From b1ffa78a802f9465eea67f801fabd19cc91117a4 Mon Sep 17 00:00:00 2001 From: Allan Almeida Date: Wed, 12 Jun 2024 16:21:00 +1000 Subject: [PATCH 01/17] capitalize --- .../202309-threat-model-preset-erc721.md | 30 ++++++++++--------- .../202312-threat-model-preset-erc1155.md | 15 +++++----- 2 files changed, 24 insertions(+), 21 deletions(-) diff --git a/audits/token/202309-threat-model-preset-erc721.md b/audits/token/202309-threat-model-preset-erc721.md index bef3dd54..0a0e2e5a 100644 --- a/audits/token/202309-threat-model-preset-erc721.md +++ b/audits/token/202309-threat-model-preset-erc721.md @@ -1,11 +1,12 @@ ## Introduction + This document is a thread model for two preset erc721 token contracts built by Immutable. -This document encompasses information for all contracts under the [token](../contracts/token/) directory as well as the [allowlist](../contracts/allowlist/) directory. +This document encompasses information for all contracts under the [token](../contracts/token/) directory as well as the [allowlist](../contracts/allowlist/) directory. ## Context -The ERC721 presets built by immutable were done with the requirements of cheaper onchain minting and flexible project management for games. Namely: +The ERC721 presets built by Immutable were done with the requirements of cheaper onchain minting and flexible project management for games. Namely: - Studios should be able to mint multiple tokens efficiently to multiple addresses. @@ -17,12 +18,11 @@ The ERC721 presets built by immutable were done with the requirements of cheaper - Contracts should not be upgradeable to prevent external developers from getting around royalty requirements. - ## Design and Implementation ### ImmutableERC721 -The ImmutableERC721 contract is a hybrid of Openzepplin implementation of [ERC721Burnable](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC721/extensions/ERC721Burnable.sol) and the [ERC721Psi](https://github.com/estarriolvetch/ERC721Psi/blob/main/contracts/ERC721Psi.sol) implementation. This is to give the studios flexibility on their minting strategies depending on their use cases. +The ImmutableERC721 contract is a hybrid of Openzepplin implementation of [ERC721Burnable](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC721/extensions/ERC721Burnable.sol) and the [ERC721Psi](https://github.com/estarriolvetch/ERC721Psi/blob/main/contracts/ERC721Psi.sol) implementation. This is to give the studios flexibility on their minting strategies depending on their use cases. The contract interface allows users to call methods to bulk mint multiple tokens either by ID or by quantity to multiple addresses. @@ -41,23 +41,25 @@ The ImmutableERC721MintByID contract is a subset of the ImmutableERC721 contract - Modified ERC721Psi `_safeMint` and `safeMint` methods to not call the overridden `_mint` methods but to call its own internally defined `_mint` - Added a `_idMintTotalSupply` to help keep track of how many tokens have been minted and belong to a non-zero address for the `totalSupply()` method. - Added Modifiers to `transfer` and `approve` related methods to enforce correct operator permissions. -- Added various bulk minting methods to allow the minting of multiple tokens to multiple addresses. These methods come with new structs. -- Added support for EIP4494 Permits. This feature comes with an additional nonce mapping that is needed to help keep track of the validity of permits. We decided to remove support for allowing `approved` contract addresses to validate and use permits as it does not fit any of the uses cases in Immutable's ecosystem, and there is no reliable method of getting all of the approved operators of a token. - +- Added various bulk minting methods to allow the minting of multiple tokens to multiple addresses. These methods come with new structs. +- Added support for EIP4494 Permits. This feature comes with an additional nonce mapping that is needed to help keep track of the validity of permits. We decided to remove support for allowing `approved` contract addresses to validate and use permits as it does not fit any of the uses cases in Immutable's ecosystem, and there is no reliable method of getting all of the approved operators of a token. ## Attack Surfaces -The contract has no access to any funds. The risks will come from compromised keys that are responsible for managing the admin roles that control the collection. As well as permits and approves if an user was tricked into creating a permit that can be validated by a malicious eip1271 wallet giving them permissions to the user's token. +The contract has no access to any funds. The risks will come from compromised keys that are responsible for managing the admin roles that control the collection. As well as permits and approves if an user was tricked into creating a permit that can be validated by a malicious eip1271 wallet giving them permissions to the user's token. Potential Attacks: + - Compromised Admin Keys: - - The compromised keys are able to assign the `MINTER_ROLE` to malicious parties and allow them to mint tokens to themselves without restriction - - The compromised keys are able to update the `OperatorAllowList` to white list malicious contracts to be approved to operate on tokens within the collection + - The compromised keys are able to assign the `MINTER_ROLE` to malicious parties and allow them to mint tokens to themselves without restriction + - The compromised keys are able to update the `OperatorAllowList` to white list malicious contracts to be approved to operate on tokens within the collection - Compromised Offchain auth: - - Since EIP4494 combined with EIP1271 relies on off chain signatures that are not standard to the ethereum signature scheme, user auth info can be compromised and be used to create valid EIP1271 signatures. + - Since EIP4494 combined with EIP1271 relies on off chain signatures that are not standard to the ethereum signature scheme, user auth info can be compromised and be used to create valid EIP1271 signatures. ## Tests -`npx hardhat test` will run all the related tests for the above mentioned repos. The test plan and cases are written in the test files describing the scenario is it testing for. -## Diagram -![](./202309-threat-model-preset-erc721/immutableERC721.png) \ No newline at end of file +`npx hardhat test` will run all the related tests for the above mentioned repos. The test plan and cases are written in the test files describing the scenario is it testing for. + +## Diagram + +![](./202309-threat-model-preset-erc721/immutableERC721.png) diff --git a/audits/token/202312-threat-model-preset-erc1155.md b/audits/token/202312-threat-model-preset-erc1155.md index 35c8e978..742adb8b 100644 --- a/audits/token/202312-threat-model-preset-erc1155.md +++ b/audits/token/202312-threat-model-preset-erc1155.md @@ -1,11 +1,12 @@ ## Introduction + This document is a thread model for the preset erc1155 token contracts built by Immutable. This document encompasses information for all contracts under the [token](../contracts/token/erc1155) directory ## Context -The ERC1155 presets built by immutable were done with the requirements of supply tracking and permits +The ERC1155 presets built by Immutable were done with the requirements of supply tracking and permits - Clients should be able to track how many tokens of a specific token id in a collection is in circulation @@ -17,11 +18,11 @@ The ERC1155 presets built by immutable were done with the requirements of supply - Contracts should not be upgradeable to prevent external developers from getting around royalty requirements. - ## Design and Implementation ### ImmutableERC1155 -The ImmutableERC1155 extends OZ's `ERC1155Burnable` contract inheriting the public burn methods to be used by the client. + +The ImmutableERC1155 extends OZ's `ERC1155Burnable` contract inheriting the public burn methods to be used by the client. Permit is added to allow for Gasless transactions from the token owners. #### Modifications From Base Implementation @@ -31,12 +32,12 @@ Permit is added to allow for Gasless transactions from the token owners. - Override `uri` to return `baseURI` field to keep in standard with ImmutableERC721 - Added `baseURI` to replace `uri` to encourage the usage of `baseURI` - ## Attack Surfaces -ERC1155 only has `setApproveForAll` as it's approval method. Meaning any flow that requires a 3rd party to operator on a set of tokens owned by another wallet will grant the third party access to all of that specific wallet's tokens. The third party needs to be entirely trustworthy. The owner needs to be diligent on revoking unrestricted access when not needed. +ERC1155 only has `setApproveForAll` as it's approval method. Meaning any flow that requires a 3rd party to operator on a set of tokens owned by another wallet will grant the third party access to all of that specific wallet's tokens. The third party needs to be entirely trustworthy. The owner needs to be diligent on revoking unrestricted access when not needed. -We can consider implementing a more complicated approval schema if needed. i.e by token id or by token id and amount. +We can consider implementing a more complicated approval schema if needed. i.e by token id or by token id and amount. ## Tests -`forge test` will run all the related tests. \ No newline at end of file + +`forge test` will run all the related tests. From 61ced219b1f530d33b5b9c3ef9649b2952a3324a Mon Sep 17 00:00:00 2001 From: Allan Almeida Date: Wed, 12 Jun 2024 16:36:26 +1000 Subject: [PATCH 02/17] formatting --- .../token/202312-threat-model-preset-erc1155.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/audits/token/202312-threat-model-preset-erc1155.md b/audits/token/202312-threat-model-preset-erc1155.md index 742adb8b..521269be 100644 --- a/audits/token/202312-threat-model-preset-erc1155.md +++ b/audits/token/202312-threat-model-preset-erc1155.md @@ -1,28 +1,30 @@ ## Introduction -This document is a thread model for the preset erc1155 token contracts built by Immutable. +This document is a thread model for the preset ERC1155 token contracts built by Immutable. -This document encompasses information for all contracts under the [token](../contracts/token/erc1155) directory +Contracts covered under this model include: + +- [ImmutableERC1155](../../contracts/token/erc1155/preset/ImmutableERC1155.sol) ## Context -The ERC1155 presets built by Immutable were done with the requirements of supply tracking and permits +The ERC1155 presets built by Immutable were done with the requirements of supply tracking and permits. - Clients should be able to track how many tokens of a specific token id in a collection is in circulation - Clients should be able to create permits for unapproved wallets to operate on their behalf -- Minting should be restricted to addresses that were granted the `minter` role. +- Minting should be restricted to addresses that were granted the `minter` role -- Only allow operators should be able to modify and assign roles to addresses for administering the collection on chain. +- Only allow operators should be able to modify and assign roles to addresses for administering the collection on chain -- Contracts should not be upgradeable to prevent external developers from getting around royalty requirements. +- Contracts should not be upgradeable to prevent external developers from getting around royalty requirements ## Design and Implementation ### ImmutableERC1155 -The ImmutableERC1155 extends OZ's `ERC1155Burnable` contract inheriting the public burn methods to be used by the client. +The ImmutableERC1155 extends the OpenZeppelin `ERC1155Burnable` contract inheriting the public burn methods to be used by the client. Permit is added to allow for Gasless transactions from the token owners. #### Modifications From Base Implementation From bdac191a29a27917b9cbe81d4c3c5c34f38a3c5d Mon Sep 17 00:00:00 2001 From: Allan Almeida Date: Thu, 13 Jun 2024 12:08:41 +1000 Subject: [PATCH 03/17] add diagram --- .../202312-threat-model-preset-erc1155.md | 4 ++++ .../ImmutableERC1155.jpg | Bin 0 -> 469668 bytes 2 files changed, 4 insertions(+) create mode 100644 audits/token/202312-threat-model-preset-erc1155/ImmutableERC1155.jpg diff --git a/audits/token/202312-threat-model-preset-erc1155.md b/audits/token/202312-threat-model-preset-erc1155.md index 521269be..1d227273 100644 --- a/audits/token/202312-threat-model-preset-erc1155.md +++ b/audits/token/202312-threat-model-preset-erc1155.md @@ -43,3 +43,7 @@ We can consider implementing a more complicated approval schema if needed. i.e b ## Tests `forge test` will run all the related tests. + +## Diagram + +![](./202312-threat-model-preset-erc1155/ImmutableERC1155.jpg) diff --git a/audits/token/202312-threat-model-preset-erc1155/ImmutableERC1155.jpg b/audits/token/202312-threat-model-preset-erc1155/ImmutableERC1155.jpg new file mode 100644 index 0000000000000000000000000000000000000000..772cad9a1bf23d6d372e09f5c94ed6cc4be5bde0 GIT binary patch literal 469668 zcmeEP30PCd_Me+TKn(k0f*9Fk6BWXuAZS=+U$q678e~_hh#R=Qiy(r6vWe`5RkXGb zm-b;x+bD>jY@*MHKA%NY1hp*+wd&`4|NjLHBzQrRV2$luzK=U|=A1L<{$}o+S#DBmY+m)G#B7fH+_;=MpDL5Qt)u1F1^f^r7_sy9LNZ z1Q6tiav0$n%8`P1hyX+YA^;J92tWiN0uTX+07L*H01@3#$-O4d|*|jtZ*=%1;^sNWPrTWudhZ zQoWk$|0}c_s9@3%FtS@}*desG1r+2=22*G?P{Cv&U`3MLMcyjBHpxPd9Wt|p`m6zc#WdI%b0m1GfO4Pa{MNUmVR!f~NIoP1zdNk&=&|l%HIH3OvhQ}ySwaW@P#q#8 z_H%;J!QiKj=uhmy5Z6DVDJhF93WFaOfiY$%YFh%@BG@3N1$ku6nh_L!%L(16*<$kx zpartGABvRlr)*VN(rv6&-R{u}B<@n8v{4D0J2A3U?X7VY7g8dREcC4DeWE3E?Y7Km z(|%fq)XUWAFW!1m*s8w;$%iE1x9W+;THA~QH*2FNKJhyaA*WQNZQVRqNEEzH`+Ip?4oxhv= z6UrR75s~mm^W+zO;#PX6+0kcfZXzf;Ok4-#9CacdcI)YGJelop5LVhsTKTEF;Tg49 z8~wUF0K^&xcH3oJ>405?ZATa89XFC{IGoqID0)6&rIJtLdX`dD>gOHGoAl>*{t!g^ z-&?l9IrFz5`H%$MIdjC5t`5v?+X72p7NO+Z`^{RBPmP~70z*=K4EaTwLPDu~zLbT% zWr|^y(lz@0ULd~ma#Js{_hsXMlC&Of>L%Wjx_Wpzr%qHvu&8$l5$bZ~v|UQD@A)B1 zdt!Ox_dSiHT0di(L>aY{SwEYpBen*lcA%c@^@{v605T;D40QUD7fanz@5o*gH}`1- zV)}_kZD*i|jI_G7s$SlHCH9Vh>kW5 zPS}q|C+rDE7u;X`hB{EZe~@$Z_&okxYot}VQiOPEM~rO1UX=`2i$ar=zsrl& z&n9_nxNkf+$|^x>z1Z=?%7K1{$9nEAlyy!}>2p|+6Rz^Pgm>S${wYty!!DT7PL*S^WtqX^_xCS3MQ%+Ru0 zqTqLBm<(zjTl+)TS)Cw zT3j`VkvVfK3Ovo14X-CQ$Fu~r0|~`C*?@WweK53QfLqr1#tsGmyJ?E8+t2|5?*-ch zUOYZ<47Xk2-zGRO#Xn~6Q37{J$#;Hm;+b#A-lqV5=b!H!;V_?X$lj*_?l7PK4B=WJ z|Cqf;3H-G{elvt4ZGI7Zul!?nkon6Mej3LgUhkP(!!795BxFGie`JbIf*z=1auA?x zdRWt~DD=-S0a$af^;=l5lT#>@p@ovOWp0PiimVa{8?;fO)j$Q4g#hAa61Qa`Ls)f0 zV=Z@7SS3(?@(@sSTbXVam@2G7Wnb<23SPo$f%21w0I_yW{LK?IVM}(mlCPQBg|^AF z3u+P?0g2Sh`+K$+-cM>2O4V)}9hA+`ISqeZAQX&~F3eCW{x(`>e6@F-0 zt5WH!9G?rOiWUNhmqEf=(J~2IBP0R_;$AmUA$34;kwQS6aYD6Kq%4BQ2#Y|4vfXlF zbwGKMLO_{Nv5p~97C~c#M1a6rCLJcE4k#{K2rQK<`ckwkg4PI$fK=>KGnSA#ptwjO z0Eea`RUDII3>=zH3XGzp1P)C_sWc|X7C1DW92`YR3mlq?P+?4pDdI}MXQh{7qtkr` z!S{bdCq*YzA_@o~sdBp2hqVp`fUVQLe-#Cbpbe9Q0731Nj5=6-rFU}FK`kPIK&XQn zaGq{_OC*eeMobO@Gf0Nfs9AB{(5D)|xd*%AlG* z1Ob`!6Q8yqwd3d2S4j67pX0yQ+BZM9?iim5rv9-AES56Pr*$?v<)gynD{=S1><5wO zR0Dd1(E?>B83AHaMk=YopCO!DL@h*2|Ez+LT7oHx6?bvw#S7XnA%K8D$45JaE|HlDrf#|LTbTD%N&@ILein39=wb!7*=au(q5@jZ{ZP8${)Qh4`S+MF+~4p$g8RW#Pf}+I z?r-?PN)Rt&xW6GDDjzxRUHcmvh^PK`_+EAHo5$>x3qCn>U-!sE(`-*n^?p1O2U6#C zT(BtIah3~{4T$jYbp*v%}xTcn7N*o3hEYcUif>gycn054y+C*9N0ZlVkk315Zi zJlRY^sub7&SRQO8*X{w+G@oIKTe7{4cDR$%hWG~mlb3#b1e>;iyGV0k^5KJ=UY1gy zuBq+y-O8G1#NOl)vyjYbQS70pV|GB#{E}3OmabY)s8`y&py6+)OMdbe*_q~83Up$SC+S5+o-w{i3 zNPnRH`;kq(CzY?I1sgK=80^!$M1*k5Bt{WCTC}u1~#s-&k31bs_~CPqWq$` zg)SS@RRdT=#B5VNm6?Kr~7-V zQ-cjpHEXPIrENr+ncY6PBd2NbXDp! zy*9N1I}9av1}R4ArIvK)4~*A+9=)8n{E69jlJ`K z5%y0r6he|iFS`9(wlz?@r<8(xrDCVCpwJ{jlf2*+`73JDcQf}jhdhrm^4)EX5)Lkv z&L>heWy44;KXOHadB<)F@@1CKKz~UpHfQ?zcJj#{v*OYq(jAXI3(mW@9|ja^g$g?) zDB$lo-mUAdY4YV`LzRyXkF^(70^CS=Kx>*`b}xI&oyrFV1hO z*Q_hiVy7O_ORBG-MrT~+IIP6lI%-a*S*lb{&h!Q!6T4_|oLW>3WT&9hw9d-w+MLUd z**=#|iP<59n|!S9cE7;1QaA*mG(G}vmL~{uHHTP-yg-ss+~2J0NNX=<6U9yMwFQQp z1=eNgm1f6$WQj?fosMM5!uhRC(hq(}vdZZfNI_}{JLG=MNf7NO_YH_{neyGtW1QZ4 zovmB0p154abZ=L^u05e4cLHZsf00G_-$>nx74zP|@z{|)LrvElhh9Lg_$}9qq!R8> z@kLJ3cSO2X`B%s?`n??nj$7BOEA?5<_d-;e31_!~ZCQcR^By!373V$>qIVzNxU}6F zYxCeW`3SsevSud8t!UB)!ST*#U6uJ$dUY%1w`dJj;NG(9@b(h zt}tXa%4&QG0!tf8bI#G$0qWh==0-9Zz?@z?;t;jvPoY7_Sl16t*)xr>vUR_{-|V{U zZbO5@myLHC)Dd@+jA*?F3vMxt)32`v;PN5=G7u1wxqSb*?7T|-klpJ;yG^3VH>J`F z@)E@~67ya@0-ZZwt=r22541fwa1l9 z*3F8IjdQWC+q^rELBCKHcB~>%XR7gF#nRPm(mP~whV_%peg*L-8J5WlTBpkU>6Ldn z4c4vKMuF~gSVTih_n_f9rl*vEXu}7aTimO&NGcA~kLyLdDgBn$ZP2x5{iVBoIo}tQ zkx#2#)^Ce&2)mRL@w;LISc+hxE6JZ7fjDX#{qec0MMASI(K6+E*Zy&{}`Z)k&#R-sEsL_4u#zn0xiR zGIvvL%4d{E*&U6)$tq-pmWAb;o>{EH7H3r{l~nx$4Y^pAr{NM)2BI7L_gY`PU%7{T zLUjS?))U|P^W5MnrOx7*BtpL@;e?OJ>Gn<9SL6mpi2_!tyX>pzyYPYO0wBQsd5@8a zzadiq9YZ35PH3Cd#Fhx0DHI$B0nQA-01GqZv>$sM-tm(Jok|SdM|2!tGfWi>0Zyl5 zK)T+YoF|x;0Vx5OA(28g={L(?g69n-@etswMB=6KK@)IsiQL=4S<~VpGsrpt1U~HN zA+Rx?KoJSV!rd4Pq+m!$z!NZuRtr>(gvb_(j){P}Tl`OBCQdj3$x%x&oG>>RBYb1I zz?jsan18}iTQyW@o#gBzrs@J{fxRaIK%1C|n&(mJ3L*N#oLr0oeGEG|5kBs)IpzZ_ z{#Z#q+f-5hL~yvJdJg41ZO2J?Ckakfyb~fp85}4Zzs_I^D$S9TDN&f~h;m~5+)2@q zrc8bWAn!yGKy37MnuY!uw@itaRbBI@iDt^p2U}!rG$uDpy=r3`)w@+lrOIcFtaaFe z?YTmQYXd@}Keo8?8BLEdxh8B3(R!7zdrHAgGD940NWV zT|NR>2c4+^poz8!bf%(RJ_1+=ov8qziMR-KrXpTI{F?`zDgT&>xCC^jB3?lJn+KgK z|Couo1azjNUP64^2c0S3kcqkgbf%(SLVVi?ohjdtiM#-GrXpWN{2B!zle!GKXj&|Uq*ad2%RaPfQddkbf%(TMtoWbohhGyeFW^#nSKO?#Gi@K znevC%N5Bo8=|@mV{Fw-yDSvo<4BXI}ehj6=myOVw@&(t&zzm(~$52Xq*$AB}UvPaC z%+Q&B6vf1kkG9`7p`4r)0N4l*Uyp)N?V7X2dDgOCp1nZT_g=$suFUcjb z(b8Gr_Uc2?T%?HyKcekoWsO}7;=S7@{%m-hKkH2O-nx*Dmju9!S$Zc@A2RS0CrBlp zJv?XD_2>B92stQ}{y+aiVfe`tq!L-E{w%-iuB-|2^Rj(Bu9r|89MrH`$D@Py0r-qb z*pPfBYd)QWFGlz#s5W-9P74D+d4g18#a{hd`Qy{DGZJtvN#AMn>f(jlg$Gmn6%{Ey z(u$-1ourRvP=q*{*nK*O`OYUApMj7c98$58fyaa_rTcmf9K<8kMW_r)NXAY9!ntHh z$aCuiIZBaNSG=)Zh(Mdpf{*9@#-1@u7v+6!{$t7|wE3D|cyeMJ6I2`4;id3Jv!xWB zQNfi^BCtN+r;eM%53%KP&Nuw>DEc+B!$G8-P2;-nzgcfMF3 zgdJ}s=(U2nrb(wrgykY)mwjw4R zT;`rA$P@C)P>OcU<)sY8q>2irqj(AY(de4&)eIaFcoYi`C^)1N05`EX>yfdAsJkNoR z!-e>oTw9Mr=aWQo^qkg#BLmN9!2tz_q<3*;I|GN#9|_riq__i5Ki&=<4M4?((q7u zizZI_B2V%yD&GWSpZ=A2LdquA<{fwm{LzAfp5m@Pa*j0SPupnjKmEzGgydySW6cO_ zIkAy$T~A|@?6r2+qby=?tfq(kIrH79Ev@DbkjP9j1cd4>=r+ZUUU_vw*l*})^oHX2 zU2j?A9`IJ@8|hMKgH!qY@7B`xFnC;)94V(ZnrgMZ-RH+Ljs~Ag1oYk1-bT}^ zUngEU!