)~j z77=Vc={y`pmsT;msGH=~r7j6Y$Ty3bxpQ2S$7po0Q#Y0ZkXhoy@?lGX6=#Od!m_m} z_8Uc%ez7#3W_f;dtTegqww}I6k4Zbj@g#uD2g3}co(OG=MqE0S+l$=#%joWxSA%VO zc4^Q2MzURQU%;15Q$mzi%a{}^u<7#1XRuSVzvB-nRj9Ywt{L7+6|SJ;Et=t)>WVr_ zb^VVIpE7MK+ETA6gKB40EDM_aJLgC6QtDGD^#&$0@x2N=S)lDW`q}Ip?n3+K( zOod%t<7J`JP`i`K#rU=got$yqo>7L3B3)dGSY8W=V^s@7OA}L~Ot1)b0=qEu2YBin zu(xNMRHa?hZcCV|x({qX|hi zG$Bi(5_`NAqXbqXfiDzZEli&cH3n3<gmYO=okLC|~~oK#24E)W2=1@n?i;G3nGRFYQ0X=u#O`O4%5VwmS#}ZKf3d z=&_AzEq&iq3N#_9|7Jed0Pb{1~12Q(y2Vk(h-~t4P1GsdUQ zeM1O-Ng*1G?F|xBz^kw@!bk$(1b^4w#XJQ3Potm}rgE1_HtzJPw}1DJMv4 zx!x>WG0N8^+=G8uu|4uUco9QOIBQ(PXCw6@wIF~?yF;h81{FzX1|Nnpcq>{#Vz16D zOtn0fDqod@0`TOOs5vQzTo$Pnl<5pOH;W?jhg+499Fb=`7<9&qOhpw7gu9+0)4^m| zgn4xx;rT63B~wTE!=aPFhUj7M4-wPuBZ863@X=~{ED=d!L+l9i6m7gN|+Z1Xa?#+tP-6YKG5lHkdGy6b|8cJ!{=ewA}h_$v_g0tY{V%cly6+_n_rS@O=OY^ zzRfta#9M+aqxeT%VXx4v;~MLw`fzer`V3rT=ySfu&wUU08|xQTu}a)uJYn-P&JR&o zu!@?gWK~Q7WW2e1x2bQecDMd5(yVRc3UAs?E<1l-hmG6)A8LBl)TedsLBE?v*xerJ zFG{)-g?)o0Wz;6EXbGvrs#C72ppI6vf1qI=ZK>;;makJarSA5M*&er}cxO$~s3=?0 zOB}xJ?9!TwqSEEN1}BfHjZbnlzYu929;4THQAg94_7Qk}EiAtps&@No9#{154b>Q< z#Ixbot}e9#tq}CCztc=V$@BUIYly5WrOmlk1_NBZS;k5b2t7U`X#f|{{Y@T zB(0XW!9w(#JZGEo80#Padc@#Z!LqwUrW{+Z7NehQ+ZIrAAxvDFA4cKe`{eF^gYNt2NP2-H)Nq>V74=x}*C&v{f2k z%O3u%^54%Mheo-jWECiq*Hw&baNj2*EH{=`pme|DOgczMz=cT!fp@uwNW`fnkrYC? z{9)GH7}I$XQ-Vj$4x-tOQc66PiJ@~ukToerz!4d7w{lrH?R&+#R*6OXNoHM=-GNi2 z%BVEciI*@ar72qgw&We5{ew~JTpBGO#~N0zKW3%VFDJ1Ur6j2*VRPvV()*o6s={kA zVik)JuJI{g!JM}f03H5 zsMKFfY|kgSv67RNIS=YQGZvProV_$6V7lq179-dl zq8&-nc&ff-5WTN&?$zCSnyR{LnmOJDWTi`3EK;CH{r><+$c`kl9u0&pAyz#}m5@PV zA(CxmR`Nq|(Bd|cROw-zUz9X{u)TdU$>-Vs04L&evDx^~fVtGOkdHkvDqND3u_{YB z9;tY_N^z5GgXv$RKN|RbXmoVS^^_~c%V)BAd02cLZYf1K4Vr;6e7WgTHA|ZzV5Eon zNqzZ?qfu1d9@P(fwhQR!mOLf-E_@L;Jv|DA!Qz%Bn_AsptOy z8rY5#m^xuiRYinKpjvCG(LPk7SxO0*3daB)+BVu9Dbl)^RI`(g@m(gYqWym(%_dF9 z(^WxNh}9=AQmTN>Bb`y@S#bx~24Qrz;DDsj(3>X)g^R8`Z>sKhH# zHgS>qz^oaTT|i*PMNV&jShg^qQo`KJlw_j?B(jmxbo-_~N$T9i;8_m{6%=wDezBUM zig_ht%<~FK-|nQ6dqzF=)uoTWRr}sXt5DT+?JpC$nvbXPKY~8!$k~2oP{>#wP@PmK z&BE}SYDu%w7)(^TNkLG42?jjster~Io-vl$;g@xzadkSeSW<1TnX)$x3Q!W-i6p>7 z;3?9BZqNuRAO|o30*3wI0y{JEU?n^dmJa~Q zMQbD>&=L;N3`Y*o07`%t?*R?qFLUbwAR(XvHJ$(=4FMfN8-{>Z@&>l33F_M+`_1V9 zV>^(giymMhtPGOC7dL<~7vItVOSw5{2V0;p15g)$17KV00O{m|cnhJhcCbG17bma{ zzX%732QUm5343nv779bF+5+T2T$2HOI3ki&v<6I2pj;SP84y{(AxxN{DPcQ^45*co z0CN?YaTimPK;j|rWkC_xpJ+oS3FKWs0I$j-Tp2N0La4cTLiiEumQrIjE3yVNs*dus`@H9(3Z2~M=KF3Hb1bnD{nlOEVfB^sifYwY-SO}s5w37_D z8Dj#eJ1~hDSOA0rxPWBJ^r&tjlP4*FfJ9DFAW{>kvEn2IDM{Q0iwk1bMN&du+_Xw# zWdXT|PsozBZhhg?B{5VE;6#oimt}n+qV^pX{qO~NUOys;+nCX?2mv+0nSeasCsVcc{E#4h5vWmbdHy=op@WxL7Q7l+< zzoSKi0D$Cx;hCTUwI_|58aW?fRF$zmNMV;EC^EG*n`j3sSCuSBv3RfrE*=5nz>0Tc zzc3b{M6N)Fz{6z#pp^W^72p6=Qb~A#0Z>uDXa-ppYiaW~{J>6ADk%innk6R4c?wG@ ziks{8hUssDsinwD{AQK|ldx@vZ%Do!Mxy@!P_ff!y4N#NitgH9XP?NvRTPl(DrNvV z2~~jgF@9qex#F7l(tXA4M`@x#%1>^rXTCN_6LEwT>7bI}51nZmQauMg@mrLn_SnbK zK8v*-ZlcsR>bQ^AYdih?6n&DasYZ15C=y&PNo#r!`@XR1o;Q;>ny-%hE8vS)Wuj73 zsphvy@tm$%U=r!ho0V)sxj$dmP|h$GJZ6VKL8%kPogjDOxrayV>)bvQ(QT?M*pR%Xfb0_dz{zX(hE2_uqQ;+py82xcl z3(CS!f|?3{K`j3OXh-iY{Q!xrsX~hOR?7>|yEWIIDuul#Z>7W8$Go2Ne?Q^*9el!5 zEiz?*5P_u$O@ct!4#G7Vl%<&*O-agfa+Awq7IUV-uXs2plMu6ulWt;g%y~&NnX3Z9 zTSKUr@@!8M+q^tsmSWCPif&H@b0;EFo?`gR$#T)BQ>FiQ$k_C3TpqM*IQOI8Y&HAZ zpwfJ2sOeJnbst>H1%Y^!;WTp)LET zvtOxXz(NYUdc_zvQmC3KE7V+u9EfET2CYSswGeh3c85y_zO2fpU-63~jb&+LIV&qz z4Q;oJlJYdw<|B{*2WWNbY3o#7$ztykYbwt?0ah&hc7Vg2@KjeaV$mi-6uF94lpzT! zDm{P~F>+CidYjn9eRXD`1(x_rcK#lJBhz|q@XeX=^&=I}YhD#VSwf%wQ#5-Y?8m9U zr!mcHUMRP<%q>@3y!$WI^xq797U~+Lm3>Dv>Hh#P@xQldua5pk^FDkl%qy9QblVaI zIvin@%kvW3B4>X^53FKo{wvE+yI(ci;*GzFzK3%cTS%TTzNEL$!cRN=e$;seFNNb- zcM)C>m@ujIbyCYNMNGXa_Z`Qmw02hYsNB+3DaknbpFiq$8jg>0?e6KgNp@==KUM0s z^(X^UT|~2XjFh6$f~qMlO|3O<6O2;R;n!1TzYA8Wl9l1ODOv@iDwSx@V{dD!TU|#K<%ivH&SxLWcuqHo zCmTgYMjeYG4J#VMmJ>WAeaV2jXQTKQ73rsVn~NHE3#t#MUWc!EPw8`7&}d6d)FB(Y zDPc;LRn^CMw(}S8$Hc{#oAVw}r%CE11gZ2$va=QwA!b1JsFCKGPwJ%WmNzO!(T=NE zwfAloeNoa~cn86rKc??I9dqofHJ58yr6n%voVaVrKBwC!LrYghh)9)*VYSGbg`_H; zu9k36P$9uelVUxs8PJp}!!UVF@V$4#x`vT+D_ug2snm}#lEYuunY2zaDkOcIFw*^| zP#@c&ETsC7E)S@RogSHHo5S)s3YJx<%dV5oI~etOc`B4Ea9XidC076uslJv!m$W=< zzpGJUlvC8B)zMjWvsyt4DIkIk!5c}Pn5`{QAd@VI4)5}o*dL@^oL|KHOT%6~@c#gdAsE`!>8Xw3 zEv26L?AOEQd56W{>iIbioMDpYrb6*aKeL*|rpx|d#@9*emCheOk!Ol&x1~1UbI3BT z5uEy$j#A)ROA4>W>!q#HPUT3DjX}wOETr1xu#TRkTYFeJ)p%cj*~#S>H#XXJw5rvT zgnPH&;pYAa(LEjb7s7DbgytTx)(lRrV#LK^RMQXHP^TyMin69|EC3e!+s20b#5E-! zXKcDxpMUZ^+gI_|yy@xj!v1H^$#(hfeFKGIcy0$tFATzHBvVsKMwt>Rbo$gTXgw19BI$cYr#a0<9%SXbh+=%GdITip;1BsBHJ* z2f>#F1vmp{ZX&ZP2#QOOD2SH^L|2fC1&D+%iX&V!1<)NIEF;O5lEAC zT$UK=NDy(kVnHFp7&DR5KFAgUQSzboLU{^#_JCkO07-E00ThvQ5||0g!;RF$XK)gC zfM5_t@BtK%K!9lSAx@o#=MuRX0^CD^QN6pw^)Su@^KLuCEzxS^udwuZWbnrVfMQxK z&fr#dBhnc>j<^+QxFQ)m44wryEPs?T-43@xO+rBgeh~2`JQb4V;nTq4gzED>%sA0v z%?j9E`^2Y#islP~17GutV)BPiD5*&bNe8pTa9Fq%V0^IabWa6p43i=ZD%J zBg8@+FosWZ)#g;zE-&d8M0D~hnaZ1Jv2r|lD^Pv=LyRl91a`bKVyb(l{gX;kt6{=u1mM;#tD6e%!+MAtOD5c$vE=Xpt>0n(pO>UoONsZ-GOPYit&==wAxTK5%d`tZJ8{y#I5&7D}wxnB@QU7?Xb z7sh6%RE#eTPl+`D01}Au%TKC^5wN$@=RbN+rao-;Yb^%i;+M3RDN$d<_Fn|Ked8C?Yui=!^!l_e=sf9K~0RKj@)VZ)foo$a-g#k$M$d;Npg*L1xVIB9U} zn*RXqO=o}XuHP5A*kL$M6_>EtcrFKoNTZ{W8dREjK?x7&E%n|tHEY(c^EPnTmzP(y zU0U;UlkVPr&m!g6-*7wc6(xpXwT4!