From a0198a3605e36b6f6197d60f1b10ae10ae558ffa Mon Sep 17 00:00:00 2001 From: Sonali Mendis <124289397+smendis-scottlogic@users.noreply.github.com> Date: Mon, 25 Nov 2024 16:25:14 +0000 Subject: [PATCH 01/53] Detailed secret management features (#519) Co-authored-by: Eddie Knight Co-authored-by: Damien Burks <20100558+damienjburks@users.noreply.github.com> --- services/crypto/secMgmt/features.yaml | 38 ------------------ services/crypto/secrets/features.yaml | 58 +++++++++++++++++++++++++++ services/crypto/secrets/metadata.yaml | 22 ++++++++++ 3 files changed, 80 insertions(+), 38 deletions(-) delete mode 100644 services/crypto/secMgmt/features.yaml create mode 100644 services/crypto/secrets/features.yaml create mode 100644 services/crypto/secrets/metadata.yaml diff --git a/services/crypto/secMgmt/features.yaml b/services/crypto/secMgmt/features.yaml deleted file mode 100644 index 349f3a1f..00000000 --- a/services/crypto/secMgmt/features.yaml +++ /dev/null @@ -1,38 +0,0 @@ -common_features: - - CCC.F01 # Encryption in Transit Enabled by Default - - CCC.F02 # Encryption at Rest Enabled by Default - - CCC.F03 # Access/Activity Logs - - CCC.F06 # Identity-Based Access Control - - CCC.F07 # Event Notifications - - CCC.F08 # Multi-zone Deployment - - CCC.F09 # Monitoring - - CCC.F12 # Restore - - CCC.F14 # API Access - - CCC.F19 # On-Demand Scaling - -features: - - id: CCC.SecMgmt.F01 # Secret Storage - title: Secret Storage - description: | - Provides secure storage for sensitive data such as API keys, passwords, certificates, and other secrets. - - - id: CCC.SecMgmt.F02 # Secret Versioning - title: Secret Versioning - description: | - Supports versioning of secrets, allowing for safe updates and rollbacks of secret data. - - - id: CCC.SecMgmt.F03 # Automatic Secret Rotation - title: Automatic Secret Rotation - description: | - Supports automatic rotation of secrets based on a defined schedule or triggers to enhance security. - - - id: CCC.SecMgmt.F04 # Secret Replication Policies - title: Secret Replication Policies - description: | - Allows configuration of secret replication policies to control where secrets are - stored and replicated, supporting compliance with data residency requirements. - - - id: CCC.SecMgmt.F05 # Secure Secret Retrieval API - title: Secure Secret Retrieval API - description: | - Offers a secure API for retrieving secrets, ensuring that secrets are transmitted securely to authorized clients. diff --git a/services/crypto/secrets/features.yaml b/services/crypto/secrets/features.yaml new file mode 100644 index 00000000..84f77b3f --- /dev/null +++ b/services/crypto/secrets/features.yaml @@ -0,0 +1,58 @@ +common_features: + - CCC.F01 # Encryption in Transit Enabled by Default + - CCC.F02 # Encryption at Rest Enabled by Default + - CCC.F03 # Access/Activity Logs + - CCC.F06 # Identity-Based Access Control + - CCC.F07 # Event Notifications + - CCC.F10 # Logging + - CCC.F09 # Monitoring + - CCC.F11 # Backup + - CCC.F12 # Restore + - CCC.F14 # API Access + - CCC.F18 # Versioning + - CCC.F19 # On-Demand Scaling + - CCC.F20 # Tagging +features: + - id: CCC.SecMgmt.F01 # Secret Storage + title: Secret Storage + description: | + Provides secure storage for sensitive data such as API keys, passwords, certificates, and other secrets. + - id: CCC.SecMgmt.F02 # Secret Creation - Plaintext + title: Secret Creation - Plaintext + description: | + Ability to create new secrets as basic string data for storing + sensitive data such as API keys and database credentials. + - id: CCC.SecMgmt.F03 # Secret Creation - JSON Objects + title: Secret Creation - JSON Objects + description: | + Ability to create new secrets as complex JSON objects with multiple fields for storing sensitive data. + - id: CCC.SecMgmt.F04 # Secret Creation - Binary Data + title: Secret Creation - Binary Data + description: | + Ability to create new secrets as binary data for storing certificates and private keys. + - id: CCC.SecMgmt.F05 # Update Secrets + title: Update Secrets + description: | + Ability to update a secret value or description after creation. + - id: CCC.SecMgmt.F06 # Soft Delete Secrets + title: Soft Delete Secrets + description: | + Prevent secrets from being deleted immediately. Soft deletion + makes secrets inaccessible and schedules them for deletion + after a recovery window. + - id: CCC.SecMgmt.F07 # Automatic Secret Rotation + title: Automatic Secret Rotation + description: | + Supports automatic rotation of secrets based on a defined schedule or triggers to enhance security. + - id: CCC.SecMgmt.F08 # Secret Replication Policies + title: Secret Replication Policies + description: | + Allows configuration of secret replication policies to control + replication of secrets, supporting compliance with data + residency requirements. + - id: CCC.SecMgmt.F09 # Secure Secret Retrieval + title: Secure Secret Retrieval + description: | + Offers a secure API and SDK access for retrieving + secrets, ensuring that secrets are transmitted + securely to authorized clients. diff --git a/services/crypto/secrets/metadata.yaml b/services/crypto/secrets/metadata.yaml new file mode 100644 index 00000000..9f9443fb --- /dev/null +++ b/services/crypto/secrets/metadata.yaml @@ -0,0 +1,22 @@ +title: Secret Management +id: CCC.SecMgmt +description: | + Secret Management is a tool provided by cloud service providers + to securely stores, retrieves, and manages sensitive data such as + API keys, passwords, database credentials, encryption keys, and certificates + and makes them accessible only to authorized users or applications. +release_details: + - version: "2024.09" + assurance_level: None + threat_model_url: None + threat_model_author: None + red_team: None + red_team_exercise_url: None + release_manager: + name: Damien Burks + github_id: damienjburks + company: Citi + summary: Initial release + change_log: + - "Test" + - "Test" From 5e24b12f2c8bb41567d3674f72c33f69bb82e072 Mon Sep 17 00:00:00 2001 From: kazmik23 Date: Mon, 25 Nov 2024 10:31:03 -0600 Subject: [PATCH 02/53] Created controls.yaml for Container Registry (#525) Co-authored-by: Damien Burks <20100558+damienjburks@users.noreply.github.com> Co-authored-by: Damien Burks --- services/devtools/containerReg/controls.yaml | 51 ++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 services/devtools/containerReg/controls.yaml diff --git a/services/devtools/containerReg/controls.yaml b/services/devtools/containerReg/controls.yaml new file mode 100644 index 00000000..fb7efd7c --- /dev/null +++ b/services/devtools/containerReg/controls.yaml @@ -0,0 +1,51 @@ +common_controls: + - CCC.C01 # Prevent unencrypted requests + - CCC.C02 # Ensure data encryption at rest for all stored data + - CCC.C04 # Log all access and changes + - CCC.C05 # Prevent access from untrusted entities + - CCC.C06 # Prevent deployment in restricted regions + - CCC.C09 # Prevent tampering, deletion, or unauthorized access to access logs + - CCC.C10 # Prevent data replication to destinations outside of defined trust perimeter + +controls: + - id: CCC.ContReg.C01 # Implement Vulnerability Scanning for Artifacts + title: Implement Vulnerability Scanning for Artifacts + objective: | + Ensure that container images and artifacts stored in the container registry are scanned for + vulnerabilities to identify and remediate security issues before deployment. + control_family: Risk Management + threats: + - CCC.ContReg.TH01 # Vulnerabilities in Artifacts are Exploited + nist_csf: ID.RA-1 # Asset vulnerabilities are identified and documented + control_mappings: + NIST_800_53: + - RA-5 # Vulnerability Monitoring and Scanning + - SI-5 # Security Alerts, Advisories, and Directives + test_requirements: + - id: CCC.ContReg.C01.TR01 + text: | + Attempt to push an artifact with known vulnerabilities to the registry + and observe if it is flagged or rejected by the vulnerability scanning process. + tlp_levels: + - tlp_red + - tlp_amber + + - id: CCC.ContReg.C02 # Implement Cleanup Policies for Artifacts + title: Implement Cleanup Policies for Artifacts + objective: | + Ensure that unused or outdated artifacts are cleaned up according to defined policies to + manage storage effectively and reduce security risks associated with outdated versions. + control_family: Data Management + threats: + - CCC.TH14 # Older Resource Versions Are Exploited + nist_csf: PR.IP-6 # Data is destroyed according to policy + control_mappings: + NIST_800_53: + - SI-12 # Information Handling and Retention + test_requirements: + - id: CCC.ContReg.C02.TR01 + text: | + Confirm that artifacts older than the specified retention period are automatically deleted from the registry. + tlp_levels: + - tlp_red + - tlp_amber From 25138b90624ba1fb1e6187a79015bb7f263ae867 Mon Sep 17 00:00:00 2001 From: kazmik23 Date: Mon, 25 Nov 2024 11:23:17 -0600 Subject: [PATCH 03/53] Create threats.yaml for devtools/build (#546) Co-authored-by: Damien Burks <20100558+damienjburks@users.noreply.github.com> Co-authored-by: Damien Burks --- services/devtools/threats.yaml | 36 ++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 services/devtools/threats.yaml diff --git a/services/devtools/threats.yaml b/services/devtools/threats.yaml new file mode 100644 index 00000000..c8123582 --- /dev/null +++ b/services/devtools/threats.yaml @@ -0,0 +1,36 @@ +common_threats: + - CCC.TH01 # Access control is misconfigured + - CCC.TH02 # Data is intercepted in transit + - CCC.TH03 # Deployment region network is untrusted + - CCC.TH04 # Data is replicated to untrusted or external locations + - CCC.TH05 # Data is corrupted during replication + - CCC.TH06 # Data is lost or corrupted + - CCC.TH07 # Logs are Tampered With or Deleted + - CCC.TH09 # Logs or Monitoring Data are Read by Unauthorized Users + - CCC.TH11 # Event Notifications are Incorrectly Triggered + - CCC.TH12 # Resource constraints are exhausted + - CCC.TH14 # Older Resource Versions Are Exploited + - CCC.TH15 # Automated Enumeration and Reconnaissance by Non-Human Entities + - CCC.TH16 # Non-compliance with encryption key management policies + +threats: + - id: CCC.Build.TH01 # Unauthorized Build Execution + title: Unauthorized Build Execution + description: | + Attackers may trigger builds using unauthorized build agents or external services, + leading to unauthorized code execution or deployment of malicious code. + features: + - CCC.Build.F01 # Build Automation + - CCC.Build.F04 # Source Repository Integration + mitre_technique: + - T1195 # Supply Chain Compromise + + - id: CCC.Build.TH02 # External Exposure of Build Environments + title: External Exposure of Build Environments + description: | + If build environments have external network access, they may be accessed by unauthorized parties, + leading to data exfiltration or tampering. + features: + - CCC.Build.F03 # Custom Build Environments + mitre_technique: + - T1133 # External Remote Services From 4aee13c0cf4464c676d8682af0c211754208c443 Mon Sep 17 00:00:00 2001 From: sshiells-scottlogic <148051590+sshiells-scottlogic@users.noreply.github.com> Date: Tue, 26 Nov 2024 15:00:32 +0000 Subject: [PATCH 04/53] Exlude .github folder from link checker (#567) --- .github/workflows/links.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml index f581d1f6..87136551 100644 --- a/.github/workflows/links.yml +++ b/.github/workflows/links.yml @@ -13,7 +13,7 @@ jobs: id: lychee uses: lycheeverse/lychee-action@v1 with: - args: --base . --verbose --no-progress './**/*.md' + args: --base . --verbose --no-progress './**/*.md' --exclude output: lychee/results.md token: ${{ secrets.GITHUB_TOKEN }} - fail: true + fail: false From dacad4b83803aa1ff56cd2be1a479058fa7755cb Mon Sep 17 00:00:00 2001 From: sshiells-scottlogic <148051590+sshiells-scottlogic@users.noreply.github.com> Date: Tue, 26 Nov 2024 15:09:22 +0000 Subject: [PATCH 05/53] Try to ignore .github from link checker (#568) --- .github/workflows/links.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml index 87136551..7da0d07d 100644 --- a/.github/workflows/links.yml +++ b/.github/workflows/links.yml @@ -13,7 +13,7 @@ jobs: id: lychee uses: lycheeverse/lychee-action@v1 with: - args: --base . --verbose --no-progress './**/*.md' --exclude + args: --base . --verbose --no-progress './**/*.md' --exclude-path .github output: lychee/results.md token: ${{ secrets.GITHUB_TOKEN }} - fail: false + fail: true From 73d369c4d7aefa0d932d96f9880b5a4150014888 Mon Sep 17 00:00:00 2001 From: Damien Burks <20100558+damienjburks@users.noreply.github.com> Date: Tue, 26 Nov 2024 09:35:17 -0600 Subject: [PATCH 06/53] Fixing Broken Link for Link Checker (#569) --- .github/ISSUE_TEMPLATE/minutes_all-hands-comms.md | 2 +- .github/ISSUE_TEMPLATE/minutes_community-structure.md | 2 +- .github/ISSUE_TEMPLATE/minutes_delivery.md | 2 +- .github/ISSUE_TEMPLATE/minutes_duplication-reduction.md | 2 +- .github/ISSUE_TEMPLATE/minutes_security.md | 2 +- .github/ISSUE_TEMPLATE/minutes_taxonomy.md | 2 +- .github/workflows/links.yml | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/minutes_all-hands-comms.md b/.github/ISSUE_TEMPLATE/minutes_all-hands-comms.md index 6183558f..514c83a9 100644 --- a/.github/ISSUE_TEMPLATE/minutes_all-hands-comms.md +++ b/.github/ISSUE_TEMPLATE/minutes_all-hands-comms.md @@ -23,7 +23,7 @@ MM/DD/YYYY - 12:00 ET / 17:00 UK ## Meeting notices - FINOS **Project leads** are responsible for observing the FINOS guidelines for [running project meetings](https://community.finos.org/docs/governance/meeting-procedures/). Project maintainers can find additional resources in the [FINOS Maintainers Cheatsheet](https://community.finos.org/docs/finos-maintainers-cheatsheet). -- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/antitrust-policy/), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies). +- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/legal/antitrust-policy), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies). - FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact legal@finos.org with any questions. - FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available. diff --git a/.github/ISSUE_TEMPLATE/minutes_community-structure.md b/.github/ISSUE_TEMPLATE/minutes_community-structure.md index d3c2d052..2a9a9e64 100644 --- a/.github/ISSUE_TEMPLATE/minutes_community-structure.md +++ b/.github/ISSUE_TEMPLATE/minutes_community-structure.md @@ -21,7 +21,7 @@ MM/DD/YYYY - 12:00 ET / 17:00 UK ## Meeting notices - FINOS **Project leads** are responsible for observing the FINOS guidelines for [running project meetings](https://community.finos.org/docs/governance/meeting-procedures/). Project maintainers can find additional resources in the [FINOS Maintainers Cheatsheet](https://community.finos.org/docs/finos-maintainers-cheatsheet). -- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/antitrust-policy/), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies). +- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/legal/antitrust-policy), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies). - FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact legal@finos.org with any questions. - FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available. diff --git a/.github/ISSUE_TEMPLATE/minutes_delivery.md b/.github/ISSUE_TEMPLATE/minutes_delivery.md index be74991d..1affa699 100644 --- a/.github/ISSUE_TEMPLATE/minutes_delivery.md +++ b/.github/ISSUE_TEMPLATE/minutes_delivery.md @@ -21,7 +21,7 @@ MM/DD/YYYY - 11:30 ET / 16:30 UK ## Meeting notices - FINOS **Project leads** are responsible for observing the FINOS guidelines for [running project meetings](https://community.finos.org/docs/governance/meeting-procedures/). Project maintainers can find additional resources in the [FINOS Maintainers Cheatsheet](https://community.finos.org/docs/finos-maintainers-cheatsheet). -- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/antitrust-policy/), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies). +- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/legal/antitrust-policy), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies). - FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact legal@finos.org with any questions. - FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available. diff --git a/.github/ISSUE_TEMPLATE/minutes_duplication-reduction.md b/.github/ISSUE_TEMPLATE/minutes_duplication-reduction.md index 7051d23a..600cd447 100644 --- a/.github/ISSUE_TEMPLATE/minutes_duplication-reduction.md +++ b/.github/ISSUE_TEMPLATE/minutes_duplication-reduction.md @@ -21,7 +21,7 @@ MM/DD/YYYY - 12:30 ET / 17:30 UK ## Meeting notices - FINOS **Project leads** are responsible for observing the FINOS guidelines for [running project meetings](https://community.finos.org/docs/governance/meeting-procedures/). Project maintainers can find additional resources in the [FINOS Maintainers Cheatsheet](https://community.finos.org/docs/finos-maintainers-cheatsheet). -- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/antitrust-policy/), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies). +- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/legal/antitrust-policy), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies). - FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact legal@finos.org with any questions. - FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available. diff --git a/.github/ISSUE_TEMPLATE/minutes_security.md b/.github/ISSUE_TEMPLATE/minutes_security.md index 52834bc6..0a9c72c9 100644 --- a/.github/ISSUE_TEMPLATE/minutes_security.md +++ b/.github/ISSUE_TEMPLATE/minutes_security.md @@ -21,7 +21,7 @@ MM/DD/YYYY - 11:00 ET / 16:00 UK ## Meeting notices - FINOS **Project leads** are responsible for observing the FINOS guidelines for [running project meetings](https://community.finos.org/docs/governance/meeting-procedures/). Project maintainers can find additional resources in the [FINOS Maintainers Cheatsheet](https://community.finos.org/docs/finos-maintainers-cheatsheet). -- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/antitrust-policy/), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies). +- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/legal/antitrust-policy), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies). - FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact legal@finos.org with any questions. - FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available. diff --git a/.github/ISSUE_TEMPLATE/minutes_taxonomy.md b/.github/ISSUE_TEMPLATE/minutes_taxonomy.md index 7c044b6e..b9a46ea6 100644 --- a/.github/ISSUE_TEMPLATE/minutes_taxonomy.md +++ b/.github/ISSUE_TEMPLATE/minutes_taxonomy.md @@ -21,7 +21,7 @@ MM/DD/YYYY - 11:30 ET / 16:30 UK ## Meeting notices - FINOS **Project leads** are responsible for observing the FINOS guidelines for [running project meetings](https://community.finos.org/docs/governance/meeting-procedures/). Project maintainers can find additional resources in the [FINOS Maintainers Cheatsheet](https://community.finos.org/docs/finos-maintainers-cheatsheet). -- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/antitrust-policy/), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies). +- **All participants** in FINOS project meetings are subject to the [LF Antitrust Policy](https://www.linuxfoundation.org/legal/antitrust-policy), the [FINOS Community Code of Conduct](https://community.finos.org/docs/governance/code-of-conduct) and all other [FINOS policies](https://community.finos.org/docs/governance/#policies). - FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact legal@finos.org with any questions. - FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available. diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml index 7da0d07d..f581d1f6 100644 --- a/.github/workflows/links.yml +++ b/.github/workflows/links.yml @@ -13,7 +13,7 @@ jobs: id: lychee uses: lycheeverse/lychee-action@v1 with: - args: --base . --verbose --no-progress './**/*.md' --exclude-path .github + args: --base . --verbose --no-progress './**/*.md' output: lychee/results.md token: ${{ secrets.GITHUB_TOKEN }} fail: true From cfaf2245f142ce385a4d121906829fff7923f802 Mon Sep 17 00:00:00 2001 From: Ian Walker-Smith <155087894+ianwalkersmithciticom@users.noreply.github.com> Date: Wed, 27 Nov 2024 06:28:49 -0300 Subject: [PATCH 07/53] db backup restore threat (#565) Co-authored-by: Damien Burks <20100558+damienjburks@users.noreply.github.com> Co-authored-by: Eddie Knight --- services/database/relational/threats.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/services/database/relational/threats.yaml b/services/database/relational/threats.yaml index 6e70ed5f..9deacba3 100644 --- a/services/database/relational/threats.yaml +++ b/services/database/relational/threats.yaml @@ -91,3 +91,22 @@ threats: - CCC.F06 mitre_technique: - T1556 + + - id: CCC.RDMS.TH14 + title: DB backup is uninentionally restored + description: A threat actor restores a database backup thereby destroying data. + features: + - CCC.F11 + mitre_technique: + - T1485 + + - id: CCC.RDMS.TH15 + title: brute force attack against the database + description: | + threat actor uses brute force attack to discover + database user password, threat actor then has access to the + database user + features: + - CCC.RDMS.F07 + mitre_technique: + - T1110 From 1c4347036843f2b23856ba063440bbd88ff98e60 Mon Sep 17 00:00:00 2001 From: Michael Lysaght <31510876+mlysaght2017@users.noreply.github.com> Date: Fri, 29 Nov 2024 15:24:41 +0000 Subject: [PATCH 08/53] Add in fixes to control definitions (#570) --- services/common-controls.yaml | 145 ++++++++++++++------------ services/storage/object/controls.yaml | 16 +-- 2 files changed, 87 insertions(+), 74 deletions(-) diff --git a/services/common-controls.yaml b/services/common-controls.yaml index 318e69f8..5934c823 100644 --- a/services/common-controls.yaml +++ b/services/common-controls.yaml @@ -70,7 +70,8 @@ controls: test_requirements: - id: CCC.C02.TR01 text: | - The service encrypts all stored data at rest using industry-standard encryption algorithms (e.g., AES-256). + The service encrypts all stored data at rest using + industry-standard encryption algorithms (e.g., AES-256). tlp_levels: - tlp_clear - tlp_green @@ -78,8 +79,9 @@ controls: - tlp_red - id: CCC.C02.TR02 text: | - Admin users can verify and audit encryption status for stored data at rest, - including verification of key management processes. + The encryption status for stored data at rest can be + verified and audited, including verification of key + management processes. tlp_levels: - tlp_clear - tlp_green @@ -89,9 +91,9 @@ controls: - id: CCC.C03 # Implement multi-factor authentication (MFA) for access title: Implement multi-factor authentication (MFA) for access objective: | - Ensure that all human user access requires multi-factor authentication - (MFA), minimizing the risk of unauthorized access by enforcing strong - authentication mechanisms. + Ensure that all human user access requires multi-factor + authentication (MFA), minimizing the risk of unauthorized + access by enforcing strong authentication mechanisms. control_family: Identity and Access Management threats: - CCC.TH01 # Access control is misconfigured @@ -107,13 +109,15 @@ controls: test_requirements: - id: CCC.C03.TR01 text: | - Ensure that MFA is required for all user access to the service interface. + Ensure that MFA is required for all user access to the + service interface. tlp_levels: - tlp_amber - tlp_red - id: CCC.C03.TR02 text: | - Ensure that MFA is required for all administrative access to the management interface. + Ensure that MFA is required for all administrative access + to the management interface. tlp_levels: - tlp_clear - tlp_green @@ -123,8 +127,8 @@ controls: - id: CCC.C04 # Log all access and changes title: Log all access and changes objective: | - Ensure that all access and changes are logged to maintain a detailed - audit trail for security and compliance purposes. + Ensure that all access and changes are logged to maintain a + detailed audit trail for security and compliance purposes. control_family: Logging & Monitoring threats: - CCC.TH01 # Access control is misconfigured @@ -136,14 +140,16 @@ controls: test_requirements: - id: CCC.C04.TR01 text: | - The service logs all access attempts, including successful and failed login attempts. + The service logs all access attempts, including successful + and failed login attempts. tlp_levels: - tlp_amber - tlp_red - id: CCC.C04.TR02 text: | - The service logs all changes to configuration, including administrative - actions and modifications to user roles or privileges. + The service logs all changes to configuration, including + administrative actions and modifications to user roles + or privileges. tlp_levels: - tlp_clear - tlp_green @@ -167,9 +173,10 @@ controls: test_requirements: - id: CCC.C05.TR01 text: | - The service blocks access to sensitive resources and admin access - from untrusted sources, including unauthorized IP addresses, domains, - or networks that are not included in a pre-approved allowlist. + The service blocks access to sensitive resources and admin + access from untrusted sources, including unauthorized IP + addresses, domains, or networks that are not included in + a pre-approved allowlist. tlp_levels: - tlp_clear - tlp_green @@ -177,8 +184,9 @@ controls: - tlp_red - id: CCC.C05.TR04 text: | - The service prevents unauthorized cross-tenant access, ensuring that - only allowlisted services from other tenants can access resources. + The service prevents unauthorized cross-tenant access, + ensuring that only allowlisted services from other + tenants can access resources. tlp_levels: - tlp_clear - tlp_green @@ -188,10 +196,11 @@ controls: - id: CCC.C06 # Prevent deployment in restricted regions title: Prevent deployment in restricted regions objective: | - Ensure that resources are not provisioned or deployed in geographic - regions or cloud availability zones that have been designated as - restricted or prohibited, to comply with regulatory requirements and - reduce exposure to geopolitical risks. + Ensure that resources are not provisioned or deployed in + geographic regions or cloud availability zones that have been + designated as restricted or prohibited, to comply with + regulatory requirements and reduce exposure to geopolitical + risks. control_family: Data threats: - CCC.TH03 # Deployment region network is untrusted @@ -207,9 +216,9 @@ controls: test_requirements: - id: CCC.C06.TR01 text: | - The service prevents deployment in restricted regions or cloud - availability zones, blocking any provisioning attempts in designated - areas. + The service prevents deployment in restricted regions or + cloud availability zones, blocking any provisioning + attempts in designated areas. tlp_levels: - tlp_clear - tlp_green @@ -217,32 +226,30 @@ controls: - tlp_red - id: CCC.C06.TR02 text: | - The service ensures that replication of data, backups, and disaster - recovery operations do not occur in restricted regions or - availability zones. + The service ensures that replication of data, backups, and + disaster recovery operations do not occur in restricted + regions or availability zones. tlp_levels: - tlp_clear - tlp_green - tlp_amber - tlp_red - - id: CCC.C07 # Alert on non-human enumeration - title: Alert on non-human enumeration + - id: CCC.C07 # Alert on unusal enumeration + title: Alert on Unusual Enumeration Activity control_family: Logging & Monitoring objective: | - Ensure that logs and associated alerts are generated when non-human - entities (e.g., automated processes) attempt to enumerate - resources. This helps to detect and respond to potential malicious - reconnaissance activities early. + Ensure that logs and associated alerts are generated when + unusual enumeration activity is detected that may indicate + reconnaissance activities. threats: - - CCC.TH15 # Automated Enumeration and Reconnaissance by Non-Human Entities + - CCC.TH15 # Automated Enumeration nist_csf: DE.AE-1 test_requirements: - id: CCC.C07.TR01 text: | - The service generates real-time alerts whenever non-human entities - (e.g., automated scripts or processes) attempt to enumerate resources - or services. + The service detects enumeration activities indicative of + reconnaissance and generates real-time alerts tlp_levels: - tlp_red - id: CCC.C07.TR02 @@ -259,41 +266,42 @@ controls: control_family: Data objective: | Ensure that data is replicated across multiple - zones or regions to protect against data loss due to hardware failures, - natural disasters, or other catastrophic events. + zones or regions to protect against data loss due to hardware + failures, natural disasters, or other catastrophic events. threats: - CCC.TH06 # Data is lost or corrupted nist_csf: PR.PT-5 test_requirements: - id: CCC.C08.TR01 text: | - Data is replicated across multiple availability zones or regions. + Data is replicated across multiple availability zones or + regions. tlp_levels: - tlp_green - tlp_amber - tlp_red - id: CCC.C08.TR02 text: | - Admin users can verify the replication status of data across multiple - zones or regions, including the replication locations and data - synchronization status. + The replication status of data across multiple zones or + regions can be verified, including the replication + locations and data synchronization status. tlp_levels: - tlp_green - tlp_amber - tlp_red - - id: CCC.C09 # Prevent tampering, deletion, or unauthorized access to access logs + - id: CCC.C09 # Prevent tampering, deletion, or unauthorized access title: Prevent tampering, deletion, or unauthorized access to access logs control_family: Data objective: | Access logs should always be considered sensitive. - Ensure that access logs are protected against unauthorized access, tampering, - or deletion. + Ensure that access logs are protected against unauthorized + access, tampering, or deletion. threats: - CCC.TH07 # Logs are Tampered With or Deleted - CCC.TH09 # Logs or Monitoring Data are Read by Unauthorized Users - CCC.TH04 # Data is replicated to untrusted or external locations - nist_csf: PR.DS-6 # Integrity checking mechanisms are used to verify software, firmware, and information integrity + nist_csf: PR.DS-6 # Integrity checking mechanisms are used test_requirements: - id: CCC.C09.TR01 text: | @@ -320,24 +328,24 @@ controls: - tlp_green - tlp_clear - - id: CCC.C10 # Prevent data replication to destinations outside of defined + - id: CCC.C10 # Prevent data replication to destinations outside of perimeter title: Prevent data replication to destinations outside of defined trust perimeter control_family: Data objective: | - Prevent replication of data to untrusted destinations outside of - defined trust perimeter. An untrusted destination is defined as a - resource that exists outside of a specified trusted identity or network - perimeter (i.e., a data perimeter). + Prevent replication of data to untrusted destinations outside + of defined trust perimeter. An untrusted destination is defined + as a resource that exists outside of a specified trusted + identity or network perimeter (i.e., a data perimeter). threats: - CCC.TH04 # Data is replicated to untrusted or external locations nist_csf: PR.DS-5 # Protections against data leaks are implemented test_requirements: - id: CCC.C10.TR01 text: | - Replication of data to destinations outside of the defined trust - perimeter is automatically blocked, preventing replication to - untrusted resources. + Replication of data to destinations outside of the defined + trust perimeter is automatically blocked, preventing + replication to untrusted resources. tlp_levels: - tlp_green - tlp_amber @@ -346,8 +354,9 @@ controls: - id: CCC.C11 # Enforce Key Management Policies title: Enforce Key Management Policies objective: | - Ensure that encryption keys are managed securely by enforcing the use of approved algorithms, - regular key rotation, and customer-managed encryption keys (CMEKs) where applicable. + Ensure that encryption keys are managed securely by enforcing + the use of approved algorithms, regular key rotation, and + customer-managed encryption keys (CMEKs) where applicable. control_family: Encryption threats: - CCC.TH16 # Non-compliance with encryption key management policies @@ -364,8 +373,9 @@ controls: test_requirements: - id: CCC.C11.TR01 text: | - Verify that all encryption keys use approved cryptographic algorithms - as per organizational standards (e.g., AES-256, RSA-2048). + Verify that all encryption keys use approved cryptographic + algorithms as per organizational standards (e.g., AES-256, + RSA-2048). tlp_levels: - tlp_clear - tlp_green @@ -373,24 +383,27 @@ controls: - tlp_red - id: CCC.C11.TR02 text: | - Confirm that encryption keys are rotated at a frequency compliant - with organizational policies (e.g., every 90 days). + Confirm that encryption keys are rotated at a frequency + compliant with organizational policies (e.g., every + 90 days). tlp_levels: - tlp_green - tlp_amber - tlp_red - id: CCC.C11.TR03 text: | - Ensure that customer-managed encryption keys (CMEKs) are used for data - encryption where applicable, providing greater control over key management. + Ensure that customer-managed encryption keys (CMEKs) are + used for data encryption where applicable, providing + greater control over key management. tlp_levels: - tlp_green - tlp_amber - tlp_red - id: CCC.C11.TR04 text: | - Verify that access to encryption keys is restricted to authorized - personnel and services, following the principle of least privilege. + Verify that access to encryption keys is restricted to + authorized personnel and services, following the principle + of least privilege. tlp_levels: - tlp_amber - tlp_red diff --git a/services/storage/object/controls.yaml b/services/storage/object/controls.yaml index 58a24687..32b26be1 100644 --- a/services/storage/object/controls.yaml +++ b/services/storage/object/controls.yaml @@ -67,9 +67,9 @@ controls: test_requirements: - id: CCC.ObjStor.C02.TR01 text: | - Admin users can configure bucket-level permissions uniformly across - all buckets, ensuring that object-level permissions cannot be - applied without explicit authorization. + Bucket-level permissions must be configured uniformly + across all buckets, ensuring that object-level permissions + cannot be applied without explicit authorization. tlp_levels: - tlp_amber - tlp_red @@ -165,23 +165,23 @@ controls: - tlp_amber - tlp_red - - id: CCC.ObjStor.C07 # Access logs are stored in a separate bucket - title: Access logs are stored in a separate bucket + - id: CCC.ObjStor.C07 # Access logs are stored in a data store + title: Access logs are stored in a separate data store control_family: Data objective: | Ensure that access logs for object storage buckets are stored in a - separate bucket to protect against unauthorized access, tampering, + separate data store to protect against unauthorized access, tampering, or deletion of logs (Logbuckets are exempt from this requirement, but must be tlp_red). threats: - CCC.TH07 # Logs are Tampered With or Deleted - CCC.TH09 # Logs or Monitoring Data are Read by Unauthorized Users - nist_csf: PR.DS-6 # Integrity checking mechanisms are used to verify software, firmware, and information integrity + nist_csf: PR.DS-6 # Integrity checking mechanisms are used test_requirements: - id: CCC.ObjStor.C07.TR01 text: | Access logs for all object storage buckets are stored in a separate - bucket. + data store. tlp_levels: - tlp_amber - tlp_red From ba68410d55dcbd90e4ae33512b0eaa5dcf2e6855 Mon Sep 17 00:00:00 2001 From: Michael Lysaght <31510876+mlysaght2017@users.noreply.github.com> Date: Wed, 4 Dec 2024 16:10:04 +0000 Subject: [PATCH 09/53] Updating testing requirements for VPC (#523) --- services/networking/vpc/controls.yaml | 182 ++++++-------------------- services/networking/vpc/threats.yaml | 86 +++++------- 2 files changed, 77 insertions(+), 191 deletions(-) diff --git a/services/networking/vpc/controls.yaml b/services/networking/vpc/controls.yaml index 9c93df98..8b51c6de 100644 --- a/services/networking/vpc/controls.yaml +++ b/services/networking/vpc/controls.yaml @@ -1,20 +1,20 @@ common_controls: - - CCC.C01 # Prevent unencrypted requests - - CCC.C03 # Implement multi-factor authentication (MFA) for access - - CCC.C04 # Log all access and changes - - CCC.C05 # Prevent access from untrusted entities - - CCC.C06 # Prevent deployment in restricted regions + - CCC.C01 # Prevent unencrypted requests + - CCC.C03 # Implement multi-factor authentication (MFA) for access + - CCC.C04 # Log all access and changes + - CCC.C05 # Prevent access from untrusted entities + - CCC.C06 # Prevent deployment in restricted regions controls: - id: CCC.VPC.C01 - title: Skip Default Network Creation + title: Restrict Default Network Creation objective: | - Prevent the automatic creation of default virtual networks and related resources during cloud - project initialization to avoid insecure default configurations and enforce custom network policies. + Restrict the automatic creation of default virtual networks and related + resources during subscription initialization to avoid insecure default + configurations and enforce custom network policies. control_family: Network Security threats: - - CCC.VPC.TH01 - - CCC.TH01 # Access control is misconfigured (common threat) + - CCC.VPC.TH01 # Unauthorized Access via Insecure Default Networks nist_csf: PR.AC-5 control_mappings: CCM: @@ -26,24 +26,19 @@ controls: test_requirements: - id: CCC.VPC.C01.TR01 text: | - Verify that default networks are not automatically created upon project initialization. - tlp_levels: - - tlp_red - - id: CCC.VPC.C01.TR02 - text: | - Confirm that only custom networks with appropriate security controls are in place. + When a subscription is created, the subscription must not contain any + default network resources. tlp_levels: - tlp_red - id: CCC.VPC.C02 - title: Limit External IP Addresses for Virtual Machines + title: Limit Resource Creation in Public Subnet objective: | - Restrict the assignment of external (public) IP addresses to virtual machines to reduce - exposure to the public internet and minimize attack surfaces. + Restrict the creation of resources in the public subnet with + direct access the internet to minimize attack surfaces. control_family: Network Security threats: - - CCC.VPC.TH02 - - CCC.TH02 # Data is intercepted in transit (common threat) + - CCC.VPC.TH02 # Exposure of Resources to Public Internet nist_csf: PR.AC-3 control_mappings: CCM: @@ -55,157 +50,62 @@ controls: test_requirements: - id: CCC.VPC.C02.TR01 text: | - Verify that policies are in place to prevent unauthorized assignment of external - IPs to virtual machines containing sensitive data. + When a resource is created, the resource must not be assigned an + external IP address by default. tlp_levels: - tlp_red - - id: CCC.VPC.C02.TR02 - text: | - Ensure that external IP assignments are approved and monitored for virtual machines without sensitive data. - tlp_levels: - - tlp_green - id: CCC.VPC.C03 - title: Restrict IP Forwarding on Virtual Machines - objective: | - Control the use of IP forwarding on virtual machines to prevent unauthorized - network traffic routing and potential security risks. - control_family: Network Security - threats: - - CCC.VPC.TH03 - nist_csf: PR.AC-5 - control_mappings: - CCM: - - SEF-05 - ISO_27001: - - 2013 A.13.1.1 - NIST_800_53: - - SC-7 - test_requirements: - - id: CCC.VPC.C03.TR01 - text: | - Verify that IP forwarding is disabled on all virtual machines containing sensitive data. - tlp_levels: - - tlp_red - - id: CCC.VPC.C03.TR02 - text: | - Attempt to enable IP forwarding on a sensitive VM and confirm that it is denied. - tlp_levels: - - tlp_red - - id: CCC.VPC.C03.TR03 - text: | - Confirm that IP forwarding is only enabled on virtual machines without - sensitive data and with a justified operational need. - tlp_levels: - - tlp_green - - id: CCC.VPC.C03.TR04 - text: | - Review and document the instances where IP forwarding is enabled under TLP Green classification. - tlp_levels: - - tlp_green - - - id: CCC.VPC.C04 - title: Restrict Public IP Access to ML Development Environments + title: Restrict VPC Peering to Authorized Accounts objective: | - Prevent public IP access to Machine Learning (ML) development environments - (e.g., ML notebooks) to reduce exposure to the internet and enhance security. + Ensure VPC peering connections are only established with explicitly + authorized destinations to limit network exposure and enforce boundary + controls. control_family: Network Security threats: - - CCC.VPC.TH04 + - CCC.VPC.TH03 # Unauthorized Network Access through VPC Peering nist_csf: PR.AC-3 control_mappings: CCM: - - SEF-05 + - IVS-01 ISO_27001: - - 2013 A.13.1.1 + - 2013 A.13.1.3 NIST_800_53: - - SC-7 + - AC-4 test_requirements: - id: CCC.VPC.C04.TR01 text: | - Verify that ML development environments containing sensitive - data cannot be accessed via public IP addresses. + When a VPC peering connection is requested for an untrusted + destination, the VPC’s peering configuration must remain unchanged. tlp_levels: - tlp_red - - id: CCC.VPC.C04.TR02 - text: | - Attempt to access an ML notebook via a public IP and confirm that access is denied. - tlp_levels: - - tlp_red - - id: CCC.VPC.C04.TR03 - text: | - Ensure that any ML development environments without sensitive data requiring - public access are approved and have appropriate security controls. - tlp_levels: - - tlp_green - - id: CCC.VPC.C05 - title: Restrict Virtual Networks for ML Development Environments + - id: CCC.VPC.C04 + title: Enforce VPC Flow Logs on VPCs. objective: | - Limit the virtual networks that can be used when creating new ML development environment - instances to ensure they are deployed within approved and secure network environments. + Ensure VPCs are configured with flow logs enabled to capture traffic + information. control_family: Network Security threats: - - CCC.VPC.TH05 - - CCC.TH01 # Access control is misconfigured (common threat) - nist_csf: PR.AC-4 + - CCC.VPC.TH04 # Lack of Network Visibility Due to Disabled VPC Flow Logs + nist_csf: PR.PT-1 control_mappings: CCM: - - IAM-12 + - IVS-06 ISO_27001: - - 2013 A.9.1.2 + - 2013 A.12.4.1 NIST_800_53: - - AC-6 + - AU-2 test_requirements: - id: CCC.VPC.C05.TR01 text: | - Verify that ML development environments containing sensitive data can only be deployed in - approved virtual networks with appropriate security controls. + When any network traffic goes to or from an interface in the VPC, VPC + flow logs must capture and log all relevant information. tlp_levels: - tlp_red - id: CCC.VPC.C05.TR02 text: | - Attempt to deploy an ML development environment in an unapproved network and confirm that it is denied. + When VPC flow logs are disabled, then the activity is logged in the + cloud native logging service. tlp_levels: - tlp_red - - id: CCC.VPC.C05.TR03 - text: | - Ensure that ML development environments without sensitive data are deployed in - networks that meet organizational security standards. - tlp_levels: - - tlp_green - - - id: CCC.VPC.C06 - title: Disable Nested Virtualization on Virtual Machines - objective: | - Disable hardware-accelerated nested virtualization on virtual machines to prevent - potential security risks associated with nested environments. - control_family: Virtualization Security - threats: - - CCC.VPC.TH06 - - CCC.TH06 # Data is lost or corrupted (common threat) - nist_csf: PR.DS-7 - control_mappings: - CCM: - - IVS-08 - ISO_27001: - - 2013 A.12.6.2 - NIST_800_53: - - SC-7 - test_requirements: - - id: CCC.VPC.C06.TR01 - text: | - Verify that nested virtualization cannot be enabled on virtual machines containing sensitive data. - tlp_levels: - - tlp_red - - id: CCC.VPC.C06.TR02 - text: | - Attempt to enable nested virtualization on a sensitive VM and confirm that it is denied. - tlp_levels: - - tlp_red - - id: CCC.VPC.C06.TR03 - text: | - For virtual machines without sensitive data, ensure that nested virtualization is - only enabled when necessary and with appropriate security measures. - tlp_levels: - - tlp_green diff --git a/services/networking/vpc/threats.yaml b/services/networking/vpc/threats.yaml index 409d032a..920d3ead 100644 --- a/services/networking/vpc/threats.yaml +++ b/services/networking/vpc/threats.yaml @@ -1,78 +1,64 @@ common_threats: - - CCC.TH01 # Access control is misconfigured - - CCC.TH02 # Data is intercepted in transit - - CCC.TH03 # Deployment region network is untrusted - - CCC.TH06 # Data is lost or corrupted - - CCC.TH07 # Logs are Tampered With or Deleted + - CCC.TH01 # Access control is misconfigured + - CCC.TH02 # Data is intercepted in transit + - CCC.TH03 # Deployment region network is untrusted + - CCC.TH06 # Data is lost or corrupted + - CCC.TH07 # Logs are Tampered With or Deleted threats: - id: CCC.VPC.TH01 title: Unauthorized Access via Insecure Default Networks description: | - Default network configurations may include insecure settings and open firewall rules, - leading to unauthorized access and potential data breaches. + Default network configurations may include insecure settings and open + firewall rules,leading to unauthorized access and potential data + breaches. features: - - CCC.VPC.F01 # Custom Network Creation - - CCC.F06 # Identity Based Access Control (common feature) + - CCC.VPC.F01 # Custom Network Creation mitre_technique: - - T1040 # Network Sniffing - - T1136 # Create Account + - T1040 # Network Sniffing - id: CCC.VPC.TH02 - title: Exposure of Virtual Machines to Public Internet + title: Exposure of Resources to Public Internet description: | - Assignment of external IP addresses to virtual machines exposes them to the public internet, - increasing the risk of attacks such as brute force, exploitation of vulnerabilities, or unauthorized access. + Assignment of external IP addresses to resources exposes resources to the + public internet, increasing the risk of attacks such as brute force, + exploitation of vulnerabilities, or unauthorized access. features: - - CCC.VPC.F02 # External IP Address Assignment - - CCC.F01 # Encryption in Transit Enabled by Default (common feature) + - CCC.VPC.F04 # Public Subnet Creation mitre_technique: - - T1133 # External Remote Services - - T1078 # Valid Accounts + - T1133 # External Remote Services + - T1078 # Valid Accounts - id: CCC.VPC.TH03 - title: Unauthorized Network Traffic Routing + title: Unauthorized Network Access through VPC Peering description: | - Enabling IP forwarding on virtual machines allows them to route traffic, - which can be exploited to redirect traffic, bypass network controls, - or launch attacks within the network. + Unauthorized VPC peering connections can allow network traffic between + untrusted or unapproved subscriptions, leading to potential data + exposure or exfiltration. features: - - CCC.VPC.F03 # IP Forwarding + - CCC.VPC.F11 # Connectivity Options - VPC Peering mitre_technique: - - T1590 # Gather Victim Network Information - - T1021 # Remote Services + - T1599 # Network Boundary Bridging - id: CCC.VPC.TH04 - title: Unauthorized Access to ML Development Environments via Public IP + title: Lack of Network Visibility Due to Disabled VPC Flow Logs description: | - Public IP access to ML development environments can lead to unauthorized access - if proper security controls are not in place, increasing the risk of compromise and data breaches. + VPC subnets with disabled flow logs lack critical network traffic + visibility, which can lead to undetected unauthorized access, + data exfiltration, and network misconfigurations. This lack of + visibility increases the risk of undetected security incidents. features: - - CCC.VPC.F04 # Public IP Access Control - - CCC.F06 # Identity Based Access Control (common feature) + - CCC.VPC.F16 # VPC Flow Logs mitre_technique: - - T1133 # External Remote Services - - T1078 # Valid Accounts + - T1562 # Impair Defenses - id: CCC.VPC.TH05 - title: Deployment of ML Development Environments in Unapproved Networks + title: Overly Permissive VPC Endpoint Policies description: | - Deploying ML development environments in unapproved or less secure networks can expose them to - vulnerabilities and unauthorized access, compromising sensitive data and security policies. + VPC Endpoint policies that are overly permissive may inadvertently expose + resources within the VPC to unintended principals or external threats. features: - - CCC.VPC.F05 # Virtual Network Selection - - CCC.F06 # Identity Based Access Control (common feature) + - CCC.VPC.F17 # VPC Endpoints mitre_technique: - - T1578 # Modify Cloud Compute Infrastructure - - - id: CCC.VPC.TH06 - title: Security Risks from Nested Virtualization - description: | - Nested virtualization can introduce additional layers of abstraction, increasing complexity and - potentially leading to security vulnerabilities that can be exploited. - features: - - CCC.VPC.F06 # Nested Virtualization - - CCC.F09 # Monitoring (common feature) - mitre_technique: - - T1497 # Virtualization/Sandbox Evasion - - T1059 # Command and Scripting Interpreter + - T1078 # Valid Accounts + - T1071 # Application Layer Protocol From 98c856b86cdcfe68e6d6d0c12b30b988b24215e3 Mon Sep 17 00:00:00 2001 From: Ian Walker-Smith <155087894+ianwalkersmithciticom@users.noreply.github.com> Date: Thu, 5 Dec 2024 09:33:57 -0300 Subject: [PATCH 10/53] Creation of initial RDMS controls.yaml file (#573) Co-authored-by: Michael Lysaght <31510876+mlysaght2017@users.noreply.github.com> --- services/database/relational/controls.yaml | 31 ++++++++++++++++++++++ services/database/relational/threats.yaml | 9 +++++++ 2 files changed, 40 insertions(+) create mode 100644 services/database/relational/controls.yaml diff --git a/services/database/relational/controls.yaml b/services/database/relational/controls.yaml new file mode 100644 index 00000000..a1a4fd92 --- /dev/null +++ b/services/database/relational/controls.yaml @@ -0,0 +1,31 @@ +common_controls: + - CCC.C01 # Prevent unencrypted requests + - CCC.C02 # Ensure data encryption at rest for all stored data + - CCC.C03 # Log all access and changes + - CCC.C04 # Implement multi-factor authentication (MFA) for access + - CCC.C05 # Prevent access from untrusted entities + - CCC.C06 # Prevent deployment in restricted regions + - CCC.C07 # Alert on non-human enumeration + - CCC.C09 # Prevent tampering, deletion, or unauthorized access to access logs + - CCC.C10 # Prevent data replication to destinations outside of defined trust perimeter + +controls: + - id: CCC.RDMS.C01 + title: backup database to alternative trust-zone + objective: | + Ensure that databases are backed up and the backup is outside of the applications trust-zone + control_family: Data + threats: + - CCC.RDMS.TH14 # DB backup is uninentionally restored + nist_csf: PR.DS-11 + control_mappings: + NIST_800_53: + - CP-6 + test_requirements: + - id: CCC.RDMS.C01.TR01 + text: | + From the same trust-zone as the database attempt to access the database backup and ensure that access is + denied + tlp_levels: + - tlp_red + - tlp_amber diff --git a/services/database/relational/threats.yaml b/services/database/relational/threats.yaml index 9deacba3..b1d93293 100644 --- a/services/database/relational/threats.yaml +++ b/services/database/relational/threats.yaml @@ -110,3 +110,12 @@ threats: - CCC.RDMS.F07 mitre_technique: - T1110 + + - id: CCC.RDMS.TH16 + title: backups stopped + description: | + threat actor stops backups from occuring + features: + - CCC.F11 + mitre_technique: + - T1490 From dfd6c3fda94eb9ff3eac5a6115da738bc7b0416f Mon Sep 17 00:00:00 2001 From: Eddie Knight Date: Thu, 5 Dec 2024 06:39:40 -0600 Subject: [PATCH 11/53] Rephrase control test requirements (#522) Signed-off-by: Eddie Knight Co-authored-by: Michael Lysaght <31510876+mlysaght2017@users.noreply.github.com> --- services/common-controls.yaml | 151 +++++++++++++++++++++++----------- 1 file changed, 101 insertions(+), 50 deletions(-) diff --git a/services/common-controls.yaml b/services/common-controls.yaml index 5934c823..7cbf8bdf 100644 --- a/services/common-controls.yaml +++ b/services/common-controls.yaml @@ -28,8 +28,8 @@ controls: test_requirements: - id: CCC.C01.TR01 text: | - The service enforces the use of secure transport protocols for all - network communications (e.g., TLS 1.2 or higher). + When a port is exposed for non-SSH network traffic, all traffic MUST + include a TLS handshake AND be encrypted using TLS 1.2 or higher. tlp_levels: - tlp_clear - tlp_green @@ -37,17 +37,8 @@ controls: - tlp_red - id: CCC.C01.TR02 text: | - The service denies all unencrypted HTTP requests. - tlp_levels: - - tlp_clear - - tlp_green - - tlp_amber - - tlp_red - - id: CCC.C01.TR03 - text: | - The service rejects or blocks any attempts to establish outgoing - connections using outdated or insecure protocols (e.g., SSL, TLS 1.0, - or TLS 1.1). + When a port is exposed for SSH network traffic, all traffic MUST + include a SSH handshake AND be encrypted using SSHv2 or higher. tlp_levels: - tlp_clear - tlp_green @@ -70,18 +61,9 @@ controls: test_requirements: - id: CCC.C02.TR01 text: | - The service encrypts all stored data at rest using - industry-standard encryption algorithms (e.g., AES-256). - tlp_levels: - - tlp_clear - - tlp_green - - tlp_amber - - tlp_red - - id: CCC.C02.TR02 - text: | - The encryption status for stored data at rest can be - verified and audited, including verification of key - management processes. + When data is stored at rest, the service MUST be configured to + encrypt data at rest using the latest industry-standard encryption + methods. tlp_levels: - tlp_clear - tlp_green @@ -91,9 +73,11 @@ controls: - id: CCC.C03 # Implement multi-factor authentication (MFA) for access title: Implement multi-factor authentication (MFA) for access objective: | - Ensure that all human user access requires multi-factor - authentication (MFA), minimizing the risk of unauthorized - access by enforcing strong authentication mechanisms. + Ensure that all sensitive activities require two or more identity factors + during authentication to prevent unauthorized access. This may include + something you know, something you have, or something you are. In the + case of programattically accessible services, such as API endpoints, this + includes a combination of API keys or tokens and network restrictions. control_family: Identity and Access Management threats: - CCC.TH01 # Access control is misconfigured @@ -107,17 +91,55 @@ controls: NIST_800_53: - IA-2 test_requirements: - - id: CCC.C03.TR01 + - id: CCC.C03.TR01 # modification auth text: | - Ensure that MFA is required for all user access to the - service interface. + When an entity attempts to modify the service, the service MUST + attempt to verify the client's identity through an authentication + process. + tlp_levels: + - tlp_clear + - tlp_green + - tlp_amber + - tlp_red + - id: CCC.C03.TR02 # amber/red view auth + text: | + When an entity attempts to view information presented by the service, + service, the service MUST attempt to verify the client's identity + through an authentication process. tlp_levels: - tlp_amber - tlp_red - - id: CCC.C03.TR02 + - id: CCC.C03.TR03 # amber/red UI view MFA text: | - Ensure that MFA is required for all administrative access - to the management interface. + When an entity attempts to view information on the service through + a user interface, the authentication process MUST require multiple + identifying factors from the user. + tlp_levels: + - tlp_amber + - tlp_red + - id: CCC.C03.TR04 # API modify allowlist + text: | + When an entity attempts to modify the service through an API + endpoint, the authentication process MUST be limited to a + specific allowed network. + tlp_levels: + - tlp_clear + - tlp_green + - tlp_amber + - tlp_red + - id: CCC.C03.TR05 # amber/red API view allowlist + text: | + When an entity attempts to view information on the service through + an API endpoint, the authentication process MUST be limited to a + specific allowed network. + tlp_levels: + - tlp_amber + - tlp_red + - id: CCC.C03.TR06 # UI modify MFA + text: | + When an entity attempts to modify the service through a user + interface, the authentication process MUST require multiple + identifying factors from the user. tlp_levels: - tlp_clear - tlp_green @@ -140,16 +162,24 @@ controls: test_requirements: - id: CCC.C04.TR01 text: | - The service logs all access attempts, including successful - and failed login attempts. + When any access attempt is made to the service, the service MUST log + the client identity, time, and result of the attempt. + tlp_levels: + - tlp_amber + - tlp_red + - id: CCC.C04.TR01 + text: | + When any access attempt is made to the view sensitive information, + the service MUST log the client identity, time, and result of the + attempt. tlp_levels: - tlp_amber - tlp_red - id: CCC.C04.TR02 text: | - The service logs all changes to configuration, including - administrative actions and modifications to user roles - or privileges. + When any change is made to the service configuration, the service MUST + log the change, including the client, time, previous state, and the + new state following the change. tlp_levels: - tlp_clear - tlp_green @@ -159,9 +189,14 @@ controls: - id: CCC.C05 # Prevent access from untrusted entities title: Prevent access from untrusted entities objective: | - Ensure secure access controls prevent unauthorized data access, - exfiltration, and misuse of legitimate services by adversaries. + Ensure that secure access controls prevent unauthorized access, + mitigate risks of data exfiltration, and block misuse of services + by adversaries. This includes restricting access based on trust + criteria such as IP allowlists, domain restrictions, and tenant + isolation. control_family: Identity and Access Management + threats: + - CCC.TH01 # Access control is misconfigured nist_csf: PR.AC-3 control_mappings: CCM: @@ -171,22 +206,38 @@ controls: NIST_800_53: - AC-3 test_requirements: - - id: CCC.C05.TR01 + - id: CCC.C05.TR01 # Block untrusted sources text: | - The service blocks access to sensitive resources and admin - access from untrusted sources, including unauthorized IP - addresses, domains, or networks that are not included in - a pre-approved allowlist. + When access to sensitive resources is attempted, the service MUST + block requests from untrusted sources, including IP addresses, + domains, or networks that are not explicitly included in a + pre-approved allowlist. + tlp_levels: + - tlp_amber + - tlp_red + - id: CCC.C05.TR02 # Admin access restrictions + text: | + When administrative access is attempted, the service MUST validate + that the request originates from an explicitly allowed source as + defined in the allowlist. tlp_levels: - tlp_clear - tlp_green - tlp_amber - tlp_red - - id: CCC.C05.TR04 + - id: CCC.C05.TR03 # Prevent cross-tenant access + text: | + When resources are accessed in a multi-tenant environment, the + service MUST enforce isolation by allowing access only to explicitly + allowlisted tenants. + tlp_levels: + - tlp_amber + - tlp_red + - id: CCC.C05.TR04 # Unauthorized access attempts logging text: | - The service prevents unauthorized cross-tenant access, - ensuring that only allowlisted services from other - tenants can access resources. + When an access attempt from an untrusted source is blocked, the + service MUST log the event, including the source details, time, + and reason for denial. tlp_levels: - tlp_clear - tlp_green From 216f21764e261223c3c89b9669bf3f73dd5c455c Mon Sep 17 00:00:00 2001 From: Eddie Knight Date: Thu, 5 Dec 2024 11:30:16 -0600 Subject: [PATCH 12/53] Revise common TRs (#575) Signed-off-by: Eddie Knight --- services/common-controls.yaml | 77 +++++++++++++++++++---------------- 1 file changed, 41 insertions(+), 36 deletions(-) diff --git a/services/common-controls.yaml b/services/common-controls.yaml index 7cbf8bdf..41a154ae 100644 --- a/services/common-controls.yaml +++ b/services/common-controls.yaml @@ -267,9 +267,9 @@ controls: test_requirements: - id: CCC.C06.TR01 text: | - The service prevents deployment in restricted regions or - cloud availability zones, blocking any provisioning - attempts in designated areas. + When a deployment request is made, the service MUST validate + that the deployment region is not to a restricted or regions + or availability zones. tlp_levels: - tlp_clear - tlp_green @@ -277,9 +277,9 @@ controls: - tlp_red - id: CCC.C06.TR02 text: | - The service ensures that replication of data, backups, and - disaster recovery operations do not occur in restricted - regions or availability zones. + When a deployment request is made, the service MUST validate that + replication of data, backups, and disaster recovery operations + will not occur in restricted regions or availability zones. tlp_levels: - tlp_clear - tlp_green @@ -299,15 +299,18 @@ controls: test_requirements: - id: CCC.C07.TR01 text: | - The service detects enumeration activities indicative of - reconnaissance and generates real-time alerts + When suspicious enumeration activities are detected, the + service MUST generate real-time alerts to notify security + personnel. tlp_levels: - tlp_red - id: CCC.C07.TR02 text: | - Confirm that logs are properly generated and accessible for review - following non-human enumeration attempts. + When suspicious enumeration activities are detected, the + service MUST log the event, including the source details, + time, and nature of the activity. tlp_levels: + - tlp_clear - tlp_green - tlp_amber - tlp_red @@ -325,17 +328,18 @@ controls: test_requirements: - id: CCC.C08.TR01 text: | - Data is replicated across multiple availability zones or - regions. + When data is stored, the service MUST ensure that data is + replicated across multiple availability zones or regions. tlp_levels: - tlp_green - tlp_amber - tlp_red - id: CCC.C08.TR02 text: | - The replication status of data across multiple zones or - regions can be verified, including the replication - locations and data synchronization status. + When data is replicated across multiple zones or regions, + the service MUST be able to verify the replication state, + including the replication locations and data synchronization + status. tlp_levels: - tlp_green - tlp_amber @@ -356,7 +360,8 @@ controls: test_requirements: - id: CCC.C09.TR01 text: | - Access logs cannot be accessed without proper authorization. + When access logs are stored, the service MUST ensure that + access logs cannot be accessed without proper authorization. tlp_levels: - tlp_amber - tlp_red @@ -364,7 +369,8 @@ controls: - tlp_clear - id: CCC.C09.TR02 text: | - Access logs cannot be modified without proper authorization. + When access logs are stored, the service MUST ensure that + access logs cannot be modified without proper authorization. tlp_levels: - tlp_amber - tlp_red @@ -372,7 +378,8 @@ controls: - tlp_clear - id: CCC.C09.TR03 text: | - Access logs cannot be deleted without proper authorization. + When access logs are stored, the service MUST ensure that + access logs cannot be deleted without proper authorization. tlp_levels: - tlp_amber - tlp_red @@ -387,16 +394,15 @@ controls: Prevent replication of data to untrusted destinations outside of defined trust perimeter. An untrusted destination is defined as a resource that exists outside of a specified trusted - identity or network perimeter (i.e., a data perimeter). + identity or network or data perimeter. threats: - CCC.TH04 # Data is replicated to untrusted or external locations nist_csf: PR.DS-5 # Protections against data leaks are implemented test_requirements: - id: CCC.C10.TR01 text: | - Replication of data to destinations outside of the defined - trust perimeter is automatically blocked, preventing - replication to untrusted resources. + When data is replicated, the service MUST ensure that + replication is restricted to explicitly trusted destinations. tlp_levels: - tlp_green - tlp_amber @@ -407,7 +413,7 @@ controls: objective: | Ensure that encryption keys are managed securely by enforcing the use of approved algorithms, regular key rotation, and - customer-managed encryption keys (CMEKs) where applicable. + customer-managed encryption keys (CMEKs). control_family: Encryption threats: - CCC.TH16 # Non-compliance with encryption key management policies @@ -424,9 +430,9 @@ controls: test_requirements: - id: CCC.C11.TR01 text: | - Verify that all encryption keys use approved cryptographic - algorithms as per organizational standards (e.g., AES-256, - RSA-2048). + When encryption keys are used, the service MUST verify that + all encryption keys use approved cryptographic algorithms as + per organizational standards. tlp_levels: - tlp_clear - tlp_green @@ -434,27 +440,26 @@ controls: - tlp_red - id: CCC.C11.TR02 text: | - Confirm that encryption keys are rotated at a frequency - compliant with organizational policies (e.g., every - 90 days). + When encryption keys are used, the service MUST verify that + encryption keys are rotated at a frequency compliant with + organizational policies. tlp_levels: + - tlp_clear - tlp_green - tlp_amber - tlp_red - id: CCC.C11.TR03 text: | - Ensure that customer-managed encryption keys (CMEKs) are - used for data encryption where applicable, providing - greater control over key management. + When encrypting data, the service MUST verify that + customer-managed encryption keys (CMEKs) are used. tlp_levels: - - tlp_green - tlp_amber - tlp_red - id: CCC.C11.TR04 text: | - Verify that access to encryption keys is restricted to - authorized personnel and services, following the principle - of least privilege. + When encryption keys are accessed, the service MUST verify that + access to encryption keys is restricted to authorized personnel + and services, following the principle of least privilege. tlp_levels: - tlp_amber - tlp_red From 6c54323cfbedfb687c62c36901f8485c12a319f5 Mon Sep 17 00:00:00 2001 From: Eddie Knight Date: Fri, 6 Dec 2024 03:01:02 -0600 Subject: [PATCH 13/53] Polished VPC test requirements (#579) Signed-off-by: Eddie Knight --- services/networking/vpc/controls.