*S`-15@tUWR-Y}+h3llUkPM2(v{<)XEEpmrQgtqeHD9*eS!#`t8Eh0JOkS7 zRD4%2$@a#Q=|CdB_CS%ndD~K=lBvRVAilD> zsS+Rwsu~+4&dgVKPzE; zn)36!2kl*W9x_CN=mQ8}1t&b0DN!*b<;OH?pH)q3m&vH=SW_C?F>f!MP#7Y9`vg`A zXq3_2x`p!ekr`XI=H$-+Y+NkEBv$+k9$ToPK(5YZJ(I^U0RGaB z)#L*CUu=LHpXoLt_kTIv!kvC^C-&WkoLJAHtm0nezSX|W2I(inI%eoq0LZM|d8|?B z4M!=*x8uxR>gz-zi^8>S3iG&KBM?JUj@qDL(GK&d&2r_GT`DndVmDp&073h=!-Ufj zfbfH#Y+(xfFu35(EChtCrA_Ei?E~kV)T(ke{%p!1yIpm)$S&TE8n_d2@|u`Gy6C;Z%ZS_%7xV3N63NY*mo^;SBfG5LH&Yf2}AFq z`fb^o`Fi{A&RrLjqY&)S+UOZjom~{JcPum2%*0Z?nG_$!YH*cb5V$Y(d3wlo9wRZ> z|H@;y7OCS!sB`-LfeI6Mvd$GLqlVu##}FdUnB&j^q@JedwToFK9|9!J5@o&D zFU8v4-^SGTe|U&sG|F*xcl52azRXnQmY-w>?_@I8v8+e1+V%2D#=;h)$E?_|Jg4Xf zOj^nIYy<#9ZEDHUW8nnvrp!}m;(osu+U|FmE@xEJ|ND#}|47qKXD`c!mw^DstmVm# zd(2ZM?PM42T^MUSTc-}G?UO5Cv`Y$867e;$;$`>kq_~GA5jt*S*QQct>qKl|a~nye zUiZWDeRElfGg1w8Pu?Gl5@YRw+5zgy`IVgHH+M3-BE4hUp4-bBcVazHhqKpZYG||E z2VPjNdV5cQN!4ThWAV2=I$1HY&N5!^Ugy$C3Sqk5gy^RHOyj7!Rk4&c`&y5o7u*TPFMp4f<4KP<(TUtXnvaRb zn@9`}0i!lVs3B>lSWpNFzIv3K7;norWlAFGqrbpQtCWMg#%1K{se{ekkigrHY6fu zw%0>KZH}Y1lym)*!HRjfkjS)1bu`>X#+p#{blhOibl*VLJZe2%K9JXH-T_l0T`Q6^ z-ZzfY>(8Zbu)rU?v#+Dzi=2S(<4k8e-j33%i`=jz66-#AeSZW1gSv?I3;>Lty;uc6 zMb5eJ20cCiwXVlwu)bxn1hjg?f zSi-q-3}nWdKWf-A?^v|>xWo6-1Lhh1SEP=gQe?iiJlMh2a>g}ATBCgfb5II~8H;Tk zP2zSgBpY3w8m;BF@?5S(ZfZ!Q)Xf9ascTJ4Sl8JayIn_c`?J-_Bqy7{epVx9B?e`%bs0lv_3wmLp%0HU~SrQ%+v2u1)%wI z%-4mfF|z)00S{X{h-A|}H>A8>%vrKWQ&J0zJL^}wG^FSCjP~-}BYol`OKElP=NLcy zCuvLb3(+Yx!Gnz(p&}^ciBnp+8zcP^!Sv3dNRs9918kstZ`S-uDeog05_jdoF21H< zzlbXJ*Iak0dJKH<*HpF?pa7>$b@~mJ?)`ai)KAlrG}FAlB`3yN`(T?X_A3o>xi6<< zqq>JBk+W=+0&0uy*r}9!vXGqoReES@x7q1hvQclrC1U-GCa+&K8@-;>GFY!o_l$00 zKcOpZewL+~yGv5`=+pqh_C(+1bC?6Oq8W98_XG5nsBBus^Bg?ua#A*=walSpV(Bjc zZ<(EFq<1M=oOQ!xU}Pn3*eHGbxx9{xUHT<&wOwM{z?!{JssQqdNnjLcN$$q z{W8maCy%KBa4*;^*&1C#N2QM){dhis9%s!S>9S%ID}SF6nwSRUFID^s4rv_>DtZKH zT4(zKay@1WKsq&>?a$vq*ojsTt1`!e1HZ-s@YX7z%$W;7Ea}w}+OY#eSSz-`xM=^=}j!<3@3No0!B~ zZQ{6E#!BR~f{dkR96I-uqm%|EoIMWjs3iF1$Pgg!7bJAvSHkjr+(&%ush~Qn88k^ViSZKo# zm4MJz-Dn&=#FH=k|DA;5r0_?g1%ml|7{fBWL-hNL{D$1Ciqlu@5cp)I9Vg-tq z#19So{^#?c_F)O$@t73VX})6WaH61rP>0A{!?Jw6;(+A#$$6$(>#(#a2c*Ie=N1X= z#$W4og{=!N#eGoaI1ST1&xOw7SWZCs5$13XyuEee$(k$vrRZ>~fB|)K&@E>+N0`51 zIHI=ZpE8Iz#%(rvuTE~%`4$VP+jh-;Y<+TVL8%fM>FXiwg5M9Ty5&GI4%RQj&B%i z4AUofDHC64f>haScid*YBmcKm_2@tFO0s0XoxlfWM(MeTIhV%p;>453l{M9S_)v$# zx>aHC$#XNC!s@pk9|KwiWg6zZ9X{r%icC2w1=8+ zJUnx(eKQy5HK+@%9{Uwt$P1i~7b3OhSgQn6X#G-84;^L9WC^WDS0i#7{-`4M_B8hr{^0{JvZ~Ry)L=ziSNIl{Zvt8UpHnG(ONqV! zEaKrZf<-(G#RLO9!zU^D7Echi$!CLa@i3s9MPw3~~LVTIhta069Oy6dPO- zieuPfFXw)m$l5f^`C314IJ~KDyXzDyDuUxQrc7I>qz`%K zvC2wpk3;UuxU=;$1~&le8zNaayJGi!bacV033jf=22QAfLp0+0-a zkbzHenGdUeM_0KTA3of+xqEi$-P3BZ`8jvjYS(va-`Rb(zT%DH`Q#D3(5X6+TL;z4!qR~Z^*vXjs115@e|POX?zSFG0Rxt*(%0J z6d+3sOS7?szri1r1IakqMfbBfUy}Iq5;Iji`G_w+0&#u*!| z)d!U?$UdbSHBY?%7kvk-n~VVxb{bvzYnhD7M^<97w|C3$quUcJ?r+pO6y75i{=#`C z>(OElwoFD&V_9b3s>L21ThcCV{1r4Lnb>K02J{RB9Ko|fO{br+&E!nKMv=n>b@{UL zajGvv4M=XEi=#l&j%uc;xhQENFur#77j1V6A(4?=kNq}1W1Dpc7~Cf(SR%U}SRG6L zorWT`&9uH&pyhet%~!0K4%oyDTF&*a$LL<^uciuJQ6?FU;Tu<47uwW5UYOVyt0S|=Ds|!c7n=(@)MO+!-UvuI;a+e|J=$ZB{S&c)pN$tPR-`Ys z8LX{pPBqxO)WDnZ+;X zpwYGa(}G{L4K|kK`Z5Kvn3Gwl%&y$!Y;d{xo(I78%s5BMSrpC!vKOp=U9@wcu4*L_ zXIpnABl$CQa)E?*-}!#$MliU~D7iJotTjk{bE>BMg6aa2`4U>O;Xkj$bQ<5Qll4DU z$R4m5;MH2{)g>U?w74QBg=_f`Nj#GNXjx;&6RX;o5FHnrThUFKg_`7ud`($>y_Lzm z{b>nR%j@qE7wxy$Qyf~}5x93{+Cu5b45Pl2zgm%M{hZ?D3~McJY@4p3ZBL2mU!c(# z-4&B`Z`DF6?8~ta=IuC6>@K^(Y-wLk<4@yeiOwa2zwu}9GMnYI< z`E|b*WKUi!J?P@*+n(MI^cw%U`|{5>`F%|dZx3fvVv1Bc<3CABB(k>^#?>=J+TC-E zSIk#zcgPMuqcZ6Ck5iMXXs21h39q+OEP`|xb9E~QDzf;>OHH@a7Hu;pv|=5E%R67} zQrHTR%yd#Rl6APIeQOr|#n!Yg$>lQXPCqCzTcl#QFP1!Axz4^-Gsz^)!^C%ofzIaj zOL|&&7u4Brm-eE{_q;jb?$RMddo%)8_Zi^7*4Q>M3~=ZI{e$O8Dk^5B-y-DKhjOH?L;Tay1@okWCr`?>AIX8&;UJu*cNbmZkv7 z8YyfSu%|~CXO%QNPdmMtsv)=CqqFg|gUk`*V1*vRVuB%Cs)%;drFOjc9NX5+V50<59=j1ch;6=zh1Q2{Pcy<6&OBa`@gv;)Q6*48uhUnq)?+Yr_)>#fKR_vuynJ z>v{)`rab+1&ge%ch?RjUXKrlg{-)ziqn!T=5G73abVylvnMbK#I8@Z!8aOMn)yAJ* z6Qh+(9%xvT3iHrKJI(h*5PJ_=Ik?3Q@Oc&;>}6yh@3&CEwo|(AAD3r*OUmYfxn^d_ z-jjr#-^rItIvw4YSgjgPwjXNy%FF$1o<`!ecE_Ca zL1v5*lSy)G_YU;;|7;h}uly$U;Sj8n-hJ~^1`~R|jKh=fGoSJHD^?w-Fi2Rxo=Gu2 zo)xI0ouVdJZm>%dIdDYbm*8XA4?+X#5?1V&Uv91*Nk4tsv#>ZnLOin}Nzn=GJk)s6 z*SK9x4(e545?yr2YS&!-0M)aFgacB}{EqwG=|==8SU--vaJ5BDj}Q6~hoxo~+&?)x!<1=@wK?jfxhq}I z9hq6qLSj{8*6TThwa0qX??o>>-}my%EMJ|4?q0+hy6#E?!#29_4Q%klskFDlFWud* zn7|^(KQhNkm*)GhraPk&kV{idnE)I#GU*Pi#x_pQG>x-TZ`w)tVa<}OI!kw}wyKkv zuP9(ij{KtVeJwg|o^Jrcn>?_mG`w1oLjEmo)T%#Tjm7*wR%0(b8?3Q3=8~%tVS0P@ z25Rh?4D|e!o*m+1C-Sfnn{MmAQsq7h*5tccy;3`1w5eMQ+hAX>BrgnL4K3EsFi3D) zf2nGZF>#X)1At)d*b;zH0+w6_0MIwx!20~Q*|GgLLwz=k2C$h2k!fQWONAE{Dlq#8 z?GpH(W#Xo)ACA;yk0^MLQ&~QjpPoPmbCTCtz8Y%|%ar=K`@ptOR@p2y*|Z6qPjNd# zHP#7Z?=|-AW{_7_9ob}UK)SV6SyA2W*=?WX7q^>(7c{1H{GuO%O(SGB>_1nfpsk;n z=WiKQn^U6fJIj1eExgxX}}yT^}|ya-K9Y@uq9!X2ufj2I_K2&p|uJ#{-`$xsmuYIu*G z3GN@6iR&H9(;Lk2lg7-SV)sv5^GGTuKQ9&A9w9h;pnVn7-+$B=ta(uTU7^WzEm<3b z$a%q4&nRiFe$vc3r;_S?OKCBzJN(3e`Bc@IH8`+SB3dpyxX16`=i}woiN5n3KiQ@l zN%FCu9yU8+jcs9E^Gf%y;c?wz8a9f*boty9tFrii9*Xg&D^~uOl)1{LkXj+ZI;|S3 z$)NPyj+|GweV5oL$tL!rXgS_A1=a#a;Z0H0{s%S6@R$Qi zmF|TN)=i@7oW1vzOAO|-yxiJW)>HZ(=aVw$nV42pP|Q| zA(8ppj1FS&Q{t`N14zh7BtD;k5@S0TdisGG64_W}kP&a43hU$M7Y2F`roZ*?k=4Gl zT|grLku}yDUpjjqJKn2c$yto;S%EH=Fmx@TnWQ~g%ovQw*3`;|zXF!B#*eT~8%M4H zQiUITB>DkE71Y>oX)Iw4knm5+x@I?`=91w1jpvemXHaxH>`Sus`>A){Y4E!kh`s0Cg9avs zhOYNH&g9;Wba+LOld(W|+^Gs|&wSob5Cl?<35m>v0^xKB>5-sMF(OBfK07USI0|3t zVJJlBrGD?b3=co^qy)SrYdkoLMm{6qPz1X3R?=Y=p}N`Ji$BA3{sN*iB7JMia{eBK z!#&Q%vmBO5x%2#P*5~rZp~*p^R1;})#Ierx=!@F$z-%;4fVjwXzTf{|qynHbwg}Ir zCdvwXK1avqooLF%E2rKpif~Jiq8(J(+yueGMkb%>qJoJ|uGGg|&~gcLcM)*Ph);x& z7fc;CXHuR^mcR)?tD7>qe|)RX1uC7|@=iXG4C`G@ctiCVe`dWY4#$B**3Hy0)* z#pa$58O~ME0J6%s?{609TjIoeCaKr?Ei&JPvP`?l_(?b4`MxFa)&cWxaZHH7do0)= zGtK$Bm3a1yC_*BIEbLHOaj|I*4jqPV4-^ z+omynu6B`H2pdQ{^%HADXWh;RNqX@X-E$vsEe4IUY}8>dYt%XO*n@lyhwrgBj*{Rn zO1$o#@lbt4hG*v!g3-kT7RP3Ej3f&b>M^00elAvpBa1C+mi4wavvHF6Aw@SB@s8`&krl>$ZeUvE&aMq&$FVOM9WD3Y{KWhMqXLzT%HHrW{4=^;^SW6lXN0J( zoT{M|+*Lo$>_5-xW#sl>-zMIU&W{8F-oe;k5Cc z#NY=rK(^+gN%Sn2jYsnmNv5vY@1dv~zna#Ztd%xuc9;AbjkG|6g3`*yG@ZBQ=*vES zT!o9*1Nkjhedfd)WOaT-XBhgKBzvNj2DpTc(VqEmpDL^ zSyEXz*C7!%nV9scftbdF1t@On1c@@CRh38R5fkKo-)!$_Kd@gGUiZred-)xo}ZI)h-2UBCb55?$r?NTFOV|+B<`2lH^adZ)3}j(uv@uirdj$8K)=_x zjsez?5|^{F17_&!$2_?cTj5ClqM(BVrS^f?7%p!ic}ChiY9}XA&^yw$M*Q}V!_qtx zfWy?W0#Z3gi0*U8O8sll-&G4<9tS(78owCoP0$0|Hq-9e%u~lk&)9D;P$W@RV;vxv zUX(VfLdV35PG?qg5+zt%UvdEQNmUjnMc}*C-L$;BjT~{FnL!S5%sXw9iWRdz&wCP< zt;Wnl^b^J(VGRDP0qmY>k$2v}H@W|2^R;U1!<56b%N#5DFG1(8GXTI09nv}n78rW<4;n}P z?=y64oOl*~xY!)B1N!yrxd;LV8=T{8IikE;j6*In6>RX2O=vZe} zdI7k6B`07o?REq@CRSs;{2%zNQDSU*7NN`gpm=}z;d`I(dxF+d zlB4Ie4jeTf`Zz*Bv|6BQgk#uWhcy1{Jz*SpSA|BzB#Bz{D@US&hC^mtsa^SaEf8pzWEa-E=`Js=H#WtAe2xD^@^w$f%k0YVEP=x0}bAj<;g5wXsCv205 zcDTUDbGZA2q2`y-AY}XJY<`8_=I2?E<4Q*9COGFla4}3MND7lSGag!V8bX zeGBH(mzL(7KURyvxir%9h>PfJJ#o-`)Dh*%i#teVnGSdKsmFUv<+u~a z55u;BtbNrraeR;_kSg^uCGX`eJjQVv2dQ&e)7!y}CCy#Woe5bXT`wYyd^*EX?1!jE zWczQAWXR2PxGwLgwo5FAEcQzK32A}9Y+KKK_R#v1mjiSWQYydEe{nmJxLdLx{~tZB;{#8(v78% zY*l z9S-b}+DkTnFJQe54PO*uQkIJQ$$8F!8g3E4rFB&=-$Pw}w2Yl*5i>u4Fd zY3YE_56Axdog z`5m8N@k+PIkdk>Rf4SI3y^x(#YKA|Y5a{`l>vlAs7h$1cc+wMf6m+|j|2pqW5A4>$ z+6G(7&EqPq1A61G@BH5`Nk)#vceJ>q)WVvjpqDbGA2%l~cO;kSif6>TXwRNY|s_)&_6l%?k^JFsYjyPrOr8M9=hOkt^S@hAh`XrK5ph>=QB1ssKG_CWNQcZ zk7}q@i0$W$F$~}yIF7-BONOP73(F)B$18n4)SECyzQf@|3@*>}0TzF(lfS6PPyVpi z#t&Nj@Q&xS`OrgdRrTY8eV7%F%Z8ztE>KEUFSb@IP<$Er=Faw1S{EA(_D1yT#~) zILBk!XRNr}dOU`)(%>A$SjY%X7vFp-<@)bJt65Br%rKJ^L=Ajv1wm~>GUUoV=7HBI z#5xWWX}xa>yB{5gW2_|DKOPGi;ptm)sB&vBa-EDUb>{ z(wj6%02KmV(YygbPPN)1WgI5IE5l zgU(cR%SJ%UpfeQ^IMEe@&Qx^EMo`P3GZhp$k(GnaRAh@rP{W`z6%;v=5tW3_R749#aI>H@6&yPe zm4wbzL<>d;v!F8-0zAu${6>iNjLf*+8&i7u6&&P; z`#uv)FS=SBo6#Wc$xqe?IH-!_HP^4(P``zb61-*;AH8j;`2qFzPGz6g!tp0tFAqaTfGDsS& z#+#eK2_qgRahn!0I8j0G#JN@^wjjcA=nKxLSbZ%Bbi6W2M)$gjxF@g~Yd%>eP}%Tg z5bY*+$C-yR!3Z1)BPs#MT0@N{h}YO`L`gG+M!e*{ql>1$e1ez4AI*48_bLW|B7@xU zB^F=VB#m1%{GmyC88Q#A03>~>i%|Yl;c=7vwl}HcCA^CUXFirT_Wv7w7fkO=N76Db zzQEyvC*|OP@<)=6=k)wT`22`kx(D!vOYry&;jtA)1LA9PZM`rGhGa>Op3^#T)WC!3 za6tJ3Nrdvya)C}l;I)yQTsV)-OB#&9)2?tp`2$JfZY}Or!skb&TCGNL)J)P5I!#C! zo_3rJc}Vaqd8wSjyht8Q1d7n<(Ldq|!owx;Q2FC%$|lz49l~c96!dgAo)&mw9Udxw z9L*qP`{!&wQYl5+Mp>xWbjOMhO>;Ak7X&)k>z*!mKan8uK_io$+KfTv$a3RNTW4VjBbS8YB0XL2`p0I3 zH-jj&cpdk37Q@**nLwaa80En}uyAi=K^9?%n^@Q8uEN-ZX#`<-q z{XN^%`U{7u3Q@_-cI6<)>@LQJ4h}DFr$9ncMa$XOMK=}%g*@kQ5*O%;C4GaEpA;AN zZ4e7k--IO?T(r8u&}=Yyvt&+<^)=Kv%Mlp7o7}T9i@Fh|h3E{CgB&_eqXR*)fIUYY z2SWofLHmZAzf)lk$p2+8o~}RXldVdDJFQudj5O~%=E>2uJggspBL?@U^q3MZFH5d` zqT}kkfxc<^Lbuzel{%H4=W1911vP5fsC8t=a=kMy5 zceuv&oK^uY%hcS!KV30DeX`{;d(N!aUF75+b9!j5s@}hvlvwF{1{BW_)7SKJzUF3?u$3|6 zLF2asqw}66434z|p4x0szV`D=ksKv|$ve+H1#!0a{+l7Dz}Lk)bar{IY(YxvVY+5z zxC8nH_2!SXK>9-0yFV{%IVxM^X|rG6G1o2gLiUDBJ@H3;dY3j<-A?lIa%nhC2`|d( zwWq`st7z(dT~My#ci>d#tSM(^SmaU_fpz2`ujp3y=tWli}`E- z>S9Y~keDmn)t?<*q@w7w(5?1}*&4~(rl52kDGPh;D=#&jC;_2!YXh=Wi`Mg2YLm*d z=v$@NV-nX(Y+HUg{QKdwW?72|)(N>%SC8aQu{ZB!hMe|mtS(hG4pk>t-H{22ik7DQ zrm(NMuG=L?-p{m{y)603PlufMXCx$k>Xvw`p(f44q;I2faocL7!{~JH^2D|aPLx>9 z)t<&r3`t8JRlV=h<32MiS6Xo(ro(D){biXrJ4+|}t7XaYujIM_Xs9o7T}*DxG4tB_ z#8uV*u}NHid%dr!sqN;&26YiTn#ifM8to6yJC=OKUF`d`1gTxBoM$4MYGN-3-KgK3 z(auGCtx0-*(uOlao4fkAdlt47$vQ3CHlM(xc$Z{#?pfB9O^xj|V`JYb1V&o`2TDLc z(oJ&Q(Pa3t`^MC0aMAgmiv@O>Ym?4mgSKe6l|Nc-oBeN~EvnRK~;RuKTV;F*Bb=^2%?fUC0kD z?;`hqk>>@zqCEYv0BesQ_Qh!1WYg@H8`=KvvzAtJ;xA?JPz0MSCDDH<#z?@R~JR7#c`ge>1N z_39Rj)H=5q*Hb&K9VE-9rvgHGh~qP)ZD;R>P^<#KBL7A>84~hHwosaVL|p94JULRN zy=t#`^d;FMsh6qKUvP>5f9862xfAllG_akgmuuCP&+N+eOP0Iia&EX;Rz*qbVdB-z zPBs4EW&3}o_-g8;kckAd)3pH)PPW!-O`9LZIA9cYeY;07>+}0hGYZeR1En?DpQ8k^ zT4y6!WAlgy5tk1JcT~@)4ai7yxc(!ptuXjuD*%#2%Ay1?(|Wq`BJ9<$uTpOedL>EG z_(H|Y*JVl-@ZKNr4RECB_uJex^6kd>hb{q+ndgZAMen2AUdQ<0Oa4!+x{5;|4A)%` zRmr#O?$)`ifx2t(2{}5$x@*6mO(xB!6>%}_Iv7~`v>1?|pyo!%C-jUhK&`nq(jXzy zB@c*4H`kYJQ6~rebchL*(hrt>TH99OA53-T^eojGqoN)DAHg9L}&< z?0%LY*Wz;X+d{i3^P~KLWT5P#eHO%|zJ_lyux7X0We>T|lNGy1^;EF9Y4P+hal@iK zRLmk_roDU@Pp^UWwg>r(RzyA?n`icre%h%u(L`loQ*xfkvu`69LoJc6wAf%v6nsh1 zceuIbRN0{WJv#tx6EJ_qBov2`o)7c`ni+0@) zU3b^r-~aIVT+eyW%sVrm>6!P;apT$1Y7fcQ;rBkv?oDjOhpL>GI{V`Y1XN6z+~D^- z+nmlvgek8T24o_+=jM}ymDm11tUNIU;+R3?K%cBcLr1^)F)L`&L?IRorkL|>J}G@B z9J?|3AY(*t-N8*i9?(w%e)|z&HY#0aNed?~ZOaGiPAXjJkKE zy`7=M_y^py44RWKpM_l2PgLlQ$H9J9+k#Uux*9&@gb_eWK36gH^y}D4*LRqZ92#G zMhKh$t5in71%!;wF#gACeJ0xMJHoFqsg>(VdQFHgo?-6|;WBPl8r;5r9)WpER{NL5 zmr!uIpbk%^!3G4!$h6!T&bTrrhqp`4yZs^hUtUoci|rx*#Qq45PjDq2%_4}mDn^z* z@G%!z|?Z~SFN%ZzjrcHX!>kP)r7o}3cCvEV)Y z4n`(~)>UeG;qIBf5SEhl{B7^k9(6fDy=y7UHfz zBV0lhvq}d7m7ULdHKL{n^O7Y$V?kZoX-uaNB#M_^63;^CphG?k-)6;+nQOlrOLKP* zbUogY9@{kMB|M7m#WOOD7?o*y3awJnrguqIQk)6IdR+#{LB~w+gc~eD)ubG?Kd$G# zPsbNm{Gswsnp}TAoYp|Wu3)UIGFAw}cheW(aa!?IuEZi-^`RY*`9-3F7iqX+#TPU} zu`1GJkwKV9u$|8FlxznH9aElov1l(?s52I~abudja5?cTK}OgbitH~~f=b|g zG$}EtLo9`agBW|(%xQ%gOz-Z&^=ill3xJK5S?Qi(>j;C&@OB$(u|d1>l672S`{KS2)cGfqich`c zb&y@i@p;NXGcoG@>672S`;+@Rzpe29izmNl@B{5Sat`oS)c#ixf5xC1i$-rZJ*!*J z`+p6DQ`qv#|LPWS_kqACYiS>ZU;qD~Xtuv5kUzPb^)*5KA9VZ4zU-e*-M}Gl`bIBeoPrsn&EQ~Li*m>_SJo!2iqOevN)W!?=`$_^E zmppjde_r(ZO3xpiBPF$>KmFoF3Jr5omhGd%KY4|L2(rlm^7rfM5y~7|J^gxbzw*J^ zUJczT_`)BjBj!x&7vx_jQUSv>kY#+GAHX$~fYdpoGJNlEMFGzqLM$WjB`t7+Mu1u^{IUw-_*Nipak zP&+bFI^qA#IpFG30wmIYoerOhetpMi9^UwC*{Am;QQE9GJ{5hugA2iT!T5OlC$8Z3 z_OYMa{|S$Pmp>$c3&k%qs=<3~ud1x#3>FbpLnfL<{{SpC~bcpcT@ooGnl`lO7WdBV9aNF%?jhqF8 zyen`WsUJoGrk4NBZ2V%ZNpWTz>HUrJVFkZ=Vd;zd0pWKd@IF(&Q_w)Le-8mvigT8& ze~)TF>-Ql58!Sl#tnYju_J3EXSy+K-f0u4R?{^^pbf(`0``;NT(3$?7bia#kpfmk0 z*#Fi*fzI@A#rr*!1D)yjp#Hap33R4^E8g#+9Oz8H2lc-dB>|n}O*lM0@AV`~H*069MM9lW*qCsRWOz1OW)rx1r%-aq$ z82?D#ep?`4ZZL?2B>Z9h4bO~*62KmSI2KDLg%P-hBdS3+&bO{J(%Nee$&m$E3@c>Y zGn&a=d+q|lgA?EtM(#ko6euVO{rE48JoKxSt`E|qG9D;#ItosKI8_9vycub&t|0*J z#kXbHKjQm~?FCgh$&<4d2$(skAxY6IgCK@L8@uNg@J9Z`AsiqOY?*2I4oI-)f%%BJ zr60bZ8b1hm7m-&*2^TxTPTa`%j->bd@9y5Fdw_T-?Z-u% z`UXm+v?4u=!7{B5W(u5HvYt`qjw(Ru4dB{af*VFXcdG{a)n%&TxUs`ghX(Zn}ZW`rXj~jRB(; zrlop+yM7Mrc0=KBR|9DHiwKA$&F=jLs@N%ybzA=eJ%Eb8hJf>(OQ}X&->eI6@CxFN zd+Rsr0TldI1kegLxTC*W8R4iNkM}og0TldY1f-I*|BCO(GK8dl`8%?ISwsOvUqt{$ zi6dKwMfj`yeC`+)zGvW7#^-WC^4$o)D05_u8KR7TnpmyWDmCh-s_HZ%Bg*gQK*%sKAQ)uOJJ8E_(4Uj{Kkq;- z?|)wZc-;xTD-sVNhx4`9pmjiM_Pt>XCSsDq_Su!7$ z*YLK56-rIdIW`UZU5oz?ykoccA%&)(E#T;^?#r)q%{HtU(vl zL1C8uD(h8SPKz9x-Rq+zPQsa`txMnx#eE?zV{mzE829;GRU%4=`r4;{@^6ij<+PY> zCZ$6zu9mM&Y6kMD2icMNpoMs{DsCj8HQTkpYlWW9Bds}dx$w?eL#sJ;u~crIxjUZ zIFns5gkZvOt0VuZn834PO8!2b=Gm3$WE(=66}@*LSi)%x2drW68J1 zCbU7)O&@Gi+_ry?MY2?CXtQfQSc{gk%j)HWwh_b^{G7(>t$C_}>0ML0WT#_fb3Oh} zDSjr+iTDB*BC&X~`mI*KFeMT5xILYXj0X0S9)?|1vH--D2(rwJxzLtfDw(P}cOuuR(K9D&Idmm`STvjMl;Ha*eDk zPU?`$*uzw2J?mXMQ@1A*L44M`*KEy}op`A8_@BN5#iYp*a5O+d>I1ZkXGWPXAMOql zEu1@XZCNM$90%BOt*8&;m&88rtJeuLE+2;@;fW`!LYY0UeVq+Hvb5L}MIgv!SHS*%V`+N$)SBf8LSmSDtW0qgZk1d$WyS}E`z)%c- za6OpC+Ck*GMu%`#=88#$s?*A!mpuPOFJ0kaIwzv3Bzs<=K4cbwbgr9F zESoUNJ&+(Ls(?)+oN*@z{<+$15vftubP^BeEEDPe?X@{aQ}&xn)$Zn$I;BmLNLc|g zFW}Wjas;{iA5JA1588L9Ikaa{Jz$j1*kQT(3XgoL0s>DzeO{B-`3u%wYUEjEGo_rot$3l&$z9cOS*ans==x!?WqF=a z0WR$p*NR*qc~X9c4kW5F`mp{M|&%!Dm~ z&ZjAXs2qVv3%*TwX_>}(Oxu}IFJNXmKW-`+6c!r+qfjhb9WqT*%2CfL$$Tv+i}1>Z zO082gk+VyJyz?`CXF`4TX%f+RIBZd6)WY^6hrAryU?n1lVE@Cpp`>y`g8&vZ^|FoJ zj4qEe6@(=>O^8Ir)xz;)=E3EimJn=pvy|g?>w&h7h=J8Y_$-D;E^f<4bwe9b4$O1c`r(rf{7bKEUcI~fKv6L*$QW<=?Ej!Jr70KXPDeeev5cK4x zHNRcSe?!R@?|ri)B{#D-0gE+A-00-YmmADCg@qNGn?u{0wMt)vdLesEkf5?uX7siK zlXeVaA(Ui}%q0}#(%fg`?0i;jgiBi<>Tjw#WkYM7-xp#^3k!$14DdC*N!186OVwZj zIeb|qWkbC#8Q+4K{XlN5>|3JwIlF;%ftL-g9R+^gvnUPTQ&?*A6%gdVu~yJsKwFWl zS2qet*MHEF>Q$`Nf2yh(#D3@&9nT*+iJf%2DF*$+KV&)i+2prPWf=0kkFeF^-G_C~ zOIel-qg&4ny_TIdyTE(`86}RRh>n>PW@|ua%^JEj;2-L)V16S)kn>ohx;g@fuE0u5Ru-YdAdU;C^*}9J^>Vcft)R>x&iu=Q1M%NW@SO%LN0V+%E@fW?R`b`! zNH@rD8Y5bAU6JY2M;-`Lct+L6ZNiOXB6j3V#i(&bwX)NbWLkc!CR2?(%wB>;LfsRk zNKZpt4~(K%$dRR{l(aKR%OG-zb38UDB}A3SKRSfQE&{7-h37Jrnx>w82gybD*fu5p zSfi~;6=SDY`RCTx(~_{5*-!4Pn`rrK%ByLrWY3N{|Z>>oLAsMn+ItCiV>2wzv~DVq9wB|$Nk|LI73sRezNIzvX*oYKh5 zL^6v0)uEL8u+_p*Mc(=(XJn?VIQpW{rIPN7 z#Qqm5EJd2#G!|E`b2KUG|*b@OH=+dnl%+2ClNYR&_t&?c;KpfjMzB)Yz%+ z=&lDAV-VIr$48Mi$`aS7CGnI<(qg%@OI4QF-4}i1jag%>*>g}L2_uNRum|-=tL`(K z8iG5Soy>x)E~4j^Fy^Bco-rWCbnSi)A8E;^7DU3I}$PmiC6}D_hV~({e|8) zYG`#UD90ED7EabG{*$W{JQw(hl5A=&wsVXXqfX|Fr{|)sI9~L5P#s==wWKS)F`X`r zyOaHB*K30Fvr*oWr&Ys^l=!^x8ta#1tgj6NT_$t;q6pR2wxSD*DpC8Mq?fDSd0T*Y+s4G>9DrJpq7n$Y> z$QfLV#Y23EkI3u`*QvLM3@*Llm<&G7j8f=6Mh8b2?>710MT{@mq{VEUb0|nzYa5Cf zEo!thh+m#0Yh$RC8u!G@va@%-Or+eNIm3QXYCspRkO{Z+8= zgD&|qPXvh6k?@qIq$`&mGL_0=ckdT49pJ~7%8
y*6Qpatiud$wya(nwRm)9Fw% z)883&54aX%t|7+sdW}?HSvdd&uYs@pkl8rsVxtD34pt?3E)jWg|M}6>QKkLCOZat? z^_+&<$I|=e3omAri?9j~`pcx>>XUY}=?rs_2UhKV$QF*7So58xeT?ujTg10#`n=pI zqpoC6vN{N)zasXz;K1YeaEyimTV)Kzjl%_FF3c$;>RF3aOaaL zP>St`DNu;#0qqiDL~CL-;^M&o_r{isxK=+{NTsDUz|HRPVJ>|SYFIf5oK7PF4~^zQ zzh@Of?4${kim@zAzZWdS_>ELX4UV?Cc;@|D&4ac{R~Fk)f;;+Vh05yAY#D8(F_dJj zVI0Zq2BY8|s>uCHAqDWh=QK1AvD6jt#v{1psp9W8 z+=z!uv~(VuX->IYmd2RBWizFwN+~dwE1mWlZ<&^sZ%`G7Upn*{`B5tN{S0>Oo&$su zrV0u@NgH<_TuK8UH%)2?qu4<)iG4nrL$~5(xrETMig9p0&7&mI1ygpKHqr9d_`Z6o zBE~V+*tWzPP3>Odv}x`;FGqOHtWt#JNp=K^_p`uVhHLg5XMCdd(0rd>C4eKZBSdKJ zWknPLg#T6`XU?f|M&_O9RdLghCcI|6>3+y$8pYp~x|tc?Il`vAHF}79sgsEGtu_Au zi(bgyGITQ10%s*!8R~BJ;(6o?m;Vz#p`kqC7p?O`i+U>4|BoaInl-tMDeId#fxOOS zBVvgU)?12(5^XK4TPK%dRU9p;quSnb^1XtE8Nl%*s!#3-#>CJ{-JTpA78Le&?0gbf zX6CQ}50^lD%eict~a>YiHyW7e`vL0PD(D!Z+xvo^DC9* z>|ZLRinomBR7lmlfm>Zg&lApc;U^u}U1Mvij&X^Tp1)2X(| zaN};Qt4`j^^h(e;8rBh89EMa~RBE`F>|UI2dk%hyDCY>7BBli~&%f9HnDgr9p%7$#K z8vNpJtq?{2yz-&NgLC_|&4*Ib#Q0f@PavK|P8#wQ^EhBh$Ye1p_;zM>V8U1o-7y)Y zkb(k_w9wO-gXWM%J$a*I$36TVDEOfa^8auD^m%R?BvcO&ErI70I+renP!RwB_AmGp zd9Ww+a#;|k65+PN%=X-t0^dDPgma4ld?t|`Hf&N&ti&IYSDXv?ibFA3aI&FSC2 zT=b~Ime_cTr>n#^Oluy$qL#(PMyGqGCZfU`5dY_yTsba#2by&7zD&7QP*kWAqQEsx zI>;S-ANi(m6H_c0kK!1`x-53Jpo2CJ{HUoKy+n@biMl(48M8Leik_pTMqx9eocb*W zN0MkQm`N)phy~yZr$KB z(m3}leC1+h!`rK-VFz4fVHEE`KKNJp7iwifmE&zMnLci*#a@Z9^xmtc5uA`kRRZHl zl!=N~dcndCW%#1;bxBPXD)*y>XS7uc1klYhxSZ>G!b1(!+^dy%S5=j@%EY22LkX+ElF7NqvnizSXpKAUv3git2)u$w5u+&Xz< z-Wq54IO5bX=fc%@ASyefrkq2@D6p>KDN6IL4lq;I<57L?@c^}3kmf7T#Y05UU7cw( zR@`z}J(2F{7?2+e-OsafG)7c@2fF!2uIJghxMDodbvyT>O;*y`2^pYzs+Uyby zar2K~M=7+;bRF1bhq(+-oaJIUs1aW?rZUHr)6Z7YT<&Cc!|fG0aSH7_&?v11-Vuw1 zo1Gig6Y@2hguKXf8M^K}z0sN6%4c_`YFWpk%DLp^<9Y92wWYs{Drj zCSofaHCDsq0@OqDM>y?h1Gbl+Hc?h@sE%dQ$p~f&Uc;RsBaEesiS@X88B8?ei8?%l zbLr9o1xuNqXB^&F22IX#Vc0Wzi4ho-IYUbJZC74Z2E>2^N&l?;{vDr>fUMiEwCCJ~29{8LXU-vgRH0V%wN z20^f1x^+A5^kc-;$ z+Jpp`N?!Ehn7Zi+&JXJ{$Vo`m@LtdwX^xjUcfQZvg2n-kM@ShI+4ssgvMyST6RtW& z-Z^jXq4=eXY7W@GOc?gBbz^j>kvUqS{i$pH6~8@3DH2^$bs4M5q0Ncm2ANDd-RM$> zb;YJ*%>G)!y*LYxcb)^UOO4cgkhcA2w%7iBF6;x7rYco>G}mS7?gh%%^@TaSdG z5%xhscu(Z!N&#e;^onP7*Eby(o2W^kehD{Q;nb$JC z@3Q-!=vm!xQ>zmp+Usq1NGbK4MbWnyFjrWld{MLSx}Upnwqw4*ET5L#l!^k8ske2hX zRL9Q9=^4po2cr_Ev^4bCOJ8K)+#*zJnU}7)SG@2@V#}&6G1wg<=aY0SBptGoHyrQ9 zDnylLSwQNHGM?gEUXE(;a8Ro-iZy{%UNrIiUAr?oeGZ1Wgs$f_W=d6_%ZMRhQ`69t z>0>Yoc*mB2U0&bOf`Qp4??UEnd<=y?rNx@QPGcf9XV=hG zu6`88D)~h4Sub66Tq%kdiihq;^!lu(KxE!BGxfW_82d z-411(5e{kA;fs3aM2mdWgx!GfuLV*&az-!w@!*-0<@}#)L$<3fwHPx}O}usF>Az)V z@fs}8EX;K9ELcF=l{l$CuSh6BVRA2yGvT1u4cxLUA>wm`)rLM{qDCHhB)y=^N?z;k zvQ%gCs;LoqWIbeFln@^kr9a>#Oe140m9)T{z4qMpi`y{LSaf#cDqNn-owB0Ap(&jf zgWxzG%^;}<1`e2)i2TZ|`AtH4=T^Nrl{Vjjw(g9RuoXjhU95&=nf(`J`tunhBulIE z>^w_FDp1Po#3?8WYdB>cq+|96rQ|PhYvW3$a^Ktw4m@WRcs}V8ugZFVDJUyDmNBnE zhhSuNEZISy)Wg!nZ~Ndya$#REq14HfJZpY+Q8n8v><40l!C8tO(B0@NjJN|UBC@yA z{fUfCH4*BIfp|ud=NhxR>Yo`?fOMZ2%ea~8oW7=h(Z+P)UPAwLFyo1UT3k-yjoU;9 zIW&|t;1D?#6?!lvXW8uXSry7#g;lwR15wh?iLA~pYq-P3NW^R45=*$$)YCW%>vS5R zP3__OvA&7DjA*<|V^p&>RM0SRt&v)EJLXKgIQc+4U$?YMwb{M$9L$82^Gi9HUf>@# z<@0kO8E!hU;Y}BDjCzkggj8l)uMx`cYn(*P?s5z4jVUA3%j_#)=EQ8KS|~K~&L!YRrtlR;?_hxqnzw!K`v%{4{QSiX9$_^LWbTxx?hJ2Ito*oR@jC8`x&LnhyL46+GZ98mmNp9hMBf~^$c{nLEsuzHHG+zcUhCCKY;1eL0^cJI}@~3nrf0NOz&?_yTsfnbkUrO3CPjJsAV@dL-?| z;$nwY#VboJO@>0QozN);Mt!gy_h7;mj->SN$>)ch7I)+XO+%VHi{DpYF=phPS*YQ_ zZEh4Aab*-w+be3hDqBNl#3_T+OjzaaY88m;4epkB+?u1$rxJrNpS4>{NlWs9cs)8Y zb4Y(!V9IbQ&&!VoWy@CBWuU`>^=ed}dFE?uM!fKR{Z|Iw41(2#3M!6Wh^z)~ahRM+ za!R!(av2k$#jJVGGyGiCI-Ke^8!V;$P3K78GEp`sM|DgD-(j>_)7)7c*^}}3;W6P)T5p0#7P0~!IiE&>< z;2w%Dwn{wm`wpHXsd;i^Xj_ioBx%5oT=B!S(RnEDq6RN6$K5ohSTaLDj=t8Jc<11@ zx;Q$Ua+u^aa0NaU0>_Q9;*I3Mw^-~1R0!BN#wxZi5r?2DAgN%la2BcMqc!u2)m+YP#oLv&)BR2Gg zD`?vX38sfE;+!Uvm}q(X2&ZVBaU`=6=)pufQ-bBWl(>Xu-Yv?kC`35)<4o6;tspie z0r!fZm-7Xap^Hqj^&im6BC1Z$jn$PS+G@T7A+`rTjm=c%Q!0Cmz|u|BU9|peJdL_#0Joa7!X-%rMvF^SBuHi=R9s_f)GpmvgIatBDZ+Oo@Q2qf!2hgGZ~`5_BnkvSO=I!nmq3Jz$>#F(tN!ik^WapGS5xru(iC41T}z>B%=JpoRj z<%V61O+Dw>H5tHI^bX|8@RPCXG2;(?P9dkfTzQc)T20KTlr`l8#H-Q;dLAtFPs0!I zONVSwEZLbbYL4q5*gi7Q16x_D)Gaapoi%ck zqDWAHPMxLv_nAt>~rva!D(M z=h*_N8%2_;d%vDdB$xU1@sB1dKzL;s=wH;Qt%>%u$Kb_FvzN}QoJLvH;HwAw&}!V4 zKpah0sJmd`pXHc~WUOB1!6}c_Y$4ZZT6y}Mt~GkS3hzbH6mrUW0S=$bAL{z`;x`U! zB#ZI}Bz+cgg@N}d@Hi@S(Vdkzbw{w#n#)mXrEd|24aSG(@5Mi6p4#7oZkl)G`x*_9 zbn806y8Ya#TkzgYfK3RFOGn4%3Jr%E({qq-RFir1zE7vPRe!II zT`csla)(~Q*>VEcRX!