===Phrack Inc.==

Volume 0x0e, Issue 0x43, Phile #0x0a of 0x10

|=----------------------------------------------------------------------=||=-------=[ Dynamic Program Analysis and Software Exploitation ]=-------=||=---------------=[ From the crash to the exploit code ]=---------------=||=----------------------------------------------------------------------=||=----------------------------------------------------------------------=||=---------------=[ By BSDaemon ]=---------=||=---------------=[ ]=---------=||=----------------------------------------------------------------------=||=-------------------------=[ August 14 2010 ]=------------------------=||=----------------------------------------------------------------------=|

"Don't matter what do you beleivehappens when someone dies, the life always continues through the others whoremember."Md. Sergio da Silva BrancoBeloved father and my hero. God blessyou!

------[ Index

0 - Abstract 0.1 - Keywords

1 - Introduction 1.1 - Paper structure

2 - Concepts and Additions 2.1 - Taint Analysis2.1.1 - Taint Sources2.1.2 - Intermediate Languages and Tainted Sources2.1.3 - Explosion of watched data 2.2 - Backward Taint Analysis2.2.1 - From the crash to the exploit

3 - Existent solutions and comparisions

4 - Future and other uses

5 - Acknowledgements

6 - References

7 - Sources

------[ 0 - Abstract

This article provides a compilation of the state of the art in programanalysis, a real implementation based on an extension to the Microsoft Debugger for tracing and a GUI application to actually do such analysis and help determine not just if something is exploitable, butactually to guide you in such exploitation process. It uses backward taintanalysis to map from the crash back to the original data and define what part of the data crashed the application, and how such data was transformedduring the execution.

It does not discuss how to create a Microsoft Debugger extension, and is not even going to citate anything related to that. It is all about software exploitation, so I completely ignore other motivations for program analysis (although I know those motivations are really important too). A deepunderstanding of software exploitation is required in order to really take advantage of such tool.

------[ 0.1 - Keywords

Dynamic Analysis, Taint Analysis, Data Flow, Intermediate Language, Reverse Engineering, Software Exploitation.

------[ 1 - Introduction

Program Analysis is a hot topic. Many people are discussing this subject even more given the amazing numbers of crashes the fuzzers are findingnowadays [1] [2].

This article uses program analysis as the way of making a computationalsystem reason automatically (or at least with little human assistance)about the behavior of a program and draw conclusions that are somehowuseful.

In a world where thousands of crashes do exist and are easily found in veryimportant softwares, the classification of exploitability of such bugs is the first priority. It is known that it is impossible (or inviable or nobody wants to, or whatever other excuse you find to not fix your software) to fix all the bugs such fuzzers are finding, so, at least, companies want to fix (or exploit) the ones that are exploitables.

The problem is that the only available solution to analyze such crashes areprovided by Microsoft (named !exploitable or bang exploitable) [3][4] and are not really useful to create actual exploits or to better understand theproblem, but just to give a static classification (exploitable, probablyexploitable, not exploitable or unknown).

Even people with source code access are sometimes relying on such tools to determine the exploitability of a given path (sometimes it is easier to analyze a bug without getting into the messy code structure).

Taint Analysis concepts and challenges are going to be explained in order to determine what is being done by the proposed solution and to provide a better idea of future and areas of improvements.

---[ 1.1 - Paper structure

In Chapter 2 I discuss about the concepts needed in the solution, like whatis program flow analysis, taint analysis, what are the taint sources that can be used and how to map between the assembly code and the taint places in order to propagate the taint. Also in this chapter I talk about the explosion of watched data when you are tainting from the beginning of the execution and why backward taint analysis is the solution for this problem.

Chapter 3 compares the provided solution with the Microsoft !exploitable software.

Chapter 4 defines the future of this area and some expected improvements inthe future.

Chapter 5 is the acknowledgements to everybody who contributed directly or indirectly to this article.

Chapter 6 includes the references and some additional references (not directly cited in the article, but very useful to learn more) and, finally,Chapter 7 is the most juicy part and includes all the sources for two different projects (the Microsoft Debugger extension which is the main focus of this article and a HeapMonitor for Linux-ARM that I also commentin this paper).

------[ 2 - Concepts and Additions

This is the core of the article and will give the state-of-the-art in program analysis focusing in software exploitation. Here I discussall the challenges in this area and all the concepts needed in order tounderstand the attached code (Section 7).

Vulnerability exploitation experience is not required to understand thisparticular section. Vulnerability exploitation experience is mandatoryto actually use the offered solution, since the implementation only helpsthe analysis process and does so automating the process of validation ofwhat the attacker control that influences a crash and what are the codetraces to get to the crash point.

---[ 2.1 - Taint Analysis

Taint Analysis is one kind of program flow analysis and the idea behind such analysis of a program flow in the context of this article is to definethe influence of external data over the analyzed application.

Since the information flows, or as usually said, is copied to or influencesother data, there is a need to follow this influence in order to determinethe control over specific data (registers, memory locations). This is arequirement to later determine the exploitability.

To follow the information flow, I need to keep track over all the taintsources, and propagate such tracking to influenced data.

That means that when a tainted location is used in such a way that a valueof other data is derived from the tainted data (like in mathematicaloperations, move instructions and others) I need to mark the other locationas tainted as well. This is called taint propagation and is defined with the following transitive relation:

- If information A is used to derive information B:A->t(B) -> Direct flow- If B is used to derive information C: B->t(C) -> Direct flow- Thus: A->t(C) -> Indirect flow

These transitive steps between operations are called 'flows' and can be analyzed one by one or in a block (like in the example above, A->t(C)).

A location is defined as:

- A memory address and size

- A register name (for the implementation a register is considered entirely, not making differences regarding %eax and %al for example). This means that, when defining a register, I set it higher (e.g: setting %al as tainted will also taint %eax) and clearing will clear it lower. Care must be taken, since when defining %al, %ah is not set.

To keep track over bit operations in a register, it is important to taint the code-block level of a control flow graph [5]. This adds extra complexity, since there is the flow graph and the data flow dependencies graph. The dependencies graph represents the influence of a source datato the operation been performed.

In the implementation provided with this article, the WinDBG extension willnormalize the operations, saving the used values for later inspection by the GUI application. This provides a great view over the tainted data.

---[ 2.1.1 - Taint Sources

Any information that is considered untrusted is tainted.

Untrusted, for the scope of this article, is the information considered incontrol of the attacker. There is also a transitive relation when dealingwith tainted data, where any untainted data that receives values from tainted source, becomes tainted.

This includes information received from the network, or readed from the disk (in case of client-side exploits, for example).

The more tainted information, the bigger the propagation and the requiredresources in order to keep track of that. In fuzzing situations, wheretaint data is used to feedback the program behavior, even server-sideconfigurations can be marked as tainted (in order to avoid the need to testserver software with multiple different configurations [22]).

Tainted information is just deleted when it receives an assignment from anuntainted source or and assignment from a taint source resulting in a constantvalue not controlled by the attacker. Most instructions in a program will notuntaint the data, thus usually the number of tainted data grows during theprogram analysis.

The example above is an explicit flow, since the defined value will receivethe used tainted value independently of any conditions.

When there are conditions for the flow, this is called an implicit flow,like in the following example:

if (x == 1) y=0;

As I'll analyze in section 2.2, conditional statements needs a special analysisapproach, and in the offered tool this is done in the analysis part (the WinDBG extension).

Two special situations to track are partial tainting (when the untrusted source doesn't completely control the tainted data) and tainting merge (when there are two different untrusted sources being used to derive somedata). In a merge, the result is tainted.

A data area is 'used' when it is referenced by an operation and is'defined' when the data is modified.

Instructions that are pure assignments are easy to track, since if a tainted location is used to define another location, this new location willalso be tainted.

Operations over strings are tainted when:

- They are used to calculate string sizes using a tainted locationE.g: a = strlen(tainted(string));

Since string is tainted, I assume the attacker also controlsthe value of a.

- Search for some specific char using a tainted location, defining a flag if found or not found.

E.g.:pointer = strchr(tainted(string), some_char);if (pointer) flag=1;

Since the string is tainted, I assume the attacker also partially controls the flag. The same happens if theattacker controls the some_char value.Arithmetical instructions with at least one used tainted data usually define tainted results, since the attacker at least partially controls the result. Those instructions can be simplified using intermediate languages to map toboolean operations, and then the following rules applies:

Or truth table: XYX or Y 000 011 101 111

And truth table: XYX and Y 000 010 100 111

Xor truth table: XYX xor Y 000 011 101 110

Assuming there is at least one used tainted data:

- In the situation where I have an or operand, if the used untainted data is 1, I know that I don't define the result of the operation, so I untaint the result. If it is 0, I know that whatever value I define for the tainted data, the same value will be defined for the used target of the operation, meaning that the result is tainted.

- When I have the and operation, on the other side, if the used untainted data register is 0, I know that I can't define the result, and hence I untaint the data. If the used untainted data is 1, I completely define the result, so it is tainted.

- XORs have a special situation where the value is XORed with itself. This is the only case where an used tainted data will define an untainted result (0).

It is also a good idea to keep track of the EFLAGS register when the attacker is able to define the value, considering it tainted (this is laterused to determine the influence over flow operations).

Conditional branches are taken care of in the implementation using the tracing analysis generated by the WinDBG plugin. Single-stepping is used forthe tracing. WinDBG provides the disassembled opcode for the current instruction and it is parsed to keep track of the tainted data.

To solve a limitation of the tool, which is to consider cases not created by the original crash data, one must analyze conditional jumps and flag registers carefully:

- If the attacker can define the EFLAGS, and a jump is dependent of a flag, the attacker controls the branch decision (this is considered by !exploitable as unknown, since creates lots of different possibilities - simply controlling EIP is not enough to define exploitability, since some control over the memory location pointed by the EIP is also a requirement). Ret-into-lib depends of the controls over the arguments and ROP approaches requires multiple return control to create all the required gadgets.

