From 01e94a48e7905757c6dbf774e3f9b8913924e911 Mon Sep 17 00:00:00 2001 From: Felipe Zipitria Date: Tue, 31 Mar 2026 09:10:21 -0300 Subject: [PATCH 1/8] =?UTF-8?q?blog:=20add=20CRS=20migration=20series=20pa?= =?UTF-8?q?rt=202=20=E2=80=94=20configuration?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Covers crs-setup.conf changes: renamed paranoia level variables, new tx.detection_paranoia_level, tx.reporting_level, tx.early_blocking, tx.enable_default_collections, restructured restricted headers, tx.allow_method_override_parameter, and tx.crs_skip_response_analysis. Includes migration checklist. Co-Authored-By: Claude Sonnet 4.6 --- ...rom-crs-3-to-crs-4-part-2-configuration.md | 201 ++++++++++++++++++ ...pexels-antonio-batinic-2573434-4164418.jpg | Bin 0 -> 91011 bytes 2 files changed, 201 insertions(+) create mode 100644 content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md create mode 100644 static/images/2026/04/pexels-antonio-batinic-2573434-4164418.jpg diff --git a/content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md b/content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md new file mode 100644 index 0000000..76afe82 --- /dev/null +++ b/content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md @@ -0,0 +1,201 @@ +--- +author: fzipi +categories: + - Blog +date: '2026-04-06T09:00:00-03:00' +tags: + - CRS-News + - Migration + - CRS-v4 +images: + - /images/2026/04/pexels-antonio-batinic-2573434-4164418.jpg +title: 'Migrating from CRS 3.3 to CRS 4.25 LTS — Part 2: Configuration' +slug: 'migrating-crs-3-to-4-part-2-configuration' +--- + +This is Part 2 of the [CRS 3.3 → 4.25 LTS migration series]({{< ref "blog/2026-03-30-migrating-from-crs-3-to-crs-4-part-1-overview.md" >}}). Part 1 provided an overview of the migration. This post covers the `crs-setup.conf` changes — the most immediately breaking part of the upgrade for most operators. + +If you take one thing from this post: **do not reuse your CRS 3 `crs-setup.conf` with CRS 4 without reviewing every variable in it.** Some variables were renamed, some were removed, and several new ones are required for features that did not exist in CRS 3. + +{{< figure src="/images/2026/04/pexels-antonio-batinic-2573434-4164418.jpg" >}}*© Antonio Batinić (pexels.com)* + +## The Migration Approach for Configuration + +The recommended approach is to start with the CRS 4 `crs-setup.conf.example` as your new base and re-apply your customizations from your CRS 3 file. Copying your old file and patching it is possible but more error-prone — the structure and default values of several sections changed. + +Open both files side by side. Work section by section. + +## Renamed Variables: Paranoia Level + +The paranoia level variable was renamed in CRS 4. In CRS 3 you set `tx.paranoia_level`. In CRS 4 the same setting is `tx.blocking_paranoia_level`: + +```apache +# CRS 3 (id:900000): +# setvar:tx.paranoia_level=1 + +# CRS 4 (id:900000): +# setvar:tx.blocking_paranoia_level=1 +``` + +CRS 4 also introduces a companion variable, `tx.detection_paranoia_level`, that did not exist in CRS 3. It lets you execute rules from a higher paranoia level than `tx.blocking_paranoia_level` without having those rules contribute to the anomaly score. This is useful for exploring the impact of moving to a higher PL before committing to it: + +```apache +#SecAction \ +# "id:900001,\ +# phase:1,\ +# pass,\ +# t:none,\ +# nolog,\ +# setvar:tx.detection_paranoia_level=2" +``` + +If you do not set it, `tx.detection_paranoia_level` defaults to the value of `tx.blocking_paranoia_level`. For migration, leave it unset — it defaults to the same value and behaviour as CRS 3. + +## Anomaly Scoring Variables + +The threshold variable names are **unchanged**: + +| Variable | CRS 3 | CRS 4 | +|---|---|---| +| Inbound block threshold | `tx.inbound_anomaly_score_threshold` | `tx.inbound_anomaly_score_threshold` | +| Outbound block threshold | `tx.outbound_anomaly_score_threshold` | `tx.outbound_anomaly_score_threshold` | + +The per-severity scoring increment variables (`tx.critical_anomaly_score`, `tx.error_anomaly_score`, `tx.warning_anomaly_score`, `tx.notice_anomaly_score`) also existed in CRS 3 and carry over unchanged at their default values (5, 4, 3, 2). + +What changed is the internal score accumulation model and how scores are reported — this is covered in detail in Part 4. + +## New Variable: Reporting Level + +CRS 4 introduces `tx.reporting_level` (rule id:900115), which controls how much detail the phase 5 reporting rules log beyond the blocking rule itself. There is no CRS 3 equivalent. + +The six levels are: + +| Level | Behaviour | +|---|---| +| `0` | Reporting disabled — only the blocking rule logs | +| `1` | Report requests where the blocking anomaly score ≥ threshold | +| `2` | Report requests where the detection anomaly score ≥ threshold | +| `3` | Report requests where the blocking anomaly score > 0 | +| `4` | Report requests where the detection anomaly score > 0 (default) | +| `5` | Report all requests | + +The default is `4`. This is more verbose than CRS 3, where only blocked requests were reported. If your SIEM or log aggregation infrastructure is sensitive to log volume, consider starting with level `1` or `2` during the migration and raising it once you have confirmed your log pipeline can handle the volume. + +## New Variable: Early Blocking + +CRS 4 introduces `tx.early_blocking` (rule id:900120), which controls whether the anomaly score is evaluated at the end of phase 1 (before the request body is processed) and at the end of phase 3 (before the response body is processed). + +```apache +#SecAction \ +# "id:900120,\ +# phase:1,\ +# pass,\ +# t:none,\ +# nolog,\ +# setvar:tx.early_blocking=1" +``` + +When commented out (the default), early blocking is disabled and behaviour matches CRS 3 exactly — evaluation happens only at the end of phase 2 and phase 4. + +For migration, leave this commented out. Enable it only after the rest of the migration is stable. + +## New Variable: Default Collections + +CRS 4 introduces the `tx.enable_default_collections` flag. In CRS 3, the GLOBAL and IP collections were initialized by the core rule set for every request. In CRS 4, the core rules themselves no longer use these collections — but plugins may. + +```apache +# Default: off — collections not initialized unless needed +SecAction \ + "id:900130,\ + phase:1,\ + nolog,\ + pass,\ + t:none,\ + setvar:tx.enable_default_collections=0" +``` + +If you install any plugin that uses IP or GLOBAL collections (such as the fake-bot plugin or the auto-decoding plugin), set this to `1`. If you run only the core rules with no plugins that require collections, leave it at `0`. + +## Restricted Headers: Restructured Into Two Variables + +CRS 3 managed restricted headers through a single `tx.restricted_headers` variable. CRS 4 splits this into two variables with different enforcement behaviour: + +- **`tx.restricted_headers_basic`** (id:900250) — headers that are always forbidden, regardless of paranoia level +- **`tx.restricted_headers_extended`** (id:900255) — headers that are forbidden at higher paranoia levels + +This split is itself a breaking change: if you customised `tx.restricted_headers` in CRS 3, you need to decide which of the two new variables your customisation belongs in. + +### New additions to the basic list + +Several headers were added to the basic list that were not restricted in CRS 3: + +| Header | Reason | +|---|---| +| `content-encoding` | WAF engines cannot inspect compressed bodies; blocking removes the bypass vector | +| `x-http-method-override`, `x-http-method`, `x-method-override` | Prevents HTTP method override attacks | +| `x-middleware-subrequest` | CVE-2025-29927 (Next.js middleware bypass) | +| `expect` | Prevents Expect-based HTTP desync attacks | + +All of these are blocked at PL1. If your application or any client sending requests to it uses these headers legitimately, you will see blocks immediately after the migration. + +### The extended list + +The default extended list contains `/accept-charset/`. This header is deprecated and can be used for response WAF bypass, but it still appears in some legitimate clients, so it is restricted at higher paranoia levels rather than universally. If you run at PL2 or above, check whether any of your clients send `Accept-Charset`. + +### Adding exclusions + +```apache +# Example: allow content-encoding on a specific upload endpoint +SecRule REQUEST_URI "@beginsWith /api/upload" \ + "id:1000,phase:1,pass,nolog,\ + ctl:ruleRemoveTargetById=920450;REQUEST_HEADERS:Content-Encoding" +``` + +`X-HTTP-Method-Override` in particular is used by JavaScript frameworks (Laravel, Rails, Symfony) — check your frontend if you use any of these. + +## New Variable: Method Override Parameter + +CRS 4 adds `tx.allow_method_override_parameter` (id:900210), which controls whether the `_method` query parameter used by many web frameworks for HTML form method override is allowed. By default this is blocked at PL2+. + +If your application uses a framework that relies on `_method=DELETE` or `_method=PATCH` in form submissions, set this to `1` or add a targeted exclusion. If you run at PL1 only, this is not triggered. + +## New Variable: Skip Response Analysis + +CRS 4 adds `tx.crs_skip_response_analysis` (id:900500). Response body analysis is enabled by default in CRS 4 (when `SecResponseBodyAccess On` is set in your engine config). A newly documented attack class — Request Filter Denial of Service (RFDoS) — can abuse response body inspection to exhaust WAF resources. Setting `tx.crs_skip_response_analysis=1` disables response inspection entirely. + +For migration, leave this at the default (response analysis enabled). Be aware of the trade-off if you are deploying in an environment where RFDoS is a concern. + +## HTTP Version Defaults + +CRS 3 tolerated HTTP/0.9 requests. CRS 4 does not — a new rule blocks HTTP/0.9 requests outright. If your infrastructure passes HTTP/0.9 internally (rare, but seen in legacy load balancers), you will see blocks. The fix is to either exclude the rule or update the infrastructure. + +## The SecCollectionTimeout Removal + +CRS 3 defined `SecCollectionTimeout` in `crs-setup.conf`. CRS 4 removed this setting from the core rule set because the core rules no longer work with collections directly. If you need a custom collection timeout, set it in your WAF's main configuration or in a plugin's configuration file. + +If your old `crs-setup.conf` includes a `SecCollectionTimeout` directive, remove it or move it to your global WAF configuration. + +## Migration Checklist + +Work through this list before reloading your WAF with CRS 4: + +- [ ] Start from `crs-setup.conf.example`, not from your CRS 3 file +- [ ] Re-apply paranoia level: `tx.paranoia_level` → `tx.blocking_paranoia_level` +- [ ] Consider `tx.detection_paranoia_level` if you want to trial a higher PL without scoring +- [ ] Re-apply `tx.inbound_anomaly_score_threshold` and `tx.outbound_anomaly_score_threshold` (names unchanged) +- [ ] Set `tx.reporting_level` appropriate for your log volume (default `4`) +- [ ] Leave `tx.early_blocking` commented out for initial migration (disabled by default) +- [ ] Decide on `tx.enable_default_collections` based on which plugins you will install +- [ ] Migrate `tx.restricted_headers` customisations to `tx.restricted_headers_basic` and/or `tx.restricted_headers_extended` +- [ ] Check for newly restricted basic headers in your application's requests (`content-encoding`, `x-http-method-override`, `expect`, etc.) +- [ ] Check for `accept-charset` in client requests if running at PL2+ +- [ ] Decide on `tx.allow_method_override_parameter` if your app uses `_method` form parameter at PL2+ +- [ ] Decide on `tx.crs_skip_response_analysis` if RFDoS is a concern in your environment +- [ ] Remove or migrate any `SecCollectionTimeout` directive from your old config +- [ ] Review the full `crs-setup.conf.example` for any new options not present in CRS 3 + +## What's Next + +[Part 3]({{< ref "blog/2026-04-13-migrating-from-crs-3-to-crs-4-part-3-plugins.md" >}}) covers the plugin architecture in depth — including the full mapping from CRS 3 application exclusion packages to CRS 4 plugins, and how to install them. + +*Felipe Zipitria, CRS Co-Lead* diff --git a/static/images/2026/04/pexels-antonio-batinic-2573434-4164418.jpg b/static/images/2026/04/pexels-antonio-batinic-2573434-4164418.jpg new file mode 100644 index 0000000000000000000000000000000000000000..5cd62ad20c3aebb14fab57c85c76a53adf993ffe GIT binary patch literal 91011 zcmbrl1ymf(_UPNV1PKy?OM+`4xCUo%Ng%kpyAC8Ffeq8 z1B3y>o9}JPp{bpBHcg?Qq>Rr2c-!I<(1|F)bfK&hs3=BXGy#e=| zM6W@Lik7JfTQ46!0Km{imws+%?