From ffbbf76f9b8d4efa12da7d7c01f202a3d98edee1 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Tue, 18 May 2004 16:02:38 +0000 Subject: [PATCH] add html version of tor-design, including 150% png's exported from xfig with "more scaling" magic on plus new pdf for nick's typo fix svn:r1891 --- doc/cell-struct.png | Bin 0 -> 6088 bytes doc/interaction.png | Bin 0 -> 29360 bytes doc/tor-design.html | 2486 +++++++++++++++++++++++++++++++++++++++++++ doc/tor-design.pdf | Bin 175247 -> 159425 bytes 4 files changed, 2486 insertions(+) create mode 100644 doc/cell-struct.png create mode 100644 doc/interaction.png create mode 100644 doc/tor-design.html diff --git a/doc/cell-struct.png b/doc/cell-struct.png new file mode 100644 index 0000000000000000000000000000000000000000..c0afa1c4a11f8522c9bba10f2f98ce9660297ab3 GIT binary patch literal 6088 zc-rk)cT^M6m!>F0$iavRh@nJKf^<|wq)3;DG!0E60tN^r5IRVa-a>B*CMaE`NJpwl z2@)U_sS)XfA~it}1UCN8?w;K}yL4jUgE0|Nt_ z?mbOo1_s7L`n4Z`iH=7=PCokSjN3hP4+aL{gTDvkP=A>|y^`Nk%gpnktDUEhwL6kQ zM;|Vv0#@Ra`P0rB_(sKboTOZ28Ijrx|(W_d|$8QRI94HhN7Y>eteJMWbN1f z!6@2xrU$X8{)5qi>F@sY(}z=LOav(kH|0#LOg?vOKd@-Cxm}QvlaupEQwRKQ z*z;_kCn>sewUHaxF0(dsB2dQAF4KE7leDM$V|rS!jENfX2=4VbC-Caw;QI=*$950&t!5o(!6P^ zT)emw(>#U#DA<2r`8uA0G&dRZGU7^@2S7rFUN#LHiRf}h&IXo#Ze~yeK?|0JkN8i8 zxR96EjkwN00;UOPjA5S73(_clbuKw1ipgy1A!HIMCAazD36~a^7EP8Y2MKo}SIaB1 zarpIu(u@JmSSZv9-`9t&(&61zz+gkHcx-5{bt>w}P^`9>>=@E3u+#fXVL_GzY3AG}w){$Xl5t&6&cNApW7$fvm&tWr)6%ST$Dzf?aY^4MgWU$a5Sp^{zVFT0{A#(E z22Qc0+^Eq@3Ey$hcr&k{z{Y%c0UrHUfib0Bra1(Hk8k?1VBBL@(gdOhWUKZ~BX;uq zPH}j=5j+EF+!GQbS*YeF$L5_T^1Ibw*5Je>MI@Jz?}EB7K1x={hzs!$TG4le-Vp-O zSf_?&k_gz-@5CD)INfA>g+h#(XUv`=*M$kWf$e8#5kEAKe%~cgn@3$wtIaf`AIeF- zGF#v0_>K~D2NR58*B0e^*ED{ZVc zN!AnKCk(PWuxP6~BMxoIbr7`^Zg=ZIM|H7uk(jkcPf%VbvK;p^d%|@`f(YExG^+V@ znJG$X>9Us5DYd&TJYv_5Os$GSe>2*SC@<;p6INb*)==#@L+_luK--2FLJr`3R~*Sc z?N6~M0MggVIVZgG5gv@nD4nH7OuLENVzYyuwdrC#wf-%xsDz$KB*3AuERB}yV4#6Cy6zRwG zLBBwPD59ISi?LI9JuU~VzPw-74Qww3&<(VgMjQCy1vyv`w1^M4#;k&mep7O+0(VF9 zE}$rsoZ#bwwF<$q)9o@jM)35t#++~vo-&y2h7VODQI)Jp`18L$v4AO>fu;Fw!+&jCD$6IJrf9dBYoSxU})4wM)Qo_ zwnV|h?%N3(WZ?^1A$^y(&Pi`&Z3zTATV7U~Mysp3tK{TCzj&{Wf8e*Qxc)1TGiQ@u zYrurp_5$;L^7pV;y>3NeOB*(ys7kA-M!f>AUjw{!!z>-~?2ttH`>xtG5?Klq0v09g=2}W#LC-7CDvOv><%-D+t45YGi zskO#6RUdRJt(Q;Zs7m6nGlA(6>8EfRy5v00D~hsK6>8IHGBdsW}*cCB-$ z3FUg(n?{HY6y6c*u86n2b3u10lu zJS_#kzwVff%Id->dFw0~#mZKw4X>cGBCU(hLM`mOBJZ`vfD5D8A!maMj5GD&aE%fm z;I4m5g~a`%dC-iz#hoFN84fY#1r|-P?XB-E;-&K4zy&Gdu;xL3e11MUriZI+3Gi#( z6b3JQaKPc#n>4(%@w3kjE51sXd()8VRId3o;pVN8zyRpE}P{= z`kv>q#p6th2pH_{*MnEauraUa_>I2#;RTtzkNfvo3Lf!B9w65J=t=C+xem27#O?)c z5qVus?5>PP>^rOkkw(d1Yc$We$i9LhSrTtt#pGB%Wp8rTMnosDJ0 zxB4=&DDtZ+b4~(z`3W86X~rk-BDc*7-ZfXczdR#^HZ#wV^sE11;v026(z@%*o!7F! zYDIdop!3Ing{8UBtj)Ji6oOBV_NIeRS|*$Y%I@81JNiX7rE`jdByXhbwi2mC^~w4t z86b7X&4wt`8%xg~{|oppTI70Kl>}8OxQ5%~GXkSxch(OM=jVv(v$HiH^=?8eU3y7X znqK#Ib#+ZNd8TM!P00okw$b%O`V4z*e#t*t*XoTp$E>fCMTVB3^(vj4h*jQAxO3Zy zgn93#+J8_MM^s5kxnmRlB8gfh@qVol%0?R$0xY3DxpY&)t$hWZdI>x00m?8j0!E4S z5H|Jp<6$=KX5*YzZ0-k_>~bTqD+S>$>Be}D6TrKxKSMUgQs(fwe<^f&6 zyx}$FiU57t3k~gh}e?4%U%9#f?O@bMcI5Zl-@LC^$INc*!qeZZfDXr?%^4=V~AT18yph zD;@n*JdlozQB7KDpCZi50+@P^MBN`WgYR=`)wxU;fv#s9KDJfKaHgPy7;YzoeKyTN zHn?QjR=#Q|(zSXgzWSPE4>R305;z_u0wPbRh=eq`8sBeuk1R;@Sg9ARqAcKJO5Y~#9W)yHEqdNM% zX!3^j1YL>DE;9|6^DNubhZAbXsA5`R`N%`G?yT$zyJu${%~Ckyi8s!V-Y50W8A$Cm zY;L!&rF4k>raj4q@>S^FnRbw1n9u-EY5(Uuy@Q_!44`Z*`r8Nw+~N>t?!G@|R&}d# z#i=#moP}MP$Ku>db{PJ_sS* zNee8}#;WGF*!)qe?>ewuDg4HRf;5j42R^rMTV6Y@En*&Tr1?4U&VP1bzl7>DfIT<8|_ z&47+4bLXGjn{K@DE@&Y@MaO7CA;E>Ln=)|wNYQpv9HHF&)W3T)pv$Lduv$YMbV?my z$^K){;0`zQ(dKix37(G5gd3WZ3$32XChh8!Y=suMyYkGh&)o94w$Dutt`rBkHCRb0 zF8XVGr5xB+Hx}MeA_>F2Ucuf80kTX7uN1MG&8v5ZS&AX6c~;3W28GkOyL7_hnv^fh z+bBPn4-zQeDuozKr=4GZ%qLz@{ymS%S4eMywX`5qeF5=9K2;CmIT;SeR1181GUUEcc{{91|LD!H+{U4xfB;SgvP(A<@;qqqs%b73I>#x^!OGTfeFmh zdzi;)Pl zV!KO1Z4bi)TCEx;Z~;41);FbLgnP(U%#(b!~_E(7Dw-19DSF9Xqcu zz__|{JK_f@{GStO?1;N)rc#woD^qbJ|8(H2!Y>r%>JIciM`J9N6E#_iS+ zI{pa;?0#PDGY7Y~_`y*k$yp9JPuqZ2Y{~L<0UM6~PrKLT?zBeaUigVpN{{-klJqe6 z38idJ5vbvr==5i&IBCrPPk>6QT%&yy5iCxav4fBl2>Sq?6n)scatJ&)?!3A{7CNIn zRpcDoJ@J;eGQfCWHPeu(yzRkp?E{-YwTeMnnhZ8k+0kcZLi)pr?OHN^{?-{k^@zqlG_LFD)q;mJ()YfTP$;zAg zH%Xrj`BPtbejswu1&P`iyq1T1K{UA zklA{d?AU=im$hqyKVy#(K;j@e1KH&@B3Osk=iRL!4x1M6)t|cg*7OZc&f)!}vj4B9 z!reC8Ks7xxiHS73*I^hZ`t$krnPOR=nW%K7o2__jQ?}PfRG03mRAe)x{_MBHcOIJK z0@A>md`t*cR`V4!HcL3{AWvl=AVA%Yx^H%yB~1MZVhkphA2r8JqAvR{3urtrvQp8o zLBUVKo^IXfD_~N}$$py>S&`s-;ddw}4(P$p3xQGP#`di)`!t-{%6^Pvj=O z5T;fXHP$BVN~2VUp?ujRC+1XWtcB!6iFYP`fse-00?a{P{A!T0z-NW^f+gO_lOCD; z`Rne(=tRpQh4M?IhCj1iTUX2vwTFfJ>h6(cfSAN27cVE;v`USXPTP&f_i?!cMIU2x zdDk+{HGbSh8dh^p_5%6G4kh_-z19zLE`4nh5hnDZN`kI|%~tB&4CfG`{Y_K)i4w}J zY+Kn@K*lBGjn>}TwBeO-jI5+cKNXx9pWU5PAuO36Cq>WV3{C<5HGBrWTQPB0*~P9) zziOWa5im!|OAG`|234GI>EdjrPW;se51VC~Qu7l{D9F#H)7!ospo)@`8xOYc=jpuf zQj!JlXlt~McRn{1DC;MN!c4$~>^>G(hW0=EdAm0FOZv__VG&moN9T4whr0AWmFq2= zF%oE(5f9b)i(h)GfNk0VHCKiAcgL)Pe=la9{Gq7+6&`=ZO4DZR^BV3wyIFk{QU%9j z6CY7r2`VY6av>YTraay=Mq0nrffW3a){dvi+V Gtf6(Eq%>$^{1gR|I2H&jD`Qa zR{KqskwFOfN#;`~82eJG1ANKpt7__N;OXe=XY1_%QqwWI zq2}!A*{ch>zZxHAP2=-9P&_8=CNB7;)AEI+)=>93H7|LENuTi{%R+m$<%^OVYp3%LgR^D1S3Z9h;xYY3{HHRPDPHh~Ix zS#g07Th0o3YZTB=3jXH``=yx%HhWdQQbm|kCT4)OR#! zpgZ|7_`PEM`@Y+HMqJ6fQ#-{%c?OKC!}d1@*!#rng&|$?LR_2+hqb~n%NePn8g=e7 z4L{Cmec?NI16;XZI+#_u6gZfTKOQgNe4OgQrbs|$6a5n+!C4M$p_~aiMn-$R>C;0< zj=-Im&8Fk`qwN+a&-(@6u2 z-P0Vd+?3Ys(TZE0h(K{<&6y?Rt0Q4r!n63HsJ?i;uRA^dTW!AL5qr4ua-7F)g3Y7H zcID;X9Ir7VW;2X20TAX`4dp@_(hwC!*yqn{oIP?D_u}YZSjlth;8UXThfdX{ zwYnK)b7wcdp7i*Sw?PvN1e|@Pv}*;xSpA=&;I4e9W>~3!jyN^e!UTDO`z!$g=|a} zZm!D@i#mLp}72GOPrV?@5-ovf=g%AZgNhB+W87cXDl_qNUHVW34c)^k| zdWCa@8S~w^y05FNwFzM1=uW71TkyzTD(j-hm35`rl_rh1Pg?ix1x1b_`!3g zE3&ez{x%|c$3N`Ch zbuEpTPi)Sj2+?Z5?FYhm;S1+2kA2Srk>`;r8%j7k?dTwoQE{9vq zp-`2rIJU`Zi=hA7krwfi!H5lev275p(RVhG!NMngKD2vJL@W@8uU_E2xKyhKOHSMu zv;TY;(xyKtk*djZ8{>s~xfoY9&;M&7XFMW7_)A%dnC;EdcDrZ7AqPlAytH1~Q;NyS zISYo33`|=Pmwj%Y)u)0{JCkSiCFR~4KNCy_Ys`0Uz8P^zZr)F}@S(5MfoVeEQ%CSs z!LFWl*u88K74>beQ3q)8FFIK6__8To9JRlKI+>dhkpGLLo}b5zU`>zRvb(!sOj&iewg(I z=2s_Kj6i>8G}_&O#D$@VT! zuOxpm2{2-Th*0g+ZBA>`ZZZTxMk@R^C$ueg^zT1)t;$u`UDeO2QOv>&Tu+G*8F;za ztv=UQ5~SHzDP1kOwtlLnwR5eo;y&kzwm65mYC(M8+JV2?CfldtXZ?A8eMsm1%I1Ks zpKfD}B(rtc9{a^Psbq zw1x1Z5Y$HEHcRVtDINdk&-Kx^Gg6Hbi9$Dn8gq%$S*PjZ3DIzNip-?Ai55$>|0@K0i(+#KxWFQDuKnT>6FsDZEMi&j43ga=SP*K#@W5 z(h)=d8m2T2DVc#mbc!;9$6@bzVMoX`hYy}isvi?7%5TOc*xep2$bT|(mw9Y9n5d5X zKs_Ws*0Vb=Sb5dEl+Ig@Vdg2(gi-#rv$w>&d>$-gkqsi66sbtA%_2T&eE3P1M}`;Mc6eh1fjSNX@9Y65`M7 zT(7Uev4UJ_Vqtwn+R8WiCvv))c4uOJpwCfu?u_+RjWPtmhX8~F6^DiO_W#URjHc*zO|_gR9Vbv9kC{5h*%(~(xb9#k!h983 zbtT-hT*vjt8XfrgDdNZ1^$D9B>xwLtsjOtkX32ZLGfVLoy=`6m&sQyiVtR~s(g%5> zC_18)La7Lp#}XMdgDc|E1q_CDS@Z^J4rq)T{iWv&FU}y?D|=3&oMX^CgS(VWw)d`( zhhVw#pP?Sx@jrwU)|f8Jf_GPc{5v#ui4PHEwx+W54=6_N~Y0lA0i25H52h6)k*~hK~v{{NE2BKEY3k1-^Yj)9V0d=2L21Pan=^f1U zBYp?BO}Wv0D5w!8$=zZSioU5}#G_GTD$E>nX~BSpngaa+2~W5DE;!>RrHS`#wHjU{ zRpOP?9CCVFxya&kdpa$W{AhhL?^tvBB-B`1CSFBxs=?jN7!So^N!h_cx>k-vL4Bt9 zWkyvcZ+(P5_o@0F9uHd=)`+I%QU^1`q@9xw1qA|-uEhXISH2vQL!vjjz>7m|x}nbK zeSv@$p5vydOk(aCq@yS741&36{~0xBU|46c-TEeDweVs?os;+}V}vaps;U=x?>CYt zc(Wk-u@O__AmXW^-BG(Ot2f^xp|A?GB5ysrWZrKgKfbkNiR=;A`jEO=5ZLAA@N|VH z{*k4Qf8 zPEm-sZBlH^vdkA!uvAthfhY=TOk+?@BI19TzVBV0UJ!{0y2?l{B5G&uT2Fw=@kSAHZyH$5ohZ>TMw^slWaoaL9Q<$F{V2?!2 zhQ?U2nT7#SnvO4U?%BZ$p6H19fg%%mRi*@S)3hFU<9@912UGEuYjIwxSBm*~>3JY3 zvNwtxcqYESO5u&d66@%CD{fqLG7=RTK%~)MaHH;!{CjXMGF|gA_Jo6a_bi(7a&XuC zav|}#xMkD5m$Dq#urPZc?Nc@o*=%(%-Lqq@DS+v*9y(BCiTc8GE8YWZLBfM$sF3c7 ze}+l@?m_P;$a?R(V!y_`D7RJqQM6YJUld32@UGCbfK8!aQDcE~F#5C}^vAhzfdu(y8Ae(U3l%d}i_&y_ENK!iR84amI>kf_XGhBkiU(iqb>;WR zPfrf516JPn%?GUgXk1XJC$I1kg$ATaIX8G0_UunLgYImz&swHaZnZG6hsC;RL}3r# zajF4GL5tyQ_w(D|zvSH4RXp{r_y%~+MVIH~ee8tn1Vz|BKwbbnCsL8eS`4NHff~as zaDMb;(TH#gh><^=)bqQ^pNltv?UOlk45bF-?*sJz`+?^bs&h(!j5;JQ@HsmDUoKMv zzXz?qtR$K>6tSj@_ieW1(ziEDLu0@nI>IL0rLMck50eBA+R>e?SHo`%`?z==OHxym zJ1FE0ulWpFD zWxierFE0mJ_0P0>@xU|=X3NGUPZb4wP;yc?_h>Opn0!wagEPPWijl)x_f{efQ%pBZa_+e`Oj_}V zY3c+|@I)8<4i@1L%vFmKtYaSwG=>vWo2;rV9BvOLi+^4t4LR2KP5cUEiRrPc9)ZS* zWGd`f65eU1TGv z4fuspv7e#KGOL*r9=H^G{F?&iPLIi0z{QAoxlX`08b2t$xP9@IP3v`vpqQ!7^o1JS zVw(gIOz+GoYcvWEl0Jysj>Fb|s@XDo5LFO)j%&09UwOpLYe+Fgie_84o@oGgQHL*f zH}Iq2DQxvkBY>eUPEznWUS3ymY6^Q*v^|p8ZYtcr;8arEeUS-HP%YcU&D+N&EXxd& zrra8=ss^r9TozA?Dp>a_Ts6i)rQn1V-cb~1AlVEA#O~Y7G%U;LF!S(=qa@5Li!7*x? z&Qr+&Tg3@siOC_fPX4GTxu0J~-q+V)jTjdT} z3JFqT>FWB1dV2uaTBqo{^5}Pd1FxIg>5P)tt>)<5X6BcLnFNJ%sgEW8J8-^ODH>ev zc<-Mz^a%X1#!}?>!*~Z^e}{KJraAy9g$`z3aXp-f%U%0{EQnkS_%8O$<{sI6`uo1z z0m(>K3cXsF0N|U08N8uYiOxUQiM7{wc_DW*;=%kl0=?}%n!I+;+5vD)ULg;nF2sth zp0u$SV3@?kFb{(J(msjCRz`Hm$JSp4T;FqqcpJR|0fojW9(|;3JE*U+Wo%Xu*qU!H zCVR3+`gTp<4JTd94zw+P^52kNg4NVO5g-yEB?z-|93*w93ukzgye$d1vDn zN%z;?7lyZ{kdZMHaDHTmE;l?#`qTZdH`lS;sJuju2G1+P@9Y0=3q5wYKtQSf!{TN5 ze*}$1=A^aX-p%7s_h!poL5AEWGKPGGK~&zuL*Z2f1X@3kj`G7-999t7YDIcDOfs&R zKveBKy}$?9YKQwEqh6_oT>b7Iu9cwuklEa#4$W{f}B{DiC+tlzb8m*{~4-1df-qy^~9`~m7$R0 zxGnT$3@CKvvxHblc8j^WYdmX5^?W#ld`BHIG7!Lx2`k>Jht$Kht3~s_Dg!~lGg5_Bw>zU^e&Hv&HEwH zSmTN*H;mNkBnE)sb(s5k!zUBn+;`|Gl|s24%xK)8M(=Bcdw!cL6ZQf8T@M9;zFrB` zhTVk*2J|Ac*Y36I06sX++~?rEdVeenVFR>~c89_^=iyqZq zvm_L&j$k`0%4HvSR+?}|0Ae&t`^C6$h=SjZ4o@GM7+2M6!fJZU#!Gx>-m7~~#1*hs z0vO#Q_rQrrFFYu|;Zt%?r|gTZeg=8Y5r+1D7M)SFWKVl@H#NIJDy;i zX-K$rT}e0I_hh3i|5nk4`=%(Q`H%0Uu`SO028`ayo<&uUHDVMRXUi)8$-3Ppep$T= zz*nFxa4IWJo<`CQJe+_+h|f2;pRHa4n+Xp_FE>fvBDh5tEcWd=4%Wm<&Ah$7B%@gr!~zRBRDMnfesH8t^k_|)Jwewqu1bN$}KIArXRTZt^%BOeefyj?1f0Jky}}r zDsHT?0R+3b$@j+&ks>S$c=o`%FKyM?tz7Z@SDE{&aR;+^4+H=|MW9U0Xa$^dTTL=A zIhDFx>G`GdQashS1vo2B&(gS#H<86@-b_c!CA({B!gF>)mJ^s17 zsWaH_Lu?7X&yR}dmfZ_HAavZcJ>Cg|mB z5{*`=P^HcU)mJvce3<$&)$W0@u!*QU`9i_ISAxYN>jZL@{+PJqo_#FB2@kp$4fXcewYhd% zp}@B@H)z`7RbxUuz+Tb#OLsye&(j>H9K706F3x-H+&9;8K~d8?*mG(RMHQ$Ai(kH3 z|2%RtT>apK9o3nqE*^XhP~+UR%b@4ixUaJW#yOciN*P*X21C9HAnk+)cS97ZDa5o! zjIHZ??3A8~*cA|Qj2`Mn3chfb!73t7@i+!c1mNF=w-#cM7eQC?UNgn2)tsC^sb~g# zivg#33IkJ4O^YDLflbEL%v!C4z|Eg+&2Q#`gTW-G%3xkC@Yk{8IlbtS>INdPR zsMIKYTiYO-TAzTTqb$$8-L`uq#uofN02}YbXp%&=gB9oVg)bc2Y2#BFBgr(5$~|1D zT)`5_=B>vu(-5F@)+kANwX*1;9`9M*l$&$1!5uRfmtNNTD+K@2`N}1$apw2JnsR*9 z6y{u?YTj92-EhGfe`K`}$kqJh3MUvG(SITZw^|w0aZM{a)SKssF)u{%fT}+#JvYDP z3Z?*ff_)ACo53*p_EeQJoWp^v#xnfx$%H~~=~>BMu}oWDs{lchf8aPIui@VV&6CG~K?LahdC zx+SO2FqlA90Si~S{GA8w(KN=DB9WEJjZ*Lm8_U=$fwz)=+U-U1!WsgT4}H|L-{RFk zE)kb5Y+idONlhn1|32zMp_iGIm_7ReSCj~C`l(FoAE9q6*}D_()!?%aLw#8uUemkG z_XXSi_`}1A#u&!gR#&<1m8I@$&(XkMk1rX#0EO`YK`6G9FY6uk>A1fZjUsap{6j-MV$Utip%uF zoBsv=c|#dhNxv<%e#s>m2RQ3O_8FsUgax~T6&8SyP^Y1|fomhG=%w*3c=1Hvtd{VC zF~?l01pj)Jk4)0Sv)ZS+OJx-!a8^}oqyRMLG<+1>em@Ef0;x>FR_?86LGDO#$^=y@ zBPTp+PiC1u@y29a`(vxSc`Y&WB`d5uRI zs5ZU=n-6&bDhn@Ddft)Lp#@=mHHePN#L^ouUXrc^EwXM^c0(`Tq$)!ubl2i;-a;OC z-Qc`W@wnELF5md0&cRsI%7edh*ZAz4p0aMQ7ecuB{*8%s2&zfi`1bc_lJ8$m{++b4 zBy#VilB^QtjRq6C{8P${&m~?JKk+itGKsoi;|Z|rJHw>5z2dtef0q9VU3$fG@Ys31 z@M)9SYj&|x$!)!J!Efzw+r%$i7a~!V7i1rbdT~OKTTZQQr>|R9G{qlRG2a(z1mU6X ztyUFDU7I+oO5@l4Ug7|QQEr$0;=!4|6Ha=K(%pKZn)+h*259a zKXf&o@8VQZ49{s`>ngurgL?(74x?(;kYmkKXU}_Vgssgtl6_FNk2>weMat5Yu>>x8 zyI6VupNk(~T=v_Z1pwOiT+8A198r)LqO$w$Elm|s79oW}jAh7Y4FUX2dl2E+Ns^ms z7?7K+dG|Y52bthlo4Ir1t0e(tWLJ|_eV4x5ym&KIl@`(Em8SPZ-q67N&P?5 z^1e7BS4quBva4BLC5TU#ljVljNcTAL*a~>O8}G$??o$n|R#lSPC+VTT)5)N;+~$Lq z*6^%j_m@Nr0!}zR4a=>n5msZ%9cb4dH{6wDQB*VpXO+{0+w{NtzF}5HkTYcce23K@ zjbmMSu@<02SE@G%%3!?Px;Hi)dgdc}`m68s#OA?&dIA0k-Ky@(4csg{IRv2gr`tOp zNMEGee#PZ*g$*d@Zg!EXjBf`rO`^275BCbHh=HwEDX(?}gwr*ng`mb^`BwuK|0z@~ zL7*`ki8PPSep^!2{vThgwV(X$5szHrmX#*=c(g;fkEJ~ zB#~B25t5uAyipQ#>{!dq^g1^j`%H6*X$)FS3jur+I^|}qfyFP+*!{p9jNp*0vcLKf{2G@g z0jgbXCSbT{8V-)V3VCD;o`;Pc-R$X43_fX@-KX^(EGZwziw|dw5?iP!FDSdwB|2{U zQ|`fo1Wz}UV9H+BOV2*n#HyJ-zR0J3fgO!`yP+!tXj33p0Aie7?jl1cbmS#PdUo1? zfTOInxIyvsCx?JrN>LX~`WH^;7EppBHv!iDk0ixo{548yj)V;Xu|L+M)$ItMh8=H$ z;&)|rDt&fb>RVCB#2we@0=mYQ4ffrZZ#<%W8OkR4lpCAsnT6ROa(d*7((7^u&zXvg zVL2jY4HSG-&m|3w@ch=Z2MkQ|3_?)8 zt`hxm>bc69gHe4$V!dV`yirA48uFq6;c8^p9ZCyp*Wja?hb@A|v>6_;F1j3*gdUf) zzPOalx&3vRapBqI5_WhadUo!dp|3`G;qb+c#i!d(etdlOR*+7EyXv260r4I8*3z>h z>TK+TD?;B@nN*X?)kmW&Dwp{Z`e&BwDaqV}f9Ul;&zk(+KdES*ZehMOx`bAbxacbt!VDv?#>k8{7fg?E1#}E$uGN zcSD)XcH#6vfoLs!(Ql??_iEE7?DYs+K+|+0V$?3Y>+zP6E24NcSnHnkA%)c*THKu= zSRTFxM21S^+hQ+Q-J}ZRZ0Fe-@9&P~>;dz*<&o=~=2Ttq*ZcQzA z+W{n!!r933%boErBi}E-iZTc-7WGZ{hX<+Hwg@_db&Httu*MWO$q(9$efZgVHMV-t z$dWhEQORS8hKW%pJ$&`o!x~pJk@ULif!{?fATmMiC<<7Plm2ptLWY^K$5i9x(uUV! z4(0z>lJkGef&v3x@`^e+SP5uL`MQ}l3fj8}XuO4X?iz7FP%7(}{Og|9-~??tO2%wo zY9Js~n~t=#1$jHk!C# zjxtM2J=X{5b3m>^p`(qpxwrn?O`!k|T?=-%gIs1)G|DMf}q{SR%8kk{~RZH6n?3fV;=o$jE4-z8FVOSQBtqY!BRL2)>ttWx@&Ma0Xn=Bz*TwlGxK1@djQP&Z;7m6 zEdXlYZYk38rJRVSZ@~};YlSMwvri38*gTFZ=x=bBY$c~OoTI~U9hkVAF~gokWneaN9(0s?i~+f~wrAvIvxXwd zV+u+aL`sA;+qMAF12JvzDKwpj8?^z|CJ<3*Osas$@3J}5z<1^?|J;$mAT&-J_6LLp z$4GLU6(94OuFx18Kf?`g;4O0RtH*@%( zpLQ)@zDX?AsZ^Ou=6QO-)640imYeo@th#H2g+3mJ2!-i((M8xkrW&mAN7%CVB0s31 zPVbsdf7cz-4PrcGtT2W%suI}y_MGgf$C6uCQ+jcf^B%$5YVVXEW~Wt@M?W2tf~deZ zU1V`k``FcC=W^I*L6rSQwaYZ_pOv>18&64)Zz+5V_sO~U1*mp1FF?DI6^1HJ?=o2h z#1;>{2Tw?o!>qqd_ES>FHdL({Uu9(eBMSXQo7qR6fRo#Y04rXbxB@?r(q%mcB zg2cmq|4dz*_fojA0PfA3Wu>fT(wY;Dzf)t2-0GihOrFi6?vDG`pP&S9-!ERE=UdH| z5=*X_`J0@ogMRh-1ZdIKFdk*s*OiJ<@!_Z20cv(l*Ee-&Dugb!>ZF zM3@kC(_wK~;$F@jc1WDXzS#&$KHh#}QBWISBh1-{$tV?`>Zlue}5);FL1>8_l6KtNS{xwOu7>Ie<5 zquT^7YU9C3#C4O1RYz=9h3VvJn5x&|humG-?0&Xq1FxZ9=yvd z-C6BH2MUg$kE}C2OEdOlZca%0LG2lUyPK@?*frhJ-G>W4XZqu3+}P=nz3N?A5&Dz$ z@iJ4E;bojiW0al`%~Fk{9e+`G>G?snWC6q?W=@vMb3%{iFy?+3y~N0guO$J$+CN|N z*sg)TPb^Pu6qRGOGBgyFcLl$(r;j1XdODGd0a#i|Y23BBNpdBiFhLb}sbK%PAK~biR_2QxcHW}M5w_F9K#eso5DO(MldRtfEt?MwCLP`HwGKU7;RMskyIMc z2(cbqbe=M^mK_zYYE~?)Ui$~5s!|Vo1b5psP9$zW{^PhRIxC%jh}IyOLSyZ&@Mis{ zs@@qdOdzLy%Nd?IC-d7PS;fVy=rYXH+#w z*un`+u3jZOmsQ=Hjm>G=l^)cmAD>>ndFMlUyN*WGhPdgr?T%;!OWgEne)rbnQJv<5qV7a-Zm=T!OXiT8 zlO20cYwdzojwq&SnzT|aF zZUgvpFG=BtAK@jvPo>x3)8T4_?`cPkX@Wx?fzH8QEmkND(Y%bn|R zl~hJ`asI)59oVni@c67}scUfw11a>+i{3^Hb)ArwFjF>YM%A}eDlLyOnC|D5bx#$~ z!f>e9RXpSjVBc5hd*Q*ukYSQ@#Z?VM`6*t5cRhC8)7?k_P>c+g_pvv({_^$KBqE>3 zF8eFwHAXbd*g94fc7if8)T36(|PFoet9=%4>@8GG*?dMrZaes zLl1)TM3`fMKp(gNv@)dGa?I6^_M<@l5$&^|FQD3?2eo;~LOw6;5#iP5Vo+o10>*yD)r0;RJy5swAzm-Q`LN0HEJy(>A&4@V#xp=w0OZ&;<=N zrtWU9W33pZ>o5clEoQyabvIfC$#_&ex-dy^?o*Sscw4_(iEd<;eyDrTn%&h^%S9gh z^%n?IIpN+@^A2099`%_NTy6R@@+!PuqIXv=eJ>V=^&7L<#Lc@&S)Xp2DDIc(h8*Mb zo^2GTx1G%GoNYNN&TK>jC^b7WXVtwo2g@6DmH&v(*vNsEN_xjAN21v}bDfU2+0R?A zC6?Q;v9Y|oNp$m4w4nTU0Mz0EgR|WAfvFwj^vYGjO2qWEu*(+_zY#cGx43s}_uQ@0 zqk?n%q-301%Im2~U2pu=svuHq>`bL$iYoh%EeY^VW%Rp@0l2s5u8{QQQT z8rbsv)NEQs_#WcpuZM21xXt-uNdl~|GfaADVS`4zchBNi+{9T`5iCmZuca}Da}NLn zTl#Q&$h$dJigLT%Z#+-&_kgZK;NChpwQvq^3q3#M9!#KV{Wq?Ix?e2+w z5S!SfQg)QS{M1iKDbsX2tehtxu*m8f{*6eUHo+%Y1(i;5E<7#J+gzSJ-dzVcP+9$xs+v z(Z|7nGb-TBEvf&efjXhegfuXgGkmN?<^#(|AbKYvsdqT76QKbTVvMz4*}s2S6y zaex+4DbcAWG0rpWy-%Pg{RU3;7I4Czp(hsF__MtdMU=zI7r!^>99Dr}Z`MKe-lQPzUp;8q2>0Np;_C#L|hvC6Pv9SH|-f0@2|& z1O}5S!ZeN(g&vuu=`j`~&<<=cyO{&W+Ngrk@^X>tpnSQbvxTr6<>j(#+_l0)??_=kDq%+o9Jx(vFpjPqjkF=l+D3jByVleQ(7Lq^Wd{z9@gVA zNwdp?DDa_gL{21~srvA7*F1KeJ(MIJ>SHrNW}21EzjBPmTh+*IFDlbm4@Ku|B`Etv zV=-U&n#6-(>FaPH_%8@avAz;}F&70M3Ozpz?GghNrXy?wyYD-T3z2tk?DOm8lN-iQ zuWOXl3UHLJ|AJb^UL-LTDRR<7i4Dkik*&~nzoO0yAkZwmFPw!lfrv9+_RGLz@(}-nu(kDTh4n9U|5QrI%ViJx-F{!K}bzVtDljc=YvxC`( zCrGhDB!{!;{kM`WTQfQ>Mcck$P|BrKHcJM8r6SN6M07u2<4Zk{MhpT=%*`LR`M>)> z$)8?H52DCDaUH4@I&>?s2&+Exla#4g)m&>17KT&*$anGs9(g1uc zp)Uemp{v6nBGwM%?ox;U7oUION^#1jby*v4N!SlL|N8&d-ugdm>wkQ}$=I%UTHcnR zLBw$-Q|qXpF&7!gkA891`0Q9aN(nfLz*dpLnp@{C_2$CN_E&BsV>Y~--A)nJrr!gw z#6Xj8-p%6*pX{oC%6ZZg0|6)%KI|pL~MkW~fpp-#T}IGFH2=lo8Dd``Dc$xna(}4VYH)OPY1% z=mJq~3F>h9M}b|Ukgl)$@ASOjel|LK{Wz>zW;`%4l0%x@fV381xa(3shH5Pr>O)Qv z>t(Jup)ut<4gbz*f9KZdjli^tn{a|Qo}&WVCE6+aB&gEks4cXgD;EV%q4F|($W0*D zL)G|drrfBcl+DtLLIJ05uE(hAU?v-1NR-`(8GAy`7rnpTS08mv?O_}Gy`_kS;$a~< zsUUapPNZP(?v4D)BqaGtKYmNvQ&-Z=u zVObR5l8pS|fa&r^?VS8kc6NwPXN#~kGBQhp6-4s_-m?Kq#1i#+pxS?1Q9mF7s^UvP z1wAZa&%zAUd=`a#(lT-~>%E%#a;se{d89^|K1y@_FW}NOGD>q8P0jdPq<{5rHaxfc z+P{4Y>%%s(qP@-|_X1V#uW%J~Cn|hYyQ>U0S}OS|2mQvZ`jKJ4IpUE<{XLGpr56H% zmy<=yUz(*wEh9||1Z+9_Fo0^oRt_zxuc!n@2t9Hwpf;gtTJ8H4lGj**Ko?o@!j#J= z5*y-{Gsaoqgy!Qho+l=mc7;i~)6?1&<=*i0Kp?=6^Pg(OI+$&~YUGcnwmM!!lbhp~ zo@jhN8icj&^dYm?nw^LB2=%`5n^9>F0lBxPy{8-8Ss&3+R#N5aG5%U9=YA?$2jwx_ zZ{Uwkyx^U?R%bbe;^qy86CBL8osv?>+1>bMF9t;XvP?j(0TmvKK=5lDe7aZU?mmOz z<0j|3O@*0HrD`n(p#VM8sXz?6)YkwQ`ji(|x-l-56zdthu$BfrjWTeQ<-XW)r6XAY zwB~f{jZ?oCgcDyPcOLr`Zi4=i-@{T3g%c*aMIjqLdC%ytrB{&egO#J6DixIrp#;^m z4J{%{eBtUwMo=Bnz3VVYgF8Rw_xfIhZ|fKE(9kBmiFibvJ02P=QX&8zQw)5$C6q$l z_1<+%y|qJl@N1l^UNY~{(37mDKjTpFJrUSS9e=#KZfKh2T0fWBkC%4O#st+^l2<9% z>?3T|@o@lDzzpnAWO77hU<9$6G<^;38&o+|fu4}ha=1jOpk|}R){Go{lT`QkegWum zcqXeT=hqdHTfagF8eUknJn{d?BHncG6|{~tY7+c|J>o6)f~53Q(LJ5F`&VHZBHWGq z8Z6442EXAfW95#L_l3kB>M{BvzLmm=O1{-ko_2+@j{z#{owvpn@HOtEwri%5(JNc^ zMwJ@ff*zi;yVBp@4!&jLgA;&LxX&llB=7FMCB2K)Xs%PA4*Zm{JLgN~65NM0yby@< z&|`%5d_6wegxS56g-f$t2ct0!`^*n#SczNH8py3#CFH}XT!(j zz9?>i*l2%=qN~?l-ExjyW65w}BU~Xj$(-(32HHn21OQA~5c+0pnx;S>hv8+DJX z;KI%lhyD8^LGbP#chC&id7+96LcWbgL^-`F0#&41B8ittxV6!TGGxSvDTT%(PSx!tIbLGfvf-S2ht)nzCqDY>!p|$<1 zB)Xe5W;p|`6MV2?eiR-rz)KtY09|M9n9Lht8>#8ZF9fqZv`SryuB4gGi>MXw;zS5__vZsOA&!55AaYVM~n~1CC<|E%j7!9 z#re5o)jFv1?FDpe!NvCtBcLHz!NpSGPbs+ZabvyG7Yg#`^Sl2zFcU;$xk(*eQOl;1 zC^v16cp^^D`+Odg+Q>#gP3Zoa>>ee~m3M3Lk|+6Q&W-f<1x;RKfAAsgOswS=^g*qO zFQ^)f)F)AnUKj`Fk>XqZst0;X@$bUX1p>IvM9_$C!u6#7juqa~nykF9(-J*n&aEoh zcbw4?80PhoTpy!O(bREvv{WL-r-(bvP{91m`AsJOYjvk&#`-V~h#(j)Wfe>jG3+QA zPC*dTPZv>*kG5z%kI3M?1+znAWGkMSF^7nchO-DpZh9xzm49^@4-L%ke!c-{?eo*$ z0P{Tgo}&8<;7)rX);VK~mKyya)Q_mOd!n)rOaNKEr^oL_P&q$Mpt)hhU2fbLPjkaq z8<19(&KMKt;@|!3IFaQAdaro6J-1wOWmw_FEnV5?8u!IcQARaOL{z1w19!ut%j=n{ ztk`ZkvgGFqFGd>u{NJL#u3ddwwxekNwZGzve;0P`4eK@7+stSEpn)apkh`TqSDn;- zL6Xo1B)z^9c;Vl-I14Y<0ZY@N=gbHG1Am>>`6H6@BQdLlMe15in4ppa^vL|r3w-3_nbId3KD)GsAqQr#`um)lwDdR@Z!PIwThhJ+IiMZB6Vy>&TyP0<*& zV})xyE&O0A3*!r3PY?9$Kuy%pcP0-eu;} zYpA$I9nKK!OaTh~ds~3T%0Eo(>C+z7?uH*XsQW4GXYD53hcACSQRrP%c|ZgP&L`h9 zh?Aa|X`~jfYhG+F27qiuRa@ZBy!>EIe;X@6KggA{l-0_{`M|?Dzr2uxsf9l-ZZ_Qi z=>=Gowm#})Y5TKsSLN-6=g-Mcvvd@yC9vAla>@DsT)e=@4x$ziTWnYkmEyZK)dS$xM$T?|3Wl{I>4iTNRnLksisZW#@&{iHbmdX!XQw7s z0V_Fv^8qJ68g=h*fSkyUXFq_~7}f@E<$dpy54$Mf%nfP;ld-!f0vMjOhu78R{dNtM zLP4(iX`#tiC+a*2&6h6Nc>ihlxeDOAd|Ev8?MF~Vj>z=ig)jc0R7(8Y^Ez!Rk}l`; zpAul6afJ~YlQr~6&OsqBDEAilj~?TYV{J9%wxEl@>gh^ksskJ4$H%`tF8>AM*=)lk zfyFp1QB@DB-PO44L2jn+5?x;qh-Qv?MegU+lOmu7N;5q_jzYDKjOqw|fvwE9y*ZrT z{e}QIDw^F&FZABcx<0l7<;cH~-b-f;T1iAJAKZ)Y+GmQlWi84dA>XoY+abB7Ioylq z$tfVpx_i_E0QA{~Tiwth92T))-0`>iDRURVCa_d&;^kDG7{T&SV}Z=to^@!3m4G%= zVW{?Ug#@sfH6Qcr0*3$U>m38L44V-oi`9MP^cY9kjTu$%8}Zgyia6D>x!)aTArxh& zIYb%FK1IU;U`{XqWeBeiFQS`f&$MO=%QrS})T6$BV=FJe3BLtVkxbY*F*0&6!w_Zp z#xDFA`}FE9zBn68#9?R1<)Q-7RPI6Xg~P+rNP0M-cmkT7_pIK1rbgIGPmd9UIDmFC z+QjPJ=4>s<@wVPpp?D4^_o$0BD*8pWHqxuy*2W-uk+asEiu~{rf#^x=9(%o&?XmRn6Aeh(->zt?C(^Z&QexVUPt1Bv${LiZYE|5{Kh?Ow z3&?$g;XQVv*6Jpz-?Mx0L|j_x^Dq|gnSb>o89Ier;3`?APL8_98N zP`pdjxMG5fsR!xC+8fxqx_UPmOJzTA{O<|eN^=0u9u55W9WdGh6dVtw8g6*aQ17pC zzVW?zsP@-q1p4nKw)Tcmqa-Zx$rF`>&NPQ&#HZWf@CUQJSMRqW|7$d;O^l#}*{-vI zUB>-hQ`QK8Y9lm0Zuh6Zw)^bm>7wCQ86#A1!#_1I{?1^*qJR7{K=E!+3pmkH0&m%y zufXuB_c?y~2Y%0iW({?U&X(Ogej_x73aOoXXMDR$)RF)!aW>y=hWQPvx$(tVG53-; zQp2S18y(*`nrO&3Z;+#>0rloR$Y2k_rx+{|ze8PZDY7h+d!)mN#x!Fq(6(k8=h5fQAx2MPVDX`Dw zhMj7sT7wS%S9{+b6h-^|xd;L-TS(55bIu}3at@M3SfY#M43a^RC>a4+k<5}oGAvOE zs~|apfP!QY$r)}I-?#3repOdjcXf6DeE)&1-JW@RdYSmg@Z4Ll z15YjSy8)Z6BjjT4TT>pgH$4KcbD?&t2hGCFd}MDVhkAAuXT=gPjctYC6ZT#?&s_CG z>45{RVk)-|&H{?$6na+1vab)-`PvTWcY{s<(>PO{9BP8{-)%eDaS6UiH8N{{xw|k! zN(Jbikla6~MI>_LUi0iR=koqD4S|p<;#pcg)#TDr?*8P4rTzoc?@atLc|BISTYhOU z)BRcv#c?mGKhRxd**D*J9d?ks zF2ai^EY^5O4UG5q57DO_UIe(GyE%5b@dj*kMNw?8mIM#etJ0uyrOqg<>#EHitcJqXt@MKPC80&GmMSP+YV$Vl`04CgZvUP7 zsjT4Zvlm&uhzUqa<%5t9IqyCbWuJDlWd-biUCR!>uAeenzE9P~I|-tpK3tRfAx|F% zIF)0St(s%{1}kFt59S&)q!TCDIa6z4XkC+!D7G8W4ZZvDYyh_G}POt*Uf4JK13ZbBIwq|qbc)jt(#Xwwf9rpg#kg&(#PeC!y8!5 zkSBKOTN|{zB^F|7u(NhLELjpoNu5#B@klFln{2)kj71qx$@=~#(5W6y1spnElJ1j| z+oJ11HQ~n$X*p?pn*tX-CVG6W%G;HC1(>NT?i}`xAP_g(PV}^&uu%CkriLt$N(y1k zc>_lW5l$uHMa&`As3KyB_VvXOkX8 z%zCtg6idG#+%|WRgKDzQEPY&UeaM1QCOSjBl*l70e}jN;3^6z2>B6#Vx=^$kPO}~e zW?2O%VsFbg#m|*CU<0O;B&S>B0hODwr|`~+pp)MN%@aeb1}*vrT^Ds*a!t(sKG|~7 z&7LuN({`MdbkHf(Xe0u&jn_{w=N5w7Z2qC#uBOqvXw!IaraU(Jp79Z|6`T#M;(rFt zdND{9J@HGp-4;K2OMXlb@6b*`-Z1t)7o!PvwK*DzqM zC+8*Xq$&C4WMdL<2H>Lq=+HG?pLbN`QK2?i5RBkxB_8cv5$y$LS0V49!DOUh zUcOyII>#1p>;N~Khpe89Ll;1mHJW{?TquH87DYA{#87VlAgy+rz>_-Xo~YM37zAp# z!(xMFI#uuV-sJ<#*bt78CE)MfMB<0aTrrYFIt6Joi1=nT;v?gieX^9hf{m&fldnhM zD%Y8}CB|bVu1GSJo9KIRVVRzU{1cO9zy{e*g&#i5ahj7%;&7UtrGjoiJ$FE@TLu7J z5W6eEBW*d5Dwc)j)^2RI+SnkqiKFsu$B|7*bkT{l0bju*;JGd{Ieuxx89Dpszog)% z9k4ZM(9VlRQBCv+d|_vnMREu))S^hQQ>%Pxi*RaRq+;b7cp7O&Nz|tlkIcD`*0h86 zQ~p)_i`*x>i{xEcnEWC^=VRIJ7r$GK{&hX0o!fvx!mLS&F7u>o2Z|dx0bOx3z z!7xJ6pW?$IK}4?Y_GpUF2$t+{>F&$IMmg%`wu3w98M$b{pF4nV2%|8MF4+>-9HYDZ zfn$C#JB6qD1cJS-{^p4AAx|`FB#hYs`^Rqto zaC8A6sCc`oyN;8WN$oa1KHMd(_HFI)%~|&4FSd@W9TySJ3&7Tor|w8Bo@v1mIA5?k z-TqBk0j}%?yTIc4WMli;fQyas@%6>71N?Z){01p9cXe@+?f<*Es~hu2RO`ut|9v`X z$wm_3pyTIsEWN^jR}+vD@1N%&dGg&Ostf}Gu>oU%e&jtG|7hf;#1g)GKlro@cN86w z2YK=%-qaTiZ#R0~4nFH7h$r2~&lR~1@auov0sS8oIR4)e43>BQ@(oJ6O&$2C4Vqkd z63j7Z>WRoZFaq=@U;ejK2zh=CWfPn+dDdUPQoJ9qS;DBAKad>#Q}A}hy`&yMkp4l* zy!L1ZYpPT<71oUIlxTjJLZ!#~TE1f5;3#NEW*sS=Jye)kfgaW2%rwB;R5|An^E7Ao zB358b_yX^{K?sAsK`PAH=xfD>Zk`W=fdK%>(e0B421iqK*}0@+!f*0y;l2EjdT)`Q z2B$tg1bPIT){wT9nt_2Qozq;}>w8^^=vi*s95J73xch66&pn_IRgJ9 zG8AB!C&2R5aL|P#N*uId#=04|)r&N{a*lI0p&}8?oYvnCB%e9u-X#%{*Zvw|$=|zv zw~iEGe-x0at_riAW?b60bu~pu7yXq|A-DRo2x>Dg@|FhlJ?FpHfN0(WZ1$EPMZ}?= zfx#u-T!YhIe^z$omiWr^*b!tb%=ogLAF?b)R+cZgaWL-%6^D`_)W1|jSMV^gmgYIP zrTv6-=t;eNaur?lq(z|jbbdozaU8myrplNUBxG7DMd99YjBQ@|H>my!`ddQ-jsP~p zkcaeB!QMRfn7pW1sfX`1%fjwuj6|hi#V;%9C;(25S_)Ry+FAS1^CDe_1q=LSfD}aEulUlU1Ue+3Ptz3rD6C`2#+hfd_#Lc_)9elA;kdxwZV+fE zTD}OPL80@0C}OlzCwQdLUn4n0`~Yqn&43$f$OmARrl1^jo#9pJgx8L5masd3)Ux_1 zn8Hg8#w(@-32m1+`vtvbqNtv@`;nVGS#HcJND%C$I)5lV`#-gxBN41_!gyDV9ftZ?C>J z7rYUKba~BBwrDT7nwB9l$FmFN#8i_H_1l!0Tx+;fF1NKnX(^qa7DhilJV)ny4#o59 zY4_(VO8ZU%{lL`;oEQN=$jx;lEbH2ze8G=c82Kg2eeX7Zv>}I%gUfqXJCmjg^r9$4 z!T=YW>?=;`k zmV%_9FbmI+D>+QzDE#3O+@<>a9F_{`7^SPPTI}hBqP9rfmFW=uhcGi4MV;ryN|=~8 z@kQEjEea^;Y*?D?J2DZa2B0Bp$ zOyfPn6>72i>CCAGo@yQ5^^i}IzFw^P=2=;X72%1jZ1tEtzmCct=vFK0#4bH85)FMi ztEKn=|DRxWcpm%lwXWkzu_&1o#8@1IsKVoZMf8Q6ECVJS!4N5EpklB(iMNqlYQFlx z;(_PNHb;TT3OEmwhLl~vLR=>L>S~6kZMs0zA3SkvjQV# zddhmO**4&jHymqJ3)c|jdH6Cme;d}8S}T2R$zCF2V4%u6tvSc9Vg0BPrCT`5dEgpf z+I={#zF<;1%eIlO%TR$Q!_>Z5!|mWzCQ18u5zNl(faBWi!2Pdm9j85f#}eVtf5Y68 z;+=*WksiD(tD%52QeW-9(0D{_8<~%G{;mLTpSI=a%!}+DU0Ytp=Q0!#dG1U+g+~b| z@_Cpa7luKA1Y@Zl{3t#=dC`4j=Y-?RO!1ZibgZOrrNA6+bIyRNA9<7IqjI5$vwjc! z<3f4{1#FxlH}axjgX4~D!l|ON2b}`b=biE4lb#nO#Xec&Sf45-z! znfbP~rr@IV#YivylHp6}=y84nrWiIHkwn~E&2>Iay9SxDCkzqV&ln0=oqxGVs+Z-n z6fN=cH-Pbk(qL_;OK;L(8_3_j3tf@-wK<*|r^)wr`~(cS^DEBx14{FDTWR#7j#F-2 z#NV}J8uF}T!QUI}U;MN=<*0c7WAt~0eG#Mi_++wORo!)JId2KGw-XM(Tkj%>C?xvN z|J;ssbG3MLb#=0M1N>WjxZopi>M2GkOJECEqRU|-qmHm7z*2r7=rp&0Y~f7A4YjcM zFba5=J~=M@%FUr*$BWWhSI<$D`dFu)NmGxv%e`42MofIa0Js<7HA5N@5b;_#xtT@m z9%Z`6n=T6L1}7X@nWVj5p5sZa6pf4$JASF+e${;b?4kaef+lH`7Iw;412#gv@9OLz z4~Bn%L7c#@Bi-+%cF8osqU_@LITZnUFHIPkx4qoWf*F$wvna9ttayjWSo6(VTUz;( z5I0$ck8eUJ0fd14O*UmC>W)VQ^dw*=T}_nW4?AeFI!OWm1b zrx+mR&~qUJ}9R}dzwvz5QwelUe&%KNv62t840qbS?iz!Y@b(FzJtJ!snv zOgP>VZ>0axFh&)6*4in7mSvnBJcUZMvw{UZF2;Lzp$*;aT05g*=@0&Pi-;}QciT=D z8UeT9<}~5P0m7#Lm3*{&Coyk>_eX!>3X|#605*qY-3`w0Npcl9ty3sJPifiZaBmY~? z^AWQmrr$W^FDlz{r4D-+dfm`DGS^& z;VmR@|Ni&TzqLrLG9-!(PGfHWb%LD;y3+D_Dv@Fm!tUTqGKR75qgmCMFqE6jN|ZBh z@WX(Oa9A>e1BUQ)^Ht$&sJHKZ2Q!xJqWsHyX13%|kKH?Z+)bo6w2?gqS((qSmRw** z1)VY~BL%>4E5dF`jJ4-8e=K`UUyVlcYptJL(sgQz8Tsf4ynbR0_p;bvjfTEeft5*_ zO>71t1F`Xyswf3Ln`8cn1jLH>cNz}ggN@_poAdUn_<3aI1-i+_z+jU@HF+JWg}ThK zgQGi269wO(bgL^28o}K6c9FmF$vgPoMPvLh^zeHeB{{^llJ`jV+1v{v^R^!v!*62? zSWesNus&H;+tzDVbE}(bEp5avAI{aN^fVYsp>w8xZssJc$(!RE6B5jV2yi*_cuad3 zMhbCFy^4AgIkD=3LmLEMH6_8vN4%TeCy)X}6ieO)5e0urn;brq&d&0dvuq897lwQy zK=~{#{fwx#DVU$Ids#obTQoWlr<9;HWKTOFIV1$7k73lznc8ZuG`T8`$+H!sIlj1Z z!j&)EXJcc#%T%(sJ7gmSok|tFAKB$pRnz!5C^hx<$4z9AyL%0}Z>Mw4q9Wzpwhu#V z@ypDrRutIgON4}huf3q;I}}~~oV?5rxy+IK(%$__2cqvPv7mX@=iJwMcG%Ox173sn zhOxq$Qh=)D?iWP4fd%>PK4+#sHx|v%K+hjb(N5sX?REIF>T8zFETZ*YN;UaQ?cT)w zGVAkz*V7F=n{3vxTW6l)u-H9=tUaGh80A?B_uU?g*g`usFB;Un(2zcxFR2ZlBL z`nHC?8!PS^%=gY_*e#!G-2sh9^wzd%JnDAa_RXr?s;g;lhafBG8g|fovrMaS1?hbB z&>_PjlBlC^mgF;yb|IzitYhI-6Sa6ff*Mj8UfWG4{MHMn@3^OEMAlcT&vh%uS4Y4{$Dy`Y*c8sh+GBP$Oq zlULI=rW>5xh~Axm;#Q2)1T2Z>YPf@}2(a!7g~M5hBTXI!D~Op@$+Y2!rC_#{dk^t{ z86_`^+nXLqu7{;`5z^-a-aJL4Rj8Mya0n#09 z`5IYkQSL505thUIONhjdehYs3hwvRsxDB|djt7GYJEYRmm@MwCRnvYS{nwz5U9tGf z<3mY4NEbf@b`fTZcb2_0ta2P@I|+cL3=Pw%3Nq;!#$F2Tb~DxqwQ87XoH?xYsUG2P z*4En7iBA^vv*FZ9YrZ6k_h}`Y{7;;#rW}GZA5D`u^j^%@L zaK)mmS7s-b_R7>bCiPo0DL$9R-t&-Y0)fC|=vn}CXc{+L1!V`4+c?l9jcH3rvEt@% zOxrwQujfT};4xsd|2(|GCj-!J*AHUM&W4R->68O-o7gG40|oX&!7o27V%;8-?(?iH zQ)=1(U_*#EZ-oJW^sY~>q`vGmm}C)FzVDy3n%I4usyiZZ*40P)<#B`r!Znnh{WWg& zdjdAt4R^XaoPY>gut9R{Mo&a3tP!KNwEt(ByZ@JHYC0=}g94iY1urANRj1)h24OzW zLsbSzs6 z!HBTaL-J5-K9CG}Wt|3s%_Sc*$%cC;i^9`?x}oA5i&_TMez!oyYS)6Pcg7LWmOse? z7R?tg1vL+rmX@kIuKNxG#6Mi0Z&jh&D%P@t7qW7QKvWn)02~l$aJp#Mrktj7)O(~{ zBLwLxCZF$mO<>qx(?A8vtLwDarXTUvCnqQ0wuxBX-zS=ctYg26wsh1s`S#65=*(Z= z7+0)skmEwo`PZ8a90aYU3TI)HR8&v;d}rXj`ww4F@W+mgjR8FPErx=IAy6T!JoZs6 zzqYI`B&jcX9y=9&1w!%dyWFG)PeROe%OUD)VG7$~?@QY!XXbem|Dp7y0eVs{npMe&)qOfF6=X_-Lod~MIk3FJ^3H0{+4xED+`R&M?%WuYpJhFa8>W};G9EdG3N}T zyikEw>=c%KwRrAi$0iL*Sy){^KhAaxdCgPF7P!$I9Om<&ga`N`YX`ngLlJjQe$V?~ zU!Ki1x`=4{-&_Y8*P{~Xc02QlLuO5(P=R$JF+p+XZi1y!@D2wtsv2e-P6JV(h^W(p z7~pof3R8`=J49I8!foKJn$@nW2hCeZHyY{)0osJdwMG@510!u&edv^OK4FD?(sHh8 zZaGY#Bp_?;*B~W&#+Gr~*AHY7xm(Bx%O}azGmgM#r@7~XG3osW0b(@0Zsl9zPRGlq} zc6k!losVF$H$6v3B8QZ97{2qtCXT``9y0x^V;i30AH?ICY*O*oNLUjbL@SouWyx>GQ z;n>SR)~R6w%R^@>PnI;3dgL?uOI{nku#HX6j#(C4`eW|OrQ@C6$`VuKT1d$B2Dxw6 zm$<_gRK6|j9M2xdR%5jOv`)uXwCqWU*j<&@fTXP|kbD=le9nw{^X(O(V}N8^U&j`_(<6>3CuEITiEWJ2O6k zdnO$OGzHt0-2LD(tv1dM~-SJK|)YQgx~2B&IM$0sv(m*6ifzorQq#Drj#M7|q>4^I#6#D1u4Qc3{e?r8r+?|Qev}&O*L{=XKmB|i z{Jp2&qg4p7THWBgxm;w`{S~I-ufHF`D zr5tpA&4wK&%V5>Iy*Z(qB)tguoJU(zbkYIEX*ZXbnGJ&&IUibm_Lg=#ZX%?^L_|;tHHlC5;G3s_t{>|LvX}7UDGO9AG zejm4&B^`LaJtL$!_RAx1(Z!Wc0YnuU>kcrA2}kU#%6*8_vIj4oh-gxyO+%z8BkrBW z6Fe6(;Iz{XP_oC0U!j{Ud(0Ux6G5J$?|rk3n!;;HdM8Ta@S>`z$2RJ?Td+Ym7>ATJ zc+@=7^^0r>w^3mpF<%g6rIy;_+GI_@P4!7@R2Vb8Z z3_YgnHj|uq!Z{bHKH{A=@0B75Sw1}UtbV#}LI9!)5lxzJBmoI42`NDynl6c5qpLVB zb~}OrV|RUZ5hsk_8UIQe6VxgDWHCyoeVzI(Bm{aV5F4#=eR3H$9>?4*77U&nLR5N3Y(z;GYKR!F!O zIMqBzDEtR*bA>hE8PeR;^kV`}$jjXY5&8$9mb>SGQ;VaJ!Z5i6a`p8+n=mpLnHB>{ zAS{L{BC1``DW(906iWXC$%MRh^pvOFg{z;DbY`tSBNoe`ZNf3(q)ieKXtvksg%!a& z^y`;G+Mb}IUj4jt`%w=Sb#^@GGBvX~e<102gg*;0l*9o2$SJYzwkUf!3|7id+P%0) z1BhibH!r&1-p%I(Q{9gBw6SCDekN+m%g0AJfN|^Uk37$!_*(JMsf$ZgB~WRg&IeJ-Gw#>nZMIXiQtfGUJBs|OX2CigIHA#e64WD zgd4{NZ!f@l`{tPE_LIy5i@$LR`d5UvafvW2rQ5g!J`u%j;6hC0e?j2S8k0BU*q~*p z_z1*i-Uw0F%vwWM zR_Q&}!Ix1Fkq(o8&O{o%&;b5-$!j{7NBb-LPs?uy$Eqr7DOAc?ghu~Ae%TiGz~7f` z?M%voLG%Qj{GAg_)Pyi&8{2!A4ko + + + + + + + + Tor: The Second-Generation Onion Router + + + +

