From a4782a0a7698875daac6bbb099c3caf7a87a5df3 Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 11:38:24 -0400 Subject: [PATCH 01/28] Add files via upload --- .../Diagram It - IoT.pdf | Bin 0 -> 1266282 bytes .../IoT - Wearable Device.xml | 25945 ++++++++++++++++ 2 files changed, 25945 insertions(+) create mode 100644 Templates/Diagram_It_Webinar_Series/Diagram It - IoT.pdf create mode 100644 Templates/Diagram_It_Webinar_Series/IoT - Wearable Device.xml diff --git a/Templates/Diagram_It_Webinar_Series/Diagram It - IoT.pdf b/Templates/Diagram_It_Webinar_Series/Diagram It - IoT.pdf new file mode 100644 index 0000000000000000000000000000000000000000..0ed63616a8b6a84b988f5b064beb2498923179e2 GIT binary patch literal 1266282 zcmeFa1z22LmNr}jf=fuS!V@64Tj3TwxD@X0?oMzo0we@U(BQ${9fDhMcXx-sxZOQ{ zr>Ezeo`0TaX1=d))pJTt?Q_oFyLK&k*Sl6x$iEY#XJ%kSrXXEe9U4PsMP@>_HLyVD zEZs`hcGwnNeQf)cC!=fw9$Zdl+S%tsRjyp~pTQ zr-aP-4*KYX%>2|;`?vOT&Q4b5Hqhf)pp6v&bi5<9!P6UPBV!w*r>nC4?&=~A#`;dS z4#-pwj{tFiE%a^*umTuUL;Gd!WM%x@{&xU#fIf7;1N6}vKnjoqI6)uje|u#MP^SLf zso8&b>OT$aX$VgpaWJ-d>gsRZk})R`)w>t$eb)p$ZSmP&@nKI*xEQj8#*F$ z{Hdj)v7@cCgCTT8oPXLOWMg9s{g~@d@5CK!o$dZI8_Ev)HjZ{r7cz8*p6O|Rj9ttP zjTOa(pL+P$@jspWFS9RZZsla`fXpanrSD|?&e+h_2-@5C#x|x-X2_u5E&@Hy(Frr_1bc^FLTDEdc!Cp`6TX!sYG`bX_qp7 zR7M^a&$XIiZp@M4-9uj0KB5T&&kNJy(#g>SH|buyDE5oR`1f{?;CH#tu$P9I{eMkN{=H;vQF(y$k%q2e@3T8<~sayf$n=W)9WYt`CvxAS+e&QuR`t`}!ys;bUKa zm3>uwRjI~E7`5AZ+1V}XOG>C~mUq=~<)7x`QLQ@1$YF+1axmf+L++coSPy%whC0>3 z*&Z>2ydY(_)>4bZh}Ln$W%&q5KSZ<77yZbqY#gZ6TmM4d5x!D>LI_JoV@jTE>h^^}yV2~r6N znon^jc-uxktNyrp1fB8+O}nt*r!zNr?XGohzYmB<%UU^0mySJB(dUru)U%!RUeDfl z4kU6)eTf*o^)v$yWO8X01z*;2Uwy&poo2NXrsY$U8U?m%Y-%6nO!mF_cxk^=W(%Lk zHlE1H$;q8llXE-4$(`NrQZL(=xgg%SAh_jWS#|u$9Vq`IXN!T0z$q12uwHP&j>3L3 zrcl{5!Q4X)dF4B2?-4?$#u&4;_pZWRO<-k=L5PE3X`5-s^UmpY?p%kuWZ%NtR@iYqin3%?WxNKqzWI+h0 zlV|uJV{V-Y&=hSCEt7=-7QN;uU&AD=DJQDF|Em0ccZab=df)scqW>&y{w%DYgwT_) zVrFJx{fhv9l73J7G@&B%&&`;bekasKgpipTn2;F_^?!T*tK?&T62N~EeSeY9PEY}8 z^CY5wd-2;|7Gy>leJ2O=Ckf5M#K6qL#=-d{HJOm^`}lT{Z1G&|6Ug=IU6|rrVb^oe^VQhP;KB~XZs|Zk)0fzp`saV zZUmLgEKF=5WJU>Nb5k>@Qeoj_e$pIPwhl^m`i9U(f0g@;!sbqn^2QD#w$^sGHcu)D zdYqDszM~~F%b%6eUo^lw5#_&;|15vfqJLEYkG~$5057D(B*g$Q&j0`z=pFDl3lIUo z!##(84hIka93BAy9ufHkGBOepG8Q@p>I+;fJUm=192|Ti3KDz*GC~|2QaVzyx0KX0 z)Ibt?CVDC+3My)u ziAzXIDJiR{g4NVD42_IUOwG(K9G#q9T;1F~0zU)=hlGZOL*hRsBqn|OoSc!Fm7SCO zJuknkyrQzIx~8_St-YhOtGlPSZ***YVsh%&^vv?g>e~9o=GOMk@yY4g`Niec_07|` zV4&mt%k57C`H zibTe$c!X`>FoKLj&bCZ({4})RM)r>lEa3mw$o^$ue;wBh02LMn`sKl50t5ipis4jW zpZ&4@6U@QX@Eu>CrRKsQsz!G_{dlesGfY%x%5e*6EQ|dh?e|;pAg?$542hc^_#F;R zl37ZGFIYCwabxGjg%@34Cqq9vX3XC;nPPicnfFhR$vW=Uc{FC8UcWVV zb8Q9BqzG7#YdaN@GHf)|!3gybxa5(>x}p*z=twTj5mSyea9K<)yzqaRYayShY>PSp zbi~G`1Sy@IZxV?KvJY5lEMynWAysPj+GzW183yS9c$Do}{Zr8G)hB$_g6NrchOW~d z0St@uUOyjll`xALz`A`+BccK)Pu2XHPRX|+U2JLeqzaG5#QhtJ0xlW;zDZ*6@}0wd*bI`qZZJnj_VUJ>%m291mmIO=Xr3*vD+k`4NDlyE80l zjGJVfWjjw4RYoHg$OTw>Hh1FK<=(PNc#Z|;lPb@@&N&$DW1}99pM15Z zPmH)Zwk6ednCzHF$c>IYKP-;!InuQ4lS6e(yXt8rdsD@*=f$;*lStdmz0io!XMK@S z6(Cd{a&W~H%uV=0IC+y-e1%B518m8k$AAABvn$g=3~3O{M=K@XA7Zbq)0c{|%G1<; z?wfIkjvZPMuDiFJ$hgn`2*~O#DJVNJIdMypI$G0_3$jx6T&mYpX?R}?($gS+faxLQ ztI_kAqWrEix5HVkz4-oAt8X@SHcw#K1@@O3YRl>u-^VW7fioOuEV&5n9QrAX89v_{D;S?1*0Ot;CK z$sY5%Li2pH1%(eYGC`!yS|9>{1iW4UF+4aI#iHPBx3Rh;$x7e5q}<}d(_=g@V^7(9 zSw6kg<`Zj%yVQ)EOD1+1sY{i5%T%!q&Cjz}SyoF%DKNvR@hwX#+y@MI^f|kOr*6cD zL(W3vb4{rnc4OWk8V9sN*sd@Cq^`vB?4u_bj6u@jouIoi}Tb zU8hCkVoDXdn-{QOXq4+R_UGzIF>nu z3vy^6Mc5L6CwVWvbuyXl&1#nhWcp=2r0rK2gVF7;b7YoGgt%V`>=Z*0g%zw6B>{zR zs$ti-KkjbGFHFf2plOvCxn|uV+e7nE)T`M^E z4LIjg>R4&sp7YTfI#syS{WiL*!E<_mTHltQ}g2yAeS^e|fflDtY)lm|{_3^A?S8uYl*aNZxNn=ZmX z^Bwh;EdU=G4>YCSq{Xyw!PPa$ zU^_qnhP+S@+3pwU|MuY0}n1^R}PO68YcZ_*vNT^emSd)&cz4g`J$C3$X zt-Hg=u}~}6Ke?^g;^VrkR=KLFHO+7lHn+`g57aXX6#T>W|9{o>ug%`Bt}B|EHJ==v z8}tokAA}d|wcPR{9`mNJD#P>ZS{Za( zdLaP>ZDNmbgnV_=#=6Qdw>`J^k5003DKsk3lOz>5I3tY_LtqancFR@>(2KG=w&2_AX8=34*vL?H4f|8 z-b6KCft5@k7Ou%vzNw-0_A09{)`9!%j0^1fNF0wx0b9VTW5fC}Y+@up-xt^gL`@-z)%CrqB=9FPaXT8I#3y zwVn9pG}a$3r+xX;dE7bdv6ME#CEmK_h(#+K6h|{DMo!|mklN%P^ zjGm!52e!G?A5OuXduBcV70~i&c#V|w-p)=;%rYO(1dFgi6_BC}Ha zD(ZP({kgBeh~~ySJDridm2@6${=PG9-7od~dKuxgv1iZzPw|)HOlw< z5K5YMG6Xos;pE_O^NNEHqZU6843EWltZC%Y+ zi&wAP3@ov-ex)!*a;qdB2N&l4%n6Tc;WLGOAjFNRhZo%d3OCs*jxeCksH{~DF1k_o zHN&Cxxq*7S#DT@lg#QV_<85X{cnmpOa^en{ltgkc-wGOv{4k@&tYWoUkHJepj3g?&b%L5T&&boj zPE#ceD)BVNWWK50*$r!PTztrdqgMIeBS1FF!)woYL==0_IS5NZ@cAFx|GjhY??F2z zX@sM^>;ywA{XNCDi7ZMIRSs&UDE{OTm&`Tkb}T5~V~upYJGm4Yn$=|w_4Kk_~HPgQ06UFmDQLA7&ICMb5auML;kPW%e}wHdEW zKF(|PDV$-nl$R{;Lg>dRbC2Q%|N){>yv+YJ-c4XlvVvISLb@MzW{SLZ2Lion_B5IXXpyQZ}iOQBzhsg8ZMvU^KfVq6k;x2aE!+MSU3%Syt2jQgH26ynoLoAA^(Sois#ys_h;umzXB8qI?X} z^}m&H@qKybDRApCG?3zr{ma4!O})sd`6&BjmqV)Ei8=4~ygmltNFT)*0W>NY1Z#Ytgh)%DEa^A19_0JkE}eE)ulk2B!4&m)b4zoL6=$M+&71 zGMez+{mE#)Bk2k9LReTpyepS?k^r-wemA5u|<>nK`N(7oD9&9$^sO^MKzy;c< z33l3fjs4AU0C&<3z^UbXOxv8?dT+zW`_6T6ny;1g6n|GC1rYe$qVWtu6 z?=d-(P%q~C0s`==73`*(?yA z76}BqE_dumy9rZH8F7^>j|*-ZLo=nU0x8Rcz02n8>TALjW=Y9#S?{=I555KNh^O9~=}UVcLy#IZomXt!T!W4dtb@Y`V82 z0oMv@htgpr0eb|6x{J{fhuC|y|E}p~Zo$TRx&8=%l$_o*Oh+B#r8c{wKLX4jENG{6 z$wi*<`>j8$lK;(?nbLB&*+74Ta7-GLihx}Ia2Jx}6qRZyuG+}q=b^O6hXY6xN z%etyw5B2LrX9C((jtfhkEe(QCnwFW)2shD7(TE!bV9o5S=D{$lJFw+_r5;E%p_G?P zPc19mZF4xy4qkAnX|*-V*Jvgrh+#^(5~Xp!7sV04(*%}Xv+fe7^FVc!KkCbE6gqWx z)@5ia*oe#M;$}?3s`Yy4zdk$jeLKh>PE{<@@L!`T6mCy~xfAv{T$n1RSUJW;cjV59 zdU;_6*iuqsvnjCFDUHG>^1hjYXXZwWK3c8|f7?t0BN0;HZx{|c^Vc8%R_e&Un)BnL zFox%9&W`5VB$!juNIgR>Mx5c=V*M4+{-*3se5HQgfTAK8RB=zw^0IH-D&~2$SBqUY zXg@O2kHxa&msoV=LUUjB^~K#?G)9peW)8Ob-HyW=OEha{&ev8e zB-$Lt*iu4vf9>6`K@ShVMNR}-dAD!A%X~Efo5B+s8*UQ`PW7X)eV+|{UH!1HfV_}r zk?}3WwsOJhq@O8*X1Ejr$-cEJa={UIRV30ae$X4OXi6%zRMB*Mdpz#@A1qHDB;McxF}I;Ti_fMv{dC#22-~9 zjc4<(eexdxWNxdCDG9uaYqq8rx|!Qsd$(FETTru>?;llmf3*AWW}{W}GA~;zbtDn6 zT`?mL?uH4eee?s-2M&?>#}9fqYNy{RJ_0Z{9syr3ss!dSTlyXW(cP=}InZZB_Gxhh znz)O2uOA1G0MYtuVjnW*AnIFu%e35+l8L=06ULwh7~lL>;%|A}<}+f8>^TX3CNU7H z==SI${{X}Ri}|a5iKB@?H8-3^7Reayn`I=%lcg6JnDLC4cZcJDkB8!HprDBy_$SitRkKKR8OZ9Q@T z?I(RLktfLx&kHxQK$Y(~Uu3rw!y)#NI#XAK&~1} zS*CEPOV8IL(=pwIZ^bJ)kNV-iWhJ)h%+xsDcA&MFuBLr`2`^b}QOPS%yo3LIXKuS1 z4Ty@;C3&(A%gcR9m~NlOompFM!9dk;xE-GNSE z(?IYWJrE5hTy`xMEr*6d}F?ybdUs-BlZlByT0vC{LEg0ch zoqn*3QvS8U!{t`pgN`ZodxH(9Ee3b`Dbbx94~x67v*u?6ny>TSx>j##rFyh8KhJ+M z7L-TlNzwZ;<3{ujcY))UqM=IXWod+XxmSTyGhat0ebk_XI9j)2Zl*ykZT;s%24c_J z^)%P6Z3>5{m|@i0m5>Hn26{NhvZ#d#wDeLgZLv!Wa}}kNX2v z{s%#de-zC4FSp~z%Su-M*D=~NIg~rrw2kSK25DCFDzo~#hVQXCbBP9Sf}kCwr8V@* zk&w2Dj(%v!cdg0vEhCW#0ZOS76)iMRuAL0Q6;o?O; zv*u~3d+TqA_6UeNoFJNdGoa>&Axc1uqtLR6ABr|hR-_}ScVx4qo6Gb5 z_yy~6&O-Q%lhY34C+$z?e~;z>wp7z1x#vxPkZK+};r-QMV^C6r?|aRoduzMloW^kF z@0>rIDj*SY%PEOya1u|D_5KJQp^phL)0Fj6)D9W~#y-Yoe!2PmUc_snl z(8M`(!IpAA`&$gTjvk}awazB(#`veb?$(Ksq$y|>E z!cruh>UJ^?)-7?KzE1s_hC6yEiZw-yRGU!zYBOHCuB|6rEwUg!0HME27D2W5SxtYv z`Q8CBN)1JTQ`gqIa3Ko|3kDxzjtE`sdq~?p;rG_K;iWvn01QLz)R@TSakkZ*tFDoA zD!?q-j5RLKDoLBfbr?+p1Vig!TbuKnuCIgcHSIlkr6I1M}Whg z4Xl~(CNdaS!b|N8wN<%{!|Zvv46xXI-8RQzQeOGdLW(^qOeJS5@6t1OoQFG!wST&vlvpF(*BzqAKlVnY1E6ebZ|{nw+j1mJ;ANjK4>J$CbH7Q|{Jx{xDAPAf#%n zqxGz2p=DVJF2(32y3i1IB@~(5sgN!hflBwBO?EF8Zk))F_(CAc~uQNUPj(US)E`2t6&C4Abu`)oYVtEMMI^QkQ^IDEw zxTD=1=>ZoZdWvcCI<2W<6dE;y>HPkQZozHbV4eXp z_mo%MgYx-x|5?n!fG_4%h~hE!%uv4EhE-2AJAopTtR2F7Z!ZW)i5(}3-OtsRm6CHX zJumx_T2wf>O#1~Cccb_NW&hvm%c@R=c(E3^1kS*9K*b@b0GIah^j{F+Y99T=Sc6)n*N zQb=*yjIJREfB(VuqaYnf@0(zIy65Kbb9dEv@8oKG($*HT^9U$#<_>8(Drr~X#j#|c zEItm3wV5ZQ?x%8DR&c;2MZF&jY%O6q7LRb&eOVSIW~}LC-D~@DKT4K4ZSBuwvzCn7 zW3CUo;?u1T?Pd3#scyVEiNroLnVa7q#unFSZ=kvv472keEmxegMyX4wdd*bs4Nddz z->duLAG^t%;jX@I8YQOr*2*%n6G-UTh{RT2o3UI9L$K@5YQkwf)WXKJ>buLK)MSm6 z%A=3F{NCAj{o;=Rw6%kVD5%-yrg7W82kEa`mHpg2a`=X{n~IF|NEV4GMvKr0b@I85 zn_(w+Ztwx;_NmFM)X5Xb2s0@(;ynZ#7udyZuTAKo8^WvC|2EzcJ+Oew&gr^rq;EaA zEv5xXANAEV8W)z*R$sQMf++o@d1UXNC_QiRSjDc+AYt{c*LPcC-lL#I#4n@5x#$%% zXa~n#lmZRfIsNEs2Ba2(Ks|#Pz`~uij}!>~6eg~1Sr($Q=-W?Wa^=K-OE=Yq_g|*h z)c7zbggpC;Cdslt=VTd~)98RtkVdElbQoUew5j^Ex>O33z7cysB;8Z)ojn9T7+K=6 z+rF54o0P%Bc&Pi?7y*R&6>e=cj|hDU5xaz=e0dS^Th-Bd7XDxcQ2QLE12wMa6GF|tsZ`ytttxHY4DRpx=EL;?69<>J69;YKRE5!g|7nZ)zuU3Jc8zQqG^gN@fN`QU@Uqfs7K>6|1}jt6qS-%IB}M0VGKSr4)I6Lp>P zC<*ofn4{lws)o-0;4mLH1M2js@hVn~sqEmFaP_=PIzQ#5GjT_h z`=yUtk@vLvl5{&W5!!T-M_H=*DdLP)1&qR=O4$1nZ_Vha!H$b8ymCb#bVfDI%!-#D z?v*sKg_?NQ?ZL1fU}%41=W0rs4R!e<8Z7hOAj0ti(}nKOCUIU%%*Qp~cIY{dMf!0S z>s01_R%-8_*2}a#|EwE#TNOsyQ zUl~JyifYx)PO}f^XtPy^N+|S}~co zj3bvPEBX zOPnQ6Om_4SP3C#V9<1w_Rv(!CLH9wJ;^qPx>E!zAB;6|#KCftm$OPB^Ag#p(Unn48 zo0w)c&cRQ3_`@}pIWu(6pHKe|&Ft6gY&>l~h(FhnCWB~|8MZ_b~cX)-1@&OUL+ zqKE&GbN`F^k^d^|tJ&>)TM1m$Pd8v|mmK@<1NxPzagKHE6mR`*YyG9jhQGKCVn3m2 z3E|li{z2>dd8zH3s`d@BiT;=6A1Ig6CwtY80RL0ov9<@4NnWuS`V`6MKeYS#2G_*7 zy0H9Qi7{m1xw?VpM2u|@1V`)vJNQ3KW$a@7oq3Ix!=4L^u?8@wL{=-sf^c|kSEYTC zgs>A5A|&mUv!o2ozC{T~zOWC5r9COBA;&+uH&kt!w3S)Nb+~+$fKvMd0Q&>hkNb#E zuE;}$7?;kgRO=kx7dGZ?W|Z8>$L^ZwvY`&jtk9<9m`@~g!G-?ck= zshElT!&;gUrJoQH?Vt%nGTYt61p+qsx#yskCP`VFqoBi2h7EqjU{Th*=8cX4EAkv& z3bT6SUJdHQ{1>P~IwO^q`#5LX+esLeDIGy1hMm&-3jC~z1I~@3OA+PT=)uLQA>%Bo3GhSJr)S6ltcT8EB}Fw-Y*H$ zIKx29jsP|d0|6mM))Kj@fp0}dMA#f>Vp3CGB~eqd)y)W%$@Q(r5!Y@Pw-H#gM7Akm z0%~ubYYHT!=WTYQfKeXyX}hm=x9O)c>&}?XO5Rl*L5ba(?j;SpkZsp5vp*|71NX}l zZXrQ!M~>C;@qPf{_rt-@O9Y+4lLO~6rZ$Hai!CGVNa%Kkk&&g>K1Wt|h`ez!OBC4q zl;q#;=I?PXPqrsJ3P)cim3`36yQ|ln*tcbyztQR+_Il;%o711a;RgpS<~AWnKHZn@ik@Yb^gvx za1rO{yahRj*3Ta$);`crnQdkIw?H#L@O9Orpn2a5w!TTWiA~15sHGTRaITXiN`gEd z0h~i}Z!G_e{AK?c`TKcPy(CsQ(}vwV3=#Dij$x!%CU$dvq9>gzY~IV907<1 zJWKtAabvqdP_9Ub`p&J$P?Mb6Dbbh0fAQ; z+Wa&B6x3pu5jt|?!(JxC)8g4~;S=oEK*4v>g1kKlWK{DGurFBLmY!u~H5^&& z;Djg~1r1#!d=ebh-*8u+Ddr# z_D3{r8V&Xoiza`;=8Zth4)oLbydbZlgX)NLZIa~cIitU4jzu?TyM3kOrwy_y5l*cu z%JM2j1ibu;V7L0cTaP0$x#t)o=&&Nl^3%n_wrFVh!>^FA7E+^F*|GRY;w3*>RwX60 z%v8z&l1`7}w0idhY2YD^$`twH+&zh|%w6Pv(GE$+vSrJ|q8gRh!&VTJel-j;H>GX7 zEG@$iWR+s@(Z2Vjjfp8CqcO4=xG}~JAeK^(BY=3?$slbEq{FrTv(R=4Y zTJ`?r_(nw|2Q(#3)0%rm^YhSAS8YoVkn$^#EWV|<$r}M0r8m)iInR-sPqSuzVN_@t z`)iRBfyC)JfOW(_pF1gXGkigYryUcz9JgQh)3nK@zLmI66P6qziV>+MM_w!N@nB;M z*i3S*?sdMt@8&G;FsS@~pYl`=peZfx5zrDH(b2>(Uiq_S=t7&>N3Brr+VCA-TZ*9z zM|2~GAh*gsZC4CM?uBjmS8G#g3W=BeZ$pCz*L|{<;sU(k1$%hCv6DL|l^i$fJr_;a zt&7$yPVRVe@~FrYCr5JU`3^U0XXTb=wZXDA<6a~_wi*5+(#G5gwIV@F0H)1DVkUk? z7(=bUvjT3VKkps9^pso=a2lL`<50-LWGBvtR6NLtW$yDPn!uMpQ|c1whB?Xi-(>&orJKS}Z!te-a2zhwlOu^WC%^I9hCu7>?%2Czz z2$1~D?oDa-_TZO8h|LQ5d&mcLSvMfC6;y0fo3EHkXHZ%)KISUrmmX^7i()K*QzmKHYN5ogCOtXB{OUc@cQ>^y-m%y}3 z8*AN$yeb7LY(NXKJ0WVC1XTU#5%vS8?s1X7x}zj?CY@{! z<9}mTNAYFGY=fu&`zjK$;MZ1SKnoor9^g#te$J~=yj+|%3Uq5_RBJd}@X+)K5ZScn z+RGo>xpv}OU(9%D*lU#Z;#%^4)n;G$kjV>vmBZ@jgiRKDu=Jgm8tPR`_N)Rs9UmyJ ze)yYKAKjPZkmk=1bfHVk>g&-i$Yhx|Hw4A5O;+TGamqRVPJ_5AVsS zvhF1@4ulr%!@c)@&=2nM&T4EjWHjfW$Gv_)>8Z`P0M}K{YFmI=<^~;4C8k??L9kze zl>RLPN*UqD*_4zn2SXW=hH!rlVMCd)SO6&Q+aUSfOy2=4^fLhSE-6;m5!8M z<0QS8W;-SdF@@Y*VeCm32Ic)@T~h3jh5+ZhGWr@Hw(4bU%eU@<6Cs^S9dEZARd-Dq zRkxsop^h!6Zt(lZwxVYAD?{)xoS%7B^zgyV6go%82SYBy*59b#d^F3lDire z8n3Ed2_&VS)t4BbP#rHNuQ9L(++sTLV?u48cja<<*Pg5@e29FNLUmWmMF~qj1un}L zxhhH4PJ-g!qQ1&@w;op|OAKmICIghsFk5=B-3YAvYl=$AQ;N#Re@RhUokD;!OPD=3dPZp;$id-lMeY-ld@rZzn@jix^YJvCG$E66F6XwJv%O|@PvPxXU;o0j8X0kJ zlzvykY7U0Xa^1Gds??C$D7ALUvVe*|HivjAWAoPV@)Yco_kb!seZWJATZag3F;DS? zVRwvZV;#Q?SW7H@O1xMkgH*l5rr3XTZ94DMh=1Zsi~m4&bdkM0TN$VvXma;yO{ta~ zuuA%%MTi*}%c_n&=H}YPc_aF1Y$JS8eiX&VlJbR&mP38iNj{n-pD9WEL-`$$P7VOI)Z~^KVRxFymD4CREuY!h7;o7L@_-A7 zn*vEA19i%CxA+N;us_yC4k`nm-RG|%kt+(pyt23?h=C=4pF9Y>jmogd*`_s zF5iC-04X9FX}2NbdX1vZtA}lI658;E5;1GxM)*)J>Xy%L2^CuPE%mjy55x*>l2dI) zI(9j*hM(4EL(Fy5Q?n9&mDi^vQbHsTEb~@>{KD@25X08|`5}F3!H%vR__%vua6eKePdxC zrK>8-uK?Sg^MyL%|_k6M$jO9~1l zv=WH(!FyuX7^#|u-l=;Qc2vc7IR#Vu7GenQ9FB=YO&fqh#$Lt`4|Rg9HH zr@L^ktJ~j`@5cT!f70tj*8z&+YU_T2qFg^+{=L{IQFeONz#gW$TU{5C!2nYMH37pL z5=NR;;IjLc+POvaZ^T|_3}kJFJTqL+SqRPs%&AxL=e4_<)kHpcu44Ye?Mo;>YLC-} zm6wy5W6gO7jvsYo-QDbH2jE(ySQasADhq|T(_XDiP0Xu zlZt1IpnvGk=cW%M71s<&9nkr;VAY!_j!X)^y}Pu=pWAj!C6drc)40$n7Q~C!sN4N#5=l#IW4!(4K-cJGwq~w5;m?s zmQXR4xi-IdI_v*%E>*0gy1Vh-MCW8_Uo!L?{kgW2(_y+(x*xFGqYg=clM1Hohu2QoP?v74rul-x}gt%yGdHi=F9xB#y zt!L5rRkP_u*F1`b z3F*9M=R*{S)(dUN*tu$Q|G8>Gt|3e}QC(m@DPQMm-6!Z~(nttTo7S;>gv0cqssDN|cT_m)JGSvv~}f-9=$#L@lEz*=L)v zIB_OD@T>P|@xvker?dle{jrLg7Di7ODKR1M8j+D0ohADKAu=B76>XIEL}5mhUu-u& zRHG_2vjCgqwoyo+9ut69!}Iz2H57R^0J}`PKPaJ>5jM-AKmoy+AI|p;~3h zw?D9lH>g|dfE;Gv z-zOVmU?*wggsjvLaI~KFe_ClCS?hre+IJzrebnzu1M$Idby;Rl) zM#&ciRsZlBc~CvSmVA&q6z36jWx3LoKE`s?a(lZ0u8~VUt1qMr%?|CW1(A9+7#&ZP z2^O;)%y{yI1RNmgr83uX$rqqTMg|TE)6&$qkCuDnmTTmm-g9!cuWV1*Fpo+*omsBm z?A@^7Q)T?%{sR;G?<(+2>)ZD5a>7gMr_+{-^+;7?M^P0!Xpjfu;e-GLc3Esg`J_}r z+MiX6WIqr|l}R!bwiMsC37|RCt9L*Vj9m3dLhgqPxi4_fc}oB%?KLfL8ea(=6$dRv zfF~$FehD??H(uL32mrjsavCB<*W4hZ1Qm;SE@D%}4KxRX`y!3l$43G>0=qi70D8VJ zhWOxVXQOpR;2U!|pk6l3L-Ue*Iw$WU_NU&_etqLfTjP7L#ki?n$K~b_ZY2?7RY@1t zcag;IL!?}A(ICTVp+PPXzwXLmD0gn?i`h2*Rs+XR-yAdqp?^|@?{2{f~w?0;l`0Hk@<>!owY*nZ10R$66ogm(KMBJryJkq}C=00!1@okp@ zlV{Ille|_Pi3&S}R}axSA|sCz-_#QP4Mn#W2t-H={)}2C#OBaS)=g(cM1&5MSbHHZ zqHSFgkvYDohlzFDZ+bzVm)Ok~&#KL^%v^g#O-_P$AW zv%&a^scQl8@ttp>xjMY#izQCC>~%ixp$f6*7ga`G5m_4x`$zohP=;61BibLYOMaHa zrXUVKbFd$e4zcUOE}~)0-+%rfJ#ofd5}GT_J3*4`a!XO~BeAhhpW9F)K~D-T3(aE~ zhQg}%Wa}gE#kaW-lT-&>c5$X@eQD)ZshUcD*9%BQ3xW%b-(rsKe#UW}u~l$k`&=`M z|JO%z1_n&yG#6L|pS|yd_rrV=T@uCI=0?fjL{n&0FuH?Him)|^XYxEZmOwL<$>LLT zq?1dgRwxbq8xCkNsyBU`Bw;a`JIc4K+9T+Lht20_=G^ZsRIH2U*8TBb&qlRCy77QR zT)b1%qS!%CPG53nJ@=OWw*G3bq`I$WFHR|ga9oYlGp9_BlZCz@UOIT;>F(yuFkkh;k=_To7Bh|&dZy5{krWN>_ANIAeTaX z%e7!pirLf^U$2X&SGrvKf+O_`Q*+1tnrBJGM%_(;z(I-(cI^ry%8mxI2>WO!`^R4= zHv5ZSipD}q=i58*cJ{HXYR&_SDS7>g7C-m1HLx>sW#-+XyeD}xECubP>xf5rTGQJ!A_mujX=k5^ye_C$ z6*v5!{pJ4A{y!?-DHlvl`T0+!d@@M?RLUo+wcesjWuHU}${2xG!nC@46{~5nq=&wi z2H5UB$KFcAx&k|rLxZK!?}D+dzDUeE)&Q435mGHVk;lr-vrq2wQyv}q7e%Lf$4U~*aId&K-;(a0>pfL(TmgOmn2Pko{>`bAQ|1Qt zqpp7GS>F}u@5QJj4a|%$sDSJJ4()gXZ6MM$mGl>P??>4}qtb$&E%f4l8qV#7bAv-A z^lEw0Km`bFNA8*|`LcqOmY1;;uc<@LZxiQ8lOcTqe?JYdZGU~+adQ_~^4WreliT`i z(sj6klc{P-?8$|0CBz(XT47FC4q-sYiMZ8Vyg9v%>-^B)TtVY#qO_5GOQ7zn4PNMV z*4CAu$T?-F?LAOqWeFpU4XWEG!g5;Dv!jW^0{cVl#NPRIbwn|gMC7MxcaZ;zGmM6Y z3vL==6kYgiH~bz(QT%ntH-rHGW{o{XT~xQ;`Ez((j9mvJs4FmeS_NZ5xrVmg|Ku}!tf%~MRs-kS=LLK z*4^*}vZk^l2EQAzQkS~^vmhzifu^Rwf&0d9Qu6y_4qGbgkOC zpItxo#9N&4AvuabJToJmVmC67xo?X@HDYRcHw2o!^xtv73-s@?_?`2YzVdr}KKSq2 zu{8LnyWo`nkG;15in`z5zZXFeL{Jo|B@~cYI;0j5y=ejIT#yo$?rsF6OF)oNLL_$S z?go)A>1OE$X`U~49q)7Q`<(MTzyHkh%=16aIOyVxGs|bcpLbl>>pJhW$>{UcsN>06 zo6Rp?x!67H_k^!bXZ}>yIPE##!$5!JZfg)G@QB*mQCqpxPix-&^#P*F#^E zN1`Xgs_^hD+DM?PFr0yy&*giW182!=yPM&{g#MXibJVOxv{fsYAWOP502TKvcZFw+ zd8K%Wd2DKi-aJpAlY?duiki~=X#fHU?Wo7l0^pW1o-`}D4fLQLQ?!bJVHa^yFPvu%p z(RY~hFAg*4c3yK}0a0OsqU0t|yXwiq(WRJoYvHT~8Rul0}$&R^JKZKRMZY5o1_a znY^kD^InRmK&P3fE0sK3CHV&$Ej$J_)GV7>xi6hM>Z$FLTuO;88;sK4Pu_JYJ9kh4 z_7W;sKd<%v+2r!S-}@hMZ!|8zz*=e!QtB)1>+zL@M!$p_W1i;14L91?%UZi4!wJ8s zmZ&iL#qfe=6HctNh3Xyp1#3z^I;xkOG~OYkTaAW81=8_wiY@&wZ75>5y9?1v@5dmj zmmu_$k{;-GoR>Y!JxX0Z*X~fEaZYKm9K-y%PyK@J011kkaP@JYlj7_~VS02MVJC`1 z0@@j%V0%XWz(dRKX5^YyS+ED=R+zNqt=65=*^Bq|UomoVwGIjk7i-T0HscF?c=Rl?G3D)Y2eBBeu2*E z>7PnR546MW9EdJ(O@YD6jY*awJ;J0R2>=R}2zfvi^<>67+Shvk`t}zI(M~5Bp`EqA z0xy+s?@$t}LQTKL@S02o0GSF;c-$%`(m;Nr9ZZ1-L0A$PPf-^;RjV2;m>8LeXR9}J z_TK78imjWIqs>Hobltbd;jWsjcap2auG!&u)` zKX6YQdw*o;`=Vc3m(^U0-+c~qhM$6OmE%bVcb6)+hGGVbdJbo4sEhr4kL0AM&Kuwn z8~^z~`haOB1DvspJemOwCVBOy6#mWGLs5!*(a|HBTIeAmGq#$RS;j*5B@z2-L@L9# z3z1nI;f#;IMD&U8p@)EZz`NLr0AG`&{8TDDR&ZKJbYyq4o4>rh)#FPPD#dVMXuVFT zBLbd$OU+!rZU?q&Jp8=POo4%i!0QX%x19*SH6L*-V!lt>M|JC!&I4|&rsr|+-GB;} zOOR9woQB9c#E7qcr5y{4uzS@dbP1SAY5+6IyT8vQ!O2+HvX!L?K5ovAu%@V9Xa}Qg zd1n@t_vTVKHx5-hbM`!Gd{X|gli>OSkO@g^L)O=;4ayEvMyFUyFZzpiN2x1*(kXdj zRnFL!$Hr7*%I|O}z`e`KjUggDDJ_%C+3ta%yQ~&TS@QHUfc0FN-a@W;qKn|m1 zuTI06d?^P9-i>9kCo|jDuwa607OkgsDPuaQz0*Ea_1)Ct{P4KbI>WO{VeY->nW7Hi zIZmF<4$BD(SW-jzJgW|UTVeXKOa_709qkJSu_!8B70Wknl-bL%JCo9+Ftutu5l7?a zkst|lX77+qt-B39B%hN>b}I(l`e2nVh>^w7I5{#3L)pTG=uyFxw9yOqe!j8)l{7vJ z@y8C7y}qL!ypLI_DR+HJ-0<)cbo*=NqeS9Ir*D}d?CofJlPo%S2`AORwlB z_%ka_0q)%qICDg^jSX33y`Z($U?H@>y08iwCe2yUq2~hhxP}BRTov?4wF}mvOHfQ) z#50TxTE*MPi$|=YCslQ9nN3U)U;b$GeV$t3Admo@l#Ob6Lxkq|$^~2LUd&^$%5<<+ z^M{mb34u1=w!zti&uc<=D@savPM&w>tO$tkI5fQ#aJ=)-;4PJnZ9Rq&##}`EzG#+CokYRa?6-D3FB{&jx~<4mXwN=mQl6K-o)n)q``k5vM^hY zfwMb(|7c!$=V3KL;kerU_R`>w4Kx-Oxh^iaURJkUrkb$5E(Cx_Y2m>o$oD%1*03$^ z$oZ%%quhqz*e>9L_?{d+7yhPFCBUN8g`mNepQS}DjOw-du``%$WjF6532`3P4rbM7 z)9+ojSz27L3m9(Gb-n>x1%I;=?B?rODqKc_U+HTSr6;A0nz>YX$OqIz8nj^s-!DO4 zz!1QS;=>QO3R>O=r(mUCi-*y&RWa1!d$`vF1H0KAS*&b$d$iwCU#q+y-lWa=WQ9wc zV%P!HSLjz1<5R}yxtMHK(KACFWg3uL37<10-j%c!FFF?h+vi&))}&K1o#u_CY1ctW z`GyCa1;>yOTz&6v z=v^k1I4jyT>Y3ZHwcyv7;sdN6>h}z5*Y>G5y*R8RE4+CTLI~2a*~#hMnhO|Zrw%n; zNHXPfjlv5<0Kn3Q%8YN6SA_kMJfs^L8R5Jv`b^85YrRK=Yp54^BmDopxd_a|duD(; zXtnlX6^u@tibLXvLvC=ED31{v3k!OiSf$ulwz%SD-Hgj2TeBW~cD_q~e9y8_vuxRx z)IFv<&GlAB2rKtjM9Cd-AiPUtBDt|jKGit+PT0*9g3j}gIaWR(cQ3c)XkHe*Tu6Qg=`XJe%&16~+@x`S6%$+?))N0M zF-j5``HjeNgLxXZI)O)Sa9)obb$Hy}kfTeGBi=Opq-6Vq&Xc>KEbpjHWq4N8c}dfi z@I{u9S*;c$CL8;N+lP?ouy46I^hl`~Iu)$}Mz5Id$idH9u^qq_(>|pagoO-X}riG!U(?bTaBU#!NrYEn1A&T zxb9rW-XsX0*`YgS&xsKXSDF92ybEHW4{+?QpRm7`7uB-^=6Js%Zjbb$oTKRF0ksX| zL)=(8FVLoGZU4o6Q=&?dssv+Z7INj((zoPobP=c{Jhmq&B;MGR|9#|x5-Fa7&Y;%b zMw+!QF;t4YDmOsPlBzO=iH&K(M~)1%3=BeidqaHNXNLG&<*gk|zAlHPab*zM0ry7w zpSNbJTtDc;$B*>2W(;tndvPN>W>k?!nzL^FE+xZ-F9%r(Z3#=&bycybZS|S(u$1dN zX3LRZA6+YDzSw|IXC5p&e>)q&_tL3x*$3n{6uEma^hOtC*x>W$l;HQBFnhVkQxA?>OCEbh&3vE%_8$)iGszU0S@8F1HdL%Z60+ZKp920ddcV>9(y z(+bSncs8o1C?7U~c^dmX$?dHsL5SoVZPNkfg#y-hv)%2~t=M#@^)GiPZaZsa&ea9Q z?zGU>1>E`c)<(L+NXQSn@1(jQv2IMsdU8+)6z{rXZUISpqI)d4 z&9hF&)vo+_Ftu>5-XgF|b7d7hccuaE5ohu0zr0NV<1u#BAB@NFxAOVi?j&PsM_rbH zkhQ2<$BY}o${fj}OtkR=%!0$d_9X-roh(Vo;H$J9@SaTDNn!2Oq~4~JV9v>=ncnGQ zr{^z4?U{!-C=srDnxvJFA zWQ=UqHGD?JSej0XCm0Kc0k%<3h;tFHjr_I2H!2dYm*+E*TQbYVV=IVvQLL>uFW}JzmTKn>9r{Jda@q*51ubb^c z%NS*Ho7Qn+qaH(wIaV)*)i$il>ITo*!KRZdZG2~Sb{icSm{ z)I$Xh;M7bnxw^&fo)M)yGq)$lYS_Dzn#;eL6++he?h<5;4q0%94<-w3TRz3ZCT#yF z(i#0*eJ`XFb+UV0Qy%Cy~FNqbea=TZRbu}36Ca>UTA9`!jOh(3-m#g|W zNvCEQVD;B-2#R1){cLtUxJen@hkPq@k-^s!KJ+V7~;fRUXlynX;9lBTn&1p zOAM`otgWNjdWO`!mstZU(m>Hni0S$h+ZY07qgHHa!Ah3c(v0h?d1h5hIME?&EQ=gnAgJEC}`CQPoXh z?3FQC+}Ii1<4{b^w?W@Rq=E)@{jG2D?R48#Ia-N^*u9oYkJojE+uW)34sYY+%R`|3 z;P9%%S=nAIF}~AmQEOF4RiZe2!G+x(fqA>AidVc>=2I`66^|zTt0<>BfTVbR)tWA_ z z2Gm3Q-xHR2!yft76O^ySw0*(1;p`Fl<}7$`<&|23f=x(W=jN!JpC)aCiqGqnjS8M=3?m}yjM&=Nu;!`XJw(a3`Gmh`Rb zvLR+y+lBvf)&Eb`FMztZjHvA9^+bXR*{cHw`|ZHtq%eJeLsHg8-V;dUG;Vzfdio~JE5yP|PUpS%IF^GAW_QVa z4OSEB%YkZW0ZfL#-0#8CJ?L%qy*+!HnJ5W9s>G2Lr?R#aWNptq*(hBF+s>yAv9f6W@KVbiZ@th=&*xe07cTBo-LhVv3^3T^ihoQUcaQ>&ppoHYWm-5`#{g|0ZdJ4+r~++AlfQjb4Cv zZ0`3>3F2!wUV_3Qf%uV+G>^!@cguCfKV6$&LMm$Z9th$YhAS5)d@FcB;xE6ACZJ~Z zZGzLc)j4-;mFtHtNb1kJASvZb(3=XwN%K9O#qVIoFd(FisE2aVQh9~$SbB@k1yWS8 zT@zbkY5mzr2-U4TO%1o*u_f>UF3K%1N?0V;Y=n|aL4>n~gUcojn2h_RTZxc|>Z-h6 zanlq`5wm~MqL}9a8(vu+$-aow{kskbc$WzCW_$2Wv>#Tn!6Ph3!#TtR0K*wa+a3^_ z2u2TDPCDbBRZ^1B+rcZ!zaROIJMp=4`3s>7j*6Z^LO%3Q$)t+m&=e*>4_Vhfj|lPO zbERj2AHoD(XxDZto;6+EiCP-9XLhjfFMip?(X(6K1ULIB-L2WX;rqP9jhr|Nj?(_( zmEtWdwUXDI^aNAS$B_oS=uq&3(@72?v(Qf!2vg0$k}B`VInKl6LVq)*!DvD=#T>*;&(7&b!5uZ__82$7YtzHq(FtKL=jzDrxntpSTF6#MxO7HMDe&^}9uHR-PbIP@}0! zKU(E_I{y%OWt4g}XIb+#qT^Jd(f(!zs82Y3*0T_1*?#FBtW{x) zJDKscujkGCK}5Xh0gK^OXy5L0TizlKevh}c@LdPBdm54!nnctQ9M1YZw!l-kXm6k^ z(eU2!pKKS~3YIh7|E^2b>faxqRM{{uUV~d02{)0V(5VcPy$r(St|jU%tjGLjzLW(@ zKDUi$Q=X%hzImGtJ4f@p&Bo#yWp%1~`OBuIOc74$|pu zvUO7RZNBy<++m_XsAkrh*Lbndh>RAK$_uy1)DT?>N>?%w)W>BksdXnOc~#`Wg>qfj zdL7Y%^BR#V!G>RW)miu9G4u3H_2}pCz)C%-*+^V@#9r;a;~46?`RvQ)TW^Gp+uWP4 z-SZs-4wS~AeU-ORmLqd#cqQ?ys+W*57|-{^Qqkw!Y&}En_Tq5EvNK9m+te_;dy5;i zTXM(AmmrovXULTaE^+mLs-61pzyBvzOU5O@)w^0|Y7V%1ZTZ?d|8}s@xz}omj*Rrv zbEb}BjakOHrxzD;+0FTwn&++R$)Awh;A^ZmzJ%yamltmyLf1Xu0rjj?bB;BN}6fru7R3nCf12A(E}dy^xIszR z56m;wEdpl9V@Xhd6tfsVCJ74`sOZphrb%9k7j=G@2-8xk$gaAOILue~phU;hxKrjh zbW*qC0GzM?47Y@~-AQwoCcjFYkVQuVv@YFejzUC#>{_c(}zgt%M(8_J4w>6o5f}}>(2Z* z(Ut?pZTnt&41a+3%;Ug%cUx`%?AK2CMI|g4v8qAa@LsAqc65B}I-kmncZD1l32*y6 z_qU!bC!Lm6A_Z@|Te@GCcDbi<5s~Hj#I18*ZCpScC}M$Aezj2eRiLL^%JRit^tc{d ztgu~SZw!n!^I~x> zK_fFVW}^IemOii735#B7LO=dP@B?xTA4ko}x?&VIYwD5+vx>O_?p_U#@C+mN$Fs$=WGL%^$Q84BXnfFT}9|?A_Djx|x<9 zVEtf14xY2TX;KSLd6j127WG8)O@r~f#BDNiCn%VLGel{y@eBK5#P>A7k*xZ)Qtg|p zRE(U1dkQcRp~kx!hvd^E)1GdtWMpXuj~CsK%LvWLVNCTJb#FrMk8UV{9!jqdFfyiMZ2nJn!JumI&m z9T%R#XN|cQH1mjImms71b{Ny#%MqJJoAT$ky&}XkiK($jx?GI{_PZb#ciuY{=Qx`) zu|!%B>c`ASFQFB}G#y;TJGbq$Lr6tikvL1NMm=a)eGS)hfN2d%}%N_i|&ChJXi zf-?L9iV+a%Fksdj-gsKIPsD%PsgKs6b{n6&L2Ds8A`u`cZi}EJ9Po+!gvh_O_CJ(% z%d{cLq8-?5Z(k{~y0OkHD2eJhQ{SOf9ATd7AHqyAWHO`;B^Hpt##r3G0oF&q5(-#r z7dGnV3mr0Q^#GI@p?r~{jlZqdJeSu%= zU)T+>=+$>4c#Vh23rc*MIJ9!ctef+VY#IyJY1Jpz^*F^r35I)TkMVO8?wvDlni(cp z#!ru-#pJ2AUj{BHPx|n$`=rJ8q}(Ozsta8$xdiolxL-W7eycR%Ffcj+C9;ynSPAX> z;-_X{U_jw==fz0Kfb7>3t^rk`EB)u*;eS0Pkb#>E0`n&LZ}X=2KO@5xf1yae>h_+S zRQ<^hF%!eWL?Ts_)PEe2&)43tETkuUqsMJT)Mz%8to4p0tDm+z{~;}=ra*>~pOgIV z7qt5Bbt9UY?GMVvXWVH{u4c9DgFKVClx2F@5%*(cZudhob<2aW9GZ{v644v&hfR-60K!xwgbkB_p+R{*G?4%7Fo@R&KYmD zc;Wf-wX#Q!L}6mWRV<2~t)}sJ5tKd0HTL_Wy7OSBBgQBbxP=9A1`Axht zS}l-q1SinB2Xp^)w98dRcm3^#3WX^Ulfu_f-$RuJ9Z@0Wj<#p0`dRpjHJ}(k28Bjt zsN3>nYt|``k4QVRYB(uA2TU~+N1_RhOZVk%jhxo|K0q48K~WrJd2}gN^-MJZBHPdX zhvzy^jhb%+8SEXE_{B@sYv(nw%J;lb+EMeM-Z9)PA{cuH20}UFu?>wM1ECy+S0P2~ zm|_4_%%&5VJDLo%zMl)$*^ridN84e!|Cxu7CM^*~+>Nh|#!HOsu?(nMkd!_~WL}^T zjOhI2Jgw4dlV?00u$$#Nyce4|6{nqtlnaE4XE}wf&<)YyFZw(Ty~ikq-3_9Qm6Zi` z@Dhf@%(q?(4ZXByy$SOK#Df_dF`j^UPy(&jh_{u4fA>j!myL468$Y$q1SH~M3ZR}0 zH7b3iw|UVgF0CB#nUKnd#|STU&<+2P9$YVs^%Iug2H$3|P#?AtX8(;HKel=YpqI8y_A z5MzYRF1i;R8I=RoCf37}lIb@mj{_{spgiV;ooyAWUvyZeIAgonzXMsqK6s9*2ytem z{;ZHV8drNymH_WJ-G(Z%VK96+K>9LtJ2^i*c+}^H_2J0qIe+*Y4M>)*%pP>2iDW@n zk&@>HrU;F<7j}#8QPo@`a%s8=vM9zux@z2@_sqIL?l)6k_W{CEVR#c`46#tgBDAdU zrwtNN0tQQoc&7Y8qnS+Zu>{b_t)Vl(rv0L6A#v~U==fCf@D$SL*~I$bPYiqXsnwx9 zAEd^pu9Rzk7f|s$HPkz2xqFF{Sj|*r3oA5N=-V2_gW6(IX+J(F#Sey8*a2aWG~SU%tzj>|3_sN#Pi8^at@+-Ce#yS^50b%=tpm77QNaV>rAb z9KwZIAI4BJxz^SO=PfQ-E4PWtjmm57tyj9##Gyt>PJTnlcUNk^`C3=wVfYq2Bj$BC zIxO8zz>7+$Oq(VAd1-7@!|+C?dV9{&M8}@i*QXJZW)W%0*Y^3SLL#-M0FwObuOxZC z3kEV?5;~9_I?XmOq3ru+M$=fIvJ{=8n;q`!F}^WIT|sWslc$iyq2s!!t1;x#6UKnsye}iAJBd261QRd2?~5d!g#t%aPpGcWGOKvs8;JbU5x~@e!~8S}horWx_Nn zi|gV&a`KSjgL}0(nz&njj^VpCbsHlC1IlBq*9oU&QjITI@NH+|_uG`1G-Oy7hn^+9 z507vS@t@hbm;q5d`cq2^g!G%U!uPV^QAEnYxNRDKu%BxioOxi zx)Ig9pxiDw%+0ZVG)_*>wr9C1ArV0!CPHJuM_j+YO)`d-dflrQV zb`8^(;=VX`x<*S)&ml)E_xyJKrjBMP*M{74Dl*qoY-x6uIj89*nq8Y4x5huTVzO&* z>ckA>I4ot*4%mANSk!Rs8GU_qyl4V02;~!FMdWS_kEqBEZ*@?RxX*Lv7hQC3`{fUq z0fZBqcECY6TL^2DRhtKgSUs7swjXd>YHJ#HTz2F9%>C7@pD910`KidfX#_e$2Rg?2 z#KM9qr?wcQJ^1+1KG#GomZx)!r|N0k;lljDUY&|lYu8!AIJ@+6~K0BzRnZN z$psk2er2sd@3c5P9$WIBQ-6EZO@go#d0~I^PH}s7x}Ing?*6e)a+4R|tTDjyp_8=P zqUf<)>#>cy^Ewl@Cy-_Swb&GZf-Tz%F>K3bet5!)9kwTJl^bUTMh>6)1;|JGCaW$1 zgc*~OUZ`lcG0&ZjOxTymv}6Bk&CS3FCytj7fJuMEz*&Ytx#u!eCH1#23iZ(<-!doW zqPq{Aku>glywmR(?a$CTV(BUJj6Mg*ZuZ)>B$@;jX=i;piT0;MBT>9A5OIw@ZeT?4 zEPJ%m47C|cqB3*0BmgjoH_R2~M7?-R$rKYmjT4zg$SaUJ1gwV?0B|$l`A{51RB3&v ziBbdbM4_o60(b(~o~&(M5bg{67F*)Bq{sH^l~no|>@LO^P`BeC7u|L_*rZ+pM&Erl z61RfT3>w7u^S0=OrM^zR40=AD(&@);^P(<9E#v}?r98M?&g$G8%^j8&&l>C4C&*GF zYXW4-$2b%A#+I6Arzp}sjd_HjUf~mhVYC|TaG}+!j<^25Bjx`|w+_kJ&h)j{xzlx5 z1pS#_S3p&ym6vT)-8A%$_cRGL!lgDY^~h-UJatlMqSazN(%K3wBJsK|fp>(Eg>|(5 zLZo)sU8bBj+Wp$=0(EN_X!G+$*~IFu^Z+6^#-pZAnELg0T$A84Wu=Ot`297R>D5vE z#F;xOZ_j(38=yPAz6l$7B|W#?1dA`a3j@09)JE*A>Gx=O^$?Kx!P5w0UF)DZH_aVR zK-Iia9AhrjTXxc7i^|8CU!t_5;J|{~Q;npkDixHwkuEmmbRMTH*X6~xfXj&9)w;E6 z<*!@^TH*yeZQ7l%qB(HJMo*lH=i(ShL16NQK8{=s0T@?6pSE0>0mJ^f3+dP4Y8}DJHv`4NYQ^qM z_CBLwD>fhH-klN6P)wi_XGj;<3>9MVXOVD6SGVZ1=?PnYBCw;oqN z12i%)1IMD__YpH9`A~`8ZZqW$YP9IdS4{~SMVeLtf(RZJcoRN z>*8-M2eP}fRr<5WErHhim!L5fT@w8Y(JMO+n{pW1qL^(*4^0?8iKwYm^>W#leOF}o z5cptwa0lBKq0*DR?~Yfcwe2M%SmJpLmZT~EVoCDadero-@9J`Ni&QA|3M$;Y?L$AB zb?h(b#{qK0FW4aNZ&ys9>bxr^kovDoAa)kKzcGP$7Bb!pr&O`@7%fjtg>UiIWVk(w zvE&5;!Zq@g$_{iK6@61n4uGY$21{GD@8iOkE%tY&aX+B0YgxBrcv)F@LmpNbVJo^7 zsTkSw=jTv33FHAEAV%qbUAq2-1t&qK>cQivss{);{ACUQI+xNh^C}5P(C%%ApYWU= z)_H|cV1pePZJ9q;63)b=Q|tG0S}^OOO!}KW3K6n)=rs;kEAg)ApsYDzu=Z-KPm`<< zGqtqV+*t3%1hEZq$TbeN84w?ex66Tvi~jUmfaNCQ!oAkzn8LPIsaZ&i#-c9%3^I@l zKr>!5l+;iF60eo7$ag zNd;NQ`3~Qyt;xb<@im%K3$p@kv?8<$*6Xw{K|{Ib(${Zvjw!kAZJxNW1P?5IQ|i;| zA*}8dg=S%lyL}sKS7)=~!3)6pWI_tT82h#c7rfFqv;Ax}ViYA1ApHDfYvj z3TE`tT%X_MQKn)go}sW#7}3Fj3q4XtZ5!^S?XQlHt5Kx1{=DIq- zT^8`0yX>AcPI|@XpA(Di4^;25cM}{sz1tNEcd9#eO}h$zp}h)!S-vh~X)9Rv{t&(x z(Dm$IvS!RwKz5=%R{zJ;1ap(u{U%oz{cL9@yg@R4fZoAEhm96m27l z<;Pn6A8-}u6VE<3#sh&2EXa3?^;0+pEs^$+l|0r@aO5lV?u`k+i}DSv9*lz!b^exU zXeM1Fo@tR{y*9JEE`+TSV!t(Xk`L4bZ#VzhS)(heswk+?42A?EP%oZ#+(K?LWj6JZp9R+Y%#9)OmqDwY7yvcV)F z<7p(@R3^sE%zTO72-mMd)v=$2s$=k<6YEI-TtB8#8!)>etub|Ir8f+Xx5yB9@CMg{ z2^EHh;T;`jt$af&ZPBOdVTPJQIM-xcd?ZXPa26YxTUT82{_}n)yqp#?&Ac~OKB>N2gR01r=C+puUSH~`n zZ2I#m&!Crxqw|u~FI5gQ=pK9q;_A%zJX24*DNWzBz(sAuj}wMYL@#Vk!%{s7zd3nO z!)M;Rhwfo>L&}GMwKLYu)@!=r7>>&~I_5T!bX7^H$^^+J4-HA;BA&ry6Gosn4;<>( zWR4nj3kwk@yOc;P)R}cEC1~9@ZUmjQ9V%*H)YV=prihpUx5Z#^~~t0 zHWp&%Yq2rQu>84t2%nA!;U}4I5m4>Hd2mOca$rm1Pht42wRLr9`62OsHv^|(ia+y7 zx49u0YOmNlO0TTdccz-QvQie=qBu{NWKDR^)>ZLpM~Oo{Fp;++&*d8up1&WYUCeIe&Dv^_$dnMcW;d+Q-JM2$@5 z%m$&{HRJ51EFgW;2dxv9rGK9aHQgRy+H zVzN(;pP=ZPwTT9c@A;c%1er4IEKH8q9;JWrZCLBwiQx1N@m8}hncX5VA-yZ{7Y?_| znqmk<1z=8bOfOXeXy7>~mvYB0e@C4!hnJu-9XT1*D0XAy>8U_dGKa%;YHW8syuExBcLJq>hMqBtKXezf1+Ofzvg=?D1Rt3kY+glDh2NW z$)q(sgdhUzdcO056^C<=tjWqi%oYBxh`;2c7@j?O)TZu;(JW=a7=YK)dhXGnXC3(J zDS+3bO5KSZNc8R@X&{`2dys7Rct0c>8(L7Dq^zKA#Jlm*_MSc+H6)5djI;hx`6cK_ zchQ8f6VmMvl<3y9>D&4Q6_yTG&CTbs3V#1f7Ogw}^(Ci7SF6r6<4cgh_yQmg9O|3w z;_(v#kEh-!aDHfjp~Eq!+>Q}t1)?z`k&m$AfOJ81=Fb&%9D^`jZwbC-C=GiaJL5kw zbFF@1XMlJnGP+G(P0yA;Mt^+;DdC`#)#uwm-^BOPwu${@bE+#9%OPF>ZnC_JP{7A*JK<8~oKl0sK ziz@S?lnoi(2Qv!dZAeIJrEZ{GHX#w0>QoJ-Txa`SmakSff~bRT+-SAbqf(fo>pXNS zML5#aoV)m2cgKs5ZAg3*1k60;UlBlLa-H}g!H$DaO6T*umsQW6R`9SBNOV$x=BdNb z8dkhCkZOhsyG>QdX}D)f_Sp@!5y{VbaS&JG!V7n@^$VFR-D=wJa{y}GpXUJZ7(lm5 z_oHqV2y#z02)gG?8|jlu)yWP8fmV$%H*!c+_G=#R{Tjs+_(!XyyzcBxO)^PVH(mGh z#2_Dub$tUKMFuPk24PlSa9CGTdDo+?`S{^}7*CT*-|~skI}%dd+;tE-)64-cMr04j zAOuyQn!&d%&$-Av^O!3kLdUe@2iKX$;y)`wGQ4 zGFPQk6UA8EIDWhBl4xM9KBz2aq%&$OwpT3?|=NDT~eB1v6IwH<3-8xg8d7Rb^CV`6jo3tG8h;xRrk%A zN~Q(B=ufYAh2$keF(+fNHWN{a`gAm4oR!1kwYsSsp%o9)107r5nou*2^QNWn-Lhlp zeMfC$lreJC5__fgL5XY6br|PYY}SlPj@))08zt0c2$D19d*EDo&aXU5!(Sugf8kLU zAp(-f08g-~(cVQol9ELFjy(~ugXqhPTPwJAPhO22P;0zE`}y~;rv`vA;=J*t4V(c9 zB&?bJJ_SPjIt79~|HBkWqaT<8;Y}V&4<-JP`UDJ4hBJ9G;Bl2Db7L!|{aUilW4<4L z&3$U)9zORK*?xUItikN6q#f(9^@hsO!>w&q7Hbl+dSijK>uL%#^k%^BFQ!0C5Kp*R z!1f4NRZXq**~NUysA}^ih;Uc@SaIm2!+eFZdUB*%G22u<3|`w~xR`EgX!hKSF;Aq3 zca^i-)d7UdNRKp$p_Sj0nM`{7xiQ3iWeX!OI0zf~-D#ban!PVq-$eORFvnzAdo$@+++Tr%Q0s`ST)z_@FbdLDf zx|Jt3GJ5UDkX5(82fp29Eh#t>|!nimq_@LuvkwUs+;SDc8`0 zxg}bR^Er_zzP2TgSBOiHtttFox_p&e(G3Bb#YO_f*kngQ>`dDkV*bb)g%MPeqR66p1o?{r%8U*|W+^c2U zAwUuM^{Phx^Gfjl+SgP5F;S1q*I_6mCqer?U;{^#CYdvT-8f@MT5(`XE@Mh8Y(r|d z0~*(op0XCN?aJuip*FaIm9VOm7-d_8Wr=ZjgvvTOYOgh!c-uYh&@*60vs8t7alCGG z*GdvDYh&eVaas<PbgcPv(V zarS(L^gsb3w`w!z{Xt~>+^q^KxjzuO6~F3=3H4x6C{Lcroz>;21vx`^IF*Y?_G%-q z3g?SFo26eO$nAj$a%%yjAEDez%c<4zKU?6Z{+AYbH?CANIO@=nqxqA~4f#EZY!Cfi@7@r05DTYTE%kQN zW+-uGkVMHX=3Rx8-mP%7(z9l(Ox{f~Su|em?%|#QH<|1s7xOX00UFUVDE^+ka#&1LAMHL1Z68VnZ9=Mgp4m7Sf8l^Ty_VmhS|Ei)R9bAH_5sK zaFdh-Ql%Vd?S#zWf`}7P2j@5Cdo6F(W}5AQBcfieM-wkm`?Z0?sNC-s2&*R<X^vC8 zja7Xy{0w~w!_}((0O{CFx(UDzOS&_xcFCL5oq-4f@WVqezHOL|b8cl_?$fY$_IZ1P z7cd~Dk^6Pl8`YMoyhTm7lTMW3g3O;Qd2iiQr8ciB>XoE504l==e*Zy(fbXwP6;JCo z#wYJf{jouT4}+q$%AB*s#Uc;GLFjQI5o5ud)ImKAE%Cu?3*daRqUp#l1>8;Yn(}%4 ztdpag$vq3UdRA|DZchJf0T8pNpx?G%3dXJ}O(vI?Xus)h_N5~+(g%%qL7$I0vRf7s z2TaJhUl-+)v`(U@@^>1mL6xwQ)Kz}kdSB(@*wLOz zCJscsFa!^egVVP~=Hrp8{BUqhB5`T>Bh4(?c0F{Gt0_(gIvsefVu&=%qbFv%OcCH8 zFnWx{+kCH0aRz2N!L!(#>#}J%lcH%W`sv>p9i?NKpv5zFAV(C`2ty?p=49DuK_($Q zUOA|6txWNwrtzCs9m-ft)*;}?L^h~ih5HZIwO^b@ctc>^86)(Bu?=?UAK<)Q0H71XVb8a`VmWC|4b>Fa-}jH<_P|*P-i#Go@kwj zbVfefTypIU0Fnlbl6ER3wTd49tnU77oSUOZr}5?Ikxtzw%YcUdrYU*V=*b$*|v5%TQGHt~RP|{hyrCZL!_QBNoU4Do4 zAc3@vM4LjJw-zDcfb?B{>jjs#qVdJ?1?!Op#T-^RrGw|!vg3Wzj)}<~IX`nxl?B#_{-6F&N#>A(|c!Nxrqdpo7HP)94s6hVj|08A`4cg`b`uBgWRp^ zU&v$_WLNS&fy7C1H+7?U^x-ShS>&cSUS#o|^0rJD3@P4~iV-&Dqoue6Elw}k#(Z18 zz^Y)Uy#xi)%8*GZ#+k-qGkIas%Hs>vDtd{@+MwIzD3}0wap|9!F}v*D6&^JVvTWW#Ow`4|VT$m`*6?1LfCcxHoINkn*^Y^u52JTknRx5#8)yztZmK&9OOl4A+v}#d zjLkPIh-}N}V-(oZd`D<}gjVv{64dG9|L6m&5-RYoUkT9KyD%yQwDLL7t!#Z;L2Jv= zfeX5enHQz3|xL%@7oHZVfBR6768}R z9i6crQwYmUwAhQt0bap!;TRRw}V^HQB z?fD^#`YVVBrlN2+~D|)dg&X6$7ZVm zSiHJ>HQhUh-l;YZG^MW!9s&rk*xW_)KV>e~2=yPIk)@ZU1Z~X?xiya^(BBk}dYZ-% zIlhVJ_1H_CPis$WaymG*e`7I!+WH>|+2!f(uO7sXroHr(4-p zOH0Q*LlCzP67N*D*<*_Kvx6T?gC@PPkZ1yL8tfSdT53(gV?BK@L9DUKJ{eDu+7)mX z7x&^NowK+eoyXR8s<50R4$G-YCzB;|Q#mxPn@0Fhsc&O6AvX9lR>H3rSVh`LXf-&~ zH@Gk4`VIt^_26^VT{6>q+Bx=Dvxz?so%?62hCh7o&sE8$K$zO=(hKF0piEMhl&YAN zhjUNxh-uWABdnvu(YzZ7xq+X?0P}A@4M5@f1+6l^bY`*eX-ITv4L&u=!^*UP7g|Hp zj8~CSs=E~pO!}XX**fFDpF&VW$B^1Xo>;@}+K^!(_L^YTDL=iw5i^9vIFTt=z`Jei z7et@dk6`7bd1~N{jE0?2nUc`@AI#?F)9j;dq@}j zc!$**)zxAif8i*pWCk1Qx>1kteFvil!2Ln8{GU{nf4g&(N=x@9yCXE3X!e9}f=$%l z|3BotbySpV`~E#hDG~-PrGO}%(jX!&AUSjhNJ%p=bO}h8fFKM?NQ30S(A^*{-CaXB z{%*GJ=h;5n{nYne@A|#p_YcIy3`^I2-*a8(b)LuZIhHXw`z%JT6-SQ{{NyROnhCM< z3TKyp%q~IarLBgv_!LB$I43B@7ArG6n{SmN3J+skS4`2}F?vUFc zS82}H|EMXJepJ25a$ASmyP!FUZiJ1l8#~wUg|(2<`9wNsG5g40s(M=|a@5Z!C+$4= z`XX~==7M0M_YcZ4h8LnnTjPE9EU@QwDz;y1FH%1!EtYsRBz)zL+CKF#MHjTIkGn?kDn_FM^&I-Z7GYXIR#TjYsFz!lMK27y_8Y2H0?iTXk708I529Gl%XeeaKk<}*&d!_XG?Q1pTy1i}FzC^cQV4t0rPRnQ<&M{T5!%zbnDPJba65(y zWPXE%rb^7i5}q;nf{ESZgl7#2zH%+0xuG9C&CQ6N-v!tzf{hFFa{ohnK8>^;bz%*J0yK?kiuDth)%VFI!bj2_=x@Q}a zbo32C*rMH+_%(2&hE9#;7ii(I#i`-_{8yfQk;dP~Nd)f4WNyNy zhG9#WR`D*W6%Rdgh}+z4G@Y~aX{?J?Yu=m*WZ&=rzs4L8zHDNX+4K)GFl{ivut6MmQ4mi2!%kK#Dez-x-}#PUEnh6p-23 z;(Z7=HiR<4vE;GsVAFC z*FGR~E}AAZ9T7N_ahWhHKQSo?n?eezrZc(HFbG-sX_NMT1J&usEl&-f(Pk}&=QbkK znu0P6D@(1|34v&p159gFD&tb~E2Wi!fH?ArDdFIdrn*Xurc@o&5S!KUzB7_{t(ngd z{FKp^e|D!qV(g>&v)Uld06U9ETHZGc!pHMLC|_9=xehqj02bE>5HEX9(bGF}@=ieZ z758a-rAHh~mt~d8@W;Ada7p6*Q?aT?@rf0h3_Hjh!TaV=Ce zcBLa}lEz)R%wtOZ09=-TI-~jN^}nF*ttBJ7lV&!Gj{0m1qwxsiOlB5bAK@NQ(&q`{ zO46a-44jOifIu{8D_mIOx^xNTd{dYV4`fu&iPj2N4UUZKPtxBkjilGT5f{~xi4KrN z_5Lcb!$Tsll+M-vehUZ6a_Ia@!F;sutp4Dc)6LuM8z7iCQMy3VJA1OjH)mj%oTtBM z&8ll$X3egDCS&X7M~Mi>khLp8e!?0UtP=U#_4?z?swk-v ze?ik*$Vh-9orFvkLZFcF;W&A{ErD8*`8HTSg&#gBz(3m*DyTDIZ((L?ZMBgC^pJRI z7R7*t(%X3nt&|;8aFzvUmGrv!up|J+&Fa;z{YPkoT|@N)KzI;;M?6rIcXvrc>pmbn z2)E_i6POO3Hl_kA<;&GM~*FCP|)*`e1%Z_T}@y)l~Pq;vEP? z4np-5N^BEc4bdG^q3!Tjz1W?)!0g!KIC-00!l;C}03t$xUTJ#d{a;32(33vM6CZOl z{tzjB8E7PmHGsUR$S@)5u=_O5X~@b#Lf7#Y8@V=a>(&gd1327SuNSU86dOsVR|-+P zoP2r#9Oan*Wc>cWe?!%b4F8FMw51-F;6|S zl7nQ5HjA&oovfo!llZHocL=Run_~4S-GIg06)BGCY8YBFWg?8n*@LIikp(SXyzc8I z`j%wJ;4T8TDc}BRjx55jHA{%)D4j9X;*4FOtXWiBmKezP#d1yhw|>BGG$6Qe!k zwhCJz{7`l4tR`1sTDdFx#r%p)fNajOs48!L$f)UxRYI;$m zWayya`5ivXdDK>D#jIRfwxoU^srI8zL!&#l+PXy;d38WD@^%0Y{V$%I_G;sY5+gIi zH2h2#ucmOKp0KMFC>})fSH&ieoh$>l*~$Nxx(o;@Q3w~)qj7bet0l553pmEm>K7a6 z*7z{-E5W$RkS3G1nGNd3<)S0$MFyFE(ycybLw-2A#iVAz@h+TaBO$W#!AwS8#_W4( zf>=%u0)PWLGaS(%fUTVPjDJ3Aqi8?0XINrU*3m*Rv7ycp?X%pw39<|oKXGvYltqB! zKv>Njrc@f((EMm4W28BEL91nFyxzg{>MPHNP*I3Lq%}IXB2v4tbSo43LVhEJsZ`;}1ckrHghdAEy>JvYjzq7AzUKwcVt z86xlbFTeic$e#YC@($xr_-g!qqlRkWSF1|UGft?{DD&BGk+>!)u>3X7wGYyplxv9@jtZC)&zhS1xy zlC%$3$u=5@j6kIl#4DaWb6j0rj8W1%of|ZHO^M_41p<-scF&Tb+04=mF~ULn9-r#u z(VbkLJuUw|wc;-?3ZM25G6mQda!IBb`V*OAEbRKo+N1udBcbK)%<`#cNmmxRh)+M< zuCz;PwH<8kpNWw)lG1kwRn}`=wpI=m!7KnC4=W1kjyQJ);B2=%3&V@i>Bl{$9WL6} z%_`cx_6xS#xX5e;-i@b>XBJkKXUT$cLtN@}#{msC-em^06Xr zM7A53Dj^sj7%bA!^3c@~FOghHKn`o|>9U`Jv(8m|Ikzhd51?;$WVV9#JW`5wc%1>^ z2`=)dV&#{G%`kH5hjZNU@6K_9VX)F^1>0;eQa&ik3uq3vh$fD0{Kr)zBnJFv=-N}rZrJtqa(IuLid)3g z)1RCLfh(NhtA`iGz(?j6P0b1%>gGcsX*FmJ&5(Wa6yG>bzc}u+IwjDr$>f~_ z=bC~OiJ-ze?%A1s)HpIXDKrAlEAk}}?*8U3)2FgeIyS0r45*&FrZ9Y!R@N5BKslC} zToUwuW!akd=zFgLz!K9h&!J0Bd-IdJ<#ry#0wkxtIzG3NdoOY-4ZL~t>M3upT-<$# z88U4gp-iI@o%}iu#Wiu-H3v}18Af!Y&~f#i#-FOydk7sL%p@I^&1_mxR2o8RZ_p;I?x7p@ z4p5O|eEgeU>ED~(eb+YqFM01T(moMW*PxiH!y~lOq%HDBjnx5hVt&F%5f^0Cm zCdcNvdR^SeRfZSFLxfZgY%Gj%0uS{br9YRK1M$$2>{%b%FHxGS?}%2M6DhScE#a@o zf1T;iR4QCqJ@Eh+^guOdw43H{Oqj!QOtFJ1HJ=K*a=?fqUJKjL;ndaDAVkS42m7FEoNjhBeo9T^zhK^ z?h$mU_E5@Tm$NDqt{L;4sb^L6r12IFB=!w?+zeZT_ZAHGRT zjkf;x)R-K^gM50sxAO~h4m}QuJbi($2_i4+5-I(E_KW~|6VgCrg=Qk(qNZufw)of9 zRvzk)B&a@hS@uf73EKTd_Z5QsgQNTTdp109p@nYo3xOu137s|`#*MTA25~oF7}E3e zQ4?=fSpo#8Gfnimd(X3E^3|)^&s7illC>rj9nS4rWT?%cAQI&@@Whdv>P-4 zZf|IIYS_A<85qUl(~F_L$gc1l4COguVpN{zyj`}4?kKn9$@j8y6SsMtts94H z`ZM`g%ShKeELPVl&*KN{-~rLqDz?^At-NStS8S`UEvNWJi*@gXIRYrrh_*M)PlD#9 z+CAFg!2hCh#Ajyf>MCMh)&^V3LNBX(I97I{9)uHBLAH}>jfeZ=hEeUrJ(L;0#u(!{5bXGMBenYDPZZ)cimO;E>O_GE7)V5X$j=DiVP^qM+Lx+e;}!qEjIg{ zU@H8`mG0A#^B{|WxqTa(o{~(7k!gbEbV1Jqza~$M)q4R|`8TfWc9|m*pVaCR4nd?D zG7myUT6ka9GD`6-1yAod39R?E3G^^__erm-Pjt%w+>%4icDu$=fwy4bpIilmD@OD5 zY7A{EjWRG9%K&GV!HHvFTBPL<{TFC6l=Khgh)^FWoYbhJ(e`>vQsgsZKOO(f6XRgg zmFP2$*;GU53*)pK98{@OAS!-MIUjClCM=<1G?j$qQt*u1T3U43d* zs_ysHs%O6$zpU`2!HOk@e=~kHl#j~c;_|C9T`Jad|K{k~hSfmeCA}bRDK0>c)_1Eh^>Gq2l}$a1e(fR85?%b-fwD>V zpljcH>2Xc3+Y(-B;|uK!W=UY>j>+#6&OVLnlbY4O(=d~abWf^YHuNyl1?_m;XlG`v zyxEN*f$lPV=Pv|n1R+{aS5sjDuVR8u&g24#rS0#$h5RH=y8F*It^f6}srTntLKv1` zt?OU9JTrm@l9u^_eoOp5C9W%1;pbui3r9Tu^i7$NWRjuD)n*!Z-Zs<)p4L@6ZKxK3 zmeToXe>TwFtqbYQ(2L#D$u}&q>ZJfIhkq%E+)t!#5F$a+n7iaoHZb*1Gs4+?;JCQU zDWFnuFpXib16p9?Hc?}R`PES146b%-0=!VRQ+h8d(m}$jm4*z)0mIYS#d&hDq)-*V zd14&Ds5-tmA$8&NnH-e20KV>ZLAgaY0a(*(_A?jS{rEXAI1ZGP#I}WXrUrY*q3~JD zk6GDcru3tbylL0LKVmZ6W^oyMGLkFD#ec-iuFtUAvsz!q%${2U#f={1pYBKhsDy-& zvIH#^f9A8yHzzDeg8}yT2}1mgovFx#n`6N?!BJXO1Zng|smC8S&fV{GA@|l=Vv=k2 zdpD~kAdWNS49b0zhjoaz@Tf+w`Tlf;C9mKD;%1v@Vvx6;A024h(V^(iD99V8;eW;} z+ZoMH@au@0&%GC68zm$cAEhc1w{<^Yi$)2k#f&&qO9)LGpA{}=Ig7r?-q!KIebRkX zSL3&n)qL8KFhDgxV~+p*B473jB<^oY;pU< zPc>~PLg^ORVtm_+pUz#yzaNp5W(QG5LRVP|EEE&hhXWxyU(}m_-?67 zP6I&N8#Ec+;*Qvc+Zu`~d_CWx#|FALW$-A>@;Y{RWE{>SIvVh!IwPKh(B#!A+%PN< z0Abnzt{-0u&NZu&qvrkM1$t5j;?KhzS5kdK9k7F48#1UirU&|=N%F|;NIbO1t?OyD z19<}ieW2qzD90++{CV;upx|MWUto_lLU8^be_}gzGf=~QQ}~$UocgFn9738N!aQFZ z+VjMVQ&8y9ICYV2A@3*=3ss##OR3Aer}^9D!1`R%LC5#Nt+eOM&|mqYRXkY3y?W@u z3bbjc_5O9E;_p+LydH_|(lz_SZQ0ivgYU+Z)sM^G@ZKpcU;4naY!~(p1lXlYQgrOK zr-5VeNlMa9-?TR&SxlwN!zmgmrPWA7KEDJm7EJBZG%L7$X{fT+Sg^+p%tZix4U#9G z7%FS~bFbzg7EB1fE|{=0)*UxSBd6dej(c_K<2}UDnM@kgPnV_n5q)G~R$khR_xCXu z&{N5Y^_*>dyn618hPYL=dCcdZ0Y`H?x`6sK-Aez9XEjpJ*~0g`=>wNbda!g%5zb}~ zePSLdZ9e4ln8CLmEXeH#rri0Cy{ICFcR5oKyp4VhWiP-Sc>=Idy2Gl3K=!y z4p{HzoKM7TEXQW^+VCKtE)UHn+svktFCyBO5%<$_$BFH;c`dcv08@VD@231=X{Cm0 z0;~%|ihF|x;RdLW!f*LR)$K~s?D4E6rebBz;t>fB7MaEqAWSvb3mTuh7Cw9A+nIyc zDM=RQE~7`fz+lX$%$c?&Q!zGQ13siimo8<{m|XXW2F@UWRYq+0)xb7J)gRJ0e|GE_ z0%foywDOlgnzE0L zqBL)}P4M*o^lh&|_w?ze_-<{{`q-765eATci2SGl`a7K7IU3g#*tPB_)3>!C>izka z_G4eI7++pi7OiWSmBkGxb>Ny>G*^eVozuSV((=WgwG76J&@0Aror6=Bh5kX;{=4xH zsp7ut><~QPb#`&u;~E$Kv-Xl_2G=!o9})vDTTts2gToZGsA%F^LF-4sOO%c7x2t+* zh{D?lKc)#e=!_*E+|0aG>)j@?(W=lqs3l?F{& zTn!O!ANwosTAaUs`J6G9Ir|{98&`&P+HEe_maPueYv^-zmmSzO8xG!C0cz3PJ!bl- zo{uJQ$AJX#k+}%@xQ!j6{E=WBJTLP{)wTX;|qpv zSCzR51Kr)bx7`N+#Qz|zqT{`NBagt7(rO}8?AiF+{j*v(CZ8-uU%Jn-cQP_)&nXU>b`&3)cn(N z;O|2f7L(DEgCJ+-y$(Nk85YTQR?PH#uM+;Ojvt_T z1`LoJTm*r9+my&^TmqvFq6)6!m~Wu@;V1;aiJGYrePU>y zs%}B6Vv;vaI~~s2I(oELHb$N;B~XZq86E{SaU;rHOdP(hpacZT!%?Wk zXvoMvSn`szk=s5dX_Ei!OF38N5pA`*aePd)pY<+;HGAU17~TeK1n5g&#)u}#kzNKV z8^e%jJ@mmwwbIxA0?A9XWjZ3%WtJay5JT`xbH^(dsymvoy1ymH{O;rEPEO9d4EnrwEClX*dH1E}<=+=~{QO>2rG}GDz)_pq{oZ;zv9{7M ziTOE4L%vPhA;}zIlcW9ydac`}8hPwJ)qwa4x=);&vt%;A{idZ|oLvYh%-foW8@QYn z@Rqubwu_=?Z~YvX@92R_Y_X3`669DY#7Q_hB>yJVSOvM424MiJ!7Zfv7Xwb_a8@0n ze0)L&gS45w=5R!xDOuUyR_a$*py=L;u!0~ z@*cHV!dAws3@b0ZR$B+8j)A;1Dg_wK{ha}^%+$iv?hcz8;++Lsko=-9UQdn(3&(4~ z6AZ(z8oFm*o*E?I*N?ts8QO}}w8V!IFA3JR)=}Rp6)xIi!I&&GUxwsru&1v--weGP zDte{6VX-~Jt2p$7PhFl%qYf<)820E~ZUx3VB1yCm!prj`Fl?_Xgpaai@EeH!97tBk zcfngDDA3T4PC4tzKLYE5jYgNmtLggA8185uiBIxp!{5*#a@$MQ!tDwSP9Xv> zD=X=c(cE#@%m*Sj@1mM4W%gK$Vw2Vm3y5Z{i4pF&YD#z!5po!qM2?fS8sz`!ZGbp7(#O%K1-KJpZ@8pI%ebX>&=ENk7sl$v2dX zv1<=C{zoosV6nY65dhxC=2J-kz}wpjzB zF|4>*Cc@!V{;b;AAIt+;TDLtqm4dj4Iak-PMA7vN+?koeY#;}`hFc$i&b~v_y+wh< z4;x|VsZ_AC=Bqr!T`!I*W_>44?pUDE7I@BcZiN9E7rlO{Jp!qpr2o*d2FQAzLiX%fe=a&wNvUCdE3 zO%4^-NY%UlpaBS-$hSxc?@uxL}!{^RSA*qdV?%4XS1`{ z{gs3<&n4XE7)ttb)TJa*QSDf+hh+MA?P707gg)*T<+37OFO6)eAG*0*YHVVvKRf$8 zbz^)EHaD<;{N{c+e?{CDGlfg}0?e^_h1Rz7>t&X!_s1+~p5)GRt?U}`?#gn_Eov_a zP1cLF&J(8OYHi*3HPNB%9WC&XbR6ME!f9wH&<%g!PjOxehuXxMxOtRbTgr=fYL}|Inn%W5_*2|j;e3rZH8UTWz%dP=u z3`3$VSgWH(g9xSV8SU>7dyoG*-QusDSME(Q+W>t%WPgciR zBU!1H(arm)*dR1xG*4Cxr!0+cAny_;X2OaR6NoGeqv}puV}Pe7t!FnY{`^kLCsP@$ z(WT_$*x4%Zv9?nv@d61w)VGc9P#9TV4OkHt{^wSNU*HDp5iGCiDhl{w@*#v_X`xZ$ znG?*AtDyi#o{$om0P=oGv`Mwbc|e{`dqz{`wWM#LERkyJBV?5$~3;SBGt&VJ?WB-~SX0Sj7hiGWZjV0aTQir#&^&60Q-HUQaobobY{n&a>=M0f;l5Gj{j zFJQ(XTm(6swI0o%mDeqVDTO|apL+f1t5EJtcK(J1iDPU8_*J;x9z+0kl^0|K1cB2< zW{*C~1xBPnRqQhxn^&U8Kim*my((~Xe-mXx_JxYPdVgJ!7g6XHD_qtCLldUX%UN@v1RUa0N1)*knWb{r+ukEZ+6jbwQUkxAh%V7#=2O@ZRF5yju!k#XgIGUq823nQc3h#Yp8x!Z?#_@Fh|0-$&K_ zxsqPpOG4M~vZ7rq=QDA*8Tm}^`Tb&KO-#|Op-LMUd+#YRZzilp;kX4gN~X9{uNb3dX9v_$J5RH& z{1AhIoRof7-IwqK)7#>3n~YN}V{c+M9y(9FXNNsh+nmbh&NUoS(OdoL69w{&4Ym(5 zM#s1iZd+B|4eCgJddo^Chxm!mFYBLgy!2!{R{25}6{ZJ$GL578LuZb&L$O?{!sL~r!CTU>KsK0F0~+!TByIC7c9Cl7-eW)9cq zPo8dX##UB=bx$3EoWq-9R%;ix2kj+eW}%U@O#|#Yn%sbCJDBW%lJ&b1zdTDZ@u6*( zdg5DirCbVUTiHv0`t$!dkM6(TSpFxQ(*M)H`v>M3#-EvI=KcD8u1v_CL1r$nwx|j= ziO_SSI;*#-MxQ@eoHi~|?Y0t3_|+=sQ<}0kT+cq|hv{%|rTIms;V&s{5Y+S(v>qwV zRA*;P;g3c>O43h&zhh$vwJUM4U;VmzwaX#a`Or^@QeDa@r8(BwPsJ#Nrh|z+Kpk04mov(?B(SEstWgP z1~C{(qspEevWn;r25O)FmEw%bF>~jWw)GWdGnpZF$EA=97lo^1HN;v12Y!Lmj+`xKD8hncTQt zEOd9swG=GsSM;Xvd^4%C*_wA>_~Dg|qo`&$BH1lUHrSN!v21etS6`)YM@xDjuV*{h zemWtlU9~%nlvF{h2M}VdUd-Exhf)*d-Q8(9RvNyT^hmW>?UKJ?jsOVT!+g;Vl8(0` zyaB>CkJvg7#S+>4t~ziAi%LkRd&pnv*q=_S@Z7ubG8F2&XNy6pVf5hR2VL6k_xyLU zuQy8VET9VT0nAw&7%MZNbweKl^UzJ+D3 z5A~d^@AEx)kvU|^Aaw~mTSFjr?*h}D+o^yK;opZ>{lsrtIx^6jHpGtlf*sK|4K_OW zO@Z?1@;B}_Wv)sd2gwy%x7E*+1c4sY4;iSb+E;`oM}t`L9_lCam7y9GC)xS8N#kmJ0WRb{zJ zbmK|;nUm>YDCXqE*Begv3V=Mm-xQPu>xF+-P*RiRVD*nFeM}>8JnPxh%^v>Jvbt}> zH>;g;mJReQTx!J9Gt+X{;$h|NZCR6Dw#t!#Emz|}r$|-2dFtzfc4fz7N7cGxPX5{R?{-!2LOfF7WwNLB9 zd}*ZN%eOtBkr&zpWWB8+882=lM%=%$q-vGnrpC~SZ+K3lBxzws!5AVdN&%_zSmcL7-o1Lit6V112d zd}0F{&2OE1UZvZsJ#XohleU)s?O&j$J1ttpn@<7;3khJZ5$J64n(U3$%wwwhZuNK-vZ2s z%{<42>48gtkRRX7d3bZ_eQVLxg51PX11}Y4P+Ut5@0llR(O0FETt~;V?0q*OjS~uw zA@djZ4GaJ~xqlw+p4Tz3{Au8fdxq}m7pCN)lBWy#d0uQ!XJR+$NEW29amB?+$_biR zCnWc_VlUl|)l%Cr4!6Dr z`m-wzpJxgp5-2#-2M0{5S%6!AJW~2aU>fG9n|{j=s^d>i^WtwWz<@()>4EY#sbTh+S%SNPy53^ zQ~UZE!VJF1oqYIn<^Esy#Q)n~`u{t>_lpy$Gq+zgafjfCnr+(Q1Gi5-tc_*2=%;rU z%AQ%fY=>K$r{MW!2gEYbdbG|r&1LA#b!n)sBWj*nYy1J3_w$mQZaRfq9D>!qaltn5 z!cgmCg)G%@rmP2h33P)9lPc7#J9isZ3^|}XQjK2#FH=z@eM)-|O!QF9 zCW&`$Cq01_&zuKM*jq^Lo$?lHPDK%pCU#ES6asr2?^J6M@(`iERTuu(us$cfM2=F) zglz0!vYS0m#2kjI>H8oHp?G9!Ku<20)C}nFQ-65DR!#)+ZR4%`2C|=z`VtK^CdXqh zWG>7B-41mO^>qZ~?#`laWGpcA!VO&I>cP|*(YT-TN%$ZybeTr8!+x1n#_CyQSzVg| z?mPu1i`KqLcho{WeE%rX{`-Q9IIB`!Ilfe?Z~&$7Kl`|>R5DCY$TVUdf|y|MN#kfL z%g~kd=xlVi^f2f?+;O4~?2CRl7|Td765_mvL_+A>TNll9`vs`;0 zIy1$JEr(_io7uCpmbg@n?YlhzY~^yEzq&qo^;69je{7oYXud-k+oe7fX0~=R7?=zE zZl+<_5jp@s#7{_$$41N>4l>2U-01Nqb zilD$b`kzkDbM}9?u#KE>}|i~ zBTpmOFNl^;T=#Y*=pNBwo$qhlop6;Iv|x!&iUOj|lD8>eZ`qqP4Je9bn94`S4yC(7 zao~&8zPv5A?AF)n@*Mtlb}lyW&!=#Xn6?~<>i%7gmbtCnx<`KqK!8`nqyO>(u?75+nQeup7k2ZL; zsv;RWJT>|8gC9_NC0r4yBUvmvt;qbTNovi?E-wfo=r!ZyJ_NWofV=4ZS>;IUBsBr@ z;!^T;Y(beg70LI0>y8XX4CfTi$o+tql8&tHJshP{i*mSpF5AI#f%Cw~4e(sW+qt+? z1Q|k}Hz+oI%FNbv&pm->Uuu)p?*M;1{+l%A$KOd|lz_Y9%08g5@eAHWpQAap^@5SR zgvyuo5DN^;(*mqZy}pumX5YNloC}Y*iva!^yBcBZ1a5h)$QGY^1#Qj(_SbF+C1J)V z4(|Tsukh*RN1Jwf5a-TZ^IaY{k6ZwR#aACCpOO%WMia}3~{dgO)tam0lF?E5mZdF3oM zrTnX9_ots7y@+&*{N8%MhyA_vp4RJnS8yU=pu{Bu2&b}#Ey%6d`ufKt5KZHr0kZMH z-m-0NfB(5hu&bpv;hlwMV1;aXx=x`@=yhMf-2H)?E{|AK0#>x38w8Z(g*@~IPHF4N z?WI_q2%Y>ru=~?TleY@{nW!tb{ZbBY-gAoh`j}gr=WanbR8HAeggih=g^Pu#`@}F_ zHNc!OBDLDF?mCeZw*mjW0PNiy85xXa- zy{6&YiSYP_n|bLLr{&3tjfw3jU~)`3j9HZXSwE_5jXzY`kAJGNQ<9eU#(U#2}B@>Kc197O~s}cv-rzi5w_L2pLUeMo5iH20iRyfU#%)={*&_kMttfiArf3)(ghbWwhb0XOC2ejN!a zS1geEx-EMUo^5e|Y~#Ua_ODu=+dOCqAdyj9yND??pJ3Gi9m?KH#VFaCps>%nIp%Pw z@>g+W%$gnHrINLR5(?d4#F_NxG>`CffjEvN-MV8E0WIX{iJxYyv3D9^(JBR4OQGXpHM<(GXh82y7)5 zH2S`qHk`(FzVf%Y?5dv=0Y7+x$ff8!g{oS~*D}KD9blAd`2xoF1+MK4&r0G91&W_8#ufA>6HCXVuPhXo_iXNr7RG@sUIF1rjPVED`ipopPHMkFv(GrEn z>K;)Fx`yKANmsv9fm{;LAh8|t>^lH#8E33WTZXVI7yE4>;r(uoXnOTBmS!nbs-0Ba zl8{-J+pCjzqxhoxIYr z;? zS98By=U$YoHgHKKfg{h4tbxn#1YBvwhd}gX>d(=W{Zeql`+ZwYpf#eo^tjKJnb3-$GZvmEH$mSgr~DR;MC)d;-528mbU!hpH60*I z0tczlcAogjb&WhEeREFPGRtAk!KvFN%9A5-?chf8)*C>dML)IF>(0_T4b6Jz`|4i* zF>H#qvIc$e;F05zZhbHQPJbimmp7EG;Rg!km|o{+S2)6*P|@XVI-x$=16-#=xe@LCZED6wgV-w*~X4MbeKw1MDMtyd{oYbZ#N>Pkv`w)*_b4lGG+Hzrr27(vIwcB^=~^$p*D?7#l1Q2YI7 zK$!ftWp?tDA>=bSA!C|O_kwGy8ri(w9;OW)nsK%H6(IT6SX%3g!%LM6;P50JA?uWw zFe>LYi!Xr$aA+f=0jHxD>op9CSs*`Az;%ccDkpXPI1j8)Sl(~-vZ&hkW4UiBg8R8g z#^%*&z}@FS${pOMU_Sd^Y-s(_Th$~CC@N)KL=VkesmP4AI76CrwBy!k7-DP@;aWWx zQD05qzI7O}K2^12+^1krBTWVK+Iikn9Y2_(z>si8^13KT!zNw|B2-I|GM8TN>|rf<^DXX zR^PAHIi^6ADg4C|far0JLuF=QAG5NwRy#-CK3eU+^6$33+SBg7EHDj&E{o)zP7xis z)H(ReBCB%1a1ngL_RkMm(7ZQ!ZLf7>VA5P+3*5^z>Jn3Ftd?|V>80Ruo!~_f^PEb< zG+9(tzf_Z}nQGW0l0xWILRrabBX0z<^|sEJ%A?3D3>F23HR|4)E-m77^w}WnQH&keak^C*siW^Uzpj6!Yy~rIkenvX*JeXi}f^1j(`WWp-{WbhilXIa&VxNT8aSIWJ39M_8&flfwIW>{+{5xeg|#l4T;ff?A6kHByWc(zBr#Xv zMM;2qT1CQJKh_jFySaSo(8{GxvX&B=COWsuBkZAI%|U958Vkg8raAgrpIfMrE|#qe zw&@rM)0wd_fhk6pnqELC&b&UC9UN@9(xp(1D)E2@;ukK#G+Pt_sJMs8K;T+Cl%Hasog$6`;Xju=PhYX9R@ zA!#?||Km)6M=59Wf^t1x5+#)d6p8D!&Wq{*;%ZX?5}hwY zNS1&Q5`bX$$3*9$0{Tzyd_9C}knSGN0>^p_V!QgfEQh-FKqVD_{7EUf;=P4@!{mdV z>236ygO|Wql;t3?l#rKf^Egco)J9DM5gbruu9;y1KlQZ){6~!HqO=P|PT`+<>c;s{ z%TU5O#<)1@+ayMnTzdgO5W-!@sK2?XXGBFSYW?Iys3yri7+BTHL%;mCt0Gu%p^As< z0eSz2xwj6Ba_!f@2T74oLOK)>r9p{-0Yqh}MM!rDNQ`uM2`J4_f`n2d5~Fl?N;8CX zcX#7^qpoMK^{m+I*}r|f$Ns~^fk8x%`?~MzI=|=nIWypw;UBW9av>o6Q>y4}n0VNH zX&*$M*Q7b?(y`XtoR=tC)ntv=i~N!)YKw@OD|x!+glG7X+~f;FWv6A^GZ;C)V58ie zXCfW6m~a}GJq-8TNrF64ckuv&DFu3RDWkQGUxLSCNSu73 zpw~H%JdZt>gDH zRe8)<{sKXEV~>%3rPi{=6N>f>7WBs`TFRe#6?q3}ykxiWWC(-an<7hSzTYAiL01*f z$|OE4;)1B*PEi@J27cg&jy-h)*;L#)!uD@Xu5(^Ud5ZipyObB)=t)x5J4>c;nP01x z*3(Sdp5mK)6GpN~vmNCvhi_NZtr)#56Kme_gFl3F61$vhz85F$TcRcG=jG)mbF;7F zCZ*Zr6bs|Yd5CEj+PE0@aJjX$D|%Tj8>oEc$<cv+Coq8Nc5F`3ZctqXOR&pj^H_Sr!UCcJ`qo3N^o&DTyDK$ z$ON2Qk8IojWTXlOS#C6*thVTovkEFEL&M+FftPQt--JRg9O6mt+H%NdAA! z)W4d`VNy^kway%S6(wZ!`pc(QAYZk2r{cjjU+@e~q;rGZ&W0S>sazvQ)Df1BD?hHS zwY7i>DbNNnIB0zj6@g0hjS@`N)j5*R{+d9ZIo)sxTOC9d{p&d zpaC&KZ`ty=rL+y5afnw_^G?Z!B_|QjI47nGy2^L+dOuK~$X~W~9!X7ylR}pnZyb4P zaKquO{socVdXH7cb6P1!|0J0%*Ff*44F`H|3e3V!)UFw8D?|h04o?-vPiM9^l^1OB3Jn zZvsS6hu?^x89znP1EA;k-qR$tc1*9;E$-Y`h)0kCpaSjEbO`X#3i$rd?XLbNeD<%O zl~qE#mzUjgsv$$8-F9}9lw4&h5{Q5a2(&F!$w+UR1iIg%R-0g}DM@g|z?s)>ykAK3 zd8+UYbDkjeI>z$~uCJ7({vCxu<5f2n4eg}KC0fsyt5S=s=B!1?wses*yk=}O>K49p z@-}6Lc8La(*vx(?pD>$d4}9YKN&NLWronF@?Q0R_=yxsN>Fawg%dPFUVVtj_$@aS| zVZSbvU;75aHP`!k7&#>YW5J=-=ku4G!!NQ+1c3!wuEE`-lu=d>vWtuREi#G|z3_rV zLLwtvZ$!9IQ*K6Q>EF(H1lc@J&Jtys?B97$Ih;Pmt$1LgXJ9(A>!FsJZ1(noeY-1r zhS$wS!=iAfHrTYBnh3hE(h|AEgI3G?rB~dA7p9!c;TpDff+s>7OG(=mqO2AHs3MV{ z{u>Yq=I!>RW6SA`;v_d3ngF=ji8unVaIXWm zCufc+;Pyn77K8h#wY3$pN8hV>yy zr~~F4+(a2$8PVX_D{g`Xc`IW-OyaB{K;uflBgbRo4I>C*_05n{j(adZywaD3%dL?4 zoo9V{EBLRV=70Qp45&Hh6(#7>tXJsaTR%Vtx7{`zakeMJ+;=G zq{)?wjT^L_G&Yz_v90|v;hqJtdVKUXnBQA7b+|e!$T9iN6ngEoZtB>A^hwi_Oq5ay z%+33KF&u|}k3Pg#B&m+(V^v1ZpU6xJ`|P43lv`(mDcA4#ZVZa+6`1+IJmmJ68$&qW zaP$kI6(R-WPs&{*Pt2fIt?ug+<())rKt2{3#}$#wBnhYP$DNm-Aob3!zHn&{PBqsY zuM3ne0IJJ>cZVp~U;|VH@mS#}c?HPEjvAA2Q6v94Z7T>FLt^ik?qK0Ux0bWbV!l^V z>>9oNC|dbmHq&L1^?#J_|MwM)2FP{SSAaEUwpVswRSV~%f2tLMq_|M_y02 z@uy2r^gI?V@eI_A`iaKji?wr8Q*S-pqHbtV-u$T~(n zT*lar-~i-_LV!No3@w6j)yFY9Y!y}`yOB(-jgw%E)7HADW9 ztymW-#Lkle5Qb-1i&B(RI))>u&H2*x6Q>BBuo|VHiJwPqU=(pTTW9xy&FEYbT zwk`SRZZ%4%_kJ&#){TxA$1jqI_JD=>>qh_ICA5G3F?#0KW{A~ZFfVE$Xi}l?nk9_& zLjxz<)w*U0Ic$0&x%-+0rj%r_{c8N4yU7d~CJCNA%oM*G@eB+Wz1IqqJDH+Gm~?wz z6kR)q-raj;61%M~NNyJmCV%k_go6?OW{OaAE#p-*JVOz(x~&_&H`=Ud9(P?&MS6^Q9s)R2dR*qpq)v-o; zJ;koAcFz0ia?9;1%p!KtM}4_#5H}W>X7r2v+|pOFydMlJVA7qwA}Xz2E-fADDx6fs zSuG#t~ zdFe@Ko=h)h!+nbRx|u2dsu`NLZ*cSU&nEI*N>bK#ctQnuTi~OBx|?)gzQCW%*imPk zTXm6|hfVN|qC!I#A12Tgt$WK78T#ig!lyyS?&8x{R~{8l(E9KKTWcAc1-x|u0UrN4 zI;VME0dU>wq6p*m&7aH3v*Xq5(;^0pMUba1*P!&i3Jt$Y)X2vGQhI7)D9X{+H{unb(p^kYi7U{TeHQ?{4nk-mR z;VUfK#GQvsj}3Pf7-e~Zfu*KRG`6F~xWmIwtZhLW!-7iR#J-RpaNtJ*5FIIHwc_rN zdv1s&M>3HcfR?ZI4TP=Dmu5nVd~3nnZg-VM3ey^$K!CM>3$2c~rGGH){_q&%K~y`& za#H@2d37WGsW4Y!9r#hOcQDUm`g?yk2*#wZ$}tCy}fHGgTvvZ@!1<(G+^s zRgi+^!bD5OdYsEi%3RS)x4Y@LU*as{q--^4gYBiC5^_2x;c#(W|TW~$_i^k9S>P?~`0 zXrfwpwa2{@uy$x~N*4m-G$<9sYtMWu~BB3t^LtXD@4^)!b5hUHo zO4Au#IZ=jHEqZ%zhujmIWu`wH$C3m^1FVN|61S?i<)AP)$bv+8MY9b}}gxwYQ6xPzzmlxFJ-fwf8twYMZTHuX$CYpit) ze>?AUC#7uM&x?NLJHUP?{nH<&h5ux$Qv?xxZ%%o>GHO=5d20;4%`czcuD!&d?oeQs zIcNoLMc@pkhktEC!d3%z(NhYvs{6#W@kH5#JvVFvgO)P_?6h~>KW}^k$!+$`B11yK zZg)A%4)n5zIr(?WqTW06?VNP()5v}Ude>E&@U6$+Bqx+ir%KGe0Vg_!Vm zsv-jS#~(ke)=J`=PP^sf+$N&^&LmKGHfrO3Ga>Kb=Ns9XxAaciy;6Y5pGopoRKxf* zP25gR;QUz)J0zr>wX(yiK2vk2IA0lSo6 zL-@Zs0Y7Xl`XY-2{1?)0FAK_zH}9*3qO>fVB|3qbUQiVass=f2zT#VE zW^*wyY;DEmx;pDCSxa5@(+#-u(+wzanZ@^3ejr2iF7Ymh^2xrJXs_ojYO+Fj)@%39 z7u8?(fGmE+x_-8x$9h+i8~%7mCw_-)8I7yoxx_QU8!8|2l*e=i7wuEiFU!=&z3Ro% zoKwdh&$Rl7rB-HUnc%day*b|r(~8keE~SFn#mykGRz&EoSwE}<_{@w>5m#CjA`43n zZE+*}skdb9c#EbdiOnZyqxs(2FW<1}MnCJV`DNZiu7`)qW}-s4lGRKHcGm8dFnmGS zv0I&`hPV0Bb91MvTHg7BwT-;+skjX-uuUfU_hab)!H@sC?NN@~)=_#bUYbiz(NPki zbwRe3oIN99wYH@EFc3B-4H(%dnq3(8rqDw|W-3A%Y7^7~+4Kh?W{zpFd#4=t$?XzZ z4evbenX;+tn%20udlWC+ng8|3{3hx}ucOPGr?+%Uao<^c+x0}%*3qz{!myHQ?#(h; zZ6IF*ZoPinRdC4KbLx0E|haKqPk$&tw)AfwR+U0ygQW!f=hKThw zkP*5>B+E=(`jL;R9X?qnp63V;AL=2YRi4nA*AStfop-}EcfceYQXqj=(Ku|3D?C`R z+vS}2NBM`)kdbz3&4Ab=LPJOX7Vpt&1!twi0|sVBYTRBcf@Rn9^6qJ&s*-iz6Y+NM z6{#1m<^%{p6fKt-HkPWFtT3_FGo)9XS9fdYvwtCy^-LBW7JFvzX63CT{wUMkexIkB z;ArA%mi_LZ&$WMMZ6NSgfJ18hCK&{Bc!2IW5RxtE5Yv_6hMyF|&fC#hbi+039NShN zWT&GN?pxhv1uzG#QhV1%@jml++T8uJXigx3->r!FI1`_B)MiiwZ>W!D1xkYP`ehD zbJgg6tHHxm6m1otU{lIN3kF?*5(ofTgk+zY_e5qL2^>}Ta4qJ#hfQqd9BHK;Ya#Xu zgqkxS@`9WLNq>aN)@)Vkp|%InlWeDX)!8PyLj~gJ-*u(X%&hOa()zEu5}|^`Q)Sld z9(OY*LxfDmigjLY`j_{b6VqJ^Xx=xm(Dk+gN)0qI*O8)A~NsJ5{PW#A!`|idGkdbNE1N^D1(Hp;&r1|ZwNLE~R zYKGBUTo8s>U$!A%37JZj4m}MkLX7r1UnCJf*%r_{5@&?5E18*~IL0ET=$XGnm328A zMzsO%r#nH*0k<;Rp4v$OdKF@R&ZfUE&qOhJE-tqFOa{5QpgmyUK7MCA*MZfHeUWbv6j06B|F9Ra2lPzfBsVIgjX27y}c%7lBhJi@cyVGV$}q6gjN>v_k21 z5bl?kqF91{UsI}3TWkkl5!1OvjG--uj>Du34AmwYM65Wn&o17qMiOry zDnvfWrRR{HA0(BtDKTXo;uRj}whXwL?