259787 CVE-2025-66286 2023-08-03 11:40:54 -0700 [WPE][GTK] Certain connections to remote sites cannot be intercepted using WebKitWebPage::send-request signal 2026-05-07 04:05:05 -0700 1 1 1 Unclassified Security Security Other PC Linux NEW https://bugs.webkit.org/show_bug.cgi?id=288907 InRadar P2 Major --- 1 albrecht.dress bugs-noreply 0y13cxnnm 4fv3omdo1 ahmedkabo2810 angelanncn987 aperez ap b9538684 bfulgham bugs-noreply castellc83 crosby dandmokay deedeebebe26 diakos.giorgos Dustin.turner444 getitornot39 haveyouevermuscle howlettpaul025 jjrauch32 Krol marco.app1506 mcatanzaro mcrha mgorse nekohayo ntd87w2jth pabs3 pweeloko quanghuynh10111 renrenking86 rfiguera635 soyer suzannesuzanne138 thithara7 tjareson webkit-bug-importer zbarney oldest_to_newest 1969477 0 467194 albrecht.dress 2023-08-03 11:40:54 -0700 Created attachment 467194 sample application and HTML test input to reproduce the issue OS version: Debian Bookworm/x86_64 Webkit GTK package: libwebkit2gtk-4.1 v. 2.40.3-2~deb12u2 Overview: ========= Even if the request to access a remote site is intercepted in the WebPage::send-request signal handler, a socket connection is opened and –if applicable– the TLS handshake is performed. If the access is triggered e.g. by malicious HTML content in an e-mail, this will already give the attacker valuable information, so this might (should?) be considered a security bug. Steps to Reproduce: =================== See the attached sample code package "sample.tar.gz" (note: tested on Debian Bookworm, should work similarly on other Linux systems): (1) Unpack the sample Unpack the package, cd into the folder “sample”, and say “make” (2) Log network traffic In an other terminal, start “tcpdump” or a similar tool to listen on ports 80/tcp and 443/tcp, e.g.: sudo tcpdump -vvv -K -X \( tcp port 80 or tcp port 443 \) (3) Run test application In “sample” run the application to display the included HTML file: ./samp-main Test.html The application prints (time stamps omitted) --8<------------------------- webkit_web_extension_initialize: done! web_page_created_cb: page 10 created for (null) send_request_cb: uri 'http://ftp.de.debian.org/debian/doc/00-INDEX' caught, redirect to 'about:blank', stop event emission --8<------------------------- The HTML contains two “link” containers (preconnect, stylesheet) triggering this event without any further user interaction. The tcpdump log shows a connect() to the remote site. (4) Click link Click on the link in the window. The application prints --8<------------------------- send_request_cb: uri 'https://www.posteo.de/' caught, redirect to 'about:blank', stop event emission --8<------------------------- The tcpdump log shows that the connection opened in step (3) is closed, a new connect() to www.posteo.de is opened, and the full (!) TLS handshake is performed. The sample package contains the tcpdump log in the file tcpdump.log: * start the test application at 19:06:59 * click the link at 19:07:39 Expected Results: ================= No connection to the remote site must be opened, and in particular no TLS handshake must occur if the WebPage::send-request signal handler redirects the request to a different location. Speculation: the connection is established before the WebPage::send-request is emitted, resulting in this behavior. 2128690 1 mcatanzaro 2025-07-09 07:33:25 -0700 There is a corresponding Evolution issue report: https://gitlab.gnome.org/GNOME/evolution/-/issues/2727 But I think this bug report contains everything we need to know. send-request is indeed supposed to be emitted, allowing the application to stop the TCP connection before it happens. Evidently something is wrong. 2128692 2 mcatanzaro 2025-07-09 07:57:49 -0700 Your test cases uses rel="preconnect" and rel="stylesheet". There are a bunch of other cases that we should test as well: https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Attributes/rel dns-prefetch, icon, modulepreload, pingback, prefetch, preload, prerender Hopefully these will all be fixable in one place and not require separate fixes. 2128761 3 albrecht.dress 2025-07-09 12:13:56 -0700 Hi, great that someone takes care of this rather old bug! > Your test cases uses rel="preconnect" and rel="stylesheet". There are a bunch of other cases that we should test as well: I know – my example basically should only demonstrate that an attacker could exploit the bug both without and with any user interaction. There are of course plenty of other options for him to “use” it… 2128813 4 zbarney 2025-07-09 14:11:09 -0700 I already reported this issue as a security issue of Webkit and got no response... 