- control over a branch decision means tainted EIP, since the attacker at least partially controls the flow of execution

- To consider the value of EIP, one must define:* The address if the jump is taken* The address of the next instruction (if the jump is not taken)* The value of the interesting flag register (0 or 1)* Then: %eip 'Compare EAX with r/m32. If equal, ZF is set and r32 is loaded into r/m32. Else, clear ZF and load r/m32 into AL' [17]

Such an instruction creates the need for conditional taints, since by controlling %eax and r32 the attacker controls r/m32 too.

Alternative taints are also provided, in the form of srcdep{1,2,3}.

Since the trace step generates a file to be loaded by the next step, thisfile will contain:

- Mnemonic of the instruction- Operands- Dependences for the source operand

Dependences for an operand are for example, elements of an indirectlyaddressed memory. This will create a tree of the dataflow, with a root inthe crash instruction.

The analysis step receives the address ranges that have the attacker data and then does the automatic analysis to determine the control over anythingyou want to know.

- This is done by a standalone tool (it is in the same project file), and has a GUI!

Since the dataflow is available in a tree rooted in the crash instruction,the analysis step will just search in this tree, using a BFS [18]algorithm.

Let's now look at some example code:

1-) mov edi, 0x1234 ; dst=edi, src=0x12342-) mov eax, [0xABCD] ; dst=eax, src=ptr 0xABCD ; Note 0xABCD is evil addr3-) lea ebx, [eax+ecx*8] ; dst=ebx, src=eax, srcdep1=ecx4-) mov [edi], ebx ; dst=ptr 0x1234, src=ebx5-) mov esi, [edi] ; dst=esi, src=ptr 0x1234, srcdep1=edi6-) mov edx, [esi] ; Crash!!!

The tree will look like:

6-) Where does [esi] come from?5-) [edi] is moved to esi, where edi comes from and what does exist in [edi]?4-) [edi] receives ebx and edi is defined in 1-) from a fixed value3-) ebx comes from a lea instruction that uses eax and ecx2-) eax receives a value controlled by the attacker... ecx is out of the scope here :)

---[ 2.2.1 - From the crash to the exploit

In order to compile the provided project, I use Microsoft Visual Studio 2008 for the GUI and the command line for the debugger extension (don't forget to install the debugger extension SDK [19]).

To compile the applications, go to the sources directory and open the Project in Visual Studio.

The GUI is compiled using the project build, the dll is compiled through the command line:

- Open the DOS prompt- Execute:

Cmd.exe /k C:\WinDDK\7600.16385.0\bin\setenv.bat \ C:\WinDDK\7600.16385.0\ chk WNET

- Then go to the directory VDT-Tracer and execute:

setpaths.cmd

- On some systems you will need to open the makefile file (just open and close):

edit makefile

- Then, just compile:

bcz

- Copy the library from bin\i386\vdt-tracer.dll to your WinDBG extensions directory

Attached to the article there is an Excel file for a problem discovered by accident two years ago (the problem was discovered during a Forensic Analysis by a friend of mine, who after recovering an Excel Spreadsheet noticed that Excel was crashing when trying to open it). The name of the file is FIL573.XLS.

The problem was fixed more than a year ago, but it is useful to illustratethe steps taken in order to use this project. As mentioned, I'm not going to discuss the analysis step, but I'll just show how to get the tool towork... the rest is up to you!

First, open excel, and attach to it using WinDBG [Figure WinDBG_Attaching_to_Excel]. Add a breakpoint in the CreateFile [Figure WinDBG_Breakpoint_CreateFile].

Start the tracing process [Figure WinDBG_Trace_VDT].

Open the crash file withing Excel [Figure Opening_Crash_File_Excel].

Using an hex editor (in my case I used the xvi32) open the file and try to locate a string that you can search in the program's memory, to determine where the file was loaded [Figure Finding_User_Input_in_Memory].

Using the searching capabilities of WinDBG, locate such string in the program's memory [Figure WinDBG_Finding_User_Input_in_Memory].

Open the trace file in the GUI [Figure VDT_Open_Trace_File] and add a taintrange like in [Figure VDT_Add_Taint_Range] and [Figure VDT_Add_Taint_Range2].

Now everything is ready, and you will have the taint analysis of the instructions you are interested of, related to the range of memory you justspecified.

Click with the right button in any instruction [Figure VDT_Check_Taint_Of],see the Check Taint Of option [Figure VDT_Check_Taint_Of2]. It is going tooffer the taint information for all applicable operands [VDT_Check_Taint_Of3].

------[ 3 - Existent solutions and comparisions

Microsoft Research released the !exploitable [3] extension for Microsoft Debugger and its source code. This is a great initiative and contributed alot for the growing number of cooperation between researchers and the software industry (since now the vendors can at least classify the exploitability of each reported vulnerability). Although it fails in manycases to classify the exploitability, it provides a goodextensibility support and is a good start point in this initiative. It is important to note as well that a good aim of the tool is to identifyunique bugs, eliminating duplicated issues.

A simple example of the problem of such approach is:

_declspec(naked) int main() {_asm {mov eax, 0x41414141call eax}}

This is incorrectly classified as EXPLOITABLE because the tool alwaysassumes that the attacker has control over all the input operands[Figure bangexploitablefp.jpg].This is not the case in the example. The provided solution inthis article differs from that, since instead of trying to classify theexploitability, I try to save researcher time while analyzingvulnerabilities and determining exactly that limitation: Are the inputoperands in control of the attacker?

So, to resume, bang exploitable (!exploitable) objectives are:

- Classify unique issues (crashs appearing through different code paths, machines involved in testing, and in multiple different test cases)- Quickly prioritize issues (since crashes appear in thousands, while analysis capabilities are VERY limited)- Grouping the crashes for analysis

And the provided tool objective is:

- Helping you to create the exploit code :)

Piotr Bania released a paper about an architecture for similar analysis, providing more advanced cases called Spiderpig [20]. The Spiderpig projectis not available for testing, making it impossible to create a fair comparision.In Piotr's paper, he explains the Virtual Code Integration (or Dynamic Binary Rewriting) approach. Some of the techniques used in the 'intermediate language representation' phases are also adopted in the provided tool, in a different way (there is no intermediate language, but a normalized output of the execution trace). Spiderpig has ways to solve specific conflicts in partially controlled data, creating what he named a disputable object. In those objects, parent objects are also available for analysis.After reviewing the provided algorithms in the article Spiderpig seems to be much more advanced than the provided tool, but as said, is not available.

Taint Check [21] is dependent of DynamicRIO or Valgrind and is an extensionto provide taint analysis in order to detect overflow conditions in tested software. It does not help in the exploit-creation phase, neither to determine the actual exploitability of an issue. It is divided in the taint-seed, taint-tracker and taint-assert, with the purpose of defining original tainted values (values comming from the network for example), track the propagation and alert about security violations respectively.Because they provide a solution for security-tests I decided to also include a heap-monitoring example tool with this article. This tool aims at solving the challenge of heap tests for embedded Linux architectures using ARM (much less advanced then the Valgrind Memcheck plugin,altought the only option for ARM as far as the author is aware).

The solution provided here started when I first faced the problem of exploiting a complex client-side vulnerability, involving a very complex (and at that time closed) file format. It was later expanded when I saw the results of attacking scenarios against Word [1] and started to think how to automate the analysis in order to determine the exploitability.

My initial version was integrated with a fuzzer to provide internal information and feed back the fuzzer in order to have better coverage ofthe critical parts of the software [22]. It was unix based andlater ported to cover Solaris too, in order to exploit two vulnerabilities released by Secunia [23] in the same software where RISE Security found a vulnerability some months before.

Because a good friend of mine was doing research in the same area, and hadgood experience with the Microsoft Debugger, we decided to integrate ourimplementations and create the final version provided here. I keep expanding this version since then and using in my work and personal projects.

The biggest difference here is that we provide the backward Taint Analysis in order to help the exploitation process, which means we focus in determining what the attacker controls from the crash back to the input data.

------[ 4 - Future and other uses

I can't foresee the future. I hope that more researchers are going tocontribute with the project, helping it to grow and achieve maturity.

The code needs immediate support for extended coverage of x86 instructions,speed enhancements, introduction of heuristical detection over user input (so you don't need to manually specify the memory ranges to watch).

I'm sure many other uses are possible, and for sure I do expect some extensions to come.

The original idea was based on Valgrind and REX intermediate language. Theavailable version is based on Microsoft Debugger (but really tight to it due to the limited amount of time to create the project).

A limitation of such approach is the fact that you need the PoC to tracethe execution until the crash, and then to analyzed it backwards. If yourPoC is not taking a specific execution path that gives you control over somespecific memory areas, the analysis will say you don't control such memoryareas. The tool does not try to find other ways to get control over areasthat you need, it only provides you the information if you control or notsuch areas based on the executed PoC.

There are other areas of interest, like heap viewing [24]. Aheap view example for linux arm is also available with the article and future versions on Sourceforge [25].

Also, the integration with fuzzers [22]is an interesting approach to provide better ways to find securityvulnerabilities.

------[ 5 - AcknowledgmentsA lot of people helped me in the long way for these researches that resulted in something interesting (at least to me) to be published, you allknow who you are.

The biggest thanks goes to Julio Auto, for helping me with the tools and for having the motivation to go present alone [26] while I was still fighting to get permissions to release everything in my personal name.

Special tks to the Phrack Staff for the great review of the article, giving a lot of important insights about how to better structure it and giving a real value to it.

I'll never ever forget to say thanks to my research team and friends atRISE Security (http://www.risesecurity.org) for always keeping me motivatedstudying completely new things.