`q0`DLl%5KeVn=a!l9@NSicv{n7NxO^H-eeW zry73~2I&C#NuO^3DvX-Z2=qdEK z+`-BnNz1vdAp&pNt3Ug_LatBnos}E6MoWZvMz`UOPfe4YqURsxU!RfDRLiE7ASl&^ z76nO4epA``ij!%zgOtuWFqE>nic%3^E$bNzg1N~UhMIkJ{{RM33dmK|lk$kUEF(*E zy!R-kro(C|W+r0hqNx)Z0GC41_!d6#l@(GG+k;tJq*6TVt6g}=Jt&#>3hK$V_{n1@ z2Et{T)k?F1pqon;-9&B7Zmn$U+$>`e^L!6wO8w1Mx5~$S;OKrBI?axC*QRUEIfDk5 zK|EsBG|8nx%8a>aUyv-29ZYUmUOCSYY4o)F{{UqUFrV6cZh>=NzMC0VpH#QW-%L>o zDUBu(v8whEn4adgth|bsa7)F}MzZ2%N>OqeEJl{KO~oOS75Kv%Yl*zJE%Sa)uj*kpBQ}szC*R^l06F_8zgPzt-&Z{KY=G`7YlUb(#-> zHLZGTPCm|){wXeg3%|!@>U*9<=}tuH)Sz$-FwU#{_?2J_oUcTkkUbLKuN*c0t*B~p ze%4rz@~xH+cJTLsv|R!T!W~sR&Rfgm`+Tr;6O<+b6nS^`jcQmsSj9(VEW21kC6T1J zF*6=i%DLMQ{aKrESrw9l=u*(rC6?U_9%P?m8J3qcwdXn9$8yQ&TK(u4y@)@G7nTupBSM?2K>4kITOQsVjDwcOt+ILQs5dQ$Qlu))G zaQdYi0V<>b0XqqE6D?)_Q+TOgN|Wfik4y9HPOJ1)Z>-zBL&5h-@}Bvo`c-IScAR>! z(plX%W^)=G;Od67>9`TZsOv+7* zGFOHx1LV3CgePq(~J=rYb53Bd^(O;e-1)#Ft^OL7gE*yN+kNl6>8PEo1IBz`kW2r z{pO=v+E<%z@c1ql$k~;tOf9rj-b_T2B2Z8@01NTj6|{*gNMZiiR`LW$u)IJJmIV61 z0sF!L0|3nc1eOl~1pp{HfC5jHj?pW211IJBLnVM90iTzN0Gqk=fCxjV2RCQ{5CJ>- z2Y^<(!W%$l z?Ew-Zj*(~uAS8$80pq|yeV`-{{NMt8{{W-|M}UCApe_QwQvq^YhijdnEQu54E+8H} zfj9FWU@Son2_WwQd<9WDN2~@!2&*W1LbhZ@ZUsA$W+RwWA_DA!M-UlM+zMGqzR($P z*@&Rx{jU|7bkY%=JM#+JnFX*9cvB`Ekw-{z2;NMHEUbu2mxyJ{VM>|*04RmIY!LF) zN-ev@OOq-Y;AE}K9?+&mGQh2aL^ATk5=Q$%?}Etg7&EZv**tw?pov0w=R z(S3!PYqVH8!{h)5z)MLt@b>;AOKFV3T1M44z7gNDg9S$noTg zE?z8Lj3TUI*35MBS20W(j5>K9Je4bVhfHB60+lg~B3M+UprnDmsCBa%BB?s8lg9Ar z6QtYL9Axk$ z(Wr#_cZ(yja^R^>1>4nxTA0z;Rc&rY{o#|zVnV-_KUa$r9IZ)W`vKk=Y{`zotwZKK z#h4v#DHk5`14ojjY<>5O7Xt{ikVm(830#UmJHS3NBGRTLo*~x-f-ONnFo_*32)~rT zNTk>f(J5pES#S(E%VsN$Btkw$6s;&$uShW80#2kM7bf;YB{L@-Mbqlr`$e#&Cimd; zZxj6_=(;3*l{f7wc_+8chHTn=K3=Mcp(N~^>OP*4Y-I>Pb!DDa72}VjYnK{n#*f(* z@qNr$lj`vU;YyX^%Nw${_b~BOsV_En*7^s6zK!i;bE(u-D|TGG`YwKW!F@IpEhyJD zTN~;OpKn-wptAWmJ#*=G0P?;!mEx-9)syluxu} z+t}5u!rRREy%)pstxa3$)Kp;}UkNWZ-}U5kdOEe$X(dxi@@`(5Z6!e}#VTd`?wWTV z>c0_|*2D3{H@xs3_64X+ld9eon0EBeW zrq=6%sVGfh;iIa`{awaziHW4f!Kz}6S}t8ea2{fzW{ z3p!vKnvF=qE9Di1f`p{$njBrh<}n=y4bL3b^i5MomrZDG=D0Q8KPpP%(Y-R zZj+{HQ`O8KtJ+xfP5ooFve2nff|Y00FSy=YXcX!D)!$P*p9jp8*h&3nsnx2)6Id!l z)E5;2u8E2_F60w;1~#>ACt0YiqGeUHl;*l#5%vE7zztEvdL>g@Qjk}fD_5l(2he}4 zdH0Lrp{b<5mM3fB==5p$er)!6jDpP8c7Isqaj~(hEtyi36|^!~HI-(>SpYO!15
wQQCdvQ$_oCAUN)wuA*OKi&5c=GL??v z33QQ9Gfgz5c2w3ny^;^oH#WKz)$hGOc0RoPj-yTRHm9lLrN{1|{MWqx5&c>`3p?km z*VH^-W@pY5X^m9E6E0OHIF^Z0!+@Stt@lwU+i32zJ4#k?bSbxux%1!gK3e|(N^J{D z(C>8kS;Gy%<-BH3D}9pl;L)idru#f^7TT8%i1cW9+)k6}sp$<5@j6wX^E9mKXB&J&K3YCx*OfMOt{)-!gbg=9bk{^O{Q&_1iuB z8yvaRTrU#DhF!#D)L}TfkV(O@B&1B5kOrkmP$d;88iT4*loIT%CeTy8qgnep>!wT3 z@@G5ZZ=%ghPqUV(qtuP%lf&z$nKDOHoxqt$009lmTzD&QVmO z=s8E`JtHo3{ipmzpH#5_0L<}gyBm71-d!*H^ZvYyiHgDTss8|Htd?jimvLZIF!~W? zeHg+;)uSJG-irH;Y@>N%znUh$5yES*l|59Ep%;OfN1QrT{_%e3y|>&+h*K91cxZ(86>>s_671gbE#z`&I$PEt0+~+thZM}dKG@C*Qu`k(-dk~;_hkPFm^EK71A z4tEL^0cZ$sBP!rGCIG`CZRPC%$zX(B9?%jP30#n#Iqd;rStl?SB0yckU^cmcc%Y#} z=76$15l&QFkpW^r7fWq!U@w9Kl2niZ;sYi;0aj5bZtxey5OL@)6`4@rRe84Lz-2&E zk_&f*YbISZ#87nVYr>gy#c`yu+7a?*KnC{U#2GLZO9~bS5vF8CY(ZiP?fqg4P^Bb* zJt8hdUC)oqgpQw+OkFb{`qva42 zoyb5tz%U3JKt139Y9KSf0q!~}>^ z;^G-F6-jM`F)L;TgzO=c9Wu3~g73^Q>55OAOZ$j)$pX^M!<)mzXo#ea1>$!YT_=*> z@nYb0g1LwQSiDYfPHq0@ODC1o%Cp|a6rc`BF=vlhpZg;I4~o5PlN zDpFWk-QQ@jZc5}r6jUw6?GCsuSixCu%J9pQN>((Ic>Y$47bB)3fIILZ)7-H#rGP9u zn6PN_EWj=k-W_g>7CV)x&BR!^E{_E(1%rsPFJf0BsrcdFc(LWW+;ab#5&-0 z$y7+ZME7o+)|aj~ICJ<=W}g+-bk%Plw&Suh7Puh*VS) zD-V~U?W~7U_U-hD%}SE#e_`3_A4eJ&hV9k=0ElZvxbKGWzgc`aW6=XH`L@>26$J2ZT(R-{nR(B!e*>>Es)! z_*#feY@G`|K0S5i)g}BZ^JimL&q>jqbqb2DMgIWWgYW&RaJ^PC&HhX27F5Yqs>~B6 zPQ`J_sUK;^@imE)*XWxxr2ha4K=q6&`kiX;6#dxwBS)%h_u7mV82;{x;t|<=`@f&d zxzMO7WtO3CBL^*<{E|xotfV9)zMb^5{e5C`%t^coNeKK&AV+IO)*aY&v4y{j)sJ4Qn+z~_g|S^G}N%Z)0wDQD)7a?*@cJuh}cCL zT?+!!VpW)Q@l!!pGE~&QiSn$VdxHall(#jv_H-_2xYUYk$)7Lgti_JzTzaPz%=qm^ zeDgJLKCWR>$kbRlRfk~NhiW#y0+m?%LH{&JRYc*ea;_9~wPq3|tF`{iJ>{{Y>O z;(7$xnu$-Ng7L<|aDIovD8B*CnS&`!6L1>yEhSGfokLWm_jK@mLl`PjrCnlZ#=X;R zFQfa|@8{iqr=sM(uHgBKaxlzP3L3SYC`#1w<{#l#1okX@JZi2q_f2(2baC2_fp=z| zNPEy;T(62JRK6hkf6`i6lI!cgSYk;7!@{ujC38vsGVLr~-B;`kHI|QeeJ^ohJ=^2_ z#?d?{tN4OyRHM;Pyydd_dB29XhV_v&cy`AA9z!uv+Ww}W$4Ch|TcvJosj z$Pf9(W{|!4=hO2)K7Z2!ZW@M~zq2pKCNNP_0q!=9#u8`6PI*9BD!JT1RVm=F!zAoU zfT`3>iBjavO+<-{moXnK$!pT2`yc5IgyV)|*M%zZ>8Tu}Z%dlw)=Ct)nwU)hTCPO4 zQhihh^!y^9V<>ynU&)#}mRELjbG4q{L)K-(HlOX-MEO-z>e*75mhI|)-J;reYpbSv zGV6V1P4w1X68jAXJ(sY2$A&Kh%s5o4+CreEQ&lF&SlMYHgDqo)q=gO$i!0k(-9x6T z&#Bt@bH-Z#0EMpq0BX}NB?q=vTZ{B@;iFR`PI$^IM7$cVW@5uY2{>jWQk3E{MeQo3 zY?^^!0%vJfhZMI!tP*$S4TY+1qfI~d4}qd4X-CS5Ajs;t3?w59uZCJeJ6i(;MOn*bdk zc}?MRz&b$=L_h&)09Zf*os0kg05%W+Q?PiPFbFCNDG@0Ez!UQgxrPD|06wq*F4{+H z7zKGE9D%Fr0Xs19{xA|kc-ydm0>ewd0&b!e!w~=kmbknGECg)N0AUgWae@E>ZQcL~ zyN7^X@&IpP=>Wvph~fcSAswJ4a57Q|eqbRYDEWS{65co>Nq78U1;E>u9iSvoqokLB zXrP_j(gMixGC(Hq4;7XGEp8w!>_ve3U@cq(5CGDafVBYfpf25@9dHYlf2;-Y>_r_Z zv4F{s0A~cBqy|Je0bz04BM8ZY6pLCB@@2sabrZMc0ht6XtQ2h(nN-lKYmu?^gnXHh zLXuA0dPEtNr`N!^eS>+*Z_L(bLGQ`Ajrk#FZ~oxElzvC6U~rNAobnf~_DVl6Z>-i|kfz z)@K_-t_NI|l#LI`<}DnpNf!^WhD@<;R!83;7w#g+@LZo_xrx-BF2(FS!>56Y&zP%# zMWM?U#cCw8jl^2EEGs36_F)X3NnDDtthp^{wJZ)G4nl!