2128827 5 mcatanzaro 2025-07-09 14:57:02 -0700 *** Bug 287218 has been marked as a duplicate of this bug. *** 2128968 6 webkit-bug-importer 2025-07-10 05:35:36 -0700 <rdar://problem/155518218> 2130795 7 467194 renrenking86 2025-07-17 02:31:35 -0700 Comment on attachment 467194 sample application and HTML test input to reproduce the issue renrengornica86@gmail.com 2130796 8 renrenking86 2025-07-17 02:31:58 -0700 9ok 2131362 9 mcatanzaro 2025-07-19 07:27:03 -0700 rel="dns-prefetch" might be tricky, because that is not an HTTP request, so we *can't* emit send-request. In https://gitlab.gnome.org/GNOME/evolution/-/issues/3095 I indicated that we do not need to bring back the enable-dns-prefetching setting, but I think this is wrong. We will need to undeprecate it and implement it. (Currently, there is no way to control it.) Moreover, in https://gitlab.gnome.org/GNOME/balsa/-/issues/99 and https://gitlab.gnome.org/GNOME/geary/-/issues/1680, Mike discovered that rel="preconnect" only creates a TLS connection, not an HTTP request. So again, relying on send-request won't be sufficient. We'll need yet another setting to control this. Everything else looks like an HTTP request, and we need to make sure they are all blockable via WebKitWebPage::send-request. So that's a lot of stuff that needs to be fixed. I think it's fair to say this bug should only be closed if all of the above is resolved. 2134099 10 albrecht.dress 2025-08-03 10:15:14 -0700 [sorry for the late reply/comment, I've been on vacation, away from my computer…] (In reply to Michael Catanzaro from comment #9) > rel="dns-prefetch" might be tricky, because that is not an HTTP request, so we *can't* emit send-request. In https://gitlab.gnome.org/GNOME/evolution/-/issues/3095 I indicated that we do not need to bring back the enable-dns-prefetching setting, but I think this is wrong. We will need to undeprecate it and implement it. (Currently, there is no way to control it.) IMHO, the DNS query is *not* a privacy (or even a security) issue, as the application will ask the system's configured DNS server (ideally one from https://www.joindns4.eu/ or similar) for the IP address of the potentially malicious site, but *not* connect the site itself. Please correct me if you are aware of any criminal or APT actor who actually could nevertheless abuse such lookups. A wrong DNS configuration (i.e. contacting a DNS server which logs requests and shares the data with a secret service or criminals) is a general problem and beyond the scope of Webkit. IOW, I don't see a valid reason for blocking these requests. > Moreover, in https://gitlab.gnome.org/GNOME/balsa/-/issues/99 and https://gitlab.gnome.org/GNOME/geary/-/issues/1680, Mike discovered that rel="preconnect" only creates a TLS connection, not an HTTP request. So again, relying on send-request won't be sufficient. We'll need yet another setting to control this. Well, this is exactly what happens in my initial example… IMHO, the key for a solution is to catch the connect() system call for SOCK_STREAM sockets. Just my € 0.01, though… 2134100 11 mcatanzaro 2025-08-03 11:02:19 -0700 > Well, this is exactly what happens in my initial example… > > IMHO, the key for a solution is to catch the connect() system call for > SOCK_STREAM sockets. But we have no way for applications to do this. I think we just need a new setting to completely disable preconnect. 2159208 15 0y13cxnnm 2025-11-16 23:41:18 -0800 Can you please increase the priority and severity of this bug? It is unacceptable that this has been languishing for so long, considering that this is known to affect privacy (and also reported elsewhere and discussed on other SM threads), . 2159270 16 mcatanzaro 2025-11-17 07:43:07 -0800 (Sure, but I highly doubt anybody actually looks at the Priority or Severity fields on Bugzilla to decide what to work on....) 2159273 17 0y13cxnnm 2025-11-17 07:52:54 -0800 So like this is gonna stay unfixed for the foreseeable future? The bug was reported 2+ years ago. I want a clear answer since I'm responsible for IT security policies in my org and many people probably use programs depending on it. If this isn't gonna get fixed, I would like to mark all programs using this as exploited in the company's IT policy. I don't have the know-how to produce a patch for fixing this so I can't contribute code, and I can't just sit waiting for nobody. 2159276 18 0y13cxnnm 2025-11-17 08:01:46 -0800 (If this has been determined to not be a security issue then please correct me) 2159277 19 mcatanzaro 2025-11-17 08:07:58 -0800 This is an open source project. Issues don't fix themselves. Somebody has to volunteer to work on it. If nobody cares enough to work on it, then it will never be fixed. 