Conference organizers who invited me to talk about Software Exploitation, even after many people already talked about the subject they trusted that my talk was not more of the same.

It's impossible to not say thanks to COSEINC, an amazing place for hackers to work and which provided me lots of motivation to keep my projects going on my free time.

A big thanks goes to Check Point Software Technologies, for paying me to keep doing my hobby ;)

------[ 6 - References[1] Nagy, Ben. "Finding Microsoft Vulnerabilities by Fuzzing Binary. Files with Ruby - A New Fuzzing Framework"; Syscan 2009

[2] Miller, Charlie. "Babysitting an Army of Monkeys: An analysis of fuzzing 4 products with 5 lines of Python"; Cansecwest 2010http://securityevaluators.com/files/slides/cmiller_CSW_2010.ppt

[3] Microsoft !exploitable pagehttp://msecdbg.codeplex.com

[4] Abouchaev, Adel; Hasse, Damian; Lambert, Scott; Wroblewski, Greg. "Analyze crashes to find security vulnerabilities in your apps"

[5] Barbosa, Edgar. "Taint Analysis"; H2HC 2009http://www.h2hc.com.br/repositorio/2009/Edgar.pdf

[6] Chow, Jin. "Understanding data lifetime via whole system emulation";Usenix 2004

[7] Denning, Dorothy; Denning, Peter. "Certification of Programs for Secure Information Flow"

[8] Klee Projecthttp://keeda.stanford.edu/wiki/klee-install

[9] Godefroid, Patrice; Levin, Michael; Molnar, David. "Automated Whitebox Fuzz Testing"http://research.microsoft.com/en-us/projects/atg/ndss2008.pdf

[10] Molnar, David; Wagner, David. "Catchconv: Symbolic execution and run-time type inference for integer conversion errors"

[11] Wille, Andre; Drechsler, Daniel. "Evaluation of SAT like Proof Techniques for Formal Verification of Word Level Circuits

[12] de Moura, Leonardo; Bjorner, Nikolaj. "Z3: An Efficient SMT Solver"

[13] Z3 Project - Microsoft Researchhttp://research.microsoft.com/en-us/um/redmond/projects/z3/

[14] ERESI Projecthttp://www.eresi-project.org/

[15] Valgrind Projecthttp://www.valgrind.org

[16] Porst, Sebastian. "Applications of the Reverse Engineering Language REIL"http://www.h2hc.com.br/repositorio/2009/Sebastian.pdf

[17] Intel Manual http://www.intel.com/software/products/documentation/vlin/mergedprojects/analyzer_ec/mergedprojects/reference_olh/mergedProjects/instructions/instruct32_hh/vc42.htm

[18] BFS algorithmhttp://en.wikipedia.org/wiki/Breadth-first_search

[19] Microsoft Debugger SDKhttp://www.microsoft.com/whdc/devtools/debugging/default.mspx

[20] Bania, Piotr. "Dynamic Data Flow Analysis via Virtual Code Integration (aka The SpiderPig case)"http://piotrbania.com/all/spiderpig/pbania-spiderpig2008.pdf

[21] Newsome, James; Song, Dawn. "Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on CommoditySoftware"http://valgrind.org/docs/newsome2005.pdf

[22] Branco, Rodrigo. "Letting your fuzzer know about target's internals"http://www.troopers10.org

[23] Secunia Advisory SA32473. "Sun Solaris Sadmin Two Vulnerabilities"http://secunia.com/advisories/32473/

[24] Core Security Technologies. "Heap Draw / Heap Tracer"http://oss.coresecurity.com/projects/heapdraw.html

[25] JFree Projecthttp://www.sf.net/projects/jfree

[26] Auto, Julio. "Triaging Bugs with DynamicDataflow Analysis" .Source Barcelona 2009www.julioauto.com/presentations/sourcebcn09_TBwDDA.ppt

------[ 7 - Sources [vdt_jfree.tgz]

---------------------------------------------------------------------------Attached to the article there is:- VDT Project: The main project cited in the article, it is a Microsoft Debugger extension and a GUI used to analyze crash files in order to create an exploit code- Jfree project: It is a Linux-ARM Heap Monitoring System created long ago and also available at [25]- Images directory: Some screenshots of the program and plugin of the VDT Project.

Further updates will be available in the RISE Security website at:http://www.risesecurity.org