$B6}7QO7m%LtrDMLDx6t= zNMWK>v#2*?0c3p2<|)+84!A9dic=69c#)FHSy%+Q<^aP13sRXWZssh6Wi64R*8EMQ z_5_zWXKFAEolIK;%yeV)26cC{zr#u{{To{A@NOjXQ5J(i`zKe{)R04 zQdQ+qODj|V0BEhgkR?)YeUY}%{)p(?MQR=+tgx0`bC0%9^3Fw=GKjraYs;-wNnN=0FGU@5%rPgLEN>Vu__VqB4qdJd<+3vm= z@Ft1j$i_DG`s)7xGg*HxFM+_%>efA;t5<+@FE1w(GRZ|&VXoCH4y7W+mfyBl@S*)k zjl?wSR22~>>863PHgHvFud1|B$Xn4 zbhf3WJ)}swP~W^=Ua^mJtI0>%TCSM-a?Csb01{owleV#k?DU^#zj|NZk~?M3m`iFb z119@MrDjrX@^cEGcgTwg3i9685n@RqBvh}M0$ukF0gpFUn#o#;H)ko? zj}REL;6)HZfi_X!c(E)PvJqsLQ=SFkx=Llpqz1Z~jpE3dya_Q$N{U&>q%n;)R;N;* zVm2M2(!()oGMRvoLp(`|P~-Z^U0Xqu{@I4ruAXu$B^1n-Sc{NHs3OE2<7K77Gr7Yt zdKFo8v&nG^+#3}?X-*i7Hept|{{UkLOym91StoZPh4zl7oN7|rIsA*2yQjK&FjY~8 z;wdz>RAQKr6DFon{{Xf*_Yr)0qq}6voayhJl+DA%B5En>P&}ZNsVrXGk4Uq2)(l&X z^__Nxlmsun09J*NwlWnrHrefSf#bKJ; zi8T=yv|kvSTZya)OAk(B#Em^!EyXGTGkqQ`O9rm2nU$7~oWVuIR1N*(8ufp%)c74A zfLfQ0wDtc0n-9e9CeLY~Hw+_>gfkR=j>ZcGUO5|>Zi3#7m8n8v$QJb+L#6KEo}9-A zkK>YMoaKwm1^)o>jM7QuymeObP`8dek3zA;blNdr%8Z&F1t5+Ku!X6(m3KDO>h$!A zoJdR}>ua#dziGqj6(wZ4wB0NI@^(MY2}Uzm zlF5g0YeMEYn%vyV#_(Kk_E_~erJigm5PXXI?moYaV<^|5^&VG|srDDvGH#pdkKk2{ zWva?BCZ!^Lqjb!cIEjIjq5zaD2d-b8$K+si!2-SIC;FHB^M$ z_*12_(C2XE8-fV57Zz5xi{4xLt(ocG5Bf{-H-x0=TU1k_FRe;`^*JvtnKqGuO^WA? zq@pp|6SFoRhI;HejR?eP(a(!chDAWN)gUEjiAFFQzOdR}{5<=w)bDEP-$vg_NjnKG zGWuC=ocEzQWB6p-bn^cIn?8BLzrgYAx14bCiQxE^J#>jP3Jlo_R=RnkbSq^_Smg?3 z4Ty}Y7gX!7-8??&{%G>Q6nGoN{t>uTwJUcR%j(N2P@3%HC6v?cxww^$S5nC|xQw6H zG{o5@AWlI3O8k$!G^s_)F?|p2{{SP;?kwY+)At|T1z?o8oTXLeYQa5&%%zxGVh?NF zA4NC33g%FkO?czivnq|vdwC^VJ9(PfsZ^<+6+#TPizzD%(U7-UM#7y~RauCngel$q zp?Zr4O2I5`3;>u|4|o7p?Enp-&6NNHO^JP>lL4D`cM!k;KxP~IzyWxVf*`Qd+(2Z& zg)9JmU^1YvAyYlJgnXG)(Ftw0?FlYS%4n@`EuDGVF>LbcqPXu<;nLV#l?j z%%P$pkCeZALquT-azpVBSc(gF+nBJklC`>l0L6=fS0bq1`?NGiD^M-`%v+SpQ%J0b zK2g6A(d2O#*lu>TSe_Yj+^JxOC%X$pk>p~c9F`u?<%?k!0U(XRXlRd=#83v{MXQ0A zC2Km1r?sNU?m1a~8bnE86bgZE;u;`UuwD6v85OCDTn*qYO%*LA$pRTQfzwzioK&fa zmJ4dMSrw3}QZ#8wq_|5U67(-b#FKVDk$RyB`_gC6-X;2DxSeTO=`^}$oOMgj;0gGg zs#PjfnF^SoEv~^oPGKFwo9L#nU7`IJYF;9*9Y@3$EvLGQeCOA(j=30>dPMrktt^%Z z0>jWl!jvN~Uo*1R_1_Eq8`~>wKHWO4e@;^6{05WuN@+xpQrv*#`g%o^sHv>-c=Ydl zS@fHzyMJnw7x3{F@>}Evs;+yYnpcLCx`A?GV=lFp&t&k&(O-x33|6{c+OPJ$s`y8{ z^?zZ=9J|KQzBsN$8pphE2K=pDqNG^V%M-7uqUvL`WAAXA8huC?3Vg0-K1`A zW$dW-c*}l~NXMe+t~;Hl3}3IAi8z>WxjAnPQl(+?yKDQ?&-ad>NVcx2PSbpnrJNi_~qNkOIVbqeT>7+{tl_o+05QK{afGh{3XsT4HT251W zXENgDCn>hu-!FC>1|XAtzud&eC309qZT$n1`5NZCx~L1JQa|V;X~ZE z@EEfySO98ab8!>W$|MCiOB)T(c8NwD*pB3^63Q1OUE$XzG>Vkt%y&E;p~@uE0@AHF zP;ze#6Bb+vFcPH}c4rXraO~BEF9*dY zOqV8NlA^gs%#|d#Ka^x!*Oj$ZIGFu@&RIN{H}u08z-E1+3qtA2R1;E@WiTa_o;Kpq z(pqXXt~P6PCY{APyLUMG@{*O36z_dPHjze3ST;4)*hKs;OpH4WGUm&qBBG*X!c{h4 zcW%L$2qPMish0LID?(9>r6-f)dbxC;t!K@toiPXP3qog0RpmO!)O(Kc>Q?Q>-YqW3 z@k{ux+b8jViIa@rxSn5~GYZEigb5P$QiPppnXk+gp1|*Tx{XQ|qt^s$>Qc_=^}e%Au2*I8D)wqk zET3QWm!w%Up}8)fAmn*pZve z!dw}&qM=U+->E|C;_-(bN~$pq$qn~n#IkDc9>S=NAe)H2V+M}lw#t@wXWz6~mJz9} z_YrDQxgZ^{61O$AS(lg8Q;t!9T=?L|E&6}4RQMeifMlcNojJe%04zTfvZqk>XX4W4B zdJU@o0AQp2)MQW}%-Socw=1ZPwK-{VQ%?p2)>v^83T1a={bM6Y{{V|M@chrtzx2%i z0Ger^34SpvmJ1afgGT3;d{GCOkh7NW7BOeYcK`^2sS32%+h_!Q5g>rZ6{pxvtO`N1 zK(^$qzc7?*vs%s!L+4;q?999`6vVJ%1su?%5qf!r(0vE){VnMg&Jn4~`IvR=s8?KJ z`We#KgJv*QB2uX<1=S#=5Pd;Sh>F!&(U(hkMkX$-(o*-LYq2~Qs)xx{Cw-2s<6%a; zYVd6+*NsH5w>ivXC{bcKsmxTBH8^H2C4?s$!?a7Dw1;F(bd=9W@J$N??&&N>J;t9# zyX#v^%^tPkU!^U3K($s^kymzY??$F1yuH@e&&zV^EX$fONpGGoS!<(}EUIo|!a{_m z8>)3OiCmL?<(a8qNhlT=eRnp}YOCsx-~MM|bM$}U&!h@2@4|AO3h#G9t~yihp*4>C z;p~>k+u``W6^}?pD}mxtYGvvDjdcY`RlO9Gap->tyRMu1uPey#ZxZ-pR`A8=?D~Z# z7ui3_n*o?5)yhpSWyAb=V6dvEN9|GmsJZ_DSMZ2Yl_%8)hvnGiRlQYFIxl}AXW&Yi zAmSJ$N^2=@d_*&j;Ev)hjdVQVLD> ziAx{?g5-nw!=wW-e@1`_h2K1+TmVgn}Rd?mz>G02~i%zyvk~zy#En5DP9y$8T5x zXOYLtXbH*y3UEvWfPxY)a9|ZDkb+1z;sJsz!0yliI4|$K1&EsYJ&wWw(Fc?OU@VT? zu)tbP)(5-=gaD*@zK|9Hd${ibY0bof&qI#T%#huqqCS+kjevr#8$`YXaCv!xT6XH literal 0 HcmV?d00001 From aef3d8d29503c8cc054808fa0822aaae7d952045 Mon Sep 17 00:00:00 2001 From: Marco Walz Date: Fri, 8 May 2026 14:15:53 +0200 Subject: [PATCH 7/9] docs(node-infrastructure): add missing tables, partition layout, disk encryption history, and full recovery steps Adds the disk partition layout table (showing which partitions are encrypted and why), the upgrade-vs-recovery-image comparison table, the traditional-vs-sealing-key disk encryption context, the full 7-step manual rollback and Recovery-GuestOS numbered processes, and the four-feature overview list. Completes the full Learn Hub TEE article migration. --- docs/concepts/node-infrastructure.md | 99 +++++++++++++++++++++++----- 1 file changed, 82 insertions(+), 17 deletions(-) diff --git a/docs/concepts/node-infrastructure.md b/docs/concepts/node-infrastructure.md index f21406b1..9ab962aa 100644 --- a/docs/concepts/node-infrastructure.md +++ b/docs/concepts/node-infrastructure.md @@ -35,7 +35,7 @@ HostOS is intentionally minimal. It treats the GuestOS as an untrusted process r GuestOS runs inside a virtual machine on top of HostOS. This is where the ICP software actually executes. GuestOS: -- Runs the [replica](../references/glossary.md#replica) process (implementing the four-layer protocol stack) +- Runs the [replica](../references/glossary.md#replica) process and the orchestrator (implementing the four-layer protocol stack) - Executes canisters and manages their state - Participates in consensus with other nodes