From 7d14466902335f5c3cb3c6645c8abd2642794145 Mon Sep 17 00:00:00 2001 From: Alex 'AdUser' Z Date: Thu, 18 May 2017 21:17:34 +1000 Subject: [PATCH] * /articles/2017/05/16/nginx-authreq-1/ * /articles/2017/05/17/nginx-authreq-2/ * /articles/2017/05/18/nginx-authreq-3/ --- .../05/16/nginx-authreq-1/authreq-302.patch | 32 +++ .../2017/05/16/nginx-authreq-1/index.markdown | 91 +++++++++ .../2017/05/16/nginx-authreq-1/req-graph.msc | 26 +++ .../2017/05/16/nginx-authreq-1/req-graph.png | Bin 0 -> 21205 bytes .../2017/05/17/nginx-authreq-2/index.markdown | 190 ++++++++++++++++++ .../2017/05/17/nginx-authreq-2/req-graph.msc | 39 ++++ .../2017/05/17/nginx-authreq-2/req-graph.png | Bin 0 -> 51578 bytes .../2017/05/17/nginx-authreq-2/stage1.txt | 14 ++ .../2017/05/17/nginx-authreq-2/stage2.txt | 14 ++ .../2017/05/18/nginx-authreq-3/index.markdown | 161 +++++++++++++++ .../2017/05/18/nginx-authreq-3/schema-1.dot | 30 +++ .../2017/05/18/nginx-authreq-3/schema-1.png | Bin 0 -> 71609 bytes .../05/18/nginx-authreq-3/schema-1_tn.png | Bin 0 -> 54641 bytes 13 files changed, 597 insertions(+) create mode 100644 articles/2017/05/16/nginx-authreq-1/authreq-302.patch create mode 100644 articles/2017/05/16/nginx-authreq-1/index.markdown create mode 100644 articles/2017/05/16/nginx-authreq-1/req-graph.msc create mode 100644 articles/2017/05/16/nginx-authreq-1/req-graph.png create mode 100644 articles/2017/05/17/nginx-authreq-2/index.markdown create mode 100644 articles/2017/05/17/nginx-authreq-2/req-graph.msc create mode 100644 articles/2017/05/17/nginx-authreq-2/req-graph.png create mode 100644 articles/2017/05/17/nginx-authreq-2/stage1.txt create mode 100644 articles/2017/05/17/nginx-authreq-2/stage2.txt create mode 100644 articles/2017/05/18/nginx-authreq-3/index.markdown create mode 100644 articles/2017/05/18/nginx-authreq-3/schema-1.dot create mode 100644 articles/2017/05/18/nginx-authreq-3/schema-1.png create mode 100644 articles/2017/05/18/nginx-authreq-3/schema-1_tn.png diff --git a/articles/2017/05/16/nginx-authreq-1/authreq-302.patch b/articles/2017/05/16/nginx-authreq-1/authreq-302.patch new file mode 100644 index 0000000..221a130 --- /dev/null +++ b/articles/2017/05/16/nginx-authreq-1/authreq-302.patch @@ -0,0 +1,32 @@ +--- src/http/modules/ngx_http_auth_request_module.c 2017-03-03 12:55:31.236056000 +1000 ++++ src/http/modules/ngx_http_auth_request_module.c 2017-03-03 13:09:15.908223000 +1000 +@@ -161,6 +161,29 @@ + return ctx->status; + } + ++ if (ctx->status == NGX_HTTP_MOVED_TEMPORARILY) { ++ sr = ctx->subrequest; ++ ++ h = sr->headers_out.location; ++ ++ if (!h && sr->upstream) { ++ h = sr->upstream->headers_in.location; ++ } ++ ++ if (h) { ++ ho = ngx_list_push(&r->headers_out.headers); ++ if (ho == NULL) { ++ return NGX_ERROR; ++ } ++ ++ *ho = *h; ++ ++ r->headers_out.location = ho; ++ } ++ ++ return ctx->status; ++ } ++ + if (ctx->status >= NGX_HTTP_OK + && ctx->status < NGX_HTTP_SPECIAL_RESPONSE) + { diff --git a/articles/2017/05/16/nginx-authreq-1/index.markdown b/articles/2017/05/16/nginx-authreq-1/index.markdown new file mode 100644 index 0000000..8d57ab6 --- /dev/null +++ b/articles/2017/05/16/nginx-authreq-1/index.markdown @@ -0,0 +1,91 @@ +--- +title: nginx auth_request (1/3): Вводная +tags: nginx, software, devel, репост +--- +У меня тут накопилось немного опыта работы с этим модулем, решил поделиться. + +Прежде всего - что это? Это модуль, который разрешает или запрещает прохождение запроса в nginx на основе **подзапроса**. +Две основных схемы применения: + + * с его помощью можно соорудить WAF (web-application firewall) + * ...и кастомный портал предварительной авторизации + +...всё перечисленное - без модификации исходного сайта. + +- [Вводная](/articles/2017/05/16/nginx-authreq-1/) +- [Многофакторная авторизация, NFA](/articles/2017/05/17/nginx-authreq-2/) +- [WAF, Web-Application firewall](/articles/2017/05/18/nginx-authreq-3/) + +--- + +Выглядит это примерно так. Вот у нас есть типовой запрос, приходящий на некоторый вебсервер: + + GET /files/83084_s.jpg HTTP/1.1 + Host: example.com + User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 + Accept: */* + Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3 + Accept-Encoding: gzip, deflate + Connection: keep-alive + +nginx пересылает его сначала на указанный location, затем на основе ответа, +решает что делать - пустить дальше или выдать ошибку. + +Общая схема запросов ([исходник](req-graph.msc)): + +![](req-graph.png) + +Authorizer - это отдельная internal локация nginx'а. +Там может быть или `proxy_pass` на внешний сервер, или вызов скриптов с этого же сервера. + +Примерный конфиг nginx'а: + + location / { + auth_request /auth; + proxy_pass http://site.example.com; + } + location = /auth { + internal; + proxy_pass http://127.0.0.1/check.pl; + proxy_pass_request_body off; # <- важно + proxy_set_header Content-Length "0"; # <- важно + proxy_set_header X-Original-URI $request_uri; + } + +Обратите внимание на `Content-Length "0"`. +Нужно это затем, чтобы в пересылаемом POST запросе получатель не ждал данных. + +Далее, допустим мы соорудили некий check.pl, который на основе пересланных запросов будет отвечать кодами 200/401/403/etc. +С 200/OK - всё ясно, запрос проходит дальше. В случае остальных, например 403 - в дефолте nginx покажет простенькую, +и совершенно неинформативную страничку "Access Denied". +Чтобы этого не было, нам нужно добавить в блок `location / {}` перехват этих кодов: + + location / { + <...> + error_page 401 /auth.pl; + error_page 403 /auth.pl; + } + +... где `/auth.pl` -- страница авторизации или сообщения об ошибке. + +Здесь вырисовывается две проблемы: во-первых, нам нужно прописать локейшн и для `/auth.pl`, +во-вторых -- 401/403 коды могут использоваться и в самом сайте. +Первое бы хрен с ним, но второе -- реально проблема, если перехватывать **все** 403 с сайта, +мы можем использовать для этой ошибки только одну *глобальную* страницу на сайт. + +Для обхода этого кейса, я написал [небольшой патч](authreq-302.patch), +который позволяет также использовать код 302, временный редирект. +Правда с включением в апстрим меня завернули, дескать это поломает +использование этого модуля как **одного из** факторов авторизации: + + location / { + proxy_pass http://site.example.com; + auth_req /auth; # запрос должен быть авторизован через nginx authreq + allow 192.168.0.0/16; # ...ИЛИ идти из локальной сети + deny all; + satisfy any; # <- "или" - берётся отсюда + } + +В принципе, надо - берите. Если таки забодаете апстрим - вообще респект и уважуха :-). + +Далее покажу примеры реального использования для каждого случая. diff --git a/articles/2017/05/16/nginx-authreq-1/req-graph.msc b/articles/2017/05/16/nginx-authreq-1/req-graph.msc new file mode 100644 index 0000000..f18e8a3 --- /dev/null +++ b/articles/2017/05/16/nginx-authreq-1/req-graph.msc @@ -0,0 +1,26 @@ +msc { + hscale = 1, + width = "500"; + + c [ label="Client" ], + n [ label="Nginx" ], + a [ label="Authorizer" ]; + + --- [ label="Good request" ]; + c->n [ label="Original request" ]; + n->a [ label="Mirrored request" ]; + a->n [ label="Authorizer decision (200)" ]; + n->c [ label="Client response (200)" ]; + + --- [ label="Bad request" ]; + c->n [ label="Original request" ]; + n->a [ label="Mirrored request" ]; + a->n [ label="Authorizer decision (400)" ]; + n->c [ label="Client response (403)" ]; + + --- [ label="Unsure request" ]; + c->n [ label="Original request" ]; + n->a [ label="Mirrored request" ]; + a->n [ label="Authorizer decision (401)" ]; + n->c [ label="Client response (401)" ]; +} diff --git a/articles/2017/05/16/nginx-authreq-1/req-graph.png b/articles/2017/05/16/nginx-authreq-1/req-graph.png new file mode 100644 index 0000000000000000000000000000000000000000..55773cf7d9247dad2978c9894f471a1637565520 GIT binary patch literal 21205 zcmeHv2{e^!+y7QVGG<6JMwB6AGSf~7QRYmU=XoYWLdcxVQ!-^vrp(Hegk;!eNoF$3 z?0;>&=Y4z6Ip2R+-&+5*zO`QK9LG{;@BKW_eP7pay6&L6@>2M?l(+~40{^zOgdzfg zu?GLfbaYhBc1q%M z$VAa2#d`~LCa5i!q^*{>b*VIB>%+*1v75`=E7j5puEt6Wz1Kyt<(_GlU+8_Dfc zFZbKGZ^IQf59&Pb=k>)rfBv@b3Ol>!XKN)TrT8&!&MdM02|{XW>Yw*_=p|{ldopEX zU%q_#W32Y!!LHNzwbn|tH+vjDjaluHz2=+m{m*!>Cyw9c*xTLZ=HU_BolS3O5GR5jyoOBLhpp21^^<~P#2^EE5v>4>B=zl@BGjE(8+jw)r#w;6KNguASKy%Az( zY|Ml-?S6Sn&W38`1U)Y|_Z!#MZ=QQw-Ipi~(!14_l}V|olb=7|=oDIh8!EcR_u0wG zsXd1M0yTBt!e+S0miohoLOmCxk|HCC)9$+NZ7l_#;}AXEo|MmyVsW{n)ca;ZCx}SU zW7}3n1~Mf($B$tfv1YHB8B8k_D1KSrz7igfPOYu>vz;V7u7q4C()cXa4+ z&J)T63sj-MzyIi4JKw8rKPqRQK7GnY9^7I45Pq)7a_aKwY-`JT_3A@=dtPCov3t98 z@5o3}Lc&un8ft2?;AVJi%9SP>E}AdudWVOG9zTA}*-}|qXOIgo<0`t%}vX)}m6C)ztPr;5iQGgsYsk_%TvBIyzc-sWqIo-eHDdYuf?`AK&R9 z_7)w{=VbzX{L22Oi2iI&chip_KfW@s%9XfG3NJoiP**2fRN3J00w1d}Nxe+N?tYI_s5?5`+h`YZ`SE>brYqrEdkIr)duBc2lks|Ap4wc+`^LujF@lu_9nVdb zTAicmL>om8Y65J}+(w3Q;csO@GvbKt};$e){RjzcdXPlK} zu6nsH_~}#knPis`$;sFUURPqk_=eAL)I6%8{#NM(`$SPmNg-9V)~qLM zX}E%?)~IRct1qFJ_q#WPmh|-Wy~1+3x?lazoJ*27xpm8bMrTgoxqyJch3nR(gO=`T!a&vQYjZ)Kl zNaP9RtGql`28PMJqB?!S%ZPnH6^8}HUGxTh_Uvr3yvs~y@|Q1PoEG}IsEHAWC(Wo| ze=gLnzR183_3W9~{v@rGl+@7=mwE%ii->(}COrh=k;+%o-%4twS#sk91s+ybI{e=Z z@|5~gNh75MS%Gh~GV(UY)uhahQZlREpl;p0hM92wBFFd*} zA|hhZpYOIcXks%~GdMb0pql64;Bd5&EyhKSdfR}%i&0|CO^u+_xPO1p`vB!lcJ7=K zhl9QS#fujOg@oe6EVMKS)D_;gO+SrYaMMl)05vCi!>!%A;8C)!+xSo4Z}2 zdm-;Aq;+E2r*P7C)@M>hJvEr3y1mJ;e0|!d)^_$e>b8-WNiX`9Y81#Z^_Z94yLT_e z-$V3hcXQ!lBo2Kq3dKwwJbIWRKousRO@f1|r>93A?0@wf4yItT{AJSeiVCHUYm}i9 z7vIr@E2hWP@=4(s85;{GcS6CwX3_sv#I>lbEPAyo{=1R!PrD|%tU3jX0HT-6%Q$gs z@6T{pj#l-R`Bll%rgmkgYKTu+hZLjULtzhB#%B_?j?$)9xfded+`n}QRFj_IM?Ue~1AD_d+ z!=s(lqn!MFkMEIEu!^CYJ_!i0;?ul;KOUJTj^oCze3^8(+=?e&jy%{1R=Q|^baJw` zj*fMihLfPSv9Yn6n*eflE;}_Vv05}#l#_GiTXQhQB!g7gwrLpAGnq`q97j~4ww0BY zqeJy*=Z4go52wtiIj`{XZ54SREIfcUE#NS{4@gu(Jt!L8FDH?#}CFO9VsG0 zTwHdBhTlJ@-Nd0U^2a8maTH80G3knFGh|iGUnwpWdAP+-MUbOhWjpbHu*8Ix-xfi? z0aciQkg&D2wcYT|CE1v_syfxq@C1Xy!nV4p=t~V+!?IJ{Wv<4msj4bo!u8h&6d>na z`bg{h*nDu~#O$W~ThUW*?UNO;d#H=|_^Ap`DiS@sB0z_q;eZ*Hert}5jMOiVt9uy4?AnBhU~Af7XFTsqQDtT#Esb;V6(^z15Emc6`D&L(!%xnzFKCvAQMSF#H@K{DUf(DEHMXTft;@c6Qj@%4u>;dHMNN)YS0sHN?dqX_BA_ zeR8DawrQ0Z2;z{7fj2dNRzSajy;MyG-#G5S@q7BTE|WhR!ylQZnwKe~waomZij$Z3 zyXvehzv#h6PeMXMO^tBTT-?<()pL}T^SeeIL^zx+Cwv~&opZCXDGD$BQ6|u$o}-+V zosB}FhL^UA^;a(FyV&a!3w`4}J!wDH^vX zi`0pU3F}K;!s~KQPG#bBFKo_;lAAkeT}5r4Ck8lmORUE1ElQ<_dBxQ#jL6*5lI_YB zSm1IR8k9Y>!iXl_-G}~MfoV2tX=!Pd4l~vxZ&!mk>Ru08qKY1HT)iqUCzlbH5ZUTu z>*eKTXII>Z?ui^VD<{^ROMmoZ8c-1vcMlHEISN{sn-d{>-*Hp!wcXGxx4d%oYPmX_ zMuGFx$LK^ptM?Q|59)O?6#;6*cTA(vmi-@%n|brXvU&$s%jwgnwY9Y$c&wfRM1$hz z=KgjRPEF#mD9NTTMHSY6z%DFYQ&7Nu@uL30?xrw}LXI*N2JhXuY-{YfQeSLB^cHJw zX4kHA9DHN+(~SlV&8O_$WMn=zG&JO@(@>cNK zvuBBr@aE^wpMT)FNyZQ<=fBR-dj6=C!jAJ^AoXgz9Cica)!24N975lB!MC#aoN}SV zVgC63h!=KL;&mJO1B+mG@^%}q^+do>FJ933Ba2PCXexT-9}!YaMlmbYZGQ{yt=zG* zvy+p;Y{*C)J5mj|Xuo}c9ZHp)oSdgxFu$}^kdt$TjV+1G04s$5Uf^i!1hY~D(zxV) zrebDB#)m2Us5StNyrbFSh_~Jn3hxnH?+E!}({Z z(oS-}W5m-XjB~<3yz3U!CE@m_J=uT{^<(Q%5&_~dnoF?(I`|itf`Wq3C6iu2AR1UA z`Y`|({7$~;1q&{ON@m?ec%1@Ja9kTiH&fFvm|~8kfNoh1yna_Ek*V1IGjFvq)B>me zIzjv%e>c3on5mUjt;;e^nJ_o^m!TnE5|1D|@DgJ_615qF9B5_7uE#Nygb3mFF7eG4(8*GjEr=taQ9@6m&eVqufP9k^Ec>l=1ceQ-^WR74nD^tLV)?} z^VYg=!gg77u0C#Ss+UQ1^0X`M{Y7&#V;*?zOg(z^$fo|Fyt-P5j!t)>zrZ^BI&3ZL z(JIXfYwc=hE2!~+QYCO|H@?W?q%GI&{aEi3t9M>X2zPR`sso5wJvufzdhoOU=paf# zbhTJpCs9cx32^_~RJ%!6$}OC0e0&%EME4eXvRZu@yF@H zp6D_{2@nM|PN)J-advT0dI;#e&V7>wY1$Ivz0_-vj5V2FIclAqC$jc|A;szr6G_?E zG6CeP;^N|rjPIX73NSO1^Iq|TCE1Xn#1c*Gv2sI6DM~S?=13L($jHd3v9Xaau^>PH zlfxF1kWh6^&4_u~ykpg;PoLJ-?ENB;X#?d}iO|l}+29s!bl0P%6~qpBM@Kd#l417) zebo;MrxN&u-ldG<0$k~X3n~`ZNhnm!XZTQw? zTZ@B}w)`22b3pIm8F+qe!0`M0&KDbQ?&4sH5%=IzGFFd`<+7bbn>qnuVJcc$j;OX6 zw)@{S+?IyQxZ~Lb1&5>@{62?K3#GWvU#Zm6xqtt5^kvegP>(r9a4;uyL*m1H(%5Hg zzjnt;_z-*JP<8Uk6GN{Qeo0B>*FMEf{eFX|ph#(HZVs)4B#zd&MSaR^YxCg}bzA!m zWm`Hqj`rNSR!0fEN2LTfYqRO$XI&R1!#X=VRq|9fx3>Cwdr8U3t5QfMNRihsAR3td zQeFyX!dgxP=tlHVv}}XqpqkfrHYg)Kok2h#el9Q$8@4m2c4bFZgoob`Tr_v+A^TM2 zdP-^m@o4Vpr=BlI?EIkA$f-s2)E*a@e-~^1p9>6uf-+sl&5&&%Mvjgf`#bB)M}szm zE)LI5*Jrl*I?tvb@*4<&mQrlc+EOVX6;31KG~er6e$j!JS+L;biVbvwD=aMYpe#T; z`>D-y?V6J?D+@cjk+ZBPCTGe36@iqB3M>dD&cRNXx4gW3SV+h|{B+o-_TV1bhP$Vv zBvyDUEJ^oTuY6>*%;xSw(Rj5>_@IKB2HfID9Gjb)J3BkD!5=Qy{`5dunwg#NdJ1&2 zbunfaM_0HwS=4hkh&cs^fZ*_OZy6{KP>$Sg)8{fqdV2IKX)j-1q^Ac#r>V7ddA!~` z|9wORkw4OIcf-tBEOQPc3YR_uwGbb6V!I1&!iNumcQ4m~jst~=)_dPByXUsc)DU|M zKMxNHeW_{p#oX^J6OC7{ToI;OZtyutF$sWrWJD`cnvpzseQga33v0F<(<_#-mkECw#tbZEd-iXX4@EK{5Afo$QF`$*!tOnE!0C4#2$30wsCt z)}>3AYC(grzM!I{#Berf+rtZB$AYG4`M2I2CGPl;)=6q%*Uw8lpFVyBu+c>EpvJZM z?b|q(-Z@8rZW{73GF5hySS{Nvp%-r7zAcJ-fs(SnP+KU6p_2ew&J`N{ro_ZV=*wI! zpdINKzfDi~{qeC(v&$c@TQB7QsNRh3Hc@D@#iZ_kXYT9ko12>hX-hRvr3keQaA0%3 zFU9H#S|H%F@ai|5Xq~DD zd~$OEr7bHdC3W3uXk+2QQG)wH-cNS#)KS zJDzX>Is*Yk6t~0JL0r56{TUlZ1QBDQAt4}Kj8r)V52++1CPLX?CF}~|ikH(F2Dnun z{h2w+mY*u1@kZ?4EnWWezi)D4mA|fbz%dJb6qGC(nyQ z<;l**rgsFI7Z*oC>wj=?Kuk;=#XDk&mVlQ#Q^jbHzZ7bCPtfmit{wT=JeNVAGSkh{-*1fO^ZwUyBfuT{CbNh0B zZY~Q4M`{hR2|hvHaxk0vlg5b#U!tHB44pW>?_MagaA;TYc3LEGw%AwJPh~P+cC{iNT?0t_&ClOIS=j9jRG6|d*s4i_kzsQ$ z5OJJPfzqBuMcItkX)7tEtL7OP7=R)iABOWN2*ZpzqTNcqMVFHkP&Ns|i#ya%kmxIO zoz#dfX9MlYcB1O=#%@6bj>z`uZiL+ZzvAb=F)x1ahZ5ON>D?b3aTsUI*d1Qw5Ww&Xd z_Tf)7pz+)q1T7&)dAC*UaJ8MI-cj~8$gU4RTZ4`tH}(eGd3R%uImPuNKmYdLa(!1@ zn}GYqE6MbGEYTqBEBk{$;OB=KDoH|1Tkm~zSd4oUi6q5sp6khuAEQHLU65n(i_j@b zeKqzEDSy}Uni-`?9Kyvu@O+WW;cF*dLhq=I&D|67tC?)~QGhVv1a~W2nIuwIm zDm%_iVDAzA%#wHSMsyfou((xt=C93YqneD2Og_6LGxHKZ|3E>3g$;1YAB&4rd8tq= zpcxky7WVckSG9rCYhE!7h(10#+MlblqeCUH50II88Tq+$=SWGn1K$-i7Wc~r2L)An z9aLGg!Ifs+N%R6aONry=&6@?PtStlPWl+HPE-%i`28MV(sEm zVbKPD&GJa4ugDj7XgLesvLI1-xtN-MC}W~wC|Gb5q&>JC{c&Ss13ZH2QTgj>`U}g; zGpnu?2BN7&edakXV0QT-)50l61gR`)OYfH$-)AG=odQ3-%GD62aFlX^Jdb3~=4ib4PCN`R_yc!D#r1H_EXaa=;e z`c$XWm?vltctIe4{v1pdCU*9Yf{BpxJX8eOWsB}!1lqILuqp^Vn-qcq13%9>;?Rez zb|wowc(_znRaFHzq9aKlDwi%&+TGp#mBJM!rWPqZZ*Ol23Cx=}aT^>@nR)8hYzOEg{yGN-OIwxixi_7rKQio&Co0l+0_Owq8bVTIHeaO zKP)jTb&*v%@%Ou%{oWTAXcKjc)Gm{9adE+C#PWS7r3ZDy&28s7wH;?Oto;?X9_g%; ztF1A+4$twie1Xe3&VAwMsDDoZT6R`eR#4STza(O8Qhg~8rXCE=AT+yqoVtB<0(G8; z$=J(A|L5)WZt1V`1kyJhH2|{qo0r+ttUi&+)L)H00Ar=CvvX^P5-!?iwCWn@gsYBU z`ud^)+>ny;-n(a4sm0B42|I({{j9OA?d!C(8vwBwpAm}fbE1jNiw4GvTMv#EHi^{J zjT5#|e&m> z0s=b#^{-vKW?m-9$5&ob5;YfyKz!8`*El*?A#mRJU4x?p0sJx>Fwo(Ty&Dq&kgO;6LU4TmU z1(UFU$uWrilOyx2&*sD%#NLX^3>$Jcx3rAScz^ct!ut6<6yq(uGi^Y+6X(=`W%<$J z^3mZGhxhGTOYo*@TtOMnP-hbbI~ZwdYkN0Sadl_EmFD3hkdhP;TmGbDrRHT_T^#`D zGyd7SR$xdATYZxzw#&_bj?TenjH1 z>(s=}DG(t1h>&ptayEi-EW$@L{8XLeM~5!CT1-(Ys;XgOVW6+G)6pRelA@wY^ct~X z9o<3Eg^L;Zeg0+fqV3d~!qcySC{(e>S8&_lZym!vkZ~N;M9W9o0QG{T`8hyas7y{yur zBbs#-OuIWUHYR@!Wy*Ut$j|(TU?h_LA;`BMKYaqj!OhJL+_iWChb)U>_&hCQ3hF7i zd;IzYl_ZawI;-#8FT7t?U+)cag|dt`$W5>oO1ea=VgCV&4k;F=gD3xD?Tu<4S&&4E zSu#sda4`I#A^=0=2mNATf51i^Do3EH-R%HR1pua|#`SnPfZh}aMIFRQib=rgwd#!X>l{nW2sJlL zOaMUyDnr)u_@j*>i=tYc2^Y@mtv{@~qYdD(eF`Gra{IXMX;&a+FhTCA{fRGFe~NlER2X*2}5SV=+TQfxab zD{IbKesGU&4fkYYhb~@|j)U|+Oc}c5|JZK3&Q?0p9pG3ZT z`SSgoV|i&QCN{Q`e@b{tgP4aLruO^ZNv8eq9Aa!adgmtkg1uqT;f9BYM{(g>EZcqL zt<0XeSsbnwWExNc#Y>)^o;p3dpFc-vrZrBWlQv*cfDK=hWl-g(p^b((v9;oK4HQ6R z!NTlY1j#e9zm~6+g7sf0M^qKh>*k`oJo=_E>FqDY*6$mE-k~`G7dqRT1KKC50#Jv@ z-0BC0aMvXsp#25k<4sa>3Jb|`FgMuWw;~I|eu<*qB*rB>P-mN3U?GjKD(hV`O_4WfYtzjg6sUaed>z^)%o+QN3CI}MV%SQix~){ z77od2XvX^c$%%=Jy$;-I!n2iGK&BNt*ifqQbsPfRgWgi#zQtVCuCg3_vnNc5TJI*Q zTWFkQLg?a8cexr^wr97sDcrepCzzaFMp{}N2ecX^Lqm_vKD7`DZnDmBDwF*l{ib&k z@VHGNE)exr>uL|ZFdh~MdGZfb&ep~T(c7q#UxYwzgnT&Pi&TTxK~z~uF7 z+m?{?oZsMGX#-N_FwVqx7)Q%QKYMmDw*3y1(!G1#j;W$2z8(^boIW{#ZLq&JYy(I< zNa9O(cVtr1C+PUw7c!h0Xsk=F+WHZEz>MO2B%<4Y3V|uL@aWEmeNQ~Zb&$^oPTB)k zJns8=|E<2i+w1)VD^C58){YPWjA2Vb$V+1;i@NMB#ye~W8`w7NL_DU{(<7pMW|1HH1QCM$U`WN}`VnHU+-`;l|# zeA?hA!bH1479i(=GE_3W1Qe>W@;*e>&~_u)?yDFLaA0Cjo;Xnl{@9NnKfsJB(5$FZ z8GCCtS>?0xl_AP=4Hxy4<4l6z3iAr1a@#02h^VsuJBgKrYPT;#~I>b zr0qC$0%NqMq5{RE?0y`bP|T52P$()Y0?8`H>R^8&s`6NChzd&xuuJr@V<5s2j@6zK zry>Z@Jasj8cy#p6QroX;gOhfi=desE+=((IeA>A>xo`_zsLHR!%k@4+hhBacH~5tbC5L*UCF=*qJh!YloVD($BgE6JZg6?~>P-+cO98#`gAhVkG1iplvZlwdofx zj#TzY9qA-ODd=%@K#@3|IC+vorzVg~)c$*5_%sfE4!V=OEDeFdCVAcEpd1l}kAB;* z)=ALM#M#IJ9PZgT&3>j&?BIiL4L}h9+06igN|k{Ulkmog2$@W<3DNS0&q-_|-@hAXG3e7kxoB{l;#)wj5m&Ls z`C)+D!nyE`418Tg7Av=c>`?_e&BdvGL;ffFX+lQ!zg1uah41ffhI*&DFPWg7Lkw4^-fPsQ zqqnzrHUAaR%|Z4};s#g!KNP5^SLYTNfwg8n0I3O5a>oq?QlaQ<*E~q2_23|vq<$$y zfb{zSp!53rI;ueP=h(yLox;H{U$|4qK;{bn$BPPi?rxAM2oqCL$<^{6vkTR{=)${z zG$JBiben#gocy^wE~cs{EggtVOA)# zKol-^__k**quPFn+#o4FK8OgSc*H995L$ZvoD^cWUehR<@KVR9ALppv%s9jDncH*fDFC`3^AKrJ8h zKJu&x&Ha~dHMGf2t7!)@oOrpG$yEXx;n}V8#zscq2rIVBXY;VK2Jb%3UfEeWbhl2G~gjGwqejib*h#Kt6z&tf~d17tlDtVSTy-LJQWO`XP{cP=KWD{QNw~LRD3QP!UiIzzV<| zH}5Kc4z|i~2{{Gyg@KL&lzGW{4{}K07XU=iJ{cGiVrgTuJU{=kJlU(gRTW|m{K=g$ zF)?4i>Q;1df_D$lr`I0D1t`j+e0;pTkmb-1fluV>`ZoMM?2Lhdf!ow}&fv&NuM#on zK(=pL0+F)VYyxp4hAsv-4O(gg|!ILPP%Pho&EGxduQ zr(3ad`)Vmn9m6Jh1(os}Dpg-djD??tmDs zez9%{w9VK0%}*gTU11K^3ST0=fn~8eh}RyZ2_4hWgN{F9r4yp&!uj(M{(kGUKwg%| zd;L13ekN&C2o1R7Ysx`maA8eTU;-vj5a5f>?pa^sYJosaJg9W{@1IA4J%zT|x#Bve zA&(i>=L}#aC2xIbWWx4yG^G26mm_}1l+|4YD|JY?74ONm1*Uw!r9=eW{L zBPJG>PK_%lqTfFdqnMnlM=jL;-Km#LySuHve0Z=2&lhkUnbDLK6fg!q z2o{48!_@-bey;+l0h!mqCJH|O&+!Kh8_gT_XF_gd9QsP;V^gm}t+|Ymfx$N+ z0P=>A#B6J8Tdr9rs3o~_ER!u-J)QnHC9GAlBB2)v395s}IZy@l^wREL4te?%_z?Iz zCG19!Xc{z0omzDTjP9tblW4)4u(9Eon>C}5WmCIJ9^MKo52_^ECt4b(=)g8> zRI5{T_p-jeK74jOEZ^|=xw*N(Qra%q^?&`kSNGwu5d;c_aUw5sehcBGz=MViy3S-x z)@cK_*!IMPgdaz^3_wn3?&0ISpR$i9@VQ&KemJ@MLSV?07pZ~$sN*G=92!d(Y--XJ zbC~w^Jvn0_Fa{}<4$zu~lO3I$K#avab!ya`vO+^^ z&8>z%A_gyI0Rw;-KNss>D+;Twb@EEIOs$Rr8Q=BmkRqq!=C*(L_!I!zn>abjxu^%; z2Y}b*Y={s&co~~P#UQ>?3poq#EtbHoRm|B4_ufaR?dM{iK|THXViediXRQ(8;>KK$ zg7B&YgrqmW9Os(U3skF+@Su>$$CBwm;o;-;-eSlPbB?*nx!1>B4Qy>!%1}D2Y-|!Z z{(gQCM(N2`;HkZVkmCXOqJ=rt;|)4!l_||wWj`gOtNX%&+Wc%*QIQRV@Q`VoApb%Z zJH7k!a(`bRyGChX*9@&72=33pryv4Juvn9sSw4v!b- zyS&f{3LVSR)zL{&XN!?$gggZ>1cT6mO*A&Cb-#9C4KoA~=Q1-pO+esmu`o3JOD=4kXND1)+S*!(-Cw&FZM`<1 zS2VP=l`P}}T~{vztS4|{;2(_w;OFomMfGhLZ1Xq2z@{#IP%qCO8ygEEb)VHu z#F*THqT!A4s~LT<@ec?X@2bK);S=sfdEr7%TWD!1Z^aWH<4=$ofT^J!0mn2H*h3q{ zVwa9>e|kU2`GY<{N<<`H09ohXI?_!~8CYC6X;7sg5I{{&N=ccknrAce_J&j6_&6;w z@w@MDPjFIm9n`+3;7uF<4s%o5%F4aqksI(**6**$R%#u7;_3R#YOg);#z+>TtIhh| z=4GsEg(IbAQJU8(n0mVlXEY5qqaq?c_w{WypL<|isa4g+T2!N7G5o-7DjG0oh#lY+ zaQLkFE?heu1#t)l@Rh(1Trv^c8w6uZM9j*4r~YuE-fM4o93Ta>tO{U3jTGpNQ2SJQ zc{%(N&=E8zrE6WuLO)AV4=l~Y_~Uj1sqLf}NT$Krg}OmVNEj>42r=20LN2lk@N~fv zh0Vpn0{UfQhjE2@Vf(S`-^p%iu9xpM=DxsA6AmH1aB3mR>oBDT;~20-_CSf?Y60}s z(bg6e7DgT<@e76iu^hL4jB2W=OzoKUw7b{pq}>HtWoT#!a~`>`%gUVEo?X(q`ZFgx z1s%^(Q3o?eM@Q61ib~E7oj+^mg`TiqoOwuP^e>OUz33kvzuC*e%k(Bq82$sqscnu3 zxo`HBasgkN59=G8T0(+$295v!nK@rS{MpPgE&;y>a;;i{@(a&jzkUsATxXE9%gezI zg($|^Jz6}(qf>MRM>ip20TcpM!d`PHOG`@=6XqUb3`9fYqtZhTYX@$yZ;tI9AL4_k zobXg7Jgk#G^`);b6pOte4u(ye?zD`vuLOMSJ44N;y|g>Q%ba#socy z1p7~E94qQEP*YEz;%4^%`8o?ci%e2d5)$z)PEMIwS?*Ry4$HBc%90Wu5s})$!cK^5 zZtjj&yAl!iV3XlFzyEsj3uQHfAg)Tyg_XJuNEWPaP?7c#c-(2KZ&wfv@-WU6G^mVP+ zeM@55DVTyth33*?*X)x{EWnSol z@A27%IrnsX#LnGQ&mz&IE>4nha#=8@3&}IE{UN{zL$Y(5yYQO?sHq8s=ZYS#9sGEH zs_QvI_f6zOVrnI|7x3C0x|~!(&Y#L6s_<%GzSMtnJ$`k zm1K4MYwf_HKTOdR&ZasrLE#1vz<3sr^)lp1Ha%YZqOujh&j;5M<{1>($YCBxH(&Q_ z{8_|nqMqxSdU*P?eB!_rQ+}p$$IC%pYye(rJN0^|`=5qfBU(EOA}X>KJ{Z1%i74Q$ zz~oP1V!pj*cR)npmW9c1Jg0}5l?9W-!iWsuA)@2oUr?x- zYXyW5JR}pO3WJn%X;u~!2M1y3s^LXcpFf1cy#~>WB-n&6Y(&R~hZh(Mzvzdg+1z0*EFZ(i{pB)aZ!C1M=RLK^`p0{1VIky13PL(H2J^lJZ{ zPg${Rv_tiQKaUDPYSp@v9jsiP&{4aS+A#SyiEspw@A1-oQr8ynH`XFd#fS80-j*hxr8n3!bu%;o3g+`zeq z-44GOEPHL#9s@C+;O3Wo=4vp~2=kvItDrGJyb0{0LCdR`FTY>~!msnz_T8MLV*P4Z zAC*DU?>NCd6ara?M+02%TCJPV@ix=Zai~NPPlXXiD6Uw^d~)cB7`o_e=HXJ z|5z;ln27z4#quAE*(-6Sr0N%Z;aXjhRvd-aa{jzAX9zvlIc0gMD`Diy^{&k{> zavRL-DJd#Kz!$7P&K59P;2@8SkDeS9o;uDAk8k6+?k)xHh<<>VZ`(2j*~6;A*&GD z0ORJ>`(G|)Kl_bqyuA4UnH8mys3Cu@DBKhXjxCNl9UkMq5;*oB<)R zk)ook3}mFgQI;G#09(2^J6CN6p$9m`cG?tj^YZ>0X9HKs-rgQuC0)3BV+SuUQS=o; zrW15m@Q`UeH;7}~scC4O@j-U{rECQcIq!n41Tga^YpA8wXW|fupQP>D>3eXu|JAQxYzmW#rlSZO$8btWpx-gq6dK>5L!X+;AzH} z2yp-=r=~%SX;{|QkW@@dn*ckhw-C)e*}bgbR6$( zUlWB5%oKz350i*E^uG-DW?jBSAhUw1!{>R7T?;!c9AGF$4NN2J`kQ>eC6kxHByxCY z2H`ouWCHr$FJJ7z4}J6qkxN1lu)f+#%iza&_O^loA#xTX%Ak0ON@mp8i@}uhd#t!x zSSw#gL1%(w8hqu%!XX3OkdMw;*ZbX4w;-t={ZW=zT3Y(%&6|k{y~GYxRn@G!mp$@b zVDmXwd!o1CZu_6Jb{_dp{@t{XV%ZoHzILtb&6_V1w);yq-VfK>m|=Zt??wK0Yyx2| zS?NC`%V5EO4v0brtYI#d7zt5euwE!8;V6xH=BLFTzwDRPQVbK~tRrn*yo->w(HEHw zguPn3_K~&l5<1^3EC(JuWNYN*z2Fd;*<@*urkb1eY?OF^*Rrg|_^SFc$U!BYqm>6T zfP0)>Q&xVC4nTFlSQnH6I6;Fgyj2!P)=#bvX{C3=^pMgu5pQnK-=fX~H*HQ?fkO!b zSBk+6j)hHke*rysWVV*URgq+-Y?Ry)zXZ`*C zz&z#`1;M+~eGev!pNzabRB-1zcS1D^!a_rr78ecSC>SOz@Mf<5Gqx;;*lt6MeveYO zY3zL8A-wU}Zo-irFz89Q@s(NPB&QL?8~^@DuK!B@f}j@6{PfTx>L33RcuXD8T!aCa z8IWZ`DIpDRh6s-Eft))kpp2)s*~=a>tZ<4%Xh{^zWv2)_nd_fqSWm-cWH^=sNM2=U zoAl+X0Pm}SksXg6h_td_xnh^6q@l6c8F`FQh+Zo20=*(&t4!WXNs0V%i`!