}l$&SLxGf!D2S3}_o+W4*k?=7tgyqL~(cj#dTv*#JrlwjRMI)o^CNXbrjS! zXh|`Gt=VK6FQX`D*Pe)ng3Wdq-LOOVGIEp5qL@%bK^E@!ejm&txctt&j_7sPr zLgIARmqkO42309$k^~4_>DS9{FGL>%78aW$JCU+A&9UDSEXmGVe zbh(hK01}<=lq&h0Ct}zZt58Mzy!lAd`vEDm?Km%pgQ2y;F&~UG4mARd!C98Stxm_F zqpC_D%T8}}y_9`ad*3!kDPS(7)2;z-_$oPhnuUenvVv?8*NmLIh~+!b;D?gi!5yj5 zy{3M(i>5#OQO<(ol^%uc+8X}QcE!%5#*yjQbE8i=N!hhe%B8g*O>vav>fk@@v$_=7 z^?K8Sb+CJ^F`QDNLA=z<9VZXXknp~=oSXj{dci=OZd<`{`WrkB#H>Ed=^E=P)##xr z^fDnX48Q6e>oZqI(8|jzRE{pY@_%Udq!RF_E1Lo~cDm$AQ*2~=>IXG5DoT$MBBk8?bWsuW`bVg32JZRW_2FrbNs&sPhQX?{3?#NQZOX~PN*Qio zTL?u2S2Ow@yTTpaI-}FVqA#<x-t@-%i^F=Cs}A8}tTqQZFmAoRH2Ri#O0Pl|Zh z%1GM#6<1JQOCx>-2@yvF|C9SKrE0m(77DfRzp+?S%!kI=k40Z$w*)J13id75eo9At zOF4}(Vo9AN#VEsuThsD}zgiwdS3 zx#@q_QnM7hPAql&&BoYP+{`>(MXjQVO?oFObF+Y3|5Qkcg!|iMRArH@jqI9|!fTqV za8+@0T{+@9xE$#uZf zN*%&E-F8k7P|&{|w@up->+fpy;$~{N#8?kKFSdY;5i;pUsWM~b*6|%5YGG=#(-OiP zF(`HP&M6&JE%lhCXbd5$a3X#9&}Ehn8v_TtT!J0;180@>KaS(#qjz}O6CW}l%|86F zFEaCRWEZ`ISxDmM&nDC)Sj(SlXSBR?~aQ&J3Wg92ycOW}S z87cO8I@Qz zyBSZ#-Wnh&AJmKbs^qinWB1HGNw-$wXbZzeE?s&D`b9D|*%s=Gw_NN@T-3UkMLWaK zu9A(pFL_zx($g?HomJ*eG(Isv!Rj#KZYkg5dv6O4zOZR$;TrfXfi&y>>x5KM_OgbD zvzVn?6Za92XE^aFPW*+UT^Yfx&`l&OL$e69liZ*;oN*@}p$io>Q7ca^Y=z@XQ7lG1 zB8SehJ>=+^(DdBdp*OL9Y1#GyYV5g{KI zz~z6FL;Z$tTA%yHr?TMz&xY?9Ihlz0Rm?yhogavm*%aEYT%~W2W!m)oxlkoLgjUqw zQY#wZX*gx5t*xl(i6|4aby&2HBGz-6TkM`D<*9oG2>-P}?5UW>jaD#4w6HvLakaUO zL@r9hx6H6{v~YhgKY2??V^ztT=_#sLnK~pbTo>_Mzzm zRNnsu%UvmY@=%A)W5eXaLv_G>_up#1`x_?K6kVuM7Y-CZRD!nyX%6Bz$~}!{qVSJr zS?pAKpOZ~=Fmd&Vb5%c2oqbWg-=V0-1^oQ`7%+*KK`oP^@9y-Fu#28<`}K3JXz#h* zmu*LaJU&61Mf=dAz4fejlUzDXuOH{c##@s$SHbhjEVp}pOMZd?UBn*v`L{BlS(}Lp zq0f)Sy;H1Vntib{NZe|iRZ(X3v@ur(1-W2f;Z1CCxHUuR_5BmW9g>3=UY(Ertw{k2 z+54PqGHi&1`l7H9R)_)Vq!n~@#9Xtfqp!*Q5VI7hn7l(Rn5|!;N30O9F!%Y1F z;lCLO=JiVgH`{C8Sj^mv_6WLIIjY=UeV^4_{pE-REd!Z5^5u=#WH%l(py6^LM` zM!$+cPCT(wrl1sj^m5Rk-lXAZq9|CnMdHE4cmVD*`O8*I6}V@s)hrzCG$v}R!!ocp zHEwVr@`nJi%&QGi);!w`HmCRh~Tu4D3~1k$G5V5E~b-mCWT9(I(kEVnP4 zaLb0Or8=4=J2*B)ou75Hoe55Eex`7K>uMHJ$U)RC*-!*q*$wGRIM%M4CaUFAYCkUQ zP`L~3Pjs0rKh(tb2&#Dpvd+bt7{eu9uj*5J+)ybO*s`%XLv-!q0@hns7LUw;gqm|k zzKMA4bmu92YNKj)`MS=odQ?jDi@B|1u=4GwZt%;3k2-cUZ3g=Zl4?{ExmSuVVc|2x z1RSn>RzB0K& z!bF8sN&ezUJUle~E%AqW-#gGXx|cdtC#HA_XokhJ??5)3LUFM8xGyAi1r`F{f$BB) z!-sCXyrxE;&78EY)qGF&bjHk`pjP6nxQM~^n>!V}8`w36^)i|aJuLHV62xtq^LR4- z8jy*eGO#gTPmTa{3xV_kjq^$PhuNvuy=$`9S4_hsaEWpyxKyS>1E)HB!`@ywek5DP zSWWIH2hOP~uu})GEcLG*Rc5b(AlpPgu=ixh!r%^sZ`ywYd#%=KqG`&Y+SK(h^;}7L z@sL$}a9Ff)_Tv^_0_Z|0{id^+R==Xpi#s0|UAG=vyP=9CG}e{ZI-OcHng-$ZtiOrt zl*bJ9sCU0PFZf_t3oU;ST1+%Q7<+s?`sWiZM?~xiX|++cu6{$B;pGdH9)=u;@y2Hc zb)m-*1u^89^5$JQYW(b|pidKOI5HXzJvYIlYLL{b(bNmSc>PUcXECOM@uPzWT>SD> z3{C7_lh1#$AN%+wz%R<`&6Lx?a8s!D$X5E5UG+t#!x}@)!DbpQ-(CEdwXT`{mW1+a zVW;Jvos{&8rQ`X=={+tJ7JgeYn_VQRRlH$W(NVMME5=TOq)9v?z?_= zu+qm>+|x%ZEt%PbmID@V&65NtUHVU1G$(g2glLdAcHQ4fw{T36RCP0c2P*zx2JxkJ z=!2KsC+Oz}6m+4dJhiP9cWb_~YA#Q{1+G9?VR>S+D+U?kNF66QG5GA{rjv+|CD^rm z)uLO+aqe>K`6tBMY>fF#J6sofM_Q;vk0ao*59si6v!w}26&?n6h5aag8v$P#h-V0E zS^WMmmRsj01GpB|Wmn{o84u7Nb}MO^vioDNAV6PUv4>7^wmOQ#D?%#tWz?$$$z3U{ z<{MctP>8YB3f(MoTy?VIu%4=NN71NRnY{cEq!TSdQ9n2}yQ&@0m|m#+IO5Dt@e!%$ zqpB3d%Q!mykZ;OuZRp?%*`S~gc)~Jv$m&Xz#AfhB@4rtOz7ng?+{4yIFQiK z4V1mt$AO$ArFf`xTLv|>b)uPo;mk$NHitK{ordiZgQh5S%9C3D>&R*vNVMyl&=Y1P z@c6m=wQt8ijX?@5D$EMEE~_833ti8kR#E8;U{su(lN%WK%mDGuG{=gWO_7&8yL0pl=`V{%pyFv7|=sxZ^KHnr3 z1c_`xpTa%UEz~lM#45NSF6v0*=WgUK^+hoLY_yytKQWSn6_;AA zft^5fKU4XtZjZeIO$Cj^H>{w;H0~(kV5Gt%l5a7RZ&@mndArXPSqmAuOMGxp|H_P! z;Qbk90TT~yZB~!SNgVIc^A)p7GS{Drlpu?hR$@>d=aJtOpHs52G}yE?y{GNSZra-}CQ{*$ zFw8lT3STcAT3m3Y-Oi0s7j>40*6&qNFVx8;L`}Yr=3Azur5E95&q6hja>`4qnPqpi zeFvLE7&a^h5Cei$Sv0D$ZBA=;C{qiL%syJpd{|#Uxj*D3Cdo0LFnS7;>ZxC1n#kPI zbrE``Tk&MfK3{AUV^-AdyZGHN6&M_AJgzpUg=P8m%cV^s^*(;!af97x#3isM%F7^` z9R)eZ{}C=7g)(1kUW$EQ8bglkG6w7VkfaTmsBotdx9CoeT)?S+@J{wff(xArUN}AK z3vtY*t$`W(Ltiswt9`m2X!Y^#-_B?#?k;gCDzWN9@mxlAY}BqXw5lBoR8gL@&TM&_ z{9(W#T4Z0AW?6W04?i)U{)nf()LQxF2%Ca(*#WZS4@O8ZA9_FW_wB*tdhfB_rJMqh zL-(6{JrT5R7#HZ1rYB~0Vy@}+Mo(0DMkfe#=bk)(51G}*q_u;36=K3{(PjAY0M2VRB&rSd_7>Qh&JT@!G8u3%%ihwjU%j;CI|P5bkc zQ^Dl~Hrt9D2P?AOx&)izD8*e#`)@J#`H;_(KI}t^G#Stf)N(K=+oDg$(ujBZf9$;l zR8?)aHtYjPcL_*0o9>X1hD~=!NJ=ZEgn*>5Y1o_Y?rsU`?hpy3B}8cf0sjSx&-0$= zJ@5CAGyZ>k-}%lv#u~%r(y{hh_qy+S&w0%`uL~kHzo1FY&q^?r#}r7>U9u9|TQPJ) zM!BQqGOl88Q9wEB>&><&Tl@Lc;O9CRfhK8bdGef+{#q7yEme)k@(3Mee%w*mY`k?| zvRSMrD3s}=U}~FF>K@uCTe6-g9~8>`6>>Vde)(7DmUbRVf56DA>bnyb1mys($Fd@g zs1it@2DfQ$;8$Ga0obu>iz#L(EXEgSV5;Q}qlXKxQvnY@l5#IUmpr3iA!7tYJzra= zNgKVG1g)sZg6qY-ZY}(m61bkd6}2xnW7G$rc}j7lIur=!a*bhr!4kfx-+C#W5;s6G z4-g;e1|DpDgkNr54}3coT<%@t_tHJz*bWLo)EJ)~Yxsx{%=c4#20AqY+&pK}%)pT_ z_4U|rYjd~kJuNMs<#{bsWNz|~3oR`r{8cTBB)zuDJ@pL8P7lN*!JW=W+n73~yyK6_=U`(LKEESLVCAPSp{>*F{9ZZmQ5 zn1{Zf%cc^4Ik!jhA2A#;j7lPV06QN*@w(nMVV|Gf?p}}pfil5^()QX+{V@|*lD%aj z{FC+~0hI`ex8aurOmTemv^KI5QiA211wncT120*lPJ-TmqfDywAvkFC2PaNb2-IVP3>6ff9Y!dOjVY9=#2g zYHb>TG|U*NEvwq94NSgZIxS>Eaadd7}=C_=qXU7B*6kYQ|Ou{*ZLn2Z!-i_9^QR9Kkq*z5I7>cC? znlsJ_>(eE3R@w_K+)21`H0R`h`dS-kvR+p0jv~4_3hyy~+*#!qNKUir2xIsaW=wLM zO^u-!9K%{!u4&)^j#Pl(ZHN!Oa@~tttrwRhmJ(g5_DyrHxHv*w3Iv&aUxo;(eYDI&%{G1xaKh?2yo%us%^5C`j1wqb6Pu-kA*-U&%Az#_yxI9by7Jb{m z|7*7|SfNPf$pt~#0@3Er!#ujKb;cE=<3*=|q)su-w)@_fM^OKM^!r|HipV zIdsq_OIR<(*6%s!qu9?qA5Zowd?+H4cP1=+$OENX#GBkY;@Q|&Lt3+|KdwW!(7{nN zn{MJq5fu(X?F~DKt0njUcb%es>MfCT(zv)wWJ0fQ&F18)JnlcnejV9nT^lwDds=p7 zS5JSk`!@&1B%dr@H?_ie?-UFfXlU3;I55Rj$fkN-GxL>NQAM#&3^xmD3_JQmJcA<8 z8qL&^^`g z3(#1AP01)jQM$fSlGQxy2K2P*CGGyW^Sq?bPRqEWIaWcqNQoh*H?9$xCpR_KA3yZ# z<}5!)c8z!BS(r`Nbgor+_q(>j{8_0eC}Y1|f@L|4B3JDBmo$_Y%+AD5JNvehjqGa( z3l1hoqZ$GTI1yAEH>);5VT>$Qq3mG1o74|O2?`2=Dz4I`Ivc)eMqe%RnQ4%y&!wM;Og%< zgVC$Y|G(=LbBK;1R*!!5J>XTpHsHKYQ=;XX7OZUK69E*?Km7(cPl=wjob~UwGYP%C zfC81LXZg1)0mBXvu^|}z$opwv8eo>-9RtUk$ylZD_JbKM^zATwgn!&wR%uMyzxEFZ z&7U3q>>WUDGbO3vW}jG$El09+&J!EU<~EXau*~IaW^{VkLIcs)%-rHH|1d=APr5D% zl+ocin9V9A?mRoR(;$4^v`1SO(+c{uJoIA4kQ5>n$&y^8Mcw^Gao}Ysyah&oHh^2c z8H)(YgR-JjP~FvB))JW1HtCj=P%fKCb}P-2kd=Qz;EWQ<35tP6V~3H^>6_--4_nTkCC}B28+9mFP@7qh{Qg{!(sZ;EL0Y zP((MbXHt|e`Mr{snl^#zNIAjh%^8=WG6SmtAF%NxS3^kFZ?{A$hrU9)sOrD|?b*4+ zE(-F8wmlg|Ksh_eZ;#S95^qZt|AdH65$(^OS4_=RE?S~s>vD-d?!W6#OYBMRY%b#J zAOVNbD|SOeh6l8Y5y?C+@YKVMRbXak3i>y)Yi}F zrYi#b1Cnq@4CS%hGpI>N& zxnFw>8loKa*tec75<1AazXmQy-FRQN7w6H}VKb6lgGA+XhAak_B&Mrcce@^Pu4y%VQ(G-w@^BS< zjzYrL={dKk-l#tH3H7e`M)6p@bwlEox*6sDV!fn9SRH{C)`BI2n{xTrmJ>0!_|1Um ziQn63f6ADLHnK8wnn}5#To~CT$nJ_6F!@2%|HN!Qd{p2FjrMJ^d@0=rPzt{b#Lrfd zkTTC>2HNV>NqQbR9lRvC@vmK*_z5oc9(0QD*W)sZ?-?Z*1Hm})vsi?2YUb?%ziC=Q z&YpNR25l`z0)b*kU2^cPvn9&h?Yy!sfmoW`#3GHjV-NqxirBBQ)J1nr&QvsKv;Z@I z^BQo)-Yk6^E&pHmyjUDvC4C_60zNLm2kvlOyCZEO-|cn(_1xfRE1*pp<|iLn@DzgT zy(X5IO2$LIZk}VDezO z)|`&UW+=#DW!sAg6k)O5tu^L3jsQ)7AX8fEu<=;1r#M~Ve@`qYHtBZUx0J;amN;{M z>N{S`T!lJbHg_O$%FL?Uer7po93S0jplj8&PwK7tb`>0h%S2}?0b{@=!et0dD4`6i zwCx>~4=j5!xuBF-}Oo>(`{&DA#@>O2EtC#fv|-WY*}K<`!^j(|+qqZR#OpEN@g%r$8;?h$*KZ)WxH!p8 zyy^~3tG@f*)otum&M21FNt`CRg7Ib*{&^tEAb#fI)_H>mBol3gwH2w{z=-QGi0Z}_ z5(}wAt?Wg0?7fr5cTxbsqMq_0%s#E9=#ZW2h z?579mt-zVe37*i0YpUo@F?z$C86&VT0K{px>6V)XXdzotx^KyksZNZ{q_Kj~I~yI< zdZ)_o&q`%#EdQ`BN|uJ6-*e zOX$uUb5pd2=<`vbFlAAc>jh)oWwn#kY|Zh? zS&AIVM^~RpSo}@iH6oyKu6~sW0}^Fdy6=yEH$4m~QcJVZ*Y1{vPVtsAnQEe;8U?`2 zeG)BiOIrWTE-ew)ug~@9ISmPG0LU*%iyno+h{?%7<}Q!LW)DM5oVs{-0kwZ0aonPQ z-v+AH!;&eqU~NgK71Ai&TJ}9|hImr0Yv3)vne#?!W6zm(8zcU{+<>|#t{}xqYN|NL z@p4ItimRNGnDOs?8lsN8^pr_t=)Q}aW_|Xf2mXz%9f(Bwh^?J4m)ktqO*C;0lkiih zYhH6vCvwr4ztgsK^SXEdtXjg}+S*4VL^gc?|4VlI$vPPd$|L62+ypts%c=$4Q>$1CE&htZ!p=%pI^v7_lwpz zEYM8K?)*Y8!4+Q`K`{lO1yg$k+t(3WQpQ_JGHCk)2Hq=$sjJ{uLmC6p?9$PDfiB-# zAgeuW#FOw)FbfO5t%MajjdF34tI;u=>5|DuabSf$*oVdL+~F2T-mok^<(J1IwyDNT zRFS`W@@E3x;qX_2_V19ImnOD4bOZZkNXiUm?X|8!aa)iu8M9 z7G`3d-=87>4unaViLqpbphXLAnvOhK62k1qP(D#u5Q583br!`!p(2|?c7XK$A1wb! z@eJ+MAl{w_fXj)G2&2J`h;3T3OT#`gQd}Psa3;A?x*9Ec z!-|aL(c&oi^UUN!3}+{NvC>thJEyeJ8=_)nOJ>%AhFB?e!lt=CtB1DPSuV6uS_s&B zbV#>Bum$%@$X7KG8hvhvt2qnp3KUO1$AxtmrMOZ`XY4jTeeuD9c=oLl9D*|9z@*th zL?EfBdWVL#T41soJ%_kfS%?3^7=O0CiZAj%W_5_wc9>u40Y2Have0%T74tZ0w8Esx z(3kuSF;KC)_DgC60WJmXA(OJgwzkTgzT3%ZrtXe>61nZ_l zjdtN3{(~7!&I)k7IAVummlFiHoB*n$`bFhTy{bEDs@(fMIo=c5Q>6JxWaiMFA`+ujGDZsS+Q#UA?n!R}-K5#=Y% zD#e1~dP6oNri3faTc&U$c)vClKkv?BZqu9qn+U0rT=@jU5DzOV$3OOAcq^pprQShr zxSziZVIUDtAQD&aJ!q3O|Jv&#;+j_QW$ry=Q4lS@&bz-wgxtJv-K9*9GBDE`dNX|q z%PI*U$qgs&D*~u`FP(S)vrRU}k<9L$?5ew^gF~4%^4#0(zW1gQ*xj9-4?pAFlWp4S zMYM#56);ML-UNa-6(h26p*cf}ot=O6!ElrXCL;(me!ZBPwlhj)FMh6Bu;VeE#5G6P zn|kcevmOMP$dL|49(00EKkgLrZVia9;pag5MCIcLCX)5zG|)I=IWxK@_-mk^2*fN= z_s@$ADxY>+YD2BnCNEnX|HGb@YQ7brM{1PHs|k8oTvao%h5FRjb%Zukf4YoeS-+tR z!{&Tbbz7W{p4tzYILg-ompk4xaD5!9o#2ojE$3_TW>26JOBp-TV|`?(X7Co7rEqN@ zovV|KPLu325y*$dp;KaMB&G-NvmV?rYMxVel}mtHD<~$&B|^Nccu~qqnG>g15A;PslRdm%BR&%e>;DvGR5BF;)Up$61)Oq zrq)AY5RPmlV#(E9B4`lY>dquguv%Mhd=Io(sYv#5}>6|@fiIZ0wrB*)4Gxg;wR|i+?CS&0M^;eGojX! zt+0`@HJDn_*R^9ngzOn@5RR)AXx@{^3B3>V%$2uL*%C$gsQ$QR+!JP4yc(6y0NLU= zIbupy!w)CAu>$1cU^x!|b!>}L%Nb7_x}8VEU0wXmQ0ACcmQxBOnUXUhy1OXX=#%h! zQQ~W#(zXlypZk=d>d;1lj@TyTQx%99nzjyobsM=o~u*=k;4PRl#s8OUZRfE8p`0af~V%fKE90Y4n^bD1u}>DdUw^;M6{^o z>LN`{#%7m4mSP8wNsZ0=_q+C@b9Pn}sMSgP-~rF5g7;WypYaA;W-c5mWk^-)o&W6j z(VU2*8V)ZiE!{%Q_eKQ^6cHqgbvlzoL$0(Bf>>vTF=c9K*mQbrcl8I$DI?^d&PSE? zq-f{ZKZG>iT?ez#=|=;@$E9=rEt+_gI}sj0H43P{abGe#7xDu&vg zOzDnC#qjk-l7eV}ToYE7<*zEcv*yvGH5%44R%8C#xGSNw7H+$+@GrB0-r7#)MXMZs z9+jRzOhKNEpHjv|6Tm#C5kc_ivoA=qum798P|4#bhQ@V84Z>DPd?8I=c43?SHEPw?P5O^%wC@dfIB>(+UK9_s{g8v z@t=(FpFQYLcwWAFHYh6LbC&k^f{c^VTlk@P!x*7R5@69rSG@7} z8polH$an|hCw(eE?r{ITyifG~1{SXoS6iso@yo##tzdRehwo34Nb{nh9}?O&4#g&; z!s^#*UoQNu{_-qk{9w0}*Q{#G4TJ-36M8KkO3pl!lM zZ#KP@kbd%!x8*M7po4+Ryx@;JJVsodkV|7OH{TAdq5D8#st*WYMY6qm%6%z_Jm{^U zGkm*2{aKKiI84E|z%?3`er1#oZ=+~WOC}FZHDusz7T~$Rn_)FXZTp$&Bd0c>`D4w)(l|zoXrtXDoJ;PHG83Hpy0o73WEh!n)wt2gLrLQaWGgOd0S(c~#yD2ao zujmFwY=o;7^3d%=m(!wPfia@#CEtDArq=f=1TPAm#^Vr76(8Yw|M`qVgWoC{D7%fD zydAiA(`?@bl?C}i)A3T7|N1eBgL^|{m%gNT$A`J473+vy)<2h)3Lf6QNxh*jmRVwNCl)-5L*!yJWF$SPV}R;J2X35rMXzo(J)lI^S7v6Q zcsIyW^l_yZhLlCJ471U;vGEMINIw3^ksvJYYXhZADO`FTamwX6XY?J5>GVyWkAIm$ zv51RoiZy^(D75797h^je5EClibXvh7L6M;Rc-$qMa0ta;mKFeCZQCc5(6s+yHaYKk z1~AzSWyZYTFvEoht1mQV4ZoHT^%0+aGPhNelc%YbqZk5;=Uu0x@-3*-cEY}Q{5r0K zoFq~rvl}iiA6~7<5B$ts-jA-$Hn)mP_dYXOk%10!G66dJ6#d!It&J8;LO(5hs8EQ* zP>OK`(;5fxL-|0U3jW)i7lat^;ro48A5hcPpGF0`7%Bg}Yeh&>x6<9UBfD+BaY03w zS@og#c5>W=Bd6Ykj&fI-kIjBBD$sxkglO2`t%)nUA0=IlqlG}b;_sri)^b6hSMl({ zMKGn}H=K~sevLrnk4(j=TOCE-(*q2QNd+ZA)5Y3CWrY$A!VeTaJ30ONv;yvQ1(Y3_ z&`OfGU-eDmCl(mr=E<_xPV`fuV{{b31lf0ssJs2qSW#MSf1APBLqjYK2I^9IL^?ok zt{+rAk`ZGze7B01Fe38gKm$Vx(DhEqx6~mtyPN<@L}SmKgAM?^=|lBhh&xci;Q;(tl5Y|2t;?eZg?GSC0}47!TOF`SU$EL3Meq zUy+u;$Tdv&8BBA<9^AS>pUhc8jFWBUa;HnpB(^8mUXOApNh6c@3uO1_tcXqz&=(|H zl>~%pm$(|L2R^g%j-Orobg1{srMvQy$mvJ>27wN(7Pc97M1*%nV*C#~P|R}Nm#)r( z7}wrTloOOacuju)f8K$TSJ_RGWnm2)-_1QgsNEbJ-z^b+N=kFQAh7rEoR-cKD{`(XEx0~MWobjuz_*8?Rj*X{n1})bXVGX%};Jg5C{HN+$bmMS` zntzHYSC1A_{#d9)(LAQ9@{E3HP~vG}P7G(s=Wln(+hZzJw#$UFjivdVfeGC6 zrFtc47-)%-V`&7sqx=SA(Efe;-*X)JWC%E#X%3mD$P*SY6bBO=3VfDYAmEu(ZL-N7 zbz)~TtP6}6X`%ubC`H+tWZ_zQks_eeXp8>4@w9{nQF>0||33Y1I}XpbuyrTaUf16Z ze#iXqIbxRSkZYkQikr2EgFDTKjLQh_TkCSExojvfsqw{_w|tiu9*S{>b-*N3NG}3u zom7){U41V>lzs5y&Stem{^f_{`RF>jb}p=xTkH@BYNwG!YS52oa-EuOOJB3$Q_Ok} z+PSBeuY~SOhQdqccRODhXe$$>_5Zjt@UTSklMART2TM$+sDv?}q$qB*xSV9Hl2)#A z*b;%(Y|wb@Q_qIw%%~q$EvBQktQg0SJMp2|$P6FL+oNdWtS2dqa`h+tzp>OK zmS-I$oSh`esyZqb`VVx+=XxS$c%D~g*M^goSnZn0+LHYH;{TxoBB^0dL4rz~W&N4q z)8Q}t`(oirZvkAI+gMonsOlUiGfaA%gYNqy`mk&t`B}3;i5ab98pHUBAbwurKxp7Z)-0dXlYH&q`HEjn^!XmCjCZzT}Kd&!l#e)U9qi|8zP%nF2irPRIjby z6IeaIi0D0*<^#=!G8};|bc`CW@>^C9)l9g#f->4~{yS7)oAaCl$*fw>fMM4BH-gxK z+<08teA{Z--wg#q$Bu$>t)o~qXPRrRiBm#e*igAsRF>T)5n68ZF;})+WEDm~?ks`_ zPJ}T9KEcH7xTRxPG{%XafAu#Hg;PGyDV@uYKL!QqajV0M?@4;kS}M?Cj2y8k!A1pQ zYG$0<%nWYfRgc?z!Ns6ok!n4Yj-hK(uC&%vhd*MSRIvB#8|uvNTy>x?{*YFkMEmj5 z6zu8L`p(g8$7-h&_+3Muj2_U{<=4ls8?gRH9a4;eW^4Z(To-mzS8^GCYaISEPTYt4 z)Z`V?laI?37nF?c@|d2gYIo9$;tQ^B*wdY(CIT~-yPFaz?2`sw(g zP`Wa%>=v11<;!sAUl!*tHxiZF5;C=)8)cCU}j2`k91-L-DBTgP9P z${c%G42UO*{j*mevDuG7G&sZuSR>fuW`L@}87~!nv6`^FV_twpW&LIDn8i0#@$V!X zKKWF{Py21YPu?b%H=K3CqPRXKpucT%&tZ@h3f|Ge^q=r+N1mNLCci{7}w1mtIoSxYQrGfU3X9DD%gj&0kk_XB4N8G~Q&{ZDv*o3?NH zw^;MgMmaI1#VDuJ$tc&Ey%|UZ2m;0N79cwbxy77n_S-mDgXJ$DejRYb{^6ISW8+T=?+9n>KzL& zTmj@9Q|~UTVF&Tz*RXjFH9J7vZpSedyJy7r1R#*;kd~%4hN_s zBEMQEU_Y)jx)};UX$W{O4pDj^as4hIk$<*y`WZ-OQF+Aimy* z7Mz0hYF z?5>bu5hNs%(QYGB>viAeoNxL_d{&!-QdMF(=|fYLZ1$iz1F1S$%}b>9$usfpN@tS~ zTQ9)|h2csFOl(bxKz-&GSL!?Q+6=S2SQy27h37`1%%|zK0}>03FKJdJ4IDl44@jo* z4H01C(jhFFXn&9eH46)fmAzem9LZ+<>Tp0&`UwR~T2lSI)L=NTi86s1Agpvjobj}h z5WN(X7QYliej}rE-{FF?1Wgy4iSC6waoUO8CtYzk52Jv<0Q)z4^Dma(-|+-*M$5O{ z5QWfNuov%1#oDFy%!wiqc^a5`34Z zP!=s_ff4lfOAP-}7_!KDeDAk=)1t@D!jA8ER$hfw7@wzk>#|>J2uYLAy|LAZD_Lxh zC-?+E%EU>K^0Laq=A%6x8_#s0fL6q{81UWzT|ok4SHl^A?>00sfFeD_X-IP ze$5RTbk@KK@-3cH4fb~2i*ohiHfrsmwLqkoemZC?_uBsBPq8BG=hAj8J-LR56aU1j zMP(Is2bzL$(`@Jh8JQZbF&X8xlh>HDVi}7dYpe-1B8;+Q*^0DtN_2jnhU6VjYKnq& zWsvBIf7!s7K_<^?mqXvpH_a3Zx~_^tfg7+2k+FXIva!{F=jd(DVoXxP{PH# z;kF?|7xr`f%#+>!pdJqRDP96IX^TYhn(xx+{ce;&pn1q(EF(x;OXl0ut6HYv;#v00 z-k7vVyYsaYP47aZq&Th5bUQxR)X2_uzKXWaM`8m>+ubpe`z-Pn#CZ9K2Lmr zOeKCzYQJb94D6HTILzJGYsP}VK;YQb4*dDmlmcO1DemgT{rFIj4lYfeshH-}q#sYe zMoK9_)!&`9MTC2rJD8H3fTcMlj`m@p#V>&xCE5&z$`Iag5djo68A-R=>(PgK8{9%jziK zp}_vCu?zV)RUKaq2)>aMFv>bKk5p{L;Np9rFi(&*lmnqyoh84P!B_G-m(7000WErw zZHJ$??Cy8IxAaY896T9SgC^LFEv+kFXag67b+UAFbqq{%b$GxcHRN0LadQ zgorHeYJ^)7=J?y3fRXz2G^WED=wDjt7~#`zmUg33JaFOg!^h5Pb4$+E(vTLIHbjjj zHo{jW5appMCn3P0vJhKRkygOX&YstEt_UbrXU(3M2fEzzQf!J_bM~%pzI$IHXBr@% zf*+;h$wAg>X;_jluat`J>x^DzNM`8x z{G|1TzE$|WFWE{^w`!|V1x5=&ud?FdbJB8X6ME~i++W?e{4jzHV~r3TYw;o8DJ}bm zO|sCFv5O$HniUVYRMhRMy_Ss6iVxd)9&XKon{QnwNsb2nz3!de#U}s*fjn<_5m7iU z^+aC~~=m(LpGCNf)V>RZg3 z1?rka!1D@n!m-k32~Dhq$foU6JqmZ77bBNh~@-n94pt>riP>9w}2m2OP7 z(PmZ&ZZb|3Oon$V+~y=OAt8pCCG#RoPGdp?@Dla+aj%uq3K2Ct{3HD|Ef5Dtce0ra zdV(8M85H)7nRU5Ji{Z7HT=}~rh_r$POsD$hMtz$+^K(izW#if3uJz1qdpN&a26RE+ z2iZCy_%r^v^X8P>p$+)Xykx~GO8ZRQi*y3xL1YalkClkRqH?xm!UmD z;llt62zWI1`&HE$%~eI|9|dy@DXok|xl6S4%jlZFw7zP97aOE?hmdIx$WS>oWy0AX1Z2sudM8TywQ<4+9QSC1; zTGyjl>hR@w%E{F+zRSYYdiM+Sef*_N1Q|)iz~YZCzyjtZ18U)qP>W&1gbyh6HBqv@ z4iud98%?ad-@BPn8ZvOkLYX+4^yW;=Z&o1TEStq=cRgM6RdaE}Fq9CXrWY|)geX{~ zE}OE~OSxH9!rk+!>_)#vcF1wzPeC}vw|gZJEG65vU?;Qj?x?6jd)cwz^N9y?AIOS} z?-nGG-@8yRgtX-{<6%Brs;yK;%6u*Ng>cBWL_wf9K~f99OhqjwvFe>!F%_Kd{7REZ z)jf_k^+0yfG)AzJY%V%*i+KlVKKxbnD`H-SP`O5a@h$%we|1Z3zv#dr!n~o1vd0BSC;9`9VTXrNfMT`JA5c|mS3)yME<{rhU6WD| z8Jr5AieFPj7NoeRsPdYL3FjvhQ>C$O5?l~KB^Gpv`A^~_FkVanz#7CFI@Ukyq0d|d z*((b;kgb_A5!ZnR7{yR|$OUdu-^&U97pHz9w%b|Elo!uF7n2Gzf6!(!&8=0w4o0aG z3|QSvk59f-1H6-xx)t7@Z)0Pl!0L=t0>g;va$T>T5JY(-@$3m^$dh7)>ykp$)@D); zk@=|03C1l~w~4Q<(nivUwAhTy7C7xG7dk0!UTADmty2ITj|5>yD#6`CymC2Ht*4Bf zwr-lQESj3Nq#)UOw&w#>H}Y+K>t7^U8uArqk8^-WgfN<)1{~K&3ISuhmAkG5M4@!f*o?<5>KD46E)R5Q_r&#tn7-a0dBebS$Ic-LJ@)g*@fai$D1b85dh z-WjoRF`q?@y&L{s%7JFI_*Umx+J?~DW42}muB1IN4s(EWitZadGB?v~x==f#y-#)} zyCTqMVoH4=i8q4={o*XQu#wTm4M@jZ*~^Tb(HW{8$q*q&@_qMf0!7r6xJ+qHD)9h> zuIRm%bY=v$dl7|&q=A1Np%3#lQJa#7aGgoe4gyW1)*VR_IU#YeA)tvoIuaYaJmQE$ z^=}KRYVnSKDaEDZ-b5zKWC>k&vA_N5`;t+c9b^*V6mY!l+iF3I`V zbMSvTN&oBr0nI!TGo(_czWpb+-_>5>bmd(%Cm{I$(^&$96*VUCNT?Dka*>dNYDO`7 zvb1v`lT5sV6+~N49kfy^ni$z23M`h7s2K0Xw6N(gcO_DVGy$e2UGYsgcH&*k?T(rp zR%w#sa zptx)qoBf&&p>;{gZLN*lDcm8*C3n?YV~+C6wc4!pkU8KKahZ{SCaCd+t0k^lXJ+r& zaCQra?;RTW4dk}Kqy=BbYY&)-pUCyPX9CIDYmjSI=FUY&^!RkCHuL-5eSDWuf4hv!Sd7Ol zI4I2WIrKwhR}I(Z+;gIk8yM+#fUb8_b(|8>GrjF`UGgo{*RB}dkkr)g&YdyXN)(!R z9j|Ld&uz4*=%wR2A;gE|tLm~rz-%#_TL}i^&j!+ji~n<*MZk=klRd9(S0$>m^HRqD zJcdxLTs@v$z?AJqa9lMRb#bO}&(hQY8Mg9xK;u%LUvUZmk+QG8PV#7(+C^m{8aDCN zkk?A4ekHlrY^B2!rX#JX6S)&<&a$8!T=(wU8-mBD^IUa6i?t7}n7?OI$JQQAU_aE4 zLvn4C5JKaqii)CbzdrsZOTc3W4&sxJEOrD3v0}-z|G1N$tLv$0_No_i$dl9eSrk%v!`C$FD`cV|!wHo@{Gje-xnpuNncABmqcSKvfA(xzJeo70`Ldp*no;dFTk0b&;)t&I1 zUq^JQRO;Bw>_W`!J;IOdsis6+RM7I`A!6h}h^ZOb^B+S_=wSH8)iuwT;MvUf4Un8uPYB^Z;HkgkdbD{karHk(O)|?QYvV!>Tt3DP)@&A7> z;-0Qb;u+HC?QuxIYk3#wqB4hDmGML_{u*^1{j0l11q~w*$yCwNQ(<%=ek^lWx}~+T zbQ1;9$eG8G4(Ne5dF>#QKuZlRL{X7d?A`$PXyD97cgq@dEf*u0#nv80?e{7N_&jWF zOzuWth_5?#Io9$6C?sAItp*C1MSv*Y$6R2QJt56LPVXoFK#WZFhFvg;EoKDtX&lu< zol-d|BG$ZtIfOlfPBdpAL`_-%Anef!_}R6b7Gt5C9o~?}fs%*g(hsIA{=mcTHa4Ua zlpm(5{XQ=5JMKyW&?0Wn@x-2YaV!Agc4Bti$20)SlDj3Yk(kF9N1R^nh$+^`t9s)@ z%_2G#g^OHH>I|7eCdo$D6&Ceu%%^&#eYj!3T3Cs7e60%fYA%&QY_p1(HR4McO1kzG z3Hh||Yzo^gz@I!?QR7YPQ_IiRlFyY&+w(SK)e=AFnZ5jkXYtuB{Zm!8iMK%&#oEVN z!U~qRfr(G4OF-8dWoiIM+#J4BB9JU%r6D|MKe(~#pjkk!A0*xKu$PFZZdgG zCc*!yx#aC3!RRZg=}1jr`VY~RZl+A5(*+^WTJ-{7{t+Lueqze#6BjBcb2K@}hv2S7 zvdNX`WgDBSb|a)7PMTA;)|l!{a)UNPAcV@k4xs?nX(PYaL<1|uSw+|FYjRK9WW+zP zbcsu#s5QW#`R6eX*X#d=Q-K)T2aXFfgjhb~EPT(kQqhZA(Md}2A*P~ks#0UBae1ZL zt8O-XHI;}6+Fbh*Q}1OS@k|VExHq@R>rwU<7G$nXThmHn3>Ofkm@{yF6Er zB1{}PqzNQaq*I;of>?3Vl;2HA_L2$VT*94iydc0%Gn${CoYqD*#N@TUNx?SNZJ^Zm_ z@8X_bU9zzZG+7QfOd%5>+ce{V=fkglf5g+A1(PY@HvmCVE>%^CQb?`^=Ox5I!!19U z(GXu7H(lRCnvwmQsFkzxlf|#x)KzV1Ol8JyuKfG3_J<2S;*DYc&cuitTo^;<_Y?Z~ zIinoRDF1!=|AsL^9ePgE!DI&a)fa#IMp#wscj8QOS;sXLgpTaW&}Ds>XIWZ6L#0oU zm8r4$I6uYlb(%>pB67^Pw9Za$5=3>807LFysmn9;j%C}4(yQ68%6#V|sa=>9z_Ho=M@61SSz&LMgPU%Qqsu-Z9-TbNanaaay{9@T}a4}8tt4up9GIUS}&`rI(6HHu?!-Co+}e|%|L{*Ih8AOmX){0 zZ^(!avq=(X+p3q;5jd^^T~zDG{>+bNJ&T=f_-bacL-THPx!%r01~OWXFf#66QsPTM zwv;noSdiafX0=}i@I*weJ(24q2RB7R;dN40XoCS=pGG*fJp0ETa_7ys5@xWLuFJ5i zfa*v%W5B`5hqAPy3W?Lur+N|t@A~hh8|iUjYZ#S1Rh$(~xvxqO28aT=v3U8wmtX#@mq|7@6O!mL9G_=6V|w5?Qi2+tPt9}UlS-H`(tbLe)g{;Bg3O({uR=Yj<#s@$cN)mY!hF)hFcQ{v+#otWDoN{9& zmJ)09P9F`sXlW+GEn~UohF|2$V!MOnGS*gXSrlhpt;zN1IVvaS$?*2d2}q|DSVhz5 zJIbg!x+JI$BTSPKWsG&TA=cN}7J+kMA)BgDrS+{SYF@ZM;$L#!yEeIqukn%$@ye+Z zx6tN<@u_g-arqE7c+9BZCmcV-MjWLOS|FN4(1pz$Px&*oi1(KKqOwX+ zQU>^T@Lpz~L2E_m!g$20XHv+;3nNSXSDZiN#!B4lvK?nln-HjR7g`P~Jv3wd))jOYmeS$J@1n-$Fyj&M z^(8IpB!wg0#H}}#L0k?anTyHjIQ7!xI-s{Hx~Abni?CDYUsW`RhiRrOT*YApTL~8; zav=wKqX^~D#<0fa{-%w3axm9nV&*lZbZtS~6E3>tuFGNGaSE7@6R+)h;p2e=dZP7X z(7`!VpB{efbFri%GqG7K-6~SAGq?=>-UGU^;Z@WiB`QbylA7mK8kiW1=1j$MSIv-v z{w4p!qoU5(7`~cXCSxYA(#sFElDARiBs-lHZY<&pN)sqhQFC7`R`sYXz{+VcE%)mz z+YM+hztO+LVO|=&w^HFdxM|a==uCM4jg{~3c!wazcrsHXlHrlDJs)(9U}0$SC}Nu# zdniA+obUI=7>h4N4{bcIl)+$T4Mpa9ZSBi9bQS>5u_x9N)!