For the author's public key:http://www.kernelhacking.com/rodrigo/docs/public.txt

begin 644 vdt_jfree.tgzM'XL(`%8JJDP``^3]=U1371L^")]4$@@A]!8@]-Y[#[U(;P)20N](E2)*Z+T*M@DCO("HH*BHBO?'N[.NC[]'J#CP/V.3.-_D967_W0DOEWM_^\&2$K*2$O*RLM(_Y,O*2TA)PW@9/^GM.;_:PL/#7,)P>$`C\`0'[?+_\??M._^:I^?_'0WZOW?3^&_[ZQH8R:;G'`Y46@+A0``&:X*%GV>!:],H:I3Z)`D1P_IMD7&BB(X8M!.38D-GC,WG6!`C(O:P`62"#L_$@P'!H()H-:_'/*[``#M`CX(RN8`//V`$@V`'`2&`QR`GP\(+,L!@(%(X(XPP`CAA9!30LDI84!C%%`/M%X0#E`UP2@(9$`TT`I2@JQP@Q-5%0!O8H0',`'\P`-R0@T)L`?TM\KCC.M5#Z5]Z[.01:V+A.^M.MXP?O(QD;9^#&M'ND"K.?Z/^FV"K5:P@4J6_MP]L\[E5N%,`2E,(E[Z2F1+MF:$;F'.)X8%S@$CFIS>6`/S-YV(Z-3,/=CZ0E2HUSTP.%LA5M@L+.`$K$@*>UG@7&KH/B)SI95S&&DOD'TB(6'QKS;'5!LO!K_&5OM5**4"?0/>=V%PL+QAUL/Z-XAZQ)8?SW.OT=3$^WDSF,A]EJMLIU\^0OAHHW6M:`9JWHAYCN*R9*C'&4190(_KVT:V#M:\[,9L67N,2S*]C(%2))14J`,NM4UDI76[KEPNH05NQM"$,FC8*1C@KUH7&U]DME0OJPX'[LGXE)AY>:0IY@'U_,>\P6M7(9X;>!LY=2V.HK2W5U1;VR(;A)E+RM7ML&HR>8M1WVB/GC*OD'V-?M>W''#!TU>1XT>P`_X,(YI^GUM-Y1:-,G$X$\Y,-ML"`:4BV*2;&;DOL_P3ZGW(NJ7BKN%Z&HO2ES/V-E&47-!:3H.J0ZH\M1\C&"VK;=6P;K##R1^O%*U%Z)VD\=P`/&Z(.Y?]R-/W%F240PZ1UT[^!TUS54R?>RQ:WU:14/"_3W6.\-.=HJ(!'`15ARW]G"58UIM.96L]U0MNU=JZO!5;3`1TRO'LF2VN(F'VDA[=>Q/0H)>3FP[CM`&:WR5+295[[R6`^3FPYHX-+DN+ZG@CX1HG`Z@$O26^TMY.-TX`YI=TG!,FLP&&YS[.*PEPZ6[\BB'SIL?X?B)'L(,]\UX>ML84.8H]R";ZN-;>.4G@&DBBZI2*EI7LU&;-S[YHMRM\H37Z90MP4.N!X5?EEY7&UOIV$L'*A66K(UI.QU&UJBQ`H%/B'63R4[HD,9'+[77&/O66&>4+!F,)='&M521+*=(5E6PM*"JI%(EJ)%I0LJ6D+/\Y9VB[W-OK=\_K_N_K]YMOK\:M]SQSSG.^SW*>SQR\)P&00TGB`4JU="=L#/37"0+U$%C$$?=,%!,@SRW"2!E3MD3A]*%$D=B>>3C1A"5"CD,AJC=F+Y"!A].+Y38"U1"XB#HM'',-G8=$BBHQ,M#&+`.D86=BL&'*"TE\4SS)>'`"@3E\8\U-/3KX[;"JB0,(`JH]QZ%-/:H"4OM`574TK9=@!J2A-:7!ZN^A>>J$+#&U"7C`3KU!C2E7MG@/8$0_(8`#X.00$QHM$+Z.'@"RD[L[C$A@*8''2[0G=,5)QQO>CV:,I`F`5HD)"@B*47.:!*2@/:27'8`L&HC7V*^551Y)GS#HYB'M^!3G3/6DZO.(.D>IQ^2^.R6')-(FG#V/1[*'BMRN-GRY1(K\-.5U6+JI@\52MP)_UHO3CS'L]'HY,@3S[WMH_4-\DX^B;JK:$A51^,V%%%>HJUVYVY\"M-39BM*OA8W_:X^/NE2TPCA9BD5;.=;0H>G;UCIY91_6A_(^;CJ>5G-ZGDW=)QVM6ZM.=SP4OJ+DX_X=,_D-*H>"9/5TXE`B*YW*U*STQLS5:7WDZG:M^4;W80L[CGUP9?L%>0\/%$.&13';]$6%ZE/.W!:9LCO=L.22R[C(6M=3ZVHUOJFL.]M-X#%W("U0^K?,\J$/OW\QG>J+@=2TM'.ZZI`R.[#7K._7A9:/CQ&SQ8E1"M>>U\&>E1RA=Q^?Q9M34AG?X3VQ0SR,\ZLS_WMOU[JF+X]R^&BF;3##4.IOOK&0]MG#D?&>&-.#?F/1S`S#_DU=\6/M79,2A>]M^GQ2Z]E.B19D]M"FMS5'E"]WL+2[/4&>H5R`49^4L?VU^UVYRZ:GIM]-3^A@MG_(%"&`337D5L@__KOQ1N:;:ZJRTD8=`PPOB3*99$9)./E50R@OQ049:C06_?NW>!MV)C]7F:WI]O*#T\5AC$R609$=JF,(T:];DL92,:I__9D6;5>GOTH5_ZG\.&>M9>%27*6)@UR*P[;H@G2,3WR!MTIFS8TG4\:1G^O'Y-^&%T^OS[3PQA#B'QO9M.[U(+N-&)#8'FWW,W\2*DY`?R&A68BGKS^\.9LP]P*.NE-(8\ZZS/([36O[QMQ_,&11Q[TFL*^(-$E'KF7K>T?W6_N0;!=%ETFK]YZJ0&MBG/&\PRW6#,PG;^@;$MO5+U/IQNYC:NR(ZY4'1EYD#\_5-/+D]+Q!..$5NPIY,J/Q>8O8D\>T!YF_!ZMQ6K>N_[RYT32PW8VWHCLWGWAHEO!@9OT43T\U1PIC`7T[';D7$NIQ]A^/?'!MXP;HPM5JZ"$[-+NBG+)B*3M::O2LGVAK"V6V&4^F=>D\?Z`H@QVS5QMPWHR1_%PA];*+0DM3=UJ/@B!,4'GFJ0X,G_.M1X7=G0\P-SOR(GESHBR$8I?R[6(T8#JVXL%%[^LOKK^/'#1[OUXSY?4%#4!^M=3]C;4L'F_ZP.4&@PVN='WYGP9!YB%WBG=,S76/]^1EMUFN;99DO[U3N47'.19THFZ!*E7*0M\-"JB.^K$%7&^C4?*M7W>=#2A[_:84X3_0N>`2"2^R\X$[S>4F[[%]\3^J1@Q?8N-HWJT23YSHYMZ'MI+V^CUX[M>B38MMFWH$`R3NZX>39;_5LO1=HJ,9$F.9QE_O`VONOG09,UNCZ];?^_F8VAFZ-YGM,\-#I0$2'OJ[T/GG=E&KQVGVUXDVW92)7GA(2$P/3QT7VC:]96=;#M/MKJ\J5L]P+5K_-G\9^9L_@O3&L$.G'I=O#0\D-X:+=,JGPS"4I\%;.EF$--?L@3'B!QX57X>`-H':,K::L(#X5DMM>85H`^BB,Z1/5&/ME`YGE*]MKU_MMIY965%53R7%UY6AG41>QD#>!&O4\-#R&UJM^XP=W+ERD%58X8BI-@98M>[4NOV!`;;NG.&7')>/V2(,5!:SYGFLVC2JJO$ER!UML[+8EK!5B>27I-N5RASM`?IFOT_$2"Z`V,QPM93%#>(L4VU/Q;1F?TT)C!A92H%!>4NHJ>U1JW(2K-BN$^V>F5&YI"%8=WXD_56\?F#*]EW,1U1LQLF2&")T0TU#""Y!\9U1$*A\X1MM&GNK`79&LKW5N*".M*MRAH>:MC5ZL[9S&616`'#AUS(M=KLU/!IN-$_2%!1[`+]?NO.HVB6/-D$E#)C/#T*LAMVE(M"BO#95R$Z,NU4),C?$8$U%ZE7;S^UIMIK@-1FCU!-H-MH7^7[YH)C;10)K3[?&BC^_XYZM5FE8Y`#7V'S>!)6"Y@N^_V#XS2G*6;^_JIE5B\_*?6WP\'K&U4KR[V&'$#NO]^R""-GM#.`K(O9%UL[*1F/TJ"QBQ!3!I5RA/!\4Q;'G["-]A.F&,8ZO&Y&V4BGBOP>:MXW+X?MI5&1('NH`S,2-$30W>YWU6@K(;[ITD9O\VV5V2Q^"'U2[3R,`67"^^ML@-_;C>^!2^5CCX;THB/=&)'IPUZ=R9BX!D.''(#B*LZVQ7C>VD)4]JT&;DC/RH'*3NF0KS_M(DB2NR3%53?B8*9-L8^XZFZ$$L@^4VB%QG3#E>>@QTG-%ZO%J_V$QRR>Z]*\NU.X+N[U\/2#+%'#^096&F13JXU0BP0"&]>CM]8?K9)67\Z9P]5OX+#,"AX?S9.@0S;=IJZ;0U'L2KM!V0RZ#,1(PAV!7&Y.@S:=?/IJD^@'7(CK&M+1GWX?[-8Z-KUM@('UBNR/I2&7?+8Z[-BOM5Q55=T^*Z3LW.WW^^6#YKR8&&%U]?F$=WC;PX;_$`^TK3FOJ;M+R9H]S@5%$P:QKNYX^@P>Y.UHJLKSEQZ:/XJ9U'=3JORI7RM0OA@L6?*EM0WM,V]$^BU+__#XZ:H#3S8D+KZ3:^P:/NJED].VFO9CJSZMOFRP)#)R1?P7KX+MM>^NO#]Y`.\V`-OW&B?4U55&=S#^PF[;Y?N#[FP=M>@P\FC'D48-F[;:KP>]?ALS9M(Z_[#??ZH=MVQ>6TE@\")DQZ?.MI&A^CG;'PL?