Skip to content
Snippets Groups Projects
New look: Off

The meek<->moat tunneling isn't set up correctly

    • Closed Issue created by Isis Lovecruft @isis

    The apache config has:

    ProxyPass /meek/ http://127.0.0.1:2000/                                                                                                                                                                                       
ProxyPass /moat/ http://127.0.0.1:3881/moat/                                                                                                                                                                                  
ProxyPass / http://127.0.0.1:3880/ retry=10                                                                                                                                                                                 
ProxyPassReverse / http://127.0.0.1:3880/

    (BridgeDB's HTTPS distributor is a Python process listening on port 3880, and the moat distributor is listening on 3881.)

    The moat-server is run with the following:

    ∃!isisⒶwintermute:(master $>)~/code/torproject/bridgedb-admin ∴ cat bin/run-meek                                                                                                                                                                                                 
#!/usr/bin/env bash                                                                                                                                                                                                           
                                                                                                                                                                                                                              
export TOR_PT_MANAGED_TRANSPORT_VER=1                                                                                                                                                                                       
export TOR_PT_SERVER_BINDADDR=meek-0.0.0.0:2000                                                                                                                                                                             
#export TOR_PT_SERVER_BINDADDR=meek-78.47.38.229:2000                                                                                                                                                                       
export TOR_PT_SERVER_TRANSPORTS=meek                                                                                                                                                                                        
export TOR_PT_ORPORT=127.0.0.1:443
                                                                                                                                                                                                                              
/srv/bridges.torproject.org/bin/meek-server --disable-tls & disown

    The moat distributor has two pages, /moat/fetch and /moat/check. In my Tor Browser, if I go to https://4-dot-tor-bridges-hyphae-channel.appspot.com/meek/moat/fetch I get a "301 Permanent Redirect" from the Apache server telling me to go to https://bridges.torproject.org/meek/meek/moat/fetch.

    Probably I've just configured all the URIs wrong?

    Designs

      Child items 0

      2. No child items are currently assigned. Use child items to break down this issue into smaller parts.

      Activity

      • Isis Lovecruft added bridgedb-dist in Legacy / Trac component::circumvention/bridgedb in Legacy / Trac moat in Legacy / Trac owner::isis in Legacy / Trac parent::24689 in Legacy / Trac points::2 in Legacy / Trac priority::high in Legacy / Trac resolution::fixed in Legacy / Trac severity::normal in Legacy / Trac sponsor::M in Legacy / Trac status::closed in Legacy / Trac type::defect in Legacy / Trac labels

        added bridgedb-dist in Legacy / Trac component::circumvention/bridgedb in Legacy / Trac moat in Legacy / Trac owner::isis in Legacy / Trac parent::24689 in Legacy / Trac points::2 in Legacy / Trac priority::high in Legacy / Trac resolution::fixed in Legacy / Trac severity::normal in Legacy / Trac sponsor::M in Legacy / Trac status::closed in Legacy / Trac type::defect in Legacy / Trac labels

      • I
        Isis Lovecruft @isis ·
        Author

        Trac:
        Description: The apache config has:

        ProxyPass /meek/ http://127.0.0.1:2000/                                                                                                                                                                                       
ProxyPass /moat/ http://127.0.0.1:3881/moat/                                                                                                                                                                                  
ProxyPass / http://127.0.0.1:3880/ retry=3D10                                                                                                                                                                                 
ProxyPassReverse / http://127.0.0.1:3880/

        (BridgeDB's HTTPS distributor is a Python process listening on port 3880,
        and the moat distributor is listening on 3881.)

        The moat-server is run with the following:

        ∃!isisⒶwintermute:(master $>)~/code/torproject/bridgedb-admin ∴ cat bin/run-meek                                                                                                                                                                                                 
#!/usr/bin/env bash                                                                                                                                                                                                           
                                                                                                                                                                                                                              
export TOR_PT_MANAGED_TRANSPORT_VER=3D1                                                                                                                                                                                       
export TOR_PT_SERVER_BINDADDR=3Dmeek-0.0.0.0:2000                                                                                                                                                                             
#export TOR_PT_SERVER_BINDADDR=3Dmeek-78.47.38.229:2000                                                                                                                                                                       
export TOR_PT_SERVER_TRANSPORTS=3Dmeek                                                                                                                                                                                        
export TOR_PT_ORPORT=3D127.0.0.1:443                                                                                                                                                                                          
                                                                                                                                                                                                                              
/srv/bridges.torproject.org/bin/meek-server --disable-tls & disown

        The moat distributor has two pages, /moat/fetch and /moat/check. In my Tor
        Browser, if I go to
        https://4-dot-tor-bridges-hyphae-channel.appspot.com/meek/moat/fetch I get a
        "301 Permanent Redirect" from the Apache server telling me to go to
        https://bridges.torproject.org/meek/meek/moat/fetch.

        Probably I've just configured all the URIs wrong?

        to

        The apache config has:

        ProxyPass /meek/ http://127.0.0.1:2000/                                                                                                                                                                                       
ProxyPass /moat/ http://127.0.0.1:3881/moat/                                                                                                                                                                                  
ProxyPass / http://127.0.0.1:3880/ retry=3D10                                                                                                                                                                                 
ProxyPassReverse / http://127.0.0.1:3880/

        (BridgeDB's HTTPS distributor is a Python process listening on port 3880, and the moat distributor is listening on 3881.)

        The moat-server is run with the following:

        ∃!isisⒶwintermute:(master $>)~/code/torproject/bridgedb-admin ∴ cat bin/run-meek                                                                                                                                                                                                 
#!/usr/bin/env bash                                                                                                                                                                                                           
                                                                                                                                                                                                                              
export TOR_PT_MANAGED_TRANSPORT_VER=1                                                                                                                                                                                       
export TOR_PT_SERVER_BINDADDR=meek-0.0.0.0:2000                                                                                                                                                                             
#export TOR_PT_SERVER_BINDADDR=meek-78.47.38.229:2000                                                                                                                                                                       
export TOR_PT_SERVER_TRANSPORTS=meek                                                                                                                                                                                        
export TOR_PT_ORPORT=127.0.0.1:443
                                                                                                                                                                                                                              
/srv/bridges.torproject.org/bin/meek-server --disable-tls & disown

        The moat distributor has two pages, /moat/fetch and /moat/check. In my Tor Browser, if I go to https://4-dot-tor-bridges-hyphae-channel.appspot.com/meek/moat/fetch I get a "301 Permanent Redirect" from the Apache server telling me to go to https://bridges.torproject.org/meek/meek/moat/fetch.

        Probably I've just configured all the URIs wrong?

      • Kathleen Brade
        Kathleen Brade @brade ·

        Trac:
        Cc: N/A to brade, mcs

      • D
        David Fifield @dcf ·
        Owner

        Trac:
        externalize-pt-client.sh

      • D
        David Fifield @dcf ·
        Owner

        It works for me with a few changes.

        $ ./externalize-pt-client.sh meek/meek-client/meek-client -url https://tor-bridges-hyphae-channel.appspot.com/ -front www.google.com
$ curl --proxy socks5://127.0.0.1:10000/ https://bridges.torproject.org/moat/fetch
{"errors": [{"status": "Not Implemented", "code": 501, "detail": "moat version 0.1.0 does not implement GET /moat/fetch", "version": "0.1.0", "type": "", "id": 0}]}

        4-dot-tor-bridges-hyphae-channel.appspot.com indeed seems to be misconfigured (giving the redirect you described), but tor-bridges-hyphae-channel.appspot.com seems to work.

        Going to https://tor-bridges-hyphae-channel.appspot.com/moat/fetch in a browser is not going to work, because the /moat/fetch is at the wrong layer. The appspot.com domain is just a tunneling mechanism and doesn't use any URL paths. The moat communication, including URL paths, has to happen inside the tunnel. In other words,

      • I
        Isis Lovecruft @isis ·
        Author

        So the meek tunnel is working, but the URL redirections are still not quite right…

        David Fifield helped me out by providing this externalize-pt-client script (now in bridgedb.git/scripts/externalize-pt-client in my fix/24432 branch):

        set -e
CMDLINE="${@:?need a meek-client command line}"
TRANSPORTS=meek
# This could be controlled by a command-line arg.
PORT=10000
TOR_PT_MANAGED_TRANSPORT_VER=1 \
	TOR_PT_CLIENT_TRANSPORTS="$TRANSPORTS" $CMDLINE \
	| sed -n -u -e '/^CMETHOD /{s/^.*127\.0\.0\.1://;p}' | while read pt_port; do
	echo "forwarding port $PORT -> $pt_port"
	socat -v -v TCP-LISTEN:$PORT,fork,reuseaddr TCP-CONNECT:127.0.0.1:$pt_port &
done

        Also in that branch, I've modified scripts/test-moat to also (in addition to a localhost server) test the production server through the meek tunnel. This can be accomplished by running David's script like so:

        (bdb)∃!isisⒶwintermute:(develop *$>)~/code/torproject/bridgedb ∴ ./scripts/externalize-pt-client ~/code/go/src/git.torproject.org/pluggable-transports/meek/meek-client/meek-client -url https://tor-bridges-hyphae-channel.appspot.com/ -front www.google.com

        Then, in another terminal, do:

        (bdb)∃!isisⒶwintermute:(fix/24432 $)~/code/torproject/bridgedb ∴ TEST_PRODUCTION_MOAT=1 ./scripts/test-moat fetch

        For me, the bridges.torproject.org server responds with:

        {"errors": [{"status": "Not Implemented", "code": 501, "detail": "moat version 0.1.0 does not implement POST /moat/fetch", "version": "0.1.0", "type": "", "id": 0}]}

        Which means:

        1. the meek tunnel through https://tor-bridges-hyphae-channel.appspot.com works
        2. the TLS tunneling through the Apache instance on bridges.torproject.org:443 works
        3. the meek-server running on polyanthum (the bridges.torproject.org host) is correctly stripping the meek layer of TLS
        4. the Apache instance is correctly redirecting to the Twisted Python server
        5. the Twisted servers are responding
        6. the moat server specifically is responding, but it isn't giving the correct response, since it seems to think there's no such resource

        One thing is that, watching the logs while doing this, the Twisted server isn't registering that a request was even made, i.e. there's no logs of the request hitting the server (even though its responding with JSON API, which is a little weird). So the next step would probably be, in the usual Twisted fashion, to just add ridiculous amounts of log statements everywhere to figure out why it thinks there's no such resource.

      • I
        Isis Lovecruft @isis ·
        Author

        Trac:
        Status: new to accepted
        Description: The apache config has:

        ProxyPass /meek/ http://127.0.0.1:2000/                                                                                                                                                                                       
ProxyPass /moat/ http://127.0.0.1:3881/moat/                                                                                                                                                                                  
ProxyPass / http://127.0.0.1:3880/ retry=3D10                                                                                                                                                                                 
ProxyPassReverse / http://127.0.0.1:3880/

        (BridgeDB's HTTPS distributor is a Python process listening on port 3880, and the moat distributor is listening on 3881.)

        The moat-server is run with the following:

        ∃!isisⒶwintermute:(master $>)~/code/torproject/bridgedb-admin ∴ cat bin/run-meek                                                                                                                                                                                                 
#!/usr/bin/env bash                                                                                                                                                                                                           
                                                                                                                                                                                                                              
export TOR_PT_MANAGED_TRANSPORT_VER=1                                                                                                                                                                                       
export TOR_PT_SERVER_BINDADDR=meek-0.0.0.0:2000                                                                                                                                                                             
#export TOR_PT_SERVER_BINDADDR=meek-78.47.38.229:2000                                                                                                                                                                       
export TOR_PT_SERVER_TRANSPORTS=meek                                                                                                                                                                                        
export TOR_PT_ORPORT=127.0.0.1:443
                                                                                                                                                                                                                              
/srv/bridges.torproject.org/bin/meek-server --disable-tls & disown

        The moat distributor has two pages, /moat/fetch and /moat/check. In my Tor Browser, if I go to https://4-dot-tor-bridges-hyphae-channel.appspot.com/meek/moat/fetch I get a "301 Permanent Redirect" from the Apache server telling me to go to https://bridges.torproject.org/meek/meek/moat/fetch.

        Probably I've just configured all the URIs wrong?

        to

        The apache config has:

        ProxyPass /meek/ http://127.0.0.1:2000/                                                                                                                                                                                       
ProxyPass /moat/ http://127.0.0.1:3881/moat/                                                                                                                                                                                  
ProxyPass / http://127.0.0.1:3880/ retry=10                                                                                                                                                                                 
ProxyPassReverse / http://127.0.0.1:3880/

        (BridgeDB's HTTPS distributor is a Python process listening on port 3880, and the moat distributor is listening on 3881.)

        The moat-server is run with the following:

        ∃!isisⒶwintermute:(master $>)~/code/torproject/bridgedb-admin ∴ cat bin/run-meek                                                                                                                                                                                                 
#!/usr/bin/env bash                                                                                                                                                                                                           
                                                                                                                                                                                                                              
export TOR_PT_MANAGED_TRANSPORT_VER=1                                                                                                                                                                                       
export TOR_PT_SERVER_BINDADDR=meek-0.0.0.0:2000                                                                                                                                                                             
#export TOR_PT_SERVER_BINDADDR=meek-78.47.38.229:2000                                                                                                                                                                       
export TOR_PT_SERVER_TRANSPORTS=meek                                                                                                                                                                                        
export TOR_PT_ORPORT=127.0.0.1:443
                                                                                                                                                                                                                              
/srv/bridges.torproject.org/bin/meek-server --disable-tls & disown

        The moat distributor has two pages, /moat/fetch and /moat/check. In my Tor Browser, if I go to https://4-dot-tor-bridges-hyphae-channel.appspot.com/meek/moat/fetch I get a "301 Permanent Redirect" from the Apache server telling me to go to https://bridges.torproject.org/meek/meek/moat/fetch.

        Probably I've just configured all the URIs wrong?

      • Mark Smith
        Mark Smith @mcs ·

        Kathy and I are at the point where we would like to give the browser and UX team members a new Tor Launcher that supports Moat. To do that, we need a test server that is on the public Internet (we have been testing with a non-domain fronted server that we built, plus our own copy of meek-server). Therefore it would be great if this ticket could be resolved soon.

      • Mark Smith
        Mark Smith @mcs ·

        Trac:
        Parent: N/A to legacy/trac#24689 (moved)

      • I
        Isis Lovecruft @isis ·
        Author

        This is issue is fixed in my fix/24432 branch. The final remaining thing causing the "501 missing resources" error was just a bug in the where the resources were registered on the Python server versus where the Apache server was redirecting to.

        Running the steps above in comment:4 to run the ./scripts/externalize-pt-client script along with TEST_PRODUCTION_MOAT=1 ./scripts/test-moat script, produces this request:

        curl --proxy socks4a://127.0.0.1:10000/ -H 'Content-Type: application/vnd.api+json' -H 'Accept: application/vnd.api+json' -H 'X-Forwarded-For: 1.2.3.4' --data '{"data": [{"supported": ["obfs4"], "version": "0.1.0", "type": "client-transports"}]}' https://bridges.torproject.org:443/moat/fetch

        And the current production server returns the following response:

        {"data": [{"challenge": "xNAyrt4W7BufeLIWYoRqc4NY1j5Y7XcSPur3nZjjExySWarl0kp3Q-LoFXnCD6net56nvT1FrvyHAGb6ST1-f6KycgMJ4y01nGOKfkCJBqh_PJXajrSh8ruAaXBGwOXOEXnIm3CGLGZXm3pJlaYmynqvo6UVkkRXAi_15AZXQVmll7TMJ_UCpUJmh8QEkVVEjqYRbCJ83V5LRXblQEHR0otDw2FJDjgGHE3-0XXl1Gsv5vGq_IJ8LpIrJSQEEGljRWj_dZlHbwdWcQFrFcAD-XMKBh8uHLpPB4ki0eEj9723I1UOFg2TOXxjXiG2kmb6EnsimPDYZMgI2AgSfYTuBUunJOjI4Q8PFEEUHYZ-BG2ECCda", "id": 1, "version": "0.1.0", "type": "moat-challenge", "image": "/9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQH/2wBDAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQH/wAARCAB9AZADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD+mzV/Hknw4+Id7dfELw9LP4I+EzaPJ4y8T+OoY9L1PxTrWoX2sJ/a/guy1SO7fUPCNlJplre2mi2Gq3+ua1rv2G62PeW11daj2Hgi9+IV74hPi3wn8HfBmofCvxTcvrt94O1jUXv76y0LU4F0+y1G017Vnm8P20l3oPhqG+Xw34auLiy06NtHs5bEWuoSa1bYenw6P4lj1WXQLTxj491nwpr+j2vhDwz411rX9UtNOvi9lrmrfETw/wDEu0tdX16bwhNockWk+HxrB0DSddg07Ura7ab+17meT6D8P6j4H8Xav/wkngu+0241fTPE/h1tdl0O7U6rq32bwjdPa+ILnTbvw4dOs9W1/wAPsmjW2oadb6aNQ08pa2+vSRQ2yqAcPr+sDSfiz8UPD3gd9E8EWfwx+FmgWdlJpj+L7q38HnWGvLvSLC08G20mmeHZje3MGm34m0MXn2y30m90i8QLKsi+E/DnQtA/aB8CWer6r4bji13SviLZaPf3EPiO9sPEfhzwzL8RdP8Aib4G8RaJ4fI1DxPaXHiO/ufCcnjyDWL/AMLanqkNkL+SWWO206eTQ+I3xD8Q+MPFfj74Zw+H9X0z4ieLtc0Ow0y28W2F9rXgS18PX2uNZ+IZfEur6GvhzR7fxDH4Ok0uKTw7ea39o0/Rb7TtQ0W81PVdQuYp+yXxr8M/hr8O/iv8S/DPiDwBqXjT4beN1vfjPN4PtfF3ijw78O9W8N+DNMeXS/GulxX8+o395YaRDo82p6mkOmLbCK18QapZINGuWQA2/F99pfw7m8PeK9QtfDMGqa54g1D4a6JNY+HX8U6z4i8Vatpfh2800+Ira6v9N1OybSrTwbImoWMuqyXphstFM+r3gtZHaTQ9f+ImpeCL7Q9H0i+X4caFH4TuU8eLqNjpN8EuvDeqahe+EvAMlh4huLBrnRr+38P+H7HUotZuNDuDrdzYXQ1G5s9QmuPwe8Vf8HGnwm+OXxYg8AfBXwrc+A/hOfFGkW6/tDfEnQLbSPAVxNqt/ZaZqFn4CmubHUg3xG8eJr2pN4di1Cz1DULrQ9Mm1LTtDvrTU45pP2E/ZF/aJ8DftHfAz4e+M/h1qfhnw98F75fEj6fpvh/U/Fuj2er6PoGg6r4e8TeGNQTxRovhafwj438FytZy3+k3sUds9/p+p3oVLmGSW0APEvgh4+1vxV4o8a+O9MC+IfBfiaS613wH4F17RvDXj/X/AIff8LN025t/7P8ACtx4dNysuoa7r/hqXVrzRbrV/DWm+H9Fku9T16SaaQvae7+G/j/o2jeD/BHhDVPDvxW+H/hnWr+58JR6/o3w91nw3odvZ6xZ6tocGt6lqmn339s6HqHjHxfexahaajHBMt9qD2EWmG/MP9sSewQt4I/ZL+G3gKDQLnSH+Hnhy08X2McegzeHLrUdcvLfwte+JvCWq+Kbux07S5XS00C2unm/sy0vLvzr6yvbm5ktEuryTF+GF78Of2oPhR4C+MXgX4mfFPSND020t/EF1a+L9KsbTQ9dfw3PZazFba5aeLNG1PRrC50/XW00abrilr9IdMebRL94S9ywB5Ro2r6ddeJPCOoxfFTxlqfh/ULLxl4MvvDkiJ4ZbSrHxFsh8H+ITqeiQXGs+I7jV4vF2kTtBqPjm21DUX1mw1+9jgvNLma2+odG+EtxZfDLwpoOn+JtMh0R7i+1zV9Vj8Hadr1p448Iy2lzZ6BoWn6DDNDq+n+JdI0rTvD2oPdaVp6QS3ulNPLb3LyzAcNY+F/A3j7XvilpOrX2keH/ABndeMrL/hK76x07TbHX7Twl4R0G0l0PXNMXVdR1iynabUbCPU9P13Q7bUUYWdvpN/DZ3thLFZdn4NuvFt74317xct1pOufDPS4NT8T+DIL7wRcaT4vtLCbQptKufBmi67cX1le2evXOs2tz4gv3vNMs5rW01JLOyiuLd2ktADw+78VWngrQPD5034u+ArHw1Z+NfHfwuv8ASZb9vB+nxeBpPEGp6Jp/g7wz4d8VvD4WPijwg+iaRp94Fs3NxpD6qlrZrNLaTXVb4GXGs+Dn8CeE9K0D4o6T4t+Lvw5tvE9nZ3mseH9T0LS9C0m1+HvhG6sodMt9T0Xwml9BpljDrGpWMWlR3cmlahql5olzY3ch0ytn4h+G7TRdM/sr48/C/wALt8HfFfi/wn4hsNSOqJ431HwNqWjafaeLNT1C+87w9pc8mmWniD+27651vWtf1aWUSSiTSnsLpoYu31bU9Y8Q2Wo+Jfg98UbHxRrHiHwpdn4b+JvBjeFZFfTYbwyWE3iuNvDl3aRaZqFxbjwtJNaWN/cabbaXLfQ7I57tbQA9DsXs/ghDdXTa34N0P4XeGkPhjxL4gbRdZsNb0fw7brqV14e0qHxTqN3eWurWttqmuWem2Gk2Y22EstzHbzZMqReZ+KPF/g+DwzLfXKaRqOlXM1pMvjLV9Is9K0O1h8Ea7plnr/gnxZFq2t2ehW994l8RaNqWn6FqNj5Nh9o1Vrmz0+6it725uOp06/8AFngP4eauraF4f17wVZax4w8aQala+J9B0jwfpXhOxsrrxT/bU1xodhDc67c6lrOqpp15HeaVHFDb28t3cfbbmBLnU/Jo/GvhvWbXT9Y0tfA3xS+D/iC2sJtF1DxbqfiJPFXhvS9Okv8Awfqeu+HfBVj4bu1ki0DWrq883xTbWWkwX+n63Fe3GpxW+mxzXAB6Ro2k2vhrTdM8c6HZaxZxeH/BNx4d1nwT4T0vU/E2ieDNP8Z+bbXf/CG6npHhjUPE+pSWGv6FpcUvhjQNZ0C20fQIrO5utGtHtbOKfO8O6fc+EvDM3gHQ/Hdz4l0i2vbTUf7ItPDPi6y0HVPEWoa+on0XUdaubm6W0eXXNeszqHhuTxFDZX1pZnR/sGk2FrqUkvmPi/4tWHwWbxd8O7W3sV1H4g6HqHji7sfCnjjUU8Radc+H08A+HP7WkEdxI1rp0Nrqf9q3DaDDBpNpoXhy6W708yXsyWnv0vg/xCvjb4Z+OfA9rrk2kaJolva2NtNrWsXGna3OfDWtavchvDUWq2PkXN7Pqlmtjq3jZ9YjsJ9P8iz0ewe5jv5QDyLwhofwd8M+JPHkPxP0PR4tA8NX+r+Dda8R614n1u80m/v/ABHp+q61D4f0vR77TtF8LXul+FtH8Q+IvDGn2VmNV1vTdJhtNOIjXela/hGw8P8Ai6x8X+EfDeo6/p3gXwrqV54KtJfDXieS+1K3udGv4/BVrNfajcWT61ZeIbixSNLcRfa5Fh0eOXUNW06G+upL3M8Q6H418Fa14q8BaZ8Xtd+JF94vv5/iXr3gHxlaeFfE+v2uiXU95Pq/hbR9O0/VtE/sRJodIufDdprF1fWeg2l7eW0MXm3U013beoXFt4E1PQdZ8d6B4E0Pw18WPiJ8KtR8QXHw78beM4PCPjWWW1s7W08PWmo+ba6jN4ekks5bm31W9tJ0S2u7hkuY795TPEAfJnxJ8A+L/HeiLrumT+NPCHxP8fW9z4Vki1/R/C2kr4y/s65v7698O+Jriyk1bWbm60zQ/CI1GG2l1Oz8JTwS2MV0dbtdQn0+69y8M/2T4k1z4hav4psfB934t07Vr3w7Z6nqM83jy71Hw7f+H9K0zxT4Tl8A+H9WuYwml6lbaboGr+H9OuYbK8mtbXWb+xa6SGZuJmMviH4cfDTX/GEvhj4Vf8JRHq/inVxosega5L4s8QWljczavoml614X1GyfxB4fkjh0aTS7CCx1DUvEOl+GGtNZsp4pJkn7pvh7eX/xi0DxNL4c8MSWc+jw+J/FFvq0vijWPE8F54Atb+wtNV8J23inSoNE8K3tvq11bWtle2c+lPrthqeq61EzPHFPEALo/wAbvGPw4udQvNQ1zQPG2seKtOsH0r4R2Hh/X/CNvZW9/FoVhE97ps0etj4e6xqHifWbyzv9P8SSXtndR3FnMdRsBb3wez4MvtX0DxXcR+J9N0Ox8FeHdM8U3nwc8WeDdB8LLN4S0fW49Cnn0RHtrB5Laa8tNb0uLSfscGn399eQ3wuNMvbS3tLu582+Fuq+J/iF8Q7CVNX+JPhHWvDXhSTw3b+IPGng2C3W58N65oGlaxc2Hh3xFfSeID4k8TaVPaWersFdtSuL7TtTh1vKWltDFS1n4+/C3wRqF7ea/wDtH+HfAGoQ+N/B/hCOXU/Httr9r4ph1C6tPh7cm08N6kNeh8KDVdU07yfDE1teJqepeMLiDT7rMlxHBdAHWfGi20jVLP4S+ELvSvEtrc/Fq18WXVp4fif4i2dxZeHovD9o+v6r4sj0o2kGs6hq19LZQ3epeNL7wzfWmk6g9tD/AGfdtezjjfivZazrXxK+G/gfUtX8T3nwwudW8LeLPHWjal4rvNRW+hMUnhzQ4U8M3sEfibTfD/hjULm21eLW9P0e+0m51DRdIvtSu4LiPVdYtvntv+Ct37Dvgr4yfEP4Xr+1x4rju7XxDY6X4V1vUvCbeNPB3hK/07wn4D8PXXw0u/Ev2XXNatfGXiPWfFuhXmnWWsiyuta8Saiun26XUun31rL7n+yr+1R+z5+3B4I1T41/BjUvDvjP4Z3fjBfBut6l4rl8ZeEvjFo/jjQdQk8Wy/D2bQtevBql263PiW/0a48MteaNY2Nsk1pbWOoaTqEVjbAGXpEHw38H/GD48XFlcfDrQfiPaa94Q03xL41+JEuo+L08Q/2ja+HfD0fj60e7fw9YDT5PCXi3R9EubCwv5LTR9VhNksJiu5rmf1jwn8MrXw9478K6Dqd98E77TNG069PjDRvBvhHTzqniXxVE2hafpnxMbXdKtY9T8L+LrXQNX0p7izS1vLVLW9hjE7QTpeWVW3g+Dnjrxf40+HvxA02JvGejeFdW8JSeGPDhgt21az1S9M154gl0vSvFWv60JNHN3p0eo3ay2dxeajaDU547ibTLRNJ/Kb9s74G/8FV/FX7QHxC1L4A6Ze+HPgN4H034G+MrK50L9om/+HWt/wDCX/Brxnp3iv4k/wBm+Crf4WeIfE/iPQPiX4HklstY0u2bxdp2v3lno9npEcOt3upaEAD9ffDHgjxNo+jeKdb8HeNPCVv4A8V2+m6N4Q8FajJc+FI9OuPDT6jc+K/EeqXzeHPMsvFHim1spoZZItP0+z0/yJ9UijvZZ5Ef5L+MHwyvNY8XfC4zeDbrwP4E034oeIPDtp4W0vw7Y6pd3WseImv9W0TWbbyLq3snXw34i/tPxL9tisrm5n8Hya9LrDiyvWttU/B79lL43fHD/gpJp2s/s+XWoftBfsN/GuPxz8QvjD4c8MePPDHxw+Lf7PHxR8M/E7wvosXjbwp8WPFvj3w/o19oXhy28U+KNX1j4c+FLTXV1i3tLmHwnHeaRfwaejf1J/CL4SRfBP4Z+E/hb4k+M154/sPAB0iCKa01nxDfeKph4uXV9A0251PXLHVLW/ubrxJq9zHZ6fNfw6jN4XsI7Gx3TyW0mtSgHzt8RNJn8Ya74v8ACXinwlrGgeEtP+Gvwt8ffD6CdrD+xNM1C2nju9T8TMtlFe6dpWreENK8LpbaPqfieKyF15l5paaN4kto/s8vt/geCw+Jeh6B4p+DXx9t72+Gm+C9d1TwN4g1Twdf3N0mp6lpuqeKZvFGnaTFPYmTXtVtY7C3ktNM0q88O6pd6/f6MLlrm3sGuXWly/FLwz4YsPEsT6T4C1PRf+E9+IHjy7+Iuk3mu+CviFo3xD0bVj8M7DxBDqepXNrb+HIr/XdC1Wwl0azSygRNLk1G0eeR0/Mr4/f8FPf2D/gX+0wP2UNfPxV8PfEXxdpXgK20+DwN8Nvib4f8XaNrvia80Tw34KstM8QfDmC4PxH0/wASRaFF4iF7JfXa2PhzTdVuLW/8QQ3A06IA/WjU/iBr/wAMrzwJ4t1SzvvEyeM9Y1nw18PtLl09fFnjnw1YazGNQ1DxHB4tit7nWYfAxsdOtJ7/AEceF9R1C01d4EuL5tMhTy6Vz8XrHwfp/iDx7qsEcOteIdU8QW3gDxHe6Z4g8P6j4ttPCM/i3xVpvhnWNL1wW2uaRc+GTbeKrA2UVibfxJYSWV5p91FbXF1Z235f/tL/ALet5o3iSD4gfBTwx8QviI2if8IT4M8OfFHStFfX/hlFda9qPiTQvGmv6boOq+K/DPiq31L4N+KTZ6j8X9C1m7fTD4YhudKtYPtGjapdQ+xeFPiNq3x7+El78fvGU7eD/E938ULW18Iad4evNJ+JD6Honwm8XeI9IsvF3g7SdM1DXPCnhe48Z6PdTQ6lDrt0bfw/qOqPoWp3z3rJp1mAfVniTwTqXivWdHn+MHgSK1uL3xRB4s+HyaifCNzP4T0jxSt2/jzw1ZXyw6t4jg03U71rJfE01tdX9rq8Gs2GnBdP077dHZdrP4H8L2mqaT8U0+GOs/DbWD4Utdd8Y+JNO03w8/iJ7aXSLnW7Oz1Pxl4zhsbqPw3o/iPTbF10WGeLU5teGmS3+n2ek+c0zNM/an8HfEP4feE9U8Sat4f1c2fj2T4UePdM1NF06w1bULDwvrN34wsvEMN3BdaTpcenWNvLr91Fa3N1pVylhFDpes6mbm2hk2/Es+uw3F/fTOPEGj+LG8D6J4k8J6lqesDwdpXgXxvbRad4kkttY17xPomktdwyae89sLDQItT0+zsngi8PpJq7XUwB498TfAemfFrw5411HXfih8UtS1S40T4ZeIYdA8EaRqfg6+vbjSNd8YWy+Iri1TX7DR9e1fULO0ZL7TLOa21+zg8NaTOsH2ttNjrSu/BcXw68G6Vf+CtG1PQbTTbLQPFvjLQNX0+Dxb8SNU8O2U8T/Dz4e2UF1feIda8N2ej6vqOqXuk29nGYdO8Q6dfRac9hDMr3Ha6t4Qu/EUWofBO30Xw58Mr7Trv7R4H8ReG9Sg1HV5ob5dS1vQNTt9Os5bJ9E0rQvEk0o8N3uvfbdM8Q3Xh/UFn02wmv9Pznr4N8X+IjdNp3jTxW3xW+Gl74k0/x3q1/pkvw18M+JtG8XWYXVB4TuvscsAHhjUJo73w/4l1PTdYOp3Wk3toLmbP2i1ANX4TeOPFd2ul6vq9nqHi2HxD4VvfF+ieGtQ8P6T4RudDuovFXie713UYmW6XxV/bGraVreiLqVjbabf2UENhE0bS/2sJm4jQPif4r1fwtq+oeOtG8O+EkXWV+Hfg34c6/rur22gWXjmbwxd2mmeExqupWd3B4x0/WdEvmha6t/CxtodckYJB4ihji+z8P4r+JumeJtB8eeHdQ+B/xV+HOoXGjaRodx4o8KRNd69H8TLjwbZ6xa3vhnxT4OsW8VRazqWg6tZ6DdeKNWuLez/tU2dha6den7Zt6n9oL4rfBD9jX4IeE/FPj6Pwn4QtJdQ8Af8Jpc/EG11G5h1T4g395ptp4GtLme2udc1LxH8YrjV0tTYwNq7vrH2S5GrapZ27QXtuARr8YtR8MfExtP+I+o2ms63L4T8D2ujRWsOkeMbmw12wN34esLuNrPSfCmk6Pq8njjxJpVvHqFzIttcWV/aC20fR4f7Qvk77WbX+0/iB4Lm+GmqfD+a18JxeNvGHiHw/pnifUfD4ufGniex8R+HrWS0uNP0/VLlf+En1f7deeJItOu4l0XVrC+v5zq166XI/IvVP+ClHwa+L+l/tEfEz4U/CnxX488D+A/hPq3jLxv45sPCOk+BdB0fx78N/Guk+Cvhx4G8A/EzxFrml+Fh4nbx54Z1LXNStru91XRLPT7LSZzqNxp72t3ffMGhf8F8tI+L/in41+MP2ev2erfxd4p+DPwY+N/jT4S+NPF8vgiZtX8Z+H9M07SPDfhu68LeHNLk+LGpaPrOr2PjaLw9/wiOk3Op+JDomqtOYPDtlqHiWxAP3E8dS/tO+L9R160Fxpmm/D/wC0eBvCmheGvE2iNp3jXULmIf294w8M6BfeKkmT4iaD4i0S3s9E1uW51vS7y8l0zU7+NFgjjtri/od58P8A4VeI/wBnXXtHu7f4RaP451e88B6d8PPAsHgfw94fsPEPheDxXPqHgfxVY6ddjxN4uubCfWvF97qF7o+q3mhaNqenxeJJNLgtotQvJv5UfAH/AAVA/b1/sr9j74v6d+01eeKPGi/F/wCNHw2/a6+BuuXtx8UfCsPxn8WeIJLj4a6XZaX8Lvh54j1L4Y+EoX03TdP0fU7nxZNfeD9C1G70u90e6kvtQtda+YP2qP2lv+Cinxf/AGgfjVa6d43vvEGvfsn+GP2hfH2kaz8NvCFlp7+NvBnxN8GeE9P8I6d4E+AOqeI/EmjfFzw7fa7rP9vQ/FHRPCqStF4Z8T6zPPBEV+2gH9Mf7RX/AAV8+BGl/tG6f8B9ZsvHHxl8Xjw1f6rb+FfD1nD4U+Gej2HhbU/B/iXxf408R/EXxH4nt/AXiLSvh/4T1yPxND4j0q0S38vRNaitdRj1hdLhuP0luPiz4S8Z+HvD3hH4AWw1fR9T0Lwn8P8AxfY/C3VPB1nqvw70DT7ebWZ4tY1M6ybi00q78PDV9O8N3Oj3QNvqD+fZ3Dpdx3cP+fprP7H8fwb+F+r/AB0+K2ua7YftFfEfWPCfgn4QL+z98UfDmmaT8K9Uv76w8YnTfjB4N+HXh1PEfg66tfEfh3T/AIWeMdb8RaXcaD4c8LeELaTULK61oRWGnf2JfslweJviP+y78OvD/jHwPqmk+O/DXwi0G3+J+haFqnjKHQ5virpniDTtJ1aSLU/CXg7Q9V0dLrT7zV7XSfEvw/sLvTPE8Wp+IpNTkuItJt7u6APsa08TfC6SDxT4V0fxX4s0rWbO51zw9oU+p6lpd1420r4ffECO11bxze2+p2tzqOvaRJ5k9p4itL7xFHbf2ktjogtTOl0bmSLSvBPw/wBG+H48N+B9Qi8AeCvjf4xGnDTPhbf6DpF94w0BNPuNAtPEOgLpskXh7TNUutZZdd17WJtU1TV9SgtNO0u6Uy31poltteIbvStb0rxdaaV8P4PGcHwy1PSLLxYLrQHk8e3lpr3huWPRrC41fxVoulDXYrLw14mWwns2tdW1+1Gm/wBm3UGrXepSGGl4Fn134r+LXl8DeIb648AeAr7xx8PdMtfE/h/xB4HuNA1P/hHZmh0rwjqWkaja2OoaRp8+l6Dfpr/izRrq5tr83l5peoSTSLa6eAep+IJfAGgeEvBngWH/AITHD+C9durfSdf+H2s3uueJ7/RbzRNU8XTapY2Omvpepa/4ja+SXUI7LQTc6nJJqzWV3ZzmeaL538LarpXxKlsdc8E2vib4Zat8J/J060+GXiOa88Qajrlr4r8C67JYSeK/g4ktguganc3t9bXWoWQ8i8nihvLuaO2s5or5/oX4Ua14h8SeEb/wveeK9H8J6vJd638H5lPiPxB4svIPFGh6dOs2u2/iXV9T8KareXxh0rV2uZ/C1nbXV/dzC9up/PsroReOa/8AC1tM1bxJ4rm8ceMNV+0XfiK51a/8NyeF9W+J+raboviLVPD+s6bHrulaFdarq/hPRRLY30/hm4dLzTGlgspbsQWkwQAg0LVLCDV1j8VfBb4oL4rk1bwfN4z1CNLjWtI8SLLrmlXmn/a7CVNe1zQLLQrjW38ZT6NpFoukWesWWoWF5qk9hPb3GqY/xS8O6snjq70HxTNJ8UtD8GWegeKGXx1f6Zo/hbw5bav4oePxyvj6w1Z9M07xLrWsube5+GV5feHoNAhudBtodPjtXsbp7z0TW/EWmeNdB8I+AfEltr3g+wvP7Dl8JfGTwz8S7wxeL9BsprHw94P0zxv4s07RhZyeIda8TeJrSx1PwddRanpoF99ptZ77ypY7f6T1XxX4Bt9Ul+B11441PSvHo0zQbfWta8QxaW2o+TqdzPLBq2jXPibRDpWuNcaqq2cUVraNptu8nl2torWn2eMA+J/Fen+K/iV4gi0b4OWep2Hg7xtbeBR4T+L/AIKvvEsF/ougm48O3gtZNa1HVtGn8TuraR4nsfElrDcXJ0yzuPDxn0kwnWWj7bxF4U0Xxf4Fu9G+JHhrwjqPjH4f6zr2mtf6LrHiPSPiPe+IvAktwnwptdXvvCl/Z+Im1PxF4PvdZazke5Zb+S+tbmztC2prp6a/je98OaXpPwfi+JOvWuq6N8OfEz+CW8Z/D/xBYfDbQ9a11tN8T6V4wgtE0yRptFh8PTaSlxqOkRa/p8i29rc2kN3qd/ay6ZceMv8AD/4lXU+kPqfifVbL4bQXt5rXgfXL/QPEfxW8XeKv7Ks/GN5pGk614p8NeJ5bjxFovhXVJ9N1Lwzq2u6b4b8TpZpptodRGu273oAPzi/4K6/tGftD+Hf2W/CHh/4b6/8As8fA740/Hv4hX3hHwy3j74nS2fiXSdHm0nV9d8V67pkni3wrFfaF46/4QHRbTRNMvfEGn3Or6N9sudD0/Rp9Ru9Ntl+9PBE6fE/9nb4P33wi0+OLXfG3wY02bxNZ6j4iuPCXi4trvh+Rdc+J/jvwB4ju/Dep63qvibQ4WvbW61eLRddm1TUtPi1fGllZNL/mZ/4KY/tFfATxl+1F8ddJ+JmufHG11H4e+Bvgj8PPDfgfxT+yhJ8Tf2TfEvxF+IF1aeKbv4gXPgb+3tK8eQfEuDwzolp4et/G2reItele8mvo9J1KXTcaG/8ARh8Bv2g/hj8d/gb8DvjjY/DjxN4P8E/GXw1YeLdf8MePfBp0XxDoPg7T9LPhLxRpiWupeI449R8O6+2h6WuiaTbXOtaTBZX3h5tCimuNOs3lAMv9qf8AZ08BfFL4J2/wt+Evwh0Pwh8Yvg7osVv+zFocvg7w34w/4U58Q/DHhayh0j4r6f4WsrGS5e51HwHrkWk+INW1/UprjR9S8O6TYeGo77VY9KuJ/wCd7wD8Kv2nf+CTnxJn8aftVftG/HT4j/EDxdc/CH4n/En4c/AOW98e+LvGXgp76STx5e+Oo/Gmk3XgL4feBtS8ReLLeCbw7JpHhnxn430n4beKvE1/fTaclxBF/YdpOsaZ4n0bXtU+AmvvF4U8VvYeL76fwzbeHo/GOlaL4g8LtZxK73N9d+Jb7xTrkLWeoaTd6jNoVrolhDaNc3It9Ll0+5/B/wD4KTfs+fDLx/J8UP2h/Fnw++H3xX0TUrrw3Z/Hj9py9+ONp+zh8SfhZ8PvhT4B8Ya14bs/hvP4RvdV8Xal4xtrzUJPBWuab4s3S6zp0lzpdxZQ6fs1XTQD7d/ZF/bG8K/tzfs/eFf2gPhZ4ttbnxH8YL+S98JeDI/DSJ8TvBfi/TJofDGsWPjXxF4cv9F8EJp9nF4YsjJJqelXcE+mWV7pTw60o+zN9HW97pviLV/iz4M8OR6To/iH4m6j4Z13VfCfw+8UeHfElv4m8UWPh4aR4w8MaxB4p1DRbeO98K6lYS6prGleDpPCV9aaTZ2moDVV1C7S0j/Cn/gif+0t8L/EPiT9pT4YeFNP/aMsvgP8IP2c/h1qngIfGSLw1qdh8MtR1Dx5ceEvEHgSOGTwxZWHjjxFY+IdHuvFema/c6xr194xRtfutH020lN35/7sfBa68X/DbxdoGja74T8ReLJfFPw08LtdS6xc6Bofh7XNS8cQ6tqUEGmab591a2OsbNJ1i2/4R5RBp0Uyi2t7mC0u44HAPVvjt8Q9e+HfhD4o6/rPgzwRpXg3UdF074feAdQkksfAXiDVPEWvTX+lxarda94iuYY9LvJPEOvxaJ4f0mSWZ9YvLmfVbS+e3vsJ+QH7GHxln/ao8d3Pw28b/Fe9tvjL4V+E3gv9oL4Zfs16b8NfGWiX/gj4YfEyyufD2rXOo+KR4xvPAHxD8eTePZJdbt9R0OF/DWmeD/EEVsft2lubfRPrP9tD9sP9lj9k79nix8YfEjwbL8QPif8AHv7d8GvD/gH4i2vxA1fQPE3xAj14+FvE3h/Up9G0rxFoXhjQNNs/7T1TXYtGgsb7R/Dujia30ua3FtFB+EPwF+DX9iftd+G/2if2Yf2T/jF8MfAPi79mbxRH+zPEfjQqaZ4QuPBHjXwd4X8R/DZPEl74m1PQPD3hn9pDwgfA1p8GdDuLbQ/Eekf8Jdf64YH1a7l1qIA/rA8KafYP8PL7RviH4Wb4gvrEdhqHiDwT4q1+O40bwKupXlnfan4asNG1zUNb8Q6nq1jBZWd3ZaTJp0Wn3F5LY2Fra6Ra3F3Ha0rfQdJ8HXnwvtIPA+g6rp/w3tdbuE8UWujW2m6fL4U1LWdCifXPDGiaXZXNzd6xHp6QW99o9pqGkW93r10NRtNB1bzbVod62+Dmsah8QvAnxi8b/wBhaf4vtfCNtdSaaYNSn/srU18L6nYalp0d3rl1rNr4mv7LxLeyTW1/Bo3h7Ub2we2+z6xeWVnLZXdvxNoWuWfj6T+z/iZoOm+AbnWdRnsvDk2px6bcR63EumQ2cpi8L6P4d1HT9E8LXXhy4im0fVr7V7LxCl09vqEwjaF4QDm4PCmjaJp/h62+GnxQ1u+8FeO786a17e+GW1XTdI0vUNRsbG40fyoo9LgttW1Q3UWlWN94ig1OPSb2zbT7u2eG1RdOsz3a3cloktt4417X/C1/oWnr4ei0+00mTSfDE+paPrEml2mkW/hiLw14gttXbwhpkU99Y3+oWrXuqeJWsdU0vTrSWaHF0DTX+Heg6h8P9Qj0ex8V6JpGhzweLtD8JSW+j6X4o1mxlu5/Hjpqd3p/hy60vw8LLTPEOtWM9tHaLq7JdWV1c6tc21kNPxd4dHxP1LwCnirxl4X8ZfEfR9E8ReKj/wAKll1Dwis0aaZe6No2v63cf2zq9+lnYak+ueH4tOOkeIf7QvNTCW2mpbQalEADY1n4e2fifxzBqEnw6+FupfGnRvAz6HoMF/YaXDZ+A/B+qrd28uma9pturXmtvoeleJLeHWNBtvEiaDq8cK3jLo811pySeXrrVn8OltNK8Ea/plj8QrW90K28RfCz4XKviPxs/jXWbbwlDeXmqeGdVuZrLwBoxtLJtJtFudXj0DRtBFr9nuSL6JIu+uNIsvG/jPUfjZd+K/EVp4Q8W6p4e+Gt7ZW9zp2jTeDm8IXeraBqg8QRXE2iJ4h8Ha54imWzkN/ZalqNpMzSWkiWuoY0/Z1jw98EvhZqXibStB+Etn4t+J99r1r4mh8bWHg/RtV8Rar4uFpDFo3iXxXc26wzWEet65DeaZp+q20enWds1tefZmsILF7sAHm3ws8Zx+LrTV/Cv7QHhPUPEfjXwrr2snxX4t1nTf8AhG/COmaFp9naajZ6J8PPEt3DdDxHZ6jeW0Et7o3irxALhoZ9cnnuW0yO2gkbq17qfxUF/Z/tDeANC03wJ4f8V6DDofxFGphtc8daL4d8f6z4c8P6Tq3h3TLa90fQFuYZrbU59Vurs6TqWnapFPFHpjCSXS/UvCi6J4e0SK/0C6t9D1/Xtb8SaT4gbxD4j02y0zw5peg2/iu51m6nhlg8RaLLrb+Im1ozX73Gp69qTNd3moXtzFYXljb/AAj+1t8c/hN+zjaWPwj0HQbvRfFX7Sutar4k/Z5+If8Awr8ePfhx8QPF1h4KvfHeueAoodU17VrufVvEWk6BAyX1rYeGtN1DU9UsRZXhuLS4miAPtf8AtX4X6R4bu/EWpWPjP4h6f4V8ZeJ/Fvhq+uVjt9c8LR+BvFB8PadY+EYbO/sJtQ0P/Sr7R7Czj1DzdS024lR9Pu4NVufP5HNz47k0jSNagvvi74pbXtY8VrqHhu21Twn/AMJ34R1BvENrHpF7ol3f6Lpni7wj4Z8Oa54Z0UTXOvDTrq9Z7g313cLPFL/CxYfta/8ABSPxTpPhPxZ8Rv2oPDL/ABI+MPwp+I/w6sfgx8R7aP4IeObFb6w+Eej29v4Qk8RfCvWb7xprPhxpde1uI6DFrEsXij7V4cju9V1yxvrCL+l7/gmt+1dr3iX9gu88Z/Hjwp8UPBHxisfAnxG8R+GvDniq703wP8RvEXhr4XeJPEviDyfDug+DdL8K/Ee5+D0NidM0bRZrzwBDqaWUl1OJLuS7a8lAPrL9t79lv4n/ABo+C/xI+G/7O/xQ8R/Bn4rfDnQPGOp/s9eMYvEWr+FdLfXPEHgmfwRAy6p4d1+LTtRtfCfh3WPHHhvXf+EgtdZ8S6VqsWjeKYMS6fYw3X8xg/4Nz/2gorv4Pzftjft1eErb4KD4CaMbnxLpXxG8ZaTYat8ddL8Y+ONb+A/w80zxN4wttStvGGkagPEmpWl34j02TTdV8G219e3OjaDbMmkm7+fv2iP2jP2qfgN+0jqfxh8R/Gb4l3WjfG74z/Cz9r/wT8TfB37QUXgD9kj4h/DnxHaX1hc/s++D/D/jjS/EGhahJ4U+Fup33/CQ2NvfXV09zoc1nqGhSE+E5rz+zr4QaVqfizTdS+GHhr4g+Gk+H3i3wj4OHwH8J6dfXfxY8FWviybwnpvj/Vda1nV547DxIbLSJ4FtleGaz8FajpmuaTbrYvd3VxYAA/kI/Yf+B3wB/ZR/aI8F/Cz9qnwF8PNWTxvpWheH9D+K8PjT4leAPH0P7alnoXhX45T6P4L+K9xpej6VffA/xF4ZtfAPh7U/Hus69BoT31ncT6hrOo3Go6hPf/1//s3fsz6X+yLaQ/Bb4AfB/R7rT9N8PX+tDUPN8RSaTr3i/wAdeJtV8Y3+r6l8R9U8T6w2q+Orux020ttb8UnQGM2sS6JMmpwWZt9Jh/DD/gpP+wdF+zP4s139pn48fEjw34c/Zx8Xav8ACPWPjn8G/H3w/wBF+OnwE+I3j3TtJbwV4pPw68EwX/grx14R+JGu+FfDOkeEPh/F4aSDTLXWvEMogXRdNklurPzj/gnZ/wAFgfAvgP8AaX/bC+EH7ZVzqnw3+CHwU8R3Pjz4FfFD4geHLjwh4r8B6L4qvNItNN+BPxR0r4dppfgy5m8MyeOPClp4ObVItPWxt9Amt2v7pNOsXsQD+hTxLoX7Xt/4r8ef8JRD4C8RWD+EYrbwh4QudTgg8X3mt6vb3/hzxXptx4u8Oat4HtdZsLq5sYbewQ/2Ktodd0XWLmxTWNPaOXm/jHrOh33hLXdK0e1+I1pr/i7wl4tn8U+LtA+IvhGLxp8MfD/w4sfFGr6joupwa18TpLbUfEWh+MdL1Dw94b8YpENO8P6prHhdL2e7trG8Z/qvw7qPgH4n+H/E/wASmm0fxnpuueMPCHjHSdX+FWq6n41vLfwONOsfFXgTX9W8H31vcJ4evfEUNzbWery+HNM1OXUNHmsr6WeSJmntP5ff21Pjt4I/aW/b1+NX/BOy41HwR8E/iXrP7NemeC/hV+0v4o17xfrvxP1X4lfFHXdC8R+KPg/8J/Dum6N4Xhn8OeMdVtNb0fxTq/hrXtBu4YYL2203Wisdv4fUAj/YI+OP7RXjX/gm94d1X9lDUvG/hH9pTwX448Q/B/4naf8AEPx54f1/41Wvw28Lan4lv7bxN8OtJ1Xwr4c8NfEf4x/FLVLWLRbrVvG2oXGi+FLqO41mz1m7s9PuIbT6v8e/tt/FH4G/Cj9nb4X6bZeOZviP+2L8YPDnwe0v4geFdN+Gl98Q9B0xPCV3F8VvG3xI12E+GvCa/EfT7zTH1jX9a0vWr3QL200ea+8NvaS6ZdXMf6EfCr4ZfCr9iTWfAPgP4d+Hx4p1/wAB/sxH4TeGJNB8GeLtfn1Txb4btLTWNQ8N3MxsNat9QutQ1jR/FOqrceIvHWq63JqOpXWjC+gaBZZ+Z/bM8HeHdQ+HHj34weLfCdhoXij4K2kfxc8F6donw51rxD4z8Oabqupajb2/izwboVhZaDqPhPU9S8Pz+O9O8ZSrDd61e3vibUrdpTbWukSSgHgXwp/4Ivfsi/C79nT/AIZ/tfjR+1xrXhX4wXfhzx9r/j7wz8b9bsdD+MbaVrHiXx3YR3EtjNHofgPXNa1zWW1LXL7QZdJOumy0LT7vXmF25m9n+L37Knwi+Kd/4Y8Z+D/Ftj4es9E1f4N614Z1X4n+PpfiF4htrb4U2X9g2o0my1qOeS607TYda1mw8ZHRvGd49xqOl/bxK+p3N4bn6B+CHwg8IeAPgV+zVfaz8U5td+K/w9+HSarc+NPDHiHxR4g8HLp9roTRN4617SPiHqWtay9j4h0jw/aaBquieJPEUz6U51E2epW97pf26DuNe+JvwNs/grD+07b6Z4G1DQvhppHiDxL4d1n4g6/p2inQvAdhEbf4lXmmGC8vbKBrzSXkudC03QJoLO+fVdFtHtFntonUA84/aQ8NXnjL9nvRP2WL3XdL8ceMP2m/hd8TvD+pxeLvAGrwfDy71C58OeL/ABLqOqrPY6DBbeHlsdScNdeFr22l8Q3cen6dZylZEubub+Y//ghn+138Wf2SDf8A7Avxw/Z013+w9a+KGteAdB+NcOo+E/DUMus+ONf8N+MvEejXH/Ca+MtPuf8AhLPFvgLUNT+JOrQ2WrWuv2Xg7R9Caz8IXElgLm5/qG/4J4/tBfAn9sH4K/DD9of4XnxTq3hDxfrvjrS/hy3ia/19Nd8GXt5c6ne3Gh+IbCDXfGN7HqLTaXqCax4q1nUdOTUobtIrFPIu7e0WL4ufCPxNoH7KHxn1C98c6to2r+B/CvxQ+KOg+NvCfh/RYfiJe3+n+GvEURt9M8Qa5qHirW9Uk0bw9B4k0jT9Z1Hw/d6xb+G5tGFjBcXelSw3gB85fG39tv8AZU8N+FfihefFvU/Afg7xT4u8f6zH8MLLx1p3ir4TTfEPxN8NvFj+C/CGj6JqPjf+xbo31l4i8KXN/danp1rJ4W8SaJLDdM8ltrAjl+5rzQviBDDaN4j8Y+DvBPg3x94dsPGvinRfAcGkeJPEPinxPoUFtdT654L1jV7a8tNOt9Tsxp7a1Be6L5VhfvYLpWtveai93H/nV3n/AAUL+JHjz406j+2x+1n4D+F/xA+FPxn+GXiD4Qt8OdR8Wal4w0/4K+AhY+CrLStO0HwPo/hmS58M+LLjWNX0v4o6DZ3+r+H08c6d4g1f/hJrmSzlW6tf7OP+CVcPjv4rfsEfDHVvj54J1Hwn+1VL8P7u8e48X3Nn4GW78LJcjw38P/FOpeB9K1a50Pwb4Q8X+Cz4b8RXx8MSaPN4sj0l7waZK8cPngH6Y3nifRPFPxH1Hwv4U8L6b4o0f4M+F9V8R/Cu41Ga/wBLL+OPBOkT6bq3hbxBFc3h1S4k0GbxFo+p6F4jttO1Dw+sOuSxRQR3lrZXMmJB8RIfi54B8e65daTb+J9Q1DTtF8Fav8JbWC41nUvD/iDxPqMnhDW28eXDaxB4fisIvFVi2pST6bo2nz6PYaLqNzIDe6m9ovq2m+I/Hfh7S/C994pu7PSNB+Hcuv8AgrxRr2hT2/lWOoSQafomgeKdV0/TNGmXXmvVa21qSJpdP8OaPYalqE2vJFc+HLa5n8Q/aO8Zp8CfDHgey8I+H38Zn4yfG2XRWu/DmlX3ifw78N0gvdV8X3/xG8d3Wg3mi2enaK2r6Rres67d6lLaae+pXMOkzX1vbWcckYB6TfeDfGml+O4fGPhu21rw/q3gLw/rfhzQ/BeqeFnn+H/izxJF4Dgn0LV/Cv8AZHiOa80zQtNtrRNPuJdW1O38Oi6kFvZ2cWu3bXS/HH7cHgnwP+0V8D9Lm+Lnwgh8afC/4WfFPw98Rfi1pz+NfHUuuf2h4IPhnxsZPhZpWkeD/E2p/EPVrbxnpT/D/UvAoh0q5u1nvraR7e8uwT8467/wUt/Zcf4w/Dv4D/EX9pzSPDXiXxpqfxu8BeJtW8c+CfE/wcstN0X4W28GmeL9E+H+q+LPFEMHgbRvES6Jb29pqXiTxFLP4kuJf7Z8KTrKY0tPsbxn4U+FH7V/7Ott8PdD+IfwF+Mvw2+Kd54fl8GeL/C/xe161lj0rwvD4Z13SfEmj6zo2tP4gj8eat8QLnRJX1Pw9rUOp6bq2s6DNqEOr3MU8V6AfxW/tDf8FFvjjYXGvfswfBvUPgVa/sBfAHQvjHqetaP8GvhcIfCvxn+F+m+I9b8LeD/Cv7Svwiu9Th+J3hzQvCXjkaZ4M8Wazpen3Ivb65tvF8eoypcafrR/T/TPhb4b/ae+If7O/jq1g8J6X8b9B/Yv0X43/sf2vwM+A/jz4Z+GPBHx/sfDekXPiPxN8e9M/wCEo8P6PFaeNF8SaZD8OvBXijxFp+ux6nHJcWOvzaXqZs/EP9Lnwd/ZQ/Z28IeEvHUPhv8AZ48GeF9K+JugahonigjT9U0218X/ANq3Gr614pPinSvEWlaZfaRc+OPFQk1nxLBbNrsGqwNLqF/mG/Fxc+4eAfgRrHiD4eL4Y+Jngfwn4I8VWekaVbeG/FHgOy0bRYl8K6Zc2a2mn3bx2Wq6bayWun2Gl/bfCt5BrGitNZobfULiAKLUA/lV8L/8ER9c+PFj4N+Met69+0/pEX7THiXRfjD8e9A8X/Ebwn4P1j4Y/F/wl4/Fvp3w48OfA7wG2o+HNR8NXHhXxP4m0CbV7/xFHqHgy38GWGt2Uum3wmR/jX/gpn8VPgNY/ED4p638Hv2XfHnhmb/gmReeH/2PIPFv/C8b74QaHf8Agnxv4N8X6g/gnwLafBdpNQ+12V3LaxX2u+ItUSx0Xwsmo+K9R1c6jJ5Gm/2tx6HH4T0s+NvCOjWWsfETSNI1u6stM1vxXpzWOvro+s6no8Pgj4dLPb6ZpWjT6fPeJa6XrK6LpIvLmbSI7m5vvtN5Kn8OH7aX7aOg/Dn4p/B74V/sD/CrwH+07+0F+0LrPxF8WfFLw78cvCOkfFzxVafGjxzqWp+G/EXhOy8WeEfHVl4E1P4ieG/C1x44+Hmp3Flpn2rw/wCGtTgS31rTgvhy0oAv698b/wBnr4kfsxRaP+z1+xP+zL4U/aiv/in8Xf2Q9Y8UeCfivZ6roklj8StL8UeI9K8UfD7xB8VdH1fSviJqSXV3f+Ifi34oMV1pFtbaZqkej6vcx6k2l2X9m/wAuL/UPgp8MfG1z4M8QTahoNl8P9K0vQ9M13w9rujfEDWbFWs9U+z21nqvhfTpRoGlw3jx6Q4tfDXhrV2u9Ts9P1B7FriT+ST/AIJCfs+fFX4MfHD4E+FrvR/htqv7S3ijSNS8B/tYfCrxhb+ENb8U/sreCtI1S51r4TR6p/ac+lTeD7nVfBn/AAnWnHSdL0b4ieOdT1PXbCHxP4iu9HB02v7BfEGt6zpstnrtxc+FtH+GXhcPp3hnxBB4s0bwPoXji48S6/r/AIUXQo/DGqx6hoFhL4Y0u9OsSa9Z2ST+KLv7BFaRRW8l1ZEAx/2j/E8fwq1H4f8AxPi+G2oT6h43+JPh3TvG/h7w1oulx+M7vxV/ZOr634SXXdQ1HUNX0zxa+jGz07w3pltDPBZR6tdIuma3Zx2rWsNPx0lzaTzXGteDvEOj3HxPewvbrwv8P7izttS8RS6pe6k2u/DnXYPEWuf8K+s7z+zLC+vvFF34d1Z7ue4OpQW91p+pS6Xe6ly/xQ8MfGjS/iZ4F1O00XQPF3w40y8stM1LUtY0XxP/AGhqk2h+FvEo03+0L6x02SC01Y3fifUtUvfFUEelaQ8mkwbdR0+e8EEPqVjqk/jzw14S8cW8Gp6mfh34k8VeLJdbFxP4e8MLZ3lx4kuNS0qGOL+1PGN42jzaNa22o3gh060nk1F5bW0mhil8PxgHmGhaI/xk1abxzc+KJPBV9f8Agjw6/hK0ufAGtxeFPA2rWtn4p1DxBrnjKC6v5dM1LXLqw1bxJHpMN7qOteHdHt00fWC16NW01Lr6JTxRpdxq6/FDTPh/F4o03QJtG0jw74702w1G31uy1vxHZXlt4h1m/tLSOd9X8CalaXOhT6Zb6YuqxQ6xLcwaxBpo0h7i0TwR8XPDGueFdK1ibStW8ZeDtE8Ptren+IDqVjdaZq1m174gstNSy1WS3tbfULg6TpdzFrM2vX+ntDCbHT3WXUb66tRwdh8PD8efgt8R9N8BH+xr/wCMF9EPEEXibTLmVfCnhQ2uo3/hDT7KytfEsk3gfXbbQG0S906e0jc6VPf2GpyeHUuprpAAcDr/AMU9F0rWdD+DXifw+/inUh8RvBWoeO9NOoXWl+HW8URa9a6p4W1XS30651W20U+PJ7K18SaV4cE9ro0epWtromsmyPiJ5j6Vr1r4hbW9TjvNatNF8beIPEmu6x4e+MXj3R7WDwnZ/D7S9d07U9Z+HMui6veXS2gXwzb3FhJp+mHS59YbwpqXiS6k06RYLuTx7VPEvh+b4aWHg3Uk0HQ7r4I+KLTwV4O13VvFOl3uv6tceAtCtLfxlqKaZZ6d4Zay1DTPB9vrPiDT9TuJbC7gSbTdS0mZYruEQ9xeXtx8R9JtvhJYaX4Y/aGubTxNZRa74ga90jVp7bwf4hs7rSdZvdV1Sz16zvNK1EWzazpt9FO9nJqks9xa6dZf2bDcW8QBx/w9b4Q2tpJ8H0+Iui6h45+GMGpeKPGvxG1DxLp9h4U8T/EPTfiB4kOr3HinR7+9N1YXut60/jK68RaLaaC+kQ22pSQ2Oqwm00+SPrfib4g0Ozf4b+EfC3jHTvC0XhTQLjxvpOt+BvCl1pvwy2izFqdM1SyiuUW00fxffjUp/C93ceLtA0+71OGx/s+XUr6xk3+LfDT4cXl34a8afD34w6ZZ+Cft3xT0rRbq7OkXy614v0XxLpGpw26eOPifp2ovJ4x1G8vtY1PS5Ro97ZGx8aINJEs1heRo/wBNfEXU/ghd+EPGOgW3grXU1jRLrwh4a8V3B8I6/wCENRu4j4wlbwpommeLL19PvLp5Ncvb260LW7HXJfDsGrQPPNqNpBcFnAPwH/4KZfBn9lDx9qWm6b8QfAFl4h+KX7cnxa0n4e/DfxvD+z1qfjW5+DHjvTvho1x4O17xlqvw2g+HXj3S/DHw88Z65rzXmt2Wta3q3/E41+XVbi/tPD+qRab7j+xbr1/8PPFXiD9me5+MnwyT9svX/ix8Sfif4U+Cmv8Aj/VPi/dad8C/D8Pivwronibwn4n8Y6SNT/4Vn4ls7ufxp4a8E6p4hkk0DVbyeKx1q60G7eOy/Q39vT4a6l8V/wBjD4s+B/AVl4I0T9oX4m+DYP2avhn8U/G+teIfDxubrxY9nYW13p2p+CZNN8UaTca9Fql/9tm8PXKQy2iXFxqN1qWlxSWtz/D38Svh94x/Zi8Zaf8ACXx/4u/ag8A64/7Sl38KvgF428FeJ/D/AMPPhB8GY9f+Id94Oml0+Yv8Y/i1ceD/ABdaS+N0+H+n+Prmy8NS+Kvh7f6tZz2kDXk2mAH92PhL4Z+F38S6VoWnaJBpfhDwr4ph8V+HY9J1DVfCOk/EPW/EH9veL9Z0fS7mwvtfTUPC3hXwpqcqnT7O4Gg+INWj1LRbZ9M0+PUrCT87f+Co2rfEL4dfsS/Hyx8I/tGaV4Ntv2itMig8L/ELxXp/iiz1n4YeEvF/ijVpn8H+C/CNzps/im8+IXjo3dt4W8Jw3Piu2u9Qnlnn06w0fQ/Dk0lt8pf8FKf+Ct/xY/Yan0L9kD9gz4O/Df45N8N/gFrNh4j+NHh7xXZeOPHPwn1bwvoFxp3j2bx58L7fRHkkudB1bxD8P/G+uX9iJrHW9Ou9VLwwZEGn8/4Ah/bi/aH/AGbvif40/as8afDL41/HfwF8DPE/xU/Z88F/Cj4St4C+O/gD9oUaDP4X+F2hC6k8Q3HgrTtQ+H/iXXvFEvi2XxN4Z1PTNVtPFMF219cWmlxTW4B8Gfsbf8Id+xV4v+G3xf1/xvaeBNJ/ab8CfBnxn8TfG/xf8Aaj4W8XfE341+OrrxBovgDU1+OuifEa8+Fmo6ZcH/hI9e8VeAvh1qMlzbz6hqviHxyl5PZ3CQ/2K/DLUvi7rHwq8NyaT4k0jU5YdF13xLoPjWC78KXfgK00/wANafo2l6PpEVpoN7o1xfRa5peoajqU102qz2egeL0vG+13OmLZIf5If2U7L/gqd40+Ofw10D9rHWfGUHjWx8OfsmXvxl+Gvi74V+Fvi34Isv2Vvh/p3irxLrPxL0TTtVn0fwZ4P+LMnjLSF8O+O9S+E6eJPGFpHq+mi6trPU3vLa7/AKfP2nPiX44/ZO/Zx+OPxC8KXXhv4g6npFrrh8GfAa98ITXmma/NcaPb3F94Lu7fQrnxR4yu7PxJoFtDc6F4f0bTrrXLUXNxPc6Rf6ZaNDZAH5qfCPTNB/al/wCCqfw/8Yaha+OPFPwy+Afwh+KOq+GfF3we1Tw74m/ZV+OfjbxD4x8VaL8SNH+JlrLp914J8N/GfwJaX/he71m/i1LTNX8Qat9vk05jomnaS91+bP8AwWT/AGa/2nfBH7YP7LfgbwjpHxy8R/sFeMPir4P+IOgeFPg74mXxb45+D3ifwNdX/iXx54r0Dwdb6HH4TvvCGj6HBJ4yTV/G48XT/a75E07XtB1O0s7OX9X/APglv4D+LXw8+GP7ReoX3wO+LfwU+E/xI/aG8T+B/hT8F/iGdOsb74X+CNU0iGGeJdC8eeIzofjXwZr/AI88R6/4o8Of2Ta6Nq1vpMSaPFE1oYtLb6i/a8/Zwx8MdH/aB+CPi740/Ef9or9n74g3Xjnwt4N+A/xC0fwNdzeGdPhtLXxv8IH8F+PtVu/Dd74Y1rw80NtrXh/V7pbxbq7gl0e402O30q1tQD4i/wCCLY/aD1T9n7wz4y8XfErUfi+mneKvFmnfDiHxf4o/tvxtFoNveeNdc8G+GPiX4c8a6vonjTTvjFNYtpnjS68KaxceHvDdjpniHSxpmgRR6dBe2v6ueHrbRvCnxc8ZeBJfFWv/ABLu/GJi8Z6dJ4iW018eENdvtQ1/xVpl/feH7HRYr6efTNU03xHoDJpupNJYaVp2gaQIC0cl7B/Gp4U/aH/Z7/Ys/wCCi/iD4n+Fvj/pfwmT4q/tC+Dbj4o/szTS6t8KPCXgW68Brqmi+Jtd+NV34+03xPpfjDVPFfjdfGOo6j498Aazp+pRwXHhzUIYI9C8UatYab/Up/wsz4F/DG+/ai/as8LarqPh7wf8GNLvfEGtTeGvh/rPxc03xTp17af8JhqXi/wlo/gSXSZdZ8gahrOk6ekOrz29rpNtrM1/aaak+rXM4B+L/wC15/wVL+O3hvxR8QvBv7MnhP4JftM/An4I3nw3/wCGtf2hNb1HwXpvg7UPG1v428O6d40+F/xD0d5tH8W/ZPhv4ZtNck0nxDaNDew2OiXE8tp4ii0S7uLjzvSv+Cs3i/4T6LN8TvGF58Kf2p8+EvhFP4N+H/7CN14/8UX/AOzz8VPHMXxO8VwReNl8QX40hPhp4H+HniOD/hEBrfh3xBDqvj+O2js9M3+H5bKz/Or40fGr9gL9vrxH+0T+0x8Ffiv4K/Y2fxD4P8R6V8afgp4w17X/AIF6d+1D4cbW5NN+Gl3q2qfDuXUPCegfEs+N9G8Aa34puIbjxCW8O+ObpvFGkxw2+rajffrd/wAET/2gvhfrPgHV/wBlG7/sH9nL9r+Px0tp43+D2nXWmeK/EnxJ8F6fLoviDwZ8VPD3xB+JN94itJvBei2txef2R4U8OeI/G39izzT6hokN5Z3NnYW4B5h8UPHn/BTU6N8BZ/hF4B/a2n+PXhS7+Fx/aBtr3RB428DftieIvGHw9vNX+Ifw10nx9Y+FdB/4R+TT/hlpEnicz3Gm+Bvh5H481mxW3ls/iBokF9e9Z4h/4Ka/tIaT8a/hR43s/hl8V/CP7ANtB8TfB3xdm8QfDvQvGGpaP8bPgbrvxR0jWLr4j/F/4ceMpfFGjSeLNW8Fzan4feHws0Vj4g1m5k8Kad4u1yzwv9M9w3heQT698Mtc0zw3oXh2wvdD1ifQvh5J4z8cXfiPw3oOsaRDreveKdSF5e22it4Zs7K+ga+8KLJrVsbN9F1DUotQjhk8B+LX7N/7P37QHh/4i2vxm+CWm+MPgTpMMj6/Z/EbTtQ8E6H8Rde0XWo/iSfG3ijQpNI8JXE2q+HPFH9uf2XcNeaHoM1prVz5ms6j/bstpaAHgXi/9vj9nrxX/wAE9Phf+27+0V408M+CfC3xn8L+Hbie38LTaxq3w+8E/ELxlp/iHwb4H8N+KTJ4MfxrrHge48Ward6/eXfjTwRPBo99p2t6rqIvzZWunXP8/f7E/wC0f8ZfiZ+2/wDsr/An9rf9pbwx8YvEHw58N/ELwR4D8A/Arw/Lolt4Zm8P+HPFTeOfAnxmfxdo/gvQNZ12xup/h/P8O/GfgXw2PHF3Nq6S+CdS0nSpZVm8c+Nfx+/ZI1z/AIJW/GXVfgT4U/aA8S+NvCn7W+n+FpvBXjiym8X+Iryfxf4sPxX+Dn27x/8ACm2msNO+Gvw90K5vv+Fa+ErLxVZ6Lrq3mn+HtU1ae8+yWR+mv+CVH7av7N3x9/ao/YQ8OfCX4AaT8Hrr4W+EPilc+J/2nP2odI1Txh8T/FHi3wj4Z0nwzrXwx+GHidxr+kzapJpt14I1TxJ4y8SeJLXxDcB7Xw1p0WnzMbK/AP6ef2Yv2Tf2Ufgh8PdH+HHgn4F/Dzw5q3wf0q9k0XxlqWmeGdb8eeB5fGviUap4q1DxB4g8X+IPEPiKTU9Y1GadPF/ijTPFRfXdT0DV4LIadNp1hbmt8bvhF4Q0LxFq/wAVPgzP8CdA/bW8R+H/AIgeCvhB4r8TeDX+Imq32m6RPomr+IzdeF9S8VeE5r2CKw0L7J9nt9R8m3gfQZJ7i8s7Ai51Pjr8R7PxBZaq/gf4S2ki/ETRfD6eI/HXidF17XLfUZ9Tl1yPw9Z+E7tZPENx4e0i1tL3XdQgtJNOSxL3K6c1tqyXDQcbqHjzxn4p+NHwAkX4ZeKPhPaab8MPHeseJPiJqvw7sfEltpukWEerwaJoNxf2nibXn0ma502DVbnUItT8nU9UmW3tpLSO5nlXTgD+L79sX4z6943/AGpPgj+zz8QbvQNL/ZP/AGbv2hPgl8ePFHw1+IGqfDLVvix8OPE37QvirSZfG3hfSPGHxE8Z/FbSdf8AA2keIdQa11zRNCuNI8HeC9Kl0zw/pgv59Jlkuf64fgl8WPA1j4pg/aK+GPjXxB4e/Zt+JPw3l8W+CvHOm+M9H8QfDvxD40jvbnwUdJ/4SnxDop8Qalp0Hh3wRH4gEQaW8ju73WGhhuL+e2jH86f/AAUn/Zg/ZT+CX7aXgD47eILX4k6N+yP8aETV/jtpX7P9pN4Xg8V/ES/8W6B4g8PQaRDpXxI8Lap4G8d+OfGeuR3o8Q39lr2k2nhrQbqe08mOW9V/6Hf2Hde+Hnx0+AHgC/8Ag+Y7mL4R/FaTw7418L3V9pEFp8NrjxRr7jSfhhrNn8P7f4iaJ4x8U/DbSbyz0bxbHY6to1rq2rSal4h1LULe6vprq3APoP8Aai+C3g79qf8AZL8P/CT4pPoPxl8PfGvU9H1CTwnNotzquk63dW1lH4y8LaP4G8Q30mm3Wj3djbyyavN8QdQsL6fzIr64vEg2w6cn8dFj+ytrv/BPb4/ftJ6l8fdU0/Qv2bPEP7Nlh8NLXw1qOqz/ABf8UfGDRvGPxI03UfhvoyLqll8RPFV/8Q/hZq2raDocWny+AIPC91YWmntc3sWk3baAf7i9Jjt/Dmpav4fn8F6P4R8BeHjZeI/DXi/WLjVvBt94k8caVpmhaDoFlodtrF1BJ4E06HTLKPQrqFt0PiG2jvWt12vdFvIpvgxqUFn8ZJ/Gei+Ddb8GeOtC8ReKdM0OzurnUfF194z0jwtqvhldd0bUL2Lwhf2NxrVnpGh6zpVrNq2p+ZqNlc6tovibT30uyvnAPwe/Zo/4K/8AxT0Xw1/wy98ao5vDHg/UrvxNH4U+LF2ureH/ABb4Jk1TxRouqfA74F+KVuvDPwc0jRPFF18MfFfge68B+FlutW1nVfJ1LwVq9rcT6fc3EPqn/BNz/glz8N7jUfCH7cFva/GHUPih8V/Evxa1D4T+NfjpFrnhC0/Z28B3Pj6fXItBsfAnjJ9b1RvHXiPW7i88RweMdYllsdUv9X14adPptjNZxan+Ln7YP7C/xVt/DPgDw7oXhf4z+GvhbZeJPhvZax8afFuu/Dnwh4J8cftI+ANM8P6VpPxI+DNn4j8c3PxJ8d/tE/ECDxBpvwf8F2nj/wCJV3oiX2g+Jtb1V30/S7aXR/6UP2BdF0PQ/wBlTwH4J/aJ0H9qPxx4m+Dur6x8Jj4q+KltH4v1Txf4d0HxhdS+G/iXp+lyfEL4i+CNSh0fQ9Htz4lXRZNU1izFnbxTWVldeYl6AffPw7+HqeCvGuv/AB4ubrw94v8AEfhbwVpum2ukXHiHTLKDw74gtYRoPjHxTquvXctpp3i7xG19DqlvqXjBtH0VkEkuks955bpB5p8ZtUvfDWva+vjf4cyftD/DzxL8FptJ8V/H43mg6BZPc+LfE3ii70j4dQ6g9/BBqUVvc3Fj/YsPhuTT9TstVtNIgiu3n1S0ji9I+Js3hjxlHo/hK4k8aeMPCcerL4F1a5k0/QdOHjnXvFt3qfiQ+HvG2sP4PuL3wZ4a8JT2OnPay+GdRstdsLi9RHtFubKIXHZfESTUfAmmeItBmsPCHgbwVN4f8N3fhPUdE8VXlt4k8SaVY3VxLH4e0b4VXGnLDZ+JPCmj2P2dNThV9W1ePTrKOzu9JvwlzpYB/PZ4H/bmtbH9i/wd8X/2Mf2U/iZ8WPiPrPxZ8M/Cr40fsu/FH9q/4g/En4y+F/BPjKwvvgvpuvad4YWTxxpsGh+IPEPg+wF/Z69HC+hM+uavq1hp93J/akON8U/2RP8AgpB/wVL+B/wa8BfH34T6x8A/BHimb4eP42+GF/q3gKw0Lwr8MPDnxd1rT/Gmn6T4/Og3ni3wD8b9Q8OxeHvE/iTwnf8Ahi88DTaZ4eh0TRYdP1GWGy0b9H/gppHxu+FHxW1jxDe6T4sl8GeP/HGm+Gvhpe/FL4S2Xif4g+Hrv4e+GNWu9Q8EIvgzTvB+iaP4IvT4bg+Jlt4+8SeNPEf/AAkvjXW9QtoJLe48w3f3vKLHwnY6X4713xN8QfFNjpCfEy18S+HPHOq6XY3fiWDxF4m1TR9Q1fULHxD4hsfBK+C0uPE9vP4QhupILqLw5CtnBb6ol3H9nAPkX9lr4b+DPg5oCfsqfBHxA3xI8D/DePw78JfHfxA8OfDzT/CPxJ8Ty+FdK0vX7bxHcaj4Bk0Lwlrtm58S+HtO/tPwzpVvJHY+JdO1PVvEVxJpWqXUmx+3n4rv/g5+xD8cfF9n4I8V+D9H8C/C8694DsfCup+BvAOuaD4l13wJqh8R+GtSh1zUtT0TRdDuDHax+IYdXudNnb/hIdQn0O7udei0sV1Hwq/Z78B/B3RvBF5+z3YWunaxqlro2g+KfC/wKsovBtt4g8W6T4Q0bQ5fFGrS6Tr2geC/PtvDnha18Hi11EanpenanptrdacqTLq2n6j+OX/BxL4m+Oa/FL9nfwH4Q+C37Q3xesm1jxz4q8Vax8PfGPiLwbZaZ4AHw81zSrjw34+T4WWvjvxFq8Sya1q2s+DtcPhHwuhvfBz2FnJ4z1C9mFgAfmp+2z+x78N/2df+CRv7P2kfE74ZeAfE3xY0DwBqw+IXxRn0f4z/ABh8UWHxZ1rxJ8NfirqHhO4+JuhNHoPw++Glv4Z8/SRq17N4o8JJqum6Rb2kOo6Tc38M/vP/AASs/wCCmmv6bb/s7fCH49aH4i0H4a+E/hJ8GbT4W/Gf4peIvDviF/EPxI1vxldeFrP4a654ss/CGm2fj/UfFnguytta+Dui6Vq2sT+HbbwR4dTxRprPYXN5ZfUn7J2jfEr/AIKUfstftp/sM/tEftIfEUfCvQNWsPhX8PvjH4z+GsOn+NPBfhDUNA8N+MbFfGU+oeBPBdh4hsdO8VeHn8I2F9o12dO1a10S4W61nT7m90E3v5I/GuT9pL/gnV+1T4R/Y38Z/tiWn7Pml/DTQP2cPDvw5+I/gv4V+Nfjp4Y+JmmeCLOCT4SXviLwZ4w8bato/wAJPEWt/ETQvE0Wr6hHo+jDxB4W1iGws9TvfDukX6MAf3ifEDxF4C1+18GaloNxrHhfSvAHxL8d694p0jVrd4ZPESeHdF8cRXhh1u7lbREsLPxNcQXYttV1fTdJsoXg0+8jtDcWtq3OaobPVNev7fwT8LdY8b674G+Hepal4W8WeENUh8N+CdZ8a6vdT3mtWOg6XrGpahpF9c2thqTzf2rJFqfh2K4vdQ0CfU/NkNtXwN+y/wDtFfAL9rDQNJ8Rr8UfiTdeLLT4yX/g/U9Iur6HwdqU/wARfBZ1yXxr4O1Dw/8A8J5cLaXfiTVbDxLpyXkoj8JXmg3Om6HbG8XR9OvLf9DPhJpXxS8L6Bc3fhG80KHwP4V1/wARJoEM+k6Vb3d54FsPENzq+j3yW2ia5otqsUum63faHa213dTRaxDYad4slnFy8um3QB/Mr+3x8Af2T7n4x6V8QfHXwy8FaNJ+2D8SvgT8DPiR4S+Ifw6sf+Ef8TfFm08ffDq68R+OPhVpfiCx8LXGl+Jr/wCFmt61p/iPxlonxm0yOwj8LWYtfDXikT28cP69+E/+CW37IHhb9oH9mH4g2Phn4hfC7wr+yDdfFKy+D3wj+HllqmjfALVb/wASeOdPOn+M/GOiW1z4h1LX9ZsdRvPDut3F7qd3pNprl9AuvX7XGl6JBZWnxN4Pm8Y/tJ/8Fv7Xxh4B1/xr4q/Z30D9n/WvFPxg+DC+NtKvtE+GHxJ+H3xB1OD4Wa9Z+BNVNtq3hjWvFXiGfXYteXwvNPcagbbxZoV1rL2n27Q1/brTPCNt40tvCniHwBbeFvh541OjXPjn4iaF4o02bxBfeFprh9P1EaRq9ja+L9L1PwyJ/EGl2N1GBBqczW3h6LSpfKgsYbKMAxFbX7rVvEWnxeNPG3gHWW8WXfg7X5brwBqvjC98QeOtE8JZtvG/gvUtK1i90qG11Pwb4cW9FhewassOrvBpV2JLqS+0y86aw+DHiN5lil8Za5e6VpukxeDvCXgj4hePtc0261V7i41ax8X+NfFg0lgs1zreoeJbW30bwvbwQWFjY6bZJplxZRXkdtZZOjftC+DPAXiDT73x3aeKv7bkittG13xEniDWH8J6Xqug+CbrVLLW9Ut9V162Hh+z1iw1S7snGuaNocZ1nSb2bUr8tbadO3j3xTurf4MjxH8bRraa7P4XmSfw/dfDSXxPqGp63feI7LQxq2o/EeSLTPEms2nge01Hw1eW9zfrq2q6Zb2GoTCKSLWtG015ADI/as1j4XfDH9mz42eF/jf4S1rwp8IfC3wiXSPGnjT4VeHvEN14v8KX9rZXepX+reCdK0+LW/E93da14gmufsGrC+sdUF3DDd3cy2Vzaavcfxf/ALFH7KP7UPw++DF38Y/2d7L4qfB3wB4m8U3uq/Db4yp8LfAfxzk8eeM/jl40tfgd8PtY8Ka54U8G3/izwrpmjaV4cn+KnjXSvEGkabpmiyz+G9Ni8R6LYatN/aH72f8ABaj9sfxR+yv4A+B3iRPh74M8Uv4h1jwJ4t8eeFF+MvifwX8WvD2gfDq/0698M2/jLxT4G1m58d+MvBnh34h6l4SvviLqF/Yf8IzN4PuJ9H1BNU1bULDVbP8ADX4yft3f8FNfhpr/AMY/hL8WtF179nf4U+E/iH4M+OfirX/AfwO+HvxLW++C3jbxf4p1TwXqJ+IAvfDmnXfwe8R+HNGh8N+C9F021eS00TUbS8udettG03W7NAD9OP8Agjz+z34Y+EXxr+If7Vk/7cb/ALUn7QPwr8XeOfgt8UPhfp3xxbx7onxB8R/En4l6Xa+B/EfivQLqx0jUNE1DRPE1542vJpbnTr7TNIuzaTadc6nNY3hl/oP/AOES8XfFq51fwt4Z8N+BfGXgfVV8U6qbXxToOsaLq2g+JrjXPFdtrg0jV7qfVNNTzNR1q1v4b2K/j1O00qw146BYW1rqdl9k/F7/AIIweG9O+NPhvSf219G+E3w5+GFx8c7e3+Fuo+HfhHp3w58IT/Ey/wDhB8YdX8Tah8TvEGn3PiHTPFvhjW/ilLLrmq+M/DGoal4wKWWk6lHDbQWsFhb6r+5mnJaaX4Z+Lvxa8Qalonhr4i+GtRhXwm+oa94y0z4YeGIteM8XgHS4/GniK8tfCWrrFPqn/FTz/D+K0mgSZvDLvqAgZLwA6n4L+F/jPp/w60jxF481fxR4h8TaLcXJS+fU/B0Ph1NRh8Qy6PqHimbSbvSfDdvp2lWnh7Vb06n9kbUU1KxivZrO5vrtNP1DUOx8TWVnpuo6p4Ymvp4/ilrM/hqx8MWw8E22pXN34H0bUbyW7/s3UtLTw7Z39rq2nWPibUNWszd/8So6zbxizeOeyivvOdM8TSeH/Ad38P8AxP4h0T4uaJqPhOw1hbS30vWdBTxpqrRWb6xpB8ZQ6zJ4e8TXLavpOo/bdOvP7Lh1HSrtotWvJha6pcXPV/C26tvEHiPRfiQnjBn/AOF52/g6z8Lz6ncQ65e+CINM8PXfiCb4Y6Ovh5JLbQIjpdr4jGoeJ7rVEeWaW0hie9m8hYwDzT4g+I77/hWFtDqmteNfCOgaL4n8KeJ7y01qz0NfG+r6Z4i8YSX+o+BdNh8P/EHTbzTPt9/qsfhNYdYsW0PTB4U1PzbKeA2z175rfh34geLvhBDdN4+1L4W6j4X8W2mp2PjW8trjWBr1h4Omtboz+LIPCN34ZsH0K6sLTWNJu7Ce3srS5ZrOSRJEVIJ/C/iX8MPEmr+MvDN5rvg3w1q/w88NeIZ9ZsfiVb/ETV9IPwj8K+ELLRNdmk8c22pPptz4nTxB4ntNaurjUrqe5m1W1Fo8skMNy9/Z+z+NfjH4em0Kw8D6fHr3hfwP5lp4bW78NDRvEY1DSPEEF1pHhTUdMiaTULaTzNZh0m7ewH9rWlvomvaTceILIWd/dmzAPEtH+Ktx418D2+meAbC4ktvDXj6++HkuoeJvCdr4x13xUZdV1HQ/F3iWw0e21m2Fhb34u9JD3GraBpln4UsTfWcSX1sVsT6vLpXi74a+GNP+Kun6ddXvieRm1W78O+EIdC8O+DPEF9rPhzR1CeMtM8QalZTXn2HxNI+r2uraLpGj6/HBZ/YVsp5ZZRqPh/hqz0nwrquo+MfEVvrUnhf4QSzXGqa54s+H3h++8ePo9jH4lj1TStEi07QbaPR/CfhnXZtJutGvYotS1TUbzTZbiV00ARalP2Xivx/q/iP4eJ4smtH8dTaV5HxC8H+G/E+k23gfU9Ustd07VL+2+Hmt+K59S1LSbzUNHMN1deItK0x9GCaPpsVtdwNp10gugD074ieNPitqGlfELWfDnhXwoIvhy9/q3gRl1XQjr1vott4IaDW9M1YXlprlvLqmheMhdRy3em3cVs15Da2ktziC+LYWj63b6dfXnjCTxneaJeWQ8E+I9Q+HF5qq6l4Q09PE1ha6JZSRpoujWusyPNdaFqeo6RoutJIdW1K4tYEuNKutRZbO2ni2w8ceBrg6Z41g+Ddh8RLLVNMv4PDugaPaX3h251vRNa1rUPF15rFm+twWcXiHUdYi13R7jWLzRA93d2DTSSzXElteeC6jFof/AAj/AI4+Bdxe/FKy0bxcmn3Fz/wj+taZ4l8bTaZ4faz0TxOsAvNNm0vTdSub++ttb1TQfDt/eyf2a1zc6fb2dxdRx3IB7d4u1XxJc+Nx4i8KIY7jxX4o0j4d67b+CPBQm8ReFPHsWitrR8XePbDWPFK+H/sugaBZ2FvYz6ba6rqFxcPpaxXN1p7SWMvjt78KtI+JHxT8E6f8ZLz4d/Ea8vdA1zW/E1r4ytY7LxRBZ6mzaX4emtNEl8O6ReeABLqV1oWp6dfRyyax4Z1mbVre2XUbu9vdaj9btrzxbqN74S8KjwlP4a0rxHpd38UfFzad47vLX4l3d1f6FqHhTRoL/wAJXfh69vftVrevoVy0Vl4hgi8OahZxx/2gLWwhivMzxHbLqep+G28deKfE3ji3