`Qic|(K-te_kE=`SU1SfE$e1S7v|!2ae)r8UBC9I5%G*n@v?q;~)2 zNNsK|q)s=ifj(wMgjv4(s@BLZz82~2uAx%l@*IC-?>Rxbuq{=dCORC?OzS(%s!9 ziZnCyFbo~it&~cMq%f4k(A^9jLn$4S(jlQpNh%;9AmDfK5g*Tc&i6fMegAlW?>WC` zty!$$UU1(tpV*(huf6wmQGKr3zTOXM*0}$$SHyNWyKn2t^gY_*dG@uY#HhClyX%Iz zK|gJJf9_iz*;VMPaWt0?t_L3p$8`FQr6jc0!@aEQ%kwDIKF<44#COgoE^elfooCG7cUO*G|TK7%)Ln{7RH*m?j+|^abgo@6Hj?msDcUn&C!dvdV=#_ zHnA1HrT>_yL*jj-URb<|A{djA-=4B0+dETrc7G@1Izg$nZgqMF%6?0eJ*1~UED{e( zGt9>|jM$k(b7iWr^i0_#`Fxd!oJ_&yRER+wb81G5j*1%TTykf6 zQ1yGdVj(`C=q*|#c!ttcwq%SHE&@|;Lzbml`wekF@Ze-NrR!!Nb2BlMA!|=fC>i- zmNz0XEhN6XbBSr)yTr88YD+!Mx&_h8wlsCOc^KXf-MQQEmXRKvJ97tBJ21IHGk^s( zyLR^0OZT`QTEfN>Z7pn)JR!=^>38iRaHB`$N$sc}uI11vL_LfBJp*CWU!`k@8IL)p zAdi^^FpEELHg6OW;-kTUxNZu4fD0Z+7TZI(BT034CS=WtwYLk`-EM0gdMg#)3*+k+gTn2QQZeOq zkd&>XEd~j!;v;P&=TXOiXoRh3fvDGo$cuS@v2N-9v|!5Uu+y9D43yvt)0JpNm`3u5 zzCY$z!Tvk!;sUr!K`zB?fhAra?2Y~e zoTXSX6gx7d)D;CKD%8=aE(lQ!xDeJ-Kpzc8KaOWmELkcFNkGEjMA8A?uB772pcK8g z>&GMd3NVdo-G1c98sAQ_-~zM~18p4GmehU*z>{hs$kZ75;KYNjv9~F}W0*R*HuAN2 zhe$!1l#-aAfz$Fm+WUJ~b*QI9NyABXLS~UdO!}XB^XS#*{e{elVsgJ3xv;RaR%;~k zL)!NAnYc~Qn*=Phzj*#XR_C5uCp9i@u|OUUu=)@QgI7)Gu*P{S+iWVwTIybdOTw9F z@mK>@PD=m2O#5G}RlcZhht552a@LYC}2|b*A4k zX(`P~;69;ZbSqD~L)&%d<+;@r!R((xjK4^2elHvs0K7MkV!=Qd_l+`EA#0G;NwtqU ze@LKo?^xsEt3d8!0Opt2*-ta9nYxkGI6)lNnE9c&6+7VpaDpt&(s`HC{=L^^wG9jo z%5nelQ+333)rBXH0}2ZBZROEt6P4deJKFHhh$u$mD#KkpfY5;Oyqse0)?&$QBzF#o zm@BIT4-Q>^6E7vmVyrQTGvv|EM1#p5ENUO?p6^%s_NTVbpTd>@Xu;IT#5V1+tb`gK z1sn!jBUL8GgTd$Juc}51!?TawEpGh`6+C7MhRN;mhuE0yi7P2m26_NRRZO22?-37>MTL&KjrU0gZodLdkx9gcTAR(!y^u6KY}#l_}}*) zr&Fb7d5fXF_6z)tFKwS4!(dOLp(N0ZajZZ2zsM|=#PaK9;gaW`5p8AQmjfH?0!0zBOl03Y!S8vJ39+8n(6$G zf@-q%fR830oXi<)V+I001Q1nBJ7!?aG~rgcQ<<-ec8@rPXU*M`spAcFH2&-Izx$ZP zRca^ltpsnEJ7xH0@AM^oc4`h30MX6JO^Vz%7T3`j`qfVL+ByiI!~11K6w%7iPKJtG z%396&DaQPej#6>nAo<33lwtV}N#2>=mlhp6(KqX){(AfGISyP&O0tb-o?`oagUee7 z(@GwnK7O0V+~yhDnvtxtw&V`|R*hdO{aRBxCio`ZQn{n_7tqMj%HZR=cMHkiQ7%S> zkHr199xDaU(cW@=VqEp%(d)n7{+o`28|J!hQUscx!nk0X#=)cmX@yo8d|8vU-1vDD z{XH0h28+5Y)51a`@b5kzOjEq9o~Qj3?fuz@B1-|S zpS{$I$M<>T=mqXCLej)ihGs(e~+eY7K7xW0cxd>&lI5m3NX$p9oRP9q{KyESC}lOpxx zW0HeVy^{yufXJ$s=N=Ze-^a3;chSLKx3fkUFrwClAIs!6;nIxQehO4_r~Eg+SXSKI zM^ zO&CV=WLk>eXd#{G-%;u)`%fH-|A+A;*1MUgLQYaz3hjB$kn-fpikyR{Xl3I6bo z`78eR$hwda_uiWu+v7Xmd|A)hdoMfqjwwQ#g2!rhb2&zrWm&fT+H2(Ek^S1^x6WF` zkxe_xVI?tfA>wHtMXco%#fceW%6z3S9u`f(OPb41<~v~KL8ba5LL!`=t{m9nD=s*m ze3hv?=J8!68U`Lh7G5cj=q&8+vxp3 z^|BjFuM%QihjLq*A+O%!yibzAL53Vp zRzDx`3s33+(^XQg|b3e3A6& z&NkjBog=33HmrM2H)+oBO8OlfH5(4?)eI_E*}4pbA!r-$-Jz4f7Xv1Yx?v|9OhnkQ zk|!RJF{NY~Wp5#G~6gK^uvBWVc8fs|QnjlKRzt-~28 z$1k@ndD}1Wa)K{qyH1;R?j!p#wPTwS8#(ojBrsBM$!pAUFyiu@+cTgTzc&Z8{K+*O zWqxPLtC>C;!=&Z0LKCu*9l>g~$Juo&sUC@*+`4H(-t7Cb`@b&BUD9F>N;w$q=BsHj zk(<#2YmvOSWe~>&KlfhS(QZs6x&v8DGmoEZH!w+_4~@1nwfw1m)m`+UD*=*~a*TKtmL&e)hV|@Bd^M?*M%XWKyt!!Y|vJD$qqN)bw;z6+Ro- zcGURUOZ{!sFG4441GdMV$6WmNYO^?NI0$!n)RLUry-rYWGIxeE^5iQfwjC?yc$sv8 zGJhxb!|l#)u{At7o+n|(#`9se4tKl~zjj9t?19V4tHsA>n#UjJ=KgqP6@R%_FseYe z*m$KLRUuX}6DomuM6S!^SV&i=U-L0F1mu}0{U;T+sg52}ol%F=Yw8`>-Dl|%{ZV=G zZ%V`Ui#4D}bym@&bOGo9Fyq}E($LOs)e7_?^l3o;*nK|)*{_LE)#P-G;8KKk#f1~8 za|6Vyn3uZZpifB_1?za9jue13qu@IgRH+_y#z6agEzUv%k%CCG}6(wGCp~JmExc zj#om|SN`e>&uvq*spuRO8h)GR(3ZRVgJPtlbJ>AGoVucgS648tj8qI*sjb`rn&IHn~po6O=a;hKf(3jTML-P}^BPjKn%SeCYQ4BcK< z*!GKx$>##&@bXw%+aFZrUUypPEdZaV8`cbC-lhBW1*mrVF`e!;Hr;621wIbY;*oDx zWI-av$eQsh{qeImwtfn=R+$wXziB8uo!DnisxUK2h<^=E1}Kdr?N73D$VfX{hCg(9 zQK74Pjg^Cu9Dxnnz&80TfA_WmZ4bVL`&4Q96ao-WZ(#2BfseFV2`au9C5~(b z5$roe^S0HCVKCV*9d^4wPc^Zsv|>wkJ4qYV*=foL3bsL;5u1L03TYtZi)+Y|v1@aA zGT4o}1F$b<)H3*OqB5vrC>LJ^S+X()^+DBjCku@veux(yWBe4!dj&)eBvYDQNx4l{ z))6)&^yHAm@16(BvMoLIjmY7|bfVidO`-r4f7{D+DX)p69KNw7p&@JMb&B1e@=Y&6 zYs|TV)OGR@r$R;shqQc)*^Xx;QdV-bNC0~YoRGFj!p6OySzKOsgHr{~yY-=I<3=*= z=4a`d{s*e2W45!6L(i5Ba|Nu1Hx*;Up!~H#bc_0kHA9R`qn)Hz6t6r4&R+FZkLrhn zsyL~Qjy)7R8@Q6+`3APuX5~tG=)x$z??BwH0+lZf?(K&p?s)t-a=~MA4{v*0t_I?o zEIhFPFDvSDw=LWjD`WcxDanPEnju0 z_R%zRJeP093_^}h4?oqrz2E*m0q?Bx@oHczH_eIJ=Ybpl^kP6RP6b~7s2Go_2?>+MGpfiZ)CV#w zY^<@$zgwkAu2_O*iegd~b09h1*RI!=4$H464HP*B&2=KS>m<)q-I3v3%lt zze`v&JAL@Hox2S4ErDj_ttqzOw-!UT$W0SM=G#t5A#(z_b>=v`1qC*gxAL%&yA9j& zu`pbX>z+4Ke~|ph0y9jA>z-WkF|ro=k(rQr)Ks2GsLs=_#`9qherHPSGtfDY24nYR4>lN7>=F) zy8It7CO539Lt01O{Xh7%o1@*N2Aj!}QP-X0`Kl(xhpnrpZVCO=9Xdl5XmE|8UMVwS zF#&&yc_TbIE|BE@(O5pB*>5cUW%9WY2U{x?VtcQU#9Q1hZE+zNx0gbJ~@5`O3E|HT#7p zkV9%9b7uZZU3*9GzB`qoFl8MnG6S2Qpk`W3WfJ7%MTl5eoX-C1?Z5Fj5J2=0NM1}5 zGO0L%bO|g#Tl{;&E9tGpE8WDs%Of+&rJy`I((+Yp#i#aZz+yYQp&D z>p?c$Kzo)#W@(-kFsEEDd=HQZu;}&OC?TzQ>d`fx9dkXYuN~C7Xzjg9!jc^yN^HUl zGMBV&&B>u~cS0W+_x5$uo8>oGRvzf*EVmACJAXaj+VFB#lzxfY$kN+atE;kyZN{Xm1=wp1oggqwlalW&jePllQ z{TrbBs`_!;TK;@Ns=0+1Ap^_#PfOfrBBFVypR^z51Rn!TvCZs??aG~j>AK`qjuKYB~cFAHbdSWU;P~+pmE-b3!mTtQY9;I8cR*L z_H)yQZ;8jWSCXyU&R3_**SKHPL#(*!98)t!|06vABU0zYWog^IEpxD}kD;v=#)gwe z35&dLamr4g4~S6rT1P$MQqQKwWm>jJ)s%97(LqI9ReE}B^~=6S7;BFy^jszKZt^LU zzjFLV)g$Q4TkLy|=lN~}6dZGB#&xtn`S zJI)-?+E(-5%=R~%tMK3()s=Yk`O1~MH}?-r)@QcA59@o@t|ZevC4R=EN5fa*eMe%y zyzaigmu#zQyi&4zr|!|2Chr!D@U6Lu0?#9_pogdXf9lIQo=lC#XIKsYK6fzEu+hho z{7$#gKG|th>?GLJ1wZHuqX23YXa4^DVpbSOBqM@(A{mgUOKlt&cb(;lZ&h-6yHBxa zClA3=0-yhPl;1W*fkoX{3K5%#(kI8XZywKKsr2ADDwSdpQ#aZHLhrq(#l%$Bm>ImX z=ASvlExLE0P0G#&-iBdZ#5IjCc4vSq?;Waskm%XC@;HrO*S1Qp+NyDG6|YXe^qeevIL- zCdU7OX3lFA&L^f{vIo%K!;cEc3jEZ+F>y~wmbRDGE@Gt;GMcxmj2lO z*NK2@bY*Bhl>Bwee=?Sn(L#!l=wtI%L1Xn}1}(Oy+GmFnd=<2_2=q=(Bay#;{BInC zwlHMFRd1j`M(-ELFGp7A@tg&vT!q-hr{4w<$(eImhbIY34+=S9((q#%!_;6u%EQ0r z@qgny{@7t{VK>M8!jy$@5Bb`T(z@&nk*#AvX<92|E_9YcSHTiOyR(B8`~+^wl+y6( zC|=G`_N&|ZxVN?5^yy1x|JT}2YrAI@sylcR2pucKt%3}>8QGCKsW=XGbEA1elzgN|* zh{oVJAQEzBOmvSa@2^?^H(c=ys+^KJ&sGxv4hOFr#!KkZ&0{14Xm%JQfg{p!!NR`L zzx5N!kX}o!%*k)7F6@BM#^JX_>zNz?Kuc+R_>W%ie9h}5Bj!Co zF7SLk_QrD+tfx%ZNqnRJeEf|x16LfW4Y|FFPc!fmK67{WZBMsv#&^O%4JiwT`t!p! zZY-|Wi9|H10Hee$Qk`IuWgTrhGQRSKpms*dGIxoJKiYl18Hz*4j^apdM>#<=ukz)U zGO&DYIb5Xw40{oZws*h)v|85ZRSv`MY=VFAVC_6L=Qo@B7;x~`d99b+0zmTf^9K%j1aI z;SqYei<`ZXkAK5ZHCS}!bHgXl0DF)|NqYci03a);Wu`x7F+g=O$!ZBnB^&2!>>5Et zuUVvPtf;HwfnaJ!1%dq>3)gp*cp!p}rY&X?V!z)oY4S)8hUub5!{dY$QwjbcUumV_ zTN(~LebwAfghJT{PWl_jp#2ZJ{B*CdCC7gNy&>-YED%8g zA9&hG0Tfl!Uupe+2&4S}`w2d8MD9P|+8JLy+920amo8KgJVGmRQFiedvm%*R+N)sy z#C5x(-y(|Kj31J?f!qhe%Q}iJLUFsI&yTe4l91V1kMEEkNHE2e;czCtSV$^|&yN*U ztO@DY+i3PF!Ac#xd6R3QdG40XjGXvI>JiqmW zci$(|8_0irPDlN)6K`JK%Z_Q$mv0+(5tIQq_$Kd*`&P%+fQ*~V&E&4lKLEyl&FJ77 zlC5APQ9UKdK7eail}0#eHg|)bh`p!kjII+5o{SV}-<3=Xd~^fpns{|kjZ#-> zGe;thYHXd?zoP&UuhZ=4`9U6pYnx!7_`_+{h|DqWjZ%JQ{R4v^Z2HBl=8HNWtmY=` z&Hb%To|v$rPJ~1+Sz+$%9Z49L>en#W)wdf{!QvGsw~CnzDe_60iK=xOSq%J^hs7O2 zEe_W%8&t2>Df*^>vOh2l$M3O#Gnar_CfS4g_zFmMhx_`zHb0Y^gKHl*$H%$SZx2We zO&-%3+1Xh^8vfXb?I(ecb%AQxlg6BavvFmN&7XI{)CQJo8E(S)`8&n{O?U0!Ck0~H z;T>@Mo|MI78daH>s24!+M(%4^$p)(X#4?&MrCJhmc6n{Y8x3`5gave;h(l|2$jL;F z_H9?1y&FG&M5CvVo1PtZi^9%HBQyZ+;_y&)^BJP(J4!UmGH zzUhuevJbEdeT@fMzJ^qgFbkxdadFAzS-2e(jW&5Kq&EIug5a$pra*h(EzbSvMAC`l zEkW3m5@{U%LcBrgz!a|YPD1t&&`CWXdc(l`+wc3WEed`8+DUH+r+__$8v5%s?i&=q zFT#?>yoT=9$*bY2(CUsv-o#96EkC0{Q zHoPnA*=Zz4S0RQhk#S8yiXNGNM=AOvv#)IEo`_&S6_joeq?nBf0QrBup!t0k#)z`I zRb*G=Wod+q1?|ry;2XQZaal|9lsAZu25ElhO@x28SH^B-^*Vc#3fHkjXltW_dX|+b zn{=CxM>6o0PG$(X_H%1GmK5ifLsx6~O9WoE&8^Y5HM^sPNM{} z7!ogxnYRk86*ADUb0v4of*qF-Y0(H6%K%REmlvy81 zts5INO8aUa;SyqiFImEk9R|hDa7zW?B5sT_HL#B;! zNr#v{E{Z9SLZVr-D8JvZ=4lVnw5#V{Y<^MqGYQVdo~(ELxy@k<^aW^aw&C=wzEVr!>d zL_+q9F&6kB#ZSVeaBS?%%;SPN&j_hx7-5qWu%}@Alj+{-Tm8f-cTjs8Fsm= zWQdKJG$baWSjDt7N5a5@uvCI$RQHaFRE(+7W$8D(m@0$!Gkp3+-4GKuVJ!Vw`^%Er z!#$>siM+0PjYpArMy2X2pH#U(u>n-=QY`F7^w??}Rw+Bc|mP+yFFwaEY^Eu`k^PnD3EAd>&68%lAJgb(sIcGV&co z{Z-z5;Ujsat%iza7t>D3I5Hsy@Iy^cySS9Bj|x2!jm1U|j*oBN#Bc)$uW;FlhD_!+ z)Uz3A=$;T^T<0%yh_ZOazAqLZ@nad?|NOD{1$o}?+EPq0sr~eAYlEh(o{*HaSUG7B zo1mZzL1V!5AtD!oC!V)5NGDyIc|C{LS3tw3aH>q_kN_3x$Usz z3(X3W@ZM9o!)`tzdNNP|*Qho~B@lX07P`lnA462=X%OYcgZOz7}*1^G7%fq7A3iy3wLVmQ%W|Hqtb^0 z(ZKg84>=^5M18^^4wx9}YPXh~{V1@`?5{)vm#LwP5xh=h$7D=-=OlWK>sfv_R*60# zT!N??#^$UGJX#rGcQtqL5DhdEA}zkD0tdaY>Xf}<#Z~E2W8q&FSyj-qg?1&xQp3ffpTK?ICted+04Q;FcM&>!+;>_j$hw3#Gaa9kXK z!S!^S+LgOo3s~+f*m*a&?G;@txtW(Wg{qchfJE*?VjAxLw{<8UO&0;eC9C)y#w?-Z z5eSdZqn|cR0kU3oj4rfNeYFow@9L64(&L)KS4MtNFyOEE{^*}T&W8HiuG=W z_}7U=x_X1UOk{mS^s)?L3!|IrR^8+`&&gzR;gz^=pUB==*|Mc5C?rb4q~~Y){CORO zEQ$4CEL)w*!3vdoifvI9->V~w6?x=s54`O6o zO%B5hpwtZ(l`4p~pzyJ7SlZ;zm`gJnpCMOu*IaNl(ST`u^w(`VlMImi}V2xf*Hb=CekHv`o(YXvIJd*xmQn% zlfz_5D6-3jD)fyQVVX0O_`IS^L&UNRMbH2I<&MTVqKW4$cgu$z=xpHVn{zs#Y@&@v z_yS@i4oqpVk~KHC!%Hbkl^z?BuS)&5Mq%n19SAj@gG@=gn7A&r3f&lHppZtyi%WZ6 z`aGsF0x1V2Y5f{bk52s*4H94U$(Ya|x$NZCr4_C#Bo^VT=nvL{@3Vf;5%@@>A56Kp zHaNfY>5#hD+Szv8eY@F7e)G)k=Jw2@bF{EXQMWA0?*1xHtC*a4a)xa>Yw5qlFBXF&L#HFp$Z zV9QR8B%C9LmaxO3kNxI-!c})Hu(7I#@<1|;?eyYEN%s3`e!<#?eq(+%Gy+jH_eYdI zvQoaZ-P+3OElxM`2kL<%03cKLo+v3>lIQ23gyh4v00ylBojprvf__z-KQ?5gHeUhR zj{B@@*Nw50v>;OP79f7gnZt~5jD1_6fPZYT4&gL8sYaq>?E3nP>4LqmJcCFxX~61= zTyB@vHs~XYg#qO5hrMJ&sz}=@t5;EoF7vTkz>|TBA!}rN00B~zkd3F<`hR|({C}`D z{|z1~jQWL!m)5x7eYa*&77S0*Sp?dq*@rL+2!Ec5FDy#$ya^D>H%wVAR-0!7>ax)|Lj$2oomy4FL^AY#eLke zTgy~+$~e+lc?74%G27uB7`bb0Kd-G=Nv}9p>ES0I0_P}z@)tx^d(70mzEzSfAW{qh zxsK#fp$eRh25|hze~P7KrBrk)b(bs$pCXQ{G11bM~gJV69MH zg3{QCyd_)F=g6~e3@;#vP~O;07^(*SW=>^V#pASDF_gh*q*GJwc9UlLphEDa;#+~~X%GxD-dwZf<)Sfk&nlHpPq`#r3dLq!d5$4Clz z?MHU|xaxg()CKqBJ&V?Gnlru6OaEgRd;Li7Z%;JEGYHQ5QK(hyi+P$GBVN`&MyES|i!TU_NQzQLZ74;16D%;Z;4Hav5OaGVGW} zIbW!H;y{M$=)=$g$ufj9s;8lxM4QaCz&Y&ef2%A(v;6uabGlr-t;F!e7B8c zC*Q+B^mut1;V?>_J8s4g?qd>Q5?kT92JnluOB+JjV=HH4^FIM%Mv?+z3wR`Gj3&*3 zt3Z|aVJS}5NgWGvDva`AB%N`*W;1p>tiOs?`92LZ`_{dSMu8W00h}WQQ>{qZ0laz1 zHG9e4xW_RlFjkwR5kC5*cw#{D=~@Lfkn!MyQF=wsCbDi9IEB4c)W2EYFz&>|jYW7E zTc`P{t&E(v2`U(O(_S~=C@)-+=G+a#kUpQ;B=B@tx$W3%alo|lD4?bKE^t%uOK|qq zrCpD?<3L6fUr>uCQcn;j1~}c;l80f`dWcK1C;)y)k24|p-ZiTwpzSoq+772IPq6qX zJWfiHWxoMZ{mpAN8#4dnOXz=Wt^RL%kTg{A1WB&8LuM3nTJB^oJEhSigY5W0Dmuw{ zhCluRu~Gn5(>elff|4daO5_M2`j7`ZZ%V0^0IYX@*VY_TE5;-;G!higN?%(HRabXB zVf~Qss-e8l)JkFPY$OfWX8gNAEYdY?@I<%2D<;B+9T{4Z%c1XfPf-t-yFwlcoV+}#p(o;$2XUP zw#&0hRC`+_FSp!c_e+-&Ow>bnZJ3ak^X;^#uLR0~J%728Mxf}{0USebbdGCReZ8Z> zb$8CRawVZ9?hWM<`MGE7n%fmRulR7Ike^C{#$Yz#CC67xrjb0S=I0ex=@p^W%#uq5 zd6S>)l94HL`?YesG`G(lpdB{y@H8T1$Kl0taZw@|@xr1atg?`QXd^k!wfq7u+qCsu zOp-69r!OJU-<)w&4)$$^u~yXYD2#3dcw~Wjeek+s#+)t;qlh39;l@#8((xTFruZyN zfGLvOed>(du(m)xR1!eFYkMD3YY`=45vfC;d0UL0fyimV2iuMC14vstjlnsk)=pqD zVqzr-ryv*M7WtHV`heLTlayRnNajP@^tRl*A`*hS(_r)o3Sk2I!&Qh#H;%5??%!eGZ)E5^A2bFK-e5zkra8VGf&(%vKr5^Kd;S) z{4ILXSpGBd<@4r;j7En3aDg4-TOuQMkFKQmbGKB7Azck9Bt@{Q;=Kgz$8k}gxWB_G zC{$LdU*VsH4c-$sz)P;!QocmpdCQ+BROH~RtBw63z{Dwq@f`(Hb-8ufczAB6RDsu! z?c4DnSwp+;C`)=WsDApUXG?p+TAKnDEMeO!QAJi9=Xs5UABJ*X0vyGys*Z_yIiv9`NOw9X%qeiV3%fAr3bH8euU-B? z0m|p;?!=6Y4Tv{|i!7nMX|1b`-m51=eMxrDQmO7X(X&tGyFE%KvsEM!?e;Zzt=FMZvr zYjkmtX_u9{QV16InH{(x^`V?0dO8)^iY%eV#L+C^H(}%K6?kqn!cj;G??}-zQ_7t2 z?gtl-#`t5Q{p=d}<(FI}!>4zZcNC49?Dh>XD})#Bbl%4ekjFf) z0xSsWjMuJ|3Cl5wQFiW1I~w%NAR?OP$Z_hzZg7L|cm3q_o67U_lMdpbwjB@%Nf zK#%(mCPF(4@NuvpPYTez*He?!A2e#}=RlD%w+@B*$i`DrT~M6wX`DJibrmb)+{ovx zB*uB;iqi4WMvMxG(v(u4v7*Vt+B2AyGu7E^xGR9*M-Fp=r)FJ`-v|H@^@Ti$p6n01MpYOJ+%_2o` zrW*cD%)bptkSfD%4-OrEKo`QdDBaF6Lm*6mK){v{*JQl^wJkioyvY(gu#Z-Sa#S8* zaWJIiI|_BT8V;|Ha5IY$dwCptL6eYv{bJ-;sP-gx^lF-ii1sB9f`To4Dg=I!^*( z=VU*~^h1`XJA}9SQ-xz4`?5C+-Ld3V2SxJG@FbEYq_|@JY(b@lvz9SUO*I$iVa%(f z(;d*V;9iA#M7)!Qh;)52zH*f50!8Ir zb;?7%{uK6mr4u(p^<-ICc;taOLV$Ww?k+yULSxcH!9|&FcE-TaEgq-hDPaVMWvc#- z1Q%7_l{*Nc+9)_ywycG+Kp$aQIVT}q;_zx?jb_m2#XDp&r6sly!Vfy^y#=jk5!Ki+ z;$(4`f|+p;$+xCz1dVrEn&9}VdBJw;nyGDe?$kO~wP!q`g3FUs>Pv$HF%lAs1~3|3}PR_fu{Q!u&~`W3r!`H^Yxv14=aOIFk;adc55l(~F;Mxn4r}qOTw(Q_LOc`i1B~h(o9r0oJ2U#?3phP_DZ*e-hA_bFY?p3|*HA@vwQX|JNF z8wU%uJHLI&m2V#)!K{&RqC1()>G`{(!uQG>qzq*M&|v@ndUoo6lZcFEitZ5L(x)kJ!d@T>avG~oVE!bs zHe5(gVKcz7`zGfGBghSoLBSMvEomtTv3|BseUWH9t&J!+6ghXps!)%kw8G(;ynTm7mOUqSy#R{w zkGJ^p z#)S-tIb=cGpb}8%HXh(nuflsq%tB;toY;J9#g%p}#G>gd<|?2ls&47iX$)ooQXLW7 zZWowx;E7!u$W3#5oTG>fl$H;ORL{|-1h>`ltI+5@{0gX79(gH9t8vUS0NbKYil=?0 z!Kj!6a)4vl)MF@!XFQ7-mBzk}uajJ^b4IkfyqwxOHYBgUr1wfI-~cV9xY-(mBv5d^ zHy4|1Iz4QQBjW*RCWD}4wQKq7Z19t7$;0}5zaM4BzHDCx|*^d?GE zflM5%ys;LkXC0gd-o5e1I;!?#&^b$XMSzY_)eYEOfbaUU?a`pqLKR>8Vyrz6v}PKe zZ8D8%LUnlzHtR`m(rabnxRA(EkcsXRitWFhdk9C zNT}QNe%8g<#CFdMjTosVZ!?NoBK10?PHA%6-bLaX1yVY#`eU-n1S}F0i^U@6>?S82 zb&k~BTfNx5MAMY3Ho1$nD;n`He0wDLn**S_+sF_p>y*&_MYmxd8K1~#3RDv&NQ|UmRN4N&q;kF$v zu4R_mDAHwJ@=%IH)M8G^ka()uD@(yO=sO(dMDGEf5UHVqXz9x|@ND=%Z9Oo5Tsy+U zIYmu>23rDxh~&Z8I*d(r<^G8#%`ahk4A1ykIn(fKm;xG99aXb7QZ*qflO!e}R0fb4)@-wiz1@bpcM?Oi1^|jnxiYUtxUHwADd0tb5+-e61nAlG!$bb zNorXEqic+VUrbnwZgYj6D_+!E%4OpU?L6JV%@Y=l_2&+ejFOdM;V}=ctKw_7*T4|J zA9ZaOqi5BGbrd-&o|ZGZ-G&whWO)}KZYWtV8K>gi%V#yN$%6n>?pj>A^uHKA277Zc zElrkNm2yIvUZ=V8#*!~l5Xz4r0;p%&>hkR*rK|G&6*0@*gHsO%e3*NXi3z1uD%?ltQQlh(#H$Q$SC&nep?Z*1p%-ZC6^z^J;+ z?%P&sSiKi1KoibAvsg|_MO1{%JoLQW*1^caA;lxFwOdm;n)xt-5Mv760}lA`qH8XX zE!L}t+!X_TrbHeeiRn!MgHK%hOO_HHY_SA~is0YCb#=K8Dhn^%Jp!s4b+sCFVcpjS z+c9YGr~8-1jWa0@6G+}oBx>Sul*HT#{g4o;#Q)Xf*TnY}o<8v+8 zrYp|1A^KDcmLHVt*ssxbbhP3WR;e18J7|^td8ziSTrE0*iEHe`8b!_yPU{z?X(#>b zXjWPGWCgt>vN%Q?4mdFf63p@0PbIm4vJ;a9keA$Z>J1}SH)TdJy0-?=%uj~@#IQ&IA_)r+9BNUo&w$KpR8$D^)IcdekFSSX~1dHV-~Jn zr>Ih?gDyxu0MMV4#-5A)@H-0k-&?E0v-W7p{RP>0wJ0wA#Ia&Z>S4A6)5g*dk8F@< zw}eE6x1s-l8KF?hH)HD7fnN~NRe`4OQ|C^@ExyWh!Qe<<;WQx5@OP9W@039@>*p7N z19Ra^Y5#}4_W+A(+0up^5fCH?Ndiiyk(_e|X$eBpAV`oL6-kmoKys4MPcF=z^&4leiOp-}&g8-W32n)42u}^;&#iz?Jf?H#JTd?2&dF)*9GGVdTgv!WqqT5~^OKp$V%%$F*IQUC^eohQ4{RR%3&`4U!hk|qC z#1PMmGQt22#&6cTMaO)i2)uhuO1iNvtdS2L<=QpE=_Iy7j{GxhAHN$`;?qI&miXf) zv;~un(KB;ddp-#>J&4F8q1y@$P*;N`7$YWAQekYR#C~_y5VS>rD8#af`woQ$<5UId z9Jwm4K_AI8PQNJHaVjw;@aJ-FoZkTB6NM|*S6;h$`{VMfd zGd2s54QOigG$$}G`)yhYIBs->QSEjt@mc5%ymLJ!Z(7lb5I^EHx1%;{8?iu1(;PqX zcMC!B#28tRcfYucBz9;tFi<4vQj&U>dbmQ`rgd5)`V?w}s4JDQ#6np$nGlz~t9HsJ z5m)|%t`AAm3GPg3q-XVrZW|nzZh&9?v~`pcg*~9$u8`jvvdj3!xd9*Os_w z1Bg5Y?|*$y89&)Reu%AT$7g)Lzj~B*X=WhDrSY5t*PyDWnoy?SY6NTOfsJ-BR)PbL z8y55Z&W}%8mUrp4WMab;%lgDuq+`w%O|L=A98YNRMG1|ikLybx8L`Z+H7uk|j#VI9 zxxZs>hH4q!rdY9IH^5@~NxSAXTqRz~2c4`s=B`(N(k})%dXkhyhjK|OVHiL>KM}a? z_^oGVSDwDit=lxmyEoOreq~Y2zcYoDZa)?>+xqoBsm&X`aspr#`0Ml^Qx5i@c1uP( zZ5wq=5G1KSirV|@qqe5jUlzl|so=oRZx27vh@l?I z?K0@TWS_WIV?w+2HuR(PuhV}}Iegm9T^}`QRJ?gNqX$c+KfeF=6)PESxRL>(gu}*K zMi*B`E0-pkUfuW4#1>Bo-anIX^`X3T)8?P?l+z}XXWW;bKsM~r_?-VxLwM*7{s*_d zyrVPvCp-6I$PmV*fS^ud=AmhZI36Q}kBx-oW{OOlGcF#L z#yrYtx(4B3Hm~3)KgnZijE_txR1SrtH;XAQGpHD@)>WtM1F3gCZoyOh4I#t4g3%k3 zkRb`|Z!I2|wW%_^cLWvpkbfl?thyO&`$iGRstZc zQ0V@I{b7meilQoe`D=joJ`qq`-NF5><_D*k*C2q(;*WHD|GD41g;7|;qxGDaqbJbs zB07$a{`r{)dHY#X3XUw|$aF$!c1F0O7*^mbd z8xPjy^)FbTH2GV#<&G365=9f-mpUP&c2x}GJXqRkm#7{=e7-5~x0bowz2&%ZAF^NM z_}ttfmWw_*aaiU{BLCr`Lo;tFdHS(UOpy;48w7LilSX zWz$KlWAbvc)|nBHIJUw{sF>+Dht=Xk-opr#Pw-dxJl`%$-_^u;^weu&#n46V0lAui zHF#3u#@)ZmCAxe64?ECbQh)-%2>+e;6~Z)$hr?m&g?vxul_eBPt1a>=invY_%6$Cm zc_?=?J}`5qThwQEr{NiywAyQ89wcWk$TD3@{9(75lldcvQyoA?E;agsZ}FGoJy=L0 z9atMlv@?+9?7{?RD@U2}c@vUpelB^*^Hmpu7Q(r8?~s+qa558I`LO3Wn0s$QWka*Qll!vpFe z3j5@VKz`6V-LFU31IxT&d55jnARpX6!o}qw>wY3PDl-XvIAdAm)XP<2VxTU6zF8CxS}|K-YP>+l}Nbk@XpM((!QPE_Jn?7JiGCRw@7e4eadT5tGsBAWJoKQ68 zZu0R4(@qP46fY2D`CPn`Etr^6JgV$jEBdW_>I`K|C9NJwUJ%qx`2okthp*_^^{3PD zp8D>docRPZ)$6Y&vge;UtwDe)q1D-D zRtz&DWR?3Zr!Uim9dhx+`ugy^9Xs37M3XTT zL=yQP(;6w=jQ<8i3&j_Z5NP)-CFRySF~;A0mAUoSzp+vCR&s1ntJG?Vrs3-Qg^gi%6x_8T-4B=5>v zX^|hJ#t>oJalrr%7HwQjUfq-+Xs8p?97`QRK&>dLeLIqs8Is+up!<&QZjocDKSHMn zz`|r9ShevY9|xVS-J&H}q>RzhOTK#(E=50}s9kkdiT){bk0mQUMS z_Ciw;=wVnpDilS0i6U8@Ygxx)hjyfyS7$c>|S`+r<;{!-xiKk_( zRE}U>#Vcwao?y-U9#x+<$TPcuP@nbCztM4LK6wL*d`Z?_XVZG49HrRfxot#_y_$W^ zL&Ae`?5TtM6(onfBwy05)Vbg#u`EuHk+bO5>}_vuy$zBv#VvPirJPGDZM_MztKg?^ zbx+c8e5+^~6DK9cLqdhg5V*jdsAZ|b++41!S@A$o^-3C-AkiM9i8-tOW-gV5Nl^zk zCWoBw4ISNg?O5-&@=Kq)ejJRO`doH*{uMK=wRPqVov|{N=r_S#4`Xv$9D6joNadA8 zxl0QxmuV+op8SybI*HUHo99?I!e)hJMoqDMpt3KC8Ef^!BZt<9Ii5gllNCW;t>Gyx zzM3N;42@)%kJRXqu!c0*SDBpD`{+l#W|LxXA}UNLzo~U~WapXLfm=A@`7dSuUcEl< z2~?StZ(UVQjs8Q2HfIOP_5Rrn>}sQKG}-$7k>p=erEke|H#*i!jZU~=NE#KVC~Lkr8d zXt-beNmS(8oqfAz?S=O;OttR84E(s(wgL+XCNG02O`l-*0ExH_*q@&T{Kb;r5cr1^ zAT!}bQdsOzL7;S}*K;nb>G#%@KXcGR$SasWJPs>yJl-<@sL9l7q|xcp<#(<<7B%1N zTSN6Yg}dN_*-JwqkQdVSxt1iT#AJ}^Mav~0X!tSCkB=Mbc>q9&F6+$_3lpIRa`~&y z%;bPL7l#qd=l1@Btn2MHGw2ZFC4et3oWbr`{i;VO7#fOUIoe9k^iF8-N&a1MGxp1# zoF|A-qnFZ%ibp}3>I`yh@{n>-p%kr8Bm_je%HZeRrRC6FRZ4q-yW;oBU82K$e?;q_ zI6MlCz30(clXVSJg$|YtMI8ZPqyked2Iw4sg~S7}kd{|12}4No1TQq%y$rd|mQxv1 zvVT`fX;;gS9?@1dB`IrUV_BL>$v~wwh@E;F>%GQgQt?-nX&=U(1z3F?l^%&Ox^XNc zvSXBvZqC0@;_L6@)0gL5(cNTvvq(wj&83O*m$QZVXNNKH|<=*r6erTfuh?x-f>5K=sIA3O+~Z zxM89Akr##i1ns^CKKJH)FFX5Vp99A2Q0BG@^TF4V z1-VdE*Fylx_`6Jc7<;tZaEd=FP)zC*mSxgrY38!1zetQbmOhpqVC+Wkime-~|M$k1 zDgc8856kQF9iK8{vF-|Hvo+RA^T3(-XtQHza2-b%EmiT@EN3Wjr3<$bttq|%H2x_y zJTVZvYI*MQepU*6HAuVMWo$Fu6V7{Ef5 zn0kqZ86EHyqZuU=Imkzz@jfVYhsad|j3gu6MbU-3#sOq=jPFq=HIiy?-^}gxn~M$u zDzY!SLYcL1cb`%QGM+n@L|K*$^zLEwx35HtnEUI@|NP z?tR&KxTg>o#4Z`tD9$p@)-4}X$HHInE|6^^sO+l-oQrw*aVn=^RzEl^(jeXjac->) zIPt5@#`HW9Pbmp_^R|00scErGj}|OfP3>(XKWDQ-u0hqhJ#XpLWw`^xn z$Wq=2xR5i$-zO9Ulrw*EA-m8d64qxlQnUrpL1hwIhaH_PrFY|NKC^Tk!cV2SYZ<9c zvDDvY-oH=C+(dqdWlyIO|HU&soeD3k!lr7wy!?l#6lXu68-T-IKFbR{AdqdN?CVHH zLq04nVC4T)7c;k{#lOY#Us>MU9Q+;~aCK8C9#}8y8%=-j|NCj`zv#BRl6$v`zQlj> z{Lr(l$(=qFe|3{bTBJv=>vd25O;u*N@%JvrA~f}*#RpLLgtFR;TdH8c4$c@-1}?0{ zAu0m9QM!ly=SH=L7L+3oc)NNv@;-o#Wb(M_kwY(ps!U{MkRI3+W!*ZRxULZ5i2uofF}ZjXO#`BunLEsaOUX1C_GH8>QpX3Opx!`1 z!^FhKyom}zMM1d%LcNKC7DE7yE+4`tymy~VN?jwCh?ZN;@TGlJwxqPoV`DpqjGXs_ z3v`@3yw7~zW;GGZzRsjKa`bDQ;~Ti11l>YG0bxq~^`-Sc-uHU}ex6^^=aVp(M&0y_ zwb%mdBUsblJM3ynJlpQ7I>&eg>;EEBUh3624R`pC`>iPbowKR#rC$wr^&8d1ubX~} z;GeJ;d>}qN?={(c5%>_xU$sDsp3Ev`DeI!Ywmc8{y)-1^pmo6p4ATt$%$HTsp_zy^ zd|$_eRmtD-Z3#C?p7gIv|NW9ELAwE^dDw~N+NPU-pC3kXwpOlUD;tyCet>I7Gs4_) zvAASzDWRo%4a&?9i8VN}Q%$+xKJ}N)33RhP-iXZ=)i_W?i4k39sTBh=9UpG&Jio_p zVDfogpO#`!WDW9F*RgDbp~Jyo!P*kmNtiB?5{4+i>%D42j#bX?^B>pWq>*2(wGTRP zUI<%u63@K9LvG^S3Y)Lmz;aNt>-G@oGV`sozIrMClAfH(qTGu_ApHBf z8IIRfuwQ+DYU(g>1OMW#Ly5RYXcKqF@G7EP&BlVad+EURYW^+XuIl5%x=dV4hc0XV zG@H{2h5_3R{6h@=&{Cc}@g$wrsuzV156lPb z94XJErff-K4zeu<)0g9K{}STwA@2&R|hZU616|L zP-2x&-ss(kIfbelvpg3UJ#RW+-=mQQ3e&AKa?+f!uqJSH%MGFmZ$#%wBCv?oG^xA_<&TEch zs*xRu?tWRqhkBMJRvw0buH+)em-lCPu0hdw!|HPSWrOios2DWjZhp$qY3cxYQ0Cso~;+evfy#P>X@Nba$^1CeGSEh+(O- zYx=Hzs7gx9B_U*yU}z7uS!b6T-7m*fDyycsRqKgMQxPQGl~sATn;mCao!zxyE&EOE zN9zUoZ60ShHITT?j4#mGutEqcQd9?