>1>P+?'KIA52D+M9BPW(#)>FN$/8:$.,(!74[X^0=LJ4^K6U1M&D\_27M_T^E[&D@8%\7T[_[]JSS__;-U-(CX7/62^*80!(PS:!.Z94,+;%;LM"IS(@(#/NOY,O"X@@*SRI3SIB#\'TF15A@WHG7/O9U]-^>V2-N\#;S]'_!\ZM[^UD0L_]D(9:?$OXTQV2!6D1(;#T0W!BUQ%J0N'Z*?B083?J4#!N1^1PNO*MM\,HGU>OPHF!^V^:/1U!UN"MG;-C/PX+))8O35ND@RK^[AJ/H^['4)DF$6X$EM_!JISK[&>UA3P:W=FMR@A0$"5V*>S.=T>%AJ,*-20S4O2X-:DM2ILLTV%["1S2M_(`URHB_%Y=\A*J]SAID'2RU\Z[F(8]SNB?J8)ZZ3BC0KZIMI;.O!J!S:XUPM.[HM6G'35;4YV;]ALBXGTT2UG`Y6-_+"",M)HV6KD)K>(4\O6?UM%)9$W[?>]?R6]?2[Z0EQ''MO--Z:&*.LHZ,??.CYR9$K^U@2D;')]\P(,/*SM*-^Z]1V7.9D!);*T\=K)C=8:#XZF5%,1:MC^&1*SB^+0-001;N7I)4_>0VVPM)!,VF^PS)[2!V^OHU/'198O@3*/"*_5JL7(AEQ8GO$\3A2M+5:=;-3_T(IXAMV2_J[*[3W=]+0;-G=>[P[S1Z%ME1BQ8M:U7;3%K/BPL&):85C-[Y&KBG1I0/M8PK2R@*$DA7)8X'?#5`R4RGIRN2SM$F33Z3`PE1F%X$J$+?U3AT$GM1R>'U$P?!TAZ%TAFZY*-T&L(%J-$:A5"^B-3F."#^W;5$W]NRTH/77/9SN91MNK\"!'6>^/1,B$WCE38TX-YJ1[[FE)0-;AN?/AX^!,;B_3Q;PPL.IN7D#4;F[W>"*(H1_JW7BTHOU_J>8EL@G_?;MKB3F(#5V.\+OJ5T1'ZM@(^Q&T+),T-9:5DXCE3;>@$L6B*`_%.MF(7O_MCL%>#!=O/8^WA5A.IIK'CQZ'-P-2KXCR?6Q9W(M$8,'?O05L_G>$/*=D7W_HBY/]HZ35K0?U".U\Z-&L2"(GS8'"4B:7:\KOO'+M>,GV+>3,?LHKX(D8._WIIN85T)K\]-;1_=#[^@I(^XN::V^+;(A^EJW`+8SIMU!$D:'L4SOQ5BH@_CR4X"S'UO`3.O3Q8G97ZB1D*NK#'UK8[!X.:@(#P5"W=MYI_0+V*YYYSE+,4K4*X`IG^I>5\G)'/$D[27FK]9R^B=F1JQ6)]W,ZDU>EB&"MAE9_VHJRZ8/=GY=+%9-GW>I0-TIWA%\L%^:]^BLMMW]"J][@,HLV1&?!)EV8M^.&KY?+/RK3/[`:A"02?P/]JK+A_HEQOLWVB1"FHF^?^*0,U$$HA)C4]#7^NG0Q"I2:2F[A^S+M]%O7O.6*]U7X0[S@\L9E.1J/BO9%/J)&-'`U)M8HU&%U-5WN#D;!92XC&6"ZAY33E2#M=WI.7)8Q*"KSUD8CCTLBS:`H./[0P)NE!=ES`EIAO+T](XRHI??K6:RC_:^']O'T-;+F3TE'F]:Y35M@-2[MR#J,V@NDC+O(X3)P;Z;;2%3=SYR!P60#O16WL%X//-]^Y&39$F3QCM%>ZJU=.'+HH,$:MM>?RHT5L&,S:V[06)6=L)!R7?S2R0'XG')_?`\H)9SBK&V-^&...F(V+H&MA@\P="R>].$XJTPS(3SX@+%>A?!KO=Z(E?U4#_E>2R22&,=A4F``Z)`%BY4G^.;03)PXNP`8V-YM`3^2QFB#)+AUYV6UMH9\"[TO1_U66`1@0]5T'DZ3`16)11^)X;,E2M?9*@J)"A5V$!4:2E7^4E:PYA#M.KE^N-;`&](J,`$.L8K-]7L?%^V,O`D*V'90JU2Y2&:G13M6%D6^E(E7"`W0.L3B..4D]MN9M\KK_I)FVLZT?55IK&C'JE6%='TV%EE;B=?T-!J,_G:Y.9_#R&+-L!45+2EB1C8%*8M]#*#,F,N0;98Y%\\6VV5SJ23>8NWXMOLK;P?+D]@IS@8%`$D]2GTR!=LD^S\S(J`^%3(``"`7Z87I&R#*PNI?UD\7VMJ*,0!Q>]JY1E*_"U(3\]"4/38D!=!X*HDO2U$2DP!J;0ZX-+D!($"*`-?S`UM\0+\2'Y@-8WBV5GX$&N;H"`P_BX):`U^A7Y'R=:G;DGI4X"[I1)8K+VE$;QA';$7M-F5C_.I?PQ2/B:ONNEU8_=34+@KW6:R:4!["`X2^F+74P7GOYK.8*S3C,C2_MP4?!ZR!_H6GIHS:B-[(%L6%*9?(2HJ%/I$KZ[=U8E3%`K&=_(0.M9J)2JIP5WY:BQ00QB/+!B0E1Y0O2395887L?48F>[D5M*>\W>8#>5XR@Z!\OHLJL/PLT[N&I]2PS_%&'P9QD3)]I7HD@'R9&_!0*]/XR`33,MN(C3@E\'9C";-_P=C2$+3(,!72RT1>/!3!KO9@8,9]ZVXG(?%A.CIQS'225/M?U/N'-K)_I,H>[ZCRWMRL#+9P9]W&YVP]''?9C@^+=7]+VS!7M\!8%0,H!'QN48^'2V+GS^\WP+`9Q.?@H;Q_U#'2M[4Q:BIV1/F,/MBL9@(_13]8`=C*O?$Q]OO^HD?;MJR72B&E'[8.PB`3CIM,@`L,:?4%(H:A"7I-:HL^RUE[FMT0_Y#XAHAX(^%$R>,)@)_*!0@##S6I8^2MG-EB?AM%0$MK3I=5-!DF>S-;M0GRT5;)C`[)_`LFK29(]7N"@H+>`M&XC?VUM"15XY,GR5"\,J8-NW;JJ57]K8N=HW:5'&7,P]%C?6_0\=C:KL2,A8JB]CFZ.&QA,CXH3'675Z4]\1(1%,`@*][*5$A5N8$*Z75;)O%]#:\KA"+&1MJ9ACC2=W17_0%`9^7:KZ);#/S,"!+9RL^?KM[Q^.@DQE3$[G]?=O&V)2;V^UMVK;[UO;?1K?&8TB'1K/:9(ID8C]!!74ZRJP`S!)5RR\/`'9"Q%J7-\_+0RH.MB\>Y13JS-Q0+[2?9EM=#=10!JY9/!H>#0!:3=8U>E?,5I'S(EX##*P,/\IVGJC4;_/D;[!MAH'X%`:9K@SJ$T`_9AOC(V/!M1-[&A"-S&XU*3QC&\+!HJF`T/YMKRW[!N-:!J3Y,3`WX(5#%X]EBE0B^.4;#X-8N:._APD8'8^F59@G;3M1Q>'\MNT2%/,=XXWN3T8)^Z*$81!TU^-X=:!^_.4.!^S`UP\46%4J3%&CB>[S8$)CEM?KI'36:EAC\_8E?4A*HY,3M5V^(N/4[T9IYO?N59"2X@/?)#-]M\2EM&T#[(=8$D/#T/VM:KXE>ICN_P#4>VXM$.*=@#2IT8Q0>T]D$[=KSU8W/9[40>Q7O0R_.EA8BR@S864$YN)/XX/J#KK_Q[EGU#:;:,O@2!-:[_65UI2?)H;9U@!.M4.Y"F:&@08'>WN6/$*C:4`B/C*!4SI3I@05;10J?;.V)2%^'IE%^)Q)1SP$_M8MK>2[>>JG8%4"`O]C&2?WG:1/E#1;ZF3E1837?H17%#@RB;@5"''?G0I:O,M/+8T:"REM_Y*/INQ$L-0&?CK9P8M29LKE";].U(LJ0ZP&G#M4X-FPF##4#S4M7-O7]A$N[$#)X5CGEJIG$O20"]O#@VQKQ+D[*9SKDG"1A)ZPLL/N(FPL6>&BM2%&>W_/V+/$!*%QN;?Z;1S?H77V1BIKI60E_T%8AL%PMX(F%V_U^]D@3,WE"M_")O!/[#,=)YRTX`-*CA55]EJ7>0U]0L`0.,./8/9`6N6[*.B?9Y=AY#1>N);GC"A[BUS->6L_^Q20MK!X=)/L&TF6*\_B*9HM9J2+SH?"HI('K04*FF5P!$/J:N]>66A39Z;*KLR3GK@*-]-7LI*J@]1S]-4YP5U+M'QA,36]Z8\^%DY\@ZB/ILE-S!RHR]G6ZI;6*E*A0VMIJR$;*B_('NGR[BT6>M,239C'D[M557O-[9&U4PHRS8P:^L[P-UAW$H>978ON7(.8I>E.!GZU:'RLM0/Q*FA^_U,1)V!KJ[)_Q]*IG]Z\I^%3;$D\.1GX4_J`XE4MJ46J\Y+*?09$YMS#:#'2=AOL\>8_/?77681``/LJ)@+A7K"I;FD&U*A#[$6@[DJ;$QWB5;)C\WMY(/&^F\Y@TFZ#@5Q".\[&!0]/S84QMI'ZU3T@0@D)2]L=L3K7%214*"$3?%KJ\Y&>36EJJQ'9T`$VV\K(!PBM!Q\I8W:+RIB:E/S+']X#P]UB6KTJC+NGHJWO7X0\;@_ZHT\@_@!011S0_)C:M%7ET\$L)Z"6&GVXH.1+)_Q:[ZR)%![CU98U3\F@:,1>Q(1K[&(Z55]AK01;RMI$*#1'`UI.F+5`:.=!]^R7G/^'\K_G)=J0%!!N)$\X?T9.`DB:A6``AXEZCG]L3XI"BM:..2OM7GW;R"B@%R^TN\4W^+"P3GT&K*C21E^%RFJEKCJ!+-R_/MCPW2?)