`w&KznJ%b%KVF8{KIzc9(L$5|Fqf5&fV@G z?nm>-0DpTlV`-u}D!|!35Y4k_W_9y-cSiFcG*i0UTl)e4Hqk$FKYLpzG(ST#kF#Ci5exwT`p^H=0?7Z-Ei+olqJk2lqI^R9X!ZX){ckh>UFv@i|Mcy@N+9(9 zr_V5`#{MJwPu>5>Jc|H8`~t0;&;OCxWC1|y2LPa6{*R3H3jmP52Y?pnfBhe-f5wZG zpP!ecfIwhiAiuM{E&o3X{df9*E%5J>|7-ZK^YQ<4zJKeES;^kP+TYEO`5&d)db)Y~ z`!M@@S=-t(^Zh>u@&9qf|7zBMwS!mR-of6--UEFqL-Z(f_HaaZw}+jxpR=b2v$Mzl zs)zp%tNm9S{=t8ZYcx=l`~@g2`GJQ}N&xF<48W#%0AQKrqjNC+-EW!%hQL2po)HuL zU*jIl==}fL|KE0)iRho0zRr%!|A-a!UozYJ`vm;M=xgGi9S%SUkOGtd4ZsLI1vmjd zKnM^6q<|NIGN2CV051V!zyh!ZoB(&g2M7ehfVV&t5DR<;(tvEB04M<}fm)yeXa%}} zK41_S1tx(xUpk33^oiN3?U403|S0i3{4Du3}Xx{ z3`YzP41bI;j7W@FjAV>#j6#e`jCzcAj6Mtq#uUa9#srQra7h~rZ;8?=6lQp%uLK8%xcUQ%s$Lf%sI^8mu%)oouwP-@VtZqU zW5;1XeU1OFXM1m564gx5_ zHo*-c86gLu4B<;c7s9uMnS`~31B9!DhzAcIJb57TK<|O`gEtQ{AAEZ-{9xn3H4!-x zH<2Qd8IeCx0#P~9ccLXC1Tir&JMjx*6JkH&1ma5KpTuj#e@G}u_(?z{b|eubIV3G4 z(+dqzZT>E(X@f9^4^$Tiy z>QB^l)N|A*8fF@08dsVmnpT=$wAi%Vw0g9GwE46Hw1;$*bW(J-bf4%N=$7d*>AC6k z=|ky@>Bs0V7#JB;8N3*>7=AJwGEy~ap!PDc`$iId7OFjc&2!9cqMo}c#C)!_=x!A`2zT=_%`^d_%-?8@wf6H3$O~9 z2qXy%3H*H~^33g7$+HzfazS;$cY+;)=R({n3Y(r*n&8vxUP7d_^%dyB=%N5COzIgh=?nT)PxICA< zi+r{GvBEP2ABARxD@92~u;OY*il~OFepka$ z(@;xNTL3YDY(bTvQ*|+QuzJ4+k%oarw#KF=x2BI~hZd%mx>kzTsy3UphjyzDpaarL z(fOszq3f;NsfVkltCyp$E3Y_T`M>&MNNQ+iSZR1= zq-2zA^!v5IYw+t)V_IWp<2DmK6GM|SlM7R2(=^jkAu@O|H$Ut)gv)?Sb73yHvY9dl~y=d$@y)L$brJql{yU z%E(iTb(<;yOn#p2f2rY9U%Gy5J-BN9T_dG0$VNV*Y-z`!o{!EH*v%HqJI~BwjE+ zGyXooAz>m>G%^1(?q`qB^GR|^70G1DA<3{5t(2Bj=G0HA$TZ6|NV;%(K?Y%lf5z`j z&CIqe)~wH2x7kkFb2$n*b-DDpF}YWHc6rnJFY;>(7z$zwP+y$CEEcL3wiK}!r5EEC z2Nds=7?uo`ikDWF(U!%Q-IaTk|E|!l=&uy3to%yNkbU*4&>>=!V-*ev^(tGjU>-%A!V;}5?<&Tx0uYb<=>-A3zXbcPwsto=d zk{{|FmKpAXNJ832#7A03MMqo4M8=xOMaG*aL?>FHV$ilpiOG&B>8YM+x#_+crJ2E5 z(Cp}(_T1F`tNFzRvxVP_c8j}9ZcAs&0n0ZlZ&qIG%@vp}>|o1x>vsG74)IPpoC#jJE416Sr?NM>Z@RyI;B|0w7Gqk=+5LGOf(B8J6h{8I(7jl@bicg0`t*n9PsO$P^$^Mk1-}Wr#kFzSlBqYc=yWy5f%o3`4HR82?XPG=y*Is3{ zcHmHz0@&{ob8IL5IISu{VE3Ri z3%Zrdq+`?>avlBP*o^cLye<{jL)zy}pOlGd&vgKo==})!y8E!Lv%JcHG=DVci zyef8ab~UY-FS!;<2)ldSQmSkOpCBp}F}BI9B`SjLCF-oE zoX+x`>Vsra+Yc3W<=Gw+bC9rPZo;&LRtg$EyxY8f7yqs%o9|Uvqjn=#ozW-z%(bxO z>qJ+b2TS&?dVK4(Jla#AsvJA}MXBP*nuxI7sahVEWD;XNlK$*i#V*|sVo{gi>qQtSHiHU24l><2&4S06hAFx*MHJxS7B~{9nC41c> zt!Juj%(S$hQ3x1opyi^s>ay!OBo=o2_7f|GU`rH50|g;{HOM5l#5M)W=vc7kk}+on zfu^VoMY)1_=8FXwI}h)H{N@C6{+!0nEmQ4!Bzxnj^E}FI@4Wvq#2y+C`pEm)MgJ%D zXo7Ft^Hh=78$>B;Bjgo!Zv<(oUz9$CU~42}z7paR7smdrM&7`gtwdZX`i}1hpsrqK zjxd`HGgs91jSCDDn!TfwX>oU*=|y@NflZLq!+ndgjge|#n}iAAoCg-z+=BVt!zIT(!b6B&Usk|%hr zeZ0xRvn?Ux$K?gDx~E=Gw$CqgXwpdC6^?E%-Z{D4*6gB2acdr=fT0tvGoT%b4MDH=RNw`wx4U~A$6aDaT0T2>SBdMZ68?W{+&&H51S06bDKfozdoED; z^`dpE4<97yVA^A?H|1jrB87@2SHt0t2+%#x` z<-<-B$Tow%Qh8H|y~NFMoXs{$)3}{NkA};sSbPLxOE9RfTsGPNCcA0)X%dJkPgo@< zc3dxe7Sy$twOf4{;u!e#XI=flw)v>+dDTJAH|{|d_q7hG2BfZU=`#Jzh+kxuO>KN_ zap~&(JH3JBWglYom$OX(Zsq_N@aW4oNP_qNXtcghOl5s}q&-D?(BRULPdvsaL5S}@)A*E4O%uillJ}T>f|ub0cAPhq##XqnZ)CBO)2>(x zTYT${iWdGjx3~TTYh_6Z8x3}sbqh6tz2 zFdoz3QQw6NId+_zb9KejtfY%!7gc9dXTM?vy^dj5FpLLLLuhTjX;#PUN!!@HP4liF zRL0CoGN#Xj(QL#%d7|(Gq`^i|ZTmT$pG}JlBqa1cjoE98I4)Tl=mo^7%f~Rb24<%2k5#f0ncX+!_6_(kzD^Bc1YO5xo zzW2#xn*BTWVcO;(oaxJvS|VhFOuk{*4w#wkgz3a7nKm|=2kc-6`Cnf zODbvB_55{em6X-?PJkC*b8_*c_#XLJ$+aXjdKhz&3$RfUgh7->TFuRE0zB*YtvVIe z8SjCIyVS+XaTsrj zdPt6|rp#>*TgS`PmO&Qkw2I7wjn;2EzC`5SZrKU(veMh(+rBTUuu<{0v&$q=awK@8 zl_|<8N?fE(Qo=X5)Xf`<5t4{ks~Mx}l1V7W1k+ zW>WIU;ee5+*waLhzTnX)I#txG&$xYggk8j3V-TC7ePWza@Ow|zRbo(TqTY2oW%Z?x zDOg!frgiRRyM?1Y-HaEK^6-j&Uhnqtokh9e>GFQojPnSVUik}Q3TEdxR%T8*O4w(l z{Xm{IE9A(3B_QmN81=DhJ@R^|kLpH@)*Y(37na}4&->mX%lma}yk~S(U0`$?gX2UJpFSI&^gZTGd$kA<7e9pLf>hJ zIkITPY*Lk3VXTt|aYc4cN@HIOlZDT1oy9e{t4OOP8BNR_DYRg=AcxI8={&fe=?&UfSHTw{vugv(r$>^U~r@G&14LV;**R* z`210at!U>|<-E6Z>#MFM4-v+(lO;aO(!ADA`Td%Hqy&E;4flpKQs2r{xWiMVhp-kg zo>P-P;%m~{?C{mpI6Jy6d9So1*_o{~HJi)R!HMB*+TLr9SDQb#Yn0A63kNmYI`umO z>US56FIJ#jb<6v?$dahLoIFu@nctd@P6~mFitAyQYZX{0YZXl28-ZdPT}!hys0>EV zbmxpif4-dZo|{P0ue!bmUOCoSHf7yi&P4mI*`NQl)LZvGE=P9XV#?MDY~KSyYOG}3 z+RQtp__Vx91cNSpg7&;Nc0q6#Uw-fHcga3O4}4S%;yj-`$u)H0HXg9o6v{Q^)&2g0 ze1zO91z(fz{qjfY&$yfTNr}AF-{W+izARy(Db@c-PJ^jyT*AyQjJwWH1LqF!t}Qjt z2v60AMGWgUSo-Gfm~*zn_iqx`Y`1$28@n|FgeIEL7d4C*wiZGDh%1P+z}mrpfLZnV z=qzmP4&#%tBHi#yPy;!wqGkPpbJ0M?1JH*~({-Umvx^80fj}ujBrIe#w9dtHbH-$4fR?ThZoCiM;v1LcW z-Y@WL9{BgFCM0YK$kl+T$gNof+qyFOSk=Xzr%NbmtCz&my~!fa`xXVVPtcFop=WQ1 z^ywonDVGrB`l0WQt*)f}gj}DJHeD|>mQjK7%gba})^h5tN35B-X2OJQ#D@IHXj)oTJf>oa6MV zmCZbKacON$Ni>{OcDbx-@+ydt5bFz!2^sbFdTf3>CQ@@l{q0Rqz19`d4m^jY^$aT{kTmlY&-lh{s1hjXo|} zhgPUd--rgnT*j*=JW5TLEbhbeY51FQ(I=rNyi~kKTAw+1ea7fbFcqom^|PXaZQACI z%Q({5DTJ#Ly&4(gq^=!jeD4~6+#$4l7u)9OY?^hP#x+|?{Hb@Fv*Er=KJBA((p_J< z7BZfI=2;-pLw3=$x!taiG4HvN@~U%Ks94qW?&@a#mh+j8mFzdG*+ve#)3~Qo#X(L* zIfxfjm|axV3q`NgS9?`wLW)`!YLV01tBbm*qm;y-zrzzs zP1eg}8Jb{-lXV$?6M?#cQLX+Sfwh_LpRHOlqgpiG!$#%3NtOXL#-@hR?ly)|Y0gV| zY2(c&{3R>{q$pVNd%H zSmI}A6%+`>+gRV0Va4b}Vg>ggiJZ)!&=xS3@piPOue6M@D}SWY{9s>UV<5b0s9|VE z_UUqC*i8Y+dhqPEXt>&UM7!6Lu&9hrFJh&a^D5{n=;8rnfBC1mv`%4j&yAP>T%^ih%MdEq{ zyf#{iAV>YE5kcI_=1vRt@iDkk1*)xWwS=7vO$V*d-vjJ{+i&g7|CTu7YQKJ&1;a6> zWM>^v*Bc{HRM8fSDPhC&e?oyx^QKteohX(XJ6R}|&I!LvDNPF->xB}l@`x~zOA4hb z$n-QAg>ppY>~vMDIM)7{GHwhJjAT^v+euB;aj#r)-Z&4ro$QmhuQ9$D zSs#(CB~zlz41WVpB#)A<_UtkODo80N;em&bG_WXdiyybt>^kp9v@Mb6T@D;>iCL31`3-<%tV?|9`zh^4!#aaZc4c18q0 zY{A|RG7{cfrJOMi`?*XD-m43H~D{ntrot3^H1(=>WkW?FL`&JViu zJqAw7X^~ZJU$EhumJ0cQfHN45im4>r~0CKGr$>8@L!$TMQY!qXSAQ{JPvD|m2)g`a#gem7Ras5D4yDz z8K1qb%a=JRIcr~EkqOZWISQY+2YBA`3L@@;V`k~rv_qcmeJU^CIdcM^oC`=Ju4b+? zQjP~P7AX3+R6vT1Tn=1LDK`4)x~$VekylG97I?5&{;U^lg&w?jm%oMcFri9dm-^wQAY~DO|iW*XLR_c4pl0#(* zHi*T|YHi$?)V`k6PB8BC5BM|~NCl~hS}ufZy2j8pNiVOc^455$YU_@rfdfJiS`iwI?JaOQ+zqw5kPLvn5pL zLbx0gqEkEaC|K$!;#*kGsm!{vkL;)_483SO`63R@NNxIMniO)a(KB-uAvI?(T;P|S`y}NrL`fR89ls@FEVQ#jzrSBeT zR;ax|Z*=cWOTI zk{*0?F9xx2Xq{#r0pwali#~Nc!t`paxjyxxHrat&GmKU282XujZ5+ezKKI4EAj^SI58mn|>5slP+K7RAU` z_qr?Bc?-BT2G;j}twXq=)uytcVm_Rs3()$Z1SY8|q_SyJip+7{XmQuY3F$LP517n`km(7WE8zQ`&|!5Iyw2qQsa?c7aedS5 zM(5!?4T}`>4|+Qo1tF{E5EmDDj+qWCcKIW=hnl!UWLjS}l?L*F*R$_qX$N0e`W$Po zHW`cg)={tALg>w?KtWbK3)1 zV4(yJ{9(5J#g$_xM~%~R!Nkr19_;xU+nS|7xcN}VV`6nak?bM!2DA|dIXv^l*YCW* z`hr9|Hh)DXhP2h!6&(5waktOb%rXA?@!_X$T#-Zjj0d=0Y)Q_i{NjwfORQGW{4}!F7=8wrv!6 zK7)Z;`oyte{!nVOn?^Ni+GXrgeLK2(I_NH3^CgUTZZh~DP~7_&IvfILx$yFNcN%Ih zuGuzw)N~K1FsC4n)#bA{^joe5I1OM;4Xlv{83!Xw&-T~pz^bH?#v4a1a0aOlp}}|Z zXVHPzIZcTRa!&(lL${ceU-E~8eJt)Ebz#r>5+&DdOI3?}R$8l?tBS)G+OF5S?|$ZP zpR9DcT+3F$Z7ZFs=nsy9d&Yj>0}`-1)v@TH-}AwUS{X}K-IME;0$bRecCYLopF0PX zg*&6UoEZ2zvSqBVj;`e>UrI{vfG_A2k~o%ZEp9Ndq!S4dTv@Og+V8;1QOwj zh>IZ>umEMUHO&Ba+UznOZZzizExiipopsshBuBMgj^I+S$W%>YDJL6ZzV8o`3vt;=~eSJVbyf~QF5S;0w`HJY%Vpnpq_<7S0 zMAW0qR%{tvGl6HB(ISHqWZ}K+?SmjkpO3_HCc(wcbFNPqLxk_hujg-+p|9b5$FJbF zwFjW$uniF!vkmKY1|oqpG2&phM5_%pJRb68kCXH-A<}=42|{yT%eJ;9u-BoEvhFWB zuU&TX#}n%8%cB*W=jiuy{7TOoY$pb>D85*M)HJPTa5HBpo#XW7g_&^ygw0rpkn(<| z3dp|QFeIS9{LHd>8H#iI+I6*qh;8|%%i{RDR>3u4vL9+ww-_>VRWP^x-8-nR#5W;j z0eZa6V48|*|D^HrKxlK!)a5aEpqq`0nIxNVevY}t%nIeKM#2mO@3-+Rx6;+UUt10u zY3c@ob`gp`b5eZiDbS_xx?M@=+zmbH7eqm!M6hhY0c90qD@4rPw%9RxIBI5e=h{?2 zZhj8>0V(Tksb-0ofk8QbU69J@BsWF)=z_a?bdLf(v`|d(7mkCpI%QISJ)>P^Yu7B~ zs8N64?Mj6e{Nj%gK1YD*&Ia8LWtWf~(0jn@ujhqy`HKDdZDQ;G{4wtuXtcWL7`zMj z-{^)Go?e9Yy|}6EzWOUR5PP(qEqgTqw=}-Zu|GJKZTanAP~3eFq;Ap{R3UtNg`ED@ zoz)|DBKMnP#}LS)$er7aY82DT%&wQGYB<~gYW?MoV$^r*I%BAMA?)O!(+m|?)tl$O zZ+b_m#x{x*I$E_e%faJZF+=xanE(*YRKs}J^qs~^2zxS<5JZj)M&ws=II~ta`;jQO z&WB7C=LRncBN9Y&9=jf%-Gn-H(x@gxW$k|3<(0AbMX!E0hjs8~f)jO)cAz7u0zRZ2 z-o{0B+j(hEo_9G)Fg`Y_e>IfvQLJ2;0ec3qXqtvBlZwA{xmjg+g0FW01HN^{mmU+8 ze!-A!fyGHn7_!?CzAWpQwl{Th4@h^`URZ9847b-ZiS3bEj!pgP)j5*W>5mp$L3t)< z%g7FI)2qm-Mo-Zbm^g@92hIJtv++flk}@Pnf(cx&9rfS`$Q@aXiN8b88=W0)T!C)HTaDZZ+c5u& z-nrYntI=VJb-A%+l+IZDy6-`E0hCrNOs7&CtEwL*_n36%q#$^6$xmV-3_jZ%e(kgE z`x9+hSG_ECAS^lRd6%=-9NL`kYq5WUNceN~D9k-FhyL}l)2cCx;J4-xe(GsVyJWv* z+>|%k^mdhS1d3GiY$BUAq$Pi}_Dmt|R$D&NwPJ89s?*Xjc41u-zcK1F+r=W!JmXSb zFyi-?)lPxVj*L`mx>;xW`QODPnxJmisaP&ow32_FGQ-*+6&FhfR33jS@i(T*4rLf4 z3=K`(Ckl7rT($*_F)+Ja#}r7%?2hfwnoL-z7j>v~c!J%B;$&7wle+5;z2Xd}s$9(y z>jd|Cks>3lK*r|sv=DKa5VIG7ii}ZfL0W<0sYiIk10@tOwu-9H-sVQR?`GwWkj*v{ ze@sF56=xAaA;Z^7hSSx(QhNWCxIDTT3Ox{u1kGb-&a`>y3rh}d!;kuEy*I%pJuAo1 zf{?%*+&a*<$+#4_5MDNwCrT*7Lz(*aeYHN?Dy3GAMBmHUE1apZ#-n9=vXtM$ggcP3 zmH~V53FSD>JhHm*S?|0YPotcfl}E@#*=07*qP{Qd$brD|Jp@eMMHiLGyPtQv*q))e z)9sZRbmu8oFq!@p+*7#1t!F02`YS(2B%p6aggH#KEG=LL3cTC)B?+US_DW^2O!ZG#^L#9_y9%!bDV?E83-G=)8ywA%s@PNh zan@!HZC#dGcbj7^;Ah?|iV_mMa4%ko|n5%SoT5MN2S%1S=D^lSC~ z{BE!2Xdy!*y~BdhtFgAe7EV5Rqb!<|6l$+iKm%1?J8P7YjhgcIA2mOCHK=*8M?&yb zM*8lrv}z+XrPE8o6@J(gbDcUbo4I^jf(l!&>am~Az5AQ^^{=J{Y3o$*24j6$hc8A^ ztP6Yp=A61vl8Qpy!?;ZqEgm+qfp*Ek2-3!>QBhCI3X7;HdbO~AQJ@VX+rn>pt^WT9$&w@O(O zrhD{;i9xx@)wXNeQ);uU#Jff~YSgqT!_%<&)g5G@VtfyiK%?_Rd454`AkoEV!6 zB&YYZS5~KUsk^{-2WRs6x`5DBe3|6niU&B#RCnsK`cuFPGi^y~ankhqrvxWYx27aR%7Nc76Ys6;=d zyjb>0)|QWY^DNaIP*lVaESZHyO6=!L7f0B6*oc-?0xKYphCQ~OkKZ_dsILpl)yc=d7jKA-r`6)h)9 zHvd3xd#=3Ld2e;x$@4E?_=>sQJ4jCPxazmT8Ph)5^xJy?-Vl~_!89698dDdSSozzF z9MW%i24Q>rh}M~%{0FGS6h9t|l{v}g3@IRI@lt%aZ7WRoWzMGN^c)^a+_59C)nL4k3fOjE)bn8SAt_vc_4j#kTh z4IINcgQE-rekr9=hlM5B#pO6y!h6*uwaT+{)ePmja);-}#WCcLvDaYacGswrTR5bj z&mzPr(qZ5}$KSQ;$Zs<6ESug}3rsrD6Mr3eb`R*3AQ;CF|0V{pAW3s}!qy(lbzD7I zb2AIv({h!Qkt+nZt&eA{)s1(rp#&o9d`JW~Fca=wd4?AO?0y?kewTl~RbYtKxZsU5;zS58Oo=sUa$q z%ed^KZ`&HQg^EBGeRLRY^=RstZX3z2f~9IyjD}#2CSz%4o3^uoTVJdA2X1@33YpQfM@oKb%75A;?1YYaB*)a zpH@)OG!x3TK5mN5Lv_MQOJrSdqv!VgtKcMm(|Vh)*U1w{|E$}D&1K+rtnt#{0|wOr zqeesvzEFkh)|!_+(bFBbH**p)NR#lzKU7D5)|ga%|5`8ob!>s0vo&O0+=kZ`$-1H_ zuEHlwHM^!{bw25)oZjxLC2wZ?2rmyl#|ORPG9gOld&l}wB8{w~ux+HTC=-kFZ5dzy z(ArWKj_}6}#A&)y4!-z~J;+Rp3;bYh{5{c=rPN?Bu&Yt0R)~!ET{3K)t7)6>w625K zSBkX9!PcDLATqNL|9R$EERs1Q&HEmdQhzo9*+&>~wG#SGr|Jk4h2H~s-D1reT1Gu8 z{F2Ew$LE`nbx9fpGu~MmzMa?zH{q2$IZfMKA@7x^+?OYQQu%GQ)aO2n4zYr%HmxrH z9a#(fcI_u*pFjU{<~JQzr(Tyq-L|bYNzlYD?X+DC@ak_D!ngxnFu#EBF$1xAOsYwU_?H z4DIom{m|}2R_RauR93e@+W6M6`9hJwH;o)iZ3_+;*PP8#<~lM@%7VLbe_A%w3|Pz< z9gP=y?{PMHY_qN8$HYd1#0N`l>t0ulm!rd>-jIakI;ae}eq9O}_lHS%ctM2Y;?NN^ z^CJTalNjwR>PP0w9E*H}+%M&cC0tmpI9waogn%L5sBXViH?eXwP+SLrfI$L7k~ z=rQs-C@o?yoTm0s8qMuVs8ifpcmm2c6SntF+mW#}b6eE_vA{YVKr1<$Y3p99^+sLD za3-l~uZg%4{c;J~cR=|DaAGPS&qX%<NC9guCD-KWi+B>@xsa5y0eV~pE- z@3oTbFymUe5;$%z@}rWqCt-ZxMzwATx^LLgB1(h^Aug+PtZb<=;bHLFoS>to`!m9D zR;CG?Ol6f~bAdW^8aK@OjZKF&_0w4f=FH7Jx=aXF82*-umwwyq+$9WlzEVV!&0 zTN4gC>3xc9=?#?Fix8`BFPA?<{!*CQUOO8kp5VQ66Bl#(EmN*|eX^@l5T5a4dv6H6 z&MHZMnlsmElejS!?$@k%Tuu=NkNLdn7YA#mn&$W6!YSeu*57jWx z4^~R82=%PKV~|55CqrmCFRt117*B>&@>;2`g)(bFQ z;b8ez4)kOjn9uaMPS4crqD{j!UZc;5Pqcufg3F<-gqX5#MEKAr?zeXuF_x9^GXMii z)A^kf+b$x6)R_G3j^ndBJgj7YGRAXRNS?*wl*1c&5siMwPzE0gQet8e>wa3t(#5z zE_z>palW&V=Kb)3kX8y};dRU| ziWE`gUo_o;{x{EXzp#A4ePWR)_XSy~mqA|~TtAHxkf|-AJrHEhqf*oSbq$uaKp4&- zcD<8YuKvjUIy2XVebKknafZp{ENyOg5MM?o>c+KQiAlzH=XYHG?QIkGoqa#b-{@R@ z6mJ)qkoyw7I8X0M?%lo&HlQ!1Kj0TsP8q15zl6Rcly)5lJlT1`<`m6d>jl%X$n>&; zI>YmfY2J0;liMn$uP$9Z5ttd%lvyM3iM!cUe>2D>`DHEX^6d_dhRSz%!43WE6Rx}Y z#=-jaOZL!FQ!#3|jKRfq`G;OV*2lv_`+-X`pRuxwX0D>6&RD;D<7Nu?J)?Lb ztTD5VtPRK(Fe;ew^=xxF3KMF5sBhGzXET!)0GbTb=DwE&IVQ>wP zsLgYj8hU<-0z3XxH$fuBXW433qjyOn?6wh=V2y$c#{A<)%LlC)I-96hYun1k023+Qr_W>_BUsstt?mY65 zI=L&=cgkujMRnb5J_vQpbbv^FuNi!H3+*Cmhbq9&YOSHgm^qrXUeAiq5!3y-cI=eP zwz%v7j_@#rA~sRH&J-M}k*$}O`0IC$3<(r+7npYsD4U%A3Q7)Mh9q(y-^#9&h8?`w zs1$$hyMK-f-Ra4KPY!r?HhT9!k57Hf*$=dKkSsmsR0vS#bcoDaiWmNQ0|lRn)=q5G zSt-9HdluaX*^L>II~EkTXa+W8l~#I2!)PM9MlWg zi1jH}bQ$!^g;5X1dG}*W^R?)NJN=xNoz>Pk@hj6QzphUM>#{}%1?B?Ba?w)PFWEyS zlr^2Xu^warRx`N}}C4Juln{UY+vIt$6zuP1iD&@q=6U%=T9WGJ=eX$+6+gW!! znP~srZLLmp+*qq>x&P`qIIdv>KCNIyLQUDfuYg`5L$Is_pV_GNsX>Td%m7Xq#n3!3 zffQ+Av{jzu(WqMpJh15Zq^U|=aY76I4c`Z;bgJ1!=xxyhTMB z|7|IaPVKW{As6N;o|hlhuuHwO1-Hn_eP=mV6~otlBCE z8J^-(2CSv=Zu95i7ijy(qA~atmR4yfUkG;y`e_{6+~J|X%@Y)CBC_g>qZZzK7e#~t zWX{-N78FDGo;`n0LdDb>USP80IH$oi+# zlbnR!Vaa=-_vf%ks7zqWEPFdLfbb$V7~$M1>FV$_&&J=Q_H|WvJ!~{?qrI?^E>CE0 zPJgHX3P~Z62Nf9~$rQW{7C9epXhnKB64je@)D>6?xrCbI6@TV$327YJK;l7>g<|WR zYRNuoYB4F)!fJYClJsVUG}uX4k-r$G1cGwIc2_==WU_m>|WEu{98Zrufue5ma z;#B+MCyH2N1|$VL3$nqO$G>SOB$w6CE`X1*U#1ohGdnvlDh7 ztxZgkMV(m57;bdcXoJIn|J1U7ysG5hY)T$Jd=B-@QB3kEp{^&)U6z*KxZ4|yDDest zUiNQ3=t`*xy`_(|JU+da!6X6aeQLK|J$DJ{r~=Y??TM0?4_efrZX0nK3=|)w^4MqQ zjp`dy!F{MY5U39rlDl+@uk>K;$fF`-KIAMiDS&%W>aty73*)zotxKCp9pJ<CN)hnWYJD3BPnuD&?`TrQ8}woOp>+QvGGSua<)%}|XuCXreF zA*2%1#Tn+4PRe3O%Tmr|HDFEi{$+0Q3oQH*?2lubFJ?>eC*Dh76ta`~yd0voc@&vw zS(e1^*>fD4Fp=^pW^b-x+IN12g3<4L8L(IwSp=G5#j+!obeD9(C@02uVtK1zEvHj3 zX-}pzvvXNmY`foikilPj#pv#@=q)&T5e(+)m^%_Nf4*rw>f&5`Nj|impNGfLvg{E8 z<=kIa{5jZV(JK%=&n3P0`k=GB3k8jM`}9fB6kwWXxT1Fwrw|V2Dz!b5Hu8n9&xRRP zzYdoxR}Hu}*zdB19L{(OF2s9qq5VPr8;A*54w!VId{AIv^Cnzgl{5OIhco3_XK7j= z8?~mk-V-q{@pKaGX&?LvVoE!8ta^1`7q5w&SS5%lf%tIL@LRWByN|4FY@DSu>?B1b z^r}w6?C)maowd2`=ez0_##{T06zRLDJa=bug0jtxwr}Vck3Q$AX?{ir)Ti3($3Dcw z?jr(lv#Yai|K|7riJldgkU0oBkKjlJ!