Tor: The Second-Generation Onion Router

+ +

+Roger Dingledine, The Free Haven Project, `arma@freehaven.net`
+Nick Mathewson, The Free Haven Project, `nickm@freehaven.net`
+Paul Syverson, Naval Research Lab, `syverson@itd.nrl.navy.mil`

+ +

Abstract

+We present Tor, a circuit-based low-latency anonymous communication +service. This second-generation Onion Routing system addresses limitations +in the original design by adding perfect forward secrecy, congestion +control, directory servers, integrity checking, configurable exit policies, +and a practical design for location-hidden services via rendezvous +points. Tor works on the real-world +Internet, requires no special privileges or kernel modifications, requires +little synchronization or coordination between nodes, and provides a +reasonable tradeoff between anonymity, usability, and efficiency. +We briefly describe our experiences with an international network of +more than 30 nodes. We close with a list of open problems in anonymous communication. + +

+ +

+1 Overview

+ + + +

+Onion Routing is a distributed overlay network designed to anonymize +TCP-based applications like web browsing, secure shell, +and instant messaging. Clients choose a path through the network and +build a circuit, in which each node (or "onion router" or "OR") +in the path knows its predecessor and successor, but no other nodes in +the circuit. Traffic flows down the circuit in fixed-size +cells, which are unwrapped by a symmetric key at each node +(like the layers of an onion) and relayed downstream. The +Onion Routing project published several design and analysis +papers [27,41,48,49]. While a wide area Onion +Routing network was deployed briefly, the only long-running +public implementation was a fragile +proof-of-concept that ran on a single machine. Even this simple deployment +processed connections from over sixty thousand distinct IP addresses from +all over the world at a rate of about fifty thousand per day. +But many critical design and deployment issues were never +resolved, and the design has not been updated in years. Here +we describe Tor, a protocol for asynchronous, loosely federated onion +routers that provides the following improvements over the old Onion +Routing design: + +

+Perfect forward secrecy: In the original Onion Routing design, +a single hostile node could record traffic and +later compromise successive nodes in the circuit and force them +to decrypt it. Rather than using a single multiply encrypted data +structure (an onion) to lay each circuit, +Tor now uses an incremental or telescoping path-building design, +where the initiator negotiates session keys with each successive hop in +the circuit. Once these keys are deleted, subsequently compromised nodes +cannot decrypt old traffic. As a side benefit, onion replay detection +is no longer necessary, and the process of building circuits is more +reliable, since the initiator knows when a hop fails and can then try +extending to a new node. + +

+Separation of "protocol cleaning" from anonymity: +Onion Routing originally required a separate "application +proxy" for each supported application protocol-most of which were +never written, so many applications were never supported. Tor uses the +standard and near-ubiquitous SOCKS [32] proxy interface, allowing +us to support most TCP-based programs without modification. Tor now +relies on the filtering features of privacy-enhancing +application-level proxies such as Privoxy [39], without trying +to duplicate those features itself. + +

+No mixing, padding, or traffic shaping (yet): Onion +Routing originally called for batching and reordering cells as they arrived, +assumed padding between ORs, and in +later designs added padding between onion proxies (users) and +ORs [27,41]. Tradeoffs between padding protection +and cost were discussed, and traffic shaping algorithms were +theorized [49] to provide good security without expensive +padding, but no concrete padding scheme was suggested. +Recent research [1] +and deployment experience [4] suggest that this +level of resource use is not practical or economical; and even full +link padding is still vulnerable [33]. Thus, +until we have a proven and convenient design for traffic shaping or +low-latency mixing that improves anonymity against a realistic +adversary, we leave these strategies out. + +

+Many TCP streams can share one circuit: Onion Routing originally +built a separate circuit for each +application-level request, but this required +multiple public key operations for every request, and also presented +a threat to anonymity from building so many circuits; see +Section 9. Tor multiplexes multiple TCP +streams along each circuit to improve efficiency and anonymity. + +

+Leaky-pipe circuit topology: Through in-band signaling +within the circuit, Tor initiators can direct traffic to nodes partway +down the circuit. This novel approach +allows traffic to exit the circuit from the middle-possibly +frustrating traffic shape and volume attacks based on observing the end +of the circuit. (It also allows for long-range padding if +future research shows this to be worthwhile.) + +

+Congestion control: Earlier anonymity designs do not +address traffic bottlenecks. Unfortunately, typical approaches to +load balancing and flow control in overlay networks involve inter-node +control communication and global views of traffic. Tor's decentralized +congestion control uses end-to-end acks to maintain anonymity +while allowing nodes at the edges of the network to detect congestion +or flooding and send less data until the congestion subsides. + +

+Directory servers: The earlier Onion Routing design +planned to flood state information through the network-an approach +that can be unreliable and complex. Tor takes a simplified view toward distributing this +information. Certain more trusted nodes act as directory +servers: they provide signed directories describing known +routers and their current state. Users periodically download them +via HTTP. + +

+Variable exit policies: Tor provides a consistent mechanism +for each node to advertise a policy describing the hosts +and ports to which it will connect. These exit policies are critical +in a volunteer-based distributed infrastructure, because each operator +is comfortable with allowing different types of traffic to exit +from his node. + +

+End-to-end integrity checking: The original Onion Routing +design did no integrity checking on data. Any node on the +circuit could change the contents of data cells as they passed by-for +example, to alter a connection request so it would connect +to a different webserver, or to `tag' encrypted traffic and look for +corresponding corrupted traffic at the network edges [15]. +Tor hampers these attacks by verifying data integrity before it leaves +the network. + +

+ +

+Rendezvous points and hidden services: +Tor provides an integrated mechanism for responder anonymity via +location-protected servers. Previous Onion Routing designs included +long-lived "reply onions" that could be used to build circuits +to a hidden server, but these reply onions did not provide forward +security, and became useless if any node in the path went down +or rotated its keys. In Tor, clients negotiate rendezvous points +to connect with hidden servers; reply onions are no longer required. + +

+Unlike Freedom [8], Tor does not require OS kernel +patches or network stack support. This prevents us from anonymizing +non-TCP protocols, but has greatly helped our portability and +deployability. + +

+ +

+We have implemented all of the above features, including rendezvous +points. Our source code is +available under a free license, and Tor +is not covered by the patent that affected distribution and use of +earlier versions of Onion Routing. +We have deployed a wide-area alpha network +to test the design, to get more experience with usability +and users, and to provide a research platform for experimentation. +As of this writing, the network stands at 32 nodes spread over two continents. + +

+We review previous work in Section 2, describe +our goals and assumptions in Section 3, +and then address the above list of improvements in +Sections 4, 5, and 6. +We summarize +in Section 7 how our design stands up to +known attacks, and talk about our early deployment experiences in +Section 8. We conclude with a list of open problems in +Section 9 and future work for the Onion +Routing project in Section 10. + +

+ +

+2 Related work

+ + + +

+Modern anonymity systems date to Chaum's Mix-Net +design [10]. Chaum +proposed hiding the correspondence between sender and recipient by +wrapping messages in layers of public-key cryptography, and relaying them +through a path composed of "mixes." Each mix in turn +decrypts, delays, and re-orders messages before relaying them +onward. + +

+Subsequent relay-based anonymity designs have diverged in two +main directions. Systems like Babel [28], +Mixmaster [36], +and Mixminion [15] have tried +to maximize anonymity at the cost of introducing comparatively large and +variable latencies. Because of this decision, these high-latency +networks resist strong global adversaries, +but introduce too much lag for interactive tasks like web browsing, +Internet chat, or SSH connections. + +

+Tor belongs to the second category: low-latency designs that +try to anonymize interactive network traffic. These systems handle +a variety of bidirectional protocols. They also provide more convenient +mail delivery than the high-latency anonymous email +networks, because the remote mail server provides explicit and timely +delivery confirmation. But because these designs typically +involve many packets that must be delivered quickly, it is +difficult for them to prevent an attacker who can eavesdrop both ends of the +communication from correlating the timing and volume +of traffic entering the anonymity network with traffic leaving it [45]. +These +protocols are similarly vulnerable to an active adversary who introduces +timing patterns into traffic entering the network and looks +for correlated patterns among exiting traffic. +Although some work has been done to frustrate these attacks, most designs +protect primarily against traffic analysis rather than traffic +confirmation (see Section 3.1). + +

+The simplest low-latency designs are single-hop proxies such as the +Anonymizer [3]: a single trusted server strips the +data's origin before relaying it. These designs are easy to +analyze, but users must trust the anonymizing proxy. +Concentrating the traffic to this single point increases the anonymity set +(the people a given user is hiding among), but it is vulnerable if the +adversary can observe all traffic entering and leaving the proxy. + +

+More complex are distributed-trust, circuit-based anonymizing systems. +In these designs, a user establishes one or more medium-term bidirectional +end-to-end circuits, and tunnels data in fixed-size cells. +Establishing circuits is computationally expensive and typically +requires public-key +cryptography, whereas relaying cells is comparatively inexpensive and +typically requires only symmetric encryption. +Because a circuit crosses several servers, and each server only knows +the adjacent servers in the circuit, no single server can link a +user to her communication partners. + +

+The Java Anon Proxy (also known as JAP or Web MIXes) uses fixed shared +routes known as cascades. As with a single-hop proxy, this +approach aggregates users into larger anonymity sets, but again an +attacker only needs to observe both ends of the cascade to bridge all +the system's traffic. The Java Anon Proxy's design +calls for padding between end users and the head of the +cascade [7]. However, it is not demonstrated whether the current +implementation's padding policy improves anonymity. + +

+PipeNet [5,12], another low-latency design proposed +around the same time as Onion Routing, gave +stronger anonymity but allowed a single user to shut +down the network by not sending. Systems like ISDN +mixes [38] were designed for other environments with +different assumptions. + +

+In P2P designs like Tarzan [24] and +MorphMix [43], all participants both generate +traffic and relay traffic for others. These systems aim to conceal +whether a given peer originated a request +or just relayed it from another peer. While Tarzan and MorphMix use +layered encryption as above, Crowds [42] simply assumes +an adversary who cannot observe the initiator: it uses no public-key +encryption, so any node on a circuit can read users' traffic. + +

+Hordes [34] is based on Crowds but also uses multicast +responses to hide the initiator. Herbivore [25] and +P⁵ [46] go even further, requiring broadcast. +These systems are designed primarily for communication among peers, +although Herbivore users can make external connections by +requesting a peer to serve as a proxy. + +

+Systems like Freedom and the original Onion Routing build circuits +all at once, using a layered "onion" of public-key encrypted messages, +each layer of which provides session keys and the address of the +next server in the circuit. Tor as described herein, Tarzan, MorphMix, +Cebolla [9], and Rennhard's Anonymity Network [44] +build circuits +in stages, extending them one hop at a time. +Section 4.2 describes how this +approach enables perfect forward secrecy. + +

+Circuit-based designs must choose which protocol layer +to anonymize. They may intercept IP packets directly, and +relay them whole (stripping the source address) along the +circuit [8,24]. Like +Tor, they may accept TCP streams and relay the data in those streams, +ignoring the breakdown of that data into TCP +segments [43,44]. Finally, like Crowds, they may accept +application-level protocols such as HTTP and relay the application +requests themselves. +Making this protocol-layer decision requires a compromise between flexibility +and anonymity. For example, a system that understands HTTP +can strip +identifying information from requests, can take advantage of caching +to limit the number of requests that leave the network, and can batch +or encode requests to minimize the number of connections. +On the other hand, an IP-level anonymizer can handle nearly any protocol, +even ones unforeseen by its designers (though these systems require +kernel-level modifications to some operating systems, and so are more +complex and less portable). TCP-level anonymity networks like Tor present +a middle approach: they are application neutral (so long as the +application supports, or can be tunneled across, TCP), but by treating +application connections as data streams rather than raw TCP packets, +they avoid the inefficiencies of tunneling TCP over +TCP. + +

+Distributed-trust anonymizing systems need to prevent attackers from +adding too many servers and thus compromising user paths. +Tor relies on a small set of well-known directory servers, run by +independent parties, to decide which nodes can +join. Tarzan and MorphMix allow unknown users to run servers, and use +a limited resource (like IP addresses) to prevent an attacker from +controlling too much of the network. Crowds suggests requiring +written, notarized requests from potential crowd members. + +

+Anonymous communication is essential for censorship-resistant +systems like Eternity [2], Free Haven [19], +Publius [53], and Tangler [52]. Tor's rendezvous +points enable connections between mutually anonymous entities; they +are a building block for location-hidden servers, which are needed by +Eternity and Free Haven. + +

+ +

+3 Design goals and assumptions

+ + + +

+Goals
+Like other low-latency anonymity designs, Tor seeks to frustrate +attackers from linking communication partners, or from linking +multiple communications to or from a single user. Within this +main goal, however, several considerations have directed +Tor's evolution. + +

+Deployability: The design must be deployed and used in the +real world. Thus it +must not be expensive to run (for example, by requiring more bandwidth +than volunteers are willing to provide); must not place a heavy +liability burden on operators (for example, by allowing attackers to +implicate onion routers in illegal activities); and must not be +difficult or expensive to implement (for example, by requiring kernel +patches, or separate proxies for every protocol). We also cannot +require non-anonymous parties (such as websites) +to run our software. (Our rendezvous point design does not meet +this goal for non-anonymous users talking to hidden servers, +however; see Section 5.) + +

+Usability: A hard-to-use system has fewer users-and because +anonymity systems hide users among users, a system with fewer users +provides less anonymity. Usability is thus not only a convenience: +it is a security requirement [1,5]. Tor should +therefore not +require modifying familiar applications; should not introduce prohibitive +delays; +and should require as few configuration decisions +as possible. Finally, Tor should be easily implementable on all common +platforms; we cannot require users to change their operating system +to be anonymous. (Tor currently runs on Win32, Linux, +Solaris, BSD-style Unix, MacOS X, and probably others.) + +

+Flexibility: The protocol must be flexible and well-specified, +so Tor can serve as a test-bed for future research. +Many of the open problems in low-latency anonymity +networks, such as generating dummy traffic or preventing Sybil +attacks [22], may be solvable independently from the issues +solved by +Tor. Hopefully future systems will not need to reinvent Tor's design. + +

+Simple design: The protocol's design and security +parameters must be well-understood. Additional features impose implementation +and complexity costs; adding unproven techniques to the design threatens +deployability, readability, and ease of security analysis. Tor aims to +deploy a simple and stable system that integrates the best accepted +approaches to protecting anonymity.
+ +

+Non-goals +
+In favoring simple, deployable designs, we have explicitly deferred +several possible goals, either because they are solved elsewhere, or because +they are not yet solved. + +

+Not peer-to-peer: Tarzan and MorphMix aim to scale to completely +decentralized peer-to-peer environments with thousands of short-lived +servers, many of which may be controlled by an adversary. This approach +is appealing, but still has many open +problems [24,43]. + +

+Not secure against end-to-end attacks: Tor does not claim +to completely solve end-to-end timing or intersection +attacks. Some approaches, such as having users run their own onion routers, +may help; +see Section 9 for more discussion. + +

+No protocol normalization: Tor does not provide protocol +normalization like Privoxy or the Anonymizer. If senders want anonymity from +responders while using complex and variable +protocols like HTTP, Tor must be layered with a filtering proxy such +as Privoxy to hide differences between clients, and expunge protocol +features that leak identity. +Note that by this separation Tor can also provide services that +are anonymous to the network yet authenticated to the responder, like +SSH. Similarly, Tor does not integrate +tunneling for non-stream-based protocols like UDP; this must be +provided by an external service if appropriate. + +

+Not steganographic: Tor does not try to conceal who is connected +to the network. + +

+3.1 Threat Model

+ + + +

+A global passive adversary is the most commonly assumed threat when +analyzing theoretical anonymity designs. But like all practical +low-latency systems, Tor does not protect against such a strong +adversary. Instead, we assume an adversary who can observe some fraction +of network traffic; who can generate, modify, delete, or delay +traffic; who can operate onion routers of his own; and who can +compromise some fraction of the onion routers. + +

+In low-latency anonymity systems that use layered encryption, the +adversary's typical goal is to observe both the initiator and the +responder. By observing both ends, passive attackers can confirm a +suspicion that Alice is +talking to Bob if the timing and volume patterns of the traffic on the +connection are distinct enough; active attackers can induce timing +signatures on the traffic to force distinct patterns. Rather +than focusing on these traffic confirmation attacks, +we aim to prevent traffic +analysis attacks, where the adversary uses traffic patterns to learn +which points in the network he should attack. + +

+Our adversary might try to link an initiator Alice with her +communication partners, or try to build a profile of Alice's +behavior. He might mount passive attacks by observing the network edges +and correlating traffic entering and leaving the network-by +relationships in packet timing, volume, or externally visible +user-selected +options. The adversary can also mount active attacks by compromising +routers or keys; by replaying traffic; by selectively denying service +to trustworthy routers to move users to +compromised routers, or denying service to users to see if traffic +elsewhere in the +network stops; or by introducing patterns into traffic that can later be +detected. The adversary might subvert the directory servers to give users +differing views of network state. Additionally, he can try to decrease +the network's reliability by attacking nodes or by performing antisocial +activities from reliable nodes and trying to get them taken down-making +the network unreliable flushes users to other less anonymous +systems, where they may be easier to attack. We summarize +in Section 7 how well the Tor design defends against +each of these attacks. + +

+ +

+4 The Tor Design

+ + + +

+The Tor network is an overlay network; each onion router (OR) +runs as a normal +user-level process without any special privileges. +Each onion router maintains a TLS [17] +connection to every other onion router. +Each user +runs local software called an onion proxy (OP) to fetch directories, +establish circuits across the network, +and handle connections from user applications. These onion proxies accept +TCP streams and multiplex them across the circuits. The onion +router on the other side +of the circuit connects to the requested destinations +and relays data. + +

+Each onion router maintains a long-term identity key and a short-term +onion key. The identity +key is used to sign TLS certificates, to sign the OR's router +descriptor (a summary of its keys, address, bandwidth, exit policy, +and so on), and (by directory servers) to sign directories. The onion key is used to decrypt requests +from users to set up a circuit and negotiate ephemeral keys. +The TLS protocol also establishes a short-term link key when communicating +between ORs. Short-term keys are rotated periodically and +independently, to limit the impact of key compromise. + +

+Section 4.1 presents the fixed-size +cells that are the unit of communication in Tor. We describe +in Section 4.2 how circuits are +built, extended, truncated, and destroyed. Section 4.3 +describes how TCP streams are routed through the network. We address +integrity checking in Section 4.4, +and resource limiting in Section 4.5. +Finally, +Section 4.6 talks about congestion control and +fairness issues. + +

+4.1 Cells

+ + + +

+Onion routers communicate with one another, and with users' OPs, via +TLS connections with ephemeral keys. Using TLS conceals the data on +the connection with perfect forward secrecy, and prevents an attacker +from modifying data on the wire or impersonating an OR. + +

+Traffic passes along these connections in fixed-size cells. Each cell +is 512 bytes, and consists of a header and a payload. The header includes a circuit +identifier (circID) that specifies which circuit the cell refers to +(many circuits can be multiplexed over the single TLS connection), and +a command to describe what to do with the cell's payload. (Circuit +identifiers are connection-specific: each circuit has a different +circID on each OP/OR or OR/OR connection it traverses.) +Based on their command, cells are either control cells, which are +always interpreted by the node that receives them, or relay cells, +which carry end-to-end stream data. The control cell commands are: +padding (currently used for keepalive, but also usable for link +padding); create or created (used to set up a new circuit); +and destroy (to tear down a circuit). + +

+Relay cells have an additional header (the relay header) at the front +of the payload, containing a streamID (stream identifier: many streams can +be multiplexed over a circuit); an end-to-end checksum for integrity +checking; the length of the relay payload; and a relay command. +The entire contents of the relay header and the relay cell payload +are encrypted or decrypted together as the relay cell moves along the +circuit, using the 128-bit AES cipher in counter mode to generate a +cipher stream. The relay commands are: relay +data (for data flowing down the stream), relay begin (to open a +stream), relay end (to close a stream cleanly), relay +teardown (to close a broken stream), relay connected +(to notify the OP that a relay begin has succeeded), relay +extend and relay extended (to extend the circuit by a hop, +and to acknowledge), relay truncate and relay truncated +(to tear down only part of the circuit, and to acknowledge), relay +sendme (used for congestion control), and relay drop (used to +implement long-range dummies). +We give a visual overview of cell structure plus the details of relay +cell structure, and then describe each of these cell types and commands +in more detail below. + +

+ +

+4.2 Circuits and streams

+ + + +

+Onion Routing originally built one circuit for each +TCP stream. Because building a circuit can take several tenths of a +second (due to public-key cryptography and network latency), +this design imposed high costs on applications like web browsing that +open many TCP streams. + +

+In Tor, each circuit can be shared by many TCP streams. To avoid +delays, users construct circuits preemptively. To limit linkability +among their streams, users' OPs build a new circuit +periodically if the previous ones have been used, +and expire old used circuits that no longer have any open streams. +OPs consider rotating to a new circuit once a minute: thus +even heavy users spend negligible time +building circuits, but a limited number of requests can be linked +to each other through a given exit node. Also, because circuits are built +in the background, OPs can recover from failed circuit creation +without harming user experience.
+ +

+ +

+ +Figure 1: Alice builds a two-hop circuit and begins fetching a web page. + + + +

+Constructing a circuit +
+A user's OP constructs circuits incrementally, negotiating a +symmetric key with each OR on the circuit, one hop at a time. To begin +creating a new circuit, the OP (call her Alice) sends a +create cell to the first node in her chosen path (call him Bob). +(She chooses a new +circID C_AB not currently used on the connection from her to Bob.) +The create cell's +payload contains the first half of the Diffie-Hellman handshake +(g^x), encrypted to the onion key of the OR (call him Bob). Bob +responds with a created cell containing g^y +along with a hash of the negotiated key K=g^xy. + +

+Once the circuit has been established, Alice and Bob can send one +another relay cells encrypted with the negotiated +key.¹ More detail is given in +the next section. + +

+To extend the circuit further, Alice sends a relay extend cell +to Bob, specifying the address of the next OR (call her Carol), and +an encrypted g^x₂ for her. Bob copies the half-handshake into a +create cell, and passes it to Carol to extend the circuit. +(Bob chooses a new circID C_BC not currently used on the connection +between him and Carol. Alice never needs to know this circID; only Bob +associates C_AB on his connection with Alice to C_BC on +his connection with Carol.) +When Carol responds with a created cell, Bob wraps the payload +into a relay extended cell and passes it back to Alice. Now +the circuit is extended to Carol, and Alice and Carol share a common key +K₂ = g^{x₂ y₂}. + +

+To extend the circuit to a third node or beyond, Alice +proceeds as above, always telling the last node in the circuit to +extend one hop further. + +

+This circuit-level handshake protocol achieves unilateral entity +authentication (Alice knows she's handshaking with the OR, but +the OR doesn't care who is opening the circuit-Alice uses no public key +and remains anonymous) and unilateral key authentication +(Alice and the OR agree on a key, and Alice knows only the OR learns +it). It also achieves forward +secrecy and key freshness. More formally, the protocol is as follows +(where E_{PK_Bob}(·) is encryption with Bob's public key, +H is a secure hash function, and | is concatenation): + +

+ + + + +

Alice	->	Bob	: E_{PK_Bob}(g^x)
Bob	->	Alice	: g^y, H(K \| "handshake") +

+ + +

+ In the second step, Bob proves that it was he who received g^x, +and who chose y. We use PK encryption in the first step +(rather than, say, using the first two steps of STS, which has a +signature in the second step) because a single cell is too small to +hold both a public key and a signature. Preliminary analysis with the +NRL protocol analyzer [35] shows this protocol to be +secure (including perfect forward secrecy) under the +traditional Dolev-Yao model.
+ +

+Relay cells
+Once Alice has established the circuit (so she shares keys with each +OR on the circuit), she can send relay cells. +Upon receiving a relay +cell, an OR looks up the corresponding circuit, and decrypts the relay +header and payload with the session key for that circuit. +If the cell is headed away from Alice the OR then checks whether the +decrypted cell has a valid digest (as an optimization, the first +two bytes of the integrity check are zero, so in most cases we can avoid +computing the hash). +If valid, it accepts the relay cell and processes it as described +below. Otherwise, +the OR looks up the circID and OR for the +next step in the circuit, replaces the circID as appropriate, and +sends the decrypted relay cell to the next OR. (If the OR at the end +of the circuit receives an unrecognized relay cell, an error has +occurred, and the circuit is torn down.) + +

+OPs treat incoming relay cells similarly: they iteratively unwrap the +relay header and payload with the session keys shared with each +OR on the circuit, from the closest to farthest. +If at any stage the digest is valid, the cell must have +originated at the OR whose encryption has just been removed. + +

+To construct a relay cell addressed to a given OR, Alice assigns the +digest, and then iteratively +encrypts the cell payload (that is, the relay header and payload) with +the symmetric key of each hop up to that OR. Because the digest is +encrypted to a different value at each step, only at the targeted OR +will it have a meaningful value.² +This leaky pipe circuit topology +allows Alice's streams to exit at different ORs on a single circuit. +Alice may choose different exit points because of their exit policies, +or to keep the ORs from knowing that two streams +originate from the same person. + +

+When an OR later replies to Alice with a relay cell, it +encrypts the cell's relay header and payload with the single key it +shares with Alice, and sends the cell back toward Alice along the +circuit. Subsequent ORs add further layers of encryption as they +relay the cell back to Alice. + +

+To tear down a circuit, Alice sends a destroy control +cell. Each OR in the circuit receives the destroy cell, closes +all streams on that circuit, and passes a new destroy cell +forward. But just as circuits are built incrementally, they can also +be torn down incrementally: Alice can send a relay +truncate cell to a single OR on a circuit. That OR then sends a +destroy cell forward, and acknowledges with a +relay truncated cell. Alice can then extend the circuit to +different nodes, without signaling to the intermediate nodes (or +a limited observer) that she has changed her circuit. +Similarly, if a node on the circuit goes down, the adjacent +node can send a relay truncated cell back to Alice. Thus the +"break a node and see which circuits go down" +attack [4] is weakened. + +

+4.3 Opening and closing streams

+ + + +

+When Alice's application wants a TCP connection to a given +address and port, it asks the OP (via SOCKS) to make the +connection. The OP chooses the newest open circuit (or creates one if +needed), and chooses a suitable OR on that circuit to be the +exit node (usually the last node, but maybe others due to exit policy +conflicts; see Section 6.2.) The OP then opens +the stream by sending a relay begin cell to the exit node, +using a new random streamID. Once the +exit node connects to the remote host, it responds +with a relay connected cell. Upon receipt, the OP sends a +SOCKS reply to notify the application of its success. The OP +now accepts data from the application's TCP stream, packaging it into +relay data cells and sending those cells along the circuit to +the chosen OR. + +

+There's a catch to using SOCKS, however-some applications pass the +alphanumeric hostname to the Tor client, while others resolve it into +an IP address first and then pass the IP address to the Tor client. If +the application does DNS resolution first, Alice thereby reveals her +destination to the remote DNS server, rather than sending the hostname +through the Tor network to be resolved at the far end. Common applications +like Mozilla and SSH have this flaw. + +

+With Mozilla, the flaw is easy to address: the filtering HTTP +proxy called Privoxy gives a hostname to the Tor client, so Alice's +computer never does DNS resolution. +But a portable general solution, such as is needed for +SSH, is +an open problem. Modifying or replacing the local nameserver +can be invasive, brittle, and unportable. Forcing the resolver +library to prefer TCP rather than UDP is hard, and also has +portability problems. Dynamically intercepting system calls to the +resolver library seems a promising direction. We could also provide +a tool similar to dig to perform a private lookup through the +Tor network. Currently, we encourage the use of privacy-aware proxies +like Privoxy wherever possible. + +

+Closing a Tor stream is analogous to closing a TCP stream: it uses a +two-step handshake for normal operation, or a one-step handshake for +errors. If the stream closes abnormally, the adjacent node simply sends a +relay teardown cell. If the stream closes normally, the node sends +a relay end cell down the circuit, and the other side responds with +its own relay end cell. Because +all relay cells use layered encryption, only the destination OR knows +that a given relay cell is a request to close a stream. This two-step +handshake allows Tor to support TCP-based applications that use half-closed +connections. + +

+4.4 Integrity checking on streams

+ + + +

+Because the old Onion Routing design used a stream cipher without integrity +checking, traffic was +vulnerable to a malleability attack: though the attacker could not +decrypt cells, any changes to encrypted data +would create corresponding changes to the data leaving the network. +This weakness allowed an adversary who could guess the encrypted content +to change a padding cell to a destroy +cell; change the destination address in a relay begin cell to the +adversary's webserver; or change an FTP command from +dir to rm *. (Even an external +adversary could do this, because the link encryption similarly used a +stream cipher.) + +

+Because Tor uses TLS on its links, external adversaries cannot modify +data. Addressing the insider malleability attack, however, is +more complex. + +

+We could do integrity checking of the relay cells at each hop, either +by including hashes or by using an authenticating cipher mode like +EAX [6], but there are some problems. First, these approaches +impose a message-expansion overhead at each hop, and so we would have to +either leak the path length or waste bytes by padding to a maximum +path length. Second, these solutions can only verify traffic coming +from Alice: ORs would not be able to produce suitable hashes for +the intermediate hops, since the ORs on a circuit do not know the +other ORs' session keys. Third, we have already accepted that our design +is vulnerable to end-to-end timing attacks; so tagging attacks performed +within the circuit provide no additional information to the attacker. + +

+Thus, we check integrity only at the edges of each stream. (Remember that +in our leaky-pipe circuit topology, a stream's edge could be any hop +in the circuit.) When Alice +negotiates a key with a new hop, they each initialize a SHA-1 +digest with a derivative of that key, +thus beginning with randomness that only the two of them know. +Then they each incrementally add to the SHA-1 digest the contents of +all relay cells they create, and include with each relay cell the +first four bytes of the current digest. Each also keeps a SHA-1 +digest of data received, to verify that the received hashes are correct. + +

+To be sure of removing or modifying a cell, the attacker must be able +to deduce the current digest state (which depends on all +traffic between Alice and Bob, starting with their negotiated key). +Attacks on SHA-1 where the adversary can incrementally add to a hash +to produce a new valid hash don't work, because all hashes are +end-to-end encrypted across the circuit. The computational overhead +of computing the digests is minimal compared to doing the AES +encryption performed at each hop of the circuit. We use only four +bytes per cell to minimize overhead; the chance that an adversary will +correctly guess a valid hash +is +acceptably low, given that the OP or OR tear down the circuit if they +receive a bad hash. + +

+4.5 Rate limiting and fairness

+ + + +

+Volunteers are more willing to run services that can limit +their bandwidth usage. To accommodate them, Tor servers use a +token bucket approach [50] to +enforce a long-term average rate of incoming bytes, while still +permitting short-term bursts above the allowed bandwidth. + +

+ +

+Because the Tor protocol outputs about the same number of bytes as it +takes in, it is sufficient in practice to limit only incoming bytes. +With TCP streams, however, the correspondence is not one-to-one: +relaying a single incoming byte can require an entire 512-byte cell. +(We can't just wait for more bytes, because the local application may +be awaiting a reply.) Therefore, we treat this case as if the entire +cell size had been read, regardless of the cell's fullness. + +

+Further, inspired by Rennhard et al's design in [44], a +circuit's edges can heuristically distinguish interactive streams from bulk +streams by comparing the frequency with which they supply cells. We can +provide good latency for interactive streams by giving them preferential +service, while still giving good overall throughput to the bulk +streams. Such preferential treatment presents a possible end-to-end +attack, but an adversary observing both +ends of the stream can already learn this information through timing +attacks. + +

+4.6 Congestion control

+ + + +

+Even with bandwidth rate limiting, we still need to worry about +congestion, either accidental or intentional. If enough users choose the +same OR-to-OR connection for their circuits, that connection can become +saturated. For example, an attacker could send a large file +through the Tor network to a webserver he runs, and then +refuse to read any of the bytes at the webserver end of the +circuit. Without some congestion control mechanism, these bottlenecks +can propagate back through the entire network. We don't need to +reimplement full TCP windows (with sequence numbers, +the ability to drop cells when we're full and retransmit later, and so +on), +because TCP already guarantees in-order delivery of each +cell. +We describe our response below. + +

+Circuit-level throttling: +To control a circuit's bandwidth usage, each OR keeps track of two +windows. The packaging window tracks how many relay data cells the OR is +allowed to package (from incoming TCP streams) for transmission back to the OP, +and the delivery window tracks how many relay data cells it is willing +to deliver to TCP streams outside the network. Each window is initialized +(say, to 1000 data cells). When a data cell is packaged or delivered, +the appropriate window is decremented. When an OR has received enough +data cells (currently 100), it sends a relay sendme cell towards the OP, +with streamID zero. When an OR receives a relay sendme cell with +streamID zero, it increments its packaging window. Either of these cells +increments the corresponding window by 100. If the packaging window +reaches 0, the OR stops reading from TCP connections for all streams +on the corresponding circuit, and sends no more relay data cells until +receiving a relay sendme cell. + +

+The OP behaves identically, except that it must track a packaging window +and a delivery window for every OR in the circuit. If a packaging window +reaches 0, it stops reading from streams destined for that OR. + +

+Stream-level throttling: +The stream-level congestion control mechanism is similar to the +circuit-level mechanism. ORs and OPs use relay sendme cells +to implement end-to-end flow control for individual streams across +circuits. Each stream begins with a packaging window (currently 500 cells), +and increments the window by a fixed value (50) upon receiving a relay +sendme cell. Rather than always returning a relay sendme cell as soon +as enough cells have arrived, the stream-level congestion control also +has to check whether data has been successfully flushed onto the TCP +stream; it sends the relay sendme cell only when the number of bytes pending +to be flushed is under some threshold (currently 10 cells' worth). + +

+ +

+These arbitrarily chosen parameters seem to give tolerable throughput +and delay; see Section 8. + +

+5 Rendezvous Points and hidden services

+ + + +

+Rendezvous points are a building block for location-hidden +services (also known as responder anonymity) in the Tor +network. Location-hidden services allow Bob to offer a TCP +service, such as a webserver, without revealing his IP address. +This type of anonymity protects against distributed DoS attacks: +attackers are forced to attack the onion routing network +because they do not know Bob's IP address. + +

+Our design for location-hidden servers has the following goals. +Access-control: Bob needs a way to filter incoming requests, +so an attacker cannot flood Bob simply by making many connections to him. +Robustness: Bob should be able to maintain a long-term pseudonymous +identity even in the presence of router failure. Bob's service must +not be tied to a single OR, and Bob must be able to migrate his service +across ORs. Smear-resistance: +A social attacker +should not be able to "frame" a rendezvous router by +offering an illegal or disreputable location-hidden service and +making observers believe the router created that service. +Application-transparency: Although we require users +to run special software to access location-hidden servers, we must not +require them to modify their applications. + +

+We provide location-hiding for Bob by allowing him to advertise +several onion routers (his introduction points) as contact +points. He may do this on any robust efficient +key-value lookup system with authenticated updates, such as a +distributed hash table (DHT) like CFS [11].³ Alice, the client, chooses an OR as her +rendezvous point. She connects to one of Bob's introduction +points, informs him of her rendezvous point, and then waits for him +to connect to the rendezvous point. This extra level of indirection +helps Bob's introduction points avoid problems associated with serving +unpopular files directly (for example, if Bob serves +material that the introduction point's community finds objectionable, +or if Bob's service tends to get attacked by network vandals). +The extra level of indirection also allows Bob to respond to some requests +and ignore others. + +

+5.1 Rendezvous points in Tor

+ +

+The following steps are +performed on behalf of Alice and Bob by their local OPs; +application integration is described more fully below. + +

+ +

: Bob generates a long-term public key pair to identify his service.
: Bob chooses some introduction points, and advertises them on + the lookup service, signing the advertisement with his public key. He + can add more later.
: Bob builds a circuit to each of his introduction points, and tells + them to wait for requests.
: Alice learns about Bob's service out of band (perhaps Bob told her, + or she found it on a website). She retrieves the details of Bob's + service from the lookup service. If Alice wants to access Bob's + service anonymously, she must connect to the lookup service via Tor.
: Alice chooses an OR as the rendezvous point (RP) for her connection to + Bob's service. She builds a circuit to the RP, and gives it a + randomly chosen "rendezvous cookie" to recognize Bob.
: Alice opens an anonymous stream to one of Bob's introduction + points, and gives it a message (encrypted with Bob's public key) + telling it about herself, + her RP and rendezvous cookie, and the + start of a DH + handshake. The introduction point sends the message to Bob.
: If Bob wants to talk to Alice, he builds a circuit to Alice's + RP and sends the rendezvous cookie, the second half of the DH + handshake, and a hash of the session + key they now share. By the same argument as in + Section 4.2, Alice knows she + shares the key only with Bob.
: The RP connects Alice's circuit to Bob's. Note that RP can't + recognize Alice, Bob, or the data they transmit.
: Alice sends a relay begin cell along the circuit. It + arrives at Bob's OP, which connects to Bob's + webserver.
: An anonymous stream has been established, and Alice and Bob + communicate as normal. +

+ +

+When establishing an introduction point, Bob provides the onion router +with the public key identifying his service. Bob signs his +messages, so others cannot usurp his introduction point +in the future. He uses the same public key to establish the other +introduction points for his service, and periodically refreshes his +entry in the lookup service. + +

+The message that Alice gives +the introduction point includes a hash of Bob's public key and an optional initial authorization token (the +introduction point can do prescreening, for example to block replays). Her +message to Bob may include an end-to-end authorization token so Bob +can choose whether to respond. +The authorization tokens can be used to provide selective access: +important users can get uninterrupted access. +During normal situations, Bob's service might simply be offered +directly from mirrors, while Bob gives out tokens to high-priority users. If +the mirrors are knocked down, +those users can switch to accessing Bob's service via +the Tor rendezvous system. + +

+Bob's introduction points are themselves subject to DoS-he must +open many introduction points or risk such an attack. +He can provide selected users with a current list or future schedule of +unadvertised introduction points; +this is most practical +if there is a stable and large group of introduction points +available. Bob could also give secret public keys +for consulting the lookup service. All of these approaches +limit exposure even when +some selected users collude in the DoS. + +

+5.2 Integration with user applications

+ +

+Bob configures his onion proxy to know the local IP address and port of his +service, a strategy for authorizing clients, and his public key. The onion +proxy anonymously publishes a signed statement of Bob's +public key, an expiration time, and +the current introduction points for his service onto the lookup service, +indexed +by the hash of his public key. Bob's webserver is unmodified, +and doesn't even know that it's hidden behind the Tor network. + +

+Alice's applications also work unchanged-her client interface +remains a SOCKS proxy. We encode all of the necessary information +into the fully qualified domain name (FQDN) Alice uses when establishing her +connection. Location-hidden services use a virtual top level domain +called .onion: thus hostnames take the form x.y.onion where +x is the authorization cookie and y encodes the hash of +the public key. Alice's onion proxy +examines addresses; if they're destined for a hidden server, it decodes +the key and starts the rendezvous as described above. + +

+5.3 Previous rendezvous work

+ +

+Rendezvous points in low-latency anonymity systems were first +described for use in ISDN telephony [30,38]. +Later low-latency designs used rendezvous points for hiding location +of mobile phones and low-power location +trackers [23,40]. Rendezvous for +anonymizing low-latency +Internet connections was suggested in early Onion Routing +work [27], but the first published design was by Ian +Goldberg [26]. His design differs from +ours in three ways. First, Goldberg suggests that Alice should manually +hunt down a current location of the service via Gnutella; our approach +makes lookup transparent to the user, as well as faster and more robust. +Second, in Tor the client and server negotiate session keys +with Diffie-Hellman, so plaintext is not exposed even at the rendezvous +point. Third, +our design minimizes the exposure from running the +service, to encourage volunteers to offer introduction and rendezvous +services. Tor's introduction points do not output any bytes to the +clients; the rendezvous points don't know the client or the server, +and can't read the data being transmitted. The indirection scheme is +also designed to include authentication/authorization-if Alice doesn't +include the right cookie with her request for service, Bob need not even +acknowledge his existence. + +

+6 Other design decisions

+ + + +

+6.1 Denial of service

+ + + +

+Providing Tor as a public service creates many opportunities for +denial-of-service attacks against the network. While +flow control and rate limiting (discussed in +Section 4.6) prevent users from consuming more +bandwidth than routers are willing to provide, opportunities remain for +users to +consume more network resources than their fair share, or to render the +network unusable for others. + +

+First of all, there are several CPU-consuming denial-of-service +attacks wherein an attacker can force an OR to perform expensive +cryptographic operations. For example, an attacker can +fake the start of a TLS handshake, forcing the OR to carry out its +(comparatively expensive) half of the handshake at no real computational +cost to the attacker. + +

+We have not yet implemented any defenses for these attacks, but several +approaches are possible. First, ORs can +require clients to solve a puzzle [16] while beginning new +TLS handshakes or accepting create cells. So long as these +tokens are easy to verify and computationally expensive to produce, this +approach limits the attack multiplier. Additionally, ORs can limit +the rate at which they accept create cells and TLS connections, +so that +the computational work of processing them does not drown out the +symmetric cryptography operations that keep cells +flowing. This rate limiting could, however, allow an attacker +to slow down other users when they build new circuits. + +

+ +

+Adversaries can also attack the Tor network's hosts and network +links. Disrupting a single circuit or link breaks all streams passing +along that part of the circuit. Users similarly lose service +when a router crashes or its operator restarts it. The current +Tor design treats such attacks as intermittent network failures, and +depends on users and applications to respond or recover as appropriate. A +future design could use an end-to-end TCP-like acknowledgment protocol, +so no streams are lost unless the entry or exit point is +disrupted. This solution would require more buffering at the network +edges, however, and the performance and anonymity implications from this +extra complexity still require investigation. + +

+6.2 Exit policies and abuse

+ + + +

+ +

+Exit abuse is a serious barrier to wide-scale Tor deployment. Anonymity +presents would-be vandals and abusers with an opportunity to hide +the origins of their activities. Attackers can harm the Tor network by +implicating exit servers for their abuse. Also, applications that commonly +use IP-based authentication (such as institutional mail or webservers) +can be fooled by the fact that anonymous connections appear to originate +at the exit OR. + +

+We stress that Tor does not enable any new class of abuse. Spammers +and other attackers already have access to thousands of misconfigured +systems worldwide, and the Tor network is far from the easiest way +to launch attacks. +But because the +onion routers can be mistaken for the originators of the abuse, +and the volunteers who run them may not want to deal with the hassle of +explaining anonymity networks to irate administrators, we must block or limit +abuse through the Tor network. + +

+To mitigate abuse issues, each onion router's exit policy +describes to which external addresses and ports the router will +connect. On one end of the spectrum are open exit +nodes that will connect anywhere. On the other end are middleman +nodes that only relay traffic to other Tor nodes, and private exit +nodes that only connect to a local host or network. A private +exit can allow a client to connect to a given host or +network more securely-an external adversary cannot eavesdrop traffic +between the private exit and the final destination, and so is less sure of +Alice's destination and activities. Most onion routers in the current +network function as +restricted exits that permit connections to the world at large, +but prevent access to certain abuse-prone addresses and services such +as SMTP. +The OR might also be able to authenticate clients to +prevent exit abuse without harming anonymity [48]. + +