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/services/networking/vpc/controls.yaml b/services/networking/vpc/controls.yaml index 8b51c6de..a1459e62 100644 --- a/services/networking/vpc/controls.yaml +++ b/services/networking/vpc/controls.yaml @@ -26,8 +26,8 @@ controls: test_requirements: - id: CCC.VPC.C01.TR01 text: | - When a subscription is created, the subscription must not contain any - default network resources. + When a subscription is created, the subscription MUST NOT + contain default network resources. tlp_levels: - tlp_red @@ -50,8 +50,8 @@ controls: test_requirements: - id: CCC.VPC.C02.TR01 text: | - When a resource is created, the resource must not be assigned an - external IP address by default. + When a resource is created in a public subnet, that resource + MUST NOT be assigned an external IP address by default. tlp_levels: - tlp_red @@ -75,8 +75,8 @@ controls: test_requirements: - id: CCC.VPC.C04.TR01 text: | - When a VPC peering connection is requested for an untrusted - destination, the VPC’s peering configuration must remain unchanged. + When a VPC peering connection is requested, that VPC peering + configuration MUST NOT be modified. tlp_levels: - tlp_red @@ -99,13 +99,13 @@ controls: test_requirements: - id: CCC.VPC.C05.TR01 text: | - When any network traffic goes to or from an interface in the VPC, VPC - flow logs must capture and log all relevant information. + When any network traffic goes to or from an interface in the VPC, + the service MUST capture and log all relevant information. tlp_levels: - tlp_red - id: CCC.VPC.C05.TR02 text: | - When VPC flow logs are disabled, then the activity is logged in the - cloud native logging service. + When built-in VPC flow logs are disabled, then the service MUST be + capture and log all relevant information using an alternative method. tlp_levels: - tlp_red From 33400b148be3c8ead9f4e2ac7faa789ff479aace Mon Sep 17 00:00:00 2001 From: Eddie Knight Date: Fri, 6 Dec 2024 03:04:17 -0600 Subject: [PATCH 14/53] Polished ObjStor Test Requirements (#577) Signed-off-by: Eddie Knight Co-authored-by: Michael Lysaght <31510876+mlysaght2017@users.noreply.github.com> --- services/storage/object/controls.yaml | 103 ++++++++++++++++++++------ 1 file changed, 79 insertions(+), 24 deletions(-) diff --git a/services/storage/object/controls.yaml b/services/storage/object/controls.yaml index 32b26be1..10f6d771 100644 --- a/services/storage/object/controls.yaml +++ b/services/storage/object/controls.yaml @@ -32,8 +32,35 @@ controls: test_requirements: - id: CCC.ObjStor.C01.TR01 text: | - The service prevents access to any object storage bucket or object - that uses KMS keys not listed as trusted by the organization. + When a request is made to read a protected bucket, the service + MUST prevent any request using KMS keys not listed as trusted by + the organization. + tlp_levels: + - tlp_amber + - tlp_red + - id: CCC.ObjStor.C01.TR02 + text: | + When a request is made to read a protected object, the service + MUST prevent any request using KMS keys not listed as trusted by + the organization. + tlp_levels: + - tlp_amber + - tlp_red + - id: CCC.ObjStor.C01.TR03 + text: | + When a request is made to write to a bucket, the service MUST + prevent any request using KMS keys not listed as trusted by the + organization. + tlp_levels: + - tlp_clear + - tlp_green + - tlp_amber + - tlp_red + - id: CCC.ObjStor.C01.TR04 + text: | + When a request is made to write to an object, the service MUST + prevent any request using KMS keys not listed as trusted by the + organization. tlp_levels: - tlp_clear - tlp_green @@ -41,8 +68,7 @@ controls: - tlp_red - id: CCC.ObjStor.C02 # Enforce uniform bucket-level access to prevent inconsistent - title: Enforce uniform bucket-level access to prevent inconsistent - permissions + title: Enforce uniform bucket-level access to prevent inconsistent permissions control_family: Identity and Access Management objective: | Ensure that uniform bucket-level access is enforced across all @@ -52,9 +78,6 @@ controls: principle of least privilege. threats: - CCC.TH01 # Access control is misconfigured - - CCC.ObjStor.TH02 # Improper enforcement of object modification locks - # Access permissions and authorizations are managed, - # incorporating the principles of least privilege and separation of duties nist_csf: PR.AC-4 control_mappings: CCM: @@ -67,10 +90,22 @@ controls: test_requirements: - id: CCC.ObjStor.C02.TR01 text: | - Bucket-level permissions must be configured uniformly - across all buckets, ensuring that object-level permissions - cannot be applied without explicit authorization. + When a permission set is allowed for an object in a bucket, the + service MUST allow the same permission set to access all objects + in the same bucket. + tlp_levels: + - tlp_clear + - tlp_green + - tlp_amber + - tlp_red + - id: CCC.ObjStor.C02.TR02 + text: | + When a permission set is denied for an object in a bucket, the + service MUST deny the same permission set to access all objects + in the same bucket. tlp_levels: + - tlp_clear + - tlp_green - tlp_amber - tlp_red @@ -86,7 +121,7 @@ controls: test_requirements: - id: CCC.ObjStor.C03.TR01 text: | - When an object storage bucket deletion is attempted, the bucket must be + When an object storage bucket deletion is attempted, the bucket MUST be fully recoverable for a set time-frame after deletion is requested. tlp_levels: - tlp_clear @@ -95,7 +130,8 @@ controls: - tlp_red - id: CCC.ObjStor.C03.TR03 text: | - The retention policy for object storage buckets cannot be unset. + When an attempt is made to modify the retention policy for an object + storage bucket, the service MUST prevent the policy from being modified. tlp_levels: - tlp_clear - tlp_green @@ -116,9 +152,9 @@ controls: test_requirements: - id: CCC.ObjStor.C05.TR01 text: | - All objects stored in the object storage system automatically receive - a default retention policy that prevents premature deletion or - modification. + When an object is uploaded to the object storage system, the object + MUST automatically receive a default retention policy that prevents + premature deletion or modification. tlp_levels: - tlp_clear - tlp_green @@ -126,8 +162,9 @@ controls: - tlp_red - id: CCC.ObjStor.C05.TR04 text: | - Attempts to delete or modify objects that are subject to an active - retention policy are prevented. + When an attempt is made to delete or modify an object that is subject + to an active retention policy, the service MUST prevent the action + from being completed. tlp_levels: - tlp_clear - tlp_green @@ -147,9 +184,27 @@ controls: test_requirements: - id: CCC.ObjStor.C06.TR01 text: | - Verify that when two objects with the same name are uploaded to the - bucket, the object with the same name is not overwritten and that - both objects are stored with unique identifiers. + When an object is uploaded to the object storage bucket, the object + MUST be stored with a unique identifier. + tlp_levels: + - tlp_clear + - tlp_green + - tlp_amber + - tlp_red + - id: CCC.ObjStor.C06.TR02 + text: | + When an object is modified, the service MUST assign a new unique + identifier to the modified object to differentiate it from the + previous version. + tlp_levels: + - tlp_clear + - tlp_green + - tlp_amber + - tlp_red + - id: CCC.ObjStor.C06.TR03 + text: | + When an object is modified, the service MUST allow for recovery + of previous versions of the object. tlp_levels: - tlp_clear - tlp_green @@ -157,8 +212,8 @@ controls: - tlp_red - id: CCC.ObjStor.C06.TR04 text: | - Previous versions of an object can be accessed and restored after - an object is modified or deleted. + When an object is deleted, the service MUST retain other versions of + the object to allow for recovery of previous versions. tlp_levels: - tlp_clear - tlp_green @@ -180,8 +235,8 @@ controls: test_requirements: - id: CCC.ObjStor.C07.TR01 text: | - Access logs for all object storage buckets are stored in a separate - data store. + When an object storage bucket is accessed, the service MUST store + access logs in a separate data store. tlp_levels: - tlp_amber - tlp_red From 74815d8159ee936569a8e703aa4fc81bff3bc1bf Mon Sep 17 00:00:00 2001 From: Eddie Knight Date: Fri, 6 Dec 2024 04:22:16 -0600 Subject: [PATCH 15/53] corrected location of cmb docs (#576) Signed-off-by: Eddie Knight --- .../community-guidelines/releases/cmb/README.md | 4 ++-- .../releases/cmb/feedback-guide.md | 6 +++--- .../releases/cmb/member-responsibilities.md | 0 .../releases}/imgs/image-1.png | Bin .../releases}/imgs/image-2.png | Bin .../releases}/imgs/image-3.png | Bin 6 files changed, 5 insertions(+), 5 deletions(-) rename docs/{governance => }/community-guidelines/releases/cmb/README.md (97%) rename docs/{governance => }/community-guidelines/releases/cmb/feedback-guide.md (83%) rename docs/{governance => }/community-guidelines/releases/cmb/member-responsibilities.md (100%) rename docs/{governance/community-guidelines/releases/cmb => community-guidelines/releases}/imgs/image-1.png (100%) rename docs/{governance/community-guidelines/releases/cmb => community-guidelines/releases}/imgs/image-2.png (100%) rename docs/{governance/community-guidelines/releases/cmb => community-guidelines/releases}/imgs/image-3.png (100%) diff --git a/docs/governance/community-guidelines/releases/cmb/README.md b/docs/community-guidelines/releases/cmb/README.md similarity index 97% rename from docs/governance/community-guidelines/releases/cmb/README.md rename to docs/community-guidelines/releases/cmb/README.md index cbb7317a..1543f1fa 100644 --- a/docs/governance/community-guidelines/releases/cmb/README.md +++ b/docs/community-guidelines/releases/cmb/README.md @@ -85,6 +85,6 @@ Appointments shall be permanently revoked in the following cases: - Repeat abandonment of a stated commitment - Undermining the process, such as deliberately circumventing or disregarding documented norms -[Security WG]: ../../../working-groups/security/charter.md -[Delivery WG]: ../../../working-groups/delivery/charter.md +[Security WG]: /docs/governance/working-groups/security/charter.md +[Delivery WG]: /docs/governance/working-groups/delivery/charter.md [community guideline]: ./README.md diff --git a/docs/governance/community-guidelines/releases/cmb/feedback-guide.md b/docs/community-guidelines/releases/cmb/feedback-guide.md similarity index 83% rename from docs/governance/community-guidelines/releases/cmb/feedback-guide.md rename to docs/community-guidelines/releases/cmb/feedback-guide.md index 938013af..a5c3fc6d 100644 --- a/docs/governance/community-guidelines/releases/cmb/feedback-guide.md +++ b/docs/community-guidelines/releases/cmb/feedback-guide.md @@ -6,14 +6,14 @@ This is a simple guide for CMB members on how to properly provide feedback withi 1. Navigate to the Discussions Section in GitHub for this project: - ![Discussions Tab](./imgs/image-1.png) + ![Discussions Tab](../imgs/image-1.png) 1. Find an active discussion that's associated with the release you would like to contribute to. You can find it here: [Active Discussions for CMB](https://github.com/finos/common-cloud-controls/discussions/categories/change-management-board-cmb?discussions_q=is%3Aopen+category%3A%22Change+Management+Board+%28CMB%29%22) - ![CMB Discussion Category with Posts](./imgs/image-2.png) + ![CMB Discussion Category with Posts](../imgs/image-2.png) 1. If your issue is unique, please create a new thread in the discussion post by leaving a comment. Otherwise, feel free to leave a comment inside of the thread on the discussion. - ![Service Comments for Discussion](./imgs/image-3.png) + ![Service Comments for Discussion](../imgs/image-3.png) 1. Double check to ensure you put your comment in the right place before hitting the green button! diff --git a/docs/governance/community-guidelines/releases/cmb/member-responsibilities.md b/docs/community-guidelines/releases/cmb/member-responsibilities.md similarity index 100% rename from docs/governance/community-guidelines/releases/cmb/member-responsibilities.md rename to docs/community-guidelines/releases/cmb/member-responsibilities.md diff --git a/docs/governance/community-guidelines/releases/cmb/imgs/image-1.png b/docs/community-guidelines/releases/imgs/image-1.png similarity index 100% rename from docs/governance/community-guidelines/releases/cmb/imgs/image-1.png rename to docs/community-guidelines/releases/imgs/image-1.png diff --git a/docs/governance/community-guidelines/releases/cmb/imgs/image-2.png b/docs/community-guidelines/releases/imgs/image-2.png similarity index 100% rename from docs/governance/community-guidelines/releases/cmb/imgs/image-2.png rename to docs/community-guidelines/releases/imgs/image-2.png diff --git a/docs/governance/community-guidelines/releases/cmb/imgs/image-3.png b/docs/community-guidelines/releases/imgs/image-3.png similarity index 100% rename from docs/governance/community-guidelines/releases/cmb/imgs/image-3.png rename to docs/community-guidelines/releases/imgs/image-3.png From 0d8fe19d5815552e5d206241b88707eb273dd924 Mon Sep 17 00:00:00 2001 From: Michael Lysaght <31510876+mlysaght2017@users.noreply.github.com> Date: Fri, 6 Dec 2024 19:40:45 +0100 Subject: [PATCH 16/53] Add in fixes to VPC test requirements (#580) Co-authored-by: Eddie Knight Co-authored-by: Damien Burks <20100558+damienjburks@users.noreply.github.com> --- services/networking/vpc/controls.yaml | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/services/networking/vpc/controls.yaml b/services/networking/vpc/controls.yaml index a1459e62..4957c33a 100644 --- a/services/networking/vpc/controls.yaml +++ b/services/networking/vpc/controls.yaml @@ -29,13 +29,14 @@ controls: When a subscription is created, the subscription MUST NOT contain default network resources. tlp_levels: + - tlp_amber - tlp_red - id: CCC.VPC.C02 title: Limit Resource Creation in Public Subnet objective: | Restrict the creation of resources in the public subnet with - direct access the internet to minimize attack surfaces. + direct access to the internet to minimize attack surfaces. control_family: Network Security threats: - CCC.VPC.TH02 # Exposure of Resources to Public Internet @@ -73,11 +74,14 @@ controls: NIST_800_53: - AC-4 test_requirements: - - id: CCC.VPC.C04.TR01 + - id: CCC.VPC.C03.TR01 text: | - When a VPC peering connection is requested, that VPC peering - configuration MUST NOT be modified. + When a VPC peering connection is requested, the service MUST + prevent connections from VPCs that are not explicitly + allowed. tlp_levels: + - tlp_green + - tlp_amber - tlp_red - id: CCC.VPC.C04 @@ -97,15 +101,10 @@ controls: NIST_800_53: - AU-2 test_requirements: - - id: CCC.VPC.C05.TR01 + - id: CCC.VPC.C04.TR01 text: | When any network traffic goes to or from an interface in the VPC, the service MUST capture and log all relevant information. tlp_levels: - - tlp_red - - id: CCC.VPC.C05.TR02 - text: | - When built-in VPC flow logs are disabled, then the service MUST be - capture and log all relevant information using an alternative method. - tlp_levels: + - tlp_amber - tlp_red From 07affb88a09ed22b0817c4397b79cf6861bd8190 Mon Sep 17 00:00:00 2001 From: Sonali Mendis <124289397+smendis-scottlogic@users.noreply.github.com> Date: Sat, 7 Dec 2024 21:18:00 +0000 Subject: [PATCH 17/53] Formatting changes for VPC and Object Storage (#578) --- .vscode/common-controls.code-snippets | 154 ++++++++++-------- .vscode/common-features.code-snippets | 18 +- .vscode/common-threats.code-snippets | 80 +++++---- services/common-controls.yaml | 139 +++++++++------- services/common-features.yaml | 48 +++--- services/common-threats.yaml | 50 +++--- services/networking/vpc/controls.yaml | 29 ++-- services/networking/vpc/features.yaml | 56 ++++--- services/networking/vpc/threats.yaml | 34 ++-- services/storage/object/controls.yaml | 103 +++++++----- services/storage/object/features.yaml | 43 +++-- .../storage/object/tests/ccc-os-c08.feature | 13 -- services/storage/object/threats.yaml | 28 ++-- 13 files changed, 441 insertions(+), 354 deletions(-) delete mode 100644 services/storage/object/tests/ccc-os-c08.feature diff --git a/.vscode/common-controls.code-snippets b/.vscode/common-controls.code-snippets index 63995863..467db55c 100644 --- a/.vscode/common-controls.code-snippets +++ b/.vscode/common-controls.code-snippets @@ -1,66 +1,90 @@ { - "Prevent unencrypted requests": { - "scope": "yaml", - "prefix": "CC1, CC Prevent unencrypted requests", - "body": [ - "- CCC.C01 # Prevent unencrypted requests control" - ], - "description": "Common Control Prevent unencrypted requests" - }, - "Ensure data encryption at rest": { - "scope": "yaml", - "prefix": "CC2, CC Ensure data encryption at rest", - "body": [ - "- CCC.C02 # Ensure data encryption at rest for all stored data" - ], - "description": "Common Control Ensure data encryption at rest" - }, - "Implement multi-factor authentication": { - "scope": "yaml", - "prefix": "CC3, CC Implement MFA for access", - "body": [ - "- CCC.C03 # Implement multi-factor authentication (MFA) for access" - ], - "description": "Common Control Implement multi-factor authentication (MFA) for access" - }, - "Log all access and changes": { - "scope": "yaml", - "prefix": "CC4, CC Log all access and changes", - "body": [ - "- CCC.C04 # Log all access and changes" - ], - "description": "Common Control Log all access and changes" - }, - "Prevent access from untrusted entities": { - "scope": "yaml", - "prefix": "CC5, CC Prevent access from untrusted entities", - "body": [ - "- CCC.C05 # Prevent access from untrusted entities" - ], - "description": "Common Control Prevent access from untrusted entities control" - }, - "Prevent deployment in restricted regions": { - "scope": "yaml", - "prefix": "CC6, CC Prevent deployment in restricted regions", - "body": [ - "- CCC.C06 # Prevent deployment in restricted regions" - ], - "description": "Common Control Prevent deployment in restricted regions" - }, - "Alert on non-human enumeration": { - "scope": "yaml", - "prefix": "CC7, CC Alert on non-human enumeration", - "body": [ - "- CCC.C07 # Alert on non-human enumeration" - ], - "description": "Common Control Alert on non-human enumeration" - }, - "Enable multi-zone or multi-region data replication": { - "scope": "yaml", - "prefix": "CC8, CC Enable multi-zone or multi-region data replication", - "body": [ - "- CCC.C08 # Enable multi-zone or multi-region data replication" - ], - "description": "Common Control Enable multi-zone or multi-region data replication" - } - } + "Prevent Unencrypted Requests": { + "scope": "yaml", + "prefix": "CC1, CC Prevent Unencrypted Requests", + "body": [ + "- CCC.C01 # Prevent Unencrypted Requests" + ], + "description": "Common Control Prevent Unencrypted Requests" + }, + "Ensure Data Encryption at Rest for All Stored Data": { + "scope": "yaml", + "prefix": "CC2, CC Ensure Data Encryption at Rest for All Stored Data", + "body": [ + "- CCC.C02 # Ensure Data Encryption at Rest for All Stored Data" + ], + "description": "Common Control Ensure Data Encryption at Rest for All Stored Data" + }, + "Implement Multi-factor Authentication (MFA) for Access": { + "scope": "yaml", + "prefix": "CC3, CC Implement Multi-factor Authentication (MFA) for Access", + "body": [ + "- CCC.C03 # Implement Multi-factor Authentication (MFA) for Access" + ], + "description": "Common Control Implement Multi-factor Authentication (MFA) for Access" + }, + "Log All Access and Changes": { + "scope": "yaml", + "prefix": "CC4, CC Log All Access and Changes", + "body": [ + "- CCC.C04 # Log All Access and Changes" + ], + "description": "Common Control Log All Access and Changes" + }, + "Prevent Access from Untrusted Entities": { + "scope": "yaml", + "prefix": "CC5, CC Prevent Access from Untrusted Entities", + "body": [ + "- CCC.C05 # Prevent Access from Untrusted Entities" + ], + "description": "Common Control Prevent Access from Untrusted Entities" + }, + "Prevent Deployment in Restricted Regions": { + "scope": "yaml", + "prefix": "CC6, CC Prevent Deployment in Restricted Regions", + "body": [ + "- CCC.C06 # Prevent Deployment in Restricted Regions" + ], + "description": "Common Control Prevent Deployment in Restricted Regions" + }, + "Alert on Unusual Enumeration Activity": { + "scope": "yaml", + "prefix": "CC7, CC Alert on Unusual Enumeration Activity", + "body": [ + "- CCC.C07 # Alert on Unusual Enumeration Activity" + ], + "description": "Common Control Alert on Unusual Enumeration Activity" + }, + "Enable Multi-zone or Multi-region Data Replication": { + "scope": "yaml", + "prefix": "CC8, CC Enable Multi-zone or Multi-region Data Replication", + "body": [ + "- CCC.C08 # Enable Multi-zone or Multi-region Data Replication" + ], + "description": "Common Control Enable Multi-zone or Multi-region Data Replication" + }, + "Prevent Tampering, Deletion, or Unauthorized Access to Access Logs": { + "scope": "yaml", + "prefix": "CC9, CC Prevent Tampering, Deletion, or Unauthorized Access to Access Logs", + "body": [ + "- CCC.C09 # Prevent Tampering, Deletion, or Unauthorized Access to Access Logs" + ], + "description": "Common Control Prevent Tampering, Deletion, or Unauthorized Access to Access Logs" + }, + "Prevent Data Replication to Destinations Outside of Defined Trust Perimeter": { + "scope": "yaml", + "prefix": "CC10, CC Prevent Data Replication to Destinations Outside of Defined Trust Perimeter", + "body": [ + "- CCC.C10 # Prevent Data Replication to Destinations Outside of Defined Trust Perimeter" + ], + "description": "Common Control Prevent Data Replication to Destinations Outside of Defined Trust Perimeter" + }, + "Enforce Key Management Policies": { + "scope": "yaml", + "prefix": "CC11, CC Enforce Key Management Policies", + "body": [ + "- CCC.C11 # Enforce Key Management Policies" + ], + "description": "Common Control Enforce Key Management Policies" + }, +} \ No newline at end of file diff --git a/.vscode/common-features.code-snippets b/.vscode/common-features.code-snippets index 47febc9f..7d14e391 100644 --- a/.vscode/common-features.code-snippets +++ b/.vscode/common-features.code-snippets @@ -119,13 +119,13 @@ ], "description": "Common Feature Cost Management" }, - "BudgetingAlerting": { + "Budgeting": { "scope": "yaml", - "prefix": "CF16, CF BudgetingAlerting", + "prefix": "CF16, CF Budgeting", "body": [ - "- CCC.F16 # BudgetingAlerting" + "- CCC.F16 # Budgeting" ], - "description": "Common Feature BudgetingAlerting" + "description": "Common Feature Budgeting" }, "Alerting": { "scope": "yaml", @@ -143,13 +143,13 @@ ], "description": "Common Feature Versioning" }, - "On-Demand Scaling": { + "On-demand Scaling": { "scope": "yaml", - "prefix": "CF19, CF On-Demand Scaling", + "prefix": "CF19, CF On-demand Scaling", "body": [ - "- CCC.F19 # On-Demand Scaling" + "- CCC.F19 # On-demand Scaling" ], - "description": "Common Feature On-Demand Scaling" + "description": "Common Feature On-demand Scaling" }, "Tagging": { "scope": "yaml", @@ -184,5 +184,5 @@ "- CCC.F23 # Network Access Rules" ], "description": "Common Feature Network Access Rules" - } + }, } \ No newline at end of file diff --git a/.vscode/common-threats.code-snippets b/.vscode/common-threats.code-snippets index 2d4a3a45..51fcb5de 100644 --- a/.vscode/common-threats.code-snippets +++ b/.vscode/common-threats.code-snippets @@ -1,51 +1,51 @@ { - "Access control is misconfigured": { + "Access Control is Misconfigured": { "scope": "yaml", - "prefix": "CT1, CT Access control is misconfigured", + "prefix": "CT1, CT Access Control is Misconfigured", "body": [ - "- CCC.TH01 # Access control is misconfigured" + "- CCC.TH01 # Access Control is Misconfigured" ], - "description": "Common Threat Access control is misconfigured" + "description": "Common Threat Access Control is Misconfigured" }, - "Data is intercepted in transit": { + "Data is Intercepted in Transit": { "scope": "yaml", - "prefix": "CT2, CT Data is intercepted in transit", + "prefix": "CT2, CT Data is Intercepted in Transit", "body": [ - "- CCC.TH02 # Data is intercepted in transit" + "- CCC.TH02 # Data is Intercepted in Transit" ], - "description": "Common Threat Data is intercepted in transit" + "description": "Common Threat Data is Intercepted in Transit" }, - "Deployment region network is untrusted": { + "Deployment Region Network is Untrusted": { "scope": "yaml", - "prefix": "CT3, CT Deployment region network is untrusted", + "prefix": "CT3, CT Deployment Region Network is Untrusted", "body": [ - "- CCC.TH03 # Deployment region network is untrusted" + "- CCC.TH03 # Deployment Region Network is Untrusted" ], - "description": "Common Threat Deployment region network is untrusted" + "description": "Common Threat Deployment Region Network is Untrusted" }, - "Resource is replicated to untrusted or external locations": { + "Data is Replicated to Untrusted or External Locations": { "scope": "yaml", - "prefix": "CT4, CT Resource is replicated to untrusted or external locations", + "prefix": "CT4, CT Data is Replicated to Untrusted or External Locations", "body": [ - "- CCC.TH04 # Resource is replicated to untrusted or external locations" + "- CCC.TH04 # Data is Replicated to Untrusted or External Locations" ], - "description": "Common Threat Resource is replicated to untrusted or external locations" + "description": "Common Threat Data is Replicated to Untrusted or External Locations" }, - "Data is corrupted during replication": { + "Data is Corrupted During Replication": { "scope": "yaml", - "prefix": "CT5, CT Data is corrupted during replication", + "prefix": "CT5, CT Data is Corrupted During Replication", "body": [ - "- CCC.TH05 # Data is corrupted during replication" + "- CCC.TH05 # Data is Corrupted During Replication" ], - "description": "Common Threat Data is corrupted during replication" + "description": "Common Threat Data is Corrupted During Replication" }, - "Data is lost or corrupted": { + "Data is Lost or Corrupted": { "scope": "yaml", - "prefix": "CT6, CT Data is lost or corrupted", + "prefix": "CT6, CT Data is Lost or Corrupted", "body": [ - "- CCC.TH06 # Data is lost or corrupted" + "- CCC.TH06 # Data is Lost or Corrupted" ], - "description": "Common Threat Data is lost or corrupted" + "description": "Common Threat Data is Lost or Corrupted" }, "Logs are Tampered With or Deleted": { "scope": "yaml", @@ -87,28 +87,36 @@ ], "description": "Common Threat Event Notifications are Incorrectly Triggered" }, - "Resource constraints are exhaustedResource Tags Are Manipulated": { + "Resource Constraints are Exhausted": { "scope": "yaml", - "prefix": "CT12, CT Resource constraints are exhaustedResource Tags Are Manipulated", + "prefix": "CT12, CT Resource Constraints are Exhausted", "body": [ - "- CCC.TH12 # Resource constraints are exhaustedResource Tags Are Manipulated" + "- CCC.TH12 # Resource Constraints are Exhausted" ], - "description": "Common Threat Resource constraints are exhaustedResource Tags Are Manipulated" + "description": "Common Threat Resource Constraints are Exhausted" }, - "Resource Tags Are Manipulated": { + "Resource Tags are Manipulated": { "scope": "yaml", - "prefix": "CT13, CT Resource Tags Are Manipulated", + "prefix": "CT13, CT Resource Tags are Manipulated", "body": [ - "- CCC.TH13 # Resource Tags Are Manipulated" + "- CCC.TH13 # Resource Tags are Manipulated" ], - "description": "Common Threat Resource Tags Are Manipulated" + "description": "Common Threat Resource Tags are Manipulated" }, - "Older Resource Versions Are Exploited": { + "Older Resource Versions are Exploited": { "scope": "yaml", - "prefix": "CT14, CT Older Resource Versions Are Exploited", + "prefix": "CT14, CT Older Resource Versions are Exploited", "body": [ - "- CCC.TH14 # Older Resource Versions Are Exploited" + "- CCC.TH14 # Older Resource Versions are Exploited" ], - "description": "Common Threat Older Resource Versions Are Exploited" + "description": "Common Threat Older Resource Versions are Exploited" + }, + "Automated Enumeration and Reconnaissance by Non-human Entities": { + "scope": "yaml", + "prefix": "CT14, CT Automated Enumeration and Reconnaissance by Non-human Entities", + "body": [ + "- CCC.TH14 # Automated Enumeration and Reconnaissance by Non-human Entities" + ], + "description": "Common Threat Automated Enumeration and Reconnaissance by Non-human Entities" }, } \ No newline at end of file diff --git a/services/common-controls.yaml b/services/common-controls.yaml index 41a154ae..bc346e2e 100644 --- a/services/common-controls.yaml +++ b/services/common-controls.yaml @@ -7,15 +7,15 @@ control_families: - Network Security controls: - - id: CCC.C01 # Prevent unencrypted requests - title: Prevent unencrypted requests + - id: CCC.C01 + title: Prevent Unencrypted Requests objective: | Ensure that all communications are encrypted in transit to protect data integrity and confidentiality. control_family: Data + nist_csf: PR.DS-02 # Data-in-transit is protected threats: - - CCC.TH02 # Data is intercepted in transit - nist_csf: PR.DS-02 + - CCC.TH02 # Data is Intercepted in Transit control_mappings: CCM: - IVS-03 @@ -45,15 +45,15 @@ controls: - tlp_amber - tlp_red - - id: CCC.C02 # Ensure data encryption at rest for all stored data - title: Ensure data encryption at rest for all stored data + - id: CCC.C02 + title: Ensure Data Encryption at Rest for All Stored Data objective: | Ensure that all data stored is encrypted at rest to maintain confidentiality and integrity. control_family: Encryption + nist_csf: PR.DS-1 # Data-at-rest is protected threats: - - CCC.TH01 # Access control is misconfigured - nist_csf: PR.DS-1 # Data-at-rest is protected. + - CCC.TH01 # Access Control is Misconfigured control_mappings: CCM: [] ISO_27001: [] @@ -70,8 +70,8 @@ controls: - tlp_amber - tlp_red - - id: CCC.C03 # Implement multi-factor authentication (MFA) for access - title: Implement multi-factor authentication (MFA) for access + - id: CCC.C03 + title: Implement Multi-factor Authentication (MFA) for Access objective: | Ensure that all sensitive activities require two or more identity factors during authentication to prevent unauthorized access. This may include @@ -79,9 +79,10 @@ controls: case of programattically accessible services, such as API endpoints, this includes a combination of API keys or tokens and network restrictions. control_family: Identity and Access Management + nist_csf: PR.AC-7 # Users, devices, and other assets are authenticated + # commensurate with the risk of the transaction threats: - - CCC.TH01 # Access control is misconfigured - nist_csf: PR.AC-7 + - CCC.TH01 # Access Control is Misconfigured control_mappings: CCM: - IAM-03 @@ -91,7 +92,7 @@ controls: NIST_800_53: - IA-2 test_requirements: - - id: CCC.C03.TR01 # modification auth + - id: CCC.C03.TR01 text: | When an entity attempts to modify the service, the service MUST attempt to verify the client's identity through an authentication @@ -101,7 +102,7 @@ controls: - tlp_green - tlp_amber - tlp_red - - id: CCC.C03.TR02 # amber/red view auth + - id: CCC.C03.TR02 text: | When an entity attempts to view information presented by the service, service, the service MUST attempt to verify the client's identity @@ -109,7 +110,7 @@ controls: tlp_levels: - tlp_amber - tlp_red - - id: CCC.C03.TR03 # amber/red UI view MFA + - id: CCC.C03.TR03 text: | When an entity attempts to view information on the service through a user interface, the authentication process MUST require multiple @@ -117,7 +118,7 @@ controls: tlp_levels: - tlp_amber - tlp_red - - id: CCC.C03.TR04 # API modify allowlist + - id: CCC.C03.TR04 text: | When an entity attempts to modify the service through an API endpoint, the authentication process MUST be limited to a @@ -127,7 +128,7 @@ controls: - tlp_green - tlp_amber - tlp_red - - id: CCC.C03.TR05 # amber/red API view allowlist + - id: CCC.C03.TR05 text: | When an entity attempts to view information on the service through an API endpoint, the authentication process MUST be limited to a @@ -135,7 +136,7 @@ controls: tlp_levels: - tlp_amber - tlp_red - - id: CCC.C03.TR06 # UI modify MFA + - id: CCC.C03.TR06 text: | When an entity attempts to modify the service through a user interface, the authentication process MUST require multiple @@ -146,15 +147,16 @@ controls: - tlp_amber - tlp_red - - id: CCC.C04 # Log all access and changes - title: Log all access and changes + - id: CCC.C04 + title: Log All Access and Changes objective: | Ensure that all access and changes are logged to maintain a detailed audit trail for security and compliance purposes. control_family: Logging & Monitoring + nist_csf: DE.AE-3 # Event data are collected and correlated from multiple + # sources and sensors threats: - - CCC.TH01 # Access control is misconfigured - nist_csf: DE.AE-3 + - CCC.TH01 # Access Control is Misconfigured control_mappings: CCM: [] ISO_27001: [] @@ -186,8 +188,8 @@ controls: - tlp_amber - tlp_red - - id: CCC.C05 # Prevent access from untrusted entities - title: Prevent access from untrusted entities + - id: CCC.C05 + title: Prevent Access from Untrusted Entities objective: | Ensure that secure access controls prevent unauthorized access, mitigate risks of data exfiltration, and block misuse of services @@ -195,9 +197,9 @@ controls: criteria such as IP allowlists, domain restrictions, and tenant isolation. control_family: Identity and Access Management + nist_csf: PR.AC-3 # Remote access is managed threats: - - CCC.TH01 # Access control is misconfigured - nist_csf: PR.AC-3 + - CCC.TH01 # Access Control is Misconfigured control_mappings: CCM: - DS-5 @@ -206,7 +208,7 @@ controls: NIST_800_53: - AC-3 test_requirements: - - id: CCC.C05.TR01 # Block untrusted sources + - id: CCC.C05.TR01 text: | When access to sensitive resources is attempted, the service MUST block requests from untrusted sources, including IP addresses, @@ -215,7 +217,7 @@ controls: tlp_levels: - tlp_amber - tlp_red - - id: CCC.C05.TR02 # Admin access restrictions + - id: CCC.C05.TR02 text: | When administrative access is attempted, the service MUST validate that the request originates from an explicitly allowed source as @@ -225,7 +227,7 @@ controls: - tlp_green - tlp_amber - tlp_red - - id: CCC.C05.TR03 # Prevent cross-tenant access + - id: CCC.C05.TR03 text: | When resources are accessed in a multi-tenant environment, the service MUST enforce isolation by allowing access only to explicitly @@ -233,7 +235,7 @@ controls: tlp_levels: - tlp_amber - tlp_red - - id: CCC.C05.TR04 # Unauthorized access attempts logging + - id: CCC.C05.TR04 text: | When an access attempt from an untrusted source is blocked, the service MUST log the event, including the source details, time, @@ -244,8 +246,8 @@ controls: - tlp_amber - tlp_red - - id: CCC.C06 # Prevent deployment in restricted regions - title: Prevent deployment in restricted regions + - id: CCC.C06 + title: Prevent Deployment in Restricted Regions objective: | Ensure that resources are not provisioned or deployed in geographic regions or cloud availability zones that have been @@ -253,9 +255,9 @@ controls: regulatory requirements and reduce exposure to geopolitical risks. control_family: Data + nist_csf: PR.DS-1 # Data-at-rest is protected threats: - - CCC.TH03 # Deployment region network is untrusted - nist_csf: PR.DS-1 + - CCC.TH03 # Deployment Region Network is Untrusted control_mappings: CCM: - DSI-06 @@ -286,16 +288,21 @@ controls: - tlp_amber - tlp_red - - id: CCC.C07 # Alert on unusal enumeration + - id: CCC.C07 title: Alert on Unusual Enumeration Activity - control_family: Logging & Monitoring objective: | Ensure that logs and associated alerts are generated when unusual enumeration activity is detected that may indicate reconnaissance activities. + control_family: Logging & Monitoring + nist_csf: DE.AE-1 # A baseline of network operations and expected data + # flows for users and systems is established and managed threats: - CCC.TH15 # Automated Enumeration - nist_csf: DE.AE-1 + control_mappings: + CCM: [] + ISO_27001: [] + NIST_800_53: [] test_requirements: - id: CCC.C07.TR01 text: | @@ -315,16 +322,21 @@ controls: - tlp_amber - tlp_red - - id: CCC.C08 # Enable multi-zone or multi-region data replication - title: Enable multi-zone or multi-region data replication - control_family: Data + - id: CCC.C08 + title: Enable Multi-zone or Multi-region Data Replication objective: | Ensure that data is replicated across multiple zones or regions to protect against data loss due to hardware failures, natural disasters, or other catastrophic events. + control_family: Data + nist_csf: PR.PT-5 # Audit/log records are determined, documented, + # implemented, and reviewed in accordance with policy threats: - - CCC.TH06 # Data is lost or corrupted - nist_csf: PR.PT-5 + - CCC.TH06 # Data is Lost or Corrupted + control_mappings: + CCM: [] + ISO_27001: [] + NIST_800_53: [] test_requirements: - id: CCC.C08.TR01 text: | @@ -345,18 +357,23 @@ controls: - tlp_amber - tlp_red - - id: CCC.C09 # Prevent tampering, deletion, or unauthorized access - title: Prevent tampering, deletion, or unauthorized access to access logs - control_family: Data + - id: CCC.C09 + title: Prevent Tampering, Deletion, or Unauthorized Access to Access Logs objective: | Access logs should always be considered sensitive. Ensure that access logs are protected against unauthorized access, tampering, or deletion. + control_family: Data + nist_csf: PR.DS-6 # Integrity checking mechanisms are used to verify + # software, firmware, and information integrity threats: - - CCC.TH07 # Logs are Tampered With or Deleted + - CCC.TH07 # Logs are Tampered with or Deleted - CCC.TH09 # Logs or Monitoring Data are Read by Unauthorized Users - - CCC.TH04 # Data is replicated to untrusted or external locations - nist_csf: PR.DS-6 # Integrity checking mechanisms are used + - CCC.TH04 # Data is Replicated to Untrusted or External Locations + control_mappings: + CCM: [] + ISO_27001: [] + NIST_800_53: [] test_requirements: - id: CCC.C09.TR01 text: | @@ -386,18 +403,22 @@ controls: - tlp_green - tlp_clear - - id: CCC.C10 # Prevent data replication to destinations outside of perimeter - title: Prevent data replication to destinations outside of defined - trust perimeter - control_family: Data + - id: CCC.C10 + title: Prevent Data Replication to Destinations Outside of Defined + Trust Perimeter objective: | Prevent replication of data to untrusted destinations outside of defined trust perimeter. An untrusted destination is defined as a resource that exists outside of a specified trusted identity or network or data perimeter. - threats: - - CCC.TH04 # Data is replicated to untrusted or external locations + control_family: Data nist_csf: PR.DS-5 # Protections against data leaks are implemented + threats: + - CCC.TH04 # Data is Replicated to Untrusted or External Locations + control_mappings: + CCM: [] + ISO_27001: [] + NIST_800_53: [] test_requirements: - id: CCC.C10.TR01 text: | @@ -408,16 +429,16 @@ controls: - tlp_amber - tlp_red - - id: CCC.C11 # Enforce Key Management Policies + - id: CCC.C11 title: Enforce Key Management Policies objective: | Ensure that encryption keys are managed securely by enforcing the use of approved algorithms, regular key rotation, and customer-managed encryption keys (CMEKs). control_family: Encryption - threats: - - CCC.TH16 # Non-compliance with encryption key management policies nist_csf: PR.DS-1 # Data-at-rest is protected + threats: + - CCC.TH16 # Non-compliance with Encryption Key Management Policies control_mappings: CCM: - EKM-02 @@ -425,8 +446,8 @@ controls: ISO_27001: - 2013 A.10.1.2 NIST_800_53: - - SC-12 # Cryptographic Key Establishment and Management - - SC-17 # Public Key Infrastructure Certificates + - SC-12 # Cryptographic key establishment and management + - SC-17 # Public key infrastructure certificates test_requirements: - id: CCC.C11.TR01 text: | diff --git a/services/common-features.yaml b/services/common-features.yaml index 8a2f5536..88683684 100644 --- a/services/common-features.yaml +++ b/services/common-features.yaml @@ -1,131 +1,131 @@ features: - - id: CCC.F01 # Encryption in Transit Enabled by Default + - id: CCC.F01 title: Encryption in Transit Enabled by Default description: | Provides default encryption of data in transit through SSL or TLS. - - id: CCC.F02 # Encryption at Rest Enabled by Default + - id: CCC.F02 title: Encryption at Rest Enabled by Default description: | Provides default encryption of data before storage, with the option for clients to maintain control over the encryption keys. - - id: CCC.F03 # Access/Activity Logs + - id: CCC.F03 title: Access/Activity Logs description: | Provides users with the ability to track all requests made to or activities performed on resources for audit purposes. - - id: CCC.F04 # Transaction Rate Limits + - id: CCC.F04 title: Transaction Rate Limits description: | Allows the setting of a threshold where industry-standard throughput is achieved up to the specified rate limit. - - id: CCC.F05 # Signed URLs + - id: CCC.F05 title: Signed URLs description: | Provides the ability to grant temporary or restricted access to a resource through a custom URL that contains authentication information. - - id: CCC.F06 # Identity Based Access Control + - id: CCC.F06 title: Identity Based Access Control description: | Provides the ability to determine access to resources based on attributes associated with a user identity. - - id: CCC.F07 # Event Notifications + - id: CCC.F07 title: Event Notifications description: | Publishes events for creation, deletion, and modification of objects in a way that enables users to trigger actions in response. - - id: CCC.F08 # Multi-zone Deployment + - id: CCC.F08 title: Multi-zone Deployment description: | Provides the ability for the service to be deployed in multiple availability zones or regions to increase availability and fault tolerance. - - id: CCC.F09 # Monitoring + - id: CCC.F09 title: Monitoring description: | Provides the ability to continuously observe, track, and analyze the performance, availability, and health of the service resources or applications. - - id: CCC.F10 # Logging + - id: CCC.F10 title: Logging description: | Provides the ability to transmit system events, application activities, and/or user interactions to a logging service - - id: CCC.F11 # Backup + - id: CCC.F11 title: Backup description: | Provides the ability to create copies of associated data or configurations in the form of automated backups, snapshot-based backups, and/or incremental backups. - - id: CCC.F12 # Recovery + - id: CCC.F12 title: Recovery description: | Provides the ability to restore data, a system, or an application to a functional state after an incident such as data loss, corruption or a disaster. - - id: CCC.F13 # Infrastructure as Code + - id: CCC.F13 title: Infrastructure as Code description: | Allows for managing and provisioning service resources through machine-readable configuration files, such as templates. - - id: CCC.F14 # API Access + - id: CCC.F14 title: API Access description: | Allows users to interact programmatically with the service and its resources using APIs, SDKs and CLI. - - id: CCC.F15 # Cost Management + - id: CCC.F15 title: Cost Management description: | Provides the ability to filter spending and to detect cost anomalies for the service. - - id: CCC.F16 # Budgeting + - id: CCC.F16 title: Budgeting description: | Provides the ability to trigger alerts when spending thresholds are approached or exceeded for the service. - - id: CCC.F17 # Alerting + - id: CCC.F17 title: Alerting description: | Provides the ability to set an alarm based on performance metrics, logs, events or spending thresholds of the service. - - id: CCC.F18 # Versioning + - id: CCC.F18 title: Versioning description: | Provides the ability to maintain multiple versions of the same resource. - - id: CCC.F19 # On-Demand Scaling - title: On-Demand Scaling + - id: CCC.F19 + title: On-demand Scaling description: | Provide scaling of resources based on demand. - - id: CCC.F20 # Tagging + - id: CCC.F20 title: Tagging description: | Provide the ability to tag a resource to effectively manage and gain insights of the resource. - - id: CCC.F21 # Replication + - id: CCC.F21 title: Replication description: | Provides the ability to copy data or resource to multiple locations to ensure availability and durability. - - id: CCC.F22 # Location Lock-In + - id: CCC.F22 title: Location Lock-In description: | Provides the ability to control where the resources are created. - - id: CCC.F23 # Network Access Rules + - id: CCC.F23 title: Network Access Rules description: | Ability to control access to the resource by defining network access rules. diff --git a/services/common-threats.yaml b/services/common-threats.yaml index a27b6df4..e9731e9f 100644 --- a/services/common-threats.yaml +++ b/services/common-threats.yaml @@ -1,6 +1,6 @@ threats: - - id: CCC.TH01 # Access control is misconfigured - title: Access control is misconfigured + - id: CCC.TH01 + title: Access Control is Misconfigured description: | An attacker can exploit misconfigured access controls to grant excessive privileges or gain unauthorized access to sensitive resources. @@ -20,8 +20,8 @@ threats: - T1565 # Data Manipulation - T1027 # Obfuscated Files or Information - - id: CCC.TH02 # Data is intercepted in transit - title: Data is intercepted in transit + - id: CCC.TH02 + title: Data is Intercepted in Transit description: | In the event that encrypted communication is not properly in effect, an attacker can intercept traffic between clients and the service to read or @@ -32,8 +32,8 @@ threats: - T1557 # Adversary-in-the-Middle - T1040 # Network Sniffing - - id: CCC.TH03 # Deployment region network is untrusted - title: Deployment region network is untrusted + - id: CCC.TH03 + title: Deployment Region Network is Untrusted description: | If any part of the service is deployed in a hostile, unstable, or insecure location, an attacker may attempt to access the resource or @@ -48,8 +48,8 @@ threats: - T1583 # Acquire Infrastructure - T1557 # Adversary-in-the-Middle - - id: CCC.TH04 # Data is replicated to untrusted or external locations - title: Data is replicated to untrusted or external locations + - id: CCC.TH04 + title: Data is Replicated to Untrusted or External Locations description: | An attacker could replicate data to untrusted or external locations if replication configurations are not properly restricted. This could result in data leakage or exposure to unauthorized entities @@ -59,8 +59,8 @@ threats: mitre_technique: - T1565 # Data Manipulation - - id: CCC.TH05 # Data is corrupted during replication - title: Data is corrupted during replication + - id: CCC.TH05 + title: Data is Corrupted During Replication description: | Malicious actors may attempt to corrupt, delay, or delete data during replication processes across multiple regions or availability zones, @@ -75,8 +75,8 @@ threats: - T1491 # Defacement - T1490 # Inhibit System Recovery - - id: CCC.TH06 # Data is lost or corrupted - title: Data is lost or corrupted + - id: CCC.TH06 + title: Data is Lost or Corrupted description: | Data loss or corruption can occur due to accidental deletion, misconfiguration, or malicious activity. This can result in the loss of @@ -91,7 +91,7 @@ threats: - T1491 # Defacement - T1490 # Inhibit System Recovery - - id: CCC.TH07 # Logs are Tampered With or Deleted + - id: CCC.TH07 title: Logs are Tampered With or Deleted description: | Attackers may tamper with or delete logs to cover their tracks and evade @@ -105,7 +105,7 @@ threats: - T1565 # Data Manipulation (for altering log entries) - T1027 # Obfuscated Files or Information (if log files are altered to hide activity) - - id: CCC.TH08 # Cost Management Data is Manipulated + - id: CCC.TH08 title: Cost Management Data is Manipulated description: | Attackers may manipulate cost management data to hide excessive resource @@ -117,7 +117,7 @@ threats: - T1565 # Data Manipulation - T1070 # Indicator Removal on Host - - id: CCC.TH09 # Logs or Monitoring Data are Read by Unauthorized Users + - id: CCC.TH09 title: Logs or Monitoring Data are Read by Unauthorized Users description: | Unauthorized access to logs or monitoring data can provide attackers with @@ -142,7 +142,7 @@ threats: - T1497 # Virtualization/Sandbox Evasion - T1518 # Software Discovery - - id: CCC.TH10 # Alerts are Intercepted + - id: CCC.TH10 title: Alerts are Intercepted description: | Malicious actors may exploit event notifications to monitor and @@ -157,7 +157,7 @@ threats: - T1049 # System Network Connections Discovery - T1083 # File and Directory Discovery - - id: CCC.TH11 # Event Notifications are Incorrectly Triggered + - id: CCC.TH11 title: Event Notifications are Incorrectly Triggered description: | Malicious actors may exploit event notifications to trigger sensitive @@ -172,8 +172,8 @@ threats: - T1001.001 # Data Obfuscation: Junk Data - T1491.001 # Defacement: Internal Defacement - - id: CCC.TH12 # Resource constraints are exhausted - title: Resource constraints are exhausted + - id: CCC.TH12 + title: Resource Constraints are Exhausted description: | An attack or misconfiguration can consume all available resources, such as memory, CPU, or storage, to disrupt the service or deny access to @@ -190,8 +190,8 @@ threats: - T1499 # Endpoint Denial of Service - T1498 # Network Denial of Service - - id: CCC.TH13 # Resource Tags Are Manipulated - title: Resource Tags Are Manipulated + - id: CCC.TH13 + title: Resource Tags are Manipulated description: | Attackers may manipulate resource tags to alter organizational policies, disrupt billing, or evade detection. This can result in mismanaged @@ -201,8 +201,8 @@ threats: mitre_technique: - T1565 # Data Manipulation - - id: CCC.TH14 # Older Resource Versions Are Exploited - title: Older Resource Versions Are Exploited + - id: CCC.TH14 + title: Older Resource Versions are Exploited description: | Attackers may exploit vulnerabilities in older versions of resources, taking advantage of deprecated or insecure configurations. Without @@ -221,8 +221,8 @@ threats: - T1565 # Data Manipulation - T1489 # Service Stop - - id: CCC.TH15 # Automated Enumeration and Reconnaissance by Non-Human Entities - title: Automated Enumeration and Reconnaissance by Non-Human Entities + - id: CCC.TH15 + title: Automated Enumeration and Reconnaissance by Non-human Entities description: | Attackers may deploy automated processes or bots to perform reconnaissance activities by enumerating resources such as APIs, file systems, or directories. diff --git a/services/networking/vpc/controls.yaml b/services/networking/vpc/controls.yaml index 4957c33a..e972591f 100644 --- a/services/networking/vpc/controls.yaml +++ b/services/networking/vpc/controls.yaml @@ -1,9 +1,9 @@ common_controls: - - CCC.C01 # Prevent unencrypted requests - - CCC.C03 # Implement multi-factor authentication (MFA) for access - - CCC.C04 # Log all access and changes - - CCC.C05 # Prevent access from untrusted entities - - CCC.C06 # Prevent deployment in restricted regions + - CCC.C01 # Prevent Unencrypted Requests + - CCC.C03 # Implement Multi-factor Authentication (MFA) for Access + - CCC.C04 # Log All Access and Changes + - CCC.C05 # Prevent Access from Untrusted Entities + - CCC.C06 # Prevent Deployment in Restricted Regions controls: - id: CCC.VPC.C01 @@ -14,8 +14,8 @@ controls: configurations and enforce custom network policies. control_family: Network Security threats: - - CCC.VPC.TH01 # Unauthorized Access via Insecure Default Networks - nist_csf: PR.AC-5 + - CCC.VPC.TH01 # Unauthorized Access via Insecure Default Networks + nist_csf: PR.AC-5 # Network integrity is protected control_mappings: CCM: - TVM-02 @@ -39,8 +39,8 @@ controls: direct access to the internet to minimize attack surfaces. control_family: Network Security threats: - - CCC.VPC.TH02 # Exposure of Resources to Public Internet - nist_csf: PR.AC-3 + - CCC.VPC.TH02 # Exposure of Resources to Public Internet + nist_csf: PR.AC-3 # Remote access is managed control_mappings: CCM: - SEF-05 @@ -64,8 +64,8 @@ controls: controls. control_family: Network Security threats: - - CCC.VPC.TH03 # Unauthorized Network Access through VPC Peering - nist_csf: PR.AC-3 + - CCC.VPC.TH03 # Unauthorized Network Access Through VPC Peering + nist_csf: PR.AC-3 # Remote access is managed control_mappings: CCM: - IVS-01 @@ -85,14 +85,15 @@ controls: - tlp_red - id: CCC.VPC.C04 - title: Enforce VPC Flow Logs on VPCs. + title: Enforce VPC Flow Logs on VPCs objective: | Ensure VPCs are configured with flow logs enabled to capture traffic information. control_family: Network Security threats: - - CCC.VPC.TH04 # Lack of Network Visibility Due to Disabled VPC Flow Logs - nist_csf: PR.PT-1 + - CCC.VPC.TH04 # Lack of Network Visibility due to Disabled VPC Flow Logs + nist_csf: PR.PT-1 # Audit/log records are determined, documented, implemented, + # and reviewed in accordance with policy control_mappings: CCM: - IVS-06 diff --git a/services/networking/vpc/features.yaml b/services/networking/vpc/features.yaml index 49cbb843..a2835714 100644 --- a/services/networking/vpc/features.yaml +++ b/services/networking/vpc/features.yaml @@ -6,82 +6,98 @@ common_features: - CCC.F13 # Infrastructure as Code - CCC.F20 # Tagging features: - - id: CCC.VPC.F01 # Isolated Custom Network Creation + - id: CCC.VPC.F01 title: Isolated Custom Network Creation description: | Ability to create a virtual network that is isolated from other users of the same public cloud. - - id: CCC.VPC.F02 # IPv4 CIDR block - title: IPv4 CIDR block + + - id: CCC.VPC.F02 + title: IPv4 CIDR Block description: | Ability to specify a IPv4 CIDR block to the virtual network. - - id: CCC.VPC.F03 # IPv6 CIDR block - title: IPv6 CIDR block + + - id: CCC.VPC.F03 + title: IPv6 CIDR Block description: | Ability to specify a IPv6 CIDR block to the virtual network. - - id: CCC.VPC.F04 # Public Subnet Creation + + - id: CCC.VPC.F04 title: Public Subnet Creation description: | Ability to create a subnet that allows resources within the subnet to communicate with the public internet. - - id: CCC.VPC.F05 # Private Subnet Creation + + - id: CCC.VPC.F05 title: Private Subnet Creation description: | Ability to create a subnet that resources within the subnet cannot directly access the public internet. - - id: CCC.VPC.F06 # Multiple Availability Zones for Subnets + + - id: CCC.VPC.F06 title: Multiple Availability Zones for Subnets description: | Ability to spread the subnets in more than one availability zones. - - id: CCC.VPC.F07 # Routing Control + + - id: CCC.VPC.F07 title: Routing Control description: | Ability to control traffic within the VPC and between the VPC and the internet or on-premises networks using customizable route tables. - - id: CCC.VPC.F08 # Connectivity Options - Internet Gateway + + - id: CCC.VPC.F08 title: Connectivity Options - Internet Gateway description: | Enables direct internet access for resources within a VPC. - - id: CCC.VPC.F09 # Connectivity Options - NAT Gateways + + - id: CCC.VPC.F09 title: Connectivity Options - NAT Gateways description: | Allows instances in private subnets to access the internet without exposing them to inbound internet traffic. - - id: CCC.VPC.F10 # Connectivity Options - Private Connection + + - id: CCC.VPC.F10 title: Connectivity Options - Private Connection description: | Dedicated, private, high-speed connections between on-premises networks and cloud VPC. - - id: CCC.VPC.F11 # Connectivity Options - VPC Peering + + - id: CCC.VPC.F11 title: Connectivity Options - VPC Peering description: | Establishing a private connection between two VPCs to communicate seamlessly. - - id: CCC.VPC.F12 # Connectivity Options - Transit Gateways + + - id: CCC.VPC.F12 title: Connectivity Options - Transit Gateways description: | A hub-and-spoke model for connecting multiple VPCs and on-premises networks. - - id: CCC.VPC.F13 # Connectivity Option - Site-to-site VPN - title: Connectivity Option - Site-to-site VPN + + - id: CCC.VPC.F13 + title: Connectivity Options - Site-to-site VPN description: | Provides an encrypted connection over the internet between a VPC and an on-premises network. - - id: CCC.VPC.F14 # Built-in DNS Resolution + + - id: CCC.VPC.F14 title: Built-in DNS Resolution description: | Resolves hostnames to IP addresses for instances within the VPC allowing instances to communicate using hostnames instead of IP addresses. - - id: CCC.VPC.F15 # Built-in DHCP Resolution + + - id: CCC.VPC.F15 title: Built-in DHCP Resolution description: | Automatically assign IP addresses, subnet masks, default gateways and other network configurations to instances within the VPC. - - id: CCC.VPC.F16 # Flow Logs + + - id: CCC.VPC.F16 title: Flow Logs description: | Ability to capture information about the IP traffic going through the VPC. - - id: CCC.VPC.F17 # VPC Endpoints + + - id: CCC.VPC.F17 title: VPC Endpoints description: | Ability to allow secure, private connectivity between resources within a VPC diff --git a/services/networking/vpc/threats.yaml b/services/networking/vpc/threats.yaml index 920d3ead..9b698a0a 100644 --- a/services/networking/vpc/threats.yaml +++ b/services/networking/vpc/threats.yaml @@ -1,9 +1,9 @@ common_threats: - - CCC.TH01 # Access control is misconfigured - - CCC.TH02 # Data is intercepted in transit - - CCC.TH03 # Deployment region network is untrusted - - CCC.TH06 # Data is lost or corrupted - - CCC.TH07 # Logs are Tampered With or Deleted + - CCC.TH01 # Access Control is Misconfigured + - CCC.TH02 # Data is Intercepted in Transit + - CCC.TH03 # Deployment Region Network is Untrusted + - CCC.TH06 # Data is Lost or Corrupted + - CCC.TH07 # Logs are Tampered With or Deleted threats: - id: CCC.VPC.TH01 @@ -13,9 +13,9 @@ threats: firewall rules,leading to unauthorized access and potential data breaches. features: - - CCC.VPC.F01 # Custom Network Creation + - CCC.VPC.F01 # Custom Network Creation mitre_technique: - - T1040 # Network Sniffing + - T1040 # Network Sniffing - id: CCC.VPC.TH02 title: Exposure of Resources to Public Internet @@ -26,11 +26,11 @@ threats: features: - CCC.VPC.F04 # Public Subnet Creation mitre_technique: - - T1133 # External Remote Services - - T1078 # Valid Accounts + - T1133 # External Remote Services + - T1078 # Valid Accounts - id: CCC.VPC.TH03 - title: Unauthorized Network Access through VPC Peering + title: Unauthorized Network Access Through VPC Peering description: | Unauthorized VPC peering connections can allow network traffic between untrusted or unapproved subscriptions, leading to potential data @@ -38,19 +38,19 @@ threats: features: - CCC.VPC.F11 # Connectivity Options - VPC Peering mitre_technique: - - T1599 # Network Boundary Bridging + - T1599 # Network Boundary Bridging - id: CCC.VPC.TH04 - title: Lack of Network Visibility Due to Disabled VPC Flow Logs + title: Lack of Network Visibility due to Disabled VPC Flow Logs description: | VPC subnets with disabled flow logs lack critical network traffic visibility, which can lead to undetected unauthorized access, data exfiltration, and network misconfigurations. This lack of visibility increases the risk of undetected security incidents. features: - - CCC.VPC.F16 # VPC Flow Logs + - CCC.VPC.F16 # VPC Flow Logs mitre_technique: - - T1562 # Impair Defenses + - T1562 # Impair Defenses - id: CCC.VPC.TH05 title: Overly Permissive VPC Endpoint Policies @@ -58,7 +58,7 @@ threats: VPC Endpoint policies that are overly permissive may inadvertently expose resources within the VPC to unintended principals or external threats. features: - - CCC.VPC.F17 # VPC Endpoints + - CCC.VPC.F17 # VPC Endpoints mitre_technique: - - T1078 # Valid Accounts - - T1071 # Application Layer Protocol + - T1078 # Valid Accounts + - T1071 # Application Layer Protocol diff --git a/services/storage/object/controls.yaml b/services/storage/object/controls.yaml index 10f6d771..650adcb7 100644 --- a/services/storage/object/controls.yaml +++ b/services/storage/object/controls.yaml @@ -1,26 +1,26 @@ common_controls: - - CCC.C01 # Prevent unencrypted requests - - CCC.C02 # Ensure data encryption at rest for all stored data - - CCC.C03 # Implement multi-factor authentication (MFA) for access - - CCC.C04 # Log all access and changes - - CCC.C05 # Prevent access from untrusted entities - - CCC.C06 # Prevent deployment in restricted regions - - CCC.C07 # Alert on non-human enumeration - - CCC.C09 # Prevent tampering, deletion, or unauthorized access to access logs - - CCC.C10 # Prevent data replication to destinations outside of defined trust perimeter + - CCC.C01 # Prevent Unencrypted Requests + - CCC.C02 # Ensure Data Encryption at Rest for All Stored Data + - CCC.C03 # Implement Multi-factor Authentication (MFA) for Access + - CCC.C04 # Log All Access and Changes + - CCC.C05 # Prevent Access from Untrusted Entities + - CCC.C06 # Prevent Deployment in Restricted Regions + - CCC.C07 # Alert on Unusual Enumeration Activity + - CCC.C09 # Prevent Tampering, Deletion, or Unauthorized Access to Access Logs + - CCC.C10 # Prevent Data Replication to Destinations Outside of Defined Trust Perimeter controls: - - id: CCC.ObjStor.C01 # Prevent Requests to Buckets or Objects with Untrusted KMS Keys + - id: CCC.ObjStor.C01 title: Prevent Requests to Buckets or Objects with Untrusted KMS Keys objective: | Prevent any requests to object storage buckets or objects using untrusted KMS keys to protect against unauthorized data encryption that can impact data availability and integrity. control_family: Data - threats: - - CCC.TH01 # Access control is misconfigured - - CCC.TH06 # Data is lost or corrupted nist_csf: PR.DS-1 # Data-at-rest is protected + threats: + - CCC.TH01 # Access Control is Misconfigured + - CCC.TH06 # Data is Lost or Corrupted control_mappings: CCM: - DCS-04 # Data Protection and Encryption @@ -67,18 +67,19 @@ controls: - tlp_amber - tlp_red - - id: CCC.ObjStor.C02 # Enforce uniform bucket-level access to prevent inconsistent - title: Enforce uniform bucket-level access to prevent inconsistent permissions - control_family: Identity and Access Management + - id: CCC.ObjStor.C02 + title: Enforce Uniform Bucket-level Access to Prevent Inconsistent Permissions objective: | Ensure that uniform bucket-level access is enforced across all object storage buckets. This prevents the use of ad-hoc or inconsistent object-level permissions, ensuring centralized, consistent, and secure access management in accordance with the principle of least privilege. + control_family: Identity and Access Management + nist_csf: PR.AC-4 # Access permissions and authorizations are managed, + # incorporating the principles of least privilege and separation of duties threats: - - CCC.TH01 # Access control is misconfigured - nist_csf: PR.AC-4 + - CCC.TH01 # Access Control is Misconfigured control_mappings: CCM: - DCS-09 # Access Control @@ -109,15 +110,19 @@ controls: - tlp_amber - tlp_red - - id: CCC.ObjStor.C03 # Prevent bucket deletion through irrevocable bucket retention policy - title: Prevent bucket deletion through irrevocable bucket retention policy - control_family: Data + - id: CCC.ObjStor.C03 + title: Prevent Bucket Deletion Through Irrevocable Bucket Retention Policy objective: | Ensure that object storage bucket is not deleted after creation, and that the preventative measure cannot be unset. - threats: - - CCC.TH06 # Data is lost or corrupted + control_family: Data nist_csf: PR.DS-1 # Data-at-rest is protected + threats: + - CCC.TH06 # Data is Lost or Corrupted + control_mappings: + CCM: [] + ISO_27001: [] + NIST_800_53: [] test_requirements: - id: CCC.ObjStor.C03.TR01 text: | @@ -128,7 +133,7 @@ controls: - tlp_green - tlp_amber - tlp_red - - id: CCC.ObjStor.C03.TR03 + - id: CCC.ObjStor.C03.TR02 text: | When an attempt is made to modify the retention policy for an object storage bucket, the service MUST prevent the policy from being modified. @@ -138,19 +143,23 @@ controls: - tlp_amber - tlp_red - - id: CCC.ObjStor.C05 # Objects have an effective retention policy by default - title: Objects have an effective retention policy by default - control_family: Data + - id: CCC.ObjStor.C04 + title: Objects have an Effective Retention Policy by Default objective: | Ensure that all objects stored in the object storage system have a retention policy applied by default, preventing premature deletion or modification of objects and ensuring compliance with data retention regulations. - threats: - - CCC.TH06 # Data is lost or corrupted + control_family: Data nist_csf: PR.DS-1 # Data-at-rest is protected + threats: + - CCC.TH06 # Data is Lost or Corrupted + control_mappings: + CCM: [] + ISO_27001: [] + NIST_800_53: [] test_requirements: - - id: CCC.ObjStor.C05.TR01 + - id: CCC.ObjStor.C04.TR01 text: | When an object is uploaded to the object storage system, the object MUST automatically receive a default retention policy that prevents @@ -160,7 +169,7 @@ controls: - tlp_green - tlp_amber - tlp_red - - id: CCC.ObjStor.C05.TR04 + - id: CCC.ObjStor.C04.TR02 text: | When an attempt is made to delete or modify an object that is subject to an active retention policy, the service MUST prevent the action @@ -171,18 +180,22 @@ controls: - tlp_amber - tlp_red - - id: CCC.ObjStor.C06 # Versioning is enabled for all objects in the bucket - title: Versioning is enabled for all objects in the bucket - control_family: Data + - id: CCC.ObjStor.C05 + title: Versioning is Enabled for All Objects in the Bucket objective: | Ensure that versioning is enabled for all objects stored in the object storage bucket to enable recovery of previous versions of objects in case of loss or corruption. - threats: - - CCC.TH06 # Data is lost or corrupted + control_family: Data nist_csf: PR.DS-1 # Data-at-rest is protected + threats: + - CCC.TH06 # Data is Lost or Corrupted + control_mappings: + CCM: [] + ISO_27001: [] + NIST_800_53: [] test_requirements: - - id: CCC.ObjStor.C06.TR01 + - id: CCC.ObjStor.C05.TR01 text: | When an object is uploaded to the object storage bucket, the object MUST be stored with a unique identifier. @@ -210,7 +223,7 @@ controls: - tlp_green - tlp_amber - tlp_red - - id: CCC.ObjStor.C06.TR04 + - id: CCC.ObjStor.C05.TR02 text: | When an object is deleted, the service MUST retain other versions of the object to allow for recovery of previous versions. @@ -220,20 +233,24 @@ controls: - tlp_amber - tlp_red - - id: CCC.ObjStor.C07 # Access logs are stored in a data store - title: Access logs are stored in a separate data store - control_family: Data + - id: CCC.ObjStor.C06 + title: Access Logs are Stored in a Separate Data Store objective: | Ensure that access logs for object storage buckets are stored in a separate data store to protect against unauthorized access, tampering, or deletion of logs (Logbuckets are exempt from this requirement, but must be tlp_red). + control_family: Data + nist_csf: PR.DS-6 # Integrity checking mechanisms are used threats: - CCC.TH07 # Logs are Tampered With or Deleted - CCC.TH09 # Logs or Monitoring Data are Read by Unauthorized Users - nist_csf: PR.DS-6 # Integrity checking mechanisms are used + control_mappings: + CCM: [] + ISO_27001: [] + NIST_800_53: [] test_requirements: - - id: CCC.ObjStor.C07.TR01 + - id: CCC.ObjStor.C06.TR01 text: | When an object storage bucket is accessed, the service MUST store access logs in a separate data store. diff --git a/services/storage/object/features.yaml b/services/storage/object/features.yaml index e7bcc914..c59491a9 100644 --- a/services/storage/object/features.yaml +++ b/services/storage/object/features.yaml @@ -13,59 +13,72 @@ common_features: - CCC.F12 # Restore - CCC.F14 # API Access - CCC.F18 # Versioning + - CCC.F20 # Tagging - CCC.F21 # Replication + - CCC.F22 # Location Lock-In features: - - id: CCC.ObjStor.F01 # Storage Buckets + - id: CCC.ObjStor.F01 title: Storage Buckets description: | Provides uniquely identifiable segmentations in which data elements may be stored. - - id: CCC.ObjStor.F02 # Storage Objects + + - id: CCC.ObjStor.F02 title: Storage Objects description: | Supports storing, accessing, and managing data elements which contain both data and metadata. - - id: CCC.ObjStor.F03 # Bucket Capacity Limit + + - id: CCC.ObjStor.F03 title: Bucket Capacity Limit description: | Provides the ability to set a maximum total capacity for objects within a bucket. - - id: CCC.ObjStor.F04 # Object Size Limit + + - id: CCC.ObjStor.F04 title: Object Size Limit description: | Supports setting a maximum object size for storing objects. - - id: CCC.ObjStor.F05 # Ability to store new objects - title: Ability to store new objects + + - id: CCC.ObjStor.F05 + title: Store New Objects description: | Supports for storing a new object in the bucket. - - id: CCC.ObjStor.F06 # Ability to replace stored objects - title: Ability to replace stored objects + + - id: CCC.ObjStor.F06 + title: Replace Stored Objects description: | Supports for replacing an object in the bucket with a new object for the same key. - - id: CCC.ObjStor.F07 # Ability to delete stored objects - title: Ability to delete stored objects + + - id: CCC.ObjStor.F07 + title: Delete Stored Objects description: | Supports for deleting objects from the bucket given the object key. - - id: CCC.ObjStor.F08 # Lifecycle Policies + + - id: CCC.ObjStor.F08 title: Lifecycle Policies description: | Supports defining policies to automate data management tasks. - - id: CCC.ObjStor.F09 # Object Modification Locks + + - id: CCC.ObjStor.F09 title: Object Modification Locks description: | Allows locking of objects to disable modification and/or deletion of an object for a defined period of time. - - id: CCC.ObjStor.F10 # Object Level Access Control + + - id: CCC.ObjStor.F10 title: Object Level Access Control description: | Supports controlling access to specific objects within the object store. - - id: CCC.ObjStor.F11 # Querying + + - id: CCC.ObjStor.F11 title: Querying description: | Supports performing simple select queries to retrieve only a subset of objects from the bucket. - - id: CCC.ObjStor.F12 # Storage Classes + + - id: CCC.ObjStor.F12 title: Storage Classes description: | Provides different storage classes for frequently and infrequently diff --git a/services/storage/object/tests/ccc-os-c08.feature b/services/storage/object/tests/ccc-os-c08.feature deleted file mode 100644 index bc81f15c..00000000 --- a/services/storage/object/tests/ccc-os-c08.feature +++ /dev/null @@ -1,13 +0,0 @@ -@CCC.OS.C08.TR01 -Feature: Verify that object storage replication configurations are prevented from replicating to untrusted destinations - -""" -This feature ensures that object storage replication configurations are securely managed and do not allow replication to untrusted or unauthorized destinations. -""" - -@CCC.OS.C08.TR01.T01 -Scenario: Prevent replication to destinations outside a defined identity and network perimeter - Given you own the object storage bucket - And a defined identity and network perimeter is established for trusted destinations - When an attempt is made to replicate data to a destination outside this perimeter - Then the replication is denied \ No newline at end of file diff --git a/services/storage/object/threats.yaml b/services/storage/object/threats.yaml index 74a98a5c..d22a61f5 100644 --- a/services/storage/object/threats.yaml +++ b/services/storage/object/threats.yaml @@ -1,23 +1,23 @@ common_threats: - - CCC.TH01 # Unauthorized access through elevated privileges - - CCC.TH02 # Data is intercepted in transit - - CCC.TH03 # Deployment region network is untrusted - - CCC.TH04 # Data is replicated to untrusted or external locations - - CCC.TH05 # Data is corrupted during replication - - CCC.TH06 # Data is lost or corrupted + - CCC.TH01 # Access Control is Misconfigured + - CCC.TH02 # Data is Intercepted in Transit + - CCC.TH03 # Deployment Region Network is Untrusted + - CCC.TH04 # Data is Replicated to Untrusted or External Locations + - CCC.TH05 # Data is Corrupted During Replication + - CCC.TH06 # Data is Lost or Corrupted - CCC.TH07 # Logs are Tampered With or Deleted - CCC.TH08 # Cost Management Data is Manipulated - CCC.TH09 # Logs or Monitoring Data are Read by Unauthorized Users - CCC.TH10 # Alerts are Intercepted - CCC.TH11 # Event Notifications are Incorrectly Triggered - - CCC.TH12 # Resource constraints are exhausted - - CCC.TH13 # Resource Tags Are Manipulated - - CCC.TH14 # Older Resource Versions Are Exploited - - CCC.TH15 # Automated Enumeration and Reconnaissance by Non-Human Entities + - CCC.TH12 # Resource Constraints are Exhausted + - CCC.TH13 # Resource Tags are Manipulated + - CCC.TH14 # Older Resource Versions are Exploited + - CCC.TH15 # Automated Enumeration and Reconnaissance by Non-human Entities threats: - - id: CCC.ObjStor.TH01 # Data exfiltration via insecure lifecycle policies - title: Data exfiltration via insecure lifecycle policies + - id: CCC.ObjStor.TH01 + title: Data Exfiltration via Insecure Lifecycle Policies description: | Misconfigured lifecycle policies may unintentionally allow data to be exfiltrated or destroyed prematurely, resulting in a loss of availability @@ -32,8 +32,8 @@ threats: - T1048 # Exfiltration Over Alternative Protocol - T1485 # Data Destruction - - id: CCC.ObjStor.TH02 # Improper enforcement of object modification locks - title: Improper enforcement of object modification locks + - id: CCC.ObjStor.TH02 + title: Improper Enforcement of Object Modification Locks description: | Attackers may exploit vulnerabilities in object modification locks to delete or alter objects despite the lock being in place, leading to data From 2f5273d4c075d8ad53f919ca157f7929357ebeab Mon Sep 17 00:00:00 2001 From: Michael Lysaght <31510876+mlysaght2017@users.noreply.github.com> Date: Sun, 8 Dec 2024 20:55:07 +0100 Subject: [PATCH 18/53] Add in additional common threats and controls for VPC (#583) --- services/networking/vpc/controls.yaml | 2 ++ services/networking/vpc/threats.yaml | 3 +++ 2 files changed, 5 insertions(+) diff --git a/services/networking/vpc/controls.yaml b/services/networking/vpc/controls.yaml index e972591f..a75b572a 100644 --- a/services/networking/vpc/controls.yaml +++ b/services/networking/vpc/controls.yaml @@ -4,6 +4,8 @@ common_controls: - CCC.C04 # Log All Access and Changes - CCC.C05 # Prevent Access from Untrusted Entities - CCC.C06 # Prevent Deployment in Restricted Regions + - CCC.C07 # Alert on Unusual Enumeration Activity + - CCC.C09 # Prevent Tampering, Deletion, or Unauthorized Access to Access Logs controls: - id: CCC.VPC.C01 diff --git a/services/networking/vpc/threats.yaml b/services/networking/vpc/threats.yaml index 9b698a0a..88ae7291 100644 --- a/services/networking/vpc/threats.yaml +++ b/services/networking/vpc/threats.yaml @@ -4,6 +4,9 @@ common_threats: - CCC.TH03 # Deployment Region Network is Untrusted - CCC.TH06 # Data is Lost or Corrupted - CCC.TH07 # Logs are Tampered With or Deleted + - CCC.TH09 # Logs or Monitoring Data are Read by Unauthorized Users + - CCC.TH13 # Resource Tags are Manipulated + - CCC.TH15 # Automated Enumeration and Reconnaissance by Non-human Entities threats: - id: CCC.VPC.TH01 From 3a65a2ae0478274b4427898ef867b2c338d0fa12 Mon Sep 17 00:00:00 2001 From: Damien Burks <20100558+damienjburks@users.noreply.github.com> Date: Sun, 8 Dec 2024 17:45:46 -0800 Subject: [PATCH 19/53] Object Storage Release - 2025.01 (#581) --- delivery-tooling/catalog-compiler.go | 2 +- delivery-tooling/logos/logo_wall.svg | 2 +- delivery-tooling/update-metadata.go | 19 +++++----- services/storage/object/metadata.yaml | 52 +++++++++++---------------- 4 files changed, 31 insertions(+), 44 deletions(-) diff --git a/delivery-tooling/catalog-compiler.go b/delivery-tooling/catalog-compiler.go index 5aa7a85e..8306128e 100644 --- a/delivery-tooling/catalog-compiler.go +++ b/delivery-tooling/catalog-compiler.go @@ -57,7 +57,7 @@ type ReleaseDetails struct { ThreatModelURL string `yaml:"threat_model_url"` ThreatModelAuthor string `yaml:"threat_model_author"` RedTeam string `yaml:"red_team"` - RedTeamExercizeURL string `yaml:"red_team_exercize_url"` + RedTeamExerciseURL string `yaml:"red_team_exercise_url"` ReleaseManager ReleaseManager `yaml:"release_manager"` ChangeLog []string `yaml:"change_log"` Contributors []Contributors `yaml:"contributors"` diff --git a/delivery-tooling/logos/logo_wall.svg b/delivery-tooling/logos/logo_wall.svg index daf5ecb8..a3adc21d 100644 --- a/delivery-tooling/logos/logo_wall.svg +++ b/delivery-tooling/logos/logo_wall.svg @@ -1 +1 @@ - \ No newline at end of file + \ No newline at end of file diff --git a/delivery-tooling/update-metadata.go b/delivery-tooling/update-metadata.go index 3be014c7..943baaa0 100644 --- a/delivery-tooling/update-metadata.go +++ b/delivery-tooling/update-metadata.go @@ -16,8 +16,8 @@ import ( ) var ( - MetadataFilepath string BuildDirectoryPath string + MetadataFilePath string // baseCmd represents the base command when called without any subcommands updateMetadataCmd = &cobra.Command{ @@ -37,14 +37,14 @@ var ( servicesDir := viper.GetString("services-dir") buildTarget := viper.GetString("build-target") - buildDirectoryPath := filepath.Join(servicesDir, buildTarget) - MetadataFilepath = filepath.Join(buildDirectoryPath, "metadata.yaml") + BuildDirectoryPath = filepath.Join(servicesDir, buildTarget) + MetadataFilePath = filepath.Join(BuildDirectoryPath, "metadata.yaml") err := updateMetadata() if err != nil { fmt.Println(err) } else { - fmt.Printf("Metadata has been updated successfully: %s\n", MetadataFilepath) + fmt.Printf("Metadata has been updated successfully: %s\n", MetadataFilePath) } }, } @@ -70,12 +70,11 @@ func updateMetadata() (err error) { // Create a new GitHub client client := github.NewClient(tc) - // Prepare the options to filter commits by the specified path (directory) + // Fetch the list of commits from the repository + cleanedPath := strings.Replace(filepath.ToSlash(BuildDirectoryPath), "../", "", 1) opts := &github.CommitsListOptions{ - Path: BuildDirectoryPath, + Path: cleanedPath, } - - // Fetch the list of commits from the repository commits, _, err := client.Repositories.ListCommits(ctx, repoOwner, repoName, opts) if err != nil { log.Fatalf("Error fetching commits: %v", err) @@ -137,7 +136,7 @@ func updateMetadata() (err error) { log.Fatalf("Error marshaling YAML: %v", err) } - err = os.WriteFile(MetadataFilepath, metadataData, os.FileMode(0666)) + err = os.WriteFile(MetadataFilePath, metadataData, os.FileMode(0666)) if err != nil { log.Fatalf("Error writing to the YAML file: %v", err) } @@ -148,7 +147,7 @@ func updateMetadata() (err error) { func getMetadataYaml() Metadata { // Read the YAML file - yamlFile, err := os.ReadFile(MetadataFilepath) + yamlFile, err := os.ReadFile(MetadataFilePath) if err != nil { log.Fatalf("Error reading YAML file: %v", err) } diff --git a/services/storage/object/metadata.yaml b/services/storage/object/metadata.yaml index db7f8346..e77ec2de 100644 --- a/services/storage/object/metadata.yaml +++ b/services/storage/object/metadata.yaml @@ -8,7 +8,7 @@ description: | highly scalable and often used in cloud environments due to its flexibility and accessibility. release_details: - - version: "2024.10" + - version: "2025.01" assurance_level: None threat_model_url: None threat_model_author: None @@ -18,46 +18,34 @@ release_details: name: Damien Burks github_id: damienjburks company: Citi - summary: Initial release + summary: | + This initial release is part of the first batch of control catalogs + produced by the CCC. It is the result of thousands of hours dedicated to + exploring different ways of working and collaborating, on top of time + spent researching, writing, and reviewing the content. This marks a huge + milestone for the CCC and the broader community as further releases will + continue to build on this foundation. A huge thanks to everyone who has + brought us to this point! change_log: - - Add in fixes to object storage threats, controls, features (#436) - - Typofix on control IDs (#432) - - Object storage final polish (#419) - - Adding Contributors key to metadata schema (#409) - - Object Storage Controls Revision (#394) - - GenAI taxonomy (#393) - - Updates to the structure of the metadata yaml (#383) - - Schema updates (#377) - - Handling common entries for features, threats, & controls (#327) - - Convert Object Storage development files from MD to YAML (#325) - - Add in new object storage controls on encryption for impact and replication to untrusted destinations (#305) - - Convert existing taxonomies to the new yaml format (#319) - - Fix broken links (#317) - - Added CCC.OS.C6 Control (#298)Looks good - - Extend Object Storage Controls (#263) - - Creation of Global Markdown Formatting and Linting GitHub Actions (#223) - - Draft Proposal for Threat Catalog and Control Catalog Taxonomy (#153) - - Signed URLs added - - addressed review comments by @rgriffiths-scottlogic - - address review comments by stevie from scott logic and further improvements - - updates - - initial version of the object store taxonomy + - | + This initial release contains a variety of commits designed to capture + all of the features, threats, and controls for this service category. contributors: - - name: Michael Lysaght - github_id: mlysaght2017 - company: Citi + - name: Sonali Mendis + github_id: smendis-scottlogic + company: Scott Logic - name: Eddie Knight github_id: eddie-knight company: Sonatype - - name: Damien Burks - github_id: damienjburks + - name: Michael Lysaght + github_id: mlysaght2017 company: Citi - - name: Sonali Mendis - github_id: smendis-scottlogic - company: Scott Logic - name: Dave Ogle github_id: dogle-scottlogic company: Scott Logic + - name: Damien Burks + github_id: damienjburks + company: Citi - name: Naseer Mohammad github_id: nas-hub company: Google From 55298da0917da5fb0fedef597e10484543a94394 Mon Sep 17 00:00:00 2001 From: Damien Burks <20100558+damienjburks@users.noreply.github.com> Date: Sun, 8 Dec 2024 17:50:36 -0800 Subject: [PATCH 20/53] VPC Networking Release - 2025.01 (#584) --- services/networking/vpc/metadata.yaml | 30 ++++++++++++++++++++++++--- services/storage/object/metadata.yaml | 12 +++++------ 2 files changed, 33 insertions(+), 9 deletions(-) diff --git a/services/networking/vpc/metadata.yaml b/services/networking/vpc/metadata.yaml index 079308b2..8575c220 100644 --- a/services/networking/vpc/metadata.yaml +++ b/services/networking/vpc/metadata.yaml @@ -15,7 +15,31 @@ release_details: name: Damien Burks github_id: damienjburks company: Citi - summary: Initial release + summary: | + This initial release is part of the first batch of control catalogs + produced by the CCC. It is the result of thousands of hours dedicated to + exploring different ways of working and collaborating, on top of time + spent researching, writing, and reviewing the content. This marks a huge + milestone for the CCC and the broader community as further releases will + continue to build on this foundation. A huge thanks to everyone who has + brought us to this point! change_log: - - "Test" - - "Test" + - | + This initial release contains a variety of commits designed to capture + all of the features, threats, and controls for this service category. + contributors: + - name: Michael Lysaght + github_id: mlysaght2017 + company: Citi + - name: Sonali Mendis + github_id: smendis-scottlogic + company: Scott Logic + - name: Eddie Knight + github_id: eddie-knight + company: Sonatype + - name: Dave Ogle + github_id: dogle-scottlogic + company: Scott Logic + - name: kazmik23 + github_id: kazmik23 + company: Google diff --git a/services/storage/object/metadata.yaml b/services/storage/object/metadata.yaml index e77ec2de..4a0ca67a 100644 --- a/services/storage/object/metadata.yaml +++ b/services/storage/object/metadata.yaml @@ -1,12 +1,12 @@ title: Object Storage id: CCC.ObjStor description: | - Object storage is a data storage architecture that manages data as objects, - rather than as files or blocks. Each object contains the data itself, - metadata, and a unique identifier, making it ideal for storing large amounts - of unstructured data such as multimedia files, backups, and archives. It is - highly scalable and often used in cloud environments due to its flexibility - and accessibility. + Object storage is a data storage architecture that manages data as objects, + rather than as files or blocks. Each object contains the data itself, + metadata, and a unique identifier, making it ideal for storing large amounts + of unstructured data such as multimedia files, backups, and archives. It is + highly scalable and often used in cloud environments due to its flexibility + and accessibility. release_details: - version: "2025.01" assurance_level: None From 6f7302c8b44be619d7df8592d1524b126fb81e21 Mon Sep 17 00:00:00 2001 From: Damien Burks <20100558+damienjburks@users.noreply.github.com> Date: Mon, 9 Dec 2024 09:10:54 -0800 Subject: [PATCH 21/53] Fixing 2025 Release for VPC and Object Storage (#586) --- delivery-tooling/logos/logo_wall.svg | 2 +- delivery-tooling/templates/catalog.md | 2 +- delivery-tooling/templates/release-notes.md | 2 +- services/networking/vpc/metadata.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/delivery-tooling/logos/logo_wall.svg b/delivery-tooling/logos/logo_wall.svg index a3adc21d..d197a919 100644 --- a/delivery-tooling/logos/logo_wall.svg +++ b/delivery-tooling/logos/logo_wall.svg @@ -1 +1 @@ - \ No newline at end of file + diff --git a/delivery-tooling/templates/catalog.md b/delivery-tooling/templates/catalog.md index c3b82513..cae94dd5 100644 --- a/delivery-tooling/templates/catalog.md +++ b/delivery-tooling/templates/catalog.md @@ -7,7 +7,7 @@ ## Release Notes -> _{{ .LatestReleaseDetails.ReleaseManager.Summary }}_ +> {{ .LatestReleaseDetails.ReleaseManager.Summary }} Release Manager - **{{ .LatestReleaseDetails.ReleaseManager.Name }}, {{ .LatestReleaseDetails.ReleaseManager.Company }}** ([{{ .LatestReleaseDetails.ReleaseManager.GithubId }}](https://github.com/{{ .LatestReleaseDetails.ReleaseManager.GithubId }})) diff --git a/delivery-tooling/templates/release-notes.md b/delivery-tooling/templates/release-notes.md index 8031b61f..960ed269 100644 --- a/delivery-tooling/templates/release-notes.md +++ b/delivery-tooling/templates/release-notes.md @@ -1,5 +1,5 @@ -# {{ .Metadata.Title }} Release Details - v{{ .LatestReleaseDetails.Version }} ({{ .Metadata.ID }}) +# {{ .Metadata.Title }} - v{{ .LatestReleaseDetails.Version }} ({{ .Metadata.ID }}) ## Summary {{ .LatestReleaseDetails.ReleaseManager.Summary }} diff --git a/services/networking/vpc/metadata.yaml b/services/networking/vpc/metadata.yaml index 8575c220..8b2fc2cf 100644 --- a/services/networking/vpc/metadata.yaml +++ b/services/networking/vpc/metadata.yaml @@ -5,7 +5,7 @@ description: | for a virtual private cloud service to be considered for use in financial services ecosystems. release_details: - - version: "2024.09" + - version: "2025.01" assurance_level: None threat_model_url: None threat_model_author: None From 119d09b231fd98f2307a4943f49bdcda7cd6522d Mon Sep 17 00:00:00 2001 From: kazmik23 Date: Fri, 13 Dec 2024 06:48:06 -0600 Subject: [PATCH 22/53] Updated features.yaml for messages (#501) Co-authored-by: Sonali Mendis <124289397+smendis-scottlogic@users.noreply.github.com> Co-authored-by: Sonali Mendis --- .../app-integration/message/features.yaml | 106 ++++++++++++++++++ .../app-integration/service-categories.yaml | 4 +- 2 files changed, 108 insertions(+), 2 deletions(-) create mode 100644 services/app-integration/message/features.yaml diff --git a/services/app-integration/message/features.yaml b/services/app-integration/message/features.yaml new file mode 100644 index 00000000..7631102f --- /dev/null +++ b/services/app-integration/message/features.yaml @@ -0,0 +1,106 @@ +common_features: + - CCC.F01 # Encryption in Transit Enabled by Default + - CCC.F02 # Encryption at Rest Enabled by Default + - CCC.F06 # Identity-Based Access Control + - CCC.F07 # Event Notifications + - CCC.F08 # Multi-zone Deployment + - CCC.F09 # Monitoring + - CCC.F10 # Logging + - CCC.F13 # Infrastructure as Code + - CCC.F14 # API Access + - CCC.F19 # On-Demand Scaling + - CCC.F20 # Tagging + +features: + - id: CCC.Message.F01 + title: Publish/Subscribe Model + description: | + Uses publish/subscribe (pub/sub) messaging service model for + fan-out distribution of messages to multiple subscribers. + + - id: CCC.Message.F02 + title: Message Storage Policies + description: | + Ability to control the region where messages are stored. + + - id: CCC.Message.F03 + title: Creating Topics and Publish Messages + description: | + Ability to create new topics and publish messages to topics + + - id: CCC.Message.F04 + title: List Topics + description: | + Ability to to list all existing topics. + + - id: CCC.Message.F05 + title: Edit Topics + description: | + Ability to to edit properties of existing topics other than + the topic name and ordering preference. + + - id: CCC.Message.F06 + title: Delete Topics + description: | + Ability to to delete existing topics. + + - id: CCC.Message.F07 + title: Subscribe to Topics and Receive messages + description: | + Ability to subscribe to topics and receive messages. + + - id: CCC.Message.F08 + title: List Subscribers + description: | + Ability to list all subscribers for a given topics. + + - id: CCC.Message.F09 + title: Edit Subscriber + description: | + Ability to edit subscriber properties such as subscription + filter policies after subscriber is created. + + - id: CCC.Message.F10 + title: Delete Subscribers + description: | + Ability to delete subscriber from a given topic. + + - id: CCC.Message.F11 + title: FIFO Message Ordering + description: | + Support for first-in, first-out strictly preserved message + ordering with exactly one message delivered. + + - id: CCC.Message.F12 + title: Best Effort Message Ordering + description: | + Support for best-effort message ordering with at-least one + message delivered. + + - id: CCC.Message.F13 + title: Deduplication of Messages + description: | + Support for deduplication of messages with use of messaging + service features or deduplication IDs. + + - id: CCC.Message.F14 + title: Dead Letter Topics + description: | + Supports dead-letter topics for handling messages that cannot be + delivered or processed. + + - id: CCC.Message.F15 + title: Access Policies + description: | + Ability to specify access policies on publishers and subscribers. + + - id: CCC.Message.F16 + title: Message Filtering + description: | + Allows subscribers to receive subset of messages published to the + subscribed topic based on attributes or content. + + - id: CCC.Message.F17 + title: Message Retention + description: | + Ability to set message retention durations per topic. diff --git a/services/app-integration/service-categories.yaml b/services/app-integration/service-categories.yaml index 7455f92b..c9bbfea1 100644 --- a/services/app-integration/service-categories.yaml +++ b/services/app-integration/service-categories.yaml @@ -10,8 +10,8 @@ service_categories: title: Messaging Services description: | Messaging services facilitate communication between distributed applications - and services by enabling the exchange of messages in a reliable and scalable - manner. + and services by enabling the exchange of messages using pub/sub model in + a reliable and scalable manner. examples: - AWS: - Amazon SQS (Simple Queue Service) From b60791c3f9de4dbd074742e311e1c28ae7ff4170 Mon Sep 17 00:00:00 2001 From: kazmik23 Date: Fri, 13 Dec 2024 12:34:47 -0600 Subject: [PATCH 23/53] Updated features.yaml for Serverless Computing Functions (#502) Co-authored-by: Eddie Knight Co-authored-by: Sonali Mendis --- .../serverless-computing/features.yaml | 130 ++++++++++++++++++ 1 file changed, 130 insertions(+) create mode 100644 services/compute/serverless-computing/features.yaml diff --git a/services/compute/serverless-computing/features.yaml b/services/compute/serverless-computing/features.yaml new file mode 100644 index 00000000..db834616 --- /dev/null +++ b/services/compute/serverless-computing/features.yaml @@ -0,0 +1,130 @@ +common_features: + - CCC.F06 # Identity-Based Access Control + - CCC.F07 # Event Notifications + - CCC.F08 # Multi-zone Deployment + - CCC.F09 # Monitoring + - CCC.F10 # Logging + - CCC.F14 # API Access + - CCC.F18 # Versioning + - CCC.F19 # On-Demand Scaling + - CCC.F20 # Tagging + - CCC.F22 # Location Lock-In + +features: + - id: CCC.SvlsComp.F01 + title: Event Driven Execution + description: | + Supports execution of code functions in response to events + without the need to manage underlying server infrastructure. + + - id: CCC.SvlsComp.F02 + title: Event Triggers + description: | + Ability to configure event triggers for functions such as + HTTP requests, cloud storage changes, messaging services, + and schedules. + + - id: CCC.SvlsComp.F03 + title: Stateless Architecture + description: | + Functions are stateless and do not retain data or state + between invocations. + + - id: CCC.SvlsComp.F04 + title: Cold Start + description: | + New execution environment is created and initialized to process + an incoming request which is the default behaviour. + + - id: CCC.SvlsComp.F05 + title: Warm Start + description: | + Ability to reuse of an already-initialized execution environment to + handle subsequent requests, to reduce invocation latency + + - id: CCC.SvlsComp.F06 + title: Flexible Resource Allocation + description: | + Ability to control resource allocations such as CPU, memory, and network. + + - id: CCC.SvlsComp.F07 + title: Customizable Execution Timeout + description: | + Ability to configure function execution timeout for allowing + short/long-running tasks. + + - id: CCC.SvlsComp.F08 + title: Native Runtime Support - Node.js + description: | + Support Node.js runtime by default. + + - id: CCC.SvlsComp.F09 + title: Native Runtime Support - Python + description: | + Support Python runtime by default. + + - id: CCC.SvlsComp.F10 + title: Native Runtime Support - Java + description: | + Support Java runtime by default. + + - id: CCC.SvlsComp.F11 + title: Native Runtime Support - .NET Core + description: | + Support .NET runtime by default. + + - id: CCC.SvlsComp.F12 + title: Custom Runtimes + description: | + Support any language by allowing functions to use custom runtime + + - id: CCC.SvlsComp.F13 + title: Environment Variables + description: | + Allows setting environment variables for functions to store + configuration settings and operational parameters. + + - id: CCC.SvlsComp.F14 + title: Aliases + description: | + Support the use of aliases such as dev, test, prod to manage + different environments or blue/green deployments without + modifying the function's code. + + - id: CCC.SvlsComp.F15 + title: Container Image Support + description: | + Ability to deploy and run functions packaged as container images + using predefined runtimes, that were built using container tools + like Docker. + + - id: CCC.SvlsComp.F16 + title: Concurrency Limit + description: | + Ability to configure a limit for the concurrent executions of a function. + + - id: CCC.SvlsComp.F17 + title: Throttling + description: | + Incoming requests are throttled when the function exceeds its + concurrency limit. + + - id: CCC.SvlsComp.F18 + title: List Functions + description: | + Ability to list all existing functions. + + - id: CCC.SvlsComp.F19 + title: Create Functions + description: | + Ability to create new functions. + + - id: CCC.SvlsComp.F20 + title: Edit Function + description: | + Ability to edit an existing function. + + - id: CCC.SvlsComp.F21 + title: Delete Function + description: | + Ability to delete an existing function. From 2c765d7e170e49c4604a53dc035dca612749e7f7 Mon Sep 17 00:00:00 2001 From: Michael Lysaght <31510876+mlysaght2017@users.noreply.github.com> Date: Fri, 13 Dec 2024 20:34:05 +0100 Subject: [PATCH 24/53] Add in doc on alignment with FINOS AI readiness SIG (#564) Co-authored-by: Eddie Knight --- docs/resources/frameworks/ai-rag-arch.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 docs/resources/frameworks/ai-rag-arch.md diff --git a/docs/resources/frameworks/ai-rag-arch.md b/docs/resources/frameworks/ai-rag-arch.md new file mode 100644 index 00000000..50c67fa9 --- /dev/null +++ b/docs/resources/frameworks/ai-rag-arch.md @@ -0,0 +1,21 @@ +# AI RAG Reference Architecture: Service Mapping + +This document outlines the services of interest within the AI Readiness Architecture (RAG) being developed by the **[FINOS AI Readiness Special Interest Group (SIG)](https://www.finos.org/ai-readiness)**. The table below provides a mapping of **CCC Service Families** to equivalent services in **GCP**, **Azure**, and **AWS** cloud platforms, with a focus on core AI and supporting services. + +## Service Mapping Table + +| **CCC Service Family** | **GCP Service** | **Azure Service** | **AWS Service** | +| ------------------------------------------------ | ---------------------------- | ---------------------------------------------------- | ------------------------------------- | +| **Artificial Intelligence and Machine Learning** | Vertex AI | Azure Machine Learning | Amazon SageMaker | +| **Compute Services** | Cloud Run | Azure Container Apps, Azure Kubernetes Service (AKS) | AWS Lambda, Amazon ECS, Amazon EKS | +| **Database Servicese** | AlloyDB for PostgreSQL | Azure Cosmos DB, Azure PostgreSQL | Amazon Aurora (PostgreSQL compatible) | +| **Networking Services** | Virtual Private Cloud | Azure Virtual Network (VNet) | Amazon VPC | +| **Cryptographic Services** | Cloud KMS | Azure Key Vault | AWS Key Management Service (KMS) | +| **Storage Servicese** | Cloud Storage | Azure Blob Storage | Amazon S3 | +| **Identity Services** | Identity & Access Management | Azure Active Directory, Managed Identity | AWS IAM | +| **Management and Governance Services** | Cloud Logging | Azure Monitor, Log Analytics | Amazon CloudWatch | + +## Additional Notes + +- **Scope**: This mapping focuses on foundational and supporting services critical to building an AI-ready architecture. These services cover model development, deployment, storage, connectivity, security, and monitoring. +- **Alignment with FINOS AI Readiness SIG**: This mapping is aligned with the goals of the AI Readiness SIG, emphasizing secure, scalable, and compliant architectures for AI pipelines in financial services. From 0c1952441b86c8147e75f1337adcc44bb42ba935 Mon Sep 17 00:00:00 2001 From: Ian Walker-Smith <155087894+ianwalkersmithciticom@users.noreply.github.com> Date: Fri, 13 Dec 2024 16:41:26 -0300 Subject: [PATCH 25/53] Adding IWS to participants file (#520) Co-authored-by: Eddie Knight --- participants.md | 1 + 1 file changed, 1 insertion(+) diff --git a/participants.md b/participants.md index b6556600..d81efe81 100644 --- a/participants.md +++ b/participants.md @@ -37,6 +37,7 @@ Below is the list of participants in the {standard_name}, who have committed to - Mike Smith, Scott Logic, Sep/11/2024 - Daniel Moorhouse, Scott Logic, Sep/16/2024 - Kamran Kazmi, Google, SEP/20/2024 +- Ian Walker-Smith, Citi, NOV/10/2024 ## How to enroll as a participant From 074d1043840afb489b010d698dbf408b75637b9f Mon Sep 17 00:00:00 2001 From: Eddie Knight Date: Sat, 14 Dec 2024 15:22:47 -0600 Subject: [PATCH 26/53] Update common-controls.yaml (#592) --- services/common-controls.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/common-controls.yaml b/services/common-controls.yaml index bc346e2e..ca3b4140 100644 --- a/services/common-controls.yaml +++ b/services/common-controls.yaml @@ -169,7 +169,7 @@ controls: tlp_levels: - tlp_amber - tlp_red - - id: CCC.C04.TR01 + - id: CCC.C04.TR02 text: | When any access attempt is made to the view sensitive information, the service MUST log the client identity, time, and result of the @@ -177,7 +177,7 @@ controls: tlp_levels: - tlp_amber - tlp_red - - id: CCC.C04.TR02 + - id: CCC.C04.TR03 text: | When any change is made to the service configuration, the service MUST log the change, including the client, time, previous state, and the From 4716409e3753ca06e6dc453674186a5db3e2e93b Mon Sep 17 00:00:00 2001 From: kazmik23 Date: Tue, 17 Dec 2024 09:02:28 -0600 Subject: [PATCH 27/53] Create features.yaml for Container registry (#526) Co-authored-by: Eddie Knight Co-authored-by: Sonali Mendis <124289397+smendis-scottlogic@users.noreply.github.com> --- services/devtools/containerReg/features.yaml | 32 ++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 services/devtools/containerReg/features.yaml diff --git a/services/devtools/containerReg/features.yaml b/services/devtools/containerReg/features.yaml new file mode 100644 index 00000000..2f3f810f --- /dev/null +++ b/services/devtools/containerReg/features.yaml @@ -0,0 +1,32 @@ +common_features: + - CCC.F01 # Encryption in Transit Enabled by Default + - CCC.F02 # Encryption at Rest Enabled by Default + - CCC.F03 # Access/Activity Logs + - CCC.F04 # Transaction Rate Limits + - CCC.F06 # Identity-Based Access Control + - CCC.F07 # Event Notifications + - CCC.F09 # Monitoring + - CCC.F14 # API Access + - CCC.F18 # Versioning + - CCC.F21 # Replication + +features: + - id: CCC.ContReg.F01 # Artifact Storage + title: Artifact Storage + description: | + Provides secure storage for container images and language packages such as Maven and npm artifacts. + + - id: CCC.ContReg.F03 # Integration with CI/CD Tooling + title: Integration with CI/CD Tooling + description: | + Seamlessly integrates with CI/CD pipelines to automate build, test, and deployment processes. + + - id: CCC.ContReg.F04 # Vulnerability Scanning Integration + title: Vulnerability Scanning Integration + description: | + Integrates with vulnerability scanning tools to automatically scan artifacts for security vulnerabilities. + + - id: CCC.ContReg.F05 # Cleanup Policies + title: Cleanup Policies + description: | + Supports defining policies for automatic deletion of unused or outdated artifacts to manage storage effectively. From 437e2fa221aa6a6b0e5e92ad6a7bd6f5f3b6bc69 Mon Sep 17 00:00:00 2001 From: kazmik23 Date: Wed, 18 Dec 2024 04:47:39 -0600 Subject: [PATCH 28/53] Create features.yaml for devtools/build (#544) --- services/devtools/build/features.yaml | 31 +++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 services/devtools/build/features.yaml diff --git a/services/devtools/build/features.yaml b/services/devtools/build/features.yaml new file mode 100644 index 00000000..1e575194 --- /dev/null +++ b/services/devtools/build/features.yaml @@ -0,0 +1,31 @@ +common_features: + - CCC.F01 # Encryption in Transit Enabled by Default + - CCC.F02 # Encryption at Rest Enabled by Default + - CCC.F03 # Access/Activity Logs + - CCC.F04 # Transaction Rate Limits + - CCC.F06 # Identity-Based Access Control + - CCC.F07 # Event Notifications + - CCC.F09 # Monitoring + - CCC.F14 # API Access + - CCC.F19 # On-Demand Scaling + +features: + - id: CCC.Build.F01 # Build Automation + title: Build Automation + description: | + Supports automated building, testing, and packaging of code based on triggers or schedules. + + - id: CCC.Build.F02 # Integration with CI/CD Pipelines + title: Integration with CI/CD Pipelines + description: | + Integrates with Continuous Integration and Continuous Deployment pipelines for automated code delivery. + + - id: CCC.Build.F03 # Custom Build Environments + title: Custom Build Environments + description: | + Allows customization of build environments, including specifying operating systems, runtimes, and build tools. + + - id: CCC.Build.F04 # Source Repository Integration + title: Source Repository Integration + description: | + Integrates with various source code repositories to trigger builds on code changes. From 1ebebc1b8ed0f6bcb3237393c879eecccad64fa8 Mon Sep 17 00:00:00 2001 From: Ian Walker-Smith <155087894+ianwalkersmithciticom@users.noreply.github.com> Date: Wed, 18 Dec 2024 16:52:29 -0300 Subject: [PATCH 29/53] Clean up threats (#593) Co-authored-by: Damien Burks <20100558+damienjburks@users.noreply.github.com> --- services/database/relational/threats.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/services/database/relational/threats.yaml b/services/database/relational/threats.yaml index b1d93293..c02d6d9a 100644 --- a/services/database/relational/threats.yaml +++ b/services/database/relational/threats.yaml @@ -13,7 +13,7 @@ common_threats: threats: - id: CCC.RDMS.TH01 - title: Unauthorized Access to Database + title: Unauthorized access to database description: | A threat actor gains unauthorized access to the cloud relational database by using a compromised role or using default administrative credentials. @@ -25,7 +25,7 @@ threats: - T1552 - id: CCC.RDMS.TH02 - title: Unauthorized Cross Organization Snapshot Collection + title: Unauthorized cross organization snapshot collection description: | A threat actor initiates a snapshot collection activity using a privileged role and copies the snapshot outside of the organization, which allows for data exfiltration and theft. @@ -38,7 +38,7 @@ threats: - T1530 - id: CCC.RDMS.TH03 - title: Disabled Logging & Monitoring + title: Disabled logging & monitoring description: | A threat actor disables the logging and monitoring of the relational database, which allows evasion and removes traces of malicious actions. @@ -50,7 +50,7 @@ threats: - T1562 - id: CCC.RDMS.TH04 - title: Unauthorized Configuration Modification + title: Unauthorized configuration modification description: A threat actor attempts to make changes to the configuration of the cloud RDMS with a malicious role. features: - CCC.RDMS.F01 # SQL Support @@ -61,7 +61,7 @@ threats: - T1548 - id: CCC.RDMS.TH05 - title: Unencrypted Connection To Database + title: Unencrypted connection to database description: | An end-user connects to the database over HTTP, which is susceptible to network sniffing attacks and other exploits. @@ -73,7 +73,7 @@ threats: - T1040 - id: CCC.RDMS.TH06 - title: Snapshot Collection with Unauthorized Encryption Key + title: Snapshot collection with unauthorized encryption key description: | A threat actor attempts to perform snapshot collection using a non-default encryption key associated with the RDMS. @@ -101,9 +101,9 @@ threats: - T1485 - id: CCC.RDMS.TH15 - title: brute force attack against the database + title: Brute force attack against the database description: | - threat actor uses brute force attack to discover + Threat actor uses brute force attack to discover database user password, threat actor then has access to the database user features: @@ -112,9 +112,9 @@ threats: - T1110 - id: CCC.RDMS.TH16 - title: backups stopped + title: Database backups stopped description: | - threat actor stops backups from occuring + Threat actor stops database backups from occuring to inhibit system recovery. features: - CCC.F11 mitre_technique: From f05ebb6feae40a6c240be2124c4808def4d980e6 Mon Sep 17 00:00:00 2001 From: sshiells-scottlogic <148051590+sshiells-scottlogic@users.noreply.github.com> Date: Mon, 23 Dec 2024 18:07:58 +0000 Subject: [PATCH 30/53] Add guidelines for adding or changing guidelines and to upgrade a guideline to a policy (#600) --- docs/community-guidelines/README.md | 14 -------------- .../adding-modifying-guidelines.md | 9 +++++++++ .../community-guidelines/guidelines-to-policies.md | 14 ++++++++++++++ docs/governance/steering/charter.md | 1 + 4 files changed, 24 insertions(+), 14 deletions(-) create mode 100644 docs/community-guidelines/adding-modifying-guidelines.md create mode 100644 docs/community-guidelines/guidelines-to-policies.md diff --git a/docs/community-guidelines/README.md b/docs/community-guidelines/README.md index 1accdf9c..019e555c 100644 --- a/docs/community-guidelines/README.md +++ b/docs/community-guidelines/README.md @@ -4,19 +4,5 @@ Guidelines are formal recommendations to the community provided as structured ou This directory will contain all guidelines recommended. -## Adding or Modifying a Guideline - -- Changes can be suggested by anyone by raising a PR and notifying the Community Structure [WG] using the mailing list for consideration. -- Then the members of the Community Structure [WG] should discuss this issue in their [WG] meetings and approve the PR for it to become a recommendation. - -## Upgrading a Recommendation to become a Policy - -In order for a guideline to become a policy a [SC], they must be put forward for a [vote] by a [SC] member sponsor. - -1. A pull request should be made by the [SC] sponsor to move the guideline into the [Policies] directory. -2. The [SC] sponsor should call a [SC] [vote] and if approved by the majority the PR can be merged and the recommendation is now a policy. - -[Policies]: ../community-policies -[vote]: ../governance/steering/charter.md#voting [SC]: ../governance/community-structure.md#steering-committee [WG]: ../governance/community-structure.md#working-groups diff --git a/docs/community-guidelines/adding-modifying-guidelines.md b/docs/community-guidelines/adding-modifying-guidelines.md new file mode 100644 index 00000000..d4a67053 --- /dev/null +++ b/docs/community-guidelines/adding-modifying-guidelines.md @@ -0,0 +1,9 @@ +# Adding or Modifying Community Guidelines + +This document is a [community guideline]. + +- New community guidelines or changes to existing ones can be suggested by anyone by raising a PR and notifying the [Community Structure WG] using the mailing list for consideration. +- Then the members of the [Community Structure WG] should discuss this issue in their WG meetings and approve the PR for it to become a recommendation. + +[community guideline]: ./README.md +[Community Structure WG]: ../governance/community-structure.md#working-groups diff --git a/docs/community-guidelines/guidelines-to-policies.md b/docs/community-guidelines/guidelines-to-policies.md new file mode 100644 index 00000000..2c7fde30 --- /dev/null +++ b/docs/community-guidelines/guidelines-to-policies.md @@ -0,0 +1,14 @@ +# Upgrading a Recommendation to become a Policy + +This document is a [community guideline]. + +In order for a community guideline to become a community policy, the guideline must pass a [SC] [vote]. A [vote] can be called for by a [SC] member sponsor or the [Community Structure WG] Lead. + +1. A pull request should be made by the [SC] member sponsor or [Community Structure WG] Lead to move the guideline into the [Policies] directory. +2. The [SC] member sponsor or [Community Structure WG] Lead should call a [SC] [vote] and, if approved by the majority, the PR can be merged and the recommendation is now a policy. + +[community guideline]: ./README.md +[Policies]: ../community-policies +[vote]: ../governance/steering/charter.md#voting +[SC]: ../governance/community-structure.md#steering-committee +[Community Structure WG]: ../governance/community-structure.md#working-groups diff --git a/docs/governance/steering/charter.md b/docs/governance/steering/charter.md index c7ab951b..911dc53c 100644 --- a/docs/governance/steering/charter.md +++ b/docs/governance/steering/charter.md @@ -178,6 +178,7 @@ This document was adapted from the Kubernetes Steering Committee Charter [afb385 [Eligible voters]: elections.md#eligibility-for-voting [Inclusive Open Source Community Orientation]: https://training.linuxfoundation.org/training/inclusive-open-source-community-orientation-lfc102/ [afb3858]: https://github.com/kubernetes/steering/blob/afb3858/charter.md +[community groups]: ../community-structure.md#working-groups f>hgQ#hSM@^0x8e>wttkmEAEf};+9K#X_cZtm;vh%=$OD4%UU zg#yW7rg_lNRgt_|#euV^hF}lQL_x>C%4{ct0deq}eaJ(im`3x**(kZzo@4f@;7GEO zZ@kISX7=zP(I4Qi-bB=oy$8d=b{yYA+A!+c7IyZJ_ofQ_@RUUh=p$bp-DHjRsuQj+ zDEM@D*3Louh|c${CqG2u_9gAWGnSlS2BEp`c!UbP;*Dccr=Om2GOG84SoFXsesAp^ z4rxMD2Wc&B97fX3^+`9DG%D@w%+sO|A7L?jz^-dK zRbwhN|8$NUisFr37YT5KzM0dEKh6}L6x}!27qxR%*(x4>t&TGWs?M!q*m-jw?=hYld)^d$KgC$gFGy-j5l;MbGN zC``HQK+0!Ry#D%oXR;$V_{<#*SyxP0qL~sp-d^tcU0XTfklbUDonXJOfXBs@=f)u~ z6S)knnwK@v5*xj4p#sHC(3TVX@P}`(W=8Ug z|DypiO%3^<$M@Wpxo9%!yyceD%=Ui!u)9l$#4CpnuxDF5`5!{ODS(V*ftj#yXG*wj z5CeAxT&b1Fu9l|mx9)F)OrR8;1nj!qF4s27pYH3|oWLLZ+4ETu0NmzZwD9O4axwpR zlyWuYhS`{7SE&mnsIhVQi`fCU^F{=2IC}0)~UDMUt;W0aY7E~{K zA}=#oHg;n1^5|hCo68T#5DEC5MI6U5?=VxQvqA8@j~+j089|Pr3ijcS@9AxcT8!#_ zxq6N+9HHLrhjkp&(@R(Q2ht6ldpSiZG!@$X*uK@=V7S!iL3$cS1plIfh&@3f$+6*W zz<#hhYU$e-x3B7C3&lw|?GG%s4m-Wj?*`WlcFVM1ll4p+23tW#Z+ntp35SB;B2}(q zLJCm|$;3_yBc0PX<2WUds-5Rdrm=j_ru#itWVSb{;MaVynl(S%L=nG#9rK|E^yE1f zzxL8$y|J3!Uat)KrDP(b;V8}S-;2gxiQR)ZTC<|HQ^@O8y$$d-$ zJ#HIlHij912(O z0(OVt73&Uz7bN?U;9&kSX6XZx6o&)@bA|pmHglL2Ra_C`UDm_eGxNQvpI7Oxvwv!F zLEc=)Os|OFzEq<`<8#TZT;NT;?V?F~$f^OTC;{gink5=)EuKa&in{|E>f$>bO{Ryx zRh#_4Oob*U6)~=JT6VQ`#3(&V?4VDC47W3ryA1ziYNi$RC@&8PF%c8L+QZ5BM#9rjXvkD~6pZK2>6K7QIgYRs`LWnyR<${I{%L516 zg6PW9jjM>0#ez^--x`M@1kojOn6F4^vJ|^s*S>GwcTdQDkJj?Ov=QL-x+oYWM80r& zmb`3l!Xj{CMgVqoCu2QZgTo8<2FKZ`n2KKm_-=i|ds?!i2e#jGNK<0nhinLADe1V+ z2gZ+9*ZDy~K1b2jS2TY_yY%MP+L0a8AoRdwfNKJvdIN-RBxAbb0=0rD!J>xgQZbXu z3tTvQ>QCbQ3prwa(4-+RKPV?B>aZaIZtJ(T?Zo%AjO*;kIG%&s5T=$7Z?i?uVlAf{ zLaH^wYp_?G?1RnU)phptpS9gFr`%i$cHMe5g4g`91R)Xk^|?4Jo>kA>@mg0dJhqeB zI1}jOFkzKf=}7z7hTQna zxTaU)wx!$(WWoL? z2XnRbI{azr3T+6%#n~xk3UwndzV3`=au3AUP;w^y4+olcgvCdRD9>tEU`M5D!sDl9 zldcE&etS7a3mXjUiS3RP5cz`*2382kUB*IQ-hn~v@fYVq?iXc})O43rk+q)zu|rzX zqXOf3=hr-GMS9{z@>jF6u6TL^FG`8f{lnyAbcTFH#`oDA8o46sIT27j7^~oLK&jWd z5?7-_XXyv-a$$mrgtByiW7jag-&PBR|T~i0(a`J^yq0VzX=SVM3?PW1N$nLG_Q+NRyK9 zfNif;BwZ!Y`fCcQdyumnOVO&qYLtd$=e)-7$mFCjz$4R76H}v;|6GXluR-D!cZiUB+uzkGX^s({DsoHQc z8?%S@qnXAt2tOKs@lfa$1V}j>-&QUICtuIF1dnz;Jj9;n21@JR!Ms;H-}*HV%*+b) zE?l|fF9=mj3g&Jk6Ft3w~ z5jWFhR^ZqlXfl2&J~xEx`mJmc<`AKn-X4dC)~+UOT<&{&ZpHmwrmz+)I~V)s!uW3r zN)0eIk6|_1R)W)JdoDtZWP{N798>Z&b|KxYoq*f8TROMJ;z`HD?J$obvsGJaV!WW@ zdP;y?MWIDB#cth3#+pRLIz2LfEMl$0N-P<8`#9}=g+4fKqfmK(Nlw8G?zs{C6+cg* zhNSfz5J-HrVo|Z+u4r3fM5+Z1KAR z8tIr+YCP}ugNL~c{Fj06&Hfl2ZJ0|Fp-QbFvCEgK`Y%a@mDO5g3d0rZT(a=C}8S$!VF^^D<@hjOaC37}z+vkD?2W*rQY zg;Oc>XHW4D%$>VDRo7xJZHv?=VKhczI15F^`r!{k`Y`{JyZ5K|B10R!#z(aa8kFhi zfxlQn-O>QT<+$2RiPljOr%|zaqURYJQtYT4ktHa4%xKVL zUddhFqr88P5aW_(+0*oM0q=U2&ySYQ&Q!i8&l4j7l2yU_ifr(kuHFR*9Hp?Q%;sR` zf(@_F)e+A?Yg0Tgias3Rl@TFttDk7cwlUmIe}q1UjWpOz*P!MLHC&N{iVzY741*Vx z-$A-5go!QQC-NXRP&QWixy(c02vxFWQV@0-^AX* z9p2sp8*UbPi$CI+jsb{Oo`w;i{(izT?Z*Mi z$D;O^R&7nK(v&|4_PuZLg|dx%zS^Hz3nT;d2?7>vCW!v;vngf1l6_Iu4IbzdmII@# zd)SD5KY)3duXg(~i5}RI|0J+zntck0|K{~>Ivbb|0`5^`ia-g0Q^dzQb)x?SU^xvO zB^#-o)7W1all_HWn!Nzb=t(MmB_RL=yDGD(Bh7#W)SciNZzmLk3_Fo)bvVf0JmhdW z{xCVTrrkPbAz8n$6=c0(V(Z~`*|+2@&s*!WU1oz^SlMK#T~}nTK@g>zU|`? zvN{X8H4<~xi(sxl>E>%3HNI?!tVCr1sId2mFWNA}f~CYww96jae5T}5awxSRsr%fA zO^0RPVm!-nP4Om|yQ*n1KJcZY-)Mbf7@8`&?|OvWH?e!mOxG(xHH<`4Dl&VDQjuFn z5W5H&EZr{Y1w@~ZsK{{(CA!oREfGm2T%0L*2T$%@OGnLchZlw->u5G>C2y-o8gL0N!)&-W(!HiSSTvwvx# z{Sq>Ec{nA%NH=Q~&cl^2QCMMe_|0QPx7XcU=yQS6vCWyJP0-chr1@|kFly1j1@U1W zJevGzm6p5}N#%hkZciSMz-g~`$y`{+Mgil@BK7Jlj@y|nwIGzYS)=VR!r>OAnLw-t zea%41fE*3GbC4e=0F?IoT{avpjImEBWkq ze4^z)^BPsZ(myMW8kCGWDRP-VsNOd_xlaPMQur7mPC{-kYrTzP zFgA}R#wEKwlE(Bz=DBq1RLa{}Y>1qTZA=>D|BFQQ6I+JVDClbw;kMjAZ2c_&x@fWj z`_OlzcE%UzL=PlQuV#sGYL#Ct`BcgVb(uP_U%YNKtyCuZ#I=CGYO(s;2#~PDgxPk@ zKrgZ253ogycalkvsuuGlt4-)hwbGV10n(;iB6!T~PK97^`22tosa+t~I?g-tOWX z)*>cKofjK0EqB!9$}=#=UZE7An{~sK>~_L}W8%QIN~!#$D)kE5hqhfDiJgkRcKMRq zJHNQQ#AAhft@p(u1$lW?SFK44D|k43eMs@OQ&FR<6IR#!kFm>xa(etZtCI}3-Ng~c z_5;%w43{mhas6}}7ornXsqVbHG3d8)4y~=OG#CmTr|$lk)S%shd`kt&XV#kX?a~LP zH!1u^V<=%ZP{Fok3L!$UeRWLqxexYD&pc7EgN8`8T8e`MU^9VJD_U895GWc04f@7o zQkGoJ&P~6w>mUjQ@j9>gIW1f9%BB1=K2ThhMOtxZAeS%pl!vml8)nXLV=r3R*nDLC zvqX=b%&s|^4=%4&G_y4>&loQ#u$^msBzgJ-do9ljOrawCjcUt$eq%$)Y<4AIpgL?- z{xd770G(`l;==+xkBboz+!*t1KoS6nYtwO$UR{>aYKa94s{9R`#5_f|4`k6Lh}Y1o zz$T;>U_Zt(?2vvamufEe_QRXs}aX_Nvf}82heR#=Cvoe9H%tr< zM?B|lYRn60RMn+Fli6LrmzHLlZM{vko8$9XhBN0ZjQtSZbu!zpcwW+5HHC!BZcq{` zM{(vWMg+a-@6;U_b&47lKb4xlb=xTW-0U8p)fDc&9dvPeKHp3HI{f8mZ(_c!kxC39 zyOta*%XXHNBEYc%b6=3rfa#j%=;p4O7hp3PooziaCE%>aoe^7mSyyc{!%6S?} z%1Hg~jSb!GZ3g@C!%ML>H`U4yczL~_JZe76BzpWm?7d}Jlv~?BtfZ(2f`SMLigYL~ z4N3}viXh!RbPXM%A|XgiBPre8(%nOYbPqWUFbw<``@Z+{+}nHa{k&h_ zR$ObH>pXv<`@a76j{&WzvG;dJ^R292v6MaXBEp|FIBbp|&5%=cH~*GQ+XCvM8Uanb zUL-2}C(LC?qFT9t{VC~sTnmU6!^F3jj#mXmZaq?xch~0z?yCC*6Qi?2FO`GtarUMH z1?5mc&OKqviM`&qc&*}1dGv<;g;$)@FqcQla>D zy4*DxEPi|<62{keVhf(X=0rNMThr#9lQvXeo2`}iZmCg*2?R?NQQ1Vcxc{=grqTeq z>+f^=QrhkYahqSSrt5bXy?{pciU`?w{?A44Traqb`0m0l;g`sWVC;k{2gA&x2hKG zgjag4Yjb<8`c(v{Q?k7_px5Www2I^^0}h@rUKhBNbPlMhS=Z(C8um4_CArrI4{xjm z9Z40g$0Oa;q-oz^U-z<#+|bbjIw!fKNq*nomPax$;XYA#zM-JvneQQDRB*?+$IZ_F zQowJoP=R<;13jEQJbcqiDc=yr=e>%*Ie9c=ht&t4tRkG%m=}w z98dL1SBjb zd(Ez^fUW(x?E{s^*!@-+L-vIGR_~x&-Mkr0`Sj90$T|+gI!Z+8+8_YVv2g@SVS5(1ulfYAeG3Ledj^l_6p})w8}X z%Tv7G_W+c4lpzL9*#sxIRVY#v2Hut3%;E~&CY5t3q1V*w(cl%My8h_uj_4)tw#(Lx z>ggq?X9~3SYxSX)8MEveH^>AV7%W~GT=53`(08qo&WK^&TzLIYuDgG=!^+C3=m(Vlj&qpwAu()C>WwS2ZCo=QPmVT$l@!h>sWUJc_k2yiW$+S5?0!~6 zvg6b1kNe`er$-Q3@oZloYb=-=-s(*}hdo97FRS$WYMeafM8Km(FAAIyc4@?*SL1H4 z743LWgb%MJM%n=&$Odv?V)9w~@aa4;hQ&Uxm}sc7zkb$Gbp4%}kxG0M2r$z)NFycHLGB zO%>xR(Zgq3v({(fqx90*NXsmh@)P}e9F6Q`i;wCJR-4&05}JJMm{%IM%dojeHm$j9Uza}qByZJ7}LSSuVppoLfUyP_vL`I4mDMu{ZpcKA!&y5 z_d!%b>uYf6>=_y_UN7iTB(ZdfNdRB%w#BuyF9{k&=Et4lid;<*EE*4+it(_*sCSB6 zge}`P9^ZoQuk_y1*N!Dr=$LwQ81j|kU@e2(Vb5t&y8aq*%A;$gwaq?6>7O>ot!`S$ z#Xr12`7b>I>|<^+g6HLvR>34fRnVJX4R9I-+P8#mfi)CnEEyx3>d>{E?&(eRrh4KW z5OE=`6U z*?qsT)+%F&OqbfenNert zaVwGBJXv!+jw4V;?#5~0z6t2jY?Ij2{CdY-m0^o^_|Os=?-)C1K6l%oxuD_w|BHCb}ZY(v8>)f2o8l-Srr6? zTeDnqUO(LMm=zAH()}^JFC;`?Fm6hi2VsnC#Ga9I!=p=Pjo7-}DZwjtDn(UeoKx*^ z*K>9YoR^Hc9E&akb1o~^NlSTkydR{KJ|D0k@2hKu_`UWHDoR8=t$=+r& zKKmMedN^O+Ov&+?1jQ$z@ep-Wldk+1(uj;Kb%aL!UVUmVhAbe#9Gyi?UwztGo&5CO z%{;d$Cht59HuPiZAaA~kCVM84soo(Q5bM2!-OT8VyBW=C7<#p0^QMhRMwgu>JHvUO zi1A2FZ2_GPdAnl*G2C6H>w-26kT5h1*DP~B<3KQSdg55sd5-trX!*X@o=V(bc_dAm zmnlK#>{-*XHdJ&&D#-uB>+pgTpe1{VHC^Y@)uk>7A34LsZ3d)_?~ob^t?WmJG4TYw zADHWbY>uCxE%mLd@0$syc^+3p0%a4g2sqxz%~6NVG4>@Ma?I^JsW*@@VB>8Z-CgXj z>*sC65Ja(-GmOIP*2&@e-wv%*hMf8mg!Y_!lIVb!X!*wlwcZ3F2u!Met1M0!b*X%> zSC)1TNTLl3-2aW08+_3TPW4Hi&+6UK2r{2_#izBnRczjtbGaBK`!c)ocqMsr(!q7` zpWm9YtR&TCSE~r_2^zriTZ`v%A8k)(BxWgS%oVTA{W={% zL1Q)9EW3(U%V_!2q~jDyz%o@m-S%92KiMp{NVC*WD2lJH)mkOQ==jeb)GveCLpG&qMxu9rnK2>sK!S3S ztQd<(`ip4At>(E-`o^oAm;X0xc_^A>oG)zDf$wD8zi~d1;f_X-6o0e>B(R7KeAJUB zaKCRi8$#(_GI3ZOFr(&vGno4WTNC)rkzU?D(`iz|*#D&hENz2T;ITj1rTl%P^`yT3 zv`Dt{cHMsO>HNVO=lp&jub%`gW~9^%CT$bw)cBAP4`W9Z^V(KEk0)zu4Nv2(fp6~W z#J}pK{RWu$AqMj2))%(Ie`HnN!zzeGU#oTTznLPL?WCeSze4vLm|cBCs5(s-WJs6}t{Q;0ePB!qHr%Sj%TkqVgK)}=`R^+!NvPpV=L^0a^!5aBrEM9LF z42_iNU<|y6m>6?v>U2F+VEq0(4cyW{K_PU0tZ?B0V5dKL_VHl!=k2{vY3en+ zr1*G#L{!Dx$L2fmK_hG+v%^x23XACWXvO*4Fdq4hgo!a?k`&agq_NZXEYuKo! zu0e8~ppD@^d>HUBIXl((QX2%m%i8a3{iv6p}fA;m$ z|3C#U{oeGy|E8f-0?Yu&hR2@SpFHz_cLcaXJ%3SUS-GKW~yK z#wZB@Gvw!@I;VO<%VKL6t%Vf=sEp5HD$ zkO$rHiN@&iUp@D)*Z+SvIKMXF_tE=xK!7>|n^p}2P=biLZWdahbhMFQ-vaP!#N{s| zCI5EretCGoZzkGg3C9W*@wQv(4bY?Q%AEc5DkaSGLs-Sf#fWBJ>cAFXmq(tcE$FLM zC$d*rauU1iW4pRJs(ZcbzcQGMI-d@Frh?Oa_}f9Gw!N5+6za=z7;m|~0kt@Qm|p(- zY-U(S-a14kurutf-b?v7j;FOz+qqgafK5!LH0~Eh7r^{B@1cB4SVef{{wxQ#N`bW> z9=(xHUqbEk0enMf4?lvq*d$Wo?;6Z_kv3(7NAAA^Rmo6h@2;pv0ZasMNpCZYJOHfU zFpX?7`&#Q46+EZbxia@fHjf5|bDV#sBEf&N)}@noV$7naQ)>D~Xbg$8;N6`bdk81>-~Ghe3> zwfNtDF(@nVsySu+LQQrpE;T}L?yu(I#dYh?M4!k*Y9$|ii2^-OsD)wN7f)Qka=PCq zBGDUH?(gQj@4t~(-COzvfUWy-lwyV5T|#&)HAb|QxJVtaz-Voz*a9Mv`!nK!ph2#Ipw%({^P6r@1dS0m$=jI<8LHm1iaHQ)uRQMJ>SgY5^(D2j3aVzD-O-|dC<8pj);GSub19#wr6wkvDHo&^TZ z$pBZ7tQ25$Z+C3GbmQ%=$!C71I^=$z-@j>LZ#GX5ythdyDQRJzM|D>h`XZR$HXo1` zHxKg~F)T&$QDZW!_`z7kGlI6#-f_rBzvud{4$|35d$3%!PhyxSnFafOd$+Tj0ctC2 z6?@;9nYZ5YZn%iUggv|I-kTKa(KevcM_=`Pw4oMN^KeF;QgH=v_U4pS-49mTm0%f( z7Q?FFEeew*0M8KDzZzaO)NFNhM7;aPm(7UE8}J#KuafwyZy|z+` zq$sRj_EUHPw-M1DcaOMih?=6kR@{ZbxJxO=KWTL^(`WT~Y6y4?;E`&_ul$gZ6|X<@ z8HNwGSov+FK861L`Au)5Y>VG-;ztBh_E8-*JS6O1O~<49O`?>xKw>J75;iR&>mP_I zsFk-<+l(``)M>d=i^-!mhgZTG(z8qie64wuzPa(SoBmK42~w`FZ>0%Vx2jbN{Eg{K zj;z6&;1OhrVcjqaepm5}GQ{uu&A+D)AqfWivVm@ge>7M|G_tXJWo7$e785Os91AWN zcHt)kcUY2EZLhKfmNqbzJzKGq?8sTz+5-I8+f9-+L<${&TnsBCg$pe|?>B8Jz8Pa% z5y@mZqo-CiZbB)2;(BUMTiJQaf<%~6F5tbR;kGUsu26{f z6QFismn>Uu{2n}ozHb_?56EFN!mN(4s-JIe4BFI{-6QESofcv};!kY*`vC3~n0OnV ztFqJLrK(^szpc&AqlD#rzROLRCL8g_GVL3o3n+#-5p1|w8%yjIfIhcV2h>WfT|jg zucC5}1}*S>Hz<1l!O>Y&p`!O}FS}=*|6A(5)CIASHXAT_z8|jA3?dxE?OST!UZ>(y ztEBWDtg))UtammQ%|z*xr&cGf5qk9}PB6EUO~DgNZnsZYn;abVI^Jr#vmVsG`>?k2 z%_p^V*JpmUP+xC~C9-R|+=L}^@uhxFF zJUczUnTADD0ji3F)yXm`ACrNk@8Anp`Q08~^=6J^ibg$D^>!WUMeQP8K4Enzt*ZCC zW;G86Qa@IZfS885y;@@b&J3?KFWi!7wbs6?Dd-xnwty97s{wvH;O9p4%{FD_>b`60 zjM!#a5=sz}i&3f3$@8tYu4u9vsmhIBy}Ypi_|&gpT>`ZGrBr#u1zf(&_6*r?S=3Xf zCN^x*;~wDj7?JaQ$v;_Znt$HXbew?n*u-_>#N|s#vn17J-bwE=e1ZTYXW{=dHhOZE zoUg1q8Y_Ev+nL=CVjFJxaUdg*0!m z9VE@%wnnPgo}?rz$Kx=;BL?)-h^k69PI{M9FJXY)H{bqvax!k$-+mUQ(sW`}4}yo} zS4}vb&u=M5on5�*;FYu(%J|n?x-E0Y$g77$hjeVFfH7$*pr-H41*B&9qlObKBem zzSTxszUl3}>GDL#S!n)5J&=L8pj>6kTzbj#Y`ns98YksDH$5Ll=F&vN3BUCVwR>Mi zm+if8+$+1bONu(Y5Zrs3n4I88_nF*p!hxKr%S_JxD=j_4n5mqe)FlY<0`%+@+YSpt zvQZT+9VJSQ99*&w{%*aGXrG$!CUO_w6vq~C;&vWt4feaBs&(9WIouZ`q+o9{3yT}^ z{7JaLMEQK3F+Z3$OspYuKp$T`*x2Q2MZ2WHDl>hQoTt7&-|XzAJ%GoJt2{R$H#Bt3 z1I%P4;hZebbNzCc84km%ITkvsW~`<|Ak%{X-?^wiY^PsBuQY#dPfyKWE)50hU2;1A zq6)-|0Ui4bX}%G*aD}$u#C~7FvVxC}>euf0!Q2Qlrrz5Q0HC>C0UZmB2Ug_LgUf$s z?{HLG9~LMniBCSf|B_>)8*q~(m=sW1xxnaZBS8h3J)UP}5rR7Qy_FOXfu4Q;P|ILJzn@w6I1@^w8 z1Hs%Cm=WG+Z7#rFV9SY8FEz`9ww$@6UOf47X>Y(bzH2`_*hcp6g71ff{1-}9#_bf+ z)DnaYs>u}_4nLR>b6HB=g^8YLE$_EP4cC}PW8G*qIUt#U{tbAwKO*uYAJt9e_}sVh z9NSIlXku#uKz^MOyz&{m4oreu2i7v?8GW&j^2dej+eJ1^?4CXV_FTEx5Cofg-Rn~{ z(vt!f@P>YY*GQ-QlmLSa4eeZAlwV`{^N8mcR`Pk$IuSuKR9~#h zns00(~9mIe9{EHWKXPv!;9z7>stkW^(*jdxiPYe`*w814ojW4iRIZY ztFTB(NoB4BDf^WKPccE2)c3aJ!a#6#7vyV(3#Cu_KvJ!PM7gpq^(Pt`-PFiL`vON8 zyUvg zGCM4z=KlJytDNBL+{g<$aNDl+<|$%Sn=TeWh9B#ei(X)cSBEnCzFJpc{?^9PgfDZg zG|)T^IyHr{f?SxLbKw&h{ZcoXaftaWr~A|>k3&o|YO`S41eHY`9P-P->5o5RNm1`g zy7^>N^?}?LIDvbdqX`mA`#YH)?iq$`vJx}QQmZT+0}-s5P``^~rpVb?ZV+U&LyNeY zVkcd^ELY!iPcP*2rgh!c%y`<69XxSGyW!MdP!NIC174LfL2>i~-OCk11)qa~I* zDvG-5?_z!KV_8RV>On2U+ z4kyRfssGVH@r#3Uh<;a`%+Hwnmo}8NBWr** z*@yar90KKHcVZ zaD*tosYx)Vs>Oh!*VBAZy<~IL{;GV{$%c&6fG}8i@5?H3{+b@zcRPUg+KS(6TG_Am zUCKEebJkdvm9()PMo|d4XldpGboCSHiV6~G7B0PuD3h-;N}W#BFKYeF+sg2@*f2o< zC@jhWhB$USD>n#;eh6ILd@WMi?tWVCiTN~`_MFalz2L?l7Vcl7Tk9U65q2C?TUzs& z=*lB+;Cg@1N_B`W#(kWbs!Bn4`iO+ zq9*3YDM~Q3J!@Mg0_LEUv<*@S8gd82~8y%>lu0nhW*W;mw#m=ZC8% z4xNAwPh$>kcNCs1bA`IPuMcZu)bFqKO=f(zX0H@RwBLLtcUrDq9&MfE4S>u7GmNzU zq?|U}`KsA0W5B~=4B!G6_-n1d;bPw^YitKely`irsdhv@+YqJq%p`@3%X@)}@l<6gtL z^24y6KI})Yt-QB*l~YX4Zd=lDQhNcp(XAGdj1zf%VP!B5Ovsyo5rXca!_QdOS%2Lo zsWr`4#V%8P1tx47M`8|}K!7dgrKL$AVOEkNcL!1_pTIS06To`s0gQrtNOO`#1$Sr6d&@!Z!2oXAu9wTurpd&hqF|HV8GVby?a1dcvy; z6-ET}+ui%$MtjSK5>EG1$5{__;*tl&Pp+(XT#_ytmslf6D|GY=a^=@CU+csA&i1|5~~ zrqfG~sNnov!WV@6riz;p`#(UY3gf}0CB@p0FR)-jtjZ+?Z+Os*!fNGWIqFm^W-dP} z*e@?-5=%)e5$j6^hd375YZVdaMQ){{;{miv*dd1+!3VwZX2HTNeQS)8fp>Fnh&2W#vPLi| z6Gn3y6J2nhf^MkaxoW2|svv^S*>jukIK;5@0@CobS#L5^=ZQ}CbsFE%b@c1fVBcz5 z>TFT*Jl|=$!EX6uL+kc3xCIGfW8`L6nyfiP<)rY)s}i$uja!VbrI#v!Abh4hmF`}? zE+gtiYOp9Eu=4?_Ak3Cv0jR(0wOfRS&!fUMI0Lv$2S2F}W%z&m9GlG_L@pvzcnMlD zGE?PHt(Sj$$6;gmHCyP5bPue(#a@foV$rj8`fp#=PS9ZVQ73$pex7g!`4KZXkLNIn zF0cz?l20y1wa{dDQV)KLo%OtF>ERtG;fn2-J1T%&ymzAFzqR7m14-ifOGve) zKXBdBed%BSF!yf!V3q`D%6r>;O&-37782=lqXB;T3fx!unwyBqAuB=iKt7@+;1Ry) zo95KgH=BoBq>4D<9!FwlM-Ca)sA1 zaz(DK$R!`zQ2DEp6z2I+gdjFxk$v)k5scw23u%MoMdoWyQx`t2My5BfvC_-p@D@ zelLH*d4KVyzBXlAIJDO%GwnlGB$p`>+>+nH?RnrGVR2R2_5A~qrRzYW1a`j{kuUs_ zRpY#l&!WgHg87zinc$A7SXwuWfocwaggL)Z_*ks4`Xe6C-DoH12*++qEB<_SZtMl+ z;SHH_U&4rtP#I5t$*AUvP4|pU7@d4&6zu8-*JpC>H-ezPoRxwxbAh+FUmL!EPs-YR z=}As_>67iQt#YY=3oY+Xv#nOOj203^46o})CwMfx6JuOB^5q@aL;z{GoxAd;oopln z8<3=IQ_-7jOFC$)^~&D2UmG0vJ-tCdCiv3pW&$HG9zyE}hq`P`iH&ZvL})%6aUTjd z`z_;AWzdkiidA1C=QD$z7$qrZbHG4jBVqkYvqMoOQ(NV*C=|yGQj)AQbMF%@;(i`> zZv<}Yo93KJQ6V!dxIz&ywu$X4hLfZxV6w^MXN)PDV zkoovP0w9FD1l^FumH_g5D6}$l6RDAiaG&m-faKO5PHfi(&z>VZd(}4PL4srG1*3!y zx=^OdcuN~a@YOhiQNQ&L**Zc#o}U(Vh^DP7FJx<^7$R%-ZgqoC@$tDH#@)`5H|u#& zPy3S74vh)R83qA?Y}KSyd4h5J9oz~`hrGUh;E>(AxEwpwtX}V(w~{Yd=Vq+ZB{5li zWbAoRcgv+Bsd5S^${DQmY9@P6R&V#-9i9*nc9*Q`Y{>LH3n_tdb{b%RL*P>4-N!~* zu2vw`x7`jmk$FFWxV2e)_6L%0y!ncZJ$o6WhMb=+G5jnWf+F zRn%LD=#>lVkihIw#vhi-t-_CAD#~~fO%2v;|6%*?F+BO$tHF^0Z>VOm54*c74r19f z`3LI9=rrZWtEn8#QMQTDp%=WWmk(m6Bs}(A+|ku{Wo9`wpQBvTvzH*ViZR2P`nC2Y z!c_P$y5?J()!!CiLgg}7sJ$*>{MnbcZ@onKM-XXHEW#_7FXJa{6ir*zj86uZH3q!s z8EnMfTj4Agbx0ho++XhMRLYL8&U`udie3Td&zk-FwTc0(D_pZC3UMfjOPA|0xU)s* zMb0Y3gyZWQhCL54Sq2EU&CQDQN!U*?xQ8Zw#VIe76$s>Pueob|USs zHTJDR=Do>%t(qC%6?^q*P!f4ouuy!ijDrT?s@f3kP}vpxOZ1OM#!{{&J0#HIfkgZ@{b58~c` z;?jRY{eMnR|3?q}b0Gcydd3&E?PI?<;){xU18?Ha+Z&#|X>yDmp|o}rn!s4TSG$6` zBa|*8*0QRD5gAnpJfDEay;dll%maX6-80ogCU&mVWRAQ|vIk{xKD)!5O!+YWQiWoG zZ|+FzilR02zZELz+}t=*!Fa zge#ruFKt)cRU%on=Y||tcV4B}*bGGqFP+_>dy!x^QTH;#TLA%p+wo_k`LjP2SA@on z_UVRvgO-Lf6@^EDOe~j!e(Q@J#^80G?HPCZ#EE>Q!glRuN<^w+l;z$TZt)_(QTSzb z-5J%cbCWqcLs{)ZPseueBzmUA@3{17_1d`<+U(z%J?m70#O))TsRZpATHUQN{-z08 zm%NwB5gm53SDIhyv<1z^bKa{s_n^;@PUNxVYOAyrUQ~o{|IGLtD+l<_eC}DE#}2V} zr}gL48;fW|9;+EWe=vkBrbFotF{{@{@kKraF9EGt>&}$0f#``>Y16KU?VEgdX{ZgW z=KyK9G*+npD*h>&n@FY7tn_rZt@n=R3(v=*Pyd))`OkBm_ZVKYx#sworcW`UDD}-N z=IEujcBH(sZp8*2wo!IcQMra$yyjO3;L89_%t#Qfy5FRx7|}Q6*cF+ZuHn-LG&`@^ zS24~WXeU*w4Ezw@DmyQ0;_HnV;{CGqMw}*$9?F)fT3n^jMck&)zU_H>Ke1O^r_-~{ zNa?L-T~K!dx8j9V=TM~22F=b~PH@^JBp&#dVB!*Vl3pW~$Y%ZgXB+0fuTd9)-fgD~ zr}pxq@=oNn;7MxQ_scyt-U9q(JV;<2&=S zu=;bncC}?~$8uNfC>uwjdij~2aBZV?qU6An_AvT#uJ3Q#thyZYOG0oS@!XD|uCZHT zQ!P4B&s1IDtG8gRDZ|+IJPIjsEwv~)983^Gg+Tb6g=^Gfw?mpGA=dpe{5q!1=1TM#{>P^P1kQ7|_d7^^4tG1EV&R9l>Ly{{E#OtkM zf?!?ax@e>I(36C-Fd>xC9^A`g@9EY_dYe-ADAsi@?MhpTvlB@DakcgCJA=v%wvNax zOPNR()i|jXS2f6&^PLbHTa-n4$Fy?&nq|Gv1bSVo-}AIkHZ()pGT{TxN=oeEwunw- zX5B*2bt00;XRp)c$Z{1QY1Npt=B&(yuhVtJ&<0F7yj?blCy$pr@$vl-P#3Wx`t5;C<88hT945q1=$jJGIx?E6eN(&pE1) zC2+Ak{i|Ie&p3?h6hj}%JUH=~5FwHQg#U*M_m0kGtPfUSjTal|$CVt4_l2{kfU2ty zKsy6IVn|nH@nNPrWDu%cpHg-8>A-^zK3d!L-}b%#s{6lqVPl-1GtvJP>n=%PwNlkGTC`-Ol2Shb96MD*)tSiem3Jex|ujtW#P(aw_L&qEqBjE zFw0NUcv5k5zAsIJ&XyatbVj7Z3$HGvIp(ey9(>&`vUERUF@jQ|XUR-hiz#nvlx{?_ zpe2E9iRnqd&a!%~ON^TvI-|b{J3g;YyX;3tH79>06c;~IThmnmQp<)vbCO2#x?G+W zx^J=q0Ktp^3?G#_WF*d?p*F%am}ci%Nv~ce?Vy%)8MaGI*Y)X@e%z&$>BlTAzFZck z$-|lGcbbd)&WD?-Ya%*d##1J4$WP$=-(q|SWP2lBxABVu+=RIco|txWk#Rb{Giex( z2X1G~ngY--0I*mYpdU9XS{VdcKZt&X6BFgJpUZgzRU=9on5*h5pWm^f&B8T(R_7jo z=$359g#|*k(MXqlhfGK`3biX{o^LVRb+}b8Gh2?^j_it@lvv(BJD;X^cSVLyTGqc{ zdh0$I?f@UtQY$rI9+D@p=R5KC`Plwe`;p(9jBQzzWBw8T6H->KR>5GY&hW@Hv`ZKB zmO$r3>D;XDmdV!oQnJV!>id6{wtb%mmVthE$3P12Y^I%QWS85!c6h+}Wld=G^7Ima zz<&R?CiwzZl}S+tK>XlRqUt+tj&9kste(r*sr@!>=s0sv_QPKAgv9P)X7QV?)XOSX zYGrO8h*u9`luxWhT@E&BqjG*il9noKSH{}-pDAM=Fu%<$1KsJ+H`fC@8`)p>xMk{C zjHA0TY_)i*)374GA!_Ug^+dlIFW-K&Ha4fkxiDgx!l@U_1EGbFZ#c$#m|ZG-nr6lU zwB;DjO;n)~9Ry@NPd^6Vq0H2{c7S``VZD}Nf4Mspcq$xQ5Xb)jP|wbSxfD6iDqpA; zgqi=6SbNz>+bb`HJNbCl;o&rFf$xyKs7$4^hWwJuFe zc-I-9)YN)g~v8J2Rw*ttHI~>zUPrF z(C9<#Ym2;zyT^$D{IzCJx~$6PHd(f1L||Mk1|&?xF_$xQ(vm$@s^#hA;`EGM%)EBt zIjU$JqbeTKfPzi%W&wsTFcA`se57q^^s(GzM9oMpez7QZ7o>m(gkru(CtoKXjRuIqW4p8T9{Qm`@?rFYt6FtyoC&wAThJM;}S6H^MZE50es^xG=8Zk8tx)g1k z5c&fqcRCH*8$F>3gX!`h>qe*Q` z)H5zg#Iij>DAt+YjsIv{XZnQdg}m`AkzFV5fx@`*x~}qR$L#v$@V|Z!zkq2#=%RA{ zwl{=vXOVa$t_y9!Y9X|bCP*`jcs>Y^;E}In%ZA{_thk-l;R*9cDAOsX2gzd;F zk+OZIClESF8ae>zx0vX@yVQm!aa7eT8TW4fVi)mn_QOf_~o-m zp3S>GM*+{o#NP96JUO#|IGRkcdvI~0%!`}&C^{pt%M19hIcFI<`g~Yo0mj$(_PpS3LqhIc@`G{Zg z-ngISE%oAfZy8Z}3d>dRDa4`1+`49-Sm3ac@2Grcj9ov~0T-z+)wU|IKRv=Teq@Xc zR2OQSc~%8nUK*=DDNnE=s|enENWMaDJLI?H z8(Z4DcpQ@m#D-)bQeh+BE~7%jwMjvQPxCW5=O7-3zz1c?*+$W>&JEk0;2)IZYH5gt~cM9;hdTQhEn7$mAuj0z@b%cdaswwlToGgug(kX==E(VkT z@Btgh5*|#VWZm8|vsT<8iI}VX)SEl|$@EsazzdHf-T1K4rEi#N@35~vQL49`q(jb- zFH@kpfL>yUDqPk0;l^IeS!nOi5we^r-0hP)I2O}3%>XC-WO~D6`0o2Nk8xX0*V4Sw z?d`5dr3I0gkLJ3~9q+nwFe~TUK0lz`jpFiBZFZqQ@WnV`TlMJY7ZBo+F%E?2yun;h zOqVCcU#!AR)n?N&H`0d80xW+(53O4-p26}^JAeODGCB=lG1hNU3A>GTNYN8-PB=Db z8D~}-%T%M3NaIaw4AywzdSSCg2-1uklYt+X6N}jJs(+WS2%;ms`>l?6SnE7V^^vC1rF;eij|vdyO1Z2in*o2F2j*qObqzMZp_TQ80k zOy%-ekI%vrZTeU?3`cP&Rep<$&;6tXFV9RYL9jA@FFRsjyfdD^EZ~;t5Oroezrz|G z8uxk;fxGaQyH)8+<9Ev0YAqQvt{~oJ¥8)nL&(EL7apZiTD+} z7OIOc=gh6S+bUzHJ`ix0>W_c*ZtX0IbBX0;4jJGL+SNadEZ5d`VFg7 z!t@}^aDjdTOv}n8l8oq5Y-sAOSjdKeiL0>2<9S^C5dQM3wo9FB`6@Rk{ja!e49?8D zp=xIx;ZIShEw-T=HdFb(Ja0it4LRpR&y6bWF^C)ny8af{0y2ubR=@Tn>GL`{8}UExmZJ4D9n~gJ8C8 za4z#^lj7i#$hB@=&&K|Rw%}?78w?NO4+%bKRFkottH1jVpgX^2XO2tceicnY!SB|N z$F)6y$S5&G`|o$3auKM!8H@QWXw}O?CQKHQ?)bYFfNfykb(Q#~98dH~J@ZnhuwDX+ z5^7+5VuQ<)BCrh1ulZNn==S3f-Q4{-GRV(mm_7WmqaNVUWXZq?w!|V7*!l%VRp;1W z6xKQt`KipGbVhWEJ<8@>LZ^+@SPA4J1K$6|5RmG z`oYD3x$}}YE*xn(0}dec{eq@@T$$?C%Bi&ZR#4WI>2I2oNyXWHiS;_z0*YU2E#27` zSAN3Otq_dyf;KsQg{TJj+pZ!bJnfj{sY<)O=An^z!xRTeCveW|<`}xmHG1aYxJ9fW zv;yy>Pn?Y@71o_%C@w)188RE>mIm*Krp@v<+D~_#98Vw&;G3#+g!%Nwo#6v9suX85 z-hK;h(u1it#a=>Jq8_PUeg$DP&J8x3H9$I_?SZ@mr>p*k+*BWl+kK%b2kwOq;WMph(s8TH%oHoe08u|#;@!=`)MBNr;amv40JDCZg6+FN_#OuEM&ki- zTr=Cb(;to+bKe)&KjncrAQ(sNf}38{)ANql1SV{PGQG#+g2_35WNZhLZCeL%|I90PTcAl( zNbFscjMtmU@1;IR&hB_wg*^DM*c3gKla#m3GD%GDX8b~c^uWNLt{i6vu?;vDdn2Q= zsnA)doV9jTHY|DvM21|((}r6&a|~nP)sN(gX6=GIw71TOa}{N|`g2Ts>GxB$rqwv~ zmvNU>X5&{`RwxpUmVdAxDQM(t4!g8oBW303GXSyr-cKI_@v5p`Bdybs(U8tk>J*4_ z6`Y202-#zmaqBOO#}D}dP{nro7hd&STEX>-PEV!F3?W2T8#_EuCxwsP#xI<@s21JAYgkoulrtWed)({AX; zNB8R-w_GwzQ$8YSu%k-{wV0+&kF=M8Nbz2ur)*Tl3)g^EmCf)65?71s0fg3A9GMC$ zFZ@7G8cXXi9x1vwpu2GRXY#f)yPfeE(a(#=ZLT{V)SRM(Fy9r3a}R^v=VMm3Lk zXX9GeE_5U1g;nU-j2cgXVl^0t0#OfQ6BvZsYFur(2Q58VX*3BrZa{v-(qN^A!auq9 zMgc$Gs<-y*!)L}U=ZH~{N&I{q+i7gHfkALA32|YYdQa*SxhorkCRo z{XPWz&OJHm=P7)>i6Z$5mGwTKV|k+IF|hZJ-&jrW1=vwASexh z4;nImt>4b^vbP^BhRrlNnwf1yLBleU$%^r;lhg8Nk3?LbZckS$ z;9Pg>GhOI4xm2YyH@}<@GRE^(+Ozt3wV40|x)i6C``nOzHn)wuS770m8W}#v+kDl@ z-6wji#}rf@XN}%$DQA-T!s%VEMTTL3TqB+h)@F$f46(Z{hzZ0xEX3{jM}5@EwA1qV z3a}Eh-5uqyIFU0QPW=!_CUF1f6|V0Z=t^U`+LPMByp-9MJm%ZsE~z!nj?X@x^uh_o z_-_ARD*vzL+)vVrtjBNpl`YMc=K2N_h~#%V{QfnqI>$k>pu5Av;g78DRgZ0F;3#jo zNA55CePzu2?9iG?hwq;z7d^O$iC)P#Ka3q2kAasUqCV+3XdsaeNOFe!%X0YC8}};s z&yEw_+4=<0sit|HHuRsVSVt1B&yrVJ)kDSGG}G;6@UC^;zuO;ghJE63#wWOwm&Z>d z$S;HG$?u~U^&a-~8;)_JTXM|m>#?XDp`g)R?MHx653MrWw`Hc!=M30NZQKQN4ASFL zonKY6$ayVo;cb=+XT#CMcLhhi7C??jHumj=`l$QVgeQL#1u(c&^KkYHyu&xaCxI#* zss&Egm?y}HUd`&*WI)%ATFLQp25e9XWHHPzUMlF`3QOaeThDs3tX-Q_mU6Ct&9Sn! zafkJmVq!eBV@Gt2N99JH%JR{(9_Keo7KC}0?Tk-$8mGyz#W5Q(p9-B&oDKSF|3T9Sh zY&NmQbIv=&2eNomwq2}_yGp2GYAvAGnA!yq>gGOCXepA%oN*6jh}K3kqA2+7$FSVEou1epsDymFlW*r2rN%>w zyl$fTR6Pn^=JT09Tj_jiZAqE+2g;6A%^5!d>71Rxon0D+H?clbf3ouE^Ii5ggQ1vb1IlFP2iA+y0tDe`$U`|*aUgt%?T9#F!X!6ldUnHt7c}H>}M?E#V zPZ6YHMMo87aMH86?#x#7(D5}lwtU$!sB3O(;lyPVTXd8yJO+8TqxIk;^HFgtZgRM z^#L#sRpI)QgLVo#qZaj|+66|kvmPjm-okj0-v1$J8v3aQ*4ENJo$t=NopI*WAm0%tRpY5f z5(SxbUq^8-)cEqxT0mW!wz3TIc892lQI8=P|ff9$6wrcm;f zGEU6VRk)GXYCC_NtaOHijN;$0%vE8QqK%$*cpo_tjB8WFc+=8 zY=)4#`oIvx_Sw%o{FbmB?2B`|sf38X=k#&tciUE6fwV`D3EH8YR4CzZ5TkfZ#m{Z` z4liEW2uiLZsp|#*#8+Jm%F)6IzTfBoS3YxQdH*_6Q+U_Kec;5ec+Wa)NHTy#goQTV7CxFH@V zCxZS}%^$B+2ZYB&s>|T<^-H{hJLT-^mkylg%={*8x)TQQ*QE@dmjvnkrrMrcJFyRc zEtcnT0RM~$usZyI7tL2Pw{Hqd=E2^7Ux}SBkrpWDj^s2oJlGMC`!_}U|2`~W_x^vm zvQMLduK>p+NaZ1R{C};0|NT)+3|QWx8QI_N18yC*R{~mn9uSyPh@@yYC9kP`#c5D` zb*sMc#cQdf!Wnv4)HK*Zx6&)+6K4A{sJKh_4Bl8GK#P-)s{|jHS+@ho)x{Kp)?be} zoQ$PDQaLQzA`t@UkApl{T$!g3W#?PgWdF|X|Fw+4qs5b2l)#_Iz@B*Gx|a#C=~7qx z-JWb+(OA)_w>Zu8zz&B)kOW@=U|p4GnsYw=*5S7$EMP3B6Z%Jk9>yUxM2DR#K(xi{ zxJ_8~>X~LW7V}E_ORjhM=IERAr)<0oN|k)&0rM*!rO-BIIry#-rEIsgxw$=r7&L0mZ&fQfN!G;HIEa`-9ZDbfV zG-a4HkKtEqJMOF9x@)7KZO96QHvQSK!#)VTbK=1*uS*cQ#z^(o2f>s;O=j7%k4eDg z^@NK+etm9OY92NuYTlhHvZ~^@Oa9SUPp<6_xVUMxU`}Lh zEk}=7zHL_wQGS#CM{rRH!zZ~dh;<|9caVU8*5;wJa%TqYftB5d6OyKVknIvqapOl! zH{5w>CDEuzLnQIKztf}23zQv$@@eFvX8LGUnG+qG>$4X5lbhq(5(J1mgSqvp3kY9XKDG7Ous)tUIO~pSsM8 z{G|ps$PM4-g!c-DlsmlTo!67)9M1=n0={p|501+@4y|hf+F3pu88ST`tTdu{amQeO z)Pn6QQoy1!qWj#@9yYK1#0I5hlRb65^^UYuRipACJBI^=qJ*m-UUJSU(s+}-QevUJ z*eMQ~ES(bDW~)qF9`Pew=b{B=U{f9RHvc0)u5%(-KFJ$kMJ*=<^1(Go;pa*W@NuF; zah9}Q%ry)(v(>pMncf8_XX1)l#$GI6a2+cB{bbU)_XRt>Rn1~;$ZFv-RI~0oGag3m zsR~;uXKPc+Gw(G66YZ-_RCnyZ5?umR0^bU7AcYv zYXRm4C92VEP{L@C0`seOCgTdBlH8*DzfU#It%FLw1QhY+WdU#bAwlOK3stXFNT?Mc zcqC!oLxRe_dZzjJFKmxgd;GL7+1s~RVqbx46#s#d+c-kwNHOe&1OL4LJdSmVP7_+h zw}}Pj*m)%~y6N`e05&`~