(z6C*twkxI`^4abWeUCH8 zzLosK@*&$8`^c|86Qw8Dx2~gm=YPNzi~-sb+=54pa_rZiP|=oPOTnIt0q_-j`%u9L z@d;&8Z8rVbM2nqPUeGa;FYwYMlriMnQhSd<(Ts?9xnRJEcQzL+xincwVo(yC{Hp=#yjhS`( z`zIT492GBg??T5{%i#?x#6)hw7TrYp($}|tR;)@=-p@2S7rV%_4zTtO%;uW3tcYc61xoTHoD1@%Sap56sg)wE)M?kK;H8v{`ZKS8!1Gxgjzm@q0xOO)Raf|KQm}$kTi;AAS#dvjK7-3oPC`$P_WQ=RLn~ z_NVr7K#zAXHw!ldOY}3%{t9t5THFP)6j~Kcy?Z6Zv2Z5hbf_C9QjOU$ZWEqruEs+e z{?^I9Xk8U!nq@w>r( zuowoA_`u}pEFUw=R*){Lb&orhiesom4MZT4ij7-OnAXN5j!n9&+`9BdB4V#?%4X$i z*zax8T!PWpmKo2ACQUIa;535W7_~lTPupDMMR=T|CWC;kLOc$Ep|@k~u7 zB6;Bjj}k7me&K~e>cG9~iFOxsK2apfk13h>ctE7iotH%x<@oX*)%JGBGR9-z)2n%k znCb#&Gl*s`CT&a#?>xsXaOa!D&nU(&7|K?B{(g!4S_{wcw>}45Z-&T(Dd0ta2N}AZ z)3`x2ey3*ewpFNh9A5`o#O)3EpG6uJmw4sn1CAr5e@3F~2?T+i-^TILRQF+SSS~h8 zrLLC#I*SLrNi-2i_|c2ux^$ijVyM%&4$ipaIyQ4oG;YEaxM!${NhKGX1L*olH7G;) zXMC4rAi$rwT#OLZ8e%}9K!QVuZz)rBRQpJhA3o5;rwrf16k#OlI59U`xRp@oonoC> z7`yRXHohW#j}1QYzVOx-gPz#zoSMB1XyyO7?j?8-JEY8>T5WG+PXZFG?vBf0Lh0*o zVvrI%!|0y8C#Rh=)5gpa`3t-&>Gm<<+Cw&fB2ZFouB>s+;yr)uSZ%QfayMVNm@mM4 zFopL=?9%$#wmEsnH7gZ+Si*Et znBlBRC@Mu29c>ZuRM9y`Dz=S7oFO2vGb_V)n{31Iq6c0Hf~-_SF}YAxrQCWg$}k;G zz3iyE^0!f_54sx6098-KR?NuB8duE7*2758v{wCPbT**bLi0uAcHt+_oz)|UqqW#F z$tTG72`jq&X4~fi5R&yPjfR0QEcN3H!@Mj4?tB0nr2`j@auXpTV>>78d8nkI28(l! zUrl*6p;zbq@!_|3nLl=6X<=*uaxdSl*-vP;Py1!+c<%MHG%ZxoQ5@Z@@+W#CFV_g4 zPf&@PqTr0B{;RUH^U+U1ADY7lW1|X#nuqnp6%Tz>guDapEl(*W4K+8CR z)8D8EkK{#Y-}KpHQfiXiV}RZBN^%pA^vxhNd?rM$Q|*lvMFRU%Fo-177?&4$H;wrs z@_l0;h0qzM|0hNS1cyHExy~rDGGk4E;6v|N0TEhxnDHa|93I9GDgx;Y)sqjcdPNGR zLW%G1@v!77z!;Jlik^wTVMqZsZG#8_BJ#ll%=`BqU;$gSF&+TtQQdohNkmM-Ac#fC z2qM*aM#dz>EFiC7CCtJqq6h|dYy;c5G45gAe{Nh&662|bS{h4f;78gUv(v@Tx4bc5 z%z~&TBv%VpN(!IF+ZUhsSkT9g=x&(dCwl$GNT*APma_(*edR3HeK??z=*G;k;UdaY z!q~(!-T~qywa`z9*who}6z2<(8(gZdo^uh&W`?n|h9K>TT{tg5wx&)N6SQ#$TbwJY z_M@eUEa5l}k^95`krS3eY!#^^H+CL!sYF!l$Bin-7P4PN%A3iHytR%x-pf?i8&@0R zVTGYhT(DyN{tT@MR>az{fm?(;H7yPX4H)Idve&q5b%)fM7Dbdsm9{QIj&|q}A2)U* zR`8X!Waw&O3dd4l@*iA z0srFi>QJPt2_4ff&PEp2Z0<>2BGR+jQdT7>z6V$k^#q8S53Jq3)cY`9vGf;XJQ5P4 zvgcH3`#!WN=b+D!8*`)nWFrd(h!8g*e(vM(6mqGfby`wXAl{-_M}pNy`e!PRUwZ9+ z{=s6ld|0n1s;I{06~d%+voK)g^!>tfn)+66;vJg#Ag5${+4( z!Z|;?dK4kW-BA5bw6N}z8C4}T$+UbJH+8T|D{)@4B zY7#33p!lVck?%_*-*2#M*c>-mShrQvTz0qkt-ftGSn$BTzX|GgzcIq9Zj8LY1ayFWa>WMxmpIQ|U*udG0X6(rT3;%c z{)q#MD2dL?#Jb8_J|Pjw-;)mNeX-It?6Z?{vhsf6qq%LPUG|uBjgk_OI$>%SFo)FxJ zOTSi@pcr)3?6`fI*a)ab3+Pl?>D**7{nmHgoNI*i0Fm69h_ctf)3l0id1Adp3*(RL zonouZ6pQ z@xNl~$Vm1sj&%7KeSb?Aj@2c9U_G%JgQbTmy(?bR@tch6dXG-Z!Uyn zGt#o4n`}qfW&+R!vrCxWV7qsdb}(KAY{93KR39#9l*0{W1&>9$56phq za$IyDJsurnmimhk_h(r7U8LUl#?**sd-*Tqt!h_z&cv4gpZzVfPm_)@BnP0D%|9`}`!AR@c`q}Q~ona`XsOaZc`zz=BMG_4Ut4AFK zOe6~+hFty)Q0=H@y<*g|an@H+@yedT%K%+oDyapSHQ?Lfed(BWzHh7PtoHBVeK!Va zTGiPB9U0J*Ay2(sOhdnQ^*^b(WqunvB3)cKz*zVnr-EN+_m&4{Jwk41XK!e?4s8sK$tx64C(wX*cMUE``l#M1#j<(!|1AJk ze{mCg@)j>F-1QM5Cc8Vq^Jl8thtIKAyXemqR(c1TR6^1VqawZv|5_w!V~!te6j^pu zLqA(zomd>N-W#DX^bO^54uT-#2Wl%56u9L6><_HT*{e=5U400}SN&=t%Z4ZCsgdu( zwDbfNaENq?(_d?scOenU&i=;A%}`3}QBr(qbW_bzS33f~C05Y^RqYUXuvlBj?=7IT8#lh41cKB$+XfD!^fS zNqrjn=U92w(Q&mWLwi3~-~PqW)RS%IT}<(a*t~xE!}m_$fWv99y93D`MnvFa|9SWi zSpJI|VBGnK!CaCszbi)+W)#v^uTl72$}dvXTJyCzh}{Sf9m$M20Cu|wy^rF%cx2C; z|Gn_;J&myHg@0qC3-JsvLOS!z70u|(kUCuT4Qo|ML~1qqX7Qlx)tQV~Q>xlgb6U0U z7x%}PZuoFR@7yymP${ozfAcq7ltIj??X!$$O-Z%`g7g)uxx?6uSB{|mh*wg+FG65t z{7oj~Zmm4eEAnoa4`+ov@_j8rlJH2!O-YGJIjO54T4FF%6+_nz8LO+fJM*R}CjXnT zjlFP7H8 z?JvdE_)5@eBK%SPbPPP2Au6rM4i-`&2qn9i`VJ*kxae~8>A&m zd%yVupWj(4p5eB4C&K)UgR)ab@Polefy&}xor}C58c-U(Y`#fd^tJ(cUf~R_uU|ru zq*^p%K-8P{bPfBO_*}dz`@a}hG?xoYTdD>o>|{zjKa9{*Qs(-74q&mr7$Ri%n(BP1 zP7&>;rb208{Zw<=SKszhaEHqs&&P`zIGEvjper|U_Sl`#g}8e&K-UH!|%(4l- zEgvBqn_){+H{wa;4LsqWb^fwPCK0%oBct(yeNV&@v2r~-^jvwdnRwswRH!!Qu(hoTF(A{>Ii{0#s?+hNn zdKX8I8)20TeU#i0B+8As-t<~_KqD5BI$Zq4<;9-^ckM6N>=2G{9}-H!g^NUu3O`2A zplX)g@ce5Gs;4{C7DaSSOSDQJJXlWyR77km3viY`0fX)=0cEc4WK<|RCAmlOw`Pxz zn!9W&6%KnmX)vDEk?l|mnk(NtE@$@l{BnNnPBAloDCrBd&vdd8gmc3A~cdlrv3M>tvX(Q0nv#^oj;>$L*9;AV}O2VlYC-SAJjM%y-C!5`a=AxIN1>2r6*CpujNg)c9IM9rK{WQ5A4 zOEj-JEcT19>az5krSHkOw);Ae@tUI5k1HRgXBQR(Ns6}cs?x}_<@f!?xb}~1+^{w9 zRCB9sZz;`CzO^X%Q8OJ97LoYvoiL_06#I6(oF9S3&;%6@a9_I#0_RPdR{+%in-`A5 z1(fvKJ7iAx)6Eb%Pzh-?9)W(`x6AA*1ACzU2IaZ8dBTr#7bIS#{rN?D4FmD{=>aC` z+5=2(d%mKs3#D^2V-q~5c6bzX9tg)jwzz;f`&iX78`h5QTL2aO@_0*ATzjHB44k=vZ6=c07@Ej)NxUkTL{`q z9WUDBA?`Aake{h{cK)8AoptkauZ|FXF7S}=Jz3$NKuk`>XX}+`KE?0t6Y?trDyj+u z1CC#9@#HrJJrmxpV*cZ5ZoQ9fEZOY@AiZhssTxbRp-IKJMb3*>>uozw#re|h`zHUC zFTPz*20iFHf)cXP|6M0&N;`(C$f=Ch8M6}<<-4$f$A|6o_FHc(UA)j!pFqpcc+@Z+yW3kT$rpx4s1JsQT0>bHtFmzb zyrW5j2|E4{b;fngUL*pev%AA)pp5W1msN>gzan+9>m!GmR7cazT@td_0!p3IpB8b= zY1weBQd4@F<@&Q|L64kOSE9_!eR6%hVg^`r10`eeiHRvSa-B+je9^-fp4XiO~H&*jNJEqwZDZwOnJq7wz4fSZP zdg#O!;qwv3L2CqJ-lZ>x+H_;rzv@o;f&CwTB6jEm0i?PN@JZ zH<4^7lHo=er`lf(Rhj~p6Q*Rf+t)Ec#q(_on*ByJR3TM|^mdz$r?OX)4dGWQ3eV9| zU=4pda(+!+qUZ@)?+CVgP+>wlC97jiwGG_rsyJEBTsH{EUQ;-ARzztov(wjfh<{0G z#(9H*uZIL*7KgNeUb7Th1Jo=d-ZPovr1ckLW?@>h#z~VLVq#pDh#q&uC}`Pk!uW(kZ#23kDVnq5NUDb z^mY8Qy@oWN{sW#E|9+E1PJHp`UyONbe-&8A9JH5ChKx)Cjc8bcXsR>SASvyZ@QKwR z5P{s86Q%2&a^LwYJsc9)ML!yZd*%H={L>1ei)(kqwn0M`@#v+}PU@c^S`}zJlhQxK zFZ}*zc$$p!McT1}$&2zeMf9p2%uGtNSC2q#e7OhuNX)n!VaqLFoaM?m<~Ndv#YX{OL}r*A?IP>gIXD+3 z%bzeyK8Kef)<=WnmIYhKO5=5Dl4v?bEQbnSL$N$TH7}=;s0vSqm*hBmYrpt%w1rT* zHW7*~mMH)P`Lg_Bl5O1WOjm}i<&8c+no|zxC&q`}xmsHPS@6YceeX`SEX}aa0;MYU zmp8gK>e6r`!x=)q7$;`tJp(0R$VtKth|qXLr(2?|RV=|jyGJpa{Qbt>j?U*TkM9Y7 zSEXvz)kxW1qQ`8PPmtz-!d|@;X<~ZeFZu#%%#ilSrSxPn&*-{z@mcqXQoYiK+%m@E zY|5*=Lr`}!`#TaP58zRhaC&z!4dK&Z@;Pvm(Pglo-myWGe~5YE=+fK8V#G8!@uDN> zQ(D?bn02l}N(`H_oGJ|iSy+;^>Vzk_>9w2`=Vj%hbVlvuMUGD}pz?~_A9+{0HW&E7 zvOt2ns_NpUR{WnXIWY0#>0|y@zyGty{7u=)(`JZN?9b%q(;Ts8W9>9>ZM0;<{!q)jKvVPPfx<<6k&(6fR&J13{WHWZIX(G-3Olg5(rs_a+vdDXO@-B)P3UUSKUxUNi$kCQC<^C|RmJ zjs#aGC~3bu8fr;&Skmq{oZ9-Z^t5TI_*eP13s>GtpSPj075mQ97zEri^7uB4iV$@@ zπ?sF#7g1C;%!LUg8D(21LyYeF{N8%RFVFPf59*U>GfRbWgTr)G0? zE<%Yo~uYrm^|%HuZYqu=UT(X&XXw=AnsqB?Z!e44Mk1e`r9;W+{43V4yrL zVrI!DQNAfqNnV+rm%55gSY8=PMMhe1tg4Fd_89cp#OGMcb<#XCn_42vfJA^47P>JO z!gfKy?3b^{l~LE!V3D50WZ)ZbBb|RDj2>u0_hk~@_f(n-DI?S*o`&4v39h)z)?IHsz?FO_rERW@NYKD{${~ zw@d?=0DzBN#n&I(-i0ZLrt_4NG5i0=4A^9*kd#f=V6=PeYKU9Sm{H62UyO-w{wtdY zwSXX`F8SEDcZ(EuS5(xrUN->z!bSI;fnwAQGrM9QpWVpPa@qDBh~C({~`9z9t?wjNYwoZK8wOwiOOP76uvV?c%MP{4mh`Q`ql;)SMe`drQ3a@Ef53MCUeS zy*mZ$Ta>^Hv=F)SgiQM2v37jDx0uxPUpY&Tul28wlE(62L@-i7|Zs+B&xH^kvWxCvoZ>t_anIxuB|>3wzKF4NfbfghXKw#mHcL! zkG;C9A?q8q_v>{VQkFh4Epq-+?AMlhkR`rEA>`fi#Q#&vyJqdq&0B(AvTg)=MNrC3 zeEB6re*;tN$4v}pf0|zGUyR;{_aS-)*mgr= zdybpr?mqr0HDs#fccYrG?vB#YGQG4TfqtVPn?s%b21`d3UPbC7OM|?f zzw*xJ%jTJ>U(h7Z6y3dB9;C-inQ*I0JFlq>Q3*S3=ti_O@B&kRjt>#01rhn(4oGeQdkw zDm^m37~&+;()&ZMbGIweBeidl=G|h|g87_nq#mhm4l;8kyGZ?s4k9&8m-;bMpx%fk z>DOf_UmtmS;fB?p6DX*#MGnsNjOS#U;xsjcj#`tQM_d9tT}ng zFXePoaUW;;nsl5<1X%O6(9dk6Y;9; z^mf~Ba!q+l&u>*f{nFlF8W<{N;CeS(R#Gt)jHHwfN%IX}kh|DG^vAd$gW9Uoi)Kx# zpn%8u9@Uu^G55Hh<@zpwm+yG`l#G6fS@$SHeS9%k8&Ma+vU*)9zJ}*Kos>kTB0W<( zK5;%l-7oF5VJz8?ZmdSwomGdX-0xPSfzeNCH~A;VB)TP6h$)l+)nOl>mxFr*%|4xf z=~uW_#qz3R2(h-GOOA(mTq6vvCQ3wuqVyj5=^~GSxF)G7B=a)=pXw?kmb6i)E&0D$ zf34^oc9KVrS2{NBtcR~vj6Ytpxak^nFw_-GEG2y$KBwk&7ZbfJd*g7iK%L^lrR9e% z2EKiw4xC|e51^m`I$m{!=0=Ko)+8zsh~NTIGkV3jkpHQqq^uwMF9u8AQWj#lJ@73~ z0$7ifQ1=!=Ltwz%-;#%&x*e-=`|*ym1j1UmQxxbrUUn0AL`{7PGvHGa8TZ9nhGudK zA>)faW`||Bsxqy*y1k?#zHkk5Hbm-l$GLB^ih~fYilPQF>RG=Iqml#NLtWiLmBHg4 z15K6b^73KD6eLD79XVHJc$OX-LP2tfD!r#T+~+Z?|CHm5zvrq4h>%z*49PGFK?yYhWj$?m~75&eWy zolYGc1r7hz>~x`oY_VoqjCJ)uPTIV){FYpt1d9SgYRA*`vcgT^#Gw}xQV$FT+S@SV zvYSZ;CPbq;;_;1V^l-)HA8=M+>wWDTR&)IP4N3ASiWcwqr-=*ZvpABQXXRNinEIff zMyzAeB7OJ&>SvzFyCrA&rnOf(ITfB8@zTAUG3L{Z5Q<3MTsU6aoJAu@Wyop2@4iLR zAf1e>i7%_hp{gEv?iGf+{%NEqSg;p2y)N}ciVUoh8iDD1|1I5%(DRVRAJ0SfNavt5 zxwAsBaj&#pW{%DGo<4su5_UhT45h|z@AltgOBrxh{0~YL=Y#D3p@if25;oTOqKEgz zpVw9GGps3Vpw9ZW@2KbHqWpO--z9%f_|??^x$sLU4d2dTMVDge%~jZY{fT6Sdui>g zs7}lX0$dlH@f7x{MY&|bq(&_7wfzO(N~~W75`qaqKbw^b~eYioAY@Y5E#tsKt!My1T4d&Gc%i8dj1#Vo0tm^ zG%)JVN`Y8+5;F-p<$^Gfjm!7_H^n!J z6@e!ud!NOHQ#taIE0F`HJ0yK=eeo9qCUa-Ir�jpPu>(OE!E2gK4Kpr;VLB9i55= z<2M4_^GL@lpF3377CO>bA$JDO2ob!UE1SmcC$)$<7Z%9bXlM$^(@x0rpL02kUAnRT zhq2(&@%gU!Ul8U{T!?`-x`IZpT)zXZ>tBEjFD~B2|BJz1-US?1_(0g)#ARgKI@7em z$t9=-PZiL(Q#H{ezbh*b!G%{AqyS2IixOQe*7n)&Tut#gpI>O>!{ekZF=%p82v=UM z3iMn8Rk$~B&tS$kETuviidk?@hESb2lA8dOe7|2sPJ=@eh}k>Tem%YzQrjaKA{EITKuhZ2l1w8^%4`UM|gL5urw(A3Pe2WjCFa(}Q=VtGgga`i*cdUoTTYxMuCMS9Dbw)rt%P4rP^ zL3|o5K2a((OI?+m53{B|V#V~9HyQ|nf_!$SywAGY{EdQY=38Q9>P{?5$A`J?Eo`Fb zRV!JZQ`R_ohh9vBQn7g~Z>dUvkeMKmW73|~ zks+tTLFLrYuTIw@X1xeRv{8U&nWZhby6$^6>W_F+MJ|TLj(}e``C0Ds6_aWmVm3&9 zLinuT%szNf$?%XsUeIwp+?nCNeMuSVjVyb{Sshp*;2ks*_Kv#G4 z!7u(4?sgQAfslp6FLd0&f>DHFDOObgS^H*gLFLu+erf< z`~gfaEoyx@M)uYAOfqj=ES#vI#f3R zC;SV{VU=CBRFvO$-j(lRbmCMFUv;h687M0#ZzgvJ@40|9Y zgXJjxPY^?a-CJG}4p;a7=H$b-aEHDuV45Lzon<}?%+Ua4v4@mCJf&o_JwUnv3Tu$5 zPfJp}fU6__V&uF4h<3Q+9Bw~4wnoIxqZspHHn_5k_urotj`GY^;#=N&js8!VpJV{F zsU&*E<}=Vt?idSHygJc^%i-8quJzV^@7Cb@FGegkJ623;aCDZi>ITbKQ%Jp=t!V}J z#jM;R@G)TCqoKCXn&DD)A^UU({D4O99cqsIm>L3}~Ni zRA-Fn3I6anLbLuOg%p!Lgz%#j?82G-HIM`5R1__(hB_J%DbEICdJ;(fB5Va017}Wk ztBatz_P-d!tw(<`iuwtWb_|E@T~iJ1D03jgXQG8Z1c=o@eBH+uZ}OW{+TFkW@O8iV z;ZY8x5sDK6cfVj@KEMWY2_IlSxVz@%-hHA6#EgQ34Dw6@AgI*~Pm<@MLeG+QbPJiS z-(V_wg(blY{+mqrQ11S1SABi!i<|7FMe4@ETdff(-J7G>^xZEtKB0lq$_@5EGTd)} z!$kr`x#Ht0NJgWrePoe}BGb%ItLQXpogkxe0uFh@eW}&{ei!r~jAKd+BTO0$MP|I< z%;Lq5J4QLWKwRl%z9vjBUi%2zCP!`k2*&#wXVZ%Hlamp={;_63eV%@*5T;(-3%2tU z>#5E1&$?u_u^mi{o_o$;2Co;N!c|c!xJv2sQf5j~0q#m6Vfm&Q{&XPH%$7Cc5lHQ^ zLdK+iJGE8+W6ixA_m3SNvdcWa-Dc;Y?uB%x7-LUI^b=jJ+7UZ&_Ryhfqq6gld68ak zZwu;TrB~|nJNBQnsWy|Vx@>>(1EvPHUvA63Pydv$yu8-_-tou6dH1#Sr;N48Kf;@> zN22x<`5snhAx-a49MxUj@!3rl-R>SeT`sKz2_-M9*k#jguJMA#{}3(EdlsV7i@1$! zeMG;`fi3LWQ8HwYPo|lgs@UI6HBz@<;~{+mIUj5I^d*z>Gu}j{)C|_XL!F4%j7r&7 z!G;FiuJN=J%5r&@BKvg~?D$ACQ%g+K-`eJ%Tv zl{Pk6woca(5laaPVIo$E(=~K@2muw%e0f5{U$Lm1*JhzmOPzS6rbx7KBFZA&3yoY+ z)oq?7_6Nb$9z#h_z6qR9B_%G0Ge%JSk~^3C#o8M2gbzR1F=cQf`y#f)4In1w(c$_A zpRgj=oRU9n1k&^W^siSlVTSaYC#T@I+;}=(BWg)G!KCROUMS;A?A>C?7-^i;h8ne! z7&WGLa(7^hO8YI|SPeb1tV8CFvguX=Om9+Mq^pgceKBc`fbMAp|8}BX^Ir^HAz^!U zg|^z5?^8k!%N)PcvZ(wksEf2qHG5*PC!3{D6(?)nEVbxm^zG+ zTR}o*ub7!alGkpOUfD3|rL%#9z#J1GIlVtrsY^`9f}qyPYZ?&9X=h|;FP>dICDE-5~ZzB*S^EpUuqCE92{j=xi!A>fraCMcOV*MU3(OnJF~u z3n%MBjh)tyUp2f6XOU3W8YoeF<+k=SF;c?6Z!BKI;2ao0BFSmbs+2*O{Fv##fI zop`O}Egmec{?#@*Gm`HUcF&e{mBQ2CFDx;`g=48V$}YHP=h#}w-TK<8413avplh*_ zOb3W4p+;Q7bXsa;Mb7SsVD^g?gSy*15{=aQ7t1-+Jw2YTul&tB%OK?Q#nF*lb~<)9 z60UYoKi25*t^SlJoF6x{f;C_G(m)S7-;TV~gg3WI7=HJ0A=fh@O%aJU$$}77xb^Zg zS^ks>zIG2HYUO1%7*ujuw)8}nQ+Oge$}3EhHKl0tXe!b2-;^CFGS$?o!+qAjh78g% z{Ka_NOdij$_7#ckusd=o1$AtW95cf9v38ZNoOmD{wM(tkQQZ0Dtyi>-+Y5Jf-O>0L zXm?v?Ey>gmx^zE*gIhj{0w;1H6`7{+!gGH9rl7;QShbcw>=`9(8<~>4T2yXQtogv! zS|nuu6dh^&=jgd;Gy8==4UD#`jt4yy+%}KMf%mafxmpKnSX;7e45sC=_b<*@mznUm z$JBE2Q79*Gf{6lQz~y#SmuDy2*S@4^L)DhZL0S~9QsPyza*a_IkLozDKbsmwYHK3J zMW=va9IufAl_#l@xdtyZwo(9*@h(2o!q#QUtsLjOY$$lJrqNk(2y!U1O%ZWhlIrR^tf7qvbE}8Qr zN=C&pw3&2`RUZq*|E8ion4Qwm&%mGl$$z5CLlJB(hbdb$#=bQ)Lf|;mp(6H+nU>X( zX@ZIv)l8VN9FsmHLNIyipF`aBh+cliR8A8fs|?jV=VKk!cYMcYcOqmb|0*_?6KwTL%IxT&r6c z*9rSmHnSFWYc)z=bJah|mn_0XQ~t$@hm1cHyHkF2+w%nKr^n8zw^gVO>rHCQF42Rw z4zp;RHa!DUzun?j>~szoo?Q~dLPE`*E=1q`41yTGvXa<2@Gh;$=em^BB(Po9W>|5& zdRpdGxDlu?+aIlQ(0Jr{$xTKb(Ek!|Az~S_c|q0CetN<95^pmPKI1+3hnd{TtzLws z>w#xw!znnu;T8y^RYpBOCw|@76bt3%B%_rHNIe66*#E9C!rM1Rky?_7>*JV+yDqF; zKL0c8lkLZd;|Z-sA1Q6Ew_{wopmpi7b6)p}(zJ`bt>;seg2|M;$vD56zapo|D3o4% zconm$c?47K>-x8_+-~KtX7uSPP%IZ_Gn@B~$mUmPyy%pQYlt2D4k2LgAxc!@^nc{l zF>=89DH)-*)}41&*evBy{%tD3(%3@Tqw-zk{Hh%@@098uuTtCy5jU}iuH=q9v8~on z3deBV^l<PH$3lkg9%I3cX8Rv3Wru2gm-+KH_pEtVwECPLzsjNZ^4t0`1oL;l zu2jCQ2mU5;LN*F{Q>0|2s>a#i3~h>Du`|cD?Nu$}K4O+}miRO}AL$Be_j(0uB)3qN zgYo$;L$>pUEz0~~l_w5mkq`&l){EKZ^g{XCW96x1K}~is!l#=gNbH+jU22Oq^FFD# z`XG+sMea&j{92PI{Cb7@F~c!ciZC^JL#oCK1>5%`=+?{qv}MIS-IF7c?;|UA!9XdA z?PdN%YonpxKYxEa9gjHfZHRUJFsRr}@_Bs5@u0gA@GngLdF=Mwk;?|@#bfF@hE97W zvVpSxfv1Hp47NDLimit^q1M(z5ma2nJjs+XT&&0T`Ua#i#VQ%!IkK5nw;iX5wUKys zjfcJb6*|9v-b$=ZNNystL^@l8=OI)m|=shOC$=%O2yoZ}9s6enjNMP+moSrcyx z21c3bo%28@-W`vBSwncaJC4B&4RU@K0ehd<(=vKNfj(b9FnR`3FsWZWnJy2!457R2 zYHkcBy;w*3=FHSTm6nw_Wz;-+rPm;In_^L_xczR>6E0PhMVp;^6aVjD^hBt_;DN%^ z!Oi@Z-A9Ce39D=-)^WZUbf<;a0>3A(6D!ysjKJpC_`s~V z3Wj*5IaIRnjlMW6veWi`&pY^0H0o2dOTD@D$W=xBcMY#G66win zP72B$zvOlM%0xU7^YPWXpx*7_KRhwLU&NB?3fQ+)l})JDoE@+yI3O-Q8g?doGJE z#kzlA_22fKw4Z)0+kT%^fPlf#LLJQqrrUpBKGmb~VBYQRi97VO4iZ05E<2qYboTdI zzA+p5>OI=|u-JsSH>a#4W*0sGa{N{*5h(+VPV7HN>;vQxiFQr)T6F0mucPhetIJW!{#9TIcz^Kl!A+T~CJ}W0 z3U1OcLu0hXHw+$ceB5%LzBYBOg0?Y_zyvGB(v$#wH-Xnlp|tRv@qp$Ak!4Yq=GxUp zlSUNoJV;^4vjXGMt~&wl3sJAXCMyy#|Mp^eEuxV(f#b`3PSyf%`c#qVx2e~>h3^&O z)s&-Vs-sRIddeml1lsrJl~;!r%zQE)4!B+lJ#VaukEbVHIwb?M^^@16R!?gTcfkQa zn!FgzF8n3AF1NV&LNcO=BT$S2MKKven>Umj#iY5ThRp8cS<1@c%-1q4u?rqPI&k;+ z>NxLgN|*W<1CC3i8Y7xi=(1J5&ktH_Xn#qQVc&I|*99z+xPe8|zs**_jhDdBzeN%e zA)_FJ{BvmGPl0Ei$vUCO_1#nJR{yifN{&%9)q+1mC9ENA@T*~&BxRE=Yvo3BsOPiy z^IR`nndsS-d^GIuwK~4mysE5HD2-6%RXbTU*kMhDXBj>Y- ziebFPb$xaqol#$y0pbBshhRjMl8~!FvbU>E?WX(og}g-zYr@7Kv?LP+5`$c!d01Vu zCMDSxNm12MZQ)SsKhymm4*b8xp01{sWSl4)hihg1I@V97i4%OGHKem8wlmnOfKK{A zE-qj*<~`T)+(+e=QN52FG3nqXEWr7xaB3%3H02R*UYzh45Hh+`3bK zZAvD*6N%Cf2gdn%oACasfTf=;I=_h-%;Ke@CnGg9)HMpq8=tnA7^)QLQyK5)HJ7nO zFduw`em-R7pGdStf)cn}OC$XRkAn7eH6Ll+Ka!