+ +

+Many administrators use port restrictions to support only a +limited set of services, such as HTTP, SSH, or AIM. +This is not a complete solution, of course, since abuse opportunities for these +protocols are still well known. + +

+We have not yet encountered any abuse in the deployed network, but if +we do we should consider using proxies to clean traffic for certain +protocols as it leaves the network. For example, much abusive HTTP +behavior (such as exploiting buffer overflows or well-known script +vulnerabilities) can be detected in a straightforward manner. +Similarly, one could run automatic spam filtering software (such as +SpamAssassin) on email exiting the OR network. + +

+ORs may also rewrite exiting traffic to append +headers or other information indicating that the traffic has passed +through an anonymity service. This approach is commonly used +by email-only anonymity systems. ORs can also +run on servers with hostnames like anonymous to further +alert abuse targets to the nature of the anonymous traffic. + +

+A mixture of open and restricted exit nodes allows the most +flexibility for volunteers running servers. But while having many +middleman nodes provides a large and robust network, +having only a few exit nodes reduces the number of points +an adversary needs to monitor for traffic analysis, and places a +greater burden on the exit nodes. This tension can be seen in the +Java Anon Proxy +cascade model, wherein only one node in each cascade needs to handle +abuse complaints-but an adversary only needs to observe the entry +and exit of a cascade to perform traffic analysis on all that +cascade's users. The hydra model (many entries, few exits) presents a +different compromise: only a few exit nodes are needed, but an +adversary needs to work harder to watch all the clients; see +Section 10. + +

+Finally, we note that exit abuse must not be dismissed as a peripheral +issue: when a system's public image suffers, it can reduce the number +and diversity of that system's users, and thereby reduce the anonymity +of the system itself. Like usability, public perception is a +security parameter. Sadly, preventing abuse of open exit nodes is an +unsolved problem, and will probably remain an arms race for the +foreseeable future. The abuse problems faced by Princeton's CoDeeN +project [37] give us a glimpse of likely issues. + +

+6.3 Directory Servers

+ + + +

+First-generation Onion Routing designs [8,41] used +in-band network status updates: each router flooded a signed statement +to its neighbors, which propagated it onward. But anonymizing networks +have different security goals than typical link-state routing protocols. +For example, delays (accidental or intentional) +that can cause different parts of the network to have different views +of link-state and topology are not only inconvenient: they give +attackers an opportunity to exploit differences in client knowledge. +We also worry about attacks to deceive a +client about the router membership list, topology, or current network +state. Such partitioning attacks on client knowledge help an +adversary to efficiently deploy resources +against a target [15]. + +

+Tor uses a small group of redundant, well-known onion routers to +track changes in network topology and node state, including keys and +exit policies. Each such directory server acts as an HTTP +server, so clients can fetch current network state +and router lists, and so other ORs can upload +state information. Onion routers periodically publish signed +statements of their state to each directory server. The directory servers +combine this information with their own views of network liveness, +and generate a signed description (a directory) of the entire +network state. Client software is +pre-loaded with a list of the directory servers and their keys, +to bootstrap each client's view of the network. + +

+When a directory server receives a signed statement for an OR, it +checks whether the OR's identity key is recognized. Directory +servers do not advertise unrecognized ORs-if they did, +an adversary could take over the network by creating many +servers [22]. Instead, new nodes must be approved by the +directory +server administrator before they are included. Mechanisms for automated +node approval are an area of active research, and are discussed more +in Section 9. + +

+Of course, a variety of attacks remain. An adversary who controls +a directory server can track clients by providing them different +information-perhaps by listing only nodes under its control, or by +informing only certain clients about a given node. Even an external +adversary can exploit differences in client knowledge: clients who use +a node listed on one directory server but not the others are vulnerable. + +

+Thus these directory servers must be synchronized and redundant, so +that they can agree on a common directory. Clients should only trust +this directory if it is signed by a threshold of the directory +servers. + +

+The directory servers in Tor are modeled after those in +Mixminion [15], but our situation is easier. First, +we make the +simplifying assumption that all participants agree on the set of +directory servers. Second, while Mixminion needs to predict node +behavior, Tor only needs a threshold consensus of the current +state of the network. Third, we assume that we can fall back to the +human administrators to discover and resolve problems when a consensus +directory cannot be reached. Since there are relatively few directory +servers (currently 3, but we expect as many as 9 as the network scales), +we can afford operations like broadcast to simplify the consensus-building +protocol. + +

+To avoid attacks where a router connects to all the directory servers +but refuses to relay traffic from other routers, the directory servers +must also build circuits and use them to anonymously test router +reliability [18]. Unfortunately, this defense is not yet +designed or +implemented. + +

+Using directory servers is simpler and more flexible than flooding. +Flooding is expensive, and complicates the analysis when we +start experimenting with non-clique network topologies. Signed +directories can be cached by other +onion routers, +so directory servers are not a performance +bottleneck when we have many users, and do not aid traffic analysis by +forcing clients to announce their existence to any +central point. + +

+7 Attacks and Defenses

+ + + +

+Below we summarize a variety of attacks, and discuss how well our +design withstands them.
+ +

+Passive attacks
+Observing user traffic patterns. Observing a user's connection +will not reveal her destination or data, but it will +reveal traffic patterns (both sent and received). Profiling via user +connection patterns requires further processing, because multiple +application streams may be operating simultaneously or in series over +a single circuit. + +

+Observing user content. While content at the user end is encrypted, +connections to responders may not be (indeed, the responding website +itself may be hostile). While filtering content is not a primary goal +of Onion Routing, Tor can directly use Privoxy and related +filtering services to anonymize application data streams. + +

+Option distinguishability. We allow clients to choose +configuration options. For example, clients concerned about request +linkability should rotate circuits more often than those concerned +about traceability. Allowing choice may attract users with different +needs; but clients who are +in the minority may lose more anonymity by appearing distinct than they +gain by optimizing their behavior [1]. + +

+End-to-end timing correlation. Tor only minimally hides +such correlations. An attacker watching patterns of +traffic at the initiator and the responder will be +able to confirm the correspondence with high probability. The +greatest protection currently available against such confirmation is to hide +the connection between the onion proxy and the first Tor node, +by running the OP on the Tor node or behind a firewall. This approach +requires an observer to separate traffic originating at the onion +router from traffic passing through it: a global observer can do this, +but it might be beyond a limited observer's capabilities. + +

+End-to-end size correlation. Simple packet counting +will also be effective in confirming +endpoints of a stream. However, even without padding, we may have some +limited protection: the leaky pipe topology means different numbers +of packets may enter one end of a circuit than exit at the other. + +

+Website fingerprinting. All the effective passive +attacks above are traffic confirmation attacks, +which puts them outside our design goals. There is also +a passive traffic analysis attack that is potentially effective. +Rather than searching exit connections for timing and volume +correlations, the adversary may build up a database of +"fingerprints" containing file sizes and access patterns for +targeted websites. He can later confirm a user's connection to a given +site simply by consulting the database. This attack has +been shown to be effective against SafeWeb [29]. +It may be less effective against Tor, since +streams are multiplexed within the same circuit, and +fingerprinting will be limited to +the granularity of cells (currently 512 bytes). Additional +defenses could include +larger cell sizes, padding schemes to group websites +into large sets, and link +padding or long-range dummies.⁴
+ +

+Active attacks
+Compromise keys. An attacker who learns the TLS session key can +see control cells and encrypted relay cells on every circuit on that +connection; learning a circuit +session key lets him unwrap one layer of the encryption. An attacker +who learns an OR's TLS private key can impersonate that OR for the TLS +key's lifetime, but he must +also learn the onion key to decrypt create cells (and because of +perfect forward secrecy, he cannot hijack already established circuits +without also compromising their session keys). Periodic key rotation +limits the window of opportunity for these attacks. On the other hand, +an attacker who learns a node's identity key can replace that node +indefinitely by sending new forged descriptors to the directory servers. + +

+Iterated compromise. A roving adversary who can +compromise ORs (by system intrusion, legal coercion, or extralegal +coercion) could march down the circuit compromising the +nodes until he reaches the end. Unless the adversary can complete +this attack within the lifetime of the circuit, however, the ORs +will have discarded the necessary information before the attack can +be completed. (Thanks to the perfect forward secrecy of session +keys, the attacker cannot force nodes to decrypt recorded +traffic once the circuits have been closed.) Additionally, building +circuits that cross jurisdictions can make legal coercion +harder-this phenomenon is commonly called "jurisdictional +arbitrage." The Java Anon Proxy project recently experienced the +need for this approach, when +a German court forced them to add a backdoor to +their nodes [51]. + +

+Run a recipient. An adversary running a webserver +trivially learns the timing patterns of users connecting to it, and +can introduce arbitrary patterns in its responses. +End-to-end attacks become easier: if the adversary can induce +users to connect to his webserver (perhaps by advertising +content targeted to those users), he now holds one end of their +connection. There is also a danger that application +protocols and associated programs can be induced to reveal information +about the initiator. Tor depends on Privoxy and similar protocol cleaners +to solve this latter problem. + +

+Run an onion proxy. It is expected that end users will +nearly always run their own local onion proxy. However, in some +settings, it may be necessary for the proxy to run +remotely-typically, in institutions that want +to monitor the activity of those connecting to the proxy. +Compromising an onion proxy compromises all future connections +through it. + +

+DoS non-observed nodes. An observer who can only watch some +of the Tor network can increase the value of this traffic +by attacking non-observed nodes to shut them down, reduce +their reliability, or persuade users that they are not trustworthy. +The best defense here is robustness. + +

+Run a hostile OR. In addition to being a local observer, +an isolated hostile node can create circuits through itself, or alter +traffic patterns to affect traffic at other nodes. Nonetheless, a hostile +node must be immediately adjacent to both endpoints to compromise the +anonymity of a circuit. If an adversary can +run multiple ORs, and can persuade the directory servers +that those ORs are trustworthy and independent, then occasionally +some user will choose one of those ORs for the start and another +as the end of a circuit. If an adversary +controls m > 1 of N nodes, he can correlate at most +([m/N])² of the traffic-although an +adversary +could still attract a disproportionately large amount of traffic +by running an OR with a permissive exit policy, or by +degrading the reliability of other routers. + +

+Introduce timing into messages. This is simply a stronger +version of passive timing attacks already discussed earlier. + +

+Tagging attacks. A hostile node could "tag" a +cell by altering it. If the +stream were, for example, an unencrypted request to a Web site, +the garbled content coming out at the appropriate time would confirm +the association. However, integrity checks on cells prevent +this attack. + +

+Replace contents of unauthenticated protocols. When +relaying an unauthenticated protocol like HTTP, a hostile exit node +can impersonate the target server. Clients +should prefer protocols with end-to-end authentication. + +

+Replay attacks. Some anonymity protocols are vulnerable +to replay attacks. Tor is not; replaying one side of a handshake +will result in a different negotiated session key, and so the rest +of the recorded session can't be used. + +

+Smear attacks. An attacker could use the Tor network for +socially disapproved acts, to bring the +network into disrepute and get its operators to shut it down. +Exit policies reduce the possibilities for abuse, but +ultimately the network requires volunteers who can tolerate +some political heat. + +

+Distribute hostile code. An attacker could trick users +into running subverted Tor software that did not, in fact, anonymize +their connections-or worse, could trick ORs into running weakened +software that provided users with less anonymity. We address this +problem (but do not solve it completely) by signing all Tor releases +with an official public key, and including an entry in the directory +that lists which versions are currently believed to be secure. To +prevent an attacker from subverting the official release itself +(through threats, bribery, or insider attacks), we provide all +releases in source code form, encourage source audits, and +frequently warn our users never to trust any software (even from +us) that comes without source.
+ +

+Directory attacks
+Destroy directory servers. If a few directory +servers disappear, the others still decide on a valid +directory. So long as any directory servers remain in operation, +they will still broadcast their views of the network and generate a +consensus directory. (If more than half are destroyed, this +directory will not, however, have enough signatures for clients to +use it automatically; human intervention will be necessary for +clients to decide whether to trust the resulting directory.) + +

+Subvert a directory server. By taking over a directory server, +an attacker can partially influence the final directory. Since ORs +are included or excluded by majority vote, the corrupt directory can +at worst cast a tie-breaking vote to decide whether to include +marginal ORs. It remains to be seen how often such marginal cases +occur in practice. + +

+Subvert a majority of directory servers. An adversary who controls +more than half the directory servers can include as many compromised +ORs in the final directory as he wishes. We must ensure that directory +server operators are independent and attack-resistant. + +

+Encourage directory server dissent. The directory +agreement protocol assumes that directory server operators agree on +the set of directory servers. An adversary who can persuade some +of the directory server operators to distrust one another could +split the quorum into mutually hostile camps, thus partitioning +users based on which directory they use. Tor does not address +this attack. + +

+Trick the directory servers into listing a hostile OR. +Our threat model explicitly assumes directory server operators will +be able to filter out most hostile ORs. + +

+Convince the directories that a malfunctioning OR is +working. In the current Tor implementation, directory servers +assume that an OR is running correctly if they can start a TLS +connection to it. A hostile OR could easily subvert this test by +accepting TLS connections from ORs but ignoring all cells. Directory +servers must actively test ORs by building circuits and streams as +appropriate. The tradeoffs of a similar approach are discussed +in [18].
+ +

+Attacks against rendezvous points
+Make many introduction requests. An attacker could +try to deny Bob service by flooding his introduction points with +requests. Because the introduction points can block requests that +lack authorization tokens, however, Bob can restrict the volume of +requests he receives, or require a certain amount of computation for +every request he receives. + +

+Attack an introduction point. An attacker could +disrupt a location-hidden service by disabling its introduction +points. But because a service's identity is attached to its public +key, the service can simply re-advertise +itself at a different introduction point. Advertisements can also be +done secretly so that only high-priority clients know the address of +Bob's introduction points or so that different clients know of different +introduction points. This forces the attacker to disable all possible +introduction points. + +

+Compromise an introduction point. An attacker who controls +Bob's introduction point can flood Bob with +introduction requests, or prevent valid introduction requests from +reaching him. Bob can notice a flood, and close the circuit. To notice +blocking of valid requests, however, he should periodically test the +introduction point by sending rendezvous requests and making +sure he receives them. + +

+Compromise a rendezvous point. A rendezvous +point is no more sensitive than any other OR on +a circuit, since all data passing through the rendezvous is encrypted +with a session key shared by Alice and Bob. + +

+8 Early experiences: Tor in the Wild

+ + + +

+As of mid-May 2004, the Tor network consists of 32 nodes +(24 in the US, 8 in Europe), and more are joining each week as the code +matures. (For comparison, the current remailer network +has about 40 nodes.) Each node has at least a 768Kb/768Kb connection, and +many have 10Mb. The number of users varies (and of course, it's hard to +tell for sure), but we sometimes have several hundred users-administrators at +several companies have begun sending their entire departments' web +traffic through Tor, to block other divisions of +their company from reading their traffic. Tor users have reported using +the network for web browsing, FTP, IRC, AIM, Kazaa, SSH, and +recipient-anonymous email via rendezvous points. One user has anonymously +set up a Wiki as a hidden service, where other users anonymously publish +the addresses of their hidden services. + +

+Each Tor node currently processes roughly 800,000 relay +cells (a bit under half a gigabyte) per week. On average, about 80% +of each 498-byte payload is full for cells going back to the client, +whereas about 40% is full for cells coming from the client. (The difference +arises because most of the network's traffic is web browsing.) Interactive +traffic like SSH brings down the average a lot-once we have more +experience, and assuming we can resolve the anonymity issues, we may +partition traffic into two relay cell sizes: one to handle +bulk traffic and one for interactive traffic. + +

+Based in part on our restrictive default exit policy (we +reject SMTP requests) and our low profile, we have had no abuse +issues since the network was deployed in October +2003. Our slow growth rate gives us time to add features, +resolve bugs, and get a feel for what users actually want from an +anonymity system. Even though having more users would bolster our +anonymity sets, we are not eager to attract the Kazaa or warez +communities-we feel that we must build a reputation for privacy, human +rights, research, and other socially laudable activities. + +

+As for performance, profiling shows that Tor spends almost +all its CPU time in AES, which is fast. Current latency is attributable +to two factors. First, network latency is critical: we are +intentionally bouncing traffic around the world several times. Second, +our end-to-end congestion control algorithm focuses on protecting +volunteer servers from accidental DoS rather than on optimizing +performance. To quantify these effects, we did some informal tests using a network of 4 +nodes on the same machine (a heavily loaded 1GHz Athlon). We downloaded a 60 +megabyte file from debian.org every 30 minutes for 54 hours (108 sample +points). It arrived in about 300 seconds on average, compared to 210s for a +direct download. We ran a similar test on the production Tor network, +fetching the front page of cnn.com (55 kilobytes): +while a direct +download consistently took about 0.3s, the performance through Tor varied. +Some downloads were as fast as 0.4s, with a median at 2.8s, and +90% finishing within 5.3s. It seems that as the network expands, the chance +of building a slow circuit (one that includes a slow or heavily loaded node +or link) is increasing. On the other hand, as our users remain satisfied +with this increased latency, we can address our performance incrementally as we +proceed with development. +

+ +

+Although Tor's clique topology and full-visibility directories present +scaling problems, we still expect the network to support a few hundred +nodes and maybe 10,000 users before we're forced to become +more distributed. With luck, the experience we gain running the current +topology will help us choose among alternatives when the time comes. + +

+9 Open Questions in Low-latency Anonymity

+ + + +

+In addition to the non-goals in +Section 3, many questions must be solved +before we can be confident of Tor's security. + +

+Many of these open issues are questions of balance. For example, +how often should users rotate to fresh circuits? Frequent rotation +is inefficient, expensive, and may lead to intersection attacks and +predecessor attacks [54], but infrequent rotation makes the +user's traffic linkable. Besides opening fresh circuits, clients can +also exit from the middle of the circuit, +or truncate and re-extend the circuit. More analysis is +needed to determine the proper tradeoff. + +

+ +

+How should we choose path lengths? If Alice always uses two hops, +then both ORs can be certain that by colluding they will learn about +Alice and Bob. In our current approach, Alice always chooses at least +three nodes unrelated to herself and her destination. +Should Alice choose a random path length (e.g. from a geometric +distribution) to foil an attacker who +uses timing to learn that he is the fifth hop and thus concludes that +both Alice and the responder are running ORs? + +

+Throughout this paper, we have assumed that end-to-end traffic +confirmation will immediately and automatically defeat a low-latency +anonymity system. Even high-latency anonymity systems can be +vulnerable to end-to-end traffic confirmation, if the traffic volumes +are high enough, and if users' habits are sufficiently +distinct [14,31]. Can anything be +done to +make low-latency systems resist these attacks as well as high-latency +systems? Tor already makes some effort to conceal the starts and ends of +streams by wrapping long-range control commands in identical-looking +relay cells. Link padding could frustrate passive observers who count +packets; long-range padding could work against observers who own the +first hop in a circuit. But more research remains to find an efficient +and practical approach. Volunteers prefer not to run constant-bandwidth +padding; but no convincing traffic shaping approach has been +specified. Recent work on long-range padding [33] +shows promise. One could also try to reduce correlation in packet timing +by batching and re-ordering packets, but it is unclear whether this could +improve anonymity without introducing so much latency as to render the +network unusable. + +

+A cascade topology may better defend against traffic confirmation by +aggregating users, and making padding and +mixing more affordable. Does the hydra topology (many input nodes, +few output nodes) work better against some adversaries? Are we going +to get a hydra anyway because most nodes will be middleman nodes? + +

+Common wisdom suggests that Alice should run her own OR for best +anonymity, because traffic coming from her node could plausibly have +come from elsewhere. How much mixing does this approach need? Is it +immediately beneficial because of real-world adversaries that can't +observe Alice's router, but can run routers of their own? + +

+To scale to many users, and to prevent an attacker from observing the +whole network, it may be necessary +to support far more servers than Tor currently anticipates. +This introduces several issues. First, if approval by a central set +of directory servers is no longer feasible, what mechanism should be used +to prevent adversaries from signing up many colluding servers? Second, +if clients can no longer have a complete picture of the network, +how can they perform discovery while preventing attackers from +manipulating or exploiting gaps in their knowledge? Third, if there +are too many servers for every server to constantly communicate with +every other, which non-clique topology should the network use? +(Restricted-route topologies promise comparable anonymity with better +scalability [13], but whatever topology we choose, we +need some way to keep attackers from manipulating their position within +it [21].) Fourth, if no central authority is tracking +server reliability, how do we stop unreliable servers from making +the network unusable? Fifth, do clients receive so much anonymity +from running their own ORs that we should expect them all to do +so [1], or do we need another incentive structure to +motivate them? Tarzan and MorphMix present possible solutions. + +

+ +

+When a Tor node goes down, all its circuits (and thus streams) must break. +Will users abandon the system because of this brittleness? How well +does the method in Section 6.1 allow streams to survive +node failure? If affected users rebuild circuits immediately, how much +anonymity is lost? It seems the problem is even worse in a peer-to-peer +environment-such systems don't yet provide an incentive for peers to +stay connected when they're done retrieving content, so we would expect +a higher churn rate. + +

+ +

+10 Future Directions

+ + + +

+Tor brings together many innovations into a unified deployable system. The +next immediate steps include: + +

+Scalability: Tor's emphasis on deployability and design simplicity +has led us to adopt a clique topology, semi-centralized +directories, and a full-network-visibility model for client +knowledge. These properties will not scale past a few hundred servers. +Section 9 describes some promising +approaches, but more deployment experience will be helpful in learning +the relative importance of these bottlenecks. + +

+Bandwidth classes: This paper assumes that all ORs have +good bandwidth and latency. We should instead adopt the MorphMix model, +where nodes advertise their bandwidth level (DSL, T1, T3), and +Alice avoids bottlenecks by choosing nodes that match or +exceed her bandwidth. In this way DSL users can usefully join the Tor +network. + +

+Incentives: Volunteers who run nodes are rewarded with publicity +and possibly better anonymity [1]. More nodes means increased +scalability, and more users can mean more anonymity. We need to continue +examining the incentive structures for participating in Tor. Further, +we need to explore more approaches to limiting abuse, and understand +why most people don't bother using privacy systems. + +

+Cover traffic: Currently Tor omits cover traffic-its costs +in performance and bandwidth are clear but its security benefits are +not well understood. We must pursue more research on link-level cover +traffic and long-range cover traffic to determine whether some simple padding +method offers provable protection against our chosen adversary. + +

+ +

+Caching at exit nodes: Perhaps each exit node should run a +caching web proxy [47], to improve anonymity for cached pages +(Alice's request never +leaves the Tor network), to improve speed, and to reduce bandwidth cost. +On the other hand, forward security is weakened because caches +constitute a record of retrieved files. We must find the right +balance between usability and security. + +

+Better directory distribution: +Clients currently download a description of +the entire network every 15 minutes. As the state grows larger +and clients more numerous, we may need a solution in which +clients receive incremental updates to directory state. +More generally, we must find more +scalable yet practical ways to distribute up-to-date snapshots of +network status without introducing new attacks. + +

+Further specification review: Our public +byte-level specification [20] needs +external review. We hope that as Tor +is deployed, more people will examine its +specification. + +

+Multisystem interoperability: We are currently working with the +designer of MorphMix to unify the specification and implementation of +the common elements of our two systems. So far, this seems +to be relatively straightforward. Interoperability will allow testing +and direct comparison of the two designs for trust and scalability. + +

+Wider-scale deployment: The original goal of Tor was to +gain experience in deploying an anonymizing overlay network, and +learn from having actual users. We are now at a point in design +and development where we can start deploying a wider network. Once +we have many actual users, we will doubtlessly be better +able to evaluate some of our design decisions, including our +robustness/latency tradeoffs, our performance tradeoffs (including +cell size), our abuse-prevention mechanisms, and +our overall usability. + +

+ +

Acknowledgments

+ We thank Peter Palfrader, Geoff Goodell, Adam Shostack, Joseph Sokol-Margolis, + John Bashinski, and Zack Brown + for editing and comments; + Matej Pfajfar, Andrei Serjantov, Marc Rennhard for design discussions; + Bram Cohen for congestion control discussions; + Adam Back for suggesting telescoping circuits; and + Cathy Meadows for formal analysis of the extend protocol. + This work has been supported by ONR and DARPA. + +

+ +

References

+ +

[1]: +A. Acquisti, R. Dingledine, and P. Syverson. + On the economics of anonymity. + In R. N. Wright, editor, Financial Cryptography. + Springer-Verlag, LNCS 2742, 2003. + +
+
[2]: +R. Anderson. + The eternity service. + In Pragocrypt '96, 1996. + +
+
[3]: +The Anonymizer. + <http://anonymizer.com/>. + + +
[4]: +A. Back, I. Goldberg, and A. Shostack. + Freedom systems 2.1 security issues and analysis. + White paper, Zero Knowledge Systems, Inc., May 2001. + +
+
[5]: +A. Back, U. Möller, and A. Stiglic. + Traffic analysis attacks and trade-offs in anonymity providing + systems. + In I. S. Moskowitz, editor, Information Hiding (IH 2001), pages + 245-257. Springer-Verlag, LNCS 2137, 2001. + +
+
[6]: +M. Bellare, P. Rogaway, and D. Wagner. + The EAX mode of operation: A two-pass authenticated-encryption + scheme optimized for simplicity and efficiency. + In Fast Software Encryption 2004, February 2004. + +
+
[7]: +O. Berthold, H. Federrath, and S. Köpsell. + Web MIXes: A system for anonymous and unobservable Internet + access. + In H. Federrath, editor, Designing Privacy Enhancing + Technologies: Workshop on Design Issue in Anonymity and Unobservability. + Springer-Verlag, LNCS 2009, 2000. + +
+
[8]: +P. Boucher, A. Shostack, and I. Goldberg. + Freedom systems 2.0 architecture. + White paper, Zero Knowledge Systems, Inc., December 2000. + +
+
[9]: +Z. Brown. + Cebolla: Pragmatic IP Anonymity. + In Ottawa Linux Symposium, June 2002. + +
+
[10]: +D. Chaum. + Untraceable electronic mail, return addresses, and digital + pseudo-nyms. + Communications of the ACM, 4(2), February 1981. + +
+
[11]: +F. Dabek, M. F. Kaashoek, D. Karger, R. Morris, and I. Stoica. + Wide-area cooperative storage with CFS. + In 18th ACM Symposium on Operating Systems Principles + (SOSP '01), Chateau Lake Louise, Banff, Canada, October 2001. + +
+
[12]: +W. Dai. + Pipenet 1.1. + Usenet post, August 1996. + <http://www.eskimo.com/ weidai/pipenet.txt> First mentioned in a + post to the cypherpunks list, Feb. 1995. + + +
[13]: +G. Danezis. + Mix-networks with restricted routes. + In R. Dingledine, editor, Privacy Enhancing Technologies (PET + 2003). Springer-Verlag LNCS 2760, 2003. + +
+
[14]: +G. Danezis. + Statistical disclosure attacks. + In Security and Privacy in the Age of Uncertainty (SEC2003), + pages 421-426, Athens, May 2003. IFIP TC11, Kluwer. + +
+
[15]: +G. Danezis, R. Dingledine, and N. Mathewson. + Mixminion: Design of a type III anonymous remailer protocol. + In 2003 IEEE Symposium on Security and Privacy, pages 2-15. + IEEE CS, May 2003. + +
+
[16]: +D. Dean and A. Stubblefield. + Using Client Puzzles to Protect TLS. + In Proceedings of the 10th USENIX Security Symposium. USENIX, + Aug. 2001. + +
+
[17]: +T. Dierks and C. Allen. + The TLS Protocol - Version 1.0. + IETF RFC 2246, January 1999. + +
+
[18]: +R. Dingledine, M. J. Freedman, D. Hopwood, and D. Molnar. + A Reputation System to Increase MIX-net Reliability. + In I. S. Moskowitz, editor, Information Hiding (IH 2001), pages + 126-141. Springer-Verlag, LNCS 2137, 2001. + +
+
[19]: +R. Dingledine, M. J. Freedman, and D. Molnar. + The free haven project: Distributed anonymous storage service. + In H. Federrath, editor, Designing Privacy Enhancing + Technologies: Workshop on Design Issue in Anonymity and Unobservability. + Springer-Verlag, LNCS 2009, July 2000. + +
+
[20]: +R. Dingledine and N. Mathewson. + Tor protocol specifications. + <http://freehaven.net/tor/tor-spec.txt>. + + +
[21]: +R. Dingledine and P. Syverson. + Reliable MIX Cascade Networks through Reputation. + In M. Blaze, editor, Financial Cryptography. Springer-Verlag, + LNCS 2357, 2002. + +
+
[22]: +J. Douceur. + The Sybil Attack. + In Proceedings of the 1st International Peer To Peer Systems + Workshop (IPTPS), Mar. 2002. + +
+
[23]: +H. Federrath, A. Jerichow, and A. Pfitzmann. + MIXes in mobile communication systems: Location management with + privacy. + In R. Anderson, editor, Information Hiding, First International + Workshop, pages 121-135. Springer-Verlag, LNCS 1174, May 1996. + +
+
[24]: +M. J. Freedman and R. Morris. + Tarzan: A peer-to-peer anonymizing network layer. + In 9th ACM Conference on Computer and Communications + Security (CCS 2002), Washington, DC, November 2002. + +
+
[25]: +S. Goel, M. Robson, M. Polte, and E. G. Sirer. + Herbivore: A scalable and efficient protocol for anonymous + communication. + Technical Report TR2003-1890, Cornell University Computing and + Information Science, February 2003. + +
+
[26]: +I. Goldberg. + A Pseudonymous Communications Infrastructure for the Internet. + PhD thesis, UC Berkeley, Dec 2000. + +
+
[27]: +D. M. Goldschlag, M. G. Reed, and P. F. Syverson. + Hiding routing information. + In R. Anderson, editor, Information Hiding, First International + Workshop, pages 137-150. Springer-Verlag, LNCS 1174, May 1996. + +
+
[28]: +C. Gülcü and G. Tsudik. + Mixing E-mail with Babel. + In Network and Distributed Security Symposium (NDSS 96), + pages 2-16. IEEE, February 1996. + +
+
[29]: +A. Hintz. + Fingerprinting websites using traffic analysis. + In R. Dingledine and P. Syverson, editors, Privacy Enhancing + Technologies (PET 2002), pages 171-178. Springer-Verlag, LNCS 2482, 2002. + +
+
[30]: +A. Jerichow, J. Müller, A. Pfitzmann, B. Pfitzmann, and M. Waidner. + Real-time mixes: A bandwidth-efficient anonymity protocol. + IEEE Journal on Selected Areas in Communications, + 16(4):495-509, May 1998. + +
+
[31]: +D. Kesdogan, D. Agrawal, and S. Penz. + Limits of anonymity in open environments. + In F. Petitcolas, editor, Information Hiding Workshop (IH + 2002). Springer-Verlag, LNCS 2578, October 2002. + +
+
[32]: +D. Koblas and M. R. Koblas. + SOCKS. + In UNIX Security III Symposium (1992 USENIX Security + Symposium), pages 77-83. USENIX, 1992. + +
+
[33]: +B. N. Levine, M. K. Reiter, C. Wang, and M. Wright. + Timing analysis in low-latency mix-based systems. + In A. Juels, editor, Financial Cryptography. Springer-Verlag, + LNCS (forthcoming), 2004. + +
+
[34]: +B. N. Levine and C. Shields. + Hordes: A multicast-based protocol for anonymity. + Journal of Computer Security, 10(3):213-240, 2002. + +
+
[35]: +C. Meadows. + The NRL protocol analyzer: An overview. + Journal of Logic Programming, 26(2):113-131, 1996. + +
+
[36]: +U. Möller, L. Cottrell, P. Palfrader, and L. Sassaman. + Mixmaster Protocol - Version 2. + Draft, July 2003. + <http://www.abditum.com/mixmaster-spec.txt>. + + +
[37]: +V. S. Pai, L. Wang, K. Park, R. Pang, and L. Peterson. + The Dark Side of the Web: An Open Proxy's View. + <http://codeen.cs.princeton.edu/>. + + +
[38]: +A. Pfitzmann, B. Pfitzmann, and M. Waidner. + ISDN-mixes: Untraceable communication with very small bandwidth + overhead. + In GI/ITG Conference on Communication in Distributed Systems, + pages 451-463, February 1991. + +
+
[39]: +Privoxy. + <http://www.privoxy.org/>. + + +
[40]: +M. G. Reed, P. F. Syverson, and D. M. Goldschlag. + Protocols using anonymous connections: Mobile applications. + In B. Christianson, B. Crispo, M. Lomas, and M. Roe, editors, + Security Protocols: 5th International Workshop, pages 13-23. + Springer-Verlag, LNCS 1361, April 1997. + +
+
[41]: +M. G. Reed, P. F. Syverson, and D. M. Goldschlag. + Anonymous connections and onion routing. + IEEE Journal on Selected Areas in Communications, + 16(4):482-494, May 1998. + +
+
[42]: +M. K. Reiter and A. D. Rubin. + Crowds: Anonymity for web transactions. + ACM TISSEC, 1(1):66-92, June 1998. + +
+
[43]: +M. Rennhard and B. Plattner. + Practical anonymity for the masses with morphmix. + In A. Juels, editor, Financial Cryptography. Springer-Verlag, + LNCS (forthcoming), 2004. + +
+
[44]: +M. Rennhard, S. Rafaeli, L. Mathy, B. Plattner, and D. Hutchison. + Analysis of an Anonymity Network for Web Browsing. + In IEEE 7th Intl. Workshop on Enterprise Security (WET ICE + 2002), Pittsburgh, USA, June 2002. + +
+
[45]: +A. Serjantov and P. Sewell. + Passive attack analysis for connection-based anonymity systems. + In Computer Security - ESORICS 2003. Springer-Verlag, LNCS + 2808, October 2003. + +
+
[46]: +R. Sherwood, B. Bhattacharjee, and A. Srinivasan. + p⁵: A protocol for scalable anonymous communication. + In IEEE Symposium on Security and Privacy, pages 58-70. IEEE + CS, 2002. + +
+
[47]: +A. Shubina and S. Smith. + Using caching for browsing anonymity. + ACM SIGEcom Exchanges, 4(2), Sept 2003. + +
+
[48]: +P. Syverson, M. Reed, and D. Goldschlag. + Onion Routing access configurations. + In DARPA Information Survivability Conference and Exposition + (DISCEX 2000), volume 1, pages 34-40. IEEE CS Press, 2000. + +
+
[49]: +P. Syverson, G. Tsudik, M. Reed, and C. Landwehr. + Towards an Analysis of Onion Routing Security. + In H. Federrath, editor, Designing Privacy Enhancing + Technologies: Workshop on Design Issue in Anonymity and Unobservability, + pages 96-114. Springer-Verlag, LNCS 2009, July 2000. + +
+
[50]: +A. Tannenbaum. + Computer networks, 1996. + +
+
[51]: +The AN.ON Project. + German police proceeds against anonymity service. + Press release, September 2003. + + <http://www.datenschutzzentrum.de/material/themen/presse/anon-bka_e.htm>. + + +
[52]: +M. Waldman and D. Mazières. + Tangler: A censorship-resistant publishing system based on document + entanglements. + In 8^th ACM Conference on Computer and Communications + Security (CCS-8), pages 86-135. ACM Press, 2001. + +
+
[53]: +M. Waldman, A. Rubin, and L. Cranor. + Publius: A robust, tamper-evident, censorship-resistant and + source-anonymous web publishing system. + In Proc. 9th USENIX Security Symposium, pages 59-72, August + 2000. + +
+
[54]: +M. Wright, M. Adler, B. N. Levine, and C. Shields. + Defending anonymous communication against passive logging attacks. + In IEEE Symposium on Security and Privacy, pages 28-41. IEEE + CS, May 2003.

+ + +

Footnotes:

+ +

+¹Actually, the negotiated key is used to derive two + symmetric keys: one for each direction. +

+² + With 48 bits of digest per cell, the probability of an accidental +collision is far lower than the chance of hardware failure. +

+³ +Rather than rely on an external infrastructure, the Onion Routing network +can run the lookup service itself. Our current implementation provides a +simple lookup system on the +directory servers. +

+⁴Note that this fingerprinting +attack should not be confused with the much more complicated latency +attacks of [5], which require a fingerprint of the latencies +of all circuits through the network, combined with those from the +network edges to the target user and the responder website. +

