From f86e0ce7dd4c5651def866bfc2259f9b8e62e84d Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 17 Sep 2025 10:03:26 -0400 Subject: [PATCH] v0.0.1 --- .gitignore | 1 + DAEMON.md | 153 +++++++++++++++++++++++++++++ EXAMPLE.md | 157 ++++++++++++++++++++++++++++++ Norman_Stingley.txt | 1 + PROTOCOL.md | 198 ++++++++++++++++++++++++++++++++++++++ README.md | 29 ++++++ super_ball.code-workspace | 8 ++ super_ball.jpg | Bin 0 -> 21216 bytes 8 files changed, 547 insertions(+) create mode 100644 .gitignore create mode 100644 DAEMON.md create mode 100644 EXAMPLE.md create mode 100644 Norman_Stingley.txt create mode 100644 PROTOCOL.md create mode 100644 README.md create mode 100644 super_ball.code-workspace create mode 100644 super_ball.jpg diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e59d632 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +Nostr_NIPs/ \ No newline at end of file diff --git a/DAEMON.md b/DAEMON.md new file mode 100644 index 0000000..afb872a --- /dev/null +++ b/DAEMON.md @@ -0,0 +1,153 @@ +# Superball Daemon Rules + +## What I Am +I am Superball - an anonymizing node that provides location privacy for Nostr users by forwarding their encrypted events with timing delays and size obfuscation. + +## What I Look For + +### 1. Routing Events (Kind 30000) +- Monitor all relays I'm connected to +- Look for events with `kind: 30000` +- Check if `tags` contains `["p", ""]` +- These are events meant for me to process + +### 2. Event Structure I Expect +```json +{ + "kind": 30000, + "pubkey": "", // Not important to me + "content": "", // This is what I need + "tags": [["p", ""]], + "created_at": , + "id": "", + "sig": "" +} +``` + +## What I Do When I Receive An Event + +### 1. Validate +- Verify the event signature is valid +- Confirm the `p` tag contains my pubkey +- Ensure it's kind 30000 + +### 2. Decrypt +- Use my private key with NIP-44 to decrypt the content +- Extract the payload which contains: + ```json + { + "event": { /* The event to forward */ }, + "routing": { + "relays": ["wss://relay1.com", "wss://relay2.com"], + "delay": 30, + "pad": "+150", // or "-50" + "p": "next_superball_pubkey", // Optional - missing means final posting + "audit": "a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef123456", // Required audit tag + "payment": "eCash_token" // Optional + } + } + ``` + +### 3. Process Routing Instructions + +#### Delay +- Wait the specified number of seconds before forwarding +- Add random jitter (±10%) to prevent timing analysis +- Queue the event for delayed processing + +#### Padding +- **Remove padding (`"pad": "-N"`)**: Delete N bytes worth of padding tags from the event +- **Add padding (`"pad": "+N"`)**: Create new routing wrapper with N bytes of padding tags + +#### Relays +- Post to ALL relays in the `relays` array +- Validate all relay URLs are properly formatted +- Provides redundancy and availability + +#### Next Hop Logic +- **`p` field present**: Create routing event for specified next Superball (can apply padding) +- **`p` field missing**: Extract inner event and post directly to relays (end chain, no padding changes) + +#### Padding Logic +- **`p` field present + `pad` field**: Apply padding changes when creating routing wrapper +- **`p` field missing**: Ignore any `pad` field - cannot modify signed event +- **Final hop rule**: Never modify signed events, post exactly as received + +#### Audit Tag Processing +- **`audit` field**: Always present - include as `["p", ""]` in routing event +- **Camouflage**: Audit tag looks identical to real next-hop pubkeys +- **Security**: Enables user detection of dropped/delayed/modified events + +#### Payment Processing +- **`payment` field present**: Process eCash token for service payment +- **`payment` field missing**: Process for free (if daemon allows) + +### 4. Forward Event + +#### Always Rewrap (Important for Privacy) +**ALWAYS** create a new routing event to hide whether padding was added or removed: + +```json +{ + "kind": 30000, // Always use routing event + "pubkey": "", // Generate fresh ephemeral key + "content": "", // Re-encrypt with my key + "tags": [ + ["p", ""], + ["p", ""], // Always include audit tag as p tag + ["padding", ""], // Adjusted padding + ["padding", ""] // May be more or less than before + ] +} +``` + +#### Next Hop Handling +- **If `p` field in routing**: Create routing event with that pubkey in p tag +- **If no `p` field in routing**: Extract inner event and post directly to all relays +- **Multi-relay posting**: Post to every relay in the `relays` array +- **End of chain**: When no `p` field, I am the final hop + +## My Rules + +### Security Rules +1. **Never log sensitive data** - Don't store decrypted content or routing info +2. **Generate