9$IDF0N$5CDxr;oibnPSDJ?65rVG_`YIKz3<<4H30` zgB_b4O5Hb-P6zyc37iVC$(mX#`4#%oe`ttchRT*;xrqkD)bgPY@z3xz3bQh#vUx)< zPNK8bNQC+MsZ*8#jLOE0a$xw2B+z5=&BDu z+N(YEBAYIcTXLu9u;Gy_wTh*PS0G7zng6XhGxRgEe+}y#}2^U3Eo?4Y}X)i^oNOf*yQi zK>On-weD1fJssZtqqq#QUR%(N*^zIH3EK`;X3iHK!^avH&Y?Q36usVTI$t9pTOdXj zZ%#;D)sDTz)HibJ=&sKp!9Tq^^oE_k$h0MB8Yw+PtjM%4SWNt_6u4F5E*)oyi25Ajw8i+iP~hhY`pU$@skC<)mwq6 zkUc@E5$qP0vd-tK7b+C6-FeaGm}QV;5AJ#0yfogJkaqX65MUx3G)* zslljue1SMpxh%obt*Rk-(64nKe%`Vi)6ONfwXYYIXWrWP;>Bc4rnUG=Ae0lAkauUW zuPiY0E$DN9-&=Si8$You`DZ7g+$Y_eyjCq|srD$G(k=38qpb^WuwrYFa@}$5eR*A8 zwJj#(6*)ug(F}7lxnw1ox&Xdef+qq?clMkw_#_ic;#J|@Aq^8wVtbd)(XH~%9wbTX zdi!2-3SDR@P))*W*pqLEIZs|T2|w{QqFs^VF)LU>EZ~jv4akJvMkRjn^*2E&)n>I@ zzd2!xTlT)S*5@db;en2~UrWbG(%Sm5^fhhtDM|X?MDlX-{prGuhXph1H5&G==^Em$ z=`zxc%(LHbX^n(X*Z0bheU)O-23Q`u@kSK5D_+0NbTjm-nlh|eaHO=dOz;$kQHGx* zud>@`s4c|CE2`skM{M2KzTDpWYFNW12Tr=xwNo6xYEv3LK{f`6o1;T}c866+{?d3z zSlf_#yOWCb?G@ObOc{qxE#Oorf<+I(5PjEtw{C(nB)4?F>q3uL_pbTC8!y9aM@Zfc za)bc}bAbGao=*%8u5+oX8O}nE(9BVRK>jDvE?ZtCgg3;(SMeEFc=uX#Fnbz)$}q^z z^H(1!S5b9ahnqIPABD#ZLPT>7Ii(dI_w{WQ%2$M(=&G^_oR)=(j~2HWu5(H|i!gpa zqa0&SQ-~dkwma?79~VIbZn5fJ3P4O*RK<5dj$TE!s_#Fv?a zo%ffSJ#92K+1WFjPjc?!o`9jcl z2sr8uH4}J=H~iOMFM1*ch|K=-rEU%x+l859Mi|_(uMD@!Fp%U--yeY&`6TN z^?|*t)k@CBIs$q_%ok9 z$-BI?hA8zl8@?R4x#L$8jrJ00ietRfj)j2SwS%pww#Nd5wOcwLE}!LF?9b2;fTsF&Pot93khm&imktk9kv~#OafZk= z%9)G3cwP3}P~JxO?N*)U;|*ASh9F{d)*;Jkk7>2Zk_}F}*LM>PRMh^)wlBjraWO5Q zU2xkr#_aYczr1aX%EnE(>>88i<3<>_8)#I?DW^0)97k`8>PujeBBmK}qP&qAcc9DZ ziLry%5a>Za@C)QdN{sf8N_S-+yJQ2E#cPQR1-tc;+CvyB0hikPo$SPYBKdkqqD(V5T_nW>t;zcoH-CY*b%uZz5LMIYeNcxN<31rjDF}X35yK%+wg_#)n+#ge=EF z1=0Vw+;MKp925P|b54J znRF;&j%%;Cp(ng&S4qcXoXPLvgFWeiKWK)C>qe!Ik1Zo{>Z?G+C$0OHFk%K*o7gdl z<^c!q7d4H>X!ZREW?*Pv;SG=y*iQhr4LKCxCRY-P&LgHS9mSnK2z#IqUYYN06?39H z-R_?BNRO3`DfMcSEb$*#0?AP@1q!$GwHJ`IE^d*CT1f;_VDMAc0~ zmPRpPJS^x}UUmM&z2tjR+WV(w1UbKkZlDH!75a(3Yd-aR60nGUz@v=f+gnD{!`0_z zfpHQa4H*yX^%aP=OBB|Rm6RI)<)2p0gDet^VuKo+89p8^&D_qm9X|(N4Ge3u@R*>c8}N`+2g}as&-K~+>J{W0O44gxcZGi{bwNvOx@;;+}{qq|?8 zCEd~;vs5ULyzV?FwHZnp12nR$acLTd~LBRJmN$)!RoV_Tmv8#Y;f^mSf+k`PWw zcZPl5xxIzj?uq#}w4T>nKLUvSMYEG%ugXvRDbEw_bI17<0}07xgK2NWK20 z#^rcK#my4?_OafvwnTJ^L#JS(4OtB0wsq4OpW%N6eH$ZzLdY3;v);~bG+IIu5WhC~ zAWf7#jE8T5pvZ1Uu02%-zct&lS?%pxRbto1^~C!E+fEF5%tuh_icV#>V$VKRKffCp zs^q<>o`X+&mlIeJXeeg1{!kmKq@Pjl8!C}QD6=$luIqo{d-vIfiucS{nN#p@kn1w8~Ph;Jh zL6MTnXK`gRx(*yB8EpSsS@Pfi{R0Yc(Eo~&_4kf{G0HS5eWu1ML-P1=>&a@h_`QXmg^jfAw@nLJ$BF=gg!M}amx^qjLrhPx8yiUYeD5J zX9`pkd=hPyXRr4CiHqhev2Q-kRB_k80uTb@>Kfd4xA(#j?p}0Ajm16g$a@11=t&&U z@F&^Fl;xazv>FXlT&e|>TrwtF5{)n4%Rjm(U45dC=}IUkT3mQoHgox?wFGm>Q4MH5 z6#W*zMxI_vHNLgu*3sMEI=#IUu%oYUhsx#{>u%fO*hC-5%LDqjchp*I`?b$dklN{` zDiNu>d=N0@pZT2L+M@*bI&mX{a=z-@qT6X363#-yNM(59?_s$0N838l-w?FcjK)FP zne5JcvCQjfAT2PM2QNmMuy&-Ej3nj(ZozZte4O5+0GtxWJmEdwe0>v68p>9(Yl(yO zRY&@#c>@=4^?Sva@z^O07B|>dS?*x5t^PeFY4O0`nqz+D8;8(QhV#m!J&GP<8Es74 z!j)OVNXln)^2oxVY9nFqUW}m64mhp)AIDyATzq%HZX$9ISRJp!)PaRt+wmb^p6|CK z%h3>&620Gma}K|H#ukSSAy0ad%kgvQo8gZ-GEEDu$P?H^<7|U)%I`cxf&_HQR5aHH z+hj(7`%-e;kQSfmb3=|BEsMKK1@U>t1c|kcK5R0#g^pflKqm>?!JN{3b7JX$^vIc0 z_A@?WbLzWUpsOen-(;NWso84{RMc-mI>~*d=2y5?%A;3}X-SZft>)GeBJ?! zw=mL}v#%9k(x)wm0X1g@kt1bu9BP-euv8T~0vV(H(>+>Yq?&1DOWJ0?`B&eb%*5Mo`7c)=u2KFV2GxOVURQZK_{C8- z2aG9=1A{M0Q9`)F1dnmi>SWQ6L0?py_nnb)ik$dbE8<%nv{B;E0cTVZf}$5Zp|~2I z%*DYUzUIste{%i`nHI&b9H6I@AmP{o`p?eYcon_m-(fKB*D|v}d-wg77Vv$Sv%w*R zULFw=BU`&V7cMUJ8d~h0T0D7_bVgdw0Hr9NsT&{n^(()9!_)BC?CY&$9!b-c>Y$Oa z@Mms2)sksonT0Lg3E#yQ4iz>pv6X&OPq06gudFp&OBEzyKJG%t2ZN$-dAbn)z-Z}2 zGg38_=z~9Jjc)V;jSjncRlF+?)a#=*LT6A4j@MS(Q&npk@DukPK2`Tx7JcPy}}A(_()A)OT~C z+uGhN7A5xg_$|#Lvl^3}5et2i3+QDUeu zd4--us~qiB+}5G_SdAVyYtx|Nd6^=x4U%a;mgQCtW@2I#C0dePwH$Uy22@ zRhzNWHDW?%UQn=afwL@&K{IpFXbVZ|*4KK0%J}Dek6mtB{q46CVp#OS8>mwTz z@1g(E#?EAiBkk`@9G0jKfDu>@zkEh8IS$OtbPOYkcN7c$59#**KCJNnyRy63{y#1QD}~T)jpw%;uL=pPRoB?| z-`u~giw2XyPT!4D_XNyr?2T7PL}R+I9o_-29-TV~gxA%zE1-Mhz|GNZ_Qk)|)V%U> zv0jSGJre6d{5B4d0`a=oatt(=3oSi)_ui<+)|^+??|vMaAy)}H@vGuthRfahLok+v zRpn8l@#lUDDA9~6?>jEz5%u+tk=(tv?h?_#?o7z4|GUD%`WnM&WokWej4h-zj1|*h zSh{w&(PT#DYK8lV_3r_%;p(AsSImja7CLV}1l`eg66t+c@Wb7t5FkRy0CR zfY83}-eKF0p3Ki0M9q11ag>ItIO_S_Xb|+X1u8 zkRq?`^U}=PQM^Cb^tUBzgC}BQ1i_N?5xEr=?`ulP(6(7qMgmo~1X;;jD)_K~%AM4J zC67A1Cy$`wQpE`|*w6{p)P`O7NcTze7$(wW9~{<^EZk=Xx}%= z8ny{FkedYEU-5z8J%5h(=iW!$n=B`|aSoB7<`p3#8%+WB|4mU>=50;cEW2%xFU7y8 zBd|4msR|Iwvpx%gt4`lIqdY=&!cLW&1c#lNSx_6Z~eAv;Pof!%KHId(xL<#ls_M3ncFp~})9l*{orxlN*3I9K zI*zt{2>#I=tFco~ln2_KxaVUhYmaI@Wdj|1dI2jzx+KteEVlAQL*~!q-VCX4)8B5q zOukT%fT;N4!0rUdwkRJKP6?N9$|*mj?a)xW8053fU~}8{*}WP-`%(wT`D4Qq)j@JJk&~VJ#Gu;y_xnLE zdbFBv3(&7BPr9$niKv-t;6nG1*8Cwu>IBm-CiBxpH zDQH=u2xzKRj2Zi!O@q()Z)Bc&-{$0%egV4s;bg9y=Lq)UZ>8_bg;AM0A7UiyKDv{j z@Giwdh9_i)%^Y)Q8;t1_{a$%g>p7d(REX0vgn*Kd+&36jld}u>Y78DI560T&$hzF= ztfGUxEozt|+b{Z4#cOjyOJj^*u_S{170l(nHS7y?BvOBmKTslK0TR(Mcj4UZ($MDZ zH;7Obe@|WX#kX6&`RJrqhXu}}A*nWV(-yn&pb0`dY||%rNYY~KgQB3SeN7vZmbeV* zFC=tr9IF?_(Wj5dHmwnts-9fsYP8h7LYrq5D$=)wB-=7dAc+$e}*LOT#|9r)8q! z1BeEK)Dv$7&%CQR=uPbL?XgQJYr_t&sj;3XIQoCJOC>`d(Q|aY2{s4Ittz7Q z2}nq=l0|}&E4j1UZe9|Mi$6H{n@;WM>Frk9xGdWP&twsTGl1i`0aXcY?vRe@)fG=} zU5F;}Ky}Q+dVPCndJbQs`J`?(M)KM7BzF$fSV9DTEU7zK6Ey6h?3?qFJb=Fo#2^5( zWk*Rd-}VzQmh)IL*_f%@RZ~$AoUa?tstT+ye-^}uJ~QznJl6MKBxF^&8gwe4<0`Pj zerZR%>l~=c+0>aSaZ5X5^{VIAdbn2h9DK6=TUd$HD&I1*s?LGbxTY-7f4$T&*wA~p znzjmhmvz2U-;`I>8B^xxYrB-(ppC;L1H|!VcrAv6#Lv$yDHmKsISv}#%!qeDzJF> z<*{B4TDE_y|FsLILkE&=on?FdpvHGs91OZ?T6-cWCTs6{j5415(rR^Wnj-du$kpd) z7zaDN7mXfd@%BHk#8Zlrf8~%Xr9{pHX$$37lKNP)vFIcqGlE)H)r;`+Zw052eel%+ zh+zWwu0Pp#fY zNgd>nWMzbYEnxF+qN1||2=d8NbILPE4&%Qt^MS_Wo*Ra2%56&qAaG+}%E}001&Ook z@v*jt_XzRLc+Mo1|4U*(4UCo0Wm3|<+1EM4k<2Hb%E~4x1@hr|#v0*BjulzVczc$+ zjI#xe1CQVu)<*Dm)mc-uT78p23n_L;ZWcb(UtU1W-k6a4nnx=JRx2n^;+|SCII-gm z7o}y|2`5eC29_l8Atx#Gh4?KLf+8R2?+i;Ya|i0|_N0jriB0!V3bg3T-T}vzpAR82 zOtL4?LR;PiQmkqJGEgP=wHj>R;PUBp7}eh#wx%+Zh6D1b%2d}Tseg`?&tGmg+Kwwq z>FhoJq8?Z;WcW3gynEIb;Kk=HX7=gLft6}^dHLy}+9&UN8@Qv*e3tIod6%!kN3O~v zs%?vr-cz5DDK&X*h07sIuGo{mp9E>1Ydn#!OuPE0`naNVySi)F7sm`?^je;bx!nH8 z9Ba>@^G>)6+V6jeK9;BTb_PjQfV6Bo$LY{}2%lU@6w-P(mT9+88BTc=-i|2)vYzI@ zbOxt8*Kxc*eTBCQ6av@xCdysIXPE0Yf2c^?NR2DHe{Tv<$TOa!FCsp~1A^q^Z|A2q zECN;^7FK~WcdgNOkaVVx_-;`O-oJ=A)jDnn5e2hUBTO849@lmD=ZjNolz)nq#9NvsPAc^DjRS=-m>(6CFq z?$N$^RwoHrPcR|x=4W}e-<^{3I40d`V(WA#F6XY%yU$uvU(8IB+7q?KE}YfAdspnT zapU2;=a*ID6tN6zJPeNV>a281r*1t>}8Z?XY*`ZncTFWpv(Wb6=(Q5~gk2M=2b|%*x|M;+$nR9Vhmd zC~Y$oH?wBcO{OsW);DJJ2kljzu~Z7N`s4H`^B!?aS#$znI&qqfo#^r^;!gL%lXf=T zXN{Z4g9GBnjydYzu|hRu%VZ_Z4*H-V(Ljxt>?UfE`UI2Q`6H-exGc?Q7o!$<9kn^M zRmzimo)uci29lCr)cQ3War3X*hdN!W(8UWHs4p6OxdW88;=6OX7dq?iUBGvd-D@}+ct>EB%nSd7PL)aX~P$k8n7@M6sfy6 z!&!*)R#Sz`@Oturv1$eZGJNY|18(YdW zs%12^Xpo9p0iYc0B>jp7GCr{`@@k1hCf_T9i+cd+%>H zX7^~F#mvymrpq?k1_rc7`uqTzxI|&JL0N$&I&;;0R#(`~pS(K5!#$+Bl@_GzUbt1V zAZjzi6r7{BgO(SY(F<%wcZmi#`@&?ZE{-N2`-tVgw`rd&d)Hr(! zr^P?Ag>mXph3UEUnhT$rQb2tn8d&n=*A?vd3+AfeRM@6LWndlriVKw|Q{>yPzby!o zn${hx4GwgHwn56O?rZL;G*$~3aj3TEd=B%sJIkx&^1Ldt16ti`cql#lLfw7*RO)T$ z71K)&d!BP}3BCtCd&xw;A3aY$8?+Yo>SB050SlxUV6xEijEXplTpF-EzDew{aW*ZQ z68NJ9iGmTcrG7S&uymLB0)^Lz#Ze8>pZs#1)$A--NKV~>O$I1+d(zFU>6kIK1$_lv zLL#c;{c1=eMv~L7eXn*I0_229;V~^`S3gbB`v@u#o)qZ<^}2q4!*BC2TDOjes-H9} z^8wAi>~qkmT^{#2^Z|5Q<&KzHd89dO7)i3oPOmGubC%l#PNy4U^YLFK16BebKAkPW zB{njLEaZq34K=xBTK5s;0#gANXzrbBUttAz70-c{<(7tgEpY6KoV!?#T&Wd`%YaT)6UM&T@2>~m#KSydh9(t244dHSJgyJrM$ znV^)WnbtkbPPy{17252lax%Gp->>Wt{2`#s`VAxF^W3U6Q`OXB}DgNae=lr`L3k0Z_9 zxI8cKJ9J7mIbb22Ta;|ks8ohN#d(|yRBvZ&<==LwZDQm-f842B+YE3sjx=nyiYj;< zUup?Ta|u_A+jbW*t`rA+c4}nt%aYo|qvFw!<0scw%l%RK>Q$-i`n5Hmc~HThf{L0) zurC2gU_~^O(Oq9|@0FKa=xCLHKLbMuaS}E~2QzfRkf}DBo=oSeA5ur@?8t5b!#yO! z>+?71Jncq8N;8~i_FGTd9uYN5tAZD~K_t1>ts~%;GAsh5=Ub3r85DmXr{}>cVbyC8 z;viUR+llHM_+$7%_Dg@iTYsUOM~V?V_}n}tx>Jhe+}(zIFxjxXXlS8FJveoiU@7QG zzmo=iIB442EPvQU_71}MJG(FRAu{PY+-)R(S-lAwDNl{VGN*fI1AN2@K>of-JyW2mF2Hz$JB+z_IbAtP*l^iA)NAS zV?uQaKr^(LAW#a;PBnOJ?-CUCJF3cYnX1t#gpUH#UL^}9!bxh2Z_P4i1@y;MLPlzX zJzdG09&4DcBS{+qmclc0dAb9}`EWKbH`8j@n%5tKQ+?ieH66d%@lG}HS>a{KNWost z(`o2rjiPV&sC=XIoem2y=x4wBUAFJ?3J;!sOu{%6DMqlTfJy2HzqoI?#;O8ysp29- z*i=%_MN6XKs9E>bS&)%6gBduQXlJhL8ZO8VBBw3ghpUqJ((48C$H|hbBz;T#^t-MS z2lu#Ff_OCC+P~ji^7@_MFczQa$9d=#0@->v)`L=Bg-Wm%WL@>8ou)b*m{#Pt!uJ$c zzc6HtPjvj^qqO)yWA=f~k8C0xE?v&-RAoKuqy(lo;=@h`H{V7ht@#(<%zk!$H6I{~0=%00D!ao4Q|7u{*xF@*szPmX;ntr)M%HNZ_I}^~|8+%uW z)7AXkKMzj3%}*y-x1;C(v~P)P#$3^!=erqUxOnN@*w|Khl=GWKwvK=rw~hHCvfJus zgj1Jm|J=-iwL)b;x8(VEqTVtwEX9yvhv(1s9r{Q{VtnbPm@`VMUTGy>z|t&#aDWoQ zMyQ~Eg%({sAy-!Jx|rvOe#!7{#uXrRnhcFXp0i2e5LRrc~J&i^niI3Bcl zAO0HPCzyVdW%FTkFQ2m5&>XwL5^Fa5QTCS7Et^(TuSn)N^afu3<%3C}wD*9m3L#v= z%c2d^De<41OWn$pLtIdx&@LG)-INY3l;hXAa69VDRcFqp0W$aG!tO<2?7u23A{GXU z)6APTA3cvZ%KR*ofNgRkoTBUQMt~uyF1grI}TN#Oy@eCQV(Y*eB_6`%HV1 zT%K%I`U}=4v1%kSwt9JWxym%I2`rk7BAkg}&dAc0Jo-mvgM&lYN@Ed-g%^NmjWdT6K)ip?Wgz zQb2IntHTx9ZUKSA#?ge1oD8F`*yc?P_pqdYh|W@pU171=K)RWbKca_l@sKtCB84^9 zDnE*8XqJY6ZEVgR+@ISo%}RD}_gI}LK8Tj|_gPV@A~}}2au@22$Hbx#^Z6{zuutx0T*9m(u-^o$H z=DR2xQZdTWY3jYYFo>3(ZY^@TAtpK+cie8`ixeag`}T~2PIzl&nwOLPlR~SzBY8kj zLMWE?8v${>y*$KPH=*D>d<1V%nAfYG)%nqJPr#;%GJMwlS!cTi$!2q8u%t@XOIm$OY3UyssgpG(LKAvkZO#Yfi-RM4}AT(gSs1T z-)Q9&>+W5(wNF2(H5sNXjvyBZ01b7N9@>MPAy7{ZOdSOJ&}!2+nzxc%8G8 z$Q7HMXmvrixI&`MYT#7J?Xq9*)&%qy2b8}S&IYe99_yu`%nK41$$}wwy!k7(swJEP zp1_k0|Cuh@ue!~b(%LE?0ddIubHI&m21%8_kvcQnFHb`- z%`Kx18=!$^bcx@4XUDu;9??%o!rBBkNpztWk2)WOT$haPjHSFxzwZ$v|D_zt7<2?r zUYm1vA9DODA`+pKCe}o(ZT`J6jUr6sxT)HWjz08VH?#H^YrqxsNA_}M>wPdV^o_tD zI=uE7`KB;^c)k3~u8p{y-kW>8+%`sJ4C%I`PG8Nk2XKyM4k1g$oEPU${Gis*Qx)~H zOG224yXIMx>zn?r1$_3#d){wattMeLI|;vji(>U5KGdQ1P~2M_wRzq>tJX0(&m_k- zYys8I{G+js5!D$y`_jHqZMiOFTkpM$7LI@F9T^t;MZ@}{A9*!Y>K5G@xG7*rt>tC~ za~N-p!IJJos&Te{1!MRPB;js)Q&qAybHinXWK`gEQl_wWxToN@B#Mdy-0tW?2}u47$KN!wZ_v^-s9IVDKdy>|Fc zcKM7+Lw1Usg;~Cp7+)8i`RavlTozn5+=p?O&}|$ZdDW>x_H~&XBLE#W>x0L|0X@)Q zu(r82nD=E;XwqHv>fXhV!}$%wC6fdLqcrv1gV?|dJ%-=QAMyRO2ywo+zN>@r;z^3% zGFl8`meaVk7&wE@e8wv-{nXJhPtnCJ;}p!~!nR_Q3fo}N)Y=$Tc|nz%@;`8+a9*+^;k8UmWZW z?=xEuCdvnA1xwvz9g(Y^v`0DT-LI`7;sTYu7i0Q-Df+ELWpyoGzeLEt%WaOEuDEx+ z{&gd=2*Pr&g^s3pJ@*d0JeT=mO5YvM)|TGJ%fZPzWg8)sFof3}bY5G39!~veQ+lHy zNzQ1&?%nzG4=?@WZk6x{n>As}Y}c;6e;TXf<&i5Le%()-0Ho2b@ATj%;@O9(cFGg! zo2Ucj%8xPZ_Zy>y(ec!>AF>+7%l#>*0dvq*23 zpW4oh0$HyYzHslpr0ubiMTh;q+46x2dfsB=wpS}0i7hb4cjwHslh1V%C{dtAw}q_l zCZpzN`Lz?6K5Xu_GAn}Fgym7BlvKBZ0j3i6>Q+&pD{Zn>R6x13Vz4+iWi+4Z*UBv* z6nm`0dn%`3Ms|W)M=#$lm#buhdDRhH5e5$n5kj){h~m~f$+}C1GzMw|dw2ztlUNHr zO}A}*V39uF2REB7suzTpbp~Q7zX*6;g=)^6|MJv351U(B5z17#8%Ge%am(;ekuw$@ z4R17c5=2p7>smJfa!i<4MF4mV4MA7DRr=>7>Uq{KV~1B$UgNnS$rNNu3dLg_;IU%4 z#z#4>RQposu@~R4yZMOUWqnS3?-s7b1BDZ0ugR`{r`d3_W$B*@PJyeyBh^vIj&&nG z%RQl3zd0p-&KUC1wxkryy}x5b1G*j}Whv@iqYNxdFVS}4%S_wNz^BID4^{z&)D+-O zVv+(}X#Br^FA9$1e3U$W`gh^LGtEWLA=>B-IIQIS{Ye5Fu) zY5nT{6@_=r^M_^_u-S52U>>3PgLmpk!2`xtlkW5u4ATJYNeHsSd3Bvha`VI7F(UO1j$W!_eeXT(~`y{cA1}qBr@;TC*1Mo9EXzx&s;NxHq8^V z6CTH?Ntb*_FitG76G=DQK8dfYw4c(?_1tcP_g{)TP<~;u(gTVr z{GQh`LJ*d1}0O_VErP(xCYx8Og1W0?G5tS;hrv2wH+7CZbzLm{KD{M!0(UmS&Y@nMkMd{PSxVhc6Kp2q{hM>7DnZtls^EWCUb zFgsdZM*|8rkzFppU1s@3AMMvnw~hTl4`{Mt#WJ)5@t6!Frj7ci~k8FWqtkGOA!_sqX{Xo@H z%O9RnEWxZkRWH~-har^bc#%?))<>r!oJQOa9m1Mw9KPb#X)Uh`7!c%o5-nITE;`+}=?@fdQLVlbV zi2wHAIxS&|&?LFs)|5e+$zF5xHdtHYG45VsPcFJxSrbTe3#>GFYn8pW>YJ=HckF(N zcOv@8id7W^vjfugRJ{@?XO7@STZ8|LtbP7my)lw^(ydOcmPJ`ucy){)6kl)1!4iD@1FrSck}Ul3o;YLem4}F#7xc(v1Dbqy5_sA-^_lt0cFt zWN6IEE+2TTm+G&W7uqj)1dknCRm&{&#NBcqDh)4nr#;EFlvF%f;<3YM(4*{Z`Q7~N zT<T+nD4uor=Nx1AUZe0`yzMy?8c%rt zI}<+|z_$0}4QirC!#}6yF|urqvG%8L?ev0wlh9R~fU4X2vSAYa<_?02zkd0>7Etyb z*O1<+<>)Uw>q!on#aU~TDofh|!T#IlKK~979p|6fp8m&W``5c4RUb7vCfpU2qvA-} zAw>M`m$lA;d#Js)`P$#!>7R?k`pk2{uEof|XIS)~&y2tQSmYNIKTUNR%kpkC5i|Mn;A>&&jz;tU?Lfrm3qTXkgIgQZ^8O{xT+N9huk=!`U4&)p zv`KAC#q@%vRe5FHo*n4er_`;lARo7lAOcv0V@Tif_5NX2{r9B`?xzBZL0UCo+2M*) ze_Uq{m+Lo1B87zv68XG8-X>JU3KFZefN0ldWn(L%YAtXJ_xf&6nXagIvOF_3Hs!iU z&)!6zQDEfy6W~{|@B$=5eVfdK?sL%RJM z3>)w^-=idw=(#Weuyi$UugJi!23$dSY=K=@%)_-B3WPe12P2jX^pg_jf0r8@GT2De zw#(D>jFB8L8s_66e8OS24?p<1AE!Jo7q=|8;u|5I!wI9K6mkAyV@!FjRwjevQOalg z_PKI>>zG9@Y1&Nx?KxcC;MVqxl=33WZkJgLIp@k`BW%Du%j{?Wg9-e{S_KPH{g3UH zeKVpKILK%KG1jJ@6U@xaK4>Y&w&jGJ>Y|-_$w%Qu06Ba(_`&(-5eFw{ckMQ*fEsq* z}e_0Lb8M(sXc^-0oXMwd%zvMjz8$UHVz zC})*?00|!?23o@7MU~auZf}DCvQEP$vJoSePPi`;*6m2ZXsepuIxMt6w41~DlH-AU zvt7ue1(lIBnf)^xwaKi^I7u`4`wBZ?o7qQj4%MXQ#Gg1R@3A*$S^{t|Q@TWI9jt2bs z177CzET9*XbTv~qL7G59L13{LeosQoAdQs-TZO+vLFS|vND$hTBa9*pEyH6{7U zTpmbLLxgM>kX1TVxGp-RDJrBD7W^oxm_xMWb7Dh#O2TOzv$`YlPL+|SL-l&GXT!;a zrqg%#`~q3q)ns{=+ZquRv^B~eR*@m!_`EMK3L!QJ7f3Z81vhWr+&izMymJ8MIS+#D zv-RtzLo<$Px8d02=Jj^-Zqj;ZgY4P)$Q|S zUaqnsD&0K&u0`mhHD5X8FY%#Df&15h|fdk$W)xJW`*?YPW3PeX9&B>zCCnSP0 zZ9SyXVIKf+oH(1}lVnqYBH;r>37Zq)+(w^o9%xQw97KIz6-ZMJq_qI@2$@EkG|HXm ze-Fl^qac)9Uw;E7?Ags&aZ6J%qYSP3`Yh#_G-Fj?%CKFDqt|4MSVIKQp-R}-K)tl( zc}VaP0&D0YPS;d~m6jctvUZP$<(O7R6n84XpFH-?zts2^QymwO#NdCT(`Nn;^-2*^xJiIGacu#2-ajC%p^-~TX z=c}M!UhDRly@HPH(sN{Vs0>r2%*(fUdf}5x4N+!&KQ3&tX(j<1AUYUlrHSyiB#8a{ zDEL43=lNStbI{!BjZ(m`{L*et**QM6LSGf6@wbAUi|_^HgIomIhs#q4=T}wJh4IDg ziDl{R*D+dx=B8*9q43hSs_RcH`gwM;SXnfi3QZKcufiiw?Q{X0 z3YpPA)a7^hN}^MSWEm~nvFhS9tP z8g%17D6P85Hq8z7Unt6X(Ac%hHEj&5rpl`S_C3R*edzPI5LE=@%$aSivuzJu=p!B8 zBRSHdt*SUUXzr#`dvERym~C z^JHG4yu#0Xju{y^eQvYgt(%G}pO@mR-vP1SzGE?`!Koa6cN`=}T5&*6B%+@+)fb)J zbR8CEy~-!=$re?sLHfZj1E-kzZY8@{cjIjGfCzIWKOt|h6KG8$x>u9kYh!N<1`it` z7DhDid))}NHud#L_={(szTf_tLAyvO3m|%A>9cO82IXQNU#n<9(%4m^4X6dZm!0Kv zEBu-eod>4ou7^G&2`N&LDG$onF^pDrQOsteC0_*Wc3R2M0TZVujJ%@hrU9}l%TnZ4 zEBLohg|*Cp#VK%b7B`LfI(y?bQmU+nd|53)O(gO5B;qgA_Oi$7R(o*FNo=!_&ZF9Z z8HR=thB!BSzrXjqXT96+-hZBT&UdZ(i?x8~x#xNA`?@~YC+hZ&D7-^0-rK4k%xKyt znL6-Iu1W@VlzzWx<0sR?wT~Wm$t&@f9M6n8k(_}&nCiB*M=P_q=(iuZiJmUk6VFmQ z)FC?lqKMlD<>MU&<|A+}MP3HI9?BvK0kOY7n&of22BwlP45Zw`kbtHhQU#6*2TjZE z8}0S21O>L5Wy(bbQlL5ATg|5Kz|do?5CV$cZCfqpFwH8?Ri*BrjL;My&6Kt<^j6g~ z`HCMJecNRg$`r|22rkrF@esa?8*avDBT{}dG%kKrDpIn+r`q5t4!@TZrhML79aT1- zNm2t>4&O(I2CI8d<;qAaH-`3ojINM>^K%(erM&}l3nU`*HE29Gi4|!QuG7qZLwYku zh}G@%T*mhF8D&hIp{Jq6V8UGnFh7P=qbd}+c#pdl2m?9(!HOfSnUD|?k|0-G4iwT9NJuoWbR#e*N?GB zq`~gO0WHlv)h!+`?5m)yCeDu&R9>mvm6%|T!Y?{dUpxPL^q0IKdmfFRgTE>XUR}mF z+~Q|@W^t~GXjYLf6F|?X$`v-9>Q0s)dX!;7d;F?G!8{&!n9XwezZfi_cJis#*U9-Z z=>Aw(AZO~dgmwM(;2wr6qTH_wqE)E=a-#;v%};Vr*>oBSKs?4xC2v%A1ZG{mCx(k@ zQ~8c1+=knzFu$h59V0dYp`-VC>Wy88RB>qLGg9+gl*=qs*apPd+K!jwPB?;y8d>@i zo>`v4e&{@*5u0okC8>p8F;y=lZNYo8rv`tP!siva07CGDY>f@F$K1;@1t$!Evj%^`zMrzRLC|QzVckk6 zG!wX$A3Q2pDIbEw`ZUxEf3wa+lF}%pJcN|T2OGfICEeG*O~&wBl2Vu%ZJm&%VduF% zi)2~s+sxd}NZRfDrAJCHZdRx1d?zY>Me)YQ)RKtHLUDGEYNLLrTM0(_PaQPaWAsx& zXGwLrYYzBw2Ly7SS7T-LbINDFJ7(&}kDh!WP78c`7CB_`pxOV(D zG{GK2!dFKpFuK1OcT|@M>;!c6;DUkhLR}U;p(0`Gp?E&?QrxsckoW%dk9_@#DcA`I z2xV77PIE`js_z<0>~amwaFd$Z&lw!cI!?VS$VV7fn9Q8L&`x zb1i66u{>8Ko&{AyAH^>wG@N4UYqkdzV7v5>Jcm*m%Z;+?kurZm0M6aSZZf8e;4{#~ zg*La71BzevajA)UezrmsOW3sYZWwrlH(lW+^sfHPg37ZltAp3x3!-!)V`7A(H54;H3q{cS7jwos@j_DwnyR zTD2Oq8C4`HJ^jL{g~^=)SP>Onm(jeLY-iPqXyf(OG`xdOmEX#87&-a#j?i9%0#EFwXmB1D8%eoCn*Wp#RV{i9A zQ&xIbipBl(?z+fuG3<{;!d-UY)%29%PF$F@^EFPxQuSJ_ujs%i=jk@?4RyW~UC!vq z(m*mtAw&{4@1hibXA;9(Yf-A~=XY19A9sMMnl~^=t1ck=u_7=*V+AWk>4-g2O%+ik zpA^%K?Je~bwl~<6kj#9_Y5QuqH*Qcr%Hp)}>X(>&>{07a*`3kBkj1JOiHlp`TUnUk z{Wrr056>A&##I2Bo^oe}VAMA3Ca3WePO=9jfxBh0kRCjLAW6g`tHLAo&SW~Yp-Q6C z+a&z6z4)1*h|4pg24Oqml+POhcMyNP-^&^9fxl(BU*QZK&qtokUKf)OCTVApjeea3 zlXpa%+vuS@0g`%T=PhTdJ$NY{^qRiKfW#YoiDV0SZT#>C%_PLqfT-p)EUd4WpcV{K zR^9qn-+`_#|2JV9a(B%#T@O;3II~*Tba)_!n5oy#b>Wc+D}84+PLkxE<$Mk zqO*VZ1H7)^j~1#SATJ>GWqKmW$m(%QVOB|*b~>n;pc5$jz1*(YXDw_$!`V`5H}7IF zL%aZ-5#;AM(zA;Xr2G+;_LZx_9Nbm=Av(isgF(nmAcr?={g9KdYfv`Hm4G~Utm~Y9 zQKso$VWW|u+Va-&owuYP;RYH%p*~B^(hJ8I_0UzeJW3 z9d#y_Byec`%pxEYFf^Gmxt6~r^8 z)VI=VW(+?8xmuQ|UU(nnTi2X~o~heZQqOWN)wjAtG>&32=sfN%T8d|CI`VFucG2p6 zBp1Iwxy)zN_h@wUyHLR*edn9M=zVQ&fZ5>KoN%Ao3Y5a+oI;CT(OI?dH zQY*`j8et9!%qefQCU&y6D$Q1y)iT%b#Ld0OC0P=O*h~YAbLD<_(#4VAm3o-Prr#qR zEP0bc_&ET9cxC8#wCeFPz-Ii%^;E6t7jhBwVRaM|e+D6*X8^qE=})KImo8@*UNqpS zG5vUOaEZY=>%C!#a}4r8QyD7B1(H|GsIwD3`yvX$?5Id+&}03&{>Q79)RHFA$Yo7% zIz7OEA{2SEf8aj>=zoGy@=CK+y?0k+!2L60)5Qtw^}rCVO9Eu34=gCm6U_6Z;a+Uigxgoj~gL zDR*}Qg{(T<^I&A%rzbCYm?xB%Ief4iQ3J{r4Y-lFgt;O5ZZQE>sfd~V?l{gc96?Ab zUdg!=$Nzxj{s$Hs_z3@-s2C}uJJTC!tE;a5zntQ6i*P_?(xjNSby{v1sh^}9$=J4k z1;R5}zj&w$omR?c`3h*9k2q({s5|fztokE5H}$7H&Cr=>?@ zm68nrU@laQ+hU?qYR1;u+I9nJc#>0WFHmW&mvrk`d;3tF2X;ESXG=DT(T^&zE(@+s zB=jS(AaKIk6}cjd3Sa^}%THMAeX$I+5@DM=`$^>OZLq^6*^0UPV(h2)NFbDE>1vD;ic5#|PJEf*a_mfd#R^{()6@zP7WE z0X5Yqhp`hZ@0S-RmyZ%>v6f{`jy(PTYvsRGM9>d?LI^W# z0ggb)eLQS7V)M`-pk5XZIdItBPzgQ)ZFKBNreeHwqnIJsi{10s4r=^xq)?Yl*V0Cc z8&}IA?m`bEh1;jF2g6WlW-#0er5DjxFf_O~w2^AxpEv_CA|Bc$rj;Do zOXjr??*BpR{ZQ-=&kwly=WoE&k@Z4IAtP zXsXy(M-Ed^8;n8VSGurrTQ`lo*`t1ikh_6I1- z0F$Iwn#TPOdi?~^JUV-Cx$oz8)TD+y&m=;N)+Gwr$I^*;Bv_ZZEObFiEsHqSpV!L_ z{nl?(W^3>nG#uVfJ|AEo?kt8~uMZo1BtO3VdB9*XM8u`vF~CmOa&vj;`;$_@D6r@; zGpG^;ESYW5#X^I+#jUy4rA7hm0N&n2ypLTV3%8GrHI$B-gl3F?e{3tFuxQ-?@9=S< zeCG%o!b23*2>@5QtG75;d>IrwF7Fw2i6{fW@!UJ8G0~dY7M4%NceC@)76ar@0K{VY zWe8xRa}QGEQxh<`QdGLG1qfB`O`(rv2Sum%%Wpcuieb!e zE^L=st|3%S1EkLB zm{yml(9-_7hGP6u3n1U@!sQmgQUscI%Ax%%fSAS1&c8xj6is&BweaXF^Ye-7Pnx19 zh5yM(64;qQr4!DQe!)9fK$l_`DA;5#Xvt|*xnKj10!RQErizn+mpk_VM zFP(we@*Aer;Qx(v{r6ObjZONQi^7@<6hjTz{Z?goPN zn4W-v06vQ@#_QLwAF!WCv4H%Wub;}TnL#CADWSRuoPoe(S4DA3!1}&gmXf5w^fteU zX@*@`fHt)GKUYmK3R&42FUKiOlszX<5Abz)Yz&$5|9!S$VsQAM78nQKL zp~%h%hN^jBSoG5pde#Awjr(qUbAc?u-AO;x30Z<)dS^J+TBWN)gjH3-{)pANx1dTf zN=&zFKDqWEQVl5;$#DZneP+q@R7QNhZiVPdF#vU90L$bXls|hAAJZBB?wTE{u~qVH z`KaOB*2PDEFsS`U_sXpeNJ|71d>1aoeP~|lZ$i*=dF_u^7RG?U(s=v+y|6rh%6GW3 z=`GPf3(>-M1128#f)~mETsODGJ+z*a<34aAt>4=msJ=Uyb5gJoW%5;aaRL?4TkD24hgm{< zBcx93j;y4C^y~D?j6@y6H0OU-{r{`fp5q2Z@HF%x_9LKRU4;%dBN7yJ5xuco^JPAZht@eKL7kGx0}h-9mD6MF(L9@FdO^*)$3b(F z$tIJ(*U*QOGD|IZMsXG|9Izs3zBQ%Jmc2`9YA#J8j-Mulz56_C4zp-8oil?a{U-l4 zlJ#E@*G~;Vq)Nt=Y;m|YT0qH7;;5!bEs_{*T1XOYPLb$*r3%Y1cWOn|um zIXt5Kd(cO-w`EJ^vAoK&UVB}0khoMRNa6j85bQpB7i~5e1INR>jl#i24 zE*UlUE>1&RpGO+64@5GDWW1oQQ25yrL}Y$)6c)*$r3~m8pUei5*e1v&F+K+yKrDR- zOet^Zl;-Puw?s=p1E=qbUNBR+x84DocE0n*N5CnXOL1g_-05FIg&r64Cg2B@_10o#{8>uSs zsktjv>>zdLHB4n=&rFzg#cR6U2PZj`8-l3=qG5{s(GOHa_4h*jkB8UmN?zmDY|hk~ zkF7YB+5srI%p+9G$Y(U(LadIi6DbU|W0?jx(kz3Z0G_>ofrBfW!@0nAa>m}>2+*X; zt&!~7T8NoOKRsHj)15po=Y#dh)D{?)CE&q)r%E|CHwdJKDsD93lvig8Lat0t1rBNn z7>f^xEERlBx0i-vD5!PRft2{mIW}3DOmr~{On!>+ICd{$i#@sAb#b$hGiW9OOA{=HN!U6A(d}FO2vF@=-cE# zLZ-OM*liKqrjA#w78&%3pj!1f9vR|7)1b2Dld@Xqp^?-im^ALKoJOmp>hgyn(`0_V zZk4M|l!Ve88!jq+mYkm_v!^UX$OLV8`!_s0D+TIfXRKerVtiu*rts|kQ4(an&|u(p z0mIct9}cL`4#Y}FSNVNcq!ZmR^odDO@GM3j(9y?bDyAD6Zb`+>peT~-dM+=2CAcaC z1!J;3*()B&kj?F*X>Y6-%**<9L{W})2-993BQvbxeN@AWlP1V^K|P2 zd(LTeDybKR&#f0GYp_+pJ%#;IVpSyi-Z&y!R&5_7txaNyo`3_pH#b+y(dpi<3GJgX z!RTw0oW@6;9>|4#TA^>JM=IyqZEyXU8|@*T*(%RP>Ggvca`P=Uz18tiFxy6!|mWT&;bM1I7w0%K%X|#KAeS z;TPV(7>vfZZoGRBGnH9p54Zk`l-}Kokot0Optf!%QrLkWVZ?8SWZVWs{Y=-@SC#0^ zCI{a5K^n$`@J;uXJrCtJ`OhQ@$OufVQ&#jsrJ7tl#n*HI zIZk#+x{Q8z;2p1|sco|^^aVCWCGqZZz;3ci>fuSZ8kkUqSwIbUqsds}jVpxIT?_S^ zXxl?>MFF;_*%AKHawc#+;N7cfJYBnx=vL5j2GTra6Q+kp@YD9iTz%#d3kkLgL^SO3 z2+0J|e*7voRl(zxR&3HL+-1T=pmvdkZC?MQMTo7}!f>bgVWcdJbP*y!b~BmVXD6d7 zQ$07bwm16RU*!V{y0@WVs``cRA0b#q^4Lq(tviL)Y@nQdb&?fLx(yrnbHLZSU#0aMYW=E*)lg{&qMuYhYsUWz)lUj?gwbPI7wmxkVhyu4Z9PI6^30E(DKOg zC9RY!K?GomUi!HyY`Ctbv8oN_#t0&G6m=|vmnMQeylv0c;YONI3FLtJ3>AW025Y{R z-@R@y|7hjnm5J{<&4CJl1z-=t83Lxfec5LgQzICpuJ4ieCy}ZHL80B2532D*5_ow= zc$Y}?`-f0+{VE$o4lN^7{S7=umv`ZAXpDOp&G_3w4}~e=nN{u2`u&KoP*f!PLzH=%uLj z3G<%c%J%Do9zg{Bm_TLO>^rbu(29D9pKF%O>Z{>V>%;;7v+9=T$pa#aOMUK}z!lnj zbP3h(F4AONjkzf&n;kiG05{5lTUh2Bx6D2IaHYEL`E?Xqdqc9oH#Ff?14b9lcm|?z z%(j1JmiFi<9s(~u=e-r)x{Z>6GigNoy%0hhA^S-eGht{#;Cd`zWKL~^N%(>g(J`mm zQoQ2y8kB&nuT6GO`Zt8ATzx9i#F_p{&33em+ce6X^p!JSi^63neJP^0s`krmtV3;@s*;3|h>FQYAXoUu*{4tf>-}M=kOm zbf~+nGm!+SGvkBR@=?*uEocBFsu1ZDUkTbd3J)7Jpkv(Er-ealJj29C%qt9u4g3nIHEYX4N33u=0+>!7e%hoA_ z&9h(WUkSIZm&O69lttn-Bb_c7o`$Q9L)9IT8-7yPSMN<*4EJG;k7((Dts4tJ`8^QZk4I0NQ{tK%xznChV*&378`hZ)JYw-c(7$dAURq48{o zi8r2wL4<4tjhxyS&siOcuza1&ZaS{W<5vP@Vp@gzEO}n-J>wRjge24!M+2uOh39qFKfKaRfozbAtjb4; zlwNcJUy;A7Q*A~VT0(y_A~|6jOy=^mirCdyR3gj$>q?ZQF5Xm0G2tu5Nnk_8C$cJhJl{(8>Z?te5u-)>6Rt~~Vm!_pyLQnIpz&Ym zg!&8lZPetMM*@OVF_0l3b|ryv0`J?t+R@~xX?LZc3X2N2UZm=L^eunF8h_ZW-u+d= zM#2&+;6O@qLjX|^lofkTj{4K`a$DO^m4c+_&Rs#|x0ld$zT@57Z&jf0T~MSY--^lC(f zRMucx$)=9pYhI;l93d@nfkObh1=!1c0d>m)gyql@jnk8VfA!^{hJB)76C!C7u#LI_ zEjy8OW7xEVNTP@^Mz7M!;=p#O5%}lbu#&LscWpZTKzMF?K+U&TkUG!27{2skv$)j_ zaA4La>)?>Om=fj6)8k$0?gZ;1p6AuFK|S^ika>s#TFCyKFVWklA{F&tas$P>1G;tp zzo3V{%L9C~e+nTZrDx&5`R8RJ7*f018&{o^iG-5K9{cc%BTr@qfh=RP55A*(kX@B8 zA=OAI=(e^x(bKbwCa|q6sLI!4pv&hrm=eCdfuVxdDsSgs99iYJNZ5c}c*$Q6tR@mx z+k{2b*as8O3P_&XbaqrB*_jm$3&!uW!436B!*@sCXqhLLr8pvK*FF(C0#_*0(gLzO zkBo8m-DC&({rjHRq#qiv)aeEFr$37baY{HBZ&{wgd7jk?iDT`Ibbw;2+w9DH#qKC@lw7h(N-4|=9AG~1qXW$6vMDY_^XYV>+yL>;cnVnTNM;3nNAU3Sq}; z&0q?gFqM##QK2|4wGLQCsmUUHnL(yA^EsMW3n`%#9))4b4vux}0FnKin*ec1lQQyI zWM)lGoK(727-Y3nnb<&QHB@LI+Dj49DcSCxI&Wgz3*~{vn@p2z*ifE}?Um6Ipg(m` zi-heibYt>KP6~8?ZA z9lCjKKelvWq2_FxuBVhbd8S?Y7o&Kpb6xJv{Ted-NSWqjQG`@=-Q<-G>u%6V055C~ z82?#`dB|kIqR65Yeo1!7IO$_IXuGSeE>#P`e1X6|M)TX%} zVABw_dP$}cLM*Y+8|>|UYDv3diu?4IZ(9;#*12e&2h`7}zXF7?84GBwKhy_Av51Fc zCmHY4i})^l0tAQVLjD4@I25=*F5edVbJKX4HBeySjQZ5*5t1DHR{Fu!{6qV^n)My# z5W}HG)_(}pUb~+cV*Iw!n}{lu(s%uxwHquC6S$G>J}PqX?=wI_f5l`8;BY3_=vfJx zlBkBg%Vg4e{3zsJ}vT1?CxkXtKIMC8~NLByx zmO`l5uCNMjfD(+G`eOguI5e8GR={uai8tqQ(YCy9Nn=L(U%U*YTySVRQXI5+DerU;`EgyKPvD0R&_Uszo zx?_p?Gla7GUtA3DMZSb5>w!)+b8KJK2j4JTTeG#=*Jd!T zknd!zoiKJTR;(*C2TrYS#cnA3{s}4`1$Op7VWjU%ZC)Pn_2O{zb;gb8~+&Ue>>y82sbu z`KbuT2A&cs8-Ggk`@jFhb9Zn7-O7De{?%jm|M*$p);S|nU;l)013$+qT+D>OUUv=9(w75mKi&0o6ys zVH0vSnx!<4+e9~&n7WB{%X4t_-tdY^<#U3^Ib|omn5@pz09g3#9Vd zuUPvT{hRw)_}4RTN*=FXg?W%xcTC1ecT~NHF~4UNc<5jPP^A}kqSUjZC{r=~EkIuTXjGzPW8KXJ1ryu2RWJJlGGLI`CH{7v3< zhrwZ$FiV^#K;en(>t>XiP z!`e2}$B4GI7YUw_{waqxkgTMk@7QRL7IGRydSrgCZolyvI3tbrB&xBh=oqFBi@Cr! z)`WL9PRJy0^d}0IY*@aFGT&@uO|e1oGO~di^=RJoJh|LXH%BM#`h2mQfJ&b{ZnpJ3 zUEBq=p;6B=#g>eRIX77xwfz(KJgx>W?GA|Xyf-C3n+3Up-(ordb&2)#Vpb5jVSHk~ zw4dAQy_c1JPpt33Iv3ld4d^526yrA|CFZnw^X9kUMgfx!*Tbn4ASGqmC$a3IA9rK3Gt;4oNmLRcm@oJK>Mini22bhe2QQUwR!aqZ zL4=NdyrwWM;y$Opf)Fvcezt*qloxp2fMw!5$EKM3O@!35=og$+jqb4ddFVBZ zMZsHbKnGSRwpn~ZT0Wq+->U#cy?Wmk7V>oX-ur_4uNiyDTGoR37CC}nkx6ihdaQ1I zjN`@e+O_q<%5Kqfvv$;rKd!HQsIzK}RFY#gzFPSk&-Nd0Y6gDbo-S5gJFWVCwr5Ei zOhjcwIB={_OX=AdYOZE?sguC$>%DH6R!r$AYi)*IRl-UYV>z4LPns=jOQ zP0_wa?pPeLkQX%?*u0XV%R}o)To)IdkD_c<{_OBdd^Fi`_t6aI%V3kXHCud9!-4L0 z-zcW7UW8vZrsvjtJl$R*{+%noH3l=_rx{E)p*&fOwGX+%wvR$jlJ>(n5(X#pEq}^0 zie5Uw9bEOips)mHOu;~L_#@`}Z)ECAwe8g%tZa(7Fk$s##QjUa3XICO(eN(Jzs&F^ zx4Npn>#!^}Wq+u3R9oB`PIsY!Z5Y0@HL4lfI{10Vs`n;jIKVo)Q$@J@Ey(*{q51RSKYxWWAc>X0Ond9^uBNzgw zXS#dft%_X?XQd92u0L|mmA&GYzkyBN$i%034%W>v=hQ&H$m`Cgdsl23<$-jq#~>9x zOTXH4#)`}TTr4vMM-{Z&cY3`S{k${LT_0VTiP;kdW0EXH<(u&?_PN@P4S5a10Ribj zf`BcX5M(;zadRr(t^V(?!Hn(JuelxbCt_WU9;r`xc2#qUBNLj~LeL0$LBfb|EKVG-Pnc2Q zi1#ta2U&|HCyVh`)%V-ikb!vJJ)!98@~hi}iYduFyGIW0CmiZu>NtEa;{99JfBqjy z^3=3RqECBo@dwN=#Th0%*+ZYCX5At)&paZRtt_ z8S}C8R1@jkc?c#ow(k;4`}8M-sFl}u8;^n1N30O8PSw~}P5IzD zXk9|4Yn(;0xYFdV-!ZPhI~{uYHhxR>7fbT(uAeE)XQw_LJB0pdKZe0Lb5=cAKCHn? znY=NP4^PT1;Z)pv?CP&HPAZ-4Pg!@g>ARu;yqbf39oHAfQP{<{v((UCqLeWB+bi7T z;wJt`_F_@fY3!n?wFk)p!wzrKIyhsGf47o4Md`QrgM9E0E;Npt!0*8X06{hmtG(O} z>I;!>EsJpml(Q@_h6lpnaOU(s+}ARfm<7S1VYNw&4nx#Zo?Bn4cf-Z-*Tkycp2&Nw zPq6VBebJfr?(Kh#!W$Fx6n;6F+BjTli-nYU3=aOF56Mb-O82R}71j0*-w9Iz&k+|u zOA_C<7`RhQ{TnP+-Yvxkn_5P0G1c20wCO*VM;@QNKiUoDBzm4*$r$LojXBtCdl_Gd zZ|yfvbC~=|z40r9agAc^_(^HL5gRKp^YcOo+AkS;kbXK)oy)piz&m=e$rbs@WmoL| zF$&Dty6*Q<%&_@hLtgH|r8M}o4@#Y-HHHZ<_tR>`!(Uf(;Ywfd_29l?V#$-4;F+Twum5t%5NXLVYP(aP~AUPOj@a>*S$Oj@IIoUFDkTjOY^iEThq zzNi^GMIaImJioayYFp9QGThAVzd=G}ApCAut?JggJtLh1f1{3hz(alHN6R5X>BOsU z`IKV~wT7VPTl&H zhw_u*XK>ueI-Z1oa@H?-G!NOoEGbIqJ zyC-~4u%om-nw9QMI~;-#H(YznWBsK1YsXvH$72*QS7EEi=k+YpvoOjsqj*|Z zS`ML<)gfi|AHP4jkp*wu$c)syCG3^|b!9Z~qnip8jHQ&6puBn~N&L384-Ahl`t^#& zavCVlG6i4_Jc2V74XX-2inY+U0v{5!Ff_9RC$V!aaGM#2@t^^%L3-poB>YxS2<{qT9LAR*So>wb?modilpj{NsXt0< zsgXTPIr(*bN~=WvRFP3trDvtu$1hijwuq{9%9g*)kl^n)8wz;U?j{r})E*|-jzlq6PnlJVf zsVR+SbWp#-I#0{Vx;1PB%KoceN3hm14{>k+gGg@nS6|67#wib!A5ZU?>h>WO2WOMh zTTikTxST#aQ98T2l5WgcrVHz~S)%5}jjj1Q5c$>mA>syuf4TSyJz=z%+dBEH7Mgw^ zx&^Oq*GgbU??YnM54ViFZI$dVbWCYazpyu|2UQ+GESKD7dF5-UYdv$M%Pn9y*BIh&d z<~$Ddj}G{TwUF+ z;e6Q*KN;-;YJ#sXcHHzOx}KdBX9O{H7stMWH@A8=#LexD7m2o$nyn}@seAXKL6XUh z-$Bu_c~4(g!sLrpAgI$o%(Li-S7fm_gNP1pO;onuRJuQGKbyUvFg`FSX*#31Jke{v z6TNy7(I2TnrA7czB3K6;Hq4T@bY`aDVvV?Gw* z^KOQ~c1v-%-c)W!K}2}Y%bM&N4#_)@*FFduKn>dIQ~S;;_pLYnHai)Ip^{kL@N%hx zbe$$*`Uw@+l`);!6Ikg{-Yo^{!T>ov?jPy}*72gKYKVp^GWEpINSV^}ho9VjS?j1u z?up(u(<>A=CAU@C%IPn-kw1Mo&FRp0)YI>2%$w4x8pa7ZPl0no7nqpio`OR{X6h5~d&-3OdHc@+b&u20& zUp4o~PBz+QFxY3otW@%ZP}?uGtqp&B`=k7cA^$(NTg0tx8yB02;b^Io(34NcG+@^J zO~_QUnXCMzYMd0M1+Qwp*U6-%(I-k3@!X$Jj1YHR1evydBMg6R{1hz5;|*ks_3qfC zSS~qWt&l2#ts3@5kxC_)a@wb8pKrh+Sw(aayfapwBlgFa?{jGdL(lf&@t@D$VJyZV z917G;Dl4LzGlWE)+?n~OA8!Y@?11=n5eb?D8d3U!sd6`UzIhqqg!D2ycBK=m2 zzZQWz``%}_!;qL3Nb%90aIV=0(3SN$qZjc>l12AviP+-jSP5lPk0CpriWN7Q5*$-G zeSUvs4_C1G9TXV6CWy|RtQ-DKJAesreyDQoW~QY7GUA17qBx^)#0O#pc8%> zN+;aHd-@4id_6t?VL!!KIthaDG=2G4^;ThGe_q zR^v2-G`}Lu;Kw73+=<(9+ji>a8&a}q8e#jwH5tEt@q7IbudPLAt7@jY*bk%%LBm`j zu&A%ozfJ=zFYWem3Zs0>lyxXu7}J5%A4-cajBD&F6;9&VkOOKDOREsPU{>peZ6JHP zC}$hoAa!PENct!ucfC^;>uD|5mhH>3{P86D;VuizgXU_>5lQ0Jx=8A+mOD{055H8| z>?gcAzKm_PjSoVB_6=9~PSyLTYPJ3rKx3xB+ToK??Th510rZ7G{=`~Parc->aL-hNN9x;;tE_IOzKJw!(NT) z2rpbYZf&bsDut$NeOSdA#(U>tUGMzztAD2ZV)#_o;*ZZV;Cv9m)c0nW!HC_iW)1qUq|w?tWGVWHS!7+2{r~Dl0S-m9y4-LpgmRy z^N*m8i|Y(ko2NVA3y~jEk=o6-=^f8EkXrG1Q$6o9lx6P&$7t~Di!;cZVD#j6sIaD9 zM(O?YR%j1x2R7Y|;$X?>quW%@H_Gom4hcncd%T=tcFEM8-uG^4>$W)9U zR8l)*p-lN{<+0{uelJ;hksW!VKK5E|RsHb-pIKuM-goc5)3*=95MvZ9s%2;it|{+j z(C>;Q`SjSP_uFCN$M&&Y$;(GpwIN61A5Jq!nP8$wTd$EhIhW9iehPbo6=wV4g9^Xy zGb_ds`{3)d!Am!v^uKw|XnLdhYOQi|U2fa=iw5aO=`vT4-2KsyWqxFOm9eCGmY9r0 zTT=>3i@HrI30hrcRw$%}e0oHogA39z_(qUx>0>%>2-t_RU+=xo@EXOtWKsW}^R4vc z@!E8fX7&XRR*L~|S(4kYEB9iw48J#MBony2A?ay^7>Md&olM+6^lK6*YHgsCk|gdl*J4fS;H3fpo2C;I$~C zz>|$1B$iOUU~a;c_Mzi7^OZQyA^5;-HxO)}AkR z<@OeGs~>(>tGM=s#{-Wz1($K-YpWv-9|f;3gu$0W`YdaHawbL@r&9Bqm86w5pB$1{KirZ=>%QwSR6?m?zxOl$~~b=_W$Vvf`bEVI88_Gt4ha3i+QSsgAdx(D{hN~J^kKpHj1PD zUip@@4rQ_S`FsS0f2SLO9fE*iDq{a2gzi?+`6= zN4LE?NH6fIFK7CtA^Bvx*eGH#xx@I#G@`0_MvmA@Qa3a5hp^D|_qU@5bL6%+;I>=e zCd&QY`YggQ+ay?8g)(;)k5?4Q?D+WK3+<_=$9cIg~Qi$D2PPyD*b#LO3!cT$AC;&6mI>nf7cgE z+p}rg=!^Z~a4bT#P@AKl~;TxG91qz0ZyFR{03MA*U2P{I-C3`V;)X zm=i@uSL9X1T^#N7jWhIsct0xcX7c1+=(f&sS2Zk?SbPNUmpV2AlRv-gd}$ zqF~E9+Vai2+S}_EA&J}bhLoKVbXunP*9IyJa0jbwJMwviUqI5aG9BhD)4hpkpK4@c zeY2f-GeAK>v2Z3&S!+UPsz!hNZ1uCbc6XRRJZF~4^Y}q>53B6m z#rr2mvCD&0vy!n4P`}2X-oz|X-)BeO2EIWoq)KV(rk1_EXi*hxL7eh>=)%a+XUdCL zck7*-8q!{|85wL8g-up-Xr8LXpOTozYISz@^2WNFs7Mn(PP>~=U?H;KoYAH<7owz-)P+b>K3Xq;=*&$H6ILT-GG zlNe_5#<$V8lPSIi_S!V7TqM_|C&TGt5ZlTuECvtzknVCkGf~~^qY3N5d*6n9&0*zl z{9?Xpg)IcXF1Rmul0DhdBwN%J81$;KiO)y(&8h?O*!S?CHkU3FdOv1M7?w$r@^F81 zC{4`ynx$9>8UE;7F!1MH){DY#b~~+~)SP~qqWaOe2>ZSDSHO6nu0qUgwYtGcYKA4+CI6)~i&jVxDP@hS5c$I>=%eD#Gr_x1^ z+|MN6^vj>X_N!(h1xhZ}Lw$b)-TJ>8d&{sY+im?@T1t?R4y8dtK#)$QCN14v0@6$x z5lI2*?hfhhZjf#!HR-NN^WHpb?X~w_|Gl4g`@sV|M6dgvSBz_n^ZbpRLmj@segx)X zNM97tizi5eQLS=Ueb1CJMflzOt9?XLakwMAp;@&OMG4Pdt^v5xgv!l)Ti-ClM>w%! z5jOhaToAD>=Ch3bm1`iVREN0TCxb(C_9c{oY&vW_EKu#5lju7iu!9~h)wT|BT%mvL z8?uNhsR;4#eS;qRx@?W~8ysy(^k;&#a|+s~ZC>mF-pTi~xP;%_GIz6Lrczfl;db#b zS)F7x-B`0ql#|uBtrTY0j=F-p&uOY#8?Jwr+sw*+3MVE{XA^A>_4G67hW{2MYJ+sU zXW7n;7Zpo6i-6}u)pD!Am1SMwaZUFwhNlVZ(l-0Wgv{I@uMcG9^ZRpK4H~tZeMgN2 z!eSK9?%r(&R$Y*=(d(~4BWYx&DkUHDUy6MM#Qkqu+jzZOJTle$sU5Ohg+L!2{z@XM zBCdPD`<)=Kb7)eA2`58;I)@jAe+A&+pz3*|n0BVAW=`!@9t@$zXya+9@kQ z_H2_|UgU%qn15Q3WjdWiv_4=PdU^DgI&QzyqW*qb3t|5JrU48(@WT2qocOMLJ`8O$ z@SO;R^Y*6~CT)kgi2G|GC2y&Puf5O&mJxxwW$*0apn|1j%Fr(sKr^$1mYOxdg z%#?6fsJO3FKdZpFM_A1Z#h*!4H68bPJ4jBszxbv8qmg4M<@RC#yHNJh-nwBy)i}Gw z-S#t@%9gNu1tzt^e6Nn97<+u;Y{^w)T!?y(K`l^yR6zQtr}0*0<4dB3p0 z+bK0Ye8;6lHH(?UY+e;U&04Q!LHsDXFo#gSU3CWt^Bx=+K1#z)1!e6;2-;SPOX`j| zW(O7t@1KSrM6;S}7rM6^-WP}0-*WONPCkL%_sf6W$*+HxA&CH1iD{+1*^l#S~3?{ z%jLdo&*wy~bB|limA%>dYRFi`wyMJPLN>4LYv$lVVzn==hkMf>*(p28#scH%Q9YNX z>S?sspm|Oj)m+^@0ge|Zyh6@*b@N+oyjR@VohjE$rm>=tPZeRyF zrzDW~mBmk`g0CI-VmU!1xj6ckU7c3p^Tn$acMr!n8GKtHA zI}B8;3s7V<x)2GZ2g5syrG6fF|}FX;nL-T_3StSO^Un)mP+{q*;w7Qgw2u z%VKIUs8N`=>n6?f+kopk;Fwe?H{X^tyL;CReTrp?Sp-jbb=iLp(q>j?W_P|5_x-xY zyotg7-AVKXaksJ(Q;KBN3_GqoOD=>^xIdaF$_W(#Y@x^|vn&Pb_ABT^^0uDFlrG^1 z+c>&uCp1qWY*<CMvTQyrmp?`)-vewp7Wxn zH@m+@AyX}4?ntblp!>_vdLlWV1ex`3$LT}6?`woi#>riu6A5CYz9!Q)uJ9B)&Q#1P zaOO?BAJjaEf;pI#wmDbK<=_@Xl(@*}fjl|+ zsw2+JrKxXlh7(F5En(}xz52Co0*~yJi5zY}sMafG@7`+c$AE2>7U(epk6Y~~9@aGd z-U8Yjnj`m)=gNuPMo1|>?|b^sFaf=#z#Tm?i*|&~ua9?U`AHHwjSQdJfR1_B5i=DA zHzq=Q*R94-+l+5gekIP_SD#)*#xhdo6Bu~*l(c2@gGj`x3_(I9OvQy~)_T~fZm-fi@ol6PC9I3XpWvvYmdvh*{xdal4{5-Qy{#?bEn6<^=z^v2d-=Q zi2bly=hv(G!})5N#3}MDJjwXiGuak0C!2d` zB`PeN!kCxUfHbGhi+?4bWUVeR#-8mAN6zb(8QgQ``C4^kduv$0w0tx|UkgHD@x-XkFLdb_?;QzzvCO%0YhphfqvR_9z93TNfE}()5b{Ynhw;C|bad z!Cl70^N*kEE3kra>~pzzqsyP026;2celxOV+Rt&8JmqscH~-_K{?<$44AeA1#KPhg zo$&QR!u@EaUCgpnYNOx9{?A6=D%Bcy!Bshy(x*LJ>3Xaj`cGH+910Zir?*D|C26h@ z^jA{4t5!=N+yU!xF>gC%ZIZ9deti)QP$EwIY7@$P%m!9i>uPse(8)Zt-*{|cWl%Z;uQ7qgZ ziu!uiR(J5AHo%)aiuJe|gT^cRUct-VTB57b<41693;6+`=dr@+t!ppY;brfnLHAi8 ze^2A{pvgnDixF^%)e!9Md&r=|4nmTG6WZZ5GZ^}cK4YUohPB#;$FsCJsRvcnj9L9W zk)0^CK{P3;$9QC|JGjtVOaJ#&$af`OFf+;On(^Ul?IN2BeDqt68?E5Ig&I$i^nHZR zDXVET`Wm3g2-D@!0;`uqqpUp|T{-)O=8=Dhauw_k3mKn{=xlGg@sA5E?lm=cw&^3e z+q`*oT#B(gDaoOS!-f7tTL{1>4Bw*H5w@&zeE2dJmH!jrx>=Q3B{&fAPjax+L!a{c@`&>jBz*E7^? z1Nhm>gNngJ6^_|7?~FY5X0&eXAT-6de&77aefx7Pu!NlvR zyuEBff?gfQ@7zcDtya+Z%jF3l(x2^(*JsU}O(u2NKkGFGbdRd_ zE@rM1GMS3>tCZz3$L$ZC`XSiBGj5K=3_7$VJ#^b2a?;z}_<7z{=_?Qhn>wg?{boa0 za2?TpnRP!V(FzpAN4?JHpYC#1y&RKA=8&B%Z<+)&e{XJW3e8n)#wJ%CNUL`%)G6C} z#%V^!tp2_He>+xee(N81%70m4^FI9Y&hmWL$J2$|W|8`s+h7gPB+|Wa1@5(4RWC7C zsR@;KU4!Q{Zkq-2+w3}3vwC^@5^~sNsz2DB>c%Kkt=X=u#6^#jnogHCv4d4gXY4nA z$Wn8AMTaE5kHi~(j=nP$)mT0EWy6~DRb!LANTZf~&BNNh;P7^(Mdc%n44#@gqgpX# z?r=O!NvP**{gmxEJ+Ero>RpxHUsvGzwCNiG-SM@V%04>gU-L*AJx1qe8DZrur5SgX zdN8HdEKiMA8|!yA9n^y!T$iE&YhO4j>kVjvC|1S)jSh^xMfWyI=0B(1)cWP%` zXn>h7XR%g2Nd+jrcgxNCs3Q!Xr~lH*`t;r^T%O*rI`f*nURr&yk}U0&OMnKd-RTBH z0cC^m0a9Tas#DXXdVv9?bn;<{we`+WX8;Vg_h6%k&%r}ZQ7zHP!W$kGy8c|xtjycr zwI5^e1INSz2->Js2Z$yWIM<&S9Dn6;I^Pp2R_!6@lCQQdQI$1Pp;m3&4dYsyt9HkN z!{wcIpZ^I;uITVLEN-=t29*&Cze6{% zr=P2LFw56!(e7=L`i1C+oB_&Rol9wS*3#XGh2j{#kltTT;oR2esYscv?fz4%oVkBH z78WRRJ&AEAn8>6!EW*;-iMo}hoX{y)rRgkAf3``De2)>PyO&sXuA8_sAh~sw`&8@D zhX{jOw3!#qfkui6n$S?kH9oCMXU~)Aq>wHF7`1KQN{sJJ#Y+~C?47){NZPNUBzDEa zk7@iOgC2)Nt@ahMlgsNZ_1v}rVJY3cX&$-BqNpg{@U)4B7x-%_Vl{bbt`*HW=j``g z;J2XreAxa;;03I2RSe2FD`Dixzs_ie8Kq|J|ai)qMRN(AvYDty!Z7~Fz4rup|V6o&F z>pf>Gey4#O)uA@%#e;a1w49p}z4#j~*p$9^Y(&p$e{?_2|J_WG^XeZf9+#Kmg?v&4 zElzKbinKoH?!hc8Y`$j_!Jo~QYzWQ~a*xM0?@nH}9&K@1m)FS@@c*Q-851;W@hd;K zRn8pVslKzICFDb+%Y_DguUv@BG1fIYb#)^sg)&T^-;Qkt;nh%B$jEyhNb_9j1XN~~_SS8^2F9p>qOBE&>JPeZ~eQ zzJVDew<;iUINg9|f;X`QLCdV>Bl|=H=NSUOb4hNST^}wvQf$_CBogd!<*2zgy&z<% zUef$$j*aOO`ZhdSQX|Q6T2dX);`E$+FY%bRt2AaPpu%-&2rImy3KIJad9tZMOK{v3VFLfFYYVtI}uW}vl zodU|`xd-r(>5~ytgmey*4+9#VQw>J2kD8*uJn=wlFQ#NYx7HE`n{yYO*bn+Y5$*Sw z`)RvnIp*cOzP!K0QJ;ixD}9|24M+lvfN-2W}f1hAme&b6e#E#oGFFftsP3#x4B^7YpBz=r4D&NF6lAa zs%a{QIxG27Xa@@@bfHn8ZLp3Uj)sbOdr8g+_yhUcyWx_ssfKGQ1 z%qRg-Ic8X@4cqi|ih3rr>jGlw(d|#F{Zc(-)(YqeRgc;BQd6mO&Nx%QG}SPzEp47> z-C20ej-w4|-(LB(*oFn{I$r;p$u+6|YDAWssnyHSOa@#V)F<}LlIT8@-hs5-wygrz z+V&o>1D9jdg;vK2a43B-KCO@#sh%KwjN%LNM}JkN6g;<@v9Zw~WqG8}Df(wSnEJ}6 zz3Dxo-?7`u-~%bLD8yZ;z8uRxlmSaHzDoWrFUnwSbDoU><-=wZnAvQelpuQeXfUBr z6OBMlE~(|!-pTe@7QDMI9|K<5Zn0iks%0tmRk$w}oy%oe`5TLi-RfO?Kqi(INyI(O zx$45-UFt~Ac{%S)qSrbQx^OI7uXO^An=a|WBvIem>?dG~MDZBfV{o$JPFt6#TPal| z)t|Ea0A0)wYc06ZPctZduSDwT`OHOTS(;sK^L*%>sPd!VC)p`!e9+pl*tt7$YvOy) zq4KDJ_5s%*-2=GCH1i3$10Gu}tJy$B!|pj>zT4);L+ND)Tz7~_J(0A2A@&95W%bP3 zjC;v_=ez1XR)loZbYr#RWS)lOIs+HlVOh_9#DN+$~ED95Nvd3Eh&{iCfk z`h3QfgXY+avm7yGSZ(HaUsj=RtGVX{aVQux({Xw~maWL0kXmf7CY%I||Cn2xs#8hO za4dg3r%I;&D; z`yI;bc74=G@i0@XJ6Iog-nFigXRFk7JFUB{#)pu{f2rBJ$F?iQM1bvq@~3vvw9@Kx zY2jN<3zwZ$!XtiJDdd0DyKYn-IDsyJx1wptq$lLfw+|@O)eG4w5`h$8Yn!F-%#X>4 zoT;KKjj{GVznlxYfae|Ewwl+DkU2vELA23 zGdrOIZoq~+B3@ME=kW31#Vj*DCg#oJjoYJ9GX}}HmS&Lt``%kzEbqI#YSn*zA=sBMhCwC0DYvS~X<`p$? z?x%^%cMy8$)VF*1_OToAEIE=k`PXZDw7m`rLRIxR=8JyvI=pf(j&)EH1toJ%X+mEP zPzaT}OXcy1;Yv%>GiBim4S=c)=9lPbsnz4W?l08#wA1vR?uRr=x6>G$CrwD&yNtxk_uOhv(?nKZT)3O~u-bpDi`tY0p?_EsxCE_1@ly(sILVX>O_qEaiwP#Q=Q zaQC{j9)0WZIIl-~86S{o4s?*Z+`hVOw9EQ2&?Uq#PFL#ovw@Kx^d{kcK-;8{?8uG2 zeMP4vacauCIQRz<>+Q3*HY{!jn2LAp?2NXbn)#G#4@H}ha6#-ZKp6t z*!T9LfLBm~(;|nf1q;x}d{JnjdSN|Ji`9U_|JM6T@seulNlJb~pXU6+>!FAI?EUC; zOdrsX%}rAnY=t&2tJBb&4hqcl_`z{tBe+#PlmJDE(oCM$@w~yTD(;LoSYQ0df)W^E zxaPB}*S=J(mZoFFw3>(fP%k6wWYaT)F zfVo#P@6Sip0})mT87N{5+5{ft5`pkjLy{$302#WbcvCbLK+>V}ibfZQTaYlor!@wO zs?3#h7rT=$EDA(_*&f~|BSq62b%t2{*w}^%0n$Z~GlCXV4MHZ3CRZPl zS|Jty;bu>4$({nG?7?M)^7l}BdJYY9Go*T2u^urAiw_vFUNoXML@o+x5Bi9Rm7Ho7 zeNuu*Lu6QcT{kVH*^lRc2f8Fpl%D1#WKwK#@;Dtw7!2@IEz;1^=35JWeQ}aF13p`h z-uQJ#;ly2Iz=jm!#b&y~`J!N{zQC+%;cKttegD_dhI(KX)}waz|BT}bzhqU?*?w=W zdovFdXLcP=udsUo40{m5EmnR)65CWJ(q>Uvc-X6< z=p;dtZ~5oum`)aLZLbZR7bU8)wSOkZ$EOpERc602Uhk3J6};qR2Kuq`hM!aL+Onlo z>yPb8?*Ofa1nL9S@vFm64eD_aD{u61K!c$LxJaf&N#E|L&dG-w;EYF7e`sZAWG>p` z-x3Dc8{H5Mg8gos{5NL{t2y%)Gg9cO@!{iS96E(O9%#d=HYduE9M4H(lex-;zTcR*|b)Ymz?P zD4H&Q#~qQCvat8ecv~4^Y9CQ#mvv*A!-`Cuv6Aw3I6LnLH7%`ryWv{zwDm$)ip%2b zbyacW(bT1eEhypuD88Yy5wV*P*@>b=NeT~$++JL!{PJtHieV5U`*fR^I+^z}T)lwX zYkx4)y79#TbJ%mNA_~AE7nRudBxhyzPW`ep&faUL6ME96J^UnYEO&>IEAF;ON*7cZ zbke?Wr;QDIX_MtQ(mpA*{&9-fX>tX5wu3rT2l;%jg!W>#blqi?e6+}oFzSOoFU|$h zQ1cR%8XLKwhdKk$LR?ZtxxPXsBo3x|yXpuUzCphj&PFv7KWM;Infw$^R5}!C6oKom zX#g4THc%bm%jxx!9i{Je0tJdDlxXF}xY zdjBd9DfjY__Z}`as2?yDM-=E5rRFQuXZE=qH5)Em9vIf&dF}byVHBs6J5lKllFnnt zw|zSezQmr_d0!~RcnA=PVl(b54zJW1T06VDWu8uBle)Uz+f*KdXGdhw*XG`|)EniO z3_sOKk5eQ_c4RGZNG>Fwtg1#oNq__#rPa*uDBNmft@b2@z3GqPbh-nd>e9>8PXDwc zOm1M*iQT@8;t3uI;+j2srG*7_4A96Sfhl6`m0r6|-3? zjOg^y@7|#^S@eb_>6eRW$%Vw(XWt*Yoo8upf0+CQC4~?;D1|K823;aZwAMuf7cfu) zSLg1L=t~>!ppp`Torez{qh{)s?Y6asiGKpBv%DX83U2samcV%)txHKWSOlqY_T(dw z=!UJ$B)q@MN%)~}pyhElOGAFiJPw8aXyz0dSV)TKq$6^hoJ+X@XHT0=9t5ZWFI&sC z4y2hD&O<9&ecbZ&eeWt{&l=lY({vpXT#R&IBwroAFMU^oHfTxM3)&@^R9TOo9mjyo z`G+h=7*(Y0(esioO>%@`&9l$~3r8*aCTdz13wX)O#qDkuXWML4Q~qDKX#U&o1B3uv zr@rNszMS&Uf=49b9gJ8piLkSWx&a&r0JB#>vTn-hyaWHjJ!4;H7 zxPiSy!6H+-&C7U)YdN(H_!LDCX#$8QHz^ej>bWa)$Qkd`mBM!RXo3lzZZS`-Kx5X9 zihd9hTPXDLNof$N#UDB_v8{(7)6VL%!FlKUfK3WMw-xqAW0&rHd4nQQPK;!jyOl># zQy<)-XVRmh|C&_fB*+&h-m_Exa4@U4Kxl&J(x&GkI+}QjygGU@kO0prf?GG~XyF<6 z6;|}oTUBWTeRPD{CwssfFlbcTet}CqU&MCrTL>;jA8db2=lnoOvi^tR+-DXmR$^{T z%0HBsGEWw~C%;9kJ;71beTv&||Fo3F1(QOO&}^;k!=i@a#-PzRP=Hwbl?ROFjXNO| z29Le5+J!CPcU7tH+O@so>96X?oovf&*}7<+ewYm}(DBBv6KW;o&u`tHZVm`0Mvgc( zLwl>QPy2fU&21uOf+rdqz})>}`Vpl{+KJUDG*zhjlFcm4g*|!O9t)bKDx7%uu1wHo zs4xA93AuNuU;pY=B1G)U*NkMcC~F{gC$C{kY|cgbFQsyk$GpbXwU#V-0>AELzKY&d zRN1+YP~!@Tpvm|LIP_;WU4TkC(rDxOb*AQUgC!2){42RAO@+}t+iC$_-Cg1<{3F;n zIVAedb0>#qG8;~y00m+Cib-cz#Mk*tQ;yC8mvly`EyujN&git~<=2INDSagC>6iO9 zhSvwxU%sOQ#UbyQR}#lR#rbaWc~Eh^oqY|nTt>5b^&opEqG~z%J+>)yK$82a$FzmA za{Uqyhz<&1`Z0)1iPie(->ax~=lyi&wevfHA}|AUEq~sC?}Uq*L&rw@8PUx@M}NbL)ybuID66obw}*)&aJKO51}A-~!sKyX(S%UN+h| zC($Oj9q8>A{j@mG{uK$JK-r5i3_MUnUeThAauZ}pU=qxx_TmYhx^v5#mU6l1^pRBYgb!V2h>3p{Ywm38QUVIX4Y*v>Z zIEAX^MfFyRtlU+-!~~)NNlF2nHb&xoJq-Up-|e!xXUC|%@ow1*)XL?$O8O`z@xa*}WwlIeLuH zfhpdkW#gwmJep;rFazwS1N^4cF$;P}&nuq5PUn)kPsYGeI>djTC|Ar*#N&~#30JgE zdN5{{@a~L-SeG}Iuqsi|B-4DXxWFV)4I(Bun#94O|COeaS-!(=#%=-%y4~9hEF);) zrQ08<`)ZJ6uzh?n))WBun!ZWFHl8-DDoNDdiGwzme}<#a>(ZBjd!OA*Iu+4R#6-El@i03&61ZY)n#A<_A)n)?@CsV%aLXdD8s>uf zFOs2s&fmh)V~2Vg^Ga6(@d>j&HBr~tXwt=cmw}pKBRJ(I6WnVm1wJiXhm9M{gT2gK zTS3N;=N~cZnrrlJB$0$n1-#E6_(WbIHnq&~dfbkc0t`@Ycfw5p9b^#qg>i}>I|7&U z&U8+tD|mwqPPw-n4OwaxWgu6FZPoaXkJmKxYgF0s-RLcsAIJyklCOv~K&xmrS|`efN_@28KgBdvvE2TS?%`}s82 z7QjiR5@5?dJ##+RwDmd9+$AFn@T#lg`jw4$OTpi{^y%G$@}1+a9}*#s`~keMB@>y? zw_ODz6A-g~1FM^?P7Ei1=-KB~!U7G8~#OM-5Ov$#8;8(%Q$qJSIUE z8&AfciV`Ae&ml6C{+G`5Uh6k`6s@JjsM~dkz3PL%b|mT?&d9K!EYtP|H+gCXyH>x3 z?h?V~n&j^nArH!hqK-vdw+nUjRbKfkCFG9@EA6!_y5 zCb+w0cdj&&Rls*}|B>Ux4L|YYImfRSsjnzpy1hn@u9sPW9z>Shy#O*?X9yZ9mM;|0 z>~12P0@pbQCh><(nsMG^;lE=ATZV;;2is=fn%)^QKiNQ^3#I;5i6{Yw}Vgh$B&4XOA)@iUw~b zR~Bi?b{bO{Phg9QE2!V}9$bUJhXfe3U>50@^{xQQ28PGT%XY^Tb9K7-X7A$_5sS@> zz}@2&v7iKv9mO(=^+Nz6DX1Yj41b>4_h$zsO{dX0WFk+#sM+G6^1Qk+n%_-|PBlAO z@V>M!5-K_a;4Cd<&`pq;z5vL-H^1vQcO!x+-J90$Nv`eJx`d=P*0yvvE?xbERJk8n zWI4=Y$f);KqG@DaHCD!ZWq}c*Mvp1{_!T;SC{K3dNd^WyT&>HO!?x18q2ttB)ib*5 zvl(b7=AgJ=a+5_7MZa4H>?$x0+o>({Ms(~7ReKW<+;%fhAVIivT@UvtU3#YijiAKf zPrMzN6-42M_r@HW_x?vya6HO)-1QO+Ele{qQTjIE_%9tPMx~>`qxFyIt6s2(GnUT2 zTJ6^LjEO7lmlBJ2!s4N&!)rU|ie_PBpcv*Wh7e)kK9Xfee}s?7(Jm%R78b76js4>x<6j8^lkfD9AJ*z%?_cy@7PKuHmL z2=tPNVK+UpZeipCjAg9vE=T<=#BQk>xV>EM)^mWg_*(XFkIg0$E!RVSd2I-C#U_ItoVc*?g7YwsE6Mzsjtas?G1 z6(#XsDz$c=3toB$wC&%H)0Fn|$tVpyx^7tn(}*K)wFVHDed|G9X<8%>SzE z#cKU0sU>1Fs;E@XS)_A~psJ<{@1v$hXq&6g#{T-mgo zOSujNwj2-*2Rhcj!?DEWSDs`YdW-Uc*F#F|ogh1t`bQrBf0Cp|J_3lWw2=A{&Zz%j zY8ey4vvCXBUtynYD3e9AgMq6&ytkZEqbg>#MD>J#F4g}7>v}GqE>la;m6zs8zLKvt zN}yy?6yhU!jPlQ+WaB&u%24_JX#VpjTc1b2Rn+!4*$FW0%6|s{Djt>H&n;U^>(<JSC02lwH`o{9X5eA^ zeuwom^xZ%I-z#w+cg|bH$mIwh0(h^3lKnU#-SG}H01pE&vy{@>0CIj;>Fs6Eew_9j zme#w|$#86=|A+fUa0NN5ijo}EfE_04g?B>7xkVSAC zz}%rMlPCO-H~gP`t~Mcf1vce>eIJRMoaQmW@o%%^@4gKL0dul1bQ=iB{wD_8|L})x zl)@h?;r#Oc>umb_uYUoFSki=-I{#NV*)vo^05HX+e;oaP9uy@zFdwKmGSUC;S^ql{ z&JVCeAY-IP{>L2s{~et;El@x={^Tg~*Mj{oAJG5$^!iWy6rXnG|MQ@H`<_^FLxC*+ z!+ZZ%4|LY6z5%CE&ML?GS$1MN94DHPmR*#*k zfzsC@w(URoVsqyltH7%w3ixZ4>`de#;G6?J8G``f=8L)>ivRU3{`IC00kq$K7_QE* zHXezUUJ94MTXcNfk0CKQof2V!TjQgMQNo(EWdOxXu}l*6g4=zhDL-@mG^l2`KCyaF z;zHZa(F5=bj#aAZDV9q++3k_Rg0*Z~C7Re_DlvHUDMhNK%+j$ebi0#Q)Bxf)iae_C z!@qW~|KY_57rq3ZaOw|-K91x9BA`M^eS)v3PyCk$(Kr!X8GyHD1Gqe zP$wqP3x9PN5@Wb@gUL8Gqw8Lh53nKVwd>OBc5=m?4uE1+Ss<`~cCP`OpJppq^lzus ze@>(1D8yhq7HUD)BkL0�xaU!V{n)VjC-vSh*@+H-x1MFv16flS(xQvTZoZ=nu|K z4M++frLqR1Va1_K$^dQUx)V#)0;?g#1peswc!0ECvCZ@0zc1E*UqR31fo<#9!!-_Z z!~$M@wO7S!%kicDniS;{&g{vAyy{{IfkWzB2cY3dV8CEp_2S9*zuijO1c2>hsWMXr z=fl?X?Pk65aaM=Tjome1dg23(Hr4n6e35Cw)N-|Z?QG+gnMva1yjAH-KmxD(tnx_; zCVYK%v@@|LXHoNNlvj%W@riike7H!%F2%82Z@+~zqwDZCBhqE{x!~4nw4IiZ7bScsHg>z*fuFPU^aK0#&39k%I(Fty*j})oY)*@ z3{5)Q#B?Lyksy@R`>oC0$7YWLRaEHOK+3)V6iX`Jd2(quGkPv5eazQb=l$X$>03}+b z9J%tF^Spn->mTl76o=vd_;Am-pM-p_sXT3P! zS}xnwoFE(hyS)z}e^Fb7DKQ~q!~tmySsWks3h{#M7%zE&IZa0|E{j%eac7`5m?<$T z$hcg}oJ{9+WfwqrajIT!3lU^uhAq2?6P}Fg|59VT^SXCRBV;qreSieQik4!m289i|{i;dL&<)6eaF;;;lCqR7NzXMMr|@(wPz zPmq)yamS;1jj9MQ;j!9{lAO%PwhU?C-((^N^9?HKV=YTjH%fm_*5w6pSurUXTJD|Q z+XVK(3%{+cdYhwK<17jR7=}IMqTcKyQ0WSKV&O~|-_y2*XMRKrX-Bw~>bA0f!1A>C z9?$D(>eFb4ON)9Z5<$R`OOs+H;jlGK5S0h21zGRy0Z<#}oAbkr)UlaG@{ElncBdbN zd|sLFGlYeb;^QeJxG_m4C*q2;n)gM)!S)vbagLe$1GrcbVGLR?_c~@(XuzfLvF)`8 zIJjbYuX_uLR^;lnf5*DeNEE4eFQ#JEKp*K-%6ebl^?`3V*e6ufdzFM)WE%QlFsL~G!5>XYNaL*@nf+>%*Xt3bdEHp*zIaoXcjto}si6y~zAjs?M2)ANkE zDR~rIB;oQ}WSmf@{fP@5h#jj%qMZu$0EfoEcMo%tP4iKkVM#$8$csuR@4o%!GRgwr zO(L9hU4BtXINvfq(Eit$_uszu#iRS`6&%p_44C)hNN~l{Q--PQiPyKd1sFTi%@RJ5 zL^e-4zuos=-lVe?0W6H1w;ck^Ux6~2am9I)-I!2qwcSyArOaq$miaok36^O-N zUX7Rif-}K~4PALZbfcYoz6}!rI18O!fH);_aH{HY&CG`sD44}q-FCr!_}0-Xl9d}K z-S4FTMpAAShfjekB7 zPjX(X(iWkJsS8XbVx?<6s^7B7+3pdD_6NW*$UItQ$M0qOwd<9-pV4rr^4409S-D^yYtWr(4Z zw;9WE$b05}5k6HkQ>a|*Sgd=Y`0EJ^cMlV)QbiIYDumXLkaZ(`3<(4pj6XltD%*B) zLT6&ts{TS=X76-+c_bdytFEkE84rtxwBN3{)@QU29i4;|U)w)e%n zo|!5RcHx}WVfgiWGTwTTOn)+bNQLYw@;~pqR8bw;y5Q;P-hfv}r2m}n!maiyaal!pt1RNHGFwgt!QnFMdtASoAJA&Q);n!O;8HldwwXc~W{&zSN z_O)4nFLAQsM-#24=TWXyV*iPlfE6sW2=28m^ynfEn{YUWLC4mMwbWO2Dva$+cu8=v z%W#Nsr84p38@%_1Kkk;d+@oj==zC&v<2>2oSD^`c3qjC9p_c$1AWI2@^|7w78jToN ziw%tQt)Wy8k{WBKkZ%P4BkXp`Wr<<8@6^4t*w!n;i}{}%3>BdouZom-4lB1dXHl>P6t)DeZ9MPuIY2ml!ieeF zi9)uqi@4mS()f5xNa%RjAA<$Vb8w_|2E8S^}M@Z4 z>9aCGhkwc|l@3MP&+gC#x~mv)RX$+F$+I(uQOM+U{E-^FOZ|LfS-^syuX%$-_@xBz zN2Kfa3f%N^ied9z_f=Ifh0BXJmD>9!~P$f;at@u1jO0pL+ua_-XQ0dIA-SlH#kU z`t|9=UjIgr5z^^rnSPw^k587z>yUo(@VS8)EJzWo(q+Fa|RtS*RiE6af1r&W|Ff~$Gqf6 zk2(Pono31;ijdWmow+RcK9?7x3V(Nxrd&oe=jB`ez9WQc{1yHu$y9Ch5O0A(c7n7l zJ<*d6527joyiG~JV%?}JMz#C0dlVB{+khDNIBol&&uHQ0+ND~p%e=K|-{-OL(IlH~ zIoH^~Y*Whg7vFz4YC4+~>`-74Ewe4;0*8Fqp2}Cio{KS5nB5hy%t)UMHY}!}E($6) zbk=_q1dOBs=q60j>Y7~E%b9>nIE9bqD6Pa+@bv5H!-T&1CdwkEj$4}M-SWc{>;t_9 ztD3x}@?^E8DwYDf6*o}J!`9bzonbLkZjnrTGR)Ee`iZsg9&M>LV*?NO{j?LTO)KBh zdw+2!aTmW7x-T29jwDKLy1g{K7y|BuALQiP3SF43I-+%oGr3}hZitF!r%%_z$ZkFZ zl|KT7)UBa};0=r4Y;@RI`DV3hmO9dh+29d(ZZ@zjz+=UhNn-qIt zR3{$SXxZ9%OgBB5IW2zkC`gqY8BH)+KnVmtAUQwhd*hel~o28qQi^^GqkK%w0 zvIMdzRr6&|ydbi>L`GdPKPQ&csu=1QE;yaH`y7ckIzOVp-lQs)St}~W*&muZEGJD< z=U=bGoFqn{m?7SBK5pzVK7U_5L&MN>(%3iGoP8nS3F?cINDBra;F?>2Zn=EqLU3{# zX`LFN7)+Pi*4oyN3`fBuB@d!3QUj_)xoT9qCuKpg$J9508i=by(AC*!){W9)m=XX3 z0PayG4!5YPWxS|(-}|`x+Wi9HliS4E5o6)YzRgJ;H`OOD_y1h5G8q)a8@B-Bdo7s$ z;UcSVzdLj8xUSxW#3ac|MB;en_4>GI=RG4DTYLD_E%qeesEfN?%HAVeIpVFo7@Hl9 zd@9LBi4WDXTFRr*-u3$%uDPCmy8G^~s;;W3>TW_5r)V2~vxM3i7)5QJc0;MWo0pK30i zeK3N7L6S8W7FLiH7A8`#2b!2$8N<-WDFqj`Js~;tLIhV3evCau}KF&no!4 zT5oQ~1JM8hGw`?VoI6rp&OK^e8b0Gg??%_ps>HriCkm3j4BZ&xdDwrfdjB|odWO~M zpx&96M)&%w@+Q*WC5MZ9Jw~zcooWpF8{`T$7)tuLD7Q3>%v$K6f>Uwp=l1j^IQl|7 zifPy*c&lpxckQ-ckcq)@>!PAaH&~{j{_%X@z0Gp#eG_3S2)b%W+!XGjMkHs?>sQ=> zMg#RJ#1A-nZ14P)9;-;$qqE0)tE)ttiM@s@D7lGoK2dl11+L~$eqkkwh}r51M!m^- zW9*O}!t3+;RRNhCithxT6NynwYUs;Ez80hsg=qM~gCQo1pJ z!CVhK=`?)(dU^HZ&KmjH=WowdQe0I~_-V!7ptholz|bQ+r_J!CgOhp5DX=g)Kk>T! zBkvDiR3oC-Uwk{!n0ZLtzKcJLJjp<~Ly1P{6YqI}bQvl@yw3miQ+$eRfHFS5z@|dF z5;-=H9|vK8KaXqayN@y9B2mu?gvIV6zg&NRrH|tFoeKKM%Rl68z!4Sl?h{rgbLDnt zS{KnLBF4CPGS%J4wt5SAk-p+SGupOnhny+B*ghSYLKG{+D_ogjwjQ8*bvEh&iJvbn z{DXI6Pn^7LX$p3NUM}+~;8U;3EWmIqm)R1a9KJMl_NR5Bv@upu&#rz<_@U-v))%=d zB1mOO`GA!?O3J#=vLN;`uI8bUuSlI)Y#dnhueD1t1Qkuh)(nazA#Va^9|E=RXkhp#;NjsTyjMEp zV7^1(S}`I#SFC1^$FtzuZ%Cg7mMCs4F5oc5a4GP z1*6pd@tqf&_7)QZ=Fp2Ufmf7p#qC@QFKT_QGv4mQz7)VTdy(HBxlB@zROZiZd*SH6 zm4Vs}Pl)!Mn3yHNZ=3YP7xGV$^+Z-(*sp|0qBzK2NQzgYy~+~UBngXVGD21gv=ZHo zy6;0@$Fhgr5wRgfjUrf=U*`?Y+$}({2++)2Q)C+u>>PdWhzJS<3xxe7-$ty)C>3+a*r zb>VQlcJZa*z>@EJagF53*ZRJ^!}3Jz4$1qCkMGq=`YV>t#6QxOMVHY(pjRR=zakGn z>_F)-=+L;Pb;8ue3=#P-3fhKE@5cIsVuxbKX@_YCI3cTuz5X&IPZE7Dc}Yg7#1bM; zO%xx+7Udi(7gZM3C<*MhFv6^S&G{`wDj_PY|IND2`r10pdj2{pmTV|_cNm5&x{`^q zs#2}8CS@Y!VjSv6x+2!eV35FYCViHw5?+C6p-W-;#KgqV1kdEB$u5i6lhl)!g{f*D z8JBW8T8nb2#c6qE3VNBX%J(_9))#6lxWl2F^3u6)eyaZ5HOn`@G6%B0!;Qe@LC)-X z_SNF6*jE}{z&2JRd8%-_6d+6OC+Zkr)Pt1@qzclOZQb-7wiqS_v9m&J-f4n0M>TIW z2Wyd1*q?;S9eq*CW9iG8%HP(PnD}7Z{dyj`xpJjn8I} zXO8C=m+loM=Wt8cXXDsd^LaPU_6A^QsMsK zPST>((&9dSv9wop?tkuZp|;1q17U7Q-bea`Y=UdW#$oxBTh+AWO8v*oSjEephfiN{ z=Wu#(z>EtfGd43oBP*;=WUO=gj&lXm-^}-cDTdlMo(uK80S2pZh~uSs_<4jwCBqoQp~IJ;Mdo}^)iCq$;PCtqlvak8glNHAFz1J!!Av0m?h-x~$UIMW3=&Du6JI~v*4Yw`$Ve>)g5&uD+ zvo_^D*ajR1lMkcOzT(TS4LIaE>=&SAAp6epom7IGlCgk#+xxqQt*Wh;t=<={zLcog z%z&TAKPNNU-Nblc%Oj?-H__Pu`!e2U``vGg$7r#yXtG5lXA>w7^)u@B&#JqlGT!r#*W48 z#w?M&{7^1=2x9RbYnH@TMpEjc8ZOM4$eF+|ypQ$&P@cSyx|yIF<7^mu5vQR{FT?r` z#C|cua?A2i?Y|RnzJ9K=LwGZKhwJSF4=^+oOZTNw2e{IoV<)`!5aG*W&B{;WOR{82 zH@-0{9p3G~94zZQeB;oqvYN=5$*E<(v@W)FIE3FP4W3Vy2g{G}lZ+;;OMzwB)A%gi z^CxsQNe)0OtcHu>d>Zvu!SAExquH^y+X?TT1HZ1~b^8lJI(9qim}5-{QgT_PnTow? z7x#^;(%-(ozGrxuPWo+}ZQAiLs{wV>Zqqt7a%kimq_*AjN6d@G*TQe7=(Fetbj}?r zlutmbZEq<6HX5I*jaFjBApxGsdRdAjGz|?C9ymRcGZ$ZpT>qK*|91 z03SUz?c)yj))93Zo_cgcmSHY*V7T~8F@?`{hoGCTeJwMne)c>M4~GG6UFYpVIv z2al7hy4oNs>ynD1!Wppz)%t_}%bbHPZ~aGwx=wxZ*$8=Va_%OJHH(o6w~5IEriGeH zf>O1Kt9`k7FE{z+v`zTnpi++{kHJenuTZbH19^zgn!vSRt^dA1axg8bHO~--_S_d1 zu+6^ZfX%LjocSRShI3A7chknPVsAFLmaJBBBAd0M|u< zwdQ>4c&wZrH>OA4n$`8}89)4^>+Sokg^)A8EiHhn4#z1bG(Ruw5F2lPaSruy|MF}F ze_wjCbWA8}n09ScG`uY+9(UJ>y6(E8j}c=Th=#fIj8 zkl#yd;ITY-b=Yt>zYb|kmrnQDrn}MEyZQ>S(tUs1`51ZGD(STdFb2GQ(0-75oCLRN zKU(ZX?zBB}JzfN}=K?PvQ>}(=+*f=z_v5I{{4sp0-j(+gr<`|Zi+*>0uvB_Igm-V+ zeeEq{U$v)m!)D~dwEIHEc8w+k^Fw&`O3T7>tFpOBJ^QuyTz>c+(lJn`hT@+3aMU#8qtlD*k;i8O zEB<^Rf8x44XIh1vM|(7WdxWPuoy6KPbJu=KNwhCm>0j5VPK?S@&2c*1WWlx zpJy;I!R9c}|LCLn^!)XSdip-0|9Ha11i`#~dc%1724p<@vp0fJ2Hc-z`1PkY7(r!W zNy(?DvZ1}Pv5kWn(DCJ^mgQ5$D_aQ-2N;;Q{l783L{8 z4UB-FjOksiZGVje!{f^JRJ1mBG$3-dwz6^Ha^)rYtq0dr`Byc7gy^>}j+VS6>aq$% z!a#dtA~t#kdIl0cL?R+09(yAbE+rAMKj2Sqyd-9hj<#F?fQyR@y$drv(B2fl$jQkG zU|<3;G0{EspmT7uaWrtHvvDB(eULxL5ixc!v^TePGzZ!c{TkQc6VS<#mxSckME~>o zolav{^Z%X6#^DdPo)`rDY5_3PGXVY*%+cKBzrcRA{0{q#uivNR`861qii5GeFwolC z*v66Xe=CAet z7b9lh-A{d)g0C|BDDQsMf-NM3`>GJlJ(ffz6an$sKymq((2X~*SNHTzYBGpILsw`rBFXmaGpP_2@u%h%eLrGwZ%j8g?UZ{;|CJf9~W1)kTam7dU}OL5XcC^;CLLu{2ar7 za)-xyjzY=yNBt(+a+8)r+8gq~-+}TOm90%qmVCH}FwcG;>*{@*)wqpKf;wT9i;V&XA?|RK$Oh4fFgHLf<=dzhCnEZv=hBe)dl2V^0;R1F3 zM%fgMe~F!GLc2iWc?$aTD%sbfah`v`1IaUhj!$NHjHIYuvJU?@d~iNl2Z^`>Suw$L zmQE~rw8=FM1;jtZ!1nCcWDTDLk32&7KkM7CT7k@069C7c^_PAFL`39LYg0Njq?V@v ze<)lA#;a{;XbF!pwU4XueYk(CN>VVw2o^#$q|3q0QLq7RItPf-et&9iUx+Ud zEfe$dtu-=uzNyMFN%;fW=f6|zb%Bi5Rd&+9%CG?OS!Qtll!_f|8SLLk^*DMDDQ< zS<;z2S5%<=hdv+X`6;5A|P_+SdI3+%~h$M-k3`P zL1^9Fb;&JFwJIM_PyeZ<3uM4!7BB{(k&}0uxQyoEhJ&*H#s&Y2LJ=vUqqH}M+y(xE9V+9qe|kiE=ywZO1rt&k^k6#(SYy|mwj2ERDl$UIP?lD zX;nv*b$9k|>k>~04nfTpM}#9AA)NUAn}mPi{$Hv3i$r1kI?xNyGZ~*8In4sTnxGt{ z<@T<9S&)E;zWLH*+-YIsM>@0jPdgkbqJKCbECN=7Kx%7xOQvRTauoZQMXhP<%Q6~9 zb{x)ac@nrU9Ck}2Mr6c>ub%&7HSItvxFjGBb+G{qrK&2@i{sm=+mdhH6CYOAE!-P@ zhu#*0!?=g|5U}C|78{+0wmVVj%+idUZP5!%_Y|_>F9sGI{ckU1psKQi`=&4dN5%z6 z&(3+N{i)sllg9haNoIIEwU$0P!6(0H>O}u3sq!lxBg0H$KU#;IpRM_zkrJ}Y-SSwr z?B3?rVeq2I@Z%EHgq7Cdf?g?B>|$8HoP&>Yy?JAAh+i*7Bd;Ahm1E|;o!OTDBk+;; zht&eeXAwA7pP6)jrx%_u@4U|f$A8AEtgWQ9IXCM(_2jIUJ|CWmVUe{N<9Vl{skXMd1)uz7_li#X-sWMkawd`PLBFNe=; zx-&P!73gCVXZr{FLcoyIW3nonvj|+bqx|q)OF7(83QDLK0L*ZfIQ@P^ zhZV#1#cQ26UUi+QJ4W=JZW0O|`4mI!N8Z&nG@6E^p@ zzM|NiE^?-S%ZDTpF4-DC$+Zb(kf_0BYf8|k$osz0C1*Ljp|I<;O?qZ`!cO%^o7nAYY(|fkD24uWAFq9J5;Mnx_ z;D}waq9uLtveiCbEFsa$$Rxcx0|J&a`nd32(91*KX{e01@cz(sw5$@kP+=uK`86$7 zGwHH48HcxAc0QE0uGHkP(#efK(rS8>vjv%x*oXp0ymBKW| zb7Egeq6M{&H<86X@_9hE=gnQ-DH6s(^j3b!(J6Cr3UUw!@#)Ov#4ErJ$VCv$F+YuR znX!bw?^|BlgnLqI9225Q*Q8>TkBGoxt$j;3nTx9)s4n}4O5?mGMxxOFqx>_KQ5U?i zIzx4AJ`H8QT&vcJr=^So1P^dL3V1`;Pkz(@WUaK;q<^hnF-q~*#{mt}Qu{{Z8NIQV zZ2~eTqx!ws9S!8T$Zbe>iqF15Z7CfTZ(rFG;iP@AYX2x`s4Z!P)5Mq4Ug0XLxQyRj zpPgozW9$>aPB?VM89w>Pb+2t?7N1M)|ni|b>9DoxNT z8hHfpyeYJszhbLDO2~dKzBhQ|m9xmhIIul_uMYGg-HHLz)XS>&aORDqqO*f~o80Dk zMKFks4mXk4?22-P-Gr7E(ALIr$-(`XZ0(PLrY2S3c3X+HX+DNG>7`SVh8>mM+h?Y; zex;-@T~L+!Nk5y2bcY~4qv!Whx0PUiot|1xM6dC6j{Un@@b_jAFX5Zv_hU$a{-Wo? zA={h{R{U2zMrUo1R$7UoANA7|UQx~<_+;!B=loHY@;8=K$=URGx^s4H7VLgG?z3Q& zhg&f;!qNq!Jb?=Bim&Sr0!EL? zi(%BL#JroFf^M`v#blwFQQR)mK2#TpiYLt$9ZB|Qhqva%?0HuJ3!xh-Lngo7+k?TW zE6O9_mw}>ANb9!5_&^X=93@%jlU03lV-pdK6+<3UuoQ7W?c@8wNOb|I3PN<@)v8UO zTp~F8O0<5z5>mIBbfM+^JgpvFrAuP;v&7>Xu-82pNdKB?=@HV+)|JHk838FP|H)GV zGz@F!ZQmjC5|cV@WIFG)S=CpiYrvHiP_ksj8W*!sxYs(EV_jyGkaV{Jn;DFk5YKKW zB8Ld}z6uhML=Y~~9Ajkuq%y@{gzzwDmSi>y`FLLJqZ>%ng~oOAZ{0Vf;|6|?3CA1b zWfw-UY+hYIKuu_xWEu>q;+LDJ@DG!#m0$c3R2x-5uLnf_XoQ50jUl4T=ShkXco;>2 z;)WZ25_o%hI`csn1LyAUIIQ;@L_Is{G~fn7Zj=8%sKAG)lCOO2>?+Oq?s$R-BR)25 znHh1d9v3%aKG?b*RZroVjo{gbDmZb0GAq`4a*Zl;kA0*(L1%`s{*?D7cn#GJwAh~K zg$+05k()7bEHBahWG<8#lTwGYo99XsH0X6|`nSt#r9Oz&T%76+q?qzJwA%ztE!`$J|_-5qeGQNGQF^LZsTdAy7S{~jc+Ej&{Ls>V>)V(A~xf!To|0b!FVjjJY8+Fu&CVnMgM&1##ne)gx>O z*V2l-6Qy6#-{V^%1%R>1`3QLghq*utO-Mv+38NxWyb6|Axo6X0^}U)=$ubf#%Ffi3 zeNpUar@!}6f4!)Zw$dlQYB37CEJOJ=X8uD3{rcnhDsgytdiM`cQBOg*U}f4k#|UP? z;ThO8FVBrw(*(M;R=N^~BxA%vOwTmMef6!=$~79*uzXnV-&f6=Ou_oea4+-V*@{SA zacCuszS|Bi%5PfNFE>lq8_O~TC=AUIq-x@HD@+P#D!o?@^!h17I?Q1|R&D2RTMGv3 zc=-Py=^j%lvBP)BasbT=;`OJsbgv-2MYdyIY}51C2M?Qu<$e7OOV*GxDX@gd{gV=a z)bItquF=KH_$6jCe3^k-DMS^`j4#CtyFXhsT>?pW(blLge+p(c11f}NA!(_@VL(|{!gB4zxCy?_o;=aB4<_ke zZ;PiXXuvueVa|v2Yb_-7XCJ=efhs!TzY*ViByG@4gRb&MM!xxI6C_<0@?-}SSUh=G z3%*;Uc$~+>mtw|)DiQA{rjd51$E$5-7ie``$7E7l3Wm;3&c^hed!2Kagx6a-b)>`P zxlIC+>egd3N=K{Cb7hM+O%~AMWJk*Ihb&{QW^gR;Vq{l$b4}7GtB#5iib7=h$Q31a{$fYc@Jp^SL?><3GUbn54r! zG?fRMWn)rRFbA|^RCqaL8dY{$pGs^tk|rK@Jdr2L=bINjD@`namfadFXe}%@YN<9x zTH&x8eW9Wk{WkZir7EIo*OWiG?Q|5TX*Cp@WnWV_@a@p~GE>`e54X(va=g2=80=I7 z&w)6oWVF}aD9c?L^h!ymz;gDe1_D1^A76lfWH~sq;4RLlQ#Tpp5W>zEMk6eGxdGj0 z)~OFgjKJ-HSa?EX?7m3@EZyOIK1^CioLv{{6_-trfG3)^5=A%w{}G@@HGzGi9k> z{LA@-;)3CctNaih`nsd&R)Yp9WoX#|M@6Y|m2s~P^k5!$ke-U)i`!$S^#I;OwqZw2 zk1Kio=|`u|O6gtk*U`F7Os!g{S3Mo0r;U&o-jHmbHsZUx)!pyKZBkopO%HB1i!IPy zpQgs$Evm?8c1}9FI3I%@TfIql=J$gWMxpeb@Dxm+zJ%_M;xQ+{8=yMwS2G6Z;0T@X zFK}HGY<~+!SQWycMs+KCw~)``*mLZiIxKyZkA&t}21KYZ7?eApuJ4l$I@HK|@CQC$ zp=Y!HG0@H&&>>d9Z@=(8jcpObWhQ(dLf#CCRJCEbYGq)SNRK2ANQ=HLJ_L2r62_BC zdaeba@@wLG!^MpC9!z_7U?1->_XT!k>(8#mgr|P2IT3qs@b_->Y7-u96MXq! zr<&gX`?hs~%rh!$HDle}XKqI{{W`Pie*0&9-8e#69SA~!c0s620bhb<`7(78-Lb=SWK^o`O={PB+hU&DHKk6C;pKYOc9Az$!i%4Se?_cn(7w`Kau{&cHp2 z*V^s_rTHRooE7?z(aZ&;%9H^$cE-69XQFTnAklL<_~{(`1D}ngPV4uO z4-bVu8sXbmuHRw1sD;8Izqb(JiM2OdemJG+YNx#?u;E7p9-K7*-nF#tIDJ&Q4p}zW2Zu!uF>7>{SY!I3F37gOY7L ze##S+@Vi4%hmZYo%Z%k)Rw*_+15e66@w;AL>f1W(U6L>_Pdrk`M$Tt4E!@Uh4$V?T zQgw>B>3J@e3umLc$hjpfa@8uAWJvj8qQV{vw}Mgj(jejoz(zR z42%lU-{6R7dv#h@^dROFcm*_UJ+|VfkYtCM>iR(LPHzXtPooV+=v?^G-|6=&tbz5s z$KN}N>@?+I`nVsEJ1GXIEmdUk!!sKvS`wqTPo8FD!}N}d5ZOjgf5fHg<$d$y67R#*0!wZXH-YtIj>0IdWP0>&|M=y@QVrbl9N=mW z%v(Dsj@V*aYH5xfBfc>=^7U0mn%QII;{)hsV3t${C|{U$Z$X%ArT}HHmk-w0Ujq1# zmDGfm&J(7muvscYQ~O*G#*~Af(GuG8cQfD$F+hqTjw_ngX8W& zPRNJaQcVGky}ghW)4VxTMT!2aSyO6h(WLEWLOpM*sG2wd9}f$QePfoU3lThk_UW-@ zm9<&2it*Uj8fHs=kB>f}S1KUY%HHB1v4N9-DeM?X6c1Q2;O6=)Z4_mAKciw)SNR zKq5^KTF64;p6=IVA7r`8YJDHzF^P|s>}hmA)Z;LgI8ObtS?+uRDF>s3J7@P+mujr5 zr7-d^w0=p@y4RQ#$1x(4tOe@v8IQC6+QE6+btyP-VV9%%j5L>44Qb)%giT~9JW@=9 zpwR>9)^@*pV-_q)5a9DuoIo>=hFwb8Uxb9y_}D?Tel*5`Z@nc=$X%cRWaRDDy=B1N4WPPdd!Kv zHib@SmRb7BOh6TJwg5dKLh6P}bX%ghARH4}$)`6B&-8ibISAIVGciIE&vwk4iq@w2 zG@$)jXaHqvRIoQ|HNxChuBss0-VD_H>#>RQ2uf(Y z`0jIufk6i`>I0gqdwvJAqcX;kw$_HtnDJrMvIe4f*GJ7ouENvqMe*|hEAzCLGtp8|5F@KGx@XC#Ya5q_$)Wmd7IIa5Vwo;N5B+<(AI#yND!e<9Xx^^32EVxwwn#; z+4c5`);!&qmk0dT9f7%0|h@W4&Bx)p%?QnTSDv~0QPw)Nqg37w ziTUI>eS9?diXnR+nm7T!sZ7WeFW5^x_h@%>E0(giA8zDRTj>+2=H={a^*FSVJ^Mqi zCP>u|-av{JPNRkygs!98PXQdBc+S_ z33ULt?n}QJoQSX7BO%}0t$I)kg*Q(JSnNGO??%PMI26r+Ewp_M;#)oOT4g6rWeXb= zAx$>gZLH~)JMO3SM8ccDG`q0X=V6`r2Y2QH$4Rl^oV)faEi`8LJCLXl=oxbjiN^_3 z3WAT+SUbc!!X>=xzJTg@KLAnPV2?K#iq~C80_|h^UI(7p<~oa{k*5rO7qcmQUoI!< zCTH8bsI*j)A~KkHUkZxHEh*ru$9Xt~&+zs`;#|Ger*G3v1Rsm+VEf=6@yhqE`~3_F z|Kxe2e}a1!EWSkdMA<2}xas$aPWR?eC>wR^k~B7=;z$>})#%CT0Gp-Ju1K3xD$>C` zm1mtXZSV~M+2j_qh$tNQ48BQT-(=T%9Q8nQ%<)f~gO zg9G>q)@vF7Dp;k#B+8OVy-I=Amn=!&G>-$j)P9=UZJP-oA-cR2Yyk-YD zFTqbo{9B?z{(hhn7MC5ay-$s~(H?5-Rg%oe8*=JpV_uvi)EbKd6^9$SSJ*EOmtM}` zfGCiT@Kee?`1ZCR%&RO_#E@sWa7@4Qvv^QY&&(#XlKM-iFC1uf+Kxh|hq8=mWQ6xLR<78!@%KO02OceY zs(o*z_<<&g=A z9Gf@tnui%_*OV9YJ$FZ+R)ENzak%YtHsIy_?NLls#A_t9g$VLNwWLG}8PsO}6uUc0 zhlTAQY$XEzMByQ2%$J|{I*+jr-`B-egcyBBZabR^!~7hDGwu1nLJB~O(evC2`=PW% znC7{$xU7M+J-+BUnHOCVwBASqX7ll0p4DG`1QhB%tj(JHb!Z+2z4;`Vg<~CdHErE6 zMPDvaSY(>3vE@(-HE!5Xv@~G1l=IJ`h}>5;QBCLhaeY!T`F2RRat@rafbJR^jUj)O z0e;M54Z6M;j_rVTk5`rKqz1;ONE1&5@?N9Mi7>qx|+h5eC?&-fV{&ctyMnivP zG;cx?ViH<(?=|Q?rN~`$y#>CnYM!m<*gE}r(wa)#QfemOK7*4%_0_~f?rK4DZz)$n z&5ayX!v)P|-4upSPq}a5e0q7i*wWu_6K0IH)gZ9d$it%Sbh_|H>|`w$iDxm5!Z=T4 zL>fY#-}TB_^|yLZDaP>v0V_Mm+Q3}UK`dpo;>PBZ~GS38Ecfl}P@8cR+ey#v*7E#{fsWEJsBHFoZ;(iI3|QwmTTyh|?o zp@DN^RELvkX)IYTwt7mSqQ~u#_lXU?J{q}M$^}KhVw~;WZ0h|e9<-frt%{K9Am^t% z>XrEly<8nZQp!o-ZeFvTr$uM!b~2f9&TV-Nb0il_eg3x0sSKpmb1<*@;y_tXdbJLU z_=9;r3hYNRae?|-g!4fy8iFS2bPYGZ+3#C+&MrUb>$LE65Yr}Su(NcduTh^i7}}v* zZ(7ovo%VK4OI}kh>mIWXLboB<=`~_}r%XUz7yjBv7EV}fs2{-6}vq9Fl5dtePaxY(rA!#=+`2M@Y_ zY%|PW<;i>s^7vHFn{%vtb$Z!nffblFaB^63AJi0i2UHX7hX>`icGH$j?UZ~nTfNw{ zN-2awZeOQY^~B3zototxRPC|{-Zll#D&SgdP1<;EltgbPK6(z48^8LuGkHn`KMP9) z1Grf1b@=|AMcUev-FpB?Cb=^74Fl2I~6$n-j_r^&?2 z7|lq)6Il9gES}^@-_ka*9M)libufpwpVnkm>NeX`e?KKE4u2BNYU|X1FVc47H}(@( ziY)P`&9T^tO73&#EZ98_=cvt>i3Ipa0av>dT<>fhm_M`hW&3$;&_thzrf?WnM)bEh zq+Hv$ZGaaft3G@kev{5UYYlpt?%nBmH0=^RkIKWkgj79nlX!Te$1Rb}G=P9e(^lEyk5;7o7r|Jc*1m=L=&P2?Q#n7J^hui>O1lKWKhF=xOHkIG zEsNi|9(g+HFA`rv9bhEWRJ)IvPN_^akv>E3)-`Da( z@9q-!!A82S0gjI?oSZ$%Nn?IkYRhW&xeb2VvFO5gmz8AR8O$O4GX5mX(#Lu!nbXGy zbQQka?Gbs;SAcnHlWE`I*PWQ-z7y`oLb)?0;fL*|cHeBT;q$ZcU=q46BE^6VlEwjy z?z8cOtKv}Q8p_sUOGhUSf#69CB3v`IzGT9=S;JhZAXc1n6;UJ#Rs7)Gt8m z1I&>K1Eo$iyiBXMRfXNRve$uG1*(SbSIIFeWhCtMV_M*Hri-Rs$rHYa1F4C z!l!nHishO%xxC+Jd z5*7J%!7iZT+G&3+0AiX>^(e&L?^v2+s8>m#l%pLZ!FV6NAqm-)bSdGr#p}J_9*+QOhJl^ z5*So&kEbF<_b20Cvq3=HW-JSF<^=o-RBKAc8o1NBT&_X|*!vO}1Rt^bbTvm_NOQ1; zKU>J$h}jLRp^g}yMK&3A@>3euIeun+hphpWUzb0a!N)$2J9 zk4$PCQ>g?~t%I0y(QB|T6`f*75D%iZyHsIxRtyijxj|Cg!_W=u6bwsjL8)_4`e9Q# zRg2GlpYK=3EE zuC(Z>T5ib>@g^4BrDlw8)M~f!oqEa*;hiH{1CEgmSCPmEl*KOaQny~U&@f3kt}YQ< zizDCZfQodBP?m1DJp>_hZM7W|x(0iJm>0ZWo%;7|3aR&_4-W;qpl0EE2Tu;7%dw{;R9LE=^2ZJS1(SGMAGco8 zr=a;T>(O)7sm>yTFd3xy{*ZP#w3+N$42^z|o4}KA_*k$9Z6lgFf)MA!;|}4W{1eeH zTTiOEhsNYp=W%wqpN*g>eUPB%f7(Ryt9R}+ahOD|YgF#Y<#E$KTjLL$?~RZ{4hZJH zD#tolNHuw$xj4t(ztj}V8J6H7hL-E`>(o@WL=I=M&r;%J<>a8*t!M3<`8oE_wr-Lu zD|+|a7HS`>@3$=7cC&O+&Xawc7Dds*7~Frrsnz;VEKz9mx-rz*yvLZ zPP5$liw?EprhBE(exgr%5sM~G7a8L%!iBw9$V<|%s79gQy|KzdqE*~#rR|V35C-+d z1|K*0MdO$>@iLyES^A+%#PpJxz$}j7cD=}*XP|f;3Y`>c*Bzh}$@KXO%3#xHfP6FS z2n1;=-~Aw~!|XaM3SaKfXUCs~6roOUqqan{jh zdI7)am?_;f{U9sQB<8@~t~Ylfw!r3LBc#&FVPt7F1Kg9EJksh}|MoU@%4FXRvRx{xrL!)RpZ^9itombFDBz-S+0eHObYcdb^ zB1OEgo>YaBsQOgGlgb&1tc!SQ<9JE#8&)V;OysaqxbSdt)|ZvxKV|lyUlGngUh~FD zUw@nK4bhbAvaV%4rT<@NE(cw=qL<>4Ll1Y3K?P{zPvG zHv|WPs;vgfyG6dy0%ndgGl(B(2t{&3nSJz-wSMR<_j%`0)S)ji0T{1S7b679=vkz> zTG}i#_W9@{z9a=uZA6PrVftcTm{*4I=yRMv-EH)YX^pY=2R@YJDf(mLXmZKZ?rK?I zbZExa@%Td>84_KCn3#M|=X(-#zlBFy6E<=6>5Rys-dt})Ge+-?45Hl-TfW18SWQCQ*bOF#>9PwypPZ&(~XdR^*Jt?^lCghh zGKrGb-}=-NrV`LF%lt5;KP;olv-xzI%JzES%G9Tws&JcT8YrEdOOOagW`OrEafUbe zc?ycKKQ(6uYrueY)WOyAs^bPx==BdPrh%QXblK4icr;$PqtQnQa zn_BTo$H`5G%{w(Pu0hYdpa&IRmK3>5>NXQ5sou$YFGl3%NxcfjyL-1)EWlhY1EJ(b z^vaJ=r+FdKOzqdbR5JV(^cQPgE{X5+_o-VRE^XfyDyMaCkgN47Ml;Dt+2K4hUv!z@ zAG;msyuDCDM2%-0$PUb}E1!@u^;aNWFrP@e#sEt|Q?p<^`F zNOYBw?lBV{-wv8RBM0lp168=~6j;x0RQ>7gwlc{$2U<<=JelVSXD<8Pxw`1$tv66g6+Z2J+_ZsE5VdxqAdaq z#SHIn$A?65B%7fty?&MC^hZ|V3;PnOG{%x{IW;P5+!_tu#adr=2BO-Bzc~+7n03%` z4sl^^afDdLu8xJ+eUKcW*ug)=F}u|JaFX7}|9Xs{LK%+^_+Bn+H(t5aPjo^#Pr_sqn(qe5UI(JT z7}6W!BOmB0o;BT9_m~}pc*sr2x*D!49rP5F2c~1T1h+MA8r3D$$1z&cD-|@eDtk@% zmI-dZ*3p8{P%(IQJ7~LY(rFQ%lX6$nUwkLYZFtDJPOv+yenInD;q}~Q_tiwErO~I= z0U}a19L;)nXbEyvhQS28J>!B5=jmFdrdjcpb!zmqA6XKRSG!+0u$kmnMAdSeavI~ZmKceeR*_aE zR6>Sh(0I0BpNM@ra22o;A)eT(xK>N+_2ub4fK{8J@Ws;&cg0{QN#=kk?3W>FdlPOa zK|`aKO$vCU_cmHb`*c%=;UnU`o}}FbQxd&L+4T;CRdM31*hTc?ZiKWNm;nx9dHq-e zT}KqORbIeT;x+k`i`+bFk?~5W z=azZPQJcAz-5O#Zfj33tXkPTgE0?=ame67B3*QfcrNxn9iR4$Cr{L;1C8}IX$~|PE zt;@YM&`s-htRoy8avtYsyT=E+>HfGpv|g#pT+}&il9AKR6(s%`u(BCK1!nBiQBypc zr1||l{#*j?2Qx^JY|@*FUl$16Vt-yPbSEv6mCx66vIJ~T@a1|sx~Xh3CAw?$?LjX% zrae;!&2sh983u`=?bJ6F|VGsaD9x2nyS?fXtM#wh=!J2?C=lIRqrn68&WS()NU;J zM);Hsis3LHp_GR0GFgpoW>@F7FiB&k+zF`DbJubzqF#OZk85!a?qv=M2_`)zA`Z+oCM=r^Fwa*-+ zQ$Xk_dN&sn(p~?N(XR-C)0;HyO0jReK=V!O>ShD7>9;vT{@P`X;wvbzN?%@*ha%mG(U?oiWbqOU5f#W6O z`4{Ca5agm9E*^%yQ)}^xNQ9-==f&-x0RsY-%xFanE0+!X`4b8;qeG*q9r0icuyd+lo*!W@B4^%Lc zo^Ni@YWu4KSTar#Ln#wBypnabY{GL8P5Tbk6G>~A>0|1$>mIL!NE|YWnySuF8Tre3 zeHvQ}hH*hzo^r4<1@aKg)|>n2KlzE#)V_t!LSt7SdKB6uBSPkhKM`~?E+M%krD>7_h^I@vsGt|`u!;>7ZYWtLXb+=KCSD;UUkmJ5YU1+*FG)rTFZ|g#AJKdXHu`iN|XFUzrqa%Bz|$IJz=q! z7_FW4CP#O&-dR=b7jUdWUIVYTD!CZU*V>h!X?)Pf{rni&qn$@E2s~vPXAK3kR^&zjOgEcY+mcW1lsrKHTjbzk2WH;X`7`CS!0a-t$5Fa@1`u z(>6lwq_AbT_l80E`yjU(s?LE8-9F1Dck2^>kD%sx|n_MBx zS}_SP8zzlw9^ykL`}{(@=UW28W2dwL#;?urw$U`P{UQ!B#KNm$>+5?)TqE2M%94WQ ztDw-DeW+S!p2QQ{mbyH7L+3nRtqgbI8o<7Y4Nk(M=H(*9?5HHuU?sR8qsR$gMFLr542h?4->FGAdqNMo;fav z9r`+d`lQ)EUN(6(5@44S*Uo#cW7lhvyj$pwXd#ykdNweb1=y_ohd%Q^!&IcHZ)^Ah zi_}Kgf8duKv+_dHkJJPSSgso9d$>V2XYcy+a`efL|4NM zi78p%+HF|+)DF6$FS$FKo1=Z~@M^?hT8ZasQD$0r#%8_WCO3cIeQTViIpo?Bwc1VaTB(WJG1+CesBL+XOFz+PVIxY+kSue$ z$$Iszj$!8Pm90SDd!}&8xse6b)_}3!SVC=?s=Lc!)q?(()N#?4N3FNcnC}BG*b_v4 z*Efsx;mV%@ad{fxc!ofN(3KCt_%7C^;@=kj%5pvVtjzE{>QxIjBNb!NbaamVI9Lr) z?HZ6laW!8J)biv_OGB5#{){P>TU`ZS%#qhOZWl2&#=1Q&op7 z*TK)DYGc||nL`xsdplwtXC!ew9{T0CjqPeP3b=3|s?Qc3vMjZ{$#!B+BDfIju*@v{R^DC_y>h0*Rw})w7DZKWQ0v_H zGjmHh@Qc1`_A8tkZDXmTAf$^GFB+S&_U3cC zeQkNw1buXqQ0KRDoRVleoV_8(pn;R@=(1qjTAoPq!GYsoQ_{7KnCJfK+wAXwTunmHKkpzcyH*CrAM?o#UN7KF+7YC<=I+<8l`i%HxRXMo^Nwf zP1FEC7N)4U`D#|`vkBz^N`@yRoHNMJ}L=nbmZ~pQaH;4Mw@tEg#0Rurf)>9%4qDrdV zJ1H_T%qoj^)7&i%Hkv=xZd)`K9#Id3*t!D?UG_FRo!LJCzYa|A4HRBaaD+W9ghItMe&?yeWh5$AFX5OwMUa_U(d+8ElF8%pC*4K4zf z-Q#7M{g18B$WYQPFDG!><0M6$-lgI?z3oyNq7_U($M+s{JO=<|&@9V|J zTXJG7xnwD@xCDr?EB;VAZ&mS8R1y!W#I=Fh`X5T`e@M{&x~X#WuvIFznCO?s;>8qH zr|ZUd6=BW>SAer8V}N&3cQhfulS8<2zh*@5Ww&1(~ zkBB*%3S4i=_00JvnGTUFDiEq)ctP5%_rkpGl}p!=`o8frPpOqHK1uU9EZDVoVVdR7 z&TSS2N|ohji%4~*2Yv_OozN6LQM|as&Z)~omg(fQa>!(p3;dcV>iWEA*}Xk*U3*q9 z-J6+^YEl4;iTD1+D*Z(0d4?d+A$dP^B!jvfLgp24)+Zo_dsbJj7{ZN=5I@slF>Cp`*Y+Y;RfF=EnsV(kdUF&ybd|>bqR|B6>Ae7PO5h&;r|Xl~D!fMj{=MZ^6&KJ>038 zUDKsFNkb*lZu)F=IMEGXhs~W6MS6cf(InOE{o9@aRv4yYq&$8X|m^~e$&@PTR!zC8JH>FGp zA^n6iqlzl`bRn|)Giu9B`i-eg=^~Dj+LvL9)YQYThyim65BB^vo9UA^nptOgzJd(R z%QugA!3i8j%oiob$>Zm{eHz8EVLlRjfF; z@~zh_1oWey@piHUk79fg5(T!K6W50rNBmZ06&0hA2HB*LFOG(~+TEADI z_QIlgleB}3IAa}QHm(_hNOD{pV#xP;Fj?Z#z#1_Px++@2xc)xSTB0!bcl1{8QP9e$ zTblK5c4ocC;-nw9VZ95l>(qN|>GVCSAI2d#-p~)TiWvVc!#-z)Uuw1(Xuu3!@zS#O|1+e zkp=AJ{P7?u5<*TZqa6eA7m`y$PERGusjrnO+Be3Lmjb>N6zTuvZ96M-RA_P#%oR%8+Lg@(j0vqEewmto%vpeCiQIZjn>ePf@r^)7H8?6_ zs3x(5AbZ8^?TE*QOGRsGG%I&)34V%Y>%)CW(Wdu$igbKK>HEB5x}vM9o#^+af7ey} zzkgIz3%!e?WFnpw=Wlwa3R8NMVb;6SAw;D?jUgB741*Z6&zPzR#sQ7#B`r z%ng2^BtFMm8T@oT2AAMiE`*H#DaG*NbQZ)y~gOUJ2iky!_$HT&Q^SoE&IXEWaA zPzwZP>Xp0RrZ7BSoiE#rM0|0Ldb9G12b(fKI3I`mPldi^WX&cKRdTA(Y2Od`jk&Zd z%1k3Nj@cb^jd+G6+ag04YS-;pqvUq%drkZ<-U=P;)2nk~s2vBg*~HL>aqElH{z1_8lE8D~Ns)U{i+C&4LqEtSC(G z1gBPs)dTgB6%zA2wglOURe`nA^zH;Sl~At?{T0PAfJ@;afbp>vtp`4WVbv_H6T_EF4dwv4q1f=5f-@q17t&cM+;uWTSx@s{Ub|AgG4vnB14EJqAvyL8XILW+6 z@xr+bXDdU$UI;w3L1d|%8{&8jF>GbfH3ULhEF!2Ed7#eN{V}81UMufd`wF0!Mf>HF z4hJ2DsP8m1hy|8PeiER5PYfddAz)Y~i-nT*9T-^wIq0n%{8)H3MPByqeQYlyObt1x zBrMW*nx#1Jcy_E~`+XD+ZL{X@Y_mZu=SG#ycM$KHoV*0&9Ov4c9+!o@&~j|GBP4RT z>^bAk)XYq)rdR%otJ1TGbE__)X@`cd9wKBTLkzf&m^HIraV&hL63M|H6@T(5D4}t+ zua9EHtsm&+>YOubhiHa>a{!sYM5Ub&B9^--Op01D$0bUYz(u7!0Z{I&Jtk7r4pe1? z=0By#7ilfxy1>N+5;RJ=&wtQfVz-N-^#Hd6v0mHWYkiOKJ+0E$CH8QGyJ>zPLv+3$ z!QZtptW5q#*0c}2)=Ryn_}mc!IDCxSp$jgjp_bh}Ki z+@%bhC{-6YD{FHml##nZiA#uC4QVmZyO)iZ_bMVS=zOUJ93avWHbX{O-D_SbSJAdE z2xwCMaD|yVnN@R0tQx4urC~xpADR!?ghBITswN1d{i69D*%w?m0iNAWmf5| zSn)dn3P95#?1k&z$hD2xFJ%=kk4v-Pn%^%IX}k_r!*8734zy$>z9!i6C(k26P<>23 z_zS|#2Ht(Sl=@&i^hL+#avHV%z3Kp1a1&>fuxX1>H|2|7o`9>IDyMDyV}*g|?2C3+ zioBm^t0dLH&d2<99NL*)sF6WT6x>8zij8K?xE;;C{7C$AVSZy<3+|fMrb^4|aJkw# z$klS(^$DT|f%?Zt>pp}0^g?*J9wqsu7f?qP6o>Eqc0-lxjESuKuP;xF^CqS1zqzFi zc8Q8OY@(OQ5f>M082sEAf9Kjl)9}qBmVgA zdjuEzfTlgZi3|plPlBBQ!5+lFwISyFOWfsc($a_$OHk1M&`|eD)YOSPVdOQck4jg$l8$Iwfh5yP|ifgyQIkDZa44RI17~zDUSytYovZH1oM59(v_Mp){(<5UVRDC{B4XL; zVykOusdO52h>0?!dYK(3IcM9th zo{ecS|B(02^!v)ArTCKU%lqy}sqZS#PStz`qeklLT$w4A^!9**1^caVqyaal@@)iF z0ix4Dj#db#omI8jS&Ua%nw3Tqmvh`AvaC$4P@ZezqRqN z^fl?^_gbC`50}46-OgI``jsz>)4&p{#JqXYLG5LAAgb{p;>qO^YjpsoZ1ofZr*sf* zj8`$^RjTQ^z`CTMYUyMAyKoA%@Jvci)%xQUH)5-gOsjlT?~JMvB-~kT@EA;Q4^4`D zTNN{W3HLuCXTiUIxOtufEMYcwncBV!J(Gp``lh@AnJaIMVOj<7^S`$i^?ts3Zu?3d zPer&)EGLeYs}63oBYO7fFtu7NE!@6DxAU#JkaepT{*;g?BRV~2Jtn3Nmo}05M2a)D zfV)=Q5ZonlaC8qEHeX5a^ZHaYrQX(|4t@(IPV#r>ZT9_6jPi>U4fbTC#k(^3>xIWr+QQNmcdYXi~zlJclZElZCCsB^Z=~)fk>}Q_0$NL5s=Pj1s z!p|tQ6|=avZs8TGC@xMo*xTC%klT$!%&B(6e6NMgkDz{=<2s?A4?RZb$u}D{GMRWi zDanSO0%F5l)~Ey)jlJnW2}0Xp;@n1%!;y{f59Wr4nB^?QW=ff1qphBSB&##Bis<6?ME=4-7d)I+POeVeShacl z#ZHJ}8jUR;eWGe4+=3AQWH9Gh&@9*Wx#p7jFUK_fH*9@*yjO)N-le41T2lR+_e;J{ z4>k&#e~Qs~Rcuh-!H!uKp|E(0v=kp-if9v2r# zW!@k=QBu%DAIl0a*>|oNZsu$jruaL16=BseFQX_^n2IBJsIO_*6n|Kya4QLFj#(mI zPvH!J6yKDsG<1(N{J~BH=;eCF8@4E7zvRMtfJCOy6{`OQWBv#AywUnDKgabaFj;+{ zy~qTBj!Jo>q8KvXXxMirjQYTi=j!Y~k(ACVlo&dJqBhNsF zXpGi!IU^yU1tTL<%LLoIwFtHIp6YV!8(NJ=h-9OlRal|#Q42DN!vCGb2`0z3#h!4P z7AMOiV~DoGGrs#}lNPoDoxTuSszI0Z;NkPMK5$CY(g=I1MKsQ@ zYmxZm7skl&lS7UDXIO|;Lvs?n*yK2ZjvfzxdtknzQH|5?}m3tLkxHP7-Fyu>oxE6&7PRtT7mE(9-qLvtF zEr(9Ls<hsCLmkqMh^lD?}&C3Md4Ny05PJxcn z{2!m;2+M81Ajd9e91c9w=T0#>;AxX@}Q&i=P!O9`(cxT%F_0i z)4QbIE767qgL9~~q3{N|s*U_t^bu5igWFe>b51n3h_{Ws-H}$BWs6n?gSt)Jo?>Cv3HMchb+WPJZrRvVw-xRvvmYpcdX~%tKb%R8dzi#gx6p2zSTpyS!n~{| z^as;(f8oN~mxx&pd0Kv64$aW}ggbJ^nv2hIDXrUA_-!8yKl09N^pAvkK2dqf>h*S< z=X{bqZ#BL#Wj{No=V)D*2F8|<9fJ)nD(lM^kBQJ=*pV3LbJ@FQHA_wdzR2Hnvn|z> z84LFr@^&c=qc&K07~MX)$opy%M7$t|TiZ#b2MewXRE=KR4>aX_;EXyYr7M-kZFQ;5IlYZ+C~ewnp4aX;}_PNQB&Mc)q|sdz1+;SVO{ z>w^C}@7+PA9SMnUx(e9M*<|`Kx)Q+jdE%V?uUrxgAm}x_@XC4bhGZdR?h@DZCDsl9 zeopHSJuVAnM|n7pd&{6Nf2h~9B||7h_V#A(){%l{jZY zImVX94ET9{EGn&imDMyw{8Gt?*Sq4!Jvsa2ywI-~14pl7`vznRe5VKgdKOmIl=E9} z!F;C-naw-_RA19xzyWc}JIL59IXAZq*UF?p_jFHijwcbbHC@`Nq}$RK=2fG(uD$8Z z@Nj^M^H=22Qx>u%mxS0Lf{fVk4EFUeWP|G6FX*QJl9p{A`KU)Sc;Y3iD5g-mX*g)b0M(6kTlTy+rHOZ&}@u=nDVmnT#VnF=gGdys7KlMBQJC1l` z-@g^>!5jNwdi=o-8h?Fk3>JCI>e~gV5EDO>`>2(P?N__|L}rM2v<6t5X2gcSvH&FN zZ!-;Kbm~Cv^GFly*fs(j=yrD|a=~Lp>ZEVhKz^8+Jq*7rM9-QqQ-oa`o{XPDQnG~l?~|6YxP>m`wnNqb@sH0K!@-iysVt}GU4Y7 zC@B~{E(@7yB1h*jm0HbYTHyE|>zsLFnYO9l0SKL33?@G>tRnJ{e#?pCmiLV=|FuOA zJXpX91EU}N)6(b#0h5HF=Ax>?|F=Q+iogqZ{_C{;{dug!{%?TdJ^}5Knm)75z-Bg> zhWg%s>U;C2f|DZqoG;!|oQKmAir{Y}yHyK1NC$G?%9-kOA|HT)<_Ua?*}sygC77X4S^ z^u+RGX~jpKQKXE?)I9!zj@Tf_HNw!CF9Z2|d4FgV^?f&a_@ZWV1j*5GKvh2L>7tOzZ?LQ{# zA8Y%|Ulm86R(|~Vu--q%-T(XlBEH|WalWWns(){Z_+6_6-p+sf%72@kHNiLhZ1iT>@kQMSdy z*%Y?4&jtSOCH?#7{>Nj3NhbeU+5bA0YzS`Sv9kZX zy5Zm7jc}9T-ajh)?>_RM3-$jWCxJgZU*OZ%m4#z;|Nf}B%^vVJf%3h2H(@l(KO66V zZCxka3gg72{qL`stM_r^b(M}m;NKo0pBXb*2J-_ z(O~YEE=sT=h5G)1;wE0G8Hu3GeO_DWV72{x_hhkJ&n~PP0#(@>&j$;ks@3E}BKL+u zm9&y$V`FszQ41u0YC^#oyvc3MEY+#TltR?g8J_yd>V|=momlg7*Y=_t1%``n%ul5O zcCgwB`4lj3Bj)=|CU#~-0mte5;)7j4fnM{F`^HWKTiwyb@^z7A0V2cL)2yLg$*he8 zI+khqn_-#f=C3?krrC$@rK2ZOy&lKUU9M1VrXDL%KCFEx2{}z>Aipfd-81S&r9I_z zk^w;!aC{ly)UKUNKa9{TX~fg#@_*}oNqeNoB2sEojrrtV2=PEro{$BCriU{u78_AI zSs!wx2o*3yH0^F_0*?IiwGI#JbczN2FHndS*J06lH{{qN&b-`_QO4HKJ7QeBc*=q; z`|DS!;FpcXMy-Czjcjp+sQ_4}GNIhZm_JYAeu?jH)rBIKlS|bRlu+UXiCKqSes*-# zA~>?n2F9fBWP{mS#vbtp79l7y*GvL)5YKQ|TA&yYCTxeflQLh|UXYc3e%=qgOY5wy zG?5Q12IL;bZBhU^ex%7buXj3v7R3@1q?h6u@1+DMg2u`hEiTv2%{kY^qjnBN*E0Bn z0gdu}qMwA#Mx72fxdj!6i+}10scsuILO~?xq-aHUXxvM zDQCpU?2Y@5_91~yZwetLFJ1(_`daPYTtPyU`9NZU0cIR1DJeYkBcWtG68z_TER;p> zQ{&_tQ^yb0D^%@anr4Q{ujbSF9V&Go#w87#Y!(t46)YdD>7ADF(z!i8c^*pARlKef zJ!?z>n@QGJ@Ryp|-nu@@9gy#-efdSN`Ka4xP;cT1Gk=%+&RaX=mL>ue|R z?LXOjr!L4b-)x#l*>Wmp` z3)Bu@&H8EoLJ!p{oY%4CFmcTB!=KHF?;a$ARyb?@<7tW!9Q!^f)8scA_ggM8&v8;Y zcNi`y@pY6pW_8;}xym79tg%gWx58ua)I74^9I;DT5w%V z`c`?HI>})8Ocim^(?>5BLHl!K*s)c=S+^Hznfv-l`^k(Kvxt2h%&IbP5QVKyff@)U zFc+7~ZXy;sFaUu?;hNXTAzc%wHrJDe{_hfvshJt`sel45UK|0wf1CFw8&XujP8m*6 zJH2C?wODxCFjO_-*fYGSQ-R}!^6)s!Fj!1o3|VwHMY)=&#kf{I>6BZ_Ofa&XtF^(U zKuT16rF*i%R+p zi+l^*T7J%6+gK53t?B%paIuH{qoiT@W_gL{_CD=OztI@L$T&Un%_YfvE!BKEFka1P zxj){z*uzEpn%1H{T+(6!N|O?Mx2IptFDuG4rr0lm1zCCr^@th@0dG&$7?31BQ_~~W zGECU+9J@7G@KSj27sp3!fmqnXB+X4)fg@$GIYyDkeVDsWc(qE|o*e0B zecjhqZjG#N@xkBA7F%9;&hdC&1pw0B80Y6O7#DtI&y`Tioo_zyqyUKVz^#{O$m8BI z#sT+petX?C#SG!Jl@$~4$^@AO=5+7p<}?`lr8|P^UQfKo=5R(^WB)|1r4o3^TUxuu zCSlgR`JP#9Fd@|(!kxEFuZ|x9Eq_38|Kl?(s{VMY4hhRmvzOjUN#G~wC^yK*PFf75 z2KB}D!-`ZGCmLK?CVsecfK7Xdz!oT7u({m+U6?mn;)CR}($2Ia$?j>x#dfEBHanBEb*B`1xT%gc~ zisx56p+<>3mz0#0x=a97z(n^h#K30GIQ_9w;bz(8&UA%iCpi0MU7U9<*IH(PU}unn zwWCfE3|gWk&I%7D;|M@Bio_=VU@>U);P*M*ea)d&dU3s*ai?CRYdR$4$&DL#Zr@H& zWRrZ~_KftlB#C@`=f37{dF#x#3uE#xG=XLG&lxhljI+__z%NhDPgB$chDEiOU;xn( z&2pe8-%c7=ftufy8^Ra?p^Yu0ofD<^YTb!borE zhepXzmH8nk4l~l%dVOVztW!`~ypVtV(}jA9brwrK#lZ5X0|kA^ZTwP(4@5$Drs(P~ zKTNbp(twjR4uoQI%ujRHH@bUZxJyJiJ!abu7YsvEN-zMTahI$X6C99fVR>jb%7mi7 zQ>`2by%aPzR8RZBvWXU3(D&_EDM+qcwO=iGxiKdV<16&AHrEv>rr?EOQ-}w{I$9r$ zqYdXKPIjUXR}V&sL9YbFg+zYXQrrmlTx+LyEY_f;o4bZp`YzZCq*mq2-QB#G;Zmq$ zPqxrvW!UI26>2WQNWkX3rg{~656+$2)72x1p2uv@a|sToyU3T&%K=XsHd5@^zEDoX zdPI1(+`#C}7@D1(HDqgDic)Kq4QC75{hHfY7XesIF_2fVjbB32#~ZiHF}Cm!H=XEc zPb=lU+3cwh?sBU#mdaCh%JKTxFgwyXHSKA--tUKVVfN73N>lbJ2foSy?z)HMyL=_di-538ndT`MY@e9kk?vA_mEXKX>J&e* zp>s~LwisilKS$iNqwb#I6yny*-70R;ND!7;%^UsbT?WSRa#93)np}SYZ}zqK%n;7P zj5fV`@yLO>5E;K9G93qN6f&DUzr0Qn*ca`I2jA6sMDdy0>omaGR4aIYF{K0fm3=~Z zaD5v$#gLhmm*rvJ$(hnMU%gw@i_kJ42rc)T3-{sByXE9^->sL&uwGB}rW&kas`u5~ zadbEN&F3w)S!#Y2^FnkpPOab1Un&t2!$jRr%Sabo8>e^dh|Qz7XwIghOB53D%@^|n zR*&mW9z=2z6#FbhsF)XvU{u@1-OTC0(!~VpX$WOxA%YG#68@B@&wPE$)1>Ft(9kUi z6-Bt<7@#)@-DJ^n;Z-mY`ewuJQmCQTWeza;>rwiau+ykePiiXkYd=tFM-<|+Cv}{H z6|3JqM6c?euiCrM8Ehdl!4uj4x_Z?Xc5L~cM=Csr(=qBYl3(d@LZM8CS+MRbI{f|)d52+FUtyi zB$3$+r;fiMS=X#%Wu`7i4x0C7fkwHz zt~2IO4ID`=;V`dj`b$3ZBy0dbatL>2_TC&FWnR9#A0h%U_zmby$(9OKnTf3E_T96* zW6hQcp_?9xXQz3s@06ffu1|5Y8P1{K66v$A19KBAaQ&oCzj~7eY&pdL*lsKMu@Bl! zXX9s^(g(I>zLE09#$??Zo9-c3)XvmKMjae{mzt{mwC_=k%`~?`lqhrg*{1o=ua2a(p*4D1U}VcwfGgV$9q6R5a`1U) zgGpC-G_`GMOh*`3({AXX|Gk=5_H(u0FjNxVgmKJ@L{RS1CQ)aokmc>Wgl`h2L%dOl zRCbMLt2CFbJvSMHZdjhyNfA>ZFhkSuRA*CAE&3M&&UZJlCu&Zew*YwImm<>Td*0Ps z>D!7u<&y?%Q$LLjOySSQ?Do+4af@RGp(8{SA+^Fx$!Qo)r#lx{=PO{Y!HQN3vSf`b8G-s3GMw;~^SE4mow-nT&*loKS~fny61|@61>7 z(g*|a$_tT;(zJe)grb5(g1K32KlQrdePD}WemXxAFY#?L!ECLl%B$Qck<5I5DeaWo ze>y$&GW+*(+0EK1<8J+Gu>ZX6YcVA0C%Be~3`DwuQWpgD3i zW10{!jQ8w^2{X$gv7=4-);yc~e*KU9kBP4WDuntbi!|HJXXzTAO&^mX{aQ+PqlPL< zT&|@BF=;mO>5E{4PYVn|DsIj1{Z%zW+x%H*pG+~&_N^BJ!nwaht8xlMj3KqQCc&b< zemDk4IpgZxgjUM|Q^}8~n~r;Qp3noF`LFcx5M1f?{^ zyCPTTxRw3Idm~{G=l~%7VK^g>*GXpXba1$ulpH|0PdCMxz^_7McAU56af?AeQJ z$?Q>u6%O6l;LX^of$F5b&0|^yx>jD6zr`8oI3j4P4xBNr>5MfsA-lG2H6- z9gc=g%<89*+8xKQ&BQp4raI@H6Gkoc{fIFAG&5=V)}|n)v^&%T)`-};w=yku#a0^I zFWd#vbiL3IA+P<0Tj&HL!;CU>tI?59&v(fRlr|Hc@$pfGs0mj#Qzn+9?v)RFCXz5$ zTq87X_Qv_g#h-a0dj}K|Pn#Z?AcauK%?7~t5m-bU%>yqiJ6D3G5i(`dVV@kwO}%mh zT_b;pZB$Kg#}oGBZt?b9-49dx%Kb%I4;ZoqEZgMNRHbNzOIx6|95AO9xz*tphPB8& zZ|LJdo-fKRQ00*23~zX6O>zw5I#-W+M&#@)!e+YITu}^_7br#YqcHlhW%`u( z3H#FA$NTWjH8CkE(x1m<0mIS&H;u=%Q3%{&x>kzd+Xfr*eqn~+$D%EznRi4y=3k#N z27Hhr+4+cnAjX2`#~`zeKNmIi#XSoyIC?`ra=*n&lwJMnnnKze(H9=wY(GIAC0{)G z9LEM_wzE>IZGcYk4?kGAyXtE8dFu;a1+K1y(@#ciOr1vaJEKGUy)!(&j5ViQE%Itn zXjVH+eAEDwwh~j^--bmtC-EklHqzQhIGlzfkY}_#DLAPu6LnblXWqnA=xBFe`W}qe zt=v|tTy>W04!RE4PX!|BXH`ZKy+DSj=iH-j|8(Sk+jyT;5fF0zQ=BcvcRiy?aN%$_ zWTR{ZL}ZXCcjLG%mpmww)I_MBrsX)PlouJ5X(e`MQyA$KDOBW$*LR2v5WIp>dlpwvzvXh$H}Uua$~lVSQF> z)xVjD7&Gc)Xeg}Md?m!__+D{%cWn4M7#QCc@FA1#MDegg$XYag`q{Mck5#~)ySxV| zKiBd4O+r~rk1#O-L6&9nw0kSt?$m86#oliO_@kRQ1FtlfuYp`=AAp4X1BoA$4y9> zAMu~FI?^`6v z#LRy;4yfO!hNnSN<+0y{KZkZ=FDxJ%4B~YIfUfb4}8p)K*d{%R18@C*6brm!OprH zEb^`>W23%@_93yp3gKSgLupzE-+%zguqXFm4+|7io&=jkvjnIq4$RfdF_18aXIc3^ zuPZO~Vg>CgQGj@=t>@n;AC$;*uTH0IASzm3A8!m1cbAAPmb@eulj(cAF<6^@A`%4X zNOn(%HLy6WzP6j2CD?TOOr3M&QHf@`i$cVHgl;B7 z+dc$I>+Pic+)Kd|F$5U2%<^-%w6)+btUOK*Ohc$rB}&+?5QORTdC4B;n-=B{US&Fe z5dq0p8_JweU)Vy+e5Oa2-cbw8MYAccJ?!`v?&3Sx=kIwRO z#qU;gJ`0j>;-8&l+!j7sJm9J+$L2qc>3tj+mn42Bri|a{N^vv13i7?iR2t&p<6-r1 z{Q@>Mp|T&E<%6UW=a@K2folI^+t1(HbAxrfqqgFUUGdn;uuSDwU=-(WXiV`)4Qqd( z)c;CfnH)_1k|$#XV>FXSIyyI1K~qoJqr+1DAl||F4i|&K9=;O87%?PC^uVH4;$e{^ z_N=v?JqkLjOl`Svr24c6do6a>7VdS$&X{}en~0MYkO|vZLzu9q`WKxu^p^i4BXgxD zp*a!Ys&zrYB90u>8O-3kzoM3L%+^CqeUc9<_gbSl9wuK6I5y5@PK|0wF%eZF!1H^t zSB*_&Cnaa$A-^=HrM&QRYBU>6{Uo9UcWY#`0XUawgJBwS#R@ZmN%z?f=1!Vf2ypj6 z{T1XtDoQUj;(fO-k^{s>Q>bfRz2;*3B1ie@BMR*WfOW-E%J})imk6pt!D&t>cm#H~ zu9=!WoQzh=7IbaiJUK}1x^=_fIA|PSXr=vDujgj3D=h(`n%O5N0n}V}*=EDFbI9#r zGMglMUg$diS_Eloqkxj&53f)3>pKI&!H-c$CIcktw2@+zx8EB=UqL*}xQtqFq-=T8 z!&uRNYLi|JoSlQTEJRN_Xw|u!3?GnvaQkS9ery=X!u?*gmw?UJTzjJ2i{`jy^LabP z-QufHBUaC7E>9FSSTn!zJZV@q^S&Hs?|r^`Vn^pqf8NVp0hG9tP0u;h%&RQR5lj($Lr?WqIq8rGC(h3>E?97?-? zQi@$P+TNOP)r6bsg)jt~z!BUalL=9n4pXa9REYn7=Jm4{vd^Kfo6FoHoHi(p-1ZIZO!v*O|l94~p=lpL=Se zT2F86DJHQpwNJ9Cb(H6w0F2oawS!KL^q%z}RK_awdcF<)^zA(_D?xCa4vz(emr8Um zBEX}!Lbs-$Oqzx)btx|D88SMvS@G2rdPsTAhWY~XF1>o*Fx0q^`fBAkMk@OiQ|icP z9!yG=`M}*x)vp|vUp@fOU=PjQ4v)elB%TA;`+e@g$b1?7zb~JHh^)p1MG_7>Hu=-P z#HH}xejkJj>HN)f+z6~+g{hBPf0mV zSG&WJ?PIwuRoU#r_z^Oxbyl=48uQxcCvhW#C)O0E5ii3;jhd`}j!C0K>Sg)$Iv!k$ zslsk}lsDdEqJ&>JUxw<`c^EjA^Cb!p)wLWwTM3sZE$H|**D(5!dqzb&EEhsev!M2a zk(kYWGVl$N78PUQGEo)xQolkq`#znW(*>G{BPa`rr#e81y7?`nu>Yvj19=UOM; zdwZfH8fOM}bL`4qFa>+u3B+2asB@^dZyuEKOi@b+8@##72}R<39E{QA!9ZKTlmUwnqJqS}vOD)MlbbwI-?C!l_Bae^ajZIgZFGqw3UXh z+?4XwI_JuAaokL-Es)yQ^6N^!lr~aOQ4t(!&%$?FOcMM}8|vd999w~u!ik*)qp`1adr{5 z(KH9cVE}~KZf%K=1Q^L37`CEO2Q6{V?{=FvFT5`!VmK+NQ3hP5;w-3B`26z;Z{J04 z)0i6}T;d8TbeXhf9an;fo2li1B!uv6jOCk-l4uO=a39*sP;5fC0;VNSQ)B0y1z!e& z*uq2O)ThU4reAZxlKigw##I9=jIxX`8#Xi7hiJ_iLHEuK?{-JhB$bB!3TvaPXf;3i zreTQ5d@%XW%O}E&duL!wMN)Aa$vu!bbOs8DpWXL<^M(;m%du9&K{$r|28#x|cqO*& zaIr2V2>zfy`e6@O91m%)3fbN_(i2q|VT$v0)+B<+2TxvvbNkK!T6a{|i!*y?+K2cO zL+HlaDe&qM;dPmh(tDL9GuhL35niOpYe8c(t`!8PZ>QpN76tI4rz5z;uE*Vt332S# zm4{DeI&*@;!1lM7>ju~j%5>MR?T*5i!|C;fz51P0vrQzEco9(Z1vu_i6p~D%?n`L) zGWKGSgaXJGtl`1oCbdVjtjR=yLiWSJAAO9S?LiM$M;_6lUDk7v+5aDVUl|qGx^0;d zBY1!WhXBD72=0*J1a}A)+}%9{cL)&N2~Oc!1q63@cP*gs!mD@Q>we?*z30A@(SQ5> zV+<(ReBaW!=9>FOyI}a9+id0L)Vg@!#{iUDEPR$~JH=5#X|BT0?Ca?l8NQ!uES`3H z>?=^S5s%gzUi$tOIm8$8TAq!GXHn%kPLV&!@*a?_+knj^j0#g+EgjArv@8aAv?q@W z8a7_ft!60A*7fP=#WGKox|K*ALlzGARnaaXuNp+1KfR%2ODGM!wcQ52n?|?@;N7(+ zF*tOi%JGa*ML37{3k%U#!gV|n1=2Ld1Qp$(Y?fXMewI<7|8pZ+%G>jwYa`$~s zN}01*X3i5n5lwS&iu3cL&|xw3#rlRhhnc<0{SeBo8e)~>FsQMFgTY&#KFXRak56S) zvad*mQ)XfT_kxt6rbyg7vkCq^eQO9cDyk^kj<>KuE*Av&vgh6b^VFlh ztkzV_0-P&yEqFfECRJMy-YhxIOEs!qnF8;1QL55p?>@&6EJ)w|(*B&Su1kCqKC`&5 z3Q@Nu>!26X>PDF!fzNQXnx#<3IGwLAFj#(#bv(YYR=jp0%e&r(E+tww8T5>Yh-49; z#XRgeYmgd1XkZd$=Vo$?_KmO~{WCJpXcgC}YF>m?V$qEugb8sC zWn%SNLc)Ot3f9WGaYTRDe)ABSNRm|kY!rS*50w-l*8;kc$#ij|!7DEssT*=`EfVcveukwCh;fS-<(~ouvVTlL4wsQMs?i#gEF_?@}Kqh7gc5pGNWSaSEBIgX*>Nxo#hJ`t)>lJIPghGM_B7a_c-EZjN z740!g@pi)1Ta$sCMW#>5vQ9%Xdt&N^4$C{_qn!&wGIu*}15ct7IS+YhkZUp7R&d`b#YAS_?#))#cXyTsITuw)0ot=cLApqP;yaHk+Tw7wvh0m$jUBUSyCT^ zIH_dE7=0)tQ9QVP>7$`yigd?FyOy4QCm zKhoLkD!Ho{$y=9&72Eo-vKyTGVYvM$k7AN~OtaNsIMSjvc;3e6IPqrP?j=3ygPWl(J_;}1?3bYq(>_ZD6;)8Fh<$rB1ddvt$S(yCB6_M%Lc(8bIG?F}WV zog&zazdfwMVT+m&+wCvMq3<4lw|F={b_ZGxiK}noA;y=^HSg?5$0M{_?kxVq?WCDb zKz?vJZvb9X)nlQ)C2R>R{Pdmq>h6_P`AvyG+^<-dQ^UP2yr)J=)5wTNL~x?zbj2<2 z?(0q4;)%vNgVFB0N8q5zYF2y5CW}QYOO^e>)A30{)OzhnJ*pJ-7CQ$lVNJJ)QadRY zCM53^;M!@5MdZf$4RVz$?@rAhuGu7GC+M8MEv14w+67 zAa1EFa)q8Bm}E^o)dwzepgI2tC220!AWI(a zw*SRe^j3{bnioSrR??YPll$;&UZ-T;Ggy@t8mrm(Lb#w={ygeQwhf|bDO1eow7VJ zV8~6p-GrQQbo^QsCw^5s?Nx5ri(R!JWh9n`g29zpp@9EQ{c4c@K82${F(I5HwfjL! z`sugTZMt^>jZ8UWkr#4))o4PgYGEqHs-5xq-$%DMaD?U1ua|VKg_CGIS~Gm^3HI+@ z0x?3a)4#ME)Somlz(^Lrz<3U&Shk#$BK1~p_NsDQXA@A^DHy z|5arc9(D*>WTxBQo}G#(-o0JGbCz8H7$G$j3+=k(#h8{EdRnj9;lPufxx)ua1-4lq zUZhIUvG0Vy2Zf4XdmUdq{HR1%NZND(h!iZAU29XxWX%0kQK!!Fr5yHt&!@JQ8F-^< ztf0}_n=0Bbg9UDJ3&2EIw zgc>gUpoJQ!!at@T%LXA3DK?2)x*XS}Wbh)9ezywRbQ6Y~T!}S^2gSdNe54eXZiq z$yAiXmfCT6DcxPg^eEFK(9?1tI{aa}y)=UZ^lI@DM`L~?Fc8#1Y~-_r3p9s0h6^@N zho?ezG>08duL)r1&V$g7rl<}JCJXg7k@U~bD!s)nYQ}u7c@dJ`UMYtrpPzmUxqrGd zLXZ6e>SFPA>kTJ#=Xz$eyFxI6mBl}rcycxP*Lm}peIXh2`G>1!iH3cVJI|Xzm&1v` z9@->lVPrg>4|p-t!TIT~^hZmZjEzy~yD>dj`p4OwpijW;y&>o7i^!XW1pr93#^5Uu zRVHzv5PqSXC#ygkutCZI@H6umREls3KNduB>iYB(J`mvpv70Z@vN=jPq7xWcE_^}P zDcyeHl`sWFYUT8>`P5m5He;68F+z)UJ1@lyN83zwZd9Z0TZYJ5OqMm(U9&8yQRWfb z9etIX{W4BO_9B&C^!J;+Z}KZ0dlhq{MAC6S*O`&H3fkRGfRy^f5pLgjWuOXOA7#&6 zAXA)Ezw$oUNL<#{SmZRl8LI9=dsb&o;FwkZX6U_9@5R;5{f~T{(i$O$9$|lx)sIu4 zkV6LA6|%o#9Y#|l1&mL~H6Mua#?(~FQUn}WZIj`#s}VdleO4dq*rkxp$8bWq{0j#Y z)#Vr1qRDao>xbjLp}Y0raY{kc$pXRyMb&fcgG%^3&8Pk&KyME`WZ!#K5RIXBc3{XT zSem2Y`c))*abb=G0Ssk=I>pJxX3h>BE z;2*N6aFxj3RbQlQ;&8P~62ZsJC22H-qPu!Xa4^DG=+K4f2a+SnXg+2;J&!K-lQV!G z2xogh$7z_*1^9VIy!U^6Y>kM*tP(6h;7p7Q4!HtM8ap@7dZ)mvVm! zb-UV4YismYe@MWHTgTky6{C1wjK?yyc?^|34r7tAsS-TwV+|3pa1dRN)VphCCjDrC zD%%^j%|mR;h`mOO$s}tiy%82p%z{JU%9WGcwC}L6y%TOC#)}aI$k*Cc?j1^0DqKIrr2CE=N~!%_4F)n?Ur!o(9lPh1GCf?~ zCV8a@8aVW2PVZ0A<7bex2SPj84przHs$@@+&iiHoEVXmXG28xt}nlKIUJODt#oh;2%SUr{XXn!SVgrwo6Tk}z; z3BxeSv%0=(*ma>2rJhVA-(GMz*zI)dnVwD?T8jM66B=OL(i8ViZ7S_^jxY9>1b{Rd zwg-mWq95{+bo<=*UbbXjDTEzc}COXA;#3FS)p%) z-zNfZIDFWvzO;5MEua>}!+ znzIXhaUXD(R%Xt-nWpJCvm>Qe@?6MES$a*f4Mxdv*TbNjOk=~vK69+QNcc6}`<|ZF z^Grl(;eN*HEGr@csw8+VaCf0rF_<$1b6YiV2xk9mOUiTzDG0i9n?qvlK0F$f7P#>) z;yziq{`m3$;Iv%hp!X5ne3eO4SB( z>BMiK9M&uV%8xRpxK=#$%z!#Y(V6qk$%GhZ$)sPctPcL`I&Quo>l(IDt1!|HWUw!Q zs6^H4v{;{9$6K?VbK`+}w1nCN%o2m#aJv&_4n954+d*81<)2O8sOMJcrx7+@97D>q zx^t;ZH4(GG4AAQ7z`>$0C#H=vqy`J}@) zU11=#sTGJ;Y;}p6AFNs*i&y%vod^12v%WngX-dZ2c=q5F=4J3yv$Mv~2HGo3fyv7f z9TKm6)p-%y*8p@JMlq@SP1VZP@KF(q$ET?zEpOsYe3F|G3sq$~={ahG_jL6>*Df|h z%}lw5YTi1Z=+}o2UB?#T0Mih28S0)VF6d&kvT3v%T62-6DcFa#x{295eE8l$1y)u% z-v-dg>d=w9PVaIXd=s)398(iuAd&U8q@{+8-Nu^(t7ebg&!>a_vmE})$G^toZ*Ih4 zAv8>^%E`6M_s*p}<2)}C!hw)pc7O%~pJ_x1g3h9LLU zXDSzlx5!{{SC=Z_KRx(RrcoR?Yf%;s+p9(&b7ph7&{8VX35-caV>bNtzMtL?P74+< z$7z;`2_F5j@3ic>{%*W(+3W%q9nNz?niYk!3@l?fbcf*3Bt60$c%NOWVBjhrXrJ+g-x1LZ_OmHpn?4;sNnU{<)8YolhHzMl zmE0aJVs2gHu%JCLTA%=hl^(YWULc4ki(okPOOuD)WMc^a2J^|i0`fGk!`Y8LvAWc9 z%m5>cg@<(Fke_Rwuxy(?_+aOx<>KE7}Dr(tvq?VAXQ;6B)<+9Xng zl`;^^!SXWvlZVNzV7Jp&0+=uIFMGq`pE2iM0g2Z1u)&Y&^HG2M$_DOvXNp`>&ZUZdv=7<_n`pEvD0-?k%h%629Q-Ul1& zDFvuRuW{3yTw#t691MHoH`XUG`$HHy`uq@Zw;$v$Ch~^ahZD(4DYU`QYi^J9%Ejx!szOM!kbe-0Fuih77iL(&pFlj{P-`6im1$s;l5L zIj5m%!RvIDwFJyKD51$SXvGII-7|w@z)W8b!4;s~nXn4062%;mU+WMYOwQ}eYz_p` zwP<4eCnEMA`tDJR1Yr7Y#>k~6GUs$jp}yVhsb6An9e8_6*JK>@el>@tbFM` z`f;!XM%Trwk5;)rl_>SASosrTzSZw&IGnVqg=kaeU;obMa}n%y;&eNUHy_AtKvk<+ zsS-b)&YkgrjPaxJbumSY)KEdr;EgZ+D84J4IG>*|N~v z2Vw!VRF=TxBPfMMbbQu_9ev^A9UKOhr7_l+gztTqRlMnr@OQA+_a52+I`d$VY`k0n zM~UU)cA!!)!gk994ZHh&87sRow>Gzy~ zDpzw${ZT?Yh7Fm!(dC~C9j*NUynrg z)i>^1bz=n)3%Ks~3fgw&_29gyOOZblmX+NI z*VI9S@RyYHLcC&%tq!PRM)AdA-cj{dDru$8oIqfcXx%j0rrpfMZJ3+f4g-1Iu#zR} z)`0~t`n9g#SeU-v{JdXdqW*JU6b{)d>WoL6%K6K@%}dyibnh&a%MBloIyG53`F{SC znR;LIc}t6x&hp-RH8cZtvH1ss(iorHU7>=NfgBsGeF!4><)AEU45kUgWs10Dv|LMI zPy+Ygpc7)dD*+XmKkiIa3v=IDi&=06Nv={-72ySV_sMB*ol^D!1$fA*EY-RFwAETK zA-|!9?|kS>P(JLF#%6L@ocAJ=*8=2zSAF`8?Rok*hxxvcU%|3r-}Mp2bL>Vkx%xH9 z)A>qvg`bVn6B)RZv+<+}{CdrmOT_vxU}}DM;2wb8@Xqh;G0*j__`uoY;jg%`W!Y3K zj9nL-RJ-ra%b4|7o&Ip&xhB1Uh#0D@bBr@J zxd)a7g57Bl(57i+?)>5AIf*R9hGtIAwMw&y9tnu(7SyoOJk82dd8r1sqh(%qxk@S( zrU%A`#!k{M%kE_v*2_QLF)x>6lQYm(s#VqaE{#>&Lm3bznvYX`mOE6!d%56|2v*(u zGYiv|Jbi@s$#}@&N5mp*T1C+9>QE6;(Z)(b{=LsDMQ!*DSx(oH{N`-K;xaf@PFV}%|NnX0^6)xHx8t%)jYq4-$5BIk$!QsD$ z_X?Ea^Cm3Uu${?bwUlWcw|0Sy7?^uY8X{7f4K%|y9R*_DxWe;$|G=A!eme2zrSn<> z7}7aazmk-njxLbXOl&2lxgG?3a1nC5hM0BHst(GXxghho42juB6YTJXy4+o#8()^c zcn>aIa6Z3m|hPj1c()SQyM=THs=*P9dqy3av_v{$yn(;i^Qf^s~{D`?^(?vD4Xd zmw6e-c!_ur-hR_+(2G%rn+4Y46f>oK8m&5+6pkd!lGTm`-Ed`2jZbF|SXZPD=!h#$ z`xY=C;<8sf<0-sAkVy^Xv2&-_{z#6Paagd+-9^3LHcOWnzv*%~>pJ!$`d<>9PQHK0 zO4cq5L&U#{0?lN%Hh&ym&lg9$|1O@;UuC`NT|fDd-LL*&j{9CWn2&m*L}zrO9DGnc zK0=@kaffTPsJlG)5RVXbo92@||5F+bwqZNFqFZ~N%C6?=6ESH&m8u;H8E|`zlkOi2em)FB(IW0q)WqESi&VmCkn=c7ZzF2Mo2| zjmz2&Ue!6nHS0<@L%kmw|2AZh|Dk z;#fB2F_(lXk;Ah;Fp z$>VCx>n)lflQ1zB;b2R4#s~4Z*_*!oa%d*>Fbb5KZ~rwY_boyG-FCkh`Q|+2b9|Lx ze4M@fZREu{(G({-;RL3zv`pR76M?&p(~`zq;(xPe{v`RsC=$O1HKs3;#0QyO8ahEf*jCT{+*Hd`K2NQjW(?JhdlKvNEk9}fb ze}9I1ihNUH;dntj?_)&Y$D6Y5^*}+R=qClM-OIAfnusOiyn*|7;#E2g#yJgpt97NC z#s)vi`gBUxiM7ArmEK;{7|8UC-J~r4DB}RQA~wKc(H0{QP9XY!q69O{kLACL)#K4A zb|}w*zt7Hl_a!jdaM&za{$SKF|1mSH>vQ+APy*%OoI6%e+<(NU8_sb;v$vL`uiL2* zm%FIrGYr~)thMsM7Y!-k;a@LZ|D_JW2`T`=pY(rX!TfhO^e+-1(xZs)56PMDrRKCy z|J}dxPZuD6guL=1d!>|{^`G?*{|aCEU5;&N0(vDI^FNLB|Kc+L%iRCr)4t!t0RfV4 zbz1}YfA~<*Hh@Ayj7`FikUu?M6jI=@P?nNe4gT=3J~UH(B^PPd{!IP!A0G9;`;yib zuv1!Bi=ps86(73#0Z7waIh!Tn|J5$hKV8Ic8^~M%BF+C?#vfS8|I1~3P%uE*obP33 z{zDUa@EGOQLp~wgl5^wQKQ(nvnamwve>bI!rf1`?dY6BRe!m@tmg{loJ@}yP8>^-< z%715q|7bEFnyKY?h6jCCu_<(!m}C9^@;CqE2mbR1aEXxuP=}P0=>E_oA0S<&{kCGS zfTTYa9?N|2+ln8&<4_9t!-v{%`5jW=FO9wb^qi4IfRKVzJtO_{4~*saDMT;-4k^oO ziC2FdQm}r9lo5Sal|QtX58gCDNb%Oy+j{ngmq`2JcS!jVHmLl^A?1HA%u9|uBbb|lTZdnAW=>_pzC;Etb&>iog>N zCJ9VO{Zkpv?B_iX^e5-ejqkbyb5ObZIewE&B0@v|H0nbr%dOkRsw_8?kC1*!#j}B5 zGFgYdq|*<@Wi-4;my$3P1G2)vj{KjNbeEXOCAB)QRY4kfT7_qaRD+~HojC(gL>a?h zi1>@D(g9CLA;SHKnesK}b6_2d_1jF9C4o|<$nlCfu;<1cfQpA95a3xH%ttKcy+bG* zd|Mtm@bJ%)mb2vVgC_}Ww-v);`AYk_y5JmnwZVUe%B0TVX#{yk&q(=J9LK0KM);AI_-Xp`$u>9kl$j^ZY_Xegvw^O`iZinq>#5}~a&A(0`{9)w?{7K`1WE?c-j-ZUE;x0O6vhS3pz27W?oiQS> zHpu`7R`0D4lw-??A~xV5_I)Aps(|*-8eQMC;9rjr9&KFhK{I-E%kdGHJFMfSQu&?+ zSia;U`{v!L{m4RNC%=rDsZxc$Y||XUS`f*Ch+9@-(-3Sb>CtTPp+Sq=sd1IneC-zj z(NJ7w@IkF67bi9^neVML;=t3N;KkqEx`gzHrx+~XdO~{eDO&JF_8SRDQ%lrCooM8e zUe%Up7__{XK|%tf_$E~uCz0~I2ek7;2UrI-6LbmFVdf#u2T|{dIIYnFwTo5XvFcxX zfah>gCR|VF@6TMewo6WiAPT5J@OnsS>aeU0kq=4V@CuGe{;fLKM*2w*@f7zv8Y11mub^B(!L~3tOQj^4O5t*bXh)p2e^MRr)S9(`5Pii{{ z+ZnOBV>9sM9f2Ne@PsCyQKAv8MWwKa>6;K{y0qE;e!S17Lom)}M2;~0X6y4E?ddpdRR_6sS zR+k~Is%7t+ades96-0{ zgX1XWNdp9mVL;0a#C9{&tjsxke&@U^vHb&f28@INkdxh2b~8o~_Q@lK$H_c}S_VU+ zQNTRMLowT=!fc%S$O{3xc0n7csx9Tr_QlrH^8F zNAK%yB0`aXa+!_2QPR@o=q599UiNZPc}^9-O>LPf zDpYdDH7U7MaR|fD93oCN5SsY zV){_tVV4RoN5rd@U*eF7VY~pzh2c$FJf&qbUddyd+%r6NG{*J>^9AB+z||jDY))WRQPQ= z=?bl55n%9L%;0RzZl_~HyQyUb8loCbLi^X_&O*90rU+%UoUh_5v>!hub6K)W;odL5 zurn$&?!j6wDlTIO3__-j(a`YZNEkEm$2-hV>gg(5N2`po z)h|omDk=sc509tyywhET)h)P#lQ^v0+p>CpnT*JAJ`EJFcnNCWYFuehXio1gYauim z;(=0TGVj?VmEv?EcH433vA|Lh;lQyWg- z3TGY0fYOgHHAkh9i&&?p6v)N`B4Vqd3?SLdA$c5vuY88E148zTI+MSZcm6? z&u0bHX;2BC1edAbu-GhlI(SCuNCE;$YGBCZeISuF%Upa~QV%Uf%nSdyo%@)W0S(ow zcATAO`LStZSxtX!=}pg zn*)Z$VVV7aGf0MQTZrT`K@k(?3+<=_Yi~kcj#}>Rzs;!6ksa%@-l2q6TanDt-Y-VI z@KV$}sB}45IAy{Q=sPl+ESlUZVI6+%5^7;`Sz5Pbx#W4u?$CWumrRKv__lyC;5w-` z-P!3T+ZIi6N%CUJ!{+o%NiGrAa>H}Pm`O4wo9=o-ciMe%Ny=y=PP{#+YZ}4&1OMQ{ zW-fO$5?{!5FhAX$x{uNirK4Q4&S1Swx@WzMCc~4kHeR8FeOiYMl)?~g;dOvCJ>;Mp z*d)j&Mb)UZMr}V@*1R$Mk(}#IqwIQDgkLpc7zh^E`F3Uq9qyxFuk1FX1g`6^&c=to zdAi|n*BkZM^PJ#TxSuB%+_p}o^bQL~MfEwnos42qg!FN}VZB;ukNT!>H^G`kf~a7* z9PQSxviAfnUMA=`i>B&pS@OCZ;?_lSE;&}AGnc=apC({8uXek?B3C$Pr#U|mVyhS8 zUr*4)#AhLvs9Ug#zX{>{NV^e&v$#ws%tKY@nZT%>JYp*j7omuH&57Pfg^V6&iIJQE zZaKftf6D%Uv;b0T%$;ntRQQV-J^dGM9CvJ$k3vcdT&frtv>T-@?Q9v#aGD>6qv|Tv z+lm$BItp@D__@v!s$E&o8@nt!-D^p^gZH&%*IWglCP@d6oeDp*R0|#5nXtXtaX$5u-zQg z+00x=^1@K~xryC2UKk%yVy3hOuo6qMSx@ww?btz_W_=>Ac5>v9s4fTV7R=KS+TyP_1IuoC&Ig~T?%X9Ez~|Jjjb?U6b7V3En%b{mjzA&Eb&h|LVw<#YuXJr z%ZH;vC49kp?N5~&9e3X|ajXW7s6#F}9o(1ivwQ=Ji*Kd~j%jbZ3-d3~VM>!gS(eP5 zYc-$Qh-RtZWWHeA?zE*$gwfF(MCN5F%p~I6)t|T)&U*dK`bs-(X5B15%^cKl-S;(N zN_dI-9^MkH_VT#5bf+N{J?MC7-X_pF1W=p_fS+9T`;}{ZNX4tbHCe)wb zbn_m=jgwf6zPVIh^IXM^XNOCYdS8B2g18e<78a?{@6@U~DoBJI_*^eZr|`H15q&h3H}FZv4e5~jHdZ=t-pYQbiPIk(2PK`n+ACi-Xvqdzh)@8EnAr2?fmCh=zPq)4(;stGK7GBTUd{*h;lLI` zS$PC@hR-YJwGjGpnz>S+!AZ3MG0M+Tti$+N0?&$=(pj#1B0SIR&Up4TEJiZDXMW-? z;%Pg6j0=ihZ5KrDXO)u9xVONnY@Lh=3fHtD0QP}sTL5w4Eudz1Qu($XG~c8rVzjkp zI91Z~xsYh_(X@_(%9qDk4g^op_~5C(Vnc?;=^9oU$`~q2$SR*=0Lpjk6EkFA1~0?vIea|0aJ!Amr8D%i7;on6l;C)Vw{9OA3IjJ} z1a#9DRTinhpF=_FF7 zjZbHt^B`-lA*YcWc7N6D2B?MUi|uTvwfk z>F}SLb)Z#{gP`sb+ma{r;JwAkMz0?L%%46{kMho~!F zO$;Ji?_AMMLrV4^jg?_H$N=aH^oupi=)oyWEteCA8^eiJr!&}U%+v$>^&n|;0yqfiIQF*z2&aAXJ?iKlJR}I)bT#RCeL2j(ePqk3Wpr96VT8o8xpmA%A-<>El5Zct6Y4u5* z(SUq3?Q5n%PXn6md!CLE+^(U^)|ck_jY^F4a^NvI(5|TwJC$e@8&5Q}NxzA0Dp8A8 zr_-V}fYV}KdP*K|Flongvs6Y3ptWQ!bA0Z>oi*6HP-2^NyRxiUHMLt@rF=RO{VsQ;DY%Vh+60*4Noty)T_2KJ{E}SGh#Abc*{m7had-nc+2Q~&{?M&5F zB^|fWd<%a;=54;G?e3jh{vdabY_1D(w-o%IPptYC@6%s^5M_HRy$XHMu1H9q$^}N% zbg3p@9)oI$sgC<`Kz;e6xw{)cmp28+Bg3$9R{K{hH5HIroPPv8cT<^3LL=v}40le0 zf#-)&{BRGOO}Cv`LfEaXd;1+w^8Idn}-2{vPsUFohM3 zV!?@?`aL$#+YuYUDh#_=_B7KUc`D3AIrhSspVIVpDNy@9l(z1Q)@-iOle+*Z)9u>Q zci>Z4E#TjUQ(Gl=KdI1>x$WNsj2&K9Ei{4FxZCyX!JAs?Z9xRz5?bTctMQ6)X5+Sw z@N&_Ry_mlpaAT2YmcMFvZpFMns2F~^Q&rx6IMt(Xl2BWUi4s(BgzqaJ{GNtdp;pTf zezmsj9Yz-+aCcBgr6<;4Z`59m%@SC@`QzhOvIU3*z;(1U7YI)$)mAYa4%P&KoIa3Z z(`-!0X^uO2(ZUn+q60u(4G5>oEa+7w_W4&^2*W@)#b`P}N{Z9L zsX_bb94fW%bXTd(PQsf{CFNZOK3wPLe5--o5X3&+7oQW4Xh`$<85%!On4g+z#A$8W z3`b&DG(}&`nML=CnGEPl2s6%HyzB)sPcW2dQnHrUXI?NS`i(cxNuMY95XOTHg!6me z_l0yR)LNeLiWmVxgDxuAq(tnNiB!7F9-pkQx>yohUav7zI)6pQV+`*L^%56*dH99~ zG3nqiCfOuYrbF|189k@l)2J)rhI^&&u)|K`cul=7e)PLcQ@y2~< z;;9K27<#bw5K6N43HnmVjr-*?vc3ss*y@&Q*Io~Fy41?MhMXUllu}6;S@#8p!`9nr z@wWB1Wqb;*kJuFi%^P7&ED0HgVIq|pD6>ql( zQ*3aPsZ?)AFzNdTV#O@y_fuh2aw-n(=+j2|=JMiCF)N^#z&b<IK`wC1LQrveqRVIEok)q8o0UN%49kpW ziw^1q)nEz`X0$~@1U>!T)-usiy;yG#P}h6C#4Bb&*Cv@{1_1f+4i)R=VC-Yh}5&a3BD#UTRA8C*3 zXtLn2nln6X*uF1t-{tB>*CohRE>nF+9EcXR;sKHvWL{-nu;HePipKey>7)Fw=RG%m zkPlojdhN4#T6(y96buU5ZZWo`RLX)cZLl@8X_)#`*tuVyfpod5P=9aU=5-%;KT*m3 z(z4c9ydIZ|(qKDSGaVG#Ka|EB0Pd`bg~-f1x8@6X4?WkOFVkqECKgiSEhiyI2?L-Q z5n%k|+<~US)i6IC7{!% zLcz4()`lla#!^4qKFq)nC)xbYyYD){JbLWBL7TvK#NpkeylGt@*7|ha-5CQ)_zxlV0x}wwr}d{G@SypP zR{v}Ly$Q1|$SIS3=kq8)a6YUrf%7XWBV;C=ke$cXqz4%~)(?^}&3!TXJ|K4CWRi8e zAAowkh(!{=#GeD&NBV>OOp=e7znpWBUrl zX%&saaA(EG@ODL@qC}aA7tpmnaGr1jd|Wz3l^~^+6+I&Bp^nD^yYHA5Xc3q`(14-0 zj^hnV;!1VaB&_rF+by^HxiMh--rutV>xQem*QGui*)1M$YvXz+JI2i|w{2ZhS?;Sh z<0Ts7nM0SyID<`aQD--o%DY44V{~%oj&mGsrG4uLqv$&kXSmPNs<>E&;aI;?U*CM! zakmp^`w|(cs?W?}^)yY=g7f@fZ>aO`t>Vv5NxU$~V&Koi3}y8T9f6TE zFR(DIXU80O?Hwo7$vk)Ta^xsRwO)EtgY9$BCr3*?qRJc5tT$9Bl6pRD7vw~S(_6cZ z_$t7EhSQw&g7zCs+#F#1E>E7SfFi;b4bftzziT#o-J~05RKO!(g)41gjFLQ-ZaiEz zU#b)Qa^oG;Ukm3c015-yWYe9ue|iRyBg(Hj+$nN51;^!FFG(x%b#pbamrd+TbG@tpz6HbL8@i&rBL zFSO#0ymYW`8DYqBj-1shMUFTdmkR_p|19~AeX-!XopJ;7dC&GOS_s-;lEE=Ye%Rlz zol4Rem4Nq+$fj|Yc>dsWg>`33Qz+{3qi5*`pQ}w*Iq&4g9Jb%R4=Z(fB02tu@Q!AB z;80X{e{%c`HqEIyN#?!taJoGGxC_I#&l_6!E2f% zPd-b?yS8B~xwy@QujtE72=0v6^_i?P?v@kOxny^m(_t$?$K4J~mBKPEPsIAN&tk|R z3Vq1&-a64;T;P0S-3}(9mOj7UO9Pke+Xg^p$-*0mC%}MVFg|R!8LDUYF=#LLJn78` z0-d5n*cYZP43my7+w$?r3oPQTV= zi{04L(l>@Ks+8+7l~`zasO{^+nz9OlGrwt9z!^hd5;^Z%9W<3`yNJ5n?T2dPnzbeP zFeat&x(oqgO=k`nM__3wmR?qxgTWNebA1B+EK<~&t9p=3DAsC+@%H1`gU)K&*?6PN+8EQ&Rp{Z14rvF&Xa(Wqm#XSZS`O#&c?j~ml7>r; za~99??