2159278 20 mcatanzaro 2025-11-17 08:08:37 -0800 This is definitely a security bug. 2159331 21 albrecht.dress 2025-11-17 11:20:04 -0800 Yes, it is a security bug, and it should be fixed. However, IMHO its impact is somewhat limited. As I pointed out in my initial report, an attacker can gain some information about the targeted system, basically (due to the connect() system call) that it exists. As worst case a TLS handshake is performed before the WebPage::send-request callback kicks in, blocking all further transactions. Whilst this might of course be used for information harvesting (no idea if any attackers actually use this particular technique, though), this bug does not leak any other information, nor is it possible to inject malicious code. I.e. IMHO the confidentiality impact is rather low, integrity and availability of the target system are not affected. I have no idea how to correctly calculate a CVSS, but maybe it would be helpful to create a CVE entry for this bug with a proper score as to avoid confusion about its criticality. 2159352 22 0y13cxnnm 2025-11-17 12:07:45 -0800 Hmm... something like this? CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N Score 5.3 Used https://www.metaeffekt.com/security/cvss/calculator/ 2159633 23 albrecht.dress 2025-11-18 10:20:20 -0800 I think, after reading the specs, your assessment is correct. However, the classification (in particular for VC in this case) is somewhat coarse. Afaict, the leaked information boils down to the IP address of the box (or typically the gateway, proxy, …), and its TLS capabilities (version, ciphers, …). My gut feeling is that 5.3 is rather high for that. It would be more critical if the connected (malicious) server could request a user certificate from the client, but I think (sic!) this would require a further callback in the application (never tried it, though). If this is relevant at all for a particular application depends on whether it has the capability to intercept “unwanted” accesses to web sites using the WebKitWebProcessExtension WebPage::send-request signal or not. This is typically the case for MUA's (I saw it in Balsa <https://gitlab.gnome.org/GNOME/balsa>), no idea about other applications. 2159638 24 mcatanzaro 2025-11-18 10:37:22 -0800 I'll request a CVE. 2159662 25 mcatanzaro 2025-11-18 12:19:32 -0800 *** Bug 288907 has been marked as a duplicate of this bug. *** 2159760 26 0y13cxnnm 2025-11-18 18:40:05 -0800 > Afaict, the leaked information boils down to the IP address of the box (or typically the gateway, proxy, …), and its TLS capabilities (version, ciphers, …). My gut feeling is that 5.3 is rather high for that. It would be more critical if the connected (malicious) server could request a user certificate from the client, but I think (sic!) this would require a further callback in the application (never tried it, though). It's also the fact that the attacker can track the user and see (if, when, where, how many times) the user is using the computer and is online and has opened the email in real time. Considering that, 5.3 is not that high. 2159763 27 0y13cxnnm 2025-11-18 18:45:07 -0800 And since there is already an exploit code available (the person in evolution issue mentioned he has it on his open source website), a low rating would be misleading for such a targetted and personalised harvesting attack. 2159961 28 albrecht.dress 2025-11-19 10:06:36 -0800 > It's also the fact that the attacker can track the user and see (if, when, where, how many times) the user is using the computer and is online and has opened the email in real time. I don't think it's possible to really identify (or even track) any specific user (unless it would be possible to actually request a TLS client certificate), as the only information the attacker can extract is from the accept() system call, i.e. the struct sockaddr returned by it, plus of course time stamps. Any further transaction, like sending a GET request containing some kind of unique target identifier, *will* be intercepted by the WebPage::send-request signal. So this boils down to a (IP address; time stamp) statistics – given that ISP-assigned addresses change frequently, and the users of larger organisations will usually use some kind of proxy, I wonder how useful this is. > And since there is already an exploit code available (the person in evolution issue mentioned he has it on his open source website), a low rating would be misleading for such a targetted and personalised harvesting attack. The attachment to my original post (the HTML example) demonstrates how to (ab)use the bug; I wouldn't call that “exploit code”… 2159976 29 mcatanzaro 2025-11-19 10:36:30 -0800 Well the email sender has your email address. Surely it's easy to create a unique tracking domain per email address, and use it nowhere else. *Any* IP connection indicates the mail has been read, violating the trust model. It's also incorrect to assume that ISP-assigned addresses change frequently. Maybe that's true for your particular ISP, but it's certainly not true in general. (In reply to Real from comment #22) > CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N I agree with this. 2161510 30 mcatanzaro 2025-11-26 12:29:04 -0800 We received CVE-2025-66286. 