From 852ce1d00fe68ca9554cd359a075f403c43ef6ed Mon Sep 17 00:00:00 2001
From: Automatic Build System <autodist@mambasoft.it>
Date: Fri, 5 Jan 2024 17:56:52 +0100
Subject: [PATCH] automatic version update by autodist [release
 2.9.6.1-1mamba;Thu Apr 24 2014]

---
 README.md                 |   8 +
 snort-conf                | 974 ++++++++++++++++++++++++++++++++++++++
 snort-createmysql         |  11 +
 snort-createmysql-archive |  11 +
 snort-initscript          |  59 +++
 snort-sysconfig           |   6 +
 snort.spec                | 386 +++++++++++++++
 snortdb-extra.bz2         | Bin 0 -> 163576 bytes
 8 files changed, 1455 insertions(+)
 create mode 100644 snort-conf
 create mode 100644 snort-createmysql
 create mode 100644 snort-createmysql-archive
 create mode 100644 snort-initscript
 create mode 100644 snort-sysconfig
 create mode 100644 snort.spec
 create mode 100644 snortdb-extra.bz2

diff --git a/README.md b/README.md
index a26141d..1380ea3 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,10 @@
 # snort
 
+Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
+It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
+Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture.
+Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.
+
+Snort has three primary uses.
+It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion  detection system.
+
diff --git a/snort-conf b/snort-conf
new file mode 100644
index 0000000..931d0f5
--- /dev/null
+++ b/snort-conf
@@ -0,0 +1,974 @@
+#--------------------------------------------------
+#   http://www.snort.org     Snort 2.8.2.1 Ruleset
+#     Contact: snort-sigs@lists.sourceforge.net
+#--------------------------------------------------
+# $Id$
+#
+###################################################
+# This file contains a sample snort configuration. 
+# You can take the following steps to create your own custom configuration:
+#
+#  1) Set the variables for your network
+#  2) Configure dynamic loaded libraries
+#  3) Configure preprocessors
+#  4) Configure output plugins
+#  5) Add any runtime config directives
+#  6) Customize your rule set
+#
+###################################################
+# Step #1: Set the network variables:
+#
+# You must change the following variables to reflect your local network. The
+# variable is currently setup for an RFC 1918 address space.
+#
+# You can specify it explicitly as: 
+#
+# var HOME_NET 10.1.1.0/24
+#
+# or use global variable $<interfacename>_ADDRESS which will be always
+# initialized to IP address and netmask of the network interface which you run
+# snort at.  Under Windows, this must be specified as
+# $(<interfacename>_ADDRESS), such as:
+# $(\Device\Packet_{12345678-90AB-CDEF-1234567890AB}_ADDRESS)
+#
+# var HOME_NET $eth0_ADDRESS
+#
+# You can specify lists of IP addresses for HOME_NET
+# by separating the IPs with commas like this:
+#
+# var HOME_NET [10.1.1.0/24,192.168.1.0/24]
+#
+# MAKE SURE YOU DON'T PLACE ANY SPACES IN YOUR LIST!
+#
+# or you can specify the variable to be any IP address
+# like this:
+
+var HOME_NET 127.0.0.1
+
+# Set up the external network addresses as well.  A good start may be "any"
+var EXTERNAL_NET any
+
+# Configure your server lists.  This allows snort to only look for attacks to
+# systems that have a service up.  Why look for HTTP attacks if you are not
+# running a web server?  This allows quick filtering based on IP addresses
+# These configurations MUST follow the same configuration scheme as defined
+# above for $HOME_NET.  
+
+# List of DNS servers on your network 
+var DNS_SERVERS $HOME_NET
+
+# List of SMTP servers on your network
+var SMTP_SERVERS $HOME_NET
+
+# List of web servers on your network
+var HTTP_SERVERS $HOME_NET
+
+# List of sql servers on your network 
+var SQL_SERVERS $HOME_NET
+
+# List of telnet servers on your network
+var TELNET_SERVERS $HOME_NET
+
+# List of snmp servers on your network
+var SNMP_SERVERS $HOME_NET
+
+# Configure your service ports.  This allows snort to look for attacks destined
+# to a specific application only on the ports that application runs on.  For
+# example, if you run a web server on port 8081, set your HTTP_PORTS variable
+# like this:
+#
+# portvar HTTP_PORTS 8081
+#
+# Ports you run web servers on
+portvar HTTP_PORTS 80
+
+# NOTE:  If you wish to define multiple HTTP ports, use the portvar
+# syntax to represent lists of ports and port ranges.  Examples:
+## portvar HTTP_PORTS [80,8080]
+## portvar HTTP_PORTS [80,8000:8080]
+# And only include the rule that uses $HTTP_PORTS once.
+#
+# The pre-2.8.0 approach of redefining the variable to a different port and
+# including the rules file twice is obsolete.  See README.variables for more
+# details.
+
+# Ports you want to look for SHELLCODE on.
+portvar SHELLCODE_PORTS !80
+
+# Ports you might see oracle attacks on
+portvar ORACLE_PORTS 1521
+
+# other variables
+# 
+# AIM servers.  AOL has a habit of adding new AIM servers, so instead of
+# modifying the signatures when they do, we add them to this list of servers.
+var AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
+
+# Path to your rules files (this can be a relative path)
+# Note for Windows users:  You are advised to make this an absolute path,
+# such as:  c:\snort\rules
+var RULE_PATH ./rules
+var PREPROC_RULE_PATH ./preproc_rules
+
+# Configure the snort decoder
+# ============================
+#
+# Snort's decoder will alert on lots of things such as header
+# truncation or options of unusual length or infrequently used tcp options
+#
+#
+# Stop generic decode events:
+#
+# config disable_decode_alerts
+#
+# Stop Alerts on experimental TCP options
+#
+# config disable_tcpopt_experimental_alerts
+#
+# Stop Alerts on obsolete TCP options
+#
+# config disable_tcpopt_obsolete_alerts
+#
+# Stop Alerts on T/TCP alerts
+#
+# In snort 2.0.1 and above, this only alerts when a TCP option is detected
+# that shows T/TCP being actively used on the network.  If this is normal
+# behavior for your network, disable the next option.
+#
+# config disable_tcpopt_ttcp_alerts
+#
+# Stop Alerts on all other TCPOption type events:
+#
+# config disable_tcpopt_alerts
+#
+# Stop Alerts on invalid ip options
+#
+# config disable_ipopt_alerts
+#
+# Alert if value in length field (IP, TCP, UDP) is greater than the
+# actual length of the captured portion of the packet that the length
+# is supposed to represent:
+#
+# config enable_decode_oversized_alerts
+#
+# Same as above, but drop packet if in Inline mode -
+# enable_decode_oversized_alerts must be enabled for this to work:
+#
+# config enable_decode_oversized_drops
+#
+
+# Configure the detection engine
+# ===============================
+#
+# Use a different pattern matcher in case you have a machine with very limited
+# resources:
+#
+# config detection: search-method lowmem
+
+# Configure Inline Resets
+# ========================
+# 
+# If running an iptables firewall with snort in InlineMode() we can now
+# perform resets via a physical device. We grab the indev from iptables
+# and use this for the interface on which to send resets. This config
+# option takes an argument for the src mac address you want to use in the
+# reset packet.  This way the bridge can remain stealthy. If the src mac
+# option is not set we use the mac address of the indev device. If we
+# don't set this option we will default to sending resets via raw socket,
+# which needs an ipaddress to be assigned to the int.
+#
+# config layer2resets: 00:06:76:DD:5F:E3
+
+###################################################
+# Step #2: Configure dynamic loaded libraries
+#
+# If snort was configured to use dynamically loaded libraries,
+# those libraries can be loaded here.
+#
+# Each of the following configuration options can be done via
+# the command line as well.
+#
+# Load all dynamic preprocessors from the install path
+# (same as command line option --dynamic-preprocessor-lib-dir)
+#
+dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/
+#
+# Load a specific dynamic preprocessor library from the install path
+# (same as command line option --dynamic-preprocessor-lib)
+#
+# dynamicpreprocessor file /usr/lib/snort_dynamicpreprocessor/libdynamicexample.so
+#
+# Load a dynamic engine from the install path
+# (same as command line option --dynamic-engine-lib)
+#
+dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so
+#
+# Load all dynamic rules libraries from the install path
+# (same as command line option --dynamic-detection-lib-dir)
+#
+# dynamicdetection directory /usr/lib/snort_dynamicrule/
+#
+# Load a specific dynamic rule library from the install path
+# (same as command line option --dynamic-detection-lib)
+#
+# dynamicdetection file /usr/lib/snort_dynamicrule/libdynamicexamplerule.so
+#
+
+###################################################
+# Step #3: Configure preprocessors
+#
+# General configuration for preprocessors is of 
+# the form
+# preprocessor <name_of_processor>: <configuration_options>
+
+# Configure Flow tracking module
+# -------------------------------
+#
+# The Flow tracking module is meant to start unifying the state keeping
+# mechanisms of snort into a single place. Right now, only a portscan detector
+# is implemented but in the long term,  many of the stateful subsystems of
+# snort will be migrated over to becoming flow plugins. This must be enabled
+# for flow-portscan to work correctly.
+#
+# See README.flow for additional information
+#
+#preprocessor flow: stats_interval 0 hash 2
+
+# frag3: Target-based IP defragmentation 
+# --------------------------------------
+#
+# Frag3 is a brand new IP defragmentation preprocessor that is capable of
+# performing "target-based" processing of IP fragments.  Check out the
+# README.frag3 file in the doc directory for more background and configuration
+# information.
+# 
+# Frag3 configuration is a two step process, a global initialization phase 
+# followed by the definition of a set of defragmentation engines.  
+# 
+# Global configuration defines the number of fragmented packets that Snort can
+# track at the same time and gives you options regarding the memory cap for the
+# subsystem or, optionally, allows you to preallocate all the memory for the 
+# entire frag3 system.
+#
+# frag3_global options:
+#   max_frags: Maximum number of frag trackers that may be active at once.  
+#              Default value is 8192.
+#   memcap: Maximum amount of memory that frag3 may access at any given time.
+#           Default value is 4MB.
+#   prealloc_frags: Maximum number of individual fragments that may be processed
+#                   at once.  This is instead of the memcap system, uses static 
+#                   allocation to increase performance.  No default value.  Each
+#                   preallocated fragment typically eats ~1550 bytes.  However,
+#                   the exact amount is determined by the snaplen, and this can
+#                   go as high as 64K so beware!
+#
+# Target-based behavior is attached to an engine as a "policy" for handling 
+# overlaps and retransmissions as enumerated in the Paxson paper.  There are
+# currently five policy types available: "BSD", "BSD-right", "First", "Linux" 
+# and "Last".  Engines can be bound to standard Snort CIDR blocks or
+# IP lists.
+#
+# frag3_engine options:
+#   timeout: Amount of time a fragmented packet may be active before expiring.
+#            Default value is 60 seconds.
+#   ttl_limit: Limit of delta allowable for TTLs of packets in the fragments. 
+#              Based on the initial received fragment TTL.
+#   min_ttl: Minimum acceptable TTL for a fragment, frags with TTLs below this
+#            value will be discarded.  Default value is 0.
+#   detect_anomalies: Activates frag3's anomaly detection mechanisms.
+#   policy: Target-based policy to assign to this engine.  Default is BSD.
+#   bind_to: IP address set to bind this engine to.  Default is all hosts.
+#
+# Frag3 configuration example:
+#preprocessor frag3_global: max_frags 65536, prealloc_frags 65536
+#preprocessor frag3_engine: policy linux \
+#                           bind_to [10.1.1.12/32,10.1.1.13/32] \
+#                           detect_anomalies
+#preprocessor frag3_engine: policy first \
+#                           bind_to 10.2.1.0/24 \
+#                           detect_anomalies
+#preprocessor frag3_engine: policy last \
+#                           bind_to 10.3.1.0/24
+#preprocessor frag3_engine: policy bsd
+
+preprocessor frag3_global: max_frags 65536
+preprocessor frag3_engine: policy first detect_anomalies
+
+
+# stream4: stateful inspection/stream reassembly for Snort
+#----------------------------------------------------------------------
+# Use in concert with the -z [all|est] command line switch to defeat stick/snot
+# against TCP rules.  Also performs full TCP stream reassembly, stateful
+# inspection of TCP streams, etc.  Can statefully detect various portscan
+# types, fingerprinting, ECN, etc.
+
+# stateful inspection directive
+# no arguments loads the defaults (timeout 30, memcap 8388608)
+# options (options are comma delimited):
+#   detect_scans - stream4 will detect stealth portscans and generate alerts
+#                  when it sees them when this option is set
+#   detect_state_problems - detect TCP state problems, this tends to be very
+#                           noisy because there are a lot of crappy ip stack
+#                           implementations out there
+#
+#   disable_evasion_alerts - turn off the possibly noisy mitigation of
+#                            overlapping sequences.
+#
+#   ttl_limit [number]     - differential of the initial ttl on a session versus
+#                             the normal that someone may be playing games.
+#                             Routing flap may cause lots of false positives.
+# 
+#   keepstats [machine|binary] - keep session statistics, add "machine" to 
+#                         get them in a flat format for machine reading, add
+#                         "binary" to get them in a unified binary output 
+#                         format
+#   noinspect - turn off stateful inspection only
+#   timeout [number] - set the session timeout counter to [number] seconds,
+#                      default is 30 seconds
+#   max_sessions [number] - limit the number of sessions stream4 keeps
+#                         track of
+#   memcap [number] - limit stream4 memory usage to [number] bytes (does
+#                     not include session tracking, which is set by the
+#                     max_sessions option)
+#   log_flushed_streams - if an event is detected on a stream this option will
+#                         cause all packets that are stored in the stream4
+#                         packet buffers to be flushed to disk.  This only 
+#                         works when logging in pcap mode!
+#   server_inspect_limit [bytes] - Byte limit on server side inspection.
+#   enable_udp_sessions - turn on tracking of "sessions" over UDP.  Requires
+#                         configure --enable-stream4udp.  UDP sessions are
+#                         only created when there is a rule for the sender or
+#                         responder that has a flow or flowbits keyword.
+#   max_udp_sessions [number] - limit the number of simultaneous UDP sessions
+#                               to track
+#   udp_ignore_any - Do not inspect UDP packets unless there is a port specific
+#                    rule for a given port.  This is a performance improvement
+#                    and turns off inspection for udp xxx any -> xxx any rules
+#   cache_clean_sessions [number] - Cleanup the session cache by number sessions
+#                                   at a time.  The larger the value, the
+#                                   more sessions are purged from the cache when
+#                                   the session limit or memcap is reached.
+#                                   Defaults to 5.
+#   
+#   
+#
+# Stream4 uses Generator ID 111 and uses the following SIDS 
+# for that GID:
+#  SID     Event description
+# -----   -------------------
+#   1       Stealth activity
+#   2       Evasive RST packet
+#   3       Evasive TCP packet retransmission
+#   4       TCP Window violation
+#   5       Data on SYN packet
+#   6       Stealth scan: full XMAS
+#   7       Stealth scan: SYN-ACK-PSH-URG
+#   8       Stealth scan: FIN scan
+#   9       Stealth scan: NULL scan
+#   10      Stealth scan: NMAP XMAS scan
+#   11      Stealth scan: Vecna scan
+#   12      Stealth scan: NMAP fingerprint scan stateful detect
+#   13      Stealth scan: SYN-FIN scan
+#   14      TCP forward overlap
+
+#preprocessor stream4: disable_evasion_alerts
+
+# tcp stream reassembly directive
+# no arguments loads the default configuration 
+#   Only reassemble the client,
+#   Only reassemble the default list of ports (See below),  
+#   Give alerts for "bad" streams
+#
+# Available options (comma delimited):
+#   clientonly - reassemble traffic for the client side of a connection only
+#   serveronly - reassemble traffic for the server side of a connection only
+#   both - reassemble both sides of a session
+#   noalerts - turn off alerts from the stream reassembly stage of stream4
+#   ports [list] - use the space separated list of ports in [list], "all" 
+#                  will turn on reassembly for all ports, "default" will turn
+#                  on reassembly for ports 21, 23, 25, 42, 53, 80, 110,
+#                  111, 135, 136, 137, 139, 143, 445, 513, 514, 1433, 1521,
+#                  2401, and 3306
+#   favor_old - favor an old segment (based on sequence number) over a new one.
+#               This is the default.
+#   favor_new - favor an new segment (based on sequence number) over an old one.
+#   overlap_limit [number] - limit on overlaping segments for a session.
+#   flush_on_alert - flushes stream when an alert is generated for a session.
+#   flush_behavior [mode] -
+#           default      - use old static flushpoints (default)
+#           large_window - use new larger static flushpoints
+#           random       - use random flushpoints defined by flush_base, 
+#                          flush_seed and flush_range
+#   flush_base [number] - lowest allowed random flushpoint (512 by default)
+#   flush_range [number] - number is the space within which random flushpoints
+#                          are generated (default 1213)
+#   flush_seed [number] - seed for the random number generator, defaults to 
+#                         Snort PID + time
+#
+# Using the default random flushpoints, the smallest flushpoint is 512,
+# and the largest is 1725 bytes.
+#preprocessor stream4_reassemble
+
+# stream5: Target Based stateful inspection/stream reassembly for Snort
+# ---------------------------------------------------------------------
+# Stream5 is a target-based stream engine for Snort.  Its functionality
+# replaces that of Stream4.  Consequently, BOTH Stream4 and Stream5
+# cannot be used simultaneously.  Comment out the stream4 configurations
+# above to use Stream5.
+# 
+# See README.stream5 for details on the configuration options.
+#
+# Example config (that emulates Stream4 with UDP support compiled in)
+preprocessor stream5_global: max_tcp 8192, track_tcp yes, \
+                              track_udp no
+preprocessor stream5_tcp: policy first, use_static_footprint_sizes
+# preprocessor stream5_udp: ignore_any_rules
+
+
+# Performance Statistics
+# ----------------------
+# Documentation for this is provided in the Snort Manual.  You should read it.
+# It is included in the release distribution as doc/snort_manual.pdf
+# 
+# preprocessor perfmonitor: time 300 file /var/snort/snort.stats pktcnt 10000
+
+# http_inspect: normalize and detect HTTP traffic and protocol anomalies
+#
+# lots of options available here. See doc/README.http_inspect.
+# unicode.map should be wherever your snort.conf lives, or given
+# a full path to where snort can find it.
+preprocessor http_inspect: global \
+    iis_unicode_map unicode.map 1252 
+
+preprocessor http_inspect_server: server default \
+    profile all ports { 80 8080 8180 } oversize_dir_length 500
+
+#
+#  Example unique server configuration
+#
+#preprocessor http_inspect_server: server 1.1.1.1 \
+#    ports { 80 3128 8080 } \
+#    flow_depth 0 \
+#    ascii no \
+#    double_decode yes \
+#    non_rfc_char { 0x00 } \
+#    chunk_length 500000 \
+#    non_strict \
+#    oversize_dir_length 300 \
+#    no_alerts
+
+
+# rpc_decode: normalize RPC traffic
+# ---------------------------------
+# RPC may be sent in alternate encodings besides the usual 4-byte encoding
+# that is used by default. This plugin takes the port numbers that RPC
+# services are running on as arguments - it is assumed that the given ports
+# are actually running this type of service. If not, change the ports or turn
+# it off.
+# The RPC decode preprocessor uses generator ID 106
+#
+# arguments: space separated list
+# alert_fragments - alert on any rpc fragmented TCP data
+# no_alert_multiple_requests - don't alert when >1 rpc query is in a packet
+# no_alert_large_fragments - don't alert when the fragmented
+#                            sizes exceed the current packet size
+# no_alert_incomplete - don't alert when a single segment
+#                       exceeds the current packet size
+
+preprocessor rpc_decode: 111 32771
+
+# bo: Back Orifice detector
+# -------------------------
+# Detects Back Orifice traffic on the network.
+#
+# arguments:  
+#   syntax:
+#     preprocessor bo: noalert { client | server | general | snort_attack } \
+#                      drop    { client | server | general | snort_attack }
+#   example:
+#     preprocessor bo: noalert { general server } drop { snort_attack }
+#
+# 
+# The Back Orifice detector uses Generator ID 105 and uses the 
+# following SIDS for that GID:
+#  SID     Event description
+# -----   -------------------
+#   1       Back Orifice traffic detected
+#   2       Back Orifice Client Traffic Detected
+#   3       Back Orifice Server Traffic Detected
+#   4       Back Orifice Snort Buffer Attack
+
+preprocessor bo
+
+# telnet_decode: Telnet negotiation string normalizer
+# ---------------------------------------------------
+# This preprocessor "normalizes" telnet negotiation strings from telnet and ftp
+# traffic.  It works in much the same way as the http_decode preprocessor,
+# searching for traffic that breaks up the normal data stream of a protocol and
+# replacing it with a normalized representation of that traffic so that the
+# "content" pattern matching keyword can work without requiring modifications.
+# This preprocessor requires no arguments.
+#
+# DEPRECATED in favor of ftp_telnet dynamic preprocessor
+#preprocessor telnet_decode
+#
+# ftp_telnet: FTP & Telnet normalizer, protocol enforcement and buff overflow
+# ---------------------------------------------------------------------------
+# This preprocessor normalizes telnet negotiation strings from telnet and
+# ftp traffic.  It looks for traffic that breaks the normal data stream
+# of the protocol, replacing it with a normalized representation of that
+# traffic so that the "content" pattern matching keyword can work without
+# requiring modifications.
+#
+# It also performs protocol correctness checks for the FTP command channel,
+# and identifies open FTP data transfers.
+#
+# FTPTelnet has numerous options available, please read
+# README.ftptelnet for help configuring the options for the global
+# telnet, ftp server, and ftp client sections for the protocol.
+
+#####
+# Per Step #2, set the following to load the ftptelnet preprocessor
+# dynamicpreprocessor file <full path to libsf_ftptelnet_preproc.so>
+# or use commandline option
+# --dynamic-preprocessor-lib <full path to libsf_ftptelnet_preproc.so>
+
+preprocessor ftp_telnet: global \
+   encrypted_traffic yes \
+   inspection_type stateful
+
+preprocessor ftp_telnet_protocol: telnet \
+   normalize \
+   ayt_attack_thresh 200
+
+# This is consistent with the FTP rules as of 18 Sept 2004.
+# CWD can have param length of 200
+# MODE has an additional mode of Z (compressed)
+# Check for string formats in USER & PASS commands
+# Check nDTM commands that set modification time on the file.
+preprocessor ftp_telnet_protocol: ftp server default \
+   def_max_param_len 100 \
+   alt_max_param_len 200 { CWD } \
+   cmd_validity MODE < char ASBCZ > \
+   cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
+   chk_str_fmt { USER PASS RNFR RNTO SITE MKD } \
+   telnet_cmds yes \
+   data_chan
+
+preprocessor ftp_telnet_protocol: ftp client default \
+   max_resp_len 256 \
+   bounce yes \
+   telnet_cmds yes
+
+# smtp: SMTP normalizer, protocol enforcement and buffer overflow
+# ---------------------------------------------------------------------------
+# This preprocessor normalizes SMTP commands by removing extraneous spaces.
+# It looks for overly long command lines, response lines, and data header lines.
+# It can alert on invalid commands, or specific valid commands.  It can optionally
+# ignore mail data, and can ignore TLS encrypted data.
+#
+# SMTP has numerous options available, please read README.SMTP for help
+# configuring options.
+
+#####
+# Per Step #2, set the following to load the smtp preprocessor
+# dynamicpreprocessor file <full path to libsf_smtp_preproc.so>
+# or use commandline option
+# --dynamic-preprocessor-lib <full path to libsf_smtp_preproc.so>
+
+preprocessor smtp: \
+  ports { 25 587 691 } \
+  inspection_type stateful \
+  normalize cmds \
+  normalize_cmds { EXPN VRFY RCPT } \
+  alt_max_command_line_len 260 { MAIL } \
+  alt_max_command_line_len 300 { RCPT } \
+  alt_max_command_line_len 500 { HELP HELO ETRN } \
+  alt_max_command_line_len 255 { EXPN VRFY }
+
+# sfPortscan
+# ----------
+# Portscan detection module.  Detects various types of portscans and
+# portsweeps.  For more information on detection philosophy, alert types,
+# and detailed portscan information, please refer to the README.sfportscan.
+#
+# -configuration options-
+#     proto { tcp udp icmp ip all }
+#       The arguments to the proto option are the types of protocol scans that
+#       the user wants to detect.  Arguments should be separated by spaces and
+#       not commas.
+#     scan_type { portscan portsweep decoy_portscan distributed_portscan all }
+#       The arguments to the scan_type option are the scan types that the
+#       user wants to detect.  Arguments should be separated by spaces and not
+#       commas.
+#     sense_level { low|medium|high }
+#       There is only one argument to this option and it is the level of
+#       sensitivity in which to detect portscans.  The 'low' sensitivity
+#       detects scans by the common method of looking for response errors, such
+#       as TCP RSTs or ICMP unreachables.  This level requires the least
+#       tuning.  The 'medium' sensitivity level detects portscans and 
+#       filtered portscans (portscans that receive no response).  This
+#       sensitivity level usually requires tuning out scan events from NATed
+#       IPs, DNS cache servers, etc.  The 'high' sensitivity level has
+#       lower thresholds for portscan detection and a longer time window than
+#       the 'medium' sensitivity level.  Requires more tuning and may be noisy
+#       on very active networks.  However, this sensitivity levels catches the
+#       most scans.
+#     memcap { positive integer }
+#       The maximum number of bytes to allocate for portscan detection.  The
+#       higher this number the more nodes that can be tracked.
+#     logfile { filename }
+#       This option specifies the file to log portscan and detailed portscan
+#       values to.  If there is not a leading /, then snort logs to the
+#       configured log directory.  Refer to README.sfportscan for details on
+#       the logged values in the logfile.
+#     watch_ip { Snort IP List }
+#     ignore_scanners { Snort IP List }
+#     ignore_scanned { Snort IP List }
+#       These options take a snort IP list as the argument.  The 'watch_ip'
+#       option specifies the IP(s) to watch for portscan.  The 
+#       'ignore_scanners' option specifies the IP(s) to ignore as scanners.
+#       Note that these hosts are still watched as scanned hosts.  The
+#       'ignore_scanners' option is used to tune alerts from very active
+#       hosts such as NAT, nessus hosts, etc.  The 'ignore_scanned' option 
+#       specifies the IP(s) to ignore as scanned hosts.  Note that these hosts
+#       are still watched as scanner hosts.  The 'ignore_scanned' option is
+#       used to tune alerts from very active hosts such as syslog servers, etc.
+#     detect_ack_scans
+#       This option will include sessions picked up in midstream by the stream
+#       module, which is necessary to detect ACK scans.  However, this can lead to
+#       false alerts, especially under heavy load with dropped packets; which is why
+#       the option is off by default.
+#
+preprocessor sfportscan: proto  { all } \
+                         memcap { 10000000 } \
+                         sense_level { low }
+
+# arpspoof
+#----------------------------------------
+# Experimental ARP detection code from Jeff Nathan, detects ARP attacks,
+# unicast ARP requests, and specific ARP mapping monitoring.  To make use of
+# this preprocessor you must specify the IP and hardware address of hosts on
+# the same layer 2 segment as you.  Specify one host IP MAC combo per line.
+# Also takes a "-unicast" option to turn on unicast ARP request detection. 
+# Arpspoof uses Generator ID 112 and uses the following SIDS for that GID:
+
+#  SID     Event description
+# -----   -------------------
+#   1       Unicast ARP request
+#   2       Etherframe ARP mismatch (src)
+#   3       Etherframe ARP mismatch (dst)
+#   4       ARP cache overwrite attack
+
+#preprocessor arpspoof
+#preprocessor arpspoof_detect_host: 192.168.40.1 f0:0f:00:f0:0f:00
+
+# ssh
+#----------------------------------------
+# EXPERIMENTAL CODE!!!
+#
+# THIS CODE IS STILL EXPERIMENTAL AND MAY OR MAY NOT BE STABLE!
+# USE AT YOUR OWN RISK!  DO NOT USE IN PRODUCTION ENVIRONMENTS.
+# YOU HAVE BEEN WARNED.
+#
+# The SSH preprocessor detects the following exploits: Gobbles, CRC 32,
+# Secure CRT, and the Protocol Mismatch exploit.
+#
+# Both Gobbles and CRC 32 attacks occur after the key exchange, and are
+# therefore encrypted.  Both attacks involve sending a large payload
+# (20kb+) to the server immediately after the authentication challenge.
+# To detect the attacks, the SSH preprocessor counts the number of bytes
+# transmitted to the server.  If those bytes exceed a pre-defined limit
+# within a pre-define number of packets, an alert is generated.  Since
+# Gobbles only effects SSHv2 and CRC 32 only effects SSHv1, the SSH
+# version string exchange is used to distinguish the attacks.
+#
+# The Secure CRT and protocol mismatch exploits are observable before
+# the key exchange.
+#
+# SSH has numerous options available, please read README.ssh for help
+# configuring options.