~YlQT~ceK{W_|XKz|4I{xs_Zz2yE*AoZa)^Y zN~9Z&m_NW(3PrjGg8BAIz*V}q*P!8if|q#1G35ZWQ(qmFRx|j^%><{IJwXzRYtW?U zxZ-|cz%^(FeMKg9r#~_0yqucdp%iAB>@WS1Z0{Y{xt7o}LrC^G!z`r!UC< z)R52x7srfnGllvmSsO{;b#zu)MGdJ1( z=V?nhzMVs59Ob#G#gt3VwNy9g>H*vvPEvSe6N@@Dqgin@_{cS0-`)p;Y3D6WHw$Nh zXdtbFo2i#*gute>r4Tjy3aV>R?CFVjZrqQe1YIca1B)mIn`o)U0$W&}jMQ*}o!jsc zzt9(lFw!2wKD4R3|Snjx$` zwq#3=0^C9pSBa{%42w$_EOJ&ch|GGLE<+tP@^1e=j5evYQ6UBLSIKj1eLtVBzVW}8oO zl{5Uj6to$yhbqD2Nuh6xq7aTUiG1~O*C0xbUi3xjO?K#gOm_YY#?Uqr-FHWrP&Qd> z9W|1NT~*dP2cx%kzyqm|gmi|(KCwWCkQIoaZuIXe>zeJ1=ZvfThYE6bolZljVqa{o zK?q!h0`l7qvmJWRtTz_t;Wt56aykdYwE%}mX?s;)a zxERnxH7^Ce`Rr&vw^L8{krYnbJL>qZ8F{+BdV5DtSHP`_n?g`zI9Ke5d#FmxG0WVW z`J^#>$=Vs7u_Kz>6O`(?*sXIA1w+Gi9cC@{4%+6$t#Is+bnJ$dP37!;Dvvx=J^ps) zo=N~HP-ScABCcO(#_Y)bHQZWKU32|(vO7l~0|4$T_0T5IuK0Pmmd%mvK98l4(C_cP zRc_Cv>|9by!!iMxu&TJd@VHIUJx7sY`O=GIBQ0bRy}Ty7an-hJeatu1WmF}Wdk@M% zQH4%$g|(_gcR|vZpm4&pb|sHMuOsAof#&WrmeY9Bh-NC2m%#FxeMN5v?=|@o_j|QV zd~d%<;KZnE5=~=#j{?+#V~K!6%Ln*q8D0wW4BUbhzKT|_XMaEAHO@`Tge(9U0Xmb8a=_N6%aC9DHO%h82q zt4EJy*EVprY7m%gD#j|sIoAZMaW18)UjvV}Ij!#n5`A!DXz|6tofRU&0}QCFql4qPVjdVXK50{WALfJL18@Ljq)7;PeV*wN!I+q^oz@B> zO6yBcU3tZc-RH&^pac?bd^q<|g{pV1=-{4jfTOiA)hE-n1?F=_0ZgMEM2X@!; zER=Ee-_ndU??cb)|!r=MSG8xDF))-3=XUx3{|PwCOa}48c?yG1^A4G#$wwK6$QUrboKAqx_ObU z58l0mlu`F*Pz_KDt%kzVPU&0A0fq332QebyBo~F{1y3N>>4Cr zvpmo1DC`YhmaBU{m>KTjSh~|#uA}=krI-_CBWsOxx@z?6Xx>hEt)1TU63?l5&&{HU zohN#zqjTP$Jnhg_tJb0J4c8!hqsbG6=FxbEe`5+=xCUXP(s`x26qF~IQQh<~fgzR* zt1%Y!F#@FE^(rZjumZsepsO90kka)IRqm6D;oC0B?0kpY3wPQUq~=l|e{EU|2oV4XiB!gwA8kk9{aK1$_zzah5Bdl}l%(oh)t&^iu2mC#I`I0ToM9}vh+4uP;dHZb0-%`4&|xa%}>S4)AOV)P|<7LFJrLOtteew7&hMIV8GvTugO_C zZjGx%EW9Mog{0|hqdyrEoVf-K4DP6;W#@+!Zpg$WyVcu)hbn+4tHgQ4W$Y6@6(@x| zH7hcgN`wR?j6BcL7H=L=ZfvLJ%|Dj4jLU%m^f|MwH@Y^fx-z=&uvu)@r2goHHGk6y zyS}bSeE*!&GWvT*yzf~ZIIkhno*)WW8DR3~`b2}Sg9{a2%326$Cwlr&q^;bKI_}@< zqW}m(Wn<9_f9Jc4!TXrAm-+{Xy)QggDGhlKodXlvGBmUlzpNA-#)n47cA084mTzBl zyF5*#NWCmAhCQbM!Bto z*gU67XK%#vc+^B_dBfVCD4%3T0p(E?&DvB!5wZuSO+-(cGe3&Hm$7*3{AmW`#PIze zN>XkjT-Gx(2P@?5fxgdJ2z1*`MYAwaUxLU`9br~nQ!l)8+aahqJYOLeoE;P9AU;dR z8kQ%MfeUBOSM=^!%+XNNeDK0KO=_7ISWS*Q{M2r?n#pziM{Ctzb%3D5IeSJii&uc8oypJc5Eo>`tHsaKTo!4R17ae~Y}9}W$rPR9Sd3QrdQ z(~Op8bM~hixqkSwl3(fnKYN@<{fKsEfc~R?R(`U$8EL1dG)ZkIb3*qm-&VK}!)f*%;qaZ>Iyg|bEpyIL>OB2MnCOCMHUWs*`3 zRFab65oHfyWoK5b4Kx(?Lr&inGTj)|+_;El*r;b*1(J|A>#DqdL<_Sh3 zEEC5v4xZ28F;1<$gG<eJJa$cU9~O zvU8tAbaYQWXzc>vf?3;WU?8?Xno$q{qIoix>b6^RWt~ z;NDKy1QaJS56#&>j8`j&s(@qx!wSvCXVORi-m8pX7kb(BWI*gD#vKnu!L20H+j8)+=^zv^r0B5MkO& z@$2xfh`^>TO-D1xTIZxtwmXSWsVZCJ*WvF)pf+9Np@CJT+kBcp-_7L}dkwnjl;Uj(BksoJJ@h`=+^*bixKxT@xkSyjCg^NaU-(k#Tk4ei zcTajgBCHVze5FKC|FN;{h6RSpD$!LuMv#!M`0GJ_wu)))TagSbN4yvw!`Zc9cFpdP z+WRYID8(@}iw@=+mgw4Q-bewN2M=dwR!2rI$26gM*C3-p_&CIuHH`8I?v;Js&@Izt zrp+R!kmq(+Izt{Wx6AsHozO0fc#({yjT0L7ET61Vh08a^7)`JZ>!0p2$-~leFa8)V zpP5wY+~d)I#wz}+4Owi%aEB6c`HBRalWiqvd5gkWBASh2GQ~`!;HLb_-c&C^SFz#y&(YDzF*g1t!DSB z{c`rk<(sT8N zPs?`&&Ua5k!@WN``fcDJInd}VlInxX4$6`xyvaQh0mG3$U%~HQ3cmk@SK>eD)VR8B z_TnbO*Pb( z4%Uiq_FAr=mk=Wj3Ytp?@4WE^QP%Is0(J>8*0{9AB%62bYq3elW1^CmZp}%fdRUuU z4hY<;vZ!m2guP?4w$tmWMaD_G{C)`26blL4k#3=uC)}?3x%24dquwZ&0*w+EBE&F? zUJO5@-&kx4f`m2HBD{2)51VI7*?d5DwI+ywhZ2Lju1=oU=so zYtR#R&E%a+@Lqfi4O0PY>75L(e^HT*e)`q*H@B2mr`f^KupmTw*#LKmTG9Hj_i+&v z_0V&5Dy?ilIJk|T+nWnT%}&`kc&p4Az$RLs2Ro|j*0y$iaZXEh@mDVu-?Ba#wdeH& zoOt@Qur3CriV{I8!(OXWf2X3VQ4HO2AhS|>m9SxPb;ApFc&}j?a7g=d zSawc8x{Gd^x+NAkDXJ zn&aAMbhCx`cCSHSE)J(Hrm?6n?g4jeyvUCoKD5me&9NE{+5f0kU9+?HeLdw9QVD=$ zl5GrUoNf0ivdgF7j3YKr<6M47R2XVFfoNU63dZ3;{<8M+R9?!qZ@=jz2k^-CBe6czD zIE?P&gYpi~4JWcv%Up+7X$g#%7#Ly7B5{-#%HzE5rAx2sk%GyGJ)hr@bS|9TQ?DO& znGmOwSE?Je_u?%fl^_U|tXi*1G^i7wJEqE2&3(I%bia90r&3cl6|h-iyYH8F;BEl^ z{MwZq%`Td;oKnT^2}B-lzW!5Pl^K$fudv%}HOL&tbxAted4w#KW8G~+C>bM}Z6)~fy4 zxq4Tx@IilRmrdQ$x(%cSXU^bRz1kG`77nY<7;?k_+f`<8DeJO0ayb3KKzd`r%3_D# z-Q{0{Rr`BK&FoH0}-wM#nvqb}O6;q3UmtlhO)N4yl5 zae@j*uG4khqA)5fvWw9?z5e3}ZwrJSho7)0B{EVJMx&7EVsEV#uf!Ms1gHPbD%4y( zq>9qQ%G7{_IdrW#0ZlPSQe3`DSv5AF`x^B2yros!{kt*?iBWh}JyiMfyr$(yJ3E#g zNHIe(s;Aco?VbGaTj$l&y6B|dt5Sd@(&aF>=RlSjBow3k!cM~omiRB_R7tcbZPBp3 ztP0KAUqX8~d~gKdH=SNY)=18>7JUX=)0#VLIBx<#C z<`rX^yu`b#<01yz*9;9hrNZ^uHg9wxHW|2^$i9!kV|=2fhmyU=KX$1?eqSCzjecM^ z6^22yI!xaOs3Kio;{8#*mx)^Zsb`u9%p{Zn=C2~@^%6?=ByGi4sk{jhRnJ(y9`uSL zmMrc1SMDJeV*6cAw(V->xT$$mV#;dth4ZgLLoP|neD)qV&fm^EaUQ_kUGB*Zb@u(< zgck%7$6s; zS-aC#aEV8$F4+7kTBlHOsg}NQqE(s0G*XHnk=@h4_6SGaJ!>TyV8I%3tHU>zk!q-eM-sw$T zYnUTziC$lU@JgM+#j!XgYbiTFdDj6F)JY8!Dd5O|ZZ}jkr+1$wInn+-JY93u2b=kJ za}Gj8Rnol`u!T?It+4g!@IA(R__^S7?;<`;T4l%QWQ!lOLn7(lsHV`cK2|?vipl@WZ-DIIp()60F(ZQ6fL!xf)2>3j+(aY!%^*4BjsTl9rtis3Z5y zIwnuPIVHRus-6?DW@Q-zbD`?dizTLh=Vr_59Wn5pnkkR)#ZieBQd}!E&x2Y44|!$}7edyH#?=8c+gieUiJ z;JwN6JMK&ZwnKxq!@viO*gEj2OQh~6;jh(4`WGqVbN1NreDRId)*1IVh1JykYfD(8 zk?_ZJ*C4NegKPtw#(IXB5Ko=Z$GIdzL`giejXhx zA;}-Bc!pBp(>CGp>3m$&V-t=zHv9B1_g7;5E)5(pxEM$mAA2fn>&&XFErcc3z9?1| zr3u*7fPn?rXPv`=K8@HIwd_wR1bnhRsg?%!)r;mQ2`{voYw8CLwgSpt{I*Nmd*Q_I z#PYdUKfuGuMo33J9LP48b-I>$4LW@?q2Aa}W=|clqoYU4$J($aP>`i|fB`G!!qI8Q z9|aCP@`)5<6;ypiS0+_S)aYJC!tSX*m(Z@S#~bC@F&dEQ)x(ZQaVs9APbkhl)7(12 z+C*twe!=6vL9s34hcscPz6M#!_+6eu?$Yc`D#?Q|1Wt9dw|Z8mSm)_?d15)93>E!l zf49Pt@zO({7h!zKa`HtRCwrF~S6U&C2dOm9Z!iY^-KFVOl!&OxZYzqeDAj@4i%;YE z_4LY$(JthzHk8vDq%%>kK6TbFN-DJ;_W@c*cZXtS#yVudB87scS7#5Q*s2i|QpiN2 zt^&>;aqn_ZgeOs>?9hvg9N%5Lfpea_LE*BICwh94w1XyjgtP+j?%MMGaMd18Z>j() zR8{wrE3QvLRr;Jq){4oo_|pqgDBH_9k6W7A%j{MUN=5eoRR$i_qy`s@!k)MkeI`;i z>$MY*nGspjaxMlm`#@=>vv9^{(kacs)QLPOzVoHftnSxKX@JAT>iB!~l3S&@qKkcB zI0p*i*!VQip#csNt)Hy9%&DKOxK~HKHt?rbts!-}a!uQfsYsweuPL@PjPsWof zbX7Q)rR%$jzE=s9x@laMd;X5^Jkscf>}iHJbk~^=l+j9DJ&(ZL`SPqB>BVDE)7r6F zQ~P|{tqdo7JG-W%!;+Mb#6C)k&3ds!i(s&1&tthAw%hX-y1F8xcE1$BYK`i?Seg-A z5`OuCl~)w^`ARNnpq8wFhtLbCtkzR&{p4E9X}8knSGCSwWZ=Qldr362Dj1ZH+pC^) z(4qWT;8!PF2coX0>e@8tJ59_%S#8lIudK>&0>LB(AB_)jz1jNStyF4BSC39@_?22O zdG|Z4;q8#LjJ(?x5ygEdb-9E@rG|u2GJj#dZuygct)ctF1bOof` zVED1+uM2)Do;o@wM^XJWaaVf=gM2_>{veW~RK{Y>_+U^AsK)KR{2Pg~>uM#Ua9#Ok zI974$47I#U5|ZOs8M7>)W79oXiXiXDCPp_>R8~Ba`!9Bf)9`E1%Z{WICfURK;`HA! zx|jNr3H_9eN&E&@Rky5?u0c984pA+(AJ!|17_LE5IW%ht4`fG`n~rcqoe(?y@Nr?& znjfp7u3*$%TMpt7=i5{3Jbz5s}BU*#+PFwd`@P?Y1@32mqva*qgLybCPOO zg`;*7n3qp}(L?e2pkDdyodaeGBnA44sac@U+#|dlVv<*^7b?D=2gEoT>JzqKBVdb` zS&nCHpwf?HwF2Jew6#;L>l{-(pPF2A9kF>7pk}#hxmH3#qd8`eIr6Q^S!XT8k`g)5OfIi$S5T14{?9q_)zPwlJ*u;yW<<^)XuvF(Q z1}O@=5KwJ%N5Wr~V)W=*d}@`%zmkFANNj`#H6ruZ$0KUeu}3Y$>A4A{B#Not~B{IHYyLp2|ur)TkYE0JDU*vilK zmfoEc^0VUg?VppxG!~^wxMX`LOu9(4xF!XdtWa8T0|T&@H!TM4=6?um!OEw7w0aPw zS#;bKEc*z^88G`-F@*L6jw-XH79A`Mp&zgx%BHNz&0MI4kaTQzD zbCoo3o_^4F0?SbYAI@<%ZV&~?%m)dYT8t-UsVonh@Qmr=TcsE@4Z2ETjR=)b;y0!t z3h*M&3$Cu7zKcaFI3E2sGlW2fbqeZP=N}96G5O4Ro{9x7Xk$O!2A#?o2Ub|OesWX( z#n$^u7#TUcMjRKEQjp8`1_L;mER z$P5K=r}~pH3X`OcuYOTYW#lw{IgJIJCp0YIwwEzb!}F^eoiQad{q&O?!f+-DNUSJ* z-ZnS52!;`TgW%kF%o2eGCGb;<(K|hPkxrhrS&Z>=c6qyVEf2j_r(NK?!9fW3h~Vqg$R0)06A7)47~!G9q4*({-Fkpe*YVI zD6bhbsNu>TG!)9=;8||7?^2`$hc;Y97Cc+c+GUocj+x5~%xE&vF%i&5N7@KxLHeAt5-z468cp;}yG-seaHq>&4FzDVAu;pF4`-n6AC{(N z95*rdn>7ppRX2+I^<#SYUEWU7&A!?gFY_9m*2I(*UhId5R2Ld%iH9@9TZ|$}$H8lj zNOKnrCrU=MOWm&VpB6PQV>k21C~;Kb2q@=_8qvr7AkH((6e1$K(BEfMX{l(LFS46;Y+dU>TQYQ-{vI%8B>;Lmu!v zNU0_jBLK%ma^fy|y#*XBI6XdV!y%z@QbaSq3BXjsltVu>>guvgwKtMzUqX6vcUEj? zQA1>G5(@-$V>{^YRmcyV|6o8cX!|9Gsz2d%Kv9T{Hrn?Kxs}?+=XvXOJnRrPJI)!+ zFNdV8(~H!`)jx!5s?&AiwTo4k;6QeQh^(iXJHwocO2Q6oQ-JC<9uQ0FLUGMGuew{tK?NT$;2FZJl-!am!xwqX+JZZRwTD`H^7u#T4tZ_P z9E^K|9NeitS1H?m%Kkrmr4-)0jol7H9g`_a7*Y{?#= zJ!h~?)Emg%FxtmUhJ=B1w_=6JWHURO7=C^EO9=nro}gwx;rbM@P(sr6&{g16K_0do+xVlP#L2O!^Yu4#l?v=8`JD@&yAL+Op86X}R!JIQkL z9=0-Y%d@aVb15oCg+NTg)PH^XO9=nJdxGu?M%F2dAzjA_b0B5gn)5>X^Y4$|Hk1!9 z9{&v2E>{l@=_++R@lm|hxL`suWO%Xjt0(>%asQV_+$yISX{XBel|sOqOjsFZF^h5? zHRSSeIlp~$7U^AXBBU%*Yd*tC4ayS;GoN0#X{+QcNqnm~K8%7wt5@`u0S%FlbpB;Q zWr!C)iTC*XEna9}yN6(TxE1}UFs0+b9jb%-KlQ9<)G2_B8hUFhRI~&jh9B5$b{;QN zlNCWJHU{yqLVo@KlEMG9J}}ZNhMkdHPqv39ps;A3s5+XxxAlam z@+#)YA?vO$4Ihz)Vc5Z`{F~f*`rTHYNe)$(B3V%|>#zS`GWeg?2cQ&%#|vo*dFxye z$&_HJ^0kA=`A%3=aQ&C#_SExjJI*0)*JJCL-CX9RL)tBbx*xL&gi7qYfTCjegMoSlFjyUz;N# zpu(WOQpw8Wm8*HJ64()bH;U!pw4)2*!)WkbVC9o5p_!vh^I?pW528 zGnhf0FmKVeYuQ3ttAyMK7}QJ#<3IxvI_M~jvDeRPJcIY}w4l7|{z10}xjB+dUzP9l z#zVVz8$@PG4p&AR2DLmhV!(Zu=XJi=?-MUsyJ9nj5?LVj(B8lRa+E_?y81IxiFll@gm&+5Mq?MZELg9Le%Y^_d8iQ0n?6vp*JqzW z9kj>Jly~PEWZoOJljI1-P^AJR`R_7zpK8(Wc5u_=h{Are=bt)vb<@in8~_-F^`Y3k zD41O+&H(Uh)zi*tGRH;1V=8ZiT#Ep_*d(c#WA|SD>j91Km0a#p0czpT-eT5qML{jx zRe;~J&c*}dD`WRc2{+ipDW-r*6qaibvr7(#dapx+>I6>iU|&iX#)ed}s8VV9b{i3Q zDy77Bu5@2EOKzMn9U*^uA+Gc;L>g|-&^Qg|8Ss1bN4cGhv%1e6k+xmTOAdk6Jm}^( zx>x$6rXtSP>TXDR*e2;;L3IG`sJ^DP$`!x^$SbkGQ{o-`VDR+AshE_W$(2B#Z=dUj zjfM}0C$qo9M1G4CKMh}_=*7FJ*<|JRvbj=ytfegxe$Y^DT4=!U`Q(m^m%#75DZfRT z|K^st2C<)Y^`s|D#Eg)PsV;i#vL{+;^`>j0rO|}{;m-LjNIhZZr%}1PuKWYjO8?Rk znp4cltmy4L9r%IysE>KzqSxb3_Vv9I-i6$i)XLA(kx~PAxTB$Gz z_prS;nHJ}dSL%BDg>3YSiDn+>e|4?iCo-4LFHK?j_R+Qe)}e*3@r<9M| zC*5c3-)Im}3y)QHLRb!6E|g69?s&a^&X`wGszp)24q&`>Km_?UMIsv!dRq!R z^AGPlg*xwuw4hE!`bm8Gn-)--ty{f!Og9~+>Hbk~)kUrY=u^Md@kbk39Dfs0%Ft$2 zZl2-p80o39R}cBE>3=UvJs0)y&an-o%X{|tyz9n`Vq`y2$#0Bne<->!O_OWTYvC7+ zRtFQ{r&AUAGbQFhSYs})e;m-B8h%)0JK1)`&<_Ek9DI5A#t;*_X5Zn(dnnSLk*q#C zY7#n?eT{oQ9J0+Rw;k)kOP#@KMRsR39+H{JYfwansK)6={V?Bpbpk*Ho$Vy&>I-m> zW$|<~)#I;#rno>9rnCV29CPF_{9RF8rJlK;{wC`TC(Eo7YB>xn-P0rkM>dzfrS(W$4SBXU&kNZzhe^W32AA9c^*3{aq z3sVFX1yn?&s|Zr0NUx!TA{{~mg5aVT=}2!PAiYcP5FijxKp_yC^bXQ2^w5zGh8Fy0 zP~Ug0ckgR|-`VFn`#Wc!^($FnUduV3IiB&1agQ0H~q4Cz@Jg^r6iuSLLfy%FCwXqnD8n8kuW&h{XJOY$E@5{ z|6`fq1qKdg-l(?wZk4T?YkY_@|7gb?)sLxj|cg^msadt%?}v2{WT&Niwq|B zITdW2Rltb8`?}QvZQ7pCDhPCTKBlGAQj`|UPeMJuY)X5(;{K#RF-!$qsiXW>4u5ih z&G2(p0siqSB6G67z{XAGA@3Tu3zRg{2dtJ}Br)Ti9ThwrC`(YtVrAsEq`s*a=CE6c zDQyG&+yFsNVpk?^0!=i~Fr;-wZzOgmD`zicnq)wY5_dKa?DtnJ>D3;kpu8*-G7S3S0AiW|p}&koXB zp7}0E66RZjL~Z9T((sW9(EAg{B}|%Cr*UgISn9wF*p;t8hgr8^MxPdEN zz*vvThydUqj+T@(C_Fkp{eCBPlQ41I!(SVemU(jOxpm`NOtB7}E0Q=7;f9CSXo*t$ zK#}i)x(v0a&nYQ)&T_Zm^*-NmCxr~-d<|%(68dy-3&0*cuRI^~-iOy#dY|4nZ3F>uuMg`AfJ8?9#wHR>;udCTkMA~@CXHGnOu-ItZC zQ%<(Hb5K1pb7sDFB2?vJLCyVHQ_ER3nGwg^= zl8bqP@d!^E+OYtsNuVvoiG0BFPX5mMPUc;{7cgC#)otuy06_SGeOLCqK$=jp@ z4wCa07e@q*&d)@bp`<*nxrRD7epu~jvShG4ctxIK1wKyC6dDiU<;<5L1p?AhiO=J$ zEXrHmf$9v_>4baAi8H9lM{Tl&_=6M=isfZ>wm%}>y_Iw^0V~v32ZraS&e~7^6o8%J z4?CJu1OZJi_YQ2d1BM0XoVDuGE9pT+;R8L(g?Oe73Idn4q-4dB*6mQ`acz*y4OUEIXx-R)>j26Sem zI|*dYT&=daH)^-aTe0#iqzo1NxnUf3J20h_uGP+T=~V@M<^Gn@TMAnI2w+lbAC8^V zRmzxMpbao1AxzM|JuF-Mp_hp$y^O}p_EBt>lCzkR4@B2KVC<65qa3aMM4Jzooe-TQ zlyOf;rrz$1V~`Qc*3Nm%9n|0$mtY@g4W+up3c^?F35yyPv12^JFu9gyTWfAIXIzSG zU1<%%E>?_p0MixO%tZ{e+KeUO=l(jvobe5FN+^p`_`}yrqHg_Q-ZjC+=^zDV;ZI9u z3!P9!`k5zOgXaZ|R~h-WOuP6N`HPFLzLan^tza*|KTkQg?{qIf6#hrlhRf+bO4KES z4kMbX-u2p-n{OZJHhjCCtQ+<;O)tr7%Md-=x+{(xJ|6oc4e)ous@pV9TH*H|BL{q~ zqq{v(@6dcIQuOuf4>&Fir%|Reprz&?_8oJdJUk1XFL&>$s^M>b!hBOl)Iau%a$Sp zfyjJD8zuFaIx4hLb->%zkXLVm_>WxVf-s`xfEVBB!kwO=(dfW2U1ukN^zF-g%JOc{ zdXAAUd7qr^G*?=7)?=EaHLcvkbo=y+4y$(`%)>y&>Kc5MiAzvt$zxO>J9)#pM{h-$ z$F0=@H{2URX23g7Ff@Zx805nTzM9S?GXk2K)|vdIVXs|n_`HoP-YFiWTV(mo<+{(d z^$AwxKDb}bcodna-T!80H$cZm-s`BYwdc4Z%a(1>5x+2UBAQzm^MSpKJSlQiD=(qk zOLL(+D=Xh>C6ToA67oR##yYu(3gc0U^(StxoZi)CO4XaMA!^qd)`)99+ZL@& z1qp*_nuxagUwN*@YTpD>c=eI}pkxrEOT+$X+KksBIdv&K`+jV25#6q)@zcyN@A0u0 z3U?&?d(xHa`d5lZydzVqa++b8AA`>C#gmZM_(!N#!hpthecd$V0xP0^@)e3eI~s3z z6S-WGEV2iJM7Kz*%40Tjrm8wMh|@AOT>D(~XDqrbD4escx`&cFA2t^@6fJaNV3vFF z=<5`*RRn};GPI_-_+H-0ZP!7OjtlxH&d}BMGXJci_b#Zu?&11z{{e z_|~HgD;j@nDp*vL)>H4*O}~n?dLjmK7W4D$)pj^;>O`-FQPSIegVCAg%wMKYP$fh# z@Lj&KPypF*@_Uo?jm2hoPOX%bS5oP}*bItpj67;&QOQ&zaso3vnSPg8=<{7)_l&bT zoL^AUn4IrVMnIGN4jPoeAM0pbxm)TIh~QwwMURE3D`D=2K5&OS~UhuHyCpYscw2#5ap1gbV|`1 z-hpQZkEL?OLgq3`t~&GB?VHSGVqc}MH3c(G7=*-r&SV-Y+maAg&n6WSkecw-9|gz< zJgjs^X>DS^CvEI-DrQcsE{1!q-IXIfC{bR><5nmLA} z(o*)@XyEo!EDZ1I3VCl*63i6=+@(drv1VTV0r0UZj^X<4Q9cTFj;9_ZjlE>B_mY-gBw@B%1FnT&zsQ_dHy1oR3xr1 z_7}vmMWWg|O7F$;h*h5y=*i9w7Gb*;bs|pltP1vWN8md6r8`4eJjauklWIl zj-R6x8y{78O>b{$_4e88;(B}r+(=_B!nI=`cbEswkvX14kaW`(>wGs#(yC07g+mWv z`Mp*QtO{f|m105?Jfbo=%JFB0$|Z#vOZC#1dgQbhm~vt$;~jNQT>A9guPnHbaFU$h z0|WAfm`hP3!WnH(Kz)aa=x@_0|J}ZLwabH!~29{d_T`=S^OON}J{NM{T&D?n?ofkhEkg)xam=1J3wG`dQhjXn1Jm0(GfK zP4B^^3sS8v!xA(Hu)ccwmXre7#BKqmtaO?{uay$bJ7qu81f1lFwY5Un|)Uw zy2-&aePhnc#+fb6!+JQUn{;^_OQ&;gegX`7Wb`Oz(9H6LBrxJ3<70}~RBp~){zBFJ zMHrb;AIP_}n>SX=z_;ZMT&DR1hv8hi6@ryc=YAizbbzo)p9>CgqEZa!zOZ`o5Sw zn<=7_NQ5c0N`q-n_ViMTqrH$Bz#+ko+$zsdTI^{pYwfm}dNu)2$kbrA|<7v8F!6 z+L*KBb0Z(hCvEqC_RE+wsjGc2QUp&;#I^IbK#%^YTQHY4lD`VasdG@tuhYjM)ZwkC z_Tr!RWFARbs0vK@-kuWc8f-!-0G8X4mYxOS}`EeiAM zW|b6{oZ)%cA=+CldLz3E*8UWeF=gsFRN$6d_QtW<&=~y!Da*&UR8I>MPcN$?S<78r zLUw<3nLYxexru$8P^V>^2C$sceF~+98K;X&%2xNr7A>#)Ig4GCQV;heXZLBT(ePQs z{;zW>hS-orZFG_8(_x!N^>_aGtvBl)2!-HC z$BWPf5K2+YXGeD$h}P|{tF2RLl}v${g8ckJXOMe@2efkyMM^JH&%bb|BY(lYx52aY z3|2o2!hl#bU1A%%N{+?INmzefpZH=_D>ePLA{ylu1=?)BL5nU?yKq#J2w_WP*N1c& z{VDFkDoA;BlOO3AZP47B)eddi^bYC+t0d;4`HkJarr?tBfU&5Q^JnR1W!|Kok;>ST z4uiAd^%|NTy_Sh(+SQ3m-AnF*H4IP92ORs*GHU?cACNG~c3@zzKJFxMzwd}zwHHs{ zTE$LNuUJ;*VQ?{#UKxp=vwlhYBGS$RhdFUW(_WAF6|yH>&^HB!U##K~TJGsgp<+PF ze*9*q^^bSN&*NP;=ndOYa|LVyFo5ZP3Oy(4nJ`22I6O^wGwrw?G`_VPTV=}5HE&Ps#kb$syTA-OzCejO&&b%nf-)? zoTWLl7Wfv88rOt+t?vlVBRG&W&#NeuQv9mDzs@>}eICj)I=|%fabmRt>FP!V&4(Gr z@3p588!$@aXMY3+DBJKcsq@oeRb9F%9K$U7ra46-6XvZQJuAWSD$?GWdO(jW7f6`QKrC-sKOQiQ@nyr!;#S|NGr-j!3 zs5#q{`re&^EW(yN`O3S}kT-F7C@K_hvU-$XtDi&2ZLE{-)9b**Z)Hh;*fJ zi@ddxy}6R8aq(FsA5cWlN=vCV`2;0=-(Z)jBl(`{lg+@!@{;?l;%I~;( zSFmgMRr_@fZ|>_>K}#1b8`yB5|3<^@60hdNo=_*$Oh{SDD_T;#lM&3_0JZIM*|Z3{ zj`_u%@iqmG*Wc}@h(FSvk7QTYN&v8se;+vVxo{B!@#+}Tcv%ck7K4_K;atWKI6%<=cB}={Tf5)n1k;r zxsQdqTN!yydBO-c$zxy}2?OptYohrB#=Qn;8#}=GeoYjThena|yLM4O9 z3Kg?Wo_K;iRhd+%3+Wu(`f3CTnE<%$%Ys>d^1ZSq=P^co_M2ONlORvKhOf6iIur>g zvXZFe%0U4d_ohCAH3^=}Heom!8vlKLk^y&C+yIa)FaT6nDC^r;VUj*%pXt78T9f6> zS$48N@tW#+I@t0c+NBlGD&bX0TtY7TRkIm$e=7P9YCj`&fU6zPJ2Shi!taJ7>e)Ok zYs3`7t;$vrP^oB(bqg3B#_N&myeZ25C#3$mw_tJ00Mk^Z>)7O_2<17q&N+#g`FWD} z)$X7CLN{;056^o(45U%ZN(woLq^ucQlWASzwlJ!RU{`qWk4bwU2u%M*2Cxmr}_HI$HEg_r* zd1{_;djnfbLUk&3B!DnY#^KM|Cje|%dj{nG<=HmQt*XpZ_wR_uUSCVG0MXD;>`e4C zE=i9=X3TYgn{QgXDCCtz+IdwXg!P50AJ@3sx{#icULy;F+5I|tD&*sGrxl)MWz6Cuj~7(?;yiNoYCfdFui@|MIu z^E%%MT}8uL>cBQM{5~(YEC98-sX)_pu#{3^(_+URC%q-$S${L<;c}qjO{i7gr@%(P z9davrXVQh%l06|}EiSL=#Tm{H=zu2M(jmUa$qc7*WOv+q7<^5itx!rih!g(<=mY2CbCy? zb&qf{+(hBZ54;I#ajAA6pj94_oA)s@S3e+x&AEI5#ZW22(LD5t?N3BGBT!D-rpY>M zt!e-n{ZE`6kFO^r0n59TD~aySxWrNa1Mf;SK+ILc7;roTx2`a;NKs3(P?IGrrBgOPfgWQ!LwuygYr&l76_|_j_!X6C`WFj&Y;VUpa z<>duQyvx#i#pK?L@-tE^3SUU z1_Q@H&g1~+%lCB40^3AXi+)yuuIYXffhQViWl4hUS{$Ws=8ol5!)>d?2k|HN(m(;Q z3zetCJ0Ia5Lpk$=oqnD*_L9V{x~Dl>Sb;(ar2t-$W$C{;Z;rp&6Qp$Cat!&xEe3#L zqw3RG=0B9Z-VtB|VnFj$R`6g&J)KV3t&deZ3zINy;ZDU&{WwCO$R%I;d{VF6!5#d0 zG3~L!O;E%+ZM&|xb)VaCbml&9aot%KR71Czz7Obs$UtWI{k4ruI$7FQA!0KjGi7{G za-b?7K9c-Awl08-;n$wt9n}lOaFT(KoJ3Ku1N$t zi`{ufhE$*TpQnUt8elS|(qAP}S$@J!P~5Nvu>24G1OpDYYj;&bH&;nbzWGolQaOLL zq#9cFVN~4Lrg-RHvsPcA+$gClm$pfmg6KA5wtZ=}fS@Gra2E|rq%A3pPF`yq1N17V zXJ8TlahbP{w8QKYd1{ra=6ih@aHy6rtr7tBNzMC!WQPt32X*OJt;{IzecM%zCFso) zs*mcucTvajb~8ygr1Tos^TE~1OH<{~0UEZ>fb{sTV~AeRn-ATkG8^lr>;6`~wN`OTkmHZqd!B&|EosAaV~R z;9vMCw4z_~_>a_g)iC)yzNUjzQVRSx4xHVr0thOYq$K(7hHkfsC{UJu$|J|+<9bT) ztHI}2c^fDmo!q>iL*|zV{>!ucez-PeJDfm;DxoULWt_Yaz+HIJMQL)SwkZ+Zz)bG) z#Z(b>KB571m*6GhnbqZz$8)Lg+iYuftW(_YKaL@UR#6+|U{@!vgor)kV}8PrOJaWR z)B8`_H~qC)h%-5~1E`W(T9-8vi{YMBH+8%J$ePPmGH>9uOY!lhgF?l~z?ENtd)M(i z@;R-*$1A)EM04pEp?3{IeEi0o`Xv(N-J}DA6)&o!zcr;igS-2)NnAGodQJiZWeef( zu}Mk7o4PR0l?6#tfh&b9Y}xWY{b{A4qrAgp+A(yb=Z}h!qyk|ffsjzN7n!KyEIA{(R{J{4)KEh{4l+yH_psLdjRkzOgdxBs&fnumdm8 zzeQ;{8<@&ofRjOc8m2LLJxR~UiK7OqzaA-FLb`E%6Z4VWklhE~5^Y!y;hZg-#6@}X z-V1M@y@AQ#(F3}M2{Q)FIw%*i%?U*2=Ycl;xj~dG*}gB!S@?-shd_8-fAceh-)xVO z>jG~0c=X@AuUcmEy)VX!brC|l-~|$bAayVpe*OmFnL0>y6K4SNl^zA0ttwdsAG$>n z5of|3xZb9NUhhVpJ;gizA9$v@yd6WrGBaPFqE?(z-rP|ZR}oI)-prG>iq@aP-A(x$I+z_{Z&mOd|abBum4iEmB z;8+LHH(46#S=7L=EA?x&_%S>l>d&-o z{OT{zz<@RSZF6`z70V+JAoXa16$(Lj5MAO>p`>-7JB}U^2xz71`ZiBZFr5d{jggD3 zJC&4?)A<0C(|CCY=v)Ky-f}cErQpe@BPY=IH5wDS&b2J`Mla44J$DpPnl#vZ=vYso z)nIEA`(74i)a6*SJ=$`(27UMBhHwJFGd(^j$#1CfuH~SWuRC1z=FGb|Xx2CTQ$t7b z*$Q7~S=+8CU|GU%s#=5sJaHTzF zbFcB6Tb~6LTXl5zfRjJ>8msow%9T-5@$iI}gUy@jHcgn58jW*k4JhE~+t!H6fCE1p=wZs8` zfBd}!|9LAY-goP~l)c%$!49$f<; zCTDllG+z8zZV2=I%)$DwrY{kw>d=#2-5GKWVb*#cpS@xR|S2DC%7iEZ=={x5jy-|v=V9)HhYI-l?0;Hwyw)EfFw z<-R&yp$vqc_x69wxBdIM|9ji?|Jze8ZGlI_d{{Nc)B*#Z$PyG-Et18!=E9Uiha?=L zRW9>$E)Q($h9-kq%(Fg6>J@%B(Y3-RkEZ&W3;zAX-|O*zlsSaD?0qfrS&dLQ(*CUI z94$@BRWT}x{}upE)T6(U7>JqPyx%Q&`k?>H3c<$JdcrTdDXx2jei%-H(_ZU7sY=>P z^>6K^!^iha{{G?b_4q%@9I8|bVWV=JDwWhL>RamRwaWxg-y0O(6cV8IY7_^L_DnYK z*?BFlR@76LlExp=x1<~AiZ$RCHWXgS40UVE`e%)3AE-j+XiIja>sZ&X{`q#@_OgHKehSD5b6y^|KC#bXG5Z;+`k z2n`$Ch$+!qdGRhYne*?Dzn9=YVFd=YvWU2ro{5rJ2{gBMOd3a|kBi=2{#5}i+YdZ( zl2(_4Z}5}So`;)zDhJ75z`}-N3kaLn1z?+`ApO4={6DeafA7;jn~g;FLyPWbV+p?) zddH96SLU?N#c?0B#Dpvr?unk21bo=!^i2_*U0|atZ7d;?K{Sh;a}L0$da7eF z(09dYf?jY#jcGNW++&+*(OG1A{E6Ft$#QFmLeZQ-_9VV%FZT#E(`VZT#m zqW4JC)8Un!>xq>6&oc~1C-WX!H)!ydPb*AGbzb#|Mu&Y2R5nA{bjkasBVG>2-4X4G z%kt6wfp<#$Jb_hj?Bl|&Hhzu-+HjV+wA~qug}Zj{(9QLz*Oo9-{=j=Tz3i9)UtQRy zX5h$fM@S$@-?ubTJqz*Y_)38Xe$R+kVk?2K`^lXE@n#Dcc%J$D&wnq=|1xtZx-5W`CtT@|b>z53sXz>Hy*Zey4%g+L)H@aYn!N zv*71d)KNE1X;PPNwTtF?eX?fgvvNHdciSEEo<;AE>IizSy#lUGm}wf z!p-!c9>YCGG*pnLYGvwzfyIu$6x)o*2eaCJ8RU>5{m@5=m~)b@GSbi90&2Ud33CM! zpH7Fu+#C+uoZc*Fp%prmf8fbMab+#Zp9QN)iLy<6*MRbp=)NrRuUOEb_l0C{i>>nV z@9T68wn$EuL}+P^>Nr3KvlPWxtIgtG#*WmjoJ#T`08sGEJ%V4h9w)o6VK_ zvh)N2eKjnZGf*Z*?fvw$F8j?Rf`gLkLLM=O7HFy0fV@%)laP<;c(={}2KTrt@+kAZ z4Mk0qKfX%70yLq3eL%lB>wfZxj4q%UyQ1&lIfIjfFRa0Du}V*|q(`|HT+^!(j*yEH zYT)@LH52k%Yj!oaulS8CL6OGu1W`aLDraDjtbiQg+F*0uBeW9Ox~POgFiiaMFfE|5 z`(p@BPzrZdaz?PY@*JM;-HH%WVa`{0$$xilb?n! zeUe9QXe=!ge+(B2-X0Vsv~ew*$UFS!9V_52k}LILR@UYtY5zRf zz}ov_P3pQB7ax7TGGxW$<%;I4clE)&&f^Aw7ROA7>{Iq?fBY}+^u@Q`AOdEy(bFxf zixH^%$3O6NzP1xD&~^UvssC|rY?YSwHC!7Sa6osDisUsgbX|m7t+N}v1KglGsN0cLQR#LI$v>y=TmCwkg zgI;Gzi`We!**<&Tf2>e$fA=iz!Ce@5iwF6H{&`csZ{YzW9*OmslF#&Cc7PPo?eN$y zl)iI2RNhrNc7F5ny$r6}pBa~o526EpZZyf}9nZPiVg0>>=;o&t&Z7zw;)&9Ykl&U< z@mr30)HPm-HWDIY^+_bCA|vpX0Xyysyic{mZEwoX)zp?qkM@ci_%@)dQNB0eNnTX; z#{27@`5w7L-=PB4dD0Zcs-*%q^%c`^93s2@)Ie`DW>hoTPq_?X4DU$DlW3+fbM}=8 zP}9%J#`RRq6$o=qnjNq);L@@>S=g>yrgm!gTes+-OHQe0f>}j#_B8GkZm>C_ zfW8HFPPon`xldX*|G3`$LUCL*Jvd9qkWr3w9zK`cL0M;X73YV-C5W>Mpc6g!qc_hT z)G~bsDGvt#POOr7<1|Ci5-0cB>eCTfe_Xd8UyGufn>sBiN$sb=Syg2q=ClN8M2814 zcySRIcD1P#|78I)LQqe)oSos~#fDv%?_V^NB)R-vhd}7ac3uEbx^TL2FW`RE-RITr zy$7i_>8qK0w2U{2uI7)q)C53HUevS;p6@C}8y=M1g{|6&kX2plRs?q`Ynqu0i=Unh zj=g{;cC~?bq?VdHPo~VD$G_Y~wWvuKzOn@FYRj`L8jhqg(JTyM+w42j64Pp!FTlxTf|O?4HgsY+;=sUARgM%!$-(t%*OJ@yMOOd9P|>EwIQY+cR_K zP}0%R3IR0F4^oM~S^-*)$pF18me+*sD}zACl=UXX^)Na0kcW9W+Naf=aS0Gh_YpX< z)!{_vd5SxQ5Y_e-tyirb?Seh>ySCM8+78PC`=f@lb3>2*P+(7W3c=V--U^6j8=dVg zd(+wQI-MkqbUa@t*M;IP_g?XnbHOi*dz3S-ghof$Bsp%CCiPlA9gtR%E_4!Pk5In* zg>U=9$GWmWIW%7ZTiMpzqB2be&?