-z zTjP{yu#>N;)~J3KRzav=z>p+g9(GN9JB6qBkkTe+XJS(2ob5T`LEl(xCa=b$VS=RR zs(3}*h5gq(BSW9N2!fuNu_$P=C<-UBF?)p3FNAKn(yDe7*R|1e7yEHOoG_(&7(jsU z9*$Gl?Zr}$J_ie%q^8=sO6#XK({xiwvR+&0p$7I#kb!_^4wvo&nCo* zc~$ujEFyLwWnm9KcPTPtkTn%F$;aW;y;a8KKa8j}F>7+z;qmD&B;dx$#oO^DT4ZP; zF47cbFyrg>Hslo&T~*gN)XbERcGY@I@7|y6gV`u&`*^+HD0$AF!927I|6_tnm3&a6 zdd4$=sTZodxTF_+yk+iW4h=kS}e}&vTK4m4VXdC;mZZ6eymF#MeiU_sN zcB$+Xo*GJ!i6MEX#*ezW!uo5By3=c-ux^56;|1InR4OwkZb_a7%IfuVW)77(-5ogx zd8{TM$(iWogl{^dNw~uUe@5R8eN!bhdr_bQ?_&~WpQRXV<#Qsv;{6UE;(E=8n%x(xSO`?Y44ir{>!YOSPxo+1*LEp*7Ej%543|=Hr`o0NOX2Jh z)oa!RPgSD&mRqc{?+l7l9sFCG8rXKX%68-)SRZ~6*yS^s*9|5(s?UhKjeST_;74D-b++aa#lrkG7F@HijGj0vyUhxj1GJ4 zRO7v*K~tes=W|$F5EVA2U(V7ji{G zGUM_}S5w9d6_Wy5Q5|&;W$W&|oB?4G`V~BVD7-utuEsm)Z02+V$pabDMVZn2TmSi0 ze2U^R)&Lj`a^{~qVT8|=qOmd@<&|T&j!6wfFvQR%Z(1?YK89e&{=Clo44vY-nvAJ+GQLYPp69w#}nb7#&9S0m9B34ro zte)rZHG#BVrZ~M+-)_4I{Jq>t7wb8HIzqv}l~Ee2tA5LZcq;VW2Zt3T6G8MLO-q4z z$XY4#cE$1aR2aD`Z&}>gfKvHLz|>x)R+djH$5(JakTD?*4*(4L;B<(8!b^hQ->WA< z%796Ze5#&Hh&jwXO_i)T$&AA%=~|x`HwR-`#=vSqjgmys4Hw_h$tf4pN?zc5X2Qd;Z}7!LpG6;$4YO)>(4KSRO4nc(m9SBihW2~H5u7w;3|-C z9Hy!ygWTH%Mn`yQrUkq^FGC<*fbT(G&n8x_b@qJnOKc@!_``-HCCwzzdQE5V*|*2_ zMj}_GBd5z@Q0|2OMCp22vo4vD>197&DZi=@aDP@FgeJ(lG+^(;eS zI1FJj1$f^+i5433IEe~PhBuK8`Is5dv=DQ%FhO+1b9Mz16jzix!EQHUta_fhTSd!$ zvcSuORRVuWpKQIC1B~_$sBPCTfpMnZ4R5~i8Z1bp)RWZ2NI)2-#9R7sT9RPjbg}F5 z-d-s&ZBje1hexsi>ZrvN+2CM^> zs{V^CFEU;3{KhOJ@92YYg2kw*nSxM&YodevZ(ITt1%c8EthQe!PZ@P$tL=y^yzPbH z0@X+60@L-S3Tn+>Y&pw;3v^BrqUtA4%>2j-sz-hClqZcwYCkoSeR~~#20zs;jT54^E9SH z-lXtfNm6x`l;J6rWpF4Z3KQOJx;(x}1Tgl5kFp+Ra8Crk&%9O?2w?P3BPqjCJ8kcX zk!goougbRaF+fuIKq_S8_Ow zel%(>+JB8Wm7kp7&)9CKtPYWm9J{`JS8(wBnmEItJq86>X&=|r`aLO)atec5IzF@7 z#MAaia5S2Qqxh7Pmgy*=)+EHVLYd*O1>9FL#gZ}8)qr`IGNYAIF)}nd&QsMiR1$Cd zhNM*x5dO=wt?drJ4>QrdEeb^w+NHG52@cVm<0{Ko z>IElVntord8l;V%L<5P3A}Zn1$%G;>pyEbD=hj|o4;i)=4%d@u7B3jfgy$x$aj-J{MB>B<7rr}N-^K&C_hIOrqz?6mC~esmjkFVi+0M82mtO2bsgrtnO@+5YnuUFFxiVqUeZ#Q!=i2u2Ppn z$wFER{&86(Kjfn;QhXPEebg4>_FH`DrfW3U2CwIAN-ny)ya`4giz!MO>W&ds2Oc`^ z&+a%{6vDh|0ue1;?7pf(8OHyWXa&4V>323HuO zR*b-JzS-97`9NYtl#h?tp}5*~w6-cjw4Rm=RRz8bHB?Be*U$`CcP}ymzmJ(>Xd(O= zkOp>=`$dl2^0AZ`h*>*Egs2;EeO)0QqXhc>YZI{fqk4Y-cX9#Bl%^ygUI`$lLe3Dhz% zOx1x?Cs-XIEG?Jgy21>W&A6MLJXa=U^b;<=WQD5XcNDPUle<*F`nTrDNQvf=iEa411FyPXEBgXKIydC0?-@(?jRS{~T!BE`FFYIMfgWInJfV#|yb^{f9rqZ#T$&kL0l{m`({qTMm5GA?I|rzi_(z!>uJE{kX!A*%GU?vX&EA%w_cWlC%0C)jFtu~~6&&qU^@ z3nsN>T3*X8KMyqPV~s(If=cZfuRsNP%eMx+&YKi0CrHObN|7UjP?h3NY3RPRbcMt} zaPwQTZZz$bk!~E3Ax|6|33k;~{-2JLOqJ&^2`^=9nGPxW;C;9v2Kf=W_=1t6L!u?L zqNqmY)?Se?AZ7b3V>&|f)=-=3SE(Ag`BG_qbaVPDUk0oN>O4AcTtO}jUbis01?7&p zY<;h!^GNqAR#BT2jsc=|kl$u}UPGDxg>pA7v%1N5Z}jW=sCy`$aY?dDWcsx7gu|{$ z*eWg?(=cbFyiIFlV)Oo3TSQKy2$85ISlL=HX)Xe`=d}IzDGBu=G}KJ0ga32yzOtQF zHqlphA$}%iv#Pr<&WkSz#z8#)XaNG*Y@lc!zx* z`4q{AkfpOxtxlO4r_mB17--_OK{5ZpJ-}oAcy#+q>6=tBzA^JeR)B#!!F1TvCht@+ z;Z!s_()g}en=u0S?Xz`Iu}>;*k*y_Jwxwsr$bLSJc}pP1ibjS_u}S6wAtx5$dVelr zFa1D9+>}}?|FgqZfs4v^5`laQ{k%>zuXHInlS+BGYI%v%n|d}fYkAa|xi{-Z>?F&g zBT`{bGima4v1>TXW;~HfRo07i!vwcL*?MAh_q;t1))FHT@_*n?$+I>BCU6R+tsnOQ zTpQS27V@OQ@hpTdf5Cz2f&YU!!L>U6lp|{MySO87SvyzbNuO`H__I z`$5XBLe&bWIQe2d8IO(&6{A<=AGkN**;MP{A+6=qe^)Cw)n#CRxDc)CSS_HZ+?Il0 z$4XCvd-gz^6SZM2 z(Me!8Szbw;!-fo~6uUc8BIrr2;*Kwp&30(aP>rRm)=0HPyKTQ7Su~KH_yeFf$E_FU zZ2?L?Sr*x;%|bfnx(BJ!0v*^o%NIfQ($Ht=JZ=NHi%G~AP`;?5EW#mbJughMvz^fa zHBC@wbwe=P{R$Sd=@#L`n;*86ziNMYH`qoq!zIzMl>%gq*p_i{5a9YKP{HXrpP7Y! z&Tdb%ZL=yDwQ&gqDrZf4%N>6}hg?eFiSD35sSH3^CC5y(OE6-M#Uj7`qVspS$M2Ab zc~o{jq+Z8g3#>LI|Ay~l%TT2oh73XJSeWIn1unGNo9v1AT!-T38DHuwJ}$!GtD?)f zx3yZ#Ipk5J7(j~QoMc&!4g4oY#Yxc5^iekRt9a>~3mJ}6IM%2zX5j}~2Mu{{nNzFqnDNiBk9k6M zaUC{Ar@aWem=n#<9O0lm+797c?$SP;tvNY5;}~6jC_=__ERPR`%?6K6F-ktKYRzV6}hmqWra_hbxK7qWYEC=1)SpUx5q&)O#05Wu$EV(H3-Q( zBJIcd{#}ChHVEtu)5u`Su5>?ciwtAOp>e~H+XgCcTMmHy4o0}&Px_%{C(bPzx%kY= z3~46gocq9Dc>=H)))jE}jJ_Lun-pZ<)_M1{)d7q?1aEGmjX`sNYz&%6E&8t?%bFp* zCfbZVTTVQ+B-jTKB~yEuC`Bfq(){iN)DLd)d*Pn|%89?e1T?4M_W%NB-S=eU)fn0Q z`ib4Z-UgP3C9oTl1T}1i??pYhvRce%wPDA?#|-kYSRkJbvw-5uBAO0F(;dnU>*dh=$M~g@~|B^=JmpqEaRqSxj{oQfircR?^E-9ftUx7BB>H1gQry z2SKC$nbfk4#i2+k8}f;ny>S?@XFHK7r^PTpl@hfBfDxE2OZmH)!X(m8i#V-=f196(qK%j{u;w%zv*b>r7|#j9Cm*7G1RaW_X!(O2`Ze-ZJ0D4 z)&&~G5&@A-9w9B$m6yP}7$gOhnru($v?%kZu%#O%l+dr4e%MLKN0U0(*NktPlj>=5 z+m0tC%L}Qi%v}Z=CI6bOiH@Ah#y{Z^o=a-18YmAJR513)x?}8Pl168cXNqxk>(A+I z$hN#-=Hacx>Rp{CQ03;6NE7S^%Q}!KK4)kd^boY9rfn#B%RgdxtSY;##xesb!asli zHvHmx1zCT=lXvu!+y7cybj83>iD?w=gz#aix#4v-`X_Rt+9i{!A(<<+$L*0fw@ro> zO3ALNvq!LP1CP)|X+ZK?LouGt`xLHlCI;B+PBJ`B&x$85KA>Mek_%-cw~K|%q``>K zJ?Tex-s(l-3!&BS5L?Sf{pLl&8e^%7Qz{IOETM(uf|go&7XDpZbwAHdC0U|@bm}uI z?uq3wpK>wA48zT2=FL;U!AU}8E`aoL3IHRU>glxKrsuuQM5(IKSG1+qf%C=>)C-Iy zNA$Lr8nKdmhB+Ll?M#cran|rdV!CwEyoSdLp!lqO^pBj4h#Q1|mPzj;`1Hf8teK(K z-{ELG^jYXs-;869X{^>2r(0Xk^mAfE^U1AoRIx-cKyjd+V~M$#EH$x)=UgOZ?h3_{ zqXNU5Nwk1n`WZZun^!;)zU5wVG;Cz?ZWwQ6mb?AIY<^cDozL+sLJG)92klM+;GgPNffg z-3lH%N})~irL&JYOL~3yZ0aO>KHY zE4k-7nT!Ma`*JCFe;!wqv#1eQAkAM&h6>iTiOlYkBIfUKkn}2QDMAk@(Q*_2*p7LV zuJaea`(UfLwVRCmheXGg&~!Wc=0>{_BcN6y8kI6Z>s>6AU`yE{tL)&8A!%rY9`cv8 zeA}~V8j__NM$90zaet-;868M`ODRh3*g$$RqI@!FSx$MNz&4&|Drbosy(^FEoMS2z z>@%q2p9zR{&fcr!l!3^y?FN4pqiEtmM)-mo7RDk$d;+^ru+~LBc=P+Xic5s4xAtFx z=q^vqB9`%Q;|XW9ht9LFJDj;OR)X*eQcY47$8QY~527MyDN@e&2s~)SqE|ntTlSet zGT=QVMo(2iRpO{#9MW`15c(G-B?Jx>Ttwo6z@wJ6Uu$khx@<_e^_dQmZ^8ebS&Sa5 z>0?mko6&%STha2vc!#g;CaIShgfz7_(5yKyQr{X>1sg=Q~Q*(JnXs1(u~Ds!r*+(h0g6|Y0T!2x?9>}c7Lo7 zu_?}8j?>$zZp_G|`h4YdpR<{;RDyvnaxOz={_~O2_<3Ft(3oJoAEhPC%em(pu+c=`);$P{-H~x*s23@uOX#+2x$I z9CT*ee~bGIr>GNyMQxK)RaZ8}q?nntOu9p1qRjrZnwtC1T9P?<F<7 zRh(lbCLCIw_OyCyNguqyskH0Kk7*NA-L8!Z=RpfZe>!$|Brsh}7xn<+@t zA?PoIk>ms3N1#U2lhX3&v@_-F5$&(w`?9u{#4%d@E^^Kv+ZNX`rZcVEb1_E zss8C1ILhGMr>=x<$sT1&TpvV*X~DXMnKg@6bLAQ>JFJktDw{QTWMj>r4inn8_kZI! z=fC5P=May>pveXAq7vhN8o}#G@!M3yt@R{%)v_*0s!YIGy&ekzXvoHkL4{$ZE-B&T zPUX!pKXQJ;OU4Qk&mrM5T^(Rg7^<)P`l-OQ3&`iMdb8<8eou2ViQfU@(DYoPFch3U zQ9KyEb{#Y=`kn8iLZ;#C%{3Q5wRKJX13Z9lVQ>HO6}flLmETSMb&5nthg`dA zv%n18L%B+}ha9(n5n)*R8e$!QX~_XvdRy$k)U1XKWaQt9E5oghF+KdX*h%Fd{lGZ} z9V;;HN&J}btK)mNEn17ncRw<&@){6iV(C=pD$BYE2%6u{i0rtcLxoWp*W~@Tm>Q86 zCC^2TIAk65$+`TAOu|mjeO$Izs1x8rGwmy!n~|IdR_31B+2rOC*=uw~Q5NERCxEQZ zJPQ+^eR_I(lo8b{qJ6^=|J}f0>@EE9I8c_)anR_D!J$0x8}kgA^rGrf$Bab7Uc%VP zdddqozou{rhhgG5t+HsaaB`%GY3lA%1pY9WmeWBMeVUn$co&9E>y_Fd;2AR|?83Z? z($9w3XcI;Ehlg!I?AH~}Tj`jU@LdLof88paGb_Xnjxbg&&{6LaXCNY)9vf9sdK^!# zo^zZupZ+@LG~EBo2)hda4gtVuHp9gq^taG1@*lWQvqg;p8JhQ$MQI&)!f0FZE#sSn z*k<3EIAjzUQ`p5~DT8bkNewx-1{J5h^}A!wNe5WrP4Ji$=zX|k6n+{glyX}_9rzY7 zSltsE^;w~f`?7^!wAX#(qHlNQBo9*~Mzs*BOG zjfwxG(}eE81xTr^7(Sn_GE=s5HT2H15mHuw*u-y(;h(>Y>S-j(N4i0Y z;^x)(=?_>H5q(`f5&YrfzG@PU?YZ3Wr=23!G-E^}HDj@iLS*gZ=vha37?N_<_p=Nl3?53`?2UjAt;;1Aq=)#qk3U09n`k#dG(a#Z1Xt zkoeHEeR7mAd*51;cDj+EI7Ff$;w#I&@Ekp?w4-3Nn;@wA55OVd8Zp zS=yJUxn#J|Ek0KXKumrX^Kep&3sMfJ&3)_XCts%LDYN5EUVaC-h??F>j!1>DO3}Ps zb@=A(H6EQZlEq!m5No>39)!-R)}Tq!b5ZM=f~rB zYEx0W?f;k*owm+M;5m`y)cZ6$du#$Jt@$qU^q#nFd~AWNLXIhZlJd9oTJeBD!9Q@D zHW3}ZQW!BGl5yxx<$7SIfBs^yDZj#)(B=dhK}UK^Xh|FOqLL6Qra)_E4x&ZwK^tRZ zvJ!>nQa0YDF%7Ku$x(H!ooajYg#kZ_IT5%_Zzl29pHeyqZbkuT$fLydNCyYMbT;{c z+C<@-L6DQ!8X^`kb;-+W+#ai}EIeHZT#Kz59db1+9z$TKHX#pmPfyA6t!plGd!`x- zP+~oA+bLnZ4}f&Knbg^m_kE2YvEzEBJ9ha#HmQC~N;Vm=K-lm}-l*(};9^!mp;39Z zlLIdp&0aMF8OsKi{T7(zkOrk&##iGs>j$c*5o?z}Bs3Aqn0@qYSVj^9ZZxfgK$r$G ziC9t7V<$@k=c3)RE3CXEgIUcWC}&P8mlAm>7B_-Q{?~R!+(5)zsTS(e^3^-^^Qc=MWxA=eG*6^K@PpiUOxz%th9F_&i- z$Sqm6^Om^+b85Dzr9R}&rO5fq<+vyY;nO~G{~$7Qc*QohqhzfQA`2v;6uH|nk9aEF zwwohN!)$5gR=Z_5Pv8BCYi^*1LjI?fJ%+6R(^*8*Qr|$v{!oAM?@?5`hKfnNR{73> zAlmj-iw!dorms3JGEc6VN)H*PpVD?QvL%DC>+SdNr*mZ{JJ}s+HO?p@R`fo1u%iAJqj1X7`L*-a$w_WR?%(DfpgS0{n zIo_Dd?VYAkP@7WjK~6LdHPTf-l7_R)qTdT)Q9+_kzgG5s^PM!j)aAv_4<|idnl`%J z<4Pzw8^+(0yD@zBRTR87K}*rIa_^MGR>HRP?1vJt*d6CP0cc0c)oh^uJc3=Rjgvhh zkriRfg^rvsxw^v#q*TBG$R(n7=96E7>@2Ck?Pi;dEsdJhhfq7Is8 zM*FD<6)fxQf4Ry3WJHxK@9rw_bur?sl|XuG%DB+GQ4#}CumNO1?puE5Lc*!QqznyH zFH_`*-`zbMB1_7Z0&jqmjzz?am$co5eKUm^D?R!;lE7=MgjmuMoM;1-z5w}gC`DLp zZd=u;`kMK4hM2OyqI}KGVAKJ8>KUM=xdBJw#X@CaD z6^1zxa^c&|20NWcdcaE*Q6@*(0DA&nD5VI?{?d$rri`ff>JN? zuG%Tx-$vdTY!MPIGk6<0rB|h#fj%_i14a4qJh#*xC<*14Qxc{OAuib4-i4W|F#aut?({hc2jiASo~RAaWioD6 z&DT>S<*-4z-FDok(Q`j3Hjv<)ezk!ndL9wULdmVa9tSf{TaKXOzwUQSGvA6S#8tT1 z@w8MdV`MNTNiUI{dzyqPa|1OFjY<~(frG=7*AZy^^1x`Hg9VEZBFWOQmIZfcx5GY&HA0@abFv#xb9*AZR25&RA{lm6q6f+|n{O73tI~wv*&wrh$&x zaua9_uMw=2sc$0F>CEHY2$Ex1Ju*t_I5pKA3;lu@#qGC6h*6~xTSlW$y@ly+Z*46< z4;f8V5^x#`#$i;g=L>Uae1epqq&0aCS}9wEvnUOCeD(|T%~KO)jxmau+TxtdFx2zz z46+Y&v&K(Q7S*ME7G|QiGime2#pG>NHMgErA&uoZ&agw z!8Q1b*L*^8c`NfQc@3Q0#}i~$6$<%3A@iz9_p`C{B!s=DajniuOB^N!PYi{&y_SSJ z4CP;eY|L=r*@$o`-T7>6M$SNH4ObAiD(746(YMwd?Zl9XzVZ@j;ha4z8vTPn)Zjn{(3YHXVmf5iUzylK&FHF_*w1L zP;@$b3QYIp_~bcd%gplt*`QD7=PJ|Z7N0Ej!4|$wC@Ll??3PG9@UAh#nX99zrq@l% z1U}d;-E!+rm;9O@P)r<^D<5*2U5sO8OA=tbE}2>}y9J-%!TupmNH43&l@W#tJRynq zGG+@mjfiomm4NS+;JlsE>ly}Gb-AI;B9Cb3e z8~^RJuC>T-xuC@mOaAjvS&xkJJ4PkW2Pb?2x;GsS&0!EQ;6-my)U&m#Xs{^`q&c|9 zw2AhfKbYVWTKg1ADv`igp0V8-s7xPY&MMf}s+xL!wDK0cA#cE*pOkO$70F(?u^8*q zLg1sld9-M6?3|e1{2;|~W1yj4J5fXIyy`p=L#vtF10yMV6fUoQ;T2=G+9#lhy~8;$ z7~w&cY`L^{AigY!yJR?7bza}uyvj?S_n2>MH2(gbRaP{^BN`z$3v7clDrU>}+8 zvTWkDAD?MjPcdz%b|^Dga;HCU<&s|Fo^X^CqD#nJAk+&9_r=q)g34(R{jA59F%m}g zs%*@N%=g6`kI%PE+%%4N=yc?jiDo3>GXBgmsXuQYrC2Ud=mv#CSQCEpoKx=MHP9E+ ztKk`z8AyiBQL6Hv)REa6tqAaWGlYPHL{<=wI~`^3Oi1eYJc;*9(MKq!#~#%m!q#B4~D+?Zgr7Y z<^z|H$#KvoAPKa(9FMrwNRG@Fd1_S?(Qycb)BJeZblk#mWx%pyuspe_I*wx^vzX1} z6_Yc$B9CizQRXm(8gPR+RhMF7H@J;vMfvP4G}w?-Mr(q8!$(i$WS>A_%7GytTGb7s zR7%TdYRo^!s<&J`ut4O|)gai_Ddf^BL6c|`SQ7;Wqk%0$s<&3Er7KKJzGXUS4W9*g z!fi&TqCtrJrqQucc{)iKVAS!5gfd2bz32s|#T=QlR)fkfK=il}9#EJA0k~m{hyaKD zU-&pY9B{=J7r0}KNI=6UBde`t=>gc^LkV?|_${Ex1D;{UjsFFbBf!H;!=DZcM<_TF zT4(WNI6VjP>D|eari~>5zolSWe#EKY4jx*0rGE7+)Im5 z&n#k=o_$Sf=~l1FN>7za+4dk2EPS-u_67~MQ8ketOs^a|SUnDkUoDj4%+6el}6VWwWeW5(v zq7$!^!`%x-6X7hj_1Ju*U4xxk&!0Y>E`5m_wj{r+{pIY+UknZkaLZ;+iBAjfFnlzh zB169-O{T`JrUaJG4aUZ{QaW#0)H-r`leh(==)p@>pJ!{`%WkLLN5R&FigyVAZ-(8nzW3W+X7Lt&5g;!;BYcC!G0_rnBE!zxJ$OwbCETq^-)B1b zVS?2c8IhjK^CirzY3*_YI`J=i`mZ(dbQEh2<8`t;12XVG@M}a!P_HUqbt!QQ|H|Uy z_@sE1>vIj=*60;YtXvENOya$Jp)dtdz1=tL{8v9D=wX{?Q-l)F9aJPczfHF=Ky7_H z_+N{5!5_e^eA~T>*hurdrnO)!@JR5t1ef8G=R%n_NpV{FEgiuuE|r6oEuu5_@o!mC zWpNu2pJXc}!zRi_`|BI037@eKpmp}tXbJ9X*YjTNXFe#A@RIgnQVFXlwstqyj;&DUoWJ$IhPl{$NtpyrzxNwuvqZI z6s4{x7==i2mls60EmZiTRplW>;iKji-jL$q`(1Ka;1fZNM1^So85O~qgyy0*xL579 zyy+Kjo-S_VK%z~p^1b}c{)+SVLgR}JYA4~CkN z5p~Rie)Ie?Ge7>__9vs6E+;pUz^XeABybM9L%0)A_$W{{d_(@kHZP%|O%*A6WBSSE zDNkUZ#D{6S!`m<_yz5SV^QSGd8NFEa;co*V5Q`jqw+h8-zx$bb7NFdaw_iVO)6@Pb ztCNTNrN>X=$rqj7AC6Ul%-SobYHoh4P*jFKk6z6Eq(D)4b`Oc#tu-i(g*_Gd>tBU| z#96eF6m&l78P7kk)k|>2>VIDMxXjt!p>@6;nkX1Bu*aU97dJJ}6sw(fJxkE-f3@-` z?K1^BGW(7wi%;^Pu7*=JZ}Djyz2nm-EcDCn>L*Ji`DXpfft0pP)r>jW8JcK~ia)wT zQ65Ci+Fs;2Yp9>to{#3m&DzVSYP`t1_R_ATvo`I2t-#Oqk+|__du&|hX<1jK8;|eLTk1mMIVg{ z#%AiWzs%>`*;(&^04iVQ7Px6^wt9TR_eFd>QBLS({VLTO+yGx_FZ}7~<+9Pu0!Y*j ziU5{Y{Nhga6X9Ydv`bVnE4fU0$rW?z-lQ@SRm<~-^s52NgNe8W8CeZQg`i=J^s`15 zH3kQ*L9-h40le5ZMa{a|>*o|Zf2esV?DG#Cc|6#+VlVBrgK}frtWmVS`b#+vFExhs zx_qEv3ID=nQx7Vg_PS(hA;1-e>CA8{@1HJLTu!{0Z^*k%UWGvs7wTiI+mc^VkXOC{ z$vRL+x_z^lxuq)C_f+SAA%rgT>;HknXxB<;r>H#onAsI=wWB%5M_5bzJGeDm3?kAc%2DvRG%9{~31G?~-Q3JkM zm_`XkxeQg}ze`%I^aAGD+PCL>gN-wG-_IYiv}U_&wg*|@MkT;bWRd84kE&NF>VImf zsQbV6j?RJ_%m2VdcL#hzJm^0RYlx2QcK+5+d<>zPMbQQh2WHhjy_71x6~IDV1LQZR zMA-C(uJf+RFB@NYMT>P$UpV)4&2fy-#Y)TnnkRZ+s7F<=Z(hf?o1>>4NuAXBvU&={ zrGd`9(CTQ{DN;eZ)(59AU)FEmm)7Uj__j-wev~X5{D}sxiohxQmM&@MGzi zIH^!cqxqLFid|xBgWxI7b^Sg?s%1+NrO)e2Fb41Ck8He$w(5yARv{z;%_Iy2DM5kMk! z_T3f2CH=;EK#+9FpzvC!O6_zY?@9;&R>l4WtMEuj$VhJx;gSBk>G&^LMf?}7641zM zX%o`%@X1&rfpt7W0jx?y&tE*}8P+)P`#-??=3l^icR-MnMj(j3a{U@f5*x!mXE!JN zM~2!O1fOo+Y>xc=lT9y@wLz20@@7ea~QtH>L{tr0@etSjnbQ?A0ULTKNGmKEepZ(n*2t;PL!%X=09qzD?6 zW7MzG3c~tkrM5W7#a-X^i+}V>D`vuxI5=K#Xtvy{x1xU6siC@}1?fd90Ps9=pAFOX z`!xM6>5mo-qR54ka4|DvqR_%0h&5?5_UOyoj_InsvO^i)(xsAIlNy8sWaBA_k#Erv z;6drkCgFJkOgsAJb5D$=Jl&Ek@IvuC-U_)CH}nt(9s4YBIv*bb`j-spZ_Nq6|9X;j z0T8j`p^K13CXjX;8nMJT+`_goo%|oWyvf=B^J0gc7fwE$!3)0Ht2F zzLSK6U}H(C{xky>`hPGpw_K&b0BbB@oe8cXAr|$xYAs)X`uHokh3go9-e({aDy0&5 zY-=jgJj<$yEt0r1a#*wJyrY@&r_E~OVr1&QZG0l01TQ?|y$mqaDdV7K6-fzK3M&vwty=lkMrgLK-MUDMl8J4MhzUPi zd4LsMHmG8K)s&CVQ?q70Xji1tMD|guMLs z{ejuO`nOiG^iH~J6Q_ZRXt@U3^s!c(Yd!$i^VQ;ABhhY2y=aAUO-f?p%R^VadZ)1v z^AUtH26*%_6y_e>fmAcbik#$wN5|D3TL>!Ol;TNd9@Oonzll}eThW$K@7evJ5VaX0 zovd8bbyj8$6BX_N-k1VMsouV6sW})-)->a0YWJVPrN$7c@`r-n7!JvnUY#go# zSD2JwEP(=a{d4pH_QQbQckabN_|7m(){7O zZho@7d^}f(4Qrbv|GDTrr`HxXCPTYPgrV((%_@2DBAY#_LXAr;n{Kf96hF9}6x79z z#8y&05{=`1XhWZZ1OLQk>X)$BY)PT*9`DbT9Dz0`I-pA>^F z)D{;N!KORLKY|{2HYfV%G=NX!o2g6VnD?zB)hHbDLkzt|z;voYQJru%?haR*N`74c(imuP!Ms-jYgi z