(ZxfFt2fgZ=f205ABsQzhdhNgkH;00NwW+=osKl(O_lF zj4rQhw)`Twm&E2<^St2L$rtxx`(hWKj-E^)s0J1%?N-cL5$YUU%XpMTYHmI`1i#YZG z(jGg02YXR(1wgR%6<~-|$W8r9!vk_Doi< zIj4p&e4yrt)=K_9dV?oTf2Fu%5719J?8g}52ngUtDcwHshXUB7Rn!+0Tm9-`B->bd zSd>ztvwe3O&X&l++iQM8kApI;jL&xS7Bibe7C2qU`81MD^_m`hVsaC)OUQ53lA-OAT zO@bD+I^?s&$`QmGYZpBUjJ`(Y67PvWN&rj@Pk^n;-`C6h<0bcZ%kh8lJ)kn^PRwn8 zN+})RRQk4O&LDz?@0CF+KP!XuB}-$#mS|K;^q;`gTY|fhLF>l-?)SEK?iuz)ojz6< zt*}|xaJK~GOa%USz{}e8jxkRErz`T=i*DWXma=%^M?Df-Jlu5+K%u^es?x` zKeEhw+?(*jOlb=75kh&JsrmfTi$~nW6Sq~F=x;=%C%ZrrlWkBz4cW1LNf^_9p*58k zoN><>V*8s!&B9|&#oSqkj#H+z2Y6Y>RoC+zsNyY6tbS)KTS~1QmTDWXDEJy;h>=EW zSg0Xj9Kb8M}K0~ zHsWdcHLAj!>Z3E${3k(#zhziKCfU7Lv$vhQTuGYcuqLbt!L`&wRH`qm^7f8Hipi8l zrPa)wjqXaWhJ=j~eyO<0q^w=)-?=!nxw?DWEj*PWwQFG9J|Wa}RxT=^U~JA>dNI*k z`IIbfrnNIRU1R}aMmAY*c-RWIe7GbW&_iHzCN>RQXVP6@FBy?CoYxz@4x~iz;8#a% zZTu$bi9`C88+d7573iY?w8_+|Bgl6!a6oxi67Zpp* z2xb(yNFm#QTHdi=qkD}scA2nIqUGuf|zvM_jg9}jpJ(AFv zbg0SCgxq%yMeGj_#qSex zb~61)`|P4JRGx8hl2;I4GgPdO2B(#p7T?jsSVc82?-XD^e9y-X;wsbek?tTb19Hbe zK#nJgbS(HBy=iwAASBZ~E!Wk`)K7{(-X;DF$Z=It5Hxkq?=+wmyh9jCvC?c?d5QJ5 zR1ALIiU7n2Z)%oa`TNCUl^{GMuTp+i0bDJH_gGZa7*7FvtI5t#Ih6DtTrPl)U-Xwc zzJ2OxgXeVud)xAj!kl;7V~;OFZ&Je*OqfcwuS+i83Z&mdHGnx>s?`s@QdiHlXLCbB znAVo_Tn==Eb=wz_MjcgT^~B>}lVsG&gC+V}q&Ac{;_j-unALfLHoKewClbY(n!)r@ zXo|1J0e=Tm|3;c>viuurPV%ci)0lCCMO89drNrhX@Uimqo)+9nkmH9b6LbOUnSzfO z1(ceA2X*2bXiG%%INn3fVUmx1+>7PN)5CZd)ta!f;8qcsykTaNbg>5{EiJj*ApH-X zYKInYbc->@TnZBbzdh9c`WlG5bR0MVwSzl#f+jB_!Ky$L7(?>Q{s&632>UxxswNgz zGr|nIDgb#<_8@g~hqM3}J{5Dif<+F(>ADKi$J^CN=zfV@vq-DXZ_db&4rOz4{Mhjx z4LrdeO-~>;WqUsYmY6F~xLO|I<60tU(ExpXWt+&o>|r-SRSWZ&NeC@0_t`DAUmn#Y zOfF6?BI9cTA#Orl&1&N}LR^77?omFJAC3&zzkS2Y5v|CbFupz!Qvkz)4SRh4HE-8% z@IO!h|5NiD{7-7;O@Mh9UPZgQzfx`7+w#cnKuNm*FrorV+@j%4AZcn?_}7;0zdY8S z@I`s#>ITbljOTIS#*W}zmhoDHP7djv@}dBXdu(*%q;ucmn$0$&tF8MG8Lo0<1c3q( zcT|||RV6DZC@qL$9$}Y&7X`4&2WcM+@j6*?)NF}( z*(_FSukz!u)EuVN*Bo=kCXMhW0G?Sv@J#s)*aW?HUVY%&;AY{K+^E3$aKkUNI4*fs zjk?SOXJWSmV@3;wN^;9-KHsBgCVNlMO#v1VhTRNGD9w_!1(+ki!2YZ~%?FS_SVUY7 zJ%n$zxw>xvSH@qn^f9Y`*os#HTk*v2ZN*=iU)k#sYgLM{muSgK<}nOdJOj5r?f59N zef)6Ab;@E@n~AhnhFDN0&iTO2OBV)&UkH+%y7u5BGSF&|%A}#lUgxNKr}76dC%i~= zO0Bt!{VV|EV{!ayTFz!HB=L$hEa|eDDG*3-kIHAt7kFYsej0;=>;iuEVI9d69Oc}P zr{CH@7J}Y1B{trgvxekL(rlxsUh^XIGqjH6x(m+fmM#tq*H;Y+^UBiB+F-lkE6Am= zJ3+mJg|aeFO26Y;z^54jDy10f26fF)Yv-Jm`DiBWcBbc!_37r~azIZ!aEkf625KN3 zxm9$Kmt}Wnl;$oM(d1Y}Bt2t@ujH65x6dRfGI0Qf5X}GXT-8h>2b`Es&S2`9OrzQ>UCWMK3nl1R!D%Z+UJA0~iS6 zBTpw!$yHuXN~UNY^&`Gc`?q8Yv=;Bi+7AoLcC1AV!=%Wk!u-NY6SU&zl4m4h&D1Me z*EEt|w=pJ5F;_{58v?FYQIF+bpjCCLVfvoIQ0aFRgc~peVI_X|*X!y(z+L@?NBV#L zdjl$SOjnv4ento+ zRzUsJ`i9}2prDJA&0Rpq_>;QaKg%nB$EIsF^acDLo9^fn=@+&iEUwKWomlp6tz)In z-?UU&3elT1=IRybZeS}HciY)Zkwt#^j?i>cJI#A42J8qN^wN<^>K)C$ESFS<{glDl zGgcxva?_+2&9kU>FE6^IgkqIk}vnj0MIav+W8yBp4o_xr(vANuj*IDcUz9N z23(~!mpRX_QfH8k=^mLt2X{Gr_X&CCKefn|-v(pZN?jbJk{d&|u>JCA0Yt#i;` zD>e4DKkfbEui@NHzuT9e8<@ndn_WKO@ePC$U0xb$-~So_kWmOCem@sn zwMXLMq-sr)j(a^@Uc|g9-myFFtsi+l9j-{gLx3{}lMY#_5c7iXd*HFo-0M;Ma5!u^ znW|Y6*`cW=|Ho4=zGKZ+(6R{C_0Cz=1z5lpany@yGje0kQ)_Hh3?mb47`2KFl1w5~ zOU7Vo)e)65r$RK=wyWLY7$Nl{A}#sK9>kaD&w#0e%f0UkwE+RBP3`#NTK~LF<4iJg zxZxYsnxC$jo?)8IEW=qVNJW@Haark@NtIvvBgvNLfpA?Q{rbCw;=z#vHp9 z10jvT|60dD`v&9_;YuT|a>3iqv1+msJCVI1Fu(>SJCaYPd3zX_o_qlZf}^OZIm^?#M7;Jb5T{pBRX;%R1iF#n-wf_Ti|0 z@szJM4dU3k3N-eRp($^H4H9>_ThSx`tAp7@*jxq!HfX8m*X#HD8=nf-$3S{D6N7l zyoxMD^yAnjmlZ7O;bC@(h62LQ7*o$m7Si-)4w;Tbhnv4MAj~XlI6JWYkL@~hAdUcS{;f)?Ry$g zjdzx-O0;-al0N_otM&J*>ugpndi?Xi#pBd=$@5CykcnZqB4Z@C1&l{X}b^f zO5n4+ZmSS?aPzA3l$>icye0mDah^FJuz{n-i!#-$D z{-b=&^CvbRfX+=jf4Vqk#wnvjRdKWRX$k3TdJAr66`r2YWv(gR*nF0p@}>B=YJN9= zXGQjB$0fk=J{o7t(|C)H&bZs7{NwxsY%x`V9h)Ngzhr|yQCNPyhlX0B<*GpSvFgbE zL=)6f-$DnaaWPp7wERNc0?vhQB`3{191^)!q421p4WV1A5rrN4rj^AO#JJt8#W?#C z(ZCiVOWh;6-A;uq@#rxtdW0AazC#14Lz~8Ty?*cORF-dH(l7Vt03MmzO3qo!_^7;z z^_ET@8*wJT1PiG_WMqWPlK5kt1m`YxrC3G%$+{;h0&-|%j znf=^P=d7L_2Jd-r4i6ucwE&81t1H^?G(u9|+`>aA0E58OEp+~M=26F(i8pvz_Re_3 zTPdB0!LZ+$%UdQ`xU%aQ>}av9ZK68ux19}t*;)~|nT5p@IUUcU*tvGf1JK!Or_j48 z0A8jTsf5mU()j*M*XQxL%bHJMpDl97=6%R-P5KVEn+!qbc6CxzFGn@q#{kz&BzO@S zxp;2tuvZUVJx*!ZS>=pPe%^neOSbg_Mw^~BLt_*Z)gC1KX*5Q_=ml}gTPM7$x1cIw zi*TS-BnzfR^zW@A5m(z<0L~MuU}+pv8)iFg`@UOEN-K)cH;jg7Kh4qJ#FMc~^0JO@l~ulT zb6XLq$~DqGb*(oK6+zup&2pZG{ctC1*6`G#3|+wQSYes+5xhE`HKcnoaA{oQ%^EPj zz$^2U_mGEH_^I_pIzbN3AcnYddyuT-ayxGx8|_@(-Xhrg%{`svI6^CHlDzrvU1C$= zNNYm#)wu8I?D(|7sldkriM{|j+dW?WbF2OOVZM6uFdL|DNqK38Zex9M;y*OAmwH`#i5RS`$wa4+^18Ls9@)u}%Xu zUTLKa4vp;l#WCg%Y2C8p0P$TlHu(LD>s%*oj4^MUB6@zvZ6lxna@wwNmO0TziTsOI zEX$e$3p7!CVJ%Me`H(o!|AW0!K3*C36dGH6k0N4xJc|0s6|n~WMJg>uYwj*qb1F_e z=VzT94nl9euA86w$jE5CE>Rh8AVbHdk`uewqLMt$MsM`I*I#t>zNEtRS-$rIm6mg( zjl_=slmp~@cXr1%;uwQSKVR??usyqA=-r=J zcQ-bgGzV($ZfS94aa`55QsAluL9HdxK_&?^rnyk9-B2|?9xX`$TiO0#V#|W;zttDs=gGqh2MgkorhXqM0jRrZ{d4SV~NAqmaX(_fMmFI_|ImU?|o!|BpgD-!)nUx z@6L{6$Fh3z^`#HF!hzJS7Ut91D>lBi61U`V7AmD?*ku~kU?N!}=kYh1Ka&2m-ors{ z0(mLM(t+E0_t$FFPB^QmS#M~OW?;6{Ex>ldfiAMS&gSi#aqqNpXo-u)Jxd9*$KG)? z-fRowYkerzl1G5k&D*9k28#um8#Ke{GMhAm<$?YqFuTBCU^gO*6PXU@?n(bp-1< z#bONYS7s{igekyVA`stq=oGFD%sU4WcNnncDi%j%%-Dg$Fz?)+Am@!ExkKn{%V{|K zV;T48szRaJT8q+W0!oQa43{0Fi!i+g&)fZ#LXN0qyR|>Sq8z5ShF-Hr=FEpb8f?Xq zL@>RWd-3^MZkrsJwKX;_+UbC0jNnM0qeseR-wiSgj?}`>aOk9404BuJI>IVLZqz!Y zX}PB50D6ypz=8=t@5$h0TN8e1@Cyl<+SVB8yemx@E8VgFa#oSW+DZN+?%mu@;s(mF zTy&k=O)vz4(9Q8enYEwr&HkLBx3y%~JwRT&G~}zm9)-Ak6k;H#z~`^$9?|eJb1t4P z9A(c_>^HDnWI)FW5ugy3p8*Mdw97U1B)=S(%hDdIG_bCy*-R^tpdU&l6WFyAfa$m( zwt}JiT^Sy{^Lw3ui>Yk99B?t|V}opTAcY^?bUjh84CwC(R(@si9jx#5>gmb zap;M3y3|?z^IZ6qU;7y}FZ&ttL`+8k=oN-N1HH8~uUwE#RB*YY(HHIn8+f^ijaAl> zTjPuXM9k_u{$ox1IpPHs%w- zVVbmv_Z^>Cij}l(GBR*|5dks72&kw6tev}gW3(S+VPAB#DAnb-Dn+CRYaI78E5?PZG>Rfw3hZh9h+Nq^(AA%dZ0yIX1Et%j}+_8 zxN&ypKi7?$swiVmuN*SbA(Rgdis!tZ6XqCO54Bd`USEgfWFa9cW(X~hsJcN}1nWHw ztBeNi4qR`j%U7QJJIU{EltgMD6lCkc)G{}fOJTvj@13rLK=vR!kVsOS@QOeGt55(k zp}GrLvuck$*4|7rYh*o3`UV2{BY-U9zPI)l0Ft-=Qvk`oW{H0rbNIUm#Q*d?B_R2{ z@cZO*nziM~=NLC=pH)$IuUV#6QB$4bs2B(&2zdBC+#-aATvFZn_#8Vw9#zi>30*T- zkhxO4zzXN;sKiSu9fdpT>(68iRnu!MtELPmV;2XFV2;R6#)Tx>`5Uy=Drl5JwtI#$ z@U9@}%!1=s)(=wJ5!n#4g}llnHVl`^T@U}2lat$>fxdfsS2aa4W~nONvSOT?OalXq z4GzWVTU~TF8_eSW=$CSp~aWC_l&q zduYU|qBdUNAJwr-jF4-leosD2eQyqLVA!40U`CW@wssd1P8oj(W%-8fv+ofm`B_e7 zSZ)giV=-&0%JKBtmdMIVHR^bOPtPGt(x56v&mzIC>qKUaGj4d_e8Nc}=+dIcQ>nxt z!NRR3LCzw9apNnBwdw20lTF~Z`TvlQ{`qJ5-N7@VG7qKR7n)`iq=-0V)LRAplBFx5 z8<=<_5pNE6jE|Bqc%dt(*HklW)x`SP*U@CQ-LnOI!+#HCEvwQ4pPqT#eL(7=wt4*4Yehf`hZlbq_F>F`J7~J#q_Z1rbu_+*Sk+ro* z#b^_`gp;AVUg2+`^@;3Fnf|TSFQhCrS0-!6EIoy~ zS!@Sm=^Nuf0eY709|T91u%emM;0mPPt;d23uyZ0AEj^~an=f#b%SepIo{3+ zy|zHfZ9}|9DW$AC3Wygad_9dKuG@9n^;ooG^dIUH1S+8>6}OB#Mq(WjR z$J--JQjN?bJ|l(Xqmn4Ri~Ts;M$=BxPWFe?etnn+BXpCS-Oq=rA5y8-z{=+ zpEsC2{?q{S52TCV`pnU4fSozXq!~+bpG8$)FdlZ>%kZwC)`{yWf4(+Ly1?u(%Z&~ zaLDqEXc1y-6(^a|KV|Po;q7R=hY{O`3!dV94996BU9J-lW7BKs^+3iMuOgx#()lXp zV0{shTz9&IL+H8i=7ZqaYMNfigL*Ftos7;dROp@FU;##sYo8d*s0u>7t#R0R2z0Av zWhE3#_*8>$#%JKyy;vK1w$7AK9wztLRzPWpBKt%w^jT$?5FMpPUao%7qhGFjWZw7j zreckd4%xZdB_&W7c3LM2D~Ua_>U#Qk_lN5#w64Ou zD;NsUL~}oV8h9_OCpGf0unh8kw2*uf<2|}h7>JpinKw(+pA8~*qjF2Od3TrML3@^p zNjM%@*IEe=%v_@AOqyHyyJUuXlLcL;9rp+hn)RbF7xtd5hpi9Hs~^CHqq!v zb2^?_{*wRs#fHfW0f-!Xlu@5hQDlxiWHj|ukE4BPE}X!t@Zl|-N{_?8d~Kbpd^{ujSjR{!>n5vuj4G=n znxr8v7hk69j>~G7puU<+=23l%CThB`(hehz>rsUTGPOI2nD!dDTa<&~A^0m#jthn0 zrXObx+ibu6?0Ht23|&0U+*QE+5(O_Ev2`VQ=@)@}m?V0j=l2ni97o6X@+N%id8Lu3 zPTQ{hTQytun)XLka=Jlxk!**L{+q-8e=87_hu&}Ik4)2CeSKb%Sv@m&XjSG%T5A;H z`$Yo4k6!JxQ)puBOIJvfV*RB2gn~^Tgf=#0UVW{k*Ftf(*$F`IN_5AWSiEMA_8v2d z(GBiqNF>TE-};<48pBRBzIQw+A0@zzYG6#$Q$3KGIo8rk7%d%!Fq_R_#_ra|$#7`A zS&m~Pnz<1}O(bc&2xipRH%jbJlLhLuUdl-2%3_ser-6!Zu07$tzQ{C59a*vwIf*F= zCUr=m(#DzlwABbpTgIKF_i>b^r+R2&Ej7Lq7Fd1NvIs)U`gt4U5vqCcbaej4it6W& z0KQy~DulFw7PQ_I75Nq6zu?(5c0O`wHCNNA)kX^o0N1%`m3u@Tt}pZrb#=e(d{f>X z%p0mXx>iE=TIEjb{!-~UKf!bcIVl74Z95lHbpJ0J0UNpqvzX}V-|zf z8m17MB7O3)G!v5?n?1XqU1A`Rs%WJoiNZ?}w7oO2=I?Xt{kqO64ImQ9};v^12CN2Utm|X`M0#rb@T=T@c=Omk^BIC!^+faN^)cjr%+VaNsA%p5u_$%h!9&di&kFKQtM6fPYKHXTTSim zK;;eFXP3cD>GH1V&K=&e@dqv=kIEg!ckR(3M*hp%9@>3HLV&y7vT!sWaJO4N?l+>o z(G%iRHygATcAHmt46qU%#T}nr?78gJbww@Kx5u3#r@c4}c2MQUf~*y?Y7Nz_Z^V%r zdEph?8m{AT~-kTG&%G!W?Gmn#q;Eup*m#fj>j(Gz1%M8=KVD6ueB!hu1lXwlM5Ea&pH_`^N$566CwF;| z*%i<9-iHr-oN;KZkT_O4n+QEIt&$nZLw+zvxg;db9kNlxKM9k3H0~G{BxubgKne|F zg)7=RMO6sB$EmZe)4=@m(p+AAk|?ur{PcnNiN`bJ{Eauw3}>|zcP*(Lw3Nl;u{O}i zPt)ucDb{zQI!#~`xK*D}(*qBNq1oxbyzN`Sp!Y|IueK@R=*tVV2td^C{f;(lRY@|h z<%=~Bp*EUj2wFSofSJ8gyVwC3%xC+%kj*T4g5yt??Z(zIp5f}fc)^qs>SMu5QBAig60+a1G5xw#1R5WizjOxYB0{diW@WNS}^@q8!!n*gML4>d$5!)@UD`LB+ue=;2Z*Vh2GvOhd&Jb(10 zy+%U_A( z&c+bpOQCn9U~ii}-}VK61O3ZD?S5&XX3LR&2=Q-QjB0CJq!Gvw93DbQ{31AXocs;M zgxcK&58ljU*49ED-<;$Jz}IuXb5M&mF_@q;P7!z;C1YR7>J_*7A}6;#p8WDh(L1S$ zd{r3=X;ASwe!A>+2?G)U1FuOuVksiIGqX`b{WB>lF(XXZ__-1wPy`Gfr`_UpGqR}j z)}~<4t4S)|1A1W&14Lh)-E&KWa-{x{#Hx!fC9xWA>U&*4`243NmVE2qC9&zi#nw6s z0R~=xS*_YvK6D%l2y8=Jo+c^#(r+xRk@E9y?#X$gK|3o(Pj%`?ot>H#9^Xu6=!HDo z;1|DTmEYBv=nq+2ju2QaMDMqA-SEp=x-Wh+*YsfhF5An9FJD)EuToIkYzV^y-DGwGx z;yFXf^VsQ5VU16zbNsA}OJbxNIAt3W{kk0INLup})Xik=+ICth&V_0o2UYVum|t5) zfDd$pbk^eD9&0!CxYKaIj=5LQ#M4c2d!6|@ zFZ!u29+mj$YG0{6Hiwd2f7pda9|5(7VK*iNN~E}B!AjKTuXLhmiTSoR0Ln=ksk(hV zEtAG;wA(ArDz^GL?E9Q}BIQdpUCOTe-ha)BAwTEDVOUsFi|RsfC?5Qw zU&~PS<+4VV(r|7{$MX9igzkzUZ@DY)N)2M11HSKH5FO?QZwzcXvT$G{~vR29Tnx;zJCvbB1i~|)DQ{?(#_DK0s;ck zIiQ3{*N{?zpwc0rNJ#e}-6bK7RHEWn9toy#^ zzRv4BkK_0lCfxN@UUXojEqP-o5AkO_uDr-k0>k9_JTjuKGt9jg)@uEoTx0*6R~_5O zx25PtvgPZAE*8RViEZ{bY4C<;oo9(Ur|<27$UqfS>gNSye^e`{QbKK^RNE-W2}6Dy z+qZ03{Emn*j|PYs;zRDzM`G5|s|W9CLwe|{Usx%t$wHMEkbue|3|g8z>7RAaW9RLL z>=^;$d7Rz!s@eX_I%l63O(=z|qP&a(H7mmPCK3a47rXHdl>c^ZmdP*xH}J5Wzvx9ab&E5}MqpcL+<)ANTD7Z-TmFjoZ{9GaL5=O!Vp`Zmtj(l3dj5$(dHR`i zIbS~&6;M{U>>Y?yd+l%?wm%Sg8xC?MIEPM0b&XIevp_3bnqgdArZS{u!rMJ0SN$_G zHyuTrFu6ka#6dzKO3|q$s%(DwK>4IL7_#g|GU0?_)i>9x zpl!FoV@)`lvFZ%drof?fVrU$D{~Npw4-D!4fZJu~;5&vr{PM29uU|_;B|=N8*3kfm z-QlM5I{(sHC?X4yRXU^1tXDo)rZkb>gaVwa*zduY3b_5;{TOaxISI^V2Q%FAh({b( zo`)yl;E!sbyRy*z<;f7o2mW+f_dX@RW* z2&M+NJ~_Lk8(0dFx}j1S{5timZkH-@0C>Rgg=OnTkbP{eZSX^K*W$0z)rcKZi($_b zU~(mK!|X6y=^zH?q9Sz1<$X55^D6&055oBZQEVL(Rs8hfW+I;;$_J5QvFsNyZUm}t z)y&^-wAEBf{*H4~$?S=zGzn}y>~e6Ez~GPqJhz{%&}S@J)gHN`BVB(>Ejd+?$kgCd z`j&_mYWvYZf0jZF)AB;{`}#rmmwvV5Z%JtlZ?PuZ$IrU(O4PWiXuIc!HQuJ-Y5MhK z5}_G@dvf4DT|N5^a(>Z9m%w*u&kBqW;#!}cvNdyM^}AT|4K&70IEv;X8m2A>)4lOz zZ<`9XN{sK+jzIGIGLiKysye&}7213m1&Ip_Gq;m5lf&wX&e|+!cK>c$_t*iFILaII@`@R1cf znn1vV9lL}k1VtYfiZxrNoTdiswWVi*%`%sQO;{-h%xG2A7_W0uCuqfG`M87EcV$Nx zQf=O5_t%k>(Uey|u5aJjYDAHf&u}ah<(*;PB($P2KE;Zy^%8jD zcKVrZw@NV|Q>D7TxF4$>xfO$wyQn=LcqLruoTSxN6xH83p_b0vqG#r2U{cjdWm1m@ zy@>Mf?&kZaY+n`%t4ZV?QjzbIH18%ZJc{`;m^;S$@YWVpz%lw)BcVA6iUru4RkIeW zjDgZf_c`h=zT68Z<4kwBR^Ra_aIxCK75jr_Ru+KY$XCQ0lxkuMT7OMGeEBhlIJo7y z7)V}!w3=nKX`5};H<@x_vtEG7`4&|NKp~pGOPgErh~utNHgE2@D_FDZhDWsX*)$8q ziKc0-u8pLa`?oP+O~Z9O^?#Aq8Gg^A<-xVLk7e^x%9RyuRLxs_C>eKi_2wmO%+^4B zv;)ZT=Nx(m2tp^o^`zN-I_J2WXgW|%TaH+Hc%bST4 zuSJWvLuXXtF*|}VTyjVubFpEoE$)B2Mmr zs}KM##UEGUA73-&=dP;_uuN8Nm~U$ezn_S>d4QxN)m{;6nkZdV-q8jNMlRpQ&wNaL z@esPRq5N^-nPld7v3P!HK~e1H1a*O@#+=JaAT9G}bb5&G7qX=%>#LCyNm4=zcDwJV zn!1;xuPGI(JLMcx&takqc_wWsnpE)ycJrH6km^MVzwo#aX<D}sOamo| zRwK|VmhcJLn;A>kUIP+LBW_h1qO58M$}!`^%EWo(aaWgPP=iBR{hfY>NgxSrk|7rZ zlF*SYv^wZi5ho|48ENm!6q~Hkcb4QkAmJ@QFrAVGRz+4jxH7+Alwawx>P47(T<)4h zxbYM|d3*Vaa-q0Ju*Eq0=MhNpZTAuSs0oJb`AK?-MM2>nFbdXnYJc@fsa~U1qR3RD zl4>D;(T;4*bBBd@cyy4YP?&j@$?3_c-pctrbv%i4o8Qv|`+t@8T!;UIjTO&(i0^kC zqNmp-BzCjuw4=4C+kTqj#kq&Un3z=%jL^Q~yky;d0hu$W(asKkWu*&O(REwN10V|T zj+9qPMFdj%R%R{m4YDj0^sWq!jx(5NiD6K_AgHC18xQQ0D5WDN24svb!O#3PXuB-_iFq!2>e4h1D8!eOUdtm>z1eLKhCEaNFHo$X}X zZubmCuI%)kDZRB*t^P6!L;Jc=#ig-4*>kM+D5^a)_l7aaNeX*g(n=UV&5V$hoRt;? z8;}q}Os=6TtlRaNsMg+sm`qs(CExe^e3Y6ytr%}KH5Av!dAb4LCKY87|Tr{ znXW;B^b0>~vbor?3+v#c$ly{x{Oq-JiHWY)Oxi?KCLK{;h~ZIjva^_UeohFz(N;-_ z2gO6&R!y{64Oe@+pl{a8!EvS)rkYZqjCU4Y5M?c3fxYFd|jk4d-#q>Gf(n+Z~M|1Y-A%T&WG_T$p_X= z&5+r$xP6IZj`3t4%d5jhiD`MS2|MUoc697Fg7H?>J?cbR#cg#MHdgafXF z@@wu7SNIFsS>RoqkP}dg-_cYzx0ctP(K;TJZ`*XM)Fn+huPNF|mwHlGb}FeF_0qeF zvLIMPVz8=|+&okja`7#M^sfFiwD?lV-1VSyB~%2C?^QN%8VZ?G9K9^=UzrIIn7Xvc zDIq5(*v~=~;9|D;dEoQNOT)vxgBTL+qHwHd8dc6gPQs_~@2STno%jCTO^WKC{RQ6I zG~cVip7OfCrsLq)GnWKmxqcpvse{*bj~=CvtYccdhz=z49SyvJKqlso2*)+e)<3>A z$vmA+m#@hKv{kZ!ks9ma?b*52-A~|PmWWke1dSgmd3}X89z84;LIa~GYFAkyR|Nsp z;-l}ZKtQ$hD&(@*;zc2XomI3IxaNqXWkXHGKuN3y8FG}#1s`pdIHzPe~!K`8*{_?HC1 zi%?A?5ZR!yrjQrfCWVZXEvq{!pf2y6s#LcxR})V=brPu&q!1V%cUp#y>UwVRa7beQyX|8lZdB6 zTINK_3;xS}E5WP7MD_#xpGBkDIi;R zhsU502u;u%D8ywP)tdKLE4%HQJEm1u1_RAELbX^t$4*iqqraMPbHAH#Jw-WwLq{fi zisJ7#(XxNWd!ECA?dx$8wNNw;5s=-I zETOT20UMQe#`_44FAOGPWC$5IOO2kR%j&s#mc=er*8 zA2T;gf3`EZ`|xyJxZNxaX@ex>jfW2mLGTQ9u%;&5Wxl4wq|sK>Zq98=YZLh5 zvLqxBkNy53_L!+I?tX3`;`zzTZ0T{9f)33=MU6ZnkCteCbO_=ho~@<;cjl7#ncnY& zN>|co(IA)TW6RfYpe^N(t0_w_sR3WJkS;`7!O>)Ja_3uoh)7?j=6ipA5YU2%dt$<&^-SkPN1eF|R? zlqKl2lVz^q0#uC-u91u2d65&}u(CL*b|f$pw8aDD@W`qhd8Oo{4a$&-Tj4GoMtG?R z?EFQ(CMUuBh5;A)#X7a;Lh&SUZ8TGooiauW`x9+h>Q{~xc|o{8Wd4HGxD}AY$7tVM zWQ8XVn4dT=f`^l|e~frm?8@TUfin{uK;1E+pLxq5|MYK>TbH=g_z_}6r=LY%Mwq%( zzl{01!c4UwjHZ}miu7idj-z6a0%&n~CD$n>N1n8nex5ZuR*KA(SjLb1J2i2uK}C zbr1QhOO9=``%q2^>>RJ1s>9nrE-;{{1t5RS<|@nopr@gq&E|T^PQxc$zwE1Ct*m6^ zGby&-Op3?2_X0ODHkE(+a@~cGLXwjdKZ)cM0n)bP>W_SS4I;PEtB4P0K{d^0)x@(# zJDP6;tmWlrv|L6vkBLKg{vpuyd+f;nXuDHQd5&Bp!(AK(78ruzOP|B?9vJz6c;4+! z5}rtLWqJlFX;y&Li8g8YWU{a=_%^amgi$J1!mn1`IC+cMZTLUyKD@{i0%rr(a@WMc6VIm~0NiTe8B-Eo zoa2>(T_Nk8Y!X%QiayjkO>pM@bK~_-Yv-TV)c*_br)RUIR+QXl zp$4E!LH*a4IBJ?}pxYP9zCrL^1pDkra7UAxlfE)W8e2%V7odmb(?Ik?8yxvbv(qc! z6KmL7Ng|hWeODKH_9Bb1Yj(7~f=T8q?vpD+31Y<^dTI(PQ?74Hb~?-#A1phmNppIOh*Fy9=060pA8Bb!GS8IYscL8O1`n}_q~j0L0DRkV7e=3Jj5a@ExXn(`Bt z^{|>5648KTrFl;D7V?TlUru3Wk3;$}Pebj)@>hS%g8Ilxr@~=nj_N-EpDwRb!&?ga z%n+s1MY@L0tW{Yq-OWOs%pD+-Qe&h;=1Mc|9(M~v4xjB;=|S+g`=cTLKfFdySYPwo zk;NW0Ro7(7Bz@RuZc!UbjYT_Q!x0@F_)^HL!ED%=4AWOHcB^iWDaFLUP5|DTkc9kt z@YpO6YZ$Uq^9e@{OWf}6)dSZU@pj72)Wn4YCnyg)hwW~GF707q{*IPtXFjV*l=*77 zeg9xUK~Yc6pN;D%V;wfaPs|k>Pwg@xkbopJ`3u_D48zu-&%cC3Gc-XwL-+3XzrU&ITv?hqF0cEp@Nl)dhdd z0k4g+g18OE#Ls3?MXfrPwvAd#@>cFF0vd7Vj{0#3CT-YYnLLgon*z$bec@?VL1FW= zR-aERihM*A>s+0eHbX)*2~EqWd_oB(7)1IqZg5IvXea8=>O8Ox^RTfFg`rdNN+C-g z>oTSTt|M46Wv4nu=N}-nV;C>RnijPl%Ns6aZZaCXUEb8w>O9L&_)4i@sNKm+a^Vuy zD9H|uKd@PyU-LU{eS{dh1PWS1O_%spmFn))L8*UA3TaTnToWjuVvaqD%UJq% z#$v!1P3X-|1bor_Mc!N=0=T4i>5G+`I)e*P1D{1F{+g>MRX9#8)den0f~Eo*PcRza zM$wd`X^3pVsHgFjJlJJhFLjj8ix>`N9N6usZRK(_9`VNeYG>~pv2|^`$#oWXh=41^ z^`|RzYyIz{Ntr}P&eOdIVainzEL<{vraTQ_9%h~hez@@-; zZBA=h7a2na(FFq?Tq?ynVRU6ECOcciFOtO3YA44ZaD}gra0iK6FwH zs@kn*d?N?R^AE`V?AW`f!+@bgH{(PlE*<)}p%{0|s(FR3A=1e{mM7PDnkvMOfw(o6 zV9UndpZ$E9KGX=u#3y%r=)J3Op)lnluCBB~X=?Gr)PZu$LZ9>Y9K>Mq^<$?`p=>A7P)Rg+xBjfOdtdQ`smMEX%IzL@Cz&&N<3x%jziBCmHyR)Ztlp& z=2^wHo6A!M`e8jnQ(hs#j16htyUiXE{f0tQo$SYr%$X97|agxYk%K7Z&!WdqqQ24gU4~ zTj+V1#oJx84UIuyCdfhTZ@05zbR*t2c3E1?*?N{-9}5_m``F>sJX`wu7YN`v-vTEF zqzbAWtdBe*A$;!e2M@revp_Uot>$nxHT%o6^yla5UtepUl5bo~oM>Av0A`IVlzM$ty64eFP@4BL1r#?}12-m?%s<3Kw71{(2TG$y-CZ zMr;uny~7B4(K!!JCtM}j%5LP~kU~+!p!G2)D<`Lf*t~=o7^lV9mk|dhYdL(}kgeVw zjhceU-Ic+j^<1nsh{^iei~)Td3Ei>nu6MsO5^0ye0~gV?u34C5_uY1PqHI5E?W#PX z%Za<|n@~33a{VOPm}T$9YIVVi{;Z5WJd)kuijPi!2c+d>DjJU|6zN=GBt6_JnLmF* zijpLdt3060w9D7YM1ZSfVDZQ5fG6iXXJuY_)LWrsdo3)5_~FFcg5`@C=fyF@dN9Ll zX{|N8;|1C`S&Ek{b??Rz_$I%U85HEpTRge8Hf_WE>#3R7zNz&3vV>1zTHK|W}nhi%8CBaqKA`9?@a zsYR$6g)~30=Vz8zl(#(_iujF1y607Q&ZUO&C*;C1`E{b78MmG2WQa0Vb0c(aYh#ab028YJxrq#eCIM%?F`%b?Clle!OZLy6Wh`TXa(i- z{JVb8pMJJvR-wC_iS|c^uht18ZatwwhpoR6W)378M~zP0RJve+uW4^Ae@B97eS0Y> zrD$MBCkSCr7U!jEs=;=A%cZP6^y3JQiCfQQ<{FD2Qkv%-Kcah!lNZ&ZR0f9^P@F>@ z)qeu@jIErIH(Wl@VfI_re03C+oFwXw6*R^$Q;MGY#hkQL^2~6GU&=aW^c}bo8Asr~ z{|(}Vw=}7fZVC1)Fc_IXmYfhAp(OYo0jD%)xbj;BT<)Hn^&+PgRxQ$|G@~nq)TUR} z$dGJ%>2vJ+vj6Vl{4bcGe!tlNX5zANt?KfZV+xDnQ_eEqRr}5`W5Qg;7TcQfYBb5V zbN=IV)F@RdOvTFSGY%^u%-YEt%Jk5=eT68~oox#?hU+M(v4Ka~GSpfqy16ByC~|_w zIh;<#028)`7o>g?Ij1ngxTLvk277`bQR5%$txp|KZ8IKigvs-K68|+>%r?8$d=tX- zelUZK(ZN0qi51#IcF3i`gQjt-zMdUl5;*%(lx`bpy1H#rU0aoZ?ApO~Aoi}_klB`) zdwr~w;TSsQ7SDT~WXO_$i7@zLlcKy(teiY-q2VzgtnM&MXGPDh4lDuuCOg1yMm|dL zWyC%A)70)iex35`KBkYaalz_~Zj-jvm1C&{$AEq|(yy;9ID%GWuIJtLNSu3kQSS~w z02rZ3YPO+Vh|?B|W_Q0dq%TNXYqj!@mW!E1poe%=#401&ZFbTpP8=S7VN;!xEqU7X zNQYBCl7VyrRWg0#zv0zx@2W>sP|xBH9I9&v2eG!by>&}3>~&jCsUp>nkre;}Q^Yng zM&vC9rKITF4b`?b=C}wG3Sth$H?!-Q6t}IS{!)m0ZYR5t$=-kUIxXbD=6Rq(d7xxT zCrn6Hg?;md)8u!hZ`G4+>yUIdBc4`~&h2?rYDXjdpLRQQ`WM`5xXFbmzn!a`gh)gy zN0r9aK<_->@l}jK5hb7It7#L9swZ#^FLkE;N2bEm))V{|KFJ}RQv z>T!40OsVyruRr7Z{o&8gqoD>{@H?L;;;<71+lgP<#k^oPiO-tU%iIgvm}2p_o4*q) zVP85$KD2bNr=b3{rE5xzY@p^u0&iu_LyMmu(`)!j^URX2vGmLJ$_0mKE|H6;(~p-; zC#wSwXpYlCkzD@`a{pu*g*q0`FfAsON*ig}C_nIo)ZcqaLaqcOfg0s#hlOc?`CWc= zhD?;j@@lH|)r5Fi4c6L!AEo%uj6tG*&Z1RHh&Gs9jd{oE|Ktn|Gb%Mnf#1NJTRZud ztWN2+b;e*le$L8@x0|VBQt3&A zYa!83J~HXv1ysz0H5vXb)0_8-@&W({ijx!{>VZas34KyFdV{Dsu<+Edx-;>Z>Rrvp zusT!k-`FsA`#H2g>|2`)V56|p&ri2mRLTa1c^|!dx4${IFNZ%eGz@{=EQSAq8ww@Z zUcI=Y(N`xOHK+NxZ0Hm-kuTogTjLquYUcqEvrMC+${4!TxGQ=0RLZr?1qQX=b*?v- z)-;jQe;}m^t7*5RzuoP^QKU=sptv|$jyqFwM(Uw*D>aR!j+gMOVa{8MbsY(_gTkX@ zsL);}y@f89_pM2)*~isthO>H(4s`-Kubx~=8O*OIHw9%cvvCiJ_>~!-!M+d7&EXS3GgpJ|w6TO_2zoui#o}9#SH`UnMld$E>Re#T; zys1RW7>_CHb8=2CLqm%3$3zato!h#Zs4sJel`g6!FI%Z*bhE0(4Hr!uz2Ln(N3*59 zNU}TXZ~U*!)Z@X#mtmB1(CIA=go1WhbSnKV!6JvAR5FE!o_TQa#7SrVr;g;md!KPP zAXE2gal+bzl4s96k{uW@E<1bTW4J!^c&0+em`HyinfS@;Xc|~aJDjWZ$jxi=U?VF_ z^IDqoZvn=eF7=Ce_@gX~QsdZjcAfYpnyjBIym<2-HP{i1;e41gR)gB0QA44&zD?O6 z{g`i1nk9evcSokjPmWAvj=5a*MuB@SRgdNIAe^O3nB-cMfaK7;ZASn|Bds+$UJ4=^plPBDRoJZW*<$H7Wu;m z3NU)|;c-gka~G%RXG{=Q-5I4tK@P>oRQH%AIImJM$|;_zfI*>0#Yo7@i6AT!vL)sj z*_1b_2viS*Cg6etdoy`%!M3n-NPl6~*oXZ)W=~tMm1nSNwZ5po%vnvTX-AK~c43=( zQ~dFg2va|gse9fq{O$7X!J>%88?V)wV1BwUi55zgFFLHaG*ulb3y& zdgPAjnxd@~RhAMbM3L#X%Dp*uT1BP37KWwKz!Dn}jT7b}fEMZq#ZDC``h1IDu-M+2 z!2i)3y(};+x$67--u_?I3Cs(7#R7KAeD+*Id>p*fc4uhVSM%a_sr6*?zUS&D)2_8_ z-x|solx)51fyM}Nz!UJdhcGk)ipOZg4Frm@pAGRnmxITJPM}?O;cS|FV(*|MaauiL zdO}AwD;!y-K;K$jbba#CMN--;1=CZQRkzz8siI!G$fP~Jd9M%=(fzQMCAo$T=e-Y} zny8#)ihwoz&Qmff|B9g?+~JhS^!#&&<~?f@`)_b;Q7FmcRdx^U6Q(Tfh2@g`<80S*p(}-@?}Hm6-m` z&@K*Y8#S6(Od3po#AJ~tNXU2`-E28AqWkpWAGyY))4NCYASnnL<@ioQC~Plr;50_9 zX)4q6#q?s2Oa5xLO8!BVK)+x5)5voasvTNJqKJ^r-ocN&%s(^qar`LSI;_D~B08D%e)cnp{LG7Y2c?oJPjJc> zx!EvvbTvg1)2nw?1IS3pHW3{XXzJ0ro4ZJ6<587Xa2=E8Rz0v#Fjih;Kb=v;ETaUI>PZMkGhwO4ywCc=O=gj zHZ&h<=bk<(1Q8{A-yr=_**>=?vGz~!;=yMrAd;alzp!n)7fLc@}he^4iSu6 zD+qeoY?+#pI(Z_7D8C8+1f6^`5eTqaHG;SGoJcMd7;X@IS5Sa+E#H%N+X7uOYpMss|c;*KCivd*OoVn_zR-|qj$%L8*ULO<(1kp#WBG&iiC!c}fle54Z zp)pgx&+b?P4_8m==gXWcpHb#uzS=(6PA}+0gAXi3TIUknwS}mbQKy}!2pnmHk=N>v zS#asdWNVmQBlFK)T<;{B;&9+HVzsduIHkTX%HAYWC{Z@T)^Lh2HJU8fUCBiIRFHkN zZ&Q;iC9=^OFEozxTpGy;Yh}y{&#sPKU0AG|=&F@rwNNG&cs4rx4MLxMLQ&}q4JR5H z-RH5pbT`dWWbR11?M6XFN8QRpDAY%xc1Dh)xf2p7PsOcxm#Kl1+a?hNuX-j~iBSYt z_r(i{5_X-bd!4UxDCZJSJ7=R*7R%03SO0Ibtc!&NCtPK8q*4mh6Y{-8>_+OAeT8lb z#a3d%FiA;kcn}LMNu`gFZHxWhB&EFoB23|I>Dlw}i&;#CinXQDho%cd6mo2^mU|vC z!C|1^5$4H{k-o@D+grePiMi;I_EyH?d|UM($URF0xo1+LSR^q0VFSWcqL#&|@YPIv z)OYbf@y7iD;7UgSKuZ6-2H9fcgQtx;BMB$Ex?YPliqX8%_PDvVRlZzjYfEZnac6VU z*`qA4v@1D(AEX5tInln5H3RzZwxuncq)^J5Yc(COKo)bFkWpAbBO!`ohwTZ{KYptF>|2>P=B zsqpp>9qOM?v`h)>bKY!rZ`*sj#ZwoIJ@-(O297MnGxR?Eoh}BCz<2}5{eMe%*NM3Z z65h|G{z6@K7?!ko?Dy_rBn3?!3cyuT;>sWCz^?{ld!Uv9VDT!mQ#wHDbk# zWwod~)2vc8wA;<1G4|c*@)r)mW+N^0!P(X+*4#wJ7T@l3D8(3XAVq?3svzY^i{$uA z?mo5}gP!q7^WL{Pf#jmDL5zHxwvFs0UcQ^pGM!fF9a-Z;vBG=;#Ti?7Fr&;kn=zW1 zSwUX$1F>&Up`};v%uN_zvQ(Aw;b>Zw+y$HXw!T^Sy*a5lukMTio zqu-3j9_vRNV9$V?N!sm_uPRIi^R=65mmND?EdCzU$pv~3|M7qh^7qd!9t)0_$4FyT z^s%mNoAZ3Vp{)}f`RuH=^ z9dajt771{N2Dw5IOk15CLoW4wyM+A^C!+R(w7em8nbI|)ym~?jQd>`c;dSXvJiPeH zN-Bw0T8?ZF?i=|B?MG=-J4vCN65-(SLGT}M@wG6$E-wXo?YZ(Opx3qtRby`d9xKOG z6r=uVXvSsJeILK`pqfpoJzXM2FH*=gS~c_FRJZlukTNl|up@WkrQgI+4R<)a*#6r3 zff~~rrL9n@;Fu&sCyO{y*k6;RLqu~BZBFgKFg?>pxllHCLY>1i0OHc1C#34KJi)e99sKitApm}28FYY zp0rbZO2-Ykk=uIiF4RiBSmLN}#v#&y55;2r%$lcu8Df0XX4wh?2)PjS^>prbi7lB5 znQVbc87EZY^+u2?<91~t@q4L$3}~D7INn#Z@!@_QqpbhY_AG}uF!~0wyI}a`d*Hz%%d3cOrzAp2X^P(4v0=7J-AhsU5Wp?Rl1sIw`%Nd z;MF;brsf*@3ng;D{Rtngd8 zOk^unR8ii$65rjeT4h9e|J8&So(;a4KJW~or2c0*1_+HHPfiZ|x-TgwOE%(%MUPwM z6d6;h$C)}ypHAaX5crJ7NBLxNEwXh5ByOu&GQ}b`keODWKF2JN4V=|8)iHswyXKs& zlD_z_+Kti{Ll`e66t==Mp2y@hk=Sl+)1rIY)c5I9XqZGH-(kcO$6gx4V}uSagdFJc zvXWr>b1;8paK?d#X7(N!{pFRadOXIm1R!nIzP=Dxi{gOwiRI(?a#_~ zL2@8`uT;)=B@t}ySF=pB#n|G%TJ{C1JC!yy(JZ(U-n7yb;SNmSN zB4S`@?L5Eg`14YEOj20WWSQb9#l}PB&G9ojrkJpx=Of+Vc2%7QpNNTv=D1mCklY}jy zs2}x<+jJ17e$N(;QCIPe;X@n&QKh2#uO8X|{GJF&QmnzB4>x=lRx(LJdWT=ylEY10 z)^3^Cm@LKKI#>s9*99n3qvo?+*bEbfh88K=OE<%d?w4r`4Ywr4RdDj+amx1^Y7yzG zZX~x2BBFExj4hLlIaxn@LM}D2e^?9l58K=!p(VsK&3!y2Gg>d`1Y&ucU3NBw4)o?U zHYbR_K`Ks(4qInZqj*H~D|jYI_)PIBOOc;%;=Un_yTMMr|K3ueV47+Tt(c0(wu)v$ zE;*+Gw{qw%?i&mebMq;J2C5d~=e_H&W>|A0m%6gDas$6)=%onZNL{sZ;B-lR?oYR3 zQUw@HXG#}F0?||9q(b;_ zutA3Kf*!r>cX{qoyNM0z69ByLMs5LhE?-!g0RH8D)jcUf?OMMR8tcu%OD;kdAD%}H z%GHHlz*-8%YBY_@cEzt3i14dqo@>u~M>yERSH}QrG7z$XVE99=qZXeOukQuG-%A6Y zo7I6yQC?nlRwA91x7u1r@dr}j*K|G^0RjLfZ0~;7VLB9cm2-HN?cH-3P?uW2K`h`x zgFVfZ?&6@;E7r?>X|||0dytdlMKJnI%LRUkRes7TArSs**9wy+v<}UebQK86B!UU1 zp5;S@e)_LwO^l{8#%rvEm+sTWI&_@H*;{d1VG5(AgjqDnCLxQ`ez#dKox+@tK#l0WU@7UdZULs zw}d4o>cF%hqDhaRALlHfjtI5$FAG6u@!Yi28nF^^5WwBJhGve(nAkXnzc^afF?c8Y z)e98EU)5{gu}{YcIW5NYH^MNuoTN(i8xvv0sCRBG{|2nr{C+L}r=ZrbP@vXjy5ZZA zazj!3hl^ltlQ;2&KW&EWmVEiiwbq#}KvDgX0zzD1u6ZP0N$hM`H#B^nsq{9rSMOy< znx$d%!LpK^3gOA(cXqE5zU(-~XzSLM#)tSl^6`&m6~l<$!3Y(gB=en5eihEsvJ+%f ze2h7p)giqPQ*l`+={yTJ5eaY-Of-eB_X8C-QNuDrzb(h*;kp~m(8M%quNr{qCKU0> zHBDF_^Rr{YzswwG(nHR~^5z?a+u|kvLp=LA>xDCVi-man{0S+eb;iCy<;Pthlt3#7t`-F&W1LM- z8C_5_H%}XqF^8R!5|fhBP;b*vZ^C%wN@j?OpJa93;q>o*1MdMn-Vo5Q`wuz9XP*PJ zrXEW>t-_+7?BugHGLC69&ht=bv`~H_oF0Gen9%Z@ivCyL#Dw1JuX+iTzM7-ER(kzH z?<|r9L66cPKNf~TctMW80ipYqjL&;~%SD5JsPNhuL#1x|fa_=$n!{Wvl4#Yz;UYHq z9%xSng@JBde@0yk0>EL=%aCCkuCOs$v}iTmkKPofmG0q|TPyq3G~Rj{dWcUs4hOMg zbmhmy?|JFU*MZjJ%Y3cfirh_Fkew2Iul5zWKISZJt;FL_xNv4fzn$rd$@a*i1Fp4| zGV3e^f_WPdDlD=+EVp24LC_Tx&qZYwM6L9mv-2x++|)l$4kU|OLTSzxvxfJ2RF&xtX0(m;)(DQ%IX z6x~7(Jl(NI#EqRF5_hv|0|(6O&5^28`?(>0I_FEfm$Q)+OUF6xk?yqzq|7Q0c;6PL zZn0FEI-WAMO{D#+VLASzVfpd9TlhviQXb|Enp%neJ_i_F-Z(vp*o7 zYk(#lrV>0m?u9wRR0gip=y0=tR6a^rgy*KyN320-vs37am2}i#Af;Vgc^=RP>=^OV z5X<953id5WWFN9EIPeD$-|HcczNGOVkugGL|dXx#XrJ=8gGmiWwYr2=VYt-(*KG zD5$2c$&?RGSF7zo7b9p0*EBXkk{3AF`O0htwO0nX6YRfK+#nk4%#fcoYYOBcS7ev7 zO5B{D2BQ_Pip@pdiL~z%O4QlhN9!PQbMYq# z^W@UFs&dCBm5xD>TU`2KCNZ|}0wCL3V)|4(K)QTA7R(qA_LtFoFr*%e^$nsDQPXI3 zft>^;jGPyU_2RZR=?}8##%+?q$qp=ebbl(4YuLHp&`yBZe=Uo7x~GuZPL@o)&C*D4 z%Ky8i92I#W0VCFUxhF7USp+HrBNh$y))x>G zLy0gOO<(TsoIA9z^l4PAhf7MafJ_OM!_N!NcWItT~cht zU2EVWC_dPhY5!WkzUG}{=NidH^syTqjWyo-MZnciPCkN?X?>tcrZwV8JtpOB(==S^(?zI8nJ-BKF$Xg4?nU?RnTGw^NWA5zEDO5(S9vVf>s{Vi$Qb00#6|}QU z1uHxD8^jqJG(Z`B3x~ z>dz$pDWU8vME%1Tu>Stht@3~TGi2f?5$rx8>4^#Xd<~o{ww%FPe2-q7Zjgu!g9aen zpsd>a7~dHCDS?*B;kaTRJXAV;P;PzLpJIRT<%jEm67uHESCgqsRW|RIFU=Ply?@n~ zh;@WbV8>_=7p>pbjSC4+aN#R=ymnMy{BVKHaj<<>;NS&C2_`*ObjTLelU+4?bbm~C zeI>rfg~0gQh;L5XgE*m=n9-N9sEfobFsWHNw2l5%KJ?N5UOv?Pj#PTO5gfldK?I=H z^ryNsBr`i4yb&VWVqB}Dxu)|2LH7h!;7qoWvl91ajWBgXhJ3ftqkwRl&>IJ5e|adk94eBWV4s+`y|{I;bw3cnbaXVHBtH+^h1V+v)$7TdOT5x`2!-^c z2eAbm}Th)tny$1_Z(XA$DePea~kH z*DfYoL9gJoMsj)d8z1&WdfTZSn!t*=6j?;@*uGKiCVvm{k-M7C`L?EOqt|f08bCwE zE;Z59B;tg?xj%Nu#9BrOkAX!)<|Jc5DPjkj zNI?fQG6P~-8;)AY6s=x?(S}Ie#2P0)#_jplWV&8tuTVGS01fRx#R_xX)3NEit#*GQ zI5UpayjQ7+nECu?@Q%uf9(O@qrn}SH=E^3jEhs~-swCC!ICJ7)C$dxi`qtk#lsyay zC40gc*$KbeFa-jr8Y6d|^%opA#M2jS%vC+-a~Zw%6`r@OUl3TKzIhwmv;g@-*@_cse7&I6rm%{!VhMqk5QLs^9dF$EpH^XxB0S)49`rflT{jN^T;r6 z5)?gfKl^=veBCL@7WMi`^=@oN9NTV86E4((_qdCmdfdy?nR1yag+v2(BpnnX;_6DQ z+uAmn9^f07msC18fY@;r6={BVDCu3@wNgk$0B=Y(=A7tDGHVwwieqKR60K{7Uchb2 zB-UXKdQcQmSKGgms?n4=`*%j9t@BT|iN9C})%uBeTE(z8^jvZ#Y%>1kd&84=L4fnY|1-;A9F}Hzx<0f09yY-EN86xl^-$e!CYDO z?-FZ8Ii-TnV%YVmuPEy5D|RXr04JekoC4%pMB~G2vqacQ(bmDjDC z`6W^-^q`y*GqYb|a90Vvw1Uc@$>BemG!u0>+J1^GtCw})4lzDdd{nv9H9&dE{6K0V(01%Q zanH}uPv#3tKR(u=MYT3&-|9nRy-Nm-0l^+#LE6BQWtu`_)RL;Q*>JMf}QQ>K0k3+-=d6>{k+UY7A zPTq}B$Hqw*Qf_tjSu3EDI~m1nlmXua6bC1)^EM+{s_(9Gqvwo#j@s4<@uYO^Gu2dI zmv+P;(@ft%`GGpvl&1y%x~-f8hkm^7x<;uq;OH@OY#d(Xy~C@%sxN+|jER0;Js6*n zD^|`%M&H;F<(X9BJG=L(xahFbm*WPvnRddXll>;>aT1Qr@MZp~z)WYIWT#|!c1MgY zOU2T$0?4DmyErd#dwktAS5HNj#u?Mpq}+ z=n_ZazebhCMrWf+Y)I+G=U0p+2|Xx90@e*dGB5(9VEhpp1Vy?50sB5XI^A*H~_4-`ND0ONUqw|Y@cq? zHq>co*_qcuKym}mZ{j`TeAk|xyot~ zau-uv9*qh8%!r6?I z4n~wM{(v}$9nu7RQeQP4tHu;_weU$bThs4Sy7-m6WvQoPg$ZHKVa^IW36>BwDrhO@ z21`zp;WUJXyVI$XyWBc4ie1_eq>UQqqNM^_uU&P;nlA|OEI6v=)k>T5$Gt8GUjjf$JMfrp}FQSDRCD61nfb5f?=Zbx??t4;w<{Mv;s{i#!Q z>R>@*owzGzJ9&H~$rP9a+bud@=`S6eOP59@xAHu(>&lU<;9rnFJEyjtHOu~o%C~HV zxYlOa_@y$6O~0$4F$lr+AU;aJ`BRG6JQhVK2_`=oAdPoMV1I+4)V_c;vIvky2CwFu zkI0#}3I6S1`*RBZW7CNdHZga;MhEq9E42st*0lAjq+1scl!>UPtY|4O(wvWsWh&^& zu4*1%y4e%{Cabu60{P_pZ5p9vQqlwYhZl#MkkVkAFp4k&q88@WIl9-=q0gcQx6{nm zK-Ule-}v^~l%o1JWVCvMP9Ff(@hMwZ%*`|D^3V_Iau6xG(IJaKT1t0fyczA zvT-Dy>i%S3u>oPq-bQwhy7|V`Q`)H+GqkYK0rc6aSW07q|A)4>4vTVK!@fsBP()Ca zlu|&XTWLh41tfF#dHp}V_bsP*2sVz0HgYsdS3-ybkAz@f+U z+|M1?b)LTy7+d~w3zij_k4nY~FY=xD4gjDD9^HRj(gHNY zgBuGv#r+*u84{OG#qNL3B8~STCq_}rxd$at8KjelPpaUf=O>LMBJK80ey;!i#Wy;g1 z*wl{<4oaAB*$Ouwck5q%;=gp+;H>OTR4vu^d)+rh#bhLPynWx8;Ex7p+33jjmQN83 zTe3#7T-(1`109*<9Nm5rd*w2!d<4*(`)^;$ySsq?1%1&D6d^La5g7Xy(2}+-vL-u% z0jMp*+0)r!6{R$fhSB<$m?2_C^a~Ue^GgfV3q4*x8iLTCB1}Ee!A+5j*m05g&0J$R&x*JLkf4%$>#)^Ar?i%eBuaG6^6++$8P)M zOeKfkVR5m!aXJ-jF4iMY;l!CGRJjZkK~pq$wB@5g*d z8wV!P@JI{k{`#@Wu z==CC-^C2sAHFE7-lR)kR1?)@E~DVTl?(idc64}2J9>Sc`~a2o`pFUGFq2(D zSn3u44BX`uHZzMU*LCEO#yrk`Xb?FyLe$yE{B+0{6*V@vkA|;p{$QG%)d?h1GbH4BTj@?CG`4ZNiT#iligHXvOCAeJCG zd(Kh?$DoPO2@sRi2IsJp1DlG!fp+}v`G4>i&p+;<$c(DwqjtI}e2psjr_8oARS3fP zzG>U7`YZl>@pB$cM&ch<*KiZp`nR~&W;4F$hh3H@&uY{wVmAYlrwpKp{jW+ul37Zz zI|O1y84o!*BDcvc96q+G$4pWh%Uz>wc~ZPPJBmY$$)iP8YJ8m{PvgV<8b3p6dC?Q1 zmp792I3c5Bq}oX9Fp6pX*0uObUCMW5nPa2CH6UQGJ~>4RR)Qnq%>YN~9T=rc1RpFr zax&z!3x4}J>@`A#quk1Oh)Th?4rcW4HqUPVEE#A6v> zPY!K&-^c0fKRciP@!r69pdS^CRA&ENT%spW7m!)!%0-BIz4c(N?ci5X1xO5MrIqtk zDwP*Y>s<}pbb#MF&L>=~qWQYE*?@Dkd30usjLp>A97~#DqBL@`41VX>L1z1)uP&qR z8~-a=n(Ze9?WnxF?4OJj*KgKdBldS)rcL{u64l%Pq{6Ynkqw$t^t%l8;@pSqm{psJWhE zP!#pT18uW7kFW$|`S^$;dfwGEszlY2l7oe^E*P$qpNxGQ7)wA`y=QOtiIjNzFlCmm z*h9j@xs#AmtB3-1j`G40Gt9%)OdaDVj;0Q>xn@;@liO(_3AxApG6OkX5nudX^?6Mf zTN~tAhXMgotk=9Lwi=X4^;Csj;6qu;#D(91i#b;Wu`tzS#X`_-S{5)0)Cid<8XN~T zaz}m49deR&I%TB@5C+(m*vDsOT-1QVlMj$D)Limm;S*y#D}A1i)8!N;F6$i0fZp}@ zinJUTEL(5c?Ts<%ROtd|)Q}(SEHAPI3RLZB{~;mV*RdIG;#h!s5>DF$>X%N0V@^UM)5s<8kV1pdG(z{cU=V z0yxmD{!s;|;!X{qe+R&-JI!blaChi6dAIM@km*3Uo_KKtK7B<_wZXx!Rq*>NOz{Hk zlQoCyHDWH)q6_J{ns}3r)=Pt2g^D2v$aUCaH3d0{R>omp-#kDcwi)*N} zLH#E6X@WRi!An?JaOo>jyaby%+%$#yIMx&9rMm$iEBu^ScSX{$-X2~yIen=3+nv+seHN- zTMo-p!Sv($rBm+CBzEi8h7Gw`%xiMNTyJ7`Sz1v-U`jg{pK10JuvJr|5_y<+zrRxs zpNj??G_&ud-g=Z6O9ztTdkPf>Il_yoK4Ztph9IW?%6H7L+Gz!Gi^gV|IfIJ}HsLq4AD zvT{=1mL}e&bCzJjJkHVL=JiW724*g4>s^fEYFxtAvopA zeShf0$3v{}jXC^0=V=@N8vHo2%YJPn@uDDk>U~LbzkG>-gX`Dg(Cg&;oNC{>EPl{G^5$W(W5_eoq|jhG(9|Cz+wEHq!ZTYk`#bk@g^CAzqvIqbXj=f@- z@O!P`p!Pe6o4tL0cuVRsD)?tl(0>baGd{Ke2|m?flJE0`bkQ8wD!fPT*~*Upp|#FG zG4`CH`!uE$ZB-@vWa5wxdUcXDTTofeT@0+VP*lyKrynb2G7Q=PPg3rlC0AGt)fBy zE}Bvz(sk4)-WGiky$038t!0h7=&;D%_<+Z&w3HU#>_;267G-5TY%;y~SEq@}rPHL& z*+fo-fYwrHgRJUlC9qj+&hIi{@p-%c_=zkENtq<{C`{}|;kW-C{VKbp;=PxLuA zA!%bzLyrLcJ(4ngopW`VfE)zG_+8wQzDhVO$}!=515bbw5k4;~A63S#4X?*$G(}m*;Lqq{^jSEDrA04 zmJ@vY9iL`vdgoh1yUm(!poYI`kLO&!(aol|ft$izkc|AYuA}0~y#uD#8jZDrJs!PE zmbBxKZ36DpHX-tr#HNg+M&a_{F|c=Jl^h`H#Fl|%DG-=G5(lk zQ(ydRa=mAXpWy+I==#~4G^bMGcr}}Ck`hsfp>{l3Bry)qWFv%@5mVz)7vkU`a}0kG zIPA|jRSDqUHDb=#13fEcjHUn^i%hnw)rFWfTw6$=c`i1nM6${)O2&Rkh(=1QZ%AMbD81s@CWUlP#lVa5v9DjY?H}a~& zSZmr8Lf|sH;?|5dr)K!CQ|+ll#!obfxFdD571+0h8F-CMs;Xs3Q}l?kcg`ATO6$~E zrm-e&aFO7Bg_)SckaXwJ*(xlaS<{M(T{0x=In}X%oL6GGx^BJAlj7!IAY##0PSo!o zZ4R4z8_!a{3jKg3Wef42j)iil4bn)36%N+G8`qOG;%xWiY%a=k`gh-eYxWLYxJ$VW z9O!{$hf1nq35tRqsb)yEzC|IVUkbc}>J}Dgrf^+6X~DhXVTzJ$5c@<_bcnjK_wmwqAl8JB?3*^e$nVj*>;JK`umM`XKL&{4(I>kIBh)rCg zD%B7?x-~#5p)h!GO9RFxR~5hD!S*<$O`ZYqemTjlwssl{qoU_8;#;v+1yOiHN3ox15i01~i7n5<0uwrpMy84yCJ;0I-;K{^ZihoGtb99rjOG z#mA7`?v~~$gA(74rs6vWczT}7stctbbu5aSZ_L;&D;*d@2?6e-a=E1SXu{GtE29T? zQ{r}1p-N7Cmpw-&j}x>`Mnj0|$bAc6@te@K8Akqo!n!s(&sHiaka_?i*4_c6g3d#m z8+^%teywX5!lg(^z)2DR0iiKT-d8Dw$AtT=*yamKc}}tm+wCvd91x^8VQY&fgpi{u z9dYc`W_`-E)W2l47^uBNpiX_-YI7^StL{_C)f#h3!Q)r|i|>B- z3THOPVusX@vZl36j#Q!DN(FpvXBRAhUw*4>mV-@@gbV_sr(ius<*Xkjz1#eet;|bw zA|Ng8#Xw+D3b$Mq@NN{)4z7Inh*MT3-ms3WMlCHU^pM>FM{cQ4>My*g(lnou(>~^n z|HPYngTl9j5k9kZ;|2r!ebECaSuV75;SGgE5%p5$x%BP}LE`C6GvC?2-TOhMsfft# zFGcC(A2>O~?CLY$vbZ#ykMk652?+Hs9g#2~{F3?^Qoe0lRpuLdhonnlA0QeMnuHU~gW%vCfzrX;wEa@IboLe%HnnolwX~ zymG~nNu+%FTn3C5sj9M}tapV5y<6w{R`x9))Rd*OZ0%<_BykCWM+cO`%^uzc(-bI$ zlcT7m{6+W8v_k4^AuYV0`)ioAgJ=EMzmYdx;XIKjHprYbSs zE2`$Q@NI|u^+V^Nw4~E+6Fu0?Gld?k6^D*NhI6eWVg}sr$ME`+YBHVZ_VJZ4E<8lu zZCRaK^69&U!S$j!ktz4GI*m9AISv$-f+h!%^RA2G-Bl}W<2$^YsFq? zGsn7k)Tpq8EtVuN*V_Mg{U1V}T@t?m1TNFtR1H4yl4R{|y-s+8)G$_aiI}E!`mA=) zVG92|N}AimGsh)=ga7pr?bM3g2ECvSL9<0HR;;V3nOcBJm#}vOP+g7KGuH6&25P(# zess1KN)pw04wDvw$2{c~nhlW95PeheKC!@?R5GR9(3kfy3JP2*nwpTaHkwO%C#xMeMOZ}v2m zJC`RSTJZF^MsfIrCz-=U+7|K#g=bCCI8U=Bbyp`b%RHo7<{j@UjcZ&^qSd)%wuGPX~K-xHwo_Ir`=ik)$^`#asXy}Rk00uDCjm(Ycx ze+OOg{bYmNgWg5DcAyGhZ7wtm39pJ%XyfmJCyksHsmrp0i?qlCX53#7p$V9>lC(k? z?4cFcUJ8abZbL}AEX&C};7mqjG6PembRsWVIp)^}G;xQcuN8#2bMpD{lA!Gvd3$dx z7$L_Iol(I4NiOMd14Otusf%*=;oN-%HLa7(90c^BSv!ZbKy7mLeM*=M=kyA(Q= z_=8UOV&ja^WmDB~BSrId1&c3-Py?Ks2t z6`y-u>lROaq_(R{r$X0j0RL=s0;UZ$-7kNuMEK2-^Z)j9X)l`JBd-(5{}FlJ49c=% z)kAQh)F@*F{xu0BR8Y7U+G`Vow`+)26%sqWdQC z9k(VP=*~EilmCf`2mMfeZ6ujq2O*5JgV9cIKs(gT--sgcczTed$Hy_NWYmQ*K6^Lq zQ+pxk;@V9?51~Eq#M54Oej<>g?8$&*LL`0!-D@OdUvpd(_>3BgLV3L)7 zNl}b0Mm|xzXNRzvzzziTlJ{mt3eFS%os;b+zjx*Di8oe3*~b=*V>L76`4_DNpQ$$v zAHOno){3TB8weB@fD;0rb{=nsN;0Zrqxb`4s zhAWVpUxt#eEUKSSWV4dpgENB{6KOU_L- z+wu)d11iJEZ%Or9owDy-p+-3!rU*6_>|#A?`URrX4~TaTu=OnIaK84E6Zumy@(O<~ zu5NUxXPlhL-`W$Z)OV3qU{Jsp%sL2GtJP>1oi5su2m7!m0cTBE!MtV49+TYuD){|CIt?|;K?scst9SZ5HMqNS7LO^lZl@jxnV~cn7t!=kP<%h^{&GeqGyhyS9}?tRSd#{%c}w##t#Rkh8wazqC91Zduv}WM^DjIZ=iu zZUKMbRybL?Mf`AE8~W7}<3bYrCYcs{FAPsY(Fw`ilfp6chMBr1ZeCzREvs$#=bPJ=FhBttJ}xI z2vL!Q=BTL=0E~m`7GzbM?7Ji7f}^zQ zNo4vx=KdVk^fEv6DaRvmW|dy2eO8Nf%2jOp*`2CDVe=X(sJF7CafgTgB;QlGqViRS);DC zaR9RL{<_&vU2}4rxJjrJ0;W))QS&H3(&pK~K4D^zVxfa|gv0}SLM5zHTG7`1wbldN zD0QfJrJhr2-64YzzCs_yh5=9LbpjOQA@Y!bB$PCbEAwil+lwJ^I?3s==2ICH^@ifio#C6a;B&B0g z*>OBlq>$=kNb24HIy5;FxZ?aet<(ADJPHEtI8DT#L&QBxQVBdO^VRl9bcD{wBU9fs zWCBQaW{Qk|=Q|3DhUToRbEg(6KCK2yN;!ouS+_eyI?dvlh0T-AVwTP%X8EKWqY{@C zOIhclV1+mX zoWR5PRoQw^M>#HIsU|0W5&rNKyC(nG0(}x~W0}q# zhH^w^6c(&R8H<{x|2gNiOj1s=@^}2J)nEKlvK4$x%{>gReP;@WRsqbVj%^R_Hd`Ed zEKx&BPyuWQ9d{r_xTa-OqI_)eN0?$P3ju8AVwdmpQB;z{37=y(tM5k2wl;Uux5{mW zu~inYn;bdK!;2;D?oV-^y@_j}KnZ-R8NArbPKHU&|2RhV9I9!uUZFUe7n2ZN_ zBqgH8%wC{Z0*;7Y~7CeiG4 zx_T!Bg5`RpmP~3s{s83KN6MNz_SqQjKe%2`%d990X8ut3-;Wyqzr2F=!Mlj*j(Q=H z+WkY#HVTpq0%}4nM=bd~n(0DV*H%}V`Y!);m ztz_z@lI<2YTPnsDrshp&S@xGZMufPeks$ez-^Z>11^oFy(U?hb7;a>E8Izsq@as(B zS#&wKcw1Pwzd!Va8T{CyuJgfmO0r6Pav65IT4>#M$~X49?%%RV9Ws?tctK1T=#chtFa%3t@!rpJS!YeT%0V z5AEdfy=>^WCu8B9#!^zm=e^zN9iapR+;I2#P{gT7eZiB0lmg~Q?2Wy*hez86VsD$H zXVelHhq>NhIXx5~E(DtGjBp4-O6Su792l{^zfOUD^lW zoX|*UyH%sefL{#$yI+iBa5U(qt=N#N&)vqDFS3{{o~M*{H)HcqS?UaLW0%Ta$@Tq5 zocmdz_;G8WbN9^{r%U6fk6i^p_5JP0l-#$b2|E4wi;*WTk?ex8-@2b_=@DD&gmhB{m0ee-7t^m+&a zm`o_Ex!Gi%fwYNKU^qbg9U&PL{PtLYT*li`t{V7My zRxB1?YGHXPP=~KC{Y4#4DMJk7{x$Wl_abna+V#*R;X0DcB>&Pu@Ka^@r~sadt=q$b zow&@lJ=y@Nk>_eJSzCgyVAecghSavzab~I@JeCUk5wd-ZGehk8QY$&~TYlFGkUrhr zH#W@z&4Oulyvmmnkx?LFW;NH(>uIET{3G5_2P;1ilU1e+8ZGJC5i4cx7j*pl>dEHo(|=u6OA^gEXAV|AZuR2f0#S1QUz*PAy3Av9>L z&MN{BY5`+TS)6yzF>mu1h}16-3g2Sx+fn(cKa2$qRBO9sK}pBYFHV|@?)SwQhY(C2 z*>FMNWM=kxY^GbV*e-*NFaV_(Mz<<|CS1=@$>AH2_@ zOWx;;(tqZCS{YZ;=y@ydIh<8E7VSNFqYpjG1OJH$7=Yna+uM?IbV!NT{nHyy3!%@DEsZ8wDxZ)W5w>2&3qbN}hI_p8P;6 z3U0pcloWT!_f3eKVs52s+KM8B?(_ubNc3BlE*G<|-tO@YP1CZm{Uvf5!d&Q|IGu4d zzQWyTVznfYHeRf2a+xRXsb%l!?5ci&OgmN|>K@Q2Iv!`hPP1lUOhtSBZ6ro%zM2Ce z432N~&c9y$`m)mJ`9zav{md?ks~D%@d~EF8Jp+x~bZJj=W;*h+-mjImJj2*I$76(q=%|(y=F;Gq%PW{-tH#cM&y&eS z+KAld5;pi@a0?ZYT*QjXqIGg~iMYMxJ(? zi%cGo2j0i+(En?Ll{f4hU6ThRM{!3yp~73O+C}f|#Ga|Ko0CStak$K)dQ8Z%`~+Bh zbWFgcqM?QFpCb}Kd?RC|8AsEcD;SIT8pN^{-22uZ1TT$U>dH#Sm>BLw&?8KnU{Yo= z2zR{vPLHM(Tg(ywKb&j=Np4Q}XVc!e+Dh#N#@B2OaI>}}!a4L9@k;#_b(gUYmjsud z&NRnus$2rUj(B9ib)E=~{yKnQl;i8=hxw_-jpCydj%;NZdeJNl+_GTdssk zF9!q8^oz`q4#TC*NJ7QwyG7oB^j9~VnoA@<*Ig83b#mzZs{Du6H>!f87d%&$y>UPo z#Pa_DW54L9rPD(wv1zGou;vR$M;&EiBgacg=a`*Us49MplQ!}57eU$ zjtXLO>!<2(q^b(J%-!@zQxU!4J1P*fs8x9T>a^#YyXx0ka$OF+Gm)fYeRhv}YtsoB zy(T~0+}rH!{YRW*n_8x%v6^0B^85{37XKTztOW&ya_>9FauMzQ(_NrJg(A-i_jHLO zDR8&bq)4V3&+$i)6UaxFCux3XpJICIBWs3>(Y@Y(X6y2zl4v{f;=3|OsqLEwXp#YT zsQfGiCPjI*gGTo#lc>xV$q6(e&8DI#5Z##B^yIuE6YI?iRp|VmX5e`G+X~ia>1PB~j+q(4|%@%4K`nE3W06sEU)^AM2 zR*LT*2H+#MR-0V>bG({+>Xdhmb(=!bV%}GBWH@HFXWq*GLep`j)_>lT8pOj<_RD7= zF76gqJWadA?s$5V2@#4%_k%zp;yR%R8av-x~j{E|+ zuR?;^lyL#tBsTV4cJG)}Hf@vC=ikx?J^!hP2hNWFA8<#ZMqiFGR#la)m~eRXh+bik zOe&nu1q_ojDe!rTQ0Ah%D^7ZzV$&fB+tq-7?fKXw+aMB?oikRkD`9<(#ossT(DA{& z?}l#NUNL7daB;<6>3L@G-N=zJ)mDF$;YAC+{!8CU#RRn3z9-*JmF~2*5j&QR?P*Tu zA2lBmk+@x2ln)(^paYMDSS1SMO+~m?Z(3qLlWFF>UlF~VpLzM6LWDw07z!vcbAZ!(4#*WY>To?(;|X?zGiKV3R`%Wj zzHi?p-xo8Yb;+%@ZjOXAw@4+sKXIWm;Pm0OjkBl1NXv~I?x&k;0VjZX_1+Lx4g@rMX>Jj?XPXoH8p|MZRw z^d`62l1kHos!J_0=5=#@c2#VcKd8blU#Ju9L4~cr?xIEWe>+uJb3b+0-JKiYm84xh zd0x`pU)+|AVn+K>kf&O1z^3(9Us1|)tGF-l6Z>i}0)I(*Ub{>l>&>&!iJBK7UNqFv z4?T&*)PZN=*Pc)X>ULF>cl^yD!f~YGaEN7x$)qH$7x|{<^DoO5@xs&BAI3S&R**a- zT<5+2wm7~0t&_N{%A$;Co7@>>gV(|RYRufbNU=q`ch;fMx80lOO7UXUWjRxMU(b;) z^I2!VK(4J?FlE1uEJ-6fi@pdsgC%h@=r%DzpPCPw2wa+5o$?;Ah7miShX6Z6@UM_t_@m??=49XqKqvIOmDOIto(mdzG zbF!VbZPN}=%}LU}N=6?6-zAB$W=wps!l*^X;p?oWdh>%ODJgo+z+Kv-IGbInzC0v0p6APco6|cin}|`n|x7?7cROB zHj5zT)|tL)NJ~{o%TKzm{{g*`aO<|JP3Ip~N41T6P(Ja3tV`2DZUBZQMVsVhK~Op7 z$4qZzYtuMd;+=9Ub)sCT!r~cVBT4sj!Q=`t{fTX|RcL2^2U>(*0xcv#u+uve%;Su= zN|6HC2Gj=%U$9xHi|!JT5ie; zeee012G|>)Al_K-?|ZUH3QYKXM%#*dZn(mMJ`9Y>O6lT%CZm%-z`bvtnzeZ z+9qRniKudxJtsMr>FQN4>hWfGvSpvdtg^6Fy%2J%{B{LV9vFJ51!tUeunX?}eNw)Bu>Px$ zpOHR`!A2s+s$}#`%YM{6;ufyIl0meatY8ZdnlS&Hf!o&G1}gH@&>0n*X=0ZzY&}~?jVbTqk4G6EYMlW2B4o7b)HsLOTc?Jx#H-BX`Bys zML>aA*>XQ<(q!#|e$c8^aneq9vgsbJ@)%PThASExPf+-sP_r>yH{e?V(@_UVPFYV9 zj=R1q=PU6;;qm(Nte=yE-Z&cXgIRniN1@zVms%Xd5z1v-hkB=$!oy!%>$@TYu4x9X zNeotJcg|zQAgY%!dpx>@pbhTFs73VRk!P0pm~$Jy%A_v6=1~AQUkTAeT5zSx1Mr*nMwQ}tphbR4eLbM>vFSHY%Ud#^hH5=W ztVM~C<^wBtsp;yVu-UbD=YUCLEI{0-qnd596)D6UVM%n_6IdUVUUyjk4vBKDsZ4*|K$K4{LgtP%yj8qWNjm zkWZSP&v`^rvpYwD+ll|}u_;Kgxj8m^DRo%KP<3Af_6(!mZy`Jur$onb2K=I+C=Esu zQ@gAsgIHoXCfjWvsD{Q+o_*^``z8(4WBZbzP7 z35wFcW~b2Qe%tBVDK-$e{erYYvoSPEmo?)-wN4lST@1{-)i#;4D;8!+`BjqCbS&~pbykpq9{4cl7m5-br6i@$N`J?e|ZwSM0Ej(PMx=S0f6ZI*`3|>FIn;BOxKSkWOq1fPaoP@ z>(4wYcPWq6p0?5oY#7jmES6jMIxO{qr&ZQG$nKqiN(s>URRe_|JyZR-e zAnE0M3q~cxIvs>Ta1sw$;RYD0t>y}Cw&agp+}zWZx_?FLLsfFs%0bxRSp^d%Sjo-f zzW%K1t*#yvurK=C+iWrXn;#dLW{Zr*7DDm_UDHm%(#kFld|*1|F;YC;xtfoWpSU#lS&Z z3za|`-Eawu(#%be@PAx88ok!G1m|3FQ`cy|XO#_V|A0K{#K+<6jXy*?YuP}@ zv}gc^k@2~udag-o)|X?+Q3lc>1_MQ(p0iiR(Ayc9$#(B=bTc~}dc+Ho&z7m1Kx>A! z0v0n&f$s0QG5KQ*bO;1OT8Wh$pFD^`2Lw~{YJQ@J!1#1v^RAHDaz$cPz}{p7-0Ep2 zDs3>DG_8KR#9Nia{LY3Wdz!3k#uQPm5Ggip>$ttmcbZFhE^LbSYrRA} zOY3cJAalD2hzKKc`ne|lUHqfo$`{2<1bUO|z4gC9^p#vgT_Bx)y`^$t-RKyJB}GK1 z4nKfDNJmic>*(^SKZ8|zM>SU2OMu0!o5**SW9pi|iY3}^XG^A@t_8zF^dA0uhR|Ab z=6mzINvQ@=myxMryIo3aUq7aN4C0_scTqhAW2xXj4X8_Xja7vQT7(`$Lr^93S86g) z_r>cc-H_aEQV-*5{&h6zLjPdKvEPkSC0w3ej)jFcJ(@-uy$C~js=T1$r z1EJkRAhf%2<4nrp4-JOG<9}!{)(~>~1l*P|{#}Q*)v1G#%LA7ZiQrFWB9z&XnTSh? z{2dRvj5=BF+YUq`z7iT%%XN*nwmDNJKBwmQ>7gF3VPNevL>u_{*K4pK$Hk zpc-hM<;f)+L8ExD~B2AeNA*845Ll* z9j}Dkrdw$N><6XhO)f>`jTSG{c$^i8U6o=jw+cggZU~u(+~Iz@FtQn+aaNOR@s>F} z56?m+C#DxJT*FY2^dlA}<+oTA`k%z2tp07^iepg32KdJD)LN}v%ki@4j8D}dMU|aO zC{@_w00w+j0*@~+HXIn;u_v73r>HMn?7WL|ykJ#Fa}x~EY{iSb)4)f*2n6u&y{{nM z#T;$(z#R~AWc7$kQ8Q~r1)ha&x`$?v(w=7ay9ymF$T1fndRSmF{Z2`Uu z#zfDFwsT2j;R%Yd2IXe6{U4#(H~^z9sppytQa;Zj#XUha+ohnZZpU z?ab?Qh~P;<-o$3$WU3`W_7K+Lrdly!A3w`{pC_2B-zsKs`r#qLM>AKSc*Q ztew9H!$#ZkXZuK^6S9w14EXlSJ)iYhsfxl)yk46Hx7yA_K#fUDf!yMI=Z6j*#qN~7&uza})Nkpcv-_MLEkyjfaIV*?nX&7w2q}NJfd?miH!ITfWKS+TvU9!t9 z_Fv-O|M?O6@jck5dY>^kWo3@H<+q4q@^+kt;!vW71dH7d6lUg`#$k&=NZP#IZV;^| zC^6U&X&)^wY9ps$zEWBGaoVbmcm5Iv+klCbU*%TUz!QgMeiW}zX=?mTU8Wfxie?wf2ja>sn}V)Ymb zVn?3tiaPd*vBT-R`^49k;{qiB1M!Hx{c$c|j}YB^a1j4j8bYp~eZ*#jHAtB3EbjMr z?EMF;&P;wejgYezb4(rGTT}-w$4l7dlwm3 zkoXjS+ITBUeGcW-;zWU5m9!`y^7)%Q!hl!2UrDX99pH$P&gB$8Pca8BM&(0?vvQ6V z7dCF-ip2Wz+d&lafAg9K5}P{zn%JZ+;$3;yB}3$}N(>>^=h~s6?wS;9R3FL~+7OSf zVbP@5F$;VF7gjayIh7;xl0lj3I&p4o^FIF-{VB@vux6%-%L)DET|0?x#_rG{>T z9BFJEJ?m2FM*czM6qU_9k%+qy`!Iu*0MS&_oA<|7`Agm5y1~!ptz@6On@U;7z%!3` zZ4*ziJ&h2;{R+z01LWHnZ6~|@y+%PvfD0K!04ObMapETi9V;;g(Vs0Utf)`0YOx@* zS#ps~A?9xov|EP>J!y$&qFx%S9iv)Q-KS0w%K*Gr^9=Y6KJM55Y()Ljd$&mNRR#(r zJf1|@F%%?J-dj+0M_b?})}EvAUG+)^T-jr%9Dr{G(HE0+8(O5L9ooBf2hBf18^)eJ7G zQ;3d=R+MR|ZH%Mp1*?U$wxFW;hj^qs_1WLTiuA7CE^lp@H4@%IX+L&!bv^rPimre< zuYI+QPo_cHV#pC#wEO@xLig4yqlNYDwRq6=Jct4SPWP$$CnqGH@$fksjr)2^1ck>? zww~2AO2b-OX|B4K_Tlt{9^%gLH?c9Fv8%IiHWDc7P(XN?=ZR^TP{X<0A8O48)Nn8^1A8}rj6;GwvE6N|G>vhiEy5wZf^Zhpu7mA!P z;y@j@LCOP4;hDQ(3(L)wO1vmV4 zd3tNRRI&i#_pvLh08(I0fd!m1lS2g1W4b0uj1wAI5ZkjA^hTYD8#Ys zSkbA7F!KDBn(;e9i~KJHEwpkY>bgE7udT)?miMC; zpm^CwOuw7CWE#kyyuT{&@%H@`X#xL-eL0Mva)&;0?$xKQ5V~skIfDQbZyXE18nO~9 zd}A(`(^#lWeK&Uk24Zb}>Ua%4n>H}oOs&JAh+g#*yu0<~BHpw3ps5oo)*HsH?&tM6 zILDidV2-O9{ngWl`3GAB>aZ57)F@OH{_wM+lrI>>8x8oHR}2GL`XOe`2A^Y;A4U9= zaq#7iqFOkV-UWa47l>q~dnDSf0t?Pk)N~d8>gE}EI&xoJ1{?hcs-!Oj@%`)t*gN)h zJC3%6Fk~lzy<doW4@W z(a@{TzJo;jlajT5iGl2eYCBNXfW>#cGxSX1tTMRbC|3pWpm9W(*i|1sRvwIie zPWe71dN>vW0ffufkNTk6R_~gdw?M$}8w0-1uQvC*Sm&{#Yd2cY)^hqCaYj@o&(hmDi7VD03>^ZA79EX|ai@1HILR#c zIcF>IaOIBjutD&d(*(aRN^^Nv%k{DZm;7ocSZGb0AK5VXQ_tBw-pf=HiX-+4G3P}& zf$BHyyCN?(pJLA4ZzQFu9*oFI8q-Qa<5%$fb_3_CU>)RE3k4V7?lZzBO&J+p3A6d+ zGOgnpC}MY)G4d7-ZBYVm<)Mb3&RWf<9|)D7)@}Z&ph|-8RjHow-quwBKu(c5c?pXF z-f2haIA$rWrn)_bsx~|W8TFKhl8`p@}U#vIpO3(?2FLyRB1qgX-Qw3ul?6um~Nqs1<;kw&vluxV^DOYp6Y8`WOeI*!C| zk%&e#i^d&yPJ0TZgwKt%%gQA1+>H6Ht5tOGx2{&aMk1w;D2s1h?!V;5hm zgWzU`)>oRgD0Z<(RS#MW!KF)M=N(!*Nf%IW7^HX^gvnf}5UZlYjcBnX(PDZbB(5$- ztIBN1%_rd<@m`F^dKNfRI0#`gLuQhp^og zH)mNB-U%4qsbk&fA@-@v1h$^8D}|}bb0urNY3!5WxK)xc@Wrg6=-y>ri>62TxHg)b z?S~%UC^i&)BYO^ln@MA zaBU>XA+7X04coB+1R_n%svTZ9%x(Ie~gOmz`bwicD=XuiQmL|8p> zCJruw%UzlT;4Q2B_Lsx=f7DloKh#%WNw`r{d@A{5E}K+b&Y0k-+@gr+Busq{M?~ZF zcKBQ;*8!@bZJeyKbpK>crQlo_x^141#1&5Nba^RA?(C@pkNc05UK}9L{w}4r3msNv z3iornvBbf7HaT=<4*u}id|F5OW{;c@PCYt5Rv0WX?_l(7t@Zf6q;TJk?vl84@+MpU!(^we0p+s_{{C%IXRa3|>sQoZ>plg+o#kcU9ObA#dvVc8 zdn{sq>UKS8+SHKxWlu}~=3jy+1s#(uN=I3#xXH6*Tmv^=;N#3OmCn$VglspaRt{6J zIg);>#yUPeuOBagrbOUfX(G#sN8cg0v@>eam#h_()pMNKoXzJ3-0suwwM1#gs9kYe z+z{>9jKFnX;l=q137X4I0V-XG1Teo0*iCkfB#_G@en}2+q z_iad-H)e&?;avOxAJ9`oQR%_FdO_+ci1EvGWwUGD916c+gxXd{Gq0>+M9=4P)kD4m5ZUNAvoZ_d zrvVswC9pb4KKq83at=N&N!Zp6CvT>Z=tmb7_uGt}hpCIT%8rY+?rJqG8uCc?<9A4= zq~l^Q>yaj#TQG;7GKsTN*5iPUKkN;#iInYx7RPLypq+h&0&a|Ppss}Qg|x@ zebpz41hf6`u9;=KTB5^`OsT<4o~3zc7ufRyr#de*(;l}9ya)lh^P%Q_U+Mw&%^WA* zZ!kuy%FGg*wE0QjeXrwIhB1`r7B2e&hQH~nFNe`d{cs#CgDEXkA18XL?Pz6B3CRxRIX(j&Yrx~Y}BJLnu1%hso`i9Z+J>);W-Am98&MUWvP{;px&hE z@?dQzzccH*jjG=FmLWLNaD4UDnMvC8pu$f3)|RWV>EsC>m*KqLfqFwlYM_N%wZM%C zFL=Q-Y-%|)hgis#4L1pNAxmsRvKHG(;_0ZBxu;5CpkzE+r*V=6Df_t8wY5ZUDJca zQ^QfgP9o&m5jiD@%Sq2SbBQgpx;1D?S8l!kh@4>qWi;J8346*`bwE}lDksGr?TW%=K_nQTFvXocx~?u;$Hyt`4L$)89H1oFNO zm+_jfaK+wd=ek!qXTOBEOA!FYZ+5sV_paO;sYYN))fU}P?{*>*E}u5+1bUA%O{#>$ zETyzc-F%S9!ubxt)G#;9S;b07PP zx0bS2Z%HDM*{PYtt^%1|>6Zr(+>B^1^x<;UYWu8KV0~ub2(4Hv$`gl`#Swmqn9_xl zFg02UQ3UPKr^S*g67lu%PfTuTNAWPu-jvYlVm7HQIu~M%5WAqi*wwTk{8aW*=cDl5 z{WvB>!y6-d>m{^4T$ENfrK*J3m(zx^laF88Yig3j9n0BKDi|>c1+odzpkup+_$bVL zbQ7L&7u8Zpt8|(v_P@Y*z6T;Erjn5ZyarrG+!FhoUZfK%b+N)_=@eUuvXn+cvcxmS z{5!;we=;k$J@yA;DjDEKWcLC8qx{Sp2by~q4GQUaxO?^ciqiY0ODyg+0rK|@p zxoN=Kkq?I^r;nc{pNY~vH@MR|(##`Mbm~Gk|2Z7jNqS#3v>+>rNl@|$QB4IOO}%;T z9VlzJt9PW2h_G>4KuPt5ah;9ig5}*hcP#{p!;KHO*m*E8xOV~ldH%zRD3IheDVqso z3!KK|x1^hjV0K^k&`65*jG6Q8oWudtX_PDfAgu-3iUa!-QwJdG^;*AvG-47f;{ z*zzYg$e2JsNXNrzr2*p?7h~Zq2hR0=lX1+9!T6Cv@X|cS-)tHd!1vmuv_=5-`yJY2 zVq6IEZe1P8{JVqT`u$PH^B>X3!)gE@q6gxjWrzDGC*9~T0e>IkoWFmX8Z#UjE$q0;KXzlcSne2D#q(OQRAS>tTWoUrXFO~grl(Xz}IE5QwRgdRD|c-bLcjKRiDoS za^W299mYK(BaPZqB%(bQs0n{oHQe384^~d=Z!1S#fO2Cfx3E2wcQAo~+tvS2PddJn za_Wi|oAqefY9W+sT83#=|7>iSW})X9quE7Ys}5|#4TtS7Q&$v*rJ(E?<@1O7VCf)3 zboCW>!_Z?uq%qt+ye0dkip0@9yEA7gnmIb7sWM@H8dn29LY8|BSHYg7hXkq=a>mlX zb340uLo20p{S*CO##iS|*^rYw?u+lZzfBs`hsmf87Q%A-9p7tkG}k|^41hp*A!v~E zIQqlFW!8**WQGz6Krx#)+`Xem#mThIg3!j=U1mv1c|821A=>$;hA2TB++tDa z%w8?AFHxzU%nN`$!w0{2t{CFxzICd?IFUe$&s$N@lx8XC!+y7YjhI3qx^;Z%4T>iD zD{CtBa%K>+J8}`Mn%jFFLci(h`~x+oR3nNij3nahk6vn$od}rViT>>8q;4ly_`b{| zeVZa6F9?w%t&lOz@ht4fURR01%JB)fhx;@HF*-KZ5DmZ<=M#GMf;zAdhaK^XZf|6k z^Sj_$;ez(2>9_tEahrP0_`!TER@-+gRi7D_*tIca9QEuew3e8tBq`|2LRi) z9iZ0o%yLu1zC%jffNxr2@f+|>XC!IK;2%SsET=Umoy;}xQ>(@ zX(i2~NlCx**94G|?GFY<2>u5&mel2UGNYVRRFgAez7|&|#nMNKubI43A~5SNY%Vj8 z+7Xq)=HR_NrdACftW`!Tha?)KJLQrut#%-$=(ao_HIk1ECeYiNJNY-d z_`T?b_1!HkdS9Y!b#~T}4#vDr@;)64n~BO9TYGQB#L?K)~Z1y5WQO5MwGl+e*|lU85*C7y$&= zZuBJ061d-X!6_mGG`bc~Sf_Dhw5aVu;3h$rJ6-R=NpG}2BWYPN=jWzqTUL|L;!rgNtMVuk1qbBh%M{(kPle66tA$cV-CG#6Sh+cMe|$pcn@B6TL!J2 zE?ba^)0)$SmeaqSvSF-IF?BL#h}PI&-6*^@wB9Kr-|5Fzz?q&YbaH;)Xa;ex;{AzW!y>JK z9Y9=FF+7Ilj#sPiS}K9}>wlaa|5MrWlJR22L}r=>Nl9+Id2-D;nTzZPnd?7EAn7Di z;RaKnwKY|5tYH|fys@!XSQ2$|nI}M~RTdE?`j!}d{VHS1Cfdt)#zgt%IqD@w)|fZY zJ6~bjgpS$pw>a0&6fO4)khK@KW}#Z`iBCUle#RSlfhlu<`^k266q?7A=!wdl+p~0? z943x{s0J?Sj?j)ZXE&Z{#>PW~UC;{CD(vMuWOq(>AUwl1yG%C#Rd%S*%+dU2fngS3 z2j5CF^4-=?QP?G(uT*DQ!K1c3P!=3Xg}bdDYsb%F8+bjZq)`jW}><8wUhUQVM_Y>Bw&b!->Z7O{2;9){Zm46tm)3CokXv_%(% zdpnDa^6G2*mV;nI8C+=F#=vj?+JN}Gzr(2gXcIRxZC#RQ+w9ik(xT9f4qPs@N3Ay? zV)d;gc|i>iwDt0|lJi+)y0}rqUVKVm|Ja+py ze_HGD9l~PSIkyi_WuYhzP33U8{>r*AR<;D`VaR@e9Db`RJ61G>ZQg&YY~4k8?IilR zhw-n;xr$@Y%Oi_JU$hSz7V8RO{ZD++=7o8V>mol`r+&5?95DF~F*xSvIRRk|Fo$7$ zGHHA)?a_-k^tFtccT2QRT1a}{)1{^Cyl`6JS?XMCIx%6Hn0&mwZPCNiZJQ9^>ql@$ z+_tRvSkO~>+_+jYJ0K@4`h|9}r2XF6dQqxquKQg(wc+4}$`7O#k!FP9nPDH)S;v{5 z-r1(|IYEUdZ6~2>R3o)d#qSTZ)=xdq-#)?v>K>C^Pfe|LBoFb~^S@rK{vY!{$N*>W zfqwI---}KZTgOaRI7dhm@i?yI?KU7q+nMDT`lf+Emh3W_jrr~~4BQ#^%~sU(1g)e! z^ZSh{O!m=2<>4ZORO>35*4M)%zC&`Y>kt80Xwql|!q%f%iLRNNu+nsMrjq3oHfA<9 z5urs9p*btlWYBs#%|8tgoYpzi-Uzd#+QOgQO9ng?XmzcC?Xcs<0{OE_UE*1?DrduS zH^IGqOT~RkbJZSZiN1w!G4NT69#&J<7`;|gmvOd=P!qblUE|Ptl~DiOm4f5&(Mer& z<3!tJ(=V;iDx|z`MN`YdA&I94m86>$juUms0s=rCA*=@mZF&rXCD&PwjQQ|rKhD`t zqhsUt*;pg4XG;@5PD=kg(X(<=o47MtFAaO*YRWbjH11xTx^-wVu`enMtSE9wE6VF& z$-Wk(6$Meyr+zbFZjQBWS_WuQgb7*!f4Ih^G9?t7p8+3{Nyf75G5udU_x~HO>@T}Q zWHw#fJwxr($9QUhJ!-_2F#|W%=~~Gi=-nDb`&kv*Avgzl^_0cIXX|b{9cFD++IgkFLvB_1=P47q`$Jyk$ z5!I`h&`w?kk1s7iZxihhv90p0B&$?5pwikn5qy=LUd3zJiea{Rqep7}5hs)U(15pUS^5r{?bmmM0P1jcVb7hg#z=Gqv}0X1??JQRQctfk z-u6)GMZ1vG!liHA;zZ#E7W#E%oF56pf%J#T7z}plhDbZsZ$Z`n>vzl&cni5kCGtxW zElbiGyFQeo%vfP^Lwrl-7HDcP(FtIuzUfYBcw7xO?!j`}wVC6e1w5k#%k?{L$a41i zMD7D?;k_mpr9^ImV9<`cAPY@U0S*sui8gIjsYkBSa_!$`Jw~+>UEh!AmnNGteO@@w z*O)TEj{brj**>M5@!`{V$O{LW&HEk4%&o_`wtJ_?M8xnG)?v?0^YPKQoAmJSkZID? zvnz$go(=Tdhm!{53p<);4&NcE!`U15vjhVh_@VRgB4t?hdctBAsEWRPRuuCltzf*o zaLp}Md6d`8-j>yF9q-_g>$05saz#-DVGBC-Z55t&$2F@@qoOugNq*$tA;0p2pn4C# znWdejCr10QSfKVg?)EXSSu8*BomHMx(o}?Dv8KY_A1;jV?5MN!RDy$)GVAF7^^^Je zbM`}&JT;tMMl;0v!_SGMu&=aTxr%(D+z{!XZsLmAaIp;XK)tG}W_Rm7Ve>lEU zCg%JgMriWK7$JL~`3Po7%m|L@fg=dy3VFm<*xen`DZGQ;89;v0T}O_KSKbOqVa)Nb zKXUZ{Xgh2EkoJ&JZ0A^XoZUYf_G!v3(+2nc$s_UwGcE4w%6_z%Od-OUjEh@mJ(y#k zvq`WQqN9^$NycmwR#jAbhp(=l4%YUR^=Q*{IgQNlkCE2yr#4jcwjY^{C;0U@dSJy% zrztm)*2$5MaGoYyYlxUzxGUgh;9{sSHOw*Nd3`B`_S57$nE(+^c#}j^25Or|iZe7R z#kxPJF|9Z^=vDg46d;=dU#8h3RAR}|LAPxX1`#egbo;8TpW)Oe3gdMQdSh-Tsh5GN zz5kJX>qpZZ@}S#kiIJCM>1iAXm*w!FJy(-%jvh^?tQK4#w~K$cZDptD4PGHR3q-?DrvH!?9bGgg7Zqd^T_o%>xUuH@ z&dKML$!?LPs9sABFAjs}FxiWnoXR!~1*$Ag^>U{cx0#?d)WT3b?r^qm)vAxz5B2WU z6zaBhWUELUbrDAo!Nii9i%D#6vu=8;H$@U^$OSRx)>!EF*T|%26=#J=G-~Qr{+T;K zqf&YfEd=yq6x7B8*3JB($-MD*NHhPmswW~Y!2W4UO9yr5K|F?_kne~;G3AY6dr(C! zuxIp(Sfiu)gLh>}lOXxYW6*;AM%lT$zRi{XB7|=B7BX3we02wFh3Vwk@SbG$LBXKC zRNjXnpt=*ul;IwvMUZEqzmUWQ#pl;@2RLB z-bHIoui+ibYjt{?8q}S#RJIBw{_Ae9Pq)IJKj)QCHHUOwCbj;b&% zHxZ)Q(>cDvK$px-mt4VHRs+hCGc0JP6%?-=ivpPQC=_1~<|WRORTz0$IV}*+*@8Nz zts*jM`tCOcK{)@NTgZTIUKdy;|Ca^Q{Wng|e)0AZEICbdy40kBMpQ@ z(0Ge1zMBEq2E{4d7eO?`HfS;XiyaGQ53f_ooM}Q3)%e%1l^5&feQ6>v+FMb9a}b>% zxbUD@apG zxREkRS9wB|$VCVSCu*)Rorafb4k>yODdT&lKYSD=!EB@ca_%ah-x40@+&;C_pkR!r;QDw$GEuch!ryw#tjp#}B!+Smt$dS<1yBcx5; zb(3nhRWNxNfFyLJoL?IKGrDw`1b6s!jjDsI8({42C#4MIzc^!9@JHrzDvk<2O&RBd z4u-be7deuGp*znPTB98;j%T77h;?=so!Ut1TOQ=`B5R8XU~+cs%g5@K&ssw+pMNn_ z{w+;Bca$^QJzpzWifz1r87p=)14-J4qU^3cSXU%27f{J9eX>9-++opfe|uPTIvit( zca|1`ll2PsTVWQ8{$rA{Mp}!O{{E0%ntU^+Lcfz+D-|Ek#)i^tNJohn&GE56VK*6u z-H-I)%^`pG;Y5BWU%6@cmZrqiq4Px{5^6dcLC!vD86ffM$tD0AoV=l)_4{fr;`W(6gda1raU6{wy|`&pKPb-V-R+_i=G<(v zn=^gt`1A{l(t^|{LlS=SZ-sUa?6xIhWZ9FkaM7X2EKjd6(}AOrk(1ISNdo z#U4*=ewak#&@UPoU=In~bYIP;C&^`Zl+VTb2$oW+0@yil41BlT{|~7I>FNy@5M#1RwL!|?g)3M7ip?S{$!Dz)|lMr---C@ z3eUz!bwWM2c^TkGm}%Xd_QZlq7&y5-%8xnysxWSHnSlIS68GWjIiof27f`S*k-4%2 z{y)`S@%@#yFpl4H>xlMq;`Z=L&eNgd`8dO)+Ftj?slDAzHQnL6p7DjJw*+&Gww}!i zQ1_j1h7-M9_2_qV;>}#T(BTjxAm@p})7IWYdyku-U309**=l>d2b{pU#2I7ty}hHH z7m)!lrK%-5qBM27vfYDZ1*?+9GLF0y;AYw#F;)ducsux4%e&8vEp*M>mItVo_^vq7 z1T9-s0YF+TG4&=>w3;c3)oA`}In7T`4Z=|w&@k(JI$zdt7u*W6`*Pc zi~#r-`s7{2pAUt4)@?aziOS5>qAdwfs;ptEkMk;Q(^QsS%41TO9{ja)E!)HX|xeT=_dBjKX-=?3!58F*AhBgkBXoA7j(8pD8P{Xcg%4% zhs`er5aOYlj%3H|5AHZV8=6_rJJ8$aoCldgCITMI3YIB>gM2c zM5*n*B=&zHQVHD!st=#K6)73HF^FU+O#S~_N&oHJuOs{RgEt`Pa^h2Xg*NCetJg#~ z_I;n(&Zx#I4aPj8ds&pq%sH3iz}?2J;lquyuc9+7OwPVk;F#fBT{~4vm(v>1(*Nd= zs9GRW4Uo3GM#$Iwt3Z6{O+`dz*sBcZxM5ma3Cz}uv({}b=x!H8%%rLCO*}|NgB$j0 zO=_SNa=R#oe5&Gsf-lJD3>Kn@$+22CWdiM4u1yB#%ROxt!X!1IHYz}&j~p9LHh z3nQVP?W{>ixt507VNIPzBugW*Uh?OyFA#6ZH@ylba_%9=BXyw<5+9;95XyOQ`Ei|5;FU=4&~yj! zZ&BCvK2*t0o2{b6s&Z)mL*O><*I8j~VigZwI**@dzbmYFW)#wWAV@ucH$ zTX;uhx_*e!0A(^pH=1qG^4`w!cSseZ;Jo_DP|vXFl9jts0g(n{6_`@oa)F)CC|*}~ zvs=eGs9-x{k2F^6uRU?rka%*{u=eH0dOknM+1iEK`2s=JKFbpIev=$Hth(+gTpUEA zuZUiB=kwuHQnc#JDj)jjt~9wp70uN+ds9t1QTo2NA(C)7*ee1i$Zhlft~mRz&*%5x z9%#!AN15ak-p-rqNp`e4rVhuFp)VBbMrjeT!Zl0(G;qQ(eFq=PZ%$eK{sviL!C?^n zC0oS1I)J+Njf~vp;uw^{LQt8=0-WjcV#OH;N?J4>Oe4eQWMk-FE2kIQ_ z0nfr8evlJ#{TQg?HObIgPmfr%5}SLLS-xo=8*f6F>btZ4A@Evf)R}F?xBAOT_zgDM zUSew(66RsaYR78TTrSCtV;TgP%e^2dUm)DS**yoLk4=t0*;{hep5Vnzw1wf?=ik*R zudOHvIu{c-fOuH@&v@8)_jx=Fd9rqWx^a4>Y0_Ub?F)U3#8hro_^=@2T}pCnKMVUZIk| z3BhmUrgfzBz2OZO(g0XU6z9M(r5=RQlGUjiSV;G)lt(->%Cy3kzto*4kp6ovT7)u9 zGpRS_wMxHyi~*;dQ5p^U+RYc`Vh0cfAQ2EJx6%6I74u6hGqsL;U8{Zb#BDTuL^MeS zLR1sS3z_!v4IQ$3F;sV5YifdX8r7+YWxn=lY_C*!2Cmc!v~~AE@of=wKs;lpNhYCm zI6AeO@PO;;yJSbVYK$HplnTYp9uhUcf%2Tdn}{7BFAcDDvpS=2Z}H>A|gTr5`g2 zp)|`AcVnHUcdRwsID_3B>%TK@$)`i8hkGG~EF?