File translated from +T_EX +by +T_TH, +version 3.59.
On 18 May 2004, 10:45. + diff --git a/doc/tor-design.pdf b/doc/tor-design.pdf index 19dce9ba44f49ea3776ceedd47408a2326d0af2e..6db122d7d56c8d362d61b41e038dc9bef5f85e84 100644 GIT binary patch delta 70366 zc-ow~byOT(^DYX(f+y(U1a}5^2o^%H5Zo=e1$PNTrnckNwOPt{YkCt?nzeF?c7^6>=+dps=O3%VF|MOyj}{z__NwHfdG z9!V1FsZfJ-cGvG{h!6}-A&FxJq3jd!+%s@+)we>o7#&4?fV-A;uaj+>|JwPZqCVyT zJgc}XFJTH|gxa7{#3MA;S8F9qXR4ppSjZ7=&VWgwhN#pz^34N5sg4LK=Hu-(S^17) zK{+^(o6LHJIGq2J=)t`0%M$RPjIAPTg2Kk!hPqM)sTp0@OJoy7NYw^C|MeZh__QRJ z=U3SIc<#AFphb{A)7-Bz&p#KIxQzH9(ZjaZWr={hWDlQ|MT@}xU~ZY|&Rhy4BX>-C z6GH_ONL6p@2@`aJr?9d6GF(!uAIPmZCUkOib2kQ?hv>&+Q~rjzUCmY5&g|4L4r);} z?)27|cSaP80nw&~1crmWvyFsOhYIHLJHT2SA}Vo1?F7@0oOr09(e-AdB8MvbSd(WpMRjUf{XF~#F{eLdEw?PU~!ttB8#8K?7z-c6d|npr;L zf9i>7LcvD=0x8c@Dzh`k1%i5|sMekrLtA*!N?gOGN)ftqWH z3z+aJJT9`+e35podw<~l=aPvJuSWm1VAIKfxQ-zoaoCk9GXo?r5%Mm5xSwrl{>8 z#okm~sc)<=pIWIZ`bRsQT3jN2Qd7L=s7a*g9^@ho7T-0UMB<+UR0Y+N4x<`>YW z_?yXotlQI@{f}e)Hs>AA=*iaGnzqD2($K3je5^<>$cgKBxv_W!R}@Y(T$>_4Ej|D( z+XaSYFZ@L5`>;MiauCz+_x!6a+^qRXa~;R{eOsZuifb+(XulJ)QXe*zUZqlJ7|qJh#{L5`C%C@MiyEUSl&^ipho5eIh2nbPMob_D$? z)r))CN#Cewfo|_Uv}5EkHoNzzk8^+s1@>yO9`NG*N$+RwIuII<)=3>)+68p?J3q`C zRyp?(f;D#)Z`)_M{5pkfVzYXP-eQaBZ;9})dfVaio<9n3(QNHRI}1a2%?>ZNZMcZu zUXr?|cOs&`9Tj5w4wG&+^CG0XAI-v;ZW{ddk zq$=V!B6HTpUIr-+vQD>SzNff@D}?RFV!>{S6jGH$!u(N>l2Gw#x)?Jf!lgZRwDlh5 zgAc#7UfaqO4XE>>W2G2bOMaLA~Jx=T*gvt)QuLHwNnYrGqI$8d(@`zCTJ`Y;B_ z+nL7P=lxe7r_VoYZOl**1%g_Lf)TGH6JSD*d(?Xr6L5DX3}Wxq?PqV9WD~l&=l@`1 z=;ybIwMWg7Hh(8@__KAMzA9zn1h@MQDWF|$%-M9W>HAhX=FnHCDn(GP0zg=iu{5IS zgqFMP8qp-ur9s}az5Pvwe@BUf-9~guS;)qX6{HzbtRBsjIx4fnmDTJr2y5%?bw&&6ClJuf;M>$f57S ze(^zsk;E$7SC^!{FB^(H$8Nv2D75t?PZO@3T3=hnWZX&-61~N^{_Q4=GT0u_wYTHrlx}LkV^h-iMGNqiQG3g5_})x8Ct!>=$k&Bg1f!T) z^G1yl`JpP;si zdDpRmfF#d|bW&UDS4n1%YSm2@F7HsB-=QR+V(0D{j)FbeqDgj{9<>2v39IcIlg)<=ThbO7D}>Us{cao;DOZ>AOpSs=(V4Oi(N27 z*S=qPh&X{2_{A?(+FDFaWudY}5wlr3Q*cP7QJg|ONEYurxoL}pA%`&k#{=V!^>8Op zD?4f4FQW)Vdcxkvwwc6!3zs#ao5y0VfHXEmZ(Y~IrvFre9xU#k)h#J$+r%j6cItu6V5=fAGTw*YD5BX8BOu5ng zKuQ7ut7^Fow-ABwWx^2eb+iTx>nh3I5P!NWjMXQ|VRZS#6y1Co@};e+LCiV$GUB4h z7Sh(T^!uQ^1LkUeKXQx;wPQ$^&$}a7I5B28VbUy*1+9)oVr;bgddhP}CBg8KVPrpY z<+3DFRZB3c6tJf)h2<$<&4%L~pC-G-`WRnxBnR1VE9DDlEGVORb%W?Upw_2{XHc1- z`~dAlce(7k80f$2lw*^o!5|&d{|5i&W7w5N^Ht@1$*+(C(iS$6g$hSvj3Lx>XCCxE z3)BAA5>JIqWgf`9QNHa|$a@lUCGmY~a@;gZiPb zt#Vt~?T+j{*gt8tWE$wWlJC5(&L9HRQwAx$*}uZ23GpgAuueLUFkcZ`q=1sD0u0Wt zT_yCOD@?$uWyZQWYX^k!baCLlT4yAlISKmDF##K)_eP$!_J<6MTd@*eR=F@u; z8x_;`w?OpwxqY<{ZS&dE6~#Y5u?TvN0(qV2*I7D8ET2d-+Y73DB6L!|eC3_n=q1(KSQRIll9NO-K2t_{RqzC-WcRE){F*_m$~C5&t&U{BxOF}M zl_fAppru!^$xbwF%apXgWX0M$XLd|&B&hu+lUF8fQU%|RpG84Z4?N50sEYhexsd-m zl0B*!-H2OT+DJ;nUg#xEmA`bf7}{n?kn|5lwy(;>qsfD7vyB(i+;w&twGGoBtkQ0E zT$Jfs1KQrgV4H39PZ19o`HVRVJDx~G=yic~Dx0M14yrKE2kXfCuE8mWv15%Q9>zPY zv$9kt{Rr^`VoBjTf%r>pDb?(@q-0#Pl=mH@+ter;FlOl+o~&$JHW@!tx`=4e90TdC z-8p>96Lfq`)+~jL6Ea#4>X8muyGz|;<}+OwQseF5Htn``D@JmMLcU5DwF-7yx zFg4SU)J5NpVx1rI&3${>A?kMB8e3lDi#kmWBYXlV!LGoVdFEGa=Y;-|{2w7b80pee z9~%8Pu}KuLEhW0RDD5ZiyG?=L((;ejEDY}pc=>|;k%(nB3R=XjT~ku6d>*W5fctRm zj>wlp?*#|w%GY~H#E>ZDI(bKF73k#8s9r0W1@>e6y(FKU3~e9RaTjxkAfHf%i)}of z<1Vuv+FyO8yPy=IyzyaZSD6$LU^Jzt?Po-*=#cvUYJ;n%c>Pmauk2Qv)-Uf$Bd1u4 zK}#UUoSR@o%dNsz&;*v2RfUN%4QQT9AS08Vb3d9mxUoj%yY)fj$niM4P`5Iwe3Q$b zY4zql1W5}yZr4YeuyMuiMp?pjC@?|e4rxE;$a}Iz#QS1`?Di@&kY0Ze8~o^ z7QS$L6P~@JqM~bW;`G$~ zMVx8Lnsc>p9|xdHnk`xQY``qJUY7bt{$VeK)bN7IO01WPO_vQd3hZy(ecBjh=<;4M z$bJcwZh!B2U9UCIbz_kF+c|5WUroG%{+D=g?hL-g8Q5Lr`13>$wD2^-db;-|n+o-L zuO2zNd(9pEAG68;to4OSI0+~N*NWQJ5NcKZgY-6iO{X!suvqF>B@BQ$W%cLA* zx%|wvH>t|&X#$BEV83>VplQ_pINPyghThcRW^|bAE4wvR=JV?gCkmJ`&7CrJ;@Bxq zW!>whSFg-6d|rWN{9ysq0JQR3!?S5SRf-f+(%kM;-L}TQtGJ4oDFH;?PlulFROQWK z%3s|+|Jq^)9i+HB;?bCo#J?#liEI1p#S&d=$#*S9O`u;CVhytKq%)YN=}WD{Y~k7J zms2-W@M}GB{pF7JkxJL;VIh1ZNGz-Jh_*LP;GC|5_e1>o@szV(PN(1q)m?0x@BN)| zjlH)HO^uxQ0{kxuq3Jw^jq^tYI`t1YL@AQ!c)k&R6SNx21APM2m%b|%Uw-sp9^U;_ z+r2;-qPW6*QSL&o2=2HFh4T!j0KA;mcppR#ZDG`6@(nYUrL7H2jZs+D%s)Gtk#n-M zqp-d=Ha9hMBxhr1Ltzy&cXaq@Y%gwW{l(VC*v65Z7ll>a*2>mi>5GApF*&P*v9r06 z@h2%U6joVd8`EbI9DLl*dp`7lj*tyy3)VUAC1N0Zo^v^>RiS<-E8Cwhlm?x{o(KlE ze;Bt>e)*N9GhU;3BjD<0wYRR`1#=Xlz?*lio;&h{4AYoiUr@jFBY!@BcK7yv`$2x* zy|tBh_wo4Q3or36uUlsqm%4=mT|GS_oYVVzuhtcDu{oLTE~w`(hhu;x?C8ts?9?1e zYHI2+z94h2xvj0Opw0(f*3`7LcG~?0vyJL&x-z7r5DbUU*&qG+oqMi)xTBS<=Ro>C*%|Qr;8m^g|OX0@&`tP%1svi_IVl8&rD30yIniL6OilbHrKdcCbC~gmk_wT z`v_j)nN*GhzP~oy-x_^^y)5}h@&uuROdO-SYjHmaj66mLwUG~{wW5>}uah>J;ANs7 ztbn0IMTcEsG-bI1sQtj0i?M>J#;;U*xE2hNC0zzXO|^0b*iyl>)*zp`p<>g7bxo!~ z&jw;mx1>&!0DnYWu&#mqE7Pc}kF-dG9mJ0K=Vs{P*4?gRde^x0Y^`=fL=nWIyuyNv zw+8m(s4toG+ta#z%T1NxgUNZ|y`3W~GV!X1VCneEF_*TlY|8YZD*%xhf7?+D8fRYtoe287jrH5ckK=|u0R>YU=6 z>x!8QAm*ii%Ru?!aP2!g^anwFjic}v3A`M}H5qn%9FaT|Hljg@p8P9^Tz|1jF|8!S zUIfus_AoNdfZkX<1MSdyH6F(kfQR5E?2^oJ;SJ8F0Jz@9>=IyT5heC=bJ8{O-_Vl7=aXekF zhJvE6AVDWxu72b_*iRSmPf9;sAo~Fzg;3g;e*Z7O9o3<|SDCjXd`MO6+ZL zdzUMbc*}SgZHxd%N7m49&lEGRMb@lJQUjZwD&}z`u|exX;n^&EsW0X>c{U#Jb$HuxqW3uaqp2J232qpjB)Sw&+GI$`8XB}AMI zTtp7|-GP`8*w9WT$KMYkN&S_po%}`K;P=VbKuh$UdmQaju)!xbX-XoHO4;p$AU?d3i z+8P9jwall&JEn?9ngr{H4fVKA$7IS&xc4L1xc@Ul#dsnq@^o?+5M!7UI#WbyfYAeC zdh1rAlXxY-B21G(YaAFe6yE%sqe) z6j2lsgCNYh{aH}{vulj+y_LR}G*fZc2q9~gsbEoSb3ppLe=K5k?nnj3{X!F^iR%Y2B#8WP!lBn7WXvdCV)k(S!EUGU*&UX9wJUqC+^d2`j4Di z0#N(8Ff(co(`H0NM;5+f}fMR^v(7K#yMWd&HU8il`=f!7${1!=n zEofsRI9*3-AlzfAdTP@B94r5yq4J;Klb+t*UT^Db=-CzoVpO#zBq+F#AZmu`uB-6s zf8zIlPT>Fg^#6Hkc0Ti3IbQOp>B6#RDP6Vy=;&zYYTNy^OOwt|TT7{hxudJdkM1^P zPvqs9$ZX^0!La1RI1Mv!e)V2OL`Z0r+(v}l6DRQD1mDWn&|$%g>WSUv@F6UKt5gYB z&+i>aLDC}@^)l3&vMp)4mvw;xIz3zQYCGK86*PXvB8Db47zisF&UYc8Wd};WS2u5{ zYdtL=x=)YEu$=reOXr7Gv$vugk*suc7EAt@(fJASoxU{Ndk1s zl(?+-DTnA;F6HmCL5w_D2vqj#42)DInBPT5TdfrF3blVhR?wz@SabR;0R}VeGvE33 zdQ10vTj^Mv*b}f#4NE5nY3nVqSUPMZ>2OQqB8_`6-W2rr=q=5w6X-K1`p7Zmw;P%*- zzCSMSbw~i>vbeM-kBN~OTy`%mlV#BPGK;#}Pt6@y=a{C_D&JYhkRqanIu&Yt+8Jg~6>?j}t_Azf38@#(kXzZ+NLk9{?#$9G z6W*KRx|3pRC3WP5nNX({-Ga-a{D1&bZ9VON?<;)X@q&>gwty;U1lw zoZMfI)hpt~HN3Vi9;Z87brp<0SG}4p=rLYi?!+Jh4|K2tJegr!gvK`3eTv;rEX9@z zQV5gz%S}Nill5KydE|@(>5uyNCX_bo`^i5yp%i}y{=Hc?biTX0BW^fp0V%MDoTv`F zdJ@#Mz%MwfLs}R4s*f0D@0Z`@CkwoTs_CAI(FNZ4UkT!W1~!|r{6AcOlnxV<^?`yg zqmP^gbP@cZa)M=`9~iZgIf@LHM4K{3No{3%t^1d6)|G9eujc7E$(kH(Zf$M$CFhP? z%5+SOn_=ZUzIWtPn&G>+QLP}R6`Kk|?4)p&ZL(p%t*4yQx}cGbS;c6D-%!%Ql&nqU zlc^O{Q@S*q0&8}RLrFr{eh##zf=RJg9WJ*EJzdV0YHwQFYx8ZjxoXfaa|mrm`vrr> z9p<;KgcnO_>d-AKQA_IvU$E)2(n4<@YaJ{2zU0vqmSIn?QdY!XgnkxO4N0JK7Hc)X zrrI4KY0n|R(Rf@aveR%V#c@^bIs0i#h?F$-B~NWJ1aL@T4rJ3cwT>}mhz{mTG&O7< z*z9Dl2>6JK>`<fnXPMUT2*)hPM`{pH@=208hH0K&u z3YwYr1xpJIWDYN25*J|qfXO11in3YT4eF7Z=63UmSKe0+jVJP{+I*I7C(S*|=G=e+ zapDJ%rTBeKZ_?~iq-hkUIigQocf?Y@>v(-1Nr)=|?bY5rSn_T^^&P|H@Anq!6G%>P z>Y@;eE-ETS;=5(-8|hHazOQhTJSN5QOVto}z{@S-2uVSw22FOkqi& zKdpFW%lq4$Ar+(><;vJhfH2&^Ux%UqeE{ot55vL76E{59$ECh`AItz4|R1BjjYlj)qtsR{=3m`9bWs z(TBxTw~s$wzixYE(QkAVX9B-{)NdBx;~T_{19ZQhpin@y1`GT`O@FWGznM2igWyi; zMmobl*bLdWDp-FS2);KQ4j_?`udQ6(-6LpowaaZ`eJ(SqXdQ=%*iim7 z@sL4fXNQpHs7h^m&RaVcBp}G2AObFbAdrAVSMKa2R0?RbUXvh72(1`&GG%E7+i@5S zMJ7+vKUX`5U{Z&N{ugQZj@-$v%*4%fd;v_0OpM4A9kHtA4fX;;y8Zs_aUvBCbE|mp zM$v+Nwz>(NXo0gAq4C&FisLD1IAfIusXFrX~aj8vRsLp3-ezU2iNC?aWh6b3R*QLc7J9v#s+XVp;6q>HRS_$J{XFT)xy zR{w}tu(|^xtT<;br5BWzmZQ%-R1r(0OI67>Dhay?Q2L9fcDMTNWk$OWebR5fM-YC! z%2-_vA1`mgPVX!)&k>drc&AWA*4sOqS*D0mgYfG-*8McU80Awk&^T81>N_8-+TBs> zqv0GHHyoDUVD^T%O0I%dlbGV*a4+8awN}-;u)P}smb-n+cnyNGPoP0Hq=Of|Eh~s6 z#T9F|B@EuO;3#S(7&YC6QlSq!@bjpKB*5dk#u!)gPuU7s@9fP zR$7-y33;9f^B=wxCdNRL4`@O4BVUAhV&+GfWI3!bW1G(oj`qd|)-l{}%qsuKmJJUl z?|-*!IQag5ZP~DcIrzAv-p~REDRLIX(shB>>o$+ocMXy}xk!PdFK@&=%nZt<4t=*t zUJA04B4Y~O2%amuBF+2JxWE!FqQ5*u>00uwjl4?7Ckcm?u@_YqRu-n3l7G<9NQ{c2 zrCb(#y(KXN3-iy>=3ZZ4&nqM}T&Jh2yWAwMB`+_(?_g)@qhb#@IGkPV&17X!&TXx( zX54#tc^wGMnl7v%S_y1-J{28MC^X$cM@MHa0|Nsi-+9*2qjq|MY0ldWIPh`SWgtV0 zLiHEM>GtO;$-l~Gn9(?ROs z(N^+)Lcg>(^s>z4*T+%8@8t`2WdYV|k_D<~seQHAwhFd$FN(r(E%CQYPS}%Pa9vBc z%(YrvW)Y62aor2_6;yse_g6Uzr!JdKJ>Yegy~sXm`M?S+?ALv2tmi9fi_0xGz&iQU z=ylSe?m$(SO#;Rb<_NJ6srcm8VjTM}A(`b@!jLC*qK2&(My7oGPy8}!E*v`<#VGgH z61EB;@9uEy@#2kcS&v?vLsuPqWI{!rTr^xo4hK6N?ib7tHuJ7N;X?jfEFxXlN zt5$IGfB|B3NTs#;C&HfHJZCMPHm2qLd5vQ8=#|QC{UFJjvrQWUGR?4vpBO)_h+lim z#<;{~=uD`0zh_{uv0Y5hZb_4`T7%i}yO#A?Oz>q?DV0&UfFU&3}ofX|%rtG~$AM3o>WO5PLTy?#Wx!DcP zG5}P3w!6*-E6O-4n9~HdY@<{q3llG2YA&O2X?mo%MCy%`TwKl^szG*(@8->nr-x&a z0dv*D^TLC4nYhHAYyR{I&E0Rp;UAd-(G;}SZ{&5U;>V-7a3mqjQ!K*+Sw$hGfjefP z;>K1L7nd0Qg+QI^-5vGQ#{D_1qs$|(3&XZy-3z_RQOV9eTSMzny8~Kt(3v6UkaKAb}sHbs5z2TNV)Oq$2vI6=A|20LwOP z$%ZSULQ*a%OL18{T1p{Li322K`87(4u~F7*D?7zyAp~iM?+0Ig&DBrgD(s*`_EshL zFTrYgLQabA+|(Zrf)}CYB3D_`T{kjm7-k}MYtUKICXldLl)~6kF)^_z;DBQea6NhG z(00nE!n(6m<3fVTP3Lldiudd5WV6dgJ?K`Z0gkPq(dg>~TJF#q!^yv@^xpF#RSWbWR3cLTVE(egMyEjY@;q}`yED{iS6 zPgz#v;E`V~i#x!N6D?_30l1b9ouwO_$iKcn*!3LI#Sf%Bi~q2*)wN3IQgt&PL&}2} z^7?1`r56F}%w0{>tDi4fEgVfSYI>%g{NNs`a>coysiM#oJ!3pd$du5B^JB5i-J4~( zYb`ZvL19ss@m*&!4SU4Amz1+kk}K2PpU%%=rOg?oI$_uPIlCDp2Eb+vx;@zjRTYY< zMZ$W{C~B1;>&9A1%iVHV9`COB0>_9NaZyb~S*dF3n%v~;;3_s#UHhy?!CMKr&g)h? zqenxg3-gj;-}8?l^Td6#^Hi-%80b|>s!PAiLsW%c%jkv(?Hx)0x9$+xt!Z!#-!Ald zVKYX*yq*@8X`l^QC74C=Nc+vTkUcGogv@k$yOZ+}v{PVkGl&?5iAR>ht5qdI` zDF>S@#_mE^INsaLvJ7c1AD8LmVXnK@boj#Rfc2=)%l$x=r9tCH<>a2f_Pu?~CXyO{ z92!4W=R5aX8BW;>5L>7*0yDsjHznnI_9ui&I?FTFzXL!~O*bgt6;;)#E?xZZlC{uX zjSIIvY+@ECbnPRVC*0BCT@f#NW1%ZCz8ijCcVp8VDuPsx%f(1S9XD&629girw#yxp zh&I9IT8RCKMNkRv+o5Gp`ef?wJxV=`U+dBKNBL6`n4%c&2Pr{QvZ*)bA1#j%HGTrR zsR2eqoXx@|EhgU!mJJg;Gl?9|-))Wnw~?55x7HW_mKFh5HVqe>kibSgi#f;0?RZAK z&JTwUXwlf_g$wMYEe#HS8YiCXb*7vWo-A>@-o1rL8cqtGESeXNOm5wm+UG50JhC)w z9#{1J0ff1_%|To>9HsYNffcHuNqhkFLfqytY$NP!4Xvv3-T)+dnPr{*)bY2jImbP? zusWks6!SgKdac9SMGcTu#txksX8QH=8g4tBKE+rYma>L8FSkhF8Sl}GY_Ymn?5+w| z)?I-qm{<`x#2XDytck|$hP4;oYB@2< zEYUV3j5YXqlfT!>${6tIPi_kyiM<<8YfN7j8fOr2h+wpewhjuuv| z(;qR(Q&{O<=2pNNPl-K%m_n0MGXva3;p4J?wF~MPI*!gQf2)DM|-9hQasnP6;zdxL{h_LXq zYm8$D6x!f)Zxn4r=agAh#UTm3jZIWvZ9?-_cf~A z5q&P>OT$6KfXbaT6$AV*x5gNz(S{v*3~{?k98Ns9?(*7g7f`Z{HS@7apHt#r>s|t( zX76*@_P8F7_m~?VMIFpS2y?GvQtuxY&kQ_uKUCgdU#my=m)1p$N^~$q@QHQ)Ypz?4 z%-1nJT{9A$RQ{sVgJi_S?>QzpWglX$%kBkBM_$1tZBB!iN(6G6h_-@};!Ubrz5HUS z+U{PAga0!*%|&Q}4-i%NCVaJuw0#0p{aO*(4jO!FqIO zZGvDV=@_PUljWNkNh~a=!s(hh5~g-#E1O%2z!y%ynCD?yCV!Srs=M44@;*{8Ya~{| zF^HirI9qEcZ)|b1Szi}xE&4y!J`Uw9H6D9NE$CVQ){k~uq|rnp86B02P#_r&cZv1{ ze8ND}t^lbtH>TI4=^l=bpG6`dhFMf=XN07h;HMz@M@F^cv;e{fOSHc8(0f22ZlP-u zl@zp3@Qhrv(U&lnXtNwJPlDjNzmKMgTxonJetrQ%h^YUm*%LZ}c2T$D?Qy<6etUIf z>5lmCJ3m62Pm>(ac7Sn~>-0oO;2upCYEs+EOY?R={^Pro-1_+NlbdV|3?qCdA zy}g@TLsHdKXE9fBdt{4Hg~ejuv$to-9L=@1!@|O%>|vs)DapT*8Pd|&&7i$9kC(D> zjJGiN^@F#?ZN_D9Dl9sjPav>L@RZnQN-9#9n&kIn@h8DNb?0?q58rCMJ=?WRZdR}3 z>=bC_CT6j^Wlu}2>rT4}i&Eyfxl<|sQ96M{v?cpur@{8KD7u5aJ$oN_;QYiQ0!M)f z%CPYHjCqzBNI>n==z}$j{(N37r2bFWKl9GX$(qk@NNoW=mPC6FC2FyIZ4VapQY|Gt zKbuE|L_~OmUhx#F*5q6=-lm5Us?Z0cALt{s*4HP9D_^@s*o>F$JF4pAYKaZP{~Vw( zNWYhw0Yi_If7Q5`Q%rfPb}MOFPm)s4dp_AX-N1P(my>0MUv-$Mp`lXbax>I7FKouti$2R?V zBO9F=NdGY4d>m8&WiB@wXn~X_%ywTj8%HB0txSxWcgUO4hMj0YED``g@5R;{`y{_g zu}yYFbT~86F66aDSU}8Od3DXsIe)CaX=x{>pZq7>a%cY_{ZC+{{En9 zCHAPEqmV(69J9^&AKm%8&FM84i_!$cHmA|w!^yvYMttv{wHVe7A1KLH;Z!5|CsqSZ z*Vop>P6U!N3?{^YmXc4suC7rss0)Tdm4k5i)4%Nb)+gRGeu#m?e9iuJSe#=*Ohwty~a2n>=a=q!b?6edRadISh z9S{FE6i54Tw$sqd?8wfHH1%u&F1wlYwjrywFwjUj_Dx z#ylh@A(^}6eKj5TYG!6ei0j>nqnBCU?161XSe4N~5!r@U?Jdl2Q^q=YYQBAC&tpwL5;L_$Pb%F#iT8=|FdW=Rx1Sg87#dfqeqIrPHU(a({pS z4U^3MCGtPvZtA_!1LK#^6+!Vq zdRVQ0+WhXp`Z_$i_)pBgX%%l0oXaU|v|Uwzszh>QMOIo?)&%~UQ=3O}d3U$?i|Z@) zRtsHcNg*n_|KFrM28LLGVgNen4{j@Zsd%?VVPQfLjk~ke)eH|Okj(sR^r{;I2uXuw zuEfc^VkQ9!Lc}p}Q?9|HR`i#r{Oj({a5OMJu4pux6jNHyEG%Tv%>bj-!vsC(ia%)mg1FKvz{YuU3LY+i>en=jo@BRme5R^kA_abI6rWaLo}L zw~}?}r;d!_12wBBU|up6|}8@#o%uq^U~}jM8Wn(t=J! z6!}kY6e)Ly5E448#YoqRAKs4{Ul#244cQfGqUTd7#^D%Y9@tMZ&FUdH8&1`rnq09| zI0Mfa$;4Rwwm80cP^(x{6Fh$SPN8AZ4xN&yd}Pq7%`}zMZ!%h**?pC>e*jlL^OK`2 zJ#oRtQ$39>pgoLR0g;j45@FSyOfPRr4Uh8l$SS0CM&=-)4z=CchLJLkzPe>7K2ICcRkT-hWu;Am{=_(|ILaxLXF-{0Y`W(D`}7(UVs zgR8KA&}O^=6{C%t>(j~!3fgV0Nivf<&**jH6!F{baOSFv7W--+QCED!QXD^pNF*)t zP1C8{voy&`ssujchbe296NOx)%H%M^z*(u&F^7P}%Wsl%i^EPSLC3ss3K%m_gVqra z_kT-{7BX645XJo#ur|^iqA9p>2|PPJ<7#j@5RAMJ-5OV(Oomt3p5q@ndvDeGOU|G*XG}fu-;V6*=AXJ8#91Z%b33 zr59)OEz0VWFtZ~Tq_}{{NflC$S?<{E-FXC=0eunec8^ztCIyjSk)OyY0euR5O6%(L zWt5z223&C=ASlQ*vZsn)@N41nh>zaUL^~P@qOMlt-`lpj{f7Rp7c_Tc1#2}ERo2Xu zOA0T}=**Qn<{JpP^uL9P>>PpURdq`Ab&Nx8QLKOYvEe2F>4^*df?K#%YeOPBN9!Wp zez-A@e-*>_eAhgDo;t#>Z8@fGLM3Wpv0`|Z?~1n|7bUQKGZ!~M`BKCr)Tt7)0@l_H z6w!JX_0b@&_EY~Owu{mhsZnxF2qBL1RqNwztDP%d9R)hW&hFZ^Ra2qU@^@#()FMT= z8}3WdZeX_4us=jajVS@&$j?ri!Bg4h2|nU|rj0b4m-5BJX9_c{P=zf0?sbvB5gI2% zd7$bjk#~;MgR!vXvbh2x%+(~|L~hd zT|kfLIc-;U6ZUAf+8HgXa*Suv=EAGi0)~^GTc=ms8{MRv7{0lO^G|M&@o$;z* zTsf(4;QO2{>rPPdt^0!K;7?Ja)Oh)pbDVhrQxE}}xSbn$Q1q5S@I#JfPqu6DJK!eE z*z{p%Q|=)KpGn~X?wOseS^_I_NApx*WIuE|3b7+>K*QI{EC^zfo&P&ni3!xM_dIq# zDG)Z{=X0Nc+-N>q6{t)om5@lEpK#PCGOCSSDm3RBmIySupQdTHn{keTh1$i#1D_b@ zzl{X&-%i5BBw5F(*~BC_-SAgdzCrNQe3~~|HBa*~^aF$lS>v;>(SOrswpt=yu#!fk z{b(=dOjJ3nYCZSa8m-5(So|*FZI4R$R6=PL7*I$G{jN2QIEgUge>meE%!#9?8+BR# zmGY$Xb@9edgaxv5a7qU|`=cWeyDn1W=ajQ9Qr_*I;4A^mQ046oR~)@$}4&rX+bhk@v{K;59g_2h&Mx6P z(~pmSC)d&hrvSEGY}!(4lJJIh{E_io-mE*i12Wk9;TjT==?;Z%rICqv-`yUyKAw$= zOe+Dv?ldpIbji`U9YuLEVoMclXPkM0p#%_*a51xXjvv|^(a>I_ z`kuXJXr{Z5qpj&S=QXaDOlZ2(9w*PT65~1nR`d|s(o(iNaHX~DcAizh?fESs?M)!s zEJie)eO#k+7b0KxtWrc{;%cW1U9|}y}s8mcXnZx2cl3}g%zPN%5dFWc*Zi1le%5m`^WPRyr5>ZymNf3@YpRY@wR z)Y+w;O_kpY%3EP3eulfe#eLIA5#O6q#_H;#><}G&_UxR*7N{XlP1nl?O*)hJ+ulQU zuT-R(Eh3Jlvk6%pqCGfrlTW?Y?3v9#e>*W*iB8T+(h{A{YRa1?GXI+pyBjP3Eu;(L z5iW3Lo`6_>S|7*D&mY|V8y<{H!+g=D|c_L`|;YzD506;h5>ugu#ff8R~MO()2 zy=rN~1$`yM$y+Sio8vD5oIUoR8iquk)r=>29=L{Hs(a_m{oD2Q3bP%=Hbsgy#3EMkx_sV@Du7XG)G{?FAvub*-w%)Fm0G?}Tths4#Ko<46!x^G6Y#G|wDTtd^(H)D4iHUWhHZ?VM-c1$I)7F0KWa!y$ z7iD&}_4KZW)|MX~?Mgl$B-)O5>n>$p0AIaCO&Nz)nKi{5oGnU}nnekFSlaOor?G|_ zDXb^i2c&W5kQNLirs7%IcIs$EX$%mKGgFt@=V-6i@tzCzr}i3ePi}Hjee`fxtJvIEj1L&p7NlU&CyA7afO*_uybj4>ivR5+mK)l3GLAj90`@N^5(%#qjb=SYf=f<$aJUBg5#9A;6OW@kECz;hlzpDQ! zblEVys>$=3r%=_ap>eHj-=Et;IfstB+Mi@`dF716B>XM(d0Rqb-_iY~u5}mVywJwu z1IX-=PyT5s&pQ*bc{vAFALOlT6!!>o%M6-3N**jrpXyzfc81+MyeS8WNw-sViL&bI z0b5g7HucAYGVY$0O_O9nRmroM#u)tk%g_B9TeZ8GKV-VzJ%Rn)%O`N|#iZ_ z#-=CRDom_aPV}OdQtAwi=`A$#o|i(JJh&uTi@{AJS!mx5>JOE|qQxLFomgL%O*t zNH@}@fOL0*bT3G^0@5Mf@Y@A_*X#Rv{P>5qzOH(tRY~+~F zO&+E?6MMgmcO$nYNt|X8&`zbX3^b~yZ*k{}d;$jgg7!?GSD&y16u% z3BX1emY361_W~1bUU*aH#m>*f@nstT9b7@PJfw;$9JJ-*kGnFHs#MPHHq|#r%RN-` z{I`ZsR}R!XI(p;c0`7e;?{%u-g9f=i>55GSjVTCuV5NNto~Qi0v}5L%$=meBhR{hD zzh1L^Q;CjNS6utkT%Hy~jVRrqhIr(YNxMy*#VNbJT+^s$Q-hEmPl*U(9=9-3U})r= z9^9(iE~??i=J)W!W>p>Spva~Di*&PMku^Kkw2nl_o_hjGB$?FJ@U7`Tyb_R<_Xo#&uf zWdK%RcG8!`hw{nZ&i@w<|4c7meODnawIZD!z9LzQ->P}+`KqkUlki9$%0S%@1YF^O z?U^%k(j1FFb06tW{FsOI;)}s_bJPZt_UdoTOUt2AV172`dEVgVU5|}YxbL%;JY@u` zL|chThoMzp0$>{#ENQz((K1ev>e3iratF6B>`pHZGuGn9l9*{=e#mW0S(1z;$&PQtqGivVse@%= zwkJBu0@woLEpjPs#__-8zmlogs;AxRF5n)b9Vw;REAKUUbJ%GdXB9wUbSHVS_(g6* zH(!|lNq!~n07R54Xp%%;&52bbuzRDVYusO;hKzCI?$o1nSb&X7yq+Fpo>uJpD_V7J^kM4S6-&b3Mw9Sz~r>5!gM z&ZXDYMn3U`g$2ZbhTwAnWv;?Knx(P?o(=n**dePfSmq|LJhZnWwc|y!k&o)5hkiJ~ z@O%&RK2V!-w#=DEotXh!BqF0RaDUPf@&YOXr}FZdz{gs^_IBQBW+iwD(#RW%iB-x7&cNi$x&X8g^S0GdoGw^Unky;e*jLmy|Ml0y59L*LS?qOs z)u`DY;|aOsJiE#}8zj=rJjE{z6wIUe)UMa*Pz6t|CHzoSpeIu?MW@cWcy{dZHN2oJ zfYnfNq7A2V1lGHg=SNG*oYLYi%+%bOj}R=8V7BiZ3zz$0s;jEh0^lzw21;g$=MXMD z^=(gFih7NC&XQaJPn`YrF$p^f2hXAB^76997e_r3^)3oBB=2*T(68YP{a88M%_Tt| zwF-K}j?dt~zMncu_k3~3YOQ+LpT|XH+^AW71W5Odxeoh6> z$hZ+4{4CG2LHF%{aG?VFM7rgc#b(^jac)@zKK%DptQ-ku4~YElQ2x;zCF_ zhOp-Vq-P7Gl1@3IJMn{%EW8f5@;u1>dh0r*o;PkamioTb(qC}{@+`VJm4h~#j+`6&@>-zroUtX6f69JVmB{W!N&cO`Uepg?aGytCI&6{!UQ{Cb{p9`1cK zQK$GYD8;C|F%fB@CmoaX)p<4 zcEumu?$(uFn0SmgGXQzsA9pZ%IBFi7o0}U-A=2P_UNUsqO0=K= zV53v;(&?$jEp{7mZS6b`znUrF8<gO@V^NNtl5pmt`^=*yF{ZK0jZCIr#sqwQ?i=+u)<3oYegPQ_$F1mFS#Xo!AOvMW{*!la==qs1ewlWiA}nVD`zp}@h5 zDsNpk0NR@&NZpobfO2inf!Vi9j_Wqq*w~+$hFgn<8M0B$}r`~R81{Cpk6V6||fz7x96 zn*St0GVj-^&p$eW|5bXO`Tbiwf$}%0d>io!QdH@wu^}rn-MF;1mDQ<*_sClpmkB%S zKN*t2l<>g7K)3f^US2~(L+k77lV2>Z5aAH5kj>}?83hGVBR}FtM8w*njAHie;o0aD zcWmIJoo$cC*6_r{Yj};e1XX!@Om7qOC=WR~IbCH_LrL(-v)$l73HIonpsbEikF0}B zPBy#!=kenMsc{$ZSc@PceU9GN*b7ZO@y#`j1^JEFmBnE^l`NiSL*)D+Gj}7|`AaOJ z#fB7yr2d!%aF3hV4yzOuEAk4c<-i&e-hF|E*yf_C+6jx_^I=Roc4}#9?LV5c@z;;} ztS?o$vOH7jQUy^W}`wi$dcRF3OikT3lEVCbSU& z4I*Hf4VnLV+@7Yn;T6^AnaZI#XQ^EwQMJKbTjnU#b7DaB26(v)C=-D_RHQdd)aq;2 zG-f6%bCd-_D%LgJq4b2x^tPcYo^k?d7e&0p#*M+Jk{xB#<54+fIgzhgx_BRg(XNY4 zCb@clv5uOyS3elNcj{K@;3)hAFLcQZyFw``V{@soM3k0EyyH`I@dxpGXn>Euo!j|v zIi^kioB9e}zY)NTVnTSF)+CXc(X7=|-?yA>{{Ex&Em}8KK4A=MOw-}~HC;T}vQh;d zlN+PX&|q`1%6D21DwK4wT&3ZSQFfG0ON*qDmo()^5?WoIPT|te&?SB5!kZMO=Jv$^&Qwx0gnguf&&40vux!Khvofx7#3~4hsmCvpY z+Qn22ie-_sY=FWzfbjzUZNETLbp!ZN7XhW>XI1-x@Cp{zr&oz6Jq(8I^iS0lF^fL@ z29SH#Xew;D`IX9NHT78ninh1bqTfs1mPs|W&1nN{`oLw%krBSXgLpG}YNE`D0A)L( z``;mh6jAo^;QQa(%({btkxZ-2ce`9C2?mx;xi*dW`)d1z)cxn$>3`ch?G@1C6KJwB z%k0B%FSp21slN+)7G-@HMx=N49d*C3WpD^}kq=b!+7v|hl>|wjygsiVakCRTo88ON z9mTBL{A~L5(rU{(ydnXtvwhnVklpl{3nf{w*${R2C(nTmdkFYe(k$rjJl|E0kx5_IPBD4QfRqjIG^zp9_i8u zeqnd?@d&e_c)9b3JyfnTLkkp-zD37Al$;qxsCR(qUikOFy#$c7)q?M9T$`<}h}m7j zItD%l{Drjair~&P@qXp=IxaL353JI5Ezsl2+&edeqoCeG|9Z!d4^-#sn{kI>>Gq0R z1R*8--awxW=5^ArOta0#w=RZ#yIF(J+~MMGKxn%UdROWEqYXxrSpP+gFitAz`{S&M zh(-XSRTSapSiH{(%&bol^H>>ChT@{|E^dn#nc&Iro7K$!M&h*F$hCUH(lOuuY$SE8 zUED}%i$l%e1k=-IVU4R-%=S)}WdA}1p&aImo_hla$=xHJ{}QVyt?^EfzDW+NbmL}q zaPN~8FV#eQ-qy?53Hl1aYD^a~ib6P)xYE+^Wc|9mQV0Vh##sFwbvS(( zR}J5^cb3o_J6-NWKW~0TrQhkaL#=v|_w|mR@O8bB3z#lqC2n;YL+bIxo)PTZwbiyd{LT;!cN0-& zn#xex5Wi%;qvG44+V_w|)aARQ<}OFIi4M{CoKz})5KF3`hfJ=ZYPtpyT#EwAv- zDt8DK;iP}Jps-Bg?ENR>-F53{C71eB#m;+0RotT29zOaDETHC%_F)~O^#z5oEh@`6 z`4fTjl*4QPUS#fG^EFFz^bLFw17-4W1yYfU`{j9c6799iwG{pgz)gq(jj+4s)@SMq1~ktzF)Pd?SRW4VFz9Z9A7 z^YcA80&8Ag9L-&wETs)w#E=`Tal?WG*mb6^YIPV zeC_(ad4d66US2lHw=}zB^(g1cf3m~hq}uUMUBUQXI!2)wPliN6VPQSRFu?>N9%})B zH7s&!m7(KK%W>r|P4rT#A!609d{|iZ3h!WU$jp>Fn&k#+)#}0NM6^;{#g(+fjvd#( zSq5%D(kAiu=?X0(1Gg9TI9>SsrD|P*O=z;lap=?y-6o^mv+qnrn8zk0ke(&t46WRi zl$1RD=4;dshnEMP?d$->J}K#W8-+fV?uut>nj2HE1o`|nC=X!+{;592!5WW7RRcov z+JtIrN7j&)gHIDeg>D_zIp!&{^{e%9$qg1NPk+N^2>u!Hc*`K5*%1={14EL6#x1q1 zD23jQ$)!Y0fhEY%PelzaDXW(BDk4<;m(wr8%v%%K8G%S_3ET)2{CHWwD&=EF%*UUX z)>u_#lF~0CyA~_R;7KYX*%oC&oEC6FVyfnZ=Jel^xqkjwZ4^p0sRZhs(dDVorsAmuDEOmxDt&) z)X=cz_Xi>DwoK#`6)A~{kI2dUZBi2w64Epm1Bz=&IzsK={(BOOJR4Uu7%_1BYzGDL zEQ@ivSr`urqKaA=%-7)R543%FHi(tngBO{aF&0v| zo~iFysy?66U3<>1qDJ25yb3(_AXPbMln&WU6ZB*^4#^3uqPeE(i zyfv=VG)RcAL!A)e>4@P}&Hk0-PgYlXq*IPUd@7l%bblyQkxi%Wg#=eG?h@oVXEJbgHkTp-aNC&)>LW3{i&<+G z4$eJOHW6bHrMh+wjI%DbzG`MMHv4#jw~C(ba)7mKhFLA?97xWJ^4HX_AN`Q+8op ze+l{G)%PPu3tnh8K2NGx+^klj?}E_?haurwaAdf#>~9`hpsO+b#)LS(b-DR-aeVK{ z$V>LpT-&Mi;b7-jmVg2Pr@XYck!om zO$0un%{PHx=zC;~y~Ti#i|N*QaiRUIGfNwSM#FL1=oi$lUFgY3l7gGX(CJs8SuZ_}?~k*?ib6)8(Yz+B&`W~HU?=~5NI zyb;MFW64~N*v?nq15p>Zyw``3ggk_7b+0Vgr1J~hzcw1mH+=!q0ZQi8$k$cV1Fl6l$p0B?kQ+O(c1a`o2eg?*wvQu@tpH)EJH#v@C`rNMGVTclbm%J+e z^Wfk%Og6&W3%r(o9j&~MHXROim#jY|1@&(Fw_!-B=?WpV_X%;+8ax(GHC<9PG)emF zLvhx?07M&jg-thVoIkSbI;u52-KFPIxiq~bX);H>KD1!)wK#UAOKC%SVKBGv>uMn^ zfJleM@r+*EW6%(=UFbF3Ajz11@fk+flm1wai(mJgDHO6=0NNIPO0bAWc#OHAFmf|Ep74Mro>aJid==o{i?)YCSUJX}e z!6H)i5zhKqOVCI}A#Jm&@Y*D7%KF1Brp2@I)z9FjZ%Li$_VnJ6z3LaPg&K9^0O_>+a2G?Sn=`}BuNODTlNt+7hyMGO6Ylc zP08t}X_<`suxo8Bg|xcr-m8yl8uaFqEdu5a(-mHDC3e!t&KPmV zm3Buv?T6NqmLm*mrlRnyXi%S;3sBL~5K7Y&68~M!e`}K9tN;QXO$! z91S)S!{XHUHWjEVGna@Rjd;FTikb1iQKL3Y9MKG5&kXEHZ7vzyBzMAy#_hI@3-Y&f zKw^Q~al(pDIe+XWJ}ubZ<08Y@BkkW(pLZokQ3=DFkCO`vS;8Uv?w$e1zslO@qb1a^+9TfmIRzpiNUa1%Y@WBV zZv9~}xVK2yg-YLa>0SFHwDCJwz^$h@VeG#-mK(a}KM0%~E(%%Kp8OE$-H^--{O(uhpzUGsy%Voz4-XhVVa@d<^%iVf7Fe5GaLbU>WHwap)}OC*+b*T zv5Lx?`$m1=^W;kwn$!Q#9reXJ=C_GELFFqd2MWupbO_yuMeR&2gK2t**_%?)I3L9N zL#SH;8vm>f#3wu8V#W+Ach)J&C1>AXwk`GK-sz87rtPgMFkMJG%@nEbLA5|df@RlB zUqiV~b!Dqf6}URi^)w7X%!eVuPX}hOK_;!=E^8VeZvmd31yuJpDHTIJ)W+2I*RtG3 z!hE}eewoImqev^&8@U7fG;?2kj&`dl3^KqLS*?f9@}#+S70DRiS$qBa|a<2c>ZuPg{V47 zg>#52)=@C{n~kKTE&sZoHn|CQZ?Ba?!{<0sW3$-0EY89=Sw62LC?sa7Y6bi$^T^~m zdbgjKglaF9a0Si8yFYiZp+*K6NTaf3!Oky)qOaCjH;K&FcetKGtyHyw8o>J;IvYR; z!52RYkZHW-$d_O^HOa1l{y z6ht5Gny6LFgH7+uv-OatB19m_ThhUiTNlBqq)T`MX2tj}lZYuK4x#lHQKplHD< z{nc>X7>5lOb)ouJrkQzcT{S?i-ttO*N!!q7q3TdDNehG#80p>5g=-4Zk1RR8i6OH{ zu1i8**ZZtmE!U6VDj1a`zjtTTtf3%OzBR?Ikz$I$93x=UA1!}aj9I5DG{z|81mgIX zSu`mB2_Y9h`!3l=gj+*8+sl@+T2JZnR`!umNc`Eba5-6DAy9u<-6)c;IpQA6xQG!Z zs(3oR#>dt)ZwgvMgwElFpOx?RaH3rg^!MzVFrLH36HXew;mdLCQI~Ap-<8hw4<@YQ zZPxn2Ewk%oPuUHQL*ut5RmbBz^bY%Qj{5Ys_B0IdpPyz!T1H-|5bdlEHp|hy;#S^3|w${b?|G*)rdE)ZQ4p z&(y3>zv3b`B(indi*cDC-X9Ia!Zt>mn;GmKQ|f1R55Y#k)u>trSR)W^PS&PrJ`n$R zR8^+yVtjx3zUgg$@o4_W)MqI+c%5yEtg2?f8?e#iYE;ALoVth0QkW1mg?AxkH<<=9 zS8G;oE=)6jcLhBgYPoN-5lVHF?TC+#|02eUXQCpm$1^XeoK8-$EvkL`o#XIg4wUPJ zkU!jyD?LD}nOF~dfkd{&eyEc`uO60a)-Ll`ya zyQj1bp$0`=kJnLDePeQSLU`eA208N3(Grrl=-&Ge-lEM(wtbLL5p$p)Ic0joWhmwr zDP7AddFaThtJf`JxI&y4S|FEnfEwq!yD13F2inl=3#MXy$^$5CyyL2XFYaZJ+}eou z;X{k%Mkb5Yml3@=Jc`lvbU8cRR9nJ$)$Y}pu=#t%6f~Lz>s(gJMQ_5n1+fw7ZSlo9 zIy%y=bKY4UqIWAl`tdoxmjLo4{Z6dnxtx4U7(7!A2jNL#Kl?DQMLSIFG1=W|!jJDp z7>lLQgDwTYLD-D0GgI@L$&f2RiOuj?O~Y`cN|4g^37mw(!Wf8L@_Vx1oC{ z2;YG~0}y^Nsion)aTYAjK6l}3pO3;K-2yGSE%&0uLQ9we@wY|l|3zNRG$M2(H2@V) zTeMK+5=1VK)3S6tFHe>`LMg5;&$h45_d@-B*>oE=oX_f{{)+oTt~cLWoG#IRy<=S; z6N|+ME>DaFh8`jv-A$caSZ;2va2nM(Cktu*@!un0<1Emfv$?CwBLozgk`^1hajL+5 zl_AKyZsqX){cAeCDH#?Iri)l7xef&(!^xqb=yn8N+3wS~w%$J3TmIv4ef-a0mj{Ia zV%@CF)H=;Ic53|8KGcRG$LiT1KWoANUoIQ?lXI!Pfe0vnI`N+< z;3vs7QXxUPPC)!SjZ+9xF;3mh@($(ePMeNZ~T^+92eo6l5k$q)B=)!_QZQG$br*c0W zzB$*@B6{|jOiq3LVMs{GycK`Er@3!LS(r{q<0N^9Peco$qNSFW7E~4E&k&r@Be9em z#%G|xHg>+XCUR@B(M31~mg!IT@$kqGf1aLBehRv31%yo~1U_HLq<9z$e88sNZCT3X zw#WFBc@nifn{T9}-@5Q?_2~&Zr;lJ(ioQFmeW zdy=Ou0>A`;i>S@TW_6BmgAJ!V!i3mLqdFS3affiUHkpcZE0hZ1W$-DP{pdw-JGzZ` zvelWnVlb)1xj!R}V!fDJ5;lFpZN zmami5YTUn`6Cs2K*5|N(1-B8$?rYiMLqBIv*(vJiqTDDH7@ppv^Vhvz%O4T407J-DqZ+7;h=IEsHPWh+1Gr> z`_ZWW;P=YB4{L*2Q*E7`P z$;w~CEdFK*PZr3lWNnx*otEK{C^gjf6|=-sNh(`z8Gp8+#a>bKis|eT8TAQv8x2Gh zVQZGovfS1J!dvR*;0%N=brM%nL%34q#`ZQMUK-FH8N4|UDR&!Aw2Y0n3K}DJu}{y4 za&^iWAfA$Ek5zJR6|P}0(3cD5|0QM79dSa_1tdF$(Nt;{tDfd%7oA|olSXEGk%IrZ zekLVbp!Tx2uT%8U-X{;1x1P+Fmk~~oR(-4c1rL+hwvu!^J*12qK8-%=^Y(}-J+9S zt}ZV!@<{I>T+z9(wU9ZV>1ECcz0<%GmAu4B(qFwieZq$uoHV9;Fia>P!earkjAIFs z#&_KUd&lHu57lFvI55(_DhKG2k&*p+Pi|x2Nu|~=5zw#1Ad#*hZ@IK(KNXAq1zLeX zWcr5a4Nl`Pu)L5-P!*`0diQ=5n`+FJAqn}dby0K4Csx+!{V$m9?PaHwIGxb?~_Ds{uc9M~kpJMMW zjvK@8#Jf3cFp~{=#|1wqqC)Os>%Q)HS+I$$Z8oiM{tR1N1tNmkz^4%LbU#>&sxQ!3&^6y{1g<>q zL11#xdT_|Y0SKlU@yoP>D0T`X%eXVclc=pHe#+Nb@NV_@gX~}5)(z?A`1oT^(}*Xz zuyV<9ivc5FFzTwQ3!!7&$<*4pd*kT27%Ci>cxRtI$~p^$&-xv`Um2Xh0*_=fiJe%w zXjNEq(GXVuTuie;LM%IJf)|6O`^5!t@sVQ2r{V8hi*_D? z=4oYIayp2>3ZPB?d%)EZ0F=oV zRfCaCRj*GwZCm+B076N@JNLBHQGILTj+`16mMp@x*!z40JWF7SA@ONQ0Md5iU{Sqt z85ImyBGs<7mMxI1ZBOL|qzh)A*$=$z(VOeHn5$U6W?i_oTacJ#qLr_HluAP~31K8qZ!&<~dthhIrc1FnX>a@tEF6ln;)m6zzC?rC%^0mh(OJ~udEO1q z&G*ozBqvME5R06-$Iic`N34m$`6|sTSF3S5>c>&s6x<3onpm(FvVTq+rxwh;ktpe{ z&j@X&pCpD+aviS7!pmM~vk^$~zvzflEB!R9u`; z3a#1X*cU?CP*d`cV3#D5D`H^r;B#q56-|^H^Vmx18tb)-eA`-;9v25iOqJKoR0SWl zu=w*jIej`4C~G0xp(CthtK!~a!lK3@&=vcCY*5WWo%;zc0!_a2iNlXiXP*ZJ?m;Ib zdD?eXMk00y_vRE{v@D)@bB*xLl~&Z7z=Ii7XEkA7=a6yEAHL68c)_Opf`X5Z!quZI z#ES8G3SQ;(ImIO_8%@x%6!@}#HdSd|Y&_24mT`0&DyP{}R3Tu2PA6ORuUmjFt$A$=_sMLru^!7kgL;FCB>vBX-{9gA3SswS3a| zm}c50Z}vF(zpvQHQp?^qkp4sX8Br&PXBh*@f-WC!s7ORWLwXbxn_OL8{ZknA|ChP@ zH*xpp+bgcWH{j`?)7bx0XEyv_-+S@Y3juzSF%l`M$`r`0JsIRiK4#@RiIC+O=H=xT z85xOq^j}ZpbX%HM@YSPoSh?D8RS_!k+L5=B-^}w=@sh&iilF@%LF5znmk%`iA)n({#Sm42uoG$K?^-k2~F5G5WbA0>oR8G}vvjh(fFt-%{R zO3vtJ5MAVqz(Z6{o|pj;h&hHH3<9%3Igl?>vPtkzLb?82@=|hg|GDI&g!2BmWQS66 zvB$gxgScW&NkCXJy?LO!l{H{cD;_ErCsHdF9`t{ea&g3fnnAR9Ts+rL{@rQB14JLV z?{INZa&gBz69X}!azkRi<$>@jjo3gO_%VqpsCbcu4{-3gA^#A{do2|ApF(4vse=e3 zA3eMuLoWs*Mn!ZNDH+5a344fF35bDS;>L`~{FTf3zjC?RujQiM$c>p6MJ0|r6TrB0 zGjIwq5LwI_2!#1xedfODbEi6}89yfK*H3AP zLPd|4;zF)ag`y_tYj;1E(S_W{Jm+se13!IPF2f|-E*~sYwP%P|=5^wcD zFMjX$)+etiKC1|&aQyl6?cD~a3(;4%E5Nmv2QZ?qzQ7M6*>ut01b~Hzpu6X(fV_%3 z!x3#CymTY=EyYl8?7HL_&cc?V=2XI<1FO8U*tZTxrpxIWiLvB#<*9E;lb|TxV^u*6 zu6rV~Ke@*>WC~`;xaX(3qa`6d_nFGEtDkb<0vgn+~5{>gGce^agppU4Y9y^`+HJ!s;2DT?8@;vwJRK>V&Z0GnQH&LJNfn z(azwEZ|iLrlDyzdS;za&`4W8n;A~hd46k3*F8cxun8}v#b#&9Bk$k6x-1~eE8H0lh z6J;8%^;SDgFEgmP#l;7z4tqjeKDu_vEjfG%=N58&Id;G7E41qaMR9ULj6`6!^^&b6 zOEI$o25wM$9rpLrbt<9Q99vD@LR0i(&rf24q@LOWxKX$Jp-?FP<4uE4%59`F`b=T& z_k#I=i2g@Z-$(X&Ws{F5;9q9^yEFq|cf#UJrG7Z|0WY>1(7vl1KXWBX4`7>jYE#Y; zwV0fQ1Do+%`#G%jGs+>@d%o<_FTFyjs#L0oK4tha%e|OL<6AhfgQGeXmlZJu&nP>YVKkZrNc7<^K};#eRjt)t$?U=) zK>Jgsetc8tV=T|=@Q)Ao68o0;dLujt+sxLeMzCwB(5MwZVulT{kydytOR|k&%97J# zI?{BVx~HF5B;-QDWO`;WGZA8EA}IS*c2~)xFvbujx$frpA5f`RML)-|8V(#+tm*@> zUdvTv7LZBg_rOiYzb55Hh8sj;9 z!B6+nFi5d(?)iwfpLyJm_hIzBvFcP!HZtnAb{w(4jAV(s1fi80>1iyt1|2IfULf`p z8xStQ`hlW#M7gDiHOl2#o7~qDy77n0oEx7f(5C=e?a44Hvg%!Lf`qk*et*D#kZ<_v zbbmkc1>{Q>lnj4^La>kO-ni8Z#c-n}3HRHQX2od?>W<-+ z2kjuSSEwjn4A>sNT7=KZ1WM>9w-?}E_=ZBjursv>#Pi*ij6~+49EYq-oxd`%-#4j8 z0r&iAvvnUzmk$?KIB8=6*arp}T(co%lcmE#4D-8E!Da6-?KU^nCq90p%}ZPVDutQB zzR@!<&{deq!4yvH{P4$?yQ&!n`FDI12CTgws}?+`M0@v+G}p6hdIrmh?-B6TK9lLK z1_GbIe4sP!e3)eTOEpoIII1vYl&jVpD$=vPEh}F7n>nA15=A--gJ2n=bU!|SIOtrC z7mCgR&Y9JA$gh5!hV_f7#UnyIq5DAM%e)0ehW{Z!op-jWtVO!iz~SpEHJ)$JNcyB9 zxnsMN_urgs#NT~()mCdeP`j)|Re;_0`Uh|{IYri*ARe@4i_Z`z?}%;T_8cY>2exSy zdxe1}H}D)%rTyv&^|7CSMVWmls@bdO*{kCY3r~%XnY>=<@!SqNI!3>n<4S|Gmfp_5 zG4e9C=*PI*?24{&j~>HA>u44ypS3#9>?8Aij=Xk-$-v#L9OjW_1$xN#X-24s7jqfF zS8=?rnUw!I6MAdqF~H`7>A-hyZGXoY{(u~#>dAv}Gt3b4QpYrH`^?dcj?ptLVL+sm zl4VQ-?p+h9+upz+S7cz{bVfO&afOv-%PLk<(HK#MNAqjV+lMC=TV2$JQGtD9blJK| z|6UEKe9cOpwQX?4v3m5&p1tj~=V%5HMgIQne&oUETfqZDbzQk!i=b`+8}y$l_#QsG z8L=DIw?p%?Da0eDq=mDIn%-kqO%sbLt(yEAYa)1YpQo^P6kGE=e1ZP$J)5uZb%;Q( zh;Re>1)qD^PxPErnyrioaVidMRJ>Q;ghW%=;L_l~k{%f|yD+#QK;(?7~<0s-%t z&v$9&E7r?I^fA!OKOZ(!C*3tNb@WrVbeXXs5Pv#%uTW!1eOa7|JmG=q!ZO?jCAtTDb$7!<&|@*G2s>v<6>VUN64U_m@?P z%`eR!zpl1eTj&2l$ER`Z!5{=nDXqqiQE>oK12Tq^s)n-910S6AaoQco6-_ zy+IF@>ftY3%^=caQa=NE_-aQ-SxMwr2e)(AI{j@j3XJ(AvGOPQv0hr5TDV|GA10yb zLVo*5fydZORLQ0F&K*Tm<>h*1bUz{@s3x^$21T$D?zf>2vU^VlSg~bEUr%#$*>~F% z%m54|Tu)aM(1JE3)j|>;)`aqZ!IZgjHGlUbB-n$eMv$5_&hY+|;v^c)6Z^8fUY@)9 z!Gn7yhd}-Zs}@d z=Vfwjh9`P(ei%XE?W8;rzau!_{Qz}ttdRo}T#!a$>)_-1cLRlEgG3RFKB2h7#vyo0 zkKi+UnfGS-=76fXA0m8oezJ=^!Xg-J$*sipySF>D2l}U-scX?i#xXv=CZWb9oql8r zC_QNEa!=Z5lgSK3=h&{k5S2)&(jq-NXNr!zYeZ~CL{asKBTC516wLV62qU^hJJ=6X zL;SWvGv@EmiNfonZ zn>KLfpvgG1qH5>;UME?jK*02|;Q1VIME%feglT9TM1ua5de@3g4SX9#`P<#}l~awi z8G@6CllLaVpGgJp!3fMc8aN%^@H%%r?)q#*)jK$9J1#ck@_x0`shNC?p-QfM6~lb< zeyT^fWZ-b|w8v@^&c*7Z^iX?Kn;8^yYSaf5i?&}9*>LoA!~>~+3_rS?mJ;ni4;-4| zM#e&n)u))eqpY7#yr4l-t5toTCm1`bYE~1#* z!%>PZaJP(}y^|+4aLg%tQI8#!u@`3c>vWBdm~=*i7E_{E+5dKW*&D{C+MzA(q6~2t zh=v4}YP_|r?eC^I>bhst*_f#w7(gK0J)8vX>h?PdYu31tcHN(?(sWOa)|+?Z7JJYg zTF6@64=V9(*|%DrR!`9MdXXv{TDp&)solNe^BW2dBzPCFC$RT)QvsOJ3|uj70IS{; zQfj_aO?MU=9A)LsdX7ywi0Powp@X_eL7FWyIccgel@RavidaY?K+;Y*F$|!~Hl@ur zB4f~Rt#%ly!%nau)Fh8))Fe2MSXk$y`Xr~jMdsXvxsaS_CFbvKAj#g@XwB~!75VMH zZClA3RRvr04;$TVm$%bMwD~7mzZvg~b`?QD1<$)5JyM>sCwM#HM*YOfEVh}lUO|)G zBVw9N$ZFoTJ{>P6>TSpa2Yn2nqisIh@9jo=aj{`=gH#ep?KkULar>+BcZWrt^5W;I zX_7C3?Lshsek%IS$L$Jf4}x+(+8R4m^`!_n{q9Y5P(NBNep8iQ)2{G-h|SVz!7}I8 zTkv^ymfec=GWHOpk<=M8zG8V9ozbdEOJIxZTZ5;OXyTNycxPbOL3Upypi=QB4)au} zw?zPM5pnVJ#c!6miHyA>N~Lu1M(^e)8JR^dbd-p{6mSSrzFi9N9HAAGk&ssvVI-0G zxnxY7?m4PxN#>STyZl?fLQC04B7C;Id|4>dpKTlBU!g9Bn&GMcnK$fBY%)1x+9z}C zEy2wv<;wBpI^_jd)yuIB8 z^ZBri4dyBow&%I>snlWC(Gu&Xu9GD8M)8&=oM$P2R$~6KQI9e83={ANzYXm*@RagO zImK4tX_j6)8zCX->nL~d>d2DX(Bn;s9dG{Xm$c zxkaSGVveu5FO+3y4~5P8n0H=_48wtcZGp!xFRg#5?C9RdRhxTDfZ-D5nn!WRw_xxX z-d0(#1l;{M!=v(@>2ND5gbA^Wm(!g!nr*mCiWFBYK3(HPHnv$>r<~D(%aFw4#1m{=j+IxyhA)lBx zmi-YsA6|{INs1Zjp3dx$5XhBn`*M)vkr5}~Pliw;h$w~kd?mkAV#`8_;_SedNx!HI zPD0v{r7M>vq2cpa<0sO6^KCToTRL(PURrg!u$S4L&~937c0ilx6C_g8S6<3#Acoc1 zc7>$*c1nqO++#f#yAMYYyW0|6_1R22V6(E*QwfSt+k0B$WviZFx~O(A#UECRjIw#F z^wbK5ey|pTi*w@i!um-yvIB(m3m&Ri2qh9c=q?2I%R8v*8=HtfcJoz>1m?%%(G5e2 z6O8$sln17oKLPT*cjIxtzNtREAmVRcmkYj!5quX*s`*v_j-u=Q8O1@2YHPgCKFh81 zvA|q2{14>b(*ku)x%u16`xs(WPYmC>>eiukN6g%(tW?maY{jGWL_QtgrMp^;vlWFmBg9 z*Lmle_>wK;;F42I=p8|Tpdm?aX+ta~NmP>)282`*^Z16(G|)9;p_l zsGVyO9doJ!1jZ{mf1~7!PAs&R{Afp-{9-7&5EaXV9}9J|Gn&}wNwPZ!$}dqd)5*pC z5@uXq4Jlj9MkYKN!Ko_{AD^*V2T>1>?bj!3Npe5=0?G>Kbbb|xQRj$@=-{)(Fkud| zo{Z`-o6<2UC|%``NY=)QK$+anrIiymIHIwJrn6S$0n;VMLqKk5yy%Y7abD3Byck$HEOfx9-+!at9``Rw-YZ8cL_I&;dJ zFKSCnr(Lg^%&wMvGp#Q%FP0T4V!m*p(jfUXJnnz6ncPS=^PjXLH&5hm0m4YKhnPqP z5HBV^4@8T~!*N5>g}(j?uSg!q|G`!AK#)RXq+>yRBs_mPQg#R> zC+B}qr#DO^Pt49XLeoSnhyo9lhv!BU?>{tgUu(kP;rpv8CR`MRA9*Igc++EEj!Hz2 zF$hq3*{|tbeBOWbmiMN&Xg4xq^u$0&vXbBrpNM2>QF*y;#+}^^s>es=h5ix6^$$^; zHv|87cm52VmlHAY|KMnuZ$_s)4jLpx<>mP!?;peC<^I3qabFY9|H*ldk)z^O-uew% zxQogMxe>_6{ttnC|20;d_n>R?6k$gQB_H(9Byez0^6~t+zE<$}nvaql0{QzA7vc}j z8`Y7`ApDrq6A(+xzV*S#es zZkv>oqK_r@R{3y5Vs>m|1U9KTUlgZ`6t;hOQYwKudelQTjdY=L?e)n~cs;Ob-ngA| z;9T)Y1Ar#OGN7!-u%AyENuaT{B5$AgK_s$2z)mfd8%c#6geyDbZfv zqG4vn)YFCHQ6_-IWX%KOxIPArp(noJPPyePsrT+nY`#oy(x~VJl zOqLOC{w-}PN()z<#5+KYhDl(x%;^i7hmp| z=+Ry2qI_x#X{W^g5%Qf1yX4^-PQJOF@5)=Kxj|IGd%4)9cix;-P2PqIl<|ej2$$FE zwUP{x2t*;KjKs|UMdjU~BdhDINr_rqQw2JVA0zx|^;_Wxts zt)k-Gwr*{x;O_43?(P!Y-6g>xxV~s`2wFJ7gIjP7?ykYzCAjmiwf8>Xcg|k_Mcq^z zqs`gsVm!U~IqJrjsW#%nb)XnUkQ|kKVB+f@R(l>8Q9|;F4FlyHJr2asR-m7dnuK(* zYM?F#1f^R9te8-wsRk(6JdrW5FRcLL!``NjNeUJI1eZB?6GfIT=V+T2k{95Gb+gVAJU9PovKj{(*eyw@za7EwyzwMhJNX z?DS;;MY4607hlPprgyu-pKfk^$|`MRz3tci!eb%Ao*NCqJ#uBEF4n?VV|w``Ha{cw z=d-uWVmBBoiTVZdD$a#LuA>C?lJ+RIEojnZ{NHY>5pLj3$7gNrfU9V=Y#G>MG5e)^u7{}#aJf6i8>c_;T zdX&N%={}5({IGsb`ZdJw3C-xh0%s=)8P65QOWH8fidZYr7c7}vp(JENT! zUWfuZaf)C3yylLDc*(=YIO1agQrC|sB%Z0tWhUC=Izz-WDjmHF00j>(OLCHXD-k8w z{i^2ku+)+@ZRYoh(U^3_E1u+M4f9iY&l!!#(6?((0p@ zzCNp9SN4g$s+%L8kar%{>V^Z6p9~W+dlVzK-RVz_H#*$Q0JB-+e!4i|HQ{RQ4@?QG zrH0d2+wayn22O=ESnOk&Ps#2ZbVx#?T(<&HmR<$32ZFniCh!@*36xmBj<;jxxTz)e z8jTteHSZhfd^rs(qwGD=oZ|l!Klnnrlj8hfQZlk``vS3Cr!OIvw#N7SV|l}$*_<%_ zicjtn-tbHp0Sp4@Nqyt*fV3CS=24rJ%LAO_ke#oBd=SCt;+=*#YcUI^-@a7vV&9Q5 zWys3tpRu9@W&@L7(FcerKTyM0iDSo?