2165866 31 soyer 2025-12-15 02:53:08 -0800 I've been getting emails lately with images on suspicious hostnames. In these cases, all the subdomains resolve to the same IP. I haven't seen one with preconnect yet, but I'm sure I will. These techniques are already being used to track users. 2188794 35 tjareson 2026-03-10 12:39:26 -0700 I tested CVE-2025-66286 on my system and cannot reproduce the leak. The connection seems to be successfully blocked by Evolution. My setup OS: Linux Mint (Ubuntu 22.04 Jammy base) Mail Client: Evolution 3.44.4 WebKitGTK: libwebkit2gtk-4.0-37 (Version 2.50.4-0ubuntu0.22.04.1) I used the test mail from Email Privacy Tester (which includes <link rel="preconnect"> and <link rel="dns-prefetch">). I monitored the network using tcpdump on port 53 (DNS) and port 80/443. Zero packets captured for the tracker domains upon opening the mail. Evolution seems to successfully block the preconnect/prefetch. The DNS lookups and HTTP requests only happen after I manually click "Load remote content" in Evolution. Has this been silently mitigated in the 2.50.4 Ubuntu build, or does Evolution 3.44 configure the WebKit sandbox in a way that prevents this bug? 2189041 36 mcrha 2026-03-11 01:44:52 -0700 Evolution 3.44 is ancient, there is going to be release version 3.60.0 by the end of this week, which will be the new stable series. If you are wondering how ancient it is, the Evolution 3.44.4 is from Aug 5, 2022. 2189053 37 tjareson 2026-03-11 02:43:35 -0700 Ah right. Ok, staying ancient looks like the best option then for the time being. (at least as far as the linux distribution cares for backports of critical fixes) My understanding is 3.60.0 will not circumvent the current webkit issue. 2189057 38 mcrha 2026-03-11 04:04:31 -0700 It's not in the Evolution hands, this is filled against WebKit, because the problem is in the WebKit and the WebKit does not provide any API nor setting to block all connection attempts, including the preconnects and all the others (it used to have a setting to disable `dns-prefetch`, but it's deprecated since 2.48 according to the doc: https://webkitgtk.org/reference/webkitgtk/2.50.5/method.Settings.get_enable_dns_prefetching.html ). I guess, from the process name, that WebKitNetworkProcess is responsible for the network connections. Ideally, for the WebKitGTK variant of the WebKit, would be to have an API to pass any network-related requests through the interested application(s) and to not use that process at all when the app advertises use of that new API. In short, not to use its own SoupSession (if it still uses it), but have a wrapper on top of it, where the apps could implement this wrapper and override anything the WebKit would like to get from it. That would be a game changer and a pretty cool thing ;) 2191337 39 mcatanzaro 2026-03-18 06:51:09 -0700 *** Bug 309513 has been marked as a duplicate of this bug. *** 467194 2023-08-03 11:40:54 -0700 2023-08-03 11:40:54 -0700 sample application and HTML test input to reproduce the issue sample.tar.gz application/gzip 15204 albrecht.dress H4sIAAAAAAAAA+Ra+3sVxbL113P+ivaBBzU00+/uCD4OiPohiKLHJ2A/AYUkkogcUf/2u6p79s4k hCAo3u9+dz4yyWbvqemuVbVqVc3ejXd37tTTLzzPY8LhjKHfwplp+Xt1vCC0ttLZSQvxwiTEZPUL zDzXVc3HT7t78R5jL+zV3b3jPvek9/+PHrsD/728U366u8PvbN/86+9BAFutH4O/M1qaGX8nhXbA X0knXmDTX7+UR4//5/iLsDnZTRO4m7S3jn14hZ3c295l04Npg+3t3WFWb7DbhUkvjdpg263t1j2G 99qdeHOXfXP+wrUNtnNve2+bfXYO19rXNtidunVz7xaz02v/ZDjExCcuuTBcG6E8e4uVmm7HLX57 q/G9n06Ve3W31C1eKr+1t7ezyS4M01dhebf+yBRFg5508Bvs59tbWJHUWMD2zt7t7S187u7uLhPa Thu7Mf/w8cWNz66y+/EOE5Y25JT3rOZ7WPLW9s7Gz7s53qnMXVuvcvrnP7BXHJuMaTNNbJpUZraa wjT+l06WKUFvRDrJqTH2Hudntq69w9/hgtMxbAiy4YvO9CnN0mQkrJmJZYuTlIFe9jvgxPhHuPBT foVfeWlhQ5IN3EiyFtvEQvJlvohMTibhpPHu5KcIG4eOYUORDSu1ZkVOeXFPrFAxvO3Y4kjnF9fv h4MxSqvHhoNw9ohg2Nreqo8NB61HOBwLPoLjULjshwOf40F4HSy8vcGA9350hDk6sHBzRHQci7gk L6XZSx1xrLIssCTEN8hD79DpowOI78dFB3vALkRkKk5ijb2a0boCzPkmJ9QXiNtJAHEcSDRhH0G8 B0w/voOJk4/Byz8eL0pf/XTpq/9k+q7hGjiJA8l7DBSekq8eSD6hDiXfya3rT518ag2KPJx8m0so DEytks+Fpe8PHVfo5v+dQXCbKvAwGW2OB8H8vSBc+FMotIMoyEdQuPE8URDPjoKTx1FXeGrqmv4c dR0CQR5gqmNBACupg6xUD7HSyWdgJbmGQx/LSiMViJVUK8vitShjaxDePshKAwqPiiOOSQg/+T8r KpSyjhJCeMOt48pyYUNHZPcRKUHhLILHtp5KSnhICQ1Vqp5BSbgJAmQ/jeqE7D2kJHY4pRH3h9Io BRRgqWNgXvkK8FJitdrKZHHxgJI498pw/NapXx6rJGqU4UlK4rUjlYRSHoIoZPMkJaH47cMxoAHT hDCfHp+OXj6rkjgC8QNJ2CPjUf0glRX7+mEdEuJP6we7yNQAuBYIHtQPwOvoTCWIZ7CtZ4b0wwrx tFB7t74mrB8eqR+ScPUJ+oH/fiRKaMOOzdSjaPOpStcfydRnr1dItHAg0XQ6XK/mRLv4FImW1lDI