@l_nMZcuw8GnM8aGYh z(s`?-HH6dR38o@;%-RzLs5iQErw<*Ll=40jjz(v9k?pn+J95*bqf_LPf>=GFsf%XB z2b@b2iJv|eR|ZI4yVm3Jpr_00K@WeIdDojoE!r@&jhHsrpcZG86axZ|YK+j22)P!S zbk&ATkQpP_?xwmLo;Cttn9uOqdX^Qfj`U(v&r?>hn? zqy3Sv`b&r=?N6ba|2!@`VVX8uzrrU;2zTcN2Mw|6SKj0gu%p{aZa7e|u|43)7l)an zH?{>&zZNXvz~6^4el2?Ekb`!+=OM8HAqg?fJX(dWpM^kQIwE}G{OeBf#6V%3K{7$o zt`teHt&PNuo5o|{sM^#V-edBvSB$ZRe$^qq>*=Ileq;8=R8X<&EVtb$w@D3di8<$m z%4d}kcRqb0^9=Cbick#`qO}gKW{mm07(%d_#t0}*alH&u&`~+0^Jf$}I>F$@vCKk0 zV*7cQPV%$tV7JNfV@AZ_VQti-`CkNxg{{|IFx4ObEb}4%v^dai=1uimyZlvxk`Sk6 zR8Q>|tv;O)c?hlu9`Uyb#}@(=n=$>DIkfRix9*9VpPiNfR0xLb$H2OsZ(dCa)3*V{ zIY&gG+XKu(^{&;35r@W=f-YOYe zeFOI8wi^R>$<3je9dkGN)i{?zL%-61Ec-Lq{6?pj zafvbz7`C;wL3cQCY)blz`J$yX|EJlLUuefFSa1&nfWC=nTM{ib!>>_mocr-{9mSj7 zA8OfLmcSBiy!)+yPhDMiH(kEAu|wdXgBe18ZvmCYPhRtBqcPweHlMEddQ`C7_bK4q zviq>P5H$g3*%Sb$nKr-H`e0qt3jYvhk$8irMe4bDuqRfZu&QQbNqT6=y?8M5oZy7( zhSO#kCF=KKYAOQife)k0Y{Oji`K4{QuSnS_|8e@}^^}f5iVMoqL8#md=iAJRlevdG zJK6#1-g`yz%>vI#)sYC~%0m@!znuL;Vh`0(Xj3{TU60%7SU4_rlOv{`?Lo&#+ei|w zv{S1`lW*~@#J5hFhM#(GNinK8JR{Xufr8^E%C#xL>b|}|1xe=s3BB{G{ZCEIS{UzZ z?($gY58ehShu+nTdHe)$bXRIm4Q7ow`++ZuadiJHa#wtWp%(upryvl`cS_O;&3TcdoV`0OK7rv z9mL`g`!pOOF(fv6aV#b*FTX>!1o@#OEg(bl7cyMDhU>30H2*NsCP18#Vi0uQgw6pg zz?Uv?3c{DL#GZ;F_S}5e^2*q)xHK_^K#jH7r{Z;w0Xof*0(S}{|8gziw<9d~xVpVy z%z9OOve%70H`|WO7c*{i)6|a3vAN8?EOB0zjB!{xC0beu7jRlLafPxwPkI(r8&0-s z#;jJ+8D^=8I?v*Wu24VTrupDyQDOB+|3(Ns1J8}HrkwW)|I$w#_{E(@u4$_^DhQ$J zTC04-Nd4A#KCYxmGC9A34msR@ZkxaJ+sO5gDI7a3@=e3F&}(W^J!+5N@6I7)df3~*}v=(gS| zYV>NmfZh(loYi1Gvysw^a@zgUp26p*b{>Ym4_aBL#tOHHh_&%!v_Zpg8Im0w1UQd1 ztCX~uJ_M^2KVj&Yq-%P_m|SpA=5o)&)?7WXJkriSFA3n6pY;`EkgUf0kG|o4?k79E zmZTs36~8@4S5d|l_pqv_@6i4bpZs}_8aJ%t_%v?&+v4inNDIJ8wz%B}m#Q(f$nnIBn! z2L3klmb&Rq9XgN3oDsqBuJ*I?+!{srs$iUqvSs{2l_Mgnm^Di@;QMLU}Onv;JG;8BRYoF#*kiT16MQ!^M*GLL3H?gzzTx_t0ll9E;Xho|Q* z8xPezj`k(4GLWPhj_YR!Ntz#;adMPqJDa|@o32|crH3`OELF1$g+T{`j+CpeJ-z%y zxs_+@^4WuK#+##|d<_u-p_#d?)LftYqDHWL2FM}z@ZPl(qlTviwd6YwIVOIG&@EO_ zaJz9pd0`wi>$%&O4yO-6X*#swXKDHe*OP+lcU(^l1!v24X^hnt?iTR^t)RXb)jlvD zb5?te^uWb_wo_L72n2L#NKfz z67altX${UWyR(yur(O`3#&>TkI{q0t2^-IkP^TC{$57SIJ2%RmN+f?a_c(+<*-d$q zik6Qh5R_vhhmTu^1Kh;lndOs?^8)$W`(_i!9c*0@w1FNi8Gh&1Cs@rOk(n&65XU|~ zG9vNncJsr8A|c`H3Z#D=AwSTIa*nz!3uZ+@UNx593$kWb;al%8L8-!WVr@@R#n;^> zaBW`FN|{Hq!wRKg3-{i*!qm`!)povzV%qphTrQ6_cZZ7EooX#)*6=K9$@=%R0IMgg z1y*cm;)`fva~q6#=8QrciFp;x18PIL*TN6t)H!d;k$7*D`zGnQeL{y`5$X~xaGDS) z)f8+PS`hBPuKR)(^Vy9MzI!C-rti3EQ*63YxGToHL-D4M`_@2I8Hwc`U?t9UsjUn* zI9*seauL0w-fNnuo@>MF@)Xl{kCyfPU3V z(si2g0G3GGZXAdB6k_$&>Z7{cv(C>-GQb?71lH5{6DBe53J`9>8BXz}c!X-rW^PYk46a73 zVG}%HyK#I74}U&&Y3V*xcxw5S`t#D2PRn;DmrCjGkB^9kLMRY&x!(`RKqbL33h~?x^+?!p@pF|0i*GQ}R5M+H>t7U15{_ zco*{{Mho1j=;Iy877=}l3_X34-OL9Ny)adXQRV3xFRq9omi2kbVNi)&BS;$5Ut!k= zhEbSNDw^pr#B99e1T+ysD<-dGKXAB{jKU9Eh7~^e%WQ@QYd2qw3ECrs+frRLq6Iw! z{{nOpzECdJjmKGIrj&$9%WC>YxA5cjc!))W+PMuEQI;dnwb(#lI(aSHj+q^vW1fYa zw6=gO{HD1n7z_$k1k99e?W^A*f~gbEJ(n0*5;2*z*Q)i-w2ctkPqKv_%yW$eXv!3Z zb4dM#pc#eh|!zn`imh$J0G^+m&Zn~?P(8B*bFy=lCf5i zD_ySVxsrR&f4W**6W1;m(@40D%_=7{B=qxx9-5Gagm0N(+(^BlG~!SaJ;1&pL%h6G ztpP5LLEISr8r$Hs&&K~k(e5Pal3Glz%IIC*XE9NPeO(WkF)fJ0q#u!oUEggni_Ndj zXP~NAj&lV5@6)z<1ybek{9L35F|5l5fD6J>APc4!x;><@Wma@aL(cq!0VC`0(Sx=|lVQP8k~B zpjBr2jp4vZ^cX6Cdku)DkePU*sTT&-Qqc%c3#40;w0V=r&)yPGLRk)G5KuahEMPoY zaBm{pgqxdtRdt|If-!}1=bR4J7t3}nDqGe@rWjmx5ZfPv!OG$JmzDE-VuEdWEJrum zgLZyMJ9)|_`&p4*D3x8;jLES4Ahph>$=-|Cn$>Md#_0<^ANRhK!@`+v4NN8!t?nA7ZuJA#d5Qes$FWEcDNNj+p!z zTlKs~&m(!1NQk*8o zL^nSwqU={ilVg@>gt@25>S1D;efZzL``aZ^wINMgp^b)n8&zzROK>bel+|P&42jWr zJuA4uQpLuvLaxkT;N&kiR7y8@01LmssN&bAhsyWx&8(N$#ktv#Az_o%X<;>xHBABg ze}I5CZe4=0;vQs!`7H+c*@SCnzwlgVLRKaixjcueeqK#Y_`QA&Fri*0CBrNEW{K-> zH>=)A3%YatmrLmH?ey|#Nd_}($?8EJ*v@ZZ-9H$m1GLm&{7_u}gR*5p_A_ zSA=dHS-JS|`l=2#N+isywN}8-P`6wXpSH;7vphQ;DJ+rS;C@pXm64Q9Yti!3(V3QTe_gY}-k>)0h^q+9xN07M z0EepAtAAmV{1{eYF+PIrg}N~Bbo!Tlf)pU?FH$y9V(ba{_En77;{ndsoTsTs0$Nrb z9;|^&h%fdqB-p!TON@4(FVQ>YYS3b4U^4d>zy8Q7Kx(VZ75ctZbroLgGN-FO)}d4f7i=$ z`n8m#q|LAg-DcKy{HV9vBLx}{= z@uyCmgrqQJQ9Y4Bs_gf+#yuFjKr7u=q2JOjx3qM?JhL>(6FWF0Br?JUKf;-uG+QGo zI2cemWZ&zl4uM+j&*CiOu8f!=f-GrFOIR_JNz_lEIi<^SBguyIK<4#8g(&n}_ z_>#DMz=Uq_HLP!O;#zq{DbZ0$dxi;}IFTbw9G@c!sR0qK4QoAQmR1i&y4>h--D*_( zM8^Jg52;{r;rLUT+G;)lld0{ce<{&mqSTm~nnwCk#(d2K_rF(KJ)KL16N@50qPwgC*P5FgNK} zM6{mq`Pv7{%ivX-IaNw-AgW?hu!{t&$MSO~ZkwoF^;m3`z7jHJ-La4`z4kXRvM4_= zN0p8#w%s_gh6-I0cPy=tzS5-(j1hrv$OqoPUjx6ZRl%TwV5@j(Y3y4W4$0W%7V#|v zDwKDhJQY~#!B!DOmmW&UIv5ANnpI-HrY!Roei4Kl8+oGeaF>oBV1}rEen=^b+DYp@ zNx}LlT4M;7W~xS4=dV~CJJK_Lmo2}J-V7JSRDGL`z|S7EY<2YRtV#*O>>MAFsg7|8 zc@gPP#k8P7rW_z!yw#ZuU@r8h;U&I##cUe(c3t#PebDpeS=4bKPY`2yT*HxeKpH3_ zDzm{l+&~dg*8o{WY(Fm|hUG_HvW|1;9|5i)t3SAc@Ku!>yJHdu`4a{OQ@@qhP!UO2 zTK^^sVi`8-jR4hM?{kCOe{Vzo;y3*xo;s|Z7&iQ~$A2sQ(Jy-Zg`DZ&RE2R}ijdLW zQAtixyE}yXrEkbZ>4nS5b^8}t+hyC9d0~67|7LC>5Y#siEA;+y`f7U{*|#S$E}F5O zgS#Mfii+6dEow%4h05wYd3+{zg|y(qH7 ztscm082qBh&xkd+pn43qlYCqwszh~J2DiFv0*oc)p2g{a>+H2R|2jGWGIQW^GC@1Q zek;;k(-0P;YFLs)u`e17eC1md86Fn3H>9R@aj&@I*NR*NuUtPQ4H`;VXXiw=j^2OmZ`by?yqooSBn%S5A zO}h4(>y5<+ap}w7m^`bjOO(w$r`0L67=yn<(6ll;ZnKrf-x6-3L9{)!t-@(d)j|1H zb&=zx>9w@e)s!yN)Xz(eGdVLvJZ&XSzXswPeWajDPo`5E~Oc-R0#5GOMGA|p-ghaKbmyHsc89_ux{#o zM|sNgd)QY6t5}zWT7>E;SXyUr&>M#Onx_MRfLg)6Zjkxu?Z8s6C&nVyogw75A#vo& zRPRldEArtQOI&PY-L~6eBVd#c^$iKVcU_mAP4C-H0cQtoye{Mtq7tAX$RH~Acia>d z?mwFt?#%fzaZtNbiY~QLUAU*1-9d>^|FgG@@hASXtvPuN@j6AEc9*?_5ev4UJmc!# z*-N2tZ(vb7(sbXoY-wK?q`O3>|FLTGV_Z;^$nQkeHU05Wv?$@*%o@}Y&Cty$&Xsr2 zJKe7M(NVaUY)h10Ep@*tf3xyA_i45kG=`veEEH9E^YJZhEXh3zanYX4@eTpETb?$p zv2$G7Iisv8l0Wa2`QTn@uo`I{8O4V8kPVNZxSelue$;%{uCf{{B4`po zDCf|g6xsU3$BCq_*=}35aFbcwQC(26ACVo|+8)qwf;ajIxq@6zcDK2Y81t((!bexg z6-=;ejnQwYPL`3NKn^pZ2` zr#XaamRNx=1UrZ7GNV|2%Fq?Mh&^=` z7o&%xb^Mo8jdp6GI7k^{?L3H`a@uI)2OW4i0vX~-X?XW~JB8wRNLWEj(x`*C30kmz zxr%#CVmCL0qR%=?jC_g`Lc5(J5Cm4vl9FR$?e3SQw|<%aQgWe%wT?>@g~%AEfyIBX z#J{L${it#g3>a&%50t>I4IQWlc8W_ll4lNsO9<-ZoQW^j&EbAJZ!VZ1n+vS@{$S<6 z^zBd0zpfTQdD55L`kgp;YleOb=SIFZO?yGefxB58DV+OlcA)VOvjgmHf2pIHXO}4HwM%wdq3*~IL+w1EtHpi|VII!GJBjxY zFH{%gwBAwHeD8G2xWpOePW2QvSkl%u_66(*>Y$lL{7)+8H_mumOZRyp*u z{BFhGHby?24EsWW{RW$rv-UG1UcRTKP^{&9?<3jd*ktd$_tx)4pU-vG^%>Xa`u_gtmN<3m#_POauh;YOc-$Y| zqngw=LP2XmTwa~e+i`<&Tvt@Bq7omD92C9xjf8C%Yw0CoEUJ;K_<@!VO(>sg$zYW% zLcUw|Q8D!H?`!U78Go$Tc^vsLVi+6cSY$>)%w`*^Eou`XO})iez$;0gXXM1qAV(cB z+%Gc^w!muUsOBMpZyuY z|2N!rqiAJ&SM>Tg3c4;w@g{wVq|n$@^y0M%W(_xs2B}eX`vea1K(h&u$zc?QEhUe* z1tYC6)feX@oSBY}L~r3i@m(&uaqPtsv00#j@oM`6v!bF6mB?I%$Ihe8>2b=*GE!sHVW?MwT1wHF zB$0SW>9qX!jvGMe}+ zp?XfJ%Z;^Ihd{QZBvqCpOMFIBNU4>Q%8E9zU5^Xfe=v%|K{33OacBUhfW;`f zM4PW(a^mEu{S4O+T$a>FcdhjXL3||j_xK0~^;vvmk*arF@S+5UUmv59n%3fA;D@NY zn>IyPC_El}=)wZLgemP#DK}(xvx6)sS{d)MvZ`r7!YHZ9u0X&HD`JdVpVL!=uH(Zo zjt-b$+3&a>lC9w=;#Uu9B_C(3oznJqnvBl0DJlS*>EN7vS=6lEvBJN(MRalas?;gd zt0MzrL=Bh3=+3kiiNrr!DgW^~)K6WNCe%^Y1EX}FMRAPpB(4eEdF6|o@kkjD^KwTQ zYGSTf_d%rU4T9iVDhQrY{2n|DM%^TGOU^}gqPB_r^PyP3dc9pL$%>dqgwlQh+5h}&H|M~>e0Q5DQXw>Y00p!9?%5?|4ULfoxc z&}B_SUh&;@PZ=N=yJWG0Ls@)nbD)-)+OyOFBiQwY1aaHF33%*+fN^e>Yi_^ttQMc1 zg3`w2a5>R|Ljgo^d(-U4GkyEP?>g@9zvnEtTFhoS77scUmRv7cZz%iRL`<7VOcn7N z9)*Yg{xbD%3<%Qj;iqt;hVCN8ViA3C4^GA}L2#IHKG(qOVq%-oj6hOwzgn$q&;0n{lqtm4qXCKUURz)WbxGtX4s1-~9$-(!3d5s%eGg>nP zQ)f#cF*z<)SQF(g=Qnj{1deRI{dWlQU~7gjg*8d0lBdb{-aqV5Qw6 z1bOK*S-jX8%XaqnmWSL8v2RUHP^u5asNOa3On&JH8&dUFIbUK_;LBMj85i*AM53r$ z-a)R1MUf*Vu~;>1yFe*W{z~WJc`1;G>%Pw9^Yv8(4d?{Q1Bb=BPL0#M>qUEh1BMY6 z4RP#xqr11UZN1p=(8j~Q0qz*(vrqIfsoY%=FMHqhixu&#E8jaCOaLFBb%eo0bk45z2j3hE~g^YDCGDv9A-baaq_9$v_Iv7QC__@worV zjfFmXwMZ3u2^0w`ESCFeuA44PNFH6#g&Oxr#Ae!SCd9D6cLzkX)zzR49(`G}2~ORe z=G6i#Kv~h8`yUIj@gZjq=|4($W`!a3#pTB~1I{hIG#B6CC=3uV-G=1NVTmxe1tsFL zS!)o~$!jR&@~FxWtdX5rB5eBq-UJx4&Gqun0PhU^6|G?T{Jy zG=n=*C-II3lPq=}g}4R^HV=C(D}_!b>_O$}V&s_fy_OO*oEB$jbAvcRpGND19DZ(u z1DXeUuLi~ntDX5b$koD7LcWbg;jL@dPD&Yif-esY2Ua#=b9)7G{kcA;Y;z%7G@0Ka z*G}~JsJxO&_~a%m6lNT2{$xHG)Qso;CFF^Cz5LDdwqv6{a)P-C2l5$S7$XumHJuH z0Ec}%LL8%?MrY&;{db7Vu^>}Eh_jlCAxPGfID$9?ZuPn4XAueQ+OX4Y)}0(1eiENf zxxm6FI%%O=#}?HCe>aI!MkyD?u@uM*x^KCmYifl`N_8#r=WFM1?;u9L=E1eyqMK*f zYLIC?IK$G+@?QA;;rl=Qekq5^sGwAGg*NI^H?P6#mQPJJHDud&Dxj6Z$<8rq`Wrzd z1D1pl8Q3W=A`#%jyQ(GW^G*>fi2cCQ*+aIFP4ZgSV;R7HX*P>o}> z(V<}HDJ@qY{e*oT69^1*sGdgN?A7TcBPYn1#JLO-aOy(}CCjhN|e%RBU*$6DimJ*6pLpP40cNn5D5XBP=O-F zt7!x#$L&_(qdHz&T$b;@An?N`3q?2Xq+ncc^)!8l6Y}O7(KuX8V%w04pmpC{tB3Pw zwyXzE@<8oP;Psh0T&UAcO#6ce&*2V?U5e;o5I(StS^xs(`GJQ$ z)-CVfej#=#R$E7@WtzJ++>!&g<1C$>z8pqXM#vcF0Z6^uQiUIY)GNr!b;HkMMD&Ry zKpdjf+Q~@lcQB-6^r;BLe)u~A#EpP*`l+*by(_%zn#QnHs9GXcR8%V<#G-fxpP&%a zlILl~e~BYEtEisQ$r|ur?$|ml(72vPpf30oNPs0OYrO-m?{&^pVF92DYxiPkw7#jk zlK-L+HMQXKK!P~kp)R+Wu|0Ip5rsQ3~g(r<@*Q7V) zP_xKTG;s(zrLWW3OoMmQlnlZ>GlR_7xezTN=jD*RPvz(r?-!**{%XXW*lUp`5q7i0=zh(FSDrcH>u# z&1$&yEp2EUkI!et{J=WF&#_KFJCbn};gX{D16k|{w!p48THRQ8bL8;m)qSg7iw7+# zB%C0dSKLZH+nGlEFovfB+g(*_I=`FJSyl3b=*22;8vg7`Bz{} z69mReU;KNP?08qcc1dwG+Ax2|-JNjMWfe|En0nLp=GVU5<9jQMr_vccrWB0DT^4EG zd<2&VG}!gbW_i=gP#ovNHt{OOSX`Qhnn3oHKEBAM&ttdMu+x<)7tbf%Pe#NEhz~%v ziv#=BALgO|{bCNjKfffI!hcCJG5LR#eH{KqE9Q18v^U^oZ}+^DbqKa|A?3Tob>v4P zbVJP{+55IaO;=-c9|c#}$(<8*n6vghL{3tTmvC3ItP?mM$=djmU3d`T?d{o>N1wXB z7RX!}Aoodz0P!Ius`bf_=AZPuso=zGvg}$OeUa|;Oiy5JC#s7%^GFPltG@lX2g%3z z3#Y_ZAYW@d3(RlF+$qjc90^~X!ZdU^bP-{;(=58Ax4B8z=8OeJ&Rp$mf7<^;Pg3gA zB_*e{Yi4xf=o$xg)8bjFH=!wa!anB;JJ)Xvudn-)!iJZ02TMK`EGuCDL91D9!6xK9p9jLK8CkiiZmWc?jKTFOS zx;&H?@Tkl8vbOg9`WpH@;psUij2Es(oGGKXyZG1wFkY_cl_M}w7x(Tu-JtvYw&Uch zWg~(`#DQ<^6)56y_FtCEl&gOB(B|V{n3tW;&1hQcaf4VDQPYhp$!X+f$L+9a(Sw7x z3^b3#N=wo=bNy!bqQ@&=!~a6e@}IIOadf>$efGflVV_FcxDP5e`}5QSEZf)HjEPfSr`>!N+jgJ+eOA@U})IeKrwu91GYh3!IuuAp`Zkk}4fV%SNi!|03vxPFI zAYr$f(RLTSQb@KxttO{c6~!?No|NQ{q}$au&`D(-R+yITS%B$|&PWNo%0CK$j_`e= zQ)kc7wqWAMdu%U4W)VlhCk-)9&@*N*rc25P&77?Xa-F;Sh$9&bjdSRsNPgO zY5w$X;7uH^U5}ith}2;zEiEN%7lo_M0)g(XC=o$Fd{q*CAAzqbyK4j~B|;=0QMS<^ z)~IdQeW#>fsl$ziN;G+}KF73^8w5XnT25yq45?a$WNo~+49GSCp={ylK^b8mddhrhvG4?8_S(k^eqk)Sr zBok@&Sj8b^u!2x1DkZjjhO-!N1@j6s=J5Sg!=lTBv7Ezb(^uw`!@_zz9^&*SnTYK( z9sI{51Z`HYnEY%_`3OZg&GbtoasEia5=k2>23I-EgO%5 z$UfF;#FhKgiYr=O^zuam!2N$>V)jAi&xW@w`3;I-QDl=Ha$P!v__GiSRmPUUqn zP8?w-hw8djJDmd*mn{w?CxY#Uu>-HM(HkC%Bso7DxV8S~vP;I)HPh(F+bv;l-)yEc zh*R3vjK%h6h^=C&<$9-{G9NkRj;+Suxz)f)X3e!5-8Y5<2GZTDd;T#--YTSOYsac? z<(v_$L-_t4-FLAQS3-zUBaoNK$aH4|LWqleB1}&43$>Vf;EknFvv(U6vrdf|vq+2) zeq3lq;>M?5Ju^Y#A*N*0mLaC6udmHs5UP2=!Wv0TzST@=!O-V+{VjFXdeO0ZZ|Gpd zT>-OK-Vr6Xc;-eQkRI~h%4TBw%n4htTA1JL1E-AEcUJC#5v_Bl%wY{+WIG+d{twkD#(R6gw&#g+|XZT8;Ae3+<48#B$z8U1kEgh!Um%Cbq6yI~leigJ}~8n<%J zzr<#e|E91Ap11k?m8aFy^v(n`pBdx)#qh5PAyFvD1Gltuc#i~ki&nR*>p_Ll&e2Kt zm(0n`qUdT^rVe^_TNg+h?Nx+5*;i-k2oO(@;79E=?~ zzuYai<5C;4yTS^qC{z`uI!3WJ*+=kSHv`r;|I zZp=W4b$Fd>&|(XUe&8G}ZQ1n9VTiYd)rw)&y7JLt$AdZ<%jSGz-wxrL8n@69d`DC# zXnKk>+w7E_jGS79w?tPQ$d_XwvELq3w0 zcSuz!r>`VaQR7~M1lr` zjGGF(9cv*d#S^b4WNn56V=qW>a#|*yX01CEe~0Yu9pl+|>5}IeKjq|uL;itU$UeRhIdP^ z^NOayb0)L$k{1xqzJ!Z4IB}DqH4>A4auK}8Yt!cN)V&}=sd&jfXU?5*(OQ3$Sd95< zwX{ymcgRR_$u?CFACYC`>M@mLdD|-$C*?2gm}nDEE@4ZedZEkWp$1lg@AdqR6~O?e z5*@gd$qnS?yo(ZBWCoO!bN!&j)!z-l?k8S+BOa^JorkR^tvtazLi4E*sVCZ9!_ZyD_xH8ELgUDHT%Vm*VrnW|h$(-0@{4WU4Dw8mw*L|H+hw$(f@fn?WQ zv5%)+_xSMP_OMrUxp@GBx7EDxx#Z_z*vr`5kKE(&X7AzHa>a^8?qE}7W|qOzKwn>t zT<@E4uh^;9*h73cvsm~1-H+n`|7%)4)!rmunjP>6M&Qw=s;(LrNM^0?AAgK{Jra1% zr7i+C46CN%vHYE91REUl8iV}Wty$X|1#i2v0fO$E`SMc}_%n--0X+%xyy0NrxXf56 zh_~<2q7j0x)##pa;i0Qx>;c5nD?dNvjW5*)qCuPL#GH)%CJ{3lKOY8FvHWMGsX?zx z-=OPpNyd6MO;HDnSpyKARhyV!?OJQafLrXVhymY}+EY@0o`7-a7;v7J>qB0X8F zCTl^WBL2Atg#dosLTmCzXaHzuWq)${6Ni=5;)hC(;eF~Ttc22V$ zyT3gSGF>);DpMG78{$4iayXhUu7Sj_#u@8`-u^TaW-&FL(9~bKhcMpL;#XPPTy9Mc z4*Yl0Vn59>o`oO`1JZde8ducMGqvZaYL6KD_Owxfnhg1>}KSa~sS@siN zl(tX+{}^>VKcFMqzH=b=WIt_aQ z(%+m-X*#!4t->rC22xOsvDf;YT6@U0yfkubcB=VFNQCWLD~6`ak58wf2PSRQdpwZ* z5qk+)3-gFAyE<*!o}y`A(qa%XwV58&NCOemab0(Q$p%>#Xg1GXxOyawf+nc4bD(2M zCcrXnZK6XaJhw~Nu65F9ueG~wDXyLP9U}iN_@%NbouZACM)chbFicHz#iqE^aV&57 z$$6B}_mJfpxmYKQqdu)O@f=m)y_?*hwbM~G*HdTT>&CNdKdOreFMX3WTu z1;28dTeOTsE7qdWXtKW+tyx&ygcA&;hkE*#2AlzelLHT&IR;Zhxg>PRHoi_l_vj)!D+%6ltV$9>~>3UZ2 z+u-z{6~8=hT^{glxOIX);4yYnXj4ygLCj2o(V@Lr_nbb{fAv)V)t-I#FG_kV4A+Ab zCW51&CD$sS4f zq?EZq5|wf@1-D31XTzuWP|_^520+uR8BL5YV9;3C4+t@aHSp--LfdS2vNEKC-&D6y+o2Z)ErE9iY@BlQP1*kUm;<*|M2c=fiA zPVadiaVc0*Rp*P{dy#(OA$0_jn=Bq(3F~uzCAWLB2ti%i<@dyIvsI(=Uq1~EPGp&P z4Hh~|C$87)L->IbBhk?)yV<@+uPqEof%)1J+b>uM0fJ9pISLv{q<_28!pHVxQ6}Yv` zL_uM>CvKJzC@e2mGt_t?+eb!bV1(iCUuvSLxumwI0sFlDtdR9n7PApEsOA9N5pC0X zBpB4hF8!4s{ck`27or5b`B*S{U+eb!dcq5b2Vn&%gT+{^nz`>N%|A}tlgo;Y<2t4K z#VJh}N;`t&nPEno4xy~KylXSa{C7x#Hx=B+X5%m~kmd3*o5m{%pUhzDfP z+{XY2BKL!LZErpEu3ziT8M*Hesc0Qh!`U`+GYycO^t_+t!q}QSf^D7k8N)Of-J0FA z%?KnpTWsIYMpW=VmF1ZHaM7TgGHXyE$30m)po(n*SUn?$ODVm3003`ko}VrVUrZK9 zim46PI&gA|(;hj)RLM2j$e49=ncq~E2L9neUsrgmSBqSWO>C@ZY#uEX?xeZCo0_!z zyoufH4z{X1Ip|?TI9mTh!u5xxBLOQEwOpKNMhvhDs6E3 zM}GRO!EX4zFIoZrhyv%oX&rmQ|3M>5i+w78`Lmq@OVNZMw|Ep8V$$Zi6p_dlIAw8Urusg(L+@CozX|~Q2IE37Cbr$ z%4q|)wl=%?+ZzJOxeW4Jl{QamL+*5q+!v)lN5|;yi8Yu)^{>sTs^TGe3?BY~{S2Z+ ze!O3L>k#H=#dZ9GD{~dwD%zohfoQ`Wyb%8FaR@09%uDS0%tl z)E;>{^=Q36z(9O`=c_Bz$8oE?iY9+m8oNASp_x|@>{z@=7dY>~*mPBAY&tbBOnyu% zFM+rk^2{Jd64fB;@QwupozKp1wxHMEMz+-o))F-W-joIua93zZ$Z)hn!HyQc>aaDP zS|IIuLZP402D5m7mkvxMB&mF84AVVJjwjk@wYrE=K;egtR~8(BcjN%H4=DtN{7|W8oDDY6kWA zpHW;5Nd`N>(>c4Iu}_nQ7EDnY zV>vV~RA|C?g34f(?+OZe@C-50T;&f5eD!Au{O&5()rg4Tou2tGej9N!00nM14?n>r znlzn+jYKA&wP6B?>)`A}-?kj~MG%`+xL?(KKhj-x1rrks;`R~AVi&JwU@M?&_NHft zzD;EX?m+s^(&#r>mMeC|=W%5zdb-lrJ(?Bb`9p_WAXD{4G3j70dW&D@m@7Pg6Fi_l z@dR1nI{V45?+he7N_cjBiRx(?HDnH3P(Tc`xrR8W5A3_tB`QTxj2P-rX8f-zNRcQ8 z<+6JXxVVrBA%3&Kr1E={G(?+{cH#vK3qyxx&8nA(TL*W z5xakriQq6;M?_EFO)Xtl{+er>z`Nk&{DeUIYNV~T(1COF6o96vyQ_0L)B<4;Ak>bF zHdzm+*AMl2qqms-=K28I2ub1}^QQ^~9m%vw`ZL!{X>hOqGH*w%xIsa_;bOJy9&;oA zD`rt?^a+WcW+0XRtuk#0g{Ny+vl)*JxEWY*@;ZW>0jbH)Ra9DH0h0$S47l&J2J5p; zj8X_0oJ3#J@s-ROp*c>G=~MUXXGm3V5Hf(08WRt*RlXT11mV71ykN^{R+k)1(tVCu z)UnH1w!7{!>BQ)fx!sgT$Sz*AP(W8g5vAK841m*!UMv7?q^FtXFZ$E!+MBjMceZ8CBRcJUDG; z=YgV?>Ff&1GfnE_&!=H}yIREEo zGDj|nBu(z_SucQ*^fLvtkk?7K3d(dcpwzkv!l7(O5pm^QDV>zR9n0wuZ(II}GvV)#6b8Nz6f% zpk$&Q$CPBN$s&@n@U_-VWho71h;cLaKHnyEulaK`A(m|hlNx;iPtj8`CI|9xR{9js z66M3hNl)98J14^>Dpa3qNZd>w#&-Fd^HfK$M7`zZYMgzhXC%&YSIi(6N|;NQJK`no zqHsUmG{Tr~v84~~E2;wbiR-2%;lrip!8^!`{AVP(H8(t63S`m{=Oupgh;19XoeiBD z&9GCWitT{onLYN@=(rBf7$ed#xsmk6 zII)Mr>#V>B`}YE$3z9W}L#3{e#iIZ=>mU8-%Bnj3!^nwa_GD*2djwt&Uqy1%X)EFu z^(p(Sp=4`x3@BLv)->lCG4hY~Js*6ZP`;z_8Rgd3ZJM`k5vTOxAz8Bcy)&TGLHhA8 zodNB9d5bpn_I8iqMSC(x<9GY-=>A1AHbM?AVHVAlZjFfQRe$bx+8IVQPN6b|~h zqFb}SW#M#+rLX+n9>?*tLbaw75doN##-QoDi3$fSEo;?p7KOGv~!@yOOL_Ifw! zMNjS-2N@~g%QX9AX|Sps4ISRtUh06w)|rjK_PNx4>QS{VklYiJ78XIL)b*@{2FF8{ z_X6+6hiE@}S)=va2`s&qc+6#OoxZl+K1yxDS>JXpMy*ljvx1DkGtdOdFT-|@mMUTI z1mVqTE59!awIemAdsZqZ8mDK76ScToKfl|4+h1hke%fDr!2U9w{@eb-ENUWE2yD*0 zM18g0xfJUDAUhylen9^96#vr(n%Gti7is%fgKnl2<#@rj*tt-8U$Tgy3|iFJe*^-) z`eXbf%dh@Mc}~p0KB7axu79=iF9-!70@?_=BY5*3|!Ruz(OKXj823Rvo@j1j@ zZUrhlA1Ckihj4PimNG}&z5sj0KP(5KPgEpEn*h4bR5Hs0>)Eo?{Eh+~$fx+A8E zToxXdHq7gXOqaB zkjYr=t{U?^ecq8!`)Y_{N%&DsKhDQNu}s6_h?(-2E7V@4D1KxFi_Vbon5jiG>37Sk z*Pctxc-bQdZrf&;oiQ$a%O@uJnd`0)@u`~RpX6UxEfONTUWj@d8v}v|M~7gLY{1+X@K>o`jud2YfNQPmR-s#z>p3lX6 zHQcvYwl1h?W>ML6opHprJt{`Z*rE&%T{5JW4#z;KgCOkJWXE4>><%#)URInqZ0@Rx zarQZPF5>nRUd?-^05#B=B&K5zi>oCKIcxCDJkZTO@jwTYaeyYxT&@-rt?=+;{3EH% zQQrAJ4#n_@bKgqg{^moKs2PKJw|jh7B;;eU<9W%;(5g?bjqpCmI}-F}F!Y-F4(T)H z`aogJ9-atMC1WnpX5UgJb+Y51scm=SD?sj#P{W@DqoYgCB@%R-;uCJQ0?dR?)-hp5 ztD7v%!ci$~x_vuj@&q?pZNuKT1zgAbmQv?~zw)KbKJjdL6fDUNoyQX?48LgmMqYEr zOg5`>>=;k9W9fq*SmK5KxsFFA6&~i`B-8Zm=i^L4x{l^TNyn(#*N)*YLt*_N1$!JR z*MZ*|UX5{h<5o?=F>$&NvDML`j@Gt|eH8lWeE;+KM z`w}W{L;vFNi_N{NWX>?YhutrY-)A?~Tv6h_AsLC`-Tz?~-P$IU9vAS4C*QB(Rftjy z1@SxsJmNDjcBUBSG}$%Y5MkhJutbD>a4wgmS?_5}H(ezWNkw8rO<$ybIQ2qc7iD`s zlitwJ2R6{9aQ#l!!s#~Wa`Vw8TRoi1#Lplc4BEMzPZTAPq4GR?$~&rB2P-KSOg zO^Bo(y<60kJ=p%`M*b7OVe0DA!G47-l+9^uN;KG|WjqY-#bDA%I~BLAbSE%jGO%tX zN~e{>EgJ+14J@f*O|LiIr*H&a6y(z4Mc%N9rVrgeFsPZI5yrx0;U;b$C6!U`tF(FU zl!iku<;6%ZarHpQ=;i7&#Xw)X=4O!2T;*=F{XLk*5cp&S`Q-Iz2CH8C1*ramTST!__4T zjv!@($VZK&gX^q%(vMJ3ldHDgkK1W%f|gN!`Fnn z`)ppWTz*{Hc5mwTY=*LC!SdlDf5O}d6)u>V>wo(Bjq{%$|51nH9DcH2BG<3FjDQwA zL3V^K-rsl`&mOUt*DE$@jSfA^ma%@LvTbucd3||LPU%Fx?bR2>I-2%mP_UyNawx7p zc@uR+T`f*WG|Yh!SCp-h?PeSmnPGphALUe9cW4!T@NeEh*E0%wgVTkL=>yxT-zf%W znbOsG&TXH21J!X0ogy5tP%OCGDwr-cnctWWi=SREsxC-=bxK&l)NU1Va&y!+^IPDZ z$bLS-cZ{n0$^E_Vji{m)&H=SNxqhki8S42DHB4m_IIQ}Ko(_-4l94%Pt53&qD@HT) zz8jOurWcicFC%bvOY#=_MPvHOzV;WoL3s{+O}Mz(N%CaIkXTpkUG#?ly7`SRqlfH* ztvG0uzqRMV?ENUuU9hG&f1yJ%L||0~$40O>E`E7$G?G z$q@Q*_cP|@(-$CBX&gv(fOpRJix`yx5}9l4pqRXaVFH%mqLOn$4mmJ@&^4T9D z7krrV9<_C$O7*K_U=(y*7S0s@|1Hwl*AF*Q_(8!;3OuJ^8V{2eXB$5G3z>Rh<(SBv zA^P!#*5HC;s#EHxT1_PSSmgCQ-n@vG_++xqjQu(hi!+HjS}gBOq7E6PL3tb0Wkd-W zlw^V9ljVKHiv3p(+{&u~VR(>Zl8vGJj9L^Ax z@B74pmUJSN1+praNVc=m?Z5E!(|Ug(dBfYWZzQ$0jA_<=Tdev%A~k5?l@QjBdo`T- zA7rc7K{Z}==gKB1&0(+W`vTfivKkMPsyVX`vT{W{lL{Sju7mIu8c$9v2w&NMYAJ!l zWdlgn8FoxF{AJ>SK{j$g9)hr|qW5R~E0 zQZ5U%ma0GF!a~m5auyhmX^m0`0Zsh!mL553<5LKZ1Ldu}P-j`8Ma)Iq?#HGGj*9R; zUPdgmj_v&+>)^I;5_86ymEIRaCL;uwO?)t+yWzfcs^rywn`pd zwo2%Q&<1>6i$^=tTm7;2pR-Nr==3y`n=iJ48bEjHWG~PHXo_&zbLYR&x^@1*3GVo- zhcEd2h25Ym9pjRuwMV5O{*meg!KB-z8?HLWh|(YCo#ah<@#tWL#lPV z)r>An)Cq+d+tXL9zfl{H+`0V`Nqx=&qH7Y{P2#kI3l`80fE0)H znNEx`(P#^vmu5uEX{p9QP3dMc(nc3lEi66`NuNoxe+G+k`){zQKM0iHh@q(QUNJHi zx9*=s?qImi&lNTZhJ;gVs-IzpvjP{mO*l;8TxZOwUtf(*)F?bv%?=ZeGva!hpZdB)S ztEW=bv0yP`Z6J)y^gbvS8^`-?gnAojx*4*3p_+Ni)!J)4UA|ZxGb^S7=L@LW)om3h zC3fT=ex5S?$H(Zv0uBuDj?3+7as?h}VV{P>A$Gnu6MnR2JvMiZ%vVMVNeoDLb(^WkGl*!3^$*tBWN`tW zTwJ8Xjg?5?ZjAJbMl0S)w7Fxpp|`FiB`DsD$E51?%&x}YZ+zSz$@oH=@jmAOd0ZLY zd*PPV(+wi|4wPWXYz2U+@${dsp4nZUv(R0M>eaLxJTUg5=@O7Z7)a~aCS6a?GNC=P zQ-58f@$OAd;X`(VOz$XY1Fi&;h=NtKp$NEDMn1n+u8f*#{0|ZPiE>?wS=jSD0QB1P zFdq!Y#ZO(KK1e?cJQ$wmrTz=0Z+W@Wpxh_1yYi{kNwUG!DBd@sM@kr|7uCiAgPSjQ zQ%(dob-a0|I6`6lYr+tTu%oiE=T>sfP5K5Q?zvC%T)G$N!?S*l=q(+~7qhY9V$O>R zjjx;K=_!l0zEa&st8kifton@mb0uD7e%5-&edSvo9gyE}!S zy1e)sb9W|l5!fyM7P_naGd9)nmjd*jw73uZYN7%qbc^NXR~jFAHb!1W^UANL4D;Ls zO!6ys8eO$5Nwb6eqadetBmG>g7G0BEjsnw0!uR=XZp;(>s&(0Oa<6ZUkeUrY8q!w` zoGPPD7Xp0!XC)d6>w7Py8k2<4%d&3K2NArv!y4F8=%WpJ`L5_GQFUVJLADw~qg8iV^4nL~7@ zVmr(_8OZ>-Aiy6Hz(H~&ds#$Hla-}KIuPH@+QX_G!~7z|U{n2Xs9Kp_d`5QYu`$mI zOwe;vZ?8x&L7f|jaDvg5jz?T5v9VR<3X^sA1ERG0+I#H}+#3n=>z=}19!w2XsiwrA zg6a3?U={zR)nj^-3=Pt13~hnL%*)dH_j}8I9(c(@N7-yPgHuo{Vy0*PCGMPYk<`9{ zln7fGKs5U1f#EoUv0^nLndhUPN&h}Ymi@L_uhoh18COf@&(AhL&O5jfUq+d$I|x?R zqhrjI&5NCg4d~=}VdWCkP8fXNo*IsWgua!k*J*v{-plm8H)9MM_DQ0{x5E5Jz0<_q z-s16?o9rS%zub);B|5kGdI&#d$#KtBjJTE3Z zZEYIoILH;8a&)EJP2M;L8LJl8P1Z)?OwGC|#2DsjSy|rh=@?h^pbk?tbJC`NGeVBMq^6cj_@zL(%&>7E{VMd=?}~s?xx0^ZCXSZKb7d+dgaH>v=4A= zgW_k|Q+tJ4siZkq@rt3-%bTi3G;RiWTL*Got&D-EsF|6|K=fJ+Mg5TVz z{5W6{6iWMO7M;bf7?c8p(F{+#DB^1tz1&P<@FAOsk&R`^`!lMFtI zZ@31tp}l9s+6Bk>#$cWolF&OvH*3oUUnf5~rgb3CIS|s3EDK#7Cdj9<+dEx_k%d>$ z`zDo7_`6j`s&csPX@{iGOk4MW(i#Qt>4?!G!820qLDXLsnCVzdQ9aiyck<66R4PO@ z)wE_xM2^ZIg_S@Bop+#cq^W)84+_dNF7Z)b_c5TpCPAia_{o~bAc|OS zv=(7Fw89*%qrCMgImkYTOnt`vv=#I^!RTY%0dvC7`De9FUfuP+cjl79#ja(eQerwS zRZL9c8oSM4ei?g1KHiDPxwFEPj5;P4G45N3dq>o4VN&m*!W~2Dlj2DfG&lG3LCyAA zmeAl9vk{)Fd-PH#GuLKW+{75hnAwe_Qxn~vD_JSh<9V>X*lPO_~{q`MJTdk=0^N3#1NcZ?I6YTb3ME=4GTiPGi^^V83J&^g+e)*OL6 z5}v1hXY0c8`1q?w2A^1IdirJ#0@k*bzsaC8s<}uQJ~H}sYgo#OFW6S@U?I3y+n+wH zgx0BSUW^We2}8j*!1q_{%U|Qf9C!!=*RmO=yNhUe(t;SCaTUaEG@N(XTvSC(Y=n?q zb+p1ZIlaX!=tXPfps=}6Vt&oI#trA?adzo}ml^{amiW*AdzpCw7z0#hA7cL|95wMVCv{Sw#k-AWuzA>51d!PmEL1i% zqHo%>e#wQ9XF`cTBQZGRRCnHXb>rsDf>fU8X8+e_-8r4n`ik!m2RA{1{DXyQzaL8D zFR?dJbT+)LQ2gpY=a+x?=OqppkyP=O`BO?y2N|3vg0=_O9uh)XODU%HQTZqelIHP8u zJ09$MUCX8}gXVV#RCmXCJWfsdTcf7YrR8enkv$dnRklAG6AYcg_Orw{uyvkoc*KMa zb3a;)x_d+OMOHKsH_=F}fjx>dnjzqIlz))+NyE4D?pzrmlaPeVqNXeL_YG$qh^o@Z7vZ_BmL;$Yw3@-jQmUh6t{vZ{RFcWme zh=D!m+n}pGzr>P;N;&9`IHtKR=(|Fy+|#2wHtMU^@L-x+9|L2S{8jUeCp^DG>a8e}CtU>dwnHbLq+uZ4A~sWWugCKS z`#EBwCpb)@bu-d*SCXOvceT$JoO*WF5lfgR|G^IQa>uk6o2Z@o5BT``ZZWr?Vh)1I zC>`g9FdnNb8ApW#m51QOa^Suk=^bg*cGjJ!gLUBGVKoh&7X(eND8Fp2e_v~jVU)h# zK)+p5u#uXuTNKF6`n62s6|w^|jJ1kE=4C6{ObbyOEb;UiDKOQ>F6Dtop<~^sn{N>? z&$t}_4iyFQv}V!Sv_Rk8DgCSAr}Fqdg$n7~TMxuF4IIZkln2NZVrJ@?tOSepb`Ik0 zKe44UxlxzFDk^nalebj19_5HS2@V}{`BQFIKDqg=h~OwDE`@6Dfc0pGtc0#gz}pyU z<0cHseL;SXKYCDJ?{;+KuLS zJ>DM>{mEU}9s$gLySXO22dUn2T_R7{EMw{1$8kG{w;F{csJL^)H*SPYyiwz$H6!R< z55(wQeZ0z`oUb2*nB~$RBf3={|M95~9pG0I?p2HS_lwS2_cXwbWWCO-4^{KGdk+Y5 zDk)a7ke-}m*;Ia`Ho;U_xnXWfTh zyE)SM2V++G2rZrW6)U=DPsO#f;o?8~HGj-Hc_Jr#8$Wb-ArMR2kadLgLzCf|otPiW zUqhzKEovg0y&w$^=`BTA4&w{GLH+NBze9A5NAG&Kt;Z(l^{B2bIN9MPOt-J9Z4PHF z?eL1RH<>yT@)#cPs;(DuvD|MI@%CO8M{`267QdbN!@n}fE$>bBp+?Yx$ z*^T0IoghY!UaOnU6p4Wk*A1?g?u;D^?ja@gweEG+xoJ;>wzN~7=nr4|s4&+^d;F{l zt4Q~&C=gcqzDX4~uQ;>R=ndxjS@x@Reu;LWYS`x?hnF?qdLju$vkOgBCD+{fhzu-y zRy}?wkpArEb-C*lrhvd0vuS1z&gMTuDCs|TR1&+xjP4|7uy$=5C$sTSFT_KKir6k2 z*)SE?w8khv?cm}zF76X^e3g-4^#-UAd&OcF=Z^U0I={8q=yb;+`ZhpX_r6RhtjK{1eh&w8Fo!bmRFxxfMy{ z^UDwQxemd?;E^~+aE?qZ^|QMUm#r1lN>~M16i`uOgK=3r6ifRri&}_PE?59YQzne+ z4AJzeAS&n#4JWuDkgl4&Pj}eYw5YBWkZC;n_^np052d~N2VPGM?j_HDB1+px(756X zTG^j<<f;!eSUP0h%rfBI-||ab_@2n#3-E!+FAY=(*@Tx zj(EUi|BUWcB_OvAd(K@|Oog?gW!HER-V5`mhpBysjNhHOo0EHW|Nn9K-f>NC%ffIJ z6-5P65GfL+D1v|pC_O6D6{I6wiU>#t=|n|Dx^yWLY0`<(rA3jBfb`yL=m7#DB;i{@ z_u2cLyYGGPdB1<|d)dFecb;UGnOXD9%$hZ8##C!vb9#52CW zp*=zRg&EwAGx3GuS(<)NvbroYdH}ipliEe(-LR8l_i9l>veU&;r2%_}TgW$fa(Ou$;aM~w^oWXTdJgPSEuLf#ulDYP&aga8ZX39HKwg;z# zLnir;f{3$^Bu3+Ip@@E^A#G}e+l#Vi5>DL*Z#43K%H%M6eC1Iq#(Ul>I>%di#P`-f2)F zPh^j6HMncik;QLLE=jXEzeT>Q#1zPr+39uORWeQY^=AoP<#09zy{tw~9LJ%si|-Q6 zsK?DLo;!g1j0PW&M3*IJty=YDR;$o4WXcGN!|B0)I1A{rv6*1zJ>F7|$=lTW>NR!$ zMP<`0^d_Zc%}WhOYSDU)Zr4%n&mH4spVn;RhuDtk5*s&OUS0dypif9sV8EH;+Wb^11ZhMEJS|UJm0EydVr`9B$8$ic8hK zoo1t0Gv z(Ld^oh`t$>uLR*OCwZp4brw|FKhqoGdsQRcD+)@;Cb%2u#jQM$tsXpI)?xfhE2CA>nmSb zASOywU)~sm@t}m9JywH@&nxyV-3U6Hkbc6iu*e|jrOGIKOxubFMIU4S<3OJHJj-6M zp7U+ZA|B4{Es8gcdWmFB_1}z{`7Gs*jgO%S}C{u;xFUM zlRhtX^;xW3d5}zxxf4jexEMohIo(VdGk(J2^2|3;5C>u%{+F1bjDLy=0)g|*@w20n zy<=;V=gE=tRPEur1$r4M0{v`$V3hhqs6x7YvTTI5adzN!og@gwm;BD}-`?t2=4H9n zFK_lclrxKLB?P@F#odNoIsDexcTC(NUL#Yvw5CX}I;ba%7F4QKdcQzsu~Jg8=zaeC zAX{(mka7vg*8A5|T1Tw2nfL-G{NOmnkyV#_NA6$myhDHBj$Hgya+`>H__v)GnJzHK zqc&!r*3tv#d+&XB{``6O?gv5I@_Wd<5sNzAq%51QJD34<|JQ;-6>i$b%iL1iKW;iDvdZ#M0gg&n(C`A+ zW^K5I<{M(-3xIw2;pcy~PyEk*<5B;PUrGL8#Mzc0e(}Wd+W%9zjX@3)6Na-QZ&-C+ zcjzE{3`DCF&qvp+_qOieAW z#p`UyOfJmKSR5}>e3EyKwSLJi>_Dm4pM{ybvpe(B&B5tY4ptYR$mjR;Mw#mmR5Xgn zxw+|T=r1ng8i8}Yi{UL&caxprb-7{CiN1L~@g*IG`Pxocvx?fauMuT+4uc;P+|vz; z$$8K!7ys%bwH7P0?9?9uMUC*FrqLrz)MB+vS`5ZRczt;`zp@!{QlP@@FHXvQ^P7{# zNT*t1GKHaY^b?v-!AqG9J(vb zf1=i_fpO}P1-G0>dvB$Y-XXE>(Mt@El!g`)Osgcg6K? z?UblttsezDB}JZz>R;<_NJO8uE));4hEcmATa*-FpRfZW>*vl`OZYp~uqv7@Pkk7N z)PD)FzWa|$u%-V}y+w0kmB|qO$va3@rpNhZg>KvQ%OjAX;x`LbgCW>K2kf&rbikBU=vrU-e9>#=D5DwaI@VM8}-xjsSum#f>uCC55f-h|#xjG#?8 zQ1SwlJv~!~NxJd37nOLJ`rSKv7Ao?z$B2TdG(j0g@@R6Rv~}XMjf*KCi%P&o??TZ_ zu+duvSz#L}E<>DtGA(L@%%m@DyKn`IF8Jw>;ZMgaPHDVg4}Nus1wTH`f>De<)^k7a z^hgy7$=d)joCp27K})D`uVT=8gae5MW8dTtp5!~Zd(G_E4cf>*4kwK;_i<{}CDrV` zdJ8r-B$Z}Ey-m_V(MHVWAbyv3b-Ai_8EDJ5F*kh8+;}TyDPD^<7+=2*Y07_AvQ?A` zKV|^jV?+ZYZR--xq)YyeDItsGNTjbYNHwZWV*4+StjT<%AbKCv`+U!(76|HnmV*m9 z+)Dqgjq1N_X!-vxlf!rz(w@c&JzeorLaRXP!x@>r^v8CR2X;A@o&eE0 z2Mw*w&!=Bbdo&ad%?#|M#+008PK?THXr?Xx_m ziDN^{*~zn=w&(1E&t8anJAOSZ7Admecq`8b$uu}IN-mS-N+1OL6iZ0GE6&*9t+rkw ztW@Gz?$Zm86m7ZE93DRXP0ZBUFSsXZhUTUkg&1_4JAf1?gagPK>gw4Ii*E4KnO~P0@5c(t>u!_psrKq}nw% zV_5Q{Jzz&>gMc}rSb8J7!vMX!or^rv`f6Q%M@3nA76-Vx2aw<{q4uy8>HfbyPS{=O|*u^YL6vET>E>RI)D>z2nZJX>ZvwsOlB5 zQUagUgBk1!>GwDfja+C(uIm3yEKxr<5tU0z>z)52fP zJBrdICY~I&cds88$yi`LS%NBw-~OiEnxl88KYk?kDaPwd+fn9k-|8Wfuk9V|sIvK< ziqEd^D$VrGY{<8X45)g&D_aM}*OpL-0Uwp=f!Yq0|9Ige53MVkoO6H1GRA56lev~a z^2KB5vQ5>#$QR%8b!ybSvaDPc(;l(9i}TGejjYZ2VR?N-Gm3Ol3VfwpdcH3ON?fs3 zQU5vznPL|?QexWW%zylWelUYfXNgf-a@94XhEIWD&D@dB4ymkVf#YiXTP1lJ$D4BIa@bgvobU~yg&8@#P zJb1F#RzvKH8vT+!1msw9K1&eKy&i08+j;vdvn(Y$l5sYWM^`gLR=;~BF2qX`+$Z3! zU&Id;Zpb-Iw9rtG>FHbf9PjL$(kgz$HZ<14_U4!x!+FhsE8#KYi7WaLiLTng7$iLF zNBr`SLIb@D*~T9?>c7tzC;O;w%R2NirUYUI!V)NzQ@Y|R(o;HCf$ykO;_4U2$HJK{ zqce(ax=jYW{6j_?U&w(2!QTIWvjpzvK+{h35)vzY!*u@!#<<&=i|$xT)zf#SC$mkS zp4Ecf0M)iPIheSRa@=83+}G^nJa^^?rsle~+!(tRZsghV6y;Y)-p>y7uVJu^ic!jfT2En-S995CG=Ltg)_R!p->uod`yEf0 z#IYPJrkT)Wo5@3^-J9Yfl>^gNCT7pi511LJ50tDnIJ|gmI72^gUSL%o=pnQ^XEs{Z z&LbLZNZ*vFuH~&c9o;pL6&h@-Y530If%;yyoE|eWl2KK5;&Fh6Ezh}dhi#)nnCNpm z3E|Uyu7acb65CEK600GdiZk!Vjm?sP&zwHrWR*%y_X^LzQ$)nIX7(1XN{*dGb6bnt z_)_hej;GRKeWN^I{2RXYze=IMex~?!#^ws52tY;a>!6@Q=<6z_uj~4_pxfne`tR28 z*Sf8TSy5AAZ+0b5AL=@wmaw_D^qFAPkPiVd`&F8IhMOE51~Ju?`vv$iHk% zp&%G*`W(_Eu?B$x2SuC$%EIPM;IsLJ>c)0=4q6mR!P1N=o?ZT8Gfon5=%q)SV5ui6_dKU7EaS0(&QN*vF)Q z2<(K0H)gv2Ls6d&8OHak%0nUXh&F`Frn(Dgsjv@G>yvJkOxM$M)Xg~QoH2$6M zuB^3iTu=K{A;*2q%vpq6?t*WBhYT}?c1IG@WDhb#I$7515z6X0N%A z(Als%ojUNfvFQ*?mxQ^4>qH3kpwY407N*H#+OC6nd zS9f{JpwBjkdFxjGP$v-u6`ag^IH{q#Et#9zvh_5gu%wS55eC5KnWZWIzp=djL!ZKo z(P4Dor;+|2Ys0m_?;Nowv#81l4IBJSr{|dBbZ*zMWzijrU?ssvVhiW6R>j6{N})uh&Po({*h<>eb_CcDb91o6Bw1(Wb3WQUZ4hmuU6| zsLXB6oSYraAK8#U*_l{T2?$YLqauHhkf7pMcQJ8xw>PKaSFm|xLH?huv$>n(DeBm{yI7U)J&|m;!W?*0^hKYG(%e-vbf` z%yFFzm>QLo6xDBl_xkt7A*U2&6=Wd?4niOYz(0_^A&4~O$f3hW4j(#l^QD1KqiE40LDDGM(pyGBLBWoIQKt>IL>om#=VNVTAHt$#sQ` zJjek`N=mAuRA;ED&TuiEW#am`|MtE@XpbJeK#@jqfDLkx_5cO#fxTJ?6u^1-!2TcP z_uqko6aZezqsOR@g9gQ?AO{anP#io&arp3|L!h-c_#JYH_VDS80=JKxQGGCmf;*D6X&JNTvxy?%o{gFM8%}<%E-#eD=4aKXliNe zJk&KcGkXV&BEZr=+H(f6U0t$}T7@DlRE4 z`%+%>y|%8tp|PpCv#YzOx37O-aAI<5dS-TR9=(8B-`K=%ZR2+EWV{YQD1M;@{`(8D zf5D3u;C1lOA&NtkWV{X>bOrxX&>lK`QQ*kw+p3h09L}&^e{q!VPI&U?Z^zgL)z;`u z96PAaatKXuV#uiNWA@)e?B)LzX8%C!PrL>pCnyep#iO8wz##b0FP3|dX=5lBhrl1m z|M*W&xl-$!Qq~eUknldlC+#P35sD|mXL(ZdEg999o-WbLOhqVsWeG&vTWX^>2rW%p z@gRFWDdJ^8r8Fs}i&T+keK=pvpvqfzCO7qf%{Y8io>~cd8?E@tj%QPLCwEzTfYV*& zZbcPIfme@vaN!P*r^s@O<*c8Xw*Imzh)watYdN9s3*~VX_+51>mUY1OCO-N6L8qHL z^tpNta!90PB6&voLaJ7xX|UH;Ndl)??0v%kTatYCPkphwdC%(D#8Zu~+IxGWaa9|& zAaARk2-kyI&T)!FQ;e`AJ!`K~r<_UCT976K2)|JJIA)!pJVF&dG%RPwam=mdMBHe# z&Q4)py!Pu^*?^?ANNO+CNH9OHC;Q6oL%6~jVvuj~7XwrsUwl3|lq`QsU%8QFR0_Ru zyLhPCQ0^nQaLId{``IJmc5fBkO(P^1M(8|2x0BOlH?TpATj_o9;y$EL+6jLB+IG*F zAQ0&qdmJ%$*V>(>pgFcy;mRf1_1Md>=8TlsqS(#1dys-_rB(02EgqQ4>~h9OKlQ`k zUW%L?TQN0muGU!)pTlIqx+29j~(R}A9e4{Gmsvw3Z766 zu$$d&x2ztPn0t^r`T*RER?TJLd19lrblfQz86*0wUAI_<-;y7F!Tkp93c{#Zs)Cqb z<%#8quC(lYR;hl~`ZG<`wUqGGibwV*$6-&}Co_hnn!<*;lmCl`;?lgwOWaN9~wdnQ)Pj zO7Z@><^0HD(RT1oH6Qe~*J<{uR$eLF%&@846}!Eawyx^S4MIlm^#pQl6_6qhM@*b9 zP}zeVjNJ+6G0N-s!r-tob7y6}4C4GX^M|&L9mf&0R~EBp7=MHlVovKx`Z6bx<7VU| zUCWF-Qg``kA5!h?&84*p16f^`9eBm~;|Kvy#>DhN3aNYkEz@)P+#Xz85u^y3B`+S= zA|&a`vr?Zy4|-jmkD-Td3M@UJ6`0u+X^`lyK$3oT5wl^!Q5U7O&((`$J=rJ5+53LF zX?X7}XDtH{URuqI8<&lqi-mf>^+MGg1)6v6}%8 z`Di&JJak7l%We9Swd7YudEUf>n2Qs-DkJL(qEncR(jmRZ)>@tCk>}QNhw$B-s>|j? zP}0w2LL5e*GC04x-Piq+zf|Vxdisw$3Oi0SBo>Xw%&8}687J4rjT>*cZs$1fcaexZ z+7nOar}B#GD(ppGAKQB%_Uu*j133i$bJTRV!r{(`%ra$RjT{2Zq8uze6VZH6Jz~Kcs2c}_}67SJR15NGvnt@k5<%n!aDz9x< z6UeJ%?Yf+7;J3)^XyL!jNE_l$A+ormo;X%GEKug}QnUPa$Gc>CYK{Dsz|hBcnU51! z0YZ6WB}sl>h6!%T8_DaF#tS!`-X5LX$Y|gsxQ00wew!14Ag+!Z8=Iu3gaM(LcKp)! zOYyUvz1!(sGJPrB=ki;#_2QD(!)tw~ML9HP4Q>sme~TY$y}RBwEpjj|1yS^rJz^rY z^!m`U(#H`GdNuLd!ib*7{!MRZs-+{_EN74*-P)J*;MY0(QyAObuU4O_4kc&R^fnj>Y;IRwqn$iBvj`E`Pj{^-me49S4y7Hkc zv13TXG|L+wN>NrcHgojHwv{3D$9X4;cSYSKP=c*(T@eHA*c=V@ty~q(?+QZ0#i&7V z*Ij(@O{N#+p;O+a?*e8r2kj5v3UG^2d4i;jST0LsiA?Ot=GqEoRq~Ila9rF%7?5_^ zXgP6JN>#n1Ru@8KyMn0#Ix)-XrTmn!97)zJEOVk{7S%~ocpYK+#Ts6OpC_&Ji-8pR zr&P*^ym*R_fMTW_4;s!-Ka14k`8Lz+*gz@iMC1nIT?9QPDTFsw2eH9+%cNja>ZJZi|RkkzwuF0(4$4x77v3yS7SaGLjj~x=+Nk z`Lrf@EwOB4GkcIR%$eUn7tS_ncZtbdRk(F8*o#mQH@Esa;Ua=v?C51Qx$G+WBEke;IyWm({URqs=&9|dK zzUSR}iRI0|cx24x+tsS zbC=?74w;vh`Bk@?3RyD4BDnajg}s<(T0@``XXoVI$(lV_QSEeu`|< zQvkG=0`BLdNG$ zQ@%#+bYHvrtdrgWy8^ANt!?h2UvubGmyL``waLgTUc0_(qF6A4_9T|CvcgW_6kERX zH5y&NkVU<7R71ThvBjGrP4d%cGqR7WR>X-1o{&N zm$rT``Px)4s7J<#H0)Dg>2kz_h(a!?+#*)igbcC55>i{Y_id!EwB!CN-{ z)+sQWZ#81wI{a|;&Vx%g6S*kp@LVp;^R!J*8e+O)E3B=GiaXJ>r1hiel_9(gO|S9_ z&q768P7A0uIPg{#eZKz`XLgs`-=5j%nbingkKufqJ3WtQG{^hAj+MNj0t1=Kve%Q% ztslbmxtE{1Q2y*w&j1!vFm#1#a)np=497VI{|wnJ;chn%y!g;5P=@2xp>XEUdl0I& z;>0syw_38gzk{vaR%Jw?p16iKR*Y?if=YmC3-F+7~P1MG_ZJd~}ZVf-D zNm2FX`eyF0Jp8^AEeGPtyL*>D7j+s_=W>TvHq~TDlD1ZVK46_8EnH(whCp$cj7EH% zw-wFAeLP&gB6>M;GtH7-YO4pl)6cW1IT}_!%0QPDRptdWM?JYjBhYfYZzva>G_r=9 zKi&*CNUPE{@)Zi{_NMS%3cN47{leolFj_z9)*%eK*bbS40b~tkWCwMrq|TF*y%LA4YrNk z{kMhd%BntgCNNs00D0Sdyo%I3)cVi*iKVfMZL5!kxCNAN4t~^r5-si^TQuY zpJO^n>uy!Rogy;fdqZ@K1@lmBmGHcs=%qxcGsCGpWb2WO8dAEV=3r3WEPO>&Dg?o` z!QC&>ERktTk7KRafucT21a`3;XKSK8=;ZPFgrO(T3>oz?qqY|I7mr{C#j|Z&A z*E}0zYCa%Umh<>?lqg%Qw@PyJV(w$MbiLB1mBo%#K4ih}OAt5F{+~Flf*$~%oXK;L za^~EJt8}V?0=Gb!Mqjin7yZjX0a==KichMtT;Dc7Xi;(1ofD$|CUZ_IirgIhbPjxZ z#oqhMHE*u-zZxHS3`PKt#}CsPcle@j>2Re|b_O#Y{3gRklMFsSFFYNn50zH%z4g$K zu1xB6B>5}y7$+~$q?0@QqLqB-pBxt;_lu?c`SYv^c_PsH!`0f9V5lPKeCuHV83xds zJlZvHa_<9=Iq8h?YU6mOgFh6>U!42(t3Fhb3=Mg>pPhgGHR|xYD9~K>*JSD6HbDdO zWaQbuZ3_MRmFe2Ak;|l_jQ2+dbO24szy2MdN`Pv=00oeD{9|MxFc-MLaFpyQ;}&^r zeNvG*N<@JsnxAp;=VV&;_F{RPktVZ$x2CkGR0g%FN&?Llxyi7~DlOESBx7&5qYuUm zx-6Elp2@MU9hZNRa$cYG@w0IUHeo)(63G^L^TBt<%ZDC^Z=RQ8bvbY0utMo$(!TCpVQp;3+N2$@YAe{8hNFKin@D ze>L{1WB|#H&cE))+3#nWborA-jHY>XI#iyNE+)@u{g|PdoV1iCT{2y*g{bjcUm}Rx$M$+R1iLVb_&s_BFZe=oiF3%ea%J4$zw~V>;|Y;R=O;ow z9hYS8wRm(h%P>zx>9$WUn)!RI$VjGD3)415Sa-PU4a7u?dP3gq73MM;1o4nI+scaL z(hqNi)|>PN-`jIZ%QV;BdrymX)_mM;Q$y^q=ac%@uo(mobiLO3<6I;Qp(ZbLwvdvT z2esn1q9mPsbvkt&MYy$*mIWVY1E&?AP~WymEE--r3O{T0qc$K_b)FsC8~7~+xv+_f z_HJNq7d*SVJO{)HY(p}zjHtVE{G^&*PSzoNY3KYU(K4E;xEV^+Cqh=wwH&b^CA?U&3={ z8|GET<~L;F`lez+Y$N(DwN^8uqlbQ|7mLD1>uDz9H)e2S`O-JzEHWP6l2dvAjsz!K ztq1a`*oi-U5)dlwJFCgvkYqJjf`3*VA*rSkLShTwE`A^2IMk-(f=ver2PY;aXt(sP zvhE@X*3Fse%NfI?qEb{hXZ(<}dypSk6`Ua}he&H)EbD6f4qgqUy~AMmoVN5>h(^$M z0uQ-|#V~3qmw%mfeGekoL)k!c+7$Y@pdsIg04#klydllN(*nsM0x5b1*ozj!Mgux3 z(*$#pMfN`i;$qM3O2*K@69|?t@RSg?>B%SN*fUc^1{YTF z3DJZ@ZAhw+7~lb@xzUEp$k9CrlM2p[#9bQS&;RbN>`1|Vo3fS}*Qy16BYf?<8~ z$atY@`y0Z|+l{J7!oP-v?^D5OCkd0^8@LWI|PT`$;bU0)ZTf z!8PD>7+VW;jUPi^yRk{1YMB_h-G2oYG_(uYA-2X!y4hh;$-Pi>A+hJBu5k^_~l75BS3Kmqn8(_ zADY3d$Ox6z5=gTxNtHKoeX$*K#R&Urjq|Z zW{1}-VWb3R9-7XN?Js_59b~%Bypi<28^A_0MrCZ7X1kTFmh^^F>*$HEihTIqOb`U z9OB&i(r41*uTd?3Gs-_82%c*xXt!l1vxy5X_1u8DZ{G|cmB62jTDJ#@LywW+Bew8~ z*^fH4 z*Hgl5e)InRkf^otO4VSS!iL>Ek`TOR0i*0x(gIs4#r4Ih{uA{#+i?a`T=h2w#<4pz zxK4l}XnT9eJe)kme>&_OvUwj=Bpqgb0P~+VRc~*xh$N#7cuFNuWasIcm{$hCDl>IR zGoa!eZkT(nP^I+IZu-Qr`F3puvrfy zFekkQY#yA6*#i$ObnOd)Jn}w8`r=jPN`7%`dohl@TJW`UFHMj|J$c%hOfh)P97aok zleAIa$3-IIyOK~90Aicp5L1#N zp7a3xXGia_q3h7KZLv?cmdR=#Ph}4hNJkOkUPb4*&*V_Tu2BFQ5Xwulq1CcMWduQ9 zV*bFLon_I*-9kX(&EE?G-&pp!oCdF%!DvGzGtR@F!NDu0U(GW&_Xl1bzvxTGtB5?k z3O#0HaDRG00Y?DosIF5V0LHqF>lfP???L7UC7~pS%Yo}K_g}N80n#;0R?^PuZv1Nd z{5c3BG_QxF@#}dc(AcmE*f38_-M|-`>Sqmwf zd=GdIY+ob=)wwk!Scjq(Pa~{o%cCnNy?NK9 zC(l^-HYoL&Q9gL?J+%kn)!rR5GHS~bR=0u9nqJZP+9cW%AKAI;wpFnRy_vn}Qi=q% z5Gd2=PtFlMR7ew9+05;@%>?3iLUt;K9l=0aRVVPTi#FM=m}@?~933qSxoUq{T1981 z{7Tl@LFvAORfuPoCt5YLS5_JYWb~CTNh%Ny--}@{g9T){u!XSu=JCC@5xF9HKsZ0f zO6-6JDV49jeO@y9@faByzSA zF*0>wuTwf>|PqC~-T3Wl#QZY%2+A3rrs|9|!ae+}*}zF4}x)6GZ<6`(E5#FX=MmmgEY2 zF}%)o?4Z4t!(|-O5k6XvjH8vnAXoN#0g$dhf#wxF5g_|FP3RI)ymBGDHkay?G#y=Y=jXmvR?WM>+h4;8jjn8{QT8p32v(I?Rp8e$&J4eC@Mqx zVgjEVhC?@`9084?wf&cOnWnAaxHUPEI<002rujZm_qL{ETE(_fbIpLg77Z;t)m(0MLrvU~eG# zDS((4{(v==EuntsW+#lq{jU>5YCAz;W(t)6-Gk5@ z$$$w^eJn=na%B3??f?E9{&{w;Gyxn4(#sJp7;?423OMmQpZ6db%}q`63QPr&gf$A~i%J@HPxk9M=1c3`;Vp4A`6zWPHWpHHRld;gc$t zp__wzaLfXX+@2DEGgtZ^v?u;+dqAH9lZoL(aP(&+brn9ZfmnO)mca-nK+n}7h}6{q zDWR(He3AC)FmOBb#}0@-r=gpJ4$xpXz?_qrtPqUyF;asM3|*-YHYM0inSJnsN%F*Y zLVFTy!U&fUhKqv1Hb+@u82tV-0z5-EM*(L^Z!my>+cw!0*eBNbKav!1)GDLt%Qf@%Sc~9n^A%>2r6iEY?AX|M^7_D2RMq5wf zNAje2re9F)K{%v-fwkX68;0Ssg`sCz0pPF+LtG9(3@kf_25OX4{W>L7gCE<#OnAGC z0R6nco}Fr=PGS#Ii_9QO$h4Cr0WX1XM4%XMiLKqc`tYfqOiUeFGd!L9%EcTg#VFNrYQu^exlw+lTpHs(|1Y8DNHejy?Gs zi?Mwy;x=$NyGf_u{(3=B+VB|J{w~Ex(cn*bJ=?wGgzx)FN5;VJ_vp{bzrvvNs!rs_ z4U2LF9{3r=jw4X)2hR|!#{lrh|7;AFp%`-$I{$V9q|@vR>kY$cRbQGTo@Rxi%Qx_S zC{;Ob8Z7GkAPkHq_!T~(OWvKzy93i;v0+hBiped?mlOnPAl@{z9(zJ2%UI|#neuVt z@U>imQUhKX1=}2P11y9H0KH^Or$`A%;njVb+crGge+AYA*4k^oKCV__r z5WZbpWp@u8IQM?=x`u&*#?UQbq2(EF$gpG@Ek1)4`K;nDzk=5wG0^R&s8w=Pu)EhJ zv6Gf#iR7n6?TURUN}OM=%#dGTRr&tH`zmcR)2J&X4jSkD2} z=iEh&C!GO!mDU<<0%HXZ80L%|fqRS=-W5h9{Y_&!sk68s$)~VY3=kKV@Chw9|J`2b z_6`aczpcnMb7v3ok8y!Gq$;e1jdtxpRyW`nz&N=Wn(ZP2yzepSYdyk6Ua^5N((1?_ zUY>_x;Ba zBYl0#kIYY!EDtKqlw?OZL@`QuYFGB&41rJI??WxtfaQ@XX36aJr!!s93})7{;SG!D z(XNTFEN6JLNt8W%;X4;KrHceDzE|7hX$Gz6d3!7M!g82gmZIFny*PCb*X#20(i2(Z^hi^Q z+sixg9^Xi}au#WJ>f|qOWx7z88Ecz7_gz%ck^7L-LN9+&>UDCr*rS*0TyHEVnaVHX z)oYD(V;{_i9!^a%AFv;re%NdZEy(U>pdTVi*q8ZV&q+~r!WUn{ z=h@1wW~G?+AdRuFAIn%>eR2|n1cuu0AWOTRw6%n~p~ z|Jb$_Vj_0BwV&;WK%$E(A^Q=-PThS=RvTlf&soI7%4}P?>5|G~B1(1FKLjSRZ_+=N zAvq}1YJ7RGT0?*LaUxre3BOgSW!`eb>RcdfdzdQe@s=pP{k&xNUW?*IO zG;XuK>)$EN`>>ByuvkCH)6#6)gn?i!-;u+c(nd9qujfzVd_n*bPdx8W1tziOvrg4( zBf}3}yDMq0Ln=;im^`WGwOSc|dkMk6o;UR(d;8~lj>Bs`B}FT>orgZa{rCc%q+N=Z zaX-^8_}L;x)^zx@kQQQ~eFsI+?&YHL5ef=gfJ1(jBg7A=X;WZoEdJbs%s;LysZ!bk zFG+Z$5_Izy`#m&)2eHrN>_{?E-Y_kXzOP|l@`#VX`DgS(&kXF3U5k}=j+R3|P6`Yf z{@!TU6~r;$mZ8&RJq3m#}YP56OH zPWB9L4Qmv)A<6FDr6j)xaj1@t+clBu#MujsxAK$9E|XsJe9X6-=pzJ_YZL8Nz`=%s zUNI_fzAp<>2iH$?K69 zs#QkL`)MNT#Pnef(@}enPlzc)7g?Uq#uq)C3OBxBO8BGiM6ok_l;ZinF0DvdRR&oL zV#5KHxkF)R7u4oj1n$84?*UJ1A1qKnui=;?%xv8n!)IYMncJ5hJ7cn3p9gnBh^;(k zO?U&1R^#~G#DVa5khXb<$Sw0yn!w?0ZGNu7hUSuswaNL}VZ{4^lYHEr178+y;hogd z->jCAqD1ScMRW@W=mc&t&htFH`WAka;GWevbe?jW`@C7`JM&`BFM({1BC>?cya~Hy ze24mSTi8xcF7q)*2 z_wR(P|4(Vl!(5M8=dy-lXKs?7TR;Bn1tJdEo{`y69X@{~yyF!~5~jI>5b84DgJ^-> zh4RPyq>n1wD(kuJLt1l#W7I%j-0MXB5`&6!QmpXCgmidcIaw--jb_xg3truWIA_f7 zdussuku-(>p(f$c_k1{PfTio2MPk@tnH-Y$G+nR)*?@Xb7xk{#UK1g5YnE;y75ZRY z8Bu&6#dMJND&5`aC#fl6Ey9_fXzZHPbtFR`FAA0?X&(OBs%K}a##^>YpYkc}w%Spj z;)HBhX+DEsY$;HUkgdD}M>pxPL4!bnCOCbM*9lH32m!t2A&xZZ&6 zz@n-yt0uj~?3miR)NSGi`1E74%=)n}v#P74_xT6`c>E7O5`fi(qu1sLL0ovBTrA?R zY|<=s$a}k6jG4wF*La1G%y#z!lAZ|6cF^gg&_{EMS%M;eAnK z_yc+6wU`DVd**%%tb1tS%B=)i@HC-4J}VNQ6-n$OWNi+>dP;xxS}a>TE!+8f;rJC` zn=1(X(frUaNPkMH<9~3FE}3O+0+w+BEOU4dLU0>~msxorGg)+gE6%b%6z9?8A6DLe ziWga5<_^`pW0T5+Mc-pf{;`&2yh^vEPV33!7KGM5WY~?NSBmRlVZ0}U&3IFl-4B!; z*|K^w-u#l=J}~c1brgo7H~q(`$ej;CgGu{Z^(pcMg`g6PDe>dMjQH6xEmiH9H_v63 z@v0B1OViout@{fkj|pjlgn~xH#uyRK)I2ER7(5PxTBZOCtQ7~|9i!a`eebk0e15{# zg)I@}L&xHi?jd$>NLNFBfKe814pr$%Dg;K=B3uUsjH)Vkxvyarc|_xVb%&+x$MJFg zuTgOPAwWhb_rVsM?TC=x9uv1Q(%ofiQYE0u&-?5dlq8G_L1{zED$TCk(vmqjw|%g^ zsG1qx826Fpw>6a$k8}J}+ok6%5bmw7qqgNee3CV>)K7t(Eo_op#aM_SepiH^783}> zc?9hu*DX{nSf4Jp=UTyUYaKFDto5%Qv?-1*XNXWZ%Xx^+72+zaJXIffoj12>8)&hb zjDF3?&dX67xrH?MoqDwkhK!o$G}yL;CK!tC8CZF{)7xWAK=45#>2V>Su-sj&tEk>D_CuO1iz|xMsf0g;qM_)X54qMu@#ggZ*D5bwQL#!gxFLPL+fx+(sxV>;yQbO_mUTJ_ZF~Qdp^SZVoBY?v%(AT zB7I()De-eGFENAkPn{dXb6R-nL1!Cip*=zW`k+7z`X6!*yy#?g*epds{6o%VhBkb4 z;3otxfNNJMydt>Ll(`0k-QUz7_NF@*#1b3seFLOhFnR8d<@ z@qyr{STa>cXtg{_nK7q!Rmyjr9%$9B7L#(ul(A4mI(^Rc9wZT%S=3=m*!~^UE#O&* z@P`uZ;Y6mM>F7mxQ6C`+I4Kr=fdcJCa^zbfXtx-(chjWccy&pOak=|;q<%QCusqho zo)d-JcY(bRSPCs?x{>t1M*uQ}!KRgZ0Tnudb>6%D$Zdmkx60|a0KDWpjvBQD2P{4o ztx-*=?j{nNq(R#J{Yewp`op`X6RZ2yy=Mk6_EYj*C+4J1fUV~UY?Ic2-cEheA}$7A zuD(h2dYdFMw||Pw9sdD%&cc|(woh_-$qzC9IutuCay=C|zPQ6}h<=8FSL^*lH8fI~ z2D+tgBprVExuI-omz<$?b3{09S52xL=jb$E#q(?TmzHlmLAJmwhz=@5 zh_;em4{l)A+!m+kg8;qTa8wR2Wa7m z>aR2#huwPGWQrrgq}k^-&*ip+(OVUoU2QtL83G|H-?w3*x3tZ57seIxq^{kB$&j8& zo|0MCv=u&n+zz{KfAM_KOZY{@M-HAYPKYA?R{p{-Y&pG{7F4`km{Dj%ryorfDZnQq z6%{DtXL6`*bdk1UQO3QED-T|X-nK}@ja?(@c!Q%E8e%#yOH%lW_IAW`J=54lXc3AK zB?DOWBw$gd%A_(YFS+@L`?4wlh$`59r@s?b^Lo(4e^z*L|L=OkjB!9RwOW&^jCQoJ z`(kRuf>edrQM1sZB+epmv9n$S@?*}Oov>k;;tygL)XGcz+?p+5Ui~wGf$2N7#n-lh zarfITk&?IIb#LQ3YFp9g#e>le3!n&$yZ2Sx{zmY(iraTYDDu-=_V#LFUI-O%D5i0b zn;l5HuU3Z1^@lw!kl7Az@$sc^oDA0f@JS=GLL0`LRre)oGWl3$`T&3HNP@N$SI^_d zGr3A=rUQ6vZbeW_LL@2NK?t?_Mfjws>d;CS?6zKg)WrgM%;N01O0DQ@MZ-MQS93mY zm*OZa#QVNt%w4Qqqo$~g%e7F}+!7fHRb5LH-^|MkR&L80&Z;=7SS>E}YXdF4cMHK| zE(&<6Xd83MTTpd9wy|!X$7yTD!j_PR=QC$;GS~2V z1GWs_KTcZsqAz^D9(ft5O-z3Sqt%9Pd_!%TYDZ}&s87OFno%PcHwXiZ&;xjD#Mbvc zh?RD(b|irkoev+P0e;xeclrra0q|)HZ4$5*J0Ad-SNs3Fjt7bcaDK_T2*a-Qpn!O< zrP(=MjKpujXZ|Agyl)s`Re;ykY;3^{xDkNr`a#UI_5QrJOS((^gUj+gC$ z^_Wa%y7l$;UrYyYNZW&~Kxfo7ZlW-Au-(^DJ{)#`cpT0tn5k$H{FGz3#9sP*ELJ;_ zIaTTrZM+4Ib`@J9)WoP$*PG~O&Zn-?Un|8z^HL6 z#A&BJX_4^DZ2IG{Mp#n28#Yz*OGygXTfWXBG5Xx=dVRI_6?L|_r$!3DRiO>5&4g4Y zs`(?WS`=2oN=K=Vu9xYpj8?4%hF&_ZkA+dyWGmxMc0bvdkmV%C{_4t`tV!-Nwv3}| z*X=3ul;S#AE0g)zc^L=nFoE9&crVxgCavbQ2RQ|wR_H}74&;2uhfmTF z0(9Gnp2e43#$lsb{~vqr9oE#g^$Q095iD2$0fDHXGy!Q+1Og%*i8N8FfJhTj0Vx7Y zuppsCq*;K_iwKBx5u)_oi_&}VHKciG(0%sa=X}rizVH3(o^!AJ*}9UfGUpuqH^v+b z3iP$xDGw{3O-a7{JP%>7(1`;VoPG!*8B=|b%VF;5m04M_{?=#l3tU&DxL1>t&{70x zPds*t;!^2%NyYqVC6A^s26D1C-`hOCZ86dEzDDkc3H&;!D;ZDx@S?n+HZ52#NZr!E zjU`m_QVa3uURj1Dm$5RPI}0A8@P(7)+nBC-jYaF}VW!Cl{^aC|#datbt#rh_+Nikv zQ(-H{jlnwiKBms-^}w7|G-7_~cKG*_YQu@1_Qv79ut}rw*IDN`e7Er;>+&q)0Ku2p z*P#u4*FlKia95C!3vxU!KjBUGFJ90aD+=8k;oh}+pTqKvVaL&{=32z1yQa8IgLkKF z)B}i~_=w+X%zR;Hd z-2KfAy>_(zj^R3Zc|nNA9aM2*J}sJ)9fh$!=A3bD!F!#c1~^m289%n0Wi(Iur_YiW zftb8Wi=}%My@vj)UbFgVz4jmE`L__2DSFKa_?x^tsF}=I9I#5Kb#egLLFvgYU+4(k zBCBfaYAq7zilUCFcf9x_JbM!<<*rZ8KN~-Qk_O^`bEonjsUN_d312`2sDT|oG^D0G zBgQ+RZN{|>G$s4<6_Z2^HDR*KNeT4=fPzkx1L7$pyTz%Vw0ixfKx0A#h2&v3!>|Ex zaL~VR< zCaDF}x^DZyo9-v<^)v}&Z2BVSnE@^VRNfRw=iH$HtkwJf1yRud_XXgy-N!_Tf$X)U zdx$1r*ruzTcaCgg@FUP`z&TioO-$NJnilxeYw{6u-V}pALy@LVOT_6%2EkhTx;nk^w$F76La=qTli9195<2N zW37GSWKD69qKA`S_eS@o`?h1&bb)u6jUb5Th-5hs?|`5!76AbE+!Z+4`mc`kUl@c* z2;CwbO;&Y-7Kce^K>dRDzb{T%()wa}joT4;($H&=P}%(i{OYg3plif>LWIFzn#ACT zOi20jSP;O0JPaSfXmk{KN7!Fv4=uq4Kx@3S*v;zS-qE=2o5=a6APZvw2#fxWA?)P- zg4i$AK&4%~0D|j<+$T=-n<3E4j2?s%-XQA8RLysMRlrXeC-W_p>zZC~+A4;Q_^K!Y zf?lg~)0@`oTy&WpQcQL;+d;gXN|6#e@@2LovE+Tdif1V!aEq!8gIvZ2#m>EW+KDl^ zlC=4aBq%&xlgA}=XB_FtTC`T}#35<#6W)-6nY`{amr4Z18q8^94^Io+S47=-VaTa5 zV)SkR7j1~)UR0HoPr8cDvFQ0U9q0IbQ0|lFP(H^t%aHi-SZar&NlGH_#L+^{Ho`7 z%*e97bVj@(w&%P{r44=90udM{BYu>i^Lt&gev>!ytrT>JJV{o2;@b|uFATZ(Cu{-i zDJny3p=59&XA#qAa+70|U}NTL-ljH1i>1xAUjLgLCRk6V21Td8fd>>z?KEW@+n+ha zR1Z-5K-p*e@Atpya1|OTEeJpP6PCv?EBF={4(y)-Mc3DopYn_6fzpykDP%sf-A+f? zXLe(?-MX86Zje1p;$rMX{7N_rOn(7d{`B*IAP{Xmn+j(=-&hb*5Q-F|*RpH${@fv8 zy~^!vvBEp^6LzY8oSHWI{I}ct)!0*a;QorWN@U4P)74%de*8Fh?@6BoylJ9`i!Vn{ z+E`;af{4mFJY{H=I4=?Hgb+M7Ff?ce)izgkpw%9z7^S@z_vz-H5l|_7xkWwa=)|2c zS>OF(C*>h|jYAhzybCTE%vvR-w{~@X4pV*k%@Ct37MEM<(~XF9taYGMp`HeJXbNGArf+;+SW1gf%XoQCpCe~p#pwkFTG!QG z9CpdFIZxJ~bnfFOYf4}@L1cYfa>{TPo3BQUu!rV%873=C46`lki^=#GjNzYD zqsM=WYRm~ltZ~l`Z#F?Qmp&U$`JMr3nIHfj_kuVpfkAtr5j!*sp%8Bs+)^9KS>)%j z+V4o(m?g~Q4NQJkYoYf)u~#o*1ir&0@mp*9Q;cQfZ)52RivIu)7gLPo5HOZ80C-@3 zO;jH~PGq2z|Aj^gev?7y>(^517aH=%o=ocdwHY+h^^~UEz`WCI7%5P121rs%3I$HO zhN_UKRX_D1R=+&XJX%>EumIR(0@5>vlL39nhY0{exOHAISLNm=JXZZ9!8g*)3Phcp z%I{f4PQMQ510ch%ujV+FQ(48L!$B>KQI+p-3R77EwyQM+vV(T`Kw-nK4Si#j>f1H} zf6-}8_SjWXEhy{>`2%UY8p*5nE3^~(8-FrKuE0}4ZOA`ds!*_;e<{QIcXp|4$1I31 zKG%{S!10H(-9wC;hS}UZ^AE%EpLCe7(-8?W9|O{8m8XyitYjpngayeuXGBG zf0QsVfFhU}+(n?M|B>kfwSZrKW%`bTa@g_vpbBfQJOS{_arhGZRa{u1IB6&iXED)y zol*=4|4ebC@CI99Q+>xmDaC--k90M7#a-bzGxp}Hip~*6heB>jEdxhO@u(asQQ#iB zFN=aQM2n|_Duz%{#Nc?mK>hTl(6E5-vgYsu*$!VD4ya0xBNt^i>R`}Dox>|^k z8MF9nO{jRqzqGUbr$*!d$NoM^=7s74DLO(DfF?bkQNO={im`b14%@pXOiVOZKgreQP0B{9R)bf0tEYJHZ zTeqtwvbiWc;O6D+`LRIZBe;)1NA;rV;Z>)Fhq=nmOrkH^_3xhu{95CvFmKwG?J_l_ z_2h?6JN{Y_^);Pk<*73@Y(5MQ=Yx|w%+6ssA?l9QsQqqD>uQHLAMVK$_SQ)5U)@4W zmT~Jr=8;niO^Z=y0+)0gw!%})9NhPFezCQew%>QrXwK0hy@Fwr$Fns!*W=Cm>#_{X zP9T<2PLHk;SlhR7$6U?&+0gfTJi}0@b=QPVw62Gh=`E$BAiaC}CrtBpKz!eeuSj!0T;TZ3ZdAdT1(XTl_$0ur<`g={1L1PNmA`s7i})E~~hKTz3JP+bzJ@}SwR zMqn;O2FBesBF`e*1pcvk(&3-@k(o%3N7PN`stW2{JoB}#wX28xY;?K6PvX0l_X_MA zL@qLS?9O=cO!A>G!oOZrx&aj{nJKyfXEb&A;WKolc)ZD`1sTsd-=0s9z9Yn4RAiPL zPt@2{*gSW*)|o+t;c3WT7-z=j*qEr;2O_%Xfdag8^86RK^qxU}2B{(4Y{dLavfDKC z%rG2ig6#W!XTT@Pexq^QXAwVPC3+k3{{@1*`nN))f8)ID11uAE;!-zu07+sk=r$5u zMUpQInUFvPzN-do|4;)Ge~IuHW(X#ut6<+10#vL1_Cy?Ga6W)VLVsi1O3dv>DnPHA z?`i_KKawB2xw1)+D@%nRmHHLv?CoPVzwL3k&v8`;(f2)L&yfkpK8RoQTR&zGfA0KcuQVYUU#U;Gz#`adW~ zSx*EeI&A-M0t$Y}MvmnWU&yABJ^=yE(1`tEL0J4{r(J(YQy{oMW6V6E)~Ar0=lc8~T2wd8$> z)pn!zQDHTaw-K`x#apsV)sc~5NQyep*2q!mAf zZTNyOqxlgR;{M$m)XoB($6lRl}R%3LS_+iTn_-X<;Fqp!QXb%n!EK?uK^>+0fS{E~d_3 zoBw`O@>g^xr0hw7fxw;x2b4$OXksA}d+{mjf_ObK18n*$o_#R-9&xtZ`Et3lazO_$ zgKV}y>_IrF#Ox5JXvmNRJ3ysnDl|B-Wv~3B;{3uZmIyrtT|GO#lw_v-0~9IMRoR2u zRmR>YR$IxMLdzr<vv{>TLXi0cs~HJLj&=WV?LpJzqTd0ZD0@Y{xqV(1TJUJ)1xO?UQ^H;l@L(xwbFo zr09#d?=YyHdQ>#7`Yv8vJ#Q{J+hFph@*4H>oMTe9SL9LCTzO3<0V@ZA0;6->?~xDj zQhkFg+ueQj4E*-ALJ#7;CQ>M`ZiO;d(o(Dd74#rQrE-#jnJ65@0nGdi%Qm?rZ7q8* zNGH7b=!k^B@v4ty0=~ajDH3PmkH~KCDVHn2cW|2~ZD7ZBX4Vkh#9Fcsq6~WTm$Ny4o!uEeHWZE?vfmz=#$Dn< zEGMY6L76*fA|CRh^zGuykpcY#iW1k!Pcl|JC(sz8Z#0=@CB+~QK;-VFNw~eMw&F>4N5aMo{S9z)#4AOwOYIa-AnK?FQLpIe+;KReRnt|iQ{BB zN$u&>I?zk!vp#shG>O_kdKNU_AS1Ni(BaGeI-VS`hG*6AhcbfQ*2anDB=}0b=)a7Br?p!m6%O$AeLXdHBM>TkbCc?x!bvI?QM;B#bv5-4Cs z$+n5@=5C;ylk;UTY(voMY4?^%U|9pfvUZE2cc$S897*_=$R;ET`raT{043V(a%ABw z8#;(KHzm+0jB-yjWnzf&T7!AYus|pdPjmhIQy%&X%>dLJj0)V7jvC9(B#;+JJIOHW`eo+TZaJnh|Ef?@RpqH$~8vVg=OyI~O*6#v)7 zI*MAaTy<2QCha#EC%>r$1W+Ri#WM1e81+ZMdQ%oFaR%{G{Ex*wgj)Z$YO6dBerE$+ zFz!<*&<+;ERvBbRmAhpS>n#cjSoz~hB)?rE;-EJ(u10ZC#gDcXsBKdLF&neXCfJoi z*K?SSD@Zi{Rt!nOOZW+a`X7tcmYxIZwx8uC+$RTR;D5s2Bgw*GwPcUOXFg*P8}-t7 z;)WUB*4{q|lAvq;h%yGi1{gDBCrJ;mHRXvwL{z$PV3-=9D@(g8{5u3J`=1%r1+#av|D(fBM_#C5+;Lfc|KMru%_i!2;;EdUwLW0AQSuWMbM+*l{3q zH*X`>XUXs>FJ|WHVK6zyovkj?PuPRsH;03dpbJIAuE6~{^7wXh5J2v?{p-yr1fa%j zI3fGD`2jst+OU5v|6bJkGFXVc(0IQ-eupxaPNT7wXEpOz)V;{Fhd{fazc1v>uZ098 zZ_Up53G)Rr2%@mWlUBTN#v&o&U+Bw#TJK!7Rh(w|oUlP^aM_hFS&QF~G?)dPs=r3~ z+v0;Mcq^Qn;eZn7p2$NFVu0{G8SC+@adJ}%r<{%^LOZ&DU;E`>Ywu=W{1c{!!3=}A zx6Sw54E%zSn|>&!L*G}!=rafl8toGx|`a)X1g`Pa~70sve1%}5wwC|q+N zI2@nTOriJabpmLX;>B1ULIbu&sB|Ba^_^4j#UR!x65+x~Q8(0Wb~y+Hi^KsyFYS?A zzOyoTz}_u@S=j-NhV^G-b~JW;$oYU<4_Q*w$A}j#^Yr*w`D5@-iKIDe?wAV7f-$1- zRQt*3j9`34jE^rx80gOLY7Y55sP)xV3&mREqdDssC97-H--(USsrjugKt!O;=MPpD+ON=;e=Q%Kg^~eXcbB(9 zBA`zce5HVhs9kas#;$*ZaPR*Zvi9;!HZ|oofIv}6z3@3YP)?wP%NbpQ+|qx-hW!A` z>bi<7a8#1L^RS7<)T;sqZAHIp++hFmfp`HoPy{VHX3 zW0W)C$N>=qZu<{XueFd-BZyH)97Oh*Qw#nHOSfoT215a30(HZ+dKAGpo|6Xr#d!*^ zQy9t?Qn^PB$bloZB#X(A8dev#)8WiS#M;zBb=z!9bHwWM)l@qP+doZDa!Y^|;Kp+*llaK}LJ&FLr&ap!^eThZHwn0`)K z_2{(S?|Ip^g1=%R!h-r=F}T8E9!fIQ^-g~N|8HuHZL(d!OCwb3+s`fD(>f> zGzTL&PP9F^h_>!BnpxZo!xnh(s;u?r%FjKqs(R3K}&Z|6)CUj zWk&OSI%RaM=WMI-o+dY@VbSxxZsVc($FJ&Kzuy}N+M>@OA9>M5pVcX~vhh^7p@S=T1x^$l(yh(V>iW z9w`LL8YEtB;DN7l^+h_lM=#s;eWIqNS=McH@Ohd-!aAZ(GOgOGo{8UDxh9wZ)@1#8 z(Fs8!IIpA-0LF(OxZk^drFK^3by@PG$eGO3HS37gX`mu}P0$??_SNz!!c*`8*uq!Ol~0pnhl%{E==U7f+F0pV8pALw4lK?j5lG5kP40jiupHHNgdu4|-&` z?IZ;&mKU+ zIp~fyJCh%8|AcK%v^NS@;JX>8Exg3ivn)rmT*26Zx+W9f>W+qZfDi1H4{>}G(Uv}U z1BgWQP%ujHriX=vGE=zFyR3VaxFkH^`C<6SzpdEd&M`L0j`Oa&&4&>o`Vgr>(m z-Dr1im4=tdQPdgtm@qV^0e!2*Cm~;%J=+|RqTCbPRGCPdI=8WHC4tSR7k<6AAxvc{DQr~~V zMzn}64^hA&AKkl(AW?}RmQnXsL{NwsdiNd1)ubP-d5nu3yua@{m7WbcOCp(|wxi2y z@NrE!y0LIH?v)t`n6Tq&d6?TGe>vAKJH~^qS}irut+yMh0oO4y1GYP=6<0im9VgC! z@m3PFfLTQ(fo4G>>oQ(~fM-Al!g8=yF0}-W)_F}|E|0t^%6ino7kP1@5+VIxt}+(P z1XsC_wScP-)V$Nk)ikK0WYw8Ob$i5iIStpoF#RLwZ_g1B1f_w`oX3{&dm1|tK2S}h z?+K4DbBK0iR-Q%Ghf9_{cJ zlK`Kg?qk@9K?$FbBowBbrq9MR&1LLpB0t$TpEz%u zIrnO?E74C=FlO@^1zdX0l&^h!1C_6CJzO#VxjFv7nb#i&|AVOS_xK1@rI9rz2aN;@9)z$eWE0h<$RW zILj8lc3L+*@Vp6A^}zQg%pq3S5Cd>LwVngW^)Yl|=O;i-o>_y_TB^63rfzDctb0g~ zd?R zov((rjMISgl+lizpTx#0I3Y%ao8G7pRJiO-EDA)X{g;2_J%*ks95(1u?*Q6eP2hNr z4AG&I$i4E^EBV6kk1%FC?Pnjo7F#)bZA9>8&ZL>S#a3eQ1;Chd&<52NY~!be;Dn}* zyL!09a{fEhlEa_W*Q0Spqf8$^#n@k6iZe^Txgw4>ckonT@=!T`)iOnej6R(>;noTS zqbIw@d578_u?fP6+nM@cm|$bdXMN}Oh0-uC+b=0AX{%b$?aATtG&Wu^$Fpf$&I`q; z7uwGXH&1#QSggD!@)Umd#{9T?d-khy^inXUHN}e)j1K54^DN?fK%&~`Kt-9+txFzx z_Xz++Q*PbKNdkdVNe{PEh;3#BsqGk$^4afwhB-Syy5r{AA!T;|GLKE5QQwL@Ge6>( zaHQjAUtxuFvCP@h6RkV6pptk63d=kX)u~|TzuCDwB$u9i#xqxa0q>JW>|9?{!~7tg zUx{e{9@QcAt>jHux#GRO5TYhf;e^K(eO=3>{@Z&EEMB_AxQ*`^IsQQw(5O)bfd~7z zKJ#v5V#}Q8UBYU&k30Q&){nBYvjYQD4*TsIw{_ zI|V3@{W6h;a~r+B;6~r8nm>3TRdTQ7gf*58yaLi9fQyNsok0q*f3bKuX8%L7@Q$^8QB-;W zq^ETh^gPBl=XIM`wkzsW%D%RL*nZRGaXy3fV5rCRYIcVOj@Sl9{}cA(;I+@-8T+AL z0IIo(hJPl1&NI%xnRIRNSYgi2O@MxE$IKIDSKik{AzYo?45g6kmkIar4W>qsfT812 zCbUjmP4rHE*Q)rttkXE$@V%BI_(5w@9mpZ2yS8rPjYytFYsQ*)Tk$jY=j0KNto>TR zRIG0eM+I=x`N@g%91(3_@Oy;iAy4`)`Nm+fWXHb_v4<2~`7DpY%kI^#0&kdKZPlDv zM2z<_683>EnkK`WZMCU=G##xUHgDZ=|G_dI?WgYdN|K_I8T0(O21In|XS^I)0e;G{;cY8Yc`2zaI8C#;z?Ej`58Mui1t&8%oC_K2@i zTPV@s6YioS+Q7p|yXgB%arDbuF@CelCdgjk{AA|>Wbo}gSvef)&4gyO)Z}uo$o7Ml zd=D(byv?v>l6aBgY2?%VGfw9ZUKl=h*kS@c$QvrJA~s*qciKKjY_@Q;saj#=>xtZ1 zGinm)IPlln*b~YCXNg0-U}4+lA|~B(HXqvP?^n@(-^CKxk6ijj&RG^eyOR1G<1Cok zPo9BcPcAW<^B0yMZ|CS=>db0!x|}w_QFy$6pl7l6iV>Nb7@}s~(@Xvm02t~);ZIn1 zNXnChMZF0#FUTjSQCX0D#D~e}@j+QekdA1Oryobz)IQI5&Gj@wK9-4g9^g1IR&;`F zi3lM3I|yQTXb~iL1paV>j*&6oa!ze7PW^N+unmhw`1Bwvi%7I)#95|h*uqkXPf{~%Cd4Da){0|^Aef1 ztIlha$lxvs~NgHA)Z_pY_gs+hR z@6Z#Y@~5N4d+{YzAM@pd;is{Qz&~>*Zf^25C(dR(at*RM^nG+7$=SPW)y~*_5^fbV z`BZuw%Y1vDd`W6}a~ZI*VY)9s1A9T=x>$`H4sN>NEC)4sbuN|%m5K@Fn@M)`yTw?@ zSltutl*YRff<7rMdZ8^N!k6xAQiHsh|!(++Ky0zOtta5#?{$WomzQ1aD1UP+x?Q!f?(pSWj?HnRLl=m)!Eol^ zg5ut;S?t6aM$&y~_KJ=fSSk9El`W_gUG-UH`qg4zU8|Eq+x`P4@#`FSiRek3zVIEV zsQSU1ibHqB=!!F6`3y>tR>6V;p*%T@mVbUp%MID*BB&MZr;>sSSUv%E*&tHHdY4QfU>TaRMSz>%`OASxneDqkXzT&)n6JNBMK1vqBFO!*#yu#R-N-URhN}zM95oX(PzL9jM zPl-W+idSJlezVPj(1#Ly);a9zrWEM`004mqoHk?k#xe|Um`$BhIez$Y64wps?Xfon z_wCn0kqSii2;gZnV@WQEIs>TEmb|?ou>|<^wPuKd{i95`cK64jnG+db>!ayrKfiL@ zGc@s7?8KAVuW1P4BQ$;L<|{vX7ZRMGIrkGfj#=%j9L)4j4hzMle##aq z2i*$eWLLa8Tk!-4^eIfm4(0>k6wfX~@)?;`9%{df-TL~*sGiPYqJe5WeSrV2p-MqL zLkS&Q?HvZ*pRlWl`E&|j3-uDc27RCu`UMr^`;$=^pk$oFc+wN@svFYqavYLg)Y^0Q z_=NdsntRfT$Wj;b2-%>Jbc|e#iVINV@%hw=B}bl$Qct~j=RIaHyc5gO(I*fYAdn_j z{y=uk4oHp>aA8dQqFR#?o82HZPBeqErwq8^gR||>(s@4vKt^)dldxVt{f3|knZA;B z7%!))iZY!MSYtop`zlaJzRXKJ%)=lwGboskMpd*{ zhrb9uCyZ@%c(hRrY>f5JHFt9Pc($%-s}A}n%$ajfPUBkWDVqBoLFXAvZZU3N-dNUh zCW5_Vx;EQR*!g#QkHltEni=O8FQ0oX==}1K*?Mi6?04#-lNrBmk-<0D z>=lyrw4yMLYmZN|71zO6SIWws$y#jo4jjtp9}4r`Y$dsCf(V?Vibmiq(H8S{$dR4K zwRG7L#)6^8ba=l|Sr;VWbrTrlhIObyL?Z@A>93g$CrB!oJFAuDk}stZL(UdNNfVacCHNK=NUwlo$ok5(7$I1UZN>-+2*0WwT+(IB?gg8 z_O32hZ5}8)JKb}>Yjf9?K^i>bilvJqgBazhdJH0}_IJP&z(vXimu;+_Z-MKzZSLBF zM~Ge6Jwri(;rDode*ZZFJFKayp$eng1A|e4|6o7+Val+*G_-qZY4+}=-AhNecOS!H z1_pY12Bt%d2M!-+Vr4zf#KOYPc?QmYf}4Yd<>a}O+-G_D1^C(ELg$6}&Y$7q=cC+& zijIzsVIRXW28LsN>@4hj|KmSDzrv2}gK@!Psi{uG_8g(2K0@`g3I+$`q@~*Z1N;4l zY7aFSFWo+RhW+4#g2S*qRMgaaXsBsvX=uRNKHzs4%@Nw8r$m+Z9@Dj?JAI!?%r7iq zANQr)Z_Ik_D?H*>5B%vFSdO!@v7b51%f~MuA$dVcT1Hm+vWlvjx`w8{f#Efy>o<(8 zZ`s_owX=6{adms>?