<~FY?syAHxK0+;|PZ)LBYzTi*<;9>nOweHv z^&yKV=wel1S?E}LTi?u6GX3;9cKlaD_O;Fkfmj>G$N9$G_z^e~X#oGme+l#RB86OA zK+l<=j)>GQDO?;E_1(*5U+hVs%7F4(p|s`tRiEi@_2W zhJ_|0mT&2kj@j8PJU}khkXxTy$=9CBu^*`m`7MOr#;?c>jWI=i@jXp2JEt1>>-i47 zlbU;$uE#q|(2Zrk=SdtzQwNZq;(^{5jq6OB_u#-9So!TWnvZ!`qQcAB=@slN6Af&- z@apzf3bD;+X<00KI3<&$Hl-r%+o?@@4|xkIp9~k?Ew{x(q=5n5FGieJoM9r@N$)R- zH%WJ)$AOXZ?>c-xg=*@44rT0ras}sai9B3s=~t5KPXAs<_i1Yr@S}a_egCdFS-VPf zzHIS_LF?}9TDCAcQ~!79im#H}u8(^b9R>It`#!y+Yjx+~Rj7|NQw-6>&~o4U+<7+X z05;~rp|zuHS_M#jG=F@mNQ!?P+cP&12d&QbC3(t)xDzEhpya$+vPxBTZ3yR@`$md?-pMt_a zeZfBX;_NQ9Atc&+jD%TAfZHLSY-;CEx)MJ7W!3d_#KUouU9$AD@@}st{TbcVUl;g`F}9lQTt{4Z(sQ!G({*o*lTe{&5U8SE08sC~Q!C zV^pSyiUcvoR`0Y`mPJ@h{bclN-b1-`=9PgcS6?RWSb??=zS^a1+6pScnKBNhIp^d%;U9mK{3h6RBb zN!b1)TO`a}tz?`W-N;y_CDlG^i!(|pDarGIgNQ+x@a+F1r%VS-yMJd$h9aC)@pa?gZqx z&q3eBE!fha61+A5haC4gAI;E6^kiMwM%+MWqM3w<4l)KFIV%tpcCS8!9ekG?K~!l3 zx|mcQB9$4R%@ao?`BNJnT-wcb7jSt$__LIRiRJRr60;R46?d}+zb)WnjCg`2HxUNh z5)w>E?`@X2v@KD%+WgpWH299{Bs2;YyoDZ$nQVi!Azpt2HA$KA^IPn9A+vqkZB~Bp zXtmRsW9`S2*HtO)S0&xLlg;#IUfNq8M42&}EDuHXWY`Q($5SMqMq2)RRbX;1!g@49 zq$m=DHxG4DShd0{{qD5~5t-K{rdEl<5y@i?t52sfg`o54?elI~_hI<{>x3%{JU7s$ znRwnGi8wQA&T*gph&iff>QC1~W2dy=jdBv)-txi7rme|JpR4sY)?)lv+KGW_IF>PzDz-Rja%# zn0osAYd7zw`)asm)h8S`c-K6cL^3r=*;svc!tVX16Ex3r*t$JI*hb2S*XEFU+SJF? z+3`f*{E?gUig}4N*$3XiKq+%?4b&U;A(z>u?)tmqsUgeJ&wM`AJHRVrqF=eI%HXDj zYBFz8*!aa~bA1ZARCCQdXQ?w;uQyY7Y9U<^Y$+ejPvLoKr21td4*Pw2YKQr;nv;({ z4ERalDeRN_+j|$!X=E&qcJA8z)0oRqU_=F~YWtPj1>Pt_i{Dt0#oG4p6u}JTp2dnd zq0@av)g$ai&(|cC7{KQbbeD4xr9;cQ<9k#VZaXy#RX_ImqAvnB;9OZ^FF;g6+JIC) z1|qZz;R7cg9EcK-m0W3r%wA^_mE-H?n%p{EV7ik#O)gD7mfQU?JLn$2KNImdci>aI zi2ZpHwxFF${LJR{9B!8?;DP5?@??(OI=JYsho0uS)S=#A3Z#17pR#6yA(7vqDhJ^vNpW|=H3JkFUYxqj_MAS$Z2^?av2)UE8&d> zmEN|#|Ixarj2|VW9r2wtX*d?`aY*G(cphQgR^m*7)KRYjk>EBp0WOQqF9itdcZiOuN>vaNs{*NBgMb^@Sf0T zyPJcy%mO6w8r+TJ_($_VR7f3f0%pj4SdDYo!u(#Vah;9(SC_M>W0DTO2wciQ-h3(R zDuxZE=P7Hl7c!sB*vjL}`TQxe*00pNScR$-Yp)eqglChA0E79IEKcC(Rb@Xem4d;w z-xZ6+omX6fxizmb)vfExwMBK=$n1Wp`U#KdK)d~xJm~3k{SM2VRd>8c|PE z(i%JEL;~XH`8O{n zkwA_Bu0=amKGi1@+kPV(kp6szg84 zsER$3*0txByGh^o*4*bTAZO$L-oJD5-Y++Ip2oU48y9v3_1S{X40c)ayqlIU28GO* zp?_oqHe3%XIIoil-z&|dS+2C_XW}z zgeSYigauU(N5VwLy~HE}H@F0+D0do!n~U0mqY@#8#}xdBD$PPAh^$+D32F&-kesgH zY+40kq(5-fAdOPlZ}DTW3%U)0ZW4_HgiS(7o*(>Xw_((W50n?d^0e>B8l(NM{eB`q z2(@l9E$5RGm|E;15x8L&&rb_T$#k)>p&{#z0T(1EN^IfNc*= zxYLp23Ip-Vgi{a_q^^9MRys}@M3aG77qny|SOVf2=Pc^HZ?59nT;C8Nq4v7zA(Y8q z1(pi%#7Q76scZtHx03q@3;7{oSrVaG^OHB;LYsI~6K!RcGqNdTlfzcC0uf^~?k@U> z=_s&zAv*(Qiqwq^*HTp*@dnM3bu$P!zI$@xlJA6WVWlY@bwt++*KJ2*o6G@nuM8<) zD#r=dUBGc1opx_WWsduk&;&0|PS6OvqC%wHzO8e*fUcdF#Z^}Nq4UnKDdqP+q6qP+ zKla0u?vTMG&E`0_`CPhJO;XWEV`?E6*q+5Xvs@BBB!3}OTBjjZ5EF(fl^4NAQ)WB>)7xQI;r~eWmWnAUd#juQQuwS913(<`OY@u5;L+TA(u) zHYhbx<0BR1o~dUZkSflFnnhNRq5uv-U|J<&l7qc|xEy%B_Qb=IY*r9#%4~3)O%2(Jzog7>xs;uws=}eSi#@+K}i&vb{`0)D8mW=rpo)teju&TH(>#b*^4~|l zlo~eCbr&?B>z$NM3*Ree@6XuJDP{&iD?R-t?PT$oRXo9q94P;CT%m24G;lbgfm4NA zl<}gs;KV1_p%opn+p&-Sa)3WBmo?%oAlCo`;Q7tEt2F%?**fhNfNv|-)kwv`A%?MI z`RUz7+5@b$G?+t}rm*T32=g4uACXdF^pyLtJwF)>jcqi2Z+Niu(=LA9PohKnxiRMw9EmFF zAVOx{*(OffZqns{DxDOtDb}GT%9U_?n3Ne`;ScEl_J47MLCws5t)TOlx>x8OF5m2Q zrk!=83>rqb4THBESHVU19@>Aip8dHvj}P-C9IE!%?k#0`3?B_<9}ZIw;g{_Q>W=tA zJ@+~%MeY(}%zk&oFMWbk8P!s;jLWqk=HO2w%N)7Y82vRNY;BpE5N`farIB9BWzkulqqdySnm?J>*x+TsFH~B@8~#4*7U5J__eSjQ0=mihQY`9tNW|+jY97N>Mvmqz=+kd8=(t#MQ?CjtUmx!j@C@WtAVC{b=+)pQbph6MOQ{zyj=1L-Fh zSbHloUm|Xs`VPCG?~2-@dN_{Gyuu25+r};ng=q0cDJE^+f|LkBGZIcUq<@6|IVBeU zk6Fv-vpJ0c^d2Ds43^M9;oF*tSLoa|u9~#*kjd7`b*Zgq=RSgIV6JCl!o>{ZYNjuMO;)|>o9jQ!D z5b-j)GZlt1($^o2b(BfsMDX2kr0NiIc`%LCWIq%;pnrr!!h$q|^*XgMhEbNHz`ki4 zz=!NOhHd*(y6%Cv3La{Kgdogxy!VYB2&lMJ$s8mx8Uev&!D_&|KS_ZKjl$s3d+xEl z6uL%09Zp?LDCU@a#8p0StV+ZnXVZAqT@R6!TO*Zv!--F$$c;Qk*nRmoW9iXNxQ8-+ z7JEb}W22wYmiv4vD;a9K=B)C1ti^JUx4pBDC*d1uONCNWd+oP^3ODV5SO44@cjL?m9k|Ym?r&H59;F~wwRJN! z-b{XxtQK6Jt)!Izcdvu5CI_#^P>m|E{!8B}a$g&+htUCg=l8&oruL5;a)NC|<1a*J z58Ja$r~b43XZjz$rY~M+h(ygd@68ZQfBRGf3zmhNqBkk7ZqrtMzea{+WSdXQ(CAvNg>@KqCO9i?1e_nj zJI(a2r=dB>fq2Jv#ZUZ8_5Fb%&lF}NobP)FuJdSM<+y}O=1&Edw;?1fq6(P>u}#lm`KAnMxcG7+A) z>u%K0aW~hwaNBow(Z z6C$l~y;e0gu-v!%yi?8S-8x>fBk-=h?O=wMV$R-$EwpUwa&st=mH58&%R9tM-K-d> zJ-*}`mfJBb?rwgCybVqrcyuX$Ah_rhGy@B-<|S($pN?l3rWSOyZItTbHZE4Ky$jtL z{ot9r<&3xBY!6GG3@`-i4UD+5S#Bvej6qEo_UoOKc?qK@w_r{ZVyEO4Xp#b;>C9VqHPd-(6 zylZs%cbTbKXghI+@H{7Raq--3WP~#x4Wq`syWQ~R=Co0mW)H^@MV3uUI@I8Q;K6O? zS6TC^_&u}J-bIsVGTpt^@?@{CyIU001*TC;_t8pP!C$K!L8{0lVIFJ|aPQIdJRY7r zZ!jzx{I2lOqLXd#;zUUOc!ucb;5hrlvu~2@=+QUi;OFGFT#>SbIk+Ips8Z~1!J2Yk z%#HCr2zy=fi?k<@Hk1zopJ7`rpY0tci7AZ}d{7Qa1+LZrk%8FRzHIRLMF{vQHM1%a>A=^$KQI4>xWz9uvdDGm7Is*e%2P7 z>sJ>UPAr3pJXO6$dBO%9^rQT`y%B@Z%JM=tZu7RUvGMIc^$R<~kJl#~fc59a*Hzay z{*8m@mz)dNoQuhr)93V9L@Jc9Wpk|hyycm!KqHa!AT9>6`XWFb-rBm2iYC#8nmAn6A{i9 zfuAazAI&}`8%-0mVW>nmuqB1Gi8|PwsEb!eJ@pwP^pc$n3q?{jcrBP3g#qnD#XTEU z?9)m-Ci zitfD|Ejqstj|tMR4~ng$)DkrVbMudb#;fKqm2=`&`9u1>c#*%F}+VsU) z3Q9Bpsax$4A_ZNe4he9pvJ8D^uJo)Edq62}DaM99 z3I2-t=YB_LDADYk&IF14GoIKdM`*D~sASB`l@J|8vK$yPI;c?y-LHa;_0s)#0Z`qN z{2;hKjGi8u(m*3Dx*#=jrf!LZny`He<>x?F$4iTy`>vy7hSdI*Df~d>H5Wz^@GnaU zCY;xyE>7S+Pwpqyelw&ZL&}IbJC0hXX7Gtcv?t=^r3JItWuKWY%r(3UY4qbtBISgk z3cb8D>mk#8-JCOWn@f~|*2XP3MP9gsJ5>72cskWTC8!?kdb{|eVa@=hgSwxnTKLp6 z{`L6t4ZYR9p!=z~yW=WqVfU~h>7!}#pUgt^4g+A3w1dRT_SAc6Q7w`9<~93zhnW)B zpWe|o{AX?gm>X(Pn>R~geFVYs0O6j#vy7{W_8Bu}nz|Gz>==z*P(kB%u`m=aOgUET zBD7iiDSR1}jcC#(c&VV|tKhQMpuDs6tD#Fv7sa09&L&#P=Ie5H_-KY=F-kEFfe}?{ zR6T%EawtxJt-~tXm3eeqLT*LSvf`vkYhSolDH6#0cKXv*NUPr2wp)Zmt-ahmSHA68 zQPX5Xfv-WMynaRNpeIG@Bcny|Z&QGgu%+(5Yj4F*KGqUbKy^fv%MtobDpdxkKKg$v3fNADX|~r;!hZ%3 zj@8QTk~5Bq;Z&|(TUK!iuP+~V_PfB`R)vc>t7_8II_^3xn!5;GbTGWcLX%mlK74;R zcwjv`e`rn8R?1Ix{4S4)-rX=2Y#*n^Ee^k!;CvY2BRd{$D*IKJ5*|Q5>=>{A7`EQ0 zXdZp-*EOuR-+bWx-6rX3GW9ihsdx%-hbe;Qzc)tbdp$uq3)vjz$E7|PTYeT@XGUhf z4!2x4f;zC^FHLuiWrQoE<;}d0k6n9acDyfAEF2V!|J0e6heUt*WPW?R#eRP6H`%!t zRDc{vNf4z*$^ zDL`&1hS~RCGbpA*;@RcmOmGpk@BMAuhIX(WNG7im<3ybW) zJW$UH91^%iS57p%Kz*f!+t^Jm)|~5T<$k(d-i(;}X)X727U{DUk9t||ul5nY@xj@! zk;Z_6VcFyE*59umya}{mFHCNL$j^9P*_{P5)<%ty9cGJcDt&c7CpJh2YXT!yDDqN~ zw090}973beIs#Rqp$e*wwNED^%7(0Z+^g=MT5=KNFVDx$;BQe-=HIj>Ha%j;t8&t7 z>2z=>zR~>Xi^#*MX)UlDT9UZ)h>u|#`vI#nE~}VnFLmBzo%EHoO5aKf5CO zn_s01a}$|Pu|%VONIN)--)!NSKKoBqc?oM+7ds2LQ!(C0ME#q{p-2UkL+L?GR!2eE zOey95lDd2SO5I}r8%XjUTF&_hlKKW0N%?o;k)Uk*W8eYpjrEdRl)M|a=Q|W;w3s~A z7OBT|AHqMvXkPArXVL5&;20VZEe|{Af74q{PFh<}=P!Co>$0=`1K+&=ss{_Rg7CnQ zv>-Ob|EnClX%E5&Yte#i*m$}A0dda%oR|Voe4}p_xH`X{zdtw zAUe<>42YZOKlkMV`?G>5K-_G9W8V?Lv|C#5`<@lR$I~-rNPxM}Xfb7b&EXySafSPy zcZb9EqWOGI(YP#DPEC6{L8`Qpr_=*`IZ1#nQe)2cs4%XHPF|was13IxYd*IPI9v98 zZ<)M)eaqQ6@XNKcIwv({?Hh7Fl*afe+#_xnI7CZ^wFMd4YoVtXNf$B0C+`J(=W>IL zsOJQQGT@6n1kyUYY_?oNGcl4;q!1v0rKh^}Ejg_*Ao4)!%}~^Vs2^p;pgARjN5moM zf00*iLF5^tXvbwoKr)&k74nG1^h%%wZeb9FO5!WmG+RimhbBV>NAeV_cP8!nf5P<9x*{AJ7MMI`|-1haAeYZ?9T0| z@b(-Cm>Ya>yk1&?LyL=dXU2ol02b|`SS$u;9roTU*6&ApGMypv!X>~bMACzoe!r%( zR5&UG4njokoyuN{5_%PJwEycrc0UKZ3pbYmBzU=gQYzTTQ$6yx?5R%Gnohz4FoDpXQ zb<|^qd?iyBBikH&U&8~WHm4a5&mbR!NSq>jrFbx~rP+0N-pMep+w`M2%Y#&rsVnwr z)VDM6()|OTBcUcKo0OFgj^pOAZn;hjQRtQU0xkYPz6jN}#IX1oPH86^569WE8MC;o zeG+@MPuy>_TiY}X(V#AU9F(}T-_mgoKs2>$EVB0Jv2DAo^|S)qF5gxQ8@*YuHGL;g z6x#O1N5{FJymgzNk14^%jXX!=dOxq8rE!Xb_jd&DO9*PY?@8B;*;HHkpEEKGt2?d2 znnVQ$7~Rc6ZWKB$#od}iuxZw&rc4>nF^pSg*BYnsp8Zods-n1$jq9vgAz%TbTqXL0CGigxz?_4^}U zm2tUQCk)&z=*#GCjd=2J^#+4CpL@zJK5L$bby$;hWaa~Op1$~f%FzdYt^vSdeb3d$ zj^ZzpeWpj**3;(+lC7QYze`a>$`ZFKW+HBA4LuHK``rPhrc~@kCpE=sUVc1Ul(z1V z*ODDF4YO5ljpr5GSIX{==H!d0Lc+8Y7tHDgEib!i;O3T9H$GQ?%RBXa5$XxEv+32L zJ$|iHNpb7?ClS_4TXsC{_4BT*1jD-m(@pcj-trZUPrQiNrth7y)g)Qi_A45D2Zfmd z&CiYHHy`GWv9KxY#iJdZL3QLyh?c;<9I-H3KFFC61rDLl?ix!X6#saLPR+)&=p>BwB?hkm@c;gxZ7 zSwVk~GABIcDqgF_)6V6n#KX}>wr9EUt6vZ^6;7fz)q!F5$(^oN;r?Oxj6~V3&hy{Y(bmzBR95~ABN}@DKh)v+@ApkEey|1)NCf%+ zY5SiY8ba_44@d`#o9!PE;sFcuf-e5P$G@DUIUndVBp3KQ>t9B6gAZf_uow+6WA-+m z{TNE~{>h0L8B;GIB^k#~*>Pu;G_MdD+tx!yr{YG*oL2G%<@yNwPSp zkYUpgDlC{^A3z#nX7xdX+i}jDkYSSTauHTh6lf5L)>qXn{R!iK<`4+b{x7r(8w54PuGPvXYv~f zWen#fse3O}=8~M`yNezg>SJo_ho|jWnA%Oai6$e4++SbQv8d9JAu)r~>DNych*3O4 z3&?SZ_co@2HylH34?km$jXGtwuW&ChfPq%VmAMfg?8Ok0aVle{o*xL4scOl(|&Z) z8W!Isbm+N97QqrDw2kgQ$NM8#;NT{|==$ARSnUoJ{=(FniH9ZP<#Q0#l=@MQ_ZiD6 z|MajDPoP=l@EbL4O7XvWiF<^3(%Eq}aO>_u z&&z5NNBI?uHKc`XG1oW0}Iv~BR{hkl9a=!H@ zb8SeUleSvk_CH=kS@Rz`N;VC62C!ra1fN|w z0NJIwfL4Q!;8@B5(z$L{#!PyF;H}U%PXSKVWDYGGT7)$12)NlW(mK?x6g6kIF4L~Z zL+jg=Nt&?Rk*nI(AlVr1dB;ZPkNemXNf#75Bm=)X{jWP9M{}C}@1lC92XB=oy0Fvwk9}J;U&W$VHs^(m8e>(}Ht~-11{`j0d z>2K_ynMd7Tsi7&vEQB&Ud9txdpO7x2CLq14_d&WkSMFm_j+55zk48aE$#83S+hLA= z`UZ4^630HqSU&EjW@DdV$LAWdS4kTLZih($r7cP;($1Fc=G1IcvpQjSDt*Y!YhWRw z-=K=kbA@-PsxHgRv)TFdjdI~BZWmQ}_t-0suv)iaFUw_I%Smk`!GMw?mbujb>X{ZV zmvNCvXFL=$$y4xCizS1dpd2B}8rc7EVa~^4y-Vz_h1JqQxbe@gH|s*RYjW$h2qdfk;p0{6(GvoFJj;YWb5CJ5HxdL^ppP0Pa`U$Z2cUrZWq1nECz6uwa;!5fw ze-!&^9C8J{kx5esnT(7@FE9jX5T2V%;5|HP@^=8EXT3KMzJ*CsSIiaNE&u7;m(7hg z^uUh$iseO_;Tw|o-PV{%cgp$>!p}vGk;#)?tBP=Qc{L+lUEsMtX5T$dynvXgG5xmZ zrE10^eUFj-AnSM8WL^Z+sl)PR&jp5!>NuHo#~%f5Zka0rtCbm})pYS~Y+*T?8}EFj z@#;OUeabg4uVRLk<5Z#>)JM z6gi`_I{S@+1+#4@MoWsa!-0S=V}iLf2H^q~)dFSai!oBx_yk&59gn3sFL;-`m0mH0 zd9;`khF$ZT+mVjeMz2Kgw=Dg<(GcMPs$_sH8;AKj=UK8CJ+89K1kf7oYe#V598k^u z$5EfP^P;xqO`r%@14;F9c0fv$6Z!K#{tqReNayDU1{?X#kQOUHGdfn?AzR}T3AIW3 z4g+*dQ+9rjwSi_K7PzL>jWhKpCBc4?iw9l*Y@D1FmF@W-fq9S7A4`J*IsARxT2GdI z$ER*3w^1_!eB&K^ZcX6a%9ISo3-;B2`q&G6>|S;9PDfs5jNGA#ai>`>JE{IGn;npy zS#{!leKn|{ihSWg{U-XN`i}dMi)LC!4ii7Q$L95{3P8{%Xa)R31#$8HM+NbMN5nx4 z66}2ct%6h}mE|=`Pb7m(*ND{Zw-_#0aC}};{AvG;RC-*fZV}* z2p~)_fDNJqmq~(zL0tcd(qAM&4B#zA5F_BAt8svjQ{DqYhFefS+k}>WR87Rhq);t_ zN@V(|D7IT*zV*#Dkw}Oiwg;Z-M{+gH+=yyk!)N3HMOG2w&E&G9@A~N2;?XEJzu=J; z%qshy*ct3$vsSpDT%Q~44qjbz4mvlUJ2syE{n~dkb;2nv85k(wZMm`F!UExJkVpZs zAp5WJDxo-G^f6QvW(dfTs?KasJ?;$MW*_M2ER~$$V9g%_;W*a5_iNfBJjgsKB|VTC zhS;)0D?-pKmZ~9F<^{Ucq-&beS;0YV@u8R(ds+tLabeC|=gE>q zE+@0fryEYJ1=Hp&Qod68MYSI|a`I5~81Wm1&!EKoR-1 zytsba+@~gmc*t6kE5W$>t#Mr7qa2+a6y>4ICN!jOc^ER156fW`tcMr`C7LFxs_+>Y zTkacH2lQ0JDd?m6Xj*_G31Q6-`!B7-50Au9AoVT_?r>CX*UuDCE_{KL78g&R+c==n zsk}rv{pj(1*sk_eiIVwzC~i(Jz)hsumRhDHGT%q@SF>-pW++aP|Ca&XY(}AVBhHNt zYlZI|>?N^{Jp~Z5u?1+UwU2Fb?dg%DBTfHH)qky>z#~RrRd?G!IV=bQ%~&6j+Sh zLD7OONzD0aDD31DWJ2^_6=bm!SEP7Gkf_PE@X9QsYU{ypmOe%#kjAypYq?O;l)4Ki zoXXNd;fM#f0la2*u<^DC0{)5qN3~VFekNV2r=Q{+1D-~|W>Z7kK|?2b8os>0INL&? z50)r3`&RwLVyfzVg7sLXu-DzN{KW2~+3D!DmEfskokq>=fLSXPv*mluW#uN{ z!f|k0^W25o+Hq}YzfQ*}q1=9r+XgGmy`JQ{UJ~`?3~FWG3R}Tr4e;xc+xPQ&uZG{r zIg3vV+3n4aQc;L^x%0s4AO`ku^9@WohYpHADwClGd|}(D0mH8G4RadZ(%JdjwtEHa z^}=tRnF!bamW^f8n6(T8D{X|?8=vFkqniKa?~Eo-JQG(BJU!<4vj_!L+0s%eUk_t@ zu^Usg>-pa`-8Ysj02Oa3#cX`x_R+g|G+=c*spme^0I5mYKza`{ zc62eIUEw$Y2_@x8!h~` zZeGHBFVXJAbFxMlC}X50Gu8y21(R`S?YfaVGJVo`)yM+pyTkfVle zwnim2mwN^4QcVM7?h_S@l(8$&o?pnfRQ!=$`@ok<%W=rvkICQyvnkW)eRa9Ei$$|G z@4!$$Kh-7=1-5 znX0V+)XAvNw%9n^@K$J5-s7(d6QPB(6Gm-Cd^?c(qb&B1P^}Jd0#8GdNY7`uf9PW` zx#Q&KnsdYctzfJncS0Br`Qp(-uGu0;k>TX1S)+iUy~^%S6$4=iOYAvvCR_Rf_irme zE4t?zSe-pfv~Q^sIp9siMYLa7Ea=>Xdbn+o9bfaP?(yOqSR>L(9ef&c3*(-5P$QB3 zt^Vvlv0~RtaMQqCvXb_}sVsK1lv8wgL!d{0J;f=CNwoFC*L`x^(CUTlUTo=NH%>UX zxhz#H@AUoB;>BbWkPr(hs7a;ZuJI7ux%ica?fU(n@cci)H9vS-14J**!S;_OYJE)! zUH!i|xOo4`&i{T?=HmR<5;gq)^nlf}KzQIe1&|sA*FVDRe;xL(@S2;4pUemWyzvN$ z4K`E+$$+@n{|(P3#lPVB_rGGG6w17K_~8tHbuF@Q?G7c*&~&mO-4Hg8(%ECX(-Mw*(`2XaX~k6L-*%6lr$r#b zsCV-yJG(-g3N&k$al3z8tu>;-_wju2viTbHc7%(Yq0&MOeMN?W#M0g(_XSv%)v!zs zC}Xo}IG89$)%odd9i>I-;r^Sgo}RJfGHAQRq-*J+r_4jOqAic=v9HdcgId&R!ne># zZ`PZV&v`?6mcTVBbae;)qy5#XYDM)fqQZrYQ}4h!U}ECU$5nbYI`J(xU9bFBV`Sl| zc$joY@lk)gpF958MB|a<<1ug~!v1qb_ByTEb^dpL{&Ty=&o#@~+Q_{0xI=xjrWzr~ zp2CI3Qf>zY89TxHx>{;rFl2(oQgO!Zgfug%Rgfh|>njvaQd4ou{ed8YmS|Q7((Lh_vWVdST(dZoXT;rAX%nbT}IO?q zVKlKSZKy1t4ooRGa08Ksg6EYncCqD~LkzGSXFMOhJQgO`ae0Wn%!NyV%Q=#34;>9N z|9R_dErl3+E=I{}Az@*+h8_$(7ajBhic{p29TvG$n%EBT|A6xUHzB zefanDmx5BmHlgrw`6U5v_9IigRD_W_n#3wA+2*r)u<=su2q3W5z9D31W%cgog1Y^? zX^Bj*8a#cl-MX7O!b~qB0DE4dhsFOv&|zjhzqMXwFjq#|5(~i(NG3XibHU@sI1uUF zg7S^NTG1SYE>D&5`_lToNZOfw>WZUrvhFFS?8rVCCJo$(?Pj}<6t;^Ndu672Kh>^})5<1Oi8QiT zt43UXC8yYp_r`4#?9JOnOlR&gYL|CrY@396IUZ$uUV(uVs@Bw^c4*U^@@#5xp2yCV zq}ZZKgS1SY6KOX3zKi`ebmg;-y$_FUUca2zgNC!L+(AvP#%@2iW@PC%5WTmP{1ZE; zXMHC-GI6iz9t^|B^X`7dbvI}we2AK?&TZLzH!s9*d_XP=wLKulP+C@N0Y5by@L0nM z34}9^e-JFY<2&|GxMtd@@os%)JT=MMcw~RWc+h~8V~_ZTl_xfYH&DH$8p!?6LC^8` zpyvR?fI#SA0)@Za3Qy8ELa{7BV zGkpLNfZ?@3C?F2@zcXJou&oxz9Y8yRgrWz*qvVTRzz7$US$}SxEZyYQ3NRSe>rtx9S5!@saH(w;^(D zPgJ0k_!kIlVt+I=2n=XY3jM=_CYv)O6DYRTDlBXiQmn3S8-lx;`wbEp1%jyey0@|X zAh3TH2*Q{>!y%%nqQBr%A*+4~v_Mm3#1b1sc!oOzP(2hZp76|01#F00g?-%N#$GLVObO{BCMu)eG4B^>}h=VDeSNlK- z;iu9L$@3Yhe=_K!9H=kL`7;xdb?l3Uw%0vtJQW(*{^ziuf^W{58x`LHgLiZ$L^R2Q zO@Lh&h73lU@(<$`P$G>0pq+>IsywqI;*k~K@XAB>CBIX=WV}gGRSg1n@_;i`*D#o3{^K`;Pp_{S61DXHp&MmT;T10Fd-!I52tG zFvzQj@wmo9hYf*v5ZzRXt%J~`*SmO+;gTTFa(0e2fM5gA;F42Q9<0K)*&Z4#0RO0m zl;RrPEUetPm`1OWbuCs9r=G|wRcTx{2EL56P|0Y8o&-h5)e0!9b zZ5;aX>sa%Qa4cnxH|e1Tu7okGP(!?9kCDJI^<UztlxSFP27zq+IxNC3-Fw6`yxCHm$P6#f+-39`IAOV66?h@SH-60{ky9T$Q zIl1rWIp2EUaK63Ptlj&XYOB7ws`rmw6;!d6BRG1x)6v?X?;<-{YvL4jjxD+lnM-9V z^;juB_iHw+Ii3Ca)tmT(Im6;4wp+`Hc^YdW4XKbQ$Y>%$JKl%IgOVuy@uY_}e^Kjf z%spR}<9pgHD`xu5Vr72r;cin_eR^jq>`ixJ=~UKu1m1>Ec0+sSeUCwn?Q)lbJ&S6F z;f}3JfAm1{$Kwesp=472;;%+06PcQ<{r#}H--UYL1S+soP-Dg2P(P}0#}~xEsUSGn zwq~`W`&`C`4J-^F-Y>S!iYsPRJlpb3r;a}F5?H80F2D)ij#s22!{ub|90>c70VAgi zxgID#A}yV0+!VOy%7ExF{a+>`GGvm_a991%w@lhV|lC>(}4YW;X4TJJJYKprq@*fO0q+s)Yfm-s{qS<}10l&~S&6{+k8?O27+xFBy0dkmM z_P$rO2&m25a64wtiWdX01r@2ED=G+3JRAOEpOuAX5uFw;MSM{l{#+@ZL&HyiY@3LB zL$_&dVO3@5l-YcVV8@3ls%zOWPG(VWqDD9&});6KhAj_GFl-O=d{y9e^^_AI9jmCMjg77oyQnYQce+TD*w@VA*SQU7hQ|IdS**A=ey7<|qfqG>Oat0@| zPz_#oS-}O~88@+h0%xK(?XY*11*=&;^zgZmB4OLZzS^XRhMeo4rKz*$al#fG>?_l( zowh-!2=1d5%JVU3UDmh=E}O`ubHwxleO<8;8>7z0<%Ont!TrO6RT!V@+U}BS0s@2r z0-d$xfQM=6QJGd(42}Udiu#suBUjcJh4-Fs(aqLcG%b(E@@0f-abP;5m#%%GgN+D4 zlW5WH+o%s=S}E$3>eAX+Ux1Bg=D6ZbQlT#){{qp$Xd4Hx6jl0_DCN z@eE=c*u?Q(Kku3fa~2hWC={60o3HCR<`xiB!)R!vX5J+6T)yF=tLoeR2&0uhzAT^? zN)hx(Wi8=_tIOfvb->cXA7W8s>%>B`@7+NMr3UqoI*uCr`_HRGB_`pxF^+0{fEeT6 z+W3?t*)|M*bh&Q@IgFJZIzI_y<$q@-;L$+9sMj%b!8JNIF@|@?ka4lo>_P0Xg7pPig*n8LXX{?`)2@2KLrWe`)Opy~#~2=SD%Y zVEkCM8FA+|MCNkVQh@Q@Jl~MO<#CNByJBl{IETZ~BKEJ$HnW(X_uVXw$~ZzEvup%) zZrx%cyOQI32sL~6dzGXW#6$d2+lecf?y8%Ji!gw|c#hNo1-~mwy_EZ2E1za2IKx9j`BTf({)@* z;p=_2?=c+{a}oX3W)P`HM_B=0M^cglOVr^->t)WtQNu>IY;Lvw3V@0eU;oMHA8Spx zj)l(04KU>HWo$(6I)Bn4b=iB>6b0E1N;t+1)pj#77KJXq_lh;1RAz{k%eyox z=*SA5cl&xh0aU^WRiO}Z6jrL0r&;D}Pc}DZ&@JYT?uxsrP5PR9O_6oC*iW50aC`c} zdIz?H-I%%zG1Fy7$ClJ=V>ou~K4Eo1vHz^qZ`WVOx&P}br6u8u16y`AMK&H&>4KOZ zccErGIk_Eaa5SDB^PEk6Z++Be(lkpPsYJEvrNgWOqK;83sCb;@JYs6} zj)`*2mpCf2f;;OIx#_YrTtA#Q`dWDg-Q|ncuPPGR9?yXM%+PPK;cmoVsSeIf+Dl$< z5eNY~KZ5N=a3rZcD}C%Z-R4-;XBr2qZ(PsqF|8@c+>mpcqN3|%st10}sjjHxu6Mwg zj*NC0LPmKS$^`aq)`HdZ@PBbidvqk8A1fW0@8dkHzISM?2QU~OR|~Px=3F-khrh}yhy7UZ%}+e>oo>N%5gt}NGIMk?g4uAA!$B1-LRz;}O}<%%hR zioBQu@CkYZ(ER8s;^=VU0I|neQ2WA~OKFrcLZY{o2dYyFd33l;ab2by$Fe^^*hs?qYUw+Z)1=4c zG_e7>WohWiq%^|9gR5h#>-%8E`m9ymg$>3uiE@+xT~*864_TFKzu+F_`6PWXYGN%5-s(Ma1SXw_LS0j!Ma_P}}!CTNhHfq_9o!mRn7GeFcZ3lCv zBjj;m=C><9v{CCKcYC*!^6OheTH5)oA?=viaQw9y?bdU(4{+XmwkfZdFq+t+1}5p(dfrivk=x?1V7_}T_okjCbgoU6i9xvU8KSIx(QNr9&L{C82}>nInF_u@Bl|z` z=_-zOvu+gWF{f$e5=&vD#2hKs_nQ^L7?%klNGYmS?q0m?bbO+qE7=QVj!EelP-(^0 zr48*y0NLGjJYgM7D+fy(QUzH|-Fwjz48pT}nW|Jrglu!3cPvhz+Z766)~6#?W2?Hx z9pn;_uE8wOSb|)<9Ha8b!eMkoxw5ckDXJj;7)nWZ0EuWtt-LG8m*hHBCl7VpU&!D# zkI@`*_u6U>PSoFe%as@wd_JKqFL5}~jW@*~P4gwBTjLg%5<`p|PdG;vqGtCZz7O!l zRHgIEB~p$SDVbSd0h20VEZ$^T<5tq;BpLf~ae2=Zx8nLl($B__)2V3xEmd7$ZSqy( z&eFR{LD^^KpG}D9_FrRC$J$Vj>UB!Pw>HLOE}bPG*pwZx%8Ami050OxyruGyYX`7Kh0Y>%IC&9Lov-nixrlGzb{av zPB}}VnA>7sfBuoWKqN}f=_84qfqNw(XGui3k0H^bj5za*QQ)=g%! zwGgydmO-Ry#5qc7Om7)ogiz#G+02p`qUlkbZR|wFIM3uH`jTx`FpkMco51YSol)Yz z@WUjzTwM;6$$geuk@H=^xO}<6db0p)i7@lo=!4nB==bM&hXzrO3--i(w;4oIdW{%v z5=}!HFr^tbp2&f-L0I3RY4w+*_B+u%&e1PtM|Q$@?w@V3AC>OHi57838*$9{L}Yox z`Wa9;+`-kOIt)JAI`}Kepaf=j9M1rV^$Tsia)G!mrE1O!49|5pc3whCg*! z6#z9`E`Aoi#p@-oX%AjE%$mkTfY{ATy#lZ2!Sbma;(cZ{k7U;SeKZ5ayA#q$biapx zJpY=i#x?&XsveiCyhfFOi$+^bTPk2ymXF#v5TtclGX>vuB1RVp4xA5P>xSQm-dspsHXHj3U8e%`}hF9OSS z=}&$!fv=KrtPi05Fj!;jR2e=NcI>CE{-O*WJ)7{%t@&Xr;zxt%{*=Yr{Ak^lw00!q z^9QsT#fs@NAMs7MLPC;WMQQ5BT=S2&v>Tf(m{$eC0bvBPWoY!-MwWAHtW98p?N2#z zld%J@>bp>KjRr*zz(-A&%0ncQUvpt#g8&+l~*qvDTHjrjV59CRxdT>x67JICo`xx-s`uxM=u>D_dHL&myWL%)Fb5ZehgpA&((TYrnV7_%Eo&VG~ow}e^WRiD8n(d z8){t4SD(QtxPD+WRSsTY&BL_F%+IXSQC!HIH;ouUsNY*mF*PJm>OOvNV>ON?GxiCi zDJ^B7IOCfO2)2xv#CjBYXO6b%x8;8EJtA)yQwJ?xo8L^VCaDpp`aGJlF0((aTe4p> z+Lrh_m*l;W*V+E_a92*4lgh20DJG+g*T_M6Wqt{tS#zP&U|gUWCvLJ4v$%$@P!I#Z zjCA8V-S_Ii=3~X${W!F;@tQu4VrKfr8WIUvXYKG=p7?HEbOWApPCb8CwQ*k55m2+6 z))i)#W~;X2gH8Xvc2({EMNek1(;WEYcV%!epsq<6&2WA;e6SbRadfgDuAIL&!6VA% z&86BWR;Cv1-nynl9Xd9di)*f&ojTy4@DLb%T08Eh$7M~IT*v7ojkM0VrhksV_(Ck; zC<0@-^API#IFb;?mfWfvex+1?M@Yg%k87x({CnS7>u%|gn3U0MB+90Xy-VS)_JCuo zw6O3eC@0mIk0l-GoK?pbsa|>TsE>>ONh8|L^Yb_1^^d88QfxU8UUG zHGxEZ>FY-5XYw%kwhfX5oD>rYA1-K%L=J!br-Z5^@kUWg9d2ifWch!~i?&E}a0M(R zOnAq8q#3v=77}m$s2x%gA}k@UZ{%a=h$Yrs?9VFuFTR*~*{V8npMqr3pEK$VQ|VwH zs~`Jbw+X@8j*Z558p{r%&b=wy&!Mmx$JA_b;^_$)j_)XwFY*5z9?62({CU7&b)>KI zP)atoF!}&Xo=BN*VzFWx2wB;PL6~AlkU7CXsK{g|G?&UvM^$aT zht1wrH>8)t;bi2$b71#TQV;UvpZh&g?(6+OU0*Q?gOeF$e@&BM5?frcCDR9s65=C?w#W^ zh^VF*o@lJhE&@xcuAHVABDy#N6p8o(O%zsSoQM@5lW&Lk_49K?{ZNM8s6sY21n$kK zZ(OR+-p;qnKKIXhq+=|a_yu7_=B|dxkl}Q2JkmYWNAX{S<#2!xev7<7>_GBcZ+BDF zOWCD)hL&qa^i>2FpdzlK{4wO-KIs*r`*#x1BqHJJket&{l}HY$5&mGJOS?++EoP*hvHhn~}k(eKzO-CQfuDXA<%r;hT z(6k)OmquWgE8o;oe+BD^vJjp7h2@m{2vs!`?|U}ddqr&VYkKe!c$KYwkwx_|_hV~x zx6sMZ7N=xC*mfM!*;%C6cn=fUXmm1Rm)G# zoSRmExu1mtOV)S~r>e1K(yYon{{EwmeR3J2=$ytB5ZP@M{0(b$#KGdqnX!4)2)fnJ zpp{l=-^P6`OpT{jnsah$*M9$Q1nI#csy)x@Yuk?IG{BTRcq0|D*$QjzuxBCctZAtV z5q035*j#kj`~($}QL8`5v)#wud`EA_$fEn%Gt-BC*j(52p8D?52P+$jOB+O;Xog-i zVEz3(iFg!+T(}kop=CbWzVn8T4jE`v&`vw!;AY}hwJP@Ypt}bHf74H0a>dS*hWEax zcgXVBcAkU8d%F&O1v<+$UD71T@>Nz|AI{>a%voG-i51y6jM_l*N~xA*mD)#adoek= zDEuP=un}t4MML+TYb6KbidhA5MU5Q(ZKer6*V}8Ab-w2P#m+taN=D7%J7dF&(qP8d z`NmSe+3o_4^Y8U>0uXA*BSZ;lwng7LQ0P*zx z5P5kudtUrgxi-1^3w-)62iKFt1%TaG9FwTY3u81%XK_kPZZ=M!$OThWzp$HB$c2Tb zets_lIAe{^{J8K{BGlo19`=eio8Ngg)W>OJLq^k}%yI$|@W^?C9sA*vyl(>OhEw42 zG6jxMNmMOO)ME3Mlbqw`r-5Yo*qnz?CiH$YhR%29k!~>#PHP77J&eE0-PzBaP=`J8 ziC~^s??3B``bw=G+}Y=Vl=aYQKjAm4oz{iaOL5Pm0GV&EZJ?l5`ahbExn|$l|(7luZC=1=CyvOIhjY@<&NCFWjcB1EGGRL zz*!(oHx--D6O(p+&?8OwaZXhlH~W;)uK=dPCh1#IpLvjJb<>b9FCe+Xo6I=AYv--D zQE0hPrd3UHUHt2#Q$u|FTmH-+c-SmtO{!hRzZPcRF;nZ^=@4_X%*`@@6M6suE+$gv zV+&uUSKs2$&y5`iGSxAzpw~`Q+yYuT-G-znxn@${<)mSpWBTzE9-2counSPDC;A6a`BET5ex20e0ugCA780+>TB`1P3l&a>EE2nU)0i$lN&MsW@!fBv#0yF5MO{?bG6_qo&EPUbMCRd!1nO6u7b zG3q{<{tx=m^&MZ4koJW)-R-Yj-v+j@S@M3YXd{`jm;rm!zscx@n1VOB`#E#pL4nC} zh`J*(l|rvb7uFvP-((Em-Re3T(EWxg%44X)@@=}0kS<)HgK0O$nfbL1A2`loayM;^ zt@=T|jkayEb~y~xZRhzcs`g)46SwGpy`|Ne@ym|?bZ=pG7XZ!=SC!47J{;CRhwSIS|(!3t&*tYi~+3)7H)%4|(+dFc|wJ?GiO8vnYywLD*ge46i! zq&l-ZQ~g)O#VdpgVTTjBHcET-=XAy~oqMXzr@lS_<$hK|Mf9PdncDJQiYP{>*s(pc zyvL~<6|o1W(${a^leD-ucBOybca=^gSSKrvMy@)}J0R^n)4T3xiMtFYhLxmshgnu8 zxUXO+qag*#P;Tzn?v)01z8iD1{AR%d`3!^a;p>R}DuYEC=vtF!2p2YRzulg-Hw;8&)u~=zaPrgy$BeJ9Q!VZ~4^2u!&A7OGDrQu?8NH)@q z3td0@?8H!+#Ew_@=W)H$u%zw3mwcwov`7;$%(XMiHDJ(DB%}WAhyFcl(YxZUAQ69Y zY5!FbIZfO7T13Q|^fE`QgYvlvTfQYq?cT*mhjcpr=?lZ#mXC|oqnvD!i%W9^7U56{ zA^NH3mpb3Mcs2H%Qp{k2DSW;t)J$G2+?$S{b2VhtZ{7AP*x>kE3#V}@`_ir);fJ+K zxO4rY93~*03sXV+$YZ{ne%aVPh3E2l{0AG@O?0W*WNHtR^>00axiJEfQNNyRQT9+v zh69T3`Ueww5wC?A1o6}rW|ld6I^kwo63LOo>_A(VD<`|j0y~(&ni_H(881{GD)a;NO`X1h-$|Fw$wa&23b!2DbF)v^p@}*I~ zx7G|l`GRVCF~zW~yEhl!7J0F6*rusj{6>7X#Njf7dPlb%rw*G24z(A7L1&GRpg}F8 zD46Ow)%s}xdO56j0KNAMRuD!Q#a{Qa-hrwu@yz;2;MUBh{FG)e zyym2F_e*y<Xl9r}g!;q+c>ryL+B0errlS=XPUpi8b`m3ND*y;{W-GTNwKezR&_N_2D zM!c{zTHA-&afjbv#nb_(B!#u|a~0wC?DESmuYO$Us9cW@b{xeNr{=JpQ*Ecr?D00l z(Qv0zI~Qjy$Ut+Evqve~pS^aC5_~Bzi?-&>e*67}_+DznrYw{3)N!+sgJEv#r!e(_?heB` zl`?;e2n7@7+!(o2>)UES{f?IMs!8q5-fP>ag%6g+rg_tDDGJUXP+2%!JyXVkFH`h^HaV(Nm8# z_G>*ml+0}8Ft^`qkpH3&3RUR#ZUK)hzJt`w47>|`W!^^~!nt^WZ*__9F4E5S+gG@6 zS=I0IzOQcg{_=sK7V$RRaj@?tx#V?I0%9_(+Lh`Gv>tzPAzm<>65!Kav4CUaodjAy z+GO`K0@}Es3mqRBlDu6g^)vA%co)~L#HNNq(Ze4eK{z>{m}?3QHf0ty3X6B-0+zE0 zQfl$MC7K*~{|#ICesSp#BW)-p=%;%5M==stMdhrajgVATB3t?;dMe@BHwmEFMjs^D zrfnHztL>>}&Dy0RCB2(NEjqgZt8i0r#!AXXL1@VWMK&q(8@aa64hLayvRJcCXnRvm==0H6ZG8-0fbUyA_e5m$FMFrusJ(6!y2`e` zasS#R%iX{0`2LaX5xfSBvo;DCZdbww{ySlfNKQYxzK-yRYl zdHte(Pkvn3;uq8Kj);}@)!Umc8P7HDop%epKFFS}ffmR;<@l^_@2!PO?{2_ZG!hEh zTY5}KE4WOhU3DJ*hqPve1a=2t|TKb2Y&CO4Kn()cu^RrqCOp&JG$-jUi4_ ziNjAXylXsOuHV_X^YeloyZSapZU{d1|85vN4+_)M9zIxOwGcDGNMedo7qvz}wXAuL zk66)$hmKBYEs9bJqW@_7DKCH=LDj$jg*(q12^PkJkX4iwF`=UQQ4|q53{DfjyRC$r zi~UwavdEwMc`m-AHjjVb#G)AfFmlM{vl3P)z0A29!iAs^VsQp@3nKeBiria&4-|C# z=c}PmatC6UmoaoF8A%EQ&oDA?Nj?{NKNy@L7A}{l_+OMKa{CkEE7N)3B6>t41f-~G z*TVuzIDS)9K7t_m-d@QjvLc5t*L{(FZT#;)j#n@+2E&z*3lWk(pcQV4bc9A_wbd>BH6 z03dbZCZ@lI=8YsVIld@#|MCn#Sg*e&k%B$;l`y>tZS#LAju;?X6;yJ4%(WxJ38dd( z@t~i>R#DePtWam0#_iIjCssv8ibnVnf#!?&4IWQgCYt|ETN**rf)nW(2GN;w+0Z@$ zr8M1_3Xwgdh%kBt_q#@)lBc?91@Ef$3Rps%KKTZCJTefkC?T{- zms~_E04{j(G|gW{PrO`?r13lKjW+P%ti0_iNGkrh>78p`#|@0BKAGF?+mWXhi!zKn zU+$A1VH8gVk}EGGyb1kQ(!vZ2VyEIIfDVfsb>M7rY5*WY-a5Lmq_zVoEMe z(2%y}6Fr}a<$F<5*Ei?bS(jECsGH3)0m$2!3qvy?UjW~6N;tG#kpIGG#w#+DMJ?nVUQm80a^zf^Q4x zW~&m7lTtvHnt6@W2e0BLYqm)-67)A*j>>?%V_!-Zl*m%1R=CPuu@p7J;L78BU{r@F zG8p$JMf0kkh>GaVUH$7`a<;wKBA^{q0%dn#;tg8}r{n0yPaZui9B)mLCWW0qDe(=r zLYnM_`+g0|Y|o>f$JHyGv2cRev0mQ1Dn4$|$Te&W+8n@YY0uW0ksZkFLo%B%7c1te z;QT6YKgjc$Yxu12c z*La*Su$Pl6bzF_PUjFWp*VAf`pei^&qnNrBh>Tq!W>gmPkyX#YZp;`~hJUMK7b;q! z*Pp(%R-92a{F34ST-0NJSgLB=CuIGgT9#2Id!HxHZPh?J*a=h)O7m&v<`NiIEbs4MC zhS*&2nP?gA-S(N^onaa7{TXw}Yydt%{`4h>yckYBYFP}7C~bF7v@AZN%{%>G7~`2O z`{dYhbVr2_S#NW4Q}J(ZPap5 z-tcl;NZ|#-r2F7>y#;pHA1#kTwKF%T+K0XtGjxrK5uoOuv))$(1I!p+FQrZ6YUf;L z9)hiDs={RqL*)$}b6WJ)IS}6g7pTvLN@SaW3YCr^h3Y#`pB5$oJuF!ePZKuZ3P;+{*Qn z(pLqss)V5NqT}jt9X;okcYC3I`mgx#crTnoys?aY>ru{2tWgJFhc8H>_0M~Z(rF^| zcJ2|uqSv*ImU5!dTGpX5G!G5YRwSwGZSBI24_6hJbg$Ifn16_;G(==xz9tIh)#Vxi zQezH7G)d6b&uqrB-x1$ppoxn;H0~BSWGQOLPseDrI8XJx{4CV?*bsJ5_L6^sSaSTW z9F-Qud;%&*$<40Aa~sBDSXEFV>9e-TXpqyyyVoT|1-}OMX+q-<5Z;K-SS5s1tZR{%SQ&R$%**m4}Oj} z8nE}z@7AR;!+qVvsQX>2dn%htZr&)qinPln>Q$Dpl`3>N8u^7Sz=qs(U$UgNOC{o| ztnU&!G-^?Uc_$IZ!)PbH+brd6!rbySY;4^g?eL1P!rPjQuHU+czxUsQZqVx)z5h`O^l1SXH_Nkxa996mw zVXB1}8BsXfzyozkb@NPT)oZ9jYL4?rUZD};>~geT-6nA9=#MOW2gsEk%4!If&lefLb=gh|DZQlbMx~eu7&-&?i@_y~MVGca;ZNi1=wO>7; zg^EQ|>ytQZGL_Tm7_LQJEm3d4yFUiAVpkexc@j#tmEQ`LjR`Z_DuwbD>#b1w>FKK zrlOtN(jz4Hfs_sd^xAtBbQH{C9CBd}0)<$w;p@o4MCnaR)yk?@0UZ$5@7N`#X{FpT#;|A88)t)ws+Ipf`Y{MIF#WS zZPhrhKW5wF>>0M6=Z;0uXcBwRkEE4kzc6(jQF&{go`I}B()ehX&f&NWOIm-S$>e=X zG4SxXE?HPdkij1lXm1k36>qb;zuzf8isxrBPBhRkDN5>w=RHc#~s(0O8LkX7WuQ(cppo`K5Ll!%p+c{3x(4g>8*zOmg`G-JT0~xvZn)eXOwd;% zN#Q$n;0V_A5Qw+-3n>Saix>ouxDl>_R)J<$!SnC7d+Ku-SMD3AVK2szr#!W^f?6@0 z-uJyaehexewKk}-YPc~rbj|)Dc7?9>s;om@J=x?#8K~Mln)S-F&VhsvSNQ7tr9{X1 zLpVSQVwp9h#Q!ZZ{;TqwiR(*?4;jK4mS!r%s)K?rolI~HPiHt^P;O@tSfT70MdKZ) zFK-&l_;?ZZLS#)_liDhC+sB2!ZQSASjSx5A2TAfN>oi=;lgfD9FDX_ZpB?LPo#3+ zAGhw5d-CFh0bUecjphsH3A)#AKkGSCH5Ta>5Y*(O;BQIQXv9~Dlz++Cbv@sj? zwo+$7Ppcv@KbDQ?lKi7nF<@J2Em8ikx+?qA?=|EbSm190RH*U``MftW+C^xaM!#j+ z1mSpJkR;%|R7m)6i!VszaFahJR9Ph{RYi4p(ibEv?EjSi4dL*gI9B9v))*uoxGgmj z2E055DHR?>{pamFAQtKNKX2dcFm-|*a$;=GN|tz=y!EpHGfaFQaeU&v_uA`S?`A8% zMw_7{4`L-T$Pm85*D045mB`HWUpFq)rAK0`c+!U|P>Ru2zp&kj_Who%Mu`+dbhPhL2552&; zTpfCAfxyQn=Fdp-0ULw>NIl#e!%;GIUXAQ!bC4iqMAkf-1~M?c4K=1*bAGeh9WUAW zPCRg&C;%ZMs)GlGs6v8%Rm52wk|ECQKE0byhJZt}&iQV2xhqBHIlPZ|1JwMrH`YEAtMdb5|O75;$(zuwTs zu*Y;&LnAPj>qT>UZ92vlx-C-b;iC%+sfUgY=xmtkJ&#(h!Ge0Pf5VDHZ5gT8+S zkxRS?y+qpO07sMoXyPn4kw zSK=MibDL-Hs)G|hG|)ojECjZ;9o&0d%UELz`SyGcJ5tGCHstC-1b{Bd;N%gGmifaH z#1tqTezpb0$*GzvrGw#nX-U&dq;pf^o)12>lCEsMy$DT?J9|hk5MaAt^|I^IjX&-U zF0%=bcL!cdSm?Dd#L>BaE#q0S987$ionLBCmI3Y)+|SPvpfMCJrbA2|@l0;KIa7kH z&wUAVD$Re$jZPGUmtvLoycUkIY7;E%MVwntL?EDEO7^IZQy9v%;tnXdR|Deb8{LUz zwiEtAHFk>lD*rLKG3E>uGTFHlJg1Y}>9+N_JNeO-7kRwW>xO4(@1tb@a?m(I4T`ja zx6tq#(g>eIwWV}J&G?3D4igE(n)f+HfOosGBt`w4Qd5BaL4sn9a4tuw-#2mfIOmJdp}vaJ+ujU6CjyK34qDQhcrUE``g(=Vt;N-PVv%9ub8dwuQ~vuDcsF7BxvPMP zd{`CN;jcF&uf{)p@r%^(YFrd89^uyO#had>Z;Z>^iO3DTCz36bR_C|?3N{ivrW3H+pQ>Jlrg5S6<~$GX4+Mv`K3XoU zUXpab?{gO@YGF#rDU2wL^)Pq*Ub8WtAjGOQMnf;ejlPhGD(MbreR!5H9XOGW-4Zdm zf_DM+t8FPdb}|{X3C}&91{sK{-)7Nv+hkyrIk~~q+XUl1&o@xgyDtsN;ht8-9N4Z!t{Z`eum+ z47}x1K~p^j+rFPFJ5YVbq^SH1j(s!OeD|a5xor4#6;+X7fgM$bS_QxKyQU1*-|!ZT z;$B#fF$dHtt&(5+AuxPPc~AYEu`xFCsw9`F_NcsJ{uRu0$!Xcteqo!2BS*u#@Mjb7nYdi5#VR?2^1zok>t(DU9nN z@fb5L9OPb+a7Hn3Ia5!ot~*E-%yJr)ONS+ZrjFVk-<+;G&@+}XhAlCjm&zm>sjVd< zTQM--B)c&KzsI&&|F#XEb}MFqHz9X6#ft4rF(8{?6}@UgMGieOeovps#vE%Ws|t-7 zq()Y?d+gF!p%iw`vB)!@Il~L(y&6b$R4#_W&9Dl|@v&MJD6rJG!V}W?`iEO`+F(B4 zw|RelsqUU*+JCd0q<&P7E3Vfwmop>(KGL<{$MFql#rS~sz9lo}!N7~h_KVq~Q$0aT z5$k@&0r^?uL7w7c?{aOpWivw>%10{cGq#jnk$m+CdwwWk>Xw84Z=fR7@b~Gb7d_9C zl|Ek8F{CTiS;}C9%@uNuHA_cU46+L(X@9Z0w|x*HHdGbf%dF(|#r1YqSqjS)yp=r5 zsbeG>w*UUP`ub6Cm5Z)}q*Gr%IJD6N>jpBNm9_!bO8Mgs!3Qx&EB9P|A;8HPmGP84`1pxn>zd-(v zSEJPf{~IWR7W{9(Nm^c>|J=a;x&7M=E#%({2LGlo7}Z3ih8v|LJr@A~|FsDDPv&SNf^uPK5K_R?P#=-*uJ(c6(d4hp>K!7K5 z+z{@+F(8od&+uXY3j{(y|FGjPL7u-A!wu$zfIv?$Uf|QYLwNok3=jhNhYSD3VE+Zd zJOJ<$!GE6q!a)C~=J?+j4<7{jL=FN5J&}95nn2i}-xH7r2>rV<4i04d;l;UC;tyEcp$udd{5ZQ!^87;I}k88?-LBj2YoUI z9&X5A7=#A|r7DP7cICU zP;S1zwF%|p2LG)ED3tFBAEAGi@ox?Cfd4S}Z|omV{f)uEAi&=<;REsT0H0t0z?0eW z@jRglm=_5Ad(eD*(5HRyLH@~<{jdK2M<;*u^;d)3U?7P53C8pP=!B2^?;Q;QfB;W1 z;Q!<(?7t0yp6nO^kneB8{lOrA6YfugVD2ZI2ncw(VE_PL=o2{@H_sD6Zs-%+1b{xp z{_va|{6r4?#2f&4!O$mzh64ZHmH+7fe+cpbpUn7=?SE34_umWwe_@~}Gya1;Z4V0h zUycLzUl9Ccc7Q*`eu{zlp0b+zDbs;Z>w=+AxWxm8z@DxX_^F@z$K5?Ol#u_2L4CSR zz(4-%i5&RfW5&Pw|DWKKnE)ZcrzRf)e6q%%{|8zBC?ER78A8E)|7$R?e?icbEd~Yx zxdBfwz|)fh7y^bq#ekqEb^-LXE-x5B^wfa-F(GjN5+uq$4hDlu)!zP}GueOAPI1ZF lncLI;>&N~*KVdk#7(2OmIGLGa{Heza=EGoQlvI|&_&+7}A+!Jh delta 86125 zc-q9e1ymi&(l#7CNN{%#zHtfe4#C~s-DQB_F2OYfx8T9uJ%Qj5oCJ4*=7XH%oZNHI zedSxfti5Wwr@FejySk=&_B_?O1RFC4SGoQ&+0Pz~CgGXFbL!3))f6UbGro6yq68Gv zkp?-;?x6_K>xi1XB1iJPdB?&9r;On>AtgQuIto}oy(?9EH`DZsZ>}#D^pS=jK}PPJ zxS7x~YQsh`->(w=7bfI=J`F!NVYxtA=~JXcdB9M z_*f*|0n57yq-m5?FfYt;JC272vl=f=Lz?)z3uI5bx=o%7ySUYJzynRNeTrx;A@}64 z1zFG8U9{wRT);^W9EujSG&&J%a&v&S&-+(zAmpAw+U@}D=uGgr$0S^JM@t;W-9op`w?fv^m}PD|B5tUl_U27e}V4K zlqa?vL0RAX2#0INT+4#5jo*K!6Y(D-pF+^SfmrOT*=8v5EIK$3tQ}e;(NCQe6z^=c zrECBeAh9EDx5i=Z?&x$T?GI^;u`T;Mhy+eq-a$0T3dg8j8;%Dy3y#!x#WF+TXuVRy zW?7MAcbp`VkLs6iXL^D+Tb)Q9$?-%OFvDbbN115S*6HpK%goF|8TS1aY=|Voqolqq z=)niU5|@H5_^fc3GPm2Ls1WO*ykf$p)Q%iTWi4N~OZM^;L!~4q!-4%k_-r=69SP$& z3iV0>>|H9YE{oo0de-=f4*ZT65cA&^-N=jRBE!P<#${1L1B$KNq6i^}&?ZI)b=>?H z-rD6qQ=7AY<@^L(9wtAan(##~(#6!e`+Fm*6GOtqogydy=R#-{wHUA^;ki`bHj+Up zK!r-mCeNKye@X|%>Jn*PNZdlihWb>1=#jR(8sQH2u)y58{b@HzSS+Kai6bO-{M^x! zPaxa(HIm`&&tfg_so?L6q^I6dYe7KzF$|!{Y{lIeOZur^h+=Kk`AEj|e0vvH#}&Dj zMmV_FJQR@V&*d?s3FYs^m56|%Gc9~13T#&pECe75FRGoI^1AaAhYAZpeT;Dwg9#>VTN6^cz;Ci|e z%=pkB#?!j;3BqD`z|$w;u4I)|k?y^m5-=ZWNndhmHc6JtV`^n32M`F)836VUPb$wN zlb&Xxq-_>VymL$=#yEs*j@-7QUB&2e{U^F5r(;yNeIt<{=25!J! zKXHj~^ZPummnUuai2~tM^%lVTy5XHRebK8}Y`2)+en)as2@$O4c@ew*f~@lPHs-D! zM>Q;x5F#{?*0S{$hrtE{2GB!E3vvG!UlfMp2FPG$)SwaiY+=;7Oc5 zBnXX-n5$&saE~_{#Zm1_-yWVj+b@c%oUL_p;b?|Z_%eo--4Fk$a5x21EIgP+DM8Et@Uf8zm8GG0RWj{A+Z!`~otrBPeKP z=p98~$Blj(xp+FX^`wp#8hcYX3`2RRjV&5)*(R+um#V1PJEr(!zs=?0LPR41Rl>wo?Tl^Hm zv+~}OhAqcnJ&Gb5E9aYSAzT9I)UgyA^S04-sP>$qvfJyBxiWRdRD#|zat&!e{$|Cr zV$DTuK0L2Q!n({L6lCKVCn-zfumI^L59E;X_)NqQJK#DU19IqamJb5$o8=|2deb2g zu+wd&DwC)C7P6+afJjmry9?ISv<_BB#b~%fkoSl(?1WLRI7FlpHI?oQ*X1}NO+IeX z>wDVQ8__Py;C&Qh<)(QQUH&3bSk}c$J5LK+L#YIy7Iy+wM@*^7Jj~B>@~hckP$g zu}j%QA_iI97iTxL7Ad1`pVDc)s4;_HjJu*sQwZ;UQ}Yk>!)qw_jP>}?h^+iB9tJnJ z4b73{6$O&s&4QP>8OG5JRDXR+W_gZ~;ZseX&Q$ziR0rF3G&CnW;<)sx zt&}kc_)asn7yJ2ERiczPOG2$Np$Uqkax)Kt^}{q#2mSlD~(ud|If9h}9qBiLh`^k1xN9KGZ@@h`b zWOTKoxPMheC-*!Yx-X#AX`GhDglyRI=Wi#7e*s&tnMetUe)+ zy#^Kv+5*7HQL4_>BszvtsC3mNB8LJ%cbStb(6iYPGux(o&I5Q%xpqvXNMx=mfZa45?cy+$Cn>Z%N#YWn| zoRG=b_2c*P*{Wcf2OEK-l!U8FrX{6R5EDgLwBd204l&wgS6^5zNNn1|rLFQga6K=2 z=?mr$_Jne5NNLIbX^g+%LUU{{MZ`A1=^y{zVht{y_2lZk!WznRwe%<5CZ)?|d(vg? z9%KHzY?hl;j$BLmd1{x&yl`c`8vgaL4wSc9aar$a`X%<9vURwM1RivvjAQ>fUD9Yk|* zOvPdfRL0pI6@O&>io!Q`9^b;?7+i$Q_^~LSJM8%x71M3f`pM5+6+?d+2VAEQ2PhE2 zD*b!jMuJNpED}2te`JNk;Pw*e`yvtsQ`=$ZF5tNhcKkL6$uUPit*`8$T5YeEvz*E3iVj?y~I%sSvUSJ#7bpHxa{y%@wbN1;zub@%XM z)H)iaF@|@Zo6#rrLp!-HHv*2jfKA;g4C`y^rR36fL%aldro?9^@L%4cGCs)Q#@7r#I0Y9`+Qg9mLPt?)33h41J%zu-p_*Uzc||HX5xvI6bh??YFL znyrOcjI+c-t#viU>{Wg#erB~nE(?E<)Gri~i_tA-Hl zu}=wDu4iJ}VX4zrkcQ58y0h0qtIW_uB>g#O=Xi{vwu8qp+A07kGp*{w%d>SB=dOVN zh3B&T`EA=E;dg=y+d-JZ7{Bp%PG5Q>(#(PK6&Z!Rk#BkzGnPUa7)VS-5@J{K@|0AO z0svt$SLsG{v_A;$u7t1twRw+ID4Lr3n|@3e5crewsQd6(Ar(hAR z*p&hUPui;I+;;&k__#5oXOmrpSe1w;ttPw1r?&pdueq~{pvvsXR164H4;vB07Lec)OtE!w*oJT43&6vY<*nnqaBRN+7{yP{tIYoHXSjkp+hq&?A1UecMBl$e;lV*(Qv2XsFUh7h=75W+*2VhSwDk$K@ zzGXT1jVo-tdnbqA_Z=pK_Vy&9-7r^N%+ApU4)l0c_OLf0W`YCB8aO*zxD#tJ5i>sg zeq43nKte)x54=YXGaD;02g?IX(ZtEl#nH&biI|5cfpHl}6eQ~IEUx5i;B4~1AqFY3 z60>kTbWkMb<9i&!*7*-M6C*JT=P&+alZ=V2nX@@D3)dqv!C{#M$k2%$mFs3i=s)y; z`-~lu$SFI&#i@!YvEGq{H7k`8uA1j7VQwd%@valSt_rwcsNw|&A#-NByFuX1P3m@e zm{z|$>PGfdRb|sx>Ru_wW!UQ|5fc$p)kjB@vd3Cs)DV|=R~wp&DmwP;b(x6pEx>1( znRQ|64x^Gvof>>+}{4CJB4QM+r^r0=DBs`>in^W{c%^_gIewz**uyAb0c=h zX>dvM#v7FOb0t-UCLgO;ii>RD3VE(!-4kwP&wb+O6#9e#Y$j?$jZCR)RP>Qns)|)- zojrWgFPCv|bq{%ctt2Vmoz!`p<=GAZOh;p1Zox0;Vroomjh&nwO$=<{9%^=mmT*5z z|5)MSfdl>6+rPF44kTw_WAeB|4^4{1AW35rTW1Sr4>*wgOW6k>06n`CI3MmgI5>asf6hXxTBb)+{%v(koPSy8PoH=&_ai;_|Cgvv6{P;N*-4T2U7ppi6O zj7&hDCXRL>J6jWwvzr~r^x@P4nOeA-fSfGcK|gwdY%Lxd1wq0f5s)NE1|$no1Sx@( zK?Wd0kP*lPWCpSTS%Yjqwjf6VkQ2xm>7eE01XU(kQ8%ykyjJs#W;sGMC*wd7vxJ|% z1a<;)yZ~_|krTF%ALAhTQ|7k;oPNE<<(e3^t(I1H`|kOd74MOjZja>}c3Us|wPo+u9uL%7bbzZkNhs1u$ereLTsG^5NmnSz1O)k6N z4+l-n%*+(jPrkRHG=`y($1#7v-3k$+OYH9pH3{PusQ^YSiCbWXq#HuL%Jqle>vl3;L7pR9Q z%RRnbA>U#-QDtOw11o>TD7yHyXXx{8k8ezNrvn z59R~R$PM+q2)%Mc`AvEdMLf&b>d602-z*;9*qE zH3$?M+=%JqxX5^2g0zpuL-7pCe=wdk8-1(C=sJY8FbYb^+7rWZ1E!Is7JTS0S=Ye32p^%@rV&`T^&xWXc}E(7W}cFS6)6jY>Fk!M)`W_H;ew_2$x>uFe-*x?h^LJ zSjuM7tJifNdZZdKq|F*akh;hpDe>eFn4Gud6wTw)9n?N!eny$}sa{3` zUlFNRcO<2oewIN^=icxvj-R(J3wg!b> zA4@9f5Z)=7=h@GB)eQCk4-QdB4Mv|908bzMD7SK-DElbcqretw$JtT?2${fag=D$j zepd!FK9^q$(OyzX*N$3LV?y02q%9%j*J)3cxSHH4b3m({Zjd1)Y23eJE-k5%)F$+@ zynKKa?2~bY#lG^Cq>xFNt$!EMKpFVwJc%Wy#JiS}z7P8~R88+2TyPeX?