+
+#####
+# Per Step #2, set the following to load the ssh preprocessor
+# dynamicpreprocessor file <full path to libsf_ssh_preproc.so>
+# or use commandline option
+# --dynamic-preprocessor-lib <full path to libsf_ssh_preproc.so>
+#
+#preprocessor ssh: server_ports { 22 } \
+#                  max_client_bytes 19600 \
+#                  max_encrypted_packets 20
+
+# DCE/RPC
+#----------------------------------------
+#
+# The dcerpc preprocessor detects and decodes SMB and DCE/RPC traffic.
+# It is primarily interested in DCE/RPC data, and only decodes SMB
+# to get at the DCE/RPC data carried by the SMB layer.
+# 
+# Currently, the preprocessor only handles reassembly of fragmentation
+# at both the SMB and DCE/RPC layer.  Snort rules can be evaded by
+# using both types of fragmentation; with the preprocessor enabled
+# the rules are given a buffer with a reassembled SMB or DCE/RPC
+# packet to examine.
+# 
+# At the SMB layer, only fragmentation using WriteAndX is currently
+# reassembled.  Other methods will be handled in future versions of
+# the preprocessor.
+# 
+# Autodetection of SMB is done by looking for "\xFFSMB" at the start of
+# the SMB data, as well as checking the NetBIOS header (which is always
+# present for SMB) for the type "SMB Session".
+# 
+# Autodetection of DCE/RPC is not as reliable.  Currently, two bytes are
+# checked in the packet.  Assuming that the data is a DCE/RPC header,
+# one byte is checked for DCE/RPC version (5) and another for the type
+# "DCE/RPC Request".  If both match, the preprocessor proceeds with that
+# assumption that it is looking at DCE/RPC data.  If subsequent checks
+# are nonsensical, it ends processing.
+#
+# DCERPC has numerous options available, please read README.dcerpc for help
+# configuring options.
+
+#####
+# Per Step #2, set the following to load the dcerpc preprocessor
+# dynamicpreprocessor file <full path to libsf_dcerpc_preproc.so>
+# or use commandline option
+# --dynamic-preprocessor-lib <full path to libsf_dcerpc_preproc.so>
+
+preprocessor dcerpc: \
+    autodetect \
+    max_frag_size 3000 \
+    memcap 100000
+
+# DNS
+#----------------------------------------
+# The dns preprocessor (currently) decodes DNS Response traffic
+# and detects a few vulnerabilities.
+#
+# DNS has a few options available, please read README.dns for
+# help configuring options.
+
+#####
+# Per Step #2, set the following to load the dns preprocessor
+# dynamicpreprocessor file <full path to libsf_dns_preproc.so>
+# or use commandline option
+# --dynamic-preprocessor-lib <full path to libsf_dns_preproc.so>
+
+preprocessor dns: \
+    ports { 53 } \
+    enable_rdata_overflow
+
+# SSL
+#----------------------------------------
+# Encrypted traffic should be ignored by Snort for both performance reasons
+# and to reduce false positives.  The SSL Dynamic Preprocessor (SSLPP) 
+# inspects SSL traffic and optionally determines if and when to stop 
+# inspection of it.
+#
+# Typically, SSL is used over port 443 as HTTPS.  By enabling the SSLPP to
+# inspect port 443, only the SSL handshake of each connection will be
+# inspected.  Once the traffic is determined to be encrypted, no further
+# inspection of the data on the connection is made.
+#
+#   Important note: Stream4 or Stream5 should be explicitly told to reassemble
+#                   traffic on the ports that you intend to inspect SSL
+#                   encrypted traffic on.
+#
+#   To add reassembly on port 443 to Stream5, use 'port both 443' in the 
+#   Stream5 configuration.
+
+preprocessor ssl: noinspect_encrypted
+
+
+####################################################################
+# Step #4: Configure output plugins
+#
+# Uncomment and configure the output plugins you decide to use.  General
+# configuration for output plugins is of the form:
+#
+# output <name_of_plugin>: <configuration_options>
+#
+# alert_syslog: log alerts to syslog
+# ----------------------------------
+# Use one or more syslog facilities as arguments.  Win32 can also optionally
+# specify a particular hostname/port.  Under Win32, the default hostname is
+# '127.0.0.1', and the default port is 514.
+#
+# [Unix flavours should use this format...]
+# output alert_syslog: LOG_AUTH LOG_ALERT
+#
+# [Win32 can use any of these formats...]
+# output alert_syslog: LOG_AUTH LOG_ALERT
+# output alert_syslog: host=hostname, LOG_AUTH LOG_ALERT
+# output alert_syslog: host=hostname:port, LOG_AUTH LOG_ALERT
+
+# log_tcpdump: log packets in binary tcpdump format
+# -------------------------------------------------
+# The only argument is the output file name.
+#
+# output log_tcpdump: tcpdump.log
+
+# database: log to a variety of databases
+# ---------------------------------------
+# See the README.database file for more information about configuring
+# and using this plugin.
+#
+# output database: log, mysql, user=root password=test dbname=db host=localhost
+# output database: alert, postgresql, user=snort dbname=snort
+# output database: log, odbc, user=snort dbname=snort
+# output database: log, mssql, dbname=snort user=snort password=test
+# output database: log, oracle, dbname=snort user=snort password=test
+
+# unified: Snort unified binary format alerting and logging
+# -------------------------------------------------------------
+# The unified output plugin provides two new formats for logging and generating
+# alerts from Snort, the "unified" format.  The unified format is a straight
+# binary format for logging data out of Snort that is designed to be fast and
+# efficient.  Used with barnyard (the new alert/log processor), most of the
+# overhead for logging and alerting to various slow storage mechanisms such as
+# databases or the network can now be avoided.  
+#
+# Check out the spo_unified.h file for the data formats.
+#
+# Two arguments are supported.
+#    filename - base filename to write to (current time_t is appended)
+#    limit    - maximum size of spool file in MB (default: 128)
+#
+# output alert_unified: filename snort.alert, limit 128
+# output log_unified: filename snort.log, limit 128
+
+
+# prelude: log to the Prelude Hybrid IDS system
+# ---------------------------------------------
+#
+# profile = Name of the Prelude profile to use (default is snort).
+#
+# Snort priority to IDMEF severity mappings:
+# high < medium < low < info
+#
+# These are the default mapped from classification.config:
+# info   = 4
+# low    = 3
+# medium = 2
+# high   = anything below medium
+#
+# output alert_prelude
+# output alert_prelude: profile=snort-profile-name
+
+
+# You can optionally define new rule types and associate one or more output
+# plugins specifically to that type.
+#
+# This example will create a type that will log to just tcpdump.
+# ruletype suspicious
+# {
+#   type log
+#   output log_tcpdump: suspicious.log
+# }
+#
+# EXAMPLE RULE FOR SUSPICIOUS RULETYPE:
+# suspicious tcp $HOME_NET any -> $HOME_NET 6667 (msg:"Internal IRC Server";)
+#
+# This example will create a rule type that will log to syslog and a mysql
+# database:
+# ruletype redalert
+# {
+#   type alert
+#   output alert_syslog: LOG_AUTH LOG_ALERT
+#   output database: log, mysql, user=snort dbname=snort host=localhost
+# }
+#
+# EXAMPLE RULE FOR REDALERT RULETYPE:
+# redalert tcp $HOME_NET any -> $EXTERNAL_NET 31337 \
+#   (msg:"Someone is being LEET"; flags:A+;)
+
+#
+# Include classification & priority settings
+# Note for Windows users:  You are advised to make this an absolute path,
+# such as:  c:\snort\etc\classification.config
+#
+
+include classification.config
+
+#
+# Include reference systems
+# Note for Windows users:  You are advised to make this an absolute path,
+# such as:  c:\snort\etc\reference.config
+#
+
+include reference.config
+
+####################################################################
+# Step #5: Configure snort with config statements
+#
+# See the snort manual for a full set of configuration references
+#
+# config flowbits_size: 64
+#
+# New global ignore_ports config option from Andy Mullican
+#
+# config ignore_ports: <tcp|udp> <list of ports separated by whitespace>
+# config ignore_ports: tcp 21 6667:6671 1356
+# config ignore_ports: udp 1:17 53
+
+
+####################################################################
+# Step #6: Customize your rule set
+#
+# Up to date snort rules are available at http://www.snort.org
+#
+# The snort web site has documentation about how to write your own custom snort
+# rules.
+
+#=========================================
+# Include all relevant rulesets here 
+# 
+# The following rulesets are disabled by default:
+#
+#   web-attacks, backdoor, shellcode, policy, porn, info, icmp-info, virus,
+#   chat, multimedia, and p2p
+#            
+# These rules are either site policy specific or require tuning in order to not
+# generate false positive alerts in most enviornments.
+# 
+# Please read the specific include file for more information and
+# README.alert_order for how rule ordering affects how alerts are triggered.
+#=========================================
+
+include $RULE_PATH/community-bot.rules           
+include $RULE_PATH/community-deleted.rules       
+include $RULE_PATH/community-dos.rules           
+include $RULE_PATH/community-exploit.rules       
+include $RULE_PATH/community-ftp.rules           
+include $RULE_PATH/community-game.rules          
+include $RULE_PATH/community-icmp.rules          
+include $RULE_PATH/community-imap.rules          
+include $RULE_PATH/community-inappropriate.rules 
+include $RULE_PATH/community-mail-client.rules   
+include $RULE_PATH/community-misc.rules          
+include $RULE_PATH/community-nntp.rules          
+include $RULE_PATH/community-oracle.rules
+include $RULE_PATH/community-policy.rules
+include $RULE_PATH/community-sip.rules
+include $RULE_PATH/community-smtp.rules
+include $RULE_PATH/community-sql-injection.rules
+include $RULE_PATH/community-virus.rules
+include $RULE_PATH/community-web-attacks.rules
+include $RULE_PATH/community-web-cgi.rules
+include $RULE_PATH/community-web-client.rules
+include $RULE_PATH/community-web-dos.rules
+include $RULE_PATH/community-web-iis.rules
+include $RULE_PATH/community-web-misc.rules
+include $RULE_PATH/community-web-php.rules       
+         
+# include $PREPROC_RULE_PATH/preprocessor.rules
+# include $PREPROC_RULE_PATH/decoder.rules
+
+# Include any thresholding or suppression commands. See threshold.conf in the
+# <snort src>/etc directory for details. Commands don't necessarily need to be
+# contained in this conf, but a separate conf makes it easier to maintain them. 
+# Note for Windows users:  You are advised to make this an absolute path,
+# such as:  c:\snort\etc\threshold.conf
+# Uncomment if needed.
+# include threshold.conf
diff --git a/snort-createmysql b/snort-createmysql
new file mode 100644
index 0000000..3711957
--- /dev/null
+++ b/snort-createmysql
@@ -0,0 +1,11 @@
+#!/bin/bash
+mysqladmin create snort
+cat << EOF | mysql -u root snort 
+grant INSERT,SELECT on root.* to snort@localhost;
+SET PASSWORD FOR snort@localhost=PASSWORD('$1');
+grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort@localhost;
+grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort.* to snort;
+exit
+EOF
+mysql -u root < /usr/share/snort/contrib/create_mysql snort
+bzcat /usr/share/snort/contrib/snortdb-extra.bz2 | mysql -u snort --password="$1" snort 
diff --git a/snort-createmysql-archive b/snort-createmysql-archive
new file mode 100644
index 0000000..3a3be8e
--- /dev/null
+++ b/snort-createmysql-archive
@@ -0,0 +1,11 @@
+#!/bin/bash
+mysqladmin create snort_archive
+cat << EOF | mysql -u root snort_archive
+grant INSERT,SELECT on root.* to snort@localhost;
+SET PASSWORD FOR snort@localhost=PASSWORD('$1');
+grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort_archive.* to snort@localhost;
+grant CREATE,INSERT,SELECT,DELETE,UPDATE on snort_archive.* to snort;
+exit
+EOF
+mysql -u root < /usr/share/snort/contrib/create_mysql snort_archive
+bzcat /usr/share/snort/contrib/snortdb-extra.bz2 | mysql -u snort --password="$1" snort_archive 
diff --git a/snort-initscript b/snort-initscript
new file mode 100644
index 0000000..0ea6700
--- /dev/null
+++ b/snort-initscript
@@ -0,0 +1,59 @@
+#! /bin/bash
+#
+# snort - Snort intrusion detection system loader
+#         This starts and stops the snort service
+#
+# Copyright (c) 2003 by Silvan Calarco <silvan.calarco@qilinux.it>
+# Copyright (c) 2003 by Davide Madrisan <davide.madrisan@qilinux.it>
+#
+# description: snort loader
+# chkconfig: 2345 60 80
+
+source /etc/sysconfig/rc
+source $rc_functions
+source /etc/sysconfig/network
+[ -f /etc/sysconfig/snort ] && source /etc/sysconfig/snort
+
+case "$1" in
+   start)
+      intstring=""
+      [ -z "$SNORT_INTERFACES" ] && SNORT_INTERFACES=`grep -il "ONBOOT=yes" $network_devices/ifconfig.* 2>/dev/null`
+      for file in $SNORT_INTERFACES; do
+         interface="`echo $file | sed s/.*ifconfig\.// 2>/dev/null`"
+         intstring="-i $interface"
+         echo -n "Starting snort on interface $interface: "
+         daemon snort -u snort -b -D -c /etc/snort/snort.conf $intstring
+         evaluate_retval
+         echo
+      done
+      ;;
+
+   stop)
+      echo -n "Stopping snort: "
+      killproc snort
+      evaluate_retval
+      echo
+      ;;
+
+   reload)
+      echo -n "Reloading snort config file: "
+      reloadproc snort 1
+      evaluate_retval
+      echo
+      ;;
+
+   restart)
+      $0 stop
+      sleep 1
+      $0 start
+      ;;
+
+   status)
+      statusproc snort
+      ;;
+
+   *)
+      echo "Usage: $0 {start|stop|reload|restart|status}"
+      exit 1
+      ;;
+esac
diff --git a/snort-sysconfig b/snort-sysconfig
new file mode 100644
index 0000000..50437e8
--- /dev/null
+++ b/snort-sysconfig
@@ -0,0 +1,6 @@
+# snort service configuration
+#
+# Snort is started by deafult on all active interfaces
+# use SNORT_INTERFACES to specify the interfaces you want snort to bind on
+
+#SNORT_INTERFACES="eth1 eth3"
diff --git a/snort.spec b/snort.spec
new file mode 100644
index 0000000..d0d20ab
--- /dev/null
+++ b/snort.spec
@@ -0,0 +1,386 @@
+%define enable_mysql 1
+%define enable_odbc 0
+%define enable_postgresql 0
+%define groupid 65023
+%define userid 65023
+
+Name:          snort
+Version:       2.9.6.1
+Release:       1mamba
+Summary:       The Open Source Intrusion Detection System
+Group:         Network/Monitoring
+Vendor:        openmamba
+Distribution:  openmamba
+Packager:      Silvan Calarco <silvan.calarco@mambasoft.it>
+URL:           http://www.snort.org
+# 2.8.6.1: no direct link working; downloaded by hand
+Source0:       http://www.snort.org/dl/snort-current/%{name}-%{version}.tar.gz
+Source1:       snort-initscript
+Source2:       snort-sysconfig
+Source3:       snort-createmysql
+Source4:       snort-createmysql-archive
+#Source5:       http://www.snort.org/dl/contrib/...
+Source5:       snortdb-extra.bz2
+Source6:       http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz
+Source7:       snort-conf
+License:       GPL
+%if %enable_mysql
+BuildRequires: libmysql5-devel
+%endif
+%if %enable_odbc
+Requires:      libodbc >= 2.2.6
+BuildRequires: libodbc-devel >= 2.2.6
+%endif
+%if %enable_postgresql
+Requires:      postgresql >= 7.3.3
+BuildRequires: postgresql-devel >= 7.4-2
+%endif
+## AUTOBUILDREQ-BEGIN
+BuildRequires: glibc-devel
+BuildRequires: libmysql5-devel
+BuildRequires: libopenssl-devel
+BuildRequires: libpcap-devel
+BuildRequires: libpcre-devel
+BuildRequires: libz-devel
+BuildRequires: mysql
+BuildRequires: mysql-client
+## AUTOBUILDREQ-END
+BuildRequires: libdnet-devel
+BuildRequires: libdaq-devel
+BuildRoot:     %{_tmppath}/%{name}-%{version}-build
+Provides:      %{_datadir}/snort/contrib/createmysql
+Provides:      %{_datadir}/snort/contrib/createmysql-archive
+
+%description
+Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
+It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
+Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture.
+Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.
+
+Snort has three primary uses. 
+It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion  detection system.
+
+%package devel
+Summary:       Static libraries, headers and source files for development with %{name}
+Group:         Development/Applications
+Requires:      %{name} = %{version}-%{release}
+
+%description devel
+Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
+It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
+Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture.
+Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.
+
+Snort has three primary uses. 
+It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion  detection system.
+
+This package contains the static libraries, headers and source files for development.
+
+%prep
+%setup -q -a6
+sed -i "s|/usr/local|/usr|" etc/snort.conf
+
+%build
+%configure \
+   -sysconfdir=%{_sysconfdir}/snort \
+   --enable-linux-smp-stat \
+   --enable-smbalerts \
+%if %enable_mysql
+   --with-mysql \
+%else
+   --without-mysql --disable-mysql \
+%endif
+%if %enable_odbc
+   --with-odbc \
+%endif
+%if %enable_postgresql
+   --with-postgresql \
+%endif
+#  --enable-sourcefire
+#  --enable-perfmonitor
+#  --enable-flexresp
+
+%make -j1
+
+%install
+[ "%{buildroot}" != / ] && rm -rf %{buildroot}
+%makeinstall
+
+install -d %{buildroot}%{_sysconfdir}/snort/{rules,preproc_rules}
+cp rules/*.rules %{buildroot}%{_sysconfdir}/snort/rules/
+cp preproc_rules/*.rules %{buildroot}%{_sysconfdir}/snort/preproc_rules/
+
+cp etc/*.conf etc/*.config etc/*.map %{buildroot}%{_sysconfdir}/snort
+
+install -D -m 755 %{SOURCE1} %{buildroot}%{_initrddir}/snort
+install -D -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/snort
+
+install -d %{buildroot}/var/log/snort
+
+install -D %{SOURCE3} %{buildroot}%{_datadir}/snort/contrib/createmysql
+install -D %{SOURCE4} %{buildroot}%{_datadir}/snort/contrib/createmysql-archive
+
+install -D %{SOURCE7} %{buildroot}%{_sysconfdir}/snort/snort.conf
+
+#cp contrib/create* contrib/snortdb-extra.bz2 %{buildroot}%{_datadir}/snort/contrib/
+cp %{SOURCE5} %{buildroot}%{_datadir}/snort/contrib/
+#cp schemas/create_* %{buildroot}%{_datadir}/snort/contrib/
+
+%pre
+/usr/sbin/groupadd snort -g %{groupid} 2>/dev/null
+/usr/sbin/useradd -u %{userid} -c 'Snort user' -d /dev/null -g snort \
+   -s /bin/false snort 2>/dev/null
+exit 0
+
+%post
+# new install
+if [ $1 -eq 1 ]; then
+   RANDOM_PASSWD=`/usr/bin/mkpasswd -l 10 -s 0`
+   sed -i "s|# output database: log, mysql.*|output database: log, mysql, user=snort password=$RANDOM_PASSWD dbname=snort host=localhost|" \
+      %{_sysconfdir}/snort/snort.conf
+   %{_datadir}/snort/contrib/createmysql $RANDOM_PASSWD
+   %{_datadir}/snort/contrib/createmysql-archive $RANDOM_PASSWD
+fi
+exit 0
+
+%preun
+# erase
+if [ $1 -eq 0 ]; then
+   service snort stop 2>/dev/null
+   /sbin/chkconfig --del snort
+   /usr/sbin/userdel snort 2>/dev/null
+fi
+exit 0
+
+%postun
+# update
+if [ $1 -eq 1 ]; then
+   groupadd snort -g %{groupid} 2>/dev/null
+   /usr/sbin/useradd -u %{userid} -c 'Snort user' -d /dev/null -g snort \
+      -s /bin/false snort 2>/dev/null
+   /sbin/chkconfig snort
+   [ $? -eq 0 ] && service snort restart
+fi
+exit 0
+
+%clean
+[ "%{buildroot}" != / ] && rm -rf %{buildroot}
+
+%files
+%defattr(-,root,root)
+%config(noreplace) %{_sysconfdir}/snort/snort.conf
+%config %{_sysconfdir}/snort/file_magic.conf
+%config(noreplace) %{_sysconfdir}/snort/threshold.conf
+%config(noreplace) %{_sysconfdir}/snort/classification.config
+%config(noreplace) %{_sysconfdir}/snort/reference.config
+%config(noreplace) %{_sysconfdir}/sysconfig/snort
+%{_sysconfdir}/snort/rules/*
+%{_sysconfdir}/snort/preproc_rules/*
+%{_sysconfdir}/snort/*.map
+%{_bindir}/u2boat
+%{_bindir}/u2spewfoo
+%{_bindir}/snort
+%dir %{_prefix}/lib/snort_dynamicengine
+%{_prefix}/lib/snort_dynamicengine/libsf_engine.a
+%{_prefix}/lib/snort_dynamicengine/libsf_engine.la
+%{_prefix}/lib/snort_dynamicengine/libsf_engine.so
+%{_prefix}/lib/snort_dynamicengine/libsf_engine.so.*
+%dir %{_prefix}/lib/snort_dynamicpreprocessor
+%{_prefix}/lib/snort_dynamicpreprocessor/*.a
+%{_prefix}/lib/snort_dynamicpreprocessor/*.la
+%{_prefix}/lib/snort_dynamicpreprocessor/*.so*
+%dir %{_libdir}/snort/dynamic_output/
+%{_libdir}/snort/dynamic_output/libsf_dynamic_output.a
+%{_libdir}/snort/dynamic_output/libsf_dynamic_output.la
+%dir %{_libdir}/snort/dynamic_preproc
+%{_libdir}/snort/dynamic_preproc/libsf_dynamic_preproc.a
+%{_libdir}/snort/dynamic_preproc/libsf_dynamic_preproc.la
+%dir %{_datadir}/snort
+%dir %{_datadir}/snort/contrib
+%{_datadir}/snort/contrib/*
+%attr(755,root,root) %{_initrddir}/snort
+%dir %attr(755,snort,snort) /var/log/snort
+%{_datadir}/doc/snort/*
+%{_mandir}/man8/*
+%doc ChangeLog doc/AUTHORS doc/CREDITS
+%doc doc/snort_manual.*
+
+%files devel
+%defattr(-,root,root)
+%{_prefix}/src/snort_dynamicsrc/*.h
+%{_prefix}/src/snort_dynamicsrc/*.c
+%dir %{_includedir}/snort
+%{_includedir}/snort/*
+%{_libdir}/pkgconfig/snort.pc
+%{_libdir}/pkgconfig/snort_preproc.pc
+%{_libdir}/pkgconfig/snort_output.pc
+%doc doc/{BUGS,CREDITS,NEWS,README*,TODO,USAGE}
+
+%changelog
+* Thu Apr 24 2014 Automatic Build System <autodist@mambasoft.it> 2.9.6.1-1mamba
+- automatic version update by autodist
+
+* Sun Feb 02 2014 Automatic Build System <autodist@mambasoft.it> 2.9.6.0-1mamba
+- automatic version update by autodist
+
+* Tue Nov 19 2013 Automatic Build System <autodist@mambasoft.it> 2.9.5.6-1mamba
+- automatic version update by autodist
+
+* Tue Sep 17 2013 Automatic Build System <autodist@mambasoft.it> 2.9.5.5-1mamba
+- automatic version update by autodist
+
+* Wed Jul 31 2013 Automatic Build System <autodist@mambasoft.it> 2.9.5.3-1mamba
+- automatic version update by autodist
+
+* Tue Jul 02 2013 Automatic Build System <autodist@mambasoft.it> 2.9.5-1mamba
+- automatic version update by autodist
+
+* Thu Apr 25 2013 Automatic Build System <autodist@mambasoft.it> 2.9.4.6-1mamba
+- automatic version update by autodist
+
+* Thu Apr 04 2013 Automatic Build System <autodist@mambasoft.it> 2.9.4.5-1mamba
+- automatic version update by autodist
+
+* Wed Mar 06 2013 Automatic Build System <autodist@mambasoft.it> 2.9.4.1-1mamba
+- automatic version update by autodist
+
+* Tue Dec 04 2012 Automatic Build System <autodist@mambasoft.it> 2.9.4-1mamba
+- automatic version update by autodist
+
+* Thu Aug 09 2012 Automatic Build System <autodist@mambasoft.it> 2.9.3.1-1mamba
+- automatic version update by autodist
+
+* Sun Jul 22 2012 Automatic Build System <autodist@mambasoft.it> 2.9.3-1mamba
+- automatic version update by autodist
+
+* Wed May 16 2012 Automatic Build System <autodist@mambasoft.it> 2.9.2.3-1mamba
+- automatic version update by autodist
+
+* Wed Mar 28 2012 Automatic Build System <autodist@mambasoft.it> 2.9.2.2-1mamba
+- automatic version update by autodist
+
+* Fri Jan 20 2012 Automatic Build System <autodist@mambasoft.it> 2.9.2.1-1mamba
+- automatic version update by autodist
+
+* Thu Dec 22 2011 Automatic Build System <autodist@mambasoft.it> 2.9.2-1mamba
+- automatic version update by autodist
+
+* Thu Oct 20 2011 Automatic Build System <autodist@mambasoft.it> 2.9.1.2-1mamba
+- automatic version update by autodist
+
+* Fri Oct 07 2011 Automatic Build System <autodist@mambasoft.it> 2.9.1.1-1mamba
+- automatic version update by autodist
+
+* Thu Aug 25 2011 Automatic Build System <autodist@mambasoft.it> 2.9.1-1mamba
+- automatic version update by autodist
+
+* Thu Apr 07 2011 Automatic Build System <autodist@mambasoft.it> 2.9.0.5-1mamba
+- automatic update by autodist
+
+* Sat Feb 19 2011 Automatic Build System <autodist@mambasoft.it> 2.9.0.4-1mamba
+- update to 2.9.0.4
+
+* Mon Jul 26 2010 Automatic Build System <autodist@mambasoft.it> 2.8.6.1-1mamba
+- update to 2.8.6.1
+
+* Sat May 08 2010 Automatic Build System <autodist@mambasoft.it> 2.8.6-1mamba
+- automatic update to 2.8.6 by autodist
+
+* Thu Feb 18 2010 Automatic Build System <autodist@mambasoft.it> 2.8.5.3-1mamba
+- automatic update to 2.8.5.3 by autodist
+
+* Thu Dec 31 2009 Automatic Build System <autodist@mambasoft.it> 2.8.5.2-1mamba
+- automatic update to 2.8.5.2 by autodist
+
+* Sun Oct 25 2009 Automatic Build System <autodist@mambasoft.it> 2.8.5.1-1mamba
+- automatic update to 2.8.5.1 by autodist
+
+* Tue Sep 29 2009 Automatic Build System <autodist@mambasoft.it> 2.8.5-1mamba
+- update to 2.8.5
+
+* Tue Apr 28 2009 Automatic Build System <autodist@mambasoft.it> 2.8.4.1-1mamba
+- automatic update to 2.8.4.1 by autodist
+
+* Wed Apr 08 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 2.8.4-1mamba
+- automatic update to 2.8.4 by autodist
+
+* Sat Jan 17 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 2.8.3.2-1mamba
+- automatic update to 2.8.3.2 by autodist
+
+* Thu Oct 02 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 2.8.3.1-1mamba
+- automatic update to 2.8.3.1 by autodist
+
+* Sat Sep 06 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 2.8.3-1mamba
+- update to 2.8.3
+
+* Sun Aug 31 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 2.8.2.2-2mamba
+- fix requirements in post script
+
+* Sun Aug 24 2008 gil <puntogil@libero.it> 2.8.2.2-1mamba
+- update to 2.8.2.2
+
+* Wed Jun 18 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 2.8.2.1-1mamba
+- update to 2.8.2.1
+
+* Fri Jul 08 2005 Davide Madrisan <davide.madrisan@qilinux.it> 2.3.3-3qilnx
+- rebuilt with new libpcap libraries
+
+* Thu Jul 07 2005 Davide Madrisan <davide.madrisan@qilinux.it> 2.3.3-2qilnx
+- fixed %%pre script
+
+* Mon May 02 2005 Davide Madrisan <davide.madrisan@qilinux.it> 2.3.3-1qilnx
+- update to version 2.3.3 by autospec
+- new source `snortdb-extra.bz2'
+  see http://cvs.snort.org/viewcvs.cgi/snort/contrib/Attic/snortdb-extra.gz
+- fixed group for used snort
+
+* Fri Dec 31 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 2.2.0-1qilnx
+- update to version 2.2.0 by autospec
+
+* Tue Oct 05 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 2.1.3-5qilnx
+- added creation of snort-archive database
+
+* Sat Jun 05 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 2.1.3-4qilnx
+- start daemon without "-A fast" otherwise it won't log to database
+
+* Tue Jun 04 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 2.1.3-3qilnx
+- completed db creation with snortdb-extra.gz
+
+* Tue Jun 04 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 2.1.3-2qilnx
+- reconfigured with mysql database creation on install
+- now runs with its own user and group (snort)
+
+* Thu Jun 03 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 2.1.3-1qilnx
+- new version build
+
+* Thu Apr 01 2004 Davide Madrisan <davide.madrisan@qilinux.it> 2.1.2-1qilnx
+- new version rebuild
+
+* Tue Mar 02 2004 Davide Madrisan <davide.madrisan@qilinux.it> 2.1.1-2qilnx
+- RPM group modified; postun scriptlet fixed
+
+* Mon Mar 01 2004 Davide Madrisan <davide.madrisan@qilinux.it> 2.1.1-1qilnx
+- rebuilt with version 2.1.1
+- minor specfile cleanups
+
+* Tue Dec 30 2003 Davide Madrisan <davide.madrisan@qilinux.it> 2.1.0-1qilnx
+- rebuilt with version 2.1.0
+  enabled support for mysql, postgresql, odbc
+
+* Fri Nov 21 2003 Davide Madrisan <davide.madrisan@qilinux.it> 2.0.5-1qilnx
+- rebuilt with version 2.0.5
+
+* Fri Nov 07 2003 Davide Madrisan <davide.madrisan@qilinux.it> 2.0.4-1qilnx
+- rebuilt with version 2.0.4
+
+* Wed Nov 05 2003 Davide Madrisan <davide.madrisan@qilinux.it> 2.0.3-1qilnx
+- rebuilt with version 2.0.3
+
+* Fri Sep 19 2003 Davide Madrisan <davide.madrisan@qilinux.it> 2.0.2-1qilnx
+- rebuid using snort 2.0.2
+- some interesting optional features enabled (via configure options):
+  SMB alerting via Samba, statistics reporting through proc.