/wCEL8O+H/FQTw7r1vFpXifVI/Dl54e0fWTpulwhG1qaw1m/8S3s+kNrWh2d/YOX0e1nU3AB6d47/Z1/Zq0z42r8YH+B/wAOfEnxi13w1pngaXxjqHgbSrjWk0uW3nGgw3fjRrN7K00MfZdRtNVm1C0vdUv/ALXp9ssrpHp9lL+dP7WPjrxt8P8ARfHR0Pwx8X7DWfi3ofibTviB8efhH4p+CGmT/sy6vpfhbxbqmiXmk+JPiXdaP4Kv9J1fTtMs00MWWj23i2w87Rb3xJcrdXdhDH+kfhTwz4E8O3EWhXupXepeJL7wzaaqdQ8B6J44tdSls9FvdQ8TJoWpeL73WNUVLZdNv9PttO0HUry0uIrRpDbJHb3ttBb/AIdaz4r+FP7VH7VXhz4X2Wr+C7b4Y/sdeO/D/wAZ/HPwiu/iJ8TvjB8YpvFniHwN8TCLvxn8LbGZfCHho2N23gHxhoer+N9f8eeHLK9lksNS0nS9bmlt5AD5q/4JcfszW/ir9qPwr/wUNl+MP7TPiux8dfs+eHPiJ8Gvhh4wvdG8X+EfBF78TfDD+G/EvgWX4wr4h/sbx54j1Sy+Hup6ze2fh++0Twydf1fR9T8ZaENbsIrGPuv+Ckv/AAUe/Z9+IHxRvv8Agm94q1H4mfCf4o3/AMVvgv8AAr4sfGL4CSp4s8XeE7n4nJrsmhpr9zFa2Oqag+s6LpVhoOvWvw/1a88f+GtL8WavKLm1i02/03UPuXQx8Kvgb+zh4p1rxL/wt74j+CtA8I3vgrQdJXw3pXiDWNcu/AfirxT4k0bw7YeEvC+meKr3Rtb8TTXE9toEvhM6Vo0Op6THodpY+EG03TrZPxz/AOCSviL44fFX9rX9uG2/aG+Gnjzwrda5ffBudvGvjTT/ABHB8R/D11O2kQ/DPw3ZeBtY1bxt4R8OeLTpOtjQdQ+MPhvxH4Zvr2/0/XgIV1N5Lq3AP0Ui/wCCjdjd/tWaT+yB8IvF2k+LfgB8BPh/ofgHWPGXinUvippXjjWfiB4T0K2i17UNB8YeNPC95ovibxVdaxqfhfwf4IXUfiZZ3ninXdQ8by32q6i/h5IK9w/Y1/ab+OF/o/jzWPHX7HfxY+GGmeOfGn7Sml6h8Q9Ct/Euu/DbwFL8MfFfhvwD4D1XX/C/jrTNB8XprPjt4LnWtS1fRfBXi7R9QuNN1fxFDrA02W6t9N+1LXWLnwZ4g1a40z4X3Hin/hZOp6tYeIPEc1/4e0nwVpGs+AvEGq+GtS1XSJfMufHtr4is/C1teavfQ2Ol6hYXepwwrZ6ra3t7e3E/Uav8f/EPgDUfiePCeveCvEvw3+FuneC9P1t9bbxdrvxJsJ/ET6y2uanqlpb22qaxq9naS33h+80FYdPsdFk0y8vHbVYIUDW4B/Mh/wAFIv2Sv2H/AA/8Af2v/wBo/wCNn7MnxxtPih8XLTw8nhb44+JpLnxR8BfFfir4VeArb4v6L438Ln4YeF/E+q/CP4f6zqupat4H1m18ReDvDcfizUdIu9K1DT7LUNYu2i++/wDghV+1f8Kv2oP2TvGn7NujftA3fxl8Q/s8eD7r4deKPGvxC8D6L8P9B8fa3qmi67Frmv6BoNq1vf8Ai/4XaFZ+JtE8C6bbeNdMsNSudNsrTWtWghu9Wt7O16b/AILBfBr4gfHH/gnx4YvPEH7THxE/Zg8JeENS8P8AiL9pPwL8Ffh54p8ax/E3wF4rvZ7Hxj4b1/wT4EuPEPiXSIG0XWNR1q31XUNWvtJk1qON/EllGsdtqOm/j5/wSK/aAsf2Z7T4qeB9D0r9k7Q/C+mfBr4h+NvhZ+3h8M/CGqwaR43+FngqybRrvQ/iVrk2haF8KfAXxksdJ8M+C18TW93renazqd/pckviLQtduH07W7sA+e/gj/wSdt/EnxV+M/7D37WGiaV8ANN8d/Hvxf8AF74dTan4p8N6L8MtC/Zk+Dc2mf8ACXnw74S8IeMfh1qnijxHrUPxOj03w58QdS+HcEWlax4U0q/1i+1Kw0uyt7b6f/as/wCCbUfw3/ZY+Gmvf8E+9Z8TeCfBlv8AtZ6x4R+J/jD4ha5qHib486f8Hvh8biQTeBdd+Jmk+G/HGieHPCNv4Ok8Vx6R8ONXt9N1fw3qx8R+E7fW3CNdf0c/CPwT8KP2hvHx+PemeL7X42fD3Tde1bwf8MvGWjePtF1S4PiXw34Z8MaR8Svh2+p2rWmvXXhvXPE/hG5XxB4Nk1C40bVPEOmXGq6rouo2ctnJX5z/ABe/4Jl/C34u/FD9qr426D4n/aI+EfxE+Lfi+8b4sa38NvjmNP8ABPwx0vTNH8IaP4q0HTfD+uWn9lSeFvGuneC9d8MS+P8AwVbSeMvDWk6xceHNL0W3lsdU023APjPwr/wU9/aG/Zu+FH/BPm++B/iL4a/tM/EP9r7WPiZ4k8VfHHx3omtfB/4d/ED4Z/D3wRrWmaRpHjR/HGsar4k+HvibTNfts6rrsVhqF1ruk+B7+4tbGTTI7ZbrrP2fP+Dkuf4/6d4r1rX/ANkC/Sx+F/j34gW/xA+LXwg8TW9/8JdB+G3h7frPwzuLV7mxsvG3inXfiDYadFod74a09TJeT+G7bVzoK6Xc6jo9h4T/AMFgv2Uvj54M8a/CnV9R1bXfAP8AwTzvfhF4C8O+L7r9nz4W6XeftCeP/C3hez1vxcmg64pTQfG+h6z/AMJHp8uhXPiK2j0WCa5+Mz6XcaFqovdSt5Py2+GGk/Cz4x/BzxFfa38Nv2VIf2RvhD8Y/D1/+0Pr2sa4Phf8YPhz8MvB/wAPdOb4Pfs0aJ4h+H+keFba68WeIPE3jXxx4d8Wa/eeNfiFc+OPFV34iuZNk1lfaLbgH9SH/BT/APYgj/aA+EPwc+IHwX134XeG9C+FvxX8JftG+LPA2oavpvwx0Lxz8UpPBGj6b8JdF+It5oWiz2ejPfzr4f0e4v8AUPC0cvhTSZZdX0qfTtRtHul/O/8A4Ji+C/jnrfxl/Zv8HfFr4d61rFl8FfiT8Tvh34c8deOPiN8VNZ+yaR4z8Maz4q+LFjY+GNa+Cul6b8TtF+HfjVPBVv4I+Ntlqtmusacz3eo/ESWa8KT+Zf8ABLvV/if+2D+zXP8AsX/EGw1fxJ4I+IHwjf4mfs4ePdM+I/ge5tf2b/iT4VufEHgvwN8N/GWl6vrEHxgub34OXngs6xJ4y8VHXp5fEd5qN5ZaNp1vaaMU/Mr9m7xt8Rvh74+XXv23te+O/wCzFcz/ABTi8K+EPFXw0v8AxL4u+KfxM+PGp/EDxR4e+Ifwoi13xlrmp/EP4NfAH4xX3gPw3calN4dsbDwxcXfh63ttFur6G81OK0AP75vi58IPhl4jvfhn4y1/WtctNBs9V8SeItORfGGu3uq6ppWo2Wqa3rsvh+91LRdQ1Mx6xoFhBY3Phyy1WwtbTS7/AFC30+ayeFv7Q5zx1oHxq1nUvhX4V+GUd14L8J2V4y+GtR1a58Qax4bn8D3FrY6eE1Ke11XTtb1zUvEenaqj23hrxDZyHSrnTfEks+rWoXSdatvCv2Sfi3/w0f8ACnw98Xbb4efFD4JaL4Rn8UfCGT4efGZW+GnjDQdV0dtN0abQL7Wr3xMmoaRY2fjLSo7O81zwj4UGma9ba7pFpplvexWk7V9JeI7mLxf4P0+HWNd8d6BFd6FrPgKw8M3629zrknxOsdVVfCfiO78WaLqXhjV7Earef2mdH2a7ZaHfWl1pN3aahot3PbCYA/kv/wCDgL9mew+D/wAT/Cf7Q/jH4PS+OPh5rfgf4peHL/wF9nuP+EM+C/i/TdBZ/hX421/wBoGn2Ph3xXpmn20Wqayo8U/F7RPD+taho0ekXFtrNx4atNHvPt3/AIN8PjbZ/F34Ja58I9a1Dw/8TtO8F/tKH4i/8Lkn8E6j8KfGvi2ym8EeH9V8CJ8RvC8Pw9bwkmt/Dq8stT8JzPpvi3XLPT9Y0TRdKOvNBPpiX352/wDBeXRfgv4k+P3wJ8PeAtI/aZ+MPxo0nS/Evw3+PzeA/Gevav4RtLr4TaMw+HXgHxfpieKb3Rfh34u8XeI/Gui65deLfEN14h1mw8MeIdP1x7mPxRcy3cP1b/wQz0HxV4M+BP7Vvw71L4QXXwn/AGkvAuv+G/E/j7QNZ0mPS/gr4Q1Wx0/QNQtPD138RNctrs+OvH3ipfC03ijXhqni/wCI+ueCPEV5dI+p6fbXGpWNqAf0i/A3U/GFqvjbxD8S7fVfEjS6h481LQtb8S6NHrfiPxh4K0nUZ9NgtNT0/SNB0PXNb/4RDX7+8ni06PQLfSItE1m1XRJNVFsuoDgfFKXkmv8AhfxJ8dtE/tDVH1L/AIST4feLfCniXVreU39nrt/HpHgPxM/gnw2dRg8IY1SSbwVp+orqMer/ANi3Da7bWF9LJbLq6B8d/iRo/wAPYfhs3hTwfpzeFvCGkaSvxB1fxeToOu3Vvomq3XiTTtNit4/Ct3osGmJpt5pGsX+li88Q6XqOxn8OXsKfa1oalZ6v8Ttc8O/FXXvEN94k8KWkiT3dt4L+H/i7wyfDN34a0+5mSDUr3UtS8W2/iyLwtda5Omo+F7LQ5F1PxXY2QlgiGh6xDGAfhJ/wVf8AhJEvg/x18YPBlz+17qnhzU2vviN8MNC8UefrX7P/AMAPijo1pa/B2y1yPxKy6R8aPhBp3ieDxrbeI9SvNEfTNH8OxeCn1eTUoPD9xcXTfqF/wS68c3vgT9nD4c/G34kfHn4l/tIaP8bNU0vxXoOjat4n+Hurap8JvF/xe0x9bf4T+G7D4barJoHjPRbGOZdTXU9RvPEGrySauL/zbcxX8Uf5t/8ABxXbaDH+y98OfF/iTxhB4f8AB2ufHj4i6d8YfB0XjzU/hBZ/HvX2+C3iSy8P+GLvWPEOozajFofh2Ox0lNIg0zw3rNjrGo3r63DpGk2My30Xh3/BvD+2b8O/hrpfw4/Z8vf2UfHdloXja88V+LPhz8a9Pi1zX9K1vQdI8feKvh3Zal4i8SyeA/BngnWrDwho2jeEtE8Gaw2t6z4+uhd6rp0brbz6bZXIB/THpXhfwHr2g/F6+07xb4s8NaR43+Ol3pPxSl8eeMYNctdSWFre5h8O+CNNvrbVbOzkv47+38PnSbHT9I8Q2d0rWA1WJ9ItI38/1C38b+HvGra14e+B3xF1fWrjW7y48ZaxP4iNtF4el0mcxaB4Z0eabR/EETeHPE8KSeM9bsdBeO10+4m1TTotR1e61K20u79w8e/FHwBqsnxF+EXgTUNF8Q+NPDdra67418H6Hpt3ql7ott8V57i10P4l3XhG50XVtQlhfxFa3HnwLMukPocmtancTag8ElgPjvxP8dfih8K/CureGdE03xp8dv2gv+E38CSaRf8Aw+8O6he6RqWs6l4DsbJtW8RaNJrnw60fWbDw1LLqvjG+8N6PNDpV94f0Ey2tifEK3iIAfFn7Vv7UnwT/AGI/iv4E/aT8ceGvHPxI8XQya7+yh4M+Avhzxx42k8ReNL/43X/ht9c8VeI/hLb6u3gXWk8Px6P4kvb7UPD+g3s9z9h0e10OGG+uoz4a/ZfwBqHhofCLw94R1D4b2XjbQ5fCXhnQvBVrruieIn8Iz215F4b1N7C71vx7o1jeaJp9++q6O2mw32p61cQzaRNZxrLq+mCwl/Bb9qj9lz/gpR/wUe+MWieAv2jP2cf2X/gd4a+D9z4g0zwH8TPGev8AiufxT4z8SLf2fxN+G3jvwLJ4O1exsdZ8O6Re+D/CXh3x/wCA9Uu9DvtXv9U8VRRy2ttpcdyLHhL9iH4wfHfx/wDFD4e/tH+PfiZpfw91TVPhz4C0bwn4D+N/x7+G+qeAtMntPAVr418Pal9i8V6hp+reILDWPhv4a1Dwjd6H4d1Hw3a+C7/UtU17ULr+3bnUyAfa/wATP2uf2L/B3iTX/Av7Tn7QXwK+GPiTwPZ3XjrTfhdYfEOPX/il8MZPAkw8VeLLweItAaysPDN3runNa6DPH/byXJms4Z7mG81HXdXt7Tl/j5+3vd658R/gR44+FXj3TfiV8CPito/h7QfhD8I/hJr2neOdF/aC+FviLVvBvh3XPiR4t0jT/CN98TrY/D3x7qkXhXV9IszaeGdA0vVNV1PxNqepytdaAG/B3/gjz+xh4R8WfEnWPEHwOW61P4NX2veKT4x+JfxI8ZfHjwTonj/xBP4z8Z6jDPp/jP8AsG41VL7SPiobvxFbafoU1p4ns7XSdM1fXrm80uQv8y/8EsvhV+y7pHjX9sLUvDHjxfiB+1bofxG8T6x8Qfgd4J8H/FD4T+HPDXhuz8eeIIfCdt8PvgT428TRaR4L0LxNqei2Wja9cada+Tr9rFBfNHZ6JqNpIwBH/wAEhPhz8fPDnw5+PPivxXf+J/AfwD8Z/GX4teBYvgf8R/Dvi+68Y6JcfB7xP4i8H2k/g/T7Hw7p3gnRPhI3wis5tN8N+CtO8F6PbWXjbw5BPqN/rf2+2uG+T/8Agqd+zz46+EH7X2s/8FArL4qa9pPw28OfDfwt8XPi58PfGXjP4dWPjH4e6x8M7zWofh3qPww8D/FnwZqngLxDq3iCWHXvBOhaH4futKudOs5NQ8QxavNqmuWkrf0ifBz4t3en6R8TLUeEdP8AAPizwVHpvjrX7BtN8YWmlXXxD8fSanb/AGzXI47VVk0i40mRBqt2bG90/T9UstR12802z0+1sZrzzj9s79mfx3+03+y3+0d8KPDHgrwn8RfHXx4/Z5vvDHhf4mfELW5Jvh9431HUV0nWtF0/xCPCZ0vUfDWn6ZNY6q+i33h/Vhp2k3Uw1E+bdatLBKAfysf8Enf2nPi5P/wUlsvhr8Xf2jNE13wX8f8A4F6TF4F0O0+KWjw+O4dd8UeEtK8UfDrxDofws07wjoFr4d+JfjDw9FrniXxZpujeFLDXtMuPGl9cp4u1qa+sI2/rR8DW3jP4Uaf4h1Hxj468O2upeKfE+j6VBpuvaJqkF14Z8L6TdaXplzp1tqOqafe+NPEOsnxRbvYXWvajr1zoem6Hd2Him0ltNOgtrGT+Nv8AZ/8Air+0L/wT6/au/a0vR+yp4e8F+CvgVrXwk8H2HwkHhP43eItD0v4p+MtB8P8AhPwfqfw7/aevNL8Wat4F+H2m+I7MXs2gWV7pPgvVvAHiJ7eK4v3ku/tH9aUv7dviXwL+z1e+K/iD4R+GGifGbQ/GXhL4P22s3fxG+H13pmqfFr4g+PbPwNYpqdxZXes+GdD8LeLPENpZaxrek6f4il8Yy6C19eW/h+31e3FnEAebfsj/AAO+Fvh/xV8arGL4ueIfHOl+P9S/aA8b+EvG2t+NrPUdT+GmvaH8RZvDnxT0HSvFmn+GNA1uy8I6b470+4+Iuk2X/CcaleaDdeJvEOk6ba2NhA1zqf1B4B+Ing7wl8R/FHizxxPaan8QNQ+APhTSbXX/AATFd+J/FGveDrG91X+y/EWii41LW7/QPDGrTO2t6nqviJbqF5tSsodY1MPYxy3fgH7Pv7Kel/Bb4V6rq/gPwv4I+F/xgOj6z488R6FY/EO3+KPgzwZ8Tvib4l8dfEH4tSeEvGPirTdR8SeMfAeua9qj6DNo1/4d0tNM0XR9RTRLi4v0mvL3631nxH4q0O/+EviSTRLW9n+LmpzeEPiprnw58G6zq15/wgEOmXVvoN9YX9rb3C6Np+j6nb2TXd3drZaEdM1PVb3SIZZZfMhAOdtNE1Twj4L8I6NovgWfXPCXjfSfEs9rFrd34nfxFq+l6lq1tNqPhvX9K06PS7a48XeIdavINQt9f1qCzuNH0i/14apFDHp921/zfhzWbix8R3mnfEn4S/FXxxpd9ZeIPAd1badodnLFD4VSfStYg1jxA9tDNq1rojeHrbRYp7STxZqXiPxFAqwX/h291Epa2vt1v8cWs9H0bUNZsNU1H4a+FvC3hPVNMvPEE/h/Xtc+Jlj4iiuzpXihtHm+xeI9Hm0bSLK51vxL9tsNOZ5bPURaRzQWkk0/lvwt8ZXt14P+FvxQ+Inji/0XTNT8d+MvE3ib4c+KtfXT7291PxbqOov4Q1e+t73xjrVxZeHvCNrpl19m8M2uoXWjzaRv1hNNt7qxgsrYA/Gz/gsV8Bf2jf2jLzTfG37K/wAR/gj4R+NPwH+DK/FGD4a6FZ33ij4v/FXTJ9Gv5k8B2tvqVjpttYfC7XIooNL1DSfGP9rWPi7xFDbCx03RtfcLe/hz+1D4W0z4wXH7K19+xx+0l+1N8Xfid4/+AHiWbxx+yH4g8D/FnxXp2r/Er4rWPjjT/jf4r8E+MfF51vw5pWlfDbxhq+u6B4n8L+PrPxXL8OLfSdAtNFtdWvb+G0X9Tv2nf+CiXiL4Bf8ABRf9oD4zeCv2Z/h34n8M/sD/AAB8Fr+0j4WurS18EfETRtH8YT6g3iS++Fd5qXwd1JvEXgvxn4it/hzJBrp8fT2DafBaXTjThdSxx/D3wn+D37P37XNx42+Inw7/AGr9O+EX7S3j6/1b9tn4XWr2HiXULW1/Z9+Oz23hr4qfs0DRfC/iPwz46N5pPjiG31bS9X+GHhDwYbrxA9htk13W49RvtPAP6S/2HfgJrfww/ZV/Ys0G8+BPiH4YeHfCnhTQ/A9toPijRvDMfj74b6xrer22k6oPEL6pLa6xqXjC+s7e8tdX8d6Xqel29zBqUcukeFI4p1t7f7f+Oup+H73wzc+A/Fml+KfiDr+jmz8N6b4ItLFbSF4bOLQ7u5l8QWWlahFprXXiRTti8ZQRNY+DoL22lkGnP9oe584uYdfWT4RWdt4qhj0b4N6Lo2k2PiTxFq/iPVNV069srK60OXxneWniDxNfXWuprdn4Tv8Aw9pd14w03xN4m07xFrr38M9zFatHPoLpXiL4oeJvFeo+I7rSdZ8Q+C7XWvAWmax400vTofBurWvjjUoofDd1q2r6h4Ys4vEGpNYaLY6sdA0EKlpqOtQxtc/YNTit9LAPPbDwtoPxc1P4jfCHVfCXh/wN4M0jQfCni3Q9N1P4W6jpMXiDwfomq2HiSw8K+HvE9j4nsNJn0XQHvbGPUYJtXju59d1jUrmax0+wkhSa9qXiDxw2m7/EfiDwT4f+Huk3ngW38K+IPDHibwv8O/GQm8R6fpt3qd94k0Fk1myXQdK09bvTtEsbW9HiaJ/DyvbzXk1xBqkHV/8ACf6H8SPDvgj4WaT4U1zWvC/grxLYXvxJ1md9b1a1ttY8FS3fizVfDUV1ZaX9j8WaNrqWkf8AYFtpp07wvYeSmnzz2s8Nlo1x1WqXmianoGo6TYt8OLK0vfFKaHY+GfDenSeB3isfEdta6xd6rbeMdV062hHiq48MeItM1K8j060kupLe11BdHjN/HvtwDD8NW1toGk+A77SHTWfi58T/AITaRYeJtDvLvQLDSvij4z1BrTS9I8R+N/CUtlZeMb7Sp7W31HxHqM0g06Wy0HT76BtOM813aC5HbeI5/G+uad44i8LnQPhvPfavZW+gaFr6aF4i8aNHd6ho8en6hdaFqtjqmjaBp/hOOyh0iO71OfR/EM7W62aHSPD6N6b8OfE1zqPi7U9L8GN4d8Z3GsaAuq6B4l1PS9W0C7kg0mwbSbDTNd8Y2HhxLaXxBLqsWs2+sWCxWOtaNCsK3FrP5irPR0bTtM8JeGLrRPDcen+OLnRrHx+NK+Furag95qXiXV9BmvNSutWmXxNdavfRana+M/t8EWsGy1Ca60/W9PfURcTR5UA4Xwfott8N/BX/AAsiP4f22r+MZtQufEl/oOq29lpPiTxA3xTl0iy19/EGq3+naJocHil4o11O50FtP8Op5LaNbXV5pwe6Y9t8ONWm1TT5IrTw1qq2niHTIpr3wDqXhvRvhvpeoan4ej0Sy1zUvDf2sarrOs6zqWlpq76few63fadJDa20Z1m0WW31Gi/1G7+JvwO8QaN8SJfCfiTxXqmn33hPxPpLeHNNuvFXw61HWLu6vo7XUNH1A2cXiOLwjFZWNzbtaWunv4ltNO/tXS7WQPbxy+Q/EPxX8W9bl+CNx+zbPd/EZvDVz410q+8Va14k8M+GUv8AVbjwld+NPAfhebw4JfDer6lby3Fjoltd28rWs8nhe9kupE1J7g6ragHsXhnTvEFxc/Ej4ifEHxCnh2/sIr3wppmnWlvqd/4T1PxaNT0mDQ/ET6BqOqalpkBvE0rw1J4U8K6ZJHJp1xqmq2lzPd6td3SQ4k+s6Lq3wr0jxYYpGfxHo7eITpHimPS9P8P+G11fxvLZfFbWtetfDNjpYi1HwpDrcN3eyanfw3ROnxs4tbpNUlbxGwf9p638X/E02/jHwHD8H5bWw03wFrHwj8GaR4b0f/hOX8R3OkaTa61pnjLS9an17UNS1qCx05dR0bxJBY2J84gwStHdxe+/ErV9cl8Ba54A1TWPFum32iaVfXMetWXg3W722Sa2tEazLy6D/wAJVrVxJY6zqeg6nry6on2HU/D11NaX1hdtFqyKAS6r4w8YXmn+IPGuiWGqeOvB+keDYtM8PaZDpLeA7vWF0972OO71T4g6zqNh4jub6w1TwzqrKbOx0/SXsfE1lJctLZi41WLj/iTf22o/DbS/hX4l07xX4sXULbwb4gisnu49MtZln0a80/VPDvhTxNo+qiB9a8KWOmL47g/tnxL4k8SRxOL7TZ5b62sWg5vVPCPhfxr4d+Elz8QfimvxHtviJqX2vwNofhjxHrGheJ7iHULK2i1+30Ox0SztbbVNKu45odN1Cy1zQba68M6VrutXU/iW3Dc/QnxwuND8E61f6H438D+KfF3wt8Y6NZWs1xp6/wBrWfh27h0rVNHi0ex8K6Dqs3i/xTqV5PcWpmjsdCjgsLeKO+m1ZfsEJtAD8+rnw5+0kPCHwx+P3iv4v6d+z94o+G8/xG+FHjX4WfBPT9B+NehfE7wj4i1XRtE+HXxb1/x54/8ADGl674f+JMnhHQvDF091r15L4RtNOu7gahdpaz3Lr9Z6J4Q+DOtfHO9gtNF8L6Jc+J/D+oWnjeOD4e+FPDl944m8Ly6jo+iavr3iLw7YWN5rdjo+jibQEj1XUta8N3Vqv9nzWejySWyah4L8WfBfifWfCvh/4Zab4wttG+IPxcsLu08BXWp6faeG9U8DD4ZafrGteK9L0XwPdXNot3ZXU9tY+FbfQV1280u58MI17c3N35N5dah67e/Dnxh4z+F/w21GDxfod1c+E9S8Naf4Y+I6eJh9u1HQL7SNEafxtqbC1tNS1LxHpUOr+KLbQNG1HUV0aC61C3vdTtNUuI7WSgD8q/2zf+Cknj5vjX4X/Yf/AOCfXin9kK++Nvwz+LumWnjDw78dte8LX/hL4rfEhL288Y6j4G0uLw9rFzJ4C8ZBtO1fX7DUrhbqPTNXtpdFuRomuixjn4v/AIJ+ft/eOfiJH+0t8GvjT8TPDvi7453PjbS/ib8QNL/Z60ZPF3hf4FfDPRLPQYfEXgPSvHHh3Q4tc1SGx12w1vwzpmr6HdeMLnUfE1xeP4Y1rSLizuo9O+3fh/8A8E8P2fvh58cvEfiX4P8AwW8K3HxT8O6R471Sb4pS6b4L8I6fpXxA+IGrL488SaZPqdla6xPpPi3xDI3hi08S+JdMtlm06yvrg+FYrGN5IdP5OH9kL4S+CtH1LxP4r0238IeOPDF74T8FftWP8LPCdhq9j8S9C8C+IdJ+KtrZ+JNS1fTF+1eFNDg8QS+J79dJU+IvEz6vqFvfC9vbRmIB9ufBzUtU1jwh4Y1Dxl478WeKtD0r4iW/hvWtK1DRfEXhGHSvEUUmkLo1haxeJ9W0PxVq+macmn3F0Nc1G71Aavca0upajZXc1q0tppftKfDP4X+BrLU5fHfgbw5rvg74mvoHw+ku9Rm8d6t4ou5xqumtZ6hJf6aly63sUul6OZ4FeCXxAdLtLvVdct7TTfPT2fxdr3iO1OnaJc+C7Hx14JsPCNzqGp+LvCljFfalrC6VBoWkafoDeH7PTr/VdL1vV7jU/EMHm25aHTNNs5xJPHLcNNZ/OPwv8NfF74tXXjv4i/Gb4f376Vo8yr8K/Dfiv4pyReE9GtIfDVzY+JLC/wBM0OzvLK81Pw7rc13oMGpa1AmpapaPK72KPbGW4APGf2i/i/8ABPX4tU/ZwvvEHjW/8a+Pvhh4z8YeE/CPguRXf4x+Gvhj4Tjlu9S8MeB9X16C1+wz+INSWxSeWC10DxZqjpp5fVWmhuq/kq+PHxR/aC1Pxp4N8IfsbeB/i74n/Ze+PHxPk8SfD+08D/BrTtH8Y6P40+Hfwiv9Oh0TwLp3ib4q+ID8J9T8HeO/B/i7RPiB4a8S+HvBHhXxXpep6lb61Z+JI4tUuL3+2jwP8MNO8JeDPDvxO1T4aaX8TIvAPh7WoLfxBHocN54/8W/DrV9CgnsYPDdvqyz6u+nebdSw+JvCl7e2Nxqmq2C60Ea5eO3ueP8Ai98BNL+Onw7+Pv7LkCePfgFoPjv4d+JbXTfij8MzqnhrXfCnjfxre23jDx5rXhlLBH024N1d3the6et/eSa5fT6t4o0ixeO3OoNagH4P23/Bc7RPgB8QPhd8EP2kPACeHF8O3Np4O/aN/aF1r4W+Nvh34Vl+PPgvTvCur67YfDv4VeFfCHijw7pw0rxR4h1PxJ478Qwa/JZy20Mvjrw5NrWkwnR5f6DdX1bwheT/ABcsdD+M3wst7K78NweM4vE2sXOkeJPEmgeFfFPgi6Xw1pN5bf2jD4lu9Du9e8SXPi3QddaaVrqO+1LRIbaxikgZv5/f+CgH/BLLxv8AtUar8RYPhprN94ZTxd8OdC+H+hP4b8LfEXwR8U/FH7SHhzw2l5qPxg+LOqQanp/hP4tXXjux+G+ieFLebUIdEvPDui6nrX9qarZS3F22seUfHX/gmX+3R438K+HPih4i1D4wfFj47X37KPwb/Zihsvgp4q0z4dTaZd6HqOm2XxYf4geL28QeJ7uz03VpVWy8Wzyajq+qwaL/AGzd+A7PTZUjsrcA/Rv/AIKb/tHeMNA/YJ+OfxD+Ja/E/VfD8emQfCP4ZyeHPDNroFrrHiDUPDdl4fi8Z65eDxdp+p+ENJ1LxBfa1ZazBrGrW8+mLfaF9qjtb7SNRQ/x7/Db4Y/G/wDZa1LW/GHiP4A/Cr4J/DPx98d/DUP7RnhD4wfD7WviT+ytofgb4M+Mvh1rPg/xxpsuj6L4i8VXbWviX4gWkkl74K8aaz4Pk0iHW73VtN0m3u7vRtK/ajUP2Iv+CkPx2Gifsi/th+L/AI7/ABE+Fz6T4guvEnxcvfD3hH4o/sr+C9R0T45warpeq+CPEPhqLwb8ZNH+K58BY0fQtY/tHWP+EQvNWsofEE2p2GneIn0X9WNf/ZG+J3xH+J/gT9n+7+LvhZvgH4P0nwL4W+Nnwzk+GMesfE74s+DvFfwf8T+D/iHr2tfFCG8F3oEnjHXdX8It4hvPD/hnSvEOhtptprfiizmsdQ+33QB4x/wSk+FmgXHxJ+M/xB8KfDP/AIJ2fFHw1q+ieGfDE/jf9lfwvFqF7448TWPiu/v/ANoH4gT2mveIbfUvDPhTxLq+ueItG8M+C/DOn6hpQv7aC7tYobCaLTX9X/4KH/sTfAn4g3fxSPh/4PfB34jftR6hoVnefAy6svBv9q6r8EH+H/gvxJZfD2X+0bK08LWniHUPDfijV/Fuv2uha74u0hdJggsLixs7u28PQaZP+pfwe+AHgXwx4C+Enws+B1jafAv4NfCDVPEUmleFdP0PTdP8K6hoNn4i8Q2vg6Q65FdvearNe6ymheJ7HF0ftunS3Eutq0urwR10fxa8P6BYxeE9Y0eLRNDsri48R+HfEfiSeK58R6u/hTx744t7nxwmneE7y2v9T1238Sa1pukeG9P1OKP7NaW/iaXVbdI4LRLOYA/hE0b4GeLPAep/sZfDj4eftW/tZWP/AAUB+IPjvRtH+Ivwwv8A48p4h+If7OHwZ16zi1Xw0viXwl450Oy+GMvjrxFqdy/xQ1T4Ya94uTxFpGj2U1poeq3o0qN7f94P+CkXwc/4KJfEf4E/DT4XeA9Z8JeLtT8W/Ar4N+L/AINfFLwr8MtB0p/D37RHwZ1yw8XeOLzUH8S+L9S1G+8R/EfQdRvNZ8G2OgeCNXh8JJ4X1e60m6tr2R7S5/XK0+HFroereDdf8RfCDXLXxBc3WhSeE/iLYx6dq9+NM8A28fhvwba6xrHgfw1c+OfEVhfwrF4iiXxIsUNhpviLV7bUrmxGm2dtLq+P/jOvj74uCGz1Az+E/gV4q0uBrjSdB1LV/EXinWdO0Oz1nWNO0C40Owub7w7d6Frs3hTSPElpDYWVvd6Zq+r6ReW1zeeWkIB/M78Xv2ENG+BP7JHjX/goJ8ePiL+1/rPxC8J+Ifgx498ceAdf0b4X31t8LtG1P47+HdZ+K/jq60rRvh/4u+HWu+MPD17bpoHh+y1g6zqmjeG/D9nqEV9pL6wItH+5/wDglv8AtMfsC/Dq58K+EPgFrPwx+LHguxsLX4gRfFPwzrlxYfHP4v8AxuuvC+jQ/H3xt8cPgl4f8PaJZC/8H+HPFekzx+ILay1HT2UyaLBbx6xeNqV7+wfx/wDgT4Q8Z/Bb4zeB7JovEWu/tWfD3xwnibwV43tp9b+EWr3V94M8SHw5q3jXw/rml6jr3h3S7XU7ay1q60nRhaix8Q2sEBO9yZP5svg7+yfrvwv/AGnv+CQPwStvGPwV/Zy8e/s/eP8A4q/DD44fFu90Xwf4Z+JPxt12zurTxDbfDL4bfDexs7zTdP8AAPxR0Pwxf3Ph7Xrl7PVry2Oq6ncW2jXEseh6kAf096f4j+G/wq1dtH1SbxnqviD4peP9c+IOha5rWp6T/ZtncQadqmqeJp7mPWbnTm8GaXZeHbH+wm8MzzXTW2k29tMlpLqlprTQfIn7S37dXw6/Y18P6p8YLoar8ZYvC3wz+LviLwz8JfBk3hN47PxDHOlxYaho3hey1zU9d1LxD4otLyG41bXfEh1OQ22rXt1FPp0l7c6Tcfotr/wkl+L+ux3fiey0aXRDpcXhjRvEFn4OtpbvxJbC21mTxk19qHiLTtc1Kx8P687SaJa6ZDeaTCdHvLi9s/E9699Dbw/P3jrRYPGespp0Pwn8C6pb21vpHg/RtPg0PV9W8Qad4Wi1ZbjxhpKR6eLbTPAOpWv9jWd34W19Jmg1K/0LR7qyvtQl1GC0tgD+cX9nr9qH9rT9u7xH+yZa/Fn9jfw7dfsrRXPxz1T4ieBP2kfCHhm7+BXjL41aZ4l1C6+DPhyWK++H6+LtE8feFYdE0+3TxhoWkax4YtNN1tfBiaTrMt9fPPo+Lv8Agjn+0r+1L+zlZ/Dv4ghdE/awi0nWfEXgHxj4R+MF54D+AXwz0zxj8cvD/iLSfDvhbwB4I8N2X/CQ2vwL0nSo9J8FarZ+HNJ0/V4F1BIdS0+0/sK+uf6Ez4dtf2frO7119P1C2+Fvwc0zRtO8a6VBO/iO61rxBo+j6Tp3hTTfDNhB/wAIrbar4jmtY9GfUda1CwuIV1vUDpUn9pxQQvp/pGreO/iPoPjnwxYQatPd/C/4lKdJ0rStVs9Kt/FPwp8S+Hp7DVZdZTUNGvrmxuvDmoxadql2bSeG403R9WNjps6WmlLqEGnAH5H/AA1/Zg8Wfsk/tJfDya8+L+ufEDxD4K/Zq8OfAfSpLO+8MaHcj4bf2vothd6h8efF/jfV/HOvfE3xF4T8S6P4mmk1HS7W5i8MaD40nt7S20G0isoR+y3ijwt4c1bwV9n1f4m3mh3vhK1urLXL74Q6nN4etNAZtS0bxDqWpal4gMF7rV3cKukwaVPJZyfa9UjvdZ8+OKC5dLDzf4V+H/hh4g1LxH8XL34geHrPxn8S7nW/Degadeyad4k0vVtPv4ND1rxL/wAJBpslxqBurq4vtMvNOsZjqt5p2n6NNZaZoks9uLZpuqtNGfxbq+kXU2jx/EfxClroul61pOv6njS9A0+fw8sXjyK4+HV5pnhHSlubvTbO1h0i6kTUL+GbxnBfX9jaaM0UcgBS+H/izxNpHi7wtZfHPxToutpp+oN4a/tKfStO+3+JdZj8Natr76al8kdtBY6dp1no114sub250TSxrL6vo0Sau02ntZXPhfxV8eeA/wBnzwv4m/aY+MvijwB4W0rXLu41LWbXxt4s8U2WqJ4Z8c3B0j4byT6HFe+JdGvfEE1jY3ehWFlf6XdW1xqk4Omahp0MTacnvXjrXLDQfFegeKfC8dje6Ta+HL+bxPrur6d4Y1Gwg8JPCktxrnhTTNPsrHXH8XeH/FLQ3+paekKWn9k22oLetbXNzpQHofjTwl8MfjRawaL4u1PR/EWp61BqnhnRdK+KXgzw5reo2V1rHhW68bxwaLo1rBbTRtpdlqmmvLpuutMqw+H7VokS9zqEwB/Pl+2V/wAFof2dE/Zf8R6pB8Rz8QLD41/DfQvGPhnXNc8IX3i7wx8NtM+IXh7W7XQNQ8TfCTSZvh7P8VPCOn+JvD954Y1nw3N/aGueEQ2ma74lnutPu7S0Xvv+CRmmfBXxH4S+OniT9n79oyf4z/GL4g/FHw58VPj74y8L6H8O/D+q3fhXxv4C0m58OeBrfU9K8P6Nq/hn4cLZWttq0uo+KL+58XaJZqdFtpbTxTdatDB7v8Qv+CQH/BIz4baP4N1X4lfBf4Y6Tqllo/g3U4/GugaB8RdAn0u88Gaxo194IstXttJ1+/ux4Q1XVtJ06xm8O6/dl9aS1/suLUiFhtl8NH/BL/8Aac+DY+IfxS/ZH/bY1r4dftFz+Otc1fxA/jj4N+HV+HfjD4QQW7WXhz4KayPCGh+GfEt74J0jT777T4EFrfatrdnrF5pZtp7I2tzdwAH7Q23hzx5qHi3x9Fpnw78Jap4GvfBHw+8C+MZbhb7w3pPijxPb61f6D451DSdOt9V1FtV07TvA+opcQKkr3N3ciy0aTVjdwXEVrvfEW38J+H9G0O28Rah/wr3wr4c8F6ZP4e17RYPFHhzwloPga+1aLw7qej3+kQ6lZ6V4avNL0O/08Weuadr0OrQk3MstnDp8MtleeBfDj4l6BH8Mvh74/wDix4b+PugX3hTxl42g1wW58SXVjMniHUpvFEtx4iisru7ktPBN3NpS3Nq+sapNDolq1naXWo32j3RvLvB17XPhj4hvfEej+EtW+MbXeracbfwxe3+rWFx8P/C2keNbfxLd6BdX+leGm1ZvC/gMaf4W0S3srm/8P2zaTpjWWvW7i6k1y/AB+K3/AAUR+Gnxh+AngP8Aag8beAfHtv8AHj4b/tT6v+zrouk/CHxN4P8AiV8e/hff6TdwaN4U+KV1Z/Dyy8O+OPGHw/u9d8Fx+DYNLe28VX0Ml5btqlvpdncfZ7m2/FDwX4vvfGmuXX7Gnwj+Kvwc+BP7RH7Q/wC3B4b+NWnfD39lh/FXj7XvgjZ/BvwH4j8TeOvBGiX3xG8ReCvCfgX4iXvxS/tHw/4X8M+ErS5m8Y3NlejVbddEmtrzUP65fif8Kvg/+09+zl4j07wH4i+JN7e+FPF3ieb4cxfBzVv7B8eyeLfAug6noy3fgvxINf8AD9/qGgSa/p3i6Dw3NoOteFPD93Nc/wBiXem3emiZJPwl+DH7JEf7BH/BXT4H/ss/s7al4n+JHx+vfhPN8RPjD+1n8V/D2lfFbxv4W+Gl/b+J/FcWl+LrW71JtO+E+oan4mutN8GxePdFvr/XvEvh7y/DEllLHdw3F6Af1p3WreMdC8DeAIPiWb3WdW1Gwi0H4j+MvDOo6lpOl6DZ+AtF8SeIW1DW4LGPUtJGoeIIxDo3i5bS10/TE1K61K1TVXeDTrM1fBHgax+D8N5ruuaVpGkaTo1j4iisPFPgq2sdP8S2/hLTtJ0SSx1zSfDlxd67HeaedOl1R9Ug0W5H2m7a1v08PfbZ2NryHiHxpba14f1H49W92lr4U+JMWkeAPG7abrVjoGg6BaaL4t1Tw/4v8US6/q+naTcaI+sWFokTX0otrm8t7BtLsp59VGixS89HqFrd6H4S1WbwPcpD4f8AjZZaCLfxBpEmo+HPFPgNPDGq23hTxL4d8M2l3q+nrZ+IPAOpxabcatJqHhoya3po2aPdXUMWhXIBseN5vGHjoaPL8J/FN3deD/EB0Dxd4bi8RWTXfhy/8I+EPD9hFqPgnxNqlvJo2rC78S/2xD4hguH8QalLqOl2F+09tqOn2cmk3HqkWial9o1Lx34h0Lwlp2v6L4StbPwlqH9hQ+JdX0s+FINX0XXfFtxrMmsHSDpEC+Ko7zTbSWO11ybRhfpeWNzdTLFb8nffDvwtompavbaprvxMtvAt/p3hV9Z+Hj23g+b4ceHfAF1b6hYiy03TrHS9S1XRdKvI9e1TTrm9ge1uotN8Oi2uNQttI01ZD0PjufT/AA8ZPiX8MPGfi3WtA8T6VBoY8G6JcxeIbGC88U3GhX/hDxhDr1g+tx+FPCnhmVL+bX7u70rVrS50m9WC/tbnS9O0y1QA/nK+PP7Hf7ZP7bH7f/7UHxbtPDOk/Df4AeIfEfwi/ZO8Xx3qeAb4fHP4S+Cm0zxF4q8ceN/A03hO08ZeKtI8QXynw9J4ev8AxNocEPg7Vr7xLpUgTw7pbXXqHhX/AIIZfAKfxN8OfhvpEEWn6X4P1Gw0Txj4i8FaL4J0zwi/i7w18UtU+O3g/wAFah4k8FW3hP4ppc/Ce7RLXTorjWL7S9a0fUI4vFF7qOu2FlqWn/vF4n134k6t4qhHw50nw/47+HfiX4eXWiXHic2+kw6i3jnw/f3KeMIdXvLWLS5bO+vtPk1bToJmigtdO8Q2Zg1CysonSG48d8RDT9A12zl8F/Fnx/8AFzwt4b1vRNcT4c6Dd6bZyzeOb13u9Z8WT/Evwtaw2dp4Yltp9Yi8WaJ4jmi0+2ee0htnsbW4061uADq9fs77Xbu0+HK/ETwprvxGN1rV5Yjxlomi6v4t0Hw2bfWLTSfFHw5sdO1a5uXecal4edr3V9WQW2l2tzqmp+XdXdy4z4bz4g+FNQ8U+OvGGk6NNaW/xatIPDup+B7yeG6srWTS9D0UD/hEPHOq2fg6TV9YntNUtX8VaLearDbR3Vxa20DTNdyQeaeL/C/xX8VeJJvE/wADPhx8JtK8byazqmk6L468Xxf2JpHinRNUvtV0y20nV7LTdaa/1nQoPB2iJpGi3WoWWpWOt6hc2dzp0Gm2tijv2Xw51vwF8ILr4rw/EKfVdMln1Hw1rSae+hWut6Daf2Z4al1Q+D/Bvh/TdS1/Q/DkPhPXtM8S/br+x0uGwniS+afUb7V7LUdQiAOm8WftBa9bXPizVviH4b8Daj8HdW8VeDNF+EkmheE/Emtx2keqtq2kajc+L77SbRrxNXv7ltNeGCDRotDuYdV07SI9Tnh1P+04u08QfB3w9470jRtN+Lnhoy+AvCkGoeJNA8LR2fhqz8D+IdCtPsa/Dnw/4yl+z6j4nh1TRpL+4j0OLSRZpLJa3MV+L9oYmk808C6Pomu+GLa+8QQeDPD/AIY13SvFHw4aDStJ1CPRW8Q+KLHwnbWMOlGM+HJ9aPiVbC31S3Hh3RbXTIbiO7mh1Rfs0Tzz3EviY+FNT8e2nhTxrH8R9V0Xxj4Pl13w7q0Hjfwkmj6TrWoaD4P0zxtomq+JtO0d77ULxrtFtNOg+xeFbu5vZdVuNHsRcFgDsvidoL+LfD3h/wAUeC9Ouba4Txt4XbwXYeFdXsr3xNow8UX9tbaj4tu9Y12y1KLTtLstEt576HQ9FtpLU2tq93JcmGRntsjwF8W7zwf4f8R634/8FXnmfDTTvh1Hf3+ozXXi27ubrULDVbnxNqng7UrnSbKbXhaaVcSWuo3tt4q1SNooNS1CWMlZZtS1/Dnxh8P6/oUfgDx54i1fwhJ4W+Hlt4e8bWXiTWdO0y1uvG2kW0Vra3Gj+ONGiTUAr3F3cTvr2kWccbXWlQizkgk0/ULR+qh8OeA7eK38L/DrxLp0mt2Pgm2uCPEFre6hP4j1DSvJi1PUbWDWvsXhvWtfn0SK+sfEM8EVrqlgb2IX08Md4uQCPSfh2vjjxr4dvdd8MaT4g8Da1411n4pNe+FPD9l4Ffw5Nc6NcaX4RsvGDT+Ip5fF0wnvdZ1I67p5dl18aXe2ltBHH5qxeNvCVl4xXwEYptPu1sPi7lZvCmo6taWPhrUtG1mPwjaaTbpp2vK9hqFl4GvdY0fWLnT2NkviO1WU+RIqwSchr/ju5HgG9+Iup6bpt/aWfhbxFrupeEvD62WjHxfrHh6dB4Z0Gd7WZPFsT6vqGq6b4h8Imx07UBb2moXEV1bT3r6bczec/Df4heMfCfwj+HXxc+KPwd1jQrrx18QrG8vtM0i71PUvFfw+8Jn+0tcGveKPHiDUb7VPCurT+H9GgWK/tNAggWeCDxDeR2Mk04APeGupNMupLWPXPC+rHxR4r8H6J8OLTxDcJomtRxeDY9MaOxv/AAUzeCrVb7RtbudV8ZamkHn3UtkPJjtXzYwwcv8AEfVvHnwq8Z2V1oV/qmm6defEWw1L4kxa9reteOfDyad4h8KeKG1HVvsKarqmqeF/ACaxPpulNc3OlabpVhc2cd7LYLZQ/aGs/Em81Twl4U8K+BD4g8JeHNZt9bg8BeH9Q8Rv4q8b6XJ4m8VXWq+HdH1WDxjd6voesahrl1o/9rTeI9Mm1m61mwvGsIhcBFivrrw3w38IfEeh+FLy/Pj/AMG6z8SAnxD+HnjPV/DninxFpOm6lc6pfaLcTQ6l8VPHuqeMvGSR6BoHhu5e+ttCjkFpcWt1aJcWIsAxAPc/iF8LrHQF8G+J9Ol8PW/hnwpF4i1yw1LUNN0nw1rUFze+HLu+1G9sNS07V9F0fTntdMTSLGxutS8O22pafo/h/US+om5vYJm462uPEnx0tdTsdK8CWl18JdK1ZL9fih4wU6hrhg0+wMg17wkLy/0+8udHuNQvbae18R6MLCXUdP0nWr7S9Ru77UNO1Gbr/DMPjrwd8PNL8D+N9V8A+GNR8ReFvEcOvfELw5/aWm+Hl8YnRdG8NaPr9zJq2qaa8em2csh0cwC3u5fEct5oevaebdJLpbfW8CeJviRJeanrup22oeFk8A63eeEr1bnVR4hHjjwlpeiancJq1l4Y0LSjb+FIr25eG70CabSL2+1ay0mC2kQNexXEwB5r8QPhLrni3RvB+u2Ra21i91zQV0DUrC31jw3rnhyTU9Q0+31KW5fxR/wj+q3VvrnhzxBqkWqW95rkXimGS61O10e8kkv7qHTvNtB8LfD/AMXX3jfwb4D8S+I9O+IHwg1LUtUuNRHiLS08MeF9L1xNKv7z4d+GPDPgvxhe6xZvbS6E9lJJBbtezXeh67p0eqwW19mT7MFx4a8Wyr4q8TnxBoXjvVjrJsn0zXpPDUF14d0/UNV8PXl1HoMeq6hHPdeHdIvbHUb691TTLW4udQOiLLb2d9a2+nWHD6pbfDVINQ8T+CdC+FPinxF4T+HtxqsGqwS2+k3ll4H8QawLzQzdwtqCaFr1xfR6J4g1BvEF1r2mz2E0LSW8caahPJQB5mnhLwx41+DPj9tY8JWCa5q/gvVbzxdPomi4ns/FerSyXtjrejy2/hq+07xbd67aXtvZeLPE+jm9Wy1DTbQvBtMslp2lxeajN4V+F/h7xX8P9K8TeNfEer+KxoHiC48Ix+PfBvhzwxq9pdLZ+JPFmpaPBpVnZ3d5psVv4VihsdRW4lW/NzPC9rBdvB5npPgjwFpvgjwRe6J4Z0rSPB2s+GPGXww1LwT4dtZPE/iDTbbxDerrvinxJ4g1Y6nqM+u2L/8ACHaja2EVppWr6jqEs1olnfxI0r1t+O/F/hz+yf8AhAPB2hXHgbxt8Ofib4bsfC1lr3g/xN4J8NeK9O07+3Na8NNpcuh6zaQ+IPD+jafYa3q15Z6zcSafqmo2VzGbfTZLq1MQB1kMni3wB4I8X22p+JfDvhHS5tav/E+kz2R1k+K9OBfTvGk2g6m114r1OWPUf+EdsLxruO61C0srud7ic6PNpFs7XPB31l4r8VfAS0uPHPiDQvGXhHUdDur2HwX4K0q9/tLxjeeIfDKg6jrWjavp+s+I9Ks/DkeuQTy6DpmlXOt2y6P/AG7fX1/c3T6a3C+L/E+ifFax0zQPFHwu0j4YfELx7fy+H9RNp4jGmQ3/AIhsr3X7Xw74g0jxHp17o17a3EPhnwP4gi06x1rw5FPqlq6eG9WubS1adpNv4h+C9UPxp+Dnw9t5dI8RL4c0/wCKvjDRNT8EI/gfxN8LvDmhat4ct9QM+iXF/qOneK7u/XU4ND1VtRsmTxBpWpyX1kdOET/2kAb+qeEfH/iuT4Z6n8J/HN34E8O+B/hZcW1nJpVhaalompaC0elW134S1Xyf7A1RbYppNjcabfeGLabxVo81zeJcjRXuLezmz/hvpPhLxFqHxAg1K91d/Heo/GjUPAuv6bpureLr6S9HhG2hv9D1DxNB4p1Cxhe1u/BGm+GNJi1zR7G5mtbm5nvL3VrpLzVEj6PXbOe/0R7XwJo8Vz8MrLxFovwsgl/t7TUt5PDkP/CPTX3i/wANXlroUljY65rGs6lJbX1lH4g0+W/g04DT/s+uSAWvrHjnxT4a1/V4/Fnwq8N23i4zXdj4F8R6laJewxnW9EsvEEOlaF4+sJZLaUeEtT/tUTwa3BHdL5d/Y6rdLd6LcJdRAGd4v0jxX4B8H/E3Vf7M0vT9Z1jW/CrWXh7S/Ft/q97Z6V4onhsdd1DT9Zt7vRvEB02S81jxMmiaVZhZzqO2XR7ZLqcQv4r4O0DUryXSrf4c+F7b4feFvCGoX+o/HT4fXsninwv4q8T+LYls9c+GcVh41fwvps2s31lPeLeeJNRs9XuvISDTY9Q1S8t57iaT134o63feA7u88cXHhy91a28N+HdH8NW8nh+C/wBK0vwjLoFnb+M9TvV1bS9WuI4fA9xHotrb2LXmhaj5usTDTdQvGspmtYOTl1vQPi5BD4Hs9B0n4l+JvCXhPxF4r1d9Q8XyBF1/xLKbmfRtel1TSh4v0mEPdaUl1DocMVhpNh/ael3FtaRWNlYXQB2Pgu11a88OeL08Saf4i8DaP4a8V+IfiNpsGg3v9sw6/wCGNS8UXkt1Jofi6/0a70+KPxnLa6rrTeHE1yfVtKGqafHDqOlwx2VzHdml8QR3cvxSvW8WfDEz6/q2ga14GtdV8I38+o+FbbWku7bWdJES2UiXfijR9Ik1DV7ia/vNR0NLrWbO3tkuUkvLTiNM1T4v6Z4Mv9B8RT/Dbwh4esk+GR0X4W/D7S9R+IOoaH4F8XfavCOtp4h8PXlj4K1a08IpG0mt293e20tzpV3p+rXd213Z2gsk6PTrWw+Gnwku9L8MfD/VvipZ+GbvxL4ij15vEkdhba9b+I/DrSr408D3urX+q391cagniF7TVI9PkgWO9vNantreaWSzhuQCDWfEV74H8YWnhrwbP4X1LwB8QdVlvLmSTxjoVoviDxdqdlrljZeD9YuvEMni+81W9ubjw5pmgtBZtpTxh55bCO7Syure1qeLvhNeaj8T9EnVtdeOA6F4K1ybR57aG28B6RY2+k+I5bDwpZ6Q2kG4k1zxh/Zt1rev3VrBY79NtLK6sJLGK5t5OQ0e3+Avg2+uPFngHUZ/h1o+t3fgvXJtYF54l0D4deEvFugajqulyXGs2+oNZeGZm1lZ5tL8SaHpWj6ckfiGCODVr+DUr7TbyHk4/hfqMPxm8cX+reLPif4o8H+ObLSta+y6dc69ZafoPjWXWLvVJZtCNjfJ4q07w2uqW0s2gXh1mHwPNbXUjX95NJp1i94AfQHxme18H22peLdG0G+8R+PPDtnqGo+EdC8Ta/4Ntr/RYfEcdzYeIrPStT17T73W7LUL+0stVutPgt49Q0ycaXDY2lwumqtuPJPgt4F8Q+LW8R+E/iTouufD3wPD4h8S6ho3hy30G0sZ/HOm6/dXySTTeOtK8TavrOn32uyeItG12/vZ7Pwnr9xqVzO04OmwSaZYc/4s0zxdq3gTTfHvwz8d+KPH3iPxDN4UGqaNrGs3EU1+JJNJHiQ6Td+GPA+u34jlghHhvXtP8PLN4cs59Su9fu7ewvbeeWo/Deq654s+FXh/w58UvGfifwHfSeFLbw5Z+GLfRYv+FleFZfCk91ceKrfS/F1hPYX+sanq9pb2trd6hH4ZCLpmj+Y+kmXVraK8AO9uNY8K+Fbmw+Ffh3w14g8A+LNPn8NXNn4E0nW7fxTfaD4f1y312bWtenm0l/Eer6PoMGs61qOl/wDCQxNp8MWrWtha6nDa6D+9u/5sfhl/wRk+Kfx0+OnxU+N2ma58cP2Vfjp4f/aY8NfGvwR8U/8Ahcuu/F1PjF8L9e8J+I9fl0iK612WMeFNT8H6trXi3w9pujajq2qxW11dm08Q6ffaE0cl1/Sz4g8JeKNa8H+Hr3wjcr4Q0XUfDPiq0+Imm+FtQ1fxVdXcGp6VrEgvNSa50fTPG2p6FpsFjcNpMXhPVdGbVNf1driIQrCZHq6xLofi/wAC/BrXPEeu3V74U8HWWlaXaaF4cvYfh344gvNVsvB+mWHiSHxe/iab7DetbapMr6CPEtnfajoHimRVa61OwiinAPWrP4heNdV8D+HNN+JtrrUHhLVtQbwzM/hS5sZ/HNz4Y1LSbjw5puseJ9V8MX9gfD99q155mtrqPg2KK5tYZllmtNGtbC+ZPIvAPwg0+4g1Px98I9OAHh/xQIItFvIZFtr99LtJ5Ynu7CLxNd3/AIi8V2ciw+Hru38W67o8KeNP7Q8Saha3F3a6daJ5t4o8aeA4/jNpviH4d+JfjHYXNr/wlNvo2iXN/q2kfD/x2+r+GfE2pDU9K0vxHPD8P/HesWniWW08PaV4bil0TX47+2u9Q1K7u7NY2r7A8Ia1JoFpDZReFPC/wu07xZJqHjPxtqugx6PpaSeNpL2znjfUr7Qddu3m8Ya48tpHfaZJpuoWl1Nbaki6hqdtCiXIB5f8UPEfxg8F3nhCXXLqw8Zz6/41m0+fwjc3GkW+pWmup4O1C6tR4ftUfwxD8QfC+lM0er3/AIee01HxDa3VpdtaT6o9rbpH5X40/Z98V6L8NPit421fxtqvhjxp+0JFLpXiHRU06KP7LoFjBqlzZx2L2v8Awk1npWpNpEFzeaxLZ3Wn6fONQ1cSTae0ljLp+v8AEz4p/CvWvEnhzwmfD1h8SPHNp478KePNYuL577SNO8BaX4es5deu/GNw2laXPdadNZRLYXF/q1/ZaFB4httasbQyXka/2MvfQeELTxppd1aXvxB8e65c+IPibJ8OtH8M29ta+G/Dvhr+xh4o/tiPQrLXtFtbh9EvvAt/NbX4gE1veppkFzoNxbytFfAA8/8AD8Hxx8N2HhC6+Ffw1HhbxNLp+saf4zv/ABtNpOraF4b0jQNbm1Kxm1y/v9YbXrjQ7ltXvLXwkmnW2m3L6Lb3ktxbwqLC3te706/+J/hPxf4s8e/EvVYoLfX7rQNd0DS/hJ4X0i+tr0S6LpXhDW5fEfiCXRb+/wBI1nXp59OuLDSp9RmFrb6LbQp4nuLUTJb2PDvga2+GPhIeGvGOueMNZ8S614y0qKAaLpuvLa+LLDxCINEjufFE2oeK/Ep1S20SyuL7QrjW9S1iKGztYNJb7JObLQpX4XwN4k1zwtqvhfwy2i+B/hr4d8P2fiyfxH8GbS6tZNT13W7Oxv4NE0m3n1d9NjS4h0TQL3W9S1C8Gp6d/Z+qQRWf2y3gg1cAHLaL4e+Lth8HNI+Jfwm1Cx1zxZrlpeajPqHjLw/4cb4nxeAdc0m8Gjy/EC50+90toYLObRtJsNXNlba54iaHSbq6tprmfdZJ1um6V4m1ay0XWvib4tv7bxpqeqeF9S1fw/4f8TRWHha41P4i+KGsdH0uHxo1xokOq3Hg/wAHw6XHcaVokela/q2mxxW8t5fHVzHPQ1KOf4qTaB8V/B9/4h0fxHpWueMDYWEfihrjRfGVpZat4h+HeiW1zbaP9mP2GRodLOm6TBZaRYaTdeI7zUo77VSNWEmLqcHxCXw/4Q+G/wAUNa0bU7/4ieGtYlstUg8G22uQeG7nw14c0S51SaGy0LQ/C+uRW/h3xmLLS/DmmRfYvEsupJZXBvUltltZgD2bxj8FPgLYeHIvC+r+G77W9f8AgefD48Or4Zj12z8XaLpviPWgnhDUJ/7Y8QzXfi3S9PaG2m2395cwyar4cupbe18+KK2i4PwAbSy+NfxQ+JGu6do/hzQ4vAFlq2m+M7/xVq3iI+JW8Qa/fSRafHBZGURap4b1HS7LR/EGg6drWox6kL/SrOE29lpmmW1bfiHS3k8L2/gjxL8a7eHx5Z+DrzwrdySWXiPT9P127tbqw8b+Jo0vrvxJFqEmtweHrZbfwDHc67p3iDRLQ63rFnf3SeZLB594b8H6JqPgjSNc+Edh46uU1rTLO4uPAF5qurarqdzpGv3cvhXxjc3Y8f3OveEZr7wLcWWkanFpFjY3UmnX+jxrfxwWur7kAPXfF+t6X4pGjte6BF488Kr8LvEupDWf7b1HQfBnirUAjtoOg6dpumHxFrXirxD4k0bRZEvI1m165t/DsN1bXOmRprAtrnzXwF4V8Lr8F/E3xI8Q+FNe8HfYPCXibw14Q1x9b1XU/Hfhq61DTtShtYLS0gsNa1CBNAsNb1C3tZfFOkW+p+CJTrlpFpNro8ojhxfGuj2PjfWvA3gfxX8VNO0nxBokPim+0XXPDNhq83iHxfc3o03T9Ok8PQaLJpXhXRPFHheeUeFdS8US+E9SaKGVP7HutGvLme2tvoLUl0hG+F3xO1W18VXOpeI9JTwt40+EVhqkOq6G+n+MXTT5LvXPBEbanp99qWj+ItWtrfxPr1jHZ6oI766uLy+/syJ7IgHyv8Hvh98MfDHhr4ZWum+MtbgtrL4e6jfeAPCfxBu/DXhPwzBpU/guz8R+Idavbnw9aSS+INQ1HVL+x1XUby1uJ7zS51utRfZdXN1Pd+g+GP2YvA3wv+JFz8afhn4e0LxbcfHHw5omh/F/4vyapYeK/FXxH8KQaY1n4V+Hdj4h1C7tItH8G2Wqz32uXN2wFxqF/LaBLibULt57buNJsfEXiNIfDqT6V4Y03w3cawNR1Oa0tb6G10ay1NbvUPC9t4nikmtPC3hm00+LR/CkeoWd3NrOr32nTTRaVZpoV4kvM+J/hPqWt+A7LW/AEvxWOoeD9U1/RbrRfh/f+APAmneOPDtx4z06/vbeO71Wwkgkk0zStNuJ9Ens5dO1oKdUjur+3mvvPoAueJfht4Wl+Fvgv4A+JvDWn6Podt4e03xHa+FNJ8f6TJFIuleJfBdzF4dutK129vxdXmveMnnh0nUZZNZWz+ySQDxDp02qxiPz7wb4nF/pFjZ6z8PvGf8AwmXw9udMj8aN4Y8badc2/jsk6jDbaDMdB1zRhrdzFo9vBc29ufDEfhHQrq21HT49XGn299LH0Hwk1a7uNV+IGk+No5PhLH4Psx4f+GfiHVrXTzo93Pqtzd6po1lpl74ttlnstZjvbWyv5PDlnoVkUutMs9RnluNJvdHtoJ08Z+LdKsPFlz4m0PWdR8U2l14x8SaL45vvDXiK98I+Cvh/fXt6btPEGtafq+heFvEV9Y2WrPZnRtLv9OvNOEFzAzXg0xb24APS/A/w08MnRfHjfDzwr8Tvh74iufBeksB4v8R6f4zl07R9M07Vv+EZj8HzeIb3xbocd7pcj3VjJpH2u10phq9zcStextHIfAvGHhjVLH4W+FPjvZ3CeHNZXwV4X1HxL4o1nwCNC13WrHwnY+IZviRpHxD0nwhol1YWfh7VfCEEFjoVjqGrtpbahBpk2nzpc20Mt16z4g8F/E7wZPol3o6DTT4u8Q+Fm8SeNdEs/DNy1l4cOr3EUei2sWl6dZal4attP07UdG1zRZ9TPifSZH8O3ek600izi+1Pzr/hMf8AhJFm+Fln4+tNRj1+0S//ALNk17wxP8WPEemP4p1rSXvtesdb0Sx8Gan4fvlfwadK01bb+0La2k1PR7QTQmLaAei/CG9v9E8D/C6Pw94M8Xaz4R1HQvFep3Hh+58Uz+KjBqXxLvn1LRdQu/FGmWWtHxLPqraki21zDd22g+GNKvbybVb+Vxp8dd7pFp8LvhLeeLvh3omkQa5pXhyxs/CGrW3h7RU1O68K3XxFMWsT6brk9/qZ0tLpLxp9e1qLT7G2hs9C1HRrjUbaz0ywgumwND8a6TYQ/CKXxP4osdD8NaBJd+CrPwhoPhnW/D/iDWdU8N6WfEN7DbeFrPSLbVvDFhox8O2rWEMmpaj4d1zQp4LlWcTabI9jUtF8G/DH4d+O/iPDonjW/v7nxoviTU30SfRPHmqfEPQPE+snS/D9rcXOpW63+u21rpFxpcyacZx4o0+xt7LSNNvp4Eto5gDMsL2w8A2es/Dv4WfCfxBotn4Q1i2b4d3d9e2viHTvFmp6v4h13T5rrxRc63fO1p4a8MeK9TGsaVpdvq8WsJZ25l0W1NhbzWyv+I3wM1Xw74V+JrWtr4Ku28eanoOlaXot9f6trGn6ja6lePe+LbuPw3praHp/he+1SG+8RXGunSUuLbWLREuNWt7sx3i3flvwd+KvjW58VeE9P+Jfwx8Y6BZW/wASNU8FXVv431S0kh0seJPDzTeFPFuk6xrOsSveSX817e+GfsWiT386NCzLqFldNfRap67q9ynw88Sa9odxr+hWXhSL+zdf8c6hqVt4rbxNJ4ji1mPVsxeIR4y1fV7zw1pcOueHbTWNOSzPhqw0q/vhcatbWjtYIAYfw30XxD48+HHh7wzrHw5tvgpqeu+F9M8UR+HA1vYPYy+ForPR9bsvD3hh9Wm1Dw7BqH22RtP1jQZNG1nS1v8AS5rwLdSNDXD63478E+H7mP4P/HDxLaHTr7wHrnh/WvCei+LtDuPEeh6UuqWuoaJrMl/YXHhUy293bLp0Nij6Pquv39xrEMPlW6Q395qdab42wfH7/hMI9L8WeGdGs/A1v4U+x6p4U8R2XijSG1/Xra3urJvEkVnqen6uZfD89hcWHjDRNY+0SS6PZWV/ZxrLftFbfR3hO4+FWpaPZfD671iHQJfB+oaJ4Y0u1sNA0fU5fE/h/wAP6e1vqXh9LDVU8VznRNQvtO1jQp5iunazdCyFtaXMubS+ugDF8nTvhd4q0X4V+F/Cy+G7T41+JfGep+F1g8H6Y/h3VWsvDui3M5m1rw/Nazafc6hZtq+pQW+s3v8AaurapBc3keq2FlbJYnlLT/hKL3xl8VvBB8M6I1zpni3StB8O6HZa7IZIYJNA1C7s/EXiXR7eSxe50GG3isGvtG1HXRa6nYi7xdz3CWmjxfW3jlo9X8OS+EfCsOlL4X0m3tdFvrnQb3VdK1XSrtTHB/YPh8+GpP7V0XUILJjPJdI8CafAEWdDbSTSQ/n98JvEdr4qsL1I/GfhnRvi7ZSzePvFWhfFmWz1PxfK0Wj6xp7Wn/CUPYWVh4YtksLq4itDpvhzU1t/DZj1TUrPzNdlWQAxvDuixax8W/C+m+NPg94i1nW9C8WeF9eSHWfEWnf2ToumXtkmp+HfGWj6b4N0Wz8IPa2ureEdV0ZYvEGpjUdF0Xwuk1vbtq2vR2moaHj/AFb4r+MLLSvideXdj4Cv38X3ngy08PeH7rUPEEkmo/8ACWafb6CdT1fXtN0H+zdOvrU2F34bt5fC2paZDaahexroniTU9etIT9y6F8Qbjwvq2k6S3g228OeEntNT1TUdR03w8Z/DdraJczW728viNJNPj0+7t9Rmh1O8e90pLbULbXTcaS1xbWGoXafKPj2eX/hLNCutP8XWvibWPCGt+MfE2s22p6fri6jpFnBr0M2g6V4elhOkaZqfhqwm1K1KHULFtOvjoNndza1CmhQzwAHE3WqeLPAXwm0XxzD8KLvUfEfjXX18b6TrvjBtN8W6hJ8Urmy1HytX8WeC9Fli8L+HLCW3u4tN0y+8P+I7bWbvU5tJso9KmdhA2VoXwx+LGq6T8R/EGt69efDfRP7T8jX/AIaap42tvHvg7UJL46wPF/ihLTxDbaHe6PY3IvbldR8NzPaaEulrqUmmIszaZqdp6p8IfhJqdl/wiXgf426t4g8UeOp7fxjaaH478HX/AIy1L4e3sun6VoGnG38U3tk1r4WhuYk0FXitfEum3kE8sTbLuXU3vVk3o/Bvia58P6/4J8D+ELzTvH1hq09rrPjyDxGdajtNS1S60u01m38U3XjRNM1XxaH8PQ2GpRXI8O3Fo+gwHRdJubZ7e2uWANXw9cfCG78HeCLm7W9u9Ghn8deDvEFu3howRatc+FoNQ8KtFr+k6BbT+FdLsUsNCuLSDX9Xlg0eTTtNSSFWCW9zaeK6b4n8M/8ACvtXn8SePrXRvhbp6+GrHw14v8e63eW9slre2eoabqHh0zzHSPh/4ot9KkvNYin8QabqmqRyWEVpYPpE3lWctxu+JfDPirwV4W8WQHxbbW/j7xd4mtNN8KXcmoWOg6y2q+KPE/ifUNE03xPqGrajFY+IPA2t6fJYeHvDkNrpGtan4el1DVIrRJvssjwel+HtJ0ex1jXvgX8YPDnww1vwZq2mLJBpN/4bvNE8O2XibxJNZ6nrXhLS/EGoWd1YeK9T1O9TUddvtSMthf3t837u0LRXRtQDlvEHgi48P6Lremabq1xqlrfeCNe8QfCy413xL4rtLW7n0PTPDmtmPVtR0y50+0sXm8RnU72bVtWudP1ZzILSCzezs3UdBoXhT4dfDufw54i1nQtL0mw+LHgttCvvHelaQ9trdn4gvbWLxBa2/jnU9MvdOt50guM2+gX7aU1xLfXiWKXNtd3pN/wvjv4X6jOPBOo2+n/C3wt4U0LTdcnsn8PvYazYfBKDxBoHii1s/GviRdW1HTdP8Yx6ld3tyqldLWKK5uLqKW01Zmjv4MfSfGPhzxr8Urn4Z674V8UweJ/hvbabBqXiTwt8MdN13wPJrVrDoWrv4+0nUb/wpq1jpcfl+Gb/AEaCwPiprm0t7HT7O10y51MRCzAM8fC211aTxl498N2HiLxTb+DfHXiTwknwo1a7tdH8JfE+90qzbxNcQeFdbudUvbDTdOTxVLqV+t5eajJHb51rwprUM0EFpaab9E/E+80zw+ng/wAPyS+MdI1jVrWy8beJ9JgXw/rllZ6qDpj6dBf6tqV/b2Hhgm9tNQGn3Ni9l4bkuI9RikgN7f2UdxwmrfEK+8YyXcOn+I/GPgLxJpD2virTfCq2PhXVNK+KXhjTVhh1jSrnwdfTarJ4ItvFkD21zJFq13pesW2nyXN9DNp8g1qKD35PE+j+Nb6XxnoEGh+JbfVdE1Hw5qdjf3trp9jbeHdHuNRkN09tLpl/cxabqlxHPZy6jb3c1ldrY2MsewTERgHxZ4L03Ufibo9x4S8Sy/GvR9YtdX1bVLfU7Pw5aRa7pK+CrLU9Fm8T+GvHML3+lTXXivVYNf08waOmi+J9d03U49Qt7O2tvtWoXW14L8Sah4J8V+MPEnjHTbHxhrraLaeGNc0bWvDATxWPD1xcabY397eXAfVLjw0PEWn3ul6jaadrF/rUGq6ZpME2u3OiTafqkkW/8NvH3j2f4pavpGo+EfFvhHQfh94o8PHwtpHgOWDWfC9n4W1bSbvRdFk1PQtL0nTLvWfD8Vy1zocEel6lqmn6VqqXmr6lBaW2nwXsmF8Yz4p/aA0DT9/hfQrXQPDPn6p4j+LXxL8HXnhjxLpsdo9r/wAJwnhLw7eaBr6mzGk38mjWek6r9l1O/wD7Ov4bPUGkCatEAT6p+0TZ/C4eHdE0RvDd38N7+SHSvE91pWi6jpvgvw3Y6hea9OuqarPpuhrZwX+kW+nXUPiq9sLmys9KvljfUk0e3gg+0+meHPCHgf4heHWvPEGieA9b0XxHrej6jqcXw7Oq2zWtj4QsNSn8M2epWj6xbWuneInzpccyg3x1TS7uXw5d2V5pVib0+e+LfBXwX+Gvw5+IVlY+DPBXhzw18Q/CV5J4h1i7+Gl2dNn8N+EtM8Taq2/wXod1bXlpe6GzC4u9W1l9GXUNTvlWwuWkurWCHa8DeMdE07w34yv/AAn4N8Sy+CG0Hb4d8VT69c+EdI8fx+DvD3k6T4f8PWniLXNZvNQ0TXNHgnvD4s0O3hW4iv4JY1ku4p7hADyn4J/GC8h8O/ETxv8ADzQpNR0q18N2vhvQ7nVNMGs/EjUNY8Hz30g8KeIPhr/wlllFBr+s2l8+o3kUFj4f0v7Ld2Gtyag0eq7NJ77RvHXgrR/jd4uuNB8MeLtA8ReMdC0r46QaZdRahY3uo63c/D6bTdZ8KReGdK1LUjd3M0VjpJ1fwrfaQqrfXZ1KVnv/AOx7l9Lxh8NfhQ8/joeIPBng74cWl14atdC8UatouoeH/Cx8S3N/aaBrVt4dsPFyi51jTtM8OeEPCq2HiCa0bSdVFnay6vaaYmbOaHy8XHjjRb/w3JZ6IvinRNE0z4d2Xwo8H/Cl4PEi3+tzPJq2l+KfE/iM3v8AwkQ8Dz+