{ zk@XcbNJfFhgPu(Xi$^|H^q`4E0i9Ol2$eLral@z2Jd+h{Y(_>#Q{IH_?d^lTpGy8P zkO(p@B#&R_{ZF-8p0GS`Gc2mx&DB(cO981=-`x@;&YCj^9rE;g>3#+m7iPZ=3O+c| z|3&vp@T&MN*I8ZWv}E-wNno%^^2e-YbV7p6bvFnAf@=)*u;k5~zd5Okmh0{DJOWfp z$S`KdK>i5MubMBX2LS~_%?5Ca6a*1#y;Pt7iU#BeeAAt0Ku1OuLSSYe?DOgvDlxBp zc!L3kg6d9g20zRb7zZ%v5n*vhSW*Ku=P0@hgGqn*{K?kH=Kk?<;Pjj=9-0U6pytwm|0Bqas$&3PBMal z8Ml70p*PMw`ZYd(pb7%QLB1><(e`Y1adBkAh_tM%g9Sf~RYI>}uTDw5dCoobUBOM- zRV9!e90jS7uQD^IKw-eZ!04@lSUkYG5Ta+&jBr{-Z#F3j$)tho-rgQWMECgu(K_{J z&?@AnAvBLpzkz%OiFW`A(DAd^ivAk%^89I8F&DP5DEwfK?(~!IUPnM zBP$Cz=?gS8<%5>cFyZtUDTFok;qdl3HuaT`>*I8Ou&ZycsMEKovto)5rnI*#F63rw{OWy6e4vW|1ZGU@J#>! literal 0 HcmV?d00001 diff --git a/articles/2017/05/17/nginx-authreq-2/index.markdown b/articles/2017/05/17/nginx-authreq-2/index.markdown new file mode 100644 index 0000000..d4bbf98 --- /dev/null +++ b/articles/2017/05/17/nginx-authreq-2/index.markdown @@ -0,0 +1,190 @@ +--- +title: nginx auth_request (2/3): Многофакторная авторизация, NFA +tags: nginx, software, devel, репост +--- + +- [Вводная](/articles/2017/05/16/nginx-authreq-1/) +- [Многофакторная авторизация, NFA](/articles/2017/05/17/nginx-authreq-2/) +- [WAF, Web-Application firewall](/articles/2017/05/18/nginx-authreq-3/) + +В этой статье рассмотрим, как *в принципе* делается кастомный портал с авторизацией на базе `nginx_authreq`. + +Вся авторизация держится на предположении, что юзеру известен некий секрет, недоступный другим. +Правда если его украсть или скопировать - система не может распознать обмана. + +--- + +N-факторная авторизация - это попытка убрать этот недостаток, путём использования нескольких "секретов" одновеременно. +Украсть N разных секретов в N раз сложнее (если только юзер не ССЗБ, хранящий всё в одном месте). + +В быту, под "N-факторной авторизацией" чаще все понимают пару *логин/пароль*, *смс/email/токен* и возможно что-то ещё, например заход строго с определённоой сети. +В качестве второго компонента, СМС встречается чаще, поскольку привязывает авторизацию к обладанию физической вещью (телефон с определённой симкой), скопировать которую проблематично (но не невозможно). + +Однако, давайте ближе к практике. Вот у нас есть некий сайт, с собственной системой авторизации, к которому нужно дополнительно ограничить доступ. +Например, мы - онлайн банк, предоставляем доступ к операциям со счётом. + +Схема авторизации может выглядеть следующим образом: + +- запросить логин/пароль +- при совпадении пары выше - выслать дополнительный код (действующий ограниченное время) по смс на предварительно указанный номер. +- запросить высланный код +- при совпадении кода - пустить на сайт, иначе - ошибка + +Эта схема может применяться только в том случае, если мы можем влиять на все этапы процесса авторизации. +Если же такой возможности нет - "многофакторная" авторизация превращается в "многоступенчатую". +Например, мы - хостер, предоставляем доступ к ipkvm. На саму железку мы влиять не можем, её прошивку писали не мы. +В этом случае, схема авторизации будет такой: + +- запросить логин/пароль хостера +- при совпадении пары выше - выслать дополнительный код (действующий ограниченное время) по смс на предварительно указанный номер. +- запросить высланный код +- при совпадении кода - пустить на вторую стадию авторизации (самого ipkvm'а) + +Сделать так, чтобы гипотетический ipkvm понимал данные с "первого этапа" не всегда представляется возможным, +вследствие частой практики фундаментального огораживания своих девайсов среди производителей. + +Давайте ещё ближе к практике. Как это будет выглядеть на уровне конфигов и кода? +Конфиг nginx из предыдущей статьи: + + location / { + auth_request /check; + proxy_pass http://site.example.com; + } + location = /check { + internal; + proxy_pass http://127.0.0.1:3000/check; + proxy_pass_request_body off; # <- важно + proxy_set_header Content-Length "0"; # <- важно + proxy_set_header X-Original-URI $request_uri; + } + +Обработчик `http://127.0.0.1:3000/check`: + + sub check { + <...> + + if ($self->session('user')) { + # авторизованный юзер + $self->res->code(200); + $self->render(text => 'OK'); + } + + eval { + # неизвестный юзер + $self->res->code(403); # default deny + my $user = $self->req->param('user'); + my $pass = $self->req->param('pass'); + my $code = $self->req->param('code'); + if ($code and $user) { + # формой отправлен предполагаемый логин и код из sms + my $test = $self->app->redis->get("$user:code"); + unless ($test) { + # мы не посылали кода этому юзеру в последнее время, пнх + $self->render('pages/stage1', msg => 'invalid session'); + } elsif ($code eq $test) { + # указан правильный код + $self->app->redis->del("$user:code"); + $self->session(user => $user); # см блок выше, до eval {} + $self->render(text => 'OK'); + } else { + # указан неправильный код, откатываемся на 1ю стадию + $self->app->redis->del("$user:code"); + $self->render('pages/stage1', msg => 'wrong code'); + } + } elsif ($user and $pass) { + # формой отправлен логин/пароль для проверки + if (check_user_credentials($user, $pass)) { + # юзер существует и пароль верен + my $phone = get_user_phone($user); + if ($phone) { + # для указанного юзера задан телефон + $code = generate_auth_code(); + $self->app->redis->set("$user:code" => $code); + $self->app->redis->expire("$user:code" => 60); # код будет верен в течении минуты + send_sms($phone, "your auth code is: $code"); + $self->render('pages/stage2', msg => 'code sent to your phone'); + } else { + $self->render('pages/stage1', msg => 'no configured phone number for this user'); + } + } else { + $self->render('pages/stage1', msg => 'no such user / wrong password'); + } + } else { + # данных нет, показываем стандартную форму логина + $self->render('pages/stage1'); + } + } or do { + $self->res->code(500); + self->render('pages/error', msg => 'internal error'); + }; + } + +В пример выше используется Mojolicious + redis, но с равным успехом может использоваться CGI, а в качестве хранилища - sqlite, bdb, dbm, memcached или просто обычные файлы. + +На самом деле, это - нерабочий пример. Почему? Потому что особенности™ работы `auth_req`. +На самом деле nginx полностью игнорирует тело ответа от этого модуля и вместо него выдаёт свою стандартную страницу ошибки. +Значения имеют только коды возврата, модуль обрабатытвает всего 3 случая: 200, 401 и *всё остальное. +Мы даже не можем манипулировать состоянием через cookie, поскольку этот заголовок тоже не копируется в ответ. +Только WWW-Authenticate и только при коде ответа 401. + +Следовательно, мы должны переписать пример выше так, чтобы использовались только коды статуса. +Здесь нам поможет следующее шаманство: + +- выносим из `sub check {}` в новый обработчик всё, кроме первого блока. +- в конце оставляем `$self->res->code(403); $self->render(text => 'auth');` +- в nginx `location /auth` переопределяем коды 401,403 на путь к новому обрабобтчику +- добавляем ещё один блок `location` уже для второго обработчика + +Второй блок нужен для того, чтобы `/auth`: а) не попала под действие `/check`, б) ему надо передавать данные через POST. + +Конфиг и код примут следующий вид: + + # Новый блок в nginx + location = /auth { + internal; + proxy_pass http://127.0.0.1:3000/auth; + # proxy_pass_request_body off; # <- важно + # proxy_set_header Content-Length "0"; # <- важно + proxy_set_header X-Original-URI $request_uri; + } + + # то что осталось от первоначального обработчика + sub check { + <...> + + if ($self->session('user')) { + # авторизованный юзер + $self->res->code(200); + $self->render(text => 'OK'); + } + $self->res->code(403); + $self->render(text => 'auth'); + } + # всё остальное перехало сюда: + sub auth { + <...> + } + +Граф вызовов в случае успешной авторизации с первого раза ([исходник](req-graph.msc)). + +![](req-graph.png) + +Примерное содержимое [pages/stage1](stage1.txt), [pages/stage2](stage2.txt). +Любителям подключать тонну css и js на заметку: это всё придётся либо встраивать в страничку, либо мутить ТРЕТИЙ блок `location` в nginx, чтобы оно опять не попало под действие `/check`. +Впрочем, можно сразу "провалить" всю машинерию на уровень ниже, например под `/auth`. Т.е. так: + +* /check -> /auth/check (описывается специальной локацией с точным соотвествием) +* /auth -> /auth/login (описывается общей локацией для /auth, т.е. всё что не /auth/login -- пересылать туда-то через `proxy_pass`) + +Ну и на закуску - что даёт патч, приведённый в первой части, применительно к данной конфигурации. Удобство! +Уходит необходимость в `error_page`, появляется возможность собрать логику в одном месте, и разруливать различные остояния не кодами статуса, а сразу редиректами. +Плюс к тому же появляется возможность передать если не куку, то какой-то параметр через url (хак с `error_page` опять же такого не может). + +В данном примере использования, нас спасает то, что состояний по сути всего 2: известный пользователь (пропускаем) и неизвестный пользователь (перенаправляем на логин). +3х доступных кодов ответа, из которых один (401й) использовате нежелательно из-за побочных эффектов (лезет браузерная форма с паролем) +как раз хватает на 2 основных состояния (варианты "неизвестного пользователя" дополнительно разруливаются в обработчике /auth). + +Теперь представьте, что основных состояний хотя бы 5-6 (известный юзер, неизвестный с кукой, неизвестный без куки, подозрительный, заблокирован временно, заблокирован постоянно). +Шаманство с `error_page` здесь уже не прокатит, тупо не хватит различаемых модулем кодов. + +В следующей части - построение кастомного WAF (Web Application Firewall) на базе этого же модуля. diff --git a/articles/2017/05/17/nginx-authreq-2/req-graph.msc b/articles/2017/05/17/nginx-authreq-2/req-graph.msc new file mode 100644 index 0000000..2f7b4ad --- /dev/null +++ b/articles/2017/05/17/nginx-authreq-2/req-graph.msc @@ -0,0 +1,39 @@ +msc { + hscale = 1, + width = "700"; + + c [ label="client" ], + n [ label="nginx" ], + k [ label="/check" ], + a [ label="/auth" ], + d [ label="/" ]; + + --- [ label="unknown user, redirect to login page" ]; + c -> n [ label="GET / HTTP/1.1" ]; + n -> k [ label="GET / HTTP/1.1" ]; + n <- k [ label="403 Forbidden" ]; + n -> n [ label="error_page /auth" ]; + n -> a [ label="GET /auth" ]; + n <- a [ label="200 OK (pages/stage1)"]; + c <- n [ label="200 OK (pages/stage1)"]; + + --- [ label="send auth data, stage 1 (user+pass)" ]; + c -> n [ label="POST /auth (user+pass)" ]; + n -> a [ label="POST /auth (user+pass)" ]; + n <- a [ label="200 OK (pages/stage2)" ]; + c <- n [ label="200 OK (pages/stage2)" ]; + + --- [ label="send auth data, stage 2 (user+code)" ]; + c -> n [ label="POST /auth (user+code)" ]; + n -> a [ label="POST /auth (user+code)" ]; + n <- a [ label="302 / +Set-Cookie: hmac(base64({user=$user}))" ]; + c <- n [ label="302 / +Set-Cookie: hmac(base64({user=$user}))" ]; + + --- [ label="authorized user" ]; + c -> n [ label="GET / HTTP/1.1" ]; + n -> k [ label="GET / HTTP/1.1" ]; + n <- k [ label="200 OK" ]; + n -> d [ label="GET / HTTP/1.1" ]; + n <- d [ label="200 OK" ]; + c <- n [ label="200 OK" ]; +} diff --git a/articles/2017/05/17/nginx-authreq-2/req-graph.png b/articles/2017/05/17/nginx-authreq-2/req-graph.png new file mode 100644 index 0000000000000000000000000000000000000000..3a5d0d5fdfff17b76cdc54d6aaf571d7f7abea75 GIT binary patch literal 51578 zcmdSBcRben|37}Uq_RpOBcW2Z$Q~u7%#!RG8D(!-mDME4h>(ONWRt8^lucxhWMx)X z=I?&#ob!Ia&-?st-_Py${rvO0Zs#1%Ik~*9*X#LwJnrl9ym>}hj(jWqRsw-Qe)^QG zDuJ;6HG!~!gmgXrOYBN%7QSq;J*DM9AW*y|{=F`glY)Uj*h@GqdrZys(O8%FnR6Q5 z(o-Q39DY<5N59G$o_j2qz;oh^tm6Y#t3y`YP8mTb_I%FddKH-Pz{u@c5M{!HWA8J# zFEWxGyc`{v^C=)l%Rez#Zu=oCtpj^APn9Ly;L)aOxGT@^`)P5x-@|=QsDzCERDQ96 zx5!+K`$R#kgLHRi`EoERoj(gMj^M)T=t%s^Cu~?x{3=xTcpbi2UO%=0Us^Z%kl@S9 zEhOalVi-~&W==)Aad~;U^XAAa$C1WQpB@zTuaD|SB6(4OLX?dX@%-rI)5QxNM)}=)6hIuKq%^Z(^eO!n<3>6@eMMikD|Q z?lK5pxpIYM^JeeaHnZ$|R8P(vw7uBOQ$1lKQ#lmtU5pRrw~aPUCvRe`Eh|wtv^s5m zAlyJ|zSqZlb+Km)%eiysR3yH?^5&Hc>F-;py4c*%`)b;Pvg(A?<66 zaTVQr4lgTaJfCUToh~WQWwN`p^k}Gjb6eZPhzL4r>T*6ZmZ$0ILE;U~%>#XX zXZ7^D@V}y?xp&;u*48%n8y+@KP!$ysiHM34_g-20{@rfkmhEKq#Mk%lPikmzF)tZXvbw{-ltJkRE$U?ovR&F4h#w!GJTq#-#YfV%+fhcuW+!xKg)g2 zIz#hCgSly;w8vRI6n%YV;uVis6sM%zmR!~pi&SI~^;{5Sd0JGY#~M7=Rp{cp@Xpxs zW45-HmX?-_i!is%<;w!%A}=faPcXWxc$YMhjl(@57>GTX3z{mSI(O5ND; z{Z>|1-@kt!vs6{xv8Z^)(NQqkb*gN$nMn6y_=qxY>Y(X99-i9wySA`UN=~0SapHuX z-S{;at5C&{x!%Twup=TwXoo|x;&S7WO->RGAgP~;h>L?Piksv76aFk zjHafhgM)y0RdjLu&!M`Zp&@1|kNo815#rt%-_x;tG(mO${{0OW9YJg##~Ms>gT0sf znSJl|EKj)b7EPgZXSO_E+d zBq5=jtfpd$32u%HQ|w9GUlUm zp6q6#qdORUD#m-|S6SJy_njToSBi?CJv(^tVCB1a`vnEDUmm0>d;Kb96ORfF-A{8n zK{a{9tGD7|&OhRg2khMH7Z4z4Z=Wfj!0KzBqy1iYA)j-ir=+K%BA`W(j;tz-TR}x7 zcATfiPAodGn7J&|i;=&?<7sVUgGoE73%9=!ZpHpk`HJ`NP2)qBE<|Rww`&*Z@&upS zK~3%M?%x09%U65Ray}&`rLBH4Tr?H$-r3Db&k5A1ni@Grn1%>%BrC68IkjnGvw_EV zzu4HG#sr0tv7}h9$l&0zr1W!}2>CtL*E*>AxTwL76s<5tN&yMEiBS((pJbPBzaBLl+w5xo4ON18sfw8gi z%F0S0#YO^QV%P6>MJ>^UuJ!kp<{RKcGCTCO%tDky4xMa%(rDX6;EuJfHrLvlpb(yj zS7GIg!oUh1COeM#y0NACaJD@Z^n_BL;Q|S1X#o$}&&GzA31qB7z zCd|ytW}Ml%xwqbZiHxM@4BhSjp{i;dIl0v(;%n=cEg$OY%;*xaCseVX=35n+^DdOVd zSy@>pSkEdbY_r-YA@Ta@Q`z_i&9)PrVy02}|54K3E5)9Rg7ivmZUwTeEQ4NpV}av* zWLf{&nooJ>1}yyu|4==#Im_Ms)eHjzgPxuqCkMx?!a`0?&Wne4^Z#X4p=&t+IAn^QFm*VpI1eEISom5ld``|fE)#^Pk7UIe}^nx#w z^mFM`0S8fo1Ox;M6qGoF?%cT-yV`C_cQU1UhYb2NIf;)N$9ay>0177UEK^h>C0AFG zaz0dw=H})wZDU2vTM_~SP4C_fj3mYK96E#xW#uN@vgOxclufHskNc$LtFtnsd7WJG zc+mGx?dyEg(xNU?Sy@RctgO?%n~7<^uWq4pjl5Y6PiA&rl1@)mRaG`yq7TXFmM0^I z3?&2;wBy%9N9 zMhg>(;}L8;(aIIkPEJlobW*dk)i^>EpFTA)G2t>O?!0m_Zi=>UnU2ig?dRbBeftE3 zg-0D<*L`fSZ|jefguKAEMA;_>9y{yx8OZ!ca*u29U#f9VBrejs>KQvfWbb&}#SkTI zV{K#8lWlPh&{$nvT~YCl#iP!<+NT*8ds=q~vMJWpPjd~K)ASxY74frGAnjy)M#9RZ z*IZ$^{*^;4EJnC2_2=CBuQj=7niT4N@8#wS-IV<@I;uc=T2avwyWh%6ujq;sT5)Ww zft{TlfWgtDrIIJT0G(GC(pP`{_;F=<=Ckzb(oZ(Iz_Ff^SgJ2WL!Uc4t0`tTZ{9o- zo8?kwdCthl=u%E(s>9N}oqdu+Zksa@^vH>A+Cznt#Xo0emRA-hC+R{%izHJQ@JDNE zYAlaTOgm;2nOj(Fzx@tn2$)XNW8U`icpFxwjTfj3>0x^{evw*5qB!LOe~S;9LNIR(fQkty^2ArKM#mdwch~IO((-(V5Oo zbp1x*SP*igEVCfW1s*fy2-X z$G3vVrdLm!n-72QuQ<Hl9*c-iOg!Kx!$NZ#5a3RX#Y-u3LpsyXX?m*3j+U0yjasrvO&86~ z7Jm_6_-1tGN^b4_{R*v7O=#P`_xdY>blS4VgY$B8-@ko(j?Gz8xPTk6gwAop4Rd`4m`Y*jnW7 zVrckSmepMPFZE+r3VI06DN9Hgs{ ze8L$v*^+wP6(p#<>```=?g0L&udhevvhFD!|Mo31GE!SjO|a{vEbG}*rz*K@b{Z=8 zc7#&Dsi-=(EOND!qV`@( zRoi1MhzKd_@7&)f18+bnHE%f5m;h!2V8tM8E#W@PRj6i2p_gsfe=zF5ajz$fJRYwU=_60Dn^fRxzj<#@*mf^S1m2rlb@QI2(eDL5? zb8~2TIPLD;$xR~^j3O_u%zT@jot4|;=G&5-k`iw~efep2wxG0hEY)E_!3X#6zgdYS zET7b815}y%@x$K1Axlz-b6iDHQL{&oAxl4fa%AKX7Z-5tWXWoAo8bX=c94-Y{h~`2 zv|3tFXC(ZOmGeFb51#|=oSuGJ^5Ey2ZM?6i8x`E=CYGnlDJ?!=iSF^7KHKC3_%Y(E z$#uY2_QVOTwtK3{ipt6{>Xy0LHWu532f+-lxVukw7KAVfzARHzQoC(69ktQG{ zaM8rFrIoo7;1iE?=R(??Qh7HK2;JqO{@(H49sucC`#aNn%t{^~k2^z`D$+GM@hm;v zpv0@F?L^|;4!^Tmc!yoPcDay2;<>ub$KN~Tg9%`lw95qJ;$LdQfqZdmls<#RWgCa8`ar<62N;KQ@kr4wB009ys`&`veoOg`OK-jt-` zkb=rH`|xd{?ax7_RCNX_DnsWHNg?Z-38tx=p)ZyCnbCW(NK2PwXHNsWcD}iPe}}lW z%o-ZDN4bof?z} zM|m~v4~2dNSSdW=VPm;vutvD2`ojmUZ1aXOUl0T3Z9XK%-YY+2rJ>~z+e}9uub`k~ zxj(s^n_ELegQeet2RoZ`EInxK@j{i%sMwRGlRsDb-cVjaAvXA;s#_A7>K8o zc-JORhm?7e<$HOqRfm|E*z@PlAr$=m4NY~OoN|uty>aVSqq$&iNfefHt$%DDd+F(y zb8N0cEhL0|X`_0AfSj$qEnAzL^@S&8_eC3#2SXfw6vI=5T7b984vn%2_ ztyO1!!&qZpk5|W-zj~_nOn;EHy~4)z$Gp8u&K}9FmtSlVuHk+NVWON;dZ|KsR1n%-l)nO~b8pP{dL&FfdS22})1r<#y}yqt(AMl2GJ6=QZCKkZpoO z5hS(nY~)p0S(zhV*oWXKK%%KHVoSB?Y-_FO9+IXSuW=g+ID?ZmsG zZu|i+_M*b9zqXfyLq5Ktb;X*4&}n1qzP`8keRoiAThDOAeYM9?v`|dKpBm`^sqQ)wNe1zJ+4+WT3}$t}ClfYIKD7`V|F*A8L}RPD)Bj z(^6xRTtsXvZ>W3?4{%YWx+vl5@m>v{Ym~*SD~n1|LQssNxRarerlm>Q_7Yh3NlJEA zR18si&zFDt^a-;4@#Duqe$lTXxkbmsc#XC4H<5&MY5f?E4{8^#lyslf)HdOx+vD21 zuA^!lfpNVCy9>0{q=5^mB@wE!I=Vkc1jqA%a3_Nqd)$t`X%;Wnz+8|)aCns)u z!EWez<#apsq>YNlbb}o6Kci26PSyF`(V;*ZSI(p`;CqjnUHQddV$aw?xxG{#i{p6! zY|wDYC@5COvg#(RH?JqO-ui>$M8%Uc2tf>;otep~`8IPU?u>|_psZPdzrU|cT$!OE zo&QQo(}=&nf38i>%5;-T6nT1jdR?{zFE6@fb~5pGXy3klfM==9d-mw7sy=BjH>U%m zsR&{Q>mVf~tN!@$i;#|nhAr46W04=99X9sGh&Q47kj-rS(TG0FdmL^oW zXtJ6Y78WjCxUhBW)>f-sG&DP8-oJm(6$+Xc7N)MNTg@YX>eMM^FepK=8+`htmc^aY{B2!eettf& zt_WLq-ne-)ZWn%Sw)Qxnfm3?bZ`zt(g! zYncA+$1^9Mcr%-KTI60YGkmG0OuBo|9#c7%okecPNbMkM6zUPKKD^3F&KEE+G?YcV z;nSrfEGBS*q@}&fu5W_JWMN?u*9@;J44bTU1EskjK6DG3aijf}(>=qMRv#cAzPrG` z*lPk2OP2Nf%*+v;Ur{#2M#9{o^0eIAZ+Wnr;^S1Y+Sq;R$VjjUsDL2{2Tf;x^uh$Z zd^v@ie*>YFHchaU@nnhhHRYzCobGOhi?ic}E|X|Z{B&garnat*-S>r7*2#lAt-D?w zVP_8rW8c5Ops=tbzhJy04;UYM%6+Q)p`kgRi_Qv1e*OeFj!pkO>H--6TH3^uM~@z% z!kpfBAMFKtM|(Sdj60NCCfBm<{=j=n>H2X z=llBmXHx3Xzq2?rR_N2eMg&3bckm6y?22vLxPA{V>F*E}_1yBh8GR}L)MZ5i!GVH= zyq69}1``t#x(^U7;B0m2GYW#@_i^WKef^UAR^mjz4G*`XL#e5$oj)HM&$ixJ5qme|Np&X;dB4Z{U)Md(-zco zuchx5BWX_H#wdhh+*G6si;Lq-w1m=Z07yQczkF<=uHP1SuOi5Y?PoOJh-2~zhebu( z8qVU~H!r4nc>S3Lz-={TSAL|Kalx;!aPihIPB=p+w{7~5)*!A#`Yje(;|I|}9Grem z`C41$-A}&}pZsDciG}NLQ+#+MapV4{q3x#OPEY8K;eTCTrTm>NDn2cZhmtY~%nVA^ z*qCMTsZWiKGMv5v0pSlGma$8p&|RPlSw?kUG6i$qE(3TU#4O!i zU%xlx!|*rAP^!s-tgJGr>UlXi7fnnyl8_uGYieyB{`O7#?AeB{En`tYPZrQq3HKiFMPLz-pO8KiHvQCJXYb2M>zf9x! z?I7_EZXk?x=s8vbFK=F>l=08Uafylk$}Ub$HMOg@|5~orDp%QZewXg7)2C05 zHF;ldd0|x5Hu7(sAd8=$AHN!WKQTpfJ4D=;q!f^ushQ6P%nS_fP=CRhs-^tuySi$~ zd0{q(RceiGAP;NL(=##I7j0{2_i*ABfiTNz??|vUU_f0~>3cx*hgFjwaDP>%mhpXK zK;{hHyzP>UY)4#*P50}9q9RW?`v6w>aE`ifausjNu1e{@kX45Hd@iM#WaGwqt*mhd z1Ovikz`LT=KNAS1>q*F`Rx|24YYw3BZrDumLa#8aHb&ap%fq8nei;k!_PZ~rV@WYr zZc#P1v>XUN1)(-6r@;oUF>um;U$~dh{?K$%G}8A-dALIV{{H2i@4b?hne=SaHP`qj zZo`Nrq@MBMlr@YmW|i!Di;1&-vj~Ckh{jrF>QSj_mYc>MavQjrC`sPGsti_U^GcRS zRJ^xRQfhF7wzy{leMF19#7MaP`1&CPAF(6PCU!#VLv5{;-Iup$*~Ciz>J^$aG{=h< z2Vm5$BI{vlYPv(FHdeX>&f}LaU!Fhbpx3{6asRJh3vZd&hKemMl09W^=u*1;p#^68#ssmv{ z51%EaA{Z)v`9s>&9UHM#p0l$aFo!k+skx`8r{P-l^McU$Me5&#s(2;<_|TL{kk9_X zv{vnXJE$E(8@y!|XurD6uI>WmAoU@Mc_}FJa+x!V4{0sJD4%(+Xh*<$ieD#B5eN~- zr#|jq@)nrY+xs4(3}Y9hoO}j4!P2pj;o(19(*|^`!m_;0(1Bvr2Lh}*a-AF<(d=;1 ze`u@t{m_kJ{{DxAL+qCno8eIJ*yHQF`%^b_l!u)1%j+4D!P_R~e|7R^NA_XD}QRRZ44Z{tFvQ20HcPQ6ms@Fsv8z9!y@OXkH z)L5H0KR-`YtR2e>*8*KT85F&}SEma}3ALNjb=Oy)hFyqy1vZU39vmDj7CljVZ3DI~ z>>}^4!E)x&uU?52=vu$B2Cnn+l43D|biaT9iTH+kd-xVjAOF&9qpW=oKYWp%J_+MF zdg2zLH=EcILq1kjEiNoT)JKW1_yAdUs!@S=ysK~y;?UFmz>ECuwGkg8fZT%3!KF+X@P)&i3 zKNy40NAVLI-Utd>ok{mrqHX^4NiiiEyF~J5wSezEydU1oB6S-ci4P-=LORS@>LH ze>u~5)9knsp?5#=2|U%%cS}Gugmf+}EG#B=1veaPkTv+m;$~0aT+fATRb$)2On*zi zVz5Yl=WZT`g*i`jiY^?X1aS9;d^fNbyP4=JlskFyUlseVEGz$&cN++UeEu%3ZHHox z1&$@Wc)=wkq|O@5rIY*O>C?A{e6lA`HlE03{DEg0W*^ry0?wAdAN}0EK$kUm-+=>o zzVF|?gWTxy}8qS_S51#A?mbx-PS_jRydfk7BL)~0gJ^N-i60V*zo|Ky!vr&(@O_YRf z^*a~06GdvQQNp8L6LMFx%0gigutO#4wM0c*V+8*c5B)Eh7=QBrtS>7Mg{Vlm4L&rZ z;nvQWx4HYI#KUZSe>ts*7x{+0*K?pZJOmF@0B6&ZS!9$ z=w>ZCHk&pQU$19cbnx#XGxlsH%i}hAHa&Z&segX2U=9xtuNwIA_U&7jZnui;L3H?g z_wMZtuL_kPfCg@^9k=G&8H3(BfBW8*Z`*erKLJlZVe8?CmbSLG2ZSU=MFFus)beP) z+$$+r^zx(EZHiOI^TWFTPB`6ISKzHQs>yLXH1`u*ET(~*=M zAD5JpvaZnY@ypE21X$BdE}g9m1RQa3ak+HqdBbWp3K7_5s`}-g8quwkfo$DqUGpu> z{zSWQ&(~pC(Z2U!CyI$fCL%3B?xCCyYR{O(59~q|=(wh^j|FgM5bjW{5;%NV$g2JA zlEwI*xw{}(z~>kGXhFRf$qf6klBLtIM7_$ix=71O@lOh80B97Tb@RuGWcYCUrg7? z!?E_9%U6o@5ALKOCvW%>7snEJ1}*_ts6)r6(HYiYNHCur9RPkE?;Rtxu(1icd2{<# zKg4I$Ss`0=mv~D@C;Ip!I0AE9SWvLiBonTLztMpM2cD{0$jbU^r&?dWT!mZ-8JP)P zVnzm%yE$OL@J%u^RS$$@42}E~i@Lx^_qwRa!QLLR0Ud2^hzdJ)@BYA74UtSnX8qkV zRi@mF?wiUd*0o=b?@~q5@&5e_7fWhbBt!yT|IM*?4U0! zw{JJHeEl&{g-188``R^FCqN;-0UZD?0O=NT^1HWh|NQZz9Zx9q8Pba9&QV7vCaHwV zpD+uRPY4LuT+XMRnv2#}SQr%suGa7gkBVq!C?WTgH8cYEcH+tJC~v#?l?{GEItB)H zeDF&Vq7voKRtvCd(=U6O1*h=t-Ma`gsLysVzRBvp5l+;_Nw?U}Ay)&JX8GkyK0g^` zdykVAcrNBz9PueLOnxLj+TYK%AA0`$ysPuO{CpATSE;FY3lAPT zWC1s(r$-unO-N|=p;=5DLT*Tn>$~=ClDVOpY|?>Ga53GGYn%$`<+6#%+bc|jm&nRr zE&SBeQ)1bc87~*~T5={Y-3|f@jh2*mwWVtsm-+he0GaGc~=G(>^`zn4o%^lP>k( zj+?C`zmvdab-=~L2a}#ZzXSw!=nz1-Ufda?sqt3=cwfNF5qLRQYDmHD+k?zrOu+&fcd*KD=g6Fo6>bacHmLc+qx zx?D-WW*f7Pk%?&r>!jGTu#FT_dfVm=cdb>RB|yRRHyYk+YGUFWmgTbXg0V50erqCZ z)V6VwO`9_6*bkElh={ayb)`06Dkyvs7k7+{=5tGnJp;c^KnEKZc5P&lWSnX;T4|f4 z(9l$`$QQ|fQTV=NfgBthZ!g##KkgIhQ{0n}5N&~OcS}o4dpkWHU1hPhMRI3l7`G1o zh>=ko3MfY?