+  flexible responses on hostile connection attempts not yet enabled.
+
+* Tue Jun 18 2003 Silvan Calarco <silvan.calarco@qinet.it> 2.0.0-1qilnx
+- first build for snort
diff --git a/snortdb-extra.bz2 b/snortdb-extra.bz2
new file mode 100644
index 0000000000000000000000000000000000000000..753691b2edd621a2171379944ae6915cfb3b552e
GIT binary patch
literal 163576
zcmbrm2|SeB|2Y1L(uR9mB!pWNNfZ*YwrXT48nPFntT7mj?Y1wL43fRFWo(r###mY`
z*^+fIGZMx+Lzcmy|9OV$-ut<q@AvzA{m(1UbDr~@bKd8?_w#<<({a<Q%Cg5y#0^bE
zD%VXyZz2PO0$G3FsQdnXDe(LE<?`>}r!SQxrhZ#f_6~_W!%<V|cHonlk{I+pybAiy
z;{CIUXWP#zw2!mk+%2gf2;!_PwKT-ratK3^x;7FNNik@1Ox_mpdQzPHl{DKkozNN`
zlHJMsTd!r?o(YE_$u0YIy6R5ekCS&i0CDIb^Tg}pY;m}A5Cq2VMWjSR91(l>f=bFG
zXkCn?q$GHNK5ev3iNr<Xa1gWwhchrRI9sf?c7IT_DTlb}KFFx^>ArLO4)23DJ3(8X
ze&X!k32|#mX>NozUWK-O;y50}vHSK}F`g~Zw)2m`7S{4W&^`{XXZkZIYyLdEe#8Ao
zpSWfeBqEwMzr_fu>7V1q`6h07;d}eS;-~I5up`46g+pA2IAjm4krj9XaU5D-`}DrV
z_tgD@4pE3-7=boi_}-ea=h*4iMDg?yhs5*|{kC->>jZxfFIWfg#E~W*l=326f2(GC
z_<h~9wS3|_=`UJNwAQA-aMpUka~R^(RTH~#p96|r1O0ip_Q;=tR~_`llUq0Bw;tXc
zRO77LLS_=b-%RwOr9=}PL`4a?J}O>JVQ0qoZgu^nu;tHX!`(=tt9obYcS8f`<@4#d
z!^;L2yR0`LzRMgOJF@iJ+(%Jgf~SRHIXU`5XuBkD$?PWWM3-V}!+DHy`CwBmVSX{N
zdiuK-x_yQcC{7*v`p`~XY!)l-uljuEU6P1GO_WD_a)?OCdX4Bafq#5bxN#&UY@fAv
zTgUfmeo;L|RDyiLt9R5}hkYO2yO*$_q~M+()FxZ=z4m_H68io8u8ZhTh);vDg2GL$
zZv)*(T6>(8mdmvK8?}~0D<bYh$o_FMAeSc3uN<w?pzn5rHpMr8-ewNx6S7eWcYZ`;
z>?*Q%*Fwx8^W~FC)QnF(ol~MUpK5QiLYmYom)2CfE$KFK+Po~TnZI#wK_7Gf`uC@S
za}N$7hc{|Gld$A|DkA~SS||(Kj;mds;#ayGpUg~>tzZf_W%VMGWWNcnyOVAo-KV^Z
z`f_TgQsO)Gac#sm0aa%%W~}f=l`yivma6nIrAV)&(pQrrEo1r(nUv#5vA%}!zJ~ca
z?4fCWjT837Hs;8&%j)v=F5>S_`q@9(_iZAkR8YUkB1-)oMV9WX`1pJ97(*F1+~v1J
zBhj47ljH1Bg6&q1YEF)0U~KHSE}y;hY3`_KGOv}0tJb@Izj*V+I@QQ9iHIYj2`Fr9
z<jCvR@YW1OLL}xgj`VsGOUm~XHWhI>RZ{Mv#}h)$CgsgYR`yQn-L<bwjJg;g<t8~>
zQqCP`UHL4c)r&i_EWOkHfbhH8>+{R4{l0w1CKJx`S@cEKo)&OeW&|!6FIZqp9f%2L
zk>4d|CG`u!V`J4jj2OLk=V!2#E}<d?!<hFq^LZ+byQapZPFS662;t#*k3-7uHsUHu
zvp=jCB^TintA0GW%P(C&(Y{ke<Y_=eknclbeUm<0hB~h_sid^Ex84DRmCiGAxf5o3
zX<XNqDRSa1?diO}WR0G9`eiMj*2PnGaoaXXlrEm<=lxnr-}i~3<ZG`TKdNAbay8Uy
zbUKfogc8whgA1{~>NE7~hGXZ)X8ruS3y*jo@m4hGDii%0XB1MeE{*F+Lh--5X)lpC
zk>oh5ULD{1#&@%5Q7`u9_^9lc9$y~yovM0$+I;t>64(4eI#sqwa!%T%{9SEkSaQ#V
z*0<|uY!X!rcjic<N5i!G!$4LSMW5f%(?`Q`hRE2VSWd@?3S3v-<u#Ca_t2E^p=+*J
zT?gNN@qby}?t8-2R~S1JcK2;Hq1AI(I4pC3S1mpioxVY=@DXO$TgO8V?xXL07wy9^
z&Fy0A@7-IooOgGAURceX#|6Xs_?4s~LG^b<$zl19wfhwHJDNI5_RID#y9u?l+Va-R
zPFG!!6TD>%jUXTIt%<Qs5iV}f$&;Fb3+gs3y){;a_D$`&%$<qdb4W||)X^47IwwVo
zm;cKU#m>%tG=D1hb-E$C%vVc;_khK{dpE>_M89xBB6a8vfjRyh)w7sbWC&6{^lPi{
z1{F-qmtwlqERRS4h4||C-%kF<U4FDX%lOQ+kVn#Q#9(Ze$ky&Z@{kGp74nTpEd-}~
zNj?F~Mg0ygeUu}7;xn(_SL^VT6(3b49jx*h`92rAEIU8*?W@Av#qQygBh$I~p$WMc
zlWLgaiUm18W#!t*{^5v*2;1rYseZSD-!44TdE|$<Nkxdv@6N2V>8>VEOxt&m#u)S^
zjk~)C(>z)jU1@gWc%GCxl|G;0v{)j|-@bf&K&_My5wpDAu%)j2bISCHqwJDO;QP<E
z98biE=eZvvaYyQM_TirgjAez$+WNh^rjc!snRs!}0nfJ?4^mNlQ6z!f>5nyY)-?sc
zr;>zaZEg5NBrhbmzn1?H{`f%fE4S?vRqHcf?;ji0er|anRN&>f_S+hU*C~r|W7{ha
z_c+WC*qYvJAN%w3jg5%iQ?!hOl3KM2rst33Y||girCDt!hIuUr_1272WoBGYGlpkM
zPBAS!#>gc1mV>4;>Qiamw=Kp?2Hd~V!opHe*LHPN(^dM(q&Cb<$7TC~?&%}lJ}&g~
zz;v&%k4qRAmQcd9qp?hZ_&41V-IUmLvy`dK3)P~r_h$?(ONabg97a#hHLK$XP?kO9
zVbcz(E^-8CDnWWkEI|EX|J^x?5YV9^GD{z)mHEG(H)p7nzk8QAJYGV_B#uT77lbDs
zz~mI^ZGUL&d~n;{YN_3=r)6rG)-_)r?y2Sve<!NC|E5#c!}DwLH~3CR{^pxsmV`?g
zdtAD|4dKxqwqeHDKOlC&kx7ZxvKR{^J>1=@B{=YK&*KB37XkLdW<P|}KZMWq)l7c~
zA9%Psr>0EwY^A`5@H+m}-mj%k`dWmi9SCzW0WD4Zr+r>m?(C~!_SIA!czAxN1z1?{
zq%Ddhd%@mZzSNL>vR1IE1!YDZjS#`sn>mR4M{NJ&o$28xoL={2^t{5a@Af0?*jE20
zH|^`gg8itoDOyMG^|M~x0IO)?*U~W&5qPcE`C9Qq_~^qu<|aF>`xNJ|+>P2FHRjP9
zFRP-|rzgjqwEuC<5kqT#Up<OaL@>9mb4#ewN1iBQ>(qsXDCGwHn-6DOQqK~atCdm*
zt7;D(K}kpPW|8(387MX2?+VEDbcP;I<UJ4!Gu6X451-yw+kXaskCju?!GG#SutoUr
z!#x6E(`dpTotdWH(kHFQ9uW2v9smsLKl8ixo-x86ClmfDe8D+auTw8VWNNx$BpvO8
z?{lvb&ZEvhxHoKS@!pF7rqLMu@ZMs#%ySL0*Xd3$=`|A=YSmb%K%Vaxj7JzX0Y={|
zTdZ}>cPA4e>zcZ|X+FOjv$;0pm92m0>!a2+fKY%g4toLwuY~hImxNd5XByyv*Bbu_
zXb>iBB1!<DUmta&jfM-$y6rgWd|uEZ%oN3Eo)tFrA)Q_wHC3MT=Gp~;^CCNJeXMJm
z_}#GPAN#&_m7$0HF?R>OTres*ql8@v#=^zjQXZpC>6k0E#y4{<nvPD-U42tb?2=LT
z8jtEG<=o3-jK{lu{==>M!Pk3zeRIaB3;W-gmNGh|<+>(4B6R4xhr&KSSF#A7@2kBq
zptU(G^bKII(5TzIk$9caS8k@}#x_=bQn;_7R~GpKx{FTrcN5UvUz^=(ugiGl@T9eO
z2wM|kP&~sIu0_4S{;f_Y1BE=uuXX1Dzy*r5-Aik;`Kjhz4tu2XLndvnJ=~*e!v9=m
zEX2*$4b}%C9#3yt?Ax<7_R)-;6aPkfTw<f?(31Mj<?qq8q10$g<$(f6b4TCqn`u(H
zq^aeD&ekOpA9TzI48>dI(D{@%#<wj~KD%0KCtaI$JGv{i0aJ~+t>efaXMB{1%xbW6
zv*Q0oR@b+iP@0@n9`nY0@90#5IDoIoA$Dff<Kz&7I1oV)#0CAeaDkQ|g<a)hU!fnP
z*zYviSN4U2OAOrEmtT#b#vukSKgt#kvDNBtKbro3-Zc?mMvnFW+bkPEua&aqN9D&|
z^GD@h?m??<V6^~A><6*crr&>5R-YkA^JgvSXYD^Ke@F7K*DzZDr(J0N>iQqGpue{K
zodW+296aJb!EO0Dk>-yYSJ02z&-+RXyx_lV89c1C!_EJ%Me`ps{kQQe6kxw)ga2p0
zGh+Y4Dt>SrSI|F){U4tH6&yT{jWV&n%mBb}iJdvaCANj@me_iT%{dT`<1O4pY|H8n
zxPstEP&Bu21%Vs59M|K9dann;fP%o^-%8MmZ2o2Ye|rsCidr@K%rBCCzf&=jDlAq7
z7Y-fDB!W&mFc^%r9+NmSw!VgA`2}YMXxo6m{n!o;i3ozWAQ6v1GsMxX3Ew!kUc9;<
z8e|f0!B3!UL`tl5ScA_%T>uS&9GBqs|G6kowkxV2g7%Wh<fs4WiA3NuIeNK+pd-9%
zIhvpH+pakTdEN*L4l;SVYa2J`rB0=7+^2&~9<8r{D%Qwx*adl<gVt46K+xu((-6-q
zj4|fgqfLi7p9l3i330Cp8v3+Jjza(vfKF>3_{95w^Us$~!W%i0H4oHqU4mL5lbukW
z=Fxq;>ndMf-^UvQ<%!`25jc(@F55K?(9lyQAu#pRqleejgUL4^g8rvf2=m-@M;0S~
z^j=@3xkrruD)%Xliq5}m<?nOwA{7vi^2B}*;>_B%0x|;;^v~`WIbVYXf*r!eIjHyF
zc9O=?{2x03v+8iz+OCZI>vbP*5P1ASS@s(Smco2`iCta2oYn*t3qYWt)rSALA#g~s
zzcj+^BEWv;czK;$4iOnYz`#=NZ5dbsg-P+Upg3_sn~?}tY^NrK6z`9?1R^nj)_`NU
z#-cIT5ReLmNgVd4qsfj1@zeR^T}ZLNg69<b4FW@cl>zfcX+k506yrmmDzlr(p%c1`
zyQ6zXOKA?HsEnlAxDMqQJ+IMSwVt(vG6#EA8oI1~eyiyRs$^Y<iG$-#s-ki1>?|p^
zg{MKs5Q()kNpU?uDGZht_)y^Wrd_5O+u^*wSRt+3y|}Ado@}MuXg#k`(%Q;6NEmd;
zDOQ=s5((xsGxXz}gZ_*+)8E`em?bufqm&sRs$)sX_=TKWlfeQPdj)^%Vv_{7>?4Im
z9RjVN9r>d?oc%^UJ~KZsurxsh1xG0&9sgY^_hU46@L)+3YOm!yI+mV!u|2hpYEeLc
z6%!a5a7D(<mwL3+$~VVOMLG1!e4H`b%roYFY+aE|cQl4%+D-@^p<A4_w!y^G(3w^9
z@>`3ty^=3xO%>ELOR8Km8-2Rk#q%0yZl*B<)2;RBVoXsAy@=8lI9X-(c3g%6aUkNq
z5*eBxWCiHm89`+D5<r*@f<tl~fXXn=*T$}L%o;#6xM8)}C_|7kk#TwTk;4F~j9}OC
zcogbKr~l>7gSoBSSSz*xsH3a@=qeqvst&Fn;ko&zrpMK_F;FnH8TvQTa{KcoEE*7y
zaR^$sq9OoOuILCLotJvg=>d7W0n75nOS^vmzo`kNj5QLfgLeOQnq7h%cA9%2PH272
z+E}0&|F$^3il543BMw=+`+rtJg@PP^6<i5KEbiD}=KjQu2!R*A3Xxkt2ux1GAtf$r
zu3$<4I#O}{->_i_4gIUO`Uir4KK@1VLlA~ojivlqwXWjl>y^r11@a%SAn0H8!RG$e
zUg+IOWTPdMIP0ayBmn+ms2q&Gv<}+12A}y98p>cB9WFpD(0v1fKtPId0A;{9%RmP+
z)!OAhf2My%aw=jl{(!RV@@dm*W%b7KvDDLodQkC~E+}%bLg!2+WM-pU8x`W(=M~Io
zR?)c85b~6va(}g}YDpi%a8((!6=mBfs5JC>kVwRIEuIiq9a!lMUo+^cX)Gwri@WAf
zmA*BWu6VIzpnbG3%AB6x?P9EQv20|<oTmJ+TD-_KHerD2*MRDf2t0@>!uk=qUED3)
zunhm|^oU^BVjDF^uJB;4N_0$PoAy{#qNC9u+PGaRDu!IwK3_Lp>zy@%R-uggjj&3M
z6x&iFUKeGfBMFp|+^GkP8C?{W2K(6YT)*N5dyA?98Ow$7T+d+UWGUvFQRe7&e`Dnx
z%Ao`EF;c~Yb7}Tl9974ed0vFEY)6Y~PmD4)@_p50_S8|jB3f3(yPa@8%gBdRhA}p+
zx{`)&Y=7DAQ%aY*NNKTXat%e7M3b4NS&pclWoILAl_P$tf<$32zfMz9sZyI+^UOsL
zIrLae=c`dgMaBB2`=f{awBBE;lGv_cKQQ8Ucv?ukL)=M2$Zo-DQF3I`g`8|}Szub|
zuGZ;vT_q&6<)dx!Qj*J`&pNEbkQwh@_RK~fRzI&=E&uv)!~68Kup^<)f`@9S9V4{(
zbDCUan($vn4_#NYtKJj#sQA;T`D2H!%eeUNx1(*%Z{jrMiV=Ms!pnUvqxhs(YS_rd
zrV|yFOLy)p2;qFgE{`gUDqosVP)*-D)+$wqZM@xtt)IqW;_oX9#@`6x!G_gZ=tLiV
zA}!iIcd@u8xr5>pdN*uCOm?DPQ-qz~WAX&HD<iJwo$a!}sfNV%mu({ja)zYa8G0_#
z{N>fC<#i#ZiUX*O$~Nca0~&cOc{j;k|6HxOzOm+J-EHp{GhBp4>US!Y^(DOQn{*mX
z$0y=F%?N%;jkD&R$|8A&MaaZk*!TMoy*`{RjrL)!9*Pui<D7IGM11h~H~kXFL*MG%
z9h{qNef8>FfMY-o*kk`8_rn`DiR9H|v%C`}?q^gXTNm_^H-v<Fr%p1z9k6A&U-jLn
zc$jb6Q{k{i8~SdI`;o1mJX9JJ$klEm>a@JPNv~Ni!@GPthV$&}SxF9v-N?!~%CoNX
z5>J)=zK0na4CE`Sl?^B7hpQZ4ws~^#O;O3TMMv21(itTnT%*Iex-CyvrR)~;+XhI?
zyBqTE>G{U}nUJf}*p}^^6RpkE9&P0$JN0ru@B9sFuMT<1K^rfo#a*&E7}|3;r;`if
zb-wFImJWIZDZGR*F0xbI&>9G_eph?N+(k%T>Jk?;>;%K`%-t0CXuJ@3w9{trGxx9=
z2cwX8JRa0lorCx`U4oPgk9zfd)4Ef!+g~?`^A-e+6~gZb(m~L-Ddm3NZf7U33TOhf
z&UE{Z6K5$b*H}^oq?%ot^;i?q*x$KluyDHDU&w|8gXDrBFG{961gVU_@zQ}fsMv$f
zG_;o&fW4k$?6EMnnPYcLqSo0C7fk>q?FksdG4w=@zXB5M0(G!#5dv5~6a+zQjzN4^
zUPAYFfu&3p@<m+YyU|_JZ3c1pW<Q+)w+e`hqv-R7{mUQ3^6{z8`TJ$}zi8Quc#Ajc
zmOTF;r9MjT){BK~?XbNQ+xCk}KBzM&4s}TVBZbeH+Vt@KsSC<wCur9fqrW^uaS}w&
z4`_r<-cNe7pl2HhElV8I(7EIACj57fcS*TJ3+kbPm?i20b*TcZ@b6_O3LQ^VImUJJ
z<nP-Hohp9+O>^fXu?_3?YiDq3e~vSd*p%P2V}sl?;?7UHc;{2iQOG@}-TX+8(`{Q^
z%@v}r#MSOha1>md@(}5>TkQRNN3*M%JEKkQ4R%`hhi8k=Y#tW85PsyDOj@zY9$%M~
z(<R-47KXRQyKFYQUK46{)fqXFW*9%#Qk0n&XPclCwbz_ZG&`TZ$?+JGcl+D>h%?`<
z7L~B-yosX8Q;o+^e6Fb*U$}kqGsPQ-<{9T%ik(DCBZ?;__?qJ8G#uj=+)NgyuFkoZ
z>2?*7?dG3cDjGg}{<enuLk)Qeszzq*yne2sVMPadLF&Y0*E==Z+%YtrcTIp`Xc{%1
z_3)dLpeSE+efhb8j8GB77wA_NqtC?kxbOOmDc=^+TwG(QI9H<o?P}%eo!Zj6NjEo>
zACvT%+q!Ga_NM8E#G4D2f2b%>(x8P19@WSkOh4fjTCZH-=^;saO{M#f?U-$IYObA=
zH`^Rn=wjDKz=zFv7hXT>(9p+<CkyThO>0OH-ucA4Sh9Jj7p>r6H#FGXKsc2#v^3)6
z=F(RCq5sn|uiim>lw>CEi6Lf3vew$22S}%H7fW!GNHrvKWu<dZX-uBVn|uM^yui54
zp*+Hg2DbFv{wb5OZ-G1{dHdT1R~t?Xo0MAWr>Sv`$;nR5w+=j;^wZ+J|LVp0SA%|e
zYJ8kcS&ivpwXTN(f)@XLG50lk-{h18d13jO+Iyd{Lw?mypMK};@@-su^Te2XKugeU
z#AwXyZ<jh*({tGG(nO8HX{t%bM3rn<1+)hLVha-E1-tSa@lPQLK4-1#k8nTp>!`+=
zwr%ySw&I8FS~+K4KLWUuBM5c<2w|(I?k(t0R_z_1L)8a~^eMEW!d7o%nOEc~UoVtv
zyirdAy-4xl2V%Tqm?~i!=lvg0J<k2(0LJ_B+&^7B7%H-&6BdcTKox+Y$`;BSQ`!O8
zI5QuYnJ$WAj{9)qjF}r{6zyGVYCXBMtPs{T!+e*dMdfH@;^_M)=Y#vK9WfMiI0pUN
z0r)Nsg@R-B64JqVnla{m6mXLZECtjtQym|sM$4uWuvj&b5{TmypJfmmJblJh?;D0V
zHr}8K>3t!2w`{N6)z83^x?_W&g!iU4rh_PUfsfRntUREMG1=jiSwy&95Ogpt)u@s(
zjXMP#^D@E=v#sMgq>+z@AOK+q9MqqxwXv8Cs=D7ia{@TUYiBK^URsbVR;mRC1t^pW
z9*@s<z~eK){6`^<(NDVo6h-1)Y$rS^SM-&7$M^#b?3Ocmnh<Wh+dlr|3-(&TMI<O!
zZy7@^4_Iab7{o<Jxy3BBwvi%`eUmtb+}!|SsQyf<KWI-vw{=(q{TRpT&}-2Jzvsd+
z-UKu3*OF6kU`0q7mK<g3@d#KD9`xnT)%4)D@LdP5Z97;~1H<JZ0f{hq3gIv}3bGS+
zc;UdBI1mhVW_M<}B^=6FDVz=r0C$Sk*w3C-<$a4FsTmwCA0CFb=rzVRPJsD8fC)h{
z?8w!GD!{Ofply&@bZTWK77c01+mj1d7P+>kM>2~hwlX)k$}f~o<rFtf%V&+sFUNze
zmo0zS2OmqOqnBU@b}i~02ROn2)4|cez^;egS=ce(iqpoO_*>ZF5^(v8!NCS**`S}Z
z+lyH#HzXkLFfVL?HiS6J27jO(rI=F!6^Wy7M$p9>MEBy@EJ6>xSS7Z@Gyc2T<BmMC
zabn_Q_!Pb!rO7_J0o*AP$HcZEVHWW?r-+Edo&FWTSO>8MA|nG4@dyM*enN)iA03Pz
zY{Z?w;<<vjstTS|Sx+UjyAMvy6B!oO1|129+Vb;<QwEu_cAcez1^JELRzhy7yx+pE
z$$pyHr|vVcf#=Qimv_1LmI=VRD9e8-bPcu<Qt@h=DP!4mV1^NiFtsS0Z72qYGDBWq
zGeCs*2@}>xZVo=vuTgeBgxrOv<SEAy3Q$Blv?9hK)3<)mh2CZ~6H`wn<FiNQV+aJ4
zS-ZVF#uMfI$J%Vi{n;sE1=&|n`M3BFVj1eJVazn{xE!GKWJDK@7{H7USY;9(wM73c
zM>-lrIO+${ii%!5FogDTl&eX6!~Y$u7rrQ~(f$d6NCh8H_bwqKYHA>y9zn2?*o2`l
zQ>iI9pPkSaWQQH<0kx}xFz~<bgFT@g{lBaurb<KBpW(_VTc9uF&Yafd!dVdnXN${S
zDa@R4#G~M#4Ty3tY+J(;p4^7Y54!${$nZp!-r_IFf1T;D{{LZLK12|ukq-{AW>M$?