+6;@>uTw? z4PKI+M@)mLjaw@#{B6E;h3D(e)d6*t^0ljtYsF>*S2+Xwa|R}(;uO;ObpDX}P*6L0tIoo~|-~|NI&C`PtSBoo?oapo~KnC1Jgs z@vD~exi18AxEvfDOR>qx&n{APKoYd3!NxLDG~rrRlf$1sHLssV5U+|jCs$K~y6IMWGU3LaQ`Jr6LHJT1mU^hZl3BU5cZXNAMg^b5LQ8Y;kIkuWovJlfNQ*V8VdOU~>!DC#+IQt~n} zlNPTrdBV_{b0DOR*PFhB#m#1?-ig;|LvyemdBSS{c54xbdRGbHuam0Ij5DqpgG8c6 z7g(ke`05`2s@`Ec;7hXiva(fB6;dlNN;Qc93T`oKMr6d0cCz$buG2M>rzDKkEf*dR zPGf~2`g@*tj7s_v<1!pydih8Mspl+$Wgv_N<$P@o7+f&))@|*O8o54BvQAS^s8Fqa zx+brTnW$aF%w6UH$RP&ZxA$?Tm7qT+BCf8>^5H+T7xS8zlGs)w@M&7V9d7(L~ zU`L6BZuVO1I|u1qTmVse3RN-(d3`+_du<&h`%qy0nTk$pZUmop%=9_P$}6naF6mUv z{7~b0TR?hdN>TwdFJqEzWKlR{mOt`SRq^56yumjsFx0`9+D~Ysw6GmmcfwlWMXpGD zN)TW*b?%>~)eTWHz|h&qqT=wWzo=&MDmEV=&?mV=z)KuMy=}xt<&%Qr5oL!d;K*7R|$2$fu2}=)ib=ab8Om)X93|k0PkHR#Dc&&2soyi(HqSkYyuxV 2f_Wed-4zsV$N6tt?kp|*wRze6>Xg*?_9 zXRlp)I$$`TX-df(t~k8a!zYn1rRtnn z&!TDvqT!=s-Pa9V#6nZnTICciDLx<)3U?+5-<=yJ1Q@n!it=ZKTn|+c!r5JO6Xj`q z4WEK62Y7VAlwaT8=2V6Trr#}@e??yJ#0*xU?N`6dCPUf{u`v*uQ#P*+c68E^ibYOV zx0-U_W@770m;4Ma3w5Sg6cGq+5{0Wx~B#}Oe z$U!e^t3G?Vs?A32gK~#3H<|-KJoiSODY;Fx_u9mWZe>lFE!};F}>O&UDqwz1Fy7i%5w3I z#IprwKmx`+pSq9u>JA19v#CDiKVu4Di3;14={A|4azD-w>>nqp*T%un#jhX=d4BZL zg-M^)eV`NtRAOexF1{eOpl#e~rF_PlegUN2y^d-0luwM{r*tLg*6u*8tlRAF^vhbY zf_;zu5Z+FnlM4W@SGWnCaIa>CX9K25@I-P(N6`_xTW^!!R(!K*A-)a03F!w!(krmF zb{}TC<7A?vN`XF>&1p3(GWih0B<}Oa6E<7a%ws8Wgm3mOXF9MDKR5W+W7hC31BdPt zq&Jt8V22o#83}ne_)2nr(u%#!U4Bu}L-|B+|zr;dq^$Lvfw;&&uuo!EZ z8G60Q+ucEOPxuKqI4(OOcqSsyGEfcuuA?4_U##ccf9Jk5fU$+3M%3L0Kgc#$gO93a za`NLQEJ~9^jw=kWSVVs*f2kej^i*cKImFJws*QW$gr?)^UbQLaZKMpp)_zaeA;g=V zP%3#lCQ2|6j-#bkIoi33ko`Q)0!TUX2&(mIrbHgPAa3TprWBEqA#bWfhlQ|aS}6cB@;6v zFUYg{SjY87Rkkj5F!PFf(>^s9ASox7|I#N;$9fenJN!Yat%9>lI@vdzL>C%sU&QvE z?j@hU#SP%gb6ydn_wnn~P5>utD{{V^Z@A)c<{%p6@5y&icbAZW_udX=t#vjbL5h3i z?etqVw=eQL>R))AP?B=d@4afx7_k7p?Ln@)81p8Vc z-a8HZ5xR7?91I#KxvqnX0pILiLV{^6r8EBjv`b@Mf>?4~%;@3Qm^j!m>g0zOxL zu%saT6o5%T5nW5m6fu>FxKB6w#751petqK?3w==p(}5T01k z4Q#ub&UvG!JKf-wi^*Vec${pn%>wFJDhYuu%ZHazT#aRNB^=1|uvp+USA>*_md2LU%T1VUq`OX3{m1=2)#b)-y9TTy{G(siq6EHj zyyI%Ydqao_j@H^vlrTcxkdhb46sR#qJfefMj;(Hmn~AI39Gstf=-?MXuKSc|j>`j_ zG9gdgO>|k%Q|99^6U1JgeWJ0_v$^jof@S%|0f0I!%f1nOHmX(Qz|9wRsH={bf?&03 zg47mqo}5oLOL7Jw71-&l(Gf#9rC-=S8^~unx0=<{dd9n`p3PcYcF{dqK6t}Q@QxJ= z*9Od>)tyU_LyQkUSU#~QU7FG6s#DnCq%frq26E#j6O#-%i4ymHBKYmX40L%?NE3fP;#?Z(Xj>3EmAB7lL=>rpP zA-&OUpkKlZlP1L|i#JG5rrN~WVx2i3uLKua^}%uGCFO3Mf~JkPIu^s7k6>b{i#2Dj zPItGFe7eVs7Ab2PI9!B&e;bg$e|8(^t&fOI^+63Cl?Ny_@BMqcp&m9)X`YAD|G6E$Sg=p`#Ik31 z9fx_h7r^f5Jy1A{skLeKP~=tn zjvo2cftN_ket6ldjTFO~tLOe^4Q;5v;F(IghlzPkF-@XJ3F>Q zucCuH4`Q<|&1lxT$0H7g-FOMPsZ3lwDS{0h`eUJAdj}?T;@n~h6Udpi{0dc}zeUAb zOrp{`d07X_3LaT2*@p&T>w;ln(?BqJajT4|tq|lT=Vw}?x<_Nb7G-MS7kvr@&OY^M zZ=@!4YgF-c%n+>pd3viyiE(un5|WuJ>9xmIut z?UQ=+ZN#u~SA}P{Jmwm(fsu<4{(360k@w@=5;2mly(y4cWWiGJ($y{FV$B|kxT?Yy znUC|KiB&g=b8nlOA4hDpl>?XeT@oplEeU5=N;N%s|Cu^W8D{mU_N)nq@GGH7mg{?L zO7Oz$59S104CdnzGplqxXO}Kj;9bWuJZ};U7~Mvcaz-XCTls;@haJoI;^E?;$%+hC zyKIZ{I8E3&%*-n6K0TT9@V(AdI4CgdtvQukaeo@=g-r;4vwMr25_c-axEWnhON=?C zaCGchH|AQbcnJH{OV=k@;T!*Lpk8S-kA^Z*OltEacD1|SDp4>t5Bq$B!WXevQ8j{= z7nFen4EM#Blytzx8)FAm0-mTu0w-6Vs;0W^3z?iXqPriY&0uTt?uqNJJ-HiIXX1)Hn(x!Rq7H3 zAD^Mw7?{pWP3U^{B%gntNl!nwUu4@m4!6M89QK*o&vpY`?!J8qEPG#CYL{)xPW0Ya zruIX5;yk@1c6tPlCZV?u;q>|O;CiP1*tc z#!j-BAo-n+8outUDQ(uH%`QoLo17QAdRe|?w60!f=g^!)v1?2pK89()`R1Muk;9UJl)*Bp()#v;doy^RV~mH4mfrDOx%6C*=ZM-4V!{3 z^9J(;%&{US|Fd0@;M{T#?h(hEvvt>I-Oj+nSdC+`ZkPdkRvvg^jTIIsxRQ>`y|b+| zFdSul{UqeJel56uLo0m`$8CerZ%*McgHdTxm^7{)z|o=WHrG(!OX$xiY~R2?mixZj zRjQuXF4yJhrq)<^IjWCQb&`<;qqe&%PxOA~_ES?w_BJ=R?-73SX8&bkwR236D;1l!BM&XK7VfO||_?Hn@W?l(M zj54}B;3_(`*AG)?fWtC4``j7n2@ZZ#&6%=h3u@2 z|Hok64{#UmKVx-l|AN&4KYU-ZBS zxL6qfMBDxZ)*g|&M|9*TF!l(7{Qx>1>W^)If^d)bzvO-*cfafTv6A1F{*KnMaWXw9 z1%3mn9(w=4lYW-J^Z)Ghv(EVotoqshXP-wb=eM@MqjfA?ti;UBj6X`Yhmr|kWc=@O zs(+%t5U)Rws)tGajrC8LKdtiX0{pYw-vPWofjH*Bwv*$*)mVPDas0;n0sj8vG5(}q zHevls_YXe6@`nNrw!et&w_W=?{ke)?=;2bK|1nzp zwp0%GKTz;rj`5QR{1q-9nZJh%#y{Zxe+d^%{~j$^f7`Ra)8o{C9VWliUzP#>sQf1d zKlX$DKM(Nhnf<4L@JNq?|Chl6_&r+uCt_#)@6J~pIFP8Vk)5%Htr;;Z*WYn#_Mg#% ziGz#rPv#$)NWlLr9pFE_lKfjT0L!C~GBG|pN$iaOm<+(q_%F!-Tu98nWdl6){+SKH z&h@u!fJZ<3EggV^<=@i*eq{m(g5*JpKOz1{fd3KMcl#G)pN;YF7UKMu7d_y=Hpbt= z?0?9J;N<+j&4_?YM!^Qhl>GOUh`$-(F(=};Mg3d4!mk{VWaNG@Qbtxbkd1|{i_`Dt z3LE49Fr$I(A2J%0y=0Wk(A$%{THWNhgIGU??YpGD>{5QoAx^m?B4Uzbz^NxpZ9^R- zRE4EERLZkKk}Xhmg8VwS^(9R2@ypKs0$Yc$2Ck_up>x$EvW3Snjj8UocTL90^uzb+ zZ5tcITGa5X9J|0uKlCo}z#!BXTz-$M z6%)+~A;YD*Vy@@iMQ#C|+(??b5I5RFLh*}lvfP#YN3AE!u&PV;i@8bP<}P24qoLv9 z4V%v2M^)lEX9#AG2S;E)M;kAQtp%0DI^cu zvSL4jf}(^k4UaKS78mc&!#-h-;AH>wx^T=)Nv3KK#=2V0ifZTv@FRZu^#*rIm7#7z zpUt$IX&83xnIS|~TqxzoP>dc|L-?u$3CcCt_@|UYp)(>Hp#r&n-vX55E}k%V;Mj|! zQsV$gJaCKXDd=Ai&f4h`uB(xecE$XiIzt#fCU*?)P}9@wFG1BXKF>g4Q<&Y$o}jNw z-Y-r{Hz1O?v!b>Z_bHkjywu&teHKJ&NmU^n6CRtNOLL=7P-0HUKagUOR(SU;Cz;p( z+N^=^>0wS@SN%zPfVZDWr39%61og1uA!r;B85ydDLB8l;+1Na&NE=eke~U|!$5(sf zzRGAgcF`#Q&aSBeJVcbP%g(S@7-J;!-f`uCEq~vA0%4tC_5}hhj06e()*x$hR6RnT z=v6;`q0K9{2#P1|D zSD=wcN$dObBa{t+u~#>9b~0A!n4!ND{Ez3_1)e~{R2X~|kiZ!!Pc*M|BMSLby9%sW=|BM!lwEova%UOZS+ zt0_%OG`@b?7N&h=W;K!{eyFw)bMqdx+rKUffzyKe*0}u{sDE%c=XD30AiWm2gDK6X z&FC_{g-oXjkE|V6VQLfC#UK)3hQ8%mT2Z?guu(8%WF*yaZLB>)Bw$O@=Yy0471Pa( zk2rKi5+g{9y2=`j`;JdBiW$e-Un~{I@*^z{qUEA zTceg^tOwR2BWvIJr>xY}%i7U%|z-k`6aC$!Hl>;gyU5tj_8OnuUn& z6DU(lTi6z+iwyy9#dnd|F05_o5oLR<8u320!g%gP56Ql#fl(-Y>g1^@l9KxNW=GTV zhU3)`KkbxkCr`>Pfjo3(o_=a&gV*fWJ*R=C@2uNKiyPZ4YsS~hiL1)dFP0{3gf$|+ zGe%WQl?4X_o#COnthQ@K#XEx{e$(x&7T%7vcM|2>90DRUxtNI9ft58-a z@@c@ntJL;IQ*j==EKAoYs%J3Fh7j{ha&I^T)K0p4V*ErRyLUQt6}IRUe3SW?hna0* zZ3*q_rv#L)`&BzN7@Fmu^fmk4i~M)Hvr5hJJtE}4aMQ^paK82FwPoY0s&5tpK z3rakL{PHSKH95z%6A=?@GZSjBRQGUit|KdhH-z{e{G#{-KAG+c3Hjn z3@y3GqCSDsMkF}nG%9xR_&eqIo5bCySFWyZTd8KI2Zf6@&E#*oDJ9~)$A`LsehTxd zpzN5p@3y?-G-H(I&5HR=->MXSjadM`IPpkk*x7JWHyNNkhGELqO>EE^|VVOUNH=k@snUBP;SsTk~JpO z65B|?d<;4x6&`r1C`TD@krzM*P*@EhR>$y2>yjNN$PXS$4v?y&sV8W7mT8m)(HTu! zPGe3JPWvW73}<3=pw<|wQcf*XZ;M^~?2Z^ou`N7SBa1Oejcrr&OX;I9b7x!&2rXy6r#4l8N=A zedl)Y4d_Aw;0c@|*r0EMHi|VH2cAmI|I_7#8>(c~;7kn%tEr~42*DSKN z48<*AP~a$rnL^va+kx5PuzYPgc{oAz(OXku{0-J*-^}e%*g#5Z>L@2JpRZXTWil}m$7dWTdy=W%h4Ih*y&UeFkx>ox@85?^ zB5)kq1D82C(PLu_V`-*01g$zPrq;(t7e|+u@R>|@>$f<;*VoX^yx!5lkfYcT_mNA! zrYs|7>J1G+?%dG#cVkxoC%&ohbMWh7y&E;^ znzoW>k3O&S+5_B9^-eNt)%s~{r{U%}U8`@($1-Z)*Ezbjxfo5(M)4kywAn`clkhD^ zlXON`5E4RPLtmTD2eiGpPY+1_njY}gakrggLa%L4)*y8-Js|8jJ)r7CdO+MNVR^XS z3nuJj8*|3xLHG9s1=DtFpY+uYAJnI0Q*=U9KG&AyyH*f7yxrIk4|gOfMY2tqjo?-6qwiiQ3a zCPSYK(IL=p+(NW|>>HV+6=`6meOv8tyq;jhz8q7$+ED9oo*WgyMu=r)YAwovCANO12{C`Ully6_e7H@MZCU*g?}HtOmsgoT zps6&Wis->2pog@#m}G@yI^XTNZ}9e_QqpU-jMo~68~ckD67>A5Hy8SO<<&A?raZ3d z1+C_WFI*X?hghfUSw2p)F6Qt?4zkYYlpE^j+EgSO=6)JcFO8_G=O-(l4xWb&Hex>K zFkiqi7X?jbrJ9Qyml3?GQl%g(mkQQQ1s+mtH5ZLq3snZ%?Wdz=+jJ$tfj%RG{J5As!HpWTHhF^%7V6U9#xkcRojGZfz@#| zYF^isWRae3uEP8QaZ@Xx?kp+xH1L^}gAR;KQ*luI13- zaVjd`sho?Kk9n`gU8eqG*I0ZsF7diX-ep>>j5)=rsadXi-u}Q|zSTMELkmmmv+BCO z)A0+oq;eJw`-7WP5JOwr*#gG-r#LG>TU@^V_JTV=U1o&bI*hl6vI~e*7xI>xMezz7 z?SV6-W{Q{R3x(Mg0 zG$)GHQyoLpPRgD@qE$eqjG_SL5bcEs>u7B&pChoecxH45>|ngL*X9ARVH=Wqb>lp#)16DloiHmNSh_HO5Sp-HL5ACQOyb zj15Y`z>MoPhAk#nNg+y#+cbvKkW`KPltMcl?_$h5C%_&rYs@kyR3C3+%xxN*X^b@| zdlB23B7Knnu|dowLP!>q@O&U)gZhM(OD3xm{}kUNt3?3NB?rYN57KU^jBve6;222X zpg&>v2x*aC?#4d@yNbPy^cL}z^A+Ty%+{B?j=YV(4fmGwmGu?&mG%wc+JQfzxC+1Z zzm2;M^On7rxfi;Zx)-~b6H=6ojs;>v@hQHOe;2*SbJB?KHLTKjL5CP&_<;`EX~9kX zuzJ}@)>sxWY#qP$J15y{(w-KlBea6EqKO#)Xd>Ia==NgQD9Mk)cvRn~D{b%^-D!2M zjH|4%%%kk83@QZ+WJqsHZ$NMIwFW^wn2u~DK~{ZOeORM_j%6BdT56hRBz>lGx_Y{5 zx`w@yy_&s>-H5O?u`a4Ev+h-0g2~u??|hWUx$ZQ;mjpE&Z_-=chkx^AIM^lDWVqUh zz;Lbx(P+#kaC6|rkfR}2jkbCP9mhx~uX+|8D2Zb@WOMk$=*mcrZ~)E_szyltO&McS zC`L4wC!};&e6?|zgeto9Sa@FsZxTj-xEVzys)l5lF=huoUt(gPl$l8-vxY{QwJPG) znMWDmtqN8eo3D>i6|O;%vR`_eZTkht!m5GS*qOo*zG5 zCbwlDcb*_=@?~7TS?fNe98b;Y$s8QrWwqi5JmCSUI=y)ES1hB?Xpg8N1H z%?y^U9r&8YKC>K3Mn9npMA$ALul(<>1^-fC+JTzBwR*D_U0!n%bONn}^HpreQ`3QMq zQc?1EEcBc{qD^#nhJ9I)5vfZWs&h5frPX@dfm^pJc(1)^#`zDEZ+WlW;JV;#vFd5u z!>4jvMQ6f$d)t#5sQF)Rm0%WiseEThOtzs>O0uInEKyfR(K~KB@m6vE1Z3`Pq-n5) zv3+GDtHZMz|725o)9CBtqw*?;EKAyAFSUf2Q}W+1ZYBrsvwvFF)UWVd;g=3;({j@nYJ= zo0p`QJ+92ZQhzn!+9%hFu06kQfBlOaT{m~!9KN;Z*5lijx3AvWeCO=l?RU@L+iwYW{-!SEPvAeRPSkj=rihB z#+NI;to(}qRp9fv&!fMd{&mqeyl=^G3%~p5yZ-M@zCZI~&x=bh%U=b&y7a@+ACi9j z^v9APzx&Di^~BdZUbppUjA0wvrx|!Dt?&VGU$Z4F^R~lhldG_p$oCid6fl_w$gRglZ^?jz~z3ON1g?&A}o!AkhVqU~{pLG$2GI z1#uucRh}Wr5~qs+6C4(Q7UbCw*mZT_G@Nx(2$!fA6*T1KR;1}FXsiKHsHdGGFFl5v z92 z19O@9pr(?ug0{_w%m;%E45zd3KxKf-C@|zwRSZW70T+mv(g;?*rJWF@QRs_Ea0JN5p^=DC>8_*NmRJ68{!}V z-|_73CqdnyOc$ts6xod_H7R^0IwhhnCzeQFAt5A@F&`NqYr{|C6KoRj;!2hDzVz^H zP!1G|%GN&kE}X~z9?fX9E%DIId3c1}BRK&?B}Z!3ct}a_&y?gIIfJZVH6PA_J1##^ zIOIw?NS{hWnU;y-lcX-$ORQu=eC^}wHnp;uIaEmL;6s?`pppM}gv|fN3DQJtn z;=KfY@huW8VmPSU$$T2H4s~`4_6k25vmG$D(wqh%Orbk;FeJE(O0#klf*uOe=j{wv z?{`=%T!hVFFQ`*bt0UFRpdK$gU4AewLMGOgianx#Z2*G=6f9HE=P1yRbRv3(Q$pq3 zRw&K^1_~&o9G%aRs3+2eP>+MLEU!@;){x*iEPT#}Y3d_9G(~?Q5+J>A=fKHu@{8Y~ z08U-{J^Dx}^W!}}yAXYhIES~cb9Sxh2o?GrkGO&7|NH(6Hw7A5$3c<$9W3oB413Im zFXcRcIQKZGhz?Iq0*Qcei^=N~sxQ&;sdi#_`A)HJ1f89d39*^h8bq)Zu~H*hqO)cvzs^7ciz)pTYMbXYkIw6N88L z3lX*yjA!KtTSdY?3>ixeru{_J@#Nwd5Cr6Z@sZII^eGDEqj@keswl2_%uN*LG^D13 zT#%Q7@zW@x2a*b@ZVi;dSuS=2Tfr|_@pqo7_ zr=>`M=T zgWyoOi^rj({+oaqHjY~+kpBMeSx9sVBC0-Vjud(hN+9-Idieg(!1IznlJWSjbn zHd1{PZsLh8<)L9AL4giZ>~m3nE~Vb2{*9v;EvLiKT22*}GnlO^E-kO^Exdxq6+n${ zAN>uR*m=4FZsG)M;-a)g{jV0hSd@AVq}cG!5mO$rMAOkMWWTsU|KvX58S}54zr>9X z!s&1ZwEw~PiPbrw`Ss;33$fYg^nt$c7O#`G^@{;|7wna72|ExSC=LvN4t94x9KIje zgTp26^#}Sqf5IyVUe~Sx-!2g^rp<5_)#ibd3&m|Qv7$c%2L!SWdS+E{H|Ta_j$ z1h*NugN7$`xG$@-vZ|rpg+sFz>^+F+FlkC^umBd&+Dxt$c6Y*@Hjy@+b5?%`SM&TR zZZIMa9tlF9>iJW)z%e5>D?TkL4-_*Hz$NtOKp`tIWy+y{B$$dlnjndi%EW##hwxG? zfq_&_W@fbj>QUH5lu3#Wm`aMpD4MQUpoLUJz+cR*Wxd9{YSJ$xBo@zd? zeGMIkJzrQ>NH*U;*FPfwFiX~N)Hknox#B4lg@=pd;yrz3VIT~I=0|phZ93rZ30#@| z4;;R~`=F}pxS*}RxB;|*3x~Sary*V@e}8IV4k!YDs>bH(?40DRh4L)gurek=a9RdC`FXap447vpf2Swf-bBOSbM z&?jp4K55sm5Fiei=R4cU-u38#U@Kq;9E#l<_V;`J2;ci9dWw>M|2Fq*>STZzVnf^9^SnmH(-*T!3abrgDqnHF%ZBU6cT)bE2rEr0CdWoH**n0eNav z2KGwXAtC7jdaEpKHd;0~J+Tv>@oWw&4g%h~4qkpX9^M6IB0*?nbh&Jpi9q@VR90?( zdMd^v*E|OlCY9sJR2)}Rolv58|I(QoLqUyuT7-zW~##< zV=sWibbOjeWMGVCgsy)KCxT8-Ndp;wfa%VTIU*eO!nPC_y)Op0_g2vRGUfT2_Hp!B zKC1p%<5`}(hBA$3=^dG?H<7?Tz&&nZ5~B&cIF5CwfA1JW>5P}`k%RDe9?A}|k5P@kW6xFEmgr4*|NalIn{>*#1+4rUSh4?<$&qRdC|#$roNP z!+rb;H)@jPrB)mX&R+9V3sQ1`ZpE07lh9zJJZg(3PRJGX_KcWZ%^X8IA&qkg2JyIR z|KMOhzp~((+VZm6n&5I@AvQ8;ONdI1Iz3dAYo9{tPgA*#YD=6Rgi_q;!3j}OVm&#) zlr)>+HWs?NW_#%!0S;n+PhWTMa7SEe z2L-`Y9dhTCQCxFnN`9e254-;aWh|B?Y3qpT(1Y|>4}bpL>N4Wr6wW;3*aJ>7r@GoM z^md8dng#Vc}RK|{QF%03En3GN~I0vXcWMlpRMF<%Z2GANP;e(_Rilz)hKqz_=6y_&i-)gGcb zQhFeLQ^W&u-R#2*Ddoq`|VNC{xXB^(twz zbZG%j3DnsqX-I*x@N&drDyTTPhBJDeibHES6;uTz%au?EFefQZEY@;oERDwL9#|)f zT%M>U+-7MJn(RU|@wW>L9&32XkcfWr7r({RE>)>lsYrEzCRq|nsD?y^9EgBCNuD5| zhw}NeVNP6sVPYZ3!R#q7t2vEPAR7tYmXsy$n+4xP9sJa|wAi$m%<#;ZOppn(3KXsI zBY1~jdo44o4%dFOiDIfC@8Voxgw4ZNgy)lK%$3;*M?-0FATe>HCRdOt=&%&0RGbYp z>q2uH&Om$85>gXW6VnoPv*l@VAfAbij*AqCB+yrXK{=#(D;ZH;w_@bS0X>AenY0=5H{cj}+SK!5} zR}b;P?Yz84n$3(35&gNg`KS|pI5IRq8kb!eE08xw6yfZ~KP1@SvD4=aB+lQ09}3mf znD*M0yM|XzLN~?c#sV>r#05q98=ye`au_Us?gIc6=z_Amto|&#ZVnQ)SeTHTlnZioL1}(=Q#!7-O+uF^Wy{NKpdR|3pYM|`&BXC5yCA;`lek#^ z*C?vcH9am9=w^Y8oT3gWfIsj{y3#UKnl9egI#TlCV>YJdyi6)DB|inT{)SvB=86G- zG_aP+%;WKDM=5CY^vGOricx=u*X4lNMZQHmmiXnKFnP3(ub^O{`b^`0!@RtK zH0|bs)|Q{YW~&WGrtc2!%n8t?|aPPIt zMcLOfbd^XU8Z%v$+DJjd`YF(VUO{<-up;js^bxe-e*xc9R@W6Zr06P;p@gnW%8kR; z78w~5=p7#y87>Qxs`!3g;Z2|b6c%LFrC@A0Npk2qP$a8A^c|YTM-(#iIVz9!Ow^UY z*$Ub(GNT|fOHrT_K7{Xojb^0BrN)6cT@W6d;F-io@YE==8~OM+dE+sEG}rvkR;p+6 z3evJQ+p$$S5q3h9sezZoG8w}wP(klcmE?hT1~$_mH9I#etFpYixEU}#W$rkS^Pz!d zRFs7#eg`XPixf#QxWK>+x~{viqz^E|CH|&DYU3ip+ z?>L`Zv(F}ApS2)-*rVEi8aMzysi`@0myS)f5qU&eNyc_^6Xgx+cQ2Ax9>cIN*>Lg5 zYF>P*qr^YvkWANCLI*mgV34jeA86kv5H{jo`l#6L_mNVFAE$Ko-668%AFT!7pUeTcr{ zBR>2tDI>ZpIZZdZG)@WfKt*}(NevQJB6>JEH@azMqZxk&YDTlv@5PoRjO~+^6=oev z!&Q<*^s#tFck{=!Xgs=-qoAI^!rU52!hYrPyqpu*Wok@Uef<~m$98Dl z&K_28=3Q; z|EfL?d$1e^@^+k!OOMZp&(KXwjmwD1iq6sXsq(E!$`F@^mc#)j9{(q+JX-56yt^bJ zE-rT6q9eONq;7nALS}kuN=CY1_;g3>?Thu*e7s!Iw|8QHT2dFNnhfqw<<_d_s_*gK zDK6gueZb+mrw7SWqtgF#Ct*pTLe?5;gBI|cs6i;;aBE{L6iLN;ZJ@QV zrlPq{S>1F)md!t~&Mj~+&=A(3oS$G1zrwhR4xVo(bg{QQRyXF{bMa3K|5@E0Nou zXQ5lAhQLT`)H;16_!g!=XR9qn)?sof-zVB&gNQYI5e3jRU|em~eXz~pWY7h`zz?2& zk6rjj8y+FrAvD&-Tv!bkVn|--r~+__feIRwf%4Q740jN70`8+&2j4^|J!H^Lfu6MbjN-!X_PSnB z1C+7~52b&BW>czEQC!w_ux8ELeF3&^LZ72iu5l}wEuNY+jj8efqND}d_QKlg$)M`V zlc`)8e5szmLmyHx*Ag2+3-e|3v2(2@V)qn(LCXGYX&qo{OUvp{Saz&O@2=HHp9ZCh zG6IA%4nu-cp}DDI5DsFK;}T;;>5(ZCz*xKb*bBMGT&jaQo68mb9RjZG(6vTsx84Bg zEp2EmttjgO#Y|dKYC?QWe3V?^<>4-|2e!aHdq;HzoRpFQnv-kz)o@}jjj~Y#ucB6e z9upH6870F)#nQ;QFufqLqO78%pizhu1gUC7pdzC&_kp56w{WgeD12lKXWQ6FRqES! zNVPR~XQLFg7tJk>>AqG{a0=)`9}3xye#^N`LHCiFoFbfQq{XQsewqAZ`&90cFVH9d z)!zuXrC#Nt7Oe~69!br@PDJm&`jF^<-_@s7B-{r#@p{!qG2Z_=CKl_|{!eGL2t?nTdNU@M6@pb2YU3fekdo(qmM>X&qUYD{ueLS&pS_hqz5 z8Xv6}59Dc*42JtC&(AkANbeA^5At*NIU;vXFk&`&QSiG49@=}H`lWQJrz}6lzeK=& z>8C7+F4xNf>8TkR4Eh95|4QwDI>N_zA?>NrgLo+iDfNE5l>hNqQ12eQ345$S=r(c| zxdlF@8;iv5!at2^Z>h{%V4(F_Ba><-gL|9rK)>r&_oi~cg57GG$G!i~vL zZZ0BMY}4PN^!;_Ifcq69%tE}kPFwJBE9AiU?qB)&zQ-V%_*@V^i+B5fK!qEyWOf`r zyko7+nP->Ey3X_q&N*1k(rJ1<`AcGzO!ci6&35T6J@LL#FHC;Knr zRZM2L!(5&@OumRT4r!|$im z8%EqYqZ|ufad<&=VQi^9Jr?*fh~714vqx}E*R!6N$7=-{X?dA{+35`T@e}wpy2V?# zojZ8DG*5da+cdm2QAzJijVJ*(nA>oD2U>rR&MM@<6&+{}^$j#{ zyboCFcwmslKeYTox~ zJs-_-f-9*kDQ7L(-~=~dT|7pnsK{^N5D({EUGP)XrSV38+tnmz4?c{N_)IeZdAC}p zh6LZR&xY`zPQfYVwZUKRorfO)sK-FFrEmh`p?3}EAU!nc)(S|R>MH6yAvlVbBlZlm zC?GA24^OKn@<3QZbX2rokgLoMFl+7Z!gq&@&XraPi&d3*wSalnYl2n@oi%<9`xE%# zKlqTbgdEy`oPyI%!5x_TdBF^&rC2D`)jWMhzIAZ33jX># zo`8nmFCAmUL$IGGT@mhXzTRe6kTtLYE(LDo!OiY}XM;}y=9?QAzUUB_c?U*_gQS^} z3b8O>nh_0R7_UPG3Nl~h)Wl_8Pg z@iAe4!lUAd1h-^xGNVE{l&#Dt2DwZ{a9L1La7d6mL!2cNsBAKVlJ|S0h|`Z2hh>Ln zL;)sP93J3TB&o^IP0Oheb|{L|o6=I|$*g?5E4P-Q_kccw-Y*+_EU~Xb-Bu4{Ye{ew zzPia)Z&EMhp~)1kU!Rhfc~N;usmjYM%q#+bOn!EJY+_P;Vw^BOIx!l=G2tZ)JT zWt&UgA;%-ZE&&1;OR-(Vr_2mWj#q$9B}t;TB`3sL#_!japmlP@`0qOmbR(lPv(i%2 z)3bz`d1+Z7hbfa5hWLv_0Zxs+{ioU+Z#4?)Zxnx40e7VoWDjTI3c`jGD#3}CWJN-kSQ%3ik7;gsaYGW6W|TsC z8B8mk3{J>SL(|id$ER}tfEVG1JnnDT28M2&@IJY3K!`quoUmePEvVG(YN|cfR3i;f zOiYZA7eqwLBR~Wbs0y!cP^ubFTXk(PwLG}dTIKWEc7Z$vLme>OKepR{+HBo0xD!rV zF1+MW=>?pbLmoc+T|Mx?(=)O%1x1Bf1)z|r2rcpV4i5IVJm>J>+3>M@$3%7OE(=O1 z^e)Wf)q@jWefA7@q{&0+88FS=%iGn(rTp9;fk#thIjCdWYirsCc$w9ke}V7fB&?kc z!!#iEJiHt1VQiXRdYdbM%A4wgRc>*y$;oko*dzdw0TUCKncY~^aKC*6O?>E!jM?sI>olOdXP((^Ay%60#Tbh1|clE>BmC#Nl~8kt;0f)}vh zg=WXslxGDT#jfuAEL{){&;)?UMl_+{ven^O&>3(HbQiZYpE=ck1{nY+GSE>UeuAb7 z5(9XTdl3h@AQy)jCMFKQLucsT3)xSFlSb~yRIzn1zp1DJx>r`z#o;{T9t^C!d=Cax zP349^88N{56ynT46VQjN2W)QjwiY!v3s0PEd;}ga*Ie3n2(r9*Z4GV?7J*w`4hg-S ze8o6Kxdm3Wov8VLy!E)Sx}&C~9uT!K8u+s&H@?C2k=P%^L8cfd~Ufyc9Y{#}0X4|iQ@%YNs$GGRu$6ZOr)iED`m*d2sQO>(XkD5YDHU8t^Vg?d( zw$p0OLAxP;qVT4QeEpOSdo*vTY}4mR>HLhm^z_t{tm5=s%tmu0UP8?~c%CuA5z&%p zX`-WMW35&}uS$u?1p^vd5tGW9G@_IpKX6n1MZ;w9&9#Tn;6ys~#_V*&PQ8YQyhEv> z_(C~<@Bv5st#>Z7yzX_(;pw%8%Ho>(((;04(8%1h99m_vb*qU>wpaB!flJ6IyKOds z<+|Ksi!NLI_UK&YmAitAI|c*JfJ_yALzzq|JvvR!^SLN*1HH^ZeN$gwlbfx7rTY;x2f>yNymN?Zwi@2daE~3@>lE&& zw|VcS`aHeKdJYZowL#hwoj1)2@)}di50EXv%hV$`uM7(s@(TAmN_6{0<4vKV_@^ z;Kw{!hO31v8s{7+hJvf$rmwzjzXu+F=>E9k{-;(4LY!PN@t1gsHvR|eh{tqT(c0MoJa zbs;`m!kH-gN=j8`ZAop3qFwWUE)DhqH%iK{mTpspmt&R$u@^WU(dk#>R}zr9Ed^KC zdVv}_Pn`k9oGaM;@nIvaHbs`B_zxE~L8(Rk^|{Hg_Myuy&GYod@C)8qP@Yr~&2X<@ z2x+(2GHtoVj`jXwSrx7VpAvDF=4EM#G}OI2~ zAVxNprs4bxU}rRdr+&SiPk^iaCS&)xW1*4TI{(Yropx0r$G!54_$x2^HT&NUx*By4 z{0M$6_`Lc;&4s#_TW6wwi})Jg^qeH~)USBf@X|?iNhA0_J4COWpMN)Z`4nWZ(>@;ON;kFNKNe$sjJLyk1e#+Ed$7*#QcejQEWBxX|!Wu^=JN z-`_VNIyN>o1``3kW;-%2VaHxRw3_liEOC;$4eq{@iVfWgp5_IAIEy2_K`02#5a$^7 zhi4rI_P{&Te&jo@iZ_MxTXBFIBM}lLQ zf3N?B4HKa$FYjt`M{9rIX#fgK8wLwnKqqLEwFH;DH}5UC2F%jUyG)&mL+UGviz^D_ z@+HN>$iny>kj*rI^wkZX8`!_iUS<_!CGguRvX$E=JLncuu{$)IXkNbKn`nWRzHgZA z+)L`!s>!hN!J7M;myo<+1dsdEYzi0mIne0p=swO)*o0Qzhbv!SqPahzZBtMz1!Lh0 z4tg;TBe>=%yA5sT-5IE>YVEuEtac zmA!eegHRo+w$G;S>fQ| z)#}@Tfd+62dLPZ7YrbH6fJ{-Jm6DN?DZC7`I9n)xxl2f=B+nh_9s%wV9v=Jmd#?o> z818ZNcH6<8{_5T)0r#;(W~=Xj-VaYO+2uhq^eOxZ?LrP{8Cr@CAS-B$=0T?$Lj^rA zg^_g}WT4jL)g&o`lAM$5#Crn{VPS3}-w=O2*WkwECrgH!+JrR?&8mtd4S$lhs)rwv z@WBm#Hr%fMj0bI~B9NY%meuwZKRQbiDvuAv(bI)OB$6j5Vb`Ce8=sz--Ov#$>l8rR z^~5ePk6E~T-RdxLR+*2$t2{V26fnNh$Uv9=pu3N6RUaD?_VtzygL~kXsPEvALytu{ zdZ)DO34ffXu2ZsMoZ6a~B2EpB^Obq%#)c<B}JhU zvCJ<>5a<&a5)v7kz^|e~MP^N2eWo(K2;?!P5k+BP5=mHOdU$52AlEa)8~9^4?ouj$ zD)MXztBA~w0E|cy5f-G94nzxEW9#HfSzavvXkbK~ee~fNaU=+2LJDPNML8MDVnJv0}JlgvARC4i4}u4XLgvFRQK&F89N5ni$s#kF~;r7N3^M0P4W5 zAE$C(jyzPC@GwDoNQZ*$so^OM_feXET_TX`nSu=gR<=7WU2zz}B#Wq9es1s3!E63^ zKp`kiDNpH0J(pUl+0vwX;3`fKWwXf5+dK(ULj?4wE3`~Lo`Z`dB<*Z^#p)8b2 zbd8rpNhG0e@?C)W6h=|pm!&yrrv=9-I2BYzO)ab&|X}nFozMIgbZNET&3jy~L zw7IU?D7{|iwLvgCW9%j6AAbCSedV9V2<@i)ecbS(TF?l+8%b~*F1pQzMmR?5@7lL) z<@vpjpIy21_~D*Y%Y@OMyn#mRb(VqN_JN}OvPfY>ZFC1-|K6I~?lFR#(*&nBkwEjy z#uIGEvp#&-+Opf>^r_ySQ>PAp_gV>4Jb2A@K5lM4zOL@RbuBG*wJn%hE|m}1U4{O2 z@Ppc*ipk(vDg0hJ)i#ut#^tz~O5{O~t3L37QVHg${#$&{@>dP+g&{sXiN-!AC#z^MG5XYk_M@ zGB&nkCVYpNtE*4@z`2?VII%}?fPVBFkGt&4jLMc_y_2BaHPx6wD>N@nA+P4o+DJI< zF8kFyURHc|T24wH&}~zH$OHUC#U7y%X*qsEsdsH;c|rrwy+6=!yxXhFS{|32Bo|g* z=D1Tw=W+h?(xB#rm;a}?1;?qZ^?y%gk^Yqbmgv5D=jIjs7jLyS$ANxul7k}t>1`X> zL*GBa>7m!`=Rn0KPx(wfMjwp|B2D*^@;#VjfkPZa32_q_G`QBxh;fMSMXcw>6D$fDzWDw)9 zWt~TGeqEpdn!vMv9JB*f^ZbV+&w%U9cl{S`)|bfxss+dh4RikDbR)}n9u%513r+l) z<3T|Uue(4&4a=J};wrBSc!TfB;JN0t+m&!Ok1N`F$UVqT&lR|6^vnk+uLHcTW~x`m9e5!9*${ZT4tTQeD4v^n?r z&8gf@Sgzj9<9f%)V-n+#5FUviEZq7fMTt6!`_I8qX$3&cOLtI+ItP zUshfq@fY~e`kt~_|6n}rvZ&~=uxUY%X1y(p~9Wf2nc2dRgUx!~F-yNd04Kh%RWp~Gd#W&a^zc(Yh_wCzhcg^#A9{k*0f z1(v{&L6$4f1jOHWRM~$-0MDy!IOyr93D4tFL*20Oy4~h%YgvIwb5fqxOUe7}|Xc1aCmM$(ri=ZX`w*W4J zR?reHgiFybVX`9+pHD$E&~jvkrXT^*M+Rsr6hKqB3QmR7p^5Nqhp2eY#?ZNc#XGyF z{HS8RO}~GE9oFEzrL)j9r2E}m_`!+ZlIB+7|7!0#z@j*}wgh%&Zkksnt01{-swTP7 ztI?>5DJE(Xjfov8R-{T*dS~hE2PnPoQUs()Q?Y}BUF;goHEJ{_CVELoJ43!r?*Gj! zWl_qa2;}B}%=3f?w#>|T`gzZPd-m6qev59S(>`bIkGgI5$~E5o^)9_Ng|C_z7uqDv ziq&7`S`$?2w{wj?e&XX22N-%>v<5#fzIO0catQQ_58t)0%H857ajNw>jZQPSb{#!! zsD`OTjZ;;qN>>3@S<*MCN+M`HuyW1FE>V@Ng$B4v{3aK!VNApw27icu<ji|l2*rr}Jd~~ggN`0>!E!|6$%r8*TvR#3F zrDlGCJ?NPRS~iROPSe=G-|_KyJgn?i$R9+FGl>>=CxQK;#lI3I?)DmZk5(y%x8y+a zE)Aw11Dz8vZof7-ana)4VI*Z*!QfCDtwhL_5A7%MLQa0WjcMF}MVBvJAClxzV4Ule zftX|Ql#9Y8|3=Xy0+`J2%$rfzxJOhY`=mjY3^cnh^N*Llf;b#^NxE8#6_H%#Xz zm0!hU@ZvU~HxI@TA2%0F@yjpwWNnYUB$2cE*jINsXj$hgYk zf~le}m=11S=-%ee6S7E7%F}hgGZ(bMT`ImDSG&FDXTJo!E}1(VGrhBs{>FQmJEkK1 zSi^)L{4K}n-J6km$0Rs+m62xc7Y&5ECJ}Y*HZN^a*Prfx$Lp@1t+xPI}tyLpe> zRWI-bZe%GqmhwF#i%M-++B`)(b?x~lwliCPXpaJv7M`4<#p;n(Nl*fhcqkuNT2mbpW8s`I;f@u#CU4QG+G~V-d zA#5#bM56b9$R5GCgvA5LKiM_}x)VYyr`b4w0h)PlHMP8}i8%cD^wAq%tO|x@v zSFzJ|y6g`RPt8iXn_~8d2aCWCqXw{74IvZ`=b{=&=u3eU{LnIuFtGt9s!t=d%Cu3R z$TYltp=&$QKLUM|$aD9xjUdlNf`Xdj8X>-V1bg{^0i~K|?-0SJ*vq_Vzdy1YFYzUu z)zH?cC`_QJ8szFMCS!kslVWU6vzuFqOx$}UGTE#~WP**Rthho$RJ9n70uPFHFG`HB z`s!HsgeD+`QPs4%rx7gnL(_u_?!2ZAfm+Bp4n;?`V9qz%up2<^9p~#76y}Wd@e|aS z*A5?l%GrW;>mN1R_V#L<09RK-cTcIO&$5kvdfB`3v&%^kR${x#!QRMZvE=1vM6M7^ zmtSiu-I4@MPzjQNJ(yCw4CZ~1ShXsT(Zlox#k@D@I@0KWk|}(<`((L|gX#+&DAU42 zmH$9IR90Q^Q02GqP+_{cNz6{V>pa=9Eohv7N$qHyv3H|!Cf$w3Y1gSeYF(*^=V1(* zM`@Vy64grE1xM?2;r-7RlMMdaEusQBG0D*zL(+rv*;Dzxsq5@Vnmaq2dj_sgcQf=% z4dkJ{9=<;Ac12z_pnc`Qr5eYI`8g8y+P0#MoPv=%%*y9}YT^8$jp0VG!flGwQlwvh zmhEM4z1Hmm7l~tAzCx64JTWh|MDH&5TJP99yyl%5DJb3qSfFWS*Uqk`3PvB6f@MR4 zrkBJs(MYObcLiw6wNxZa+OUIHyTTqAlxpbw$V^#o3k%c1VsZry3}}x&jVBsTrDR_x zrhLJBt#NpnI4>@4BN!fDb~nk=0J3*~efD|x@#w#VL~~d5N=5VEs&o-BV0mE#dj-Do z7qgABgg6v$03!7LjzgEdGWAq6Z)dHR;i6Yvd+-M!jnwd*p2C3c(ZC2(+p@);VrMS4nq7ly13 zTY=n}6&Y(c6{Y3vEeI>{uQBxB6PXxZUT9qAx|ev0tp!y_820if(K$}L3@T7gYRNVx zo_2K)2=PUXn^e9-0>24pIM9a28sIU0@WBMMwYeg27B>hmNE&Z|-S=XIl@mIhglHv+ zA;H{__u2BT+Sx-*p{1HgzN3|Y1Ho6QBkt~74g}u^sUjwFPxX{Q4U{Ua`MmoSb5Jp< zVSBE7ae!JL^izA8pW4|eUKSG=hw>P>P5Z^*M;D1)>GBkWVi6M?9qJ~*i8OMRhOUfY zTwq~t2TmQZP_)wOe5y{Xvs^{1v$+Rao#mR->fq_zvhMFlU5V}&H}S!L&YtQBe*z_X znJ7^YS=&G<5sdr1>zsCQY0yQkds%1>@>5)`=VEy+;@&*1-E0n{#fun zdbFsY(I8g8uX!KVW!fiysNPAE4Xc!o&xiX_{hkJ^2hN@cmzo-IUCRrvqM>|A17Z}q zL`&Cv!^_JZfmeXt-9ZVT?5z@VS=dtS9VcRac{Ol0c#smwVQ}VWY1(7Q4jR6)zcl=H z-otiPD{fWpqm8<#(f4XlBaz&Loq|m#3}=75=eH~Iq`OT4`*Y8KFvd2GKg(AnT2$Uq zQ2G46Re8q;QTa1ma^Dp(+MM&XMhNR)_dFVmG|i|xS^?A;(3D6-!m`y8xb&$d7}IJA z*j(Ng%;cL6Y+kD|uxvF3%BP#hXj&2$yf@IQs?7Ay;NPc5u*&=P;Z@jPt)8R2yPo5f z8qh^Or@AO32Nf`Xd^zV63+E554L5ofSIbk%k$!2mr-Sucx0ymY=dL+C*fa}oqPW*| zT7J5V=CZaik64Qj)UAb)X4b+;Wi8kk-d-#ld9S%(jnqSeChnAm&-*tUo)H87aRy@Y z;M5sy2x=ZK-a~ChnVzYpjN%6V&jbaPvRf`ML(Fb`ltN~I2$_U39`LS$Hi<5CgEF2f%KpNS}fv^WoCpETQtr@10e>SuL)lsq2CC7j+tx8)gX$1o+n$G<7|; z`l1ehw}F2#`B)C^)ruX?HBz{=c?LfJ`wY>Uy<)KCmcxAIa*=Wrc}bA82pYG;&YfE5 zI>@hR|JpoByfe2jz7jFF550oN*+n{snMpq0W1Vh{mLdyp8=Iv|ooAyt41VOwq+c$a z+ID)g;kGLqff5R+3-RBG(Rpc=eTe&f!!5>tbiGr2UG4V%-4&~`8r!z*G&UMFw$WfV zcG7UAv28nz+Ss;jJMZ)Cy?@&K{~oN*ys_4IT;rYxbIfZU3^JMDK$u`nXV%Yt2rYhm z54}Ey+SO-hfw_xQoPvI#yWsebn{X8<`@C0Vn8FAy3m1s#7`^2%FX#=|bL~A!7s_aB z0*JXKC|+|JI&~YA)`ts$$kIl|a9rFQmPZs(6c$~9(?1zQ=Kbn)Qoe`2WrhjwX8uZ8 zAL4wor!Lo`0?^o-kx-yB%*z;cS@IS?Bk9c0s$-?>#_wUBCmRjzsHl31=eH~PXHDUS z(i&oMPR|HcqgNEnwQp_&T9M^}X|-X5x4j4?JDK6oaEy3gP@$<-@;rs^!z_`5qb~vD zoGW;hNf2x12Mc2af}qPj6Q!OaiNHD+ddCz8ehy1*V8n@pdfqYjhLrKF=efB8FMy
XSsl-_qo={lZoyf@!wadGOyXbc;pEY`anis2RIf_CzRQRtSCCREaC<;r$`}lvX z@Kufo<*`clzHU3-b1l2Gtqy|x&WaE?bJi=}L+!rOpY)%dSKq!hmaVR<6#SGz!aV&t zJF2;(3pm5hLO>OCpNo5Y;pkVCS`-uc33-zSLS=J9T=FBcgMdF{~%``G4Yti zA|H|oyzyNKZEx3!qbtjq+FQy=lr!*7nb)Y=K^D$i#;@%b`=S9rajRL9!I<{g+{r;!F(Z;D(b(r7MH^rq7o zI-ExM{&{r!G$UzJmpcq0?6lK>EMmV`De$n*;8kJe%cj_A_1OtV%y8*#^UCv0Gna?2 zzNVeVc<|`A(@b+C4tvad6%Ve%maHrOOkiynmak*=OZwWbrtfmN%QyVldbp-Zaa4OI zg(4fBt<#3&)}ugtC#&d{v(1-9J{2lYIA+DL!w!L(E_X7O=nR<|Bw=APmCW>yqtE@7 zAAOyyymBa#RWmI6NtS4?j)=Fv5k{h1Xv*`zG^`end?)2lbVYPI@@EN(6w#^9{QzXz zI4U0)G!Mllwl4@m%3{B@;o2$6S43z^92OV@hEKL4pP_VnHinqod7_KhRo0%6sBuHU zNB*Q;b+iIYIkuONZiZb6E<$dC0u>@&G>a8*W_jg1#kL_G8tA);W_A~}&PlBu3=Ln{ zh6z|>SOT_;b97ejv2^EUJ-edP1%Z93^|mPGJdGeF=Y#=i!7ujEy{@tG&rJIvPTT#* z#wi1lCQ2Q|JIDO;p9hs72X&ra{v{}ogbWN$(dy?O*q|lKrHC?4k zqBuGbLcgWq9h{1zldrm{K&T`u{CsT}(6yLreZ~*nB{vcIuGGfsz%#kvgDCnn(D;bo z$zS%MT<9Jzx{`{@a4CBU$rB*ukaQHTSx88BV%VoLBUTY%*RZwvt3RPfdJVSPV+0L6f zso>O`dNe%n0$6>647ptq){FWf={XluD_?Q}N4&ig&@q*hRD`2Mq4`VAkwEuiOvBC| z9)2MSqr_35yd%v6-7qh#F03`pduvJd303Y|!82!y^3XwWPih9Ep-)n=V3PB(UlwS@z@?1-BhUg&i z<-+dslVj<&D$L$B_c(bQF9T)=e-*8UP3bL*%W%a--T}K4Ma8uae_1s-pF_=g{`k!8 z+x7+*$IOvM#|(xPiL$8Gz3g1yA{*mEQicGP)84m`eZ4&%Za}m^JA|<_<3p=N!OU-S zD!}BvwuPdS3eWZaoPmBsrZUn*D9=yyP_NE|y;A*q6TWV6iWZH>4Vvy(?!%8bFCL%# z!a<0*v!^NehTbFAbE+%rccbP?>d4-uBEOj-Ux|DkRz-WnCOnC(DSeq!d=z0`8CwmM zH8Q$r8zAf?KLT^1``A?@U(z4AbR*l%Y{(yHHxKl6kM>z5TGtEC7g3%%oI`O{57G~2 zXrLY1P*U5kdZ^`V{9R=9J4-b`d>!5lRM5>vaay{-TZlB~+ZA>{D^i<;FwL-WUt*T2 za?D)eT`w5v9J1hlL^>UJ=)M@wP)t>q9~q9qDh&H6-~t?q&D)N*mye7Dc*@$kn|R5o zewuoRI0X#v2m&p1;WG*t&X$joD{4m(Qw`DH6>IzLwFaGQl#7s#jg!ii8|-e`cJg+6 z)7F#J=w>aNe}3UfZYAmnRaTNHiqI36s>qXwpj?$6L~Rs_dS4cQkO}xBea;2%8&GErgX=vHMJSEJ>+ZH~oNg)l5klCOLV%XNEjbgC|r4YAQaS)Y%oO6r2bLE&jc zTcJ$=dW~+iUZ}Ef;`iX6Pm73F*K_gdO9=k;)n0(^GUQ|M!nSf|yl7Nc5BVlNn)|^a z%lIUVW=Y;sK-s$S$Fs=vWTLh8X>sqs0Ub=bz(q5boE7Q}Q%WOOnK`zbpWc{NoJh>7&exV6JoBj`Hhu+I(1Aon*><2ux@c#Px8zv^6n zBI8b-WYjM#aP%t7V7c}gn3L(5*$85>I;d3qKGXk-kJU|xh1ESySPXaODkgbRCnD)s zME=(Tp2<{U$%tvPm=-5G+;plZ>c*A9k{+O0^7%VQO=|bfreRiapZuh0H-wd~i&KRn zH&>ErS$1)N;4TF_L-+3<%IjEbUiHXpGImohM)8Qyh+*VBnEKhO9 zVx$5nD&79p!;&NKsJ&Z3jT}e1RPTj%Z1Hsctkl($J(Y}^t+eQ6lMWRvBMw$(C2(Zk zMi5=?{_NNEc>$*AGg@5&g)%_(fO3~bt=f7Tnw^*)rcjN2z2yu0_rnK=RJ|84 zYnS?l63D%8xXJCDWcgK)JIVv*etY8fbwjpNW)df@GhEP$6YyBXh}nz&#ENFU7uC^= zUq8s$m}e0wy&OV6L(oS^DmxX+gm`J+%&Jx zlDWa>b8+}&J&SJP3qHXVvZ7>(mSCR`Gf_2tSo`$j>ePjGK|W zYL*YM<;zQ`hBYXMIA2}lK6F3*;z@y0Le%~Mf_yIh?thxwpOqsTnw8<=5Zi_IA#GCd z!`u(w1|qDbz4qVvC8KVaEah{wD1h?NC@P2y7z;Bk=$ob}@@^#ysD3?IY?M}qGbzng@ z`yAya(kHhFk*G8xy6DF-Kr6rO+|k$*d5$MsLOzJLB@aeZxOS{hs9qkue?Dh{a#F{7 zAjd5%?X5TaUT!hZyV3Phmec-Z(=FCby@F}S1TBMW*aUG@axr=5fXA$7)iUuFIW@o> ztJCB6u>AQ&TJ*4IU{GfXkE@S^?Q2M}@{dJ3vnmiG)Xr8RUznUj` zLq=cG@vG{?1BV~+N6ewSq3&3g7Im6-a#fiiDv7Hs>#Jznmp%pb9cVX#I0?g-a z{+eLtr;Lv~j~Qmaf+{0JNPM)Rs)lI`K6!|Z7%<30R0SBrYR0fS8JeA1HQQDw90-#? zo<=qqd)^z=%{lNV&IS5JVi&o5!QVpc_Yk($*nJ3kOya(#0E!|aV{*2Of7_HPOr|Q( zvuTp?n_}7S?h~F6Dw;rHreJ1@XExzCV%g zZ%TN^nZt9R4p_LP)up-&C?zBD-q#n?T_O!kctAYLRF58?R%WHUS>8#s(W#{(jFjcO zV|qHPR+Nf>=RXSpGH4Yx7NfBt3?7FW4Y7g$o!t2L!7{`+wIxZnA!Xm*iQ{`Dj+r z&sI$#g&wtpL~Dp}+(-etryL5tQI1!8#5Dbs2^E(rF z%Q}q&^$dFBu%0yX!gkg+8&BxaLyb#mqr}4f%3@m}j4DocFd^h@H9<*Tg#mBGKZvIC zzJXX00s4()>LeCOvWB$N2dg?6C2K>|Z*b0%ouqGPd!9&ZWufmdY5GShbVGB}5%mx8 z#Q`*eyp=ckvC^0!^IPBzETnH-EG6TWcWan!R_hZHIqP6+pbdXwDx&~PzYW)ye0`{)~uuo z@jd5?=!PI#KNOFVU6#D}qP}e7iE@w(qZtUp$la0=`jz-w7A%*@<+C<0%^u3OCLqY} z4TMr#3h~vt`0WML&oLU1w#bA^F}pWi8tyPou#X?dXS9qC5ZcTvacax_c@nT4-tr@H zYDTv72NK*v^iSZcrct3nkI5t#g5VOm-uaE`PSddI6{NI+xcYzgciIh}T5DS=1|>)C$q0k2ovS4M>0UcB- zog&;H_YJbEy44yz=`y22b(A*fVIUsL^Cnx%{U=+eP3oD}!GB!~CR^X09Xf6Y3HcgW zTJ%?3G%Z$L{O$Qxt;vs38nk7{Hk(NCcFTFT?`vKy6kFsKT3KY_it3D5n?4g@vyabC z0hu@|*B@1^CaqM$WrV4_y$d7&-bAT$sdB^{xTGiOXHr9o=D4wa<*AGe58IG=GApD_r^e?86fOR3l@iY4Ve4MZ}*E*hhJTezME^)V(&(f97x z{bZ0UE09JtSVsfNy(*=%wy3aYq4Pa&^wqG#B$iNm>jI%DQh`f>lOoL0HVi!>-^!5v zzKxpc>Cp^T?<3?&IJalTO0oOC2U2DSQy*+%DA_Z~g`Z?)|gUGrQL4iFUK= z>!Wx1H&{Jo&-q_Ihg%ggqU>K@#Vrl>sAPZs^@6Tsf_a?QeD%Qq>hT*3f_dbE%O7Ui z_}B^utMPTWfYEU$VWbF*BiJZ}7H`+~W@3MAUpRHuQPZot!{H-ILo%RK=2zN)oFo2U_StI6Y+A>V{n>#M__C5lm=)Q8vqES=~9UNp=;6^?^ zw)8xw+jL>X-TRBh%9I8{I*x`X)3{1fDiUIl-Agx7ss^WPh?b#(dqKs#bHMembQitM zEeTW4uuqZSvSM38_vm07`UsjX7RkfC3N!G9LvwFnwDicumKWlnf>C~9;F9ny1 z-&K}An7+ftJ<#@zKxvh_APKx71C*VC?m55ZlSGtiAk5+u8CID=Q>7bBp$pkfm6sy@IBgsPH$JV;6JRAkIF9Ou z>*`sxnAb*Av~e#@Y>F&a3{_bY@?JV?WgpSqIgOVI5E9@)i^u<2!01t>*!mj^jJyZrU@j;_b@^V9d! z_RRZ`>GEn&a2R_EGiPv&X+b`auUM^h@O6_M<(jh`dNs2(d-#HQd57z>zxK_rHbhi($Tu*)DL$gbx zy+n(oq3VAiz&={R4!&W5!Osx*?C7q;G83o0u&ZP&*sC-cf9cAd>;GAxtCh{BuAQir zqMsgLodaTRBNtqyNO6EYv8y;FaHpG)H0%M6PlGd-S5WO6QxwMQZ&r+qzlXkJ9B<%M z+xI>=pqz}aYcO`pTXMCEXY9MryJeACekhRk}rgs!_Q{i(RE0=v0YC_*ynCr;AH0v8yN+up2fq6hZ)!YQlwaTv5u-zQD zHIoulY}#jwS^9^SgAE@3F=aeWeChz@Yx}gaAf&zPWuxF@4ZQIbMXzgD{sbn_w^L|_ znb=HktHs+o#**YC9x937qVqhC!L^nVbY)-M{p2jJrO|}n`b}R#ku3z`El4-U0_qvE z?>e+M`sl^c@4%BsUnx|48@`MGmM!!<^P@nBa9*gp2o8`nalDl4Xgz;_+n=+!zhQT4 zoW*^FhvI00HAwNfysmvn$r%w~NI2Pt7|)L|yJ{oSregLOmVG8TJ;gf;T;b0WQyd>0 zWf&PwreRb4inyJkzS$b|H6^~#&7VNLu91h5j+73Kl`{Oz9KFCB=eB^CLm+VfcaXHS zgmj<8!5{grVk)>8n3#A*2Zx9;J{^Mwoz~1mkW$~$uEseC7Hen?gzbC*YgZVr9V^cQ zVhvh(1Zh7So`G@Z?*cv4x6QP!o`1b_e7*1?_6;>co2)7T1bn+*mqI(z!={gPug_&{ zl=<#0K?g7S!JVHgg6_ks+R3qc5Aam@PAMZL(86kvsbI$l$+xWc?8skJ?pH2VYG{a9 zci~lC;EAO5u=%Mgq>u`MKPG5?$ii;MWCE&MISV>;k0}PkqzJHttO)S%KVZIjl_&6# znGfXxy~?PkLhm}KX9ZH|Cknlm&83r&>f1l8&FHA;9M>6kJV^!Qq24cqd{XSmP3k?B z$)vVKK7G8$6zWR=YU_}(9k|sk{Bjcscs=1zBlTJR@?%)CRTf zCcN%rqaupMx_`^`=gA0N0*a9gPYQ;!IOHy`py~**G3L^O_}uus0dX3|8$CLe%7RG~ z;dkDburEe6aWJ}|Y>*&uleaos(p!bQ&^)pdTs1hILIF3ypzWr}jXcD=SC<>UT zMs2AcXxMJolOfeWiC&xGoh#zk_tnfTl%3kUSJ(FbmIE)yh z_hQ2Qmmu`J`y~TMOd;{H`#jEJVM&)y38UD{-1~cp*lj}<;^BM=Moj3WpG*S8zi!JT z4BaKk2kiKaCdWd|;*QeMIiLnQs+yt3x3R!cpHGuu*5d^M33zxxgF_DA@I|oU)r$HFaI}V{!@t&vi}bjpdX$X=s9yyl5Bo$|&7n>msMie7A1+U|ZoyyXNkb zmM9G9PJQPA!)iyVSL@B@xayK&kyyA5d^dfbuDV@#qIJF+d)Bx>;!Sb;pF9GEMcGzR zqi-vWaRy$pvcdTj(I&u7U|AixtSzPML5m{aO$GUf`TLJ+qf84w^@=i);jR7*yuKb) zW4{UAzG-w4H$gL=`{^kw!2|NAy*H$DLav(*f>7E(sgD*j7(DRjI6dsMvo$8;$+)lL z6nY)i9QP{Nm{%T_*rIK0W@wh1yoyAS-y_geUSGAGr1@kVFRZc^b7gT}Ni5qZV!2?< zpHJjs^zFOIee;vANSZLD@IJRPTsbJ~ClThwg3vy%cQxsps5`IS*VED*_qCyWlgy0c zHm^H?sLB1UKuYud#1;}VhUE$D3SNYFWD4qXa2}kMoVPH9P3~jq9~Cz$U$89)68Biw)N1qe#PxdNx|5j`@`N2z_{^z!uIR zo+v>cWMax{{3yw*r@|Bu+yB`AY+ns-ks1Rgy;q-pVwH_d>c1|wC1^u==$m8q^5j7ZF4S<4gDCcb1q(SD<%O4F~w8f z>>Bo+EaBsGCC}oYi1TVr_N{ixel)pQ|3ymjg!+R;#BKp(c=#%e;7*iy%?g=3H1YJH5H|2OJ&!clLDFdevEh7ov_no5OZjUwbcc-hQ zX}aql#0#FvDK(WdH=`AAgt22gzEAjCG6sTV z?hBXKEu$v%;|+h7@H@rZrW4@{ZRj*Hncm|2^Bt3K8_Sbpy~=(01kKZ?zd140uK-1? zw2oQ$ga^Z7X6mpk*e9E);-*{k8;WJnWs&v*XEw^gdoTE`2kgH{ek;6u zV!a)2zg%&5{QXSx`4lvePi$>;JMoi;=x7#Yj>U2V^@H!=vml(Vgk8?>O{pz?1#uZ| z3#d!-g}qR02X)8&wguv8_^bWyM%UZ%&c=6-C&=Zcw`p~1n0B{(=Vc1OdpqL}>8hLx zqszCBx@*+0EPUVGVXf)h{>T)0M}bLy#Ba7Fsrd~&jto0={|ZeWExZg<2cn-q3NYGh zqE?13FJoW`O=LqKN%7a&mcKB3t3PV_%qmbOa3V?^yMi0EqHHN)WJwaE{_UvZk%PpM zQc2v53Oq?aUnMVQMZ*u=i_8`T=nCGUq=?qYz0gIQLqCjuyo{N--q|{^_LScd8~qcz z;JrZ_<^@hAB&w5!5WOJ#;(t{@YalCh?8}|PenPCXajqDw7yK;e>$_qXutx%86Ud!J zNX*RLuGmeJxD95D@pRtxYF9+U*eHj~>c@EV5RHda;XK!~@9);ec7C`njGl<&V)wS*-PAKyb7Cudv*#{~nf$_ph*&Fx(t}ZzQvVaKQwQAnd=xBY>&# zLC6r??BGon5FG?JcOB?j5);IoFlj=H$<6)mAa2gTK^Xr8AqWYP{Of4AIsZ-wJAn`l z5qvHI!hrpk(0@{SSeo$RKo;l_+`Rvkxn2uG!eIFiIM4qNoab*i7W6-fqp%>t|05dg zlLq>jV21|ZOW)fu>SWQ`M*bk%k!^((IkI2c>Gr{ zM-HC9c3I&-G(fbTe8P4kTIaLY31fO`99d`oj_DtF$`ZMX;Y@YpV?hxLDKSP#I*Nv` zyYod|XE4NgL$Y?WaFzma98Z^SkobNJlU*0$*uX&Et2@p<@z6E*dWX;TAL8vBaa{XI zj@OH;p$>ymCDF#{EUr!aCd5vURkdamTi*KBQ!9*uHedrsKL5)F7GOIs?CbZ)uTb}{ zY>SwhWw9u+$yNB1bw0N8ICON9tC2m>20zu57@9b(=E23AP~Rm{&dl4x_M7_F#`K#` zvFw8m!u*=1s`KccQ7VGrAJ|u-gTQFQwd%&k=d1egI+_Dmc75-}?Tv3GBSz1{f_76p z@a42hV!*j2T0QgG`>{PvlU*=#&foz0tIkoM@kV3k5BsbRdnS1@>hf@g1_dO2{H%;b2LpyWgaApM3u}G@VVMrbstkO4ww;AkU1=2R zY0E=*oo#=51qIuPJJHirX8b*@BWU)Y^TAR}HxtQrtJBF-6o`I(- zRq`w*7|ra>$sbp>xmpZORrq$~5^g-JpkLZPxQ&Xaqw}auPbi1g$BN2PI?#ldh+I)} z>;W=-PC+s_)0+%lTUx@Q?$lIOjOJ9KR%2xT>y+=JEzfu|h8fU@6=1r~uyttp666{y zI^p+%isfwuJ-)U=0>(X*ukodLgyN1x6g9Fh5qQ!zB(E|L<&PwP<#JG+>$EDt+G{k# zyoP#VyFob)wA8OU+Gz((h_nIBHO^yTpf$K!`Y`^y;57KaQOF86u_0laWC>ho_BPYV zx5OwE2mStS>0CR%Bx9!`DV_-8Q^iK1UFe-65X4(ch+V6#80kl^x3v44yaxVe8>f#V zQ#~ZJe%Vr^*r(A#x7#1r%^8PuwvsqgYmSx3G#SPgB#yQ#fG9(IsDC&DTf!U#d`T=a zN&OY;i}&J8iAcW3n>ON-Lb=QkF*_q(O6V$%B$bJPLy}{tY5V*;HnR#RSwPYJL?