*dJ@~L0;Y`7-|8w{OiU!l;a%&zdZm{Ed8N`jFG*F(|f7H*DpG3x;s9 zW!Ebwv1Diczi;7t@zvFeO{30ZBd;GnJ_@1GB=gN1nF;N%k9Qfx91pUvlp&hd(IJj7 zP?2G2#G<+nQH(wi^03(54bTd5qL`9OEDG5FG4}H4{o^wSfwS(1gq-Kt#o}u%^EdUd z|32<9V&NH@T%q#9maVoBL-DWi_wIbFcR7s)V}6s#r*F3Xpg-DWc>twO+b;*wKUxYh z!L2jS0sUJxN{sES+bfr4Xm5Y`;K64pDVH0boPeM;9r^n1s2BVX*tkSvF)P+BW@O#g;7@fudBn@tl?xrX^~Ewr{w4e9DSSc3vd2pZVI+-eD@jJR#OeInaBE?e&$7 zfx!DGhbmDXq)#Yx%aR40R(%rY0la&-WX6!U|xun)q}C^JLPX1keEjR+ymFwKnTRnj&-VwxxP9elf$**~t5$*i0DzpC83b`dT8Z6)$o;Rn;?V#UPQz^1_L5mmSAk`*sICt*cNeozOzATkuD(3u)kY=eJI}k!nK~eiQk)53#8Ipqi0BK0U31o0X2sl*T zDJ&%g7!iK&UOl1)2oEEt^!Bant7lK1ys4;=Bcd`6X69J%s?h;mkbymW_8u5IJF&)HdkmOSJ1Nf|AzHn`I-)C}ECN zEEGR-qeN&g5XJ{`~j8Qk&lkX}&%d{bkLe8Xl{!r(*dE{6bdl>*tq| z^Z@`5mD^WYhhqpL7%wNM0C!zwWoxzt_0OM&)Ki*I%F2S&RDb-H{^ZH^v^RW;1_sP5 zPYVh}B_ujKI^1#nSBheIK%wO2<$nMeIyvb`aWTVaeX0Ty8KI?939E3<1woO8>mg?+uWcwv?dYzMWg4Sti(9M**bm z+c7gc8)*%ZD3IbXDa-iyIFv4#I9pfOR(W46H`uXBO^)?cyLY=S&42gzCwZtC78_f~ zSN-;_uNueQ8#m6RG-HwnIlXJwu91}s3JC#zs;jACW=lg|{iDg@S&6QHnyext@xdsG zva&LYxq<>vtq!#7-9)@ibmsUqpO@znE4k!RcdKljj~_p(s;a&i6Sm#E;@P^kHvw#l zXUrhe0u~-Q5^5CD*JmVC2^6L$2=kJ(0O3u1LU90^uPuE@`yh`=1obk+(x391cRNMI4e-gnefxH&mTCngdH@X4mVbpWN|_;sk^AMP>A3JU#y zx|c=q!e`90puCe2-ERcqnq(B5TEoV7k%?b+uCH%xrNd6SSaNN{_sQ}=V!Vk6m%ko6 zB~yt%zBpOJOhc1+<{&mODGS(+E1)P+)I)p%veJDP6Z9^Y61xz`BQ1p=~n(%%{;ouv7-Jw4=p<5H=~e zAg~YWuM{K@_t~)myZ-kOi;j|l2UtdheS0~!>rMib3`DBCckXDW!}zK7VfXPzbPQ;!AJd;bvvqLj z$hR}bPPlSq0pP2~pMA&8J0$zL;?A7%+LLM7{aRE&03vx}QW9sVymp!SiQrRjl_@DH z;oxrd3JVE2E+>jM09*t_hn2e3?+X%Xh{+|Yr;wA98h$>KYP>U|=z7K%;@|}hDt4Rb zf@%O$XTII>10e_x?v@NM<*PZ$5 zq1~luR@ytct<@O2*!Cv&WdXDj-F6%RA zs1`j~%lXh!ySloxQ^N{5>FMc#nXIh1^R{O>!1eNiaQh0W!!7KG;iB0 z{9E$%7*+v6)#S1^H$UT0KgTdP*~1%N1-l!R1(~2W4NmS*hPKR$w>7zVxVY4k)!=?X zf!?pQPa|0k+Y>2AvT{X5MbMI+G&B(5 z5cZjxvL$Ar4FUXs8!leF2o|fPbXS*$-M60h*tTukaJNI{_v`JWxqbWAE$rIxa1CeY z+>`MZR#u=NhDn;c}Iz^_I^W6d1aU8CPdWS7gcp}TkA4D`&Cr_EZna_QG&Zq)m z8={Vjic3UboCp8^iNJb~E-k+7CnkT9Q(W(FH0D{c;f|8BGJrThA-8t+vyzfn{g6Dn zF5cq#H+6M3ur?iMn^dH0Dl1?9IA1UDF|bUxzje;_jGp^j!bmsH+uAz+zB{fz z_U;Qmy4Ti`^gRui=DpC+^Ll!ow4=Fyo9sHWEOx0-PNb@gbmMgtNVtV}=m>;Cs$%l% zH_lPem#P6HBj?SGq>bF>^@HChdH1c^xvTbX^H!*2U>3uc`7`zOAig{!2<85F%2{r+ z%nixweLdHR>8LdoZ0(2c#fJQ)u|I=}BPX}<{k+TGKd}$i0j6X2EAry z;jXoGC(*Rndt=JZWNrQYmH3KZ99UEDJK6r%f|!JPzm*lQ!lmbJzX#WbF=#?eSJ{wt z&W>L^(EeH+IX(kmsjpw3Vk9jJcMQ6heu-CC!!<%DQLwAdpL0l3Jix%n_^5zxqG-9z zqUptl58$6FoV(zl!nVOP<=a+P9k^*5&C{eLS{fQLF{-QX7!bd@o5ZKAfki~bfA@k# zF+3ZhY6b)abd#kvguH`>mDM;ln<*<{v%HcL1~2${gi0UzBUfid^rjJ+0_Xx9oBwo9 zC0f!wEG$;U4ujgeK*>4PUx+x5(Q)r2-S}T)bJ{EaJi3<1aOLkq)wxQuEgRf*uC1h; zIoMiAhN7e*_3J4N5#u09=O15BHw9|mDjRcF>d4y}Grm~!Oi6*<3l2GveAqSSv`$2I z4V|ReBasg=5&06%jOLaW7{7%D1zPPzru}9bc@GxSix)19x98vshl@_9_}=X0b4kjQ z-``T-rsee-&-vVXTQY3cKY_103_ten-8;O6_K5h^EaTtWpZh?iA)l+ef8rPBKeGVD zGzaG1akco!GEiEOb|IeALPI4th#Zw85KyW$Q zT`etP!NJ?Xl4lbzNUn@fe1=|s7`4px>(?>5jo1mE8NRH6# z{~l>8yp`Z-P2(c>P<~AZD+%qoe8`K_h)M=(Ao#u@{oMqSEyKbz0Ezbthn&~$A6zni-*~X-uv|F z)7e>PKbh|slG`Bzxe#jECh4jVA9mBzKbe6G_<`T+newME`64GP4Zu3XF_~yd6PRu_D`EHL6;;W*${1I zZccUk9a;ItO`DDg3uiSG!*Dqle^iw`9T|hvQjkXi1WL*RIM7KH8MoKQuAI!<(kgu$ zT1@^xCnve-s;;Tlt+EB@Hlb9ts1`5dj_gl{mX?;MPjBf^wy-#~wz$J)ILUEapgE5x zj{Lsx{6dAKCUQ82z$492E`8X_!De9zda2?C~(esNV1p31`PZu1$hA3|jYV%Yln`t(sJQ zV7Y@vVIMkHeEf4lY;0{GKx}>^vI-9$oy6FRipio)K! z+@XK^^aq4sxt%;-O=%4gL(TBu`;70;R|JY)va-4hq5SqcOom~?VtVT}c$yp>=qdJg zc2Jlv)*XfXOIFS(;mXIwrN|nLEFOS#faG?2lt^6AP1*Yq5v?5^479ZD;Z?i+Asnb4 z+<75Ggoh{4eFqT4le7FnWb`lI8d?-~&ZepfxMyZ(_vB+^PeHfb>W3P{CMpV&6dcRE z{^jo-BZA>SoZk?go9$ln9y?sYhXjjqCjg7ysZ%$?!#^W-h4T((P{+s=24KMiP%`Ic znk8=fz0r5@Wx4U1sMoun3JhHT;#i<*4U}P|ji6YVgtrvWf7ymS3_5XR8;m7EHnx5o zh?1?)kB0gIQ9u-NcR#CmH0&#rhW_m(_5<>=vTtz&N>TC1j*8zJ(SS0+BNut-Lh+f% z2(b4phM1xt6I(~Ycmxjj>LZB|b~Er-h~HUmw|3o>g(xWSXez#IeqGJEEE zwXN(=^=UKWA?o&mFx!NL1}7(_t5~jWN2uwy!9YqJOa23J{b#2AKMs*Gp`fJS$cVtd zJ3LsT6W2}5G*4mZT>@MVdHb!Tq(tcl!|+C*-UKjv<$L`40kNJ(JDZqJfCzYqyC>f+ zzVs1sq{MPxihAm++ZxSCu?ZeI@@_T((3*^ideQ$Bvb)F4e8pZw1XvMmmFo z{9K9423hay>`Y{Mt#|;* za(9qUD+9k`n!2R9*R+7gF){j@n)8@c6-NM{kRQ^vvQ>VOLK4`9H>O6n(VhrZn99@Zpfg<#h8b~*A#d&fEs)0|i zBHMb{NZ9$4q!}lue}nYFsqro6z|D~>_Pqy|^XAPP;=Ema&@E3sgBN+A#VU+A8Xox_1wk|FP85iCm zN7Z_=c;Q#ABhV`;wrxvEPe%@Z>gUgRqer3+2OwauvBf7O?1!0z^yMnf zU}#;w7ZH(<>{)Iw$^neCruSHc-R_e`(C-eejj+kwNYIZWFITnnz1P~>N}QXWgs3YL z1IMOQvZ)w;8z$n3&K)uRZuAP{PZ(S^GCR-FjEW4PyM+a5o0l)oAht2u^LsNQ(kWFPyR?PKJ0p?%VTrt(ii8R>^7oCMe4o{6Zb8jKmV15Pm6;6{pgV* z1OM_7nI`?F9e>$^0inMyc}-UXyL{MI(ktSyP~InXZB67erJr+ps9 zxeGQn=_4HIbTi+-^K&!P(P5}JPmKfAvp1~Au6}CiXPp5)Wi*a`XwS1TfMXpLROh&v ze5~zL<4MeI0NUht33pfmhv1+CkXAia)i>{HcI@~8t>xut@m#k%I%M{C>w*M=`Ig1j zGOR9A7N8^bD^@~eS$<^Yj%)ZR(s?)IjeqHp=GHwi_o@cUq}_+(0?hk1P)bnI(6m6Q z&@KVz6cP%fg1jAy>GzwS(lD~-qg}dj?nFJNJS}^OTG84B6CoNY%6~^lrW(W`r8dmu zoMKUkMa2vk659UXkyo1wu{NRintMV#VXu88dOVzC=hioF@y*lZNavg)jVsgqmea;p zje!MB2XpVJ8K-qazHD3Io}5m}3%~AeSeSiVT1v=!3CePCXCvp5SadDy=iJ;D^Hi9t z);ED~P;jtB9j{ng-k}2DlQDyZ_fmrtGT#k9z$9JKf$k06BiLVHF?N34}&AaM;LOnl}L?v`}hvzv40yKwa5x1-fD#mezJJg zjI*hm?`GA{1zmZmVQo1uk=gfFb7##*|mYKZ2fdB!RI*SrKZLcHDwD6(cr18 z>&d)`V{23_EnjGIfh0my!fafIC+FDDtG-kk#BsWCG(&VuhoRbrbT<)HLZ(>}zo@}2V)hV<$;UAsvl>KB95{h*XoV4d}_Y?vE}0%r*FheGMl~bDg1Tu zC28O6@G=FP*@mjS&9H^+~KaJVMk_!FEZLJE0%2$eu2t|tHmr< zR@<0Yi*mVb`wf1iuz^^W=L9r4M;B`PKu{;>#t?!w>0;!UFnCRXyf@?OC}w_3C2ZH`kqLXQJs~Ex{#Ud(0g7k$LyKyy}D9bT8gLcvzd}8GFkf)4-vrN4UQj!o?GZVjzcOATX@ej zYiQLj;V>g-`VTnF4IXk<=e$kVtDNj?*_w;4uJdszaNr@9XmN!NSXW)f7ihp((K!?w zug+{IzO$LV_2~p&=qN^7-e{4;;Y8f&5^( z7*&MVp(!CKIE|oraLNFfx}g+LSyPPT9qV=6kXrx&ewAU=IY6yPd90YnZBYzvEH|NFbN z`mRv&T6=oD@whO_xO?Pi$uysYMD>M?Q*1J)4uk}6CXGY-$}Gms6axb)k~5z$ocS$3 z4wej@zi$uxn~YA=)k&`|Ay|W8C>)KsW(|Yj+0oDGn5A;S&j5TaeGO50c1#MVykMfb zn0UsORh!;AmVV+%jKu7}_iR?|a>?r4>a%T}X{O_XWJ!17;NXxzF!-vjpM<5#V-18- zHcXE#{HWqZtQ^OYVU!QFI2Q1o?1;dbvHx%?*--ND zadHk_Khn)mGS7~3gnk4$JWS*OV?tj=E;l}DzVzV&5@E4*E&`X6jPh@h8{?Sc!I@?^twzqVCUL>cryW0zu0o@$jd4PueQ^Tj`lcJ0`_T{lk&&W$qQbvlQ zf}t2BapEs*qoiC#a`c%KWKiZ^yH1eAs52J?_vB}$Pbb0ta0JVcQpb5==0QX!d1W|FB$l8`xMo=F+a0<4s5ws$b|g2O^Y)peg30-a-}GP;P)BN2 zsNva_r@EB+QkG8MSkiNep;_DM?vi{~*%-RwH{VCDxIr`kK{keMU@p(KF5zMXn}>ge z%EW_Va%N`tu3c{`E1@`p48G4g2Tw6e0N&W@sib4GRNS7>l#8;e;kpJli-P(i+?#Mx z5%9hOx0vl9$nS}s9-hUPt#}V0X{hL4wR*L4y4X!QLqTSUztx!{*T3zx-lLa~ctm8Y z)SSNxN>NupnGD|3h)9!=SODp*#rwr#m-MI;zHLCBngr zKMe<4R7Awk`A^XE1ro=B3*s;6*7}^;N$w2Yw>Ya`zX^2wbS3b8>9v-Jg@t+vClQ($ zqVo9Uu90hZD2#Q_oWbm`$jum30pV^^Vq(Tn=T}vaW^*J{PTz$@%~#=7_r%Fv4WK>c zT4>q)A3ztnpGBw~ zI+EqIF>BEWpaBNID#y)Rnwt95oR=8&hQ$F;FBBI*p2BO+&t}-Mc-1TUryYI*Eum#@ zbfe#|dq%sdnXYSy#jmXRkPvN;X+i4$yzx5ISY)#%W&2n~K5I!pFht~)^dblhMUMze z!*g3vzUR-L9Zu3p8M;N`exM|in=F);Zp=OyMomGIq0Vn~6#L2+)TyMBD$M*%&WQbM zL9>t&_zAR8XrS)d(~uoxXbSffM?}tguoAtNy|~k~DfoSKt*WZDJ(cr9dz3BJp#^wO z1rmUtiI108DW$RE^=tgqoyuzk)IsW%xl=gNQ50;}5+?AJqGwHwe*Ww|<xE`9veb(;S7l}p%Uy!)>VbB?E8OeuM7A+S< z3z(tuA!>(%KH(&!v&qJ_SBe(VjzfQq!WzBMvm=o0uV(0!X?f5WT&{>Lf<;SnH996} z4$`;T-e&>82xCQnQbu|UWoN~zed~#$MO#@1F(c4dgrO~ewPOB9Y^l1YmKGp{i&;8I z4%)Qo|Ni}+LI`OEPUjyK6dfIH&(bwK z{9J_xs!Z*Y(=s=3nd8RI9XMEH`sC%InpdxGsPOC!SLJ(|bKtdmBV#w76V(X%^G3Jt zc~gkxLg6lFdj7l@KTCj;=lkJd{&G>&O>tGdd&fIfy}08lZ29khXF zH>`6WRCNEw%ZpFtJ^cuXDqmt5CA2iydA}k?+QVgjM=C6w) zECDEs!Vxu^60WL$-N_>M=&3bKI6cwzpnjoAf@ms&3``X{mX*dD`xTUx(V?J@_>_Hl z^oZMk;>(vu2RQ+gh({(vwuUc$ep;d#80_mi1zB51hrXsJvS|~#GfNCQr+(lN;`RlZ zQga@p6q@r8l|O)`!IpvyYjBcmYyrf_2(c~?%_-OTkW;&uPbF~qp@+dp74^7jUZ~Ud zwL|q=#`>=w;rDpH8fpikqusn#QAdZR+=1v{GGD$_iPF*4RUi{tvH0m8K*Q$5Ar5w_ z%TlnM90TK&rzbUrOJoR&9EW)yec$B0O>_{y@S`J}_~GK8h8u6s9t3pk7y+2ca{%BW zVH)!S4!OzpfttE{oXnHu4Dzbs%2k{8!lSyc{N;-m-(anJT&Kxl)^lgASK-F~1TM&6 zpb?B%d=V%(Z2MXTue%ju)mW(cosgIesP)|5(@@&T^&>hsu+3aJBGGQn2%4OT8s512 z5j@FLKU|)jIdTNf)N_i8WkkQd>jlX9>jw{B@eK;vL65jcHMXV5==b^1fa&?PX+%8cn^?wRb}#M?AG18 zOafsoO-(8suP<`U`D^WB7D*@}8l!O4uQowR60{C%LhMu4)SE>}L5~Uxn=OSe{L%uT zvm9y8h=VV|jHru6MQ+P+9##$xFKf=jelD7epjP6{3T{M3CY#K9?-NLGh>DU1A}BZ4C$mIYs8ML3l0n`D zGO;13neJSGF-}QM?Hzb9w1r5`(n$g;N7$|5=7XaMrod)%=)+JW@X-Ti{P-zHH`$nD z?{mGBz6l2xX*b0iFw-P!crff`rd@l}D7=}5B$@h2^X(hsp2y5y6k^a2Te%!K-bcd2 z``QS)bIdu@S-M#*2`MSyoaJJU@oYfW)SxGY-M2&<_D+}x>FgG<-IeeHqs4Cp+ zpSqjLlg7re3fx^24wx1J-Encra)$&no9x{hU8}C9_Q@=Z%$2?-k%%Zk;T2<514)NZ zwo-JZp&~l18xZTGT%niTa{DaDjnH2Hzd1Uh8s&!MlF z&a2H&qjt-XQ#r916ZI1fj}iuEW>E+o-c>oj9EDh>5uiFw_nCw0Plj}D{`QUjVeVhHJ(qsES=Pt*4%<{PD>S+6QcnAMd7tLy zIwftV{MKpv3);Hj%u;+GB@_{6Q0nqC4b=%0pqev_^CBcun5OG6g04kvjczw zhy}3a_;T%ww1;=KudwYMm|#pC&@>Tg^B_u9c)-ETjOLAre_KFN1b(Z)4Z3`;O8wfG zCTKc%@H{m(+MnZHP=Rw7;sgv+XKf*$K)b@1cihQL4{_bQ4!|M95^(-pHUbJeCteM8 z{2%Pg#8PkEoA_F69=tp|2pLMFzm+G~R96SXS?`*|e1$gZmC458d7SgoL_y zUtv6j=YZ&1aOTl1f|xc+dl?^3HqL+fawh{B)(5pX=)nPQf{iR?M%XTr4$)74o1HzS zsp(s0G$?vmkomjIHPmE%{b)pXW;DY^DjabX+T6ZAgqPUb*}=Poe$Ut+JnA2ZfAcL_ z>1@h1%_@zcvIae~<9C|GAjd0q)l_23MXCPlJ~6R`V>{uL5G+TNN{%TjQ=I(xLe!`va6+1a5Lk4@j3WtpTUB>2|$ z8T%jQJ%PW@%}wUw*yt$lQVXCk^+<6=I$P{a85Biio0{9e?lITI^4}7^K{R-h(VHmWjv(KVcft4jA=#K%|w8I&p&JI=^ zJq+YfhzfWBH6u{Sg4uQn>mC*8)&?*UMc=!pl5`JayA%klr!qhQVL^BSl_@GO?o~oE zFYW4d?b=TS3oDS(2^}}i9h5(vU{GmX@sR;W2W#sO4Qi-uotK$4_9J#0T5|+T9!+e3 zx5n4SO_pZ^mnVd>D$$6f@jM2E4Navx7=45fm|wnZ+p2Zx5}$2l%Jb*bv$F&ck4S0+ zT_G;dIj#%*OWq^TFMyiZ|KL{+WQA@8Xduc0o|DHOZMV>(I!P{rRkco-U!qTnp>y0#V( zF{m$j^BV-qF;jsu-w}ksGxG_5PNJwArFd}v{)V+TF_Efm z_xJI6II5AECs_yXvDaFt{IO3sK&+9Eo3GN-u&?82uK1B*3 zV%Lrbpd8}})z;MP77&1kIlI{$90e$Yp3`{Eg!&c3Dq>-F?j%B<8_X_)+Qz`UbEgCB z?Ze`z6X1~8;n@4_w{sBt+0}x}^(aY&ck!8Gk`@v=;BAJ=3MmI$xKN2Ix-3Brf2gm= zbE%?&$zMhtK{m*Hxqgsg*@c4!?I!z!Xh4;fRaIin-<|_d8W=##9rR>7)T2Nj0IJ2a zC=yYF`@=dXA5#>>|DVOf-r5e!do>KrNU{gj_NAx@Vp!KS`;#Q(-`9c<>eD-&Q@i;% z(UM!~eH3#?GA~*$CcgtLbgsKkjo5+K#hZI<=O$kTMEi>yx<@WPD}kXA9a^{j9%wy5 zxKtWjKkb4P5A?fS%sAeX^BLii4gZEgU#qw7RXcSm zOfCj9F~TkJ?x8fr9BaC1(&+6H#sl~(6C=y$39!qsFSHK3q>9+bvILFV$r z>p!{c05dJ9C`dVb9^`uu5u5|vnl*%Av+4^WY{|%ITi7&hoOPo_Rb3sfe>^%_i+5Bz z*ZQrxvc7%&3g_t6Na9y`WH~-Y+9^Gi6C;IlwKLap zwOi?;UKcyF`26A+OO4XlN6r)5%1G~pUYK&iLR@*;8?XeLz$_xEhNN9_&+aRAjwl=T zDZc!*Q)(-P^UrTJzK?FxT*ECiip1{>yQf9X#jCY)AK(?OUOq*2LA?ZgMj~C~+)20+ z0Ym*a{`!51j-EcHGI~F7*-sxnY;Xi$1t{~BFwNX|zFsT;AEw}F5aGnn^j2qeIxT(8 z{W2q8KR<*soXH9%Ij{m2D{iNkvBQ!Pe9{$LO6fV=Y|Ar&lXVcnL{U*uLBa8?M!krr zD7()|zdEVeG@2>VmsR(n^8uHr6nnbNlBDf;Y(L4M_IyT?E%_2h>8+)Ug&@3kZn}jM z0iu9dC1JWBcdDq}d}Gm190LbfbMLgx4O&J6P|1W-O|+Tx>A+5wVsSeRW7w~94S*kr zQw(dw+7^|0fPqBzAht6h(&`#y5syR4j25w-YAi9OFc%vm0R8=(bz2g-ScE8_lxs7I zaB3oz)Xvh9fy-v;r)vdW!T76nNG=Aa1|{1Pl0oBz5{}S+Tw^ww0_ySIDTFK#{wk!W z5qTTZi_<46d|%!w8L(rku-_cjH(z6+dWwq3za#XGzM;<*k9G`5$6dO7xd0i7#>U-O zu1yj7tRk?OAt(q_P1xD&6@n01^r!L~FD`r>Ox9QeGd6~Vp8%2ehgaTCtgVD*3lcQq zM?lm|Z_AaU-vWSo5NTl;J0M1#gc?~RZe#00trd$GW?;y`F~iLdlR6s&y9KQ^XfwFQ zfEK{s4NwjAdPc@Rpey3yEXL;lrp+;l1+a!7bwD9}DAgcZ0PthU2GD#5Kz0VFA*K7g)`_XR#1QUUGX$Nc^gGFQUMXY~UhA+etdw&)Sw zFS}^yvxlCxq<`CX;AtWS0vwP>4^R*}OxW4++DIttR-&s~T;mXY+X-c8FbS0L`PuB1 z#!e)!QFCGR1ZXU@Y)>1966ort6v0ObLnfQpfYeslEN{xmeumiz3o5|g;S2Q)cBfX8 zn#Fcl+|`dBwGE9tcYRizK;Hkv0;4up5vdPyNP!RHzpwgqxluyBLTq5X#d0oTxOpZv ziV)Vr+f=vZVh|z_BOZF>9byos>B3c?0z}0vnhwwYNT#UeiTxixeY#x%3y9TdveCF@ zo<;8NOGW5bSOk$*T4+o(X-QwqqVo`VxY87|Mq|qgY;b|~kL^+tzqff_XAr;o)xXV) z)ekCM1-b*$(#a=x!C)d-F3GMQS07@BMJat#X+zI*I<^5v3e@c0?y>SCCAGWs?-1@3 zlGF>S_(vje8wbaZTAY73$VtCnM_{M2qGCu^{C2u)mIondnSO^Eo*V-RZTMk9!6ImB zgjNBxnpTngoh5!moIPH!eAL*X->%K(YT3ZGjBWK+2V;))Gw(QE)*x+flBEN75sMAs z41#2jO~O)?73)2iH@G&61#}!`CUZIEb-Ocnqw(q)uC4(4^eEB=&k#8V|BuM&s~IBT z3_)APHy@{8dFhD;Gou%^o6mNC74j?7$+}$9t?ZnyAqF42FiQYDgP7{~h7XTqcPNoz z;DF>WgB>a;fVU=!Kxn4Nn#_e=>nbW%i{(X*AkP5r1h6nZKB!sNh#3n@)p_dCh$`cwSKNFjQgK2opHFGAVk43@V5WE_6OyHpUCX`$2X% z5j`aNLaP|$PF}E{tPGq~um{LLyh#0mOxkc;LIqNBpf1i-j>t#)%sTN&ktW^S4 zd9kV`rsn*1zvXsoi!n|G@cMWQ%$q%`5_7ZaA55%pM^1-UBkhI|T&Q%sudb$jt* z;l(&`mhqP;)a;j^F4>N=$Ol9|E~44u>bX3XIEt69ZH0qP5XoAZS94my?|#6kc93MZ zi##yvEDs#qWUolQK9fVr6aljQ2{NA!VZ|VTC@kP(POeay>F9jM94=JO62QyN4dX^a zQBe{2^tZj33yiiXmO@}yIbsf=8#)XKNXRh|49 z%>pdU9Qs3Z?_Y>qbnhBGN z!#o>2-&a=pM7XK}Ye)1HaAlkQJx?ie5i>UUlPZoVBT;efngX}{{Hk^*LIIX=QloJb z6!`JmxKKF|H`}&cF!=c1R#(5~qi!D}v{A1!e;Dxc`Z{XuQvMs_wP{kU_HT`uEZg-5 zOmxiM5KmNAs;~!TU#MlbJ|ZK=@Zo^4FkT&oV~qq1#k=s%FbsXddB8(4xxrgP0jxt5-b=IUnIJxlR;d4l?G$qoIVcQKkRrANiyw@8fa+OgA*qmqzhWFo`Uu`h57_YP6iJ zS54Bi@$;kW9_uI?Th73TAv_27`{s^mIA;OEo;}MJ8koZ5_Z!ZCal7Dt>EA3>76tOmfG)~_1_g^c;1z5EA6Dv@W z-1P(TS#1T*VT0o^<&AU{$p{LnrWHlAKIv+fE5K*$wdLi*d^|QX~ zjON{a1YaMil#Yx|UCY~s~a0d;BAhr%ZCUpkrhFc?!BkW^rLkRE4$(hBkteF ztzZ6fnZ9gUWVVEWBBJK$PZcb}VxFnE=z|tNujse#L1niAL<&Kb@SUpL{()a?bMxsC zm7ecs7WD#$<>TC_!_!k!vGpXrNSZdkB=_3Y?;-BXxRNQGew5|wzA4B*7X&;nu41$q5?Ot%7vOu ze6V`%mcz2H0kq$(#HzmCXWCt+jt-i=g{cPptUiL;Bq8F0U!5ESqC9U+DPo$CnubuV zQdh*L7+ijC+c4SBFjAk>U^X%|1U<#kLx<9IlFWsjVO_SmgQsN~EtGbg0YkBBSa4{lW96JTzY3-O!kg7BrZ>zJQTk}#S$aI;*n#bbn@nH}=+W+H^&aNia)1L0Wd?LM^s zb8k1G^xK9*&dw69bAhE;$IIy%e?*WsG$AKvtMLPDO8^FEcJ_$|z!y~-s|62FwF}ro zTzQPS8?5USjhxif;_iv~Ba(=(C7?VIwJ_IZJyMF5C7|4wYp9mF;>?qjmu~(Cj#xKW zD2aqcC60TMkp*~$YOj6EScc#(?`L6~2TBT7)NBHe8!_eJ!2!XJ9}apq%i*T9bE~jo z;g1Io{25>>5=F)@N*!Dk_C1x1A71hUF72W4F17k>Xl<>*$?%fH1dkZHCMdk{G|9Nm zP2&^v+f(SnFgQAjANO%C$_Au|Ar-I!IhvY7Cj__*C=jn7{CaNlEgcYJf>+$UcGbm` zJ2&x$UIcS)X?g641|gd}?8%TL+i;W_;L4~OG`XZJ8HIi{z6$9x*Q0+<$33<}jYc*b z(b+CyM1X3LQ4W8@o}z`lGmF)zheSdrCMgV$6D~u4;cCD6{Sz{$c1kFsCRqtx(A6R_ zAeF8nuWM5O6__K(fQ3QS*KT^h?P`Z|8D zL(7wA@tA6B$x&vosrKU1c>QB(c>Sla);giiwD9NLC8ur_3at|-h<$vX3_%r`120=x zJhjJ04kSQFT~SPIfY2?Z0&=;tn3b@88hiS1d}}|?JYGNeFZN3Trgnbhvv$*^YZjW`*y4^3_~Q^jN$UIDwCcE0cvsbeHS8wVIna9~Hb4ac!9iN{FyP5&@+d~ocA_T0&~f3y1>{{E+xa{pA%_0T&nPb_ zKTc$y!MtQG${L`AJdtM&X0eYRF9(?IsEe)XfEG=C_N;VLZgtcw57Lcw-mV9gTRDfhsTA+lB0D7!Vy&><+j@2LurQ4-qzaG<0=gnrwY`lbW=znBzI6fg=`W zLE+3Gr}6B+3m(U=Oiuo06;X{IjpInF^R?CzR#WKrU!6E z<2d3L&uDIiIw>LoTq3cMCtB<(b`F!dO!l+jE|_tWI*moGuZ6r2vj|luva@?>_AvQj zna(xj(K{6$#uyLzIAX7@v$F`bIMCkC>EC}z;p8{0CXH`8&#DA%02HDO$a|8Xz6#~Aa zyru969Ds7uCl>B`c*X0EM&G;%t&YjwaIM|XHfLYcSC(PNgbV9P=jyJhA3&1GF`!KX zl&1Xj7jFCMx3(@Ip&QwNNEF8!Me5b7iFomj z!bQmKx3l$!vBzJX>Cq2YRf^2zU}JLy^?^XxX+(Uu0%Q-|hOkRj+^lLBMcM9pPQcxV zEd*kmoCfGSF&1pT2*c?d!fg?iNVvE#V0g0hOx4N|R5&&#$#&eW=i`i1kA_Ke2r5H; z$KE>-BQh;hct8m);MKyN4(O2AHmetVq7X`#LP<#(h22bGRF{dpHc#wdibkj#7E5$V zuO@N6e#uSV2jOWH{2B`LHWpbrNF+yOCCp0CwfG`x*jZU^bbG;MfT-FY1QN!V;jpSI zq^s!?J7gXE!@Yp-JkjtK($m#NUJ0`3;_7Yf?QvUR92F}+#KEvQA5QakjF2t+4lK&Y zk9XP3eN6rLyel0IRdj7iLc+k%5HhB49cN^O(r)+#3bxhGfop`~7!esMDJzi!{>ZvC zgoh4NYJC0bAc@tT_M;E!=XYsF^{T^*Q>{EhD zEHEf&`4*kyGJky0o7qvElI8()&j-E9y69Kc!%=CfzQC>uSOIVyh)L`a zt=FtRpOILHCb;!VV9ohZ`ILD>!07=>#_$Y5+@;FvjHLmLav=B7GJmvJM$eh>=+-U; z)B@S4J5?q=-vYG!%H&?WJumUYD=etCsKDx98_D9$Ab_;Df}#9qx*uk(0|gT(9RMxG zt}Tel`BZeno{9*?dWmJ0*r+xeEG8C0R(2EGV>A`WmT$A~z=6In;-s#snA3d?tG-H`fl7oWJ7{_2|gnM3xO#X`kfL13&x)i1&4=r zMv{FDtv{#K(nOFOirOB2e#;zPYc3kDk65?TJ#oXs1C_XntbpC+PRI7YTw`oz_GUmt zhk_)KRCXYw!tYPRSI@Ugw~#KVD{v~d&NS;YbdeB;2}hjO)>g6IxqCNeZDZJ7v=T>v z_{YaHti6eAeOk7)quvsdl|j3=Ae7g8ZD5rAJQ6t(}0IA!isb^Jd|o>rtx2JAZsFmZ4w@_4M>0e%0~Lm;|f;(QIZe=^xd2R!bG0Xye@by$@%NI3 z4jw&9=T~;?m-Y@F==Tu9>jc`2Xc*_K*M8bgaIwYCbt`t#;$8r2<64$dln&cOiEp8| zHd&c;h3dk8KXHq1P7uMx;;F#@fT=pPFZ~;+aN)fsctP-^J%gwH$|i|ju^>;gkoW-? z7V<(SPzW5^>0ueYS7s#kB18K*#0JXDPj->$fkOk3=5^e`tYL zi3_$V;R>^`7)`S%gEo1O+mCgQ=4smCisN^G-c6ax4QiP0D+lsQ(0w3`8_mWtMg^jh zdj#BtGvs(gwktVF}<9wFC--l!9-_>CUV-M1QlQxRavo#!4Iz9*~d? zA^z^-#Y0fe*3>N4E-k3fUh*X zHwc*EtuiCeUE}4Wa#;Z2ARaik_u5IA>69*z-6)y1@($w))}2P%3;F zn%Q+{5T3j3|LV>_`=hN*Ub6;yoRE^?3k@44Ni}7GJ$s6vMCl9hym@oLM%?Mhvd{Hu z5tE#$scGc^L@b&>L2#3t^s6&9$!I3v4#{0c_>W~vZn?fL=YI9Gs}>x1jpDMh?$q`n zW*@i!+Ehg4-uXG)-@h}uHm)M|O;--r@)|w#UW{^>FPtD;D0%LZ_e)(hYY^3ust~qg)}yn%Gf+h zr@_n?t0duf(Mfu`o?fkG;K~I47)TuxlRT;-W6!3U>%pwy2+@71o2<%v2_4gCBx>T* z{_gS4CFI~Fy+lDpK%bU6fj0KtT-w@Y^OB*d~mA?-@ND#yfWL(*Zga{DA`U6Qs z?@8Um@By9%F`mHHUcT(Vrs`4hP$Pkwk|L<$#I8Gl&qw>5JBta{G_(SJ7#tB%?;(?i zY-Mh}6>U(VUwqpUH?tfrE>Cd@iP_=i(D3kqdt?MCP;x08R-Nn|?<(z)8MiJS=b@=s z+6*N&>YQ~JS!?T5;GgcAPwOITyo6vofo4oZB<#V(RGlPTWJ<9i(?WkbQjq+M#`MGx ztT3XxS#WzImmqPsxKtpdPaC-YxOY!mQ}e*yy+*Uo{|&Zk)EM2EwA`_8+je!c{J(U= zArW@FIuXMp5C**Mhq`;3fp=>9Y>z|cHP2uMIS`0| z`JD>d8Pku3Xlcg{-2M zB(B%J)>RY{F5{1+y#Qcwdsgl^1)uL@xfqorN3OCat#tIsFM0<{5kU>K7IUXO8Pd@J zCHY8_in_WC+%OF%mX(*rjfzxatK`bY(7PRvrnD7jgEhEbjdFBg04nCg6Qj4Ic`wxY|hd9Ele2Qno@gYnfe0SbpcE$48 z$a2n&G180JXoh?V|FlG*DmRb9Lg^0{d&A==BHx8kI|7XcEpC19v9w#*-Ma`vil{kH zymy!2bM*1C%ymx4y1Q+|);{?BA6tFgI{6X(Fpdq>Bn)!M@Nvx)l=P(_&ghEESO@-{ zgjaP|jL-MNhKLM@>eoC;d(d)$7En8M$TuLMj2UpW1QQ*gTN7yako}>@$$&;wTuP8A z*n`9UF=5HTrvV?XqLj6>6TZ0SPoMI7?dUjD6~Drm@6mK^WL5;X9_-JAn?(Zsn)Btprq@r4%(m?#gZY{TMt*q@FB^%q@nrB?~tuDsG%H_OQZ- z-;x&T5@ly19D$J(tjfqBeUjFZHiMEb%i&Ml>UACON2EpJz;Qu>n4J(b!|)1)esRxL zzP)KRJ`iZX*KY<;3J7#+VggoeF1G$N_M2n)lGiIjcC3y&7uy@4*&wR)g;gkvN9m(p z^;##?PueL`X>QJ83BC8=0YC0rH8ohJV+FEABlm0#&J~pXDS@0^rcIkfzZN`v=*|xE z#{dI1oWk{I6=b$%JP%GCsy}X_fhiMpq0+7L+|4dWTDZk-1q3{?j%gekSTY=DD%mCP zFTuVd!_nDtKO(|WlHK<5od*V-tD{h0kBe*|mdm5v{_(>R%Ofx;jCxu=gFXXp=QQ}j zLOpT`#JetN0y^#5+7z%|77tL$C$)Fo`EX?xMQVHBhc;GvY%Ih=X0@VKt_VTE_=XJ~ zf2kbeMNH#Hrafk_)=Fg?SFE4BxBM(kRw`22^6&;sQ%Np}_3o?i0j9i$2JC273e3Xe3~>C(6GdhD z!ad4jDAl$%+J27<+ktpC)KP6+-RBKvuqA?}^OVD0WI9JJMExo#AUJMjc9z&TlG6(M z+&?WSNF7*sTMd(EgBiL3h)I;yJp3?5)>dwgv}h)E^I=-H$lqkkAX{7#y(>m1(k}!v-olyX_{hsV%-`v-2~! z^B*lxK|jjb;lpr4;5OR6-Q!xlGm4uwKkqEhZK%>&E9lLp?d3C?RV_Z-8?QLVU*Mes zzl8v+?g=y<10BU!nTkV(koVFqyg|pj!!h&aBKkQlJ#RPuTb=>&36N6aPRF2*?7PRe(IGxuE4%k0 zCStHcU){{UB$p2l4k9GdWCxgrWBTz{2lNLe67gd}#yn9$GtAq|%sz9{**Q;@x7#`g zu_DuPcema44kPjs>OXv_gc|>kO@l7g>958Gi5_Oxom^O4A8pGQr%x)~(i=JX>1nLhIhmOFF6RZ*jgRf)Q4x*gu1iZtVNJ*5seHC;!=huk7B{{Q@&^*@mrf3R+{ABYhL(zA3iTI8s zD4_I~Cc}z?6_@?_%9rabKn>@U%N>?^V|a?LA4EPQGX1U#l{2@PzxbuRN1m{`@V1Mv zL%5+AMZ=GR2K6RZPTG~5?k}AFa6~QI8o7|F{7eWAsxuJ8MhnOb?pAbz56snHN0{VI z8s*ATj_t(e3d|6o6wsjaZ19zfLAqCzvLZCC$4ft84OPzlpYmc#Kfm`Nrs314FH0!} z^Ymt47N$r)sbe*Km>I1ZuRp!3asRELsc7aO8F#N_ioMf%!U`{2YZ=$!&2nyzP`0(_U4?~xslnd?3yMDmm&ksxsL}X@J=g*ykX({?_rB%B zCL~m6lxBJ6U6fSB?c0+QRO4A5hsH(t!k6OXb6z&SYiXN+)f$ns z12%i7H1;E!R8b%-TE^`sP&Qy{pyOL(F?t{dU|XrA_m+creQ?jiGqZ*Z>HyqPz1B5# zS&~YFHsaXFTiP|Avu(qddBYvjl_BH4dz5>CO?U=_-pK7}ZU&O4nB8D@z`5~?xj6t< z+EQJl05j|r7FKEjD@Eo4oj*H@2`)maCSo>a9+wb0^xhY+W}!Pu%fpQX_;PPJKdyqi zTi8$VvLh56*s!wki4*lWE6iSKzwxdjdIDeghvAWu3lg)+E*Po6Lyt6fmyfY=buTHY zjHyCLe!I#9hGVFH&7JWZz$fSmG@9WG?rBz*W|9^HJg^T!8n?Y=G$gV%+(d+bTs=&vH0)z5 zz>qA_Ojn=ZClZ6u7YA|!<_rAcefW{Uy5+QuLIiaGKFhZmB*IDidBIg4sn$34OnNL9;Tt@jCKoP%L_BX`P~2?_ zP+eCb1*jC#41fO}OY0EfG_f?F`?mM?;U|EaCb!7r0Rcu&Fgni8nCam*akmrhM2`ZB zt?z?W^5~vd_#0ka6_BgEf8Y{GP+&rc)WM#W(id@0o}evm%e5tzNCWu+LUkS?u24N| zYa@;d76e1!C^|ZDMIdh-af$>rmm+01tZiiU2-3OH(N9A&Fpn89^NNVf0=;Ur*IQoB z4u~G_0YZqP4Vm3sbK5L#%2@$Bz^h7Z$VF=pP1h>+F>EfOp`pq-ahaITc)jzlEaPxsK;D6uS8n&JAh(FT$mN+@rmU_`KkvmLhuOa0&fZ>x%k!>< z&F5B&YzfvtjBwzEKU~FeYi@+w>suD4l}`gUYH?WLlUC1c!#R9q3B`&xREV}aMSboZ z*54d$VOzhtrKon|11I6*K|JD>(BZKT_2aT5@hzT%*c+D*cFx~vZa=Jaz z?H_7MQ6S2y1mHV7XBebtOR*}jCC~IFWGij9Il4R49{2Z_kqM*g4t@*b6aBh4?VB_^=il>KU=2 z(gLx%_01F?oF&h!bDFIZ^e-_W)6)|fp_-bTMdG9@h)`1U?>l#5xZ*&E2i@V(4(g0% z>_S)G(<8J~I3J%)^63n(NLz!2)+7!Qp3n3xYA%NQd!?n@k=Bsd=Z1Z|4mVH@4kE)% z5>R7}B62iP<(xnM{W%Olm9lheBepz>M1kG3xO33W>cW=qPzbnVckcAI zskude6GlHJE{>jH=(rmq!oE?gn^Tq8BK3Ol`sjq8G191Ksm4(|-_+DRDWjP8=h?j; zV&CqR$o5?jFGE4g%EV*`apjWRyy&UfEioP0?X^jj`VzD6@zH@PLpl8X`E%20in%(f zQIF_9RC$f#dZljByx29_xC7uBh@{Ynh;59FB?4LBS@(+3!s+=Tm01X5G42{otU@G)v4N9_~j)z5DtI+qdUe zb*D)z`Sf3F@};-taryF=5k&@z?u;6>2B@hDCQSFUe3N}eTJSvNU3Y(~z0v2&f|9F^TJT}~ zakv)`E#B&i6XC;?3a}g5*z7OO$#b3_uoQinV{!TNleb$b%Hgqpc@7i#z4`$}pBN)1 zEcz2u>o`8TX8-z$^v##$C*XV7aD#MaQ zaeWOPoj20sfJAh)w3PIFGa|Q*W6nV}H#KOLxL!o2k|h5yQ7pxPj;ROvd#hKk20v|P zwu{SC;5A;$dv88xCnrS0MKX63IE&=nSCatBbotVyeGxS%ynu#{n9KE}Q6iBTffqo4 z=&{BqJj1NFizcw_;61%QZfIyX(dQO7_j&bAa6Uf#=YMq#4 zpb#SF-%HF_M8ckR(XYf{{HJ2Te7&WS(GBTL4)->Tu)|N#r6B<|Jk3zbi5 z?Skf85wZ{XZQx4ZaMPk9bLaLj^?XSySkCSoM(_QkaR}lQC}tjOB%syGYs3GCw+vkx zQre%~dHrLmuURhG&NNLMy+D8I(s1$O44#rS!%~_#-ahCSIpQZo^uFy&M7N2>GD~R` zL9&kC73{z=)DIm(Y$)o=7j~!CUV2VPR7t3;tro0TNe}p<&enk-6OafutaC3 zozB@*NgCtaz5Dl&P*#Dfx%cUvB686bzIiv zgxwbp)-@c<jdj+X&g&wd;df7SvWTfn-VFv2BNl=SY6}_-^RhNB0Mqd<+q0 zS-?+@z5Rj7c-N_k%L{#yHULEpZ}Oa*AK!t3i2a&cZdqIZKIz@H|O7N=;#PqTD`vW zcccazbRlD^2#wtEJeWv0L!(?}JQ-g2P>>iyy~If*a=6=EoZF;*ztz$u>FkyQv>2zA zsYy4y!fD*!&qH6g^zF)$9TqqMC3BlOlCn@sQ9$bPd-*C$+Fe>`aBUvcb z1(;s}!9NMWjp>G6p!jEOY8wRK8`RqCFSGQc7Pg$hj-|zptMg$FF(cSNT85g5b>T0d z7bBv5GYJvN{M(|1x0vRay6D{iNpJT=32~r(b79;j)on_|EdwnN{wo;SA4pp<)c-Q2 z)9QZVhcs0&e~c-KoJRD37cO*QhJ>~XGYaYqSj_d7(vehnwuViLF~z~MnWA45g@`@i zwA=7>RG+_!7mcq=mxch&HL)Y>0@lvik(P=PyWuTp_#mT#w1U&qWpSnvvmRyyt;7TS z_7TDy!UKav7AJLe^YO4E1qbp)qzy30wOWWommq8GN^?500igdyd_{R#S(?X;V-ksi z>L6M0(e^j8zO>e_do4xLK_l1YkUfyj=2`Cr4OUD{*)6UwHp-!2=(j_&=d6Yhx-z4f z7T{KxjQe0?bDk~zoM(Rp&42xX3G?