z%gf8P>NsS-Eri@V^;`QiQ;p$^1oVU9o29t}g=pq!^!Yc__Sg8X<C{#|QD%C8BLDMF
zei4$U4CI0`A8#|YRe(T9U@>s|E3m{T1ltp7L<Ulgjn*es!g}bKgptC+kzYhE$SPoy
z|F6J4#-UsRQL_KeAYS-l0794s!V*7rMkTWtDM?%O_lQAT#N{slR!B)iN`yaJ2lH!{
z{7qd&Jc$gmQb88J@X?L-!hd7Dze4_nV5w{Cr5#OB&WE@-e&0c4z-n(Y*hZl0511Pc
zmN5$&&^=7zD6m<_C6pUsc#X2bHfG}m&M6$fbI8n?b$!fEnM(=!LBEv+6hs+){(rzM
zi!uw-j!gZGTo2e%mq}q3XRpA8mCzcbBGrfPnB-{X!X&o;r%3(#&i)$*Pwir01O1sD
zD*}hWp&Qg1I*J(B4xpA{MsaO1q>%ly{kvg_`L7KAi!J^k-#-`QbZbMOdBpn!Jg;q1
z{OHLcAC(Z^(phTsS<lfrf$CXJpyi6gLCkqIC;`Gv!06u8`M1~*=ku4Vv0Jv%;{vJ~
zb^*?oF^Q&{ynrYWv|mdB8*DedT*^?gCRfLlG5x8zh7J8yEj~G}M|B;eF}kyKBy`#q
zs9QW9lA+V-6<`oPXl)SUU*as>r}zDIc!FS<90+zCP5x1|Kf^aa2yka31YHPq__~v*
zmO#sv-6}%2_a#>qguHHaKRSGP&>=5G>O#K{-yd3!Cikm6I2y}s;IToOmZaCHy5KPe
z_^7|p@hz!}U{7&%R%m2>b%YsA4#Z%-Gn;g<!qnnl^f0Rpb1(PIEhYnT(8zC>olj(1
zj^qa9DaZa(ZvKT{Yz4b26);o&=7^<=mY0_o!PJ+BH#LZu!3t4<tg-12<45>?Vy<hT
zqZOJ!VV2phXzAPiYna3~qi<~8!T5jByn~9N%yJ-Ao`Fb&Y6ZkC>m6*%yRd|Klvo3C
zA9`Y=;b=+wtF&Hm5&~ADebsc#5KxZ5bc}l8VbcMWKHx}3c2_1?0M)F(2w0r5B8TiO
z8<?ko<j#=6#D^db{}|>gGZ29CrT=`+40JS39LWZz!{4RN6d0!kGQI#9r~ey-m0`qh
zufpp69}>#TSajwt7KIN>sSbklm<P`7qN~tuQkX9x4wW9FO}U!yR8!QC)%^nb_f4(Z
z!xed1*;F0AE7PgbKF2X0gwJ4Lfmh}!Ot=uM{iksO!N3EK56dGmz-zFAeB3&S3wOM;
zu_f*My&~SDqDpTDZW~*y*<_l1#i)ym|1T)|wTOj+D6?Zvk2#{U@SimE@!4FPv{x%a
zrtJfD(NaBSJ~mD?73ab#$^;iqsWIx2N{`0`mNKi>3;6b{K$UY$RtzQ6pZ;U~2tL;&
z{^JbFIIHoB@5=SUU#11~H;2```hqnxe1Tc?qp7nPgdWdnuzE<se_R*XM0hta<<_Ae
zju%|+_RVB?8fmZR&qtZA=Z``?{qx#?uXqC1rOW^WINxXmIDm5SGZL608w#@&lDJ+K
zWYPCoUxY~v!&0CPXoZB4BFf0$*Y*!2{KUp4?M$ML=o5x=6P7|KHS66Bt<h!@?&dMD
zWi#YHTF@bAgA|1>;EykCM_m;&MH$^#oBF?3HdfErOf5_<1qV8ZjYzYWteS>_5H4x{
z#RcS|FpGf3xdi=-CWKaeKv*LI$^$J3l<1=h31AR2O`h_?2!=S7gc;L~jN-)D_D&}H
zL8+q%&6sE`uiN2xy=m}b0nL|yr%AiRp9ML7DPLU%_Bsf<!`})184rh6!{Kb0V69>h
zfP05S1rW{Z6o@o4u%Dov6*T_@Dq2k;`xTwG-Md{a$J4J3v%kaf5dc|sP`P7D<V1}R
z-)|>gMucr<l#BTJOu;I!p`gj7WHjWJ5&B`yq&rfgJQpw-pytHcva}r`2_A$GwTMI}
zaSUv)bOWaK?PL*Uxk|B|%mfV$ymFeBGgy57Z_@iSkFELqFO{4>xqk9@PLJ1epa#y`
zn<I!rW+8F9T5Xi+&p_S-Xg*t(PLyp5RLJp%-J4hU{x^pE$&2Q$A<Pa#^IF6l^A#A$
z#95H3YS~h2*HUDVh(@n&8|T7qAVsn{C8ODe_{KXJJoSHEFMBIma%b4$yTVP${Dn`x
zyt~We*$#}e=7zmwYP!j+lsfF!G5B$3AVf4KAi<uRxYSNyDiRripMlOm$I=vu9k49o
zGhtO~z?-Lh3!jsx9JN0av})slGj4z{sUJi=$Jc1)JjncGowTFPU0z{@4wG(yD%tq2
zN?<dvR3W#%u{rUa{tfsAfGq6YG`a=b?~ph7f+}R9Y{iUEp&s2xMR~^5XP_+X(EIV3
zG4*(Sj{PAN3QUhOmXAT9%p0v?;#g)oPnNMpbMgv-`=nf@Lt{_Z?dq-MXv%@{0d5Z8
z3e?Itdj(~R7v<ljDykWPZP9N2yQEQ=unFi;1}0z{XJ4_0b7lP#{dJm%2(jORW`?&j
z;chSQ(>VM3zp%@{aMJH#1&y#rh=`e34{VpX{|G$MXJiuihy}UZcljr|#*<;S$3`l=
z*DEL#dKJ;^8XFPXS-(laxW?mO9wVA|GhjRv1N#dsRlQbTF1&Ay&yVK<Mjq1#=0rE3
zG_mBrPsgU9FJ8u8?ibc2QAX>xgTI4Dg)BzdT$QYfJ?yC319wXJJ+lCu*_bI2>Kp=_
zfzN^tw%PeABwgkE#FAaSLK!~mxBd96-=pAFUiif#zg7;D5atzF0S7%$-nBsnlc3Nd
zI5FIk2*@Z<tpkqNuG=rH|K(3X?2qjnc6Z>zssaMH_Q&`06r5h|lQkU8r@;%LOJKzX
zs}ylW#2n6oYCJlP8z&Y6rwSz@n=YlCL;D?5k2a&s%lZyD8rVC#)6<HoJm|R*CB?d*
z-N4`=Xk%4A*A8%CzXZX`69Q=hYZ^eFfGzF}NFPYS{Y*8$A@|mw*|m+GK>z@5=;eby
zj6zRvNQ^%ND}8NmHx>;7)G3t16tqbLTDGq2Ysp|w!GN)8OAL85I_F8+d+PR_(6giI
zAGG%5N8HI_eZ9k)fb~~;PA<XKrySXBK`}tCuizVIU@HlZUCEc({0srQmI@W;8ji7C
z_vhHl;la7)V-%`=m3FY4{H5*JTe#MgSQOwxOR}K&gR>&E0dtX&+(jjpV}K=EK>i^B
zZK1!SY85f^reQ~cCa?&iB7p7wCUw7f(jIjTNGL3;e_CueI=&f|oik7M2P&mXHu#DF
zh!oZ9V}Z9sXLVqbfE+>)ZvH;Qm1;lA04l`?SnQH^nC;u;WA?(L{%;EhF&J3-pDb3f
zC5<^BR&QC{R0bTf1*F&|4jDQ#v}dY&z!>PQ6_+d;gFTpYq_I7lrfatUB`g{6---tL
zrAt<7C}ZGWtRl`{V6p0zC)?7K3lNW9a`=x|M|3w}{im5Z3`xW-Xa}XoN3DcO8o<Kn
zUR~F!ep0(~4*g3N4rt>upM&U8_F#L5AET^fl&zT>-64*H4cM5$r4^5OH5A6A1_lH$
zI>t&zvf(e|a4|xyU8$hVR`kot)_bOaeAAf}pq-&z<4wlJ2~*%T<vob6a+WQz=9yEo
z-85Zh0T}Cx-~SY5MF>)(ffE@Olk0%|;}V1{v%5Mw1N;o8?`#T=AL5D|v<tJR+Q*Sm
z=h(eDR^h_8o~3CPU36s}y`Ge7tTxW-xdRX5U0zyZFsxJ<9pgS7<!oVNkM<jxs%4T#
z$B~GH2stDdh<W4>Dl>es<S_>%Vk`!CMhvG%Ojl;)mC*rqUa-eNpte#LKLiAPEvQ>s
zVlu`O+3o-twf6O@{7adxf#CF>i@>bHQL?|~=DdU|JkC`>pb>;|0dj!9!GUQ+-|mDR
ziXg}#E>zEwVJI|e81=Ro72AO&#ZqSb2lNX{$t(<hF-wKcD(b(11lbEbefU3D!)0q7
zH8t6(0{@yJ#Q8iJ_)q{4d!67eu$HRaxZ~2=6ddvrWRSNjj@UONGebUwE}%$7nPg*#
zF=Rt@L=VMfiO?2cq+aC~uOT~Jo-X6xE1Rw8wlFBWRHlw+6{%2`X45M`-jB?v8}(~h
z2O)rorRwT~ETfZz>|%z>tcKg%R7c=%kOzRt3I3o!DP~|34a8gLM;TLPA3zes7Izk%
z)x#`eV2I2Dkhk>v4LvJ=s`IQu<~W<W#xq~Bl%c@0`-9-|+u3c4l<#4*DdO0&Lm-^M
zz!lv%3A8(nNSPUjfuG)RFyZSgb7|*j#~Uz4qq&lMPWcSPr&%FF^yQxR4Acs2UJ_Yi
zu@+mG+1=F|m`(N+Dv>hV1*cn7N)(sP-<=X{hv^Oq8!|h<3LaS4B>gf%e(M~Z(S`Kv
zAT}vsh>5Kea3WR&rrdv-Fs0_p4$Z^sg;Z7NX^G2=^R%uxko(|-+>>a%#IPdL>&hMA
zrEfVydr~y0Fe{(y&Ia{QSkX+XMfU)lKlUDnzRz&%hC?vSNWfZVTab+yCezZB)dRzs
z85)9bd{R{Klc%O6m8q97I5h^gR?Tw4q7%;M>I8Zi=Qzf4Sb+qt@Cf+ukIx)uz{Z&1
z$L@#tnn&p%jsitOffF{Iwz!eTmXavF?B4KYIc}b?xE!z?2%_?=`R+0nqX;aBuhh4t
zi~0Bmu<C4iR+2NDUMrU$p8x`l<b!Rd;3AroR7yL@WKzqY0@9kU(Zre8gQOge5<C~Q
z4vzQ2$#839SL3}uQ{i9}2kh97SOf%BY_TBEcoE9IMWTTnWI$VSAn|Cb$NfnZ{zC^Q
zUZ;Ijh$g-e-oQ|$7d6N`)0b*pOc-DvsH>Y|R%CG9$cx_~IB^aLr^(YF33;m@c|a;4
zN6^r-ATZ*GwcgADT+rOl?4Tk66ljCfwbX45b=M*UJahyd>Wv-?nej{omt2$1D6mFH
zbzEJuo2T{$w23BUCFEQ-4~%ACC-L=CppC$HPSJs{^UU%@;Fh~E7=3V>jm-k$YZ+EO
z{VV}iB4#4UYQLu80OkT89i6a>MF<l8I8RN)G8v2{s|t`$^h##b1>0m#23$NdY{_O2
zdLgZ}n(puSlimQ!psWGU={<e^Ol)h^1mKI$3<?$JOY~<FD77#O3ikpFi|8ON`Lnyj
z7e1--G9L!Dyu7Rw@Cl>y(<Ze(Uw3TcOaj9Iu!st1oTmnsW2jUrW}IeK^z!G(DeOFx
z%&<@O<H$gSU-M!RFtj{0P!pY>k%$l^;^EmM*EV--xt%-Uk$)<6D_2Jr-QC}F`Vqj%
zSt4bgM(kNAVxSW(e9wR#r&5;9Smo5bCKV<d95}T>5S_R<)fBJ<i~*c&gb2pKtjxd?
zhovgOB=9qdr9L=<FUV#yB|HQiXxSJ7!FB>^SP?M~7!Scb`i{gTmSc(c6%im)^JF6J
zB38q`VGbU^F5HQJQ%zKL49%Ym9OI#LyEw_r7-0E)EkFvUB=~$o1&AtREist%g{fST
ziq&BdCk8}K7&+sUaH8gY#X2U@l3C2K=&pkK9YH-v=^!zc!P+!`3_!z9Y$Licla>@1
z0DlTA2S&OAYO~j5+YX`ZHJ_lr<#+x~Tp$Qe9Q`pDM-UPb8;%&mag~B-<I@U`kPn6h
zBr_srN3PNSd~8e;VHDFiidL=4#kPON74%Hy%=W`33Uze@JO!ucQ&Z@_=dXQ&;3U@{
zg%g;wnB7SCGg~IX$E15T0G6>rUD`p5b{FDBd^6o%o!&LbvYUB$G27@`mH9QT<JP;^
z2erHAbd3j($KN67iRRj<&X9o;g40f02}xz<GuXt$88SP?HMNJCq|OXGIz7Aj2SAPi
zzo~N7`6*fe_$IW*g5hID9AT<8`O?7z5Ep^+tsHA*PaarNM&P<KZab*WG6R85F9IZh
z5M>8R;8bZv#GrpXQb{wKzhL;#sB9P*GN3VK7TTa3=1XZ}JB?pJz9@W3VlwG8Mj)Z-
z=n~_XA@H&CS6`r0;m=j!q$GV;3hb!8yVMJ9ai3!7E+t_Kz(RhgNKl1~aW|FvW6<R2
z2VxSo-J;V;7~-rhC;Kr}M`xygtP4`jRb?~*bxgejZ-Scom6D6?Vdl`i!7m}W;-*W%
z*1P|G>&zCwjT6025I1qO6o8<}(0OhK0jGV2a*?H;`}7A0jsYK9q7V2exyUGE0?%#?
zT4Q+-7){_FVi>&ZDljn5gMXzUN(ZdcB{0r+np+bd4)zY)u`l40^%}3GBsk7BN=Sr1
z8cMj5a`Q&W@MhtTKMXv0oMo0RfsZzbIWFK8t(qzxM@{G-+06V`|HAGNJJXsy54daw
zVf1j|VX@Cf@YxbXA(UQr;dRrPt?|m)u9-e9=7QJKWS#oDsC%F178vp@D>ud$BXF=^
zhFqnEV0#dpi1{noI#2U&4jse;e3svSfD{0W-3<<OGQhb{1j+!C;67?$YuE7up2Z=l
zU^A(RGwt)q0>)pNJGz+!S}EtO8%8Zwku>@e<PmVi4}1&&VNJDx?stE_T1Bb<5{oc3
zTHcZ1^HZ^MpvVkH`YKX66J{-&*o0735`rLfS)HhTTM3-Q0LqGTV{5pdW*+W!wv+|D
z32+Xf07Afg8yMg>I@MUdqJ`m+qU8Zgth%CiAP<#$M;KNF^p=4;LrSICPL_tNCrq{<
znrih7U<{T_A^5o<6%n@p;bfM|U4RE4P;SvAgww7410Z%&xoda1rRTsH41!(MI}-h;
zn6T4Q#-dbJ=0~_AchO5{{Xv9*z66*C7~Sw5jHS&Oi}2Hwfy&C@{biJ85JsgmrNk!*
z0g68!-12I8oJC1wV22U?lP>{8m&;NjQM0feTpjXj7I-if_-{COKUe_z-{%76Okf}-
z#5y4r29rTvYD!NCpa!iB1TF_G1XzasXC(CjKy+>C0zf;N;rdzc7(kM0Tw_^NW)vGM
zs|tJtEwCU1drJcOdwoHWFkL}y955t-LPR7?YC^mi!Nk$Va;G0a0ODUX#UwQ)fwYVH
zMUbCx>6ZqMr_65orwl;r)*xl<&iwt?0${Bxt3Cwskv$#tkO(5f<tR|$zVw0*NQ%vX
zFS-mEYkPcbb++-vOfuDEkYSb-ljT6CX@c;l5y)`^1$^neEC&7a_Xd{`xIx>Xe;jJS
z$pbE&5b(i_^80aTDYIXnLW(8>qYolVtD}Y+S^m_5M7(41Y?S8%B6%j!Wu|yOzTJiH
z!9hkd^IAw%Y5+z43}-e@HcZELfNwt(2KE|a=qbdFb4AVilmBEpxiA<JW8mk)=LldB
z%N7|${<9Fb%HU`ldq@CI@4@PMl~GP^vh<vP3WjhjHok`MP~gKwnnqF+I6;igBNCQ@
zCrJ;`T_L0kQo`>X#992!)vA7>_#eCt)77821kR^`Ve}S3zmA9LAP!CedP?FH$hq@h
zo=@6E1N?Fc1_PHBeqpW>eiz-o2#%a#h`z|9`ydX=Al8?qPTRl2k1tk+upe@Z*xy$2
zh7pVpfC>k<Ghn3&JUavf@SVG*R2$8zaHT)E@<}zRPEpGP{b2VX!0Rc*2ZUP$R?Q%b
zMdH+oQG#^|qg>sSCE~d-`*Wxi+w&)mEg)3@CkhuT1OV#?I2y?YH1H~OcDbpz<Ub{6
zMU@c8Ryg`#u7fd~T0ao6G|$Q{0FEGR|3rd7P7ZGnI5s@CpKAXOFi&CTk`RnxkZ;b5
zX2`FI0_!spPC(~HQ|vX$7>aBeVw*!>h{GEMXuzjv*|3b{jaE%#8WJOcvB!~Ovn-9d
zYw69d2tS@9)S-@nfH#Yr!#pWRlg=kQibo-qFR7(>YIWHr&pN9&A31a~DgM*qt*CF&
z{m1>U2qrP^twB8U3LNPQXs>l;dC!#d3oE7OHwd546Vmw7v@}M}=pFKi(MbrFF4^`>
zTiYOV!sg~?qnO}VF^_es7bX@Pt5M1-o|kLs7#D?^8J*~Zr4o1DvK+i+0&(rWszwXa
z(o#bO_@nXW?dh3OY6j^vtsP^5g*hLut7;7Sx($Em&)c7Z_PU;=jVjX{*H_e@FILfb
zMRyo+KVO=0S8?fcx9ZMA7+qgwU%QEO$*eYJ#(ha`gL6xTK0Dpp?F8zFKKh67+B+^L
zrk`Zx;K{|GGY`D>#8QOC-lnjKV~Rc!Ckt;1`40J^(kmlcNhOl|k+^oeLBxmj&3W>&
z!F5J*1MgZHUT+8&<5f3Hhu4KlKMvE;3mw==DDjQS!Wg-J>`@_)dCQb8`rD#TyrMlr
z@vSF+joiyBzhbm?b3K{jbYD9%GC6i2O5fhAa2QvjfYmrKDmRGtGM3>LFy0<{?s>$L
zQGv#(@&~~@gS5<>chC}VAGcqo&$A}wr_Ahl_Xng3r3=cWo<AOWE`4XZwU1}Rut8>Z
zg5sgnZK?YOT+ZXEJM?%IRfN(Ix~-{ZcLG1Kb{-wVMg<<tjJDkPZstp6gyf7_o>l2B
z+_CT7%jI8B27K*cy$LovS(GjHR1^HpU$|yQ#4!B*fq9!Rj{{MGd+i79NMWY+FD8ti
zefOCw5owA$?!F6eylaj~-O@t$6w1(Fdtk!kn)dT3$>VkA4{+{Dik@<IFUYvBnNOVG
zV3P9H;&+GIC2!=4_%!HO$~!-{b=^c<Mrc-@r(=#z{}v=Sg><KJMCK1WyPc11bn@gq
z$zg`Kuh*44@jjG#lqjttd4v^bcC#j>AtoaF#+01o(QSzzm+I?d3HwNW0ja7<iN*Tp
z`y)kmjoO}9W8@qg%xJeK@eRqbv6t+gn~lFVeSUJ*Kzh;YmD4Fzqt}t!;xgoArKQFu
z15X*_efDBKs_h#hOT6t9pGeZ({M7Kd9XApMB%2d5nq9)a=hoe%yKeQ=I(77AdgVLW
z{z-?9%wYL3TOdOXu3WueaJKch7XXn~8!99H-N_OO2?BPuwZZjOrgAO(CQqiqQG8q6
z)yv&lnz1}FbxjYSUw7}UyE&BpfZ48td!Q{jDH*+E@7`^FUxtm9@QsU(ybjJX_?SZ5
zu}eLPi`LVPQU|ObI})?AP2+rv;vBpgcaOF<+I|IJA%r)y;-p(gJH-{}F3Opg@m{%f
zYtXg6aNS|IkE&ZS*WO-!HIL4;o9jO9sb@DPAQ{|p*bXagcvCIw`rG%PaPcv(M49Td
zpLM&EWD=^HHhJedH3uAwE}k5J_1cf3>iwLoF4E{u_RqKwD<4~!kXA<;Px^p$j-0u!
z)aD+)9*GdqJv=tnQaBJ<5S$egb0<&EMy{^nOJB3DQCdUyT>j;_ywf`m2dMdCd^LKf
z&6*o@IzCvs@a{w>-`{|^dBRv#xxnUkl4UkY=x{T&DotlcZF63DR6Jb?fxz*m#_Ce)
zNhcbvwPp4;C}%V#xyNn0emc8H>aL}8NU-!-gVCBI@x+j%BN48O>jn-f$;ZCZSsL-#
zx%Z?0Xc*-K-f$+vfrlccaBl3yqeh8_v$*X_*$##n;!R$8=7F~v-?wM)dmh5iw;^9Y
zEU$P2;zn3R&+KJpTbus_r?zVoIf7~pyZz;_INHRISZn)6zRj4trXKdZi;>Z^M+@y0
zqx1-OM!s`me(CX?)7!SYg4TKc^X?e8%Ms5acuy(iC2hC!_OocbTeGt=*e*{xjPU;Y
zmGJGScsCE`qBC5L?w)dbe*-C&+=hPPu%XMdGg3h<?rfi%s7&Qk<lEh6?%g*&t<w<f
z`{Yd>k^El!MF90P#^c(clb7L*WRgX}aH8JvB<p}XySg%bo|LtdBT(`NI0J*o{-NhF
z2}`1}!AC7~ad8c;Va*l!9i&EoORq&?@ibjxdO6d3-e1T+@HDxa>S1TolJt^xx5|F{
ziJiOBpv}@Y{gLFkm-z)}#;?c(VzKG`yG#^ZNXdJa56+e4Y?QY%HHdwq=+YLG=KjPW
zknSscul8)VYL427e}j+4tGv@;)jfr|wDg;?VU={W!xC*VHqW42!GEW~!MH6>{mi+`
z471wgjSBh?`)02j+J!`@b=3|Hexf`18JWk&_lWZA9qde;Zn(Xz*U#dyU--Anyr<3}
z$9xM^`x)ZdEd$0zJ4IZCEu4m`+~RH~gisoHUl<!~9wMFfu$I64e9GcV+@AjQMLxxK
zu3F*k{=(hm#Sw@YN#wJb8Eff=>dGPkyGDHzEydXGJWD~X5#+i1h#Qe}<*`pLGxevh
zx_Km)x-%tjrEWWKf4{QQ?wQSI&nsQtJ@JFCG4xW(!3maCL;XCFXX7K*mUOSpo$65y
zkyn%HwYw;1%_{olvvndAr2oV}Ipx!W5<jhbSlN%4uYiCt5%SxvZMghBe(FNVM+23f
zQ_)^}8F@3)>cy&Mvu(Wz3Am=`Q?%YmKare|diHtrq>OW<Q<D6-8O3KF-Iw?<G@$A~
zPK%95K2yA4_R*8?{X|xM%#k!9c|F?eDT0Mo{+Cj#SU>3p{;$;{Q{C+_ej?0Mr?s|_
z<8}7zJ>-^Hbo($XzxGht^Rx%130C4+lHqxAQ<pVF<0RUWW0>mt505?5*;d0!cv)BA
z=kB9M+YYQ_Xl9A}e)A0Hc#8SsXLl1+qZD<*KDJvu2rVfUl#bOsnQuPEg}i=|&inQE
zweLiED*8k;Dbm8{i}G&R)t2mQejX!PXPxA5zc*&E@szB*bn`bCv?{rM$@$tT$zEDY
z3+YZS_rs+y?uZ6m%frn_gi0UP3>V`i37Zca_)7JBDdHX1={jsip%+~t5O*r7=+DOM
zX&L4Z`SR%8icxxeXm8!FaMJQSo7Rh!aUb*;GW9Zh1y4+yZEmtmS5F&ju#ZsOL6Z~4
zMP7JdV1QNDDA*k@J6M_WF(p;lr~voSz@$>f0$~umukwtq?Ypf*y>AV(KK`yCr!iyw
z2jW;#%yw-hWnrERv(g^#5M-ThVZQNwh5A*I&2M#%czBYY8Qy=!(`{!EnO0|ZDmyZH
z<DE@r3i-0)qK-r7r(9-_vJT?(gklaG5|Se>VEl!IM2(yUTrO)iOk*D1`=jw{v6zzR
z*hpaViOZFeuRnL5-tLted10)t7WX-J>7#x`vX@8}#c5mWUUkW2OtJR)-AFM~<q3(s
zcV+Z+cEw5K!#LY29#5N8-hJaRTaagnf1tB1HT91>jxzn`7n7g2+{)YBX>wcmiJP?!
zDa&J-W%mMgrTLAs``5Ojy;^oWe~Mq(LfE;M+bF`}lzO}P=d)E!G9*3Xo3B?;y$v@k
z2-f)FM_gW_e{@DGs=L}19y#DGBz$&_`Jk}QuC(-mh-9Pr?B+Z|L`kT--P<SD*G<#5
zEIzU6nU}Y9m^yqp&xUk>%<uG$JI*e<&}C%wP~X6{=JO=oNX+XN(%p+0+J4t!V!blt
zeLVv|rKRsZ+?aXN4BurrDoMK5*Yt4dBmNAqBHUZXxAmG8r5eZaG<Y9Hyo)J$U@&L<
z&>%)mguLmA#15cP%@px&%4x_&vsig)X<f_PX=5F6Mi2a`Mm=V6JdrLVSn}sYKJ<x}
z>YVARA;0ZZ&M(^DFB_7*crIRQJ8bAxrESP#9G<KwuD5x2OS7)&m|b70oPo=vf!&3@
zsQnqc4dTpBDNAPD8TfKnoZoDn<JCeZ$=FVZXL@?;#(5fWw#^YY_sUjf8t|N%9!^y>
zAv#?ARG4nI-F-0j!&F(U5CwUpr|1fPetP8U^~c^<PfxA6dLI0M^W3M43A}rsNbbCR
zdsMC@+hlgsGp1l;t<m{cPm0y|CTmu9I$b^Q{^6m>ZolV<i>*o-cg&5!e*`6a?`;Gj
z=8n*tmzFGt+S@v*w)t|-UzP-Qs9mYEE|=Q1T^3{24^n22CM2;)<y!ZLB^8tE7s~XH
zlo(e^)0HLt$Ie%7Thue$+=BNy&j|e3KCO1qPhmKL5!YWmT-Ml(IGnNmR@ZIRh1-`p
zWA48^v#T?1cZN$5k*QRGA!W`fs0aHJ&8<$KA67K`vTww(7aJz=W{B3?w=7NO(Nhhr
z`czxu5qLy2%!e79bhkJ;qE<b4Tq+{g!)&BC^-z7&1Mq_ui5iCj333vz{zrFRL>qGK
znYKZSVJ2TdOFt&X%|}i;Z!prpn{(s&I-H8C)!KQzQp$tNj3d&Ob9;9Zh*}Sg1T^v+
zBlhyUw7G0KZs6bei2363sf@E13^$tMGRmi}bo!Kv#AFZ<9!CaghduKe3`-q`$S%m+
zrAgWHc1cG<o#c-c>h3CPPs%*=DO<VCY%?9-M+_;vyZxh#l(5np!n)#u>Po2?nVY%J
zU(Cs_yVRx3G3NDd9?{3TmE`OS+_Nl@cXSTFmy>b1d^6(6&eCm#4@~1D-(e!;73|(N
zUg&Q-q4=&j-rV-Qb5eiuo{_;`cYTSjPh?4@l2<B6OCNvd*S~Moi~itUQs%tHQn;o*
zkT_|3wLng(KKX&+E0Vh2y0q8&DBcFS`uePQW=^l$Z3NS<JbRs0`{dJwyO&2XYBJSb
z%vf6Tsf@uw5m)SHQjwV^@;7IvI2;1Ux1&}z2K{HHersz(+ga7PBgfy=w-@hzy!d;Z
z#7%{L3n4<~wFZ7endYgdw;>%KoTj^&PrJ0*+2&6K@N}L)iCp2_sJ1ud;e&L=$xr>E
zbVmET$=Xks#%7Ma@6WZByjAIN;ZUkl<ny?uxFS{g2)wi05<2koM~CwhOG~0Q->#04
zwXb<K>mZTLaRqNhw}8TI52ZH>cKLIjw&z{r@?u4^Uwe)(@#yl9PCV1qSE3POG8N^K
z4LUIyF(VDvoA!FgrJYL^Fsm$T(36l@=Cj*!X}(ywbeF)@)HQJ>kNeR|$itqeBHaxP
zH|>?=TdR~293La+9vJiDPF3|*^eu4?ne~s>HX;)4@7OFF+*)}@0C%#V)ovQv*m-Tw
zR?`#KF@kbC)9vm`$RmE=q9d}=NBrH57pb1MUxW<{%6RN!gAe;Rt}SvIdEz5%G&0Dt
ze=V==W72k7V$0`NL*oznZTlj4H_Jc4x|^Lo-Nu)#9hnsy*)*|_{O+RL)wI(`vbLVe
zh!B@VWs2Y4x2)}y@=Rw|*;ytpAo<Vo)0lgY`+G}bYJ2O8Hp%&iY^|L%6hAHC^M-(P
zLO$Eu^n!VRlKai4qNn}Gg@m&r-S2%;tCtIp4~tO#z-ZwuNj=nHs33pYNkBU9uFQav
zT(s8P+i^<a1|lx{t+n&m9^7T&U821ShCM9qyauxNHV@P5aT$XXW}A^E`R@90Cf@@1
zB4*|Ew_kT+8d8#zDKAE}k*6I^^tHHLaBgAmiqKcy5JVO0&eR%24*4DxVrf`Y6>rW;
z03_+HYay>6%TZ9TW}HZ|E2z^Oe}MTkSE#`)VgIJfOJlv;?QN;MBRvf*$NOi7KY;&1
zP_jOIlj&tggLJL1b-Y@)kGvyH+ZB|B<S7N-mG`yl9~zo4XeG~Q->oD$YCJZHQT6xN
zX~HEk<BV-5(Y7-xNnf9(id=A7ez!N<=75|^_E+IqwW8osSIgIV2dwJ@)}gANuJ_3~
zD|cS#U2n{xK33R{wMxb6-`mqZU;cnVBDT#b6TXBMh`Kh<9=@E>t0w;Od3Jy8hbe_i
z4H3O&F%5D3$J?7Jc5!>fZ9;WqzpCH$6v^2cr5|B;N>cAY%iZF$*Hd{~4Edhvc{_RL
zY-l4G_Z1E^G6)__X+EPcx^S%MgRJ-u5^tu?^s`Vd@^Vd;w=<5oZ(&JxSosVUAihUG
zS%`i#%X+BtLb=?xW#is`{gJOPVDT2&WV@_v?L!R_>$J_*Wt-;7za|mvW##0xY7b3p
zlWw?@m-bOs=RiT~n*{Q?zTPWZTe%hZ-?psNK2V8!82sdt;U;OF%()kJ3bOKzmt#x~
z1@I3pKN)&u{@TJ(LdIO;eqHPT$KI0wG<jqlq{^-rZC7hO>9$^AJysM&K-gNfcwd24
z6tz{bXz)OZ7=g4_yS24$@hSp>;!#3@u1F9f1a)nzBA^wigb>sUib7C?0O9!GoA3LQ
zF9#4%TX%m)`7+<kn>TOXyqS6PX1<xM8@s>!(v5d%{c^9rd>T5w7$%<e`Qs1G43{OZ
zh@LuP*dp&m%SG$_9Eu;^+iW+XY@0mu>!~N->16rOy06#&8hD{^rxV=|U+uQ-sPDRY
zd*|**{P*WE$0qE(eLMH(>di5V!6kM*2aPH^8fv|B-@ed3!v>E!K4U?W#W(7M);AoN
z%-X>V72iud{NotAS>N}G`DRsZ?3KeQiIc*H+xN}<+mPQXy>8zA`Y)xc?Z%JaJNL?!