in the subnet - Manages cryptographic key material and threshold signature operations @@ -48,7 +48,12 @@ Running the GuestOS inside a virtual machine provides logical isolation from the Trusted Execution Environments (TEEs) address this by enforcing hardware-level isolation between a virtual machine and its host. Even if the HostOS or hypervisor is compromised, the confidentiality and integrity of GuestOS memory and state are preserved. TEE-enabled nodes are being rolled out across the network as hardware is upgraded. -ICP uses AMD's **Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP)** as its TEE technology. SEV-SNP provides four capabilities that together make it possible to trust a GuestOS running on a potentially compromised host. +ICP uses AMD's **Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP)** as its TEE technology. SEV-SNP provides four capabilities that together make it possible to trust a GuestOS running on a potentially compromised host: + +1. **Memory encryption** — protection of GuestOS memory from unauthorized reads or writes by the host +2. **VM launch measurements** — cryptographic fingerprints that capture how the VM was initialized +3. **Attestation reports** — verifiable evidence that a VM is running inside a genuine SEV-SNP TEE with a specific configuration +4. **Sealing keys** — hardware-derived keys that allow data to be securely encrypted for persistent storage ![Securing the Internet Computer with Trusted Execution Environments](/concepts/node-infrastructure/tee-overview.jpg) @@ -58,13 +63,15 @@ SEV-SNP encrypts all memory pages of the GuestOS virtual machine using keys prot ### VM launch measurements -A VM launch measurement is a cryptographic fingerprint of the GuestOS at the moment it starts. The SEV-SNP secure processor computes this measurement from the guest kernel, initial ramdisk, kernel command-line parameters, and CPU configuration. Any modification to the GuestOS software or configuration produces a different measurement. +A VM launch measurement is a cryptographic fingerprint of the GuestOS at the moment it starts. The SEV-SNP secure processor computes this measurement from the CPU model and firmware, the guest kernel, the initial ramdisk, and the kernel command-line parameters. Any single-byte change to the GuestOS software or configuration produces a different measurement. + +The kernel command-line parameters included in the measurement contain, among other things, the expected hash of the root filesystem, which is verified during early boot. Any modification to the GuestOS — whether in code, configuration, or filesystem contents — therefore leads to a different launch measurement. For each GuestOS release, the expected launch measurement can be computed in advance and published as part of the release. Nodes running the same GuestOS version produce identical measurements, which provides a basis for verifying that a node is running approved software. ### Attestation reports -An attestation report is a signed document produced by the SEV-SNP secure processor. It contains the VM's launch measurement and the CPU's unique hardware identifier, signed by AMD's root of trust. This gives any verifier, whether another node or an external party, the ability to confirm that: +An attestation report is a signed document produced by the SEV-SNP secure processor. It contains the VM's launch measurement and the CPU's unique hardware identifier, signed by AMD's root of trust. This gives any verifier — whether another node or an external party — the ability to confirm that: - The VM is running inside a genuine SEV-SNP TEE - The specific software and configuration that were loaded match an approved GuestOS release @@ -74,7 +81,7 @@ An attestation report is a signed document produced by the SEV-SNP secure proces ICP uses attestation in two ways: - **Node-to-node attestation.** Before sensitive data or secrets are shared between nodes, SEV-SNP-enabled nodes attest each other. This is integral to the upgrade process (see below) and will be extended to all network connections as SEV-SNP adoption expands: each node pair attests the other at connection establishment, ensuring secrets are only exchanged with verified nodes. -- **External attestation.** SEV-SNP-equipped nodes expose a dedicated attestation endpoint for external verification. Access is restricted by firewall rules and is only available through API boundary nodes. This allows IC users and external parties to verify that the nodes serving them are running TEE-enabled GuestOSes. +- **External attestation.