|sTVVPDn_RpGx^2Q(E$nj{0#_bS|9}9;>F#~s zk(G6w0f)0Dkca}cn9skfTwHu}Y#gs-)h;nHr3h42z+` z@MQ2Vl_mOHE)yG@Kca|4FvnSWNO$3rhFUl`;*URGM^y_}18_l;f?oS2kz(o@jIgDz z*$b<#2r^@F&hSlhgV7WB9-mhe7r`7{nGu*03;Bh%`)YOs{l*suzkp{>{V3# zr%y@?o9Nn0mWUHgB5V0Q!S6#iHH9k4{XP?{8KGgUH;*=s% z%O^!${W~qJe((!|oc?V7f)FxD;%!2n-!}KzEcT&DYIm^;pTM1~f7@Fb;td-Nvb-UD zFVO2~Y|Oq`&wJ-^nV>2LHMb9vS(~6Z0oZi2gVp zL`=dDCx}b7R{eV()5J_Bui$rS9rEk2?Q8Z0UE-SZNangJzLrcaMtM)lg=0ws{SnUEqD@;r6Fja|kxRkQr`7TF)xudYHuMQtcQ{PSa zR2NK zFxl7NzlYxyai9XN0 z2m;@8I^D#;zyQm6GS69B1`|78V(Ltr>H+U)XnZgifRek(`Nit7cNZLYk6ECdJoQ|= zWCzkkNCKPaim*88IR3ISBSSx$x#2Frqc7v23HcWOddGNY36*zgNN{lHR6oDOY=wUI zbq@lLf3=UU=r|;5XU|F@^!+l#&1=8>hN}&C7lXtDI@witd?>xcy*eDAd%|KnB;*6| zxR1Pa8*vZ-2>&C-Vl^;kv$3mBcG7EGBQXF3^Qzrnn!7euV>^Hi3Mf3XKh{8FM!ina zBMuE>q`2)fxDXLLhzA~s10)RqABWfAmTXV?@`E3N2t5d;J+h}@Q>NvG>lXyUazJIV z-0ktnooVGigK`5EaS02hLOi+o5FvO$f;!=L)&ANPmFR&QALkbYK)~30GFEAwHw8MdgW&mmaMaU4D zegJ{gvy;2V8nuAig@tXD0~`v&Ej&!7&LBf(t1uV>c3Slx)7Gm@U4X(pP!h3tO zjrBfHcEj6>aIEQTBM|1PivarL;u&{qxx6>r`s!5>)hG*pEi| z9va=eHay&}h(Q^9N5!#;(}N{}Z=tV|)APRMzz%N>cTP^DG8jF-0zXo7TR#=~@}W@Jf)j zP36#`2?s7`pEwjNl>GWWuCaF>uVP!E_KU6io>xL5Rqwz{4@Mlsf3`}v|L}Z7!E_rp z1hImXpXr6^!&>%sWIZ_FKm5cf`j87HJ-Z~*Ex?dU2fa(b>b79JO_Z60KZetA9n(Nc zaxyM~ufmwHS50gRA43cgvg_=b9B7E>Bcu^v_z`U637S8dGk%DN zoAr-MpvE}XD-#}L)J2>xUXzMF=={+Ef^j|JKd zoml8V_=TwOSVKw@_3G{7kML=bd6d=S_6Z26#nqoq0?&3I3sfMPK^#at7JxzPVvY!Y zNChn=8j0my;da53xZ`~%pvhlUWm>^Ivx?c|DEvJFIG*v}eD8<6HZ-ZrvX8Z5sJI-I4?f(XCH3UCINI>=kye-dD zQaZA)aJ0clYEx>uADhk6)6;X9IdNJK$+M9TRzl?iB_Fz<7a%qRz@yrQ`S}mnXBywlAT<>(Kup>2{2@Li>}^APyTyJMz`_714g`hb!GQ|~Q9*io?OC3hSP-?iYNq+f^&T?i!DUG4wjk}k=mT#ggH;qncZL8ZCVHBc#|>j7zVbW6 zX~=ZG3L6F)(6vnv1xxTBaV(~B3QabW!^Rftb&TCCx4*wfc+H=s3`J?sr+8yw(DFB( z=tZM+uo4y(2x1|c4N<`pDo;RF3+p%0F&NQ!Tz@Byh2M}M9P>u=cg^?mS5F@+aTOPr zuLOp519Sfh4E9QuioD7`i~D05LNDlz_-^H}V?yxTqT36i!TW(ve*(B^H?KNs1)lw&~J!?)=chV?W>s%_N}g|=DX&MtIY zDzxuI>p^A(AV^LJ4}#G!eKVEjnKRBnqdN8CK>_9Dh`n^3#LnGFwK#i0%)?30ap&kt z>u>(P)4jMW9DnjDC|(pBM0-@lN^x;@0mq^Haua>rHYTPQ0NFUdRn=pg8IB$_Y^a0< z9*ziVFTy>7xc%r9I+slcI|cDPmni%>A zuD+?94Jt$_cEa9+f?*>rbp}<~&yL*X-^$Fa4HNI>t*op(o`Bd1l4-wR*=>ZXMy!L@ z|69~ZN#4|Hy|;NSD4(18w8q!a98?8BdQfn;P9|bF%WxDGsa(H}!{gste{$F6dDSl) zv3KKoX%{5=wQT8c|ZK5Nh}xO4LTPkWzxC+-oyiLi$J7e^$6K%lwqoq7M2 z-Y50_A@*6{b6uhT!&+kCNGazr-|Wi3i(?wR{oaM0ES&olgwO4e{t}_JnWIM~)m#|) zQz2T3NhvAxw*0cZuTsQZwl6nOD?<{<9#}R26F>k6v}4&Qbc5J&gMDSomE~tNhn_YX z9TG{9Z`kSoY3=NzYQEz*UQ+VZgOXdg-CON=Jl52?WJ+;KOs?jkQb%Rys>RjRp*$7B z)yA2P#qm&1rDZN!vrxKOIoehug{(4nNh(DiB4K;|ZrRRucAV|Z{kMC5-MZi3=lA)% zKktXclG_9Gfm*rKSJXUKD=v&}(EsdyqFgK18R}b~+0!32TZ)C#@gFhm*VT`kBOVKm zAw-%$tEH_)$=gZhLDiH2+tRh#l-i+U@p|w+9>>qY3>5M{5(sVvo|o{&?S!JM2|PKH z^j6eHXlKSOOTiYOBx#7_bX2;ct(lpbM!9QZNqC16GHz*A6l)d8{ydnjHBaieWp&Rb z{&|}>x07EM+5rNNT)c~V`in&6mi4J}6Ds_MTP2M#z`N*U1iDcmOJlY$?r6-p1`5i3 zWjtKNT}@OCX9!{;(=d3n^#&%*TRw8Hxgya`nP34tayRq?mwr=Bv#VSB6|q@Aa;1qz zfm`MD(55;op>b)epT4v%w0Mt`egP?Q6XN)!9}xW6O8aa%SqPPKhQx&MJiP@HCb7n< z&d7!tvu0_svf5NgB5PpCJe*k$`;Z4EOr4=--Y2|mdiMCR7PB0brEne)uXo|IKJMf=;iM7d{hCz3Nz9SmTed|we z4c|S3?#c`>ndH>tL8pIRr=c%GAaHqES~(Jp(-dep^_(dWoZoktn4U-wE~;Bi1)?c# zehetTP`lo}x*(>}kN)FiVB@hXAM!DnzT2<0mbb7-1TBO@0N=9EDNM4Z4D0})Y;Y851oxHvcW zrsD^iaUJB?F}w0a0FwdTJA1Y^+?8Iqp#A4a@i3H*gf6n5CGVQ);bLuwp-qA!ey!tE zxtqRonJsZ6(&5IWlXn&=LPWPop5P?%qJ^tj&=L6rqn`ANM&v_8&G=^G;BZ&kI`2y^ zh=UAv#eZKHvJtQI*x3`i?A+9prjG{9D0r(X3P-ILP6h=fbzkRCEKT;Ge`U5RC> z3k{4N&Xmd=@FLo2#f2Uo>g9p+x>msRhILo5G7z7?toL-CLKzfDg7@DuO8n%{)n2-= zsnoH>yT=44RXU6A9Gyb6MVYd%5L$3Exk~A)7G-WKzOZD+i9qS_ryj4Gwo=ywMbv^( zlLfHpspMM+wL1H2D+;UdYyRk-_-6jcD(^34&;L^)ToH+*yG$mNN<*o0tjdhnOn2Cc z-*-+Punb$WyR@*t9@a_I4GlaeDqKqsflaLEy{uAEE|6}=GV1KiYU&!6ru+2o>?r{o!#dlowito5YG)*&qoJ@AP zoisHBOu5Wt8HW#Ft*ngA#WAh5Dtl8$MmT^6$DO~?Y^!6HW8WU#U3oXE_@h-ctj{+% z>=nLmI<+VW*^vF(`-ZhIi4KQHC>Z>PolnB3YVTfKOkT}LSSK+-LGYuHc))3dS2iQ# zLBW1~0B?FV`=CDN<}7ES93D(#gw$WP2IOf%+=KK$4LYTW@NkKK51Mj&WgdU{Djq3w zM`nx~DrO)RyzsHLSoRBIUVd)(^3|tM)zhA zdNgE0a_ZcXT`E2iApIqt`33^mb1VI4lolI?Rb`r4Gc^tIe zFd&gD;IRv|4V^Bh1r(Tq2JNwxGz7B2V%x&vTg0{EiLpXn4PLgGLQQlW4%WH zjY0T@pe68~Idc?9Ur7lne_(s&O+o;0dVV=joG4Mxku7OJG$qtd_4d7nSM+M(yHc1>XA9u)|@z-MXHwe{vuTRrciA{+m+iNhRN>{Xv9NBNbzM*C>iT33DG?zbbr-b4jZXhm t(N+g41-*F47ypWhz&l?z^(FsiH0<2cx@#wz19+!_&s1OevB@DDe+Qddm(&0N literal 0 HcmV?d00001 diff --git a/articles/2017/05/17/nginx-authreq-2/stage1.txt b/articles/2017/05/17/nginx-authreq-2/stage1.txt new file mode 100644 index 0000000..2a6437f --- /dev/null +++ b/articles/2017/05/17/nginx-authreq-2/stage1.txt @@ -0,0 +1,14 @@ + + + + + <% if (my $msg = stash('msg')) { %> +

<%= $msg %>

+ <% } %> +
+ + + +
+ + diff --git a/articles/2017/05/17/nginx-authreq-2/stage2.txt b/articles/2017/05/17/nginx-authreq-2/stage2.txt new file mode 100644 index 0000000..4a3d7a0 --- /dev/null +++ b/articles/2017/05/17/nginx-authreq-2/stage2.txt @@ -0,0 +1,14 @@ + + + + + <% if (my $msg = stash('msg')) { %> +

<%= $msg %>

+ <% } %> +
+ + + +
+ + diff --git a/articles/2017/05/18/nginx-authreq-3/index.markdown b/articles/2017/05/18/nginx-authreq-3/index.markdown new file mode 100644 index 0000000..abcfa32 --- /dev/null +++ b/articles/2017/05/18/nginx-authreq-3/index.markdown @@ -0,0 +1,161 @@ +--- +title: nginx auth_request (3/3): Web-Application firewall, WAF +tags: nginx, software, devel, репост +--- + +- [Вводная](/articles/2017/05/16/nginx-authreq-1/) +- [Многофакторная авторизация, NFA](/articles/2017/05/17/nginx-authreq-2/) +- [WAF, Web-Application firewall](/articles/2017/05/18/nginx-authreq-3/) + +Сразу оговорюсь - я знаю про существование `nginx naxsi` и `mod_security`, речь про то, как вообще такое делается. + +Под WAF я понимаю некое дополнение к веб-серверу, выполняющее одну или несколько следющих задач: + +* блокировка вредоносных запросов +* подтверждение юзером "сомнительных" запросов +* ограничение частоты запросов по сложным критериям + +Дополнительно можно собирать статистику. + +--- + +Принцип работы всё тот же - nginx сначала пересылает копию запроса на какой-то внешний сервис +и на основании ответа от этого сервиса - решает, пропускать ли исходный запрос или нет. + +Механизм работы опсан в предыдущей статье, поэтому интересны прежде всего алгоритмы: +1) выделение запросов одного пользователя, +2) ограничения частоты запросов. +3) определения "вредоносности" или "подозрительности" запроса, +Нетрудно заметить, третья задача зависит от первой, а вторая и третья тесно связаны. + +По порядку. + +Выделение запросов одного пользователя +-------------------------------------- + +Первая и очевидная мысль, приходящая в голову - просто смотреть запросы с одного ip. +Но тут есть множество тонкостей. Случаев, когда с одного адреса могут сидеть несколько +пользователей - достаточно много: nat, vpn, tor, ipv6-to-4 брокер. +И обратный случай - когда один юзер может сидеть с нескольких адресов: tor. + +Что делать? На заголовки полагаться нельзя, там можно подделать абсолютно всё. +Комбинация ip+заголовок, например User-Agent? Это ещё хуже, подделкой заголовка можно добиться, +чтобы система определяла тебя как разных юзеров, даже не меняя свой ip. + +Один из возможных вариантов - заставить каждого неопознанного клиента произвоить некую ресурсоёмкую операцию, +после выполнения которой этому клиенту присваивается уникальный идентификатор, +который тот будет предъявлять в дальнейшем как доказательство выполненной работы. +Разумеется, его нужно защитить от подделки и ограничить срок годности. + +Блок схема ([исходник](schema-1.dot)): + +[![](schema-1_tn.png)](schema-1.png) + +Путь "известного" юзера показан жирной линией, "неизвестного" - прерывистой. +Операция (3) может быть к/либо вычислением на стороне пользователя, с сообщением результата. +Или же - проверкой на робота, например следование по редиректам. сделанных средствами самого html. + +Схема может изменяться в некоторых пределах, например (2) "N" может переходить не в (4), а в (3). +Можно например, "неизвестных" клиентов сразу кидать на капчу, т.е. (1) "N" -> (4). + +Думаю не нужно напоминать, что все операции, кроме (3) следует оптимизировать на минимальные +затраты ресурсов и максимальное быстродействие. Если используется капча, её лучше нагенерить заранее +и продумать механизм "карантина" на какое-то время для показанных, но не решённых. + +Обратите внимание, путь по жирной линии выполняется в пределах одного обработчика. +А вот переходы к другим состояниям - требуют перехода на другие странички. +Помните, что я говорил про `error_page` и поддержку редиректов? + +Ограничение частоты запросов +---------------------------- + +Здесь может быть куча вариантов реализации. + +Например самое простое и железобетонное решение: +выделять временн*ы*е слоты определённой длительности +и считать запросы юзера в пределах текущего слота. + + my $len = 5; # новый слот каждые 5 минут + my $time = time(); + # вычисляем имя слота + my $slot = sprintf "req:%d:%d", $len, ($time - ($time % ($len * 60))); + # увеличиваем число запросов для юзера с $uuid + # и узнаём, сколько запросов он уже сделал в пределах данного слота + my $reqs = $redis->hincr($slot, $uuid => 1); # O(1) + $redis->expire($slot, 3600) if $reqs == 1; + # если $reqs >= $limit - блокируем запрос + +Метод хорош тем, что крайне прост (1 запрос), хорошо масштабируется +и может работать вообще без обслуживания. +Основной недостаток - низкая "разрешающая способность", +на границе временного слота можно превысить лимит *до* 2х раз. + +Если нам нужна гарантия, что в каждый момент времени лимит не будет превышен, подход несколько другой. +На каждого юзера заводится по персональному списку, туда пишется время запросов. +Недостатки: стоимость выше, больший расход памяти. + +Принцип действия такой: при частых запросах в начале очереди растёт число "недавних" запросов. +Как только N-ый элемент оказывается "недавним", значит лимит превышен. + +Вариант 2/а: + + my ($time, $limit) = (5, 60); # время окна в минутах и количество запросов + my $now = time(); + my $key = sprintf "user:%s", $uuid; + my $some = $redis->lindex($key, $limit - 1); # O(N) + my $next = $some + ($time * 60); + if ($now > $next) { + $redis->lpush($key, $now); # O(1) + # периодически подрезаем список, чтоб не разрастался сверх меры + $redis->ltrim($key, 0, $limit - 1); # O(N), где N - количество удалённых элементов + $redis->expire($key, 3600) if $some == 0; + } else { + # лимит превышен + } + +Вариант 2/б, где "гарантированно дорогой" lindex() с O(N), +заменяется на llen() + lindex(-1), т.е. 2 x O(1). +Хотя в теории, lindex(N) для списка в котором меньше N элементов - тоже должен отрабатывать за O(1). + + my ($time, $limit) = (5, 60); # время окна в минутах и количество запросов + my $now = time(); + my $key = sprintf "user:%s", $uuid; + my $len = $redis->llen($key); # O(1) + if ($len < $limit) { + # первичное заполнение + $redis->lpush($key, $now); # O(1) + $redis->expire($key, 3600) if $len == 0; + return; + } else { + $redis->ltrim($key, 0, $limit - 1); # O(N), где N - количество удалённых элементов + my $last = $redis->lindex($key, -1); # O(1) + my $next = $last + ($time * 60); + if ($now >= $next) { + $redis->lpush($key, $now); + return; + } + } + # лимит превышен + +Впринципе, всё это экономия на спичках. Значительно большего эффекта можно добиться, +если считать не абстрактные "запросы", а прикинуть стоимость конкретного запроса +в плане нагрузки и выделять пользователю "бюджет" на пользование. + +Например, показ странички с картинками, где половина содержимого - статика, +а остальное закешировано - это одно. Полнотекстовый поиск по сайту - это уже другое. +А попытка авторизации на сайте - совсем даже третье. + +"Вредоносность" и "подозрительность" запроса +-------------------------------------------- + +Здесь сложно дать какие-то рекомендации, смотрите по ситуации. +Можно анализировать заголовки (User-Agent/Referer/Accept/...), частоту запросов, их логическую взаимосвязь. +Например, запрос к автодополнению с X-Requested-With - это с высокой вероятностью человек. +Постоянная долбёжка поля поиска с интервалом в секунду - практически наверняка бот-дудосер. +Монотонные запросы несвязанные друг с другом - поисковый бот. +Пиковые всплески запросов с интервалом в несколько минут - юзер, который открывает несколько вкладок сразу, а потом сидит их читает. + +Вобщем, на практке быстро научитесь на что нужно смотреть. + +Ну и не стоит забывать про типовые запросы для поиска админок вордпресса, скуэля, гостевух и прочего говнокода на похапе. +Клиенту, спалившемся на таком можно просто возвращать 404 на все запросы, чтоб больше не приходил. diff --git a/articles/2017/05/18/nginx-authreq-3/schema-1.dot b/articles/2017/05/18/nginx-authreq-3/schema-1.dot new file mode 100644 index 0000000..e45e7fd --- /dev/null +++ b/articles/2017/05/18/nginx-authreq-3/schema-1.dot @@ -0,0 +1,30 @@ +digraph { + s [ shape="box", label="[0] Request" ]; + p [ shape="box", label="[A] Pass" ]; + b [ shape="box", label="[B] Block" ]; + t [ shape="oval", label="[6] Set new token" ]; + c [ shape="oval", label="[4] Show captcha" ]; + w [ shape="oval", label="[3] Some heavy\noperation" ]; + i [ shape="oval", label="[9] Accounting" ]; + rl [ shape="diamond", label="[8] Is rate-limit\nexceeded?" ]; + ht [ shape="diamond", label="[1] Has token?" ]; + vt [ shape="diamond", label="[2] Is token valid?" ]; + cv [ shape="diamond", label="[5] Is captcha valid?" ]; + ts [ shape="diamond", label="[7] Is token set?" ]; + + s -> ht [ style="bold", weight=2 ]; + ht -> vt [ label="Y", style="bold", weight=2 ]; + ht -> w [ label="N", style="dashed" ]; + w -> t [ style="dashed" ]; + t -> ts [ style="solid" ]; + ts -> b [ label="N" ]; + ts -> p [ label="Y", style="solid" ]; + vt -> rl [ label="Y", style="bold", weight=2 ]; + rl -> i [ label="N", style="bold", weight=2 ]; + i -> p [ style="bold", weight=2 ]; + rl -> b [ label="Y", style="bold" ]; + vt -> c [ label="N" ]; + c -> cv; + cv -> c [ label="N" ]; + cv -> t [ label="Y" ]; +} diff --git a/articles/2017/05/18/nginx-authreq-3/schema-1.png b/articles/2017/05/18/nginx-authreq-3/schema-1.png new file mode 100644 index 0000000000000000000000000000000000000000..239dbb83c532d2a0f022daae567f3b3eb95dbf54 GIT binary patch literal 71609 zcmcG$c{G*p-#@wuZ9{B?luU^Rr6hBvj1dYUq@+kPi_Bw4hNzGXQJIQ_44Fb98A_5e z&rt|v=Dc>_=lPv;o^{S2XRY7yS*!XKd*A!Iuj~DOP47EQS6gih-F7+xfv`nGUHLSD zKq*5YY^oqq;%_GR9rng=G!~j_%7hK_f2kE2u>=AyK|@(l-~Hjw9ye3H&JFpQ*h5qa zkLUvUJ<~H&+1>;znW&tii#*Gv|M}JDlSQen_DlT=D$fF?_Zj6gPGr+t?&0UvjNVNY zwG84^b@KInXg@8o<#@G##L(Jm?dH%6ardl8l?y z$&*b@O-Tmya5$utIW(Ub#UtNaVAWdTxj<5i6+Ed#JSri< z#3^do{`BN7)!U@M_SCqMDungl^W?9ejSq-?yLRoG9e8!^JN`dACxMY!sI2sv>MnJWUi(&b)qC~m;`7YR%#f@6K{d6t)Mpt8 z3SNpiyq7F5ZA?=w{Q6!jbN#1LrI%FT8wKLwZ45j-Jifjg+1dM?E>Tkl=e|mR{5Xgd z6Bk#{bno81g`Zuu0}hcpWdy4yJfEee5>iAc3DrUYb!okC!#Tcx|DK_hpmfmD$;rmX zX8Bif-|{O(Ha4~(U2pGWz7s1{)4dhWuCC9YJ$qb6BKQgTO&WdnT%O;nWZe+WH_T#Y zW)`H2AM6v~#?2i`a&mO!ixU$Q`q({SyW34IjzR8|zGAAJ!2F)gsYGp9=~Lm5KN6-;dFpX^o7Gtmye1 zvs;t>py^_#x$m!UMd7Aj+uC$>b^T1XYuJjve*Bn!-rcJg z6BEO=b7$*AsrK*76ok|rc;UI3nbh_lOgwS|ak3us>e|}5AxSl~x!-SH5&QOgsQ$o# z1I4yoENpDS9B0p-6_=2h{$3nqid}LOsrCV8pq-HlFsR;W7L&_MmjoCrZM=tDqr8DM~gc1%&{dteF{iiFR!Q&F)bmHNc}&5 zey|iB8XP1kWoKt|h@8{X)|T^_-&0vcZ(rBbvy*RldO9UG)_H#X6b^n+8xC^fg9p+* z+Z9PE-hYi%RHzk6w&EscW<9;V$-KmC*RH9kyu}UR=4KziK|vU&6JVGBBb6`7)nZ?@ z_LqECS5`dT-Ggr49OQO;oXfJGkMB)={bt{#ujMzKRaI%uakI1EByAV7)>T(0Dw0%G zRP5~R7-)`bYBu59#^@ADsLw?&U!K;}b9QvpIC*lUS5r~(&2VGv%EGifZu#)ArJ7nj z`OQ8((G+IS$$8EfH2>#M@wM-xlarI9qksSYG6~>qNj}ze{tzW4rH8u_xqzEJV%~W( zdy}`gRSQ>;uCj8STIb`B)|W3|&NHu?8n}^+_N~9+EG4n=;2C)u6WZwH4~KI%m#&`O%)ySLq#2nq64vdwGeTdjoHzyjg%< zfyhTsA0D`wiCfk^dP0dnNY!-M`M! z&lW#l(Q0|=Qc+P+RxTxhH_iIk!?PrH!uE)pqz6Z=wB6k$JBkPdg}gVe|37ua|LraI z|Kkf9XVVh`IzD~+^!amL#bd0))2B2WAI=}j+yi{H9H2^~>NrYJ3=0i4Dsi}=si|qW zf7`Zgb?@HUT)j$Pu#Z3(-(k&m*K%RHZ(1;yq(n_kop-K+St_|MP1;4GoPfeHGw_^v+&yf}f;+ zt8k-Q`bX*H%gyLHF&5+(Jbza(EBfBOOINOF$cafvw7!3z_JSLqdy`~+3>`Z=d+p6F zyLb*7z3{6cf4e6xY}8mbw6L(adNt?4 zg9o^&zp8`}9JnI3eIe)D_wP9TjfNFoOD{`Hjg5`bt8aSU3l659_uEVeWmFgbUCVk( zo;YEVZ$vszAl#u0+f75oe5z+stXf}R|0WX;BLxj1 zl}_OP9+skNl8+@NK|w9rh+naM`-pUf6Ak{6B&IHGqkg(Rq|$W_kg_+Rj)g@$5g6d= z?8ReJQl(j08u)Z|b#+*kj~_q2dGn^b+muo|uK3lfr%#?7^IpFD+Oq<8@ZLQ(&hux^ zoY9Y?C6MH!jRHP-D_^+y?)IIyxQw#XZ)~is)ipHuqG|yzrMMWWwh>a9c=H#t3JbUT z9;|=&?p=Mogt+*u^5^l7=_`LG)m#(wC&a3^G2DFq{CQyDrph>D6O+UVQ3^sDk!3PA zn)x0e00)Pmnc0E;`+-R4m^+UD`ST|$D@&H*>GS8!-h|Ctwkx|PU`YsJ9Wvd_Y&<;X z1_p0gPhG!$osN!9KW=aC#Kgq83J(?TfoIQz19(d|*?x#WjLu2^0I4(rU(_7b^p%uq zfFj)a-+%dX=G3V>6QaA@)i(W{YnAW({P}U27QruC!Q%H|WTsVXvcZ`%O3GnG!C2Jk zFDLyXcFJ7uulE198e7$$Z76>RirK$!AAs|R4<8y@-<(QU{WIN{f{&EK-3Dpvx;*GkQ@5RR(ojcdUdTN(ir2gsCX=Pe%GCW&eI1at@ z{@Z0mevfgPEOp_jP!DWSV`I+cX{&_v^j(2(Qp>bXb$)B}2XEgn*` z2Bwf-ovFnUp`H(q2HppFMsz2^hyvy zsZrI(v+O*?Jv}^>T1P8yEKDWky*R7p1ndsRw#E^%D4Z%)FQdCYKp{5 zmoMjHlh2QT#5wZ!_tz5CQ&9gq2sOadiV?E!#dCZMA?-ZHg zl67zE>)WX3@pW-?&z?WG?=E2m>SklR_wZr4*U~J& zLwsUlik!E{KYru6Fg1{>M11@19e+@Hd3lh-Gmo@H!uL{Vp>7pM!X@IJH9 zad8~Edh;ki-6f6}o9-U~;aD8ZeD>@a2v1yGCl&|w{Xt@4RxUH4QD9$~>(IL`PJe5B z)|L+#z3Bh)+$71T=9XNg(3yI}-{k`M5)-@2OB7GMW^Iig6dpIU|AwNXqOJH!M~}`|k%w zuO0-(=i<_ORpUxs+~Qcwr5%5Wf)52l?O=kOcUeTl7Pq|nb#=-B*SBxqj@&Wq(_}67 zpsdW}#to@fX)qdwEnC>~vV@I=zvKXRm%IC~ytlf1`4!$oN)K&RNGqO@&bNt|m=-%qRafE>1{fM`+XS*&1e6)+4^_t8HyXx@u$nP2gtmvPX{|_4fAm*lyQ$ONAN@j~fa>~5?FV94ddgg9BxwB(>3YX3 zIF`^W7#V#9sNKoMHItDD!V?%+i~q&#`_$g9GQmO|G|%A;sr@l;(Ea=xmEtx|&Mlmx zR2#Oowzo+&n=NrV-3Oj%#*vhyrKOY3T(Yzb^6dpgSF(oWFkH~p)kS=in#wyRy|%V? zMeMA;{?>D2t@0bn#B06f30?-Os_(D~rPpnC`sy);>^eQYGwb>Dh?P9Xlp|T0nGPEr z`CYczO;ieHp^6s2`)Lo!PL``v8)a~|x3&3^S?-S#ABivnL&Ff#r;d&hV>$Pk^Fg{7 zFYfYbIDcr|Ww|{=M<+=-`1PWYfWTHZHgXGE3}8)cK4WNDTwFX|LjT|7Y-<4T_8mK* zkI*o2Yn^*vv$+(P!AnH(4&#RoeTVY|w+{L>dvFIw3n!Yz>J)t4s1JL7{m1RIvOtHh{F0)bD}Rg>yK<^`U^B z0il!%mSL0e9A;!ds;w<3BHnNO6|@hF+;H_g<<2Tb*JH0#3>RhYQ;pM2b*imj6A%)T zIC>NsNkV*lwC@fevNz^{YwL!-q)*mj-rj2g0Rh~( z_O`YUMlFvK0x%Y{|IpISj9dyy5j~8{ex6>pAn81Kusu0+`!SEgakrCH1eX(K zEaCNP{}5P-rv%9ucP2Fs)Y;nT!IJwBxVOpaw_ z@9wvZTA4(`IIX(ydS+HuV?#srT6?mb_wxFh=X@UlO@}Kvfiks4@VOe1bNhB_Ny+|N z>ew%v2-1MZ#3`L&R7td@M;kQp|Ba#OTGg0B)6*~3-`GV#@Y^A9|B#Ev34i%KY+O_U zf$6(xxT$;hhLw934{2l+UJ@ttw<}tlQs5W)9?kJLS@s4#XwUB&?!s_NGO=R+Blqp7 zw%Dd;?Uh1U*X*n;&O_&`AqAd!W<=qwLm+rjh3$4y{`)tb`|q@ljt-do%Dw%DTwGk& zr+Xu;4$~0)bT)_Wo{*ES3+$)-sYgQ*78S)rB)a21ea_MYE0lK{R#(&~5~BA-8(FBP z){c9NrFqD-4MKU5xc2RCObiP*_te0^$Kq@V4uN$n_9>G3r6igHA>!afN6x{62T|5i zUhV{EsEgsU6_=5b+0i$1cYfMM7x-FSTpTz_(%;3^^|vvq6VTwW@z&DFSFgl7sz6^| zKoc$UyM6+CPZ6%#*}c=ba^=b$=1W#q8R_ZAuVsM=vPK(yN~@?a)7EC>6T`N}P0=-D zR3iQYOffU_UYZ>#IRvuDoist|7v1pw{UDFB)#o`Zvb?-J^oyAphs9AU!r~rvVTFXA z*KSoe<}Sa#yO*9_c$=Kp;&YSY%v>UY_Y*{!dt||3cDON4#2f&`<=t&gbDyOVG@{Id zbkH5}9e+TixB+fBI6A+6jgN^@a+M+wn0G_(C#>>#damH~WamJfKd3Iut7I*iWT%se*I=k z5JCL_`CEZ@`1$#v!RQ(o9CaFQ2&U(_Pewvp2?}3%^ZmX$I5`3CzlDke!59+K^?@4d z?ERDkA{$;)$VJ*4|0pFTHTmWFkwb@4%eV-Bx{A}+d3}}_rZ*<@s!p3xY@;Xp-v`{FKm@!?7tnC=+oFSzkdB9 z>qg_$Sg;7tsLIt@O>}ukbb4m=gwzbIlNczz=j?D8;Ba_&ct*z9Yqx3gt)Fqk6`kPR zvBSK|XAQ6bdiSdrFNh2bwpXvFm+c`axIr(_HZ|q?XNrK}RJl&Fm&ytVSkCmnS!6V2 z4_CPmTr=NcX#ON4BhRGR4rWKXY6MX879I(1Zf?7a7mufZ1S&+yZy4EFoonSV_fky% z`19va_!dhgY6O8DXolHW2}(-oA4y8^ez4l7PMyMq;Jca5g_1z(p$r1wz-4$+sAV%e zIy&_=e+V))R2#2uTQjpH)KR5|`g$QiNK+tH>+|Plz}%tv%1tp68fn6It2jtDCmcbi z27iB*n%X}*(&RkW^0sw-c`^@7E>Xh%X`w1@kd77LcS+QBknHkuFHOyG0LY>d3SQMz z1KsV1x7`j6B|?xu>wW+JM364TLoi4QyKZ&YD=~XzWxd)`6#;~sT3hQihlhtrN+d(V zJVb}PFAEC3g8+d;dwF|HakWIrue%S{(XJk*bNBLyVu0!&8X5}n55QUU>ecL%eT2s( zf&24NBzcb7=tCX_BSZaEyS+`(RV8hYkdT^=&h*ScEf?dM-m4=%tBad9GYSX_LhGH& z5hpy}f}h3hmhoMeRoVmK&&%sK;iP=`>C>mU@7Q>PCm-CsfB)~^#IqG1MUdLhpYQMU z-Du96{Z|A}H-GwsR-c>On`bVceUA2_dGo%~*Gzi>?k*c7Ptnw{Ob7w0K_ z_fsisSFq4HT2lOI3}^}^{pHJ-?;>};zV`hUH@CES;>q=J8VsydSY;J8}HHy}g;0zysy6k;o@B zSKW5r!Sr@RLj#N*M!w;pAy!t_+O^M+g3+6(PID1r=--t`^AE>!9J;@gpuqJ;ik+~^ z%)t@&;K2!3HiEh+T*pQ7#)I1g>=d1RXPScapTDdLriUhkFVH3^#^gdHK!PE6Po9{t$quJfNK>$&sMZ0r#i~@e{P=`R4B4`Sorg!qRfV7qor|z& z56J)(=g!WIGIoMMh;Rorfj0pTn)X9UMe;>$mHeN^XwU?W`&QUhUjqA=Cq|JoM|=0TB^j{0S85lo=zzg218~ zvs2Qce=Nm!>N51!V0Z-1&d!hSQI#0z>kFH_`Z?O1h+_X|ZY~|mq`b3`?!-%o15<`T zjIyy?C@(L~fJy1M#g zqPUc_^tloTMY5cC3k~q$MGZM;=Q%XR-@-w192WlC87oUm*u3brQQHm=_Evc68&VPO zVQW+B$bGafoLV7K-hqCac=xWD>%`~Bj|H$!ekVFyZP0c9lLctow}%aU8SEcYqtAGM z|IGXkJsV9*Zv_&S%YBMZ3@!PO1Hb{Hku8xPP`%w+#}@4bxDlYW7n=@D(Iy-iPA>XM z8G%l>I06yMq^lrDDcSjDqv419Ix4?$FD+=G?i7PBT5JvotBQ&W>ywO)oMh-2tr zOs_7WE=)HwtOpS&SwBE1MfLW!M=-Hn^LY&Q^lH6XAfrGSa+SV;}0qR=&r%!2R zMzr-7`QrAyXz21xT$0f^7X9+-!u~_+3OXlFc>I|#KssP~dUF{Bw}^;{Tes*s-p+2; zx%uSjQ|yB@M$XF@FK*&_M(|4xtQ$O%%ruE2i0Y8a$n%A)u8?