new keys** - Use fresh ephemeral keys for each forward +3. **Validate everything** - Check signatures, event structure, relay URLs +4. **Rate limiting** - Don't process more than X events per minute from same source + +### Privacy Rules +1. **No correlation** - Don't link input events to output events in logs +2. **Clear memory** - Immediately clear decrypted data after processing +3. **Random timing** - Add jitter to specified delays +4. **Mix traffic** - Send decoy traffic when idle (optional) + +### Processing Rules +1. **First come, first served** - Process events in order received +2. **Fail silently** - Drop invalid events without response +3. **Retry logic** - Attempt to post 3 times before giving up +4. **Resource limits** - Drop oldest queued events if memory/queue full + +### Network Rules +1. **Multiple relays** - Connect to diverse set of relays +2. **Separate connections** - Use different connections for input/output +3. **AUTH support** - Prefer relays that support AUTH for privacy +4. **Rotate connections** - Periodically reconnect to prevent fingerprinting + +## What I Never Do + +1. **Never modify final signatures** - Only remove padding tags, never add to signed events +2. **Never store routing paths** - Process and forget +3. **Never respond to clients** - Silent operation only +4. **Never correlate users** - Each event is independent +5. **Never log destinations** - Only log operational metrics + +## Example Processing Flow + +1. **Receive**: Kind 30000 event with my pubkey in p tag +2. **Decrypt**: Extract inner event + routing instructions +3. **Queue**: Schedule for delayed processing (e.g., 30 seconds + jitter) +4. **Process**: Apply padding changes and prepare for forwarding +5. **Forward**: Post to target relay(s) +6. **Clean**: Clear all decrypted data from memory + +I am a privacy-preserving relay that helps users post content while hiding their location. I ask no questions, store no logs, and remember nothing about the events that pass through me. \ No newline at end of file diff --git a/EXAMPLE.md b/EXAMPLE.md new file mode 100644 index 0000000..b0228ed --- /dev/null +++ b/EXAMPLE.md @@ -0,0 +1,157 @@ +# Superball Example: Anonymous Posting + +## Scenario +Alice wants to post a message under her real identity while hiding her location from surveillance. + +### Participants +- **Alice**: Original sender (pubkey: `alice123...`) +- **Superball A**: First hop (pubkey: `sball_a789...`) +- **Superball B**: Second hop (pubkey: `sball_b012...`) +- **Relay1**: `wss://relay1.com` (where Alice posts) +- **Relay2**: `wss://relay2.com` (intermediate relay) +- **Relay3**: `wss://relay3.com` (where final message appears) + +## Step-by-Step Flow + +### 1. Alice Creates Her Final Message That Will Be Posted +```json +{ + "kind": 1, + "pubkey": "alice123...", + "content": "The government is lying about inflation statistics", + "tags": [], + "created_at": 1703000000, + "id": "alice_event_id", + "sig": "alice_signature" +} +``` + +### 2. Alice Encrypts Instructions for Superball B (Final Hop) +Payload for Superball B (final hop - no `p` field): +```json +{ + "event": { /* Alice's signed event above */ }, + "routing": { + "relays": ["wss://relay3.com", "wss://relay4.com"], + "delay": 15, + "audit": "9f8e7d6c5b4a39281726354019283746502918374650283746501928374650" + // No "p" field - this means final posting + // No "pad" field - can't modify signed event + } +} +``` + +Creates routing event: +```json +{ + "kind": 30000, + "pubkey": "ephemeral_key_2", + "content": "", + "tags": [["p", "sball_b012..."]], + "created_at": 1703000100, + "id": "routing_for_b", + "sig": "ephemeral_signature_2" +} +``` + +### 3. Alice Encrypts Instructions for Superball A (First Hop) +Payload for Superball A (continuing chain): +```json +{ + "event": { /* routing event for Superball B above */ }, + "routing": { + "relays": ["wss://relay2.com"], + "delay": 45, + "pad": "+200", + "p": "sball_b012...", // Next Superball in chain + "audit": "1a2b3c4d5e6f7890abcdef1234567890abcdef1234567890abcdef1234567890", + "payment": "eCash_A1B2C3..." // Optional payment + } +} +``` + +Alice posts this to Relay1: +```json +{ + "kind": 30000, + "pubkey": "ephemeral_key_1", + "content": "", + "tags": [["p", "sball_a789..."]], + "created_at": 1703000200, + "id": "routing_for_a", + "sig": "ephemeral_signature_1" +} +``` + +## Execution Timeline + +**T+0**: Alice posts routing event to Relay1 +``` +Relay1: kind 30000 event (p tag = sball_a789...) +``` + +**T+5**: Superball A processes +- Decrypts payload +- Sees: relay2.com, delay 45s, pad +200 +- Needs to ADD padding, so creates new wrapper +- Queues for 45-second delay + +**T+50**: Superball A always rewraps (consistent behavior) +``` +Relay2: NEW routing event (always looks the same) +{ + "kind": 30000, + "pubkey": "superball_a_ephemeral_key", // Fresh key + "content": "", // Re-encrypted + "tags": [ + ["p", "sball_b012..."], // Real next hop + ["p", "1a2b3c4d5e6f7890abcdef1234567890abcdef1234567890abcdef1234567890"], // Audit tag + ["padding", "random_data_1..."], // Adjusted padding + ["padding", "random_data_2..."], // (+200 bytes added) + ["padding", "random_data_3..."] + ] +} +``` + +Alice monitors relay2.com and sees her audit tag `1a2b3c4d5e6f...