>L&!4=J3Q8>1AH.NV&%V/Z"KWT[_4D`Q("SGJ2J?92%(CGZT7.KX++OSUAXVT$_MZ*%N%^9K4(F0T+1G"W8LS:U?V]1L>Z&]X/8DQW]][,.KAW@^B_:@[LW*8MS`5A6ZX;J`O7QEF^%ID&:6VM5H6:*N5Y?(4T5-J&F"M=RX/Y6%5)@?MA9/Q4ZE0S=XG@L#.`@'U;DPYXQ_,`CE3T%*+M_/3@_4--B8'M\^0U='19>Q'I-R.>"%6J_%I-6Y-CB=`M+*.Q^)W./N#8.GNQ)90H&77M-NP,EM9`^\^U,!EO-G%MV=%.CY2`^)SS$Y3%;E/!.4V2O=ZGSDS6FM\E^&7E(-[^3AT/L(LEQ.,#@K]VD#D)!$M$)$2XSNJ2R,9H;NV4^"%K#*_[W6HOX1Q7N]=!W%'4JRTY>>;\-Y_I;R(#0:EMD\HKP_28\*%P&%P.0>P&I5PB6S2PO[W8?&:E["ZF..969WNJ6U.L7BO>L/J5MJ8J58C^I-/->+REJ@V[;LP6]=TN,A4X??,07\(.B8]0-BS&DST#%-E"_%)LJMSF#BC-);4Y]WP8RG*#`55CRYK*J*N,SP*)7VJSWQ)AL-4!91)E)'M4]N^\G9^)K-K#`B+'8O=PUH9W#=07.H9!O,J^:,I'\>[K8BYV-LSSUFPW#O%"I4I6=WUX_G!BR%W+S7$XDJN&8QI+T+H0%MUU(4N:&)P&9WYE#"84S5$K@M]XN30:1NXC?5%31.0OL$/PNM0=(O\%)!_M5G[B4S:B&1,F^-LUZ3X;?L'!URRQ1I#B&T]6_J(M@W&_/4822QA3T>,98=R);0-#\PM[Q')1#VK&+YJD[>SV]J+MQ^4B3WR13%]1G8;,5_?W"MG'+8,7*%)J\FV-XW.:))@7D!69I>G#*Z7/M,.R,TZ*G(4W83?[%)R7EX/MD;YZRH/,C'O!Q%YGD8UY9@&6]IO:[=-J7WI(0C037MK=K:M'/CG#Q-IHBA9#A83&IV2I;H4)A87X%GMY*$0'J:)0%R&+HY>*`9^AG:`>`$FMY"(%E",Z-2H56=ERO=!$'F^].V/W6L!H1]C8T;3F?1/?5#9()50#8\O@IGJRMEA5=!L-/MS-!>ZAOA)\`F*AS5M&G!+&:B^ZKX:B8[[6M=H6PF/M\D8-?[E5+W,.!U`,B@15+@=CATYED5ZM54+.O>\DG#/X>;82G-%F[%L@!%@J^MRAKZ8[Y-(7"3:"OJ/77P#64F0M$-5HRW>]/1G.`9SY:@>!PS:\Z!0(,PIM'9;_Z4J;?G2/F@8&C],.CAZ5:'.OM2?&U%LC.JUMYH.90AR0YUL(TBLS&!=H@ZDGG\;G1V^M=>D--%?(F(J1#"\F6Y-+RP'>M&^WHWP%9W"?A_SDM%"K+8BMNC/LBMZ42?EO@-/U->@=)-Y5:"5M-3,;D1;ZN]M@0RTW#G=H[&XFINDP?8J$*W/VV\Q.5ON/F,I*8W&BFX;2XRX%'"1+\+6L/U0M(5HIL)/)DK!K4])-DZO))UYN>43Z:T^_=E85*?96@28;EX[S'AUS>5G+>+!/OK_0[>F:[JX5)/I:-MTY*$_E:M=5'OOXJC)8\&42]0/Z1IX?:I2&N;/(K@3&\,8E%_]%64?7^>DQ7.M&%0;2>$?@.P7(0;%[\A34+%\0!+'K,1Y&YTM.MWC!^5V1@W*QJ8TQ:7!CM%)MU2.B/Z#BZ8L,.5$/[H=\9\BNE!E5K$A%>3-MIJW,$7)])T9".$(8G(K=L2U>K:'_A;MBUZ]N(;MUTNQ=G:OJ>4`Q\*-:!'==?NOON-B)_*P`/_9C9,@^$&\(6;'(ZI7B`\;FV-0^WA?Z\_"5[K/1D2M);.&K+"4R"'H`2J26!0@`CIEK&P+4S4]JWTY1ELTZB-3:I[M=@PW6A$"O-YFJ8QJ-?$)Q79PL(:^:OV[(KA`>T_10(TGJ10N(/P'1MY4:*]&E7"J>[8[-R1Q"$T[&'$FVLN2P?%'XSF/*NB('#_@SC4BMW#WMI"5GG*S#F$%V,9XQ`-J7HEASKHO=X3@J2[4#+>N1*PA&WS777]8I5>B#`4MHS9?P&KN[5Q89^VI=-/)"]&%IZD)*#XIUJ(UWHCW*R_8:#%T999(M+42WM2'BR,X678((#>#&9N6!,(F"!:)@M"]*^]!1Y63-6]%7M6!C.5*3N/LM$'?)`+$FHTB);O8_5A@AU3`-D,F4-*O_)M]9/5&\[3Z:79!*"UN/Z3Z>?WU&O539L&@L-'RT0"!6+IC[0]88%$PWQ0Z+(\MYJ3[0KZOK-E!UC>4PG&'T@4BD=-"AM(]E#Z[T6\H[!@M@`=%5A14=>QGSJ%NM6\C-@_#3_+5DYLF![9X[(UY'%8A9YGC2RM1IEF_+-+[;UB%L!106K-V$X[MS?M96`O$`M$%D)R4K(3GSFT"])H&W!HX6NY)D_["J1D05A3?ILQ[-R;$K0W#MAW>R6?#I=?IT^X`;YT?3Y:H>J#$IM>X"1C5S88LDWNE+0G4-]E:3ZVS=!-%QKW,M%^!7$]N_GTGH7PPD"'1CX@GZWR1*&'"QJZG"VP0#\OIU":9LMP;VQ(M)TE\RM+H81R/+H'YRU6!^TBQHL81;OW=?[4[I:UJT!/BUTLY:Y;A)4'8MBEK(=S27LMF-;;RRL*=91^AEPV'1MEBM.!-3U/6IUW:6M'=W1359I!CNR_`&*UM%^JY!]%V!7^V;A(U!.C=9.>M_YX>=2][I_/O=-=,B-ZVL[]Z\G4_^QW6>L5?_)8L]QL1MU\I7N?Z@(#Q_OO_M$I'XOP"Y!P(0+Q&+)UX57?J?*=PJ'G$Z+M_DZA(%$!"`Z`@$"#J_*G0\&;KQMH'F9;WGM;3WS#?"6B#[(_9\`B4+?;^FB?\:'>F$_]TD'!PC@P]]X%;A1YQOZMOX6?#-;OZ;^C66&28MPW_E3\2_.@VURW-?P2D=0=M_@T.RE*D^S+7.YZ4GXYV73S%5R+&/E?J_2)09MVC_+&[,[E%]+=8+_HX_M_Z\*1.F;W"]>,:5-UI/L,0;P`:[8KX0GZDF`Y'OPM&USX+3^U\M`=R=S8`H(')EL@('*ZDEI';#QWN4H^/]N]Z.2IH(05\EOXXNPV8*BI*[`!L:E[GYRBQB07\AY7;",WXOF`0&9E;^FA76>M/Y-5S\UIDT^Q+&FI'\D$:G"5A+Q?Y%#+B%E7@AH1!>B)[$.9C>C@:)4E;)K7`K8PVG^`M\OX7*(B_)8L^DWWE>WYN>'GXM2">$\I7M>_\RR._C=`>?GP(^BTU]W2'Y_\$2A-S^AKS@E,)U&_70NL=Y>':X;AD%ZC>;]]!1$(4*Y'DM8P0:H`).'2*_!BC0FV8'M]=@:W3"&T$KR0O%8U'>?5/*RO@X1J#J0)E8OOHOHM20"8)K3JLWPJB[B,,[%)AC*KC1Q(ECK30B`2W&DVDQ,^>+H_Z'XR?3TV^^@HMQ^-Q.?[QH`-_!ES^^Z7Q7IVLOA;VRS/[*43\=5'2,+!5XBYK):9^7(]""E./9)(IH4Y33Y/;NV)&0Z$U6UG4V[)K$8T"]_B1M47!)97DZ]V84@1I.LOA,QS-7\.;+C)/WU'-Q#B3)J;)Z'S4R%N*J`[G'>>!XM813?\XU7WE-%FQ;S7*5D,AWO=HW.:_>HQ+2)/@9.)`MC>WV&+LC%YJ5$(@TEME%ON],AF;KO(44ZY,BIHT'VC]NG+"@A]\W4>0M5DL%@J>TL@7=NW!#S71]D^MIZ54A98Z@](0V'^7T&^G0HJW0:U\F)WV@WFY4E%=RV-12(PB$V]0K113PHZ:#XDM#O1*4Y.@_/R-JWV5==WH][,,R]MI>;05%D4?7`L9//[MS2-7]_7A4CID>)BVRJ%:&_#>;2F^3CA457MUE9/)J7PU1,XQQ;C8BTP?%41>M)3="+51KJ>\B#$(0/RVN:CZ&+4KN;$O,*]YL(?:JHV,&7*.9-S%K1HHVPC`TMR&:YRCK^]7[(^^/9))QZ/$4\D27OY?5&5?;\3N,!I/K%!%D.;07E'FD5IM4#X6@$B\(BOL%S9\VFQMBNX,F*[*6ULL\2D?12Z%7>MZ#%1O@^[CD&FKP0;-H:AGY"4>\2/14Z;.S4]RM%1-&`KOC1OUBRIZ'WDQ#Y$H#3]K/YE19NL431]C9AY8OF\[JRWWB]N;[\1".MM94E@=I+7>*!"+TA@(F2X4T>A3=TAL]2#KD>R+^P][5W_*>Z+$U1M&I@A1,GE>OE^`TSD!7:2G2+]F?K46'?=&39\MW6C46')@*^JM;1^\-7KLEJ%M:"VX':,Y0M2;(F1[D/.@3&^"(0YQY77\>IWO)>Q0Y03Q^R[+JT)$BU07IHB\M6B7\;K)%A:`W9K5/8WWJYT`67U%(/1K^(5-U^Z&3((@0J0'-[7D!'-DN.!%8FW_6,+OW[.F3MEL9!N>%9%HFE&\:A'3EP:JM8,35GPH\'X>=&PHW*/A8Z>2.]PY-:NI\YS6WQ)I3MN/2P5!M5X.6**:/7*T,^ZD>EM_WFCF%I_%Z2K,])GP5/9BZHM)\2A-GZJ11,%\/HU=XKBR^$W\=-W>X*4Z->%VK):)5%M=EON&(S9&+10H:.E5^A),W'.