(Qqk%Ue!9U{~SihI> z!A3nDW3hu!?G|m6Lbbha`B_NZRNa#+TM4{W(MA=zI7SFF^wceYxdcT+hre@&d5P~T znC;xQKNLDQcMA#4xkS}%L~cKNBDH7NZkF5O6at$B&cvl&lo-JoDYbWK`S8Kk&Q6tl zcVf4MrMS~S5bJl4WEIrfCgo(Qs~i1HnBfCW-8O+Q8~%w_D(0>B>9636>guMJonv-F z0zoC5Jz|H%L0Q>{Z_Wdu6TAhUgmrxTwoKkDOqJM%&XQbH6t`xoV96ZPebxYfYX8B5 zQIthA4XepbT+nkovBLsch0BP`&5ZbZ;Z z1sv|UJ9i$HoqLr1?Aa>d47?W+vobO7WtZ$GiquYlL;3wj=p6#5_jel!e}PF`TU!g! zd3J4~PY+jFvFmTxpC8BLH(l8^!l_EC%QbubA3y)N>jA=iWc+S+Q_tyA98GBZC|Re? z8aDQ#+^;S=;yM)+6m-7iJ%0|7gu}&P+x%+^1>sN+i?FjBm;Z-?ZfoncI5W`av+@hP z3JU=EoN~m9F+vqiP}uF;!h849GBT_V~TpIyIv=@Rwk%@ATCgp##y_W`sUxeGNxfI<#=jTZTon>LYA`0A3gcwz*} z#?B7W9H!Vt;eGqk+J69$6hqK(dE;Qe2^v5li{|_^-;nZE5b{D> zR+=pGp$e6Z`Yz5r_#hc77Y+2e;-HgmQ?;=cA|V9{z(+)&!#Ry0_O-l$mt z+C>*YsRYX>($Xpt4=0f0SMM7d3gNb8WT4-m`<4!+(m-FIUs%|Hvf0zqQy<0Chs4%+ z+aqY}g@t0Su798o0)B!rE8||NsGtgnm{+bs`GiA|p_2mYwypIGpa*^cZzm2Abg`cC zU#JB@UFV@>zHQe_oX#yf#3AEz{QDxCqc9|`=%GyG(y>@ADZ-g*c)Q z0$`D0VN%FDfp=zTC!KiZe`p)S=FK560l><~fmP8Hy}EV=la$a(ljPV~S$Bzuq(nzo zSG18mfxr)QWCi~J7C9t zk6T>(`odp^@_?`~{E2lKrs%IaeI=Pc_T>Ys;k8l{`gd{m{X`gK*(#-6L=BhK|We~>6p`7o?Go3l}s(lb(YiZ_ZR{@bvRF5_Q zF~}e8-MQvfl|cR|1P2*2jF53eZR^Z6GbwY)!kt=*gm5$KwZa^^-!ON6va_|lJ@%~y zt?x9!C5q{J0FJ>nQA>3X59vxziT(R0k)XmN<1D~|5ZJi)^S6XA$|RCl2hSFc>xnxJ z)`cOrmuFls`X5$esb^&9z{=@%^-~ZnD@n=G(Q!BidI^$m{laxDtgQHaM?^)X?V?w- zcWsY&iXHfx#YI3wq{^mapS*lkcXu~*bg0B=8!YlgUQ14bu{Ti7vB+ z6IZ`H6G4dtFhSCY)n^OAC73DfNnYOcuY14f0}QF5e2T_^$p|(-Aj7T#aNQn$R;p zYj0x%D$Le?O0#VGdXPzrO2+q(k2PYs<$YEmg&a6nzKD>fe%vMk2j9bbNAnRU2M68_ z9VhbgO<61*wCacs}|)YNzPuif%LuZIvP^T9M@zh8|T_+e;L1)Cfcaz zo;$}~`G!FFsMx$_H0UnG{?1wLBX}j8VQe<@p%5-cAsHEylP9mi7kAfKkWksOQ@XIE zq~y^fij*nbQeGqyVEsd*C}@={c=4j&uCEq3L%^P)p`mNGwh)A%G3o)i#m9$EpEWD8 zF+gdA!i4&U9#2n42f;0*7Q6KZL{2bn)kv&C;Bs?z zUS4Z+^HEXJn#8pq87VM=*Vk93<;t&8QoCKE;FZ-^8{HWAp`ape^xGx1rk3#((J^T^ zD*kn8F$5jCOMMJ8_M&Zo(;PXsk!WAJ1j0M>4z=!oMdxmAZt8dZ`_q^vkeNjCf*ripGkxZ%cOa8&OEQ#bv0T$MXve$A-Hd8>FLNax12v@YHAA0 z;BUK*{J@s=Y2OV1RzZ`!@Veu*Mq`C^P{#Ap(nL|bA=*R$jNwL+MZ2z63!En?coiN6 zRF9rM9Yr|;om*TD@B}To|o6M(t4p@|NO6o5@|Rb|_#)%~6u8G0}%Q zlsRAHS>&DsPI_PMwfT0kv@$g{wMg^yze0iT=be5ZYhbzUd0*IzJ8CZM-|r$tOLc*~ zp-XdPCdS6z9>qq4W!2lPIq9gbgM$`Rc6Gx)Yr!YFw}c&9c~N+0)|hK)1bvAdO0*UgpT)PBGG)wbYB#5(< zvvaAH^t;X@xNTOJmUYM451Y1*EenW&i$ z@!Gv{wMQ;WcgM~BaDR6k$tOf$ly<&5&IvhEB9KHmut!)Jp@-m`XL!Y;jlAoQi0k0w zKmnLIBpy{%^e0s@F!SIUm*2yBCr;2MH{AiNjO1!OW+y^WkcQd1MdxOP$Di!9G)mWo z7X!5+NG_c=6Fyq!CaZxd0KYmG-ed+%4UMIlflU+97m%IrPp&#)F+bB8_xOetbb0Eq z-TEwEF%%i`gupuw{rVLwPHAb03|C*0ZOa0bGcLHCgrIZ`?Op#mI5twUfnSD}J~KZ_ z8cEF&7{`8mitpGhDA)^FgNz-@v;ZX2%t`lJ;Yz-&p)CcgWqe^)#5t5-w2^H!T=TG8 zn-JLJmh*B)M6WSc2-GPW)P69eDp1ZvemDgD&D69T=2PY3Abo>S+i}odB%P`tGJ~9u zah$7^f)n)40PKBm!J$cw#lF>5FY!c(XZBz?Q1P!_i`amE@g64SqT%Jsg2}b#G&CA( zYADrqo`dGh!&hgKFQ}7jdhQ$`mvh+9HX>C}^JNj^mjWib}fJrF47h#pG{JpjDpcc(X1bz8cFgp7; zaGZ=3ACJ|=!+q~5k-~$gMu%#(7$PUcu4Ijh2gCXA%uGX5(-3*~q>Vn>=(N9V{b>V( zUvsL~V&8yj$a!5zFrbTa_YlrJhP}e(Kn_Fwo$Q>}dzJp|nHO#$IGXU;!qD1*nJj5u zvq?^%N>SGH?}z5*U)ZxyP$8_| z*RSr($4OXvc@!8uIy&0y^>uR4!mEonnp7p<%l$WXv#RTzg>7L= zfs4%l{VOgiy8XyyhAMIT$NtELLhK9AlDP|E|^8?%U? zqE#)H81rs%ux>_y#_PAq5AUEgOq_Dle z&B@g@Ny_=Mk`iUd2;ny&Z1)nF!HkjV>alty42s+akQf~qIbdG-u*!tylfs!Zf6?>+ zCB%;&{k3QdV;`o-Ob%rl1K#WR$lrn7_=JSukP!1Smmk&so4ooYqurt7qZ@s0YwI`m zL4f(lkpe8rsncvEW5}k{?IG3^$>HHmI4k0I-R@u!incuJi8w5+i4u9xP_bFCZLpJ- zi30bBcd>?7b>^4AsBHQE-SbTV^^YGvD8Erhvp^pkUi$%{0Ab=u89%QQ(DhQ3&ame8qN9*yzY6apdDlXPDVI%Ft<><6M4~T#G&{SEODzW+c zKdi*o9qIS@Td{pgUYjnSi$xI zwES7}P&Hj~gI)n5vzHRW>e~-n)WKAPL-RX2nxr^QuYMa4ioB)TGbFjRZEPmcMT1OP zNGHkHVm)RQ|N8X`S)D`j8>E=_f|~;6*RHM~lauW~T%;>vbp(u!yFk$Cs`l{){JR{F za}M8MUJ8Hx`ZbIkJG)$mzr?x+5Xm8MBC8a_xbs9tJ2_Tc0FMyRt@*=;$Jw&H()d{( zxq86y6w#!Md2QB(I9PziXiu@SwVP6RxJdW3w;vG_8Uv3xev@IK@c`Z!(#2^bZW1%D zmC5QRZZisG+x6_sOn1m%*hc7~1zom}esP2zMPe34Ep}4UG0*F83N7t$jLpyk@$vOJ zh7cL1PR zZT~@D=Ip-n&;Tx7+8x{Y41!EfP7ZXloSa(uSk0LSP+}JMZ$+x;D*+HRCoL_&_Y6Rh zuC4;Hv8joy>);DNf?qK}wXTT)B{Q=%U{u!6rwAJ;7fU$d;J>KgP&$LE7T}GMO=JK~ z^B3p+XBHUi%$%K%B+C_MXP?l}0MOAyJPjfOa29?AB*hp0fHxishUX=TV3Iyc9KIZi z8L^!}{mLUzpIVO=fIq>hUv&m|HZj?u6#CYpqm%p zE>c3bn~m&L;2+t;k9sf9gEO5vjX+=m>^J0>FrOr6*+4pBL*Nf@w1iYc{(ACcz!&Sy ztOQx}cnIUj(%sJXcGft-5_~ei=2gb`O-@$4W>~J=z zXd{-~v@|6w6yH3=Q=r|4H7D>x@GNC6y}t`<*!oM{K1e3$-^k-(@nE#?7Z!fp{sV$1 zk|4N%+A&TnyMCNT0zMxucUE~0r*yinDlRs52WrJvU&L%qn>|&JuFgB;ml(adeEeos z))ja6McBuGr+QYJM5=U67)XV1D|A-%x4>iY-tDE?oMSKJY59#B82`7@0 zHHZWd26R~Ks6JNGAHYZ$NS)M$9en3u++gAu4 z5w(&v(i3Q-XyRhx;!n$@F91t8z-0I{GowI6Zt@BWkA7SrNeOohDITys$fP`y4!j*B zesU0KaK-DO)^NLEWkIVr>^!PvWi^J+cfvA?_7wQlT>qOuh_Ud)ck=kcEkpdMas578 z>Hx~oC06us@Mt}wrEv!kE0kW{Xkk-T(Ho2$h(iemyuC?u|5)xFC^6} z_um%S+n>6xoTNg8OzVNzUP;MC>`n9=1OTDjPPIKc4nre8B}K>8b(I1u6eN#JZ$@Mm zxg4MipP7D&jv_y8Y)YV$cgXy-v>ZHkYz^0j!yykf6oVw02e-I{XlEdFc@%J0LZY+2 zer$DVPEb$~vxm^(Qp*Z;P`(G03k;%hTm*G=T2YmNqi#-|t={PT^vMaX1uJVTxgpmC z(PH=GTmT~7{C%P>JUO}d@2~IVL9mQ<93Z#r*L`M(X**p1?8H*khLKZ2j~^?$9!SDC z8kA#zwg*zqf;Xgzdr;RwfccOIhZkB}R#u4=2cl&-;QF1^%i3qoT*q`I-U;{J+TK1z z>pYUWK|3I_&6@4|jIC*Hbs3pyTB3v0OM^HXXzJ>@shft--2!M%qsfph`t z=aaHM)e^XaQQXIFMMN0r>8${0V<;K-HS=IL;yMCcMS2nQ(P$T-9*E6fm>0~pynImVJmuEcT3uD5&%sZZ2i7|@Va0j~Tf(md#JJi}Bh_<|7V z&;fLZoP*S>o>{m{RvsqxeAaMR;DMn;mPg$f6t-c++gu;w0DO3hfA5ly} zGcje9r6u$EDc8o*o_r{IXF|!t5|tZ(7HSG6y$=iy4FUCWGLR#?D8oyY-a(`Y)w#L3 z?*&#m7&B5N;q~yTL0)i`h(06gDL~|xk?};Kt*or<@!f+X9DzghIr9`wnR_#cz)Zzx z)Hj&a*hb{=aMe}COa$IbopvJ@aLiNOM@E^Ge0QDeu(+qp)T3T>*&^|*7)XOi$tkn& zpo;}vP~TwfJG#1pr*X8MBVis&b+{IZ1{l|vcK`j4(D(w6wc=~!?uAc*t<-|`pMA}T9P*rg(=~E}7CZB5m#*fTF$-{Uxx0F-R#Mv?` zc=ZW;`sBLt@$Ug=A-OIBlH{i-LY-Pz`1#EnzQc!qqu)UL2s|Wn2jKVqN@Olt5j8#g z{7g|vi@ERGy`Q?vc+tef#JLLftS7m-paAz!veA;ib#}(p4(OVlvdWCq;#GjfvuM_f zG24!!`4+%nSR`&gzbd-&#Rwwcgp3uqx8$$f@v1Q+0rA8NO!)vpCm$)dYcaz+-`t2t zW(PlBJBQ8r3$llV?bjEVo42DzAHDhoCjGy0Y_dCn^Vs$MyLqXTiirs#Bp<u2_c=LQzG82>Ud-a}{L!M~2a7aS$M{@v*!#4tB_So}b$Ke!VbxdEJ ze}j{ZI5IJy1fe*)^W6{_&;7z?!;C(PFZs5EcPm*#AVrg*QZy}hN30D=8D}1;@f2ZE z(U-WTAU^dgYx!~eq&5`=YPM4Nkrmp2vh0dy83 zA6ouY@p(*oV6biVJD1Ic3;vy8Uqq#Gqze`y`VF8&|87MaS0ExGI1~a66YA;mSH7_* zq{=`~J#X9qX&v~PAA-`=g{|UffdT(p6K9t#-ri!vc^@t|oY@Q67-SkFHo)ycuiCX) zbAX_C?HYpZgStt4gw`10HId#K0v`|eCvdFqWpQ!+$I0pGDAK+I2X-4`Hs&}HZ_Z5R zZ&KVKim+=<1wEV(nm~VFIBq|_(y3ggl`s`r7qcqp0u{om;%@&NOWB%d|DTx@3CJ^P zIXRkt6=)G5UYgy#UW%lIqT;~o>B?Fr_#C}g4pTZ!_a1{?gb^mXYf;Bg;TsQ{SKi)e zRaREkHPbYQZKItmYYed9kks{<3IeyYbNiPs2lwt}9`$)`!&c|BvF0}4XCmV9H64$K z*rc;go&_S+)rGM#D?uI}rUM`^S$lDjQ}%Vg&myea)=!^a3RM{z?)c$D4|V{~_pQuz zf2B;KDcY*y_K3f@6Zh}4qXtjKEiNxZUjl=StR2w8Wi&LqAj6H>YoINbQSH~8kBJB* zgfa!LoC2~n%r(7p?;hDfxN_xD8P{QUF0NIuA)KV(@>q?nC8ec&K^~%mBRIS>0>9%C zb~xOnqZr@jYeEeW z;f_pYH!G(18qq@Vu0qE|9In2BI_bcq5WwpoHxTKJPKuBX=(?cDrRS!lpWeKoD1MZ0 zBpei-m9^LBeOnvJ@hBfk-mah-cOIMpcTvnkO(Ot6MMWhkBjfgMj#6S0uRaihUhAIN zW9$FseA|zC;GSeWdIKnc_$Vld>Sg_9A0N3S?dd{i;i=!6122y1q{yidLDoaEDN7*j zy@b!rEOZ94Fg|%UL?EC;81b|oYL zgAaUb!Ax}uPOM#zbWn78`6^fn9$Wz+A4o#)A0e+epi|!@l%N3$9P?XXfS9la!;Xs5 zf%~h&32Prrd(i;C2y7mq)=X5CT8sR$Z#8K1oD4T3B2K!v%!Ah8&*9e~Sa@{?nLiKkv$QBm;)y*77F(MB|j zKL~uBs={rZ+&Y0_7 z$G+qoJOVi=AV*m%_~uQr=JTy91ygL9n82hPdad`@jUk92;ShF3?M)&CN|uuU)$n-4+?2 zXP6LbYGQS|!9R(W17w4HRau!ldxPVLOIdihW`cMTAO3t!s8jdxsYFu_3)8T*749e^Q7Jx@bi`O%#Kb-# zITBj(N6YK=D>oY;Lde&NGH$uRc~MbO3JXODsKKhNu2#TUez%BmIi^@JhRhRXy16dg z-(L}cv%_H37s}TK(FAa7_s1;R)vm%Cf)}0#2!K~05VDH&KQJ-#cqDY^gdG@62J}rtVEk8kWV8j#eR7aTABJ9%&-2z4!Pm(-mg6tke-%Cj*lUc zlH3~3Ck?S^&qgRk42AC+Hp-J%4C=!FhS2H>_ZsRDT|&8r$poo#jC1Q4>%ebfN&RSk zVIf)b2F+e7;TUN9^a*h%jAK46Bk}%4S%u)SciNR9YyZhXADD<8`sDDVO~r%Pvp5l6}msZ+>ATHFcS zeFs`4>;y~8VMwz88!d5LfQ)?>dfbS7c-T;KWjRhAN0H-_9JyXV0CAh@epE(s42A*$ z=7niOT?2+-Jf{SJ^!H-K*7ULhe$rh`kgT%vNV|kioTZusAraet^5@MJ)=0bu003s~ zPn(4obb(IN*wanFbFRX5xhA3#?1C7o&4U?T~0`Za&Gil1hIUs0!H$Tr>KDmg@oUI!n>D z)l~@ACD(tQMIap2=F8{LBr0Yeo+{KCa5g|R6bI;BQJhC^+MdN6*;kwxTnz+@r`kym z?%#(62hj+~(gxp-j)hCWpiLnv7^apnn~wZLQ*obs-(@Z+LKjsTv|h)H0u z2uBVNBC>2UGBkkX;NA7|5;;ninTclfDm!~3{_sV-W~Q`9%0Z0nAugOKel4wx6huP0 z`k<3-GRod*v+zUEO^`3eM`dLCwnZI5A?UW`Y+6U~yo#CG&SYxl{}U%dbf`sJb?htx zktCCFtSRsqgkL~tF2?$%CQJv@SH17*GS<_B0?Lo1Q8pQ+$SjKN@FfVI&O z8x&eG{qQ)k7bb5igx;1R6{&4cG%Pd>a(FM>*@2K_OwI*EHrNTL%_51$m0nA@AAnkM z@$o36nyyk6q#ZlL*LONl)cyjRb|muQSxqH0pHm=8K={DT`cL#mW~TysRnY6EK1ehP zTBG1skU9~lF551jteXDk#lESdSN>~C_=df&<0%q5`*kFIkQ54S>0>ahk1_hxJ{RyE zV>S7Ba2E19WKGsAocN~pgt)IO3wC z&)eHac`kjE%Ie^F!k-1i)&j*CMI9+yUg@R{|63}?X)2G2DMl*qaKmMw9fFIIDpdnb zKYspiO3eAP%;L1sNiYxc9apE2KW0rY&{s+cX$#2YGX2PQ01T}-Cg!7=hnGcdS zrC~?*{HZ@~8@MWDrLlF)JKtWWNKDY+Qb5~Fu$EC}n2`eL7)qU9V5TKxXWh>kPVLz>p8RUl%^e!JYJrO zMv?gZTtykgrqG3H`kAFwRGW6|LU?td`*Kamy8*PD$oEmV=ioTr9n=m#xJx>;8-v_< z)EinQ9uF7W%JlSl4O{s5)~#<4`=zAB8e+68tmTuSWR!~WqU@PY&OKkhN%VO+qsT&{ z_=5o+Wve?PAbH>cI4xwu7UhvK&MXkYU>Rv?7#AC8d>E4CmDWy7wK&Djy29ubt0S;5u^K!g{BS7>N%-Yva# zTnr0<aSQyfuF{zrUEO$4Cl3$uV*|`gP0u_(3q`W<{F?wUO6Hwg z)N97($j?3-8$&M571aW{ys@z{JgvqT@}jcZ%2`}7tq1k@wA56;xOE&Yt{ZV9_YQ;j zK!-<;(f0eR1IVeNn>IG?6%(7sEmBt7v=LH2^!D95Jp8E|$!NIHki4*-h;j86UFArg zh^EBmX4My_MV<>i9&+o*(l;L|pq)6(tfBhF$B&PUU=Z~b=9&?30IjGNTcR3tD#a>1 zkg!k2vs9|8Heep(17Uo_1=cN|1^|U3ZPRtZ2Qz&){!rW_C#3+^)QA-~=HAuS1&vG2 zjw4ZmDba6$IH*3MElMXS{dw`=4FC)%R9G|U73jvHY1vpT*!yL5$!JLUK^7;2R4&`zstEbjoO#?z<03L@I1FygpfF z*Vc|i0P+8z>P*0DT>tgI8l{p|nha4XLX*s?G$9H}Td61&GNcefrUn`eWhO}(VjELb z6s3}EROT|4?8;anN$UT3?Q_m`{nzz74qMiG*ZV%tcewBSdp{U8@Da($-T?nGQzs6h zatCH6cvJaJa&$yO2jkV7BmvN8@bJsPo-Aj1Ma6Act~_k;GS;}TU*1X}lE8UUl!PGi zG*?gqHhqny%gB+yY1iP#V7*`drtjn`qdHio6(0h3vFSetpKx1PF=*fs&L=kvdF8 zcCh-0ZkncVP&YxTa3^(Gw`VZQSh*7Q>1r;6QGkkN2GM18n390ezMWQm_;8;T=YY9$ zD_FY-Ixq+rO%zH@TwST|&h#Z91X+!~04olzlEp{)$x;}{w*fz=PX&Bc)|z2V`WgUN z&w~}B?}-!2Nm0@Wfh{d97u-9f?_sU(FpWqsdGZ~eF4iHupa5ILkeL6CHwzpGF_GV3 zOGKeR=%-Bhz4;odsZ`&eYOKi42N-YAyfzGqGc6dPfQM@If#8tFre&&-;_O)CK z3WWVu#le9GCepqh+LNeHV^umSLP$CRT57>R0`W-~) zv2qLhg%@d^U+JqU(Fup>2U1gOcy@;BANY*ap67;-7*QN|9s|^+HaACzv_xug;b;Y# znkC?vpy~QlEOW3kPz9eH!|DZrhT+#SS8DASW_5#BoY(lkP#8~8al{upOM1K(rUkeY zh=NM}NzXiw*e#Fwl4hEUe{KN@qg98$Xe>ji!!^t4q&PDZ(7RW!;26vtfT4}7MpEfu zNQ666LSiD8k^jDbAN%1H8=LFgR^MRnoNjO`HT7nGzDOq%P;T_luj5De*#Sq#{a?P^ z%&TOAu5C&q887?rqjrU-nqkw{ug?o`F`iz!kT&?j1&!Ct{S=L3EFYOjbuxEIP|yGO z;t!WEHS2WWgs>$}!j;z;!^=p9K8lqrD}? zXcnem`Pr!al@2Nn3p@vh+w6kqDYkzFr|t~*aVfYk*VlJBuwiR!YiGxg8}haoxFu90HGh|LCgRG0T)>h_TGp04 zhj$S59^(K9C^vYY==+klBPSfwvRpeHsSbRe{el#2;T`MJ&5OB`Ez~M#kC>fH%@CQT zU%FIvajqRuwqfOq2BM4joBS$y^P~<;t?J*u-_d*2c`C8`(VLtE&X_I+LN7%8H!0Vq ze8{s|+%WuxT;1JAFMeW}tt6e9OguO%tKE&~BUj~~#0bM+GqYy87#M{C<_ef$-@|{V*n`JWS1SF5+Ja<`@jJ!l=c*-pDp)^gh)^ zqWm#CRNE{4=;p^cf-hE0jTx#8^|&apihLAx6NIR+VJj*`^@D{s{j3%_S0l-B`gH22 zICz-nK{w`QR3a@!dY^V+%4ZK3mO}%W?8rH$oO7s+&+83lW z!ZNKOmH1ln_5=gfnh_h0`mVf+NTgrCWaht{2EC26olEBO@aVO7Z9R$q}9)5h3}RNx=Z!NZzQ#Muukw?ri0ei4X-!UlU0jb^rm_4pf#i$ z$~&Ge<7%Gc+UP%@J#(*2lhkXzH|jMix&_=9(<$?|Qrz?k@SD^X?sTZ%1c)8}4u&f3 zT@0)(KPDF|>(GDra910fl;V~3M}KpVx;aG*`3vzh*kbm^&g&;m=qGh-+-POd_Y2QE zRn}OPjE*UuDd6BY)~ONkYOaQVZ=Pe*v$45(EmS3SCmYp1DN=It8y;qntW@*P0w1x~ z<|5&(zscW`jVN%x9=2xb($5<^zV-{7p)GE2c^+h6C%Ng)(W)83PhiG7oh|`_8Z?LM zhCSxx?CkSD=Ev`vLdhx?eJPNyfDB&0KBqm0^;q+CWsCrY;!^Xv(BBMnlD|jyz!#xp zAhf!AYlxb=@`S8=JNA;6v>_J86%RHsx$yVj2uE7I6UfbOZf+Y}8w)Bb63Xgubeud^ zrSIia$cm_1$O%Zd{LNN&xWNp5|Mm@pqA zzJie+;Z;<09AyVJ!o}>d+6ux&2c9j1um(K4M}hUvKkE>6f-V}n{t5WzNlOt9bFrw% z0O7eY#O?M$BsSs2eSREzZsRiQ1g&S?_y4mV@mXB)TI>K%wNXCMcb`0doX#JJOFpR7 z-;4@vO6TLWY5jULCB5RSdeZKr4{@2M?va(27HdTg4=|l4R}7EwB6p48@rMsy(s*O~ zcN`Nbewc{h#VnJXtE+Y-p&r@+z zbNQIk^ze9?k>FR@NKo#BP6H}V51PkZ1?>p-dLLfpjb#T*us#@hWagZ)c-lZp8j+VV zJ^Bwyd%ARRy~$Ii2wzt)9js!g_xW>Jb6(H+{j+D8+47n`+)+|IbvS93qMF}OFlB#2 zN`;gph~i(6KYhfiWyprHIuGE#?q6ZEXcb zAU@wzgseBZB8V6!PDrl{=FXLP{rkkix(Y7|EEp|9FA`5G zdX{ef=N)$sFg@SU`;!Dwjf(>;2Cju^w+q=fbtaR4|IKdp?)}gF489?yBBiCJg$18R zc!*Ydw(>CrIX>J#F+3i6fYz+HA3ltwznxpSWzxE{@|EN5?VaeDfgu1pxOb~bd*ijm z3}>b|Yr>MKsf`agJT?Dq6G|4o@Y2`Ug)t=~qjNfTTUx=We*G%U3jJC1Zutxs7hfuF zKfh#)HSp{!S86d-L0yM>t)ihe!Py{$nM*UXtAA2uEje^DRZ{5ir-*_C%a4%5JKiqO zK{Z254?)X}L_|i$S7>m)uxz(p(hn~spn3d@iJv7)J_1ex*fI)9HOlK~$mL)bDY=bJ zg^32w;yht}56~^f4w2^NWf(m$>uSI?}(Y+0+P6#4{=?573HH z7%|ND5+sWr*ZI_`*r{nq2(%C#5GyIf9C71FO!P#Zh`wI&x8<7*(uI7^05zn-3^!*T zJXlH3MSnXJS0gpG5qL!~tR6C4dnJGn3^X#pX_F>FsZf*R+x45dtmykPwY_){I@2$_ z0b2NP;`F+I=`QXmRZDM8O|h1|*aupHMi7*zo-4Dq-n4aV7sJ8bt0dLpTpTKfw2~D- zPgy`4VM*A{AWwViGOb7U(bBrWuxouqfAgfzH8qzQLGHVAVu*qEYA!ss{f9iX8#+xw zmsMyZpCMJ7^mO94cbj%auU$zx0c?Mr?l+OyM-<>pmgx+Y`%zP@(4@9tlN{Ha@O4fB zK^w=LrIZl709KN&Gd(yV?IGpnHH4k)x~8ogXo@Qu(%FJMsr6J16t_3WWDu)b_yFPs zZYx1O`}Nx?uDZ7R0@b&GgIM0M&~ATR(eSMwgCcx0i@s$qU*;+7&_g#!COvUWQIs@I z&cL4*x%FuqeNk#grfRQVjH(BJd^WT}OH#+5=CQ4VwDb0I56>5jRaQMo&Zm$P+d^~| zjbfb%YI~;OQk*$3V3Wzi&yPNuxp;XQu95n=hL2c@B^u@sYdLVDVwQg(q$IIB%qqEF zdwG{C_dVgy-T5A`X6~i0uVe=$^q+`d?}@cXpA7S*7oDBA_VKf4+23!eoYXCPxJ#+` zNX6HEnBjz=#7SIP@aRXco22HxPhLTRL1x`Gz4=riVlGbbfn{zZu2|Q6htqFn=1G1z zp-s9KHnmFJ_kucMF67;!!N+)$H*emck#e}^b$NiQJm~Jzv$MXQ=>Kn1i!g5S^=Io5 z4v|2~6|%v8)*vIJZgO(kPbc2kwadlcKJwC~W+tPf@9WOsi&4kEzyR~`y+x##6K_WD z%k7po7Qs-`RC>alAG-^S6&udeQVYIgkheMcGtP=-ox?P@@rB}oh&*Ogm=OM`+^|{> zTY&tBVwLY(0@qE5y5MnH-efBL-35BRl$0j6<;X*n_>#qv9;fZdfL%t%bJK+SoSmd zOZ6!gSx)&#T?JE3_hYc8Ol8jO4-p$0djC4Xz$nYFA9}RCd-Xs0mF{J`k*F9qiQx%v zsb4y&{9thZd=5jX*Y0E(cs?Aa*=Vut?W!t|kgwFT!r0*gJOG|_J|DLx%>lr^?;X0y zODjLjRNDHmCWfYjY4zM?Z)I(7KYTdDKowfg-NU1U@xjmxdU}=t11zvcDbCqUu~UUH zvZX3d1N-g!cUDArR_*c}fJ({DN5{*8&(zi78aO;`@>?JpxfGx$xhN##j)MP@^RpK( zC>a8=KY!cAK=_Vpg7Xs2*_}z?7)K}v9Yxe4;8_BT;F-pxFiCtn__Vez7^rCSISPG0|ytl%8U6;Z8 zoDBq%XNCOh^Rg6A{m&#TKvaf#i!cMsCihGWx-eCi0qPnCkq^Jd{9V0UEGJESm6c>CA< zNL!sbk>C?uU$--$t8B}{32N$ac(%gx!ql5KCoo%B$QvizORt@Xdr#6-nE8R`(S7JQ z2Zh?dzC@AYRkfHL{N?-daqPI~qJeTIZ0m%^pc%*9;kTvB`!rnE_KE8uEpZIAJz z)`x|OZRzY&x3X`QZAn6{|HkXsQSMN#lZAM5685qbu)MQp&MaQfa-7(ojw#;Rz(1oB zmriUa$iXV_7A6=WqtFpBBlRykBQ3MOzt`*ITD8w`Rt>&aiGHPOFGkDi2KS9K&-OCj zT4=L;)zFz-Er2Z2#QtyJ&LQhDl6|FsrEoeafPXLiI_>4u=$!R|w#!9f`x#%Qiub z!>V}E^>j)~#mwXUJc5#)T6-@p=vuX=d@6#BXa#>ayY~fF59oExYggPZqvc;B<{7S-Z(?C9y!ISlw4?;mnCjeBgl_FH~(hf3%==qfbAgRY{;kk$cL+Zu!* z{0a{MDwV1e4Jd0k41Ps8}+kpING>Z4_Yu)Ev@b1L&&DKPv|{jk*cj+ z_W;!mi$1ULIvD)6yN=$WHiw%>^aJW_#%d(qyT1C%k^0F}($x10wCInu44RiD-G zXtm6fjvP23`1MgTMmkftQlD*@Zqc{<7oi1au!C?oTG01{9Mt}|LNd>_C;6gpre$o6 z>{nkyBHwzdzrd>5FZkI{a&tZiW{xH&X~lI>XEA zzP!Aqaia_+7#=$mJfp57U%CTMOdHA;rK&vVad{Et5;%yF$2w>`L~^N#!nEnssrwpJ zQCH)F10_Ql1En!*`t;3Tpz-x~mxf@PN#rFPa)`~18{^`NZ<-9oxu}@I(X$BlYbs)Z z)DU1e4OqdnB&QN(TsVI&V)E_Iy)?p_inl1+2Itv{R8qRmRU7el_PQV7Y$mq#%Yg>OlR`qo2Lfb+nSV*u{;P@n(J{Gnx4|Msm)4Hv~JvUudN1Yndq}h%gV%nx3iQWsr9U{MdYBM=s0{o*pzZIZXd6eyi!C z6@%oY0uA3^%*?#|&p#MT(f;e3I}U`FB9w2#SRy87&99boY-W5XagPjO#Dw6JCw2dVqQ!l=xwjG~T}K02&}XP>2@m51?@*k%J6p(%Os%@c$LswVBSgyYCLpMa#KltW)<~z=g7&#K@ z&TxJGcQh=Nroa{!eW%&k9Rnz#RpmK=JMkjU+7Hw}2wcRFAfFG{<&}yF1BDYan;U}o zyqA9py162mc!_|EGo)h%xmjZ?=S-M;N$F*g?~*?2aT2suLl zwoaZ5Ew(ME`vM(tb>%z{;e}N@-K(o>QQcQ$KZKlP$KJv|+JAC0m~P#|#$-_W*0_*+ zv5&)f4yaG(X!gbUKRad9xEmoK)#VK#4Mw8}Zsim0HG=%s@57mw*D2*K z;+n5NfstDauQER?z?9je8TaM)SP=#>B?VQr^UQu?Dl3`5x*OE)pm`_0InBXUK;f4v zKXTzz)cCS(>}agEvkVh6&|NAQsltJ5zOaKAG^iqBvk{8^1mBMtmml4lD9FRi^|Sj zxKNUp0M1KdSCl=*-Whis@6HX&qf6fMbJbUG`kSFhW_22eVk}0cXq~DxwC2+|&4H8F zfNT)MnVx5Xvx$|Vi6rXM{U>pLT)yx+TDXpri5Ny;jEJ^?CD~RxQaEU5#ti0b8ycsJ zE+aQa@_=G%12w7e9cD(TOy4+248(~)7j87x@3k(#5m27IB;T^Ny+WWD~>A~vb-+XnaPz!#!tz9^J zr>}IhFa)w5S4vM$c&^U`vefMo0iS3{HL=C481&~K#jjs>_I&?AgE&QI;_$JYP>>qA zqku2N`1qTiA0%3j)1@2Ex)fQjY6hmGd(<~!JfVgks~@nl-$RXx!_6`ZjixoM!~JSL8U2P=paxnS$wajN+5Y%lT33?{i> zIby~w0c-|lbsVN4s-!3FN#l_Lnh z9AqP!@Fgq7T{Vpr%?RI&b+gtS=(=CtrT1>(v>QT>`XcdD;=Ola&&#;l^wza2K)*$Sh7TI7i^FFvvsveK zz_frmFRo*80;^-NIH?2~sP4$F0Rt^+F94Xv9g*SV%b1FfjgHRujyctZHwWgSEd8r9 z(PbL>Tx{!YzP%U;+uWI6<$FPIB@bjLg@DZ0hpe49@12I_Kkx{p{w}SCGNN6=U%wb4 zrxs@qLQNNNBhwd;56XVqV#(P^5(ei78fqFi7z1*7dmuz(zdKEytg`*G#8JmT_j`!L z1pW^FfMfCq-y%7yWUwKV?GB>bV@|mrFG1|6B87kvZ$8e;3K$Lr2A&dqrEB-@qj0M& zFQ<+E`Jic`_2i=G?m(kF6UO{sy&^N%WKIF^r#c|XA^xXHvpvNyHA{jreALhs3GIF2 z_!lq}jTe}%IZ#$d9_ytu9I$q?wRY8(!fNPv+w z=8kL)FeeL{=HL)b7Ha*Xv59&6Szj5;>5-JW+opHiw<42%xJl5FfqcgSJ;cVU1ZJS6 zVp>oJCTWjySUAU45s~aiHC+w?;i1dSzc=VEFsKe`eZbWPkioz~)WCb@x?5Wz_Fy`F zV8tMFL_!Z15A9~WyL4M@EUvi>s}`qCnv=Iyt#|KVLMwYvCDV8AT)N^%zHKd322xTH z0EA3Og>|2^!@hm;Scn~P0P7O%_`5jbP|@{K+FGxj1m)Op`ABMMaq&F#8dU4RV5hCM z-7ooiWzR92ehkF|?&j0hK z>zDU>fm8rH;&FoqFQRuK(bK*5H_!^$4as7A>btZ$cR+9+1z@Evty*i`_pR}wIa1|^ zuqPn#LdRH##NU@zi~DAkGkPDg6FLI1Ey^Yqgx-Lj@eYhM(M$l0pX=wrvAjM$J|KsJ z8nd)+hvraQ1Jzr_#goSL*B%8f0U^X=8fH_hn|Ecv(yWXOJGqAXdh&S>u|j49O#!X) zhhLoc3Q!CcH~;?OL00B=k){4heMXDTWjFhi=?LSlSC7hY%L;1TYjMuqbLdc8=~mzq zsw6Z!WTkOA1vISmm_a%#pHA%JT~<<(#wLUSvhUI`+&SIh!nu*^Vf#wQL5C5Us+HAA zS>H@x4_8xr|G67E>=?r#Lw@=9=qAF&*<#$d*SMZ?TTxRrtZ%kZw>`xqua2J8X36+b zEN-AO_=Smb)jv%9977dK3S#(d&D|1Bg6N$8z?tS7O zSy);!iz6dx)8z=*CPz>DY#Uo|PU`DxxMTbxY7|ImzhgPT2#JZkLlnc$OZ|7pj|*q% z`1(GmmQdvu%P^fr#4s+iH zbiX`er1}WBKFYase*eg0!w$hgw-d5v!!<~`|@nw?W03DxTGd{^tt`r z^|em9*UILF?->eYYo4?Ly||LaYNCtQb;X_`GGJ?pvJsM65&ym0AUlrYMY%2vZR{-h z^`K4=L>3iEo6FkJHMrulHYp_b&uyWH6;_K-Tb9UnyJ_*+`VxPfa%gx=y{b2Yq8tHe zAwl8`a0hop^YXjBAkj#;#rvP8<}X|&@}QPjT7E0_0I>lE9d3L>Ll0<1pi_FK-vsaE z4Q)gtV2%+cCewQ9NNCGP)QjGnc@tagV+#8bb6?VYGj|5Kr1RJ7PHIxh{H(9DP|P5( z96EBOa1zAU!s#w96m}EjXc`x8k+FWlg)hzar8Og^q-JcopN_jA51n-sw#v~e`NrHr zS!#Gj%di+?bQ$-*NU^b-oX&vVgI=B$-6pRsFRV-VIjX%EHW5y737lu@?mdCk%X0(_ zRj^ra`q}HlV)i@KUY<@nr#d|KpY!Mx|w7dPomsx0^3P&zco zN(u_7L7!2+=?67@`O>dXpSwO`HIbRLP$3T_F44X^Iyvc?7rO~>o9%0JLHj!^Nzm^g zCU5;%AHzmRxsYY-(Rf2LQ{1=jb&M)fXN0Mpa@U)Q0%O{23c+21Ksz}Z+KPm0F^v4BRxxv+vNgbV?scNdKN8QAk zKG-dYdD#8U9Z*H<4y{-FD38@E)*%9IO3Pd7S@rDMNAOJzqh8x()f6(z^VY47EGO~{ zu$=Jas@!K6Arod70%#6CbT`$AM5+ZqLBO-t-gMo!JRC+0aDiq@@s#^)n6l+;0DRG> zjr*;)#WdqL|&w~P`Uc?(hkbGI`RJ?f64x&K_7l`@ra7uk@I9Myey?*Va zNik7T#VF(92XG-5+)@)0DO8$TkbnSKVo9SSC(XfZz<982FJANs!n=Oy{Q0sEhe)ll zTfDwnM>~%54Bqs-jv@uq1DlXO+OxSAWX1m)L0T|+U#3{}9$6q_VLHC)B~K(jb>t>@ z?*0k+l2t2q z&R`IrJcOKmC{zI3PWhc%`F2w7XjCx!B^T)Ccr7JU#hGnc;O^|=LJzq=wC9SDkjU@O z`TN6T$NK{45ZTD`kYEGM9o@F}?o-q63AZ`4+b{L)xaE#zUQ9jXiOYf7)e~};tiHT@ zi&$VuiRM6|ta}^oypyNrwUZ}rm6d&A@q^^q9@TH!YkzK9QxCt;4Q=W{+Veb;n}suI z{+vM7)W5>UT<&~{?vTyao4V{QD0X*wT(e{f92e1AkW4JrW#s>6<)IcfY<900Z~2!s zib%@)tSM_O9mWlE>HdgIp9!cCsw;KMJ?X^v=xov#Ew45QOOW3QED_4flBQzxfC!+n za*Tn2L&$=->3g^pf!k9vv$7~$^i0RacRS_oFVkaA*ohXemD1Y>`qH9j6zhc=op5szAGPa% z0hm89jjzrMqeu2{fL2nK>95U_0=NiiO_Wk1@R|?j{|K3k>42j**f3-sT z5MYMJKP8%Ay@e7tX2-))d%vXd-v^Byd+qx5zNH23b%=Hk96EI8WALTv9N7H!f))3l z&CCvc&Jn8Xt}xVasX-KE`D;&rgVJ5A@uRt;mr37{Q96-F#%=6CkSW$mdwV@#WdAN* zx}c{!{cj36vR5FiH=vPV54CsiW4M{C&|MX>AiuvcC;+n*jBBRR?vg@Wro0+TQJcpdAwo9o*>tIiHO{|5TT@h3#S~2M*JDs>BGf^A6B~p` zO_Nzf_#r{QajBp>c-7|@vp~SSyqwY=(yCUa{5)?KLeN`{vNH z)54;o8Y$lR9Bq`|dx_nhmD@NB6?hK`%k|QC%b{>_RvWT5gi;%FKqc@sy%={e^ZV+^ z1rLO={P!<55GRSak=@XPqxAgiuf5yG3BKM$qv9b?*dqY6oZ@UUMmW%c)-VX6oLElX z*b5JZgNXLK_cXKLS6z|TF_4Ldnz$8nTLv`+M0g2#m)zBn`=doUAaG%FV_wlq;$?NYI)(dJO*>I!)Z)j!Rs zC-0CPnPwmm6;VYVb1N+F6%#3Zu8jqPVc2mj^t(^9t?qm(ws+^ z2tgEcCHYa=F_Q@QUg>S^N;+vg6@j{7KiYj+2v*N_S1%ZM0eDW7u(rf%2uh#b^ zT5g?Roi*7_kM37)W3kfs%sYHB11wq*3YvG|$_arl=@fwAxUny)wK!DcoO}As$B!@5 zgW$HpcmJNqaj3$nmS{il*@27`q#Zc_Oijbj|2(#ww{9UO<5kP52U{e=K$S2dBM6Hj zSIE|UI*YIF)2H>^c3kgxAF}I~ty>+R4YMMomLkl-RTgzD1NAg|(c(qxohhT$H#3DY z266zjm_2}3fo>$o7vowFfS6>vbje!KJu^S8bcP~#=~81=d4PXFJ6wX+SiAzs zYZ_fjr;LiDlSZZ0@h-AAk6iVx>u%}5Si#=mLfkDfJ}qtFhM5Run&;sPBGw7{-L^6; zdG`+c#*o~er=dfT#$w9> zJGz)m1hthK<95Ia44Lywk-k1csDRuh`o5zk@o3)S#c^WJv-|MP5@qZPpi0OkZk76F z5$0`O@O|fb!TB+{hVdh(T}>UAY0>Imd{gk;5WnZxm)0b2*YvBazw8jVK_&hS+d!F$ zjw|ldpHrR5Fs<_u_R`r~ZD==8l`kwTT$Wz@^(T3OA%e#++q?QzK1G%&O-#VgjXH3JdmfsF6y`3*YWWOE)wh zJ;%M?IpG*V`zn(_%q?Z4N1c1MsNx=2wRR-n&-2(w+eko7 zJ?vRZc=$~)n8zKzN8>B+nKgCom=oRZ`z5ILT~pEU)RlF6$^ESQ?~jBcgfu-i{GFWV zc+Z$amyc3XBd4skX_Egj46N9abfe>GH85MJoOG&Zdm`RR3pg8<^4;yjg``Vt^nEK7>P zPa6guuUI=^2f?W6;ApH>o-36V!S|eID_s8QLUXbQ9Zuh+dMDP%`|RC14IQ~a3|$A~ zQTj5MHV`yw8@8NS_|Wujq$yQb`=_`Vgkc_k2|^j_WKTWHlBOh|Uv^~5u?j+Vl=x@0g=P_npFlzi$8OLWCk@=r241~I69bzA$Nf|UqIE`WK#V!eSWfm+r!X5*r zix!iS9y2gH=~>rVVXGb|-cQOtSnQi{Rp<`~F>l@e!IMUK^U$I$^H8n}>ZzT!7I!te z-{BNJYx)*!c4kf8*+2dK--53TV9$^tjs~if+1nVB1gf)MISZMc1^_HDH4J(c4 z54x;z>)Tv&XJlr)*;2)<@XLmE`+5R3>m5q4d3E)8B8|w`ucV&=ZHcPg>c=Ui6M8DGI*l;GBSdD=lUnVom+2mUtMbE z!Fh0Uii*QcO*tWi?(AfMMKx=cE@AiXhmhs8;;?EQFh0vrU5S4EJ_;GbCww!`;M#Bp zbPCG`^5^p^_y~=Av6)n}^ePtTIB5Yf4#aw(R_3|YL5#D2*J|9T+r5sXhZ9bnzKWEC z)F?P4{gKD9pZEa|#X&H)(AO7QLmf07(P&X|ag6*|GUOH|t-(#BCSAm43~Kt$;~!(% zbDB8NuV){}$v*cLT-J89=VW9I`(u-SZo%b*QJ-dga@%lHJ+RYWQ8PWmI(vL9;d#VUjCA9Yp^d^)OqXDVQcl< z5iJ+i_78g6NjHXf^6oYZKo%F>Uo`^D)*4sG4Yyx?