zm~$KN?s(&b_riyjtN1f69NxLp@68L}flXr2Lf2b8qF+6cnDXZ4@4wkTBzADm+`0DZ
z?BcBvH)mejEI5(2ZS1}DodJRU7iE4`xTH?HXX>6kUI{Bg$GtkiX~Az7LPyu8f3^R_
z>4x&l?_BxGD&?Na>Z2nQ`b19M7SO-pwFJA%%NNE$i+J<=l(%ns_H@4)yCNs&Sie3q
zdcQMia?<=ggO09WReHYg_Ngu7$8H&Q@ye9)E^m57jQVo3hox;7-`w1gT{Yb0(I@vG
z_locE)180!zFz7#u)eEB^fw=!Ix_2=tMfM{yFPgTmn6ILJC3J(qF44Ab+o4MiGW$(
z%R=|x_nnj&dimnwzb^UZ`!D4ey00#}dhvSYuB$nPZ$2D5Dl_v#o5K-4{?@q{&t9E3
z+phNyrSk3L2S3SN=WjdXP__8xXupj&_Bq@O6MJ;M`KCjP&*_Wr?VCN=>*LvfIWpt=
z@qU?^pKao=-?Zh7hvVe$&PTg{x-Rax`^C}o|9l}jaY!d`Z?~T&%((LBP_Hk}ryN|g
zcfNn-@Qb;sQ~k5L^}CV0t?P-Ptv;ezHg9YmzJ18b(ewJfxoB3Y*Od?5xL<s-Icd4q
zuwIKkT)uGL^+i#~UaR}}2+?xe<^Q?3CUofX&n><Tv-|4C)eRwFnCWmMpx?ZojvU`U
z<eQmx<E`swj8E@+!{?^g$`NmE871f%kiJ7Q;J_=~NjaNm|D$f+7w){fPn;qYZ%m#Y
zRQ}zu@dw|W99FzMRFpT`<Lr!SLyu2e^!UyB?_Ktd3m-Z^_x0BXo>g@H^;(~pdsk-{
zola405JdD|7c|4UbVZHr@JGH^&!-1_FYuk`>U89&n)e{_W>9oiNtD;@`Mn>0WNYgc
zGUCjA%k{2nvi-&_IA7?oer1v%({}ksgHDf~WZiqpd!aEwyB1t@O}y}1=;*nP-7UuL
zI{kx3SjgV!`Fs9TB=~Z?z3agbZ=U?yn4){v&r9ZhY&ZApk%EG&sb6mlosc~HVjtI2
z|Ju8wbms1{=Tjqktn)rPch=y(?+mh@Hh;q3eJ1w|*}vk<Z~s}eUu6BBX!3~3*2QrP
z<Bm){c>Vazv9m2BCMT`$z5mBct6x8!yJTulYx(TKYet23wwgRDx*7%>C!eI{Q}+7A
zRF7G8ZBc$&pYIcGJMngRQb(SBlsjeWZFTqArMrt(MP8VA=c=>7{X+C0=aA?lduNQc
z&Ixc0>*4We{*~9?{%gppoArHv{872KV#|c9lgA&pIdR>Mjqk+t_-?IP(Za88##~Fh
zyLA0T)fd+tFYfUAXu_E9FD!QI{)YeQw?+L@r&a{boSC1rYgV@TpUo=VSMYe&n;ym<
zJ$r9U`pnc*zlwGqxxewqPN(ef9i<<f1zUT>0Df<q54Q(PWm8;34u^hwx&N%LSp&I~
zQnRhEj+ok08Xfjt=*bVRSpT%Aa9xl2(UYbeT{w8>mgt)osvI|dUy}R5;cqhT&xR!%
z$B2U6Lm~ri1*ODC{3F=r@uf+keX~x^{WZ9w<n)Fuc2_>XcdBUgudWTRO&h9={_)WC
zbJaI&zwSP)%kTv;UG@fkU+`LakSN&i(W2}39?y+^CDLN$zROF~H}CSEwD6(#M?a>P
zRZi?u;WTQ4qD#!#v!NHf;(wSob>YNb1rvi~W2H_D1OFL#GIG-7VP%cSukAeMY%xhR
zzdUG2PQaC)GnPFLw;BKE(NnK+YX|(WdwHqTj{gk)@!0F{9~$!Q^`gCt3;zAlM}<CH
zcl`914aJ|YFTcG!cITBhm-GHH9|o51$F8~QDw)#v)I5dVl!u|C)~!10D{@#r^lD7V
zSE1I?gLlsO$t~fxRdw$soqku{e?a$y-@@I0^6r#5K4#kbvHUB!SG_CN+?LG_3#)tB
zcxUpN>>rN)oOth|Yr*b&Pc~RLCQLrPvv1GKwVPH>u)eop_M|~QV&?UWSa58{hdrll
z`R=!xzvN0{?Yu39yz}?^`hdwZt*%U;RCsTX`e?|&zprsjk-V`xI@iZC@Pim@$y&RM
zxv~GwE&4U1;`F-P7rgiVGsd#tCnAfnql2gZM}F}_>>j(>Zgq>kT~#wAdfdvl2ZnU1
z8?&;9EPUY;*VS9X?5x8cuF86Ew|D0?PX?v`Ic(d|V?8H{LOkBh`Dyn*OAgue8#`Y1
zf$DU@dQssU>raKP>9>6R#fN3#eKy%{A9y9?+O*{xc5a(;nLq6-(Z+>e>`{L?_x7dn
zW9<`H6|M4{dhhnti?M#&Him{S7!onOZ_MbRqsK(6y<eL?D!S&(o`Q1|*Ek;PzU}*O
z=J{MNx}9h5^X-DI-yRq{*XN-1+qpJJ=WS0N?sOxs>&$N&cgpvS%x`qw<9+(}8u^cY
zev7=q55@a+JFw^C_KEu@PM<RK&q<wU{<`dZjiB`3M<Nfb@Cbbvc4GcO_4v4H8|Hnb
z`1gN~FL0dqe#qYs@A0mddRn=gg<ZIpSr=Mf@rJAY1q+MWNxx-ZulAL3XMMS$&u@Fb
zo0C~L;(FFM)B0bZ{g<mV_s)-d!~M&F7vH&6@$Sva0$<<3lY~Vo`wb=Ue*Dp(v4h@U
zU7GCNy==5w>B2mT<m2el=nMZ6?-_f1-+)V_Zl4aH-)+T>fA0PH*u}R$_%wIaxnCFV
z=so<?(Cz_;x&<Eks?Sux=*zaFGjHyHPr13@2VYp+zPNe)x>>W<{5pPCSKH<C#ywXe
z50oYho)!AOg~iX6e6OUGxX*`_`VR-yYfABI{+e1l+x6?CJAEJC=S0sTc5lp|6Fs>2
zaQ+Gff8l3^NAd$MUh|H7Bwb!`aNl45osyAr{kORv{`BpI%RLS_n>(%X=g+A3n)Tt_
z)!D%lm39TPGj5dusYx4si=Xf}ZtxPvXZ{*sAH(yoF1}slTPn|0Ib}|;pOBiGIw2+I
z!oz6yA!R<fx&OXU^yvIW-_CqRQil(=ZBzGuBPnLuI(vsizeQOOJO<DBa(Uv^BL`2d
zvlZC+R&NN{Gx%M3Shv*mUMFG?hh0e=G$BrY_CLi}J`>oF6*vs;y<fR!+)7Yj7Iw25
zw0|?qin@Q@-DyDll?Af~3qJ1uk1s$fPINqZwDf4G=U>)*HEBpl!NN$}+r<j2qmMia
z&j%MjR99Du&R@J*zPyol@TVH<tJfxfcX>)*x!W4+(&gTP@4LS09_g5F`To!=|2n+q
z=GuAFVOjOxVV!+$pXYxWJ$1q3_dj!;Fe>HJwC&67(|MiO4gc{M+i5E{%y+OGl^2`(
zwe_dsZx`|ByS?VK@XBYmhKLG&v7a#N(Yxzrj1Bvtbj7_Lea`g%%06z-kRh*I+xe^;
zSE{<dXR`G)`$7E+yN2Aj^2PXZ?~AM#_k29pdCNgZj|oTK8~E)->uHJpmOr0cHzjF(
z$j;@TzfzYJaVRGD@D~=t3&Mu4xj!?jOW1&!JH8mRVb$3qUe?=Z)%E+<@%qiHx6e;K
z7W3Pw-@;-pocwCk<+sBJ7CI$*#C~ye&zFhZ(SgTK*+mbDj`?Ql%EbBIyY(Hur>o3*
zd}iqbyT1O*d9@>aWo~2goIbYMyXsPpy+;bWj$OHFj@QZWP9+V$crtVJkK@<m+4*c9
zvrts{{qpU{tbKQT^&Tn@xgvLqo3~+A%D^vP-T3Qo<7S4%Z67^%Ti3nkqwRc_A6hg0
zV4UxzanAN1jo9w9yQ9mozsemCx#lL?Pl^8`%(CmZ8>R&fo3}S7WsLWly%$3^`aW8*
z?!&K_zLR@0Jfg>Kd8)kFY2o;o?SGy2=DhEcMyZD1yF3`yO%j(S4KMunX#Squ!xwC4
z71WOYDEtebz616~oOkR#FzkcSf!FU%czy3G*I(_1{%f1>yW?-|-E}AC1A+Xq-&{%T
zCzm3=x_;tslkGEix_&fr$M6}w{BkEO|1Cds#^-k3yKEX&e&sWtz*#@!%BTBpT;#j(
z!r85RH>@B2{>AM(`d#~VXPDhPuW`GU^bXzcnHZlE;Of}N&Ug9Q=tkbc#Bp9H%>A=w
zE=qBHtte}r>uaz6nm;VE!J+oMn^hC~dB!IBa}SP6_Foy}`kCL>knr7pmY;@SuUM7*
z<=`HtszOu8Z7LnTIcB(H#FFIoUbg)<5A;YJ+|k}X?zas-0mo<dxO(MmY~qyoExV=^
zuS~bDSXcY=&oPenCt`<K46>f}R&kG*K|Sa13>m!MVNQ-RbwQYQ<(4->2f02ht)9C(
zMXGSRo*!%*U9j7I#K`%7o;K%5=G0C74mZtTp-TVlak+=uYVa>R_uNwNDa!3U_u=C^
z<uesWA33MR%;yfDSKwI{^Z3#1^`2cLJC%J~bE2Yrv(@a+{qGJ@&%b&$aogF_8mA?N
zy|Z75UBAx%;@J&TGT$v<^~AGutH--_aY4iUwtl-peo)bU<c#WGV}iG-Hun(^JuLTG
z@NoBc$K2oeYuMh0U+wBM%j>mr*Rw?nvOZrqK5n?BD5T)x_TgU?9og%*hIc@f*K^C*
z+r9-)=FWO$UCbD-ocW#aoqs#zo3|srx_Nr!J6|02=ooG5x-#*DnC@R6m>+#$;-)3#
zOLklc|N71OpIlu0mruWrc`xXO&*JdU{MIj@F!bR3lY8uV@9^C_1?{r`+sCurdp6B{
zJnCTVj8p4A_;y9~rrv+6D~P&z<?7kb=lf+`6kXc7;M`Zvovc&#*sTe5T=;|2!Y>Z*
z+2;R`kiub+N%K3exb4~L%SG0<OAgpBK9}f`Ua0QBxJOc-GYbd5xhApm{9}W^>K#*>
zy+*xi-Icg$NpT0iop&HfFx+eYh#psJ$9P>_?cw$PUNKj4zD{Z}Y3cgf)X2OdVDk0g
ztcvyidyfD7+mX2ir|TsiZ!efTZAe(<{O>EnE<N!)5PM~9*a4aMh1$BNsrMS3z0}U*
zy5%)2S^LWksdaqZZlyvNJ=R&(lsU)Eb?=Sk*PH~Oxc`t>^y(|G2T1EIWvYsiYE{jf
zZ+)Jj+0dZtv4Cv{#@ws0Wov85T-ZgAUr-MWnK#XKkTrZtcnmJo2nliFbeK17E?m#?
z7RL<k*ucv+OmVPnY^UqMJp|M&v%|;289O)~mVL|N^vf9h?JGYo;|%_@5WaL`MZ9L?
zRO_nDohLfJdrnTDKA6%hB&_L4%;1IvqFsGfjb4?L^NY*JQN71-239TjWX#}Qf9f{>
z;+QS7rv=S_XQuhpklj9qluLup9~iMXohQB#>t3>DHP20)T;f@JH@L4#ajrVIh9^#1
zBrTVoC~Z2_zv-SVcy&X<r6$=qwViBH+>+I&q|+O0s?vKoocQPtm**DG&A%TQQXnb;
zf5N5PcNdERYVneU>E}|HMl?C_;@sj#92j=&QbSTue)758)f*=B+){dt>o?3QvfsL-
zSkZ7^{3>zM?VaM&lX=NgKOf*2v~}aHjW)Tl{*yiU!<0dd<8N&k?%{TCXIxUccaY<0
z_xJC7Js$p-oQqxknOkh&pK`_dvL8!=_|vm<Za0ja{qY6W+S8`+UJvHadhbvF3Wu3!
zkbuY-b!5vF6~hAQ;Gzqx|E?SR-}FWo@^>nbmjAyCk64w-%CA`>nvGy3e(C-1<$%<x
zN?lv2Zu-0e&ZTQ0`|x3Rtg5`368V;wmuogFHUq;1_lGTnWb1Sw?&t0XXV=P^DEKxE
z5S0tr;Vc02Y{v>Ms4<^aF=wl>@V15_Q8^q=LqkJbQ^JsjU&utU(ph9!3R$l$c{RnS
zfb`gEfVm}9t;9`yHjHW|7t^Ax;MC&gU2lbAZK?xb6$#(t$i!z<Bc%~pC6dVf>Lem4
zMic5W&L|8M_*~_&#gZ`;wE9aI2M!AowhC(iK+Ccw+`PylL-W$I#~i*d<GW~J#=+Z0
z%^QcKkC_$KR&UE9&{k|u2X85~Y5_r4r7~IGU!u;2ufKRQPr(62R*9dy@p!O<b6Dh0
zp|z29*_Q=MkBa;xZtT8_w8AJ3XY-Qy#b3Mcx(s8i6|eB_<)j-8$rG1n-4U86oi0)j
z=f<uM?!x7+bj$Tw&GY&GMv_l%O&O@MXHaKd>Ly#wjjblnG;Y$OG@m$8ZizTQ*Qac8
zbsX2HGTr^h)Pne7JD0|lOMiTn9(FhA^0_jB@5o_4+1B^2AMO3*vA1({<h91xcN?=S
z8V59ueBAUFDV|CpD10K%!AiUVovzWwB*5?A(lM4eAxWtJFoUlmLlvWC%b>>u_l)t{
zR;DRe!)ES4c@DPJCmiR$)yd_Bbr4dOYMur`LW^Q&PgVLu_~IY;QRkA))a=JnE^H2m
zV-ICflmt85BEBaS29RmKi+SZZu^JH64h)%2ZBN&GCJ5l$Lq!@Kj!OxBy&@ZNIKiJh
zr!RE)sT`}YTHqES!C6)aJO2fA7{&x52`;|C&U>7owZPr9Cy0^i+RbW_-4_W01ZE?d
zhXMFM!XSa_7r?oZj2(FNh+?f14A|r=BQ^r`(>N3}AxjO}SjQ}~x&Z<QWqL#I68+Tp
zPRhcE&xGhA@Y9rQUFcEVG8uTX$yh1~8yMm#<j|aoPzq#l;yX}{tcN;mCJlTm&oP=&
z790<w%N`bn#Y&!#?wjgCJPO&_-b4=S)h&6At=Q-QXHaHG+R0Fe&4}RFacGJ$2%I?|
zKP&KvA}{c0c|f)(aca2C`<#LXL4p5z`i_|dvx%eH4I-t43w=hMdF7$Tl3G7LU!b}o
zm)9^N1I#Sk1v=C?6oS4yv3iqYYsn^VAd4f6mlDLQ5=k6p1lm>*RNt0y{7oRhpt6{y
zs<D9F_e2RvOcLhTWk5hl2r6tGs?DJf5+A}};^2FbGL$|UFrOR)@514bS227st^NAR
z(h&|T0>^;B5zd9GY{y6B<37uTsEHXIt7ULxf|^bXp9uj#8Yq{YNC=1+eq}*93pj)b
z9CZQ`cmQcSe6h5disf)DlywghmTbyfvgLs&A*i9gwvs2#fJh*mN@<xGo(a`b2_KY@
z{}oJ1XzeB0VbozY@LZ-Tw4KZsj}2j5i5-@g!x=8lVM+_&KBxOL02JQFci~WmAZXh)
zOchftL07zJQD>4;EsS~7`!%ao-mR}szO;owL66nCLv}Z+p6Rr@Z+Zwh&QA5x$O~bK
ze2GedaUI3^_+z#PSsI{*zao4`=cnZi?*}uUSO{T#dC7P<9^()s176;ct>S3d$Of^1
zFPg~zyHNl};NZuC#$l0{moow0`xRrY<F{fSyeL`(K*X~Agb+j=!LtaxG$9<1wJfR3
zqBH-2!T@BVkQS7Tr&43GRp@0(%Oj;N5n>oRiU5)*gU|q%x#$vrAPA|40n5e+qQ%1}
z4j@mF6KP_o5<%8fyTjDrbd`VIHwr@gv<k(Z?Vu)rG=9ySZa1R)rU9Zn=9Ny3j&R;%
zxmp@Xq#yYV?)B*<6c@1;v|Lz5a~Z^5p9@h4h}8|Qqqvq-F2ewhc{oXcyoW>NWjuf}
zgO`-7bqG!zfM7jiQ=*zW0oDi6a1g``8yz@3kU~nXmO%`39Lgy$)Na$H%2F#q5-2x-
z0^}#S;Ja8xeukgH7s_Gd1|lFq7v3q9a6%Eg{e$osN)MBqQ&(3<qkx1$Dp;pc>(;;S
zn+6N*u_%UVbMkQ-jov^)b^e+py3(KtrakpUbx}s)E6u_#yb3xJn;=k|jN%)B%>d*~
z6-9cEZlw4;1$=zSIP)wz4w3;}8q<S8mreRp1`a+?6ae?AZuW}!S2i@tff&X?4J=2Q
zUd`}An>)#Yk}4pL2$p&EgsRf-Mx<8d&RMeQfha2VK_1r=dwDt^xm+RSm;)_o*xQ0j
zh0mnnI8Es66YWD>p@6pb`~JQuFJAO13=`ard7i1FF7aub7W7)Og^d@1K_OCQ(3OW6
z@6jDC3^|7@*=h3NtXQregz&_00#&gGFT~Z)e!px*2%HiozB%xKZ74e;#8m?At}jI!
zHIC8ERRAm*xaXm<M9pH;i5M8B*O3F&A+FWlqh)JCriW&VW$;<6-*EB8fhpmac_&@r
zaIsb*LS_fT2!_=}nggW?JQazfU6s;6RR&e_6ho=f(+t4~-QG+0jY_C_LSF`oVcHlv
zfYcU+i8U&+Py?Lqn+6l@3Gz-s1?@Ox-0CXM?~5WtMCzpL#8xX;r#f_NohdgnW`Rbs
zA|$XqwL;b7z&#33FN8oG)wz;(dvTyzSK68-$Vi0i5RiBsMc~DgANzrL?noI51(Y26
zGFm)PTWe7;S6t>nCy^3<QAhBnlNRxqG}3{G)G7tBCDKD0^l#O!LvEVbR*bYRS0@$f
ze-xqk1I_(m$n3=CI|n1R!tPF1gb3i^{0h3O>@{30WW3Ud7fqT1B11Eay}bNvE3=Ue
z>LO$SIHsSc-dNUPdI)1RTpEP^W0{TfmGm^C24IA4_n=jw=w_~$8ygk)ElMQSexbs=
zY$3e-e`-d&WavDKpwQZh(bLN2O0fb43n8G?ndm)Lueo0q2%>{zQo08EKtFh@UM^sN
zqYV1u3R-cYMqpa#Oze{#nZ9JWkwH|gq&g7_F%XRGV2#2dq|b34Zi=qJbO-+(oDC`|
zAT54$&=ncolVXLjoVIylpw64InW_bx?=09t)NK|L^y)(EycrwcEwh9D!ZYh(-mg-)
zV0w)?;Dwa>iy)uX$_$|M6_EBPzC!T*xv)|7!nGw29*o9hfa{Nh0-3~C)Z##FL?vd#
zoYIy5JG!RG6y9U1sgu5A5=d$x)Dw|DV8+dXkzS^$+P13U$=QyNi~R=fXDjAwarS`>
z1-z;#^t1`9QO!Ob6dc5)F>PTxcq%2-**4o5yJ*emj_7rqra87SL#4*>l|YQKwoajA
z#`zWobgDlw9~lg@wJ1#W|4t~M$9VbwxQ#y#b_T5!XVZF8HyMvl<Ww%c-qu+GpaILs
z;;a=R3yFc@*>{@WhXQcQN;(W|Ovatg7;XSE+Vw4iFr9#wmHpnJIVt(zHbNo`n3kv4
z!3_T%yjTKZPt|b^7nduW>kBLQxjSvjTU=s)$;h%%LQo@RH6<n?EDV_@>Ms8=ODOP*
zRxpIp)i`if&c+CKQ9M}%L93`feoR7EI~nBk${sFnDP1rNV<{k(fydu@Od{PBXy$Bo
zC67unOEbFTFb9^=X5q<#;hr?4h&6bD?v=}?gykP-01V?NE1vCLdLS>sGYuBWtK1{%
zaOdZ~nx$ha64GmNALr8JxN^SlM!oOw^})k&yJ%n7(3x;Q*rCZ+f?GTN<!kFti*HMZ
z@sdQj_0_mRbZu3dFTdAaTwZTX#NcZr+_Uac!uGq1-S1-rdECD1Sq3QQ`{cUC<1)SL
z$kejHyjwxzY*Gu{d#WE?N?u*N<iV0*H8-UDu2m%4#QG#{$+Q1>iEmQ<+CGi*O8jwq
zK*Tj^enMGL^2vmi595<xPaC;LniiZEJmHD-cG>2|i<SE-3*A$1SH>q#PrHy+Q`js0
zZY)ofo249<ly!fJGF5sz#qEr!4EL_u+%D`j6N||6;4VsWkF$YI0vGb75w}LFB_08u
z$#M7jr_=Jz9hmmOU%o5-%UkOM`GRwz{5VhdUHK)!`wB}omn{-qmw1kIh}#rD(xzmw
z(&J0Dr~64++O<dN=~Xu*vZ@2AcLVtoZeJ_0sh%zi7AOQG9Tc0F&U{kfId0$G4e{Ky
zA|7mDP$?G6cs@x2<ff;3XKLYtz+`c)a$i>2>V50|4>-sKE7xz0T{`U8qZD`hMNg0m
zUnX6+QIWQ<@Z|js@yX(pJZqckf&_<%2dk?+#sbD_xgBhCcoMTQZG?Z#<x470_a%#f
za1X3OcZaOo?kAThc_F#5nRnRcB@g5Q)9=Rwa`W$w7}<Ao;TZAbR8Mu%`Yno;7q)Qk
zZt>iAW^LcCYdcqp#If$H@1?7+oq3>GFIb&6a%EP@#*|BE2BXNNt-b`TS-K-v6t`qp
z#I?sr<h~2HM)-U3d-b}re(A8d<kuJa9lNkqW$mA^$m7ds4@h)B-F^D8e9r?vVp6es
z?eRKZR@%WN*o=G*ih6acDmUnXJTQ5BT!V7^gOMjo{89=~NT-*j=Jf&L2;QD`yE1*}
zlZ1Hb%FXVplWI|#C30W)xJ!FL4zH(p+(OxVlvFkC)S2=TBlxeY3LfmcvwkrVL-$_W
zFO@94;huixLBwSg+v-B@rIU+~ZH?Uz1&Z02vYMB)=s?_qjj06*Pf`JEukHDF{Zp6b
zKR~1vX-Nq-MCNNf0`eYgUNZ6!G$ZA{e5HS?qRX+=E3oY(CC@{a<P+;&CEavMiBf;8
z(S1wRnbO;jq?_&wV$Y==*!A#q3K2nv8}}FA2d-~Ss5~=h)9HjRcRYJ}WTh^;yWyDN
zZraE$Uq)1%P9i&4s^tm&QD}SR`Nt<+s8sabSC)3b;nJCrz5ULtoh}RPmAB!H&EwQX
zsaN8ldaJG#By5rt#H)HmG*$NK8M1Qh-o7;s6)V%1)O0d?rMq|Ir*AK;=ujG%)9Ft`
zw5u7U<Iy~t34bL}$a!V%+dBu&efx`7;ec(<2b|YAW^ZW@64s<|(K8ly(*qvdQa^7e
zY^rxb=w%$UU1R!iR^;^Vv+BcD=liT0!?_qWdQ8rLuI?C<v&w9b%ZiT=e-ZtsBaza1
z`?$_cic--65$uD%_*plO`J5)$Z_!l69n%Dl1%nSdFZem<9OvWXuWu2J7FmgA#>5;9
z8#?Bk)09KUeS(^j%j;laq+!_79irSt>0#U?509GMMX~N>_}J%`%UfG5N^(m$*1!|z
zi_)L)#BtK3dS@u^OZSokFFEj%1B3(r`UChd@^QLSs%*5{ombVkR9XRNn!{F!t+f?@
z04c_@G;7R)nTMcOS!68s4+(4HSPB1-jE!V!USZz$n(D{efMWz_GeKxYCx*3V;#&?j
zt5TnV!-$o{mfAAt?-WbcMg)z{_-O@fQ2m{9Z8aN<8cuzyK))A&m9QP6?iXIv4*GCb
zPT8&7k(gtd*U$(Gn3tD#XqdDLd;$9w;oNey7wBVQTyY}TCvNFwd=x@})E^(6Q8z2W
zuzY;I;8ra2!)x4l$#(T?f4cLircv=rU9gn`CcO)^G+9=2oV9O8edcO4vBXo6X!?ZB
zIV@*UWKqO=HRcTt4%P-!r>le670n7{2Pc?vqb=a_gX)5;Ps&mv%w>KPEX2hdEqR&u
z2FOBloRV#$1is!bbTnn&hynu<8f-WsV!jb=YdH~v^E*hvq{LsihPNTK*iSzX2AoC0
zG1^)%iT-fG95zX$i=s@WIf}`b7-vkT8Ez)7_72Ss$N;**riJz@{N2QDfk7<d?*q|u
z$XYg}!vf$+Rqg^KTxBJqn4Xwfa;6AUfn6Los*qm`({qJuDQJ4(Ab-<yO}354%s?Wd
zm|wyI9SJa?6$ONsiG>B{f(eN;sgE~nXlS;FG8A?OHS1TmeNby4uuK4JhdIPJ2i*Yj
z5VoTRd)I~*3x>Hans&`C<kY^Saf3b{wzx7Jxbyh#$NvMtf<wgthe}cod8Zs&Sw;pT
zqV0fP57ua0s1YiMV;KQm2<)tTsD{mR2V`t!AZL=Y{IVVIE=o>^ZNeK2*izzHnY9@C
z#$w{?aOfZ}Q|#0R`-N9#+i#$`%ml~#!A`^x8s<~MRF0RlbwYwuviPtKJ>OWUDtR@7
z5bAIZoO@E~l<nturBO}>Uo0PXkzi65k`*x`4N3vgMe+Xkvg#X5_0tq6911JLOPnNn
z%z#@31#pK^b(v0iKOVLOK6HStU6w>dNJ|SpOLeBiKHK+&K<`-`5Y`|e+6dFrL#K~c
zZRqx0ND~KBc=lScejUMu)yO1$)=NqRg}^->-XmX>5z2rpze93;sYvIi!F{Cy|7VJR
z`bgVAd46mt2sqqq>UcRHYy2lxk%(m)zA?bgud}GwI}|=h$;=*IEn=k+#d`%DNa8Ne
ztQ_ehN(n9Y%;oyoW~RYalNxX#tw508m+8l_6`7E>nXFc^IsZ(^w5<jOCG?Qj+G-_!