(Xs zQRaGZ4#$dv@0WVdOeOaPlchXBseL zU6*jIf*J#67LS(H3v<+{e96)rj=yd5PRnE^3zBwrToPxUhC$1$l4?WFbGs_@Q6-s1 z#kQ|^l)|Hd*}5S~l^j{PNq;%XX*s*FrR2#&)K=X6E`y^K@Niw&c9*kt$Qba!Lw`iRm<@e*^VI{Hd zpxh}}!)ZJF+}Xvfk*)o2s-wCRcw^a%~PD7S$O3 z15z%}4WY9RoSW@nre#;G@V)AfTR?d`>8ASu^hWb{+TEm7}h!;I{l~3dDjpV1A`Ia7ivjemS|(ckPuBj ztR$82zF(0aJofWc6D|`AMZ~RAV411grU2m#$EL>2T0vs{z&Pc&gyVv~bby~;9eQ*0 zBlWthreeQJu*&0+<(Gsusq3qJZ$yTUz>Pz*{G3mw{jZ-ZRyX8|-8~dappzP9u<=rp{5+~E4>i8I$N0pP6 zD#KB44BP2pJA4T-w~mz4p#eYUj8&0#oxWlwY5#Z~GmG&?YRtQY5;W=0K`lnVphlqr zmxFiN0%B7vUF7c>vO_2nQ<3fXZ%jj&*}|aRC4YIw0^hSsrLVFTt)s})zEC2t#|U0Y zz4Ph7h=+UDnRc?P7iGwH=;ea_Slwp~5@9vIlyo-o`FkCt3B4gzP5^rgThk6+wE>w^ zNZFAu9k@(0yA;LKf3gI{J!v*tMI=f`c`8SjqTMHn@b8KB?6e+UUi$*7wXFp)N;UmH zJ?FCY#B_ts16}Q2xU+|nPzRUZ)E0ij zmbI69%s2P|%eUcUhALSQm}Cg4CBnK=e&@RFA*5d%Wdm!15uw|z0w=i0Q znSiCoJ#&hbmPJyzmOZ!7zp4pe>UL`dt;|fUtlDj*4#Iq~-KVRid%F1SbiH*dQM4)6 zfKB#4Du0=08zE=Y-lQ@1hadZi#u{@6=Yx(q>#PHQ zaI4Z86VL@f$DD{`=#o$rlhVLvs!xIPw$y{zLWGQn*B=A4zupLFpE}zNsm<3$Vn&Qd zS3)OU7js1Oj>&wt=OIrHnjGl~7_&gC<#nG!sJNv#oyr`~-3N}!ncNzCqaP7m91wD#s#yx8!0-}DQ7-$@~1 z`mz4-!cgpu`E_CtgQQ4|-=#O{gy_YH9Mjw^N~YXHEngB4{Xl)~R?AJFF-9~X;QZVc zCFImOb9PIWoB&sNUS&bte8QF_XkTJO>u8RU-1{Xe3{h7SN+msH3F~@}yd!~PEAf(F z_y>i))Vqx839UZ4;SyKW&Ru$TRfVf&3|***Re8me1_p#Sw3aEYBT+t?JA6Ul>`s-9 z?+_^|l+CgRXt+9$LP;kk)JptoFKIu{ZoKV3~AYr#fNeFQYtBWTK=2&vTJDz`ZzoDJb& zVaU17h{GfHM9AEZ!HvHLPd4hCnaU`Ar z%roKZFXp%}7`T4TT&6lUKqLnBPotj={KH!D%*6Az9yHf`%yc{UE7AeZEwa_H;Cz{t zhk^SJ)VDgEF8p>)MII5y%GqSF=#Y+#*^VWy&WBc#oabbKx1y*2~cg$j`YRNA)ok zeFMUCs!1aa)AfzqoC?D1-_mhn3)^`Be+AWP)!I=$<-V}#@&-M47W>Ai zZ^dP6SwNLyLj=UC%bxhv(`DpLmDVX_q#Y`0#J=$>gn~@ld>us?;3UUXR5udIz@VjGY zj%mUkXB$5ykD1QdO|Qe$+@doeER0g`hL+V~H#pwZRQ39_r9f2%XDT8|@Dht1t9x-%30$g;a?)WyP4G zNIuu1QkUGu8!bQcC;Per0JRF}EY54h!|Fn9-sDJ^N7lECuYc7?-v;a%714(rG94~k zQTN^%KfA3<)Na7vkU=UeOlODkXTTixlldJD1a@)nqi&Uj6Eo-Vmr`2CD~Y!+_=?|1 ze1JKdQpkHpgHW#T!Cu)gmw zac(nS>32d!ES=0iclrncRHwt;M4PC%cTYy++=o;YqToQTOx>x`rPBO!_&oYpbmT#q zEm`aNDrYL>kbs1XDcLM1r#%c|oB+o7gaRpnIgDEUmi@OFVo5(cc)Q@0KTd4BL=$xW zUST-?X&NwzfdbGnK37!sE(ZI_rJl;gEKF zNhM`i?9$zKNBuz(`d!#+9#cJ${21Zc%k;~kQqb9_rJ~f{cJRHc{P(rtHoyZWR3}!E zXK4G=$OL!J1EUgS(Pi_=HFrIKs*Bc2@7{qYA@LZtHybI#$xEsEoh7=0M=aH#=vZbo zW_-&5l9wJ`*^ zU09K)jj!Ofbz>y4-TIZReoX~<3~SuQ(Ykb9+Jj)gc!-JsYBXZ1R{#1TF6M$y?Q4J- zqZnj7OY-zfUgpCa>?YfY*oQPE>hH@W&MRao|f_kQYS0Ot` zsYq1BW)Z!2WU)*MCfg^BCOVCP*h6wl`96N7r)nq&UFi-GQ5^fZv^jc}re6~Ijryx+ z4B6>%Q<^^5QiAjNPvq9Fsu@))v>`z`<)}nI?NJxklRfu!s8n#Quxv!am*4Hi>G%Lv z2g9g9a2;~caC-iz*zfqCm5S4&@#X7Ba`Oo~FV+Eu7m_a!$$JE%JYDti>vz@dds;eu z3A)~_S4Yt$9(Vyc8T`)K||7G(1hXcyP z@&7jYcsTx#gUAEH!~3_Z+9V(e;=l&+fQ=KB|7qtrtx_TU4-MR13&Q-{-9!Z6 z=z(}4c-aza`Z1vXwpIV>Me=esIqQR1F~IQ~AdG}6R1{2J&VPsUvj0OPFW0|mcc)P)Jb z$^v%M1Ce60vatO-j+KSwZ%yE-1rP>^H`vi{4wW@Gzn!tt-kKf?XjnD?&@?*IB0CkZPX%fHfM3exN3z_^v|&!6M24u{Fr6O@ebFs>2c#F8dt=jCi8k zN($vJDkg*au}0Pt0otgS0SPX!#~8|?h9cbGQTdlS{e6@QB@V78G4We~niG=mG^&=-+TY>|W-v$b4W?;i3@f z40;l$UrIs6kJ<9oF*72;G3O=S)Q2NcEtfGZOA=sk4V6S)M*OXf_5pSWA!k=0sJcs? ztjR$qG&pOXi26JuO^e9AWe>UsZjXLX{KF&4h4be}av)ic;=7~>$xjI?wH=YiHy?zz zTrhr**dhx$va;3O2O8AxCIUK&k_D6BaS=X{+sZ(RkhK^gq6e5<(SKh_;rSkja3NnM z7l&ejR+Fd)PdoP=x{=_`i^9S}9h3Z>R)S7pEx=k5WNW$84E#Bj+IUq#?ZwKDYg*8@ z*ZCQaMG2saz%{-k?b!Rq@K&!F!J&&X_;eweEmEEhR|@H3pKH$e$_{=m&eBWutYR&p zn~&kR8&SND%iil`HoY()m;FlYqa%2H8dHXCi)<%TwM5$}`1=ppVU1KcNym8jrtjSl&2rt(a4_quQSS%WD<5hr{sZZaEX3Dqq=4ll2mk$*KwV3s!>l z{yeZ-vMWHAzlNFN$7gJ2kez$tETl_$Js`A5pt7`;ot{lT6h@@@*IA;i4ebJ58_JiT z+=5?ovbOJclaT;!Py(u|!eteysD6qPbs(9{Si<>7U zvB2STFI7l-Ny^VDSlhB)c;G)oO9R~S* zS>{l0m6*iaKn)J=`uI6bXV%>hCP5j)cj_X)sc&yiY;*H~!g#G}3IjC0MyVKdzX=d| zIatz-&F?)fG4FVo@X2-mL810UAw1?_Z($`K&p6hrbH~gS)X47kd_?FqpDTKr2~Bx zWSVl&N1--Mf&0cvJ||~2$?~wx#aHI#Ts~l(l0Sp(%g>2vzXzN-STm)! z#vl83DGq0{gCA6$=1hM89KK*%-}7rXx}n8}nirpEHyDjfBH?6-`v(-i;aB_XV!Y(+s*L6OWmZHifLHPNW4_te0;v}5W0*ICXS!Wr;>XQ zjfUr8E`S#W5v~}bLFVqBsqGDmCKfD`y-jmX-kOr?rSsd>tv2+XB+&H{s?@`W03HyI z&uo8t8k>XlHI}e8#0?PVa(`iTB9O;#X|iNsKTy+D(H^zD_w?gViiI<;aZKHQRK}>j zUmg^<5f826iJ<4NABoK*%uAoE_zdQh?DuGqFB^#0i89On^hzu4UhWRHUq7kzn|YScdb*^T5dcSiPEP8$?iur>&Q%$5l6GvNo201Tyl1`=7=LnjUwz8syII&`Rwr;zX!&&T;G_RaYz@{W(=h0l!+o z?m3)O%`t1z8`^j%7&<{0X1g$Mx@>bjg6a zYcI`k`H3%mZN~E@aJ^r=T!Ty#%{;c!9YvEsI|lu(0uVu{g6dsK*CZ?R`1JXzx>#2aNlZ6nw0al4y8Tb)=#XJi!<8ML8)ExF89NHWBoYghJ*7+}y56|L?NG?*JkIFi?&L_Cph8 z+KPd@uOJAxzRoL!v(m(uhloRf(z=Ztn={#qWumuPN>g?4$#U-9(8YG(dugk~T=%i5 zu0|I$S5kD^ynT0tl~P(#ALPe&FY$HT^vb8ag}LKqeK3+w_&ll3MrAWb1JLTwiU<=h zcm4M=@c9EXPi4pWff;tr+(our`B}9sD%Z^=*a$4<=`KUhoXfpP)<)UB=*PJ@pXkk|KV#47B@YG1Y?Rk3Fw-fHD#FWW( zWHE7{7rRi9`PQPacUY_bd>g)wcT!n3jyx~mGSB^o7r(?H4c6u@X~0=NQ8V~XlO5?X zN&8D)BmG%>&9i@C&9bIL7p3{->8w(>M(NKuhwiuR5qZmH>m`PBY+Ox(2ix$33|P0X z`_8gOSp8nrz@KSXCif?|*W7W+N92yP%dL6H`w)AXf+OtfzPo}E-L<}e#Pm;MHI@9wKx-(|nN6Jfu z4wi#a2Vl*#)?*se&dGDpKJ^ZichG*n3xAgyUks?!h4I@|I)AllF^8EToOU znh6%f<1|M1!!4fW%V;IHoa2Qt?w8XEE>9_Og2V=*{P2gRy^*I0fUP$9g~LL4)4jV@ zmjYjAr0?Lp_}P7OUBm)3V>)q5Ldj{KK~rN~fuJ`a_qO@-QtiAVhBl3Y<~yr?!;wIb zZSvue4`$M3q1Lb;t)<2{1Y`y!T7H75tRcKBu|m5hlaS{YO_%*ue7-{#rlyX-_~Svy+?Clcjf0*){u^yM+k&EUK&svFkf8FEpy>&s+wxL< zL(2|cTcSO&7#K!lTSg|@H&yR-h@_Fnb;i&b={3yKaHac#sf#&siHC7MV^{x1}{*5RPh^|Oh)G#bj4sY?okC5c`K|%@{)YkZSIL2^R6#7@CdR*D=oyE^1#dBe&?u$lWkgj) z|2BAK?*D}g?Efv{tDYe-!J{xBR@i@4fDI=g?f=#AnL+rF%wTL5kT95W5|RkS%nVjq z{JZ+wB&01czwALR$~ZHM>zu+pkii`&MS+%ua48W9nKWCY{nCSHTvp zOaAy1V@&%jXSpNW`n~bYg&asSZ=Sl@s4p16P1vNaZ6@T{qMtriSHbBpEQLGcdg zJ%p$&QZ6s|c1V#T#yJ`xGjxY&X%Xs{!T3l}0+9=}@wT+65K^mm!^xm+OY(ss<^(u? zkYR894s{IrEh@y6u+ihK9Qb?3A3id;J80pv$E63c_hk@jP_HnKLdfDB20X|nNX+lm zfiFOr0P7X{CjnA(d+=gzzI(+t9PIc)KX%J$*jTJZoMCh*j?o;hAj2I!ro){sBdeC? zuCM{%gV7cC?og!fjOo>EbvPSak7;{fiPLz%i5_MW83gYz|_bFntZ@t98Q+NJc4>hHx?5)UkE~I z(SgQKMXC$sj!HaM0s>cxXTy-o^pe?9zS}>LtoH}iZj<2VX;eYsVqAjRzT_8E5>Cnu z;k?3kUPrhHcu@yG#-BdSgO^Tt-}&W=cjSEE_*Gr>A0*%^P!<8 z_`Qz^MnWd>`peL>xb#O|<{!RFcyw<%@xNu~QhwbdyBB89unBt+xy@nxR&7X9XpG7H zrui%`;CcS55Odx*fl-%sq_9o&8GPlo19Xfi!hpEmQzzmCL@t} zuC;x~m?P7!sQgnIJ3b&6b7%L1J&yXYZOU$!|4dIHW@L0^-R`)Zx$CN|mNv@yNISJx zJy@kzLPBPeH;aWj;mm#UD&=Z!qcsqFnEWpFTE3m?4 zp=5M6DtSu(Q17f>cl^ZHD_v3K+Gd+u;Ho~&ZC8%RwZ&J?O>d#G_{>#-EkJLL#%DRs zUt>VC##3`#IJ~=%zr780^E1EaRDjiKa9-2Mac)Yj_*gD3vFlx$8DsdtXCb|EKQJ-% z*JMfaGX4JBY}tdg;0ukD^O6=GTv+yixq}sFjS#zZ`8tZRT#iW#M$W~UMEEK z?#*ck3~xLI`wU&5M0dSxxNc!wrc#a=mo1fDp9rLyJLbA<^mr9~LhRIx5PM&5FdVOFX3_xI=;2P_^|FGQ72 zZJdo7<#1Np(LSxv88 z&sCmPFY3{=e^#l{bqa^vgta3nj*5-exNjmY+=XW)&-xUD+uu-A45kX&3@NOewR7B> zO4!i$I2^c@C~;R$@U>+$w?O^9Q*V_rL9I@}8hbPQqOAZf&D3gvRO8iu)0(@To%_SLTa;o2a+y^eD=AX%bgi=8eRc()+2zyLc}~7jpCb{Qa~NPAJD@XK7~g zI@+2pc;zjVXRp3gfcgGhgpi+F>jB|o?gX@F{?f&ZqLp1%$>zz-E%2aEiPAuKVs9sF zZs5+nwp(&J^W)=kA>ea0A{L{5M)HFOoxh^p$Uk03kn^*ui`cqzrpa|B|M%t-!{Zd}fV0{jJU+*rl$DaHHZ^fY|zuo02*a_6$0hXs1movCLHg0!yxsgh% zjL1cm0nY)MNHbB;6bVNk(B{*!8Az|<#-Qj6539;pk#D>Z@~%9u2aD^`u^3HM^3ejh zB|3g}4?4m8x&D(cbOPIfxcFD)=CQWZ+|`-^lOA6hPE!dQ$i$Zz@x-OPoTNEWhp)43 ztWkX%IBC1+Iox+SJOwLV`(%|QjvfBIYS%ReJ`phtzr(yyLTmD+grnnRhf^xQq1Z0w zjr~7pg2#{lDyME$5D7R<_%AQ}=l}BZxA0$HYDp<-Dk}ejm;alNV)<`g+8_TVAks$= z8{+>f0Hfl7aKQcxkV=1-vi`f|V)?I3E20j^UxJ#8f`q^YhM>=X8O!t!QH2RMUxcKB zjs_g1DNei8_oNi1ZnGHmdsf@7BHP`;>(u%*`~J<<;64M$I=_GR6qtDS z&I+u%FkPH(wt(L8Cq>gi%Myh-lP#o#DF%y@!UCbr*g`f4k)$q-(77PA;4Szy@Rffi zKQWKe(48s^ZXncIF_S#Bgt%1qXZJGGIP{+g#GgiuzW5C#iwc1n;6lgX=n|ns;<@;K zUOsl)dxqjX2pLPdfVQ@n$2oS>jNR6OHG{vt(J*XVCZJi5xn)1+NCCfuVUg}I0 zegIzl57HN|?qCm`0M1eYWaYXS&g!`|FUd!5`$oe>U+!YT$VE^J(Y-w+4XQMGEIgAE z1DWugbc}GBjcnKl85rxLEHnDXzegk_ya*_ms z9OmPTw{A7;;& z)fUp~aNyx~dnC!Kzwm+@CHta#QD@cNzOhIWL*i@-vp@{}>4xSDkp83N$CD!3Eh3h( zt3w`l0wL7A())6Wzp|pJ6;MG4v#=C5TPRA&;y{Xy4lp8p-O!}ok%Ie{TbIyrZ3U?i)x3bbf;8Yx28pNH4|>^Ybp;&!AD`r&XF{)>OrRvj2Ku}#~F4E{W0 zLu;dU^Z{|&pwtcdgS9Qia}8@CB_7aFNrXqvjhQYx$f?TbTYn*=JPJoBLX)Y>a2Kk; zY!rMOTATCbOQ6>JXf%FVg?MoMR&FJ zotGtfn+nEW_ugS-W`3V)LxpH@UZo3$&o`e=rknn@sPfd8R`KSy(a!PPoy-V(xEYq`{U6!q9Xj)y_H_dRUW|am;)U_REy$p5 zOAr1dkpVS*rt#UT|HolAl)RWh`<;#xc*L8b&ZJJ0cW0HZSlnZ%g+eiP>BBffbct)t zKb+grwxz#b4fnF4?l{)TvnP?|&%ey4!JL9aYCUZvp2uEIsaeL z*Cx(=(JCsOt@PwXrL2L*-0$s2{?+t<%6zS6Vkw4WI8$4BumQfsBE7SQn};&;bel3F zwT^{vW8Y1?Gs8|mf8K7k`g7oC>H{u_-sF#w*Qm!t&~$7@qfQ7|8)$>QXxA8fx zvpL(mifjlN&k>@_JnJiXiX3Flg1sb(*fWF>eOBy08C~|<3IRY@vYmUTlL5nw#)T2- z@^N~~s=y{&+iBJyt8dngAYeho5%G|-S+dyRQ9Gj z&l>sQ@!c6f@XjEczWo$DaEUuEyo4=SIYMK;%ZpQ6K1{a#%%?3-EX3y{Rci4*g8ULIuF2b5Y!eo`j#)Ym33O(P`Rky*ga;zZ`PIwuIQ^S@r1HxhOeb@btq=CKg0#EhpFzU1wS_A!>l{i3 zNumlK^7DTE%7Y}%Pw%~O*FfMq0u&07@ei_MKl+GYFCWsgQ_%kx$;$i>$tnV#-+;sy zW%;iYPGKWw(|>T6m{CMcR9;y9pWfvEqFtG|{~fSQ-2d`4|7YDlJWX6McoS0LpPVID z2jM}n{}r_(>VNSoz6D7L$qi=u2YfxZAgTYV++Q7#w16hMIbISX=u%j>U6u49csaxi z4GpTenHaj4oRkJTZZ0;p`zwn-(=TX@Qbh*DVhpQ3L~TU)fM!4GBr&^yudYg>j?D0` z2&x{jKYoLZ-M_B-B)_e^9o4Y{d;I5*<6e91*$9hXF-hoTC?Si+7|2+;zPGmH5pz=IRYD=AF2Rs zz$Pj*`NF8q)=v<#VMi#5W#5208(nyh9OQ7j48ZE=71UR(h(fISwR$t+(um1!_uipF zGlL!zv4wA{{Y6;5>+o7MO!3X11WQbkSrgRWhe{`et@65Yzt?UE9~Xh;&W)oGc9A)W zN`h2;PC^zDHE1}9|LY;=Yd5<1uMb?2!aw9ThUhh`7n|nCW=vv!hh{Rcb$G%@oF+-U z=m2h69f~t=D%+2esJQU?TaVKYq;I}2h}vwUn7cnnpphY6_RP8yBt4u!zFrp*2*#EW zLL{27hPY=7{dkxr51;%(ouJ|S(0X3POS&lnDE*a4=(+>qVjuTF^3Q&ZHWwz_OFt-5;b%XE8F53uJH zeMXZMVl|V~lwZ8f9_qes(#3=4DLr*7kLjbBgnrFG1dtBM2%s80P#9_M&)rH?0TL-z zZJ+NNvCUz;-S=NKuP?;xBSzMQ#>{ufZ~dp#ZuikR>s}VQdwhlr)Kiw?eZnFJw=l$O zuTYt3RrDV3gPN}L zxvAqp0dwHVeU=U9Y?f5UGVNEG2B6~iD)oJRIeWJm10z(O=FdJ=#BOqcc?`O0%!>$3 zN{(O>UK?v9uiEhD5C61Hh`O5kIuoub(SQ zbG+}B0xC!SY+Q45lpN?o zzn51`;jfL%Ba1f;W@T-TluIVct;rMS)bov7MFkz4X>dX*^Ich5`d4&@qf0!4Bwat! zbber(kIGivre9Rl8}1A^1Inj3B!?WNP~G#1qk zRkOY*<{hloI}17s*Ub38Hx6}ei$z&67^!94&3+b><$8x*KC}JYLQMaMUgKOwWIc>> zoeEAGO!U;kRYq_8xX-gab2%36>?1CbYI3$Ov<>^)VC)%sD(aW@4Iq70ciutj@HBU@ z4BL%fCyzLuT6YgL>!5wxf*RuEMTj1#Rbes1PyUpsV8?MvMA&g}9l2b9l)ub6KjEV1 zLmhv9`8b>;lDD$&dDbD5Akq-k)@H{Q?KrZfH$l*;ighb_xYQ;TYhYXJXgSTJQ2355 zt#aB{*6HiOZE0c#0VL<7MEu#uJ5JqmvrWrqT8Qnv@pyWTbuII<2_X2f1&jO9nh0M` zq67_G1jg00W5=ZG`244d1An~zrPH~ayp?9)1s&%zrFW)YysG~5(cGYhIaIH-ays#p z8~S9A%}-VSz*m~9KSTDn7k2(IV~8VY++9iBj*JxL6^^5NgQ0s!Qn38?cpdxv#H*@9-}(4S zrQt-k;g~%cwB7!}=iYBz(F(wFY+-ytJXUv-nRTIIiuO&PFQY$8pc} zTKPGlwCXsq69Cbm+z+qXwhv{~vX1)f10;p7CO-QWd~ewC^|V6Nx-ka^IB$K0K9SA? zQhMdqLzFbWxOVP#vP~J~`LOy?TNsrB6|aHb)HO{e8cvlN&1y-pCG$WnZzH=!Au;mz zuvBlJSdZTeMLVFwHLSKJsAXirW!AM8vL(`zHiI37MWF4*s?^!8>cG-RTJL%2S5`?; zveWM{*z0Ad3R`CDW%@DN0<|68Rg{hSY#Y9$c&SFzZxe{D8uC_AuKN5w)HhK^;g;xP z25IZ%GNSUjwIYm5*&dF|%+plfEF8fd^Tvy4V|gFp4+YbxLS0knk&h#u&lFK?%vIh8 zLN5S+LGmC71NdvQ6wSVbAoMpFiqt-c|6n&a%fH-aa)ZC>neqq{TZEPA-}$YkDj_SQ z@|VM6n#@f90dQ`ne@|&Kf&Gsld6ECWvVTZwZ1Bbrq$LJ7^S=Y1l?kkO42cI~;RZv( zf#|>m$A1ZqVFE%2e_Vw8(u8yZIRN{QtQIg1$qZs;2E$)Nl7dG?A(6p+s33T-;5DQU zpfXq85iZ32>R{8?u8W60*SMyU4!)eut=Dq~SQ%LFqmSjsb_$ll3aQEtBy<0$r>nL_ zoJbKS_EB3kxF`?kB$DO)sa*Y0F@7|$+I4r*@xHSE=nG7oJ9kbruzi5vYBv5xc0-Dg z7U=Maa^nmiBjf_IXSa@yew8|GnoG(9_{ru13d{Qf(oItKgNHCU_%`5<2CtReovB(( zt&1lHMeBa-n1I?mOcMM<3G|Tbf|1C|+ExSX_`SG82{2<%{GVz%Us5 zg0H9&>P2nJBB&}L;7eNY(M2_SJV$H+u32L+`ZlIfY}Ff&?bN(E2cw{zajCL6EoUMhu947f$D$~;{Z-wg^|8G z2B4_Z5^r?5EBqOJPLm4nQ8PpavPbs6M8`9Z-tIm#;k;W@$tw5K2*b`UpC-#>AD$~31qm;J3nE7`_QBl*fcGDu$%%nO zy?A`tbxT+bOTzeVDEAU5J8Ex@FkTKTjEPaFohDV|?Bp{3cuE=17qh~{olwN8t+TS6 z>%(17cL)(p4vTOlW~SVF;ArG!DUQioIAu|=;F&FOo8Z{GUg;_ldaICRg%}-twn$pM z^M==_Za?!4U@@!PsZme^PL5tZsZT#-(v(E65Mnjbi(sW&-(J;xZo2pa)^B7#9yh>y zSXFjLHyUv~eV##HJbI3?WBg3FoZ&nswz59iI!x(DxL=?(P4%eD=>$)B_)ScbgNIEe_ zW3M`DL-R|XZA~5qEP4&ajlBX#QBoCA26rIpuCcc~=T*~w&RkxR@nqr>;Km}IK<>LM zQq)je_57badzF)WOa?}gg~RZbs`2xWUh1k!1}Gh3ZrH?h$MuXItFRkbc; zZFDr-2r;X-E?PdoHT`*RH2sz3_kK8Z(NEZ#hi}F63*|SodbYgQ7%wV%>6(MLPzn>_ zh))q}$?}3r`;_*TOt?eZM45E~7Lqd6I$msy-%afr%((ho?B0t^XDgn*L@YyrSye^= zR22QlMlV;LlLKSBMxLMVQ)O`G!OM55&%6iU2<(!Q+M3n?I^I>(MXB+5AJyhL9NFbE z^*Q=Qt=e&7XxvO^6WJw~;SJJF8zv41c#SIG&MwESoQBlmipre6ez(EBWe($Q@8Vm( zj%KZm)Fb?jJR4cQ(>co0vx&?3ooLODaiVDU;WS$#3(P_s`bi%?*7)WUQ#G)=8IiGS zywUTsV&gRM^F9(#8*VtW*u}TbJdSTO$rAZ&j?F!|C1K%|HWIK1JAPe%d&GO-e_IBd zEnx7yW}Af8Rw&t0;*5OWE4c@+<0*x*KPtDdFs9dlt}$!;anUqgU7p9Spp1>AWp-t~ znw1)+L*s_7dDzC<+8)xpKO?}dQawnELVe|2(e?n?RL*)#ZS;C^93SJa8x?E4{fMqV zk+zwE``!2{^`yo2q}8E{aXErsKj`rzTP6iRpEa#_fGf(4eyn{`bh)HvLf|N^EN`lh z!{T`UZcjD*x!kUH7ZRoWF@a#q>h_V%@`#ft4qg&3ypD|Z@R0rY(&Yg6Zyg+Vj<2Mg z^&~KaR;UwYFTg|f8_`8J4so(jVy+ao^zZ67Xl6dl0kDE7BpEn%9FiEs$^v$JgrpW> zW&L-|C}}H8C@cNtg^Jeyf*Fo~4+C>>fY%-&1(5&0vVTQiM4liWF*rE?12e4P!6(S` ze{A6|X4t@|&yW@%4z_#d4Zcbsh&sa$1M;Sj_)nH~lw zUSWw(ZDiCcbxIMLE=&0#HfX0gGmBj_Zyw`C*SzP?ru^^kbyR*Tp(-!h%#9CXIRBTJhAErE+;A--&iD|!9*R#PT4x;)|g7_9A0Lf}nNy+YH z^#1)Gk{mum3+sBxS_lk|zF=Gz=*fe2#W4CQ!%3~~AH9AgpVu)IHR(25n!kWNgg>Ej zA{wXV!b5il;qswE2Y16GHdzcIAnZZ>U^F%RwlJ@b(H9k)0t%7gi1Oru@XapYr8cU2Nj*`qC%I(9et65QLi${a z2c|fXJug?H$BYNyVvq&FK%xhvQm>uJ5Jo%rnGhH9j+z7o81m49v`aC!b(L z5x$W4NwUDXFo4G;Hp!Jm(GdF3AR?J^a3Fq5B5lilLQ$xNkqiij`bEHCb*Vl!203n4 zQy)Y(1c80SC>q<2NMMfecI(Z-k&&_xh1DG-89%ygVTM2_`OpmPKN355knMbflk}+l zEq(=tVkK?Sh2Ny_0BEIL3>=y0r0@fbiD6665kif8zS+C^C@%^<=Vm!QzL{kA;F1Ry z2qtH|YGO7pdtQh(+-yUJB1eyhMj+fKLCI~6B@*@w=LA02N84eQ=9m}9bePgaYY=4M z5TG`_$u|4HUHWOzR~@^{+$ORrC)291Z8__Szgl?nB5{!S0Sspay;@s%UP>17PeH!j zroX?JT&cc_jNY$>EZ5pKJvB3AeD7>@Dr~}k-&#o>O#e`2#tJJV5LXx4CV!$ZqfpSL zI*ZT8Cg$rFjaOsj-j=1Z?n1S{@NG}m#^+!Oy|t{LflJZN>S;~RdNTUQagsVoiBi;* zXFru~HIL8|37{c$vydyjkRGR|UgKIJrKMD1FdO;oAm@KOla`4d9`c4~Th!DxTRIwP zYMqs5`8&M5w3m5v%~NHOaPoQ<_QEmNJxBl6)F4m)?Idn$L<(y9x;1*cFxvN8c6QEA zf${V8nB&oqE_y+4FY+AYJ63yUsXnZmR@O2%i&DuTI18uSJ9*tyTl-qzO= zxaA#dlEC+)YTlOaLzjekcd@x*qpOB!$3+FFlwgCKxZQBXHX5oW4R!<{_2y}gHTJVC z=IO`15LKJn$_^zG5i+W-CTT@ge`h^rA!Vk%=!1~D^c@MjNVcXYUiYJ_&J^ZTCyl~~ z@lPj5F7o}lF{7B95m?-ZpGBGq-QQH*_S0Lp!9=wvT}evSoLz=Zy9ZdeNfQ(>$ir8T8U7MC?Cf?N71Dc2 zpoH_>Eu#KjU!UuqZc~L70WS%Ym2{^+<>Gaw<3|tU5mKjzDoSEUSyuJ#H!E9A%B}M% zq<|hXER^o!-RHH@x3hX@0l&i1=y0iwg!5^XJ6u(p%$xvTZHw9DhGVXnpMsxcO*W zB7f*LXNmZk`uS=UbD+WI@k0WkcxEugRxRZl8~$dgLOE_{xk1mZ8_KYbXm0vk-Uh_3zkLepxG(>0pAdh@zc%EWntd!`7L0FU z$|03F(X}FrG@Zjl+t~$Pc{KWIx9kCwcaLhf?Jrc(7HGQtYJdQeA)NYKc)EcI}qGd3*ipy;>-x56S-cOu#rg z1Tj+5Ld8}p@{^km4Bd))Yeep*2h>?I1G{Cgcm5+rqqu98O~EEOzo)ZDN;Uxs>7Lf` z=z9jdOcaiSqV+2yq(g;#u6$dSZAV#v}cyGnBX7$4*fK_pN!gIqYIs7 zXzHf-dwUlG>sPR$%$-@pj7E{Q7U&BeQ9*A4Z#6;S(;KQZadl_>sk9ywF*ht-yi)?5Fk`-v!0=ktae^>$%} zakheRMyEXO{4nRCmCMHDi&#ND@z+!Vex6mIlMb_mCz4Azx%UnU&h78Ak38&!wtG{~ zCE6Y7JTkvl>>stFxM{<;DQ;XTxJ!?#EF`jhGr>8>uGd!sGK%!~ZkTU^FN*Kj580@O z)xnyT>tUmzmtw5B*(wJ@h~_LH6;80^~N>u zu*!s?km2W)Z8!aLbrW@E!@ee=N!BU}gGj*=bV#XEEL^GnO#aYGPS#&5=xFM(Dt@KR zhL(NMEU?lpRu>hU%oWqF1_d{2($?rp2fKB<-fKNM-)m%#KeDdhckc6_drs`{k}OxV zU{ENdlK3akYQ2>cqf&(LK_&|V346Pkg+jz=@bA@(MQOHnBg#RRl5cG7z3P+RXuMq_qmakDEkBf43o-kqWi?})E39|+jqxhRrQENcL1ep@g_&|r6r~NceZ|n}k5*H^Udywne zV;MJ=G-c(c;EffhC`fkiwv@qhdC*C8&j32-mPISpr%)AbSqjFB#fBa2DA->^hdDV{fTupKB8?pM6p7PP zMS2ilGt=#BLP#mWuei#imQD`u-ID3S!emCeI~aa1o9aC9T+#C#XMfDRYV&01K1!Q8 zzg|Yo^+{tf%BF(nVZpP#EQ&eBM~!blJJ*^v$rO;j_tw@UO_D_Y%-c<=vAmK&vdZEb zw@)SvcZrzWn6E+9C-a8!ZHW__dpQaLn@*Sh2Mk`$J0Je#VO+Va6#*&+`{GynGy`KN zs>7^7oE0$Fl3dYzK?8>QhZQWwR;tqTkE_nRWqPQTCA78yfajZkBc+Rb_SYSg2&?Zm z-(MTIUS?lj!qeqD*H_a|Ld6_Qwkyv@#vVVEG58Ec>iMA@;vvtGugyL6Wb4i&jR`*N zUAZJQx4QC${FrX9$|OdXAHp{8z;N1E@gKog5G}l&7JfLu7hG7OFTcx3xy8~-G3i~; zrJ*;de_ayM2GE`}dAs^zTAEgiKBC??4hd3mkFL$?KWMM~#txnr^hz6$`a~3b{$^#~ zYDN2@`Fo^w`;Pk3)u6-K=#|%Y06ySlQxk<#Sd=gQfdQxM<5Kk>a!KrN!{n3B_~m`# z&fa5-ss>*EW=?>ZUFYg-1a7!ugq}iW?Xq-j3hu178dwqMHJ^Er-#+kupP&&=qqDwt zio*8h5*vWFXJRoGG*5sTSz3-nmvz~hKpP7Lw*X~oQ?s}l zBXT0J2BOyCm8)uOt{yY`6SYI}oE?TO?0@>I@N+!++QgPWjca;3D*aSTwJ9EUmMPZ+ zo4kK*ouhSwt2+zN^D(fk_SU;U`~!`=Dtm@};PPiaWrjI=`>nVs+_TBb>ANq5Hga41 z9Q1)*k%oB%j@Qb5i}A=pDEU3F0^t`1-8`R~e1LsM%tohI29!w{aRMYG*X!L)X5Z`Y z&It4oGPjLgp7Q9WPTr82A|x)8A+#*jN$(`Nwu!ux*$W%K zb<~ZMFc?wd!AkrksAzTW?V;BzSYP+~ZhAxHW|nAlZ2)iS@%E?TF<*)3(yDKrHn)S= z@`;uf&oGZ*E$z1z3*8yRgj-K!(3qoK9UxV|C+S6KAg?{xq^%$E5OlgfbBxFAb$#m8 z>u;fnMaNm{7LPxIfM&or$Y+`Ai#oT@} zc}AqR`oS5)Q6!^-glOob?Xf0lj5Z+keOuyLWF22l&Ka{fCVmBr;{wY2^b$>RJ^IR3ls%)#`}Q{xZ+qv&6zv(ZP85*^2X zn$Dd6H^#-z!A-39--p?Mx8rCCVh1nbfCxbBT>o$f`2Tr#wkZ`AWC#h|p@m1itb(v&%OfQM^Oo)RD_8>(f4n{&sC(KN+*#aI9lDUPC|B+<|*>X!=vXU zPR)o(&Yv&4=JRy$&DQ1T8Rt|)x3yC&zuUYvoMT(JI=fWYj`%t@LYenusbS$9A~O)M z$$8ij0E+1Z3rFnnSm0O3{hOaO#?{0n<6JiNU&}l3tp##Cf4&2Hx3@J$o#TZ7iZ1oU zs`B@m3!|C9EeL$2i&(qt#r6=}($bK;=L~2geHcy2{x?=@!cj6|EiRA3FHQzRsOXmIvISsg_emhv*+%CX{eJV20wGh~K z!x#*dWNNT58cvR4gRy!zlSQyGF~;;|)D!t%)?8JezP9_QPPM zeZLi-H~>%@=w82GQqGq(C3!aN&kicThOj>~A8&u5b!!vd<}CO%<9XRckEe;GX<#gVN~uPhWnZktPk*NSb78GT~<9g#LG< z0UF@g<=XeUJSpk*`Zs@=^}2E3NxQyy_K)Ludzz;FhXaD6G|bnMtXDj+3mbQyb01DYDRjM-pe5SZ(;_lb_VGb-!7ROxfz)%HR$W!aaar zm2jY)e1+vVRppipy}0wNF3*uHU~gonUxEEAAGIspU4pCOKKbKL?*>e-Cme-y@+`v2 z(f6sT5E-HZZ^oT)g*&MyafNgKdprHnybWhUj?g7IUeLU{7z&j@m+xM{`;R!Yg)PoR zw9-s>Nj6i7UHzl^tmPDvivxmMwvW`sOWVcwV&iq*y?cjeRn>r_@BYBUKYRRdVqxVV z5Qzy+7l;h-69BWr{kH((`e%#BX663(7B8tNuc{8t#0Fubv;Vtc%g*_aj{XIFgbl)n z`PV{39FRR7`+wYm{O5cB70Kmd{-3>^>%V(>98@fd5ZDeEgawq4%0=8z5EFNNnC9j9 zelErn_7me$^nTIH>+aFxyy$r)>2^n}E7jBd&Dso$C??B43=PQ^SwkeRnv_^6mf)+H z1Q9f}pQ!&=)4zMbL|Q@o@ios*%V^UHBDTDo>npNd6wtlyWGKa5%>_gB73TCHT4+I_ z2L!DO4Zuo4B?1H+IM9C(VJ2&O1Oj+BoWEAYLO`)$Kn}G2042ss`n^q{k3;x0vl48B zLc^8)zCz%DB49LoZ9h>V)?~-CDRNl&-4L1Kj9)5%KM-t3V#A<5kgK5jVIzp-#hyXn ztb_>5VnhOAyQD#I8b7CMk)FsUy7M+e~u{DhjDz24sQ9n{rgD@|?D911$jd-FR|6@*D+r6P5{XYxzSD+!g=`tiDUo zt6^Xu10p|dAh!&u{V-uocIExoKlAxRW)VYxU;^79H|#uq8Rt^5VFA#7=i!{)uu(Y= z+=>WNektfEQNg|Calk0z`P*(BG^mfDg2@2`&F(rK^Tz&IFu)Yj*aG8)5q1Qk@23Ts zuh?6?G7N2zrD009f~pRPsgDpw?cU3WXFQux&61k@sfx_&wU z&G-b;%*+uX!T~2})&T}j#e3dVWS>Y?8!MvbDr|7Aa*+sPNJRH;Ex8fK)KfAr$XO@L z9bsk+gurKCit?oG2Mn6YvCsp~U*H>AGblLbLoFk3j zb$OemEvGilH>4I&I*d3(*`$U3oLwmZO4-RJrI$qMaV;^fnga|1B(fQX4o!={4Mx(g z)@g2~-unxE9UPl@p&=DA( zB>*5-evAoWOX%}b+;go%ka;JJ+5L&Q?%+9ZIu^qZ9gAo;C$SLk5z(_B7_pg4&A9TP zf)c$ZpAC~63f+px>!~Bk;`+VwEWPGAjuA%Qiq32Li#3~fF0r0akMm}3CUvH)rM`jZ zCY9M(R{`@LJ2AWUNAkE%${{j8FjX|qjsJ(4?8<7djZGwmB4nKAXupf4SZVm~(%=r* z!@5DS>8<>gADbjkf+4$WX^L?I-QJ=tto=2wOuAS0Xshx87WQaFhS4tgW9q2HvW0S2~aivlRr*q^v*!3@_kL3zSS# z6>HPBNpqTQl;Q;Kx6a`h<*TT7x?R=T1~g+AIczgtbMf3xGk={{M={bH`tp5=>@W!P z-A7qGs?B+i%lOh}<37VGBUScRJ6BPOmeG=8`MS=Y&Qji0#bE0ek3;$XxFf9%4vj4f zrBAGyd1jWYr(@ppTDC|Sh{WZ`rM64p`A|+z*yL3gqz)}shFYpT#>sMOgGwjp`2m@q zEAT{@t@fvZUZi`eVa3g|6er_7&ipj;I&7$Nv>^L&7T5l<2gco9u4vC%eBo^kU%5H` z)K*&(`h?n8ZRGY!72+F5`I>57ZhF$281?qn<(VzmgNTsFCWQSbkjP7kWmy%BY!O1= zC5>>2Ty*d;LS&`@=6dqWL%XJlCt;23;WqAN~RdQ@G2 zKW}!o9ldtlwqpGat?Tx!dE{%B!RGWB$}Smp7$8+ACq zvtn{BQ!b9jim>+R_&5?h!5PvFHt4rr#N+`RnR(0|`>90$z$>jqxvn-O#bX|nwKlb< zXV@NL*HMj75go5N_vip;#ardG-9RSPi>#i+bMm}Yl9wUJ3WNWlE?=Zcc5xX}H-d;r zd{#M?=6I!1{I1DS5j9Sn`tRE_09Y+@9B~QpYunUGJ7^MR6`i z3{$rP0PocItw1wvh1TuP;%w03jChu>kr%-`v1A;Vs4}F@`PVvy>%H5ljhdOqwN_nc z{v%Ise5~kA!@K-MhkVL$!p!l0#YejYBJbLgth zm(DiT!klTG52y2J-piQ{mu9iC#erGQ5vuFvKq5F~` zNBOy7wNJsR+96T?TO*4h74o6S0)6D;9or~KUYyV;i%_{G%6vbqp>J?g{>Q&-_W-QdiSb=pR_G?++mcNwD}juCBsx#c2a&!sko&t zQLwN~Eh;q1f)THlF^3{oMn7#9F74#H!+)-iaL2?p{1!HBZEJ1AE5NPvh}F5bH~barw44eWpyTI{kjkUWuK<)h z$RnakLubqo2k)MewDhu4%p>j20M1Q^tU4~2pkM^C9pY<&)(7oG|8^iv{O6DM9&iVx zs4lj}6+Qxgi>0~$60?BdoeZz4z!W;VuIBaKwrV>mWAZ@n7zuCi5f7)QK$qQ{t&r`P zRXan~`%hO`mK3;xUedH;h$uE&Z^80T3v`*!tqEB~c9Lo|S?5kcaFN{Sz*)Ur$k|t> z}l1mVIEof(_OeaHr2cg3X)BFDlU!&VD}E{^Zaj- zzYl`*rb#REN;cT~lbWGEROk`2;B4SV?R~k4c}u}lw}dP-DbUK{yFOU9eROyt4Pvtw z&gzv-8v0IR{j)6D8teD-9B>R$etGC&mkE0(){A7?kKBp6pcPFBf+s?mUHeq)kA|hB z8_|2aHR)7?FxWvkJxyp!DuJwFZ#z{GFo%br-~(N~YJknTIA^xtdVF2gz^^|ob)k(~ zOcE@h#Kguy@Q$`W`!K!GD_n)TIFvEpwc_nRYS4OF9|tJk&FxMX0%6Aq^%2UZg`e${ z*Ua1(T5wOBgjjL8la=V#S5EC2f`miPM1P+(_}E4o^va)jqZ8pZ)j8|0f9PwmX}Rh| z%=bo@Frdx9wG&Q-C_4T!>g=R}kA*S$8|m%^q*Fj#I;25B zx?7}MKw9Ze0Re%RUp&uq-|V~pTo>OxbLPyjFkPH4(^6pE5Cn4mEP}GYZWrIWee&WIeqS(Q%WB|D(+Q;qFXksuv?N53^t^*P+$-h-o_XTM&-j5|yP9<{i#_6_4U~Z@Nrz=GedXNmV`#UWV;9 z%^P}4qdfbK9aL6#9N}+1BQn4tk6Fd%bf1}CXePe}`XFTYc_Gb>YO_r7Y zW3hLw^c9nY_4kpLuWFn8&f1>;j@dDo82#DZ>O8jV6W?7i9(&hph_x3%aB^|Ck90=a zzGDJ#1sib1TDj=Ii!v_FM{1R z)u~*HGlH6caX#55df@f7Oe3oe7Bpvh{g;)Zh=afRHrWQQdOk|`jJhcq(F#M?u|uaynh3CR#56V_CoM24q&EFrqn1w5onqctxK`ss?_?fvR? zBm&m;_QbrPz+THK`w%i46U`a6FonJApe(sK$|(3585 zc|*lcqCl&;pP+qYK20E4&q3?@Av>L6Q_bGr$SrICQ*V+AV zw%Dd@&X!=1+W%z#bnW$-MbWB59lWUHV$_$*4EJt(ictR~Nn1I{18CgDeR?6zsFz#7E*Qk=f$e*|Bli{w z%o*AIRsc{HnT*TCDpAZu9QP>l)Z}`QFVmNPiKB`mlKClcN3@1{Me4VLxkQYBQkimv zNu?%d&dD0PNB`028`SSzd4i&$P%lShyqlwwh=u2*(d+hEYMj4{C0ZQ8$L!OQ z+je|#K&$%UOAT}6O3$2-?9S6l+$ide`wzh^U&B8P#T3yeikSd>-%9N%(%WrrL{M-G zND`=v9ekNCZO&KAUjej623HHqM!FT0;o30KR>y;4_kq!J8Lgk|)^b$88Mg7WAuqm# zyDTs5bo8-vzL$5$ogn{kzo+71(S-K--4$Dy$6mS3sH;sErMLalwod65f#AJLO^n&| zZc*w{N8M&TSo(ZR&w^=s4c3{xJKy=Imii;7au$q=YRrimA`QH2cmPq&&rBV64~!Pw zs{YKwk`O<}ZbUexLCx+~{5=g3T_kB6jb+Q`;D*H8l)1Q}q+N<6`tIk9gcl_xq^bwz zNYnKnJbI-9ryx%qn&jamyXtT1avb`~RV0j)zILoC*B@Rl(`c(@>hD((xZUdj@)x+e z93Hmaxwm5xZ^a^RoalCvDMD7&nzcMNjNKljLLv#=pAc>O!}aM+0ljsr6crLCWG`G7 zYcia(JhQ}f^-%FbR&M!QrA;&HbB>M?IRE5_HKl(;qR?8+aUSn$nTzs*=6d@O0=>Yv z?K*#E6w)UkLi9~wDx>q04;LPGmhLzG7N9|SZ9vmvl6i3D|MFCtZldlIGw1n4z`GB= z=U%~`zIe=IjXeWT`PiE;3>1*UwfuA;irq6iC(l7#OI`(&>3$DIEbU#c2nhR6X{Dg; zn)QcxF*8hxv*fVHrQJ+W)^FGkSypsEzkm=br${*o+`E4%(uetKqIj2Al7=ZSg@4L{ zU0vv$f}~P=sX*sC+e;xpMstkfcTBZQlmFG$x%28`$Lp~>3sw4KqZet&w!%e?()vf` z6H-|+LUXm7Mh6BF-IQBPA=D{lB-f3Wnlpi3FPbZZR|eIB9=-S`!t-a`Tfiuga9hu2 zm{SCvE?YIlLpk$oUA8HmY9nS?|KSpm&okEr?YY)?@~l=nK@Z;6wL|KHFVs&|R^3Kk zb61x5dCR*f-%%>B(K`)eK|Tjwi}&Q+$0gm=Ox0*V7no*5xSV32%lYGx;KQ^e#fvCS zOqq9kces~M;3R$*JnUXl^_VH zX~;b=V?W1BS~JqY{44PC1Jn>=yjveGe5uhk`c>Q$7ja1(7@TFUgD2p>%sU;eNtk74t!o-9sN+Em?0HAqR=~3p=w? zy2tNxvo?;1yI2tK=|YjiY)>SR;H2p%K;N$B6yWuevYU04~95I$nHos3c;=DbGZH zVuw`!#w{Y(Ln)+PF0(g}C+UV*kkKY>Kt!o`^^AwcosmlCnCGPTxQW-&P(S?e2%Pdz zN5nQ=g-2#!l-lU_xO%0l$6Q`5&%yGKm7KFuLD#B1rOW}uY4-EN&JrOG!$jD2dPo5CNY|1}wYhEy#DPPohG z_U}r6?q(>;nxGuG0b&3!52}_Mz(xfI-u`d3n7Zss2^rKmH^7|mpZmXlXZ)YjErB=G7M1g=Gm|)cXMNCMI1}`8H6Im@|wA!w33jW&67{l2RvaJ}-!O zmds(W6u!`+Fe&j{W{h0(^5-FW6RjCd7;ortaAWV7U}U2x^^c8$N%XPLeHmZeW4|L# zhrvNCilZ$AqroJ&Fz9*rLk8=;PheT|JTmW(P%OzfIo-inE~5}6l!>$vfXT5=5SVzs zAkR;k`-96_b(X?)ti+PNuHQ8$-C~n>4;?-alc6x_&sPPHfA=M` zhIF1SUiVYSj_AS(V}Gn-14i-OAJ+aUg%3)SP+}Nz+8IYY{}Fa_h>83v3^;kk^6ljE z7iL9O4QNbU`jUEkCQoHFfa%+sDpa$g&1!>@SRS0-5M|Df0a=9 z5r83jg?C9Wj*)wr{2qg9lUDH~TO=}$7Xx$={Qf6K|01nOs|p6y6|7gW0`vOLeGHC$ zma8|Dl~tjbZFWMMs($BWNIWL2V`aDX>km_;c9h=2qK}0zOFl8?aa@4H4wzzu0B36^ zIfF~KE}aUJc>b7lIDEWPU-HF0j3@Mp@y0lFm7l!(b-%lw;_Tew+a(7iG0+|osJ|7*H3O?a}RsdTF?a| z_VH@z&}t{6T3Ug1BhQu~^+Tncto<|L=s#ZlG?zkVzBv{N&1gSddn-fWEWmV*K zRqIQs*u|`Z86QqZgD#?+&c3xn$k^LobqAk55hj^FffWxq`?#M=lt+s8xa#xp)&J6@ zmb+@rx889+k^Hdx_%K#(bmV>nH*b?gVDum^h1rM`&KleEmkO4@IH{G@o4qXF(>xzh zw=VmxJIf_0eb*tu8JQrsS=+QLv6uRTL%%FBASqv@YA_@H&8=B}iE{_bi^U?jNlXeRM|QAPSCdonT>I7Cq=KQIgK!=Ffs zN(|?*WE^b~mhYO#p*njnHQa8kToPtyokR4kiOD56Ejr-Sju zXv++#k+$jnoM%U7+;QSbMcersTV`_H=#Wo!VE8l%AM>K?4y4A`GjU z=NbI4hSK+DiZRHp;fZ|wZ)W7pW!G1Qs}^@Lu@nql>E}=OC+Jpj!VW8!#kN0;eU{%Y zyWr)Xfio^x4)zz?Gp0lF8x!3)nL+gpEAu&7_Q%F=i;JGJO>Pspdt2C^U=dGY6n~A` zS-{e@9o#T~_SM9dE!$&MS**;_=kZ0vM;@)sbzyMxmpyW%R8Ib>^GXdZnDf!NlSStG zj6}sUwSc)rEs|}z`f}%2=cSBKrj^YKcY^A=vGHS>ppt-n=+$7=_cF5ypATn*GEk`W zY4}n?!Wvmb-6;sAbOd2)_g1GVQDVb-p4w1bn3!5L{IfI?Fvk0_NsUl^Ew4n%qLJfg z)r}=MWjHlo-n?vD| z4hR+_`2xZwC$vJjJ=@7W(p9%}x>6aGxC~BdnWiBwNLQ6sbZMGN8|dOopltBT(_08} z3{&1YBe4G2MwWCT@!ECir0+{))_1;7Yxt!i@sS$H$N*v0k(wdgYY%8rP2=}+8ZQej zx%V}k=}OK0?LwD)li5;PzugyBLP(xl{yt?Qwt81{7MXi*BKqU`cD?BklO^cvyf~M} z^n0K(VO~&N$=e4?idNi*lGSc4sL9oRVjcEE)*rMv7Ba${uc~an>-eTc(ba)o5RXBqt*#uI$Y<;#W&f&*dQG&+GFOe>F9C0b3PIv@KZ|d_C=1D z*LGuwo(A%)QnY-d$uW*)L;xx`p{ukC+Z#5H?DnW}dCpuZMw9|t1*lFp1N%7VUk3PG zgdDZfaY+r#1ZMNQmOOvn{Bq`5O9`650o#a{xuo@NTQ{$GW-+mpW%uwE>1}3D_XUb zEr{bbuvFM?;K2Sz^7mDR%A;aV_Zn~J1o(6iLp9xrkL?}4=PBW_zV!q5ivo6D9aQ?^ zII*~Lk_={VzS>=YNUqd2+t#ecuPcmwyg+93&pIE31oNIlIwEFj0}uPdd4GOSghZRt zN-3On2H^D;Ja>^~b1$MBEB!G^O#9?1{zKe6o*er(k!cSN-gkS~pF7xE@CprpKWfO%iKhcA`&k)DN~0Q-(+kq0l&1_KgV zcUTfGyg~EkP2$XK_{C#?!k7N@PgPuB>{J11n&c{=ZoX;Gt8SU~@i8u$#uO&{zb>AN z6*)|{{TWeSudIGDGsEWfWiSuK+neqVI;Q6zh%QL@Nb!w%4CJ5YCi6wqZNqWRA%$8; znWpY}`PUQzgqXm`Z}?S-Bc(8v4F_ryB>y9XH}(@2k4EUSedI?KDdqE3qJ)iL7XqraT_o3?=taiWjWVprhJ@a@gT76aLAMD zJf%tBC*yh^A`tq(NSP!gjx+Mk<_ji%O68Z6^Bk>hlqPCo)KL#uK~~RP>}|f~+8|$8 za(nG1FQqnvAQo*4hx{{Nhva`&)g2vKUUNR3uaXw*p#VBY$7^}T7$*0tpU$3y-V=8i z@k_KbYhs<5pDxYPDSA_UnyjQ-@TgDP)s6e!%C6cOd2dfITNk?yMU^M&H8Dv`m41Qp zi0itJ6Jl)fz-c^JXxxdhGM&Yjz7hF=fq`6-_g*h|{VUq55lxgKsO5p#6Z#frJ%FuH zZ*6Bs^LgVt;)A>Z0X}cPedZV{Ny+o!FQDK46W|dJcfWAR zOUv87DQhh6{uD+$56eRA$ks z_GC1_VfK_WmiLM|)F?ox;jSvuRaCt{?_H&J0oNgdw{xK0ODpm4NttY%e8z4=obcmL zHF&U+sn!6@cG%jE^@Sn-+}6C3#;%7MNIDGD&?kQKHU9(i*2>NY?M9#OlFZGx5hYG6 zGye`xb@HNqZ#6W}G_?cVt!6az*DJ^P<1lhRSSPlSQBD^-UiW%)p^$VF$=`U7VWkUTp?vt#gEV28a&=1o*sBm?dWs>4b63g`yn71^wDNCMtV_eqE3^Ixo zrQDnmPxAcHcjaEwT#l3bBMq#L$C z(=h9a1l$@eObz^Dm|@Orcz+Q=v}8P?IyS^%(@B)L#lf}VW!@pzQ}*#UB}3vmV@mmpzcVWe z2%ri!3dHH#&+aDmXbbuw9iXUa-EucxZJ5*D;E)|H&M&=D;UwIK!Tv4!Z5h0^o04&9 z;2395QSzmP^WY9|JPU)luBeR%dc1-9DeohH2%PQlGL%Qqtf{$zfd&Zi$pkTO=K7TA z77kJ4?C+XAqTH#{->bH1G16NClzsLD_+Xta%w9o?E9{@AtkOo1>*be;hbgnR$*t_# z_mUiy1~~b4K3Q&;C62y6di~|`Icc66;ezoQ;H%ug6HZ+!4tA;^DYnfCW^|>l!>q6W z5X2ZxewsLQdQr-^9T$RMmOdCDdQn z^#xE173Q;Nj>jw0@d%|a?!02E_Z-Gx_5S@Th9E;0P$0%1MVRo@{0Uv?ieHyI<^(za z{p_>8JN3G{zT-n=g1!{%cND#a{rRy10eE8kL~z`CvYvZihF&ro!w51CS>!T2uT>7Q z3j{yC_Wf3xVCPE_EA-S8d3FbDn8=?e@3YMv4UH?9;pNzD$nJ_s6vJiZ^?1Q`{*sg! z_cfCJ8KW&9Q8vJo93aJXtz>!k>fsFToAk7r^GB4|y2v^R3aruicTX-qw_@CfT&%XkaV zCd?EPD)Z|OP0XPbV;GZh6Ve-Ty~HcZn~b%umP`PF(C=&i>nV8wfiS%c8coc1 zO0NwspC~HCJChxbA}Q0Jl5r0Ulid-*FDUd^RXOim+)!qd%DvPyp2)vyw-K9g5*{Y` zBFg;rnOo$WwYaVJaIQzIf~>3l7a`f?+K1UBk25UWgz~2n~cshK708-3{^e zNXIG(h3%9)n3VG#eIqlE#CsHcvVA|mEKl=@SJHW^8 z#y#H4UgppM;U*TIr@66+zJNk5_YrIW4Rn~PlfSgH0 zs^?~8gagwi(pB;6+ArcT3;YoC?X@vykGI(ThAdBrFFH9r`0*Ci&JQl7LhBvA?$c5q ziAtM!Q1t^=7*KVqqJaWNE0krUeue39&6lz|m+AQ*R8RT&=n`MH;`C@Rdww8Kd=MD- zN9~)-9G7a5x`e$kwt)J0@t#9p_E*dm#oV?xqx&`qvPiuRf=KQ`LxwJuG|SSt*=hOQ z*oE2aC+kJSUen^z9X;M})Qei#xL@p>?vM65b~40p-E*FwIzT|4+IIM6_svW;N2O;U zi4bk!(y(;zg(>CIHqjRj1PXS)9qokd^hUj@B8abP(w!`OujE^Aa3@ChgjZp^;)Q-d z5RGC1T?CTucdi=A8W+Sqzw2d2hw<^fy1cgMe6t}q4K*66$;NMM|Cnm$NoYj4SPDp{ zT6xcA56UK4cY)W=QQ4xl6ZvYOw1-9COgl*{^U67CnoX~Vz0Q8&UWN(Lf;JC~$)@`U ztY${etG9$<=R^gDRb|%5B1us-!YtV?E#A4%%MZvr*5mS01~R^j(g)fp#nUVgT2#rPwY%@+qIX58tkqL!Zl%4Cx z-YA-`?UWOXOS+Yr0!BNwCcdKnO03z)hu+pUVmmnu*z|0UY~CJt+KD|wPk)XVjWvBv zo~lP~^lMQJi+yWdD(#dS5%rVaYZdI1`UU9<4P4(#rMwdsKIs1n-jz9K*0=u9%-rnr zN{kP+!$=%n2k!zCN%zMLooUf5e$fm?tC}v#d7P`=47K|C%vU+742EXHUo%auDdZDh zX^2_ZlVNd|#_`pYqnLTx^xBEVNec9_D57~f16-6O6z2y#tjYH^^AFpS&|w@H2`;~^tx+SMKDGA_=uM?I#g&mm zCM3biIkDlhkLqO9s*FtiYgIuPd!EAHD|2?%JkPJW7xSpIaFQ3dz9jvaUgHDebv@Rc z+i7YD;&3?G!&Xh`Dfd>&%sU19bQhH-^(I8^F8o~BsTY{cPTApE{x&Q#JSj30wNU8H z$#;;?m`bJ*SODk|`CizTcooX~_D&`_TnTiKku+Ut1COc^1BoCPw>{0vb(a{k*_qI^BVP5Ij|SYr_=WZ z3gueJe(8(8cJ*@=KdZO0%@V>|&G)oiMAemW_xU=nFcrAY5LcSHRlx8%f454kAVEj| zYn1ba^eyq@I#g6C6l;uN9n4wzS`t}@TFDWcy=B(>zmn9HulC&lR8>Y=RqORqviiFm zf|=t_yF!l#;a7)!kc*)Bm6$6~*jeZAFXc(EcX&41$>r=9AT4XC@|rbwaZqeTt)?S` z_4-=$33cO@!QEA@apIU@luHB=GP33M}u_b(}gUIX?Cf+rThJ}$=b zC4JG+uc`O97?P-(^FaPuzx#hgGQ{IRleh;!>3BVm@%LCi?^+IJ8c|+^<8%l$oh6vz zwQ;&tt(Lp`J07nZ9ecZD{_cHLk~OXPpmXTw%-bNoHYGXR(QtA-?KSS@_sDw7H`GxA z7E}#uaW3y9nnjdPMKWUs_)PZtmVcLwS}0b$$Eu+Dz2W2cEPG1^ z&nf9Wnv;hu$1xmn=}z5tuZSJa?2on5hOa(D6?z;gw?mGOG@L0Ks?|Ne*-rl|J~BmI z$h|f0@}-vCyR+9pm7o^R=6a4)4QI*gJoM4lbk|YqZT{8MzUZs-c@00+3OM`Z&9nNt z@e!Tu@@3Z00Un~Z)cDU9k|wRHX|BKVn}cIdJG6E@|&PUG>c$` zEJDXo{@K&3o#|hPb|2rmt+M4VH+cbE0%44W6!|}^9uoed*kI<#|In^BhzV1~h4r1< z>6!N8#M)XlWod5hiIaOZBiY1WbSVFh2Uzv)-#^7JiPB>2;HPz3ts+&yAEY2za)y(7 zuG!57>s#XdzA#K!=!vZhw5XZkGV)ToM|#JopaVle(&p>Q^XHDmt=g{KZQ(&U9kO`6%W++^0q(u`;C(vi5aD&KL7ATXoN z%5B=*dJuJKlL)REkzbp*lzG`%zwg-cu}6xHh52`=Yds4;*iD9dOz5n(_=^fIlf`H z%Tz5BLqLO}XQ1lPo$iAQCX>4c@$8vvMMZ^2BHwiahbF4Igvm@kzHat|{PK@X&5JC_ z=kw?-mVl(!+lwa#UXu47(sN=RY&%>sRgxA;+nam+Sx zI>RJebDojnmNtN%*tus#xHEtaR+AL0^1B7_2GAMH_gFH)wk68~J`MK!;jrRCCzwSryECVFX$YRs6@^(NT6 z_QE;T?H^Znd`z!6%81!_QL=ut*v`S<8KlGUD{)ZF+!aPOtCV zlZYuOdspxM_pk0!)NkJnxJa`-2rsN8(VSc)HeR)L>E?vZkE`tAeSR>N%1RpNnNV_V zGkBbPr0EtXnk{$a613~;+%tJZa`|KlW|*sa1lO@z?WDI;*BnU&7oO=fS5vjWWD@RH zNKi^A>Dazof$SU%-vP(DU35jZ;yp#_SMtebyVF)fn~2Rzgg6lS}Ac+hN(8A?e9}64a$l}(jC8UNe%_^ zdjhAvW^m-jxJ#IHJ#Hi`(Q|TC_m#_~H1!e}w|VWZB!Q&Ee>hH_r5`hpr16uvF}HVK1K{E%5@lLa9yeJv3`G=QF+uk6R`Sjk_#+Q zlBb<0sE3pc6MR&xnbWE9FfP|%BWOg~kn?%091 zy%L3Zcz^kN-|tUL+co~3M#_+^(PxY_<79{2*;dVzs1)VDp2ESXMdiPq!qIX;NQnqb zy^=;TssJpA{<;4<)5AYWtsbH(Q~=%pFa*V`3dsIT%ijl^h|~aQe;-aoS|}@-Q9mH! zDti`Rrf7fGT8@ohCqnvQ1I(d-1+>BpC(z*fDdNCgC;jdj-}`PpF3kIW{(!LH9LrF= z{O{$;0{-Oh2tgfSXy=K+OAG}Iq_M2*E1K1w`-I1fJqBtRb+tmiIrseJz!*U7#~UT`T*k6L zLOWUQ#mG5vp=s3>jLiDd`ZV|VUw=+zi4I~42=ZmY5l+DHTajVY5ACG0I|(4fYUibj z4h~f2#ln0_|L%?;hsf*lj!#c%!31~uT|d9Rf7*N#9eCTxKRJ`Xvov*_p`Sc#e}(}u(%n65nk|ZZl}hDLuZX?9guM=?j_k=8$^>9Xb>w>?ZQg_g%ug!d#jp^v zv;q!=XqoMvlRK6}s}?g(69;8P!~BBt<#&(;Wf$j)<4qiQ4(e3(SWVQ)a!c8GG@v%{ zW}m%1)AIhHFTO4(%P>V}-MyKE-`xlP-fI2rPS`W?M)nUtY&(Zg!ukNE^PI;A?O!d$^psCbS!;IOTi^^ag*2KR-qpvK2~U#IS(#xJaGqGlV8ov&XJ#fFiu z7CY3OoPaAHL@Owz?)>q(E;qU_C9xd+v`VxHmt7QhIQwcf>uwY2DU}c;g~*3%F8RE2 zi7a*=yUL&d8CxJ6KQq3+aOPOg8FVp?N&Px%qA+C){ z>$s`rU($|3_Y1lj7zV!;vV4o!nEtBJVs+!~BR1B{x;+gNUQj ziKYTIZW?9*Fu_6!ai7kNY(ukY34y!=;EjwhOa)GiJT6io-JW(xET- z4!OXcjY;wBoQo;>@%gcuSN-hT$?T99-O7JdMvx5ymWOy><>vJZe_HxDR9rE=wXEZ? z?VXB=Z?v@b3GPca%C+6|BGv!!XH#L|y}ej!ef0d2>&3>863wkR=iKaO@d1(#=|z*G z4;da@)Y^Vh(&{boQF*X?b+p?fiCM-dr^6Z;D}nD5x+Wi=7>U*A_kI;&ISG7^0>lzY&Oq?%ys zdDx&}>e|S1QY5<=C_fYQgECNMo0eBmzsPEA!c*smv-Lr%*Xc0#9Jeh#$3c;n$PB{{ z8^qYsv0LU11t zpCp>;8k2V}br1DJ_pjIpMO9B?vQmN3GC?Rwi>QjLqRjLF=7j&;-^4}{^?x%w9O?l~ zsKNi6&jEUK`+sME!GGs-2>2^+uz~^L0gA`~AoA}Y8vhI14FG%qFdTJd0N^5n{2iKg z{^Ni#40S&l^8t$82!M~$H3Zxh1ONMy16d1WM>;Lo-?=F0V9W&e#z;r~{N_~%9Mh`%8nkO%nh75wiNc3T|~j4}}W$3|)z*uSNr=u!xj zff3*-IT-B>HG~KC!3ZEr!@~2h*00vl>YkA+0YU2{QH6Z4>SFT0bxK8?=86-20`$mhK&KioUoe)f^U5dMey+Q+%Ccc zhd@yQCIGn?AUN<=y&xbD2!4w}Aqd26#tY$vfl&8M0Srhe90Z5nt{2P;2Hs|HUS2dg z5R3&K{Df>2(xiXm_a1dSnp zw?`HPgMfhO9)MQ%hW*_O$p3^eUf^wCxM4gnG?#(`p`hEt#0v$XF&-#_2TczAAKg#D z{jVUp6N2Gj2%2;8pzKWnWJoyryZ}R>Kr{w}LvQ;r7>t13_D?W~7p*;DFdVIOVX%Mv znCZVE7;VnMctH>tO33_Xet~bi1By27VLZ173C@cE!_gQV%!6hF6pXkn2ZO_S(HQKn zq8HLeQM%hJnyp0*Avv=nQR0 zZsHdLh|ZAc3mfqNv(`euXk7?~@S-oMa1aQs;+u^D5BkE-^G_Yf|AY`YFIqH!qdD9S z1EDFr*%zRdMF1h_JC~b~^Pdd)_x1w;L=(JOAK_>W3Pj(b@uK;{4FiJE7y^hchd@xE zDdgn=Lr_*W0Gb=mBj8rFwRNHcg8xklByD4Ad$Y;>pS*4aj!p&+PJiz`Z_3?_903!P J_$vv5{|9gw&*K09 -- 2.47.3