` appear at T+50 with correct +200 byte padding, confirming Superball A is honest. + +**T+55**: Superball B processes +- Decrypts payload +- Sees: Alice's event + instructions (relays=[relay3.com, relay4.com], delay 15s) +- NO `p` field - this means final posting, extract and post Alice's event exactly as-is +- Cannot modify padding on signed event +- Queues for 15-second delay + +**T+70**: Superball B posts Alice's final event (end of chain) +``` +Relay3 AND Relay4: Alice's original signed event appears exactly as she created it +{ + "kind": 1, + "pubkey": "alice123...", + "content": "The government is lying about inflation statistics", + "tags": [], // Original tags preserved + "created_at": 1703000000, + "id": "alice_event_id", + "sig": "alice_signature" // Original signature preserved +} +``` + +Alice's message now appears on both relay3.com and relay4.com for redundancy. + +## Privacy and Security Achieved + +- **Alice's location**: Completely hidden from surveillance +- **Message origin**: Appears to come from Superball B's location +- **Traffic analysis**: 65-second delay + size changes prevent correlation +- **Identity preserved**: Alice's real pubkey and signature maintained +- **Plausible deniability**: No proof Alice initiated the posting +- **Malicious node detection**: Audit tags allow Alice to verify proper forwarding +- **Accountability**: Bad Superballs can be identified and avoided + +### Audit Trail for Alice +- **T+50**: Audit tag `1a2b3c4d5e6f...` appears on relay2.com (✓ Superball A honest) +- **T+70**: Final message appears on relay3.com and relay4.com (✓ Superball B honest) +- **Size verification**: Event sizes match expected padding operations +- **Timing verification**: Delays match requested timeouts + +Alice successfully posts controversial content under her identity while protecting her physical location AND maintaining the ability to detect and avoid malicious routing nodes. \ No newline at end of file diff --git a/Norman_Stingley.txt b/Norman_Stingley.txt new file mode 100644 index 0000000..73ac0ce --- /dev/null +++ b/Norman_Stingley.txt @@ -0,0 +1 @@ +Norman Stingley - inventor of the super-ball \ No newline at end of file diff --git a/PROTOCOL.md b/PROTOCOL.md new file mode 100644 index 0000000..fc10b49 --- /dev/null +++ b/PROTOCOL.md @@ -0,0 +1,198 @@ +# Superball Protocol + +## Overview + +Superball provides location privacy for Nostr by using encrypted routing through daemon nodes. Users can post content under their real identity while completely hiding their network location. + +## Protocol Structure + +### Step 1: Create Signed Event +User creates and signs their normal Nostr event: +```json +{ + "kind": 1, + "pubkey": "user_pubkey", + "content": "Message content", + "tags": [], + "created_at": 1703000000, + "id": "event_id", + "sig": "user_signature" +} +``` + +### Step 2: Create Routing Instructions +User creates routing instructions: +```json +{ + "relays": [ + "wss://target-relay1.com", + "wss://target-relay2.com", + "wss://target-relay3.com" + ], + "delay": 30, + "pad": "+150", + "p": "superball_b_pubkey", // Next superball (optional - if missing, final posting) + "audit": "a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef123456", // Audit pubkey (always required) + "payment": "eCash_token_here" // Optional payment for processing +} +``` + +### Step 3: Encrypt and Send +User creates a routing event with NIP-44 encryption: +```json +{ + "kind": 30000, // Superball routing event + "pubkey": "ephemeral_key", + "content": "", + "tags": [ + ["p", "superball_pubkey"] + ], + "created_at": 1703000100, + "id": "routing_event_id", + "sig": "ephemeral_signature" +} +``` + +The encrypted payload contains: +```json +{ + "event": { + "kind": 1, + "pubkey": "user_pubkey", + "content": "Message content", + "tags": [], + "created_at": 1703000000, + "id": "event_id", + "sig": "user_signature" + }, + "routing": { + "relays": ["wss://target-relay1.com", "wss://target-relay2.com"], + "delay": 30, + "pad": "+150", + "p": "next_superball_pubkey", // Optional - if missing, final posting + "audit": "a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef123456", // Required audit pubkey + "payment": "eCash_token" // Optional payment + } +} +``` + +## Superball Processing + +1. **Receive**: Monitor for kind 30000 events with p tag = own pubkey +2. **Decrypt**: Use NIP-44 to decrypt the content +3. **Parse**: Extract the event and routing instructions +4. **Apply Padding**: Modify padding according to instructions +5. **Delay**: Wait specified time +6. **Always Rewrap**: Create new routing event to hide padding operations +7. **Forward**: Post the new routing event to specified relay + +## Always Rewrap Rule + +### Privacy Protection +Superballs **ALWAYS** create a new routing wrapper to prevent analysis of padding operations: +- **Consistent behavior**: Every forward looks the same (new routing event) +- **Hide operations**: No way to tell if padding was added, removed, or unchanged +- **Fresh encryption**: New ephemeral key and encryption for each hop +- **Metadata mixing**: Padding levels change unpredictably at each hop + +### Routing Event Structure +Every forward creates a new kind 30000 event: +```json +{ + "kind": 30000, + "pubkey": "", + "content": "", + "tags": [ + ["p", ""], + ["p", ""], + ["padding", ""] + ] +} +``` + +## Audit Mechanism for Security + +### Purpose +The audit mechanism allows users to detect malicious Superballs that drop events, ignore timing delays, or modify padding incorrectly. + +### Audit Tag Structure +- **Format**: 64-character hex string (looks like a Nostr pubkey) +- **Generation**: User creates random audit tag for each hop +- **Labeling**: Always labeled as `["p", ""]` in routing events +- **Camouflage**: Indistinguishable from real next-hop pubkeys to observers + +### How It Works +1. **User includes audit tag** in routing instructions for each hop +2. **Superball posts audit tag** as additional `p` tag when forwarding +3. **User monitors relays** for audit tag appearances +4. **Timing and size analysis** reveals compliance with instructions + +### Example Audit Detection +```json +// Alice creates routing with audit tag +{ + "relays": ["wss://relay2.com"], + "delay": 45, + "pad": "+200", + "p": "sball_b_real_pubkey", + "audit": "a1b2c3...fake_pubkey_for_audit" +} + +// Superball A should post this after 45s with +200 bytes: +{ + "kind": 30000, + "tags": [ + ["p", "sball_b_real_pubkey"], // Real next hop + ["p", "a1b2c3...fake_pubkey"], // Audit tag (looks identical) + ["padding", "..."] // +200 bytes of padding + ] +} +``` + +Alice monitors relay2.com and verifies the audit tag appears with correct timing and size. + +### Security Properties +- **Misbehavior Detection**: Dropped, delayed, or incorrectly padded events +- **Reputation Building**: Users can rate Superball reliability over time +- **Privacy Preserved**: Audit tags look like normal routing to observers +- **Always Active**: Every routing event includes audit verification + +## Routing Instructions Fields + +### Required Fields +- **`relays`**: Array of relay URLs to post to (allows multi-relay posting) +- **`delay`**: Minimum delay in seconds before forwarding + +### Required Fields +- **`audit`**: 64-character hex audit tag (format: Nostr pubkey) + - User-generated random identifier for this hop + - Always posted as `["p", ""]` in routing event + - Enables detection of malicious Superballs + +### Optional Fields +- **`pad`**: Padding instruction (`"+N"` to add, `"-N"` to remove N bytes) + - Only valid when `p` field is present (continuing chain) + - Ignored when `p` field missing (final hop - can't modify signed event) +- **`p`**: Pubkey of next Superball in chain + - If present: Create routing event for next Superball (can apply padding) + - If missing: Post final event directly to relays (end of chain, no padding changes) +- **`payment`**: eCash token for processing payment + - Allows monetized Superball services + - Optional - many daemons may operate for free + +## Processing Logic + +### Multi-Relay Posting +Superballs post to ALL specified relays in the `relays` array for redundancy and availability. + +### Chain Termination +- **`p` field present**: Continue routing chain to specified Superball +- **`p` field missing**: Extract and post final event directly, end chain + +## Benefits + +- **Location Privacy**: User's network location completely hidden +- **Identity Preservation**: Posts appear with user's real pubkey +- **Simple Implementation**: Single NIP-44 encryption layer per hop +- **Purpose-Built**: Designed specifically for anonymous posting +- **Traffic Analysis Resistance**: Timing delays and padding protect against correlation \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..ed91d0e --- /dev/null +++ b/README.md @@ -0,0 +1,29 @@ +# Superball +![superball](super_ball.jpg) + +Superball provides Tor-like location privacy for Nostr users. It's a daemon that bounces