z6NO*M;O7;j-)Fi`XatdX8;(!wWp0M<)u_)h=wNvUcX_gM>dfL=GZ<QBG9p!IdTvV`
zoom{S*ETdb*o8GdaLnsDLF{*?I@w|1H>0*uQ=zL|*s=O57F~Qc2>LCR`twRNs$>{R
zagGw&_6X4_EfVxuA-;;9?U8M)CGXMr0V>6bPZ%O8nb&7O@Y5Z}POpG)(;JZsP-uab
zx)o`qxM0>|gKJTAax_Q~-3!Lbm1Rg1RUhc1%H7eROKGu$>>kKPg9Oq2Z!^!kdTAb(
zQseZSnkE80j0yu+^VI1?uwE=PEHhZIx?V;dfctvMvL`EcB6K>`ZWsLq(DuOt&{9Yc
zzd7Jlrgvy&pfN!zqBKYl9S7-D3ft3#kRi|cWaDYT0!?3zovzkv&^{Y4*QI3nscm5*
z^1D+xaurerMU_wJrt$S{f18>u1T24C72l<<1g0iP<hoG9k%5jh_`%{E_AUlsQ~*pi
zS+2fS<4-%=5y?Ymz{HT}SSHkIf;mktkP9>NHNyb}A#*?aw`VhOWS;u}6A(B<ITP%?
z0%GLRs!Zm$GMLo(YgS{%GET8$G=8e5Wt3k?Qc(nPv~hy`f`!7kLuq~q`1`TP9k!kY
z;Eckzyb&i>8Nh#yYki@@T;ZaD*7cYyCR8%ZN}O|`1)~V$g=GL^T?wkY$qMa?F9Cl)
z_Qax;cm;$CT&NnOp87K_b{y@u3^Wo*f?Cx4s6;B92+(c<QQ*+Vg8}%fD-o<W27vix
zMd^AO0OnUWmi5K}Fu$xQT`vQ`{9<hEzQrQ2jG!foc@#ms<vomyVr;Jfhl-vEC7W{n
zO7NFGWI=i%6$f8AVQRSUlIBQf{nQ<z08-Dci}^F@nO<fRW91G4?TfyN7hyWHD1p}?
z-8nUbh4pJV8`egekXm0(w4_S|$=FR{>q!jGq|jzKh%Ci<u{NG!vJha|s}5Q%iIkcW
zANbTAF0NKUdip+h%z#>bV)rayN5%-^D4xw>q771aL@1VsenQnZl^8lKder+n)5GCJ
zJa+*T4e{tF>7kh54B|;B7Fx4LAkmhcQv~uL)L?6SozXTh7KRolR|HPioUhRv*xc7j
zG?7_j9P$fqa)dT=**4SkXDk^ra4iAtbVv;TLK_Rpth7nV+R%<CF(*p_lU}2XOmw^y
z?-$;VCmGamTxF{@-9btpW{-{yFL}4^&jd11RsfM`-9-n#=Fqpm#LaZ(u_6C|GSaqy
zDmO3?YWtTowDCnzN(Dcy?G>adbUR=VhZpQis3Hr)xL@xaE(|+yMM=Rnv0R^epEzzz
zeU+Oix4{Qq8#keE6UOGkBM4rvW1?(aQl2T!bxSyiP-6kAj=Ww&Y<2iJP98GY)0vCF
zTu2`1!4t(T#`FZN93axKAd(y4OMzX3xlI!QT?1ySwu$4$mP^wh<_yv*M<ib(x*8de
z>r+>X(TM6MJ`h2AKBR5J2T6;BVGa^Zh{#kPyrejf$BW>sToL9X0b-~!h%t2<5{Nn9
z#nRU9?0j+b!Jj?)7S{B7bfmrm=Ti&YroX@TZjITdi8bct_nVtvpvW6>ue`-Edpvh?
zk9n>`qd1%+JBLCYx<cO$M;s4567m6uV?C(HT-Tu?E*!JBU0-*7{ezJA;T&aG@Pkjt
z>43lR?_V4a#4`9hLJ~MLwnxY`z~MT|w2h$qY=YHQHcpMAW84`BM_vE<Z(XPCGM^SB
zZ4ikL#x$jI=fC>lsui40Lf2B!!5xt?M|_+_-MYox`}Xsr`4MS_<&BF|HdKgnVQ+by
zPh4C*FNy0@hOe<6i(*#?LCq{mQS=ds;|ji96u0`)os$f$FMnTh;3WrI<-jY#RzY3@
zw1oq(4+ETYUSn`&p4$0xL-50<x7w24WLUGtD2pPKp`SNk>o(TsO@S7FTQ=BPl0|cE
z+UMeHeV%7(wl-0wLbeUA^%+gu@I4K*30AVFLEpBt&aG}t)Z!ZeJ4ytF+V|(;dv*=Y
zyVlDuG&D3kv#I}*Dp0E$hI_1b<B4MDiF4z|#&MI*psuCHN7Hb4+;__tC2g&SN3a02
zE@_z<RO?tDQSPO(lI#<+A|`CS|5Ly9KlN*8sXMhZ9j-K!>Et~`z?etOHP!GZ_~vQt
zW`dkCL3E(a0iDrOMBEP~o=MDsuqYD3SQ5V{Z_MnSV}pt4`8#?=u_T@`fPj&RawL>M
zXArNJ02)9;h%N!pDN#wulk8L_-PC3WN#nSU5J&{AVq;GiEtt7L3EN(ZFo2Z}n@Gr0
zHybP`n97K=A^v#XJ+)MniO*#w!Wn`ElHFNBLWp6pkb<M=LgF$=0IO^o<`L43mMw~;
zp=!}s9Wu3O742V8Twb2*0j+`gEnykowN{0WT(zxz=oPtKl>7{SvuXQ2Sz^$ZJ+>Oo
zl?szcxW3QeH<D@|N`(-Z!Pr|kJ>4H>7JHB5`-|XEo2UCNu@BAiwsod#I@F$jrlnYr
z@;#GcFzje^ak9MancE9GawCCCGLzOYLXbgZgnHPJPJ|U;ve(>XNPR$aN(P7>pE0nJ
zP10!9oI{|&Lh4354Ao?$$<Sgl(~Z_ffNxxylDsqKK+2p7LA2GB%l!w5*U6iNaC%Z8
zddR6z7Xm_=euc!(7~ZHb7VX?+BwkAZlQV7O)g!=+qL-wB6HhDjkkjG#V+O-570n7X
z)!W!;Dx?9NB_-=Q81YO?MKc`uvy5cQM(#pF80H$OGp(>ddZTqleR461+X487LkPjh
zmZ>dNSIU0I5=ipM0C=X7DU&uChg4~}tz)U+v`v_Q=i~BEl>#q68%bexW-*taRu-Ds
zpJc-n1@;~V(eV#^&XjbV?|XKE><6wL`$cB^?F5pD>FozpxfjYmjY(c6;{8hJ!o28Y
zl`@Cf5M@CumqLQY^oLd^U<ii7nVynBno&arp@HcFVe@@@HM?-^lA6LL!bM{xM`ouf
zJxR_CqhNnQeP*#yrb50mvR1ka3U7vI-y(^u;FHA4k__U9Lu5n4FTwbqXuod>)?f#Q
z!K6+#FKZJ7ipb4a@0bqLXGc1rIGsT>{4`}|)=EvaCR!#WfIw&xcRpS~Wf6G}p*bXf
zayTJD0Z4O~3Uu>BfnueXO9!Y9(G_FC`liyMP*v<bTEvFbNhTtk4*nC#miinMy>zzR
zz%qTY(xswaP^ggyBV4Pd1m8&RgrNqdH7Cuf)v|tHKR_kjL$j7p&U#?qN9%j6P(!bk
zBEv8cLMR%H$FUP=E0@LZ0Z;{7VwFakE=U;&7+a8>KO^WUQ6XM!7jUIHw#P&7VNhGB
z_BK~lBBr+y!A%Udq4jTJPUhsZTQc6`VOf>7q1-~1*n5<2Z=-3DTrWREVh5;1&9&c~
znN(&3sclMQr`?o5K~tb5Tf<~ZK4a6AYqC~oI<VEGc^qbSf8Mq=E=V|w)tqMeJX6B%
zWfc`;$xx{2cUW1joTk@`v~7c8GNXEeP|1~RvvixB7PuF79&`&XR3#v#n#l%8qoA<d
zdo(E{b~7^FCZuV|vIoH<%DwR9RDP->u2Z(=P|lT`jX;^RzX&uEPX|G2<7xu4)q)w*
zRB7d^v;w-1G#r&EIpKz8HmcGHIn2ljwR|a|S*B5gASEdc$}KvT1fvu`t-P2S!~C1A
zCg^}j2dh(20!cG0{&fUMIaL$hs<a0g$OvX~3r)9BB?)DVu8~m{5lf+`+e*k~R6`gP
zK|nH#=dwgrw-2Dlmq(Fz3ag>r(W5XmI+1!H59ol6F>LMk6Vubf{Euk*(fX~mk1DbD
zu>gz$0UZ)>jWp#r<LZOmLul;KmYKnku3s}He1k8lH{R9j^&c%))O#8VHBwD=WLe(T
z!QS>@RLRUz<SGT^xLBmU6{p*mv){VZShbQ?6Rq1!SZ{DA%NDu;83=))K1GX^4>fY>
zwQ>*u6^y#vAphnx8memznz*&5Rx>~u<O*H%xMqazQwj9m2Ha2ITFb4~*AnS|o7Lrj
zW}_7336Uj6q=jh`AK|1IFNlEYex@8gqw=#SlS^+~KHn!Uv)H%1jGGcpP4Vf0MANC-
zB!n_C5=oL<u^*X1{~^d4&SE*CMk=X&9#}VN$~F+F9><3ye)ju3xV}u;b%z5^=h$K<
zMu#h=mHn9_<61^xdE4VM+LMT+p$t<E=w~{6u$*L?THi+4)cETE4zf^eHnelIBn)Gk
z9at>LJ7YpHYGiOBAoPsZ=!A6+fuJ^s35lN>tC@K)V?xlIF>4erk_a9h^h~q^m<aea
zqmi(JO!a1%3TOalRJ0gwQqVoQTp{t%g(ih!A?ol0d11O&4h2jBKwnUVK4$0!YmW=Q
z<L*An8DTh^-FkV`>9p+DW4LA)pSIrrLGoh=AOn8|38Ef)23-pwD{d{BU1~Nff(e}!
z*(jI8agOfSWL&p|Zm<ZkbUH3agyF*pUOmY=MS|T8*d%fXcZ$^AfHjLiJAC-VgLrUN
zLxm7uLb7z#*XYfLwGVfK!2<%%tcInHTmeFFO%P*Vab<A;;E7&@S}caB^&apx6LS?I
zU^P6p5Zp^7NRJ$1kU9y%3LXGP72@zt#;khz0;+g7CP@j>N@(Z{DbkRJGy(IF*a6t)
z)vLL@wS)j3MjXKBX&GS6!?X#AH1IM$8$bN?<c#BqLr?y-PiMQ4QclKOpJX=Wygz*+
zXUXhT&e@KRpqm+U=0(Or;dE}0w4DP(Ccp0b_CGls{P|*_8)pUQ6%OZBI9RTO3nz3S
z#D4(0g{%h+GLAzh)ZB%6HUA*G^PIn%bfTOHHWIncZwe9}oA*iSsvN)&B03?3Bjx6A
zInk8FopjyFh4U51Y=|hPj62Wy`t>Ro%lUsl5ffcCX-a5SePnQj#WgsF5Nf`TFj9`3
zx`pg}v>NvkT?TGScR`IUy%n^KA@AkyOAfr`z)KGN-W+&E-O$(+ELAl{s-HY<-e!$1
z7DZ2s<e8;!0Ig9X#qH!ThGVQiF9J1Y4at0du+=YYJ?WX##ria&y|^2rEHm1h_F1Ph
zgLy14E$CU}Z8yFbYA+SGwd>Re9M6+O=IZ*&Y+GAf$IK?XfMWP~vN##_*%)z>+YQ+F
z4vN)wRIH?^a@F$ic^ma;CHm?KASkf+1B0YX%YxUIHAp3Dp&|caDnWnSVHgJ?mX$(h
zCc@xc0}_GhQEhC-v9?w<uAEx|Gk&zJ;9&_ll)pbBkmuc$KYH{iZY$@8aBNh!RpyIW
z9yB$>kpkcfAQK1h!=jkhZIYjj<E(b+lhf&x8QbHDv!jhj7FaF|h3HuZhZ4b=1LO5F
zfGqn}I)ZVE;skzA9EIR-t}{ei0!PZ>*L4Ahz}Q87AxH`X;QbK+-$)w3l1B;wf&)&-
zP}ChUP)>5%pxDTW)lgV!RS?g`A%m7Vd?gle$lE^4NJeWa#{pmT%3Nf~(wohe!2;4R
zDKOwAayN-o15IxcQwDRYOz?~^H)Jb@s7FSkOD;JLJZjk?19fDHwaJtETD-;dv~X!*
zSi2t0=<gYs$_2WcCm7{T6^PV;%=Lw`rPA#0s}aRKey61BNq6qtSyWS_BdywMlgl%J
zl<rW2E=bZSkQ+vLbOoFwkwG?52&YrghJYXAhklOPU{|F~lz4Cn*<s_5T5hDOq4E>3
zIOI+YOvBfZ)Sr~Eb&(YUQG8gNMB>c0k<7{WrJ0XejTFm(m92(;DztbRb=WJD%A&<K
zTF5kl@*=8Z0K*_K0~}K#su_5c(MPJu<zVcN)t-$;&WtOEb*8dh{ZrGx8e3hechH+e
z0&QxO{<&*%U{b37fnw!Q8FJl|+h$~sqRu6tIwIi7S)is&7id}@AIk2le{PvX0+;jZ
zA5r&*mc|I7#jLabyen(#8-txA=?z{e0j4>frf3;xS|TkJN+#10zz2sIfddt`KJ4Al
ze<ct4LHH0+<)q7HxcL5ASGf@;ft;;=4z;<km~4%Pr4f*3r63i`ivHpUa5!GR3BvjN
zQR?<It!Rb{>kW=p%&g>$L%rO$99x=-bb$5gluJlRh@2SYZdhzs>0F}M+^!|b6%)6X
zCao2~&jW+50TwAY8FmfXkrNENhLY?E!>*ySB+IaCFhWKiA9iHKv*a;s*yDO3ZWe(x
zX6$te@kjymr=${9#IOT}4|cVxh=Clax3Lu?(&u*f%d8|H`)kJpc4nxY6jmvXC<}U8
z$!T1T!NsdIIjzc&=9VBZ%o4{tL<^u$Gy@_*Sb-L5h|pKcP!odUM{&rmH!?1{Q2qir
z86OQbIil});TRz#D@F{BgkHZuedVvC3w87Xe$cJ})NOH=rJ7TX$OiE?rPUq|26aeM
zIzah29Hg9a5{(W7z1le7x1O%1$<PwHs{{aa>lkIr4EsgmFpPEr8U2mFj;1l5iKey-
z0MBU$^$c}~ohwC@mLzJU%_&USA8J>K9?+Ok->}cX7mj6$$_Dl^#v)NJ@UGE4EYf$f
z_cyZq$pETbNC7#Ff(62OpBGwkNE(vg2FLo`X;d4MAt+1fG_MPuO>{GQ)&jArtIS%F
z-me>0hY%o`>VXT(dg{S2uf70E>3l@OUZRC&_N<tIhkP)X%@eF9JXnWawfU19*2hr6
zv+p;M+?YuUoJDBEv<|&r>;<q9Yc+G_5j_y*H4b4B^#3#3C}aTpu)Ah^EFpo^ib3;r
z&<F?o;z>nBMb0jPlch39T9Y4E*EL6+wfS2IRu2WX0F!AZfUMK>n(d9hBap0<R-2Wt
zC<1AP9IHTY^MiqqK$^l@0{A~fW~{=o5=?oS*>LWXgm8(J(6oovhW0dC33HhW>!`|R
z2N;Sj>NrsJJ3V2B9=+cM1d=+3lz5vR-{z2LjbhOXMom}sW>38wnOA~NqkweMY{6jS
z>0cKD#~32aKGBP2UiGM3#)RwrQpJ5{#JR!LIt%`?iwKqD7+s0Hwenz%8;og8GbXf>
zlti<HO3yULc_DaSzH+fB!O!th3KveB-?u@O28S%&<qATJIjfL<O1B12hBk(KNdyzi
z*nQk`?@)J}*n;fQ@mzPfu%JDNV15hiyp+cmz+`PvIjZ8rxGXAId3|dZg%p9x`~-i^
zJG6<4=Yc46SvOyzAi|X39_8!WxmA9!C<$G;0p_O+_l141T-xb{jnR5xCvS%P;V?+n
z)=MLU5ucvZu^8#a!7E#<R=60(6Ppmxa*V`55NkzJcX|eK&q;)ynJm6U^gA|uWHwBA
zp`%%#S<gV544DSQ>QN`1nHR2?G{0i<2xsw?WE!6gU@p|$4kf)%1rN#@w~cQlYYPqj
zuthBh_o)SM!nHoKld23C_)73`AGfHfaJO5~eteLadfa_ggX@0?at9v|5l)6HhMVve
zBV!vp0IW{?h{H1p9w5v?+(L&SO}MYCQ4E;3;KHIB(_(_AH;|yd2)hKSItQ^Qo{R-x
zHRfH5kEUvb!99ITal;)2_#>i8!mxDo#X>|XdU6r7j6q+O1P3LgBf05Vs=(oZ7zs;9
za%zz<vd&pg_T!zbsgBOEa4C~=ggX22GU_H8?+7@K#>34YE;Am{TxjnfIGhWw4-I)g
zWZ*X(&Yxf--%z;HmBV>`+T3Z@ldWNc-=Lw#dVB|p{hO;+jJX)~=8l7_a<1;^)4SW~
zRh|BN{NR`|%XjRUG~=MzKR-UctJ|BCZBEn$*TF5WRor=^&`z)YGpEzRRo!e3HC-2p
zB9*z^*-fx1@BLo}&zLlYGo{09F4yV1-9AJ6UZ1k#(DB`KG7b%J<|}?VG3!tou-EgA
zB#}5-iL4?lpK=42jQxR`TkYV%mkXOK)XVUf9C*ormmGNB9O!Z=;LdLE<m5zI9%X1S
zEyLh4PO#84(B}^YM^ZOE|6EMW!J@{j(L~Va4`x{by!pMI8U2-nY57_e!TqH#igV7e
zY^zP^`H>zhv?_Xj*xQJ?iQ}Bn#w1S*F5`*uf87wi>%fR1l~3+pbCo;P4e=Mn&BRYd
z0#SX%uTz$y0-TnQN>&ysv32-}heteWt^Q@QWM8?&zpPFD8=H1>A^WW@eslViB_dOH
zvSpaoGIC;1J!2O0Dj*AFLI5%o%Mcchpr~LL5A=RxaaA>t*g3k1e??e04`4fkN$=N_
z7!acniYLy%ANcy&Mh_$NO4e%w5y+e;#ve{?<t;sg%&R+CQPb7;5U4K?)Nq*IXGeBs
zFzNlK5zH<KCF2S42R@`_FzNpiR@5O-C)pbOF{>;&r-zVvO(2Hs9E5tdOm54Fh`DQB
zKdrZoJ}dgDDIuhLDF$s41J$7bFcp^Y>2t@_Wa#??<ua;`Rj&nKr}ehcN3Mj0L(wqV
zAJ}qY8%hESX<CA%89)qMmZexrVQ^r$ypSIt&KI@&mHy7Ok*I&{;x_U55rsUlD48E1
zFNR~z+xuG5oGisQJT2{Xx$)38EQYcItBln>C#as1cBb4<TMZ@rfD&LO?cfCcLg@6H
z3@ViY(ET-aobt%31gnzd3><&%R$iIB)l%vLGDFvIdlW=6YFk1}K<;KBZ`<ga>xh&2
z5m<GF{wP)fU@VK1BYRp2=BL*i8?TuH!#B7dk}NQ_`6?Y)d}t;(O;rK|Zxj}YB`_w@
zVMw(^5ey^qZ0c-7yX#PF#EY7TUXjEyJp9?DA}gg%P+G*p)*(zPn?aG4fwe|-j5e^I
zU1WhW8<YhXq>QD5w1M?(@)SX!u^H$nZIuj)yh3#)Xmt8I3^WCHhOJ8m1+7vXf+i}2
zLb7{Zz3Mbka5pK;9}u#TXN+rG!!&DhE@Dz@esy$XO=xo-9cY%4_X05J#ckRA^d^Bo
z8AbR1(5$gB(w|F#ZiK43v1YVM#%lm4IrE?;5qa5?+S<^csh~(DMS;%EwH7+unXdWf
zz^p1;wNz<k$2byp7B9Pc{Sni6`+25aeWNn4Q6&dmK%?rAYS1Vz%{6jr)KSRA3UD$>
zR-9J(Vvjig(?guRaFe@ArK*ybKxYPuqMkKnw^Dg`&oS}#=KqqvhJ)d6C&9_^u;3T&
zcEADFTj4&a>=TCqN)qN6Z!yM04cnOsjZ+tuwqs|)jWka4wdv}P%@>GO*b_>a`beb`
zu)r+?gs3gq(H1#gy87W8v-an=_SZ|2rB;=I3NA#7wE9+;A=7!S|IJn?q`|?#{v^{M
zXaiGU$|e}7`t{w2;ip>va}Ev)RI7-AN^2&Aid8;1(J~Fr(s<>BSkQOt$}7_wYGHyF
zg@vG04<yNSM*h~&5Y*V%0I8`H!_}%XF<R`H77Jg>Kske#6mD8zSRm&?$;$MT8+%YO
zxl5t7=J6v`L|%~~TEXkfOI8Gadhwd<y;lEzQ9)r8(DI3iQ9FO2X&^14l?o!%@)gpF
z4b=G!%*<P*Sax!wIH&c$#_r`It`la8rDug$i1xVP?DotGshl*uBfQcKgep}8R<|yd
zC^d{^VkNRBU>XKKT5+FuxP?Co(2#%KOs~U2I5`rm<IpUK;gxO{AeJV!43IW{y1Id$
zzEG#MlbH-`^);~$RcGKkPqfej4OXQ8%Hedwcl>Wk>$pEi{5i}#=~)kh0<eLJ+*v9W
zf{(ZX_yrz~cNtt558_L@6e<X6jfR7S0yIqs@m&LjQ`twT&uSLJsN>TpI)Q`qxz><|
z3R0$LAOdt|q@7a!Ha?Bcc}&H@?#ihPKyYZX!veFZgN=^V$<*xnt1S5m#x%-R&>2#P
zZZdTPWrl`J_h?vVsB#Tu$m>EP*mQ-ETxn*B)k>5&%8?JFm<SX_Ez2Pk<d6ZRK4+p>
z37s+2o(mf(3?>>#c2y(lA6O+L4O9aORgL0@nJ^W|LJH!ifh6BuRnziAkWweylR<$e
zb+*$$(m2U_1CAD*G>Pi#HKnmY)-sIMBsJMH-egF9K!eeoA+NG>nFdw`b|GDpM3eKa
zmZYCj+WR733|PUe>#!ILl@J-G$xV;7ztWvyH?b@zh%DL=NV-ym@X{B=M8i}WueP>X
zaT3dx@x&RJeq2d$2K*4G6=ZltWI#TJkC4?-3>u46*8nLZU5tUrM}NJEepedsuZ3kN
ze_UvEz{N)aJkFHiCOtb?auoQ(BLFw(Re+^1DFDniJ~gWWL`wFAA#fOzpkX4ObC-%c
z^^`XNcq^t@k87Ei5c_ag-&{h%5xWw>$VRgL82K0<ZukI|-7Ve@QU<%hBM_8%A9Aha
zeb~x34*|Mh?qn0-62Ry=AOfD#AuI)RB3Dl0f@#9n_&|*D!vRG(MoMruASPP6i{}#;
zC&#d#FbrYiC4fVsA?+U0*Ys`F_j|0rzq&x~^{L>~gp9ZT^p>CVlh<C)7WSH7E*v#+
zw~(q!{U>$CrhX`g^FAwRqL6wq8yGUpb=trWgq&A~&ULkRwI0af46+_H@aWzUxae~)
zZ2z0)3j6*5%9=X3Z(zt=7Zx7c+m*vve)wO%3>JRa=i}%}Q<~i#*h4hGNs+X`xdC<r
z?lP}($>DHbn<k2sHa&@1AX?khz_s~o8KC^L6L-NQ>$}cx?>bsFdQAQyIGeB2iMzGx
zfG2l;+C5+**3ZT`+){}?K60(v?S?2{fg3SB_d{5KpCOGeLtb*=B?n$|;CJFcm&l1*
z>jM=h4y-etVerqKR*i<nQ$B}K%OZ=4=YY0-D1-SpF9F5+DYV1(<=lL#V2-n}`Pknx
zrW>Wq8D{A$w8}6H{bNGR>R%+`E~lq~+IyS+7_P8#eQ_F`S<}>jk_b6$!U#@qtUOa*
zUYS*ir$f(Ql<VP9gL-H+YO3Vi>079Kr=q^qBu4cZeYY?+y<+p`%>rp&UDHxB*I|`Z
z$IIC5igZHRFJ_IwLiW3XpFMjsh$I1)b~3F^FatK-m1IXw<Zv_z&Ecp)n9D3F^v~sq
zC1*-wc}emTt_Kh7lp-0AACT)NTP?{FiDh6&<cjmlD@Ac)FcoqUSV=l2CFreW>mT6G
zKrc+xcoBxst)ot-MAHS4u<ky>iDJuyG=rKl9iWL6_xVA&x1txPiZ@LzBMY?y)e{qY
zerFLu1$L&Vr;WZ_)k&rBczV8xqL47lK-CSIH(gDvBDAeeZN5WX=8C|o|1pM1W#T4k
zuP7F<b!W7tHnnN%vZleYa_b~phHo9Io$Uf;x>)AWwiZZLZE!Lgz+~7EnJpBx<iuLK
zt8dr_+kna&B!#MNa>XXkDsH(F{MvThl7N6c8MP16k@Z}F<eGsgNVZ0&BWMW$yVoE#
z)&^n`e(FMFktvHU+@s)vgbh$D<HT7e^jikxDzJ$3S`2k1q(!>=0WYz+j?VxAtCxJH