<7s^!8*`Vl}awDmod%#E3M**S;9=rpBqSBlE3`OZclSrFs`POTrf)s?+?^5 zm*rdKsyh(9Z2$oiAWFO?8(-|}T|=25e~>}_4!wC12t{-fl@Ba)6HS_QJ>X-Z6cZQ?)L8S=s4L<;LS(<5a-a%#g^h| zgK3a<+V{~4)e2EnwKdtzPe0VemfSpwOJ&wdc&Lvi`);3+)^pB1r6Fyh&U%Kr0;Aye(Sj=rg~C*L4vVrvUHD_*H;D>JrI&cj3HfWWs8{ zabUdrGa*!Pi}3GQE}7^^SwbQO3z=UOJx4Nd$skDnQL?K-h)MbX#ol|yHQ6rfqpyes z5JjY@2nbT7OBWDO6p-FQy3!#O={=Dq3Ib9>@4bZ@dXrA*y@yEegbo3coX54-I(zT` z+2^eHcRug0{K8Y_nR{mLYp%KOuiu7dF5p$J2Bs5G#o+Q~7Dekm({qE%Y6t+yuGOHx z!u*5h)D6DB3}lKj$Le`a!TiR)SZG3Pi5?m_?eM$GkDRbPO&pv$WPT*zA}NTRB|+gN zRlVcrXh>4*)D(Z-el_7V)nS?6F*+$G6M-B2fwPAvymZXmv{4!w5Z^NB|e?tVO@{f{$RXj)p8P63kv6)b?lkabMNJO@62zBO0f>Wks}kfqQQMv~oA>CW4dRd*XTtvY?sb`R zHjtxZuq~y~e&gR=^k4BhpTbX1Cy*@IOa1Hl-X(oMFKg-oTu>%Q!UWdT&GE*zvNN|T zR$%n{|0@#u-_iPfQNL_EzQWY}r`IZGanPz++?7IUA_-5^sQBiSR}SuZV)hL=eMc1# z^vvF&^4EWhr~LCVt#6<2zJM!zt?tfeJ{y5Z@~#`Yc!n}nfu#Qggb9M1)c>}5^sgVl z0Sy0kDcQ({wcY&Yba|GpTS97X`?TYO+;N$x_y6Nb>;J=EEFDXBem=%yXhE%;?tO`H z`R)wxyVBP3(jY=(%KTvoo@*uCr*3xlGdp~~-~D&%=wBxEBPQRNuZvD_4xiC)EH@41 z;QrTF`X8R)U;p&a5A&M#!Rz~(;gWQ6!T%2D_}9hKnXgeW=pFw4yF8x1{6ty4FutRO zyo$Q}H{IdOYXySmQt*{l%73$;`oEuvkxkX2on zzyF)WJplo~N0#vmtLQ0I*W>E$=g2&n`a4eS{T&ij}9{+mXbU&Z}+yR`&^`3mBLzIasMY3eBjFJQt=P_)k9Hem%Z@6=9Z zt$^>@^3e0QF~7IdZ>te}d-r#z+Ir;Ew|_u*D~CoWZp86*YyhV{MYCWN1nb@COa8IY z;NHZ4{p*AOA8!2r@LkP>U!^Trd+1YexcZ1|*Q5SBWA40$xhaz_d-H7dLvmoizgE`U zHU8eqeR($)jBgaINx?80)%JIXXZ|7(R7p1-$oon7|4q>Qudt6_4B!gyiHIHkrYiu44NCwE z+y+k*DfKt4^B18y`Rn_P%+DMDO)>eO%U|^pc&dD?!#m=?8_UVw%l#$&Ehc^c@A9|5 zyx#p2+fG~Vv;A8P_g`-H^iOP4_iv;5dkY^}RaGj$Q_bRKvdR9QA3Xi*e?Q3oevrT6 zUjMs7{x@X(XT1Ec5&gga^?yUw|K^bY?h*fEZS?;usc$5Y(l5;N`T;$(F~tgqsB-G7 zPQ?Vi864%k?6P*BQ#1Q-GqOC8@&9ikEp zh+)Aoh)pYIvN6T68Jv48xR+jth z^PgAQivP zA{wSLCzO5hA7$9(-AFTB^XqfT zRTgCPa_PH24{(VKi@e;rU+Z8)Z#O=UOHd!3J4N_N!o1j)2gt1C0BbVeD*>!O%b0$8 zj0>g)}o#>HVvW?N~2XV8`49X=NNWCekpJX5z6NKK&TN z7x$Sj?)Qs@pBc9!kJj6--;PNEtT%H%5B#RlUXk`iknGJ{Y)=<&5C|$hEhxh@Z`-ECLcA05`Zr$55{CO>@Uov6g z%$fbWnRg%doTXGe$WFtsgxdZ!LJn$@@bCEy;@Mi@VYKZ*Cza!!(dV=26eB++;}ZKR z?9{9!6{e|1xMO0u%BzeCGVU-Xn-X8zeS(x=qZrr2-ltavk{k6*eS5^Df*@p3PPSs1 zZt-%FcL!KK0|H};8W9Kw{s9}G#$V!lx@XJg+EX??z#4pgLZn)wji(7@+ixr1H!2ux zZ?aaPv=m&%oX(9{oX%MC1FltK!MAma{4?EP?0ZtRxzMDKT+3);GQhG-kcxUu#r~X+ zfL`%(7wZ_1PkuT?J+PBd7fRHHuk#zb&GH9$EObZEJAkn#I{fR&&Rz75hJX3loHfxH z3aS0dvnuzJ+?K~lE$D#2eG>}>sT;!?Sqav;k3d{~%nB+muSHW7=zzb~Fo&vCaj#su z5!0NauTFxsjdIJL!&pXOgH2A*xUH40hqIYBk?T!4Prq>HQ&4R4+-*63mU<`??b>yu zGXUz<6WpX3)AfIi^5oP}A7_Xcu#O4^Uu@>_Oo6@$GhcIk*{$2EATE|;94$yI>XN^1 z%aki_`?-bjS){1ZXgwC`uIYYk_JwH&&qZI$th&dWUUA1@ z7hOyQeN9@NGDI)i>4B;J!a zuh9k9t@e`&-w~!2b5q<$!1SJyp@lKc+6>ktmzs-aD$}wYOwH=&DX%;$Mmh>{xWl-X z@xZnh=2;ZRu`fr-fA+sw4nJ7#uHz%SCk&`~iI`uUV{Hr~9-l55D;g*lE+vix5lD8se`m2z( zKq76UgFJ7f%a~GJ4L$XRR+_#q+GiKJU5f9!^KjZMXg!;OHU4DEn8&r6&THeob4PmX zAbvO_F5Y!YSIl+V>)>ID@`*LK=2vFCQORz%m1B+$atbZD(~dcVZs&`F$7Sgg?&0}+ zn@kRvsVXNqsrdQ(U%ag|(xpCFx!kMLT&{puWhb@#b8oSQ{`{74^;J8*I}#}iTJ%sp;7S~yF7Or8ee*4@VL+= zE~&))(O6J9Rf3O?ge`OU))*EYtzzqak%2kLOY6@Jp*k5bIsmnNuMva5cHgZn_5Mi&YCg zKj8(RF}61w1%r4j8Xun%XT(0k?_MPTw1iNt_{J?%>ESAhgtS+rr1!?Y-z_=;Sz6y> z@5VObz9brlTJE^15M-XM<{d$v3PP!bx8!7Ow_%Nk@)n(x_(hfn>i}hq$$_%&Y`FcN z81wBW+w=WxwZNYDP1-=b=S;HN9y@n?Va+ENn)yi|&9Q>P0Da$*mPHxr6@W+kqR9)E z#(#dz_a0wq<6)sU80ZHjkqU1>#~fO~*nuOS#*I{zI~r*bDNW^um1OJa?Y#8g0(t9p zOqZLcq`~n>r)^l|lo-0Ul7W&T^UiFv`jy2MVHm};tCcWx-sT3Ra?xAC7q{SzPFRkh zH(?D=qqLhq5?Q@H|KE0qyjha&DzKP>y?KcI1(YZ_|UW9PH zVhVke=cy{iER%TL+4nykl)3(&SMw13b&KgTjvaXf4f5#`U~GGS1BrXR!J{KqgZJiR zc#OHRYG-Zhb^Q+!#`6W`>bj+ZdCDWmvw2Xs_#R>9P_wUMc}u8XAN?jm`E^@%n9%Gv z7U?#(JM*mYb&vW4OnxiQ7`(crJyEL16*(jqxgI9G@WTB=>vUFxgaz&rg|B+VV(jBJ znePhH$8fLJ(Q`h(J5fn~Gx)@f*U^&n5`sS~@H{T>9$>)Uia(h|4L4rQg1)O+GtbF$ zlspt4BV;dmL7>20ZbtF?fgK6Ye6cRQ`0wm3LQR%-@Xwq3pVHVt1k9@UDCyZnN{Gjb zn`7Jo)6=*W#g<-~&xChBaW)uN?o(HqR})%#S6jkz4c6}qG->;FEmKUZk@ns1{a}x+ z^*nQ+nN#w*<*~^Z^Ue5ORyPovuLM`lmN$sAP@)Fc^#d~?YrJ3Hbe7icHr!s+5m*V) z8C4_UYSd_m?~@a0<#^LG6siGz5_JVq3)1mdO)Hg+pc~Y$n{AlT(dUxyVlOHtPZ1uK zn-=Ccagf0_s&~&&U3#ONP&;MI+#=AY6h4U5D z9l@E8IlSt^C54ptqMX(5RXh#j6-E}YZch&T9TN%Za?FB|{GBj_tWeqm( znl!z($#&_|X}3ho0i=6N<#KHaBi|}HQzHvxs?Xs;M?NqQanBjx5hVaeh&?~R{PMfr ze^<;l%`=o_RW_G|24PJ@BKc6W?uYxY<9RXC9VVA=rJs*kI4M=E$jcI0lAvqL;h;Ky zOgBAP0FOoCGq0rw+5tvLt2>=78Yr$DT&hHrr;w{+4=~imwewT;r=Qujv=jK_DyF$= z1WK>!Fl+ZMGJ+BbZ5M}r1I>eY{% z%;o;fM}$^*tV9M3OzJyO8d7_WE?f@TkTgAcyFTHT!PwEq(-Orm;?Q_t5o#GBd5|qK za+(lb{Ruk3gNAoX=P4`cXF!XZ#D0H~u*iXG3jp$jFZ#F|iXpBI5?+tuo-(oh)_f2i zGaMn2ix7<)Ee9q{6YQ#IdN~`1rQF(lLJZ;i#?E8klEQTQA9+mQUkjgeuyc=HnPulW z8NCbCSybPpunp&gPKk)$7elTZcWsQR1UjuEBMfTxkcs32c-ZaQ>XAVP&pg!UTGxcV zOO$If##nqT_VJ=Y)IFLm9edAifc;@-9w&CW^H8^O*ZUXFenf4mgkR)_1zRo3asB=J zIxs&8G%_T-5wN*jyNJ>AB5VcKqWyIA;NnMVN=S3ta2ds{S{I9Qe@lHW7ln!>_D7PB zg6XJ=h4EcUpP%}$WR3+A?%LrW6>Cf3k`hVUX@_H0A!O_UpO(ohG_ojpve?_@ddY~_ z3CV<-@8u=(ANqfPF({wXXE4GohK@O}2d>zE=i%r0vBWscFOHJN(I@6N)Lz~mC-F1c z)+Uk;uhdpEv(DpU4V!v?F9x7aniBh8-Fp&8V> z9!|nGN)kEW0#3)S_Kr&j=o1}8KX@ML+5Nr})qKgMywZVn}GTAlxRT;WoA;@PTZJdd4?0zFMd`Y1n4<_CTF z#Y->Pnt!7YU%l?H?`LJsn5y-~4L^1WrLcE-4AG|q@iK|9PC2GDuX5_>1|ru(aAq6aJwv93GQBRxxRxLGS#fjTB=(POHWnjdB&0Tg9n6zpbPCICf)UxBkc@JPQ0(i?F&QJ|409P!g)&gscMTP`j#oU5PPoXw7B|2mqVS^Es|?Oj|G=WrP5K3+{sEOi2?p zAm(s3ZmxlRTvpXB(om@EZ;SMxv~wJ=XSYxc?GqPeguj5rF@I@L&BOLXSuPs4_-$p;t}gX7y= z_vQ_5ZFr66NA$;|y5eu_oSSm%clqdLcCaMFrz#jIjQn`6DTL}?*rp?t~9DM7n*-WFUza#nR4imxgGZ#P1SAt1z@lsWlTlVcMu2G)BO=qGo96}G1+|f zXE(^*_OkT~uuvyUmX^oG5bUQW_AB9v5yPJWVP(xL--`rGy__ScjRAg% z>3m~nn0>AtI`g*wgA+?iBjw%Hts8aOq6l%TZhTO*cvavVl&Y^YI{RnbIQ}PPWWe1m zkbRA**GUS~I2sc91>S5dLdCug>l{)(z60{ z`P()0+-=aSw~H0MZ{!Cy4I6@D+%I>UbjEoO&#uaKN>2uCieNU`!qm;I}(lc`gMa;#nYWuSrP6F zp2F_N(c<^SJs>8h0=$g}EJ+Q(ToSF>UC}a!%ocTI|Z$OMsG|_ z^X+b5S9(qFd>lEl{RfP4M&!gL+@GW{nJ=IlHLLE0aG%Ws!$FlpB13{Z8EFH;bK{f3 z*9QRc3EOb-Q;##N^ZlZ%3t6AghGNYA3C)7i1ueiY2tAvTa)zQ^Nb+!4##d<5WtwOvTAsUzY7`v zIOiakU4QORG8nogNpw~-XRi-p+<~l>G$d*ZHv^S~#e|m5Nh^t{kPT9gEb!(&XHG`6 zis%SCOY`OyD^aF^NFk-uLWQwh;#D%z##|U#IQWGHuY$4TVM*=Am9*@Fb@Sw$tWa#=dDs#2MR*IKRgSWJv_QdY|4r zy9MLwIdA@YHSg8;ZKKH!N*Y#BQey|64px8Sq{me|SJDtK;d>f3Tc69SgfFc+^|Ifo z?b<4unSib*E~`8oEyQZluO5#nm)k9}e;VFs6pstLEhQ!vIqVid>Mgz7pO@xK$0lXA zg|f__%LyzWkx3FgyhZPlE;3zx%`xu+50Jg9^;IP(A!etu&iBNq&~X~i^ZzPD2OA0X z?@H6lr1LRkEG||n9T3=xpDn|N(SEm1Lb-3zI>sa0K9_EYhH|nH8?4Cj`l5l7;+eYt z^o$;dCVe(p5NT5#`d?ZAE7eiT_&P2rsBcLS-!_KuX{Zh_HR!V(dEc zqVmF~DCmtyDFZ>G$G&n)SQ+@_46C-Bo+LZJaq)5Xlu0gCxA-dmv1ysq>~QvBR5h*W z+5Ax!@5E}H;cTIS_n;*9xKh_QELUP%U4hG*GB`=+p|@n`6YJ2B44sQI$DFU#T|SO@ z-7auWzcdhS?GXL~+6`;7i^_B~X_Xq@Ib6vCH@#OPb9v9a(an@>-Q5_gB3A?~4YJrt z6(O)T9;=y1y}vhOnI?GaY#YskRO9;z)wZ|4CF#+EI4n4e(ZVgaPaQdyf3&ZG*^Ml> z_^!^e-PZ*zf$iC-Lsb_UUk$BFZUaIh^fWiZ&T2AmX{acRotV{Z$j2SA^cR^Wv@6Zg z<(%ZfSJ^>1Q5a}uu|;GMyTi#+qD6}TxV9I$>+uG<-@XC8$Z~6$vM?&AwbvraVMP9O zl3=oyjM8cw<;~Il?+pM+x`tzVD2zqCeI2a}%V|1W7*Y}lJad&m*wE9u9+%q_Xc7FZ z9c#LNK}SJ4xil17H~9Au_5NdE4McGOLL+#Va5O~}xq*VzJWCK?by9v=)rl%ZQUtcAN$6ff-?km1T% zyk1nAx(uNRjl@UN;Jj2tBDihdG?rs|FNoS$fc$H3vDLga`5So#Vf~<7Ce~=}hTUdM zrgBy&3)RhuKMMBJ&`38vtJJoT20R$ zBWLX+MtIb$GAZE;VYG9Ng+nL>Z%*mv(Pk3JD)ZAKe($|H?_=@_k&M2nbvF3b*8}<5 z#_rThxVryOdZ@3`o^9PkwM-HJ+c?czK|{;yj`+@TlFk+3RBi|i!AQCk9rJWW*0tgE zb~uDuoMij0?)bEK8di_(O%JL_+fTmt%NBii3gOM9vxPz}e@>L;iF`P4` z=u-qaS+=XX%mnedY9yoG2XraIdR;GiR75iNw{1asZ!Gw^+WQpDZ7q7G`q?RbYESMs0EH%!Bwiwu@O zxx(ZOPUe{7zKKDJ!sNztLA9V?s++<~w2{vyGvqO?Ii^)CtbEeY($1Ytnh|<1?0f#{=%okJb&`nQTw-e4 zzD2?}%kdCk&zs-8`$`~$$5v$-i|l#8D){DgFR9-2vpg^D!)PDn2jJOLvpVxQyH(f+ zj9OLK$4_D-+BCE5W2Z8+ZdUE2!r%NQFE&g^Jg-(Zf6XeO7nDMCm%t%)+||u_T`hpD?Ge_lf4Be44u+&LnHX>THB}HXDDMDLC9$JXeC;O?^7_p@$_eP)8#N> zHzQ`V(P~z58}9OsrSQIFXO_~#eroqCU0zH`cc-f>k zXBum4uWN~D)2~zwU}5$HG#Vz%-zIJ(cEqZ#wYcTLwa@wjqhr$VZc6_8GaAChIo#vp znSZ0mOZ@?@!t{6Ngpkp{G*Y@0c5L8Ib!u4>6-B&BT(&#q-S$9%qU~7pM01k)hgRM> z0BgBhOtwRXD(*V>7UW6GMY}$PSydzTiZ)Jj>s&TeYlvli1lS5iWhNPf=6p1c_QcTA zpE}*TX=~gMTu8OK{)CVO_T0OpHdtR6Rn=iKXpS6DM{Akls?G1QpT4gh>P$3dd>dYb zHTyuK!p0MV(CO9r4f7{7`;I6jpCUdK;8wt#925?qN{6mR`p0up*#d*u76|4z0buUG zL?c|aP6t`uo$8$gh>Vq+%>|gls6!B?L+*gQR8v-j$Ryk8Rzk6)ZJoJ8<&q?BvAWyi zpffIIl~_EQ?;UsOE3XpDyG{+Wl!qYQzL#6FU@N8iG|J~|Hlx6+D?8z?AnR%F8Oz1n z;%C#y9r#$d8%J1)@~1NZT0{F>yXM|$WuvCL~wPJ8)^n_8idIR1(xl3D2N^A^O0CtPeVFdvdR0n@ju%h7er zfy9?KU(CJ&WYyL(g6SNatGqsyOH&JSl$_r?o2$c~vh=ZZ)4Q8wKlKdNirE{li#}@k zhE2(HO#A`;OG#NOG-cO8qsZM{`y?mMSO}=g}fyP6c#_O=zA8uk(UO})kW%sZ_Lk-LQ?RjMnX>rFHu@=hmP`K;frn$F;`W@@t>dl z;8=8&cJKuZIC5!GvpmlfR|+xitry4HCtQi|{{pLBvTc*n*bn!yiO7juOwQRm`&zOM z4LDGywaIC8o-ACV#ctTpqp9?d-J%=V-}2~^I6e065sgu-rFR`KFF{74Lb+cJ*%`Xe z*|`Ifg)V3hP{EEv-|=|C9Km?XG`^56RPAxdW|nrIPb+G=+yOCPYjCnt+tj^Zsx z!TZDK^5*aLJ2r(&n->)M2Ocg)UJW*w$6*_GlYA}V!>{*tf&T4e-_;SIKG&DF2Ir&j zeDBB@s;KV2PpnX3#nu;Fd%;}R%g!N-Wkjfizr1=;Gt3a@+K`=0#UWX^_K>q*rCCVe zm^wAjF4&Azb@}PZ37zkbV*}}t<9B&Ga8Uh1IYP6}<-FNsD6{|#R8BdlClV#&ztdJ8 zw|8QvqR0bBjTDw2>r#(<^fsipFO2B2Bu>~@0!Vx5oa08*$cNEOgsY}5G+N74*FyiZ z-wmYH59c8<)QN(ij?2=|=z)Du66dv2_-IIVi)ZMFe@}}0%s>#dVumeG2q7x!YWvuI z>y0)hA{6e28*`Y!?=?xiecnFYL=|#pvIRmHOF|zEVR`38cdw|kcGam6=*?RVv=%~u zc+&8WIM^DM#Cmjcr+B26UdC@-`#EOVIN$GT9TZsw&8f@~y01Xd9-uZmjd zLQF8LNrL6Ghebf6Y~fXgc=waaq)_hqX{*c7VMK95;6cL&XKZJ!$)Q%iH<7*`0Xe5f z=q>d|U{WbT;nJV4+ijIHE=h3mL(_ylTzw40V?$tjUN!ZujhgMvNj2497jzzF8edg| z&jusit6sFTF~4xVy~^~v{<57{d_^jVAeZQC-t}g%nAV%oLS^F{OVFHulaz%_WeJP9bgnM)}L0om^frYV_ zyLD0OwMq4GdNPm+3+hxxO?i7zV(Io1LB^C|tdYGkNcrP6>IOsyOKVSruk z7(O?|B!X?`so-ezeGDH}e?XpOR~@7w1Z^wWVhXESc}^ooG1n~)`_(L2mOYv!8orDMDtbH`j)QMpLt@>Kj~$llMl zcZF`9ia)K7-TcJXak5|n(z$7-^xj-;)jT7J$_Zz*vCtTzYxjc(t;Tektyl3d?W@T} zzVCH9iDq@WP&s|Ju{Q<-gmB-et^_9_ttrEs0((Ps0;fHe!;(3jwC3zRSUVZ2q!%zj zr1g{MH4j<+j&Qf0JY;)w=i#tqUWG9)n!(nb=y6F@TJ|ex=Wx#HEQF1r$trG5!A2o zjW0w+MZeo*%X>DndL!4HPI-Ynu*=2?%s54l4YZGf;QMbBN8)Wh89eI~kfn1~e8{Cua(t20+>HgX z+?mNqbW0^v7_JIVXyIC(o%A8;3H|2|Q0I1%lsP!(dC}_6AgZW!d5mkNb;eDVe5A(S zJ1gcW6rEI&iD1G5cUHXtKRHJT3yByfa{I5kAXY^aiQZZmhaw{JJ}>9Otc#>n2x{^HaoUuBV5 zGaqZz7f&K9*D*C&A@?#k<1oq9;mzX6;H`dUwl~i`ja2iGGUALV0P=>OGRK1u#MS}~Mha?(2rI?PR(T$0&g(^CN+fOG-i(u7Xk=&-f zfG)6a|Ck#}k1c`LUMKB|*;z7omlnTqXLeE1NhhS6v+ZqqDnz`Zioc;Y%(FonW! zNaV8E%Be!ctzq=|+%zRBuvpsX!2D=yepn^;2nZ^Z0Atbg<%}DmlNzq-zrP6Q(<1N? zDUW`^gBTD-H*&>1ZA`mC6)#DSV{2r=G+r(Svq*~?vYv2(rJZnt=m*#Gz`J2< zZRJWY*AP)EL^t7u;y?K5RL;YFa7&972HqetVj4ZWXsG}e@QRrofOMg!k))_j?% zz((f5{B0vwe8#$))}W!3uMh<#)W~tl_+_*I``I6JxpUU7kXw91@=P{B)_5U4JG`=0 zg_h&pvz~D&KA-i6eD0@c2r*LZZoSig^Te^^cfR6#-gKa3d+=yw7j-LyqH}V0vCljN zMRKLN-WR3kqsZikdX$&;_=YzgdoS|{(sUpbBh1D?R|ZMjNRW*Dh$*gAcBkUfs;-*O zCeu;U{h?yXb*2Uqu}d}f7AvuWtS>Zu;v)BACAq&PjDVR^Kk2dV-{sn}_P&E2$I0J=Q92L_ws*~Ypfh{4^y4aj*0k)!5N39G*m&}2KnN*7oCp{1($MB!GR)`PK|_~5^qu%} z<-sU+C}p{GZYphf1>MGsohyNzF>z^n&Q&i;FlkjEcMQ38%eo@AZsoZK+@c*RG%o7= zG&e)!fR?}>!CU7YdN z(dJVCX969sRhh1PlhGjYE+C(3Tfg_F5VxCDJ_$V?Mil^UDsvN>-rGw z5w-?!2wCHD%1yfyfri_lQh$o;WWpK%l?e!=US)O?Z*Y{k>KK^A z*R=`^ybCm(4~VO>n&^q9a7StP1^~Gkw1Xp@@X&Q-jDTJGi8V@#1XmGjjKwuZM}4rm z){2^P1e(>tdN)dTpWcY`sK|8w|q1 zc~_jZzX&3yKKttwaW+O*eKU;^U$7eGl-u9JI`*qP)pY4WS2n5$cKwVBNM2l>{{!onfsaOeDeVnhxcoo$?`T z5nHAM{6nvB6`g8rglO;`ih$=dsq&_DL*i(EtHun+ZUA35KSi~a>N;RavzqH-t`EWG zyXp*@alRkGA+WjjGoZ@BhjUNVsHlI84$j#n7C|rI({=AJ4G1UBMHp?DqB(0lAd70z zF6>hm(I;_I27>0iLD>&l$o2`njz7Fmzj+rX>d|=<6K&GszFpD~E(SHHa*$Sv8ulbp*_|7+Hat~}Rt0CO23)i5>9yw547d;bsXz`i%BY*g`Y<}i zf-1jvE4JxGvTo}bS>r7nzJfxzgoK}=>-!Qcp!6*RUmp`DERNZf{9zGVHg>)$yLhC% zZ>V@@v)xAQj;_!C9&v-+7kv2aGB_j1tJdx{cl`$Wx^%!Wpw&I*&9jm3v$z%TtL&4` zno@o*7U)x2)w{^;Jy|6+=nMu_0UEJibZ)DUYA#HDa85}sIClL?A(j0^a7>XuAwt65 zC<8kFJ2=vM!mQSY*+;wIGruQ?2!2%jQ3QcG-cDedF{{=o$rFS&Wgw@fK_*6KTn{%? z9y}ON-MN61; zgsCC7+q1=mq>zOYVd&*#??rR9NoP`@Q6BY0mk{LalsfEtCm_ zA%%X9jkhTQ_*?Q=PEgZN!IrvF`pM7`v9zP!&xgxFdyaULRbG^Y##F-605rT)nziRy&b5nFGZ9c8npz<2)Wp5g*R?tmhX?~kmZs6@6dSkij zo~&`XAA1QL=8#hvS|%Q|neRBw zTOP&DtUOM`Xl-W@1d_+~L1rGL9^SxQ0Q{S&#xvZdS_rjawx^@Ci}Tj^u1NL5GkvAb zv`dg(O>EzQ84T(vZ0@x9Ku32~5|}AQrF#SV$S^5(18hac(yW1FytCRMrJ0$apn)!r=>zn}s<$nZz@;hyAv-tok zY*!g$m*VO@)6|PTeM2m&4d8r4FbkknK*o2*E?x2V-mb%51DdWux~rMnx}wK?y?cDbfm#SIwZ2r$+~fNAonr$Rtno#~N+f!nQuQnVxPKJmz} zI||p=;JDG{Y_L@?{sTW{3?}7q?tR==u@Ar)(w_t{%Z9Vn3zs}A@mgOsdc+PfuvG~g zt~@UKF&PMzo{z^m(j8g&#sT^Xdol%z#4^Wzc=foZdH;%JZw6EHJg^{lH?v6M~l0BqRDrnV3&Xs(?q*}b?j{a zihh1p*X69&&u=xnxOUKuvsQlDEElPYhBB7|0YpsRKTdcVeIvOX_f99^-j5VTBQ$)4D%a_4E;8BJbe!6#qkZGObddDKjsgjRi%r-YwgzB=rA zvv#9spJ6O<=+$L$B{@R`Uqj6icS8a|-tRoV({EJ$jj3H)mgBX`h>-cWI@h17zv&Zo zh?WP)K5Oatr=f~jPg!;lTv2mvUAj@ss3{URs==^oSoElg zW2$xw;4uni5WT}U`*h!;^B4xe3X~@x_p%17#-XF}ebmLaLs#+gu?(8A&I$4p%{#Ls zn##Tib+KNVg71?uJ`s|q-wv>w>UsIeuHIAWwlI4it|wD-{bqMd%5OTG9lO)A=S7Vg?&B6#Z~Vq#8n|hF>@2KZ z`GC(U(ZE_^Q`1zmbbeTyUJ2aJo4%lBC!A%7@wsyBj#t5*$uZsYoGLLh1jy@(<%d~% z4+FHKN~^=6{)o5t#FsdKrheoCZ$xr9ZvJva?bEWk^e5RHc7<)2^R_bRD;p(D z>TpfpL3%F5(=%W+#`SJZ6b5loq7I!<@0F@t%b8zH2DnQ-RlniB9g~xAC=Qrl+c<3! zKPq-kPIy4{%gFOYtMW~$MVLw&K#xVZK;7%K=Qsbh!eFiIGP34ZFPe&(Z^0uQ zA^ICUhswu(ZznZVf;-?@Q3)9wy=@#SMd7uA@s~rdi{# zk_VEmOO->d!8N^Z21JazU+T5qoyt77Qt&c@dGiH8CbX1#dF2DD7um-t)xmZ@D%A5wEanY7(rC*u&EJ#|sf@mN05!gu_(|&MWqHBpBk^dP(1=_w?qZkw8Bod8Rs8?;DsIyIzdrrVsH!9f`A zcT^f5`s;jkD$prnln9l_Ir!w{hKr^mr=ndeb5UJljO0vnc{1m#KNK?ZyP_|4^FOatiXKvzFZ<{Mnw{DBznt;D?n$4M;6j@UJxh$g*Uwlat!OR8RD>1BoCh%&;S2zpOKjK2)uks9 z?tNUR26))#FKGvlE z0|d8=aaWNzfg{WfrCrk;o;BfZ=qh_5g$ZlwjbaN6tFuz_<_wxv-&(}d?!0rf>05;F zy1oJ=D`!WSB4ra}1Y`BVx|Q=4eQTub(rpS#(Tsrk&`64uF8TwswmlxFnk!0?xJ40RmqOJU@@%wY=*Rs#G-|}#I z#Qzt2Zyi?UwzUs$5tNXU6s4u4yIVjSNoncsmJ*}{0i_!R>F#DJDcxPt-My%9u6@qg z?|c2;!}h(tf4;cRe~ZPlo-v;}$1~=bW8C8&TC2(tGcRb1pUrx8I+xkk0!4CgAI#Yg za67sn72_m?Mdd6oeTUW5YOE=1^fkUqRB)fD;(1L0Wg=w9a19ZC;^dABufZw*!n z)K989ZWOUZ>inN8W3}X_Z*!W?ITY4Ei$ip;&znOSS7tbGLKvGIr;#Yy_#-Q&NbiLw zrP{taJcB}Rq8+CTN}3M`uh&v+G?1`n5#=gg$Zm}5=3ITNQ#jF4?0Dnu3o6`7UlT<) zJ@*8v6*OoxZ`S2M!0jy(jNEu-hAZNOwjo&QWtnpJ6R-PXQwmmGKms{vlW?c7 zVBR8PSfJ{1Z+?8ca=gje;@hf~R-KCl$7nH>zLVmFwgK{|?+HC?4>!LL{A(2#O{YXW z=k{w!^^JoLqHycL6KhA-rH@Sz*DLet=^$E3Gn~;B_w8Nm&z{Gi=*#=ctmRotSq`&2 z*REvOw@sgd>9;uoh)aweHBw8+H0-V}eUm0UVsE{lhsZ{L5)x6upwSv4_U9jxnxwG`_QguQ7n!Vcceq zcxkvYH?|LeQtWFfE=`w_nUz&Z^VVWFt10FOQU-wl2|P;lp)z`nu0L|>D-+QPYGZ@+ zv;p6d%uyA7qIH?%dgbz3rPlno{gl)VY0$t4o;3feuIpESva;K&wG7o8F0#5)s)*5J z{{6S!>ZeO*^S7VR(N?s*N8>D{WfX9%19nVZQ=+gtd5-bABpp-4i3qAPS2X@e_xEVx z=fC)-6j?T~m@>a9!`b3CufJxi+0d#}F-qiiYj*8++eRe)S{3-K^c?al$n*Le;a>aE zj%E8Lo8}gEko#6`PhLDacl5jO&WQh$K+cX~BqK0D{e%J%lUuX-ia zBQkhK2}L9EDL%4uKQ{YCsNcKpK3+Uex(be1%&A_`T({vOK3-6j&|4S-aZy)`rxol{ z%ixyHYJ2z|Y?G5i%eBe}-`v!=uT6#4W`EZ2o@Nieja@ZQi4OH z;cHFCE*{ge&{oskZtQQOC%W`0p&Ufx_4qt3Kz2-WZ{xjBpntVSQvUseGYI3-uGykO z{@cY}BnuYZtf9yxw#`PC02#C{bI}{rb8~%T%`dh?30Q@pa*+RG}Kx0h0_bk(z0F*YRBr>ZSzIA0po9P=s&x=Y*F{ z@46>sZ#x^zCEG#Ga-$7ERMqOJybV|OvNUg($ML(633M)7SYq^P2a$`f(qe=VPsQ`f z^T)l$cs2ke#1zM?)(99|*DC9Zp8{x_`cY!s=Uh&Ao4Hou*g!&#pH_mHXN=ukH%~j? zeeU@h+okO`I$DILV>HU%Q$kxL^NFLP3VXhfo>_=+?okKVg89d91+Uylv5}u&NIEcj zm=FN9dKLe}hB!w+d_tA7jT9?)Zq}j@*{ymsM)O?Bgk3~6VbS{BX*|B(5+ZG++!e3! z1HZ1M_eKrPziYtTwP`S*cS$b3OlGP}(rJQwjV;!RrZcwdHHVZ~nPZ7(tL+!Q;TTu3FY(684-Tt^b-RX((F>RbpYBR?9>Z-e)GwmYpA zT?irsyvM2|7l3OPAEKRH^&<*_iiV_00#EIkEP;a?1A#$q>MEtxwi^RpS6{=emY1}h zcjL*}N5dym(3jH!YxZS_=jqz(i`vwCFT}l+dzs_U#J$&l|oQF6Sp(y#c!6DOv5EALlgsQ%-7v^8FxfJE5r=NG>fSgePuWA zjn#7K-ETekyg2T<2Hmpxq*FO#-#bPg9N%(+2`g}e9v#FSz6mbVKvOrRIeL>)}mEMdL&v`<*J)^QY6RpV#y1b1)y5sP8F4k5BtfD*-8b{ z$>xY2pHA=9biM0Hc4ogu6Bs}>jY5+x3y5?*s5o0MP2=7fiA>(t=||)GMMAY5JD{<8 zDn8j5TU>LPm!m)Sf-XKJDiQEA6wc3yC+n!pXsCnWAuso^_Pd+*r#A8BeF75Mef|hz z^R%a2y==+7=SWx~p_D4;pfvL*0Dz;2M-~`#gjq3j6wm>CKLpD?B6_GE$c3(c3p(FL0FygSMk zicTfd8q2UkDXJvfbb0ZRCEsv^OK#|wf>ve%?vR_fVzjaMBKP44 zX%~n9Cwac%1fLJL^%d7qq4t+=USXR_1IbRS8qC5Y>O0DWw}Xb8ls|%##qiYGq{6V_A3Wj$U0ioKjK!zJBUa+_x0k&b zP&oeqoRzZO2E0&ZHLOELztrY!fHpBVa?badzNa*rHz{0nM{L4(DNXr;|=sDMT3USZ|_i}I!`+@aVP&xto(E?lU!n%<>< zc3tukH40GZBn9vR3zht?I7&~p2i&_88KI}yF^WHk+_#M@%wP8dBu2Bw=YcLBb&D_h zzEJ$R&Ude7E|An_iS=>FMi~cn)@Y}hQ@Zp8s=vb>C9?K&^*#gO>ORd|(T54LR)nPh zgvIM05?koIdLNw+U(7Cj_KbUcuHs8JoE-I2gzwE3v~Vj0)1VvRtD{}_y?U?1$T706 z6!%?&F{1 z`}FqRFyGZr@-GD<#!&a;Hv%YC_N6HoQrnRM;e|3HA;z*-GwIfTmB&kW1U<@T{sZKNIWgu zqNgVL;W^RUvD(hH)9o+R;>4SZ=fCVpTo@?oN*NTi?JUa*;Kll@hzM&3TTV|N1VhK{ z0UJ7d#7FbNSg7>ygru02|Jf(PY18JpdV$NGEyK>6x__W`1+Fu>sz%Y;=1XgnB?ex` zL(3HpBad(g7rmrCWi^$}(_3Txg=*W`%Q&bn4gg30uLz1-G3xpO*-<-!GqVLP?j&dx z!TopLJD0?^X_FwK^{MK!QoYuvtL$eRg{nzk8$_*g3fNyUY)mUW-39S{`$5pX4L+th;(ZAqQNKQFAk_W!QNuK_-sF%eR0fDi9DjV zN^)57oe^6;>cM!*WY7JkCFAHsMk8zXTQD_=P%( z5?e8v)(+lw-a{m@CCrWwx92+=%%}v|xxaqA7oR9=?|Hdv6H^`OpXp3s87+mWU$>EE zVf30@rnusiO|SZ}>nstJ$&q_3_r;b*mOq@3oY$8Tq7?)Xg@AVXKL6&EimX5>9C`Zv zXayZOSHYa9s{9)fJOT7QwM(t!DpFB7Timzb_A|>s{Se1>mJu|%541X3i^^*ts* zpvT7iwu4{2nT8Zb=rS{Bs$v(hHEg0w)jHTEHL6aPYHv5A-}9j>yr;^>JX+i% zP^0~d@deo-9K8!H2|C(Qx2$k3?bXMw@A{Eo+Ms^mz^|ixj zA;9eis(YS{UKRR=hrX#s7NLH7q~O87RU8?n$E90MiM0AnR@;o~tC=Yr+s5_gc#`|> zq#P3IhFg()Ta+%+{Xm^}A15b^9xF6v`{WZh1nem_!r*?gu?)jv)$DPN=jkY)D8*MI zpn;EFJ1t#3#NJcI&nAhZd^YeAadw=-6x-MgU8rGP!lVqN3)&%F?CJ_jS59d(fG5{bgB(p2Sj%% z%c^>IiiU4}4&(!ks%FZn-TBso$a^?-y_dS;x*`e$HW+v1xZQ#h;X~(R;WGBzsjrM; z(H(SPJuZF{sPM_S(jy$$NQ75m3FFlYG!wdnIl7kxdN~%^4TkY@6rP3%cE6j=cxXgU z%i9e4(V4x9-*hf~37I<0uAa4)7;n$LErL9EnKX*6P&8B!JlM=HV&dH^OGHT*sKI+4 zU}s7JJ?J3BnzLW~n*PBWmR;H13u-|xkNJ6OKZala(^jJ~=jT&EeGy2D+HyqKX)$u+ zph@R3&vl&bE_o&@7%eb<_NBS0J<>ix)T|-CyRZqGM^7Y4`P!Tl@H^Fcl`s~^qSrT9 zRx2u++w_GOUhTCLUtd@7ML-QRH}@)|17Jk@Jo3YnvR&Oa47DG_O@4hB?e)6cU1FRq z1tx~Q<1IalVyl?ujsl-~XMXcXMgDQP1SzhmbSZ^ZLMu$r=hI^;0R(5KUku*1X~Z^k zb+UM9u;KE<_zbGGUF?t#ZoIg|z#~US=cjI`k7*^`EDN~a61w!fxV7_nx(-p8BlY)J zFcY41JS#x3zvv#VYM)jJry@#Sq&AtZyMb=0cYijS6nigG_k2Au^-6fF_ED+;{oz3K ziK}i?9Jf|mauvVSR)2Q&vkv_(b8f@0D?bfN?VOe2p$n@o{%C6wTHr-6R;Kubl1vHN zZ8Z7zT0%G4bltJ=^44SdhiY z=#m(!mXs20oI6?>B90Ds6^)^^5oi!J4yEd?x4)n{b>Rd_7H7tbYmI1b*>p3puat+4 zTO*}L{8(eWQ+T|N7b*TXi)(}*TzQ;LpP0-PKac>x*&-#!pmB%8t?p}3;J+k1Tlv75 zbJo?P}j*S{&G!?VSoY$MmB} z2x_fW2=SdKj!^#)`6ZA9q56^Z0CCiw(7-d-l}EV`V5@FRpxEgA$3i+3K?-g(mTDpN z5XEHzfh+U!Yv<|q$n{OKQAyB2S7OmGcasCvBPzURxb>#fS%0ja>AG$_L!#>4*SISv z2g6)DHGiHGK;b^8C1naaiM8iRjOzc3*)LsBu(vuYRx_xdP@HBMh_#={>sOS!ML^U$^hnH z!2NCh$6>-S#ffGEU6mWo<*tAA$9$W+Olqc}O6s zeH@+7wpbHsZO>mq{rfZK#ei04F(X+ln{gfY=)vcfGr9B)H+2?0I;y!GxxEp$`i9I0 zXGV<-D)a6R7MYTs*4I`~ET1Tw))D017TnlXYSqp+wr|R+8b=G#h%GyyOkNL)#?Kyh zGsgD2_nk6WX7C_bMTE<&oPa{+bLnhEzIVqiyFACl?O1NsC6V8lW1$viMsE+0k}3=u z74=5qUgl>rHZGH8(9=6`TU~n8Mu+5~V>9^f-@w4B7LQb4JxwU~j>{rEEV#1kF09(m z?%Ry7a?JP3pwEL}X?G92y{1~B)791uvy-KkMlurCoBH-0bH-}`uJm0vjRoM_cEX_EZK0WDV|-10Ehm1pysXD$Fhz8Kt$ z8&G?3niQ?_3v}lI`Nqd13<0YM6GG>SKO9oD&sXpUE=_LYoY2%3hN~pZuKbNi=$?MP zVu;$hIKDJEr+c)Nx)oPh@Z!3yXV%XwXXOa3e%JkHlzGA19)y+py{7W~Rj-l{hul5S z9D2TVYvy07w_IPWrH*MWuK~(PNn=nPY?WCvuqjshbn1g9ZCcaq!o%SoH(O&?L?+f8 ztMqG`r!3ITtztmxE^pHdbu9kb+B9^Ps2y*G?zF`-AvVN1_3`^RVbNJ*bMxjFpA;Ld z#n9IYESh<)=3lZ;tFGHMjN&~{C$+U-%R}yua_1FCJ!EIgV>Q&KC{(Hep_VCi?Kl8$ zOXrbxM<8~eL1IW)7}p`(F-yQMRyFD7gX-S$#7-aacFH%o8?=8ay@IeuX3KCmOxUFD zeI5%X7M%0Yn=iKEDBdYCCGKXEJBgXgx80msCU~Zt0g4E-txuj4oZ%OTs7M52rI~H6 zzRQZNyn4}(OlyG%xfK{gil#`D-f9nhY9esG&C1%C&stwu!V^gu_D{q*L*>0GXQ63* z#|kNThyH6di$1$7tvP8gU3Yo!lhIh?ZDQ}Z-Pt;v5fgeh{XA^F2|>lj9=f#B_KQxw zi#g-(zTa}d+F6|?M%50AK-FF_LWk3IG;OdqM*_N<2VJT>e&%|UW)_JIDXjB~-tH7y z`mOFBT^kQWQPfv?7>%@Q=Ux|HHeG!yoHimg1KzAdXEaM`)EE0&yQTKT!HmSI{& z#)EXGyugqzFerD{G2Yftl_;K$V`+Iq-kBMuLT+_gXDs?ux`$(#pvAJ6f%A(Ekr;ig z46dfDLzFX-POCL=OlpnYI)ltXpYo`Ogl~#{sd%K0VXWIz5Uht+my#eVR^06ZW1R*pv%DEl^*ZP z$!1n{sP>eK?MY0>H({-~z!GNUy^elq9C<#SB8x~NQqW-{{zLmK9489{j}DL8pDNXP zj7~3~UXHGY#F_x&Od~{75#UIa{FMUXXXF0f{YF5%rvWb_tfqyCn?+Ly zVUj62Qf!ajB0RD8ZVgK8HOo%jh;UDuP0^1{cFBwVHm=2E@pW(ZXW7RJV!m7}6$rk% zfrjsS2-YhChqg-%NiS@9jd=B|WUX60> zf_#gTJn$_`c$sz5*!M_AL(~l2<=ab=(630Ur0H`>GOyV49{V-<`|W2uKD8fWjUKNM zfhx9ToGk)sT1WUC&0)Jd6Wt~>G1tz#Xs*Pf1+X96`5kSzs~s)fD%=5SE5@GT9SZ z#}ARdh|2YQv+J;#X{r9ul>CyJiJtpvg)9x2c>}2I1;@({^g@<=FPj@3e4Vq49sidE zXIfZ-e-hO6dke5}&e$qNy_RiVEh8dud(nbq_4-MgDzj85YU50HaA(eDzDgMMcyc`H z-R1@ZA?)-!ZCPHaZX6F$4_Tcps4Uy-0bZt!j@!y8b@EnGxtwF4q}Aik1?0Kc$Jfi(P>4lm^rR?T=~_x z{(+-;L78JKILe8!_ID#wz84Gf{SwU%NM_X!#$GNH@SXn<8H3hRvWSq841^*1d44Ov zZ;r-RUm|%1|3a2T89wj0{@Twhb6yi=Z_9gK2u5r3Qc~Tl4X1a1L2Yfup6u|aWFmat z;F-028N3kV=YMeleB==PgNQ^y9L@}Caoo{$e$Sj~6ELWCY&UdU(<@e8*>}f-7E4tx zf-wY0E5uS>9(1s+G@VyJ?-24F0cbJnrk?e+sYjOvsqv&f`BWp!^%q!my+nt>j|xU*~D zs*s*nW(u_JsO!zL=B$w$vEPo1Vv-4_Iv+XC)Euxk$_B{DId3RlqgmBo2!DQ!D3tab zybsd8UtYnOp_TpK`@z{yk%{&thDHf}=ape_fBbAK`MuX(ZPgO3#GG>2l>5aO8XE(i ziP1d5Zl5?VdLOCd#xJt_N*{!rke;9P=OvQO>6pPqQp&Q-d!8k$c&zJ#n%prdNK^0G zAa3PHM06*qUme8WERgW)S;s_^lspaHTqO_oNK2cAvFdCo{9u3fBR8oCj4pGFPoU9{ z@sRZ%%<_GDDmW*T`?Xh*$B`*3WORMh%Yq9=etiNMnJbAP1ZDyM)#xQh0&Zm!P(kN( z=-&VHdj#67yur}@v0B9gGaC+S0Bd$Oe(7)u@UIY?U=8fMI3!pls|d2je5oDkWN z0q?E&MZ_{-eg0PqkhC$RsJgvS%k(h_*Tx4RPr)7VG@I`wekS{qhubt2+}AX9zOh$J zK80`cmAlhotE90#g6vDjif+2B_^k5sKL$(5DMhER6kK5>;=$nc(e`9`jPhSB?Ft?6 z!5gr#FQLm1!G=46ac?S}0E+({;m?6g!P<~at(Y*<4NrADMqCfu9WK*2Z++^dm=qAr zqTv0LcYQ=4H(AEyGMgOMC`!nkL}+%3sENhxzx6uFL4dn}F`=6;pnQ1%8+@od;O;(v zFmwNTkEj(=U|9&|Cyddoq#*FSh?}z=r?mzPxMhO1o2j-){r2e-7{JW3; z_a=*4#PBcv_W#Axn1_Q=Ri4Sd!u(%8IgBGd4e`tW%NFEH(EaS5iNtHcKRgsA_YfY7 ztgB!ml#--Ti)Dtu`C@0{3D=PfC1OWYA_hnOp`Q_)M$&kVvq1>={5fgkncr<+z^wb; z?&ICYdT9=q`2~jtde-vtdCz#Y(=%g4YP@<_ZT#8tful5%l*r1Q+Kh0`bwd!M~T@hJ}Iny1^n{>~BW+kADe81Mzu& zN}ql!ojT>cP|%__7CqVTo*h098;GY!(*M2m19*55?7ak2%)gyX*nJc-f%q2-*yO*J z9!y1ok?uPFGUV>n`RBlVULe4WC?jR#|6V%ZJs*s=dPab_`xTO5 z_SZLeeGoDN;$Iv^B>q-9bqP>EINfKmzt_JPu$M1BcIGajf5{T^0qTc+zGzDDd;N2HDdBQ$X(i2qhelqrFD7RFknJ1yfs zr^N>j1<{Xszip81_e#P7#Q#S{f45BkQPKaX=wG(wt`GmQqW^!hq7{s`(_s7bfkSR! zHnB&Kf^RdM*{%UPVDWL|1y&6A}W!e2e+s&6%2 zg|stWi9*O*fj(RBj5b^6jFb%0RiW5@@pq_D#XDe)3vX!tcrVlfKX+*>S940d)RHVO zXa441E!cEQun}+>uBdyoxdeNXIR#}>xq1EUB1QIyW<_oV_*;4 zQyx*@jOHKFlL)2#g!A?`w&%L2`yy=fdO81_RWvf6_h>fom%ITsh(QZ~mGKRRac|1g ztll^rO4;O;YUiI)*P_L{+DA?(ckRDI-MCC-FT0zX`oe@V5Q-XIv}(4)(4T6DBZJWo zB*B3>K_y($4Mh8D^7xo3&8DBpc`=H~tm~Lb|G38SThP7Eb&SV%8RLONgsG}4CC32Z z2-0Fm_+r4nE=;k9N2HVX!N({){O+aK=G8cC?7`)w7{_PTUS=6#aHm5fEh$9Os_5&C z57(Xe-Q8gA+pr#;&CZw(n7SzBV|j6(pT4AvKQSCu`)Fsa?piJkQy<{tX#5g$l7deV z`Q>sJhED7`g3X@$0jzJgD#-)URC`2G_0|D}PN&X>vePXYya4FAs23~#E^qI^Or zp2I;n4)QCbZPzB4a0_h%`^L2^!A*rX^~M-qz*w%y+DC{TuH2*_4Mi|-w|2TpHgN!O z&6}g;Kf22z2&IVuPuFxXcDxhQ^a)(JR)fx~-3tb0Sy^AwxhMQoeETyawk?7kjLbId zyu1~RHbV7PD_f%@xsQCTAhiarATyFjqWXm8Ip5XZW&S_jxqttHq*1^Gb*hcmVw#G< z*^LB+j;%-Bc)B%OFMO7sw-PhiQ;t>hsXbbyFP0s@`)nqp2RoLW4w-^u@d*;0j4@^$ ztBYP!z7-2g3o>Dsgvt33bhf!9atzTu`PMn5AI^sixq!zpdZ1J^kViJ3U+U$v>#xol zZYw`3In}BDQlkIy0W>WXaU}p7h8EJ*N$JOh0=dNlb7Csm`; z;Z3b>2b2BPOj&~}BDUnO7`^fF>7>+W?)o*?VZ6hh_1g^wHOuKJo4qFFcdo&EA#I@S zPO_GyLT|aTf-+uSo$f6)x0<0e=enbIX+m1?-2LZg_&IbLwegeSB`r_lclA!9dHnr} zJ+TAAz9Z%gJ|ec)Z_rSuT}WGO=>6 zk;hMVe1kxs-Z+-YVpn2eV>~O+Bm%;H6oGZ^H&W`ExbN>&@6Yu@JkZ&yx!k4~QNEFb zTqc3z7E6j@>N>Rl6!Gb!oo5eDcQM3elkjw&39#~AHCH@{-Wjdbp4e8JZK1SqLX9-( zLBDk~5QmO`cII6FgN6R}TM&LQOU`~x}R=iLQi)zb#e55_#)_?*Y5=Y zxB_`ksvu)Q?P`MF$*3BNHjhgYCnWT){q+x@)yKeEX_akK2))fkxw;tqxUkHxhP)#{ zgsXqFoaM126omh6KX6GEee2PNa<*rOw@c>!%rtAu4IVl=ih-jT&PLL;8ru9+g_;11 zm}=V>UR0S6bf*y0bA5^2pnHh1#LR5R8#;6Bx4*VRtob19=FTj$9lUzZog*ab*UWz` zR!bDeJdih>UR*k>+Kwy=lk+7wg{&uI5N}DldsNDwcNWnG$PrGDP4ZjxHQP>w68l}= zux9o()sTiY*j*pw2YT^$PhYoKU1nbp%lis>d91kW-S}?GZ1LxW)_%WDaTj>zekG}Q zzVC8mH7PP)q}`I6orLXtJ7+za#S^Y}d+M@KM(c&8&-Bu4O8=|74?DKi zw7(+K?wZCq+pBU*W!nD6z6mdEXtcDH@PWtwvQINx?z`|j(N4>K$eU_8jF)DU(NIUk zv!q7nAf!rA>huLe5QDka&S5-1ZvkF*zVn$8CZl#=5BEp7HT&O5FW!mb zo=#`!P8gNXxs7oVwz3xYBf9W$(|9m>SvNIWu&A`_dNmm*r@c35D%WT6|B-IlDMPr> zi*6h^of?OIb2ipfM#H>#jP=mlLP$qfi|cLujnNOBVoD|3B!}*t{ccE@q(se6mX0qh za_4hWljcx-iLW*LX)1?Sb|jz1#e2}~97D$?`sA`u)hlSLb`nwx2m;WwNc*4Sg-MGK z{uKWev^97%vLz9)b<5qf-QZ5S6DF=Wj3krHL!ac_KI!J4|LDnMG{NIvwhIVr0mR#t zCX?8>YC0#=O!mtU-R5fc_sPQphUEnFEvHp=r&*qP&&Z2BYaBM9^ zuJ}A8MuruxHEp~n-o?9d+>%|$+VUm_6r2Md?geXEdezHYxc`3lfrW;8X%qy)+#HA` zXMu4r75Bm6sX!VhD%Y6ABzmW3-gJ{(e2kV@pv{{8Bc#Q|zmd_Ecb*vU#u=)icY=dA zyFPEcl(OJ*iy!*{A<8JvBvXy$uywG$AZ{<7*-RstRV&hRH z;qhvi*I?C;zps$HSa3#AK+E>~=aN}U{^9FXokD31UEE)`E8%Lr*#|-Q@a>?VxcFbi zaNIhc*-q+-4wHm(rMI*_L`AAkK2fdXmFpV8@!AtSLV~1X%pSz<=c11FSIegGQEXRqyR=-Ai!V=`GhQt09n1!gxcW_f{_@WL&kqBwz^zZfS9XF&WGnuj zwdIVGz0FN6`05cFe#EE4l7&rekp||}OyI7@AYg4bt)!Fq)p#41*`%V(cb2V&yHnnS zm%lP^^zi#|UA;pr*Wi4>=~M1|>6M`?kRUo!)xm8OjUe1=wKmVg)A~Lz`jVdDi++9o zSeg#tBREa*IOjQ*kWqo|A_Kb_kvc8wI+4Jm{w)beeyx%|BWr|rlMZojj zq$2@dl8duCut+2MYW@3{7RAW(6Q|Q=@z5L2caE~Zx_uGYeFW9#8Y92ZET-O_4S16P zrZy(4$^iJ6raoMiZ7(!W)%E!gD6a?A8g*k#M#ClE1wHMMNr(+sREVKbj~B4e3mWEX zt=Ro6x3NTZy(hip(p}z45^#Ycia%0qj2vdUc4@G->VsiN5I&^Ldrmry_u(1z%rX_; z#86YjzNMaTY9V>hK_sbw4lp? zsk+Q`F*X@j^9O3fUtA7)9FIy@#n*A3CaNXTO0cza)VdB zR2UzKrz-Q23~Bg>deqCCkIjZ#lDOH2%X$*{dHWBiwrrNW?G~Qu-fB#~t14?J$j`p_ zn6dFnsw#KeZdjHR>DGPs!g0FL`$`G4m{mNVvz|vvv@Ej&kY#su9ooB{iA)LwFDh#@ z!cjZe@mvP3zd?ZfnbV5Y zwY2XOeLhhRF)_YAyzwpE)44pGpkcM+SH8^VZM<|}=ISy|eYJ0ufNKPY%Gt*(v*HM1WUF+CS zxP!F@(}vJc1k!k6@>YB1HcT9;4+dhe4BMK61YSh&oj*7dy7ia35% z_=TdV#=8dXnujSD-@%x zN;TNQz!p#d`vI2=xJ&zQU0368{jyWMC|lo^9}l#I``t$u;CobmP-ht_aksl#4$^?8 z92z)SBqeO{fF2+2>}Gy>e@E6mGcZI+De3gXkA+qXi6}y^z6SrVN{{_8hS#5eUl_0U zep3Zure!YC&lCvBiia7cHm8n1eCg<4rIS=~omR5FA)Ce}et2vSX%z~h+mqhwL+;Qm zU!Tcn3$NNDKAq3f{V84;l)+ulG=vN@ip>wPR*l<+It2N7Xg=jt7Sgp)70jHa(vaS? zjZ{lq+8#5|2JAp4Xwlmz3=4}=6+X;HBhI+YU%Q8JDQX3(uH*K$<6L~F{?!#Ps#)f@;4L-S9 zX0I#1fnweH0A(ulJCCVp=02P44#iMge28ow16TSmPmvyM-K^U-n)kPc22C8IL3R20byT-;~zot(29}5Bh<9!1zGWkS0OPvwy;N zaj)xx2*+hjQGIGcl94R2cZK#fIb5rO;m*xmjOQUs{_$QMv3ogc7ubkI9syRKy24p zo$R&Bz0jGR(l@>&@@zp5LQJGwRp@B6J5#%`qNdY(E0sN93JzHln--ej=)hH7@yd0n zm$Q4U@PAsre|?i6`aKAv_iLUU9DGdP_a4LGkJCgc_)U<}blrpw8m7M6!7jbqkbt$F znggGM1-yrkB*&LfFCa;Es^_aT#eua)7I4%}*Zw*SN!O}<*#k9e8=VWwTjHxubk=$k zAF!IgPNVLio_*UmY6&KOXk8#!p_D)s zM)xICm#|KXr&p{>2g+4r({a_Xc)B(p|K#+djW<&rbhl=ElDRR9ju#5g41yg@UR_rM z#cS!YzOx*ASUR5G&gVxNSV!BlJk`?Ejho+bhOF$S!gy1Yp6OpYOJ@Bz*JD|H8N&cs zYH`$vu;dpoURktHN_n2_{JiK@=;I(IUB{g%_MSLq@2^8)o&Eg^>@Q`jG7bnh%l%q}d_tO+v|cVA&>IXwOw}y6c;g-2 zw-9}1k{KGT#9>*hcjkc{>Uwm$(anLF5t&QUE|)?a@Ms+$N-@lBNHe#8+mKAZa6- zxgx8?{np|!>F(b6v)6CPpNNqqj*&4clk5O(G)?>%tgc zdWEf?5Dg#7cVpj+h__|y)7H2BU$RM%oxZlt( zknYveCL|o?(rQ{T6}lLd{2=QGCT#CRMgB-`0Ad#g1k=yiLxrZRtXeoUz4@ck3c^qSjONN7A>Z1#nSx5W37ITh|@t&4bvDH^0XLN@BoVqkG_5Bn`7vw^hwT zb_+p%aSG1at2@*ArW`&Ayvn`Kh`@FWrClH_vSEzR@p3$CTKazV)=oKyP(J@j@a^(^ zI50;}h=~QW?7difd+594%-7v06exDfzAcRIoH8j*X^uyaW0%%3OLsGzbGf}9!BL~a z|9o-Ya=j$_sORTUv`Z+ergxD^kdi_x_I>m*f*G3WWPv6QedjkWuP&UKcrtI_)8(_44?R0A+38!m&O?nDBPquAAvRJ-{T1v?LKHWLkifdsi zA#sbDWHGP4BPKN9b*f3hS|j?JA9;~$wR7~?Q&QWXKOP21M7$3KjY_{&HXI+)lHM2r ztgzZ6-3iA?J_XWg9cayUH6)&IUJw~_bzF$>i#>Y2fJKUQo))f1D8Y*{lHr4sLJn`5Fv~tT!{q=owUfD1kaqYidGNGTdw1p@x!Pd0liH$_(C- zB8~@)N$i%&HH=R_l1d-6JDCNOOL<)TjW@$i<>*QrlEQca#!n`h^xloXuw=Chn=D`2u$ zS8BEEoljD(rz{Ge>^3d+8-WLSvh)ho`(~-6-JLi zmzU7}>-VlKYWC*poAVj38IwF$&Axiydg+bzB&^9i`JRT&;sRAlqr}${wF?V9oyn?}Tt~INu5F+T9t^=2KGR z#4kT+m(etoQpv-zL3NysdJ$sNgBWQt61@16W$b7oU$eeMhb8mp`{nbctR57`=faQe zHp2t5Mpd;)=>^@OSNo~U6R7-a0b}z~7b%cUC0X@ZmO=~R$GNQftv{cCH}N948mM)+ z&IpX+I0VcPQYn`qMLWNQKZqo4rZ*kW&YmIPUhI``6p5m9GbPz-^(qro9`(!kQUd7q zwc~Q&SJA+LfQk%f!rsQ4#ix5&f#=6l`5b3oN96A^0(9i}lnm&|T?0WFcM`ev3*Ou- zU*bhwhi~W+gE))2>@;Bm7$R5s46<=Nf-|}-zAq^%TVFp-DPSiMr&tLDLG#7b3P*&+ z985dM0I4Am=;MMNe$2k81Uy3WzU(giDxWIghQlm(2ttG_!WecP;;9!hO^_yk2JJe( zlQGTeChfb^Y49-#U{lEy-x2!rIZT^ADy>EMe z!a&|HR>zCNW*@Xn!)j_8Rr{L+@gF|v0KG}Q89m7Gr*Av(2~N}UCK_fk{PK&MIQY9h zJz;IWkAA~@o$onO2st>hJ@8-i=Q{MeJ03t?2Zo!jOS(f|LI*$f{Gn`C*k|zC*TPv% zRUlCjd0S36CllmXej2#K6YW8U6~ZX^wf5yW=?u zh9Joy*2FXQ51dwlI>`fGt+V?4;S5-q@Y7RHhU3jq)>a|JyAre@8N&x2{S8rZ0>_`0 z%f}c4c0dpEzBA!1^wtfRsqf^_w$2=l|Oa-=u&X6kWfX{NF@- z{~0pyfuX~Uo~a^Y1i>ZqY!dKcfq8XXZ5gx6|HKZCi38)?L4a zHwVeHkvDJ1gnk+L^nyGZ132tA!>{%w;=y1LDJs=P+8Ps++=PEB@c&o`u%{~vk-W?e zFoJ_u^kIKkh~a#tXhQ(oh?wCFsN^L3GhM>1zbZ)#-&Vw-Y`wfA;w!`t9${0s^y42s z7-$nkx~9Vc@Zf9{`LXTlqlR@PG$g}Z0Pr9f0ULh1eE52Nr#q-C*{rGaznD3gQ)&QeU#2< zNug5wn~8@_L@2K5(d!5T?GS)CF+G6W3r)uIa@jivpo)-yIGY2iZFtRw@3I|^76)q+ zQ}QLSrSMKo$!am(k%wQq!(JE4fd$R4UzUp#T7sV=V5j1{Ijq=!bI57l+`y!_dBp@$ zUF|A)Y(7RLBpCWn(m0n$f%l08zzcW)??YVYvh%FYY3DJI)Aqn831#+wHz}|ePC*%F zVj5Ydeh)2HrW>eQe2o0BBiS9x1~Uc7u)Iwgo_P7+T=S2A`E&uhplqE5Q?tLnSU~{{ z6rqtR;eRnu1|Z&^mE!Mj2-eca7q%~~`w!CnPP$Nq(~{7#Q81U9{Y`&>C%K>Uia)bE!G0S6fG0hA2&zrP`P zE}<15{spHJ%%c7M#nd_Pg@Sx_@O$qxbbk&01s)Jz8~^z4ZwQkv48t!RH=E-APCAJ~ zEfC+;8}+ZXxO)=*qoV&&(L1d9e<|dDRP_HrE1KphJe>(_6P>8fnE-zMqww8<|5};9 ztjK@+kfZZG2xD}bM)LP2S|+VmLh{9%M7F@+S~L=c==YeUdHPDfujitMxjtk%I99(m zet7^<^BN~n zZp(rJL;wC_g_kf#qT$8V-DjqMiBP5h;$Lw1|NRYN`!gAAe_m7>r2L(9p|lr3yhtulIk{^*`$Rdz<$EutoJb6|;;2c1l6ZhudMz zpJv!3;0dcq;H1M^z{L?Bc6F%+2n>Ocj_G`p_WDSv!TMCD()whf^qa2+fyP{2RBE|` zH-_Zgz|MkvZ36=xs!<1QOId=CQPthyf45W=IRtFWPw*!snXvy)v~7iq4+k+tu2D)t zIhjxz4Z>pJMJX0#VCS$gn^EN^*jm2ZGY;gtkApgj;!IqOuYx+esVs6}6u1n(oWA<& zzRi|+FBF1dy4f`4evEriVGI0w>^Et-mpgE&d4E=#3Sj}GZYm<9f@zuyhm|dZLhQjs zD%eQW$(UB}xEpmt#v{Ha1%_oR3upH{iHoccfKx!i-Y@Z(<(;d+OE7L zFABWgp^x|L2B-!60Xm{Y89t%B_>{;qS4-p}sZd%p5}OHRwu>5eyocAQd@mHF>UojO z=Od4c&ub@jZhQ5O&EV1d_2F^}jH~@lYkLrK;elU#c=S;zYxN%H{mT=y`_N;{n8l#&r_c(^`U+xd+WHZjuQ6oKW5LSi$5Xseduz^o7m0)YC8D+*^{ z_&hx7YZcL3fku&j!*iEE19h9oGLl)S1e|vEbs5~^0RzP2?A5Rkni%eWox*Z{h84KO zo96=)UC<1mW6~hFBkD~ob2pfEZP^D+(*?I_PCCtGBC_*d9Y?77YpOvZDYG4DjD-Mmp zd}9oE5Q`casW)e^Ib7bsVi9;B1S#LTVf}>mOayYYcPs2 z#jtZKV8ahmdkq{IpeE6$(}kVwwU1%C4LbnZqg%jgP?WOzWe69G!>6llI{d)z;0dTP zE_*DMg9;d}-VVMiH*#7J-&!e!MF{<2cR!c@<^v?Xf}G_n^EaHWr?9~ur3y~=n#g@J zB{TyTKm~|hpuBS0PFQc`5R7}0lB*h|*W|i4o|tj~0Wtp)fg?ikf1E?)kd+-rw45 z?UgAy?`Gz0VXT!f7eBX@+Whk$V&rd19e1;-nZ2H>X5wPv!d=K>`j7IOBS~?rUh7kD zrm$A`x*Xn+W)}oAN3GkG6s0_r6 zd5|OlCzL~rV&ZK+pTfOIQp;b%Pppzs1DrHPl{I{gu;B3w@k~TnOxbwS`3zuOuRw!MLdPLnxvYU(Iv8)z~^EWV-G&gm1UPN zskkwYBqo)l_u&0|`G>848Rq!o&Yp1AKT?yZ!2?j~RD0?1l>g6i=p$^PD8h{RpKGGd zOF*}8^w4Un^*<}&XQ_dLlYEXKbZ>fd_(Z#NsoQlb=}g&6)1%FK}>(Wl+o zCE!Fwt=@s2#~ONc?^f}*j3s9Ht;(_IuHXz-6Ga%lbn5N*064L7@knJ>^X|3BCDLlagq=!fRQ%o5g*c-R7- zm5QdVEre|2!?AkngWFwilQ2NU6QZu~&D?ssY?Z6u;bRzx&W%)B#z6!0TrL{xL2w5^ z&kf}~mLPr|Udwbau4>)mIM^Q!k!z9LtgN2dDSmd^6XhC9Rv3uQ5S9WVH#*$--HtImZ`Hx<0k4XfiuktTv{d8z ztEoZxzXvP4|7I}c=7=({F$QEoQCip~xyFx3RGy>t>dFf><4-5Guc+qPPI@4~)8L4! zz-obIGY1Y639yAy$n-8C-jd5YezEtyAG51qS<7Jc^_>vv&J86aX?8o$vMaUAt+wI2 zP2KJ`julbTpS!X3+=57TC)je&ssC7Qbl6PS;Mv} zpKaS8=Iy8YQg&{<+#1e+gs`Jd)Lq#aL2ix_@61BemYB#nN8E%%e zj|G8Bwy<}1Am(Z|3nsa+;7QG~+srQQv)#=O!cs%~U)?YpU=sL#LQSDRDPZT|*7y>V ze&ns!*UiqmcaRs00$#OUp`AB1KYqu6t~l~Id!Kq!D~n_CZHacSrP2Exy&M{SM%9jQ zZ6p(M!vO2+?fUVP?68qOCrYnDxxiT?6LjxSX?G}jOu1A3V$myfHai#?{#-cTZY_cK zhW8>zq8sR<*2IcBJ0*)@AI?* z#sKEXJ8KvQUG1g&(w1z~8_ubQ&NHevQ?}z}JzmZ9s3-{O zHuLGPzpQ{!M4pz0qEUE9nQA93-)?!10EXvg;rn1}ce|$fWvgIjfJ<7I4G(6CWkl#R z6T_;0o_IO;1uB~X)RHlHEk9ATvsQqjdi-3Lo~h?mX}^U$Krev$f?ViRTWX$rS#U~4)TT2MBp18z4gaCI2h6r@Z zKeA1e)b0d&sh$$zlpq>z&E>y*8oQ$Kurz^B43B*U_8KYQ93&?vH5)H`l~fv?d2d4~ z;Hp#hr;D)(QB5hL<63B=GZ6o&Pw~2WBLKChF9m8De$!9<*#q6-^sq?cg}6J%2f@I(L5y7!;-u(?4JT zv|m0nXSsF9jqFX25s|y>>x}6WYOqwb`HKrw5|+0F$n%<3(S0&M&qjt#Vza-yRwuC- zN)>p2&HO{8E0#%w+D3UxJwO9vwFIsqc@aVo(@B7b%kb$>yFq~eJh)ht4VoU>T&20E zh#^waZx%w%XFv~Fbe@?A-Hs8W>lO7&6_$A^rJM7y6nyD@X9zsDjK?Fg$I&*8r}ZKQ zm50XtUK-7%)(^?ruLSZk<0b8#v8fP%HHGSV`W)!o8(tGY%jCcn(dJuqZUj(r=LtT7 zCdEQSq!a0qe%5`>;qVWMy8Ps_Tz3I}6((kpUiTEb-{@cx5EXMA*eFo&JyLPE;$FXZ zdT_MTXgvA@-m65#{8+SL@7^fy5R_Ej-Y)lYH!T|}Nuf!$ToElRwb4$acJ?K-O@vO`TL>|^8$?xuQAeG&NY?Abpm^}F2+}7=?#U3zWmKThpf=}L# zg71s$!CZ?vFSJVH3cA$&Y2k$hdX@b;tkyG`TN)&Ew@6L;hj$*b>NHXGw6)E*pG7{- z_cSVKS3mjPCR_q!W^wv=ei#q`X|dhgRAQRk4I2KS7*jocZJ*){#wo2%+-0@

&6(3ZRBzKK9$*=!HSg< zi|TAdGPt<%1Vj3bwn`y}G`aE~1|s^?kE^j?$bhV^b;R zCm`E27Z>x|p>u?32Z!ca(t$TM5nFr%*xA4jgC^_zyv2QTufg2SaRIx^8PLO4Huijw>ilC4ctdM^yE5&mu-ac-#vb# z3&X=>fLZmKDh_!y5uUA|oabjDZvYrC-Hz<><{Y2yTPgwI2lKk;e+KdHjE#Mier%_2 ze~tfxpQ?CC#@1e$i1c30VEly7w32+}l2d2Oy6(S#a-^UO5@6Gziew^&xir>%!oH&S zJ;q}v}=mxq{Yfa2Z~yNmg~4;r6(>)on?i@SJ&%dSABD$wZio5=H8`KPPS!3F zJrMwdu1*DWa(`0B+*jqd-y{wv#}FuK+5H_6^0-FZ&-8R{>)UqbTDqw8JgN4)A2!pk z;K`1b)u*@xrfNT=Lp#|OHd43M4UA#oJbx*d_%roD;JT7z;JQ;hc={WQWp0~X=vg*fFE~Mx_mR2oW zmhP@#2<>dxD^1f6q<6CS8J6pNJnVAuQjWausEV3#HetM-@O`+ld2n!DbqK9;xFqtC zy!=I~;-%aCY}XLF2KWFsLH0#n|9(W;`UTd*6@Gn?tFi3C^r=$k-|Fok1F@~)1yUN> z_ahM3RS>uEg$2{STl{z^aR;^o*F0`{cJM~`j`i3M+2y~oBkO4SKHu~J2B5>2c-{rZ z0~ni506lpsy~G(?=3#6@gTS1UeUJ#NGZR<2m z(a(BGrE0GPSXckO39IAwzqCWvURe^*2k@RCQK%_I_wHje47RUyYh(J4rRb*rD*bpq zNkR)mp{kPKAcdm|d;27uX5Sn+ZKqg$Jnqg&J#J6p<(1;2XR(gMuKWk|y?z$nGws7+ z+$-_k%+5@YLDb2sD<~yGc9vd}S7{jK%(Gq0$l$RX2GVaugcu1aH>wA&kS>Ysn)xyS zHzN0HUR_C*I@4x^)S(k!eUzYq&YsY| zx#zoA&a@DtP(d&pCQCE>d!F9(-$mIDTD&5Jj?X=qR`vU7DOFWt^V<9VSnS$pA@{cf zJyi=Vc%ihuR1e)BWC6oEjzKW_>ky<19W`I3j z0-`oh%W?t(f*E@cZ6%{fuq9&%2t8((f6B5u9vc?uBuso8 zP9E-d5*19BX5Pe31D{LXPS1CAKpy%Li^|sX>9hf#7zsPn(sy@Gy(e_Y$bTb=%KHnfKCR={b0TrNO8 zw8&e-%dTbk!>4n*T1QCRZShoIH!!DprgOgC`zc6OUH8-LUD|Hs#5QEx>apR3VCiLg zz+$G5{&^zGc?Ml$3sQYkE%2|jh^?Ul~C(+eZhHSAy6Z(AU3 z9%veRjP)Y!ZIO(6>7Zz%hu3hMV zExfEI??&gL%Dpx|Lmr4kvU{(h3!V1I#%c;;A&)lz7gIN8VyQy6CHZthZL3a=I^pg; zp1u_({mWvtNz{lCLdt1@8O>9T1&7GxroB{ z{xV=4LizlSNGex{8eqvb?%P;oLY$6(E%dL}0kU^yw9j&06HW8KtoB~dWUtIds$(^( z3=ErzI;_Ia?Y24!0Gku`XL*{JD&v2Wo0|Pt2zbMD$g}G%@v?di;$(+rTmGykeCrP( zsKy+98S9tXvXZ{ltGQmig7a#{3e?;7eExy+N;i)%Wwphvip%E)P57LA)6GzFk z@MPEY%h$~!nEaKsog4(r|L^u3LMniKVtw%>PmMBCe*!C85RUu@bTZIH0zgT;qZnyF z(L@x0NNAmU6Zf$)aWz9*XV`Yql;^Bw!1`%xShZGY-GFyH>PyFR)GoQtfxm}H>X>x9 z$;w&!%6@1V3?^jZ*I&C0>&DFx_pIq)mw6WQaZj~N|57fX6x@C|;$E@N^co~jtu#l4 zj5JSUqmg|JfEoV=`=$nyO>Qpvo>nv&VSXmYTK`il1T~S@8k7t~&Kqxs+82-G0-mfI z!>;Ua?P09wL4(5sxicMiZEGJMyLp+2$rrS&#<&QmeZry-Ura0$09mNu5B z*ze^!1&&`*u7Mxt**P9I)@t`3EnEPL&W;+^NesaYDOu=SFB0VKf6#=8$Z1ra7Ziv2 zrG{TVml8V+w)%YZ5r_e~9MOy`lfZ(t-`hR7b-YSA*0y=2-hrY(iDq{@X3iNAMXt?z z%U1ssDe<=JoQEmR&WA)Hw0U>EtOG_7Fg69$YQ4mi?8Qtz)f&IH*o{P@g`F4zDoKHK0bgFFV=SGbPo^S0lt z-!k^Ydwq#xS#}EAm=CzIDgu4+k>g+2nYc`};+IX!8-)D{L~Fsb5 z!Siy7hydU7m#aX4DL(P;Rrj>*?svL}gRz$a-^reKqUhTGrQnh{nobxGGSAxe)l%Vg zziP(qM_Hg={d_+f^2z_}((V2I6IdT#?^|JKm_-lGL~LR!` z7l+T~+6nRcTXO!(jO$gedpr%LZd!4?8P6`hjl#?|jvPk|hedPOR|Pj-%EU%-oi_{M zxTtQW1={&{`cn04W-B|-HtExr$GTbEHkL~+LmbafxuN3F$U~>>H3nof0WRI~7xmL) zQ?(cJAtV6@_}UW}j+OQ<1Y#PPCQq8KzSvODS4gb$RZ9DPp9z2CbM42&?J}STH&WS3 z5>mmzCJ?uKLuzDiobb^o1bGfEDbRe!t z?$f&&N-K6M@=eMLz$e}fA4M{0dOPs>aF+DPJnJr<}SIb(0aajJgEpi`|#61=sOo%P+$ zH%*mDY9+#-?51rYY=+_a?xhV6*vr_`83;|gD_alQ33W`e zkSkv(j5PNzvw9)nepkSlk=<}X*L9p{;I2vFtj?-Ei@Eo3aZCT3w$067`=LI3vzF5EPa@))Vn=JRoSZG_V2^FZHDXhKuqDPlThgb_doxF@3pq=v$4ge!%JK6nh@Can7QXjaR1MPTZ$?HoTB_U zVHH!bi|NX?vDYcz_I38cQ&S^XHb5o+*Gb|6_(vb*YzBaCFcz%lq=f4g3xHwps8Tn` z*c$v?4+^JdnY{}>tbO&aKZ(<}d%kh@cHnUv=AdWFOVCG8DO8n_3=Hc)3nMSAsT=CQ z0b_+fiQFyy%JtbsKfgz9J;6tnn@R>nout@0@IB3ag%*5)-Y7#AiF}!H><;>feUb|A zM`EYzrX;f&b(yte^rOuEv0?=;zlPZi+9LJ)B@$3fzUOh>O4-5JzZ|(#5bWWBIgHJJ|4@=TtW=?X4`(%To_5C60sAD`da zo_a$FdP3He=VRx`-z^yXx^Bz$bZ-wib4SYFL7&&FD4HORD{eNCUxu`)k@2PMoY|D4Jx{{EThmX7*^R=%{FNxj=I@j zXh6Rhk6F9!!ZDzmtk%ixbk)=x)d)d9S3J0N`%t5cg8ZlBhfIDqv?e-)iI#QOQZkH| z>jo7cIH}P%^%CmSzvEle-pzs!JBmGnO-}ov1mdkv@@kqlB(FHN13Lcrv>lyD-I-nI zA{eH?UPH$w1fA462R=7WlnZuuIQa^Vk~^{?!~Swpid?F!M-dZ^lwaquvjf2lhB_Sb zj!x@KpbzVTKAF??RF;1?4^9R3AePZn%xM-jJcmfRUR$RX{HYH0Ivm-t2*p9%TEmw| ze0x#O^Hh z#Ib&DPjp2z1m_%}&|kctD)&qdXsji$n8h)U)_8j^pH94j@ImGiCPBH*%%c{u7E4Br z+)Sa|j87E{o zWHJ3Auzo;FSxja#{0B}444>>Czq(W?w;f6U;Jd>(g*a^Z7(*REbbeO58>|$lZ?NG% zX}k&Fk@$)=!L{8VgIp@u-^Au;AN>XTunEe4B-}k&IH$a-1&KRLSUp~a*P~19r7wr@ z)O=y6sXtv#e-#q>R04)#3g0V+VFz{S9DbDIaHrQE*m9fR86uPneDUn(ek{Cre|Mj% zw0AwDfGVBv=T3-b#xME>4k3+#8i^)Y45zhpZEiot+I-I>Gi%f>)V19+R&QyzQeg5n zM_BYJ(%};da@?DL$Ie?=uAo6w1%Fct7@V&WZ@LXT-@*4*48)}q2^C`pvAFo6X?~W2 zZSYE^%&A>stHL)yg2Zz^!J>HZ?1Abc4G`86(`pCe@Ho+Qs9|46cfYzntu=K2%_0*2 z%!C*t#e_P&5n73|%5AhaG-=pVi_YCG0q4W}Fp|HIz`V&npX9iez?wng1L8Z!LJ%^@ z$>DU$9hFV$EdGK{8Mkl#JJmX#kDy?|j|1gNbzGz}se-P~c}%=kzg6HOci3{O6G4HEt|L)VFl2hmTX3T${m-q|r{A=H#SU?+96 zwcbICfDk>w+w+r;rYHJu2ZbfPzXyNMT4m5Lth;k8kOKjyt4r}%itIr9CGhj3&3aXR-aQZ9?1RT#k)eEXL+Lpzv7{Ufqll~YF(qih0@fdS6f;ab#tg$Bijv~e#iKae!ssuwUNkj2QJ(A;js5=^{*g z@|h4;v_G;Q0(zF7MLLvsaCg^ni9H~#OC0lxD3?|-QJ95A2*RcUu`RJ=xUOy6m_U?f z#LH6j2q`PYuD7JkdUy@&IdO5vl#iItBj3-IHNxEvMwKjdX_&jIidI(6bX{ts(KE{r z-b9Tdua37TacOxCZpVhgj~CBB3A-D2H$1wiF7^w{dj{%~5*bz8P)8Ei4^K`^^&xXs|p;TQQwHqliB@%K=ygVmK;sw6^hCuJ@~llekERS9&X+W zLZdWzvp0?xDrPTd5&HUI-jMciSd_(1{l52tV2USdKPFDRx61zx-e&&H_az=IsVN!q zgXzQfG6Sb#UHXw9q-T%0-(23>utlvKehdR=GEl=yN)-1bK1XlrMIQ6X8Z=!IW2je9 z<&qf1D;LNR5~v{ziCk9PoVZAZVfO-NcIF$>M-46=()WXyt;V``=eC7{&-tec2)n_; z6!5uhzql-n=mk4RaK$D5bTS}HCf?hWaA>0m>QvIFhS}FceI#GqDt1aFi;FwXuoW<# z`?meTsS;Pp)JUzz2Swxz#_U9Ra2+?mf?t!SXM0xIsN+d@;H>L7Uv|wra2J!5?yU_bg3&q8NRb-QC+I3+|!W!+W!spOg5hgV#02 zUl+@@)hCLVNnd4dTZpL;Qa;=#8=(30V(*SAmlPGsd9J00y^Uo@0`I@JsBpBL}Mu=ub z|C*H{g>e>|iM)@|Z&DU`-Z*nG-FFXz-1WEHdX*=^g3% zZnA8~tbGX9S9qSS)8)U3X%3ojU5l7+V?!o8xe+v18mx}pOT|D)4BSu|s(e*VMwTW0 zY++rVf_4jAL?;)inL@cS&MoFGV~8T0nBL!BVyv?w%Q@pyuyUH=5s`QXvx~A~YOZk% zU%zO4aX{lhNrGHDkGrNJ1$GwBs=woTP8pPj^UnT6Aw2$M9MsoY<-uoQ<)N1oB<2uMqrbwPt9Dy;H?SOU|8<&8#{i0*Pjmv(lT{6m1$8E~4 z?K!5gtV2s-GXcH^TZ5I%NvD!wcc(3aCPmM&8l8Gm;pzpE9E70D8&ZX_@vaFr@Gb5v1VHn$Z6$StA9iLab4kwHOJfNr zzh8_ueLLIF4JE&c;>xiuRoVs}`kE1zd4#{y5F_0hCkpi^SjPU^7lB*G;e2=I+v-7l zW633f#PD&-R&>K1fsC1AAbeWyZiO`Mm3Bo>K9lHZ`3X>i*Xs#h6Cpjpgrt&^$;aTC z#xY6Bf}%9uk|kmNlKIl3c5wT5LC-j;BvljR0UCLMKgP8y+cRY3`Fc7@1T z^Ry0T%^&jX_KS}kzIiU=&LnGu6$av z5}G_0V@1!J;Z(`0d!Rr^i)U#$!Esur+wS>(lWb`>))RDsgfgF8om`7k4)cPU2{k7cq}*BeYLzlr#wIx=GUS=s}4o zf7B~&$N5@HnvRa<^?qTBJPwB7%v|dv{HM-}6Sc+8q5NzczwaXL2Y(3<14N^~OrX4~ z3GR(`gCeQzB9v9S+`hT&AEkd5i?+#3i@f;}Kz=O|f_9a#L`c$3NN&%1CPRaXiX^+4 z?BYZck)$yk;Mf?*OQe9M_tA2`%%Y8h!Yk~u6SK_q)UFy1_nw_lZq?Jp_d7zSx>~DJ zV~r^jFX`r)%o0C>&@2`#8QVre_2+OLy%#nlrLLCvgEFkqxZch(jB%=o8TnFk3_cnr z?wY5(IgyJ>(?KR#0*(xDjpnM1ONIn>*s5oQR%pLUKR)*DeNA92h~rGRwWm`;b-!MHro^B3ZBm};qdD9CHl zSi^^To$>pJNXkyy6rKF^^-Ie%%2tEThV`;d0F~??pS;59ZJaKK5dOYiu}H4eutfy3 zrGHZ0B7)>TJ4aKnJ(U_2M9epKeuD3fQf~|g%)FUYRMFBWQU?ayAG(O)*F!bn9oz!* zJ?~b~Tb1vlWhc2CaZ1`G`Ozjz-Ov^WC&#FNkOp>>3Yd+l^@`S5i3T|7uzp!2`;f~D zt!;`)#)3<=xSdrYl#xJdM__zw@AC(~c2&=VwiSnN+J&WM2ZtS{nMN6hOqLo3WS7dt zK5~zc^2gIMBtiI~hE3FON;%F8;vS+7M23c!*;8YTFmuS@&2D}P{>w)K6dYU8k~x*oO>y#Mo;0v%xNKil2vf_h>& z`<3_%0}Ljo9>O@vFvi9?V+jdW7bzC;ft62ZueqTPV zil(m<@=Gt}9^L-*Z}}I>>%Sn_5*h?z^P}8i*}A6eapLDfoaaz zxOA7x{#ZH?v(+cgC?&CY70Wc(IYAe1oFIKE?uWwhU`jqE%o@ydN`V7@Itrj1F1gcodL-8Dzv5Y2q|<&yST91j_MOe}?drRA2Fdv2Tx+Cl zlFiBRr!W*xRRRg*I>nAdLdOSRhSr#Ra>cHgq`YGR51 zt0JL^!$+FLqGA<%o9qw&m4XTet?B>mFuNdBmyR72Yp7c~}M3|4_%i@Z{^g_}Wo*1Inf zH$`k0^>?8xO_w}-)dlJ*Z7eYl9Ss!reJqd6M>o>1=V0F)QVNB+D0Kp&PCvP~GNT$R zL|?zN-B9%$3{rmgRz=CtH#ZX?DFPf^0+a6| zFQ7Fv&2GPLyU*AO6n(^hIwKbd0wl2*eXy`=B-ZNe;>##QG6meyz%(D>(d>0Bs6w)n zKA7JauNrGqDz!EHrmU^gAxPMMMH~Gcx`5l!h)~2Ea>33P`FTt8Ucklomub zY4@W9%i{& zLg2O+d#|d$65Ua34#)R04Y5S&wYEv^yGn}B%Dh9x>Ea!_a*^#E?KanksycZbYxp*Y zx0!ME5p@n?cW|+m9}YTx+wH0UI);25@whp9OD1p5ryT!p6CwUwVvunV!p$Qc7S7cB z=9z1P$)C(ErNjrk)*3jk5Lewq!KZd){3&RWBDeLsV~xDRZA)NvIMagOLcb1ue`s`{ zXnQ~%-)2^&C&mJhZNCBs1rL%*wDL~>oVy$jfOLfUztJgV9dnMa3}obQ#OXO?rxo)V z>Ba3J(&=?pjtbx4);M-jHJi9G>0a&xt_0%<%gl2o`uN?Lk-dD_|ZEInDd>*q% z#Kco8X-$rbg-@<)m{wQz>$n>z+DX!1^@n*ba@`w8K*Ir77d_o_qJB@g*h_0(#&FyCmF3pxHhe(mR_@e8nO}|)1lru}I9_Q-+$Oa95$It*Y;7t%k*0=~vlq<2$3_8;3D$9=>D!@LCmkw_}k)&m; z*_p%0ct@Cuy+eC3dV|%EAo6-CJ2<+caXuG4ag+sD!1LbdgA^I|x&%5JNjI|2L@5O{ zIHYsZTWkc>^8tQ0{>U5gCohF|@;myN5xj0B6tYI8_LoQEwrle7`^o;i8&{g@%lmEP zwp#X!g(^chJAvhh@ed)FXv4^LDaHdawblDmcy1@Nec!y#2n7Vt+zktBnK~jac@v7M za4lp8u=I&!!ftuoE{y26TOEwa@661MwEJ8He7y*$k>t{6WL3BNEYZZM!!mrt=`7m< zeJEN(KOZe5F{^V|ZKM}e9u40kzgrutI%X48ozgg33=vyg{wuP?3t4n+8|C^jNwEjx zjZWwi76&q=Y7nGcV}iUkT3@D79bkSDe`-BVf!T}jDc0(Kg=#gp=E zi3q+HQwFuXVh)VF^~vV8^h);RwI>BrJ&uZ)j)-erFoRZhOl2Vo_!6S2-tBtGd%`4P<#7F>Xm;n^cyEDEZ6t!eD|f0`akf zG#zj+fu|==Xwg2`3c5bWm7P&GllXkbRv*l!g!Bovt3k-C_v=$AI|ISN2BCqD6~F{v z(B4V-&y(W^@0j@pozn3cyXp;)&8Cnv`hIOw>Er$eo|{vsMy#<}4Uzaq-Fhn12*JjU zK1@!ieP}KWg68p8BvgiDRmNy?^sp5oxg0+yU9FyCn20F*&G%3;y7{3fxDMO~y%~`~ z{4rjN^_mTSdrh*)l}od+adt~27_+J^Ot)CA7dT9QMIfQ>-& z++~2~4R?OSO_BTD$9rR5jBc*0ygd_Cff!?-@VhqhDK-U@?>>$*Yu0>b&D>9U1fGm@ zR<>vg=x0Ye;t;F1V@R;J>iQmsrkoP(YZ(c?)H*-x2<%u02;@x=R=`^^f|bZW4Jtar zm~_&er^D$(M!CPu_5^zhmF1PYN__suc(LDD^Ubn7e)BO|ibQGsWlrST*{Lr{-CgEy zmqf^~@OS-7DsdR60Yo%Lc-}OcwPw+7jX#6T!)a3E7jq@dt%7n7vD6=f-dP@)4Njxa zD6vF|^X~+atcT70%RYQigWozBn{eZ{9)*qMB1{!_Lu0O?*U0a%L4}H9VG*3Y#fK`$ z0|;Gc+knJiIL9`V$1RJF)8#mGt6WNZsogt01^$jOKYs?k0F$M>)U0JxT)sf`!O1FR zoLjQ-m=A6NsMFJ)J#U*z_FC1-M}zUR$g4BLe=?Qaa)4@F4cKq{w>MeXLN5di>*h-r zNcDtBg-y>${UOaL%ThLW&e<&=wYf)%kvgIswSfB_9g-KzKRkleu>>hUJqCq$c17Sa zr50spMX4&VS-q@#K6$JlrNJ&Wf8ruZNud~);Z-n>KWeqtd_*7YF1R`$XbZiH*ifYEf=??rH8zbmuLE>}(dw{da!omtlkXF_}ZTH@8sO)L?UL9i-Sp ze$=N#Efp3TU~K&h*vnDk%Xdl2&mWfDpKX-?9qlq5{b`~eS+8Um-`&t2#es1khBQ`= zm<%oii__f99j@`N6Yy4*M zfQP}>XQF7kT(^+;D>K55;AY(oY#KzPflBKZ_~>8d`^X5$ThiaS8~75BUDDX4RF<7(W>RIU7RsyN`y zVJts~EaV`IxK6L;b20=^@K5JEw5=4xA#$UiWy%~d601UvvkLF?G_Iz!iaB80Q<&c%cn5 zEc9S;1mrpvMBttReTI^I_1l}1C4o(=jb5Ra+HMQlgm^0`0^I&uf_~#9y)B6cbZ-dV zkX+dP=mor6+gs`{0!4jvVZ(5F8-i6qqSW5HcCA1G%!_Ve)EBPHn!T!*JqX)MLwKK* zF&X6{I92fK_88X%2UojH{Y(>7?uU)ouL?z=@TY%pmCxX1>_vioCm}CTp4FuxEuFTh zC*JDVl^zqqe33~uQwV-%-uNVD#-akUkuJ!uB^lbwjNr$6_G|Y(Px5GN0ibg8dR8G| zIxUv5{%mAUb4P=6TZ?8%cA|zEHo$oV6tZ1o}X#7r~tO0=qx?vo4<^ zSFx>DSSoJb`o7Qv8OGX!x?}{p(C_YA^XgBXEqOS8%y@>w0)i_ax4Ki`#f<4e5KXh z!;N{fYE&xfzS^#^{^FVDr&(!e>MB$M<3H2lZ?sv~}>8Q+AHKVTu0wLO)Td%wmA ztzegdKB9H`uVsi_dJ3ii9sbc5mja!}uRGZv!9Fd6EtwLS=xPxj$VM9eM&G0R<683= zT&e%QD@gq;(N+9V^ZJ z$Z|2k1I2YR6l&j*aeoXY3&s8nj3IaCw0A!+4E1=*{TfXJqK6=cb20HLlZBI^n*S@; zK8Mr!>fIa-tY{7m?Z3|m)KBwYI=g7atIY95qGn@Q-Q?SJW7oSk6H_~R0CjI{Ec?WM z@`Y9lm*rj(A@}7fH-Ar_ihp{x4rg;BH;w+Xu?y>4P6LrwqWZ1pc{8^lXpGqys_>Wc zGskIx2+iz*(_UJkd1l(F+El;Ak9cdu#MRCDr@^D$6g@2JJ{iiU=5>%b#-JqSz&))F z5=_Q65&ivDm??2Cf=-tmXXeAn*}&s;foz*DTk1G7@Tl=!;xefr4H=9c49HPC2%Q5% zXpuR1%tq{daS5bGEu#_LQHLy}819g3$WA2K4p5>Bj$RmejbEMWQ2M6G+TBaDkY-j}964P8-10 zLk38K>aBvGY&?=dtUzft5`DME+~O+)APnDq+}Q4e)U|J{pIQh!+Nqw=GT($e_1fk0 zyI4NirLFuo)UXYYvU`u~F7_|4eGPbnprj-5mf^GEU|cagq1b__+;4Y;%+M~zQHEdx zx|acR-!08=5}SDg0pnjhKmm%uSU)8$;IYS$#IGz5Mv?km0ujIlnXg-stcQ$+4tbog zNy0-v-@>s*c4!+#!x&&)Ov_e+7OpD2E+OCS@C6y~5wSPcr&-w^{r2A`?f2ajSXt*h z;SY*72&_o>HXcGulErqXp}z$BS=d6{rB}KCWYDu`_KcCta+PSz;}kHgljHWf_QuZG z2M|W*4G5As5;*WVsnlTrao$!qxXkM5SpU^kZ5Y~AFV|Ywc-D73SDt<x zro>EV?YO5AlE27oTKszhwy(~8=wsi{>&os>;TnmQhvZ^i7XES~a0LpAZ!}#Wc^9er z96eMMh*8+AsVK~;l);!aI--$schCOu{!^k`RMB)=ztZO9==ioDi_J?h7dt3{A$4SH zD}MNfWP=CA@tlbApf0P&+DIJ*cX@#8J?-z|1{^Xt1e*_G5@fO8OO*L&9!3>vAFIz` zf{OeGIFc;qYS3IU`DkRDGB>deBk8V^6*(IBJrPabp5nHOZk#vhOGq4dQsB$TgLo9h zgj-xq33rcPG?IzAtp}4oF5Ti#%EmZHc@@cfuM3OZi4(v6)Ywrz@1+W_le^lRxT^^< znzw`Z57d7=vOkB{bP$To(Y+k-mI4H`3n8OAt`nGAm?(+xvE&u4P?>o<6gQEdF%?pN zAg~or<@d5$%xvB-*PP7&F(sv|W_Lv55q2HMd{-rnxiXio`YAtA;W}ok;nTW95+QlW zt5BFCLNPfcWf(|$mJ9PEE8xA&sHh9l!<&@I&~(sSO2bLAVhWQ2{fqQF>O-sk4;60G zLi_oN;vKReCM2Beu^XRBb%nqGmB6e?Blj@_5ur_ntDRU`tmG$dzJnSAm$-!IvU(se zwa~uv+#x~Bm23@ojkN>1B?NaZt>a&<8>(%~y`SM!-{9#Wj52V9`-|zn9=5j$K*B=V zG2WGn7ww|U31sj{2`7@+`H3Br{I1qhmCWk^TlW*buCrmz6b#Nr=<8U6b5;L44{<>N zLPRv=Gx(O{c&B^kkwsgDdG=k2Y+;Ohb@hQ3*VF;gfL@4w$zU&7KL@}^*@qi}A^n(m z1o@5oSx>zMZr(F{{q_ClH7#T43!Y1c8+MBq@$;vRXF=lU01stO4(@Hjlf;++);@|( zYJ-(;B(wUtz+);!AW{c*fB*>G`o$!c!U2!o+L1u}x~bM}5c2f6ZnrT$$x2WR2%}v0 z((Uj-p%pC^e_dpcP6rEcXJPL1c3AwydisNc-iuo(k{kPq#cy$}AW5oy@S%oh&;o=< z2f=xh&fy;w02v1sCI*;A%cMC%cFJM9KOGS9rIQJHq*+vUkg;2-55dsl>%jCV_TbK@ zV+ujT2zfza&rWTO6l*ViHD~xMwxoVGNjJv}>HdKT=>Y3yk%R8H^K@%KGS8}g=7MXk zcehKuHL@z2IQC?TQ%c-SVx|(WtT=wt-D-hTQ5-aoo9%ew6UXs-c@ZSE-j8x*XGp=F zb1n{ZnS5ae-pp#=wN*gy^1%4_tj;?}X#z0=x`tt9j*SESx+FJQZDiUol&x#YEBIWC z=R3H-h$N=kpGaR3->v`})$*d$J(!5M=LWyjXaDWdED$oKYTVjBd2w4M6Hs`^m78RH zbB_pK{_w5LdZHF}(4Szx7yF7BROd(Hw(5XDDZGVE@S~BFOo`6d6NXm!$O*TOnV#SF z?0Hw{30Uav=F<-eXwA5i*2d!(T0zM&L zJ`9j#n#LjJS-hU3jk1sl8<{MgKoQv4{z!P2!ET4O-`&lObryh6U(v$;L)wT;$AUBW(&7YJ2XqAVg_QdFG%iCHx_K z6w0OT0lIU1$|0x~)jdS1_+RXOWmH_-vTpE38wgIYph1E|@CJee2u^VK;K4n(OK^fm zkl^m_4#BM(CqWyRMqZP>&%5`YciyNuAn3{!Xi8_83A%9Jogym|g7u1JWi zj{f82iE9z;t3GW(47D;PmX^rLfN7o8A&@6{6o8Ml>AF8JV8#IaxiZ1fGHmzEVQSmU z`OZ~46zi&UvCK}_VHKxZu&ibGy$v-23YLXe6D9u3#!V9^8$CR2&x9XUJa%6B8XeYs zSDaA@L_O~PB{k)*X^v7*>@ne$x1|$xzsHW*27K9Fu*~6hhh*^%Xx1MV&9VeDM>sxv zY0L?|tRF%3(OIT%LZwR6e!A(l+-wxhqL$+icK#Ym+DU?J?Pp&dU%iI6VZ!MZfDq2o z(7)SHb#y4VCrIFMHAULC>NL!jwO^9E%a!r0TK(O?KKi9VE=VIzWOf(EUNq4zPUDv z_pBRXdYo9#BO<07^AIY0lIN%?4s*Kqbo8NOmJGwL2ftWuy}OABoL*Ve4XdY$vBZ{I zPMf4X02MGapH;Eg?jLWMp}vTwUS3FUAl7_Qu(P?T+HJPE$?I9VOf&KAjcK*XmK?XY zTPWTRCVQKeXu7~uCN)?$l4xa|Rkv=W#KqzvTeToo;ET_-ZHS13a8)M~LKkbt0O)(b zhQ7jOZ`ErEd3Eqi6t14+SJ6@i<5wIu_@TOGtGevlB-x#5hvO=>e-l-DpP!-Lp1M}~4$+oSp>~E3Ftvp2SnXovz6x=)-G4YoR>K0humGDr> zGIiOMWAj!31c9*KS?qJA#N9>*vYrLT1E}TH zWu3fb@EZLbDyU)1gMnq^zMiR1qEq4gnPC^=ZY@F&?H;N{M~~dsVnDkZ!^0zQ!|+aq zSi_fhZ-SA3DkBDkVG+iKuxH#9vtnr!a_&R#N~2)G0c>sZdP1M! z=t<|Ey9sN7c(?Ry2Z0?H119JO>|Rb1TXwelk$iF4EC<_S&0(o+)aPunpXRBa;POu} zK?MH&sKv7#|9>z<4VG@+b6$AQ{{&IE-(m9)y;73YJ?h#ky1!S^i^)`Wgqu5?^e#3v zl>(Tg0`@bWo_mXuccq_ygAd%ut5_C}4u8tOtTJ_M0M=N})wGRWAV77WCdL}6Z{14+ zPCD>o5iS$|<}wJP!_mwvmvnygc#sZyVZz%OYL_Bdx4tlcG_^9(2vP59sgPrsI3|`3 z3cAI^724ZRW4vDgf=BET{D;INC3j9U%nlp~Viz*8&kmF<2u1R`isxXk!A1vADq-z?*C zaT~-rT|?+9MmPf}IOy$HB5z*l=w})Zbeays3#IJ57{bkY=FeO>_v4+&tlH4;``0Os z*nUfP`gE}{9+id>j6p<<+F|zQX=a#Sxd2Us8B$&hpTnZ9K~6TO2UbWjbI5WHiSiK} z(ypH=2h#@G8%l2Tx(o~g=PR4ZFCmtIN}HXRBDSf`JwnnyP(nRPkut^?OE_2akrwW4 zL@wrO7qBL7t-sirhUVx3-S$1?Yt&jc4i;C;M7FUKNJp4CGF7^TSHkEC%)7&|YvnNE zSn4FZ$Lc*y!UDTHG1zdTz{6*RX(LA@+9j$N)XzS7gR}RbMfCwg4+{>Y_K^+!Mqqla z_Z@KY_1RaM7$aD2e1n1z0#l>|fjP-dGlb2+w!FYK>0v!B&wnarjnLAPr-c1*%Mc)d z4KaF-Nbk(A!qbt6nS_Ark*=)t)IK{)$hGDmv>CWZAy~r?6o$svlShJhOF9&TQ39fT zS{>N)N;;@9<+_faR<#i19Rhzm7*qS)UoXTIF5lkn#n9FC2_3bNSCPx9Gm#nt5Z*|6 zqmN5-$Yn5KC<|+9ehydN3&b3I8dPCK3;4Fu$Wp_$_}ixV@lpV{%R%j2I9lY+K243l z54zbJj#qJ;>87h6`$q^hEl8atX*QWdj5Zx7#L-ahFD7mD7(>b3SF*M`akf4pa3>YP z(FV!O%D6bLIekcL zQ{PDUcPM2dz4pm!Szz?_Q^A`dne}^4b6t;R@cn1fJ}G_vIp!-DM11P zPI6b*Pj*cM&&Hh}1W1`XnN!m_J@(xVNMe-w0`&_5hZd`Xs9JjH%t7A5i-H7}zA&&2 zNA5S_ps~(YY6=f=YdIPO`cOad~R@E)2{A{$x8Vg!8WHMvr@;lN8mMd}<^@cfwsOxub*ix_!{wJS7TtUEV0 zd*+SZ$(zdq%0camv0`C*&_@i(S||zeIXC>GzTCvX1Z>%$5L`CF)(N^{ENsSoSqf*y zprTr=eN)U*20kgAiXvnodfBM)?N?{6L%z#zRaB%0Y_jP&GaC6bq-M9)87}}pAimLQ z`jbpLxYbLCUGIJao1CX&=dj*TcmEDSO z-(MWp20-Oh1gguifuwJ@_@#scA#woP9e#Bga^!N!gQZ&R!7+$?Au}b2;Vl^z{g@vPW>+7>0mdDpcnnlycSav1GE}R(gv_Hye;M$(cfxUPM{lXjHJ`s2A6 zdw&d5?6sb^I}ZkqI5#>REm%7mSiaeF2EGD6c8aG!(HXk-O z-_T?S1rDLpi=IHeb5H8Mw}z4vZy6#hwV`HcXY9tT0Zj~)PX003uc-a0$=*bDk!Gx7om&}W8 zNsFI7-7lhM2ZLBqaVozJMqQ@ta@jp~KXkM#v$r^wtkbFe@$Nch*G6g>n9Z=-=5bxM z#n<*bFYK8~Y`LFLxGEartEWT78zT-p zMU^&>L40nr0S@-!Pqd+74VsrY0~k%$jxg9xPDTl0xq4BMt*sOP+nV!M?}y}g0Ufnu^R?{$qSRiDdikc17$c#z&R;+@0EcBCjI-8R0Yp3S;brW z%@>Tisa>tUbRkm8epa;Y4}L}GkparA%7-Sam*KQk&DTIdv1AyOGLKE_icYT`9>yyg zxflDSDegf0VUK2AXo1f4S(l7a?n69Rn3>xAmh=L&)HcBpkT%+0ekQ&q!jwIM98UhQ z*2#rj(#2Xy#K=;;@;}( z#bJ%&ckYL{7aEm24h`VJOk-95VV7!KpxfTvILH5e|N#!qV12&=TOWk?zVA?6KD2-bdy zJ5?Gj)ij$+Yg<5mz}xt##~6E}dzC9|HccPr{k?aAZ%W~*X>tp+O@^7JfkC%mLnLHJ zH9APj>j*wB9I-td78{P0mK48~;~jd3yR;8dM%989F9d~i{u&t%_;B*>y{{Xq0Q$EW zkioSI)e&}++^fvuA%PMZ!O#tYKf!kT0QEbP@#6E!cE$5*XLz8R(;n?9i1iAdnB|F9 zPB4y;Ho7xpL7GX);aEZ8*mZw`U)^d5&-$a&V?@9o_==3-)f_KVS*>*)-jUlW*?YC; zt!qN!2hZeEv^mSKfAW1JjLO$GU(wgVU7L8N_WjIRU84lzApT?T7W(8 zacx?&Acs*~^nYe_S&9Hw!`7nVM1fC_GkO`Wa{WFa4q=ksWTDx9xhQuyxxYIKPE#hJ zMl5u=b1eo_wuoE#mcSaK6`xQdt=8T4YZTkAKeR%>q@Q0CqjDau4I)rlTD;NI)5Mhs zkoY_60wn-+x;-ik=W4p{InS+ZzdF`&hc8y(ewqKsdT-R|F0W0CZf}WuFnaD^sb~M? z2zvF1zsrQe9@)|K2pVlg@Z_^|3oGP2x`s!;Bw!OjeTE_|*?@{yVwz~`b%#Coxzd!; zgOUojOSYS&QJ_19eLYDHVN-QY@K0(R$d5t!tC#E47f~cK%KN8$?(8S1y30|Xb$5lf2cCG`os(LmycXBYF^}; zwzqHXN45%S4TE&j|LB^KC+m@Lu1RnH zyMxabH+v3gGsT)2Y`XPc_3lQ43HhquBlF?Fxk6%Jj59q>qb5n&e>CQ=6&E~F5A!im zk2o$O1l}FtsZWxeuexow-fI-kPpy?@{X+7dCku+Nz64ITFfaA@6jzGCtgc4VNI zuRyBS;JDVJ=aLfhH`1kHC4M;%9nE>RF}b)QJ1z(kHf(c{4WJ0jBEwK1G44A zb!xyJ`IW8!M1+ed?XTgH2!f}cj=*bJNl^ZcLP2xrlv}i%g2eujX!xJsh)yC``8gw; z)9^R>;xE7RzdH^@!CUZ&I0s|+_22#a_p|;a{rq45h6BlD5_G{ajE~CyZ+|wW9=khA zDa0I}MD*`BQ#Kq92;g`1CCcU+J!Mk;R?*tI(tJs(^fUzR1{E{dr3`k~cEQ>VOp&zCzZiD z?!P|39biRK=IX`u{lE5uHgb)@j2GXY>;>=JuRCT+og#ld<~KvGYsKu~?>5R)xTS=P zV<6{I7sPVN<=-M&(>p3htn)pv`P=dDTCkQ9n{7W{r3?b(j=f$%pKRhu*PRm9qGFW% z^yjrfhj>QK@!tEM=8ty@PX@KP^1^;qCYTF8p34FQJoXOGk^&q5?jp2DMF1*An9~J3 zW2i8k^nF{DfHq%jzuZC}Rz5cTN38esxvmVm%G2KmG4?jh&`*5+v{4_?miR-eSoxox zsKgDgFSDQ$A^M>p`PehRX>lD|v)U3kEFXUhCmkumlh!=%&?|lD;^mQXSk#6LNUP)d z9ad80zptAAu{;mBApIgRbq&s2so%Wpv;9T6gTjCOwjDr){(!)23;v@r(8*CxHhuOz zdmV8q{O5&YL0`_@K4@+&{MDD&$&Vu2OEhhKLp_Sj(Y+R4WxlU*Ki?41hikn(y8mc^ z`4Mh$W%SX-SJE*YaOHx}D-%}#kO5DC2z8j(JKB}s;P-;BBL=5u_P;*3L&(7b@QLLR zPc|Ps)~b3s^w*Ob-x%fiOMR$*(gL@!ATR?I);DUgawBF(17uZMe&#a~kT3hG%d>fc zmEy7Co45!)--G3)&yiIw;(u;e1OerSXSAsbP*}JhheJRTK3r_7nIqAUy7*IqI{8s- z)}F6Nk{-X10DP+g;|!+#&A3O&enjSOX}7TxKqtt2_Tcw^2KAl8093r*r~`)!cAX?? zJW9exJA11MSVg;nG`poA2;E;`Q9B+%k)5F8^iz=m=T17uT+V+wG5pC=NN~k5-50$I9b@_rX%K!}t_*k)&yc@I z7YMFFBs~B{^HIkjJxA6P71v>!xUY3-;!-f*@3^^>)LRlJ>#>#&TV z9!W(-QqUD?wdlpuwLkM7+yK;JHg;!e{^?;4z^1zXsHm5)Qi%1R2MPyd{;2Ox{V4Nz zuaC$Wi0~I92rd}#epK0i`%{68@d@dFV0+<0As~Q{IwmHigiG=NiLE!X0(7SSY3g4M z{_l^u9k}p54Dd{9!TTS)5%r^hDgON)fd7(-18%WYj40_Hg8yj2zuU@CTpzUm{x$y7 z-7v5og_I^UNdDJk@o%;=mj)T~Z%g#?o&kuGaEpbqt#Ts$KWZObMDG8ox&QsO|6fFZ zYv%tK(f_Ma6wvaB(mz&H z34b1*c6WL?mgQMx`98#Q4w0_!!V9TknRTN5jB{UZM?iR*;)D z>5WRS3ZqP5Z+Po*B5=B}W0?M#F~_LM)qW>gVA+pdoKol7dCCH5Bd{w3BORmv8KK(X z?A?7>=c>2x2WaQ_kpO!6MK%1bQ=^A9i{B^7+nY~|GYs^FdYnD;VX;xJ=SD)hsni?UF5vtI1*Ila2A2F4giVRFHS-^xtIVOtWw`C9mc!D;oVMykG% z(wktQMQk?!v1)ax7qxoua>0_SIcxWUFZ|1Tx!uy+2&BjiF0@od*9%Xs_66tdr4M$H z%I*>(`pe2>mc;}32J8#&KK&OIG+Q|JVsxJzXg}>74hLq4BKqIej@o{tQCpMP9ykeu z#pXMl=BzXyz*9$hr zZ6Mv#9RwfI)Q)#Esl8kHY12RDJF;T*nWQDd`)|$%-!V1V`}wR-xjpnuB8|d}$)vKq ztrB|KekB|vCbx?|{RxVE^)((Oh<;n~K4$cO_2+kmjnIPcr>Y|ve|#>UfT}Qx&kn+c z-%rFltS-k6v((b*Pyh9*G$0Mo!>WwV03LE7uS(uc0D6cCKf@RKbU&1rMGwpXO%_K6&duc0fU-h6-uJcp%EvZS{= zs|FLOz03kL28~;jM|{~IcCRP18PhiI;xs=5Nw%0rrx>)?TK!($i13;6^80av_u25d zys*Qvy8-Sr{Vx~|fu`ahB|0#`#w7jan{RP}Rdgq!`RkMuZ3SOiC*63GkBI%$Ry{+8 zxs!dL>d_Y503#~o@(5B$ zB&sH%49s)CIBagQG6Ne&AFT&it0OvzvftVa|44M4=qaiip3d5@uR~GfD@6I*5i>|d zY`Vump4-=&(PKJ&CDj{r!d*qRN_>_%p3v?7NB(BvFVq_<-g3Lme+BbKhRbg)6EyH;pPijr^bS!Sh^z}}6uCrOd*5l~ z>n(IkMDpDpGnSD53N6TaAJ>fbpw&L9;Ik`GZQC1{jsNv^1d_svAn&NFroKtM0}rWy zeO3D9=<_3=;Qoe6Q=s>vMryXhm`HO(YHv!Z?&wpsdrKmAZTq^TdE?7&OzB<>ne>dZ z=AmZ>FKhO_*7wVIGSYL#`J&ojU^TaFRT!PK=^o3-rllbVW}CjrSfQcjNrS2qx}M2I zljNL`9c9*{p#wyPKd_zq`?v)BAo(%NC(52W!*VPnN+)l&(J=_WbJWW15f@jl z?%{jN+^uuPowb(SI@Oj2L4_ZNcpL?H2Tryv&~vJMwwSrkzgwe1ZgRtpjt#qJEh}r5 zj={wb66K2i{Vn&iu>AeJFp_r7Z?$4~CWqdyHeg3id!w^iWB(f+q6N_3zDr(ZX7dlLVUVaGdBKwzuZAyuB}o( z)z5#firlE~CilvxEL>8Y>(%~9emk1@K5hHw*bO#Mj?aaZZWzjp-GIw|my|`%MxtFf zwa2$esTxJW<~Nc-xKHau9{d{JnQy50^_;cqL`iqME0u&3OWD6O+C$p9T@F7TXM<;| zqXgCv1Ml{HGgDpF5?n)4fYOBs=HzukE0f1`clmA*C}D*ORn?C^&Ah$CrQ zN#rs?{MGXs72Ij_nb=Y@+!O#r?bVx2Uzbz4GhOfBwe=$-+J;`frb(3%XAVJKhAz8q z^$W+BknL@9Jd+nSc-)&Uzvuv3bcjaFPh3d|m-BR68$j zH8RqjyE>g}0DQ3$mNQa?f%~l80JZoNB_dL!@mI!len|S-i=+yw-?{tGczjAUER1qk zif3=lC@DF*xC1*lnTXpH1H7=h+Trswzh~E;a>AoO>yS%KD*h?9(-o^pLi`u;NVMd2 zUP<=t2qujjQxYC)u9eC{wPpF+I8$aV8Ok4KKkq_%Um*qttY@age8CF)Vg`3;vsIo9 z0i-s4f!KB9D{NDS{&&evz@@roxMwtRTIP45z2?(Oyv#E1(tH|FQQfu@9Z$K_9B6lY z5U>4_Sy|NOz_(pvy%=7-Z%rU?-(6$^0;=30W@<3Dtpp|c9##i%f^uN6VP}1Z@(|LH zNn})3<@v9+;dqA_7PVs;?GuziT|+sLE-A>8DMw}i9y0P}SW8`g$8flAO73~7Zhg8a zP?!i_bHgPKUCirN&Ek+Bf|_Nq(0Y9sR+stti7QfD5v&KwXaK|zlS>N?y8!|@13_(2 ztmESX!!+=vXyyUMw8Js4N~EIqsfbeNx2;b6Y6n=P>NIa)haXdmf%k?!rvxeC$*mI> z7|rO4_wE2Fyd`|GA=2q7DWg<#8R3h|Ce!z>@8PEGrv3Q!?lUGgN{oWxbjbFA_vVYSf_Mf#qKbE2pb2&q{*+(^fa+d;S^J5ET?Cw{n>Z3cX zU2cJ797lK>EIyr!>S1p$O?0=))i@Iqb__1q@A72Y5%y#}E?ZrSWbgvo3$|)LREv`( z`FB+Gv)N=8o8-U>(d*hKe47+Bya|EY3NE}HDXM_q?q!S`?`SRWWyw>Z#&ng z?Ct4(aX7p=zQ?YzFyswHCeKNRK#1W|-E}qpv19m-LAAcDn>qnK?+^lgIfQ()1%(vV z<< zIQ_=)+O=}#?C4nWP|CH8pO+Mn4iioZ55?$aX!f<#(zfHlQ>+L_c;cDA-$dQ)o8sA$ z+5`5oBMhv(2}VhwwV^S6QakgB`e>IzTIH1J_LajTu;7jGFIWSd;SZo)_EQ}%fmBS& zlUvj82|lE)#ICVmQF*PLR`61)&;mAt&OC^l<#Vi(N$}9#JU{v>mh-x;mbe!Hg|E)g zf0KXp4V#2M7~mW{YSF0aUYZdAMFv-B3>eYpsRm!Z*r+|nN)G@125sh@_2WE(L28N0n-aS z)FX2KLd#s)j*de$lguXqt@a1;q}6KK{tII`J)9m$9jx~!T;8NZCQLMIZxE!h(?ZI* z2l7B637A3Oq0c`qT=T}3zxPWHa2!F@Z?KBs%?90sa_NexbQ&>7GgBw`?sX=oX0jVF z$0m`Mi=_>!8B`#3a7=rg1&G#--0!XWj6mBDcjd7O@EVAj2sqMkLinTkln=j}GaLke zLMo|`mO+iFSy-MqeW#`}f1t+HZS?x|og`poY><8k_%$T=O-rL3B+2u zSk{kSWPV8p^Hm(TU=5i*p$tqS$qmN2&U#&DCU{}63O`%KTP!c`;^4n=?w5^(( z;9Xj&7kvHH6Z8fpy)*MzpGJ&CurPrFEUSnY$0cO$c34ntp(}~T)Z7Ky|lJ$n7eEgveBlm0ODSVnd$iMi#I{9F?n!AL!KDLZ`D6 z?QIgN@rj;Mu(4<=vx#WR1R??axG4&D)QCH&;gh}h~)}~ z5*>K;oFcjtx=e$uDAda(P63qKelWj79jz79@l(z z=pJr`N_JUvU@FBF!QbPf8KWCj!0fPGmoPj6VcypXS~)QpXarx0>)u4a#A83XLO=bXXuqO*VY@rUqpgS)xO1G3mTBoD4a z_xEffbP&muW2D^|BfFYTG3%?x9qe#B6ai-rt!TmUK8spKI3Q<78CkvZ9^>Cm$tXLI zR^h#ahhFAqrg|l#X5UorjMP(lI6m=Bm+#pabUG33^hRFvtLXL&OA?qr#s7N!-6q1F zIPeH)E+vMz^)VH18XX=(u|^g1%CY20i~L}97jj8)(48&P%+^obn@D;?1e9AM*hFEQ zwHZ&ULp>n=79^a3x-Ny;haS~#Xn`6>VtIraiU!?YOZ9-rJY3H!Zt6;kq4*XJZ)Uwx zy{X`sCJ}I}Iw0-_RcM@6KL#?;^v9OME&*V1>K$1sgmd*z&!tAlIDe2a^aWd87DVn8 zGyDuw4$?l_1hD+7roPiiHDscsk4+ZsYs=p^4qN0_UEm)qx<|su1{9m^Wdp)J|EyR4 zDHeQ!9gvx$nCUQ4kqh@zbUm=>6!b zE2DyA&O|VT%VdKqhiLy%K60Hj=)(Q7X@>mPN8Tc(7?d9F%sJr+p{UnIK}(u(w8r9} zBdG{$VGbo297rl+Uz+0l=%pE_TUu;|wLdHP8=1WA35GaUa2umEl{g~Kan>&P)H!DaRXu#wmEj zLWEFzpAr^#D=>O!Q~poTo!@Z>%lq|jGL?e97YmXz>%sx@0G$%>)CJ= zDG;e~cy8cAn{qJ7DBLA6_^mhq$r0_r{^S|8@&_LlxkIhZgG;fKXzjy&@In(rRQ4nY z4?BtRz2nCl0L}B;KpQcyhpajSaS{TJNRY~t@9fB-I2=8J5>(RansTxcMEIzPh~_y$ ziG*MQsG>Nh+d*>b{Mi*HG<#JTKw$R%b>Jo7Xxk4z7Uj#*{0RZ=?EGi*)x$hfG`0xPtH?ntJWIAyj;bZg5@@spHD8fzs)ohahoAPV+dse|&*PAlTjSPqPS$3h% zQ5&d|NjKat33%+Q{!t5{X_VRJOd_omSj0HQKEmpT5{j4>f!e7c(9o#(+7aT|j??(7 z#ksUJ}RTYrLbqH?Q4O^+y$VECzB9rroFhj|BXiW2m~vUpm)M^J8Sgc1HRd1 zdOzD+%Pt^GS%rmEelb+;?@CmO-$X^@6%FcAHJ?nt+5k=)F1mGQghb|tpyg0U6i_If zWw@1R{P062nDe;6t!XWzW<^ClH=1E4J!iR5{3R)_90%J|s@dX*RSR(cl!*&%7oPex z&`OC_JPjKjQrO_T^x)dNG6)1;p6X^E%ZzI*ir}w0ZC?z z=CZhN@UIC{Z+lU}M5@Y3PICN61WjfQz&n6(9b5G4Ws=E5&rh>aW?q3%AV@}#QKNrV zn?_b{_ztuzzMt#TRBoM!da=^MIz;Jvv#^6nJnSfGpue0B6WH|}WL?{)qInAyU2j@4 z3tg+TTf){`hM`oWY6R#snn0U_+=;3sHaIOheY2?Lup1T(=pqG}M(S^^+ z_A$$KzS6pCKj`QG#F1ldSBYs~{=FD#BCuS`DenpozHJjb^_D|EG7GCv2BQP;x1uVj zCy}q$$%E8!PT7KTycp1jfZ4)K!wkPpSL;%Z^j$u=2YPUsl}8!_EcQL(s~g+`G32vri-HmI`JC z7Mc#j@))8gS2a*6OVsmXoP+4H-8d#47F+F^VR&ydcxsHzZ`U|^SfvxC3%paMA#YH) z&w@4q1xgj`VHyELJGt;GukL2oAB*JAy8BB|cloHV3b z%KZu}r&GtiQRbiw700-dWSlLufEbgIge7`_`yD;$s>Jjt96J!uw2q#aX=XZJZ%|IU z(H@+#x7r(IU(}sHbNNEz`^6twvhnrn)~@UEnF~so+9dzv?T0T9xa`I1(;|L;%MAY~ z4ItoF7LN5_9~V`Q(8YHnGi$tJaAfeUF`+g??9wj$aH|?YyPul#+7sgiedU@dVMC>x zR5ID2sQVp%`Xq^c$L!l3L&H5Lgj}A;Z?C#UB(6P;2JvYY_M07`tFBy;ep#gYg^pw1 z!O(Hm*^CvLq|9T0Fb{P(KRDYMTbqN0)F0sgF@4#?eHBAcBarkoF5-i@ev{1b97P9& zJrL2vAEK~lb-n(oOSc18LQ=wN-)V%Q-y30Ti80658fqYk(Bi1lr(kj3f;-Hsngw@2 zJEi3s6dOkxmab6iWMwg!UQSyf^ndlu`P9ae3GC!AKbKvoB6Vuxj_o=1FZ`5{-FQ(@ zqCGM>bhFpQdW5r7=fEEn8uxVL^RLinUZqyUulJtu-bSj&by+dC;*V%1bAB3fOFQ+u zW361NCU-{O$pXXBbA+M=19zdhzHn^gS{{>@f<&Vg9*n)0gj0mMHM_fIT@B+W)$N@= z_A}MI;D{7|1@OR5YhM)_egZa+JZNv%H)KWqz!BKN>Nd^m(WgOCPW!UPW3lsfyY;14 z(Y_21krD%Y3)c!}T!6Bmy;d~$c;S)04$N{Muk8M#c*2Q3%sI63bE^2~cQ}`%eNCy8 zAAaOzd9$XU56lTqlS%Y!-1Qq0dHBNT*jCS*#?+EY9D+S=OJC~;=*vZ1wRK-fnE&DR zaZB8x=U^G}3cm+Qo^sx56YVcA4odF^2M6?=%S=1@$x8{L==OqO6yYV8#>SWz`hph_ zK*N|Q4Egen+6w>R;Jsu^iK@yavIzGf?Y~koX=)E-+V&NcVR?8&f)Tw%Xyd7pX9S`s ztz0?|zS=V3$bOJ*f_8Cbq>b&9`Z>#CtbXci8H-Jmc+usN*<9yk-?FaSw|m2*#t4)w z7yB!w7oYs0W6J9v*AIVN>-K-Ve!FgR|M3a`gLShN8CTn{mTi1fnBHFA+R{-C-;)UVhIT*Q+@O(Eel^^9E0{$# zzDZkQGd3moT_UlrbMgTXTHowOc7r--0qX|icNTdoq8dpbaG7?E0GyWh63%|Z&LeW^ z=9oqF=3{IN6>H-asrUMal3N`}@{1a-&2cf{diUvW8u>fXD8gao*P+kO>_7+~EzwZ6 znjn&rMOO)Zt)9Q~(3Td8mBHZIgyeP_n|}Nth*x(QD?VP;By6c{m`mf=Ukl{=tmCV3Flv z6tqw(jSDbEkYo-HWTL6A#amy^L!d3;TJ|@nIT*qRTYeqUGrZpTT=6C-I_N_b5{CBP zCK)OvkciFTeY*xzI_HK#t8$SgRT2zlPD&XVTl}uq`IzcL+VoZYFMbNiS#EJyZeDCw?e?@{A0+-gAJL12H)k)^%+0l*xd z3*r!Z=V^?_^uSBi8wl-mj@R4LFxsuBze%F0kI~|Y0CBZOllV490VjD%PmW%$El$Z^ zZ=aibINV(Pwz$7_u08^aR$OZh)0bvT~-xUoRdx4{vdFC9q69=_WhrBn5u|P_pXO19aJ{g)uw^}7G<{*(V*NvX=*LFhKsW3tb;gEE586H7tD$~9wbg%+ z`M&(tw(ZudZ3Tt?0S*_T3q(86s}wOCv$qjR0)mkxt`OSm>1*zWzkyHW?VUgZMjS<< zxLe%Vc8_s3788B+Psca9M@!nj$iTUZqgdTM>?(mQ@W2bY!OQ%qG12Ng-rxx+Np)MA z>G&ymG9~R=n))j5^8wth(!Cn7FlQb;YzZ-xL8`r{{8qZvd@VcZ9{z#qE?o(PFEh`b ziH*x|DG8?IX$mu&9AG>)lEg+DZn$Sgv9A5lQ@TS8{n*tfz~aeO4qwm^=FqHTa)E znL&KO1$nw{*<&uss@U5nhu_1ZGmS_=o}NlaOIS&H@py4!#%}vpOJy7Fa)jI$rgwvu z1|82|;|}G@$9XGQUOUHW7U^~72PKeUn711lc~xzOi7~M~#bff#s|Z!_hxrDj$N7mX zSn6%SVahWqIV)Yl!B^KiBNa6F(H+D?ck0c47lw@bOUjuFzSf^z$6K`t=E^{M#Td*? zwHwJf{@SSrNrqcq%z)E%41z#MF$%i#y(|;=4GJII0juNHcupH%IHiU!<#L`e8(oks z-`6W{3hXmZM$!=uia~*bJ3Rm=nI0+uJwI~mBc{$E&g_cADcoI@BV+0fU5>ANHDVRL z_e54Gs(kbhDIjAd?Cm%URQ4NMoLV18((5@m?qN0#EjD}T)5OXR{mdF>p+d-zDSrH_ z9(Lt{4k`X23`vUcJ^j27y%_U^&$%r}aTeV8d-A&@d3B)4+>?U+TX!RvVH zSHGrgVa_IDvv&sNC6;0 zP(=M271XTeGkoO}dntJQO{`Y&?cM?6QHSo4ubIgDs*l|%54*>- zD*LNn8~cm3@<31dU_%vgeVjl+Sm`UW&dS`mQAVbmnGfei)6tZvEQ?Hjo`)ST1papi(*+HUK zQ5KfF`3q!y6+QCtn{rhUot9L8hdu>wh@lTJ|E4;Lcf;D*{W1X=K0BS$Gje;~qJ!9n zGmjgFo9wOE4>Shv24_X~dexp{g)#k;B0rwSL(mC^j`%xH;F(I_aypK`aAOKx>caj1I2+SkY*`)njB_?S z2)T63?)}tSyM-n13F-+*4M@*9(w8y_f7yTk=}j8I^O7 z+c|d)mhd>uB6UN3iG`&nnL;nG8UCpg(Hpa1h;>ElJ3Ld(PPIWe%mnc${X;Pgm_a?; z>q1KDO{^tqtYEd_)UT818`n|o81nhIOqxwAp6%9ijj7gCc^STkX|0rTFuPG=`QYu3 zg+KfJ%K_D^l$zb>&D^Q?-VfdB+cUq9w1NYc8 z?e_Zj#UP_PKY-#1so;l}b3LSu7cF9ir@8aJts6p`N>62m6|9B*0R+Kh?mopNqb*FA z=Y2v{^QPhtMNWjVd1c5zU(HJPPl7wt=x+jHp&cA3LvNs=$3$HS!dzBnT3aW4X$V;v_y-GgI(05Jnv;td!4)4tgP16s zi_%P0?YCap=Jr4aD3!2+6@YZQ+RA@v`RC~JbWs7eIC6KTqk#zi7Vd$;*A>*oXBwe4 zzJ?-Gr#NFFl{iVE97#_Yr}x6l>RwEq#BO;!hq$m_Gr%{5#wnO7wNuKuF$vvyIZ_8P zY_Y%I>KbvtKj66mDNlcG3*3o&^V3lB4zZKfuk>kUsdU(?035c>=0x7z!!u>nos~^3 z%#HOnjBZ|aLOfcVJ0+Swp%F{^y7t?(wIpr;t22~hgHg;z`2hqK0sW>Z{xl!XnTSPj z!Lcnx9^gp$H0SgC(=H*k(;hN65%2?4xDEHK!CBNqyIS7>+R!h}f_9tg*FxVzUmP3I z&YlhW*;E?HOx-c%^*cg5WQ@KcOR52G=GF4sN(OrzUknFD)pG|VKe{Yc5AlHF*L##_ z=l1Oze$J<*t*sDe^wsSb|7z?p0?e*4MxXW?)4&~=lji~M;D`ArUP^V*5eq8l#L5M3 z5>{F|w)Mh3D|r{ z%#6e=$lcn{Ew~-8w2EbYTpUv*-i>z~dCV!=iMZc2iDhqT$Lua4cwDR*O6=Uy8* zHk~J@{<2V&$I6!^Mf;AVw{Y3`z$sMtFnwjrXUIgIE36(+Y&LgSdN@8T&s0RtFZ{pQ zd+&HSx9tx&5j7$qgdn=;CD9qZOBfQOMvLAPHH=O|5Tb-Aqt`_5y(SSv7k!3A84O0W z!5H4hy}x^J;+%Wl^Zxzbe|*f$o@drxd+pWscdymYMV2YMIo(utC<8%XWUz{retJw4 zIs}P_%jJeMKg?yJOv%hEp$LaLUw^sXrniWH7ad+#oA@I zBhf@yYVjxGw(QZKuB+Gr=wpfCu#=UREIOf--IH%%sM%_oAowmi#`EEd}5n_b+D&vBj$9h(dD_mkQ@exL+Vvo!rYHWKmKinrB%7aM6w#E^i zZpz}oC8g-iY|Q6qX%*)Ntce=~vV7-g!DB*l`p{Dc&DZ$OWd!LC`(^=+&L;R;GxWU^ ztA@%EJoStVaGUhlI37Lh>DH`=J)YBI@k{$I+3lp#P@7Y>Gi?@xnqeItI^3 zA1t~dj8-xb;(MzF(NE{dx7T^{Ne+!uZ9hDqK99Ol`G3gJkvw1&!r{YJRPD zh$@XE-sjL1)d1093S@hgZN_M=ztYdiHcd@I<8WR`prEmG`BhYWpX=J zK&t}i7IOfDhim(??f?as#Jx9QkPu|xvH0nT1J0)0#!y|yvx@}E<=JgJD>Y;7%GjR; z4t#BsL^r<>MUVOUm|mq78fqq3MJ_y=(BOG$JY8#N=dbeZDkNZJ+oj&R*tT7xdUY)R zWv_+iXc88Mq;P4euRrNmXOix!fuk??FCqExY9$11uXAO8HpI|kY_ZEn35_qx0 zb7exZLu@3f-+VrCecJYl|8b0EqWNHJ3Ry4IJ!+K31ni{Ebt6AUWVn*bUbu++%O4KU zi^`!Kp040<*=?eg**OuZd0z`~yuYpZ_D3eqD(_o&cg4`O-(sZqvR8SA>86RE_18x# zwgr_ja6sbmsnbr;quah;O1*cx(A<12?Y`uOGD7=o(0lXyMx{4UzU_^`mGiV`t1Vrp zFK0?IV9+71xYOcOFQ03$d^M!R&>`jGhG>k}v=OIG4(jxwXR*heC*;Ho(`_pL87tC4 zZw=D(Fo;2p-$taS`S?R;B&RKTnZ@DDHGBIE7HCY}%<&19Dov{Qu^xynltf?%SvaxR z3UYoHVtZ_bZ-nysXzsebC3n%y1~r#KzLM!NynG8twk3LIxgVYxc zSqR_!(G#}$2E=CKB7t^s>-E_xedYS4qa@8GVe{DzrKKD~(*^dvL0oZWwpuMGu&XBi zOSE+6Tzf4Tu3qZ2+Kz~VZT5fY%c{lfcu#D2d{~Xr5wPnN&bR1mGDVhN#PQUjLbU=V zVEgvK^TGIcr(D8kAO@Exs~0d4_Xqj4TCO_7I-7MTx7QDM8`r`Kz2^LL#>(_2oUcB= zvj4b>TB!YdB5i5H=0II8c6=>h&njoBKFH6>bEgpfX^W{l`6@TeY$iX4!M4e1yH$Ek z#7|>%g4eHFO+{rZ-`2!U=(%bL=Xy0)tz-?gNAFYdy^mR*+Cg7O<(sV=U(o3jB0hKw zP1IQ6FT#m^-Z@W9*ly^^_?yWD#BTbOSF*HZu=E$O_o1d2^%A|>ybSuHm$CO^h=IZb zdMge;09^VCd~p9{%q&z*)Pz^qL041>gVKbwnk{=~NZTV8FL}YaVrB)WqDY^O)+F_j z4ibs%+jznxRsSuSS{WbbD=%G1=bT-x~^Wa zh7SqK%S2^boTYja^ATTe1^M$6BEt^O5d4=&;tbM}W2MGG@?JPQg!qjbvLJ_GWvfx5G6*|Vb3sWl?a^Q!3#ny- z+TcQF*KOp}gOdwy!ii&Yq9ky)4Q&e7BBG1x+{C82)}Bt-7t9UpnleB#Y^OZZFn#`8 z^y`n0UXSh#w7fHsfI&UmQ#C;km1F2!N@MYRZNs#Q9)?v8%*14Y=1kl&1tJhG`*2S3Px04Hu5n zAB~c55x$*pozz1hOkEfBKoD2*W>(?0H7W7K^$pp2p@>Dqt3^`;U>;!$5;Sqra(Q`kVvN&2YW zSf-rRPQN|KvgXIFsRnX6Qcg(H&{N!p_hs9L1L_4mJ{D&L#41H5eG#WJUIqK*%sr`7 zD?qRMTiP`BTHGRB?-@v>I>9y`w;pI3w7R}68h!waRt;wi7n{$y{AVN)al8?%a<@}a!h?7JPy$;=>U zBjF33w7AdoyZ2qYKO!$nk%U2TD4#HAD!`DcDk6m0PN|8m1IY!Sa~&_s{l1(3xw#qX z@!rv}(3f5IID0T@ICoJ0fbTp|5hmdqILve^N?@efj=adUtTcg3Nz(kWF$Y)31)NW8 zPp%*4JCMKTXWt15O}D3g!IlrgLLK zFzv;>gvSGKKTLdyrUT_E@7YH^dElB9B>2yn|0X&_w`Ca><&F8cB7YO8|E%Qi|9!_j z;BpY7+h_XiA%Dhi;5}J+B2vOwt)$3a=D#&u>>>_R=W6-2-@KZ0s`1}1uip!l4G(R6 ztV8*?hIay_kb%Se{tKzUPaaUWxbm!HOWBowYd9$wAmypVy278W`}y~RLa#HDGH3Bo zy;VB@(VtBu=qW%-=%_ivuiO3iHTi``)`SZ|q(mMKg*<<2cqlnQO4?P-dHeHkCja^Y zV-_x9sA^%Kk`>vXetvE?jA;NV-`yv}erN4}5rqHGVn`TDSkNW?tNZ(3iBjbNjQ(oHJp$g*b)B|@!yy2eU4v_};Q9YBvb+{H{D-Tvv6AhBvvitxq*gM0M8rb@SCV z<9j&Vd;R_`%!Be*1^5pI$5;=jwGQLShzmFbxZ}>V%nsu&0uFDv5|X%XaI2>H3#k0V zy#GfTakyTj>vls%Lo5Akz_N-k!*6-u*YB15O~Aj;4`2W@F<>sg=*2X$Xnn+i$1?63 zsVwzbzY|>ZtpUm+3&_|hDpCA=l==KuHKrQ{EbreC2tln{F4HvNL zea8^Y7_o8vDf6$S%eLcY&$M;#x(H%vHR7?UB)@-p#_liNz@nOv*D}7@#*v`;xakX^i2!&kL`6{Q59pE>Cd*%CJVjOlSIwxBh6)>w#z0Qvl)_c;m}# z%M4FqKZnI~PR)$B;_sG~!yu@-T4=cKo6uAn>|U*M8r}JYI5;!wC#6Kf@|hp;Dyz^b z5|&~+gK_6%`N#eClM?Gw&&aar2eiMf3-EjQOaPZAt_^?eLQwq;jz?U)&Pe4?zdayG z=f=ECjZVvUHSO=e&-f59x6E&u8E`l`G8Iby__Kj+-+mx{w9frz(0{1@eZJ?|_G&;&*wG_j2l{;lEJ6sj@XVpq>R(I;$gl9O*^&?sU9lLpr% zR$gA-#S{JY=gY~6#Ri1w9i8Z$Zm<+#7dD_^Y9HcjP*YBcinVpV8*1|!56?$KWn}{Z!P9uq zrCOk46k0GrPmV7G4Yzr`kmxE z-+k;x^EJ}_;3O}K!tg0?!4Fkko|z}1+D=Wxt>=f$cMiNhXTLUF2713OO(RRaS~MkA z6_bU2Ql75jjB85T{`q{2ut8x9l5((QmM(^n@y-}D>DJEx!vAHz= zv@YyYf2uf9s&X%hPerw@)h{jZ-DjqqwX1sp2pH$~devYbP%trM*=e+~M%{gSDoX*A ziJ1yNXKR0b*~3W+)67|pq~#+=Jc4jVIjI{5oqo6)-(XhP(IgG2|+tIY#z}ry`*Iey%Ich?1SAi zfgm@$n!~E1ex2Jno2SOt9!{#}A7n?5^NKZ-<>KRKpXvj-Y&Lr-Hp=}^L#`=-?(Nwu zat6ffnfR++m8!OoHPQWHYK9yy5m?);njIF!Cy@Xvzn0Lr>Z$Ck-|G9q_h?nedvUm1 zU4j1j7Ly&U@$D{hLNwES`c=T{|+@4n|-DOE94ns6LZpor~dm5 z+p}((1kh#6J|S6Q>8Lp~aTk>MKE^AL zs3nluEpzmx%k>10Dh2#hY9bXVd535Pc;yJH&SnQePd29Mt_vP_);=g0yXiN4)61Ti zM4)joE^-OXeusG^mqo&T)3^R>ns{GSaptIIwe2wT`geFN6|jcVmhh?pNrknEvJ9Kk znu(LH26pFoH2kz3SMjkI?6trWtPW>;m5>U~7!E=m$WRMdK9!|!p_HiU6&#f0M$2qv zPNA!-B+X<4Ohj>V_5U=*^AE+%D1Mgb5ijE|k!M`R<UG!tvh3!>J}OmycEsE!EO8#|JsZrftA+ zkx-6*SHR|M!}dZHHJ(ImxyQb)05^A^?}AC22g87A%&^P8gLFxqhM@JaCDqcb+u*Yh z#@W{coty2Wr`P5X>ihzSwWn?q-7#%!nxvtyB6J7PHkLm?2C3ep zmhQbT?v;%97Zy|11USx8g*)8uBUP0M;(GM{%l9w_>wKvpmj$E{p+<_(Roeov_tsEX zOmEvM*0tT!SbTrd;_J{sZM?ANOJ5P+r6|Rxr`T&L7l>WP8$FP{N;&+bPZjnPZ=PiLFlmjP|Z5mUQgM>X%EH(||9uq9!K@q2A2Dye&2*FfqfKC5_D zX|b{9$~QPnTbqSk;9vVu#zUT~!iKfJ4b)Q1Aka+BaOPza+2LI8>MkjL``P-6-IZbE ze9cqvc(H*+zTU8t$c$*C>|>S?!o zfPC674BOonTHU>A!Pm;M=uVa4yIo{-Lev%3(1&L{WT%c#?^Z2|S>IV6YD+_S)7q?2 zXtWJvxRe&~A@{Bc2S;tzt){sFN!6>kgX++uWO2SDWOfMx zAVZC>)?`jR2w@aj)wu$9C}p9WbYID$Q}FC{NC$_}+v6~~d*_p@{~!tFaFnY43LIXn zgiz;w^ejdJ=qcS|ea^glc|CFjbc^ac4>}e(zXVj+S^%aWidj}nvNCGa2S=&*-!-E5UnFxYt~CIz;i`7z zcaBXZlC3`|Fc>1cBXqC;^xR3JEo~Fgyzr79-4Vvn7=~26g{M|_iY5`o#H!GL=R*eL zQ%{bSKN#30@`M5PW&EYQM(+(i+x+ZH+4)W3nsERlsl3YVGw0M5=w_CJoae38D@(Vg zz$2Ls7y6X_+G&RV*6QkZzo?@=m@(A)%(V-~mp?v2`g&Ezn|Hm8z}KQ+<27yVlxofw zw2#mL^j3A`$a^bpFY&e)%l)Z{q!-w8?!>Pz-zehb#TD`j;a$Xy)0e$ONAJCRSMX7= zh&E`k1zIxAc?$H!qrOO|G~Zy8aW_ZMcBmu#JNuV~7^x@u_lB+r+6=^(}oSU5D9)nI8*e0_aCRmo@?(-!QFw_si0``O#lwvB>ka=nakmrlv36_p` z282h&ZM%!{2_-RKwM9PAel!-Ct3PSRFRU&mz{yBkCpf=`D?L;DXG2@9>h zIR*5|Ky8{?43JNVi)GOiXmVG)OoIEf0BFQWZ2|M&9ln$%p^LU5YA6ljqS1OXxS*SzJHy&CK?PF#7s&BK+ZMpFJ9Jr!i{pU`F@3GiL{5 z-Jf3afh_Nby@lf2X96C`>2EEAa1Z5|lYnVUSCBbcvGAH1$_jxk*;2auq;e9Zi~9Ih zSvP1GJ}+Rg8;+ZQY3nPF|6l!)ARSU5!o5){;H1bXhg<71=PVIjvom?JqDsKudJvc9 zy*#zO7_ZsH+hFbMGwd?7`E)EW0cz5f#+#d*sZ#j)m;jD>gVo5-m)oi)U~Kq z*GnEF!9MQ6Hh5Gwy8O7MiQ?N~r`jPp`0l?v@8@Vmi#t0Q?!AIZ8j_?$k-94K9K zf%_tzs!T7r2|Z<=2A0RZ;b<+O{-Wm5tnGMlkb7k|<1lCs2o8uZNw_G`FRp(X7)XQ-Brv2@W8t|u29rY1Ml6R1 zj+qqj?}y+wXa`SX;oaG#Rbadr@-DZ6}-6rE@8U6II8N*x>Mqf2D${EltOc)_qD=l0`(F5KkpO(W-YEn+3uXDtLtoiVDZAj5my@(}3srlg`! zVOQ(MU>g{k9}m7o_LP58@}#>7)u0J@u0NdNt$tz04VJGklH+s|czrT-dM>>j+MkX4 zQAbVG27kfbpoFtT%@UtDi8A9eyy_k7W)q4OC5o*PP8D%-rOl(Ol!EMeOkjy?yL1br zCu^Nj1zi=b0ulo~pvxWkv}w`nkhH6_W<7}?Fw6azZ|V^99lNj+aQ9EZM-=EIYS*u_ zE-9))-%OprOt$)g&Z5%oo&xRuWdeF%)!l*zT`xzvi0-VQqV8nnJXo=%f>T6FK>CPl zC7*mGVk4Cg5f$3%^o)WOd=gvDC5wxVC0pMLbfWnp;D7A#S;fm%>lHp_0w2_Ch?&H? z!tUGqN1k_A7PxHOFQ&fN{a{U{AWfM|Zy4@*gqp3ne^or!NtQHJDhNMp*1P+(CtIm4 zb)J@_-C!QKr`irSZB2BfpWt-Gr;|{m)*042W`sNiOhV7zgekXGU!t&z|G}_|Gf@Zu zBAW7t^OZ`o5QX4%fm9*FAD^f);(?1PxRyo6O|>BTK866E*sFA|Dloz?UoQWJG0m-( zHA5NP(;fn{sT_6}>Ez~@0#3OzX+~SIx|@wi`YH_&%weLGyxdf;R^lQFJi# z*64eQsn!whSe4qX+B^Oo>ol?|?c8{%>!ov{Nh(fdL$wXF30mqYNKZ^MJ&D1TKuCT( z2YOI{jfoC?wsd1*QL#W9p5Hk>l}Nt%ER#I*?)Q8nbxJ6G7rwmj&rejF<`NOI{%RqL zY~ZwYe2DFvKrruvR^P+SFre`oEn$VLm2?m(w_BM4&|^F#(MFWAn%-yjMl=NYiq6sA zh6N6j5Xv;*!y0gIgMKugoQ)Y$v^nuEz}RxyGpJx!=(_4_#&nP~2i zIgLOX?Bdx*3S3+SZ>aRA2=7olnh|`|ivpVw1(AA(PyUi%`9qi;4LBsT_&^?16z471 zqd46XL;SGc77gkbC2m6z z2O?{Qcz`8jXYk#MT_tQgX>{mMAY|}AsOTvgrLT6G81T}8f5U7-WKB*{w3~M|Ww4>o zRTQ@vhRYu)c#Uq~=z}ep5p(O6xQmK9k9{$|TB|kWgUih_RvU6ndJV<&14OW@L~$R`C+^dIBHZEbX{A?Pyiyde6?FX*9l}FHk?vdMEou zGKDUjEd%Kj)PP^3q)NnlVu47r9OX69x1jH6qU7D>|tLr3LQUP zwMiE~bZ?A7WI%L-U*pX47Q&bsf;a%TCb0#A#)HZ$#3V1R*R9^MF?_4Vnc}ljcuPBf zF)DOureSWn?wXWRS4IGKHNDYi@3>%vBSNI{2FJ%>6IwbL&^o+LfF(`68Gs0DyySg& z>2`#~-o~g3z0V4nTgo+=BmK{>X_4Szvb9;7OrfLfyOrLf)|?CK-?m5E(!D~mt1Q|oEb&B_2dkWtNJ?C=Fb4LAS8PyL=pg`>gv zazNZ};*a%cO&x41cbf5>sfx8*L8f zG}+F-$}h_BXEXIb%rh82#V4Uz75gUB3y_1#+mX z-a6N+j8ujX0P_)S{S7kTO)dCUnxxWpvRrP+cX*s7NByPb@m9_{jZK8}7lMryo~k&(ssAIhGl=FbtDHhDsu zN{IoEdQ5ajQFGI5&1+7RO@Hu`5%-yY<~q=TIP@YgMvbj%iB8HE1Z@$RugGEcH{y+4 zpq9PgD%%dNQ#kuTyKVTY2iiaeT0PA@HK3}=AIP5OLSjrtmcDFmcg4sw&TMq1OF=Aw zZ(2Vp$Q~*Z6}pi>kRM2RI(i|2T;+;r!<;|DSWxL@scojb@!&4w$qyh2`c)l~H6#4y z%&w5rIkAlFqN@g7tH7?u#X+!lP$;kHoaAt6?;#a#+c=Q+t<}6FC$zeE;=ZPX_JzMt zVSqfg9!RqiSrxXQ5%Efil1b!=HDU)-LKC|J+CIO34R2hmE0z4HjcUA0nK2g7N%#>wkVm!s1W?^KwA&JTdEW+KFNCT>&GqFar`h zR{|)<{{n`=NOYEjBI4)LkOz2w6*;CBE$tI%i>S$0q4ypmlCGa}TH7Lj*`q1wA6EzW zS8<;XevmVeus}e^uHwGAuAWh@XWgH|t0{$zN5>9}gb!!7%{y3DSFq;Ex zjk-64RQT7ZE%WP!hB>VJ2a+S69Bie{hnp#_i0<&yCee?GIt@zhI0CujpJ$<+!DcaXm$Q~{Eg+a(^)u!5NS`#ZC!y*Y>4MCk z>YwTLP6f!^KiWsK0AY2KQY2*$!qk`3MJ$JGQt10zV8j3i!TNY2Q0p0gM^{en*JwWaZ~MX+p_(_K-6w?rS72Tz9)u`2tEp(0v)DebgCwPjIHVL@!UPd)3U~0)5N08yG3(7a(zXQH zg%}wccdk(VF^f0kwmCT*>M3c0@57=guRDGub&7<`z?!_=Qfs_W(gr`G2+c<;t@_rp zG5V7tjd)7+EF_6~arCBj6c(rA{GJE)Rl*#XKDal(j)rwB3BYz}sr&Y+FeZOi@ z@-|KVyrxg-T`E&nl!o_A)c!oIEJvYvd;9)Ks~-eqUFCb?jp$XlCdGJzOXo|Krl>9Z zE|5E5uA7zY@EwI^s9hp;u0JvKKKM=m1oK=cu>1w76bS?;M+OOdjAT#$T_6Gu_Dr9- zVq(+8+t%$qSX1E*oQJKd7yWF0uF_eK*{#sbfNxKKC{wMn)_~SDbL#GiZB%P75wTAK zg>)#rHGen`KTt>yI7to!j(7^uli&1~qN1|UgWibrc*H?x?Xam?(Zh7etmsI{@;5SG zp?4~ykMvB)wk15*Cp)6tp9n~tl28jw^1bxq*$}r8I)QiY9i+0&a$J*snsLj=Rs~fW zXaxhdx@IcE#(a=k>kjvS*!_q90N=+B1ErV{&UFRw1?xC%JjbJHRaWu%pZquVp;`r9 zL&HoWPScJO?#PKUsw$Tf7q|So`Yk@M*Js)^?ZxS~r_JfqdcS_Xj$LkxzBycOeu=!E ztmm1Crmk*c@{ycMo9&AF;Ts@Z>$QZr=>*;36}u|H1Ehx3Z&aFh;R8paDJz86fip<% z{S+ry<0By6dIY$;x6j;O<<~T7GqnU^C1KHxnG@O}&pUyqo*+vAjK}lL{&(0Wg*tFd6YL#({z$$CcRTtt-EgCz<`0bhGyfjQYytSk z;ZM1oe`k1ZBS2P>Kf#dyU$|ZW)?9I_0Ew)P@6OU@=ltA1z6{c#0(9Ir)P?Dozu24q zB2xDH8QxTpDn9?;EdAFNd#)mQz1yso4N%YlNEuXltG_cD`~NKTZ_hsVPS<P*)j7wbI$EN0GrNepeHoCAiBMib#(BcAB7=Uh717tVjx#|-zps!i z5%J2LwWkmvM%0K%@73t9Sg120B25CM=Hrr8)2Ug*|uv*7@rp}w<6%_n0S*T&!TdD!dl4sbo?`~A@uaj&1jl0%y; zb#4azpqi|=N-fr}>X53ySJdG!1@~H6l2UwsU;g{{|EMe*!f=M`gEk4kE)en>s00^2 zsBv`!%l|b^}eYJC|@`+um#8s(CyNYJioPt5z z=A1mLJ_T0z`Z3N!Kimi-*-Ol|j&qzKPwNyHj#bgOs^^|nK|Zuf=z-fBaidr5k&R+2 z07ZMECwBWh8vPB<+174X%71n4`+xc}H$t{Z$Btv;9M0<3mHZF?gBH&;(qY+M-oG=P z(drB{oqS(I;cw{}|1)7fr5Tk!zm(^<#Tji6&$d}Y!pf{|U*TX`0{O1B66X^Mq{#&{5%e?X`4Gme~A~N^b7^K#wb`zHCn7b3*lpm)B(( zHAYxl+&MXoL=?Claj-w)dUS><{*k|Y=HZLhWHAF~who8pLWS!F{!|M)$Qh~nJNEPs z&m@)2T*1Bf_FlXnCOGUS;3GU(8!M)yx=4mAPXUvX?IC1+-Cp?(X}L2_=L~tTSH$`j zT3C8{Nq|*K3ib-ke7iER^^uj0P2a#*SfvwyZm;%enz`jy_5NW|cGCdP?;gTAS5nrV zI5$sxK~7BOM^r;OWRQNU(kX1FEtf@UtjtKkUZ>=7wkocC0*4H{3gZbLC69r*NqcoZ z&4mYby26|bxH50z^vq(&DJrb7)@YIs@(q;(w7MmWPIq|!`ZiJcJ=q1Odr4fkG0+Fh z~*X@|6s&ndXl9|O~_gl=*1d-a1VAzVaZV?+nV1OFmg^kp!Z{ zmm}>6jSEP{Z(XUGsP^o#o~mL89nxwL|FzM(%u_y>%x0mvZ&GB~kUiR_GkUAdwO_es zx}~7q>eG)4|C&Qq;Oj8}Nq&=vnTY>ssK$sx89FfkwNb6obBd|oMDq_~@$f-AzJl%P zh(993f2x-CdJyUDtO0SdaJP$eBu~&mE~gVEk9Y?h?(anyw!<&Yc&=OOglB)w_x*z! z_{A4s?7*u8j_W0aU5{>xy39Oa&XETk%Xv|^W?Svk71^lKUi4k5RY@DY0TPUCAp!OTNSs{}kj8z9 zu5Y&QwfI<0xbKrhDz(FjJ$n^MvjMrk|eeZt>=^`8R% zW)Vk(G@CU=jZsmp&<*^TtMf16;o!T%xA=N9NsUuLSFk#b%4^54667zaQsvRTK(+5Z+P6t4hM zlsfO756S*qyJ%ep{PToR3B=#=p)Uk61EFoUsy^r6add&J3-XLDtl(bpzgQo}8a&++ znAwH3Z$-(|q}B96*D2<`^@9%{r2BMae-c>2#`F(2u4_0M*1Q=Xh{-n(iP_tHLjB8e z{lC)!f6D0#L5gJM9oJ6U2?DSlZT*5vA)1yenHGfMTPzjn0%xJg*S!4y&Z!=rtOpIn0s~Fk8HC=fl)X5bE|nu0W|iW53tV-9L{+9|6POrZCmtk zld7>BNcwZXV>*mSr{`L|VtJ!Js1R^LvHU|O9enyHl#o*g;%KIlI?k&h*t{`pLCJG0 z#mF&GEBpv_%;Fv6yA})K(UzB7^B7-j+5h?Y=iI5G`Fp)tY;+VM*`ODm$DbIrhx+aQ zwg&G8n)DMMJWOI73!BSYvyh?C+;{PxaiHmCn%(c5z5l(}iUH>~C+VtNr+=#0lqpMg z3+4FTN1)5!`dd*e+e01QZ0ZE5+%i_84H{R{ zrvGKvJmWT#DIQb7T(p+sri~Q1>@%Rh#J@t&e$-KTI4{^_(JiEi7ZB|ZUwj*+FNprI~}RTm3~&e5y($Kn>=5g zSXx=V_%sCmVY|HvZvi6kBjvy1oSCuZ{)PM`e7`AG7pZ^%}PKv zm@_%q;G)db6eO}jM9GcIsq282z2|k^iMDh7(rKtcNyO*mhrevsaM7Tr&}WC=9?2~7 ze*Jm))-(=N!@@YN^Ufki$|kq_#uCAfl7VOL2DiHO2F0*T`I?1)5u^7GH#Z!O0Yz3T z+;3ZQY-RG9r|p>jxqw=a{CF2WWAbn>a>yDU*(f;C&A4w_+1=}#7hE00rcwIxr} zshm>RpLJ}y(Ivm6FbOOZ2t%9m19v1d+w(P27q|GN)JY6$9GNnFcTK)b1DN#t$|oCF zs@e>y^0yBQ7+!t_IqVO*Zgb{*J?RLEP6}ga7PT}vjW%u)SURLSu@Z3sPH&}8EZ?U= z1`JLdi>Y$j_2zup`P=rbCk59yE^kcN#)9c))Mi4A!un}rKmk~%ETY|^#??Yn0QsqH zSZhle^C%DetNtZb!8u~`VZMTWtR;ZGBcpE<=$SA>(O<{5QE_{((1Y*&)e6PUn_Hgy zA2iDyP%YNuL(0uw!I5 zB5zd(G$c+_9Kt&_gKF{5g3ENlScVTiF8IxRgrk?tpj{$_ou*#2H^~Msk{a6h&Fzdo zK#`R|%;Wts%H=41u1e`Ow`lsz(64#leEkBAeq|fY-(xZM(L@xe6oYPn4O;vIZbI~r z-~hljP>}@c?_!?pR6SczE_#roJaps_!a}?-akm3{d*6P@^~d^bil90*W%^z9n!G?G z#?h8pzK5@}H`b>l|&t749u&87g(l3#R&uX+BlxZl_u&VJQ(ND#JCW=?*h z*qHrj=TL8SF(DrOCI|~bK-49zY=?_q89^WB-BZg^CYk;HjwquC?l$I**d#&oQHLFm zv}BBzl~a@Grr1X2tA`xl>^BySDDJLNF~(udS&wY{#-?*d8Owy-W+QT0kW@=mS(L zQN~<3D7!3w(ekn-IHyy!)DfI??IzIiF=GrJ_S`-EWZ($d%2b$L=6+k{$Lj912Wtl}04 zmz!wvLfVU}93RXIYJS;8`M;s;PgRR&dwnT-rp7Ia$GG;Z<4m=;Tf4Mwgh?iVmly%c zaG@2arl!CbKKdLwbudr0T7*rVOw*#owC}ISTLAlQ=MzT$Q^bwM(ixY;!+|fP8`s43 zd#x=$Lf#hrc1toLFc3R5gUKrO7u(EOXu*B2yI8PWD;_tn&0I#x&QUE}4km`ggmKR< zSD-`vs%N_BQf)ES8a@VP)3eej%Iy7EK5slwTr^liz$6qss2ODQS#Onh)1NuMnIi8O@YB_zY zn<2n8sfAeL#pg8fw&$Wf6Lads`gPpXcTbi80MoaSs}iayppGke8cV%z<4>?hi$uX3 zw&II1E$w&M#!9 z*=PLSoz22MhGy?8Y-%0Gn?rJ;_&r18I(7>FP|8E`m7R84(j4fm6AWvcK%7&XC+>8@ z`rL8N#v&PjQ`QDJ@U+}--;2eMVe7<%BBtyG9PEw4yhGmuDkQgHn)|-PG0oa@&o!F6 z*}E#|dKqxPpZYPSPv2TMVI$0**9#|Oy6pU!3^;>}!hwPqHq$qnPytT?9>B@y*Y^k8 z4(mAl1M<=l+9L^#n&Ssujk=i`bai!AoF6CywrYz*oNNDr}OOB+sE+k_831w;N4pojLB}meR)bSS1qJW#Zx9>jZ;nc) zH1k<^1)T!tf0Qk!!jB5IPTFZZU*=Y&Xd@mj*T%52YvrDdB==0>7QfZPJ zas9!WG5x&l(+BAD?=NN1lk@1VV)!_#U<(;jRAKZ_-D7BgaQMhr+8lyj@0NiYEI;harrPGh=LUWrAVkGc-14 znkz*mm=Q;e*@TId`3aW*bD*pmA#gTe;+Gutd6~TTbK>!By6L)jBX-y_ zxNo@FK>P4`^jbe~{|L%+>b>VtCFwGtUa(UaJnKEtvb|e1nCi6Ora}*q-&N5DU|328 zV_R%aeSX&@S^1j};=HO1=-rQ>37jzK-CIz8y}fRsu!|!Fard~y1e9pnpxm9PTymYE zL#OUp#B3teAtO2`d%eg?CnK=g{oCyGORXUG#zW!xrMDCCIBLNFpflzRU2ywHgB;~v zIS=HdhV||%2X=K4q=)@P+>CR>01QCE9UTVreVuaqx_nUmbtIs4?~=0%IN#oekzmAg;K`Ww!^RO(^tfJ zLUNZ9+@;$hOJY{HTqW*T8)r#87b%bJ9OGt0+>_GZO6wUs68h-6b5 z6&(FU02AQW&qha-jb(CbX;R=*(Prmee-mPqEKmo^$yzC-JlWkz^WMxq?e8f{YWm*Z ziNhYQs=a6bh$vXhtn<<@zWnXm^QS|4$XGz5j*HAtydQ1fMBHt~J4U+z$~U%F8PwE_ ze(6c*jY?JR<1F&^Ptw{O@|?QL>q5UF_R|?{_8M%#cq@S z3eqWlpB|xt(^OQBiISR8#)mB`Ymkh(QAh*=eH#+}oEEQR{6l%n3A+Ed_%fvRxeQ!d zW*2=CB}IYSi++T?Nye-jmjD!uQeqp*fr!?vQwv(B4BuFPsno`wNJ8r>@s{Aq)7GB3 z?1o$JLvjP|cpsLCZG58cQW@J;r4$L|GZ01(+40G1$ow3iL8Vx@Q-r}=qT_%oFb$*R z^)C)72V_ofiJMQ79(oV(yN>pYvk(BK>sZgcCG`QWfiW5pyP=P-MPXdEd>b=#%q-Am zI#6}e9CW`~a7juK=kthFpXKhSq~81dk`DQ|%e!}OwglocP3q*`gLCq@&ov(st0#Vb zP4gv-ZdxtmXz!~KN8^Jsn1!Ykzo!t<#xV+3)wIGv+Lu(8;F5pJ$gNu{FzPt#jbd@# z+0(n9EFkVugH0p5Vd9PD)!x4*Xx%XC`i_L)WYi7mPLa|`H#G&#UTELUy!N6fK3c^5 z694jPt(K2F@s+D77^E*cjfNvjX4*Pcx5Q*YJu=ow_Zp}=1ooBXmsM9{&V-T`rDxv_ zN4rQ;?x#$?rUOT|WH#ek4*NVb^gYTgIs*@Trxu{5Imqm-=%qz3y~%>jjLcg-yL9r zDNFPC%n@+6m`Y3b5`Mn_&l-phIpQev9u~8oFsdB=r3%wmR?wH$Al`8ixJ)V#boB#6}Ata#(n_(HV8}N8vbeFnUO$@minHqpP zlc?^ad-g-ml<{Nb689`4fl&-_#YfPo8o3i-WJv{;O;?z;`mL%9qd#tSj*tNeUF`%< zSlOs%m_=HY*Dg-1Zq$5n5l@%EKi=Sa-)Nv+=2o87xl_emiuI?$&UVZ_%W@iF=tsH` z%aJO%08sWQ94V5SojXI_a|lD^#{;gcs|!7M8&j(Bf>>`1apFW%i?vrfM+^Q4##fx&{WdZ8PKgdL z+XIl1w^DoML?wY z4ho@$5Q+*mdPh3aq)7`M3ySnks0m67gb+#~kdW{U_x|pC?m73|bI<$dv)1!pvNCJ3 zXJ*gd-|{JLn^BV1h=~s1jpMk&@P(IidCt@m{IptmyFJeX;OV9SstqhEPqNGbt$u1& zQ_n334R`kDzD`Bgko~o3nnpi`FXlVq2@;m#POQ%s_ZFw7myODK{XVj1$Fm=^js}Az z#EjoI{V4CkzfP|2<^ZH|eBGx~e0WlAC@?P`w zX+ZHp_p@nIz1Fi8#=49KRMG@+er0mg{pMB{|0(ojOs6i+=@yaf8_%CcD?Dt+7u0<(L zOjJ4af=n8N0zP5r^7<8YuFB`VIi>@oU^mAdr0l;{aa`+F&REM0ZV3-t{9slb$3Fc) zyUu+|9KOG2teV-{0(XaMh4SmrIhoWZA>zLwfUqX{GZQkgx9_f33?Sb5lE>60TNAH^|R=`rlVy zk!(Jv+wr-n`j^tS+P7{1nRQL@#-#WGJ@TjWY7|oTOpV3P`KaSc;*Wyy5kEiga4yMG zLQqq(QzGZEt|i1bVy07tOK-O2ZGJ9R6yiQr+Cvp~Yn1AEc03_?gz{WNMxD~j9ZZYy zDN{eOYp6ILHZ?4VTYI>jC)~P1OImrupYP1rMWYTf8hh$AW){%7ox3Y}uHRJ4d<+RC zKVCyGSt5hdRLox0ls>T+z$%l;A7;fQ9@IL-23c7U#IB@C<=+*K3l4Et zX&2}2jJq~k*G>M}Joeo~!mW3||3r(UjiIkKc2Nms37$Ift9Q=QND8}%=B&UGkWv<7 zWo?ZJ-{7#B%Z*~=JO0k<*4P|(A~@owm=sWha(9*P-qpxEyMK<-@{K%MP~jK|U-9+q zsN{85c#${5*-W?5Vi=D4qGVjV^HO?JGsrdB47Z9uih{OQer7$Du@s|hEWJ#&kZdb- zKA+01&H-EsAS?sg)&u~vdP;@xWGSW3HJ*j(K9mY4qp-+$l?fUu7ij#)+AQ$f9PMV4)sSD76-%G08%HI5nDyWU{Ezo5^mQAl$k zBi)deyIDJ&=N83(%YCwD!hE!mfSLSO>dOE51?{k{(~*dbvw6<(w;!}THYBDzIrXt9 zo=#>QNWKZ@K%nP(?kpbe1^ol}#ic2Vj+p`P@TqszwGw|N|(!8=tw|2f~_+Xh+rowuH)4CUmk-9LrhHfO?gH^ zDz-^dSK9|28X1{h3;=TRYc1!WSj8kh0yZXo2*XV#x602 zFae$~Y#etB>RBt*#CA}%Kr*CuZ5hw7>07{2Q<~d{Z>iWen{42`S`2sx+(3Eyx;SbV z#WLPX{I+9ul-=%Ey$gLQ3R*m%mM|5Vbn;R*z8G?WQ$tiXAiPC?#b*G^rWc~&=EBkR zKzhJBbog_b$T;48QKpNF>uamrq!z^uiHZ(<2Y)4CsxDK74;RYX0y)Mbyr(_pZUi4A zkXG==QDn1Zcm8{7E+xd*Eq;LZ#c`2qY@4SUVi}BIf-Z%Guweoo`mrx$;6|3px(2@KA%_3% zH&^o%S*((^!X@_zFYB(k@d28hT1)S7BnU6N4KCnka4%$X7_iq1Y}-TZiH)>lbG(V{$07Rh&4^RNOi0C zol-|Bw&;}aF}muDSqC}2Xu%3F^;hB$V1>8XOdOA&4EQ7YoxDqwxAS>gj znco9p+M`1bOyfH@a|+wcgP!oI5Y0qgbCILx8MArhsIGi#K`+k&cXY$I(c3bjsZq17 zpIJLgv?5(oB8l5^olec^b<1a+;*0m1%LvK`tJplh^s(=7JxDs`MNmB~O~N7`@ph;7 zho$iWG#}n(jwIgSUZ)S7pzPdeqsUrTDNd3_*rxJ`5yZd%e6ofc_~}S0+r?MvsosE$ zqVBP)4~wkA7$7C5m@W;B0Hr7Aq56;Fi`p5&srM`D^ zVdnB-(A2bQe(pw4iqm=N4EX17o8Pe&cgh~iw3zfbadxn9dDH<@_@VLv;cEz`G~tbE zMP6gqhXdHs!9)}L&5RP|kU6+RRpPU_qSDSdF_XJhLJH2YzAsPW(syd`Ll(C*CZAoo z+ijW?bM{i=*_t~OSIIl51FoeWSY|_i&sLA3?b;i3fQsT$CUmV~DHvZ(03AT1v8)o+XI7WYUn2G#&Dv*iE*nV(0<$pv1p$(46&^hTm=#`G7T^+50^G!^1v7@ zKbBCju(W7!@Uhq?fJG{XN8)$HkHT0mjyfvvzysXUKoVKTAHFNI6J!BrU&V(hH8Hbd zl}|6ypt-ookU0z#HFu6l z*MFvCb2=ql>&aQ2L&vnz-HNg*2XrrA^`^+X#jj1f zO`~l055T%Ng`Yp~xf}^ltGdhll=$DaycY$G)`yNsiS8sNr^rL2uy&>Jgln~M?P81C zSE7_<$H7l0^uE33jKA#q(7WS%y0%f)3RK4|NO4PwGvQ|z)0dt1v51E+s1dbH(*yR( zug;3O_-z3iq`#FC8$?+N(VsUmtN8cTi>b5-6^>`Fo0cqlZ)kRSr#_3rYVEmP3lqm1 z8#!Dn1;#!Gn5^;bc9!tTGTg#W9IY&kvW73xP(uw`IIS;S=-EFRS8dF*YJh>}g))n} zJcz(IhcJ-mYt5OzUR_F7^O-{L@2;>g3=rpIn;c~$x6!wDGIv$FcN%fZO+1UnTa>xu z>l0{6GB*|>VH7YRBlJKHv#Vsd*hW-aVkCKnt{zi!n%a}O_XsUaib$vhup=ht@6#Ry zNGDIGpE~QD92c)u%z57H;6ExnK2_^37LR`CvIE3b#()G~MvjH#DME1|lS_)E49@w0 z3*RC^Dm3h7w;PG9nGiY2aaDjgEu&!+(0vJ0%ErxT?NIIyvIWzbOtEkC#}x<-GiSbE#2c;CExR9Q6}@8ByD5;Uhw#jVWXHs2C91KMyu!Ivs$CKNn4jv zKb^so@2h0_I?%R&efh_O9k!sX&uT}BIdlyZ{kbskVj)@@DmD=?N-oJd)u!fvvs?0Z z?E5J{MZD*LtCoNtDk!$$`C7EBD%gtx?A}J2@N)CaTsNR)QmqVS1*L10KD;UT4R=>t zWOY+5bp*Ea^xN~3j-^l}4?<_AQLA(OQ z_ZRbt(kOD;of)U(=IOEEDQIaHl!@>$%aW|bdgBhxXAE$e3g%4kHnnxFKyu8x;_pkA zE40Cwx6_C(ut+%Z)X9(mY`-YOr6%RQ4OliZZK{*`#T4-!ik+OwNXkU^dk|pVE5Qpp zGV}Q`T$9S|FsPkuniB6F@pC*IOMs3m-=qJDgkO(kHZXi zBIVmW`2kQI`5uNpcQ5?-ZN+U@g1qLH?asMVS+}S(|5`#s3DwrmlPXMyzASS++(|c@Tmgae7o>ny#^vNDHLaqRQHk; zzs7;z1HzIR8z*fQ=Yc(LCx2qdzKv@`Nonm4f4jy0?WG~MNI@(5W+H*}K`HefFY{4y zE5P5lKn%C||6yGJxrUw*6`J9~|4R!Xw0T!+IZW`;_44nnERs!WO7c%)O;qAOO7zfH zcGfFT{%E5)?tDc4Llf&_e@+Vvi5n~_r9HoO^Z!%X*)yp2#Dj+H4%7v$Z)ExY^K zvOt!bKh82z*3ND0(3B~X!M?g(u9uc6Tnb>G$ zp+JQ;`crmiS>r4n)n2!19S=~bpt<~<{4ItzG)VrCmh2dO z;qAZgPQUF_zkO;DwF+-vbrsJNhxC$ZFV%QcQ^O%sbP-Oiu18HTwWGXS7Q_5ui@Cek zmI2J1Kt=-Hf831UaCrRJLe;wxdrM9NY(DNp^F%s}SJ{SQU&KTP6(eq}`fLwRa&|96$r-)g3R`1C~_z<`Y7St);l&HKZl zz}L|FL*3={SFipxw!eJJtiAwP_DgUC=667jKOOWT5V2hh7|Qg+hkp+iS_y1cY&!}X z|6!l>r_YGr0~pG$g4|307Bl_#Yj}1@;H*SnB>g@6il>J|k>lX_iwXK~Q*{-XSI;QS zgDQV(Vnvz)L#Zz=`YS=--!8=Zke;^c7fJp1p#Hx;qyHCAaaEUTnc{!mlMvxb$b{$3 z|2nPy@2z-z)ZrNet}Ms)x4ZQhpJIxRNZk^+dK(5jBr6GyBGbH0i@*gl*}t4Vs=mk0 z1|R77GIwv>=wXPpy~X{fbMd#i@Xt@7l?=fANm5W#`Og>b-@6_E_bYz~FoEV%V(9+f z(V~abZ9#v45ABVh7d7=D2`QJYd`*77eq@-InuoHmb{cnuMOB8s)qfR*g$(jD- zMtwO%!#`R(M){N9{`1d5FB}H1|KBbD!=3s6_m;PM^KEA3*+-8+Mq$n$CvUc>}o+LlX{0l@Tx z5IWV;$1VC}l%|U=Ea`vo9{vNM9y3Kl3fY8D$#ufd%XMbKD-vn%u3cN`;=PwmbBW>E z51bzx?s7;7`=e^A{>jfTRjy0o6Sc0%Q{X?+=Ko{X#$CQw zbnl|b!}=HiW;UGu5!RI20K=&qq|&EsUtD}epPVT9{;trHUBL87KpriK_NEdI^!29_ z8LXa0szn8z>V=06aFJEm#M=1B;bSVR1dBh?q5tDjV-#pes+;9J&MbnQ#H6p|75?|7 z9EeE3gARcAhc4n!Ddr85@4X6Xp_PU-7kBt&3vXF@atx&MLmuHOt2hSFTgW)a1vWJJv@pUaF| zSWW@*?C;5z5kOFx8)^o}m#FRMg~=PlXMhDnSrI@XI&so%ynf=sN6(iwRo+YD4q z?}wbz|9H8ZhQ2VYKC&zVopW>q;z9OTE`Uj8{U>0B=us095kWl!iM*8i1i(apKbAj! zt?W3~Q;+J)SPb$l^^DF?d?{?>{6+u}*#O9er!bFi{m&`P(59+(Zt61YrG30qV5Dj* z=M}S*inJg&d&7~xo*6B-viaZOZh#t$n++T890Lk>tWvk;aZIzT|6|PUBKKIo?*P}l zkTR^le8Z!Prv)6wN zbx#X8df&SOBl5Q{)b1h>(419Wy$y`D>RRPyzluGePB)?SZZ1x=(g$m_=RH~?fVk`Z z*SEo%{SK391cn9pOV)}*vWa~%u`O5g)t$R{Un%H@v($M^35h&Er8AhTX&&H^3M}nE z&U$8>8N|YNVn;@HTY3F(lY;58p0XW#{c`ht(D~FkE4ka~`m43w9i=q6I^m9L*4&x#L^F11qLGXor?2b+(pUM={$YDS&QH>5 zR?rLZY8QM$KpFY~1}>X`lvlTB+kyCbIkyC_1?D(FmP@;(QA;zZFV}Ffk8DQA*!blP z+8fF047ZuWT-~#2f<=f|0fj30*1eCLn9D4SuazA~wJE`-jRdVdm(RB*7GeFP6_#L^ zQANo$yu3RcK-O2Sr)zF@S1nYbTgiYFR^of>aMDwFhs*g1Tn8YvWY^J`F{zOx5{t)U zzQ;X%J6S++ziL(#bLN_nC`tN+r{&YpT1oG*!l637YYhjeCP}4W++=N)|HkR9J##=o zDnZ2H@zsYnHKLqH?!4jzH%m-Vlo?j?sTSf?-H|B@Era$)DO~1}F10FaR z9>$-{sC)hb9`=1Xm$qReA5e_ErH_Zz6$jch)olXIjTE)(K>OoR7dl{RhBzOlyp)Cu z+d=kaDD=pz_>^tYMYC%ora>AO0q(bY)OWV&Ot*Ofb*)E}wa#LRS9y4=J&Y7kfzZYi zVFQ6ARQ=|r+EbQy_M^UP6BVJ1U==AdDsiwQG&x^QDZHZTvA)v6{3ptxrZN6GfLS>< z*2(g`?cn23voX-LjOS}icjohXVjNy2q?h>%bwH)QW0l;CxA*%z*UzOo%`sAk@A>B5u5|pLEW{Y7Q0(Hjx9bnr~ejl72YED$y zjXV)H?7qDRS&T>nWI62?MN{_|AA0XkIBrKxMA3;VlBXHC4mLmBz!LCC z`?}S@fE^Y4(7?h3-%(a8Sv0*k_o zOFq#h?Bml*S^dd<=1>O!7f$cO|HWi!Cl+v4;u((;(_JKnifco*Yvoe#QIFJE15tuH zt?|5tggB(IZq3XOLajkW{4}-GQ~&8+sU&xd^{_S$Tr(kR$-buq{4?jK1N)#VlOFfG zozL_KQUTOI56MDzkEgI*3clt7bPywtK?2?NK&~PBWcPUG=YXJ}b117%OY#1kp5Wbt z>$G|x^-yO2o_8`+=`Wgn3L>!lqvzvM5TD6f*SSp+VR03_bVtS$gnidzSLr(gGHJDW z?(8@GU9X%HmNdvE1*oRai(}gksPO>cQnNr0j+|y`5q5kRQ2vIG946pp=^n0^E}i68 z2u?(|Ebu~-URDaU+}4ZWeLUE__|4Mxd+R*#g6@;fY=-ENpgO`M2?---_I9T5c1gs5 z%4$Ch|1v@+>Bnn{H+P&&o;BCkwd}o1_OHGYwBM<#o(-O|gyResouTGyhpkT3EWxT8 z9R8M<3#9AOxItnxV}UNzF=epLuPJyYFLubVQ-WG&kKe~I9!skcGk3`|Qe8KZBz?5` zRf z90Z3>lG6PrvUPN?TNKmYO||!EwWw6(-Ez1)1URMyEe|v_>H2TK|Aa2EgY%gMY;SMw z)GRMflZ*iha*OM-nBj+qN$?ip;ID7!S9E-RRDzU&R(M(P{<1Kh5?DJCwQUTL^m^Z% z=YF$wC@9YDNtXx;O)ts?ZH2i_HT>_`#=lR9-=B+V&PiH!p8tYtJ$z)jUdt zdQ;?=*zy1L5&TEi7`h9@Tao=Q9|PO4Wa#lzZ8wxQ`)vhS0TTkvs83Jux@B&FL zp)Kbgh{?#O-3QvE;_GBQ{D(UNy?nB7qX5;`Yih(VDEKYWu);{M(RWz@*HTz0(e%q@ zD--#7g!6WE;%k6$wf*CnmQ@as;zWCnpmY$&srnE=p6k+Y*DiI=^z!c(7iKwkp)xjt zU#LbJexQ1VGCy|SuOD37szwKs1G@9g=3q;SF*#p(<=h#e``Q7E#Wl?$>(slzOT2i7 zoKcSM>@;(@Qiv?lu{QJlCgZTk4ebRSw2GashxTR14d-Xw(2L;nO}W5v{rt1ZY5(D} zHEE!GN=&-vuMeOS(20hi{U=+dBQ36+4gR0rJ2;=jO_iaRf(b=G%QGF~D6nk&H8^Yg zKm=b5?@ZI}cLt6P0}H;H0c!yPn4em`t&W*6i^;5UeL|p(V8&>nU&Zh=8JwIwWM3w! zV}K5v!YSiM;?0#o@$u+9JIk$36g=69{~4WzOJyXSs}d7j{a?bnSQ^o{Y|Ed|(lE@k zhf1{WcM)pTD2;4NI}%y<8oWr1v}}nsZqmvHu>oHm`hinPbpb2#w+#(S!5=3fRdSUW zFi56OS;n1yeV+^|@t-LScan9Vt{*HtUQWw1h47R!7)=MI4`DIG)sG9{kRv@p8L79r z!}{#87_3l**l+>9nM#qZfDIn)0js26hEui?Vtw&Q3QknM@jp z(a&iZH~uuj30zh%X+l@H)osGdpa4D*xZ)Zw9%|EFo%X;IR$C6D6Kr9bYy$%bfBWv_ z*Eld_hM-(1VQht#m~3rTu@P*M13hofRL95mor{al4@b%_$6ZwSXcN4|@MUe-m}xa& zK8I{RI0shd*-(Zk{Q6P!lZZaBDz~L_T6TH1Q8JhBFFVBIDVXrmJdk}7l|r-}6kZ