encrypted events between relays, allowing users to post content under their real identity while completely hiding their network location. + +## How It Works + +1. **User creates content** - Normal signed Nostr event with their real pubkey +2. **Encrypt with routing** - Bundle event + routing instructions, encrypt to Superball daemon +3. **Anonymous forwarding** - Event bounces through multiple daemons with delays and padding +4. **Final posting** - Original event appears on target relay with user's identity but from daemon's location + +## Key Features + +- **Location Privacy**: Hide your network location while preserving your identity +- **Traffic Analysis Resistance**: Random delays and size padding prevent correlation +- **Simple Protocol**: Uses NIP-44 encryption with new kind 30000 for routing +- **Flexible Routing**: Support for multi-hop paths through multiple daemons +- **Signature Preservation**: Original event signatures maintained for authenticity +- **Audit Security**: Detect and avoid malicious Superballs through cryptographic verification + +## Documentation + +- [`PROTOCOL.md`](PROTOCOL.md) - Technical protocol specification +- [`EXAMPLE.md`](EXAMPLE.md) - Complete walkthrough example +- [`DAEMON.md`](DAEMON.md) - Rules and behavior for Superball daemon operators + +Perfect for journalists, activists, or anyone who needs to protect their physical location while maintaining accountability for their public statements. + diff --git a/super_ball.code-workspace b/super_ball.code-workspace new file mode 100644 index 0000000..876a149 --- /dev/null +++ b/super_ball.code-workspace @@ -0,0 +1,8 @@ +{ + "folders": [ + { + "path": "." + } + ], + "settings": {} +} \ No newline at end of file diff --git a/super_ball.jpg b/super_ball.jpg new file mode 100644 index 0000000000000000000000000000000000000000..872a2e8e9ffdab8d6709749aa275e13a7f9d37aa GIT binary patch literal 21216 zcmb4qWmp_b)Ar&JY=PkJt{dFl-QC?GxVuA0aF^ij?iM__d+-Ez{Wj;k=lTED?lm*l zbXQk*S4~gVT|Mv1@7n;NjD)lV00II6AO-#b-q!%405}*JSQuzHSXfwiI5>DjbVS4t z9}uxnfyn51SonCjShzR@Bs63ML{vmLxa2GpRCM%=OpN$sZ0xKI>@*CF41XJefP;re zL_owuM8squ#3f|-|EBkT02(~R3?v2=1Q`Gl4FU=c;(ZW+4}btbfqM%9_#Z()LP5j8 z!hs8M{}zDhe?QlXIm1}bQ&$VOly z8W{k#p!dIW05p2Pv%9l`qiMWtRdN#(I{?f9t^!T<5nc{H4FDx<^k3C@L(ceDhXA%s z|E~2`E{CNluam_QTp!x$HVp5~Td(Su*Jn@t&2IkRP3IFdB!3%$q!2MyW+4*;Hv%CH zfPn@8UO>ac8fV?ejdC}akgBu zDVDZY=^Vot`gBdJUk@?9u4LcSo_Mu+gKiS&7w#ViiiH4xNJt7HEvedhaBJ`YIF1}c z~3{`;`t()bIF&HoH zyFJqy2UPrOuv?ZA^f7KadjUXbDG?*F6bR!|aKnHPYcbis4k}-!70TD9tC)3DbnOpw zbKB{oyOM_+uRDBmQd?#Z*0k1Q>ODrj*{3hDH%_M%lYuN#E227mUV3!SbJ%ML%ySkh zub23{P-PFg-T@^8#;3o)1}&8&1W3#S0DvFSQWNHeu3rh(U+1sx#syX_`F-Z{xu0Fu zYPiZft1PsZ1VuPO`;a6Rbi zDH^Huc>vE5nHU8O_yq0hwXx|D(dE3_d2MekfO4PK?2tOO#D4L*$y6Pnnp#2IJ`VF>**ep(#DTfr^@?JZMu8jcypS> zvfm7r@0b7F@dbgW3jiSmR(Ot_fg*Fqw?l95PgR{|g?shSvKJnE8e-g$Y zUGnw{o(GQsHG5m~K3qHv(}r;C*DahqAp^61m5aVl>5=5Qz7B2AFMp=KgOZtbqF3>z z+AY;$n~zTJd=(u}A4O*-z|sJD0011Z1;Kfu&i*yOzRb>k7Y6oF7d|SWqI9+sj>X9BV_xR-NpDU`u$aQd( z8VHf+|=Wmpz|x&;|1@ncu#)X ztkcxN`zw?kuLv#yPOQl6j?$ z+_m}PHQ7$4TQV0`6fqrg@lrIC;vThR7D%WTF?o7(*)I_lw7DGDOubSIY)U#(-rWKZ zZM{b{HmB2%Uj>TIzBZl1PsZ{K%-NHM%x3A5#tqrf{L?AU|i!sEKhQLrSlajT^7u3>he z@x>ojYpCZzdpY~A4-Mmj4RGxWV@_O(D9Ght$`B)zOG zCI(PUB&oPWeAirT6wRvGqe*q**4N=%M@2-t&S4FV!{PBljOo_#NTKP8m&kvEfXhBQ zoO;>!zJA<{qhdT*s7mp@osn)#T4YqaZ0}5vAV2NKKW*qPB<3}zvpP89t2Xp+AIkFC zJ$5d#Lx_%EF$CQZ-60|dKU1{CmS=bH&U9aCE-PbLkR zon0KKkEcDT zE%P6O2kw^pJGqTY&2f6SJ$4}s<3WM=CIn*qvoYs(=s80 zg98CHfKWLx4O<3{1$tc#dJIJLtd+DZt#KV9zvGCQ76mjSKR4YRR@02tb00TX`!QW! zO~!P!H6HOC!$OO!)_e2jrk$&nTvNy7=L8R?4Yn0V^I|f2Y5cDo$kKQ);Kf)80$xH{ zS7eq^tI82ks$OSeib1S^?;RjIIaj#%>IBt4j;GPoy)au=l;^hEx%q}$+UOJbWabpB;#jY-U+Gs#5S62D6_$3yuZSP z#Hh&Vt#lSIKgLj28nD_laMXE%#_c{`b|zFk&fj@lFxBn)VOLll`uHv4^zhdd?Dg;p z{GQ@@B2?dV{9{{o?fty&hv)8_n>a_Td)4Xxnib$UZNPKm?Zr8HGKcK4psOdfE~gOG zMlO_>2lxOFfgTwptJNs35xX2CVJBXQMK;68wwXM@PoR@{cx&g|g1RnIGV;Wq<9u|y zx1{m?7CWroeL7*`gwR9A0O{mf4r2dYP;`pt-WX$HIGO| znWqFH1om}+QD|6ECX8rkR+Ev97K;p%MULqEIr9pNyvx&yC~pabl9H*(KA$hjy}i6{ z_+>qB`Ij$@?zp+z=@IYjacWMr=6|1CioyKLKE$5gHIBMnxG}PmdK=Bx z*+0Q>$xj9RR{VvEqSCF)k~fJ#YATueJCKNeyB=UX^_6bKJJng_ThYLd2M1sUs$9P z$Cp3lB34@Po5-c_-6x=&yNS`AXWANmygHs6qUC`8=eyj*yXEi7%VL9I8eU!=y5>qB zW;^hTcPiaEpfaV-7AQ%4;APlD*n>;YC2`;!Ue29K4`Br?Pao<3n7E^~MB+f2fMvT% z(w$cfa^J<7;iuILL{0v~2O`}Xvv-9Ia{`gIO#lQ}U3yL3SsZg!Rg7>={92B6+I5UKB z9XQhyvM@>yw9_y(KC~CA-4HT1kdQRS58&wTuAMthXFMbMM4aq68sN4TY5L7L9YhU9 zHFPUy0(ZsVwX=Rmrn8QwH6*|rg>%reE9Qt^!Lrri`YTNp6qwdKSouoKm(K-onZB!4p7OWSm{nBo56x#~1ufw*8>r_}u-=o1Z46H}dJo z>fAp*-5VA7^>N6-()eLLm{XMaSAZ1X0fo#oh3Me}ZJ>Dmkm?Ko-NV zfle6g7LS3&nRW9#);Df5ZAJ|#M){aejC?B32|b8ZraO@&$o>Xu9|64{E% zFSLfsT`u_JcSa7rvem!lEelIsC~=va%O?oAf6Q}3xah=QE(b~~t560#>n_txX@&gw zEdaS3uVbRsd0IFdV6ZhHpx$hYspU?r^h`R&f=jfkI69N42QAsDyK6 zWd@xA3<7;!HtY#RP*;;n^Prm_atcC^&Ufh}S zXFHBMFKS8jcIOs${8xFIy5`Zmd6xO!b@S9%+FzWtJ2sB$xd~~x36AVRLFwU~&7=F^ zF6+JnG6~)R@f-q+zqIAE#X@1>6qQ31rC7s-Rk7FH4TLc;Fk%I;D^4^=S9-8+a?D}e z37&^@*JVa3Zr8^4h!2*?6raunhwWfnAq>8=;-|q14iA!