&0b6 zfrUq6^vo({YP&Q0?@i4Ae`{v{nAo55>VqAirUJyHJ_19)Hj#a3vN|#ly9k_Y&BUA+ z5?ES~Orwt|g62w3k&lhAcWIC#y-mo9y0nenp?%zQ2Ys*vkkF{7UzH+#293ZB47-VX ztM0^;aWq{-jV*W)DF}GsYU|!vgh_SsR!@!8bi%A69OLdwwHgxpq1Pzx*eVT68@I-} zPqTRfswlA=fu=ARPx#fjIEK}0VU|K$nWI^EYZ}gZMjyX$w3_|aW3i_A1Fz`1P}__z z;Q3Fv#Bpw82lv?(^<7Bv2vc(wD*OJ1P427BjYEgi`4~p_4i-Q0>+J_Ed=NXQD9x&i zEJy;V#|kIA<(S8^PFI*L8dVw(hD2On7Z$#A1|?Asvw5S)#>1Gwj7hY6n_cF*^_lC9 zPljnC8@u2|_cz^Cuv`ZE8g;g9=51(E4ZL52w`zC`SkV++qsPA0h&6*v3&Ng8kfR%k zXJqd6mdW;j>c~Uw1w!JjgOfgm-J|Ol#vcxTwPj>r$=>1S( z7@+4u2sVdAd=#bo7Jc&GVbKY%U{dCI*6G@7xW<*i0{X@1h4XXnFO_5keG&~>Mh%q^ zp6+Z)u&_y6>U0H3qEQEI7C%haki7Qj>RzNDS;FJQn0#GZ zJVDcZ*z@B-Dc$_mKJFt?-jTyx9SP6b{G_=#f^ofz&MUQwD^szSV>yf_)u{#59oGl0 z_g5X=dsfOO%;4s!Dvy%~E+~yGo%3cQ#S%5_#}=i`SJ9CvCic-k&iukZ=M4^@CYO(-9&`yD)D|>Ot-P6ci zBXqEE+I{)mkx+wBlk{41LExE%yft9ouKckPR2wN&a8Ow%KQi&8Y;trPzkoWoG%wrU ze7XA{20aA7rOsFS9xv&6+uPvJDXv3xLG5J{1Jx;m`%kaQOYe`m%J^8)Ilx@JL!r-& zkzxK`we6Qy#P?)7UHyyinqV2a{_fPlE-^-Zm;yNQCFU5^pF@sRF+a6Rz4h`*4Rq*> zQo=zNf@+uZQNG2=qS9mBysr;ro~mG`r80%}7ahJQ3*x0kn-8-+a5_nO*|jCUoC2xm z7uD$-oAm4kSLklO*WmSgDINuT?0w42f+&dQfZE=TA&Jbbpnp_v2R6_BD|W%+6E3f& z5W6ZlW^zy#1lDMsu^S*A8&y_;Dd{5O==I02RZiAp=)e=BwH2xBS!Ws?j1xtV)U!(8 zu_g;(4%a@ri6<<v@fpeh$*%fXA}${ za*TtoA&T;yw6xc^JuRFHJiMEW2aE2p)u`U@JY7E9mXF@&3kG+Hx1lTM^4-g$!Eygb7u5wp}WH@9^^r=LA%2hpk(XM_5@uim9Wt_*ajrJ#rXg3Uz|Bjt_AUjei@gA?qAY%EZ^xadoH zD^4575q)@-aIt|=xi>;dx72G{Pd#=sy*Y7q?1yxYLnl!tVYV-;B`s~H&nY#N5nA)g+r@qm9dbjT@=24IhH1)jFs8%#&s{|+jKNs z9w$e70xFSx)|Ei(hgpx!U_ZK@?ZepBKhj`bU>oc?muvmJ;eC#XnGvcWixX>y-ZN9w zQzYhabvC+}VQqncs~)=)U#1Umd)GLsqVsex2vht4^)R zIgwFkbLzpqlZRDc9yyB^K>D5O%yF$cML{~H zEsSx^W2MV9-jY3X$|)*Nl8cz|$&`jXRrjVB515{`qkW5WPLgtcPeHc!^dlyY@@sSV zYCTsfDGHTuWLOh{d&G9~sBj66)Px0Q33r=*(?4BLBU??~(j3u|W`^=DUyNq@}2@uJ-9(T~^9nr2`#e zmDANq7ozlrzmD+RO+MS7p{G=H&tUx3he~bCj=1|3Xt`tPLx_PkoL`F_=^9RGr+#JMWh^UMT+QXf{6p+* zfFeIr%?nJqe3W&CNmDBN`pTY|s8jv?Gg!`Yo<47Zm5_qaH#X^u3mZb*`F9+#%GqLY_Sln2fR%d;_i;g7<}^PtG)+p%08Te@u{@q#Wagb1OWsL(&Iebgb7bvV3K{c{7Cn#@S#}%dHYGl3$jhzze$w=#a_rh(@gWJz;T>VfoQMW&*xn(qV z`23kw1wnGtD+e-eEqw|6hyUfO*ie4(e`$8dn@;DP=753n6Q#>m9U z4(H-z=ioTWBg}j9^f_)04n8UVbLT}RBqZRxGV;=5a>C*gV!Oc)Jw5$_{RdbN9%L0e z#c@jPfBa`R_}O!h=Hvehes+VpfBWEPmED*xyE2&Ho*z`mpo}TGR~Wz*uAWRu1hxKp z?TY?Uuc96^7;Dn*VL^d&Qj$|ZsS02GrFIn|7})7y2VQ;y+Npz+{Ah*F{QgR>L$8fW zOG67>3|=z2#+t@f41AfN??(D$4g@_q;r@m&a<6=1gK1xy37Kof zH)~9Wsvw}Tu!Vih{IHKavZIuf`z!t$D$^yap(t8j<+IPXP4f1*-=ayhSJn2B7gl?Q z1`g~SA4hBU#nNjxq9Iy&@kMM+!RpK-fvt|j`F zi8i47QS+rc zZR=z=*^HZ$Lbi!g1s2Q$X3tSgtf%By$RMN3SW(i)m(Aaz?{1sKaNj>4G*xBI;Nwe4 ze0&sT%tytSlEegy&>KU+H2Lk~X%eHr0be!PGzFI5N>@t-cIJ!_I3Z#|@2V)+q!CY3 z&6Iz2kDgvTYVYq~^7X0s`5n}6MvWs^)>XuU z?92s^k2-vUi>DW&mwn}%+}3j*h6X%WdCh z-^wn(&YG-SU|i}VV8)2j+md>O>v4FakHjy4uE$*|_Agjf~?+_DS1oFuLL zSn%2E*#xeHjHzRvrK4{;FF(+b)VW|B6LDWZ>stMzR23#&Jy6(oh6x7tE$LI)+XH6q zbx+{zIUYnJT>x=?s1cpnaDal{4XDftr06-)L`IQq;{f$!3162>d=>TTOH%&9GeT#m zkD~N76luW`j42{N;()Ts@1q(fy~i3~*%Z1+L2!I!IH?VKllbk?0RvlUU5tf;`_lME z7*>faf#yD6O9g$F)#qc$xqstF%k`-@S}L^klsda)K+ZicJKF4F5xOep0mR1y+m$Ks z+bKIBp~id^DOA!@SLC-#1kwriY3zy`Q@$=Z0Cf~pT8fE}skBs>_EAm%HxSxG*}w7o zASGT&F>zO_DFXk80{}`^h|H4Ji>q-HP~ES;Uv=e_K#^=$`DL@q`+Ti8<;$O7QruPtl`ZcG zxi-2MK80K#_<(ntksOlh)-Ft2A$DIS$weQ{iF zl0P_w)5acY3AOi+jaia9*K)c*HO~EQeC$xlS;8AFs&+aCtdb#LHhW}>{FXd}>nWsD z1&ZI1TbJK1C7vb;h!GWv4+!6`kWqx{F9#Zm^gs{pp7r_pa7-@KGYA z$EMNxpk{{#w>Z~_TAuDZy#|)7ckJ1vdTxEvSqm>-oz?BoHGK3gIjRDzq+)gEXR{~Z zJ!Y_rMkiv+Xmy+IXFdlTJ9X9zTogPz9L_e!pJ|~l8`B^X?NazDzo>IW)I{|#{0kIV zo>q3POS0dQ=FV+*>C2*}lllT5Zf{ zY#h5_i|SoG%BNDtYW-ZM<&f-nXo0!^TgUrg!)WSBprZXiQK~+bW9dp!(@M^E7N`k- zUM#!p&AD!N1AYBFG@km7%t1PI&O97=@?X%ri73H_iahKA5u$uh`%J-g;#%5L*jkhM?# z(OXp9Or5XghJ46{aP}f4it0@`NFn-j)Io~EZda@VFgz6>lOAfYjEWx5m1=_LE|Ke;ol!`b)gQy@3v(0hjKY zYZ@U9nxm#IFRMzEA2K8jC1vM*`|L3&oOF_aDMinNtR%9k`x3{R`WvlC)0vINefdGm zg+a8fVu**5x5H&*B#g3H(=)jnV`5^z1F6$LX>6>?cX(I+Dp1ySVXEe81}bdlYGFoF z8MxeIqSuADW~V-m_|SO;b_Fv}81OgTZI|6&+V9Bvr7`fD`J{cVb8H`t!s2pTRSD$Rn19G!umsjRUV5~lLpU3_|PkqsgY zQY7+#z|cFpyURz^G(2)3W$Mz0U^;4{zI>(dS^C7lY!m@) z1PZFxO^wj=M`sIV%c_h|hcj?y%B6YM%^7{<3J9-pF*$1i+5gZ!N<*n-zEK+4J3TL{m$R!r8`$p zn~$f$W=e7RD;M)7`|`Aa7d5jEkY}SK-Z1rD(q*CXou;o6A&v0J(q2(BOc0W&X$A6Z zz|1N+jPqZ)@%HA#q|TaGkjfcm-mCdw!zoKCcJBp|bBuY6?U_%qhbs;SE-(@J^R2_s|D9u=m-G=)<3N$}%68Nov;_toE%Klg5wsx4FW{wcTxHtUKd3l9Ln1)iwDf zu8KBtpR6^MH`qwKqk-s-%_8+6>bhJbOwZ9U^Bh*%kcd1P9rEd5V}F;g1nVdI;3dx5 z`zochgs=|14t53xO=C@pBG`L|=^=3KfUEqHmNPvibhZ3X}@ab->8)I@S~gL2;*d&sCxv0jJte@fk(U*ir2F9u&|nz%}`+o@u9S#Rew5 zOkBH=#aJb){QRZ8&KVQr)Gt##hzm=sgp2RVx64$Oqa}NvhVPzLz>byO>Sfk8Qs*>S8N6+Z?H1l-lQLD;d{S|U$(LCVB^XjT_@nEUX5Hc@?sUMn zYvu;(?}Akd)7dT}&laPWh#(xLfTVo{P|t1M{9`JNucVQCK&jtL42XBg`znl zOi`)eOcMGSz3QRS%wV$tw8p!gx6N5*cdW?kiLI}omsnaMaR?^`*h`b^s3HS+d-bevo|p1E}` z6Q2_z@lJ@#q|v1DQO5ljiE6Y#TyHoPH*;8u3!{1z!-abVOWD#LTRhFU9Oq};&bet_ zkDHrw>@T^S%_DY2kmaF#eU4&LMSoR1Y|mrZqPdG%Y)gTo1_NK7sBK;)?r$K0VJ;Dneh# z1rqC>+R%7Sal<_Ef6?~VVNHi^8!(87qKGIcQd4OV0qGoyv@kkGiF8YsFa-fcx?t+wVHBGp_4??gB*L{1$MidQRZbvGHAj z1uyg=FUwoYQR_!TPLQ*M>X&;I^dU;l}}qA&rz$>x|Q( z&`KVj)2~bW#M_U^o}D}KP1U1d1M&v=?4;9sGs7C+@2iKpZW^)yLO z3e*tLJVX^cXQl75~ z8v+ck19qltiAYfnNhy0=V(;GlrT2!i}jVCfD5PiRLw{ z){C>C@ve66M>=Xc-%~elXKozG*1W`e_-cj?%>dWF_VaMKBI8g9a+#T^1}*Wk*( zl;XWs6ZrImpm(+|PFxd!`{~{>Kt#od#h8LfUN#z+^qgizN8 znxsdGgmi;aqn3fsoP}Ukri}v@y&c{Lfw7^Mj*s)*W8%NFKW|+QwUylE>%&@IL$wev?D=tJk7 z{)>?Ro0(&7Xequ2Md+V*fr9cLv?iG54|D+n*$!J9B14vwcQX^@c`0H8QjPvlg-`hk zcWAMp44B#VyHb<=ynZs9c!Kv`59aA&nXaK{8~XG*(bn6vH>Q*d#3k&FDvxOf3*+;$ zY%RrhW9B{xc38H3YKILaU#E%~HA%opShBcCA$_*_RJVR!7q)hsJ;z>LK78Wl<|e7i z;GG?x%^%<2b;30%ox3~~veLrdqTK4P^S$P9`r?@Hf|1cYbr)Q306(%U^QJZzp1#Jm zT1#5u8lISZrRVd_=`D06=dQ$MO2yG>o}Qf2#B;H`ai{!Zd8PZ`MFRVl{k!N~-yv>Z zToT1LSejazRC+$C&vns1;jH<_M;|LiA9%B;dx6-AYaCy}CsnqJ0u3fE48e*o$XM|v z>NrDb1Ujhi#5)B>P@FPY((3X`qaN_jNCsx=1=Pz+zJJ+LFe^ydSGhVIRwVzuNOf*Z zGro=Zx^C_Ehny3-^dn14UT?A17Brk6>9w9wFoIUOerl(+b5}&{vM95;U_gn+N8K}q z+Mb|0Qjz00i)q8+d5M&ukCb+NzhVbxw=~=UG#HOD`VMHgWuz3FtXXy>8|yr#MQ1uPmdoLnWk+7;ig8v z?4|x>)bZ9B!aATLr_;w;!^>3hHQX}wLEYsAh3rYkH0$mQ$);GrC^J5PvnQ$tS-3JW?W^jT5n~{Kp_>MF~DkoU4gW;saKGC3w4!&OJi4jPIXhc0LIfznPkKy~c-z+_%6++@I@>eFST;ZgjoP z{D`{=YQ`gQ{tQg+kUgj9^z&m#l?S-V_z5)UNv{VO(*CLvppRil#mExxF@nP<4Bf$$ zv)7lhQyNpsZ$>nsZeiL~b&Fi1_HL37Rzd$FywG{Vt$_Fc|W){=FTjPcVj}eD7|2h^0?4OQMzRGSn%Rv2Cmz0MgGB0T%^^Z zsqK|oS>idtJYw7lZIq>IZRZ2rs#{_#q^Xk8scCJbSAqukq<}UF3y|ec_hVZbx_F7Z zj3yjEhp9|{rzq-`i3s$wrzmr~FSxv4>o%fol3Zf7W}ru!1O6D0q5`rMLr$z?gj;t1 z@?_%>WKoF3y=zD3bFwp4UyH@~v{gQ61yECo8HkR<^f2QefxT>Jw3i(&j++0#YUD*d zYOeMvRu!oi1ENyo(A|bt^XF>G>uAd1W91ujEJyk`j8}q&hxhZ|VUbecGm8-iefz}` zC(bcz9VryGHN)H|2$ZF#XNav)#4%5SL;>%?Dbg2&H41HzvSxft#F(JF&Fk2V zu(!{TRSAE($~hX)RVH?r&OH&5fyc7ig70b=Kx@q^a!bEKkt^Md=ZDLf$t!l^V z{66suHp#6ss(J4>KT|&>Jv8FQ85vW`V%#NrXjo_D--3VhiI4(+#brkpT4yvbZQ~zU z<^xv5ZxoheZYC&w!B0A@>st2Y+vHc;=KRWXK->H+ZIc+)h7%{7NQ>F=@Q*d^C(ai#@`(p>o_t)RQ;L19^(ENFhcrb#(BT3=Tqagb3CfWSV|GLNx zXcF2%CKmom!-F1Ida!QwJn?tEZqDP3GpiOkhlF$VtTP|EZ+FHdA}epSJ~%N#o=`MQ zi}Fv&14-&wQ_=_B&8^rcPmUBD$0Pme3aj5|gxzT^PV5hnQqbn2Q~FWzqwF#dS`e~c zs7({cHU%q?ZWVF*di9?(C&X`l|I{#_UyPoJM=KbheQmnlt!4H!m5XNscvWLFy8x}^WtW9 z*+b5^nCp==92CW;$&sO$iVi5P7;z)uq>7|~;3|QChFi6)?26o66O)pgty-OFKHUHm zH}_+w3;Org*@e8}6#HM%D!@xsD9!2`@{|2-nK~NKzj9Zch9lS&2F02?r5Tb#fTKg) z`fn16b>#>pVG2EPdVqMGqzI()E0gF-9V)#Nr2o@>UNx|o@o>+-g&vUFYmt5opq>3^ ztNSn7>h~IR*MD3ij6DQ;+cZ!n55#DWXcVXg1Dh0-4MLr~!@{1_~j z%!ZlJND=uLk~T!y)@7~ld>n7hw}Y{yqaW$7{*=)b(RFqb z8!5Irt})gh9pwh1*XI`mc24uROTQgj?B-jl9}|2d_Q1nC$&c30sypVRj~vy#{q~Sw zOU=@KzeS^>2QF*rSog^?;G7ByUo9x5)RgU?=DhqGj(Gf94ShkO_SRe}vAK_LAcxTJ zc^}ZHRehey_%VQS_A|Z6MHN5NDJk;g%r36FG-tWpON$D=@=r&d=hN!~9$aPIDJf@W zfPS*Gbco~I+M$OLu%S}ri#noF82;2+=DC8*+x<^(F2!@6yuqQPwRndponJT~8J}Y; z8D6}65rWS>hx7Rh1g3j5R@Ey5uN&1pJ$x^CaQ{OJ5<%9V63_BXxrjZz%7oeFgs!Hx zsy@2Mj#(0&Q8D0{|Gf!vcn^#`%>s1CpvzpKifhlG$ENs2Re8e#E`Y91{1ww`1B7hIKPBz5y^>m432=BTU7qjX6Nu{bUio1|5sEC8J7I!#d*itVhPmI_z z6s|#{Q84S4QbuB#LHYOT$$llPhV=9<0)9^a-2O|B;IOCRlk2(nDHFZ=x**)f55U^ zX1Bt3Xeo!V_4Ps@>>=y2^0b3QZ$+xMzHoyJ&2P*f^2Zyu{TX9An9Qt-kzk2?h86;! z|GwJ8e_$z8kG|;bovB%-#_`9c`s8W{pW26*Md4tzS3>rQv`~(2ByTSTORz-=WuHZge%0_6s-Xy~3SK!m5CkOe6ZmDJ2T`E(r5X zHK!*wq_uCH7kP2Sg>6F{Rf~cSQENXmAN<-zuUr(TlF6>1Y3hQfG*1pY=ApW~==9Pt zHz6j%XWb-0!d|p>DA>rD!(1ke^+|wTlU2i~+#faH%cHu><;c-+oKOT=y$YpHZaZ6+ znrzf>Q{7F&N5A5uaR$}0kmii6X_XR3)RK8O+ZSzuG71({5|%Yv^^AD#JIx8JTo{MF z1)o^|&mzoV!SFSp0^}(%1=O%sZl!tqQ#;lp_MxhLA4|0+?+q<4SDt_RlMbgn(kf~0 z%O~vHc1GGMqC&}WHLO|$5^KmlKp(sfQ#6lYmmwu8>b%tiS<q{tI;DWd)tHLgM#gg{j#6=+`$!6^wGj6Z5j*Ag65@9!z zG_@L-S?v&R*v0Coow(k&r8rnR>pIG`xW8 z{4@4Y>IuYGAlp3oOLVRT*{jUM5dQy=X8#$jNF^@431ps9EO~|`d2sDr$vEIX0PPs_ z=NgcAt`wrH;KY@Sgz;zr*kV!{SLW|4G4SJzCONUHF%G$#A58z4*1P;L3v3xle8=~* zhJbE1q~SO0R>QZlPezKIm+z?-s;!P+?II%GbEa1enmg`)@nbI|5y!fgz2Pcb;B%~Q z|3lc(zlV-ZJ4n%^A*nITysb^`PiXPP#T`0IMW31?lN3%h#xc+{R{`IdA?X#y@4(?c zZK>u?33EuFuA$0*V2+pD^)#(Z0$ z4^YLw*Z@`o(7uJFD3cKON}M=|bY$7f%tQ|N z7ouXM$sy5yonJW+$H*NX8H;4*JmGpE!1kjs*^lXNW3t~zHW|B@E!VAS{6A!S(F{E> zWiE;^8i&=?2AV$kJjW|v8x#~F@|X__VlNLGX?7A-KRP{JM;ue5@Yb|dv#bdUd>n3C zE=s0oN{J|w;;e9)3H2wo+2E2YD`&d(*63y+A)QBH*A~19ObC>;hGxI+``Iq?PMmN{ zCqqXc%;loR=>aKnM4Rixs}Ka?eWRJL<~YU4JcJ5)`l$YH_4SQJ1&%@>WE&3`qh5DA=OAR zdg;y;Z5?-Rx&ea5d8$AC$c=8{KQwW`9|%KNA%K%%Gd&2Pf2 z9Syaq5dWQb+SOlh@S*KxW{f&;v;>XmX!iDTgIoi*xt5uz>4f;;Xb|{r@!brHaq>sM zLi({A`v?nCUgFR4y!1aMWG- z2iEnFWdE6psr>7K{4bn^TmNLzNB%DUsYK>=`0Nh$aYlOV&Qa;t!X;tjilKD$fZxb- z$H6ES!CK$2W6B)5h99EY7ncb~$VVrqek`N!<}*oNd#ppY2p6OTcZ0)=u-|n&Pjp7P zjXawzh)MO1Nj!@v=~#k49CIAIbLY?}F7S~f-ucBS&D^xp%eWK*gWXF+BTCxUJ#Vz> zT;$L#hTnt4N}_nkz%t}K>T+6i>LOBaXj$99&!|c?=X8 zT80-~8t*~&Q!C11ci%qggUxXT?$z*Hq>!^ZGT2w-ADpu@_&|2)5m|d`7S=B;h~6H) zzhgsw*a13TK@|`xDjEX)gd2i2`k_m?gJ7!Cd}rVGAML<=exk6LiX9zGBB4 z&nehT*c>nPg)9E1eeaDu#TLuMBq0Nv@pZtn}bN~_p3UT^x+GUE}T;FQSnWaAF`jeq?Yq(AC>fBvk428;-f*+ zjD>y@zu74y=B!k9EF6l5y@>EuB@1>7c#@aap-bB^S}|OWPMJ^(HYdB0@^kiw+m^;N zo6Z^jAbD4!UFOYuxeXtd5%yr!q>Ay*+q{p9HS990IypK{#tw#TWtUV zx1@bUS>p{%l=r}%Az%lg3`tD#P+;I+fC^$u7=;ilg1OQXuke)(Bv{A3%vg@PIeJPr_u(41OK@q~_SFW)08ZcP_hW8TR zWR5uK_~zrA;T}7AfcS9ptwVrY#W4hBHZyu6<4*oI_F@?s5=iXexScXH?!6fs(O!_* z>t;V0subs_FhQuN9W6~Yq}6ZWa)wkZ4x(`~d@02z7$!!nR_KfkhD2>dzF?9}SU2SG z;M+*rwAm>smfluz&X8-F*0nBMfup}Rcv|E}-dC~vs_?!OmlLYn8h#%^?@jy7i#niN z!bVfU&uT3rO5sad-(1d5Rpqjwo!x?mv`Ri90PgEN%2pM-kA59?Vg#hi*zHTf75r<+xW?!~Sg5`GO)yR7$4Gt~u|w$)JM7htLlms>fU`a3?<6M~{qX zji}Pgn4h0;aq#cQ1DQEf;9A|Ig&75KdiAVK(Z_zM71Ays#s5MrUM&Tql?Ai(qdr1V zxMnF;3kSE&aadK(+hwE4C&7p zkBjzO7k#L#L7IX4Dl2Uu>!Y3Qp4s9-2X2SN2b*NW#39HWtATcBB+OOtDL7V9CFrsj zXdAI@c?CBSoum5bBg8sg=*&**K!zx;B5{gg4{PVi6hm?alwGi-t>KV!-W{y(5z8}# zAJ`_s#}2HK0X*}{V6&jP2Cy9u_7mYxtDz#`saK04nGeO=3x*(WhG_Assr3^p)p>N? z2!elgYbbAEw+T864C=I8xx!u++N(%pcJ4OGE1EyVtt2$^QXKEO=;sS_f=wsL*LZQx z?BHz8hYafS5|GnQv}nWmYFU8r8m)!alTs!zV}eQo_BoV~z$JbIW$v(l=f~)VYT*OS zp5dXiH=ZNbeQSHvwg|#~65RHbBDM1krD^hHU1PtE-D_iW4UVKaiN zHJnIm1iC8QPInK%`b+%?iCqO%(wH~BRJM9%>>ntTxM`LPv&2~$=|lDJ2Oazzksg~^ z&+zeoumVRzT{wH~I7l2doh3ekhaXR^ieJRm@A*7r)I`4_U(2CYerzou951n;l-%~t zw=e3WFIqi=`hY8b+WLscjJ-l_5}_MInLVQ&pPOKzpTpOv+n%mmUU6q1w=$dxhr;`` z!_`kFsQg)L!15>dl{I|Ru_*)p=~V>nqk0!4gW4qXIapwjnLZ@jJL!mSc#UJ{B-HLy zBROM$sfra?dz+!HlNK|5-7W6(W&2uCfopPDuk#jh<}k%UsV(DW zk)zdiqK7GOzB-z=eDwWc>`mgv#O5VPcP1*(1>z{mxZJH7l*L8eW^Vd)uHA@|8V}1I zcBYgbwzHy2NAz1yZykysIa3pA&bvnPw5BIwow5TP^pnQ?#aZz)V%x~9;O7wRF z)5`G=q}RZrB#U1T-h;-Tcguw2omn_GWruqd#+afBI%=&!rS^`|%t5TIQ8^*?e0$ zre1;gBHF8IvNu!}YrD&6d0aRqeo7OMCgrM2$1`2e8mcmIYK#mC=WT+(%;2}M?#p3q z${Ja4yok5m+T;&9$hAZ?$4Y#A_YW-DPcAhdqKMw{LUfiUmQ`zdz8KBi=Xz`k`Gg1F zWV*`4dq~OQ(rAA&$F60CQpx!b?gABur#Tt7q%PA{jBgfvJcN>*8P@XU_hfK(FDOff z>SKo=_y62#(<{6eXE}q;*5uBZSEoi*yy)ATZD=Wz*T4@*y`d|rEns4^d9pE~ z&u$k8r0ULb>j48>h2*Op25EB&m>(BvShl>Hmf5j6pBo*+}r>0_Jeq-vd0ysx$c; z5S7P%^;Eg!9@b-;KgpGZUp?qA1?j~~5ObZ-AyP_iOiPZ;{l$&=&3_A30DOC12}da=jB9Bb=sG2e0r*1A;=a5XQ^J%F?fNKI>aK=6W<#9q^!u zr#f)5fWzF%r3oTHs5gCp%v4*qT|6LWP+A51yvEuE?PyZG`hVsgod&o<{6GeXUZl*g z57(bOZDv-ZUSiX2JONT`mbPkVSQ-8P{ic$t4iGVv6Qch&LYnt6527i-p%f3-(Dj69 z&oYIX{mSpCwu^#a+e|({%Y8y1gRV0KZW)1YHrX2T6Bp~nNz^~EM7UCf2?>!Vt_8mi zTp5y!pc?p7`@YBkRp=fM+SB}DdF}rMxrb|XP}Eq#nc+FdIIxXpkcEf+55a>DyPv>N z56i*`A7qS`Awd&PEqgi&J%*17>TZRh7T)kktn=!g!VwF)q1Z$V92MTW^>M$hQFgV_Y-h9t#Ox>y zo=+`ld4_1BBN8K;<+w%RxDCa(i1I(bH9T?*`rOf5bhNkWXy3WwG-fwe>aqMvG*FC)IL@jHq>`PPjc&vXJPt)40SSk^1-1jF0lDRtBN4@aw z{)gfpQv&9_Z`)ma_^?So{5ZJa@Hl(ks5(>9ymzWKdK`D7brL4`R18NAf+HrbtG5rhv?)om&LgOK zD`+p%j?fj)#sBczVWZ2fcKmk$wa;-peFPESIdHr+;4a3qZ8rGr%g<**GX6xzCs~T- z_Fp?pq^0HVgd*?V-&^ zaV|86qzK4>vaShHmZrmGLcYfV(#?Yy#Ok~1<%jq-Wi2(<2itrrTZ2&Z3y`HZ`iu=u zdvtkld$m1EWJAG7Pw8+z>s~Z^glk}OO4O|K81O93)1(D&`;(cE4u(wCD&hGql*&D~R26e* zHKf-V^A^Db8;Z7DlgI>82i&Sz@j0`EYghi3uJOA^E!R?HtBt}(PJ!A$ z9SLK*(dZ!s)#bVPJBnkdH_3hkQm>UgMP?*<+)ha-pQcB1*@}N%vZdVG8F3dAHx(s$ zlJ(@m&to}kFCY)~8ycMiPiA7=Bd4bib|o4Zu_yKfDD)nrS3tfB-1yhf3lK#?BK~i% zB=re#DL&)X(2FF7!(D;b6=wu^7LG}b<6pX;lE{7>H!K;2dT1lX0@YM*PL&ry%I^rf2qY31BOEluK$H&iSrF*3AoXTDaU zNuit^N50(8Ec@i_hlb9vJsTvo$IC$r;g!Q&_u_vAYE;Ln89r6OQXkM$zJtXWu`rgs zDZPCmO{_1D&j6yJ<_|uAN`FuBDjA9i_09P)k>_MuK+yjkm!My|*E8|d?xY}ZNW1~%}JSfptiL;k#=F~GXpT^wmZ}F9q zdmsVABsY-k7u!9$XPs0AtK;VO%T3y zwdr5d*5+myA`N9|Cn9DF5@8%IR)s!qTQvTb$5i6hQ02&nphR>&8%NjsqCcIi5&&fL z4MZ#xf#p@Yq5yMT506Gr=6s2!Er{KQaqv(aW8+_-%VtIY zz;bCge(-u`xdV_buubbu1D)#*v4Un|B$dYE{C_0U2dMWbF$?DkwD|YEY{Yt5uHog< z)*C12>t;j^pmKK*G!`>Q#wLhK>ou)|E$ur?{O&1^=N(%b&8>o8JZ;8FHb=c2i-x`9 z^zc0Pjtq&#Lkg3^;P=$AeWDVr=25Oy1l7q4SRDn{=sIrA&YuGMsO7|@+!4iR=`U0u zv?R6$UzwJJzX~J(@Czs)5|(l3+HKF0;b`a;`0c15>n9Oj7|1%CdH#bJh=C3x^3Cqq zec-R9slb*qwEg9VA1FWkM2|t;Z5a_a{JMkmGE{tL9O);g zIv8)NX?dSmOYH7-BID7SLqu}~i}x6uuBjh%0PPtjmMP)4n$J_RnUSfN38T29Z7mBF zE;d2cer(BMsyh40(`UkeBxUO&Uwg4MqN#&(jwv^x0z3X$Z0}Jd;l{@~_uxG=0{JR$ z+`m)sfcIxS?NOmdKx9`K5|#j4lAE0kd4$$=)dp{Wr-kcB1tXa(@uorLlZ+Yd;`UK*yc?_0&R#=LMn?_AIT!huQeo@S>ItSpwSMG{f>)Zq1j_v-B&~Q!-EN*CC1j zV{9n*Ud`D^7*}0x>+@GDAdc4P5x>bClTW&1Q)CyM(+GfnB+-%exbdaOCfE{pelbEn ze8iIBR#)@%PKSJm>brIkw#PRR(*CL3+fIcspBI#o4c`D{>d$buP`s0Py!j~WBH@Ik z>`Mg=g(XZ$MnizsQGkI(JIZ?N_-Uxd3sRhZLoo`%q`cd*PnTQz91Bh*l;GUu?3#oT zwsRSIX4C3j!ne-VM#lD&B1?FgmvXC2*Zm^@Y><6j@F#r7Y}Fxd+%iL%a#^>zl9sFb z+d}upWk;TggbIHE^PAs(t4<+8rRRl=Eq6#?bd5!Rw`53|?a%kQ%J!&F`ryctY*$Sc45QmO;C zEVN0@r_$Q%2Xjl>w}|5b{~EW? z)0-{@FY8D4xEOV0V$}Ee^eRK=mFBXs@Z>VGPLeZXy9Wnyv}ZTzuzuSo4VYy8jnm|N zi43rCnHad7T>lmhnPr`$S`(^|=#OQVw)Ho3VNT&6h+F8nWm~^|T7ED!+jU2cXy#c0 zO%N}a`p}^K?3_=CEHjS{umHvILtokpQY9U8Zqp>%Z(EBFpt&e%1^ilKH13k#Gc9}8 zEi%>k@`7q!TCfn=YKQIui<8EaXFdPS_*Gj{x2W>_M6irZ<=Rx|JNmzeo|b40rsiZY zw9P40#hcm1S>Cd3sQq}5t5j>s)Scamr?pVmZpP1$$*p+{698|pr5Qn3@_%wY zdB&Un1j?(Ztc=KaSEG2l95c3wDY}g`3&K~MutJLQ29pbwa<5d;40uq)4ef)TqD|O1 z64x#Pd%xokRs5f=%majNttVfA0PA=a63=War?YL5Z~nQXMBV4+OWva%NAQqpM01!- z9+nZ%N8f?J1Aseb&z-bV!xHr1Z;u#cPGo`XK1tAIDP5J`(M+di#(p5)R$^bA%H*Wg z-S-Fp5`n7?d^)m(zx)@W14kNzl|bP1zuR^IM)APh6+Cm-SxXGPh*Dd1B>68Lv|yCL z4lP0!g>nV^y^_cV6Y+e}oI+}=&UM5J>WR7Dmd>JR@f^tM5Ab`qzW;B4yloc-L2s!c zUm|0+z~|G-L*2#tJ9OE!{vreY9S(%fhlqbMzVDK#+j!_57?K?sl5rzD%j8`wAsbG_ zS{m$8KUo!)fdTe_>I*_a`_+unQ3V^~h8Mhd_#gp}N(GEHvVLW^(-#^P-4#~xf7(8y zUZozN%M_Om7PF@L_Uz<3q?Ig3I5r^CcLh4Tqsdz{OXA)3I`)s9>Jc+Djn|!|OEQc7 z9wu+`a|y`~EJe~ex~a`qSqcI0*vL>Ja{9eDKFoSIXsg0o1)hN^M&e29)OV_a;u%>u zxb^9If>LbfzDsi{n(FUvNO92d-?5QxmVyfqIk@$!s#TOku0>!g)l}esH%yJp+>Mr~ zeTU<2O_BeltBS_na@2}$1Rjt^+r&s}x^I8TR+1XyM#I2Ov|ZT`b&BFhd0-e!RtTF@xq)OS8A6(rmS*3&$bZb0>Swddc!8I*K%)0P?*q$CcwnA{ivEsj%8phE z|3>6e4*Q?%!QtMa6bli9u*;n3O*b{pz;zRor&tDY*jutZlLD3_e7kGAK)z#TXK<0Gz4kn1#k2zq&-<6%lH2$N#&xguA8jki+#E9(q1P$crtbPBcz208v^n*CJ^ zF)`08r1|%ke}@mRVa|@kj4>EdWdyVPOkrE zn>qXwI{9D?M3iF>2|oZNi}t*N!OuX91UFtOa|OWX-we~$S3;TYFs(&dbu%5kOpbhi z?Q^J9QH{OT&-Z4Osfd>e8XCLAvIA=D<0=V$Wz$IuF{QaT`i zUcW6xe*vTe`yoFtD+;|#{}j011*XucCxIaK>G{OQscS@|XCGdq+=2woOoC_4&V$Ct zu^Qu%XszDyZitOXeM5JF^HY+KtXADg92}8PY(4bHs+lU=tUd}`$1l>VI=kv@%I5Jn z9<4vi&h}Qp7HP!#fa`+yt+Ze}-qu;g=62#sR@sb--?mWvKlm%P4r%Tc5|2Xi4a)=q z@sx!SF9?5|cA3~3@XqHfju@aO*HNwr9pmUhF_M@I()A_NG|2(OS4uHmyfWi)SfBuE9yw%ngYrXWqmLa0rv# z|AD0f`GbC>CktY09kEWRqdQg{b6U%T-at8FRLI2F{}+^w{Qir{DLV zF0=(j14Bnr{x@J5N@44$g}~?jC(Dz~?FfjCyq}{B7JAaTu0Y_uU@IR1C3J{(mhrK= zQWVrzZ`b_GXsr|?=Y}|<1P(bj^4%k}n?G00SUVFeE~lTH0;$cJf<+ho$^(||;Ob8A z;2TQ8AN&Y6nOWcIXf2^a#zDs-Q_Ik*Plej#cY~NpC(`mZS%m7^7OuH>E8k(<78qq@ zDeCqR&x@5NNIrLDYI5Sr(Ua*e!EYv-+36DAA1)Ip!L}$WvmY;O+%u$J!_7S$TJpzn!vQ2(?gYEMaD%xu=(Oe z=*_nkVJx-O5Z(FKyY4fV$u$BD|m$K$Bv>tO=vyg0s9)&T%xyv z^6lXQTXRo`s7WEXJ+VUw*XYXVvHwx$gnlSTC>WxClSs#X5G2izOKv$EPbGRvllajR zItLk1(&1J}xVbGMZJMTL&_{@uxoy&51D_^H&H4~(e@;Gd3|)9@XuzxICEfDY5+D-J zy+P@J4iVf4{R>H$MMB9}P7zyb28{&@4<}0q7s?2kJ)a&qhWNTZe?(SvpNAd4KI1}R z_4?w|pg%#nAdngpU)&ldn~d@tpAqd9qA}>C@EW1=i4nso3WFCYLI-1jBK;bW z?uM>-$u$fLJOwrsW>y`uw&F9u9w5X0-C7N-o4-+vf5XWCJE}-t*;69Gg@P9k@0LBT z{UJ%FwioEN>85o3hohM5(9p5Wj>dr{(czI7*lYldL;TI>g4FuyEr05a>@91=%R6~8Y_*zMogd-eOCH-jd*C5OlI$#pm-ooB zyI@IWqg$K6MB%&E(4FPwlhh3vF{v>a$#4e25o?`Rph47bf;%Dn7nqZlARdY3+tgbU zQuQAv#xSi@Sw+8tsBbqGw&wDpG@dvrg?Opi_wgx)lT}3lea$!%)04PXcp{cn0LO9p z2i7sQHi6yTEg(Xvj-%FqqVi zFUZVYcAvj1^_(T~B!?QPn1spyzo?iB7&aY>g*&y}#d241b@rESy3Lc0$E15F zsm&R4=Rrvuvc@dqN$a=|wM8BD`suXeqkE_+N~-!`OJgZU&u!&oiNm!_)upB3()c)1 zpsZknzDiH z;i0pd5$Ce63%E)Q?n6WJvz=okB(l77XHXBNz9!Jg z5qDC^lP)iuiMCHm)d?>hv;*B&9)${S@~7Jr*kQ6&HKoJD4!=GpQi#`vq1`v*Le-3k z>(;u<3=Uo&hLq~L%c|9m*`sLXNMXFkf{dp^4e@ql1>fnbX9*fQeFHLGQL^vYTz=U1 zCW=wwei&=ZOLmlR)SSyS+f1OX8>Psu=p@AYkg^X#`{KXKPv7rsn!UwhV`TPJ3Qx#L z3iT^h@dSN+>U$s#fPr1$cElCm<1U=3_xT|u0$)y0N1Pbb|I_LhB!eTO$-mv$`{Szs z6DLdNkW%C{c(Ec7HR5Fk?p&eLgcki+3JNrh}g}RX+6Iu9-1EyGui`>4@AYHl~wb>iI1xf1QSGT?k*Mb;TG-r z1^O`&gcko7fPjE8h${RWKLFFXjbR{wRA81Q;WPZ5M7tVJ8v@~Z%mjc zI9e*b-Y=E4HoV_!=g%e@3cHj=L8Z&?7KkR38e5qKMLeET^CUN^98Dt#i8>`IyLJ>AXiH-|gEg0JIPf$DOQTm5mvl&JQN zX+E53&Rr(zB7QZ4=ZBMkq}$!k9$sb2#PJ*EJXzh-R@)fu?Tt4k!zlXsiRWDc^NF(z zt>Jx^6UIM*Uw7&dbiMjRBi&4JPGw_;nzo6(=N=4Z?C*3Yn?4B1M^9e_4OPoPzQJkx za2qSjtX76?(dJuJs@A zV#kUOxXUtrYnrLyrzDqH>vk10C#Vyy7#nb?{8>7sT61#3^-ir&dvTvMyrgKGx#gp1 zzHGtfkd915&~6*#^g-dpDVM(bfk#fhdWW&&!Pkfip2!-Rgz2gsb(Qi*1lx5RR<=tv z2~&eU%|k=-9cE$c9NNB#=HbSc!#pc*Q?ge5T2GR5L&1gn*_)qt&h#N~NIYh1N~pWH z@X&1j-jj0Oy61jg2fPKkL!1Oqv7m=VMvB6wiBZ-a6$47rYY{Q4rTau`YGIRzm`;;~ zYmwR|o4N1hlCMMAFB0b0(%=U^0oI0w);7l1#O~uf$R^Zz1r0>-?=mIiyswUovNM`M zE#6E0W0iz<&f~Kv6@Jav_bi=>%Uos_W>{87NSquom=Y4wq^c;2GvO!Qi6X?Cs}Ex~D(@f6X;8)}wzo(}OxJI7?gwh{xgYw>c%yqhXo$I8d3PWnw(Sl>d3d zepFk=+n0JjSa);!5L8h9lk6nUOf?<;xShLWA?j`an(}`Muf+<(6?sk|Jwix7ZK_RXdOC_+P%;0*q_cc@6#Q zVZ+HW^cXMyVaSOF^fJ|5cU3iVP&51-mSL9O+4-U6Mj2zi-_o6zOj=fMr3d!|Lq{J+ z{2%r4H*J~W3LjPcR^`6fNqOSJR#pD0daxE%9ju!dCyO&V_k_1(eCGp;sG7rhe4U>2 z5B1{G;TPL;+T$Fr4{}Yr$UkExzUqBvR?k{hLqPe7yO8Qm-s$wl1`-|dt2CM>U*z(q#-ga%)Nitz_g}5A@Y35XiC7w++{fnrIsR?8SCQ{1e?@i*Ynw0IO&F~ zS!7bUbGc4F+_!SS3_8f0NDZ_nB=@08u0`!kx`-yODNUJ$O-bG~y6yxStI5)5N$q2r zxY>0y=xFRg8rTq>5$LK)>r;1q^Li^a!r2};OR6E&rPGx&Z}4YclqEc`{&BUn^--ACXz$4=(mQ4X2Ptu(%Ef*! zBY8AdJizRtXEtaF?BbXosa3p3ns=jV3n_tQ{t>CMJ5!o3LQi8Hc9JR?!MEuyD_px7 zv8H5K9l@Ze>PeQF$(BN#?kB485Xki5V8!8;yybV}X|k6XX2}vQ&ef(X`8GM_VAJVP zSS=VZ{`4CqCT^0vpx5Ug?@IN>p0nFkvTOL~CZVWI8O>#eIl?{xiu0D$va^?#FFdQ| z8etv2{~Eq<{Yb8We@3pM&*JNX(*S`}n+pLCpkDGg+C}nlwx~jXDT9S(eCUI%Ggsv| zp_sNrp7RR^2d|zK0g&LZfrc*vo)Zf@kR<-KDGLl5V;1XNIU+j8ikM^o22C)u1Y?}s zmYKq=(89g4ML^CRBPW3`7(ny@lNA8L?MSfM0^GtR1TecVRO+7J7|o6N#AGb;YVQai zo4JOJAL_$Jpq}fOAPYR`$l|+%15Rj_(OfdTFZzVkE)~&ByrzT$_6kx9&nuB&;VxjVc5! zM32}`xjut^d0piv#x!e;HC;29XDF_R!N1#>f3DIDSGTazGUvo#b{h)+4_|K?*L2^; z4Wo!CAqGe@l#&uDL24q>(%mWz(hb5Cq`L*_Zlt@UyF*gCyT>-~-#E|fey;0&@x0-) z$-r&wfBcT)dwhdyz|~qXPdkFkn^dAgTG^@TJak>L(^{OM>og-PAcjg($4nzLEB`hr z_R~aFyNVBH%rR~1r%Rc6RWh+ECqx`mBSBVN!su2#1Kq0IdtjGcsrf&(71FXdl{-W{ps(;g!E9w=m{R()NFCfx`u*i1z z)pJp>A?i97hqNO^jzKb|ZG(6xpVN%}BkTM)RxM}H?;R`*p@>$;gQDZ$LXrXSj(a@w ze9)K$F#8aOYM)x&0<^JwbJQ^)ZHv{Ct=B&S=3#}!SA!rdmTbe^u;kLx5Ot}BkUJ)2 z8UFPZY$-L=7{F@?z4Cc?tj<&-AKX#50aR7C{zN4gLI1L{|h|!H&JhaO&NQvy9JOO?A*`s2f0U zD^JF!RBe0uFd(*%pv{Zns^yI3FR5FK*h0H5uR|{;?O;NCQS-Z(N(sC2^%gT$Io! z=qzlFIjCrGi5T&D3RVpw#nnjFl$MO9nwHUcSIQb%iF!?I`T}l60Y~qQO@;F6MHrt< zhVlnS!MoB}r1YsS{(r2QfN+F9z?Xg?M_yrk3tZfi=%pn_UY{?MjVetww$C5j5`C((!F)TUx#|~?pY??oLqUt?$aP#tGa{FD z#%dpjDJv27INkF2t+S*q=UnPe~IwPN6GMPv1)UzR(>aJcB^-7AR z?)-|?WuMm=nC|ZJL)zX?R!$}%-i&^(%Xb&W?tOLy-gswwXzWpL{1BXqtldpOI_)eT zp>{IB6!5HIuuf2`1$x9Z4Rmb4()dAZzgxow8%)NNpQt9}%8Vv$i-cWx zxvy-#(8#?kqU|L(13L90QI`e>A?~>Sip^WbjGxk|1>upG2_8hf_k~+1CKP9pk7(0! z{-jbBtASejRsVNA6jai^L~ucDBD_r|jJ%(UF6Q5*b$F{~z|v=p(XPMM_(BE$@%Pk0 z5gY1DU=-GL1fR&caQc?-*CwN+quam(SyYxT2wT_Tl2d0E&emb&AJt2U4`RdcctgS{N>eO4LV5Wp1ZY{syNZ}LWF*5dmc89}s zf!5u67fx`P)?$-S`XT9NNP(;3KDx)@fYpm15l(`>N084=$#elY6Mm%&k?a=S1VC#W zz+M1HGN0q6@}Cif`7g9Rl9PAl(*ZpIM?alGVKQ~cw0t!@>_LmtxSZ6-GA+D}+{%n( z>s_n8NJQ}4=3HveJ3HXn;YdA8NyP{K&%e?EG^YeWwl@P9uY09`D;ZjUo^=yYG9&;1 z3)BVZril>L!GCaDbf@%>b^whsp+|0X^YjKx=jfh`(G9%@1dpw-lLUN)_E_X+adez} zw(3doB_43&nrwrCEM7}qgv3_k6If@z?^P(G-6r}s;tg0^{vbGqTm~$Evs#UN`LfwD zrjzufUq{aW$45ZVdxAyi8B_MkJLS5WL!-(!!xPwQGIPlHA%*V}gH45HwwT#1vw#GT zvxK%Bv@h~6(gK8{FqA7NM(1UJYPB8p%n{v|vDakqEOwwQ)3vOq6hO4Df7s!7mvMa@ zm!ZCS-$m7$$$0W?kcoJ!|cKJFs;&PwN*7i?-MamF;~yK0}{b(VsnwN%(wZ7{ik zI+OPS({urMMtCQ`26*iVaQs|pID5GlEmVC|=MDhJY5-A6| zI!$=t&D!J}8pw1#9xU6+!x(I2dNcAanpPrl;by$D`DpIJvE1_;KotjruZ#xNy%=P^ zqQJXq5c-R8LCgow%%6uDZ=5@6w2D7qMx9$t5;@ke`4K0H1rp^zx!dYPRdnUHD=RF! zE?BS#3O=Sv*CF^&x8+)q(mf6Fzr-$$$VZ{`lrVNg{?K-t{Z$PM+n?Id{fK^ zN%ZdE*?2TlcrN8=%_5=dU_kl)&cc0dvGfO0pQlj4C~TU80<$)xDkw*pWF^1zlM4SN zUlLis=3&S?lOo#Z{|g;|s)Ta%H7ziK3~ZDUaZrm8VFPCF(RKBWNaC9;a;`&({wO|A z2b#G+U2~SZYzkgmOteMr;`kHF2ZhizSOkv%c0Mvv(OpQjO-&%njrT9cgU&z9!pxPu+o5Rh9XHgwB(ev2Q3_Y!22AVeRy z zJft#Hv)v){na;nsh_1qO+H_hX<+VS_;_cgJ8i7<`sJ$7a>!d$Dw`0xke=iUzsz0=ip5SbUDwMuQ<;@lXuN}0KnxaAV&Oa;0$=yV9fldP=Z_k z;F7P=1U>Y`hOUh!_sg#t6Vk7#$}8@fa!QO?XiI6@+ek7K1(SAR`6(pa7#lTejFMygAup>M-Tn8LR;WrSr>?Jq z4P|CV)x(7APqBYc+!}7)`yAj6Ct$ zUBe2IbZO}XTTHKQc~iOiR_}`2m|>oWPGsj0%yV%$s`Kk%(nwT?FqKupJ zdlH5WNlX;O`|^vkDpIl;$oXzyWzcoH^(?L6K$dgq8RU1RIEB9-l6hde?jn?j?=vQ( zWBml6GHeLs6tGsm76%ie#7Y!OE5Uz^4vf!cOxZ>>4$bu3q=|;529U! zfe+OR>dR!gim-z~5@Rufk9qP$FGnrT8GbxCsW?kfSpWI~YIp_py;!D5mf&{gTCPp5 z+29&iDY5$fgWJw{ZigYsh02kxRASP8sosT5r%An{<5j@ca2-EmgU_doenwp`<{p{a zA~AX=dg>05vtX0<>0jq0X}Rp`R7!AXT2TL_f0nxEH4lyai{a@S`@g07|K0MXOfs{R_xOynKURc~#C?@K=QulFaG3kt%kfaChR3tG)62=)A5_Ly%$Se#D%`Y* z;TPXBS*UOnkA5xL;g(>4;)O&rw)s*oHrz#3kaqD3kbOG6Uy}h+f6!UV0K;PBM0@_C z`vfTrMl|*eU?kwb7a(<;@VXg%7WUPv2To?1_6_rl*}Zk}Tu#$yM2qCrNw$kKsa?6N z6W6kk*hmxGJFmfY6~i$#_uIS5SL+N{>F{{{SC+uF^R2jsCXoxPF2iifX`r+WQ5#u2Hg&9_5u1P0e*B|Hsj&t%Np0 zE;rNOV2c;@sHWxL$NzaIgsQu--zxYUgrq0ccT+@X$rdXu;l`Iqj39|eHlltGwA(f$ zyji2%;KccYuBQLKPXHp#0`C|j2KogM>4dGyGA^J!u#p58%J!?l-z^u_t~xWh7%bWh z05>6YTlT?w%dlOl#KA>5jW!W8{MPZNlwFx;r3vYjofqoI7gQ%Z-cDmaz;af-91PC? zT0fxGIn?M)khG)};~l_X2GnPCUy1%Uy2t{?GrFp3g3k5k4Kxl0xCns5HX3Cx!nBq| zh~qEGiu;XxOdInx#V$sqr}b@TN*Pu+i1*2lJ07>TUE?+1vSoQXL@ZkkC_ls){17m( zE)~!)NIrmN&gSFb~m%7J;|yIG^f1n0iuFw&?3?VVJbt9zWteT>eGd ziu7R*Hs%7PFJK>mo4u9vq;Xv6iLO?&5F^%?DgK@JX72=vs z#JpLN@z07}q}G0BrK8aSn%5~0`N*E7$Y_UaQ`IXQ=fa0IU!ox6d$IO>?k&10QPTwL zGL?N=nd0+N5xSoS(u#CV`Mkf(IT#B_BiBT#jyIJz$==w+uX)uT;hYfoLJl`!fUf-L zlI$4%KX+|rk9fUMqQ{pWCc7JHsdZo$cm>Y-A26mV#1YdjP4Wc7R6onoXDl#3yn_%C z;68W)$#hxEEm$yrNYXQ`x-t)$U zBoUM|AfPrGb7S8vA9r2k%uPQ`VlnwAXmyn%>i9~&`z_{371XkIrf!ZY$m`CD>l<>9 zWv}?-Cbw36@=znG;U=mR=D;n#IzFYO!^fkPN!Gm4FjWbnMhGE5!L*SXZf-D@TIY#prg> zg?rBB#G}nU4-;}%SnV84Z(S#mYcE8=k!aE8VH(^+=VtwAXZ(k%iN{CWm(P`0L-*OR zPdc}CLj~Jj{wyEu3h!vp2*I*$q?_EWP?k3NVD+45p3aga;X(7xtNlwwv-Q+)zOh55 z45H;SRKq6|XLGf(5d@9d&RGGN{)1EChA1H@!=Pcjfu7-|7*(W`u=t-P?^bQfw%Fu-3rfHOp69>Z zL8ln1Y0j=6VfPO|>TY-U_B8}?%PY)Ul;5^#0kq$ka3w~@S(aBr#e(8Fn=)Lhj=H{E zf~MA?qpLtSGDL1EE-4F`imkVQprMN)(4zXp1iZiAtYAtC|3?xD)-E?B6Z4Q~9!IL$45LSq)34}iLe=wEXH_=xcIWeG~SC;adB z#TRT}l2^?5R22IN^=X$QzlyehAR*$V_S%;&sq|%Px!bX0qf=4kUC5Ql?ZE1x8vn%e z=W8B<_v$b|s?*5AiwGUfF^%b&R*Uz^j<*z&_>)l;tY@znmj%mrMRggsSz~+a5CXlG zRUTvq$O5(dn0aP+bv~!lCCRB9FwT?0yZd0fMKL3esnh)-hhf%#f&JAPRa5aq^{Wpt z*uS}~$lp^IRdZ9hq_s)2eaqZcUVutk9aT;omAI)4Ta}xKG9BHFyY|{88!XC~I`qnH zn&SR0iVUwckK9=-K~o+5;Wf8~H?`DFYcd74tX~p7ldNcA|bBBZnssPqOO0eTKdD z_Clg|XVn^iq4uDXl+MpqpX~$0@FKoW*wLM6JNY2#sj6Le_U1Xvh1!_*Mu!T z^_S-KAljxPxnL<8>R##>wa~RXRlP5DE4b6~^h|FcJuW`ayktcXOTDzTW~?~1wDjwG zP2w+cvU}>2Ip%t}_W6JtK<|syKeAaHWx0dv6OP0D5Rap>k-zbbmvF z!fOkbR4tQUgGJwgR)O`gtFhUNN8x(d7d*|CX>!C{xb6j9Zlki_B64h+pSTE|^HPn! z>1}gEk*Pb&_BbzAj~T}mt=WC6teTf(al<3%f@tnN`U8Y5r!uN=w+7oI)R8Hf=}qlt z2D8os9M*hxo9cX4UIq1n2Ui{OUlWb1p(dpPs?BXCGq9I5CxiiJo%)3cXw~Fr%nvCW zWaW-$ju+NFn3=u$`S;yr-6o^8C6}ALi51>Vy0IEC^vb=E#{0hQEl|9IZ%fAJ&z(#l zWiaBv9H@<473<*{m%~2FtAYow<-5_XBKxX%I4H^^Dgj7!V|S!N-dwz-pQ*&PaA2kl zr2ip=mt=U=EqprWMn5fK*s&EegbDhtnSag5%$H;hGGt(FPm73&yE!r{3c8dhYhI#; zJVTr5xX<4Mgj>cFz+pEl?Vw9&iu zfC~Axh28@J7Zgt!jr6}@bkkRs>*1P_b>GWf(SlrBQ2#+&;iYx4Vt(G^vdqzrugi981h^JWg7;wDkny-q@HtxT*Wq+#D;q zRBJ}8q|FN_Ur9leHvEuxr}sf{^i~5OT`A5YirW0flTa!DM&q_f{httfkI$%^wT1dh zGBnchhhvQ`-tv4Uf83cnpYLTg)Wxhh&9M|{1T!}J=C{_k6{>A>Ug%c=vC~)7TP_Us zFDbyJT0wK3wCu{sZzqj9`k_nki7qS)O4fI!Ij+KFn{y`FRDJ6Ha!7qMW+EM>@ixzW z;1$wroY37||H!|4KvvFC*u~u2U!CU(PJDVggDzu=*;3OxLukoY_>uCF!FrrVxpG6id9g|%H zBp%ATLKGC0qNVLOXOp5d;Z!4$fwhLA__{A6mvBwBmlz46)+@_3Q z>nx2a3?SihHGA&9o4RgM3STfGioA&2jL3;^1vVcKluI1aHPe1;jn%>ObheaSsyJe4 z_Cf$<38aMNxn!ipjgyGs#xQkhGCoT&wsEfWfaLte$Wln|_qHLLo{R8+(90ppigb$bJALI! zbHF;F9uF~QVIKydP=J&O0BeTOZaH)yxD)t7M+7{((fb6`lstB5WQU;77`g*g(yk!^ zPPmSb8t5d~Zj+#gu8Ht;YD<9mi<`0VgZ+XqdN3p;1EF4^Nf6GISO0TUu7cl;VV?iT zRm$N-Jm6603=UcIMGh&h(p)w1yCx+^)6_w+zo26~7~xpO)dhW>ERtN)no^=qKwEeF zN&2lYY!H7~lwPIfTN(Gks_w}fLL|Phgk*M!4wIIXw=ak7`ZB*) zk43Y*bJ27=nY5C=+%Pa{WNaMvjSRN|Et!jpwwtTkhxDSau4Q^AG1ipQ5hP$%yie88>$^>XoM;io)g^0ew%f98or9S!Si?_ilcF+9TZ+K?Y z`r0RRC%&T8JQvLZj=(U-46`OD!7qEvQll-o7N4vfu3Gf1LSxubB~1jI-Dw1ng-+v2 za}$O-;Y$8kiX1^(eiYyj#>OY^BD4PwWr&L! zbtIlYrmGHr@96AxKd9GJyoiY@mXSf5#={rE7y`1FgnTFRI@9X#!Remy0=*GxZ9ot7 zgi)u#3C3w))1vgR(eDe?n?%p$x9a2xJ9;1olGHIs>}9C#`eD{%7H~)T%}k zOytpDKx6oi2QWYI6$Z|JU(pT~plQrN`}vMyfDOtu{hb|GlyV~j?O*Zlq69>>;>x{c z;T%$G)3@S6MgK_Fml)mSqQ3P&HosOi+Px6C`PSOw3y$r66KZjvELVos?9t^58k%h!gV8Z< z@@R~R?&=kr!BtfR!69?2?$c@*fpB(F{C7rkD{7s{tXCuymfJ_?=ecY$_dXI3wE~iu z>$^&e#*RK|E6k7xkKJCLp`@g7rB15*69PJiN{YS`%1U@I;tXA0-okPhhem5oma{%u zjBV3lYkM(}n^hB?)P8UCsXqCQ3Rtxy=5)2(LxjjUcd(UG{isp0Ol8wlsVHGG=PeTL zpX;dtm?3VX3RWNKxG4u(EKi`{RC!9K7K#d&>T(ddl+f{+kZP#N00BdYXMO3i`k3X; z$iUK>DQoz&s9()YO^61NCcCCfYj)hF7|mG$tRGba)@La=>;XvzO5Y0I!0L+VZ6Jss zqu=pl+G~*(CGwvIBQFL~$zlWkX}`o$BCX#@N+6a8?o6=mEAe9P^J z?Z59H;PoH(%oo5?Hf5Q14$BHUx9nL7LNwW)?~M46>@G@tcpaXClh=Te4I*tjs*KY# zFDKtg^V}svt_v+JYwmcs%O*;VDtOk%rHi^)?1wl6##L!`#guscdg_Ddra(mxUl@0Y zC`7YVVC34)(gyyjIiV>579Cql92AB)LKBkwmNDD#BffQqVA46yJWojm44fkv;lmiWmNq9Pw$?rU$APlgaGDnCx*eu&NXE)rR$#@ zrjy;-tKNkV*16}6`Wt+ToH5&@L-tvUBh~8Q@axB5B~1rhkzq;Mw=UYWCIdUxL}HRD z_a?Scl3TDzF2Lkyx8a`MdeLq1hmFaA@oCy^rI~f2UlY+hy1qu-nhJVz!tu}2%6NYT zyc>Rv3qFk|B<0|wA|MF&MaMJ=gBcbqyx(2t(PeuqRej(Th5j>R68gLx#H1OsPn+}g zSY~X(Oid~UAn>ooUdn^D(H1gZaRZQ+Jk;r9*2uZ-lQB(|az83V@2)D3YFNlyt3gQPF2$mDMo{wa?H zY_!A{j*qVFE*v1i#5(WtRI){NZKcQ7^YvTF9J2BYJ58MjS4&H7$nrcGfU=BMK=HQt zKIz*3Bw$9lip@kGZ$ZiO(+8$KN=)q+o^~?Duy*z)Kt{Pp2hs}P$OcuEmFe^c>$i+F z(^iidTp8A~s|ojohmSp2xV%#1T=fR<(oBP6{Fr8;Z_r%1eORw`KBEe$BH#VFk}y~J zL_>Rww~dRLLq%DjvZXHX$`kFgInckt?Ibw|v%kwm^YSIZBN~$*&nr}s_EzRUrP zcT@$X#YLo4&FCp3l{8_crxaPS_AtmoTtl&lqK*b9|RaiPl9PyJk*H%Vb z!Hi$@@hAjG=nsX@dJq;_%Mq(4(fsDs5mZSkZah=dDKan-;;kKxwkU3?t=Nn_A9ABw zo|=?&GS4u7nRPb$uByrJXlbrKHw+2&yQ1*m_P1KpVb-g1OMJSvHN~b}6UZd!1v~AR z*CV(H75=WP?)CI*IBUKYo=~C$f{}uVanVf0Hl58_DbFbw>3B7I)$8~YPC*vs#AjK| z?L8)wOb-_l90Tc#dHaFom#izHZLV(@wL%3`K7WDL-vKxTc=HRc`mMw#c2>y7Gh%9^ zq`l*@RtHnDFCl$u^pU;yZ3v6z+7Gv?B#J7^WR;s{jLM~%P3jc8ac0yX ziYAq0a%om3ujxHqV)m0zy7-IXE0<|IRvtAd6?{iQmTNrL>S*V7L;&NDyRsUjVtmEt za#9wAH|X1e%mVu=8%`GFdG8K&NJrS1r#8rOZ9RnqvxA*qE}jNy&>mG{=c0H_Zl5pq zRXSKoY6h~;;i(w&%1dT{{7+u2#K^;c7LH%aKGu~b$zi5YV!aG_#)t(P4X{v9l9a$0 zkvGY@0Yc~T{^PFrj~Or)P{UnQC4h|w<276C|8gvt)R*Tuvc*gI&##ofJ|xF|Hn$S56cnv9 zqwK%{@#VhvZdmw}o&FarM+iQG&U6{_h&%XXq|*YA-uQv_py%z`v+apmB&YDmE(*iU zwawAyFNVo1h!W&KKzaqEQSBoBHMx?&I5PQ{M^d81IKS6bN-g2yGu(b<;7E-mx3 zA8S)IZ|=hJ@YR7mDQEqUYPq@clr9`_jvi zZ#FHDQ=iHRlxPjQ4blxoKn zCaX;Ujr0m+(y4NUvi##cI-^gP{8Jc${muf4-M6~AWV=~DQBum{gm*p7jFqpCA0U5a zY3ODm&1LhLU%8~4+BH&T+oYqDTk=@5J+ODCP;5`SZpQ!lbAZ(ve(dYqmLE|Zk9%%d%TnB#>Q5}IwTYGO5BKzu%$?jiipy$av~|@2RX7dd zZZ~v%+gRV_X>EpA%_DcJPd3solbhAB0H+SFOVOOC>`_9uFKtEl7XusN=}o835pn0$ zEk}^lVk`3$9iU0Ul+(>HrJO9WYav#`(*7Ns1`G{aqvdt|s>|JFUo)(hpuZYd&WeiP z9uSs-AOd|dhx<=}UEmo4Dz&$3!MgKao%Mr6nr?s>krdDDA^`Mfmc9XNpzueGC&A2Lf2-O{qzM;3>7XD zWlK6Dnjgy~S7+A!^cP_e%^ru3(hs!+BIn~Yy30=9)iJbwP>es%oI?d>ueo-9;||@` zAypOYZ*QcDOp@4vJ%D>@ovu)kj1Pnsv@^e?jy$&`IFo}lA74%ud*10 z%HFu z6_`7bwNE9zRsU5qCc16{hhI(TbMikny3Sjb%*f-n)-a@CtFMTK9nsB0_CsLxd?Ot9 zIbP{0D6AzED6dc`HQ5bSy-!Py@@S&*h?-E$4wq`JjxqxCv7M;iD3{ip%AwU`nn8{# z94Hk4@Em@c0>1mAR^X z{X)jQf{9O2&3$3RY^#yFVccJmyw^+MZ6Xx>g)`F1EE+VrU-ekU%kF^2D?eytye)V&T4mkzeu{WM30BKDy!La^ns~@QX9H-O=emW& zH;;HyH{YSn0vI`EHSUnm*uu%MjX<#V6!{(%tk!kRIHX+N6pa0f7}x9IC_p0tD@s5w zM00HvB;Ns^VP;i%O`VaJ30+*2zANiyAs>ux`jS7TUtw(VpQW*Rm%4u18D{3=J^da1-GBeEPwtwz^tk#B?QGpXBwPgu;d(6PcUX z>)AVor$pJQ&K~Q!i4*kdsX<1PdSK)4pRVsRmMwM9)={FX5Fh84pqyq!SzM1e^9R4} zFPvXbJD82H*nZjct_W4wju_v58@e*Ms$9`hh!GBVCxA$Gk9~&ZYkWQwIqM=|rfcdCKiQTR z@dMgftyGLoj%l2JWbbdUeR$d=%$+{LOXFxB^5v_ej4VkE6)!P|1cM_L_oj62&kCT&i zgUCtYN-k+1RM0t*bJLAh?3U?j6?IGoI>_j-8H_UEnwuqWEq<{OlkJ@Ki2iDvx3IbL zL%Jq)P(I`})SK=s)hSnQT~}LRL?5GML(tbOU$!$4VHHLqa7!#h>VpJ36^R1PpXa5idV4r))rs_69*~WTH%UhZZuC?@svzJCk4=!|8P`qpozR~Xo?ls@r%Adr_TPv008S2z*|Lg zRDpe`^t+pYiYD=9+)ro`KJHqEJqy*0+tKEEzIkSmv*qacY@1w1HjMdamtr3=!<11S zj10l|7vr0g@-UYUV|LRRTl&YHHjMo`ihBWAwjO}L9bP61JchlSP(hmKp~SFmg99g| zUCd9uheIpN!=IlVl#&=9QgIhQ;PZbt@`Cg!9J3j+%cJ|NN`N%yW#K_@2VbBV4Udve z?@xQ}4&I_i%c|IIH4Qt9e=&aNXCGkg7KXOy-ESCglV@&dGckD2!|sQHolE~kPK#XV z;fT>8q?vx?(>%M44PHsAoi{;!7(upK*TGseNc{0}H*Skhur-^!PqH*xD7zfwHQ7Xy z+f1}ZMi5#rxmftp9G_YKg_cx%K$PmVL<^GyFI1`pg!MJmMr<9qFjR-_xzK^eXEwe< zWwZNUy~s&wM@furgzj)ePeWI(k^&9oP4h)gfg)YNCD{latAAh&_9 zSX8`-EKV%ywidttMgqD^1&uM0+F9wGJR>n3*UCVllKnToV7#~uj)6}hH2$+ED)g05 z7O9;hf=Bb@3lHYI6Y{!Oi-(<2(UDSnBN8L8df91{?UXkEP)dzG2s3&IIvj?rlRr5M z@_L3I5>p_RFvsl5(B{lsY4H1U3}h$dFGf$pBgr8aE|Wv^#|AX`%tt`Gf?$>n7#F2E zp7pTt>u@V|3^jzGgElkgDD>$e3=yohu+N6_WX`$(tvgjLsOrN&Ua!^8*3>q+{tCGU zrN(lA-h(a!k1JFy!x4AHMQCkbbg4moDx9)G#0mV29hk;mqExv5`%db?!A1B|Yf4u6 zhlb#18;oO`>zih>&o_#?)QY7}05fbGGEFA_+wjw%`M33p$P2j>1oHs1h*)Ff+p+Wp z;jkO3ehF4eGczR!CS^@minv6g;8s4XCCy^J3x=XHEXBUpAZK2XIch?{!pfqSl8d#i z0WW)xZS-oPr$$h(O%2{k6fgH2?-0kjDYVc~g-QsQ=9?fwthh=p8MbZPzj`{6`YL|U zDEjKL0Kt2HWx^F^_eV3 zwk>iW}Q(0W}RamjEZz?4|N7xWx27_r9A1EKMZ%mKWbGqj- zB+Xb9V)V-KU{cLD_0AVb%|HBUMJ?i#^Wth0dphIledzIgV8Tdyi*y8Icj4~n_(tr4 z9jDkRYlW7Nr^Oq7ahh}CN&cBpK`c31&B<@Yt%j+z2fcl^p>nWwwLJl7wwdPJ+9Y3= zls9){<}D?fyIbJyb}Akh_haiiM3#~BpdYNJ*bah|CNUqsTrT_v(FVsQuKV~E0qW;y^p+eap9m)5~1)R>&=0)W7liF zeQha@1>uB~^X2Ipw?MEUH!Y%bF|;gLryb6nly%tZmYOZuIftbo)Vo%kGc;%%#g)Q( zti_jQK-Xm}Ls-&rELGAGw6|`S2lVh**y__#Nn0aJJ$6`QY=r4~)h$JpgIWj3Brl81 z*|zh%OVjV-RlN+O0xPbes0!j2g*u}FQBPMr=IYKsv_=q~@~SMeo%E!YeIefxN#XL* z^J=!IFK3srZ#_`0fZW}$qQqFt!Uud7NmIL69{f~yqcYELI802f@*EfxuZoz! zxQW}o5ai~1wN}#)l^x^8-!?R--Aev^qZy#h6Ma0ol>U$B&)-yQ<@j`CCkcP#ThGG3 zH;4I%Oew-HFf#P*S(9o}Fh4&lbNjT;Sh(qC_WVp}!<}F3)XO1>`Jv_GY$wMke-|zq zr~}0p*uChAoQqQN5(|ErQW?In6^_*2pXWdfu`6v))aXw_M?sWB71TBd_nQf zMlcpWnYoq{p~?Y6Was%<=sx8xa>yC6Sxf`f^+Ll#5nm+G8_1`g5kNhSCYFBhEbtZ^ z_0ijl*JIWDM+-@y84?i~Fy~F}<@v&tNsh<5E#3NbkCE&-&y(54Iq@+C%NCCndoo6R zEI?HvyA1+-{rD#bnBSvW(@BNd zUt!`8A~>UGYr3!-tak+paoR>|{3V&ZLv9F4K)l68&7z}&44LZ!0bzz#Qy$lzF#5yo z`|eBzJIeZf9R=?lRz^2X3VzhoN`B(X;rf-KT&|>O5+}@YLr!?Wv|ad&>sfQ2t;_>5 z3u%Qh1ySLjfbxH13L#K-%+3F!l-K8l*H$Ou24Z_SKkk4o`FA}ZJ2*?9>#@EL;Q8xm6 z4;DYc3KD++uDAkaA8)|t>c@5EO?pFHOi4f21RtVa-(a?QvW^^8W6H{hB&N@|@io*3 zcGkv^Cu6;tpWxXGeU#7Vg!r}#-7bZ(tKVbbxo z9`hJJ@ls;oSSfFZa}SUgviH=kma(sXrKbf3wEo5kI@ME<$y75GAaerp!5y9r(>-#$ zwCL!lKS4^ScpxZX>)SQiFGa-k>gLfps4(R}ejRv0cB#sHfDXq^LZX>mZAj@^I+stF zf+RSj0WSh81IT_J16%?lEt2aWj<#)$Y$AcYE15P8av{2bKq@5Q!v}RDUYgqx3AEG} zA8OnQ%oM-Y1g#?@C(sf~8o+Df`y6AVCw6`y$qlTKX)K`YGogh~x_|3VLb6SXr_1YD zcBkLDuWjU?au)*URHGD0^}Pbx@33Cl!Me_BBH0KS(|lyw+X%( zyXncfCC7VKWG*{y#q}eUZ{TAvLV8@?E#!oTkIQT5~8HtetYT@r)2f3H#%0vPV>9`h{7W-I;}!%MP&Pm$7fil<<*xn2Dq|j zOtwS5j(gVbct*2!-q+4W<$l5)r#!PQ8C@;iUkaMFdcF>LVB8?_n}@4WBOckW)a-xcyHU!L|Hz>-@UQx&HgkM0xlqKx z*iN54VC(LaFc@wT6UskD+uU;P)kmK@z`(s{M@Zph8!5Q)ykIj=R>@Mw>562EL| zhSD@?M(3xnW#_qVd&DqIulJ|`srAcly7g?1PuTtatUt|al-pNC=caN+uMYi)ec-$L zn3bHif@TY#+d?4CSedmNLDDKK{S(Q{bV~&wP3V@px7jXtHw~rc1}srG(^&bH>qm;- zp4o9(%{qSA5O>|wy?S#fz~X>WYneeT@fnRT$r_4@ob&r!-&lJV$@GN z9Gt zx12yXajPyut`Y5;g8KOVu+-K?Y1mgpCR37>j|zR=vdyYiwwmPHQ2fVdo}Bqf>rMQ} zWcq+S1$apR=+D4N3L?G$!|9)Fl=3Kfv`P)QxC1T8wL|Y4w1vq(5{YY7g@P*a9M8q1?{S=@(U?`N8bCQ1 z1dh8xtyY4)&L+JJ$VB!xaL~q`Kat8CSR^$3{^!Q*h-#;I0Sfrc@^l=fzUf{c^;vMI%)@*5g9pxsJnzordvTlX9Wgg1mg>}_Mh%&W~QQ1eXJ)z(ZICJ(D-DT^CHP>{gL%OMTAaS|+!{iiXTM2*A%3sNuO{_^NFT)ToQ{CW!C!-qQdKUiQ7)H+fc86i+!RuhzQOJn9D4RLC|rWwhGC!X zjG^ieFJhbF*E|8=XMb4Eu6cN$&AqqAV@d0mY9BPk1m&Uz%S=A9`ljs@)d3DjHRS}!Fg~PWuqwcSNazy zQ+AQ>a}gg0cBx2P3305OAZ0Ww#w~YPjVsIJ(n5@|dXURsM+Ng- z$ee_V*}XbGWQy^DY^#$(<91cD*CyvK=QJn{F;~c0sMY$eu3NtOIUH<@GI}eiJ=B%F zAxj<=@uft|IfBC37HU^uKMOXw`P$1ZtK~1^GhLiu6Uh_ljCK;}B=}+B4K%9<7?0AM zb_LVqJ&iHq#Yv|fdcx!;&HrN)tzjso>fv*DXU-fEAQHGT8vEV?(PQ+ugu_)67yRrK zZ(^Eey@}}J^Be3TxRRNj2uRj2aS*{Z>{mG|Zu6Bra4(F~GaFwMo9ULB5``!I#aJ)o zR62}OJw*PH@V7?K`wA$K4HCMl-3Wx&Tc!K8-+yAS3jZn|QX!+*%@Aji@?1?Ts5_;v zu1(rAieFNT0dRnwf>8uex073`f@B1Fkki@Eit!vI+@W2FUukWc*zdvg9NuW7? z6?%wW!2?WS_(M~G`>~kqe6u}frW!~(C@nd-y>=>yz4-3h!I8hOt2KBY*^b5ge^`6V zs3@bpUwAA~6c7cJ25AtKZbn2}x?2RKLArzyk&y0^?nZHF5Tym_lt#L{1_sZ*M(_K1 z&iVGP^?tymtR)P?wf8@M)tStnuH+mMFGwuBS8;?1_{7#OH6+`0Ju+p z7?K3BL!JY!B{NK=;L`UO(%2DrH_j~pwZh*6Uv-sq+gmtHMLK%7rz|T!>4}b+ z#H#mx<|blhYW;D*qN3^gTmI#CbG%I6s>ZJN#Kx`ihcDs}*V_+^$LbB@(`rY#*F8JJ zDPK}+-vcU^k=A?stG^3}atqs1e*b|rlr*r}ohJ;2P~CBRK*lDj6z}5mri0J;CyW4f zh#DpM7)%!J`|xhtYx`JJ_)kqucHc^x;uDSC1vLSVD`zc-0Im}Uu{15Uwq>NPWnf`} zo4Ga_`1 z<6-eO!3w82pVgwY2{OfzJaJ6~e^n!{xk;=gw0Me;{M0~f((6lzngPQup-0oi`1sR) z?TPSc#I!9(Zyq6$Bs;&~p<4yEx5=Q~kD|kazGVw0Zgt9hXrTm9^K{4$6BbhlkN|rb zMS{&GaY#)`?Lv4pW)`>9OAw#}Z4dsyw7XoC5GAxSZ9`<5jRofxMKsD`I4IJR8(**^ z)53zs@M1cnU;el#1{wn(F_DGH9p4EPEt>$9N#%bl!TbL@UI58F)G0HE-~#s36Cm_t zeycj7f;B=G-3R`+Ws#7P7(-g%{Mn3<2cGY4#*Hy`-|i*a_Scif=N5c)hLEE2@#+C# zdt~yS8wG3@$2H;pOXakq0KUF@y8k2lhUzfWU&bg1VNol% z31{??skO+Vh`S)cE* z8_x}Z(`u|Gnq4@YjoEjXewR#*97<#^5s1 z*14iwY+NRSN9Q+vQLif3-=BoKgJrV@HR@;cfgw5x8C@IHIC^e$pQ^LrPW{uS-2?Q~o7EQw>|~T#)#p+~n-S0BiFbSN+J;Ho${Qj` zQu3gTzcVM2N~57Gw{N(EJ)-%6duCG}Yw4O^$35sPb)274g<66%C}A8PQ^{;gDW@$r z3D-0{TW{TU6%V3FsU`e_QoB}C*P~aBj(0+yEq8~b!TG-ud7^qwpC2mJ!n?Ih&~+9s z+C6yKYJxOdNd(+e_UOD}eQ(4Lz8-j|jQ3w>8Lqnm!38DO$?taBMP^|T_bG~ zi&2zWlK}Yq07(B69$(@dW2P3i*n!Dd_7kMat9Wi0bOAsKK){f1@u{TDB`#%X_F3~e zGYQWA5bzw#RgLXD5T?u;Nhq=L?^kSsD?-z+6|<`UeQqsq<1m038|V#Sgergl3A%6& z(5=74c|NKQpt%4_`dzk<2HL-hH6~o8=)2rs8k)=}qYjQsU6lvzoIWm>53!k6)`;&* zJ(xv%wO3~+Sy$blcL_ok=JXJn3|3xS5(f~M;Y9_lwDdUE@Bxv=mc;g_#s|))6M!zt z_2p0)&vzgyDmd)B?zn4U)XcM*f$fs+p<8eVK4T*k$`v(&OHV6^G*Wlyc0cb^js4{Y zd9KHd%f70MvXMIbC*j-rm@#A7G`|s9#0?|Xu)dr6)?2b7XGeZ@z-HUVu*aPiZ-;2S zD>7BY(l4&jD_cj#%#Kuy7QRjY>ug%caga(@v!-pAas+>^TtQ~SAZgt@_j$j})e^#f zkV4(edW%3;N73(5#YgPAs<tGE`!%mJ%fvsnmWp6&>#su9_)~4;?}^67 z7P&e6fk}mQ-$iG(iM8ycf?3lXFRjyGyrsvm)-KB1ausEB;Vp6Y=#I|xI4)O*Z(i(k6wi>LU(M?0Z}x{2@Lt*WfrsfsJoh(CZ3jkpdra)x2l7U& zjr(~BDB?1!V5Qrf4BrineWgXB@^qu#*XWLn*urzZDlRxt681ZXKGL}7%6ufpqr$++ zf61R8{n}A)Iq+3Q_2@Q3d3!`}EcI&zENN77Ql7}+ROe>un#Ge%I={vg&D_Wma_(U> zgDg$UaaMNp)EKZ^=lb;5UxgVXJW(g=y=_zSm0$q}VPh^g??iq{~7l^-xZ^8di< zsP-+DCl9!0PVWr?75er{X3*IA>`o9!7KR&8-BPp{e%;2o_gI2*VOFzR7sR;qi`{Q} z=5ucai?y?!%YUily$A16L?nqzWMTJY|u`R4grcBy-fBySjwYKgM` z_z!RIkL0!=WQZiL{hRfi0yU0-Iuttso%~>rIQ*&sKU{{ z2itKXsbu@c+sJJpg#ab7ecj4-_y*Vj8B(RV_gGEZmE1wKd1{L;$ZF`jgv+>tQY@NP2UdE^J6Fw2CCQ%xBomQK?2(L<_<|`u- z7dsb#{j?RrG9R=Io0nfz`(IoIW4#G{?uQu`$m@*L%% zW*sm$QpUT zbkrMmyf9*NWPEQCSb;F7JOG>ICwQ6fB_o@l!4P&U%BrOQoWS0`(ncnlM9cspfDAMSg+`RGJ=)ym+*Zb%}+nSauQbP6_azZnWT;X7!2G9A0?( zsjElolmgnFZ1k8T?MSn6=;CSJnGmbK=!lT6kXy;-{C(-)N`>%Csw12q&71`Z{2QJC zeoOldgl0$neL63#$-BD-f8|=OHB7Wf zXR*9z94?$TnQ*4bq9qYH zb5?S?yI2LkS?65~r)3-;35k=l;7cesh3CA|d}e2($ZN}XmLUN&Nq!L6C|ley7ZdSq zfnaPvMTzUldTmC7ZnGEP_`SCiwfN7S+AHjGOS0W!i78(3ARF55?1^6b0|Sp?*=f)M zGqcuG!TUTRo~?>6Iy|7O{jp+gMM=@vulqCd&4lqWJME%kt`}4Pxr}Ev@7S2k6{^&G zi;86w;f?$GHauwA&Q4u^Tl`4s?^2iEqRet$DG}tbL^$o%dULB}wsp{EG(8ci*5&189>^ znt*vLd6HW=oFh4K1vt&_4WEVp$2F%z z@PzlK>7ab;D$KU&SG$jT*8C&hUh{e6LmSmT@g=EhDZYB!eoHt9f z>2*kI&@E2vT;$ddwiqy0k4`CPNta~V zbofT6shEpc2jd5-Hxz3470;Z$`RVn8Y7!z-B50mJ1h#u=94CaBa_~;(ZJ@F74~!LvDI6tjvXtAfkpWHx&Ort>)E9aR+PzX$tzG?#qFNriFB4R!W+V&YQ0CcPA?d}bU@r0~1)1y|2>c{a zC17UPTJbAAMJyyj&b9@5SXPaOrwoQiKY?X;C-dO}<-JW5*SpM+e(mJUC1?X_DaIg4 z{{Jg2M zB6UlVeVQS%AwaP#$BNOfOd3n(h2qP0cxSC!R?r9y5z>kjUskkY>K18LJ;MNh-8xx` z@MhHGd^fy2nnuzr{lgZ5sV6%foW+k3ZPhZF=8RDcXC1AIb9!Szl-;?NcZ|8fUHnrC zI>48}N&oi|^S2C2S^#=h34md6?iX|>le#Eh9CuD<<#6#>JxBVVsa91~Hw1N(7+UE) zzaiaT(0+ROZ7F2~htGrPr(HFZiX1t+K<_{UZ4(^Z*~Y4?c0~JNf?Z|=m-qwZi znP%aM(A;*wInPy1ji9Pg>kPk*YU{J~m8{gsv!sn861A`G&cd8Jy{fcNc6uV`KEl6P zXjoiMw(~BdIeaCYwy1NU!58>OJ?q3^aFev;w?t%2;F|%Ni?u_*M`N03rR9;6lExlNUSZZWNsPml1BGMZRlSNPs-(-FsOlo})$JrM8FevGAi){erl5)wEK@AFVK zZ!{YJYqrY`CaoaICHE@$hWAx~=`M!w|Cjk62a1q5G?RfBbXknamY%F}oI-;3nSBl3 z;vvOXWG7Kjasf3e$aRZ&gPvXshhD$uDq`~p9&n<7IQ z86+nS?5JZ6AFX-kCMbYtgR(J~EwGiu*vSCfU`VR@ck0WZJTSdkKsE5&H8${A zLe6LJptJ&p%0DnI?^xSHT|_Zlwo0qlQOg?qXBjat7!eq3YhGF4FT2qD1DlvRGgp>y zNaYzV;|?sD`(i4Y%)x0)Zy%PHqU$1Re8Vr5r94Z~#o7{ek(Sy1vA~grL@PSpuDNPx zG}TJ<@sP75^WBfS-u-QpX+^HZH|Q|L@szPe5Gp3R^if-Y*K7I;ZS$NBv*!T7n4XC; z=lH9~F;md}rL-C3%;9<+e#8!&^>xL%lD1v2GGhRCPwS(xni8|YUu=GxtHK|y^;a!M zqI{m|C%RAL-4CJ5vGZVAMcJKD76H7neVH-&{8>0@MRxUBpG|Ln_z7@P!Gn)l!nfMb z#}ju+0w#(zg#!~VkYJ_r-y-FewXrnO!L!kLkktsbcdGOF*9$gElJ-zHO?zHNDiKUD z5?ymj#R4%0fdeX>l`8{OWn$<1CmJ_3yo-X%HXiR6{o)#mB<3F`G*W|MSFjOL{9L!O zdbssElEwvfDQWDygptv-jFgW)JqQoU_vRd@K;pM?N~@Y`c*n>9S1mWWf9PLEWglIWtl2FB}AdHo*dAQ(~yo9^%VqPR&beC{9cezkUJN?)~ z^kJTzCU}elE_T*WhSXGe%IVBIL%#u7Ts{Ni^9Pt?fEPcL0Ze6H4g=mwWW*duI52oG z>3Tf~jBqecc^W@O3o}PA{&yqy;>6Ec;AuHdC_bN3+sf_&j;i3YI8g{@YXC5tA?`OD z?rIh70A-R>$BRK%_;OGMUU}b27?px$Sl2G=s`rh`FTtB0Lmf{;+a8YrKE8V$7_*R; zsk~Ll;Ekk*Oix2IpH_p zO84+$>%o#|L8>;0WdszGd}d}x?c|af4b1Mts_}{LTmtOQb2pePdeIR`o$L0=!tu=jTk>tc{zOjD0ZE4ND_pqcuV$F4q>Bm&VT@B&xa{*_o>>v3vh^%y& z6d8WX*ui{NnP_aNet38V73UhR2-#wwd-%of>M8!Ro~@NYc1mQo0mu7O<34A?*rIGV zPvsFqH0d3h9#XS8?D?6U0-1&om6~|nBs>2{k7DE=pNTZ;_kjH@BGj4KgCRC!E*xb# zd%;W2d_>Wxsv_@5-)!1THATT%9!AimjhkJ?I-#v?(N#GjT;)y%1RW8d8R?dyf(~e} z5t+Q2F!ssv-IS5gelSW>3af4XMzxW4?xbm!H1C`&SENTMK>b#;5r#A0R%Y)JN;0J4 zlv!W?kCe?adH>F? z*h@`ot0NYtH71t|`jZ_MIHZ$e=|#pg(@*$*x0TJ6u@9V7X62S$qO+TpgpV0djP0%l z&ANgo81uvfN_@5nwJo*-D#(^O8YjxP54GMr%`_maYH6k21lGZn+0TZ)5D%~2h2{`(8WeuDH^?k1QwV#O z#1qA+8S1Ydvp}$hE11Ju$rGa%o4DKaC1cHis?mx~WkAkiG~K=#UtQ$-F;SY~ODi3` z#NT9C<-^wVHSZ5@38=2+<%|BVXKX`Y^N8G*@ysOQA-nV=oa$?c7xpyee46cHv8AD7 zR4zryOLsp)@^@mh0~&e!U;&DOh985P3+5Z{T`IC z>q!N6tLC{x41#}1n29!gd5n@z@{GTK%+e{c6cDlREIN5M03a~cc7@8yZ~fY z&QxQ9Ouc0UjmSWbsd9Na`Qz_7FP_VS;+u}Kw+5?9Oz6jDFsy-c4Anx&s4tzE8YUy+ z2Y)Gb@oBNK7Jr|+>F9ob&+Du_)m6ox_JFHXW^}c zJ3+@D)l@XCh`r^DX;6`$R^tbP8i?FJHo36UN57^b0FR=@%+`|*Jo&N-IfR~d+O@d46O>Hl7Pe&2O&AAh6l@oj7OPG8cdHA@9LH(i`ZFqjc9^yB!n4M3APTA_-3NZd z$3;uOv?*PDS(!xZ@fWPb7xt1wM@g>zn%NqfjfA*Z(0r}}uiFP?Eap(!zy3-p>ek*q zR$BrIHQ+ZaE2|?ea_^h0ZgW+-YvS8Ku&>wLr#z_MexM}(`d#>W3u5MS{T4Ef(;~Lrk-j0 zt!giRRS4cmtz%#2$vDwf9)4P5_@Hn9tMYNc8ExZe&^oM7m^wj;uAVkmTo!Q>dFsvM zQ+%?v2Ea4RkLDf#JgYiE2reZ48ms%OskA)JqNw0r&XYT_+^%UTaVt|EmXnCKv3A>w z*h5SMgf{lYAOH~Tt38eh@9zOBI9yq~ayswfnykXUu{lu1NvnW$=FKD>S*9yrb`%;H zI=PGD(G$tvTF@gG+wf&#c{@`f;4&Fm^x@Fw2Z`iT5nh z3-%;4OBEktnv*IJfuTlivfl8S&w?)F&SWsFcjh&_l!gzR2PAOWsd(MWPnBnQzUFap z^FY?ry$v310dCbS!Eo^p?ZrPm@vm9bvaq$)2u|ub>zZGzppN0`sNsnQ9qm5x%WMtR z_tg~mi;rC*yXuIIe>`-Mr}t3%w41jk7yk?l#T7L`0Vr{G%$YFemCu#hb}}JymUl8o zrC1iv2Y)cHZD?Ka44(M!h?y=hpDxX>G_1#zaghoAkZ@vtp!k^Y&aJcKY>wo=Mqj2( zz$ZV#t0)ZJG&07_r2>$}|CpbctoI$zW`Mj7W-bXrf0BR5{@;-#2eVFX628>|b@RTA zWJ)$v1$nl=8;x8Fz4oKg{b+ffY_@h7$j{7uRrl!18{wgPGl3YsUrrqpcl64ERdl{k zTAz1Ja&b@yc}iqE)5Gs-cUopI4JEB2w*ykyhHr~h`Z?V`uz33(F~6YM?@hKN>NBSm zaO50?&bn`v=7XVibA`|>#j|%rG*o=c`Utz;s_Max84<&lF=qAl8MWj z@?o=hJCii%8(3dIX6B7cHx_+6*;fT221J2F$gVmiJU%%Bb;e({R83#3Hu*y7L$e}@ z`u%Y}bvytjO>gLSM(WGxkyO9p&9W=At}E6$oqzILi#1qsX!-+V6*bGzU~$O9s!bz4 z7abL*UXrVRc0@O4JGUs}>#BNqexp>SLIIT(r)=+Hl16)YN;c%gJt8UIfuho}5inul z_>P?~!W?a7?d*N~B%tKvse0J7A#%*@kr|gMe3r2=EsrvNw2$)6?$L+&>rcwlI_s}I zvf#KZwkCBPPxzF_WC_z-qtjY)$ld$Z^A}zhdS?>b<^$g<8Q7*Kig)|C<_kTOwYBUiMnm z$PE|CY?IPN)i%V<14E(@?DLnKRfN&G^mDyuRx|6P(_d|e4@L)gbc1iOvz3w(kDFFT z2=es>t-Uea71!T2Othvu!%O}}^~&cfXmo69s|I~G^(3sWjx5t#G$~GjMWTj3jf@0K zfw3P6H!NmR(pw7V%$T0jBy}8ibU*-QGQl;jh}Ul1sx2A*bdb5w zbDn3ff+E`67KGv_@=-&tV*L{^J6ce}E<+SnV358}VpQj6xJ?-Y>vRjg;uK)MA(Ykx zCg_V|6VTO!FR(lS90kUq!7-h3adxb+w*Hx+3mzf>HOhXMk^9T^c>&h`Z*L6&KLvU~ zcc4I^4v7f$NGW%3^D*B_1?ygB^+Yn3*A}N?iVb^w`77qc`9VRBAk^kNupE+42gVzJ z&5A(Y1sMOKWG#r)ikX7J<@fv=7?&Zd)%0g0jq8eM6%K_ue_+M%tzl@%`u|(W9Xi1p z>i&(DT-J5>$v%Y)ua7Hy*vo>lif^E$wi`88Z`FlcCx>*v#~cWLex$J-}* zYpc;eMEoME}YOvYrOB>#av1$6VfGkBJj9t!!RRV-UZq4h}RE`j--`wY>#y9QY$pJk|iRBqlf zyRs{?_Mq6S&F*bUcuO0{0DpXFSrUokwH zE2A57@a^ErKw-a{%j_QNzQkEYnQJxJoDB*|07leXP?8aQ?2vn?258x#lFazlN0ht~ zW|F9TkuhqCH)U_AM!dE_A}_HYBECLG)MM{M z(JPo%7jQW6u>mHdfNr(2CRDxn*Xqh+KnmIK_Dm%uSDKQlJ}^ue+diY7%ZpwNMNlq} znT%#>nR}D$7|?wrtt_rzeEW;!h};L2mZL_)Tqi-C4hTGQ%?P{-eH-GnZBp;F&^8Ny zl7KT-v;y`>oisZV|Hjji3#tm;;7s0zh5G1|W7I92?%{eduopr-t265D!g-wqD3M)d zPvdaeUa1dx-x*#+_W*6}+N)SJ3O{{QeU+(nD5{_2^AO;qCV0K=IG=IQBhmcK2gx|Xtos+>5&cLu#TLG%UfC~EOSW@TI3ijHSJw5t8+HO(k{A*xHmrzFZYIuG{%{NLL(gr& zA37R}TL_A#WQ^s+C7KZx-#q6CF+oKSr8#yR6zfZQ;f>8@#^tp(@d~HK;AIbB0=qyc zX<5!2)15lWU5&H+C!dCTMc>Hnbs#1He5>qxxN30ix8e15(Yy6~JaQ`e?F2o^?Tr16 z8O!4pq0f4BV(2McB}wR#qocu|SyG~by|qF_r%O?C{8%*`$Lr=}!*xSL3lE#p@LXMs z5#_+m5`ftpQ1ljv$dpAOgMoIa!LnItTz8|2px0-{3afq9&}dv=%*zaS3K{(HE_D*EV>ti4ZXK zjrr=)S=c4#t1r;v1SccrtFDy+ah8UZJT3ABnC)XvEBDkk3*FkwRP}e%L`n#%<#(5;aNX4^b(aN3CP;NN! z6GORrT$YfA`Yh{$LxcHA6VFjG!+YcUlUn-i&KANEde0`Jq$jMHk9ZF9Kzl*{W1fQ2 zyzDJ$Y}{~S%nR8(Aw!DrtG7i&cC}@R1uZmG`?p*9!hc=d zwICDs`VRYx4rs%di_8u!Ty&YPDo`omm=Y#CsUNT0;2oC~K`a3sL@IhCFD|7>db&~ZRz(YlvjwZu`G&IEh zuaeq=2u+5FrdajlIZ2B%2zgE03Tq6{;mL;blz^S?M76;g9(vL{Y$hF0%tNP=7r~-j zMMe2FB(@}^2O88TAc758r(*&-p>PlgA;GK*9Hcw0-)Hgg?HjD5`%eU&)L)a|sQb62 zjDe$ly^Vc?7b-j>y|wxkE%ff`eln~fB7}HHor2CHepko<>;=SaV6y~9o7+f0Q35(w zY2fk^mv9aA19!&(V*u3n&OED&Pk_6l$x5t#(kXvYj+at^AMW-^Tg(U2}Ltg`+R-+ieh=X zQnxErH3vkID7x&-e@A!rB;1mj78Yq7w zkS>v-wK2D4vZRe&mVQL^MMpyG{8;E`9B0)-(d(PbOGJy5{39C2hP*4T;+Ddnq>dZG z+^^UK_L_Is0R%PBbA5l(`n|{J?GxuRBKm9x1&|MXOgGHqg?B;TBx)8EFMkgR3l!^- z*Nq|^SZhw~FY1*4z+B)iSYk^%xPrz??CnnqTK%%8&CJp1JdExm+om9!h z1A!EQ->;){^pp5NL1tL2TBKqWCo#_*EioV|0cu57ppmwi%ZO-e;^iT7vs3W%Br(# zn^kNZ?h4_Tz5fzu;Bbm zrKkOpnn|?2fB3AK(>R+ZHa6ZkpPO>>#S@#hewjAOw^T4JwZxkGi zQT3nyG0*nI%KPFbH2-X5?&10KTysITbGbOf;~{5Mm{+K$NGLit$AV%i^rt5A-mUD& z$ENVWvXEE+dVMeTZ5DkzT+imdyc#b_-Ol-Bh8qCV^$p?GOXacLhf?ao;yTY!BSkY> zI+hwyI)=Iu_IA|G?JWMPC#3WBRJ(AgUH-5Uhle~2^BuANzwpsqwtrv>jXi)9kc%`k zG083s$K6f)F7sl>bIygceYn`fE(I}ZJi6k3%rn3Lod>yntwoWr!=>JVSwnS2Y}L?0 zljC>qrIpmjzGy*w_DxCJx`4|PNAPLN_MKKeOP(6P=Ynyc`%WbrPM6gZr1ftGdSzO(A#d|%Rnm8J!4qJT=| zQL;+AFf%vj!^m2HP4S3t2h@Y>iwNv<$&qvF-%ND(bi5r#qVFQX{8fM!3H7Y<_hxjn zYblJ(87r^1#jWVS4iX4VYx!ouA-ExyRZe8gCEiMTz3*HfYf5(Xcn^HtU`qyD{nNy${nBXVNH;t(Ii!=gx4hr9C>TCf;Qc(rH_ifl$_Pc?QA6#g;?#0 zY(R)#))kG?M4sS(i%Y#eXd24Ecdv?$>_f*l{vIN!7o1)_-fx|eN(*BdvX6(a(NJHO z`9>jA=#g5Iw=!bmT3{efDlo&SKbDYPDxdD|$><{qdZ!#yTUh~;z6H0fHo;1rX68`!!r|L@|7NlOG2B8-#! z-+&ju+5xyl7a3fH(3vqu$U*8DYw2Q_szdctsQ~9~_v*bfto0L>9nE8M58va)-huRo zT2V5<8$59-r8!1uKn={ZbYL%N?hID91KcLKovx4aHxF}+W@;!vg~CWcahRFSp>%qT zViSs71vN6}7Wf2A7W(Gux3p|}w#M>Kb)RrjWDVAwGvBHvGbSTEJcO%C_<3%~K1b}$ zEFq3OF1UZV#$LT`yjhi=Z=wDRPwjU~OO_FsKU5xq_-D+Ih2e<+C=2-(eEAokSpHu% z5@4bKA8Vw66`56VzU?bNy13iVteb@#SGT_vM%9YCvbVP1_z-Hr3Mz24)W?-noUcQb z-Oe9%jnQ-aRedg~w2_9J&-*u!fx<=nPyc4AS{@QIWm|=Jf4)CzQ72VCadBOhK8~Np z-Sl;2`oo{?Z?Qexsc%KUW&Qca;`ery^tf#*AdGa()JGt?o(ka`p$56Wy|6T9*^{y@ zt2*rau`7uj-^zdWirIpy>oR4w$NbO;LHreKV{^3PU!!Bu+@O+5_|qIo!t{bxbC3&` z8JQ1Sh|4%Ja* zob)zUI1Nl9eP5n`4!az*p5fT7G2X`vhKELXCXI20_7L!${N2 zPO3NP=EM1!3S$-&oUH!T6grECHspb&VZ7y^I;f8x)PHP4Tr1(h=R9k+j&o&< zL)tz7)8)mL&B0Xz8RK$%h3bs>!Z_huZ zoDa%NI=j*$dLO`pFKu{qpCw97M!eolQ@71J)dVW8Ifk;iM$Uc3nF5QfsFlWsKm;-? z|ClO_)qF_NF)9a};-#Yp9C#F@7q;hF@hP`dUuLx9fKdkhy0TMRJ2;;gL_N;VhMb6{ zkbBnIzKa_^P~R4mNBDDCrX+D)YJRC=LJE+7xAQ=6-aaJCebRKq`B~n=G&Oe|53##9 zyd0yl5IAM=HK$ujeTc_1+CG1JQokF0n*C7fQ?J+tOA4VnN#*n$(8GZJUiCRhd=0b_ zmO{S5i16Hlk|n`xyME%KW)kJ#&fTmbl0939TeLZZwiIN_<}QYCxYlf-BfUf&O?wBo zd9*scJwh9AaeEDp6Bfgv8X-+PkkV?~q^x2qBYHAEGY!FiyvnJC9s~nm#n=h$DU-k- z5L9LavbF%5g&s8f>)#55KPCTn8j2|80Mm&WLrUQMdVrl+A0m`iR(d?01%+dJsfc{5 zcjy4xh(eLEn1BwJ&#JLt9+H)PArlk5jT^cqNY#|I@*^Y+|EVCUjR2iV2PCKQ_tBZS zm6<&r<<(r#SgT0olmAOL`7w3BQ7)LY#GtPPXg8oJ{pXcIE&xFJk#<&%rn5VDLWB|% zwH2HC&x4gHscXV#U`PPWlHMGii!g^_lpx%OAhtW`uLJ~g=Kxuc;M#|L3c(l$MmZ*M zGH(9&Gf;@Nq7}qc0k^ZDz%9FK^^PSOk?@S-+>|Xn!>8bKPybZrT6Vq6wa90W98fdZ z5u4j+B)H=HPGR}W)&3*cN$wi_5vD0Uuwq=#HV>EJT6#MqkT#f-%qgBpRqdB?jMPiz zua|Gt#uHqL@#9xN7a9;r#*#Ci-+KEEJ9F=S`GF zUH7>;JX39Oa!`B(!qEkIM%)}GHpY$hBF}#G0Hf~nr1AFxOOZ<9Ttg!cg;&jC&+fxi zEszzPpwD>428NHjM&=;E9Lx`|-cm^a%m?JrtOCZIS2I=`BkmHS)>$WNJEFNYUEQ)v zr;Q#b3LW*A^eXI?@-l}brb4^6Z?_Yx^tp$k_m8CpM`~8LUe!eZOpi0uz>j*Mj?tza>XH~YYkpP3_|O{ zAaey$Vc$mLDO}^1wEyR*nfnh-7jh*!yZMQc6Ijs-Liui_PbK>dZC?4;NW-EOmx^4p&GWKEU@oH_JS!9qb;ol}gUy z)Ro!mq8f6goPY3DvS4G|7I~JxRlG&_?l)HrU1(5wT7L23)g!(}JBqc_I`XLY_cFTyvgB+!Z#Zk0K^hOIhZBPlzZK$U0{bmrjmxVkMAX$;e(} zgqaN9PRwKBO2wXERTwWg?om9JI?P4-`3pV*X&Y0m-pv?O4&cd=@UzFEoqL>F&jqtB z0DgByAVT5q0fs7&N>RC!uq#CU>x+E{T3pbDB4c3xAq}(v0E7BYwzdLq_4L<(d=#lE z{bS1o|HqSUu81#_YED;tBS*6LiB2MbC&}pUVHVJYu`q8ETzO3sKcwb#c?g_*oZI~% zA=|!I{IjP=T2nC2(S7LsO7ds@z`X}(IQRj8 z>Kd~i0H20-)-cc{D_zZe9wN<$Z}8g}Vi+3^c@t5{<}3NTFt3K?CJn{sHWL!_Utt{2 z9{X_IqYGvCx+a&!wgJ}i?KSU;yOJGT!-`J@m94DV41Oa+nknvm0@8#S6^Z~n1=dD_ zU^kk#PNA1av28Ea1XB97@0X%f6LlJHT^|0Tv~-Rkdm3 z0j1DeZA4Nb%eODgKN3U`4+6R*z>s%>r1}fwx5e^Uh)Gty=H8qfmWT+_rkWJy;;R8r%wh(NS>5F>MC;=6?smzsDUwrXY(7oCl_5AJEMIZL1dFFRA_$ zEMxjA5BznBx}f7R7h1@{a77Tmy@6-J?5y1f{O}(o?%lk`L`UxH3&hj%OJLwG27Qm4 z^SPG=DQ6bAoPfbu9xEVrL2~qxPcdp~b zSE?XSPgqJ!oE-L}4=rUZpZWGP`yGVpaO<%}#RG7;KQTSvZhiG$a%`=+ zFv6 zwLB#|!JTS9kSJT);RaV;S7?$MypCZNd-@kS2=~i&c7SNysE8)04Tq{YxZuEhBm?Cm zK_xkw8-@fl3CC}!)TWe}aEN9Kp%f2U13yRc-2wXSM+tWW+whOW0Y8xgyqGX~-jp-E zsc*^20Bj@l7cepD`Cr(`S@w>%e^zD+CWY`Z_1U1MM9jPuZr2JR0&@5-asA~0Qu=t> zN`dtah$6(q^X5V+!TyAhz6;ztZ5W{DO0v55_o8B5(3!zECBl8J3ZSO>w z8iBAOMy+l{@z56+eRz?Xv|Aps(}kWJ2)=d}34)`1z-@>TB>cA%{MQj;#Ax7R09ok^ zp?