Tor: The Second-Generation Onion Router

+Roger Dingledine, The Free Haven Project, arma@freehaven.net +Nick Mathewson, The Free Haven Project, nickm@freehaven.net +Paul Syverson, Naval Research Lab, syverson@itd.nrl.navy.mil

Abstract

+1 Overview

+2 Related work

+3 Design goals and assumptions

+3.1 Threat Model

+4 The Tor Design

+4.1 Cells

+4.2 Circuits and streams

+4.3 Opening and closing streams

+4.4 Integrity checking on streams

+4.5 Rate limiting and fairness

+4.6 Congestion control

+5 Rendezvous Points and hidden services

+5.1 Rendezvous points in Tor

+5.2 Integration with user applications

+5.3 Previous rendezvous work

+6 Other design decisions

+6.1 Denial of service

+6.2 Exit policies and abuse

+6.3 Directory Servers

+7 Attacks and Defenses

+8 Early experiences: Tor in the Wild

+9 Open Questions in Low-latency Anonymity

+10 Future Directions

Acknowledgments

References

Footnotes:

+Roger Dingledine, The Free Haven Project, `arma@freehaven.net`
+Nick Mathewson, The Free Haven Project, `nickm@freehaven.net`
+Paul Syverson, Naval Research Lab, `syverson@itd.nrl.navy.mil`