(+bM_K3qnLKkcZVBl1}rZQy^p8fC0z51=@z~mKkRCT2yQtQcId0r zywi2FVRh(eRlhQMz8*^AaZmy;PpCtRpJDRb)OO^+j;jNo=zzw0Td<+0Z!TxY8;B#tG; zCCqXp^0JDN7GO(X^)~!zJrfG=!gm>0)kr-)D&97If#W}_N&iT#ejS>XFbk9b&?M9; z%m@-jHg}`G^U>!6a`j!%xnV59z)VKTu{1w? zl-*C_bq=i+x5iH}=*UBanyq{Z^~PzXD^vLgO}I^u~c)JGzPL}k;J5m$kheh`>2 zIaX#Wp#)a=IufwC>}Xyc2%9XRa>={YT!Uj`tqXMfx0gx`%N0SxxrPb`_-SR%+jz+- zJbXQ;M*d^ovJN61952Q6x<<7P^4L5#ELR>y(H8 zULx{cXR;+s>}wXE$Xg|J9Zo?ztCcf#nY^vaDc&~96FkNkOQmzBP3 z@ctxqv=~}*4UxKyJ-9(sMGNyZ5w0%{Kp})19bKPvDj>84b-{`i-1PvBY1v>54f*O5 z8eT@Nn*<;vjXhyPOpJTqPYK--SoXm<=K0RN@On__u?T_~h0U4P$@o$WJ19870!O%S zDZ|fk*H3favw2U}0GuIx~K z4}`?`JfQC%9IHjkn6^Magq|W5YRB8!@LCk=yCcAkTI<3JdC!uT*~x0!ZBqS83hqWH zW>oyvme@w)23gEEKNZ-~-x8SPuJz0S`Nk}J>dAJW8*g1CY{OAd6rc#LcTiqwPg*(H zM+MFKJgBnMK3HSi3-3;R%^;hy-0NazP}RnAR_w88quX<#jKMDl${&~B1mlo+8sq#> z8I$8jm#YjKAwc3;VPISJ$?@(! znWv0@nv)zi40(U!kY13?dgnp5ZH*ghX=_IG68Cg= z_$w1ZSXMOmMrkQYN^G{^!TViD^FgkABy&Yoh{@aR{G)>0BLMWpnYNn>Y7&@(jEJ)lA96A`#J;tkNNg?xcpRh98W416quCl$S%EK0g^z4;xGk^ojP;^j_?H&5-uP zS*7M@n{gritqYjmz-(<5_Qp3~g(UcKvzzq7gjP8wf4JZrw@x7XIY{S~xMj?$G>{LN z$II^i;PB^y^}DR6>6Mw*R!!(yR@4W@kj;lp1l;cK5JL}$#M<+EmMaCv0A*dz z+xZ&F6faKwKdr%swj4?qx2(SKZeW-(3m3f zXl8Zas=Y4{WH$6hAsNvzX`G>Kh7?3j9EaRfr{~=d*Q`V3cN(}GN&8;{RwAp>e6YLU z@^q)-b}{%Kc4QH(B(DqX$^wT8l0|@+`zw;di|MOOE2Ac z7nH${?6OsBrh2mOU_O{GYtcN5Sy^J6hF%Dq>azBl`GqB+XfKoTbFy8RCETp`zt8Q#lsey40zZ?>zi{v(Qn-d(3Ui0x2tV&St+} z5-|RV*U*o(H_tHn%q)(brOG=JljhRph;*ZfE-k+P1kT%SSHN~R$hVS&wI3YEWhvKE z0lcKpfLikPBEt_3FUHUrvC5Bv?~ZILa$VKp5PiH~7Jzs9sQeLskh#@w^I$G=<-XQ! z58hv=9t_#vKCPF!tvI&;s>Z2TtQ!Z3v}UGVKgCxHYU`#Qh5AhnXOhouQ(fEe;<=UDwRZG z%jq;&8GhdU@y7!8Kf6=Ks^14Qbw5s}Xqpe@*0-i-%X`;zuUG&c@wI3Bm31KC94XQcUD)bIo!q_Rw_f4DckS;`USl4L&c z{uqS+0X~n8e*9qpWcd^HLv>tpqXO$~dZ;BgIV_#pszwQPm__tI=S)57j+^U7Z8C4@ zs#PqF^7EyKW!^-P<2FjV^~dccAR?*8-`lRdZ*i?F{;Dl}*WEMwpup5aPLp$okAG{a zFAk8TpS&s`I2yvMF#K9pI&kEPGX$cJboh`Y?61bw@hVeJw78ISJUf&%4VAiKVa4Ar zfT!eWt2Bu<^S|>S2FidM$!s5&>r6drOtwfsL97u6IGOY;giA(Th*LIgcR@>@RrAT~ zu3Cv0JHS@7%~*#w^K6&=-7|rpM^hpm6+fdIQSpgAu8fx@Ix~xJNZspfEXIeYZl_Ky> zM>(I>n4R`E-U@Ka?Lw~B!b%yZOTx>UP52+I$717ms=QZw<(QJPl7p|IgD3$Stk2wa zvUcmRmDmt!rY?N{;{$OZd6aXiphR-`d-a*Lu%8U8MEOk%IyK&)`jm(L2(5ge1*M=iO>>13!alLA9~s4Y#71gbH8!_4+Vf zN$SzX(o9l+ermn%#8GJ3{;EN=<}tN#y1vyJ9gyFOlkBML*lLZ*^;PP-W)gk>w#A`J zMU(qf4UkHZCVLg(?nArh3BKlVoqtn|VAD#iw! zL$yYC%#>#=`&8|yi_nY@5$55*W_lLu12(fQ^>#FDb#M=iQE%}2Ts^rPuD?&aU{cHD z3I`&s{qCM|`%s$*CIsLch=D81Qk3JPmBcARgZ6G(%lXuTf<%U*pfL{kENwov-r*;9z`K z{9N8`3{Y+GfKCd@YPNmGzzzG6n*B1nPV(9Z;EFJ57;7+)XmXlYsmH@gWG7&)L~2CO zkwSOkKgvtNBojbWszB^?hW2c11m16IFx58t?Yqv4f$&lsP@7LxWobbMdin$~9pofB;o(7dVNG6aSg9b9v<=ngO30Ko7p)A^%pBa{%QT+N+nXL@0ij5!GS}Ht# z!hWoLrm)(2JU@J>A&~%DeZ%c?PFk!@$*-xdY`zRpnA*FCq6}~u#KoS4cB_t$fZ}Dr zZc~pl&ntg1(!&@g4|T3=<)|rc=(|?n)yz>^$uvXn!31c(igyQ4J6$3nl|ltC@&?Y| zPi=<2;9xojU8gpgD~KBu#dNPtCo16I){}m2e^F6|t7Um>Ca-Ns9OO!6W2$ZRkX zCdqL?pFyEoI;tr$yN9>_d-m{mgF0Uv$XIMFj+2VMX?{x>Q2#;GYwk>R_=s>(yx$(T zi}DP9cjEhCe-@p@N}S1<_xZ@RO;}_(#b2x_4jB z$*&F&-rvf_eh>5lHChbp6r*~00fQAx_fZA47{9H2VOZLi^#x#FZ&hwUCDZrW)WT;&?PtWzjf7$a zHK#+L+U*a2LlWsON$CIpeZMAS3dg}J&06-k)Z^%&xt)g_G?q5+UF1`~95jBGv)>CC zw6}-IhWi^3%guH9pN$~_kwpGy8TRV*zR@KH3gtptQQUJ$EJN7|_b+EMz03HjvfFC& z%`>&GjJ9{Dg%|I59TkjunJ(+>M%S>d1p8(m-mYThsZdZ(lE0wf(JYd-*t;4xdiq8K z>}{RrM8GzDhvf>#{(0ME%-~LPQ1aOeDH+}qw*ROw9j7P{)r>UBZO2yzMc`ZsANt;S zkEJ@M@Czvw_W9cM7wVjwfTVfe<}*D@NSiraupJcUUhRzXojWt)*Y)RJQ~pETAmkL_ zQNsEFFv;b1p-ZiWT9OK=_$mBp8$L;HV#o>mdf7&T#q3^eLtjdFEjcIj8*W;&R0 z;Dpa8ucK)NP~te~y*D!dtj@+9M`}$LP@UTl>3n;EyGM zbA9t|zc{m=1TlljTIzNfL6y%q#YzZxDHnpOd7NWjG3nl^G<|A}A1r&F-fO>NIy}7x zG>%p#G1JB2-NI=vmxxyoM78p!0*e2U6J?mdJ_nw_Mo?yOVXVYwNcChbvLOuO_eO0J$Ax0 z!-f`&EiQw~+JsufTReC|#LOFO}pN z1i-#%_~`;NI;bqdGUXA#D0WA=aX1?c8kfcdRED~%qx)sWHpO_XyW_SWcM&znRSVAG z$PO1W5e@fi>Ppa8ymE2uG#|({j4loX^#@F79@IG9_v3{Np{&>sZpa=iwj=GP)&%X` zObA#iiYz*quck_Z?QHe8)i2!G@3w&~Pv7VkLLbbkH>{*#&07ZZUN|;tM8G>UOT$hc z_CS#yGI;3a>I5ehN!M$Embk}Sjk!S22DkZ9vcc!=$G+q{4JtpZXGq(j5xi@rSGCXx zAmWXGcWhIDOwL}6m6UdwU zO*FC1fq3|kO~N_cL6~e>_ax&#@9qEit(hMnF+dF4>Y07NGk@5(<7s@lUMqf3O0;X` zX(uGh6p`Cn~=n|A*Y`v*`}fkNB&FyV;eD^;bBrnvL_6cVF72 z-(8IY$X!j#SohRckLjAu<7${X<|D_&h)=C1BpVLhtopDc!=}udv=0oW5s_E&JHoF47==IW*+LoTN?Zz|olxN~yCrqit; z5*@6=lK+I>KebV7^r_CIlWHjZnuvlaM$__7$nH-y z!-WqOXX`fst%>>|h>!wh{G)Az;@-o@NA7K}7-}Y8ew7$(Qa6oz<+zhFU4I)Hdcol? zS(*G1g%^Cq$;mT~P`g1wVSFYY8n&ez&@&Z$v+(9RO2grKO-NdfNN}vF0zPftk@j#xIoI$Jb!DB?Q z`Rp?DwwPR{jpn-a&g-+sSyTZzU=n`;h#r_NY4fs21S)Bd=U0B)=>4Y8qC&~w+N6^C z8n0m|Ypc6mZ#yDW|TJ?`0T+Wu6*4EZm8aaB*h-u9$>LnvIgWr za)ps_lQ+ZqO7g>~Wy;DZ`GT?IDkgTQM%xyVVY2w_Y)8{fMJwntPz=d9YD)lU*7xJT ze|C37@R3l1uDqbtrwtzKy}3utKMuW<-uQlco3E6Aj6r=^BAjlLNFKQ4~4UO z-vst+Jzt(KPkcoCgZkOY{MAL!@@z6(i0Oa|wD{_KvkRBE$4x!X|5`aS|AzV4Waz>P zPu;keP4t71%9{Pp^jcVX1{ltY-pl3PI0X zSS@cBxM%2Lc@WGQnf5JSe=U>urZlGN!+gKt2gwUN@8mwb7SG7mrYEP#=w+E_17*>2 z>TBDMZosc}rp`e+^4Fj>_!x?Q#GeAEq2|S3`Ah+UB zWv_Q>jaEO)<08c6^R!iLqZxV5o-5tz>@mqDjuu4mfU8VQ5FRaz&{gfja?K_Vp<~wI z5a;uj?X8ftZ5w6ByDVtol#%!ICaH{OtlK!h``G2}!G8FF-!mi2+7*edy;`D9_?2A8 zy*rCUwVYee?SA0on#5HI>v@uE?~`YIA-7fFh?(HRYpvP+0pb;0OheoNE+iMthi^Gh zYgcZ{sm=pzs)yWwNZnN&b2m9zTe|2=UFr|ls)~tBXr~`~s+2hM==(zFpB9KhR2PB9 zVr&Bo6d)&Q(7g7Q(8&R(CS9#+%e{D9XsEpMBZ1owRi3YfS4Imjrc^q-hI5k;Sw{ zYT9Dk(aQD}9XkL(Lyi&zt-#&QMOEmfTsd`Clo3>;n&g9@)RYcUqvvpc@|Gv^ZR@PB zyJ>o;H_s!*xgKv#`VZ&*!{fS}MM!AqfqDQI=R6pp;fBpl6(6)hH!WEXpii}9L?QqX zE|76c`uKqSGJa8f@X8n^&_WF=7q6YMY}XN$VZpc5J=~wK=UqW>23kMuZPpB5{`3<7 z>DbZm6V5SFcL_ieGaE+lw5!lYo$JFZpe zU8h}A3f$Rr$ivtqIXwalWcTrT;CY<$u(?5ACS1s7naljeZTg^EzCh1Ff}(jjP{6+6 z_2Z&LXOgic^sDQftzQtNz-9ER*BleFp?`B?$()~iK3~e?5aoTrmDVyhn(6D#39+;$ zdtHZSV(apdiDTwPfRKG^HM5U#XzKhK<7??>Ma`~|gpEr4M((e{3VrTEt52H+PpGnM zWKV&r+s*x^S5kSd9Z-l_&DTkq0fU@3C7*oy_E_waU>+YS80f6!6qsii&K73DWvgio zi8Mn-<@*K@A%^q$1&QU2zp5fXyA}HgrcrfmTkgg0I(Vx=eu?$rej01a+EbA zPxzB(N^j{d%|MAfLpk1$v)?ei8VaFPvT#g#w1KU#IP$}9b9(FYWfTjiB_zlFdy5d6 zteWgGh`-JxIt-*gcRrSJ6{`ITVh`zK$Od;$<QoSkqB;El8Ux4`-oIv8h{TLwd~9#|#vW><4V)t2qr} z8@B5d!mdHz19AewL^KqUaK%E=Ap^q`$m0h^ZXnU{bhW!m5p?g4y$4d*#KxmX^`aFa zZII>QS6n@#T+(zFf%fe`xd*)4*+wtZJ*02|!qY)gmqVER2MW8lqg7_ShM6{hSFWCO znyBLNMeOZ6T~AdB5hz4rxWQfpKpD1?iwSZ&#Fm?f$N$CU7C`~jJ3=F285&CthVQ>D z)I2!${;J{Cbo6U(l%wDkK{9!k3dL_Wziyf^lK#{~mwG(opsQOVF_c!ks}hT}gulK* zrbMgI&|b`S)Gh|9RU;La62Hc$QFq2T{n=YBUcqjS1ix4^NCYopMxnSxubf~;<-tpx>kJg*CA zeI=sLi-96PVBdAz1>IC~!>FHj&)eQEUW4NGv%Jjc4Jpg*zU~Wek(SJgMp@j!YpKHR zZ5j~=j}B`0Dkdz2jan-`O`azttWqxQB|B7t1L!mQEhPkH1dCo>!_Hu(lU2TUlj-$l zm?iS68Fho_44tP6YTL%=6?~l}*ezh%B>_Heo0b65BURzW|HIx_Mpe13ZA*i6NSAa7 z(p>_Q3Q8j_-Q6Xjh;)OrbR&&)NJ~n0clV;c$=+w5@9g)u-+kWyXN)x*iv_M{KJ%IL zo_Ac=bqig;OIU1)ecrTXfhaE|^b?j3wgG{I#RT|McDtMrK2Sru231A-wj?h`X}{{< z&$PSZ>^z0M@TFRN@RO>>yPG7egSj#HgA0AJ@4`2Yf+{+k3r2m&13^NsNun84i>aPA zadddVXPlecMD8(aK^{~yLT+?@S@(!3V4l{}wHZtM(Vcu_-mtfV9KJ6*PjNt{;=PZ6 z#=o3Z4-KJ$Ly-nDm2r+>nFA3Db84C^?tY}$71`4o@YhX}k*`v$eIq%90eG0rBgNh=WXj5cq3r5PN4ReCC6m0#BHGQ# z2rn~Pbe_8siK}@Jk=^UNiiMgqKE97$bG633N&~Da82*CH1oH@0Os5U@T}3n(t<1}M z=a)K;^RoIn;l0cx7&R+$asA0NkxG!nN82|g^W%IPpI(9@+^7+|=c%`_@%edI3c31t z;cgM|_uwW?b(6iqBK{(CBjh7G_id_fsX&Gau%9&UiF`q|KfiG@tZzg{jmm}cy?%!_ z#yQMwF+m5ZY`D9n)<^req3{^Q(d_bzDurs#zQB;NQBKyomf!b{CAOc?3y^psA3ka8 zekIhv{f(;QYfL~5Q`d%W+-R2+IoJGN%FNg@C|WY>QjtI^P3EQOjRn(6l9#M z#+67JK|md1bzR3RV&401*1aUq%NT^Z?U@@E0ABt> z;)?#46+q-U-s_1Lkc&>qS4;P;rh3`%qN(8I=F7Rj*m}6^|;(< z>r(f!NZwGrAsr%6JUPCa_a+keG#e{i^nLba+qg1$XCLM!eS#MPFro>sgL?4-vXnRyl2d#X|6D5F=M#_UJaFeeDQZL_W$8 zf_C>2DQgUm9PQT@>8Jjk=78~-W$nAI-E?@}i-i7(FYLnMXUsk$?x{?m!7d)^hlIm^ zC3=O-t~t2o(O>Z*R`Nv3IxZte<-XuAem>_Nno}gZNAaZ7CdvPy1@Jqu0C0(HjP|vG z)|jEaAqf7sORg)=5uY3y=?;-2zO0_LqkM+pK2WqS^DBZx=W3MDW4~iP)*j<6~dF(u=?>3pgiUjOBW7PW7U*|SH>VN>{cUI6JCvh_= zHptc6ZvuBZnn^=NB8;G}v%fd+NM)h7q%oE(_SR(YiisPwf4bks>6c%6lqX^)w97qv z&rkTrE=g-f7Jzj5!QB$pHcR;cy~f^kdm{0iF#|9{v2 zeCNY*Pn%w=6Py3_mi!-oPyQItM6i~=u>JDN|8q3{>R^6Y=1CxbEq3tdfdld=242js zp5DKWj=b-lQhT{K$oN?n!BCKFUlaUCBWb-S4#)4KdH!c21^xhCe_k#BUE=>;;{Ubc|6)J>YsG)TD*dk&|NmUCf4=*#qw?pYABL^UA*Hdx}D0H*$TZjc=e;%^ZTUn3+zg>(dajvVbNIBG6vPsp?~L2_}~Ngs{LI$ zJ``*#QyLUX`5B0Nbmn-TEFeHrtWXbL(q`C`~_u$6H?1fxF2Oofg^tqz{ zJMkl*cDS;;kM>LJONhXSBR7SXjl12Lx~B;OC`n1;v zox(j;D$(YAt0O>U{UYhfta}P6JEG|Hph#d8pHobA&dabI>8)S*qJQ$AM2MmL5HS(3 zl)+U!po5&BvVYwNgxh-@GTI*K$<%nw#)R?3Y8H@C3;U94kNb+14fkNXmP`uOzp}SF9o0hqM9wMm-O>iy!Or~ z!0_T@MHWBJORp#qL|XBGiQ<0cy!z}QmvTs)?ebtj!5+O@2zuJYW^Dbc$x8fb+_0ak#e9Zw79Smr zQ+r+J^M(D5iQDQZ5|AB5tD9cAyV@5X627%l)pIri+Tz*$V3koi0p4{N+(s|33>fw=l51!lmLF5&uBsAG$%DRQdXLM+r*M+f!r#vA6?I2}StN{P@|Ah&AmT&vmuU&Oxle*L>QN$qT-lP;($*sYF^ z*EWh9pERCqOv-kIl0F{IR}Pu8ta8Nt7=)m`25o#D!{;c_4JY~{@m8)+fy#47{>!tqY`q-9RS8J`gM8~L-sv+oH=M%_?&Hk~$ZY1c z>Q@~NCuOEv_xWldQl3aar;RVDa*u${z7A#|;4I<0YFkY)1`?-%@FD`oJI6<$6x=72 zEZ9PZsQ1wME{14#8|4xAJYReA+KhdFBzAqHYO#{E%5AMo3K?t9iO$vKLYvrXLJq03 z;|;;|-8~Z3=)IwC{a214@Bk zya~Cjs5-gK8336R4|Qh(5CE4QBkM|E^cU4_oRNNcWlJvIbVrOatm-xRy8bo@BDEGBg2>|ftC-s?=v&^w+57|kh= z3A&|N1snH6I7S*bu?Xb_&P*2As2kjqX~Y5qt@=65&x{F--mBGFB_rd5qu5^n*~k{} zZ`7U0Wqn%J$I_s|ECRyrrH+TGn^K9@?8g))?fMCe?IRo~5#cYs*7}D_)K&%GxHaAh zPo8a$2U*PP(3aQtYaT9bM9k@WMtw9Re390I=LylKawOu2H7~Av=5R3E)F<8!B|SB$ zj&c1AW6HwJEWg5fzCSr#vYMHoPbT)sCY)8KPFtB_ua>7b4foVIc^m*_o8Mmek?*)F zDkxA(zp58@BRy58z$oY}Tb;+&O2p}>E{Y!vCOU=$7 zK$_O84~~@Q<;<6H-%ZA=LKy#UX>0qO3^g5`MWo!P#N-z0_M4n90k{5Jy;0-E5o7sm znpeZeqqO_-@f42a0HpL{`XqtEjMUX&FdgYPnsjmF5nJunCt1+-=24k$3-{4bXKL4p zvr$bJ**z=W=zYz0=rooY|6I?rXZS;%xQr?s-?}VvaO9Aloa3z-T?s$Ad2KXst0Z(| z5qb~5KB}&M(gP6H+dJ1ch&`%>YL9byzPyMN0eawg1hJiJ0IQ&ZyNqIu6teU^=s9sG z{QtId--+?$kn!A>OJNtE^T1oD|wMO@9o2{PS8zj((F3^hepN)(ZKXx1-Fttyq zri)GmKR|9$$H81#C?P8#@pc6ux0`?!o+iLO?OrrE)2yiv^C}vjV?}&s?nNGiR1&tzV`=_l*Ily2r(JG*JK!MEo*)9I&S*Ha*dK z)`_dE4o0DXJkkSNT(MimJ=K|GN{v{K8v3*G{Nr@}!@i0X-)jkOwaPIJ&Tg+a5Xl*8Jq5ZQk)i_C(7>b->u z5bf_=&0xRP|8l;%zWW(%0FT!+*MO-OR@(W9oG3ESmWP!7$S zf4>QZQYD%^RVjXFGTaP}>Tfbu5vXZrE3EMx0MByFz3+MZjUcR93ybmYX*d@)Fatzz zv)aQC6{|dNN%)NS1gf_&bOy!mV}+wtMwOa+;SADw=F5H^CGw-h217Z}YS6kk3rwQV zGmLM?$<8Bw)DHZ#n-^=H-Hlg!jAr@0`h_}8bDTNl&%^(B^9S^v!fMujQ>vQShP(E= zGW2EY1-|3--8+*rzMq2){X)V083aO{^x1@BBew( zExYk|0gt6jZo{>{Nh|MNK2smUH?NA`D68HsO&pd1`Ty#o1g$!!ZlF%X0&|YZ|FBsC zV7F#o5Z+xMTQ6`5-Ma_?IZL%`rl_d6x>MfIvilO?80sNYuu;|%X^l!D_FUnajvqe! z?{{NI)f|k$yR@teN|I5~LAXp@IsDgmJIP2hFTWFYl4%V2J~3Pm@it^M{1M6NPEGNc zTJ(9DctKZW^rxM&{j#cD980?A&&SFXC(CeqhP}PolAQNE2O9Pp&S%aYb-V`FkNND^ z`Vv<8?bnFUUDp!oU8xnbgXM;3<&vU9)&(hNH0$HB_i=gL&kFTDUe&9;PNgy*Soc2u z@qM+dm-)CBcT4&M$|jr!eK3je>-piMMJ|OBD-zH=H?sZvqi_eA#oOMJ#L+5b9l8OS zpd^dMgr(1Y3CYI}o5M)a2g0`%Z-}5dOeVxrwthadTkE3-eR*Dgg47;;kJI7Zd|D+E zvZY)ZfNtSDT%j)8GWLiXCk&`r^%w^U$D!kS;hfUU+pBsKaJm()-Ryqaces5?$ofPVH$W4(3F(^zg*_^S+edw^%8rG6%1BSC?AuHcD<8+daTe)Xf{AZ!3tM_fb z1mV&z`D4Btf?BE4kloPFyb~D7NX&d0r@}ZIfe?Mxf^$Aw=NNIeJ4Hpe2cQEnkaLdV zPp%fLhvJ?6LZ-SHM@@H+BEQQDod-7I%e@giN#k;PH-vzq6ddu%RAa1AJ;q1cGJ(T2 zKk&%oiRJ}O?PfL+Nd}>TTAj+vflD?REOMy7d-<$THy5!+#&OG1LSY?zC&SJMj_F)))Y(Arr3X1AS@OQ6X(7ne_>&cviWoxY6kc=b<*0LQZJv zuwst%@=O$9OV?xPLFXxU=6r2)BD~V(m*=<0`MO_uT=9<|EhN9{?mfxVF3L~V4A}lz zOmA=WGRk)>_R(3x8LH`szw!Qft{%+#**8ZsS+FXT?BW0ZLB4}kfcH@{OTD~PkWf~a z1y6H@;^6q{wBzgV)^rPbT_&r`d04DA$K6r1h9GGKJTMh4B78}lCoZ09)7DA6_7c{} zwvZE3!{!LpQn=163a9Dgm2M_gP21;@oHwV>th-AwGaPR9CBwqO$-BXF_xSIhhHRin z#fisI53T0eB2x@1w{te_Z~rO$WOGDzh~oXJPA1PV9Xk3!qz%1{T_pg;obgCtOgLo% z%1<1HRaL^@tzK}`0#JmanHS6kFuzX`1@!}K>^kQ=nr&{2aNA{C-bn|qe81)gexlG+ zB7gS^KSBhXVfB>2{Kap7ia`x+?xoF$x^KP}rI8m|-K}-Hec68K|M$a^B45RjO18`I z`5gHGDIB~+hB0f7dKj~wA0rs_WZIsxbMu>ba}-~Zq*{-xrDa`Tt6Yk%_lP9|4D z!g;Eq6zf?jKAh8}S!U3URWNGM@SiM?R&o)sk1V>Z^uJxS`TKKnfLe@XRP7Hccx{3D z_ao6r+7dw`_*0@ei4mi3fo`afC2f6PZ5&;4X9!MywN`=0xI;|ZRcPf*|k)W^)( za|RlJKL`JutpzMvFd4EQ4@xipevkbzJ}Mhl%(Tbt-+v}rApc(`W9fb}0?{9ErT$;m z6V3g4ig$~$1XfE57g{ouI7YuSlv-AuZsnd3I$P&08+mju+A~>aotjgBzB9|1BcFN} zjbPnagJct&S$`|&dXx#QB+aU_0Fs%9c;K_i>S_q+_icCyV?i~f|1D89$_X=MO)N3!t*veeG*D))o z>NRwAZJhnCG8JM7hc9l|?9O&357-bR-Fjn->@+ry6pB3z2~O6+$?0Kqwq|phX0+2k zMJsv(9Ju>}zn-?~$eHb|B(PqDYsuYF0%O~80yv_K)Oj6JCRyytJg{Dup#A)%l4@9eOC2qFEJi63+kRgg%t_@lmtj#T#q1UIW<@eEyOyubW2k^fyxsSL$6+=BAFYhiKAJ-fd5ZkqR<^{ACVWD&$;gLR~I}?*~BG1v_WCRp$4*D!{4~ zL!ONlYm}5r;LCI`eg7npl?$ApC*F5A)&1rhrI^FDiU`uld=6JUg^?*Nwq=cEFND=k z5(I|x4VAX4?wX-yKB)1yxh={}u#ZaSfPGMVYmYX6we zN0S-WF;@ClMhgQKI^Def%WJ~p`+4z^Ld-3CT;DZWKDSrh+nDhdZoNYE(oT*i5Bhl! zj#F79I4oAZ-#_GA*M>3d?I^KnESETimB5(&Cd?R9F!s~CN)=Vn3izB^nv-m6N}wOq zrau8W6vhI+v)AMw+%%dQh2DI7p}x>JR91}o}aOtBX5 zk>>W(1&mwlKlYE3dB52;;BY!Y?2ctBuqQQJ7+h@YPqJOQ2z+H7l;?18U1~Y)q(zIL z5<-0Ig?A z88?+FQ`x-6Y|cND)Tp+z9EqgX;rW1J`9}DO>2Rj)OT3~kr91_I0PfztBsU)`R5c(u}vja3RP&;-X@?s}si1K;cp;4uR+#doTn)PDwLj_KNT zi4Zfn2{g@*=kK(H+VIe!gq-o@b;_v!$`pT<1cUoJPFskH6y6L+UTVCrJz3^jpjje7 zw9=PAsf)Vcd(j?f&zM|Nv-AmeS~{L6!fN_#x6FA!s5|j#*h+UYzwR4*`LyLgY}(bn zgpr;u%Az^5=FBU3OMtC|I^X6UWZPQ#me-nS;tR|t5yasI^!1PER5^0Vk-Pj(W*ISn032zN>YWFjXTWRPNG9eFf zugg=_+MTlApAF-^%BotASc*KMJVBkwd!tD)M_#%(iI>`XP5_gL;60xNiyBP3uOdx%Mo0cMyVWoP-)GxTyvGkW+gGc6UCj9%py9TE5Jl2OZc*0L`P4qA9mPSy!T!m zUuvJe4CUQ`)bOlp^jTU}?sMvuhILf?cZW&-;>02MiGB&zJAK`qnmhP)7%Yu^GV^{t z`<(51=+1&qx@pu^rg@wkl2^SqIDdz0w`(o=XkNNVGAI`=D8g8b99{=C7<8}eK-!mA z8YRwqf(C>c3D~uh7v7X2?qq~|qzh=VILAhvjO%dA7JYNxJ|>lS9!(*5b=IRS%wvi{ zr&<+^vN2B!f_88!*C`cx^pCV-hgC*dX{BP-Xf_r7+!Z=s&J^!1lbfmMWzTA7;@&=v zb32bAV4ojdbTn7t?LeS8EJ>`E8i>=5wN~{o{*pu~AbqlbUZ(PsFMgKcu$)i#`EPrEMZf=$+g z`6Nb>Go*E`lt#k zI6K*ggd}%(h28piQdvV_FOSw@<{Gra8DjPiq^(nRXBxRSUQX87Mv*Y_+O346g;htb z{rC)N53q}zz*n!ei#gdF(HUdVf25K2Zug>HAFDVA?{0l*&V4^t6#?yt0D%rcpmbFZ zoJc!wJzFDA{Jbx}#~i-g7rKERfTm(De%I&f?4~wAum_}4*E&KI$upGZuflkP69Y83 z;yS0QPg$kZ4(1SsPdAM{%Cv8PR4dero6_!e#>~TWW{b9d2uY;DXD=eN++R5a3ede7 zmZY}*yCOCArL}k;n5@yfG-%{Lzx|S=Kg(B{C3(*LEiAc996Fxgcpzat>fz-wy4}c2 zZXoy6H@>L5?_;x;7DX%H^MI4_(gG zK$#}2!i;|Qn*$mT`Un0_@7wQjM<#W&9{E1bv4U$=mU9dCHycCx-^gfQB<)~_MJZ5Q zD;}RjJzH1I6eD8A`=N8th;Hs8?v}5J&=Mag&b(r8JU)(`AqBP=vtn`Nnk&djuw-`yWAmt!-`x7Xf3U;kuBQ55HfApcEMw)ng*w>OquC7oavfF{cHuUN$ zkp#sI6;D-4#7w_3XNes5%|0j*H3Kk3W40YL0$=nVD&bs-AnAet;oEVj53p63{@%B0KC^}2 z+lnPHK9KA5mr z`WB*xS05GF5+D7f!7g0e8!if{A1rqU1IldSu^#=FoH4<9p0GSF8;2AteR3o!ujljvr0W~yd;&{6SxGxQa z=-^4!8ifv-gmp6}WyE<&g&NaGvWZ$Ysji8AK#TJ!X^L356u)Glvz%`9gP`#|D&>Jd;<+OpqbxKP#!G0m&7hd!uma^_YHP;FuPm7$C+q~QcEQZ> z1tVrk1q>kLj*_QV$j2=cJ61#*iTi^r{DqmuL%RB$7s=_Wmtv0}d{@|y(?+Bpc!m9} z1;#bk5V>-xDRM=Lk%il0hR*W}-2o@Vn(p~VLCFc~XG5CRH@6M0>jDA}-e+)<^g_;O zDAEO*v0|VnD-H*`roZ`Hy8e&~kJ8$i*Ll8nQOP=IJF~R=!6Z+0JT7BY!WR%uBH9Lu zzHx14*!sUk(T4lXX-PpXGgGMb0}n`!8lzG|<710FL-A34H&tn7Rze_rTk|ISMPe~3 zX4+5S`<6KDk3G*pUL~V*o+srKrTu>4CRItI&AVU;W0_K{qAm8h+CyAO{UT*WWts#3 z(sh@Q>^-S~XWAaXdc^2>T`FsP>z5Xf4`=nlt-dRWc*NM~i~}~&l}yuIk9{Xonf0C5 z2G^-uN@CXv659>uQk9tNgR{_|JQQ7&*9D7(;-J#liGk4IzQeHffs+`_^%DCNINFg*$J3XOnbbvp2piac2Bg z0K4X5qn4ky(3xu~ugTO&LMYU$@1IsriTzkFw%2}a30A1NIuaC=Z%uo@Q!26xIFrMn zH?EVr)jO7Jt#Mtr?Xc@4dE^*b(xjc;Aij{y<=x_LMifZoS??y!*V%@RHpiM16Y$}~ zIp?Th%XCNc@ji`3h#ss2&1|ac+~#&o4fHTbEDNT#W?%;6EhNK0w`CDo*FWot4Lmpc z@-)|bP@=D{I=1Hdfak%m-9;DX4Kvr=yM?T`ZBt~)yCi)LEunajTCv%BwoetPx0=Cv z&~vD$d$k%?^^4wa?kO!|AG*VYi^jU$n`Yz({3co{l5BP33>Gr-3N?U z74c*n>6#vkm&Pw*-57n@WO$E7jsq&V-`!^q1a(}-I-fU0O^7|Px+Sxm?dgV+c}&+@ zFvhcfM6^m{ga}1l#ERQx_k&YT`xRUER~)7O_Ya`xu0vi+0YR@(6^z-WXgFl;5*+oc z819cWZ!l|=in;=(k8F;d*^sfC#}J}uLmVB$=Bwu)baugL#G()n4ot$s^^|>cG?%`q zBQjlOMbY0=cnCWAT0c~ns+Hw;+Bumt)9q>hI+fK}`*kgOv=Ry$r+Hx{XP!|=f*d&- z4;8UvO~V=`nsBrrK_lx`i?2+Cs%VdDe*SVAVioFRA?=gAD5t($y*JPNKlb(DuYb6E zH0;`n553B)eO+7r18zdUGAm*{8rhzORpIu`PT`w@bi)@sTX~^TWtF?qR(o&H%TWbI ze=kzqB)yelh-0M!He-Wc;ZgUO0SY#M5igfU)HJP4;(lvsD=-aMR1{FYGD9*UnBF5r61BW?X{@q_qrpaGip!Q2(wcKug4 zh|^RwlHKX3>b4!LH+RiCv*~DdGS`Q9cDNGcOd1^aTaV}-_)%R?e!B3;7hEhWJx1q3 z_>oF>R~SabK0LXVoyj)VLe@czGNX$ED@KivEZ#F&teAGN5g`Vr{~fW)Gv7m!dc8KF zIs!l}KpeUb;Th(=%`Ye(e!;qrkHoPymn^7S>WK_1VaT2>7inJdqj;cYW3O&&^PC-} zf;=kcg)^srGpB{LzcGw{KO)M{&y4ai9l7w+Q~p!)Uk_%|Nwo1@P5tyt$PRbe-%jYR z&)WF0eaKB)`@H2mHu^!DMQ$p;gMChNF&L%}#b3{Y)uBrRsmeUi$^E())oJgy(CAY| zu&!kXXGxztJtb~^P{@V1_X4l=Om6y2MkC%~@-9vHDbu0~*YYouxo=ZNwkAp_%%$$# zIBBu828F?C35;wU7Yvr8ayEa&=V;figVM3gT70w?(63sVAvVA6c$f-mx~pVCQwVG{i2 zY|H7(1M;Zx%G(R@^01(yc0^A)howz6F(2p`@a`2*1HIxH6l3|BEZ4=Jq%P@)Z8R9?+j&$;}dLcQWK`f1aN z*xFdDGq2r$aj~_XC8Uw&vWZZK68w~#5|KY-oTXj^-}SbZR7e7YrqLv#b+|r=+*KGmu z21ub`(L|)_O8l~dl8Fd1=~9@p?J}USMFj^{h~kW0v&>m$3EIJ+xcL*AP)^7}6_2J1 zggKB|M5*R>Mp9d&#&Z;lK&^kCeApUTBLd~l$&zn#)E<~Sp6QUMQ0zL@Q_N;4!^`;f z2D=UULqz3cLeVEzG;=)Z4)2(hbsb(q>RDkR`umM8Fz|}nY0H}xY#DZ>p;&1|9=d&{FgwcUMuyb_57C?{+mQpCTv>vxv@%!K+rQ!MBJVpP& zu7pKmxUlziES?h~KCN=TQcK`eCBFllR;iZ_n-WyRXaGqB?BXM{X>3Zh7BZ>5TnDRO z7|px2>3wKw*|7_ob=^K9mN!1lVj^jc?{kp#SE_mjCg^yH@J-Ns*GWdm;$aqI9xzsY z<%5Vy0r@8wT#X{LN9%-D8V{B0`wv|@`katibm^40lAz+fFLjYJ*j=1I3+P!uKd+b8 zp?W8oTJLI?NTv5f7#ImxL!2L63$7>?aA+v4!NfdGBr&|`=lFQ4BE@xQZ^oy;Op=a6 zLyNoZ20WPL8`4gtrp*AU<=%rHkKJ#laz%Yf8{%qEE@rmu2BMMo=V*Q_`L8mTA`dCU zx!#Y)jZ)vIrgJe7GsVTAK=h8d@nO6OT5afd>3CqP2+hXxEXfsuE=MexYpsF+* zlPYzaWGazbDxDQ4?~Z5HPm`4-9Y znsh2<&h{o55ztA-G{obtW@@PnX4uH36Jsfg32@o z47>mgJeo{6Jf>5!-il&%e=VqHV+UX$iD4HiaB6dulAzwEarpU&qGlx(sioKJKDW(O z5O)=%RkL8wfE4S z(S%$M!WD@-^z+INJ4pK9A49QgFS248`0V$}sFQYzUxH*pB~N+V z=^Mi0P^?~i>C1@j^1IUHB6}+A_XXl+O%Utg;lNs9a`4o0(D>GhN zW~T~@mEGv*;o%}ab4RQFddzE%XnzQph?_9wx7DL)uy=B$Je|H zvmq1I-=cCg?|PLWq#tWP{h3o3`BoyBI779&i7zd6;0!4Moy=*N0z;f+8(d$!-(l=DE@d{M8ZQ~1YBOsz>ml9|{$Bl~?(!g@RM52Vi!TbRuOUN! zx(1>PYjh&|pg4~`s`s79*QaC$pSiyHRr~3}Kk5&`gg*#2>^N4 z7&!F4d$fN@6Si9USogV~CgPbUY%SA9mYT~RaH5Tf6mkOh&XrzWKru^{3qpOe2|1fW zm%e$DJ}j*a9$MZ{_im}TAEZqD5~(_?{WWTXe_2(NA^~tJYpp%z$ad#8b?d@1F$DBGN5{k`7&=~t67z1k9MCJ3rbSWZt-I7UXjEI-_k_fVJP~l# zCipH&^kp&?FJDmm>TzBwHH%z6TRmHKgOXk^)0KM{DG^Jg+G$&uQ?xu!UK6#)!)2sj zn(t5dXat;5t->b&X(IF3W;ui#@%D}2j6#~!XF=zblU;5RRWecvw^I)xY1K<@6S*Lv z5boP}Hq-jK&n-=IPK0;n(yl49Q*1DdAzvM(E2wf5ScnYmTYPPWG?=JV;G-it5TQ-u zylT}5=nZ6SfEibZCKQcte`WTT5%;=E++T(e9l*eVp14dSg#TWL^ zV*;XVDWD2Bo@iuO-1_OYhm!Cc{*3<`Y8>R;@$zFA#@ks4>NDB7T$I@0cuTe~ljt=2 znF6iK^#t|+b2fM!s^MBSB-u|q#A;y6NK3z5W>DMFO`3x8<#LCQK`rR9QIAav{K3&6RzpuT~qPkef(pih3Jbjas2g z1t&(@hy9h}_hS~>@}rTrcJ7(WZa}72Y%@<@&q2>jilWfXj=ibPz-+PD+tnU2V!tQj zuVr(5WLSD)tDx}jf%bLHYEIN zb>oKp0#njE?xcmm^JqnSHBdK34hz_zQAB7wOL+nwdFFdopW@G9!+AsqbNDroMLe3e zZt8v9v`Yz{1?mZ9{aLHMO^&U%J^;+H=@G$=;}JeuFwWEcMrdMY6!GnS55X!%xus*M zVBu?@rlw}py8;*p-;nV2MHDu(VtzEX)3o=r<~2}8P3CJ;Yc6;PwS^pabsH({EwnjO zmxDh5_X@r)>$qv)&SSab>|IxoBHoHnyp zADnwOF8%7ah=-4Q5_Ka<(8&&G?WhUio^>mO7?Y3Dh3#EHl!)CzbE;eY-Xu}e>5H_A zZW45K+BH|sfu=l|D%)I*oT{__w@Y5Pu0=>RJQ9A#AeAi_UJ`h5vHYBd?mcqqu{QQD zuh-q}jT`~ZyT)Rb$}(PMiMKjDdi)Q(4hZjq`b+>=IK_Q%cAELH^S5*INkz*ZS+%XM zj{Fmk^r_|FV<#s9Ct(*u?c7)OaRhy0%Q4)n-Yr$iMN<{WVNO6FTBDUd_*WPPavz-g z3MzeZubLikmei$xydW_3xxlN-}F=AB(w}{w($BC!9voC4%)fq+)L5cQ00|$@r{P zsHrtaD8P}K|FcM|SNePg`RV2^Y0}4IsB4q?+(Q^XofS_JdWXkq>ZY*pShvuAA$U4l zyJSTJ5wsm-w+t%9kB#Q7_z%Dag9&5>NS_3Cu3@8Y4qnL`2G1 zDnlO*qdO6#f7o?;f1H$Xy~}#Owoq-Dz_xdYSD3qh*CRsvO*{F*c1v91vCZluRi0Y> zeM&j;Xy|jUk2Q*GqG44;<3w9HrkJqPALX^e`ehe zj#J<7ADXiQJ?=8Ah&~OB3tMsw{2n0TPU)VjrrBbcHEDI7iBF+-A3k}W5iH`l5W`zl zfzN93G3o}S*&}HAoMIEojgV0&At&z7_bh+@JmnvriPoIQ$`&B~B~nZQ7s@Imq6`vL z3B2f!uc6Q9?Bm$p;isFQcW8+HOxfC|3S#@FGaz>7) z;MRDMRH%MjuKgO#kZem0;0N65K8gjPbxWE(;s}Ng7RVIf@TUNkX<8VBlc>D`fs!cU zYbg!WT%2mqF7`DkDVzB|Y@0-|Q?wU=4BK^xHrBhsdGiBZW*KR^gYB_A`pe_>ILGa= z-a7lWO}@HOm>Vd#LxIXwIGj&v1UI@tM$nW9UHQtw4DVZOi_~qj#})kbIk#(ADKq!9 z&X*!jw(s(RbT(n0(&5a-_t=NnwDOKU5+wVDueEYcj|N~~CU)KD3)Kat_K;jbS&Lrl zh^tn@(!2C>oQX|$VLS9_dG5hpnHW8p0BC(h;XJP_Z^f*w8PY;>G(;OjTtdwv{_Y%! zQXA5;g4xdsN`p}XGwUeaxOCwp8 zQDQz$=V1+cT@+ob2vCqu;_nPer2?q+l9Z>PaOuBv*j{tezJ`UOBUbe|Z|GAQfPvsj zJU6l49Hx$W)}n6cQ6U5T(&d$z!@$lYn?l%yQRt4hEbS1GJsAF~h&TGd4cZUE<&)aU z=G%2oUq02wj7a&>C|~=;sxaiWj8E$g@1JN@X%gYb`(B;z?&80A+`mnX-bRTJ+iC*m zTU&PMiCSqK3y`+C_jEN*xOm z*zu3z!(bdp#*_Fu_~BK@vs_Qt$J4)?x}!G|X+j_2?Jcg30kj#C9A>BcU~xYSewtj% z^Hf=A-Y{DZ#Qb_a%MpK{WR*Y?ftuUwrZqSS*ZcNCO)p5;J1~fmyumF+G4e_$sM4M; z2?#C~6u_-QKyhIEU}lniMaA$Z#*2Hvck=?&r^ZT|z%XHrGNT_1r(0vO(lRYxkE!%K z3Jiz+oilF*&rRE)3gbId6N5jG4N4+{MS z*bYfgoxQyJA%UVRJm} zt@DB_7kClgHqqYKka13D*k?~Y9tydjw}`#p&1$70K9JF&f0J3t`!ZI)5cr(Yt zKuCAmcyA$}`CAg6qX+RP!jNvL^CG>X z_f|I=n?1xpl@h9utrNYL>`6Q&_neDgH*;o2o*1EU+GY z#riR)(bCIs9k^h9wnveW#Q}jr@|~C)pAN(+p}ph?C|sbIt1QN4;UqfNNwu5WF zzOOk=tHsbF7uSo=?V%eZ1d6mWM3rpwE9>52g;eqblBI=+y!R#kybE~?=91i3CvL`@6rtJ)o0NE&y8-mIkWnh&GuIE zsps1*yuE6KEeum(s?PG2%HZ}I7dsSv8KOS}$e4&I+Pl}nCplZ^uNxR^21oAq{^`r%6Lh!#dNErwVm*f{;1Tm(%1qwH(VW3tIXMP^vVB&azHx ztv?e>^O#*~5HO|@4zBe>K;J5Y!3enR{mdBzdL6v9BR-q~Y(d*+o(n#3%fj@qtIhoF z&nmNCemL1YWp@I-ooS!Hmi|mTRjTs?d)#P%d9vIXxwg>6ehwg{KbPG8EGV~M?|Bq? z9tRw;gNOEz6N1|7qh6|pElKWYyjSP@al+`N!}<*Jdo$8p#WOwVxOlPyTA9Ib(^1od z{d8}1b?U-*104!!I?HiF*ev>;cr@2?k*nr?7n1k)ler~Kl4V&;S%`ibY8tlFSob8U)<$;_Hf>m&P4goCz9b`+rP@o6k5klLwyL_T1! zs;jGf`o~u=zlLV<&sD4aP)-70HJ7jSRTP>K@cM@|gcqUfe>RIf`Xyh1+!aw=QRgEe zZS`aE`mpnr#qSEgtgSHXK~KoRPMg*LEC|aU1avUB-XyH*nL@#jEsEm+q1An4-RMZC zT%tXS#Qsl2{GZF#(?87AQ7do#a-d?YQMx4=s z%bikyTyyjEFzHwS^&KoU7Wifnj{1LIFMJp=Q#MWx9Lf0wo~z2L*%e#mjsL)p+H_-d zg+FenKkYCFn%hhX08xEi4`ior&gbQ>tQ%`;s49s zkScu)tiRF|v>oZcYoPp}{_dqz08J5NutNVIF6F=e{QsZcut1!kyW1;u55(=zI(CjC zAdV1n-%d!E0Et*@f2(5(Iz}5#7iM5l&txPZ!c2RxxN6R@iuX5n^DzmqTt8vUzxxMo z6i-;F-`twOZulm1`^e3TBKM&Anf<*$@TFkoY_p?jRPL|*z11c>fHV2_Y&(|jaI$QX zo(=?6?2gGQyj!?4%LYsiUjDe0O|5lVXHSJKfusWfsKb~P)TDQNeLV8%NYrgJ?z!Pv z^q`Mt447P4{@w65PE&4UW)?NZvN7zas#O-XP07$4P7TV%`6Y>>w|U_&T49ap;=Tei zujJAfyAG)3=gx8b7`k6>NM7TSpI<&IS3Ot(5Lsq%Qy=~9aYuT=C$0Loo?6Z~Pz)Fc zv}6$k8(R+Y4ka=~s|U=7PeyXtep{5dM2@2)TH|vTMvon{sXi+$TR{2&=!3;Y_j*0y ztUR{DyC1u&gWUJckn1~>?gn0>0fe(w4-N<%cH8_5SMRS#m(SfDw$ec^fj=Shl1?=|AAu;m+Ya(5DYucQCPSbrM3-nz#Jf>M3 zdWJJ*;w&z~`Vxm{_a~3n5UvbHHa!^NTrk#XOJF>=Bxsu4j3~At+Y^SmOb}Fi%==^z zbnwWtnUog7{c_^l@9%0zXISs*?lk`}wb%KtWt=x*as5B}Z#7C3)_byau5#~yz9DG1 zB{N;4Te17o_PI0CyUUgWD(Ql<>G)gH3nQ0t>(oW^p6FFiyt{zYWgVNbu&o=@mEy52 z8$1VB$$sP#SfviXCu_$xEiS}qIY3l6H)I^o^$7klmshqts{c~Vjm`^NAIR0Y6#C~ZGT-Ohh z|F%(YCSLQRX5qhoNFVRq%NzgremecmN87OH|TUB60;`Dzbbvr|LCEo?XBL)%=d1br|3<~H`iD!dQLDqxJ_}X4?k9^ z5g>lFHdHH5DJ18)5`>KP?zMf|2Ha9CopFq@$z z6|Dw3<$CNT{^v^l30zFTXrDkdR?z{tsfzt;;-d_YIc^~PP(k9_Qr!`Fp3V@ZxggO< zbgKF&7d93nSr7nI2)_~^E6#(S`}J#+isG5mPh%MsBE4Ag=Iia7)sk4$_cgxs*nRt) zN5hMgLh|3IXF*R??mM{+$9nGnT5yW&D4!*acP-HlH@*jrEoC%E$OC zn9!XhwT8Eh+b-zKI&eCFR-b{O6S#xv&1!jkH{P}*V^+c5ZBN(NTj>#5QELm)BJ#ql~Zxx*Yl?|-=SQrH_s=_V2PJ&gw{ zIH4^~nR_TG>ceS*hW4L$G(Swc`T8N@3XRru;&%Y|j1pu&>nSu*`nD?g{_75=Hl$a> z&y>HbkblSmS2?=eYXp?4Us4{N&2*WpJ}&*FmUcFG;=b1VX1X5K+~i?&v^LD7H=4k# zN;x@$){j~qTeZ!t)eUw5Ob&?Wd;#KdI!_0Q0Qisch865S=Xv)phKVG_)W8|09x=rh zF`@hi>V2fR0QE-sGrETLiu+6~!U`xI&3x>P17YJuT02dtK<+`WBOt<9LrUKMx^{pb zqBqK{Qx#K-d1>%YaVlsVmJekbAF(mHhT~?Jsl?{qWd9jZi?|Kb4J!NSK1-r&^{ceT zdf+3=sCinMcoGrgTSDMzmH-ewJFj((-4hLovV_2I#!*2QYryuXbK~j2!cP7mMLcK7 z{pwR0$#6#x9#|*v_b5s}mqlQl-#%S52 zK0cb0VE(gr*)ff=+7hk?r+ikRN{g^WTV{OwkX#HZ?iIHY$SK(72BbZ_9v~e`w>pq9 zuTKqhc^HnT=e)&yU*H0=zppOq96JN1pq96QNeM8&SX@gI`{bSvFJ|)_hx+Y(RU4I}OnLfF-_8iBEw3Q63Z*eEjHM)dN zglk;2Wkv)?hiSmQI_W8IY>tj3gRvH#Zn8iz4!Al+M^y)f6hL;ohwU?VV_72Z%D2F_ zy$9<4X>RmQ3~+^DNjCLwY+UpCd1aGvWb_rNuh|N_Ex#jB@6v`uj|tY>(Ji-{Y%8=8 zEzn^|M1W6v+6A4v%>3NXeb36y=2_J^{6zs@lwEX z>wrR$2 zn@ezt>Gj$n}mRJj(gSUp)_M|!pNFRaLx z)TucD(c(E!f{M`x93L+Z+KZ3inS1-&{Mg@#&0VeBp*&8yG-9 zDyFn&XK4=yy!XSBtpEwG$b9~3Ngc}gFtMagY#NW!y%r5`2oqB7yL;n~TStyx z<{tkrUp=p~+#bCgJ!57a5kIaKo7o_Qi|IY^^~#YnE37lyFGW)-P)mCX)M>8u1Uy*3 zJX?HQ=(X7w&3_Py`xGIqUQV_g4|`?#v}xr13pINf9mq4;DtvCAD)d1)_|iOPZ?xs} z2!A?#{A;;}WAP`7DICkAXi=JmZ8!g-u|}#vG|Ns`^aifb0CDI^R)EQd-{F^$N3_P^ z!}!Ras;!&oytHk@lNv&D3GE`Cfpn3c6((iTWlwp6czALd0`924_iEcOO zvuE+Eyg(hh+2VQ_T~cp1%?`SPv6~h)&X9WDcyD#VYnOv)5Ty7>3YURS&V67%ny_~P zRs;F=pHsH`F84@TV)3}*uRBiKsH_S=$*mk+-b!z#dJ7v-nZ-Zeltea=HmSXWs zY>D^N6vi`JNuWvRPoS0}BrGkEr@WBg3dzDf#}6J=g6WzhPP=X}HIN~IDTNpZlVkHl z;~AiJ>(ANCbQ&hqYuv`Df^XWV37#7vFJr*+cNcFJGvvnbEAAl26{sWsZiW22uk>HH zga_Cl1`V|rjj*uT>LH`f?H3L0SpahIws5H=q5in7_=8|rP#;F-16upL2A%vAp(}tZ z;50~;P~r6P?d^EKkL&9E;KR>G_ARgYO)48?Tbc?4`+prM;Hb8d9%l+E_tH|~csM80i)?@``Q*rv(z7*?vwA-RzK^*NviMVova1oz#WapwzID6NFbPWch1 zA>Ird%7*vP%Fe@;2jf$4;2g5~hS#{M&-Oyz4;>aZbH<-#Wkk@JRIlOO`!k64v*0pq z`K+5;UnXE3ExSVyZF?RGCxUbr;bXag13MM2g5*ra}>Skyz zo4=lZIMlH1@fvPadUSvf`hFoRjfc+w3g2}>3FE~Gj)uMYtVGZmjnFM0Lr|7x5@=sv zagAR+15NsVP^diI)Ir=0UrMx{kp~IpD}60!n$M4>%ej%@d*n@H*^80M3x(Pq49%)j zTs2_fZtAe1#t)`GJ2pde#Elg{v}!}rZ=gd%%*-Ciau^s)(p!7ZA zhhIw$Y#tf`D)tgR-Q#f+vInr`x7$7$YdZ3*ISJ79ZPN`a=_{hGYw2>2Lm9|RgSem=_-0V$XLxK#H25{UAMmgxvSz(OOMek>Kl zw>-2=Sm!f;U1?DA4zI|#B;O<8dNsDhy1#bIr;9Z~8JN!}0`33vw=acf9l`Yb+LqY{ z6YMk5HxQ22-+RF*m;o8hXBv_yurd-Mv!KK}4R-U>J<7Z}=i{*lBZTslFQGkXsI>fS zy0?fSUtLqg?JiCXVHYs7W!$^iGXQwCgeCv+hw_i_p&;7#GjdBsYX|WRd=A%)Hn`^N z3*mK=m*gd0dpT$%RnG+M<~Gyky*lsGoh*W69^o`Gx5u8#W0PX5PKUxr?Mo=_49(Ec z@ggY;)78QD&*qN!ym_*7`FT%UOFBX53pfrlp+YrmXzi#vQNUb1cg7C)^ zy`pTep>iVo*4u~5xTW%f@{dz~Q*~M@9$HlE4{hNr+(`j=LwWSVjQAgEss{7fSSO|_ zzgVc*PjfK+ukeV3A4Pz>1`0Q~Mgk>6-UcTfP`9+gYhG$1x1y1962Y!N<$ojH{8?lO{pQ^#nVV4NhD8&2phn9X zxIq|cr2ROuz>w6cuJ|gUi2nqMw?O74I7Q0>blg_SrQ2{+4A(O-5QJhJ9OGgK-;TCJ z{UTziIROEP+R{ziINmYZOmtZcKsXmcX!P@OxlKU!acaT-;m@cM1`IqFn+H~807r3a z0su1*zk07o=v})E3xR7ENTt{YbJkaEiqAya51^Da6)4WyuR76RI*kNmtY6?G z8CzbjQ;O@gf?X(Q`GN$kr0yg>4ivi@vRlIhn&(5~fY10&OD#igR9Jj3x%86o^CIXI ztC39An+(hNw>RX`yc?&+s1=s=glIFS`XKe3n-r>iju4(fj(AM)M>8plg%D@wN4al0 z(S7!V55IVa#|er>nA*5==6~H97j4w?VTR%rg9E6x$QhH3DC=ig)Glw z9v^-Oi`!Kxll9xPLgCzA>UW!q$9WQb&e!BST#NKNik5k`u)(+e_^jto zHMoY;CG^W1Hz-;3_Y6F@=_sl?h=M1oOIi&#cD3;Z2SXxoe@`9|Y@0RbhVjb0S}%Jx z#cl}Sz(nQ2<=roj?@D>o>1VY417CHVpz##pQ208f@QJ9?p6waY{;XqQPA|q}5bC9H ziDGso;MbAV1c|>rB$;)X)2=A5nP>}p4+}627Th)l+G9;I2lRn-p;U9O$qtU4z6fU{ z%+96up~om&Pc?A0%QW>PLT*sIK+bt>VP<#E3>w?a_1xl5PQJ3loKC~2qNX-JGL>97 zQTnwbj+Fc}{)^GAG7K%dD1_F3aXNXS049HzHTz{E{{ zNly9t#%YdARsNV02-W+Z0InIPid<^_&|eaGI2Y`D2(AD4Ta8Lqst@gz8|!RsL)}O~ z49|z9i@crRBPm+ecDy{K zW4#_3x7V)XCui8qGz+Lm!4J6ng9TDKua99yV&#b1`tJ{a+g|<4~W?_9SA-tjplkTch-g3;0?|R*Oz#H0jY`gG= zH30B7{K7QQD1jmAwJc3Xx%#B}Ik8%?O`%OiYYd!+hep`%)9MYDWg(zX%F}{7T+TkY z&hl+70Mqbm>f-dj!vqI`>A4cBY{r^t7`%Z3Ai|Ia+O0}1Xka&DzzoaX?s*U9*+7>xhPs<=JSz!a1hi=qM>~QjWDA zJeEJ0-xg?XX=TV64akqV?Qxn}KE3m}wLbpqbo9TN_DP8a@#cgBkDtS;XE&E;E(s5u zj;VV=ygI5)6w>tEr4L^4Dc?9b0EC&>Zk;jU_6drjBTFtKF_+&3jW1&_2m}KQ>TL1$ z>BLWko%2zJEFpb&z>OT(AdLd~(5|9ad$d@eLhKi_x!c`K_1p2)Zm!NefF4wfh8ovf; zAO~1?jmqsmw?C~(Hhe%la05e{?vDw?#~!-sVl)FVCf$j6C@OTn|o9T z&nt|o#%*YCHbX8hDHO!In_y;%4TN4tn2ZOMmcaYvcF=EbHSnj5xiGdq`vJHL@LR|z zR6v#wA6xdMIcbW?o^xF}Eh{u(vL>6-okv-snfG^*K0P>kAWMh|_Fj6#%*Hh52`a5y zm0r*LIfRKa_~i#(yd!W_O!gcqpKqo?#UN)A2O0%$2NaF~3r*Ptx5XbrEZGBn>E6c~ zQ-rb@z@k#i#jbt-=Peb|!a>yK1Q5=n`@z3?is2H@w`!MY7p+)58WCEKn)I}KamhU= z(wv993=oBgQT)|%BaZLhv(oy6*cNadGXu<~;MW(&`n-qItT^o2#Y=Ka7%GBA1{0t# zpi%f@-@dA2niV#8RQRSPinyiU z_wYB_AyvAla*MUMno#j32)fz^bkfFg>=x@qX;V>eEbYSFQf$pj(Sv^Q{YsB1QwJaU zBxVr?w+e>_1P^r%v|e=gW!D!n zrrHV?mbrqTQFL2s%$dBey7~#@0{XNCIT|CYJ+Y$6d!Fy;UvU%7%0F84^L1dV{~8$) z*z$-_Oj8`tJ=>d+M+>XrnJUDT?D?Q5(G!SznSQfz0#x=A5X)J7%+};Nu!0jFva?2+ zzUqp@;CSltlqzGTf6+w8tag?8Ku>G>@?B_8bZ&yv;%U{NnAybT5A;e={&M;zJwTgb zC|?yOq6+xD)djj{-vkiA!{tz>1Uhad6^b52p^+2{TgU@Qw<5*OPlJEdB2k6fsqJV{ z6b$DN`2$)*<%#uPtuvn`J%AKW?6l`JF7p8&EDXyzZo=V-4}o z;Wk-!*$G$jK*KS`OtA-awKB`+J1ll_{kejuWyIt#ac+4!NGdk*(nTAb92$u zc^{MRnM}9Rs-1tc%TSIY(#$c(;{(7u?@5Z`00( zx~!WvC$-gqTombL(G&1q3FF4tRY8P;oTULqujJ338)n+g2rskwCZS@{RzQ|8!HdOJ zkux(vfI;LZR&jda-WG;OB@orepL9ttohL3gh3%MwMvy?$owBuvTFjmO1Qtg$_*r#B zB{jWx+O_y*`1#|uUqpf%{fWOD7imS+tU@1p1qDVh+qIyyHH|(Uwg`oT^bngaS_rfK_tjJ9M<~W$2H|jLF9yC~zA8L2#wrBU?61x_ z#~7tUT$*$K1+z{&SM&a3$(hMLN2xnElM&!4+hZVlVEVN0uJE2;q$E1 zdBn)W5uW-VRllza4kaPtM#~h{c;Yv|(M5awZcfLnkA@%|Yh-oNGt06OkGvH+d4@9K z9UukyoV(yU(Q(@|*NiD6lFd7h?4&NYzb+=gM~?QXMTNQ^13*E@VXpPjz?2s_KRCR8 zL)gm@It%(F>hawFWnBy9BBywL1P?G3eM6i8wEA~=5&|5!%2hjT`Fc1$sT$SB$iIo9 zTi|Zqt*)#V_j%FE*+3YTAQixD>6_>20+IAAH_E3h@9|4|iksjj|NS{Xt>o?=ug5NU zku>KJgp|MTtYrg&p(}ZbHccu(PgqTf1Inyft)3Wf7&Is}e5@zQskiy;bS!gOs$cHx zVA#UEu-O|44MovV9@4mq?96N7A@&!CWQR6am>SMK_(Olp7b(Dk6oGC*IK zOXb&D;Ny>YgF=eCEzyb7!0E%S{&rPH!RH)<_8U3}@{(tPALSKuy;oqwr!+^-96Tm7 zm3IRkb!FO}-KzH;YCex^Ir|eEaL%q-t6)ia}#nK^WNCvPA0lo4ETa2qjd_5w_=LB}unjCx;`kMbtMrA7J0ts}e+ zANp6%)uj$XU@ni-lgR`eedH7$L~WZ{a2SM??Ya#xe62HZ>lt?CSeYMtx{q93)g`j2 z(rK|geeVDKC-(GxMiCe6+GX=H@_c=^wblV89-dQ zI(=2x>RQloLq{FF)MZ-5GePZ2#13tP(GA>l|14xKoAMx8If{3V@FecPF{RK%2NZ9) zV1ElvpbP#SW#^A$I99g^6pk#f#4 zG$@`1v3uE$*7KIA0$kIgdd^a7{AXsevSYM#ZSlvG>}6J|8k>P_t1yy}=jJb|Bjv9; z*&Kg!!+_W}Nb>?pUZS&>QInfe-p>=`L+r3oS8ix7;^nL*6uE$L34Pl)YXs4D=44G} zXgPahF;S*d76m>0^EhKSB#iDgq+I>ci%nkd8$j7}iE$AUf&YP<5iy*y;>A#uBSa

_Oe))AM!}d;mwFbgqrb*J9!~=3}Hms1@A|& z1gOCpr_q$6-AKivArKGz3>uC4k$jjwn{?TGnwY))r zsJ-Avt778E%O^pT!V(611PSVAyNB|YuwqZ+X}&yECT&CBQup#~Zml0}C1Dg82bE@y z$!3rqolSVHnDrFb9)aP)i(OyBddSiN>|Iul-*uf&L*5dV+1Z@;7+_qJf%XrA)TFw| z^OQjHb`5C4&|nbo-Xa>!79V@0E{B`1eW*v#gZbyQ^>%KU!I7VR)FYlPi^;Yhp;9rN z31&yu#MW1tp4mnBKsR#$ij)QY5=ZMqoETl0H8GCh9lBf2zfF&!gAai#qJuPsLrt4>z>&emmKqX9T zQtCs_VL-E#_unXn>CdpvKZaVsT1%has}|pP)!%g1MWacc2V71Q(LD0Jj@OPN=a<0^|Anw>!rK<{_v=E0!oKs{If&JZhTi0#T+ndK-BC(F?+miW`M85CG-$9 zsxQ5RNSbDwlWnu5W72UWJnaks=q-1?(l~#cxzL{u@f0=hc1Q+!#Mnxoc%3CZpD59G z-_L?AiI?SiK0`q>p*qR;{}XQtEDS%*i4wyeVZ?7FN!B6Us1k*|le@&N7bjr7zmbEl z)bI~$M42kb2sZQIB3<18gN%>%xP$kIi z9`DSYwrpI9t>wH$&ini7vwXZba?Gd|QXBNgRmuTupLMc{ASV=DS_< z10iFd{buZv!$|rzC40-59Iyti;xg0=mpdbVT;Zm=IC7Io;s>`t$UvkB-a?r$*G24J zRE~-vQmO9m9c%V;$@%&!mxyCTl=oyhnH8o%qrX zFu@ZZT_%qf5o9u_r`)TA7)=3PPFwrQG8~8V9iOkJR+=XaQ3oRT1sLFmgU>M)j-^4 zGId*$e$YvOHY%V@Q96TND>5oR=~@KLsJ>RgY zp{~!ONZ3oO!slAuXt%)=TUz;QNPvXJA%!krsb}&T1H8q4I>UokeTE?s;mP4%|KSCI zZq%+@prgtneuf+IY{0bgvQ!x58z;C6<9Zf0lt1lbv-V0!d0EQUO^J$#jibCTCMsFGb(8+XJ-(JLBn|lFA;7X%jjSk zTqKB0>X5`C)5E6%WCdR*?RNd$tPAB>pTuZk(kd8odR@HAlWDp=(bIVQNpog8c;ZiN zUBGyx4-ofvdsr|r+(;8>gXP7?)2}FI+O5}>TVhy{q|>xQjot8$la`cqU>@zt(DQ93 z(;)N#L)7)f(FJ1|GLp>aED5k6B;=vXqUsQ8Jc{B-9}mJUNk=nB`XpAxFi80J^+j75mFTi4M;U-rE@_6rdFziMT&ME}yPaqScC z@Ws<>>N|+fIju1QjOKw6Z>}NH(5w+pX8zH}kmV0Rm31a$P8^7VGia;C#FPkUWH{$? zy)wDCmKTuX-`dSdw&@-2kpz3@@=~{puJjcU`S(aQ&gB_;!si2#xVQ!uN`O7-8;lA|TyHP$$)&3C8gk{G1+k zf7%f3Q+q!Wy$p>1)PeC|d90yOf```)EaPvzG618Dv3&5y>ZJSA%+l)zCPb7kKK?+C zg|C2sD8759^k->I=(8quL}sgCm{&NR3QX(DW#p}-$cjQcIvye!9XX!-1v1YbG5&F! zyY>1KNFc(PQ=g#gf$7M;eX%R1{^G5&eyaW}O{Hor`Lj<}iE*4c;N2FIH#f6mQX%<2 zR9S%`_0wCpD=l0C?iqlD1dOa4gIZ{jbFL%8KopVq>LmyU_g$--Ty#=SdkLxr;pQpG+YpsNS`|h;N>%4Buz~wCeN_yh4rCUMX{cN`>`Hp zhg?CvX6|(L{e|wjUsfhq2ShzTRz!aR9AKDuLZ_h@zNsRh{NMO-kc^Kz4qLZgjtb6L zs3q;{NKcl?%Q=CjK#Zh-JMsM4hdP&}T)Vb$gng>NVt91SpSKHzY5yP)uzd!Z)081Q zp0+V%l`U9Si|3(@l+!F;@SyqCD)Gj0@AH5O5qOJ7prKjKp3S%^m#3&L3}0Utt-qb#l%sig%Hi$S&1WFGK(~#M`W&C=2cNz_u593(`RF zR3SX}^d>uYD3kZqzT+=BWEQ+zb-dpWj58&$`kA|R%r)>$y7{2pSc7@t$5-wx8tqor zk{gVyb5-+dGBV~p^y~oEs={hJSV*YMyYRZFe(#q)qzij}ph%eiE1%i9Tx9YHSlIjpPMnp5x!TLeGm0hrXBtD(+bCQANNlQ*> z++fN}!v*7vwPnokT?30StnZlNf6i=&diV+5|saY+0=dWDH z#PE+sO@0(~i1_(={7zJ$H;O)U(k-9>?^*whJKcqshwa3Xc|ol*3CDX>EV(m7J-2L)fVML~_& zAUcw79Tu)LEDtK*A8NK|ao%KZGH7@$MW}NJY32{NAa`~&Zryh0hFB=-xf-^Me@H05 z7k&8T)%imjLlmj+zXX)+MU89nqwBK6X(F`aU2W8Lkrfprff}UbVL=)A%K&1!MW?)X z4t)BJO)3u#vO{t`7yZA59FCb6^u$6t!*Q`UY0$9yy7A}^rf;*$F9}6R+heCTFy6Cf zA9M;^U3~t$n&0sGlqT%hk0BgS2fOZ=2Eo)m^RR#CPhE}M?yo;J?^!oYjH;y!N=Vka zsn8P6gTTRNgP{@+P^q~AO90s6Q50ET*b$fc6VNJ)3emN0N9;rO3%;0jnx7)w%{w+(_wRM=P>O&ORY$fRD>S-*^vYxj#gfQZ zyBs9`hX*`nMsEp5m{o>Ll3SbM$0SR=L0=aaWBpF^+~g?u)-^fycDz=J!Lzp3aaLYJ z6P=ixB_3vaS8y{XR=8nU%MFp5o~nDT08c|-q&8WkiHyW5#$%?~`wj+LI`17tyUpJ3 zLmvf88j93Arj1wZ_6miW^Y8<47md0Uwkv74tLa6bK{zL_rOe1LdY5s!-pu&@-hMb8 zDI}+t2Hsn3S%#G}0Smhn{Rdmmka=#-v^%c!k{hia{S6o>vO17t9&$c&ju-sN^2bYT zr?ji1-4+?PW|-neAc9i~@gAS(u$PF!>>eq>Stq@-y?Lz>>E6$tfqT8sdPZ5Aa#(qa z79%*Vii8%oGLGPm#pMpxORJj>*7@GZ_x%Nkc#-g(Zv&^Ky@zHOpF;QQjW7uo5#}lN z;W^AWZuXeyFMOGl2s4oMHg-5*J^={jpjbw3%de{Kwq(2uz4>8if<^%uI!nH6H+&^@ zyU{>Mmfv|Nf#+&ZG)XBB1R~6HQT2>C97W@&SLAKG{V%B?l#UEKblk7ZFnWs^hyT{_!f^jTvxS>Z&`!&g8d? zCEXB7fM^)W3a>GJ3V;vY372&5zBu&qZx-_udi`h36H9`d({Sa3*@MX`jZi5pI+eEH zmX02wdhlTy)k58DRFxp0a-2P`h%cqUS8gIIbnsls}C<}J6=a82VS^YlVj#pJLfr$nYV^L zHNvu`9{M)nsS;58nnl0*eI{J*v+s_x-8$d;=+Z~6Qi-$O(fOL;LR2xho9@lxr&+zO zeaOBoGeOLBHM4h%2tw?x@kx{iInj7sJqf?}VOeMu+0B$9sqLVg(Q{C50>vig2*qpC zp$Xc@(6R5suSs0(0+yIOsGMVACR;5lDiRfkBe{^-ib*579akx(ySb@1!5*8Wto`QC zKmMHO>a=HIyP&nSxAdylgMSO}|BQ~?3f-7l5chrG8q_U4w+IdRP5ame4Xhx^FGKaU z2`-&(dEIp$Br^5I*uLeZ>x|V6-V&|r0ZkO5de-)>XSLPoxqOgkTvd+3<;feC5Ry+G zF>-{5UI9AVVj;_77(zXO1bu{x|I1$(VfuOE-rTcP$;5rzK5Sr6l*=9zEonD_v0B8eJ-q%KR{OEb+FvePbcj!y>ZyWFrRS6V}|?KeF#dN zJm)3nx|o;rz~De^j^8f~R zZ+=XLrF!T^rxLbP>6l>Dq0>>gatJ454DF5XVgK`cKg&e1?VT!Uj+0}Qz$fi1r%A8} z8Up)Olo7=nLq4QTTK6AHSP?SJp4V(Vgl>QN3q|;gcx)ZBPFL)OyKLDz#h~j8ZExKO zaprsKWsz(oQ8U=)7M|4^eEW%)@f#dh2Lf>R*mIj%SvP*|9w_Zk(%So-OOI2RJa=}AjtcooRJtDJGuew^5xH{YWZAr83xs{h(T*c@q2O_mx zkMC4?QXod?OVuVidpPSTB3a*r4Z*XZ!e8sWY8Rua;H97Q40Wuc5%vGwcc@D0(6V=w zvnT68VPZbmb#U%{@at(`(Z@ItfQb3Bsx zuE-lneaPn{<6Siz4=l#)OpbIoPkPn5`HMRUjy8tLe-En*;*XRPI}KYRDp}ywtOu~v z1oGcs+w`UAGf@qdsbtb0RfNQ*bO5p{)_VGOiIq5l1z$ssc&+pL=YK~+{aaK0&lh8y zL0;Q9hjB&rn9Dm~U(Q>+>-yLKpl?O1{7Ay#VQO^t#S-lyq*G5x{eKR;d`Q&WaBs!v zyhvlK_Kz;jW7HsJ?T_bc-M9TTqV>m-fA8P--$Y|l-3)QUtJehea|Bs1{4WbY@$M=q94%9BR-!HMd|M6-~RF${&zOtf4tEA{6JhLm-NFz1YnfT zjG}9j%1R}nPpm~TsDdI8R7VHpP(l}IWO98s^JvD79Qeh58>{f2{}=?mN9QOm_Nw;( zIU0OJ+zX^`jeDp5tv$?t{2BjodvA!Ah^9`i9Q64Ar(g8H|0O|~_hGd%W-9-@x&M{) z{_BMDU;h&4fB#cAtyF)&|MPwN&lN&1b5B7(Cja_ZP2c~8k%ZmHyl6`sbHY@=pOR zH25fAPyPSt9f-T{G!hXK|6gvwU%zE_@Bh%t>KJtj7?l3!8v37JW8TN8JtgG*e{&c3 z|L($q$g!?ZCl_4~mfFc*_ccs2c;5mdmVO|aknG63Q9S%I)UfV@#CSY^8Vb>MrLq1^prTOPeYUEd z&#a#gFoJ*al*f7-mrc9=$L(yLujjY%WuR^Im56DeKUy$3UK>%a_EjYJL>1z2GqEh@ zc`K7O8+Lqs?*!@QeZtG8TUGp|dHEfi&k)|xUjC58`V!-un?D7GG|C652i@xGrvV20 zrCPe>Tpl?_?)J{95VJRw_bEi>yD=I`!5vn@;n9u*xH;&U_a@`}FCE z-}ybt&D*pW#}>-0__CAqO;6f4j^EE37Jkcp+nBwdW>OKspH(o~RAXX88w6R@XDXxp zz#=&JR=J$Rzvc<|8#G{psqKMi8azdLQ6?cDBxu9>ZE~6;>xJ?!sF|32oLU$ zs6{7`oHdWL6ABRT=G1LVE@Rc7z~&Y1=JImNkJjE7=kz_BwnO1n{^U;f#_@@PD zhJ%?MN5!7uc|Y308=5Uw-YDW>g*Q@`f0rd&3B1Q0!R_?-m!DpQ#;#jRzcU$-Pgfyx zVK_40gL`h2of**H(G^4ZGg^=|`4YLvqHC)CHj0#UTkBoJmLFe65X%ye`;5ws6)}q# z2XHc)r#MfbxQmxKcPg_)ix+e>`7r*yHGxe_xg5&JyDDjfEzy2DN#d#uTMEWmyFcdq zBYs*lMoP%_b>W5B`p2Fx(%%(EB!-b|%?K!$ezldbZ9ACqIQ@7RH~~I&-!JC8I9hjK z>A(tI0p2_6C>7biOe~~Og6=nE9x9Xjr)m&?xKt1R-rApkFyw=pM@eZTDR6A0w2U~c z#lpXPT*(C}aJ)!q97IM2Z8X+yQ8BE5NW#m=7-|U@bn)rbQ`W`IvyXuVln3L)D6jCC zUIYPnY=5}=pI)1+05)so znZ#*$s@0+AaCE$yB7w2@b&- zgZRO1KpvyjZ2ewv;#+v8XZaK0ar|9$25^Ji0$Mb1C)a%@!0suFTKG$CwKxEl4`Z8& zN&rHZFZ$kZ19xXy4C@_kw5tn`gTt`zLl>b@(L(qm$5+D{F6Rg4jn~x!xpC}NNIXWs zVWff@&=O7#pjaugiDrIVnkfNig)m=0Dncn=`+_% z-~GlfoQ48g39fQ!^39=B?rubdfkm&Ap6iS6MAc)S!ET#WCAH$8>G~`T)ZUpP`H-(* za*aXzSoOe-OEeDHO_I@lk`Vj|TgWn;jbX-;(K5uF&dlm_BmrEUf~&n-wN@9Z?mJkE zuz}P`A?0Ww9EfM+S^yrLWHE@v=y4U9n}xzob z>KI+X^;2D=H;ULK&&dyk%)4(E{qKxj;KOB$ufHRxJVA#NqZ=N@S2-Ex_^-qV(^u7E zT`N3-T8~e=9Zym)N7zg*;x~Z18ZY~?l+_^j6JS-AXVN9Q>J982-zCTkGY{Xx%>1k^ ze*E?yI{)M-14dzdb3DEZo}1j{^L`LUAM2FFNLt%Cf!RqW)NA< z%_B;(XL~j#eyYu{W`|PwBW~3iH-F%$YFmiNcTkMP!eA3#@7JKNBd)C>C?L9&+6{6n z^>Knlll^McA>w;OGS#%!-^WToCme?0OF-^a!1}WS_P^SeH;NQKtSsV=c{kU7g?k#n zElStA`m&x}&VteY+$BGj|4HHeV=7bywNb*03ybcm9- z73;Yf;;zMWI*ngk=g~501m6I$e!1#~5I?=l&DqxxWZd4;nSLL?%zAUyc-e>JHS5sKz-y*FDPz%j40-(atxsTkkV5_X|s$ zdC^@g+E(lwBLqQAEmvn>lXalGMp-YM)5nXwo1uUQ|JYttrilOk?v`ee#UqwzOxr49wHoL+O7`fJnrLLnI{e?TWyz{7hc z^2(yK=V*T$*`aL1LAqdk(<;XAQ+f|@sp(?^>seRC{XK_j+6y297)Xw~WqfJ7n6v6D zew*?{SN=IF23|Z}z@>f<6Ekyfvm;B3t(@EpSsccS!*2~ui!9sK6=Al--Vjx)*CRd6 zuK}BNm4tEM@9~TLbw0Tnt}Tv;p7r=YoEfea55UCi3rV$OtrsDx)@FAsH(&7Rgp~p2 zsbm!nc=`j7+wp6yqW{I-S%*c{w(VY#7U`4}q(r(KgKm)Sl5Xh|5KyG0TLJ0r?k;H@ zVrV3Xt|9i#`|kHU_I{pc?_+=e@BhX*1ZK@z>t5G=UFZ2bWu7cZ*w@_(c$lqoY+m_4 z^6QT>qFL)UW94_G`^b)9J7(wgCPb9Rd6W5<^n1CKms16c?_=O(-!6(yV4`_1|L&f*1Lv*9 zjDiY$L>sUeB_WE}=w;OLtySY&b4n}ChpllcWrh#aen9rzti-t?Lj&uwX}aYnl)2ah z7t0}(YJ%kXz2brtqavoi#OkFOUsx}C)V54kO1fD>_i+TZ`W&)v+VC|urez>hg-#$( z((zhzYbrOR>FkPhqe8@(j1;&o&0D$9az|5(H@Qsa%~s~BZJEg-)$F;-l;GKrnOxX2 zxXXWhJs{?_yIA~nwDzN*a`w$YnrO0f*!q1LDRR4}+PX{Z7L4hkO-g&AS4EwPp`W+0 zi9;hP80@^^1V|cFwXb<4wd_}hah!WFPJ!|~WsA3U6~3~(A+IKAy~^J^w`Y9u>(zL* z7nWA*EvIT#(VcsEBnN@_Sj)mO`o8LBiQxJd5n&&U3F;)BrVVFRoW}IA8Uu%94wqoL zRIctwc8EQF^%U_{(B)Z&+c)+Y?$ghw#HEKgd+5#+!J{JQ`M5PQon9}CFj6{jY_yzY z8Sgym?lW4?65^Soad{X1q|#v9iaPrx+`_7PC(nN=wYtt7_``EFN+}>qGn+j|>2Etp zgchJg#9t3k+IhEjN=s0+1EoBWlOyMkjeb|;oD!Sd86f!BtsOkOnnOm$R{bfTusM0> zVbh)n&dkS;P|-18d&s%rKc$|Hhl-8kMpQKj!a%m67y=HiyX!n6$&c7&I~r8{K-TO9onzm+Z$D^%LUOU_e zoFJ8v;a7_Aq)e$5&sL{!3w+;e9MtxTG^nu;yLAR7A@C{Encb^bTZW{smOLw-i=z1c zs_JGj>FDZD4kCiyK0;;;x~z0nr@vlKt{(rXM=zR#g4-tcWB=yKdM(t~ZG7(h19c!` z<|kx>S{%fRw%JU_i4dWS`p+g~|_xuI@_eMAa-G=HC{8N`oa zy)j~75hEy>(hp>347P$FfK4X#tvc0si(v)i+}}|KRMJAwxhABq*_Oxgkibv<@QkA_ zT)EwfM>(BVe%F66A2P9eY^F^qoP=24OtcLKT4oV2(UH(oJxZL(^GL{u>A(+W|KS@* zcQid$C>N_zLr?mo>9!|Dp-Hez=2Vpi*a}FBmdMb5KIPs)wDD6)Y->Y8Mvs_bV+fcGz`Y6;Gi zR0w=1NzlM&qRLtQ7mY|oJ#D=x;?qH6%hpvoAyyj6aI{(9!(!*x9v(7`UuG`qR%@Xr ze5*VGV$DWjsyUv+2d!Gg_RC_Uwvpjdc(S6EgUPuq2@OJ5iRO)ZM;#nn*&FD@sNyfi zoN9J9Tt<~_wKl&5|AY)>+q5_)1_i5Sa*!BVN&cJ@c9< z9Qmi*6#q#&5LKTqpLz~DHJ_6osKX*M*rYc@R<@s2CzBOI$|}&&o!r?!ig~~{tXT#3 zr^=}@nGT3v>K6I!25ttmSaDM$il(1=tT2M;$SlbxSam+g_^8<2nm`dd)(G%ii z+Wn_AF3NF4qgeI06qk-f$^6aH7=pqKU3At52&Q-_FHJjxM@{Rsm7nAg;@71$x+XAw zqjPV_knm;jDJ!U#&O%oC(G~7#9lFwO&n6z?(iK|M)rDv|wen1@N8YnBib!9VMRqE3 z7@MK|sfdz6Js)e)=;0{Vz_(Z6#HTqQ)UTdxJDsYDSI^lLt#wB3k1D2bXMcJAK%*(G z;lm6J^RmpiVbRA0i3tigc+X%(o*G_F#D_zFq(Y})I0K4(!so)7k(xKc?uJfYb$@<* z?NA6oFnl+0y*%CU@;Z>9fnXp(L#H^EDWe2RHDNw9JwQMlXE^ssY!M~wm2BMH3)yuU zf)6^C8mSU)MO?I5*bG2~*CbaF^=(;CqtodW1`Fh}Ptz{zgZj)YwUJ{dX z%m)n}wQnL+1FieXeHMie#wpenmb%j$W#mzW1pVaQJwyr2xf*-7(2rxUVd=uD&WJYM zO?#lsV*Z8oOmi&4(?DZadm*Ac)V-&O|4RFuqIs=wRCJ6fLpI?>{u9njRQH?kTGNAx z8(}yrq#UQng2%XYNTSv9r;w!~wL_E6$MO&eQB+WS*4%0JIFzuW63nhbSY8DvRS!;ee! z8qJ0wE)71DY$#_fz|BeQ-)|hQavKU%`man6Rl{aox1(#d?SmXKjOU0A1%( zHBTm_qUSsm(a0}KpAl#5GUH@Q1>$_d8M3U+cf`=4F48$Kf2n;GaJ(;{EES>TeZG71 ziAUsZ3%IE2TlMu8Bn)lLHy-H*zNWB)4#t-^feqJ4w{QneQ3p?YP83DDLmTre+gB$c zR>$CMk3-pr=?#n6E-$m=*7qxh`2svz%8&4a?2-CHC`+dFsejcNE;;L!TVD$uw_Q9q z=0&`uw3*g?QBcnaKyd(NsDJgt?%PE~-?z=9kNSc`?g73!K*|$v=Cym_nCoYMy`e+- z2;ZHz;~cfe-Tf8&V#sun7JXuG8v<@=y*Sa&+b=aY0U6EO6zS0~^4)@p*$>DAThKaZ zVq@GRA}=L{_ z-Q6+VvV>`^7GpmY_{T;J6dtNSSo}hjsB=hW(Q3^epL(Vne9kWClOcNf)}Be@!0=^i zqsv~=-Q8ic)o9Nu&h~VsudvU=ab*VO^~SbUw$K~GJlw?d@T>2`x5YIefXKYXL~K4! z+F1`{qp2iK5cSsYBRkS+z}C!aoVgG@1)XH&v^n2?#P1(k4OGmid2xvN_xt~YX9uU} zItt6I>R&YY^LnR?ThnD2oQjWYJ&xUcr&LAt1!v}JU~A5LjHn7~B~Fdt1>>np_4v>i z)d7PHA-?j`)!SxI(dC2<0NBkfn9f^|&GLPBBF%Y}#6H5EQ|DH~h;)}9WA=h?=I3zY zx-RF#^_rR7#eFVv0pabn-s60=O}fI-!yE#pv=0LoU7N{`7&&1l^%37FgyDRbQ<23Y zGjS`>`rr?C?anne3)9k%B6fJaHxvjD$j&)o6iu-|=2(kWn)ofF)a$Fxr15qyqkqNT zISlfMT+Y+Ck1zA@@%+S)n*XiHxDNJ}JN7R<&^^K!0*N-C?gyUj(w3hgxuxj0`UXO6 zV=H>|zp6;U^)y7|1!qKWCPiBfkTtpr+@Q`!t(Vh+A{u+=w(d+wxr$G7P+g8F`JLVx zz)faKR1HIgwo&d>=@v&WPL{qaw8*FM2qx^7KXP#%Y`KA_dApMSu6NGGD^)jcs7$-s zJXls8=#$8OHCGL-H85sE*fJ(3RU+$o)%oj%$gW|U*Y?(R?M%}keWVICf06vcVmy1hj)if?C>*HhD-O$fDl$i_@Ar1yrmToD+zSni5e7Ujy z3Qy+uj0fI9>#@<;Q6T4SK2fZ?$`mnVJb!5PkEc>S9;b4hT@Xb25?F{x-ZVouTF>~beWRp5n-BOfkT@irg>jM!UxjQMcyEC#z-(yi zTaPzQ($1M+r?>Bg!+4!_Ny=(wd*=s!snVubNfw)VH4;wytG5boemHEz8y?r|jY`dx z9&xQqK1prbaH!(tOm& z`ra=gfOD~4=iu(aF{Z7r4x2s` zt0pFWSknF-JwqT`uD3%K)UpVg;;Q!#Gb}KiTgln{s=*%}vo=j^Y2?%41;*QNZ05ZomG!WIrpI*A?99j7kjc^wpJK7ihbdx2l);_2&&qCA}`hin< zMeNazz{I&QUbty8(&%O&TYStKhw@;x{{d6%4%9CLTFms0fqvG6EMThfz;}t(@V9vJ z>~V}HJV5Wg$+~cM?9u0?crRG~>f4*^K~@DmeSi>@;TQKQnCG55T7*+>s}?=)9Z>wN za=n#xx%sFX;c0-c^PU^mVgcq0H@kH_=SX1LPnQbjNKNk-8a1;bFaVXu4SllFar zU2UL`J2A7F$;2T1KzwJTu5b0r_gQ3>)%Qq{i!1Wlh4{{p=^0Jji|6(R6)Wp&>^1|( ztIst`bm@|ufx7YgyqaMD4)T8BRI5I2QHFa?uR5tiIi|FnTvU$iM#x?_qQ^Y0{9XBG zNd7l^0o!>NQWHdoD;KV;r~}l#O;z!tTFc$f{h*yrVVoQ=G>wMxf9kcR4AT_r2+YW3 z8nz>FC=8>F4OAqk^J&q`yN@`xSWRa~Q}`{jZ-Z{9)BHxRT5CWqewgfqvsZ0VBhZ@R3(^ZjAZTCe5d))OQ zBJ+)vdV~dTto(YW2-=hM;f-`7WaTd?N57QU0r(Xignwf&L1XC|a)pEkrHnLS1>a`( z@YDEjICxVU&4ViX{KBHgys_or50WA)_KAj>gS9~fKN-w7*#4n=j^pE7kVt+YM(?@W zW1s4fCnm%n(x73b7vdJ*xHEZHPu{ZwXf?}SQ)*CGaPzDUC8-W9X!l5)_$Blldrj0o z{8wxHFH^^;0Yr}6qZ{{sN1KJVK_X-P*g}}RSo>oczr~8&JQBpfaNS$n`-b5)>9(Di z&CuqG=eDReQ;#X`lehO0TqP^{y5i4fkvp#I{_u3Pxv;V$Bi5-mYZJV>XHGy(p#ii-7t!YY3v%P|T~pC|vse==Wad9)pNq<(^CgS)HCq0FU-Q(bOB8fqH*CHk@cv## zk3G?D`0`>^(FGfJC6HqplovM1XjDTcYoM+Y%#OH)#_e zhy57e@qFpne&w&nf-!?&>teDYkPY?nWP19k_3l=ZtZH6AOS_G~IL2v?B0Mi{Kx8lX zUHC!y;saDxK>QcMF6p_Yv48c$VAg5!Y09qqr$UX=?FgrlLbc+RPvuAf z(TXokD(7CHP;i!~MMXy{oEtdXMF1%x`zdMD8=IVm>`=_B=OcG-Cwvcm%(~titqhgB zACd|^NgO)0h&-gAl#OrVH&nyL!%emBp_=*fnH?ME>)K0Ri&CUK^&&3KI?<~$+T9s* zGd(}LXAz;V#o(d!Acu{|ChhDtK!sBq1>latq=hd*H^#qp003LmxhrG=k><>{C>-lE71@vuYmpp{0`(DWS`!_d_5uH==QQc2i zY+#gZbYR5U={f3Eo%U7zN2gflu30#o)C9ee<&Oqsi5AnngX}sJ{}|?+0K9rk5S9;I`|JZhcijL24T0X<4?%wI}_~_QMlw2zC9QktM zC=;hZbPhfYs|hRp@GAEXZCY{nL!J)sJEr9UJ$?k_O}Of3^tTW{Hi^Vrzro>tWM$VR zI-4-bA&=}{3%Gy1V%Z^=xq`I_8_6V&&+k4p@vq65P@Eg&9tKy>*0&Tme|jZ;`67^D zC3EeYXrD6;neD{7k%q|=_bw|-*cKBw*;Hh#4s@9Y<&Z}@;K(LjhUeff=0jSeKRs|3 zDwzugL}HVp70paBU-%>^h6!o)O^v#->Hl|nY2uP_G*Y3mv*eif^>@>dFpVEuw zg=Dkd*&Z0u6w^hE$z(}`ql4ozUK4e|u-1B~;Ms*738`kfBqywBQgL4&NMOy-_)ySI zt~B7S(_xt_=tjqsx7*a-ak%}sPVy%z)UC`@+;jMh=b(Gjz-s1zGF?4gqexSqi8t)~ zqgb-p0R(-$C09~}^~UB<97iQNm+f(3>Tc?zS5{L^Z#)Z`ovCIiI*DI5HC_pmhxqLm zdPU;#_{TFRKMsq!51AFNp`thq8pFCZ#1G{1@jCy2fgrai)_cOiBWCoZ_V(cC!7}7I zE4I?S@3nMHZHNrPH}x~9i@AIfyLALul|!zyK$kt&q|U6gNJ5|H`<1hP&JqW%{mhDt09?+W*`)gkLGm1FJ_iZ4o&0X!3(lxFP zCtTmAN--(r8Mc3Z^6ZvBwu=05Xn8ZfRyXpKpK7fggesu;jKvvsC+$Tlu5!T%RhYvb zY{(8|s|&y(?8#u(`34P2;$(aOLlFgc=nkxf6=s9edEtbZSdK%RKIJ1ATn>uPxwTaTQ4=e;eBL6Ku^z`WOUpz7)}!pkP(M0tW9B!d znnFqmz}-|>2$LCq?kI>4<^meqjt2ip;tRR^g7>P2cik0Zr zr^+gky=KRks=RW2!y#hcG+ zx#5@vYSNI_YZWuYk9&B)YoAr5wuo$q>Q951PH59^^^33=BA|TG_h9A{>1dOv$hY~R zBNfa{bh0%v=+n4dAKakBty{sQOZ!mtV(ZqkkZ83VQRZ!>PjDL6ve$l#?48fu4Hje& zNq6jiXQ)t-RJk!wqUUAWQOB;JTPEiDl+;d@%m~$g3eF~_S-MDoh^|qoHf%d^jD+zF zs3gJ-2XW@O8`$5!O8?5zfQrK0T43uE&<|^+_j)+s0}+%iJNaG`$D*fFVK)2|iUrY~ zJ4-X$`r+}g_83h~pKE5!O+MvrWiXrB4jk|a=jn#n&2coF=C4YhEc{sgNU96 zt_#>As(g(ZOtd4zv;Gw(m#rEyli_Ay^YmA(m)O1j5r>8GC+Mk4sUloXMjmaTTv3bT z<{S`cyj9C6AC-3)0EN2t<;8et!l{)*odXt~k`pps)}IiB<(04B2z>pI?uW)BIh1ja z?+hgf4FDGS8xPret-=aErXg**mOr}21qcC;-~C+)UvL32u%6X*&>(D_&2+Dl)z>}~ zKVek}9cQnN%oBW|R_{K|R|bF330jw})sM(P1O!>vLR z0neOrXThzM=hH_HoH-LiI6~HB;A_^{-dHeE);^d4(<+F?QujJ*|I)M0Q)WXY_N9FK zs&iC$y1r2(bI$3kQj4xuZm80&PaR!9=i4Wz`a|(VIWqAd#=Q%|#0*gp{Eg8=@oDN` z1|oCnCtL5+)Nr#q{a#N=gbAUV|V=vE;~E?4|=$7P%vVaJCP;z-gA)*G6Z4} z$BW^F@gwbZGb>58p1M{%3x|7_9lM_d8m^->zPD!&n)*Gv*dv=6hUIozlLqDC>Ez*A zGKFNOu_*BsU&Y<9030JN!2onyLtHQ%D$cY5M*289M)rC!8NLb-33SJMgM~91Mb6Oq zg!(#TN8#|Za$C7X)=vp9avhi+&^+PPr}i9%7Yelou{1w-YvB4+mehPRVwLYz+KNIY zG!y(pT8H5onWFUIA$$5L4$Sv#RZ$cP{I6!Kh3uy5Pc-J}n-1yR(_H2Q=kJTi693K} zp)$dfBF#u5Ng=TY5l&Iahyz*!buKcmNTh%YBJX^$2c4tV+OcjjL%=q8L>mlCD=gZ{ zaufH3J^Mwh?;JM+2;6t})JCjinY2-O?XG(+jqWyZc^g>0(i0f<2EK$C59t{=<1l%L z%W4<3VOBkz%vKzx!S9@9B1Pz?;A_y6c(XNC^Jeqo?(3$)fFTxaU%xbv&r)oHJ^ zWs+3-VR$85kM0-0R37whlasQ|_s zYA^1}-`WpDt>*?`Cvo&QMLP~RJVz4l7*6KuX;&1{t(;~ZiOAD@W+{u=W#kn$1*0vt z>EUk@uUqen&H{nT29Q7PdotvOGdk7oQe{_jeYGh(Nrt~n!0J|3APV}`GenD2Y?!YL z7+A3-mP(*Dv=tI0GKtIzcBRV0&&MPgip%%V5O03llz*ow@@qQ^=Y_f&8wz26&6NKh z!3Igr7eZe~^~V{xM*3>ZD6rDh^A(w+#&Smbtg&YD)pZ{GC_0}6&EX%gun~CxMaA#D zM>qVxQqRr=VG=Hnt0*T%ls-1whU-!7KOSWbPZ4pQSECrM&_4_L_->6Eu(0qkYFQ(;~!0+QIxaZ4FOKy=K zl})fEnq&29g8weO^ICvW&~@02&S>?BZZyoW3p<~!Y@K4{6C^CQ@T%_Adr~!dlxyw_V+9(=H%nY69bkF%V1>N>P06R7_ z_xsV+=?7{5VF4tWD+otwRlbjVFHgE<&8DDTfWMA?GIc)>GlFMq(ksTL$S%B~m5Gl- z!=s-|NG-E9Bq-V0KjGn-%u`nr9c{Y&N)}jpv_8N;`dO^HK<(smC5Kf&U+{&R)Y9J8<*Pv3la|A^7{Z(FrsEOk4J7yM_S#^b zgO>1K?i6aj5VbTO7y9&45sQM3T+rmf+By#F znul+sfJiurtCKE%e8ppLOUJ6-2#Z@-9HGmG@ZW*+Qf=}dbxi8M8~{Qll^*U#Tqht? z7_U6XYw*RYwV^rPUZkmA)Rrg~XwqyX&fv2wSmpoT{^;EL4azYakjShu99*6G&eu=p zEkCL_>0XDNiunHVy^MSMuZE$GuVh_qh+D8WxBUz}!>`>4Q-ORFwzc6)Qh3Y8h2M z=Rfx5yRzH)x-Z&Ek<0{3+86i!X1l9!-p`?RBlMif8F_+Jve)5!e;ymbe zw{0H6I&oc?2ai@iwjHg}^}|Px8T>Ne7U-0IpVv6IYqo8t^xMTPV!2)FT(iaLVCG%i zIuJ2eNO@ijQ#g9SX8H&9@@TL$Cr0~WMq*;-Ld2+YsDeAs$9ug5Xr44+N**Z|`8Lz_2#C0_RAj2?r-6(DxX19pQ|Jw6u8Zhd8XpDoHCK8T}_bYH87 z9X{Fk=C?_!hN5|632|OO<+0H1W5k zcI1lpdjjUWotMAbANfEy!u)!|o_-hRSr!oDYVVW}I$Dp7mZH--AEU1@UT3PyMne9v z{M0r{h|gG|lM=$UVNJ|3-Exe{O^+XMA2*XhG)Zi?Au5?up>5ychNld1iP&#pTNaS-Y+2hN6Z=7M~DI(^XzBjWR3wV!Cfj(?6ZV zf2rN{F2f{8yA$~|&02{sf>=Omzvx@l06tUtKs@taewjDW@OcJN#b!yo+Q!dDIM`no}M==0RG+PnsIJh%ne!p&q%gQpU?`kKBn*ZeT%F8K1#@E%CVIdA4 zN)s0TQDZEsQRUOlLKE-6KSeRNc*sKan2=@K&&TsLiYKxvG|$4Fv@FiVY#{b*(4bnz z%of#%g%~N5zZVA`mtnO$=K+2M+slp&X1&G_CtoW|X@ES4cF7Iu1Jf-~JI189LCJhx zHrQolTRL?Ow%%59G8`)v$0(0;bIZTKlZF;EHetADwskot$L$^LE}OMIFuTN_(l`fl z{_wZIf}0ZkhhLg85Porb?9ma2xi@D;bVF>8^;OFW(>nI3E^?CQkdreOx#eI*(i zb51I*lJsXw+yXR?wV~ym!{_rU-G!8&yhPmuh^sItc{Du>iy5i(ou5LGH#pq&zDQi1 z?dP{5MN#^Yr(@gLqyCheT)o-}O;Yud`|3Nj@*SnR{Sic<<{>z~M6CS+J=rCk=ZS_x zw&QvJJPe=464E*A7y-1a}iViEkT zZEp7kH(hf&PO#r|WG5VsP4@1fcG8$=e!fKsr0+W-BC>`_qxM#2w6ksY=OSBm;Vn=(Sy0e$E%8^Tl{#5(St-{&KjUC*PwqkY() z)Gt%v0Zv^Qe;KahCl&9Zbbd7$N+hC#?EIVJ5l#-9z6sCjWN`9jM$h&r#*~$?F;o|6 znh=?0px%3C?N(y7hTT^I^_;YB`}6yhWf>fOfQ#5Y2rq$`aUCXE@;Y9H-qgX}ZZx=71GFmqy zq(`f6q)0>MxVN7nObeg&(!V@*?RwGaQE8qRw|ag-8)&>fm5}f_j6KY>e|M07_LwHp zQGWN-S1xJ!XXn7$rL(z5!*Q=q!-st;`@*TsgKQ&NkZtqnSb=))@rM2xCo*SIe>}G( zfrxHnBT^ycd!KEwx(=!9KG$+OsUm_@WJ}!5_3=#wWR6YD5|#F=PDSCKzhre9PtJNpKhiN9rXdAY1} zj0!YPG>)2(kSfJ5>@S!}Iz^n@MtU7!FVh0w!NQjk?R6gdUChiU5tO{@zk-_~SXW#a zLAzeb9MoI%TCo-6P7xuJXjM1n5*RKUxWubr%E7u4aulk;Um_*%UTOWg8;$Ug;IX}a zt=@c^Ou^Z@a8dtK2|5_z6iAKjDbL-PR?N zkz0niZXGVBBInP#xk4YP7&JVo7-l4BGc!73onSfs7T#=mbS(7`_8CiQstHC~ORa~C zDWFKZ!I{12RM*R2(V*{oSMMITs)mN4=XYDLcvhg+tyExQzfGoGl6m?9+SQ)Mt$XxZ z|J?w3k!z44mPL_wPhkdcLLMxU+bH^a{qL?e&!KJu zhpWA(3m_7N_?NXfYxV2dBEy^QW5sna;g(Q)!$9S_dm+C$3_PIovyy5_*hyvdLh27Q zggjJOnom?tHw&B4qlJqG^QVXq)R03#syhG6Jd{PtYzY?sfpBh$MH9?CVaQlW6Gm)6 zoT$}FC5PiUewrz;{-_jd6Odz`VrlMP?D2w0yOeG((mXFs#FOvt%L0jezbhr}zdr27 zkKG)Lc(OdtT0F4}Z8czH5o2k*=1}aU)b+CL9vo3e2H7!Y_yHfjKacmtF4$F?Vc*|d zY}UD*uQh0$xVJ6)h;Z)p&Sx3=BjAL;%3ml|GO+pbkVf8Hu+4#1`*+Ul{sKJrOkau0 z@3u@B!>DMn);?oV2JyUS{zE@)J{|?~%?S=ky*Pg6k?SOY%<5 zWsvMd=jFKXbh$IHxmUD-@BCVod{~BsDqBRin_rXAMK;mM@=;ihe0L0QaVxJ$zTolS z8**2{b9Z8}uB zn%bOPZdC-&(z`Bb^}R8VzYA36~ zTIeIsWwfj9g$(Klx|Hm&NO;CQxJvhoQ@=h#7&{BZ?hbY#(dRwTS3O$jf%vL48hmd# zz{bJy&!xQK@xt+)ov8KN#=qK(EbX zwPq^#pn<@Sfw>(YS=`-@3n>Xtr&tCKOpdN0UAC%#QCxk1FM(gv14028$XHTA1 z-7d=IZyMMC-2-CI1Nfw=zhMcA|KhMSDm>7^d8yO#8ft$1N%}rK%xaWGLr?8pv9aiL zYmk~sYbEMT1N?Bd0YWii4OE8e2=6hQ(VJs-)i!rDmyj++|%F?jVA%X+*}|+X7eW6@pT* z2|Nm@ueTbx{OYQ?l;#R!>$W8JnoSaprjZnxK?7knU;K1iEsYJ~0M!WblHu=%_3w8q zWr5q)axlZ~-h%Isp_r*zZjA(Q0s9Xb(ZLk^W}1uR7?2eref(a&iG@7^aXhSThO{-> z^OW>*zV%(d&LqVjx67`>Pl(2}9|>A#Ct7@ZOCYn$JEgqnw@ul%H|PDC{)!%Y#$@37 zL&tVsy7fG|+%)JLNHCbnF%e{~%t`QRe9TfOwlS2vu}QMKX;AaW6!-~o&eUmL>;EBG z<=>S?*S!ULW$;@Ls6A4R00*GfkuqF3i*fN^7^PaZ5(blWa#m8%_;(}?p9BS>)8H`e zn*Y^lwoTIb=O0mG4YVIc{0tVn*7{qT|2&~yXvqoFW3QXLJ7}&wb+30_kOadV^-X^^ zXzUA*%6Fh$EtRLLRO|oKEJ&$@lQ{8)1{C%1lDuMNM6=&lVF6Irt1w z&{E^M8rvC1HM_!Hw{V{;H?o;$Q!~MdV0RS)m*z1}C91sjY{y zX1ka5p1eW4qNX4hXSl)j%mF-sepi~8>Xw|bhJdIggsr51ng7oBg`I$GM+Wda34~ct&tf^2Qp`!ou--!~tde&xOJwDoK zDE|+d$p7+T{_TbFbKq+ye#jyCfB3zBD^c%{3;Z$gQzyqPns|Tf_5EL5>cH>~Oso2q?E`=@n8xUnSkA)i=7r zA_PP^W5lQsNQ!N{AqfbMhC<-t+{Wv(SXJD{TOt34UfoB;an5^c_GWEo!@u`msqBcL zm-H-WKz-70jA6*Yf{PV9L9xp%=t`}P)Ye|bDA>XHul>XNZUUjTgV&ze@%1ya6# zae?!Q*a;%A{=KN&9GXB{x@iIf-th|Y(Yx!cV*m`5ZgAOqp2RsZ%|-p0 zoo=!9?&CzOA!;;O>WF3KD1URR%!NuC$WTrO&QMR63%PGK$ska(F(kJdD!*eWVR$FC zXmArh;`Nq9H4zrk8S-r-PYQilYE|+1XxvlF`&Pnl^TBv#Zo7n^=X@#Y-14uEH~xN$ zDB~=Zo+ulc(A}>vQhEqb??!36LeG#}oiYclVwhsVZD)U^Lw0*p>`%ufd(}M`B6D;pOh`rJA=?T zajP{+N?vE?D-qgLG}BLRQR7h4t?oj3iKl)ltvN>#fB$sg9TI)yHp+NZ$hrsrzVW8AHt?2F_X52Y z4j2h)y#y~c+h9+r2jUr-?VAq^u5aNml@_w_cS6tDIbPgf-9g*3%CDrlZw?`ryJk(~9s%MEm^a7b*gznt+W zMgG(3ximxzR&vhsg`@s|KQ>0F5FAbo3SvuZ133R2j-Mz4X^v37`e{w#wu9Ojb$}>3 zT33pggq6G65i^kYzZS{= z^+lhp@kqS1rBTBr=6OL}4y6_J5=^tWC_CHu*{rSEU(WFiW@LliPhV9U;_Slx8C0B*wrn29%@V1*+WHsxA=ry`y6EI`u;X^>L$=Y)y)i{iEg5I^C+Juny&$# z_uGqAEH&tB6`+mDoFm92PkU#J07HhM-ctcCJy&@FDit2cA*VA}?8z$&B0EV7x z$%Umc^YzYi37zP7<<<$;*AuKxIY$yvtOko8J$}6}hw>us@l_sS7%`O_cIBv+gwOjnZVPx1>!e;nJ9h}_?c-@Ov8fJUbM zDwzRdIM_+I1C(iz@^)7sk>d^y%XVhUX7^#O+=l(0Y7R?uZ;V_`_7G`e<-Da5Np=hL z2J7tfD&atP9e`g@=)uHRF^;-aSH^1F&KhBUQGr%+(n=J3;J7@4l}@`j?;30ycU62g z#${Qe5l^p|BgFj&cwi(m@~sH6?hpNmDA>-9aB=r9OcP*sr27I!P1mqiJOKg82(poN zG220D2LWumwB4G3%T8-7FV6E!i_UHzQB~+mtqK8Hdm(F*xBd+~h3&)D{kSh*6vz=y z`Bkw>vq(&o{AfZjZ?bw~vKp1fbzDb;8(H56o$DuS)Y`8;DqXqOK#988+&bd-{*g32j zY6mH5)mlPh{B_Q>jlX~43}(njfmbZOZg0k@HA01h#gAEo3`U_7n7*JrUK! zfMm_bNdhpvr-o1dlk*wiDSd`T+;u*q*= z2Ie;6r*uleeWm3Ay!Q&JXjOKXWglSEQ_4a~?#^Kw!bwf#^XI)8zVW$NqRfN5Ce)Cxi z#F{~cu&j0GJYKC3@BNq?!pEd5s&($K>w9U|;C(#$AD8>Yzg_Mx*%DG|Acw2XSKG%x zvnIGm-r-YvgM#V0eXuu^VJQyXK3`0bgt&g#_kVC@bBLRhb`J@iUIwrTy%&q>dLe=} z_DsSQUX#*zrEbSy2R;By`=^2q=o$};rpY-hGIg^t@~!@NkNeQF`$_Sa)n1uWk(+zc z_CY?@)o>opo1E7{P9leAXg%%bYK_4iUGc8AIbK9-HPIhuK?g zdWLX$FWXx~Rg&2|X+RnQ@S516RBnxo(G1Rsok8Buup{P{d`ch;QuIn5}HrPlA5&;?0a=fss=Txu(?Ff zC~v)Q27L4JvR=OefTf&P_`EHFkHuu4(Zkm6Up?%(9qt{3RXYN13yg{thB>1D zTcyupj`tQ>rzwqZ?ML)M2c+W61SbwvcCMLAY&9ndDyhp$!(o8MY9KN z-cf|VHmbgt8tXd-aR~)XsU+{c#Iv|?rg{Hn) zy))YlvLVyaaL`0i@k)0f@=k?;bc7@$;-6A?u1uvay!As-3l5d@*WbsmbQn?_!L`T`jp^ zzHVslPn(*pn#-W=#Yc+Vc6|wWhM=C-u>MVPMo<})kH67U#PZHPw@*UlvUx|%B7TM$ zN(vT}*9^YlgSZ8{201|K%;vsSaBKsoFobTu8FC0X_ABQU$4wjXnY zY2$vD{%NN>Cm7yS=7dV~dJKH9och^(_Qz<2njZq&S=YFwzZWI^c2j!KwTg!yCZS&B z-i>$@!B)b#3J}=ur<(Od1#Qqj|5P}@ezb~*dexi&bRAaoSDn?jmH=qt7WQ4OJ9Is* zO5dly-dzA&R)?5(*@J}NO0KQuBm3^Bqe=W|O(?4Wkw>{C~ z&1~S0xf68@_WilP;TU~dEGOK?f4Jzho`=HBt9Zk*4vvh!-iYk6jW6jmdPVAA&CP`A zx$1XSTTH2w!e_M-RORS5v-&t(WiUC$FU>h|8Z{eqJ%ULSeZrwnk*DEhs(Y#7Hfb z+j<#AJgQ!|2h!OJyD)u0oAGWFyU(t2>@G`xr$tiv;DSW4lS_R~Ca_Z?@&`m!tM2kI z6awy<@6?#Cr%GKad^JXmiV}WYDN*ya8DDBK3T=@e;$C68Nl^ zaO8DoEcI?by(fGPu3zsM5*-u`H0XslDT7QJ6PxH~Ht8ZJHMe6}13~xXCZ=(DPv@@4 zz^IU9peGs4ja5!*g)1Oqk#8})>R&L^Tr7Dc^e zs=lzsFz2{@wU<1hg>*`ts4emYh7f)zPo5K>LqKcJyMWmCq1gN{(7eT-X# z&=U#O?AJev$JMsInVy6FnQD}ZBpBr`P>TcLGEXzCry&)1czD@rUqdDvo2Bh@4?DgN zn&oqx_=`EtANXHc>G*eCk=+@Jd;E(m;Qp}=pamd$95pEZL~MKdAu;Z~Tp(u|MU zBa5^u6cZUGM3GVJ1+}$M*+?~eV8t3kO=iI4#&Ua>N zeoswR{~%WB-o5u)?|Kw-TkH=Gt$I~Sqs=H4L4tS{X!PlQq^kk^VvChqDyv1HydV36 zeWY=F#0^n~#fC9QQv#yA@`g~X+^82mUo2?CrN;YVZef`Yau4rjEVXVQz8yc9EZe(w zouwq$aPHS9sKkYYbYpN9|J7mfF$|)^@L$ED(QRd_x=jFPX(W)F!Cc+selOI(ApMD7 zeUq0U&<^U_2ZD(L@Hf%m(8gdhM}9Y>i-$Eze95f2Ot))r2$suv4S-|vhBHF`zF(+l zlr^(M`uGt!^Me17qGt~Y2ts)ei@8R8TqxgTbJ@$?N|JUADBvBCc@2z1?5uBQfM6&| zW^6zMC`?7f=iIDPskAidl|nP*qf_ggx-)>h&a=!ntrT9)aLL^0zr;2QMY#N~^V)Ku zief=ueOy;$*vZ?dk6`Kd(F(>nA&BJunCVn^*gZL@xbpXg_m;IVPVFCN^nPHKT1Y_` zb4mR-QVW>P02DVd;QFuIZ0dviTM)aPSo6UUsWSwT=8j}L=7VSdk zkvLCLwrzmg0>Ud0nqR(b2=Ie|R$dubUAJdyserbtXHokT{0dP+LLoSvKa1Cf&&RX>ALRL=O5_|j=PX_*3 zfg%aVkLnt2v>vEW!%I5K>=?AQJc7(~{B-p4k+Co2piaY3K&#&!CLddr#fYg3qMZHe zBVr&C1m~M99{_pWv8|2$y8%L9m9EF5avAJ>co1eJxq-bQwCzF-qIdn{2jZ(l)-OK> z(IC%VF9TZyv}JN^HH6?y=%Eq0R?vF&Y+~G^Ic$OMhlu0X`6At+AL<{|SObZ2twTuB z2FU<6?OHONr|Wf4TfjjfawP;!VG%!{$c7LU&+|b3$4gdji=g*)@4(FcTny-U!BXCc z*jpRd|Fw7+W6l(TGvRV~)hXG47wIQj)vi<>$9WsM&ywYX1j`XmDX@RTe-j0?ph(`X zSXmV^t%I0Gb5NcVg)d%hpfUw4kMjVPk|QzdX=@fMeu>LMhuoVRqZnQa5boxRaXvvj zcK@9xtrJ|t>dv}T=o5p*MCB3Dy$AvF#p?YF<&#>K46#)<(3Oc-r^cqq9+57c5POwacEsgP2gCaPOW>F5VC5V- ze};)xS7}yS;kRzL9R4cOmPSsmjW8jZJoe3q+${Zrw0hU2#V*2cw~WSg-o~;3tOCT52$>8-@UP zvh?>a3hK;&X%yax$q-d%V-6n?0(>OKBEWqmwfSt%Ea zZg;-kK^yrtKb$($O!D!uvnNtwCGjfeDySnVZ7yEt=9sJF)>7SvkG*lL5#^|UyEt2B zPLBXAf=VByvC5;lyb4hpe^$x9Psod z^yxPX5w&7oGcLtb5lNs|zuxHAeZ13q6`I_<7PoZ|v(AZm>)i1`C8WTmC)-Ibmp_k8 z%RH)8DpR{5ODm0k_e)EhNonexk8(Rd-h4Vl2J$xmD~51z-viTX=S49gLA^VFC=wR1 zAb0UdQAsD-kQ+Vl&Z7e@rd^i67ZvOvAL;Qx(Lv|Sv%@kV0*&B(GexyWJxHMat^)N- z&x3Pz@hltSWbQ2iN15=&aDKLfxw<=+BS7xrAX0ZUm>1TrH#Pl?bh~@d+lsuG+jFV( z9o)%;4snu`lqfM+7dPm}D?3S8Z>%>K%&%B@TI@BNuck{b1+$(Gj0+G;-5Xlimn9=i zA8xS^Cq*+(!gvwtcbHaY>UenfwUHi~5(piLh(=&5>QVnf?bBqs^we`N48>u`l@i|G z+38>9G^GS|p_kdOUQjz_FI7R;AKk@g&f9YFg*Mw`1l-j#L%R|$s`eAK*sW5i-TlH; z9wm(IURHly`&02Tl&e)w^^`RIeIN*x^EyA8{XbkN}>p8_wb_5*Oo2l50rVWduFXvtQMfr)_-6vd-DWXN7riK6#Js0m_#DznH zS{rYjjIfzec#JKlkGbFC(8nj1U%50TX-C^J9aCt^LF!{@q|>h9jXJtG)eNRyOO7W8 zie3xfcXoC}w!Q|BcM|;>qx*O^2zv`-`l}To0VM?#x>4D*dXgk!FqoI#J|)3YN6AbrC@h3HrP9Ld^4Bqv5rvI}$xyKv*Q^&( zokAv?zRQbs;W+V9r`CMci!hvM(4$K{p2=YlJ5e|b5y@Gj|ws^?ZF+gv`Ns%FN2Ig3;Ap}Rb?xVghlumZ6L{GY(8gv|+jC@yx zK=iY*I2v|d#!Z|x0Mv2gB;{o=1?wQ8U2SVK`Gk_C!%Qsnhw94Q4YBR+fS`94d22L&r*k8<{<#X? z-WlOTb!6F~0a4M>Hz}z}3oYiNU@|KCEEVazEyC)~C?mZ|Btj=dK5dud%U|JxPvh;} zY`PolmwKf`obAWm5s>YyJ;y>71C1U)h{FpJcLI;jr;f;GNy%fP&v9KFt5+f!B$Kd$ ze_>|Ue|JcHJcT!wZOhYS{Yz1PmxBm*8<&~4y{hqs@CAJF6dEs{E+Q!01gm=5>kQyp z6DHRPHHYBBVkl~bi!Gw4nvhRj!l*Jfl zHYr-1_V0Lhz4+$8y2k6axu%;pI}Ukn(;&=aE}&cRifUIek`TirNj05qct2$>wz{M* zUW4@O}c(RV#8q$HH=mVO9s&oP*m5)-`c{DRMF{!@CE zK(m9=!Zd3E&N}mc*{TYigz;YD{IRhiG3@?hrJ2RocMulTShWhX<{T-7rOAX3N8{tp z1(%LSBo(?oZ9mXhuPoiF8+#V>hY}N#NG@0*5puOYQH0&Cw~m{H;p$!l<7oLPi;q^? zFxyKm^@CU|`Y7Rp7^ss^ZuSgt-??MjV+alwuh?3UibeUV0_B)+UX;~(*ihkiOrV-N zJ>S{V#?P-o<&O3%O@3X&$(+?UU*bMz^<5lZY>`18SMTV3M<)TN*kBe#(PZ2rHIhi` z|Ki_;<|PpmLcpRcd4w$w(jRI+v)HX3qHC+@@B*jmuC8FwEigY#_;-R0`JiCf+F1(7 zS1L_}fb~pCir9YDchG_?(jR*MeG>JbNg7&QM#z#K$BfRx(eYKBN;p^ z9QbJ>C2-xAz)e0!Fn3Ptz6cE%qG)$JOPl*C=sgq{|Mrjv;9>y8N#r{=F92@wga7gn z*bt>p^put&aP4wE^&Y?v5+g_iy7^xZ`Yd0ps+A(J7>-;de*5;*vr-4=+|1PK)BdnV z00nIUPVy6F87`-yamoy0D7g28@Fi;03zlAtK#O=D1J2oZ{d8tcWUuu#35v};(p7-C z^BYeMj=*Hyl7Or^fuo^;$hd7t7U0h89XeDlmgAKNn~;QC+Z^27#)&YYF&j+Twpz_g zI0ySU*fu)#I~b#(pC(pmc(tb4sdT^dZd=OqWRqpIU49`-Qh8j?npe1l{%oZZ5@j7&e{|-v18Fh%>o<0{MAWwgi9JO$Q zN0!{@Q#>euib9m((b`h7*~o+ZG{kDD!Ao5t1a0{X?71+Y+d@SW-ehCEe=#LUCgO7+ zZpg47;$4u@A)PFAV@)25;Tp}lBypge4`YT-VY6z*<+hAW;Ww+|zN%CCwZjQSy@KY9 z7ytBFp0FWIbJ+t`2A9U?zAP+9$e`)0qwC0KEqphlRBp~vYLu3BpJNo3$3%y3TR0Ii z=$pb{tz)G(oqxjOP2nSJX;LD2di<15`ZEMCn1$jS zO(UR(Uq|{c1=K|tp!4yD9I*zl?{D%D>%^XS2eg31qQJD^n-~T#lA6#Y+{yFJsdrb} zq|Yu>tGp&tN^7zQXpZDNz@FU?3>nx4kZH) z`{L+R{_?WwxfTI$@>5KkmiS^hROUeQ^^^CCXIEn|0<%Vq+*f`+cLb1njHHPXj8a;S z->!=os;ub6)7-SO+(cU(i|*%=o;)xtU`{BED$Ml*Ifqf7F75-pF0%dJ4=<&KjjB-_ z<$eiS{kV3~hXy(7Pv+=>v6ART&Nkyy>W<7N^cMUT!)PTuJFb1U8LP$fx1H^j;!xpW z2S{}!VrOUkQ{)=6>qQ(20f#$LIFG>crKEa}=ylO3+P9ZSl(Os{ZX>3Msogy>9*b~o z!6WEu+Ezawrt>CXo{k8P=u|OTsPqY1{yG(cx2|B#_%lnx06u_WcQE93j)VQR&Me93 zkmd=`CK;6s!As{?OkwD+HQSO&pu>{CyfC{)LZMw_dRi=tY8YxD99uCY13;9;_C{0L zG_L%O?oPaLQ(@XRIBb@UCk9xFOKJ9}c{ME^qYCKx@Hao=Q3L3_x{^W4DQjr(_A^7?{ zGlSN9w{2gUQCV0Bq*t~bUqX`BH(p-mW=QHb&TK~@Y65DLL$BYMHNU_{E_;ElJBo$-S333&>`#v-NUSk%mD0bZvK zR(?3ix=G%e*zQ3;8vVR#>aL^afSb#e+p5xmde$HVM5%DKsOP;pErNk_dS5VR>pT;c z=eA)s3%pYXm6toBmJ?`bBb%+Sl17o?$XD4UF1?X2k1kfy;5$2-9a!qMdX|q#8Pn5W z)`OV8`~U3EWJp7F{}wpQvr{Ts908iwW8JNr#0gumYny9mHW~B%JSwmNZ9$j{#H}hr z;pU25N3!E-1^}5-iJds}BVMpsI-rP9Bg3<(ROKE~Q!sw0W6w@Z!%9ylRM z^r?5;L_|lJ^4eU9I6U6aIE6_(uD|cQkyrrQ+EHt=>oDX)V=Q>zFwYe z8kX5Imjtog%W`tSr@_5{ZQiD0W9+4d%Hqo));91@!~W()v0~?;=QKZ{cQ+)kH&hp3 z6fT=!_+RcL;GPRn3*5lk@e z7TV7H=3@vfYk3buuG5%(zH_B&mH1^9`h}dh%pnFN5w#|xCCslgV-sII%wqBrX({*# zWVdl)Mo00+wXnT!YEno$Ah=C{fSNqrP`QbNAK=U}4UvqWE~JsI^8ebSF334UiZf+m)MPJxhrt2FbdV!0pbQ=tAH8v3)k zJ5Gtw7E~)pt6CfLj)!=fV?)r1(Md?m1j-CIu&H4)NQfN>j~fMf@44e|cn*`)fWW|H zPBCmChU824&UfV;uCr@rKgFF8&m*uZS`fm1OYX`3c;fCl{upGx)J4r-EJ*cEA-pg6 z*R>J-`w6dW8^sPaU6)ESePW|B4B!Z%%$T&-9cnrp00pO;c)K$w|G6qn)}#-)o8KF_ zGkK5@dwM2O)D52m-DMBf>yp!8!eSbe^_1oXGHm-^o^Dyd$e5W7+8Ydd@p@_ok<6Ai z<=c0r3{f><%jZ9u|92L^f@n7yyco+p3|r1656R{2@w{TF*?5MHsgYVa{((onZRRrV z?~E3^wA4fPa;o2Y>To{KlUeKtg@tMmj~XI>Dwfyh#294#MN-22o`~GSx5)HV5DyR8 zOv79Oa^&XRAn;PMDT3Dq_#N9Lyfuk(V`H>h_EPt^5NQQL2@=5x}{g-;J zyC7K}UUtT7aVA9)-mz-GuN zz1)Hc^=_+KyT9}Lpmd>;i8CN42@zB+OU$g(8^PSDUT2)GHM!g&Cf^PIY$lkD`Kh$q z%iFBCt9CzOK#QR~YPQ~_+YKD35Aw)kd4bQc02v(nWvgI1JP9OCL(kHUT!@LWr@+mR zZjC6s7d+7m!X933Uv}FPCf8FbTk>YRa{;FoP^FtCMk?$(KIQuE*aaGQH;>2EcN69t zcRSls5sGB`%n$r8<6jzPv!nf40{1-qLMN)uHyST5Rn;l*Y>xR>8!w&>dc1^98w{HtIog&dZ&pSmHs766Z}(@t zDx=6$5HKhwpWP;hHLd%qlVGp4xggkYMc`!sk1AG_on%H0ulq3b<&3;wM4IEC32@VP z!}VKSku|-#hqAj7%vPISU6UD9&!L#mn}%@49Y1a7m+>2|#?(IEo>o@DfVxra$~nM4 zLQsxqC>3smYaoNr7{H^NE?RjO#pa^}R|w4Z0de@Z!Hz}kDn|xI$NNY)VW>FnUXW8R z@)i*>4Jp5i7c{dte2PX%*5NOHKENF!;uDM4=Mj$fM=(Xp)2ui<5bCKG$q-hzYvg=Y zNZ2w1IKli%eZtg&$od!~S0h0WJE7&KHuaXF#+Xp_D$Tmq6lRO?mgKFg#g^URtV?Sz z9~ymu5qp{h$6m=G*P&?w&k_HpvvX>#&vvv@m`sdE^OZz$Y99)Nd%d>r)dwow>Jh-eME-b!3P{b<%4W1`7V!x*z|c^tc@qbh_WH<0=j`43 z(_F)5CIT3LnVSs$3ckk`oD+uUi=!8FEkqR*G|0>M8}RqEof9a0qt9b*bK>uDiv(OQYoq$7Hke z{Mg{3{|NUrdP=Wyd38-L`Z@-lJ}MZ*)2Y`kB9jTwDN|Dd1k-&f=r@oavHuoE(*E_0 zAd<)frJfQDkg~S6^jO5%@bt0)s5i`F_VJ#MV%)21o`5@R@<-+JR$n`9R-AX^Jq3fG(!>4et0KhB0hvL!qx@Oe0vqaL(QDCBIx!3^ z*=^iAf@(@v(n;n#Y^ZrR`f9#RljgW}gaeCu?;eR~BG)u%o}5mwQDACv)GA&ZyfqSO z5ic^cS2=rl5Mw)5sFEPY1N8)sDERT27fz~Kldb4SvRJg7DfCpC36hETP1hU4UB!mJ zUnS>InM$c~?-n$znuJcCaQ2R=f=a6jjfsDOE_L4~G-JLI4Ojw3{=9Rtg!JUK;dPR| zhJJn*g<>~DbEaRKDF$244XjG5j^2^&siT8y?D`tQR(1Zuz3i*c!iU0olrls?VXVSI5lhIgzU2fFplc1iMBw&&jh3i{>RHbtN zR+H!lj6V!e1#~LKt_+3E3s3B2R17^iJ4!}?U)k$0Y}=bD7b#5c^cJtAe2Az7jiyb zRiw#KrTF@cDn|G6C{WmLx`~M^usDdyliujofX%E|52_tw#ELK2qC!UeWD6$P&izFs z;QXsR!iO+M?5jmk-B#xKA;mlCCS&rR7uX=U8+|^UY%Vr2-s%s71MXB(Ow&!17^4u7 zw^QfSu4@-Eztb4X6~|YGo)O(nrzKhXUV^(UcwA0t_9n7E{ngd8m>UQlMxC-?#h9fn zIHADGw>W|jOQl2+aj3fjAx*sgx}K z*6_*Q3dZrOCW^WYlTr$4>~llTIv3=+_zYHa1HZzHe(OdFa*d^lXJ)d~-<+l%voZm?~#CpVgP1=ihxsaAHQ&j#PO z6YlT1rdpKYOcXY6jAJRRl+s%pswe24@CrNEkM8N!)-rC93vF_}XX56{BBJ}SM=L#Q z*Zj0zGw<*F!2NlXg4lk~cMc6+Su4Y9Xyopzgo6*b;F_(Nd7B7aSS&G#&_Y zsJs8L$8e{fQYyYf;W=n=xpJf&x5QI2jze@QUR}ydB_s$b$6J{&T5MXGvEA=C8o74b zGpxI@B#5LV)A!b^cr^*uxIcuP6Daq6P#jN!MOW8%Db$JHEg9j6m$0-FvCRMQy+Iu1 zyYSE1=BAUok?r2D!d=wDa@Q5R1p;D7JztCOS7$~;q4x=dbS__#?zhG&#CYtmdpwsvO3cPvev{x=sn zH8;mh{ooC627#2f#(UFC(#z}c^SQ+cmR*1_n6MUJA8PAgU1AHGSZ!MAu_ZD4~7*buRghInv;joSwQ_P~ceXufVPm@&RBUr*OBg6d?o zqtj@n6UQ^ULx{6jlU(%5kTF_vmphu6QUp1xH?MLbULs8FA+F|@3}M^5*higf8z)`^ z$KJeAFYmWx&RsT^K}#>h`#Vb)Q-R}?Iq>G!+9WKIUX!98HhASF_E?r5g?uLuipGM31OW__We@KK9u z0I)wGVYKVHQwYoFw$MRQwWr#9mDb^JgDsLxgug9LIC&H5)gxa8S=E}^+wG90hg@D9 znr*}uF*c)bjV-h3w_sWT30A37l+PAm0CIyr`UQ}jef>=p=ZxE^C{VTYeC-r`8^9fR z6)gz@Ph__Bf8v&=t9BOGFOb-Z9YZe8%y5aQUj^XcQVKe`EWXlt0aTa4jJjuqJ5(Yb z@?Yy$ezhbC^s3XU0k~2E7MZ3%0jBATBmMQ(?FT|Of&Ebm=8trK&w2)8tx4gDRwa0| zDGvxn;gPf{mF`!&G~9Z|I6y7@j|Y=)8NDy>X*5c5%t(SFuJmFAa;JNwBW(Z-2BYJ* zwJ)xGGfnGU7|nBX8aPQ?m3jSaxk37wVIfO=gHEm9eAwuxw(nHGD35@svZ>U5(GX9e z%DzHO{<$F@EqoRjAW|Lpu_lKs*^kTi*)YwSVU3vt4cNPklfT-)1R z5dTtNKjsFdpr1WS{DSO;GJ?Mfy@Ww7YX?%N9|-xVH(YkF-}=KaNcGp-^X#|2mU>PG zFT)-_WFk)@w}&3M$#YKNeR}U>ay)NCYF3p2Io9IQAzn~yHINe41!XV4xkfd=UP#*F zy4uzTKKT%gh^-<$D-suaO-RpOV{)wKBEOR<(9wX^9!bdWs1nT?3?MZg8FQ$MF>`gF z7={x3k#^tz_esA13exxR;dzuwhdf~Kek<$u&0no_tQfRG{U*l@OU98whv_rv2kI?r z3VU)75zqGmMR3=iA1pfc_Jx*?ZydK0=kZ8nc}2AtO-~GqzFER27y&0u4)*YH3p}Q1 zLKB^0@WHz1jVHB*X%6FkC`l3l*$-eaeD^{UPTbMyOw{t~B8I(>{98l+xRl<9ZCc*s;n$~jwx z=MxN|76tF#;UXDCJprg(xm4GF=X*%$`Gl@Je9!}&Uc@Gr$sy-P+VWhv`p|d0{{U+N zZ0+89*xhE7?qB3V7a*JKwaXj--|oE$R!GpOE@PJWvtp?|Nv`GVNO3mO^Q!Tex8ebQ zn-yrn#zdb z*69P04;ZEZq{jitkj9QB_}cvSFNCD(LO+wAd{k2nv-78(2BSYwJ)tfi??0OEhyDM) zU;n64>3_XnlE3d)JY_r_h*|MLA5Lbf{#%4KZ3Y75$r4o1JTBHuwk4{_JH%}rvGp$;H5xhqu@0=cv$>**TN=LfXuW>t#gIUKgV+N ze-`#r9UluFC1dDMT~}c_=2<|t0UAXBnRxV%wKni@Ln#u1xAA*Q_e3tA$9k<80U#lu zC+;c*6&mnx=+^+jnhskqI6u4}t_o9j0GqH1K7MJzk8lLwTm1`Pgch)fTz(rc|L&61 zKve!uU11Grx0!IoFsuH5#bX1Ue){Ws3Upl|G@%@PAl3OM1H`)iqYK%G2+(P93`N$$@mUbZXUFK0LoBvNg#~S`M?Du`9VEVTV^#AgD{|`Tepq>0rB^v+t|2JL;z^k#! zC|`XAM%(}QFLU^w|NjI1fA|~vs0I1Ax_hzK#HxPj;`uYV{n0Fq!^vXJ=Zbd`|FM95 z3~-9?7JMT_14s-$PNwzH@;%;2RJ2qWgnJ2tp^40G0NfGS8?N~GO{J6$+;d9lTw{L| zyOW_Wejd-Sq(`JR97kX?oTC@ZXLH;>zlNIReFNbife+1)Wci>DgCLMK2BWe|mMc$8 z)WaOrb*Wl!-MM^J7{|4Mw#)IGhTJ~!?;ftpAqvcnZ7rroh9~ zc^6sPpH82r{y2(_A1&AG=te`bXm;a1%HAFBVG!vO#ydr_{}7O#xxVM^y!sXQ7KQ%3 zH2Gs~=f62$4wLoOAADO5eXLLZ)Recr7X8+K@I5s%3aL3mH6z2AUlN4;iKH3KqBQgB5``=!T?+yJrL{b z>PKdy`QyE>W|OH@M{|`%cX$_+_8gsk_SUzy^7}t;UNfBMlb^z%4gN5@EF(8S^{vYb zyy&cMoDl~N9TRhvjS@p8S_|NZce^+}0_}MbWHK5+6{97;l zCQ+enkeH=RPa6`&&o7={p@zIQW^rFg12VXse$Xb;;SmCiw@k{vj!HmAPXzGEGjvY} zmj6l>e{=`q=us#6G-=SkT~a9mT2kPADjq3y#k6v|;`T!}o%1PqOEYE0&T1h|%cy96 z#%H=Z5OnY}A8@Rl%5SU_Bda7s@CmI>RU|If7=?0s0(?~%WfVbJuPEZkeJ11>vrM*t zv@R3!ds{2d;uPjrEJdKV(JA`}fh0`?O%#*P}5_D{*{ z{@v!^e%p10;VDyvT~F}JXS+_=O^M&$2X;#TGe8(X1EPbE zCk%Zco`_eSY&G^*W}>K(2c)5{*O;@-CV0$A3}^X%U#HU;v3qiV8Gd$oXj z2pBn=N9`7K^zakLNy#XF`Syu9S;|^*l!Y00yFvaXvLZhk)L-lo)b#@`YNn$!s^Jcp8SkSz8w;~6F#|;5lh7#Cin~siCt=*H}0~)dZ;Z93>8vg ztuD4`O>5I4&S%TQ&zJi=px?RrZ)O9)h$zDY-DtDInDz5gYxC1?s;`eo61}E#0=0Hg zWOJdU(bO+PsHy8*@dR-sTy+44RdzmFTrV*CkDdFYGbAvppkvWF&O0CUf8XSl;i^wb zf>ug~h}^z>mHd18{_BgY4Hz`HPizI}v!EyN{#o!HdSXzOHR~wf>jNc%80G43l;M~( z^xNA~aMXP7;H=thSDO`S<-p;C|++TWD!Wa+$e!Jdd*zWEL z%2VhG%u7(&4oSmF=so7NMgs(B=oHe4XcXZ%IH{m#UFbt}3pnmZEm?u?H zup>Sq0%rhDn9WL41TYT*&B64VUw20n#~4b(d4UeXd+>&zD*uTy0jCYRHisP+K)zuN z_o;pMGNnWn=^L6*Z<;goSknSpF(@}HAp%ohmTFCALdUTqo2-{;8>Q`F4Kx4dN|Qm-yI-)-?E<7G3m5ESKLiM955{VOea`)s<#UmN%?>H&ixUJ z*&X-g3TeCg_ISXqt5Oww-gdo#1Fp9*iu>*NCY+nB>;DNInP4+>K$bCy?aEXpo4!m% z`kDHrs~Si8{C!uLBZ!f6M4$L29D%b$Umhs`tKaYNk6B@g#--$OIjow%dl}W3%6;+q z1U6BQMb07dzZ{H8?-#`Z;h2o-oGicHaNGJI`dl|PbVUR?p8SZLu2`>_Q3Mt4mgn7UI*$#kF|tzMtwf~}hrhC<`1BCWDrUdS7xSqtS7rO_{Gj6w8ckdls*~SxoAxhvPo>f{v3*tuh&& z*@;Z=sr-af{weBKG{H~D+T&B~dBV%_-o*$rcgCf+uULXvZY6#A+`dHdlR#DASa|!i zbQDAL9nepVFrGKb@YH9LthfEZ=irs~nA+t#zxi-JSFGsf6SFe;xj&y#9OUx#qJ80< z#ND)?@zL;E+MyoEkgPg+z3)9m7>2qtWw#FJIv zJghLrf1r6|ukPnFP&P81Sgo+s-*G)pkoVlMkm3XVm$ovX>{8=dfzxiV{zQCwo3m{; zMD`4bSOJ>TyC84jrBkY%{Q9r(Fzu&Zad7WL)jR_~R@T%-&Da!B@P15HF1+G(z7RS9 zb-EI^F3)d!cNyS2y<1ubM}2fA#jUEhbE{?<)M&pUFoF+2U32yIF@EyGgFbvd zS}4y)=C02jtaeO|wju&Y%N;icf3?1F>gxwW5aUmn2Y>qdWIMWiumhK>i*=D_xgS~V za0{D#cg1J1{!yaG|L{^Z<4xo7-ov)}DlT{DmyNTs@MZr_%%b9_(DX+0#EQv!znnVm zE^vHI7#t7zn$?~^@@6M4m$^hY7gX>GN`vL7msyV4)AnlypGzw)r|-AgCk(>ugaxGr zscBrZWIRh;#N-9gBD?iH(qM^Pc7%xw@cr4>vMfKWwmg>64fvbE5v*TcI&4Qwq7RAh zV*Ta{x+Xi7=fc?*_xoYI3ZJa}&8Fim^c&KP;Yl;X$Rkuzs|8(DsdW&onVc`*`K!)T z`N`PiU*erJr)x8HwFw+AHPW_SoH(*BtdKkyWs6Q0BA8quxHLJVu`9SekUU_8K}kcn z!T2JD_sG3upf4y`v-bj^@v?E;cHu~e9QjomX7J2AIXrVtme za7g`qG2{Yn#qycdn}rrr$@;)GajBEX8B2Pju42qK*q(oD5j$D#Six=4bpc^*zkt_S zhcW~9L2XH$a(uj($SA6RIAOF|{80LiMnF zl7B;gt$$+-otNk^F^mVBS-ny-_gC(WrCJ2JwplwV1v7Tz;4L*?iDeHNHE9S6dS`^T zi43b4*xpmsOP=lxY><#4bBtXuZqjk|@F`r+A69Om$^_upBzWD9X?$NFaEP#`=S^{^ z5zNqg%Hbc&(k~GoWz*YM!kP+d%jz?x&JwC|m=yPUc4}h0AV#Z{;}n@q@>W_%{GLn0 zY!`Dn5#W$!%e9Aav6r&wHJ3yw1u%mPgg7n(9XJqtqTZ5v- zbK0vh3I(UjEz+WfjZP(yJ7JCBMsWN2lziI8l2{}O@1WC2X8urgxGg`ioasRzPflhI zZu)1#jB+5aqjcPIp)=mfMKJF4rmH&nN83uHD?c&)RYHahkxcvJ_0e3{h%ft}`hW?j z(@2n_>-iExk!)6q40oh6nRwKP{GsL;hRq+Bx4IUaSkXVj8TIW#k%??EKk>-f<$hdh zbL+Z6WBuIiKG>-?4ncB#)NH&^eBI5F=0Lgpx(hs-&cLG?|9hO_d3$&&YZ9OO<)U4v z3-|K{-cF(T{?5Yn`*joGG+9{3uFV&3m@{7|uI}QO4y6Y1LPU&82{>ClQ2vBk%dw1X zT&~W5JZ;{1iS7jq7f=V?fD^!x=TW3)-GJ2Lhr?5kI-Lre>suyK04w z6oumhY^dultAqBtNIRJDkrllxv4Ki6m9jr^)}esPKAQQL+hkncJrD#Lsyl@H^N7H9 zrrSQ51#5shOys};2CCp9+0vy1>1V-=r|g(hL?#(q3%M5sZBehM{wZGFy`IELJ*ZBmmo$YBxP&!=C=iRXq^$HgUwRoJH~2Sr zwpsBJc%JI=QZ*!j-8db>6eM)f(_;Gj2rw8y0f=gNOmTZeV=DtUNVTAu<7Ifa7~L zul6TBT^dO_TvwZ@A1BkbtJZm_OX0SPR>IubA;xq`0VPn$6SKT!_Ag1s2+l2xulhdy z<|Zw7W7Zkd=mNBr(`(*}H8Ql(8%ZR0x&A>)r9(j-3DfgdsiDbw z#0-FOWj6Bp3RJCXo3P*U(3rx@11EJJphAgAW47%tkpN)YHYRm>P2gQ1bO z-C{_llKnONcnyrlBF!joIHuLo-pdbmVOC5z)zj6pd*3qK4Hl%wz@U;<9o3=6sCkwG z_)II<;dYs&2wA)yNM;UuZ2<`BkLCeF!cv4TTFsx_#?Ivr_jHh!DOG4llXJS6bb9D@ zeKz{Ehl!dt${tBpBaBSz^}ZG?Sa8E3OLGQVh+mw^Zg9%3MRu9A+T6B0I5J$mn&93aP>lkS9C;cwc~y9_DG7_HZEnYTm}w8!AS}TV2jseHL*xLfOg@*igL#TS z?mMS$>uh3Z2XNp~yiA23y-z57gyt|Sy5LnN0ZnFohM^s;fR8^tkq2Hjv^=|eaN!