+!*R!$G)Pv-nQ@DOSYHEs zRez}Q8`fD3Oj~6a{Nk{${?#6b=3vS;^W|_cR()x$`BX$^E7hHxt!U8mh{x9aw|b=z z1{b{%HFv^;3g2JWQbS&pem449%z0UR%&>qbyT;p3cd06Egp||5MrUp+HhjO=k&v5` znlh?LCwX^>u>C6hf^{zY9K@+^qhm|7Dxbsp!}wU=D7}R89OI|B17WaF zK4ciC{KlNusAzvAG4k)jMPdE;05|R6K2Og7WKNT^NvqamSA{XR>~4vGeiLxjp`f!$ zdtAMw+pliPD%eP!yE@ODXBg;x#m+ zRrg$bR@n)#9-%by`#MNVG4v+<>SQ`b_awlAqxiCIK=VsNnejIHIM zXZw~+A%9=>T0WskHsy6vWY4abm%*Q2HS5qMdPZ5(=j2qi099>qHPAe0R(q18zLxAn z=)=y4yRng}@@W-U^(_*RBxN62?5G-Fq7=lw>2kXHrt1aE!cb$ic$J7cO zPClJkB80b)Wy9<<7U+C5CN_H=`C=`l>>?Z(Bc{=N2cIIgsSqfpMWbUWHh!-HziXsegqcax?FbAI`Mh<@vN($ zjg=L7Q=KQd$R;~H&+Z3dFo9g}N-*?8cs1)DX2Ysq?mRXcG@f22asKxT{c<19d6(YK z3i1g3285goal>dgXlKB0yIoOB%fL$cNF*5bkY?j6ly6J=CQb8tDylxb78cs2h@WEZ z9iu0j=@q_{v-(Qz$9Ag0LPVvf>0+=n?t?&eeL2YqrHG94pA@_^Ki__!1^P<+W36a4 z5p;hYdflF$X;E?ZZlU7S}ONj z0G?Ry-MatQgPt8^ls*9RvFh508%-h;^TYa)P<)hIec?b`M!^=iQki@FY zv`&5%6K~UVDl4>VJQv(OnSQas@lV!!2SjVX1F(WoOH|-iXSjZT*(}hmR!@0V5vckd zL^M$RWNn>Xq&f-|zJ!+e5wtg>pIFx1X5uxjj&Z{AU9k){L<8wL{a)!L_PM}vz0tOE zgkEmfa|7$^L2ii)=8QV}_$91fC77E+vfAxKpAkzKOOXS^PnC;T#`;xW+b|+pW4r+j z73k;h*%qL;k*Ff~ToY*Z^1P==2Szl|M`387uX1eQNFhdc6l?)wLlsW}Q6^ML<#bcI zUv-v3HX^qMwI2Lxu&y*#- z9HObPaEug?Vh<1~L<016PD=|_VEMkoWAZulII33x6pF|-1&T!k1j@5dYWd`b&F%>;8LS{YzI|X;~is7X5o1es~9*yaT{4DK*+ZE-5r5 zBp62hmmna~fKccpq%5pL7{bcNY$8hkI-_84RuJMHAdy}#v8dUaZ#f)>H)JvbJyP;; z_feM|bJYfXb!!SidR_m(Rm`21(EQ@Vs@`7l;r8lY+S_=Y@D{W- zQ`fxM_u(V$Ohc{E=2X+3f~$z3a_V&h&%Plq=Bl{mu_JL~WDQN&3cT#0!w*_c1))&` zHVr;@+Hq7iClZE3E?)Cz%w*(-=JE26lV9dk5*d-phv}dD#TI9o9#1^5DJnhJFTMPn zYEnwvnM25J%PAeF&<{3{wFVP#GFvu6_P86{(V7La7+pp2z}UMsybw~)j4_Yy>h zsopv+OuPaL7FAv>@T|NXLeG(ZKHdM!MK1qsLc1TSWhIO5AN`p+ydCWn^tb`ndBXpW&`{lV};IW=@bJDe1=DKf~?N{ryDnk0|$#c2UGJLzjB_- znui{++Gzi$w*TqvU$v2vunGxdus|!b8Iy@98T}JQK>n+^!fwHa{fOU>#?PG0Y&vD` zL>-hBmOmUV?i@)gX9&%nqe}M1mB}^LK>hoOEX)ShJ4H)9L`4M(g#qnt)^Z+dB? zdXkYiksE#J%U7|DJp~S#&qsAqIa{LJ-qA5*rWQ$MiSFH_JYvfSOYn2ychai;RC9mA zsKSLuUK8ROb&l44M&5to_51c)$}7%i0Ni?91vUK;vIbeDm;UI8E!p%)fY~!T$6M{5 zUd$7*t3AFtDwdwy@AhjxE|(wjlg zYv?;H^XJ>V%AoD?HO}&0OEW1xNpnrN%%oJDx%>iJjj7%Rmxfj%-EHIrrFl=TM`-yIZgsqox$EW?}o3pmzQQZ|Ni#!v}Lga(N?%nK_Bj(J@#p?_6V4z@1geHT`` zj~*;VP(x~xe32OsrKgAKZx6i~>`_@LQf;f9_oGWeoZ2W-YD`ft?{PF%X%c@%QN4u` zU0pBXG1lXfBsbrq4$k29Qs9;RnnRbJ>B4-u*6+}j35|WdYtZ7Dag#jJ$?Q4=^P!Iz z+sxRD$Du=WD_9V`FFfKL2S}mWhVU{HLpU(M`!7me4erND7t4H`DZBVjREHw z2*SII4$NqQOu#K+T))?n>E@)W3BE#?JC8k_@Fa&-CqZRJdfU>k{JZYO29Yd<(yyUH zNJGZdG<<6%*UY-e>Dl_A(dcnw}dJG4aH;F+De3QxiWY9Kpl}RauTL&t2 zCZvkvA=6$faCa<%x3H1V4;=!(Qdxm!#^HPH9)u!`F=@|ox#a#CG{W7g2z7?#%%I9T zDzCk0yh_85j0l(_%<<^1-E+Y5yxR%U`zEPKrCkvmd6~!w7#DS#vcx!Zx#3J`Q6Pof zz&^x8dfnLA&9~c8b-4){N~7ykc!oMN69oCit4MF<1aguCxl8fd<5Bx>@C-_xm1Q%! znn}cz0ZA()G5wDMLU$5ST4JU6IkXe9mx-LACENy_mi0q)cED2VKde|;;!~C1`*DA5 zgaEIpX#2irkpdYiNM11z4CFlB%T`CZGxIgRpsI5D3*WRxL()W{sWdPqjit&hO#Azm zJ8&z~MHsF{JSYfo2|sPvg&DsCXg}#4OFGn1W7@@fG}dg2@ry;-JZ4Hi6G31M@gNqn zq-O{g{t#ged;A zs%c+E!+)@$?sb?%&4ua}gql&X&ZwUtJ#ou1&=r?_PHk@BRX=+inL8g8_6{&Z2<{>z z9%k7s>(3iJ+c1ymce1KUiCSrv^VF-<_rYR}o~jKlgU4XuV4n|CuA33vsR}aal8GxkO|!3df0(GC8xuqf@hy2NLV{&q$}^p zq3VNJJvC)?SA_6dGnLjU(98s6CH-8`iCG;$j<79w3820zCtwJe8{AAGKI!JT!(vYO z6;3IYZWE4^3i09aK{Hi-L0dBdf~+v&u5Bpn1YBiHFeVRVB*H=}Y7J^FNJkJ+y$=MtUGPZw)30C}{9I z{O{@rUK>eSfnb-*nM5c^DKWpUZ-!;((&^$qC{U2}9q@Y$-^B1NUQ`m1_-TSux)8%c zkW~y*P*Vx?$?PpV@u^$c(RL83!_ajp_W}KdxbZXNL&}wO#&jR%PJ^omzp%k}bHpvj zI{*rKset-f%oFY~I%U^JLz&(Jvn@_oLxrr~a|N?1ixKXZ*b(-V59-j@(S%EhRsgxf zL7uNn*{*TfLozRrpM>SZZUeEwM-UwPum{KaoiHz-f2z$pfXGDfO73md!O>}KnJhnm zt#xM|yF7?K*i@y)snl!<_mWeXVMG5yeGF;!`WMy94fU9)Mv)#OEQ@`J zWBb@&CJcf1Q0gX%Kf5JV)5P^LI-1owR0@27*ZW5?3Dnm-!w$;v%MR5RxHk4#mpVcz z1g+`#)m97sg`Us;Tr45$c19W)AX=jp%Of~rG46UE-caoHOGG)O37mvtIOQ+N=8Z+G8diJxT*^X5c>VqKwt_wyn{O(IS80Y$bn0>`CKlIdGZWJ|>UK}Lk;Kk}9(1h5 z93t?xs@=Y+Tb9q!myWuMsgfSdDU2ez-@A%( z`E&;h*T`{i4MLot+frAbp4hC?8U;V6PdfxG}hjYTih_4sO&a@Ye+frDI=xywrVZ> z6OZ?&)Z_*4^mW^ZVX5OL1#rdt$-W&sVU5^=gLTvCNH$eraFMf;KchP&q ztQ<2;4?@*Qot5bpZtHYzN~y4BqWD5{3WaoC1{kcf4QG07F1=VDu;Hj^tos7StwV8( z={6S0E{g^hZxP|FqA+I$o2e>Qw)nArRG_n%D9q z;x>UnvPF|4sx5*lQQ?#g9;gNNz85cp?jf8*Z97O$xX&@O*P%1Mq6YHi$}M8V>*|YtF++0$(F-fUaf z43m?V{tyy$Bw@!SQ4rxoHxiM0)G)&_yPP3=04_}UI^BjO6K6OumE8C!RVkeD5=2;0 zTQ=AX(T7_>lnHq&GeLysUdbvMp&w@RhnDq9g|RHkG0_XeQ1FdFbUzpnUoECMriye% zeox@Iw3*aErwNdBx4_cdMAm@4|M(KIa@g*T`P??P6{V;RP7o_RAM`2kZVmQhEnltk zkVC7Kt7nIt=hwTcegTmKwMJkV-ybFmlU+bx2zrr|fkS^4vI(!m^}H;Jr$6-4HS#=o zSZ=Q!`PaP3!bK#EUry+;nAr*=XXP;Jtfl^ATjYo zL8_H0ePpmSGW7j5*+kz+v>`MC@Ru)1$U_pnwC|+#S6aPI!yS~9FRp2MeU69Mr}}!0 z_+h73Yvjr(Ef+19LL{Uo?MwBG$AB#hG=RYDV-Gfm_&SDvk;G?ln8CeL^cfq7P)v(* zoW=Z&TS2~VbJbGc5moELKa=BS-4HK2IEn<-2#JP)6CJba=qK?ZS+<+1-vyD*I?WG5 za03~a?