^D=JlnrriwJg~@{8(+|Iv`=K#uJbe_7^$Q6R3So2V2O4p6H)`kx!Q*EWKSaM#6!h~g1Za7@-;KOULJ_jrgQ^I{>G4q~9 zwA7q(pU@K+uo3(58n zI+78e#zoaHR&tdknxBhA^Xtv@!oA|aolN0@fpSjg6$l@*!1@ghW#E=1gw=q)M+t;F${eI$P7eH+(sOFt{-M+b3lg< z8VxWt7 z3}DJ3V68%gUJ(;&8#ripU7#?ev@Iz4GAPKEs164>LDLJ%-hU}pH&dOFHSa*twK?Qv zUiG5UK@f79Bm{zAQ0l-DRC$$6F#C5)pffw=4{}j2(H#+@3#ewGC`@24EN%L2+}HB> z5FRR}_>4{KI5Gi~XTcf7Z2PZZg0BLqR8z=&4q?otM+sCPBo&V#{~R6=xv4_p1=@U- zB2MxG>cK-IP)K4KR1_L%J;K1XUK)}jg$>-PiLbT|C`(+sM$bn07VK~nnxY^SQw;QP z|M*haL;Xg2FC}|BX2JVL2r>#Vvbxuz?~?Yo<{6=KmiPn==|8oi+QB+E=C2C~<{VuI zr3uCiEm-GKgXZZs5Uz~bHc&X-POc!R*X@V7gCiIG5m^q-+c* zk;Hh9y^OB@pB5Xsv;KV`W0?Y(e&*So(H5kWeQH%{$GIW;E_*x@z25*R%v2w8k$GfF z)`ns;YZfsF#KoQ+z29d6XOIx=N+4D-RJ$=C8fY+bK)BTZ2!DcLuj!?!Bc$wA>}230 zxA-7K!OTn_9{X)F>fURfk5_@)C>YU4^AGbbwiFU14>k}@J~lNJY(kx0XS~USpUJ&m zL&bg<@EZ%r_<}3ThcYvcy*cOn?xWB5_xSzs>yMmsUiW%k_jO(O^BVVkpN+ZyOX!|jRM#|l|<8PY2uT~1afdF zQRv%?ujPe#Q-$~va3sv=#!gOa;McIdxBn6?`9Y$ksdK@yy%fDKkz!Sd$MXnN^zr<5?f>gkLcj?D*&aFzS&89fBR&by} z^+;5_rGK~YrH9{8FRF`5z;ub=UP`?C-ys{sOTfT&aj(*ec*%$@AP~O8eC}>~X5nuS z<~O1ddc;UHaj!D)_XArL7*fPRfRm?yNJBrs?(Q=KVB26UB|9Be+yCbn$iH1(bKndc zk#V=qu7M3={2cWH-Fm-mFD@w0siHUjjf50vaa3i_03viB| zu5-3ycm1gUM>5=PA!2IYNNj{2qb|Uu{~Hk4KwV7~KyXJq5xcV!c~pSht+S`&=~_Xa zPz01@uewh)f?r{ov*$RcdKLuim82fEk1~x;19Mf3m>K`Bqn`GZc1mH$hOno*vV+8n z(umHx?*FASWOdSpg`D10KYU5z194-3Dw7V8y;sz7VqfNhE>BOcJwsepfQ?La01BMi z@5BX7g?&D{`i^9O(&o|>1C$5MYR6eFIQGJ@ZVS>Ph(3i>Jb zL<>>hmpGq3U*g~Gga5s9aP-8iQI>!vw{o_0_i(d%?nM0LVs1|^BtR}ePW&JxMb58n z``psb*+$35)rwq*oL|Ak(Zx;M^|^%=IlrP6+|I&EOZh%I{{v5F3lBRN=hG_x_vQcU zfQ|dl?VQOCL92q~#^n53&z)_o{`Zym)Bk=}5Fq}>CnzW;Dk3HzO8h7)E-EA@a{5tR zKv+UZP?T6-LGWKeA;G(#fG{X1L@ag}w8SR_s@@eB7b2F^0By_25XbD|X6b%fN8tbd ziHM4e3kwT@8Ug~mfUJ=_;kudHjIf_qmRFE@VecR9OjJ)&;X6=D2q z>~cghULRB!Ldj3zwSP;*(fbcp$%PRIIejs?7V_Na3&UvpZa=c*<(D6eR|5|Ra6o4Sx|4OEf;~k3R+iZ z>BJKYeeS{skIREXk@wX12&MlD$+1lrpMLr)O-pP_jRnmD1(ir#(jPe;Mm3)srtq|Y z?YnFQ1XV6Pv{d}pw~!>B1nPYM6e;1q3^REqR9#373|Ge``cHnXFw*m(Ma z^igz*G7eJY^R)*oSdJ;=G>+^Zwy<_;#APS^p@bb@iAGVzp4)V!0@D#{U-;V4bm_ z?0N3^z1JXE30Zzyb8kQeZg;3-Y#~T)>(vuNIX~VRf27Vs4;b)Ukm`Q(uqos1Fp9s5 zfLrf~U(xqF9#%(cA6I}LnF7Nm_eYM}zXW$yVo&RzXX@KYb%}mP0oZrUm0f7^@9{TS zQmr{4gJ{WXu3Z#+rTMMXmS1-UydRw(yZ9d@XE3L9^sTwllr7Wo4w$=;=4D@5b^j}9 z^*eN64B!2b-)z^#=^IozPAfj-Av-zSK^mY5V}zi0pR-E({dru{%JsPZgCKEdJZipXIDUVLVI8W>TMk8u)Jtvnm&V&1h8OUJN zn?_6WmYf+ppg3D|jOUCAY?K zIW;P^e2pCE7*{S(8r%gxgBs87)Y2LSR48Sn@8T4HD7!HRmj_g!sk(?vuw4Jd=a#g} z3@A>AP;`zn%}Js?Og~Tu-??T-9`2e(yq##Eg&^C%BjyQHBuGQUeV`Y1OZ0EV6K=U# zZ3jZo?;2C`{#mcpb7vvBp${rCxTd`@sc{q!1pRlt=;;E%(dqk52=eCUuPpG|4=4gX zn_*IX&a4kmWPLlkp)Cx?S!vxVb<%G~Cde7PLR36Ky<@cKk?5PBeh7i5cLY_%%9$0= zZ}vn0&m_~Rolx78Z90y<-hLzrC_U)Z*8J3~m?QTlk+W4QEI7R|mdu|qg|}b^zaF!? z#0)>8ZZq0Yof8dSVIhH%t8Z3*U=HSiD+Vh2 z_b98fU5238U%Xla(XH&~kX#B-tGsIX_cM^(eYGRT;pkT0*47TwZ!HI}Drlh~uUA?G zM0K!he}1Qe>3fF2D`>TQfXL>xys<;kt?ClU-F*IKK^EFOZJ>d)S1;DMLDyGS&pB#Q zw|+Js)DQr&IUlKNIy)|3zuIhWAsdYHIvPtAjAVO++S2*SuD;W zkqn6S&zBko$UzJA#uc-&In2o7Zqt?&O-<4WV)a*7kfDKC*3a5Bhr2tWW@yV8H!w0q z5w+4I`s9#Q?-U9Bf#|b<@zxZ*_gsDkbux#Nl0qj{&KV|)HNhKt0-K03;>7$^OI;i_ zqw_P6q>TX9 z(pe1jIV1ZMdAks_OvQH8-g4v51>O^u^^2fP zRA^!O!ku_tK4r-(4ZYs#6J?V0+a%D5J5w%UL@YN|Y`Xnwlvhg?#Tn>#W)16c-P1l! zaUNUVGFShqk?uBG2x@!~yowlGd)kr``L_L1v`c&Lhy(&iHTI?o!C26Ui*t+So0XJB z%6j9e^yZ-7>TDET=rU3_raU4Bgc1qTP*!IrA&b@|8MzxU5PW0mbq9b-tfZooQ|c~A44uQg9H&G28CsG zMZgK^9@#WS>1vFKGox zj`0Uw72&Nlh5HQlxsUs}6B#7uVJxPJHpP`R-jZd>X`lTb5r9`8;{rum=$y+ zl*g%{p#MZ8(9_7pwG2rlC6+Zu;D;AhWr75v8Br8GM*NDNMcZtC3|z~-0M{VuTG(wV zD*_Kzpa|pR9vE%ca*?i z{UKbPsG05cT~SM5Wh0HKe}Ck2^&~?^)wZQiXF;dq`;KfOvoe=E?2rV@S|k(r(`c|!P$8pC zj-5Ol1rX?E`JU`Z^aoxAgC6K!ZxpI{@){I0!b@L;c&;Y-4vrI& z{r+yZDJ7LpAH@wp*aj|2oQnh5<>23A=@*;oK40V!QotY1}&JQh|7gn7DSmwYpz6#;HUz*Co zSJAPZb*K^7C=Njv4)we7V#ec0Hd|Fo{$!qY!A)vtqu=cC&-AoC>W@*le>kDYRIzUs zbsK`hm$_{Sci1WpM#awl5WBI?P6DY+K9Rsp@W&TFzrD~ek#wP)2Mm_v;`}P%k>q8E z5heQB#*v)P_4=}NP!M}UHh~GNQqst9NZa9gUU6-;^n@YQJ{e9)gkx)L&!fZp zWjF#XQr&)dOMS`9=XzkFSmQrzsgz{U#)OK*v8k->!bl7gFR5E3=o z-5?(~deDS8I9n0D!9=61)s!d;LIi@?>~qp^{nfXgc){ETFJXDp z85X3&i3`K4ZnUXy&8-*mzlu6C?Zly=(6TB$z&9jA^bXHWC+$oolPrn#vnm(Y4J0pz zo(NzCFE70Lu<&L&HX1CQ^-n|aL;k%k9?XAkvo0vzfboH~O3s-5xXK$BwNQH5k^X%( zEr4(@mI_x7riZD%t77s47M2lB{UT}2W3xDq6h}ix?Q6+*} zn**rXQr$s9Bb+PnK=Qxe$sR_@G!yK;=EM+dHEw=+{^+;INL^rCa z1@EH##9#p7fF=E-1`nDL;*0qCHqywr&O;om`$a9XvM1%X9Wyr{vO|#6ul+O}zfzfG z&Fp4xM&}PFt81W#zV!-j&FN)1N0uma61nl%g z|Ne|s8xC8CJ8!>{F0}pKwi+Ecp=PpMIo%)tG2 zJhF?WwN2Fp=dv#w;W!=%CfPM({{-iB@)ZRmgWuokR4mlGPa3(vZUN5$kRW$a8j)=x zne4A9BgpH0C*~0=i|fIEB&T>C1;m zOO+eR3=J1>Gi8#Be7ws@E0Z3{oFn10OmXg+A>b7J&p1?YRHh{# zVEQkwsvhnUuC9103s=zo4minl?_I1ovv}qVbh$>i3%|*^g1V_my*2ixv+kh$D9Q>j z2%9>)(2nWPq^-fdg$~Jw3*9UJfcR_+hiRyc*K40(v5)=^F88T7egCANQ`q9a7PX=A8Gg4jn(#&hE|VQG2ln|X~}+^$?5l@e}SI1YwBxD856QO*QGLP z4kCqElvtf?Y&Vg6ZJ^u{9WgXd$60I zr^u+z0VqG`(?4BXYUrFohK^5jVOl*PSgylOd$Al?3>EZF*BH$AxA41v=9Ow4r}%F& z=VQuvr-!=PC?Qr%Mh{LM-MmSL{Q41N*zRIFZxnn58F1`%4$AGg&wfm(Ky1sxLig4g zKfHPW2p2l?BJMATIwaSKE3_m?rbBD~Q-f0u<4zA&7Pc1_nhnIj!r^#OA+(vP(}2o9 z!j(Gs-E=GQA#}Cz+y%Dq->j_-+45`cIh_#;IKv%dOLfVRC>?ALn8l5jSe#S231aqv zrHW)oScu|Ujm3X+Cl2?ZpnS{z!${k)D1onj9@gluX(}d8Tj!zQNt=r{2xW~~jH}sI zShYeyE$>OS>jnT*=k96TUYa&XH(IYf6&^FhO9jc06t$*+pV8TZ z>$OkLK(V7h36xROn%0X;-86C3d?xsuis%G%RmuB>@~{sb{FT)SZ0ccWwI)wnvP%y_ zFYKrh2f+h3n%tcJQrj5~r|5qb9tX_1uPLIfeMJA9YpVy~DErXMx`g0PfXO3Xh0})0 zycH2+?W<;n}Etp8YzH-1KWAAILxHZ=wpHPGT+{*w;k?F96S3&kma$XTZzz+j2|&_SkwEv<1g7f zF&_a|?}m@LgcsPy2G*|#h3<>DkS_PUqI;<8c%(_7%N5VM@TeLEyU5PjAY2n)BV5Y- zQJLZh5#f!AfM-49+0_oZmJ?gNWLm<0&Ve*f|<_T zNO#noMp}KMm-XGJhkN^Fj>Zb|*QVwkjZ-lAPu+Pk`mWO=6F3us&OWUqBpffEDD6lb z-VB$-gE9o%l;^CW>9pF6(4sN>e8ey`_KBZR#n9%Xd`!P6;aBp z`jzVPSjOm!+io=bO2!^vz^bH@aQyHn^A{ES3uD+D@A3mdtO9{QH^1^G^!qzEs*vSt z;1>5(u#;NTZilx-$GL=T2|5VU%G%FP!+F&xR9K7EGE>RhwSM>Jn~%(_UEwB$Ee1v47a>Q9vZPwThSR=L_ChWL=+fZ|~KgBK-93B@g{%SKi!9D^CdM%Z7 z)IZa{rj6{!ekQnwB;uNXCOK3A3(?>n4_dZ>85}hIN=38Sg{u3Hf0W?W^%DWgcdv%B zNm$*fc$Q?Fm>NY5Gdg9|W-nd1gbBay0D22sFl0Zraoj!Pp@zxkfcw2lXJ0ehr2I(* zGa9sU{x+KMK$6Zg|B~;AW{aRzQzXN+u!BTrMrtVDNN8sq)@Nz=;tAuGY< zEhMju6iHAt3z&iIN>559i4AYg=8jvne}%gDkT2RbAh`||_G5m#(3y9i9MH-_`s)SB z1Ei|*+k$gvAx1tPKfF+rXLG&_Ea``-Cy!8?{~i1_s=9Y=9xbJ979`MTPXnI=LKbs` z!#y=O1G|&hEA48_2F@)MUqq%Ye$~8!g0A-JRRUUIzI>*KLM;?Xu3cB$JQDr|PLDV{Om-h5D>kjbi8 zTKO*dnKGO0*B77xFW`q2=g{u@y}}qcX~)_qC( zJSeT0U2J_}YLLGMjjA^_PGfN^unZq`Zl>Te!zXwxcdd z$AaU^_^)20juh&V0TSuEd6ARu)5Y@j>`7;i;Q6EY51V~*@|M^oO=)76pFTFl;xc>C z)LLI;N_La5@E*p!uv!yQ(@zvZcjFnKJXfL4*t~~(h$`OzB}@HVY?<%jslK~;+}kz%w_Ck!T1AErR`{L6@7Mt}uP+2p z*IhBwpLmd<7K;1*TJeAyX)U)n$AEWoQ?^yOS@N$ z>-FL*37N@8?H-RX)M}lPdlfjGaZtV&tfs3xiwWd}p;o`oWSU0F>Ssi*K8rjD30ZxL z#ig$5%UbFAQFi=T9*$zL?{)fMYc%)bW1>nC#$y` zYz=SuDUuUCl*wClX}AxG`YUB946nl8ErxxxIhoS;r}MAF2V}N4FF@u3v`#Z916Q>H z%T+)!k!krIFKk8dOjit-um-Rl{fjLL^qK~!zCBmR?C&8fW|x0sv|C@(H!(w5%*Okk z0C&)*y&&9bfA3#8(Y{nYluS75$|Y0))UxGZrY0ZpRYBK+?i_>_)=7!TYhRe~uN!~j6(PB|96+OL z$JQNkZ%KBo6fZF}sFwB0ZN-_K;NA&IQ0&SmXbm^a^{ zP|sCk=5-VkbDrxK(4hgq-NPCe!qbm8UB&EhNiUu`|6z0@aqX@FO>(6NKTp2m*3$Gi z1o0K6ZTVU3)~3hC{#-R~>R{T9kQ!?;9Ngl*J^(@dj`3B5h+RWX&gS7SAs3Ei+Zd2h z^<}&K8ncaBJhh7WX#&z31VEk&-|NR)`N8%Rb+5C{J+th`8}}<(&(!zL$`Vet`G++a z1k%?D=4TE#=ig95U*zAo9c2zjd|8hu7rroj>~Nb)WDGA9gxKznL(nS7@e0U(B^Xfr zM*O@00R3`S8t!h)`~@L&^bBs|1@G3Al_{2qDfvypalwpiBxgRCvm$?K9zsIma*wIWl_)0#X)QQq&mNO6q^E-R52aU>N?rJI+T#xnM zOndLy4$OR>8xzR^2T8t5s4+M*Veb%6NZntNBl$ut!IOvorj14nL|Z&MhhR)~EPiLs ze!O5o!F`r?=U|8hAM6GZ3NZix7uOoSKR|qU-pv*br~s~pa7yILNF?w(dnn==$Bqefa%xq|Sv5D-dk@FHf&+i`M(E^4qsWgF&bU_iP6H4MR@&Q=_;e!|r*%FEia&wwHTWb8K8tgq}|8`Uq7{BJ!CA2y!Xb0aF(< zp8Z;o4a7|TBsd^%Vy~twiC=0Mp_<_x@;C-ySB|5(+!9gaj?X#b+ftScVbD$IJ{TH% zU#(5ada0)@`XMAY?r9QVg-RV-_DqXRv+H;)#2xGI?}-zxs~w|GaSbGb`(%&BooK>& zUt@`k-+kpZ4huuw>2L}wFOBuPBtdk?+I@I26QH3C1)djYUOXr$B|pBs$DAxBs9slm zs^Okl%}j@rE&biAVZdmF6#@BaXGVU?<@Hz4IZzQM^CAG^o>XdXQx^zp?8;*=Xc5lHd93^s!Dn%^ZUO# zm0T#2>z%0osh7F`2nrg7_n;B#lChR);r@>f=<_#QIQ%cJj5z*6tp3QW1xyaQB!{=pT`^cs*VJ>~A7Ft_gBxoQ3K^RNoy1z%v8IE5x=u-Kz8Nz? zHQ#~9)n2v-ExSbG=81~E*RwIQW#H3f9V^-W+ueX%9faTZy3vIDl9!nPsMm$F??!o< zA1R;dfnG6l9&eh`Lj%7o^CqXW;9T&xZ6;~uocuy`>+H;yzQ9#k-te5S=yAq1h^8ch z|Dl^zngv`*!{YN~OQ+V`B=^yV&WCBEhN{ZhiqOX6yvfXIV2i+ETN3$?)FaZ`Jh&In zy`i%xb`rm-^*(IH9Qfmb`|4t{VIYQoi>Bv|8w^)r)JYu*+XwM^4NEa%d>(fAIQc;H zc>`)erd{yhbH>+Kvg+@x4P6Mgi?Elilik#ypgNA*w1leh?7xP# zPS?Jqbq357%+%kRo}r3x$!6b7hy5{1iY+t9sz+=d<+HM z4xL}^e^Kn>nHGLs6oGztzE353uDR3c{U`>7g^!N*=74;V1;8&M%T9$NR^toWvq==2 z8-x+xum|WYz>Cq{1HfXw9Euf7J}WStQAz(+c}>xo@#&M!(CfE=`vzN`hVKAQ*NKkv z7su6@Zj8PCe(PJl4ezgG>rbzkiPna4-Xx13{_9oVFbdS+?G=uchLQ#fvtR&W9a2b}a)`86C+-y)0fHA4r1U`f4_yMs|}#j{~B#7_Z9T{9e!%$K1#a zaW!zU6F`(#F?(=c9FXBmhL`iA5YZ(jl@!4D&s`gwD{{FAC4{EaBnS&SyIlyCp zUc1>mVOfz4afx%m);$i&B#{1&`3zyZM?vq>R9(UFiZBdOb8E9F-{$~fAX-t#d;z3v zjjD4WPG6}rS&!_!9Xgk}IJ^=nVtTd;X7gP(eaIOy8{V&z#9#X!ZNIG)=Q-e?eZ}N@ zmWW&vNszSk{3_VXEmvC(lMtKGmm5boempyi%wx=qtsRrO0Cla{*3ZfE3z-3h>Y1`PQM~EtBUl+#*SLJ= zPz+Pn1HS{k=Y<4m83__Ob1+>42UcD+WObMR3jY{An7tGS)%Y_sIGjW@ z6}ba9>kA3)0z!UAsm8BolOdd=FvA}v!t8D!r6|T@?mk?SsTBm#{DCkJ3zXluGGaNp zp*?rAcZEtZF*f=;=kq3vR3^X?Ce8D!)0Px_XqLk3gV8zJgM~FWcNX*&pN#BYeI80k zSjtKNVR|0=FVDZb{OxOm=3}T)}1SKmSI#Z$R4vO{fF4QV*U1OE>` zJ;#c$tpTN9<0{f#u$~L&W@BFZ&pGeMAvvM2Z_mP{5xYC7buS(qH<>%lb-EasaauWG z)~b9aTu+E2p6gyh)kxbF!^8xY=dwdbx?%7s%ckAl7{vI`ZYIgHN{lNsP`m54NBFgT z#dlrUbU3hJ_u5k7Q3AcT3-?tigOf}`Wa5;R-PFn5L;?IEqRs6Zw9%y_am-TVdCmRh z&-Y+(PJT^?`)Vszn>ycrn@vY~5y}y7=`-gn?CJ@cG+z)ydsfgF9uR|S!d%>~7CKI+ znw}_M;MBh^*LChnEIE zP1-bKyd&3fql9}QAa}>JnYxtWm~t^#r6s|@`vw}ZOT(0zRrJG1C<*>Wox)IkMG&)g zyU>9&hyZ_xM(}i{o?JRio!d<~XERWDRDw>k`@GV|SGJtgnaNh}Vz8zhJ4yy25|r`V zs?&dEnvc;9s42Zc7oVIe5JY5+G@3=p1doBgK0cTsy_by4+RW3H=QAQWTCPddPR7cfUiNoXd z>e2{=yleHk@$`#{hUZNiB8d67bO=}9bjY+rXOQ-)#l z^BiYd6O^u#2=5Bi6=$QT2Oz6h2LpN@# z0=woZd-sZ`(KD`l|3PKw+cpG!tV+hDul``W$n+~Xg(jIOr>~j9YGOJ!KDT1!93&FJ zWkU$Ss@#qqCVPErS=49$v1C||V$Ai3i7aiVjornYAS1RzYmbn}-1#US7BeoWNTVYF z&!<2sJMI4+EBn5W7h#5~?V93o>weX@e5~~6bR|RH9l7aJJtXfx**78@D^6t82pP3j zdL78N%&l+wGo0zV(ss4g zX^y5E@=qF<|0S@pff$hs{kG`?R^BXT&b-xi*ZG5MNNwy@MsnS9Y6r3>sfYbdAaBCh zPeTur>DjOZWvQF4W^PSHsGr6Q$h$`xB$WhjM)N-UcrbJFqQ9fhaS;mgej0&mtN;PI z&z+5MikjpFKag6efJnb?nYnF_3~1dY)PuAsyg&D`rk(QT_IMSO6~&zM(P@Y<-Wz}a z8c1XrA{sGK!0ka(-V7)OV*1Ze#zpEnJ5R4qG@5keSj-0nHc44*b-Q##m_u@Y?GK55 zTopPp=P1kluo(%&B}`bFmo3>7q2HQMLOJVTHbgT>YNUsjK*f(L%bU)7>$lKF1OFMu zvjU;&oAh%svamA5Fa(x~+XfN3e==P4xBF75EG9L|)?9ziAVAr#zcdNcSB**Vogk4* zrFuw2&hJKy>IE*C$=shm1}TBPA{c7Sf4cr_@U)BneQ{Xtp(b>P{;GT4A@z3Yfh+%v z`OoqE#@-J4?@u9VKIV6HPxVZiL0c<{J!nEPoDF;RPFTrbOdw`fxs}?t0P7EL(YjA7 z4CLc?ajV@j1 za>cy4o4Wb;vq$aayAZgFV>1Kg+vpA(5_PFhdv$Xa7S{$Z!8mp&F%JDX%aY3pvH^qM zb?4!~CosBhKCAQ%du!Li=jZiEH>sI(%imt+ZbJI_4Ox;PdZ&ac)Np|n&w^8_4I!;8 zbgUpzvd%Sidg-P zTV)`-dV!A~Zw)aP!`@h~XWjau)o#Sh5bR(5X zDs^xa?b4>;Q>>+Jswdq8sh>erGC*0?kgAU7cV@okW7Y{cem79V{E2@{0(lWZ>!ULF zl?ts^v=0IUErn|%lSS{?rp14_`O%JHRJox48X%H&Bc_BX30M8^Sb@-# ziX#()&-Lg@L$MTCjjjZXKkccqpkkz z;qrY1d7sZ7=QuHS-0RiEj!gZPMswi{PepsRz2 zq=jG{tuj>oBc266WCRGPj-2?r?i=R9l2&eTt-a++!-Bx|55l7l>zE$0UWU+5`tWpY z{MWqc^keoCOTAZqdl$(r`zV_lX5LlF-2aIn)4VDS4KxBvqv>7oXrfv$z;uUxA)g+> zC@uDr8P++jzV)KY!G8E%M=!@zR;j;M-mtb2IuKyJFsH9cj2G+hF|}MTNu4_Bc3kWuI|LF*=21In{qI2`+N@mR+;ZiXWEk1 z7Rm-=AdFaXvS0V3L04XXt6aM*J=0&M4|~1si{TRor<&zM2EU#J?wS6IZo3$BH)+2- z)U+`D$-?%}u~dF|B%QZ6<@4%=ve;gT*?6<*Ilme+sY;XPhB@WA#t3w+iS#d*K+pB} zpGXICTC}!YYGp5$PfC|JEXO{GJo988-+(z%T6=1-`FO42@YT0Mlzsb|FAhn0JHUe& zhIpkgo)j$WC;-3wUD2n3MG|i)XtL&Hqc%oji_zjf&U7G~DY$~{Xl2(eSFWK|J7W~K zY72f!$m-y&a6Tiq5&~py7aXobpO*O8yD6VpU1|V3e#xWhoy~3Ni(yQHFG71f+j~XS zR%Q!fDRKFkN;nWHiT!=+l7J~-ajnSjZ@a#pU$O~+Cjxxxu4#`EM6wzyFk z3eE@cTUuo{EF#k__5wEqord*}ELbpnmB)+I<1%|#kVW_*9%rh1IawG%$f8FgdaG9U zdQepnu(TSp_9e6?(#RCUFkADvbDsf$E!77RdwWTs>Z0^aWiL0ZX@z&nUUbnbr<4XM zJcWgIh9fakdy2m*wrla_OW{IAmnop>-h|N;l=?0v?G}Bk>aMg4sh_ydEPxI>63Y<2c z^7zd%aU>+JIYAe7mU$rr$n~e_qr6N^+=Tf;}w$ zFk9=v#~Q)Gq>-$1mPINxu(3NM`W?o(`?Is?rY&?}ofnT=>HngeTG}AbI>Gk!`L4)x zRrE&jaqW*sg|>QmLn2+iV+=!B=yN4dkf>Xq7hgxfpSCDZ*x=;n#2d`~&F@V={L8Q( z>Ob=1tu(S@YJ)#>v5x-B#d$44-6a;vUc-erFekVe7$T?HDs{YMJ)?VQQqebu&@L2Y zqwNWBg=e?MLx|mY-dC2F?H2q>!uyc=NPL<9LK4YN?bfx*7-zj-Xsv&mPUgtC8(-cN z5+dBgwbxV-7puwS3|2U;x$Fn&UwQ>7y{5W7@b@rl810oenc^ft_S28hsNEcoj^xb8 zC+6cWmBV7?*4}!@{wvC`-6@;Ei$#aS&ChvRg6Js|DiMCett`UQEE7Y{#wjarM`|e< z%hENY(K2*qUrr8)+5W#vx3!L3ye>_D>~y+A;`8@2&aI_2c5nFEtIaO!iMWIO3F9`} zNCcn65VhP&V0LHlcemI%>j$Hne9B`WakBhv zVkN;xZM5mK#M>pUDFLSg@yq>reMM@akO8d4*v51#dYq-jEiyHXav;Xj~Po8&^HyV_bD~>&;t#93-@5qbyT=PW_)Qvt z8LgG;x&?P*Gi^TEd@<>f=4fb_`)-$FGX$|=9e@Xb7G13y)9@$b$1yw4n8nDNsx0#4 z;g7Wz2=E?3O1@P@6Wz7zyR^vZhSH6ClxMX=7*j(l+a8fIjg*VdktFh*{PqPysbV) zq7oXVwZ}3@S8Ed8?>0=FT`$ zqyqM8&hbK90jCAJsiQR$HhQ#saZPcg+9Iqks+RP3vDTiK&GNzI!}&?^-G+D%YGd;J z!kac6M+6%Dr=}TSQWb-M+h5zRWwM9++cLsANR(n1IM!gyzICO)z0cSCodb6)p9;5YaL_i!(c zHd=#2Mq)sJmHjZ%lXMkTJ)3VlErRb6nf?T)scEP*uH+cPZjB56+Hc(jFQUN{KZrW_G4e?nWkh2;}&cJM7=Jj&FmOThK-A=+k&+2fg%*u+F`NHLloBw z_0cj%Ll^UjW*sJ-)awIOIpLZM!EwRtFO@H50NX($MO$W(zsMLVIZ7pV%uU>Erh=n} zxsS_#7FhTVA2NV5pJ@93HdBK>|9sMoKZlirJ@at9CKqb@gCYK`u9R`Xc&V(@;`ohj zRYVF^P%y~3uAU9cUm4F<7++N1R<|d+^y4khqw(O{)B!43^-aunS}|_ZY~*ZE6DWFe z>}9EY9nCxCbi+)nCOFL5bgl|cvF^L(?;vRde|)xzBW;^3>#1~x`iY*TyZN7OO=KFJ zqSS}(iHXu?Pe*M}gTS+q7i$(nB;b7F<3%IGM-1a)yKyi50>-xW`l&Imf&!>v>sQvN zD^bgszH(Y-l6sEy`8EO%18jO{O=d+&Y3BS0UH`esEBZr?Ua280Pn*&Y$BqZez5Jkz z2`&xdwDA(@LslrYiaF z>M9R2`KRUi$}X`GosgiiW*5mJ#{$NEY1*y^9~lOSCH?`vJPl1cm2u@w!ho!Qri71m zhLtYJ@rL#!T{eeLr{m~*o@JGl%uK2VPo(73EuH0rl9y_E-Qpr%uAQy*v{~D z$#WK;bXkra-&c#UdT>-)%*xbGhB=Nk4Apk#rAv~iWV;m-46$;TU%<8m51Z6-9Tw)$ zWrwY?Cg(TU-#m5bE2R_AaH=CU`|iYzEAU)*MZH1XQfG>051?kp(VShaJ@T-FTe&HBDiCmWo z_i=#(X526oW~1ula1#H@S5^J(BdxnWL()M3?|(N0AwWVxqiE0$4>fKjGbygx3zwC4k(j?*U#E={M3djIY;QN{_hS;VYkXj_JCx#pkIKtvA*aaHSiw7b!~h%H$dlEElDnpwX|k?g9fXWw6&VHfsWo8z)FlHRqC-0#=Dm+7 z^Cy}`oma=T=DxPFeb#lPG%;&hd;QDFH!m*OtlMuhdZC?Kyqv^L3mU#!tF<1?vW5hR z##Rb-L95+XFJ@2=ZJNk-@3ghN8{k=2iXQiFii-Hk$7t(y?F&32(&LPZiCur@d>qDD znAhn#`GB9xu8|P~w$`M|MQFZ;gUQZ;OzD%yykXi;s52fvSVf@5%I(xhMKq_31joX< z>Js1HbFRer$~XT=Tqf}}vTFJRRWB8tZoP5+x|pbOUglDR2BM~ohQmOjYW-3EVtR&S z-8j~KQvN?yhr|dp!cdaRCQWII~pd# z<_WaPj_Hu1JlogW)eMU3@pN5Qx!~w12EMq+@3&AnrLz}DC<8V57$I&k1Fn1oJO|#uPk^jWMl6v zJ(IFbS-;s^~d7i3(yGr|;9^NWCI z6nXI{wq3vEVix7`HQrs8sUVf?7ZRC%Na;td2L<0e%CaBuAKWTAF8<>;G%S92KvfLA zlh$56p#Ed{?I-ds2cC(^rT#wew{wV;gArG;K2xN-Uj?L+9KCJ6hXNL+Pbe(Y0kJ6E zGm<({)RY^LDNRe6_RE<5r!~?Fx~3%T=Am`^DwbVRwqolCn|)*C0Yc zk|t&~-01WFL(x^oHPwY-Iz+m=Q$iY~l}>4plJ1ZgATgv%kd%;8K)SoT8>B}Ij_%&} z-S5Bsww>LbbMJZMdEe(b>%Y2WI}15NnTQ4X;9VnSqwjCcbJ!ad+L0al-*Lj4y_c2k zeDrX?&je~`PUx3BN9^O2@BX#aLv5fA5#a_R+zJrG2KLy(i8O5V*-}%S0)d99PKJ*z zmjA#+QGT2cR7oBB*|!Vx7K8k`ZoD)Hv&b^{pGdsrB5RmeNI0+YvxZFO6VO7M+W@?B zb;ZT+R>(JbDWT8Atk;-0V!!%bqa*}R)&ws+R_3IQc+sMHJJ++j66;oVtOP`Y6ew({ z3g29uV5T4in^6Z?&m(r#Xt&Q;K_hoAp=&lVuUU_UclB&00PoJ$j9SsVEJy%BXslf$Y@%l&XZ zNZ@9Pxs4=~19p)`%>Hf-aC!^VeP&47L40`D1*sr6%;^50?#urFgRGeDRhG73}%jI*Y!hkYFRI@(SBlt`2@&21lcq|?^Fjphd z!D9sI#>4%@%lLe#b;R}{yLyTrn_x=0z~Js_BKVd~z4-}tTTTsFvI1^V?i=^6dKXbT zd~|(qu~YCthK>khhQXup6?L(h62Mp`yvhzRy!z1%$4nw!n?*X;fEMOGwee8|+Aw~! z{;H(%0w`9_maH%6;zeQDLFPPH1Tti=g zi!Lm0p02yH+_G5ibESM4~sxRhKE^f}pzHhEkSCu3+HTKA(y0>-N=!wMimjh;9sU zG)|Eem{IipMj#fp7&fBWVt6Z^gA>hl=VO@DMRe@>i{|~HwTH45NAa2z8^8oQQ&$@) zK-eEyA{wV+zaI9z(g-AMRput4&)grsiwe4khn5SfDDEbPl|T|`JCJgH%mM1%06$b> z3O!JS*gxfl&Uq#8tD+R^Y{Q0+q0a1mzjr$fP+izdAr6U+nCnNZg$iqUdkO^@zbYb> zpcvu}h~G$gBX0Omy5=Jv1hfUGCu3oRxW54s&Z0gpdhs7p9-MV6V^77DLwLsx2Fugl zT~FMGXmk_Jer%zREi@4wUna5v{4(7a14i2VRgeLnC(``(E?p(akdl4~&f-b#|F3kU zVI$8k>|(?%08&+iUxB3a>zCfy?@EQ3H2Ap?*Taz@RrdK0+;*|#7n+S8=hLtd_;cRi z_CR$lsazW&XM-5#X|;J$AUFAE2g|F7VLa<2(0()M|2CEL;ZF^K9m^1rfjMl)L{nJ3MT z-?KE~Z^V1Ry~#P-VtitY8;@#8!B8O3UnbYIurF?LFqHnXt9LK~PWjTpcUW9-pMA!U zT0|0R&HSM>b!NsOh4?#i;jlmd6T5&Bn4(u;l%I7#0B3C>6o48k65W=D;VQ3(B@ClQ#$)UxU|1OZn1C7fbqOc zI*q9Sf>ZR~%cF~dGfxiBjC&0|7J&;3SDuI@iD5d+JT6Hc)qGvgN_tQgPhbT%CA!Pr@|0tJ|Bh(m7SLxT4KE zwLd87Pb^)<_He&wZc0=^V({SwxWP^ZiBH}+{Ex$z`Ok0LxVSKFkM=7dCqlxQsEArq z11}zCllNaLIC8G+Vc%NkLHNF2!|}?!w~znouenkGH3Th8*gOq?X#1$YH*_m?2B@AC zDivhFNvFO;V~@hgT@#xktIEBLm}5Evz8fxQbbk-+GMqUCWr}McD>u&#fIAuw-_84l z#6X%pTm`B2J5)G!VMbg%V4NKLs7xipGq*M@ez^lKbvBUA1o!M^1>E#TQ4^WWF2IZWq^c@GezSGNSL;M zrRg9Fd^Tff95D$aRA_Zq`BS|EgaV0Z^2GCL2kIGBwm-d)%|egzr%F5o)Cv~YA7$s> zFEx5)5AP3rQQ5BP5*G+J6F5*=!cm1Gfb4LUk9ZD9L6P2aNj*v2*TTeB-c9V*@7b(` zdRgRJgT;ly%{-yK>>&xn?Cp@Rm>QT29tNvdOF#*d2WGxtBkpx;J@#`X6ZBH!W?x~b zAvGej3gS#->|v_dwl-pH}^M@{j3cqLFQ3*vBwNSkv^2`92DMN@{sB z!Liv;<$r3=qB5rfUF)jOgdd_izcm8YXS{u_+EGF)Ppnq9OehGUkDoZt`pm)_$(jy$c`uV^(WFH)d|G|ClERO+Q}Zfg~8NJO_`@9%pWF z`m1tYgY4(Nk_^{(v}_FpXR8Ps;%;eH}B}JA#;%75}#olfD{1M zRLOaDUO^$7*na~Y9!mYbSHBp|Kf3?L{EhX%In47^JwN`uIQmiWx9o;4m zzzlm*uu7jo!0h_!Pr$DL8oQIZjiET&6?aQD&D-%%-Plx_wh6y1++a>El=aqDOtw@~ z`Y7rzshl}izjNf)JPRdaVWVFeqtj0g6BwucK^41dqOnrIu|kmR_6;6U6rG`JDX@kyNFDO|5#nVEC<5 zuyeD5XD6UHlc}3^ucghCfVmb|U@!l|z&(RwK2X%4oZKg%%WWqU0>R0~bCHZrgo3&O zo?2beZ@ts$QWTF9s>UZVf9A`Lof9H*JwCY087PVlpe@CIj} z2;^)}*^}mMk3Ya-gz?c*+Q7Bb(i6k=$Fsxfg(x(@K}RfK3>SF$j83u7<3QBn!@@^<@MTWJ#it3+QMOAOnh}ok(S2s(V z%Oiczo4=xMRi*+wzL{A7dGc8UW=|tKuG98EYeNQVbWEP}z2b-I=Uipu4b&w13yVLT zD(ZR9s(0a#`hx334HT+J;Fs+i2jYq^mYZ#El%2+45d;WKj@p`r8Dw^*#7|Sw=qmgt zd0AWra|Wqs9zk z(7VCoY7h0yu8j0LEjv5FVCkzLDc~vK?Y1O{PT+T}!SyHHPlN2(j&pA$3oC~B^Y?*0 zR?mO?s0gO9r;)O81oH4i<$@FTm8kg1ACmmIOQ*rN!+K};?uG2uDRi;|BEWnFaiTX? zoqVx;1mmFPJM|;RCgeu-?~`T~m|dqRPK>1zMuqdNDP@uCTqLsrYZKa!X97;hB5jT4 zBcq48vJ+-S7c8ba8sfsp9VNuo(+$ryYl$x zKdyOe_OlOg=tCtBd@*eWvzRu(qWJ0@fTd0n}#3Va*ZpFi>z9sE)7 zAn>Q`VS`jzy?Qk7dEmwuL;g}_bvx}myqz36vV_HVW`*mS)-m!Mcr|ugHc$Q{39tEV zx4B7GTIWd0r+vT*xx+(89bvp)x6$LBda@w2>D*hY3I;Thl=pZ?KL!fW7V!K7Rex0t zU->pZLF0k4Z~=rwOO3l8)1Q~Iljau}aSGQ%q53J7=J&#V>=E28FYeYTNGhIl{9bSH zcQ@h}uqBf{DB&9~8BV|}Ov<5}g%2{Ud47JC{X&~&_Vwia;jr}Zf4&ml?QekO3ZPgO zul)rSmRicI^-dEb41LgsOL>HYV;+|5`ZQnDB^Q@-7Z0|mOrBXG9a@K>Krk!PevPESWZio6P87tuLGYu&k;mwzakb4S{0 zfv;ON{!y+vF1&;qA#vA>&x#&4uLIy&%jMwMQTsMpfkaw_ zC3=4hxo}rk&+p%_-&7w-?qydeF5?Zc&o{Q4eOqw?zwW^ax{+oD(n(5DoeB6?#ik3F zpF@%$tw`rTO14=}4>wDmOs}Yb>g2g=y9WO*$p@g28e@=wqMQe_dUUU=!<`11S0|^6 zBsh=e2PD;g2X7Lz{)ruA4om!VvN-xpm!y|#^!wzJ&;02_YRFk}>`M1kA-7ZcDyt)$ zw$-(*9+xkWsI~N&RoU6Q`#rqFrJ1^^La6~(_s~`Q2Rn0k03644V?g#nVvB88Q{gri z9INw-=PFdHZP4v5o0;e*HPH7X4J(aui>jdJwnGG*h;;~kz`6{sdH$>=LBdBWBZ94O z_{%u(L#@c$N2gicW@=jqn!s5@20XLXZ8qH>jrgI2HnMtx+35Wzt}#L$zdP>=jjB_S zh|v7qLZB!OUc7oX;ShYSfzdKH?q>paLZ-_ohF0~-y@5R@-#1F2M;$*D6+D#HP2;YC z`7UN3Y~O%-q4(O$Q}d*;#14??@@_Y{!4%ZITM$=BCyj;5P@s)_83n1m81#ZqV3vl0 zIHb8q*x?eKJwzG>M&q|QkSajv$!=51M@iSaQS@^I@YA&$Ar$Z`! zP-wFjc#N@EPf8xuo);sRE^c-0zSsg9jykoQ+e;Q_VqiL|ckjM4(QgD^^k;*!wbz0x zrHFeo7SXjknqO}t!+qk{!nDB1@pIYp_7YCJD--G`f*R9iLvXmji z%`oI;r-=vCz2)OIt4eL@o%b^>keI-kbayS7UDsm^!ZI@xps*=eWBiI2yCU;Uoo*bX z&vWm~68MD$XsxXn`RvF(ru4IlT3R*@4ITV8kI%6U;+Wiff54=wMD_b6mrjY^X|>E; zc9r-axbc$Nf_<2mv~1^Vs>X+XXZ@0qeA9tQL5Q1lsnPQlk5lv7{&zA*FGMPA>1UT~ z&8X&=m&WnWP$;B5fw&AgHFN(c?lD(wKYs%j4fMbD;l&Eflb9uKrpPmdq|YTF3_v$v z`?uT#BpO)4$WLSCRCmV0-`qcW{c*aoT`OJ8b1p>$0u<4Y2C)av$SXb+K7bqL|F!%} zN7Aj4l$s}=x^U8f8lBaxUJ|8o*0VozbG1DFEdO8EuLSHmw>M)y5m{|4yHP0Xai-1M zsZEx(gD)xEs-Gr1#EZFJVZ1mIGF@zk%&nmohs3wK0L;@>m-J~{Y&Q7tTD$yYzgr#C zb^2&qLY;U{(A>TXP3IluDG2=GM-A%Sulr;A;%f!sUe1-IrP)F`Fn2wDeTote+^>z4BViZr48XGK|?*JrwVl2214?sW&kTkk1#f zctK8;o&+^RHrw2D>%bL%dSvX&sd`+V06(9=ocif%b9hGI@ZFoQmh$U3^t)!w!6~h7 z02Mah843U{(mR3lOMX>PZ&H9qqiKcW06lF%bf?Rq;G%aNN&p^y$^fdLFX$Q8Ze!me zE+&BD#+0(kR;LYJRn4+VejhB)9jQ zuHrbWv$Pw?e81d3axB{a>{tAtsrx1il4650ZlAvf=n(w-z*~&4!OxW<6<52)D63K^ zChF|fD?=2$A$rL9hdVU?;SY>^CE-qmC2#9*8m(=$JlcC#U^P=@L}7^|Ry(5F7lP1h z(q)oX6?>mL(xkNkaNVY(sggKfUFJEDrqu?)UIHo`Jjn-j@YwxeWZ}n1NE)@VEj*&5 z-t!lAQl5dEjlSd`qIdUyHZoC8p-uCiqNUte_tI*Oj3HT7s}ewBy>gAqJ~hy3+xdk* zDXIY%*>riF7xJJtDVMXd`b);{=%MH5nqF`TG83T5wWezEk7KH9x0 zH7Q{Eb9Z1~tzUdJp;>+a6`I|a)?($fSoF$T`L)Gp5XtUO5X{a;@3`j_R z0Dj$1$g0LfQnm790>jJNO6@}# z;R6xq3U_`vEq$3u!xyR{b~6t*wY!{rCyq6-m0vr;y9tNPayEqofiV571$#6#BSFHA zFekI%`Wkz+J0C~^O>o82H`9ZG*CAC$8bC zebS}d5U@ED-RG;86yMLTV>%32tk>Xhcy0NKD}!`6gu=i~rT1k|J5)se(d3MqNp z_v8G`nw&m$fD$<({46jSmPGqo_q`%B;S<(-0SJbr`HaKy*JVG{_FgI}hc-gFO-9`; z^(}Ob+?|fEaddLZe_8Jz^RnF($%>Jwu;Ne1cy5+n)q(CZ-Q*45(3)teBU_=Efx;UEaya}8!OeEkd}}OxOBg&{Eli3#ohP*T$a;Gj ztjouaMMATc{-`zWt{YVY=yIYtzP6+C`l?5$7~NN&bexHLC2H|NA<*c~*U|d=7>fyC zuy?6D_BR?gz9^FKs>P~Fy&@my7f0sR+S?Hg)&dKu+{umoj19vvdunx?t=jMKKX9E; zSq0|%XXet6Q~2Fz8S_tLSvR8WGA$@2(4bw$qb|43YCWYyJG1OJJuy>voT23T4!q_S zNJ8&bM2W&dQ=!$}X26=gJcQBEqjoF@U2KlknD2JZMn3eRmR6wB9DQCQw2N}&w_B+( zS-5K>-D6WhE6DZFE`-nbqZ(PIPejwpun%hSa{@T+yS zAmbagDToHcn?K*iy4*`YSiK-iJ;V8Kw%&Tz;Ya~;S(I+~wp1e6ImWO6lY2%n{nPJ6 zH3EGQx5+PV5s8&JSlPW|pNN?gEFLmyH7C;}pPR}|rDnh)xkj@9PsVJtJ(LU7b_^G8 zWYeVvTd&gx`}o)!|9-W!Y@umvE?q4+V?nP@P;%dL?<-rwmU}8{OZRIUIGZ9jKHAuJ z>1s(6xD!2I@7PHtzx$Yv)@CEf7Skp_EP8<#Br_Sf3#y3%VP91`og!cg2Y+RJNVjC+ zx`dwCHC%|&il;-YmtKFokUaQc1-u478ZLf1Ew^S=s1cwXqgx>Apmq+Zg*fB*NP2&z z3Hg1Xe;=MtKP#OwU+7>MeS4H0H!Ic=cxCZDZ*sMGmmGwa)FUf(|6GoxW@W2?$yfn3 z1kQ%hvynbCuYa3s`B;>mbv4;eo0QP<@*S~fR|%kBNX+dVql70G}#M%hZ*%eAYE zzc6PtqrjEOyQY6})MbcGdhopqx2vwuSi)r@Gn1jluFTy;KDyadVsZ?&$Gb<}PHnV9%TqZ%`;9LD*koBZ7Xf%{ z_ejfcR-K^b-BuWleXK8^7T(En+eR(S{tV1Pa4AvvVzuP7tPNCZ;v?kJYsLz+@-RtSiSE4 z(C9yDplg|oWeKYGC!FVkfjuZk%qSLaTZ+C{SD-q0&SS~7i>tG-)%>dFbd4NQs=JA~ zdFDboZVLXS66}oC#}wIXnamMelo&()9^83#!Z z#rgsg!m1IqP`fQFLNq+fS4`k#{BXt8B?aOF$rr~mph0YQ!(W1T`vz{Q)M-&D68 zlcs-F3yIQGdXzrzJJP#30A!m((59N!}+JRGJeCTh?C7|)+S;1xML<9J|Vb$Q+#2G|L%m)O;w@no;}+0{6QopFQXs2w3k6)(X zOhAwS`-&$jmhY+RovzD1^J&;}l9+jj32AHd%T>>H`|d1(B{G~$6u*1;A2Ta6q}e{3 z@!B+>&D`E0Beb>V%^<{K0xz&XO93ljHa}UDa29fd;gct3Z*jMLgrvXeN))jITLssh zzM9{b;nA`n?Ks*?lJ%P&9+csXv@M`Q(};xbvrsqoFgk_=7T0|uK&!?SXnXZIu2kan z1DNj_r4w2ncnmx_Bp}OE*~Ky2OCfPDqkCr?v9?yTdu$?aMooxJ4Js0)0)^kL16GpJ zTH+^q{>z_|@9+NZWch5$%zv#RpaP*020m|>s+eq7JmcYgTnM7vK0vU`Ih*X@yg}IS zUOj8k>4p#g2o8h?pbn?SLKlrjqfG7zAPD~9L~D>1aW1MosfcLz-A6-T1@d#AYz6pgi`QmxFHRi z1>&>PzzxOLimVrR_*%?uBVw3z4xyz279QYm{BZ+~j9FYB)*ktaV4<~5$%vanAFo0?C>cS&jqTpM zBvWQpf;F?SN`vEwq{p;~Ll@bJgW%aofoE)ErYdC)j40iHrU<;w`RDpos$#Z=xx=3G z{&D#43!WsJ_uPTBnbB}pI_n>QmZ*-F)!(bNAdAf}QsDT<`cxPfvZQ)U?OZWG9s#Rx zVEpXypz#f-l}R*2nJmS+!ll&zr-zkTSj7|GE@H&*s=O@O!Cv@6a8PmcYi^SfTJ^m} z0)kmG&sRqaFmz}U89<1im5M>2N~jZ*eG6q0`4Ol0X_5Hy7Zy9@uc?|P!$s|B(aeDp z(t^V>Vbvw$jm-DM=_zErHqz!{Xi7Mtd{Y^?{=@=goKB_S& zsIhu0H?e1at%}Heli(5C4cxJ~&S^T?Ff`-PIKftkkY_5Gv02G&ot5ZP0{ayFvw>s!dO8%O^N0=&W8=+;qS zG%6Y3EPY2u4f<0dV{+5Fi}jrYJr8jlb>G){R(9*o@`L(Ow^DD!miAAyc(bInhD(j->Mq4>rRKnyVn2=d`%Vz%kz{uU{OL_a;qvz)iK;*b%)q0k3nIh zh88{BF60QF^Yu7w&dS;-M@~<;R@c;rK5WG-$G`Ao%W40#ONR1{n5GYe)^ZKEbGWMF zZp;0+-iOpM&EBLBoL-) zAmSqUyx_qmUI@;d)~G+pJqu<7`=`aK6lyL@R(eetOrkuo_49ECYaWwH3zoaNbgx&- zBqS9op*|K6X3O;J52K~uNJrjI4IkAXaUyj26~qoJaEcV-GEc>oc+g_SVkMzNDFrKROM`fG^{;Fsy}OZ3%l)q# z@$szd$GHC;1R2HJlfqb^{zf&tM;@~~$;Iza@CZ$eL(l+0xVMB1`Jz4?*Z;0HN1^uD z!ri~w2i4ffw(9Gq{+!_{I0M&BUKWb7CI%B0D`2D>o3EcVmr!z1I$li*ns|Oj6@HIu zr1KD}-JG(bb!GTGJY#|(rhn(>b*`H@*TTXl`%rX=j+XR225@DF!5atg701rbzD}$8SzTQFbgn3F|LKqC4(tUz{UVspoF0XXAeKYj z57)NRalEWcYIeP$&y)OBwzpjp&8RcN#~ipJJ>#n9H;CU*S7RPCey`HAGoh1@B27~@ zLq%c!seD&i19w4_KnTt{$@9<3_szdv9G z#DR{~qCQ^pO?=Bj&|Q|j`=76pJxmV1OI0oYck)IP8s`srvvBj%#N9}?qm+b(QP5}S zu@`@Zy{z{{9EQ?Pv*#^H#vZH0tM1Y+`2~-g%qT(O#DRLx&Ny^UTagUoS*6{B$;A2! z55eUCO(PE`!?gmtF8;v)LvdGMiQraHgRj`m)e^ zWQ7Y;3u1+zNcwx*7L?&6!1My)$4 z=FjnKcAFNNBhxMHHK`D}%)2)>*|uSfpt+k_UjP}9N7cZF(F}LJv#yn?qhG zTM%#RIsT}F{k?4CkVw|;0fD~9-#?|sTq>S&wS|3;C*f&>T+G`yLWbP)qT#Yo9Nf`Z+X2BKnu)()~LQ!J+G5B3Um>|A4|eqOBJ~Y_&G*CR>H^zQ0|@PO#an4Oe?2dqG7tvb;t!(+zD~ zvUeCU;r)upNYRD2$zcG9Kv_fBRy}rbAK$j4*zre53>5sXVn`0MYQrtqsy?F`>T+jy z`F&2J4Er@60^P$a6r)=S? z)o=zb**0pob~LOQ?OPS|5r9$QrTW$eEYf^Becwc4`)id_c4Pw^RhsQjANzUE*^vMk#77Kp87YCdxigUiwMDEPop?w@ ze9GYq^s=Ab?XR+F!wvs>47e)MrrtbCP!~B&!#89L9uv9|$ zIl=n`iESn(^56h6cB$3JkhXQ@-sWPCY}mFhdekMy!#6jUUlkacW&OJb|DHBAz2Z_- z?Qb#D_U-LqnBy;v>^N2?%lanEDtJuISJ>8(yZ?h48uJI5mn&+)ufQ>cP2Q)c)H;v{mHDQ@sM>39Wl!xzmhIRcsJ_OenKGFpY zmCpD`h?WH*vzs-B1iUv%ZQi@C=={V+9sXW54Gbe(ap(GomS1)X#ql$>SeU_?(c|FR z-yfV8mCQ5SJ}+-=4>;6@mi&9H*=2HgGw+K{{ZR5yKkK9rEf`|0kO&e5!eV#ZIjce6 zfFiiAVCj_Z_Ok0Jxybp39)*tP+Wuq?dT^M4Wg8)y)$z>(adGhg`8PwZ%5gBaH1D5# zl+#v2FQOM~U=dOqn@Q-a*RKbQP!vk~ezEtTCeHy}asU+Mi}{I;{vb~ph2{*%&$4$) z=1J)eLh+dM8RGilu5zCJ+y5=qWD7$uP*@G0kHA)Kq*TV=I*tzPu%|{~tb%+JY724G zOQQJ6qVMq&Ml}@r_D^yKhW)+wp)Z_}8^_)gf_ged3Jz!Gw@gtb$37cWtJLcV{!lfI zexlweV%Hc~U$D3>ebOvy_2*O{>=}!6ld?sTq9;cbn^=Yv7sl_nAr=WW%@#|<(Mr_( zzv-WU%T9e8B=SrpkZX;L%b9)h_RqNGu-!>HA32@8z@Y5u^mIUhF=s4j$wkp0bdUHb ztExX6-Q1rD8?3&PDS}$u@u>c5k=e)%|GH8@d@ttNy(5#*za9&EW_$kr13+ayz=e>O z0*k}_Mk*Wp4;nl)Snk9ns;0Yf+T9<^t6p>vSphz0v!7uZf2_5`xEN)3*Vh81$8GbZo z9!V_rhh7!D6i~JOnf87{yYDQMT>NQWyK0g=7luDPJx~f4X9d0F+V;NHCx#S_Y~FCR zIAHIqxekhO$RxMSf&C&BzbtcTI@t+_KrMgeKzR81=&bFd(Fb$ELgbfE`WN)Wn=cOl zJ#>MxLgCvByw}|K%n{^SoxP&!9_zSI!IpPnS@$(ZMN?j(gffM2U0pP7aIGjiq_18F z!;kFo3wxgGA~7W~jEg7ie)WV&zxUH!;f(xZQr3{iEFsJcdWDIOF=gclw=!y-RDV|e`1wm%k0+`j{Fit9hX^q>|6ye11$

fXK#6hNNh;(= z{pb`bBE$91iL4zSp?<6{O$7E=5hh?V(4OS+GM-58U4Q}WynmfT|RT6aPi1TiS`+T;<&o+{}8ce z-mGLx;9ON^?HdX?n|+Moh1b7_jSXa7Z#c1{K5bf`5^PO4m~ij?3+V4+;i@_ow6`!O z>frhonZsbe>4>D}?X`n4xV0mb_Lgi`l{q??^bqRp8ZBaUXI6`VLb2?K9W$PmWpR^F zvnX7aVW%&MRvngY^Dp?17gcy>vE3dH5HsGdxFe#74LL!{q;%j;6am$-G1{Xp`xlmR zeRi%7T#Xr`vqMOEjrvp|-kP@sh(M&jm4CNmMe_W&$hAm56CIFBTOrA_`PH4)Llp^H zp#Z4F(w0nFHKbF}j+pp?22pyNj`!eU)%ihGY=j?aMkR>O6b{dS+9+}Bb89OQ!*dBq-um9N;G-vAFRuASHCnc+BX$IuUl2mjs7}$IOZ`DllbL;*&-M zQGq~SkH2;hNlu7CWB8la(^*P`A8CAfoN&aBI&$=Dx~_^6H>g^A?w3^rY{<^_s}l&F z(h21l15w?q-alpDGWA{~@@kAVMi}%j$ zyVD#tc}Jkrr@M|ws2J4mY}i`v-BsG@)NGSA0x!{OuCJB?C2B0o_-{Wg<_34J{lt`K znb`8brT~^ zVLafa(_9w-;MNT6adZ3rv%Hw0vwvCP_0}~dY_q`f zdylR69gGe4MF3V8{Ajkj8}B^7T9~YkdM!w@PD7KM|9EgS`52LBrXF5L4K|WO@ta+u z$o>esWqI}|4m8?;^}q~F^J zt=J#(f&va-`KtIk?P^eglGGJUmtk88ZTK=vy$3SdO{Lke0&3cm+JsR%s_&b|A$5^M zM#|zEcRV^&PG}WRV=?v3c}-_06Gg4tGQVDIU@g~3C_ldwI<66%H@+fAHwm>=^a(iL zKWZ#NU4HTK)WRj?VJoJ_Q66sMJ2;RCE63G1d!$k$`cVf3V)-o`#^GmP?T{H30>e{1pokL2x_= ziMy02A)xdqR=@$m(csU{asv>&p8d0*J@kBar)zqP6xjsSzCl9AA4=vce7?vYS_l=c zTCnSeAhy>&&ZhJd`D~IKx;n*h8d*MR%{9Qb6gxQVIon2-n5!a&A^iI91GQ0>$)A&0 zAK|~kmI~#p^`0>eyJas&^FI;JZ5n#ei%sP6!@3QE`^}w)Cy6kAF44c>Vq1cU0#l*gR4h_S;TqV!xl5 zcb@Dh{2Twy4necO9nTl^(+a%iRyys#yA=lJ1t5O2t`@A-WRmaKt?!2;E3ya=Nl$r| ze+tc;>T%f)n7Fz!Js977{Ozl{=ldmh>zFUOhjPsQmPDpJCRT$|N4in@ugj7p>hG*4 z#y=erM$VLJgkd=`WNyCc=8K>Fr5wvPUiiCf|NTyUo-Dkaa#6@Gqk-(k8iCCI{F2>G z?ec2(p}d|b*P6N-XF=@K_5;;xg~^3H-ad0%RkBk6s~ow8^%OP~Poc zPPYfR3HGEo5+aIe4|jDDo!fz|3f)C$}YG~uB|rl z$|7kC(gc)M+wlfb<*pQ3+=;TD z;f9)&$A)-xFA3~_BRg*?m+m|`s6*|BQ};}Kmr3;VK*R1c`I}&ssW&GfxZS8})1pHm zbISzPTRzJqA?`UHOBw*dJ2-yAK#+!(<*()8CB$F zeM+u5gWGG)A?$$ukU3F`u%+16R?h3V(XI39f(iQ`eT$y5ba8XP_vs%$rf21@ZX+wT zS63XkeLb+}cJND7G@6!rRb81`V5!8g9|MLN-gJzs$dLs>ME9-qXOmvmZhAj^o%eVm zomZ90gGuuX4>Ud)+1ES19gcHbrvU{oc#CUpT?SO11+{b4ztr%+JukfQsnRE%Jgnpc zd#MxoF*Q%85-j1ReU>wiE4_{vp`ixVQvnsJ8%c-Od-nn?-b@sA=R2`1Z&l6G;`XP{ zNLi;NoPYk7v9jrUu!ambY6@{V)2l6#3#h%zl^3;4u;|^k2+)x>T=N)Uc|`wc{G?Wm zq}kA|hs~-2gl*gs*3Mp5JJu7v9go8uHf%Qs0^AaU&ePXs%Y=sLChZe9A8 zWgK}?#AyZrP)n1#d3mR)9Az7m*FMzKZPiZAoIO%Kt?*{)7J=iA*?CYVunmp5C8ZF@ ziOgLY&##s@gA@@jjv-M%W{#O6Csb-KzM3g2d>Jd`j7@{4gJ2^T3n&M%fAiE1P5~`l zfqdyLl=gAEa(yiN?S#t$>VMa`^_MHrZM;nA@E?E0v2HMXi4h!y>C^9c-;E2FyPB!w z_ZN#bsm$E;DE_kH7J+%ECPN}FC24_w;dDU@(F#g>OmoKM2m6eX*SRAPt5I} zzsixcktUX0IA69=n|v`j5iPLIF!N;ngb@JjS-l5EI3DUtmRgn88C_J~4P_QM_dT9k*_=D%-D&x}gm_B>nqGv)Z*X zQ&26g1QYRe$gEN@%GL@1A6+8V0EpO0{3`QEU6ghwa7=tCmU|Z3kwQyD|87?Tr_&PY zdhx4k+H_Sg?RE`wxG{2tPdg^)I8wAG2PX4?d2ZMHK_HabwJwaY#`@ker!&MucYP=V zBg{s7pXWjsZMXwRGNQW6&-aiN_02%&OJ-?~uC3>~rjSzrKBUF@x$GP5C8bdkjnk9f z1)yc&7t!7DQgWAx8MZe-j1r~Z%tR%kbW}2rq>7bDu<31$&)$_k_Qv)1@6x3~?F{kt zrp#TxJ5aBg#2jQ4>B$fRtb!O`h3XX3&z2#b3;OQ^yzwf zVMw$efs$`1WFENWKp1}?U5LC3(~F7U0=dT5OWw@U>u8?fmbt2T{ykh+VwMWL2l3vALX=Q=uXR52c~#OWDZJP0$f< z<~NQXA>SKj;{->p5`4Zm+oS#!Iiq~~GlkeHtHJSW{G}v$(m&PZpMGU@wuc9{^-F6WVb*Xg zUib+X9UN(%Xks<=QdKHaLf&#YGU!N|@8@ax3ZwdY3LUqTp73)SnoMSo@G-$s7J(zS z6P)`xnpV*>QR<8MeX% z`Mv+IJJ(?6TyxHIZau|<9~qxaEH&bKYM3aM!KUkKdqR&WR~CB8s{=iqzuCcZzOI-U zTHgc)8?Hz`+gQ&(eY1~jGGG`)`7naQWoxT; z?I_g0x?NE@s1Z{+bRF%sKaxHfgP+FV*ztliTsxKdbBH&|xVo0W|E00L^*GO{O9#DB z2$^gWhBWO(Hh5Klza}&bSr2#Wx6gMMxP%P2!YI7sd;QneuVY6uB-cNZ{^Iob0cl_u4x5r|rWf zbh3N5ET(xZdj&~e#hHF)+pI@e>%qcGB~-Focjb0@&Mi*P6H-!%E?KU-zU7K~FOnml)ad5Y8@DitD;q`;AZqPwD z(UetaVgP8?D(ltdjdYDE<>4RCHj=CwX9cKSw%fjHy`ebTJiOp8^2g^w}_<&9Dui>RF<%MsZ$uZM;JkX@}b zCFH)AyzXTun^IrQoHdFv390br!2f779==_4gpWhPq3&+DdQ$ADk)69oa{t$wGoG4b z05f?5;^(}zsP_GOCJk+WUUp|43W@Ief)k(DO|r7M_R2 zyzs6kj6KN+^svXL4CvZ|-y1 ziJAP_zh17C5UG57z`v+7uAlIc^ilz5B-5a9`Xh$~bELFaG)6A7Rl#r^@ShOnX(!*( z`uA<#9=eZBWpan-X`XO7`W@8${f2xEu&m?E{fYR}_qcJJOUn(!iBzdE{u z3j^S$rM#Sehq!*aN<3o`I+h+2Ctzuh*enag@o<1K2!9WRdPEP|^8(k?FSl}d*Di=kLM!cQ% zx`S>+H!;K1&Ulxba~v~q!eR+%sYcU3_I)%Qni+)9+{NT4^$HrU@Q9;JwVwpyYyY#u zE~0W;pLR->{rlyFo_T3*l(b7dZ*&u)wjzbm^apvpuFSko_G6y z>f(FGs)Ab82+p)kA4s149`J{I{`kEXE=l|mM3q>GKej%9A!&*AlY*2&l=@Z>TfF8v zzq{n0Xelz8>l>|?M(r)FeCKpmaUyXyq)AzDp@&UwnIBVGi|0*y!+1PuSDZYIRLRJhG?Fn<&~j!-I@yZf|l8B6OJ<6n1STcTX(1D&q2h5JIwUov;IQarXk zt|oIlh=jsN1LfUOec_B$mvi-fE&}m&pIlqfJg;O}Uxs4LH#on$XNVAU{P$mD{7yzU)_4t8}zKFM+u%1DL6@#?Sk$a zdFw$Mv=J5ZD}^^L(G3PIwq1>~gAj5UYA9K;JzIsq?K&o3{XbLC2y7Ltg8KYoYNnE` zV&jF7M~G~>q))dIC0A~sX@E0xOKG)p&7-o5jQA?jytY2*lTp`WcuRG|uPgzOYJ2o4 z)lzL?=DG>G-BPNU7|rWITzEDt@O(Bo1Jl~|G`f56GfO4w->xw{2ll#yvW>?EnB)LIlJPQF}#ZWw)X+?mG<$0EQ}DN;*MTEMH>TyWevc z)xjb_L&SH-ceQx>J!nsNq>f=WEF1HRA?x>~#~ysuh>cKyw}`}`XjLQC<9Bibb^XX$ zL;JDTBf*KLCoEuR)O~5_>@BhFU!uacd0P6I_V!g?f* z1q43e)!NON)g7?eZZ9tmm8t>1D)y*jbjU9Fm$$z%3*+V4v2m9{!J#$&84=VSe1#Ng zwovrYB?}JLeQA)M9DvYACc9@w_RKiw77i&QJQ8}~aDcOdWKAtyeJEjyd&L@b#zrYU zwfRVMd#k{(gv5z6Y8q{_qK+BZLdwK~5!ojmpPzO$4b|>4vnfa`QwXyXH`JKN4^%-B z3_7n3eYJcbN{(HqDdEfbX+v#1=ry6k{Qk~bmQBIqea{f}6@C<>Ehkg3>2>A5=a7o!-%ry9y#*JTM%R@p;DqNX zlc?(YT8j{tPqWkKGZ%c+M93mhLJx8{3;rQkI)G=-I3!3MnZ`aE_^#+5tKL*D2$2`_ zDeZQM)&{~|q0DtcRM{t<9gjw8UwT8J#qk}Wjso6&*oK$F|L)W<8MVSF719SS#5BW! z-xJ+D>1Ckcg#xEMlvzsFM9pZfo@_PscnWAeY;rz8RT))#j5PoF;EG zk(%U=^6$6Vo&SN59z1%NHmiEU+Cri8&Dz<(Is&Da$=|;I7kkji-|bD~AFkqtrr>=? zaBI}>;A13LS9=!l%LaPC_Wdiw4KZI^-Md?nmor`*E9UT@!IlkDX zOl;2a147^-4s&pTJ|J1SY>nVpRA2}F=FZjgko2y$OLrf$%N}oiFS(EPJ;o^7eOqac z#AarSx`)=C`rLz6!A4D)zhv|pRMcFXEy{FQH$RI@&X@M9VbVN`FnGWyxAq~2Bk<~H z!3r62!{)I^rcj$aK^bd{ipMrB(~vQklGsG3tzc{&rijo3i+dPl=28zR?EXlw@E} zu-jbcrK2PKbYRfo2e~3bdpOJdNA%&$A}btL#H*a$k&E&dn8$k3A8q(&Ju($;pO(kC zd|#yFZ+^(_^)T$bQ32@nR;s#Z+=8{e?mG8>UB?5c3OnS{2DJYpP!D#){C$@* z$j4*|G*1YnXZgPCa5)Hcu(csOL%U^dIc|L5f7#o~_jsQs5)jsL!N z(dgIwB${7FvtU=O&IHc;XZh9or7ILcgx@CJ)`V2yiuQ?*y@ikSf$gMGN_f zwj&gTQeYfE4tlzn--`Ycu0p*|d;Qk|DW}Mnu8+Hhff*%oJ>Ki_G&!1!El_O4MtN;267D_4-C0EQKW@sw5smqYi=Z{t z5{0zmEIr2f_{2mCluD|Gl7<)HyU$z#E6}eR1$h3K6Ln&+Gs~K0&^osTb+>}Ws_CpR zPnd~Jd7A1E*Y?`AnKTq3wht`y-Y%P;l-FH32WyYo=%@hNl1fwjt%$rbh2U3mAKq|G zsE_EuBwf|FOWULB<6*S39z6A#_rn0@r9x3yA1>dsxMSrlT6V!qC*BWNB~FgtD2(`J z4}Rzda;c|+Tt!k1k#Zezb6TmNjyl4&>4oAEjLt^O$B(x=&XK!P4Oz)j{exryU~w`^ zrM=MKve&fJ21j7aRhK?j(U0}l5a0^XY#DUoj6ykOD2_t4HMO^3m%+%d-M#o|BfL5_ z#(g=U5VQ2BQm?v{+U}<%EG+(qmx&8zA1^OukLzt1#X4sfK2Nkif1LWeV6XDtnVwH- zte;xs%C^nY^K-;bg#=)c=Ju7Y^2mf|h7G2gUlawNi%bnt;xmj?4*_vB91fiJQ8JZ5 z^ZeUUK>@(P5eYc1IkP34tLTPpNfNu_RN2|cpsYGi%oHBW`}aL!F1fN8L@HT@8NM#x znSW<#E3q0ef98xLY;5H@{50CQ#QBj^reTpuj=kLdUw2#TcOIBOf80sEovpz3XT%=F z$-s^4@^^t(HSj~V1d63Y@qj{s3iE9~dx14;1P6!2d~+MCb)oFvGhuw23-ltBJ|%N7 zaj7lsWWViu6HUoCv)f5QL#p#-pO@*f1~hJDUh5iyu z)#cyBPFvOfd`N9g;Kl^*&V+HnlJmXZ*aplAskHK_Kk(cQv^A@e!@qqY?auI=#+0bq z4c##zII^@VGCw1x)@xgx*F8Ze$!hkd8=fJMbev=>g5ggUf57%yN3SjNE&+@CZnGxE|xzb*7eBTn= zmybuTz|Gy*SBpk3Gw0`>=#7Il>#=QYFb@4*)R$7QM$>kf4eW)#0f?L+`p!-bsK*BY zM6{YN=%Q#-;n@ZotydmpfRjyY-Sa3(2nQ>w>IGKlE$FE;nK-E9gv+d;GtwBw69oBb zQBhwg=r zlW!Ht;$vJ&2AmZ4DOeXk-W-znmr%$58Cp@f&l~JrgduLruM+)@HTqK9 zoF6U)+gLZFSct1sJ+np@{Bg8;ipz~RHNR6paXMyKs&H4V+U9cEN`RKEF?=|dsroAg zuca*4xWRvvVC+4wHlrm3lF?9l zrd0odwgy#KyRH=1wklFF%mjCxhBN$=-=?K1ejkr8p6>Ks>Z%?u`bV45@La^ZX5=g& z^}k(mg&OSiMPeQ?D?iJKZ&BQ-dX0vIVBIIH&80DhESNUbGRPdTrS>DwWe#b|-sg_% z2e2Cjli-7z-D6x7<@qd_@E@o0*@jXmPlr`qk}`%t-a3tacg|(k4u|+VS*ZzR@=n?76Ciotx&aDQo1t5`9 z9<#DvIM_V5E69Mwm~amz&cA4MXVXuiKtEG+7E4y#*;H?M`lHw9(#UO(f|$FQK?#~G z8lE?HnyKu*Ae7Bz^&xuZHAjhVRg|4SZUh4&6rLDEc;iHUiC@SiP!`aUur_{BjV1c! zx;S>AXESClRw&9l5}7}^YbWN6Rz|UUY&TLRmVyb_g>g-LzX$$&TiG>Ef~8+)2itL} zsZ4*|$x6#7ZSrQ`>j7|{ZB7Z63qWR8b7em2pp~dU^AvF@cwb8eno&0!xQEA{S_@2X ziu}bE1KI0M`L3s(4cn5Tu;fI=d!EYKGC>A6$-s8iYZQI`Bx zw3b$Sd8739iO#y%Rz`i<1J?dZfWnDBopoYxnd>%QWj5m%D0M*fvYKtg?njwN1@&VE z<-RdhPk9f2RuDH-B?0PHMkHVzc`G3xn=EvuTF?hYWUF&GM_I2Ww=VTpUnkac2XQts zjrQkV7p=f@y*^KJk@3MEiPc+0^UOQh=vCH5{l!oYC0}pBorL)-@fR&AliVayZgV4e zDwid0^>?R#5Dw$&w~Q6Gj$r&|ZjYOOd|jDIrcgZ;*P)elD%Rf$B)&%mfo9ixtrj%~ z*JwV)p&u;hP)LIe^$Kx96^qR5I22aipZ2=&DhWXilk+^ux~`@>*yYNJ2)al7rlr*= z#(_?@7Mo|VXBgDH#{QbE+z!-;ed=Oq8O}i!kq=9Daoqv)pZ;*LAy+((_cbb&f#~2K z&E5Y(2v|9M&o2cjO8CBmi-(iYsGxc(p@Yu*2TAnsf0_~&&i@&kj0%>k3Oqs$XvpAV zO9C_WL>;UMlZ}HgCm^w zSPWVy&ww}@`i??~*}~ZUn5m!W1kavzncCfvUW$s&_e11Fg}7;alKIgHJDi_C<`*W~ zJg!0(+$fTrDu*)cR~Ik%77Km@0r3{KJL1TVI%cH4cGz-14`oKa7#J@0uj;BBjg9u;UftH$A+-4Dvw_KL2I;JeB`~I zO7#RohRwyver|lcuL0#ToBCv5ZB_c=K9V`2IL&;7uSM16QPWx-MD>cO$cYU_2`hmL z%#tNNJwV@yFZh1zXD(MWNbjZ53el^Zx1?uEtN6IZD=a_u1ASJB+x8kNN|8pZj5Z2- z5|5kU56n8HU^xOhQ>UNn&6F3Wa9E*S?*t%HpshR+Bp%>$yzjw%0a#sj^^ zZuA&G(dm;2?0L`95ArNO%}J_y(J&YM%n8dG8P(5i-U1*W_hB0 z$)1vm(+;ax+40M{rU@ucf^bkczst9ZGN^E>AlVtD6bVdyu4M|c%C_G?l@4Ezbxt1 z5J#EF8GK8qmhlPA_}t%7OLo#Xpwat@N3kJZ^wm>XpN+1$v;r9NAT>ir(hV&jHT{+(gB;|`BzV+A92-3C*P(w zoi7azK}|O>SHP?}NBe^7`zErrsTfK0u1;@DX32E?#YnoI70)Hy#b+IjyE~_Q!-7Hc zZ_h!@NE7K3eK(|mgyh#U?mDhf;M+DZ$At-0*EoFh{;)Ff+~{jSOrqm8X8h|KzN?%# ziagDsLkJk!*J<{U`>t^VM~col0-zm}-%35opU$_$zOG+f%h!V_77Zm31)g-|#NaBb zzBg}0M+X2NPo(?Mu+wEEk1yGXl-gJ=CU1jSXI?k8@0#lDDLhznCdM@4M&P32yhJCL zd?u$1j)FlaV>p@Mz==E06>-^7wsUr#{S>b!y~i`&gi<@dmqrz%@4P`m%{gR~YD@z( zMPiAk=eVjmtgWkhEFJ-v2Ro#hFpB5rz((>{rsI4*;M9FQD}gK2`y`Thz_yxB$5of7@ZakRe2$YuImo{T=UdPXx(?8)AijuU{os zy_ns=fB6^2j_fWWdPOq zum!>)L3LJsf+o$@JyFGdK_Z*242BQF7<((;M_adUfs?_gwTd)aw0#g|Q11K2X$e(p z4>`e}n34`m!T1(t)obHFx{Gl@R%t(Yo`LZ*w9Rqq1`=&fR3F-{k)L@8w%`uvf3`mx zVQHl^qxo>wb4Sv9z%25O8GK)Uq?pbfbORat?X4doV74<7X`AApAddI83+5Bwq>(!T z6dgAiK%=&H^A+XdbW))XN7AI~2qdo|AtI7cym!d(T~thBgVR+Yv3bf|4Ld9974~cH z=mI%lsD~``-(+Bzyau9k(5H?LtUwCS+i$u0kSXtSGwk1YbH_}QB;5SXYoZTrCq8X~p@gUNQ%D|J~snhR&?v1Yypj)F-(L8qXs0T}-X@?ekg@@S_Czy?-6N ztd?eC(VJUEjHexHB_0*mh8P3@jy} z2>Q~!Cr1YAxuSy@}aL^j_W2Ql&m3RM9`}*|7mujMpG3Fhz+bc}5WA()_ z1oI2Mz*L_m&$R$HG+X6kLo=V8v5bTt+Y_Y9KTjJJTzk>U&9tKYe!aLy#fn2sU`lpK zf-n3j+ei4n7hv#S3(=M4!llpwB48jhTMi#05Z7q~f$+wMO`QF88=rx8TMx(3h>mjJ;XkSl2w&`oz9<4+E&V@?Vp72-5->` zssup0I129OB2sAj**pz)uQ?PMWC>oKRy(%+3YMGlwk)5QsUoQOdYX?)-h~@9P-krw zu2bh;=maHR_I`Lnd72mJoBA{4n2X)}A=7y2YV!b+6j%Spk@*2K zD*#rYP^^HJUz?_K9mM=5rfr?_g=XMeY%)j(rfgOx5h@LoiT0LlV7e;~YWtvt^cMS$ zKedHRT=@0(u+?@>NNJfdcfR*_4|b);TN;uHrq<7?WV1#y5kp-@Gcu2$?0F1A#a*^( zTI-BNFAT49KPH7yrIBqDNXB^%G@c-iRBm}}1 zAcTF)9U#o0jAY_B3C zb^8iJ)&=td<}OW$`}{Y+24`ObWVr{F_!o1pJO-IEaacq}OBs|xK)bBDL#{7d(C>7P zF%oj6pXg#$59pAId8OIGk6_d>x-^7ZE;(OT{bIEOR7p5~7MpE)yx;KMP*Y9RW9q!2 z&8lT3BmsITLE(lBq(&Nwn-B6Pe<7fxtBS9+!CV>Xp+c2)FZ3p*6&VnBq)4>i<1g*_ zeJt+4+Jez1@+>4EA8A*;@iT*RBdI|D(}tx?-+>*qdESh_gE;fP*M+K^OGShpEXQ1q zH*WN)#ksQIM-$xAY7>b7*a7Oh7pR$JnSWzkeLX9RF?i}D;=}lST~S0R)F&7_p#Jcy zE54GUS_WKC$7~r)wyL?FHxS-6k5}yxk~! zEr_I2<9A?;oxNbNTw|-Gby?MZszhK(eE25(kldhx^cJQ#eGO$Dj1uM=gl9}nLq60% zCUVzou?-xpUU3zETy;n3iZyhB^tF=Y>(DOs%HHwqdy@NxYHHkisqylce>p~dTIjIN z{E32mX17_T#P(w^96tv@y_LUx8@@T71Wr;A3UgckpQtb zJ-bq22RM-L-o$-zB!vwC&J9bBnDw8edJh*-QtR?x*XNKCD1PFALZ}oyG%F}MS)1sv ze^lf0R9E0~d>cbSp-0YMIOvE5y)0T|Em6VYpb=&8%d7h@Siw&X3!#9BX!TA@p**LT z+KW>4B8;Hxz_8uxBFyMC57sFHH@NHWvm|ddOm}|r?IZ=7G)@@-6bebJYwv;8S2x=Q zPf3X))!5J7=J|6Xo^8phA)N{AA?6H_12xrZSdQBZ<8u@8>OX3X5jo?uZ-ZYqAD5b$ z>Au`<4RQoIct0J>5@*8vTR1p`j#PK->@VVnj!Ub0>ct)e3RdgMjhA9ccNW_nb^hcJ zIat3kR3_RNRF8u^4eLBJ5VOK8Irc>{*W1N@3gKNbM=`nI-}|P8>r7?bEkynF$~&Bt z?K&s=b7}9GE{PO@$RsC|rU*Dw-p$;J>+o3Ap|o448nr(bqxA~ZGDG77Rr+EjV-)Nv z39+MGxxt~vWv$N_-gZff$AR#(!haFOUP+5Q`Qidoxh5^if~qD`D5H5tq7pE(vE0^W z>`;nxBpqiz=oU--pw|c-vAgj&GS@jJE(G-E5XKCZ={O~hzBfW~ewmSwWGZx$!Vr+= zT618nvATDm!69*JP}fcizU|S7l~aW zRbVBMKC8QNTtIT_HuF0R9ki3rJ-zPQYE?B4Ga~<5pGhlQs$x4?0y>X`zLhawR^q@& zJon~>AhUn|P0st=`NbJV>j}o5sE5v{uUrev0Y5k`BMh|<<=?{g4^1_#LdiwCwPu1R ze1!2aiis`-7pa7zdVfiJD+zIBP4B4#aU~mB-Rl()9p=(F`8+&K933#u3qj2q|F-Sw z7E9hLlgyE5wBbw_zxF4+*EyH=rQ4&^t9i_fD&F+D8nUWg2ROLQ>ZyjF7djgIoU~^5 zZ2@e5s|MD%xx>i*rY*vTq*amVl~X(n zcHuaQYxoOo_19N-z8OW0trifPaxUuycQhN=IvM-5`gL~d8QA)y zP!rFpxoy_dRWDj9BzAFOgrCvNESaV&gDlHH1XJI~^SgRt+Ke_emrpq_HK-gF)m^pc zTG&H^Saf`+t8ePPQBD+2wBX(behhhfeyy)TE}I}SiX=R=TOLhNL)(P2g929#up$-=C=?QgfI(bW4-IHx*O+UNR!U1Q2#ocgXPu54(7_nXDu z0XfLiRfP4|ae`%xZxEAMZI5#wmeGjb^BpCA?t|S1D5K4PM;IUKtdlnm>z8WdV#N2< zi740RMR(U)2>g|eJM~hIGUzg)WHzw-)eb5d`Tga`VWa0Lm=4_c8(Ie=syNZ4-hX8( zAARn?JZ0Vjq$GlgFxHoSP4Ops%CHW7UpvN^Yg^=cW;t<{IvHAWvV|1>$Uc@KwIshG zQdf0%HX(7VV`#93Aa)Ba7YZLs69ZQQ^Amd5<$esBm?=(rySAwEtnDS0FrwJU{p9Mx z+B3YJB{zbQp_!hy<3{H%qk&v#e3bpsys21!n@3 z(~67J#O)~@sA>$nbDodgvD5L)?l!%jJNdEY3CpSZv?}6iZ2Jf-fbc}J8Ac7juS2=@ZZf*lJtz>9(NpYD zOx8Y>=EW56<&xmmXLwaXbHo~!l$t?r$8|s2%zU)L%MW?&lsE!&L)n(B{~5;b!9yPt z46iEHc!#Rl*TOm*eb0CRYyW$!6T@I#VgRxq2>d{aN)}F;IFq^`OIQy;CqthZ%}VbG*^I^s6dEn=ikr%0J)9g!SNmL+LM8COiwc+?ikdk^^Noim^AJ! z5Vn&E;}r=;=>%8>arStNB`)RM9znK4$>fj{xJ~ZznP0le)c1F3%6%_zpa!%1R3J1F zMz#ZOA8b!P6UVf}M8YS+4xX-R%R57&?r#Ugx=wL-00+a6MNk%qyMUou7sMeRE&+@- zT@g+Ul`M8IW@vOSoJPFe(h~Y`>bO{I0RG-! zQS{qS#X9O>ZMjX)SSMRzfF%5w=|r9e`fA*qlYN0vu=}u%VH`t}Twl~wtF`DUmOcj+ z2OYgZqM63av5DZURS8LV5bGmh=)C+G%`!n>;%IGyT3`12t$yde8S^5R2LRd$9k5Jy z!QFjzk9Vo|XM7xAurPy$(!0@|WgK8okdMG48lwZD!JB-%>M0?W8MTehIaK^!#N z2=slF3)jyRuvj@Ev$BS8hBX#G7kQ%ghXR*fCkyjp8p%Uy~=T1$*05F@I_rQ;E zkcGkKbQ0_*DNUspJ2OU??jk`7+hu8GNV*v`I!u|5!XgbOKUy6uY&7hu1FI@ z=?R>#o6qI8G7|TAc~SerCorYRdf4~KMbJ*&Me3U@>Vw$2A4PByp+jF%nts>tM9PRDkEP4<*mg$UQ)3dv8w155<4#m#;(Y z9zTKO+KP&_vZO!G7iB?|FaSDYjAC1F%+c{)&TV*~yg5V|wc(bokt_MOXuOW(Uvgo@eu$By z=B)m!I2!vd?md71zys?w>}>3b`X8nz^JkxVx)!zi>Iw5OJe!>3u>ou{OO!0<`Nc@* z%@$Q3vA4ywa%jn7bf^&RSWZmlg(C;5g@d?ha?P4!FpdwE7qid0Q1=Jv1fK%D1Kq1~ zEv<@(sV7q|%H3Ven>-B=yLmESC#gaBUo-(F>*|GD@%?I%*x1gf; zFk_ILX8Ywrt)m6dt4TPFI{)nN@5i&c<4VErMP!_AE*I-{ zgF}dYDMjDaXKA@l_C<3) zEXal!71ffPUh69BDa4{_!)B$064`lTE4rFbhEt~+&hShqaM_$hvs#Ce9sWNq262TFd!0N%51*E4s2goR4N$nHn>p2RG(Vm7A+X1nk}mP+kZdx2wLH{@43acg(i(!$33C5EB`bQzWur9gV>s z>`{AeaBEttGFlN>6ELn)H@OtWUi@{u-fv)Fy(-~KL zrpRY9Ht}`bKhlVC9q&G}gC$Q$_sbRLd5)kKj28x^oMuk{#fWiYul4k4XZS+zl%)e*R&E>PAM-N|lRbNt&_a|EYvj<8pI%2%k`b#F zbaHS;>W9f}ggaz@+*q24Zi9#YO<7;MjNc_jB*85Yzprk5SZlPtubK3$M~EKqY!1S- zlEwMDSq5*56!TBq&kl`o55hFIh~s#)twNU-NtYgF)J}}+ni8E^v)9u)GQ|Y*_Bmt< zd0mtPPkct#>6q5@Zd_H$A!O0bUERfo?VK2}BHi*zTI8CxM-oZ!>nI7?DOK%o!H(cH zuaND&-(OoY@m*;;(>~2xo@|KiBtfT})b5&3`k8$vWkQ=CX%UOUCW?NjDvu-&j|7Ic zvJTZF%!G<=xLJ~$hV36sI6`F+A;#2aP&a0MV2Jy6Sjq4TyytFIZ)y^0+9_!urn($H zRPS9=*yxzJo!8apJjpXhWW5dYXNOE0)cGlQ!teFyWfky(XYG%epiIep$cMH{m48sT zT30mCT;S=#z=t{2ADFT{u}!M`VHaCKR52!#1L6%KPIg#?68Xm8IDu>JnIZK9)LWcG zc>s3Em4DCI8DC{`Jjbz71@@x{Pg)-|$H2 z5w9Ie)v2vm1KcO`7;=tTCAe&0`~}DR`q6i`bruXo==)fXVNqhfFB0$JZgl9=Dx(;$ z>0*Dk*jFMe_gU``nrD)6$>`o$IG!<9p~{*{xfZ2Pw-wgrp|DS`=wTkrGhVK39WqkV z_2m4V7mvz+$&;_>PDAAcE|t|L8YChVPA%=WiWIVZv9urKD|ItBVL29}T=i0l!T2`x zSZ)QsOJ+}=c@!^KC3`BUoGCO1g|y&bK-kJ0u;5Q;{Z9J}w;-S~^OF6H$sE;u=K<0@ z(9RgrZ624c{ljTbP3jv+s^GFx?X80oOQL9ZJ^3`eLovvag(EMZG5c<3+9#~Q5YPJn zPE2<1h)cZBxen4rQyOXaih5C>D^*WTA=18$gh-9xG8*^xqw7{>3g)E_7-o9YGjg8`a%B;{#b;NwoiRy%!A_L%T%q9O9xJ2;y zIAWiwVn&A|mLQl~nqf9T5^C!aQuCc*4Sg2*9dbyYbR+YzEl-N|b&D24`DtJOkbp$2GmJ~@-tQ25l`coM9ik;(ZM*AUEb_2BSV(^j+!_@6zY|MM zFbDTKoAlZ_dsA>vexqImx-EdjQ1An;{U(;eXNyqOU_P_^meK~{4AH*Uf&K=)9sL|0 z{>;-Rd)0nnKkl86V1KxQZwjk>&5}%Z$?_14IgugsO8ppFJ9gSK# zs#5PNv?r>e)FXQ(6lVnuDoxli+_o^06(E1sqt=xEx7;&9AE|-b2Fz=f9M1(i4eqkn zfuYBZ%B-ESKS)wKlnLkR2GJCEFYl|H)m!fH|#WNQb3I0EC`x2sND zv=GjEEbvo8X=Gp#epFHxrFZkWA^sV+(`s-)Fi#YbP+)2{S5+L34bilt+{p4%^(vK# zQot~&75bZhaaNST%iS6=-oRI0Jau^-GENEqPlBDt=oOK`L%!Lb%*6>t>0I`$w0(;G z1o|ycQHsJW2E&ed@(j+!z-E_;NfBa&K;SHY)KSw12Un?_mBX#_I{4@g^r`7-QbMj??ii&yaooV6SShdz%re56-2YJe7u(jznO_Jsyd=D!Fu zgTFZ$O4FB$xqldA64-~8a(o2u8>7Dxn38N*(wi??(^xWjP#83zQ*mX4m-LtCFEwyQ`3V<^*o9!;bx7Ht2j z|538oMYRwA>&0z}aLi+dSc1?k==)oPJ`W~_b`s{m4JV3G*xS%NZ4IRpyi*2*4x9Wt z&TF5lYQZ!rFVh}YKs z4L{2vUSF8f^=&72*p79+yZ4ZYtUYrMP96@!EJx@26_w8B(&w#afmJz_%>$f z)ab=H!PENOmc1IFGgaq}G;`5&vfF-V5$yL!4cgV#%Qm*Vbd%*W&k+D`0OVWdgSwg$%KvUHeWUHlg?Xm_z2h{iak}qCM@F2v=md$>RNv-W z9cy{IB;Q7gYunWcT(A97Vo=bPIXfhSxIeYg(1x)4WUgZSPCiz78kZ!muL302k6&cK zO#WTlM_bU(>VDlbjNe8k2yoRgC`uypc2TYGqL{FpnF!^wXX@jyRosj=5voU>wsNPE zYi+3x7v%6D2~4vkC@Ya{UDbcEa6~cES?=`NJnP}JZ}jXhFV{^fn@bUAsmPgc*<2dz zvWQ*SwnG`S#t4q2n(Ca-;cgAzj}}shm3!mN;%<@3h{rl?HE+Sxp-{&r}58LorU+Hg2Pex^hMz~u@)N$Z&IGR^mC#? z$xGj^RfwVE4&|5gi``}$%e!wQSK8p1uiW|h^}Z!zUTG}h;_U0ZKU_qIqWxSTZPg1U zz8-EUQ-E*Bw)aWj3OhIWUoU4A1rFuViV>r2=WlD{-(eg<(D!MqX7R&Yehx=dH@Gzf z43;a-{pu$hS`SQlQNtFY?uONh5L@q-qx|>f@%^oXIx#HoiWP^LdOJ65+nRzy_v(jnfW#m zK2ETWQR0UjPTvocgPb2l+ zG4xsKnM9P~U*UEBZ5It%T!OCWxz9Qi&38*}`3F&zFH|=L4O0Uc|La;}h|Ny-Gh=tN zRNk2?GSk1p#1jgT#y;j|`ddT2{p4aI_^FYY{LdIsH~D;=1SHB~JCPo~NohOT4czrA zrqTnQQ5LpsgzBBu_Ekn9hDXkoJH6YTfA_apsuNYbdm5AOYt9v8fB-ht6(L@q+9tL%m#<=~xMZG8ANQ%xdu73r=iNXDG7)n`08);zywI z(dJyGHlF3V9$>E5Xwgb?V=$Ds9Y;0RuscNk42RZxQd9UsAIcu%I?zKtIw374q_7x4 zkOis8wj-Bbw?0&^hVSAJzh(+h#76EO5EwUph@wNCfW?>rq9{j=U;&Rm4c}vl1;T&G zES`iL56%>)I!8Ve7D*2k%bp=Yap&^lJ{SwqO3e*<8edr)w4i{pIsWeB@L#P zM%QQCpW*u4pc?i6df(X0JWu?Ev&!QIGip1z-pHe?^T((*m%lv5(sZmw|927R{TdT{ zIc;`dUu7y>^;vZwjOIthWnUSmCBX}Bl}4zRNVB0g`w?blf;J;eDfIVI%%8kGaNoXe zhO@LdA7e$-h0rB-N3-T&P9bIT_qhfoo^btC{`id(I4(K+2(wr5OKO5DGclcL5>Tz_ z74Y1Gbz1=iCQvYa*icTBlXQtRhwy}OwasKaQJYz8y)N`K=;F+@>_+O= zkH!>d6Uo6H*oMcRr$W)EM;j!4{D4Kos5gH_C%Nf`Ed6l1fN}bb}I$ zbazQNNXHT;2)H2KAS~UDw1~vgE4g&DbT19>4A1xX`Ul|5y?0K0&gYzaXXZ{_&Baeu zXM!Cp47+JiV_&CaB=8__jH{YfX5TlyzLi&`6}@8}yfz!N#a%G7kTs0?pw{&;K`m>! z(t{)g?4RaSZ^huuybi(al@JuerPX4G8;UQ-)_XaYfK zCg6||sIS`_c9l;S*B~cp>!Y)hckC%?Uy*Ck9ueTa>2o>Bcb-vxe4;;? za>T7Q{sL0(90@#8;8o*Edy?elaEK!P`eYrCX~#^#G+w4mg1=BY`&w5Y=^5a*IbS{{ z>lrbe&A@93pEbby$rT>VnCNNhE_LN_q&b##$Joci<23Fl`%aTcRP_`hIX!XcSs|$@ z-X{@G$u=Mh^mND@Cr zOZSu-1gF&2Us{`KCJBpfO0+v;Q#{cSAU82CXbAhnRGG%?>xR&QGdvG0GPt});mj2{ zqs=d_`};AC?mbp6isJ0FiIv(L#42@4eOP^zx2RB~{qOj}_YB&e z8+Ge!NmBYq1+rGk6LLw?ae#fs(!l9PqUS8|k&V+um1~NuEu)W7xa)C+t;T;Z-RqJ~T-0;UrAndh@FUA-o2*qvORtSjvL(}~KGI{TdwrMTpJl^TAV%oMN zrRCfTeEC&AHa6sul{|+78M#cGz$^W+Y;RFuggc?K9c%FyU##ETsCN^Si+iX8ch6c6 z$RufCXB_MLr)C+j;8e}6OkRzfb>WU9?^#@V9mTiZ3;i#3-QwpLt7zNWy)5H8F7N(~ z+k3M4c1DnOftz<0*xciQ&ThZ)*lE8pnobSag0Uk7*izN6=<5~%{xkZWaV(+up(pq( zclq2+{fd2}yr?0WEc6e;d+ZI_G>okEPG;WNhJSf%HQgm3)+l`cd%3I2Ir;vjB}vTh zUaE^c|L)_@7MSsUx(~du(_hj$yl;TSn$)x1tFh1gA)iFxOvPP%exz$~oLtcte~?K3 zM3`NW6rrIKMBWVCih0}YZP!3xn!3We@x&Y4d^g7Ef)=)8AjGozw@UcHkJ{`A*v8S9 zQ-rH2`j39P1@pLtSLd4Q_bRIUb>WFEL6Dz1?7!Lm1Y)rG-iBEvW+k0n!`EYHJRv$f zOm{JV(VKXyZ){*wA}=3!ab5HN-I#M^`oyIeG=o3WtF_1IW3p%SULeEN=&Ox-dB2UZJh1QPo2Kh1 zjzH~M_X6J+g+!;*pe`Y!M>XRCMtbh2Yun<_Y&G~U1WzWPj^|0xaNKQ%& z8HM?HMe|4ihgOF*z3HVuEPv+<3MnszPdxx4vRSPmIhYoAx#b5JKcw1b?0=>!Z}7c0 zTtBZHtD;luketn481JlpBV0p#gHyCl67{kkm$}ICn{qM!n@ME3gN>HV&8c?9ufTnd zlH$|3CM!9W%JeZ!v!oYNPa^FU<+JU-i?o|eUai4T*2m3?vz4(=H?M%Yhl^#GTm5YA z$A|t&gTjLf0)lXwo0oCK?d6{yi+y`5q%8cBi01D(Wv2`;>>2*hD(}ZSz7DiwM5`SD zsB+*-JBtY)_=;wQ2^#;M{kxTMkN-<*Ith+`SWQzj2d8^#qQcSFf+G^jrBF`PTK&;o zDjVkdXU$UlOvqQ}WU`~Y83i8Yb{7;ExTgc@!N&hAAw*&+*g6Oon~MjqYWZvaDBMF~ zY}wB1>i%r9Uz&^7UgV1LDG&pnuMl5lzsCo)Sg5E^T=0(8#0(gFS)9o7Z7s^{jin#y zY*f$KSEwDQz(aC*ZRna=CZ*E@@gvfxFzq0Z-r^ zToF94g3vBU*rXy%#3W;v@PG*p;3-kutZNvsZX)Mln&ezM{HvktX}sLoxhZsQEav4y z88gm1^pEa_QKT3DVWPWltFE<(Q{R4l)4HTmA6NM~O}3Ild`=O+$x)@Y*UM&ADbdd+ zIANL4P?9Ov-Xz<;TwEj-{`lRtLt=|dHhwXqcq|k&!G@xoBt3o zq(7=(eW>)9bzv(`nh997{Th(LLgseEB2XCi;8J|4?^*d{LCk8-$3K^($TCBFZ-%Fi zn*VNL{cV;`Ii$h*;xxvH>q~XTD?Ig5kD#>cEs@>A2{y%#jWArs${L-FY=7|yW!L;u z^494G;TbPHTbevv?g#ij~E$Dn+s@XOCqw$G=h42{&P*B zC*B-UT0*{ue3aGP;9g9~sE`Uv7%q)?Pn~gy(r9t~_W`C=4BkLxQ1awp=jzi;nGW%< zERH{_VaeESPNSbMV{>WKmg;Lmh~-x=R3l0R-}Fr-lQm^|bz#)#LiaW@9^dyN`=L2; zzltAUPx_pj68i%`!`uTe%}&0iygGB}6LndYRu(cz2@;n{GbAs=5`sMXJ+=N_`Xl?k zl316o2jmu$i`~jxDk*|Z%`|tNAEo3I-GNBPDtidYZj}1Txy7Ya z@bA7`9&7j=k)hQ?V%0M4$HHevYwCBYmo=wU-%ch;!7OKcJkj5ZEKJXh^}v& zS>hf1vvdQFf658IAE@)bUzURWlJ3zlHZn{3^J+u3U%5BY3-SgP7GAWmCMm2g$bo0& zZ0YXdW@Y9C{^eqBkH^D<_Yx2MgIkDSm|yV!ALjkvVKFg0E=^B!58roIcwF*MW;Vbt zT{}w;TRdT29z3o$R(3YF9(eqGe0W^aE{-m4n(xdkfF?3lUUn8%a&Bh6cwAC;9`0&Z zZqhDJ?_8X%oIUV_@VJz$oNa(Hc!Yt=Xy9={>>NF;+<@PXW*$~DRu(RnR(KK;c>fdC zCv|%U*XXg$;?2J7tMv&Bd2a4)Vzy={+<3x|3cJk{4kLf672Oay(~Jpz^78BsTun0evhi(l9(Ls4Zdc;l zQRS!Mn77*#$=Dq>^X+0`s-^V&`6+fe;f{7DFM~gp zHW?F%ue_my-L^qC(B1Ct0z#?5y|=0#hD60i6n~u%?t9l(9^X&iuw+c75|g#>IoUrc zr({aqTC?Ld+2EBGF#F~co%eS7$%VZ0rC_JXPvOLt%lPJS+bu;B>eMeTFdol$)qX3C zyaj)ja}r9dqW8I)tT%rJx&KM=5A8rNSm4kNlgp_*{|(6x<@QQ1a+1q*-`%)C}9y z2ilk4_Q~|=;p*Y1bm;N6ZV15>%;Y8)A&t<%F|z&M1HXk)b!l8eYJR`vA9vaz&3wf- z?-#fto>&UKJMGTAg58UJA~9k6>-(cY;6agh=)Z^lUiL%Dx-v4}sXD9L!6kj` ztkFv8F=yZ%K1Dl;OIJ_k;Nn<@p+RJ^H+Z5I87gS?#gd#|bQPak2?6EW5_7T6&p|KXrU^4D@w9GRt?I&pJN#hMh-$ z{J3cC>w1kMmOcBz>zi||>sE!|!-hX-nNbGpGu6}JbJ&BB?!xaKq!E8t`E$7sDV^tR zB;h;%3*~?#hoSD~>YHsn>HhMO9_pR(GZxA$es%O^>#C7wV3}sRM*MJVU%bFDa(Qd6 z-m|NqxVa$3n|5%zg~j)#q8jE9ePZQkQf2R8J$bI};ANRzeC2M@IRInRbsU&zus+MM z6BW4Lzi3D^)VZ#8Y#*!Xy}ppMKR7TAymlWhyt&%j>^yG0Il8JOCO5iFRaf~|Kum0t`A$#!((zgWMn!R z7$KkK7+*j>f0pg+`20^uS7&hWXSvSLxc9z5AouRw3kk+i**_s7NL<|9Tw7Zro#!1L zo|&4miB4I2Or)x-OXST(o|KT6Qq~LN=APwUocGBll2e3Z+(|Ce1B=%k>f=~MRm=~vy@QS%4fm3%9pe!=MK56 z7Ldr~xBLsRgllVo{cUo&l$6Wu9P+vJy)nhXtN!KfgpgJ-=V=G&bXrl&v6=MTlf%h( zOS-dx7TNoUE?3)(OPMa;Ll@XwzHO9UEN;SaPbe`P=*&rMIT%G&$;o1Gdv%RminB0~ z64CTd)-heZ8Vmi_oFwO7$;(SfCFx1$e$!SwUHl0*GQCIA7rlo}yDxv8v}FgGNo7`{8RzmsIbGBDWB)#P<-)b@pKJRDJtHdv@X{36)HY1(9D zc!($sFYbC#5Q@L>vO_>u{Q&*ax-Mvz$;G&Hva*3TS zjMq(=EiBg5nl3D~b1Y^rix=$aEh;31jjm|(9}~oBdxou^_ZavtIr+vlU3xTUeeN*a-9W|y~;9Aj}yR5t2l)KaPjjTLSRisA<%6q1{NK1f! z)&gU&%(}82ufJ-&EMi?-UvG7Xw|<6aO2+v|)6|ID47Ii7c;yjhTdvAG@uGg*O|mXY z-)c#m$EhXYWWkZ-P>_vs=Q|Dotna4SZTttOVH#9eNa8W(!$b1B;pp5B&7?WshN- zb!X73wL{gkzW&~R39pTwH3haNGivRO6(-|hMS?cjjAimFQ>UBcisrH|>%#-z z(`wh8b1KCSr)0caej$d9?X6k&kG?0Si1;*wEB8||`TnciZ`?FAib8X zlBLDDww9))rF85r*G+*+Jn`WCJ)*lFsmLk(3hRh+}XWi1alEOkm(#uhwsv<$fy_BX`WD1ZV3zX33Sf&a)}AJ6{@Of`JXNq zEbQMmYx%$}f4?oz%vHYP!-s`^`KUXY-15V8AK}r~D)^D#GK86)(|Jwy>2s^^53db` zg=cWvwDq0Zxs!7yzJ3u-rjk+h7P*MSyVhD|iJV5^lX2+_Im|9H?ha&Bp__Ad2Tb>7 zFKF3)*P4kWFW(}fi6pO2uNZ0lFHclwgCdnA0&hO4N?dHgi6pNsX)^*Z5o@M_`-r*L z(+%K*dHa!NH^;~189|5Jt*vKklC2lljX^lZhd-l(9U%Y}rwKzi(hO48Pw%fm{^Ya`6?jZX3P(zxl3Ue$S|Rco1X z-9g=)uG4h6{aFt|%2=shg#@E-e};o*t)pH&t1s|<;!(<4=c#ggr;UM;V~3dGzXGK* zJWPH7Y zTqn}vspts}qG!71;?)