8aD~SOV=)pZ*I&LjX2?>jS6>&Q9MiY(CdhyIWVUlg4K(d>i~km~4=)(Mo}4tO zFCwxDsn{Vb0K33JHEcv=SzF39o7S+awA?y0Dptp97FDw#g9B>=-r=J5`7Tv_9}8Wo zsG|_Lt4*V9R^)A)LAnffb2_klt=V6j2_b_#l=u3i^N2O|7Uo&%PZtYj~zelq*W5Sw*rM;{}Sx1}x4DndZ^iL*B|Qv~FZMcyPl zA5RpTrP&>qTI>!$Q}Oz51-~KvB%slCzEf*n@z01W!D|q=%*^JSba)a_FSeij8%PVD zqp^rvU@;)_vP4}w6MWUZ-=b=KVhi+_^F!O@4E2{!pb)0kuEW=7I}e~yzjJEJ`o$)= zrsICK6(l4f7g5mypBXJ_1x&oh+z)9-vQnyt;JNfQ?K>V{3jzX722R&n^a2Y{5nhRJ zIKws*4qO9vzVv!1h;0@*rj$&(K|j!?M7(@3=!scs_J=Y7g;uQzm8K|Fb?Duh+@^P7 zQ`6cApGDpsqqNWr7x1DFuA)x9%MT25$h%N3p(jun@U?w8jkJqw5A*@+)hv>0p`{y4 zfBUG3^deQbc%U$~Zk^3gQ2jaLh~W5B85NQ`5jW@F2Xj9Y+a%1>_=2+IHtyr2DjU5KqzAqG9z9T=l_j1OJa~>T3@@h}vuK{`alEquIs#|BW_x{n#*vWPtoUQK63=zyHX|r<8!+6?oR_4(`LV zrosMbI5>n==?)*5)jLdP>don1ZwZgQ2#al@>0?TW8XGf+*n{IT-}wwmE_*%dnQ&A4 zI72u zOLnkCB+YeCIS{bZxqMS`gqyWy!qXt=Jd6-e%Yr(mXOVU|*s_Zt7qb!7+MI1xo;*UX zG-#>KH3&F&+$Y|oFHvG8RqKyT{NEwm@`Z5_SHSCt=Cm#fq_TT88CR?$6$1Jcp3w$z ziX1GhYoxO7&lQLL&8QSH+Z|j;+BcpmumWxWo=YsCIMv~A{6ZyxxH}DJ|5g^kQC)ih zfrwE{+)B?{WmlDS3GunJ8m0ine_x&F5-IsI!7ll-=y%8r3m_Y~#eTI6Xw*i-K+Ij5 zqE*=kRJeT!M@Z^XibfOUg2HOn-L%^_rf-|dF^e@MdB{J!s0b8dUQvDi8cV>So}@>u+@z)Q-|MI z3aD}LL>~zfc#|ZOio}*%0s5$i#9@hR*zX=cI2qfIneAmIKcB1EB%QC(VO~ep$Bg^C|zPbm+T;u zzR*lpPoNJCrdD(WVQYD(Y4*sb_ZnJV12R`&nYpYhgL=qYSn@~M)qGwT7)v5Eh(m~l zIF&TFIktdlcfeNnrIC6JCf-V1EHqYYNjwm}_%$%g zwt5wPlH+lC^o5qHt)j|5^b!GnGxe;@69oHQV9JS&YGN*u#yM6)jjPrcmaQee{B};8 zZ_D%)38Y~n%$bdf!Y=+JcG(~mJvwwUo~Bz|yD8!fbly0iT})LG3pzZGo<2T&v%J>A z`fAnT_bJScyyE8gA2 z_u_~}7A7DaIpW9ltA*X42!*U^a)+D)8X=z5ui@6SpO2uM`=!io%D#r46={E(Icc|j z*X!1!>*2PS!c`Rbja&7hPkjUA!p6V*Hi*10Zg}^&KgS{8|9K^-dJ0r;I|MXNORA~f zcV}>Hwe80lCV%X9=}zB2k8#Wub~n=pyo*pV7ylqPb5saR`L$)6`s*+JpK_t$y*s47 zKiJ6<-Uhp4d}|p;fpIya3E_~KaR|RQniU^*R@~$)P%mLuT^b|1$3uHT z73`)+Ax$xysh2){FUxY4pEZ;1mLIeZ&n4Ok zIK$`9JEZW;U5iA&d~G1zXn8w)`>OixT^6(8{W5u^??V`QW#6zu=dT-g0wPeTjqhF>EABS_eA_vHB^#x7+c)z#eWL4q zC-e`Tv%!J*henN0ZZJjXpex3!j)wiezqr%iRZbQ6_=W))j~Ks7?zx#?sh7sC>t3kw z9cO1Kl-u4Hq=InCASyP8__rm3SfyDYm!2uIfP@u}MZFRoR3fP8FjwcH?H1`qf*V!r zl#O#^CW>rk6<16M-U9!!xo=jl6AzGm*}G+GxN0OqFzg*uIbWdqv4heY)p~4EW6F+a zsfnU##2c=w-&#Jrv$2Sekg8i(O5)pzKePm#ST2zY-u=FDr@Ka7jdLr@w5Z=yYy=VD zg#t1*`R5I!o>esKaDV;^NFB2$mwGMnO5K9{`w}KBJ#${1^Y<9?Mp%FEIe~)!>*qz{ z$G;y2UnJRg;@o^@`{wZVgjZh_euadbQFJ`r<%QnQ7HIqmv#h&+q*vJ4_%m=T7P6>n z{`zi^;_PG}lJNd@EkODrculoD5JDXD_XMH&<~N4Kebltn-$~wfd*a;}dhH%mZG7Nc<5jYF+zan<9XKM9*DXJ7o$A4Z(MS!K0nbWeV^^7?!=l!bpo zTs}64P1m%8I&j9xMnZ~X6i+FdUT>v9qLY_OMe7ZIUvN9Z{SN2*J1;muAQ4Bwi zH7u2+G3$od+OmWDf~G4dI31PUi{*tyHnqme$< zAIC$>>Y1EMpaK6M0KGs$zd0rLM$z4Q)UgOQ0_DpW>AXveVKEwbwF8=fpbeb6!;6Vu zO7xBp9>lw&F)T=q6di8KPLJGye4&0xz^V*pjLa*bVJHiW-~*ryjK#{YPpie0oC9{* zrvygPfE$OTP_i-O{DTC)qs5Cx>H#UkiBF~iFX>6H)&X$=~HdxU*g2{n2b$oZ3bLG;SSVu0&K)9!VQlY z4XPPcKrsTmprydlz(Fbk185F>Azkq+Xorc5FTk0Bt^WYw&Y6JTo##J;!G_a`#J&Fj z0@WT!Z!s!o>Zxd+1Uejb&usHRN zNEH^XkEO{9(SDFsNaJVw5rbe99!6ld72%n5XRy+F?JSZ?HjVjWmEJil71fJ^HQJ|< z3ZA0|rdNVLJpchuR;pI-!Q%p*-e-PRLj(fvl`J3%45SZc&wAyDg-WiBQC4}AuF&s`~IJwNNE{RgL<4SZhjT?a~ z5HkT&w8A_k9;jqM5zHA%(1BZ|6e+dD03}CgVP&i(D~PPC|AK%xi`1Fq?|Zy_pF4W`0wYF3@pLaDb%@PH$v;DRXI1O-!ws;am$ zS9x>ZDH2>>XGwJcJ3~SW9pRv(gp6RcB_?;4FZc)~*?ESY1<|==m{tk?$|_1LcisX} zajqTW?!_*5^oo?L$XB$aVJ?l2dEnP=JfX_MC3zl`Ynlm1YJ`zwN>5vfc%5^-!7t%(DBo`I#+$kA@{N*Qdb;hx-0S9&gw7z{!r^wl}~ZUb8ILKJ<)*Wcu(T z>|cMFt(5KiV@AH6xi-5Bq)Q$4dtC6oF>w~GlYjqAixnza{v0|?PU;7)wa@Xn@9}$86Ltt4@tW9CY?VjvjQPdQBPMFmIex?{8;AFKs zs=xMauynji@Rq^MyNii+yizjY(*w)2EARY?zI)4h{{X)*Fu3jW4cI$>Wt+#}Xx;PQ z`4Mf;yZd6(iuCz|lj-XLSnd3Pd~fTa6RX|x1PnHK*X|dl6--xe(JJ;H{{Rtk+=RE^ z+*)(X!{#Tfiag&B;Tsb#e~F%Ne;H)IzwF|u?ehyR)#)r%2WYwb@d2_?0gYUvbukmh zE+Evoc!K6P(h(|L^_IF`j3cxvZ7;?*))%7a%9S{k0tX+g-7tZ0TqosmEDRcgH)NO0 zb+os-!-Gd;78*#9yJ=%2@FET+3#>#(LgA+HKO*$ZA-0>K#Jwv`#KXC_3deb6_#lHfpFfz7wet-ApSaPrcKt%N zXC8l|S=qPOgvgn{KkO~ty??2G4xd!YUJt&6$#nPlg7ftCjrl!3v8MTYe8jo8q*CtB zzK|tve!mgpe(_7i_knxBJR;3}N&<~O5VE2^F|;X+Dxp<4AuWYUj_@|prNU-!DEw+| zp&g~m#9DznVkv})fdX>Oq_B=vQMe@z)5|vPJSZZSHZeRI*(Y9e0F&H!vaM-Zl$wI$X@&(%RCsvY5rkXv&<+fu&{#<8aRsyeFJp32`N2 zRwb#4W%QPiW1eLnYJL5v3)jmrJ9hfbkLS$8)3^3@SKmT<>(*Ia`~1N=W6SozP1n=b z0b3XMp$fRO-{K9s?)f8YSKs>;VfuQq(5JKElny=r0OSRhzMe$RcklBpc)=H4j^8te z4&M@wzsS*%@9`;hzL}ekzqv!t)8;3Gv^H%scLtvr*I9mY+m~=obil%`l~SR0?=Fa} ztqIIGl?FX@+Fm8fmz^&V(`Yg9(ufAZF$hAS(E%WIfIxObT7!r= zh|V~Nh#jDcK&Uu`N;=1tZKcddeGkC=fzsMBs$h(eZfb4XI@&sd^tPuu{-;nTR;p0f zF?G1sj3K5pSh`U!Lpl=9A-tv*%7hhi#L-0Bql5O3Kv1?UlOpc z*ZMSt)Yn}6&NKJC++(-QDXpv0CFkSf1v&faJzny>UEppGU|lZrb=ewLW5#7J@Qg1r zd2~Xj35-R9rfzWuh!L653WOsbx>3fa^4P)wp73Dvl(r!rQKCvMyIckcL|;hm9YvK; zR*oYJFiXx@R<|<`iIzahFgb%!mK>}OBR1Iy-US1<hCG){q=%db?aX+x)|;Kln>{@HtpT<0e81QTgL8|{Qm&4LwbF_ zVSlI0s@UJ}1jtZ5{va!GvwQdbu}!ht_QkXV+jp15Z*D&LOWkgK{wBfAdd$`R{{UsV zufDRa$7zqX6gLLX)XdGmr)ZSN6P+#&VwXG+H{mi%#2`d2TsN05N-Aa$A*DJx4q{E2 zP}6u&E;Yk9mo7^LXyRRE*nv}sD;kP7heH+C4ofp{HghW_mUx3K%yml^jyo`_F+64d zSFbS9GpjFF;Tf}Vt%%lqF*9M(1AW#mRvH}Z0Uataz~*lf;8b$N(Uq&96S9Y+U@Tft={sil-00(p-yF-OCz*6i!7*)@g+-U9+Q}Q zOPSH;aR|d`P96OW*J%ON8Az%aStWaj`IB(P3;&|Ou|}dRPuyFth3G|q{OtdAAfM6{{WHmKKerZd;Cfh ze(}4_{q>I}cKMc@c7I^EZ*SonVxK(xK-UkiD5>YXQFdp`<~h`h%;RXoF_yKfr9wBQ%dTSb&aJpM_ZZ12 z96<~@EFVeWO~X(+PX>8l`61wg(hC5sqI8(iBL4vH=SNNBcQ)+;3>E(~x1U4WS4&M{N zZ}*560q^kwnP0Csj&k`zi<1v8nc}OAxI27C#vi`WFQ@7S{1LmJ{{S$+cgM`VjduBm zm$XiC_tFBs{7P1{-T`-?cxG}vz zbj@jci2~LlZ)szQbmM3yY7K2FaRGZqrXX~MRRgB-l>xH=;txn1k+^hcUoED{r$a`YbvIF9n+MA^QAbD%!`Ay>=q0=>_Fm>`_}^N4bt zzF}WS#J#A;-w9Y0_xP90a;>1DG5sT zl~k2bKodm0*j&l|XSQD#=EKnVFV74NJ@1zMD%yX}v;k(p#jzNp6}*wuX=^ zQVU2=5Dl&%si-0o*G%X&4MTV{ynDnDqiCC3b(qS(7$#!&3Y6IoFhN0sY7}uQVA>*} zTjCVL0iYIijK(+|N&{+)eBlrXGPEl|n7N2zW~aQh<&-&sFBR!1c767quKxfLz3uNE zpMP-!jQM=QK)?^;z9nU&+xZDk2cN`f-)GkIdf(46L7IJ{&k*%IzloaLXhPjR{vud~ zTJzaVRK!<{VsB>|4yRRx+S!8bsa(U!)}P=_H>l@XP7M>7k0HzV-C_`A zm?4cjw;y{R$ z#<90)zXm+MCdprWPD;zq;uq2H^ANuny1bWOA2N=4KrRDs4~dsz2Ah36q9M5Y@Qu;E zUysZ=tEgHp$ILc6Bi{7*fopHRka5fJ@i)!A_#VDG#t z*sw3=CV(nll`$F4(b{4(aR#&{Zz~e9rX@o`Bc-vN)TR}qi)Ae1!feqza|lJt#K|z& zZwGS-jM~_aL5b@;Y$XV7u>?E8>YghOyDZ)kcp<3CB=K zK?n#8kv4dW`u+k09ajzJ)wBkj5U_T5!|I{nR6BR1p}MLMOFZCKkI9>m^J8xJ3ARaV z19ikhhS;U^5*12LV*VDcvoA{5E`YMFwM8Z?iAM6OGN5xS#v4P%Rv2N#3V8eJ7P4pW zlsrS;BAoa6i^cu-o3mZMV~&5s=nC}snGGxTfDOD`{6*+*>#WVHzIlNcZTgXIhGF*h zk1Tpu#KE)Q;yq@G&aPs>i7(7snQ$d0H;OGYJQy0dFT^Ts z0ag%tOjvca3fgqjjDUcFfq*np;3XPVA+7!gplJ@2l|vwe6#Zft^F88t37Mx6zV{xDC>3c1EAO5k-Ni;KN6jY zD)RY1>Ny&}FZ&H$S=;6$g5p)M6y1++h~zxHc=bNScfNT&TUIF^WD#A}+F?3ce0 z8_{ItTGoz2~FizjK#Q_;RT&0dK@%u03C_rL|y|hg`j@%ywY5g6S#F^Xqw7-|xJkzuxlfVC@So-M%6|{{YEq=gU73vwMWy{+@GS z#s+J&TR7{V>L|qwR{I_p_=S(^2W=03iF+;$%wL!NPJ;P2^A^Da@2plZSEtPTDhYgc zf^4qSFTcnEzY>HVFurEaW%HTM+*BL#m+dhw*vo;(~iFwIBUcq34S_Uy)In2a+1h0<&v5# z(SkcB_*}+^1h_E_Sj|A9DiC_c8%oed=9nVpYWwh{CYSV5rn0?j%4j zID#$&+_;-_6pk$BJs?7v+uGuk0A1~c&H6!$FEb&$97cp3OV2X-m+dio!GC{{R_EVo zNpSh*0(I{UzjytJ=DU2sPJNa07!-OsX_yQwGbsp&x%=-9L_11k$7#aPVEBRB zv-iRr7I+WD6KX5QATA)gryb_OyMT8`ZN-!5GDCsDGM5w`oyt#lQEC+OD4G`|d z`z!`+m%Q8`M&iJgY%idL@FFXx&pgnKjpaJWqIu=I>iMFlo-eM8b(enyLqwn$!k~~H z$fz~EO2D{l%S+2gqrIvL=@rz(G_eax%t=5;)be9sp7e4!e*n3UO;17g-< z#?lUE{7aKhczOLjpwbAQA6_x0_ZDu4Xe*z$tld(qKAoU}wfcNckUbB7h~F1}zY`{D zzPXuBd(8OviyV+;*&fr4DUKtSJLpuwIh#w-W1?unUE`ol{4M=urDT3TMB<(X+~mdlpHT*SRPXkUVF8_YOq24e0U&HKc2 z_zTly%IG91h&2M>C1IdmdB?CWrKX5iko1p3?Jwm99chz|a*Ifz5a%xmVX`V$WU7aR zHq7O$TNEYK>?`cV(ZdPm_QS2wmA%*)-6YVy_FH$1KU2FLmMDe5f z0J6U);t%g=9RC24_z_6ThsIMmqRpx3F$2I2*7f5T7&rRfZs>}4N7KpyoE@MyRAkvR zlQGcrf5b4bc6NW%y_vsQ$=(gIUA|=tx!dMngS0Xnc8Xser5#8e7)l)6Ta-bTX=aSe z(%HE)Tg+6s;~n7jjv&EEgQhYt^~uvxb0`hUbM9}kI7{HV=s6yNJV z5fiU}i21y;E$H{28Sgx^p?D%R>2Q^7@RVGs%%bKcX;O(~=ZNW2qb;aQ)zIJn02Xs9 zEN1kI;MWlIgs=Q4mHA>HhBT;edR*o^XhULQ_zmD!Q7EDzgc%xIhl`g=nbdA;b98u{ zwW!Vi066pVi!b4|=P1UuBjLRz>zh!LSQVyFE!V8Ha7uW@UBkq%24&7+aV4A1H`yE%TR{z%s#`zOX_iR!b{#K7-{I)f8LysD%=*0jP?WTv^LE66wpI zSgS?Tb{X+lwCrm*VBbN=5WgEJjBMS-3}CgQCmoPu$8U%oJ*q0)ZQ*fN$e=CNe_Kki zyT&Tlbo%Q7z25PW=gt%v``&W?e9Ss_`HRZCM`qXQHgVc1;o1zvD`*8k$5~J>Ox#4A zVpOO`^vrgKiRTR+Foe2iABB-gii%291f-;-M5#mT48+=m=x2ch;wQwUgZLkXemiMj zhaZ70l?}fV5lxb`tvyg&wJ$8aw%WuHTa}fWjabI_;ks>uGNsFeInDn7DN~4Pv*tz# zNL)my2JzzH+(U`K$%EBg;-*j<=@kOFiR_0pAKe|MC_Hl$oK{fa7j?&*tX7M4-a01M z4LCNk<8n4Ati_=WB$wdui+OHaPzPBbzDWf5~;K z=c}v2C?mq^@|4)RFTh5>Pu%Fwc*(m9PHCSAThsLQg_x2g&)do-HM7zFOc#BSIfnW^ zdH9r@-TM4Zmv4WGNacIO8?SkJ{{XUsEI{4`<_nkr-aTpJ&lU#n9;~mJ^=FGbY2(d| z=;DV`P-!+xxt=7e%uj@@uUL+?tIF*_erq;_;V>x zC!9P|;k;6B1Q?g=F8P+;@WZ^eoz)h(kDOqWc(U1Y*vn+SQ7Is ziL)DpwGm;ww&Lbi(FuupnTe*-wB(qVQsv9zMpOv7j3v%90ba8OS1^|Ig&wI~uSkSK zdN-6?#0%j#(&g)&aj!aD%=OjRomjHr9XDunE?Sf}fDK2X4w+h1;~F95rD?UHw=Puk zgc*F`rwN_478}H0%5TJk=3564-Zw0KfNPv9Ecyb)z*GfQ$Ah|K5ZWtwiekAMWP(| z%5=hHEA0`9wi#3|QQWrJey{@0NkqY5V*DY*ZHl;t@h_Q?sO=20^BWKex)oD+1jWo* zHrj5C2xG!|$5&|F2tfQUG1BH^lQE&4r(K9Emk}3EA;K`DX@ZDJM?Ay-02=%+{{Sp$ z%*LE*Ouq@dHmGe~R7uA%g*GPoT;obqW4hMn+*%u#jpf0dyyMCiUY9o${O55lT&QwQ zrU+J4+E<4px{+&WTG{t*0Si;S3e@v9z`fBfED%MJLBA+TT1MVc%ti2n&OAO+su63F zm*EzEql-Llm>SzM`)z5ytGRX0$w13AAO$zk+A~Kd=NP=j=p5GczAQ!}uLVlYj`4J_ zHr-Dcl03c7j4neYQO}AnZV6I(-e&oYVk?mu^Nu04vIoxK4Q$7CxJ|+6F z>SdVVVxyOs5f91rhO^ zYPev9M&qM-T*BafOeumAPULGo(TEIZG)B~vt%Q!=xy%JD6c<&}bB>NI3Z<>(eW6q* zLZZ&LOV&{07J5ny*ry|9;xxrrHvC5Q*2`ZO&;U&*9o+34a9$YjDxpb_nm-X~b)~ZV zz_XXUDz4t}SnG|Lr->Isw~BHoM;Pos^c%uJ|w7Fj6+FYc8-$#v!{f7jI~-Z86e#P32##-L26L~|lrIi4YgJ{`Q!eOEL@vdR{)~12@RJcUJ zDiC0;>IHR|8g6EgrC-B_mi#5=GL_K2x}KBworb9bZYJlH?xK}YmzZUiTEuj$KzNjq z9w4{TQ#Clt2Dav8>n+dU+_&fL!t3wMzZ37QrSaS5IC0zNU=)wH%&^=M=VUfr{XC@{ z9^VO8Dyyy_B_V!Q8Q_lrh3>AFzY}%ae!mfXiCD|=GNW(5#I!>%yf4SR&y9M^X07*$ znyY2FIz@Nl6)A2DXrY;MpGXuDClIutn7boaF#_1JvoT^CTw0d~46>n}IQ%>zyv~;~ zQHIb|)DqPSHkD_rQ^fGJLCI2y@rUQewV+%-8kGn`US(=JQK?y(gmVNd@sD!=>kxCH zHk@>Zesh@VvkaYB&|}tilbKk9oi?D(cM%~GoWgpLii2pnQYl(Ff&t7nGPP2UjI$Gt z#f@(d43xnif0FF`@hw>U+6gN=ec}iL)sB886%@K?%jFiDxYvA137v}1f3eI zdcw)hP>RgtK{v*QX*q%+elq*~D6mRz;R`xr7yx*X z5Ojm_#*g7zSN^pABbdJhZ3%Y z-9Y;ffgMb%?wZ!81d=?{*JQYK2&=}W__ z4|cN>zC>eX9Dl-4@li@^G%QmT78R?RLu+r9oWsehWJTdgk%-c*ox{#Ip=fO=E>`W? zCA4;}syv~k(LfoP&7pAo3CF^t!U5Z4s?I#(+*92KA)y`Zm>GBsaYC3oRB1vutoq7w z3$xe49LQbOaSuLRiJjr}q7}9oRpWDcf`Kb|;PH(^XnR6r%Q&m2n}Ngt!W~u`o;K;SE{Dug4V+&z&nu*N9$*mlbFs2p|QlusAMff@OaV zrjpCfR%a2@a^cjQUU8m;sdEvVQ*w8jjJ9XyPTF%WRwokJM}`UOE6jmhG1+ZisKTp< zJl#ju)=IM5x@d2?4<0N%Bl)|1VSQWml{+~VFDt(BO0jP1^8i-;-8|*PYzH}SmLZ6V zvufKLNA-^FOg3=ABGQFVj2|t{U_1fLxI3(XA<@iAs7st$Ai^D>45yl7mH}>Jg7XSy z7zOj<7_=;+)n+@w03uqy>dRk=Ua6c{Fj&4_3AR@&DHb^5P3%H#nj=VM~+QGA%AGW;duTLBw<;Ev_X6 zL6+qBrH@tU#Ye-6FofdJ!yPxX);nnqkjzk51G3Zx1r?la3!Uavy%rLqyr{!KimM5G zMB))AO+aOI6XVJ^%*(uKyD#QD%u6)C#FhA6XtM3Adh%b=9C{Ov8tq?4zJChYvZuF9&@o(X{b{*qDJ0q6EakOx`bnP*f;2 zY&WpHlETeDs<-7ahu;u2dT z2)!=jZo-$Wd2uS*MX9{ysf1h!EB7vhl&B7sL^iZU*>zX57zHiWmzASB00x2EV&XuR zwAX_GZ3qwtD*)|+4YZ8i>xzsvpwbn+t1v1gwN>H_R7g?Db8ocWaCL`8r;4(dTlJUQ zkw)O-F;%F_wqq(SwGG5mUg#)5Qn`buAgaYg;L&UuA)z$DX_lPD0JO#4!iR*&XKtB5 za4Cii>p?@vCE8hIR{#TMRdjTXWD68m#W|L-vOchUfQu_`ks2Xac$tZ#Y&VR(IGK#+ zLM#mzPY9zs#cw%~MVA(Ha>vA+4cuQ$PMTC=A~gR1<%xfR{{V*{h37;{QuCuWrF4wBm{(YE^PQCI4=pNfdCSLj0&Ol{Cv`39Xhujlh(MVH z-eHNf7V#}E3c>sJg>U!$mrJ+rtT6lYH$R^-OXJ-6hE1or^C_CA#~(30vif|%$8WDW zcjLq9mw@{}sbaCa>v-RK`tyL}>E|}y?w|E7aD{Gz5ny$CKr4gVDaCe!ZrO(G?Fv|) z5HoB|3kR4(?6!^F z(BueVDejm#4_KV#J>a!juUL}>*Q^Pk`4GVL?FuDVQa4uvAF0Cus8w$ial6rV1Xyj_ z#6XB`p%M>Ua2G63;DF&2ZdAMnR}h?6$ttlejTUB6AGGUcY6l)MAi%h~^Ej1y`n@2T zZRRyoZ30r*b(`Ekl?DKSRm?hdiHb5|8in@xrW+QGADLdgsEERmYl_dHgsfL7!a{tz2)D%n~!>%r6o4>g?L9;6pHOp zaKb5L%nsBFtro?8m4R{b!D^7Fbl|~WF}tSeujlYX??Zm5n3}m1}Jhz31Z1-w9lIu`M|Z}mWA>qfEqR8y&$qB876&Wcce>|dO^9* zX?ksH1B@=%WU{kh7QwjhH3uMI3jkGAx+t=gmerV-!T~U<*bUk$%MDE8qA+=ska&Yr z#uJ!F^RAFT8kxVu{{YCX3^xdwfVVQDWmupA@tn>y7&MbCK$x%mKOw>l^g=S`N6rLp zz|NPae>*7LCo-`N!S9eBl49jkG1e!HAdF>H7V7I0XBg{I0UA2rFjDTDlIxA*#Gz8r zM$tp9;l=d1V~5Kr$MRE(T)Pgk?FxbvT1?Bu zK|CIO<8n%=Z?cpawk%`=Ew*K)7cKz@L31wf92_HlX5zC7J3xW1`XBi543eSwGa8!4 zqcAC$DlQR=hh4$P#+L^(VK=8KdRDK$0(wtKX&!ORHFr@U7W0)VY{qBiMeRbRk<}k1 zJ4fIurKPF&;$DK)xsIod#_1?+&sctgf(6GGPEHoQy`x>9Xnm^XE!MXs@3bIcVa^VL zE$sjhFQPS@6j^b^c>jlj$4+EC|r*3k%hSS+Ho1iVIAAUY^E zL8Wpo?YnZzyuA@9{fgKLz(mVydoc<>0+h0~uHN-kxV?)>G&DTi410^In=N8k~w%Y&ecw>t!>?74J_SzUr( zS5s-6M6f|{B?z~L&cg>PF;F}Tb%2%fN5Wh-Outw_TWU7>%Q>70oR>%qB@Fqjx|=$N z_FOm!?lB-s%&^vnJ`&LxmNw2I2WB?xNMMXCw(LiyXEtyOg?NEj%owD*y8+#p^KnaT zAqajv=~EEWr!$#w(-4NFW*|d-8$Syq0gJfquA>4KTZYjgjT_P3nfw(y(`lUo7;pX; zJIJLL^V0Du6z*wjaaDvhGHynXS8dHe4&<@@U} zH~a4>^NRb-b_d?@4sV~l&aN&IX}7#?cRX_ih1=(tzBAwE01)d%M6J{XJlt z;nV)65BQ9@?o1V5g~Q0B<7}{{z2k-;gnjqqv?MY9ts z*LEsiCLJ%!tVA}SF!Yp;ckgBbJD|F}2%?>)neHQGH^pbVZ(U zM9W(sB}wH5l};v2USmruWR&$tw$(Y6mZjWg^9Oi=g{+Kz@InO)Og8*sJPZZ~8k}5F zvQ>~LSW7Mu*F;Keg?7f~(bH&&5?plB{{R7p<;I-M%b1rla`e4#LqZq$l_H2YNh+~% zDt`_dPVShOyjmUkP$8fpx#tF6l~7~nKf-Q#!fepa<|ELCgh*mr(@S1_5I4NqZRUBS zxx7p3-U?&p3S&LyU2*3U<2~iLDev(seea$ACT^eK#8#XhPsG0r!D|#)8^-O7c|nrv zv{-asNXGlUJ|z#Q>S4XB)8bPNyGpBre+bcl?J31}h*qw535i!ZmX;m7CTWP`8${6S7_#PN%X6iw0U(l55I`VPI8J3* zp**1mI>L5jC1vsajY`tB+Hose(=xO8-lbenn3q#@5jctC27oAQbvVTPe>vXJ&W3~i zqX}Af8XKBa;w0Jl!(LS4RJ`puiyHYT{gmc!1|_jNKr4uh<7g})y5kbWRzU66QrRR8 z+`hiaP}oryx)5!&TjV=@!h>$#FteA2K4p#{;uC3#uLvfK_{Xbr8OW9`zDWl9$BOyp z2Z;Lo!ED=)ADE2Z-oG-$k1kL>R$o6QfcnZ0%PF|-lw1pTm$}tajFTrZ(?w7+sc{C$ zc*M@Tr8gV6OKw00IP+Qz1SZ-oZqN+FfVia~_`#>fU6Qe-saiXcHkQl8aW6}k2RbiH zj`L!14WR-X%*Ez8n~KW9USQc+3Spzbgp_rM;#4X;U`+lT=uPz@Q=K`|;kV^l)`YYx zON%hkaMeWG)=a*E7l^p)!fwY$Fs(;=F1Min09crTrRfZAX~d~a_o>=WF{d#j;V=rsOrNR2+F>Q_RTLd>%ThKu# zcVIoZg`})vTtHK5eRPBvDu_ITM%>G;&bIL*{8}Cbqhp}`$-wUo$p9gXo`rnyj6g*_Bs;e2svAZD6ku^N+Yz) z9V$Azh@ljN3c1&B7OLXiTpO#*SDBdHraD7IQnfhKtm8~;kH?vrzu}x{Od#vHfK(9P z8ks=lj`JD@cbB4X`9|}pq)zm#K$RFGJM`l~l!L+yx#m=+a}A}Wy`xOB=P@Nm?I6D( zin7g++Yue}1H~5zS7h;<+c$JI;LYqgwcTt-q^AVjrGQqH zAZ_f_btZQ4&zwh_0NM<;qSSJ(e^S@u30AH};!