*v63l`nK#U492<)mk~ZyaSXOb2lMOeLu=qIK|2&mlggQRs{0R_tmomMX9uw z8KRenP2ncfNJjUenh)3KdW=k3$$B&}vVu&vt)75U#<$>d zvRMeF5C{8L61(eapO%(Jy8E1G7~Q~e9#&i@C^Lq3mzFN8Lzd-?!O?6-v56Q-tlLWi zalLq5T;`rr;4~I3u!oEwgc0P9LnK|+>`S>EIYC31SQ@G8;G0!`^N>o0Y?kujNdtEw zt5S?$=@!YkQ%>N}*EncqDZQhb>LE@$$`yZ06S5T(d)<=An6}>A>2%j$_ROz09@q7$ z702bJmpART6^K2*$>KdtDxlKv4uFVIMd;I;IgOrBIFOBohbqueoG8-l%q7q;VMt75 zr{^;nlD_AFOFNSF(+WDvNfX8(FhtTH2WNN&sa6L|Z3RPQ^bbxn*%@%COe4?oOikxd zD;$wptiTHlPs!y_-=_p`vR%em2mg0~hdkB3fRqwHJ5u@+lRbkH50No_@cbyUmIrg= z+*>3Qc0xsI+Ig%@HZ(gYOHXiH#S@{alSr|Rji!=&oZ9R@=Uo&O9dp`s}>C^9CT|IRf}(BO>G-vCvI8MW?QO#rJ(emX`##FH8K zp`%hRHFl}(v)J>a19wVUF;@gM5gkISWw1V{GcxaxB;@R$OFEHS;xmg@Pr#Rqac%e$ z{Em{r?^Y-GPBh!%mPy9-dXHhA>FIH5Rrcf0YpGaDs?1LrsUPQwunSDr{F#xEoUj|D zHs1jluh45L-(v~|fb1$VWqRy+1ANSPu_)_HXb+J;V^2WAmN#J~J}9W|ZO$e`sqnPX zT_SFx*+!JuE_g9)x`kyf9oNJQCz@Q+%7`2iJq=-u8>~M|CW<&x*=oIxF4>tQZ15T7 z9uqKKCTdAU&#D=;>i5RQSzS+qss_TwF6rJBh;@Z&{Z(O_3y@kaQSb2q{jHw-dZa-v z`xh}2P|6UyT76f+yHqF8r1zRk4CW)p`Rg@;_3p3`^+>qBpM1p6DlXv6^e!%kg#y)TiXzWv1}OXGWZAG z1(b6fkSdrV^-vI&DaUuRIx=r0uT7L&6pzY4d}0%X-{@B0fh01|so~(9TTobNES}S2 zjBYDp34yRgiLsm}W(KVB6{>X&Y}OJ=Z>CM5ehP?QGD^POqn`9P5L%)pIzCUo%T*e%FLi>b@=FEMu*J+v+&+I%R?c>O3 z>Vy}IedncVd-!S7lz$zid zyA|Fee5%RF56zHZm2&74_=#O__YPwN4Ft2PdTL)G^zJ?{MMu#`Kj9oA&0&a6mma^& z7RUmtZZkVjhRM~`1|ZTB^RB1Zmp4sZ_!yrJ=0l^5-{4z_}t+6`RlwLXm%qu*^2zs=|Ct1uM#wTV`e-SXdiw+k2azdX4m1Q4k$%>S69`%D7KFgXyh65_$QH}?r5^cP zB*`T^s0w28E}ftcJd$y=te_?m<$1mxe>c8nam#T_W=TEZG<~4D^f#hM4R${rr#UNB z&r)wn_9J02dW#-L4E+`LwQNQkY8H99*MpIk3Ur6jKG5|>?bK=lv>Kg3NP#QfT_0bu{v4K;FWZLG5TR_2&XMMB0pGY%40>Xlz&qSHX;$=D`u<| zIVwzom}2AudGBVKmXkEe6WJFbp&&YFL2(nYC>-My1Gu;+5orpbG_)FmO8yh0Ofr24 zD%7a?Q!h|>P#ApEuvo2hAe>YxdA?%%)i759zD$q)7K`_==KEf?0%{XDGW=)z^FMn@ zfF8MigFt8}Nr3VQAD2-G63g851%;^s9@jPi8Um?qy7PL3Z{YWD(mq&tlDWGLrZ0QJ z&*zoT=iSfe?T5$==v*~$7$4xlR&?7IDs|p{eclN!dobW&?RaAwHOmxafhW;)IF7%b z=DVKme#rc~nHBi0y;H8t!FGfJns=>(8GK*h`CyqO^$7L!r@C5LdV1$oZ%D%D?tfTl zUm75E?+yf`P_&LVe9!svNK{|m0briaqpA4#pk{^&V#Q|L90GgIX+9SI05H$ncpf~nm-T~d${YYS*D_TSLA}!|e z80DG>k)CIfh`fIW2(CofVj5bu*RFcvVFZN5EVIV~Ac!{o z^zP^X=`Wato@g@l?9r++up^WWCBfPJ>96d+|EuKD4I8;wM@|t>=*ZLD%v-4cSeR_x zZvu0y8j{9>K4BXkTFw4b|8MD!cv_E&NP=YI^Jn#S}EW zS`ohek7YXBL=G-4vXw!K+Dw=rw?N=O7M>hahL6g(i+v^YvHj&0EuL!s&N1IkGaF-_ ztDRI3>#nHBSohcclS<})xPpWp>%`JtN58QMp<^X(6XWy94CwwHexeJ~(Qr&Zl2hgr zg{A`c2h@9^bztZ7G~f0enP_wdgsbuo;M~kblgEXxS`j@YnB}C<7=7snx}e0O!(8N3 znEFUplg$kfuy-y{M+8n~r|4+?u3Bec`0ym?dWM!T1F#jiJ};M4R9B5gJwUgaIbNq<5U6cQ{+`fUOrK5=gKv!Kex;+TX7P{${iO`&s~us(=A! zVGPQ0vJs}h1Z_FUj$feyP(oT>!g(B-(sI#eaP8EaO?(bjuOmCl7 zzQ#M%UwWE16mrL%sSFnwuW}Y%jE-zitjT4|evRm`81Y#6U5_N`e9;%zAn@nQX=*n& zIGC$@W2_@$DKvJ6S)z9vHrQ&tMTblKoXN#C8;oXGcl&8J0I_bfawIMc~*MB}#tzoi+&8oJ9vON+o38lq9 zHJjbfp}b9hBiE zHPV4%h_;tPD4HChF`e1k^{4ReiS%JGaEtBk!D#RD&M_*yONVa-pXs%Yp!?zz^J@;~%c2>(v?9L=h;voO0|vpXF@e1MO4U19JX2QrfIE^CHtyI(>q zp}=jE$L`E-)SVDx5S>0c1$Y^9Fl`%u8Ljs_gu0MFTbSiolN!Z6=zXvoy+`gu?)=kZ zDi~w`>>hwJ;JDuWMkde_aRN3@%72U#>M!gE0p9-kFXRU{P8MMjWg%lF=b*&=f5E=L z89T6nlH~t+MSQ}(A@x-}@c*^d@b&4;a2~XfD(646&8f{N`S6OmQHW)scN$`*YYH6Q z7D5(`+KsJ^S@Ss!Dgk`uWKXPJSP$r5C+;7JfUw&lWsAV+#-et);Q4YV%v39!ZCHLo zIu{VgqqBboug{x#C1LI2oVtRv-Ngo1Yz%5RKh)brCw&!;Ej?kbFclAa{@UdNrENWG z+8VAR6>;!+F}4n#dQ=zY>ZkpTw=7m=M~L6$CN&DS#^}=ITFTLZC^i{ccK=Pd|Gie` z%0}}iV*7T2vp*|+7N<7HMl9&AxhU6=6(}Y0GiO49mvLvh)e@U_hPsX#N0pbX{mxz0#`< zb0Y8(qUN8^=7jj`Vled4WGH8w$hnj786<`TrwCwq?m+#KX_3!?=BMjN^>OEsVUKs6 z^_K>X4mw~WK_<52L*Bp`l#hY+Y zYqwMw@Ce(HMnRv$CRu3_SwFVytKdG7WG+*5tfx_B~t{U0;d)^s}UWf+=MH~ z;hh9Dv=n5x2QT6E=TFCz~;DY|Il)Q_BxhtW=6Q#-u(mCr<1iR z4Gq=@Ix34~z)rHaC%O+)n82=~HFRa&g{Y*udKUJVFzBcDy(AgX__l)IsB$ zJBp+^x}KqzJ+tFAYlKhdA&_2DK*^yLX^O#mF3vObA&Ymw;xdD7XIP3bwB+E5S&9ox z){gN*#ICRZ8?JeZKeu^`_CtzuF8+hxG&O3=(zX{dGx*7(`xi_H@2!RY7fb&aOb27> zK<6M5p+uIyVEWGGh0_19bReb7t4^qY^b?($pk~5+jf9#7dF;s1R*_6-jR8NM=8>;L zfaKw^e{{s@(vb%EMv*sLk$;@`<%xf?H`s5v*wTGv^8cv|xaP<_fo5Qw_(MH_Ru9^T zQKRpa+1R`kw1MEL?e$L(NPfb+5lBACNv5AIrV=QB=0%5UMxyTFWSFZ74Bpw$*;+*u zI#R~(VJNUr-D05zc;M2MUZf%N^&h2%7c^>)AzmSiunK1NE55QmM)Y?ktf-ZZRC&Mn z^#{?oo?)I{(s^FnH7bc)paEzuBeg}j&*)?RK#h%4X|SI`r29kbt+7YT&n6?}t)6nC zF*?@cpmSrhjL8%U?NP1^LWm{|=3P!d;JU8eaNW$;lr0q=Pdq&PGQ9PjU83=< zCkalB979^|T+-+>G(>sz~jDUXIHtS%Z9$6YWQI|@uLFg4WGPMF7xnf59dMN*6&%;HxIF-D1+hJ0RU>3dwYZEu^9~kS-olDX9FC zE|Q>Ek(EpCYF;@%%ZN$or+1+s%c?a*N(;+wwaKU%lLj$Hj#h7A^j%~_KqRjSv)C`0 z%a4q&UmJ1h(I?Dz!hYWaCxeAVjAv9_Xk}skW+=#{T9+6WHodUebxe{y%N3XLr-+FL7`NS;jb(O>h$L=wMV8m7E6v zpy&jRenYOf!7Jf9nmpF$F;CaxpYka75w{s5pK|;Slh2^epq|rrZ$%RrN|WX4^U&KI^vJlH$q4G#+kE>$8iSp> z_zLEk!HpU_fTBP6uw78k@oD~U0IP24Le4V_BeqN0{Jv)fj_9P7txh3x^ao#B;=v(K zai?y+hbSZMK@2j4ha`jtMt_sz#bLE~0LaFATUZX$YAF<}g7vq5)|7v>|MEh+I1oK^ z-@tc#Jp!8@SppL#WdJ8zzZZYdCa-Oh#g$k)DQ~IXL>A?T%7Tw9psdh%-9(S6+x)a_ zy?`r8gFe_eD9H+ElT@4bJiU3~J{qZXlRJHfJ~Qn^`J*NuWjk8tMOKbNH&rkB#2Z=9 zDIz`lIJ{QwpuMoQPq?({6W&v9y%gZU#9^Ut22&-*wxLW2P=kJ3+sP+#)~$?eQ!ik? z?YbSKZc!