** SEV-SNP-equipped nodes expose a dedicated attestation endpoint for external verification. Access is restricted by firewall rules and is only available through API boundary nodes. External parties indirectly attest individual nodes through these API boundary nodes, which in turn verify the nodes they communicate with. ### Sealing keys @@ -87,31 +94,89 @@ ICP uses sealing keys to encrypt the GuestOS disk partitions that contain sensit ## Disk encryption -Each node maintains two partition sets (A and B). This dual layout allows a new GuestOS version to be prepared in the inactive set while the current version continues running. Only partitions holding sensitive data are encrypted: the `var` partitions (runtime data private to the active GuestOS) and the `store` partition (persistent data shared across GuestOS versions). System partitions (`boot`, `root`, `config`) are not encrypted: root filesystem integrity is covered by the root hash embedded in the kernel command-line, which is part of the VM launch measurement. +### Partition layout + +Each node maintains two partition sets (A and B). This dual layout allows a new GuestOS version to be prepared in the inactive set while the current version continues running, and enables rollback if an upgrade fails. + +| Partition | Notes | +|---|---| +| EFI | | +| GRUB | | +| config | | +| boot (A) | | +| root (A) | | +| **var (A)** | Encrypted; key derived from VM A's launch measurement | +| boot (B) | | +| root (B) | | +| **var (B)** | Encrypted; key derived from VM B's launch measurement | +| **store** | Encrypted; two keys, one per VM measurement | + +Only partitions holding sensitive data are encrypted. The `var` partitions contain runtime data private to the currently active GuestOS. The `store` partition holds persistent data shared across GuestOS versions. System partitions (`boot`, `root`, `config`) are not encrypted: their contents are not confidential, and root filesystem integrity is covered by the root hash embedded in the kernel command-line, which is part of the VM launch measurement. -LUKS passphrases for each encrypted partition are derived from the SEV-SNP sealing key using HKDF, so each partition gets a unique passphrase that is tied to both the CPU and the exact GuestOS version. +### From traditional disk encryption to sealing-key-based encryption + +ICP nodes have always used disk encryption for data partitions. However, the previous encryption keys were independent of the GuestOS and could in principle be accessed by a malicious GuestOS, leaving a potential attack vector for a highly skilled adversary who could compromise the GuestOS and read the encrypted data. + +With SEV-SNP, LUKS passphrases for each encrypted partition are now derived from the SEV-SNP sealing key using HKDF, giving each partition a unique passphrase tied to both the CPU and the exact GuestOS version. This means only the GuestOS that encrypted a partition can decrypt it, and any change in GuestOS version or hardware prevents access to previously encrypted data. ![SEV-SNP key derivation](/concepts/node-infrastructure/tee-key-derivation.svg) +On reboot, the GuestOS requests the sealing key from the SEV-SNP secure processor. As long as the launch measurement has not changed, the same sealing key is returned, allowing the node to decrypt the partitions. If the launch measurement changes — for example after an upgrade — a different sealing key is generated and the encrypted partitions can no longer be accessed. This is where the upgrade process and remote attestation come in. + ## GuestOS upgrades -When a new GuestOS is approved by the NNS, the upgrade process runs the old and new GuestOS instances in parallel using the A/B partition layout: +When a new GuestOS is approved by the NNS, its attributes (root filesystem hash and launch measurement) are published to the NNS registry, which serves as the source of truth for valid GuestOS versions. A malicious GuestOS cannot participate because it will have no entry in the registry. + +The upgrade then runs the old and new GuestOS instances in parallel: -1. The new GuestOS image is downloaded into the inactive partition set while the current GuestOS continues running. -2. A temporary **Upgrade VM** boots the new GuestOS. It cannot yet access the encrypted partitions because its sealing key (derived from the new launch measurement) differs from the current one. -3. The Upgrade VM sends its SEV-SNP attestation report to the running GuestOS. The running GuestOS verifies the report against the NNS registry to confirm the new GuestOS is an approved release. -4. Once verified, the running GuestOS shares the disk encryption key with the Upgrade VM over an encrypted channel. The Upgrade VM re-encrypts the partitions with a key derived from its own sealing key. -5. Both VMs shut down. The node boots into the upgraded GuestOS, which can now access the encrypted data using its own derived key. +1. A proposal to upgrade a subnet or set of nodes is submitted and approved by the ICP community. +2. The new GuestOS image is downloaded into the inactive partition set while the current GuestOS continues running. +3. A temporary **Upgrade VM** boots the new GuestOS. It cannot yet access the encrypted `store` or `var` partitions because its sealing key (derived from the new launch measurement) differs from the current one. +4. The Upgrade VM generates an attestation report containing its launch measurement and sends it to the old GuestOS over a TLS channel. +5. The old GuestOS verifies the attestation report against the NNS registry to confirm the new GuestOS is an approved