@c z@FTjVp^w04Ue_j1x_gJGU+IKco(N9^3bm~J8qERC(qlZyOHZ`}8HJosnj}&0wJyQx z;T@zC{b}97*c%=yib6;-qpH-+LDr4;^|c3FAEEoYg&R;L%AFf`^a{r=aQvBB?ow%Xh{sQLiuyI^1N8lludGB#PSTntX%uTH|6AZF);Tf| zBfpA7+3ee1myw_cmBwLL7}u*{bMF+Sf-7xgZUJx|sdKM~X4!4)5p*Uko~t(VH+Qkg zVUGYQ@(vb)d6{1S6(98b5YWRjXE6aDHCkp$L(`TdAOoidSLn;uEro^(TD+X z?QcVPhv?EQh!pcY$+@MH|;WT}9Xk3QEl?KkOGq+0D4$%=B7KPX{ z^1~)8fwYsk+w(p1YV&1O-bm%|*-)?MhfY!2KVzAS^E*2QYV?24rZ=b81tUb^*;0w< zv+P1!5Xo=$buo{tvtCwaTAUK_?yl34Cm5uM2JlHJTogeKL)f zO%#K2#m~gn{*?h(kf@FE@V+R1PmS=j@Gso(CNO~ifI`w{ZH8+#AY5OIYuInWu^9TL zXG)(ou3J>YWs^JLA3lYtYa42`2}kkDYGwNZ?lu3-6qB{d$(cI!_e*@+WkXi#M${4?KjIBKz7|(r(j;|F6ApL_ zk z2(&xnIt^B{XL}Z9)B=y&QBD%;#ghk|QJIA@B`%Ys!o|1oy5umSrA8d`Rj&)r{A}(n zDG)ICK6x5tcIm1WY?V%H%MFBMjUO8L?{{^Y;rL#fgomIp>-0I{o#w-wGftSXM{oHq zK$0OfQMd~{+^}Ve;K!_e>!pEN_d54UgdQX!(@4S~T!6 zDJAUC+-R%6UC_gwJ@S)HcL^$}eRhd1(n&a_a8CkUT~|Bd*^q;A6w+M?TqtAP2HYqs zB^YAXT7Sve_m2P2k^hDFixq-5p7^-XGX`LDT%qurWc9$JBRyn&7=m(4fY`LL+>a}C zFpLC>{9UF>d#DTYTsjd!<8nPo`NLLZNX~5h2O|I1{E`rYz_)ueU=OEL9LwqgALSgU z&9*r1sYoLlyquV9FmRAC|CXeI{$K39bySpnyEZIH2?8RiAfR-YfYgj2At0U7-HkK@ z5`su6jdVzN_YeZol0%2Y&;txT#CLH&v7dL}`+L{^|NGW*v1TDI<{E!-p2v9vH_DJL zv{DpJRPhxMW`h@xa(GrAkLkU%2pZezxJQQrdD!pGL0S6#X7p&(OS<~{JeK~)gNNdF zbU0~T5oUJ`U&I$o8h?|{;d@g$!@z);PuK!gP%RMn`%}9sI?0006ab$F*8J8pf=klh9lSc{9VCeq8uCs@{e&1zDK`Hu8*kb5`w= zmlPi<&kVIVi5mnhN4}F8VPu6D>NeLA6uI+=M7_TCgTz$+^mIR4uz%No=dHkv?#2LWd*ZS_DOJ?icZe-8U=XWZ_ioC^_&8DN|Xmo-x9v9qkpQ; z$Qd5sM;3+l?4bgWf$6-vZeEtv=!^dQIQ>Cm(+O!V?yU*CGgVueGo5T9e$-Y;}e`oXJvM-H^viCq~MJ48VHME_Kaa-}d&gXVWUOBIuA0=P>j;sh#~qPGVoO`ZB6r z)#TAtX&jx*cI#@f#Kr&6Mh-qOi}HHF{#QZl%c%U`Th1x=Pr`sZ`@%A#lV#aD5H>Q| z@wx6abV2TjPER0_aP1ex;?o+Vkb;DPwLwP?ZJ;w_@@9MU06LXbtKT|RtSgc%p`RG} zWYg*FVZf322={pJiRMV)1j<`CThjR%NwWt+V8!YpDIyzZy1FG0a@9MAuG4mL>htX3 zbWd;Z17>zL`OK^CT@yhTji$J;9-Sebwp+hs0#>Q48E0TmXbd>ow#K^&D|Ilsq~Z*O5VQ{kXdti;(*>=E5q62)YRBcYO{9;d#xbD7NE*zih&^6VWjZWMDC ztH%epO&g2wQ|wl&m5~Z8`qd&1g0i6NV^?D7Wy{9hXlfMD>+kRIZ2>b1n?km@RbT9? z-a3J?0kj0!S5C{cG3joqwKk+nJ0*$qt`>S@-h%U0=EXv(20fH&&!6B3ICO6dk?wey z&Eesdog|%5Ki*oR8J!XubJ?qN!Ru-lha%X8RzG2EabxW;=sbNJ&3Dj_d9m#uK1p_) z<=Cl)nR|*a8)C;Ac>51K`TtaQnBkzm=liK~@B)}453`^vQ|HkOxiqkStu|9sRm_W% zk?Zx?lT*DkwZsPtHR==u!dtLtRAIr!NjC3Y`|I=%Nrq|B=c&c>nQT)3v z_#iaGoc65Pyu>0O&jMo|_KH~c-)qVY`2lZ^ z3Q+RR$9VQ!T(`LLxm4hdxcPAcZY1_W?8IA-KfB#a*A=8q&(%Q>x%V&}Qswsh9o!c-9=(Ca$Q-8rb?+CYk+ z(S;~Q6g9|KvIVv18(=PVEK*{S{piBR6t|q0;$H-x|GI*m+#hE?|2Z?`P{I!k*@bDH zmfHh9>f|2tJPWI(bcDRHsFMf~G5%w=9*K6SobA`JOm`B*OKI&5zVPHdyAUQU-vegD zrUay%s?)&>=yfr-%N=hVWMdkaJQU2NE<1YrIkPiwtni}A4X8!F^2BKYAgT0dKtoN! zJ0f)>DB!Cq&kPwmWj4;(dDx}T{m`r?hNgP6CBifn-n3^J2euYC0S2mW@{cuB?P+V> z_YlTul(HtiZxMh*ZiPse8n78aBn_m$*L{JxO6BA3O@D$1r`l?GZZ~?yr1P37;dYu;jvjT+heB0!>4%86vw)(jw}mlnr=8@Sp8AT_p%TzmFBzs^z8c;Qhq0Wg8v= zTYdcJ+E-Bu74?vA8pimJtSj9^(9_Kz)D;|acNy_*Kay=6Zff3xl^6_3mY*Lo)w2JB zSthg;sN{V2?g0W|TY62x$UJ>Is^lJtLTk@hV~PF;2GoB|0 zddpOYxjOwgc9l-PYeriR2QDpCI+G98L3p&x>2s+!0hNB&#_M~3&JS19QWIpT_gTttdF3_EWZAPG6&X$K)Gsk`K0E5o@Rv5nG3G*`tp}!eklW~| zZq;3*4r-inPC!glCl|aeIaLK{Ecvhw<%wpz`PHCszDTjQAin9AeKd zDs=9(P`}_F4w$5+Yg4ZV5S+0E-QTM%0_+Hk$w0{ZFIOri28q9t=*|y&TE?y)M(xFDUMJ&pjj@e z3J(2zbA8E-Aj(QmsW3u|Jto|$gSz~{0M^(v-_c(3$?%7jUDOa$YL%OgXVY&i0>D&C z-S>pY$9ANM^LyagLsZK#S>0Sql6t?)98($$wwV{w^XN|(X2$2slWpNx`Z>e;eXh~# z4g*%|onf$`XD03&mPo>p*-iNP2-z3FXqG`_=?R+0mT9k&^61&ZxMocpF2~z$Tv*Ec zYp2ME-Rg4koy(&0rrru$@KAgrEqyP{?4U2LZO1`k&0(S5?n((DP1|3F-hB*t>^|=? z051#8@|&SqdH;^=vCX$j8Rq>zi<6fsix@7m5>c06SSeq3$k+|zVe)IBSbllk7k%?+ z$GNL-z!qvXn!VlDedu;{gD;b1XZS`(6wy+~!oO=88ilwu9Zs&{)uaTFnlR=fCLE1UzJB&H__y`3E8Ykv zg%rDPonFhq7&B52AQ@j6pXjDJR@h5hYe6DUTc3uXk?2Pm&S{I~XG3Iej;lw87=}|p zQXJzZFNQI8Uk;m|`W5`ORGQxfzu|y+rO$yxn)Rh1 z26?;1J;#Wk-?tl8w*&Ijo)v4*u|&!a{x=2c9ZxHS_N#!O5+8=J0mg%`?Tv~6FDZ5^ z*nr)VM7(2};o#TDS|6SreY`OQFkR;L{y1l;yBwbdY4*Xi@U(tk>s?F0I48U?`9l0h z@E67f85;khsV;sZ&3o0~c!F?UfND?7Qb9LAm?R=W>FuZ7uLU;o{fwV98&YuC4z}QU zLk4aGtz}`yLKTK(^3-^R>O6%*D>h5=Kx}u`CEX=`oMe_I*AFEB)G=DVr$p0% zkxs{`keqiU`~numNuFIF&@G?%-EOYV+P>3$d8b=`SAVHfdD*(0!SEVkTj_H~4QpA! zm+(P2DLj&1yYV*}H!RjvXaXm4UQbm^1N6a{*Ze<#i_WY=hQ{aFW14|O75PS&6`$14 z?x|sUf8A1I4pwz6_A70A13pOb?+!CvPgxrXto6_Elzlfqc$he>@mpjlHhU^LJs@Sb zxVz6`F*4RWTf1L`W^pX+77d>nIu^`vGw!8GRL?7*yAtcf50@a!lMGi=1Sg=;1~-DdLLyZhyj z1Ty5J&c>DdO`raKf?s`y+zm&$n{WUG{ITa~B|=LjTYE(oPBRZ-0}gUcUXE=XMX(|^ zn|WoW2w$&=#u%;MR>rboZK*r%VT6}?YFPb!0F~lzR!lr_LX@nd_-G_gKy}6^bq-U^6@q2L^R$pNO>BWJ(W6o;2HEyqVz{PKf<8wtDaO%BD;yc03t zeU$6^E|)MMwJ~P?=oYcl4O&YQ4c{r}a-6-oCM5eD7Msr~AMEx6CAwgEB6HkV9!T-- zl~T{(8D|;|_vl&Q`g6^znz7wEGzwj#ypo&W50&TuL8}?lHe%US3ss7Cg$@v z(gpo-|Fe?ug*V;_zokXEv)gA6>y7~>hS#UpR21M-Nk?ZOAw?wY!R^rwYkWr3=6U-y zdJjp~TflHnwhn@FC!TU6TG9TO7XVs=PP(vt$l?h^_ap)hC+Wm@^PAZ!K^%Ts^JzrU zJkoWY7mhMlHs%#2u0V_|LNbUN$kWj2K3j0;q}(*YBSsVW^yN^1Q2_}aR6CA+#&Qg& zzfGy7MVek@^h-rKUCiAOjl|yn^GSno7VcBK52kNisj%d@mtAo$e^m!%s7ZrT1RY6r zWK*X`L@dR|O_l`K0_A=4jr1sZkG(8E6z!VU)seMcg)Mr_{h7%$ukZ!!nDcyJ_;x=0 zBl=TSx2rr}#BC}%rxKX2{YmL5&&{$JKJ=;Jgx1J&%T5SjFUIUCcBHFXt>0yz|F(=D zD4esV7O0o*iYa7NDxC}gvJ4x+@o9;Ec8iUmS=jwbu=8|@DHd`P0`0(a|GpCpH zk7I$HTR-ocPv2M-YKt^F1u9gTj==xJ+6=sx*z=0*dssXWAO5x+<4)JESMsL|L}CMo zgz1*+o^ZC_dDD;xDZjOC)Ebtaa0yLq1#Lt)cLHRtzT^uT$w-??NkBON{aVzzUww7B z5y%kfo7baDBV(@9Dt}K`#;m2N9$Q^<7xnUEB2C!3#me21^5om`x=MLLGD4dZtt?Ed zM4LrfuvEKkZ;CNnVJAUY-mq@;;4lZ>+4)CzI9*8Cosg<(XQDRrjxZ&CaZwr-IAbvlCNHK`mmAn5nK)iWJu*vmI#DiSh2Hh?A@d#nS3;(0w%Irgquyjc* z!Y7P=ms^%9YQr^A(ZGxe-E21EebGpEizeOn3W&n;nUx6 z1}U$EmQDTPiqGDGgzsq`XiH#WJ^JdAn{wpXc5U!sZ%k#8GBNy) z8hOPs)8%Q}w3dm9^~NLE7(-pHNjaTuf$I%mxX%t4S;#GVXkf%yaLakychaZ1y{m)x zfV0Z*`o$?&UdD%@D?DAI?~h}l)07|K(FS2a*q>HLzT>`sdwxi4W7l}}g$)Q{4Zvdl zmf#BbB$}N6?)Y=ageqX)Z-(Yrv7#P}LX4hW+*t~hM?i)mR6P2Br~$WnsE!}D_3zcSIJ8%b=^-;(dWBDVMcQU}iMX&}N?qTp{4-Y_4nMFp`6)o}}y z=)$pt3@pDvZbS|NxA^ZRO}}_vQ*s%n0NY2c@+GdGyY*O=5cee-_}HU`@bzm#^MSw?kpB6>%tP%raT<;^~QAw{o@Dvkww=gB4OpFw}+ zKN8QaN3d$5Wu8WbDCL?9j|2fE`KUCL^UvgyG9v)5CRXm!YuGH?r=IhU0~OPaA`Mtq zGz!kbH_e>yAPiwq%kB7LsH(_%WeMbm&o25v`ybPEEr341DGY8);kWfHM^7R;2k5gH zas9KD7;%#4jSnmqJ1Dws^*xS9FA!}kv$BZCv&@#qNtNhe!7yOUtr|Sz;B3t;nKQ0V zjSvX=Sos=iiPe-RMQ?#e;N#$=E#LW?2T$-OoSaL;tw*c`VXFTX;<)n)TBrPY7K_X2 zFd~D4d*5oI>eI*2z_+37|=b}{j)9!?kB}90_a() z^2^Iq|4_nb07`hpDFf^4mT@=vVve{|3Q7_AATW-o&8t?M_GKb@udPY}{vGe=m$dB> z-Z*-&ogd5q=cuRlsrJ)BKf}gqDK*pcKi(2we*ry`GS;KF*%__wE){x^N0W!2O)+cWwtJU$^jdKDwR4|{wN)@&e8 z1P2;swAyl`(f)3-T;sl|1wt!<1`Q67k60Y`JcF}xdj>Bn%Om6jbZL6+4W>Pa2Wcl_ z_-$1wHyfQW#C39b~E^R(-v9Z@nAslY5fUzF@s^bE=!T(R2qfbi+G z;j!Pgvqs*W*XfCw*f`C?*v$3sQUgF%NXnP5q+&pt3eOqx0gMJgsI{QamZxtHg>8G( z%`<~e-H7AVl>EK|29+KFyYJXbJ8HS>Y>6yQ*qd$oP{nY85V-`zRg63*C68C2ZVM8c}BY)M{+PK3qfYN0^AZtp-NHpUn0?`CT3aiT&hLV)7=cMAl~z zWkr1Y7RBfHSLdI*D&3H3*W<7Pj9GFb@;O;_8E1?KPd|+=R=W%iZ}3X@TzciRt+^@f ztWFD~B3zdgcOJ^bfR8>J!v?q_m8-MUfG68&>=^lOl~0sj;Lsp(_9$Ux}*Fg@Cc{>#lONz46KU|3m^c)x1= zwHFEyw@-K?PFuQ8+RqQZh5Ceu4bQG-QJ3#lxxM0_)kq|j6WMCoKC^(7wbo`3a`QUN z=|l^zMCpD5<=YXQie-CAUPeXuT`bPIPWmJa%R3q?pH9ugq@E;8heKLFhi@RF-|kS^ zH(u%l+8gHFXAlrO<#C@2)~O}Y`Dk-?T{|Ivlp z^x$}F937^c*)F9rA$n1`S${_po^G;FNi}cLS{q2zYJ43!fPCA~$#yTnZJH4&@?o=r z*`Oq85HV(kySv8k94)R}zEmN;9x6!9ZhB8^RT+e0IIyblzx8ticf6&q#T+=;ovqb< zJ*v{AE~}N3XSE$H0P;Qm{2JPA_xtTEf85bG@a6AxF(36O0DnKcuW3QVV=u=1iUSEU zJmJchcoo-#B~ScUtpJQaetOU2^eEBXmw|9_d$-51uheJ&IMlIQ?&Rs_sOgx(jkNXa zIJIR1+)(|Joe1ZfwLUeM#_ZirYvrr~Aa#|-S-+dr=Il;)jF8V!24f(erwG_LtRJwk1jAnM|%5)~Z!M{*<(+^xrJ@m$}fO$G(2+#QT$@kN%-Ah2KMiV$nm7 zgs{INAOELm+wdb#_XAfG0By7(G~m1=8dm)skNSsxG7jum4{8Qfd?-d^KL1Gyw z{XTO+FAZPYr*FZS@&;ruN&YTa`=`7l;Gq<)Ye>^mgNJ|Pn6|%HSdOVO|JfpFaVLU# zRa_nv|My7Ve?F!N`Z3No_uYT^UjOGv=<7%NgHGfKpd3;B4AgkxKn!>+kihtNFy^oC zNJ;^uc$JmazP~^D=;M!Q7@z)Da{Y_TclDzE2hY`uK3@Pc{@?!@OT8oCv^>!M_XqgD zdI1Flznxq$gMY68|1ZCsb_h`LyckOPNczvu{(tqW9v_4QZ}I9AOb$jLdno87@TcH>NScW=pPZYi^?P}EV^tQTn zjTb9V`M>Re&bugkCo3L~yG{5rsr{p6=;xwI+i=#SdbgcAio~8>dvqYGn;39ISB3&Y z-RV$OjuwXn!#|h7HraBult1yfB5|2Lu54r9UBBRu^E_+4V2n2O(_HQc1nGmL-6EzbanD7KnUeKI|S@)2XTfvY-s~N zNYS<~nQpcEZ58pnfAV(>q~LD9*#r;%wREnY-;=tUu;x>@0K8)B&)3FBuKSW2gC&=b zx75(*59gqc{%_&uX`5Y`G~r#LgvEBfExekkAjm9<^Kv_y8q{Cu%Jxs!13(A&a}Dsf zIdoDSdSsnr{>oG{<_L0{>Q&gY77d1l0b=6^%zr#~r;Yo?AW>eQKGu^!qN#;H{Bn9* z`dX*f-$p;9Iu($4hO?Eo89cc)@>%;uWEoR&meY#e#mOC%?j+zU${J~N3;`n3{~$So z1cm0ktM<5_x z;1wVxeZ^R>L(qS+ck=X1$h@`MtS_4&?Ul2{GWMrAz`nmcws?=|{f+heyUe;GTWR|3 zleyWYZh#pem3mC8(%@w5=FlEy>AtK(Q|&tf*u#AT)>S<{E4Y5=1EVx(uFhTy*mgH; zUr0GvffCTTtScEb-Bw0kraJ(LP|Xd(1|&Y-_iT93@-~yuXzx-26R$`(6LLl3)ca1Q z#%(lPN^(o}hr}Pt`r>L(Q(EQmr|PyQ!%V}R(yn+wXdgbLTUT%sS;q;;b$`V&c{I#m zC`5x=-+K$rG}`4i0`oCv)hT!tIWcC>M>RRh5(-=qvI0sQ(`ieR)BS^DA1yrDtz z?sTJC2@1*OTzUL6P~h}&xpO;**yRRbK&Tah2Q-o|d`@>A`b1ZEt3G7ot+i&NLgy&5 z#y^R)T>~};ca!I`)u>@&-Jx0Pphu1{{`o^9xQIEdY@vv76?BKHe8M9=qPm|7--bjy z*qOR!An0=@JbMkO9*?s=mbSS^^yzSG+745&In#)@l&NJ{I(FILKakN+HSO$CNcovC zq&s;{xwlE%Ybl&?KD;(LRnU8hPx*8BS+iuHDuZO$pYEaNWUaPgPY6f8VwylG_x|Qh?EAJ9 zuU6gc)=n>i@8}W_GZg?!dUilGgY-Y$$5`B6xm`UkU{}#mF4(-ZBp;Pd`K(?LS0f`= zZ1w;goEwv?uKJuITOtlp$UgIF7u8l%@W`Cy2AMwRi#SV1iNPJ<^K+xN)X{Su!yakK ztFp8UU(0tFF6-|!P!a3VBL}Qk9={tTdza^>Ovy`cPWMsvK5t(|nF83hLA!A{6>sG$K9KJN*D~~9ML+q#u3oIeKLSIC)OQ-lJccmkJ^y$Q9f$Vc zUr3;@Z)~-{KnLUQp<&b+qg~(g>K%M<(LXV#_vlTMgyX2k&Q$kth5z9gQ--fiPgIIg zx}Swg)cfz$b3Y$8Zu+`zKF5Y930Uq!EH*V@4TonV&AlZxr1?70j&d_xzgulBUHiJp zEl@mFfGPJzPBiGWy1}^I^%66K>vpMIynAdC7QsE6For^~4`|97AU1o-cpGI`r7ezf z4>!gJ%3el`-AGnYn;+-xPw&Vihu}x|3EU(a`tjG=z&uvHKOk(%8ojORwr;wD2svJo z8+tdQJQ2Gh`hxfTzSD3T9Hlm{^c)Jc#nwUgKepxBCMx<(>4g@tixw%KR@po^)Lf_W zH7YA~`?=DOWj*?bVI%K>V9MFzEiDC{FHP8;`wb_RU67hPG6(l%+)QqYBhR?ye6qb) zsmFoW{m4@{JMaBQ@^?Vc_kz`4jwXlh&*48HL(s7evi&Ml?`D-S0ULbE_9}n0a%lcM z;2PDm%Hx9REDb`Qiv2M~;s^N@)1$dqx zW#Ee1$-NfJv_ZN0ZNXV=oUt#Ah@Mzci1UI=nms9~eD4 zU$MMH(w~SO>1fSt_cA=?)IR^*xcTSSJZ1eyq9G5z?IeCr>q!sWOrQ*|H)OnacWN%L z`K0Y=%$4(icKR*zc*E9%{ib3BFJiGdh~-lw2#c-q2_|O*gWGnFFtvk#e#m;D2g zfm1H>O#%@$@YlPw?@=dlvAW;cIGgEpX~&Z&dy?l6Ny+xLvH9=#F4e{$;`(GP>vgyM zO5$f7Qsjmf)R0~0(oWx-K9ogEYukc|r9l*Gp1-T?rM`&ApetsAt}*CV#k_DIQ%;yk z$zifH;wdDk*sKY*m=W^?=i8F&?+nC~CzC^e^7&fThn+5GH9zy)yT?$vbu5c-w20sD zjMX<7xd+n+3-mg>{CO}msPTr2Zvl_% z69*6%+3PWGZ7ANK1a28yQ#qDS{s>ro{V1d>pR^8L4<&t5xpjP+pUhU?Fu2=fJ2Nf& zEhAABl`52vXtx{xV2EpI3BB6wvKz zMHea?efjAEfT#L0Xh$2yL&H^Dab~=Psl3a#!E_1|JMBq%krC~a0ZC{)2<#9-e_?{y z<0llE&~x4Uwfuyhjt(g*_QS1tSR5mwoT)p-Ua28bHrIU^tKBOy1_)Tb{ zMc6#`uyL(wS)udb`|+w{;=UN2|JtN)kuMNF&|DmW$CclL&h4v;8RqvPs?=)ygNF2n zJ?Ak8Q3V706IqhJ{6Vo1UR zrt8fuwO5GV){0}PoG;1K?F0(2I#PDtoqeCH-A2MUWrr37iTX%(gR7FQ1G*4I#GGb^M_E(s4eoRf1LO2%!HEi+S zJyOX?Y`sX>nkjZvMk7jxA2Ox$GG)vT`<`8&t&Cpu7suSD`rUsKL|gMB&0m-+J8IzI zO!dhJ>K-g{t7n%yx}-@q)-TFgz;G?kG$f7Q@@Y;v$)|tYj#4o6n{@5#HT+Cs&A>}c7^;fkF$bKX3S9ncb=|W0vk&$N1 zUNfRi>lcR^r$L1)x9iMMia;+%(Bi=fi_PseXexiH@mp^gI{j=NVpC_L&;FTgEBS0B z>0a$%QeY|7+LFX{(Fl#i7Jl@m5K&Wx3WU1PiLs!=*wJRE25FE zOchK7sw6sCc0)j#6-nu(rsY1yP{6!s;+j~;W#AoM?P`5Jh8s5jS^X~HTnuy5D7E^@ zXg|&*hLZkaX@9S5%s7<#@e_>04s4p_^i~uWJkBsQUG0M?i>FqHqYBHD4V4}IXf~^h z2^$q8S-vE&5Uz1`tmn#1*KW6BAkQB7(;WTBRe!gwbTjU8NZ3J8!H=JRd`%TFb2jK4 z|K@v%V6yO>;O$9WS(Amf$+*waLq_ z(9_RVPupUIX7v_V+qsLf^Ce*0{QVOl*hW1d z_rt*21B=y=Na^(qpQZZ_^9QzNytQ_&9dbU1);I)-C(|y3^kE`-Ia={6wMv z7Z*7-H?UA+8xs9e;i=%eY4wT}9-3QUyXNIhXHA4rShde7H$LUd3I!g7m4VMSzANfD zd02_m%_duCeSjmrdPt1Rm%AD>0vN(P#n2vv`bV+U{%HRCl-~xUc=Qa(!D(gIOR%R9 z%NS|rf#s7dxTtNhF;|~-VhTO&$m}5hZms6P`88m%M{7(s@tJT9UoVyZQZ0HmjV44M zSmMs{g~qz#1!^c}K}YACoQ>b8QyLNy@m`PO1g7L50?~H%`uGIGxm6YLm13H^54VyZ zZ;|!{<<8Bt+798KqOI*VtlU;#Gx-Ns+gg-ksanUQv*9v|neU(Tc0`qht7QazZUh8; zW)dVpSDSQmkK2=$uc$29UY0=}f>XHa{c*khwjy;~rG(qt#C1>wI-J4lh4~rIr9)OJ z;|^&Kimz^70nWC2^Iw+pmRu3@nb}z?Iap;!im)stFltcW&^H{9PCC*(o~E)?;irS7 zV;;&i=fwKiycs_asMA2ickCi3Zg3~X&_g`*q7`H#VuN)%kL3K&p?*mPYMYQm@r9E$ zPf=tCsnrDY07PNGI@)Kg;s(W2D`mEim*j$2QxZ5KeFf+S9IMPH`wQbW){rk=a|V3J z7KJfoY;EQ#`u5}dUb21j*unyQyhSMnVk0$6D>%BcwWISMx4wLi1J`fh&b*0QTGN?dy^)3We&;82z39A(-F4;WG9T4NTw@auSWJ3NUH!D! z_;_ub#I$U@bt zPEa1e=EyvJGn0p-9qP>UTlc#Nd4rmvF3dG$uTch+q?nj2R>bJw>Nobl0X z9v5kpwF$5oOh839^&GGypNT_<50u3*aTzrRz;Z>?`$pwbp>wW#e3VuV%PTVTC-NN+ zA*c-7{Wc^4?0Z~#C}}}1Qga-1bwKBO(1HC)YwyT=_@waK+TM2xGlb>!Aebg&;tFH@ zPwqyUd0zdZj>CQ%+<^RLt{f6_R+_-U&7d7NbgpT3tXBqCa^ue_72 z1y#spKrWFZ;2?N$M8x(?84s=ra)j%$4amF@h}=cO-5Kic9Av*F^CA4S{Ax8d8eJGX z49|A(39tFy`DJ9Nxef2USKzp1W=X2;mSw`~o;*DG8LNbyK}wZt6y_wTgnNF7+6%Vm z#YTqk)hlGIfYL=Opgx?%+F31LbLm_*LbC9fcl$|R`J=bioh2`Xpr)Bf0f+h>~S@eLRvuo|6RG8G*Fjows%INHjEzN3VhQr3m?iL4_Z}iMl{9ZNBYq}^w?Td5;wlk9J3Xh#I3%}nlQ@4)JWI;)V zXW*khp8&V2PTFV$X*~PTjyB`BhR?XhlY`*y#?n5&fe==7Ji@1>GMyMK^TUBHk=KnW z#f$X4ExPxcvIewZ)Vzdq`*mSCDMw*pwpQPkf>uUbiF7Pl+P@&k8%oi(Bj8c1d_OEc1iJoiHKsxw@)Ge)U2yP2Tea>IuyLc^?EXDXW>AS|$yGu#%Lkjm4`q9=cmguK!heqK>nEfjD)% z*phqeHD!g$&S$zoXC^auhU_mfEm#sH$5*Q6Uz+??el#m>2TD2iEm}2yQC58>a?U`3uXz8n2jfB;yZ@)K$!Nv(?My%Q_lY;NwDnM#zB*%*=49 zbBFUS2n>@cH6*=iJ5qu#r21Gif(H2&;I*uyrzLtb=eWd?(F%BEW*18@9U>lR;cig~ zRcUgJXC68`@YoMvOIWpDqE@59K^ogS&(^61AAOVE04d*_N}Z{m7wdMEL(}r6oWo|> z6v=(@$Yio;vSaSFX(X;beo#)>z^!c4phQl_t#&oq*|6t|AQnQfVUD7+hq1N2&_Cl| z81PliRDmm6PWvphx3?=HyVMu(YHzYz5=f7I4+&O`{YK6Xsz6Y`Yj4-78F&M&bY!#V zFH9lU>Jz&S-N$2Zkq$$zb5w-6duBr0vX>gSwlC z8Bw6kdUz-v8Hfr)WJ|9ZzMm|fh}k4qYwud*Q*GFxSJX1)wb>kKYk8mYs&++|@;5mt z&f!;mXv}ak;D$AwPgEDrkNK5#3&`#BHv7#HR|YNBNi)kRoolvy=qB&6-BmaZSd z$lp~YhY2oNDT@8j;FjwREfci-u)op6vdoYgV^3}1p$>wskMpdRuR>7AytmC}Z!2bR zQP69{pJol0&H@gI0QP`h znh_h$vur$UOT54X*Frb!6Z}#dvJ<+aL_^3P<5n;4(peMhOixrJX94}`!1mtmXigb_ z(VB)TgLlK0F*qZnh&il?YEriw1i9%Z2c^WUR1}xt_)Q=wnKg>ywia8%Z>`!;r_Hp6 z(-Di*YEGY2QSSEDnBwPdf_9z}c%V_sA|Gsars6@L;3i=_$JTxO;0bs*c@9wx(? zRWRJr6ZzA5CXn{3Dri^N&24AOo#rHHTM1lx82iP36D2cs2$aZ4RJ~^eBD>3r0-RQ8 z5X>(L85TjGJH;RQrRfWMykx4k*#gUk7~ob} z*bG4}Upjv6Q6AZX>kOruVn&EOnc2R z9~Sa|E681+{36pbkp;2Htjgo69GR|U@!b;w0E?i$6-^?Nd&SEU)4A~5Z!iKp>ConB z9BGHXwX+MMcz6r?kZ-X`C2S(GzUJWzt=h4y+B z_l7LSjO%_^n_PEjgaGb;Kyfg?5ld z%*TxC!a$H?=MBn`8&~7dHgx$NYj@vqD)1EQq}c5t&F}2I;1fD4aaDkpZLL1$M?e!) zWW+q2%Xk6#`1v$a=kaH`qQT!Ou@?&7v5Jn)tXm3WlJTQVFKxFs#=!%2T2v~9?t64O z(#_6KCX2DhuRL(2>4kC%%K=!IYz1Ak)=y-dw zILMcm&wF4#KTje052h`?uPoSjT2v%Ul-Jzx0g$Pf?_@=_&VOo=5^_-*)dIMNLdaNec!G1GI=Vu=U=zu zc2P!lUbTLPL}iwuwV99NKlq=GBo8D2IT=$!u9#%~JBipAdD>Br`V%Ilr;VZf|$}m-2 zJtWK3mA_qV4}f!IL9uN+2g=Pbae^(`e<59qMlSLcQW{H?qA0Ys%2Uvw{dn|F44mYOkj^HH>V` z;tB^$aw}W55{@(>i8EX|-sh%uzFu=@Wig9Y@*23epUIme0WV05oS66g6)uxSMy*A@ z6!xgCD7lq>+gAPp8q3&t%}{_-FZH^`t+@Dc?Nny&$443!8%$gHVzrMSbL~O>BaOyF z1(x5$+jPf+Zq~+)#<8CPv{+4`!cql;S$wIfi1G`qp>0q3tMoLx3jr=#_u*JsvoyBz z&lD*4>Z-;|>onZl!(JtWdLU>Bn)yP0sJ_@mNj9D@a`!N6iuVsD_qrRU3X%bJNmd(q z6)}J~QGq~;(ciMvud(Sstbu;9t-(t(dRfrOY?pIgt zdV9YEW6dAsWuL;vh(c+|YUoMR9f9*QWFW^^{8_AX+uE6LGzUsUi*Q7s$h1H{*p7G? zyVfLg>P6Wzue6lhFRs^HH)Z>y0AfF_@wB%t_fd0tps(U7guCvcEzCmWA<8AHI*inR``1u9YJM|vX5M>+G z4;UT!9oltCo_+Nk87Tz8CnI~ODIHzbeUYX0_L&H0=`$%BikxM_CHxq4GSK+}U5=$5 zMCLZt#V+=|S3cXa>}b6o6SVR%+w40w<>y$Iw-;AM$GZn(@?3N6iCSr)IzHM^Kggql z4LBZQI8yjAC$`tWdWV0M4guN3w2!hkOJ*LUfwQ7O{-y}Wx{79rNGouTYbCe!W zT$U#n-x{>F1GCgv!=!WVqc74P%l4W1;*!yJeJYZ{k+9;i1fj93x7qZ;rhAiYGg%Y@ zTIVRHiH8)CdDAUK;}K472P+*m)iGDV#f=tNM8s6*=&r;r|VlzC~MV` zu=}E!zv3xK8IP{}8=2_U+lu$Ck$TmdABtc3F}l6~!Rd_qJqD}TF?Ner zN^9G7AwI@-9k_pzN{|dtxR2e8DOl;dXm_grVq;}a(1;C(1Z-r^0oqm2&BUNVP>kZc zW>Ho{>fJ!)V`llKs}MmQJo1TyVfZ;eMdS@o#N>?m~751fP`$4p%~ zlYsV^NBHQddpMCI=8S`Zt{kpoFMP80JNolDGA^$v_xkak^{xezpLJKO8MmZV>&?eb zc->byI~LN?7MYr&&_Gde{$(n75R0EVNv8MEw(f)jQ=-NA{)Mk9o6fe2yf}N&x&Ns9 zUheD9PHfir_S{k}akP1Yi!T_HH=G5l%q7J8^BtlbTK5QCuklC4XBzFR8_MV!S$Sk_;53W>*PwJPv!$&D|xuzM5Cxtt*yGO7b4~qN| ze8L`pDIZwSft)eSHz)7YnNm@?W1-a+<2=SCxgmt~gfz%`B{RclEn#pOFJ$^l?O@(d zjlzk(w)bUU#PtOy#(tI6)uw{3u`wNg_i!2}jYu^T;;Icx4ivE*qW1l{N7;q)hFTE; z5||Qe+Qu=`KbxbUxg2zKkb$OE!>A)Z_Z3Lx6x8s~ z7$s&@6qr@2j9*zXze6)dGn#&=;>pM7x1Lqlk z?vwHSZjN&Qp0S4-r^DNvG8rPNi^G@_%m?D7%>^2tD~4E@>L={PaUHc5I*#|o*^{?ng#i6NM~F_6ig4?-we-ToC$%4PKGUzGmKJJtkv%(O(lBnC zgOz3(yz>0a3-t_SS#vG%_vBDA_7A0$1*yPzcY^dxQe@Fb5PXPncAMEf0BRxAU_w zR_xXPR`jWIy{47ij+{Y9$DtR0?TC&7il}-tBK|kmr0}}SgE<(@49zex!*#{}ICV2( zrP><&5c&Y+nwr3Q%+NKo5&}J@_SvQO1^WKhg_OOH&oBCe2M)IKGmChWcTUTe=a=a^&6sr@BAkeqj6dOqV`#O`Q>Gx%2XXyF(^ zTKqF@b-0%q@1$&$ZeD?UW@3o4rfER2_T1)bFES@%_8HCf)K&RpJz}0(>LlnPoGI%u z(IYYpt$yG9Pj>K5CatjyESbyGblP-}=1o$IOAb%Kq<5;)dA!8b zLQ7j|E^g#e2o!xHK#@~n(&kSYRTK|}*SR5UmyK}Q$rsxWQ|IeQaXv5_XVvt_IF%~f zLi}n^%jA2m-q=9tx(rk_o%Qo7i|l;#z9uRRvNtq{TP!#Ac8FW4 zq%m4`q%p8rN3b|Yqj}=-?2L!oZE92E@BxV3hL09HzNzT$jFms^G`NR_f1KRhx0)wRuKdYisGuQ%sY)$K%V}&i^J>ga4shA2s z)+l0@FB=-u$Xal6b`s=C?9!GFw?Z3^%#CF56X8%AQeKv>^_L?DWC6cp4A6#o`Oe#T z^Y0^qSZUvWgDRu|sB#PcZtofn-E*?Wn-jI`aa)D!#m#;8_h$zrZ{I|!EJ-&!aoJx0 z~Go+11k}TAo+c1yyrV}WTlrIltt=1g7N(ZJm(UI z4$69>7dUq@Qaf5?qfiyjK)o7)`#M8o8rLFqU7S%|%Ns_cXbP!kH`2|jH^DG6O7{&(L z>6G=yyh=ayIk;+qM?PG;u8wj!smC+9(2>M8TP4r8s+`ag8`)JaPO_?-Zcl6>%x-y^;Au9Qa8S6ut}j&>|M4)&J5wG-eEO`YD+1j|6P{kC z78OH!yY_L8xb}}szZ>Ck?l*Z4DT=uS;$XLmCLaPZkMrQO)aE8&`Yo!$W<)x1T6)!S0BvNDhxEzqTI={npfKw4`A) zUushbmaoxHzS?4qxNzloL=%VZYkmr&@P`Zzj)xMQa&hI=XC0nZY$ptQz`@1d3lqx2 zDpCCWiZud`^gtQ<)5TDMx}*dV^ik8(j-5gp2!`ONPmqw<`aU{o?8!Q7uS?nbiF=8| zmlg(I2C4+tQ-Dq(xv`P~E;7L67#o035-B`=3|uy!j@!QAFnfB>kwiGJ@_y7sSAOwL z)-T+8Udux*KbMVu+D8jN_#*!Vu+lM#i#BB^A>(d#0KdgR{;{X-&%TVeSTx2tF52Um z7qZ|93=bv=Nb=SvCvD6D`B%z<*E45?*FBR5_2$&GW{_gY2YFFfpv9_EIvss*2P5=w z@D}tQ1Kboy2|v&%TY5DS@-*DrBry4YxO3BsNn-cufo^tQw<`Tx8lCx8WlqMEtm+`Q z@d@3^b-;H}4xav+bk#>qp4(G#ZYgNwLtLnN&15nWJ+>kThZMRBWw|vt=bh&yw}tXBOkE zr+uE4BXgnSoMs*M;g;qa{bSf){g}XELCG@Q)NUhR$RG3Gul7u1PcM3YdV%eV8gc>I zs|C@C#y)n}Wh$mCh0SySmf!`L=&^_5;}7&YASuMSv|&MS{m30_J^jd>wv73+{ZDqZ zdfTI)stz?uodTpKzskMpvt@s%N~7(H#g>Ed*~bF8J$EWWin9TaSzk;&KPsv0{-cwJ znv8Vmb!48K90~G{Qy$4+zx#Phfk1Vn?xw4+5GxMz;KSZ{lAg%L&saAvlYoVl@`p)C zXpFx3Na4GgA|I30AWLMT#}9ZK3#!H;(8kRcN%4VB#sD+}!B7oPRE>Q3q6){xpSEE} z_`LlAa9@_{YYhuK7_c>bw&wzhik--!SoOv>`{Sw*8wXad&c`^7hQHJT5cA1ncivRy zT`I^5LU`HLuDeWC9}Q;hGk#cWHWVw$Q&Z^BNt}|IqK&IW0!$XaE=ZKy(0k{mpN=^+ zc}oRFywkgzeH_b#qT@Msq?%kk^`IuZ+k&v?vPUU+834B3>mVt?C)lKHGuq0ha{;ZY z_a*FU4WLmx^0#r6Qo-)EtD-rmJrtSs`!H3tZaq~c@MEM(>|1d;s6T)Ia|d;QLC-*) z<+SMN&$OrN&PhgI5!zxsb~O2S!2`3mdULbC+7oZ5@W*O)dbvDxTAp|k93iJZv94F6 zc@MjM<-|)m;9#pk-NKLQ_Pi$3zWa$fvCwYX;5|r`0tCMuLWB6man1Q;=bw3ij%W|IFEjZjO4+3LcixZtOJma>J$U!gy zfjQ&C!x0#+QsMv@Zx9U*mOyWlykd*aXGU0Ik1bvMV})0r9DYq*kb}b&VtFR@-<*3o zGG|u`@YaObBJ3w>T6k>3j`7p3E=KC9N6@}Jq*_(*a!ev;{EW*TwcpYCXMD(rP0Ty10))7!s1&(~jAz`!HaH!XrO z^tc$@$+P;XdoZcTdUZ{}Kzc_Fc<*YV@H%(CL?K|yuS;bbvYK(uSH&)3V%9W4F>khU=V2`t#SPOXXc6{nhc(1E z?MG$mLJmY+rV$n~w>iOmtD0e&NV~XmFeWx;ldwH+Z!k1R+fYQfV;5csH#q3{k&}_~ zsUFopmt#Ln7_2JB*X1shb8#*pA(b)n_^abJuD!PG za3D1&|r5vL0P_^+V(2}*N=2C@?)XWPvYp8OW9%&vpOa;Lq+CRR4wuGu0@K&Y- z_S!u*_WXR}l^ZR>9eB;dU_Khh_g`gX4TDouCA!E!WXHkHJ6^->IJX&RpLb}F z=$)l+aK1Sn$fwih-V2mB*!Fvp$JMWW$H%L3GQ0Yf!)JA5%d5vG`3jDRjoKtuR7GBXJw@fWjxk8ZtJQQuj^ zl35h2>^b?XZaIM ze~ux3pO#Vs?1Hu48((V=$6Auv)0+NI zsI9KisYM0Cga;4TJS{y)w^OV>Y}c;E3|>eoRkeJxrDEjEJQ2KGFCt3!Ujp>M$c6w5 zy2bWmVDt39SkS7zNmlz#_j@tpKabz#LSAYv9afI(-#_N7o4Nhf8^v;%m0MXoZ? zFsj@l^`cM*4=*2(l%Iqpx%3yzvKkv15@`BEz}^Xr5e)HE?h_A%8OMDl^f0I~MjcR^ zKdBaN+Yv>_ch>Bg4E5tQ$oDai;R?L_T{rUaX_V&{3e0m0%#^qT!~&Ml%tM6xhrP8z z*1FT7<0a`}%V%j1oX??UMY7gV)pcSehNOWWgSND;V!PHtbr9d&mU?UV$?3f^ zz8K{7P9#s@EN2PN`?f9MDO|%Gx)t8}P@Rg2#~Q4I;W;GF*D}4@YN{>og>@V9Dhtt5+s zSh1flB?2(&fxuP~?Xw~F^wh0htAiCwYMt%34x8(5w=;y7M)5+nHt`}q#q7ZWa`5Ns zzU`wPEudnt_zftWP+5DDILvD&Y~yP5oM$BH9-dEFkS<6rlK81-vj~mGF;x`Lc^m@` zfo{h(dU1bdYx%GZ?t$p7TtSL?SSL?T#a>YIZXi&U+$VK+1p2&t^HI;HMKMNiAeJ0P zBfI3Jq6enSH(NKGqOh<++ zg^et?Mk}}A-$M4g^c$3}YY&`WLvL|jSS{}``h2z32X-k)0{)%fPWVb1(xI}z0n1DW!Q2YGj8#3=J?*C)DabCynP0AF*s z(V*(Q8leExG_=Qd&Wz+?U#}(=(#RY{HG?=#sJ$rI^U~bxG zQezyqgfA2_&%D{pM>So{oF2eXTS8kV&30*BGuvJj1@UWe0DQ=`gyv{tYpXtnI<9me zz=yffsFbkjt{haQ*S_sIt3Q*!#;3G}H+HgmZO55*5xN686&=(?>(OZyj2rt73+-YX z&X`IOL;3n|C8zp&5j!IM_7k&pu)(^68Smov<8N~|&rFz0n~#xt9?Cgdg|_C#`XjF) zUyHiynpW!?y4i$CSK`$sz_Z=qh*VvSY7pHIXXQ?iP6TIjk(=0QO{+nIThY=%BlKua z1`Q-p>lN20K6psdCVbIAspoUHZ-M;W2Z-kD-0bS3 z17G)i$GuMUwB&6a588k;ms!Z|=JV(OP8|K3_4F-Nr`6f_>C{z*M9o(hCn0z_#eNrd zl|ITQzXoeD$L(V|RAEZWHF4Yy+Q;VItIt#0YK+j8wUb0`U zoXsR*GX!tCac^bGO3YynR_`x%{(%>N`LUA(NJ31e6%hV99^ge1^nFJt`tuYO{?HPr zs#9d|#ccppU5z){FbqJE*KihqF^lhB zKbUq==1zgq3^&>>FBV4f{sEV{yvQ8@nt74Jf%n_{I8VU(msrGYt#_;2VWOm^!0;?0 zS0gu^(ZDPF0!fP0d#KWb1-Bn~R~J9&HeQyc5XbccaIk;B8ZOTc3%ue>1nWvddjIzR z#QA&^J!U31>e+kIR+4kquw+RFJhQ}rRN&>`{PrJ}NG$rm*Jk#&emlHB!12HN_%ai? zT<(Yk{I}=$!zq9LsFDHPJ24|ah2$TX)}LL?R|Ag-_lumtSn%(M`0M$8cO=CGBniH} zF6aDxMDS;42LA7#f&a;4`v3EZ+hb!vf%aEAwYH;LD&c9Yt?bRGwqwOcMimqmmxPMH znsb$n%Qb{yOSu97JEXqB6c-$BYy7XF=^dYYyC1>!gx{QbxI;}2mw;BuCLwvSZ$r4s0fJ8P8~%m4;jc-NE2c%jY+{kVFXtd!&eRhl7i<_}75|H&Ho&rJuar)W4kes%a)&|nY8GJ+gOF&hI#N2|8{ zNK#zI&TCqI(3{oRuedye?59gOpSIN{s}B#!o_V?Tsw)edLXPHc49~_c;#_~M{OH(@ z{8>t}KpjM+Jdxlu2R!mc79nof7Ywu!!GXb@JE-0Xll}Ejh+Y<68kv2I&3`Wo;`(pr zyyyKZAU!#lLv>=VdbWEhWJwKXC1M$chb={Hmpbw6cQ);JYYFyNe2je$AWbYWKLRp2 z%EoQ&!O|ehVuSjz4S?roi2xsP!a&X7Mbb0CTj)hKUuO+Ac?Pye=&HmfOu3pt;mS;C<=!9R1wzNkGlovMWGRLRUf6n_vBHAxdT)Zrxp6 z0n{|?*esg`Qgb{;P;{YA?d!~3pzYNpJ6&5O8xV>r4WFN5K-C3fU-X6=P|)qvgw5G^ zw_TTl4BBJt&`7AC?Bxq{yjhKyUcOuP++%qt^PSBnE(-p0llsI7b3pEWKT^OJ(!8|| z`4o==mOp2*&q?m2NdT2X@CB?N;M+d2t$M$3+BE2~yIPHaR9p0HaGAy!xO3*c2$i#y znh&6X@&E;!Iie0G+BEXDMmOtoJnsb$Lk61knty1Z&rJ#&-i5?X>k|F!ZrZchUT4KK zau}wO>OeADh;Rsrw*uWB`-ezPj!GOWMcknI=t=Z1lDqYRa{o9#wk zJ5pIllYn@;A}Slvvke!1HUQq$Io(@eD~6sQFVk?Jg~VA-Ie64`jT`&*S_@h2uh^a( zuA4CrlrstOhIVP?yMy_?L$?fid9?}MjwhhhKGvzVM?>B46>lrVYWxmifBL3!y<1(J zu!Szsx4G=Ybr|fcUBWrwdNTK>hgw7*qm^euDHKX=M{TPMmyKSnY0vq)+0s}@8w&MM zI(<8DIil|uwdz|H;y5bkq3E9B`IjISd^{N-A*!17A8j!o8QG*mTQ}g)@n_kTM@;A3 z!Xe~ZCLkwD+Sn~e#hE!)Vjfm82Z8f6xySJ-Yyn2p;|?xWI*mApMxxnkg~S<%cjAA0-R?#98_-pX{@nOD5##=Xnw*C1Cj_qNzVMfby%^)TO~@t690r z54ptB7NiN@d9G2xClb{GZ4_4oL$Js4pjoKc9R+R6evv~Svtk+xa=sox!(DGjbGti_ zMg(6}5$yayOz}JCBb+Vl_{45VyBiM((tJm5o|+&sP=n0%r>LMDIyd-bw;;&S1Yg zK6o*RQ05IMbXKpkc53woI1qjS1Rp&gB-z}e)=DLabfp)(4%Y12m17sRzr1-Mh%?{& zK+pe2P%>{L2LB_FZxwVcNCYcE$K_r$xV49b!lgI%-Xx>z*(;N_t6Du3Z7Rd%=?A)+Cc? zq-(rDL(vN$kFgW9xQcovdT&<&z}#{te0gs$bNg_2;VwaWC9Wz{U1t1?Zf=5K_t5`2 z!h0efM1<{P#s~x+(!SWYXq@%5?XLWyICG;&#p}L-6kE(PaQ~s1B^`XhZM#Ful*@}l z->5p1;VfB>fRIh@=zk9DK}*>LCT|S}!E1F3Af$O?LhX%1O6q8v5j}gPlCxf>kwE zN41UkAx5hNXY102W_otdT7jPGQw;}G>qt3@y)+)@A=WIHZ0^^awyFBHuea)L;sBZ6 znr^-dl&l_SXaL~ldetlF=LEEx5|1;7kV@h zFSft;C_P$mWb~6CBXzvkxSQTWbwbP>P$1i-oC-Q!n&pr%h7^Z!1=f8VtX|IGcbAw;0`Tcf3*_P9bIehSAP;r(%`^2tB4A1(Wkt6M2Y zB+g;IErndll%IDLFyzO#4K(UK!nlqn4)=bk4B4g$jz@zgcOSdRt-Cu;|3|0MGZ!$9 zk7QIp0-JZ0;)xM?!8{I3_+oWa`IhLo=-SKSRIt!tbmNR}zq}glk4r86r5}-CU|<3? z#vSLef8CJ(QcLB7uB8e;jYU@^PzQh-DT;B^E>LL+Mkfc^9(`9=zL8MpFlFvCks46b zztkPWePhF@4LkSggXd9mK_sjwE1p1 zI~_?s9}}SC)}lU1p$#3>!?NMgH3)STTyPyeskqJdK*skmH>v@4$?+dbH8JMU^;^B-}kQDVS9KFmW9*3%$x3}94Gv6;zE$0d{rdKZp zg%7?*NHmqi^^0PJUrGH(X>#)tx6hgkoNIUjCZxGO7sIISsI5)5DF!_r)fTNE#n&$C zS>rMZ*mQAcb<%~6Asd%KvFu_Pj&a(Lr;yxnLnxhfaLVLPM;su!>?sX2@L;tgPMM3) z6?o|;hiqcOL!3Euv$Pda$G?-3z*Yx!t_>{~RwHgBRgJsTLq)bknOAH!V%GuDgjht# z@}+*pmhpwG@6&b2`J{3m+G#>l`#K<1d02Tq(CAHiG3ax+=^-I1MpoF7y-62hBo_Se zubood$J&6bVbQCM53q%gd;vf~+EEs?pFFW~WIWYD1HHT07PnxpezY@`U)7DB9O5uE zVda89s?n^>-n<*%PvUhngQ2;;jtim#s3qyu^P>(jji4$z^LUdwJtR-9 z?9f8>h#KmnUOucOBo&^cNr+9)*jUQajRBAsJS50T0i6CeBInY(O)#V2$A6M*@#*w2 zw$4W5q2ZUHqt`a`%2k*UzYHg4I(m6az&$rNV0rgf!5!eKdtPEND6O7PfN=YhH~>Ze zD2&v)b66dfFA6@|=@3nDcvY*GX`kFi1HpIWR}~?CN|YpX?1a4rc$!2)wcnBf2(r<5 z@|pv^cS8pM{Q6if73ej`dCE0H+}+YRgYM{?(w9J}1jMd0=SKjb4lR0S2Qh4qZa3qUo2}+4%F^|sK=sUEHIEV z?F&a~1)1NuA-{c@Xmx-P_pyBVK422R+}uc@eJ1f?!cJcOxC^TH_Q|Gpp>ClRT<`o- zd^x*n+KVbVuWFUM=aYR!-o72R!g)rQMqasDC518{buZAbF1)1_MldNN)F;B z)k?W2;|jv3c-1GW^h!YlkkrP5F5AI}4gIHkFWTz}J6GMu zH!c6_M?TVIwC|K=)Y``O%}E`f&i+da`Y zIbKxn|8B66Yej-ROwMOdwCDk^ESR*2F_^YOn7-iPjPwMc>QrT&NpjwE_M`2I1?5;W zZY%6$FcQcSbBlN%?$fA?>Ng6O*N2@tS~q{jul|U|*9xb4KaM`wJ%a0=o}$^Mp+F5_ znKyT0iq*5LY9V_cjZYImjZ};1giDsb3yWH@W1{i&g0k?E?vt^~|@8 zZ1(oedWBF8>!JWFihpj4;8eJlK(F!{W30vLd)Z4&{kACPU$J3&5ygU7{3W9*o#bJN z@GdU@CJ@BocHQf-=gy;qtS)J{ru+His%7>>cHVo}4+JY#IJfJ*^(1;Us~Uf=q$}pm zu0#=6zZQ5^5*BxtzRdB?8l+YGVA-lNfZEH61Ji(^!QB;22S2k|b2vAvnmgHF@BQKy z;tmZC5osyVjpBY_2A^_k;i?SznfH=V`pM5D_7V8CT5%qd56L#MDm{w%NM)_LSNx#Z=vh^u$?o&0x{$N1&6_;N` z?HFJE?8mehY%lF8IqdftxZj%FD_5CS@USoOH7aZkfvGC6%y5%|o_hAdmntsTLQl)V zyXDr-TH1Gkeq+o7+WCfHBW}ly{i^VNwQ3)Le%h0pUBPuJhL?++=)>V?u%*`Bb}HGr z)SCjBzVWsWnPwWh!AUs9c&4{9x>=r$Yb{F>RMHI8*5O9?)tB|sU{Zk^15+0Mv4dvq zb+UMG2aKNaid21K)T{dJdGw{DH9aC)TRfm?Tn0cF$2`X-!Jp%gi*+*t1@z_RAdI4qT8$nML>gXNCWhTokdTku^5^gxekm9wjxG9MZH|mkP z0F2FP!5CKWZk!LFZ;v6Eh(F)`tPs}uGlyECalXq0`HoPGCxFtY#0J>k*LBAtS#*Ya zzKZr%h@}THFTDR0k@#VH)S+Du#OiS%DxRUZuC7mt+aiY!%hjs1<%sc9JlPW(udpAS zUU@LW8QB$Si*T9*M(Fb9B8Ht- zu|6>Q^yTWeYlr-0UR_mVX>T8A0vomEVr83sk@e*S*P^L8JbIhP@2?3`WMoF0-4=Pw z{4B>>u3PK(6Z>0GapK@Q?)!;@0|CSX-wINd?Y1t>eEk&PnX)F{Gzniototgf;<22_OlrRE+1=DQm`Y~Fd1Mn% z{Yu!O+@#Iya<7VC<=%2dBe?dp(wm*|lnFz%4H4>B32imSVNF1yvb4OWe~QrUIV;|a zK4R|O3chR{&?UZm$f2 z$WB|SHrB9iv8ArfH9vbFj_%>A`uk^$6Q=$It$_2JS``1RZ%WB>Bf^wC@ZO<9!L zQkUk3IyMVEGMc}h2XWdW@pD`I`6B7>#_( zcEq!GO|}jt78AtwVXk@SG&}SRlV~Pw#NXQJuoZ)rbg(+&)t=-s=iNkQ+vH@OftuX{ zRhh5m(ctIyp=+vdE6gO{n0X}9`ZSf9PmUW(SXBSmjD3hlnS$*$LI zXu!Rkq$43uGG~J)H`t`2{X}S^MDmSV5}MARkeh3W^L`XwJv$KiD$~nbEb+2MH9-;t zXOeyFQ*Ui;FPy3r8ucW(1zcjrG*OpcFg^F-jE;1NiH0pKs}dgI5yu1wfH(!J&Gc@) zph82W=4|LC$7#ew*q5bm=s6;=yDwpLo-$vF$G?3q{$LniHhy!zn2J2lw!7yAJW7^B*=s-+r&#VPX?zrcgI(-FvgrYSB`o2q!qy1Js>g<_W0W zzo6;uGIXmZDs0Lpfy}^XKUKW&u|hp7$dU60m^J`S(;4|s&0Ow2m(a2tN`K0&Gz>xV zU_R>j5?Q}2_D_)Y)I@LY={*o%_1XP{!t+Z_g~n5(nXP`g52EOx0%i{3DL<`suzjP zo^)1pQBXd>y|DB)8PiLBj-B2NNWf!KqA9}@-KU*pC}vB|it~Zu-|3wD8Mp zz@f;?<2&NBVvH(vdrHVGXa3kr^$~!MbOUX3F-Rb@L)f$qz(hQ@57U%U<%&^E-Zy|0 zKET9zD&FBiU*2|G$eutd?XM>iVC@jx1Y9wAPnKd)>G zgD z6s z%KT%+f89p@d-RVL|F3)UtMB!Xqw>qH{p)srN%8&1QTcU^{QKx1N97+!S&*`sE&C>r?AnE?WW~uTh&b>(%GUFdYDy8=t|{AMTusCGUT= z0t%-OT}JpeBJ4%~x47-mWzDF&lB zzaIZ5U0R;K&-(7?sJaRpdd)nI16_9g8rtQ)px@-9^Su8nXFYd@GHQ4eXh->aXNX=l;Yo0Y5>+|$wQ_*} z$>$~b%ZH4Q!Cr{<{jJcTx*6zF9${>1QUNB`b$y7D&0n#~?5oF2Es*ibrVmCJ3_t4^ ze)0oDz3P09Qd4M8WB-#N?Z3~&iS^d?!|+y zkO#bD75sLCUD+Z7?Td`V3J9w;{)0*I$)1hSxjz8~_~001KeL-oCRw~RlB+ISzs_rI zdJvqjU8L--LE(M4Rc^Lca}M=FX>JuWCe|N>9g4-W0_1&V4axR57n$;;OFzHRAyG%A z3!I|ox$;N_p5>EluV|ZSg|J`c>ae%!vA&X|Lw8Wc=^UI*)*S^Ie}7Jv_uS8FzCtT=Lk+S>CUKi z5+NkL6HsCR<)UB@Q$L)vX^|rY5060O8jG)h1~HT zW@$Xpz25jLLi|=e9eGsi2fQwI<SF-(1s-nnjpUHN_PI8bZc%IRhYS~uH^`EFrH4iBbWh;{|eOm50e%2-G`iDpShmRkV07P-nC5;p)ZN}wG!{^AQt;uI;sCG|TIJZpSeS$Bzd!K<7Q@=or-mBTtv~iC(tq8}Dv<7G?!8c-z2`QwvqI6=2&SiKK7BBpCyeykXL?5y4FEYi45 zDf|?8HSaZMg*AB6TlFQ-O9c|Ap|UByN3t0R$|edPT?D<}TTz`Xw<`WB>?Zem+BISt zNKJmh`TF%XL6m$*c}T9A-Jpk7b9%f~mcpvqmn2kICffJER^@*qIN2ApM=X+eYp=51 zyL!Edz!&H@$;OSi_%^)}$89AQ<2S(NI`ML{hS8o8A3g?g^lTcHchvN6K8rT*ijYe~d8s4EYks$i&d3>DWzFcl5lj%fu5qG;?^q4sYQ zl3y)&S{W|j;O?dq-S}#Ii}r!e1OAgeuKk)58(yp<_`;F1n{9_)o=UlTs4{(O%Vv-d#(Bde8TPY#W63ONziS&o&5GMZ*d}h8 z*^L2&@niczQ|=8=v%O2wr1kN)&R28L3$R!769P)KcnfE#NVPYh_S((ggSwRX)SG6) z%tcX6>q@JL>QM9Ahe0D=+joY?GSzR`!1FSd#oz-=mj3uuY(_q{EUltoBf$!&fU)?C zxYtp==$hi!^kmOciW{a=BMS6L52(g`#|m{A$zMwTjiK{hdyw4PCK+}6RVd=Ylu#aQ@23EOcD8Fxe zh(Xn@Ih;i`>+y(xYc6-27Z@l_-Kxa$h{O33gM`H&SCpoj$|U1Uq4gdJ32Q) z!L={tN2^n{=`gsDVQ;P56>$HaC+3FXN|TYt`4i=FyQd=FuA_?TZ1P9@bq?{hlF5oG zoE81`5!qcvO3A8p{_#DeTh24ey;y^5neGw@A&}A9Z(aO9yl-Kymx;Q%{t#xF+4#Fp zHFphbTaJI!kR%$r%hy-2*J(za7?tx{cSf@&L@dpcsW&rvyJK#7fG&&|uGwtfKaTEID0$0fS9*YPQ#uHoL)HOp z18LpXMxuchn-k^D7cKS_*Hv@Xum?A;Rtw3~oz}Tzvz(d6Da1bO+}q?gPMJ2^7fq%O z3|(d|ksvw=;jtMJ?}}oj>j-oR7`m3ybQ*7iw-`r?(5i{lW|ex z?~UB)QCB`;VRhkM9-|G+V%43zf&djdY^Int+#tOtCu-Z@B6Q4^NoRyT1I$o{b(Z` zz0(-&(&r%n49mA}7)T%g<%*EKtnB{yWVXisdJ(U$40Vwi==fu~>yMs8tIl_oc5;{) z*p$0s0t)AO&)Eu?TfosnFp5&ZvFvQ0bj^{dZC-g<{`~ZCqNw?-s@ptd;0g}v$T5JA z-JjJZ6^34hnm)m}$zBCXe@Jjy(xw@6=d`?F0CG903f$x~RBkoph8=dr~ zNt2?!a6I*JF&e0YAiEk)pJ@_dnUxD?rm{d2+Bpn-gs~4S`+Z2B_~eqP0l8?*wOqZk zsW;u3u|07??fj(Kh@*vwoQP|^O+ZvMUQ;sYq$gIi)9M%>Oj2hqlTX@~wCPX7cXIuC zPA!Rnv}swy{zJuh9!tF#+(EI#H{*wr4DGx`-@#ST^IAPY_btnlH7Ky$I=6;5<9YMs z`w~EW^5B&Rbu3*qrRlEPpXIlvYhNUPV4F+vC5ktBIAD(12t`hmu8W`}?|m+9b;M{F zwf6``<0SRO3&4G7rrim6hUg_-bMLT{&xViR)3}`f&!k)7EGI=hUeG#EcQ5MRx>Urb z5UNHJhtN|m0V^7Ec4LZjkBVBjq?y2Ja5hcQ%@z>Sj`8~5Jpp~AQwo#x#X7zglBx4t zI+T*y>1OcT8v`HzZl;xJg_FI)>s{F%0NbqQ)x-zmY85Z<(D-e_suLU%X~#Qfes&#f zioxI>0ukji^C3nBIjExHC|019kjnzK-j6Z|QbLGdhSCBgN`HP@I!^JZ8R_ z>}DStkujZ<)b@9L%hHv6%z$3KT~t|z#{?Y23DuVb7Vf=mu!AE6?HXv6dcu72C_!%uk)`2 zFbe84d-qeTE61=UzKQXv8In3_+^Hke>+pC->x!7Cmxr@GdG@2eA3j*6XvgTaR9lQ7 zI!LO;n4aWz>(@wen;(%9n8xkQ+{n_ob_dHK^e}cJ-m_!CtK&911{fxWf)}@WMl8{z zPp=3$O~LO_CaL&oM*d1zMnBnv=88%bL%R-dq znj3!Si5yr^kV3Ee!~W<^>%R1b#=~I=jO5{VD8YP|Zf5^}18Z61B89&h_idR6>g(LeDqcQ@VZx zk#4@e9X}`$!+@*7bIs54%F(C}lbIy`JG=(;bhdK96i^0Hfsy?2&Sqc~a{PjToHr`Q z(5FRbE4`r?-$V$bsa0s`ptnbLQ^VD-u>!4RO&ip7>&9(r;@+)0329{fuJeZ1__LG} z9+F$nCVso{SyhW@eBR+WRAXYVH0Pqg!JVws=g)TIPR_KKog>U=W#FM+s1kjdOZ`>) z_@%Z4i&mkcI_oTd3!syV1K+*_3|i&@sDkiLzPjm}qi|?ehVWIRg0;DbkF3BG=jv~q zB+tEDW4dv9l9Z}!2RqO4SBGJ2*~-a$5f@V`6YQ_r+ymPJExlK!bHVR#8YX`CkY6qm zx%B3?vih@?j_ReLvPR1-Q(Knb`qO1XC*4J=G$yw<2;4iO0)?t@u6-5ul;g7MGq1N+ z=?1uv=9^P)WjfagL#TPd(`NQE&2q39-AVD!`xKC{tX?Ay5gzfh@QAtjR6#+kPP`@bFYj03~UE?V(zx9DOhaKas(hM9k_D1n!lL|8Ur<0o0cx z!BWQ}<0@z0+hBI%mVWK|$+|;zcZ|cRmZ^&)_=Z8hxBUAX(-RURQGVFB-c+^b-yrnA zVX-nq1?Z(6j{0bM4>6m~dNC}if5g*&<64OCUJ6K##mu&dd>^xKkA<0(dG+eL(9GQI zL$d0@yl=S;E!W3A@(-nC?QS+OIe>dEQ(2N-H`q-Dcd%t`rjyEVkTQ@s zvqQn-)wef(v9~d(DL13{oLppF|NLy(Xn5;j^z#j6;p2kM^(s3_pfcxD^jH1_aHz;Z z4v*slAFP?%v)Y$C%IYGE)hsKWOfy|FtFC=K5BhmZ=gC4xs5fEhy&=(H2nF#0Z1y(zUBK-r@sGf+uC80{IVoCx1^$jN>UEhwPqL7nbTHX+goJqc zixtFMUy$r5(_!3ll885-P>9EKk-G5)=*3lUAA2U{XZ`xu9#-`DK%)uX53tz=MdRu6ddQ_)SGu__%6&PJ8YYth0Ummc-4k?_+`r7ghPiIG(`0`Ih;Sltm3m% zK$X4uDe%Fx0G6!u>~KFx!V>l=`$Xc)1JJmGhf$HfN%NI)g&U3u(2JD{Dy6Y zh`~~D{mXLouR%;x`y}3yBY+_r8-8!={gjZEd5Jpqh;@P$aY1}MeNPAup78O*+|SJcZHsxezC&d zp(f2q;|U(lC{tP#dCCE>;FlhH%Z_z3sjnC8r;I97+b?%onKse@J`t zcqrSxf4m|~5v2%OQpkSUvu_F6ijZuTeJ}eqCbXdt*_X*4+4o&Vgcw5%hOzIgzg}18)yz5PaURF#^WHuwtJ{1meihFK6EyXgdpl;~4$E7V{~D619gs~zo@K2i7< zc5_rOG!PZZBw%+4D!)s$$JsI*s9b>tuN6*^lTa~RH@iBwepV=T6f1|Jde6YCHzIoO z%FP=ox~h?OE;lSzEKx`{HP&%Yr)H1&h{N-|-0$(?R^p1Wr7H1D}2t6Zl z;?X*8HAtuX1HUc2fcZj(-x1UYWhUdhk#yDFm%u8lfS45TYbG>k3tURyv7yXm~sPcBwzS$qk0oI8R^ zJcK@=WYMhp{lSjnhoTG@?lHx=^=XyL;*0$EH5-#EJcgX8X%((54^sB+Z-T_J9sp2r zhgq*d&-v0Q{y~bzd2n{0KrVeSDdGz%Osxk~`7qy+&v0loCie8I^wA^iB?04hEVc0{ zxFtK2tr>MlgUci~ZsMF&ImV|ySE_1>yjGe@HB8V4Gir^k4`H&q#!krY5w7wtk7uj5 zB8GS@$5s}##d~0yzjNouomPny?%CX!E6Ce8j>cjR9=aFY&uus`+aTAul@Em9*)?X7 z3B~GU>_2;I_rJ4S9dJ>b+J1+I`i{7K4U}`TanV4rL0>4>yeZjwGEC zcO>GTLuGu9>RkEF>pm7E3oLqu1Dg&T>M(Czz4%$k@8JpphG)wvbJWZ)N^{;$)beiz z$rW?1{@a@0ffY^iXedd2mHfR|!C+sU=+-enfgb=+aH z8Q=E}vkak7_yw5}t+YC}berUx@|%b3_a-!ghH^jzN`l3?gH6HeK@&`gMq zPgUjgKjY#Ve6LiUH>T32%f;OQdbK2O<6#6NK!eGQyk?;D-I$*xTrb<8jwQ5*kq{wS zM{wLcG^E4AbW>}REDoK0-A6%X^Ori|sO2jQI{29plG=y%>CG9Pk<~qsqd9T^HE49w zv}D}Zxp0hTx(2&63bdaWnm53>9ZgM5OT_aq$G%&;2||xUuC5d^OJ*5*J$Wd8_h+&k zoIKcJ^UF0lPn*?fAmPi^o2(pD_sryQ1^4JqV%vnQ2?eZ;E4 zYt=C&!x`HoKTYoSLBQm;+f%WNOBJ-%=;TL<5Bv`c8nU$A+ttBlTeBOS-D+{+R_8DK z#n$VZWu6xAOv^;GQNh)V!^*FGJEP+@IH29~(zLHOTUa-|cQGgw`FtG;4Yw@C{)H*9 z<3OzO!iU`jC7tgla`oYkN6M{vW?xX?>vFr|1;sX`V1L-np1J}B=QCFY_YKC7>q2D* z-7lK;Y65$rtb)r^Pj4^Q?kUIrBm0ku|8jNQF_cCnMxvh@lJ>04aWqEy(6A~gY)P0ZK5 z!f7mq+tO)}MJEmyg+!`@ue!*)XB#4?qJrIbJt|IlNvWKUOcbo{5#INXFVEJ{d_^mS(6Q`Owp`nXlv zA=vLH>KGa6Njkv55tZ`Hs%+B`Hn@605{xQ%uk$|0ic}Dz;jf9f9P0ZB7xoabfTb^S zJWbbFcK<}3ggBc#&lN4100i2#m^t$CT+yR2Iv?5A3&^bGQx*1b#%0KHi*w>A3@|BM zc}K|GzV(q$)UUz$Gqpt=C@6#oJyvV`^Cp9qc^}-%UOB$~3N^^pu?<|EgW9N9ii49} z(qgw^Ay^*%Yl3*c=z%3VRZ-pR+i2@2HGq_LGr^$zAkQZizHyPSjmXR8og$%#_qz6O zP|EJtUkGJNw$4_EFA)@vy?jnd9%(1)vDr+e9ljZ9Ltg!|uh-AZ zo_5q^{_a_bTN}jwuupSgkRFfu?$#K8zu;T1VIEcKD&aHm5UpnP5Dml3#$#oxF>=0= zi$0ydaL)TE_bx1lbazE=q)nIoSsPTe(ho|#=P&H+scC7w8}FQ1BpyWuw=Vw7SZ26C zyPo}3$|{(UOv)xgtr_a4^9O_|DpHpJsbJF5g$+DIq5I2uSlG4EI=`)~u5-_RndWgq8oXlVe1+>b z8dkYvxPp)*v>np|i5)V{-~znFHFCulI2!Z8qKmK3aU@)kp17Xk&)J|(T*Ul%pY1Us zV;pv3H-&*KQp2lMq$1eFnQ?UF-g@M6z4!7N2&QWM!z>SC?Q%$W)4|zXwfqu0=r+T z#$PN!tL;oY--#;VDoR`4_gMrc89EtXun1MJ4EO7qZqvviriQs1CX3~|D%|BxXKD-#g3v-;Z3H&4opx2ANTGg(2 zA20zd1ByWZMjMFgW(?xW|M_EZ-U$IU-49S5+!~EO_vcS1H|SX4jQRsT z@}D1kAsh4?;adeyb^r8_{u}F~7XaVu$@dPGzjbxYWm3)kR{y2*-!qv!0EgOn0jYC; z@9Op&faG}+#Bcs*&iG&7z5Nb&*bmB|(f=Ny{*Rlwew*ZZm^GYE`NMMjZ|0xV7!cF# z5%0qO-qoU{;LFRfGswT^GbtxYbBtZC{JpEg?|~a_-@jkS^JlHXKmYbkJXitcPi8s) z*43JCNzR^*{BQqEK8<-pPHO!@1EP7$q&@c!xXp=EU%_gia%*EJZB}~ZBt1&Lnp!Vx zINMBB4W4A(2UFshP+Lk=K6R)wZofkG2P`ysL&OUiU04fQPSE#4gT4b)EvEE^jN_Fw zbr=GaU~~PMZ6{$yIxUgUp32-iw{_gG2L=Lg@6_%_+TO$Fll|dQlQU_u1u+GJ=N00t z0W$l1wHvYNa~(ydw%s{fh=#2t_MNVLm=-?DqBn_dxP;GIBl?ZU5ooCIY{lB@wssP5 zpJ-TRZ**J7TEC`vm-3Gt+**S+5m4OftBls3I#m={uYh6`j^ty6xqhU(q;<#JSYCLs z!8ZEB_P%v=cQbc{Hc(jv$#I7W(RL)uy1uF(xTX>HV^O>HgPkrbZ-@X>_zLr~?nR-8 zw<4GX_$8g?IWGx(!0TfKeo-eFSPSLr6Y((1v%G)E87Vj$bDpa}Nu`A2B>5Aer=b5k zKqlKDJr;g4k5jf@ngw+mrmvew3V2na`VTwe0?{B_l$!K>q{ z^(z{ln^~ZNGpM?iOcjSLm+9cBvtD$ou*X;u?P}OUCZUtI8ryJ zz6K6n2U4yK<3jC(SEpr2nu4FH#Bj*DJr;@c5UGa}*|*mpN(vggM3qx^s^mUC4mg>( zPO52wDv!*T$BrdEISxyjM;0!bHuz-%`2yd$zO=v89R9jfjsJZ8XV=WK;33<&s;WCk zK=_w3oX9l2S{1Z4kId3W-2KztIFeSBqmohyJ79KHAFbq2i#-{k?@AWWPq#r%M_rNO zisv_qdAXyw4R{<#xyE$3((r3k!MXSAJ^^y2NMJ8i#Msr&*i0HOhkus`bLfTnnYxvy>r z9M=O9T*EwRahvBsYm%aKGX>7#SD;T1B3omK4+ z1Qn*$GR)HcK5_;fi3`jP11RqBmC{MW+NEaagcy+Q(p5g&Ik9j<$=d}d|FuM;6McYk z@3`A4ZHc;}ul$EsB{uv7^VQg{usJEPnJ%1?y=PJ5;#gnmp?SK7_FjVve*DWdlesD*g zvMa5AXPgILVAqfqX89S)XIN6v<>FyAe@E$mMHRE*xCfjONK~M>_v0qIUJItQoi@XcsOak{r)f_i_LdYm}V%`w( zwr}jBY}t%Wf8Y(CdT+WlGPqT5_wXo;vkIoy z;KXsP9{5o#XwG3-=}`>arV*tNrM7CF_N?&VVXW;676$T%`z43ZX)f<4xOxhR+XZvx z_87%(G4RyuE{IEYI&{4J_We#*3^k9Z#}BCOS{go4}=Rqse-soq}Wz z_D_3vzi?8mf3(wAw6NN>42$m<&l~{hs8pCDEb?RO76We=U~_UHoh9cpA}LNZDFo## z;n%H%11lu`COK-YTwv9{MeZg=9}>rE==K#?J>C23Oke2GZXA?i4KWtS)ebyKk9vm8 zo9IOiBLdxezfCb>AdacNW@L#?D)bwo_aIL6w`TK%)_nK;c^z`K^Uq=b>aE#UE`Ci$ zq2jGx+_Y$YhOx(=2-+=1@0;CWsW(g09*b}|&juR-_kef+D7 zAW;Aj=LaY8mVj=mM68ExPtq_+n4^~cfd4DzY2|o`-KD3I1pcG23)|zT5Tq$WMSQs8eTZH7ZJy>Pn$Jq)(lVRO-;e9v~OAG+zNjZ+#DpW zpCNA>%K1w<(k`{1hJ()_r;Lq~mffi$)FG@z#0pw}EBHYxiGy-)l|IbS&k&nnSNnb6 z7BVMD53TzGak>c{XJq{o$Nx@Qckw8QrTSPX*&Z`oWHh9)E0ZG z_wo0G{#uGVy_6iHafukc41V0Cl{)_ik;O^LDQxIzSdvfr-Jx81_NNK&pY~YzqWJ*$ zo_Hp{EtJCRNz=1zij55_*tOSm@gzMBO2GJr2&q0eep$~*Ym;>R)r(Z8R9XNogU_(x zgXem5it_pNAf#1WV`~8yEg#rv& z^86jI`Ut~(y<~_qI%$afu^`dsB`w!8x`7knN$iHh^_1>>Yc?xyFtNmpAS?+eso5i= zr0Y(po=kP6jbSGC-GJGOM_dx%PfRBcYPm?_LGnhJaQ;BQ>Fq4gs{6RmKGaI*sW#1O zcfJ4FsSm%vsIUlL?KuE-r{uA<9&vq7_q=UXf;GiQD-9)AA%8NvA=db0JjQJ%^8s^z zEm{ftsZs7WEam)cl-zcTwXhYVjL%w<1AU)#Piyt;uK%&o4kpC)&FhHZXgeL4O{@OB zbk#}XVoJ3Hvr1JdMOo9xia)GP;>*|LmSMk-4NYU>NBH~@U7!SznslVi*>?dkQSA|U z$R6_>+CRMJ?@8w}qHPWY6>-{~VivRcONBn*SH0)r&#xO|mmCN4_PU~`qOPP`k6Smx z>OCg7$PV|)b=NJIucr_cWz~6Qeb@8gc=>HmE47KQL&Y7%gZMa2pC9E-`HzCMi8( zoKzE;$*0F%SR0z#sH@)Sg-6=2XK0AO^b6x0#}Z{QFtcF%v2QKQEF8`#BxQO>!m!JM zH!|E#ZHq!>H=w$)E9d-dh_#V&g^7;PEO+gkFVZMQdG?_NG-E{9nE<_l5372<}DlyGgU|d`{ zctI)Gi*Hir`qw^>6&RF6F}dWuCO`tUj|1T3Yr*<0jjs5t@7g(@$X%YZZz*K`6X9j) zpZ-@}^6!G>DJ@8Nct$I4<90q|jyj?l5FJ_s!uHt@tkXNMiXLO0rxtUozIKoRUK$;b#lHDLabU>-MjDNU zJ~K`*^<4~~qBQyNAH52DXTIkZ*IT&BB+F7zEp^yu1P|Dw8Z$$zQiN0!lMz6wEx(hm zy|^@R+353qsgqAqx?cXi{`*qRrOer0y`5994@?msP92^loNs%j2^#L+J#WmY_MOBA zlYx9V{ceDyZE!7n^R2;S-Wre1sjGon=tq>O%O7Vfc(}f7*bIW-M{ccouC7a(UNzCt zVX#E4DvW(infRDn80H;u+2+Ta&t`fs#q>GP3O+B)SeH%u(s=c2W{^d<#YA-;<;*cJ zxVUwvQA&l*eYmQedM;&u!-m8oFXxXw+MT329t<2*RA}&i?D+O$#M=K9octR})6^s3 zOZoX-&73iBPdgz?n2W6(0h@!po`1JoRfg1h`}=O+7e9}#H`8ZcCf6Vr5UIsnw}Lc} zuMJy4lva-(nkN>5Me-Tc&Zc7a4VD@16UJD~B!|lzKW89WY4kaE?tn==OUuzo=9;P( zwrI+61}Eh~x~*2p%kAV!mk_fEMxixh+nog=ARDSxfqu8@rhe6xE?_dU^D|8=m{{zzG3_qKro!BS%ej42Ya>wO2ij_*0LX!1iqeJjR>@jO*)2y2w4Oa1)Boz# z-s-52yY2UGBXsYrd-{6t064mt=Y;BG?L^^a2J&Ybns2s-b9q8f=eUeD$>_nf00{Hb zPk$I`494B&DPnXuw}X8L7i9KDzG^k>KW=v(iCKT?)+TZb4aT+ z;#!-fLhlVL2-78zd}PrnSa8h)ry>7ec8hhO zHbfNBp)bTrmrfjkp*F4)#YG+oPDw1+)!v{MTlaPN;j;X!$L!02QwjVyBcIO;m3K2w z`QY1RJi(=F6OH<4W@*I4+a0(`pckp3keuBBE;UfrbD^g)%V&8s!wu$h{JJUt%U<_< zQE8>i?pd**Is<*^?cY^UAjCq_=DbI;V1zAxiql{6q1xp=INS9rF41= z>=1H0=(7~)pi=rOuGaR{xT5B>>vsSv%|XVVO8*Y{Tetv7ktjS7kTR%%T=VyzDc8s~ zuNMQ-eO8;!C@Y(vatv#w7+7#&$#~i|4OR0LxQqm-shu1U^QVj<`1rYQ??`>vlADg7 zZ-q^7K-l_*UE_mg^1mDyPu4CCoVD(JOK-98-HhL)@CHZlMX9goDs=&pf{7&ES-Lq{ ziXv_L+dldddpX-hmt1y7p2Z>$qUz=W?zF&mGz*_t2%M`~t>CV9er0R@6curaZ^k&6 z_*}(fZAlc&1q*dVHF&4K1-8dU8C2i1`-rux*0*UBWuxWYN=%86%c4$iz5H_1W!h$m zf$h}Ksd_kfu$%8aWOu9X7v5C?oPNq%fw(-K>Yn8f0%i+J2QA;vpKkm88BOmB*p4h+ zbq(-XI0>go`c5^9R>uk|KVC$$eQ>qC2|x&4fj{Txkw0$L#(qVjz;?cSlbfjtKif$7 z6{r7W5{gNDeC>8J^$fGP68-Uxi0tTOBl0t$m%5_3bq1Hvnx;cj4zzy&ar6E3+&ldy zhpgYnxgXCAUmOo@ls@4Z-t%XBR$=}2vP{R3znl{zwX41hH=n$-WU3@S`^NGHs40_g zJ}w#$M!70N1dIjU6B3goY*QSOG&Dd_&~WskaT3LD;tg@3MQf)FDB=+&$FZ=kb z@Zhb@b-Tb z0^@rb`M zwEEsdS>ubE7q>Dd6%z5uJl-P*gSnBTjTeT*2e!Ps!okewZskQtnzXOa3r;E=OMn-K zi=^QAhA)Dzu3rtyxz~2+W&*>!k_u=Qs4;vVfjh`Ovni;3QG|z#a<^KeCZN3d%1yt1 zm)3!jcRvY_UO8|OvnHjRJN21<#s_Y6Ew-k*{%$t_fL5+@M30_Uf^UZ|*b$5VLGOFI z0D9kA;T8L3lUeg2_3Jxf@HClgz$5S;NZPbB+}|SZ{~Ysh3}*ywE`P|EjmT+9%ORnctPgm?`S6FH0t&tc`NgG41=s^ zk9H7AQL0eVt%eY9DMPtoB9jxuuKH|G1KQwzYU^X|x7_8YRX!nvYUd=N;Rt~W=R0d~ z*$U_Au9hOx$_N7Ya8|O^Q6f&W2-)rZd)qy|)v1u3tWMN&N0N`gfl|I`FR-0g#M(wRiOQ-}XN$ zM^1JU(XL_s>i;7#^1r@($P1up=6c*L!}_hHzgg3Et>Y?sun&3|P9{QevLqkf`~24AcFny}jc z7!CdZ{@;|pk!a~MblRVW`uz8knIZAae(kmnzkhrG`(k>{2P8s$IJNTkEB8N3K6&s} z&PUhL{JqhT)B<3YeGBje(>4BMef;;L{lEY8|6{?ohkpT3&fJ%;Vb8=E!#JOR8KPcO zda5jJUiZ{Hti26k56_4Xqon)Z_Jan@xA2$<2a(=fR1;wxX*4KKS<}=BRpkb2|>n4QAnu8)XO&gxSx5T(! z3SET5qBpK0R+xa#?M{5L4T0hu`-NibCu4ktfj$_a{(MD|J4a`JT9x&;kSV!MFt+kW zwjuDlY@G7~#_=9~lPwVF_vs%d(!W4=qS+;ODc9vC-e&GoxnkHm*k4@_d9lw6G05Ut zWCI}86>(oFes^1d;3qerM5)Mu3!Vy5lUOrHWJ}z5lH_NdWC_KGwd|?ZUSh$0V7Cyrc!IE__Qy~t^)|euC zn}(GuT5)5KS|8`EbB2?Hd zEM-k==F^20a?5(6RGK0i7GrsZw)d~!EFSG))A{!A9H zuP+V z&_5tnTo{C7I1;kr)~_~|wUGKp~v zCiuTjely(V(EAXiK3rfH^QyaFY^j|QkQd^DZkp$Zr+Crn1Ec|zt{rIQMWD6CWKeux!$Wr^~y8yJ6;wf;9Q)##Bpy?4w=JztqS~R zwX)jeqyk32Ol?#w*LFEpe_muU@$gc2qUY;M7?jv-MG~FY7PRYpe3}`$y_8Ld3KO=h zyU`Hz1=EU&1r$`(dMR$1H#Lp(`PHz=U4O+f6})k&sm8-vCq7rJfP0`hut$Hcavba~ z8s*Sx1)~R^RXY!r&3?yDRFIk5&VxQkJJC&Hy%YngE4vn^muD`;9O1^V@fqfdC13T~ z80X`FTREWTNsg}06~$Q_Zbt!;=Katdk3(~3b@3m7W+@)`*U(I}`%(9>GvZQD&tfEF ziZ7D&;OzTY+I~`XD`8DPg!~EiFz)eIuwr+1&_bEwEjy9 z0b2nnFJbo;eb7qooVQ#igKH5;`mLdp(wP*KXGt>5mqMU8tuYN>HBshc;&*C4N3KyE3Yk6 zv2u_@uPQxnS&92Ku0$>4B6DszD85%%=zMY5Y-U`G0NLak??i)FMYgjYRqw*I(7!Yi zO9s>|^3#m8RR|i+e`+KedI1lMNr0ayAMang zqGN{y1nXRzz)3CwWWv=Vb`Cz#*n8m`Yw*YoUcEFgkUV49nhjJQe`$Ny^@NkNP66Qa zJX!{#A^F_;_>k7)Xg{3l^@^`8Ddq)u^>zsUt@ecU318X5)qc@E1;i@BZI9((Hd=|h z0uzDtZ8b#iyndA-iY)H=K;Gbk**h(ZZk#kj?l?*%8%-9Amb|9p*xHD?i(KvB+7qw1 zu*MRqz|@Ii71+tq-_{12+aw3Xc61CY zD9%UDIIs{aY_)qJ@dCG#z7*eUe)z@8pmQM!&`ho(_Y&K{5ZJ7VbH<2V*+S!b{T5R~ zv4im&j&yFZh?~i0s+Me=a`}gJk8_7bH1nfMleF3bwd18-(Zq`)ro(P4In{O|Z=x%L z4$e3df}F*7lkTK|m$SmF9*j#vY;JxUsh-WXdFl_KyUK(U{P~)xOZIM&I9nEIH zF^b{^p)pks*tB1zxVN>VzvO&2gb#zN*2c?+%(Gj<&|hBit||(bVwZS;Fj-3F1dx=p zC8dOw9BE8CT2OF1b$m&Q$zN&S2q|0irbzVBD zy%B@7^1V|m8=aC@0)`b8F@R7cSAxPOc5o^_gzWJ4gM>Dl+WOYK<-*Bild6Sn?u6%ONa7eS#G14ma{WX$TCI{y`Gv-%wkh5RAADS` zsw|q|>O`TX;aN%Ez;4w>V!G%xh*;hTTkxgh+ANZO!@oKp^W~>RGYNXFiCyM>CdfwV z-kNZ-IKE|va6Izc) zlHiOY5E7I;t3KMmRzPcTK_qDvc_J#r9V_WgE4<&nJZmKZ1Y0<|(EebO%J4P2zbbYE zwFpg`7=8xxE6kt?aQ>u!A`GR%yXjqlFTUEwWuv&&Vt?)SyZ1moc>A(7s2T@0;-j*V z2kmk2F)eT3pkwp7plGw^kzwB1h#D)OP_6M9g+x@I3dPD22YDvmJC-nH39&g0#57K< z=lcp)7fgO~1OUc*lifOwXJiVL@Yn~%<}DWq>AS(0AXypK0IPQ}XVUM5hiuJ@`GfQ? zkCk71#I`l;_p?l{6Rk77e$&ky>x&Z`81f&0$2{t!t|TddZug4_07zeR?jczf;R~5C_yoBpm?eGQ|SFUeqMl3MZc>Wl9#$bcj zSHg3+)oQ#8?o894%zwGFn6%RjKBGAJkxk^p+A564lyYb?uR?0K_BM;c*P2Y3|s&N12Vkz%+20@mv%4QvRVLMv6vBG_vJk&IAb5Wn@VC~`Dk zirPrx%T(Ja=0LFXBf}oRw#;t7y<#n#4g7Mpd)=G18W&c^#&LI-PQcOyeb_qMyq8)3&OAyG)}?np(hw*TvxZzc))TaGjp z&j9h5n)`*-h7|0@OU31q%#fbO-d`G>{DA=Gp641SvSS-(lw96XZX_O@W$e}u?orxZ zRr;Yb<4gppNY8lcJI8EQB4oZ^hbtcEbUBniGxYlsLmVOHH%Tl9idr9DXP}wJA|5eV zJW&PVLI~xTpw6mmgpkA&HwN=`s(MV8Jj6j7kZY*ocoacfU`f)6(*PrVm?~_RZtK*Y zD6r~72ZpNCXSfe_Y(Sm+PatwHj~iqL$?#cJ>h=YXRe?OW;iEff7e4~SptYCB zxX@t_?vV;Li`TQ6cIsN^7jRHR`~Z)EF;hX9MdG-bz@0~;CKZ7SuDTjhP)&UoF@MD? zYX|6YV-*4)7*o{hs|KS#C^RZeJhuNf0zwFGr|W#gXxnmFllmhX0Yc>LDI9lvMH|51& zEBq*!>yGbnSt-xVw7(7t1dyWR)}N(9<4(uy62_^My~A-_@{UbhwcDg&4b`FbB#U66jdP@OTM zF7CRY*rpLRmM7sDB#vK-0-+zNMO-xuzwK&6Y)E59Dgx5RX-;*SJOcS)bFbf}ay6^y zhFgAKAiLl&ATU6do_;#bD!$aLa^NUHsjy{(uykd%nX#9KzG!z{sh=RLbQhMP&~PWx z4t{zpUJ%tS+d6#izC=vU?LDWyb|OWkSt9$7jOL(^CDiBz-7XB&L$?#U^-Z1k^3-jj z#mU<29k+VQl?!Z#OoJY~5By^EfbcbNKY^omETETV$kjq11(FGviQ&n{L5l?ylpc(L zBv*Ctq3*r$QC<8Id1?;af2Y?@)sigqiJ|=Gt2Y<179Q<#mY}g~O3f>o>;a*5S=!1D zUsR0sZ(pjdl#YvJm6+c+i(R(JYgfX*#wA_&9*OFO`L0o2rn*;QLyhWeC9#%+RpSz$ zz5lW%&W^htON&2vZd~s%ZK_@4HnG5dVG)+AePAa=?GtK9JOYx+)<@zBz=UhIf(+z& zgbUoBa78f*S#qT}<|P8|_>JA^@U=!Kx~$*7TREpg;oaQJsF@kyG_0p4oqJwuS2D)r zM~;h+H_W=;&*nX9469ikxFFgKa)+#&tO*S}wI3IwojQU0J$vQC>ap4+%MD`S?(~gl zC9kEJ52aqv562}nVRn6QT(Y(|z?9JZ{jTJj!&XB?6H;6w_Sfh&YL6cQZL~F3Ui=9E z+AMKB8^}1#b=iYbZKb;Td;w-UK#lc1XP5(#3T9uF--J<~OSvk+In%+~c1qC)MDWQK zG2D6&A0{(8!}!C!0s_=Ft|_)p<_nD~eAZHtIg}!>r z+>}~V0>73w|K;mnbP6S&NOsV^_CHtiDdc>aRooXbSb1Ubi&2glb?p3rya(|s_laqssqdxxxwjj(44M%2aJg-oa7 zTL}b|gtOFH=@^ptzhyh6#$u2 zl-I{3bLX1B4z@MoJO_10C!Delns%b-8K^Rus)CQ{PKsY9Kg>PE=oJRnj$i5$`8J`b zHN67>se6`S$~q>ZDq1*hCZVZza>1D4$a6NYSBf=+qLCC3`n7c0NiRv#`9Z>&^p7~g zfR*?O2L$!35^-Dz{pABtjGpct`xqkkaHF1AekTk!GSPUA?jcDo?b$?xO86~J6Ne;` z*?0-VmxREN$%0Cu>ac>YI>A|xlyJA5?r zR``sVJ3-Ym9Bk+3E>oRfIy5OVw@n55M`1JlxA7NazgZfWy*)Yhm9_m5-R5V9=OGk2 z369Q++gvX0j()*e<;LGN`Y3Ri;#M zv5aK#nXf3#YN{dSX_g2uU)_D6i(yao*tVInrFkN5Y|~lS!{-141}gHkLS~BK2C)K` zvatNE)Oi7UaK`}7{V@Yi9D5a*MvWk5y@l8}>D#?{&0ctHW!_-^wfa;iZ&8|g|C6~c@ZwME-CW&q!Fy0LT-kasVXs3ZffqxcC)_(5 zre6tSC#(qTXJmlfXkxM0LFx_gH{+y64;#E$T|ijE?UTH-CZ(p%`0ELGk_~d#a!IZ% zphI$a9!^2EJh|L|mpHN2((Ko@$a78eBLn2P*8^o<_4KhB67UmO?aU^_;&}BB);y&_ zwB4HV>|CW!F^k<52z=c4KI_9O7uQhMCSFp$N@q0euXRE)pG2JIPM+?q&SyO}>yLY& zb*P}DMn3Y?mOY#$FiHg9$ynQ&7CZXzt*^JbwEmyG(cf%>H!us z7U0FtEN)jd(SpPOMxJ+2n~Gx6urZI{a4`-}i!AP&SdmZ7Lk5msx^zgE>8NqWOm zE=|Y;08jXT(tB{Cvxsi-joy{Uc~CS3iCuR1D^xf$v&Zfy4ELVar=Obw1in2!H<-(B z2`zpt_u^R4s^o3K>Wg|slV&@2#12p$q}O)kX8^~g55BY&hiWiG;A}Qy+G~rxHscs; zRXAZm4Vvh5`JrYTd_l5$K+CWhzfpl3AwlE9Uytb`W+NyXX;|bXzI_VBZg`{jgln4T zh@*{kH+dsOp3h?HvVCKO*_N9lIgL_o7^&Y9e3O->dCvv=Ax?iu}NNE_S`!TZs@>f4ZxctdW2uy!E6NYd66<3%qWC6w0bLRF*fsp%io@`0pV|q&;-X195L=kI zH(a}!58uBH-ohD3QYEB$uf94`*tQIUKUV;?R`4t_`aGO;f~=X4W6X8!+I*YnwVZjO z#L9Cte(SoX^&Zu~KAUNP-|fjMNC#9NLA{1hj!jKz$KV1!F38)h-8|^&RvxUoM-~UM zJHQCobpLYHn~Eh|aY7drbT0E7eVTGv9Y06(e6aG+bC6W7`TLIG`?mBtPZ;mo_ia8_ zds~Voax4&S(mm^TgJ(SM>Y|2gADpDW_LF&%S?pJL%`=0Q;d+O^otU;QN$P^3+WG> z@aC2eWe&1<1)?aXzJ{KT{3(AMzi)8Re>F_!M0n|JX^n2_@kC}@>CK-g_m+kC4~Y?! z-!4GU6zxamQ=nbU7K5hk!d;Hnq1``V!R%NB(BJ~_9zub6X{scE<-|Lq@b6OA&Xr+FTHB|G#; z)Zhr#d}Y=Xe;t^X-Uf*g)Ru$b#|r}z57e#D>WMcHFglj!7gn}AoJ)TU!U^!BmNZ=3 z(dB%k4s|J=pSncYo5t~{ZF_e9;pMX(sdl|zK8pAv=6TnSH?Yb>o{N3lBn6)jn{3L} z*Ui%34(sn4r%1YTfsnfRjA*5mBgqv|o*aGNBta%LemApzqbEZlwX#Ry_6z4G zVEO1;I**uK^Ep?>&!Qvh*Kbzd*E=z35$)RdUYHIi>SK|}dd~#%Mb@uBwZg3z6V6Va zi5y;8NU*CvQ|v4i;$+mI-Akk$8dpI_I zV6vM~Z6;my`pj{1P@%hfTyd5Ig3E_#r{p9#%MU~&a$fMn*b>2fxd!j~8C4#C1BnrW z9yfJHRs>t2z8}lfpd=nCLzSF|PhzrQpF24MZ?zEJ@*MiZ8*@A?B5^Vbcy*%Xu8$|q z6FH$IEg{frV#tf9iCyV$DGu75c7P=-dNtX@{O?Fm<$}*0Hugf`vy@sld`=Jf!M_H| z9Xh}t-na33s+sfI4L6`8!SeHQ;zqQ*-KhdEe0XQzk2$y^Rz~{R)I&e9Pi$wkz@YHH z7XB&vw@=aFjq;0XH+=3zF{V6_a&z*+gPlbwaf6q!>LpI?%I`dlnBKpjQv{iZrWceG z&4Il;^rFDSU;l@_w~mT>d-ul`ky1)jx=j#5kWyIC8ZlgO1c>o z>F#FehM{AC;k)PD^Qn8U-t*UQt>0SbtaaAHb6C#Ip8ekYd0x*eyaM&%FX+EuWc5b(pXbgvV1(3na_#xI-ywrMA+-- z+d2X!wf6uv^YAh=@H5_~dRU+%Nfz6A3o<3vy1M&neZ;<4rUe|EdEL7Li+r>Nt<7n> zO~EjQK;0J|q*Tv)bC%5Y#GVvD4mT&S*;-~|$jufCN$3yFBeZ*UfH(|r5|A&z!>cfI zc5Q7Et?#fpf4A~r4C`83lK*=F>#kp=tQrPOB`5A)einb!^;Rn2=tD2P&pi^n0pfJ2 zU^1L}6;hwujNbsa#(lAp+yYD~dGh6>3xuGj74l^Pd2xb2m*u7VNGK#{$X3pGE;#aV z@1G|%hp{To5mXZV>Xh_J=OFpAx26gz~xpV)~JGue#+RV!Ln}6w-Z<}N4@$JsJzQ6R&>$P4>;i(gs{j#n4_y55_ ziSbJcg3v|(vbp^?(%l8DL_imG^Z54mKR(T`K5*+}Fut;KUZ-JpSnS z<@`&(tk8tvQ_jUTXZ&*q{BGf2XMw6Ek?#3l;}-H_=y#L|F|J=bXaD;<7X#h@)}HB= zKmXe-VU}*X8pi7SGF!K_Xucz6mrZ`@74|IaE5KdWheOlW$7&6TXi@SG^DSJ* zyGxjkKoOL)r$l9-M((Sc+;9N+{mS-oLtobL9P|V=zTL-O&?-MCc|QsCKBtBR*ISSU z>>IyZL8*9fwgixoB>(|H#uX3);?3fKsHn4@pW@pNj7v@ge+7%0p)TY-ay$cr}&PSeuHml)Z7;Ty;pI5p%oKbQchrW=d=?gu0T*AhHra zp$Ow*he4uHe4UGIvFbp+PXAN{mB3eF=ii7@LB0JD12cWW_=ZUpkso=Wu4e0G)p;Ec z4u^3~F6^CC@&PR|K>?AQG@EYr-Rj&7_6cUj=H+b^NzIFskRtmz`mR?-n{~<(=j&w0 zwrHA|)6wRgQ%7~>lsA_HY>Ecc1@N-i?hb=X2+~d`Q&?tSx*|v( zfiadsY#55+CsXFvz*3pN#(rs2ABwZE9Cq^wur#^Ty|>0*#orhz>BR~JFcF}-`bp`% z(znoex;T`ouQ8FK+eyW1eV}r@+|bMGHDY?mrG)_DJk!1EEhBJ&vWvhMoQloR0ceIxm!GU_H^4m2F}x`Z+Ili|QcctiB`znOko zNx6uJs@GKpgHP31Xx<@gMz}Id**Y&a?4$Xf6k#rf=*t>PX?hX$7_mo6(Oi~glW-bQ z7sEvN&C4` zsRe+FsyOrGt+#|*dGjlHPV?rZr^@{|fPJg5J==I2q^4|g(K(we4HJ3LyKIgyUnZCr zl$#=6*qAFRsB+`pP2O;MWLKNt(gN6dwChEuhc|W>$9-k^?oYXa(7m zIRtsG9}U4{?;Cj>ZdeobCnp^{!b>;bpG#5KB1`i+?g9_cIrh6+nI*NhMG4FAtm?mk zg4On+B;TR4w?Y)>`Q)BarB~sCvoL8S&LvqHna>Bs*4-cKoD9bA{^qd!c!cHS(MA5n zewO`5AI0{KG)XMHbc&1KB*r|CzxywslayzdIL=cs`hH)KAm_~8m(JPE?WlL$dJ7V)r z^pa!K&SxA`zrYb+>JjR}LFXmG3OQQDzCu!!+0QsXy?PPLln=ACpvOR+IY~3vyB{&pGHJH*Lki>TYOJ7NvPtYO(Q~4?QAZn zkb9`N>wSGWw$6YjE`_X|bR7hZJq7Bx-$h*RlFF}%HsHIg9|Sd-ed!yTP(Yv7HC_I8 z*eN(Ed2aSBNO-wn6el>&fcU4lFA4az)<+%Vx8tS;er7l8+D?2)v023P79T8k4a%21 z-AWVNnr7_$W#%_B-Z93sVgQnLVagkwv|2YQ5>BovFh!Ik{zY>2_Pq z@yMmdkqwD+0PwYee~-k@1J6u8`5>>_hd@SeiP$xl7sDOLYT0)=JgZA=9dnEXhEp$6 zQ)$c?NhBV{416)tlMAL>D^xC!tZTN>B_yO;9?1@LURPzQ_HRxue7@{Gbb+dx|9MY+ zeiI5U(@od4RA{+t!&+XdRnGgsFk8qwFC;qGl(M>FeB=JFn^$lr`y63(8YVm_rq@y* zNRJK?uuj7#Wj0(|66XU00LU;~Mb)_?jTLDZDzT*>hS)hU(U5ifDXLJI2Ie;eH zH%HRh)3g8GKjD5SFAumhjvd-=yC1Bu0;QX#RT9n>v7utuT>VS$Y6TyD)ysJnk|gos z!!j?8%kgpaWtI`Ca?vUKIF+O2OELGIi^Td13MOSsLg5`($Fk4cFR389Tqp0+2SH6F z;)IMn#8BUs!>&HLd4`Is*<^ZUIxUJ6`F;g+Nc-Z}G9x-;Uv?q8)RL9OjtJ84`5M5l zLR~*&?Dvelk7Z+o&yw=f1}qI_!2RnrC)R~Q;3 zzixK%65LCHmHX2<6M1fqLU-!V4n@WRxEm(=65h$-Sm@nMbo>;pzSHZcE`}0H$WuCY zu(Uj_;0a@t#_2Z%G#STWqiSc@Drea8#g#(~dh2SWv}8#7qeqjFLOWT;Vit4vvn?dyQ4=!g+Flj7Hq#=5gK-efIO7B8cD_9WvQF zjm|xnpb`9TQFOH1tqL@mw$|`!%`c`8V)*Uf%y%WU+YZ$e8x=Kl-B0;W0RnUGx9d*W zUiPxt^0QKVT(K-@JMgW}F<#ec6jxMP!51YMYss`uM74g;r9+{3KuKFW0#hcgw|!!& z#>YBdSu&AXn&ZM3&eRQF-DFI!aqgadf<9jQ)?Zq*KoOMsKW>$_Cj=8qSSS2d@#ybyCW}|@P(|Fv@{xDyBm21W@S*Yj(l7l+xwMkRG&J$na z31nd&HIX(FV0XNi1A+0HGr7A zpvGLr7o#Y>PZL8tyAd=Qo9EW2(zrgx@qv{1vx|k=tl#%h{w;Pku%sMdax;5mB9@lU3 zxCh@WzuYCgE=8L*e7$AX_+2WH2h2iF!Stgc4NG*dKn_F0<^t03uq+Hxe zOXa%~FSbxQ;pa&M=$|=;o-drNLcq*e$cUfM&nl>ALB+}as*z>`ZOydt%{0Y1xi0%U zHaPc*4p%(fl=D(p!|=`jriNVqT?5R(49?R}*N|+E4;d~Ka2OY9 zqr{H)ZdjMO^>$0}T`*jcQeA>|3J4brbeh8qLs|hq>)5e6XeSe0RuP*^f=fi>)Kr}> zW1qE|liF@*!{8SMa%SEaNa2}0AlfYCwWz7Fcvr2uCURI2agF)I@dikcq;ph_6@D5S znoA@yY;uz$!USf(0ed;dAx}ilLrJ)%bv(*A*Hb&&CO_g?5sm*dLK|ypKm3#Hmu#d z|J$P9f|;b8RloI_k|77Cm2<*&(#LhZ@S`iCI)8OGgid^wCW#e72R@x0VP)H-UU#63_RP7g!rQ{A_H`Nkwuz^?wC zXTV}-tVrDE0uS`_d0PKeS!bS_xUi1HV#}uC=GVdA_D@2=zw`9G;B%b;1Z!P?MHYjF zHN((TqeM5b>U3%9^K#kfm6@jx4iC7)XQSv!G z26{D)A@<_a{bAje!;W3GBq`m2)hJy~%cc%}x^{CfzBL2K*c$iU*abc;_b!cKot8+( zxsQ>|^IM;ouB~%iPl=^o`YlND93WB8@xg`9pm+r!vs1`R`?tMkh8j!1y%AcM3V>L7 zvjUUSs##{p=uY(B^62W<-qwnL9-`4dIW zuAGh(FYOf3idbY2EF^q_q1=76kjF=9J3r^d<6l%e0N}WqD&o-Pg+ZJY9@tZW3Di!! z3*%i{b@TKW;wHQn5m^1FB5SIt)&gpeWJ^q|G&^Z(3$hJrs`q!*-F~^+?90YY;FC>G8y)A*gWfjNcl9p`O zO{Xj^S3Riyx1L(cEssg+RUzfrm}iK4fT#|0n_q?KTX|L6<2 zf1enap;oLPnUvZM@Aa;=sR99dwF9fiZ$HgN3|xC5;3~!*|0jzEcp}^@JO#7bYln)6 z*>&?B$|fU0JJXi@T{;1>ZpY#u#ThGV#Q)_%v{g?LXhkhXwn)1qs&{~BPhl9BzEDuM znEJNvu?I@!*kab2N3CENW?8?c=6QpC?X3|=05Q|E1RN{1$$SpOqZ}`Ow7DnW9ps}& zkNS@DL#&pS z)|k}0$LVUcGi#4YB!R@X$o$obwOAZMGO>_oaW1yLq=D@Pd%UuaoT`88+_ z0JRE&i&0G#1Y$(8pyZil+Zss=ZCOXwMdulm$M|<|h&V-*y?7a^D_9F?ge zPJ$Qlo%0Jgn?vc#oAkNTnuDA}2(2>qIrA(AmJ6FkjmPE>ggBT;JM8)j1*n^fyWuu! zyPdfZ%b9LT1%NHidObP2x}wS638|xDNYkf#HjvLAy6^TFQ#%P4Sx3`~y0*O|gtaUa zOYrZO<08>Lms|wYkg|a{?NQ=~aC8y00q3qkX3#)oT@-Ld8XcAY?Q-I!12ENRz=8u@ zRP~`!n7Mh|{QI5Pk=ft7aJC0aR#Lf5WZ{bEUG;()fE!@G&ZYA;JqU1cMO;?R4py#_ zZCbLdU*dP0&J)B@_^SOr`gCb9+9YDh#H|(Ey5qBOdmaChQ8c0Z?6!Qui#(fpnaL_= zi|=n_S;%~FJeS*zJf1YWl~*3(rW%6+@2*i*1U`RZvmKa;8>yBYCWyMa$9tAX3NT54 z1fp-ycbV#Ow+{7371xtvo+5)uypP$y=l=8wNgN(F9Jy6G4lw{jaUmaekHnOQDM4>| zJa22O(#)Z$%Woeo{ObxeS?2gPrbK^~(K%AU+1O&XnO^anJkc?#d$zvp~}%-c<6j4OYg;7Q^OSF`y=K6 zo*2=2|6xZAUfl4t1Tx$-I>4-SFN~t^A6@|93|oE9sw-O@fYHjv8`FN($qP$X{v%9^ zZ%)~L`FlPzRPWrg$|)+QAHGM4JyYlUNrGk{>Wv;{bx_WUf_9Teij)>}-y-#Oi4RQv zB@q^k3|fsDX2W#C&Nx1UvjbE!|jIB&C0L#|Aoz66F&l;cty7TR->h!<@z_7 zJP)3;oYa>Bk=hBPw;`8FbkImO1Rf89!i%iiS=@K#Lr4utqV2H;mjGnZnhUXxn?aA2 zOvQB1H24D|8?BY1AJ*j^WiarXb7~X!JOEX?d`Auc=i3pM)5(myUO(?RwqcTE(&PwL z#P6PB5b@sRXsPS8%F!01FTCl_&kp^rwnYc+Z@Y}sDqPw7Uqmz9o+_+JV(CfY3 zR=ZC8JL%t*M;94M-Vp!kHgb+{lNkb@hE^2t!fUW6qlq?F-%}XipzeCB@!LzDq#_kO z-+H%G|8U2bs=&i|-i3UfhM~Rgx{I)=nA^WuoPVy` z-*5Y$OY!HD{=M4&+NXd1^!FzDdz1X@IQqp;e{Yh%H_0!y#=kDBzco8nM9xQj>1v#h9_bx2>2()F8{|go zy#3dwikstE0R>XC3^cyRHJ_W^YX!j|kKMc}gs&6PaiqC3-?cIMb|Z&G$bB_JScK&8 zn2pQ#_bmf9$HjB?gK11l5ccgg&b^2{4cRuGFKlp*$IJE^NFq-}3F2JJHPpp~8juAc zsHxuUz~)V$J`tJYHmUnzo^;ssb&;4DkpJ(`#((YPxO!5>VI#7|F274e0_%EBZ+dm7 zgmtsj5$G22%r6?+a z(jepPjP~W&@F_XoqZ}*eP$+=j*Plmo&QaRTtXDkD&;vQ+YvZG81#*OI?M4Zk5oWT1 zE!(j3NFZ=-*`q|Xq?*9^y!lPd+D%}JaMlx{=KrJnlVZRyz3{TCI}J${9$@7R=L!^O z8|7p+=axYbjKI$4-is-HIx&$a)VRdP#%vGA+auZ63OyHK?J91#f^JSIi1|vy)qRJ-{uXx@#C`9cUbb@!ov}0EGpIT0%jwErO7awuBk`-{ z185(e_YtG;Y4=k~zz?#ev%D-99)4Ei3WB;7&?vh& znT!x#7pnD{0^s@g0I=08U94L^KG4jls$uJwJU?ZkzJJOn?6~+5z#qyOk{;nqZyn?u zI$G%%4G1uD07$(BHsq&(0K8tyyXy>}0kd9FJK|h&c5gz|Wjz8|7%6WWR;FvDJhYd9 zH#cIt%?)Jt4>@m;B&0oA=nR(!WIp<(Vhnw$%%GWG!s{`?d^e=>=Cv~~8)4f?-@u_- z4f6fpk0S5t)SqjmMu?a%0;XrH=CuE@Wb03mK0ORY?NRF2dIV<^Q;BKo=GN3)e|O(T zvKk1SA62tSPq`a_^jr>cI^+xS2ua(qNpJd<-u@NOtscq6r$zT`c&DB9D{MZE4yW5Q zRTj@}@S4q2=$D;3+{8PifYb>0JdtCH;|r;UOcC#9*p+W)8qur4Py4Q@(Zg;S#hN3h zYOP!WRV@Qhlh9Qn8f+*GZ zH#mu1k&C_Rf=-p!I^(y`Cfs=rR`w4!2l*ah-2wwD7UWe*HZqAsin%H$sQTVIBc}m> zXkquuo;ie@UGkUGYMa+>SGpz5i{1_78g);US2?e>G}8w=yZ%~!ia83??|{*a=D>yp zFJ8K#PZAW}$kg&(TuXGielpY9wHjItJx5>K0hn=Zb<7J_6C@EB3$G6FRM&k*SqAwZ zRW;CloPh)ZnY#yar}9OTmMc(=YHMbxZ4@U}^8mih&Y3IU!u$*G4IRK?Gym9 z>ZNpljr#n_1aTidY@O6P6D9Q+;~lb&q$#cTKCoI5bQWCeaU9T2NX%Q-VJqspwq+);7*+XG)R4y1*nm5dV!vl6;lq zox!iV_ZcsN({gPjm`YqX_VGpP!5lrurr6VCZC1R8eA;3*mPucLi+H+XxEzKe1u@XS z$^Urv>{D8XW&0xLhFf~DCSoNo9CI8$ zhj=0`O(tA;x3kcuL~RG#|EiN4bW>E;*CG=ttcp`}kO@LfWTWp@BHG%X;%Z`s?6HD& z&!R#e7n((SnORcznuh2jy2{1~K3GNI$@X$k11eh6ajwmQzsrkpg}f&MxgC@zmfwHK z>as*AE^6{q%oe{FPIt+RrHeiQ*LpkyUTs0bW{uIRp~*N0ZE9JP8fwCNIzlI@I;A&yUx*v+^TBYNE(^nmm!~ z8-{qfoW8RZ+@FXdrmDT4^W2%So2W{+jlpQJ_dJ6z0>Aq5)JwWUxklDVg4L6f6~6dw z`C7>VCcGb0y(?X!^NUfO9hp|mk1OtY;9os-epVk07&8*alD?ak((5k2r@lq70oYfm zwz%Vp&vmv}s{^)6ac8lL^+rSawKRB-8lLnq-n#XpmR-(!qpIE8xi$F9m*sh(DyKJA zfjydCPu?(=%^KJJ5cRA_vU5q+6lfQEJ(oV3jAn6uW{m)H-gplNwpiKkdaa+B{QGO1 z#}R7cTsH&{Tf?(X=~81@y)YbNR-w6iA7477C{8%dQ7R=Fh?89}?4Ig5nf&t9+p~Yp zdlE(1<FVKY1tmNJz59itg^h@1_~_D zp^~EGXtsl;1_WBFq&ix18%^U8YLY60pJjXQvwX~P&aEJG>F&-__tM^W{&jBMf$I0a zF{{Ur3NVuqGYBV{G{XX3jrgl?r>Jo=KE}gKtND|3E-dbC9&UA*!@#qp=WsqN3C81W zr28-$D7}#zeL3A)nHxVE1I@UNcw8pj3NPJp%JMv|-mDwm8#ZyW^?9a~(=vJJ5=nNR zcyGhSgwVrgI3=xr_~r0B33Umk1-p}eifP+Qs`*Eohy_60a3|xTco%-Lz&!MJkILzmQDz*=wffKzGS}kY#iyF(%kVF z?DWV!t8%*Za(q?62d>Gd(P{E&OJtNcYy|_Yh_<8gnS1nQ_WQ(QJ2%>k?kLoNdcH-Mnhz?K|lLRFJlVRkiU#_QDrr_)Pgh zWkYa-;|?I#eB#hAQozKc4d!iNLGQ*=G69EH7WSVXB6G}X5ec0QlaC6zxq!uPgg@Q- zGf0!0q~`(V-hBdmPsq(plBq#%`|8!>!vk8iNj*y-TU2ulIp?*u@x@tsK3UZ{5eMWu zir?)DoKcnRu{wUg8<+x48(4-JhpZS@VBeg)c6Jyb5j4CrMhy|=!?0ZwP+xfHMU?MU zjI--~wLoDC*!2VMOs^FVqit=()U^eaZmoEogct0~_*vIcRY^UFolW35*cj)IRejj5 zs!F9CysDE>cR(>_nxwV1zdD%=v1bdW68Px)?y7*dbyqB>_lX!Ih@T7IAHk49yp8C? zU?8NAZZYc?L+Tx6!Y zuGvO#ZJR5W(5&mwu{N&LCEw0LWMlYA3^~;RymwTsL&-%?$`@z#r!IP;WOOv4J(4s1 z;oF_mc5j>Gl`NC=T_abKvx&$`$qrYD=5L3Cnk8V#?xGHOg|Ri?Nkvy9dC7YHw_QGd z2iK@VUaUYo{!2ummPE`^48GFxft1q)-^mn^J)O$UiRv+qj_X;!0BUtBR~}0G_3h?R z>bbpg(fO87((8pVK+eJUqY$x3mdEi?2jN_l94Po!{6v37vA0{zRD0Cj7ra~;)e80n zudNyRo#h7NMvag7zY_mk^Jo)lj7DY7v-!|T`qljU38 zT62EyoRxB~tD5e`|4~`#Ge84Nvn=oz!Q58S*tDTZGTx5E=xYQ3Qi>MfaT`jJY;Gkd zV~HKb_*1ABeoL$s)Gprn^&K!bsTDxnM zkZ#u4eyHy^;ZN>1<~ZUXVC9z`oHT`g7och;p8{_8}6?9Cx|0dk5P0~Kwhq4<=Fbr z^UIq>P-&-ovMYUw->EjC_StLKh)@?`tI_=`t|u4Ety=D2oUFJk!b>fFU=$;`3uD`$ zJW01`T`Qsb=y0}Q8gFk*yY=olqE31h@wnSU=W*$?V4JcJKq)8ejb+p;^^RDsmb<*H zw$q}y$20(>kNp(te65FScRXLCPcx!6c0=o9n)_Dl9niM+6>5>&dT5#VW-t>OD8FCs zqvo^fatNtif^*zflcr&B&wCxuC|y7!(>q9@-5M`kjOi)Bd8*9<;~AtVvvu_^v7J-` z6caO}VbbH?C!1zN<;4lbp(m#4>1qjMqeE@Q>XOXB6urRHj78=ugmxp62;P@S&WFM!r7S)XEWfvf6yGcY5cP`#M9 z)aD!vlHrYU;G!x(+}&^fyz}GMI-k1Y;^P|NYRG|c%6L+`Y5L}(nIny;hu?K}-GMn8 z`^g?=y(wCe(+`sZ7am?>}w-5TGS zI$<)W$$21smbl8v87s)=Lo(G|^xGtibQw%XJ8NXAhL^5!(bM)Sa@x0ZsKJ^OgMHfN zw^FXHpN~}yu6KXtNvnwV>XGxT3{<+&-Yn8I!z3RM8S>V!JdYcm5IAD|MMDv5Wb5uOMR>Zj%7NUHec zi?o=QB5rn%E~X8h1;04a{H6O_if*a5RF@)@@XD%U>{h11NUWv`mUNtIn6Tf;F$XV>y|Ngh{4n#o$X>5~Vs4}Kt`0)UP z3M>Sd zLkiEZKv5O>-FGU&pMJyk4Xtj0F%xP>2LpX$9-soFyJZ_OQ1vz-Xt3O<+AjiXC=A-% zUHRUG6vY)8!y+Y$?xbv{*RP3v1Yj@u@&LteyHIdb6*ymPTBloA;DH=rwS&i_#JtvR zw?T+2akOo-Z6eT`mheiihiiYzz74>|Yow&4S#!(3v~Iv)bt8XDD%aOOtcg-G&a%l$ zVhCA2x0ybQI6nhHZl+0e>~$DFqYVRq|JZsor2R$4LHay4FKXc9hLujRnKTgkCZH z)jTslOmbJxU(Kb$!_+(v{%W8W9`IQpN%?0g*uQP&{|)>8dxQVa)57QP4gNn%@V__s zzY~G~iy_SL_X++#&y>GU@c+pm|N8|0pB=r_|5qhSSk)g%iok$G@r?J9186@t!grUt zaV>JwC0alto-C5{58V@k7dB>459mz9N%;P)Dq1LSpeM;)ABRh-Y_jwNvl%ITzkc`z zmSvL=-fbC%2pF-j>!#tzsbrkr#Fdag!EPTve1P=d6AXEH!AFKf2(*vOl0S&(B{*2s z6FzJcH2Ru&*Bb)2j9rhpJfHW;Bo$iEH0twSh$z(JsLq#(ZiWStbK|_+lA*8#8nCX~ zZ8ZHVckNEBAx!#G_KRAVjj;qgJ@Qj6sHAJ6)5efdo8DJ0OLpx~1d(>w=jlU~W{$Aw z@A4huw!B*~@4#2u?_P1Ic%E37uE zepdM1cI~3%vsMJ&AL(Y1vAjtCW5q>O6o=8`M2;|`TRCEFtZW0aM8)E@W1DIy{Saot zGI;Wg$#~;zvS@)j`$<~JK)#j<4k6t$;<#H=$BtsJ%C`a6#bIY&Q5dwm_y;>^S5rf* z1g$>!3>Isgmpp+#Y}_4@5OIp6Lsk|gIAK5BJ|rQW_5O}JR0h_7=@u~`9E?^7cD8?Z zhY>yGtq$`;C+t4UY)vZM9#(FX>@PS#9&Qg$spp&GmCt-!bT?qq-9}sP{1J3}CmV4+w4f3B2;i}phEN)bu%4%3KkeJ2&bct+@Zr>bXAlwb zc4r~%XDRdiEzIm=BF@peTUdHovQ2{Oyl`~L^Kdf0(&60ODE{nj3WkLREN*JWGBMJk z&<)cUM~=h0v>@1cA{@jH<1XwKCWzi)y*iWpz3j@2wvbN1Wg-LE{ZW{jErSgBC!m1g zC`;6SHl44T&$XHQr86bKtP_X6jXP21@Vf9h1`m8W(y)}QqIqOUfn$GWvfhu^&RaQ zfTo>JJgI60!x1r-T$pRxZ54(T*pkY~C>MR>|NdRvojd2nM!e?((?4F49+(X0<8KOb zAs7(sB{!VYIP7Y^$Tn9YfaJSc1p?-)t~DlXL})95WJio8R!kT=v`^~#nah*3xF-r{ z?^H98THV-YE!d$vTM4cS=5fFrwPDIzKGTctOrv8oCW!6X*D{o*9R?^MA@G?;6)!ba z2?~h`4rFf(WZ#DP{H!UU;;=gx7TfMueBhI-!!F`E2nHirpBVy@O?hl`u>cV>no$}N zjofTGk#hf?;>|K|8_pu}{W9>V#RH8lmSe0H=hwpU%NZ&hmyVTM33Xj1Q z|0C&}P@vZW3MoAkXzyH=0G`=NNCNN18s%b~Wfg`?*%G>27Y-gDz=@kHk^+9pmZP(m zf#Xr6X0e%Tbf|pA+nXBofhcka+u;QN@fr12()dQ5o*2gUXws9fDuP%uS9@wzSkGS;_N) z6o3MIYDJ#e5+8dF;qpEsUDA95cDUSatfbaKm$PN`k|5ba4+Fmh=Aj+)dh^UI-U!2GhO?O*tJ9#t#-uD|TvN1m=IeNZwZrC~=b>TFnU)o+ZIu zZ2Qtb87=(b@y8H^?Sv0x^q0c7?*xs6ooYAC)UEn%M8rmNw8HAcW-d$YY)NByi#+*; z@J7L|Cj^jsJ4mdzy5w#Re=aNyc#E*hnNWqnrIgU+MmuoP4hCj?>=Ps-?8W5jt53Zh zDgRVUUc{IS)+b-}zkv0g{iA^0P4^67x8+r7jx|&@9&@4ST!`-A69$>d{G`%Y%$*gfw=hy zH}8ul87K3>2N>KLu%-e7xoR{Fz3fxIbbrE~SjAmvi&Tzx8MA%#R1M7ITZlwv9g32I z_R#1P?wG@PEH>%dkHZj>&3111b-1DdLY50|c>T^tgz}z!L$YD@;rb0p^if*HUf++@ zE#_#UD9)EM_E^(p6zFds{V7QVcQnDQeQ>*t;iWj#Yr6p zK+pDJVFmrU?kQ-E(8A^BOSnIWO}v@7qN$_^Zr0qr3_SwZcpeGdFJ|mXAv%xMKXuJ@ot|2(WAp-3DD-L4quu-A~d;RK??;&-g zoDPXmT87RGH+aS`qNqw#_xP3}0SD`o><7pbwS99aN^#HUj_9nasv;@5kyFZ7=~`sN zJD0Bb&Hg@Mj`4*$Y5MRA!S#=4jTv>Q%G@4U%K54M&c!xGDz|#_BqZt~P4t4&r?Eh; zh&dTCw4C>acJVMhVg=)F?#pAExATopyuYfSgf~%gpWSYvs-+1CM9Ed`+Y{`=JrC(V zN$-%2U2l5GjSWQrmctPUkQp3tll^q7&MmQTtL@~$30=RtU$nh{+qJcocanAZ)v9wW z#AACr$9~`LHofHbvg?N5?H-*Ib=&$lOBqC;oqc!q#}%%v1n%%U7Sat~-P(7fS<8<# zYiZ8+_1aJT;*)yBaCfyk^vp?7B^#nHAH0s|#U6$<7A_86ht$|lj}#^~k~?sDpjNU1 z+2<$b*NeMDA}_rcy+WB~&uo*u zYw|@y;(npV)_0Iy-L9>t=Un*}vjm@5yWO>~?qjQ)(gjeLEhT#9-|-lXeB?#8?bARU z&ePgGHpaM8VQf5>qez?9*|>)A;W@fC-xRG)QsPg>+UM4J1u`R=khOm-J|(=3eOjAK z`M%jFRBav^B?))_I+xbX_bn0aHOyt7INweUsd-@eJzMPkynVR)+3&w_$uL)-lPkF`YF(x}nyy-EMdQ&s1VPXV&Q&V5^)e-UipdlsgWjS>X?sDp)LW5s zCeZ!T<#9;z(R2gwT}Y{Xy8O{+^#aqXrBo>N5>6mU5&2qB4w<}WUvWiUa>45)p)^%z z&4pBWv}S?HUb^tA=r96W$~Ws>Ll1Sw+1`g1!5^1-$;u3vCnYj$;Z~tmQ)eTib>(V8 z_bS{;v^g81?G~%n=!h3? z*5nLy?eXYKe{`ug!;y9P63;a8#A2sOvV7KrP0nPs^Udg+Tr~S#fw=cgthy7pGgT5& z#uP;6NH(0e6t5Qh z9;jyZ4=;dTt(qFtjs24~?lR@)EFazmM#(I|USAif)`KF;T2C6uO_UO;?oN3_5^f06 zv>bkXaOtPJLvcx)xNW&ewetqYSefk&QXY-2I>^Xb9DA$!7`kDAcAep`Fo*DV3d46bDxnM~4mHvN_16Pp&g5n-{i^ zy?(ST`6|HjFq#*8{}AL!q@eEX6iXuXPx2|)+;JbTIjIj;TY9didJ0#a?Ld3#nl0!^ z@5Abj`krmOMZY8nJ$AJIP-LlOFyc3u2}hyq2I+=t4&H&!{FyA-7|a9PA5HV!`gYI| zv2=%x=GxV$^7`+BB2Q^#5_c9lb38?>R8dqipTD?J<`_4uYOTKx@_H7;7P={E+s5xB zsd3r8o$lF6f=z!Wr`hy$i#yX%npb6!*-?)Vmer`!n`E+1pYhf>v{AKKCS3RB$hAZX zbC;hZA>R79kTsLSBY!I*T=TAmwVR~3(Xd;43TTG1e5FJXqQ3bcHZ6i)OqnK zcLy;@I-wM(Gn*QeK5#CNZu@*bB0&zR+b^Rsx35noTNMA6H&tydINX3krlN`x7f*Wc zF#Pq=KU_t89FGXSLwBNu zGqx4*9ew!?bF0=_Asau< zX~)@JYf6ns4DVT|?9cjBPX+g}I2>)Mr&?t5vYlOPgpewe%NOkTMvL{^R^{KL&cA=_efjj{gAVl&pAcn{ta+{lq(&O>H(#7pQ;=xnR8tMrJRY34KM zXy;_iuApVe?R~Gi(A={LC~Z>e%7UEdNL!4YC_9+t9};J z?}+8&p1rYnXSp32YOl{}V^m;tl4!H7U=T?+G=@sdNqleYjmoaO0{x8pu%1gnGOZck zwP*i!BUy>M-~y`>qMNTJo>c*J5KG!^$gFRpzK1vPVg*S#kSJ6e$HbQi-H>|?j^VI3 z^t6tvB9c&-BZ=ZCtjLn@-zN^<1{y?(}#=U=aFE1S7Fa{r-{9_I}a^G&VyHbZIg2-+4GR|Ig`ZRk$Fc2zS-8t8QqfsNoiP5!8t>3 zse$^MO9(n~LR~3^k><&WU~{&l`&?)FoiF<`BOZitUmeEb(hM~5QlA&IADO4QDK@*! zre~YYrr!-YmYojRCMqzQUAB&G=x+y zJa}p7q}A=|HW~rDwWhKZ7b<~zY-{y{r6S>e&AAVU`4wmB9yAfWyaf_hZu8=W#_CgJ z_kDp!wN~PV=ha9jB%Uk76miet=MJW84M~*yPa$L;lh`l%g}%M)TYvDB{LO`sU@x|WA(cjvnOyQ@&7t|>!`TCHcJ?% za1D@Pg@+I@?q0YP-0i!`yxs3_dcIyWtN*ISqHf)L z&OPU`z0ZCkk3QD2QD^jPm2Fy1R3m+9fk1fgC4qL?v&Dl+}Vvwcd zXIu_rsc%?lFm+_7tBW{t!VU?UUx18IU^o$@DRJ`0_^PGk1 zuK1rGPb$>yuf!4uwlk7DPw`0AYDpol`|9j;*`$ban(npG=h8lsZBdMmqUFrcQyP_= z%Fv#72yMu_^jfL6>TbAxN}(X*6}|y9!;2cO^l07m6@Kk;S|HRJ&$5buI?0$o+EXPd z4lKd-E0KXJ78hsx>@!7$jw-cFcQ+Yz#;Di`gqkNHTO8h&=Z?TwLcdiCF^fDbPK(Os z5U5SnmV<4#dKq^NhV{4JM#<4%lX$cRkC?opB2sM|dYV%jrGUV#;s)$l_-XoZ7AfDT z%B9_@J0EIeZ8#zG3bJvT$HAQCGv<*>jz!a_Z{#9$bA&dOLloe8I3KUfkz@I__YX@u z6fVm*iP{EY36Y`0Iit>U`^uwK)iO1)&4D%fcze2dJsY{_A>AX~{*7)p`W_h@&LSp7 zUJYNHfTgDs?t`XCZI|nbT&JjMYHQ%yd}o<)@#sSwK#scj4dqGq@0#R$3hdt}(0?qV~ z4VbjuwQa1R3CAUhPcb_miErK;4u49zrkYvYGA#et|}B)5z$nK6<%7gHyNs z`C}oo;A@>+_`n1(Nc626M_P?h&u~@4d8#6DV!ioK!RK5261Aay;&!gk-{U1kmt>gk zRT6E8uWa)-$aAciE_>q2OOa;_qr{loTQms&apgABW z<^wPBkaC-q+jOx7sJvTC=;O7=#*%q(kWS4@l4OCO%opa5c}QqzN!n>I(O3xTGrw%K zH<6x1Q(?dZ*CUF2S0#~hyBiNIeFf7TyT}Oe-$)S45$zA=`*4+AJmx7Q-;=83YuZzi z_^k%OT67b(<;1HYwO!p2%izIxDkKTWD*vpLk%@k7;U12Nb%W!E-pQC4fN}7h*s@;B zjfPX|bIZ+7)jA7b9y8Skf{z2H;<#PjSC|xV*mqgEVZ?<=oGe}ESG>oC!>`{` zSI{G}N0Kh&E$fVBiK%;W1SEZ5rcUHA&bFu^xxY2cp$Mp^77`s885O7H8ue9&7$K6|U5tS|R2KaVJnECp3k+E5sxmI;oSJV3Mq? zVh7$-4lc)RVk|esyaFilPs(qdEHd_)D-vAhzxgAw$zUTI&t8}p8>&7MhT)8PC`pnb z2tiJ;DpS+Q1P3NkS%g+(#Gv^_DZRqJ;a~Iying{OO!>ml@-_I14<`EQ^?ET>FOLH- zJ!NQ=8YVRN4cLdKR>yRv3kj!lx%Mw3IgWB9f(PjV@>2*&)GhUG8SJ2VO%G&7Z!MIC^_q( zt${AGjPApdR+wwuE9uMU;aolR9(yw^fKprx3`6JMd8vD4nfDK(UKUPaE;qf2+12~v zF{Xm$`y-_vo^&Sjl@0ltMFBTrGmIQX!n>Bg&0{%syj^VR5-E19(yu=15jjz7ukfwo zIsd@Yg+D<$<97Yc2Rn?V1<-~$zlfk>6OnP~drg7tquP&V!)!==e}Ii1{02dg88AYEh}HU8a_3MUk+z+|#Wg28{yyuO|ju#e|uCp*$<6ei%v2+T_@3OBPC##rcu5FA}g_-2(_GOgZ%nYWqq%$I5 zqxZRto>xAUK1)y1&a{<~R0rv_N*om4UG9qwwPm5cYVR6-z$NrH8WyxVVPUV6{JDwj z2<(rCwA?k8U9zMQp?gW6h%rBJdx9A{mWWlc;8p8MXYtIPWZ~PJGl>%#@CKyU{Ft?FRs(gi&|9avhck`)RakuD4Lbp;)-_`xdN%7KHS@ zAE{M+sQMgOO3iY#E-Z4n*j)abH&{7VN*LdbNxYn1__c2{anuNvkQ?Jrj46sOxH8fB zOYBdXW^*9SmUwCxTsbN=DcrI;Bhk~DebkF0L1U-PU(OA)Jv%>RTYG5+un7s9>#I*_ zTF<|pqD4(w{^3<3XE|ze~wZo23&i8I4 zRHRp1Pl^%VC9s-*>^30h(0MiBOOua;G#nMk%3{8%{~qs6Wm*EKEa}XLhx{VfoL)rS zb)jd;If|i)tELwqDuy4lHPZd@ zlS(ei6U=e#5zm(|`|~YD_!h>xj}j?BH$ipf60OC3y^^?u&GwGH6FXQ|eOPl;0~3>J z^Zee55*ty6-_3|7Z`0pmlD+F($nMGb9cmm^f+2H)*=jj)2y0rLcYI-py>dNyoqo)j zAW0n}XpjE2!MA$v2_CtKN3@wMKZ)10v8O4Ykfd6q3X{#js~lD)aC?wS_!;~|+#P(! zbHRRlwxv{%kp@V;Hny*Ek&f|x>&h-0kU5&LOk4LuyoG)LkivC}>>Mo1H^ST-K}>3$ z9_(=&LMa|i02V_M<|w-WYIo|wtN|kVm zuQBuJEDju;GXpP8yh)&!@LI*NUVt8Ez#S35sb|IrNB$$RbHF zPwnv7#XWaeBFNngxo%>6uFhZiQn@@dqUquBTD{682Y&WUKfE%PCUHq-oK@u!wu+U~ z{{AyA2Inikdu$v^uysH-stbxKH zZvNYY(IKsCm^^1&1J!L>T?-gODZ45%)mfnr-$Cd88Vxq|RmLaxhgC;7rc|hgo_Bw( z-IZO6$DfGwkF_g3CT#)x2c#fS%oyptnW@)}O1q^&Xfa-PdAc<|=hzHiCr0ld8hSdt)?8j#Y9I1QT$+^0THQXYGp<1*L9JHErl zTFR@{lgZI~@f|~c;|MCLG>cA!tBc16OrD+7Ny5Zv#(p*8bF2$N-9KsSf0#8Z0(UtJ zGA{PNX{s9)42t<(SD1lWz<~(%Tu{rrFc^k&vRoS0hq{>wK{(;H=ADB*I2bzTW~0O` zwYJyrk*p9GlEfz<0`hqP5WlyDDov7)VoL{Gj9O#nbq4V#?Tnl$Qkt(ZV_1Zd=KZNw z+?j_pkPcs`TKB%Z+woos#3Ze3&BEaRCCXC{+j84wzrI-JFbJ8ePHMYz<>ch}euD9I zsK$7Lf!W0HxfrZzJhuU6iHy#-aT%^c8FhkCX>sLGJ{(RC7s`XBR=WjXFesO23KI{8 zOi7^5td1?q*KbKzLr_I_t0~>jUwUv^@k_3JoCq( zU^)j%Br3^si(_SC21|sInB1-*p($oA*vCJrJh!%#`05XG-W)yMCygsqctU{|0Du4m zJ6Q+32%9`{@|@}`L5`!`luKP&?)K5g`^#V%(j@f8T=EnZ?0CP*a%T>MDJfZy52cR; z-V$xFxbA7I`m5aYAhFXtb&sPbk43iaH+EHMkJwH_(k$jW&#f|2a3X4}v-;S>_df_Q z2c0$96@;fhlYPO2pSc391WlQal!nH>*>} zw8YQj(tS9ATBrjF6~wt~FxyvDP|jb7gVgLmID;bO#^F3x>cykG%k_s1-oa8d;jwE( zG%fw*a=#B1^1`g_N7om8)Ps+U$8EAz?pZMs7&7pQ+08%p+*o$&eSI0#;=Vp%2xIbM zkj*JfbI!=~l*OM#@~5b_1!BG=0?HpJxo+d-9*Hb0>zS8KOJa>*LQTkOuoBllR(wT_ z;X_D_AmPqjx~Wr2RO@sCnM`LkxQNJRX&JJhNhsIaapk_D7XX?@&GJVG&Wz*wq&Kex zw8%$r8PUAfE-ikc-#4Ne%llT6a(0IHXxjAF=ju3KTTc#w{+!75T7o*bnOQy6fB@c< z0Yn!F@z{yen#8J-S9D+&!R}X|b~AOYwL&q&Mx#gCBC=CN&>o(w^T&(!If`zkDqz z+m4jt7;Yed+yYgjx2b1@s3WC&1&Sa~wJ>>!X-N8slSnx%Cwht$;eP!m)L?EDy)|AV zREj$}Jiq>8hohQjxVF7l?)m6W`yvcuc4F10vvHfz8$vy=JFs28%+#Vlo(4QV7przC z=A+)iq$zO+tE@)ABR5J1pUy*a*enjmoPv)ZeyXfEexJ1?i~RB+y>+^n>v(vREbxM> zeT-f63v)J=r$>Ri!SA=zaoi|8`?_5=o{3EHf!tHW3(evY3+=WQ>n-|VFT(PBP0bcPnK*)gOl_#cYOQ37VCW%v#8@kTmo{Ljna4$v^*=`r5Ooi zRx2qfkziGwtVA;xE@{3Te@%%;bV1xK>!JGmHS|;@w|*B6eQZJs;m8UM%4%PN2iYTq znTe6Rl`C?y(rO-jwF&P`6nO8ttaO-b1S<-<$j!~o&(uxbVbgwHY~0!|AQ>OMTT>(L zicyqYad&+;LCr93`tetYy!zHRm_$8Ji=}pZ(hSdy*&|1fJ({QTgQ=oif=x!VKebtX ze{RFKPgS!!=5?{vt_9HexC2+JF*^j*rqWN@^Sfz(_XsXZ*kW>@X=3iTUxzidvo%%SJQv+Cz}3XfHb&k)O8X@Rm& z9IRk>oMVAGetj235OUH5(aX2~E-v^OZLPOS8b-JiPYq7&f#%J)gpLBm+mv{s#_E>K{SG^7ntEfI9D!nyKi&`s#N@ZQQJ$r~0tG8*j z)7Dp_F&yCC=AC`0S5@HDxa8X-BpUDg_;5OOQE!e*&KEz<-1&esuO1$w@Mz$axmaWT z{E01~@VD&+&opYNwfC-!IXZ=)i--|I(uIqYOWcs5V!;eIfu`d!`#!;2Cqy`GY}JKJ z@qqHaX_dYwvQA+l=H=Juz&=|9_L-7n7Dd-KUaOvCCv)6!Few3G>%O+5S1T2Kh* zv5l#1u6x+Z$h#`d#u%)*`b&BzLXH=av?EKeN1b=RlqL5v9OP`bAI@xHx zBlv~MLKS5azWMSv;MwqMuy2K_I(Ih5<$GkIGYV}=D!h_Cb=?^mrNYeeUdtU;N5ItL zG@qx$d~gyX>1c+mPk-)s0+ZyL&D%Wl+W9nF-qSM{-DdWaOE$P=|;o$kv^2I zxW|~-lW2&T(=0D>(ITSTh1BT=l?y&#J9`y+Dp-)Lt=af--a)jrEe1_)5 za0+t;J>&!n%Z&m|ucV_$wNOl6=8eWPO7O8S9MGX)!~yZ(fE^Lv1`R2*Zh6COtKN#D;Ow7-2Oz{E%{LCR?}^P99p4FH zUpMJGhxD`Po*uV7cMs9}H6*{5THaj{z@0Ab+HaE|UW-ui9=D+1l(bXq2xawqxG-Fk zWnwLLYfVp7lYtXL}C=42v zeEc`Hi$gb7iwCg^t8rY0L4Zky@&HNT5lvVkVs#5DlE6NoO2brI35p>Z#=`DBSlW=J z-xc!fS|@9{3yD){6VXad`x|WW8M5dI6-Tl#2^lpPG?yqKPikeNeVh$aNyADE<)z8~ z{38ZH!BL`eLx3c?JO)!3<^hBBDH?a*>t)Qt?fYs?JnCo#b{*LnE*z?gEpJ5U1T5VuqwQ{Q}@Np}7yyWtAAu-y9mge<$8 zSnZbYg>n}+J;RUkCb!H;Q9$6K#4P^8ohF3V^o1_D7nltFdRE}b4tZ5^;|JC|iPrpc0T*`x|(5$=8E?w%CNorm(gN7TbJC0Xxd z1N~_PZG9ZP)h;xBlayxo?#?bH?O}76Y({@XFXGo;ow51=;7*hh<|2S7s}c$BEhv(G z-`lnWa3~a%UgE0DjWvwK=h*mQ;UK<`zu*+(`glVQ^p>da&qt%qV9wdTeNSz*c1_J& zwp*-nOjBps0_5sna&`bHbUzlykyME1#`drb_WE!gR1vCN{3BOHplu1J3sMif!r;p@ zBvb^76NFC#uK&d-qsCiv)zTAuZ6a@6MS131RA0m9Y&>Rk&v_U^mwdAf#YXMhV>+yuF|@=T!}?yddTG)p;e+Cb^d+&=*cd zUjv$A3+uhpDl>JuOTh|Y{k>#28TNJiVqg#)qo(sdezKoakOq>VmKPjE`hPbN{WA{j9B+tt<92Ga-Ffyv zv8jed|8M<41>s-hy~%W13%b#ayd^aoYaPcg0oTBXpo&e&_m-O$2+8_IK)b}7jS_)C z(+Bm2x73y#E}xQ2+&9S6aKDq!I!j#^b> z4d}rjSc+gkGn4*u9i+tc7=XH@i%V@{o$fCPk~oY+R-H7E;$7XVJ2x0fJ@|sXUNigt z@Do$Kpkx6@?an7GJ0x zWym6_IWLSN=5#4*_=KriPev@0PQLUEwx!f^V>wy~Kx!$qm|C#h+g&hPT1VOUERw?` z?w_;sT^`L8FAE7lT>vjFxOhLjGg}pdOE2U;QNLQ2zwJ3~ z8JpIxo%sojU-5+uKZ1;R1$V^VV+$=KyehXDr>N8l?`+Z1u?Q?4l8w4FcPYbVMMD8{ ztFkys`b=Kf7y10)R_cR|KZ2F3d*vGK@!2_X1i6dEk>&ULD!C_}LMnb)+i5Nlo4#M6 z>z{^-_lTbO+$(muPH!P_;@C?h(TAG}*L@42qW$RpSq&06ds-^a7QmX|Y9Qs7s zc|5D_STX?;-e%QuKeA_VjyE5Wk3QsqP;&s-tk@`b*Q#JA7A*sXnGV!5{rb-1bqqsj z;|#k}@4~?tBI|2~`6J^$tCe^=xsMS`H zEqi&ezD2p$ptpoZM%8%DA&mI(b|(!EPyazz5j%pV!{-(i8#7qS)aQ}cY^tr1R*y9V zUNmJeh9S$tqt-o8wdL;9RuMn6JiE<_kq1=Hkz7SOSPsk~qv2zsNu!*7!c{vMq8qDN?9K$$^;P=002}Ld%_c zO4d zMF}j6*i>_E3s4HSaF#EgIh0I&ETYw0`c0j+?qcm|F?=Hcj!LEFckzWfg7Xsvfb`~4 z-cg9yZ;^RH~R)pT&4RH zFztiCjut2m0x-zyk;JuyO>y?mGkU)7dfy-0I*f{sB>^sFtf4WE~r8xubvk>0g_s)?0P?LpD2eexAP)6)i$8V({GR0 z6iQ{-jd!#g!(R5qLpGdBL|wzXZ}0Q28`G2ov)Zor9n=(D9%mSn z=>;2lh)1FNBOCa2O4>$hwdFGl!dFfygZ&<%FjPP6u>pXqScxzh@6YByfn8eKopelp zk>pXd5vv~Z1^I@#wOUOm$vXwyvUET2lqq-HGzDECg2TJ3vp1cs^r$_a`(kWY&No3i zX*g7S*tSm4`1rYusoFcq0^Bt4{UAG9P}$Ze^%cK7zjeCn)x05tBhj-}ytQrc$Mw4; z87?v=AyR(Y`1GkMdGLPrFbSGJcso;Y)X^)!V<4`-<0&2 z9DvzY$ZX^Q6}_4*Z96Wosk_81w9TOCkWZ>}qqe-mPzwBhf8|b?IQ)5TfcEYwkbJ9n2PGX^9pgOxZ19 zflh4pDtE;9Y+ig?4s~_Oe32sER7+XG{jTY`@n&5_#-6Rxziamtk8aWCHNboKq~fvL zC)qll-gpJMAOC z0q&>ce$gb!_n7{a0^voxD}O5t%cfy*I*5RZ3tO* zx%m91vm>oSu5K5aaF#qGh~4Nz%gBpC#5Ofi`pwgDVU{{ebKyLB2x_=J!m@{Oc|1Tp z#L9}*qn&UT)7{}a4wokxK~htxESE?Cijs4t`mFUwMyTcYbY9v!K||+k-VaZA0GsO+ z;~=tY&sOe)1jmp1&`;oOzytnpWxoz3H}{e3ofm7N0u|=Z3QGiT7Bhu{`Q7nZ{s(XT133L9Vz6VpSS-;^ML6&tFQfZ=xvQD6< z?%KzK^^`YPh6Hb`{Wy>7AFqP&8CJdsKWbI$C*)*QnC(sA=r%ubF*sT<dh7_ErBdBcm=8S(LOd|+SRze>y4-Al2Ch4Z?jlfkikkKT?#Iq)Q^SQ zX+`dG8>&7?#(yQ;%qpmpfzEIs`qXu<7WNRKlj`FFQ$PNeX?7dbX4sieSQQR zgO<0};XtnKg%cD8gV~!4Nqd2_yQxjr(*chhv&pMmfg{XMbI64&JmGW|N}s7V+&F03 zKZdi8XWZ9XJhlBJF)@?&;Cxef86fga-OJ`2oejqP{`lMJxx4{pI{teclS<$^(5^g| z!^|{jy>97k_+XOVkC1>tg-q`Ed8kWQ<0x0|meHKrKLj9Smy2|u@9&nBE-fm|Zc%4h zT#|*CAW3YvetJbS6B;6USDD#-<%0~vC~lWqvtMue6+bWB`Os*oeV}h#o%csgqa7y0 z2FOVSJt52477Wd&+lw>3D$P!vE|wqV^H*tWmik9Uu>>h~9M6A#XC?r8-Tx3crAJQ< zPLnyr{+1&hL-W&6czBEU(EXZ2F%h?17ZcWRZvtJ$-~+$}hsQPRRb`L6 zJq{We0x_#TQ->cTL&j0!C5;%<+r;JmgL=FeFQ>FoQsy5|0R=>@LUO+!ILe|~ZC*UH z#G4o=S&|WNI&eW%IQ*|IdvO!0O+&i&5)vK>?~(v;JqRf*v7k6Cjpa)MX$LKz8PFxY z`b%+WhI4lTpMzjyB>Xcc)J6T&A}iqXldJD`+JI8tJ+88^yXDEtDW?sche`9r?!g#l zHR4KagsB6Jy{o-x&DyZAH|Usf`vV+bveZ5)ikXNn0KuhKB2;xj9k3LDrA>%pv)Ol* z+rbH5R~WRVOyzgAtJ+qn*Hz8)&{NF1Ct6*AcO0yvwo{rYf!N;ao_> z?G}VfCc-sDPGP1jgX*(25G8qe6qPHdveoN)(WPGqI>3F<)j))1$rmo$*3}9Jyq+o=zlNZc03XOfI=J!0v2iWNg}oGB=LJ%vSiVx4(a@F&N9pXfTwh zSK>&KugmEyyZ|*C4!`(roLG9Y$goFilg{}25AVt}6$ofP*IFKL+kVY4?A)nXhs^LY z>wWwSCcPl)DbkC2(k%0JyFDxT&K6Iui-Gu&&}zaz?6Q2mBc-1Q;&2Pu{tvHTkQn#t z67DVqpk>F}CQ`xOyT>RG-xS31n&FaT}d1gCY}dsV(~z7;6&&wA!V}kyc|GwIXwNyeLDbDJicJT z68QDI*mrV&1xkKcpjEH{nQ+Rk5>;3*UQ)TPNSyM$eNY<927n7?#1d4W=f4wbivwO zH;DXgW{O70EbX58W>xjZAz>;cZ{-r-L4rd04U3F`a}8pogQ{d?BwQ@}i+OoOTu$+* z7#+x(H{O}`$1AyTXtm|LnP|-TfYM>5AJ$mvp?RU^;*9Y(3&ZlFW+VL9B-76``O8A5G}VTyqrnD{v`miHy%gi7T&Kg)q2Fy_Wlpy_ zo$)L~@)&kAt91oBBkWEH5*-G$3l|+H=0L7|Dwv%q+t^HqTnU(o$FgM&mi8g?vK@-)#ZlMHnf+$W-a96w02C#TvDpzej4XiEFFe z-K*}HT?gY)%Xgk>jw=l^`Tl+*R_Q)%s9V2KhV<|tN95*N2xKfAdg0UjEyq=Pi(07k zvE{~b6@e&ci_x54b5J_w$+LTDLnGr21*!b~P7UcunlF!&W_Bi<1X`LHU_lSLJQ&wQ>1Y?+?xXY|%Wp8PA*?MdCC&nBK9iq4Ar8_^%EG`_DQT#8hl8T259$@Nu|3RKqGfnxXBw@_@&np$_4WfBfki zcvuLo`&BD1!g}I#)gZoKW_Vq?9{HKESpx5UGD=!sD3>&IOQ>|PhI&%13bVc0MBBmi zSh~k@5W5IqfJN}?XD6itcq8o-Lmv)|<3|{9`FGI2KZ74&7|rLjJ985E#;+;5Z>+Nr zhmQB~B{U;mvWraRYifrTV6U6cu37V=(8#%L#i)pZ^mk#KFW$R2an{9MW-r!hJwk2= zOnF?mqPVeoHgcHR=#%!;7VRS91_u=W6jfY6$%&Vh-GBF`1ege}-d`2allO-IMIY7s zJ$R!}%$!JZC`T5`L@<`ef7cAtkqh7d7C|0}{JR8qEd%cOGZ2%~1 ztSj8m6-5deiEylbuz%roG89Rbl~x5ePcoMe9xSNgKkLHdoa+s9mN}fes&G25nO>ic zQwcs=6u?Ex@#@By)u!`!espBGp{Jx0IO`5Lsq7hTL``3v=_fYT3ZH2Ix=>2*e*eDs zNw$pB_0=8kIxN4O-u#Z2p;uUni`~JSR5D(f_GsY`owNe$FqR7_aEe_4=#|ZSC@Aaq z>_ysEBnM-&g1nx!USqy^YahPtWg>BW$TO}F7 zALDc(eQ&7BE8^zfLRKK@7kNEZkY+L2m=iBx|J4uG;Za>l&iBeSpPXdZhh^4evM?vL zq~5}4g7Qph7AWoBJ!tPp0wWRh>| zR(h8^5x3Cz1sZ$gJx-@?4(#)18Qm>I(0WbWTQD(jEqjie#?|^3={)RBPX)-{|8-%GG6NDzeRea71e`CoKg@IqPyn#>JsR)YX1YIONWe zzibX~@;+*T-E_Ciy+LnSw0TOmnLUfFO}!U5Pyi(lj)OWKUp^pi{WGyo$ zK?FBGnJ0&vLjG&c5`4(g*71~()Jq=KDDi4ct#-HJ)>r9a|(({kYtBCIwGg6cE#hVpA|rUn1OG05QZ zq===T4O-0p<`dxeICED$7BLSPDmg^osEVCJ->t3bqrafb?XpJt>YF-H&%r~1X1~>wZ=&&Q284-Y$Zvp-u_}L#|H2s{9M&bj)_9jj zyVV`m+V*s(zBy>$xU*P(Rrw7uwF9F^uP;0pjk&q~GJPWTSnOE>5c)n1 zbc69U3gn`MFelR!o|MNV09Ecuqv`8-i;isg^*&l^KZLKO)PX;ZT&RJ=mmMj~ zlpEZ~#R++sZo1^Kw#3>{-&hI5O6oE-`wpIuXf|~fSP&i%j|?i^I|4c%)~oHpr$uH! zQc4eshJP$1d}lmsacb!B?0>qS-fVn68JT6GK~Me3!=f5FNWtKU{K_tqmT1a$qrDGiMRyB_ z533p(Bz5uJ$l(J-Z3v<6*DYR;2Kh|2Xs6D>UDTl{05(B5C-Ut=w?Gl|=IigZnl!Og zohQ`C_lF#M9&3SeEEp5Ve@c~wp&sXZd2+gb>%+t34`U}Y`t(Rxb$asPueaIL`_&Nh*Bw{WiIIaxQgaHgE6hc|~h(*7$CJ_sPa ze-Ag0<6S;-+Zocw9Pk#jM#zde3VIL}0vBV_7dt(X3yp~D{{f>{1%2D!8D~8N|87xs zmO=}E9NRcqOB0*kuVKVP8^d4Ae%uy>AAI)psYelc5PZ!;_=iLFH?jWLM?WqI{nb0U zq15-Kxu zA&G!V%JUXe%G}zrtz`z+$LpmJ(ACBz)Y})JoB!wiPN3pmh!jsv_P=QK{xJ;j9;iLJ zAMmMSiw-H#&ac}Ol~S?U{QiGU4#*nNE;{Xs5Dc*$ z5m4V8PKu)dm+0 z=eg$<#kyWM#sB^*=-6CG)sqN^Q}6!yTK;o2_yxisfaCx7OOkQ8rstE~0eI}cKFz;x z{NMhs-vd+*7P~5XKf?N7Chb4(`G2gX|6DEYpn7n-4>nVKIp_c6Vtv6sXx{zw%bocD zGL8Qa53Ylt0hE(LggSFc|C5U=$^QWGkNcsvL;vSy`NshNo53>yv*w4!aya}yxp@9> z^6O#W%Wd%gw}$?2gC_)LtrL;x>VI;v_hBHw_0(_U*&tauy~Txrf#H`H6ITA$D*tZ= k`)~8`&o$wN2KS82EmyJz{1A+^xV%`Yh>p+y2h`9-8~^|S literal 0 HcmV?d00001 diff --git a/docs/resources/training/user_guides/imgs/delivery_toolkit/image-6.png b/docs/resources/training/user_guides/imgs/delivery_toolkit/image-6.png new file mode 100644 index 0000000000000000000000000000000000000000..f49c9c2e864c7d8fe6d7ff14f07fb73ec898ece6 GIT binary patch literal 8458 zcmcI~Wl)?^7akH|ad!(E91`4Jk`N>i+}+)63GNascyM=jSzz%%(8b+t@kPrwold8n zcG~{vk1J>9zBA{{JsBkeHZg{08Y*t0heI#N1NfmRrh&khj7OU2W#37(ABda z(O!LnD{wE}(!!GR;qDxW5`rTo6q=SsTwY!-(@=2#6+lxsquR?5f+L(4_-1%W!KdL! zorEB8(1a|aBI!v1>hRH8LvTz!5ICXI3@EVyp_@?BQa}K1>|{!{$y;*#pp7o zpSy%dUF<_NHW8x3AbJ_#ekO+!a3#4#L(jUH%LbUM6=c3;PN<#IsR48+f=A555Z7)e>~1UorPIJp*Jk zpw)=2q8p~aTaKIB!|+_JHP&jh!d+QeQPI_n?(7t~zrQznez?hhRZ|uXP3N}khd{I& z_xJX;y6)BrFw$^LWGzz&Fjf#vp+_}fkSKpB(guFH;sPbze$_w_*G9wLdjDAid+@0! zGxPn!g9+?%SHN`-L+s_=)c>N(=cXLc+J37n{;Ynj*(1)v67_bUJ8PG@KT}wX^OQFo zD%VDXtA&R+^+FdD$o%RPkyx>yJ3ra6q;c_|K9q1L@(PJRGzrs5!U%29z_b!CtcRQX1d0< zFkO9pc7!qpohl7JX0HzP9^66H>*xFim(*PZRS-z|{o5lc(oG8j;t;Z5@~je?m`E@@H!x zpY1%`^d#a{scM0Y=UY(xvE0dH(3m9dhvA_|{Y(Uo8VHq$m&&Y-cgA1N1ZW3=TO5^W z)br!r@nel{ixTkXe`0AUD!dRNV#`6wJ@+sj{K7D!f9XR01?^5E+#hNTsW;ye@3|Qx z>z=wVgQp2;Oz9{l{?k=9Ys4#dQN}3^(O>^$>w~Uy+>*LVZ0NUfw{rOlAq4|KbE{H- z-kjCU-j~W)ByP^XiF+Arkg+Ha}YaM5WmQ2cqcKbguSl zqL>jcFJ3otNdah1<%uT%G&@v({%^>DX#?+nMC$*EJ^nv@F#KEm73v@g>;|~!y{f?%$yenxLPpY;Iw^i2xIJ5pJAG;rMr5dO zsKeVyK?qPD)%e_#tE=jNntxB-;?2odm*(&quUExWQc`Iy*py$uZQA}-GL{-uwsx0S zU%yR~84u~*dS(GF4LyFkAXS7(x^=>d38r#_Ov0>rJ$T;4!=Uz`{V$^BwW;j&TZvcO z<;8%Ukf%RhZ19e8az{;h5m^I|V4BwW>Ziqz3tsJty%TI*l|1(-tn%gAtT71XiMl#O zE`;eHE@{@L!OFl{x{yW9y`fzN4pgv^|J03iE$5i4I6k{iy5l&}V-p}NqF;wdKz5HT ztHf;`m2KLxc5Ya_FW8asOZ8!fcDp;~RKx%)DQlcH4k!0U+?4yLm2B@%5y*`Opu;lb z^Y1co)a3+wH7O)>{-`wBAD)`*6+W>{Y0z!k6S;|3NqNq55y72p4R&Di`AwQ8}GkX14n^hTSEV*|MdR?{YhBu z?BnpB?H&1jK!KwnMagZDq}ACOa>*t2#w|>>HNY7I>&E@W-$HJ;H_Y8xR!v--=Upt` zD`kcwsO;MC;AQT!z*=P>=#&v=AqDWREpdf5!3_~P7g4yP{Kfs^tv8e%!Ficr0d!-M66 zaRbVcvA^e;rvU8NpKoYEMzB$-xhSEmxuKey%vm+bt2zK#Jrg!$9e-uZwzO@==Ivu^ z<`?@*GZ7tc49l$v7$3ZuB8E8s}a#m)cw~?&QSW3gztV zY-``W)x*41q;$=T8U6+YGABOvIa_{rr~Jy8k?BV@cvA$FaOLEjc8E2-VZUB`A{WsA zCkm=yzaQ0$;)=D~ZPZ@;m5jW+@L?T5tJ=+rYMo|QGJlc1waY~kdwWepU$lOzF&pNb zghebQj+>~-UL#IbntD4S(_c*iDXL07ZCZ!EqqiJW`VNi-eLCLeT1|^e$ViBxV4ble z7xQDgPzBp|_-W?sEMn7AM)urg*6y?LHllDF0<+Bj281uGZ6{?7lWvMFsUGNDOy zK+jhRi}f-#`?eMxi&iYGQXdN{GAdswk11yyASG+fcHZkNa(Tclo^KaZJF4ed@8RX$ z#XUIOX+)fE6m?G3Rpri0fI>?=e2GP1tsU!c&$GC??CbZpdV=D}cJtDnV}<(_ZT}xI z54tG&@rqfj0z(a7I-w#XV8*>H$KuqwJBN1HvPGnTyT?zrUgQ*6Zfw*o^T4ReqV?