?kx$z`TD5@Shh)k7Uhw`|qSXx`IrixVG{0gno$0ec~6!k>^ zTA03E!X>g^v!NAvcO*4iA>GwodN#3Nl`v>&wPM04l;qh^zUQHXsn2RkP5l^sSZ{+@ zO182_8fzq)kf5vO$GyANu_=3I!xd}X>a$?J&QY1tqNDD=V5ELl6HboD=3-Lsab|6` zztU^PKaR&0r9O4T(&HG6`R0g>i^H6MFQpr>i1zB@kH>+MP z_So+QUy~;B5hLn!55H1dnSW4QL_b@_@78+D^gX(RL$f9A*Q|-94V%Zihp5S@f?vUX zid)4_9TCKa4x;z<9i5nJ)~56hbIe8A*giB*bpD0da#hz>lPPYq_d79|Q{v-`x@B9L zJufHMOESb`^jgi;F|U9n6_jY%+Szv|9B?T2f3a+nVT5xES5sj0_>Rh*$@e>SNILaHajY$v_BsSeW(7#X*t;TX z;`fwi)0rO{M$%fa5GTW^ZI~)}eS4Ldt0@G7r_)e|FYbnJf9BRPk2*`d?|(mNaf-~m zVsv8POQY=%_o{hlzYq_b0HpLU;^3x;7OPsQyuPI(K*P z_-JfH-6VS9Ax|%cke|*GmYIz)F-3WKRehuFy)%f>nc?A%4vXl7#-hB0gpi^&1{YQD zNcrW;3kDaS&7~!AM7vGT<6ZffOaD9{=*77TCViRmRc_#iKu!PLd${MyX~a|%FFozw z>iyVVeqa8qwIDDv^Fzz^qo}s)mgnl3cLJYBExZo=puX&;re);wKFHEY=ItvzM~`wB zTSrG9H6JMrt#^9<#KM7*X*9Gn#G>vHEuXF8r`(z9!#0ecWd~A4#b4O3ete3I8eZ*( zg)1dXO0v9IPxH2xVd@LAu~xcl>Ns2?A!}-U$?Y}Js2IICdv-)?>Lg)Y*yL@Y?GZHj z+ACYUQOkE7JCrdaRC(KygQT>e_^@DWA=av**daVEu|Tu;ZXPavcX}rRfm~?2n-%XNHB6}$+m88_uC-Sue!y^~^M#?Lc&RVChPeGOrDp$$Ha3LG2#=v+X$+PJb z6tBNA#G~jHW66Sgtw5dKSN!QKFsX5xjM0bUawjn+oJm#YF^H~d}ps-Rs2({Q%e{6-iYhbq`^#UpIAoCBl*t)Iz(jAGu0(}J?yb~ zB_;nX3zw0aDy5(DI2h>1q!`9DlIYh>Pe)%;d-VnUn>Z@FOi`)HR9i1gQkF5dow+2to^<_$QIXn z-&PkDtQ*DSQv2#u_dzDsAWyDIRLRTvJoA-$W~WIriL3>~tZDYD+Ptf!J3cSEsdD^Z z9}!xud#n{sW6$PE_WkpJMln=luL%k)>-V`#U>@;)us`dyFCwt=-D z2UBfYlxbQfPwYZv?uaneBxyqX6IP*5&uOpkNM(D{9xWjQ`1&#**s5C1g8EKOyk zuX8PFxJux)QsT@%tHKCPQz>u16)a$xp$=)lGRpQcWo^y#ET3ANf(D5!Xd7d3@>G2e z4v=1FDBM3#IUC2&@!|b?Z7t4!(;%J(xzI~%uGM4DyrReQ$whqToJyuc^A)apY)VBx z+#SW4XLxjzfB97d-f~>8ei!J7XtQ3QF=ghb$QB|Ukb`4Q7hBJnC>9{+&r{Xf+GDbX z#1ea`l6Wa<(_NB!XjG}Ely=Jw=GjC0nmvqUG4DumQJ?G@*=T1q#xU`fm^#O1y|Inm zt#`Uxn>ANmwWjdn9u*G!)JgWALFY5I38z)WDn=-$h0F_bj+d93N=d?E~{KZjVLvS8Yaz(=1(%r&koIb7>oWr zHOFOf&$V=8%;1Vwkn!i?dUSw8%u{2L+h-S@MEXUepnE{&jgHwsIy>pa0Rnbv$x1qf zI$+d@DuKPCdo($5pV9mSEbS|MZ7m7!+B34RyBRO^S<7pm*VR>-55OHQ?55o4EF0r_ zsqq=iMHSt0zUn_C)zjx*6REW%Gc=sU>yTnoG^|K;L8RiMI)5uXBQ;2hNtx2un+)v` zSdG6MI`nrsSpV&7GQAYT`+x2#x;s3t`UPRA<*s`CCJBeGqNLzUiJqmEHRI#M{ywMf z9_!^7Quvjx%pI(q*~ko%^$r;Qc{M95YYK2o>0SyxXPZjo8P`wL!|OKwzWJFfch!qn zl$W%}IrS ztVuW!;@>?P{YgmJq9)9<>eCWkey6(4eVZPs^n z#uJX0lrAqG8b%1#kWQ(*-RW=?JHu!1Oquw)o!EOf=04f7%TpVB`iiHLZ3+y0)Ha-t z4Zrc$ki_(k(Ov)9Uxwsb^#4O#ciiJ=y#l+}sVSWa>p{^+|_GqOm`rlVfs`tab?Hwl( zQ#}knq!>TP%07StE+1ipTxp84UmnL6_Mowg|MN3TCv!qjfw z4}I+}|1tj+-97(n=qq~f$B&`>?uTy19y0IL-dKA0ym=#|q~!C?*3v`E_Kn_SUdl(x zxn}AWNV5fG#lHIU1#Z_0GqWgUMO5Y^b#CNx1A2nlTHpoG=i)~sD$WlFi$4&{vW$0RXA0R~bY zm*1Wan=j?|C(_WyymWw=J6={l+#nHRZ=V7E^Mt2uW_Ub(%WHv`|^_5^kqoK6t})5tiSq= zQM>qEG}hd~ML^w5<_;jnnA-It%4K z7vO?S72f4E<_Q{DB>T9Z&eYM0D7n_ztq7(4szE`f3 zL507Ab#Z7p5M z=ULvo(%3?K{n`MPqz@nPDT9ejk~KWH2x%LpH#Gvrc@~Wy1xl+aB0?vP*8Ckm0>1U*A5@zQ68g zzBpgV2T7Mr8{GDduIr^Lf6gz)h2xyzEH}8XahkA*1?^1du#pb{3$r=s-yPuz;hdx< z?Ch*9MtZ;jw*^KX==$FkHd)=BK{At;J|k^CEiFBtdi2JMqNTB0cyEVp+2iP%MAA|d z4mvhca?=(gEw>W1f;wWfXgSQm5@Roq7|mKN5-cU@jspYAxl zCnsO7iAf3qbh|W?l;2!kw`LDYeEPHNRA$~Hqv~5XdSp^$7lLylQarmt>FFCs81!h( zsiEQL;js|8*uF&iVgu7ap_@hAO&F8$anOjd)l3IWQB3w@senCYw$Q0AgFVCbL2N2U z6&H9XxVZb`Pk)1hON4qeM*iNWy_CKNKJ zZS|V{OnLpb|JlyK{>8hwdP0YY3D$7^y7*OuB<=ebn=GtiU_<78C9Bw9pt5>t__S$jI$xUy)$>)Xs=f?0;5OSCo3Z0W}^!wV9N}dT%q6MxZj? z$`to`d{@&DzB@GQ|K4VnxMwR*-pHyGKu2Tp7px}@35P_PTWZ&yy!jHfK_PeL zJT&X}-o#w@z4*l|Ry^H&JE|*E+I1Xs^5(7^)fS#PZl zz&wK%A*a{;+x_>@{2I*@8Q<};RvJeSI_y}4MsU!Dy!W?YlN~Iz>-o=-EjG3;{I7Oh z9auI=G?JX8u5_ByRkhlyzhiW;k7&GaI%e~g9cMT{rMqbH)_wyI()H@k5i(cFt2t^& z!wqiobDEJ@&D|p0Q}~TMMe76zi1=JSrtrliCBaa*V}*^=h=_WH=c_@%NkM|VH+Rqt z#yn#d#+%va{TsF(jm1@33-06Na8L_nlB zh<>PJ^>{T_1)2};%R}Y zRO~j!+)3*(v*ZV0)Tz~u_Hg`?B zD@sL7#%1AHg%jxZ$$X(E6Y4>^W6)#*?h)_}pNvO<6J_zB@WqGU;8-KBRGVRRl$b0) zXn_hr)(5)zOT4q7!3`%OJ!KaT0_;yY@AKjP2(!ctHvgMN+Bmw`YzLmFL{YBDA$ZRL zbsIEZR0vY2H>%=eT$|Mb>T0#|6zn4qkI6--$HU_nnV z_HakA);=xDRQKFqO2M$piMY`N6Iu^E}&5_t451*KhFQ6v2Xp0LZ;3azMOf z1W+*o;2qsd_xr?FUH9~dpu7#O9HL^!kKbRQzx?a1lTy1Hlv6I?fR;SM6lr6r#gU+r zUDxS;t7rKX1H!>TL{wzJk#@=~_CjlbztlQjM-1jN3gp<{cG?n_NExfv#|DF90BLJJ zti$g=hkqMzxR}AnPX65E|KJT3rknu=W1iaXM%uO$g4i~RIJ^rfT7fnpncuTwdL~)~ zm90rp<$ycXYQvk=H@}`g0GjDH@Iv8c$GD*B8jbZRYY5Z<1Wneu^8wTTFknPQcPpon z0oC*`;OHxzlgwa*CaeyO<-=d9xjq0!i|;|&eqYR{px~E+W3f)`0MXm6nhyK_$QF9z z`VZLb_iR3c9!J?z036zm$JQ<*v|SBYBRMMOE?VNdX26pr4n)n_+@^>mHlbNTM*%}ttDp3O0NtF;3QkpG4Cu-Bf3F67=)mwbMf4XIf-Fi z?-LN>AK*yz8i?ZbsuJDFVqSq09g?^c&M_WpM*LvVze>FXbJ7b@6SYXdkP9CNZ5{wc*pgITY!!bX7@1JumP~m&` z9pGg92i0ak`%=sMn-!(9Qq*9pFGcE9n|IafKxCg)cWMDyCe{hax34QKz!-KAy{IVl zHE)k^13U6zApN<5Ibe3Jtpb>skw1HZpB_NAJN2eOPT_((7no~Ae|92sW3RyuX;iQm z0#02Zi;q`0`!9LXgQnx$S%dolwG&`~{P#>wjC*ctw&)&YzUquVKi`ID%xy9;OhW<1gi49%Ew%oc&F`+` zBnNSeh^tYrP~G+gJwPUifiM-V@BfFH#`+KL{6L}btj2!_ zAgg@yeg+KW$^n3%)20vwL9u9I@Zlzq*R_kyCC5nbjnixbl@r=PI20g^52L8tl8)b` z7>4(;D6(+j;`Tz17U9FZH% zCIWJWN6A}pqECGsBt&}%Og0R%K%Z18>atA;0AbQ> zw{P&!{sMa+E}&LX!|4*TkDvHS4brw@eR`z87S(M)4UF1a6jDem0lw9$fHkYT6{q9| z5BdP|XusoA=tLTWj-yV6Igf+voa1^GSnV1@F>qT`w~g8=wbOthwH;k4VE=TqTn_N$ zP)%9@Rn1qsiJ9993>cFqVh1F^ZJ>^4&6244ACTLw{bTtWfUK@o`voWq)H=*STMIxj zkWZvtApO~4w&oZgWeeTb7mL3p^PS#bG5|LG23HrAJhQuP4LIg7Zwv^NNewFfTOb3) z{%yYV(Abvc=c53luKY`lx?GgawlLV`MFb@8|Dg4W*8y%$3lc=a*6+#uKa^l$;IwM1 zC0_O)lw7Txv_xuZfo!B!I{;|nQX@v&u?v)86>TsMb-DG&HBE!enbEgl;xG-c;OY1Z zko|qNZ_|zbcAG?mN=dJ-G`tGHHQtzSWh7j4Qw0#WN5`FS11QS!FJhY2D@>Ks|3?rN zli@Y$$dP0!pkkl_QO*by5c88HA|P5MfhzdR9qqi4|5d#~fQPT+Q1`%d+9t)jIFCPT zQ42r-KV9v#1rAgU^}w${dJgib6r?cnH3w_fO;rrUsl5Pt$pR^2ZWyEGaU6ak!0^>4nX3OZrZijZ8&@eW_6_~*cyO?5-XrOR%xOBUok<$H5WSm z4U5^3%R0b#T&&cY2&li9r}~h#{#Oy1pl-@ruw+KQ9Wc#-*;h=b0)QD%*B$#;o2`L0 z%{Up5?_i>%?`ZCUg+-|=U#%HeCrIN!P4WoL@M}2!dCC8=S$!w6bH-i>7t_Um>!k%h z35wzGW62{=T0{3;{Pm@6zO15AIviw_sX0bUy*+8umBttOw=n|a2 zvfC;pKnkz8~rH=F~=4?D~!ELR}yGjXb`cAt8X;!i);% zhYK|nPP{v*2#8t94-mWG*kjOP0zy>+tjERmV16*{MWRPUE_ZO=*J^VDQ;*+3!L~8h zP${@!3?&358iQ@>k?-RC^JAMxuvUgTC&pnAltQN-7-PS*W3vIP+LeF95NZHU366nG zV&1w@WdIsxg$5X}fE7J;2wS``!P45#11edm)(y@7o2!wgZ^7>BBvu&=KSk^uw4Y?)Mc)w6pcOvuU-JZ^**QggI7WSz-Q3k}a?yhUz9@PY9D4yqs zX#$fXz_kB|P7yHW{F<;!ftW!LYXS7DRgnxw{!IQxo-vZYk#?KB7DUEMeE(ML41c~o z|DjpESE!?O!PvRFH|n-Q%sZ-0R?IiFAKbVE&^h1yQ|z($108P93vK&qhd8i}V|2M7 z#Zz6KbYH&(3NrreC>fraBG73_c4&-deOmGs-w)_IbdN^&?mI<=fJ=E zdHd-)#Yz}BINj(hGW40eNR7iNBAUcl110J1=C()}uW$k6KQ+ zQv)1!q!w1Y=t!*}^rlV}=4HYH1W3mxi9?mng00u%60yDBkHCfCjNF%9zBcv6G zM%Fi8Z=JLrGDyxeAoF&smEo-{|E)ZIfg`cbk_cfE+PO|9!UiU)w`(N*ggmv7FM*ym zQ-bH!;FvxNlt2M=HkP(#=izu%zys)}Y7;{bg~vE>dGLJms=F0d8R(VvXSU``F-$@h zFxEUvF+fCBtE_VHLL1Ogb+bV6TmbFo-+^e~y2TM&4sHSz->Q#53!o^NlB(R-V3W}C z$A^3wPYUpo07u1@xVoBCY!_?d4ki<)zkqk$TCmWwG<)zugbxVK{Xn?tSFM^%4;+wY zlDlBFgClKun7^MOP-kY)3;GLV4M>4Fkys~*(q9-Ej^YMQY~_(+l%EysxM9J4N<+K;uX_4VIqK&Xsl z{7GucZ4(e2{6$RlVk0f;(3@m;ku?4un)R3Uo3ooky8?ZQX(;Zy(w z-_z7w?h8$}XkM_8uEEZ2J;_+c)c`a3{S5=qA+Z{FPb-b*1w4c2dkVh41piWhctfHB3FgJPydWH$b46cjyM)EQ$=udT&s z5`b2cyA(l;Zh!ESW*J5!6QC_fNpMvw9xCZv?UYk`InncpW6AbHp^WK+yzV`^Y4J^jFlZ<{eP=$y<#)KKatH5<%gPqJ{}1a+x`r|*_x=^lojOD zz#Y}#J!b2F+>$^mFj)$CZ;xDmr;~5ei#=c{-&jg}72O4sSa?@g1d>GD<<7wmBq45- z^YR(GP1jJc@Bp-agHs0_G9|ZRO>SD_!dF%%(EDcc%Nn5lk0~7q=W64eWxcxG9At~} zw`vD$&;f{yff5QQV>?ASF68k1*os=d22gUc#BK_`q+mR=y=aeV{=+vZq7ji8l zH4G`X+5g5vj*}qTr^mor7}_kwcv@T}azy%ZLAQY8FggYo@XJuUhSAIfuwN9L+qoSE zs*$ZKGyx!KCVFGTwG~Mi=l6#0vA)M5G{jgz# z`ucf_eD7HmC>t}Y4zHeq?Ko%MPUss1U=k4{qtBPp9ZWs>{C*_eg1AT?Zj#2wnxfxo z*jfe2*!#T`L)j0k7qIFHuA9M~2)&HOd16hH)2KHKCu}cd04Ugx)jA!SWvgV&$#akF z7{F6oX+cX?O{VZoF1#IQJl8=LiBXqA8c)HpZ%EuBK*VmusYl*QNL4q_Gh6(~17tpH zPaBwD9&6CZ2(U6c_hU8^3ku0TIOfKUtaK!@=61~iL_H#JRf$*Me( zOxK+~pO#Wp&4Fk`aj^lJkVMWgS4L+sxmOm(=^89I1E2F|V35XJd6gHCGgFa94YCbU zHk^sJL%MQh#&GdV4=riz3}tLJ*k!GTe)P3smS>Q%xN(5^4y5s-5L_%nMmk?-M(fJ8 zUN%)kM5MR0TrbIZj=JT8_eZL1zvkAq1WNwR`*7VZGkW%)?bhAz-3t!B_f3UzdtVx; zh<`-;ViOPmcji=^5nxcVB8KK)!_Uv1(j(jm;4{LYd00b79A@$hLjWVbn)!I#aOk0> zcr3$D2&9G5qT`{>OEq0xVtZhmwMJ)>l>}}XRv}}Cj zkV{a0@A!w|A%LfY0TIAWNw?Dqj@t>l1)Y#VPK35KM$1nbJNi*qLzu z9s0_Z*F1{VEO(wFvT?S;49%igOsTG;_%Z(Tq@vWMQFbP5rVKKVcn!)id!as^*aQg29{Y1*X;6#jnM!yDG90&TzJ7fKu= zaW9Rr$1{JbpZpu2Pm_ep%JA$v;Qn6Hhk+&f84PfR0bsP%D9*?s(~wWb?@PM_(z^Du zN>%c>o_KB=zds>au~Yf|3U3I<%``nQuiciZm1;XvW>>I>cUBrYb;s{h**W^j({h@P z4UaQ^<2aI){og9Xvp&EL%GD3a5Gq=Q;q{FebyDJh5%jM(ShXPSyne!dSg?AL4Lq&Y z{EwH$jPr}0rO>~&E|R~hwrAU1#Vp#r1|i3K5F}wcdRXk~N)3`J^D8D2YhK^WJMw7^ zI%c+DO1jl+!PETLqQ<1;KkscOg5-|5UpmeKr_7GDLcPXp!gX&HFG8^P`Wp6Eu+lT1 zcO`W;ToZ7mhE`%wzn!m)Cnf&{?&&u7aBw!YT+#9s&Y@z|cMjnmEb2RAhPEl!MPcAG zk0|&A$(6aJ#S$TI12sgw7LwurW9o~9p>0dkKU`FIs?~!mPL2|QmjWRW>IjdFJ(^#o zEio-c0l-^eK4=;VMZBAkmqgyH!n0|(K|2zc(l5L>dboB@8;9M+2(T^UWwZn2>jHih z9{XmTd3V&=U3bqv9k(XG-n(;!{tcHCabLi+<17n!cYka=p_vB0gcMTuR>yK+-#>-@ zXII}#m;3^oYsIk!WzOlC82mo{y25UXxMithj-1LJ5n((IXJAhYZPr~A7IoIL)W#xq z3C)tG!1Kb&t&uOHE5ay#ZQ&3_)&VLZU02Mj0hl{3p{Yn+&|s1~t``kLw3?0nWTG^! zOLa#c6=bPR=Xp5J`R$FZ!&Udb@9+2f z<9lDd@45S&Z9mU`_OsUdtj}8e*=yfGj^RPzS^DAf;R8K2L*?_!mFL3W z-&Ji0y|2kF3vYXV=bXdPL$BxINm)IIuVxB%{|M7jd~;^`!|cadENhEXe>R-YFd4m= zJ>A2O%@tTk%Ev}bj?^I2mYgRf@>w-sk1uruRbYmZs8ej{+1jQ;UxY777*^6BIZgD& z$(5oUC1|+lsFVFj05jXZ8*_ZA>dNkpGiB8c^o8}`j(z;xddJ`WU1(XGFV2Ez( zpUSI_EM@!leqmSaixJV#chmiT4$s~do^!O|Hd?x#HNt1t&usRUE+@gYOsU>qi*KrY zAn@8;>lLXxO+OpQ7|9#Il|(O?hAU{_%3T;O@497pQ_@Q2_V+-2G3AM(nn7B(U}ol2 zZDzLjRzJJyH5=Kq-fCz&PB;$CeEM+PP<86f9%0%lRn`Knqr<2lxu9rZ>p3Lgtkpd;~ct)Lwz9EBE2H%@QEndK4 zOmDbB0c!jUKW%AsTBv&7WEWLZwzwA`{LHkQ)hT+yJmHCx;Rh}96Ah-DY3()Wb>JVl zoqq~MG)&Rkeh{Hw9N#P6KbaB1-7`Tr+cz;?f)ef_sXQN0Tst7m*8gNr8OpiGmv5nV z@@Rv-rON`lx?f{oCpn49Ikl$msQoOa89F5wI^L$ebVD_a3n0I_L&wMfOFpVVb%Z-D;D|x0$U;FksPv^ra%9o4NP-S7uKeP9A_c>2ZWQ5$s zE|@E!C6FjO&hGBHX!^c91USLM!adBX@UNlkkIx#ooRNZCmyGMm*m_ifQ@0in$L< z(uIh6mz3#F&L6(WMnyet>-07A9R1|0`jaHH!e4qKjbBIy(Qx>le(ky6?x~sIPMYNs zUZ<~kHzy?ml2b*vewYNfX%gUC0u1pN;{qHW?vXWCGO?vCA<2d zOa%7sNKhbl!K$sn;yUnzL82Tf;_7lSI(`l_C*wHZ$C9_pcX=2w754x;)xjBIg>wAS z7dF3ejv?+rY$sl$fb^*r+X|@zp|%x!!;ER3^rK&j>4pq2K8DRz(~ITZq1UmQv^S`t z^@-|R^nC+2nt$##zH^z9wS4cAHy2X9_J>SuWLTy5(lgl(KLZKVejoeVCym(5;EYW7 ze7;Mfa|`l|G+)^F*4NOXUDLA)#`~<7Xh=pns4`<3|0C~Gg%=L?&*frm`v#1Kn##FJ z9Oe-i&B}CDLP0-|JU4{Eat+`eyG@vA%*4pmG5(yyBem zbeG?r-22ycCeLNmGd5?*XI17{M;KT7pkS7$ho`1)RUgu>cG8bBr54`tBTrZ(XAa3} zS~c;tKcGXxS9k{oFRVFd@u4`OmTiFfGga$qhL1WDZ_*<2T#gNCQVJgKkCMBWANEiM zp_Qd-t$Czx_N3EsIhf$0@nHYpn|$v)_CFMPR-lZxG(T?*(G+|CloKE`l1hy(B=o$BHEJ-P|_QVz?KX}$^ zdvJ5{^9ih1{NVlDiXWUneGsVP2RFxmRqz97_KymF6a`y-PdU2xi^q9_;|E-Ji63=6 zXso;b^+UJ1b*6q#?L_Y~k8F3y zPYDrFx6TsJugTRj`=S4iI-73Fh~EqKH0~s=6xkQdr%-d?wB(1>do4 z=V<>I%Uelq(Kf03!ZI!2Ubu0GN*M%(+?^ z2t1LPt+j-rHBc95HL)h}^`ba2 zyON=;_1al3tZhZtwvxnJV3V~0rii}t$_n?69a{jR<1?C@V14`EdxVf&)T(%n44RG2drJJ z#4QUO%a!vf0;jyCXMWofJeL7bG)WZLvsy$+LE-{9N}Pd0C7V`cwngP6sJasO>J$Sl ze-%c6=b|5$4`^<6D3kSd7f5Pyou}y3F>ahd-$3A?0axdx<6@%3y^XI`QoeM~j z1)e02p2ABQ=2@B^7*d?(ub-6*ZHi7gOZ0 z_@qt8xzyBhIDD(o2oZ0ql4WVBmGle!C{o#a{%ybtL~Z<>E$Z*3v% z86IcCI@0&G;zIM7$NS*IM%(=f?enH)7Go6wTIu1=kyrU>&fHg3t65qN0}Mtk2g zKYh!NXODXPEIa1yzW06}Hw2t6PdzK$liH>6rt(f)Sg-<|q0Hz5U;5K)MS=D9uwFEURXjMxkb`ZMfBF%zO%=X(ko zDvrb!N|4mj7=>QiIq73#(tScRu=0H9J*pS`lejLcb2WMQlv{ri2noGT{*5+(aV+=N z-iF8|(I1@lVQLnnLMX`>UgQ@?lBJUPd|baqGT(Qtn-R7z*dNC6MLqFm*^B#LSzerV z*IyNC1`ozxHo`yayPJnvl<#XPqm$Du&x~0Cm6?zr;s#kYhG%-=)V4KYO!EVp9_B6k z^TS_{U&jy5CUqjXH$Y^#ccGICubV;NV5)O8;!t|bG{cv>40b|x1QgvdB-&nPU3483 zXNoi??pQ_I9ztb%>P=`*+?-IK(6Y*XWvj!U$JoyJkY3MD)U4=iQLyd9f$XHBxT1Yt zKibJZq@AC1aMYpm(A0NSc08wTo$@VILH+QLI`TB{!g*mcL_x&V37GxO-5(`Vk{>4& zo#p!Rnk(6JK03pvNUQMdgGal`dS~qMlI=O}-Ggy8lw2L`O^P>j@7{;{U6rX3 zFDeemYxW>2?rS%H-0$2Z@xe038cq3&rzAU1>7o9);fDKuS8k+c7DUTWVlxXe z55AT+6_Q|CnAW{*nLgL_=4xc`=i?(U*~YE4(K;tg4SS_kWF>{K9%r$UsXGy#MXfaR zMC5?m^>lAtlJNG*eGTRx0<{Tr#1-0shoLppdowRO_3}rE7m0rPiQz))y{%s?Gs(5? z^`eoN)s0E0J?`_6=rdwmfXYMZb_zLi|142jbCclRygf0G?{_>TDthd9i8_6M))S3< z-v`p(!SmHw2)=^v3Ev0~gnv6R(GSc^pZrB!y0dn1pKX&6;K|aAW6dp;UT31U=|0qRPM%O% z=$iL#)|4}@LK#$w4|PwoG4A4(Zm1#-oh%OII2oz0C`-isjQO#S_{@BvD0OK<*o}uo zFG7vZiDwNzT536Ak$dg(5xtKpC%Pq!TgtwZ<-l#8?o~Pb!8c+-;?;2#>dTHPJB&|I z5&NXzwSIjkNN{9e_p5IrrDtXcu6GIXOB~goBJIAf%Xwi^X87`3wqCV*gGXnTn0Xt% zU2i&0;Qf5;G(}m#Bc6N5Z6qIl`7VF0g^tocJNUZst=LZ_1*xZRx(;0G8clH9CzTjP zZ?#`Q#gK{^IiwkMb6dV?;!t2F$>uNk->pUPGh3t-F&S7oT`skjs$2dqP_Y{kelBB~) zx5~PELtkCa`rI28`LZr)IgF8=^z7**QnUQjbQQkOK?#RwjeJWR2pGvS6)R*btA;1< zVr1RAuvka*UF_7v+mCyWJ@n@{)Qzf%)x8_<)JmW>^CF1fr0rgc?S8fcj*RB~Jx^{O zKXl00z=uAfVDZvbAL$0*({%cM##%1e_PN4`Lv=K5*5~Lk@q%Gjb8L%jj9(G6B6H7Y7?B7Z2YVuqg*I zEACIgF|u)hu2Iog@0y9Z5i!rYpN39|OGGx;8I%P4=`BkOuqGg}^(~wA%7dJ|z}hS* z5aHzD*fJCW-R7312Nh-XZkrMFta)Up^58{LrM0?)koV-->^-qf*dMS1QsR>0upM|X z*bd--Fl-A<6h=s}lW->iA>mF!A|k?F#0Q9hr#Feo_LJ;AKuJbLMM*|ML389JoQ9VE zFa^cY(?{t~F)%SRQNvj|SQ$A^GBPoOo$MeYA|l>Je2AF%5F-r*4dZ|O5Bm{za2I|* zp&k9N32IKk6-ass@xl`H#a7v}n3UD^7D{kpDZ z*k1e{fbj4S!Vs{VtpnRSu&o2zIk2FLS>Wwe(`qVgHEDV*u za2i=MO@ea*U!3nBFrGrs9f%fd!?3W*4s;Nr$DRm%T4&J>3+pMy!VDyEe`q7c=qiNn zFPoGj`^GTR@X0?9!q4 zOyjoB!V(tdUySxWkA=BC#=@@TqeHN;VdD+I%qsh%zZbtkrU;~=mw{O`z(~A6ek#Jk z;&m{Wk+VEF-+B9{<%heQ5Dm{8G0wn6rDI|ARftY~EUbBgm%VYn+bxqh@XwNLPcty(+td6@wYRnTFQ9R38wXaf zeH(6Rs;bVJET<%i7|xO~l($VSw4}Q+ysRG3*3lxmm)~;(z~?N~B5Q)wa|Qb&p?68I zE2mp0C?(l`lb5?R+?+4k*dOKDi%=qFjJo%~@;N73h?s=eVPQjqI?H<-oQ!SVF`|p8 zWhZGY3|O<4T9iJ|$38zbgA9=uBP#=Qt0H1#S9Sm&jwnyY1Hew$7N5P0QJw^3@?tQY z4?ZxZE<4HO&x4;&Yh(=SY;%WD2OApUHpXqZV}o>)P^tGn>P+$h?zKg3nWCO+UcLV( zVr&{w3}0rV%NHY4J+^dji!pC?9sh=XJG$tOVPQ`&aafp+0v6VP{msxOncrdcEl5We zqms~oSYF_+uB@Q%kj!vx5!VJc*dJ~qygvvVf=N*5u(i)-_=hyfWv4YA9uWDwF2*z?`?FG= zb4Yd|OTGhv=1s)3rc!CAQRGuBEWZj1JB*x;v0o;Wzv@1EYz;Y}QU9B_M2|MQ;1rTg z5qnb>f(Qsl>EhP#8j=#U1w{-=3z{ep$04}Il@=tW--=!2H!}})xEaUS#ZO*ky9Xm) z3STn8!lIhrE%u+=2}H++zRMX{SoKXs*3f>#O-}jICQO3H`ET6*GpD?TErY@ZWdhAV zuI>IZu{D+jY6PSWn>7MgGjM4fWW%6ltb29bvqA^29LVxwoD%IFgaFo1|JbL4tOl zK`br=1ALShrS;fg+)-zuZx9OujF#znCyp#|g$5xfB)kw(l!Gwh&BQg9~*ubTkMaHOiB&~RB%K5*rB{{Gr z*Tq%2YWyXvO26T}?=j}wvQ95B!Q8k83SlN_V-Pc52UkdBpVpuq7nz|>Aee`g1l(>w zXsDClZPz>Brr0=G2Vowx{jc0IIJKYwh^)Eg&BFeRtkz|L(*W1);v(k;Vg{Y*@6HDM zvs>2LBeXYe8RI_RjfKV1gGsL*gyjY-z{Q1s;rCxjuioD!y@c13UKP4gs~#7EP*9$@ zFbaul-Q$8b==vLE1U)fm;78Xwg$x{biwp9<1$fsDag!=ygIy;Yj=!nird~MtkFBT| zaGwsMUVU4r{~swBu8bg1##M@SWx!PgQ23DGH+O(5=ylis$5>e*sBCPbjJf9y{6Vd7 zRqWsJ{XeDGpp4hkiV#>s6M+lbkT-xlHDushZMVc{sB>Je{abJS>F*4AJBC_KWE!p{ zGPg41zl)(DK*qH{Nbt}W*B-aFMVx?atB$}9aA`TDEvrbdflY5pdMNoG4L;DK@F1PK_jZctX61^o+naRTQZYc3nw9tAKK zSJ==<{xR!Xh+gGfR$DloU-8(#jCcLwT)(~1h{L%ofjQm^k|E)NTL_;25=epO{%MVn zgF?g2l|c>Hg|?j*WK~D;q_AurJV_MvlZ`9-D^VSU2MB2ze#* zv1Noz@+(3H%@~^Z-wF{lW05rrgaip;Hl!htCP0w8p|j1J@ViEke&^Wh(<#i?wb_8|;Dh2e>!y(m>Vt`u+ z@3;2J+u5#PGYHKj?)D#LyKrndWX+p`Rs^}@EnP7r7D(105JPTwUCyp+@`YpzHQKBk z>kV)<47?1m;SNwS)({)HvJ_+!U^||k=0eRa!n=JjPknWwJXxMB7p}R3&F2`?H<~foyCm3Iqxg0%1rCAV#yU4Y)$xY@EMs1nDN!7_#tP zf1Bz$yq)U$^ZG7;cFhQ_=Bz<0h75AE95={s#kQjUdM66kP$8Rvlme9PhE9&IbpUA+ zbl_hxHe#LPf<y4Ru8T;Do3a#Fjv~hPX4t*+4l# zTzNxc1=J4Q4ses(zi+Tjt|5@yYWoL=%(c3zZ|fKtGOFJqD}<hfwKjHvr!nh5$ zvU$h>tZx4?@mkG=AeBAp^#pdPv~7u>6;XN7v-FS#FyfZ;1qW zI7a>VOY1kU;=8v-6d(otH*f#ha)B+D)VI6jJw@Ho^UA}*df#z zs5Q{%Pb_TxVT?cCWmGENPIzrxwFj;5!by1HuJ0-UrhoIaZ)VKvQ~znr)^HU9QU+Yh zffNH5wIL3_CH2PT?JJG{&Lf|l+)jnyJQn@eR7lgWREQ;Dt`H`#&>ftt5lFJu{iy3E z@#?KHvdxX5Mi6P(63}sZHbmucS-p$fpKdaOc1*pUxL#R(TehTq}k!9G7n4e#iCK8x#h&L%hGsTK{EX*8$)yQEaaV+3--?*0g&4@uvc4R@bO9u2|N? zVn`%^+J3@`tu~7cGU?4ZmA~Xqpc8B_!iA=6t1S*z$Nr~_aB)p-9frYacf|>XKvO#k z7(H}yh@e3!kl*qyz27v%iR8wkmnfyM zuopm~hIzU16k^8rB#BorVsrEe-2Kr@hgJ{5;K$9YxRGhO*E1rIFZrRCJz|knT)>my zJ8IF4n4+5eerlkyhw~vc%LPxi&x219eoiHon8LOF_XaRzNd18g!+QK`F_xr9=N30m zdD1#uI~(r2|9?28zaKo#aN$ikD^oi53F-E`q5BSNtxvB88P3QzXv{wvIgZfDBgH87 zW~AUHc|As(^zt7~s4tGte?O`;9Sr;cKmtH|6gmuFTMReEd0{j-^0R&Imbb+ z4Y2TE&F3%U-w0N?qr#cE4Vr+1zX`0U})R zBEXKAXx(sfTafeI-u`;%V0$jM=VDt2wsl}z2ex%!TL-pvU|R>abzoZuwsl}z2ex%! zTL-pvU|R>abzoZuwsl}z2Uc|ej{Oe4+y1uoEknJV>uIkIzUBTOzjU61 zi*Nm<^JjpU!?TN8+_1Q%XsKrayqNx?;T;nL!@qmyJTGuw1!DF;ymOv!-FumAT>?VBNn-N-$D4IU4Qg@n%<+? z2h;t&`rrBa(_GzK`Zni>hO|`45{bzJ_B)3bB24OAgWvcvFQ9}(P8+H|PDqrAXZw0q zr$MvBLH#aJ(Z#QSpS7yO5mEdmuX?-FtUAfeh_>zpaap+fHd2Jd|8zm#V2 zF`v@ILJ_Y|R&~ZUwzy}X#^a(OB8>3yoGiN6V#NbtU!r2aJZneXoi0^M2UfMXYvoUf zAxZ-=4DuE!1Hmw=u@`+Wt~Vp;J*!mq?oikzRFFz6ZF^0?*3UOVKFs5WzE@DTiSBK* ze2GZBwMp(Xv1AotIN33Tco(KOb|J!D%rd>z)KXU@p**`rnbi4ZibR^}1Ty(yjm?o@ z=Hf-A4`=(U&3LUatkh}JlE|Kv{Ex$osip|>n?PaV6v3Y)%Us9h#*?1dK9dT}dKPd9 z3%hfX#kZI$!J3&3mDXc&xSOCYR$dGXv!4K7T9tgG`if?|Mk^LpoLdMyy!7@57RDU$ z+9ZX#|3Zu@oAKE+@OCf7pBDc7pZ(j{Ue8@+0VRGf1}i?2lr_M;9pw!>WoXQn1`gse z=~7M1AmWZl9#t)NM$G4@*#^zZrMH$E8u?S|6+Up1Xj^0xewpRQl4^36zO2xoH&Kwv zcuLZ|CBtBF=KZA3SuMEX*DkH&XP6rkFJT6`Ny>=REmBOfVRovou1)W4k?XNbt56?J zWjnzockXqG{hN0N3t_o>T}O=MikmW}o6cj%LR~THMJ8XRD;F22mM#~Wl@t9eJvl#x zC|S~xI++~U^fNRhVDOgdPe-?xXr&3Q$9NV7Z}Bs#NqXNRQf%yvioInIP%O#%=%{!q zeJusbB08#Iq+gffM|b|XFxpe!w5{&$`7gV zgm#s)lI@PE57m&~qs|$kgnT~`gjr6AKwr#Vh?{BkZ}z&p~hYDj_^BU}2s9$VJs-ZPiyD?MKrn7fVJM&-$i`EoNH^)vl`r$T8mvT+6kNW^T6xo9XxT8&BKN{YB`@+mW7N{?V^oU~fw2}& zX19S?GR<*(b2?bS`#eDwK`Ll`o$9J+CbM6_q$w6=r4M+Vv;Vif4Rcl;(|wuufzH!b zXG!7-YNbXCmBQkP&b(F?zOelAoEBSJmrJY&(-Q03{Xgj9<|TdzTO>7lHi}J<-g!Im zC2RDSSSiDge8%OSw=)|RyG*Rl-N@R{Z!D!l7R)^pl(slbrug&9Yc8LA-C>3o8WnT< zhao(Zwy+Y)h%n5k0VLP%?TIQ=718TXJEYeAwZS}Of9*kb%!7Tmm6VyJ&T&#&aN}!&93%UDvri7-oIwVt$z}CS#1Kjd*_Ef=aIXEoPtelyH7j zo>{H%*}>2a1Gn`VY)4KJICa5FRcAhCCDF8@Z)^qROkCbvu7_Q2DuK+KKJ~?2* zUXVRcS1x9mV^oA7?&!WAXF)AQ;QJGWc4W1ouy04%(d6cqnaAZk_bs!McoTe)H%yP+ zL=ISvxZ;cadE(={!|o3I{-k3q3(E1Ctk+52+mQi_ zH%kw|<9kEJ&hX9E^{U^bLK2T-VS8ip2}b5AqbE+HZ4V7hNCWthJuQ$VKc8BO(LVY< z8$aosolcpG5IGx9`^3^?rF13G^8;`D{Kh^hkMyW*8EV%0Sa!F{cdnwc&$C)Wo$?mf z>&5$iR}ViCJ67gL4_A0mcl;B%{`i<17M4rBIv81jC_$`>s%w2TqBQR-OVm7>AW8cb7`u+ z`g;B)@Iafdx1iFI53f&PqF(wI@p<2yJS~fKy{IeEm_4L0K0_(@UZcm?0e8HHOI<`gG+cKoBBl}T1RSnCd!|DO!U_aB_x#CdHv z&YqR4S6H)ly?D#yq8ldT9(%RY+Tfj5rvx};Z7yQhW@qR63`(y~(u+OQzrBV(p8K~Q zuZiX!591#uS!eCib)w=|$7=GIX*V4PJfB)OL(M%n&LVj5v50^CQOe9;z#D|mj4@zb zO-B?OfS1(oiAOemKrQZ0ikqN+MvEC!M6*vKgwFx*O{I@`54z8*_9TBjMj$ z^FJl=qZjh0GwDZIxxZlGb)Ju9q?*Nrf|MC1i4d{oCufqpJgP`$eLDJdb~SiE%uXC= zS|W_LGbb{BX$XJ9v+!f?!YqH2BQHI>S_Wns@D#UPsjeN6h>uP4&FJvJFsB>RUpeGb zB}0m;gCR8r0W#NIcvweGl+QjS7O3$bX&&9`fEbz}v3TrWEWS!a6nuM~SjB9!LMOT< zgH1a$w9Y$(yA*?vK4e|#nMa=gQA>8$*AW&fENq%1V}bVjOZE{OE6nMWaJBbNgF_Q% zzp-$YYSpG0kZNj49FG{hOHy`CdA`q6^wCdoVHcN}&XYNO(LSG5?!?KT8BCial@}vt z*Z|@R2X+;}eC;(D3DcrkBn@tK6OzG4z4N~XvPK+x?2r_%y5s@kwkLCLOxC-ibJ@Gk zlnulz#Tv~eaVFhPD7?iM^{o1u7bChcEYQZGu1k}#hv9?5P5kk5wTv;X+7mjBFHVz1 zqM6_LF6RP_HFkIS;ZvBl@1hK70Nyf4O$S#lXdB}ul5ci(B zVyY!*0We2j_s9 z%!B^?>8}smftc=Gjyk$jJ(nD<_Dwkbrqe_YS|*W&mA3`o<<|%!; zM<3lnl4{H#5 z?puB39t|VUx;?{;UsSJG%ia-nUkrxlxswbQk&yxXA7)?O?5lBh<>1u=fj`2?6HEXP zHGpww&@$CP7Uv)%rgyNC$zRg@PhbK%b}P6*Vqw~o$o^BQs6w9`7E8Hui&hPo5>af^Qrfb&u3jg9-Ljp$5Fn72pVT2Ol+i zbrpaVl|622SBBpicIogru5;#sT%3g2!{^Mpr1v_Z)IS`xCe05+oGQPaq09v2ADBDi z8&%fWpi1aOaN(?;ihjCh=KwIQ~08X?0k^XWM!lOQz29dyU7#3#s6Jw*N#_{cmM10!A)4bkt zvc*ljd*17w72{?^yQBul&Ohr)qPS`*Y^&{RT%Ugxf3Y_AOq(;JhkbV5JQDHD7YjSN zfYO)O;T}L8u?gW|Pu4}%711+b+;Vc-xVtMtPu1tY$#Hw1^|5=30AAyxmK(#Ks_Z^t z{MBAVdi*Y$#4PIV5$>*HH;WQ{g@?zHeF>aE`bC$dA?F$VfJtz*2djB^pq#bt=P7Ek z<>xspuH_s_l9j<|N$~ZKm+GUUd~C1r`zRUoQz>Qc<9*jc{3QO}i`o@psD?`n0Z5@H z*Oq26A*2C_-aRiQbGjJssjTa~meWZr%AWpHk{H8lnVfqyueN^7ZvOT8$F7VcW5h0l=yEhN#>SVYV;$V=JvGTm`m=zXbmXGh_tX04zgb@DPHvD^sy(?dL^lME*S(Y zUo)P^Oy0lZw|Yy`A=sA{}`J;vXk61tkv_jRb1KQA==#} zKZ|7O-s_$xEg2WU?5018d9IX0epaVer=;45ACWDrGr<77pPpX9)0OtUNr{^IF~3I@ z~F$ z0Y*Km1?GH?`?AAV;DNHR93-hgI%;$V@d;oWQ!QUQCI!s$XOgv51vy?_~x3a4{I4r_CwG9gML>RKQWPMJLw|la{;$kd&y8z@@S5 zU!f;&f$2&H>B?g;rg=yD8`X(J%sL>z1~7;Y}_B@*+O;~*(` z%@SWL%xN1@vNLeRTs3bEP_!+?j1$Xk_!A9*Bxh)?>S!RUJyWRh^8CV4X5J&LEVvK|5mlMPH{FZ5#TAPSySKf#0tdh+!;(@nN#>n z+qutS9`a_18UW6arXo-GO{dJKja;KvuZ53Tp@%w|-|Hor3fjSS^WSG-VX53)NP3BL zbp6_&X-OVN1t;4q)#~`oNxgpijYDq`NR@PlBf3;Qlch%L%D&|iR3|yVtsDYVOtqTX z^dng+Q@)GWhf#|ZopP-X9J5U&j@F7mRF*Hvh%u^FQhhXlqRSY-OIh}=V{LOy@+~_6 z@RW?o$J*q1N0G)w2ZdtGY_YJsd+-!t>EWvU3_W<)C;6GjNH6pJLsg8)&qxlM+?^Q9 z_~5BLBfcNOTW(xzwf6x*5TCHiLlb^Ub8i!a@yzgqI+@v={I++1CsVKiK!4pS?j*qD zFpj#%^40L>(PNRaPJ|=_mx3a$6y+9`?OAT>IZE?JOd;W9T~~ybTl_*euk-AirG{t< zCn?0cJN_;JNg*loF}+rA(OnsCwD8-7+ZihQr&b6D(gYs%1<}V}Lsg^U-M? z6v02NIde)}x^?^Qxt@F4+rj5|8h?x=a`>1&4;t|>QJu)aJhYPBc5Kk)~uH05G~ z?AhojAHxU93nuleG(}E~=>C1N>vvp0ssWk$3WyLhl3l^Guc@)GsoF6lVJc)ivLb?2 zv;qDIQ(1!xbsLC)R1svziyhk_EL_3;>HEgOBy$svfW*USjd;vXWTSmF#+H$CAn_9HN~kP<~$i1LhO}2q!sr1Kgts zz=o>;Fp9B~!Ja-Hl!9HBm-Ymq0^}p$K85N_1W`f$_x3922YCX2_0(XbYL)*_=?d_~ zG}B7`5^M8`x3=H?+%LotsQh&IIwz**`^Jp&#eUC8O8I#{G2Lnz$>QqaLz$nfUO+Sy5&Vh_oFwDBE6n{ zdg>YNP!jM^?`6Yl81Wn#M3)4BB*XPIhDTnCA?v(W5?BCTVKL~eIkW`4Ve~89pjwA> z0ChOC<(6=Z(M?N4)13=Qq0iH)Z!XWz=ys}LJ`GZgDxJPRMSx^>On11Xb2Wve>q_vq z8lC(3KOEf1`+yu)C2_|ALXNEsq?&C4~ z5E*~v&xVu(A_Y{u0grw9$6__Y4a;RE(-^GsRstAr(FUJ7Ac$Eh34$+12$WJIyTS-d zk(QgElbdRPJ)}^J5voPcz1VFW7rVqqvOOq|z1rP3SGW7UWp!XTHa>bCcai6(>nI+&GporZ`VB@KYuGEzMaiIYFSFDhKp6DGxECC<1bLor=)4WSfj z6u{yOuXX|u4Kg#9ou7a#i!Ml8z!UwBr5GuCf4V>ZAfo5{dWbSH zIw~W!&Uv4omT>5VLlK`S32$b}Sg%+HYUxLc-A{7Un1-^hgrH95JQGFLF*8K2sl&t2 ziP4{T0F*fapv;TDae6S&akLsAso2?wGL=J51JAt=zfbCAX3k9-48VK@z)fktR0b4hGIEg7zSqPW3q=UZYDa`<7nd97#pqp(GW-z?u8z z=^x%@3BUUG743a^+#%9QhnB=Oan**A_=;tMI(|U5LTUxS$p?4^vdjkQs(m2+tUm9P0 zFF3N!TAiKgm@084VP6?`A(N8v2d3x!(Zu=FLBgFoQKp}-*`Vfmzk>L|Je*h>_{kU1j z#f;X=y;w{d&9!_YxYxSZv(Ifbf$FH_O<{);H#yANqRTmT1DJd{ClE$%Ebo;5TpBIc z2eOst$j7^(xy?SG9MhQmZmO&SQ&6Dv~RDq{YY-pb|0bU=D%$pSH>y!jtz(nUxE89RQP9 zPmWTrB}auEffNh94;YR;%v1B`lLAwY{OoEeJoU{D0m878JCTwcB9ji~^sNJyKSeL}e- zgAvkBep*nJ>A)A_I|!+7@z_MQ@|y>ZVu2_66Qar1@6He)2| zgFG4Dg}8aT0WrHTp%d<(8e>JZlTX`wC zO)-TxhZv$IZ((7p?vvJ9iLO{BrLj>?6yxnpRrV>@>updUsZ3Tl7?!!OA>jsIK|J@-{?}h< zXNJVcWp9q9rN$jE<*3FSwnKbsMNS7jwz9pi{CL?WCAqtXj}fVn3HOYqqEw-jkN63* zM9{G?dp=xYC%}EpH1;sB;2u<$^__P5n$-RE?=PBnomYf=bY;p1)^Twdo^#zVl1g!@ zM#STwnmtFkgn2LpDK*d6=0ndzzLwpbfj7ifKggrBP-tMM71i)lrkrzXoZ|xm{f~Yf z)oP1$@917QdeoNW$_G7)ply@0Z%Q>OC}@_5dstXoq&WLDys-;)JzMT8z}OVb0sUPM zRQ~jxTmrZw_=FV;Ted_l6Vwkz12IAgDHeu#ivaF~3;^k+FId=nAgbDf_N|lyGV3L6 zsmPTef-~uOCK}+k^mhR6u#%4WlI+CPb5g`COIKRRHz;q{=f{1|_!?1!rnCJvev<@fj+00b;bgvXAn9w*W z=>OLvR*ruPMki~g9}=gauwwf_#$(0oWn+qfEXUgwv#(n}^5oG26JOJm#w9)vX@(yf zv7f$0J$l|aT9sK}PSK~Y{ayaUJX%a!gIf`B=ejVj%;Q9*B<*XYqV~J4a(faI<0ju4JEYCSRB&+aB5u$yyt?-0)O>wVz6N zk_#b~jmP?2(nj!M;6q&xclcO#_KPv)6L z?O+RvJA4~sDRhCo023l`-34G6K!fnFe=edKMY)(Hb%;ktEtIKZ7S5^4ymZu@Q1+lr z)qMw_ZaA8scrz8xGgHCrx|LGtt4tl9fuy0^ilcr3zdhBEWZ=kAzT47IaAuznya>H`Cif4U*gdxWo-%i)X4dBijgaAV2K znc_opn(a}8I;rFkw3TlI>g251;tb`itM7yfkb4?JdfE96@TgEc>nf*I0PbkBUTC*i z>^q*1ag{NXxNC8g_PVS+o+Xl5_Ia?Vl${Sn^iOXw=f=iS`+#Z*4QAPofJ*^cD<175 z$MRG!gD~zK0U~AIdfU57n3~tZmMwR8f9G;oT;6xvI!G}bp^^3Ouo&m$DYQNO^P-~F ztl!U}svpUiICcH*H?PA+BRsW%(p5DU-;dOj$zNrt0vy?|oY0@X%Qqr>_5k-VuEMb} z5nlWFq5MgLd>}_gvYwO7AFW@_N!ETrOr9}Af;mYq(~=bA3Mv2r1q2H@CnvalccXXN zvzL6xw^pb^St~R=nU{~joC5NX%A{*_KkCW8B7oKtuI41ASNQx|sIUXwoTFYes5VM{URUGN`@9JVadSObc z;Go1U*`0j3dph?&V#^e;(R345j&Grid@_T$hq199$nlpKw=re5x@8n&t10pLeAUfl zkt@{+b}^W#2z77U#zOc(_<2SplJo;C*JZBLaGY#-N1e1j<&_Syhk$johzjY zygGB8pZIKmTyBU|>EWxIg?wK)eT3xRrJigZweJ@_mv*l5bR1hT1DaXz4io1keQe2T%&dcWXbm`rR?oZMqQV`Qs#dJzcj7-T3U~z=7A3c_4 z+Mf$^+EFe>Njev!qdY>=dSqFSdzxgXhfDDcrfT@f*d;~Wj|N~*{P~Y^t9{LPNyW+h zW-dFwOVb%Y^M#fDYS3A&^Rz5qew==w=Npv`Ti#F7kf#%sp{&zf_ajJEil#Fkfc5v; z6=xAS%VEOPo)?2SCSDl|6$$5A&Yzj!a*%$@bJN`5gu;O*vVG5I#StZ#BZ5xUWFDtY zC!Tz3y)P@T((6;Cm(KMx{Qsfst;3@FyS?F2P!tsuL7G9p07P1v5s@zG6r{U5M?oZ{ zI|QVpLApVtL+S34?jB~w_dDqCKKFgz>pahS{@`*3_BG7N-fMkot&Q6?OguH}xIAr@ z9GY&O7RVsmmpc*R8pDn+GJR&RVn#lDdXR#yuH4V{DU0N>?Ne-43aYS$hfk@=94C^S z_Fh#R{taPGNX{{V?_c=}NWKej#P6t@2bv9-9I=$zr(c(Hid_P*KmtRJ|F2{~nbIBo zJoY!_2xNSKSdbf155xi~fYm_q_97pV9!rVdy2wZHBf)7!t6lylAJLYdFtTTj40ap6 zFhJAEO3c%A?((oSe)CI124kQ5tVsomqZd&0M;U^IS{U6?gW>&yhktr~E4aR+*8jO^ z{{tC3=OR?hxsV~>1xWm9<$r4cC?-)Cp9jExiTQQ(BXDxu+e1moeHeNIXdVau=1EsC!eQMiJe=9Duaf7TIl= zL=WsqD{%Lyn6DI{U|T}tiPm%oIN_T`H>R#lTDFdE(;~h0kR>p(o$r~~c=HeT?Cd|8 z(sm$?^C|6HoSpRrpIbk@v+DEiY=rVL2}J2wp01MN!K1EMulGhxmKLfs?VLSjm!gPb zU#L!-8r=0wn6t9l%o%exI5@@E$W)k;G)`JJ#MN3cSxx^66>1fe2*!xLAHW|0)Z)C6 zR}!}R_Jr58h3Sm3`tC*^o@84xCCrER&<41=lGvmpJ+Hiun8yosyp={WcR+hnqPu%E zMlfYFM6g``wOR&(rV+uEx@fuljS{{bSc(1#yML5>!o{u?z9Qa}ccPkBb~ zi*5@8+E45K01Tu1!^#-k&2zT&Vi;XDxHEr4)Je{Zj)-m%T9C)Gn>w`Lx5%Ws6x>Ec zvXoMH*84?lAa6>u+iL!yOvc;hFgyGgtnx$0qs+J@{sfxE-7lsJZG*o#S-^=k+*max ziPm;Yp1kcy984u`LWH^%Gu23ja>o1$zGNKGaHv0u0>8~X^mA@h!q*+Up_r69-!#kP zL2+6MK5y|3-LasStT;sc8?v_yJO7Xi1>R!em|5s~ z(LSHRUG(z`5P5>4y&1NY`bVuI4I09zL9AXxvydJsefZUE%+0*hO9&LvBoH$ASNP(8 ze5~ZSb9Pw=-~b$qh^U>*dxCt&{2Q_X1X@fiqAf(r`Mmrh7IE<3s)A-~<38tx4kkqv zWY$?2;32&P+|SEYANM)*enV6mB|V=(kE9N>M!ufP+n>f^tcbLi7ihpFOCEp&aH0OI z)xQh4xE?Riz@PU2S2OrGvcM`4=tPf+Py8(smV{M6E@-GnC2^lV;sM5WEUc?RxTpwj z93ps48a`QrR*trQKjGKnu?&Kj^RWR)%gh_oxC1z)Vz87mk}fuq7BCYa z$@Uuk3Le$g3@H2>fM`hMuc$+)YV9aMSL57jEQt!n`OY}5NFK4RLb?`Crg{fw>wf+Z zQ&-De6DI}IG?NHT^<-uye_E%J>69;GBe5KlruZ?}A0m?Rl)XPNG>Lc6*_bk}7u_7! zlsbPb%+y*&&`lN1$5^Kun6%UJD7Dae9@_jHa?2%jE^4B%=nLIM6wJ(^3J*}0#}C{n zC_L%UMa+wNWsk*v4k;m|uOg1Wk5vrXbI9LobJ}@RjWX|RcbXmyucFbXg@vPNf|qjIZXklS|Qv z`aInv^psH>N^x8)v@5=Z`>yZGBGx2NAyN6yllnk#`iko*<-TFS%1Es(`O1U5hAyWh z`F!0Yn|xc#@;Lk&T0O_oVa>|uI$>BeMXeu+(7KpLE>XO9Zj7D{WL+*(vyNtlx%g#M z^({X91^71V3a3>@?I8iO;U0&#xMk$_2L&$Z4%8mu@TC=W{Ja#z2J|RfKSsQ9xMK~y zaYy6T>&9b|LCJ7wk0oeb5Y z2`1)rSr6kaUPyPBTXqOP(#dwxe9EJz4oxL8X{TH;!d5Gk7c^NV7KFx`w`31>g~u!umARljMRAnxOR%S=?s z4c(s{dWYJ1#XDlq?l8cmRSYW-2&**wF!;;pmR0D3TKaH9+8bq#o&1;ihEzu)#=DAt z(oU(`&@*&oxOr!Uj(n-Ltaui)S`}3EX$9@ZBOrHP&k%X@3PP!Cgu?29lMW7$MsM7e zXh%KkMIqc4&C5=C+4pWp3w~rq2bw+p4IvQBo(I5q3XE5H>qH7R17^tgB5$2v?FV`- zk4ROK`)lHwvfP3g)tjyNxd3l6cP7mwv+7z1(C92Nw2Bz9nnDgm(8^3U-A?X=L^-Xl z)Sw%X0Zr)tP6JmDs?>C6f`@#=bS` zCWzCW=AlJ{_0f$FLD~OdsQR+f_$l!z%b`wq7Cs^qp}6)Ho+FnjSmF2G4;By*2--ZG zDA0I-07LROa`NYzy9&e{K<7v>=5iqYkiw-4a1}^z`-j?rv!MUN`1zyh01YS(T&l6a zepkSNLB@^Q@q^HJB~bUG4W0X=gF4v!mh<&o^ZW_VQuD_r)?KOvU-o`Y8lUub;W^IF zEpnLnSQgAY?w~){3X)1$0RY-6sCEGp2gJherXfiiU#!#J{VBN;eqO$%L;q-+Fm+Fy z0m&*@ygLdlQTq+~`VxR&^8Q`?(D8)>RQK$X$?gfX1UPD6U(O=#D#1&i1mt;;fl9Ch zH3>2ICxJVNS1ST_Kt*oe3oMy7b%QdWN*llK6GI7V!dF|1a^R*_x>Ys1gv7csbv57V z-qjF2dF!+3rrP60RTk6UMy4G7oiKS);luSiA8<>$E@68S9g1yvi}!o5dkdW_W!xF^ z$kXUu5PjwJK4fsQsD)B-ekL+gF5Prwl+ls#`+zKYx1Y%sQNobAz3_oL_62ww=ibU& zro)d(tOcARRT5vqS#%9wdHs@|A5BGW^fwSA)%uX8X~OezRPDr*8A4VMs$S{VEkagK z>Dmjgx>4+DJMN9nLy`9(=45xJp82qExh(M|^oKsztf6|F>?!fnj5@+8VkkGb+@&60 zWA9P-IV1I9|5jsyYL^C8IedOvVODt{D~7yQg@9g^)`@4rQ)pGJ-m`LEhEHl(@YZSt z8A24HHDPg`xAT6m`1i$M*mr*Njo_v1LciIpe>GDXIk9Ue$B}ZXWfQKtEwu7WfcGBl zM3hmwLpy_&496=})@J&U7eRY=N2+mIGPy7J(p3^e1O?i=!D;VNv)o-5_varqhn}RP zyTb3Zw%9X5$VobIXbaqNwxkxf7&e;o<}JzA8S`SIr0n{>8UzqhJQTCDZMRUB+N&c% zCEtJbBJx(+((&34ZZ5)DTN(Oi=TLf6gdsZP0s6<+y1IQ)gL95sPn*`Ad_rcElpRf$ zSvxZ6w6mMBJw-fgbJr2XO|u_H2%59Hj?MbN6@Mf4h+vDX9$PHLlY3ZKv>?_By@Gsx zYMJ9YB0AfmvXS`s>0)=@JxB@f-XK2#uS1?P`C2N$mxx&fQ;)mzosC9$GF~zd$IS1T ztg+N8H^(kUh$$WwCHe{JXh`g%JMX~92w-bEkAw&#y9uA|)s>1j5pa+i>3@UBOU#_$ zb}Q>fsitns;_zFhnMRlqyJ;~SQ+QcKv^qk!M@i3ohJjV9xXQN<$#%wG$lJ&$8+_U9>Ge*WN+DaVO7 zG=*IuK^v$>jf{0_XV#LuSu}IrRvYY;NR}UYJbtj&2FuC){N~b{Dp8M{R$$dt*XPzJ zs^N%8W%KwXai9<>kVNUlL@OtGr(s&(w&^9KUKG`JW>|n+>^*pc*rQ#XqvKq7fz}Xi zfWoy|51Xgo#9p`+Q?>lc)l1yGQ5Ee3JG(puA9X-0%NB}(UT9js4KTG(>h-8>;9Cch z%Ziyy+Oadbt{pkF7pnZq18XAd( zTrIg#0y=I-Dg4OU8d_EiSAKLRk4mA1=fq4{8%ANBJ-c;Jx95HT0V>Db#~Vt!&!Lq& z)iP=m!~!CUKBp2e5B%+9LBDl|kw`;(yaF?$%4lNSvp@>Z!P!hB^&VZ9C5RwSPgeS6 z9;km-N$I`q)nqP-0+kt6hW?1Y;`4O=Xu){?l`n2XTrvBa;~oVR?&{-P!Gk1 z<;xb_ld1D@u<+#b*~Y(`2irw4JSdhYf8E%WngSh55nqO#-OBSXJeW(^K79uqMy(9c zXH5Iibe^&|7qzY!qDIf4ulq#^L*{bbs@sy7=V0=x3^70jrCx*2!4S9eGC}k5;dJ^o z3ZIHy>J_de@n%JLpp_67!goF&6Ryu0*IzNo0BQ)0_y1@WFPB78b#)!{-b9O zo{r{phk)_r95nG6G+CSBHzYhA^opX+#zS@x09zggIkh6HI@qvYu=1 z_Y%#3t}CuGNE-b4X99{#aiNt)zr^%yjK1(0yY)i*6#eHK1BS`JY|el5228F3T!t85 z1jB~@Hc*VkG6fVstP3LrSRNpT;aT5u{8M|vRTs>3^C+GLhGsGmURu?#ZuQjbo}X&C zWzI+H&{pBD6nnEIt@sh$lDF$25l&ODzcUoy@g%Nolvla$y0cXlPDn`O*3D$T5P@4Z z(RuUrxGOphF*6h9nkI9;g^#LhBfCG4wC}OMNvhBFhuig6Zfz)3}QQ3U^h!uE`ZghvEuFE2~!>1AwHKgoM^Vo>JIi^iol1w zea?B{l&AkNK1WM!N&-9L`}vI~>Ikky>O8z_)ZVw07{G*v&qS(%#5B8@dbv^PXQbx& zv)PaBk>52k%SL26{N(LQn7YihtoRms=BojCu>5GUS2q=hC07f(i}tb3 zp@10M#5T;%ks|vy#8uQQZ$}+5+QuiNIZrWjJ5sFLduKCTQ_LnJuT7HeQ+N~UjY-a> zd&IG1j;Qjj$TMe^f&6~1^c-w2QbN(hWz+Y$59s<=b;?wIh`$RytBL3$`Y1INUTFFK zCIi=A*5{_BOJjk@v!RkW->$t1@{ai&`b`N+3~X7xxpcD{={}k4am`>M8d1e3E^;$% zV)AWvuyG>e#r3+z%Ud*WuSTep2IJ&WTtbX^j4oGaF;yq5E1aq>hT8kxF1JwxRn^U1|m)jNTdiy%3o++2@V6N85-qKFJm;9)z z=!}5Fa>b=oIQ}UIH&m^xBb;hF+UR|Vs8W~|*0lX#xqG9pWqG~aoab~_=v?I14?|w@ zr#1#A-;+R~X6p@BFApjIV9m!mZST^AvY4!&UJp(~J#$X6nv-$+2~4)A%K~rIzdegp z2;ncsI<-F=t?;;es%|=G$%iHgC90FkI}`a0aj~V0GO%NVf25R~WAxs2ejDm5cv}bg z+&tRTwcy^0j3KF}$df87w`xlFHw*R5DlxF&-;gWI=#DCP%a?CDuWsTCT$PsP%X1Q( zJC}ddZ*f~=Ml+dfFLptBrzOdZ606x(=3($J-w%X3GuqwBB%#{~{Fc!Y54uz5FCNUh zTkZb*G8{MZNTjBw#6`Q6&D=(_;W-OTWOV!V3S0Ba(+Z z-hFxkdP_$Sxy1%|;F1RnM>{^dQM=1MS!j(ZXrEpUOYYH~A0M4Ee%deIYEN9a!F{R2 zdlvShJq3lWdgZlPOT5P{sSdoj943dZx5r7%->4n381OFVPWv%4R9@omxx@U!exq*5 z>yxsUa)A^YW+2=Djtm7^$WyVl7x@~Ok);z;pr~Kuz z04tlIX(rPlE-PXiMV~6z3W^{}25Y$`dnIgep0{)mUrm z;A*QQ$r8^Jv_s)=iGr#v$&=v+ci7Vr!z-v8&ahCOwlvw*>^!!5H~eqqy)ER{COQb! z6xDPOY%S#Tj}tg(a}nlX3ZBaIXdU4Vvd3vYWemxHsexXH|BGQ+5eWZFQ094L>ucr^ z!K{=-coiUZ*o_a}fH(~1*;Z0s{GZYQ|Nb+glm+~=OS3@EyN6azRYwD5FpLu91Z=IB zRpl17vmU}wBSoh=OTE3!cL7uE&V!FmVTPKz2KQjdpqfgQC!n#Z2|a}YRzEGcc6C=9 zX*Fh1lAa9GicF0|j|MVYE%AM^(GM|dOe@jL;J;!$MqS7F@))+)^4A)@2pr!f#PC0i zWr#^3i%^q`@J3<|!$gDr$rECN2LDoWfWdh2nyVh9*<%xOIcnwv-PT{$E4~bv`==j} zT_$0ZsLX?a2&Yh?S0Gu{VDUPyZ2J7U&J{B^X}9{kwO3;9$JtpG`-PmOlbxoU=Y7^S{^0-)uE;kt;TvPPZrRLrW3R3+rm>MBY!a=|< zUH3thL2NP5OX&-_YRJ3O0dVx=3lwVyVsQO$=8z5kYrDIJX+L1&$J{@jmLiJ z;nVuqM_7HMA{j{W#^S*(%ZG!TR{XK=6N57!xhz&4jIcG+npl3b{U)#{l2LJ^Y1?p} z3TK3)JKnNrYfQ^CrPtTeKgmGQ#y`i9TZ@%8c@FO^-_lvEvCon3<1G!a!y=BNZGHVY zoik3=TE|gg_UXX%;l|jH{Qe&g>Q)m;^gUt&YYRP~=$>v|=#k7k7L53kH&UT>n|^N7&! z$h|7Nz%IK?A^zKLcY;(M=Phxb4+&C;F|F5V@%K^=Bb~krn{s{nNOi`A^w+o88vj7| z37LWCqr7{ZNcHYPL1Dao=Hz%o?y|M6`jRfex6G)jolb0h(+(W$K#IP{eA>UPebF$N zM$wAEiGxkIvOC$&M2&Yq)$Wt(u$ z65F=#WF?_%5BhdXG%ME>O*9MVa2}}$4=5!J=l9=KjZlugCZQjs%Jt|iQq+;uV$jP?!Tk<84D?k zmc;$x{9wpgt{4ad(7EE8$pxry=2Vcrdk&NTeew2Kn+z{VO6pNzk!bB;10Rwhq5Tz0 z^TG{&>o+{!HhAMoaN7@d0%J}^aZfyi^2anf&5d(sTFq%lCN8m)bS39~MOG~x=XqV( zGs>Aua^!qX@KW8IBqQXx`U7F)6ZXhn0k`FFwRm)!&+*S&?w({wa|B$Fd zCHHu!a{_UJeuZrTioJO;#xyW605U=KrSk?N{Nxs6v>pQ#Xqq~O0(CRhk(*>)$G>JN z(CaGlXIOy~z9O<(KS)M1*4v|jUL35`vuBk*dpHXXyIj0T>PVG=>$z0YZL>dJO1jK9 z{^?Dzz?uaxU26~>=|@DLQaBPh0+$0{Xj6{b-<=K?QP6@HMWPmw>%1`vxROAM^n0gL ze*2!dK863hGID?RoKqFco&gaCV^>^AjkM))q#rwXQf;cdBzNT%iopjD0 zbb5p;0F!N^VzRMqAvZ@+1MpELPetGyIr%CKpMACAjesS+&aLt9!4)u&M+^^~_OBRq zosx9}GfDt2@Np48=0-jLy0;}J6Z1cQ<^P7Z+C#z^byWb11CG; z0kfLh<C`EN! zA6-ApVRZ3${0NgxO(%K@(8AxTxId{>%$N(vonr#4m`Pj^beH@SPX&KRkZ1WLwO$O( zV6trxtH*yFC{cQhM)Fs+{QF86UIwD9f5I#DGx}$u%&f??rYbpt# z)n{tDetH5MTBnJchK{jHwei}I-Uei_d2K~2$Nu_xNl6~uNscNyT;v{^vA*TrT~%)v zE9`p@mmgLpNYqu_vgv31d?08gMHiGW%HFi05$+*Wrj}Y(Ik@t*xH6%6vy);*pYD|w zM~RiachBTc78t`pE`!!xdYQBn|H9P9J-i%Ovul-AH4!HJEKa2a+*>21YeUg5FVcIM zJpSJh&Yx)AKcO1TfY2qUkrVm$XiI^fKpaGB{8iXA4+)Zikxe%1k`2~bmv|fNftyod zaQw?hi5TwqCC#rHxl414Ma!CPkx@K5#k~x=>8wsPNE*z*ekQ6>UX~a396Zc(`wB9nnJXwK>lG32WfxV4{!mru&m=cz?WxNA zLipaIlyU3SBUG`>CoipsS1Z9u;|Cy~ z2*;zoOcACB_kCq9Q$bDm=Zw#WI1O^|FMUco!~*zg^u=9$ac3_AW@#H2GP_)-+Q-W834-8Ow&92ym^2UOxq0&@EqQ|eWGnyHE>GI$EY@Aenp zt-`;DUH(zrG(C0#MVUS4;hh&+%yrhWm11MeHstZJU-gP&rCq{VL7$w|=g{(d*Il*^ z-A>v4LQ_v9&~?SL`$QA=F5ApPVd!EIi!^<{fz!V?!ww9km!v~$bv_s9;P2(E43OfZ z`PBUdMG(pY;fxEquYRDvqKO2AVTk5KXjf@WYfDJI)UgwE@3l01tuGY$kwQZ1f!L6Pya;U-L;ViToeehpk$h$M#-kXYk$IdARp3%w zHAk-~_8kJ8T6eH|`F|s?V2&w80#Zf|91z69Y*!g0tVL)4GDdJ=Lgua^&4-qHVAE!p zF~CR|KfeUXo7~F*c@q%512^i-6KhG?XEjSXI${O`v%EDAYI%0SY%C^klBfg5XEJ5v zG1LE^3>K;{1qr3m54i~Sk^-fb34mfUb`b|1!#EQU|2`Rt`T)Wnm;lH>x$!@41IUq+ zVAAM%5n&hCc~sQqpJ4jM>?|wD99`Uf^&+$WN4XIJK~)Td#YA2IQEmW){U^Q3Dx3E1 z4+IAC4F=o({Q;|l3e%QR)vw2$(sR{kO7@|3E;;we#RJYonkB_{Cxd(d3E}smrb;iO zN%CIijk%$|4IBEtE%1EK4(HM5rO==GH(Ee}Pn-Du-oX_oZo1xOYi%k-j7Zz{R|=Iw z;he+GajYO4!MFI|gRkT~8vCxlMSNQX-C?_$l>vv<65l_*$3DO7qn)`Yhz0XuzV;guBOT#Y^&2vtSMsr*ls2%W z+@!RvP@h$+%P+T@h*EthWMeJme8u?}L%nVN&*86aq*n{peYg%_$U_>r^Hrlf<-~mr zwSeD{WKj55X+qu&fn{Z@d#HKj+KE2uDIBpn+cT)Y@bb}TUF5pdFrzCsEtC)1%;A8S z=>{0XhX=0{(a%R_kHD#dxR&eaWPOGO#F|lO^oxY`M}6Mo1yL;3-s)^FCd=1UcNv7T zq$mS|6RvM7w~H?a$inA@8Z%WhGHu5Q?HF1zxw@P5-zD3wy<(n$Y9xjB%qtmF%F)gB zJrtF66=o2X(?@e;f2KF-oN^(ZLlYK?2XlSinS^$Q53wj~Ut0mVfDB@cXVZ+ov2m0Y zLFDmezBXn1+>>5$`uFVJGJ4x^T^zKO@ICS4aZK(3ass!SQwW7L8tGuJ_@1P z0hj!#QzICio^C79e^?#`;KgTNTx){|wYP@=yDNYRA#=!ml*Dizq@m65a@4FrCjF;OlBrdMuf^R9UB2DIgMDLbp+k!l5_~8$*kzyOSz=7R9 zD-_`tiWpAt)=m7u4Ii9>{{$;DT+ebF?wJoBh=Cyg|07Ff`hJpzAcz@;e^de`J_inP!Eis*c&{It5X`YzY2Y84prfBL z@G+krg{~>;Rr-AoNNH(X2m;e644veG(u#XvDg}7aoAQAmix!u)0GQ~Me4rE9(7{fq zml7!b3JYY}PeDEDQ2;uC-dhHfd#h=H?_U3hyPmHFQJ_*r{D4%S}p!4KEh%Xa&_rk$&|oRdNUjC-WZ^J4)-k@fW-+E z+ipXqQH)LgMXtL+8}9SLJRzjgmmi*dn-E)j?IPovKDF4o*8Q~o!_1bgB|~V8xGK-~ zMzdF1-Z1LL_}0SX+5PVe;@7tEXVB%M)nr2(azYHQXmcsWY2o{VS+=x?oVV1p1e0iX z$>^~{6-eHMHbc-H_e*j}vE7CXM0!f;dLX8>FKjoT0i~;4Bfqyv| zUmf!h_QmN|JXY=HroM~J$$VMDf`ubcLl*b>R)pN^@ssS12O#;{{esPQ>J?*<{;yB^ zH+kIyMHFeyi{NIi^1(m7bce9Sw+)#Ump1hCRe^2Dy|V_j&UqO>SS)J*F)cm;I*&=^l#) z`CV{+OO&bc;I^)R*IwQW-cE{-G-xv!m2@ngb`BE(sR^;GNQ8P9Jlc39BobYuC>R5n z;AZ*rKul>PGphrXK@Jqg&fGyz2W#8juZZVX&Dq;1F0eLK8%wNVXpXUq{Cl&Kr{oKf7j{a&!Vc$n|Tn zF$x(|_h{sBK9m=+fj<9tiS7UNm?&uh1_~QkuUSC$a}SDqThzD_sXPE2ruH~^jWTA@ z#6vF^7eBNxA_e6M(zvM!y#@HUff5H-{HLZJ)m0i1!hE43XXMAUsC%$Xxxm0?v;Zwa z>9o+_<8eGv+UjvD$hT&P1H}z9YeOCgv^cN@`lk+lf7}Wqj03L`Nr+U?i@VhdRu<`9V4LUv1*JxnZT(&~_XQ1i zGs(UBDigzX64MU`@VT=Lg^ym@!0#xVq`#T!<82wZd)zI+wwe4zN+dWGiAxy-ConlU z41kZUjmET}k5uZ8qEEvC1nh`Tk&xZg%I-g>N@Pa5ucPG!?j83pqVx{LRsxm!ioS3c zpELc2lqU_@Ribvu;Q#=ajf(tv4+Awf1eZoDM(?p%G*l)70kzhaTonHBa%$d)Mq#Et zG}bs$6oHR`J1&Dn!4^Z5K;5_nhU*Ga*<8W9g&fyOn)6RJHmQcy`Wsq`h?LjQ0k+t(Oa zrw35&ZJrg#wY@MgcvsO&-ZB%CDYqfoEW6~G_eE`70{Ao`>9+jx8YGJ%-YiSCe$*A> z--A;WBiGa&&Dvkp6l?mH$LeW`>P1WD;V5njEjiJKj|EDb7JjMU@jg12imiMGGl@35 zO;i^B@S!v`iXoz9S4{RAZ4uE&PkraCI1yC-@fX8cl4LgDQ91*xZT#ieB1NI)tVAtj z5n^ylTZa?Hmn*ofLw@Aq^qqVqufoJAY&G^hM7%d%4CNPb9J^XsPCUTd?st5X_jaR= zgd*%4?-Dc5UDv0+6U;`go5zEb`AoLhefj+XdTjUQX{ds#*RzIfzKIpN`8xLUmUYpK$#oSVM~m zJwqOh1!|DNvC>pDx4NO$iB=AbWmPp>z*a7vmAg!La6aHyG);h%_zEtLy`q-dj3&;x zOw!Q(XWIw5hLcr>_Tg<}a@s>N9^xxi0Ud}fj**OdoN4JC(u#8HsnCYGl^=rD=$+3< zGhnO=2r=Hea9uI;>i;eQTvp9PKB_%%px;t2>64ZW712#uN!U-=Y#^HPOleWjjC^1H zzED8j75Zg;7XPV+fBRi3GmC=7Zsrn~NY$56y7gG$$@8(}&O(KHsRhr3e1!IAVkh+i zL&g5+8sj}!S6zKrIvbbr1Gynv$vRh~@9(QWe;EEq!4dIt?6TT87Ia=f2*r9jM3~*i zrHb`H{EdL^M6m`rt524+yK{K2L9F)MnG^Wna&inMRV-V$sH^Y()CGkl2fwg zWhx>&lPH3_@Ov6(DBBn4H=7-VMHw{x>*AM!D4S%l^hqg$#Uz`nCMsb_Z%{^OBhQA- z%3(+!3v>y5Rq1J(C$0nFLqPbtto)7=&})cRaP%O*CBG+qN$7TD(F|;LYB79Ea!>LY(3tn|mUea6QHxi^K<1uD%95>7$~T?GEU?qB1wjKC?iOy) zt%>9~*xEAwvVx*6>F{CGZ-`72iXpXe#>PnU)TwR}97|i97RdM(@jr@S|6L%<-?;-S zA?`W4n$u*&8I+QxE1n=Okx&@hRxiunjv6RBH9TWKXl{Y+LqYf5_@x8ld!8nLdx%H( zpB}PY%aV$Gj9~6qE!#r}KnL>mQV0DI6mZGXz!@m+L-<|NK+p~zGWh?~EcAjfaG0d$ z5B|Mq17Lg`;9m@%p2FZ?0EaQn;tx8;AmE#=Bw2d@br1l_$s#0Qus|&P&p}b3bAV<9 za5fkVGr}~K_llRwqHD8E9-hC5LG$^Yi%s}u+{?LS&mNX>>)WpECLaEfiYGeOGploX zR=pQ1ObzD+8;*j2m~hIATa2mWQQ56(HDy)hhQutLcP!?(+ib*P*|fXatk2(L%td_+ zzkmC8p9Fy9Hyu>Z*9(qFbLOk6-Z?ed^P8fE!?u8)>*f_rNvP)h@LbCeW$~;OUVlya z?8^jyx61kP;7d=vIBsx^8a@j5GuY_4gjUXj=hcmQKJtw{dfj}KDRq4b1ORO*+fg>r z2Cy(56hi}jVIY9z$_?opkh3%wO^c4b%JdvX#K4Ok?CvLcdy-iUtF3C#S7Mw`R8?6D z$E=KBqF3T1!L{^=_Atw{U=n376PRQO4fckuXP71pPHv|+mEx$A;pu_T3; zG!EKVEZSmreTT?1DxK6G@$z<}pkOi(` z`rvD#we9Hbv!{?ZdtbY_SDTUUP`ALW50)QGL=Nu%l)M|_DYWTA5tz6sYM*%dgtT|t z8_EG;laLP&wUL{b9UV)Yw2LNmT$2({{ZGk7W1vV=c4*7`_FNOS{oxM6C{O;ypwg|^ zn0qLYnl7sE7A&!P9*`u{Zr6nlaxRSK8-+jRM(tmv!(-#7-Drnt95egX#2)*7VDbqY z08&7D75@@mJR{y|3i)`~1cVOLd+zWz|0oZ9Ww&;ob&RzQ$`+ELT)ourfQ+7nHqL_Xlchl7 zpwC9z^=wK~%J8;PMQ?n4;q4n=C&~fmrn;vi2DHmyl{{6Qy=8s$1|a1|zC&`UvS0-Z zA%J3FpnBC4ldgsJ@Eg##O9wumGsYDX43DIsX-Q)Hx+#KkDpbIfE` z)XlyD_~NW8fSAN+z0zQlHJ!aJVErayu0O?bf=WGQQus*YNYP0y0f5x-ocvs}=Z5aF zn=Pi!wcim#u(al>1?)A1!v(;5Wpsu@xWn^pUd&q3Wf>|8XqkzmKk{H-M8e z?A8g&jx+P$A7c!2Dt+|YU%8+N-r+0{K4v`ZkXDHSUH=<$e_9OP0Df&>@T-E%TGmt~ zH-a{E5Wd*OoT<^OGSH5=sUum5DU$5}5(@(Uhz0bJ|E!Lzf3$-?$Qo>`z`$>yqJv6@ znKt`VV8M4Y{sT#4iY7*A`1?`-h6Ca9Pi3WNmHvyj-!iX(-Fqq4OPZ+og@c&+mm_QU zC9bk`wOA>B!@)LiEQ}P|8!rx~8FFZ;3*lfSm8h`1O8D`Ly1F!jKRh41~&zojW zax7J>ybXQNtZBc~6On&Y5X~+48Sp|rC%s?WAu~FDl{yBR@9REH(}@RNK7Y2w$8WK$ ztceqx{~01haVN}<)f!2kGa-TN`@u0ToLrdgtA*7{5!RB0F=;zdqG9%|>HNrd#QN}S zr*r1n+g|8yQbb1K-#`XzDwVXUa39`OH^#Q#h)>cs?sSq6+{gqeKCj1i83ygNo- zZhr}H$Zel8$`^5TB-jjDca+;Ee$sf-*@0qUc>Hx+=J<>C(a3Scd0buTS*kojNs+@! zDCF)vUZ011r#7sJ0R@GxT4j}q6RhsHs{%PEa<2s~qUPA(6a&K6*1WakRam20hsGxd~{SGJfhYa?CW(U=bsjh8*x?R=*k-*P% zSI6HFsG{r2`9N+heDx^g)A6@<(oo_5C*!OqA8F^pT1UfHI zm>cW&OMhoS6P%E$=RNLC%#&Eq* z8M?&YSI;`cm8nsic;!TGdGG@B>jLw4yXM;DZ$IAem2Vf?nJA?WSc%pTkm7SfXH8@! zi_ZraZ28-WK8S;N%ju$f5AuFR7kFM<4&IJQ-|i@8o6xLsIxmrJ-0yRmM0d`uG!n^B z0&u0W*|_~lX+QMY2#=_9`*|f4aUHF{OQew*;}?H}qNZ(SIL!Ef0$r}R(G^dysQ&>T zBNO^fchi384a#1b!CmzA55kOV%Op?W?~kpU&+fjs`cfW$I+p5Z%Ftb8ZqIIg%MF`% z1`gk4%KiE^KT)}Picy-C`S*8pQctYgh^1y}iqphCtxbQUJUT3=<=%&1O%d4t80BWBFhp*;a`w60 zi~s^%rfFlX7yOXHvyW@WH+F^xf1fAafa%1@@HhgtejTlp&le`Ih)U|6GRXk()aUq1 zHl`6GbXwhn{sQXa(4>1e!Uq(*@r4sKfID%qjO&jZfelX4Pp{a}@vVh9WR0+Z9YWFdgq2=F3q40!S5T+$HSrU$mnVFRP%Y>*QVP)tmK5~M4u0^E$OQK{ z&_P|!74U>E{iJBukk^?7use&!38TJHo&ImeoiWF#SO>tCurTO3*!15YOD%>1{pC00 z9|6XBV|Jfn2)^-44s~sqtRD0X`+xNeb5pAx6F8or|2jv}>F&ohl|5yLaP&LkfkM5? z(C>xItM9U0?U$sunbzpUrqYY zQ`%PSf1opHC~-GwA_@2ZO{#ICx&_^1j6~O@ENhMxsy6dxW+o*H+20TD-o`Pdh593%(Rg>#^C$wZR;hG z*FE=73Ztr(AVuap{(OCl*(!f5QGMy7z;lZngiliz>7&Lf^38qV1&6`N93P6QcaK z&Rf~y6O3(oUI>mW>Vk1}T)*gh&8;3Oy?${upmDhGMiYDN1iJ(-)8D29zGYi0?MT49 zU*60bErz~Zh#2$wwE=VPUfD>7X?)qqd>>t2ZN(_Z<@hO9#XaiY2RVMr-V^(sRa>9a zA?KKoiWun~+%Qs7vged|i^FbBxE<0&fsd3c(-bInIrWdVTeak7#S0gk#o^_cJ%_ zYf+!JI;`~rt;0>mrUh!YW#-!UZQwOR!afN1VKVwDm8a$9F~jsZ5OwzQIe2tqjX3(v z9myvJKc_2m&m$k{*%hD$NZ-*;8LugsWIB#Hd3GykHr>9eQ}Iy$rv?N9m)>6XM4T(K z8z^lN(?yY-#p0sQ?Ha?g(<8(~x041@BQzOYc(WV#cwnIHuZ$k0KQE;iP=9;QWJI^c z*kI$7JU1^YguHf?$@Q#jsa^LT*9UpJ!ZFGrurG*4z)WD5YvyfHo!uP-MSscF^HSb( z3Fr|HLOxr~rS3*>Ow5~G&2g0mRPDAr?fRoLkz1qWk{?8_yhtjh{>e*)qvO?ZI9m!X zN|oJC^yXV==U3AR;U~gutu**5pl6AUsgtQxo`mY=lupaa(t1&ZCem2}!Sg99X!cg`0ft|F|utZ?#m^G zS0@8Rmn~RH6`NMd^%eEiti*I)c=Z6Go8X7^Z^$4V6>Yv!gP=XuhweQX3Pte)cc+~o zP_t3^Biku(QA1$yTcGCCmeEgGBZDT4QRM)*-+Gpm>FpttrT;Z7<$P&atSB8Ba2_fXIyU0J3!|S*E5yPxfyJrb`?G(nfIF5N%JSC<=~ofJxQ{&cObV39yAX&>-O7 z8bd}a7Dj&o(D5J1KJtP>TnPG6|7J#B7>@ruF?8zs8SE@e1?cPvtSilHt+Lfb_v?|F}+)`BQwQ|2$)k{w`04^EoFwvJ!ph{xKl%<#f{fdkX(?uY{8z!q zaJ6O0TSA#p!5;|wF}x4K?ZtA0N~5o{b4(5_ClI8#~ z0HknJ(!q{j>_m1Ay+)HL!ou9j*O@tcR!c|fxAPc`p(2Kvr>TldQjWpC2ik;kv&^#k z=Z~MXeui9%@G{EMb=bYmaPr<5vLt+TWSu4HJ{Fz%{iPJQwA8bwnIw^J25pVg9oz16 zs$9$npu4+_6w^gW&_zbbxpl%DW;NRK#zqpzbws^-KK_Of9)E_ft+k_hC_Pqm#Jzf& zsYvTjYQjJuvsfXs_K>@jG6x<4%h|+K!77H=6vizTUi~2G5%{H_XYUDBU-g#?uh4z& z;z>oFSwD1C$j`vXg?DHE*Xx9P_PCI5nHx9a3wZzQA-#v~k=Q*$^or(1=3=%02-0R? zh8!cg^aU&A)y(q#IKzxvV?>oaH-U2xR`&c93P<~ zrq~H$QX7Bu=|6JyMJdc^z06yLueByKAMa4R+v{j=dtc<0Kk?FwLIVbMxvpZW z5;`g$LEKZ5?qrSS63E3+V;dEEwnB4o5H-h&z5D^v=1P@Tay2~LRY7t@^-fzD>T_9f z)K%Ed<*^QgV*w+aXhWXg$b7U;e9wRTTfB>bZqn4QUeLMa2~WukOI@rKxSfe;*tE#< zJqdL}udTaJK7HU07GLw$B>6!c=AOj}7(z!ztNcYUC8L#vMC8J@Wg!hDEP1x{Kyz63 z79X%}Z}ge-29bQNT}m&Zp`h;r0;PkzVv*4 z6V`rMK*H%M=y7d(p>uP^6lJUJ8Tf+UF7=>vi15SfE+HNHj1N_oKEkqd`UwIvAyj?r-z;uO$)jQl}RRof_(4oZk^xy!7?s&Jopl zV{m$Pn6wMKd3p`TS_)LbHYSW*UI&{tVx$tkT^(M*do@Fd=%XR5P!h>-jB%E8DCT>^ zfP^Pou$(da_H^I1h&#kfhIr)`sUub&Pg5GKM~-2xlc*Y8YgG-FH19{)7xycjTV@TY2t)=DIHTDJBk98cles8EvxTwgpu^$Z+UM;ogH6CaNaH@DibWI z9dliNf975vPxa&HsRzAsm9L$fAC-79%-@3EgIEbSYtH0IjOs@{lfmiyz|MsEo;psu zt-;f~@mtXLy zSMSJ|&%UQ5$c}0sRE!Q=G>eMj>zt3mV$MygO!1t=yx#r2o%ott*g^z?l%>Rb*U=&v z;v8Uw_w8t+2D&m1_cW_zna{4QjCoo*XJ*nwzndrCe@Hp>ion2fIYX7Z#VftXs%~ z7>CWZ@5sXfpl`nqN|S!^oBQuj_P@KX7r^wVGA&g23glSmIGt>xh=@LtC9wJ{IR7Ys zb?P6Z>Y7k5Y_kl;po<)SK&K8W)dvC^m44B(2$w@yle9=gf)oN&J5BH`&|`OU{vDfD z=grXZRUTcJUJUBcJ7xaB*Z(Au{E67+zu}B$7t_4I=^=j&`5s@44Wj^89<2rg3>5Ix zz!@HWE4cKBY6tmUsIml(Bh;m=s~?jq6-LR(>Q_lb=JY53ED7?<=|bi;y$C_dhn#!B zRtyB*O^tF8c*3qt3M%pS(v+Eo92Tr0dAw8CErZpMSYa(kMPEtGBA#$+`7E`^!myMQ zVrIS6s{`KVDRF-@eZJ~D{?RNWi7baKi9ZTfnbwr7%Uwgr+jf_&A@%++0Gbl0^^U^f zsAM)l7;d|(!*;T2CY*4cN4w|MqSamLyKJs7{F#neGWcU?H3C}1CNkf?K6CD0-YE`7 zZ2qjV56W1g<>4^wG~h+V_lHDyF$ulP68eM%aBA+n!B39^(gK`b#Vez2H8fT!kAN|Z z>lIn~`?m+YU#q{qlqD~F&M%2+G`rjH2}|9!l%MqXGr;Os8jt8+oyMy5yDNgtG(At5qwL*GxHkOzD+h6#XSeAe6=igZGO4i4^7LLduDF zHRZk?Yj6R>HlqZ&MUXlJFTX3~zU4i7ahq}t=2HFX*_bnj%+JEwj1&V`Flf&fBTd!% zF{32DL$II6KW<5Nmdn;EF;paZBH+oLfH!zufrmPOVE9(r6;kVp@_fF|QfVGx=@*3T zencv=%Qn(sy-q9il6Q`;@+O$%t$3|T2c3gmffcPkORsWd$J|04+H0ZWsf9ayS@6mQ zC`w!%#b%$FR=i11ZW##ThTXRJI(ETnbt}a=D6__}7ME2?`N7)2C|aWD$&j!-uXT<6 zK;#(-n=n1bhmH?hYV*m`cY=q8=3}C6ZZ$2Ef~K+o8x?GuY*+- z>x^bPOQvI_z7(44q=ze;v(>w%5@qtp4uo!x#}VP?YW1!Njh+Rl*gocr56tyQh+I4S z1v#^i)Il4|eby1X2c6GxIz5D*lI0y)wZQiIKr3q;0^~F#sGbG_cB?j7q|3R=m;YHk z`FEVM)iHrX7cZf~S1>{Re~((DC!@unZ5IEpQOoiJtdkW4sRr6FO-*7KDS zo$at26c?x}j*>dMrABY8L6dfY2mnxWqwxO%VlVE4_m5C@`ggbd7an_YV$l?a3l`kp z4MQAPCvjQ2VlNGWiVZ96CWe?B;i>iWlQ4}X8WB+iC0!wGxGb_>pLplSMRT5Z z(VRaCJym!S&;ZqE?_QQkBY7VY_l+rd_Q_TAIM}DpP4V(@Db^`H{V7;+Rj|~$n$BsGz&|1n?;`n47VDfwSE;6LwBL-DAIQlfgjs`LD(@f#ssks zH;k4@6_gA^4_IasFka2a@S!H6k?UMpzOTs1#3H4%ium)%_btmqV}HmDpTM6kR#SVx zAF!3De);Ky%9c-us-c_bf{n;)hDA!Zh&si|NTFl7@;5sBoJigjiiY1(doH?V^lbYL zY)NlBi^48f=g{=IwyT4g2pT?b2G)KcqWu?r#@`O1a_HRwYCP3wk=CE+*T(Kr9+7)H z!Sf!3KpAp}UT!@)*UJ3a2a8x8ql7_YW&`(?r5H7D^&h&YNxB}DnpAa;abfbz;H>CQ z&NOIYU|5gj9K z;W3+!M|?ywQHHls0wm)MY{#DOMF^$Eo{5J-UtXUiO0gg)lOASk!3cX_Y%J~)>C4U* z4@kO!=%fo^YK*W$WG?WkyP!-9f;r>;tLSZ!3=wLTWo^&j;=Vt9Ji-qIEZ08)X_VdV z27H^B{)%T}c;2`e>tI`@g9(T3D70*1VeTmH$Od|7Hj7T2srxqoRkx@g9l`Q- zDojqUPQ%8n&@H8QValQgf_~LAg&Kr8C1~VTcNM6>9-^=0z(?)FfCGJX79e+Z zT}M|Hbm)(+L>hhQe}iLyi9~=@C=dyq#JW@t5T8QO};~z{u&V*TvcVWcKiv-#Jlb zx*0Mi9DB)GS}>F@IDc+mTF04Tks8*3tSOu!*vr*h?JA)E zLWC10I2cY-Y^BMHRvww)Pko!XChBKdZ8vgD<9k_l=bNa@Y_ab@YWQwF{dq6jHs#70 zV|g%@v}H{d&DzzafGu+8qQDl{uXOD{8o0l2Da(5h$PUbdFgXpoW}D*hUabSab=-Pi znnaUxE04D=upLX>cg%9@<&Oybt*o|cv(HK;rC6+<@2_)%8iQ)R=vA4tlE!T>s*i0v z#9QRplo99aQ@7&}$%u`5Ae+6_0kQ%npl=00lcI0xhIx?bAu~(`sxT1JcC)wj=Yi~Y z<~>x%VUaG$o2>4Tp1yT_E0uSb92YeF8=mBWd zUE}+Fl}W#RF0|!7thJ(!f&7Bxt{fHOh^dRr8tS($j0v*B=#vZ!p02Lv;uJg*Q#8Me zna|I3o;d|o8VhesvvhXBAK~;Dg23o|+4wbV5?EqnVv4@28~Kx21XQq4r^k}ueNB}b z&fc*9=x@#lOC$v&u16Giuf5eAxQ7Q!@T=2P`54{FH+&>+1jzG`QTRrUL z(Eg<2t?Wm`$R6E{B>#G4u{9F!>6L3KD?|Cov7M2u+p@lFBLeus4+{y>tkc!Q3I@Yl z#3Cxbc*jgo7^!Deg~_~=oDg}EtFT!8tqTM|?d!mZ56waNgL3_uc&Ve^k4ef)GUV1@ zhxa)1Izw;V$5bybEpQ2|b0-yxVdp6q+^Vj+t{B;{Dc+QPy)#;7z#v9)UY;ii)pDM? zqW$rk0a_s%jDGgO@HPoyhF8bZ^z8_GS02shB(pCAHf7NvI?v#lVWG7LTXYT z?F3{pGlqfV>-Y~h@XCm>%%q0H_j3ufS=fkY_B11f(yL^B{Zc!YUzd`uyISrvbHk!(wVUeY3;~VgCp#wT&I(|HZ zdiQqqH`2HBQpV$J%NlOvSg!WW)q{d{>cJ0b$m@sa>K(680$0w#?4eRt4@7F>ZM41A ze-y3%Yoylw_mR5kzeZ{m579C((oaPiPG&>dArj^GHPMrtckJnGzV$(wEKkcKv4-}F1nePn%mFqD4YL*76_D4?=n zjm`()uv~bcgCsHXXS6R52OTn+6&rXlv;p`Xg*+T21JEc(fmset_9cpXjm&61hEORs zmd_d@M7DCpoN4cR;q%(DJqK=e!mu40&7+T@K&N4+Z#RC;`}lUK(Bj0D!Ik7!{YjbE zJ95c|B`WHy7GjFBmwVbNeBMk5C0KOxE`$-uv0k%CjdGTeT)@d}FVwH6IkdQtmpM8?#k6yIO-;6 zUWbLQgOTOGybuV&Q9-bZ{^MnYAx%`@2tG{P&dh-(b>^P_QotmyHD;$ zex>DcTMjwF-J#t}@qN5EOvOqiF{7BMT4vBzaYMqu*-MXx;4F}K7SG``{lS`ccS=vh zlPXy*P^sntD+|wVH=?Tgw_;zk_+B{6iKXN>QywwQ?nT{C6AG>%n~*H!E0MJCycJV} z%NJI%2oYu=mSwx0!~;H28|4gJ?$7+g-+M{aK3aKckXS_U4U0vHjCrsj=o z^ie7_4P=ag=dB{{_58iWhtW9aGSV*hGBe^y`vzBc4W*psE_X$&>lk8C=rjQ#%^yU9!Y3J#ekK zO?7?pzbt=#0}g0^I-ri=L8qMyBUrTV`uate_V@)EY_Lo;3|h8*XNg@SqIUB0Mg z%qjnOk#GFn)YQS~`liGrEkmYGr`Ha}W7W7b3-_OETk=0QqUtm>Z_g##+Y*`9MqsNt z#v7wYQ+gILPk!)6(pw38vb$~c@{z3b$eCN`06Gk$%R9U=_!C<|0A1|)@FUWf4ucgO zL5*by5}sKqC<+YEH+M|#>W)J(b)8zy`KIYWJuATKr#K8?IbjoGP;uV?T3H6KkqcOG z=lRK)fU0F!K)gb+w-~H-Tw7ugMlXe6TszHpeFL=@{0l+>?ta(9U0vFRdiOu3HmSma zGQb${S)E}#`lGS)O((aCVN*0cI&rX9G+NG2nzjXgK|TZPjO2+#RLV{-ue{54IT@95wJNda+V*KzWr$qUwpb>@49z2ye1ALD z1y}QZWKR-Y?W)`i!%r6jeE7~-_;0U-nHq!Hh18P0SU0TYQX(*sZ#P5 z-N>=Yl8WwmADJVrAAmVdbNABU@`kSqrZljG;^>hC5%Beo#ne)iF|c}xGO;drLOYJ~ zhB(KX7d@~ia%9++h_`d5V6loKgdAWfe3k8R`Q50Y{P%D97bB^HUK#Mc_$T-30_cn- zX?FbWH_)x5xyGX;C71c95x5xAfT7F-fd6GE(Fw+ zn*srA_nrY`9hOU^{YbyBsI>yznK}R}=)ryn1U}N4nojs^V)B&CsEM$=_;kK$tWmP~ zQzIeXQ|J(MBM7#7CmtFsdz0^cKBS=OFu}7NJ@aIf`rLxLD+21aB9l(E&_xLK;C9t{ zDN6bGA&O`^>!UzAf%>Fp-8vmUFFx?!6*d3vdO<2F_~JMCp=MEL6?qYLSE~n$&D9fl z1hI25?v!V4-D~2DS+7s*CTJ4r_`xNrU z=|C3mdmcuYuwlxb`*KU(&4>B+FNzq1;f{^ z+IR1d!3(1uUlj?Gu7o(n~3wTYUFUB31>(wNoI z>_JP~r2fNKFq1%460^)GGa2gOckm8#?T={sBLL9a=YPvdFO)+ufxktk7x0<~-EY0B z`~?PgpxnlN8$H_0o_|ImuL{l(k0kiks?nQ&@f?_1ccSW%XAe*pHIk&tPpjVTd&{XH z%Ycn~D~yu8QzCW?L^vPl#;c;ShN&yJJ(&IWRCRo+^J2nPJ>JK6JfAEqoRt{LIii`< z^OB$(rRySMZy964KD;NeD!}es9@Tp%x{{*?JGYBIvb#LRL~^|xRo@xRnRg(TFn_i1 z9grRY+$=j(_hiHfG%!aeg*lTfu{XHnSJ9+nTE+gg-uG-=QL{1&6RB_pFd8o~q<2yp0wFO&qz zcUfA|ie0o87!1g>ll?)_#8^ZZ%Za?vZAfpN}X z27DJQdjF!hqfPnDe(wMV#z{c*2MO9ii33pDee8<+E!f_M&{=TJ=}KWu14x(c2suFn zwk+tjteXxmnNW^@2ji8QOV&+CYlNuR`f3OZ7qh16kFd#^=rNG=B4!I|up$qC=+)f} z3kWXDSN)uEJnrxaP12>(vD0 z=%JQ1UxYEzXxve(JV#Q-Tqa;9M*Nh~ZvGd9P}SUx>8rPl!q24p8e!vaXXl!}v-&Iea?GtzPnS&mC^&m7I6kiP z;hN8)G|d-6nnZ=+sy&WP@9Uvi)Em!Fb*M;L%Dt*{YQ_x^*+7S7f*GCqQ_l39O=U)J zc;zgSIcE@MvSREntt(15^lBZqd!1a4)tAUkrOhXdPw|>#uxxmPb||0{5ZQ7s9Dk9f z%2b0Hm!EXGr%Kgl6=}@0Sp~Y;66VW%J10bpWi^E!u9eivgr*E}9g&k55zR3UjJL@X zvg_W%4FYQypQwjB4 z+5O-`eq;{!IbZ9XYhWo3n{}teRaKU$7;vpre+`PKB%-{M*&uG59fc{@;&~g%iRX>m zE-L43j;#);0zwUCrRoF9>n_ciED352*y>Yi^)dbiC)yljDIekLXYJW$nX!osr^7CK zik>!9QRpbc+(s7$8ZSg<8xP)v^5!D{qDdk>8k&1@(jY7IsN4Zphd}Di7m zIsh+& zAC)|XmpJ)(IRJ6jv0J-1Mhuj`&9j3~LnoJ}?(|&6>v>r{gJ0s$9-&(Q`5uiiQwny4 zq7Kh_y*jGzOlkBO*}mG>Hol6!mU)zM?e2hU*MTE;wm*-tiPOBl0=rM})s8cpa+Enu zcX=Vwh`70?EM8p6o-&}ikj0F9yw<@tRwLQYHde%!jdP~;wjrWzqP?U1L(aPQxt)TL zyr#QKQ4`pUd;&i-)wqE$>JxsTj))I~f(o_s8fr3U-*$G-XeGR95evFe3%gr%gLM80 zwEcuS;ReFoMIP?K=t2dGpgYN63IeD(IrA}Zf-k1aO6UgHhvbDC1~5?ru_+y0GyG#c z*Wcz$Xg>G97XP6;h`*!^z%T@D+kuHj`7b&N5Xageg6PfyOVSH`mSwPNyObjM0ZJV3 zIi1Hv4M(elvOej4pTUz6!_SCRd?br{pnzy^96&ea{r!->UmMn zFUYOMh!pfj>n|1P9Kr*tc;#p3Y@8KhL~aD>u(id=PIa!iuczy-fJF1OrC1oY#=dq@ zaWwzC3giFj_9E4elq*9|O>?@i(lDRMpzetN6muo4UfCF`?Pg6A!uEb+<~&lO_R~Wf zY=U(^R_&$1Ge+_{D3BM|6X#BD++=ng-2TpfKLNv;)?8FY=t?I!2IV+aF2dY!Xy2(k zzcbDQ#vBI(tRXao{(K9m-}eO@Dn|mSO<U8VbrXPO}j3q+p3ecrQofoZVaV z(iv>1Pc^G$#*6+e%FDJ8buE{jFD1b6lptO)dW)+*(d33IqMW8cKjxef{nX5Z#-n+t z{)t1E`dW)+cY?J_Kd-Q*N4aY;GLoO0F&{_Z2z;@fArRBf7QI^j*7Dl)Wd`VR=Sh=7 zK%bGo;RxtuioXiGHV&z9{es*r=~UM=(x1{-Fs}=G#6YE^1)yKG5vs0SwlqoFMQ7Wi z#$uQgs%TxwmuCv9pC*0DE}60THRnQe3RxCe2e}694G7TVZJsJwRuPZncfy-#T2hCq z;jA@p3Eu0iRr+SVK=Ax%l}BB6R-Lt7I0*Bf9$g$YoA|l>EwXG%ky`jm3C4a-e^#iw zN3B)v!sA~MdsG}Vf$Nlc?orX@nby-V+2cscnVn*US%m}Alw7UqW>H2>cwqmmi?aOF zQ1?s^hU*A%`K)_Z9lMcBdY&nFhM%ZO3=l`|cH%DVt(}g&=OQWD4tnVPV>B>NUOd#x zAWiFi+3*M+!Lz^^7F?QmxrN*;Sgnf0k$^`HLBH9JF0h|Fmh{!9AwU~Oa}?U>&;=HH z(&<6c$_*NaPEd8BDaCYvTFeaEiu?GWUvU9p6@6DEC@tQg!)qL5SRU>I<{20^pk`>c z1oUMkDIPSc6$j~2dmDcIP+t(We?8}bWL-+>D%g)(UA522nUz2pjJx7RpCfKt1R^f6 z*5cy!w-`lJz%oJ8*UW8rR6f8ld1F#R(Q+}Ojd_E|AGZ%w9&dh^HQ6!mr9oK(x{Wtz zHYX5$14o~KbuYkcS{*ntT?