E9Pg8MXWq+K0k/tO58MXWoW9hb3R06O6AO48SfHjwv8M9Rv7bx58LNR8M/ED4iaV4JstS8G+H/D/iDxePDem+N5V8G+D5r3XbXSdU8GRSrqx8UW9rHc6l4ftzaG1tby23yQmug8JWfxh0z9oLUtK8WfD608VfCTwT8NPCnhmTx94gi07RJ4/Eelag2u6n4t0fTJrzWLbUYW0tPC0GoSIBeprug2qSwW1t5OJb3xdZ/FHw9pnhu20rVfBPxr8VeBYNYvLPXvAF/pieHvh/4f8AiNZWl5bXFpca1baEuo6Rb3Ty2Gn/ANozX4fZeyQTBxbycF4i8I/F7w1qmq/EvVtbvda8BXmk6F8OvBHwp8K2Ooaf458V+LNQ0rTLe68feJry8uL/AMIeINQtIrzxLeXtpZaDqXhu5sbexv8AWbq7TRUmsgDs/HkfxVn+LHjq28LfD3XfC+jTtLYaH8RtSfQPFmiXGh694X0eG4s9I8MW+qX2q6O+keM7611PULuXQjpMYsLlptR022mupJ6tt4m8Y+LNCk0bRvE19Z6VZ+NLbxFd3HhvWbbx14gv2W28M3ngfRfDtjBp+kLovg2XxDqNxqOqQ67cwi1sNDvbOZxptxPNZQeKPF+ofC/4H6F4k8F6Ncy+M/FHxI8X634mgN6nivVB4Q8Qy6t4s8UaVp+sx+Hn0XUZLPR7G0tLjS7DVtH06x1Gyg0m28QXF3b20N36votn4a8PaHpOg3mkSavp+t6P4h0zw5faF4v1CX4karo9/fW195b3/iOZvG3n6J5mu3cEuha3ds9j4ee6063ZpbXT4QDX8GeKdB8E6n4Y8I6h4mXxF4w1XQtO8Ual4vv5NV8K+FtU8Vx6XpVtZ6Be6pps+o+F7PXdeE95rA0HSZGKaPaW+dNnt1ivD8z/ABv8F3XxE1+f4i+MPDx0rxL8PT4jTRYNG8WeKri10nWYNWeG3fxr4o8K6hbaPp/huTTtatNfsbTVYE1C50vWrRdRs9O0zQtVae5fw+FPhzNqWj+M/GmjeApLvxy/ilfEHjHxjq9j4ghsdN8AaTpsd9fRSXF/F4mvbewtRcTXGoW/hd/C+lwQ65e6Wqptnv8AhTxXrnxji13xp4Tay8QfCjwtpeq203wg8H+KvC3h/wAI/EpZNI8QCznt7qW0mfxDbatNJbWz3V3q/hXT0mW6j1K2lm0o2pAIk0nUJvF994t1/wAW/Enw38OPDXw1ubjwd4q02YNoYuLqR9f1fxLf/wDEo1TVbO1t9J0PSbC3u9bSG38QM+u/6FNNqSNf7Np4as/Ac/i3wJ4on8J+M/EnxX8W6X4ivdJaHxhpmgeKvDUNjc6f4Tt5oPtElj4K0iLVtL0rRdShiTVtL1TS7OKBo7ifxDpmlx3find3Gv8AgCXwy6eI7v4ffFDwp4ca78KeBdGttT1XRo9Q8xdPs9b8Zt4rk0i71B7L+yA8c0+o6HqWm6Nf6Y9hqL67p1tN65BpWgah4i8Caf8AELxr4M0/xjoN3o8aeFJNStd994Tki1KPR/DfiDRbufUG1ie1vIrYW+tfbtNR/ElkbiCONLZrC7AIPEPg3wxrOo65bpoxudN0CK0ubz4Q6xLDJ8ONR8Uaglnrmh+L7bUptNuNZ0OxsorLUbVYo7XT9H1PWpp4zFLeBpj4P4W1/wAFN8T9J8SxfD7xTfalofhjTdMli8NaPpV9omja9ovhzVmstJiVtRm0vRrvQBaanpd3b6tHq3iC11/XtPsF1C2tLqxW+9Z8Jy2cPxK+NF34m0i58J+HLiLS7DQ7Wysk0Pw3d6D8O1tb5fEz+I7O3S4TUNIF9dabHokV9Mtyvhu/uI2mtLi2it6Wl6ZZXPgWDx/repaB8TvCPju00DVbXw3YeDdburLTLTVtUOq+HfHWseE4DLr2sapd6jqH9oa3A+n28dvOdMmjg0yOyuLyYA4fW7rRXl8V/Gf4d+HvE+l+J7O6h8Kazqvxd1jVfDWh6fpurXupWmgaFcaD4XN3rVvY2Gr6hpmrQT6zo0Kaf4dv5rcajYwC4gg9n03RdQ1PW/DcGuWesaJrPhw634h8XeLNR1u9vvDelPp8uoW8+vadY3viTVLTT08T2PiHXl0jSEN/LZeGb7SpdUlsn03T7AeH6Dd+MbPV/jX4r+FvjcXuheErjx7eXGrarPFqPgG1uLfUNNuPENrceDdT1G0mi17SI7K90nR55tf0zR1vLC7uHtYzdXkk/wBE+AvivB4v8NeA/FlnbPf3/jfwYt/ZvqnhK90rxNY6iX/sfV4fGdzokl7FaS3skemQw/ZtNOlz3OiXJinaJ7URAGT8PdJ8S2Hg7WV8e2ngM/DHw5qHia30Z7fw3qt/qms+DdG87U/AfnQ6xK/9jvoUUEcjXd9byxapfxpdWgWGeO4uYtLs/FN18PLTxd4wj0Lw14vt7vwNbR+O/FsWknXbj7csGl+IdMnt/DcdlpF5M+gXs1vp93Ya3qVtPrV7cGCztEtYbJPKPizpniSw0vw5oPinxzFceKda8UXuh3/h2w8Da0v/AAtTWbo+G77TYb9NGsEsZ/DP9nW72N94nawuNP0ayvBo+ozXcqXjS6nhvw/eWnwd0iztfHL+EtD8A6bfWniDRfiBo2hQ+FfFfhW1uNfsZ7S60aC0srSya4vZ9F1G7H9i2uqWnkroc97Fez3pgAOcXxf4oPivSZ/hT4Y0XxLonxh1KHRLrSvEfxAu/CXi/RNDGk39vc6xoVpNay6n4On1m409Nbi8KaXqVpeW1poV5fRaXbau+pbe/wBN+P3iDXvi14Is7rQtX1LRo5/FHh298NeE9Hv7q18P+JPD0t/D4h1fxl4y1o6VpU/hbRLA2thcNpaaj/aPiuS4h8+SbTVRfF/Dt9p2ofErwD4t8O6p4j8VNf6ZrfxM8ZJB4V06w+H/AId8L6NoPiaw8Kal4k1rUZNUXR/iMlzqKafZ6h4TuJ7m/wBJ0pDLpcemwxzJ7b8PLC6vhcfEqDRvD3hQW3hnWtKtvH9+PC+t6he6ReJ/wmNrqt74s0a7tLm60rVoL6BL2z0e1sDZ6xb68/2nURc2eqKAcJ4b8F3GqDTfiZpaaPo2uJres6PqAu5YNebR9Bu9cn1W11zUGbTI5NEn8D+HNW8QeGdDS0j1O0guL/TYNdJXTjHZ+lfCjVI/D3hiHRvCOueB/CWj2/jvxhF42K63feIb/wANX2sXOtkvp+t62Z7HSfHGv+IPEHhO9Oka7Jbrdx3GplNNhuGaKDhtM8bfCLwbqXiz4ktp1t4++IfxA8IeN9IutEsvCb6aun2ngqTXtQ1p9bvJZNb163TX4oNF0g6cbvUri9Om2Vxpulx28VysFP4a/ZfixquqS+KfHtoLCwuxoum+FdU8P+EX8EePLDR/FGr6rY213LcXGpanqXjDQbTwpqot70+IUuNLtktNQvNNstUh1K1AB6VpPij4bXni690G3+M+g6J8SfCUd/8A21NqHh68trx9X1vxDp97o+m6XL4n1C8ggs7yx8PtHq+j6JOkmp2utWut6fPpsepWk07LvVvB9lceNPE/gyPWtJ0XxFolvrnj7xLFrPiSO9Nh4h0DxPqkt14FttRh/wCEYvPFFndWulzM1td6ld21k32C4SGDTdNgb55+D2karr3hDxZdeENFsrSXWPi5rXhjwxqk3iXU/iH4L8TeFNIur3UZkXwfBc+D9P0rRrSbRLnwV4fkup7edl0yy05L/VNKEMt3LF4s8b6NrHxF0vwP4QvdUstb8Y6nf+KYNMj8B6fb+CW0OC7v7298Vy6pruqWlvc3Wm6l4Z/s7wLqV/od3Pp0N5qiy2qTX1vAAegXfg34X+X4w1vwRq3inxVquvQwR+K5prvwzN4Vkj8MW95pHh+08Rx6tpcF1a20Gqx3uqqfDdhLeSX0l7b6fLd2VnHbw0ND/wCE/v8AwL4Y1jwr4Q0rxt4W1W+TXPDNvbaIIPDFnY6pev4chS4l1291PU9J0fT/AAxqGow3Npo/g6w+2wCCGDWRama4k7/RZvhzq+hap8NNOntPB2meEdb+yDRI/CthYDR9Y8XSWes6X/Zmo6hDY6Hfa2kl/f6Xptj4fn13T3j8Rae13He20xM3G6R8Vvh18MNQ8XONU8P+GdB+HieJNJk8QeKfGUEUMXh/XdRuNQvdVvtFsLuxmTVIfG91pOhWeia1pem3mnxrqEehXNx9oKXABteFLEeJ/CHxusPGviDX9e1fwte6Z4uTQ7pYvCviTQtQubv/AIT2PR9I1GG+vr6TRLXTho3htLCawgtbi00B7S5W5hknNc4vxn0XQtQ8I6B4Bj0vwx4Nj13xJ4St/B83gfxFpOl6FrGklpfFd1dWPhS81Ea2J11W5stPs72xsdG1vV4/7UtNTlL6V57vAPiy5+MeneH/AIj+HfhWPDugfF/xJ4dMGt3Nrb+IdYF3NY6kfiN4tlfXbiWw0nwRe+G7LTNE0i+udLt9Rkup57C70u3e6tzXEeJfiJbeMviJ8VfBFlN4jl8AaNc6l4Z0L4keGL/S/DV58O/HFzrGneD7bQ9I07xrZ6bZXN7Jq93eXNrr2kvqUtjLY3C2Gqrb38Ol2AB6Z4D+weD9J+IVna3WgN8TdR1vTPB2uzT6zeeOls31LxDq9l4dTXtAvNQvIPDmj614bsNElgt9Q8S28sK3TLLbQajGzX3fav4V8G6i954pvvA2t/F3xpoPiLw9p1jaWniDTxoPhnXdOtTFp9/aaIl3okel29pcXNtrGsXaaX5qJrcU1rPc2scJT5A8PDxZF8MvFUWp6b4N+LfijSNZ8ILZeMI7Mp8IvGMuq+I9LtNd8T3Wl+DbO48T6h47kvrS6gj1+30zXY9G1i3jkh1G0hl1OJPdbC88Q6R4F1/x7ot74T00ab4iFv4evvH9q+leEtYvfidrdhLq2kxazPP4g8fWeh2upXmjxpDqWnaBcHWbG3ngMGiG2s7cA29Q1fxHcXfxO0rxv4L0LxTb2WlaFb/CvRvC/hmey0uw86x1KFdHl165lgi8T6NqlxpmjXmoWlnDdQaRFrMEN+ZtPtJL5fM/BnxD+H3wvvGvvHPjLxvoPij4j3Gm6/4gj8b+HlaLwtq+seFtO8M6dp3xL0/QNPm8G+G9PubTS/D95pUUV9pGsJ5czsnlpdquhqSP4b8YfDDwd40mj8XalJd61rfgzwZp0Om674ZvLTwzot5DqWn6M1ppOlySaq2kpe6JY6l431zR4rNE05FfUpYNSD1fHOra1b20fg66vrnQP+E9+IGg61b63daDd68mgWfiSXxBrXg+38bS3/huD+0oNS03Q38H6sLfxPZR6Np5sdLjvrUBb+5APRtEPiHwZc2l1eeC/F/xTPhXUIr7SLLRrfw/LqM9xrOn2uo6trh1Xxv4b8Lsb+a716TQbB7DxBKt3pVi8SFdagmt5PFdN8Y6v8VRoPws02zf4Za3qGsQ/EV/DHjTVbm1+JvgDSNN1Y6xqNzqug6jH8Q/Dk8EfhTUfDkGg6X4l1GwsLfUkN5DpmmXWnwW1pjap4e1n4dfF608Y6p8eU0DxR418K/ES98W/B/4gfGLWdM8GaR4V12W/j8FXmhf8I5rEGleH/FOm6zNoejzHTrO5jtrK9lks7691S3OqX3oHif4deIviy+lfEPwfeQaSdLg8M+G7XxkdVfxW7+GdEu/HOk+INDuW03VtdvY/EFnayQPceM9Y1+yW9hvTZ6iLWH+1LK6AKHhfQfDPhLxfbeJvhlqfwr8T6W0Pja81Twnpep6n4HvPiPfa94q0/w94u1qS0cReHfEfivToLGw0jT76+K2Wq6nqoubJ/D1rdpNJ2PhbwJ4T1rx1oNn4Z8WaDby+D08OavceDNLn8W+Ib6Gy1eTTte/tTxdqVzqstj4V8WSeJNd1O/tbqWG51rVdEW6ik1K4gnvZIMvRfB3jKH47+HviGlz8ONe0rxxpWk+HvBXh5Yf7ONp4SSy1XVooPBvj/Tm8nxHf67bQa9rsdpfeHo30+K3mt01Cy8yC9msX+peFfC/xU8X31+ureFdfTTNP8LHS9I8CWHiqDXfBVjr/iM+EbTULOdrrWdevdBvdD166kuvD9hZ/ZbPxLpaX8l5/Zv2uIA9H8W+IfEcVx4k8Nz+Prbw3pvwl8F6Z4pl1tdE0nx/ea74avtK1e0ufG+m28OpX3iiz1a5mt5tIeTWYvKurJNbFvLqEjmey8Dtvg3411rT/E2p6Lf/AA08L/CHxBaX2vaba+F9On8KePdUht/DT6n4Z0LR9fsNWv7CLw5pFzffbPEVtp1zPb6pfvrEMgjsLm409/cNA8MWvxN8X6ha6Po+o+Gte0PwReWGufFKz1bTtI8S67MH0rUNDtr690vTP7P/ALJ1jSNUvdWmsNNt7vTNJ1TUb24l06G7+yXMzNH+LFjrMnxM+D/gzQdCmv8AwympXWg+MtNtLDT9HtdY16e9N3dzaVpuuad4in1S8sru91G7v9MlsLvWbez1XUbO1gim083wBP4+1Txb4L0G98JeI/ih4P8AEvjS8+C15qk+lahoXl+C71fB17A/inxpc+HGtdVWx1XQ4vEui3p0+XxDKPERXyVtrOO3e5Tyr4U/BvU/ip8MYPFfi03PhLxfbnUNE0TSPhn4nsiL7x14WPi83ep+GtYitbXSfD2n+J2vob7UdPsdN0N5rrTm0/X5tXsJ7iKbpvHPw0l8EWfi3VfiA2lX13H8O9b8PaJ40l8KaTL4X0PwvaeHBaanO+reNtV8RK3ibxV4n8SQrq58V61ZQa3YaIiXMLiwluLrltR1fw94f0LQfiJceKfF/gPwSbbQvHut6v8ACvWY/Evhbwrqd54Yt7XWT4mtvDGm341jTfDFpcQXemag5k8NGHU7U6pZS6ZoVqigF/xn4Q+Ilnp2haj4c1+bxN4G1G51iz0r4d/CFL3wv4Jl8J+P7lfDSeMdV1KO8Z9Pt7D7bba/pnkC/twIdcv0M0Usdxpfruix/EvxbpPwB8QW/hrwVpvi7XLzVtc+IHiXw498t54Y8Tp4UuvDmlavdaXbalLa+JdJk023l0OfU9Q1DWbGG+GjXltb3sEaTw+VeMvjN4m8FfFTWfgzYWGiHwf4B+DWueOfClhbW97ZWUGl+E/FI8FzeGNasl1Cca/HfeHr+SKyvL6cWOlagi6jLoWqSrFHD7JfeDNG+A/h34fL4asrC+t0bxHZPc3dvc2euTWGpaFJ42u7VtT0y/tbFIrjxLYRXEtrFoyaWumsdIttNtrYbiAeR/EZ/DOq+O9V8UfFK+e51P4Df2HrmkaU3jyeLUPGuvaf4Z1C8FvbeEbDWfDVjaSazrmlo2mDVbJ9P1CHQNXK6PY29wNQvPOfh74k+LHxg8YeFfGPxA+H+jeD9O8Q6f8AEXWPCi6Tq/iHx94f8F/EDwN4ks5UHxO1Pw7aaTotiLa3ju/7C022WFJXttbtDrlxL4guFn9B8XeGJdOHg+TxJH4Q8ZCPxRd+NdQGqeDIbb+0tQ0/wdZa/fXU6Wuri2bW724v761stbure8bRrKS3S1sZJ4Jbi669fGk3wP8ACHjTVvDdjFH4Y8H6Z8RPHeleEdKXT9FW80z4b6RpWg2nhPX9bbS9TvNWt9Qur19WbWPItb+3e2s7GVb62imNyAWbb406J461zw38FYW1DSPFmq+H7rxrbWujiDX/AAjMbVdU1TQzfXV5Hp/iC10HT7lLW6u7G5j0uHSb2bQdIuru3g1G3hvfD/h38Q/AmgQwXmt3kXgfxP4klm0LXfhnqfiGb4j/ABd8T+LrgX9vew6xplnqb6No3hPUYLseItPtNJBs9cutbsL5Gtru4hjul8GfFtfiMnwQ+I9j4U07w1f/ABUsdXvPEMv2661bxEI7y08NWk2j2visR6Xe6d4cmudR0zULnRdBtNEiuLjQ4FaZY7qdR9TeC/BHgDxV490Lxlo/hCw8Ia54c/t7UL2fTfs95/wk/leH9JS0tdbku7H7S9tpb39i+i/ZriC40iPSbe1s7hLSWSAAHwx4hu9Y8RfHi8HxI+HmueBfDel+MtO8TaJqGo618P8AQ/A/in4ceI/Ddj4J8RXLw6/HpfjlPEkmjapd6h4n8MXV1YHw/DBbXME17dSWltf/AGld658Obq60zQ/DHhbwTrnhuOyn+HOs+L9EuJfE9/4Y0vxRMZLDR7nVNOltr+zt7uE6TBd6fp9xOmmf2xaXlw1nY2ts94+20zw/4m+GnhHxZ4j0Y6/H478Sy2Xi/Qtd1rxBrml3k8CXmlx3OjR6vql8vh+JJ7KDUEs7WKZFmRB5pkQXFc/4b/Z80Hx3f23jKWbSdJ8N+J7yz14eCbHw/NALV9Z0k+JNS+2+JNO13TNS1u+vPEFjoU1xcX0A06TSNCsdIOjZBvgAdsnxS8O6H4gl8S6N4RtdO17TvEvg74eajHbW17rkmqaR4suvsdjbWA+06fJ4Q+y+JNXstY166udOuZZNKSCea1le/spo/DvjpqXxB1TxZfaH4NvtO0O61jWNT8V6b8QvFGgpa2mmt4A1myttT8KOfEGlxaFBquvyLHoXhvxLe2N5Db6XLe3thHqM4neTzjxZot5o/i74ZRaJq8mka/4p8SfFn4OeHdfsbWO1/wCEDs/CGj/EfxF/wlWjaZaS21vf+JNfvNN8ODXH1Oaawuj4fs5VtI3c+X0b/FLTtJ8Hfs7aT45+H3hL4k654s8ZnSbPxLq2n6fp0mg6/wCKtQ0m+uPFtvp0Wm3kVxqMM2uPI8SXFk15cQtczXYln/dAHU+PvBuvsmo3vw88T/BzUBPeaYvijwxJDpltJc6vroh8Qa14xuri6muHvtlprtxdS6NDeWFxPbwWlzo2vaSZ7i0m86134Zj4n+MtK8A2dpqFnosfiCHRfAA8VxR6f4J1LwPqWg6fD40vvAam3uLjTV0VNI1y18KeDL4T21/Nbx67djVtOgtrm1+0NJthY+I/jRqCLbXN74Pu/D1jA99aR3Ud5okPhXQb270aR3I1CO1vJbqRzv1G4WKUKxiliMsMnwz4sv7HR/8AhZcuh2+qeF9B8K/Bjxl4s0jQfCGrw+HJbTS7Pw/p+vyaFa+I7PSW8R2cyXvj/VF0i+ttRj0vRYbSxWLw5cukskoB9c+IfBlwkV94Ak8P/D3xR4f1qXXbzVkgmutAv9LhOlaxBBMdbtNZvr+TW0vjpNsuq6XBDPpGlC/kNvp0TWsUnyjqnju10bSo/wDhG7/VdC17wB4E8eeLbHw98GdF0u90/wAL3OkaT/Y3hPTwl54e8U6RDD40s9F8R3nhrVL7UNG1MLcNpyQSz6rHHH8u/sveEvDOpR/Cu+07SInvvHXhXWPi/p2peLJZtd1XQ9R8ExfD7w9cabq2oeG28Cy+ND4nsfiTr51zUtcCyXsotWvrW/CMrfdWpa1pf7QPwJ0vXNe0efwff3Nn8Oda1e88A6lDoGo6hcW3j7UtN0K0jv8A+yrmWz0zQbq0k1GztdlzKzzrEblGhNxKAZllZ+JPFkdlbaj4J0PVdH1PwbpyeKfH954dWw1XWdBt/D0WpWV54v0zVLY69CupeM5NY1OHRopdVt7q3tZLie4S6mt9P1GsPFfxE+D2q/DLx98R/HOlfET4Q6quizzeOX8Ja5/YHhG1/wCEN1KxtPFmjW6anqWqaDqGvMbGx1bXVOn6NpcWoxWVho01zeareDN/Za8T6t+2/wCHLzxbqGqat8LvCngDUdO0TV/AmiTaV4tj8fXWi6R4U8W6RqPiTxB4r0S5uohZ3F6baSKwsIL2+WGGa/1S58uOFPfvBXgix+OudV+JsWkeI10fxR4i8CyadNpVzBpmofDjxbo9h4hTwnd6Va6vDo88mkyNo9pBq95pl5I0OktPbWen3V/JNAAeJeJtH8caT8NfEmtfFfw78OYLh/iHaeIfhrDHYa1q3gEa1Lq2u+M/+El0fW/Bwl17TrK/0ptO03W7LVfD2nW+pavpWp292+pxa3ubL8Hw+INN0XS2+J3jy7j+L/iHxh4a1rSYfhz4a1a20uYR+I3s7zSZ4byPw1a6v4Vt2vdUj1/T/sVp/ZdrfXT6nLLq8tpcDO8e+DtCk8dfCH4c6C+u6Bol38WPEXiHQJE169vrnwNB8PtctfhzbaT4Ujl8mxW31SXxdq3iG6l8Q2fiART3VzYxwMpsbzTvqH4z/AnwJ4O8C3X2mzuPEOjaD4QTSLpL/UtatfFmsjVr2Sz1m6u/GVnqqXMU+ppf3N1JJHprT2+pzSanaTw3jCRQDnb3Svh94x+Jt/ca01trFnb+HvFXij4p6Xqniu0v/A8GgXlvD4WvdD1Xwo9xb6peSS2tpfaks+t+HNRithYXfh6TUIIUght/A9E+AWj+DtG+Is3wq+JWm+GbHxzomsvpXiLTvB2iaX4btNL17UvDup+GZ5RaDW7y7bRdJntdMOnW9jpOh6v4feGC8itn01rlPXdX+E/9peFPCHwx8Aa8ngXTb7w14hvNV1zVNHT4ieJdStP7C0jUE0a91fxRqBudU0qe+8VX0+qw+IW1yfUgZF+0Wxn3xeCfGLXNe8AfELwRc6e3h2a8+G3jfw/4Ymvo/DFrp95rHhLxR440jw/o3hnT7u0uluvDOleHU8RWd1c2lpPfWmu/2HBZSWunWN/fQSAH0/8ADr4U3Hg83ujeIbjwZ4j0LxBo58VjXpdPvfh/49v9A8Lv4cuPCOla9Lo9hbGHw/pXl/2LqEGukzz6bZD7XHPDJdxQ+U+Ivgxpfi3S/H3jb4M+Ffh/qmvfFnTPDXhTw14ia6Gr6RD4Nn1XWtRvNas7/wAN+ReaxraeKtYmHiO6i1TyLGzt9O1yV9TnsktLyHxh4wPxE0P4u+PDbXmkXfhj4MfD27v9E+22F/4f8WyeKdI8TXoi8RWS6JYTz2dnc63NJcWMF3DZ6t5YjvIRDI0Q4r9gL9o3WP2gPhFpkUXg3wj4DHgq68c+DfC76RZy3MuheFfDOsaTLb6Jpklo+htbWs1jf6RYMhMkbf2GlxdxXxvXitwD2nRPhzcfD/Tda0PRtb1LULv4Y29t4C1fXrTVvBcGrappWt+FfDeo6jrKf2rrmpJca3b+MbZLuZ/EOlabBNDrWo240W/NwlxN8o+BvibbePPifofjbV/hl8QvD8l38RPiFof2rUPC9l4g8UXdro4sUubbxDYeDI9Gtrnwx4ZsLBrLclj4xsdM1mXwRNb6nPfWGqafH9vQfCDwI/jLxH4Pn0iK91zwd4H8NTzeOr610mXxD4gRNcn8R6udTkg0u1klu/EN9tk1aS5u7ywklUSxaXEHmil81uI/C4+E3gn4maboN5beK9H0bwb49066vNenuLe68f8Axn1ceHLrxd4jt9LstD/ty98PRxPLZWKPpulzwztZR2lhHFbSQAFL4Ua1rkHi/wAdQaB/wkialYaTpfgmLWvE2pLquj6/bS3XjPxDqes6h4pgtmtNU0DQdN1yyfRdR1DSLDWJL3SrrR7q8e6e/Ze48QeGvEWnfFTSJfhX45sf+Ft+GfDdtoOuXPi21m8ReFdZ8OXtnfX12lloc3iKwfSdPF7p8UNvPp9/Z3upXOl302oHWZNHnMHAN8TNQ8S2P7PdlbWEWmTeMfH1zpPinWpLhrzXtZvdD1fw8lxqNzc28OmaY0Gsaff6tpl3pcmjywW9nqBhspoII2hm2/hx8PrE/Fbx1pen3U6ap4Y8Z+OJdL8Qarcave3RfS9P1HxBarf2Okaz4d06+t01f4t62y2s1v5P2C0tbSRZblYb+1AN34m/EXXfg5b+Hr1GY6Le+IZJNK8a67bXep6dr7a5r2lXPhPw34J1fw3Y6svh7Q7u5v7Twx/Z+tRaaJRDDdWqapFFezz818YbHW/iX8JX8LeM5dR8BQeO/BusaV8UvisZrK3Xw/o+g6t/aeo2h0mPQtNufEOm3WoSjRfDrPb6YNW0DU9c1KYB4bWS+7vQfgrdeJfDPxJ0/wCK/ijT/i3HYeIPDGr+G7Txh4Sgu9F8O+IZtHtJBd2WkXGs3m3SLXUb+4v7HRre8tJbcTTWTarNatClvwfxU07X/FmofEH4Z65runrpeufGX4Q/DS11vSPC2lWfiKy0UeGtP1rWjfSai+s6HrUeuRXt7o81jcaFb2sOk3t3ZstzDKscYBY07w9o0egfE/w54G+G2neINL0Xw3o+n28nibSZ9B0Px14c1kapfar4Z8IjQvD/ANq1V/DHhxr22tdOt9EmSLUta1Kyv3urn7bJN5tpeq3PwEGj3L+BvGvgi28MeP5rbXbuym0vWYviF8MPEaWUEfje9g07SNS8N+Hraw1/U4NJ0iHUn0C/TwdpWqSWHkPbS6bB99fD/wAF3PhHULnTotWsbu08N6y/h3QJYfDOkaPqNh4U1BVkstEkutKFtay/2JqAml0+eDT7O2fT5Usb3Trq5jfUpvJ9G+CmtzfEH4i3Piv4jah4qu9atdPgvdRl0mfSNRk0DQRet4f0HGm6+mjLBZ6jaNqeoSRaLFDqs17qFu1na2t5PE4B5hq/ijxzqOq2954Hu/C2h/DjXI7Kz1G/uNU0nWbZ/GN74gn1q40PX9V0jT/EVvpt7e+FIbazVxYWjTXWswW761f6i1oBzB8K2H7Snwa1DV/D8dylpqPi6z8Q67rXhawvtPj1SzPhS3tdfPw6tbxNL1+wu5LrXtbmtJn0/WI9WOmX+lalG9lcixj6n4PeHp/g9oPjLR4td1nxE/w/8SeNPE8pu724tdI1uOLwP4auE0geH5ZtSsdLs1utXtb1Wie7KX+ny3caLJqV0Bv+J/g94n8Hw618afDnxMuRrfjfQotb8RadrPhexvLS0tdNhkutP07wbLo2peHX8Jz2Wlavq+hQatFHqN69rdxXF2Lq5t2a4APQtA+HGq6T4Zf4feMNN0Cy07wZq/w3134f3llq+mT69NpWiayLjSdG1bVtat1vr/XRLY3UcBl0i0a5juVtF1ae8N1dpycKXPhk6n4j8GeGfD3iSfxJ8WrO0+KuveC1vdO1TWo45VsdFh8d6PYeHbyRbyzttQtp/E8/2ywtBY2ct/LMbK5XS3+Ifh1+0wfj3rGg+HfiF4CsNV8UfEzwRqHiPTvHLa1LFf8AgW98G+AoPFOjLoNjZ6XZtL/Z9/4t1MaXezajFqtjuWaXUL2ZY3i+4de1TxR8Ovht8OfEl/q1j4jn1z4keF/h14xsbWw1Lwvp2vaXr3jaDwlpV5Z2mm6/PFpN9olnq0bXEsy6qdehso7XUGTMM9qAeX6ZpPw78VfEHQdf0eFYkl1zxC/w+1jTNctFbSrfTvD974VlntIv7L03WNKt7XXPEevaBpFlqkP9nPPoGjyLrenT/wBnWkuJ478EWep6ZYLpGm6jpmr/AAq8UW2k+ItTg+GfxB1HVvHXi6fT7DQdD8QatJb6jNPrmiWOp27+J9T1LxBL4qFvaRaXfzzPvVpO2ufDWn/Ce9l8WxCbxHJ8Mrs/Cay0LVLzU28PX3gDxh4i0u5ttOWwudQ1CW21fR3tbESa5dXWqTausVzHcW1vBPbw2Pu/xG8PaT4l1Dw9p15N4ktv+EptNOubk6f4r1qxtba3n8R+EIdYsYrW0nhkkt9VtdXS0eKa7e3tILKNba2UzSmgDxA+GbpPA+o6Z4rt/EtvY6Pq2nXGs+J4Liz1268H+BoNL0fXtV8LeHrcaHBrkGma+NB06717QPElpf3N5ZXN3HcXN5cy2lrPvab4e0Px/wCJLPx5pEWha5f+ELjUT8MPGFlrsWo+BBaeNo5dP1+18SabaXOi2l/rWka9pWpNPY3WnqIzdabHaXjXEE0Vv3Xxw8YWnwG1H4c6RB4es/E0Hxq+JHhv4OalfyXU+j6zpsGo+HJbS38US3yJqVvqus2VtbXFu5+wafJeQT2sMl3GthH5vgvxL+HfhT9n79mNPiF4atbzXpvAvizwpbaLoviaawubB9Ej8RjwfJomomw0vT/7WtntdY1nVIrjVor+6i1nUZr55ZmG1gDxbQdN+Mi+Lh461/4pCzlt9P1cePPB2ltcz6Xe2WjeIEfxB4b8GG3lvYvBE0M3iGcf2/Y6pBcro2m6NJfWtgRc6i/rnw+8a/DvXvE3hzwrqXhi/wBP8PeNbDXvFtz4P8aXNhEPCth4hvoRfabcxWS6U91e674tbwrq2pf2lN4hkvL/AMUwDQ5Z9N3XMP5ffFH4+6Zb+LviJ4H1jwr4p1zUNe8W3fhiLxRJ8Sp9Pk0V9PuvESSXWkeG7Lwqvhm0s7nS/DUehHT49NW6Oiahe6Xeatf2Rjt1/b63+Gel2q6Hd+H9R1Lw7reo+Crvxha6/YNDJqFpYaDL4d1Cx8HXVvcRvpWqeGoo7250+2s59OiGn2Ug/s4Wt0DcsAePeLbbSPDFvea14o8B3HgO+8K6VbW+keONK1rwTPoEnh7U/BF4hk0HR/Ees+KJNYktPFWojw0l3J4f068u9R8QBLU3NrdX7zbWh/Ez4V/FZbDUP7T1DU7fV/DyfC74sWF9Z29trlje3uqJ4b8OWPi/T0vNEtdPn1K5k8QQ2OpaZor2S6qHistTNnC0F5v+GLDQPjr8H/Anxbi8MeHvBvifxzomu+GFe302PXIfD+maVHrOp6K2mW90bKwmvNJ1rR9N1aylvbCeC3uoZmtbW2kuGmX5l+C/xuHgC++KvhSHwfpks3gPWfiho+s6vpVxBpNx8QLf4S+GdGudGuvEzXula7qI1K+TxCjXd5aasmzUbFtRjiY309uoB3+ieFP2d7rXtW+H/wAOnhn8VaZb2ur6pH4o+F+q3mo2N7qmr+FYkg0Xxf4Yi8Pafqtgg8LajNqFnp+uakLdghiI0qwisG7nwn+y74B8FeMvFOgeCvHmv+EtA8aeG9EtdI1jS/iX4guILjUG8Ranr03hSPwxrN5NpDQS+HtJstLNzY302qpocGrW1tHo5uXnuLUN5rEs3i/RfCJ8PeCbK61iw0zxFcaRod5bavrNn4h1S+0tTb6joeveHl0i/wBO0e20/TLfVoLWfVDDZBku4Wk/d1P2sdO0z4daR4A0A6Ppet+DdT8V65pzeHHGq6bMPsXgXWfFNzqk2uxavc6jJ4gvZbfXIzrtsbLUI7zWLXU5ZbqTSng1IAh0X4faP8MNW1LwxB471uy0/TbLxL420y2W4l8Q28PgrwXoeh6LdaN4Bu9Gsv7d8IP4K8QC1tIvDy3+q21zZ67q6yjV57qaKzw5PHfjPxPD8RJ2vvBvjT4gy+EfB+i6Xb2em3/hvSfgreazK+i+NtR1Dx/dWVpq8l1YadqB1FkbVbXUb2TS5rKzs9OuZCrfangHwb4W0XU5/hvpeiwDwrpHgvR9StYtVnu9d1Z28aalrd94ghu9c1W4uNRvo9Ru7C0nu/tcsy3Lxt5qNuGzw3xD4n1LWPEvx00y/MNnD8KZ5td0JvDMa+Hn1O0ttJ0DUl0rxBLELu51BJWjntp547i2ikt7ncLJLm2triMA42/1j4aeA/Ath4YuPiv47k8R+KPhxBf6Hp/w/tbrxrrmoaHpc8upaVN4L1K30XUJvEVjbTebaebqltqsl5p97HBqMAjdFTgLnRtO+MnhH4t6Mmo/8IF/wr6z8OeCb7U/D2laNc3MNjrXg/RI/GGueItU8V6R4ahZND0/UYW1fQrJLWXTYtHtLmS0N9PDp6M8Y/Ex9D+K3wi0nxX4d0vxUfiV4QubaxbT3l8NWfgnVNN1waXrmseH7Rl12eKXxJZ6xaRzxwahZT6edNeS1vWk1CZ4qTaj8Rb5PBl3Z/FLxdol3N4a+LGs6O+m/wBmyW1pa+FBYIuk+IbDU7PULPxnFfm4ihOpa3EdYs7KxtIIL5rp7+/vgC/4l8XajoFn4t0i++IGv+NfHXg/wn5q/Drwdos2h+CdfF1C0UL6rrviK1j8M2uo69NMnivVrG9uJZ9ESPy/tN1o9nevd43wz8Gah8FvBvhHwh4b+Gdz4t8Tyaf/AMJbo+jfDXQrOyk0q/8AFqx6zqehr4w13xB4X8EeLPC9pJpNtYa1pNprE9xrBmtZ3sbGGzhY/Suk6Rofjfx54n8P6v4b8MPrPirwD4R1rxFrx0O2ktdSvLiaztNTnk0VmUtcanpkWm6bdSXOqXUElvpVlHNazQIbc8Lrnww169+LP7PKf8JfpOnat4fHjLUdKu9F8D2NhpGi6LpHi/TYL/SfDugy6veR6TqfiPSNUtNI1fxDNfajIkGnO2madp6anewMAf/Z", "transport": "obfs4"}]}
      • I
        Isis Lovecruft @isis ·
        Author