^HTgJ&WT1d8&%9f=s^9m&ymDgqwT&_n90%EQj0&&|PBGp&g98CUb+cx1u zLsv__t>-z^YBFvKm|6_S7hTSy!BosU?7L18ZwE?0Zk=&8g$T^p8~rBWFPLNOiL6pp zouY!0_sqniCv*M~suA(6NAt$(SvcKbizPwmrc;P=)AazwtgCiuS|#4-B+ggDHMObQeAZ?(BaXTs5HDtfenaHJ-K;gUt zfC!x|ub0*1Vs)AO;onJJ{pM&)g3=mbgVZM90Z}>&_NA1;!M$tnE6l@%H1YJ#KS|F% z4H1Kw;_|9bvTmGpL~uu{vJQ6awbf85`MxFf z47RsB>~_v;{+z2xH_KSIK*R6stMx@a;No?^lDRtdSJ=r3?J4dNO<009pzIb7)>HN& zSz{DZ8i;HIuquPTcPvJJQtlUa6K|bka9!^W?lwhv9q*d#BOxfy7lLnYLZhbmn+2l5 zhETg@nkncip!^2ABMRC`&BW!7JW>G766{41QmDo8+(-8*fUI+N%f1$rYaws3B$aen zk+4Bhk!j20Nj`?cr9A~t|IVx`T)VM73NYk0AEzl(P=F_1nE~iy4_ZPrGrtH!*^I?8 zJG0<lPGO?2U;Vz+ zMUFz&wM{S+sZnG`TK;oGuAk9I1g4I8{>iZ3f`&25w*+ElkTS4R7I|{4U9b-mP_{ov z2qClfDne14)f46J8DjTFiDka;q3L8R;xjlfhEyiE>D-DYdZ^Yr+oU5ZkgG*E=+d-||ttJTF;9#nd#}Dh8I6q1E9>8`A0%ylka0XRa}V&x&fGdn+(MPTZ6( zpKkJ?(M>*GBQ2QV5InP`sDKR2z05NZ!;N;NA}mxe(?O93_ilffq$m^=NY+2l4t7eI zXSO+DO<;@34Zif*QyG0?;xdAC1i7VP$Sjd&TD+~GnI-+S)eneVVqp{>S)Tz7JjPzd0y+H&8DuzfMXo<1@bbmrmm7g9?r5JNve+)e`f2Vv zp7W(z0Da{xB<~?IcsPN?_%Y;J_`_wEIPB*z;;gsXhCnWq$i%u6BtGH(cVZ5_M1Y?Kp`$u$;s_uwOMpt^=Vl2+a6aU-Ho4SFWSLvCVyKBtwU6XtL9;Gkwf=~9XUH-W+U3s=bv>9EYCl(5ewIX`+N7p1A!a z=oJ{vL79Oath}|-(usle-;f0e&67?+CoL>OldNL*%nYB6v>~xJWE4eoQ=QC;z*sy5 zV^r~#+^3Ts?9x7HJT&dQ3AGv6-Gy@|N2^|rGw!5?&BxH?{h*jsSOa-vR-j1k(eOWhN z<&j5=512^6qdo!={JtVtg#a{UlO+_~^4iU9ET+Pt+QqmWYz|r(!jN|W`LKmD94b4k z8Y6RUK)MpPeQu)=qgPy$(HaA`HqLLqcIGyhFoNuXa-JN0Ow|7udk}>01sfj`f~z7! zc5?%`tFC1YyNK9S@e5xt#b<7%aT6&==3E=ZTL$V0b1LRH^C&ogtgDq?b<)FDWt^1d z0=ibS^H2iSWiI`Lh>cvx%Z3cG3JV&;9)^{d%&rmB+E%8;aU4V`S&8h|?@{|M-82*j z0hxg+ot5Aow*dzu0M#7?e2StTVZ0e`F<{eDyDb$n_I}(gG*VJ4)yKwwJu{m=%3jQe z2OshZn46*}^c7uHTLV-!7Ul=GisbH4D$q+`HMEo{f#iy71RB}$(4%xka`m07F|d-5 zfp-WOmZDh2Jx)Sh&!K?@#)KL|HdWZmC?<=Gxxg8IWG5>!k)M3TxWnRSSB7^u1)p#T_V!5l9HQzI$F?=y)@wjZIrMSG772JaGt zH*G*vi)nH#GR+NQ0cayV!;8n;a|uI0wiaAsVrGXLg5lfT>q9fRQM+N(O7l}ZQmDiV zgGz2!Dyk`13sDw(raTL2s)>2ac0Em}x1UYzx9tnkaQG{)r!_0jHW8z;RHQD(>hr-_; zVF7?z+|nQ(W(RVRWyvrfZ{>7Ghy!Hv3>43Diflq!xrAk_l`9M|lBn)AQGk<^EBi!s zFcgrGfG`>&Y6|XIv~@3W6C-rY@oeH=At}2w%8zbY@f6=u%%z6?0D}&4E3yC5ukXz+tC8W|g_0OPY?g!ETN|RGC&*1o`98pjFGG z#HDzYv_Ta@%mT_K*it-K_b>}PF;MZMbKvsu_vm69Uu#EsI=KDgJ zFBcYBa161Gn3mulb8!tRvQq)5jj?=Ie8-O9+zOfb3Q0>`@_MF~GvKoy+3_f;MNl`M zBPnq}6?pc+=2K;btt7C#(pak)7K!9CFa&0~fRd&?C@nGEGwj+r#%BGDjw-*m<`_j{ z11#6=1d4;U1;06o#n(r0UP4|0x4pz`azfP6`=bJ|G}(MG78ST{LWWulH83<9p~D9X zvR&(lZpv7_zG35pa#Io5P~ug<=l3|Ff5Qe1Km&Lp9CUwab+`;mmk=*_VPm{?1H~XN zbzP+|ETGyeYmGK;(Uz~6*m{5=Qw!#D8S?`0$_x{T%JfyUa4E8+@yRI#ZP6>@RBSD- zB+At)+LO6KFJUzY@lc@nn7ItLGo4K6G`{aHJ|mI5+^rfK)-?rE-25^3L;>vpEL3>R z4sAy@2#ycACv++saF#%&WiH_rsTL4eT;7ODRwNjs2BYRI22fvf3=(KlNo{XkDMo7d za+J%O-dS8Mc_)PKA}d12U+!r>B1Z!{ip7smQEnMw2!8``z&co0+AG9NRn)88bqQg7 zK*_VHlS-^qqQVNU1^(d!TQPQ7*R&PHQSlySMo%5bO9*BGfpJ7k24`v?bw-56f`&#c z(8{g`1T=g@2?{B{M+`w-?q=xjb3)qoAPx^OG&RNd4hqnn0|;_^N|2hK7U+B3{w5H- zE_}v&{$-t!yYUi|7c5p5im16?Yb9OFfUOa+3EW>TSNWVr63aSW8P7&Rca!l$P`=~Aq^~S z%j`hD$cqd!6|^l3s^T?_)xtHp8)moSSV3AH>i+=buG~TG*Od6J#M~7;o_xik>6ed1 zF0i!>AuJ9fLn|ucG+NyT4Zg^%s}Kbv+016P-gBvTRBHHT#iO_!ui8V%4T zpAUJxS4NFj^$;TpY6b+PSKXhZEfw8RfOQt zXP7F`CGeYPnRP4E2q;kVEV`(RSGO<)8v%Q~(i5TRYo%~%7A8J{m4ED1>Z6y7m3IB3Eki3Pycq6ev_zDJw&N%?XWl7UhS&fOKKAA4 zS~48KSi}!>DL-m6<_*Sz(p#&7FiA?GqT5%L>)Km(Q@D}T&~1s(hS%I&hA@$7x+SSC zIe;#p3P1(K@ezquW>J(HrF_D2N?2;6XA7WgQ3!l`QI9Zi1c{Ov@hDdYa>rGb&2p*l&?+1@M(W+lfnS(5 z7lB1jz)L<~f)pWR%GT}5w<&8^yuzHCV6z)00{xz#l(*(#vi+qgK>3a*O$<{2(-=S) zW*|T-5|CXvit$Ob>SfHgypt9w0qk`VMQUav zTa~6-sucE?!3Es1E+F&~wjr5T&4N|hDOAOcK`2eBw%T2OW|?W<2jUniu9@9`h=2lL z6^QI~%$RoyZhLB0fZ%i;#f7hQ8GqPNQX`KnT8iK!pDB1~;PW(#mza66tkDtzp@ntC z7ZxI@MTkL{2L9D!52l=CYf@{go$@2o9g{Xz{joyxP4HdrxZBf+35|_;zmCzcPAcQp!L+utc^$tkFixwM| zj8=vJ02y34BCpuMvJabwZ9v}-B&9O&L7}z8Dp}-l<_#hIk2fhIQzMcq@3-UrV+~c^ zJ0(odL_A9-BB5SmMuAJaB_qp=lzIK;QFC__%Ps-D%Yx8|+zc*avk*#Icc?%WQjkEz zAVMEi`d{g>V-KKFg%{8+5hV*4cGSZgae1Rs?)*v$xlS$vhFzXwRRF-aV|cH)3?_jb zxBUMAQ&}3-!BtY|{{VFYjSx4f@oXeshWkG8QJ>GDcP{2#tM-i5PI5v_iA`=G`Hk(i zP|l?1Rcgy(iWg>LuL>7RLXefk7HRsB9A=wgf)1W8h%2(=dB4XN_!l?0{)c|Rgz3bZU* z9}z`#?+iPLuTWYDdC~x-dy_Q)?gI654Nb3Xs4c0vXeBiV_6G9@Th`c|uYnwg_syB; zGaavq8z{;aHP`B`wU4q~fAP9fQRE~a_l=PYD}a6ku+0|cxS?kgf>xJHH`+f}Yv zpHvb0PoVlYHTn;#MleP&mx-jR^dzX0SPN=lC(amgDA90kX|sevQslXBH&0QfjM#<; z@I;OkR=SiZej;I+Wtn1F3VF=95%`vYoNS59)zt7yAr12LvRuHiL6=D9-Kg|itto`W zq%*>V2Kgh)9^Oe#00R=R%+oMM2hja$`q;#b7cFs$xltuR@6ghFU{%E+B2*Ku%g#E| z%fh3NEED@np*)(9B0o*W>we&2WNa#3Fw_sOG_bA+?{b7S!v|EJVP&bRB_R8_nb9W| zaL`6{OBm7ARY9(BCEjzAhzgS31W>fo1wu;1?PjJTVLf<(hufxNMDY?N!HFt%l`0QP z&Ls@^n>Rd+VbtRr9;I;ZI>n{hdofbP!!;>y-#98LsH(*TXH%(x7)=FpA+Qe4?l zC}OV>X5s^SuJ1{THk++W^3MR4dEJ5tUoy}Ez)ITz(I^5o=B8ww-hkpz+#5ct9Fy>n+0ynr~ zsZnih5)FgF2N8~{DbU+1h^pSd^_Yb|+}{#{Cono1U~NQ7=Tg6Z49B zyL61Nfyn2;wd#LN8~?-1LLmH3b2_=$A< zM(rh9ABk5414U1kc%^)O68L?445QE~=nC{dMEe?*=)}K7i0UPA2k+=`OXpllgz+%y zUvW+1cq7($BL{>$A>k8b=9JbUR;mHS%{)-fVS&4aAnpK4fdUhVeK+=usZk<&7R7ZN z#6itYSjg4Nq;E3IGam_8iLAY14^