_Yu+Oyy>cyW7{b6SJ%k`Di}$a9A3p~C9=m42IhG~rAE@N zw+rsD{^0*$Y1{k}Bd3krm9Na7tGrv{ zk6*ihx2-Q>JPvzO6U&jg&g;A7UrKlmqKe2tgV$`;Yxlw)j`ZsL-V<%07H({&i558K zAhoT9kpwIVCF+Lk+BL~DG9p}?T9Hd5Na2DtAE8sDMOKlzhn_(6E)_XeYIhjCAv;`D z<@3|I#IfL(9Zjp7VMN_-#+Ta9p4G$i(=)B=^2oiqqdd**)5%j*Ezy`nY8y^3%;Woc zuK_sC5_sv2#o+C2-ElQgs!5pod5x}P@pIFgV$pG!RVwj!%L1#2IX~>M$WbqtLKX#* zgO^%@8^zB^_^7fG@gsl_lM(%==sML9c7M=CWrAW%P81pVNG}h%p221K6Y?kgDf8`P;dn^FOhis-8y0hnu1K5}lbJu+(fu&=wDI3jpc9cnn&42o&nT zIrV~j2|$E@d90$1gyQgcd%R7n->4q6>T(z-nle zGyf_WfII7S1i==*9HSa%PB_fRngY=_>pq|YcS0tBFE==rT}-G+N!aUsS!pm?A>aOw zrYis8^o7{aK+?6&kuE~}&;t*u-!l4?Jk2(m-%E$Mw94KBoKO10qF{LSNL;{8*YW1L z5|Od&Oyp40v^T15_u7}*z$aCK4(|{5KP$mz7=Zr1e#7WIY1{m(jmYchal4nXM<=SQ zcI*0V(#9q>Oy@q7kt{D@&o$Hze(jYK+^mX zlyLpj7*@_dS?591x<}P?Jg#s~NlW~^v*4`ZmU3Nxvei|leC7$&d2ZWyeJA%pLi~uF z-9Ek}6|Nm!lM|McCTah<;-?I|*(D9x!*hBRi26^e%iJ@CKGSt)f@^M$4xHEicA9*=e4_1eY8& zQiw*}j`*;xEZ{DWx8LlBR}9$7cgh`(&L2=dQKzL!b^{F1JZ7v|5m3{oTxqKs$$&|r z1hSmwuU&P<3nv#(b~%k;3r_EkaMDqfcQkwFf!zDNZu; z)NBP~7rLv%VkbQb7j36)q6XGkYBB^K+>8ku-NIFTbo5T1YeA2L^xzJ6r)k8SwflF% z89i0!en@P~7jrmjZpJvWkZ645Nq$!{LraYVRi1iMT0w|!tZ%gTGdjMyu8uuL3)b9x zcuXeDG2piLAco?(3_e{U!(j1Zg51_tZ%YSH727pzGvuL~tK{d;?F2mU$6PQ8B)3^# zl~KTf`#v|IRgJ{qIMC(Xe!%i<7{mu~nn4%<=N#?t&kz0zEuv_4U4=N@O%`g|G7a2b>&N|~kAxMQ4i7EnEyxG_csP`A~I>xM^g)Cst zCNjckZ^WPJ7o_qX8d^yC_CJ6Y{y#S_|M%z85)!ODW~*Gr$)b(`$b(1{*k7G@*Ewt) zr0w4IX`BIpN8Lu>WV-!`$O4q3!QP0CCWsgptftWHW}mN*k5YiF6H3&$3#9G-{HCIu zWcJjneqSgf&k8$!LFDcBBy>Syob0R;jQ=P~@bykUD#PX+-)FjN*RQQsUAPS7MSK68 zednfZyX|h7OTlE9#ql)?Z|%u$quvs7wMrobW-?TA;*`h-Z-c=gGZpxG_tRWcdg22pk6v^muc>+;EIMVo0|M?+^02=W^W9?2G zBaN)Ku(|lu9}I~orKc>?{;EZ&-rA>G?-XkjZhU|E7HqZx^Ap`<^uJNrG@(33^aUky zuapMq<$Nx!@e+0OEg|;{X!upBG0qv^df1H)=Au-sU7AEAOV!DqZp_1IFM2kv zkHVxYB&&d8F|XsS>5OYN>d{6!abiXZuD+L(qFYE?7a{Df zU&l8)r8IM07;N7eF9gCnJ?tBk`F?2~2fex?^xwPeeHp7lEh6R^5^%csWW_e0VI@Ze zUAvL8kfS2M(U~x*Ijm2{Q9O34$mi{t6>dTH;1MNr2W?oe*o_V`T|%rTOQspCFrct# znoDZBG6fpf+$13hc#D8SPhwA%XlJ=HpUH@&pWhL zc3(W4BkQO)^NWGOE3+ur^&0Fd1YxJT)f8uKh9Zi%LDl{1;s@((iB9b-ZHXt>NEc@x z^BcffJ?{7O$ZWFdld;AQc|9}wb`}I8yrTg3x~O74U6{IyU~lh^kje$L)<3! zgePkD3PfUz3V*)Cuc>)?$EN_Wa6deAHK2?sxQ}s`si{r~^}Wp;TzR)q4(_t?0{1B_=+`KsntB_o=j_ezCPg=)fGkl#nKU}Y4&Wh@3 z)3s2qd}X2OiSx4*j^cp+#@mh4W6`g@=p)(7VV&_ni)`0-H1oX?Mb(=%QwM@6_PHcB zh&ILf)`g^AKVx9y(LMWbIuHU(gsHq|S-pry2&f)HcD|SU{r3*%2AJoW>f)K|l3_qr z`ns*0UXUr4Q#<$plU%R*UM4qzE7I>3IcE4;2Mo|K83wlJgar7q8&tKE8mG zaUzV&+3milwG6-R%C0by9t$??I(@0F{OLzVI+;AJhK)Kkq#3K62hDAI6g{)roKD^2Xs5B5HT z^5j2HUYb1DEPJ)obz3fUku6t;D)b)k*FVus zZWH_TzKuTTtU%f%#Gv7I!E4$>a9(kwIFb(u$*^|5V%q_t$?=2YO1X}lp=#@=vIDA@PC?P9J2zI4)yx|w5yA5dGM2CL znz3DO>&eLB#)8}Vhgctt8F^0~`h%A|=`S^061r1(u?P(hOXgSkRX=rjeJH0DpMrM< z72SY*xK=+W3vGFSOdr@O&F>o4y1Fo`VsnzGSi)&Eu&%%-pHzA!Jr>kS%>3nXIOrWm z++e(-jINaMMPdRk%qu{x1&kB9FGj4ulOBz9jsOd3P%UBoUa@=8MEzO(fhJb~Ipl?u z?V^Ixm=F8CB#=a)_yoIY6qf83Kez$go1NLgU15u9YV{aIDC(>I$kU6|ivsOWa&d)AJ3Q<-ewsz`R73!0)o! z{jYlK(yJUK>+yb^CQ_FT+24mRD>vfa-kxUaVGCO;Q2Kyk(7t_stA4jH);&`^{jTo` zjMKkls5;qiw(8}P^43o_4_Dt4Q^NDZcgmpLDyu3+VhFMOb4A1?A}ou4u))@3TSjz; zYmYZ)9K9Ofx`{otxZ*;KHaEmL9Z$Av!Vr_s;qyZL zT6fdTzpk1trfJ>xWlJAH-k28`y1OA)%PLZ?xLmwkQ{*!k-CY}R`Wa-o#9LH@)T47L2 zH@Mli!vCa3&ZDmU?2LhW0sAn2&~7jFXrT5iw;!PcFVK6J#o#!ox4WJYbNE*4ROl;m zeZIE3`xE^L<=Cs75&{lK3Am$;o0go0y7Xlz_=j> z&1d+1-fnDF$5*Sw)K?|aS(DoXmSIg=C~&lA?`#+gFqBlY&IoMYlfglS-C$N>(Ex<)Gu$Ycc1#XGpgddx_*0w+-BeH6UXay%efcXdPDOISW~d^ zpq5}v{e<0@%)+{V(Tl@py5UUB*0XL>wLU5@ERfwG7&J|U@ePCBSJ zK}|Jb26(EQIBYaw)(hl@IF%Y;GX>q*?>a3dazmgyp0XEKJr08N^X#sIwcSn6?m3O+ z%J3pAnz(vG!U|OpBMkMUnN9mTGqXjC(C zH{Zs3Wg5MtGUh)Z31Ev>9!eT()9l%eXY9^nI1{It+UyH>A0uYPQ^sb~+&=eT$8-*CV0I1b}WZ|$tfpt`#GqYOyP$bmjo$gsrCv3uG zH^0PCn(H)I9juxXE@Fib>e{&pNxO>{3??n4H`ct~RzVyx(I4f1+DN<>c!xf+a|~YZ z`?mJ_s(ZQ4Ly=AVKvoeNM``0=)RrRNpl%XlUks$e4z3H zEQO2ZOx3@4DsVER^I#hz-77Rr;o?aCPL*iBJN&n7Mur)KzSU5_0|m;|qJUaLVo1|LYz{ zWlfd5YQY|ReE>cEL9sZ1;FE7Jit4q~+3zhXb;_LzE|Ko=>*U{nRutzh*C*mOy?77( zG6lojLeS8GEIOTUw=D2-DlEV6?u#hwqC=(=-79%W?md+hgY!#{+P)R_flYhE!RKr{ zdBO8T6SK?n)8r~V2Ot^T&eA8GkDLOFK|`Lk4Wmf?PE=S>JWJ=Qeb>%Kj#d2=e|p{Q zUE{Y8IU?0)ddO8zm+>Qetcp4Fab6Yv5%!&G2ftZZ@DWu{LPFZBb^84Xao0CpNY>#T zjw~l_lrCLAl_DZetEq+YL^1Kes*OZ<$QO`5=kpuNC*Qr<8@AC)+|{he@Av2rN?{z< ztIxok#e3;L$b%#^Kg!w6L{a(U_+*j6$Q3{)Rop?qZhZY%xTX4qns%7iiT`zl`skq0 zM_@b8DQ!w5NgIT-jxY5(Vs$IaINq{XK|!%=W}k*+{|n3m)V?{SzEn^4q4i%u^0t9} zDYMSbVcz`eqU!F{Qk*+)jdLuOI#eu`ulMyAgu|0YmJC?+FiP8&+%R}s%VXt6`RdNH zkS=wen`#m9qulNo!jA%uR4V&ib)v+pGeQT2HyJ%-oCr?&K4lj9QU$1^YDt`qRiN#~ zQbqbu!bZMrUZ}#T&hzyrYx3>_EUaXXh096yCn6lmgSMQcxHm06 z{sn1nI?PrEMW<+IF#!h?eW}oXQB%v5wI}qb3l{HkoVvFLJ$G|jGKvV|N&g0%oJdgG z0C;}e=^C(8O^Cg3awSco}*?O|!mCz*e;>x{IoXVtDr z>x3ONj<)(5lHtv}ebdOX>R#0^zCYi_`ejbbWaNi_y*RA08&X*U`O+FapDIk)ZP|YM zLTkRii5C;{B3kH9lBRyUu>X+|8w>to;@g%DpAMDl8gvXZ$}fxtoX_G`*w`0fIMk2O z6_&QnR|XC2>s3#pbsg99?;|uaC$MA#4KhnP`Vrl$su8jPlP{&wzE`Njcmz&oEniJ~ z4YP+|=ib>5fFi<9k9=u}s4)jHwnJ#Ltn)v=t>u+DB26VIvtpX|3_As%|4Spdbrwx+ zG|l-~uWc5&eb1Es4?-{!w|FH@QvRufFthPhi zZ)NOKakZGHQmtm7QZAk2`$rNIg9v1y+mVWg_0&Iu@YG%vC1STJhnhdXau1N_R#37j zV8XkE0>kn(4QdvfD;)GSq&t%inQzG11)qtoz_&L|&jjM@F;}|7HKCI5MR!pXATDHV zx8E{waqK&Pb_#m?qj76Ck?pSg%U_#d#@Q@S1=S;yizbbAJx{JFu&_wGQGZL1)48LJGA_=d!W)G+6x@-dg|GQ1g1`)$^P+T`8P zYbEjeB>6@9B^t)IV6^eYF7;ZyX#Rnl9k2oBZ7ro~UH~aqbnF+z%IMCVm!4x_zx7@E zLuc9jVpw{`qqpaU{;J}O-?R(aT96!B#|{V@YEXA>S6EYRI#zwW*SZ@8-O2ia%nuq3 zxQ)nBc`}n-zTU9)4J@8IZc;cyeW)(0tifZdf-6r^brRUdTSMVcFXVMIn7zmiLx+%7grI}Le$XmDhaG-7WW^kGSL)|Kt~xCAD` zN_|=M(H--V^fwW(SxmwnZ6@U{Hjr4ALNqBrzV&HpVE`0-SCl=X6n+W?(AEzj!9+jj z8ZnGYP>~^OYXZYa2<%%0J_Mu16FvC4gOXK)xBSHf)d_m#ly7Z9^JIYig(n8tEy@DpwUIV@KG~{Dn9o+ zKSjIQLWAe6VWSFbs138CmO`VBolqs<8(>4TVlayKB~`_ZVI=aFhLbWU-$k@Z8X&QP4vjK|J=9 zl^hY65&0A3tc7qBlTzacACz;ZR%rHny?~mutLch;W&`3?4o;$10)ra@m`r~vuG2Dy zc;@t_UGeZYS@nr&87YqVxHjTaZaT=ny)si3Yw(`o$+BkX;n^2erH(*gxsd(b&s%bY z+@bKSHH5QeASI}_+qq!+&J1qJP-(9A@D1%QPaSwb<>;yLk3p)!dYw-Uf~(gV$Z%Of zKV36fS10b>&J7RKj=349p#hi1MMnZUfC#B^qpJk#bogHzlra9$kN#I?%RgBz|0iFT z(YB;}M*H&)ARG194Z3eMOnYP+gtjkHs4la`jR)NHwtCc6Q}XKlkyW@M%DaEV=m%+m zomRxF_oS}%j5cm6NloqrsG}#|ST$$DHn$*^sq~X2TO^r;T`e#kW3Qrse*L32Pd?S? z#Zkw!%C6TnMHPQq&DY-9lMav}WOGJcv61bn0Cc%nz_X-_>%F;Q`T8`k$S%03AWiH$=_umgcVKtB>tnE*9?| znN#VaPQ*YzJ9Ck32@*_I9p%sWU}vt#$i7pyEe@|)p_dic^(m}p&8G!;7EmX&0rBW; zJITu8&xz9h>0f#YI60@TXl2~m?Fuk?OGvJfy7#eL!p4mY8DDjr`E)_r*BIp6wxlP^ za&$HKodruCz;-@iZy5Toyg*7mS+W`|ZWk@UYdL_xsf0OSYW6r+P-Uo_lzGD3Mq1OW z?4Q!lQ>CMgb@~qb?Ao$yH(o-@8@Pl;`GPXCXZD=LcYNqUo=pO` z&6tgYZJoJlPpYQQhDe!)rvZJ=rQl@dZjS)ry2h{Rid~FO;wI|S%$X$XojbVtl8SPs ziubcVJZ6z5Nss!1&P{>R7gb~Cr9agn`pf?pB>MlCKQFV;>MVIfv#gY}zIQJ6T3s?9 zdDE`Cpg%%{^O-z9Y|4`-KO{#_-$ixQu=}}6S>SVNyUX0G56z*;2D!%Ut_|X>V%oyO zj?yCBnKh;)i7}rv0`HSl+^xI`8hZd6bI{`Iv)JHW;rJaoAX)zk9T0#`|KA@z{#|I3 zQ41(nzfW8meVExsqD|BW_!Mf~=zl%O-yg;AG1=d}iPf*~xR#CR|R*OYfKwE{0K z?+9Mm*~#A2-4fT`)dSq3Yh&SVjmsk-gv%voX=7#Wj?2f5%O&Mx@8qiKY-$ef@zB!K z#@tdv_5m)}0~>cYHA`11CkJOIM@vU{+s@1^G1zk%C}hUctJ8iG_6q z3mY2?2bTyJ_v%$#5&}XzqFW?nWVc9e-n>o4NOPNlp7Q2RT6S9cyG$&sEaWsC+#Jl@ zjLd*f0G{L$Ha0dc4(<(H+#AfdZ{BA9AOHMnh7jXGs3FN1m+n9=6JNq0zVxdVLId9C zl}i^tkUu|{E@OcAi;Z&?_ZqlE1rg-(B@B$qm>5^CU}A!M`-8uSU=m-sPRApObwk}0 z`;H3YCawEv;?s9i3g>L&GDZW8>exPt46PEG{jttgihp_TD-uuAti&#R7!j1b3JK z!GbfmyUSp~CAhl>_rU`M3l4)r2<}b@1PcyfV1g6e2>NTuvj2C4h5mn{ z>^}(m-*hb@U?L;JnTL#rAck7S=}dbieSa)UAuXQ#}6F9B9QJ z&>m<1(kkIt9%!Wr-*9LTE3o?x?(dGiJmG(6dk*D;=I%95yzgo9P-gEHE~%Rz;@~+t za%Tb6cQErl8HnUg1Pje+{SNzV?J-q1!Ys@fG@kE@Y7k_gLv;<({Yc}5YevcyRNI2DBXg*KmSIz2AisImep3=2ugScJT@<`5C;FiApjT$)-U(r=cj4teheBEJJr50xkG}-w~Bs$!6BRv5UBA99(i1YugvD2 zT!jUGo7*_!+w@xPu_h&jpMkXgvy1S0+i1FM_Uk03o#vtp#>z`7F_s?*X?2`vy%{tv zxSU&l@eh@o)pWx;*WZsx zd$Y3j_ddqk?;Enm?^Fidc{G+xhY0-9SFm8m++aDC9IHvD4PrOJClh4x)#3^U#|N^fnxvIvxvPLSF+Mc`kSn7%86Ww{lINP z9^ibv@r3Y-zpw2>I#I$y)|PS8>_+KXv!hD=VF0`6eS3)Uh{PVtUTtC!)toTsINxaM zE4fM2p021|I!BKHevPk_OZ0f3 z0@By1rVAoTLxA)Y@z?W*&d0;z$A5CoptU&f2TPj9`YNXB&L_Vx6M#;r>t@ZH2wfs=?fT*)ThpFdymPYO5un<)ZZ(A z*6o+)k+w;gX!a=An2I?yr<1dy|0oqLCn80G{Tq49NUPVFd7AZ2*IWQ^^}?b|A{X>e zpI(u25~_Y0Vv6`}vd%plJW>0R`Hsa#lw!8#@W|U&*H{6(`fc0$Z#EuS8~na}*qG%A zp5*XZo9wE8@jPxAzB?b5l?LK?y1jGu3r<>`Tpq^MtoU8`1oSb9tM`-6yEe|?@G z3#H^%MdXu9D#Add)piZn5dpsXq>l5E*E!0Vds=kK69;48Wzf1~Qf#5vMng*|dmN!c zBh(u?-aSWmDZh#OJ}I9dc)9j5UB;O91o<*4Y$zDJL!tnS=uURl8K3D8*4$1&&zOl> zN!v&G0?`m*xf$0*@b(Ge(5h%i}@8g;_tH)@j5Cz7NB<@cL z9|LHOOzv3{DT04yL)GpHC!Y`o=BK+Gy?eS3Od75mhrV^6@Iv2X34-9Ot5u=;aF6>_ zXJ3Bn?EUpiEok?EqXjfEhJ0hVuk@_?&6u4*At&A_3DAWiZ~@h2LLe!rGD$oM8CFdo zJ?FV!*7WoI`=KHXcVtR`xnrUn{YA98Dwp_VOGVQfiAX!mznZ!1)OR!HiBf7%Tt}JU zKoBX|+u5ZUSJp_ha>2j{t@oF=`l|l5TK}Xs@uly26>rsp2>&E}e0KPe_zE`nttvP^7##*d+jgovY{~r1!XNzAQ(eQr$ zPS@wX-p?-ju99-&m33Rcnj4-Qc6Q}z{7^D^1mHsXDJ2Azui;en0G`(0k3+T|Aa;`e zsk^K!ck7S9VSId?D*+}KCv^xZ3MvQ)91NU0`72R>g4QQSAXP5ce(*_iz32B^8(74v z3QdV27wyfIs(yMN#QZyD!%6F7tpQ>kccmBOIJN-I0hlrW`xbdC`XmX2P?oVS%Anbw zBnLe3+_2q-;@D7uCVNQ|p(6yLK7=K{t$N9o#B>1!|M>yay{Ewj+|Mt@Gc__wHqW_J+HC~*9fc6suVI#oz_-}7Fi7-7wYf--idxfvvwC!yN z%7B3~LYFHtE24Njr4r2wf=;dA6c42q{K%eel1FYi_o{ub?hizt?IUCxV@jm)NseDD z@@MEBBjtReU4FaMP1yxl3Sd4?XaZ+hvHB%kRDHWu{|4p_ogKoH!u3Ivjs;03dHw$F zuKD<1)DFSkXRrT}D8DZ|I)EJdu2H6E7f7F;qk@P;YZZ__p?Ey`)>gFYd&tf zy&Vl`>B2aCtj7QZY#=5A8i|fcb&x;+V5W<~rgxK5{~A1p-q=YWNs-TN=w<=P^JP|` z7qBwLdG}D;MRgqqI_=OeTQl4f1ckq0oQbC1QJO1_M?8Dm!>+1lN|8pAxCObBy41UF zF25cU=wO4=vi+(kTgs01L~{EOp|4)mx;65u_Q%9V?mEYt6H%7O@f5p9fTL0mzo1jD zt$RjGeY-UnXgR6pMQ^4iMvL&4!bP$i?Y~1_JY4@72>lZ-{Tpii5BNsb)5*fa*4gPF zVC~-*|9(c=+0o3_2@cOVFgTwPn5LN%98&%B^7+=kZcA}I-(%y!5`%X0=b^cslw}q!#g-8 zb9S?I|Hm^N|Ni0O0|L3Z;e@htaIkT53Gi}qalw%o{ECB(p9{##!N`;cxoy;G&$HneTs(7yktZd7ojb zCdPjNM%iaf`Y*@`r}keM(I@91Fv=qLBDuP&axI%}6!eMBo1EAIvy^z5hrn(J*AG1j ziCofe{Zw+zsbR5saW(iduschD`|R$BHyerMr@*J0ni@>RgPrT~EcXvK(KP6x|M&O* z_Q3zYJebtE`(ybJ3!QE^yhP3X@-3`5$#~{^mYK zlfWI&k(hb-!d$3ehh)ALY!&t4BNMzFO&3?opQ~%cT0TNY9!2`Fr(1^CFC}nMPTmZC zY1Ll8x~xg2J^vYg#L;FW7%Y)*HyV7g{-CCciy~o&a~}LuBd0Nhu8Q*GclVc$qu?oV zGHOtJR5`PC_4KprxURj{UUEhXqiIhosnR;?&5~JyU=_OHh>7;^N0~ z_*?DpqL`9wJAUbxyaTcy`mN390fLim^@k$QmeASf4vP@y{+)U*vTU)zX%VYC?J&wK zE1xigI84t}8Y0BC)klA(eaqM*Hr-?q4zGG(I|^G26AMIryt;0LrArxuhA%RZc>9Vs z&ch@wq4InZHVY+aBr#7Gfw#Km9rLODdVb)y*<$NJhm$LM$KBfwX5Z}-oTMj>QA&7q z^N3E)CiFTR4K(eP`QgTQ^m&_7?}FFV$S>rcsDA)>waKYeE)vx+;2ggW`1w+;N3R^} zYf4z9SdzOGOKCU3Q8<#nth*m&T&u*u8#Bw`cadoJ$1iszgF~mK-c8B93+DP5cWTJ`_x_KJNu&^*R8cg5NU~^cvq}4U zH$3Mo&iPCPIgfX@{_!`f**o4&)7OkC_Di%QmlyOI#$Qz=h>xw_ha8;hip#uXn_ltdh^# z_pt(;{`_-?miZS$`U$U+?z?}bQ~C1q^LfK}B7J678Ky}_-_`1n%+SY(_wj|ti%lMb zbz)7UB-~Tv4rce;DF#O=lcn)M_lz!BkvZZK9E@FD+UxNFEsUq;gQDI&waea zhnoecGg4RUAIaom-oAzM8@kbtyuIA0>U zz2^p!PZcvVaCV&hs{XJ*QIDNHjv2t6$UpP4zZdh-L0XKGloZioMCr6fY}9yol4OXO zDtH*8V}k6abGkOj{yHN3xru>=dcSM-3hy!>^jal5Z6 z;w|O1i}CjQ*0>$xKV1>g!=eI8ap;X0LZ}p$kdf<*4Ng@KIDekVvj^i-J*YhklYO5z zXx|Hr7^i(5Da?W5wBB~nF2Ezr#umyVD?xHelYc#vtnu{Hh)CmtQ!@^yRyQt$D6`@ zsI&QIW%5tz#i-g3Iu%!d8QJ@GtU(O%63Ksvwe&o-ngAHwo=kCa9`!IlcKOgz#Hp+r z@5TA+F{!!!e0oRk@vS;ljeG+VXCCAwpk&sHv(BDBPoCKWC>Ha{uAYJ=7_aq2xN{tsCDipwkoMcM6ZV(as}u0b1t7&6 zr5SutVn!t$Wd{6xz`o))Sv+TcmBbUTREc1T`P{z+ZH>tovK@-6jKZ!Y^gD%o{Ks-n zJlPObO^XS{FwQ(G*rw0A8mZ?Se0<9RQoxCv3N@ARBAzWNQ` zATf*}4@>%z&l9zcm^biQ{DM02*?epKym8v;q${UW8=oo;WWH0)@v#6Ls_oJ_9)38t zk8`z%auw!=knnRQ&quHwYZ)e-v*7sv?7FS*C|*h?)Ln^Fx-vre#*N&00^?dOpG81) zsYj}tn`*mn71z6!Q?q@eD2w~psFOR6OpEzrDG82pd@x}&E&wGaqc7Fk6wQFl4uz+L1*HvNci?PZmMfb> z0NiNto?3jpR2HKGlX-HdO%)KV|6s!(BThNLKbF@{`N}3d=>ZPf-l=e%EK# zr`(POxCt@0FZ|2A_M0?a3EUB8FCezn!ZO|SN1F+&iDL+DGcLTI+f1b6)tc%~h9N?z>uONV%xPv<~}~`^(UUrRdmh4*p2gL(Pk+$XX2< zE@4u#Bis0PP7RHrVuDbP(11+!(@bUcwj}<$*|p=|GD8lDfB;@T9SwOt5m~M2eyLEJ z#L^Hmst>K->uB$z%sG;1qS>O#&--7k7D3TtbyFe6C490D2s~uFU5J|%V?CMUD|oTy z)2$l>92;XOe;ITeNDGmxEQ8}OQst`l`#5#?5JI+C)U!k)3-cqua9wzhsd7=jTtqd# z5r8*r+Sol6?L~)|+pT0wnj@eJujYR{>vIa8qz2 zGm${bq@nT*58q?N#c3~DAO0?8j-%;p<_4}#)qRf&6FEgZGd7{5lh%LyE5}TW4rNK) zBR5f$V+<}5J1KL|(Pj_zlW_i`$ca^@_QI-XY^QGU_0I2Fq>;g0`cd4H(inrlfm`;R zJB`)m*m%=G?YgB#$hMADa-bR2bLYWN)rc!8NHgN_r=J_aF5@-4KMCNm8jy0-MuwOs z;G!s)pj)474Snsr>NXGyl{)wfIvL)wywn`Oi0%bB1l^Rg$?DLDl@~4Bq}zKe%1h!7 z5J_-(Kcr1H#k*2#N6?GzaYLpipoigSvTpsGuM4VxjKMIFSV5Ei5?8$dm?>(XM5ag2W@GdyIcn`Z zvWK23vFeeNX`*X^ngP|L72Qnbp@SL;73NuXJk*Ol`D^VJE+#&GKFn!DJmaySUt&lw znT;=$-AbC{1uAqwYJm}%sJjF-wr9+5M3XG2heOIww!HPm=qU?SBIS~zo~+Mo(;v3q zz}>@>ImvaEcAmybcjkPJ3p;2ui%K58S`*!7y=2L(nY~t^vG*WpFY52uQ&ARYq=0zF zOI=`G3sP3-qsvid{73nv1r>7L3KM?HqH0CFeOZ<`?}1(Hb*rIZb2qp?m~j3k&&i1L zCfKyi9dkU<>-!<$ddA1#aQDriGnYe-en<;~W;g9pq9J8#p|gIWVsgb8BU8#b4%w0$ zq{i8&u-Dijhf<^h{ipA#C6BAdTzRmG&XJ4W~YHmxQMVYl=#s+oq2d5jK}=yl5DeL zY0!nz?61-IO+W80;1!;Ak}{1JXUFGpA>GmQ9X;4l`YZ4AGUV(o8=A2$Cb&0!9c%Wb zGuckI@Apn7dA|-v=wFC}lk)60pDM1K@G;x|A;s%IqV`-xiL8GUz4+}F5c=0EbZX*_s z0p;(yHu{-sHJUdGi{u|+nb&$L5-%_ffh;L)5%Sd4gl zvIq66_xgR*3tgWjk##U$>NFiV`D|%X;jzMXDau+)DsXT54V;V=`aq$6e&E8UujZW5 zzz>xcxCTK=wKJc-^ndFoe`M=e`qW3F*nP3ze$p3kC$;ux`=mm&5$95YO<`K^yUkl# zwVHTA?Es(JJLwFOLQUN)Dd$g#+70w7Rhp~1HFUIraL&SHt`IajRpz#?WijHf@P>Wn z6nQy~7s<73rFjo;y6l|oe!cAvmqMF(*++PWbZ4rzRrXQu&mR_~3WwyZ#YMX)Z^4-; zIgtRDInHsdA*s$&HxZ6-xma%>R+kYmX={;~FgTPI`3%g@&7_ai22DltX=n9vF70v+ zh_a}*`;|oBPIxS~szV`!#B>=34aza3noFqLJMp$%ZPR+TR~645KXs|E^7($0U%b zz9F{g3T>1!QNX4TL6SMyCUu9w7-Q5?dBx6%P?CP6~^=AD^5f(qoos_#jvI^ z5G^wv-i3CsVT4K&5p!q#{@a8g$aUJ2r(>`x)2eX#eU*!!{j2P%JQ{fTrYCu)aas%3 zFT$#Kk@U8fi*gGKZa>41oy~j6!iXUbC3b*U*mbC6v-Is#3636@<#kj-^JTpF&OkFJ zMpiNjRuZ*yWR!;TuSkBQn4z?vUg2b(G#w(I?z}d8+?h~ZFNyztN=3tM8Wpa4 zvOH#Bi%(ozVUXA4lW;uNm;N`$OVyc*3XpaAeXx< z@16fVWmsl&ak!))$!;)uhA^6ADU2T2*;Sj z;Ke7WLPxlyy+iDHHpzQ_|0>FK+h)<~8&L-XE9*h9Y0_59IrR%<{&d-= zYm7`mA~DbITy7-Vg*je--b(>U5D`SRxKqVQZh{vVzD-YkCc6WbIDOX7+T`Rj=1pPp zFUDSV5nch{sO<_q5k2FmxGC+)&lp4>k2ZGJM_e4^%h02u_#qf8eu`F6ytm%YR@+`v z)yIQ%OoleB?}SW9cew% zaf(*TEs8&Y4J`?ar)ImUp4|`WEh9tcC)KI$($CrnTW(So3H9LajY{p?va=DV@@?Vm zm#$M}uNJZS)ug(L+BNXjuU^q>1L`{;>Q&ZYu6JI6w4HXrFGh+BaV-)7qLx0ezW$<6 zkdy+4+$SmmCaH0LVOhDNm-XuJfF)rceX5*O5bd+u@*-lgEYeLR{YQmgh3kMf zWJ~R*#mJ+ltp(kBWc3(k@@00yk))a(YkBpQvyHfAc`14yZi?Piv#5hf@BXQBG$1+V zCEDQ&{;3jG>di;F8p*We^v_bc^1iiWsW>oeDcgBC ztbxWw3RiMXnO&k{KgqDw1RzuF=lsUC2Erb1eTpEQ+H1!HsHNJ1d2S`iRq=s=gQN7rogVf+A0Qy#hUwia}<29XgsY<>Qa$U@xnyO1j;Yk=f>@ZWdiO6SKcs7<$$Y9y~yGyfjjiax~| zcV~!>M_Nquq^Uc-QB1?Gc40hWGIlS?7;yv(hR#8eFh7R=;3SuzMsi_rB_XUR)3oAV zKCZn~h^VqP9rit4@Wb3uX8m2GtrGvX5JVIohOOd-xh?Fw?KP}!?I8p2^}*0};<3v} zxY_WYczo*^KO~u63;i|BFHX_ow}HlANEhf@z{e-;U|Pc0PRc-(#-R*Ce^=Ec_S)Va zPQRmyNpkIi{jK}OJ0k_mhUpVAz97Qu% z<~^ZZY0O%Nt1- z?~Pv;;I&D%_SP{w`;bv@mA&ZRLI1w3S0Lhm%<|34!el=6&)EcZmQd{bqXZp!Z{?fF znxrUlSj*jOthSBRZP?0$r~c`)GsR;m_UnaQ8;`NHTn;I5lm*3Nw}-JXv9`*xSscY} zs#s0?QZybYypOZMjlZ82%bhKaJq6h2eGWax-cuVRIBab|;>I1gECwcK&57!Ce zM##hf_;hE9GD~QBQUB`>7$%v5r>)<*x1(HDS4q zgOeYTU6tv3IK%qM!_H+@C}8i;`Ig%g4&M@!>VMD<*Jv@15;Y`O1Sqly(WvS;7B?Z? za?FS%M@pof9@Yn zgI*Y>w^o7wVy^mxndhjo#lk6`zMGRb3x;~cE8)D*idB6n?neI=RaV<}_m>a72I`LF zpp1IIs{gWnUUSkmY|41YBE{~L)vvZ%Gti3JR&uFMoGitwrHX9->N;!Q2zF^PJyAp< zoAE>N02OD0-JWICn=u74xSc{Y!-@(FV_qLj7o)7?Uh7Kqw-LT0&n;4!adH`-@b#gG zV2U(pu&v+rv3)Ad;n8uVYWnuap@2st)2z&5z9u*9i&+07Bvy>0!=RsxNHhG;sgvj+x6P3MF46RR%@z-QThTfG(m$^5^K~x7G(rW zH9C#yFvYp`8>A7+73rbb2+q9hnV7qDoa%p1`iJs6eGJ&JI6F0@Zp=|^-dcx5U&8AP z5}qQ*gMm@)IsiU01V--%WAV9Gp63fuAaiZf0Z}Wlva|+4dU3Ig_WfrYTt$jgU1L-7 zY00<_vE6DYqRwJ0e|h8OL*-Ck;T{-O53De=?XlBR>9xbY`5%DgJY97>qB3ZP zrWoH(Qc8R+QfL*wUwR%A%syV{UxBwM@#~?1JTCDIEyhBP zVTuknp^W#`$H!VQ3jwW~m8ru?to$M=8UQ>3UPCRMvqCc*V!x@vK15m37rbg;pE~7e z^Ik^Abz%2tr_a;9{{XAK{;LDx2~RP`y8yHmm-tL`%#vF=8*{Zgi{_3DG~X_{wS&qS z8STs#Bn46VrM?E~4MkWMxu=5`43B_CV4KtAqHepfu_8!>8k3^-?+cy%RzKPA(oq$? zd&FS4;r64ul|7J}oJi>3aOpLp8g9u*z+4%q-gC+2E1co*t59~Kp*%wD?ht=Nu6c_6 zPAUR9+B8u-#v(EBm$|batI2w`*mn}ED=JF!LBMxITw>}7k#X+Ch}99_g;_gJ;?&}g zQO&ff+W~T8UOOr2HF|I6G*&Sj+-};|BdN*goN-ZHjY0wqrH9>9igvN?UNUM?Sp0H| z=BC)p-Bg)Uw;JaEu-(vIAktD{0)Rc7o;o)02KX}bgxbfi#xNQHh89@fpH_B-#$}m}c_c4~mDG{OtHgN|?0p0V+fe;og zwasvpaHpA0?E)bj)-FsiHGn=8c_)CoM1~=X@xnT1E?x!oO54>{#)dJDE*Zt49jqKxh7)mW9?KB z^}JQZs=kGGalwi@lex25EH*SNT?9Ur(5e~d(Nrw{^l8n^L+RaWYkNb|YYGReltkqu8ATTKC@SnGxOOABwl78GmT ztSOQ-eO=HsL#F0C=J_I=!ZUKaW*3z1?PGts5OR6xG)5nVoT2Q^%4)gD`Cg@JODtS zk%eCbBkC|ZqEZkRQjzYo3w^Bmt3SBf!_|{Lq2mj0gOwNN@Cc;at8>Fu9L{`#`}avE znZiiKjo2Y7a7Wxzg+M;{c^vJ#T@%IQ8 zXo}n1)paM~^;%CRhDvjV42pkamq~k9Gd*t(OB&_ ztWugPQ-AkOFXSh)cirURYFU<3#Y0hz{LcsbKVP zjF6_oO4z23w$))|g+|~QKjedOpN0?p=UHNUj;<}jJs?`;cDlJT%)Dp;^P4Bjz?3Vu zq2>A1Afm6Bi#Qd=<#JKi2NNEQ5GGd>%lt7?qn@Qrd)-XK(FNvEs&Dpl`Pj1rRBj+6 z=7sH~qs$opMy;j;m(&2^QLw6~(?sf~Zc-5od^R^&8kC;3DOyQ3L4@|pRmyEg6~qRt zixqPA&i<3io%g-soAcFXkc@Nq3ht786|J3=NJ3!x&tu;-jZn^kQelU0&e_*A`TH5? zG29CHbS_fb-srxWu3hu^)V}(_pYP;xy9*|N611(O z1?E&Y6IR=k7VA9qHxm4SCB+5nHwiEKa>@7zu$`!c7rHVS!N{siinN#B({DeuZ#R5| zz1Q^@wgcCvFTnhCa6kBlBWrchOTygGBq*mX(_eY)8_I1Y*jc9k0Rag}0@R@JQNbMr zI?}bb=-~w!C#5D$P`rrQdmTj#xl;rk%Qi2%Wd9qFfss}n0NYkcqBEVR(Wcd=ru*0txoL?E}tzL}NG*B7ru&>nr;jWycV5_ZiOOk6w zo5JvbI{=_4EwoU|{(7^y@B1^Iim4>6^9McIOn5(#3i$Kj=@InPy{?1>1ZD=_&^(0M^R7euZu@j=`a7|t5cY(Sw(y%g0S_3-9KK$d|9kC+B+ zy&*{|cbeqD!g zztR2WS$5uhe!WA|&`DVj#CMG^RrM5r@~qkN=fr9nrfL5uOJ^QQu!@VT_4uRROHQ<+ z4z0_{57-=wC^n+Ijh~ zyZ9k^0~R&1Da*yANfq|qZ$CS)qSQXPU-E_2EAl!|PF`LCaiN*a!FIAX0l%CECpHJJ z3*S6VOMyH0sJ`@fjp0A^3LnNcX*77BPIn0q3b1+es?Ema>gb})w=-$j2V&e@MA`Cs z2Lz}$P3J}Pg-1OnF+b6r?Fnxu47Iz8@Kc?1-(H#!QE+pw>a4r~z&Yo!tt}+dX~yYF zsg>1?xQ099H!~N>lF(1f1qMt2Kf5ZgEqVJFu4qt6aKPS)=DZx}Nc=&Q*hk$XU3<9P3TbfPWpwKM_g15#9Jr~`iVXI*y~RP$kpPo`7FYE)uy(bHSsXB{E%X*!4<8`XgMXAz~b4A;gPM4EEf zR4%oJo=rDd6t3Fwzx@SHbBBfI0x9|PpBi(SO(6J*MaB@wU;f4Vh1aB$s8KJ$xua_% zZvCa&Zw!;KoK);6LVp4w#fY4)hP!~b{$QSV_v9a7VjZ%KAw`%4|z`4qCPpOUp(!L#O8$dyCyynbh- z7CuW3de`t`#W0rrO6q2i^GfZIUB8(i?~xG5-Ih@IQeBJwXe?F@a$ruNC@Xy0Jg*5I zBS#y+AC6ZfvVLU?AXt&pVrI#ChasX3jNuQPiV=n&X*~Yqw*u%<2X1XhBnB>?ERaXa z*-al73w?5j2scnRHvR@@L6GYGnd;p0C?G{0`yV`0QqthrRskQPrBpAsby+~eI`Ap% z*A)5kBA^@GC@jbyV!A#JUhNX9i`=HQg-tgL3k&Kk)JW~@Qoh(Hmw_r5iv){d=D-bU zSIuas<;_A!r%PdB%4Q!8-;ki)0WGvBX_&Swk%`&%>14XliD&N!JOdMI8x?2OXEPgB z`~hyY8)X)N&9#=@_BlYoKPk+7uHV4}AOmILvu=9Xn^OtPQf?jHWb-jn8LrFJfg9Z~ z-VdsjwDgh(=?Y)ETzP$~xRi3(NrPb6MN{FT-Iq7YmcTP+oPP56D)=X5IQL}a%EXJW z5byeIM`>*pjrks28La9xoh~=(6tj@Gu^9JsbvRaVjm@lr4^p>NDR&oUGO7Ld1`EoL z1tU{F1K_fQiMwulzvFW`6jfOQsgGfI_F0#2BW+KT-24_BCovZ*xcM#0KD7UQ=yq+( z$w7KaO_E%e+}2xBVN*|r43|KafPckBaZN2(@Xh3Tgx2Z#?Av1n85+hgQ81c+ae8Hk zeN)z+Lej}X_ID5a#rn2s5s>JY5xb#Ec~r_QO73i7BmYxh&>+QarP7b*en}`bfR6iv z)&xQ|(j7MiU6pUD#?)M+p-EPT-9+|Q^l+3VFlVq=#$4J!v{7T9Yqr!Yg6l><5P3sJ zqG86B4v6Fo?-9)r^lW=@Ra~=YO8+QfnPPRu;{Ma(klFcwO8B*Z8+?;Gnol0{oyy)B zS+FrG+u^acs-Lnc(sJ7q4#xFvi<~tOWLLN4iE30GDVth=J3L-xTjbibf!A}3`di-7 zb*qq>7Frm zv?GO9u`~0sH-$+tcKCBNe0>-vA?I=*aQ0W&D%;TbB&YbAayiuKpHbqd9P`zF84Zlpc4$7@BPCJH^ovs zpnAWS%{+twMDbDA@If=(97UJv`p#Jlg+3Z-P4g5HBx^=nWB!_Nt)pb$ttL zDyqfbyG;R5D1P`Qt&)4{Q-``#$91JO(JAuV;OcV(L6&-UvL6F2K*lA0F3k z`7DUd3EwlfKXtQBDXx&HY?>Vc%roMSn4ZXf+00Su z%OJLofKS&M)(@jm2U=Aba69)kgUg%t_fjfVM1>72!Fl?W7eVZBgRqYFpk-r~kS!u= zm;v(Ll<(9j*&do%)N`(Ym~R4k!01tbp%~5!t|#T{wf9&X2}Oz&!)DIqXJ_5i*Mo06y<3$|l{Yp|$-Kx!(Yp1@YGSN!0>Xd_n0( z2^ZP*bL=%yK=@dPiJeR#TFwdk|eLyHrz_qK}Y&_kG-} zQ{$kWno>s zQ->xEp?h^PbN78YY}*sJ9b>~0k9jc3LQ`vdhIj{X_Ia|4HUh9lXXgdf7Cv6P1CG5Pny9*!p|ROz;9B?hoVZp`+IV34o1oJOp zQov7de?-H=*KWPi=(F(57ibomXO7F!$IXIV9lpj`w#thO(IY0Os39a>Wp5u+g;~8H z8)H=t+p1;)x^y9QNHcCVwSTbvX*l?*cG3t?POfOl+%}JGu4sl`;vw+WFyZ-N6%eRP zyXm*C#muf)_no!eQ^zvLD{w-l7G>2R?Oz}FtCDT{`N~c0a>7zK1f_O+t|d&Vomyc~ zHqu8>32qS%B|H|QezqxVbR^>c%LvC^*h&7wO}&M!(!8QVRrqRX$e*+@!E?9ay(LBE zs)O;W^#i6H;kc0WJuuTm^=Emv&mDGR19i-n4A1(BeQ(QC4eF($uDFEIAux4tCXC_P z1HZDU?%FtrlD201w{!Q~CPbbe~+GHS?T+Kl* z;usu^V|#CSAm^*Go*=r^&B`5(Q)`(@ytQ$VY^}o<=)V!K@r&fo8_i$Z?>J zyY3GS7Grdnv4Gk&l|WoWN)mI39_1FQRy8ei>z|i^us^7?vfp@mNMZin3UP773GbZJ zsbK{jr0iqXFwf28I0iX~%onFU2V*Mkl<&=!_ad1X6-sn|V;7Ir7r-aMcfg`YdP4(t zv2%;n!4xo5? zPsRgLtZeajX&)t^;1~*2g$e#$TEdC}&JXB=h=D39AOgQ!jK5cL6hL2vuN<)a=l!z(T!C^PB#X|Q$uVOJ7 z8P-dwArt!R;;o0C$}eOVF%{A2nPd>*zBuVAZV7xK4JO|Ul`2Xwbk|FSsJmxEAf;yy z-IlItg%HE|N^hW7v3vcWcxMj+iYOfTAzaQ*ri$r06~CkIP(fz#GzpTV&7s`!jF`=@ zoMx^rwR~TZgtee6{2Bf+$|FX+<$9?M1-pDNnr5~fE+wXgfQ;AQu4^3XEykSQuFOzO zZwcT7@djHN1oysgwXtSEKdRiq7~u^4K6R~_9<+DjYKHw6RLkzBjfS9wf=d{+8#}{A zhFuAt0y&`0aeWoE79|s9QxNI5f18d{7a~I%gcLQ^eVgSBAS?BzTEo~uX7+g3Y%R0gv5UwT{C#-yKKbE1 zPCB}q=JHrD%;Q1Ip4^+o+?%2#bRY^wadeVmkj*V}vb)3ktmC?PIYqQz4fMoyauGGJ zcRpbcP=3p6hZ3+5QiAe?^(kkVjMT_=4r}Lj5Gs-5TE9v1Zxt!RlR&!3u)rg-pQN%Z ziZv+~H|y?#yFlq=a*$kzgKJgwp|TLjzn^Sf9_^`EP6P*%#-|E;-!egd$bV#DpZSt~ z{lE$xq%oB1jUmHy)V5zE^tY|CW3fN?GW~Q0rCBH<`rc(HTjgX zzQBHdj9!cCuC?9Vyot^V@PN$nu0B@Ybepf$dQ^@LZ)aYRqdqpJVgDgJ5uT;OXb#Pd zF4Ci**QpZyRJf_&8r{p8>rRnASbxww^kcJ5iNcnc-)hLJgc-xNTBdWF+&YI3@;3c= zh^=|xqvEhuDNh;)g?Av`kv3N=0j7CBE2-HaTzuqMT*kSgHeG8NaCX0@oP8VCYTHcW zr==swG{Bu1WYnPK_4KLfmkg;B3>D&0$ul~gdW~K+@f{o1NBZ1tB#MNmRqT~}REd;7 z{#+M3f>eqs$3B40+?gN-U;FU1H*0PyToayXd5r}qvfpq8p>IDr6pXQ8$vF9RM!(=^ z{p0;=HnKj_Ei#j&hNB0|yV==$-DnN#Y9w2t%LxFLEWTHnzJ@&Hiz7%=o@KLN&+Zw5 zeN1OC>~)3@Jbs&bj%j_f2+Zfxk2zS#`sIGs!)z(%WR$;qy#-JFPUyi~@!bQ70O~)A zgd5Vpjk8HKfUj*pgRpYB%FdkPe{po?@l5!C9IsT04CN>`a;CXT33H!A6tWQ_q=c|B z_mPS@GUt#)lCaGgnOhBWA2Ij6xzCZD@!R+J@BZ5M_`E;w&-?v;y`Jw+A_W$pXvawv zfCbR!z4imd(`!SAdVdKdeud^4<7J=MqyWA0ev?4Yp3Ksl*frDe(Ow~J6<=jRFL4_q zbtgk=y$VWnIF+nT`>-8p8W~$0eNY0DLa4gm-XeN_M?hDtqAWs2c?&Ty>#rZlRFl@# zmYUkl!U9dhh@`l4U@y0gn4}(yf!o;gaO!JdK=e7uE1)Q42?!&y$EHJ#?EZfDO!2Ohl)BE3QoXL;SXgkaYm z74W+|FqI=x6Cz&5XtC_3>;`Tm2!fJ_ly%N*5haa_jRO7VnL6O<+ls!E1=RPcRx_uP zv!sge%<(TL)hw4dlljb{3Ri}UAyUR_O4uu56D_DYK*N231VG|{m*MR#h4+zOf6~)n zkNfP?sMJqo;77ovX}{$bN-lV;Wn$(&Y#zZi`kGu?bxlF>&nf0J)ZskHld4&s@e)<= zRIPOF%=XRB+;yId3Hh`2fg4wb(JX7cZ}ry=wx}{*{TrwJ%TF8=_lb*|UThbu*DtJZ zKCRkWbZ~H*!TfvdPEgYq86Ou+ZHHeE=adSpdt0I{rCbC8F zj!;by+Pkg&8TmkMs#Gh}hM$9VwPp2p85`mJ9K?{#ARA-w@GPcaNT~C6A_ny*L&?uR zg%LfMTM=I+&=nZb+4!;2WhAY?^ih9loHgiFG7ycydE;4hVWqLI%#Nn_E`Oklq?s@E ziTCpd5SGSc7ru`ZtJ3)O-JWg?8na!>bNQ4lg{TUy8Lw}v36fCX#NCd%t^Zq4M$KWV zT`JC6buQay-(M__zo&Y=SFS1f(!ksA=vvLnkE@M7GB|yyE0Lo+;kxQqBJb`SReZ!_ zSEy+g&8U%QN$46>a47F(hI&o&1sq#VK?fJN$54{yC7N!(%oPcV(^iJsAlz6z#(#%W z*z&k$hyP%4BIvb7Kd>2ZU0=u{McBsrn--EJO)t|$DQB<^Pdhx#u>2OR5te;W|K%Rxz9aY`bBv;ib0|` zeUo+r?)tKs1t%gL_7hmrc0=|4`oQgof8f>md;Sg4<^M%`bU;DNjj63yPJYA2jE>}7 zA+GJFH>^vi7@~r4GQfC1JyjT!BE+h7r2(wYEWF>?G{-%LXqmqyHtv!H?#Xx1aiSK; z#e#t*7qlnCMT^F#j)_RdHpkUt$t@e(-#zawWVFL<-W9&#W0v2SuOl_Diu*AedC!!l||4&xZNh z_G5Fx zS@c|U($DNSq|2e=3hNrZ8!}T_$or)F6+0x%e&Dm;=iopMfw4IDMJm(Ym*W9RgEtpK zBf~=Cw$LU}xImd}`0LNIODz6=a+~K}pDL`E=u~xJ*!E~VEaMe;utrlehKA~lT1{)~ zs=_X7T<3U^8DvTEnv7fq|NgJB5IK6<1{|CG2_(9MMt zxTD$JJfq+J?VVTj0YrJdXooZ8t;BqV3Qr@y}Z zZu%#)pqrpTV@@!R!=Xy>fYixB5!gk!vBLy@xXodpodhG_j1)g;H5{{JbJK43*v9-i zTp8{xJhHClp8#62A={iilPAKS=7D;Tfgi#Oj^eZbdww7n1?7|zbD~dSFfLs)#2V@- zK@GGkBL|k@mG3 zG~A;qmG@l4wBEf9Fj2Z?^z<_5en*T;5@|(3RkX~3JGCu0;+b%FqQ&E_pn|uA|IY5| z1-6ICyH!>bF%O(l|!qR77Pb)sFMR4JXH@ap_-iq`T z1YJ~cn5}*->Cd(;pM2L%4b{-~MXnZQ7>sLJ3Pcn0IQp9AmDlN%nst*D7F56 zuYj;hNx_P1b*VFqD6$12D!EoQI@V`>3`Sa)vQQEL=l+VFiG|FA^R)SgZuApf2oF(y zB{>kf4iBS7ywayb4!GB_^w!}e_fq*@5xKo=1Etw`Gs%P$HmCYo_<_es#mw<8E)LBiA?&7ybNOM(Nkw^mx z&b&A&RVf7tFUjv6Z1-5dO&Rn@^U2 zt#1FtKSh0x5Y2<=UpuRLw9)u7Yh3yFN;gh#TdnAZ(zkJHiS5pQJ5{2o6m+`L9Jfv( zF2@QgE|wxtiVuLPIL=tlrS-DP2(>qlq=f8F_xzpIDDh9TxmsQ2tbO zJ7UdLtkiz{CiOkq$XvpXEBZpvT0(J!pUz}GT)S;_mlq z=jxmir~%eGe_U?vr31<`hT!Qu*zWbu>?wAomE0yd-@5BmXme>BNB_Bv^Mw4ik{Mz2 z$sX$2lEalJ@iqWK7`K;71?z9e?3&rnk&^v^w=eI)t}>|z8JTV_=FI);+v=QTntKs(VJV+|Y^?4~ z4^@plz`1tZoB3Cm+1J3y3Cx{I=qxm=B0YpG1&Ka~FjFhB4$ zKUaOz#9b0Tn&~PH4{_wN-&z|(3g5EXVr1OI>^yUAIV)2r!LoTTkzpEbs^IuHYLB=Z z4;*gQtq8cGY`aShc#QpvgDMxDKjph|hLOakhKF9ZG(Vt3QFC(*nPD%CJu^rd%g^W7 zcA9e?&N|`_GZbvx(nfFP3RP#fGH-^Pyql)~U89pb0{2bSnme?F!>!EY7f;>)gC1Rw zBjV=a90D$W8h(qt?N-CD9AHF}HOD7q4CsCrBld=Uif)kwj0m_eSn$$InQoMkGRo+y z4LNN}toRGC%KaH7n27UCwtd%V|LBIw0eEDvSy4muJ5NIz>>6}3EKnkWl<<@OYB z7^xkA!%%97FA}FE7Mima-0Qk-A|S*LGWr@JMrT6#2io1xaobsSg|mQIrE-|J(wQx zSq*FKc_p};pf5vVvm2oxP-_}V(gxme&yUPOGEzomU|Zxz{`n}o(j9AOHb*w%wO?1` zI%??eW(@o#dKb2IUg|v7;nu%qKXPRF$txaxsYuTEsjG z5^<3&^_n5?LvW_cRD0k)J-NQ)#zVCw(b+BSuh2v7PhRqBO@H!J3X@ezzOGbljS;%r zp>XFiNVrCoDY?(hN5f}zXMOzB%^{(C`(?*|A0|yggNB~~WLxFuUz2Y$`Kn|g+dDZYh&7J%b_X%IfPNid z*Hl5`_Z>Rcv&s#~|Hig^SL2%W6^SRJLH`PhLm9FybRO+Pu;yc0+gHubV5}qPev}M$)_s1Zoz`K^x!W?NJnSX#WVYZqmSC)N)mE&*+PeEPgAO30DzO&kULW@PbySB3Z2BDD_4348q|^ zXf)@2k-#CJN*r2pont0D7yd!nYA z$dcYzqu!Y_IQ%TDF5>L~(cx-+>{J)G3f1RliB zgCwk3n0!&Xm~CG~0N+~Wzr1jH4b~pMOi6XC*0;e;Lo6{WherAwIdQ^j<^jXMDLEzr zV3p6xYm?!N`~--*r?|@Q9cvGaunOV$Ogm ztlCcgUgp8z%AJQHQJHYYJ0dtAQt{EUt-=LWj-lOoZJY2>6iTFqsPKHpfm|tYY$|o# zH%Wk`@$kQ{#EbtwQxBrm6KYv zAAa2eqYvrN&4pdQ#-q2n zlodD&R`8y?SK87q7sAqV%GP;GE|XDax^CqzU^R5ohB-QhNp9?nhnKdbSBI%9>hTLW zOs-@R1H7s3aYeE~V_frOvxJagIgcj)Xkx{JufU&|AWmm!)y;FjOKhPk>%ehy= zzCj{xv_r(dPW*0(bpwSQp7_HarY z=3|>_D(s?{H{+lqfCWXdV-K(pAf%xBTsGnou5&t4)n+jkzZ^{(@^|##_hsuW1#A(8nmBde(vic>dC!^h7{v6Fjb-uPiwd?)DR`wJTr9KKPlsS zq>KqtF?k;LDe!?vn}DG2&#-UW5*Yuw)A{0Lp9G*iW@B`2SJ6}HhZBZ4J8)bDc|%nz zfNU(O`zl^n^v+q1W(BmyLft+rBg!N5M;);H;6h1SnZGx zQz>qVyw7e;l$$ecrMk|is1xo;4ly$J7Q+(RD_zj|3sexJ<4X9WQPtE|81-!XwcZ(p z!J#@uUyCLPyfTpBSh`^eebz==*53wmgX*7Byz-bD9<^RSt102>7vy|FtjhSFl3qzX zYbxmg=c#rNNBJj8zPCX(PR+c1P~@FJR86QO-~1#v|MsH!$JEx$;$4m@7UW7_Jah zXc$SIp8t6;O_YYUvE@ma$0-8?-jU9d#p*`A8&deH8xmT~c>tC2V36sDi$!ud@p>h? zhm&S{F&1{OrtA+31Md4GaYT#b*H1QY^%jfp< zFz0V?#{J~l*bof&SK5HdCpsI9EBuZv_b=yAuG+u28TsI$Vs1H3AJdCliE+iYChN}J z#+g=+JGFm!Tdzl|;t#vli5q6Ny|K>F!(t$gDg`HGKtwt7t1yc~1&=_#Kz&+fQ(|%c z*oD)|Vxl6#_q4tDvTkk$&Q%{j5W6tTdM1q@We4lT9cA>tdqw*N%*rgnQ3@AKipWK7 z#nF_tMa2i?c`snKIaUu=|Ni3**kjMeYeT2VZ*wV|oQrJMznaqwFCn=3UBY=sdzS_j z%#CWlyrYlei@9rUC+$L|HxFF*j4tX9M6z&j3vQ}DTQX$ZE>XElJ3YZ!x^-w>#l>3f zTd;cTyGZ&_%(63z`G?m-;6q(eu?O`hjV&R07*&L=4_g7CQ0TE-5@W`4b0Fbx@X#Z1 zHz0xeZtB}6hLBWXNe1dJP!Q#K$pGWsX#i+#m(L@fiOkgg2s4Oxe3e%S!!8n^Am!pj zkiZdsS!>u2bM90{_sVT!g#EYzP9UV!T2J7S-MA6Lx)BDo(WiZ zroeVs_NfGku=&g&}@l>}tnE)W`uJ2j88@g?t$bs=Px-eVY^<%RA~H3q4;@@qpI zp5wuBpcx{v%G~^=ko#3&oVLfJ3^tIzr-6gjT(+a}V!wpxRXyHlg(<)7uC3t^iHEFz zSc@fNBhTKve2$9O5|j>17QN5{7gx#TAyK1l82jc=m=d);)RlY}D<0=#tov#+1BSe! zD1AAT+GR_&&}z;_nSCFdRO3pgm{pBn%H0R3rU35um;`&}{sc#m_J7g{x%BbEOu%VF z-SrD!fKEcbXQD-RU@#QSCs8Dk(ZX9_`h$~1=(Gu85aapbB9jWUgL@Ntz}p4jmOTo( z;zbiUt*p-Bg620b%Os^eq^mYC+ik!)GmGdXjr0M?ZvsOIK!+gHB=hv7>Zqv zoUpMjafu>TvoGA=nF&gxJ?giu%-mqYXm~TYCvHeHMo=?k8;S#8-|S?{z@3svcU}i4 zlJJy&o5U%km9Z+ipb-27x#a~M#w`a>8A-#+!@p_yMo+^sQ16Fo||%;Vp-Kbq!N0*vYCuYDxtS-y?F(-QT<0yK(c9I}P#15OIH&Imdl_Rx{ zFve~$P;4Q1qoptv=Z>B&c``0nAUE3^3zk<5dazSIHVgR{u%s(!R#8jmD{tW!zx$5U z%11(l?z2z#IW!fdwT&GlmPX!BRG0}%`&)u#xWwHa@>b`ZRS^h0G9^4#eSdkPLrD3H z+U_9HM8;Uu)B$zoUKM}<2ngrqA^7A`#$i`L?kJs^gH>-!P`aqcR0|{(LQ{L1tCUVW z(PbbX&q?(J`Ke3@#BCB;0926H*Ye6KH-adwVd#;C*ExY4^Xvf4zmZh2Ml9Cx0swnUMXbch-8!WonGf;?WV) zE`)+)-?!1IxOX3ZqwVH853^Rsn41Z4IvAYX&49O2ToFZY7j+5tTS7ID6OM z-Dc{$Yh@1}4!3v%i5GjA3VHr(DQ%z{^`~$F0qY5|c&Gh+lC;)Xym(Epq!>#C zpN-14-3;@%zV^a}shl2>6!GBe->cEYbe&6;J-slqH8L9m|ocM=p4n2?he9t0> zCN@x7{`4F?g*l^$Wr%#kq0Ug0+}i4?aDUR%T$e*Mo%OQT!($(T?2ng9;6an($(84&IfxtVnVgSWdg8&Bnb_>;$?PKZ0g z>}DcGFIRr@9*Pc-pgx&a^$+b)4_$bYeK|L^Qa3#R$eBXs*Apy$tCFm2oA}zllb|x0 zJp1eDU-UbD2JPGCi+`Rkt+TfU$K--RUn>O-I3a3;AGm(VzX7ycc!nI-;b2(aw zDsR4pGDGqst}HX|W=oF!krB8RapemH1L9mR@yFV(46n?gYkXGqYpQg;rL0-oj%o!j zWc)qAMMZfh2bHf{pbWj9Ans}dA9FUrp}&C?cdRE_9|vh7v_HYvcoVO8nhFZo!IDIx zDMS5g?tHMB_@n`xwdXhv;UWKXhBxDAJu8J@SkC<%43b|~;ur1CRVU;^HO`5xjFpe> zS8x z`(INE0Pgdb&)P@&!(?9q+K`K48slESA7d{7dXU4mSiMuJi1WQ%a71-FyL9VD)~^Wn8I0O; zJfGx9H*A??B^|zjF;XBaT=~)NjL(`{Q&{7^P5MWo$gV|m2rR2FyTM+u zP&iVWO)=BBP%+>~y!8mx1X!P7Z6~nn_yAs5e`lOtCjl}@&A zMD=|ZsJD4853>*Al^OSW^j1W7!Lk$Md`%5B7wGWmzKHx`l4%lD9DHbdI9Q*$aM14i zN%x()QLsc{`U&V$fxSt*FK8*EE?8s@bo0_zmqUFy!+? zSNeiSJ-mk59(xed^A(V}OP=mN^>RwJC{ZKKM4(Dr*mZO#E(lcV2h4kzB^^yYQer<9 z@Sb$2SMmr(K)gEN_@4?psW5ooC<8Hy-ACz zxAJR}IQxg5*$3sbsmuLEWqVR_d0k=zrOK3Brp*W*fm+D zkQ;7WRkV$(3xtHPP-<}|Xk7?l-!mXU?nayAo!#{Gx4NQdOT+toQ$;Rf%!`U{Y7l7R zsU$9PkU2ipl;YEcDb8NF#YsLk&Vm^%=)b_Tw9z*e%L@!W6rWTHHxt?SW!9+=Rf>Ea zP**J20L521C-c9VyP#w6j1foz-_NTX4JSVj1%p1v2?lMl3!ZIv-QbT6Quu@ZO|BWP zVIc!QGKL~7HQGN2Zf)&C93q=wxe!Lb+OHR#*K&cbDS;Z zo_XY|elCp!%yIF0e`C4C9Yq0p4ddmyO1mcLut&feWfTn7m90yD=(?bP_EaUV16&XVI-RlQu%;~|+=;Lfg8}W^Cqd>TF zecq_{P|_8Y8G3^Ab&E0F&8uh4&33#g6p-1Lts9?65 zIU~4JOR+5MQ~g-)&$rNUp_WA0s^y2(O_ruZ+B4{V(7prO3X~|0HWv6oD(X0JS+`XL zwE)Mw@*O$F{hwpn%5CLS04Ul^7`wRAV@CRua(krL_28o(?H5B-GpQ`cIk((zTIBxM z4;a7Wvh!)si>SbfP6vjl{G}Dtm*HY~5sHJ6Oi5s4go-d-T?A0tk`=r@vXIqpY(rD9 zMN8X$;b)A6!`QBw6%^Z>Q3c=0zq`fabo6;TM=7k{G8bZQ9S+IhE)fiW0zarqF z>1SDDgPgn7o(+*2O@NWPEkIW-n^9Xjp!^a@z@Pj`j5f0>$KoMuF#Y2_FUk3m!`InL zol94}@*KU1#d5rbXa>OZl}@{)2izWxjnw8Qa}^<-FPH#YWpEucouwjGRLfRXlPYSJ zph5*Tr4TpvMsfZ2EOE9e+gH)sEZ0dSKw|JLGs8dkU6Av?F=(%X7BsV_(LY)o;o%4e1O99s5x*ar%Kbq-!^6|DR;*?K=NHb}|{LtP}pW{J0}aWX6n zS&_aOaP&Pt4;mY*vYX*%&W$Gh^`uN)s1uskyJi+Ox;Gt+lCRHt*8*+flYV%VAFd*? z8ZLOO|ACex$PyYPads;hrEaygr}4vwvbFa&usY8*2L2P20#;a;c%WpCjyQ9>wAzfA zBegJDcrFsIgZw@y=t7`g0;r1NwOI*&I{T{&=XvIb6D+(^Q>bQWk9m0TO5#$lKX+Qr zSXze-v!>h2yKTS?>o$;PGE=mO-P|U2yv(A4xSHr#!C>DN8>Trnj8S!wK;?k73Y;9n zIVW<3%*3wpR2deh!k2_AR$u!-Pn~|>a4@=J^)kOeJ%^3L|2z^s==@UqxtYn;aFLLs z96{f{`V>E%Mcwm{b@4%V<;?HMyP_d781z*Er{^$ls8!!NRBIv9h#(NSdOHC$`1sTB>6erpa?o zIh>9hV(cJW?*1b|wfH9Jr9vIQ{B@2I`vJ}}s*;zojgR?Hz(5go@Jh748N!|NQSuy| zncchqQ*Q!Ywb*~YKK|Y}-VewjUd8x``dV9!FdM2~w0sdio5M^WZTrW?;#UroPT z%^0C>SNS|U^l4D3@8CyHfTqR=!pDCBZ(y?Gf8g$Lo-Qu}Gb~c9%w%arnJPMd=POPE zv!Dr-#gpgoD|OQl7W+{e;L2}M zOCMdy&$}E-O7(oJP`_cT*z!n^ul;KHO)m9Hau)Smc0v|7^yuueb|E{bK;kh6=_qiD zbz&wE?!h1)c|U%cgq>Q8cMN;((OD>~lS)kjD?Pu( zxDCLu$i)&Dr^DswRoGf+3@5gd$*(NsS6^cK${&X}1(z*J;v^+EcnprP<&(VZLPRqh!AjVI}3l{e6oC(c)6dd9dpsDMPzN!p<`Lz zy0^Kh{R^lp6Q8YN3d&q5VPn`+@T_n!#Cwb!HG~`Oi=U_sW_fSVsQXkmSx7?!0D`YYdp$V( zB4m*SbcoB6;?zjSG!YC35gWwsJwS!H90`ExzunF|J;M{~Q_a!>#0OdmL-_DgLD@YRPHS z%o`uqOFTdCJT7?TE+3iOX4viH9EUxx{I%K8octCCky)z4)bv)#gf+5?L&n9(E;3(e zhr3V#PhXj?ogExe%JoJYWr>4gI*Rw4ZF@_r&=t67#sDPqyjOe!Nv|&=r6{?H_&St1 zBK4u`TIsM?mHkv#B9rA9HRPO0oYGHPFSS&`QIJ;?bNSQ&(uP3A&2r3^WP(du8t7Y+ z_X^C=q%*+LPsbA~dEna9FSISGc~N&6`QJ=&cIaRHkcLpakfA_}fNtPkk<4@WbHCPf zO68o_B*tP;ay>}JX+a($3%T+{kM?=pLsIcQ${wIyLR6O8nYRIcYwCGYzF zqAnvD-qiLe>NoH9Hg;r_5(ZslHKV^|ZZYe({&;+*7awW})c3rKh?KUSHy2Ewj9(l3 z#V>p>1TeanYtm92dnaUjWs2+QZ{^&KLc>4fMrWNR?Ez+S3n%xTD^CVtHAkdrKxz9F z=}rkdLB?J|p#bomG4Q3)qLQlZ!pF+^mL;}vidzG| z1&+6sK#X``!Y~QzyED#WTFjKz(Dtq@L;fiF%!oS}9ed=Dw9JEv+#|Hd!iEVfNlbM5 zoEY$o`MiFG$l>6>*90z*z>W*57!Q#(z*xH%wBw{sJLll=edasK3oTjfv%OfHf>RD| zF;)wRQ%D@&ljv`G82ari{k|C66~1<^2G~)~=b%05P5v3q1$K(SOZT}HXdg&0q+yP* zJF($>QsB_W!pkIL;;!Zo)_BM0wx|#Qh&EYKyf&U4F>i1lZf57?--vtnO#TBcbLsVR zyyEmTAhS^dfD^=E8X!SKyOp>9TkIhqxSMHX0UQy41_ZUYQxK_4%%8saJY$rNv#(dx zYy>JdiGp5RE2Z`D@Wh6=2MI!K2?Ln)^93R^DBoHDEs{>XLJ?gpp)KM+r3hmzr ze@)xc4FBevyGIU~l=dZR&csX|{S}P8b-a{yTu|GA-YQTzA9poyco94gf9{`eT@(X% z!G@Cc;9?Wm?r39zZN!MFINVNFZU0Ka2?sx%;_hx+Qf<1f0+SYnK1G>t<0fjP`mX|M za7=K9+y=Eeb|H^M0Nf%Ys{xktFt1NrxY{&j@f8><|LxExMsoU9vy!1`QtXa}t@&c2 z==l~|-6UMq@}A!<@&iVD=D$(&@5dC=n~(t#^+k6^!kh7J-mfT~F&zS0s~aMn1<{g4QEa#GHSMPCC*z{EuKwaa`CX6ds~5Jr#d7h0 zV@o2?;+u+DE#QLL_kcEx z^=}*1?`Ao*Cgibj2#aqm_=;pU1{WnNy>Re` zqB>d?LSCyJLyWL;ipBjxaf3cU{uXr*+vj2UNTy#RvfH?-Rd1t*){aHR7E%42FCcuG zOV=X{-;28;WBul46G}^z#B)||!9a#7+6u_j$~o=Vr3p0{Jh0vZrNV>kX)(rF6AIhQ zs5~?Y-cxf(f*{bhIqVT|?oHD8KUZ!Bpw!z$41g|t^kIDOLjZq+x%zlhi#q(Pss5~Q zSlk-jvDV~5lj2v(4V>!MIPL;_Cn1Co2sZ>h_vIR)13Cdq!v4lZKDB$ZG4m*ue>+AX ziwY%+0DU)GRGz>J(eFMm6^7UTLL(o*z1GC5Zj&*iBIreq`Lr;oZKCqTb^nEXpOetX z$5oRJNf+PjjhpxbzbPau={dpYWEdp;@iTX4O+J!(kgt_|2)TG*APl*vw{DLG;uPH# zVeRckyrNssed!=d8l;nYce z?TK2Q=<4Zn4&NoWJ43f!`#}xyAF!<$!77-HJK4ANv#T)a(iZ9~bB~}hNI&HO zsyZ^^BXnn}dt?JDAnn+^94Nb>3k-T_H=*D)XTto2R`B*~%?IU=fDS8P*whEiOtSE< zDR%**3j9fp6B<>=513FTxIsA#w9!t?{CdKtc_&_e;#=^XKB;K6bOy82xP3a z=5~ecpP&9`fcSHTd|&A}uZf;{5untN{fa2~VY);KD`U14-`*6F*s>AA`;{I@I+5OB z+20EkON1}csN64@C&5=BZyhXFLKpyV`7)^z6s1R7Mhd-vHjJ!{8F~` zw#T4t=g7*p3;1s3 zCn{m9_?s`I$4wX`Q1XMT?OZ44k7lOMtl=5*GxcYYVzkpUGX`-fpFb;yxcHEvEg-?Y zrsYp&dWkLs+rddx2WkdYzHL3m><=glCu##A zYbDrm)t8nP{+`?MaGF4~EoG^MT!9jGBHJTBTY$vSbC@J^Sb@@UG#DV+f{G!1q6-Fn zjUn<)dDbO-GjAqrE}3&)`Ecv_`W{tqj?TU{!#?Mf&5<29bz(P%iKE=Jm^)o*gF^QZ z?oQDE&H7l%l;|keo}uq3GQ9Utw@QmYr>H20F~y`XS_Ubr!u0;4POQa!V_I%VGw+}{&$?BT73zz#JmbP zSX3|hAg;rfa{3zl15FX*zM})Iv`i$iAZ2xZ#@_;^y@uh~kJRgoF_QofGZ4Uf{I9d0 zzu{gWsj20pj}z+|vHU)Tm&Lj~hz@OTsNBn`?T882Jl8(u?mM@gWPyT<$B>4CLCe+VtNil2Wr zVJsV?$%w98w_sb=4t>GNsru)xJu&_ z+~xRe2pFHU99wD@Sy^nA{tiw94qD`jlVc5m3S$!pDcU^$>$vv=CJH6dFocP z(Bxj=a6zJWsbKhY>v4+*Dz&{fHqO{p;-$v3a&Mt`^c()Jf-I|59BqQSkz6S+PqgIK zp1I{7!rMU&x7YV_+c1JLt9zOt)&Xuw^90K)Z85Sb`qSSZR^mv3`d^Pqq%5D*1LZ|S zQjdNaFThZiQwLGhkYtrCW`akeg|E{q8}5%)3}hxpOx2plyS`FyzFV;P0j2-2B0&{> zjlvt3nUSv%!7AKwi}skus^^GL>qI&n;ufTsS@3^7{5B$e@ghtNj?T6clk<15lJewb z^1tht;t?xKe;J&+Nk{-aaU8fi;gK4m?ZLml$SgRb2aAs3o$S30%Z`P+MUFc+?4RI! zBko_ak5>Oj4lVaMx7S-Q>JjP^s+G-?a9ua#NYZFK4(5CGeFY=;{a5sQT<8{65bPTy zIM8=|$2#*!`ffsN?Bkol2@~U5pk}d?^nv*DFVthnRM|P6#Ia{KsP7f=83xd{INfjB z_q>LNOtog4(Vr%@Q4k2X=w#Xowu;2LyeO9UR$NIlXl~|&x7Zgca^5+b$sTi2b%}+u&7; z3Fm*XW>M&i_3Zp&E&7a1gJjKbUr>olr!jLI=aMHr=Y@>FdAv=}R2PHAQhy;eCmjwW z;TT78)E;w9eW^T66fKxg@e7v%`8$)@uUWGo8qFkG^+8ERr3eLcDqhx10q# z(BI`r57u@$3LqJopJE+fJAH45Bc;#g+XKWfJE#WLkVO-7T1p-6(Tm@DMTUShV7LpI?l&6uTx+ogNFm)1vFqIB{!qPa)^OLhV|()baRi z!>C~Bpl`6%Q|~iddr668L9DU{sDadJs0VM5Ti3v1c@`ONK;OH=bie~2eN@pXZB*MK ztdV@HIAHp86$LR>*O&gWNM$5|`<_=v?egZ&x6IoCl+47X;R+JitFX@HWmUC)(aXky z&DKY2Le+zPn!oWlJkeg4!!G#GA&>-`mza|4oXd}ZG1epwIE?);M6Qv5CF#)D+mGvLc2quIICcZScft`%{_N5oz+ak=jha z%ZHN35#kEbRdi-7{}=gVQ9>U$TKyz1F=D3SHS5yY;ep7i|7WLB;}x7<5t^C#Ytz$8=kBmNnlWQ-)t8(zGa z&Q4h#CfxHXyi?ijO+#P{Flu>@QnK@3ZVxdkIbSXYvE11Fgqaz!=LAq+;=0**lif?_ z1(qjnST|1#h*usLs0`R)lO||Ei-s^6DNJPxO#*Q_K;IdbY3!k(lnk0k%~vX4^z#Gu z#Y$qA<#5qYY$gg0a<2i)Om<{XwqzSvf6_fl?j3)%qN-!%j@^PxH`PzJ)#sj=s{PwI z+4sm!Y+{h#PTXnsKKo>~?`HV%w_(FQ*qw3q&KtXHHl=NL!7#%iyVuKm2T2bo)UL5OzK>HgRo^j2S1)Vsw^mc(*fCn|1fU31IS0tCttIRrjq zf3t@ZhHsvz2X36EIel=7?KgHw&+xk3X27Az+4e;rz+g>@bDR?~&^>+e%jegx-@J*w zcqvUIk+JR}|Eh-R?Kp=A)T_^1Mn3$T4D6}ft=cI5aA5Jzw^Aw~GwLUSxw%5L#AoC0uLb6+K&D{J{VK@2F+nrM|Dx_%b`r5LH27qF#n zhk)HVhAf5iHG_mtwQRlj~>e_m7uUI$+E)PM8#wWG{Cx;5oZjWhj= zSPa{}v+`+ zQW`;ETiObubh@epAl)or|IjUqo%vs=Een)yE5ZR{u)Z?*=xYw3vT*3q2SAktCo)<3 zMXM>;JiesY)JPF(Y8NQ+vT;?a<9su0WN-E`&d;6YR);lG+qlTs%Q=N~uJuV>^*g2V z{8;SE;i24i}>bxT~IFYhgZo@r zgHgTfv0iZp8A@Kn3_}$CtOC#NiO+XnXMlS58f9MdtWS8w9oe4?E_!M%bpFi>ckkOq zN4f(EaGqWD@oDAwwKNFjvq&~b#Z)FiLm-d^TqUilxqQmodDnh;S;N&m@UMlvKySQ= zn+j$3)rvf~(&cW`a0B#Bkfw<22SgEgdG&uJU5P&v{{MFmF(SD(=88s+E;dIP&5<*k z`w9^ywz*Z#CS^9}$Q7Zo%^Z-9!u zg4VRk|3V~u6L*&u3#6JNuhUphhF+5Lz3wqRW|VZ`d6E7ETvvP{k3~m26@K+~%F#ei zMQxT+Pb90xgE-tm8L2Zx1lLn{5#ICOEcHbr^pSH zL$&nBT35Cbw(Lw+4|OH<@!qC6?zDcP2gPWk)*CDuRJgMv8dIFNuHa1pvu&40QF$fq zfX=r5QTXs6e0<95gxB^HTd*)VT%rEXglj_=%L-|C!3dQHl!$h{qt|lviaoClzxD3D zL9cLQEzFMu6nACat*`pgiMs>eZ~byvHr=RMV%*3_{GRMG@@Wjba$iv=nCbtk)mITI zIHrNTc+C~C6q1_hbr*wkit7x%-26+nyH+>>ByD53H66)}6pYYaEaW+*Z4Dw0UcWS7 z7@UY;XQhQRNj73GTv>c4__Wb`j4sW!-E(y~NZ$^LC`NiE#JP}GyTn9f3V78#up)8r zo~#u)Oe3PP$!)hc(~U7;zhQb^+YO*kKZILlU5r`t+!o9NF?+|9X#G>%7s0B{efG$_ z343H8Jn#{MOpv$@8q!bp70?2WqSj!0Jp30-?&@^^*n59U@8W-h8>a!@)F0|B<#auP z!W`HU*hG%!s1t$ZY?SgN))aUWt;DB6@InCHiN;P#k?smeU)1&op+(aTD|6Uw5uwEf zmVp+R#$4-X%B4H0$-HHhnWw>?X}rd*@sFLS{bqHituh2Y32+axexpAWeCM`6pOm*g zz{?sHCS>>l2M{Ib=tha^#HkTJ!$-EHyk{#ml0y56nHTJvhB^35>;@aK_Q&$lhEKdq4I!nj)KV<}a&Q{}wg8?xzbp(B&mD<{6AIUy|Y zRphg?%{~=<#F?#ei7;#A5A>}A+J-OLgd**C z_Y4M0Ms=eS(X2pf^Uov)wVTxlbO7aHc=4pxY@)0#&I)=li;IkPgo@2W706B z?G&AzMBA{34?hfR=%$(0u~F(m@58F-d5FAeR$hv%u*{x9lMdJ69@dRkfBqfuHlv>(M@^{jkIr2_t0@#y zI8CZ29A6j}1!`U!UAl(Jg^v!7=6Ybw;7_iXT3}KL_N9jb+<)rP#O!q1uF(&hTrHE931%uo*@-agH#frI3E|Vr&g_b9K4o2RdkST?DiW z1NkfC$*2nOTMVerfbM!Hwf~mBW`veoJy&F;IIvH&&3P{C&?GB?H$>29EMc{RovZlY zPqTRj?~8LHMul-SH-Ge8wXNEGWN|8?c;-PufE=8jY$#1KJwod7JCiAbUMZ!9fyn?P zgf;S`NteZXeb9`NyhE)=v&glLc)CP2LLN)Cjgw+cRevMq5uBBC6uUcF@2LlNk5o7z z9B$G1lTo-S$^PIL^in0nP=o<}4RcW_@CO>AXS5lw{R9 zc}N$kwAPw%NL%Ji=n-zfoy7thLv5a9czRV6OW^CY~47;_2Jq@2B_Ok!P$%XdTWxY;=<(gu0qt=PX3u^fWNZ@jmL z@a8WXsdEf$Y;OX~V1unx&iTNxx&OK5KZ~M6guX$~6W;ZDSC4&C1~1dc_n_IJ-uu*4 zwmSveI!eiaaGs*rgR&auE|sIaT3#9k)Xa7}br9A3<}8?Mp;+hRy~1#ER~t}C0lnmh zMNo4-koaKmsP&2Tdnk2Ja;1Z!yuvxe2Icm}9E1f>mCF+Rm}|buT8rTD>7o?lzlfT4 z+55XcY4_9<5q_z5t(rahf@e+7^1QUtP5H2nqPo7Cf!8aU6P z+?|xOb-MrjZ4@?``V^4F2cB}zs~k`nAT8~jX`2VVGg=^Uz8X%j4L`I6zxr}>{n~)r zfMlZ(2B*S?_@Z7p8lGf&Ae$iiX24q5M1DW@Dj|S%L~*f|v?01;-J+z8YC*^b&$~6G zOo&E*{1E&^sZfcy%TyT(9!&Ug*j!xT@Od#WdPXcQa5+-!YWs*`erP-IF-=KB;^#s- ze+GGj=*Ez89CB*2AB)ru9^!18UY#eYUo$zqx>~OMGcsbCqF2D+mW2m`9La>DGojOc z7j4!wF1FwMzO=5;RxEJAo7$M#0_8dX58*r>e&7x?OksU0M!v`$9tI@=!-t}NFZv&< zFZ#%%%IY12=D_OtrfKPC(cnV?sDwzihrbl4ZM@cm%My<;-w=FOLgWHH?pn78JwNzW z6G-VxlN`U*GE4DR;ntsas1ApE)%>uKazr@(+e&cb!a2psx@?KWq-3K`k3vQ&ab&wg ztTVMC^(s0a`u47r7Me4mK;*HQ6JqPOJz-A^f}%e0L!;8ByrhN>uaEuWSQHa?D`>p! z-zev26Rb)&JGAvUe=cCEGauo~!@&MMIiuccRh5DFf;k7Mdd=^HKK3(em}hBg_|tB;V76Gk zNcm^NQ>Ic2#WCCPaGr{h0Wd3I>gw05h|GXwUZBL_;g60tcyn6Evbf|;GZ_k=2*p2Z ziaQ7~H$Me2BW4c3z1D5p?_K2Mao|ywEPVN8*PZgzVU92DL5as(_2G%!SZtIJdJrB< zRiPPu@{uZOgMivi;ve(EVE0cXT?)&tI50%+$xxDETn!&A zRX>Bu`O6#L<7gQ}$zyR+5V}s;o%cfO>*RU!4~s*KIz!jLa;XZ%3MPujKJlTa0KNc? z-6Qezc-nIBB}<^Dg2sdRzvPJe1(NAmH|tcXJ8Tu?IvPMC^ro7^K%JcVV?t~x`!4xSTFHM z$zbx${i{=qLo0`w*t@&6l-370^DlzDNXym5Ny?+Ik=Y<~n3rJvwI}cwWfxnvPV+IT zpc|1?Ia;$yunMo$?b$=uhJ^;!7u7G+(8JFNGD~uXQ>9;Y8gsKG3bc>eflsr#2?j$cJ!R=+${`iFAT|QwFI-rzA}NIC%wB!sPEatuup~}e{Q4&7<(;L-4{RB=jRqGiQyHI!@>b+Y`s7mm z2s(5yHyD){q0539}+)B3!oU~X%s5fe+y#bzj{rhGqiqOI3m%^dLQy#Jc( zD-w8Sp{5b>vChY=7%9Fi&iX_^W%0p^?lxo^04Tsy_fU;1Y2o|ayium;{>7EDTL3`c&jid@v($^;u-H6x3}W-T|REU z=a2gmik^=@SLTZ|7ZhBB2rDQT1djs+mtuAXgpX=Qtq82vyD|8VpJTf)20qvIq4DNO zjhAX!psK~djgigi-sm8^HNi+z87!iza_aesI$?8sElwjs0~dG?x6^EM()?fi4sJrT zi%oqrp2k^Zqwax6bE)}WC|Kf5MHSav#?^~*q@|qMDFzSh9wwuKh3EPm>MymA63y*~ zUSW#f_BsqZcBeKJdKLAQcCqvfa3V{!hubz!94Pvi`)o$I(Kn5!qL1W+WgX6yChmE5 zd|PXF7*_uq<|p_GP$kw6Ya`mTN8(2^%AxNK?lb^kMl-pc78I52Ut8#=@8Q3ebx;;1&iBdr(9o%iFugy*Fo zc3rN#&45voYP5SB^mLuEjxz7k5n;Q3QiJpW1YDO!j3f1$jnic&Fa5Qq$yk(`; z-UB?$ayrkmYASiB5PO}uvz$2*xn^+OtKizqVH@};yFF@iM2*x5kW!4^SlB{wrgAf_ z0Y}Sjj;K?01M$;H`*u8Ofnod z1kX@?gJvR|QBJk+DyF-12xE z#}HW}fcpkL?x|l<8QE{d>u|=|zeg8IUx7mFFtzxF+Hrc67E5>~f~-Q|8RW2biJ?hO zc5e)jN-Zy)EDWi$X8~X;1k02wpJHF8Gp8o=y`Pt?XwkykMhIS5N2fp92d zb|hi(&{6HQvxFlIVO^jyNGpOC|Kk(hzt8T6fNzb&EMy{f(2+N`A#(ANo%|X?!HgMy zTa1|9%q504N{f9mYZiqzH$)dsHN040bDEMUtDj0iLl;k|n!`EBzk2bre?_-&F}o`S zyyJ4hb9Fm}t10eKOGJuRaA(!7ixr$>S{`Ihpq?bJqIL(K?h z6KUf|{6Z1vg~h+W#RRD!Axw$Np21YfAVD7g(`^Ff6#b`tqqNqBH)(aS%lr5FlE*e6 z6uVzae=^rxKjRwTh+j|7`;x@50=6b3?Menw%-FMGzCpmbZHUvqXo?F5t`ZLrAz+D( z!n1Zf$+>)R@%7d;Ya|bNB|T{7R8VeWQWf{75o4Gcur&5k09{~62OM3uXP_)5oM7a zP&7@cLVI5>$=5pOD)oKAxl73!1o{NAl^S0NQwY|{D<6a_%O?^qJ?af1bq24cD*P9B zs!~uX!;cZ)?OB^XBYd99u-Md{>Q&%Kz*dq%%E|2daf|XC0(Gt{(-Zrt4l_EdgczOw zMd5zuGav^e0q@6}Z~J#F65gCH_lykZvHVX!1SwwYca*&)H&oLVx^zHJELoDY0De!Wi+*auW$j!zacCsbCFdGpzOi zJiJLxLYOaSB3a{SP(gbF$`Kw>2lqY+?wYg5AIb@k9}~?1WOd%Wp%2~YOPY?MSYg@G zbm2+V*F{9bSiDBL2&p)Z|UiBagKdh;^R3zq}W zoZAXWl7gx+m0qe$QVeakoRE*9)FxkV7Es8*Yd7N=_51o9=aeRB(H3KM`)p5NsYFz+ zKeLpz*nmb?bN8s(iZ8l#C-T1LlGv=zXH)M4nEg@-v0 zb~C*+q!9aauxCrgj@ZG!=a}m`>zW<%zQT+8)eZIZcHNM%M;Jy=AXdZyK9u=cNVXsJ zFgwhe&c$%-MwJ#n1Qkdu5kvRGn8dIa=ro11ZXb<9ooM?Tov|na8Zl7diy&6p2r=F` zoa+j&^{F{)J`x*!D0XnF_LcE>(5;G=tnRDTw|Wiw*r{!RWc(u7z}-yamRm(C@6yAl zS?(#4DWev2?74NQ6(>X0EUr_lBfNi2wVie?X;Zn41v!!eOrPJpTxUMh&Spl^L*Gvc zlzFV4E)QV~VJ2!0jUFCF)$m9l;Sy|(iaS7g0hdvd2U+wEAwz*fFTL_Xi!;^Cw>prZ zC5`+dNI^iJ7B*v~f`4PuD;PC5vV7PLqjt`|1qwr(DIxEgzFKN! z`>sC(t$9j0!0sqYgYhR1R_svb1`4UV2NM^CoH%$QK1BY-*}^dKEZPn53l+KYdf>YpMlbVKhOU^Q9o>> zf@I|u1Bolkm!E+z+heC6UA)$a7Fw#eQx8+PQd{O_P9UU#ygSx2v^+56R3L~GJ4Ihzdz&H^O-q>3ieI|dQKl_f3w81YcC3MdQ8PxT%euSfzHg1pC7XO$ zHgF_-Q|G9hXUOcnoZ(da;N=RCa<*^u%#snr@X8*W8pR)R`ySUrTwpH`9Ob^moQt_D zuOCZs;jl?bTH3gPyA=XEDJDD7pXclTT$eFQOAy?3Y%bwdFmN{xH;3VQ2K=kr2x_*g zK4)&3{6UqdJ$~n<48BNjmXOf5;Y3oy#Ap#Wlb6>Re&lq}!VKomuH+ zG|i>gLu|Nc%s-4x-yaj>y&P7h(tlr`Tb0whP39^ddU|l~I6ws{69v7dXL=8gqO8Va zYT~N$r`W86*nr2`Dgx8mPe7)GdXo?OAnI+APtj2%MgzoF)-;cy{`flTX>gdQ)M36EE^vpS!i(W)kWPp4GuW3W-htX2Qm@&MO`QemoKEsT}tNYVtorpBd53IYo z7>$=?dU{3MBkhBib<_xM%IiW@l@(yJRuWT^dIA3#Co*3O%)(`K*o>kW8#eeH!Xvxl zcc(dcb^q$e<4p=^O5*gRr~>{G%Qb&{rrJ+EVfOh0Fi{F zE}(!?FnTfk+B?xxZVKw8{!kzczI7USoZ@^++cnFmYjn${c-5vl5#hKPCvdkkR;P2P z&;D1Hjv=?wpz-*0gHH&cm?mf#@>R$K5dYSF!!dQTFFj|yXH>EZh*{2gp1Cn4x#~Br zCpYS4>?#WGs|pa8#r`fo`Td9~QW~s!PDutkgrgCDSea@ilTND&9k0%`!O~Vjo!^oIf-GC{YAG7)yRGaD{KtgZtRrQ*2R%if;y|4!r2FR996lqOL5N|pHAl2YUQWKh({MPGJ$A6 zu-NQ_df;09r75K|s^hI?EMA`zZyKM}Jq((8EvI@8e+q1`vi%kr9ApM>XZE}iQeW-K zJ-U2sjHAIUo)@j%CtBmT>6hl8xcPXB*@pSj&5-}X`tjC6?(->kf1qv}O!(-9ArR~X zS@RlR8B5N)La-UH_c?)B7Q8|jJgbr*Qi3vCQ}qW55VpcC&?H`O&Ig-MS!SE-&TiFv ztxrI!=z^bapAmD40i&#rsRro#q4p_Rn1#yq@MgT|Iv_^M0GSm^z*RLSO?abh2AMAl1k`goz9;j+NqN z4XA1LG_G)UapkubfEb`mK)tO{b`@#Et~A2Cch1g$kSokCP1j2=?%1K6^&gJ6LKk&E z@#yoNH9ak;?bFm!e2W_)W0FxojOf1cKKh$SWM9CWN1~jul4F|wV5;g{GXYIg1~{{BBd&XMh&V;K0;3Z39WgaWFNqTRC zq~<#p$~Pvt6v}&unZcp17}N%yO2-7SEi;eqZ&3>Q?{NshKaHPV>m7f&t4lKZVO4(K z#C{F@U2ZfTIt8tQt=kk;a@TR672;*rdW799F~F0->wjYVU}I6MUn6C4eG(8mCLvdR zo=X%n8ckpm#3Fg11UncFCtb-w`mad0qyfc9fcm-ljtaJ+fU|qnC@C`qP`Jv?({{Q#%vt*wWMAOi)8Q?ZeOwFDdz+h^dZO)gn zG?vEN5j6_jOUwxLC%4JYxCnH!9gHf$QVPO5yPxrcs4$5Ao|yZXv057x;mVsQo;RK` z7h6UiJa;55jv5x=8=*k1lMy>WfHtb$#dtWae^CG{x-2bnG)^Hv@FJ1V*k^h_1zZcs zJGD8@3_>eMx28_=in%Ehm*LE!j*Kv@yQ=!F$$RqQRz%MF-*uwhUVoFT|EDz(a&1_g z)D`xe*7$4gH%SJrO6Na#Ss{6y;a6pJfBx56v_>KbE8_wKxucxUUgmTs+vj$M9GjxE zTiw+kKy->Kh4$u$&V=RpP{$9kn*;>ePh8Jk!1m;7`U96h?IZr={uRb6&`CC}ezoej z=@z&mI%qA_uH<$(u>GwKRkV&M^Z=q zfzIfFX2h`u# zshMyX!H5$92jA6;slPsAxv8WK#?bq00HY{V!m(qxD*d1^_6Z2g>!_~&{~zjm_3hHc zlFIrH^jZT{|5`0{BZx3RRO|ER5zG`O7xG@oiIBg;mWTj3{9Xj(&QGBOg$!h1qmDQJ z)RPej$a+XZDw@53ZidWKAeabTVjdUZ6375`ZMr-Sv7g1q0X98nd;|hJ&7bdl+gkc~ zQ4ATaWaguQX!J66Mjc0H0p&SQdxiPYiFKE5N#z2!N0xvRO|_iBP4K&zT{;DpQQgiSoPF~|Pdb5JnmYd4 zUKqRSHBgHe9q~?&Q+G9$I2I%evne<(RjwjkrK0}EE8TkLGYx`!;fVZ4mK5ZjL|++* z|J0ZMx0#iV4N2+5$u@yga1c`;I~uBl_d?R*llc8JrV4?;t8k^4uPaj7jE0fdxdBOk ze|6~oqrgUuw>!V+sIsk`fSK72ZT9iVJ?3I7s#bU2ipaavilL;OrH>md4t_B-Gg!56 zMmh!PqzZJsUClk`V|&2-!Ohb*-LTxG+%%p z;~S5BZCUBA!e|SXQ9_O}CD{gc!q|>T|8V3?jPmH~^UF+xjN|FOc9}KZaVM!sloZtM zb-OTFt#m9|*YCCRBa-xlDP9iy({rTzg|u%X@{i=o-EZK__=mG8$MY(m*b`SMPi*$yR4cOVZz zKDRKFUIAF_$UkcJe4SN*1TA@SJBq69;VSlp8J#uV>bVF*(%{Hlhh z;#v#$@p1nx=$eOmbt(**umHODrrYanyjxv(3MeX+8}>&IMn`qGQ!IwYysG8Fz4>8q zxY>Ul>Ai*6{u{($_%nTVtki_B}-OG0hh}`6GRT)70#~fiT(Wd z5uvX4-H&(867u*LyR&D{ENs2Y(wwv{m#>ouRE;$w?heX-z00v_G`~$&5c(c#xrGj# zPj4Z{_u+O^T+UIY@*#~tV*L=^$6Q;p1QF{>rU znGyeA2HThmg}RZ>w^?RnL=kWwohJdCK<^*%LU92}25AxXrI~^Np@q8ftjr|D;Q&SB zgA+e__?(s-Vy-6voeh2F%{7l2YRveL?Xo2u9Di3(*qAzxn~&$H%deg<<;UrNq(yDy zua!sjXx4Que3ZdP(#_-Y1i{9iy{fk;5K_R0<3!-;+P9-SNP)WQ^5Mt91|l8=Y>`5S=^|H0r`j?kUrh*>R94&I&C*WH{mQi6KCzs`G~SF;get*B_`jTge)Q?Mfk%vO&vgbV~>ClN^>NW(pmV*4Ox zPbq%b6paL8zy%0)MF+WjfDQQsALY2zCebm`{(FDF_Fh+1=m!v7>r!Io11+bOq^Z|R zKF>oXjyGJ&E6Kz*V@jXFw>q&i;Ip<0WP-fKnxGk`EU!zognIrqJ?i+#nek*Sr|v8U z$=2tgUC+Fp>aW}YTi$5901u5=^FPy#){D+)u_><%tdZzWdXY)ZJo>Z6-BfZ&CGmyy zN7BLUN#x~EN>SNF6Q5QMI;x@x$`67P-!xE^W6-FYM+~SoXBCaZ3YWZXQ9l7Sjk6IY zey^8x4^ybHe*6?KrbzN1>H>9uW}~d+8;|g~u$flbca7|4BI^iuslqo@Xj!?{nd!U6 z32gfTT&jbMP#~Ayhs0AqUsRqubeqe_C*VUvK`h`mEqc@W7QG(0agLm48aQMImzYvg zQ(YhF`ng^6$1OKRKm#xG!m9Dgq%bV16ZKDhOFR!JW2*=#7=4>qii)m<-hJq0 zhy7vPLmqkUh!31}S7S#05lW=3Pg|FwK)j!G%?TsA47GxLU1XAq8|E>kVg39Qki=5! z-})BlkH|J^X#Zf=XNq#4*{A2y#CgA2Kb^@i)2tiivV79lyME?(vlTzYORn}#R|IQL zvA%zv=|4s-HFQ^htex}H!-A)#pC`H3*K(}adXN85XV$|Z?XO-3irYZzKm3j& zF93*2k-xqZm#M1~2LOV~b*`%`{^2u|_@Vn5@`3xa-xPOg;`_4(G>O&uUf|K8x8=Wg zln6O*Oy@BxBbJZ)TWWLl^vSi^9qffP93NX|>k+pQOk&lsqLR8z$J}T$5(zP9yv`tX zjQ3M`z*29zXPqnBp>t1tR9`Taa57h0Es$)*e-=oeL6G0GYuG9es_ILp&Q_Of^0!G9 zDVjzLGo_iz4Sf-2asVpKB|GFx#ul?|ftVVQWTZ08?A7ZzbmH7i{*A?4KG-AY zj&@nKmnN{&ZX5i|{MPBONjpkS zsSStVHul57X z8Slx17n1fpa&cilFlvXUWmYH??H8>`@+%QhZH-%OXZ9G3xLR+DH*|xY<480AvhbPr z2_%({awOrQf2oQ-szLiC{yyeficu8|mr^ng%6eV@!E1l_ETcJW15SP7|CgQXlv@lz z-r{4P;w;cg25~sS-3%u}ad>;&hfdGyrD80zH;V!wF@yPeL5M`sE0eo2cwK_=h{0#a zffR$@!Q_@Cnd{H{x4r*xe)3%1JvvvUj5&%F*~0 z)?0Va&#dh%p$dGr1j^EIBDSSe9HA2_wmuxSMHy=vt*UfCix03ERI!2|JC2>ZyaHiD1F>3O~t3ivZvpjnmDIa zj2X!F)IVePffjelk`NFzQG<|)>XY-U`;ZA*9s*YkgV;3ln}2LxX8R^wt7nf|*MMSX zE69r`1PsmRWebH-QyW_PBT^rWN$j`+O7O{He+;X8T@m``ZxL%#;|IPC6*lJI|Zkkb6KK@wS9v?&2~mOzu&p+V;iu zFfiAs?GMeGFAbwyuqe-or5uY75ASaeTYA%rsFXWnBpZ_Fiof;SxWa%*RGNG|9rMgf z9s4Kpfm_g8G^CQTY9!6u^jH{XjI zd?TKl@{LcrFB%3p}~(BbMc*0-k8TxjS$?MhaE?Anw=NM8O7;(>Rsd z_dU8Q4xg=}34-^nR=8H?EoVYeZ?)E9Vp--)W)ad9MqgMa zQR}Auw5~4-EfqdDU09UixiGXiPCFPmwNXKk#LT;>8KaIYi1#%-_#trTlZAdpsIDLL z_dM@`-D^b8B3FIDgCg1!0a6nXJ@nus;m(Ymy#BEWLOQPO{nD7p0HumN6` zDc^A#FbrZ0HL&%)7UpKSQPVkj-0t#cUemwXyS{g!$UsD?tbvF2B_Q@c^^hFk*!Vz5)s}Fd^ z#2-q3N4d=BlRKnh0U`JXpl~!q!b(7M-7Agi?Tsq z63E$g^$vQIbVP;GEvW>EaTQfC5)Wf{CAdFCsP0KRu>DPs8;eA>Wo2P^&LdBJ%{Eo4 z)9Uu(V3W-wdkgmuffMVXPgW>en#LlVDu)d@#y#fEt?L-*D5>^hV|Z$3p(Mv3uB)aA z>uEAA<9vv`lr!=g!sdd#{Im{4EekTBJ`ib^*%hD!^MpXG-Xz;6`sdOD?O`LL0`zRv zqNl;?SfDE(E7@~$5v0H%OWpy!5B%%!B680q@|zgT;H#)tjl=|G?8i=jw#hG|;(rI+ zi+~D10N^X3MSMHS{y-SSAzcIOCC0h)ylkvOJo3qej_pT4iD_yYZWfpOQNV%#TA|o7 z2rmVBId<9&qir1Y5O}VASJw~et>RE;ct)uLv5x7NX}eGLDzDTcR=PYHw)~q>yc)3r zwczH(R7J!8`Sw(P23dc}I8Ez#A*t`j+B*RYF3?Po-wn34+^Xu56FWc zZ4tnYA27a9JTAiP5Hg^Nm9rn8e0~Nrl?7Jo=w<@Z+3UXPI*ULfK6?LJTaG~t$lb(6p zfUw0E2Gbe8?Nj*7^-Z{jtssj5Hy@1Y{MsWqiZ6nNj(7#9O_p)4}{Hi%16-`>MJ}D`{k+rW$f?Hje(lq=+=$KM`*;R|33=T)T(~SmWPCb-;=*$uPP1 zo(2{L1U^wvy1$sIS?9vi8_;UgAFVi2UYo7camoy6!;KN-*i;ynOAy4?v9F+TvGrCS zKvQJ&LZhzz`XF9W_^s9aLaxIBIg$C>Z57}mW{S@QSLMFx%>C#fLI0`362(Q0F_<-^#|wq8iU-YzY8 zMO`TKHtj~cAFcP;5A~ltp2m!twZ6=KS7=S6sPYbQ6dSk!EmuZf_@A^Cw*@c@uC@6N zrdZHVB13ASwf;a6o|6#}fLkT{_Hk*Z(wqu9CWQIgk{<&@?=J@AePx$zCSa~4c`>-! zjukMtEEOLZ>bsy%cn|KcU#7*g4?hAq_>)slB^^}s>|IbzVn({chh`{KP?vWjj}ZCKjKZ3YooI~ zHY-rI*)OjegP=FsQmb^npFUk{$Tn#ByL*hJ7*LJ3`}6Rsw-zgB%&FPKlyL8W)UO85 zbi<-#V)mZR3jVw9*UO|7E~iEv5xJX`-rP(nyk0BJ6L-F(9|x>;lMc&cfnLs?MTSn+ z*xptzprfGJDk@TfoiyTKY;OSzFN7t0D}njn1pWHqt$74C;x<6=nx%|kTLT#O1j0ok z!XEYeLzOt-$88XWCp@v}r{Fo03YGkR;OYDG-V=jK@6CQ+(5;t5v?@LY!`=Eo7364G{4@yc|)|KEB` z`(-HHHGLEz%$xtk90>up)htkSUz?pvWgj2T`ZsgdKkS^Er-Zj)91kCTBGVe52s#!)$MeQ z zxed7#5}(HZ*Oj{6b?Duvkv1KK+FKr~DV*t3jR2DcI=}m@83%GOD$txDf8xA73}Z&% zgAe*(b}gl|>I=|xj#4r$yW1mNa`B;szIb)7V(5N0q=@fjNB zpLuLDN_fC(U`(1R@{_U+YN zB|e43=DwHfH_p0uReAsrfJ|)6ruiaVUorgMyfwaz>J>mI65_BcA3l$w>{na=ILoe; zcXK=jhwsaSZ#?;`Tg5!}3#odD`If>5FFE0=4!@vOM{Wu3B2QzmckvJRm8ZN=x>~F~ z2h~sVn_>sI|K|h^)~SM(bV0R-%$MumK_N)`w!-lfPwkgVO-JF#5LTYMx(n^8=_sev zqkBzOPiiTV=-?^QD3B44Waj)fyalI+<`tsOaHvD zs4F>(d0h$nE>THyt&bwc?%PBx63cHJab-AW^BGxfL+)z-#(unkpKFubi2b>A%NFjH zkXJ_CvLKWQ44o0l=<}-aaP{3Xuwqv>T>;-{WAf~^QCxN2@sr2u#hT5NilzULCnr&z(qfs+v$5Zn@8E!