z48!e!e0~H~2e7`90mb~^EiGlt#j0$pYjvP(0U>RUH_BE|QJP!@Hepc$KM<_qz4-D4
zhJUzj7CA9cPpm&L=LhEgz4<>G53GW?Q4hutsAU|TYBVTd`3OyrKUkFWH_f4GH&aR{
za*3%*ODbiQB>-r-rc!}UOd$FaD`tkK=wLB*!52+42BR)x*TrzOs4|96uvU{6iiG@t
zk;I{8mfAPpa{)~v$&#|ln$@Zlo8~N$tN2iEzFfiWC|B?UfnkAi)dL)UafJ%;Xxlzy
z4|{5LK&y;nFbEDHBf2q^30dW8NokZsQmzzz3SC{gsEZ`MyzaXZtp&pf3~RXHib!eO
z@o3wapql~3SPl;0bS(&-9ok$5s>BU&Ds)2LgGz9K3#$jvGBx(Ad8KLmFyNjt??F`^
z;C6O)wxi?%&@u}KJUw#hyT;9{>Oiitv$L--qJnA#Mawb`2Vjwe=v6GyrleCygWxI(
zK|pwuLD&SgdRCW#3vgv1`*3lQNJz;(X++f5CJ+pLIuUp^HC#~5pqrj_1NvnE3!^|c
zCOb;HA&>(C5=bdn8vV}&!_k?kgA_~(Dx|GXvy8T;VBm2`CVtJ}g$0dbqMej*wItyi
zRvJ+^Nu@1g0C0&@MHtapq^V9U46{B38PL2_rsvMVWK<irqlFeja22JR+KvINwPP}*
zzd1q(T$P1|RZ1`@<&t%t8m<u{kw}M*SYc9hKm<E)j({mOMzYFC1b}Ho%P^8SOF=IA
z)!~u01GSV@H(-&e|4hN@v?l&^HxbSd3>5Yp428;JNI*iC(U4mHmr=?hRR}}wqp)Ke
z(i8+{f3!p4RpnFj7D|XMU6?qIX7pG_Rc$w#4;dN=Cq2Q3s&ru@*&_!%z7PV4ND&|y
zIkpfFoihpo`On}WLyM;9%di2GnIzNr%(!p_6jDiW(nA<Uq|rq;7>hu23M_yne{@2U
zdD|ZrZBIg{fZm2E%~X$u>@Z3vOtr;eS0ITf-thER8a1zRN$k4s1gVTWXh%er=wX&H
z)hHz1Q(i{3PkO3HU}d}{HmP(N@>)j(NDUj-0G0>;i=daMTO#RFj8jWsDPg9_?FJSU
z<4!+&<4|0#r;5$ZZjeKgaZr8}46k6~fln2Fh2!=pV}?RVs-mrrejL^o=(Z+CcxVhH
z8CC?f{G4yB&SD97^I2Ue02_sbb6hb-h*+uG?O+Tc6~=;U0UwGBfu!UBS&OpEax9t9
z&6_F`MC;H>5bzEWbCUxx(9|Hgv_ZrUz}sc_kq}f?NNPv%S%MM>HEGJ43SSmg>&$JH
zpqSTI76C2}J?H~j?Xw>}yAl?XQ4(oloH6?X6KCuf1Xjl}h6BPaotS1`*aAz5Z2Rm@
zFCu#xD=8FRE9&htX%ai85P7KWVqY@K(5#FmEHrblOl_S-tnYJh3^Cod<0}I3gvm9r
zSU+pCvMRY&GpE3cHE@=+y(YsTh6ymQC*PJbuZF*rL5lil&M+23`cei=OKtmU8;e*r
zezy4wJG+u>A(cZr?U5|goMyoR5SrQt8!R@k%!Y6r0UAn>Je)#4wT12_`;4yam}=mB
z7VIm;b`MKQLXJl0EwGYnD>T;Z8j$uj%c62i{NnNJZe2<ud)CNCw7$%WU9AT!<=w^o
zW`}TZ+BAGPKxEoj+>$1T#}d#QeGn=Sq3}Grcnn_JA78T&J`VR+2_O;KqIVZp{vP1t
zB*NO^ir{cu8$=&`79+}q@7`kFkpd}6DM4T1euM+1h+MI|5y8l@Zsd}$TbO`srz-<Q
zRfzi$K5+Y;J7~jki~S+t226yz`r;p80VKFmxep6a4UroW9?#&5zk)%Sn}AT2ImgX)
z?~T<C=N(-pgpDhD^OaZaBkTV3g?C1m7?sPLZ{=lR3o~>&Hx9F+--ZRip~rBe+`r(4
z*?H4o_Z;k<)3{EY*Ek(qV9(tv!Va3imOP`U!6ADe;MKU30qt=P=cAdOguTafnsV^X
zgQI>t*o`xKRo7i({x)Vg>k`~^Z;K)u8>a1ZR@9N(ZV&Crd1ckbFFv`nyQyJ8l}$8k
zs9Uh2&zLcsK7HW6+wZDH$DEGr`8cN3Y056UgS&Gr=YJei*L1!f&e@X&HJ0X8AYU7o
z-on!grR0ubvT^ZloKIX_HP$~_1a4d!-cmVU#=YdgOAfr`z;oq*b4guex=MPdsie`l
zvMI}~$;I5{S=@6a43P&*(a?9EtXw|#%uLC^tTDr~$P~ce1*VZhR>Xdnyjsh|qQZ#W
z41jNej7GGE?Rmvd#D$24&vidVdS02CjMwVni?qk@h1$SsY_n+7*TKIOWck6B8KDuy
ze)ggJZ;(%1hNG_a2-RDn?ULiG8{JTcCEM=EKD*#F&}5gQcHYngcYRCM<bS<$5xcG|
z8s2I{BiFl}rA^ygEvbbuA><DCvZcaLXOT#=ZU%-iA0|p;ew8f)D9UwXY^Qido)E%1
z$FlY%*@=kx7Nh9IaT>z|`ADjPtFAyql+lEA`W?j?7=q5M&@Wu+LvT=rlzOnN5~rmA
zS8j5bN(nqQ{Su;o9JA~KcZI<fVbzcd!YR8(1&u{Z3#=X)p~ReZi5Wk<!~re8QCcJ%
zLJ5mgg8HU${NQX-Afy4Ec@1oyHQ6oGfo#XFQie@b3AJ3}DD92#h#yGb-HX{eWcfvu
zk#z=`3X!FRB3w!1ay@idnN6)PP}bTEOxRbF4t1~@z33Qri(vgkLk`DA1lukt0C;w<
z3@;(8X|&O{C$qlcCey%J1Z4T85f%f}wb|jSfRF()zXPV8-2)sqXL$vONu(vU^yjQh
zJp){)@(c#rEUPS806Dq9x*T3kWkzyk6;GfLQ3flzApnGuNzCc{lfNu!>sT(A>>;Cq
z%^TXXOS==bV7OI-5<KmwW4O=o9-`>z4(nvFqQQFb7(UX!ZbAg4TPFNc^{WR2uWsB`
z2-uO@9w(6`xhLBDi(+qvUv|JuY(uG+B(7&>@e+}!+Iw^v7eEg9h|)qcC0y>qtd;qq
z1TVi4xlxFxFMU%m{Bqlpm<3GeVM+?Wxvl2RO3Wg25z?cnPO4-^$TpssRYpTjYRlYe
z;{SaHg=fnelli(mAGPD62rIxOr+0T0QInMECMBhSs9T=YMcC-e?`hMc+_$&3s7)g<
zFrf@-hsvjsY&K!#+caD<5b}mZ`+{=sfvnqF_r=%ZEznAXE1DG!5(qcENV){?B2Cx3
zAbMKfR&trG!41{Q2s!j6YJ=-#EAeJng~4Uf>3D^-K<7&9EN{P*@T?L)`-sfqwR}FR
zxRvYzvMPn=sY**}2+b_#+lE3hZBq)eyw_`P&4rB*u%A``7Tr8PnzpL+Z^|9EM2-sp
zxjw)Hu(YQc6o5qM8QyFCynvxP9yd78{^d!1P;ev+N-72R`EUj+xvh@e-UtJbC@u0P
z#jJg-TfviFl)A**ocURJ&2yl^-NL4dp{;#HR<WN0NCV#?G*eL}AzN7@sc{fkGLFyx
zJK02o7xTfjGd>C4)s!d@IohDT7=4N9Lij8QA4V>3mpr%jlZfIDWxUelA;HrlVY3f1
zh2p|SD~3T9cOKQ$2RYzH-f7hh6j33XYqp=hz5X7oDviBK`h?Jk%*;Z%Czj%_S5x~z
zV`_%+A$O5Z2OY)kyHTTQ*SN3KL9_a=b`L5}&?D4IgLIcq^=IGOf>1-7k*9f@PN4ob
zdM03?(i2q}yrf6c)8>q`nWYv{n$0Q11kHCN{p&+iK@$^GdLsdj!}Qos(!cqrftsLn
z>gN>ef(W2<p@02b(pdEqYt`FBmm7jbIUEfq31N&-HOH=p(p(sG>oSW4EfW4e%CZAK
zImr4KN2VGR>zkaHCaXY$W4RWMmYVuzB>+=|ko^j_vKGvqMln#yUruS7?_!?KoX@sl
zWn%(P`{?ndFPV(ebAwwg&Hx)vHgQ4IePA0}UdQT|$V8ZG&CjT3dEuIg|1;`(`OdO%
zxN_RtcA~moQCZ(KQTHS5wk%yRvpEOSqi7nRmFbHg3<fIg3p1?z&sP4DXVf|(E;n$a
zu+jn-kh-5JVi|M{ln-pE4hQNI1cglt!?XE?1`YSwbStCFnlmMZqXo>+8Cr}CVK8KA
zN|u+Gm!EAt9xSS_7Md>Xpn$ck5K^t6<tM9+P?lH2r$I+y2ttLt1VmL<XSX<;Ri?5>
z8XQ4B?JZ*0T-#O^GT2F<#^Q`7D&s=Tr3}by?ZyyrADDc|7cfdzQ|gRNVJ)HzP$jz{
zy;|)(khMr*?t|d4ltYc`xEjP-<meWKDKUyb!GpC{z=6dm;)FDn9oQ=poP4rRnnclX
zETZUaA>tEiiHy^Moh^hz&XkpzBxYqhKqbwt<n#5m%eG+@18XLhO6%IRx~DNEFcUO#
z54|`;gU%@xy%g=_7nc)+OmttW7G3D-fE5$g3Jr%h2jQ@$n961?rkEwsfiCoHz>Le<
z^WQ0#`aTNRVQ4rOQFOKtF^QQ~`e!gSaWEEFDoAhD6H~K@vV?E=?jfjF7L{p57(g7g
zLc+{Y^p>{<WW%OSSewOz=a!zwRa|mmaUHJJHsbC|Deg;LnuQzd>T%CwuoD828;FBs
z5Fdsxc&dt&Y^1Ejh2Q!rOmhu4+>te4vU8K9-h>e(2eS9_1|lSvv^8J`wPlzq1`0?f
zga~{MA~}0NF8eia{Sg(}c=;IfB#X~a(5LnQROCKovKCFQKE`d9WJ@Iikj3hnd^m4U
zj@hV4t__IpODxAQ=8=wwnkswr3|Tog<VR=AA6C{n)x2W%N_X$ZPv2fx(V;Xjr<29i
z3Wm?Rzh*_c@66kugp9BGU(4@~4L$ZM$E?TEy+`)W`xl3^b1s~5Xwz(hWgPQvU3Y|z
zF@N=!nSJ_<IzQ>J$7gc>Gv=2mJH8r~^Yh1hT>jQ=%+<rue>%1xSouWc6Wk~gap#R%
z_0_lUa0X9^Zc>P1oU6FAgX=`!5yio^RCKiAo$HUS_vD|5o*R9=%1Sig_}Gb7R+l5!
zcJDWS9bvi{?=L0{Cg(ujjKggJ(}8tlXKh7_3B_!-JTD_&a^NKgUUJ~6IM8dvVo6<4
zP`}M>*o^X28R{iAZyNds+_<Ypgy!|dx?5L{=TM`guItlK`A2%%a9cCk;q?d5`eIe$
z3w1#<SyIGh#fBH?Oj47t+%{`Eai%h>yj<xZt*AVsbda2>Jk#_GsKnP%%W8-NwOEbH
z@DtRM@3?^uya|1csJW`~Q9m3W<r2Y`jrV^!F<WV3muHR)L#Mk`0FrH4tGig&ys)=`
zV@uOMNM{8%j1ZSW&Ka?y-xL`VWx5)cfZ=O#6Yn~N(-<_@^C<$Uy8_^YLP8rZADeb#
zA{z_v6i!48R8e;sXzwlwtkT>+X#h@LOW90tno5zLfduuXCVsg40dKKv2E4^!l_E$@
z%EqIni8!y-GJufYA}ws>FWH4P{fDrtRuM=h=cFpz@GzrBNV2`tyfHYV4M{biY#be^
z6E>cKFg3z$f|Qse{+T~ucCfht_9H!p%TW3C^zmq$+)TR!jk-5gpp*s*5tAKdX2JzU
z)9zEH?k}UTz!#Qqx1}<@p&C)ai8@03!DX?w&_ZDWn*)?4T}@qI0*7HBDh{BkGj`=G
zq+z?*#wG=P98Z$4S&pU~Bd#e}*`QVm5u9CqHb$1ei9YWZcm}<xQl)#nHFh~hvcRBV
zg}NyScMF0wh_dzJf>9|8HQNiF84b+ZTugejX3&#uUWmNyuDudYa-yqQvxOVRFO;5U
z9E=n+tF>FKIiz!KrdYrtx+Yn>?TJho&jBwwrgw1?JGPV%Nk%B+Ik*G0WWOBq@ia+5
zB+YmZ34kn}4BFc5=5YB99QtZJ1FokUnisKDu|7L^rgblXMyJX^!k<?)&~-p~)5eGC
z>Wm>`rs4k&)IHPY@oa`>1ceL2PJN%kXhV3&s&Oe4;ej0ulo-;zBg%WOG1TtrGoam~
z(jv)H+Q7$PjZMKqU^c^DlF%K_)+{HNe*=&mYJ2T`{qN6UBH@q}I(NcfL$Pc<WL@hZ
z%|K9RE$T?iQap3(3f{=BbT|Wcf8X}LiqtS(QIoVbWdM^RkRGigoifcGM%l*I<Yq(_
z`(#xSmRBcN4L(3e{YPD`dwC^fh3hRi7?b5AE^C>mKO8EdaZhCATOs_ar%(tfi0fW1
zL(G7I<fgX(WhMtY37m|#58;U85j~0o^Zn^HR6H*QLSW60{UuSk3`s-O6lsuLoPi<e
z%<kWJPe@3Jqma&_0^9a%|M_{;*EFbhQ6Cy{S*uhQeC;85hv`{c5H)#2^5|&rp}ItU
z^9IbPotY9p98@VY@SRoNaHlnfprd&XvP<<T$N&~w<T8fk+bP!QNBdA!Dx_zWIxDmw
zd*m2DU^!i|W=a-C(`KV3ol{<xL_WYG+9;K`R+!+Rc9lYPC;%4rO881_?#>ycIBkEJ
z3)`NCN}-(^^rYx(M%rn8x&v#i*IWWCYAB94T+rfZOp<}QyJ(G5Ri+`7q$bQEd?T5&
zQlq*W97K#6%sd}QVfv6pq@59}?`U1WGvuSg`X3MqXk!XyykvBz&;b|E&9isIlBnfG
zM}enfZRKx{HIGWTpxnsehTwE{8Qek8><g&l(q)(*hzb6nZU#EEFWeqW9Z=Vfm-vQ~
zLwr6zK(4-8gE%S2p4Ty9t^f98fsnfk@ne+=R$!}MgMpzPCBj?yG%NwXf~g|RophsW
zCCuSa5dqT>D6VaNDO4+!6#rRDNuUaDwx$jkD+TSjtuJ6BQavODGCdcO!xqJ%c|oCK
zU}~w>nWo}&q}_r-vDE<-GF_vQG^nB7oTRz0OmA!uV&QQ#1c$Rh(EQ-yk#=yBPLrCT
zkXn*+yQ!nQp?&MT;&9rQs^7F!)!3w8t13lsPzF-0Gh&$1l$)=+=h4X1%9^ICS~$TR
zKOG?s%hJ4SegH7FzvvA8C^W(sRmRh0KC%1&kPF2!q?74pLB2~NoNWOjwi`pkkU=oi
z=6|)-DZ-#cEZY@T{uh>AhtRUdYV=s0tXIqQwiy879CH|%%as#wl2Qo+OL_(h3DfjJ
z&uXtBz9~&rxUB|}weGCIAV*w=KCJ1tlv~j#6b3kS$KRK7Px^yq+WiYF_kVzK`giUo
zf(uoR0yLXz#~spFYhT;ixc{%cCjp46>iP|XLMEV@MQ&)K87(fDN{EbU8767UXy#fO
z;(|-4h-{;lxuu1fAt00G!VplJ5F(3dZn5~erXvh$f`Kq9!pJ)RIrqNz=FKnz1DW}K
zKTmvf-@WIad+xdC?&qFM%Q!SoxiDCh`yR2Vh{hq~tBGD8Y=u_iekd`%i291tQO|Jt
zMA#<{xBxG574lM;sKlVYAF2_iEd%ex80Q`WtbnD3xm7Svn|l}ih>=NeR9_?(D4|J>
zn>q;bz`_T;xp^u^C`Z^|iCIC!O9%=?<Omi4|C13TQGV2*-k}m-XuC3g3IwJi34s+{
z>en%F4F+aGa?>z+YBjvlUcC&)A@~0l2Pt5#$Q97Ueq<>oPhPjs#a_0&KBu2#<+84Q
zGy3UYwmdvRX4oRpZ#(1OOtn1*v<(Y`dz7CD8}IStn>*qDWyf`n?>xKiNe_mx{Bq=a
z$9Ejpb!S9RWIV%&1~KC9Xf4tNIz#X7OzVNCeMDO%v*vue?z^^g<fp~GWhc&#=<tU9
z+2Qimo}w>zuj#$<+3ku@_4((e?x3Wo@Y>s2253&#N~N9-b>&izFETutv&<V$tWd<%
zIqh;QnltviRZ+yb?Va2_-FlxZ9~A9={I9!}L1|lw-Om}D5@9o4OLRQZHfX|DGz&@8
zO+#TtCvL{HIz->{v~Zw>11%i*S2)m0Q{xw%Qc|6!x~jGQrzsF=+Ziz)_)n*53jd>Y
z`>(jpEmxJFE;B{z!}b@~8Z*deJ{5S)R=)Y*&4hfEO3=_YL^HGWV4}fkAnkCX&O_F+
z9}LpJhvjccln4yFlfPP*@Gy_w9%Y#)!#u*BLA^>EgJUduaHtN)SmY4U)dM)ZiozH9
zCRWvPKpi|RdhDLFa6g?kr8dKi3|ZC4?egox^{ek?#HWEnWPJTV6Bovx*htn!2UrJM
zj@Z$5k8w~%;b3Zp!wn9W5kgEKicHRe(_rwx87_JRZLt3`6IkQ@SZgC(Wj0Oh4@r6i
zOu@oR5}a|ffD>afOcqi-guieY4zRL!P~kU_eu0)Tyiap*7VuG>r`s|Z8<<xPp#Tp#
zCEl%xoh`rw=nyd&StN+_3aG724ioeE!c?81!PaWHYK$aA<23L#Ua<|VftrZlkWE}&
zSy81eL}3XmnL-2|^4JYNU@I1=#6Q6SP0`?b<pNp0$<go_@Pe%_N*{)mG*W{MN<_04
zqu2rGWat=-hRl$WGG@@2A)R}VSh;VO{ttI_8K5|cOjQRM0o0GC!a`%SAz`z{JdW8)
z(;PCEj(+qymvG0-oc-<@xFU^&qE*ujbaYO;JwM#G^~o>tP5*2O<^)U5v9uLS3<#F#
zcr4B>5yV`pfxO*nEY&Xu1C19ikWBxKq>>|?wAkpU;oJSRv7u309t@6JvI5O}2_5E1
zS}v5XcW~6AL1R7>&pKh`2LjcVAO!`pFJ<XBKOl!7KC6w!5_+zK*u@Kzh+QD8q;M{m
zy0O9^%B*%(m4S@+9_g2oXo3iTkg4zrKN5>x*@zjn04cKB(j(*2fG!REKpn?wt&~7>
z354WRF~jmUBl?w`{q;-xX5%8lOIV_elar^YxSJ(m!Nw%4tVy-XhpQ8$nwwRtuu{sA
zu~6xCEix&f+otQJw|{yeL<o<bT^R|6c$Xl8`VaIItnjd5#-&py-1;cYj7}rDfs7GX
zE-Tzbe*ZLGL9eH(orh&Fp!Qw)rlgxWEfLp{U4{fH+osUQ*{p^vIJy7~=pOWeejH`n
z4lu}Aw@q%|JzlVvVAY5;(xm-)G7ah$n<Cv6twq&2(v)HkaoDiI)^A9Mbl%dtT6qw;
z#o7ecF-};8jkFDedwW8o&*c{6oL5dHjj1`6D||3iNC~FM$7TB*kfy1o>vZ(&z&dOa
zDuQ7^1l^(_<0R+iWgBm@m+8fY!|T{QIp0!;X5TYi$-l(*Dljv%+C3Xf57Te#sVBcQ
zf+)MOh$P%pY#D@Ny*kaQyJD+W4LrpbukkAXSzyloTXamMhXqYJq#P9c>o=}`(J%W&
zUQ39Y#al*A$piD;PtPMZ8wKVO1HgRvG#-cs%u6i{$X>jRx1l(in3#;$L>0RHc3Ed`
zlA3=siZ*B^IfXz;L*-G_$)R;+0b0v+zWu<HRR1$MF%Ruo7wGV~|23d01GO3~N|)Y5
z%?DD)ZE|Vj6Rci7C}_Z}OZ(WrKX^v`?E*?TlBZ6|)5IE@ehqx+-kH@d6~WPks4WDK
z5ng}<i|*XHqX84=zuh;qIjau5Qs`1#KNlL8>=os6^bLGY*Q93q?MUTq;`XB92MCU$
z0}C{%g)TYMc^<R!ou^68_PZEsP!}|*rGAm+MFs*6jYnjm+X{oqkPw)sk2ozG?0ND3
zL!;Rp*$kX0fvpw(;J{$$JC-m`@nFOCQYMVj=zksk^YS#o&?Xom`M=M5e>e>L@qZ(t
z0QVt;*9s~SsYsejkvaQ;8B#yzTd@bEnK}F7&rfn5b}B_WHM82O#H9DFY8PBM;oBR&
zvm*78X(YCZv~E=of!5ntb7rA{LYy==Haz;HX^MF7;H}FP$>9~!%ME)+&%Tsl*d0*x
zFikk$a0X3~=zOaH?I@eq!&z17n`YEaPW)s*SEG-iZ6(4PjK$g~hbEqzV9qt0DMA*K
z!2%(p1y$p6<>x{dg`ll*ql{lrs!gg6O{#V>&Hczz@tV}?VcD8gBXSD@YHXdUnX>-B
zjS7apRnW*eJKxIIMu9$3K9SpoU!pprmtr)p_R*xM1uVUVNmDJ6<`Ohhy62x+Qv9!4
z|NQrfja8>*!Ysu(wY0QY(y;K5P{SseMzO+vs`1D8#>-3+Q7|DlWtgu;U=;tpz$Ad_
z*uiwwzOe!~YKYm)>8$a~ckD@$WC;Xa4`dJG-)CtPHcbAzhz0xJY#-d1s2Fb<{!YI{
zQ*3EfxSbqOLw|(#3=^vMvmKFkYPA{$HN&VX9BLsZRHDiuF~(RM`UY;!o<a{|O|fzw
zs2--f;tRKJ(XL-QiE|Y}u3_x!aiH8-`x3rT8L|dH$*UYu#o>$SD`Es<oKcHl)u`|o
zasgg&91!eCP65qDVz7}Ij;sPj#&Z~<5Chey)<_IUl3SdKA5rlnH2;Pv?7~+tyry9+
zM7siMBRYP^&~^?XW)u1yN0cNIl0|5n@dD=Sr}b@44%mJoV#AAar*%#>7R)LuXYKIz
zFWwg|9d=VJzIoq7C4+?!V~?eT5nuCo)`Mx&N6s)i*FWzV=J7i0C4TkJ>yBaT`!GzO
zo$Eb%J^7A=5xxFo*l2=61mEx>As?+!r;_>75&x}&8@Znt88$M^G0aiMSa>|~W*GeY
zhG9(Ecx*dxK&M%!+m7%Y=;QP2^Im(j>1Sf3W3_m_w$#QdrU+8#B=xG*mPki`rz(oE
z{MF~^S;qSCa|*@gUT)ut=YG>WV#2wQnC;)3E3bA-D=h_ck5^U5+k?o>DlEcsEVG+&
zVDB+45cqd!8E}2sGD3RGtAztC9BARdzrleH+xq&4x~o*xOX&f~2Sh{YiIz)(jkB@=
zeJbM-{y|@HHJlcMzw`&Mvnc|DPY;svCfPxMkO>>ZWppZO4DccN8P`g92nicY!aW7W
z2~KF68vPlIWS*a0g?eZi>>_2W%XwRm3t)u0`+y=bsSHP{WTd+lN2xF2Sc~XPk`pTz
za3Jdm0n<~W!AQZK!kpUBbLOSWL!p@{_+v+}VgoDvJXiw`2aL~KV{!+x6=Xx0*hZ@^
z0nLXrh%7Fts18n3EnFC=nlWR>ppx-1Ni!9`e>g=fYqL9dmBGitz&udDpt}szdIzW#
zz)3G^Z9!=)3L@(pTv1xKicpG1L*VHK*DaJSIP9hTQ99^WN6(a26Zns}_02F0>5lNM
zkt3#CwHgY9wGUvNMo6%b9&TdIjfqwB3hL#A&EpH?9DgD`k*b%J=x{U5ROZW&VD30;
zD|5^lW}`+fKI1T|Ag+{rGaX4FyvQea?0XUV(ip6<lX}q+LV$v0KJ{tZ+o7=e6^!Kt
zXQ=8hwX#BQ@J0&hX<1@V28im?5q!{62|O6ceF&nXr-T3yOD5FGW{yPH#R3!*7aQF!