A4n2kEA4UjXUKMyT6tVB12ujw+NJUvij+q7nWq8Oq4anK1juYMGKf2/BEuuCJZ62YA0sjPCPxWL6 35HQ8iAMfyAZVgis2Kg5cTgZ+EiGH59CvOk1IOoPSmit6/SEZDh/EADnHW57DA+JpwTBGPcsRHRl nQObiIhj2MgI9wgEUhbio7iAoFRtDkFwauaj954PH/mZj7KY1QKqHsnvqSs5MU5rPjqi8Lfci7zL zKdaWUL3wlKWkTUNTTNJm2HSDPHwK34+56/jfId/PWxoslGrUywLb1k2JTCZkmfeRMOMxtqiapqG Kx42dunub+DnM/yIeR2m76VZy6DpKZxA6iYXBGe0gimLkBQ+wHjF2tiN9gU/f/FbzqMlY58PG7YX yJorsyUFVmJDCGtLyqcaFmrOzChV8IYELlv8Li7ViQxcPctPDxuObLhJow+ykYq9ikwoeBInRSdB J80ySQG2c8F2cpqPjWHDk42cAWueYsEJugufT/Qy00t6Q030Eb8u9m/087TCJXQbk+h3avQXtQeB rAUaFCkqPYGs4UQ2Ts92zD62sbMtXY6PNrodrSPQS0USMVR6SSJCUZqvLIR+VsNG6jb6VEyM9szM J3GQcmMXqL1DOxxjmWyQEoO+opOjk6dToFOhU13H6aEwnW2UeR2CskqQIhWkanHjNDJtVQTKvI4j bFSyISU+gB+iOIQjHO3JkCaT+MuNrQGXl4600eYKho8a+mi/yCPth7VEJ0svVc/bo2yIad6LpE9h 79PaKQb/Z72iiEXuO+300sYtSdQ1bIgRp8BWCVlHalmPz+Mi7K+hGZNV9SIBbHdOC2Qa8R7+mPjL w4Yc8TEaGAovm+hEKAuq7ZpcXBAkwY51KP5DV/7v4qcMG50/Sk40z0IkJqPB3SAtUAdCNDkDKhAk 2uTwB6rRpRMUpV+9ePLe7I/OH+AXwQy1vSYhVXTQFJgGVT40NFemTMxPDrlf+XX+zRsfXuafcP4T /g0bnT+UM4kJAQqD8JdMGQ+tnBHh0aI6tYyXkhQYc9+AOpKZ/TqLdNH5I2rIam2kZN6jQFbRsA0b 4FNXLLNxFbGM//7eS7008n/x79fYdv6QxB/VFvBHg/uTBo+5Ahs0qYZd3KE1Q/64gAtf5vw3Xkis fzpsdP4wVSXmPGpJnrAXkcA3MSLkSqm0odSLN+L0+psP3uNpNB37Mdb5Q1GNkj1BepirEeZqRGfP odYo58xMPwdtzPwxLfWVkKuIxQ9qHw6cEIEHYv3nn3+ebaQRp7YxpxCd1uAvWS39RWsjT47FEJ2w ne3dvbpN8ujUYh15rEP0CbekKksr6uLbqkdkH13XVWde7qUsYv2Jp8fkbf0LbLQ/b0NOf4EN8RfY kH/ExloCHjSw0IFBqMc/jhL+qGn2H2qKnm5qcKgT6lLwKXqhfSXeRwLl0Ehgvxf64yMBOWvB5qfD I4HTRw/vslP2aAD3O1L7KARCaB+Og+CoWfaxEMDgM4Gw0OJC6+OhwAceRcPkjkZYoOEjdO1BNPiM xq/PBw0/d6ZR26Uep1of0jSPVzsamxcO5dTQ48H1z2fSfSigwqEq2gbyNhIlyRoU9xKTndfxFefb /NOPqljZ6PV0oi6uaNFY8Q1V0aOkexKcAeHJdEJfNJUQDublxQd8qcetRdUN+cl6vOHav0WPdyk+ sG3r2ibJW7rXjwsjvD+e69lCjytyfw+SLrW0IHdWuFi0DH80yJ6caPimepv2LlQG7NzmDxd6XKcK KRIVooLG5EkJiCOHPqlUWGsW4VIjWhh2kf/yVl/A6/3cFno8JNwzGNwpOONIAiNYLfqkktC+JY+9 uGSHdnzIv1gh8zAt9LhxAdEZ0VtEBUQjRWfMzUFpeLgzQ+IrpeDT9eX9UG8v9LiSAB/9HXAsAkpD UaDpVZx2pS0oDJns1+5+dTBORz2ljyoNtTd5uMI0TSUdCjBSzBQBBShV6TGmceWNd05dwi/z8lKP tz6x6DmnATBW5dGAgo5sAbP6CLtKZsq5PsCgyfVdsKlc6nGlPBSjSYJlD3nnJFIwOJWBMtCIJVYE jhcrbO9xfubdtt7L0OM+QwJLcn/0QMNpksBdK+WkmbQFi/HQgowrIvO97otX1zY6f8iMm2iZE1MB ghNK1LJWtCOoaZOES5WIjw3+79FmvU8q9q1XF3o8UXBnbyMggcSpSgTkXMKyDPAWFdaiN+Mh8/e7 K1De51cXelwnZKYoJBsjCNEkbGiyriEZIdRbwLtBkWa7yKEcOcQw39rHduhxnT09N6jYO/UALcOQ tVoDEihRZF+mgAe2JIFpOtHO842P1zY6fwiHypRsVkw7fNQ0r8DmFfxY4d1ssQ5T5Nwnvc9vkDNw XHtpocedBdE5C9fJGBWCCqHhHVK2aSRBE+hkQSLYy31+f043HOHqWws9XkFaABjrsBBgwLYF5iva G1ecwoaah8vsrGEjYfvub3Dtxa2lHm+RGkVLDZrxaLjAXqUBEmsQp0XAR9H12QR8eutLelZaT665 cOjxlKmzKZQWCelZGz0iCuBH7ZtlxaB6u4b9Mf7GJfPG2/Sg6INesRd6XFeJ6FRoZbwGd0qLZVmJ y412EXxQBNYBnmaXT2ALZ18FwJ/tPywaerzCiyyrbIGjQYEwiLZEtUFYJG/zCBKlV734xzd6e3OJ cnihx1XCnQRNH6JBekaS5/ChQUJn9CxZI18KxcebSwr64IAejxrKL0ekClgQSdOsA82DCtDIIryQ b7hDJVwcXfz2TctHx7XQ42ICfzSDFLe4FJmDvqoRGzmPTCuTQc0xRQ3+yN/RNPnBq/xrs9TjKaFL Q6YAUYcluFgK09YQ1wtBZA2WE4bmLOjV+M1f+IVv4dId8e1CjwsBDVhjJn9QB25w92rAS2g9M1MT Wp7U3Kre7px4lXJuKvy/Cz1ukgEkAesAoWhWM4p0DRRZyuCljGh+AnHQN//5kKygWtMQ7cOlHvcT cClCUI4G1KiaA2kHxeqE/qtAUCA+3ApbTtqhk9mPw8bQH2iaWUvo75pulfmA0IAKg2dA2nCxBolo s5hvfMJ3yNjoX2XnDxmkZohQNL0B+gNkj6hoyGWTLLWdyaGTRWfPXnvl3Pw48Zu4xlZ2/kBkYO++ RFIAioaIieViKsIl0dNOsMuEMjHWsXMOp+uLGiU7f2SHUlttxGKggVgoyA2bHPxMZdIUFMzqNOHy cAw2frj/Eb8Gpw4bnT+MN4lcQUGCGqU0osJQ8908cs66HOFsRD37kqgUeYIg++UmHDJsjHmgR8oq jfwyGqXWlUyPDSMVmYYlKKhMvNl6rbz02Ve/jY3cOj/b6Pxhm6BQolkGjeDshKjXAgUWFIs3JHw0 GdAD26ZBIv8O+7lzRp7jJ4aN0c9LZJWulmYZyDkZAGvQSDdPY97JAnknaC+cX27fU739iN+hpwfD RucPsHkGf0BX1wh/mAkXTYbU8QSOdR7OFha0xt7v8+Irvbw8WOPS+UOaArbzoONmI817MkpLBTEn UUFOAso9adKFJ/qVH65CbehC2fnDOo3KHlHYQupBghKuC8jMGtSXIEMkhoemu3m5R4i69H3F79+G ppNzP48iXVONqHMA06gAKaYlZBRJvALogcvwB+rcL1f5GE2scOn8ITzYHN6ki6jZsLlzEPxMj1qN AsqaHpex/ijq1379iavoQLoNNQ1/EGeVihoPKkbFQ25MMTaoTERsSaQ3K/HYCU6xcX9NqcPGmAda pGxI2IEoDcVfIAVbhI+CQ+WtBYsRSvda2Y9XOPnlBL88bHT+EER+UxUomAqFLWZI76gg922YaFlA bSKSHLl/kiZYt2k1N4eNzh+ZgtBplGvoIvyFuocdoMpmn0i+eBKYmWaKJ4h6Hh7ay3ieQJrO5VBo 8IYCIYGjMFi8a5DN2mc3Ki8jh/6LjFzmX3yAmjtsdP6oFp6MBvdMkh5H0INj2cAfRkuEeQXo2MuC x05f/+y131G/h43OH9IHVBVqNmoleRuJuCyWQF8+gh7DJiFCEKejxYcC+YIEJh9aW3X+CJW8lilb VQIGGYU+hIraFyBkJOlvBNtcG87NPTrC7LVho/NH0OCPUMDhUgKhQlNfSfVFUvZpC39IGoeRjb2X OqycwMnDRucPIxEVDdGKdUMnT0Eh4GOZhrWObU2uMPbpcMfm1yPSfhs2On8YAf9hW5oFAWHsFFUJ BUWUqUmLDgGcE+HyyXUq2tAgX/Yp54zLeJ6QcPdARTcoAiejUKFuoSEzMI4uDMSS9Hiu8fJYyufE 7B8NG50/bEBTHKyP1FdiL5Qvkng6SgVDTlN8wLFs9VWVk99w/cX7dY6xMp7RTPSsDWUk03AXno5Q VYiKKqnsWXK2GXPrU/saZu/EbGPwhyBl6yGjaoL7w6TR2hq0/xbtJDZEz1ei6nv58gbP1IDc4Z+j Axk2On8gGol/I3DUqAMlYAfeViRNJo0WGvWaVLP/TcxxqzdTxIijZuvBHx7avLlKuolyQwpFRUkC 1v48MgFlDVHGTvavASdUp/vUDH0wbIiR+xAc0kDzt5IitR2IehVIr0Nhq0hzhKzpCyoPTqy88dYm hPKwIcezRER4KsQVDuWsenqC6EmlewgT64ohRTQ/1/iZTuFLfhMFYtgY+oMINxaEQUoKVTM70Hyg UUZGzHgHvE2JKw6SZ34fcXJttqHHzACVPdFDpxIaKVVnELaSJseF6hZcIRJkMNsZ+/jJvcj39anu /KEt+oZKZdUE+rJNQ6uvBVS3dWhiYkGT6wtpOgT4ua9+56+/e/Ym2RqaTnf+MNaTrkbGN4H60uiB tHFQItJAZsfSH5tT3/Afyvtf+IMveubOfYPu/KGoQ8kksxUpokSeaRIiRKOFABvRM9tMfEqPIsfg 4fI+n+rOH7rhxq5VumcgoYsuztFzr1CwIQhyxRJNR9jHD/qlG2Dms/s2On80Gm5kAUPJg/watekp QL6o4tFwRnrOmalm84aiTSw4TIyarePABSEqSAIlr3ptDf05OxBS9D0eQq3Au4TLV9yc5+UV/ub+ Ojp/BLpnoAfOQBWfFxCkGRGBSNFIFRdoamWGxt1FWEDmnqHU+WTY6PxRcCAMVBch0LOJSIdkpfYI fYOGDpmjRpza4ZIPYOq+HjY6fxh0tAh4JJ6K0Ov4T4O8JVnpUD9VgVQHOSP3ke/nN6mFQnE4u95L 5w+0txEYwIbtwkcjRAM9vktE0Wnq0xEkNPvhe34eAvnF/jXcH1c2Rv9iC/XqNH6yhQZLgSAJVH59 763QhSMv9+vc2WW9NZ0/rKCv7FaqDQUM6Cd0LagK6OcoUmKtiSZwqC9xnwk3KGSHDTE4mbhQebQ6 AWGAZoK+pmaR8eBorINUUgStgZOho04jZevd/vWcYaPzh2yo1KnS8MZQzW4NDE/jskxTdcgApLGH j9hpgNpnuSQffvIvDhtq2KBWx0DYRQtpjya30KAykmc0zYga/YV1nCb58eHH1/jXS3/oMR9D35Wo rKqMHFUR3lUk4qwnOs7wUaCneX0+doZvQnHfWtjo/FEsTdGqDbCBaiUtmsBIvB5pjGnQ/4CDwvhe xf+0d+1vURzb9mf5K1piFAgU/ap++DpBRCTiI4oao2ZSXVUNI8gQGDSa6N9+16rqmakhSI4nNznf d6/zJfKaqe6px95r77X2nv5VcdHw9S/HY/j8Rw0LWJUlCUVEh0UelwjIcPBa1TCCoKdpyc++S+Gq n5huaQaen5Wlj295yy3MD2K3GDa8pHcDcq9lChDCd6Vg0tx9vAcspT0FpBIf/RjOfpQaB7WReMel QTiYKiDsrIQRxjzB37rsNB1gRHj7QSwgZF8SPfHc4w/p86eSvrWAxUQwCadLzViNPyG6BmxoJI5b VgJAM0f/TjjDjM2el7/7MZz9qDAtMMdNzV0PbEmtSmHp3WjwSzKkcJX0DT8zZXn4eN+9qbKbU2c/ GgV7E1uczNQCNlQtoDcMBiKOKscNtpjsJMGeiUQnuxFPxHeY3Zd+DGc/LMcosFdgrgyFvzA/pz7E Bfst2YYpvqWG5zlL+pT8kxLMiezJcS6OasHr/w0dZjOtw6w/ocPcGJ+LP9M9tS40IOPSqindE077 Tu+PrFdZ/Qc6TKytPIPv4vyfJlU+a/6Lv6Q8wwJclml+9iIUpyyC5SLo6UU4WbwhukW48fcsQjVe hKYju6ZJhOlFOGUpgJjPoB4/v/rsr7G/E9aR6/EZBLA6WxP++QQw5360HsXEdXMFPk0AJ/UnGPw/ WYWabOGnV6H85wlgLMRlnsQzV+MsDriZ5oDVJzjg93/PgnQccEL44u6jpqcpyXS2BY+sIbacLMh7 nK27ecAB4x0DHcNQkWFMgLUrifCnrclHVUAnsC6mtfBzD9fWnonzfpR0zN/mHhcWJFyyDEExYqBC GubXW2B4aqokdUUxic9I6O8zgDGXeHjQiH7AAdcF4F/CmLCq4RdlwoijBJaKW4RQkhI1lSbE/FQg vfleAEvd3hqO7sNhmDauSryXnJAppqqpZNKVsXqNm1GUNtVSOXy69p0Qv35wlNTiaAyHYRBWMnmD l+cK/jZlJgmRXAk8gTAiaWOqtlyO/tkynLU7bxLjvQg4YGkQN1QaF7ZkHpoCXiBLNcPSHNCqlhkj AtislyTFSrKM27f6j0QScMAppYZlBviSFwzgtEYslgH9A/Finml/E0T11A8eHYzp/RtTmsyMmUZT 4krYmEmkW6J/JoUwUOLFZ5gYzEf+HgDoF3FzDwuzNit2Aw64UIgWykobfsfgvMKSpCVzd0CDUiNy bUoJTPcKodgrilQ/CPNCiJ8CDriMC2ZOMLEVgFBUWk2+AfDMEbAIO4DhE8DP6EBRZfCxU3eeTwMO WDHKSUxBSA2AnpoaAYgG3tTMFGCisC58fzwvgy6Pcufo4/2bAQdcK4VZQOiIXY8wti4wf1WRkzZM G1ihBkG/tB1n4XJTq+vfmLE7czFQTTVb06RObMD8EfOnRe3yXQqgHUF/Xpc+p+SUBu7oio3fAw64 ICZuM1NE2BQlNrflKtPLlrlh7q6JDAlmp3dYFFvilnh7d3V0H54DNinWBbFbHJVJnuD5iGUbt/9b xIRSYlIa3Xb38QsJB4Snj++MxvD2g2MkBTCuLRE92YZUVOX3WIN7w9ZoG+YM3FxY8YLx6eLuiGt0 9kMh0sJ9ILjMy5IyBVivQmEhyhhXB2SSuK3MY/5X61jaVzcPqOy+HnDARc7wUVKSIJn1qBHuYrfh DUkER27Rk4aaTK7F8bW+IwqxyqEmEzuU1gsWIlFMrUuA9koBw5dtRZKuwhzVMgvs6c+OK3gUcMAm xfE0GWJC6xjouHXrQlk5VsNSyWC9RuAWQrGbLu8pxnDHc8BZ41LgBfOtsKwI1RFSNgXjd5gfrBes XILLkK9US2s4/zvOot0KOOAqwUVKWNBIlTGMWUJNt0Ww3SA0jgyF7pVsnB07wl53IpRXk/tw9gNh bgO/pRSOG6bCULnfaByyIm5LbBcF01jRR/HVrn4r/Tl4L8pDN1aH0iPYEhg8S+FkmoKUKRMBSSap /1DjeD/1rGkvCzngvIIrki0PLzMQbY6IpGCxX94qBmnU6mSYo+j2cs+9C+XYwux5wAHHlW181kjV 2Ke6hlGNGbqXiYXjKcmsxGnHnWCfluLqL5S0fB1wwJaTjmNPKjtV+A5RWaFh13FwEOhpHPuYETfW 9qG4uPCQZJR4MZ4PZz9MzJQl8/yKlQxp5Rhlqp8NDlJM2UHWGj2ajzmns2fiIeCADdwKTgTMJtZR YXZrl4chK51RA8EsqGZufLxPr/wrvzDKjXsOuE6Yl8optNCIjG1GE60BzmyF2KgqVeKl924Mvo/f fWxUBxxwU7GapMQSJqXGfZd4V1h11kVUlU+5SVu4OV3HwjDHTpXPTzbggOuC0XUKP9BWKou0hHGP W8vMUJniCjUMnHG6nAMxShgc0jYHHLCtmS9JYITbBj6ttDblrqAZhBUoawBexTRcBH+/Km5wp646 9xBwwAX5zToB6tApmd8SCKDIMLt1iwWD6cAOlIke5eiffuclu49DDtjUFK4puAWVIcqvq4ZKK4xb umQTg862yaZ08u/Egw2RBxxwi/3IOVVkB2NmcODYyEdVzNjVLEWQma84W//x7s87nXrskQg4YBhh oMG4dr02Kh63mNZIkytIo1SlBTVoXBfHAQNa4swtXBzNR+VzfVh8k5Ss0yqKKCfJX8JZMlfVAJ3E hEXMse3W4o1oV9x8jvNBngNWimtbS2y0knp90uFVSqthFbAlrYuRSeLW9qXY7Rjxb0ZjKJ+7qBrv F+EvmWij8Koipc5aSlswYcV76+Z0jSfmjugnIQccN/BurSWBbWnRGsCoLMaKxgp4rE3xThPV0L+s +OvHxGP1NAecwLNrAzMIlIlrkkyruN6e0yoxUFlj90QO3s77zPa6fCcCDrjOZULzjX1awjrHFBaU tI/S4NiXymDbMksTdeIizOlLgH7xbcABZxJvtiLHVxWAL0WN3YlphkHkzcRVRn4aqCDyFQN9//+V ke6i7fZ6QXUjzE8DDwmTVHp1fFZp2JSEm4+Vw9jrueb+evu2Alae4oBLi3OuS5b6pLAV2AsS6wKX ZRvSagDbZDQwxqiud47J2PUpDhgHxGKLZgpgGZsVXg+bm74vY74wrhG/GGW9b7iMoCN+Tmy4PxrD Fxk7U0N5QAnT4w8IXFaFOABWVDG6kazvish2/DI+d89FwAEzdgOWIs+KDYOTI5n8pc6ghr9tnCKl JV7H3pqH8enhvNDfvgg44FgDUcZUIUrKR7DFAJE1oATeI/6xTGOSSnH79KfRbXwcvRdnP5oMbkRR 1pCRVTIN/FGcJyluBrdVUOXTFF534VSKjnxpX4zGcPYjo/Avk7hSkQKlGwIZWWlqD1hwUitmznF8 ogpbvClIeXorEHDAllNXMP/cEv4B7JKGLkykWhyVylRAAI1x2mLHIYmt1zwtuyLggIsC0KOgjDZP VE5FSkGBFKIn+tvcAIkUDVBV1A5euWPHx93xGD5+4VPL2jpRjBMlUviKPaNzokyJvZsDgPPMjUu5 XhyLjUHAAds6dZwFJqWBOa6ILduGwhq6fF0oSkk1Y+QFseb1X/49BRwwwmlL1V3Okq2GahJJ3SL5 F8cjwyq2JevjeuKOg5d3xO1bkzF8/IJYjmAZA1HHE1MsqlNDHESNAGMa4Aesy6+IGu769/L0xngM zwGXikVTLndpGKuwBUoDvK4kA6GC3jtx9lQMN4jVr3RRUMABG6fklRVVY9gVKQkoQ2EBDiPDO+ot leEYT4lNLznV5WQMZz+qqtBUWcJ80zDDteK7OqWkFfchGwno3Vr6l71uVbBAz38YiIADLi1Mh60z lhcZ5vnxNqoMFrCm2rlMgeFli11P+3F9tLiH17qUnueAYdJThgwlkyswOgpnTmM+sTWwPwpAcRze 1uOPt25S7fGL1xdGfFRnP8qGjt6FBykDJ2aLG0M7zb2bOMOCfbr9Gzz+4apL9a+MNEb5qKaMpA0m