}T+IpMEeA+RiTZGo9XD*@vEcn+o%yQijcxEXHD&Wq-6}UoH&{o~llg-Fh+Y|Y%1&Dicm^Q_5`)~p`*~c49A{c8k$YWC@ zRdq*m+&&=j9&Xm)@ZhM4j4y&5+JS8A)V!Yxf5!u_pt`!unew63L1{r#3p8V68maw!rh z&Fyyh0@2PQ;ZyOJ!rJ$vH`#pbk1^c$X+Qxe0eGEk2NkrcY!f1w&eRy7uVK}rUs5Gu4Tk2{ z`rre$$AAkf!nIJ`MH>ZfVgi$73wI#y7#NbNduW5|9G-bz1zyCErvfMp$VqDWt<4Xa@A>|K^dJj9Wq2}4jmVrK(koK zmu5MJD5Z18Iz9?-RkhH}+^TuOFA+A(qVSVl2y5u?+B}I1Cz#_ouwMQg57RL*);dhh z`lflVAz#b6I5ls<-SL+L8mE^OXx>t$1h17Mv|N4n$rdHRymN4VPl`qpGb*w|*St`biGIKZ1(PmPh1oJl$SVnm*jPEpvRZ(L4p)(#MP}4lF#NZJXBg7mU}3o z>43(0?-Ev%{k?P+Yae-!Xcfx#6N3G!lGlkiK|M?1T_)Z<>Bf;huUtZ{DWH#v^U*S6 z#DV*Y2FG2u<5SlBXLkEC@hhJ}MG4J&wLEDPltzB% zb_|h?y8b(fx+*I&NH;On@p8=q9w4u{c*fkOq_ff<(%S^lllGZe85F6v9yzUew!BH9 zoJf%SdTpI%-o&rQgO)-M(k8#I7uwsz>AWG_>m9fTuWlIjkw{S*mtTJpIzT^U_6*Qa zY%_8=+s5v7)yo+(jHgoK#8DBQy|jPbusBL8OoaU<=nz65p$MuJcd}4lSEUSmh&}EJ6q{F__lZRx?*00Kq_6}*3c!N?d_~G_~>0d2{Z*s1L=s3!tpNClz4{b zr1FM~Rb3WQ`b4PYR$kD=;K&1;xT1d;d@SBfJLTAr74X(LZgSWLgT+lN6 zbYbIcfgJ!L{lJic?)! z`+BHPj4vtro55!Y(;rjaHOJS#gF8M|SCoO;>JuHmbA2m`ers-Nwv@nGGfHk6 zX8!@1Jzs)&-9(J_Ym}GxT;R213oS_1V4i-EaLQOoGsI{Hc254_Ag!@1t* zx+9m-TtM%X4xnr=-D?nb=t~+XnCf17cwbSAe-4 z2jKu7?jLx=MjJOKR+nnVPPI>Lf8Z_CMP4jLs=Ne-+7nXz z=659uCm69`J_dAAv@T21x^$f2BG_lRcw``Yw3e=aGXWs>ZFysm0mabfG;Go_-el-D zE6}iK2I*ZA^&gu5!+yDB<#@8c%tl1YcV)qt6J;`(Yva3%vb7W9767>T09D-~fSO_> z;)pZ4#y1hsUn3UmpH6H8%>`*9u3b<*S3sZ@cC1JS?kz-)GK`chDW=8IJ*{<4;bwC@ zNc|!c3v&ttWw?Pf#&6n3k4V8+6UJG9bN9n))GBWHkRmW@)-$*+`prOgH`0sv2j00> zk6YOfR!7oX>QF;+kCPk=7$mU|ngQxmtM5j8pHHsY?~M+S++d~zW;h?%0HeZnfANAP z%yH>+R{1Lu+odt7+jX;+#UG;wJDI{n-NP!jsm$g$dRoCruS$5X=svk!ic-+~_kK>z zV%90%$s#JPVj}x6ciHfynkB^5?U3nmS-`4S;QW4@D-6)%Mw7`r!LAYm3?Gr{EpA$fsnXU>G~7d0<|ndeMpyAxnox7tuGfkKx)2$N z<(KXy6>6z-Uf-X1M_h2980W&Vh%{Wtup>DR#%}}W_0Aj@ux7}uOY8#1z2|5lVo#Z7 z02NrNW@yKG0HA_aLHq0_!ClBP)rVpDbAm#oX+)|oUOo6^DGe9T(0k-7`REnACy@gA z&)qDXGt)Ae$9YB;DRk>HXdP+`e#S2}n^<&n zt8oAZEBxGv6PVM<8zM7x4BTQo=kc_gi*N#;m&5cHhgpGTF-uNw048h_wo>wZchF_H z9TOR%nZ{G4Ctutx2vs|v@N}72smUN7@X+qI_7)Vo`m|U|+S*`r%IWQ0cDUPx$n7+# z5Q15%)Pu+`TJY8GtVWNq^Rfw+V=lhf{=4p><;r1E_gMlDUy+7pg5HdEzaBmf@Y$Q3 zr`3J;gsxDVC-Yr*;UGQnPKI#EEEu}-((eUw7`HY;(IAS@gLAc=6lF-s<`g1GMc``1 zTPm|ZIJ#TGiLXjHujuODE-h8idmQ#(^fMf5TI+(B!$h3X&Lh5vvey|PGgq3#idhf2 zei$JG7)rR6OogZp;ZX7_o7pVB$u*r3797DKu!SYA`^#ntvd6n+PvtK0l1;^Xt|5dG zzxN$-ORsO@a1Cr;L)E3snJ>drkXtL9t!(t%{m$SC;r7*S(PG2?GOu(Uvm6RApWO+a z&$xp7GlomPo)C_uvx#|Zzov1$D^z)2fcS;KgXrr@EXCg38Lu;#V zR%?2h5jX#DBjES1egHq`f;NklK43^i#{#`o9{2`(lY(}D9WA={ioN>m6W61>b9pR0 zbZe7o4+8|I{C(TBW|-61_4KeYT66fG+%VMG`&q3-aP&QZeZ&OVHOGymsfVggr@=_v z0FkFnjBJXH5exOLBzH-?#oS93hG61^rSyNz=jixX5Lg zg{}4%mV6M)oj#Wu3s@NBaxonV|fC1@uoC_NJlt!wjs zCo~xTH36>zX}kh}kTId)%Gf>VW}_g(p`F+6iE;^+8I%Th5zx6EwIZlh7>A^e>~s1V zd^8ROjJ`H;{sk{c_J@1E!V7|b3~CVQxzY9de*8TX*2nEob-{*dt1%$_7;`x=)RX^1 z0srlsJDW8yGDZ;GL!p4aZ^|aV^@L8LK+W?uKy9%Z;+9z0>$mRr-aTYrG;kE~)al&C zs!jk%;a9Xkyt?cudq&5_(QxIhl%WVT?nQJtmckh}*UN;*_YmN-Me2#^HfS#80t_s< z`2D8&@t4f?=BV(FUpw{&$e&!+HleyfcGMp|T{|grYVmcBCC(X?H)QxlAb4$okQTeA zXMTU3vdT4yJwZ7$H-FJ7Aja`Wr2GVN8w*wSxdC-}^_Z8)8@^DYOp=z@4E>>Wu+| zWZ*G3?`La6uJ7Mf|LZ|Hwmh`bzwPgL%)-7@y+3E^%{0$J?QrCj&931xV5V&Lg)Xhv zAEjn}eF-Ai)c|`!qU{E-eAf3m9VMNi0nWK%dr(u?0=5(r8oqWuvk23k8=bUyT$}rD zVu0bSTrY4p#3eAm1gx>H`whH$*6@75BPn;#F$Qlo*FMchPEJ|5HU7&^_<>hEpD@V) zogw*v&9`f>VC@(-0F>YrCiywHj8;;9z-M0;P_DKP-dNccDxYQ+~5xs+_ z?{f!Q$lhJ|z45H5a;xQ;LRK)H^}Q3`ubLLK!C(Hq=<>C2;YSpp-(w2>KXT zrZkR$%tasbXg6%nhmUi48ydT||;(Oo4 zM?dfsF=E+ksfSFv69>LdH}r)PqJ}TMGNR_;E(q=4~>eO@=48Sl2We9}M#m z53D+qlo$dqu%TA!JOKRuz|-ub$AHM*Qh-H_@ad(Kx`LNf+mb;fA{vrr$nIOpkP+1R z-nE-KFC{%Uc7q7V!2p3u;5CMA>ISCNqSbGZgU^EPL)DW>x3sF@TVHVLIRHv`x-l?0 zok2z-0L|@q0T}vD2cZnWuG+6l{H{byH%cZn2{3(sqCf6-R#^Q@F!P3(c*;+lM)cu}&XTyQGJQaIWPR}9 z4DS3VLOXG(Vs_#FPP9nw6sl`5$elbY(qjeLzN}qay&DE_d~lqmTcP}hvFbW7Xp;uve^l(;H+O-mG(_?p{sO%h^Gz-BD-lyLGi^7|g*?oAS*cc#pBXBje()O+^9~ z6g&XNe$u%2R>=gxH=1&SdD)&uklrx)`#=6(gFo2;=kvhqoChY|XrNBtVL(5P8j`+5 z{rKD;#yZ`11bdW^>wfw$@wF*F-#P5t`654#kMPfT9<@KMXW-br7ti$Fr1@V6VRygzBoMD||I-sX11_<~xaU6(&z-Mr>%9Eg8ba zsoGKGJP9LT^u~aQWw9~Wt8vb2>$4<>^N{39^=8WwY<6&d{QEuURF0b64lRy@H62kVsgLz5kbi`>P1D_> z(=WKzdS4%CS6Qn!M)_V}0Ax5EM7A>s{0IE%##AK;pR8KT>APsr4(G;<0Y$oDpvs3l z^N1eyjV2!r7AI{RtRpRJvdFgqE-z;wL--_hg|(~N03rVpX$5ZN#l$^NfEh8-S;$Vf z(2~a{vMWd?+#$D?H)<(*F%d+ru{u-Us|vfLjt`#Kk52XjP`_7V zXW^Uac)x@ytM+1z7XzhTj&Is5*S=>lkDgZWhBOhTEhEnhRm2!NTaH>I8oyxeL+Qn1Gk1=1@A=5-|Oja=~A}+M- z3=?0-4t1330q_mzZ>fx2r0|p0$TapjjwX`DW%#=8D<#eU2H@{0B_S+LUCDfpqmSgF zOa-bZxLWm=7(TqVe>1Y)ll%SH`=u8%I-DoVA)aU@4Keo;`HhEfW&LH)w059NRiK0M zYvwB`Q(b4bR2l4An7pd~#_?z3=sT}3s@T*V@J&z87f`!*xwB1(lDoKm>%kxNjAf?*M65k!6!il4FC_}Hm8I{}( ziVMeF55JbQF$}vsb$YXb=Rb??XZ#n8EC0InaX1r@64hlA zWzM)33MNJNdHx2E>QeM(#%A2pMsnA{qW}hI^@Y`X&+g6ijpB+MN5UK&E4&>mp+b(g zoof~ZEz|OBWf%8BE!#6j?}Dg8Be0;^^R z?Gn)>cXv2AQQw@T_mT$MlvBXIpF}>JxcyFiC;V5oYudXbcFDDq+X2$7CXiC!BcIKD zr~GVjMVV%f8lRbs{rH*vjDB2s4o7R}+&PCGI`Kap+dP$Mp7+`Y1Ys&m&F;%f>ns&g zSr$H=!m{6H<~TT5%>i9`5t7)l6HWLVfB#v43Ai*Bah(5$EoNn$M$9=t$GU9y_+epY z%#zRv+*MVV9*VAG<0BG?Y7pBXA{)!fYur=j?4{xl(C18O4{4=Hr0O>boD=S@(wOps zjCWQ@@=uYVY~1pf2$(mpL$~fe zt7#DAQ*tG9>%53f%}J8#1HqgW>`b6P@1CEtU|sdp1H|ozYtFAxBMtDMs$PA2J-yXp z<_U>sZk9?i5|Vs2ZCuqN+Z zFen@ay0S-?QI}A9G$qcU9`=Dk#8Ti?EylCv9O|XYP zSD@2M^b(cDhZ#J3UeCk?cvIdSPPRnTAEM7a^y^86O96zzBlrQ|LA~by5OLVAn!J^qCmmG$2hGcOFmx z*|M1yvuWk3%cTup8nR0J(#aXB=jczxQYZZM_xJ^`UJ~o{Y!FyP*h9OFY#Iz~S8Exu zvGa<#>gl)lr_6*T#{Vn|hX2@zx|Lvcj8sQh>EeFL56Q>8FpYAYgUtX%^OsshKo(s5 z*vuunvnlpgYjCA>>kGjxogZ#N?mzsQs(#8slf?gc_LC%koEhI%X``06x7jR}8nC6& zWL63QNdija`E0dKneq^~m2GZq$Feny(O-#qfh15BLEcgy--Y}mtdO^ad8zL--1;39 zT6dCBSk(}R)d_zn#;<&HSoFUr*ljiV6aVnkQRr{FY^v=xV^v?P&&`tye3G_5@;-ZA ze`hrHOR)U+l3%Mo&a(1v4V(TVJ>F!%HDre8U+76=R1>`VK~X||udj6ugSN?+wC(a_ z;h1zU44N`V$Nh=E_}7i?mWWK0*xDoTJ%$*-a`fEZ&1GMu6h~il7w?+IEnM}qI2oT6 zY`2&w-K!bbj>Xq!E;MGLur`P6uj`F?;xSGm(*8#W2ZYwfxQmvO5$r{uo7+3~-yPQ^ z=L;TEDDh=)7r&i)u%Y%81H%_3%}&{PCPugX57C^w(^?i=zpE@1;(U4+VR@a|rDHv#|kQbP*Z9;J`xItx)lBx3_;` zo@(V1Toj-KWzM*OUG#p?CjYwcWK0XJXpy9XA+BG?!s5V>Qoe(ho>jrNjW&ns zsACP3w`!JbFK+6Yvg4?-ND89pasu2C&(qiC)`6n)?ikruC4Fv%1%S1+-e^s%Li9PP zMXG_?$9dO>8nM&>08B;Er`7hf8|_j1stVS0D2T%q*-<=QRtkQB`ikO2e4o^39=;xo zz$1EJ{ZuFWp0N{JFI<(ebv+9PdOr zWRzx_nE3CH6bq#^E6u_lEyi>GwoAu+fv{25lc7-vS|j+n+T$tpiL&cAFO>1ohM^eR zmuoFWx?_bNY*kN30|>`6>zBQw3X+4{G;iHIDlI!|z7;_v{IEL;G6irQsn`sCI{6R%N6bTWuNIp3vZtta`cGn##RkR zEC5}HViP>PYJ=1of5(J4n(l=eBA-v)c(iouwVaS+lBjZWPVbD1HjwaXzs74d-wq*x zaC$S^atz_nu@+NX4O%U&$13TN%>rdX%!~w09vT$Dc*m;}4_DGOqp6YZ$Kv8N(FTwD z)i|~_lG5M_o0OmARlx?z?-`yBkf3MMhl5&P$0B-D*I}0JHZovM?r(MCFX>~%Bgi_l zbygmH(w<~fHVZz9WMoY<-J%d}Ej4g_P~_;kM{{a_c!GmSjYePa-sG(3;v002itpix zcUUH@WM>pC&;s-BwC2d19K*oWDa0y)a9Pcay#C=8YiGgVFZ{=~$HQAYMaMMNTA9xe z1y;47wbtro^CW7wk|ARLm77rHZR#O_f24R=a_VR2@h%ulo7JO^fFI=Q_O%9UhBCx_ z2Th7{ru$E6Yi`OPXuo$vA_>3J8D=3%U7m#(4vc&PS1agPuKj-LKfNXLIk?*ouEc`u zJGWx(ts{EwFswdYP6l$btmXcla-9ms;j+vbGvf3Y8MC5FzUIk~g^EhoIjHdnS?AD5 z-5ua6`F$V%CAx2ZmbdCaSy`04H5(?;Yn&ub6sCyuxqPcs0MMa2YNVmFP8a$o_&-Zj zyt5GH$jVU}3n;C!BB6NQr9{!J5A)_%sxWC877ibPaaxgb3vee_uDoV-#qc{wB}Fi5 ze}BqkN9V2!dkMS&XCpzl`b)B#xB+QUIIB(bG)nk%#Yc~RofnI!G!krH2PCFauJk%? zbWz2A<8J0YKk58(h7$&%Jqz^K7uWuyqGBjngbdOK})-NC#G`7Ee;sQb_hC7!c{)$O9J2a!bIwokWMU{eC#!$Yz_cQDOn`Pyt$Xu8qReI{YJZpFLX#;rGF1ff%xC#Tw(m zq(7!NBN{eY+B&cfXTAZ;g9^oWPvf3$aBr50&_QYqdy6lKRqAQPs=lZc?=BAE>btTR zX&S}P^abU4Zt}1$MTbUhcl`r!IjFtG+U5pMvSJ4D*sW1yRK_5;`{{*Yv-T58QX(r;PyQc7_&>d?dk zRUxL=O16cimAVp4%bA600I0$f_RD0R_vX4XiH3pva;{a6@}~ud%&xt`+~W6NrLwtC z-SLlze^z@RD?sdZobsRJ@E{SuscM;4E=S~_gVg5;K_`J9zJA@n*T zKl~`wF!|sL)LXcx@cn2lU}n+dO!Mm=-TE2B>QET7ZMT2GOY89(d zX9@Ge57O_%3mL-MQ}}e8un4Cebv55rVDXm)ebVl; z8y$S_@$5aU8s;jch4i{HnfwFHa-e z6XHmUKIVCE0G5fxq91{7#-z(O&tU`Ce}tQ{p=wsfhp$JM*~6?)1JFN%*L_y{j~UWk z&ep%!b(+GD!@I1 zl-j(|yQRL7=CYU2dkEKMW1g!_C`T#bgs^Pv8TsHiV}XrBgAOiw>!d$$A=y$`_U%q( zT;M=|+j2IML?&Z`$|#39Qt_F z=J@_e%q#f#4!tJkgmqe`CUJiyj6AqC`e9VLCqz9(G!{HC-HdpX)N4LIch;6x6T;(x zOysxv7Q#N7451!ypc-OMO%W!&{>s2&9={*6JAZ8n2R(w*OG&8AFPuT7_IUq=Bqn}an0@Fq9lgT^#@nt05cTJ ziX=;RylssH$-inVES2tQ6~$pWI0+m(iJGfazHIbO+Uqbt=E=LfOVB*I&Gji#X}4U! zpJ<729o1lI5#yz&8CpTRC_6~4jZ9QoZcK9=FrqD&Ds_eSX4ToWJ1-ch@GO#~NpK=# z=?E#uIv}&7T%|c-t|CcOLvGtnc1!-=C7&ZG#ZI!d#k7P zzJqXnkUKqE6R4vgo*awR(4fSSS7Tc>KBqL76BrI`&pl+o8ElfA6ko|Y* zjYWq9GgHZ=WUt5{zN{1ZbC>w*%lr;0p)nYl~A4AUh6b^9vgsEABNqz&Yyh=oN>0tkizu9<#4*q#jSK zZ88VZ^s%-8qM;p-8;5E*mQ;=%I8X#ig0EFpnx4;?p~D;pw7D;zF4*o@xRPaTICEj_ z3{CuAXuo)oMq;A#l5!@;Cr{F!F!ssoy#zCWcPTWrEVeFjd)K=NGcFr=A$EQGsiV` zU!xF-306M891=E8VhZ2p%zBeo*$1VMAV5^-8P7=iznZt_R;vC`KwggK%&vb0xp}0R zXFmtI?{gWUzX#I*9?#$;0ZGGJG3y!^nfLRhH#DD2$8;7#lX33CN1J2}yxI zS_eLI`Z+g9`GOzj7Y~##;90~p%PF#1JR<3Q_Kfih9Q%VP#F-ypd>2htS|^)0XPhT; zD&Uf{NE?rMx-PIS*9_9H>C4|-E2f2uB$(MR+>iF@MikSIRZK~tb2g;C>V)W&XxO?9 zS{AAEMx4b}iHTJKq%`^2db_I}HJ*hTQ{@Wx-Bc;~#;)~v?M}Et`_Z&1v2@GzUVUc` zjNjxh*9<6a&M$wOr-1EwezDD(E?q86RYZZ2Rj?Dh6_L!+6BHinvEJN6_5bKE{f9xB z4c|dDSOC%iL<5l8D-PDcbScFf_Xuh7y{4)hIQrf#;LYu_jk^w+2S=h{OtYM_AGCsA zWpza z7-sS`t`$*;u0v2aFL)zN4OBWfc`B;k9R#Ha%8y$ooUy79VB!S4H?f999u# zpm*B*Mhu64&a~b3ScX})$@u`cI{<=M?QB|lC!uYF4%wFLsH<15R)hc1K& zQBs##5 zX`a~nc~NzmBol?g^{z-CQ92#kI1fyp)3+%aBN&Bp+(+@!rCbF7;r64t~OLekHg&^ElE^EW{Fi=R4$eCkU6Wgjx;;`x%|*Zwlw_S@GdT-ZIP zzE`zR_%a8vl^pgZPJ2UheiP@dek;X|zu>cFH@>I=O!-{)q*mE5|7kzF#aFjP7*1LQ zhU+r{(XqdV_NxlP%wQrf{#UckAIb{uYSNAO$H<-x{{6o8^mEy1TJ@g2Fq`y$D!d7% z0#Rhz5#Q4@`wrrn$}*?4O0@C*4q}q@v}lmpDRD|}&D6LH9T&7n^Hm&0d2vf04mIq$ zS6fphXT{5?2Z62h=T9fNDMC##<-f1a3TLp-@F+E}SAi8f`d!D0xJ zt-KumTuMUcBHtu#TGx+3F+bfbw#~bb*1X(|m@?t^5LOWuaf7`^`PRpGu~a)p zZO+&wK_?)W2;QXG=}A1kp&*iKCZV7!CD?l`Hj7}t;Px5@-8KOzdjjnO+jQ8~+Bzrh zyoK^A4qza1hr*rUxH#qbk~YjCdY(*WP@uQa+jDG%9}LqI-$rd9ym2W%7J_Dn-*!4bAJ1q7#_OV>>9{HU!SKU^Cka_uu;|Tpz!J*h@`sb=H=f#@b_c*A3qiu znm^V?dpj=(FVgj}qQjZ>gvFtQu;+jJF;jB@F)k^}7xJmHNOZrbXL!t$B;~ zt*`^yLr;^`O^HLcR{Y@5Zp;^NdQ&hqJjJQnZ=c*DxWO(7T6q!j6r8x77O02V@urof(a8|FNzL%_4YW1x%~pyMW5Q? zhT{Hxg|oWKYGrc7RfPGanQ0Yo@7 z2-*$}5d0469%ks{z2df57YY(v^` z#sbD6lg+0Qy8us|>5xc#G+<^YOYk~m;3=3um3Q*T$Fy#G9~_TY*-!uUg^NzLm3o$N z92l{43rLas(4wWp)Ex+3tnT0l-7K9HP6y}_Zg1zTw%P%Cb;Nb6l;v*EsmE2PO(oJW z(LSA_!em^Y6g5;>lyq@gv?i})btsBLu2m&a5FQ@V;P#I9#CdN%EXU_I15Xjg;y4R{ z>!5aZ5|QlSfd#ZSEOXC%Rdc8E!pYA_vF29D+4Uldt6aSy-c<{-wYK=rnE}eqxC1eL z90z7qY?1TWzZsDal;5U;_iypmVw>ZCq(%9+eMgmz;x#x?Zg5gLV^*D?_RCyp zt?WBkYhEd1CwrgcM5D#%-V{mp0uDu|5yOW#P{baxhW4on4#0VMopu>S6FQi{?yZqc zepibi6@>YrC;JuD{mZdSnvIsJaj2gfSgyt@VGU>3H)IsNa0@P}`Q|CU(x|l3^N79= zcHYZbK3|L`n=3@|HiAh=LkVGf(f*nb{hwMIzzWzi8h7c(s@zGq{k?z0Xn%@~oOhq} z3O^jH_=19_fL&Q@uTAvOF9)d=VwT(U^eDKZOA$R|3SNerYZ1^c<~mNe(pnFPW+w&R zl&}p|CrS7+S!pO>Z?7=n^B#5pnwWo!hZ2P^i*{@E3qV5$ac3rpjCYNLXAXF`#kpVy9#rA7>QI2B^?2 zE6`D?Dx2(5utaZe?QP|+j?|A_*?s>!#|5pC?4n9l#Z*5}JWY~exY-w_QOc>qVg*Sm z3_qxzc0h~OP6@7#Iei*UWH|#vk-kX9 zJV9?7oL0NTSDymtyQJkb9(GrM8ch)8ikYATJQxp=KVtC-0b4$UX{Ul$;C35rsX93A zhpQVXE5n_}XSU?&4pS4j-2@)iQV-X+m`6POOgXj8`Ft*03Ucyw`YT00$=O2TXN%MJ z5*@9>H{FYHFg-;Ok@_A-36(En&G4wm<9RdT`lq!rs&txK32fk9$yu#z4&`=Y`)$7| z>SI=;hx7U)96oV8u8B#YEZOireCVa+mQ z`gy>5=pDe{X;IWj04{(i!9tW&F~p~qKW{idZO((VA3EP^P0Fr)lAf318Eas7*D-rf-O+Cp zzM4OBN1=F@Kb`j5 z2UYaG9KSBo+{VI{t0>L4fwSZy#mM3fh6C*YX#iYxoYLm%r_5Xw{3MS|&mZn-WLK8__4C(sG8}8Y( z(#^sx=h-S+n1{fg=D}|)46^mMM-ln1tn$88`aoM1yXquOU!F2^USp|;*l-CD2BJZV zv0zZ4AgT0OC1kfi>pZZ7q}KrN<=tsgPaG0-c9PbLj9GAb!?4PF#cyLr!6>9aut3#$ z7b`GsYkFKGb-TK(1M*tQJFT944?I;AU22E}JT#%}Lz7Z~MzO(L0>=T|F??Y;TZg8) zXTB~)*d{u55rHDw5?;{^24rOmc!fuciiIgIHq{S4w;J;h72HS}p9Gwt=&UNW9l@Vm zBJ(v*n%msc+zd&j*>f(ODCm)shXB%qi4dKssJbbi>kn(}8*D{hXm5o_Lh6nIsTESt zIy7oS`+uv$PP#&A{Z*WR+x9wB@btFjnP3J5INv>mJ(|5my!W-jM?xMpadZ92S*3Nr zE#k!?OzH!0`XBSI4(f!N5zJTKhDQb>8@#F*KwA~wcucLPelH*9Sg&oo%rp588Z48$ z916*rawBzE6X?%P@6v4p41<6RDx~=iQhulQ39$XqNu1z)@;3YKDL3m;n#w`t3W&q^ zJ1A;2_j#1Ljxndguzd$YF$fj*L9;BuW5JqC0M( z-jnAqhNiSVK1e?q=+D?BeHnC9l(Pn(hK=h8sC1amgL#%2*K`lhR@{6~K79%1sAid^ z-f5AhLmia_i~xT8b!vCse=pi>ZyPaE1*-4U>V~Nq)=q6c->LGjmy55g)CWxEuYF=+Y3=jmEVNbN`JAfS-X#sy(*s@*FO3)7Fhxd0yIT zpj_6vegPIU2$!I6d^HHm_JmE`C|H~-Ss-M!+^=ozV$G1Ba`uQ^P|t0CUpsFgJ!fiU zO9Er!3Zr5+a4J4Q#h_0?F8mp>Y8E_~eN%?Hy^eT&cZ7lPC*hjsj8apU4Y3N$$ zbR-%*78_h9?*ddCz9->;PrrmduV@KeVF**V*E8j`0Q|GNhuq%D+saAufKWa9rOAQ{ zbM6GCsT)gnS{*%29fUWXyON`lc&y&6mAy4e^L`$==<{g0gjEzs%5y>-BqipjU{@(P z+90zvF1O^9hjop;1~M?*(r2wg(i5KD>Q9WhCn^gaUG^hoHmUfy@FZP3zLWInR!*$blT7>~M%Rfvn)#M%tPoOMIZJbBrO<@NpjcXK$}@m*ZzV^lm5 z&~-Lh>Ov;345u;WzK?PRx>oqdh4NHtk1u!;3W$=MgzzY^L-KuDlXCWp=keeYqDVQb zKmoTZ2AXSurwcAoKtuawQjuHedF}Z09aoXWIF+xZ^`EaCN#IV-Ur|u38CKAA`LtLx zd&iufeWt)a*mC-%`=bb-iG9^i(e+_hX)7k@>rXfrlXreOuqo`+RmlaQwcdveby_7hdBlG@y4p+7{V0O#3yHRB zD-G6T7`qQ3=#5b0b7lE=d+Pqn4j2EePW%}#)RSJ#vCaU58QvUOUfa4PHZ}6jBk-Nv z(>f;Xt_hgzzuZ(TWGx2_ZU{F{T5ql3IEV>rgoxM(c+_$hB4|l8PvoFS}A&W_7 zzt|34E?Ypb)LDX8-8y;*9m|kw{xUfIWyA5UVMm`l@>POQ#`xqOD`F#h{@lak-I?#8 zDtF%+0@}@EYKIZPWGn};z?;BrHyN>{he2~|gjIZ{B&>t5=5ek*6D6`n$M0MmDY)d6 z!i!yS;jdq<@rvO4Ex7u(pD4)CQFYh6{7d{mrHE?nDp5IH9>KJFmEtN@h1RA0wF*Dq z^o^5ILC!rNmS)=&A|DvU(J$tsEzHpgqcCv5z=Cq&Zd5dzV08C*aP3540;bbSV z%^Vy|h^I_^20wWiSmZnJo^|l6jK!WY;0y+^WA|+7QOAUZ3K11)-TEniY`@8FKN>f^ z0hdvirPNYur6A`GkRy8dulEbY$^ffG{%KR(PP?qVY973UQN=oW1|OH&4?SOe z*a;ARmoqspQuYS|n^LE+T)ka`qOnThl>wJ`!-7MF1+MO&t9Aj5wtfPvgA#DJ#FNt4 zMHgB`I044(F1N=>2o#YB0N!`@WT0q+o8V&Uet=Yzc1XI`E}g4LINYFK5;EfNS|C~g znRha(u74MD05aaV52g3raHu}_9aM~b65J5C|ZNdlY7tF1$3I;Rc_MXq(%>j$um4k zYVF?hZS$YGX9?J0%uoB*;sTz)ai^ZZDDb2pu}jWwg%7BM0XWzl2rzM`B4cmAScV&c zH_$1!-%P_*?m);02eb5?v_odc$##dFvLUlwd=gV?>1nxfwb4^$!tV2*c8!DuyIiqz zO_N)rt+)HwHQKOZQ7P&TG|fKMZXsvgN>E`gJF$?!MQSIFq&iv&z09e8Iy%7M-RRl` z0J74VG$bH%2A3&nZKa(3m+U(K%H8^3=G^3M$km(Aiubkmvp0-Q8B6$NtNgJ6%$OGX zVOt2b6;(5^D>=C8?O;TSFTJzgBG0Cn{0);`SAH3c9Tc!=*Dp+e3WgX$Y9Sqv_Hj(WJiRr1r8&n+{sX*yCNo>1 zHI2X`9^eN;{k^x_WT zq6vgPb{kKxKA@YJ^;$;;ZaByBD>UpwHYp_u?zpVft~VMVPOOC2Ue&YFOI=-SC}~1R zkPX(~VOVT1FJ$0=28LYE^X|U-vnKfG_y<6Vd^>AZjvL_-50Cj=)2zA! zIkK*#wDaE^`TG$te#U|WYjO=3m}29jc-fE!xp?XI3u==Ua{r&=*^i8 z-MKCahDefhcO0-%oFBhT3phFej#4yu|I99S&7pO-HmCEo|UbKAt!JjQ|L1d&p^K!H=8C`o4v6VnEZ1rd~++i=4={xU@>-;cDw0^uPj99%%FX06?E!7hJBvoMaNji@sD`#NlxWy z`FWLl@oIVH$%1RpYA}i=P;IBhOALAZb`x*tX7?-**4;r=<=VMCHRSoHPXPcbm~lo_ z0TuSZcKwZzIKhzoc94NDqo@tUIw=TpB}z62T{P4!$?SoeL@}*LyN&AFFcQnC#>2Zc zmzaeqo!L#y>rx8(URa*@S@C3ur9kyiKJ_MQfZ-Pq1+F>Yy0R}5_JWhhmPzgLLqdO= zb6V#5wNp87Jo~He{@P@Zw$-GLDvN}Gs|=JAjoAYERAXsUe@eQD+qS?R zKTTv?LkfYFR+;Vt8$Nn!6Dmu$GXyNce@?nwF?E&n8)@$DbiD~XStws#A)L3qxcSW$ z{1HG<0oj1sA62e5yE}VG@kEs&X%c8(ER|0c3Mx{Z$>lhfMSzGGz3=)Hhm@RaKEyD0NzTVgirJ4lyYpixZisf3&=h0aAu zpxIwKrs(BGyb*VvK&{b?d4U~t0^;-BE5;gAE({}M6=MsystthsGz1l-u{&a3K2;~t z3)6uRPYm`2{>{YyMh`aQNt8wcai;*9RPZWUo66ee8~ubP-K@!<(T1vrSaQ&aXHKP^ z`PC2akk#=LhTZ*MpHqJjb#t^A=hE$@q*Hu=MCf-oA_l9qkxP+XRaZZ>S)EWsX_4RfiD)RZ9Vb5esIa z$01Y^-s~sFql=rgwg`Ml&Y@r=rjWxMe9#@a4TT!x3U{frZ zdAf9E5k6};B`=1l6`YX;)`FvBcu+*HF*PHZL;A0BO1wtABMtV;SB zRHEw(0J0y86tMC{sU;RUrlJ&=?B@1W8+U%~d}46R4=D#Yi`L09#jicC(~Hx1GY=#SBGUW^MaH8_%|!&?Su zQFMfUo+FvZSp;fDbM>At!4D6TQ$FO=e+O|d2gtX=cAq-BUW#<4z%IAbs@e+-9-4{V z+Vi;A?-G-v&I{0h{gqLa!-{~Nvg6xD1r*|VjgEa_NUPk(JwdUQe3WIj&Y6&#@rOBp zFtFUv5_Y;TNj*HduA(z~e}<8H=i;rz($?06PSCl9W0Zh(FRoV1P5kUCvou zB~2DpRRL*ipW(4zX;ecY3^b7scn+>td?Li?cwL(8rS75M{JD`B z`oTuUPNqPp8KzLT>X`>dqWV|$gL|EdyHdXTXJCG{ct9HzZ^eP3q6R01#wDAh$1Sc zf{f;i{XK`8qI3BIpr1UZQZAi|ABV%zc}FN;t+0hHhemLu}jIdPq}u(T&niIFeatz2t(cZO?9X^RfvJaL5=>JWoxy`g7D?^ zT5TLbkmpA%#a+~_h0NYiF}2>1ok)D5S?v(S&Q4UjW1*%U(=*TcZ+mQP_M3c})>EJm(3PoTmb^H9h+hE=z|IT^^mGOdC z{v0&HHL{*?Ko6Coh7)nzjae(a7rXDd05PtwSK^%j_Qgwflccb$pw`KD4sE9O@IYGBA|bzIi6-%vP&@AfdP)m9ny7_hqgTXQ z+AKZ~xkMgkK4Kfd^%@H=8Vbd*ra5jbA24q=>QhT)K1(lP3onnFTS}CPCVHG9`mU09 zRIGKF^}5fa((2HJb22%W68uYq(6t(TTtDT$WYXmGg0M8`-X4B-k|ggU^>+{p30LPN zmE^E}#uLf)4WB%2VPPpR^Z3lL_CdV@1$4F*hVH@zFEU?{Qb=irA_ zq3L8+`wps!tYp<(-j0Hpibgopc>D^Pt_UA1JDr;1IM=chznwC*3;^#B9KpE1>Uon- z3V#-|Qt#{(?w(rqa2fj$I$B1*koMYcFNJq}5+-#~h(fX8ExE0=K_y4U(OV}s>GlEA znH0~JV=Ik~iSzuq_7y5uWQk){$dnd4bVRzs%L+G6XtEPg6mu2lF;kvR(Bggr>M%zr zB3reYIG`O*CdZg{ep_a WMhibvRb(RveC>qz<|1pL0q8T&Ep^`0@!pFB9yytg-4 zNz`|`*9w%aF2BcTLZqULJ{8-f4A>rD)-YGY#1i>FE)Lrk-oLkTspHAyB5rMS5K6UE z@~fg+%Mindq)@z`tJvBox4rr)PPD<9qXdp9vq+S*EB*@>z^D+qszo9TUXnTs6+bI^ zA0bGUu`sfamLwpRXxPo$jqBa5;ua^IajIoPp#&@H2N-EW&mgO1G&PN@#$sJtZ%$E#e0j(aDmfXbhmEsT$_#FO+ z1)TJuTQSa)_~E66+WT6s${hTs!-$$JT>RXkmsljeN$_MKOW-Sf<-1nNm7Ja~^99z) zp6nf3fdy=fNlBf73QEtQ%CrhLBi|r%6@;d7$I@ANINw2L+hfk5dLAr<8J%zX@`{}$ z`H9nhr0{>aLV0A5<4g#Do|<1&y$7xlpvF7`TDJ_!*<+)|8r9+ODR6t|a}Ek5s=!y8 z7H?OQ40N0raNyyKSyP_zJF^141~8}4igmpWiR+yGn^qGqea`H}AjhZhw&ljE@Wt3C zg)qC~g&X~Ibp|<|H99!=yf7FRY-iCx+McDMj^kFele$4WrN$>9yT@h>meSLzF2_|` zquC$}h-@+=dod*H2!*L3ZCpwh>C%#rgsG~Go{!@f;ex+dsqm}{+35DqlarL_8uh9{gOavaP}dxa>X zXwX=wi@!qM700+y>|n@U2m=oxKcJ%4h!+u!WFv+wyF zlAAoNzlfqCpaGjQg3YouRhkdTbRIY8_&2C@M#ke)El!1hF&?r=niF(!mJqVEUO^ua ztC1TNSr}|a_+gF9Ibr%H>>r0K9W{YF>gk%Twy0sTXu0BPP9s);hXvA~$&sQt9GO5} z5|OFPGjpJ6AP3WH$7~aiIt7Y}vvN@#%@b}w2|YI5{p9d#%sS<^$DU=&PunJOMsO<* zUBiwB5<^(Q(60?-+p%`yLcPt@Q*lv&4dv&HqBxlEpsS|_bH6%|r_Y>=_vpJl+OK2} zRT3bYT;VAotHlCGZbeNtv^~}%=^*jc+N+)+@I=da^Nfqt%v{l|9@jJ6ARx~QE2kW4 zJsg=MZLq9(6K`sjKaF-hHIDlw^lSSLs^v92)MpPD&$+Merlk!nt!#0YW=Ob6RaKBuHZj6H2V(H{4*lu zZ;ZtLC;!sO0>?spd|Tmc8oYHsyN9E|-K}KFG)|^|&8B6Op94RTz*(_$F3<&8Yt@i3(ysPGZ*FlnZr%~;t1#4r!om5-z=-Wj3a>pFNG~Xt5drM+LHvx1M z&|@sbcHpKL5?1uXi0>o^5J84sNH-Xf)qca{#g%C<2{t+RxgzR3 z*7j{6hg~U$-$AtK(mgHC8X+VcSbcaOG|UA77Fh9k$sJcTol7~o1!SUa3;9pr4E1~> zA410?J2+ps?bmE(EtNAD-)}HcUzB`^$xx-Z=(Amho{~;(`|{qp9G%@J74Mr{9<>BS zUFvKMH}~}|rW2(yZ4yeyR`9|Cw_zu6UCNZ>BG%*xraE!h;mY$8-JENw{q#>Zw(6`c zirJFrk9I5*HgHm1Lq`l_Smw5(QnY1#VwtxI+RC!X{G%q{G?x18c&islP)Looo}e_@ zn<~o>TYgoG_1sy~D*{*{nhYnd?={0E56c$0`3ltBFFhNh;5b&9zfgB=fk{R1teWioujRT}Ut^7l*s`7Obr8jXpZEU^3w zq(S|~mC_#G17mMAI>FP2qP(d~wW_96b>NdZo!Zpn&c`jri3oso);c~6nKHWe`v(3? z^jnzY>y^D%a|L87;N?5`*^p>FN&fkpz23lYS{JU9x^oHlqr2-|Lp-%UXbX$&gMuBXp zQxjM$0RU-WNWA7};H1_^JIvoENQCZ@761Lq?>6|+4Vi;`NaboFtK zGsHVc7#E%x*FHR!GvHpYTbwqV@65UsBnF!!)$^!MwW?!O5^AvTdwCJhSN#GzL(aK% zqMb(h&QX`TJy$8W4W>!28)=&03#4L$JU~H1iwqE05(b+C$-2O=Rf6=Z_L4bqN@H3# zpB^OE@*Ap^HLY3i^Z+sj(mdoTGfFb2=>Nu_L70Q`Z6$Ax9Hu}fWPW|TVXo$g9LE+M z)(KA@M7Z^E{{Hq4nt<;{DmaU&C^~Oh0FmmX`1{*GXo74>fi1vVG$BlH0P@N^-uuE0 z0-KciKP(~E$i-^tWq=Zjtb9w+6vUqk@B?(}U>~%hBDnb|F?KF-l1{=tyyE924PVlK zzwo;~{%dpxp0oNZW3VhH%{6+~Y4w+~BH|_y-fcQgp_jDiNQq-m{%d49E1#F2#-#ds z^uvQgxOi*lX#=eyt!Ev zYWBokR9}l6YB$_kGynz`UNe5g47#7FFwFF)FwnsZ(LZRlQffh`nYV3= z5kHHdwTpkUwLiX1`zN3IT-iT)=S2!oq8i}IQ!dX2B}am;GO^LL*}{J%-7U`0_n~dEOP}{ znZNeeQ+p~tA`ak-qHxrReXx{Wv+uLvf_QmYiuT8T(?Tb?P%tf#0=re~l&pLlHEJoJ z4YqE>DYdP0T5*(={Xt7b75p++KHO7hz4Ptz|?