        Tentatively closing as fixed, but please reopen if the issue isn't fixed in some way!

        Trac:
        Status: accepted to closed
        Resolution: N/A to fixed

      • Mark Smith
        Mark Smith @mcs ·

        (I added dcf to the Cc in case he has any insight into problem 1 below).

        Thanks for your work on this Isis! I feel like we are very close to having a working system. Kathy and I have found two problems so far, but I am not ready to reopen this ticket yet because I am not sure what component is at fault.

        Problem 1: The meek tunnel does not work reliably for us. Specifically, if we use curl as the SOCKS client it seems to always work and if we use Tor Browser it does not. When we test with our own meek-server + BridgeDB, things also work fine. I am having trouble debugging the meek-client code, probably due to my lack of golang knowledge, but I wonder if there is an incompatibility between the meek-client we are running and the meek-server that you are running. What version of meek-server are you using at tor-bridges-hyphae-channel.appspot.com? Kathy and I are using a meek-client that was built from dcf's ​bug24642 branch (and I don't know of any recent changes to meek that would cause this kind of communication problem).

        Another data point: if I insert an socat pipe between the meek-client SOCKS port and Tor Browser, it started working. Maybe there is a data buffering issue at work here. All of our client side testing so far has been on macOS.

        Problem 2: When we do manage to send a good check request (one that includes the correct response and challenge), we always receive a "No bridges available to fulfill request" response. We tried with both "vanilla" and "obfs4" transports. Here is a sample response: {"errors": [{"status": "Not Found", "code": 404, "detail": "No bridges available to fulfill request: None.", "version": "0.1.0", "type": "moat-bridges", "id": 6}]} Is the Moat responder throttling things so we do not receive too many bridges? I don't think we have ever received any bridges from the production BridgeDB server via Moat, but even if we did I thought BridgeDB would send back the same set of bridges if we ask again. I can get new bridges repeatedly if I use a browser to interact with https://bridges.torproject.org/bridges?transport=obfs4.

        Trac:
        Cc: brade, mcs to brade, mcs, dcf

      • Mark Smith
        Mark Smith @mcs ·

        I am reopening now because I have steps to reproduce the Problem 1 that I mentioned in comment:10 (and I could still use a response for Problem 2 as well). I do not know if Problem 1 is caused by a problem in the meek implementation, a problem with the domain fronting setup, or a problem in BridgeDB... but we are stuck by it. We have reproduced the problem on macOS and Linux. Here are the steps:

        1. Build meek-client from the dcf's bug24642 branch.
        2. Start a standalone copy of the meek-client you built in step 1 and make note of which TCP port it is listening on: ./meek-client -url https://tor-bridges-hyphae-channel.appspot.com -front www.google.com
        3. Start Tor Browser 8.0a1 and let it connect directly to Tor.
        4. Open about:addons and disable all add-ons.
        5. Restart Tor Browser.
        6. Open about:config again and set network.proxy.socks.port to the port that the meek-client is listening on.
        7. Enter https://bridges.torproject.org/moat/fetch in the URL bar.

        Expected result: a 405 Method Now Allowed error page from BridgeDB (because GET is not supported for /moat/fetch)

        Actual result: "Unable to connect" error.

        Bonus step: set network.proxy.socks.port to 10000 in Tor Browser and reload the page after starting a copy of socat: socat -v -v TCP-LISTEN:10000,fork,reuseaddr TCP-CONNECT:127.0.0: (replace with the port that your meek-client is listening on). In my experience, this will work: the 405 error page is correctly returned to Tor Browser.

        Trac:
        Status: closed to reopened
        Resolution: fixed to N/A

      • Mark Smith
        Mark Smith @mcs ·

        Trac:
        meek-client-log1.txt.gz

      • Mark Smith
        Mark Smith @mcs ·

        meek-client debug log

      • Mark Smith
        Mark Smith @mcs ·

        I attached a log from meek-client. It includes some extra logging that Kathy and I added to try to make sense of what is going on... but it is difficult to reach any solid conclusions without access to the server side (it works if we use our own meek-server, although we do not have domain fronting in place with our server).