release. +6. Once verified, the old GuestOS shares the disk encryption key with the Upgrade VM. The Upgrade VM re-encrypts the partitions with a key derived from its own sealing key. +7. Both VMs shut down. The node boots into the upgraded GuestOS, which can now access the data using its own derived key. -This process ensures that disk access transfers only to a verified, NNS-approved GuestOS version. +This process ensures that disk access transfers only to a verified, NNS-approved GuestOS version, and repeats for every future upgrade. ## Emergency recovery -TEE-enabled GuestOSes are designed to lock everyone out, including node providers, unless a specific recovery process is followed. Recovery is never automatic and always requires an NNS proposal approved by the community. +TEE-enabled GuestOSes are designed to lock everyone out — including node operators — unless a specific, governance-gated recovery process is followed. Recovery is never automatic and always requires an NNS proposal approved by the community. Historically, emergency recoveries have occurred only a few times, and during 2025 not a single one was necessary. + +### Manual rollback + +Manual rollback is the first option when a node fails after an upgrade. The dual partition layout means the previous GuestOS version still resides on the inactive partition set. + +1. The recovery coordinator submits a proposal to the NNS marking the problematic GuestOS version as broken. If approved, nodes refuse to upgrade to that version again even if the subnet record still references it. +2. Node providers switch the active partition set back to the previous version via the HostOS limited console, without touching the GuestOS or breaking TEE guarantees. +3. The previous GuestOS boots and the node resumes normal operation. Once a fixed GuestOS version is released and approved, nodes upgrade to it. + +### Recovery-GuestOS + +When neither partition set boots, manual rollback is insufficient. The encrypted partitions can only be decrypted by a GuestOS with the original launch measurement, so no other GuestOS version can access the data — including a fixed one. + +The Internet Computer solves this with a Recovery-GuestOS: a specially crafted image that keeps the same kernel, initramdisk, and kernel command-line as the broken GuestOS (preserving the launch measurement) while replacing the root filesystem with a fixed version. The table below shows how this differs from a standard upgrade image: + +| | Upgrade image | Recovery image | +|---|---|---| +| Can be reproduced and verified by the community | yes | yes | +| kernel, initrd, kernel command-line | arbitrary | same as in base image | +| Root filesystem hash matches `root_hash` kernel parameter | yes | no | +| Boot partition contains NNS proposal with root filesystem hash | no | yes | + +Because the root hash in the kernel command-line no longer matches the recovery root filesystem, a special override is needed: the `BlessAlternativeGuestOsVersion` NNS proposal. During early boot, if the actual root hash does not match the expected hash in the kernel command-line, the integrity checker looks for this proposal. If present, valid, and listing the specific node's chip ID, the recovery root filesystem is mounted while preserving the original launch measurement — and therefore the same disk encryption key. + +The full process: -**Manual rollback** is the first option when a node fails after an upgrade. Because the previous GuestOS version still resides on the inactive partition set, node providers can switch back to it via the HostOS limited console without breaking TEE guarantees. +1. The recovery coordinator collects the affected nodes' chip IDs and the base GuestOS launch measurement. +2. A Recovery-GuestOS branch is prepared in the Internet Computer repository. +3. A recovery root filesystem is created, and a `BlessAlternativeGuestOsVersion` proposal is submitted to the NNS with the recovery root filesystem hash, base launch measurement, and list of authorized chip IDs. +4. Once approved, a Recovery-GuestOS upgrade image is built combining the base kernel, initramdisk, kernel command-line, the recovery rootfs, and the signed proposal. +5. Node operators deploy it via the HostOS limited console. +6. During early boot, the integrity checker detects the root hash mismatch, verifies the NNS proposal, confirms the node's measurement and chip ID match, and mounts the recovery root filesystem. +7. The Recovery-GuestOS boots and the node resumes operation, with SEV-SNP privacy guarantees intact. -**Recovery-GuestOS** is used when manual rollback is insufficient, for example when neither partition set boots. The challenge is that the encrypted partitions can only be decrypted by a GuestOS with the original launch measurement. To address this, the Internet Computer supports a specially crafted Recovery-GuestOS that keeps the same kernel, initramdisk, and kernel command-line as the broken GuestOS (preserving the launch measurement) but replaces the root filesystem with a fixed version. The mismatch between the root hash in the kernel command-line and the actual recovery root filesystem is allowed only if a `BlessAlternativeGuestOsVersion` NNS proposal is present, approved by the community, and lists the specific node's chip ID. This ensures that recovery access is always governance-gated and auditable. +Because the integrity checker is part of the initramdisk, a malicious actor cannot tamper with it without changing the SEV-SNP launch measurement, preserving the security of the node. ## Further reading From 5d3305a5923d065bf021285083ee7e1631a7b490 Mon Sep 17 00:00:00 2001 From: Marco Walz Date: Fri, 8 May 2026 14:19:44 +0200 Subject: [PATCH 8/9] fix: replace em-dashes with colons and parentheses in node-infrastructure --- docs/concepts/node-infrastructure.