fYQ^V-3jttYLI{{^GZ*(yDU3-qC!3cb`J*YeL@vF1j`mAF%7H~jt<0^fM1*FiAm zl-;Ycm%ScVO<~&f{jhRO5IY#L%;NF*z#st>+dCcvI7l`eyI_x=rAo?_F?d zgI$g*W0U@dvn0I&B4!=O?G&1w!LM7cjT>-wqEX*+=*RsZ7t!`r0z`ic(D5{0WZI(XjqKi(&Q4O18td-_aA2tS5 z&hp0#zzja|&eoYM;1C0?=>?$rP5HnHXoWu6DAL;?VV69ujmn3d2T-j_V_S3?0&_c- zrsgSO{eoFqr63vvwb2hGkMNY#N;j&GD9hTB8?Z$j@5O&WgU&$k_y+&NE%uF_1h7M) zadY*7?BcepU;pTgEALOCtc?CgSfzC$oz~#R8t@ZUgJY2#H{u$&Z9v8K zGrpi1f65BS{_P6~0gcsxYzHMP07c}3u`%0MD){hrviS+pZ_mh44!pQ_;hN5`*Y8*A zWtQuT@f=F9M)+j6;dFz88Q8SCvmyp$Ubf_|xyc3jjR=-e>l5Tmtk_gY`*x%wVMbV z`omZrxQg|`LkIH#iW`?R>QTl{mN$3ZF=h^)?-Ao-Jsu<~I{f^l7k}AR z7coWAD~`Om?B6v3ZmsUG<%ED9(|aE?-$SN`A`JFXcJ}Y9Uf88rzfCefiq*Ok`S;%3 zKRUdzJ@u$9KCla6B5naXH97Y{{8znWwRH&LjN64N^s1*@vIT8d@aRTaX5*oro~V(( z(Q8$!R%zDMor3IWGtmLox7I0RJkZu*XT>Uw$)9qXY^+MeN4Op^rJhWxQB7E+$?jN4 z=3bRrHB0ZzGhw1;Je9u&_N34a!V+(qMRKapwqYJ+F{88G_DeT6&ze6@Jwnva7f9jO z;S++4EPls{D0=d@XdqtJ(*008RxmNPu2DSp_#Lu}G<2dzfElO$>2{iC2!)Tg+rNnh za5=8pWnecnpCUG+$Rk!zo88oF^(FdK0c`JBl@X6!>!^ChrPD97E?K~x-oMwqv<4Sa z>Q!gqcFgE-(+=A@9z8Bv&-3}m23=!ZmmdUDmasD9S2}@Xw7b*XJ8C5Ju4!%3lnJRrK)^lR<@&-ewXTZs&xWm(LKAIxXD zHL2;7(hTh4wBkk2z%dDQXh5XoEqgog5Z!C5&R9oD-EtdM#BhL4%?ZL zQREmWt&vCkN=!bdgKT!ZtO%Y)(Nn`}n)71vW*_r1OsQG#<^J|EG;q2+3M?C0R({%V z(l;>JXwrOf;Sd7XYrTY`Tn#+8D{<6MgqZTrihh)AX3C0=v28yEDVH<>GEFT&JKCXg z`hU>|uRFRjC3A`gv_|-n|4}|llv3Ae0maC!S7v>tk;E<{=S1%;B zZ53kQLk$%G)fY8$05hB3;4v#73cqJlt8sA|%gB_FbbJ6YL(5HEQwKYZH^uVLawCL5D3&M4&0Tk2ys*GWu&s;9wUIhL$uv=NBDKIEtx z?YVFG@Y(4{&}<0t@Q&&@qHMYUi6~-AVv&{#J7K&)hciMCV8+|kcYKn9GlcgHHk27j zEZGbjZE}%Sx7&N-abm^!tK4E4k;7i2o=Ib)54BsuOHpQTH?j>I+q12RxA9}UGD|Oi zb(&5Z>D!!1)Ea$gsC{2eW@(*b$l4^Nel0$(O`@2rw%$w{drhc zH{5!S0+&NLmO;7xbFp^xqIhOpkLlfBtv6mUOKufb`qIoUV7dlzZokXN!w>w0uBJv>`ochRW2*CAz;yUjnQJ*QBX8>$%Mo zn;*}nVx-yAX?l}NwQ$7lM=oUHTh{K9=B+^gIPQ<#NtL%QlF_b>w3N{o-hNA-84?HA zcBOAU;%W8HbS-SHN+KAZ6>asm_y`TQ?_%0@>h?DC7TD)ExkElKT@RvADR_&{Z(z0S zv*MFF-MQu#Kvogwl5&Wf3<7$p zX8U1Hp<0fVqiwy6d&NWaYaTQ)Z>x_R6TYuL`s2&#r-d4&NZm=9+7z!_9ekMUYz$Dt zk8XkjoWbJuR~SAXL|u!~qUga8l7R9x97!(@=4~s z++B@oi|r0Fw~SR$RsK)k{eml}9V5Ij=zwem#}LI3uKcj*14)y473U3$(m6LXD_9He1_HlTQxHqaKr`i-lAuF2l zV(|5~8+55->8WK^NQ$`Asu>M&&EVboJe7#XEAM32EryL5>zmM2h>~xx9Mfu?RtMb9 zy!hRNA}yX7=|yk+x?@s#|5rruYXs=vpQzT02lCQYN(DziTK}?_*A)ecc=&jhqiU-k zt-}Z(?}T!(k;San{oM~L*=co8LP1~viZ!3uzux-#$U+61%|z+1xZx98aXYWV zSX3?9sy`Cq!;GajU3`2yf;d)-rm%7fwrfv96|7jq`cTdpXqc^0{!MBign^%$%dZcx z_$a7v0a4n%&d81yHLowSxEE<{jf^K}IesB+a%hDzo$28dKIs#5dEN5;^Oc`py)(y_#;N2acA%#UR~QRo zvo0}uYtlxy5gA6$599nC^QQCSd?^und%%;TZF}`L?qj96jdDX^+Xwtma~-Ru!Qs!! za!acNqwQbbTx>@BR@qb*#^0dH;MkGoW10~EA!}SrdXjK^f1tNV2wj*jAaMMu$Rs2B zZy^oLsM-&k1{;C>w$m4o798-CFiC59ouBR{R+I_n87<*qUdK*cAF~Jcm21K=!-FsS zj|mmK>HAkC=MzCRnOxJ){_|ZWml%krP|z0a&r7vCo9|jIPfL0PIamn>2}|j?6Fqrc zx=$a-P_6U&=tJ^wxsS-JnSbwv=0S04`ILn;175ESp2+{9Htm-1?bxzDliBvlp(^*z zYhWT50jSJ3v!s_*f!bHAV<4wORae5vTq+){d{^?AkflnGr4zEqNZ_jZim)mDw7EKi z6l=+Edb@=2?%5Y_egaJjTfJaon>XUM7H($#eDIgi#wd20Gps|guseIHxc4gqQXbVV zaQWxCj7c9W-M!2aGRfsFNyH|CGKBaDpIU~^d?C0e3SXo~Nz>bP zGw(DWkZdwkylC+U?O^jMW?LAXcA1x0vJw1alesYMnJaxIDLx`lP)@n5FJr)5Xg`WsIbaUuCkAg&G=E<~&> zi|E*(e+n?O6XrOjd3b1oY^zJ0dV0QN67NqoDP&Qq~GFH|>MF{93_61S~{(2U!OLNE6 zZ$t6@HUIu)pN;NCBpeeGpwG6^ytCp9cz|hf(2=ycy^}}F*r4trxS~batS}~B2fZAW zbd=nE;XrGu2KajjA&6#g?C@f!$zw~cde7^34`%e!rY?Dh8}Dhw-k;KG_9zU<-1ko; z?UsIHOQ=7Ya=%Doqf=j7=gYZpGlx8UV?WB`A)yvg@Yt{3_QBkkmnQA0`%WRK6HzQ* zYQ`1X~k8+z@RqWqzij-cZTYqio z;l=(9DKTc)MAi~biFYCEh~&{Ssut9NuX^2~cQ;>Tx@iOCHSW(rHvM;k@J5$o|H>~_ zC3!<-3(r}#ijE`8{p#XEi#4+&g3C)04XH=W^oKubH3e*np4+}ZrL&=R=ZPukgAA>U zlt90{2wF?#I?et7a~5Y$)D?{I0RI!IvbZQIel7)COFi(txiTNixIxDC;P8kvWJwJ9 zr2zdK!@l##Ds=&)(%_8px1m-E{-*?AG)os-E-oHC`~pVPLfwzu$9yzHUj=^Q`IxQgduYDZ`0ezLnZb(rlF0 zU5sqV}*wg zT*GwanP~&tW}(Py(poj2;V-I(2clZ(&3LZE!08iOD{)4)QB)F2XM(Q>nipG1?KNn& zs&01T9@Hg|wvo>=)oaoBA4O$cZ}va`ewHh?Is@oGX`{XMKgHF*zYj_94gB9V>;GTd eZ5)BGNET<+>Jug-U2pFf;6BSL$y7@j1^pM+XMg7a literal 0 HcmV?d00001 diff --git a/docs/resources/training/user_guides/imgs/delivery_toolkit/image.png b/docs/resources/training/user_guides/imgs/delivery_toolkit/image.png new file mode 100644 index 0000000000000000000000000000000000000000..c6b6dc67fa944828c51fbf8654ce89c4847693c5 GIT binary patch literal 63379 zcmeEuWmw$3(l<_l;@VQ&9g5rHP@E!*dx7HaUZ7ZUD=x*|-QC^YDei9X_CD60>*o3V zemKkSwITmZWHOn_On%uwITz@XW{z`)&J!GLluvp0#rz+Oum z3kk`I3kea**;pDHn;C$CeF%(EhE-8e#sxTj5`2Xc;PtIEj*yVV>l+Gi7FR$~5RLE~ z4*HiMTsmN>j4+g#NC9CGE{b(Jun42e9Iwk;A`8pZn&ue}yz+uzyB zuMSfJd6y$k&n9Yu5gK4%Xpq)l<>-6;Z&1LT3izpMz`Q8^8gB<7^3dXh3Q2sx1vLsf zRjC*AJKs>dIge5hg(95lgZ1vYHPa%1g#dah;GtFJ{E;f4Wzf=9Aj)89lDjdR6QpKamF^!D@04F;{-@xgSN(bo(`TX-aRjzonv&^s&r(h&>@5< zY`@;W;&61SMJo_`07jx>B9^g%QPN`}-O(^HtD`35o{5=5+0Ylh(GleNn1VfmyT0N3 z&}tQcNHiS1DI)Uv7Q-mWCk9aJ@j0v3D-Ns-zq5+iS?(cxM11a|cFo!HQ-5s|(bF4k zHXI-M=L%x>h#%uUl@%h5MDBxSl-xvb^r$<%{nj%n16T<|BX_#}k#93G4QzjWb^jE^ zVL*?CG9Vlo4i*CdMo=My;-0OLmvTQ zbzO0HgKYfEcPOPKCnY34T2V~oW@KS7`d3i2XhsVDymnu(&&Ew5M;OoQV zRD`1#`As++3SUU{AuQmg6ix@pxs>YunU`PQv2DtZpL@gBg$1beDW5PB$4FQY zSQbSUqpP0k0r@J-qI*MlyKi{;t_$`M);QfNDX!=oP`Le*+v#nYPn(pUtO^YBzGsZlQTS;6$3d-79%paBC=z`($SdaSj}fR(O5Hlu~Qt(nc9 zOk}{c-jYE070Pw3^+SR;bN)Qpoq+9beK*_crs2hX0`o-p%GdjIIGB8^B91$o#?E_2 z^g-xgemF|Vf>tg$=xQ(XG^_(~Sbp@+&^fJPtHiahi+#AQF714F(vTZr2vDGih**5R zf0B>~km-fh5}I{l!wC|HbC5!didBgedQ4CbAd)*o(S}VFSJ^Y(at? zj=w3p$s3fumy2ZLtCqg;k*!~#V+_g;KEZF8KX{bvCwwJZk$~fmke^f+#4dP;f~h|q zaat!C$qj=zbu0Gz1ASO^=uQCIUG=3}2Y51_Z#WPfy=XWvWILg6 zUb_LB-<7nRo{B!a_Q3S?x?W3#WBEeVma;0cib{@J{)!on%on~Lsa>~S^@i3ST?;)> zn0zeZCwOWXh8~hNk~OC_x;4WoX<5`wz^p8B#D(}3DS^l}8w?@1D|;lX{Fo0^*&n>3p_o5&c_L1bOQXwsx@1d_SC1o& zW0^3FEoZx{-J?S4e`l_J4X)3m&%HtWL)|}Dzo=uPZ;WbU?#D#>L{34`etu#mw`7gl z^>+(wbbU1@=RuxriEZ$0#O-?~QGE`5Vg1+;V;oz9LENS?mnRqECi$i&mzm4u{fY~p z3)@TOefHfI=2pam*LsMCZ_U^^Oh>taMupcZZL{NLu-#930dMEubiWy9S~Q%sn6><5 zhM`BwIHqucKO zdFnZnJf)~9W>a3%6#EGKrb|uSgpkys*NJZvO{;~~tIdlK$rlD3a+4D^t2L{Z$Xq9v zm$b}U`kHOu=_c)P^wlOBXWIgSGWJ~X0Vf{4GH7v3!e`sS4VJ>*$3yq#Y(P&rYh*@Xh(6rTU6>O)zH@$t; zx74Azy}Y`-p}Q7wR5rFjuI`W5p*0LR7C(7?qOm%+cRM_=RM5KbHAAqBv|P8`(3mP+ znL?RR>%LAxz)a9Q0!*dXjokt=2N{DKF^pDT?sA=jYqX* ziN(Q1SI4_29p<#KSgdmreW<+AJS{wNq&Z%y*yeYbKG>F$LIlPc4J1jfGM?4n0DKRX?o&qp+$(htrBR))6W7S{! z22iav^M4m18^MnKvz6e{!7pSTx64OxrG2lxhB?X*KPih<@_m7O_0oYsMJg6F_9G)~ zD#`Z=wi&ylj5_3P>uvMou)&eu)6~^Xy6(nWo?3RTIM61Rnst%&8X6o?K6_YpTDRnHQGj z=go>P0&5TZt}+jIJanGrYC3ep=0at;$+#O#HcUn)ohPRb-!E2`;}T1|J`PlP=TU}bcAZ!<3-8sp{t?$$uU4-IJRzmhFrJw6E*IaEOc_KU`L(7Nt5FY{XQo<_y`+!VQC)u`QYk&4e2_xTM|Dmfx%VF zVmE2l`5|Z}MnM^}zT?K<5g!hp*OS)sq0F@peLgBEhg^0)rH;q+5bmh% zVPSKnK26ut7dWcB?bcq*e8uAiRY=|7L8|<{jlAZXRhZ< zfA%cP%a!S7{TA+P!0qD%GBaN!0O(QvIC;kTaK7aI;0;ct-A(X-+3ICu8U@#y$_<{D z1=i|yFS_?>>d9&pWh%u1#rxS;$+cI&7B&t1X`<(|g=O3v)6j2OLERlCTXu z4W0a3)JJ1RX^QsHKSrJ*_}6>@ilc8GLH)ye{*xT^A20D|J3A{b1_nn*M|wwQdP^H41}08UP6o#J4Da95flAQX zI$PN3I?-9!lKi8Rf7K&wV5@IqY-ML`X+ij_UR^y)dpllY;$IE@`}L208aNsMrzH#9 ze+~;YK!#sW7?|i88UBvU&e-q;vR_aBLH5_U{?Q!IugbWTYz=ILEX~agEbIXP;W*D< zE&cKEKmGg%p`5XkftiZ1F^JL@G$sHOGc(IS$^QG%-;%2Shm@Iv@psDKp8Q7nYYbfS z2DX-F_P=lYO8vve%;op)AfcJ=2NM?-P;>%6NQOD|pk6}CxohKnCfC4Vyf{nmNn>O2!0TDz%O-)RR z7aht%wZda7Wx#;x12KeZRBjns3nLFAq6QFKXoF7Q*?*QPcF8cP-u^NWI)y{x0&=ms=q8 z&LrXQG8|uekM;dUc6{&(k_JG&$PRu8aWSu;q09yYTE-VACL9bi(GBJ$hJ*4WLqR3P z9S2l&UX%braB8;O*Z;@tlj4C&L>TBqrwixtml z95=^n7a8PTx3B*R0VNSI0D)-@_0UYy|*itu8+^VW3FuHvQpLYnifA(FGrVKSSo zUZQfN5ko(Uv*AE=imtJZo~|_#u`X{RFqiVtpobs)mWbckR*}`wizDFAKzo%tyGT>S;&{xR){o@3U3Ys<7V>@q zks~_E^@^YrBgqeb6CFD1(ohtoXfTP*TvTPsd%VK5hMpRcnyW*wFZd;;k|ErxRA#JZ zlHzFr9`T&?&0wzfd9`Kzm^Uvrx6h)E(_oJUwfOzS;q8}5bgbm127CM9cB>cJ6u=2C z)FG>LoFq$XkyZzZF3%(flZn`GW406g_Wdf3Yb*6Iw@RB_QKi^pa4~|J?wdv z@ArlAvC%61%PFn)p{M;N&_V~TeD7dqqZgmR)_mN1<_ z7KAD8lA5q9;5RbFS92schPGsa4q#cRHc!=x(X+vaABINQ?jmI{6ns%vIY6i$g8L&8 zd=x01mWovxIkbPZg<~(QNmPH7u0c>xTRJX^f}QBBP0ap z>)MX^(Ss4gQ)g@NmaD$F{wNT5>LkO9+)1odHMK8AsvNEEB;Xi{zYxq8N~14DhgUgiURSvZ|jR2iVKPxkixFn z?DMblov=xAA9AD<)7R~fr&)7vz6rm`ku{W)irLo`Oj@{{5T#z7ipQVODA|qc;-wtF z8T|dsdT)|}^f|8{aM_&>9rRga*Mg7Bj1+5f7c@d<@tN;k@aH(c#3?VRcJkF7edYsi zvfpoBXW?|hb*rIwjlxUT5DNsV>I&Rp#a!)A*$b%X&6h|Xe^(fvAc^K2v3#(Ny3y}Q z%|BzcC`jQXDxLn@&g!DBDqfVHh-|NaP%#zFCT+`!O!=ae6TK|>feXJTKDf32*aL-u z&O_l~xq{tRDXHpjg&+XOJ6F|=-ua%l%x>-;mF9Dr@7_!v)!WG;OiBsCRD@|Y<_KzU zs{J;JausuYUKhp9!FYvFeUV-H^QR!q+U$NWvev$%uDb}A+6qhHnTp!|v)Kv)0;Sj?px)1)V}p}Q zefe#P5u&39By<@TMkmxdmJQO3k4U^%GyU36h(Y!_*VrHTc_WMuRkPj!dy7U9%fPab zkXo@&kE~92L)2PfDzS^MW|^LxkGBhcN5%p z-J0tzvrkri(`2$%b5XS+meNKSm8Q_G&Sv__yk?2I+%ROG!z)HsbcK^V=gPBUom)v- zMrh=xW8x)=_a?;&|4#Ax{jst-rs~tw&U#_RaCvB*(4Tq*MH}Lyf?0QsT3>`~?!@S? zm0s_-pMVl0#3}gEjC|hCPQ~!)c1JsC%OFmZoLn~HXHQk*W|LjtzTW*6UWQ&5yvNQP z6fSV{BIl_X<$&`M8VnbR#=mA)@55@VH)QM^1sv~|2j$dX^EJo(yQ)=t(v_oSKBrENXAO!26l$g}P`v|xyJe&W zDTqqBP7jJ`ubq2MBKnd*q7P&~>@EfSf%mZIG}<30s3P3h%h=KH%va=-Z0u z;Ds{UPHpJ-ga$r8-OEbLjzm#}#Y}GxC3eNqsf&zdh=`o7cR>MhkVLNz7bvRD7wE4J z=1AZ%XbFR~R1}k3E!uSGm8`FhR~S5=-J5zNNc?Lr#xWw;Etk_uLX-)FzexQmVE^f?^u00r+bU&)W{gKS=2->J92jbZT8)aFowXbKa zcZp<4U~0y!CDxdsayuSWMmAo}n?eDnmaFzH%WS5o%htjW*CQqAu?z-4mN7ik>1>m# zY_CB{uc>k5e)F;UZf`teuxh4%XHx^OYd%A3fBMk^FOJeWkOSmiMQ^>yo+?&7|G`5~ zTHL&CVm&matbSU0zF^rBnCfw-YPM7@&0nT18he}(On(-*VFyO@xpZ>G`U&E8%hoMD zSEDYnH;y57f~>tLNhRyPhrm-_!OM1&LlQ6%7ldn3yUdE$(<$_-)3w3n5_u1>-qgGv z6uI6npGEq-PAnNqOO&}ufLRc-@y6Tlrntp1P=nJpkXVEsWk%aGx%Or~_>m!;D3|ZZ zJ2pdvLD4)2Fuj0xRwv^61A0XGXtC}xedH=9)dQ`iJWXse(Ts)7YeC; z>wbWtB?!c8rKX(H?~Q3E&>5fl21MfD&(tpyX!sbReaYLH(Nq>a+<3g#LMkQ5{OM?@;a*0f0u~x1eQADJ?;N$cv z;OW@&8J%;JdpUPav;CoopIB=dR|ET-7v^%$<^D|Y%5;%JTr{n!e6=N2hDzD`*>#}) zLYvj6cfakMygSK3)>dzYpulb`Q;!*yOi?@Ww74SxH7sam#c3i3Mi%xO zB>&M|zD!{wbl#*zAqOdA#)o$b@Z@?E(Pm;zbntw!feazB5U1^-L`9C8ZE&(GCOknd zt-&2GC)z$k0W_+StTItjN>SFd&w7lue;Ai!2zEZldSy2)?QMhTOcElD%8Q66F{Du* zMIhTIC?^Zx6rgo7OgCkM;e9VxX*Sn>`oQ=6K!WdTR_XNYgN!$l>V7qMwtR^~r^a%v z(AaqLKzusbZd9}%+jv{=bX2#~HBgcXaGZv#^KqTcaArOQ$w;q}MS!BiM+HSkwq0W*x*2KYUFtk9{Eo(i{dgE~(IvF^Xm>-ZX#*QLz`ApmW_D`QhD|D@`TF8{!9;7 z=!HzJ+i4?mocYy!RSO3eBK&>25KMtLl&kL(BtGyMvHcX_ae7OUA>K?VS zH^Z(QQMm))9_V)$yT`MJt7s3?(%~Zx5)yFE!hdX`KwH1owL6aG2Dxk_<=k+U=>+Re zEa3F+tr#~Eoqgp^t$anD67xhnlWlBk{%&b?B|@}z6uERYY=OQV&#~o9+sC}XS8~;9 z6^$T!+p;g4#6gsn`IhO7i7$(sn8cjcB^|Tc1Fn;(HQ}q))g8y?QQ{Uyo*8`Rq_7#~ zZ7X)6^jz(!>{#g-Z?S}QrynL(F#*fx5A}fCv`ssC6Jk6bJ~G@*eBG7{1nC-bHy!FA``!MYt{T-2`|t8T2L!iKg1S5`0M2VTh&~$Plrwaq&g>Eu) zy4Ba(j`*El4W#P|!3KAgG}9Ixr$i+8i%xIZZV#h-K34T{bq}ZTx{CN;CDR&E($EDc>qs@Tz61L?qyt6Ne(jEqb@wLiH*JSlXTGcEKJKKrwlNI8 zW=xI2wWKvok-wMa<5gxbZh*E@%M?--!d%(>5fBEJ zgwFeiAXk`UJ-OA@Ag)hVwhY$K?X_v0R@40rReftUuqeUf+WI71*GA&FI_>;+GfK8= zvF_Y`{fEp4b=kmaiqlX&QaZ)-SKlgm=ws|UW~PS@&5@!sxyo$U@9tI1;V(}8h@`Si}&HgAuI8lI5133X*v zLqMUbf@YNPT~ishUiv#)remt_ya1PIC#O}gk6981sXr?WhfX=S!T<0INpZb%rA4&Q zu3YtY%O^u^D$^%R6cku;)oJGEgjpWtib#_%5K-yEdpgmoG%TjPk0l=rxF_0#c_?)b zJYbfJ9pQT}M`*uO4D&s^?c2@aTA<`?*%|R3K7wqwk_WoIZ;xn5H7%WG!y&MW+I6}x zZ{szkF9~k4XTq%Bjs-b>EEd8P*m2NpPyg>Kp#1$$pU5N zWPi-~C7ZJ@kr5hg&j7F$w;u!qKWH(gpwC*E#xu&(FN&~xSE!@coD2!IJ#J%uUhrdA zl|1{%o2@aQ`#DI01sC3{RgLAu2*LmWkhehAoWc$U{eo$8I=?)bR}%I`(LHwepk0~z z2-SMwqd`$^o&+W)9=vVC)P9-(a&WB8T~lmLToXwSSB`420Ox$MraCJku&2!OxS=Eq zXSAhc-R~aUbTlVLqQV6x)e8DJ#{G^HhKxm9g-a%hqfZPxwBGJu6p&lk!@JAPFW=xm zciK7IQASSB)+KM%L%C3bl@@0vsF$r9ud6~1Mm?mnYR5L)Y(oJW#3w;v-Ja>F` zT9x-UomK|o0s3}=Wwjw#6JO8~^k<;~8^GclwZcbd>BX1?%EVpm39V@re9xOTF~HnZ zfqIX;$vRYRM?O-&A>Gd#{Wi>3(dyZ)$P`$NV-Q;gEzRz9TX5~xEy{%|c|UH6z11EIJe5z6Uoe#v)@Fc>UuuiQm}=70e>}tYy{esZ%&>V0<71D($ z4Gjm#40ZLC;*8f?>)T^gx!-@Q%9qu_fo*wCaVQCYo#O31PEerL3m4QpjBF<#+pYU) z!^xP#O&8PL2vIv+Eidr($E#D>(DOcAtaw;t{4+Ra;7oz#PNA! z=EZ@h^AQFN$I0AukeSnBm_!e`?xrQcie%oJEt`Zsx5I%MWyGo8_FPf-1cmyz79)Q< z6Cfq|2> z5kpP6Pe{``+eVBoXS18v&-Zvy!6h1vTimjIHU!6){CIa25mcJqqNMcsVvKSunq00)-BJDiMRAp%L2=#BNl!NIG@x*uLb{&wx!j?? zlCgqCbV2FD*7$(D+ZUaPeCUGMMEMpE%>nAc*Zx%nyFzwD39Q@3sgFTt?xXO8?hyU! z1zYgTE?j_iWPF~_syTXhRx8cM!1Oz=dx!bSzUjTAt9z9SLqu1*s@?%Hg65n;D{Fam z#e0!T=!dfb1^|&`uV0)F_~$t8OyXG#DeY;XyJ79jqdi-fA%bz9QO(=0>$Ua;!2b7( zbOb8N`rhUI5ZLG=yw~3_$=)@CHl(Lz)4tpgi=GV{HhoS?SsYcA^ zM}HhE@e`v3Bf+R!3ORfn5MvX-_n#PRx&1Z^}r`q-J zaEg%zy<>5=E-o70vV=DaTB1Y4XUZJUSl9g#WApw*vbx|ZQ$22!ah3q2>Qg%e1t-Z& z#~@?5O{ZzWM;2u9IjlzE>rdK=r<*5aA`lo#zaYQk&^grK<9=|N&$(^qf(5`Gn~zIP z#sRrx5d2jFJ9S`zVS$;mJQpR$ib}RFrY;<5{LIj?A1(Bhf%q&(bqlP0SV#rp3P~7Z z9G1!wM@tPeje|yf18?{$0N$to4i^@sw!A3b6@lG?5$C!2R3`Q<_VKRb5`9|jInL0^3f-IDebWoGWvnGzj(mD?j&b>+& zCUrASgLt*iHOh|`_AAX7fX0|Rma4|u(v2TbwGFgtFB#lCbW@>&7sn?IDrj68WAH{k zmnsY`jnAw>Biy|As!B?Hc)E8n`Sf&e z=^8$AI+Z1vGcZ$WffQGg+?MM3xTS!9t}~G>y`5eOxF|`L^@ZXHm~x#c1O@X(cpVE? zzRG5WZ7UTtpI0>c5#u5Fx`W)o;^`eYuWurM96)+|fjorQ0sa&dB&8->`4<@{jUirh zWvtlxWg-gxEx5r|9MTk`q&Jcs?Q}Ojk?2o{s{R$*SuOnbNY%9ta7HVkFcj{x`Pip3LWgX0rE|ev2 zb%%Ju*9w*fb56b8fl#fVFG1X{{eH0&G&SpkNy&J4ZQT=!m+^Tl!$UkxW?uenY>3JQ z1#cNc=UEQ{?mLDyLG~--nR#p@tTj_;i@Tq!=nH84#x5dM+U(f-9_l-@NVD$N3A_3& zHd_+KPr4wr_>O+%eB|0bQ72X2avLtIlB&#UM5>0^aJlWM=d7viixT^ahUR0so73{L zM!BL?B3nlf9^^xVUOLI2kwsDxa2XNV$cC?>ABZJHHFtRu3WvJBHb0!v@NIn^#)Xd= z0Xz#5NMwyoO#`s%T35z?7$YqHj8Y-p80!)JDRkO_{9JLRUw2+};aGDuV=pllK^ZjE zA47dh_?^=<^pn#h#cPC3yS+&f7Sm;U)keL7oL4I@`$GWh9NBA6hV%oCi*-rBX%g1) zX<)c7tWswCK=dxN;a!=p_P8;ds8YTn8$Ca*y$Z(OnE=Y_|PAtK0|}ZK^*a z!7g?WRa)cF77W&NIZeIwQsG>MJADZi_M34%<=7751&vy`)75($&=&rZ%tL*Gk3mM} zJ4ath5vR>&01mTZ(n{4DjBf`v{C02I{-xBte;!?e0{ywO-uzBjWr(YB+7lmiQZQxvL{Nnerh z=%4OPqu_fcpHDX^;3v=utv4EqFl+axiuP@Jf#1H$DyRtRaxr7jJ>DT!Vx$MS%^AeO z-R}(m0!eoTF88L~B#^dxSBZq6F=$YvdI&&)q}0@zw>9_0FvY|@H!a-97n(y)RWn-H zwmZXd*VZNVVJ#151s4L}**Lt`=N{+kG2cw5VbTCkIF||>wY$KNSz$=E+)fQ*Qs2N8 z^q96qTTeWbN4x$I<)gpqzkUlpoa(7XQ*U>e{)5{>GKP8!J=CaD{W@hmN*17G4g;g) za(T3oYj;^U+93c66Aj0I=^6t(-JoZ2_^&LN#4=#J-y<^q2tE=`a z*dEa))Y--BMdVK_%y?Wbi~<(&5*(O6u5mKKTDDpah4I~Dl&O65EU-;|#q*~Mfg*3s z`)S?Cxs_=k`(B+#CXtIb^dgdb-y0H^k_-pq^NL4WK6aQ#5VqS92$2$kXmb$-RRMPa=pW{ z0fjoKbG&nS6H5tSe-fFk84()CYrVBDVSm7!$x~R!DFj7oFm7zoCNYcgzr?iJnDAg7 zk3&Fn6#|x^;IBcx?$D0itquDfPn_J>bp{o0*|9Qx(E@NZcSJ079~0W-<#x7f1Vl4*J-t$w6b8l4_B9x}$2=@8e)-K1 zJRZ1&ClzW}-S8QE(n`Y1w!^3e%FnACGLTz!w}vYMK{|VF9Dh1jlu#Mjvl{#z0Y zNAB!Rf?(|3>8$i3t-r@B=E`Z^*2A;C;l*omttoEPLaTBr#YYsOLfD@a)_9;a@fsJ$ zfv=8d&I!&QQp=Sg=StlcB)GG&o81{q*{%861DVVfG&LSajs@i%v${$&++Q)A%pF*6 zFtE3&SG`nv%22j7*e*7s>1scChDiRy_1Kv9DH`a9kfQqC;vx_|1p^fG?xt8K344vv zkTt#<%+P!R=g8%?e*AU6#E~n8s9ndo(fQnvNx!?$Zr`U%YQEAq#-dS0q&0u6!SVPb zB!c&u@7CtGHwrNf3;d^pwsK#kon7Sl4U$5&ufF1TZu}rXKiM*Yf7lX4-L1Ys!H_RK zbK50zG%$L+yHvbC0fmN#GTpCSFZZYnM^g6n4GuseE&y_krT_;0pYjS1w$(f}X)7aY z`D74Cb~)C}KpW|N4av`r7=~&&vZ?QpeU`(vU2UgTjRKj%!qA!s_V#UMTcVF%AAF&D zM*oECZxr|^jG#|~&_rQOKWh@|Mr9kb5BE@H40g*fSD}?e)i4t}D;roY%5|uc700SR z|09)Eovp{L;*E9r-1_&OcMP%K*%`zQhb|hB166(qJHZXdG8G5!C%(w9&-o#|!)6s1 zry^Q*(l7fwQ6DoBt>pd~!XArhyEBN!>uMJ_!91~-KO*K@P{eAw2;`kt^-BUANj^Wh zcTMKWa#Jsi_4z|D6_hlRu0piZtKhlMPg3d4j<%U3)IIWqn$8qw70=Ma4sy(u-vcaF zEAH?~if`T4IV7>3UBB}t9@j=Yo3#KEH5hy7uQ*hFdOM!*38i`TD~v|uuyn6@tX_95 zDacBr$l1-6)Wo&rC4GPlPWv7?1av&tD80Wu+fwj>@yX113mkLs7DSI73)Xg@8;S8s zj+qGBD@}6UFJh;wLBG04SKON^3H#3H8CqUik=jG7Z=u07^|%#>6-ZqEEt{ih-~H|a z3;F6`EvNB|;7MRvSa2xbJi>&MuY$V4HtK-~hg(EX78TWcjIvhrlLhxp4BpOZO2(t> zW0mqdY!Ucud9H6*R5je~jqi=||8$AuQG0D}ex6Pk2F^TJDdA~(h&ut|B8T*t z2*zh;ce5x4ROM2xct}$SS-n@ofI&}2;phUuCrVLbUl@7eAt4hGvUH` zlP%BHWaoHzr+#qf8g~Oa7#0R_PN5fgEMOAuW<`7))^95~wDGf6so5HiQKwpBBI6o^ zrqL|8uQiQpeF7a$kiuh7qLk@%^sHSSa(6aA-V3wk^)|15X@{V3TELXIc+*}&uA%tg z_)zQC5*+*mT8II6oFCWrWR&RR2kM4l?h(gJ>zYOqRD62vXuO9DK@O+vlaw|trfGWftH1W%waLy^^pIA>`hegk(``{Be@TW!j7aM=^7KIjsWAq`z z+;Wnm7JRcyx{YDii6C0HtCWr-H7{de2QQ?SPOY3gu8Z?Wtoe6f+bo=1nK1=g&xQ?s zkTeF|L}wLL!Q$kp(41&L0eN)gSSc7{7X3HLKM?}|?nAgWh&-PEnk~G2yg2}QJ^OC- zqUy|7km;Rd-v?C{mnt0Tw1u{e-y8frP09#f9F(HN4huh^q_V5=GzSe#%*G^*4#&hI zT@KnZ!^8vcMjCFu59!e4u4%tYYNZA()mdQxURZ@;yIx_V`^!U)0)o8e-rLGUeCVhp5-!8M@?@w7#=h3e$;J5nKyywZc&fPqCut)S~j(0hd9H#JE1B#A6}R;6cGpytVHMYP2ilsSWeDoF{bBQ ziV&`hVie8mTI_yG{`{@%iV@xh=9(5LvW2kp#M-XHPZSbin@Qg3W3 zt+^vyObf*IUy;tioX}Ubpk$eOYW!M|+JnY*PWhut?aii}K~^MDykcp{n7XR!3X(W{wmG zMBfRu#Zx%aN6?6cW`490jCa1cv9`YH{V16pSl=qoti4=OmUxkYnUwos#zJ$`?(!^U zp9OTxRc5k9{ju1MQ-=LoDgyiWsP6BJNjQqXK1ll0(~2iWX3U0w^~uWQRL2k1G?mN{ zzb~r_%&OU`JzwC?|8NI>XQKBfVw7k-1?5-p!$SUH0VHB!fg3i@oqbVvih`CEMg!zF zA6nAuY_~8#vXd>yoPLajAohZc@k8vQzY;Ht_ptdU@L~~=AdFG0)>6A%R2U%rTPpr0 zv6>7*d@s+PO8lK#{>KQsL8?HHS!Ok!?!^@!?&SzV^t%}K(7d#uL2G(l7z9w~@HVRc zn{NC|=`Dj)-fl8p3F+_5`!gMY4${jTP$_dS%@t_goGAFavK<{7BVUlkU)X<{U(PkU zli^G17u2QyG3S5G`O}E}0>b@Ia{jlh{zeo2f2VWinzZ}>sgE1cIGoQiIf$N1dF}Tq zIo$7}AI=lh=IvF>Uqz5f0wY*Wu_EZy*&;NbbR~bmnY;)2z06GwYX=HR{xj0dfB1W^ z?6M}%Hu3+;_hR-|$dUOA$@!Fwl0%%{WjEZ-z)~>jkYW#XxOI$GbQ+giK}LZDt((XM zu!ZT&W_Mbi|5WKK0x}7uC#QP9tj~wkR^z-*9*2Wk4*Hmc)7W?Nb@9wbNXAoC(%gTc zdBQuPW~<3hhxEt(V`T^hf2nbl59EL0Y-ONy(w#46%L1gB9VJ#IaqJT6Y_=7#lC+9< zSbtd^6iWy*^$mB}?|lF111Sv1o}h04N-^L>S8G!>Uj3fxHen=6rOM&T4CLdo1!i5vX)OjQ)#5WVc!Ksi3y501m zTCaEZ`IeZ2K(E3ni*@MDNvE`g04Wdknv`Q_9!rRGa&Kl37tTKZ+G==j61I9M*(_4T zzPEvDHT$AB>)nn%QTd79|!@U(RKSb zC=_2+k5PrrlwQCjHf9g(g9J!VsC8Fe^7_YYNzf3l4*e;~Xqh?z%{l+$SDg*jz`BE3 z&oIcX-ALiDaKkCOChb8gP*0E7+NOMBq3<*ZJ2TcAe7=Htu#`=GAz0?eg1qxrwPYfO z8=IJkzp_UXk0r~RKo}5;6AgsstO%`(5^XK6JkcZ5;o6<*m)`UuxRU?K z1}!Fb+!=_TFIcxr!gSc(ZH!ESqw>fT54|O}LxT`2J))!M5PR8RArtd{MU_1(o3lO$ zInaq~4>)bw6BZanAbRGU{x8U0L|oZ3J2AG+Q7k2g_vM+rm1v+o)n_vXiiyd$#Ka8!ewt5og-vX*jBE6lg>< zc6anPfBfiN?<&b#xEb?54n$yRWMp0$2f-0$%Qo7t?z)P&n~Oxq|DaY=9mJ1epu0HN}yCe61BcRtP$C&*Z5Yp$}d>=C3gG!}^d#Zxs*E*CNk4uxR$xh>g=d*#5^}Pbg zhE78(9=K1w9x=ErHOnsQuic!&xe)cUjj-vhg5OqHHRCb~4Sgd8SJ+vFf`Wer-P;QQ z30$DMWu59TfP>6f20qrgF2gyAh$AKBlzdMc)=am&4jH5EwiyT^+v6o69lcvr6Bp=u zY);N*@xUA_@<|K-)hg#WJe&p+v@7XgZTcc3W_&LRaD+BRN#fy^4huV)!f3>>sIh&M zZigs1!s!K+bu7KRV;1Y} z6HU~|n)l|AEMolip6-uZuuB@x@|~U^kvj=&s%2beYO}IBm`xV)_pw8YjvxumD=Xwu zz8^ZUoJlbZfe_e|jn8fV8Db+^>(vXUAO?`cW;|QV(bSe^Cr3~cbVS>2N0-C z#E}u3FPDq37|&}+#lII_3{XnL*vnoa7&36@ji?X`E+-h(}Tu=TB=^a z*(J_!01A>~g-OsXf)3eobDhsNBlyq=xU?KLdr?m}qc*x0Z1}sxU9OMF5?JbH&ZBK6 zDL_CF8F318oa~T&WXno$LvAmLwMMMQ9-Pclb;6%iaUXgvNDO53XN)^-g6ANz59XT0 z9?EomoQ|8Wl^8KpuUA$ChIzh|z+=(sh;Dh1lX_i2uF!uY`VI(aOBD&$ zs@%J4M;Hl~WRNZcVZTAR@Xp?du%HpXXF=FoGk;_Pa+4VuO~uh2;c(bDW#)+Gdnp<5 z?qJDYyFg)o5qE^->@z`bhDP1r zjBQ#^)j`(@h%K;auileQoO14LVrqMw=BYH@!Lr^Hk_?lJXWy>@f#P_(@%$LKw?Aom1iDQUzb8ciaN}4aWo#;vP4(zc=%qXB43rJD-=7X75`t+E zfx`*C`^3_f{n*3;&QS$z(J!r$Q^>vL`m_+=HTPcrn|N(p)h>pAP|VPP81K| z<~vIq(~igEV8X1oum?{AK{0Bvf1IOozuNd%t)4YUn+@EkONz+re@8c!n80NH?hlk&O>}hvp3*<_c|B0_{ql&`TLJ0Z|!Rbss=~ zEU93`BUx;?wBlP&&KY>sPDI*uUR{Y;YvY`q-?8rp17Uz688!?OINk_G2rrPE@fH`p8t*vX>bao8K(IuyFQJKvgQd$HenuC@YO})yq+Ge5Y$# zK_>Q_ey`R3_}gN3IMd4agd7&NzWz9~8MmvR(Tx{_3;}Xl;-9_cE36i(4{}~t1>&00 zc8DL)b75x;QYC9MX1N(gG?r|v6n_uL?_hqoJ+fqKe?`TeMZ`#e`&Hp}M860I%_0M2 zv#G}uN|?wm@ZGuv%#>iRyh!G7tRb$#bFdkyYRJpuW%SQ%!45#rm_jR0{_#jz#&xyX zxn!OiAAUHIJ^4X)1_hcYQG73S%^?9b;FVdXa}wIk0(|poM2J%*>!0(QX?|f(wN|&P zoHgO)p+DxIp174i=U=UtqwMi&kV?F7*Lm&Ph`n6j1jI;|;XfEI6dw8qWX{#&-r@-S z7>Lf!iI;W_H{a6)YY2}vyYJ`f9%}S>2VJw5ZohTh9mc&~nR~y^yOpFNX05eyn6A)M z(R?UXrT?rwQSl;lzSwjh}z{4tKO|J#jKtC+sEHZynT+{a{!a!e(Y=k5gFxh)V#B;AoSP@I%g94x|!m*=4 zxLKIAY;Rd@n)g=w4L5rw54E-c^Up=qem(Bo-nbX%`I6T{L2@%l`rtI|C93G2NjwFV zG#<5o%RBE1Ge+HR@A9*YcN%`o^`yHwJ`T$-{@4+n2vog`$ViDHVn;T;$Koru~}*NusgrD~g@~3_Rav<5$>H$r81a z!=&0TcMsP-5=T=|Qs4u}&0*mH`0Ku(m_7cgzT5?|Uk!GDyaTD{pC9k@PvoUEDrgcAuqsyAtBwT3$?;0bO5*#p^YBI4rlJjyPQ@m zgxkq@#`NoHj6a>I0A@i3X>cg|w~2i5&@6s3Whug<4}f}>vXJOETM#-Ky;L%DS)K@8 zZW$pws#M){@AMGng@7mKG($ceXBX6I+w;@-fZyFZe~`$B6u3a>0_+OMJ8ycxQde9i z&gi7K~ zei+#{PH)pirdZQkd0PI9vsZP|FKEOc$+MC=N`Q&jAGgqT98H)z@ODkM{ccnGytncE z5M~(ACqhB44w#aLgntSL1pQC~X1=OLvTZG}!{Mp*5Z;JMM)1f`*%Q?yLU}u=%fCrL z;MVE;AKg5foy-k{KZwI-4}mAFP&R%42WaWELyt*JP@q4Ju!JJ#a_Zhs&LPc;=$^Ew zSxG$Ds*4>3P=IH0SVnb{!Jcf%aQj+H@hvK6`h2uL0`!>P326Zc=y5RJ3{1DLdC=SX z5V+t2$iIfu$PwGt`P`{@>}B;&3hu$5FIs|U5lVJMr~&)uY;thz$Pa5v35@qb#;>8* zdEcCpFVehj7g~TaLSOpkEYeUNxfhUP25|4 ztoardh3)C78w(bAIk=q8_MNBWJdyM72d{;um#8JLNkc@E`4bu5Ru1M-^xv0NFuq-;HT5j#rsNzYp-L6XXAM;o0KUhr5PbaP6+>r!!cC;N7 zcY`0#W+G1G0YA{{=^yJ#49KHJV+|+7S2&EG>t4(4$QHHN-G1Uywf&%tXkUq+!sl|t zmi9Z8U)`QJlU7I+$&yxwGuTY=r2=$mU3{v3T}W@}e>{i!hG+To7JH30UmOT!YKASZ zL8c(C4*|pVedH4)9G2=G?7%|EijI@tdo6grz6f+87V7amA+6bMKPHcD+J6+h@Z<2z zt|1$AlllegPQpGtDvx573fJ%Mm5}!1K`gE}>EJs?5gZ9{Xk$2D8>MFL*8(2P2hFyX zYLk-v*|MU1MQr>2U!x0-W0051qoZp)RM{oS62v+0%H1lNQKMMZ*U>@Us$Y86dn#L( z@esqZ05Re6w$7pqkfa0r3Y5J$KnHjR!MOCuB!2Z;O6G_tf^ZQIWNpAymPoLB53Hdi z?~y(abTL;lc7_GYhwMjVu%mU8?k}sLGNu4Azj*LR?WW7o#mzwcEbKXL?0Njq`svRg z)E$HxRg1LyHR_@x)m?DR4TVBQ%zK&jpPEgnouaSRYYitazMwE#9Xnin zgRomY!+&h6xvA~u=S&YYvF)Jf=jZOK;ujJiVDyrgt8)bcJ-*Uop4!vx<{Z4j*gT!i zAJsaniSTIS1{^k_6UM2Ga+x=-#}yUaOuTrSa@p^(K4OOmk2CAE@II4nH4s`aq6FDW zWa8D|={8oV5CLAo(cG1RPSxP3%u-R?;rA4Bs(b_#e5PRZB2C<*E&2M`A8NGsY&KVjo%F4;>8h&mixpL9h*u-n zhmew~UcB;3%?9(mqUm1lR)~7@hDW1Yy-CX4W@OXpxj}1=i@Wh@Z=J(HeO8 zV=5LY$a=3Bb4wwc#L*EP{E*LWt(IU*WIGGww74Q*a~b~1z%y*O0r@2<31>+Zf%Azq zj8Nk2d^Oj|EIaC5sYbChnb6DNK@izbIu4#_*ER1ivO1(!KRbmasYke{HoU+L%;?3- zygR|edC7YCf-e{8jSt1jN{73$gp%xE_Y`c{6&x48y&(;M0zArnhsUa5MUAW9*Ez)2 z?GmNQWbS0%S5+Kw?{7lw^E|FCW|g5U=0x-4Y}=cZWs*_&gjnO|t4$nDR=#1%sH?Ow z79okS3Z3l|g?lq%uBSl_x*@JIs4M7GUIQ_u0@=-3Ae`Ttw#?Wc{mkJOeuOCqde=%Q#bS6)`$6%D`qdYxitkU^S`c`rNr`7%{EXk(h8t=3(j9(KL{ z^H9?s-ee0>#|+tHB+(kv;Hq6)^@o|+!n?-c$uGRuEIJSL1quH74vZPFM=e0aqzXf# z-sbi@Lqh;>Gle+>tqQL;e!o$h4%a|%P#DL{X`|=SoLiHasVkv8>f%;i`e^nx6p$E$ z&12o>40J-*jE3R6YQ?71$VwZ?ysZ-2l{-C%@Wj=P*IQ0i!|9ZYicg`>{NiA&Uzc(n z&6ZGrv@heGndUjIJu0MVvJF&l#yC~f=rcGGXPr(8&_7HsjL7NUE>^ zq|)pDuw+Ly#XQjr4!#LnuFZegf5K4W6+2ZeE+UZq^- z;%0G4IhN&iw^#~c^ew5i_z~xAIPMyAbP6wN#fiwr>zV6%Tekh1Gm3!Hc3f4Nj-&F2 zJOET-!NW5vH17S5mTQG^H?}-#PEoVcV3(+!!Y5vdc7PD(L>`*|W*;%zP=??oVaCh? zkkfqy42v1fSzk1M|C!e}u@3}E2D1ZEvK{LVZzWlOp|xI>4ATcK21lE8AWKQ}_q<-i zr=z1%o*q3P0+8fR+$`cWv&=yFy zb4TbYspz;DYa0I40kx*FHzZ(P6h%TDKhuojRj4HpBrcuVCp%d^ zm9dz$u!f4N#KKb?JyOQ~#3#>pN!Z}c&eZU+3OV>~R+30{_7SCD`)QB)QhwfiM3SOX zz=V{{3i)9f+T3}oO%+cS9Tf|DIVM{L+wFv3^_Q3KS`Hb#DSzBqRt{|xndPNA%aTHj zcgLBot967QN%riyt*=LUEy1INVpzGY!U)tcGO>8}h0anVycRzXG{0yn%{<(AOK5;| zCj4^@tN?+oVDP@*#ZQU7T19MUe+O*;O5GJ+@YClf^f7c;LDQ)s*(x3vE^VK-&b5vg zQdKes`H%|8lj{-prH4)U#(M*#>B!m5rI7x#NjSigyy(v{&z1x!5&Q9Q% zm+{4H9+T=?<5nq>9Hxznug<_(W-Nxhl3)hA{R|0xF$y)-#S$f$pql!r;S!% zkIPn0Nj}q6_br?Gq;Ym42=mPp?YaF*_g6hHETjwa3=gp zANfo@=UoCj2ft=d*8wp&#qUI=XaiZO9n%l6WHtn))9yJ?f384+V zcW%45^n6Sb&jHTFv_fAG3_=LCL#G%@0qsOEa~nEA}0 zTRphhYNJ*dP+-PO8SO=-$qA0*g*iUvIs)trqVF>!j!D;A3tL2U zg=%^PfC`G*ZFV$)c+?~mNp!p0Y_f*O;3s@r9v9G-LXFlH(ZJGiH$4;0y6nEf zf*?|xgUX~-7|~cGSImH?zLgdxdli3m3S&C>njnUg6}o|RXK;m94c>-@b!nf(oc6tZ z{nR2;$Y_8TcY&6s?dI6f)z#OF0AaWXq8Pv|RasrEu*GSqkAc^;2$z5>{2Oqb5JA@n zkl+3GFzw>YMMWD&DAC%JyNBq`Iv6xa(02_bvlJynJ=`|>o--P8CW8i4@(vz@IpFol z3rt3jQ@ z^z#Zec$hi@;1E;+{Vox;$Q(XjF*yyoKQf@XtoppbWN#Vsvu2~qFrkXozMqOX!ZFR7 zgP4+sEw+=D$MtI4Odlm;6hHXsq>l zA~2g;X_!t#ZkGG(O^ZX{TycBsL+9Lmdf_z>qvleZ=PmgA2HzXi^|M^_WStflu;b+( zOJz3l!N;U)WUzh&@dqfGI#OEi_m*8D-Z=-2Ji2*S8;*;T;LwW$VS?i?neTrAYdQkx zAwQ(8DbUbyk}`v8sq*<*dhi0~?kTxk4oT|A^IyIwpdYY&fb?^KLzOqO>yr`~9RJN3 zPE|KBC!heozUy4@<+xugR4F|e4W8%x>t2&JUD0=!X4)g z`%tuLj?$MCH;g0X`3Bj|kMH36Nt8DSmztoF^tM-B zdO?4e+xRE>{iCXCjc&b_Y)uy1mfOPZBC}hWZO;3&%)KI-FINf{heyD6vD$RGjx>q? z3fG!f$(MVp3D@_DX%CcmB~wWkjii|_On{<&q9y6v7nj_%QWe_EKMz$*%jzYPZHxM- zeW8I3!l!!(vqN1vI{e|}AjKUv%&cQ{sH%Rpw{EwTo|bmQ6${$v9lua9^yuU5ZXDI@ zTO5B)usPgdrs=g4es28?8^-gESEzEwe!jvI*w{ek$<1f*{StBmqU*+y4XN5boq03lJy_%tITfm(LY}R@F=atA>f6uQhEG0~>t(Y4MKw!R*bT30 zsi{8_D!MtY=J=j^{JarWrc+rPKI+X%&A!q8o0v+Q+Lnsrr)lH(KZWNa3U;(YE6pQHG z{k@ir0J{Gnd?*i zF8k{jaSzckc+|ttzKXWOLJ{()tl22|s_G18zlqtB3OODAWtIt6nD6Z>pr1jh5;4iy zG)37x@05mQxMkJW#P32{0QMHg2`CO&Y+uxAPc&)PS@3vBXibO55yP4er{GrRxSi5` z0ZBdB48LL3&CBEic7BP&zvDiB483i$sM8|eI=GzgjzbP0QO~@&z3$LD&n)dJi+4a! zMU^XANwaS~PKRON$B0fQ3zIXfci;cegHF3m$jyOTZd_Z(tIFF?#zUwAkhe}|wUo8c zOORRq8veMFtV>3fY>BvRN>xLHeH@1|?j#-x#g-s9OSUL?;-1g4QpPH5OhA!Ss8$ss6f7s;Glqc$gy1Gpl~1qzId6d9(&U zy^I#X#5_;S1~K4yt)(Ps9%Lj~@!`j$A^p|8%~$$2j^P~Y(4h{f)pqT)x~(ae9~w>} zc1t%QT2^`Ra#OwM3fOd2KICvy1VM2Ps!98n!*VfbC?=K-#6A1L@j`3{VZU32q0EuJ z44XpJyRpwtP;0aZZ|o}O7N#WojTmvh2L624%#p>f)l}T>?O`nZDQVL}MO-+Um(D%c?@N{jYaTZfsou z45k1cq9pY~qkX=L_8m03SZjO7?rkGD0g-x4qWApIL|LJgicT0-xaq)36O%IQ0*M4~ z?{eIvdh9j{LCUn&XaM)2<-N1G_SM4p`GBuVpOi|%=F~4}KKbU<1LA~yZ%=2H=77)O zhMTp>3%+Fxy6kQ_+55C^Q%1XF+PS^xK+NP(E}tV+t?r zfkGVElgE(!C6IGYa|sy2e?2INig-O zs7IH?rNeL}uNUIEY;|YsCnC`vt-JAq;};$PvfoIl*9{5|?Yd)xg6N&56V~J1o*+B_ z7;&t9SbBtkbU|KQ!sA=nFO?5XbAkRcbBH#XzE>CMdyjRKp^t!ptAuVzk4dk*6tqDj zBPebcu~O`;b-tOm=Ur&%(Z-xoofUT)8n3@C=JQ&=isEse=hrVK8d1D^^u3CYTSUqO zJqTQ?@If%HrMf5#dw?5x*`YdGw1$-fp8?HcZ~0--u3n?y2>D?41GOQjGhL}=cz9zD zNom?Zr&fjDj+LoDdYj^y=7xF!Y!X0!FS|(vno#&V{`v6~|WJ&jF-=Ip# zHu6t^m7EAx8XTWRCw(td2X)4QU))f5v>8CC~+XCa7`A2!pOAFxvX7%%nXG7u7OdIvGJS0WdIjNGm zOK>dL&VX#q=>-;&K4qTYV7nIeRq7a?l7}yYX;z|>Oxx1{*Q&Nhy;2rM_469QJ0!~< zd(akJgkP$dbnf?z5{{5xy;Z*|sXRkVNX$jVV?UlLDQbpgNVmLq+{*UgD%4sj^53Ce zH7RXarvz?;3jBG-^u~On1=Bn)G{<81Yz&6j*UbTB<7-(Cr?14D7mv1` zZa-tFllKU7JmSYj{^Y-}`kJ@V87csD2*B=Nf*9Cg$Eu*%dHH zDl957B8%fCp{1Et%hAS#gWF`{XK5Z_aWaT*_%p zy+2>?0@xa4?99t7`+lbE%k8H?#9PpQ!*^X}{^R^|v5sfn9@1hUyT|!7ao&vqQx(SZ z3@in}cmZ9tS5+5UM0t!Kcc2+vJ|$z+NHp&2LR54ir&arEZQiCFj-CA$>#i#*Yq5|C z04MJ27yZMrf*B-xwLc;2&9yg{ZTcBjP2VO+A}Umj7DI|=r3e5s${sd3NqLl1tw(bf zI)vfdsGE9mb(FlyK;tyk;~GuP57GoIbf6V=1Nft#!L4(QBgb4sSEsq4?(u5 zlt9_GEK{$_6DaJeoc|PHhOeHziEuxorl;gn=<~&M*_ek@9PT`pcm&;qufp^}H}PKg zZc{@%wq|Wc@|i^l zuovY_tfE^E@f_sQN5JfT5RKCt;(W8EKNV`$iUn-n-MDd` zFe^DV&6eIPoKg?tg}wcF72HXW+2L&i?Mn2O#f1=AQ=Q-Z=vzgSkF~5qLs6BnVqfcsJc$ z{IfZVHd~2rJJ1h<=C5-G>>*A>fs}Km;108FZ&lwG9hnYAK%7vkAcT2ykmcIOIvfODvnkXxQiltZ~WuhCXv}2umT$wSvsZ6-Qo-QIJeY@ zFk|@d%}B0?V~2AC91`8;cao0j@}*zX7#M18<*(ZE zB{}0cAwChVg{bVS2}y!Yma&ZzHV`5Nk9`0s0=DbgiiBvN>(4M;FgsOFBNys-K)}eJ znK6dv?Kb?QlXnroC30U5c^}RJWB~7S+0$3y?=0@m@}sZH*KR1x_w(S6SUyYL*?bN& z-j$|V{&Q$9yBueim>zp4gnT`*zt)kxMs>2}s)#K37?KO+uLApM_rYp?dZt9J=B6q@u3!J24R%NtQGi)2l5}hD1zoPFE`=fg-D@dHFL~jE5VWPGp;b(s zmYeYjorYV^rhz>G3(9FVuOFCe^C=ijt=-@ce&(#ly-zHzc(TonfUnEEyX z%J85{F}Q`tmGiTy86Mdd2Cx*=oH~EV!`H()6E;N_cqo+1v~hkl>^RR=MhqNm z)3FYk<9iV_d|i;5Zp^QLm?}|vr#;uuPf|ymhy%GPbY3-hB9;`U$e8({5ox?xU#tIi z;**@#%w(G<`uW3=?N6w%j$VsjR?|NwHbsBwg{v{JP9t0oe)S)%T38T!va@nY3jjNQ zpG2ar_}VW_qcLQ7uVsqwl(v!2iCG{V@PPsO@n+!(E`OLn0u11(XLJFrPumxcT0@-7 z&ESVCrK!3R#5>m08OU4qpJrr99uKZ>!d~57)}i2KbWMMzX#&(3jD1_xCa1{iDvNMy zZz#n0Eb83vR^}!T{6>pc81!1!y$JD>6v*vjF?P8=n zF?oKmZ&mf^^8BVN^z@Ba{_qr|Z*9&TAadu1vI|ny!JU_x+Aqsdrm|i|um!76A3-%=i=1cq8lc{?KDdgz+cy z_>rCV+d4dtaqilROZ`?Y2INRVRbx7)U~N}0sL~gaT08N$>A z4AK=;;rkEr%R+m@d@y||*Tf0&@`@s7kp|DIJOzQ^SX~9I} z*Cmo$%HmhOtL;mBmIn^peyc{w3&bo>o?(IRcalQ|(68|ThD9y2xDkTcct9z}9tq>D z{=@j^t#7Q_C2%Bf9-AcB1kmqgF#Y`V0Jce=p%LXlBv&%xW8k~n25XAS>O;@dwhHC| zpDK@QB6_l{6hgCxA3edHZMPrLsKUQRh40AEKBMEMP(uq9c{bwm#l=!c4|CKDrHv(+*G0l|gidGdPwW);npzy4y#@ zP4r{}Lad1xr?g@MRU&V35MqGVBOKxV&Y1@zN|uT~isG$VW}*%;@3S6doD>&o>DL!v ziUO;6g($WobGMHD1 zCEueKD-t`frwYfMNFpkkBc{-J&`Q4dVVUBuyOxTEt8R|+)QL6`*(wKc+X)-coA3&b z|0??a1i4m0W~lu_KyEcrUH3!f5)HiEEb|ET+)XBK5~dg`TCA3GnKxD1nqDHmZRZrc z*@f)w^k1N$q{jh~f^Mec1G-epo2jA@G1s*cxd6dZqY~wE#+;CEiud>UcpAt`rS%c! z_L`OQX*Vw`ZIFPxbSqn1MlDqwT6LjB&&Ru>Qcr{-EF~FHgv0r^fdGp@XGXao7e35I zWt~;^`Z7S$K@CVQE8xrKD)d+o+=CAc@2px}PTny&*xVqY+>le$m)$fU*)jsQcFcVu ziGi6VA^Tj6&;oQhg4ZcEX;GxS^e(^W!K=J2wyOaD1VNjBev~%jwn1-Az@i?0)#r8b zhxj!u*HsOzPC=gb4Z){v_91`Fr)b_&8Kw4wRz7P~DB4GlYY&NQrgdpDG5nf>YBVhx zq@q7Z2y!OE1nrmxn9(52_NO#X%eRMfB@8x=8y+U1&rQULlinn~*=$A@oq@_2G&sV0 zT4QkmD#x)s;;^Nwqk;i=y) zin1IAoNYMxVy{uD>1s%gs)B!j@=pLK4kL(b_gukny$4Jfo`rsc=WI-*0GtXG2tA3R z&33W;z$*nMXzv*%tFPfi|=g0RPnKa-OYfBmDj;ps@;6a>K-X8!DVp=cWaXEZt^@)G(%wYWF z%vaFN%K?vB$Eac{DYA#PDuj)6?X>*9v6 znA*pJ?GuD5ubt5CqJsy?z|T(z#bndBJ0FN2xqtnkc>vmIg`!s7qA8NgyRY_RZL%s^ z`;33I2?7Q6`zfEybHvBIC)MexrV(<1N(JSGpx^)cqk+U^$pK_JKrn^BDQ z8-*9RVr%P>nXt%0 zk;sHDK_&N5sT{g2Z$H@}4tC#_v~Q+^Y8OISdRiz^5RW*278{9f;nYb^U^0+Rx9iT% zw+g9D=`}P^KOlzr=yq#161Rijz9Y`f>wKI8FF5?(=xjonanp6?c`0nIvrzU_MOARO z&ZEO<;6{oYc?iKtS4`j`MZn|_-TQDp>Mb-p>F#JM)uO9}O0!{c4fl!$jXzZXLXFwo z-B94WEgf#5`@rK?3R_yS%xz#}7LQ5m!!38>7rFRSio{M2J6urmc`%f68-`NrlCsXa zM15JIpiB{**Z7+ZL7(!BW?oS`%9};6u{>+*slvL(U%SN;$s8%xVpduTwwEnZj^ih# z0xpYba|iV^U_Dk(i!_s1C7uby07WT=!sW>U*Aam5l$#J{W1rF8_WDzk_Y^_X#4ZUmqt zP>979V8Cwb#nkcgT!KY--1pV-wbxf*S&^Oi^`e~*SioPT4N?o5jWSaGZdG7bz}_?9 z;@oXaG%)`yUDM0$ezAMy(r)Tg!)VF78nt1myex%l{q12{Hute<=R3Sp?@qEul`jV6iSv6*G<|qBuCy6}}u0w6aM`}F{kgDkw>M3-?f0I!odVhzslj+u>v}|peSz8+|1Jb^T^<%RUbP>_SA?O zgO6ZM`qMD^I=eEfKy>O2w2rFlJ>yQZ;BUv}B|Ftlv#^7yjthDV&G=i5m-3|B=RS1y zt^PJ6-h5>5UUu^f{OmmG* z_>{7JY-*p6_a8Lymp14^Pjy@j+)GcIo~?V@`%9NfA^N<0J2VkwW0d1=&Crx>VFqXl;fu`Y*qEPg_?` zS~$y9yz~alV2Ar_*&k5>(XY>gxJ1hd?WK#YK5rbsr;pcHnaHE^t}E^c#U3A8#+V8n zB2yG!KF*oZoT7dLJ21AHqdjLCkY}F`Jy=!LvsA46c90YwUat$Zo1SPsp~%!<#Qe}H zsRsf!p)cYANABc7>PcsE0Y#!BUjBGSrBid>b%B(0TJ=^FO21=%F^+Gg-^8-QKmA-z z1@}cHB$y^LTV`{s%~3s{Y4*ML5e#Xm54cqwW2tF-$M<@;N+Wm`vGb47ilm|3WC+hj%A;gRbJ+m@Q{X1QrHXu-Y*j$@rvn*=` zC^*Ed_&_kbEa>x&PP0Jxc|`rQ{P9=~ciKV1^>ZJ$k)9jF?)EW5k83EOM#bg})xMc& zSiD-JAm7l#pZ4T&i2n?~?n!9)Q%y~dsIUQf_F0G0xH83f9jl^J~ zLelOitT-MqgEaUnOP6%!>XHkkj|CnrLf3C*^;mRnw;+R(Ir3D;KkI%ClQNm5=Mcw6N9(Z8BjH!AhiBOvm z0=`{i?DgB?pQL0r%zUtqxNn}y_P$gAxe^=*pXMnL=#5?cbQ2CM^7$26(z$flHNM!^ zTVFR%9*MTF4kY$>1?OiUQeTEWr$j-oxG0NvvGT}4sf_Z_X0>k$Yn4?Mu#No480_>~ zR%_;iAhT;^?EW)oQPLDpSZC3%vdfqd(F(^HkCJW#17-sqdVE>?&AX9e^9RsWAWg7I$Dv^n+jZ5$dR1SN#m0|gVcaA65Lobmd)bEyG$belLA8#qr2Kw&P>z-+q6#L75mbd)` z;!`o}lh{y{_hH-S2Pq)ZicO2jzlalQh-V9gviW`O0P{rI8TwIIWv0Tn*!j6}l|Qfp z84hV5TSX^XDDJI?RnX?4Vfr7dyIstyINfcqRZwgK6UoBZmP-HrAhA+BJ~@!N9qLXq z%NUo12Dy$qEJ=AUd>s6fh%gmUFh4#n`~}py6Mt1DbW?(#)YpeFt$e+iBcm2fVG3YP z3jnPu7B)5o$25xcUpZ2SgZ8Rd4OH0W{tqII5FL=C0>(zMeL@xO)h-`1Dk z|1S%NLrM+39Cur?%au&}e3!!}U0n#;xBuLvxu9*j3$;-3{!fn9fBj$R8>SsLr=`>Hw=?Mtp_Mk( zyc0670EXzIYv`_${@Opa;dc>2b)rLaq?I?|v}@G4e|qdsmnDZrYIL^}(m74K?cu|NQ(2ps+ zeCPT9hb*}Q&#a_Ye)}K#dN-yi0)ff8rSfL|&mLL_2zqrZao9zY{`?5R#LN zGB&oF;}ss4k&{c}akfC1m3U)eyI8H#p4Fj@CuOwYK`vZ3F4EwjIEn^VtH=VGnC(fZ zswUxSPfbk~{Mi_^L-k%8wBuR+zhIW%x~W;9|CJOrRLPIjloVP(po_Q=i)n5;QJr{k zbm*j^nZcM|GM5O0py|m^3ai@cay(DxdHZ_?+G?v`#D0o_!{)y%V1Lj8QwKvBU-ZAN zt>p_4^>fr-A%WlE&q}s`MJ+Nv*Srf2>RN|1G*Tn#gYPCj)*rJY5kR*FpdvBhU z<(4WNn(8W0#IjN{iDv^UEas00$mu2|{J;N&`^=@P)N?m7H8%YvM`b}6u0$FZT8H&r zRU|{7UlqxXZP2r-_|3Nw5vsdg1_MVuoA%?CUTT-0J8Ki<=5x&1i?7*$&%pf$>RhrJYj1)Zg~(0axH z95*wT8sJ{n#=?qG$o%&J3WE;T&4H>$pQ@V>Ndx09y7QBd1aW{_DSYhexVc zY#6F7oLKjF^=%6a?=7DV@4fe+s7yIk2n(g8N#Vz2Z23Q}#Y%*97jj80|0_ouG%;CK zQyT@T%0)>ZY+_2`TF-7No1+j}R9gvWOBmkp))+UW<+YnHp^-#?D5!dPn+p6Ag9Db< zN^C^FD*xXqeL{j<5AHa)ZvcX(D7ZHUcd>h8Oh;>x=PwA(?A}WOL-r3k;@VH~9GSBY zt1^K0<^}t#Rjn)*30ehX%0zlOABThZKV`U-ezsj_11*uBk(6e#3V{;qdBt~l0W5tZ4kA0hDKV&_RahMCQaUeK z|L!lZphZPR2|vro7{h&!22)Sk_ym3Dusw9lky#sQx?A?c{r4GPMC{enSnLW>o~gwp zH4aC>XF{c^E^O^C{0wv8U9n$$Nz-Em#g5I-TT``E`ahitEJnIu?nsl$6`)4j?TnrDdn;DfNE z!$_?Ud*2#AQsW?#>ehdTe)}h`rBq*_{X4DC@O~e6(iWHnbv!rUv#NV!4@*asN&uAyvqlE~W>$LF(4DuD~ogO0h*%Gj(Y*>hFRCia?m0f?YZ+ zEF5lO3=_MWezE?9*Z811(ZQ*KS+U5aEavU2H7i^Q@xo+RX6odppfuEYp{74UJeLS3 zu-Eg~AFlMD>%Xgg^s=^3S7`1%Z+@*l!A*WI*PI2HzfZ-dHDGrldt|s7c6a)F#`!@A zi>&-!gdMKUKESx+3t=`)J#ZQ65tq%MSx!2@qX6fjH(2J>pk8Ajpb4U?0q{c@e zv_#~9T20NR9=`e4_y`MIo06K&;!Z!Sx>{~Ur#dwi@fICon_4%`pr@PllI$cgoVaR@ zy_2CkAaR1>!IiR=Y^I^E{)3Ow;k%7tUdngT9rLl{^z?KZI5;@P2Ae$PlEU{ift`PD z4KKFm;9%`Kopmi?F-Jl=H+(+^Y0Hleiycq4V_oa;=`aRnXa|Ql^miL;tt?z>$SBC4 zJVxAkN(^@<>deM;y{-GecXkto1Y?98d0R(Fcm2J}YGc!j!aYRg_Mg@)XCo5t?(TA~ z+gedK7RZQ*j$GL{40phv9&A-y>ZcV2iGz+vhm5>zLhlP>Mu<81x6nS&mNV$H1iDhSD(bE~o_3VGUO6_*K7|*o6 zR;$22aNY#0#4xyF^S0tYZJ!x_`MYoBbR!be3Xlg{XyWj(U%Ko`R9&o|nLuU)!d(Z3 zHak#uMnpS?HbS`_WWr$&mYxvJSBG82ob*nTT_G+U1y+N}N;^xZroR@Qk4*MPCtrU@ z1+HC_6L(6e8RgTFD-I%qVC(rg_69qk*mzV0ci8&;wTQD*)sqhfHq-c9h zz&R*ZV7DUwAmXx)!`CIYba7_PCgzhsQAK&ypgnEp(god}(+sd_)>+Z%G&{v<*|baY zkgj%Bp{tUY%cWfT9nOta>vxF^2z;DVddOg$)Ag)d5-9YOI1E3CcYedX%b;2w7aFz^ zk-ElHjvpdTg2t;HB|kUB1Y;9ZDBI&>U7=p3DDZTQk_tJpt+wBy9+>yXd~kfUANa{_ zmPtpGHP22CH840o#q&97!4Wh)_js|xVBFIm8CBd^pT_kiRta*WI`1cFmyWR8DrPfT<|JPvco1YHJ%`}B_5Y3k|&Bm`)`5lF*5&sWkZygrZ*Yyu8qJX3z z0wP@k(%m8;(jeVRN{&M}(jkI$57IGocXvw1&<(@TFf{M+8~5+IpEs`ey7*&;KhD{+ z&)Ivg^@+9I4ILv^$UzJBv5YvooK~Q|r7~rCal;0$%;hR$^Bg_L*~j7tXLeGd)kBGF z)t(NM+0aS5DT^ivCd(u*KR$nj!`xDfyst7Sky5{sjxYG}wDpZZ|GuWjcYN- zLMCD;ykarjQy-JuB(e?;PeKwe@wiyX@kB{aRaSmx-5$?qlVy35E_q_E3wylM00p)p z2YWeu*}CqC{h>fp=7GmsX$vX2|HDgS@hAZ>@8`z5lBxmb?%1Y$$gw0 zTgzNN7Rc*v#r<*@PQqz-YHtfGe2go~u58{eAE4XNf{c&6XsKrQ)J6a)Eat zOQ{RH5-E+~)*{=D`@ys=m6@Ih6r{*uY4Y#Ysopk};20&5OMmH+Rhs%&h^eV)KZ9``88Q1Kgf2%v1=r-*OcPon9hfDN7NZp}1kIO%W!>Xp2ww zkT^cvT9uFr=f~p=nR2LCTH``9x|W zEMHr~l1Dzu&0>faxujTa1v;hN67xVha1F*&WyU$NZiO?!V+QX#n3A1`TH{$AOl5$TD+ zaKd9X-G9ax6WqBtlVG)x3~E7Yu)K!dY1e)j7DT?|6YtYq`{dNt6+f^yE9L^-v?pyu zPjg=}t=p&;TJZk>66$~-`eL#Xx&VEB+T0Jr8}`o_Ei*ue!dV>Z7zYFgZ41+tCqRb&=2-OM67OH}^JKybBmhPIa@$ITh@d44X`i8AQ zXCTA)fs)24kO~1}`JfNsyqGCsikM@O(;ja2Xwo%extBTUu5CniO; z9~Vi*$sJeZhH3{*2jVH}-`kQ>mk1qw3>iz6Fp&x!Ocyk4I(C zM#7>N8IVuiZa$8qv4kQUsD6QYu8myRhHCmWRa*{;-CA{~Z9T`(C@e<1Y?DhkgQ0wj z4$yODOihosnqY|vH1#mq|@gODmmUfvn)@{ z`Fjw?bc0Wf2I5$VZj@0<7M15Zkz%LN%dh3-@ZXgs%~N9JGd3scPtq?Iz-wgW*Uh`v za}cN(-nU6vbOqr)%wYlj9QovYuHq7v3>wZ7n)Kf}r!2?4%jTzL?yuY{=S6>|8Pwc4 z!lbTQme=@d0X|xl>8!{1nLqwkHBr`lcsvb zfftO&gV7PSlR-6G6y7YqRpCSLJ3$B!Nwm7``^nt{%jMP5O$fl;wN(z#0mz66khGDI zthE~agYSGh6}Nr}tB)pSuGBN?Ze^o%n zGyV3gX30j04mbjPnymA3f{go**85a#njnG9ZBJ25QUx7fA+Sg}#xnC<=gWGwXUuzX zTJ*ZaUx|H=G8TjPXGY-0?Mpjj@{7{se5I$Iz?X+rcBAvyNLW`rEl#-eTE!4iw~Jrk zJcwu!erjA1Bc0ar4l1C*fBi9XkRz2;HN|;vCclJ1Xq0%-OSL(LK3?Cgtc_q|V@*kT z2fXK&>f#%^7^cy_qXVWwX(IkfmiC5+JT-Ep1@qRb4*#%9=9Qu0! z$?I$KuSD|lu-Y8Fdm=Ce5zF1k)HUApQl|_>e^E`$(_=yr+u%n!hNhi&N?ofrNI>rA zkPbLR0%1trJ zlBZ}tLceHiUt_X08@WGCu=Hwk-TKfGh)p;^2lQHQ!7xgxe<^%^Z8)vOaAddeV*46} z2m57U{&qThm^08h&ZNODr@cBKkCag%8QsX8)GzOgIlUxKr?S%dINQm3OE&X7uLM6C z?=hXLZ6^VFhfOWQp|o|5Pt|;^$FO(sz>6J3CN~c~A$k*qrco426@eW?|Kp`#^<{-o zZ8G@KoMH-KM$jpM9BIXPh~}S0Sl^UTEz{kzT7F1;@oO+(5@8{cOr5N zr_5}Q{$P#p#~&H&oWmy|N@5ceRce)c>`_LX-Ml@U81mSB$Ul50hGv3WR+9>!dWxtY znzzKGxs#(&WWbWZX=&b(=Jm0-{@5;8;S14tkbW0_<@F})pzkLGxqZRG4t6JV=Y@oZ zJ#h{Tbs)VkM0i$J;)#q{EM+foxNB@u9Ed@fMQuFgmXNn&AwJY7ypuD{gIfiYHE^Xm z42$g1vv&zl7VY}Ms@Ja%BKJDS)sR~~VKJC&U&9}}!-^iQPr(kHPSoypw(3yW>N?a` zGv8VlCXrj2TUg|CURFe;qM`(|mo(qygt_iZ)#xvaxEkNXvsJzs9xuE+uK1K8`+Thr zLUvSn{+xT{fyoC7KCg_{6W;mr9rNf^udq_``{W(fjh_;8y5H9~ldlG{HTBl$9a@g( zNIBoyaBZontev;sBKwP&5)*gO1S7Vd8+p{fgnYkfdoYa}rHJj;D7m~)14=6@b?u`g z>f12AIa0GD!{vySGODX|{JluiS5K6Nfas*oDP8Y?$}(et!0i>yhX<9m zx9<~A#zAxL1R0lHBTY;lX&zeBjBp>o#??b*xvG_0fOViB&aXEGn$L=OT;>#UHEPt3 zme%Koj0sN{>*1Oo;=icCg#(+Bf5f*f(1#WHqX@}=k;+dJlmHm4D6~TCx*3PL4o6dp zjvujNjn6{FPhq&$JDnx$;-~3JN9piI1_tHIH1RSrd70Tsh9+&Z3-cg^;me+UF29Wx z4eM1Xs1FEs<#>dB^=uX!#mJ<_bG_HJYKq_L*%9)THI-eppLavqw4s7ik&|<2#P-`K zP-DZd!AV~pWIT*&Z-oyI+tyvaXHX$=k z6Z2AZ~toNi2% zltPo6c+aI6RL0e65pfT7JU9-D20+cX!&kgna7gE;o0+edrt$nDk1T%ZBkC37TXi~HmxGPI$7tIjBZ5W-R*if%oc3)9cM*QDuY}IR_R)y z4^|#HeDnad-N^=KsY39h!wPR?G}OpcL>wC5RMn_EO;ZFSg9C|A!0;vxt|pv0-&S8b z^|+9@jmTI3we{TTK_wdJoNZA~K+r0GO}@q6qv96XaIwwTb;o0v>wP`@_OH+&$)vp2 zOw;+EmySF3Bt3PT$KM^EoY@caOF_s_zkL!Ev|d@IbKCWxMB@@3r@lh?Or8e&k69Dunz%L0vqmvlDOETx z{Hlvcf18_d(OSY=Nw_T66<#TfOsPm+Oy&a+`=6DSY9~`={y{Nf8qYlQ(Kj`jM%j6) zs#v0)6Xp)F3Y~}gWkfmV?(JFo@M%!8X_k?acN7O&;h;1zbnwGMAf$Y??g6frk2b{a zPAd>*E>o_@H~xI{2`V(!$P?PAISp3n6`;U~jmYw0N0;ZLgY%i=Up?egBv28JQtNNq zc)hh5tU0N=*d&Vx;k*&S6Rf)B8~Y;l)G4Ly*^YBjUh2>JS3paujI*Z)f8@E4`*kW<_W6Jl%)ez65IH8Ff9-1eVt|hEOs4vx zWy4LDU-&iAeT}>;=N%J`p^JiOq8`&`+SeNn@q^=Z1gsytkm{W!Z!sk~ESg!erWK6P z))*L`-NIvjRzm2J+=o#J@Hbut z<%%!1y8Ci!yFWVo%D2N+TVzpjT7;^}i)s21Ev5&Nuj=fbl8={(DD<(uetk$8=TLPP zUIBOrF4oqo_!i4w>^P#c&uk9iq5X~~Tczrr|7U->mlhWH^rB%V`ft zN*6-)rJ(ck!aEKo&NXh$PZwR`JUg)5n&Lp-y~aAXSKfuvK8uyOWeds6w!5yn#X42p zPFzNPZd~Xkc+d0+oLSUWS2{jBjk|&80o-I^DEaps1udW8TG+U7w}0i76u&Q2{Y%hW zn>NE1IRJKAv`Ix%Iq-+{xZAvFpV~Vxb177Pw)W)U$gQuB{Cc9%)gES37q`w@P1vvP zvd6J_&=&d$nD>y75FKUbA5vEx5n_E{5v3{c2c;dDZkLWoI~Y-0{cI3<0Y>3?qwq1U zy!uD}%!n{Dv}a*Nv?(GbC+8~~Y_6t?$OV=Yd#CmIbA{R_Rv{X6y3l^_XPl*&6*Ws$ z?6Ud`t|JK!9Bu%i@1+4i(&KJ_k$*eF&F1BpdR~t_)mBcR-I?TwRq#}nes?m)f2SgC z5q<1$$3wgPIs!4DXwlGMg(ch|3lX;9tOnIU_toMuIP=`gEqM(+D4E)l$DM%@!naxL|lD&~ReIVwczn);mj@prt|c(cMwzBl$l5GPb;;%=WmY=bMR@BPG&MthTpe}E85CUooBY6bfHGPStp41IA4 zw6Pz=LlR><1s;T8>^08cJfm#FUJNG_vgV_)O=hzi%PO;p4YO%((Q6Z8{`h9zGynBw z6+V6=b;+|Fwv=L-T>0F7W{*TC50;v_P6MfrbcP`jH z&R3^`+DcPHEl62m=}}uV+B%j6`ejR|gdDbq!4Z;vd|7-@bPcE5y4&jH$LXlTbh%vD zlyPhZ6kewx5XP@NbVNJ+$t*fE?wv`uDB4qMv%gQ&%uYSdLfL{!XFmjV)}F+{$$|pW zVbt0A(-e#HrfXGS7L&8Zzzj9E758oI#_l^yhh_?hd-~)x7v1VF23N+J>g%V~N|dlx zvOw^!Kd?FZAK09ae(%}eC_f<`J7~x9(qMv{F*s3WFVTX}1CJL`*l1w%m}$H|^>Umw zCuZflSR<%#Ghe|fwV-i7L`nU#L0-8dOj}Q{Q6Kz!;HgdVWvAdBh87?jEJrA`)C4|iwGDW6mgZ)u zbOau^U_{T~Y0RXu-a&3aH4sp`i+ashQ{)nJ{+5vyX0Jio>b#7DjIgnAIjE|>pMaP{vZg?r z=tJm4gC=edxd0Q%(sFJOzvRrc0r9@Wk`R-d)`6PmEflC0i&_b)NZY!j29jHF9e7HkUB3{2g@f+p zqF)t$`Wbrn__0)R5a!iMf2n zyB%4N8wCc5_B$5ctPfU%TNT1iE3W3f7f7*5g+`$jn%TVY(W;YYb8`0Q5iR_ZLz(qX zQ`C7aJt&~BXx?Fu0EH^$@gF5>Bgg0e?0ws)Q3V?VkzKH?5vrl=@y|if^P{IFRmvnT zM^e8ngBucKt6)|dvl|1Nz47DCA33Duaw}*S$(r9x<*W8M3D#NB>%uvP>KV#t>ChK> zHi=`w+LMXyg7*R6@6QD0mqwCUyxA^#z$|M?`<}-#tITqhRiBmmGBgVHcGPG5rMFhS z?<;t-r-2i{>t!w>N;s6^WYYoJX*d;lbM(`8uZ_U%ZV7We>N{H{?^d;__uZ1MX*$!F zxvUVIak==SpP0in3+t~voabF`*M7Kae0E)^n*I{eq#Ti)Nf7&qZcO{Ln^RAR(Drn! zrXIbktLt$;6x0h;FWq^6k974$m70<4=(Bu!b*|q)XOCPg#YpDg-ylk3W^1`4*NDwa zVpeUr(_Yba2`^&;K#~Uc>4shBA!;fe3 zo0Qa$ORSfco5=b^kohgGi#GOc({4Ftp_J%!8|jm~zYcR+;4tUx326G~F!!;;=ciQo zel8ninK+iIAL@Ykns+t!J3YlF4uov>REz`aVAS()I?SNEdJTT4v3veD%yoNI+}8IC za$j1Y`3=N=isbkxci6xMz_q4L56{I#Qa!S*>#(3`6u;?x>pv8&C^%Y#4e(ZWVW)fGMwigcOCV9MbCox4 z;ZhVM#0>g8*JRZjtX<*#)7KXTmY-ZJO|^Yl9?pdNO0Bj&8~@HpUj^m-?4pSi~*|`p1{+YzxK7$AP+KY6j-aKVqZd(HtKH(lI)!>m7Ku-OKLK+Oga^0TNHyekV9JWyrV zF^r!4LU>PqZAcowFoOz_&Ai)MRg~JaKzfX$p^|5@MpM$+SGU_xx#8%Gi=^YpFm1)2 zkRLx{X(qOQ>4NItD=;9*rl+}6awT;S1AWB)EH2JJ($7Kg=aPQ|i%%$JyK+(k^9o~h zN8e6&?1H&LFH^D}KXmTw!0~iTvu-dwj>)%sH$rYV8nC~wj2EicBs|(1BH}JMCkS}k z7W@^gJtQ$Q^wsx7rw8G^%U6G~BYZPk6RKCTQFLC!{a^M`3j|LpViWe6tbNBiYB%f2 zEl9V(7wGOscQeKf4Uf)0j+IMc?zou{X&;Wf0}7cXy}DT+=QNw(QrvKPRMM+r3~^?b zZqqi0tf(y(YIA|HHy)(h&)?Jcv+yl#s}W^v${8CH2G=)Z8Q9jgEy=dM{mJ?f1H=Iu z;mevTw;B}aHgAnf-uVt)!s&bf)Y4Z}GjCFpKWG}+x_idAR82SmPMr&Z;jLQEvA;u) z`=mWI^K$HMh?P*qxor3F8;jUg!xv!M{>0PafsNfKtLm!(#BqnAk{`nBLmVBFL5b;~JS>o*lj@u{*7OHJk_ zqTxJ>=yR*A*ZOAqsS))@_aMo?{@@uunUQ~B-TBy>55mpQayj3?}1d=CO0Hoc^ z`DEyN=6KxdiQKkgH87Q3Dg|fCr=0pUL-g5Yp>Zr5dA9oc-#wcTygkLVzaHG$p8cGm z1(@qAL+_$ve@m)5%emK$ENR}O1{3^OdA5RyQB~>2;Q~5;R4G*-0Ory%4APH-tJFEr z*>oCktbEP<&0;md&X&R2X!n}LJdN$PxJedA=u}yR$7`is%FETa-jN&qalC;?WKn6z zQTN57{WRHFnK2q8D^pyyTzsEgN#o{bevs|5N907O*6W_3S2SvJ=*hJPU=dxL{dvQU z`nyN#Z|KfDlAj&vsFXBnj213S*=#Xlf!!x6Ivj;HZxno}o*;tFrR&Ptcxjn2b9jo= z-e|kqnbh?E3}+lWi*AQY1*3|%#P(2f#;JcfMb=*UWTfL89x*|E*!VjL2Fqc9i3sQ2=b*f7P43=V5{m~Ik15f=HkF(1p zXi3b(#8kNDA*%bz<*41TE0I9|;M4GvnO{_!MbmV10S{zP6n+(ON#j%dE4`gE*6iRx zZm;?2f45l@yJ&s;aNsR=``sX@xdIz;cy>zS8!u+Iwcu*GB+9v2M`YuSn`P7R#O<74 zk-;#Lqk{W=T0R>18QN10@_Wr~S=Oo}$Yt9ifQ40p+zt|o?(mEtjH4uq2d8I8OPI! zFEOB*sB|Nl7quEI*LHXhl)eUhek$lP4s6}j$$&`jk0USqZ;@UDD> z!KPlnJ9&?Tm`?NcCbLK^-_L4t_jPd+5j%ey6oN|oGj+{g|NEv)f*8~>*77;8i#wMH z8BG)mXaTTs4ua}e++5*5G*MnU1sg=u1Ff#n<9l`|p$w|c7m~}`FM`F@{I|`px0dV0 zgrO@xHY3gik5K>Qf4BJsaBiz9wH(E}iGyp3>6tTG6ResQSLE&t(Z*uK0oL|!1gvWE z=$%LaG5SXB50p|^uaZG$z@8CD>Hsb>DKN~^XOX!lyhTz5J+shs4XcHiF zbGT7x=te|||1!X4lR;%yn4J`+TVy|zFXTNTmz(ya&S#tQdXHj%+G8urS56o-N9lEQ zK7ec25(*8mo?F~|7pqR1L7rm*(@q(x@^gdah*Lkhnu&*uzsqOy0iX$W$V<)-W}ZR| z=6Xsl8peVgk|Iirv3Q_EiH=(5B{l6}gg}Eq2S1UPtSr~%?!d@KUt5H`HANW)pyBX6 z?<_7}-Iz_xJxA=uWn-;wia0N&r>Wn1bS^z+pw&#ex$Lo(`KcE{77DI#7o8FLu6OMV zcHjZ&t&rRULV#?ggJ?bH@dId2j8{`7oPf#I-K(DWr(EpyGl=F=Vf@|)vvYZ8|c z{jsKN6$2^7o1wNd-z&iO{L%?Gze=OeFRZrCZS4h_Jy#Z5;rb7n9D4qjDg+*XcCk_M zUvm#lM@QAq|Lydg5%Jc{EJyLpw@!gW(IYceuM2hhy))LZgj?9F85ZMVOyQm2S+SoR z#rh4j%vLqSFUUhJ9JdDmb_8f*3AKjBQAtT%$NnUMRuofD={K#HKSoHOpA7Bn)DIQu z)?i46{*j!mz5h{p_z4*xipN?AR|Gb?Am@{up=1E~cABlXNq(VArNj4;iUu$3cl3j8 z#d2#pKm{E;lstY`7RirJagxk!L9H+eEu2jR+M$&YtS^&yMZBs7;jL9moorq~m~@ro zkSJX9Y0H7<(a}*3*C8A7${*eQmy4*bFE>wz%5AIyhjFlZ&nE4gR5Am{6kRQ;jqSDH zJYUm@^Fpo1?Z)Atk1TyU{jyWsWB@15xkcZb+J|sIfX8a8pyj*vRpU_&88W_vVtj9y zf!K71M94A6p)xkB5sQ@XL)-;Fl48aeT-ZPJBnLusEr9>Hjr}$Sk`xQha#f5?1U7+w z;d)`dzji&Jrwk9k4-Myz0!pO5ZyH<^WxWSN42Dbs9I0|80Isw)IwJoQB@^AIqZ8Q$?)Gfc1duSFK*fdK>aSq3<^~7e4 zXK+;`-@tszcs;s`^G>%-BycD zh7$^Otw_XO(UC)93qS%`Nw*y zBKUQW_ir4_;Th1j)h7!o$@{?rFSES+N|sh_)I7*ve481|Gxs0<6M(;n9tJxe$^*DCqHKfx9S%p_s4*8RglsFxiF)cb+w6x-83ePmk**ggMsO8oOY ze>@Q3rLmEm`Pzw`YZYW z?f&xl@aI|KO9y!VojK-JqEbH3$?B9f+f*d8w+8|O9r;52hB(^%u$;4}MkdbUk|GG*y`ns`akDe5qAF{J`I#E~|Po)(0UqfYj>|==*qaMn&BJ+=|;BCya znF{j~z#h^=^;*LLX>4rlcy3Ssv|u}O`RISy{B8g#?>L2Q;a{Dwn(u4%!5cOHrHMPLs{{E=9PkX?wSpSJE{`r9Z1bAL;zj}H9*ChVWukEtm zv`0HalhOY79Q_Z2;Q!C-w3}&xPd@$gQ2*tw{^!>=N?_KBpU*z|M?L({%m9nwKYwqv zfU^>d*_Qmjr}KY~_yZ*|fNMSRqlW#z8IFPfqca0P{d3ol-+$i1|8tLjZ-(jzY)+q) zO-TRe82{Jj&wq^Dg|)8i|9fu#&%J#<{SlC0g@zx?R` zx%z*7c*_oeTv$(}s>S~$pWmVwpzkdi(sp%q8Ca@86af2r*4O)oxdcofO@)wq&P;2h z!17)OH2P3>e(bW?JgQP-q}Lf=*QEd{PpY}}pO>7n7u6EAPK5VgPYCeCV?$f**;?qn z-|15~De^1+fgF~$oR(W3CLXSA9dF%u(*jEDrlq{k5puHQ^jY6t=XWZ`85i#Xa=d#Uo>$Mpykp;FZ zG}bjW*b(@ezg|#Ay4VtsGAokbuH<-`BV1?KX}J&qf(WR+q*F(fa7~Blv3#H2lue_7 z_hZ&n7aSg8yhjU^pLsLxH4+sq$neBN(HvWcN|y_BqfIWkKej3JM0@S~itc#L093U` zCe@!fk>^-Bq(sJ$&Tz0c74TTt5iF~g+C{L9{2dg3LuJDDQP|Nnx$Pc`N=+r0vY(4j zW|r!Q;SapsOFg3KcdqcZ3r^yggkl=Rj+))n=|Yk!X8{$#D`OnUZU)bFWnM`6!RA3X zH4_49I=d^#PYJL(dKsI$ryknP97^SOp&7o9Bo$Je4a7}cUUiTX-?mwKt4yA2bwoVI z<~aq`CDVa$&c*z3L%v>}0dZ#jD2*=(la9pTZ5< zuR8wPODOSB)UO$a-+m}#{deuY4ZwG~>5JUOv?|kc8m+Sf`h;tIF}xADC^^}LTUr$9 z0!WAf4a>)*%L-k!sl@YZ)`bHd@Z`n@Om{#fXd-TRQdV&zp~G?jOtykjAI^hrm8@Pzd(YDGsU22vZ+j=N zmk`k$X3@RyWfT~q4gfMO|A$1NXke0tUL>yrr$@a7Rp0xRXQ&(`Pv zY`;uwKKj}XKs?fEzf(AVtpNxFGHV?qLZ*LPNYlw6B~k-gh_k;oyDC{u;POh6&K${R zWk{k@mIrcxHzk^npWb9JD8!P^HCMu~5+A>W0#oMRcO z6b!tY_hxlhJvR@)_UDM`Cesv@aIbyXmg`I8zKHu{&!;(5%^S9a)0|>0w2PT7HklNO z4dtlU@jb`KvLm@tq23u1z>x&>SJ=UmM1)6hu>0mOI4POd8hkBsWC8j(Rg-WQt%gDz#O=tt5SNDnbJ-mEVeBgwOE(JYgGfU8{$w1a@jI z4#Q53h44EsnuQe{OXTJ=m!IXOr)^71CD*m|+p(cm91w%%8BEKR4VV|N{I=ez|OY#0_A93xfT(zZ43bA-qz#%m7ht6KIx`YxP; zwtB0>5aFImf=4cOSLK*=ti?I7W;{KyRAGhY)Y}RPd5M;KCxLg0aM%C~#&7`-+~i`r ztUh%sjpWUm*oE2)R)Yd0Vr=KD>mfv!tVgTnb95u$3XOJ29NxkwM*@OuqHbbM?hDhJVQIeqIETxX(6qE2a*wzGOAYhuB92j0Tkcgh&AKy>0(lHX1PvTwaDS{!{a#^fk~|8qZDvcilZAv-FmzIX|2aqm*(+p zN*b9pDUUU!rk)+-mAiwcRW$i@M2mUI9P-;bQCuFIu_%nmxMe;EZY(R9^Q*&6tX7`x z8Bj$QKgf;VR^Gz28EC@IOA+D#eiHR z&x+@qXjh%SH;fBwki!sCuCRC`D1mfem9W`Rmh+C!*9wqWT6!}O!%&!SC{`BuDzou( zkRD8r{qd}2O>?8-ok1c^{8<5;X9IoT_DFTFH(b_RzV&qZ^K{K`kHYKEWbLzBlkrIN zgRf!6de%I3=P`kHC)$e=Xfe5I`g2oL)BRUAbjEzHAKWd*3)h>2K3whf=yrDEONx;e z(264sX4J-#;zUW6_bmyUVN?{i35?0kG3aN+6%#o;8)eKNPq{6oukM4|=<(L&aA?oGWMa@<6*$1}ivoqBS5ZE|dw(sxDlP7=)hj=DHR zLZ=h{6`!G?nb`dh@q?*3_v+csGS>shP|y5X+M-9q%M$2y44V&b=Zv}N9CgJ#qfBdH zAecq?s|;65wDyXd;K|WOy;3nUiB;`hU(_R(MlaAR7(IA>`DheZh-@pwT%klUL{K~u z&O@?mwIMMXK{UZt7$WoI`8_5E6tCYEUI7f#t#2;Xs*=u-%RB0jq1F31ZN42Rv-^wh%QF(>WZRY4 zpzdY?#Z5M?bv2w7ymvG6hW9^5JD$iixn*ldt;l?7#4z+gkOe7kO?-1ZshC3!A?fR0 zFtd#{9m6QR2bky%vB^%q(M~ZYj-_O35g(23nS@t(d*?H#*xEv{NbXW3Qn(%Y^86)S zSgxG&u~gpWS)ov*ticcD*(cBNdn9;IvIjI}?ey<+Z_>qbKsn--rdJ?g@lnl*fthC2 zzPD*BGb=>K~(4d^XOl<~}8 zB3Kk}jIv+Y`MbN>&QgraQ@>WVp$z87W023w{Ixn9TZUg`e7VkQ-mrYof`2CSJ&>n! zVbSp2K#Qo1T^FP?5~yw)z_%GPtWy$Ah|V9u*y#Rhu!XBlW&hs!=iJe7#&&PScA`c0D3uHa)}Q^D=yT>AYqgY$PG7apPjG z(4@k=zd3E^M`r202xCf>(bSScA}bHAS46Nvv&9Zrg>W^qdyC%HDN~K4ZtV+lSLe+B zCk8_$jI(%_3Tekk7}6sCxLq=JPY;Q}ZK@cR(drUd(SFq2yLh*uib%x|4Y<;o1t8p# zL{>=VEZP7c;&lvMx&$n{87L~T*W<~4*T!pS0*jhSNq;5wD*CVVV&zYo^(y8+`JgiD z&!Oub6}Eh~0y@K#WyaYeD~4E;?D{ua7bVBsH}77&xtflf1n@1>ncgT*`0KWk`^k95 zgKi0vfod#76Z)v_E+BR!+Q1MA2U|S?oUYIpc8FLax#Y^JIV%E)2VU>;Gj#BC1j+Tq zNj{EBg;ELmn5L^A{iK2#d4gPJE*_ean2uMn8bwt^xA0ucS4lKk(R-6Bl1SQrH{V5HhgE} z*Q;XaLjWgjAfwwaSGlB4WF-#T8rJWZJJw7rGVn3^EVlR4>G*s`C92sm`GxlA;j;98 zY}}A)45h}#zb4;y8xeAQ#&oz*O|2lwtakbtb5!S&w?|Yn8cNq|azAy7IELY0|0LW%F!;X@4u8aE%d`;7$JqE#mxt9g{B0vQd968FbfJio zF4PLeAmk9e+HGHZgo32*2QeDk(lx6sJ&%=IG$E7KX)7P!7u&;$rfq+>tC=a!NBTjn z^Yt<*^O?mWoiPE+7sbbMen{40Qy06%;{C^(Cr*oaFMn*~fYx9mHq;9fT9oj!>k8-H zlRF((`yB4zSfN;k3bu|J5|s*79bbH!YE2$;!+nA=J;xufgH;)>BfJfT6zV49~opEpJ8t6a+lwQGy+{YY{l)`a6gN|SO zLe9==+vMABE*ezzP=`M!dAPRs&RHFEH z{|6X(ON<`lF^1XUm-XEerNOqu-ESY>d0aHZvWxJuKI0`ktN*1{r=f6r zrHdfJ92q{hk?Ta&-&yuf*z~eSMpc}KBsw)HHT>+fcVlzlPgfa5RL$^Qhr1?&%lgG#T? zqEaOl{7}J^<1rT|=7$CTWU!`W2`uh2Bek3E3S2k#c4l0I$YQ6#QE5R*g$isGIwPj` zWeyALg}@(X>cz?#zo2CKtEQ{3J_Rp)G0#o2i%JGe7=615x5bT;En)mt3-?-+N;7dq z*|%l3$V%I*hvH*^1Nv$!)iFui5&hR|b}&l=g=3b)goBzI^P}R1{wrQuI0KYF*Qxq= z`OGeCH~AS)(HU#gvUN}8l{$1Q-cM(Ei(uq$Q03vp8G>-n4 z0Tjutl{(wBPGY;yP+21xK+ev4TEB^-G9I&%bg$=1-wc&J^vaEMF-x{tjBDKv;phk7 zL9jSX^|8h55`LoI>lpRbPca`{XOqggQZ_@OR8x7bIB#@Rb*6RLW~M`{Y(Vg>JPH)O zAz?ISgE)W9V#JZiAJ9(n=^x0Y|3fLopO+4RVIi&k>Q-k0?F7H0t3dJeR@3oMzvn=X z-rqPb8dhhhUd7>qC?cX}UJ^pmh(0`G{f!u~v8GhE`!X?4j0@3?v8*$p!YrVfq~M-{m#JqL=K zJf!;-_w|JKbw>q(>gJ=w@O}QD6wJ#JChv*^o2kwju^@3yPY!;YDJ1s-PSNsrspE-b zu>6;Ef!hen4<@K1nly^KH60C=)O&{-7`8!GZd^LX$}g$9RqZIbC&a6QYNLWNzFX<_~&T2Ay>H$YH+ly@_Pj^C|<6Il^^>lk>E&K}&$h%K9w z(?EXz6?Y3=Nzx^)jTza+R^1ODuip9nu!qs-X2Mp+_8sk9({(44OZ^mK^SXV9E8&1BL@sYq44y@;Z#`WX8LGtB}n%zK1yPxV>L7wprk9bDwk( zY_RQg{8oyJPWJigKqt5HfJmpaKUbZTO^8bjhuEpu(bu!6wi<*apD!FyQtffcUu)vy zn4Q@Ai!jd!00@XLB#h^OmxQI<#UN&@bxFor-&`N8v;wpT(HO9p+oGIG_llx^t8w+2 zupf?hzBcDU{F|2Vl_ly*j1#fo#WpilR=X~;xFRz@-~*v1{)ch6A#Y>E9EJPl={r*0%eGaT3Jk*};40J(-7 znx0Yezy`)3vw(0`^&`2`S**}1H@x|-*nM@|>ORh3A8dc0c`u~y@d2oul=Yt-NjHY?-x>kq19yThy$sYuJEYm`VM zZjk}KhaJ9?Y#e(G9>&euGAnDDztH5t;cP)-h|fVpFFXgSVnFqU)#UfpIodKWBNQEJkwh$V%(XI!`AxjRyQx9fax#?4VvpO zDn^$oGVoi|IBg@wM7@k3l8yL?}6EfOsqh!cbmRM zoT%DbFf%&eBEGwNqi^?sl$|#E}-=grA|rnl_nXkAS88Jd5~o1_}QT+R+}~-#_JdT6y{(E=C*uRYp$YeZId!XN6va ztzWI1I(0N}j#!%P2Hd)FD) zRMzwraE*c#l_m%XHdLeuD1;_NM4F0HrG_F>EJz6)82qjViBq8Am&+fjzpS%0%{rucd_nvdl%sq2v{xhfE5l$(@cOn=MwltG%(HX1w zHZbBocPyNVSt%Ea2FBEFzL1tM#H~?CG1ZJS`mY_=%k{F&qV`j z+y#BkoNVa2m9=l*z~NEsGFR5Ackd=&3I*8}T$<@MvM@wDt|88qoP zr=Tt85uVqkKd)a;Bi>V{VDCvvpANbHiVe^v2XLgQFM5jcgjr-(bK7`QbNU+~wVMyN znxLma3Uh9kqE#-El69?I#D_om(7aKq@)z13EyRM0eTv9Nb(69Fg=Qh&zlZs!7EC)% zr?hv8>!7q=*bbb1;p2~&Yz;1unYcY|bSQ2(QOfa6Qa@ug`&Ihr>+SG^Brs4OqjsBf zv*PIdswHACfXipwzso#v|G-h8-k+T;fP6@Cx|(W?T;PVqY)y@AJ46?V@wreu*XL?? z&-ThDUT1kMhXjMCtJwLv)Ixc^Zm$Zp8_{&pyd`Bo7ybw6G-i>fX-C_e8O9nNQHfLM z_cA8rt29aRNfr(Ek>U4!S^IG;57ieB8ADo{dFks2jKM}NMf1geq1`6eTI{4(p-t*g z03{a9{ML+=R_Wr=VDuM;!`xasA#kQlcxuJ5j(J-Pi|KDpB&#a(As;Dat<0pg0y-+# zN%Cjwi<1z!_o_p1GqDue&m&PC7O=iNZj9A&?KbcX#o2MrA=T}m{Jx@TKxM)w^(EJC zRmMm>Yx7%@nWxdSu;sdh^R6^7Dbe-y3x%_DVrAJ<>|X{aPXV<1danWr7-hXl}E-ANqt|Sz)5F+o!D3+|4-D_|AEI zK~C@9=6>o|@HfB5r6 zNv*es8rAv?--q`pJ8gSEW5}@2hU3KFYMZb&W{DOJG!{i@7MaLWFom@OWu*kTfjJ<@ zOb5V#PN5Y%ei$e$M%1u=E+?5+R4>p4_W2(FEJt;+icYkp~gL+9Z!q&UIfFDp=i zdJ$I7ZuYVxHq4jgpH%$Pw@>-%@dEGQk!{vMo!Cp8rFj1*x0pKzq7Imj6^#<=MDL{J zFm-zxTRCxB$ro0LAI);5bs>avdr;`bA5tPXchE!dEvbMDeVjL^eL^4eAw0h~1GQN&JY%}nv*4?QW? zmn7oZ>(sK+XJ9=-De2~tG1TKy)x!G|0o|Zr$Axes=l7D;>(Iv&C1{BJkL?0D-H^6} zvhK_@RFdP@My7q`w@j-6ZWCbp`>S109wx9m?LknAGYn)6zUk+~7aN$~Ax0l#VB<%_ zk&`AI?uid-kp9LZZQq7OhG&T70$WCEd`;uCnCq&@NuvjnWxtt^(=2w=5-Fs%{B*wH zP9MF=3!xDCc$Mg8(m2-Z(Un(*z4HVm_^N*-RTFO6U3B71Mij-*lkR-e)~GJXq=hPq z#r2D*Bt$L0Fz3jVrFNa`hd0!2-*JlMP5@b;@ipY-#VDa5)Y6<@mqu)@l<9gW4zXm{ zdV$odT^n$65K9!`6bHS=lw~z^h()cGKhBr{IG8z1j8D|dOoq;~bYBCFf#cm^hyZY)oPl$e%IkEz# za;=Id)@Osr2eF^lBZ(4;1IB5|aM2BQ*VFK2W)TA|@roWvo&r^=<0<1pSqMa;T-|D_ zbth4tJBIvl1F{1-8uQJ3qSFF+aiUnU-xE9tm-0+pKg2817Zv<*9(Dd&_`dyY9DwL| zjZZmaja?CtN3~TQ{?U_`97WUo+FgpqHg|s;T&b^pn@ z3DU|M@$<}kc%bp{%j>_10$amp4K(A5t4ZO{UT!{y(aCq~vzQOvFSmM27WI3O_(<1Q*PK-xoKx*M@0{lfj>>0IenhcV-Puhu5B!r(via~l1j~Ea?omo`=u*qi_XlN{NilwI=8WFG5jiM z5?E$8b6;I0CKkHexJn-~k089D`9*-&ja@UGpk?m4dP?<|m3N#6$KBt^A7ChqZ01TC zzW_?eqL~aA43SOW$|hv6(X!^@7zD59W63i>tf2?D{xDxgWHpg%hfG zDAH_&HLVRvI9ax!b0;SRpBEVlTZox$eI?FqnpjY zTakkrCklMqe6o1J6;umMy;U>4IaV}DQY*oL(%@K(p%(|~s4}a9%F#X7J`3-!w>Upv zrWn9^c#f8eFVUc9DuCrR5!7n`O)pF4*fZ^ndKr8K2@&YQ!Dh~n)$_UOzZ37%yk|L6hD+ZtUz; zQGzS)nZFCIi8B(ro+#4RAyh1uJ#uQp&ladT7?G;StI(i#t?mj!kc?5)aL&^xL7q|w z0Z)~tEvKWs`GAaq!IDKDe?c^Q@x1&2(9XNlp*4_?8a_tFRP3CR%X|!`{2f__ z;O_N=LVsIzpRf)=76mOm+_a;l1fA6iZuAEjN{2r@vNQPI|G}uzo?Ztxo<6ocibWWu ziYl`w%{@726)-*!kTzZd6d0_lX{FZ zg!xjif5_42r!ak4P2z1OYWPiIPY*`DwQuWl)$q|R=5!Q{Q?J!g+vtpfqg~*_rz=nw zKHV|cWPT%M-SOtmfHgeDHfUk?3*2F>2u>nK6N%O24$*WCPpf2*YR0e^y<$yn&?_qa zN(FxT9UI#7F!iyhcoy2pMnW#Z?{aBp*cPUoya+XC zSJbJHDf2|Y7tG!8%sRmWvn^lQutDLF6>l&9-+@2s5ZCI{*pi4mQ!}kb9;D6nGPd!alb~{fP|EI2`9feu?lwkC_QTWOxn|9| zo#;&bm+--^#o_3gnQ_1lXqN9NmRH8qo_)P^R2ZM#RVj+d z;(PP~$dI7-?Y6Y{hxfCo-I%0{RP~fVx*f7p^XkDX9ryi|L*AHd8nyFn`4}U!0xsRn z{)?`COwZSm#g*i}7|FL=3n5tcU-8$zFu^=ZzXF_?ogG?Xqv!pGhI#1V^4= zKWrq>GsGB?gE#jCP{doku~D-S@7MhhWPK%+m14v;H{$UQx#v#*kJMiTh7Jow;>U`= z$^9dX^>PY_lZW!x5#v3we=Diwet<*S8mDyP#=m904{mgMAHDpyGXJIW#Z1e-yuv2i z;omZ^90L50;r~Rshnv4>-2as3|7jMD#YSo#=l&4q4U@@_;$A0Eo!@nT5wCt*PQ)(> ze__L+b8@r8pyVe-L-v0+|GnlpTM-=Hqd&p$%J{Xh_Q0yK^*HZHS`s5?@L$ZFRj_gH z_mvYp|G3m5lz$jP$+>6{DNP3afS`2)=L zWh6?k<<${-j{QTmc$1P?h Date: Tue, 14 Jan 2025 11:37:41 -0600 Subject: [PATCH 42/53] docs(change): changed PR Title requirements (#625) Signed-off-by: Eddie Knight --- .github/workflows/pr-title.yaml | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/.github/workflows/pr-title.yaml b/.github/workflows/pr-title.yaml index 72da10c4..fa583658 100644 --- a/.github/workflows/pr-title.yaml +++ b/.github/workflows/pr-title.yaml @@ -14,18 +14,17 @@ jobs: uses: jmeridth/reusable-workflows/.github/workflows/pr-title.yaml@d788c4f6994c7b37134a9f592fe5db42fd7a0957 with: types: | + add + change + remove + scopes: | ci docs - feat - fix - scopes: | - add + feature + threat + control category - change - controls family - remove - threats requireScope: true secrets: github-token: ${{ secrets.GITHUB_TOKEN }} From 9379f07c84494650c71291f9cc0df3a66864bb6e Mon Sep 17 00:00:00 2001 From: Gordon Campbell <62692513+gcampbell-sl@users.noreply.github.com> Date: Tue, 14 Jan 2025 17:44:01 +0000 Subject: [PATCH 43/53] change(docs): Add new participant: Gordon Campbell (#624) Co-authored-by: Eddie Knight --- participants.md | 1 + 1 file changed, 1 insertion(+) diff --git a/participants.md b/participants.md index d81efe81..b5ddb9a2 100644 --- a/participants.md +++ b/participants.md @@ -38,6 +38,7 @@ Below is the list of participants in the {standard_name}, who have committed to - Daniel Moorhouse, Scott Logic, Sep/16/2024 - Kamran Kazmi, Google, SEP/20/2024 - Ian Walker-Smith, Citi, NOV/10/2024 +- Gordon Campbell, Scott Logic, JAN/14/2025 ## How to enroll as a participant From 14f1f6eef7fa5fcbb6d5e9f5ce990efb1bdf57d4 Mon Sep 17 00:00:00 2001 From: sshiells-scottlogic <148051590+sshiells-scottlogic@users.noreply.github.com> Date: Tue, 14 Jan 2025 18:03:55 +0000 Subject: [PATCH 44/53] change(docs): Adjust guideline to policy with specifics about the voting procedure. (#623) Co-authored-by: Eddie Knight --- docs/community-guidelines/guidelines-to-policies.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/community-guidelines/guidelines-to-policies.md b/docs/community-guidelines/guidelines-to-policies.md index 2c7fde30..bb2bad0b 100644 --- a/docs/community-guidelines/guidelines-to-policies.md +++ b/docs/community-guidelines/guidelines-to-policies.md @@ -6,9 +6,13 @@ In order for a community guideline to become a community policy, the guideline m 1. A pull request should be made by the [SC] member sponsor or [Community Structure WG] Lead to move the guideline into the [Policies] directory. 2. The [SC] member sponsor or [Community Structure WG] Lead should call a [SC] [vote] and, if approved by the majority, the PR can be merged and the recommendation is now a policy. +3. The vote will be initiated on the pull request using [GitVote], enabling [SC] members to cast their votes directly on the associated pull request. +4. The voting period will remain open for 7 days. +5. A majority vote is required for the proposal to pass. [community guideline]: ./README.md [Policies]: ../community-policies [vote]: ../governance/steering/charter.md#voting [SC]: ../governance/community-structure.md#steering-committee [Community Structure WG]: ../governance/community-structure.md#working-groups +[GitVote]: https://github.com/cncf/gitvote From 539d2fbd34d79d3cab2f3689a313c0a25714e114 Mon Sep 17 00:00:00 2001 From: Michael Lysaght <31510876+mlysaght2017@users.noreply.github.com> Date: Tue, 14 Jan 2025 19:10:06 +0100 Subject: [PATCH 45/53] change(control): add in missing controls mappings for object storage (#622) Co-authored-by: Damien Burks <20100558+damienjburks@users.noreply.github.com> --- services/storage/object/controls.yaml | 41 +++++++++++++++++++-------- 1 file changed, 29 insertions(+), 12 deletions(-) diff --git a/services/storage/object/controls.yaml b/services/storage/object/controls.yaml index 650adcb7..6102dc60 100644 --- a/services/storage/object/controls.yaml +++ b/services/storage/object/controls.yaml @@ -120,9 +120,13 @@ controls: threats: - CCC.TH06 # Data is Lost or Corrupted control_mappings: - CCM: [] - ISO_27001: [] - NIST_800_53: [] + CCM: + - DSP-16 # Data Retention and Deletion + ISO_27001: + - 2022 A.8.1.4 # Handling of Assets + NIST_800_53: + - SC-28 # Protection of Information at Rest + - CP-10 # System Recovery and Reconstitution test_requirements: - id: CCC.ObjStor.C03.TR01 text: | @@ -155,9 +159,13 @@ controls: threats: - CCC.TH06 # Data is Lost or Corrupted control_mappings: - CCM: [] - ISO_27001: [] - NIST_800_53: [] + CCM: + - DSP-16 # Data Retention and Deletion + ISO_27001: + - 2022 A.8.1.4 # Handling of Assets + NIST_800_53: + - SC-28 # Protection of Information at Rest + - CP-10 # System Recovery and Reconstitution test_requirements: - id: CCC.ObjStor.C04.TR01 text: | @@ -191,9 +199,13 @@ controls: threats: - CCC.TH06 # Data is Lost or Corrupted control_mappings: - CCM: [] - ISO_27001: [] - NIST_800_53: [] + CCM: + - DSP-16 # Data Retention and Deletion + ISO_27001: + - 2022 A.8.1.4 # Handling of Assets + NIST_800_53: + - SC-28 # Protection of Information at Rest + - CP-10 # System Recovery and Reconstitution test_requirements: - id: CCC.ObjStor.C05.TR01 text: | @@ -246,9 +258,14 @@ controls: - CCC.TH07 # Logs are Tampered With or Deleted - CCC.TH09 # Logs or Monitoring Data are Read by Unauthorized Users control_mappings: - CCM: [] - ISO_27001: [] - NIST_800_53: [] + CCM: + - DSP-07 # Data Protection by Design and Default + - DSP-17 # Sensitive Data Protection + ISO_27001: + - 2022 A.8.15.0 # Logging + NIST_800_53: + - AU-9 # Protection of Audit Information + - SC-28 # Protection of Information at Rest test_requirements: - id: CCC.ObjStor.C06.TR01 text: | From 3b4e9eb3a2145dbef75936b01caf85d2231aa5da Mon Sep 17 00:00:00 2001 From: Gordon Campbell <62692513+gcampbell-sl@users.noreply.github.com> Date: Thu, 16 Jan 2025 16:53:37 +0000 Subject: [PATCH 46/53] change(feature): Adding additional common and specific features for MLDE (#626) --- services/ai-ml/mlde/features.yaml | 59 +++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/services/ai-ml/mlde/features.yaml b/services/ai-ml/mlde/features.yaml index 4180faeb..c9d9f441 100644 --- a/services/ai-ml/mlde/features.yaml +++ b/services/ai-ml/mlde/features.yaml @@ -4,6 +4,12 @@ common_features: - CCC.F08 # Multi-zone Deployment - CCC.F09 # Monitoring - CCC.F10 # Logging + - CCC.F14 # API Access + - CCC.F15 # Cost Management + - CCC.F16 # Budgeting + - CCC.F17 # Alerting + - CCC.F20 # Tagging + - CCC.F23 # Network Access Rules features: - id: CCC.MLDE.F01 @@ -40,3 +46,56 @@ features: Offers AutoML functionalities to automatically build, train, and optimize machine learning models with minimal manual intervention. + + - id: CCC.MLDE.F06 + title: GPU/Specialized Hardware Support + description: | + Provides access to GPU instances and specialized ML acceleration + hardware (TPUs, FPGAs) with automated driver and runtime management. + + - id: CCC.MLDE.F07 + title: Data Pipeline Integration + description: | + Supports integration with data preparation and feature engineering + pipelines, including versioning of datasets and features used in + ML experiments. + + - id: CCC.MLDE.F08 + title: Model Registry + description: | + Provides centralized storage and versioning for trained models, + including metadata about training runs, model artifacts, and + deployment history. + + - id: CCC.MLDE.F09 + title: Collaborative Development Support + description: | + Enables multiple data scientists to work on the same project with + version control integration, shared notebooks, and resource management. + + - id: CCC.MLDE.F10 + title: Model Monitoring and Drift Detection + description: | + Supports monitoring of deployed models for performance degradation, + data drift, and concept drift with automated alerting capabilities. + + - id: CCC.MLDE.F11 + title: Reproducibility Features + description: | + Provides capability to capture and version all components needed to + reproduce an ML experiment, including code, data, and environment + configurations. + + - id: CCC.MLDE.F12 + title: Resource Scheduling and Optimization + description: | + Supports scheduling and optimization of compute resources for + training jobs, including spot instance usage and auto-scaling + capabilities. + + - id: CCC.MLDE.F13 + title: Security and Compliance Controls + description: | + Provides specific controls for ML workflows including model + governance, bias detection, and compliance documentation for + regulated industries. From 54918b92c65aad20a5dbeb4a1520ec3c143ec919 Mon Sep 17 00:00:00 2001 From: Akin Akinbobola <34436754+avafolz@users.noreply.github.com> Date: Thu, 16 Jan 2025 21:07:32 +0000 Subject: [PATCH 47/53] add(docs): Add Akin to participants (#634) --- participants.md | 1 + 1 file changed, 1 insertion(+) diff --git a/participants.md b/participants.md index b5ddb9a2..7d26844f 100644 --- a/participants.md +++ b/participants.md @@ -39,6 +39,7 @@ Below is the list of participants in the {standard_name}, who have committed to - Kamran Kazmi, Google, SEP/20/2024 - Ian Walker-Smith, Citi, NOV/10/2024 - Gordon Campbell, Scott Logic, JAN/14/2025 +- Akin Akinbobola, LSEG, JAN/16/2025 ## How to enroll as a participant From 51cbed3ad4bb21798d6f1ac06ced7904d5c51386 Mon Sep 17 00:00:00 2001 From: Vlad Georgescu <35064126+vgeorgescu@users.noreply.github.com> Date: Fri, 17 Jan 2025 11:32:57 +0200 Subject: [PATCH 48/53] change(docs): Update participants with Vlad Georgescu - LSEG (#632) --- participants.md | 1 + 1 file changed, 1 insertion(+) diff --git a/participants.md b/participants.md index 7d26844f..34f56b14 100644 --- a/participants.md +++ b/participants.md @@ -40,6 +40,7 @@ Below is the list of participants in the {standard_name}, who have committed to - Ian Walker-Smith, Citi, NOV/10/2024 - Gordon Campbell, Scott Logic, JAN/14/2025 - Akin Akinbobola, LSEG, JAN/16/2025 +- Vlad Georgescu, LSEG, JAN/16/2025 ## How to enroll as a participant From 45791c7d9e9ad08a43ea5608459d1b75f4abd1bb Mon Sep 17 00:00:00 2001 From: Eddie Knight Date: Mon, 20 Jan 2025 06:50:34 -0600 Subject: [PATCH 49/53] change(docs): fixed ai category file name (#639) Signed-off-by: Eddie Knight --- services/ai-ml/{service-families.yaml => service-categories.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename services/ai-ml/{service-families.yaml => service-categories.yaml} (100%) diff --git a/services/ai-ml/service-families.yaml b/services/ai-ml/service-categories.yaml similarity index 100% rename from services/ai-ml/service-families.yaml rename to services/ai-ml/service-categories.yaml From 191f3f656bee9adffc59f9e83b4fe0dbc3345adc Mon Sep 17 00:00:00 2001 From: Steve Hoffman <53450347+shoffman-percona@users.noreply.github.com> Date: Mon, 20 Jan 2025 08:06:41 -0500 Subject: [PATCH 50/53] change(control): Typofixes and new tests for RDMS (#617) Co-authored-by: Eddie Knight Co-authored-by: Damien Burks <20100558+damienjburks@users.noreply.github.com> Co-authored-by: Michael Lysaght <31510876+mlysaght2017@users.noreply.github.com> --- services/database/relational/controls.md | 110 ------------------ .../relational/tests/ccc-rdms-c2.feature | 27 ++++- .../relational/tests/ccc-rdms-c8.feature | 18 +++ 3 files changed, 42 insertions(+), 113 deletions(-) delete mode 100644 services/database/relational/controls.md create mode 100644 services/database/relational/tests/ccc-rdms-c8.feature diff --git a/services/database/relational/controls.md b/services/database/relational/controls.md deleted file mode 100644 index 55f15416..00000000 --- a/services/database/relational/controls.md +++ /dev/null @@ -1,110 +0,0 @@ -# CCC.RDMS: Relational Database Management Systems Controls - -| Control Id | Service Taxonomy Id | Control | -| ----------- | ------------------- | --------------------------------------------- | -| CCC.RDMS.C1 | CCC-RDMS-9 | Enforce Role-Based Access Control | -| CCC.RDMS.C2 | CCC-RDMS-9 | Disable Access with Default Credentials | -| CCC.RDMS.C3 | CCC-RDMS-5 | Restrict Snapshot Collection To Trusted Roles | -| CCC.RDMS.C4 | CCC-RDMS-11 | Enforce Logging & Monitoring | - ---- - -## CCC.RDMS.C1: Enforce Role-Based Access Control - -- Corresponding Feature: CCC-RDMS-9 (Role Based Access Control) -- NIST CSF: Protect (PR.AC-1) -- MITRE ATT&CK TTP: [M1041 - Restrict User Privileges](https://attack.mitre.org/mitigations/M1041) - -### Objective - -Ensure only authorized roles can access database resources. - -### Control Mappings - -- CCM: IAM-02, IAM-12 -- ISO/IEC 27001:2013 A.9.1.2 -- NIST SP 800-53: AC-2 - -### Testing Requirements - -The following validations must be performed against corresponding Control Implementation capabilities to ensure the Control Objective is thoroughly assessed: - -1. [**CCC.RDMS.C1.TR01**](./tests/ccc-rdms-c1.feature#CCC.RDMS.C1.TR01): Role-based access control for database management system -2. [**CCC.RDMS.C1.TR02**](./tests/ccc-rdms-c1.feature#CCC.RDMS.C1.TR02): Restrict access to database resources based on role definitions -3. [**CCC.RDMS.C1.TR03**](./tests/ccc-rdms-c1.feature#CCC.RDMS.C1.TR03): Prevent unauthorized access to database resources - ---- - -## CCC.RDMS.C2: Disable Access with Default Credentials - -- Corresponding Feature: CCC-RDMS-9 (Role Based Access Control) -- NIST CSF: Protect (PR.AC-5) -- MITRE ATT&CK TTP: [M1041 - Restrict User Privileges](https://attack.mitre.org/mitigations/M1041) - -### Objective - -Ensure that default credentials are disabled and only authorized roles can access database resources. - -### Control Mappings - -- CCM: IAM-09, IAM-13 -- ISO/IEC 27001:2013 A.9.2.6 -- NIST SP 800-53: AC-17 - -### Testing Requirements - -The following validations must be performed against corresponding Control Implementation capabilities to ensure the Control Objective is thoroughly assessed: - -1. [**CCC.RDMS.C2.TR01**](./tests/ccc-rdms-c2.feature#CCC.RDMS.C2.TR01): Secure Database Access Control - ---- - -## CCC.RDMS.C3: Restrict Snapshot Collection To Trusted Roles - -- Corresponding Feature: CCC-RDMS-5 (Automated Backups) -- NIST CSF: Protect (PR.DS-3) -- MITRE ATT&CK TTP: [M1054 - Restrict Data Access](https://attack.mitre.org/mitigations/M1054) - -### Objective - -Limit snapshot collection capabilities to trusted roles. - -### Control Mappings - -- CCM: DSI-05, DSI-07 -- ISO/IEC 27001:2013 A.12.3.1 -- NIST SP 800-53: CP-9 - -### Testing Requirements - -The following validations must be performed against corresponding Control Implementation capabilities to ensure the Control Objective is thoroughly assessed: - -1. [**CCC.RDMS.C3.TR01**](./tests/ccc-rdms-c3.feature#CCC.RDMS.C3.TR01): Snapshot collection by trusted roles -2. [**CCC.RDMS.C3.TR02**](./tests/ccc-rdms-c3.feature#CCC.RDMS.C3.TR02): Restriction of snapshot collection capabilities -3. [**CCC.RDMS.C3.TR03**](./tests/ccc-rdms-c3.feature#CCC.RDMS.C3.TR03): Prevent unauthorized snapshot collection - ---- - -## CCC.RDMS.C4: Enforce Logging & Monitoring - -- Corresponding Feature: CCC-RDMS-11 (Monitoring) -- NIST CSF: Protect (PR.PT-1) -- MITRE ATT&CK TTP: [M1030 - Network Intrusion Detection](https://attack.mitre.org/mitigations/M1030) - -### Objective - -Ensure logging and monitoring cannot be disabled by users. - -### Control Mappings - -- CCM: STA-04, STA-05 -- ISO/IEC 27001:2013 A.12.4.1 -- NIST SP 800-53: AU-2, AU-3 - -### Testing Requirements - -The following validations must be performed against corresponding Control Implementation capabilities to ensure the Control Objective is thoroughly assessed: - -1. [**CCC.RDMS.C4.TR01**](./tests/ccc-rdms-c4.feature#CCC.RDMS.C5.TR01): Enable logging for database activities -2. [**CCC.RDMS.C4.TR02**](./tests/ccc-rdms-c4.feature#CCC.RDMS.C5.TR02): Active monitoring of database resources -3. [**CCC.RDMS.C4.TR03**](./tests/ccc-rdms-c4.feature#CCC.RDMS.C5.TR03): Restrict users from disabling logging and monitoring diff --git a/services/database/relational/tests/ccc-rdms-c2.feature b/services/database/relational/tests/ccc-rdms-c2.feature index faada5ea..888d25e5 100644 --- a/services/database/relational/tests/ccc-rdms-c2.feature +++ b/services/database/relational/tests/ccc-rdms-c2.feature @@ -5,20 +5,41 @@ Feature: Secure Database Access Control This feature verifies various security measures in the database management system, including disabling default credentials, ensuring only authorized roles have access, and denying access attempts using default credentials. """ -@CCC.RDMS.C2.TR02.T01 +@CCC.RDMS.C2.TR01.TE01 Scenario: Ensure that only authorized roles can access database resources Given a user with an authorized role When the user tries to access the database resources Then the user should be granted access to the database resources -@CCC.RDMS.C2.TR02.T02 +@CCC.RDMS.C2.TR01.TE02 Scenario: Ensure that unauthorized roles cannot access database resources Given a user with an unauthorized role When the user tries to access the database resources Then the user should be denied access to the database resources -@CCC.RDMS.C2.TR02.TR03 +@CCC.RDMS.C2.TR01.TE03 Scenario: Confirm that access attempts using default credentials are denied Given the database management system has default credentials When an access attempt is made using default credentials Then the access attempt should be denied + + +@CCC.RDMS.C2.TR02 +Feature: Secure Database Access Control with Local users + +""" +This feature targets database configurations where a local user is defined and granted permissions to interact with the database system. +""" + +@CCC.RDMS.C2.TR02.TE01 +Scenario: Ensure that only authorized local accounts exist in the database and are restricted to accessing the data they need + Given a local database with user accounts that may be used for application access + When auditing local accounts + Then only expected local accounts exist in the database + And each account is properly scoped to the expected permissions + +@CCC.RDMS.C2.TR02.TE02 +Scenario: Ensure that authorized accounts only have the minimum neccessary permissions to perform their task + Given a local database with user accounts + When auditing local account permissions + Then the permissions are the minimum needed to local account to perform necessary operations diff --git a/services/database/relational/tests/ccc-rdms-c8.feature b/services/database/relational/tests/ccc-rdms-c8.feature new file mode 100644 index 00000000..a64f53cb --- /dev/null +++ b/services/database/relational/tests/ccc-rdms-c8.feature @@ -0,0 +1,18 @@ +@CCC.RDMS.C8.TR01 +Feature: Data encryption in transit + +""" +This reature ensures that end-to-end encryption of data in transit is leveraged and enforced +""" + +@CCC.RDMS.C8.TR01.TE01 +Scenario: Verify that databases are enforcing encrypted connections + Given an application attempting to connect to a database and the database is configured with some form of "require secure transport" + When the connection attempt is made without using encryption + Then the connection should be refused + +@CCC.RDMS.C8.TR01.TE02 +Scenario: Verify all connections to the database are established using secure connectionss + Given a user connection has been established to the database + When an admin follows vendor specific steps to audit connection details + Then there should be no connections observed using insecure connections From fa207db0511625ce07a4d4d21486bfd40a24af0d Mon Sep 17 00:00:00 2001 From: Dave Ogle Date: Mon, 20 Jan 2025 13:34:56 +0000 Subject: [PATCH 51/53] Update relational database controls from markdown to yaml (#540) Co-authored-by: Michael Lysaght <31510876+mlysaght2017@users.noreply.github.com> Co-authored-by: Eddie Knight Co-authored-by: mlysaght --- services/database/relational/controls.yaml | 69 ++++++++++++++++++++-- services/database/relational/features.yaml | 12 ++-- services/database/relational/threats.yaml | 26 +++++--- 3 files changed, 88 insertions(+), 19 deletions(-) diff --git a/services/database/relational/controls.yaml b/services/database/relational/controls.yaml index a1a4fd92..408986eb 100644 --- a/services/database/relational/controls.yaml +++ b/services/database/relational/controls.yaml @@ -7,16 +7,17 @@ common_controls: - CCC.C06 # Prevent deployment in restricted regions - CCC.C07 # Alert on non-human enumeration - CCC.C09 # Prevent tampering, deletion, or unauthorized access to access logs - - CCC.C10 # Prevent data replication to destinations outside of defined trust perimeter + - CCC.C10 # Prevent data replication to destinations outside of perimeter controls: - id: CCC.RDMS.C01 - title: backup database to alternative trust-zone + title: Backup Database to Alternative Trust-Zone objective: | - Ensure that databases are backed up and the backup is outside of the applications trust-zone + Ensure that databases are backed up and the backup is outside of the + applications trust-zone control_family: Data threats: - - CCC.RDMS.TH14 # DB backup is uninentionally restored + - CCC.RDMS.TH14 # DB backup is unintentionally restored nist_csf: PR.DS-11 control_mappings: NIST_800_53: @@ -24,8 +25,64 @@ controls: test_requirements: - id: CCC.RDMS.C01.TR01 text: | - From the same trust-zone as the database attempt to access the database backup and ensure that access is - denied + From the same trust-zone as the database attempt to access + the database backup and ensure that access is denied + tlp_levels: + - tlp_red + - tlp_amber + + - id: CCC.RDMS.C02 + title: Disable Access with Default Credentials + objective: | + Ensure that default credentials are disabled and only authorized + roles can access database resources. + control_family: Data + nist_csf: PR.AC-5 + threats: + - CCC.RDMS.TH01 # Unauthorized access to database + control_mappings: + CCM: + - IAM-09 + - IAM-13 + ISO_27001: + - 2013 A.9.2.6 + NIST_800_53: + - AC-17 + test_requirements: + - id: CCC.RDMS.C02.TR01 + text: Secure Database Access Control + tlp_levels: + - tlp_red + - tlp_amber + + - id: CCC.RDMS.C03 + title: Restrict Snapshot Collection To Trusted Roles + objective: Limit snapshot collection capabilities to trusted roles. + control_family: Data + nist_csf: PR.DS-3 + threats: + - CCC.RDMS.TH02 # Unauthorized cross organization snapshot collection + control_mappings: + CCM: + - DSI-05 + - DSI-07 + ISO_27001: + - 2013 A.12.3.1 + NIST_800_53: + - CP-09 + test_requirements: + - id: CCC.RDMS.C3.TR01 + text: Snapshot collection by trusted roles + tlp_levels: + - tlp_red + - tlp_amber + - id: CCC.RDMS.C03.TR02 + text: Restriction of snapshot collection capabilities + tlp_levels: + - tlp_red + - tlp_amber + - id: CCC.RDMS.C03.TR03 + text: Prevent unauthorized snapshot collection tlp_levels: - tlp_red - tlp_amber diff --git a/services/database/relational/features.yaml b/services/database/relational/features.yaml index ab79548a..435e402e 100644 --- a/services/database/relational/features.yaml +++ b/services/database/relational/features.yaml @@ -39,11 +39,13 @@ features: - id: CCC.RDMS.F06 title: DB Managed Credentials description: | - Ability to managed the database credentials using the cloud provider's secret management service. + Ability to managed the database credentials using the cloud + provider's secret management service. - id: CCC.RDMS.F07 title: DB Self Managed Credentials description: | - Ability to manage the database credentials by client managed username and passwords. + Ability to manage the database credentials by client managed + username and passwords. - id: CCC.RDMS.F08 title: Support for IPv4 description: | @@ -71,7 +73,8 @@ features: - id: CCC.RDMS.F14 title: Dedicated Database Instances description: | - Option to deploy the database on a dedicated instance for isolation requirements. + Option to deploy the database on a dedicated instance for + isolation requirements. - id: CCC.RDMS.F15 title: Horizontal Scaling description: | @@ -79,4 +82,5 @@ features: - id: CCC.RDMS.F16 title: Failover description: | - Standby database can be implemented for failover when the primary can't be reached. + Standby database can be implemented for failover when the + primary can't be reached. diff --git a/services/database/relational/threats.yaml b/services/database/relational/threats.yaml index c02d6d9a..46813266 100644 --- a/services/database/relational/threats.yaml +++ b/services/database/relational/threats.yaml @@ -15,8 +15,9 @@ threats: - id: CCC.RDMS.TH01 title: Unauthorized access to database description: | - A threat actor gains unauthorized access to the cloud relational database by - using a compromised role or using default administrative credentials. + A threat actor gains unauthorized access to the cloud relational + database by using a compromised role or using default + administrative credentials. features: - CCC.RDMS.F01 # SQL Support - CCC.F06 # Identity Based Access Control @@ -27,8 +28,9 @@ threats: - id: CCC.RDMS.TH02 title: Unauthorized cross organization snapshot collection description: | - A threat actor initiates a snapshot collection activity using a privileged role - and copies the snapshot outside of the organization, which allows for data exfiltration and theft. + A threat actor initiates a snapshot collection activity using + a privileged role and copies the snapshot outside of the + organization, which allows for data exfiltration and theft. features: - CCC.F11 # Backup - CCC.F12 # Recovery @@ -40,8 +42,9 @@ threats: - id: CCC.RDMS.TH03 title: Disabled logging & monitoring description: | - A threat actor disables the logging and monitoring of the relational database, - which allows evasion and removes traces of malicious actions. + A threat actor disables the logging and monitoring of the + relational database, which allows evasion and removes + traces of malicious actions. features: - CCC.F10 # Logging - CCC.F09 # Monitoring @@ -51,7 +54,9 @@ threats: - id: CCC.RDMS.TH04 title: Unauthorized configuration modification - description: A threat actor attempts to make changes to the configuration of the cloud RDMS with a malicious role. + description: | + A threat actor attempts to make changes to the + configuration of the cloud RDMS with a malicious role. features: - CCC.RDMS.F01 # SQL Support - CCC.F06 # Identity Based Access Control @@ -94,7 +99,9 @@ threats: - id: CCC.RDMS.TH14 title: DB backup is uninentionally restored - description: A threat actor restores a database backup thereby destroying data. + description: | + A threat actor restores a database backup thereby + destroying data. features: - CCC.F11 mitre_technique: @@ -114,7 +121,8 @@ threats: - id: CCC.RDMS.TH16 title: Database backups stopped description: | - Threat actor stops database backups from occuring to inhibit system recovery. + Threat actor stops database backups from occuring to inhibit + system recovery. features: - CCC.F11 mitre_technique: From 34bb1c8dace48b06f620ca244d88e60cba0a8dd4 Mon Sep 17 00:00:00 2001 From: kazmik23 Date: Mon, 20 Jan 2025 07:36:26 -0600 Subject: [PATCH 52/53] Create threats.yaml for SecMgmt (#510) Co-authored-by: Eddie Knight Co-authored-by: Michael Lysaght <31510876+mlysaght2017@users.noreply.github.com> --- services/crypto/SecMgmt/threats.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 services/crypto/SecMgmt/threats.yaml diff --git a/services/crypto/SecMgmt/threats.yaml b/services/crypto/SecMgmt/threats.yaml new file mode 100644 index 00000000..446570c4 --- /dev/null +++ b/services/crypto/SecMgmt/threats.yaml @@ -0,0 +1,14 @@ +common_threats: + - CCC.TH01 # Access control is misconfigured + - CCC.TH03 # Deployment region network is untrusted + - CCC.TH04 # Data is replicated to untrusted or external locations + - CCC.TH05 # Data is corrupted during replication + - CCC.TH06 # Data is lost or corrupted + - CCC.TH07 # Logs are Tampered With or Deleted + - CCC.TH09 # Logs or Monitoring Data are Read by Unauthorized Users + - CCC.TH11 # Event Notifications are Incorrectly Triggered + - CCC.TH13 # Resource Tags Are Manipulated + - CCC.TH14 # Older Resource Versions Are Exploited + - CCC.TH15 # Automated Enumeration and Reconnaissance by Non-Human Entities + - CCC.TH16 # Non-compliance with encryption key management policies + From 2dbaa2f31b40ce48c8934c87944ced85d5617b25 Mon Sep 17 00:00:00 2001 From: kazmik23 Date: Mon, 20 Jan 2025 07:48:39 -0600 Subject: [PATCH 53/53] Create controls.yaml for secMgmt (#508) Co-authored-by: Eddie Knight Co-authored-by: Michael Lysaght <31510876+mlysaght2017@users.noreply.github.com> --- services/crypto/secMgmt.yaml | 56 ++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 services/crypto/secMgmt.yaml diff --git a/services/crypto/secMgmt.yaml b/services/crypto/secMgmt.yaml new file mode 100644 index 00000000..05669761 --- /dev/null +++ b/services/crypto/secMgmt.yaml @@ -0,0 +1,56 @@ +common_controls: + - CCC.C01 # Prevent unencrypted requests + - CCC.C02 # Ensure data encryption at rest for all stored data + - CCC.C03 # Implement multi-factor authentication (MFA) for access + - CCC.C04 # Log all access and changes + - CCC.C05 # Prevent access from untrusted entities + - CCC.C06 # Prevent deployment in restricted regions + - CCC.C07 # Alert on non-human enumeration + - CCC.C09 # Prevent tampering, deletion, or unauthorized access to access logs + - CCC.C10 # Prevent data replication to destinations outside of defined trust perimeter + +controls: + - id: CCC.SecMgmt.C01 + title: Enforce Automatic Secret Rotation + objective: | + Ensure that secrets are automatically rotated on a defined schedule to + reduce the risk of secret compromise and unauthorized access. + control_family: Data Protection + threats: + - CCC.TH01 # Access control is misconfigured + - CCC.TH14 # Older Resource Versions Are Exploited + nist_csf: PR.DS-6 # Integrity checking mechanisms are used + control_mappings: + NIST_800_53: + - SC-12 # Cryptographic Key Establishment and Management + - SC-28 # Protection of Information at Rest + test_requirements: + - id: CCC.SecMgmt.C01.TR01 + text: | + Attempt to use an outdated version of a secret after its rotation period + has passed and verify that access is denied. + tlp_levels: + - tlp_red + - tlp_amber + + - id: CCC.SecMgmt.C02 + title: Enforce Secret Replication Policies + objective: | + Ensure that secrets are replicated only to authorized locations as per + organizational data residency and compliance requirements. + control_family: Data Protection + threats: + - CCC.TH03 # Deployment region network is untrusted + - CCC.TH04 # Data is replicated to untrusted or external locations + nist_csf: PR.DS-5 # Protections against data leaks are implemented + control_mappings: + NIST_800_53: + - AC-3 # Access Enforcement + - SC-7 # Boundary Protection + test_requirements: + - id: CCC.SecMgmt.C02.TR01 + text: | + Attempt to retrieve a secret from an unauthorized region and verify that access is denied. + tlp_levels: + - tlp_red + - tlp_amber