BUEZZcUYCLGlJKOMc1hTREbpNc/t3iux5NjGvhILAQfcpjDkmmxHRrSrmY9UrDqOFfMZLeBIknS8 2MeK9Y8MqL6b5oCNyfA2DCkg1rXWOQ9qRvcLc+woYSt55jgVl8X8jd1rsMgLozGc/UgI7WGIC+JT IAbutkpSRst3ULNQrMR+GWOYDbG4jhE+vAk4YBkDMaQJ/EvDkMs2OOxVrlkwD+vVNLDTsC6Yjwft ec3CONGdu4AD1iqrsK9heaoYa1tTeZak5A4zmsYSoYiOnbancoZjPEjAAac2QagDp01vJUnvAUoA IlGShuCIus9UZ10895EGDIv7++3FLOCAYfGwvXCGAUI4fzlNKSnCpkwkPbqimR/FhCNR74/THLDB NrCZZE6O1QGl5h0BJkoW8CGkLIDmu7q0h+JWiXvZ+iiejMbwNammxVFBnIrLAYTkFCulRQvokWKV FQV/QDvevzzgDr0obkzS6J4DhvGnMjEhFcW6NEqvERjD37JET9K/tCnbp4hMeEpcFOLJyL94Dhh+ jjoNeOqacrUCoA5+S9EA4A8SKJziPrc/3sTiNx8PPhPprYADLqnh0yy6BAq1HhwWlMAWhgsm4SrS gvmP4aaQ3/4kdncuMgty8feAAzYNmzg0cGeNhQGociBsRTvdkB3XLf9QVaN1eTveHyEHjEg/pXiL fgCuJU8AnkyjGNRRD8aOAk2Jy3hMJ1auiM6gBRywLhA4SUOUThtklXPXLU8OpR+aHHDhY6CX4sLd kZMqbMABS0aTWQb7UeUUvUsOqVNAdeqOKrbbS+j7oicLmbuBF7PffDW5D2c/khquGQeNJYuAlXkN u95ajAFgJkmZUkvu8qe1P7Zi9v1jcTDsBxxwWuGMZgZo0BInpEQAectY3dasUmCGtkYkDxxEVv6S uM9YXT8LOeCmxVGpS/h9W9Ww8BTmxaahJBjjOtVwYeMJv++Sn8+fdJqajgMuYfgVYw/Duta0QgRR GMQBTYvzUlp4MF12tU1vxObcS+yOjx+fjubD2Y8mAfZCpERTWjhBPt4aJb4N1RZxyfw6s1YRYycx WOCW/16sXhQBBxwjmsdeKDPvUGJCoEYqbjSePksVJA4ix9g7On4xStUNRcABt8x+69xSFUTTgXg3 qnXFehZMdkx2PMXep04pAB9idB/OfiQpfIliKq1BrA/EjINXAiwi/GfeoWRwVBTev+yKefHbb5WL tF8FHHBJC1FQn6ykdrU/n+CAh14b8CqgXBCpn9kL5rR2WWdTLkla/SXKhYj9clYX9dmUS1xVf6Bc qFqL40aHlEtj6hOUi5uDz+HACpl/gnKxNz5JudjKjDqpsdAL8ZJkQZ0CYocdGFMu6+JnS6AeUC4t wUpBZVMMLxBZSrsSJhhqCs8RU5U+4xWJw51DMQAMZPKmnKJcyrrGLFTw7QWjmyJh/RJlqJY9tKzU zM8huoqAIRcHL9S4HjOgXHImV9I6o+YcU1FXsFVVrFwhA7tRwA4AH8OlbIj5rrpCBmN4k8EsVEaY YzB3LJFJsBpMTRsFR0n/7ZTSke9f8cj19vtd3H0VUi60S5LlXbBVgLAW0VjBgjPDYC5ho4FCS3fc t9z1NcO4g71nAeViiYozp0pKtfYlUUXOhG1JP1viCpqq5WhUmWrc2ky1wTBsc1CWmD+AFYl/KoqJ YDhVArQBl8eQjCGLWO58kha3V5+IQUC54OmIRFssRJpR2pXWzOVji6rSABNZ2ngnoaMp/6pz1Ezy B5RLa3ERib2Bm6GQFnYKoRPCfsB/RRUOBakN3ePgwcW3rprg+P1gf6oNRlpZyhj5T9m4VDZOjgb6 gv1hy4bS8C51Jyd2j0ukbqbK7grJygxqCBW2aCErrDLrMLWhfU4QEDbMeEXMHS28s8youexHQLkk LdOjvOVEsvdDS4KjZSgUM/KCXUUUpLm2sdiHHb9734H0KyHlkleY+TJjyFJL2m68jZKTklJ5X7P0 TDFjHt1+cuTu4e1K0AHXUy4pHWBZ0KPnFN9RWNwmzAg1xmUIJKtnsT8u6TfHudsZwo0VUC5JlcZU PkgGL0yOIcRPW9X63HxLerGib6L9IPP79bJf2tWAcjGWdZikrCSpAGlJ8GE1Ae0QRAGCVXC2jYeT d56Jnw42dl3lrQgol9rgCcA2XNaEdR6sP6DwHIgDEW6OcLspPBVGzdoWdxnP782AcoGLNUAWTFIY bI1E19RI0rVp4H/LxDjW10vWXariphBBKaNPmbJULacU2BjALaApdtGg+FRS71wxf9v4sv5uPt8T M/wmAsrFJvCphmmnzAIkKAKYqsHhrZy2LmuZ2m8pv98ex5LDyX14ysVkCE8QDbAfCavTAd7wO4Wp qKichVHNWdgUXUuFWP6XENdcK53VrYBysYYxLBXvtsqdVj5nJZ+lBpTMM7ao1mYEfVYmMu2Acskt IKzOgHqShpw1O12VFXBKSgPQcOu7/snRPRIltx88+NW1KZmiXFoCxpq1z5a1i4o1lMD7wJTOjsVO bNmFkp1C8qnzdQHlUujMJcKofc9wRhm32JgwNWGPEp24O8K67MU4rlfFLbGQODQXUC6mZbULonhg cgOH0gKSAhOyFBpG1Zic3OVUx+j4GyFuLYZldyVF+olh6UEDMNuwe4FqFHdW5pRs8H0l54PW9Bt/ ZKvJe3H2o9RMQNmMKlmc0drETPTxuMmMbU9MwnIm4+SA19489kW347IZT7kojSPreIYyxn0UKTtO McGWV6QoKWhHfMfwa038eDDbLIjiNoaQ5wPKJaHyuKab1Mx7FPTZdctSghZbtGETJszzaD6uv35H F4XHdwHloium4RK+A4ugKyGuV4qoOEsbwBfaNurWI4LRjxRUfTz65sLjS2HZXc5SJFmztJP0ShIT tBAPYgsiXqDHw0HAGOv3nknsrv2FVzwwizKgXEzTSlY9smIAp08zVZPT26cS4SXcNZn1ZNQiaZuE y9fi7u4U5dLUOOK2xeauijRnvFCz7B8zE2N3JqkTcY6l807YFdCLnnKJqUl1UQIgvQQewytzQqs6 BmbWrM1s6szjsU1aVBKD+K4IKJe8ZBkA66E1wb1liW6VJCxuKJiqp3bbsDVRZ4GuO6991LUm8pRL UsrM995RMZk0y7I7dvxtEPNSeWFZukda7xGH+CiefuVuZTOgXBLfSgGReQ38gt2Wd2EPU5mYTpZV Ne2kBOjuSBoQUC44vS0C2ZQVaVJ6tqBmgq3mAsfsjIaAwIWjKxfFY4fFXo3TFZ5yKVn1C+uddvXC LRx93uBd1WVJ/QRLiissXfRBikM7Jz7cYXejH6qQcsE+5XvnviZEaDSDSpWSiCOMajEfrZvTUeub LnXyVUC5tPDdwLisWkoR0jrMkxeIrwuWmWm2iG0r7192nJO81Q0WUC6wlThfOJ/sCFHzlYSJsM6S DRHSHFZ/JOf5UbzA67dWHokL6WgMbz9yxI66pfqQ+QZE52xIVLJ8PmEWheWebEsY+UL7n4T45QY3 /MOAcqko5C5zxsEW96FNyyQnRUqajbCoycvIrkWjcv3DNy+GBwB4AeXiqvySTMJ+KDJYlPNUacPW ASkMfgFbX6ZdT9afnAlzTubwt4ByUTXNpoYna7LYpb5LbnPcm7YVARJrNCgPFtWmB8qD310XvIBy sUoztc/euyWJSQU0WNuKWJtdq1g0DyDv9tirsWk/Px4j62wQTmuLgSopXTowieA0FdVfMEmy5HoT r68TBT3oouK3i88CyiWTmAVN+kjlKXszObaWucYYe7dSCKYUyy1IhY0a3x0KK+4HlIu1NUu4FUNr DFS1RGY1QFxBTX0lDYWmzSiNdJkWpJnsMU+5VLQQ2GiMFmAQFVvDVwRgKpc89g2rE1Kuy5EYcdhk gL4JKBeALZxbmbEuu2UfFJtR918ylwQ8YWgUpNsf99cqETwCysWwpr80hBkJrqnISSaGOXEy8YY6 bsnAMBKPXclu11PsYRlQLjopcuIxyt4L1mKR25OkbchGm7phISBpCmHWKZMYG+WAcingdqPKsh5D AxhX7hizeA6Am2lD0rgFS29G5RlavIXLvrUcUC6NkYC3DVlBVTMYBeooyIzFpaLSSzlRGmOx557D bv0euxZQLkWCEKplRXfG0oNc01vVjPcZIqYpzE9RF9rfR+2r9cXsV/29gHLJcixERslMbXNG+bDE CFhIF7KjQU2Gv2kxp7nIXonbbkKuzY/noyubgTVPcnh2A8gMXIj4VrE3smwQcSA2SikZw5nbdQn9 pYSM3O3xGF4yxvaUMBqWdf7UWTKNJBXpATYzaBmFK+lp8Hvvx2mkha2AckkrxW46lAUYBA8ZKShb sFyFumbZwmJntnXlobDody476N/T10PKpXStFxLWYyRYiFwRr1M2kkqms4g3fSsWVznMt+Ohf0i5 xL69DQxoxaY2VQxnoKnSiguq410Lz9TJI8XahLHd6+hWT7kkCVObhllvZvZkjIi7xMbDMXbrDSTe 5hkx/yz3+gNXhIxwuQooF58JZxZPpbZBLIu1RczLtDKWxOSS2YDE3YcnsV2c+7IIKZc0Z7CRM8Qm cZ1rdsIjYazKkp/VAVCRUZsYeV36JmOoD+OWMJ5yySz8QJEyxSoRbLTEQac+rr/pbE+YmqO1Oas8 4DM/IOcvlmeMKgN8bu4zyjPMdGVA+YnyjPXxXvrzyoCiy8zV1R8qA/r/W+UZaSHzT7dm5vx/5iec