zP$|%_1^qZV!NXciuq7Yt3uH7Oow|fss?bwhS_(BNv5tSxlRN0XN{(Ob1J#A9T5%O7
zAFm%L54RT}Ctn;5ZO~gryoeJlrTEfM;@7m7d(Q2qMG!!<1pQOFA}I-&g4q@@Moz-@
zn1T>8;@w6;tz@#%#d)kY9tmWaHsqJbP2<ooeq)n0Is&CZg8?Od<OEQduz)H6A;COu
z8b^R4F7Xcn(TrDf8hI`mjv!W6hB)E9FYr(cO+Y2h1Yej)HvwRr(8+N@7ajfN1cIP2
z5*;CU6f)wX(P1|%NuV_j<sm1b98bHEFZu#y*9>&&YMEY>#@BRV^`<d9Vl6kQ-q32}
zBSaw~(8A~lp+mtM(V!kpd*?R|Tma3Iqw6K~X*Sl<3u&(3QDB|~*(OP`9R+L`ROlTm
zV$Dc#5_6p@f>P>4bR%2W80)pfkcM7s3hWLI$ny_K1QV=a7c0USEWtMOlT+PM5o-#%
zK5oX}Ma&UJ&h@Z5D#AXtwz(8@h}q2Z+BT?p#oOSqZ4>*Tj3rWKCbfAx-Ly3I-=Ylt
zZ}Y#n;^6hEu$!I)Cc$$H(6obpR34nYPipuxDmNFb1CS@4^qM4jUQdW&hV&5-)ES1E
z`S{JN^1%UyRssnp0xw-eqHwC6@L}6V*eH?I@(GL{=@?l;yjfFd8RSDqj1!3~X!&Dh
z1O^RYs?v#*48RZ-`NC1!B;pck2}Ae7K5`Ofp@=8H0(-Dx{SgWC3jq-3n|QFV)+kPB
z<WW<F<WfaH3?uVuYHU^r-<aE$1wcy=@F!~w-Y}f)Fbs=;&2(%<L#97ebgV4QYAb1V
zO182YhURP9A!YikPj8;Fp-?(i(UX`-tW{L=ZIi<iJlL$iEkUx_UKg6nkmlK#*Xqq^
zM9oE$TelkRLaUHdiAp*>3_=2(5_0p5m|@C;=@#-3B*Q=8;)LSjzXX%RwB<64%JyMQ
zAQ<&AHO*?HGvp?m9+9~uc}ate%mf9~!V-004jm`3JtwU8Kt(9pDuB_ON0!n#qB@Y9
z!>dwjD~(QJ^k>PKBU4Ylu>k#Px-kgOj~jZi15cbc3%IF2)fSlE)0;Q5*%sJy6Hc84
z%s_@M$CTM|6+3g@X)vMZr}~`LM4_C)1PG=s8bz9^<p4G|X!{}{c6;2ILboW8s8=k4
z50IDKyhReEk>w1WDp?V0VyYf*?yA7edJ76HS8@vj4{z3RS1(h!<=afF1I7jL-QeKh
zK_x;PhmoY6sh>}3chYb%gDa7w)ITw!oS}QPChBi$wZsV)OIRy`wXVLUBwm9r{mX>)
zLAmB#-&g-@7-fULC;P=V@9fB(fdwVVs8qLF!)1_N$D#K4^h%Y~Z<FQ9Ei)}-SC&X6
z*G~=2d75k;rbEMYn9#~bvPvyV;E?jtP1~gfEL&MKpQbBTjInhol2c*p1&5i`Nm(Z9
z->tp^<CTW7(E6Fq)Tpls6i|gTFlYKT*vP6J$z~K+gG2YUc7S0M+np1xumuc5Dy+{Y
zSKd5Rg5NJMzo$F^3vzJ8haG`&V?V33Y8ZAXQY%bw*Y^+FDrsG7sHtUADrUYoaw&Kh
zGh^w%_==2P9L4%w1);9~aw8SsNlE_t72D0E6#42~mK8Rb45`<=F;tUMq$jXgrz%Z#
z1giyhM)j5_^;beMZ>CVd8L)ih3fsssZW<K~*iDI11ZOPN8so5>Bvlv=K29<z?Q{tj
z7GY4tG9aeD&_ZYIZE9@rG_lsJ$3{S6vccdRN45r~XOr`gIF_kU`qH5dS@sSt!$y`Z
zj7a@8W?JZ8%A~v_Fs6C064fRC!WI1xSh$b>8WbghQCoso{aTJo`_~cTHtM+$bsFs;
z2wei7=g^C+`+ttgEf^{I6<qh9f*LEGQSIU-F6J@Z6hOt6X&CqmV$>!=giw5ud!h<a
zf#Xwvn1Ob#rX#jxB>+}~DPdR=(nu_sjV(e-QF~`v3SdjYRLYQ;-x1_%3?!*c0WVBA
z-W8z+0mi_2^Q68D$Y&fx!lma}0v`(y2a%Q)2o_q<=LN@8^LnN9wafUnN5pMw3+pa9
zwU#6I=eIgnEpKaAmJg+D<Pm2W@dU5-#=VXC4)4x5GVPe4T~B_`FwcH9K1{IgDuf4P
z0`@+$2A-7Lui5T%`af$rJ!3P#r*)6r+XoJOf6bZ^W44Rd&e{FBjs3{4v@3QwDMGdC
za_M+Qc&C{gJ21ViCe(UqwbJpMYs%?V(6L<Vr9D?Zen)wy@6Ijsy4Q15Op)7&bI0~X
z`=_6cEF4x1>`ARcBX2|n>MZg(_W<6eN|c+Bp{c<VA$=|G77ny<poIeulLMkVWi>U+
z?`y8#zE39hO;1~-wQso()i~SSAE~P}We)kq$$ZehHq?GV)6s$)X`3GFABxe0dt?70
z3Iu5F%)W9|5b2+CKD_H{MOt^4Y;SLGKj*sXe&Ly!*?uls_d#gy7c9Ki;@C3;Uu5td
zG6l!3_i#*0G}3Evv|4~;=&@tRf~pEU<C@74_PA^_VzV(}8hsCAi`BYIYH%Y!_e>{q
zZG^Fc*^?X{4na=bUVy<bfyL!BVuTBSnd+-LTzalaWDYL_5D`q!Zz8Ofs*M3c?vubC
zLKs^}LxPTB_w~>TKFHcYKEn9J{0o0YnqN6g2EPepN{BFGNaHj*?9w_4kfC$pY$ru*
zc&0)TKYM^eksO(0G}0vJaH(`^_D52wpUYOMG_wG<QA~QxHkx~3BBvCJ0zdt9^}U>d
zZS2a5uoxRo*MK@8V>&he<Az)#97Z0P|4>6{u;K~PW#&iYAZHSXD`bT@Kw8XTo-PxU
z3DtCm4J2bVr2#|(%3&+q=JwxJ8kiZnStu0ThNXZAq)sqUB&cD$X7dz@pquAi0hbKR
zCHOW-y)F^HBAD`WzXWY!X2DE4{%STFH&VJtfUwq^Tg8Z!>>vz56vF0<t;eRw*ROS1
zIlz%%HR8~Jy79R6{f&HO)c3=a)@=2yAE@tRPd*<39-u)tBBB1+u#)UUYfq~iHhU4I
z&Uv42tQmX&BKBy=28sq%5E6DDrkj0T%f)vNf2${O$pn2B6CKiE|H+Z3;&PSH2c@KV
z`#B}~&(Hp7VrdC<WVyNfU7)BEXAg+=Uj`k<g3?PYC|AJ3zVldVag%V6<lMpdN~)SR
zMf%dL_tju6Fl8W4he0PuIzP@;Z;11G?uGgpZj3j&6m-qlos@%mOlu4W;jd9qX;vB4
z?f}k)KyTZP)IfHuWk*HPA!tFVUg3s*G()AjFxz=qBjx|#=zCx?WVDXw=9(+Zx?(X}
z$2zC{(0F~&;h<HAaNJ;od)<F&gLTRf2dREohE$za&@mYlouFPC#X+jD^DTzZ!-;*P
zzXnx~+WlxW77w7S5X38ky#4uscC#9b|K);?Cc>v(4UD4QC$@_+;2IHtYPGQ@08Bz@
zH09x$xk`iPStkbn(;|&5qI<?rN7xDKzuS64={55iW>i_nEM)x%R9E1E3|+zI^gEGS
zzwnCS@XYFAnP(=Z<Y^)cUF%z71gm!0xrSElV1G5+FUiotV_9JiocxK-M*{Q;BXqyZ
zI-T7)w3`RPevu{hEj<2h8Xh9zDZ_I1yMXno$P6n|ZmuATnDqd{hq1$eMOmfhaqb~f
zjpfilS?6?|n>Tbh^#5Qj5L*BGg{i85l`QN{{>BgK&{S&D7YVxqb+xlgI2ngF|0joZ
zIvTwaVXCkD``3m?X5PRtE&VyW=j|xhuCJCCpTjakyE1;xu2C?}!$-zdq&BgUauSR$
zn5SlvBL%b@rl9ozsJCLTE@L_!UuSrn$PojIf*w>T)B!B4jx6x@p6$#y<nzfk(NW#(
zm`nyqiV)5&YfW;I5I=Z{!r@`Pz4(DheE^6+SLs?2;Q9b8j%gtDGDOZD_X8&y_e+8B
zaojXsgup@+X?$}pP+T5%U$<IM><gZ!ICv1mGW7-|VD(;HuAZqWL`P>H0&QNftagnp
zM#G;3B3?+gQ0*3UyP;T(K21#^E)y1uXFI#819O|R#)g#Px+MK=#+!|51q$CGwWJn_
z;h?F}tSJ<+y55)PHN&{4r>{2=0l7`H)sn!2Vo@~~g26%_Tz}9Jh2F?R1bBHfB!fh8
zXyy(pL}sIQ)zy0w91utqz_x5U)L%6+Qmp8uE7}Ll<QcaE`HI^d$+2%vBoc>hj)V)E
zCNhr%)?X1fE@BCUQ<#8oEzShue~hcsN#B4}@ZIVE(0<vW<#(<hC%2UnwJ{ayju98R
zZ}d8T61}}_RK_E4Ik@>*hg+Ui;3CR@e_`Mq+z&0mS7kA1oTZUH)30IAGzeWm7@-vR
zND20R=z0qLLlHJT4?p3cR@{tv@Og-&unf0bF=}85M6JcoLGVAM+t=`Z3B3?y1;VN^
z{akzzyIv7o@`1hpL9TjD0k0Iy42Gp|LQ7O7sK|)8Rv-$ped~>6e1v2W179`2wVD;~
z`H^}FGqjWK=OH55aB;X+zV_=N=3w*^(W=L4P$-N%CYo)F?u_W}`thSZMnBImk9j=b
ztIzje$r#I>UxkH@H-d%fXCVP?L-Hajuf||bGYnjzIx?)!&M^#gY`YCJz^Co!1N#qr
z|MP*Jm|3Tv>E!c)&yh|(1DTWZ0RvAT{m&;(F=~~<DNrl*QjD85r-<n^i|OH2Tc=R$
z)|QXoqpefKbQgW$1Glt-&S7npbi&y_ql(79BljsE=riY&I#v3u8h5)R6%*56LM|zg
zkF`o<=`{TQlw5~OSd8kb3327dXm0Uq;Xn%qS~&1fIMDY}t!kS_`&n^Su>1a6Nn>fc
zD>bT6ae78$a1Se7RCn6y_QOi7(R3audtLY89>0I_={T;@#PR&*O<1L9{<-)@lV~b{
z-97z#9-12efx<sp=DLj9-+!R_Z3vmDE;%JRJUk-2t|TifGcz|!I|YVS+b<|CtH_v^
zoS><}@vPPj$E!6s0@jkD7dhmCpVhT>+R${Bx-w+OJsIPErI}_2weA@(*ST%%_QHm8
zK*PvhByqBf0wU=o-A$H^D_l*bkU=<^`nI9-zF4|?Kw@=;n}E0(o`glgw4zFX1i%(d
z3_vsv1#2UQyDAjCU9$NpCO^Lp2?-fOV&jX@04QXfo+6T=PXoJG<qC6E60N4D#xJta
zC4+px3-0V$N~j#iDKfzls9`>307%wY5kEfqY4G`!aMR{iQb9iLHm^s^IL6Iyb99*g
zrB<<;Yn-n>2U#6WOi%<xbe>qLpwn`?f;^q7k|KbWOAa77gihVWJtyZldXUEo_=oI+
zCX}+6EFiNB%?Ke*VHMVNQ|{>KO;7}UDY9Y!T;)m;B|#ttm<DO0F$IDjQxv9AoO>lR
zGb^)_K2^cPwh|jMY?27ASE8xLg@UJu%M{q5;q+e(61;v5WDaiHahDM;H1S33Wf{M_
z)(lLzh>?MCl;I3hk6Glb8Ob~?P<>{>ia+q0JaP_&MSY=w1StPHBLAcUp|JIftVaU_
z^$KYs563?Vr>R895EfX9F`;tF_LETrf@&$D?F%vFrdNp2{2(wdmOvFD)W{1OAFBWA
z&#6LW`>khLVEB`sa~tYK%_Gs^GUCX>jz;o>UXUfa_{O)4a4Dc+X4vlp0M@U=4~SVH
ziF6&DYxkhZUTlKkNeGN3##Je3T(X@^P+VWW;C@0Ah;dbqtkdu<OqaqTCh(G#ZX`mt
zU;cntT!!M`+)?!dZV;G9omnmN$jN8sm6{r>o6R<?gp!O}{`#g3(AWIO_3~<>^JH5g
zug-^P4K+Hs>J?OHMm?8q6f{)d^EBU?hd4P|DxDm$1L`qF%2NbQ`ow}8Qt5&PaL}U>
zhxY=Ms`}JTiP$QYVhW8p!i`X12V)(V?8y;Zrxv<+FOaIh&hCYTv+s?*n5qt{EGtZ?
zf4?Py)VtvF1!$u{No7au#L`lTX6)9=G{9%%+DbJj_!zsl5;TAGFRt9;>{pXh=In>Y
zx-^>VYA}B-gTm}uGF+1Zzjg_rDij=;l9F)1;F`^`fq5_vH@s%^Y@P<j35NOm8Sc@9
zJFE=v?{rfG;)90wcRpmqmmtsZfbl(z3Ue$J=V=!&8(i|aCshrjO2ex-=YSGGZf?C|
z0KtM;g5m9<Ag=&yczftWMm+DYdobLM9-E{rsh@3W^reXC0{vT6A9AVuV{&xyEY11C
zB;}o&5Y>!?i^b(txGE?tcgld!aNt5{_;ygl;%-O&uj9f?q>lZN^}8!wTL8UrmFoCy
zMqJA{ptN(3`If>k2I)HT^_L~l$caW3#35|tSIy}Q!07HY!s5uXv8I}D&Y{g#?JzPl
zZ9&i^CQerS?a;`0^F(AE%-h=%;aum+6@?-$>y$#@0pjF-3a(3z(CZ?@lhq-{hV_m0
zpL`$tC?LqJ2K7Sc!2=>4pzkw~aD9>H*{1K!e`P>5X>fs>=QJNh-{G3au4V9b1*aT5
zw;FNaxTuh|bKHW!VBXdU?|6xQ08EU`3ETk_ZerOoSd&2~v3zTbbMK_Va5mBJV}%jN
z{=qKMH(&^vm6gqoLm!1YQkgER1ud}*yL^3tHThNF1|Xi}YRdX@{mKSoE4q$hhr@SF
zx`77ESQD0`Qssq!J}6K^&uwI&1D62mL!0o)yaJ=fLfG7ai5N5&Erci@A&%5Q0V_2c
zl^i64wYdf&gGYW@afI^{PA2LdUnTbsc6Y9cg?0brWT=7O3qWAXV46f!9j##KLameI
zvI##n5jwK{BClLw_`l36_g7Yd+HEuUnfd|k&0WrioYTeMZs3AdFI)~EC-z%p^3T~X
zB`TMgw5Izx9qB5Xmo7Jaws=S86-{c6UNU4=U`Xc(nW?{LBBHL87SUA=897TOgIt2<
zed~gJlYicY{;mh<r2%eG2Dh0u1i@ZW@-HU;!jp4Z()fOrZs`mj%$WFtbw)pDzdVf_
zJtqz+k#dKvD3g={(JXO55x>&zL^ghGvNBBlwav;dh3zEVtRO3*>}Cb5Tbtq=_&<}J
zd&OW3OqU(}A^{J1tcr7U;Vi_JoZ^TSI24c^9qrF=9O8wSGl<PTdQWB|YSsm!B3B5i
z(beI1s0{#lA|SErM{e~b%5<8E7}^y>PNAAtHokIDyDkoPA?q+S<Z}omH)?7LDzq9n
zgIuCnjQELP7W$F<h=@uc+OCU1Bt)AKtaB^Q*A7Bd8;~qQ2Py}q$6++w98JeGX5ecY
zmv%W9mR62eAz?Bh1U~l8JitdT5hd0XiDASe7)|?){D&>i|FAk(bJ`*=rf)`f>+XK;
z_u4;^BYS#6sjT0y%`%pq20wNN-`wX&&e8C%=q_C5$uLibjYo|@hOz$g*^%o#JWw;R
zm*e+e?feQf13@nk0wv^@Pmex3SDR^6@O39It*XQ;rdlhNI_(|keqLhJN!;VxCludl
zwf7WWd$rp0<M)zj*Ov3rSKLQOJX!Ac*nv)NqjrB+{sveTOi$RKbf@(CrXkliqs7N*
z7m$^N*TfiO99qO77p@Y~DGZV{oYR)j77ny<poIhf90wl1e*XMbT-wsku9XRr3B9SN
zwx;PhLqW*D=lp+asLu?BYZ=r#dNdvpjI?Ex6!uO8mM(`<IvLe+!T&zJEv5`jmBAxw
z%FwDVyDY~w1uo0c?(mN)^!MN4zvHPmZy2k-l6d~WTl~ltN4u#w0uEBZ06RVcKGVpn
z8eGZ#I|5)MsnEZstS&UCQtMt=qm3@BYuY-zA>;D7g(|}U^S<q1Zi|ps2gcpU-<K6|
z4N#$fl+-s7E<}m-Jph++PVt5NGT_=kFn>N#IS($(OjJ&TYa0?Tg8~1z#EUGj8XN9(
z6<t}uJdwGVg+e)B56oPgwYUUO4a-(A^(9?`44ps=Tuoq@bmKVFu~X58$`OYfVkTqh
zHnG0@O=YJcoc?5aLQNMH5HqY1;0)b2v0)aOz*&dwQ*E6Lkr2!hbUDQ(W}CtGdN@_M
zs}q_|GT03<lM-nqO}u1wQ3`OnA_ldFWDxHoPz57x42Xbh)5L?~3`GoeS_$F^M9gw@
zb)2Z2{RoKM!8$3W2WcWtQ|p!$7m@wN+?v0|25LoA%}_*b$anUITa}tsX#Q#1i)mGL
zpOFGXwSbOZx~#Bh7hp{<PRTxRUiGHshh<hwgrOC^rwmB+)ikT@kT;<cWRyaVZyUgr
z)~u!i<tTwjc}FkA1ouq%CgH_01}&68tW7j$sX$XXX>%-y#xpZW>6-{wh#7D38p7uf
zG^M4>ksPv01Xo!2CaRj%JZJ+7qjKR|!BEr_*HqU*Q-NsPpguL;0hFkO3t$>;p6d~t
z2Lx7;M(1yf8;aQs(%?AlMVjC~Bjv&-b{~|!kRq*O1)?zZ0MYPAx+)VOi%j?vZ##_L
z;JtKKWfb`%Bub^wo(Dp$<9B61qIfs3ny-NBTq)cq2p#eP^Xjy^r4E|eMqoRBk@WZf
zlhrQtqO_{PYNuDH_{~tEZ-doN2nZXID0ci!@-*xbtajK`JfIdl9x|MVxY%C!H|#uF
z_py2%gMaPPNnj*qTHdnDMn~F$rrh<xHNAn*Ft&8<W(;K>VAo!^bfWpyPQMb74j@IH
zrtfS1*D&k|D{I)k@Db|m9$dA1aE-Pq8*o*S(W)r%4`edlxEo<~yc+syEQH0YU43<P
zV?m9jBegu>zOlg<wv2S&*5Dn2Y*8i4AZfvH%@=md1P=@a_`d^me6AaO(l7xu%-uP7
zI^WO<0Usa)kEO^dMmqe5_~#7>Wj_ISE*+pEx0?FYg*G(?4==8)A#OoGP3YF6Q<pz7
zUL}Kln!CAj9#d7K4Bgz27L0bm;3@;X@TrO|;jqkS2m+jTB<k{Pr$|#GAcRrW^%Kyc
zfG{>8LlpGdK_H?tk3~l#H4PT0M<|&BVZw}qG?<V$6VFu92^M~zmtY`1;_^f?YUk#1
zNotjh1VG%VQpMw-8lGCJ@h^s!q8v`#H8kpGqZ$8k$jLVzV1}>Wlo%#aUJg;YrD|!b
z+`Q8AansCk`a-tS7r-6YIdfC-tSzC1%sFj9NaZ!9YX22`Uxs`tR+-}rNJRT>DJj`%
zH-)AaPVdSf7j(J^%)PwV-8CgQPw{w4YHpD{rEzDrdXN&@3%u^U@W6B}O!00bS4b_x
z5<f65#NR(9)$3{hz?AdD&2Yl)>83J_^D>YxyX=NCt07~PqF5~PO3WKb#~_Ht{qgdJ
z)d5*ittUldUmk!HK#GIRR0$fL0J<B-W_;xUO&_j?&8O@o)eFhz!Wp}qyZ~5=h5O=F
z<vPys!A)?mLe_*BJgBIK%*K&RHaw4Xb&TH3Zonf(#{p6KB*Iu3t)o1nbxbsj>zkC%
zCC)`oRL-Ol!&0D&>@d-=f<uAv^_XiQuvBDJ<d6V;>Hsw&7i119A^MR=hyuu<Es2c*
z3SZJ^LKqc5l3^Z&olu52v`zWtrVdSs!@+Vb6V9lS3;3tYK9DxWmw<BJXb2aPlWl;f
zCC7@lF0!cHAS$UZG8TcZ=#V*tZG-@xEhGU1hA>K(A$39&NCu^`e&Jw}5QZgdh=NvO
z{XCK$5ff&HDXK}747%9VnT=0Y#>7SZ&;XGx9CX<ZM<@+0tq`OpUUr4I`6Ue#APsvP
z^!u=4N60na?I$XI5F2f^aiyICLu<<pU&s%e-^9x#Wx7h)h8+d5VM6dJ#7~C6bj)Cb
z9O2od?|>8uR$6GSr23)!S8O>BV&w?h4cU7WU9gr9gDYcC!bO}9#wBI|l>TZx&?cmH
zB9~#HBk8~-IlvnvKr$mtBaUZMsv;HP_4g_`gu+xPN0jr`uaeCnO%*w8((U|+e2m`I
zJ%oc7pYF2w_{&q17r$4D<}`=~8mhUGZMJmWW+T_*-bFRELWCf;?{=W_S~b4V=mu`p
z9fV?@TZ^xX5_sLY0Q+^spj<h|yn&#oBNvbRc;xahKlHkUnrF56s>Dwv(O(0M(|-q)
zM8j=*3b<01VJsMz6U%qx!rj`JAeCywO%(1HAnq)TiSP$2F!kV0@Lr145c7R*5IPkD
zmLZjz61-y<k(6S}2f6qJ!VmGDM`G$eSha7=?tOElT_%c#ZcJyG?%!o;@6J%AWrV8I
zeKN)kEBrC;v3|&TD;d7~4PnMHn}3<bT*@D~sJkTCQJj}LY21|3ZPR6s2j#zMDS4e9
z`DR+#IPJNwaL+llRnn=ojPZegqP^`xi=-ZsG1eI!-e5!nW?D@6Psh=Lqdohr8NQNv
z=9z)^Z@keuMyrU~xu>L3>g03cY!7)xPtSpKb`M{-dyJ#kXt(qU&>al#XL(ZAdrSxB
zd8h8H=E(PaHS6@6hzXtpvj#>?@Y(#%?&#hptSh^%KeXODJ-ou<$Rcg}{!O3nNyw|c
zsLh&MS^HM#meB!Y+g?1rJZ<9gyYb6|)EnNq@m$RFX+x*qeQvW;;bxbhAW_j8@Ap@Z
zaDHY;*kZ@3?`ylrEG^rMtd-s<u-?8WtYX|gW4c(W<vnc~_xBHHw8~!;__k!o3(Wh0
zd##I)_$K+CsIfh=a`S6dX)gP{mGduO`r>Mrc0I(a+U0-JLp*QZ>{fr=>=fXecx9K1
zi@P`>Hv6?VJuM&ixaTmk=3L^L%byN7wX*Pw_P1OgKarMUcj{x;Xy=vJ{D<}tT?@3`
zb@+6U?Y7yW(Y8ab9`6#FTo`_GjoW9RGyOmNWm$6PpAN4WC;s;El{;NChUVCYzjI4|
zRa|awS-x~lo0-3KUNGv}ZVM(2{bG~XkbaW~%=~5b+HXd=zy3?2=ayL|@mI2csVLt4
zYVqgZiD?@bEnmF&z}XEOW?i2id8LoIJY;v%FH}cy`5$_QIfRx6&agUiJ;&XSj^6&g
z%z;w-zn3^kS$zBCTJfLV?c!zjD;<u>Ht&>eYM1u=opJ3CS6UZ7AF^*%-`7&Vvp-`0
zTU+~|)@`yDugX93qo;IZ|Be0TynDX?#xeaj*dN}loSkxZNAT1|u!q-K^7+0#hdw#{
zPQ=17-Me4iR1&+7SzqkxGp=2i_MJb<+x67ac)8?gf6Fed=0_#oZ5#FMh9A3IKl{Qn
zE54fin9^dEwRMlRZET%xtvMOfDq`W%Hr89WMhs{J@mpE88__OvxTR%3$-BR;@Lc)K
zzP%cWJYP9?Q|5^mekhSYY1wYlENSkiPrX@@A>TCU^2fuym1o=j$_(l5vUcK<^?e7-
zSGe_)ZR+2v=pAomu0-DbGw1K8ZwdSG)k))IYk&Bt=$%=c=Uc3@m#wxx)_-IFcPDmg
z>$$dj_f-~(w49&%?)$|0s5CfEKH-UdKi+KD{@DCOSH)dAPRq@m(B5-PB9Jz`i|;nb
z!G#Fs1S4BBamj{#AGe?UT)#iswQoJ(o}&L|-!>NFRVh7xxb!3>{@SWuA9?@y`k=Qj
zxBiIfB4Yg74WISwz3rd0ig4Pzq|FfJ%RjaoIbl}Gw-U)BY1b{wo_rURSe$tATi{4P
z5hEG#!mF>3igdi>6(Gx3oa}sVXI9d|m6G9>Z_i$OXv;HaA}lPP4SVa%-lI|J=NP+h
ztbP{P$XsP1x51KFg)H#*ziO1eKOfI5kU6|*RW7$0Epd}M3}8ZJx5Y2IUtJ~XX+LA@
zp4eS+F<W|jIEHyRe!<IU>jQG$4GwMOhaEa}xK-f1G4RX64M!$*di(ySj~DM5W4nE7
zar}6-;`aH%@2^kVv3cl{bMZ@xV<WGPSsM9az?L7bjT!S{*NPi=O6098WBQ9=%|Z1_
z@9wU*na%~@AGHc$#6jo2k-<uf-}Wu-x-Ex;rsF>l=fG*9xnm>&`HV}J$6C9gj38>S
zE%wKfE>2^Iv6Mo6QlId6@e9W<$Gr3Xk25E<T0LoC&(4-zZXAp1x8zLWw2!w1k6M%9
zHmOs<&9dX3((I_EemjBKrK)elU4ts~_Uuxg`5n57fSMgHQD1!0!}_&$O5eh`A8_Cl
zbv^tNe1FozCNXctWrPaUT=^BgtzYZxd$4%kO8}%+`4JFn-^5}XD?K<9v3$}aQ5m1O
z54xeeT1`KKc#U$wL4xL`4R-<pJF`zWnGDo&6!(g%R!oK@7VZh{l08nJ5dS-wH}nbd
zr$CQI!fg}I?$7t%7!u%eaYw-2%Am9v-35g>?>)f>V>>&z_=<Y6YVh5cvM%_i`W2jX
z3=7z^aAA5!#x`ha@(+m2B^+oUq+EL80uJv~%L|raUaUv>CQbAG2r`_i*))3=$zTIO
zhtyrNPmp-NiDeX1_MOaIfM;=U<w7?^^oDxM(W8(+qFj`6;ZFaT5;Y}z8NY4Izxi4j
zTyc(Z`8~P+;IxA`=n58_2@|<_%Wr9vda8O@xq9>SjM#qR_?@wFptaAt9?wo%x6U^y
z{UwP-S=_Y`rueFVAIBUj_Ot(58F=@!DBwbomo#AVIEG1Cv+MOqMjbYJllu>jZ;%|j
zfyL9OAGkQVSmidia7A|IFUn1|_n5hNNrFm=&Ge~b-ttYY_7TPYPN?x^UI|!C@-1(z
zS<t&zqAK`jMm22usBNVuuCDtgocy&rX8ob%V5zj17u3{ks);XJd-wi;`<pXl?UuDz
zE+{rbO9n=c^f)?Z%+XBt@62KwkjXeGvn!gj9!E#&2YVihORe+~`TzdnH{s!1Iyevb
zz}tJw7%uM7lAO0)mlof+aYLdLAhC<i4WrEMOB4FOSNub{ddC63)Y(B-e2<4zF)vqs
z6vol_fp?#El*E|Ac|fDTTjjAW>y$sO{A7dpv8P%;@nT!YckSQ&alpLE+20?%us_OU
zUEJ(fw{&nxRJqB;{tI_j@gV)aocaE<8Na@+i~00fc#cQQncRX>zgdFV?`1FT{ahE{
z!-H)O4<Vd-uJiAwF8<6cC|lgSxA&~0nVB@d-PiORVc%mTVesV37k>Wr3^O?37ab!`
zZaldm);Cbn3L33MWzf&e^tn)eNx$oPjE(9KO=$eV!sGa42-q{byWm5Vy5!=ayvq1M
zW$v(7FHV~sU!_U8aaU%O>#+{>Pkfl%b0GB#6YG0Cp5?K5;|F7)Xgt>S4-fAx>MvUf
ze=rGqUpfa;exc)U7BBwF{yQ4u@`NWGiYiZ)F``57jb0zS6?PMT`+lz?8D#tA%iyt#
zX<Z7eMxwJ9uv1h@XWKso^fH6vw`(F)ujB*<?kb+PbVo{Yo_gCUX7EywQe}ypNtxs1
z6#o^7z*Av66(}K#(F4{tSPzS`@leas-s5A4{fWnAJ&$>jx$NAVCjHC_Aqk#=!DTCo
zr_I|DP;$ONllAdnRY;{;&SSQHsn_e$Q!<9RcE(FObuXOLVm(C5z++k;hI!f-AkF|Q
zh=-0A9!1|*diM^<Qu@ku$%-NYBmY=lOi~SwKX4(ra7XU+g+Uj425Zzisu+j|Y`7se
zWG!P+0=zz`<F(GC3zo*$GAK?c@Jb)%5El5n4-b3~wfgJd7WEusBY%Hi=N^lCx3#o%
zv<s1hS#IemvazvP<<M?s&ze!0;%lLcH+~3%wBstts4GjJ`*YZtcMfa1oNljyKiSZ?
z<@SfhyetmeTO@S|(0sKyM>6U?3-{MY)_r8v`gyH5bH%v!x7~NG*e+UY|Ld`r3&yoC
z`gm-VsOu(qx9c&V?pFGKo3S!qYA;^(=dbz4@5y_v9`|Ja9eK}l3b(7H22YsTcA5K^
zo7#T3rFP$?`N{7b7~%O=oXFvcp1;aA2ONe;)SvgGGF(@-{<i(OwN*v=$2vL0t(Z6G
z=gV(<Is8&9cUW1w_pQ=bqw}F{t9!0j!0G6;PqbT(F6(alW{s`w+jj43KXbIReEGAx
zuQ0=|MMu8B@!civ6*BwypDjbiEq(pNpQA;KzAAg+sevEwoy*L$d$q&%4yhwYjac>j
z<<JR7?{C^O{7hZJHmec)`=tKNl&7rDxcQZ4OBhoWu=%wetL_dxd3WfBRViDNLucA`
zxEI;YDqwuupuM8I@}37b-0OBdF~al5BeOpIYuN0V4GujEf~_n^#RMJAFMC>R`}Uur
zE8=T`pWd=<yWBo<TTDU7t4z?%w^lCex>o$t;k&Neq?ModKX`g=#X0L+ZXS0>FA81!
z@rtf*pGcTf=6L_K_=GsWZ~LK}&h`4^$gWD8&#X!u)>gK2ky~Zl8apE9@GV8r`<4OY
z#Kqlh_q=w<=Cx%nAOEG>HRjJ-b{Cdfoqq1MXdkQa3!eZQndY?k*G+BPZCn(RIe&iV
zl_ziS72kBbCkt`zwlgsM+KL@#@+(e@y+k)8Z`gh&u^Z8?s>90Dw?5sF-*?0X*=BJD
z3;-h+x$G4WA6^i!!@J*o*%G<c&t*g8J+Cb9vh8_KN!xCgx1T#B>E<Z<PnTW&G>@-d
z9dm8TbFVCxw4L^5)!s4gH;-f<mmONuO<peV`D|(*(dk2P@9CMja`Vbfn!g67eHZsw
zz9_e2$=2@q(~ee5@4e0Mk5G%WpK98=du;yU&-dkPU}$Y&Ephzhi?AnNYx}DGpZWRP
RJN}LnK7Gt)?3pV+{vWmo$(aBE

literal 0
HcmV?d00001