~IE}tIjI0xN@BSa1Su> zMJ$LSoo#KyLxVisv^ziS75yCebEEQEHQg+_j|Uvd$@qcT7Cw{$Ti;x%;CjFmht^du z9$PymO@3pcJ}BnCU+H|UWn%_aYnB)^%*>O}1tvWK z(v2;aypHSa+13u@8sr$rsJ4h{SZ68xjMpTUM zXoihmb(MSwHyEdphLG1Hnyp@fUt+tP4+qqHOqO@<%kyEjfMg7Sv~c=#<%(HXrMo7l zVCcnv+gw(z6!E3YC1rJWrY+y2bqa~U0H?VJ-S*e!W)$hD4>5{ZnXtHJ&>GSDi}uXU zanHfN+%p4suj}%>|AVJbaf^8M>J<|7f#wRWSdq5Iatf*F^0g}4-)-%{#N3-UInCH=|MOmvS)hEFrE)U6H7-6QLD!Dt+Sz_0Hg zCble(;yx>TSvjpD$!1@!{_tVQ)r{g?8=^t8X^``}`NM9`D7d*~LNjO1#eDQLHii02 zrt1fli!5g+bNtE#z!Ib6CHLOs%sMgjmuuWUZ!}8GBF*yHU>(lMFj`tkoY#waRBA?; zQ2-a2qh2DZHGrm2FL^eCKx1?Om;7TW0N0eAmoS89DR~QkrmS_m2k2fH<>)YE*pcN> z%ZSlqc1X$Hs{6_SG1Wf4<0yj~yQf}Bpr9puAcvq9k1M|OQ{%HI+T=_?rYl!&Jr|6r z$$O_yQzk(2@+Zo%9*fi}QFzhBfv)`dxMJO8bV!)w=teTj(bQd(=}cMlM`qH0upjjx z>|XZh>O20Fp8o!ip7cFpv8JY>AqOj4{#R-?Mx+9_`IG-^Woa1w8Kc>+^re8)lt`FB z5S*3tt+BDbXo)C9GxJC3#Nji=gVp2zW*%TJO~dQ;KVAY8GN&rC1-_P>kR?_5pMfqz zIjH3Z9JUfQqhI=I-CNgPHKy#woFBq=N-UntJWD(z1*$m(=xG1A$=#HRFCz!Q#t`UxXdM^0 zt)3~)(c=t-4?l*jm$4T!hY?+k-fh`m8iz2I-QCWloIh=k0hBe4-Su}0zUmCPkpd@Y5u!H>%L1~ zUw_HG6ok7ueC`ij069$&{?;iwh39OICiazRuDqKtdjUssoZ zVu1F&R9G-V9ZH5YoRgdV$CYQchrl8!ABWp0jh-+^7;s9I7A-?RU^;AA;_!to*!B|! z4bf#)Oyj>n92vVp4L@@wBE z0hb9qsUBHUIrA1ST!WtmaK3lm+P(FLvv*i)kA@i_Rh`ZoKE~B>*XCkwB+Tm<=*cmF zlV(`&y|H4jP#}g|#x956^IO-Tet1(A|Ty{0RwJO-vaORfTHWQg}T{^sZfMXEHdraAkG}=dU5en z<5KUR_$-siIVF0#7){X4aXu8ZklI4`#pm%&9`)Gmh1wEaq-0x9yAbhdR6YY(^Vu32 zRqodJ@1YlBtq3@ zicFe2H-!jj8vw>dU?WwFc0n!WWM|`k{DM45t$A}F4IQ%$4=XA-XAbaq9X~8sx>$sY z(h95<$kIIyG)l%tZ`m?|hL%E+C_iA0BSvoE3J51RFryFdQo2hYF;>)a8INNdhU}Wm z)?B_UB!mz7ffWx-D93XTnEMZG7}*QK3_Hu?hYnS-YGfogN8STZ7u&MCO{IDU zD7YG$F%4}!fj`rkpj$Qdk_*!p{$*bHrsH@iQ3(q4QP*K{h1u^+c0o!o_mw*1Hlu20 zn@6f^U-ol9XH`vlGS<-8=JYHH0Kg$ zzzjmTjF)4U;q2^d!uY4XzutDP5aoq&_C*CR8>a!xBOzQpSrOo6?AEM*P;@(utLNCz7Z|v0I?li%gEr#?UnBK?^%rYuYDlca z^3|9Bq;Unq9Wn+!^pNP{51Oz1yFS;jRTn0f!R5oau2$H{ks_RYPAgkWgtmApZ5n7j+n?)fosNSDku$I6_t@%HY-tSOrc9km40v1Z&=^z95SVE84=PZi{a z!|lo_{$GIq7_OnVemg-Bo1e4)OjV#l8V(WDpv~64weSW8V{QR@SFA% zwG|=mH^rrkig8S3D1x=hLAAu0US2) zLLT5ERUKhq4LftVu&Dk5t;Cc5h}k@Or@?Z1Y_VR#C8$LdaKj8tpw+_0RLrUc0#$QL zV^m+aTfLgJ>U>Q7X{i`AZ6>s$*c*$W7E#jx^C&L@axVh%sX(rVNbQ*!Fdf%R-s3h2 zm=pR2PB}z;%;5$PKe}DUAPCk*NlA$Zjwv+nq+pv8j6927OOrIfJkE>3d{HK*R`|^} z^8~3gS+@j*!XG6iB>*anbNu{{UAs0mqJZPkTmtKrB8 z*i_BfWcUXJj9&NvzaYmDb!!WRfS-43MZgnqe$u7xQk%9R^O!h(d|ud3Gd;b?dc#ej zT;5Am-yS=cVOW%n;egH>QT$L?6(FdORhK{f;i4p@BVzTx;8yUf<@d&qNo%}%lyr6u ztlrnV)@r;&RP036@z#!NfktwFSYiV;+T1lv(^Z)us51 zt!l0F(lPJED(9_lfB)ro{iU~+gs$7ANeAlsSzOxvvht~M<@!&#tN*p!y+-~9ez{&n z+Tv_LI9W#C`J%9oxtHa{@=*^eD`T?c6J*Ei)4Yf%^z(S`Nk`r*Wx3L~3{sF5f3&pB zPj?SptgK4k61-~FEzc;2h(3;rZ`SPnj?pf%lWKk0&G|BDLT~~AwdR~qagdQ@H4r!T z7|Hx*#O+_lP28b4V5o(V$jN4SGPz9zwA0cMg~flT^~v*B@B-*?%9*Boi43kuU_W3#^+v+Ha8e-Fc?u_wC{qp|J4HMF@;iG zydK*M(6%yMR!h3{?tj-e9g{|HWYx~joKC6*R%SxH@%Dy+3Y*tod~@KCA^$K8!5-R` zuso58N}z6hkaiqNjKD5ln{t?l|&HhataDVOib!-O#0Ju=zVNnI&Yqu zvhs9qZ<9WkSzq)C$rmJaOg9OwK5vVhmMK?(W=Mp`W|qOujrpfIP~@Lwuvn zhuGjdHD5W=8%{%MMcE~|2cGQ4GldxeKYTet+t+;e3Thei_@%r)&f{Y ztbJq`ZE`z3QaZ|(xh(7qZh{*!myny6CnYH`kp?LM^b^Tw9b2g=@G#;2K$KIEu@jN|=Z@DA_qU!fVauL9kKi+7v*LFa&d>OP z8^w$n5n1AN=`l}&QEElL^WndtTdV{W__cmSUg;G@XBhMrgMf(7K|X=zxhh?bw-+)R1K;Z{iXM4}k` z*lpX8gWU3b;3LaAhJ|Yp@m$(qwulM1hezFIhWJS1~ zGDG5&Z1u9d+;rr~nYYdKx(OFMb;I>+*2fO_eZyolDR zkBW+mhX=y@NxFofSAk53;9AJ?;2g>N?;De!(-8D%Off?^bxmmJ%Co>VC z)_&K=)IfDIHwcHmi4(WR?{!cO9o1|v9J)cc0w&(vnYxj*nD422BzU3%UkbDu0BU=d zfpltj4^K~wMAi=6Lp9k|QBn2M0g!=jGj)xOxD1>@?R4T2G~@k#_sje84???K?T;<42F?GkS4ji9gEYdFk#qANAl!mo!aCRNVxKrAc#R6Er8Ra}~#Ra0Xx( zX=zTrM4-i<194;$R5oa3Y7_!HLL`1NY%#huIOp^L9VR+GwR|&YfJ>B@=Qq?9w}ZoA z&8g#LN$WOHeP6BYt2O%bCFjkJIOAP23B=9bUi$74B~L}BVz|hGr(6d=89c(&6bZLL z40x*gy5dF{1iYxP|M=GgqJD1`72VY3b?n=cfjk>FunjabLe< z_xM@gCx}aXdu|tdv+jxL>(<@EEFrRg{^Q4cubmzU7^SbTrmjAqcJ;ztTWiOvZ|f-d z*g%K{w*WQ^joanVLuINeFV9kh`K76z9vroF(Ddl(6B$KwaF9!IC^~F6VZs1hVC1gN zH`Sz-eUV_z=BFr^pZip0XOa0#H#ZIS-w@z(a&qF|ss~lDy_!qafBw92th#Pv4KiE6 z>Wk_4z&Pmb60d5*!{hFGIq91yK?bSDid)9^inlHaU$F@3^06@^>?K%__X@G_)IRj} zqPE@v(kz6IxWi8FLW0lo0c?;~Gc%>zPX%GOEq>`3*DVs0vWz1~+njJ=vIOde z5~zAB+yy6s$Vb_}OD)Uw4X*kN4Lx5Rz(DXe_JcE*#>Mbe?*{?H&6Do;Cv)Qgfy>U| zy;NXqwqL4epD3_KNhYiTq-!J-e#7-!UHiAcY0a3mj6=b*#E> zf?W3^f*dcbKKS*|SYY%t^PSV9TF1=fO}S)*%@ifuI`HE7P+$M%oWf9h1Jyf>P!o(u zTgZtV&D+%RE|jZ|(bVyOwqzBFok|RwHk#O! z={74KJbD!Q!2&i|VtT^`R`ZnZ4q?GQS2e}x&1>c2|fZsD;=b%SxhU$SRE|kSH zPCB8s1VGOByev|dDhaQ+K~L*)+Ew-U?$CH=l3fB)0U z%0W~I?Bl?|Zk~$tvluo%ee|fv^K5AO%a`5GDYUKUFF6Q#)l6iUIQK8|^Rv@U&@=4N zySfACh1Jk{JU_UXX@`a{1ZSdq+Y+%(d~7o}ir-UWwD8}!aY7#W@nh@3x5}y0fYuH= zaiUx)*b^8(o^r9VcM$y%*a+DUdJkY_ou$_LZ>~G+G{8i34X&Mb8s!ZF88*`boX@u6_vv1$$S9!gIjO-*PD8S*e?8p83IE&TG~ggR(mSvgqTa+=;_!qENuOQ{~~UmlN7aW=rgD3m`@oPyoGs;c6g zRO0kq>Mc&6FFQ2i%xd)^Lq%!JeAdS&C26Uu4u=)eO~|InZf$KP64`uF68B0-fpA(< zgc*x(6zdk)r;kTeVdbjP;3}D!!VjjiD4(axp}m-ka!j+E_xj>It6alhXS#K$O0Q0t`PX0F=HifI+_wbU%@Q?W z`S8XiV~0;Fl<4qb6~+G3T~^{WXETCigG~A???Rw}{cQq^GPtqL9f&uCgME-cu=qur zPM>bTV1u@hP}uO9WI{|aks>-qCfHqL8&aR*_rNJJ?TTtP5E2DffK(sQdF z#huURy3CpL`OO>C%)m8DD~@aKI9^TO?nkb!o$%8jjgAIB01P+WZwYcFY-p6;ishC? z7We=X`7@WtrWc7A-KQZDn0)^gci+BoZ=7(9IUxB_y^eVP#EMZuL^HwwAMz^Eo0^)N zc~*0F{55-a;JkSw{GTdE`gNP}z+tmxTYkGtsAZeO$Pja_e}>?E_?axQZy&x>O;4gU zCqd++_~B8BM1%nDc<|H(3AUj-9;0SfQyYPcPUsKp-I)p&SH1cbQ8yEOXgFr{#5n-g z)yNJ}GSg_h_|W}MI=uDaq$KnRf^jpjtl9oy2k+90K@t-?aC`v3cuIju1$OGxZI0yT zo6^jn&5P zWvxTgLarjiQJi2ZBe@{F#8cJwB0W;z%d6bd*&H891fzA=ND4^F*K#cKKJa5{7_}D1 zLSwbqMMmcPoQ=*qNTMV!iSAGC-P>Nb`NXwrzYsC7;zgUN>Io(EES!2xKuA1z5K$H# z7K#+y8NTnkGe3h=n(lUz7yxKTsF51u^lVjRoT0kH)Gy~wo?HbGM}g4lYl3m;HfGq$Tyb&ipy4WB=6 z>9$z33IE2)lVc5DWXaUKo3^E$J2yp7g{KG=0L~?ybuFdh*AdU@(>aQ-hLF}rbP+qW zBcY#<_F2s2rDzi^Hj*Tw?~eup(=Y&lZF{lMP~W1DKI3pzTGk`_?pH6Z1mR$OAznUV z>Ojpo-ECmgiNT(=vt|v~Qjokb3MNz4sE;9=jn)+d$t#(e*um-^a#*`(cT&=)_wVIJ z7c(*(r%fwyyL)@=Og0xLHg}IK{jb@WGsmiCUC%+GpL0MsAHvZv$o%>9kzoszMB2lL z?^*ZTX3P_k_M3}3Dly*x?KUrwOmR6)%?5)(O`U)J-M+QV2T*!-46Z#{R#=;H`&e3* z#j<6F+js`J#G=P${Eg=F(!>04w0h2*z{RAAMnT|<3$ z$PD}(Q8A9MGd-^3dzUgx4qfUhDyPn<4)%#&!mVSQT&Ww6^%h95gosQ4C?Qo@OZWk{ zMyy-&bD!sXm}ENi(5kaxpG}Tcrkna?I@{SvO;Er&%=xv%QX#sc8brBIR6I8IeY6z{ zzKsK%4jesy{z!cMrZ|!Bmp2c51{oT@xV#wi0YU#s{RsaxgJT8b<3;P#yWQ9@_ok1j zNMw5E2J>8s3zc%NATegHT+sJYH{)W%J(a2yd~I;xZSn9=cNdB7Z(K9!V(A8=1@+m6 zwuXUA&HxJw;*VMH;~Q3V=u|}7>%!FijmZi|A*_6|FVH*YH+1Hqj)jQQ?gNO~@#L^d zM!%=_Z;?9WIys=DAuXA*C-TaSimimf4egpiYPok4N12QorE&iNIjVx1VTp`gi@D}+ z{M);T5ae;t1Jd;Ehxf{NZM<hKAHh&iO3H{rJKEQvV5YEU67-|FL)yb?g^O_BIEa3F zm4_*4&W$4)jc)UNeI+%XS5=8bJhx!wfA3zocyUu)u#3;xt$KU5UVasN<=sBLRn(T8 zH^{iLM7xHOYQgo~n{ye`r_`aCwY2~(*;!zm&Wb6nt8fv<8a zId}WgrCsZGqar3e7EXbqq~`7V4+ERrEzH*NNIZsIk+`@XeHSGwq7K#<3unt2DglB! zz&3R=CxJ?M_yrMMIi^JN$8s_{KZbm_pqTifuAu?vC?%W@pLpcR1~ARhj{#-NX^_Ek zyFG1ZJuvY?ILgkVDu0)tcaoll=9^Z@uj1x(wI0uLKm?cq0F$|@(RibD-snC`QMQ~u z!vROsA@B37l55RST#7c44{jEdLdar@dJg*S?S|{k#GEhJyXCn`_z|5M9v+L9EV1B} znz>4+w2FGNbMUF&T={U49*!WYW$yaRq!pW|Y_rbr&<;L+=8Qsby)!8($^epPQXKRJS>jRz)4f~p*XtTxr#Uh$qa>vLe z&$Khi?%Vho!?pzh0h)gRl)=*TZc2=dkiFi4dENNV1(BLc6p1v{js3bEi~4=pyI2b| zUteFC+y0U3n?^t3DM^R~&~W32uQ}djiKDu2`H=22BBDSrxKGZDbJ(!Yrc|s@!ki=X zvoazJw0)zmefY8MqWf70E(%kWKtLLC>%LtW=d*3Guyd-vzshf18ywtd>fNDJB&TTv z|FR1+h-J$Xas#kaPd$9t3o|8gOYvKG;8f8j$R@S}+RJ-KEXQ)l-@5fyKR$3Mi`1Mg zj84)-SiEjIsIX<)2KAAN>!})OjO#yqU}%K{^B6KJLmBO;`*1-NOMU+zyJ%`RohVz- zQwdR6TSFQm8OE=j27Gw`o_cKG0`I(e&Zi$?lC>o=@_)1xNMUFT^UCsxrnHyv*Db76 zEB*D~45VXmOT`*TysD_-VLCi_4|R3fx3^8(N_NkY+pK8`Rb}XLDlLuU3Z!TJauhLU zO*5l@|9WU2g^_cs^WK3mP#)RqCj4r-b0Z4JUPbS(+%m+1H&_q*zLv^7^lneSHy=== zaH$fB0-F6LWsgWi$zJVUjVXiCz=2&dME|d|HxK7>ecyi{LwZ*-7l{zfLYkyPGBt@t zl}cEpX&F)}gb+fZc{Eh3d7yzJ8ADQ<=OUU_G*X8Bdg}Mx$3A|){l`AG<8!pur{z67 z&vW0`eO>2yUgvekYY3~E^d?I)Jm1IPzwT?({yBEUWu_*$xM;X8!+~)4a2+O#$OpJD zVu1J~ro|5*zT@T~N-GO{J-T__0qrhjXGfkn-PSZ|>y91V_kwl*plwJz_*O@H&_oo~ zpbs+1wKU$?u5oP^b`eTgg2sD;8#Ff1wMBk>0s2@XxSUj!@fKEZ8pm6nu6{r_v$i=VrV~Y_>fZNLnV#YZ8{QCnV z>7nl+@D;la2-`P)zeVuIZ9z@1c3_NlW=w}_{i9b7C=J=$W@ju}Fu!euIJ}qEH4*Nl zz@~6T?aQ1TGmP>HR}s4H!j#4UiU7Wlc2Y?qDGdq^rsl#Aae>E#6N82izgbaH{LcgG z(KF8k^=j>Ia_1YrA^^rVdfBaO*WTlWD}+){309;?eBqmCW|+x`c-5a4>0Kf!H_ILo zEV5k=XA$qmKb<4!&e?|c7T17LXDctnJ>5BW8l5e z`q1V#Haq1pz8W%k@D`h%;&Fy0ZF%_zXcYIYRc_y`4o!(XQ|1+3v5-CrGqkvQdAcSh zPIKpu9y;_pKnyX+r|yC*Gg(D%dxmv%40(V!;n1CTK7N8=1*0Pfxk*)^P2~_BFIZktp+HCb0*0}xbM(=3-sb16d(;pRkujZnN}aED!Xu? zNED9GWfmV_k)JEAzn1DI`RFlv1^}BZtjpCK7MjCZ;qjX{M|to63kOHsX_L)QhMR*8 zzp;NbkcGk;Rn7Pd)Y+hYa7uVoyngeh)5Oycsq|>3mfI4X;Bb&`vc^p|UvTg0#$>># zs3@f$?OJ~hodRlyO)-_lf}asEgR|JBBLl5NK8paDlo%silFb83u8<5yc^hf8HqCO2 z?e<}SR0}SWAww=+$6^aazpf{fHi%1WUWdL4nEI>_V4~MU2UAN4g8VS( zYjFDlsr7&MO3*j?WCD{B}rCGGR}H@6uY5vV}C!bYw7mRSY_NP;>-OCh$H zi4x(I!(6s(+Vt9YEuI^`-$-(UFt9gJ0bA(xRy%B-HngKAK5qPg&VQ__VF>*C$u~Rg zEV81QgY!g=hC7E#YbVDxwtwxSe9gXu)B{tFA}x!ErSfM$ar2gP%8cbNa<%8g#m9g2 zp6H)!O0EpZz|Ntg{|P-hkktU5)XEf2Y4t@2{Xq5c<@e|uu*-i#=_FeF$Aq))sxs7f|b{^eYUcn zUYy;#_i5ke(L68Jm?DclT{Xt69oaRc=%3~~FVH|M&b3>&l)KN>mEF*~CuPdfhl7t| z#DzB!*|((sSow$r=G&RYMk`R&BC{(#$?w+oN+MSw?cdp?epUY0M4#cBjZB^BAX^{? zPqX84eJ{p&`jRA(LW=gUJtuj^<$1q^#5u6M$TzvL3V5qZ{*D-kEP@_hTyZ!xbwN=?$aQEM`OpV&Bg#6HKi>L?w;Gj_}!SBK4gIQF3dPN%U~^PbOO z$saelp}X!|4`svuF21qvY9`rg(=&gjslGy-Q);cLiWPEGpyx0vm-9=unar7)p!|E% zw;S)lpL!>**!iWK9M?Yx{ei0L7H%FVQ{6RB6AcPXXtni5U9`133xrX-km=uNqNj(y zy~0q;Mn8-x)c%|O=D^0Ay+^fwg>Dt??wXh^U6*eda*rdV_B?CUc?+s1{N7nLjI(es zYwD!rUP6Q*8RX@sARS{v6GJw>+czR}^(W)>4L5hLP>A}9V4`2YqqEK~WEhtF9vq&v zgnAtPvmV~LquRau6HIvKPjA^)Qd}%0WChCR%^Mput>IC`9wzWHTsS7Efas>#YuEB9 z2FZ-_tBvL)OH91Q$$U$zLJ}wXcabLuqT;dIY|CEZ$+OFg`Xt7ARYU%*-8|w=Z%RTd zU7wrN8(!_0FMVoP56jupLtc^W$Ot|+?ZPi_)hy`!l&-Vs1wD>mJP_jZLn)@LeP0sE zB|IO40Rxa1X{xG*2QA&Y1-9_TYB4J@>0-P|VshvD!Esx#kE9BOP$mA8di;lB9PAh7 ztv5n^m-|Mv?Oefh2NF#NAmHF}_|5{oy1SKuQ|eofy+5tB>P`6ADRM4dk|&vXB}DIP z`X4R85X~4Hdh%+{ZqgXjdkc{RyJk^^V{D9A+I9YXESZO{d_OJcPz=nRoM^kgc=0>T zU-`!5sW_s8*G7Z>J1xeFbJHe{xl0`8@pcr_<)x*hA4RjaSLP&+ob846Pwv-c`Au#> zj^W$LFl_AX3T{$%!MV~V)y9Y1!(4;_MFMKAM=O+$BX zIMYFHPsR4o2Qz)<9jEsx6wc1rIq*D5T^*w^DozO>_`v$^is|Cun7U zsI3LJ+a)UPn9d3v(K7ws{1HLp7-IFE&5HvIDOur=-Eh8RAIgqQgO~rhYtH1NuodmI zv$Akpqhg`7NGS8nu^p#*X8tyWyNvxnpv-In67Av-8MZ-NQ8~cw?i8NizHJKaDZ9d^ z>VC-9GS7mgVh#eao3k*kZpHN`fM?F&Z1z^x4L)5_aGE|na;^zX2R9Gi6I!3EjUV0m zb9h?rl`o_aoRZiyAb$V+BolCJ5FKQkk;vjCd-A%_JKOeXQF4b5wecE0S8V~A*hMIA zQ*uMBQ>e755=jz}wNR`8GUfQcQ+Z$3GnWryM|#5xBi0Z?c^XJl2GBn2J-5ZWs;Xr? z=CZE%QJb6Zp4gj@Mk-*ct1E2!V57TM1Pag)s;Y`(67aKn^Coj)g(it>&dPWrju8OM zb)d+6b6_A8mhdg&kC_=cam`7Ed_{#Q2=g6OqWnMzAGp%Zp zct~qd^+fdzN@M=eR|V9TN2eY8zv-)l|Atw~Z-AHrK%$>XoI(KB18;im+7k8+ss65^ zOSgm3YF*x>qyS?@+6Ih5YR(8vOqb!CX(axE43*Oo%)@BY*`$pOO+I(-oGU7Yzq+!F zGiO{b`W*uLysoubqcb)4T%HnKzp=45c_+2(5BQ9!&-HAQDM`>vC6v{Q;_u*JTkQ@o z+nvU>EocW~XeJm;a7TntC`RsNjE$d<&(2}Xcbi>O z8=m&TMZ;va2H_Y`FD+6K29S9*1Em^#{sqXAea%<2yVg^DDjWv)4sexQt!ARr1 z>R^`2mmW|!1N4%ha2|;~LqeQ0Z!Au01D^nL1*%}XrCR3C+QV)_*WeBJ$q#IehsR(l z4E{Z5dMBlHkU&~95UUWj_!AZcxY->{%>CPIrTjvI3L6B0800vfHd%;Tfr@B-uQ}OC zZyNuMy@)E5fkbIeee3729*_%hY5cI2xCH*J3wN=+Z?fw;sWLynYAC}SQ-N$)W!z0h zvsWyX5kR834s<6B$|09ru;p%1k>|O~nrfCM1);YJcJ9=uOMF^b=mEAC@WEPM!Z7^S;{H`@t#?Z?Lp@!-H5upB?TR_7&_8Ori}!$=1=g<&LtlY~%F?Cb16K2RRHdpN{Z27 zN%{sWT|9~l<8DiyDu2#x3byW<=(x{(IvP4uz}QTP9lrDDTN2|@I0j7UK9>+iXcj9S z#&$r^(9J=bNa*vq(Ld*&o|2?ttn?F?QF&o_yQX7RVkhGqDQNzRPcU%mKH*?OP)UJR z**e*d<4;E>I3#$)sHtdlsZ%tZ9Y8YzunEuC>|+0oT@_R{TIjEtPv=;iIL0;=upmss z*Uq_nZ2KXLi%s5*o;1mj;Q$Bm;2 zfPUGOw>s8S#%$s>X-C{bsH)%}Sj!p%Ib#lO+T_SvvkDuw_nuAN^@+=6q1d$n^*wv| zaA#7|`m_*D&LIvB_+vm?VH5a=%eZ zJ>xO10RQy`ftDU+pO`#tgr@wauZ(@eYY;goVTag1% zOY0KstakV2CtyFX>vc84&nr9KF!i1dW-c}&a5cca5QHt<}+$X_MZJ~R(N z`iR&1`1P|fy1!&c@RBrYDF*{)c;@9sayXjI2JvA|219gRbMAE(ByC1+f)J;pDXIsU)#^p@%@dAa?xrB1vL}2k@sNAjf)61=$aXfNHfPmTFAS8y^fF!b4Fb&hU zqs99^!O1F_QjaxQRinE8K;~*OV}bZ@IeF7Poh%YB&yIqRk53j;4)9W{yxUVLt%ILo zqV$OEZu!5uLcJ#zyXWr@09K7;%PajTWf-sFEYteYtNi`(*)EV;#2F~605n4*HD2kK zsPwB0G|XTBeIR}m@f$Z1@Hrrf=-I120*ZEf6wJBPLYD<14$^Me5SqXly%`qVCg+vF z>W2Fv9g!AbAnOolcy{5&7x`E%H(Vf&zlD6{1OjnMayUp+7jA`Inf%29?!RSQ^I#g$ z;EV`?WLpqv`{=4q7!ZUig2l?iL<)s6pX_ymYZqy~Pk&ctC!I6C+3>F(XCIB#$b9m~ z<@M>@UrTIW##7m?LYtTF!uKKf5)a%B^ZQ8aZ4xgs!J~R2A{NGlrTFRR2RVZ}(Vu2A z|1L%i7{!dtC}4q|U;bp65Q=*~!X&nc{e^Y1)`nJ_dd>DxO3O!T0B6M6oF6hS0O&Gn zCas7r=CjdSBH;m`?l4X43$EH+#EiG}bmx@c*19&Tf)z7HpZ8a4Yrn)Jrt8GsUtyAw z)iweK0rm3x7syY=G6c%&0VWZ+3*ewmgcaQc_Hi@BsL9t!BT*@w z)AD&^F!JM7?mxTA9H)(tqFW2ewDrE%iE2t7l;=*G2<59*xu?ZhLrnG({ zUTwA76xk>tMW6+ghbV-C#rH8Vs5&VLvx=LN;Gt)614#)L9K98cI|^7;Kmcq4{oX*tBNxO&fJftmU@?9y9Bsn^1ZCHVMXUvavreyTm7I$iiVV zQb0R$QR%T@dJ6~KxT@UECYAJ|{~z>cK0BanUwp~dcN0s|42)rgnq zU{RW`G`8r$gW(j1f@tRjGzig_(}hE;Lwnxztrk#7MMY;(YM+iB(%qFxVOA2gT9@e5 zu?8v}u83a+fsn%fFPft)9hTt9HEf9F)Wx8!&Rj!X{U^`(@28=IRw|6l{!m3@0g-0z zpN}b%y(<)|qO3~HfTAlRzk`Cg&Ag5|JH_Jz)7K+6? zr{v9@lZ}SX-JZ7?!VeRZf+Fqq?Ds zQkO36ge(LDFu%U4!-aLU57V6>Zc{UR)sc(}>WAr)5FUke_;eFOfksbVl8e~C|2ZUo z%3aQG4n*lcFS#zh1U#2*hZQ3^J8c{7y+?$LO`rfp?F4-FfrBBN{;aHM)zb7Ld7Ag3 zMR8xk;^^hcfBNEjf0BVBLVasXAWz2k+g$Y7>ip(rR5^H)i6hET#TU#ecWR`OWzqGW zQi7-!M%DV-#aGnSPJDB*D_vZmAl9%)n7uKn{ zT%%}h!doJ~=HN@BZW5~Yc;})rDg5)xGW>FTs7oPlwBqG$+om&LkRu>`&wth8d<@7N z83DIt{q*>Dp+E&zam;NJ&pm%m(nEaKgR@-zMWZ7vu%xYcD^1D6jVU`@5Rr zlLbANY%s}&#h;i`=E>CW7?02P z>|8AtYkkR+CnJF(1Tx~Pj~^>MO&k7Ph;prqB(aL1zM*g<_I#_J?Ao4T zB;^EuQUfUguH+)*rx@HKN{M`W{i$f_fK!dJQHZMf{CWPgX%T<6*=)91w9K~wn zi8Z7_wxHL4UMdk^I=c=BD2Q$$lte-7%KP(?N_=EmyF|p66N?rOa2z)-|IgFu!q>M^ zpi(lN{D~uRV{Gi-uP)73clLyMJhM3vbvt%_`y5NeSLEsNUzA@l{Mi-r86k9H?*lP9 z$`V;IG|Y;&VPt0#;H@BDbt|3mf1Z*L%~pM_4^8QZzl`;}y1Iy7B5f5h{?N}IqRCU0-o4e~E)pcLxBkgpMvWQ;M%#19=qy#hoE|;s2s(eh;`()- z6`{mBiCqYgkk=K!kxW~d8jWCT(xmFQon(zT6-Pk&RW--Aq#iqFer)z^ocU0>I3D}* zZ1oEcRIlZ0uFfXSM$bvx444ilf`r1&v5oR$$uuFRnZ_}@wDK*vND*3BVoH7$Y?r~ik~bI41bpM1yD&>fgZ2o-Zb zQ&Sc15t5jH5TjxaeAo$@7@Zg9G z6d2XP0Sq$ag9khMn9ykCg*n&`16itxzSagRu%6GepW;UEp!KmW z163|lEu;jb;`ot|%z342pt?UV1w{{dQd3#kno3%jR8Fq zqs_DRW!tZI^P$uzJ!KylPZ!%LRBrMctMY1MUgIi!rC;xBDrYiuc#75h+5%)6|~ z?G;!tTbaj*rCdo@I8_D(`rOrDg8q~RhF_N;;Hg3Sypg4Ia7@oc`hD67z%GnpE}o+x z&6nB<_L<;d(71*uRC+1^5p{MzLz>8DyAg89|HM0}iHt!@q2&Jku8+1whdy>$zrM^9 zIT}AAp5=3kGy2{=+e1^{`LAUWfpz@pQ?cjYQEXorakHll7%&Dgi=1Ies0}D_(B1%x zfMoy;g9O%CvbNH1LUUM~uUpW7`iZsBK``M@q?DOAr?rz5<Ud~ z?}dE3+s27-bxzIOb|darGV&a_f|3H>lX4jphuLKOFvc(#Kz#Dr??^hVZn7XD8bz-W zAWZs!7(BCM2PNV5EnCDMs0+DJDC^f-bMVosASEC~Cy50Y0Udd04$9+rIP?5@)Xpe4 z5EPs5b38N!Sv^xFQfE;j_?Gj|ciI$*5@1t%a1)j*bfIuVk2e@oCFs3xw9dZ1~-A8eJv!`BTjD=*VjTr|DEgvoKGZj|5P) z=?McohX*-p*7tRxOTE2CPX7V{?4Ox4cK|oyk8t55>3(BvJ6n0xT9;tN4ct%23`DjR ztH|Mape}}81uK@!^K0o(E|D4_vub?(>%+TuN14M-s0VEuFd%%PE01ped_@8MW)Jd= z|0PmCdD60}Ru#lmS$-fb92h?;q&(D3QwPyPs$c0*>iGqH7za=83|H`4^aS)V-!mrP zV;ypGuVu?*Wd>UoRa$LoCkTv_AZ6lWM4@@ZOIz0e75A>Y*%d)YcE_P>aI_@9!=>GjxL__L#G90zUrzzCS#fWkQ0p^I(w}1^e z9FXw!WKYv3&dz1S=D^@u1n{Ye4hI=917EPY@f2AP_4Vroygw@&#tlocol)XfNYlww znq_y|1KF%416x?8d|MDHC?4)B>*wtG^Y|s0pX)oO`M=^FOx2~hq|znok;s9mv*4IB zw1yU4)YiL)d+$dGl#yXN?+a+4crW{J>rXRk?=80iZaPcH7UMrsWY`~)WJ7zmvF*?H zb=5TIFb8wHDjzqoH>+`lz4ADN+dwWDGDH|o4C*#_lkI_92UhSq(Uh>Cqf9qJzs|>V>GkX}UCH>V77Qy%T9e7s*?;hbS7w+!$ zJRC9U>7Xu{*jp4mY5q*PertoQ`HVk^1?@;;YcMFq?_%}&%qBBp-4AKo(~t($1QLrg zOb(bHy+!}iGuh4h%84+M)B#@jqqYv9=*<5p8Pt;@u?+Xv-#3{)*_fCPuP3tu2u%S4 zx(s`|=)W^(>Ir2;@v4vm(ddLK@7yVzbF@C8ZwY>L>yVjK+9o=D;(a6^ebq$o(Uo$u0%6HLG@Av@7r0{%v`GOfHiAzf9{mmL`Z!HGs+NJ)C&GZpE2`Qvo<##0eN?W}>Yx{jKuRVlO|EC7NV#{t-QRm^nT&BlkRAmV^sIfTjLcZhR%q ztwPfJty}ram@gQl;uxUreJDw8au5f8Chg$`FOR#|xo~eDURt>nn_31Gl2!~_P#{Y= zFE@$5;o;T1e2JM+09Yut^Zo~yP|mU_$ba=!V(@pkaQ1BXqq~(yxwW)Qv4zb%&??>2 zI{D% znlPAo?wmodUfBM4*}SI?g_vq5h}9%1fp(&~eRr1=9pVGGnH2e!D`@ZEpQL;+PMhInc!Km+31mhfdO+2ZWR~5LT6TZbI(dN>s3{5 zLMVHLKAAx((!JutYQ6U{61UOO$z&o!NJ)f0R8@s$DlG{2aI9We9o>QJ=G?>gR?UV5 z2r>ad+oOkQEOPty7u>TMIIx;6k2ai<$m@^83r0povHRA99^O>uiEt~MpslpqUW>M9 zaSZComu--(VL;ztdiBSV@)7vM+cG%V>uaSJ@SKwy_U=|bnox4c49SVgFk&!Xw zA-f8z*{+-k>=NjES`NS@1N_-GD0OIf0T$$F<77%P4KTWdL)nkqkuXu~zNKMp?@Te@ zeE-3N)si-M3lT3Yn`ZlU27ER^AeJVzpFUBf-)?RW3j1`5Dj5!(ewMy{OP@dQv1<1Y z8XC~Teg7UG9qlk-!qR2S)Q-qGHxK{znrd!)QW8TUH-)}$FU09s_E`6+u8#M&1SWFD ze{Jvf?K7|}{P_#wK&Gi(VV_^9iQ}`Xl%-a%vj>cj^hg|M&^VnFNB-&{ z>QTt}_Su-#{i4c}5{T^Geg@|pKVA;c@}$sa3;P0*6{Ge74upNaCst_jy(w}=k8a@{ zv7S*Je2Wc&N#`rXv%YQVbY26Ft~h#(O{L%-Q_)6Z5_-Opj` zV0x$!1<58#n)UU+R^`j2_FG`0!F}cK*57LXVThtmFp>_W6mb0ZKW^DiYwa9#?;ZsEe5M3)q^fY3_h9}Jiv7xFwta&}DCHn{wL6Lj9o$FVVe#XYD z#g@ln`-hBN2Q5SuSATr{h-Xp)CrOWj*F0kg>AxZK=@%x)S_UoGSGfKGT8G84^q+s) zJ(~>^{QNmj3%|quj2F+&?mj>9sk+$mPn&GkmG3`)z8R6(YgeA%B$Z&3mt4g zl+##}b_6LPvkRUcICI8_Sj@eBLaUIc75SZQnad0!;^NSTf=u}!FM7?|KR=33L<^KLd zwqD}+Ouctz_2+p)=#Cxgv0`e26W_i1>7BzkqBrL{RxQqm)(z4cFm&j>$B%a(_Ho)Y z-N~t{u8zhEwxgqTSmpiuSI=79?3MSfO{L~&Gn;_T0mex%P-fud|Jj#jxwc(H<>9-} z@BKJB0_|QW6+}l;!n&644_Y0SKh=+#yt*+T@J_F+pV56!xm6h1j{CviIKQqjkW}okPNjYcB^DN&3SH6H_Qvetm zJ+7>D`}bc9^rIak3#xsp%rs8;WuY}ChpX;h10Zq*j2s=V5ISPT>u(mGH$oJ>XpYr+ zW@2iZZ;64XKfPuI)x2wNWbmkh# zC9?$3NmMUkbnb%(>Z?v-VfDA$ZCd|rZC#4SdLIp*0U>nl%|Ql*0(Q_+>b!K^*TY;e zyO{&3^-Q(FEvf^PjT(@x`}S3+=5}3KvbMQ#kU$5xT}ohet9I?{*HmhwM_)$OG4<$O z&h+5!tBze^LWi*Uk0$w)!hN zCioldd#d{BZ1u>`RpG7ZzM=-%kQrzpE$0`5bOW!p?b*hzOu&2Ft}dqVO~;q1nbR!p z{aAf_%G9Y4;Ow1{H}-}pPJPA13CaqrYgHAwXw^LXyV@T}G06<0e?%949m&y}&vQr2 zzz1Q#di>4yy`erlh+@&znQN&o{$S83c%{LIbN z_+)D_|9k7Z6+7x5`4GEkdS6^h)RGdUmoG=`C?in$+8rxE*W0MmgdinqhD`F+FkS3f z+DNdZrKOQ^FA$vU>?mo)ktKK9(_9^n_=(iMOLMZB&Pu8vKlTpV2QU;6{1iVzWUBz+X zjW5jf+WgEmtNon2$L>H_+pl&V9;MS`O#*>r3*wYkM0$aYD*I%UA5;9qRo!EiKu5`6-xdYp_uCY3beGN(aZRYbwj{xMBySarHKU&adP~(#2pwU7o zyab#q;OJ6u-(yh)MNyqHq3*$n)29`MP)h}Z32O;I<3>i^Le-#kG5YdnbKq3MW4%Jo zL@mmE-T_%*?ExY6l_Z#FYCl>s%Wylj*pQR?o7y7#Fks!wvsb)YTEaHB&~IyQ&CLm* zaXlvZc}Ua9?GSydZRXN+(W7^4F}wc5*_*?E_R4Eh37;Hh*fo}u<4;RLZctOwpE=TI zzD0E7K)H(Q|GGN)7rPoRt`B%SaNFebqjn7RBq9IPL$=7SG-$|yYbGVLqr*HH>W1`M zTYF!aypxXRWn;7wS}HNMA3x3oUJGn#H4^0pic)2zJCwS*s%%e`-f==!=HTR#*%_YWLQdQM&VGxz?>DH7{2E63ZrDuW|Nm@_jPJ9k zbHs0zs&6Y|C{M)(hZ*aLpYPutj1M`HB* z;2vuyd_4QO?ZNZlt3wl4b{4MasX064lQQmGVyo1{cdl)obpQT_DK0Z?XFe$2kYY68 z(#!Q38<)1*w#}tO*CL}M*&E%%+NoKq+9rgirFMw8`?D~3)w~{S$C>tf(-x*fdwic= zdVPN0*tep4NgOj|(i&O@tLRs6?4RM>A@kU=_m*u-o7D@&Ek zClKJ?rQ7R}~V{?`@)j`>0*Tl4!1D&6ogK=fq+XVkxc6Zpxw#g5=Zfu_1 zXZmBmjZtHDPscso#x1QA7;pG!x_)b zm080N5Sjp^e!5)5!9oN_7G7VZ(KAmLOlM+TRSyghCStE4QmAa=Bj|ZEY`rO={ zMs7)WoW4aUKvXgdQEg0_IBX>tyI)EN^EuEF@aJ>l6wsC>(P{)A=lK)u~gWc=hB0lV#A%EI7ZmHD^VD=Jo9O7`m6AcFUsSZ5k8x?@3l5FpbZ@xC6 z6Xv}osU(nOFfoCfO%D&8x(Jm<%+XE~htMI8>+g-~R_>y)&vAa{zx%9oA0iweEjPEE zI#5?V`6he*=g*(;3>N-x6TG@t4h;PDt)I~bj9e&ddxs6_cgJn5`>Y37V>a}3zd@K_O$xncV~AvW^GF21W_LtuTIXz3`(tHv>5}HpFUn1e3nDsnmJ=on zoK@lCGGoSlfD^{z(a=gFUi0bGsWYm9<(wreC}MDFrcQ=qYTv$nY>?HY?tDe?(qK## z|K1lHy$+R9S?Ydu*4Y24GI^V%jBQBzRvfB(J4&of%>AI{sT)N-vy zH(VY9h~l8P8pNHr%3=nH5GB#tYF_t|$idyyz6xFo2SdV4DOuK894G@~U?;)VHEHKo zS%1hSv7I?acEj=RG{rC>G0wq_HB%h<-Ks?Cg$fqF?h#IHtt}tk^nsBHl1V$UB`PkG zQ#NA52C(W&85y_nn!$VpRAF1v@kl{$8s`+cWG+xg=LP8%opMO#<^_d6coNB&=UuxP zo`aALkl}hk!TP%BTGbupuvB`QV%-_Ad(W@S(GdRXKQ)|p&1f4v5#DRUgx|lu57;&y zrv=?F;s9gc%&fhM$#Id?kTd{^kU8QSB(U|Kx23N@p0ih=lX!zjJ<8WgPLm>#YO4gJ`X1gyy%N*Czc=@u1OyKAf1$w}dS% z1$(A{q4o^eK}Hufz^`odnsS#2j&ClVl;j=zoPVTeW+u~5x@C*%tW4#;yUBO~mqdSQ zBcn|f3(>b5xtwuh$=wdx<^_vLdN)S0Z*<@){>n4zK=kh4{yjzooMF%rmeV@6js6=9 zpG#k?aEU-<^+J@!G10*L#i^r52br2Ool`vla)0ExZ$|UX5%S>Iat7=8++mD!O|O>o6a_W4;}hw>f@@R zvt3*qzRnyyE~zcfmbu59Hg68$hyvWVYGuOp};pP zPQG~R@QJy`cR!ES|7kibu2EgDU4_ecHZ76ze5?BKZ{DW|H57|>%d9+4`|;9gr5de^ z7|SR+4RwtC-hTC@y=Kajul3S_-VzN(BPzwVjJer%tIRrv-F(ByQWK7x-o5P*?{cgo z;Jd)cu+NR^i?ilzfBPyt`&hA*>5Q?^Drf>l;;8cv!U&_|u`LCam#D$P>iJMzkP68r{Qc!TPy#UlQ`*u)KlEQirsOfO~t#fjXb*O ziaH}iwr$fB?KeKWSqPNHi9%^T;cKK+BC~e^(NVw-F*OBz>7v$M?IMr?h@)ow4^VR{ z8987vQHK;%pAAAYPq4 z+pDRo*Np6$j-;8S^XL0}o!W}v)U#K9fa$tV)PjHjIHdc1DvckF^Bx_rSL`_&!-$&a zrI_dJ)mOHb4ogW(lWv{E3wO?(@`Yzn<-31S^|m z+=hZ(T^7wEt>2r*uY zzO|lTeK@x3K%VMjl2OjU_m&K66&=g&hR~>f_R%sbQd%?zwV4hY1o?dQI|{d{eYdhu zHXUvMzRp3;(@+_a?!?~E4JvD-e>XP`ZatKdk>oJA=Zldy*5ju^CwDgJ)`bgX_Lm!s z&3xfDxg371hbC+nk1b72Oca+cUQ7_*=rMk5k*LXkO2;@Jk=;-EyXVfo@Yu_z)V%7q{~|wU4Sxcm8c-;WD_{KudTUzVhp(RmhU;w9L(P7dld=nQK_C3xY)iyd@0ywES90 z4%i{n8T|>N=?c4;Fgn5Siq#2S52?x%Xs#WJC3-~7fv$c^L$KB~GBN^z{pG z-t^8370s2G4f_orP4aJOc>U?qy(bdLWf-|hpJ*2)C94_oRujdqqr%cAF^g~_X3*X6 zsM;YGBnx;CfS=5+xTr{+FF;yKZADP)y;`=C4TYQvd!yFI8by^t!Cksrr_dQ7Vl~;X zP|WT4_47$TU5jKL9i7i?9vWV2YCIM$6uZ54?ZU3v&CShfmA`lhi_|;q2f!CcoqpyF zP%t|poU@)h*_)GJlFGMWV{Fk@7y(29bcL=1z6kejI1Zpj5+aVugPuRisXcM-AsjL$ zG2g*|O*_8Lea1AsO#DRRbfdIXccfMs^I`x<7zxU~M6vu78jG?u4>3?j5|U6ktw5(071ee zziiW~RG<$^A4X`xvRn7-*d)hy8OE4Gkz54X|{OIf( z&R~D@XJuvM%=`G@^@*rqrnB?Kz@Mi^RjifSEi1l9;^)Lq%Z7o-JO&%h%d0|FKrRJ~ z!cswkblY`mdQMIdat1AhH>_ULBF`w9A_dc~0={qmy!!NMlM>T>uJ(~*+x>M4SNnL%oSEX)7p_Gca7FKDPxCuth5I>&22LsU!@vI4~F@EDg zRj#|xt~Do89^EduJXfKA|2YQ;|phLYoDBb^-=lWp_mZAKiD+oCnz(rCv> zL=E(AiU(a$Q3Nlr86&=cI!??`B9u0lz#{37+&km0@nQe(@29`(clhq0Ad469v?R~O z32ppS9#sqD!r4CAYu2tM;piDbqVLPWmr=M_+S&0aYy%%i^ynwPn6V>d6zt;7@$to< zEuDrWqzhidJ4UK#YHqZ@L~B4;Nll{mtu}&T!Q~KCHEj0L6f5VpO?