$n>{9PubIzMOhD^ooK_ ziU565>JEGS8~AqLMkB}x+y}k?D#vPrn+I8T5o;YEPps$RFL^->9fXbd{cMe+$Fshs z_Cr8jHce5bG`vqQ{X6JrmdqX?DNmBRZ)O;g=qxVb(C|uz3c*H(*ZJyT1u&Wl$h2F9 zr^So_t+`dsBYdEYuj*P39#AVr0hC=ur`tD0V(7D!f;d=lev}!BrgJQ1d$D_8;JVxf z^9Piu9SI4aR7$R{_@i}nV!qxz(5@#6#t}H#%C0BjnUIoshYG{v#Z!WfjDW)ro)G%Q zPJz#oNG_9APtF@faf3%3?zuA6uRfi+l0c$?2nJ0#>^h6{Xj)>TMgz`XlYHP&DV9Y< zY`SGlY#0Du4m9#n{C zY4Q3W9J=0jlhRm|jqL`bzh<WSJNUA-fHwQA+t6lH%#sXPzKBt|S(xZgE&DvGLKKCk2XmPYjvbK@Hro>9i+ihQcz z6fOEmF4<~VRoz)(A#6i0%0x4wu(u*IvnXkNOg(81TXM5LWRS7#xVm1}YuKyeYrK0M zB>mxeE&H0WGWeEWp7o&r<%YEe?arHwDg+5sZGrx<&|~+KKY@I0EKYdCZJFxeDK9cK z(w9KuX@k9DBb2AVVN+YD=$H7*kM&SdIq6a)6ca!U#iFCYTYz_~ze@@x7iPI!8x1&9 z&fv203ri>s=KM{jW{}oK>l+u41#q|MsPBFbyx2wyXTwp!HLmxL+%CxkV*xO&j&7a0 zieylU#^G~xlGuiMuo&@sq;pMDj zZi;C$8uBl5ub0&gMZwz_mE|+LBl`0uKf$~RDa^ax?uOTx0Agk))(xt@b);{avC-#f z&B}3xanb5;liw#K+AVBb+MAp8!hFub%a$b58(;#z5BkNylrx7bv^hcU%Vi_ZMaK+A z5p1^XRbH5Z=Lli{sJ8Bj5r1ru5|5woPjgbdUOCXpyj0TF?GDvXabS zB^)78cSjt6BPXiAK__Y+mO3~)mOrvbq;R1^+QiZGr5P!;w0T&}X|Jc3XMN*4nI-c{ z*G$809TwWreW!jY4Jr!_%CEqD=Jo=z1}DlJ4LVWDJCDy|I__*L&@SM&j@p+sJP_do z7$p78)EJ-LzwUV}roz4HIK#%-bsN)Y#21+}oqkrWZ{wm{n;xy|Zg~9^>i(ifM`%#( zun5zUJpYcO%*ZXhIW2e9^2*&|L3aju2JeA~*Y|i*??qVcIZpBUr=^=9Al_WNb_B@r zLA}cRZFRcyrm_!)a^p2kf%A;bpQEZybgNj2b7IPs+!U4g8^)!+` zh{%t=_1oGstJmP>9Wi^f_|;(mGmKQgkpS+ZEK!aR4jq7H6|chIblpm+rC-bsd3#Vp z;}q~R__)Nx1Th@cwu$HugeWgD3i8B~Jd{o0TiAMQ{>sH40D{i0NU*}0$4eS%9zJXIC5zUcVzKJQhr(Fbz zqsa#MCZJrI-hmSvK2hfB{psjSyWg#gzd$u6_fNOv!V>rZ{-6DUsRQYJgYD%5dok5_ z6i3wyM=yD#K)w1pyB+adS7pA*U(7~dL*0uE@3}hGU%Oi#I&MN<3eFrjy|kwf-=}1WP_rJ^&dN!GBda+(;#zj{h0nLUhMDs< z=`LZF`_Gh9d4AsGA!5bcd#Y1iG&yCWypR96_I)RPssr4^@itZiD1sj?fDmOZfsh#c zW8vP^*KIlSnigX!C8HLwMxK|w&B_f{FHAEragHq28=iCCn+_{*;(h{k!EjhG<~dmT{VB*r{M~;LlMu#2BwjcobGcn-QSK zHf(>G5a``_W!uocCvkc#jhDz6k0bBteD5=!nPa0sCU*Z=&IUF59r_LzhCv=Xb1oGm zvKS()v<=V#P>a2@wzvA<#7wN$$DS_r+_TL zVT}s2mZU-~FLBNJi<9nazK`wllJkOEC_pXz3RiDBL0d@6 z#TvJ42v(LkNRjash3qE(7>&g>e6OO1jJfR(dwL6~*4LZ)Rcb!5Z7G!@tUt=SwyWoD zTuUc$&WMr2wqbV~9_uMDYm1DTu~wh7P7fA4GPOovv@=yJ>6ov*kg)!}piYG1ob742 z`x6J&nvO(&@_uCNSTaL{qf#sO{3JeOYd(-^Z6b}E( z%yx?PRj5xHlIpNu5=yGmSBc7(BznjRu()FI$rKp`>%c1=_8q24fmM0%h4&kvJ(&D@MLi^Q%Nu2~=k%o>GHJQc6G8KC7EM+= zMq#T*gP39oq-xLdGNMiGjsbgOx9H?}-8>Ubo9 zyiGzJoj|0E&8RW!Hv+W9Q!|1B&1ugIZIZcbqBAb-^uz1AQSQrG60pVSV& z%omM1S(;V(BMhodr0$QA*{AO<1NXN^sr%aq=#tNS3%c_YaDk4EjmV+5BT|bv9erSzo+2;brn>N+2u+ge6Lif-6~vOF?ghvKqL@=7D?!#qE uUO*INWMyQWA> Date: Thu, 13 Jun 2024 14:13:45 +1000 Subject: [PATCH 04/17] update threat model --- .../202312-threat-model-preset-erc1155.md | 24 +++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/audits/token/202312-threat-model-preset-erc1155.md b/audits/token/202312-threat-model-preset-erc1155.md index 1d227273..a403c6a6 100644 --- a/audits/token/202312-threat-model-preset-erc1155.md +++ b/audits/token/202312-threat-model-preset-erc1155.md @@ -24,8 +24,16 @@ The ERC1155 presets built by Immutable were done with the requirements of supply ### ImmutableERC1155 -The ImmutableERC1155 extends the OpenZeppelin `ERC1155Burnable` contract inheriting the public burn methods to be used by the client. -Permit is added to allow for Gasless transactions from the token owners. +ImmutableERC1155 inherits the [ImmutableERC1155Base](../../contracts//token//erc1155//abstract/ImmutableERC1155Base.sol) contract and provides public functions for single and batch minting that are access controlled. + +ImmutableERC1155Base inherits contracts: + +- `OperatorAllowlistEnforced` - for setting an OperatorAllowlist that enables the restriction of approvals and transfers to allowlisted users +- `ERC1155Permit` - an implementation of the ERC1155 Permit extension from Open Zeppelin allowing approvals to be made via EIP712 signatures, to allow for gasless transactions from the token owners. +- `ERC2981` - an implementation of the NFT Royalty Standard for retrieving royalty payment information +- `MintingAccessControl` - implements access control for the `minter` role + +The ERC1155Permit implementation inherits the OpenZeppelin [ERC1155Burnable](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC1155/extensions/ERC1155Burnable.sol) contract, which provides the public burn methods to be used by the client. #### Modifications From Base Implementation @@ -36,9 +44,17 @@ Permit is added to allow for Gasless transactions from the token owners. ## Attack Surfaces -ERC1155 only has `setApproveForAll` as it's approval method. Meaning any flow that requires a 3rd party to operator on a set of tokens owned by another wallet will grant the third party access to all of that specific wallet's tokens. The third party needs to be entirely trustworthy. The owner needs to be diligent on revoking unrestricted access when not needed. +ERC1155 only has `setApproveForAll` as it's approval method. Meaning any flow that requires a 3rd party to operate on a set of tokens owned by another wallet will grant the third party access to all of that specific wallet's tokens. The third party needs to be entirely trustworthy. The owner needs to be diligent on revoking unrestricted access when not needed. + +The contract has no access to any funds. Additional risks can come from compromised keys that are responsible for managing the admin roles that control the collection. As well as permits and approves if an user was tricked into creating a permit that can be validated by a malicious eip1271 wallet giving them permissions to the user's token. + +Potential Attacks: -We can consider implementing a more complicated approval schema if needed. i.e by token id or by token id and amount. +- Compromised Admin Keys: + - The compromised keys are able to assign the `MINTER_ROLE` to malicious parties and allow them to mint tokens to themselves without restriction + - The compromised keys are able to update the `OperatorAllowList` to white list malicious contracts to be approved to operate on tokens within the collection +- Compromised Offchain auth: + - Since EIP4494 combined with EIP1271 relies on off chain signatures that are not standard to the ethereum signature scheme, user auth info can be compromised and be used to create valid EIP1271 signatures. ## Tests From 51b9dbde062bdbfba2b36d423c9b27960dd3186e Mon Sep 17 00:00:00 2001 From: Allan Almeida Date: Thu, 13 Jun 2024 15:15:50 +1000 Subject: [PATCH 05/17] add functions --- .../202312-threat-model-preset-erc1155.md | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/audits/token/202312-threat-model-preset-erc1155.md b/audits/token/202312-threat-model-preset-erc1155.md index a403c6a6..9a25713a 100644 --- a/audits/token/202312-threat-model-preset-erc1155.md +++ b/audits/token/202312-threat-model-preset-erc1155.md @@ -56,6 +56,57 @@ Potential Attacks: - Compromised Offchain auth: - Since EIP4494 combined with EIP1271 relies on off chain signatures that are not standard to the ethereum signature scheme, user auth info can be compromised and be used to create valid EIP1271 signatures. +### Externally Visible Functions + +An attacker could formulate an attack in which they send one or more transactions that execute one or more of these functions. + +Functions that _change_ state: +| Name | Function Selector | Access Control | +| ------------------------------------------------------------- | ----------------- | --------------------- | +| burn(address,uint256,uint256) | f5298aca | None - permisionless | +| burnBatch(address,uint256[],uint256[]) | 6b20c454 | None - permisionless | +| grantMinterRole(address) | 3dd1eb61 | DEFAULT_ADMIN_ROLE | +| grantRole(bytes32,address) | 2f2ff15d | DEFAULT_ADMIN_ROLE | +| permit(address,address,bool,uint256,bytes) | d6b0b3f1 | None - permissionless | +| renounceRole(bytes32,address) | 36568abe | None - permissionless | +| revokeMinterRole(address) | 69e2f0fb | DEFAULT_ADMIN_ROLE | +| revokeRole(bytes32,address) | d547741f | DEFAULT_ADMIN_ROLE | +| safeBatchTransferFrom(address,address,uint256[],uint256[],bytes) | 2eb2c2d6 | allowlisted operator for non EOA's | +| safeMint(address,uint256,uint256,bytes) | 5cfa9297 | MINTER_ROLE | +| safeMintBatch(address,uint256[],uint256[],bytes) | c39dfed8 | MINTER_ROLE | +| safeTransferFrom(address,address,uint256,uint256,bytes) | f242432a | allowlisted operator for non EOA's | +| setApprovalForAll(address,bool) | a22cb465 | allowlisted operator for non EOA's | +| setBaseURI(string) | 55f804b3 | DEFAULT_ADMIN_ROLE | +| setContractURI(string) | 938e3d7b | DEFAULT_ADMIN_ROLE | +| setDefaultRoyaltyReceiver(address,uint96) | 885e7a08 | DEFAULT_ADMIN_ROLE | +| setNFTRoyaltyReceiver(uint256,address,uint96) | 439aed34 | MINTER_ROLE | +| setNFTRoyaltyReceiverBatch(uint256[],address,uint96) | a7012816 | MINTER_ROLE | + +Functions that _do not change_ state: +| Name | Function Selector | Access Control | +| ------------------------------------------------------------- | ----------------- | --------------------- | +| DEFAULT_ADMIN_ROLE() | a217fddf | None - permissionless | +| DOMAIN_SEPARATOR() | 3644e515 | None - permissionless | +| MINTER_ROLE() | d5391393 | None - permissionless | +| balanceOf(address,uint256) | 00fdd58e | None - permissionless | +| balanceOfBatch(address[],uint256[]) | 4e1273f4 | None - permissionless | +| baseURI() | 6c0360eb | None - permissionless | +| contractURI() | e8a3d485 | None - permissionless | +| eip712Domain() | 84b0196e | None - permissionless | +| exists(uint256) | 4f558e79 | None - permissionless | +| getAdmins() | 31ae450b | None - permissionless | +| getRoleAdmin(bytes32) | 248a9ca3 | None - permissionless | +| getRoleMember(bytes32,uint256) | 9010d07c | None - permissionless | +| getRoleMemberCount(bytes32) | ca15c873 | None - permissionless | +| hasRole(bytes32,address) | 91d14854 | None - permissionless | +| isApprovedForAll(address,address) | e985e9c5 | None - permissionless | +| nonces(address) | 7ecebe00 | None - permissionless | +| operatorAllowlist() | 29326f29 | None - permissionless | +| royaltyInfo(uint256,uint256) | 2a55205a | None - permissionless | +| supportsInterface(bytes4) | 01ffc9a7 | None - permissionless | +| totalSupply(uint256) | bd85b039 | None - permissionless | +| uri(uint256) | 0e89341c | None - permissionless | + ## Tests `forge test` will run all the related tests. From a1e00aff2b99a196b031b479371978c050a5a7d1 Mon Sep 17 00:00:00 2001 From: Allan Almeida Date: Thu, 13 Jun 2024 15:26:49 +1000 Subject: [PATCH 06/17] update table --- audits/token/202312-threat-model-preset-erc1155.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/audits/token/202312-threat-model-preset-erc1155.md b/audits/token/202312-threat-model-preset-erc1155.md index 9a25713a..0a854ead 100644 --- a/audits/token/202312-threat-model-preset-erc1155.md +++ b/audits/token/202312-threat-model-preset-erc1155.md @@ -71,11 +71,11 @@ Functions that _change_ state: | renounceRole(bytes32,address) | 36568abe | None - permissionless | | revokeMinterRole(address) | 69e2f0fb | DEFAULT_ADMIN_ROLE | | revokeRole(bytes32,address) | d547741f | DEFAULT_ADMIN_ROLE | -| safeBatchTransferFrom(address,address,uint256[],uint256[],bytes) | 2eb2c2d6 | allowlisted operator for non EOA's | +| safeBatchTransferFrom(address,address,uint256[],uint256[],bytes) | 2eb2c2d6 | None - permisionless | | safeMint(address,uint256,uint256,bytes) | 5cfa9297 | MINTER_ROLE | | safeMintBatch(address,uint256[],uint256[],bytes) | c39dfed8 | MINTER_ROLE | -| safeTransferFrom(address,address,uint256,uint256,bytes) | f242432a | allowlisted operator for non EOA's | -| setApprovalForAll(address,bool) | a22cb465 | allowlisted operator for non EOA's | +| safeTransferFrom(address,address,uint256,uint256,bytes) | f242432a | None - permisionless | +| setApprovalForAll(address,bool) | a22cb465 | None - permisionless | | setBaseURI(string) | 55f804b3 | DEFAULT_ADMIN_ROLE | | setContractURI(string) | 938e3d7b | DEFAULT_ADMIN_ROLE | | setDefaultRoyaltyReceiver(address,uint96) | 885e7a08 | DEFAULT_ADMIN_ROLE | From c03d4d79669cf00bdfbc42e0b94bd73cf23344fc Mon Sep 17 00:00:00 2001 From: Allan Almeida Date: Thu, 13 Jun 2024 15:39:03 +1000 Subject: [PATCH 07/17] add links and git hash --- .../token/202312-threat-model-preset-erc1155.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/audits/token/202312-threat-model-preset-erc1155.md b/audits/token/202312-threat-model-preset-erc1155.md index 0a854ead..c211ff67 100644 --- a/audits/token/202312-threat-model-preset-erc1155.md +++ b/audits/token/202312-threat-model-preset-erc1155.md @@ -6,6 +6,8 @@ Contracts covered under this model include: - [ImmutableERC1155](../../contracts/token/erc1155/preset/ImmutableERC1155.sol) +as found in the commit hash `1ddb3dd` of the Immutable [contracts repository](https://github.com/immutable/contracts). + ## Context The ERC1155 presets built by Immutable were done with the requirements of supply tracking and permits. @@ -24,16 +26,16 @@ The ERC1155 presets built by Immutable were done with the requirements of supply ### ImmutableERC1155 -ImmutableERC1155 inherits the [ImmutableERC1155Base](../../contracts//token//erc1155//abstract/ImmutableERC1155Base.sol) contract and provides public functions for single and batch minting that are access controlled. +`ImmutableERC1155` inherits the [ImmutableERC1155Base](../../contracts//token//erc1155//abstract/ImmutableERC1155Base.sol) contract and provides public functions for single and batch minting that are access controlled. -ImmutableERC1155Base inherits contracts: +`ImmutableERC1155Base` inherits contracts: -- `OperatorAllowlistEnforced` - for setting an OperatorAllowlist that enables the restriction of approvals and transfers to allowlisted users -- `ERC1155Permit` - an implementation of the ERC1155 Permit extension from Open Zeppelin allowing approvals to be made via EIP712 signatures, to allow for gasless transactions from the token owners. -- `ERC2981` - an implementation of the NFT Royalty Standard for retrieving royalty payment information -- `MintingAccessControl` - implements access control for the `minter` role +- [OperatorAllowlistEnforced](../../contracts/allowlist/OperatorAllowlistEnforced.sol) - for setting an OperatorAllowlist that enables the restriction of approvals and transfers to allowlisted users +- [ERC1155Permit](../../contracts/token/erc1155/abstract/ERC1155Permit.sol) - an implementation of the ERC1155 Permit extension from Open Zeppelin allowing approvals to be made via EIP712 signatures, to allow for gasless transactions from the token owners +- [ERC2981](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/common/ERC2981.sol) - an implementation of the NFT Royalty Standard for retrieving royalty payment information +- [MintingAccessControl](../../contracts/access/MintingAccessControl.sol) - implements access control for the `minter` role -The ERC1155Permit implementation inherits the OpenZeppelin [ERC1155Burnable](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC1155/extensions/ERC1155Burnable.sol) contract, which provides the public burn methods to be used by the client. +The `ERC1155Permit` implementation inherits the OpenZeppelin [ERC1155Burnable](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC1155/extensions/ERC1155Burnable.sol) contract, which provides the public burn methods to be used by the client. #### Modifications From Base Implementation From b2a9245cbea5fbbe98ce0e11f1d3fe42ec4adfab Mon Sep 17 00:00:00 2001 From: Allan Almeida Date: Thu, 13 Jun 2024 15:42:31 +1000 Subject: [PATCH 08/17] typo --- audits/token/202312-threat-model-preset-erc1155.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/audits/token/202312-threat-model-preset-erc1155.md b/audits/token/202312-threat-model-preset-erc1155.md index c211ff67..2651188d 100644 --- a/audits/token/202312-threat-model-preset-erc1155.md +++ b/audits/token/202312-threat-model-preset-erc1155.md @@ -18,7 +18,7 @@ The ERC1155 presets built by Immutable were done with the requirements of supply - Minting should be restricted to addresses that were granted the `minter` role -- Only allow operators should be able to modify and assign roles to addresses for administering the collection on chain +- Only allowed operators should be able to modify and assign roles to addresses for administering the collection on chain - Contracts should not be upgradeable to prevent external developers from getting around royalty requirements From 7a08738e42a535f5a1294671719a54a7ba084d7e Mon Sep 17 00:00:00 2001 From: Allan Almeida Date: Thu, 13 Jun 2024 15:43:13 +1000 Subject: [PATCH 09/17] typo --- audits/token/202312-threat-model-preset-erc1155.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/audits/token/202312-threat-model-preset-erc1155.md b/audits/token/202312-threat-model-preset-erc1155.md index 2651188d..3334314f 100644 --- a/audits/token/202312-threat-model-preset-erc1155.md +++ b/audits/token/202312-threat-model-preset-erc1155.md @@ -46,7 +46,7 @@ The `ERC1155Permit` implementation inherits the OpenZeppelin [ERC1155Burnable](h ## Attack Surfaces -ERC1155 only has `setApproveForAll` as it's approval method. Meaning any flow that requires a 3rd party to operate on a set of tokens owned by another wallet will grant the third party access to all of that specific wallet's tokens. The third party needs to be entirely trustworthy. The owner needs to be diligent on revoking unrestricted access when not needed. +ERC1155 only has `setApprovalForAll` as it's approval method. Meaning any flow that requires a 3rd party to operate on a set of tokens owned by another wallet will grant the third party access to all of that specific wallet's tokens. The third party needs to be entirely trustworthy. The owner needs to be diligent on revoking unrestricted access when not needed. The contract has no access to any funds. Additional risks can come from compromised keys that are responsible for managing the admin roles that control the collection. As well as permits and approves if an user was tricked into creating a permit that can be validated by a malicious eip1271 wallet giving them permissions to the user's token. From fedaafda787f35562a160a63fe321f5733b189c4 Mon Sep 17 00:00:00 2001 From: Allan Almeida Date: Fri, 14 Jun 2024 16:25:54 +1000 Subject: [PATCH 10/17] update wording --- audits/token/202312-threat-model-preset-erc1155.