@F66^7@._/_D^4D^GE3$H'(16*T`&)91(]M07A#//7:-29/S&M(UIAEY73:VP6EWS[4E?$=S6E5"GF3NG,Y$NI2(2=P93F44JTU"_$QDZD?C(1NL$O$O1G@G&!6YI=!\:TGSUMBJ-F2.BI!?5]IWR*F0)G1*>K&%1+%_0#A5S9>4F;IAX38.X>D`-+T_=KN%!M'\B\H>`>R,)O!;Y5@I^SMU2V3FB8HD+77!96P$XQ]'\^KCW%)?F_>CW\(5^=>1^LUUSW!(6QVR&E.%\0@M!N]*44>8#:_JW"9/]GXA7\@S5#V6YD2T.WM8W\D_W:D]SBS=$3!??/\:>;JI%HVZ)Y)%8J)(UQY2@1>F5VW>H*:@$>!D]?SATMQGM*D#C"3Y;\)A3?M&PY12?E1)K"!V>#]R4'\Q1KFMH$@$Y3$;X/]"F`4,O[>!Y+L]'\!O^1O)`"";[[&E?\O\9C(E`L#%ZK?_ZY5OM*WEK7I2K-Q^%7%C.U7PPR!Y_F@ZHNXXK"+5>=DKG=15`6+FZMLEFS.'[K2A'M*+\TZ)L3Y;:N#@(JV5\N1_L@@T>IB_-SN)-``J_ZM0D-RZ1D&UC@4.^M.OY9@Z.!^:2#!TO]'.J2"U>.TJ17)GRSF_1['O[L9Q(P+(#;81`HHU96>V.5MD3Z@4.B]_*3%WUV+V'H.Z?Q(=*K\E;%%*T6K:KN-CJ5G,QN3TZC6.YF/>EL8MPYFZ+;F,J&\\;XQG?'M-3V&@*9?^SWT'H@ZH>2>O5);V!*A%2P6&)4*C>CP]MRE3)3@@'RSEP1+R([5DI0:O0V#954^VJ(I;,(^92/&P_'#=#(&\"O?*Q"/^#MDG@DGW2(8`7S0*768'R.][0$NQ?!'!/"(6KI4M^AJT)!)OJMZNWN?1C[_DP9M`/3C'Z7BI0-"IVY';J[7[5\*W*T^PCJ/#>!DD&HRV.'^S01&'"Y2MWWMKA^_,.T2]?L2W^_1*_2.0*`5EGUO+B90JIZ-EA]=HS9\=HM89GZN^7CS`55BM!3N'G2EAVB.EZ#TOE(\XX?HV7F:\3_84Y6?`6IK"X^63YZ7R6IK=>)^K'-41MV-:X5%R5&\5J%@I#FZ`0V`LM6N.^4LZK@$2[B]-WL@O73!@2SDI-WS$UTP$@M)1+\S[GV"X29HP]K30&\=TWTU1PPE>?)%!P]ZINU\[!(5[[LR.:\:-W')752=ZN,2K'MXH;@%11:-&H`42Z,+"G*+B,O\XT'_%`OBES:X3^$GVGP6S\[:\ZE*P//1%?;>?I52-C/WM=>&_:YK=?;].G@3BE`;K?R].*DI.GF/X')^."2:G3/W\3:&U#'0GU4ZN'RRPM(&ES2*OO*)RD@B=0S6??:MV0\JYT'MI-_SSGSK,!7,RP0VA8C$63J:`0A2"P'Y:VV[6BD+B7$TWMM2%*A[)MA$#;@"`VL>9VJMHQ.5GD)@?NJ1]TZNV>*P[:A>8B>9:GJG)A5BYK1\4HV>7^:U."64T_5I'.)J"!@O=Y9I)U:5Y8XG$UUA,5S7YX::ZQ'M!N67ZZL2]Z\CH@9:2B#\T&6&5Z)DL-*MDU=_I!I*H/*&/IP7#GN^_RHS196\IY0[AI?:$))5'(&UP,]F?IR%L)4B).]VMA^QT6`UU49GJFLS,DCNVJY_$GYMJA]:H:6GA+RYB:TM'KM:DT-TDZ%'_"SK?M$HF1,-PB>M@A(9!5D"&NJIK6BK@R8MB9/`^='/L62YUM0ZSM03F*M0=U>'B[V6.(T[;>W>3=I.M?W!,MU4>)`HP^G3M,7+,5S\538CC,]WHZ>ANK9;#.A;X=D#^?OS#U[8(`$MJD'4W`+&]S%`6(+/QM_`;C>HMJ8Z,"ID;9V'WHSPB3*P^W34*:6,HLOL0]NRZVY02-23,G_-Y0(5`RM\LK*47)A*'*IZ5MXBB4;4_5K@$CK.$>*;PLAHU=6-.[\U/FRJV4R;8L92]5$MX;`6VQ2=0YQ05,KY:I,Y28A#G9KR+2\N'%9MX>2[5AM-PR7=#NM/4@NUGJ`4_'(+6CR(2B:Z.5PR3V]%-/PZ'\Y4=4\C+S'RJS(FK%X*K8AXSB4M=GW'XXZ"9IBG#@=MUVUJ/_&^RR/`NM"][@F4\PVE[PG,=[?ZS7VBGQ/?30I"M>U/(^H?6K7:IX.N!_@;YI01A-S'\Q!8MK8A9*_I3SW?T:A>5V#UW\I#WT^W6MQ&X:8GPU,CZ%VP`ON-XC:+YB1@\)[)TM?4]7*0$:+?HT(M?9;:2L%77)1EO?YZ76?NS?2W;EOB+,KTSN72_)-=="AQ!1=':"=J,TYEF0:.;$D]W!MNZ=7VB?2Z_*E`,'2H6=J^9[S^[[32]#^XJ;*4\3H.3E1VJ48A2@#H-D@S4V;M.#U`U[,W?_I.0OEJ9'3*((?@$8:>PFO^0K]ZD[)UK14]F5,.N)P2V!09F3EF5`]BN.?D3E&O`'UPY2?^#[L57Z+`2OI3IH9P@I!G2^X:`8/C*^\.G9$EC^//>R:A1T5[>#"U_8E1GK7PI^YY*)M8]O-B'N&>8,/IIC1QT])U23W+]8$%@H[:V=_WQGB#)I.Z[S494YK?\OK;]R%DR)9#P@3*9,;=5WC\/_4!*)L?;2M(?X1&;^?9XE6[;/#H5D"2CV=MPWY/M13OXF6;K,P_K/T+_%>=!S2/??%4-A]M]+U1:R^X*`*/KCYN::H!SO`\YQQ\X6#5W]8/HJXS"SP8>E&QZ!AU]'LT?6FM8RXGJ(_"BXN^`S8K6`6H)]=NT+`GOBCOW15&R*=K]LKA(%FEGPL>SO&"CU>?M1[VCX=,ENL:6GIR-4K=IP7?Y,-;.F_;3%@[C,PFJA![1MU/SEEMC7=(5O?PAMLM+WIZ?Z$'@,6N3S\=++R6'/M.A6O8:C4_'+ZL/JC8.Q`?WN#,/-!-Y+EO]0=DGUE\@(WZO+7&JJU\#;$\A10MK2@:T%E(-DS39YCN;4L&_09/`";S1;A+X9S4[^$AFX]MIJ>O#(R@GS%M#.`F34\W05%;;(CB)_QAO.,6=1Y2W0ZQ)/^38U\-'N7QFX@AY@THAVM4&7FWMZ2IXV\,:A\%*"[6RH-AD@AOY4\BTGNFH1J(SJ4XS5FTZ$Z\';#-#,W)"S:A(M9O+[-Z*3UW";!K8324Y"TM'45Y^.,?+BXG4-+5.+174ZW[2*H"KO5OVS\EH5(M^;%6@>0=\Z'+WN5+/4[3+)5BG*0/W*3!PK:$95F!]O/W"8'Y>L_-%-=U@/.RM)IN]@5.FZT6BJ@Z:%PMS^&-WPT()T/'X;1M]%IVO8&[M`IQ>/>MR10/P#:7MTHE-5T_3ODLT!"AGSP>09>5>W$_GDMS6]&]!Z4K7K6+V,XM5/U&>9X_2.!9HWE$4G?_;%9C-+)'/SA$0#(E(D]SVR'7;_;W96YZ9%>J.1SAMUIWNOI(7O/*?D3&E')*F)6?9/5C57YK[O3&U0%D0[_`UW@R5UNA.A6+>NNF4MY-FVEYS_ZFX@CPRC:IA(')?F!9AN@`K^+J)NM&V,1?$;N\VB7MRK@V9Q"A7$>X:)NS;@BDV]B"0;9_+L!W22$=ZD8`BV$XIH`)L)7=UFR$:0%S,@*HQ%"8>(7.`FY0/]I%OVK\SA#Z9$=2MD2V.9LR.B=X=%`IY$6)-OLVI*/IP6T$A[8BS18_?ASPK>Z!KE4%7%FX@4Q&"G(VSLMR*;9OH,'##-Y^#CDC.;$O!RLA^3Q8M4IN5MMI>F_TF'@X`1529FN+KPY&0U1;#%)SN4,L+=SVW?X]9%$%Q?4\QYPLKFPD(0:M>4VB^_2G\(RKZ5^&+=5_/#>I9A86\1VI5+9R]L*$"NR`7H9(TXH>O"'_)F`@M([Z1T,C0+(M1:+26U(=!#WV.4-K6@HLJRK"MVBL3M,TUW"`W_)+M6F!JD9CMP:\`BV-6$Z4%P0\/M\,5S;MJ?G9FMB;KR?NUE674YPATO^5AG"]QM^Y`>-N?8=V.!G!XYRS'ZF067ZB;IV$QTH:V91372)NG18[]')GYY95GRC^VTM#2#?6WC#_W$4`H+(.MV`M@;JB/0J*FSD;\KH#"K$M'0W77!T"@?3IS^-2#_MKRN4O4Y9$L$[`%$10`N?PVC'>P:S)LI^V["3)(/@69^&6G_YGM%/%-YN6!]6MJM(*7AG,V$[D)U'=MZ1;7&6UHU>%V2-V7.FI;6DR;C%*(Y0G#E0O"RXR8G,UM+&5!`=;P'?&L18ORM\?QYJ.^(8JL5!`+KQ(^8(]7:76>Y]+Z"C]$D`]3./$ZM;4K_.,-R2+*7S5/"P,$WYZ)1G7"GF2/5M8;/-)Y49K7)?N9JJ_',0,LW_2/0MWKYFH&:9OCVD7*+4*LUB^`#1M78,;T6-GH,'JW..61@G)AA%]@(\/8.