|JC>Xb$If%!gh zehIOJrL5cD(@-!k;7mpPKCZ$+gm*RL7m~UzTNVU&LsuihbGgZ~hSOhdHMi@l)(Rkn zy#@!*evFv;>bJ#P6#nDWvnS`5&WuPvoi|JW88?}d#990B1M^j&giwA(S9(mEFuSS z4R7Mcb~p3UwSG(aNbRTc(4)m~Ji;*GLh_m0^Bs?R_*@dl2ZEIOoL5e%5@U-mhfuNp zvx}~$$YNc7+HRd%ko*kw8#o=sxYp>k=UjeHNTZ{{`jYf_@lj6g%5Yly**t@}TKdnJ zfq3eR{nn}Orn?9}8B-jO7P2;=3o&p#IKV1&m$}qiwNbZ&fxeh`0jvi&nXMrD17_692VnUhKJM?*~cz||8`pHINzdihh5bt^_8YH#f$EZ~-PX>Iui2UVZzT&-<$LP@HoR2+{%)Pv4T!vq4xb~QH8wVK zP8!b2I0y-gQi>Tra_K-KCEve&Ltq1{{czcZ(s>)ybZ_6I{YKfE`+>atKc~LrDjZKm zOYk;A*a67F1S9@qZE+`q36g^p)g@6ej)%8sck(Lc*sITnKwkd)Y~#PB-Ioi3y23b{ zG1G!9a{G$YlDGpnY^tmGQIbU4FRIubsYIOZpN^pvEH6gC;tei39kz_GcxcK|w$#Zh z35{}0<-7K){Ke(KC?y1GNz39wCnlsH)bup$HiazvN=QgV0`&!vZT4Kt!Gl*I{>hTh z`QuOI!tq&i4FqQHfR~5CZ(yc-VMo>>r@llXPz<_@$VJ`bl^paqAfxSkeFvTT@`gU7%YmzNe5io^ zhy*fZn4-v&^Mza}ZQNr!ZZIM2)X9^@!}~Jb01r5ykjk(oRg; zd~bJ@mv5$Uby#Jf*3mXY`!>G59DJ?VU$Zr)9(G*5GT0({a&r;f4elDEt$9Pc4hL1m z&??z6Rg<&F*)gWf^QGT-w(YZwe>zzo;cUdLzvrW8e5SJX_YW4OX%s*pa5R>|$j*mJ zTE6BQ4Vlr&vgl@5M6tbWbSp}86Xa$~>l+_*LYYWuDvr8x0OEe|;3v6B{7g78U<@ls zzX1ald3yT$9R``64fk)+EhtEwBzUK+bJ9!JF2EVZ3aUNtnyC!28|86TKB5wGjYu)A zO-~^zypxhlu~fGS$HrVu>OnNYX5!MNwM6Gh4A_*n2qNR!?y`5vai%q1zrGCcb9q0B zwAB`dxrNU7>wYKS&9vyojZOJ(AUTlXiH?VB5J(ZP2*VvV8r;%hdK8npdZ@c7i*(ZeJ-lRN=xg%fB(qie3NPES(?Ch)Qx~9CDVH|yzc-iZd{(B5rV)thW$7oU1?hC zV&zNXhSd+S#l`IGvybYiKZ2SY)4#sjs`>Tj&ys<0d|`@_TmQP6+uGP<@spj+0bKKF zm(<%)yuMoL)z+(%d}v-4U%?o$hrFbQ)&XOHrZ)&h6{GiUw0AU755 zH14E!w2~1oMfX}ix@mbAdK%FOa|&nu%%zm%F6lf#hMgNT zW(>!9ZD&tI-8Np9ocsd87`vj}(-ckC#H~}4T;w_P8dY6&l{m#5mR(7jHgzhhzr8HK zt3^ctYu1Rjax9O^H5a3tJKr7+rpk%%rTO2F0s5jeIS{06?vQ zPN)k?Lv|e4195zWxp@+AHo3A`zBV4@p}tBg-Y%QQCa1psetwXg2zZxYw21T+buJu) z0s8~MTQBa4tfdqY`D(w508?3CRR!PBVOPYalF7(Wa2 zCmDsx@kK>8RH4vKY;jI;cU$Fa+OR`gBfIx7)7i>G50%s_zg8E<%Q!a*GWjqGzYocP(@N_Gw4%18wi2ycr@ph z2p<8LJ=;ID$T}kGweix8USlYwq@FaOVZ9xd?Sn6RfQnj=2959J`f4(Ic`QjVGIl(? z;-YIt_>yN7Uk$0>8X870jgC^WRaBmOM%}mIyAjQSDoh(L$czxWO?ZFK{Pt{n`=~mN zaX;8JSev;@KP@UU=-c7g}i*9-GOJh!Pz`SgmP>s@U~tfPp#tr z&tKPUJaJ-KYjYDfUbOrHTfJBwzm`BEvEvUp?iohg!GnAE61At)supqjw*2Zfz$sk{FuHG=_LNtw{C)4IFqgaKL1i z7`GYmLXh zCE8e&e*g!a(0k_v8crR?kAK+^&^S5Fs-9a9%<>D2g)`b<_^_0nBuM(SBr1$DXzw$k z7gZG7z|~PqlI#v(ju&57X_G=42ad9|$#mN{Pbl7dDZAB}cP)_>HQa6cIyel>(wQ)x zVjfZ75Es<`%v5oRu|EMG{?6Y#-Y$>^ctQbOIM~2YeAzN;R65CplNQ9SU%$S$ju;#l zFFqPEcFAo-7cfqfhMbWQDTt&Z6Pwe{K=HB56sXOU4c4wkWBw)j6F>0CAwD7i;z=;L zib)Gd>Kx|X>0(`4R8$LpQZXt2yV#$fq|zbk?nAmkMYnsixq1;ja1JpfMGK z%`b3FQ&20YI3o@ATz3h0>qcHeA9$}Gnoj-Tb%gIDamGH$k&;_*btaQYxy;BR))>)PQ#=lt-icnTbTo?^K!;i#-wqM zWauyHYi737Iu#xJuuN&A!x4KnWbM68)HCRoIx+8FQ*_8U0-;K{h)J~eX81=xwehSS z#Ja!P3;k})4Yk@$60)S|yF609438!qBoLT679S{PM>FB8#h%Gf`y5weiazBi^)vU~ zNhkFmnpRTdb%cSJdPbaSX)))1AfnWHl?Rj%D9B|*^C|;m~VIbZo`is z|JHB78AmkDv`Ox~Sak(39>sCe_&Bobr}3#w$NY z>sGtE;+0=p^Vi7{m7F^cyH2m-&QI)pwlxXIakdU_t#^$hX@zgAG}e{V1+^sy+?Kj0NHRUiC$@+_Uirn{+;!|g!K%)_3`A2l`Cx}B4Q|`Hzxc+ z4{$83KW5G>dF9vr#3Ra8q)r3p<+zN0eOP^WnTEaYcQZm7TGWTa(2YDeyw`!eXrMX4&XRNc9-0SZ;>r_KWh()^tL;nq+%~L}9 zbh4@;fUQOU_rTLL=FMA&vtU_-tl&g3W;FpU8aRzGRPpBPoViT^d@2$|F=wjGyLy$u z0#W=aSx@Va3A47|K@KmoLW%iR{% zwv!TsQaLhvLGY9zpB97+DRMADcqDY|BnY9)LgVNVvKmGajQqSiHNGGubOsYiXwO28 z1I>_^udDBx<@ztP-6dnCt!i~WVpJlnvGSqycmh3VTv$s~W02SyxToUZ`mONd*gH^R zJNMn%`|vgZ&7BOMex9*!-?QN_f;^Tlzl@HW=A%KmDwWRPZ-xOcAlgl~PNilN(Xb~^ zDC3^z=j)l9@7}rN)IC*kAnD0}4X969)}WxIFYm0b!$-kzgS$|XzpwAq-b$r(pY*KW zVrG_=b?%=@5h8%MC+IEkyCfCe(vY97%o=*FQ1YivxIdq4cXX+l63^0H9N`) z#NLN%+NI5G(?XAGC+XL(<);p($#N18);jIYi|bExbqu|*>|o^K%yx7E6G#_b5JF|G zt|moLfi5WA0L9pE@LW8VwiR*QMC-A$9EI^gFCWd8<}-Xg)S-(WOKd2&k~7f_@QrSyd>I)SK&f_Lc!gF|HU?y5A#w0VNiQmT^5TP{3 zS)`Jmzklu5CPMftzl-FDzN=R+GSQIefkspPvSX(7-AdRXLXmd$R^Qm%D_oA;fP?K? zO#?a-QYIvUGfueZ<;GKBQw0VD1mJ$48v#-6>EQu6PR~>u?X}mj-?g{zV`@5uc>@R# ziHztL$=3At|`;_A^QP2gnmWYMtH;fY1&kIYnz+ON=FmU?s#xWBWTLv2sjkQQQ-hOda4@i7z3T_k#Cnk| zDSySBmb@hkG(_f-+reZf23e#hzJ2R8%9H*|Sd8?@$bq48kt_tX~aPH_&+dLu2Zg zZa&%*a`5UKzWnjDHf`nr8*VNc3H*9wRYPNg2izlRFmCcBdf_g)*dP!{(4^PadeXH_ z;`O?#bca8&9^Jvl#rgr$7OY!mkE^OogE(H4t*On69w_wQ0(`oJfPm6Z`Cr*& zgRCRhkj0=p0XK*^t7-kVG*O>W*^F|Rf!(C~BKf}f&VSk?{EA+@2qAB8{6P1|7)b}& z^|b4(`~5K!;j7ckb`IT3U0#AUZlli>q=S71B7y62Mwbw}WBxiu0^okkO9({y4=#zMF z3Q7aKJYrnP{7d%3$lG-9pgW=DhLo9<;ML{n7(=m93u6MTd_O@QfO_0||BGT+wBP!p zAyAPhI#^}@{r!=pE@^kejP`*NR1Hvax+)u4gRh)3b=Z*RQe%Sy2$q`JRID9}9 zVCTAC@q85ntnjMNv!|CN_KNau_HZ#heKn~)j$I3hbBs+j*MjI(vLIc4p({{I3_ CAx5qM literal 0 HcmV?d00001 diff --git a/articles/2017/05/18/nginx-authreq-3/schema-1_tn.png b/articles/2017/05/18/nginx-authreq-3/schema-1_tn.png new file mode 100644 index 0000000000000000000000000000000000000000..73e9477fbc89eb469435dedb2195ab266a0673f5 GIT binary patch literal 54641 zcmbqbhd-8W`?ohC31udvNLDu82_Ym2$x4z@QVH2xk|cX4A!Lh?orEIU6%rDPjBLNJ z=lv6Y*XQ#-Z_9mO_j#S?aeUWthwAC5)6;O!5D^j4pVm;-Cn6#~g8%)aBEg?LoLKrm zMC3zsTJ?m1>)?#%UDI=Y>)Wjimb-Z@18Pp)^pW}X?cVw6@_f!-MZ4Vc^18&l-H(!Pw{X%H?Rla$zH2j$OcI%Jgp9O`Qd64i)E>H$Lxd z(6E){SaMe+yt5V`c%E=oJl-N{E|}A$no;CI02Oa1q1C$B@kNH1@Q^9bOyQaS?+WFO z52eZFsb>ot-`l$V%08$quv;~^ zH%0&Y&Z5ie$B)0d_wV=DT5s>Q#i`%Fe^c@LsyO}nd}#09y&U1J92^Oc9ub+6O9;p) zI7JDBs)}=j8wl?q85d%q39__!d@!nYjyH$ZC8Cuii&Aj$)yvXS7G7&fj?K-@f3rieQBmEs-rFCQ)@K%{y6Yrq0!j9h zo}j5~7Kqmly1_(Xp&@_O(J)Nm&#S1&>1sP0Y^knws!f2GsIjoKQ!iZY*81}7Xk)Ot zx_Yj`i-pOLw<=9<+_;ez+-0jub+huz$cP1gd-v|Y(o)HQM`{^v8!PkOS-PkB9~K+V%&KX1Ve*yZkfFZ5pJjgl_3qDhOJ6E)jXSUUQ|@}R_A9rzxcKOs z6{|nrYEA~x9TE}Y6t@mhs!$82x@#Z#wFjkQE5JO7{xSCjW#Tg2Oukdo#YyvWVXEhsn| zWa;bco05{!@{n`Pxf1*SYvrx1*w_o(Tbs(8i|0gRrza*TN-0m<2Xhwq7!n9&CbLsh z*dh3lhm68Uk8(>pu)PR3uTSru+SuHT*f0Bc;A(2-^XC*46fsYpkdcu!H8lyb+<*W6 zeMJYvzj$LXYZ}m$$Nil_Oi2wGCu8|QrRV!Y33F_9JDd?LHSIelksPoS4 zo*FsqBwJS-9UX0HX~`E!)hL#4XfMezUoaBP7BqERE|B26O|wN*_Xtn!?noW+ciox7 zF*ncUC#_htMvbsNt&)oU#WkMhORXMcO*XROhhnO(LO zxtxt+Vnx>>`bbdbJS(AQ>N{Pz9)ojZ4GZcXYK7(6LUjo}m_6%in&WU0>5O*N}> zp~lNI!@Us>$dZES3uY>&^-6XFQ#m*jA42%vV59(ox&I8P{LW0ofO;jOQ)$3|IS zolJEsPb=ii-zTEY8K~0nR&HO&k*HQOYCXou0VBZ{TI~T#^-Wt#eupm!wKC&AA_l@e zqSUjtUj3T^F8!8Q`cK;ia~cLE|381DHgu4eMYU;LP1;nv@nLUxxfX#rG+d(t<)Db$#GZ*O^`z}3~&&CShyt-340Mt4uHnzJL6HAc5Tq|>hK z)s5lasoVU_IVdgF)zzge*)m6s!8C5#5yT~%uh-GU5ks0_wUo>8@7$j-hQHZ?yV$YG&5b>akZ z>c@}m?PNM~va)XX?zOyq8x$BwPEKC=`ZaR|r4GrSofjXqCFT!c`hHJBt2g?|6Kh;H zHim|Vzn0u_Yu?`8jOM(&yxIa$t{#ftbG_1E7zi)m`ukT!=e@N!YgqHBlicl}jC=Mp zkIlEsga-RJy3Hh&j=2?{V*c*O;HS{>jwh=1{{8!(K7CSYG|27I7LdTb%E`$oC@9Fu zC8%XEMR;GyEb`KMVeq28UHehg!Gj0w$_9ISqT9x?#x2dw^R5bQoBUrGM1}J=<7Nx@ z^pjEFG!C|mJ2?Hrxl)D4b#3w5_3JNHc=U36SZEI7#rgR7jvP56AP`h3T`APHGRB1X?-!MM}x|bfzP1*d76IC5m8aE zzdxu`KOQ}F=xmMw9{%mN?Ck825ULVS&aTMLB&L3uA(4(knn1q8hYt%13Ig)v?^_+ACkv@yLnJ{(f>)KGzuyLfn%(#X4Et;}a7$HZ~LEgec*eV7!H6OVuJaq_CQ_1x;l#)e0-&g8FO99&#n zEG*dGds$e>j-T>)T=Cm((t7&j<;R6wOYIh7KPD%!yRPCECnnIvox&(7Deq2wI*6mu z(b1vpPBa~|F6UpblBqxJz3s^nzC0dl?ktmZXBu_qb(wu1O<;rP`f{@3z2(6&`?S7G zwO*UacfYNo-Uc&pzP>s3c60q-s*8ptgx4O4r9Gl2W-bavYPc``D!bAaLrhAc za@d^lw$q*s2Y%+$8D0E>g0V3%Hdn5Qn7{eb)3ax9C>ya&l4QKLRgsLc^7i~#3(n1z zD_2bNdj|$8FIBlPF)^JzdlqoV#=kUX%~5@K`mx5|klloWKK~QShY#mwXKM&V9b=h7O6H-?oq z3O^*vpA&l0-)|J4XKnq=-=9>B(Uz2?+gf~T$sN$m0SFGDs{6(HTsAriuV(-j{{H@& znFK0!ItnB6MR!HIUHn{BKOQ`Iuv<{aVW`}(H_sSgZhNNWqtgk;DcTccOVJ%RB?B`7 z0c0yLUcY{woh_uOxCz7q_$Cpr{o%t0z>3lTF7z{3l4qRxq~U6Ws8$1GW9kxYqO8}i zae!~iB%x1WXHk%mxw^T-k%c0X6WnJWZS1=Y;-GcDOwJjGi?c!7YashWtcP`!SasndzSgt--BVMMQku z+FYN+gLj$f-*^0ao_Vd(v19Z2Nr|f;v~_e+WN$sMt=+D6Tfoo8KYHXeJ6Lw?@>@D~ z@h1H~Pp0s=})OYz^MwHwaO_xDio;$?Jo zb?F-C3iZv+hj-xWXU@@j>LwyNQymVvpvR9N`}z3^>ZX7Xg31D*V+Wl{QIO^5=NA*3 zi%w19l=f3Qr%p<;bA59iqYrr0YAq}(I{30iZH&SCiLvYL39gtHou}6)g zjOW!oPWChYlVdwI^5^g0zs1GkD~Yx@Pf(pVFrWf8QyH0_zNn|C2d>392&M}_5=h8- z@d9gh0R-#3a8GNLpl<+<4%!%7(3u3usaSI_<0==&)2CZON3VWN+3dMs&ME6`-H{+A zVbjhgVM7ET-MYu9oNgwG4HkoXeu@<+8|9~{5&t$MGL=+kL#E^;N;8Z+~= zXCqTnQ&UpROihol&>Uj9UsZJvn=AWlMngjb7W_!+>D?W>{we{`&MzY(OTTs#eJmCSM<_rS6A00`McMl4`gO$#vV22 zl5ygRXpwiFv%vW}BhU@lDX1Mc^7E(b`1@#IQc9EGH>O*Q#M$W1pFfYsckS9WP?esZ z9>_CazbcA~iULju3*T=WPe`WU#rjJA-$mkt_qrNidg5*}|KKNU`Y}Eps>(-ol9qh7Xl7q*GJ;r8d!|h&$Fo#;>abiWP+!iLLFVH)V zu$#HE{Vq9H!p0u17OC+B)iyE`kK!mJ)dRH*P+Z_9CnvFh&vD5ET>9PjyR?}kc*uUy zy_066!zZk3MQ4oHRuhQY+}QB*_rDBMbl||HOP4x+1euCvbx)z6^W4MJcWsT=7D(0! zZk#iw{RUl#OjOB&Vcz_EsWeBpSXU_Z(n!3|t%lQc5*NM5ztKwc;$P!#qNB-ANML2u zGP)WY4*+7~5QvI?&{kG==`A~GBT&Z?=^LGj~+dGA;$p7wr#xJzE2cO#>dw%Fc9y$L3@sV z`f9S#kq;dmfj`!sJYjL#2gLfex!HHJuGodb-O)UoGoPzmhagccR#J|(iI+NXAOkYg zV~OgTn);s{%*@{>Ce#$TCVy-z(uVEs{rnkC>?EuH`SW`|hyGn!+M&TvjS9?a$9anT;e59HA@6T|-%a;IJI90^N#CqF4LBml6fXp z0A81P(yS8PGW;&*4{|DSpC*zg3l$)MS1r?%ay*pWmD+ zZDe*~mgeqHZRmd(f z^gGP#YnEoH;&*WNA*b?S!@93b#)@8gk)2JH6;jq>8!TlhXemLg!0oCaN63Eh;@9TC zVRVMtvS6FwX#73*7X=(&RX2~2s6t36FP=rq!G{8`nHlz4 z&)3O>sEH*)1B9mHS?@<~)A4q;@Miz%74A4Gjbf%ptv{}HKc5}0-3HP+efo4rXCos+ z-MN*%0`sF$tvHsCz6y6cTioqEU@)EJx-ysU@85``x>J~EnKmgq=~_@x+hRnTg!SiS z2|s~8fjwRuZUU&bwzj@AyY^x{&9Nu$7%9~w$U*o}=!zFJx&VFs>*uQ9W*Bmdu*|)^ zxEvD`^R}hMKa1x z8glFR>wJFN)^Km>m1{RUiy=eY`PoUlO~&-SVOG8|#;<%mrQM|7=$=dgRg$xlJb*&3 zVLs4a{a6FuvGfu%+>B%$O3h@m0`-6tO%d9rhnWgoM)2z`#IsD;!r)B49^nCnwv=@oCE+Fm@oAPRakNmhf0{sxq@%x2@uDfB*j1 zm&y{8d;LQeMKAbcNG{OgI>_lT_Znj9PCqdq&kd;@L+6)$t>v%YELBfTT_{%5tMKaJGw zUar3r86Uqo8q7^YMsknSYe;q9LEexz=_iAW2OP3LJdTU&2Q}&~^(XPC53=NxyUnKT zwJ~&~c85V#mA$3t(iHg8Mk4L&<>iGx^40z3v2f<|C(}Us>T}r%MK^}u;OL;>?25=Q zYEOJ)(m13V@wzBuu#wybRHK)oiIJb3mDqPu=Z~%?RJF>C88+Q(!H6Cdvq!)r4C@U+2^As2B^D|qr zy|pUpcW_Zv4XCYEj%cB!qN*FGX0Xb-w=XtEMHUjE%j_Tky5mqe+=+fS+f$`P%n3yw z^hKwZ)<9;UkAXWWrJA2RcObS6Do0pY7!=Sdmst-_PdHlx4&~$VH>3CT9PAdO%gxC- z1l{S#k@k*`Jyc{?MQn{?P~mZt00(SrKT&Z1{MlBZXJv8@bFho?S5R=B8v#cyx%cln zN4U*odYQ#V{-#9MQT=B9_joTboxgvbl~O-WE*usX{^2YON^U*m-pg@RmnhMNdFlrLtm-WA?6&Z|L$m30+d2Vo|&1!^8+pmB%H|Tg7^ym z2WZdJ)6?J24;u3k-RlBjW{%gHuB}!t7@R*3T?={*)FV_LVHO&?#xI}&ii#%*1mJ2Y zD#49K23GTotkpK!615~+y-fD~{ap&ShRjxEaRb7{a>*}IW?6Hq&jjiPO>qKo+_Tup`UcA6F0?LB?tEHs{ z+o{Xex@5pqv=2WlE#3R^<3}iGe-9ChBo1Dq)*bVPxd_z?G5`k$hux%QN&2zVwiEQn z*L$tSVOFA#rkP&5c4(34vUogD-qzL@KqXo#gu9QosC|Mr_n4A&+;FZ-6}G*5M?d%V zYdMHopb5DC6FM!}-rAI4UxLp7gSslDKrcwvCB1N9U!-8&>%`+XUK*E7RQ-7~Jy@2T z9Ngi5L6Da*gX?|k_+LEd>S~2Y&iXl@t;LVUYjZ_Rj*USiqj^%2cU>*XS}s{9w+8|- zs&usG_{_`$Mv`LElF!IDYxjv?39YGeFTeoh}($eB+k&_UAVR1Nu{ngmefIHgH$te=* zd$_1zsx;tz=EoGpbHdT{^Yg0mF`Q?DgB~+xnI`{YCBRdfTlI)jffmRY`OZQNYVSG< z3`z_(ML+;ZE#9zAVoc%KUDO6Myew7a+zTt^!MA?t&7qn`u#K->0SpMB+C zlcJV^nlKB*B4&GwmS#oPt89wJ-tV&d?%(o(BjXo41oBTW;F?_d{8kn zy0FG`Z%$G1!h*3DM};vf2!2>uC#tG-&MXOd^@kZag-)tcIAemuRR&cX+#d}3 z8nc4#spa2atKhog{`VXJ+_%nsrL{3Hqu?wzfteYH3uh7;==stObMvu8 z+1WmQ=I75t_1q6mqo9BqrXJ1#V+1AKJj(e_M1~2@96mff(UAz?ifs$w%T)9gq&Z2rnkI338cf zXX+ol^!mx8M`F%DGz^CNdL2rs(!IAgj~_m45B_B;y7%2~Ha5VVdzt#HOMT|4%HAo> zR!je>wO_w}-ONh$a{u@B?g2hNFPuBASW&=F|YSl9pk`PkOBK9!Y9LC--} z^r8FtnW5Kra7%E?S?9KX~(^_BF$aUYgwjRQUP*Cuw^C6y_+e6a~H1+38<-%Bm^0%tH5sjk{ zV4DJnAKkZ`^l%$E%%b~d>9uaJ&7}(r!Ivj3&!s6bH{7PCp&7&nymLoNqX7*8D8?S( zQd^*VXh`wp0NHl<~2f=pgQ>JkA{bsB9WSYD@s&x8& z(jHg^L>fQ^%+VzD^53A1BE>Ok(ACuiw2MA~Xa=0#han*vy1Lw8l&CjL?w$}SV`F2% zbz)=pI=o7=Pz5D`WUxK^Y8dV-!VOxPpRfdX@7^`CANh94)D)7YiOC>1^#ew$BBKh) zL@~>T!%rSHa6YbJa43Hnul*bl0PyGg_wViP?eJSO^-pK&Lm+>CCUF_dc(c-!A(*uB z-oWH8-sh+wDPdu4LG=5)Hs)LU;;y+U>^*9zeuza=MTO{gI63ORuL|T@eLcOoxzR>E z=0hwr0#Q?7yW`_~I5{~P8Ary({3%b45}72hTbRj6*h(g-@EBD%?ZA4d%;Qs2l}@9C zPUrc{=(Oot>${XU#IAnWuaxRN-7CVwo7kbFtGkPi?mgv-=YqWbs>GsR$9bwJN%F<1iTLM+L5SL=31A|4lMo3tACkrI&%x`30r~b6d z7UyQ1FwA`Ph>;;U>ha_6lanoD^CA4D zrA={)`;p#b4FjfylnKs(7v>qbUvB}v0xMTpxfVYJIYF+Gl;fCJwoX*eSDkJn*Hg;r z#@05;t*T&-jIYld85v!=ly8`O;>>p^ne_DZ|9F9!>nXAC@i*I^)m!}R%^yO`*s0yX z;BoZ=Q90Gs9yoA7Q|6vadn(E~#4QZk<}Q5eum13mDr^7mH?K@1RGK?lTSpgGNqp0u zKYwc>2H*g*J%n}_J^lE+YmDxC;M9|XT^@Vgp^Cshk368>5L4B4^fN`5Et5nORoSF$ z1}`BWPxw-kur?{H*|4190I+d>H@-s- zATs*en+dTrjH8$F22fciUy&iUIV+jwHbG-r^x}oxPOA{mc12N{{abjpGoUEr=(9}C zOgzXIQg!%HcjP#uHOV{ZpZ0rrcpTYW4=G$8(y+R>$$QVKXy2flasaM;I5{Dl7pJTaO53=UCnU4VTv z=dLw5GIxnCRg*}gb`}zg3JGQB$IbJkfYt!Njj#421IN(E{|<7cbu99b{xw=Gor8rJ|y8mGb9}yg{VZ>)S!C zU60S9cg9~WW0c$hHz2eB!-9j(M+x#*M~vizXB0fH^s`cnbTP_%ojF6_DUN6Y2o^$g zjbb4OiA>hk*Dtc3IdK2|_C3}+k-KM3!=BLFJT1h6`cL7HDoH*`nUx(J+@j@XZbCU{ zy8>jLZ(Q;=<<7ia;T>iZ5(?AW7sdcg`uZeHs7%pTMRBTp_*jH4NujH@#uOC1P$$Sq zP9R$5<)u`ZKuE{lM$;FK-N(sE-|7|9BiVkR=c%;x-V1rizz9KPyFTk%s!^)IY|@|| zoL6GYVQ>{E)vsR^jtO5RPXGTL6a1M<5!v04+}y*lZL?yp) z=_3dUB>@`&{WYWSR(AP`QVP86k*1c%{A@wdF)`q+2xR^RGPLi_BbLyGX=BFDbUQ!# z@P%TdJQOzjG85rwyR4*xbBAujw?s(;4jeeWqHmkbUm9>wr2fru$e&>HP(0k79kaCK z#hrh=g9;}lCYR;d(0=pAt8U5tjt9RG?{|OXul4x?st-?}PC?)9OWw$yP7Wa;1#iv! z-|tI!pFbt53L^t`*)hJ^QZAKtG^Km6!ZxAW0=I6$b&QYPt^C$n9D)G^^3kxPZ-fpX zZoJ$*Q%Lrq5q2r=nK`O(CY#bRHh>5au{W}TPVd)KbfQ}m?Z$-`zK97*B;sEyBmv%cJ;<``ZJ73YE@C04oJm!q47jL&DbM9m)zey@#dX-Ru8f5+H`L|C=3r*zUSd`THDSu>3UdCWye9u zfKGGo&GW{_*NmU#hG&F7W}MT1%-F+m4G#-Ix5}!SCREkx_@~dL@6LV$xB|+8J{7K( zo0s?H)eUaG(u`u#vYX7`727$sc6Sm0(3CE}eE_c35bVNbLZa}}y=DtgF~ovnb9j4; za+80)A)JwvO3b8AkM{B55M~=$dGnRU*)j@%z!0`7vs0 zYFHB|sL++8H4nzNAu+oXoXxZ=Gl9t_$zj?#+Itk(u;htO7Jw~~$jl5~>oKGl;7P)C zy5q7^H1AICc>7!3C(=_VrX8~X5=P#BI&|)NKwuy}Fnjm~?nW&yl{%4|r=nV|_1xTW zYT(Qszy2jo^4eqAtUoU53$dU8pgXdLjgO4fSrtL8Nly_ERc$zZMT{-Y9KFf!xe4wl z-;gvM`sj;G?1~Bsu+q}=P5_U9NTWs%FdOUM%bQT&7ahP;fuixoy7e*8i*({9OLl9tMd*ll~X*KxcjhZnqxu$cGwbtDN2u7r3sTp z?cobA9llksLW*_F`o$!=IH#+rr3FZw7$0wJWR%@wH{c+>_%ih2!wKign58>TBYZ5| z&v8Z$F9fk60GnKN->-+A@X*ieuPVLHY*i-m9npl_ud!#JKYONt24*Yy*R`5~Q%*Zc z<`_~{+N~{A;ip5Y#8;}$PAKYVJe`9^}YOBadQkpm0pQn5emb^86?JpSTyzZ zKTWrZ%A~9E#fx8gpCDz=ynFXWUj_bNDGw;^*iWL&p?DH+AFzX4hV*T>NTla0e!Eb4 z;%Pv@KHU3`WTUVDI3r^WJQCTmz^y7~DY-#ZInX&e1_q^@-&HfHL?68bmqHW*j3EM# zH%vO_d$*{F$Sl^{P&gX2flJ()>Sxj&j#JqDD}r;5d)gf`x-=YeLlP~IT=cA-p-T7E z$oNuVe3_iC5i3*Vz3r9JwE`-Nfrq{J#VJnMnSiFC3|lY^_i5b=SV)36|7zGv-hDB< z=hevq3XgKw#b*+wp`7j%4A5-8;@ojjQTl4n4K6&U^@WehB}RGYa}5!=G}7bvms~!m zKEPNlmcMm{n8^_p`p-a#;E(866;cdWM{>?(*|f(ov9K)mnR`QaVk@{pS8rvbe1hsw z^!rS$ShETzNE*=B?OPuo^xl}KB>Y5d1ly&;V^y3$)nE?Jx8trM`IKi=M8e@PI)99c zH-v}0PhrE?oSflgnf@9cU#IUE3$c;b^`_eScT%=L9$K;ml+??P6155X3?JA~ICktN z_yy)1QXq+7H=SUX{%hYn$TiXo9*A5Ml7h_U`WZwM^~g*~JM?${6uj|Eko4RwkSc_4 zcDkuume*!&gBZ}=rBG8293L(u`q_F9NZ^6#vt zpB0+ep+kp|inBc=H7G`RAW}mv`8PPUi<477{9cs20hgCsslXnxGBTKac(7mg)7P(_ zzdq++XJHaWX8(6~h(K^s^Ynzkh1CHaD@}JA3etWG?u*cxzv4qTh3>{YOIv%p0w4ia zh?hVA_3O1ynOblNTh74e-??yLSD}2sIw1&2NGzafkoeZwN~T~3;nzt00Oer?&V%~v z2`PB2%z+4E!5=WXL$SlJyTY0{zP#zOy?y&OJn)O~v!83n^D&2p^o*PBc8m;|>qM-y z%hthF+_KR(Ya1;44y;hr8@DoNHq~*OMzPM$gtgJ??X7iauI3)|9yoen{H!lglhqS0Z<&W&j9rMQ|%agR8df;)6B^@`J1ng0J7O>G1LhCgKR=t%guv zp`$`e_9LeSf0n%R{>kUh25AU)zI^e5hKfoCAA{R_<0kqRbdeb-W!SR=0|R(Iz+r=> z*Y-0^Lg9jl%NW)ymn@2S87hNeZjYWlsg(9BGJnXD+avzFa3JPC$p3k_GfE)fc<@c$ z1tN`x=RCYG&TKC&EnR}j@^`##8$R#_D&0USw%j`e>6|g9{lW-9GEh?+S2*!nH`V(2 z5h;UhfK7&D`~(#VYUq7$txWwrH005mn>eK4xPZ8sebZ2&kUD6$7O%QJwUhCKOo
`{WNOat0Qydz=1JDKgB*ky2?d z^~G1$@z~%OP|R!<%xR0!VX%TZlq>+=_&&J%e5wZ`TdhM?NlsByFzjdJ;`%*1JNx~+ zGpx&iM+U;PeFdqid|Hq#xc@AgT$mreV!l(l*g>*fh0Dfj_%y-?s zUF|gL*Ja!O;lmaRuo5z~a4r#~ifRpF;6yqqHZqclkmu zG=WOfH<&uw0lpuSWDlr4Seb9(h6A*N1JU>p-VIe{=HNgsAE7c#nc3QAt7TBr(%wU+ z%`nd>5;EPseYCnNe37N-(@&o^w6sw2mb%VcrR%LgCWVAjJ^yy!PTdG=2G#T2SUE=c z397*c{beVY3|vLet)w6$!&dWYjaJ#X++k<5t+2YpSznx5=+;%XWGi=Hva>b#!qPalunLX!o|MFa4Qz+^ zZEc64582Wqc7&jYZmJRv0KH*sdVikMsi;BO(H}qwJA+gxVMTqef99C?ikiCOru$@f zrOj#*-u*;{>A2N}+6Zl6{(bae`s1I#8c-K@L{gN%=H})jthtBs^5!JL4uJ$T_&*)~ ze3PtoWMZNm?UceFLuY#VwTQwSoYNl)p~Wbv_Vg%| zvhoAgf0WExCL<|odA*KQwKd3&fY2ZW8*FxOA2U1q>db(|;^3+MLoY4CU=f#iciHY! z8f%;p3JQ)E%7@bbW)MOmgR})O$p$S7(|sPuIp8Q}m$)?AlT6qmAFg=Fo1PfwK<>8C z{L9fC_}FzibUjK}O}+h<=O%sr?3>=`)t+t)>o!VZw6JMu_$aYc#&!!@g?Aamb=bfs zuh}|m8}^uyCt8zp|9&&U_`*@2*?Ue-b6BI;BgP0g@3VSVFY**1P^{Dvzn3t4|+Mk|TJA4wNjEN(QL@DMy z*lQ3O>)e~qPGs`ahnQ4AJ5J1d%fsN0sc!)n9O${xlZBEyvMne&iNEDJg>am%$sa$` z`XnS&L&?hio3N3(8P$swQdG{3RPsOWi_fNp~3^{}N zJzOmggrd5ySXimVr>bGh9YQj?t*Gy>ef^ z#Dh?}{S)O8?{nk!?L`QbJ1@w}Ds9;i5EmDRnYM4W-bgP@LK}vn38IVrf3e)*(9xs8 zPd+@aU<$DY?m6k|>WT(nzAfz7C3ez4or%B}Bz4t_!PIld@5$2LMNPdE2UeV_HOfz{ zI!(@Ey?G`{Wb539XL#pyNs`u-PiU(}R zz61Z`NkGDYD+h)qMW!JshcsWfnwF-fJJpaPYz%LVhsw1VZI5psvJ<*Oiswu*Gmd_#*L;vY$O8 z>(N|MV^^-&pJVU~R-@9^%Gi$FaICFe+S$ObgH%@lS%g%NztlE09?BKJftG;4!fLen z&vX-;4uMba7?T&wJ;}G5Id>IM%Ru0|2h$TgGRP9<5y*T^t2H88zC+$CbEBZ~NIXEY zM;x7jiGXf^Xag=0At6R8GN|$#;S*SA4<+u#La=*$l1fw2s8&ckQ1{+WF5LK1ffRDl zTdMkci3i8%h9KdfLjf)osd<`1i{c1JENjOFj5{B7eg0<_Oqh#z`DJ`u0l^b*ykVEJ z`;2N)xUJLFN6ghga@-5^AKcvBm>=If-amdtef_<%_o(fB)rWWQb{6`3b69%Rg|U}$ zcxi~Cg!GM_Igj(F7|lE^zf|1Bx|aR62+8oX{DQOi_eU#qvyP7+gA3BM2JBPze?0FE zoQi}WkH_8!dH;po)I?;B+fq>*> zdL)LJLlBV$kW_?2524yKJPPvj?-&Zbt|40&>A4yU(IyZ&T3oyh0Sx1l5HUb1fBv*BvE7$M)bytJ z%<*^I4zGThV6@;ePQJVQ8sIWy7dVZ;csn2%Li(%TcEwMFru`f?T^W69F?OmUwuzG0 z^erq#3N0HQ!h>ZtEo!Lf=>vJhBQ+L5<9_`3fl$bc9=oeoC*cs{LfjIu2D#+xZhKXj z4K5TmX)OuzZ~b!P|6kq_zz;qH3~m5J*cgZ*gW-ao!IN2$N{+h6btlrN4i_V|Gb2RwwIt^IsHINawil_@E2G0d{l@h!H!t z9bz7;`V>&`@ndGB?vUDu)&#{0@HtWCkd_T2yre|JqrpN9UrJ%k`~A*v-64{PyCG0^ z*?zW@VmXI3>1=>|26vez5K}Kd5k;GtV&~v^KQ@op2QTxU;COe3uUUN){JdN>pevtP zdicz^8I1>beE%Rp19!0M{qx|gr&k1){ICRq*`P$ zG|=?mU)~0h$@1^NIrm|#KG)(dIW;CuA>k(L+;wq*pm_}wt+~0=_+oSVOuV&ZtP530Y!^sPiMzF@H#VZ_kR6a!=!b` z=Qq){`#4Q+Yi64cOBpR$9rL_r|2=PfVk2(qK7VZ)HkpNN$$rOWEAS-pz;Kn6BYR3io z(F{Zy)^Px?55EaN9>Yr$!%AZ+_{_-1lve*zU9Hsmo@{D}tN}?DLmpWlPY&_%G7QBA zWcM2V`t@sP(i4RdPK-~&eUm|cdx|<}4 z#&g1WlZZ*FMs5$*R_KZKZ2EvuNRMy6VocCek;i%keTSpp_vPIgav+*Ij_PJs41u#A_De?5V(9zsHj$(_vn3J=!9~T{l{B#j}vV9Trvc!Gk z#vQrud7iQ1)K2ep6Qw&^TGWN3O==#0rR`!pO?8N+{1A1={%)B-p4Z+3#aGZ(0Dfqa zb@oz`xeET0yL9#ALT%4f$VsaD^C8b1yI3;2r;xcW?s(-86vIT_W5hFYY#`*$XYKt= z65S$M4|TG}=3P-^r@mJG+gM$IGBOB^4eu5QY-i8!abS|-px?k3>iE|qME>6}av{Ls z1Ffv?Ymyw;*5dJSC*a;#Jx@KZp>TTd)x2En71=5SS+}*|FwE;*d?P>%tfo+Ca zoh3x85a$qLA()&5*um%>W52B=5|IREOk$cN9TMAyvdPa-Cr#V#!>_HW$xIUn{#IT_ zcWpoJgQ&=;-Kr=-Fk|nA!AcAr?=u5o32||3CFJo?QGtswTI(dUll5L-4u9}qad{cZ zF8X*;n=am^8{gVXO^s-=9LNAWIXT_D>C5F{(>Zm!?jueCkRtjBWP+R?I}DX0TFS-s z4O%b+6nus-O;dt&<5)hoQx+)2j{gL~BYi#ajL7co;~!XG&w5FzsQp1~WD8sGXVWLu z8_jtHEl|uPi5Z@JgVvSmi8$gP~SKl;92U=d_AH{UiU3_25 zPoJTm{QU2U5_8RX}PBU<)}S*T#ohY-uv$(d^Q4<@3FD_{^=~T3ByU0a;~CobhMulP8NvTImTrfn-FF zx!~qz@|S*lYgEg&?pmGE`tsnq@${!W53PkhPruy0TW382RL3PS-wqN80*My84jmIa z*1@vCHu3j;X;ng!GbGf7r6onL4cE(OY#9rostsdoI$UiXxg~@^=L^g#l5?-xNNzuK z>j*6Q^KoDNb*E0}-&Zk2e`qz}sUT1a_s#{}gC-F4 z?FlHOl;Pc>3nziIAh%quS$j)JJdj>*fnnkBQv{ugqX}mYIJXOBP{R*y5*lT=|wqU^!8hWlD zIh&uYTL(|GrWUE9p643I(nvp)08NoLk0VfU4yqdeKs7sMT^yMg) z95YGabY)JX4fyMefx%AAFnS?-Fbo(ipT>RbWMP^yTz`nzlfb zdE_@&j|R1djrBsoy0WbHm@!}_a&#ai-Fse5_}>^lY-9qdlh)6lcI3f}!dcU{d`}}b}=Nx*vhwIwc-fOS5wz!c!KSBFR*cR*{ ztbTYz{AcCSfW_Hno8CWs4Uk*;nHu~P4AWN6sG z`=40RwKdT5A#$Q(C>9J(Ze(Xo3Xh}xO6lIWRL@dOcl78i6nJ`>SccqwwZPG_q*x_N zn-)0V%!Mn5!Mnr$heC&4pOb^d8S?A9cY~Ws24iFv=wl8I5oqJ0lk8j3p;6W;DqseL z;JxkuwWWGCRB54RvZWM@4<9}1-Ba9hCaGLj`96!GiB)^r>^twu44K?`$s+kUa%=9p zr`)-LO1>%Jd7r zmTFAh16vCUCtax=d$s>sOFab=u)Suq(>8VG`kq$8S~*~rboj`TWl@*qTOJ8#8^015 zX&QO(j`9K07D0<9NwwT<9(7`QS>WP*)$zq&_f$>pZ=s&GcuXN_8~}moj%D2|M|?T0 zXW1p!Rcd@&wsCj6q{J>7`q*tv9X6~-PVa$|%bi$g1kg1yGrVTFdsjd4WK$B?nO~67wZKszoH}S9#yr=dS$i-<*y|0q=*m?QBmsa_e21 z&AkyfSFKuwVc+_DhiRHVvKSvxRE$T$bvO|O5$A0aeecc`J!q+ACwIDUmDHHk*>iVv z|NeoF22`3p+f8gu=orw54Ni?&mb*aX z?f!(klBK&ra-gA%%@xg}bktf8n*GMO-T(rVZ$00~caFjs-2d1qEbBC>T>(*VO= zP1uCoKGLs9G&A4dchc%tt8JZp{YIEyIc~d1XTU*3dC}20gn-YOfJ>ot zFt=08+}`WW72Ine`Sdj-gN~Z2=ql|S9`Z6VVbTTjM@#P5)XmrF2MLC(uj;{r zTY|oE8iXd0KhzT*4FzcpiXU1f)?MG_)jA?>Fm8k1US2pIu*JW&w-e?_f=L7k)7TxX zi>g&R)T+9^uzs++s-}iz2?!agH)I1B2A&TeaIAP5@nSmy1;9^N*OSg!9(v0ElXLOA zIPr-B92X}QTiz&jj$QY`z)!_J#744f56%xYo?IrzL!50KA$*`cDTiHb_y{_L4H>t* ztXbE^aXlv zH8&SG`{8B82ihN82Ede%I|lF7$H|f~5ZL*^bl-acO3GitztmQ%L49uXkTC8tHh%i( zQOrcGXS(_I@>ux6k}MyVoOKWl7Sv%nS8SxrLreDlzS5G`u+Sm>GG9h@M%FBR?OFP5 zIxygd?BepmL+%rVkmT#oP`wTwXno!w(zG%#|ls zZ>YCNt6*D`dFhwDt;&(JeQ*o~+?1)y!_9Lg8f(~6`{j3?!2k8sqxV3(v=hd<-Uyc$3tqJ9 zigw_fAg8blMVH%7|4A9%)$jFP$T7%MraRutUpwl9j$^z{8uXAe{cTEXcN)4UStU`p#AW(@d^;(qj2UzDQvQ zHkaf|DGnqGiLtSvJD+8_OqiNTRsBgeQ;`=B-KE}PKL8Yg^_;D?kL@prJxEm2=kHRI z&aul z_pR?*`I~zqBCc-!q;kpoj8f2&Zv^1Zz?;rlYuuVoSX{rByS8u<;SYVx%74vTMeb|e zNyuu?z&Q2*=*3;9QFkyh<1=XurX~~@@@x%=_e)>yGqcIvB{&4@i z8^w5-r8q2dcJ}%%Ypg0^5(Vn0u<^e)i&LN0?*)@oKdo@If7#y0S>jl6W;rfbrUjT( z(pxB@rk^*(-H4za`BCNl28g4|vSHijJ_&({^D?n0_Ro=c(KZv)c3*_KUKw+W5_UzO zrL6!{C%Z%0cfc`273I8hKYs``2ABYIr~TeYF7xvIL{NGtP)TypSubiX(y90B1 z^j>Xh;6!p~aDZsbGX!8wOib$S|1 znB&hF6A{eNtU}qxfxm^mBW6QO|kB9yyD29XE`W@qK3q+KgND z-4MwnZmhJ)QEGsXW|8y1pFfk8@9U;GDu8Qoo#N@t0Vt$I@2QCgu2=w=WREd2Qi^kG zuzGR_mZ-S`B^hMwPty&@o9557umGKF-Dv!`ETTIy6>O4h5L4Pc4{+uidfmcH)K39< z**5xVX;&Z0Jd==eKNnmlb0*kM2lxujd1iWgl0$ly$CzF3BKPg9^)w*FV56+A0I#$V zd!MvFA%dkSeTbX6y}YlxU399hxVp94QPV@-j3cQouNNj<|B-Qhx!