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/audits/token/202312-threat-model-preset-erc1155.md b/audits/token/202312-threat-model-preset-erc1155.md index 3334314f..d28b1a35 100644 --- a/audits/token/202312-threat-model-preset-erc1155.md +++ b/audits/token/202312-threat-model-preset-erc1155.md @@ -31,7 +31,7 @@ The ERC1155 presets built by Immutable were done with the requirements of supply `ImmutableERC1155Base` inherits contracts: - [OperatorAllowlistEnforced](../../contracts/allowlist/OperatorAllowlistEnforced.sol) - for setting an OperatorAllowlist that enables the restriction of approvals and transfers to allowlisted users -- [ERC1155Permit](../../contracts/token/erc1155/abstract/ERC1155Permit.sol) - an implementation of the ERC1155 Permit extension from Open Zeppelin allowing approvals to be made via EIP712 signatures, to allow for gasless transactions from the token owners +- [ERC1155Permit](../../contracts/token/erc1155/abstract/ERC1155Permit.sol) - an implementation based on an [Open Zeppelin permit extension](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/extensions/IERC20Permit.sol), for allowing approvals to be made via EIP712 signatures in order to allow for gasless transactions from the token owners - [ERC2981](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/common/ERC2981.sol) - an implementation of the NFT Royalty Standard for retrieving royalty payment information - [MintingAccessControl](../../contracts/access/MintingAccessControl.sol) - implements access control for the `minter` role From 6657d2ed8b4cf552bb0e1351de4de4536371aa16 Mon Sep 17 00:00:00 2001 From: Allan Almeida Date: Mon, 17 Jun 2024 10:05:06 +1000 Subject: [PATCH 11/17] add attack mitigation --- audits/token/202312-threat-model-preset-erc1155.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/audits/token/202312-threat-model-preset-erc1155.md b/audits/token/202312-threat-model-preset-erc1155.md index d28b1a35..af654c60 100644 --- a/audits/token/202312-threat-model-preset-erc1155.md +++ b/audits/token/202312-threat-model-preset-erc1155.md @@ -58,6 +58,10 @@ Potential Attacks: - Compromised Offchain auth: - Since EIP4494 combined with EIP1271 relies on off chain signatures that are not standard to the ethereum signature scheme, user auth info can be compromised and be used to create valid EIP1271 signatures. +## Attack Mitigation + +Admin keys used for deployment of preset contracts via the Immutable contract factory, used in contracts deployed via Hub, are managed by a nominated Immutable representative and stored on a hardware ledger that is securely stored and requires physical presence if required. + ### Externally Visible Functions An attacker could formulate an attack in which they send one or more transactions that execute one or more of these functions. From e93cb813e6ad244e4ea935ee09fcfbd897151920 Mon Sep 17 00:00:00 2001 From: Allan Almeida Date: Mon, 17 Jun 2024 10:13:52 +1000 Subject: [PATCH 12/17] update attack mitigation --- audits/token/202312-threat-model-preset-erc1155.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/audits/token/202312-threat-model-preset-erc1155.md b/audits/token/202312-threat-model-preset-erc1155.md index af654c60..b4b86e6e 100644 --- a/audits/token/202312-threat-model-preset-erc1155.md +++ b/audits/token/202312-threat-model-preset-erc1155.md @@ -54,13 +54,13 @@ Potential Attacks: - Compromised Admin Keys: - The compromised keys are able to assign the `MINTER_ROLE` to malicious parties and allow them to mint tokens to themselves without restriction - - The compromised keys are able to update the `OperatorAllowList` to white list malicious contracts to be approved to operate on tokens within the collection - Compromised Offchain auth: - Since EIP4494 combined with EIP1271 relies on off chain signatures that are not standard to the ethereum signature scheme, user auth info can be compromised and be used to create valid EIP1271 signatures. ## Attack Mitigation -Admin keys used for deployment of preset contracts via the Immutable contract factory, used in contracts deployed via Hub, are managed by a nominated Immutable representative and stored on a hardware ledger that is securely stored and requires physical presence if required. +- The contract contains access control patterns to limit the vulnerabilty of compromised roles +- The keys associated with the `DEFAULT_ADMIN_ROLE` should be operated by secure measures, for example a multi-signature wallet such that an attacker would need to compromise multiple signers simultaneously, or a securely stored hardware wallet. ### Externally Visible Functions From 5f1ebd4c5f016d7a319912ce5004c66f4dc042d8 Mon Sep 17 00:00:00 2001 From: Allan Almeida Date: Mon, 17 Jun 2024 14:51:48 +1000 Subject: [PATCH 13/17] update function permission descriptions --- .../202312-threat-model-preset-erc1155.md | 64 +++++++++---------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/audits/token/202312-threat-model-preset-erc1155.md b/audits/token/202312-threat-model-preset-erc1155.md index b4b86e6e..9e71bdd7 100644 --- a/audits/token/202312-threat-model-preset-erc1155.md +++ b/audits/token/202312-threat-model-preset-erc1155.md @@ -4,7 +4,7 @@ This document is a thread model for the preset ERC1155 token contracts built by Contracts covered under this model include: -- [ImmutableERC1155](../../contracts/token/erc1155/preset/ImmutableERC1155.sol) +- [ImmutableERC1155](https://github.com/immutable/contracts/blob/1ddb3dd78a7d9352572a226d56e39e7a82776585/contracts/token/erc1155/preset/ImmutableERC1155.sol) as found in the commit hash `1ddb3dd` of the Immutable [contracts repository](https://github.com/immutable/contracts). @@ -69,49 +69,49 @@ An attacker could formulate an attack in which they send one or more transaction Functions that _change_ state: | Name | Function Selector | Access Control | | ------------------------------------------------------------- | ----------------- | --------------------- | -| burn(address,uint256,uint256) | f5298aca | None - permisionless | -| burnBatch(address,uint256[],uint256[]) | 6b20c454 | None - permisionless | +| burn(address,uint256,uint256) | f5298aca | Caller must be token owner or approved | +| burnBatch(address,uint256[],uint256[]) | 6b20c454 | Caller must be token owner or approved | | grantMinterRole(address) | 3dd1eb61 | DEFAULT_ADMIN_ROLE | | grantRole(bytes32,address) | 2f2ff15d | DEFAULT_ADMIN_ROLE | -| permit(address,address,bool,uint256,bytes) | d6b0b3f1 | None - permissionless | -| renounceRole(bytes32,address) | 36568abe | None - permissionless | +| permit(address,address,bool,uint256,bytes) | d6b0b3f1 | The approval of token spend is authorised by an EIP-1271 valid signature from the owner | +| renounceRole(bytes32,address) | 36568abe | Caller must be the account being revoked | | revokeMinterRole(address) | 69e2f0fb | DEFAULT_ADMIN_ROLE | | revokeRole(bytes32,address) | d547741f | DEFAULT_ADMIN_ROLE | -| safeBatchTransferFrom(address,address,uint256[],uint256[],bytes) | 2eb2c2d6 | None - permisionless | +| safeBatchTransferFrom(address,address,uint256[],uint256[],bytes) | 2eb2c2d6 | Caller must be token owner or approved | | safeMint(address,uint256,uint256,bytes) | 5cfa9297 | MINTER_ROLE | | safeMintBatch(address,uint256[],uint256[],bytes) | c39dfed8 | MINTER_ROLE | -| safeTransferFrom(address,address,uint256,uint256,bytes) | f242432a | None - permisionless | -| setApprovalForAll(address,bool) | a22cb465 | None - permisionless | +| safeTransferFrom(address,address,uint256,uint256,bytes) | f242432a | Caller must be token owner or approved | +| setApprovalForAll(address,bool) | a22cb465 | None - permisionless. Caller can only set approval for their own tokens | | setBaseURI(string) | 55f804b3 | DEFAULT_ADMIN_ROLE | | setContractURI(string) | 938e3d7b | DEFAULT_ADMIN_ROLE | | setDefaultRoyaltyReceiver(address,uint96) | 885e7a08 | DEFAULT_ADMIN_ROLE | | setNFTRoyaltyReceiver(uint256,address,uint96) | 439aed34 | MINTER_ROLE | | setNFTRoyaltyReceiverBatch(uint256[],address,uint96) | a7012816 | MINTER_ROLE | -Functions that _do not change_ state: -| Name | Function Selector | Access Control | -| ------------------------------------------------------------- | ----------------- | --------------------- | -| DEFAULT_ADMIN_ROLE() | a217fddf | None - permissionless | -| DOMAIN_SEPARATOR() | 3644e515 | None - permissionless | -| MINTER_ROLE() | d5391393 | None - permissionless | -| balanceOf(address,uint256) | 00fdd58e | None - permissionless | -| balanceOfBatch(address[],uint256[]) | 4e1273f4 | None - permissionless | -| baseURI() | 6c0360eb | None - permissionless | -| contractURI() | e8a3d485 | None - permissionless | -| eip712Domain() | 84b0196e | None - permissionless | -| exists(uint256) | 4f558e79 | None - permissionless | -| getAdmins() | 31ae450b | None - permissionless | -| getRoleAdmin(bytes32) | 248a9ca3 | None - permissionless | -| getRoleMember(bytes32,uint256) | 9010d07c | None - permissionless | -| getRoleMemberCount(bytes32) | ca15c873 | None - permissionless | -| hasRole(bytes32,address) | 91d14854 | None - permissionless | -| isApprovedForAll(address,address) | e985e9c5 | None - permissionless | -| nonces(address) | 7ecebe00 | None - permissionless | -| operatorAllowlist() | 29326f29 | None - permissionless | -| royaltyInfo(uint256,uint256) | 2a55205a | None - permissionless | -| supportsInterface(bytes4) | 01ffc9a7 | None - permissionless | -| totalSupply(uint256) | bd85b039 | None - permissionless | -| uri(uint256) | 0e89341c | None - permissionless | +Functions that _do not change_ state (they are all permissionless): +| Name | Function Selector | +| ------------------------------------------------------------- | ----------------- | +| DEFAULT_ADMIN_ROLE() | a217fddf | +| DOMAIN_SEPARATOR() | 3644e515 | +| MINTER_ROLE() | d5391393 | +| balanceOf(address,uint256) | 00fdd58e | +| balanceOfBatch(address[],uint256[]) | 4e1273f4 | +| baseURI() | 6c0360eb | +| contractURI() | e8a3d485 | +| eip712Domain() | 84b0196e | +| exists(uint256) | 4f558e79 | +| getAdmins() | 31ae450b | +| getRoleAdmin(bytes32) | 248a9ca3 | +| getRoleMember(bytes32,uint256) | 9010d07c | +| getRoleMemberCount(bytes32) | ca15c873 | +| hasRole(bytes32,address) | 91d14854 | +| isApprovedForAll(address,address) | e985e9c5 | +| nonces(address) | 7ecebe00 | +| operatorAllowlist() | 29326f29 | +| royaltyInfo(uint256,uint256) | 2a55205a | +| supportsInterface(bytes4) | 01ffc9a7 | +| totalSupply(uint256) | bd85b039 | +| uri(uint256) | 0e89341c | ## Tests From aaf52b6c67edf326db1615dbc7985f8d620fc48e Mon Sep 17 00:00:00 2001 From: Allan Almeida Date: Mon, 17 Jun 2024 15:06:11 +1000 Subject: [PATCH 14/17] update description --- audits/token/202312-threat-model-preset-erc1155.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/audits/token/202312-threat-model-preset-erc1155.md b/audits/token/202312-threat-model-preset-erc1155.md index 9e71bdd7..09a3870f 100644 --- a/audits/token/202312-threat-model-preset-erc1155.md +++ b/audits/token/202312-threat-model-preset-erc1155.md @@ -73,7 +73,7 @@ Functions that _change_ state: | burnBatch(address,uint256[],uint256[]) | 6b20c454 | Caller must be token owner or approved | | grantMinterRole(address) | 3dd1eb61 | DEFAULT_ADMIN_ROLE | | grantRole(bytes32,address) | 2f2ff15d | DEFAULT_ADMIN_ROLE | -| permit(address,address,bool,uint256,bytes) | d6b0b3f1 | The approval of token spend is authorised by an EIP-1271 valid signature from the owner | +| permit(address,address,bool,uint256,bytes) | d6b0b3f1 | The approval of token spend is authorised by the offchain signing of an EIP712 blob which is validated to be originating from the token owner | | renounceRole(bytes32,address) | 36568abe | Caller must be the account being revoked | | revokeMinterRole(address) | 69e2f0fb | DEFAULT_ADMIN_ROLE | | revokeRole(bytes32,address) | d547741f | DEFAULT_ADMIN_ROLE | From cef41759081a0a4a95587d0e4ccf4dab72e4777a Mon Sep 17 00:00:00 2001 From: Allan Almeida Date: Mon, 17 Jun 2024 15:20:03 +1000 Subject: [PATCH 15/17] add githash links --- audits/token/202312-threat-model-preset-erc1155.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/audits/token/202312-threat-model-preset-erc1155.md b/audits/token/202312-threat-model-preset-erc1155.md index 09a3870f..5d2a8e72 100644 --- a/audits/token/202312-threat-model-preset-erc1155.md +++ b/audits/token/202312-threat-model-preset-erc1155.md @@ -26,14 +26,14 @@ The ERC1155 presets built by Immutable were done with the requirements of supply ### ImmutableERC1155 -`ImmutableERC1155` inherits the [ImmutableERC1155Base](../../contracts//token//erc1155//abstract/ImmutableERC1155Base.sol) contract and provides public functions for single and batch minting that are access controlled. +`ImmutableERC1155` inherits the [ImmutableERC1155Base](https://github.com/immutable/contracts/blob/1ddb3dd78a7d9352572a226d56e39e7a82776585/contracts/token/erc1155/abstract/ImmutableERC1155Base.sol) contract and provides public functions for single and batch minting that are access controlled. `ImmutableERC1155Base` inherits contracts: -- [OperatorAllowlistEnforced](../../contracts/allowlist/OperatorAllowlistEnforced.sol) - for setting an OperatorAllowlist that enables the restriction of approvals and transfers to allowlisted users -- [ERC1155Permit](../../contracts/token/erc1155/abstract/ERC1155Permit.sol) - an implementation based on an [Open Zeppelin permit extension](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/extensions/IERC20Permit.sol), for allowing approvals to be made via EIP712 signatures in order to allow for gasless transactions from the token owners +- [OperatorAllowlistEnforced](https://github.com/immutable/contracts/blob/1ddb3dd78a7d9352572a226d56e39e7a82776585/contracts/allowlist/OperatorAllowlistEnforced.sol) - for setting an OperatorAllowlist that enables the restriction of approvals and transfers to allowlisted users +- [ERC1155Permit](https://github.com/immutable/contracts/blob/1ddb3dd78a7d9352572a226d56e39e7a82776585/contracts/token/erc1155/abstract/ERC1155Permit.sol) - an implementation based on an [Open Zeppelin permit extension](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/extensions/IERC20Permit.sol), for allowing approvals to be made via EIP712 signatures in order to allow for gasless transactions from the token owners - [ERC2981](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/common/ERC2981.sol) - an implementation of the NFT Royalty Standard for retrieving royalty payment information -- [MintingAccessControl](../../contracts/access/MintingAccessControl.sol) - implements access control for the `minter` role +- [MintingAccessControl](https://github.com/immutable/contracts/blob/1ddb3dd78a7d9352572a226d56e39e7a82776585/contracts/access/MintingAccessControl.sol) - implements access control for the `minter` role The `ERC1155Permit` implementation inherits the OpenZeppelin [ERC1155Burnable](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC1155/extensions/ERC1155Burnable.sol) contract, which provides the public burn methods to be used by the client. From 9ca633f151c199f169af78476944a469bce33168 Mon Sep 17 00:00:00 2001 From: Allan Almeida Date: Mon, 17 Jun 2024 15:32:42 +1000 Subject: [PATCH 16/17] fix link --- contracts/token/erc1155/preset/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contracts/token/erc1155/preset/README.md b/contracts/token/erc1155/preset/README.md index f22ce7a0..99f18897 100644 --- a/contracts/token/erc1155/preset/README.md +++ b/contracts/token/erc1155/preset/README.md @@ -2,12 +2,12 @@ The ImmutableERC1155 contracts allows clients to mint multiple different tokens with different token ids within the same collection. The contract features methods to allow for minting multiples of multiple token ids to simplify the minting flow and reduce gas costs. This contract is built on top of the [Openzeppelin implemention of EIP-1155](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC1155/ERC1155.sol). -[Read more On the Threat Model](../../../audits/202312-threat-model-preset-erc1155.md) +[Read more On the Threat Model](../../../../audits/token/202312-threat-model-preset-erc1155.md) [Read more On the EIP](https://eips.ethereum.org/EIPS/eip-1155) ## preset/ImmutableERC1155 -The ImmutableERC1155 contract is a version of the Immutable's preset 1155 contract. It has been internally audited and is ready to be used. The contract contains all external facing interfaces that are needed to interact(read and write) with deployed ERC1155 collections. +The ImmutableERC1155 contract is a version of the Immutable's preset 1155 contract. It has been internally audited and is ready to be used. The contract contains all external facing interfaces that are needed to interact(read and write) with deployed ERC1155 collections. ## abstract/ERC1155Permit From 0f04f05438823dae9714a9f0d9a971f43c8f8600 Mon Sep 17 00:00:00 2001 From: Allan Almeida Date: Mon, 17 Jun 2024 15:34:19 +1000 Subject: [PATCH 17/17] formatting --- contracts/token/erc1155/preset/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/contracts/token/erc1155/preset/README.md b/contracts/token/erc1155/preset/README.md index 99f18897..8f1f9288 100644 --- a/contracts/token/erc1155/preset/README.md +++ b/contracts/token/erc1155/preset/README.md @@ -3,6 +3,7 @@ The ImmutableERC1155 contracts allows clients to mint multiple different tokens with different token ids within the same collection. The contract features methods to allow for minting multiples of multiple token ids to simplify the minting flow and reduce gas costs. This contract is built on top of the [Openzeppelin implemention of EIP-1155](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC1155/ERC1155.sol). [Read more On the Threat Model](../../../../audits/token/202312-threat-model-preset-erc1155.md) + [Read more On the EIP](https://eips.ethereum.org/EIPS/eip-1155) ## preset/ImmutableERC1155