#*deTxL32q~~$H@djxjIkB!voYOT z+#;}Nh(cvWaPy`sCsL74fW|bmW(6K3Zyq>?TNM*Ez1`xJ%r7CO>X(~3U<=TT-G8$C z-|&L^o6wd-R)fm|4<^VxbG$vtmdExsQM+hvdB)XEa}=Q%4;C@D)*ndlIUMi2sWU>Z zQYsVomM4tfZXn6Sp)Lfv%;W9K%xKPIm|`(oN|lLJ#nTlQ2^bCNVp$kyVO~(R!HO>6 z^USBM#Wo?phGWd=B53V@@IM^scrQc$01~Gov*}PB&?7n2vx(4%lHRm>OMr-580G_>tyGtI z-Fc<%1=R6H`?|M1Wwwakh@XRWHU375@8;oc>cJwmqbyz2*dkTtW**AvQsC61fW)q_ zGA>{u9v7HiGl@bCs(3=hBrI6?#K3hJxQmw9a~!cV0&fx2xYMT*j36scJYxvV$89sx zKpmh5#Q_+-!6@QZjX}`}jw&eTHPD3PN{8S~%9krsPMVO9;^;#Sw7!s=_ENzsX^QL= z$D!PTDidipe4~2SF)IWc&>;)07T2678WUnXJf)V)l?vish~ec16B821?gxjF7Z6zn zu@#0GE!JT+=+}N=+n(~5Uhq`S_xO%0d-eE>q2KQjF4+6&4+{N0AzO5Kd_{hrs8SBt z{k-J^!|SXD;CA_q9xKuP=MaV%?V$)o(As8JV=fG3a|(kjttt=~$rEG*+n6C0 zf#C=+fUYI15EYD&GI&an;|&ct{Ea;(CVvA{OZ-hHm*Y3U1VCaWF$}PA33S9K3A^Pg z8)?SS<_yx>kaT+Vl+OU@Fjw>W%c1LaZj$1 zQxu1<#0N*#9NHSOU*aWSkC();YaPBI7sdKY79Xe-1O7`kj!DdNHi|xyu2iXbCHI-$ zWpfO{3#qvXRYY99E@D(t^y@umGmQx8*Gy@=@Ydj22c;GdIeHbQ-2VV6);VJ_8I(4jP(+oD<&b*8?o9o%t|CCj()ZdMZ?t$9aMzIg zyj)}Ncv>HSalMLr{L5W?$9z5IaCkTPk2@#|ua!d>t3?x>Y+KR_p)CfwGXtZjC{wD8 zXFD+!wzxL&mA;D-{{SVmTSW=-gRMC*f21H(#Utok4uV{quxoHpZT(|l31C})CRR1t z!q0fJ`bah&aGhcYH{!7~)1K#)N{bn8>mKrhW;XyWRysIoc)pR?p_P%57?_0maTX{B>`pnf&U zDkgO=T*UtXAWmhj^JR0yi%dhUIj(H3Tg4RN8R%hL7UWrlR9G2UXs zq%(9I-g4NMEZbJnZuw4UGUdaWQ@`gpm!Z7uqrvAcTrsB1+47C)a_SJngttyhn7A8F zq$6rU@tEdTD3@4{(6!6C)+7x2lPizk#HIWEn?HUaH*2@VqPuqZiwG@w*%il2VrGC; zje~W03yJg=1<~LNc#cS(E@c8BjropNW#QEZcfpuMK>8KeEyr2cP zQ;LelitSskDNO02)qt-x=T3{{SFnQ_!1_Iq54xEMmvX zGK!TLZ=zW=@n-WC3#dKGi-A`Qs%CmZf>pnMAsif$l~Z7^8^X5?~``!&Xe*3^2 zz5Zab?eFsglm^GBmfFhLy9fsaICIcGRRbmM0MkH-SzQTCm=J2aR3RbO-x6iAMz9@d zWtbjzda9$^3$bh1W0z6_y$X+e62cFB()O;$89$V1WAm9KO^z4{cG~5c}!uYz`B5i$~#ILsZD~I5e(x^&|+@uQl|LM?99DgwB6>H z26Mc*wFW*~T)2e9*_%;w4dWLU4Bjy3Gf)Whm*oPF8GIcdcbuNa{k-N?=e(qGedVsZ z_`rX^NayeJG~*qV*zrZ13OVX7+ph zN-yuk`rG0G)3mBhyFh**hRZMur<}-n15@45+)$+GS&e(5)Kyc;l32yJmP2C*ef=C_NjC6b3t6z2?T<(E-(I>6B?R(G2*gslNMg+}KxqG)P4 zhKxobAO@-+S1=i=n5ZO9VF}^?0G-Rw*7PN4eit9eifq*pc*GjwHE{&TNkaTx`Iu=_ zeu~e|5zuof=|%2KhP!bd*wm?;ff|*hQBN=>XL!qw{K)f{oW|~ErfVO#9%ZCY*#7_~ zLHG3)4To=tY}odKU@OOOm~U2jW9Dz<`_>J$JWn4O**2?~bnty~6xrPiOMl4T_Vzv@ zn~j+IB2Lg*82a;+$fs|aZG#_tWrKI`tZ!#0ugtq0`^4=}cxSAw_lg?LPZ^X^)^<(F zj3OIBohC?`fr)X+Dp5?@aSNMhA)|U*EE}hQ0zr=0F-||yA*4xG?TVGyKd{8yTA6_uFcJ_s%OWqpiJ^o;!(JTYN&pt67 zW&^vvyE4e?W>mdQZ3^36qv;T)&fgN0IPExpAgopZN9@6EhAeDEDp+Ems}bH2cyZ># zt7u)Y%rvGOPkC1b*k(VxgNcNO`X-ky8Dm;zSuTlkr8@G%L78#Vs{*LrVHg4@1SFZ& z#*BU({{ZLAG&RgMxnGfRVW*5#l7N*rma*Obkr8JSp}w8?=+=Wed;W8n%bSlmx8)bT z2~p8nN7)_Yt&?j*1S0`+8dG6HN;sEP5{|OkiB7Xm_FJoGUXU@)Jmyh8{{WCNPu|fE z)!X7#()}fd-pcunUvd#^DevE8@e|$8n<#LkAtif=Ict;bRt2v zs;H--ES<5SfF%Ljb|lM5l7j^ce9C36s^L^)sOmIZ=2aM+W;O!Xm05u<+-7YR5SU=$ zmMG=cU0fpExmc-F(s2!t8XbBSvw8N03MbEkWG%a@|b=Q}B%nFL(UAd@3M z!dx6(by$<{_nsg~H_|1J?oMe@x&)*{xxDF%5D&U~Pgc3Bql`HG!J56=7Ouh`ss+0@17D4D zQcYKDLry~$BUp9WR8xQYt?N+i=g({=S2<12t&~-FqIH&#B@;fNA|;lu z^Nw75Vv{af^R13=yJ)V&s&-lmMz+jb^eyk3aC^Sk0M7~K;7LH3nFJBn3Zkl3U^aL}wPw^>Xi2;pTUUZ(>kCzrh7 zUDZ%`e%dBAHiG(^KRQFT0Sx-kapjz^xLf)KD`muk1A#TiZ1cPKj(HQGluK&zqQb_KW|l0wuWz(|yYfM@lJC#* z6tRqem}?DZN0L~IUK?JD-}j}csI6&rrf*%~!5b@b7|-BKW;55@7K4iO2k^Z$B!x?m zpe-i;vjJdnJ;-c=eF>72lZL{$b>(m7RLQU5;A34YfwBEX2fq^phPZd~>oR3cs;+RqRoLRSaLc(812j?31G)#x7Bc{cf_S z)2z{#8FR{l=~%-fBK(tNE5UXQ`4X@R;$t7V=A?_V{MpW3+k`UPqfs@h4iH`=;e;_f z?t;(#;7)y^Gswd^lPHHU-XQoy?P5dyNGAcSZsXu;MsDf;6)F;RX|ZOil5%nH!ff~Q z!?DD~#}rL-Kbo4IF68tM;K1DLd$qy$l^DQMvmkz*?J|9-m{1XK5?C{JJjAY( zMHgPu(a+U9@>r_kdN6k7dJJHvaKS6{r z;=XvB{`Z_$<*P-pU7~QUsaCG$`X*?ATxP5sDatY^X-S}Lxbeu>4C>-|q~V6spVD;gmsUitQ}2DA$JCq{QCSNs(A2I9zh~9^@HhA?hK2E$ z>4zZxkHsK?h(N)IuRQN*Y0Pe!8xxhEl7r}LTcm_4)GZ{Ce+R0RFKrmL#!6$Wjh?6 zwZ^+xvNv9Mr3J+ot1K(GqxLy$l@F<+8ucg7-abYAR4 z?aD@T(3TY11t>$5OtxkBj;Rqfc2DZVL?Ov!B0-;K3ehE`i&1xOQvqLX z&o5v$Cqqk#WVid2V#?sTx$y!A@^tnOUsNs6y#j{G!o;D8M6v3}9%~d!fVwFI!DL$t z4XeLs4$Y5T;Q|Kwd+&MzD5)&se#9A$wMvMYZFRE_q36rBJbx&OA+jy4VLYHT&er z#3l2JweXuUrilNZ)q)$S-_KEhkboz+2Z#rGdZ#k!ReAuVtDQ5WYJb%hWr{Dg1`_mz z!~Z)@mw~~1a~t?BI%8i}^42~`7|>w7JCw@-23TZn|k=_2v# zJ&deA%aG;MRH#qimabRKkkwj70g+SsAO2?%OEa$CWyN$v-gc)%rF!%$pV$@DpoCL& zKZY@Zp29wSN}3fC^xFca0_z|r-e`;{B-zFUtTA+e=?=XKzX_^p9gM$FV7Vhr zs1Y)j8}!w&9v5O0rJ0FZlMrQk zK?9c=^$nT`^P^+~C^&d2{ua`X031(QIgm!`?I#d1Art4J^#>t$mmgiOBB_)>SD3DL zocnNE&_?Fr>gZmnj3^Fi6uf`PO2{ZIC`xiGMkcDL62z^#zj4e*(}l>uu|udgd(Zof zc9)1r%KYd#gcSOVuW_`PFHXy25nnr-K&gH*YUM0A8O^7!rV5#i?3yPDnNuE)V(37Q z)ZW4vi9Puur|G1iqj)*Z9m_=%Tov#THF_={-pDgE#PE87sVS z1l^wwyX2sotd(Gf|MmsQ7vp>c;0OawF+3(${)e_Z>rCqY12W+AG>JmX&St^4W_n+J zX_{yaxY&e*I}-iqVMbhVMSh%E^{A{~Q&>JsbPg<=6NCq^u3bK^BNtIHrR*!wnVAa^ zwCR5aMd)C-8Iy){b*V|HC-rr2@I_U|759RA3b!TMjq*pJ^?+=#wXEX^xf208Z;0mn zLL1kME~%i>=_SXaIz#ruQB6`8J^M8I5%cIHMb*>mo&G3M2%Ot-qOhN(8ZrUb3^CoK zE&bE*!QZ0&NYHQQXKDtp(yJ4YEQq?efJIvP!5{G0#`ILr)|a*#~imE=P^IdH9A7y>Toit*D)Mink;+Zilzzb5Wx)TfW$Ot`6#xbV6*>Xj$Q)y6p z5*Ld`&{N64(s4A!nNP0OSFwF~sa?ToHH9jFBx>Faw4k6W)X`Iibe+PdYvi-+&?_g; z3N}A@p2XF0{);CQfA2T%jdD=+XEi(zjmr|!r@>Wr+25-&}Y_`J3%#zGZ6rV7n9X$xL|p=Yagh~{&bPvHDMs}pdKkiO5^{mvS) zwkKfTdDB!SK=BT}{PdY_EQTsLlTLHt(fF4^+BlyiBQe=4aoXpov1hw!IV3eZy1T>078Fp`y<*#=} zM<@`oURe(9j_gW!GrdW$vrIQ^G9X?xKuKQV)VBwNy~EbGuuXh z5C;C?!At?p-EF{{?g(ZO8G7;d*Y%xl$zE&efBO&fqfT=aZcj5%mO?@)qYAlML_x&_ z9gX7nG{Y{V8M-1C&&|-m#72_JQdCRgL5v-K$T8K9_fRyic)VXWe_VUKP^2cww@^E( zgaC4b52(XkLY7@Cvvro;p^b?8{NHwYa|v+QzyR}(Y-D3x-cZ!jpW;t*3uwC?t1Mv4aM3gc(-Bcw!mHhA3jxOOpkRhDHz8h{A zy1WNB2G-pv&H%ncn~)^3kW1M49zo#cmjCF=6O}hl0V~v%9rCa!Ox~XsC{YvarzzMZ zqS-+I6zRy8s`t~KNol1a*Mg-4o>W<;vyNiEOa@(KVD`YwHng(%ABCP6QAe&Jw&fuQ zT#|Ktw9JHATQ9~=uo_W>Q!rr-@-=k{*)-R`!gmzI?RuKyS+t=e=C+aop~sLBzu#Ll zP3;;Q`hS>4_5_WP8hVPAIvA15TwT_ve;}^9w2F$OR}>8$Ze+kJL8Gs4cQofI1-6-Z zqvewD=icZgy>Ekk4xe`sNkbx|0lbCMei)zSY$un8DiuKrNdm;af!%OP3PHJ=J`hBIb^}W(4aQ5!bybM;mpW zze1lx{q_7?LJ$V86`;%_-)(tg23RHPOJot+sS0!4`a%hhrjmQ>zist42yK+Xf3(c5W-8*deG(#slCM~$DK5$~)5Sk~ zpU%{d=kwfjhJU|4*xY3OufS21HZp+NG?{e9S=PniHI0&q=&R3{iNG|C6onFxusb@7 z==qh+RQFTmy&I$_{l_*66S*>h7VLP#(JZ1Ea`~uUd-)QduITh3S-ZBSrbR$Q_EW|0 z+vALOPNVF!VM0hK$7z!vC3@B(*f%re={bF7m&OZ{SlL0qC8Z z+jlrgZ|L^4tYU5U%+}L`(bgC3-@)%(ertPwromlHRM`rz+pa#S#Rymj;d`cNP?6Qj zbJ$mG=%1~?)SvztiLKK8pu5zXbHIQPV%T!_nB{RGQl^#eM&ytbe&mh z7ydneIpP+%6CyEWQI+|QcQoOsd-S=m<&w3 zxoyTyIEG<$Pg}veRzx~bx@Yff7=_HX!0#Sra*eo`E#+|!wlOv4Ogm;bZ@-aMYE>)B zg_Zd-OKfT->m!;mdb%koE8s;VoJmjN8L8y?oi_KSoapj6xU0+hX51p`jw#Lir1VU^ zKoJ67jyQ>Cd;u{y?ClH3{z(!FW4w4&Q;?!xAe-g$GU&=BFto}LzEoppzsp8G$p!h< zX;ePXgyXPG4G8_23vB$oGdz-ixEyqqa3I){#ow`P%jA{gzk*+W@KQ0om~e4?srNvw zg+0i9Bcu)UAl5-8u(+<2G_p-5=Bw}Jj~a)84m4Rd4~`M~F=PIIus+mfpBbMF1RvAO zSkDYF(|F|DjC@>9!gt_Dji9M}H_-X0b>Kb^SS(mUmyPP-ZjBR}>?dk~xN`VD3?4Qv z)d_Dt87d?DreFM^mW=n=3(zU$U=ulBs}!5gKTz)@LtF6+$>iTsmDSIf^5R_T@w7e7 zVN-8B0#6nU522z@DMQF^TE8PSk~xCIVfCUKog1>;0xt$&kp^o;;%pt+{@42i)xCBm zS*Qh@n<)DknoHcz;$JAkU!+Uj9Eq|hfbi_ZQ1SMC@lahPHF*rS|5t3Z*VwH@FTkxR za&&&zcWDrv{F?8mVMa6{>dvWw5|Ri;sT^6vw|Xr58N#>m&H)}QtbvQmf7hGJKwzCo z-KULKiFA7X=BwGq6`@UwL0a|GSOWaq@Xz`EpjZqw_`}eHabaDk`GL8x@E~HiGI9P* z?{wS;fOgAGIFv!$XYwGOFyOYMV_VG`&X{I2@52`MR+B5kWXnNS!~ZLWOf)x)E188$ z@EE*(AXVo{E6HruFt|8loj7S+LG?&5TT)^x{FFAu>J2ZOpGKVTj*~*L(pURYn{lp( zQO@J(Hap1i5g|n1cETc5Kvj7M9{Vf?;Pf~R&9-}hD^p9xc0;(F>sAUMi?W+4=i~Is%dP8t{)d?MrZ#ZL0S$q-BM@_66%&(#+Vnoe3?ztbkN~%M0 z0vB$iYqNR($bsMaj>@wJ*TOKcBJF#A`;i`4UgH@Va#!xT7}-$1bA025bQj(`PyQ|< zI88~iFOWmt!haaGM)K_)X{U2Z)2^&GUkyepu_V_3s^{QDnV8oIpX@W2-m)FEbL>fk zQM6+``y~g421J;0;gB`73Z>zYWZ~Dj)+&Fjjc1<6o52^df-a;;*Yg16j{AnUwZ>Cg z$A>}8b_G9Hj&jw47pB`)rh^y;P5R92(BL&BI*2br%~MJ2Nf{sa+Bwo^Z-sjjAdX%x zDE500GSQER!)@H=9iGqTbSOeNgF`PI!-a9TnYut&EmH(p#kThf^qJ5l#lkODNy}ua z!Uyp^hugAe`-yWV$$!GXrw^C#gb<07@`nq_u2}bG)U$b8KF`U~Y0%RSX{*qFpIp+P z-goR2ILZ%I@>mfyT~Xq{-esoEi+u9vsvB%Sj}eo_QPz&MhHkVriqMTJho+oM3~L$% zcSsUS8$I`LPySJEhF*xRg5?ITA*jFx&80z7s;Lf-Ni0n8k)NBDzm(*gm3buHB``+6 zhGXue$rbdM*lZ;ZTuQ!aIOuY`-SA!`XOrQ`GDT)Eb){rG2ej>~HRSi22QqZ*R2S#Nt_lsxD$i_*ps$7_ zJJxc42&ezr$dM#>unxMv%E`%YG}%X)U{`c@374N}z?|ch?BD3J7ZkxDRGut9o~|;Y z5f}qKO>}5VDtxy3Euy&PZo~I45Sba`0rb3;7^c19( z6?idf!?menCs|G9ig~y~?QjSsVH=;Gn_oFXUiU5E?n{E)-bB8)HB^pfiWEhi+2ZU_ zN76mYf|mq!cUKZfd%LC~-iDK0*!wj0>5ogc7MuK`8J=OaY@DdjwJ(14oN2``5F(%j zP-&8`6E)SU`Lae{Q*{=>dzeWV6uxLyM{r`w&S^t2q$e(Nc0I&lpFFpFz63bW!@Q_- zIL8@~;|@p$l#4GJM^gnDQ=>)c`JCcYUQP-ryB@;<tvLVE9r;TQ%X|bQbxW|=(qwr$fm*a& zx(7L4=aY-R?vn`W`3DmB`zX5d%-3rFKu1|wC7rPIf9Yu7d)ze`|Kd)MmtptHW!wTa zN-uy6f;1bC-aR4mCE34n6TZH|2u2|xuS)XjvCWL~qR~%W8j`T`?tihhFRpI@%8nxA zfvd>AejuS2w`f_h^*e9%>TebN4@1^#q0;H?J%TUTCp_e_EwG9o?!P2!vL)arLKfvL z*WqfuFunPD(h5SsEtjuu%(zbw8e6w&eUGdUO|}j99eI0_YsV1_pi2IMSjVO64EvMy z?jF~v2M7>3-4A^^Z;L;#I=LtpEnR9}K`Zg@<)y*4hJhOq&t~7|?#AadOPrE3{38RE zYE#NQ&Ley*BroWE1q^7GKpJ-nP#-ht#3JhXpzyl+9WfBGHQfnw5H%-2m{b=%VYY@07Th>`j~S{O2@ z{(m8-}^F1K~miE%f zbIp&0Tu38^``KicyCW7?%D)U4#==a*^_Cv1h2JmM4c?XXhjoBGF63vNUnEudrGz#D zq{t`N8$z#f50CcG`$z%+ZMTuP3!(YPD>B_+_LeCo|0Zvd;u2|sT}f7q`s$ESu+)~F zv@<_cr2MFL-A2&dM_LF6KlrN>kk>K$0AB2s;-ZHYgIzpW_rS>B2&&y&ris|BGs_f6 z1t*y+r+|Ew$h7<0EjyZOpIV1DucwKXZ}{xc-*6kzLm} zIgDHP_I7Dm25;BJ<+BZ_&~)MHHnXhj0vl1BPm2W=?t|Ss;*<9uh7Tm>CfEv^IA{|a zyt^>Pk4O#CrQmL0OkI;?N`d4eq91HP5+M{pL>|O}t6Yw66J67FDH<6R^ot=ezA%v> z!mY*5qS1uqq)X`ONu^Iwu_!LlK{eyYfNF$ksO}6i@825^@zhUF6)&OJhs-5>VF-*D_x`L#f5=e3%eZs9j0?2EJg2h!#L2Wr25B$|o6Pg7fWqoP-4_vQx8 z<~4t&rND-Ig-@vXbf&-W&Z+I?F-DIAVysc&kq0pF79pcIz)Ij>Wl;_`IWlMnUR?DKVk7x%0FfznM_f zmT1aqJ+_<_eT2&4k#FdJhM1%D`z26+cwUOnGuC-G!l1l&rVU&K9A$CkqNv^6W$C?x z5sCQyYcR*fWyV{e0jX5m(|*W|qBKki2iS1SUNoRE#`DNAfZ+56u!lzhSX`4V7D*zC zyQHv=~2Xby$vOWI=M&5;vM~Q^+UNi}Mp48dTd@nSfDJ=*>DM@{ zZ{KOluw%akN1eIFya8bOEB`=I!-j@Bce)W_5XR3ii;dg25BG4n0vAU<$7GdXPH!a& zT2_o$qfVgS7VcqDIKDdEoHPo1q)flW@+ayvSK&Ngy|WVhooXd{N@R70-bGHaZ{q{S zyver@a9t_zNGx$)!WVe3BU5Xw_6W;w9W;?6{QT`GzIAVPM}jZaF}iIls95es_J(O_ z-E+rAKxuan4g-WsTsK)6VLmI=5@Mcb!824`7=->-DfwD&(I8bGK)n%KVpe6erm`X! zl+qQxCQ!bell(LrU8#ruWdH&K_kS|0*5R}5x;_)EPkFWAy+)06HReQf%rxU&YLATR zD3nULN#CmOI9c=6d{dqw^6})I+{BA(p@AL|3fLJ9IH5Kq2IP+K(BFV8pzOfH?*qv` zkXGyI|G9KK)7rG{Au4ULn7R0R7<%{BL?!AQFmU=N!r`|eIfc7TUcCDUnl@hB&iZAM zi9Pd4?>Ni^%!y~Ov~>b|%^!Il2QUzPVk=H&$`z;1yiwhi-{O;`L6}ch`&E>c5I5gn zqHuhj+~`XdlF$QI=TdUF1<`3+KEI-X2kQBywZ_RTr=XK!smTSw8tQQa-K(xDENz>D@a<3j_qL&;z@2s_*^> za%O;rTyQl(ws+z6x4=gX&#yFmf1=(ie}OPoJ550TtUfvC)_&j-?2Kz6lgH6ctW1F< z?{t9i9$X&Be-fj^lmw(aKB`H8UmY|Ye)11x3QtX2m;*)OUchKk!AoJ5+* z(u;^gOTJ;r86Pmg{)!*?kcR;iG0K}gU1*g+zy<3L-egrPqt&BSE}FU@Ou?9+;@~R8 zNaC?8!Xv`)bEr6Y6iTRN)AWfF#wNJTtW~@owNSH- z{Gz&hl9D<68PXghs(UvyTpIEZ^o*&`9O&S>QvI<~xY*)#_ACCYV^rFHL@d^RUMj(Q zew$9>BEET`_i?X<{|eIlQ+eWp+nw&l24vx)ÐYS{o?piArmv~dAQq{uB?WW z?1#?m_TN4|xt4q&yIuGPbbI@*6hOFk?w$|&#a*LGP~9bILmqypGr_aXTD9!tMGOAJ z>>Yrar%&jlz1#(8y;ZMnayDZQb%JC+|k$S@+{jT0dfnRj{A%A4Z z1({}D80&%) z|3j`gYm!=wu#<6E_LiB5Ev>XnT5`WGhH?M?WGvg-g^%#`=GRTUA78Cr5iw>`%IR9r zr0yBTyuQ)4o}5wek*rW)UMwcs_5bd1JQXtpH|BZI{vqS9U{{T7FN=NRZl6+Ho$<2b zMT^90Uo2ffz`_>;Di6KA%>+xnO5rxK)#eor&?dTJ{!9L#6zC_lK&YkYlJf6od&uVR z62(_D@pK7zwVMjp+E(9u%lsb~nC;`Wj(@HK;6={*&bX?3YtbBMj^BZ1(b%WuH}5pc zZw;r_$NzW8Ij^pN>&XC}lSp0M)yu)?>-YCBAe>ToSN6M5R~*2;j7iWKTx^b`%~1SV2HBUB`7}v!UzQ%mmN5;GG<{mgv0Hh!QaO# zudZ*>UbnmBkfPq(rh;gJ!O}Z+DTzLCNoFzKu?-P1`uW zAbR(uPyTIafJN?`FlnSn%?ibX=T43Yck{&J3;R_)kBN=l3WY}6;7)(XpN+dIt&($u zs#i~`>ca9?GpaK5hns!i&~hn`S9UkZA$Pr5b{~H}?q`;S=lN`1AE_!c@R?lZ#zvwH z^t*;M+C4F!H75P!soQ%m-S@$=;9(3Ua|dtz_;#CmYie8^_U${dwo=*9Uo8w` zsXvY-87zbZL@S2>n=zzW8wY;=$Go&oQ`8AOs zLoQ-?Xs3Igg?HWb{p~nJEwak((@dbmN*@9;A3YZz=~MSfgU)YrRz#7;_Nb~D0Agyp zT4H++Wk7_ayiO*;xXODHI!Q|!c~Pfg<}wc?;{+on#oq3yV#Wp}U>5yssHkrMlP-F*2TrbsuwCe)bJN20@6W==|r3!QDw!2kTGYNxhi;xVMR zR(IZXj?Q~gKBMbBty#dRa6lsWu(rl+N4QDf`aEKmLa-ToM(I^{{Zd#{Tr~!!6>7-~ zeLD4^{4?sA4jn$Qea_>9FtVJB`B5uF1JDIatdO6pmQ(AHd+O>)V=d} z$Ky+L^Pm@Ek1o^z#++syW?e8Zm2qxbo;9D{DXDBCv{<}~vac00SdL90G^-1!98D-n zcQTb6)2j+RpgCbesSWIPplLms?uGJTQ26*iW&s_iwX>QXt^_UaqePJI^ zPsUhnua!*PRmtyjWd}dS>d`f0DtXQ#tUt!7)WEO+;P>#!+Mro%u)5$})^0yc-XK1` zLp$})pwXH=u~8vkCpT}xn5C%M7=dhJ;_#7LM2)z}&1b_33bqbHQ^lhI}^XDFSgo`iHc{NwVZ7bQ&)i4c42t35dP) zKb~Gizyw<4^xg#)wW4XOQ^FqCN-Wa>%xm~ZLu;tjJEgt|cQfkgY8xmlfTrGc1^lNo zL-vkWlZjKn=QJNMJ^6{Fw4d;qWQ|edoZdrNz!I^QWSE5{J9YQw_9bWo7Y+l;!sW7F z4FJ{e(i(?!Hg7L9{6)72iE`cZo4?as{Jg^P?NM_#|Ahk+@-=FaLi33ChyXuTbl0W- zl;!qg-cS2)GGFK8?%<0yK!6b#048rQQO6gf3@AvV=)JkUGur4+g@aBK=XWDdfLI@F z9$_&|8iEY&sOmqTepCmnE<8yGs)Prk?2scu$SR=g*2*R%Mg z3k2Jfjl=F|%uH*HgG6BHCIdn(=ldqxB6_^VuMhoGMmu@WeC*X8G48I`gCxzf0H_H-_yJlesT%U1e!hHu_uiS-94u~ z3Q6rpiniT%FLm5dCvc^ZJ3aO&?DRl;|In3s9?+fe8pWP8*@Yb5eW>aM(v}v$t;$Jo zuRj(p3O=sK4tow^T{&%m0Pae@*N!f~IJuM9Z`p+`ez*dXqURRiD?MIpZhT(U`m&_p zfLq{9-q5;T()hzGRWB#KCHLlrKZE11)yO%iA$_~ z)TLtLvLC&dr_D;4X#=bb=IlfH=65U<#uo~dd>kvS6HQL5?@~wC2 zJ-9&ux^dli-zpMUXb#=5uC}k*GhNyXyUS&V++S@Y2URSgPdP>Bcm(KaKEEA>AH1dc z^iIS{eu;sRN>U*)e+1nb*hXy1Q0Km8#-U%Gx=%?AAZ z4#IoDwZgxQYatoK=0KV#3Q&%GzoJm-6KU8r=&)iW&0*@v9Y6|=y{2}!YC6!h?atbG z2+RWQ7cG7E?3?WwuYZlm{_jkYHMlYofSN7>cuAv=AJ)XVpWWo@$@SpP8;skf1l7Uq zfZ0NANE%ry#$5LZO1*A3bCWBR(?XMCMav%Hy18zQx9P6G>FOhC^*VubaJ78uV8He< za*3t3<8_j&@TsQn;JvbEch5~)t4t88vHZ|t`9!3)M}eP)$xEV>N~)AF4An9#-a?;8 zt0Tgf%uSZa$w&Xavo5Rvv?z>sD3HML(zptZCT7Iu&H%Kx!