}BKK~J~w$60E$ z3?X4%+th0M&0V>^aOcjhV?4Xh&#y1kjw!adX!v}`@}xlcqy%Q=S_;3t#J1KX4J>;77zEJ%DDcv>w(u7#ZJ`^s<5Vor~_Yw$r$nMHeYcrtJqo(=Br zAyQBJg_oet=EmBEJ~OoXMVN0iE~uMrHh)y3#R0Y796)h#DiwP6ZcBh1bvx`vH$6?x z>tCcv!T^apZuph#-qG?;cjxu6k~H+i%L>RxGQqQQVoz^7On*_T3$%-dSclp76Q>Pn z$%s?&eOI$vDx#Kf?*c^bb zCn6Oekat-_fj&sM+Zve;Q~5BcnJo9GIjiI@sXw8Hf6Qj#2-2p{#;^M3Fj*?XGcV+` z(R4Gn1ar;RvAI_gd&zIX$E*g)1ZBUUyJR;QWECXLQDer0RWCA%_x<$c>7cmL&DU)Y z$_J&^UFl&J?iHGJ^yp)tu?VU4e*e)t>*(kZY`CgSXJw0v9KhdEa3dV(F`GB@?%VpS zHztXT`HHIlezE<>^SHRUGiS80jLGCQp~@E^vvVswyhn@wGzLrsCm2wBz{lb84uzKY zyR1_b<|cVg4hjvdJGX%DA`pbUskl!d3@#`X?tj(n?G z-&XSlr=Q-jIuYXQ6)?Rrm!wT-S-2Lc)OF;C?P-HxfG*5Vr=OghT!{RO7;9;$jp@el_u)vTz}WbyJ=;Nh(SABWy0>c8T~Ev;zb=c z)p~8pSU79ltKmNFr(S5B>n%E65*>&y1|sO>*d>2GGm)~LM(&JG7ET6{sJOV8)ke;K z0r_9+cm5Ce&Y44e)6yzK*2`ynRsRXE#TVLVJaH*e@*u#sEuAc-DtfR+#(H6^(~a&& z-)`ik8=6U~tSKG$x0}{~zyMT=nB9^mlKOyx_+4FW6h9c-EV}#{Knxy?ok;j_AOwId z1YZy)jvUb*HVj%vmg8*AXrg!i;`4aN`upe8=OrtPxqI2*wYa{Ogwub)1=4LUo)0rn z@+ibexeN*q6yLw-0nnokZf;`J@$dpnCe_AP%`qdz4l{@`n9u0xRaaH5h0sHiFmZW= zy0pRgeR6u<4h3gz#iyO;Yz%_sN6a#@$f$FiKOZA9P-03=LN3PwuM{(RK7oOh8>pkX zGyD-={}vk(e%NBu&$C~a3}Kbn>A+7ySLtukC9=C1^Eh@9cvr=}dmumrW|<{Xv=*_0 zKzV2C0S=Ctc!k6q{RQ=#U3)ifLWpLtclEFG7C-*Lvk3Io~P?N_~34DR5f3lupg@p_7f}j$NQiL|6jip;Qz~V z(_Xm9+=C!8X3QL0TilnG!?0eh4(7JFq8T%0z#{sv&sy|rvPYHQ1Xb}+Gl=__F`SvO z_9ThtwSH}RW@es;eaqkZ>MM4)8_mWa1ga~AEf1Z4IepqJxrW0GwJp_fpFR42{aoKd z>VNa5!=&#l6Mety7i&jWh?Wj+zBuu3+vuW`?#`XvoLD8}5Ig*>OwOJ<6;$;$_3T-Q z)voFD!G(JD>SY&;aLdij4f%4cb#CqQ*1(OG?e*Y(^OmM$9kkO@u-ECQ?yeuCtR6OM z+mZIOY!HeaVFd~$50wO+8otIT{?nT`O8xsA;zGnF;((wXv%14Ywv=wqiI_Aeqn2II z<#QwgXCKbUkFJMPZ+#Y`D>V(FeaA8DlyltZ`SU%4w|4*89&HKq2e%x$0gvu~{wpt= zjJISTnVVnJw7k93job%}n}q11Q`*I08h=iPJEy!3!KChg6f{;hM~hjKU6LKg5GKG2 z7e3}GlDuw(%kb-0{g9P&8c!IU-?ifEr>(iGqh`B7Lil<3RG!Jf(G!JFJ_lf@JIxMu z-v7!|xY+#X`l~1Ys#YMaasYNBcAq#%?Le;!4}H4)ABs;6dmQ+fns1DhYH!n$$A?2E zHni1UoU>t<>xB#49zK06lB%i;>FHSKg0bIS0nv$(4xOF;*e8lTg= z#^&HBprBg`=WWN2?Q7<{7gy(3DVCOJ2K^g3qkDTOIGZ^E_8iSXmJl6D`E~3z6#v9j z$Ojr4#fTtImd9JlYVL$>oI`h-{P&+XZ`7s)VBY-~b1}dY~g-?+GJTi9n052AL zn(Q>7IE{Zu**|@%Z1w{v2Y0w~9sK}V$&qY`yGs)u2qxV2dgZj)$abN?`eI``IS}$;Q?W3U!4;19xe6O`)N7WF?( z+crt>T*C`QXw9c=l?z>4CnrhiI}nKRR<}qNjmf-nWeYaIOmv8^?D+as^TXZm$y=>O zuJk7zJ9PBxT;Nxlp{pa1mW3N!z7!XRxD!MtzeNNK3G(55)yY1nYejUHgHC$6yE z*7e?ih11;rU>kjrD9Hm#q!e70xV^*V!O##CgxyFF;LK@;==8fsDA+$}(xJnL4LGnQ z8)f9=1e*?AfIn`=L3%{YU2?hiuV2@}Mxq~vNBj<87y5tmR%(Bpv7%{_pVd=eB0ZfdJ!*n_T1fRkU#%6K>-BsQQmL4p7KePt-IvcZ{8fH)Izy`V=J$a)Rncy z1?49wY8b$X}<|Sq>KoY_l}cIe)Qfgy(Cf2jDF!p4DfYy-o@^= zzkm9tX?$*@0xB|G$NtjOdcwC6GPD^#HL)9?^2)?%h1uEi57^S|lTLiczkPbPrRMZZ zv!phJ4{L9H3By?z$J{=X%#!@*KEuVlL1%(0fc+-83;`Vhaf){=e+F+7E<^q?ZE7$b9zY`}Wx;7VvgLOIW$M)bTK}%1fUw z{bw9jD=@qD_F|q@yE-=O(H!xmv>r#sqVOuj&-x{u^uVc@@3#A!OoXK$v3Kt;80$qp zdY6(vbD&Xo!Lq@0{MBQ?8fZ_FrMzu$nvt>i4K?%ZNT-l((^(Sib5oVjDO9dSosMpCCkv8C;z>pE?(B$Ny$8C;Sr*NuZ zjac=TWaqCK8xa{!&sVPem_22nCh91k$HD$!(Y=<=eMNNM65sC7!Tl^v*RN zLk;xSGG3~xhS3v}anYU&q(c?@_7&}g3tN$uX+%-- z=KIn*iVJnBf4WN*je1+6Wg(fnwn=T;Arhx;+a~D6&CRGIT@Jp2Mf?mHa_sD6Dcr$c=-pO3$ANe*3#{Ey`EK#^=Y?^a{)^wjfu8>OMuc_)t zsfx{R+MciqQ6MXu;KSnPL&^$dX=Y&>+gnOXw5fo6J7ECsr|Jh2hbt9LpW7AExwLWn z+`z|RL=Nc&CMGA+Qc5qhz54PQ-k9a->4}NOp3<$Z22B}T-)4myO)oip`ZSr0&?19G7-fl1^Q*`A*AKnl zM=`>jju_W?aLuS_OSo|e;?}Lh#4yBvjAdf(w@f$Xp2Ol*TGr$#5rnEYIO<$o%u;n- zuppL77r%3b2=!WgwFKulq-Q;Pkow$F%j>$jGHu4tsnQd->TkTi21q~5z0&S;_5&-o zNrS(1W^!1QxhhYETlX@GeD-boPdZ~qnQFJYn7vq8*}El2V9jp7`|v{O+ff?3ZY|iU zB{F8o()RPMwRNM1<;_V|lny1KI+gJlYShAoV1?Q-Qr7}N(cufP(5O#$aNe7*ZF|i( z@A50hIcCR(0KF{wxFW9irjZ9dwrN0_NUnj`-QSQay;bgZd1oT{UJ* zpVN^ikBYCpYVXrCDdYfR#OF7+Pc|?(th}w(-1D`TgwxTGO)XpR8@PN#>H@!a?&VeF zl6Yk4&0#_c;{%=2=bHs8X-(Gd#W- z$!{9d;qhe=>Hhesv$Gt*08E#h<;+9rvM7rVjCS>MjipAoc9)ilpDR4JL@XogkJ!9K zr_9QS*1AV42&Wp4h8$kyCu{mehCKrm5&nkrugb;Kb$Hx`bkPQo9sQYtocbBP@y{>?-?$jszY7`knQiq#nbBl7SLn7bh=ita_?S@mN#!Uda|iFu^CrRRaFG-?U|6sgL5J1_T6c%gJl)bnYWJq!xVefb?bLM?C;} zR-d@IICueVp*vTAp#Hi@f`vHg?jRN;PIBvBwCdyZgkkYMC)REfvsh!GqH*cQz{Xy_ zyAXXmfj1LsUDC5;{iv0B2}7CP@b?3J)j7^MVSj!?#T}Su%2?v@%0fq<05UqU6(TJ$ zg8$K@Ic&h#vJJZNSh z&w9}?I1o146fvZ@_-Yfc;$~J|o@%h6Z!O!#f4`~OinYCbMKwnUANPnl?w6R4zZJ4T z@?c0&`=AXN}!Wp|6hjhV5CDd$O#lLF}VM+>Y zC-W*pxu+6R95V?a7vv7^6;!W~z47dlzI?gkl!~I?WHNMEX&ehj+`rg{2$vDge4jZb zk9$Q3vmt$q1Z#q&xn2uepA9N0Se)-Cy8cnzr+R07sW1Cnqbwd>o2+Q0da7zO2_JNW z?{rO)>T@SatPSB1qM>20-_!4khk_VZ+Kw5yG1(VIqIPgIO!;ev_aiH6GL<< z4sa8wPOW^p+v~)Cm-eb&H8i>Yi(Ujs#O(gZF1`vC8Bk7A$?9{w;2P!CIzG=XNQB2Y zMpxIo(({lgzfeIxz{NA!$E9cON$0EUnNUDVZ=Mi8L$WNmFkmj~+$D?f#{uT;8R~zTMv2Ui< z+OTB{5B|dFLNV`Q4Nu;^@-(L#NY0X`;Jt8Gd_Umy-?;6=w=m5UX%H;`!RkmjNl6Dt zzj4`i>`k_=Rpb5atHU3@qgO~J=sP<3%5hO=j>mfKfot$ywN9~^IdgiIlQ@IY+7!&qmc>XFk9>4XKOkP^)Xx2CQ;fB={(&6`QVH4f&6U3l$UC1j}Rs8EanDz_Ky z+vtAKyH>O+I2uxBCJoBU?NxVA)TJ1K2!Bs#VV5>PIV-m7fETnHSUTa6kvXT!)4tC( z!;JI5B5$Lhw|ZdZ6ld9!LN>SL9SM`W^cIE}#Z>)DbuSq$)_nD{2m9ZMhQ!W^Gq`*E z_A0E#<#m>O8%u^416=f7E}I$30twG3X+P#;H^M6`=%YYwHHJV&>&Ym7!<|=OP7Nza z2(cA232?zCu>DxvK>2YqQXdH>A~4D5ZQeU;GrsJFL%o`eS=O--w~vRcQvwRqKI{5^ znx3ms^hR&wNH4MwG#uu6D-sx2!Z|)N_MSyR&1GkWlF~Y_TwX+Jv$}W2AYb`Yp%m`0 zHUwEj-l@Y#${o@XY|NiGZ@16#)p=Q;)+dW(R)L_)4Vg;A$|Ct92hp@?Jg3@*yJh>& ziXR)q!u<~bgJuv4m`B$(TfWQxM)?SZgK4JPpA!Bk6gdwD77cT!N;8!Vw(s)?_T8jE zS%WKkdaAd>CnP@6Y|6}==H4!Tew4fXv2j>1{FV=#L z$8D;q>6>#`WWS?awHYeX$LL__I6F-Ukjk;J$_=QN9;RWkn6s89*eU14I@EJOvKmdb zPsM#Ai)Oz|oU}pP&@lJs?036c_H?_?dvvP*A$bjn=?-}5%#tLZg?oZcle&v@*He|E z4Uh!|5Aq8)f6?_Y+90*PQPsWPx=zW>C3)+1x7;HlA=Mxa06Jmr(7Es-%&pw_Fi-r+ zAe{Zt@U)=cpIO;D39BTaBnr$sMvV&HTgTU{nI?-GFX4Yc!Aq{e$%xpFd7Zo&n|Wrg zZJqC@9+yWH{prFG^I_|EL5|<<-=|rjus!wHx^(*tN&*tpD6(o2gzyTfXOIG*AXkPv>Do-#j=U?XIx`*pdwgAOm4@3K|2 zYY$Wq&=}xo*v3s5k`g`qjGp#bo+EnX&X%U_lwLQPALb*irqClZ>*}y@20j|Z%;&T; z#yb8~Lo=z>=a*mlYxoq(eXts=hCVrhji%bo105|B-uUT>2t+^;l&Hh?{-M*y<+Uu#0_s`)6(%dQo&ql z-P+Yn21b2@Mni1Y9WjE`Yc>Pq7zB5D-%i7K-+v(^CLBUxr})oA@x^s9;6<`%O3Pvj z;c1&b%tx!dr&Kgo@to&`^9vLYc$8#iQqxT2qR3oKO^bN&5CwYL@89h0r6~GsKlVRN z2NgVYKtLdLQACZs9w~k{B{g-+r>C0;b7X_qL4cs-t?oOlY?{M{o@1HhMQTmD^4T?lcDY!A+1 zv!&hS_*oLoBV0ROFGC~eOo0ietK^MW$}}Ua{>kV;pA&m3ZOvMA_jJQnItd*Y=yp(_Rqv{k zSd76p`#L7RHa`$r<7s1SI|cIy;sYo4v2n|xGA-Nkt8i-2q*?n1VM4Nq5iaC@t>2k= zz%QhTU7c?sjcDy2eV$-bk+)c&z=hsI0_fW?EjTVFME+Vt{4kn30*!^{lk?YtR(P$XKZ_4?;+}X%}!@A7XjuZDw@I(vle0% zZ94J9)VnL-6yl*Y5VM*SLct9Yq9~!L{$|Cm>Oopsd;4WMZli@krp7oNpwNBnJeo-} z^Cj*t)~0&{LP$G_XQ~Ql#Pg+DdGL9q)7Wss!FIlmeO-SAnQL;od?5Thz@r)s2n?~N zHeZc*f+X?P@Weo|nR`~9t`>x~NTQ^3e|iJP~2g4B2R`6uF6qOPbuY zV*IBk7diG<=Q=}{%wgc}%f*^8ce9t{(Zpy_!8&^f92Sm16` zRa^2i;(}ylccw~Wh)2u?qzmL=z@%^^kRc4x_t@uqE@7<9G51d2dn+y>Em&L-upr59 zBQtOKCeWg+mqtrFf`dM+*_s1O;jdr2l!TM^3U?8a1-e$|)93G^WP?e{!8g*6&4jcE8p|6QP7ew1b(sWCMOYOGhVSYflA z{Gt#WH)ZX=suyZwKpuMRTxGEvP;!w3_$cjX23x#d4=0u3L%WN~u-#g{`VqN7rN=vJ z$B@l0T(E#1rsomZ1{^0*7L0e`qD6wUZrOm4CbyU|$x)_eIk8i5ZzocaO%VYH zO%3#CRXgb_c|FlBi|w>%w3+bl&91Gh^xN}^k(>c6Lq=8U=<3R5rkfk)&dlk%rr5_7 zE&-dFE)8=>DprhFi1>%dP9yHs7kC=<8R;ylJRCdlXj++EYofkK;tjk1dJw|^beAki zh>000FG=5m*{~l+qe)IPA<3_5;J|^{w{Tnoj1oAZ0;uV^iBvmjDLgOO_Lxx{x((>Yk$3FTnh1YO;Il^%uFuU2Rm%+$08 zXos(4k^CN#8w7Nh^M-X_7f4I&;ypq=hEh)OY4(GSK>!t0>=n85o&1V-6%NqfZ20f` z)g2QoJg3{IzQ&pnhaoUR+DOnIh)8>Fw0lWN;ABmsLF$dZ*RGY{Qmi~Xv^N?r0kS`? zzY4ZF%nV3b&xM(jzk08`wAoYsauI1G$Az@+nu*81gtN)#9qDDVn&TEtBs< zKfM7m0{u+VaR9`}ckfEo)dw&}bZqVh8Ch9#Nv7UqH+;lv0IS3l2fBDX^qbvh?R030 z`kk@V8aaCO%8O1ozqc`;a1w5B=g%{55YKI@1~Lc1TXOyDd-NCZyR^5b6Wd2twk&b- z(F%BjPy!7s3WRx^*y2DBhJ}hkRX~Zv#4bC3LNEf{H5Duam=%SEq1N-TW7P~C0X^dg zVORsnATQ`YLMK@XoZX&Fb9@|a%eQQ2SSq;@PUmn;$mkH6&@dYOXOP?N{gPiRZ;dY9 zbY8|>PMWKc5f>+Bo#P@zAZ~q$>C3hnKeqar63S z+vFOK_~oQsCTjQ#d{Sz(5juI~HG+bLRL*UoL2DbF>E`sPL6g4X^p$r0eAxY=A=PKB zV$eFAICjjRDG>~SC!yxKBZ#NpFmZ#eZ6)nLeuZE=`AT7K>LVJ{r1}AnxXASUA*=Dz zi!oqn_Jc_zjLjuCGm4+GtSp@FKhE;Bn+iV0Yp>sDmh=rp9O*asIDb!=48mZ6Wy@MP z=lw*zCtpm@Z>9hf#+u@#SU5frsCvN2g{XCJ@_~^<4jlGh4N!lHV6Jd z77km0$GVEB$5}_ZixfqR*}1#rruuE(yrXhs+uK72(>9xZu7mqT&O1O!iGh_jNmp12 z!<;8Cb^KNr!BWJ~_9Y%zLT42acZ^M&cv0Y9dBRcyy>s?NUo*GOgj6EYap;TFr!$$- zmeH*i;S~bzlO5h?bTdyWj|ej36eWAAb;MD0A!Mn>S}`Jmt+;_WXuGVc-%S z@AruGDlmj8o7t;ZFS5-i>4ha0Dun}%<@y+Hqwr^yRNlKMB?CUzl^Vpmt`2LXX6^EG6zV>->3P zOd^%!**OW)BO)&Z&f0WPerb+-PbP5)TRX6`n&O+SO*6GeT7r3DN$a$+`Fl{w3r;e? z?Qj`Mp(WPdY*-#z@tal`>DWMofT+~JiIf*yL5a2p*2RGXa^Gf>TmBVT{J@E#(gUY2 zInB!+r@W5B0yvO|-!EPu`XLqq5)J!f^5SsuW037it z%i5%$vDvSXc0PJcb~DR5^rQ9ShOICB=|N#cLYs5lIwA!1Vsyo8%-{}Jyq44eeOW98 z@0D(vau^J@({s$M6-*T2wp}HHotu^7^W0HdNiW0 zE=I{n6*2{k57`qENxYMxEVQ(gylw9!->Em5*pHKD~MC;XH!yB7-g;$}O@P^EsTFCb(NARy2q#J9!Fv~gi z(4k8Ju>cLy-IMN*swm&@XHRATrkbl;1rENy!@Y-sWBU9HN*k*Xg(;#5m zwr-5uSfksCBzUZ-?fUU>?g`1{8h>(UsQcd#O@`c-=#kZ&Vexs?*~hIIJCWa$p1K>8 zGz!N5{S+d~&=BeCEB?uF%pjq_~d=Wes4po}8X zvW(rS40aMGy9qqUmrFax>VANdtIP>bpJ(xywT;7rN&z&6eCB>{{_c3jyjHs50x=e^ z!ie+UQvP9V@;~H(FB^=`geprM-Oj`Pe51Wjm^=D5Xy>d(C658nfvOu1wLd#_x-Ly+Us z#>?($o^~KIk`cu~HfBlHe<#DI&)>Urc5+S8PF2Z?KwOj}P6+V-d~=na-*RsYzmF1U z@}x<^q$p7J+jVoC&c&A`_jvn}jD`aX;w4lp63pVw7aRqKugU6%T2BsXgn$caJsv6y zsE?@7C>z#XA>GxxZ(X%AGrWrTD7*iJ3YaarP0i0xs!Ahd)x&;8{Y~tC(uTxsUn+PO z5CwK~JE4p*S+ElNQ|5?AVy0F%cXm%TXfRZX8r#2omz)p3AGL%)%-&@DoTI1mgDbCB zRrY{T664@ys8R`k0fiiP7I^Wk``;+(jji>S0z0`Dg)gj24lX>JXnnRL@xXzBlZN_K znDr?*r~wqPn;0|n8de6MZ)&nU5K%lh@#c6R?EVKPm!Qc!c?`H%3%?3FB7^Qb2R_ve~I) zOFnFaLBa%ik~JFhnMQl*K0BwRcuZ*><9hGKe3^<1ZTiO&dL6lDe4)qE=E7b1<}Cx` z3ggcRW<$B1$A&4~#SAV){wXPGhjoRoxait0Ittv@ZP&A@BgaTJZU3=EwiMPI&S$~y zPOLeE^yeP8G7isFp`|L2V5+Os${puJDj)^Gyq6iS^QR^@kyMbrx+!xk>B+`ZWJ2iP z=PoGcc}%yXRIgw_0ftC^ORsx7%LmcAkx>Vj90mlp7sP_NO?cryX55lHcgT^h5$*MpDr=b0Vv_22BmkDYzZkP^_M z*ZAl2=drQY8m0pZ%UFUSa)fVX+Jb^{u2c3Y!V-yE&*7te&bJlAO2q%AB#rV6&NI82 zfoBkLuV4R<1c4@LN-@{wJ>9E%N>scBTVg9&CE1Y!wqsp`!G;Y+hQAdv`VX-E z(&AonJX#{t@05&tZu0=;>0U|BGtM73x!k3y!6MS0domDLfcdIH2NLJe15%wZ1{%3$ z^oc3kHbbvu^_o>a)0ZqXlr44Zk2;6sRB%bUw8CoZ)}K5>(z}W7B@*w_YBp+xTw%s% z5X{ju?>>wA^p^N{l?&Y@vN^gHaQ()Un5NISp6?AyNAN>tTfxv|u=<9FXZTtx!4!tW zhq4wK(+x3GGAKJ8;u~-*3&T2PJytNnYF@KujPhlOYTwLAtcuqbKYK>^8(WhtFSf2C zCcvx7sJr>S-i0!P;{kgx!DW_-@qV1QLhIzoMaFT@SC@ykLlDB_Yrc!#uh6x&7aq^k zIZP{pn%Ohr=R?&Afj3J!2K-?pDZ=6$uex)@b__N~Vuf(uWO=zqlX=0#;M=A3R|y&D zqL1W**X3{3bf@)fD{o9v-H7vgU0Gl*AgWz-}{ zJf99MT9XC^m2Tva`zRxaz{y>*WIMgPhYuZa>tS~?dvl`cUrIlte0&%3W_M*UV+m57 z$UZ+(ZC&QloI7W{;SC2&Ur7nt{}QXW@&%BOsqIj#gqj5xc#6F|@R}r;QA|PO3QOh` zH=g!dRN0JnjM9d6jK48Ea#z~8THPfu zjp7Z(BbK2f>*eL;;qgXr0$j30kc$C0lDi6)5QJGOFhOv)xBn=?-T>$uv=mkOcsvsb zTbRBT{CI(#V=CTB;L`Xau-ycI&$HLZcKsV(yaz5?;?6%;Atly$eyq!Q9Nu>*8VS8o zE450B9OliV=THIOSVb;gpkq6*BuGGFId}ywYL6bp(Rz_Q2(ahPZ|)By2m4rfGN7Wn ze(c+Ek@HnET^~;y=c8;GrV#vlLSO*s6&%H15ECbFeAnjHKjma=ebG{r2O-oRjQ|dH zbqpm=!YHWh)q(i5IPt|-@Li`GVWKLQk>Bvb#APx~u*-P=XcfzdIK}y6Omaz;1^R>& z_sf=+uRIg*N*7%vh);<5F$si!H!}7bvoCNhAuS*Km%pS5jzB#%e`Fmh654^R4#8-g ze4Ttji1tL~>gwtN55g?AhT?LGx=>!U3H%(?{MB^#`Y7$t$0HRYU}lm*3N3ov%3dw4 zQ*`QePWpwsYEy;$?9^sC(ccs9C{+!e+5J2%x%*A-u`Fw44V@+*Ej`O+6J;JKn#3OV zcWzmDWNe?H!e|Z#@*6d&*fw&tGQ~iug%e!^CN$YIW)$1`e zf3f2~-_EgVO7wQOQ^Spub>Wl-HJ0i%4UnC<(00X6XON*+KlA0vQMX`Za3T#Z%?5h& zY0UouLow^zxe`5_Bs+#p2E}HA0pYG+q?d^)4bxTX4(}aMVv}A0eIa)PBwI3)Te%~0 zR;`&C^k1LSY!;nhKhMkSqE{FZpwd{=?o;cL9XdInM^UT#&50Nek#4Z61&oCaKYVK1 z!WlCLcXfUZb61WqC*6jQJlER#p;s>V&DJysS(kik-n?crWR*;vr-(yXPW8mtQ%?iN zBLtgkj^~uK4Yu|4q(c@TkBFDid6m#6q@836YxLah-kNCZC5%vxOTbg|_C$*J*L9>Da zb)3uS5YZfoFmToa_7cK_UOjtukXCR}`OlOzByzGh&Cf5%*&Fc{TNZ9>?1&M9pCynx zjxtIT;>FjuC0yU}UPm?O^m5{$U1jm}=Yzdo?b^=Vd$<7Hz49_BGbU zlWm7IzJI?!E5>RkVVz~Z@!m(5CjE?9bf#_U-1l}PV>vwea8Z!7@Xp5*hcR=%?0sO?P~D>1l)Cv8=*26NFzdpE1a=x3j|# zi0WWZDFj!pm#dYNmew43e$z=sZ_|Gaiga63{*=1j*}(X>{l%PAQw0(s#02UL9woUd zu#rvXqZ;$U168t~#x;yTju{nQ6m&8H{{FH{^vA6lThtWB zPXDBJsIaba^7-=PQVhMMzjiV{US_2;By)>oMkweiRWL!isi~==A`j+|>BEu+-f!H;8+m#4mR=@`cGv-s291`P87Mw*NdHDv zNg8yd;x+I+GZI$#`DI7R=6)jUx&fL<{9TVx)(9)lifrdp*PIC8%XKVf%zkx@J)WPm zJ+l2MxJv2UcBFMcXAP_<$9dH^%aaxy%D!7y^Hy}ManC-jRH_7T5Fj@4ClW8vg~Y+u)uQK?L2irudarf?Oj;14CsY|{!)aYc#X&LNZ)CtQ*kae72TDWHX zaRF=cs@1{rM*HFK?Cx8gjEZ7qa0*SQ)kzKnFMsrvZRV{rG7g8JM;YX?(kRhn>v}Gn zjFKN?4MDBKmp9qMVP1qrG{g!+!|#*^ggb)fZO$BavCn7gwcehwT9@ODf0@X8zoNT9 zM5N2=%GLotd^%pwMtE_!M-pCOMoP9k%pDvmPo+)5*X1ANN#!2unqO14eDpMb zQfHqb`r~qoOEKa!xJl&YK=HVtb%8)|stuYFun{$tTDJ}|kQ>%FRt{OAKOuzT@o+duod9-sFlL(JLD!hF8o6twSu$1mQ zJ(MBiSA?gg4i7|BOlH?X2}<>YpBWtvSZ>7&H#skEGbyF&T#7#)svq>nz6FGQQf*36$RJW;pF)o;xDhgob`fU{)Md#6>rYB5 z8OaL{we<)+=`4MJ?@(9(fQlL+m^cvgL;FfA8fL4@4HBfsNR5E((n@O0X7|t4W_Jr? z6VK>)%9xE>^z_S|<#r#AS|kI(2hkyDeOy&sEPCmIT|q*@eUbQ5d^Ut5fB5i1thwG5 zmiPUboqVy{+Oo6zb85Y;`1ARvy8q1xJvM!33o(H`I|$Q7h&TR;Zj*T}myHzubgK@H zsqtP|0&|438aT0$yP`o;xT;Fc?QHJa2m2j+Tz~z$2c#8-2T{F~(g+jFA=z@jpKdu! zR_UANs9>b2eiYxFPr?(Qu!eI-t#*4(NB&38Vc9Wlw&-ibDl9fERm)>37CD*=D$_O6r2tiqrAGto)UYo5tABr>yorbC#6lZ@^yRJWj!#c(G;89l=wO{1 zD6cm0sgw0kwM79W-Pj($I8m-sc+qFFt5VjHke3aU*?y#p#eoRRHvV&`FE3f8epkkh zqDf8uuLLg&VKyh(%I2X_gD-?R&K9)OA3p|?(}R${dHouwj$)Iv^@fk!?f{Wn59OwI zy8Y?;$%HBbN}s@GpIojahbGk>l9wMikobR}KNtBUbji+ToqM7qGPDw@=?i`pJuTDa z3$MF+-JYFf7<14@d!eJFU|PWQ1lzm=AwF`quuVX5QKw zX5lv4us$fGrZLEkONKaUyH1Mh{rq_+T{Kc*!CCLlnll$)t*nl-lI&3%Bqu&3F#9=ah_8R01hvTU_Yi-m@}>;ZH~bgH2?hln zw}E_kjGJRTk{~QHxttvAnd|QTw_hT_oyoHfgq>6*Zb!h=y36t6;0ilD5^J2T(!|f;L^ikpX-SyKl(`oEz8cj&6 z06b8fa9QMMP$X3KJ!Fqo`1YQo?meN@)5f$)pjE5X8H+bJ@giO}84W+R906_wy(<|R zgfdQ}yp})o5qYhTcb>F6gqwSba_sr~&Jk=FguG zbg!#Tvq$u%7rEr&D9KU1rKRI&d{S!CKAroZIaREmJ(K5f>pgoGJIB#WmoBZHsp@_E z!1;{H)pK6%l{S4U`$UEOfCh^CHb0zYB{f>~J1?Ay9$W3=G>YCX=L=cH%%v3{el82@ zSBZTICIOlu(Dqg=UoNguyySWAe&r<#x12H*iSK*7*V}=OZoTbR_xwxZWH1}m`YcHb zoLk6NG|W>RzN~6n+PAVX>qcw4sC$Zyb~{t+X1@NU6MN(4iB9`R=Fr_02&ZXI^G~s0Q=NX;TuO!FXTVr8tP#S( zdYdTJKb}%hKmI-en#c zB1Jx+e&D;CHs!*lSh#T2_~V$^F*1R#6Xve1@PZNI<<+v@zwP2gV~lh+vs;Dep-v%X>Zhj;Jn z-(v{}E+{;g&d1$d13%Doi~-)Rzgo1T?9~kZl=_3hoL`{xFkhU@2h_PLaaz^Ad%(0wHJ)K%VORsfg8HA$$NZ7GvGvYZ zGB1x=G1a&?q$IwFNqeNVn4p4-UA&0tYfNdge?UM7U6Z+U4@?|WzMxJssFi7sgOrru zH78$~c-w5vu77S}j|QWfLFPO_9wWRN9)X@Rj{uqz*Nm|F?uvVc;j@iqdSR4;)RY4M z&+lzd%KDn&R{({w z;BpT$qoTNY`bBv~`6Un3cJKW6;Qrn4(_kJI_{fc>j+?@9C;q5;IFFIwWq^w-FtmO52UteEfjmx>Y zuT??@c9obkytk2DEFpn;$qmvZ@DjXa@RNW;2}(Da9i`d7?b*=7(_Pf(B z!vO=(zG=l;V@?T~2iWa(Sfi%tw}QZ*4@*mz(@o$c*{$>F{9vES;kzY`ubw!?0%c!t zsIn2DnW5Vi3x<=)MuJv&EG`aPN7zT@M$=Y_${)|0sW^l6#8co|?bvY>aADp&O!BfX zUR;Ne4Hnwt#|sDbu)qEOOpk`EHsKY&D3Lkm&!ncZ0iR*zfE;p&+`1D>9&E~bHN)e~ zKmYtgVM~_JNa5eu$We%N583~1+*E-#Lw%Y6>uT*0=f-`%Fb->79YW0?|$O++zcE*7n5xQBHE=hKf6{6`g;0cqEuw>r67}2o_<^UNa)|$Uh%fQxZmAZUoa+DQB`FWMP&K- z2@|$#+;}-B=TTihghi{@Ou+|R^Uh` z(!>!jKlhI?XWj!RQ`v9Mk7(p=o(3l(`%M<_E5jTjYWOCd}7`#MCUE1R*Upd!j)yy=?v->3kXhJ&$7|LrY1 zYKesdOK+V!eR@4LJ{pb_ z_?po1BuucAAe~T!VjBd^(hO>@v42<9TUt*Xnoy(%JYEuEvATBg7>Uh8`uC6Jhi|}{ z0bFvc6qA0b7*aK2U5(=KzG`7xLwasCafJ*FWXDF-wv7vkIeg6bjDJrA^;|vD0uC+? zYC;sr2{Vr{f#YPvxbWGtimm2T&Aa>L-6{4&1(I;|sK5Y`^BuVt&L3fk_fL58=%Nw@;UrA>ImSf&V@e(SfqO{OHAz6x~eH9gbm8PMEC{aozl%-Tk z%b>|t5mH1UTdAmNw~VGRNKHi|B}+m?mhbnPuDM*8dcE)S{GWR{=iKME!afTufUp6O z8k0O=HtOK+o4W_1Mpdm5R}t|P+^6blUuZ5G^SGx*CE9(quD+)ErD|Dc_t|QCTn>By zbj2n=1x3ZC?9<{&f-DRiwDd}7Cue{u`}q;0A0Ze<+X|nParp47o*v4Xt5E14UMOo9 zD>3X%^z+02K%wyJ)kE`gF0oBL!yHKp0#UTyU8fGLKg+S0b9~wqfdUBgji4Y#_hnR7 zy$MfiA6vZrP8nAfhq({&kN@rCV}1NCyz(RU571-i+qU4nL9Xr5n1Y4ltBUw>37FqGpd|kU~+0w%`Y){?Ghu}VYRy}hz z`s>tG4l*0q>7bY+5I57r?TYFHZ(|~`)4Ix2=VK4bd{IzQF%N2-a)0<0>$s~|w}8V? zm|$5CgW7C5Ni1(6r?;h6G%j_o66_NnSBvdI2 z%BiyuU=zFDr=ah1W~UZ-0rL$@C+uVSz+}whxsG_ibIgVg8#YqK}U7ocv|a3|Lgip&4dQ%S3A_8N5Q2Q}(0|?S$ z`@9cQO}wO1c1})z-WUC*7-Bj`Dy(XxXCp78*E@PtHLXs?AaFl5B|`Mp^Of7;b#KVu z{(b6@$1mVKaio}}vTUw36vE33;;C;Z#oJauXLR|sCN`?0Sw zb_}QiqhWFN+ma=1O--8wD~(++6|~nnr0<`MpoD3YJ|I5UI)j#a^W2ccVEq(f`*2Ni z{V5|y>-U!*a&lgiL?_r6z?2Xk`c;L|GV|>1Z#FcX%gs#$2`$^S4izqu1gc`y%zr@= z$YC+J)RydgD|8lJqDl5GEyEDh8#%75l@|~lfDn7-Mo&>U{d_8Oo9luF4vvll#5jqj ze{I}bGpOjE6D6NKfm{|34t~wWKT6o;@=_nd z+{WHg4m8?wt6ZlAcGkC@XX1y%PT2~7yNNMk71p=cR$~b`mP`K{VS&lW(!yc3|QztbMmtq zGGb8GWWIkd`X+VFHGc0(U5{KpSCxdvZ>h4u_K-5oYASAjeIz>>C26KLb=iO09~pn4-Db+A1)jw+W+_IOl+mBpqJ z-5g)++L(o)gyBNtCP|zwFSj5Ku;v<>DTmXyK;`ea3%01m)`6-MavCxWrR7fj@n+gU zc}7agTS6X25F$IK;sQcsZ4y9|@kzeL?DTCO3Egfdd#nBH-g&M~>W0X5_lY-61A%+!+tUFe!q< zgy+v#*@@VU39z9$&RjU22lW=#P?uGVPo$`1SaG(T^Xj7?0&Dk

^2ep&Yf*wz z!H`$57I2@^ND0bXuwz+S(^&{hvSzY~vn1f_tCmSB8@Xuip+H=?Xwi9(g7}&zm0p#( zUY?#?2t*Xx)6)2TPgj?}pI;$_Z%AhM%a=8xbFwFmweJ(DV5nyDWDpC{t)a|c4j5DT zP_-Jc8;nk#S#wKN3>D-GO*2ZY-mlFu1&U`TXuSeF0#-0hj;?0O$|>w%#0u#SC{D- zDJQeEihG<;gSqll6LIT=UAXeG{p?}I_Z7jxyX|r%c2skt7}|JAtR{^I-~aZneO!^O zQsgG{LRGE%ckZO{lu+f6QAJVd?UYXNBjBnTgoF#`P>k#N|JM1{!r2@M6fTI z>>Mjo;cBNiab3WN6$TiL`WZ1yVM~ERLxVe z28^XoY_IhHv?F#p4}B!HMp?7r7uBhWcEhTbV?O_GbgDK*sBA@tYs{jj_fFje{@p0E z^bq1c7K2SX2@p16!i11ipt`BoBcfbquJ*r{+_6irgciMF|ZGbuH92yZPoFEr`p=qjF)EWa`sIL+ZuRM{JI&CL4(c2OlRmwNy%s1i!8T{ zUL#t**dmL~*?k?uj5<+I2xLRcDusLt{lM3Mb&o$*%LfaK)d=Jd+#A8LI5k9?zwu?2(BUU& z5|O}hU(OU2H8O$m_;F_aN_KP-wf0NeOMeht$%i7*~5aS(HG{}n5&tr+_oX=6|SNWcTH_3&tJX_1u{FEKu+AEyr> zgkhwQ&l5%|AwOmu-tE<^=QvsQ)!xI0$&buu`k`_`QXwodTpG`;|k%HX;c0>UI?j9bR}*ZX8m)<#D{J>PFDfW@^f}#7FiY*YV;{NgEZ5seMNnjMfcYxl%Z{a8-75vs$4`M zhFY+-CP7Fgh&0x5HyJj{%JQM5ti_X*;Iw{((TX*rmf!{#j5NPLVRl6kTvE_$w1L2o*=8P%wqzk3( zwX5rDt4fF~sZ%`OK~Hi>s`D;QEsHZ)`s>}PfjcfIo(s2%6w6nvz4Ieg{F-ITq4%9k zjdQ;PvJzdwJ>EE+ST^)!*{1zrLW|D=w$h++sG-{F@L$;YXe*Q~UbHA2l#AgK#4$9W zh)e5gYljA%>lik;(koH?<1;W=Bwq0e2_m98-&0B~M}J!3IzQ=Jo5Zcj;w>ZHwW;68 zcYi|Vp`zVy8(k=}>E`&j__ngm1@qHW0tPXcL5j)dv%tA?!b+yH_CGQ zTkv9JQ9r(RS!y_sma8tB*e2VO;5(l332&V5vy5f>?QJ?m*PO-f#2z4r6&x)E6)oT9 zW?!3w+aVE>I+*7k)CUA1dbQh!&5ss*y|0HD9chhVE~Dj{)%{<@52&4ZKK54t1}KNe zbg8LRy&9FSnI$D#h&e>DKiARG5s-#*6L4G*#XEi8`t1z+By5CNJwW{Ku?9U}&#ms) z#I+4ciGIpXbYP(tM$G&;st;T_Q{e68NB_SHmVrB0oTXbzK z>6?J9VbqWBf|VIFM6*>VyqXrhv4T7cKtS*D0&qcP^oeMzAQULh+>u7Mozu5_>Djb*4o0_*tv<%^AHZ0nN? zH8Jbk=`;WGd&j#@>U>!-WPGRoU2c-(F=xS6LJl?6gnN0!m5z(^rkB5>$wOmKGYe-0 zq9~nFzs4@YV=#JsJF+rIoG(Q7?42VPHg!w-g$&_a8yWZT2fe^f1Soi>o?fLyVMpM^ zn}5^XAkxG?US3X4QAvsT0Z`rd`77EoSbm=Fup%4#XGFBC7=B@H)ZE<6EgF4r$A(Xgxfye82i6rZVknBuOieT9WPQY@})>cyep3!bF#B9@sT(y%y~Y4J`2?pAsB$HskzxYNg?OfzOU~F!t5TkF|kK~ke~mW zQAL5dF(Xu{Ge|9ttd0e?5S+g<_mmWvWRNdG@M5+-tG`#lF@ixE7j2%| z%4WtLe38BJxC4*=Nk(&@@+QzG%zTTMPxz2G-Lb!9+H3VNSdS8l?qy~Dq00exHA~)E zPcN5rROhvsW=X*%yT>s@%R9t?B`d&^I6c{}9lBVqnA?fw3K`%34$jCqlk{(Yw@>vN zA!EBtR;5z81GS?6CQm&s+f2bAqo`>A_w==UZsVqof5TP5HLDWz{JXO&V>ln2XAa9c!_^ke~$RhEF-uSIP-bMgH!j|TRF!oihQUqP&;NfT4&TV%2PK-pmh>a{e;NKmt!a^HiS-LYl2{h{w&jXwf39Brbt?1)HBq~jWDQ}4<(Ycm zaVVKywG{tx z@E-@Eq;PbCTpoI{y88P3iL;AU21fLU-bt?1ThBS9Gt;?!tMcFo4JIxLl=!NDdG?nq zPuSC^`o6Vd0Baq~gZ(tleh%~l&5%kUZ>Y3RX?767M0&LiiZC;lSUjmosQ>%#t4D+# z9gfM(FVI&Xog`y3Z*)q`r2D#C0nG#;(dpBKUwjtU`umGIcPO}Q+iNKOPD5L69y7go zGJxbV9-Fpr-*LuI!VPQulZOOZ1Xs_g1H&5Zjrt+Lbtmj=u8DblebIPv9~FTd72s2D z#CXuETeqm-fZaqoW|e={(eVB|(Z`*-9^4+VxOw$QI%T4|rBL6P|z^wT3jl--$q=8%jv%9#`ZfSzt-b%w?nVv?e2zQL<`oO?|l#MukzN^;cQ}%);E--oz-E>o|yIAIr_XdH3$cq9S?2`2rTRuC*h2(qcCN zx8v#QiZ@U8zkk0Thy01AVXuAb(+06>XVZxAVwIo1xh%jgA0xf3W!zc_6#^4F9*Vzz z?%ZjA@!~U-ero+1j~-2(GAgVI^#`jC>U`XI*AV+ zo6*Vf)bwRrZ8L3eBztPhN#Q)LVThb%OCaf*v(Z110KmXS<4jV6%@h==C59@-nw-VL%EXD(zo_aPH=k~4TNIU?BgRd&69 zve{Vt^LXJ{^K~6VwX~x8fDe3*oNb8;a`ARh95+tl zfc*vM)@m@-)YOIOe{6F3PD)2g=*+7=vAr4Bd|6Md`m6~q4Q?Ca;-uq2`rK^<03u7{ z!-p)oLDBW#pMOS2nNHI%jg$I0a>@uE+cDItgDk$7+1Pt|wba)O2C7LJK>3?!I|p~U z`pwu3uOp^`sRk?&N+W^tfXe3B!Ho2Dfp4wXImf#iE+#Lv&l=+|2nE23qE$gbPd~ld z=K719j)AW3?fdsX9QRyYw?Sji3D*}Ke#RM1U zNRe{7N+mLPeRZu>r`MlbHe#-hs)2lAr(hlrmE%Z-0AkMS@apR9wrf-LBvE5SA_99r zw%BCJjGA_`oJh{wMq2&>Fls7bABLUvPz;x57(Z;n#KnrbF_73v!Bl! zxujdF0RX+O4r?@w;4omp6aB@8ke$a@=D*sxad_Noh2?{dG5yc3g)8qrBwnga&&cBo zNgJ@>=m$luEq64i9vY(!9_sF!JgTjE^A_`glXq(3)PxgD&-ahkEt?y#DEwK*+)oR0 zD<3wePHgGQ?M@D;v+wgSZ>-PRnw2qKBi@JDwQOSC`myElu!dIZ>eH+dY0B@Ur5-k< z>fx4csCXkRD$bpA`st4H)Ct+p&;?K5GOiZu54aQ(m}r~L)U%jX&^lcrC5MuWzQp|2 zdF8g1tF{|Nzz{>tP@4@i*O@Wn9XI7|G-Hb_4=XM<4D@z|eA^HjYQjwi6ePUwJoI|7 zGS{eddr;|_8=qE1$6)k|`4I!qK~UFx+ZCL#5bUzCK1Swrem+g(ds1`X9zi&vZRQ?R z`BI5k+OP^wQ(aw1$9L4KAsVa1vQX4;z9|4zPDM$Zh_tmmIyek*W-k*oolV!|4ubO5*9 zF#|bQ6yvK7{41uxrG!}d@@30?<&t~HOT&g=Rg&#^8SOaX#VwOmiMil z;62>X+#J^$G(vN2Z7;Z=>Dh zd@0O8jAqY%${nPTL`gpVh*NKp%gc}r<2K4gpBJ*ojN&N+vW>d~Ki%$iCA)z~j^~wn zyQw1T2MzMs{Cu!ye&q;2gbbo<2Mhk+5fcMoUjB|g#M|3D*K6~S#8}_~pf<2ltiK=?EQmip{GNMBrKlN4#q2R9H6h^!*97Jo@(S!2RM(i|mL8P5 zfWZKZETD*{cw9P>AZ{wogC%yu?4r9_#6U<>8G)Ow%=!xA2MwKN5f+x3nnTvCvl0W9 zVQVcYu^J`}2&o9a44GH&kPyoP$|ZSPe+&$FD+V_&4sJAt z6EN0@{tAx@#@8>x%HqFD|4fu5BVP&c^@jLG<59g*Q1jyf(evgFEACULE$N{EdHHfH z7YMxm=-HeGE5qdgl%FB0IGC_r|@SUg$WD43rtgxKfL|ntGF^CzzBc0f%BZA zz>kfL$?_OgJ!U;%dkvqvbX4S3g{vcFw>Q5>X2HKnPD{Bax-{lP?55aSBM@)V!<*C+NJa_k+-`8A^Q~NEU+#oWq zzi(U6{qB?9D;=9+RU;x@0_UjxG4ah_l_ky7eoJWBFvdX6^xl%~gZtHP)sYv+oV+5j z{!#lZi51Zhhv{?6tyUBl2?b4SXnUaYdF-(hj$&z(A)sx&yh_^)^eqcSW*ppg<7w5I z($?8iWyHM8BT&18(4UcJS)H!1f0)d6(@N*u0B*j(}Eh07% zI2+y1k(b)kPn;t%_cDMrIVs*za}NRv7I!0KE={#qD!l(?(>>mQtc!_5qR8#uH=f!_ mpRFBov&6<{ITv65Aw1pw_lyGzCl3+g%VCa_?Kzue+y4)!t-}cb literal 0 HcmV?d00001