JEn+1+oz0vyyrKuzV6HM/7gMcJlYhvAzTkzr6vrDZTjslkH8PcswLtCQbVegUY4KNJzSuGRZql+G nh9mbfaX90FaNLfsTWERBFQpnLIyGeNfnOY8JZhmV9mMbWSiezv3WG9ZCnHj7p74Vy9Ii6YMxFJW ZseUw2Qt2xjFwDjGsU1N7HQhLTsjzeZC/KuLCkZdwKQPW2vm2zAVaVqxrROVpAahSsw63kRhKvIc 47qwddK99eZ6kBZtWU1XlFiDhCi3IlxOWnYZZYMix6nARNEFps7af+VVQ2uhEj1nn55/57FWTG3q Kjvjs0qq//izSv6zQpcgz19/XqdDM13oUv3VQhe3h7t9baZ66/U/XejSlMWfdjpsx3BusgrSNUL9 5CrUp7UcP3MViuQ/+oyKB+E6XM5lnp25GPIU45K6GWhsyLmYP3Au7d+7HB3nkpOsmDIuCaleyhRI fXM5NoI+UIFxSVjxkFEwoynhaem2ZcN8BW8rVkycli4P7XtAvXnO9NqVKc4lr1mImJM+LwvDumG2 /W1aUt8NVcwVRf0Z+ZKbsXjN4Oe1yH6Y4lxqg6ikSZlirJxAG8FPwSAFgBDhW5PXkbK1jwNX5r7p GqZtTHEuMrVsDFZSr4coSrVOyZhRhk+70mbaN0OPHorEY7DrQty/uhUal5LKWF3j6hmbSCjqF+ta U/+Pt2Gpgmm06STEPtj49Qcm1wLOJaEasowloLhmi8a8aHz3BU0SPKbaXvp4Qxw82hNi9wcO8+hZ yLnUEjGLzWAKFQt0NTOOuaZQlnLeqqB+RqfExl3wtekt5YWAc2mMJqTN2bCN0iqmfyy52rZGtG8o bCwa4/NZ644uoc1VuyHngv1DaRViScWuRDlxbaGMZt8SyTrqjIIPrstbv9Nd4kVs/RZwLrls2eLE ND4QltRFKlc1VLuu6jFJE0oSfFlYr5vY70PORbuOWixCSfhxWa5QuKLkrUoahA6qZuuD1pcwcYjv pve6bz2Oi0Z5pplSwNuWBQB1YZnGpjzLZkzYJ5R4LehVLOmTrinfVJlLyibdTYlQo9U520eyR2BN rVis8ii1QM7Kl9vsIuAYudExx9C1Dqa4QzFhQ5W7YdP+Nq2pCjKKrAdml2wD53SlawUjNvZetAHn Uiq3EBXzN5nrUpYzm5az42BD9oDmhPHGe+YrRtH1fhdvJF2rkBrnK3UUj6XkGBGhbHCCTVyRTjLU mXdn7rEQyavnLjn3LuRcTIkVzRQbHKqcfShxR02OLWpY4F+zq5QTKnqe89vxfKwFnEth2ZKCbQ5M zEqKZNz6kR+CkSvYg6qm3HVfTNpsf/fNFOdi25QtsdjHxTCTw5OWcptnuSFPJ1NW+aquTA5B/rzI xcLD70POpWVX1SxVTCTrirqVhp3tENJR/OP2jOXmixjrdP04b1E6G3AurWLZID/FIWNZesOPKYDt g6ug7KUtXEtJSu/E2h0KThavFWIie/GcS9JQ5Utrh6NPzTBeVFmiePaETJ0lKZKuFGLUF3ROTHEu VY05tSWMcN5qFtbDNCbs+FpZgMasMS0Lkbq8/H0/xN0r4iDkXAyb5VqqM4BTWUPATHqiqXfPaqZh EQy2mc9lzz+85KTINY5uGXAuecYenKRn4gynr2ItWU2hlmKjL6XZupAJpohlXOO86fi9+FJ/+qOs pCicxHecSRWl7GpZsH4oU+RLOrlaybP/40Wxu3N5PIazHzmliIbNLnOqjuoGK1o3qWGnHcrm8I9k /pItfmZvUCW6RD7+Zci5tOwPV5Ux6xAogGmo9jQUlucpP7EsrnHwshE/QOnLjze5tknAuVRtxawG nl+WrvwoZQmkE0uwN05Lbhzei2MsfAWTeikV6+cZqweci7NBkt5NtdQSKjZtMjBcMA3sEkK7njmO YddFFE6ZXSgtAs5FtjjnMRt5NCxFs0wbVLE27LGBo8K2HQWTjVHvtTjP088Cgicbr8IylzbLVFRX OburyZycpokk3gy79eSwaPiuzl2rocti/dut38Qj8WzCUXrOJWenWtiPmAqgiv0jXBeIAmcIbkEX ONC1a3m0Sfvx63usjPtUqTsB59LSUlXEQW1ekcKig6WAH4aYolWS8rKdlA49eugKQqfKXGwK45ey byXwCOxvK536zzL9g8XR7AUtXe7lFU9a77n3uV3uxXMuAAbYzVVrWfN7VojivFsYnNQ1sNyZEfdf /jjLz8p4jGJtD4w/I+PRTmc8Tn4Qz9xnfxAPMbDHxY2OT4bau38MTv6DjIcUeGVZfvqT8zj/p/VB +F+f/4d/eQHqeHoB8k8swM2/ZwHyz1uAmf/mB3L/w4/u89/5Zcn+OhT6b7gGp/zTn/8Oqy3Tk5// jl9/+fz3f+LxVX9f7x0jDLv61ja7/WG67L8u4Qs3hN0/6g/2xc71mZn13t37Nx9vrvXWfnhw/+FW 9GYAI+Sf3cOX3vjZvf5+f9hXe/33du6pbe70h/h3bfTXaGH8xPkrMzOY/mFfR9vNYLBn1f7Mkd03 vUP7yzHmu6ebyQAP1LY95dQu8NIH+NvizDk8/NMfP9x46If4w9O7of/w7KODwf6RjdZ76/cer/Ye 33v8aO0mn236h1YPLe/JP8W/cvtg0N8f2sMTL5g8jo/sYc+ooZqfQdCp8cphtK13sNcWjg/70bXR zOGH8dvdtu7nue5nTs+5fhvNHQ0P9euDOfxpMZpVzeB4eLnZU/u7s/PR+WtRPB/hCue2e6/t0REm Ym72a9huXuTS10eXEIQeb+8MF6PRW4ngFy4Fg1yCbR8ODiL7xu4PI/u6f8SlmV2Mer32eF/3eosc C/dy7twpt3w0fcsn74+vOrTD48P9aOvh4zX8+GFm9ItbK5uP8JsP4z3ADTUzWs6ePrSK8x7ugdM2 kV+Pc6fskxNbY7Jmn1ymE3PI10Zf7x1H3b1E7eAw+vpoam6CA+Bum2vYN3Ojn+dPfwanbPwUztJ2 76i/va/2etgp+1il8V8xozwSS90E49rrvdWVzc0bK6t35k4cFlzs3uPNzXk3qacd15m/dlz9FJ24 0clCRLO84aVusqbv9JRlndztyXk3g317Pphl94b+25by/+Yj9P+vVX//7wAAf+L/4eyLk/4/SdMv /v+feEz8//Zwdxn/09V/ChSkDgeE1lrpYf8NznM0tz7cXTk42OtrxQ/OXojUwcFiNLa402Z2/cY7 TGe0sDN8vddr+3sW7nBu9Mv5yZNhGTDs076ByYwWuD17iDnM4C3+MLZUT/r2bbTwBv+Gv10d4Lq/ 4lXafzP+2yM7HPb3EdYsHHXf0csGY+NeMA09NXkz3R96+/btHH7tDBae0f2WHtDYVh3vwRvShq5v 3ek93bh38/7TuWBYWLsqRqSEsIgDdLc1wQE0kN0v3YX4pFP+xKtNWe+jnnfrg8N3c92TYIjF7Bmv 10rv2N7rgbF7k5c8XbtxZ2MLBnv19ho9x9pm7+b91cd31+5t9Z5srD1de8gROc245+7J+OL+Nhdc iM/gG8DbHu6MLju6zPxo7vgz5gbrrIxxM7Z6/97Wysa9tYcnJs3P5s31ta05Dj0/mX3uit7RDpZA 7e1NverEU/D/G/vrgdo3cydHW3SwhC8Y7YbpFXHvphvE/dm/bDK3o9+7q9h91ezZnsGiHBza1g71 Dv42N3rOooc8J1bGXWJvoEyv4QFwF1iMxkfDO8nwX+/eca4ivuc5fqMOt/Vi5NHlAn544121/wVH aY5bTgr3Z8Sf+c2V6YPon7K+dngIkLNg3Zdr7oL+GAanO1rAMcBveWlag+OjEVI9v+1u2k2ZW/P9 4dEcb+h58nIxutjdSvcdbwLfukvNj0Cs+2luVqv9/cEw4rw4GHvZ467xUO5pS9c72DDvgSXu6pTT y9M0OzjcFrRu9lfn8Bw4WXnwYHNjdWVr4/693s21WyuPN7d6tzZX1h9xuG5KOJ5fGLeph2rXzo3f xehNnArgnAGcHRnIaTQ0+u28X2gM5ragm0p3xfD+D4/356Zu1hmhRWZ8Jvhp0LzCRXvH+9h3YyPV 3bj/ZXChDoCPlu4Ltvr/++jw3xbQjeAO+Tuu8Sf4L87Lk/mftIzlF/z3TzyuctGvz1zdscrgy15/ fzfagbm4Nssc8OXl5XZ4wA/eNbbpq30BMzobHdq9a7NwcJ2lm/33Xrfsv102A70cx0sASGs/dGMd Dd/BkO5Y68ZyP0XDdwf22ixBw7I+OsLvm4F5F/3Wwqkstep1f+/d5ej1YH9wdKC0vfJh5uqyex1e P+wP8fWR29hXl/1P+HP3DjkMvhxc39rpH0X4T0VXVXDrR7h3fk7x+DOHZ6/zzV1dVtevLh9wID/C /xGb2Z3/u/Br9GZ/yzX+7PwX6R/Ov8y+nP9/5LG6eu7cOSAOrWceAJmsrK89OjdCwCkA01IukpkH d9aJz29trONvy8dHh8tNf3/5YHd7CSag7W/PzKw+eOCQE/6+9BRwHP96BLl0P1rajpZurvc2768j orgLjH/txazfdi9mowtzOPd4/oW5yUXmo6Ul7cks/Lq7q/n5mc2b/hq4yKdettdvTrxoBndz+dw4 vxHxGfiBXMfRYGZm6sfuefxhMHPuwtzqKsY8Aoi2JloaRBe+jS5cxejdfWDs8bDBFYKXnvYSzSz3 ZWCw19FSGy2IQTS5twXe0n97R3x5fHl8eXx5fHn8f3j8DyGfCPMAoAAA