~+0n4gAnT-CK!qua$owfd4E?SyfckKp)q^2%u@93P3xVAcx+>nSLa&LLk4(GH+%I2MBoW9)` zuszMtND^<+7N1@W+&~`Zgy}jK>E?Sfrh`q3z%+{L;jtiNT1OB%a@Xd_LlS5 zOS<912aMM%yh9UWHDe+1h7CV+qfvi0BvMy=h}{xs_`{ZnhkgefigW^-U$Uv@&c>PG zAo=WZ9--U8_y^7;%L2iZj5qvQN zEX=)<1`&NPRaJh4@rDA5OSv`vkyV!gbrb8gyjsdk9A#ew|Tz6K|f0;h_Kkr$Oqi3 zg>^nh#gU8ywIOtRJaKj}quXmWZVA90Ik_$YKJ9V}ghOjwKjHsI1T8Gi?PyuxwiitE z8s{s;$gC5dhVC&pFa}2Ipg+GHQ!n0pXs)sa%OR`X=dVc^vJ4+U@6yfJ?vW#g)Q#m+ zM0H(W&(LiBrNQy}#&-96DfRZ9Cu!1YkmqUiGx5kj0v$D46o}X*ZI~cvTERNdVz7Ik zd9^#IR|>N7w~c@&pF=ftUI$v%(EH&xjTw)ZRmwUUxvBtTDRLYtz_Md=2rC+-FZHK; z6!z5Gm(lpiG1b)UirbKt)7Ji3H1xr_nRV|EJcuxmT+%4u6A@*5Jc zUxMxFJIjok*XLEt$dEf#>)pL8=X?linm}$}vJkZ)eAr<50(YnVc;nO2IkZi`r+L&u zP)tCq`H*ylK5&BgS&yU-f=V{~0%OJlHpQc!g|R&cqF_~lW_wt-Bf4zGv`fijee|Ok zL-s*W?X1)eQWX(dCw` zIw4i%@HbaCNqY8vRht|;7mRMFQCQ|LOO2<+eCdQQg9McwM#c?$CVNz{e?pchVSc}S z7J=Woxo#}#1O|y_0$4E@Fl@jHh@4|Lvwu3zU#U0J;y!5Z1Mb!|efxx{GWYCGtX1^< znsF)wkb!JX1CoW+Yt%GT*j40*eZVa1tO2JaPwj!?q7j4`4SG?0(o&)=Q+QlPGX`en}lU!*EJ$_Loi>G%9dDECukKO59s&? z)nPCm>%ho~CV)-k@%?-?`d0AQmOhidf!bmD8MNbR{2XC>cKPOoJj{9&_CU2)1z$4j zYaV76Yw!;gOEjbr{&Gf)I0HTj%gqpRp}wI{L5a9Zro=d}$E1{B&DM^@VKA7{X{76o zSETwjpt1-X}b4)pPl-!gEOHRsxE{Uh~y1 zFP~8hF5RlU>&d^}5|K%+ zxx_EU>uIckydRDeO+$9RtnNt16sK&E$tTN0li}(1eDk!){T?ReQX{IJS~@df{me8Q zQ=Y4x0wIxfxhEn5`7_M zYL4~)>gkP}3m7YVAuY*aM5ES(UrJJzdr8KvlLF+O-13qf?K#!D?^BFTmnXGAiU(P* z01Cg&E@BPY2u56nySmg11dKQxG+`W^@m?;ier zJp6mW0|J5WfvCB}sW{b)#T)~QRhwep_Z}Qht^Hd95#7VPcTa^%IcU-$ICKkkFX8@u zj$_TWrEY=W3ijr=_;LKAc`y(%7frr!f zFgxsf9Y0)#h#yO=wkIzr5@-q3Tk3GVsfcMXtUtOF1G4G=cs^AP3l_Nk@cSkVb_j)$ zJ%!JX5sj3Rl~eokAOiyfOo}h)$8@qsTqJT0!5#J_BO`~kKELOA^(98~)aXf@`Ru?C zQ*%YBT7eD}Ub${Y+?&#=9G(i-waY02HaBB#YbNT-V9H|qQot>=%rpfe5 z-L0qjUlyTrLt@DWoGdkIwptQ~heUh)Zo_;rMgB2A{XVmZ)DIy9c%;MA*bB|_JocE% zTN#1e5^M>N_hDsQ6|y@9#klTA4(gcZ{{qgvbj}7fFq8OWMJ6wxbj$BxZML?>gCvPD zlTZ*B9_JGpSl{NT!_qza73u3$kHmU^_Qglq(7KxQ*&-)EN4BQ+# z@QR6@3LTsYF7zG9*SVCdPNr>5`TsG4v;fH_ec3s-mJbD$@F6j)j^t&apU@kb2RV8b?g;vWbj7Wf(`rn^aAQt-DTUaseqVY{ur=Z`FliFD@n@9-~+ zFEeri4keJQXNfMwpeG}CE6yX-_;d}#CRcW;hdl2gWb;p3P%M&e9MMr8#yj>kMOJ)u zDo>&xJzNY(JqHjE;z%CnGTKIQ%@xgKf%g`j0LhQj<=>DPzS@cAT2C^NM&g4G$OH=Q zu8*a7w3}1o7Q*=hS#f_ctCBwhdKf?%(53QCwuKjd)@0lu&HsxJ|JAT@GzUuzYsI;6 z;{t98VzXkM*v7;OTSm6yZPSJQTUOv9Hg;x)apUA17(i zJD}eAcZ!;soYMDjj!%p1jcm~4pDG;aBDS5ZrhlM6k3Yk24dxk_w$x245&9SB;F6Kh znvQ|0h!rMt7HlH#EA!|#X3_C_KMf53bo@u`hQUk2hR4c_$v@$7B@bOGCN=pQ#G>Zt zOOGfQZKCcyI8WXua8Aqm34#Q@-d$2$vbd%S;vh3G3Oo!PL|DIAv9cx*CRB;>ms^YU zn2225_PE%#V|daaQl1r`C@{tTd3AA#vyS|)YeL^o9nHVypyB^&I^a2UI}re1wWnx1 zT=R31XJt8EyURaNfTLrw;FCv@H9cI_FOvLdreG3pZQa&EO_6UjvPpwu!}Tm$ALdZ^ zhLzvP7j@-d2n$nL&wY<9ifcVTr2k{@DjiNu>XlmM&eTjC8rDNkMAR4IXX#%rwc~w^ zvQS{XWw$k)4ki!I@O7Q40l?^@*}ltenIfPXwG|>lTZW!k<6^H0!q=WeEnYZg8G&`L~wFQxbtA1#JXX~el7dPU%LtqGXL{nS|;n}$Z!{*rvV7ITW* zbi)9ZYO|uMToEvl@ecN}Ts^y?#*V$(4nt(tT+rg|V%NpC;l-lh+t|&C_`triN4*yv z55%TkvkAMzD53SzMa#-pD@_Y9IzFzRt=`psXv7lfPZoi^+z^1Ceg#C`GF6{8+Mf$~ z8+g^<fT^Y62_^PEH%V8Z4oFsur9m5uNr%&}&CO?Cx#ivOlnKo^+ z(Uc}d!T$trb7=%@(X#0TpQaFW6e9Otl2){Kp&&=bOYM0v|4q2Hs6nw*>Dqanu#HcdWHlX} zFCwIIFeqwVK`(uypU;w)f1CN{A|#ommJhHxE=bSY|)w}{idaC4Uya(k8Ye*yaz1nF0v(u^z9t}BfGElPPg zYtE03LAkN<&)($O^FGHvTlVPx0JGiVqHrNdV$~mw!^>VQ*oV%!;bK zO1&u{7Zi?22!$wb&9yEH9>H(SaJpMq%v$~dRcruvdlI(ch$~S{zY^;yFPxa%S#8mE zC|T4gAHi2WxjAdWKVK->H$FH?x964pg!>%*{{Z#P&3W4Y0H4(F&(a`(T}z{M)-^FG z(Q)DzH@Cb7aJIGL1R@QsrZt`gR8~-(GKLkB%g|;}LX;`CpvCgImW>Prk8zp@&f$-B z5AIj)E*IWi%kKD_qs7bMk5TH9%IPy+e@{5s^EduEH~Hj$VLsPCXZ>;zf7{0*t0CPp z1jCChSLZAkUO`!;;OTlUTjnXy8i{zqs-@fza{kb#Vtff~V##?&CC25l*?)&z-z%DP zyW&6Y;Mw!c!}sU!6YX>M5BH<~uWpKzZ3Ca&%NZZZ@993hN{RS^6CAxuXT?{(Peu9{T0n4LtULf>!DOGp|wy|UhC?GFAY|ld#(`@*kV~rm(XiA6e z!#?3ReDZxy*A*D(kaE5ygxDFT@hc#A$NvCj)S&0$pxUI&uuNNR`%HmbE-uMk*goJq z#Jb7}r2InqwfLx`V-?~f>O9kpSK^Yf%faTUzv6w4G<03RJpHM&^U1%%^&V(mp68ip zYTLFU;?6yi32uW7VTuVwJ5UhF9AcwFfsky8{^0~Lw%A-#4Zns`#w&Su5O#&H@igCt zEd>jUvvUD>zVILsA_DFm0oHKq)qM+>%M~l2`qS)jtD^1s=k86Po<@K7T?I=-bm=Ab9^WT;f!vXA6v(@&1C@A#qTP>IPwJI==3+O(S`;nTs9vyyp z`;ptpzx~vB?KBsVcE|q!CD5_po4Baw_k;1~D9#^n>EGfk$)?!bG+BRw<^wxu`P8wl%{(yT<-~`g zbiRd5&*Bl+2PH$6@%ElIO`Str@6C`jBP(df%nb$Kf9C%H*bMC9KcoDYXCqv~T(2MA_6XQcbW%Ru1-ROr70nDUWP`<@3=1Q$^HR7VyDnnoQv{PYd6K(D*2CEwM-i7op(-rt3 z&BezZ;zQCAv*(=_efvcOSD1)B<-Au4Z3reyi|j>$#x)Wlm+-6Bq_{q$)BRkVUC@5BO)8FK}Aw*XIOJ*6P|fM^C=Hxd?OGdVkN-X-Jvmfad@m`2pX z3m`gg(!QJZtttza`p;ePZY*_l`A2WhDA^2Z0p0_qXkH=!)+Ra&Ct%7#G$~^Q7Ynoa zox=YB)(R;-&zVI80E=b$A2A{e?|;ujynS2rYE*v?`8PD^Jbj4m;=L=v& z52*8gfHLC#8OYqzra}n7She~@W5{&9Z>wBA3Prm_oua(NqK{VkMlJAeY0J%)Jj*k) zpHjFb@Olq5E0>Zm^hJS`lz0Vx87qTxPH#>~BA?dUp(r0_?LrkxRgXH&jA@JEAuG1o)9dvfkD z*AFZ;(#9P}49R z@$moJ00;pC0RcY{dF?Og4lZ1_4-7b5N(q=6L<5PW9p`a4cCJ^Ok6rL{d=mN=91{IQ zh6JypW$;a&7HPo5PfO*gp1&r0Ka?KT_WuC5R+f)>MU97feMpNj5fV>wQZlHS73@2R zzla(;BWwX#GX*;y30|ec(q+pzxpL#je_04{@OU^{BI@d3x{DMi?lj8L01dm{GTJwP zs3D8@xB^>`>=Bq3V>gI2)7wx818aW~AOz#Y1YmPQy8i&!4OUp9wNjOvBCBx(HdUSO z*shh}s`-gT$O3%V`in@eJ|(EV&ioSkk4=X|%frn;_3x7o7(#xOuqw)IM#{{f;75>V zUN4XL6?T*4iqenXstBqFvVXx3D#ofh*oHfoG7DbfzsziY%w|_nsM&e^umuDFC<^f? z3~}F!^-oUuW+n95E?l@iuvZS@#avmlgc6unzO~Xt;`*3!?~CN-{X@}fi-x)`T(}MT zj3DsChezgC1xJhY*m2*Jn)L6A=DiB$rAp?dN|h_qBRkIUaKnHm{KF3JFVt71a^-P; zoy>83T)s00)uLm^L9Q-K9_q#ekIrVqG@{tya+#hi?K1URi)!_}viS*I-$ihGr%5}< zr!t^Q=B7Ok@MfGa;Gte-!-PW6-*3DS2bd!52oVq4451xjU%DP5Ry`Y!6~WPR{afPt z*>HLV!6k8W<@y)SZc_yuFxLc>mo23$#M2+dZT|oi&2(Hvqi_PygtcYG3*9vtKz@Eb zLzC#Mf;|sWP;>Y6-cCjgcs0quCFLM&GLRYzH3Ra3Ge(0jt4Li%N_N5$o&|mSo>*~w zS4H$xdIns?xn#0ZSt%(g5h*t+T2n1A(ks~woCs2Bsoj)EBw5yS}G1&TP-c-T3hB@Etbn=!;AE5 zi8F6J4woh#ubcR_4qiLIiN-0LAE7E zC=3U)Fb5%}6`Jn`DSO&vmjdKM@Gr!&>A_vaDqe!==YC@lA~i|!@XF!j=pu1Urc|a{ zQ^hiwOr}#Ql*^YcTpy#Sw6~Z5;g*CX4hJZ0`#3iv8-=K0uOPRY^w5VF_5cv zl&vjVRUf>hB{s7ffE_3$_w0=dt0hrF^Z1$-7lK*~?#7G!!Gc8 zARYRFUU}SnsG>I5R^T1lt@et5tZOhH@67iYs;cFcEGps`OCHlw9|b{1 z$g1_Gf%}&!6{3ONs3Tav5KC(iDw!)C`$U$Am9Ms;nW~2B&mE>rx5sn~b#5gVutr5)A=P#_^@ZYs|@v9C83I-{0YK`9Cq+X(DBDhE|E zrAmQcN9T*Bm-pI;d=LULj^zWgWXfC~F2C zL$hUp?ehR5K;Cv3DhTeny{r2KIBk9m!@Uv zpSB-P<;9l>zoNtgm!Q`u{G6NXZRx2}xVd~^3id;N=P*byHr_FD(@b|fR&(zfXu!gZLHq}3+8|ND z`6V&|OfTjD6bQ{lAN@cHW^2q7R~wrpr%mEIyO0%=1XEX8Vw#6r2{EW7KqK%(Mn%uW z9SoX&V$l0e(aQlGqDqx0l>;9{z+u!!k7v&&`CS^nJP>KP0S1bxR4&c?w+c`Kwiu`d zS}jW|gJ|s0_#)hM0{}DP{{Y;h;dP%fzxwv5Zd01?;w|z$F(>1jg4p_ zh2NQwu7dtJG>k;H{naXVxTh5tZGKf02G!o7fp=ap0M-5Y?8^TD$gH{+))>M7FXZtx z@B&lb<**|uQ935m6Bi8Uv>Iak8GL7q#gC%gAlb>usPS(3jeuJ#4<(eBpe@J5$c?OtOh=}mMcptEC^{>YmBsO=(6BKo z5$QD^J-+YijUR6B3+EL~T$YcBWP5v;HR?tTEk#{#Vr z#34Y+cK7WG*mpd3f;EGC1Q+Zr6@wY5Np#LGhxKv6HM}kV0ElhOE|t*1ekL^IO|La$ z;s6Ojrp0&rLm-Qw;@ydM$3Fr9DNpyU>KSs$WVk;;d@zSg2ORr8UQP1!X~Qp3zbr^C zU%Uim1vM;HZD1;yJ?4s^7>m|>-ic#vpNXJP$B0o@RaUz|gH_@w+ORWIcxnk)r3t$6 zn4y4Owpw`9H;@aa1GXVs7ZA6b;=L;8Z=iX+O*nWX2yuT$mCM>+FC6xK#uDIP;x;-9 z)~o*jVCkM{M9;)TRnS}UJIaOvuki*dvAJ#Mjr)AUfGyZ?SD4*aD;1phnZrBn1PCsQ z+)ICrf?Cfuf7|jdz~6{x67dYoSBC}%SZBfd|Ta_O}KDf`#^#$ z{{ZLAyJyXQWrZ8VP@pM+^9jRFNu(FxmbU%GtQmn@pts+&q>A&&>C~^KSU%GDdbLeo zejQD?sO;kS(}q9O$pb$wK-kj|EP^NWjHEz*H3eeoG=`74$L1Ca8aweRSq|(o6B4ZE z^#vz{dtsZpxLMJ@(%4^=pw?>d+RQ-mU;G2kohds)YE2)09Yef0c_y6g@?!>E+vUxL zUfMK~|WH02X&* zs?%9JOi`hD+@xHUc6ov?)m3Mr~7Z=kw?qK8fh> z%gfg}*CGt^>S*QJ_k>}%ZTWwBC|gH%5jcyuPKLxA;hXfbB0foM7W=}e+_g*gC7uao zRTU5zuIBU2%t|FCeHy`G!w#OVZZ}JU7bcyAfSPDRsy{mheh&7s--hB zujv|r%gYWsXXrvYhc4m6sIW`n)8m7HGkfY-D6l^1K^ST6<~7-mipQU{!k}}O_1Y?c zSXsJlVhFIc@$)T;^X>YJa%YXN;FUMebZhp^seO1BIGKD?aXYkD?4H9bg5I~P_z%)7 z?K^ZFFpTY=p~KL32~$P}Id*(Qf>;5r@RAf=oWN+i*JBkC14`?*?EXqY!B2gS)G`!v z?qI6i7zVZPv4ePmD}ZGCB!6m8NdW%8|4(|P>Sz@Z{9#{L7 zY_^wbx;dC#h1K6sil*DGFfn(R&~^6U-_j(^30!yO=W>3h3^mVwSZkdh5QiIzs6W;w zrnjhx(kYlW#C_meUzws`*<)XsaPXhB7wi$u0^%LA5sO(~o0&u_=@`LyXL)@)kp2l% zNvAH(dob4obok}E#ILZHv7`m9U&IDy5Br3;ygu4uK|r@hahl%DxqWOozf!X^E+0hj z>JjVSKgBLHPJ8m|2PvE2<51!%vh81H;<1Ab`Tow_Fk&H>is(HG^r}r6UQQ{go3gnu;p+mt4M$aQX*T!YqdVjg0Zs z^7B7f;ndPx8Q+SUPSE4J$>JbEyxRmyo)G~_kDSEDa;snwwyOMRf?RlB9tnJ3&^&kg zN`b?ua`H0=;y7lKrB3{?L2MUR_nDG>Md-HG5}JnxFG0}sSFc2(RIj9Aju}$AcAu<9 zI)_mmISHcto{CmNH3_bS}t{696wZ@~xaa`x=vokG}`Zj8A5r+EB zUj%r`rX^Vx_IyPOnbJ2agMr*2T390Uy~QP7IjllG6%Ssebu%$yLtj8gi-XCy@!z1; z@xanB5-{wIQUFmX7E@JNwpLhP#p(!dHTa!~ivxjRv108#iAx?@XAfv_Mx$<_S}axF z(eXQ>_aaZZSj^f6FHjP~esSgojBktRIAHxH%b1wIqjeFTxjM~X957fdEYLYr9ZMFZ zs6?==)^QA1bX2n}hwXCv>2J^48-=FHhWbX|FaeA^1wRnN8}i{;?3SGM=iXQ;Nb0|+ zNn9*?=SBO#IqwdmL*uNE6~e@W+U3G9s;!QBsKQr6>7Ib)h@Q|#y!*zWSJ6CPx$nc# zdyFzyphgc22up+MFnucNdLG*}kf(CVqE=tzn(h4y7+*d52*E*^$75W*X9pJ(lZUM7 zJrkr3o1PSWP*f|6gbnzI&@65bMRei=8;Yyl=psOmpmAS8ewA|lgB9&N5?o+{QE_X7 zij~xLBuP&R4a0;Y9DU^o@bHIntERcBTs&8yzG^)I#d`HNhWMi8a6^4v`0dLG?lZhO w?+tUmdOSLsLNL_r%e?O$#&(^dx!;#=4&_I4ywY|dz=q=<)3*mvJHw;@+5WLt5C8xG literal 0 HcmV?d00001 From 1d1e925f3b8276ea9ff022c57fb8ec2856aeaea8 Mon Sep 17 00:00:00 2001 From: Felipe Zipitria Date: Tue, 31 Mar 2026 09:26:36 -0300 Subject: [PATCH 2/8] =?UTF-8?q?feat:=20add=20CRS=20v3=E2=86=92v4=20interac?= =?UTF-8?q?tive=20config=20migration=20tool=20to=20part=202?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds `layouts/shortcodes/crs-config-migrator.html` — a self-contained vanilla JS tool that parses a CRS 3 crs-setup.conf, applies all v3→v4 variable renames, injects new v4 defaults, splits restricted_headers into basic/extended, and emits a colour-coded notes panel with an exportable CRS 4 config. Embeds the shortcode at the end of the part 2 configuration post under a new "Interactive Migration Tool" section. Co-Authored-By: Claude Sonnet 4.6 --- ...rom-crs-3-to-crs-4-part-2-configuration.md | 6 + layouts/shortcodes/crs-config-migrator.html | 483 ++++++++++++++++++ 2 files changed, 489 insertions(+) create mode 100644 layouts/shortcodes/crs-config-migrator.html diff --git a/content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md b/content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md index 76afe82..2b784c3 100644 --- a/content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md +++ b/content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md @@ -194,6 +194,12 @@ Work through this list before reloading your WAF with CRS 4: - [ ] Remove or migrate any `SecCollectionTimeout` directive from your old config - [ ] Review the full `crs-setup.conf.example` for any new options not present in CRS 3 +## Interactive Migration Tool + +Paste your CRS 3 `crs-setup.conf` into the tool below and click **Migrate to CRS 4**. It will generate a CRS 4 config with all renamed variables applied, new variables pre-populated with their defaults, and a colour-coded notes panel explaining every change. + +{{< crs-config-migrator >}} + ## What's Next [Part 3]({{< ref "blog/2026-04-13-migrating-from-crs-3-to-crs-4-part-3-plugins.md" >}}) covers the plugin architecture in depth — including the full mapping from CRS 3 application exclusion packages to CRS 4 plugins, and how to install them. diff --git a/layouts/shortcodes/crs-config-migrator.html b/layouts/shortcodes/crs-config-migrator.html new file mode 100644 index 0000000..0b15d1a --- /dev/null +++ b/layouts/shortcodes/crs-config-migrator.html @@ -0,0 +1,483 @@ +
+

CRS v3 → v4 Configuration Migrator

+

Paste the contents of your CRS 3 crs-setup.conf below. The tool extracts every variable you have set, applies all the CRS 4 renames and additions, and produces a ready-to-use CRS 4 config with inline notes on every change.

+ + + + + + + + + +