$B&W*MK)!P[AC89^B\=++%]UAP?W#UMR,^01RHPD)\0-"%!'QGYO+J5_G*6M3(+U/>M5L8OY=P;B>+TJ0R#]HHY#K:)12&-$Y%!7!ZCM]W/B`Z'2_1&$WB,G,WZ9$/F\H&V,=#EYKTFZ%VT=?QPMM%S/VH.6%]N57\+X->K7C7HXH%\HK(]WDBI_L3$?38D1HQ9_AC[^N7E8(/QWOMO&L$M2@!=N,^Q;`%F(2(E";XR'>2^NI$-84>MC2C[AH7\31^K!'S\E9+$Y\WMEI--P\7%C=T(#VN`AZ31T]$(\N-_.^LAS!^EE;'Y-UAA6'D21^CY=A,J$YDFM)#>DD7E=?@Y@*DYV&.7M4I1ABO5EV?G%GC&5JO3^KIUAD*JCNH.0_WI&TP9-M7N@NNY-1[)'Q2\2-2.Z8\(L60AJE1-CXK%7=,A>Z;!.!DX947L`YX9=?8_"-MKCGD4P:G:%\)RW_]P.LT70\Y;;Z0JW\\'^I*\SA)'.@R\C-R*)P72;R"1QEQM,K)F1Q$U)+?`/WUY6'T)+&N]I[>L&N%:D'=(4-LS/"G:-[U2TSV.=;=*3FUSMS(^[&DIQG#%QR+@R-AX[T2)OC6`X,Z`'''TM^'B^AC0S,>8,+"4'5(M_[3E9F:9$37R!K*2ZFJA1+Z%9L:$K0\G\JARB!E%U^>IIM3G>MZD2Q2!%`>JML%FG^SBD$#97-$Z.HYI\H>E^F_ANHEW7^H._$'"3:\E6?'K,V*]:07SH0YS0MZ$(D.N'P++.?T\O=F$^GDKP@KO=%\JHI6_7RPK*RJTDF5][KS.ED:W(KN:!/M.]?SXJ1-7@UWX5ZR0!*MXZC5\X3?GH+1>*$L_'4NWED!R/Q%HRZQ)`WYX'3AI"U4C(8M!9@OP"LHVQ']SM5'X@"]MA$KR*G?I)Z5D(&6$@&)-'I-(/DO;HZ(OB;4`9WGW16[WZ]4#B:L\4^?K>VE5OCV-L:VX\\*O,-(:2ZBB^#*Y5M3P'E[I.SS.3,8,?)1V9"\U6UG"E$U(QC]^-J(:LIU5!SCY4U0F4([HMO6H/`!8R1CMK0D716V%&\?._UZ'%&U0#XDZ-Z/\EP7>;@"Z5)R`$$+HWP$#'BJY7BM[`#H=QHW>(P=8!3/)#":M4`&%MH0:2U*N('K%E5QL`T_%SQ2;ROG7F-ZCAQ*E=V@U,;(Q/V+2Q6V1MAP4?9WG,.'A^FE7:#OAW1S-R!:CE':6A2J&-I]X"A5(B#)%2,GQX^!I1R_VXM9O:+>3@AEV4"*,]1J,!LX.[R_K`LB*EV3LPD`I:JY>7Y@4]S?81[M1@]=S?=M1\CS=CT(VI8(U>=QDQQJ1LH[[CSN!ER-\I]."1\8JH@MM.PD6>"UX#`*L*7JMAOD=504H:N0;\-G@.R56,:92AK(34J5#N-YZU9@0"O3DE\;.F\\E[EWXV4R7',8$E!.*\^MGZUW=%SN_1*4&7`IVZMWO=!/V9Y2''V(K6TMMXQO@V-M_M1?9?UQ$N?3ES%_\AV-Z8?WM(!@W@YZAL)MWMFQ10$BTK=4)M91KV?Y>FQ'>\1=&%N59K+;"J6U;I0FU[.&DZ.Q]B"=)VGO\P1GQ2##5C*RAD0T6K%':C_@:W_)Q/?KCA!^5GOQ?CK4I5U_;X5;MH636"XTVXMIZ\7O'B49%$Z@&.U[E),%[&GC@_S'(645>U`@6@U]4J0F%OT`*9L'7(A)WB+)@$;YEAMA/+FYODTO(&NE`#PN8EKA7B'K`^+[/7@,H#-`$O`6CE],)8E,M@M]Q\67*ELX^'%"E1"H,;,?KZHB_F>0@=W9Z2^9U^7L]3M/Z&.V+R_P\7`./BDJ,7'T0#VT02;IM7ER/T/)`?TF0,X&>CET/KJ\Z*K12_M/["&(D0-59)XI%&L,"3"3,C,(-?5$QMEIS@U=2O:2P-Q$OV&RQK.I$IR$99,!Y-(R#RC.UMQ`CV:?U4!N'H/R,X;3J^411@XW]X>%/>Y[T?U@MG#3YZJ]SUQY_JXQ+U[?["ON;(6&2H.J#EFZ+Z-_:-2I"ET#ETP_I-.#K_:U+M`);?:S"1EFBUTQOP>D18YML2P!F>>^Y_VR=R#$*C@\P-H\ZH;*6@`LB$FXX??O2.!2XJJ!25^7(I977TD>4`!;8UC7]N&$A.0E?M&?Q/L5>,661_U&Z>N``:SSQOM!M/^/#632T(J_@%%F!V$F(P[Z)5R^\G'&0JC917[Y$HO_/Q:*E34=UUQ)GG8M)"JWD#;*8APNZ$,&=6_Z8@ULXVH,],UV*GUP\'"J_KD8J28QL;2K+K5*O3CRM+JF!V]!'03VQW;Z3)H?G;YV($PIP]NK60JOT[EI1D7]V/T)Y*P&WM5;O%K)QA+[I^T'`]@;:TFA]/R]=9>YJSB`B(-5E1=TDC1'OP/18MFO;7;LMV#_MB-PER()N[3D;5A)J.M]I]`ZAG-^7T'?;FRII-&F8?;7>$7]=`,LNI*V*>9.*V12:0C*_(AC+C3!,VCU+_4*/Q/VFO^ATV!D6\P4=:"A$ET>1)V(+3Z#-I7_'>6M)(*6;GL$]ZJG$JEJ7-.@,4XU*R]*@PS,KVIS$DEU[F7'Z,8X[]MUA`#SK5=5M6MJ`5`CLXH;VW8%:C9(F0WJB/FH^,RTD$5_/*M^26D&(U`NAK?QOH4&@K%7SMGU[D>[!EC/3&(?77=``$GA[60H9>+M>#HH*NN$L%4N79J]0O4)5`[TOD&$O+/Y4>50X%0`U2JYV6?MEE>*QRA*^F]RQ$&3HB#ODI;KA>4DV?9T_+_LB?_C7WW!A:R7(1)%KJ8W96""M]HB`FU="]1"J9(%('NI+K2?O3B.5K#XN(I6K,X,J/)`9M.N]69/ENF@47S.]=Z`!X3/Z=M!(.IX[J=)(M"O*H1KN0TXM%CZ/F%[;@H0L%#B9K4X;#/H0?&7P[B___Q!.#OM$]XSFN`?^NKR>",&P82OJ72Z]10'U!'RR8BR`SHZO]@6=T@H,!M`0!M]`#V=F*91HR[!;OCFME`)7G!=S"1`,NMT3?9D>/0VS>HH:>/ZTL.8\KX"[.ZM/J3.MH57IB/F0OK50MU1]R"V*ASMIRQI.#]H'DFV>#M\V=KI\OHG8\]7A2SHZP])U687EO1UUS0"Z(7TL5M&M/S50"K678>=[TV`JE\2Y#A>'`L^`)*OI7?JQTG+RB5?6K\,M%@Z6R#:RC/5QM7V'>?>`-N%U,Y/NTGJFG`3D/.29?^>=]$89G/X,^GFQ-#U,"K=4_WIME)=!;M8!]MV`*^E\\HZ@5M6,G"%-`CGJ[K-+U2S_8>/(WM\O]:1?\G@?$!^L\D,J6[M_95Q.M=;@/^[?_Y>W!>!D]M09>V-I(5__BF^*B`&@A-M%:1:']2J,NLXSMM4\ITH#F.Y`Y`25\?[0,)"C;9TK,NR?E+8;LPV]/M?M&?YXZS5WET,?"K`5#5F%HCBH:!\?)@LNDOU%W-P+PK\^.O&>+\7;WB&!IKMIQ]MS7BLS;2$K17$"]WB`0K#)+!MP%?QPECH-*U9:B@M\/]QS41QE._\Z>FR;M3+$Q_851QWLMRH_Q$V/YZ,D>[FU,]=K;H3(`4\3!:%C8WZ*>`JD&,UH-O7:S_8M(K0;:T@[:!L]WTEMNUD?7*M4Q3KGP,(TFWDBLAX]RZ>H^8H^^M]AKM$?6U].`J@'2MLB0(K;ZBZ[VQQ7B!U!K/>YV'CFN2Q2*?$M4VY;EEIMYQ:$Z(5+.]16/18J[I!K!D:J];QY85A[-3S-%9HD%303MB4!6%N-OY.66(4S!EG!"[U$J)9.YN;3]T4ET(WKW7WISL@'#?^HCEYV&Z$!H\>ME^VSW*\?G6P%P/`"KJU[6""@+V/8-%BEYM7_W?^,0>K(ZCXTP'9Z$(K==$18&IM5^TL414I1\O!?BTYL'0WR.Z,CEWL:'5J9B'/#%U':7UO@4N8WYEC65,F@,2^MX@@5+>4O7`V6+MFDU-1Y^FW%NX**:]!EB96L]Z9+>]J+?K0$U#O"):0I@0`[6VNC56MEIMV#%)5SAXINM3%>W7+^5O,MS7MU\F"*1G>6G#PK_YC=EQ8P-M#QH^_'A(_/F3[:F)HMH.)$+Y\XWNCM(3M447',F8X5&4=0P]"2N`)%/@(B,ZZYY[;%H@]Q-S6(4#G2IMP+]&4M@60Z[0CSAM@5F-GOE@,7C&XK=7=K*Q)ODL6:9K+)L2=;9CF"&E93+CM,RS;>%2V>FBVS'3P0-#Q*B7I48KY@,$N3S0'QFO)`(`CU_J/1M1X[PU4.E+O90J7#".E[IA=OLDN$#PFITZ$@"[8A[9?)$.LE9ZS[TL9P%TC&8MISXHP\D(@.O78\+6YZKMP5LM:(3)L/Q2^P#(:S'A$$J&H36U7;5-N]Y=LK8(4Q@#A,I21'3E"/YUJNH"Y/@+J0MO?UX$]8(%A[I=U+V8NF!_;3UU82Y>@N=OME[*%"Y:KS[-%Z@S\XN=OEQ:*\[=+&>PTGXB7\(EX*^G79QCL$_@UAEF;O(+!M7L&O,:35SVGC6+(`O\:0[_LYY1S+WN"\G,$NS1/E7I$GRI57