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/concepts/node-infrastructure.md b/docs/concepts/node-infrastructure.md index 9ab962aa..d6339c04 100644 --- a/docs/concepts/node-infrastructure.md +++ b/docs/concepts/node-infrastructure.md @@ -50,10 +50,10 @@ Trusted Execution Environments (TEEs) address this by enforcing hardware-level i ICP uses AMD's **Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP)** as its TEE technology. SEV-SNP provides four capabilities that together make it possible to trust a GuestOS running on a potentially compromised host: -1. **Memory encryption** — protection of GuestOS memory from unauthorized reads or writes by the host -2. **VM launch measurements** — cryptographic fingerprints that capture how the VM was initialized -3. **Attestation reports** — verifiable evidence that a VM is running inside a genuine SEV-SNP TEE with a specific configuration -4. **Sealing keys** — hardware-derived keys that allow data to be securely encrypted for persistent storage +1. **Memory encryption**: protection of GuestOS memory from unauthorized reads or writes by the host +2. **VM launch measurements**: cryptographic fingerprints that capture how the VM was initialized +3. **Attestation reports**: verifiable evidence that a VM is running inside a genuine SEV-SNP TEE with a specific configuration +4. **Sealing keys**: hardware-derived keys that allow data to be securely encrypted for persistent storage ![Securing the Internet Computer with Trusted Execution Environments](/concepts/node-infrastructure/tee-overview.jpg) @@ -65,13 +65,13 @@ SEV-SNP encrypts all memory pages of the GuestOS virtual machine using keys prot A VM launch measurement is a cryptographic fingerprint of the GuestOS at the moment it starts. The SEV-SNP secure processor computes this measurement from the CPU model and firmware, the guest kernel, the initial ramdisk, and the kernel command-line parameters. Any single-byte change to the GuestOS software or configuration produces a different measurement. -The kernel command-line parameters included in the measurement contain, among other things, the expected hash of the root filesystem, which is verified during early boot. Any modification to the GuestOS — whether in code, configuration, or filesystem contents — therefore leads to a different launch measurement. +The kernel command-line parameters included in the measurement contain, among other things, the expected hash of the root filesystem, which is verified during early boot. Any modification to the GuestOS (whether in code, configuration, or filesystem contents) therefore leads to a different launch measurement. For each GuestOS release, the expected launch measurement can be computed in advance and published as part of the release. Nodes running the same GuestOS version produce identical measurements, which provides a basis for verifying that a node is running approved software. ### Attestation reports -An attestation report is a signed document produced by the SEV-SNP secure processor. It contains the VM's launch measurement and the CPU's unique hardware identifier, signed by AMD's root of trust. This gives any verifier — whether another node or an external party — the ability to confirm that: +An attestation report is a signed document produced by the SEV-SNP secure processor. It contains the VM's launch measurement and the CPU's unique hardware identifier, signed by AMD's root of trust. This gives any verifier (whether another node or an external party) the ability to confirm that: - The VM is running inside a genuine SEV-SNP TEE - The specific software and configuration that were loaded match an approved GuestOS release @@ -121,7 +121,7 @@ With SEV-SNP, LUKS passphrases for each encrypted partition are now derived from ![SEV-SNP key derivation](/concepts/node-infrastructure/tee-key-derivation.svg) -On reboot, the GuestOS requests the sealing key from the SEV-SNP secure processor. As long as the launch measurement has not changed, the same sealing key is returned, allowing the node to decrypt the partitions. If the launch measurement changes — for example after an upgrade — a different sealing key is generated and the encrypted partitions can no longer be accessed. This is where the upgrade process and remote attestation come in. +On reboot, the GuestOS requests the sealing