+ + From b46c7b14659bff5a361fb26165ed8d88a86bafae Mon Sep 17 00:00:00 2001 From: Felipe Zipitria Date: Tue, 31 Mar 2026 09:32:42 -0300 Subject: [PATCH 3/8] chore: demote broken ref links to warnings Sets refLinksErrorLevel=WARNING so cross-post ref links don't break the build when sibling posts don't yet exist on the same branch. Co-Authored-By: Claude Sonnet 4.6 --- config/_default/hugo.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/_default/hugo.yaml b/config/_default/hugo.yaml index 3d004a7..1809f01 100644 --- a/config/_default/hugo.yaml +++ b/config/_default/hugo.yaml @@ -9,6 +9,7 @@ timeZone: "Europe/London" enableEmoji: true enableGitInfo: true +refLinksErrorLevel: WARNING ######################## i18n #################### # Auto-detect Chinese/Japanese/Korean Languages in the content. see: https://gohugo.io/getting-started/configuration/#hascjklanguage hasCJKLanguage: false From b80fde8728141d5fbc8e13a7c88ee8e9e839634c Mon Sep 17 00:00:00 2001 From: Felipe Zipitria Date: Wed, 1 Apr 2026 11:02:23 -0300 Subject: [PATCH 4/8] fix: update related pages to support multiple tags Signed-off-by: Felipe Zipitria --- ...ing-from-crs-3-to-crs-4-part-1-overview.md | 2 +- ...rom-crs-3-to-crs-4-part-2-configuration.md | 2 +- layouts/_shortcodes/related-pages.html | 30 ++++++++++++------- 3 files changed, 21 insertions(+), 13 deletions(-) diff --git a/content/blog/2026-03-30-migrating-from-crs-3-to-crs-4-part-1-overview.md b/content/blog/2026-03-30-migrating-from-crs-3-to-crs-4-part-1-overview.md index a6ef7ab..6a4999c 100644 --- a/content/blog/2026-03-30-migrating-from-crs-3-to-crs-4-part-1-overview.md +++ b/content/blog/2026-03-30-migrating-from-crs-3-to-crs-4-part-1-overview.md @@ -70,4 +70,4 @@ Second, open the [CRS 4.0 CHANGES.md](https://github.com/coreruleset/coreruleset The next post covers the configuration file changes in detail. -*Felipe Zipitria, CRS Co-Lead* +{{< related-pages "Migration" "CRS-v4">}} diff --git a/content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md b/content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md index 2b784c3..d24b40c 100644 --- a/content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md +++ b/content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md @@ -204,4 +204,4 @@ Paste your CRS 3 `crs-setup.conf` into the tool below and click **Migrate to CRS [Part 3]({{< ref "blog/2026-04-13-migrating-from-crs-3-to-crs-4-part-3-plugins.md" >}}) covers the plugin architecture in depth — including the full mapping from CRS 3 application exclusion packages to CRS 4 plugins, and how to install them. -*Felipe Zipitria, CRS Co-Lead* +{{< related-pages "Migration" "CRS-v4" >}} diff --git a/layouts/_shortcodes/related-pages.html b/layouts/_shortcodes/related-pages.html index 09350fe..3920d33 100644 --- a/layouts/_shortcodes/related-pages.html +++ b/layouts/_shortcodes/related-pages.html @@ -1,14 +1,22 @@ -{{ with $tag := .Get 0 }} - {{ with where site.RegularPages "Params.tags" "intersect" (slice $tag) }} - {{ with where . "Permalink" "ne" $.Page.Permalink }} -

Related pages:

- - {{ end }} +{{ $tags := slice }} +{{ range $i := seq 0 9 }} + {{ with $.Get $i }} + {{ $tags = $tags | append . }} + {{ end }} +{{ end }} +{{ with $tags }} + {{ $pages := site.RegularPages }} + {{ range $tag := $tags }} + {{ $pages = where $pages "Params.tags" "intersect" (slice $tag) }} + {{ end }} + {{ with where $pages "Permalink" "ne" $.Page.Permalink }} +

Related pages:

+ {{ end }} {{ else }} - {{ errorf "The %q shortcode requires a tag name as parameter. See %s" .Name .Position }} + {{ errorf "The %q shortcode requires at least one tag name as parameter. See %s" .Name .Position }} {{ end }} From fee1f41936b1a0c7644f835dfa3230ce82d88b7d Mon Sep 17 00:00:00 2001 From: Felipe Zipitria Date: Wed, 1 Apr 2026 11:12:18 -0300 Subject: [PATCH 5/8] fix: use proper figure shortcode caption and attr parameters Co-Authored-By: Claude Opus 4.6 (1M context) --- .../2026-03-30-migrating-from-crs-3-to-crs-4-part-1-overview.md | 2 +- ...-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/content/blog/2026-03-30-migrating-from-crs-3-to-crs-4-part-1-overview.md b/content/blog/2026-03-30-migrating-from-crs-3-to-crs-4-part-1-overview.md index 6a4999c..d493481 100644 --- a/content/blog/2026-03-30-migrating-from-crs-3-to-crs-4-part-1-overview.md +++ b/content/blog/2026-03-30-migrating-from-crs-3-to-crs-4-part-1-overview.md @@ -17,7 +17,7 @@ The release of [CRS v4.25.0 LTS]({{< ref "blog/2026-03-28-announcing-crs-v4-25-l This is the first post in a series walking through everything you need to know to migrate from CRS 3.3.9 (the last CRS 3 LTS release) to CRS 4.25.0 LTS. The series is not a quick upgrade guide. It is a deliberate, post-by-post treatment of each dimension of the migration so that you can plan and execute without surprises. -{{< figure src="/images/2026/04/pexels-toulouse-18332033.jpg" >}}*© Maël BALLAND (pexels.com)* +{{< figure src="/images/2026/04/pexels-toulouse-18332033.jpg" caption="Charting the path from CRS 3 to CRS 4" attr="Maël BALLAND on Pexels" attrlink="https://www.pexels.com" >}} ## Why Migrate? diff --git a/content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md b/content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md index d24b40c..d14268c 100644 --- a/content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md +++ b/content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md @@ -17,7 +17,7 @@ This is Part 2 of the [CRS 3.3 → 4.25 LTS migration series]({{< ref "blog/2026 If you take one thing from this post: **do not reuse your CRS 3 `crs-setup.conf` with CRS 4 without reviewing every variable in it.** Some variables were renamed, some were removed, and several new ones are required for features that did not exist in CRS 3. -{{< figure src="/images/2026/04/pexels-antonio-batinic-2573434-4164418.jpg" >}}*© Antonio Batinić (pexels.com)* +{{< figure src="/images/2026/04/pexels-antonio-batinic-2573434-4164418.jpg" caption="Every configuration variable matters" attr="Antonio Batinić on Pexels" attrlink="https://www.pexels.com" >}} ## The Migration Approach for Configuration From f6372448c9212fbbea2f195690d831e6b72475bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felipe=20Zipitr=C3=ADa?= <3012076+fzipi@users.noreply.github.com> Date: Wed, 1 Apr 2026 11:21:33 -0300 Subject: [PATCH 6/8] Apply suggestions from code review Co-authored-by: Max Leske <250711+theseion@users.noreply.github.com> --- ...ting-from-crs-3-to-crs-4-part-2-configuration.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md b/content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md index d14268c..71cd7b4 100644 --- a/content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md +++ b/content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md @@ -49,7 +49,7 @@ CRS 4 also introduces a companion variable, `tx.detection_paranoia_level`, that # setvar:tx.detection_paranoia_level=2" ``` -If you do not set it, `tx.detection_paranoia_level` defaults to the value of `tx.blocking_paranoia_level`. For migration, leave it unset — it defaults to the same value and behaviour as CRS 3. +If you do not set it, `tx.detection_paranoia_level` defaults to the value of `tx.blocking_paranoia_level`. For migration, we recommend you do not set it and let it. ## Anomaly Scoring Variables @@ -83,7 +83,9 @@ The default is `4`. This is more verbose than CRS 3, where only blocked requests ## New Variable: Early Blocking -CRS 4 introduces `tx.early_blocking` (rule id:900120), which controls whether the anomaly score is evaluated at the end of phase 1 (before the request body is processed) and at the end of phase 3 (before the response body is processed). +CRS 4 introduces `tx.early_blocking` (rule 900120), which controls whether the anomaly score is evaluated at the end of phase 1 (before the request body is processed) and at the end of phase 3 (before the response body is processed). + +The purpose of early blocking is to reduce the amount of work the web server and WAF have to do when traffic will be rejected anyway. ```apache #SecAction \ @@ -140,7 +142,7 @@ All of these are blocked at PL1. If your application or any client sending reque ### The extended list -The default extended list contains `/accept-charset/`. This header is deprecated and can be used for response WAF bypass, but it still appears in some legitimate clients, so it is restricted at higher paranoia levels rather than universally. If you run at PL2 or above, check whether any of your clients send `Accept-Charset`. +The default extended list contains `/accept-charset/`. This header is deprecated and can be used to bypass the WAF on response rules, but it still appears in some legitimate clients, so it is restricted at higher paranoia levels rather than universally. If you run at PL2 or above, check whether any of your clients send `Accept-Charset`. ### Adding exclusions @@ -155,13 +157,13 @@ SecRule REQUEST_URI "@beginsWith /api/upload" \ ## New Variable: Method Override Parameter -CRS 4 adds `tx.allow_method_override_parameter` (id:900210), which controls whether the `_method` query parameter used by many web frameworks for HTML form method override is allowed. By default this is blocked at PL2+. +CRS 4 adds `tx.allow_method_override_parameter` (rule 900210), which controls whether the `_method` query parameter used by many web frameworks for HTML form method override is allowed. By default this is blocked at PL2 and higher. If your application uses a framework that relies on `_method=DELETE` or `_method=PATCH` in form submissions, set this to `1` or add a targeted exclusion. If you run at PL1 only, this is not triggered. ## New Variable: Skip Response Analysis -CRS 4 adds `tx.crs_skip_response_analysis` (id:900500). Response body analysis is enabled by default in CRS 4 (when `SecResponseBodyAccess On` is set in your engine config). A newly documented attack class — Request Filter Denial of Service (RFDoS) — can abuse response body inspection to exhaust WAF resources. Setting `tx.crs_skip_response_analysis=1` disables response inspection entirely. +CRS 4 adds `tx.crs_skip_response_analysis` (rule 900500). Response body analysis is enabled by default in CRS 4 (when `SecResponseBodyAccess On` is set in your engine config). A newly documented attack class — Request Filter Denial of Service (RFDoS) — can abuse response body inspection to exhaust WAF resources. Setting `tx.crs_skip_response_analysis=1` disables response inspection entirely. For migration, leave this at the default (response analysis enabled). Be aware of the trade-off if you are deploying in an environment where RFDoS is a concern. @@ -173,7 +175,6 @@ CRS 3 tolerated HTTP/0.9 requests. CRS 4 does not — a new rule blocks HTTP/0.9 CRS 3 defined `SecCollectionTimeout` in `crs-setup.conf`. CRS 4 removed this setting from the core rule set because the core rules no longer work with collections directly. If you need a custom collection timeout, set it in your WAF's main configuration or in a plugin's configuration file. -If your old `crs-setup.conf` includes a `SecCollectionTimeout` directive, remove it or move it to your global WAF configuration. ## Migration Checklist From bc42a4d73bf3c485fdea2c8d2bae6e0ace1f3055 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felipe=20Zipitr=C3=ADa?= <3012076+fzipi@users.noreply.github.com> Date: Wed, 1 Apr 2026 11:26:36 -0300 Subject: [PATCH 7/8] Apply suggestion from @fzipi --- ...-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md b/content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md index 71cd7b4..682429d 100644 --- a/content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md +++ b/content/blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md @@ -169,7 +169,7 @@ For migration, leave this at the default (response analysis enabled). Be aware o ## HTTP Version Defaults -CRS 3 tolerated HTTP/0.9 requests. CRS 4 does not — a new rule blocks HTTP/0.9 requests outright. If your infrastructure passes HTTP/0.9 internally (rare, but seen in legacy load balancers), you will see blocks. The fix is to either exclude the rule or update the infrastructure. +CRS 3 tolerated HTTP/0.9 requests. CRS 4 does not — rule 920430 blocks HTTP/0.9 requests outright. If your infrastructure passes HTTP/0.9 internally (rare, but seen in legacy load balancers), you will see blocks. The fix is to add back HTTP/0.9 in rule 900230. ## The SecCollectionTimeout Removal From 757ed37c1fec65441a61d27082bd360408fce70b Mon Sep 17 00:00:00 2001 From: Felipe Zipitria Date: Thu, 2 Apr 2026 11:33:43 -0300 Subject: [PATCH 8/8] fix: add What's Next section to part 1 linking to part 2 Co-Authored-By: Claude Opus 4.6 (1M context) --- ...6-03-30-migrating-from-crs-3-to-crs-4-part-1-overview.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/content/blog/2026-03-30-migrating-from-crs-3-to-crs-4-part-1-overview.md b/content/blog/2026-03-30-migrating-from-crs-3-to-crs-4-part-1-overview.md index d493481..a200fc3 100644 --- a/content/blog/2026-03-30-migrating-from-crs-3-to-crs-4-part-1-overview.md +++ b/content/blog/2026-03-30-migrating-from-crs-3-to-crs-4-part-1-overview.md @@ -68,6 +68,8 @@ First, download CRS v4.25.0 and open the `crs-setup.conf.example` alongside your Second, open the [CRS 4.0 CHANGES.md](https://github.com/coreruleset/coreruleset/blob/v4.0/dev/CHANGES.md) on GitHub. It is a long file, but it is the authoritative record of what changed. You do not need to read it end to end now — the series will reference specific entries — but knowing it exists and how to search it will be useful throughout. -The next post covers the configuration file changes in detail. +## What's Next -{{< related-pages "Migration" "CRS-v4">}} +[Part 2]({{< ref "blog/2026-04-06-migrating-from-crs-3-to-crs-4-part-2-configuration.md" >}}) covers the configuration file changes in detail — a side-by-side walk through every renamed, removed, and new variable in `crs-setup.conf`, plus a migration checklist and an interactive tool to convert your CRS 3 config. + +{{< related-pages "Migration" "CRS-v4" >}}