      • I
        Isis Lovecruft @isis ·
        Author

        Replying to mcs:

        (I added dcf to the Cc in case he has any insight into problem 1 below).

        Thanks for your work on this Isis! I feel like we are very close to having a working system. Kathy and I have found two problems so far, but I am not ready to reopen this ticket yet because I am not sure what component is at fault.

        Problem 1: The meek tunnel does not work reliably for us. Specifically, if we use curl as the SOCKS client it seems to always work and if we use Tor Browser it does not. When we test with our own meek-server + BridgeDB, things also work fine. I am having trouble debugging the meek-client code, probably due to my lack of golang knowledge, but I wonder if there is an incompatibility between the meek-client we are running and the meek-server that you are running. What version of meek-server are you using at tor-bridges-hyphae-channel.appspot.com? Kathy and I are using a meek-client that was built from dcf's ​bug24642 branch (and I don't know of any recent changes to meek that would cause this kind of communication problem).

        Another data point: if I insert an socat pipe between the meek-client SOCKS port and Tor Browser, it started working. Maybe there is a data buffering issue at work here. All of our client side testing so far has been on macOS.

        Off the top of my head, I have no idea what this is about, other than perhaps the networking code in FF perhaps trying to do something "smart" which interacts badly with meek-server?

        Let me go see what versions are running on the appengine server and on polyanthum…

        The meek-server on polyanthum was from commit 017d0f33d7270ff102fe167f1c16def8b3e3be4a from the end of March. That makes sense because that's around the time I did legacy/trac#16650 (moved). (I'm not sure if anything in the client/server implementations have changed enough to make this incompatible?)

        On the AppEngine instance, there should be a meek-reflector from the same period. I just logged in however and found this notice? I have no idea what this means.

        https://trac.torproject.org/projects/tor/raw-attachment/ticket/24432/Screenshot_2018-01-26_00-07-08.png

        Problem 2: When we do manage to send a good check request (one that includes the correct response and challenge), we always receive a "No bridges available to fulfill request" response. We tried with both "vanilla" and "obfs4" transports. Here is a sample response: {"errors": [{"status": "Not Found", "code": 404, "detail": "No bridges available to fulfill request: None.", "version": "0.1.0", "type": "moat-bridges", "id": 6}]} Is the Moat responder throttling things so we do not receive too many bridges? I don't think we have ever received any bridges from the production BridgeDB server via Moat, but even if we did I thought BridgeDB would send back the same set of bridges if we ask again. I can get new bridges repeatedly if I use a browser to interact with https://bridges.torproject.org/bridges?transport=obfs4.

        So the bridges are assigned to a distributor when they are first seen, and they can't be reassigned, in order to keep potential discoverability problems with any particular distribution method locally isolated. BridgeDB logs these assignments, and, grepping the latest assignments.log, it seems like it has 100 bridges for the moat distributor so far. (It's a known issue that adding a distributor would take a while to fill up with bridges since the way it works is that is has ratios and it assigns according to those ratios instead of bringing the levels to the correct ratios… I could fix that if we want.) But in any case, with 100 bridges, you should be getting at least 1 bridge back? Are you connecting to the meek-reflector over tor?

      • I
        Isis Lovecruft @isis ·
        Author

        Trac:
        Screenshot_2018-01-26_00-07-08

      • I
        Isis Lovecruft @isis ·
        Author

        Replying to isis:

        On the AppEngine instance, there should be a meek-reflector from the same period. I just logged in however and found this notice? I have no idea what this means.

        https://trac.torproject.org/projects/tor/raw-attachment/ticket/24432/Screenshot_2018-01-26_00-07-08.png

        Google appears to want the passport of someone named "Tor Bridges" and the bank statement of the prepaid credit card that I gave, and I have neither of these things. Perhaps we can transfer the account ownership to TPO? Hopefully? Otherwise we'll need to make a whole new account and do legacy/trac#16650 (moved) all over again.

      • Mark Smith
        Mark Smith @mcs ·

        Replying to isis:

        Off the top of my head, I have no idea what this is about, other than perhaps the networking code in FF perhaps trying to do something "smart" which interacts badly with meek-server?

        That's a good theory, although meek works as a PT within Tor Browser. Hmmm.

        Let me go see what versions are running on the appengine server and on polyanthum…

        The meek-server on polyanthum was from commit 017d0f33d7270ff102fe167f1c16def8b3e3be4a from the end of March. That makes sense because that's around the time I did legacy/trac#16650 (moved). (I'm not sure if anything in the client/server implementations have changed enough to make this incompatible?)

        I don't know either. David?

        So the bridges are assigned to a distributor when they are first seen, and they can't be reassigned, in order to keep potential discoverability problems with any particular distribution method locally isolated. BridgeDB logs these assignments, and, grepping the latest assignments.log, it seems like it has 100 bridges for the moat distributor so far. (It's a known issue that adding a distributor would take a while to fill up with bridges since the way it works is that is has ratios and it assigns according to those ratios instead of bringing the levels to the correct ratios… I could fix that if we want.) But in any case, with 100 bridges, you should be getting at least 1 bridge back? Are you connecting to the meek-reflector over tor?

        No, we are not connecting over tor. Is that a requirement? I have never received a bridge, not even one :)

      • Mark Smith
        Mark Smith @mcs ·

        Replying to isis:

        Google appears to want the passport of someone named "Tor Bridges" and the bank statement of the prepaid credit card that I gave, and I have neither of these things. Perhaps we can transfer the account ownership to TPO? Hopefully? Otherwise we'll need to make a whole new account and do legacy/trac#16650 (moved) all over again.

        I hope so. I guess the reflector is still running even though Google has suspended the Tor Bridges account? Strange terminology on their part.

        I also remember that we had to drop meek-google within Tor Browser as a PT due to some kind of service violation. If that is likely to happen again with the Moat reflector we should switch to Amazon or Azure now I suppose.

      • I
        Isis Lovecruft @isis ·
        Author

        Replying to mcs:

        Replying to isis:

        Google appears to want the passport of someone named "Tor Bridges" and the bank statement of the prepaid credit card that I gave, and I have neither of these things. Perhaps we can transfer the account ownership to TPO? Hopefully? Otherwise we'll need to make a whole new account and do legacy/trac#16650 (moved) all over again.

        I hope so. I guess the reflector is still running even though Google has suspended the Tor Bridges account? Strange terminology on their part.

        Yeah, it's very weird, the account itself is not suspended, I just can't pay for anything. Also, I can't access the cloud console to modify or look at the instance.

        I also remember that we had to drop meek-google within Tor Browser as a PT due to some kind of service violation. If that is likely to happen again with the Moat reflector we should switch to Amazon or Azure now I suppose.

        Yeah, probably either Tor's lawyers should try to get a promise from Google that we're allowed to do this, or the sysadmin team should set up another reflector somewhere else using an account that TPO has financial control over?

      • D
        David Fifield @dcf ·
        Owner

        Replying to mcs:

        Replying to isis:

        Google appears to want the passport of someone named "Tor Bridges" and the bank statement of the prepaid credit card that I gave, and I have neither of these things. Perhaps we can transfer the account ownership to TPO? Hopefully? Otherwise we'll need to make a whole new account and do legacy/trac#16650 (moved) all over again.

        I hope so. I guess the reflector is still running even though Google has suspended the Tor Bridges account? Strange terminology on their part.

        I used prepaid cards for Google and Amazon through 2014 and 2015 (until I set up a dedicated bank account for it). I didn't run into this problem, but maybe something has changed in their payment processing since then. Azure never let me use a prepaid card; it got rejected as such as soon as I tried to enter the number.

        If the app works even though the billing is messed up, I would guess that the project is running on the 1 GB daily free quota?

        I also remember that we had to drop meek-google within Tor Browser as a PT due to some kind of service violation. If that is likely to happen again with the Moat reflector we should switch to Amazon or Azure now I suppose.

        The real reason wasn't a ToS violation per se, even though that's what the notice said. It was actually because of misuse by a hacking group: https://www.bamsoftware.com/papers/thesis/fifield-thesis.pdf#page=63. The ToS item that we were unsure about (which is currently 20.2), to me, wouldn't apply to Moat: "Customer will not ... use the Services to provide a service, Application, or functionality of network transport or transmission...".

      • D
        David Fifield @dcf ·
        Owner

        Replying to mcs:

        Problem 1: The meek tunnel does not work reliably for us. Specifically, if we use curl as the SOCKS client it seems to always work and if we use Tor Browser it does not. When we test with our own meek-server + BridgeDB, things also work fine. I am having trouble debugging the meek-client code, probably due to my lack of golang knowledge, but I wonder if there is an incompatibility between the meek-client we are running and the meek-server that you are running. What version of meek-server are you using at tor-bridges-hyphae-channel.appspot.com? Kathy and I are using a meek-client that was built from dcf's bug24642 branch (and I don't know of any recent changes to meek that would cause this kind of communication problem).

        Another data point: if I insert an socat pipe between the meek-client SOCKS port and Tor Browser, it started working. Maybe there is a data buffering issue at work here. All of our client side testing so far has been on macOS.

        I was debugging this problem today and I traced the cause to Tor Browser's optimistic SOCKS data patch (legacy/trac#3875 (moved)), which allows the browser to start sending application data right after sending its SOCKS request, before the proxy has sent back a reply saying that the connection was successful. There are two ways that optimistic data causes problem when using meek-client as a SOCKS proxy.

        1. The first is that the SOCKS code in goptlib expects not to get any optimistic data: socksReadCommand finishes by calling socksFlushBuffers, which raises an error if there is any data left in the read buffer (because otherwise the data would be silently lost when the SOCKS code passes the unbuffered socket back to the application). This doesn't happen always; it depends on the timing of how fast Firefox sends its application data. I made legacy/trac#25065 (moved) for this issue. It doesn't seem very serious: we can modify the SOCKS code not to use an internal buffer and be tolerant of optimistic data. But on its own that is not enough, because
        2. Tor Browser has a race condition when the SOCKS proxy sends back its its reply immediately after receiving a request, as meek-client does. The SOCKS reply looks like "\x05\x00\x00\x01\x00\x00\x00\x00\x00\x00"; when it comes back too soon, Tor Browser reads the SOCKS response as if it were application data. Trying to parse SOCKS as TLS is what results in the connection failure. You can see this by going to about:networking and setting the Log Modules timestamp,nsSocketTransport:5,SOCKS:5. Follow the instructions in comment:11, and you will see this in the log:

        D/SOCKS socks: DoHandshake(), state = 7 D/SOCKS socks: ReadFromSocket(), have 2 bytes total D/SOCKS socks5: checking auth method reply D/SOCKS socks5: server allows connection without authentication D/SOCKS socks5: sending connection request (socks5 resolve? yes) D/SOCKS socks: DoHandshake(), state = 10 D/nsSocketTransport advancing to STATE_TRANSFERRING ... D/nsSocketTransport nsSocketTransport::OnSocketReady [this=7f2d4c2cbc00 outFlags=1] D/SOCKS socks: DoHandshake(), state = 11 D/SOCKS socks: ReadFromSocket(), have 5 bytes total D/SOCKS socks5: checking connection reply E/SOCKS socks5: unexpected version in the reply }}} "unexpected version in the reply" comes from ReadV5ConnectResponseTop. It's because the application layer and the SOCKS layer are fighting over who gets to read data from the socket. state = 10 is SOCKS5_WRITE_CONNECT_REQUEST and state = 11 is SOCKS5_READ_CONNECT_RESPONSE_TOP, which are constants used in DoHandshake. The optimistic data patch modifies isConnected to be true during SOCKS5_READ_CONNECT_RESPONSE_TOP, when there is still potentially SOCKS data pending on the socket.

        demo-socks5.go demonstrates that the problem exists separate from meek. It's just a SOCKS5 proxy that returns the SOCKS response immediately. Run {{{ ./demo-socks5

        and follow comment:11 and set `network.proxy.socks.port=3128`; you'll see the same failure to connect. It works fine with ordinary Firefox, which lacks the optimistic data patch. Adding an artificial delay resolves the race condition and it starts working again:

        ./demo-socks5 -sleep 100ms

        
So a short-term workaround is to add an artificial delay into meek-client to prevent it from sending back the SOCKS response immediately. The delay has to go [just before conn.Grant](https://gitweb.torproject.org/pluggable-transports/meek.git/tree/meek-client/meek-client.go?h=bug24642&id=8c0e2c8601e87687a2f147a875753ac298b52a2e#n278) in meek-client.go. I think that's the reason why it worked with a socat shim--the extra process tweaked the timing just enough.
      • D
        David Fifield @dcf ·
        Owner

        Trac:
        demo-socks5.go

      • Georg Koppen
        Georg Koppen @gk ·
        Reporter

        Replying to dcf:

        Replying to mcs:

        Problem 1: The meek tunnel does not work reliably for us. Specifically, if we use curl as the SOCKS client it seems to always work and if we use Tor Browser it does not. When we test with our own meek-server + BridgeDB, things also work fine. I am having trouble debugging the meek-client code, probably due to my lack of golang knowledge, but I wonder if there is an incompatibility between the meek-client we are running and the meek-server that you are running. What version of meek-server are you using at tor-bridges-hyphae-channel.appspot.com? Kathy and I are using a meek-client that was built from dcf's bug24642 branch (and I don't know of any recent changes to meek that would cause this kind of communication problem).

        Another data point: if I insert an socat pipe between the meek-client SOCKS port and Tor Browser, it started working. Maybe there is a data buffering issue at work here. All of our client side testing so far has been on macOS.

        I was debugging this problem today and I traced the cause to Tor Browser's optimistic SOCKS data patch (legacy/trac#3875 (moved)), which allows the browser to start sending application data right after sending its SOCKS request, before the proxy has sent back a reply saying that the connection was successful.

        Wow, thanks a lot for this analysis. Let me skip over it to jump to your conclusions part...

        So a short-term workaround is to add an artificial delay into meek-client to prevent it from sending back the SOCKS response immediately. The delay has to go just before conn.Grant in meek-client.go. I think that's the reason why it worked with a socat shim--the extra process tweaked the timing just enough.

        Given that the analysis shows that at least part of the problem is due to the patch itself and how it interacts with the other Firefox networking code I think we should back it out and rewrite it if we want to keep it. We actually have legacy/trac#19910 (moved) for that and I think the OP describes a scenario that is compatible with the one you are seeing.

      • Mark Smith
        Mark Smith @mcs ·

        Replying to gk:

        Wow, thanks a lot for this analysis. Let me skip over it to jump to your conclusions part...

        Indeed, thanks! David, you are my hero.

        Given that the analysis shows that at least part of the problem is due to the patch itself and how it interacts with the other Firefox networking code I think we should back it out and rewrite it if we want to keep it. We actually have legacy/trac#19910 (moved) for that and I think the OP describes a scenario that is compatible with the one you are seeing.

        Let's do it! Kathy and I wrestled with the SOCKS optimistic data patch once before. It just seems too fragile given the way the networking and TLS code is layered inside Firefox. The only thing I don't know is whether removing it will impact web page load times in a significant way.

        Another approach would be add an option to disable the SOCKS optimistic data feature on a per-connection basis, which would allow Tor Launcher to disable that option when it is using meek directly.

      • Roger Dingledine
        Roger Dingledine @arma ·
        Developer

        Replying to mcs:

        Let's do it! Kathy and I wrestled with the SOCKS optimistic data patch once before. It just seems too fragile given the way the networking and TLS code is layered inside Firefox. The only thing I don't know is whether removing it will impact web page load times in a significant way.

        Another approach would be add an option to disable the SOCKS optimistic data feature on a per-connection basis, which would allow Tor Launcher to disable that option when it is using meek directly.

        I figure legacy/trac#19910 (moved) is a good place for discussion of whether to rip it out, impacts, and workarounds. So I added my thought there.

        (Good stuff here!)

      • I
        Isis Lovecruft @isis ·
        Author

        Wow, great work, David! Thanks! Let's make legacy/trac#19910 (moved) be the ticket for mcs's issue !#1 here.

        For issue !legacy/trac#2 (closed) I'll do some more testing and I might need to patch stuff a bit to add more verbose logging, because right now I'm not seeing anything that indicates why no bridges would be returned.

      • Mark Smith
        Mark Smith @mcs ·

        Replying to isis:

        For issue !legacy/trac#2 (closed) I'll do some more testing and I might need to patch stuff a bit to add more verbose logging, because right now I'm not seeing anything that indicates why no bridges would be returned.

        Do you want me to open a new ticket to track this issue? Have you had any luck tracking own the problem?

        Kathy and I would really like to get the Tor Launcher side of Moat into code review (and then to the point where it can be tested by others). But I don't think we can do that until this problem is fixed. Thanks!

      • I
        Isis Lovecruft @isis ·
        Author

        Okay, I think I've found at least one issue, but it appears to be some bad interaction between TLS configs between the meek-server, Apache, and the moat server:

        If I run:

        cd scripts
TEST_PRODUCTION_MOAT=1 ./test-moat fetch > /tmp/moat-fetch
./moat-fetch-and-format-captcha-response.py

        where the last script is just something I whipped together for testing (attached), I get:

        <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
 Instead use the HTTPS scheme to access this URL, please.<br />
</p>
<hr>
<address>Apache Server at bridges.torproject.org Port 443</address>
</body></html>
{"errors": [{"status": "Unsupported Media Type", "code": 415, "detail": "", "version": "0.1.0", "type": "", "id": 0}]}

        The full log is attached as a script typescript file (read it with less -r typescript and beware that it is a raw terminal log including escape characters).

        I have no idea why:

        1. Both the Apache server and the moat server could answer in the same response. (I don't know much about Apache.)
        2. The Apache server is complaining about TLS. (I don't know much about meek.)
        3. The moat server is erroring with 415 Unsupported Media Type, but that would only happen if it got the HTTP header Content-Type: application/vnd.api+json but with a media type parameter specified, e.g. Content-Type: application/vnd.api+json;jpeg. (So it sounds like either Apache, the meek reflector, or meek-server is altering the headers?)
      • I
        Isis Lovecruft @isis ·
        Author

        Trac:
        typescript

      • I
        Isis Lovecruft @isis ·
        Author

        Trac:
        moat-fetch-and-format-captcha-response.py

      • Mark Smith
        Mark Smith @mcs ·

        Replying to isis:

        1. The moat server is erroring with 415 Unsupported Media Type, but that would only happen if it got the HTTP header Content-Type: application/vnd.api+json but with a media type parameter specified, e.g. Content-Type: application/vnd.api+json;jpeg. (So it sounds like either Apache, the meek reflector, or meek-server is altering the headers?)

        I found a typo in your moat-fetch-and-format-captcha-response.py script :) There is a missing comma at the end of this line: '--proxy', 'socks5://127.0.0.1:10000/' I also had to remove the extra quotes around the header values.

        After I fixed those problems, I always receive a "The CAPTCHA solution was incorrect." response (even though I am trying really hard to provide the correct answer). With Tor Launcher we still see the "No bridges available to fulfill request: None." response, so maybe there is another problem with the test script. I did notice that the data "payload" was not enclosed in square brackets, but fixing that made no difference.

      • Mark Smith
        Mark Smith @mcs ·

        One more follow up: Kathy and I experimented a little bit with Tor Launcher. When communicating with the production BridgeDB server, if we include square brackets around the data payload in the check request we receive a "No bridges available to fulfill request: None." error. If we omit the square brackets, we always receive a "The CAPTCHA solution was incorrect." error.

        I know we talked about the square brackets / array issue before, at least in the context of the JSON responses. Including the brackets in the requests makes things work completely when we use a BridgeDB test server that we built ourselves (i.e., bridges are returned). But let us know what we should be doing, or we can look at your test scripts once they are working.

      • I
        Isis Lovecruft @isis ·
        Author

        @mcs Thanks, I fixed the typos, the test script seems to be producing the same answers as your TB now.

        I've identified a couple more problems:

        1. The "id" field of the JSON that is sent by the client is decoded to a string (e.g. "2" not 2). (Whooooooo duck-typing FTL.) This is fixed in my fix/24432-json-str branch.
        2. Either the meek-reflector or the meek-server or the Apache server is changing the X-Forwarded-For header from "X-Forwarded-For: 1.2.3.4" to "X-Forwarded-For: 1.2.3.4, 127.0.0.1". This is unfortunate, as it means that we're not able to get accurate IP information about the client to use for anti-scraping protections (also it bungles the security of the CAPTCHAs because it also means clients can "trade" CAPTCHAs and solutions). There is a temporary "fix" for this in my fix/24432-ignore-loopback branch, which simply skips loopback addresses while parsing the X-Forwarded-For headers. Eventually we'll need to find which piece of infrastructure is setting the IP to 127.0.0.1 and change it to report the client's actual IP, then disable this fix (there's a config option). :/
      • I
        Isis Lovecruft @isis ·
        Author

        Trac:
        moat-fetch-and-format-captcha-response_v2.py

      • I
        Isis Lovecruft @isis ·
        Author

        Okay! Hooray. I've tagged a new version with all these fixes, and uploaded to this ticket a fixed version of the test script.

        Doing

        TEST_PRODUCTION_MOAT=1 ./test-moat fetch > /tmp/moat-fetch
./moat-fetch-and-format-captcha-response_v2.py

        And (successfully) completing the CAPTCHA, I get the following response:

        {"data": [{"qrcode": null, "bridges": ["obfs4 REDACTED:REDACTED REDACTED cert=REDACTED iat-mode=0", "obfs4 REDACTED:REDACTED REDACTED cert=REDACTED iat-mode=0"], "version": "0.1.0", "type": "moat-bridges", "id": "3"}]}

        If I instead type gibberish for the CAPTCHA solution, I get:

        {"errors": [{"status": "No You're A Teapot", "code": 419, "detail": "The CAPTCHA solution was incorrect.", "version": "0.1.0", "type": "moat-bridges", "id": "4"}]}

        And if I request a new CAPTCHA and solve it, I get the same two bridges as were first returned.

      • I
        Isis Lovecruft @isis ·
        Author

        @mcs Do you want to test with your TB against the production server again?

      • C
        cypherpunks @cypherpunks ·

        What is moat? Is it a new pluggable transport? Is it documented?

      • Mark Smith
        Mark Smith @mcs ·

        Replying to cypherpunks:

        What is moat? Is it a new pluggable transport? Is it documented?

        It is not a new PT; it is a new BridgeDB distribution method. See: https://github.com/isislovecruft/bridgedb/#accessing-the-moat-interface

      • Mark Smith
        Mark Smith @mcs ·

        Replying to isis:

        @mcs Do you want to test with your TB against the production server again?

        I did, and it is working. Awesome!

        We had to change our Tor Launcher Moat client code to send the ids as strings instead of integers, but that was a trivial change.

        We also switched from asking for vanilla bridges to asking for obfs4 ones, because that is what works (I assume the bridges you assigned to the Moat distributor were obfs4 ones). For some reason I thought we were supposed to request vanilla bridges, but I don't remember where I got that idea. Please let Kathy and I know if it is okay to assume that Tor Launcher will be able to receive obfs4 bridges via Moat for the foreseeable future.

      • I
        Isis Lovecruft @isis ·
        Author

        Replying to mcs:

        Replying to isis:

        @mcs Do you want to test with your TB against the production server again?

        I did, and it is working. Awesome!

        Yay!

        We had to change our Tor Launcher Moat client code to send the ids as strings instead of integers, but that was a trivial change.

        I thought I would need to fix this in the spec too, but the spec already said they should be strings not ints, so I was actually doing it wrong before.

        We also switched from asking for vanilla bridges to asking for obfs4 ones, because that is what works (I assume the bridges you assigned to the Moat distributor were obfs4 ones). For some reason I thought we were supposed to request vanilla bridges, but I don't remember where I got that idea. Please let Kathy and I know if it is okay to assume that Tor Launcher will be able to receive obfs4 bridges via Moat for the foreseeable future.

        There are plenty of obfs4 bridges, so if it's doable on your side perhaps we should go with that? They should work better in more countries and get blocked less often than vanilla ones, so it'll probably provide a better user experience to not have to fill out as many captchas.

        Tentatively closing as "fixed", but of course feel free to reopen if there's any more issues.

        Trac:
        Resolution: N/A to fixed
        Status: reopened to closed

      • D
        David Fifield @dcf ·
        Owner

        Replying to isis:

        1. Either the meek-reflector or the meek-server or the Apache server is changing the X-Forwarded-For header from "X-Forwarded-For: 1.2.3.4" to "X-Forwarded-For: 1.2.3.4, 127.0.0.1". This is unfortunate, as it means that we're not able to get accurate IP information about the client to use for anti-scraping protections (also it bungles the security of the CAPTCHAs because it also means clients can "trade" CAPTCHAs and solutions). There is a temporary "fix" for this in my fix/24432-ignore-loopback branch, which simply skips loopback addresses while parsing the X-Forwarded-For headers. Eventually we'll need to find which piece of infrastructure is setting the IP to 127.0.0.1 and change it to report the client's actual IP, then disable this fix (there's a config option). :/

        I'm pretty sure it's Apache adding the extra X-Forwarded-For: 127.0.0.1 (through the ProxyPass directive).

        As for getting the remote client address, you will have to do what meek-server does:

        1. Use the contents of the Meek-IP header, if it exists.
        2. Otherwise, use the first entry of X-Forwarded-For, if it exists.
        3. Otherwise, give up or use the connection's source IP address. The reason you have to check Meek-IP is that App Engine doesn't set X-Forwarded-For, and doesn't allow applications to set it. Other CDNs set X-Forwarded-For automatically. See legacy/trac#13171 (moved).

        I don't think you need special logic for loopback addresses in x-Forwarded-For: just take the first entry. According to Wikipedia, the client's address is the first entry, not the last: {{{ X-Forwarded-For: client, proxy1, proxy2 }}} (Hmm, but we should worry about X-Forwarded-For spoofing by clients—in any case, Meek-IP will be trustworthy whenever it exists, because reflect.go whitelists which headers it will forward and sets Meek-IP itself.)

      • I
        Isis Lovecruft @isis ·
        Author

        Replying to dcf:

        Replying to isis:

        1. Either the meek-reflector or the meek-server or the Apache server is changing the X-Forwarded-For header from "X-Forwarded-For: 1.2.3.4" to "X-Forwarded-For: 1.2.3.4, 127.0.0.1". This is unfortunate, as it means that we're not able to get accurate IP information about the client to use for anti-scraping protections (also it bungles the security of the CAPTCHAs because it also means clients can "trade" CAPTCHAs and solutions). There is a temporary "fix" for this in my fix/24432-ignore-loopback branch, which simply skips loopback addresses while parsing the X-Forwarded-For headers. Eventually we'll need to find which piece of infrastructure is setting the IP to 127.0.0.1 and change it to report the client's actual IP, then disable this fix (there's a config option). :/

        I'm pretty sure it's Apache adding the extra X-Forwarded-For: 127.0.0.1 (through the ProxyPass directive).

        As for getting the remote client address, you will have to do what meek-server does:

        1. Use the contents of the Meek-IP header, if it exists.
        2. Otherwise, use the first entry of X-Forwarded-For, if it exists.
        3. Otherwise, give up or use the connection's source IP address. The reason you have to check Meek-IP is that App Engine doesn't set X-Forwarded-For, and doesn't allow applications to set it. Other CDNs set X-Forwarded-For automatically. See legacy/trac#13171 (moved).

        Oh thanks! I had no idea about the Meek-IP header.

        I don't think you need special logic for loopback addresses in x-Forwarded-For: just take the first entry. According to Wikipedia, the client's address is the first entry, not the last: {{{ X-Forwarded-For: client, proxy1, proxy2 }}}

        BridgeDB's logic (not my code) does exactly the opposite (without any comment or explanation as to why). I've never fully understood why, but I assumed it's because it was designed to run only behind the Apache server, which is trusted. So the patch I made to make that code compatible also with this new setup—when given a flag to ignore loopback addresses—will parse X-Forwarded-For: 2.2.2.2, 1.2.3.4, 127.0.0.1, 127.0.0.8 into 1.2.3.4. I think this is probably the most sane thing to do for now. I'll go take a took if there's a Meek-IP header being sent, and then we can just use that.

        (Hmm, but we should worry about X-Forwarded-For spoofing by clients—in any case, Meek-IP will be trustworthy whenever it exists, because reflect.go whitelists which headers it will forward and sets Meek-IP itself.)

        Yeah, specifically the part I am worried about is that the 1.2.3.4 only ended up in the header because I told curl to put it there… and other than that we have no accurate IP for the client. So right now we're just going on whatever they are saying.

        I forgot to mention that I did a temporary config workaround "fix" to try to diminish the effect this has, by setting MOAT_N_IP_CLUSTERS to 1 (instead of 4). This has the effect that there are two "clusters" of client IPs: those who are using Tor/proxies, and those who aren't. If I kept it at 4, then everyone (who is not using Tor/proxies) could get four times as many bridges per period as they are supposed to, simply by lying four times (so an average of sixteen tries if they choose IPs randomly, but still).

      • Trac closed

        closed

      • Trac changed time estimate to 16h

        changed time estimate to 16h

      • David Fifield mentioned in issue legacy/trac#25065 (moved)

        mentioned in issue legacy/trac#25065 (moved)

      • Georg Koppen mentioned in issue legacy/trac#25555 (moved)

        mentioned in issue legacy/trac#25555 (moved)

      • Trac moved from legacy/trac#24432 (moved)

        moved from legacy/trac#24432 (moved)

      • Loading
      • Loading
      • Loading
      • Loading
      • Loading
      • Loading
      • Loading
      • Loading
      • Loading
      • Loading
      Please register or sign in to reply