key from the SEV-SNP secure processor. As long as the launch measurement has not changed, the same sealing key is returned, allowing the node to decrypt the partitions. If the launch measurement changes (for example after an upgrade), a different sealing key is generated and the encrypted partitions can no longer be accessed. This is where the upgrade process and remote attestation come in. ## GuestOS upgrades @@ -141,7 +141,7 @@ This process ensures that disk access transfers only to a verified, NNS-approved ## Emergency recovery -TEE-enabled GuestOSes are designed to lock everyone out — including node operators — unless a specific, governance-gated recovery process is followed. Recovery is never automatic and always requires an NNS proposal approved by the community. Historically, emergency recoveries have occurred only a few times, and during 2025 not a single one was necessary. +TEE-enabled GuestOSes are designed to lock everyone out (including node operators) unless a specific, governance-gated recovery process is followed. Recovery is never automatic and always requires an NNS proposal approved by the community. Historically, emergency recoveries have occurred only a few times, and during 2025 not a single one was necessary. ### Manual rollback @@ -153,7 +153,7 @@ Manual rollback is the first option when a node fails after an upgrade. The dual ### Recovery-GuestOS -When neither partition set boots, manual rollback is insufficient. The encrypted partitions can only be decrypted by a GuestOS with the original launch measurement, so no other GuestOS version can access the data — including a fixed one. +When neither partition set boots, manual rollback is insufficient. The encrypted partitions can only be decrypted by a GuestOS with the original launch measurement, so no other GuestOS version can access the data, including a fixed one. The Internet Computer solves this with a Recovery-GuestOS: a specially crafted image that keeps the same kernel, initramdisk, and kernel command-line as the broken GuestOS (preserving the launch measurement) while replacing the root filesystem with a fixed version. The table below shows how this differs from a standard upgrade image: @@ -164,7 +164,7 @@ The Internet Computer solves this with a Recovery-GuestOS: a specially crafted i | Root filesystem hash matches `root_hash` kernel parameter | yes | no | | Boot partition contains NNS proposal with root filesystem hash | no | yes | -Because the root hash in the kernel command-line no longer matches the recovery root filesystem, a special override is needed: the `BlessAlternativeGuestOsVersion` NNS proposal. During early boot, if the actual root hash does not match the expected hash in the kernel command-line, the integrity checker looks for this proposal. If present, valid, and listing the specific node's chip ID, the recovery root filesystem is mounted while preserving the original launch measurement — and therefore the same disk encryption key. +Because the root hash in the kernel command-line no longer matches the recovery root filesystem, a special override is needed: the `BlessAlternativeGuestOsVersion` NNS proposal. During early boot, if the actual root hash does not match the expected hash in the kernel command-line, the integrity checker looks for this proposal. If present, valid, and listing the specific node's chip ID, the recovery root filesystem is mounted while preserving the original launch measurement, and therefore the same disk encryption key. The full process: From bcbf7f3a5369e6d886944c80c3b61bd426646846 Mon Sep 17 00:00:00 2001 From: Marco Walz Date: Fri, 8 May 2026 14:33:07 +0200 Subject: [PATCH 9/9] fix(node-infrastructure): add to sidebar and restore Protocol Stack further reading link Adds node-infrastructure after app-architecture in the explicit Concepts sidebar (now that PR #209 has merged). Restores the Protocol Stack further reading link that was blocked during cross-branch validation. --- docs/concepts/node-infrastructure.md | 3 ++- sidebar.mjs | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/concepts/node-infrastructure.md b/docs/concepts/node-infrastructure.md index d6339c04..d5e28db6 100644 --- a/docs/concepts/node-infrastructure.md +++ b/docs/concepts/node-infrastructure.md @@ -180,6 +180,7 @@ Because the integrity checker is part of the initramdisk, a malicious actor cann ## Further reading -- [Glossary: replica](../references/glossary.md#replica): the software stack that runs inside GuestOS +- [Protocol Stack](protocol/index.md): the four-layer architecture (peer-to-peer, consensus, message routing, execution) that runs inside GuestOS +- [Glossary: replica](../references/glossary.md#replica): the replica process that implements the protocol stack diff --git a/sidebar.mjs b/sidebar.mjs index 036af00e..4ce29900 100644 --- a/sidebar.mjs +++ b/sidebar.mjs @@ -80,6 +80,7 @@ export const sidebar = [ { slug: "concepts/network-overview" }, { slug: "concepts/canisters" }, { slug: "concepts/app-architecture" }, + { slug: "concepts/node-infrastructure" }, { label: "Protocol Stack", collapsed: true,