$ISG_>nn4x&YN+FesoFgT(wquX8o z{iie^_@08eku#0A7bruUF48=JN({x-1oR82fIZAGit<=@jt1Tk(LJdEuLu~gnjh|p z9kG;-yq8!d3~t&Y6M+!~$N1G>$PuqeN_8N&B-?SccM{bcb+?nENIrqA;_#Z)?n=^k zW{arzaDR%IDH_ons?a3PG>b>}r3yb{&VSWVYndOTX=Eg_lGIFz_Kx^BP!9! z@035W;FWSU_ZkKNi{a0?c{!B(qR5F_xHM1P>QFNmj1P0%t)=<7#<u*Zpxo)uq3!(N|f`nfu}DlDLxm`w&H_=*9{Mv-4pV zKvU5Mwo_b|%ku$wWUv5hx3vZ|OQP=mxT_QTQt2+}VPxlj2fr0>{;2SxWL(#{nz+B@ z>bq9QR_qRB|1eTg7%_xILuSl87@pUyX}qFnozPoSW=M1Rlqc~IXM)J*?-)X9T&Wq~ z66edI@ZZom(RyW=^$06v&0b+2H|E2X^f8l9>;X61+H9nQmOP}6!TpA7B`w4KnO81MRiKsp zouPN`0CECu{A;!7jL_1U7Tyt9#aKcwB_m{z!Uhu4KT?zyH|n|%;6GWuNeaHgn}TDz z-8Nvrha5QxB0)MPSOdHZV0z)TVS22uxtwwgqdFq54xXI`>7a%2+Kp!TBbmL3AwO#7Uj*A zuHTMMTS>{O?hvFCooXloGj+)pUn(Sk-5-Hev0CmD1e7MCkn<-{nMkVr)uFittolVl zK}e3uEak(Ef&fq=W!zS(_k5qepicL}FZr8a4J#O~BH%PIl#Dp`nCC@HI*#uaXF5j1 z3Ye96ZH(z!YhINaCiZE#S{IT=z&%V|E~U4drvn4I-IdQJXrvL$0*CVs4hPd4!}5;Q zwm7qiqy2nq8?wFlP}HmdIqlC?-#>{>}Fhs`Na0tfG#ns1^vbhOoHaE1OdGQyvP*U zk2j0|EYzieFPQLbikJRL6^p3jS!1SxAYdiY*4wX8LKw%Y)ByHyzQ<(yJ={nMEa2C~ zMjZfCKNgv8!!B7J)7w)DE?c|W2F2|>qzS-5m?qQA&d7icw9`t(1)QmJotK)5u$4sI z(7lKIm7w*DVlGE*wxM*_IXgJvecMT;2V$hFq90R z>S)Eq#z594^dvxk>5_Hyj-MdA9$lK<-mhncwd!ww1dE;Ee2TQp!!cBp79*Wc0<_v* zU7hA)^&V;@FU8(*R1H~ug8q-DsS^{`LVgym=UgPHpnL)`W3vBsM!Kra|X&@S@GImmHzre28C*v2g=)n z|Hsjl$20x7@m#s*D3#jS91)Rpu(^#Ul_PDgNxn$PwYihXu~NwrD+02ztLd5UW?=Sz_>+|_M&-;1a$79O8sQ)QwXVovnw${_er{g5ll&wbI z?nDAAE1Qhx3Xsvg;-6Z8(^#+Ig(!(&Vl2hVG1dGDe(TIBM<;@9Sk%QTwX>Y_x27u4 zkHLOLCo;Wq5Fzsmml;hDabibwRhtCE-wH^wnDhKwMIEUXLEfORWS8(Se%1R~XR5~? zYn+nN-^#}t;d3+I=}1e|gknhc%)R%z4%3_cHx%DK{*fwi_nm(8eN6P+E2QuxH<}_0 z@}o)6*WU(FDe;s<^b-yaJWA>sV*FmQ{mFUOH$BT@c;9Ug7J}Hj<~&P-%;*aKK|zCm zEq*ziJ#)>_UWyx7i}j^neTdZ+G(qu#arFKK;$z3wt5>mT{SWZlGLnB4M-7q7|HVil zffa(qy#hSD23YvVQE+Dz*kfV0L>RRgG{%nJ0WQLy-N(H(cDWti3h#6B6kg+pTV33M zsNo*(<7)Y)-^S08PRdhl!dP(Q=d%v5+;PE&xO#UPm>>~-mVZ-0RgjMveSM$D)TS{G z7$*63_JM^lQG0(kjOJ9353sb&|ICY!uR-@gxx!|#gT5XWk@GJN-h=@t`xt)M=;ud- zp*>9O0cHITV7XwK2q@ua!yjUYbHcA4GG%UYTAJM||b3U(P@)?x%)BZ{N+0=#4 zWp>nB7b>M7S_$}iU!Gf3)}OCbUVE2-l(r!w#{rA35&*oSR;wT59l9d(gX0@-RY`LD z-nI2RRfBSnwH~KUuTyXOnGoBsRHrlCTPj}_k8tP4fZh0=z<*0~61->10C-1wQNHPP z1Ow*C&tfb~dJ~oF@asY%LqAY4JGS0(`CF@3Ea9OKI!$C40sNgNqd~uC?g#a~OcEBH z+drLX@TcU5iGK6`;HXvjYtS!XJs6Gx2mnh#AmQ+hkH+EIL@j6zwJ3)FF5~B{ayFl% zvA>fw$-V!*7`uLI2fvOrXSqplP4hvw@N&81Vl1HzG7bqgXvw)S{@tGM*@_Ef!t_6THZ7Tn>J_WkHrWR-EmAV{iBF zHbvv`x?)bqp_R?rqXPQH=9L`WUm+8M0-$6o^G!z*uMz+xH>LW_He>NQ?)xP(GVonr zbg+i#~CO#BUkH|WKJSth*jn>iPV zX-Vsk9^$cd;k7j5<#P1dh1W|~L>~J4qtGs}wKlG=YQa$t^YRHg9?YhGgOntnV8V(i z6)hQhG6$Z>?`7w;znB+}*7|Xy4BTfjJ8r#seckXY^%ph)3hzPdMUbOJhvojf!yZ5^ zA9@(|$?vL5$bqYDoy!9S>;HPRCo70-6)fh(w#ai|fiB1c8n3WZk9ha@1if4JlSMdP zJlH1+L0!x%EKX!m9k}^9)YmtgJSZpYRJGX&kHE)!+&%znF&O}v{Tg`jH!awMpy8MW z1JvJh;AJOeUd9QwOg`xi6ndF~Dl^v1ZoABgq%HKp9+NimOj@rik$%=Jhzav11`$uY zYYsIdPjhhDNDmNupSQ(tqF%k5iwBVa_;PkSN`lQpAHCoAwJJ%3`WR=!PkKWERk2JS z&pZ!soY>?ctsXG=BeDryx-lpD2~s z=`3ZD2i4<=V;OhSPLhYy3`Vcv)1OjR%`|5z-*7Yqdw(gae2^)DD!*0OvIzKDn)jx= zMDAG#@Vt7fE8;krug3nsSg}!LgZb0&Xo2&b#CL72@P*-F3RXiNmenT6qxYyLNpC0% z4;4}!qD%wS!k7VWeQ@~tCEl%HP|_Fh)YYRQ|79Wfvqn?ZbI`qpZ_J%=-XbfWVdd|R zGq;UFfIy|4r~NHTtrbYazL;w)Sc!ZOVk2}fgZhJ3pa}d%3vlY7alpissR`mURN<c0(5F;6HjE8e>_FiK{^WAyF11GNR%7-68m#!v{2@5_3_K^c<%b zdVv{vtMmJ?(QC}b?3tauG*RC{v!}Qcs~P3dW1fTFv5wS?3Wt2Su{mg+JyvD;4t(O$ z@>^&!mBll)nHv)~-|o5+y_;1zb1Gi$9YT5xClU@XV>)9rU5j{95dDn0er zuboIs4rDeg0JXi;y(vq8=PleLhffNpqx_}CXg^QySvz_yCTK%w9(+IsUYt~8iOKPI z&q5v@YBDBzg9u>l`68CdYS04fuC*%RI6RN|>b*%O1vq-i+T7y0Zl<=z!`rp1JEOp8BOxv+vmEMczgWT*wvtu;EiazpM z_D1eS$AkM{?Eu!3 zIl%aW`qgE5F1h}OkmeLBCSf_FZa&!GA{TFlGiia>_;cOUPn`BW&lYo^m$ z)-?AT#8j(q6zn-p z?hw`fDBNN8NJQ=&IMc#+FdW4D>_pgc{RUmt(P4P>f` z@K~lHV`lXB2@UGoMKY*pu zd@g)v_1rUoYwVT3iujQ6j@yi*0$|@*;?EufZno53tyc~m4T9HuHHA?7UJ-rM_anls z4`mlx%9QDslRDs*X|H362RSjO^gGp#op6zZ5B~YPAgk8D#7jtocHku;k`A8xHFuG-$^!xhGG!HJFiQmoN5 z>YbSRhBjs^e8{$~;U)a6v1Sj2A713*0F=u3w83QygK1Xn2xz1^=~ zgt&iUx4DRCo?1Y^`-wxUv3D3&PPnI?>zTD_Z`pSG0WE=GZ5KZbFnoqT+tH^`5iXjEud_RjvX za}`PdHfzCbI|YcqtC}A+GPo}(>Fu-RZK#)GX5JA`p(%LDA# z;SW7Q6uFBK>Su@bgyV4V477feYVe<2OUn4_fc5c|GeCqCLu4`LwfN@j^X=bFyH2JE zQ=W$ydjb4lp%yS!n@Gcx^)z1l0t(Low1Nt|zH_~t4}RgX?(<;K2(GQxju+UUchxKu z9pJ;=I#}s#O#G9^B_)95fbE>y1Z6E2pyncy@K1YeOK(s-3?iujA2``47MmRmIt)8? z|F;x?RB{W$Bc(`dVBmSLV5B&@og}^>5EI^CgZ>&wTTosE$L-ItS_FHEyC-Bn!#%{` z%8nzsYn!u5w75?@jU_+}y`Gl%5Uu&mpUL+UEqZ=adOuxH zPhrLNux$fBI6QwTET)X6zp(t#pjs-*xJ^31UJBXn@)&hM87|X zLlRRF{5f%jF^3ca0E%QE$mn|!0u|w`;FVLD=Er+AQU5K-+woKZLhuCJvH7OKc|dmw zaQ~)%u}2i_msE?g3oR0B)P&f&7;=wPN(>L&XRvBaZ8YVIxL(bmZ#oWi9mX{`PQr^_ z))n;YxGE_*OtGzAEHY`00qfk7l)S>w7YaYT0m1nW`kd#Oavgfj8P2(1YQJwmPA!db zXy|H%MSX^=@$8fs)E~_cZaIB>W&7`sc=>zE03e@HQH7Wx*x2>ak{3~?HH52Aw}+l@ zm&YiX5Dypq3Opl-F#XhE#`6QfX3{=gIr2AwZSjgIM3@`H@OiBfoNaJ>#Ie!LFnr3m zoHuvq6}PNb<+(AT0hg?Y2?lkLbbg;(ybm6{qEPVw0A!wVrkeO_#`!+-7}q$lF|Q2# zt@FvqzvjN1dZ>Xnl$J84HUS%!#U&EQ|Eo2Xi=>7pHb&KB&^2R}v7YoVBpMnMek2%l zm8Ey7qoJJSE=3|MHZ7iY>O^TuNUbealnBAkaT1B^A1*CBBo>dSKft#-t@AVCx9&$h z3Qk@cYuYxi!UR2=Y5g+WkscWW0=U#o6Eo00=H%|~o5q$i-}eO@EA3ss&wdB@IJWXN zKG?=}*>Iuj!v(=CYUQ$7_DojI5VmFkmce?6Z_Rk*o8H4aVJr$6Cis1s1VOo!>7b2w@yKMN!BVtm8kawdX++mLaXM;mNqwCGN?Ptp&C=&VBP> z0b_qrvtIzIptv1O}RDpjP%34PXs1vE0H;Iz8aj^{a;3c4)twk4M1wYWFfx)~JQ zmmsueda?ytQ&CWZ_o`pI5Zg-@hqcI7OiR9;efHvE9y>+$L71z8UA4B51*__2_W>Mj zZ0NkluV`Dr@(JL6_fL5zQ1;X^L?s6c$3NE14}A79-GH$AAOV#XsX18PD~ILb7y z{$CUE(~}n!>NHm=vsM5zr59uGgM@iaVO+5YQ#b`C2{5#Gk^aNdA)E`zmp|3BH zK={iKI7>+`C6%Ti#N%(U2p8UInH;6M*)URY3g}dV^EH zcEg@NnQG8zy4-`lNv{q#w>|OC^h+GcT#)NnQ(jCEgYzRCpr@8oWAg7Rea4`va)~($ zp4T{QH53`ZnN=QEB*cI+%cj781y^d4beVmxYF4zaajq}x3Jzi%w^$lZh6M=J5m=Z> zYj-C+bX1pcoF#D+%FL7lJT}rjCh;>ZDI2})VWa5GJA*)lFFl*tMg53fzj!lg2R(xG z9Dg{5)9I>Dy}%g_o}Ra7z}6JX^ik(=F`?B-NFcc>tjK6bD_nO< zlHK+qbJ*V+RcF*zLF29nBO6o$DvG6PRQ7sjhbQYH>k(>C=J%C zdmnReH*7!g-WtkO@7jFcesv4>B&82O9}>ZKWg;o;x1I6pEI8D9tYxpY<2Kf zhddcp+`j5@>HKIjT|zo%tOl^yiQM|`W=8x!z#Cb*TcCIbnVZFb64r!%c`5ybUz?Ro zuyiFQquegOk$8ny4F~NFI*Dam4IiPq7E4RByqh!lC4H;V)M87&61>Q^A)?Gphls z=4i8$98He$TAHcmuv#c5MPuXI^U#Hp*)#luaIHQ-s-kG5;*6?5XLE&+>s8W)X& zIJ2|j!6Rxn%Jl&c;?Bn7kUS5AIG_x_EJ7ZY@J?vFEZaePBfI9)Z>Vt5_yQ=LdQ@ld zVk?H3s01}<>0O+LiRh(et7p2aF!(&c!H@Pjl$NFONG9P&0 z7kY|jj-9i=n+OOrT&PFjxu}DIcE%tqRqh(wp;l~NF_dP?nO>Iz1UNDWaaO#!5r|~o zwbujQQ8balm?W^@StK2SLSk5p9Slns2AVo%jEZ=k+Fj~+Dr26O(%$yD+74401B6}! z0@kjSJL#fid{=`KPY|v1q6_tPT@sw2#G`&KMG5+xT2yD58k54kRjjd?f49g$h3Cx? zt}e|!z+YZg*M^XD8K#rNH>{S+U*x93g!}Vw_u+1#mnrB1{0*tVfnu*0o;^~*Kw<2Z zn9PUG{q*Neq+oOSAD8}vb2FZf?sOhPJx-M1 zR`OU0`h%1Sy4bqrR816vivnQ}N_*e!tm$a+V}!e)Uzmj7+N}g`Z+r+@6r1U=wcO1dx-O+g(WVW&U{+5dumg?EwVFy#rZs7EGhPtOksC9$yGU z)rtEM^hH4sw{(}|$?g35O$Ij$mdLN~94-f3W>32i1Q?TjF|~id>hK>iMjEi1DmAr2 z5Po7H%)*#<_|bDd{A_5BVmJJ0a8YKC_D?Vziv>~?Nv|*$aKyVe+L)5)_5EzBkP%0y6!?g4|RHJ+CQ zgUpFzN}BS{YV5s&LA&G2DhFs~ZDO5IOvDAmYfX0ze$T6}^{?oN>e0utWttkR4%^AR&vx?QT5&#b5gbVbh0+j?bhJJaWUr|scOQ=p zpH@Y)vhc>R7LY9NB5#U%*e3QF75K+BzJrVce0B$YTwf%jGhH3Y9y9!Q5VzQg4nT9%#;S9xmiWDZmGXzi8j2Pj zEs%~s$gr}Vi?d^k<|~20AVrGQ=6wWp|QrhuWC8Zdh$gf-u84T zQ}i1xC6-vD-M3o$3zL7+{tN0*Pm5=+D*H@{qOdBy+J3G^Z7^K-S_4iH6k|GZMu{gP zZ|42)@5zEd{Khz*xc?hXA))am?WjZOw~Y0q^!i##RALWV4ag?xJ2$%Yxu)|QSV|vY z)P$nxt9^FF`{#un_SUpio)UdgE^t+ z6S9vdaq;UT7TTLPo-D|)5W`9PIy*LU@wMsCbrFI2#@2PSGC2;to6T?fp;F@_WdST9(U%dP8#+X zWhpSLYL`A=e}g+PH#MQQ3XI}G`@iGGAUB^78hV3dwb{k^%O!V#C!mUqRuABvh<<~m zV(4k~aejDi_}ax^n4lRLffe>W($;xsa%5xnxgeO3BSZ zM>cb~@HE_xxhgZvDcpji_!xW{{uH0Ls+A9HpcU977n%T`-XSzaAL!pMQ8a~~x4zY{ zm)>hEHZCc-Flv{~Sou!~$X@B5)5ZsZ_NL-~rPj_87T|Z$c$8mEn-EUDJ^HW#*Cm+4 zr;WP!mCLHpMSc2Zh^oD!_i*ctanU~|s(fxH{A?c}1L`7i6ZHu~kYdsS97{D%Q_nk5 zzr4dKH;zm_-GXj?nVgRc zM51`&40Ff$i*yNcR8VD2QW(p1Oi_>hrPlu?fNKf#jx`V?oO%sr&wfhlvKs!6Fivt8 z)6kQ}#o)!{mWDj64U~C6i=FA7CFlFoyN1<<;72P>qtl#2rP-wgHR#5rG)C{+2{ii!t2+4fH4o8Bq{d3&5jFYWomI-j|1Tq!OfTs&{n!V7N*BO3}hEf1zrz5Dy@qO z@N=w#tQ{cp>l5>5j#S{!lEfHxtWV*pO=wO{9pHUb?jNRrUtv0`?LtYc?|Pd5R?Y8R zF+8uv&iHr$1DxCLmhB86yQyBfR-HBpt8jQr>liYYt^{EjD0!C_m^Qn61pD%N%t3{^ z2@2iiO&IqsaUc@!xNIEC$$bdHnG+wiKW2n4IhYdFnbuQ4l$l;oo}vk8l)v$ASv(8E z4L5y6J?~drjde9L4=kshJW_wLL9A z7CP3lCr$w{?8u4Y@$Tp6Z%^q82Jjm0X!%g{@F&p;*>J!Slg)h!41Mv!_Me_Dy`0fx z#8UwqST&thLxz&HK0c|Ks?tOp)NZ<2P0?oLhN?^-K7)wROcM8pWX_74!){{_NyD_)5qD zn+o)I9>@sHNLG(s>L{-}V#-#$kgdpa8>Y0unB6)m+3vfhpx~3h!mN`YE~mr}zXsIy zdJ%l}L50bee1KWEy6y6jNBc^*skKOT_2jGwDnurvXU z!K_J&Jirf@ki{K`G4~;fc6ThcEl`0V8cpO0p;5Rrh}f7NcR_yC2|Y37aVbMY8E^YaAwB@=Lzst=3h53zaDtLuu!1Sms4D^xdPd0iPMUNK5MbPdNr(k`u%>A~ zcl7Zfs9-whH>nc|W#+w|0%Kpv(a`{;@K*Vp3>CS>s%i}aJxlfMiG|@9m;_s6aWZm_ z)PsCVHQZ$%7)$+YYAKNwykoJUhH$7FF|ntzyDHx4ZeCmG6X%WIu1Uv~eU$nG^1S@p z9K?(89X#{asb(Sn8d}qpddMO^s%I(djMrsm^#MHS0x@VtOIWA}@b3!pNO6y7?d!5K zD7*WfG^6w$ew)zf*>$MNB|vHKW7h*9bW@$_Dv^Ijo}t^r3HQYthXXtpTvRLBoHKx_~kU%ql@zT zh4KFT07^JyZvq>(HJ$^{4154myk?v@kEqKTwykLD2dufR@l$H8e}YEX#%z zK`A&oC&^}sH=(0wYKJWdHRWH9LrHwIl;heWN6zzn@y;zga8%+6{?`>4^8sGT%=W$Q<-#+eJuJ z)t{}yd8jq#{eh)b3qN}e+n{+uY(WzA-uJ<#DZset$Q@bv*briEw8cIU557%nm=xfd zcdEIutMPNr3E;`afu+Ipdtq&);SioU-3eFiks=i`J5<6JhhE~nO7ISnl?hjPlj;n(MliSQQZyVzp-dKK91y%h!Kno+NA3sb=l^H*nY=p)KrX-kv}-28;6 zA-(w5LlnTnaN#j{eetdHOZVyw{_-Lgc@~VLb=G8r*ry*$WYuWs)c!yDB0OcDwZy^MLq8QHEQpY+~GmIUPKwPe@BX zn5m2M-v{#37c0ir9Y2NwtcHL#a)BiFkSO+0KZGU%!{ww7;?Wll+N8!Tbq>Nuk6$zD zFEGC(9{k#GcsU%yvhKHSO|^!<^s){Fi3S(VdZ4;gp#?G5GSp28<~)q(c#?bB4}Gi# z@VigofHf-mIW;(GXZ`N>MvDv(IZd>dfTVz=D*7f_1KQb zgKq_)FF4XCxmx*rA`zaCd544|h=t`hn}myVoEBaW1o<&;epQorvuZ5Z-GSreXH%uw zy3QybKdYeyl;m8V)<_vos*dL{^ejRx84SnY5k;oZh}Ncc}YsT+WD#Io}IYUc8om2Ww0$?t?4! z+S;q|_zsmG&yMqIFQa`&gDn#EpJPwET^XVS z|E`)W9nGexRfs~8!2i*|{gDD1ga2ib2qE%f4J9rRM3+E7!G%Q> z9c(mV&J*xd7@z*D{M7xvpkdsizF0SU-m%pfQFO}wm__+-(lwlq^WITyMs~S$<0g4h z!c2!ZFe*U|YK<7BEqo0tQ^|CXi3gj(Eubo$Z?y$Q+1fp;59FxJ<{Lsam{kN*17D>q zY6oyxKsKl^wO(?MD)qv zw6z)lkpo5)$yj~8OCg{ruKC@SW-i9eO!GAh@Xe~w8rOspqe}n zPOL8ilmTxD8yr(3!w}k{v^Ql-&-GPfXTVD2MM<~-g6PTalZ+_o0ZQ955cw4Y zK&D)$gMnaD+ybiJ>n`PY@|^UR-=o8PaLla&K2zp1CO{7zfcPIK^`P&#UdnTCIXEk) zzuDZ*WAyiOe%wdKWYjif3oonRoQbMj{a!a&39%PvDB+^sx0FzkprTC>VX@1(u`~>ZVsb7L6NS8D^+kPQACF5s$v3e<*%7>EjuC`yW%MQ?GgE)nM3-W0Sl(4&V08 z+&}`fZWJ|A#joRTL^6U}sie+YRgz|#!R5?AT4y<$fxKIf=LgFExn@vA+d|DLjZu7X zLN>Wjz8q~}4JaRl*pW2Ec}}OFQk&HZCKi7!bBxkS#9R2u%)%`TqTXNOP1F_4EPth+ zOKYd7;{NZ%((Hz{lF!@Ah{u9*LaR^UUYGkGw5iQG0@qS;wqHbPseJit&hzE!UzRW+ zsJug|r|h-Hj=%C}1vQ@xzG0nVfpSuK;U~TI&iv5`R@r<}Q?&FY;ak_&-}>Ep-;Y1p z@dQY=V2k3o`)q7h*M?dw@l?wn#54rp7c}xwriLjJrsA#p1LMwtpoD#bPPoajmQyAm zHuJOz{m*9clf}4?`NC`44zn@F{{Q^xuWow#rbC(O4MImeKu$2Pp0~x=uOWciNkblP zn3nwd_Gteh9!H?F-H1%g7Lic*!U54D^=O$e-iU^~@6*ejJG$lnipv8q?Qexa$ZTcpq$7O#w1*EZEyoJL@ZRn?Yi|Nsx?qVfY^IFgIo3c+URG z(GW5UWWj!_uptf4pG{sY_)$yu1@5F>%ibU4E(rJoWvv!8Z?L z)|s1uAksESg_v19UiH=~#Ogk{Em54~K6v976hu8r)zm9e!^{n6~>R$5yk=iBe&POqYa?}h^u>VsgY$b&y*5JaQzZSDB=rgVHZ@Yk)4@WS0-(OpvtpI*eO zNO%Lp0WfnmfdleZ!BEksgkb$Q$}`yYPHF}2C~1QwwNQDD>1C?dEHuTlv-xafzaFJ| z=UZ1VEC|YaTcc(j3=pygG+o(HOC%<@uj*Z3y)eVQo%7$z0SgobrDRNhiB|1=+0eG7-xDZ!jj$2WR+t8=U5flWkbMO z#9g|3PFRk^tnS6-Vm4PPxDRBNM@T5|AWILxbSMx#LfCh+|1y= zLr-r9TDoF!E0de1mWZT32N|QdOVdsQc;MD0@I=k+d6fI4ZZi~u0}qlc1W`QQ*be|A ze~7Q_`y`k{h=ZH^vtl2DAZecLrypO%*zL*R`7u4qiEw$O&4(o9gCL*okj+qMd88ry z4>TpEO-o_0YqmcI7iuGGJV$*nH8fp}l3wV4%!f0&P2+aC*?0Dc+uxgpG$#WBQ||an z=ZO6f6%*>>RP8_HTM@eP6(Rayfnp4*rS_vshjKf_KddXdw0$VGxuU3_V0u2nVy-**ctnlU$Ud8S~ho>Mm=gML(IdEu(X*7 z8;~qlD66d>j4S`|ej{+5fKjt>Uz7x8BAByt4z5p@$p^VMu~-ixko+%HieNe{BS!U6 z&c}SIznor*M5u@5M3(SJq?He+#B|^8)c9h>NguY&b-SQKrTOr3rc6)P4#B;apYhnk-ZE}yLT9+=f|K5gFYtS50=G+c-k z^imjdAFOh_fbUVYF|j0fs{s%@-|cQ^DT>X(aj)$EN}Yk+`{SFAh~Cb;M@wbj3jk5~ zF4Q2`iF?XnCt@WM#PVT#V$HCA-OK1bexv2dUD`3+Cq3S&P1(ojT1BcGNSrjh9%KV5 zhRdO|W(-r|R^j(|7N`{sYn}Rw@x%}rR!xo1Kq6pdrB@NxIbBUB!gxr0+62E2D&)

me!C;~5$Lr~9UD zTMc2szh7W3S{yAu`+%hTU!81Rp@X;cb2|_~H(c zxN4g?hA69e-TwOB^%|Xtyf+Iu8x!~T_)Jj=U~M(^ff&R}yq|F`ZLujyP`wYta3F`5 zPOY}=gBJMhygEvG9Jmw4i@FJJ+4|`^Kvs7lka^!%EuE~Xov{m)Ayl_P@p0f zVN{xtz+w*5(TC=qQn?g!Qv?`}d7*B{K6d{0e_YrYP8|OFmdgQ%3=XVk^>F763=bLjwOIhuXSur`V!3s?s0V@kXim++ z9Vtn;5rkljq6V*3wJ!7Nrw903@lh6Qn05I+qY6@?S{=&z65eJuFh`L_I^3vQ(Fpo= z9~b}m(`cR|f%WFt{G9T-Vy%d3>*>6=So0iY35)54PY;o!m>DK#BlRTg=MDla#vvLX zJoI5-5Dzn_NK+?iC~L0%@9)>57VN+<8AZrs26*esk6UhZda&wz>t%w8V5sMbkOxEg zHGoVmWCYqtJL}lR(iwMr&%zFTX#;L@k=fD8btYhzg3QR3vs8#TS+1<|F8j*_*ki7QIhvx1=yp1g!9c+77GdaYi?wFGlWo0eJ8UP7-d$ z3I8&*Z!}buN%7J$*_~_q1sH`yWER!%b5#o#!O6FL(~ID>K*Et-^@KrzNh@Q>>6~b* z3HyjqbkyyR;$o}>Z*en{pXbi3F5wjK`3Xu&4W)6dbGzd2e+lE4B%T|XfjUj{3!SgY zIXV0L`WE(`j{ksetLi)LB!l~%?2t6xjb<=>WFv<{4h1$nqh3~+thpnhj5}fQ*i4W- zbF-MG&hEnxwrQW(W~W-Cj@UF%o41N(W-W`5-_b^!(?7gN8@^Jb*_PPV^huAFH zOyoPkm6ApD+0@3p<$75B3=od>WBr@==W^M)PVVXAo z!(p;iHYV;YGZu+@{>W!Dk@;XI9WaV#!ZqWK=`xF7YVLTr=cd#E+FV0r=S2rEJI%v9 z?g>$$kbTWEzVlB~plzKHprWd_YdSSN@$T#a8Y75ZcUc&3! zH|@69mH(FHpeL@&C@{*{x(>37T656Q9apHFjMIqy-TTM(RNrkHsZK%zcQCTd7kgQ+ zi4Ft#w^{8pH7YpZ9;yq}lJ#$fmy7!t)N+~R z2_M~9JideM6BlQX;GKln7NjoJgrwJ7>y%FhQ}pUVR;e0h+edbzSA> zC;O*GAwZA1#6E{l|M!EBd@g3i&Z+_PTMuh`RxL}R?qpsu%Z=_-b@c$`nZo2g*X2;n z&gCz4d&XDhgxDlJ8fWi#WTm6zMa1mlH+tkJ5qy3ypyu7QHAgg81Q}0Ii&`x6k#8iB z#|1-me~=2(^{0>QbsNoD3;UP8w2X}_p-idREvcH-Ng*X*=i1xVL7-`{E=HqfnanuEeLDYD zF;&If&VSuHK*@=khMRIar?miz!~I$s9r%K}Dp~ng;f648hW&Naop$&$#a^iiwN!XY zU+ixwB#|c~pHF(Llw8=P5w`RG;Qcaw~_GFU)Kbn={$>5flPWFUGXCklMQiRbWn)UqA>-z!L#?60qP^R&|CNI zcRA-Y|CPck@mAtSBDidKT0SpeCudFkt@u8{;q0sC^d#`Ph;cRQ#1005G1w4)j4;@5 zO@~vL>#vYz+JWfX#Pu<`sofDMGo{?0RN?mF&)P}6DpwZ*EIqu>D|boZ#CZ$um;s9A z+Rs%Jr!;skWEb9%kOwU2H#$FvFxGuS)#hxkN9=LrMThJ-ZhTy=xs~5iR^*Lk>QVS3 zs!uHz2ZDqFO2gZXYyluhvd8ko8h*Ikr6pRi2mR$}7>@*}A6Z5>J<`X`X?&B^71Pka znv@Efpc;~@*M&l^mCsy?Bf7qSYw1nMDQDmOKpiyNQ8Y`wCoQs;954Q@eez}k--m?) z;$Hvf)fX(<0`p0$)CWavMc)kU!E)cHGh~9C#p%`qW0lcgLlVK6j$fzW@_k695S z&w#sZs+w=bLIqU?J&1F1vOkK)6Qywbd9KU~#Wvbk$eF;|uSfe+n$TAgZ~zKJ-JN&( z5KA1-@Xa9@n)@3p_QCgiI4_f)nbEV|v&B0pX8yBk?^%Zf3)~%Z=Pdrk;Kn}z>Djy7 zY#w)C?rK^;pG-EILoZT-q2im*uJG-jm-M33`0j_Wnk?T)+}l!*1wDYsgzluf5u}q_ zR5m2{N$pp73PY*AO9VWOQ!g$3fCFl~`DnICVASunAHG6bA&{YKAV z4|&u$HrDj>uH+>x>PF?ta4cj^QLBgjn#?ag<0Z0(~FDd&WD4+|%Lbra#3b0pZ)npKl zgR|#N2}+26mPo6A2NukT2HU?~0;f!~(z=_+$0JKwF!Z8?L3vlq^*cvg7H@qV^fP|X zGn%zsC_nH_oyO2ief~kjhj2qsK*C0Xht$Fyc!6)Woo;vCO}I{p7H?ne;s>9HZQn6c z;%ut=qmRsnf0yy@5bu0@r9{x@PdyOHcZhH!4R#{q7NwYR=2VWW*MmptGe)%;A#8IWp+b($ zedb7$G8>i>a)ymLD$Es$jfiAOBW$iYiV`V(f1iGTe*Szv-tW)*{d_%N&)4(Gaa2;^ zy=pTCD08JD;LOg37R)nmHe*69SsmNrfXp|Q(}&&>K?xS#DM_2Bk_{n5ohK(p$)5GH z1od8F{0WDqkj3>`6QYKn;{L{-0d({2iN!Y$PG3?lF(z>(pN7{3Q%FQ1LsWjm!CCZx z!=9d{FT-eu1c)3QrS>iwZOD`<`eUuU>p#0pxLt2y_#e?HguQcjj(!d7&{W(mt5{17 zlI>2Iz-{9`p^A*-qi7jn8|nIgfI(XULO1hE1U!q2RMYXgx(dE6{lSxBLtF~Y;i}9F zh&gp`@A>DC`w4vbJubik5Lry6>}EU+9^1=U1re>Jc+1iNA1$eS+P~)paIhtJd-qjCR4xpUp7c$53zX>Mq=Md&(WBGvuqUy)zvnQrtuC!(6 zi@cyqnX$;H}S zPqv#1yhCeIC^TK!5#7bTQyP=h8{tf4X~zjq{cGlPGt)D4|E`o{%ak^sc=f#Uq*w*- zoh2dLY4mUV)-!Jh@5R5Y)_LflT#qST73T@;L0yu2e}}s^j znBL5+!e7-*c5Hn%7PyntPo)R*BqHY>3yil-eGf)1_Y65}w137EM5JznGKxPke6OF! zdQ6!AHk})AYrG}SK|6;Z45sXZ&-+ibxln0{1+z2jfUOIocZBtI2!_;HXI@k|8qI!D zDI4i>4&H)o-E8H=lvfZ3UT@7P->RV&be_WO%>wKAPRVVpY2A4s^GBoSo+Ndw!tzaF zd%|v68e0{w80nnQ$!EJocRfT8*b9?17@Nbsc+cUUJah_37|+sV)>k>%&6Sfp(|TYz zVCRQLoXEJ!oY{TrJ@tw@kC;@l5t4=U-Gxj?4~37taJkE=LYt9H@3wfcfP$%5w^{M! zCI*RDS^8%5Y0?tKaYoBA3lz!eDTk3dVjme6+Cnjm{TJlLhH5e9%p<|r70WYtz!EgP zkQ)_@oro)w3YMu|M_fbYAC0E$?wNS<+tLjF1zXW6T-o;LpvStwkrBY;zW{y*^bC4X z`p(Aa-@n4nU@z_|xR%Ludny0uosw*-!JmCeu-E_nmdD4)v?n-G?h1T~`raSdCfAL~ zWSS#u`Z_$>zzkyC=aUVb-0ShsAZK+w2Ek+wFtt@-N~37?7CD{Ryt~0CvWuKw0jV>> z7a1?Eg)bz)SG_Q@cb$qLuXr_n1z zv5_8h1Y8rL=F>hLZ67|@7HGp1yR-G_rh&~uP*u_x;KkIU(9S*e-@yfOF#~WN$e8_1 zDu5JJQz=|Vm3fN#yU3Jzz*?J(*68i%rp|{vR`{{@+xrrR)HxymuuwikHFcd|wHDYs zUmxNNEYA~q8K{V#WjN9v%ihfKyydyM_aiK}^?F_`;V{eT;Jn#Y#$RUUdaqhFSohRH zUkgXms<;w8{ErfVL+U~wL$>?~x|^nx2G<#>XQc)A<))bkB}1y{j!jn%!D(I-sxb^F zQKT6#9vHf1w&Q#;oHENI3&!+Oh(OFZdB4?{AJOb+yPk{u_6|PtE~GzH_R!YlPNLg? zIi_mf(!D4D4(0#p3dEIcrybY+W4)pL`oR69@y64T5882GEYUqA8k|vy%JO7?|74H8 z2C3yumN5~pc-KvTjxSWAZu=7eS%oh!Lp(pK%Rm{?*$ONWRXO`C^R^zw91_I$k|l`l z%GVU$hd(xdAhsoK1QCkaIK)}_%;ZDTfd>lRFFmfcX@<)(DG9&>aBRG6| zs`TvFEIbd2H}MQuCcoIUE;Kf0E~)7MdH>nw!u1M>H~h8G$l9Kdyy2dUD_e&;A&Jbu zcA|02;K=jm>ExE2AF1NDQ~Gyg&YgN4%!z6I+_t|_Amw-!|)r8miYE3>ouZ)yQ$43Zaa5R1eg5TniXYI zCy<78(Iv^ba&2bnH(pWHTYUVv=T2QHFJdiORz^DC*_xPuAVqJO$v}3E=rUZI6Y(Ln zO~!{no!iAOKmKn-{i!5fOXD}#ji^$u<7oL zyH4j(^$S=DKNRfN*f*|)y4lA*Ix=b67gHw-y=GZE&& zc3FUf;tyVtN_IX+74Y{5fXl5-0F{InSoPFjn6n;|6UiDBx2tPswfJHFKiqoK$1U2CJ+Pc|1vCK2HVSoXFKsm5OJgcERGh{4`W1r=y`|^zu$|KLKB@c zqkRrne)YSh!;vtqquqv(a>1d5n|(iMIySOSZO_BUJ5-_4!+sp3e|zz#F$lZ zH?)4ZUaUw;Udq_(CAQCWS7DgS%HUt;L_%)WVS~R{1Wfe*sv2^!ic)uqYS#91rHg|O~Tq}c};mmZJ!sfJ)Uzb8uWfO#gHf3kfz&yvAIFJ{x z@rnBC!ST3CNAhvjJhuJJyvR{jnN{A|Jv2)*(zAOwNIgdMn(b4c2LHj7F=c{HhR(Rojyr$jZnO+`n# zlwkY(%zk?^g!ay*MkSAi0j>bOW?IQc(EMr%Ihy#VJQJc?o#A8HA7Z$8U}()gg(u06 zNLEs$XS_~-Qf3vB{fF>OHRRTPXhCNr;Xt~ZfbMWW>F$#4pK9@!Zb(rB|K!FPH{lYb zt^nEZF@Fj{1QP)b@IU?cc9q3`+FSCH3!zEg=^V!8>Biav^lZv$f?fLEzS>JF1Wfv^ z&h6`&$oD0$5a@I}))`A8x(}4|irQa=25T6qqf9rf+QMZ5f(4Kyut`_cWebw&rkS|_ zz#I^w<|=*Xt8IqJ7kB`%znu4AWWpJG@Ym_1sG=qWl+>4_u@s^voA58MmUeK_eM#N%=v)SCc;1URsWa?N z?92vo&@}VZ#~N-9tO8~rx2-&g+qJ$G-2zI6bRU34yErlJrB;=y^l3U$>@?tae<5H( z!AGnntSVJ}J*W3tQT+e=IXjMYA&|?$t;Gx*p57Jt>L)b*l4b4wg%ZzPAD#*E$qQe} z$Xwb9k;ZQ7$gK08QqMpg&ww$Y9d2pIDqKNtx=$~9tjLnL5stxb!hWkyzx;h4?oqRz z1U;J|sa##d4R)>!DR4f~1pRK^1I|{{bKN;Rc?zb97%mUu-aH;8F@3-v*6yJ}_}W@* z4xpE|U)xKLI_nwFnQZKa*B+QnsEQI}FNmsiw43_Hrw7V&??92j`5ZLAvNxZ@2%gVZ z4UT^iY_+NgxQk`dn21wVk~}G%z&{<|=Gu879!}nL^idR~rlM`&|CMFsD9_P!IQ{P6 z^ufsAL&lXlwI>@qCVaBYc%Hez!&*T7oN{XOM7{Kz?ESnH?{+wq{PpuGm!+dJL)RQ6 zf~)nzR$e(QHY#L7Mz9?@v{FWOd(Q8$?=;_hEzcoK?) z){IqB^gyCDqGeLuT5oM;&p@h}7ab@!m}$5cVv+GvQa_qd0&AevS}d`vn=!xH08Uv{ zN`z&|%-8b&M0G^@>I`2i>w2IocngRkShR=wK(3OWDmQ4p_Yhrb>jx#YIE62R!q_7S znccT7^EuC-U++Cx-9p@a{GIK#(hryea4mhV)gR3w0^T~Z$Gi?kI)BM+=l5;Qb>0+3xyI^2?HS0U zKI<}LUBcdqgE~M+vhHb9B3zHMrJVyaoUUAf2R)SUCKM02!uBBceM#aPOfdH|+vx9!@#+XV; z%U+NllvMo6&F{;IbM52{U^e}eL+Qg}kI{;Xm&AW0Sd3^WBhN3l*smcVt&QWlArbjs z0{F$?v_tz9p!t><;x0j&K)=hjT{s;MH6vJp#~BtRZpP1&&LjD&jo$-SWGg0U0`ODT zN)3inPJ<|*0U0e9CTpcWC^xpoSc4Q1sM7l`*cluhB%OMjcIx%5bSX*LO+2g&(IM&y zt47S0#~c5qu2=E@{{C9p`$1h_8o|5>16L*k^wx-d$F{H-=~TSFKJz&;CNXB_?PFQ1 zEKe1(r))Z4Gr(Wjh4g~Rnrfv7D+Z#2Gw*~=3(Zo1HAPY(^~vrR}k=360vH-FTQw_4b(WBp|Zqs#^wf90O%>np8niI?IF;cnl2m8J^I z)DlPryWb50vcss7nJ1~c2&%Ag?L=D&SZF`~mE2}&wrj-nubUf~(l)BFw)6+3_TMjS zEXo8m3)QHpX8wt+d5FWB=ZdJSiqoJiidDIDTK@q1+E zuyg+n(~3)z6})C_I45Rz^gkS?8$E5!*)qHgxmNjiB`^tR7Umpp9DsJib^{Anke)Sb zRS50vfI2J!tP$2GzNt@+RXh0xcC7}&dwf%;F0L}ekNwu!F&Re`mzI^e^8UlKQ3Ow5 z#h(2b+~-5g-F*V6s8GYfoh5n2R~G?Gi;>wJ1~vK-D>>xlPj9yXix87g^p)Ow&4^?W z^6Pn-Rm4RiRPBRdonV`DdWgj0nAMQnIe6VSJ2|1V0NA?KTqhr@dux-*grm;0*Vfgl z(Un}$w11U_dKXb_BLDJod4cgBu~KO_{_lN6tid&r4l&v@`P=1r{NO{~8h;3v*~}KZ z`|wSFA7qSL9#sG~5T{U$x0XIS)%Y#5aBGt2_HoST!l(Rg`h@gDzM<&)Oj`JLO zqOXuuh!6tv=6W_@?#-Uig5oyCr$fL{K^fA}ulJ-m5!l$EQ*wlBkN~n)@I*x$@a!r; zNk6_fIj_w^u2vEBMao$TW&khrLh;gHo%29S<(I=Ho(*Kk`w*{E?$(AD=fEMWTl#NX z`F;ydcN~Q)^Rp#0vbpZwKI`F`W7j;GWd?({g=)ZWjVlO{hyzCJzu&OBWnwHNlVXga zkd^Mzw}odQxzwULk{;m}{DTv_Sj^zZAXw~{2UHapxMHgaH9^E=P$6VXluNw1@&b3m zn~1)IELjP<=AYmkjW5GwDUdo7l925!e6K^ioVkJq3m&do=ddk68(piN%*`<4V|yQQc9q$&r!7yQ2T43^ya2vqy^Wx!7N z?Y_`b?wbed2Z!XIKm>czFT)1SnRz{K=vpFEHPoHrY|o@gA0I7M2Dtg9)8lKZ<7S6- zS|0+1`VQ>g- zUf}7ASJXqy&To-F(Qz67XEi6QD^wR@M3_c2I(+Hf3i}1t3-p_6LNoyg*zuUj`?;Pk zxA07lH0MKbTY%!UG?pNJjGtFb(+K`JCUW871Z+J zGG$J?&6|$cMKBeRxg3iYhNa*+A>55dbaE}fMuGH_fh_;`qAXuEqUkf)LrT9Cp!Dc<|#TC}?40j1A!)5NdX*T3#O z$EqQnjD85jN!+tD*jk$xM!Y^Xbgxcy_kVW-+&j&eF6nB~4+;q)hbnp#xc5bXEX@N` zq_wpsUAhtj8Z?}S)+xuATvdLTu5}lA0GvzSSXwIrOUt;&Q})TTPchgJ3>2y;yArN>D= zL?j7ttjP6dQq863B$ilbIDCi^Qc(08Ut9-sF}IkI9=t`h4ZZ{!9cbeZtOJ

z5sk zx2)I)ob&4eJud7+RfN{<$Acfn5o~nMf`sl^LGkuPSrJVCtK!uqDE>;$%ql`_?!B=@ z(AvSvV7jwER8dMRVEkYjV_8qvkT)nB`4%J>%E|eI-h8UDxu%>?s)B6H)#2enYK8D# zRNDhD!Xt9b)-+QlGh%PpAAt;l$?lD?4TVx!gE!b#s|3H8=QT!=;Ku1k)bKB{zx_XU zzgDGFu{df*PUlSp9lAM@Afml$LpI(|JFiD?hT&;V%R`sh|LVdE$YBSivxEj7{)wk5 z5$)TPmrX>U8>;n<`N6v&gH34hH#?thpHsZ8EM1D$n{kAGhSdr#OeiG#|NrJ%JTPJX z_}!WH@k>I#@mJ@qmlsCIPo^dTVCtZ;Js`5;yyAEKRrk;)Ex*3U_l}BAP>K z%Ve%IWhP!eqw`60|Esua6z&0K&Nu6ikxxIA;_MsT_4L8%UzdkbV|Nx_a$7fj2GP$b zXVYa=z875o`(%ds6{H@Km+|b+G65iYf7nXk3@-e%!huWqlK*|Th5A84Gq|cLFiB7e zE5QkB0tw+c?zIj;&#@+62Y$&9>x3FDF#J5&dcYBcgC8H z%nA5Z@jqt=$G0Zpf0T>%)SEzRRHbOCCmVprchV34q}aAU`+=G1Q7=&Qa{x>-n)zAjE8_L?1mL!;&J+^tjz8N&LgA<($@zfM$%a<55+*o{wcZs_zD5Tu%d;Ws%cULr$O;I_bKUvnePw~~fP(dkOa03_~Xnijxg6v2k*aa$xC;{MIAWwpM_Gu)@& zOFr^1#m2Z>B-YF24A)rBpm z%A~^!U?ZVp1?kVcvpm(W$G^Bakh|w5JL@jYvoF(6r*67O)Ds&PcoaS_N{wmu>w4*DpdoYLEKj_!lFQAC@%5z(3jY}JTt-sEh}Wpl7N6u_le%2 zWRY^eUBi3z$V4qn3nSZpj&ZHdjwYBDoF`i=SKnebNUTIiWm-KHjB{V`;D80z@8{P1 zAUsoHw@$__weCIb=#PjgTHod4Q}2aBBl47(?5P|f#Oi1Wv}WXy|Q<^wITNv!e2jR^=>z6Vf-f*H~7}bN>`Vk%+fmF zxIWfx?op7Wx$o4P#Q5_O}$E*OgEJ>Wck;NPy{H`4Vc zGnLnz7y>(dhoT+42kDjhC&!an4Gvk*FE~oq38{Hwkq95q|9#?YLOi6C7 z@zRE$&e|EENy~i85Z-QtRyK4IZ~v!_`9-R9!Z(Md z!Q8WRdOz4vAwcW9v+eoT4ZWq>{bLNxOOv7x>ZBD$qtSj>dWQgw0<%Uuj9zEPynA@@ zR$z7SIXEp;iew>_%b0g6?@SdF=ch!oUpdCA4C3DT=PQj0s$uLS#rNfyiRcV_mMWzL zwsjRlZ}e`U$BfnsAE_mi#8zTu-R?`ylt!h8A=p|A<=c-A5wqPqY$>kPa@=VYT`hid z!c&iM9Dldk0)y1;#T9;`YVWZ>hsitCrSR%Z`?&$uBTi4IZAViz=mrH0Hdu`i4v=e z=+Z0?Y`<0-st{EkRdE9dDwIV@mnww!Rv<1R&x6bFId7m{t|z1G_1ltcfh3=u#LKW^?g z+QW98&0{oTU7{AnNkBt))Li!4^QQrA7a^GN!KV)5(=7$ju4cTm7)izOvnc84QfyQojTnee1!YW7M)7`@CmPT}e7`;Z1~WQk`T0{*e=>a+WL>*oqX z78t2M?ZPO`n(Hg#dyZX9o=WE;V03Cb13kwk$z;I*RTJ8|> z=pIzd?lmVf3e9}8xiB(5hP7g0AfP_UbX$78MJ(vnf!fO5ZrPY?p#7&Z@HcW|uOegu z7CsfhlLHZdf9A%++xz2^G2 z+Qc&LaD`IP+ji}1R5UY?~lko5+AO%@_@Q*MXXQmcDwIg)}$B;DGnGm;c z#Q>h23-$y25}l|GX%_F|eXDJFHRw-Siw8=}Z?OWeS8Dx3gH5A7{g9JdSe@;}mfN zXibpmHDDqowH>EzLX3^xT$lFLEBn(nzBvSaKi9%Ez3I~A z=zg=9(qd5$!}BDSFhyQUf^q@?c5ARF6I-eBa5YT%ne0JOY3CBnMDa`ZD%vcRr7yd` z(*Eg#Jmt@O&({Lo0_M*3jT6Jfz2PlC$E5_)wI~rPG4avmKa51yO#8MVjrVRzrAqFS z%8)Q^mdje37oXYM9(@+qokNw@m}(TuQwaZnrW|8xU>~5=p^WU_3jXzd>GMkM{w5G1 zVld{nIzTl&nJv(F-FdBlvKMl)&jZX;xF?Pj9F-dJPXJg5NR5=X(DiuVs$S!|_gVny z-$MK|9FCUBAjY++>ag|)UsVV^QN0fP_3+8L9%PKv=_oNMO4scD zHuZb>Soa~5^#_&bM@t}I9)&KD(hL(I4|nHS{#De&NbWy82}t88+K!8C;T%E{VTNG; zJYG)mSn4r|RA5_$7dRX-FLlcH*q!(NjRHjGg&9M=RhRI|_qz*zz+8o#D4IN1+$ZlF zEWHQ;1mP?Mg}*9YZ3|h&0~7HCVoCb^)iM%NQY$a&rB!f<9KOZ}iKGcf{i9Xl zfL&XzEPimE040^2b{~KViVPXO_kb$S(a-W8pY9OKk3o+l@^TjK>%8`<1w)bNA&qh< zv#@2({b))BkAzbHIKnCB@EiYjODr{hd<7BIk&ZpFZx$LdSnwbd-KAr9BK%u~t+2S- zx6=aR!s|zBW^@9lbxSo76ivIscZ?_Os-LL;wNc?FN7bDkf9 z7pfFa^Kw`qig7HO&w54eOvUX5dKaJ9OLKPFc>;Xlu>x2Tz@?q(xanoe(AR(1P3_nP z1OE;d1xU2k7y8osc_&Zm8&1N6Bg+!u0Q4z*RwnRt7i#@qRpMi-nFUNd8#3d)`usgT z0a@}zqd=~j!hPR!@hz8T8>x*7&XhOwR_)$ROSK^@i9(CiC+YrSy&?x8_~(~!~A`$Cq&E7~c~N1oGf zk~iqaB?4uZL=VUu)0Ft~YMC5@Bqj-vo!gNjH4W%=!?~J#XGvO4YedPDs-4mk|BC9> z?Mv~w`KsPvE9dac%w;puz;~A`4@X={k=mTEJ z9KTf^pV;%{4~Wk@-1{t~)R{+|e|G0X3RCSZPy3Hu*EFsY3CB%Y_lg_G z=SvfMJ*4X7@wd$Br%*m?tjgP!IR{v0P&d5x!P?Uj+7v#IH?;N^dJ{I}91bC44%FOb z0?1C`^>Hn$k$A>QUu+NgSfA-9Lv%eZX{Q#T#9@K^7cP#?Kfc@ zonr!aQ>0(^Gz*p z27GUp@d_yuIt+D7wk8y;2;C~q-p^QgeB zNOe5Sv|>))rz4Q)i7QjuVf`ATFg@RTYA31}Cnw4{JMT5iZ|Wr{c+Lu&5|j5kWcaxd z&iR{Q0GgA_Oo!fN-@+58RrlBrq&MI%)k}jP<~T2>n~KyhDk@ozu#>85f3T6ed!A+m zN0caFP(`O3!Y9M)))A`n0W=1!=nS@(7F50dgy^tx)B8Jp8HsT#EhJX4z^jUj?tbb8 z+_Tkk$a^m9QdKFt$8ei^a$)VBd&bw!-x7+&h(vt5y{Ccg*W%I&5fPU-b2`$6++}4~ z-BRhZmhBo6sjzAX4N57sD8(HissynXwDB-y>-5XrxM4mOBGbk@NJp*!xDL4e!e~R2 z;%Yrz>P+W}*>W~*Kld^3EJ2cXeaJ_p4pwnoYeXQr10ef^_KzHz2lAE6Ydgw@u|IuW z08ROhP}}kU)Yo6T!vQJFJnO^b&o5T#bv}kk#Cj39f{kPl4CAeQ^;#+TCp9%B7x#Q6 zx&oabkGpUEuO2S{w05w zbe|-@(rAC*Ph$09(6awv&d={X0}FKDUMAvM_>5#^mUL5d>L5UO$oZr@n=>Du`4Fug z*~_c&nN}r3P{C|Bz}NaOl?4u%Xo3r>dBTMteBfx|_3T|br4ROnvN|jNPRUGNwd7x}K^K*4F^KIOcS z^<$rmz(PM{rW&ZrJu7mfy_NVz!+g*9tDnNx*s-qv@3QQxR*f({SJ2rsQpM;^W0)^2 za3ztBVnUZZSA!7n;){!e^w0pXW&T-j$rbbq%Z6m-B;t$pRz8PUJv78I3teuWY6t1r z18qPX9sAlH>q74FE15bg@p_}PRa4lB;7DBefb8XoZflnzCBVz~dZ~{Dh$*0L zWxEcb%+gVERoDArX8J&DZiLkNljUt!&z3Y3yhMyqSw;`DUbG^j#F9dIGo3Jgd#i=L z=|xn1K+KG0*Q<>n!X;+# zKp}>9u4g(Hz2QWGV#s(iPiVC1u)RjCuji=T_4wt=y0{G^O(5$GL`ebz*(*k}rg1H_ za7?K{r1GIYpuaHtufJe0`)Xj9rss!3NjU5)b2MoHDvyHA}*9W zDw|P!4tvl0d#mr$74WKN1&|>_S;8tlfej{9C{IKQk0+QQEivP!HXk4oRVnaY(uvXo zG>6SSlk}`4m4_``MaGx*NV4wx;kln~_9xTA5FfSLE~(L_sjJM?%qPGBo!vdr$V_k6 zrnlo3OS20cb}sm_C{7dtvo*{_*^7d==9#6T`|y2(Cxj$vih2-F%8Z~lvG9zbS?`B| zY^1!wYL^0#uFotEkY(OQmWKl=zs7bfpay}0r5xd{rTHToX?h`%sh2oVL3tfJcx zpGkr|&8e-d#mA_Lv+xDkS{Da8nBSeL1_#0ALze+|d6?uJabOc6QK{bGvF=x$+{Hi6 z=Pk%HJ{Q5EE3#j=a+cr+bP;qzpckfV`X>T(U_Eiyo&(%HrAh;bH1|s4O6vreo<@Ka zcyrP-8}U{<;Afa~7}42hr_l=rf|b*Tu0aZ6OCy)EjE&3861%zwKVpE@Pa4Q`83)DF^XO)7%N-_ zivEd5%ZyD2GUc95-_25x*wu(z-Nw-Gccl?`4qQ5H!8*q?R6^n?Z#BMeo}ZbqA^~aM zW|yHs#bFieQ(K}?uD0|;JfRMN(rGRw$|s|kK?;x@3K!ir0)B)=RUr` zMQ@Jjf3bdB`K+)Kqm$6#(De(qKlrrXq}Bsi{;Zi_JU#uKVZQ&Q+w{%Qe`s;NFa-##ezjtYDiEEWgwRD|l@=jYu|=vJ8Nvy*r)8b21|+LJ4t-0CZ5U>oGJ zt5-tHhs7P%!B0Y+yM@)ddp?;Ioy0UuOe@oVCx+`5B`XFDLFYUcuE~KK31C)myzrfY zb=?h71*rku75+VzRH~E!QAj4@+uz?WN>khA8s(5gE`yf3RGV%0P(d_(G!vE&(j5&% zpLsWZsBSN4T%DO^o@ryg>XRdb?d|x5lOBn zgMK|6sfT1*eEZ6@#=K3;&SMt{W@ zTA!PelH!e;L=CNa)Z3@c&xB~k722aeQMWxXPL)5rpkp|hT5t>aIz#cD40fh)YVABr zNWeseHTv2^=EvvJUlD}|{Q+#9Zald)u8>}Lb;n4UyUB^&oVcL9YV8BN;Y_1a^QgDO zoc+tS<_ zYaS`Q3`MaD<4oTC_RHlt$&lsJPJ|E8S-qeNKWBop_UE6d$G zrG3B%QVRR*D{tDR{Ser(u`1umm@wXPp1UX89L^B!QrHniZqErYmSEB{^8yT%Y7j7L z+D+aCRD9v7EyuAvIntLBOgKdHC+G%AYa;TWT{oMm*|M{%6tUDO}fuB&(> zqSCuZC!NTbdPeDP4IT=@l_8J*{DJF)YZ)??^be|Z5NT-ThFvDx!IUtSu%Ke+SL;GD zBgN1v%(&0S)*+~{?w*F#k5(YKp;12OOj1xnb?PyEanuY>%eGVpDvCw~u?nd>rBnz^ zf>*O)KSq5S!izagyedF^EFJDf5gN(`d$qb2JH><`7G&L__$Sm*@QtUKpdny3(r z0nysnjf-8z?Z*4X*#Sy!h6YnDHsw=VdX^m*yADyzX1t^QCIY>3e?e$0}x59biT)eB!^){-i&j+6?+$vudNz;vd6=5oK z4Y~bTsX>{npl!PUBqMLao?X$i*YxG7f1nG#`J_)=0bV~;SX_7VlUuTxX?jRCpG&J# zHGLnA-rZxR^IRvIxJ zhJ{X}mAbOpHJx^y)z;AzLIP7kP&yI3`+$3j{)d5QFE{T-1wu8-Z?|7g9+r7y(K+#{M(e} zZ!G*vWYAsx$+BuOfMS5$Pp%(6o|j|u)eIr?i?5&eude$qH=7As>}y!1hR_pFZHDL3 zwi%ZKd<;`~JebCi5jm#mKCi6Vj2LOSQe79#W&p|Z3)%(+#=T-z&IrMP0&$ z?MsyrdB@dMW?jwXr`8Hoq*EU0Y#!*C!Rfi`842`Q1vsYLvbB%hE*Bl`9j1j7oN$Ff z2ef?KafV z4)MB4zt0RXR^%4C88 zqI!sK+>8#r{2pdYKy@RUD*-{8#Qv8T{u{qJWJ3SG_J!IbcW)+;pWPt4=C=0 z^gTD0S#QA$YXV;}B{IDR(j83GEO*^h8H36K5dB($V3E|3Nr4H&c;iDb3+JIg9vpq#>f+gpIx~~NQRvF>Fy4{VtP&qbW^Xy03*ieItW@@!kj}R{p5=J706!`1i zL&;_g9JoU{-ZSg2Q5~E0XPH7PzUQ^moi^zXb!57#xxALRsu(nXV>!M@SXs?6B(OCv zk&wh}-JFOv_=@S)leR&v1#!=LMGjU7W=b8|-apppa)`V7cH>g085b+ACBY>TjXOj^ z#EIr`?A;`J<|D_&y|Zi3oU^|;vWKa5`` zzxX?_#&2;O&S7Sexw%Qt4E|Ljsy}j;M_Z=_8$eI}koaWCI4vrO)MAx%CcM4fNL2pU z-tal1_|4S_Th#L__pJ%F#7HDtE}{JewsKgI7JQy9Cq(Pl6i-QOpJ?7(P8utWhL1&| zu3u+fJNAU~fO4I=;XByskdAqy6L4q}M?h8CslUd4oV_Q#`#|S`J7NdVh@6uyAPe8- z=EtY$m}%Kf88%OcPL>nf$nQ>t+d?Hx)$OLn{J6Deb%+zVM@0JAn+>@035ARi&N;M04?I5|yl%o^>y zk>(VjXXL?wpf$TZhO`xl#>a7XjYesnqmWy$Z`=%AehmVn z@vjlZ&1Y*iaG6Znoh)&gz(GJ^THf8EVR)3abEx9q#8saB0Nz20dtG01Y7n{+-E2D5sYbdvB?>(V02S0?x@+4DoN~sj-FUs>d*-&8b~cw+y^unImTNDrf2kZGxkSsCf-!}AmGcnIvlS8 zky_oyOp{6sY_~~1NmO_=GZ^6P32P3I6d1h0RO1W|k#phI63mP)Rj~bMP^Gs3^4*zn zO|PnOlV*sJ*#9`X3WuiNE=(yF15}jQKuQ#pP-2vz#E`Cy(IukvMmLBsBu0mXf(Xbq zx=Uif2thzb$UtCpcZu-r_x%TVyXU>{InR0GRRGCL8eUq`Jw*E!zyuhXuUU?IloOVm zXCMPj$%ImV8&V{K+JN?|h0725p5|-Ks2Ey6JCAhOJl<@TRsQvlbc8J-v&A9mz=-%| z{tcz}lxRc6;l{2d3o-#2S(~JPcN4utZ~G|c;&~RlDjGh;@>TqOFWfQdQX6t_7QYjA z5tZ6XPeZk)42Dvt=4In=mZY?bH*6k#%zpWSGm|( zUA0(Y^DxKc&G794$o0|4>kDv zQbvKDpYi|4E_OAhDac^KM~X)Z|L{EJrhFCS{Ite{7w)L6MDU$EBp>2Ae2x8P5_OeJg2pm=@b2QTlO;jDg;h z|1js9_xsBJj+lRCuT64((-+x(*^M?p$s1fX%~Thv?&*UOoY6HRT0ACnE`yWE>7b(^ zGofzt?-WG%&VZCD)Onz%mcWq#FxZNW>sGZ+aivf-@?d4tmy+|OrQ$rEQ1Y+g6lu1> zmNACc1G&}*&Ce4~Jo-^tA)HuPaZuA%bnN!(5+{oXlQjHAB9?LJ1&= zzC{qLJl{u8r??`4p&sj>^51Z@0@w_Fi|6#cxO9f5o!509#`zlCb$D%~0fpPV``CcG z>vo1O#Oa>WNf=J(3bFJXnmk4RV#sv`%HE-&cO&bUTf1Y@cXNheX~3$BTx-PIhqvukAA)jGi~9uoC2N7tH4BOV|LGd z=3ic?INnS@JW3R+t=XREsrQWEkMxI%Tum&TQ))4)4sQ_*m+6Wr&!=q5-U0`|0<=7T znC65kI&*(O7-Qydu8oJ-A?ai_*D1qBkS!<*#MJw7!|K~vIv*`a)}?_h5yemE+6YR+ z%HB|HRorL4R5oL`svXj`;Z2&oD@c@dsW3H!>T_2_F#wbaF*j}gnv2zNk2l5NZF$8S zUD77qAdW;2g0Hzzept~#MJ2`{9V?TmhIUW!rYx)XD^zx;0~w@6)dp_fj7R5gmL}e- z=j&N1&3G_CqFA74XEOf{iAj`Q6AgnJmSm2W_vG-Jj7?-m8_sZZZRk!T_}_&ZaqX2) ztd%Yesq-_k{OEU8Ipr>MLw))pew+(OqK0nVWO&YCL;;x!%c$?VWV`w_a<~-PuIl*=_tD##gTLtBZdE$Fk^-G)<{Dc*yMV(RJ>ksjByvDRg z215}+O+pdUPZqXqp@qnAf|No$JaN60N~c`F>&NJ*jv`_Gjw&iV!vJmQ=V1lKa{z9xhHZ#_rB&a)c%+1s;Qv1hR!CjVWan$sm@}-f%(4F;mmF+Ex@8y@)ge!#3 zyT1(b>v!aXiss@CR-u;uo6<`q7M;s=&dB8;oId*LP`s>vK?I@D@v_^^ggk41QWpU= zUX0O}cEd(JY*m&v85V`u7Z5(uR>>FAa8g>PRrz01YfG4c#UHV|n30cty`*VG$qReo zTw67ejA~rTONz^9Qge$#L2;rIzvY9kVGOVXIN|q!;SHW`+COThQqBdQq6Iqlu|tU1{ITY`7Rh67dQWYeK1!*BhIwZZ!3d$EQhuh zBP_!+8J+^QkRR?au%}>{-o4G@bQu|pjtIr5`6)9#osWP-K&h!tCrW9!>({rTLgVW_ zbRzxEZ@8uLw4s`Gf@|GRPBLB%NJO)EAdlcDJyEii5TI-#Jm~QNY@Sn!_K~40}}gcp8pWC2B4>;co!w_IZP`;%{q)%n+}~#1H3~X|B@!? zOdwL_P@(Q(^Na&?$AG_!)p|Dn041_0y+HsObH(k-Z2S)}3p$Kmw+Ov&nT`?fDmS(T`eA60xUXGp zL1s}v8sNdgjv6wCi>nr+=Y_3!K=IC1Mpw~|vnS^n{TzW4vuiOjZXM+qmlqWhcQheKgWY-`9S6+X(5Ln4S@lY4GOF*N-o=FtiV>l^6BPPQ+qHAS3bY;P z8r&0LhkR`Qr;hD043qS^#XuW2tWt4Ab7kSdbEjn4xiBvOoF|&OS zqKT|B<%B4?cwjTR)2exqICjzfgh=ss@M`l0&a^IN)wcT78OPn3euvX3^BIcA$fsbq)_|=R3uO@VGWAn zTqt9@C-Ca;ylKkaI1jCVtGNhqsj*|#!WYt%_0#PDtxr60idK{!^!aYdi3PEbK;0%C zkdT!*&yzUWo%GlMq{@?`@l;@4ntWgX+DQ%dU5J zR&wGTTpfk-9lf1+Ss(sN^@m*kE*|$^fz<<0=>G1c=-=hGC>7bm%}EXi!t?8wZ_2Ja zc&5nRWYmqbtutemyRA^t_3_vUAH%0%GbZ^{1O&JvYSvEEla9_+Ld zdr7dd2UN=&QN5JPIz!)jlJ(Zi@tZY7P~)Gua0PhFa9VG{lsv=n&2UWHbF53g3sIsD zOa+#HAV29r6i8qpKWCGBIH_Y+5VUBS1t!lX7@TMt3r&`8IQk|9^DH7zX|ap!`us=f z{@_IWC%jqEXtALMBb7(`WwZS`B zW!ahpud?oI_k~zJgr*Tg+ya~>sg^fWpPw~>GE^mge* zaU@KGk@KRlb!<}my43^&^8MI64)6bZuchCds2boC0=I#75GG0sa6neAK0UrXv;Ba; zl#FFeEWn=|&oBQPFbX$-O4VRZ$8x1$&2-12^!ol|esbnNx_R_us3O zH>hnutoMVhZ^p&<{L}`Nc6h0~tNFN-pZlaBQ*$wwoeUu_B}=X#$dTDaKXmfz5Qn92KTJmz`b(Al!{^2jqxQ!wln_ zd2^9fnG4H$M$$jvmn@-}ZqLC7|2bb4&PCt(KnE&tFKfOwV1~UX=AYs!cc7IyKOl3N zR+{JKGY7*5AW`@S^^(g%_Mmu~IjhbDMQQko1z|N~y!@pnazLJ9nX_Y-W8%@Dx5l!L z@u`BuVdLHf)4l&@-g_MWyo=Z?j^CLs zi=Yq`)y2F~cMW)*8#zd6PMGb1sq^VGDyY0>uUGJXqZ9|oDe*;!yuns?j|)_iND+FuaHDYE`~~ z=~Xj^(S-Z5H#fF#b~Mj}wv8Wp7y-B&HFw{wRHL{STB<&s=`^`SZTb8(-` z_#mT1XS3JeawT|)!Ng7z-Gw!+QHd`oL2S`)%tQ2u)R!1?7V)4&@IFBaG^PSLBAYxf zVdzF{xofLShj7edciSmEl?wBz5-5*-XM|Ils%KLb@V|Y?`EZU$IyQb~`K&Rk-U?JB z)ORiMyy$zB0SMo3l>+;Oll0y->`VOV5aW3T`3N~`Z9-UGJ%U+-9LJ=5aEh{;4*?$6g_mQnlLQq1CRxfLB;)=HFUHghKxUW_a2pYdvq zuLwA%JsQh`avUp0bmgWAssOlw(RYRClMUp%+xQ6c5e^6I*eFxzWX|){1vkqSNzkEn zqo3q_f!D#noyF}`QiG%g)7Pe5?WrXYU$wI$htInfbufw>a^$vnZDTpwxAnBkz}a|o z3ktK!Hvq}(-L9^G`p-%QMSN!#+}#Gab5GrO^Av2HZGU}1*n9obmZJFf3r2bxSpaG| zm!vcSp^D7C5;BkRF?v1d_IJZhTk?j4@Z~9R2o-8TD%a`N7+{3MFVD}AtlDWkf6)rY zae8ZyV_r{O$3DduClWHsNg(R?&YUVXtGR<=lspYaeDD!mYbolx@Xqyd~`JZR-JIjf{v6{&<6z14SE{^wR=yWD_d^UUSeo|jMPMIdn zajl^Y?fzoDtXbf-Y?Y$7fS`xgquL=wi(=tt%FSnGz!G5z;u$ia-i#3r;0@S)s(hnG z2b9ZMqVtYd)Zpr5{3Z0ieS=U}_~BLnwur_pr!eX!>LVt#RM$D+>K&?Ebbnu1nN$}r(!BfpF|y}5gTkKO#kRP)8B}#+eX5bd&%bLelPPF*ou&yUP%Qn8uc6egBV z_oxg~nu6ySyL9XEQD9Y}QiI}9x~4p7I7$d~@DXs*T<~m!S|J})r`o#6)GtrODO2!y;T?RaiQnHMrD0G=fkcR8Zm*0esf&J}xqmn7S_}NU1 zu%W&~)@Sc0iB&IS5T4dOit(nGwe+@ zIbj&PfMv~#>r6(wHl51SeQGZ@!NGq|9thrzYfY({C zJiHzp{`vNg8DI5}mraVgC589PzypR4B&(Rwpg}2daZWb$L2{Ro?YW3LF%3+nnoZ~Z z?b8p;*^5Y%FQR(k)lMgdypP6VnPD%a{^td8Nmc~6rYv5NUGmke0*;$ zr_*=Pcyj)nO6>M5#E!K!Mq`~q z4aY=3-V!jPSo<`%9kEZ1zcdH(L+3dJ5o(i>62K_&Ag|%ByKHX9iNBoa(O!GyzCHn8 zvoJP_HL;%1-$p6dv8T$3wA`&8m}{2MrGVm9!%<4hS}GU3!|`00yQtbojB)uZt$+|U zzzi1xTqUvP6agqX0z@&Vx3cl+cl&ppv5c+>G`zJ7@V;eJvt zbknNImQa%2nCp{nf)2U&k$#)DR_MwSJ1bwrvY7frc%VTB;${1d@;{taycAGQbXM@s zxAR7#c76jG2sN#mqR1M>F=IAleRQ7&i&qv72J#}YIZ2P)BfNS8gj0Jc2+t!%q16+` zQGw9vQD%{zjZgj%6Vbj<1E_r;GQDf4=mC&|mwswtk_Lir$TW=WQb2n3Z+Z4{-%8c> zAuZ>h=r!rF+l!wr7vZbWmq&AXLs!dW+)Fxp?)rWp4lnejW)d8#i+_}ux?VOD+e=-${;)+4#;-zGvb`=%)=*jjN_3ak0l z*hZgV^tZ=^QceFpZv!Qdje?3Xh1A54eGQ&_Mh8{-=x*9W{4*;VI0KuE)3@6AHz%{K z3h<#!SejAA!g|Dhu3gkz$KyDXAV91TLhf@Dsr-fE~VM1f?zHsjZ8RONm+R$G1! zLDhNsHon_XSDdx+N9{ZM-8J_}u#ISo5S%OdP`Dp)*D%!O%{$t`JVQ3icsKn@Rt`P3C&?q76s`99=j&TN zr26|wrVj=i)dK8N)ldAqjh&|hIIDIyZp#Tymm5ggTmOPCmb+56cCWa)6hm&@J!u37 z7c!BT9&&!8z`QkWNI_?|iR!Sr^1w;hnxsc4-T~v#U+39w9b;QEf02y*k;T@7xP*S` z0gW|?#k)Z9s9GK5NC9Dw$ttgOl@E$apssrUe=UTOh1}oR+#VHVnheFA%2&~petn|y zUxkwbB1n}}R~nLew6p@O>uM-7d^ii9 zl!MwEy8svJ7z!~fzY6Kye9C41BKT=og+g#JE;%2oM1sLaWD!|7E|Xu%5bZ}-W+AIT zNMRiJK5dc)p;9iWTx5;5@=>`7 z)pCyfU2{Gmg9KuRr&q<7=}@?|X2Uhm3;A!p%e%NDPNc&Vs`_{?VGo`;oj6mlHuaN3 z%QBts>yxIa*zCmu8wH~8Nax3yZ{c0Vg;DQ$g`uKQjr;Dp-n2K$oMiI4X$5 zB>fu*cKAgOd`$aBHbg!LNr4r$PzUmbZm^Hz6dv)X|60@wNOOU94{{>84Ue+pz}4Sb zjm!re8dXP(FsnmG;$MZa7*cl9Nupz7Qy#mWCK>QL80NS&Ysa)vD>1wi@@JXcpOlz^jvZw&C-el@Vec(j#^sjw{`}```^#;G% z1`ecg;^fuff*An~%8+TqX-UF5WKni6n?E*IyN7t46OYik^!lLcVgR&f!A4^EK24iU z7oyk}shuR?EgS~g>$hd8QVK_gqlws`^0i)-*Ve&5N02Qh3BK#ov=d61?=nhg6g&!34ib#kjU=+nruc*|`S<8$R}K&yBJDzHm`RcB_G*?{($! zqx9lTpA*s>xV*tq(h=#!4!ZYHedHMAS8l~i=sM`71;q=y>G*@6|MyFl3*4-80>k-7 zXJtWC`pHdQGN<}{TZ{==(`HxckV`MG<5aUHf9Kl16GxhL)A$oz;4%{i+m+NatqW5d*~Wn{nNQ@%&YD`Zv!%eZ{-vk`{+5%4Mh zOk@Lwog7k*X){X616~sTPj8m=-EHB?pk6esSAm37ZLt&&eSzKI&KEN|uliZ$MVHm+ zu{)$S-Q_ap-H+pbyQ2qAKRY{n%gO60Lce+hU0|debX!(6z}emRoK6q)jtA>); zeMGKVN;TV3!n-_7p6@bkm$@Wne+(G8(#`pTZja4>yZ;`qb(gRW#fK-7W76=p6g1#h z*I=haTia|)*_^sVRv_=bp|L^AB|@Ogs0}cKT*lA}pJ#Q+1UhtkDr`~-$;9l}8DSwF zO>OaxU6_n&!Qc#v7S4B}Ct5+jL47)F6KWm_d@M;!c#A4dw0AA(l*#eDAr_WGkYT?S zYP_B3~WpbuY}Cq!dSkNA1X9SjLIANr~Woyog{hUBm-5s)zfK z2-X4dGu2Msl(%!2IWpHZ?O32oCNH5Q91fARb=Lmmbi_Nhy9;%a^Wyb)KwO!jd7%g} zQjxq|_+H705+ls_e?m+cr3|P{YW?&mP$H!;?|E#9no+$*r#dTB z1rRbLyqGDwl7!Ea?MnUhC9)&KUH&$!1nhx@)bHFECrAri{N|u)qQqK^cb$m~2d9TA zv%Dg!7we5v)t{JqTye8z>kf`m@AG;eL8I@~ z@&XOPuerN&z0B|o($H9yzS%chz}ZxTQSdUsZcR-TO_H5+*XCT<_Bt?2oGg0vUk}!l zr0`eCu0;O*I5WGn>L<6-FO3)o+}(c+S1$^`x|D;bco62|QT(o(%T^$mvJC>6;hq=O z0Y?p^RW^T`e-DuMl7*|i$Yj|EtW>K1uilkFHU&uKnV|BXF%Mk zvOa3KcVFlukUQT?`3;OoR&EuDdI_4nYjy*NBTaS#5EswL6d>#Rt@jbF9TY zA9jCGmVhGs{q&V5?G*eX1lPS`^Ih-^e{>IGaLPxqm)Y&r_*ofp8d!(DAuY3HHz7{c z;{^@MoIdC0nvvkM0x1RZy1kmd0+b!_Kmu`f<6`oOAg7-a<-D4(0`I}s3(hcgIl~=A zkq?fXnY?`IGrR~UZf>d%ds>=teYcevj3frI2nJ$D{gHi9i^S4{Kk#aY1wm_7L5k+T zQ8~K~`EBm_4@tZ$cc+Ci#ny=--Z2A2(HWHRBytd@x7#{~_eQ-%!sN|X>smn>tc>$>_*D!b3AxZg3oa0};&adI!yZ5918Tb8@p$mSO7 zjDuijGrIp3tA9Y;?Yg_90c~d}055lC+kjBF1khZcOz7va|LOu)pN42l zJ0;_vgqSyZcZfhE{u?4Jd&VS_!F-RTbP?Xx?49 zN*&`A9@WN`1?dP0S0`>i{@|3(_uV4SP`A^0kFf##2#RqXVL{UYU(Tsb)n$>l6P2)p zYKw#12q1huGDArVS#|ibP|zMI-(=PtUMu*TN>&Nzts(4x=^B~h*|K}S0AW<%M?wH$ z0LOk$N8v+i|HG~}j0gj)_#Ozj#+qD(UN&R=&)qvZN#|2c8~W`pd+^3RFUn&xG(>9& z)@HJ-;^yB}pPD`3OqLthe5YzIz!gP>^pFv0E@pd~oV@*{x^s9ob3;|d4ll9OLGisU zOe#c7r%coloS(jSlCVY)dQ~5Wpj1CQEOinte`IJRn!`6V|47H19 zJOtLXo|S>@A9D4--R(07n37}>vkni!P4$JL*PX)3k|vjYaEv_xw?_N4r2f1cq<4Xv z#&dRfpYLzc+Ng1{2pd{|eRm)5G^J<`3o9{U+f~KqI<&nbMQgNk$K<_>W&1T=^vte; z1w9W$O;CbYBF2-GrZM_`)>tj%$U{mGW!`AKrk2NDI}t^^?)Bd{?_$npE+kN#dHCG{0>dnrQmQ^BY4;7GL@zT5X~9_W_Y9zM#vwtsGxjvKdI zDBAsVmD5kz=HZ;*D#d>DfnaU`;HZT2izKZUP-I=QdT7glV_kXS<&JyhRjG-hD;yfd zx5p}i_nHfOg`vNtY;1vEMejJqP+5v4P7VmwpO6C5KlHW#40(gzwFvt+IWyVU>b$FCVw|-7OOK ziucNL8Q1eRF7JyPf4&X&hmIuP&p7eX4A;J(XuC3vdJM^A4&{80JoeRIU8zXmg{gLU>7i@I!M4G9ye=b4;02_1(qwzng) zR_!Q0NtacPQzj4_CMf~XC$!^g(p4oG_biN@qJ{2%W7l7)mI8La(m&ENSojN{cp zrtVmU&O^Elw=n4E5v%;mLW?q&c}Mj)u2Lp+aAx{J59QD~O;0#s&NNvpy$czPE;?P<}IB?FOjz2eNheRV$Y*kuY91;E;bvEZ3Y>x z043fAz;IpKpCx0jQCyC75nxFqr6Rsy9Ugokhh6TxV%6f*U2Om@weW-9?i%V(Bbd@i zzgTqh%{oY1`2QOGpQA{4L~+>Ht4El{^->41qC8W1VuGK0p!ujVy&&%Qi&eEvlGuS2 zq#e)Q!GwBJOW!R%-*#)z#Q528= zTj&g~u}bp63ZfSJkz#oN|DY{bKVQQdi{MCq7Fl;*^%4rC;28#efxZC>Gh1WD{H-YP zoL?m&o*WvY01C!plg#QTO}<$f63uw_@sHa~i{&p$RNsO8YLFAQ4Dv=*=HZCDkLXOg z8xGE{wrd>J<{HqYQ%hv|fpzgJJ1jz1IJ^o?)=yREINS#!2ah!^V~eL>St4%Ee>=Bi z!%L&rF%=u|0W=DGO#)RMXpqRu6C%G#TrEJ1V{5T#T7{I_-MZ*=tkAV8^b3Z@y2Ek2 zwTst$_N{Swu0R}}^yMzKdpWl7bl)wBC5)f?+vttkyUY2UPq(M15_2BUp0QaBfq!l zguRga|6yCh7Sj#eTpE5}OglTXdQ6Go--W^RE%ch{y-e(a~g5|#KD z%l8>RI9EQBn?g#lTb8ft19IgL{m$DcIOe|CKci-`WbnQr%X`|MowhK?);21u1E@H_ zG;SlMD@$-bM4dPcWnj!UCzny_-101`(zc|0&Qgv<hs32YtSeo;q78qpyniR3Yb@l`12cGU>8xUPA|=3y)~;@@J+`TCkU_{m zDm3hUSZ4V{3C?oFViz;nO?Fc>9TVYa49%cgPpc&FlMlaejinMM;yChv%INg?$KkyH zU33?t?mAkx;o%asoyL$biLvH-VA@8eB#qcuTfP7a{WVEwgEdJQcAK(zJGzgZ=*i_! zTDX3v#-6h;l{f_pVdUld%Ju4=oK3b8j5_%qfvQjU;&!#$Lv2(^x&CjJ0a!)(j|vWr z{`c1#o(I|rA22ij&I~Up{=Y2#so1-i@ayCPsN?SR&a29NiRd_kHan-ueFd=NE*FgqjZ%S9 zDNT>p5-Mve7-v$$yg?b7>h_u9qWBjREw^BvliEhqw`H&CJ)fuRB6 zOgmVZ<>5tghBmWLVhk7DC^2{F#fXg^C6h6xlREFSR$Xx7AS3~nZx2`73CH);V$EC9`z3wFI@eX+Bog2Uzs;g z6^|t1oO+P$U39kZw6gqXXSax|+Z{hn^P z`43(kc;<>x+ij_tGU6i#`%&+$m8wW07k-)}WJ&vhF$M?ENkMPVG!$lTx99ru4i)vP z5}Pv{Yos{qSMS?T1tAwpuIy<@J~yJGnmOX8S0-2C28<3&LFO`E z@@>7pp?~|r^81ZIT~AK>MBeM@Xz!`dgkMe==|q14)#!d=i+r8z|IQ`G*!P#Az?Zid&CMi9GvxQSxhwIVI+scthooIs;o<;EAn$T5neoj@0dh zw{Vk-Ry-)+uy6}FwsyLZH_Plg$RvxX95?Z!#|?=ZvCjrN5iJW zq1W+|6c4I2X#P&LtMh(%%jYJ@0^V>js&D%9s_G5Hg8+P-LV58{P&7G#4>+CH%G@aJ za)+QI0>;hPK?#UFXv#@lHI!dABttqW`1&9t)p7Ij$>5dJ-ePp*GqaYxkrK}vjq?!C zV*HCS`Hoc?ksp#9k#rqH4=g`|5W7A1J$?!PR7-Tt-#jiI6+ZPoUf_&AuJkO?RK)o& z08WEZiSzy~B_m&q*tA@OcFvPoIJCqo#=E&ma-`dPhL-hiU)y$!O=q_Qlq@+eTEj3E zGu<)xNs;`cb{VK2?I4nPuzoyzN7@T2Z4;-Yj{bNXczQ&s1n&f_RYoAI9iiQ;$C=x$ zdbC`?0wN+Cr4)4O0I@Ua|~Ar^Hz{2;MmJ7I_&|?J8bWZkX`-;xo1@u7v%vC|A2{eMk&=?Q1rDKZt%J8lnxBa4d+U=3QwuRz?ucMKp$UA#|cdW zsi=ZOUg|_H1{yc3Pgmh>)%=`XO6X3@0gb|$(tO3M4_>3<;8W?7Ltn|(pUY2kmf$bh zUv}Jk77gqu&G2awtvp+E{T|y(re}_W`Fb2IU*&h6cQ{zSn7BQk_DyN{I&<}Ly=OsC z`4jR|mBa{Btrdprw7f-_LnQcx<&hj|-JrU^#lGTnOyr_x_fLd2(cBbR`<66W-jz$P z`-lyS-}EU3JKd8C11wcTB?_R{o>Z-$?|nZW$!?u4&9H0ft(Ea;ceu#$2hsmio%sgB z+dzJri`;_ECZW9KR_q{?*8?!NFiXju<;KwF-Qyb9)ZnGi$VFcta<7Szg4Z9?8sp^O z?X(uSgpI4IqoBV*HdpYlO`a#gFA4KLru(<$>D-2e(_OUABPTu}K(=!hUw8DIoe*1s zFtbqY%-yN0RrQwBLjNET>oLaK^8<1?hrY#fYN~TlW-~tDwSUY{YuEA6q4HjCJuH3^ zn@V4<74%KAzJIZ1g{09a>Mz@m&XlnwO7%*h=Wl(kK(2Hv-|XW%ISrTL{KGOyudFE98Ihc~sVSxa0&hLx|#z~VVwA@KvR4S6M(rBq>L=u=) z17{S>kPK$EvN{W@Gj1zAn|-NhqMfkUt0+hk8G5*V9VN41~4S2x7 zvtZ`Gp~bET<}SYJKHWc3GPq#x#ko()9ed(-Tpn~`hL3CSvVX6z{*tiJCG}^1_|M*w zSOmv;S7la5by-4OM%z%@1!uS$$$NG=7NZ6%e@D)D^C=YkiRR)2jl+rOL0v$M^rky> zqKHBwQt+e-Q3${9TpL8x!~qnT>mG~oHCtEL)}|^A*Y>#j5->&}toi%#^}55rUCz+u z>kH0Zt6_wHP7r0|gQp9h7qf_W?{n(;jPS>~cJ5y}*xrP`>5jXoIXBo+`p23v{A|;K z*-o`?mh<&;XT(&br#Jb;=x57Fh~S9Eck`!?~`AHL3-OpiLg>poj(d%Bpk{7;QjeUiIJ`*AMI7=k)k}DpZ9qU z4h0FYE6?46y{0Ik(3D5sQuX!jZJeAHi_G72!{;%sND_Eo7k{4^sl7&hGS(8{Qd?V= zA#>*6O6=svXBb@A{n2yP^^IFK6_RRj*ndcZxumJKKrGkcDImmyG7&GsytC)&ps5Yrjj~VBr+xBQccOn*J1$HvsK~ug2>6qi z$+Z~lV>YL{eydpFAS{i2G^gUZpltKb7muQhhu`&Me>w+~-(sbnZC)naV(W}ez^ofi zNjL@&zp>YV*FDw|d}!sigw47wbgix6q>9ucv&@q{p?Fg~&poPEu2;J`2jh>lcUX%7 z^&%VzYtt1sEAbKTI==*3;$=gP5IJ%YxTZ~?WJvGS=J8kM!~hs=v0nl7=?_a>mrcvn zF|w&%TuRWshnL11#&aU^Yl}9nTdjXv4Wrq%LCtFphM8kTG^OU|{}leaLLdZ&;cuYR zDt6$TZpXWpi-zW#h_ zh}U#3#>>F+yz0ivak*RmXCuhMJAl;y2J@&o>h3@{jq3t_=PyOax;di4=PZVI4 zqAGQW(~X0!si*d9z0gc)m^%g)WO{`VyDnLh4orsPc4&%OG1D7k+9gZHI9;gpHF z&p~GhWe$_P-k;|wvOugV^cGrn%t$6?&6n4Xz19~PL|s;mX`1gQms=yN>Lco?!5a2W zBs*%V<29c?2dp|lE}2&VM-uomcD)ko4}#z=AQ_+~X`2)!*r(7psMlOR*KFP!tK77C z+SmWs6}!;vnv#n8xESUGKd=sH4BeV{#u|L@*&J~&Zr13!E+PTDh~(d#HN4}vd>3pe z#iP}XbMqmoZ5ehRw7|*B_&S05bE9@dqth~t)#t9Mk~@$QpfCrs=|RIq4Rxz*h~|<> ziy)W0gQr?cZ>eYZd*X9V_(`_n7CbxKd_F#<9yF#zP#5rc8qZgS?;uk){ZAYh%3-ho zwGHM`RP4qfyK?wf?<)OAIL-2bkuedACN(LN9sW@A`?d|7CO%$w)DpY#rv zbJ@sxZu=iGjxFr|o|D(n(OF%w@5sw<9?!e2WRm-VBDTv~ksQpD)qHt11=xwIr<{9qr<67H$w^K;yAhI&kT*!M2+H zSj`XS4DV@#>G|%%vGyC*pH`Wl8Vxl^al(XNoI#t06b{=_g%17aP0nXBxa?h?DKL=M4L+aVuTgR;ioQ;@ zeZ=%s>X((rcqGv*QO&DY)k-yCzFYt+V}V5S%+|v^#~mPy6%NA)LNCC(H`8l;LZE)y z+73mzFy#HfAI3OW1IA~FM$KUdO&GP{t&_dYS53>#!gp`rjVNzd0#PcdEdK0YhuO{> zL*v27l`dLiwwC&Oggwa{d^YWKgWQ0e*CZyaL|jE_Lw%pQY#G}9$hC{t`o3~vauGq@ z+K7rFy=fHGrt_MmT(y(e`}+GUcrobyp?b%op2yFQ)Q8nJs~%#Z6U-V5@>k10XA&zZ zBNlGaQcD_1>Lqx#+&GCmB<_8C(R9c6*<9j|UFp+DXNT7nMn;xg752gvelZkDej)jo z^~SoyIF3eM!dUv(=Qbex*u8BnQ-QBzy}bk2HjmHm0Vf{a zi6x>T1tx)``po_-M3f&_$vrHOvL%CS@QS35qjt}FF)K&$Z=cg5$ZUp-obf+$ zL;1CDe)9=+pPV1CLA`mLzLMOY*q@E4VqlG8-!Hu1m;$lC%A28f#*|r0R9ISz2!cGO znn@AuF*Wu+&J}PpT6uC(;)NU80Pp83CZQ?mBrxAepFKXI$%kBdxYPVylvv)H7M4gW zb0bcetJ#qS%PF+8{N0yzNiU@8&S;t?B>**3&oc01KtgsAR5>*=!s!F5atNB&qx$EL z_k_>9)P+N{wfDv5INv6bm|q(Ed8{cR>5U;M!by29k`wtm1wm?%;p{EX?+uNhYW<@g zGp#9|=|~IX;oNA#W%>P%&ToZzzVg}}()B#{aY+U}1nGH?+gKILa-L+ROfIbW;=blB znRI4Y9hNlt+7-$-&<|ZO=)1srf>;E!zMq-VON8pa@8m+}}rc{=xJj7M*L@84GUX6<*8V|3&-B6ukBxQ*E0XJ!XR|i zb95vxV{{(}$Y1`Z?Mr#7$$84l(;KK>+m<{ch%s;XSa%gLgtoZ!ey6;EtNb{DXICZA zxw7VGQ+NEip&`4Dxr9x;p!p6VHILI7gRe@Aw}XNbyXTmBv7RcX$3C8ZTg9MLbFiqH+_FM`tskMG3aRu_Z*| z2PEY#7eflTrD}xwme~GlbprZ3^p=}R$u{gbK8#$F_xm?oh_i4&@hz*KH*jTDUy6go z^=54*30U|k%Y8Umlq`4T;MxpIf4{H(WliZj$Te_ufkzw<#XH36;6~gu&OR7rZG z=9;@SxE`v$GMsvA%v(#gS+~>R*a4wOiyUGxc#|;q zr@0ZETfS^y&SHPo)M@xqbo0Yq;GJ0P5?B%d?WCFU>z#$IqRx6~sG4rR`rPyZqHWaU z-)Z=-CdG{z^7?anUi~YG`Y0OWl zo`}E05ru`51;=DazQ%#**!jpzHv@X|j^r0(UVS%ZQl!%bC>dXlxNyw}VzbXlbLpsC+z?voOy>UK7{KFnCp*-`*<;fmIdAL65tl(Q91$gP(ZHSBTVe0JvVY+m0W> zLyA56mF}0w<$X2fnrJ)i$kf>=-u|T!>w5Mzna$al_w}~``@F+%;XccDlBq(C9;U{>^oJEq zP3>97h-f^dkQJIpf+i0KlkdNC|MbbBxp1#yz#Cdk!f6+56m$iYhjPD4(2c*!1;2NloXDP*#0duPF=)AJHe&)$g zUY64weqJ`HhXG)M}MI7&O%?)hJBR&wZimTB{jb)Mh&3ySp^+;SFd% zr$cAj%W%Q?t0ZC9jr4^?B3K^Z6M$|lZm~&bBLG6TWHhWFy>&Rn&?tL zzbj?O_k;M@K!>}-ikLSIVgB3y^J13Xn9GXAMI8pPjbqoJYTB{HzBIU9;MZ$s%1G-0)Db zowtknLc?JaRYDW)|1GK`oxo^VEGQKGxdyeOo}}B7#gko#g-oWk8*xLfnt8cVn8s1y zON45(f-@IDvc+L8Xc3SRBKL`Hel?S~!au&F+~Uos1w(PR)B zO>*Fhp?+#?Z&a5z>t}aJ7AXrb;O7tzFPFP$4AwZrXf<}l$G_(BR7c^en z(xq&v@bO%=S*jQt{yls8;h0xWFcU$Cn54HRCKIyDIJ{Q-@sz0JFeC!1dMKxAp(c(t zZgD{hB1c{;5bcCk2eDA3aZhyHQltqpsBmfDtYQz()Th_C!lY;oikhakLE5>bJ*aI| z^@xr4ZY1M#EKm`oXwNU)b~*4>8lepB5#c4sknuU4-ZIco?|LXk9^4-!>=y5%GLx~! z#Bi!MS-0R-wl{TShd~44RB+2KQsXd(M-XSO;!+6B z>-dXHz8HADi9Jt>rcsUpFK^frZdf@?-mqbtexatn^+y%T>}1r(_};N)hkaLaQ}WOs za~}&qDfDM5`TV#0w}70W)^l3+O=XHvl9rwwRZqs4)`GF>>}6l@k;D!6c&}O6x+*jX zak^Yaa0jz%nb510gcd)L%XGwF(}vZ8#$r#e%tT`gTR3KKq-itmq|YD7`0`3vGR zz2>GWmj94}n9ndWDtRi4ARRxgJA&=zO&T_EOa)d%B3Mc7TXTaJ-hWqQ4LOH2*Q`s# zk*x*}7NdEMHWNaZEvfqhLx}r&e52Y5w`)|B;>l}?=%1_c8xO0aPct<|u9H)kF0Xt4 zjycaMlwJSbs#+vuIX)#(^h%tpwH#aHz8&{?>?6~wOSl_VEZo@Y?Sx(k_c@R$kCTTw>o}qVdJkwxw6*!)KQo4I zsu%Dx!k^Uzc9i02{tSx3(}kIFZ~_7pq1O=pSrjOdPZIDhc|)NG{aM0atnH23 zJrY$nU*b}mWHLQ}Z=;058G5GXWP@bi-ZS8S>DndoCf}2LuTv(RVCrX1V(zy(yw_Zo zUlG<9x+{cRnYb#kY#tQ*Dy*a(StPIw#x*?M>uv`!!-Y<+yk{M1w?b?s9szoEdJdLm zzN!a#a;G^>T@h9YpGnbC$YhHLPBf6fOnjFBNOQp!?AHb1k@2*=d|lBl=Sd zF=E0D9u6gAb;;|BS1p?Y4wmfzuhEx!Pb)rBld6?T<%Q6a2X0n8W+Ecs?IMUSdGyB^ zTIPRl56$|M)bX(+Gm>I@SMsp>%R+h}6nDd=Rn>WA8jS(wUrm&CenJc;Y)OFr^RG4G9g*D^4Q^CqRbf?k9#FGA*Qg zo##!x$hW0-aqM#44gg$^namdWo0=^473u97o8z|}$H=kZ>^sE-X-93M-7kaEy|d?| z;@xy4mhB!UbtGEsb_aU37JlgT+ZX+mk?ngjxjDJDVm<4wIZ{2^QH>lkwIF4QX6y<6 z_PxQ%>77*qql(yC@ZwN#3k8q8X}4#RO^%oQi9H<;#OI zu_ne%eBLgn@-`>Ok zJXX;&<12XiY`r72uod>Zl^U+vG z-8}SaY!o}gCduh(NzC!~xl$^2`?N}MJgM%11;QZCphm?!AiH5e)=uDLv`&Ri$>s## zFPpTo+q1Uq9$kXqY*OpFX(;)9;nIqOoPBokk+CpNkEltMf$(bIP zY8^$Za&$fWnz5p(+9Ec!cQ-WeBF5*6-vyt3-du@qHIpeV}u_Hybt z-&olBQWm)q++UvJeMeTJy~s>h*FgCqjlJXZm?fo2HU502T{T%j-#uy}$13J6GsV*I zpgIQP-(Id8Rv7_PxxMYfR)78Js5YG>JFW?cO$_*FC#Y|BCMSi7WEw`456Pt3x z6xp^X=YvE>z&X7WqPwY)DPyheyj%oP=#||7XyGETSQ}mpwMXJoYiwR__y8%chlF# z9(Uo#_QR?cn*+fU#|PZq=ZDz?>{TtxvceaN9x(E=FvGgb`E8}Unork@Y?d6{louz` za}K5?hDaK#OB(l`YRwY5`r0U>qwLm|bGfYx5Go;USq4+%whmKQL3i;0XR&Xk%9*sM zZ>I1c5RmrjE;VFN=Lj4fFIYosl)zVmoa=o^*tYGU?g}ZRC7YwczWznZ3BD3A4Z4l>!yLYwar|M5^m-QMlF@b-O)9?KCTT}L{K);8_{ym79*rw zO|obn-2KS!R*2)Wf99?!BNaKYbBnVrN|drVZsTo-w8*1J-qjuz)Qb*&g5f@TPLYQp z_6|qPa?#p3szd}oE4%!|aYym&PY{1Pn=4GFCBE2MJ(6DkEM6%2TB*W(@yAD{TGEI? z6*ZgAWm*Cr!TZ`%TfD2}_;*zLSVC&7>`vP35<7Za7XiSAZ~*^{K&Ej!V~l`hyE(mp z*3p@s?~{p!X7t%DKE7Ym&FN(2h%hyl;Vya6Ve!x`%CJypnCl-s@gZyJpB14adfHa0 znC*vA-EC3NvL@5?Da->Vi|vYYu}B_`?-VpG^2-@N^Q*{363QRz)o3^D zVdpTcyf}bJ$?=(R_Z3mqcSBuj@x?u=&nM^LN9oi3P~)&TS57 zbtDkK%jT^uF;v3@&;T3ed$R@aJASo{uI$IYSy}T}UDw=PZD=-lB zacukY!&evUAhwPmMv;~hZM=}qTzfym030vvOj+)ykAWTEMN$l8dE9AgbF8Fa6nVJB zg5GJP1$0~Erwe#zw?MnXB8v2*i8z06zRkmIjC4TiI(_KLbVc=jsTy6gT55#B?0TDm z1($33rI9@vuU~FR*%V)pb_q;h2S0cPlKrb~*kFo_k4xU2X~WJ49hlKLz?sA|peaiu z2TKC#4>TTdD)ceedBw{Ru>t|NAp};$LF2GyYsBm2`QW?_y0)$lz1z`BOG=UN5~^63 zJcM0b=Ub}2SX)PjHONq{ zlef_p`GJq4n)d+jH>mPY?V5JkIa=_|8%!=2IKW7fK2VOhpYHvjHR==NV`b%C{N1)m zFO$Xw3xoTT%wNuyDRQ|yR*}fH7SEYa9U`SAMUZk&vg7jw^BRi1Si7W^<)3<2jSbA` zNE7F6z+Mk?z?gWqe^r{ieXUt=f&aYANvOLkI|!dA!GqD)kNJZ$k`;O~67GL{6 zbtC8$V^8RewYxsilc<=iSVT$un(ex64Q@VQjM?PDa75rN8;g!k93ASseW9Y~gx=j?ufOZxQg%O(cu+0d3cZiFC;rrK9^0Ox ztnPbe3=M@*nh-0K_S7AbzN<)2kub$#HYufxo8m8@n#x7w6u%t zwS52K>+q)@x?)n`&z8z-#V+=UM|vixE%(zXR~|X3l4$byE#no?-X~JhdmVPqY}JI7 zID1zNydiCr!((mSDjB4_JThw^`;yu{w^4$$9UoeF9RD4?fjxi8E}8k4Fcx);?cHjM4M>f4?h zLsCQG;bMPZoAkF;b;@+WyY#pPO`AyJVV7!yB$CiDMuJ=t{0_t*2C&0(&mlF!gF$e= zCnTXycT6wkwPuvSa-D@o$4hHxTqlz{FT(DNlO>u-b&kr(>Ch6tVe$DX!$~oP-mZS| zvM2R!I$5`|#+UDh9~V=uA5@-rbo#z0J=>d=k< zE|-k=G+6r()GH3ULiHvUjQpj>#?erskUv_RlgJit3YO#N6jd1xQGO|Mr5As;pjkA& znbQ_wjQFQ(LkU5OY;w|%RP)cQ@_Fzb5~SY^xfaeV-LjMAg?C-jCg+e;T|4?2O3R>s z2fV6ci61;XEoO_V`zb&=jo(*FA|GYJ_>;4IQGplZeA-^0gYpO?Vk^N_<=qCpZ;S_t z)>DhQJt?{?##-f$a8Fm6G~B~2Um9g{W<&fcQ{VDjxaA`!0Y_@JYc~X9_6n!xwv*Tq zpm-N>w&=W@Ct1>kmC#z)_uk$Fe(20>pjKzx&lusDX*Jxo$j*5$eXm+ocYo2py0m0k znY5u4KRWSC*E^$z;^K)kPjfz!(q$)|_8jv911DZ1Ps8dXb$Q#3*AlAvLC4clnk1vF zQRO*1ZIHPF+6mPbTWeTXx7;cGap}b4RqR) z-JMjw5KMSp6?BBrq@_J&K~O7(=vj>Y_Qh4+l*vh5BEb*zEdBA+9pPc+R>@$Q5hT$R z@^=eKD12&peL)H>+P=;(8V+8qPACn}8usX2?J}?FglbS24^u-6ORqW$zEAw*XW33j zN=QhEUZa9@$stUqq=)^M{+0d#CNqi&TfT@69+=>>V*FHpuL%0H|5=mRwtP)Rsw-)d57R?G%fL|Hc88R% zZakJ3vBdfEm0g(yFTcC51C`E%?%>EqIV-&0Q^p7Tbaqa^b?EA8c% zFZGE8?_<68EzW66Mr9mz%X56W!!yN_C>okMR&M&hOUzN67~d-u_tqH zU}0K=Xgi|gKG%J4TN+|bYHj~pPMn#9>i9(q6_%HipJnsp#LJKs>rBTt-0r%s#;m@l zpDx4ybVjD4hhc9YP8cXCcGiylra-DOSB})StMAG1nX4J_z-3UI^t+ zOX}PSyA3aLXJE33K9nA`*IyVsewV-~&PHPEv1ubXO{jj|ZdkHwzFGAUnA0^x*qF~g z%iqgo>R?uKTp=w_@Ak!A>&md^DwLiE&rY6VBd-S4MqXmKrLy`Ny-%gMD(*A|av-=vZ`n6~LC^AH z1kLaF!qIH&OTn-BfU{FM6gq zF;TzTgB`w+2`yQ(UHt?9Q1xv+Wy_k3tqP4MkDvf2njbA{<_PIgf}ir@u59uAECNT$K;`#2+FJF zI;(HzLr7`CgL|wF>gOefibgbN8nmRa;*ptwwnk*E7QWnx#{lk~?+>->;}%K}c|#BJ zh6hbmYWlluXiFi$w&3IU+-=q!(PQMA@L&7RP;0E;r*tKPKaRiRd|Zg#j`^+1Q&Ru4 ze99;*^h7+@Jw9G*E03sAUnV%mr+(t=(U1D-|k9sFBIgs(TzS= zVXZHGT&s+DJdp|R49z7CJjv{N%_|ru&fOyW^axC3mqsK>9x!2EG6(LiXZ_|SEEB0j z7>k+>CaV-?ZbR4^BNS&7`mADFU36beH>|#93SE1*jF0JBD1ClEq#(w?D`?T`$#lWX z@+o>#1aRKYagYA95EBwbK5>*4rP+ZKUmnmq44)y0oQdKIJUWtA`=WwXBd9_9;Tqkw z1dn1f_mcZN{klhZq8<@%ZPom5UrZINnR6W8PEyyaNk2HyeBQz}LZ+OdRj_%h_kGDE z$9{Y7s|>?=KS6W$G=yKU&QHznm&~t_=o~L4F~@N#b{G{%Ta5z^HO=c(oe zB_wyXg(oH|us#SP3_fTzDLb9GTc|>2@1*V-f0qF85`Faz$#$G=Ca9_^@ZO_cOrpSE zwm%yN(`SEkTk}$b>GjC$<4ir$aDlaLrX^#Z8?J=gRk^<=gD~nJ)>B4}+>{SQ~Q1yV|LQ z>@=tR)5M^5)TSBNk2vHp0fpSYHbK?GFq-Eg%8KD*&{;#`;i#_khm=YlOB>31-Nn7i z9&gHjB!+KDtNtX$4rV0Z*RuW9HvP>vu_+-VAWh6OrXLUR`sn+#aui+9bxD0~pAYh| zMH;8+R)tj*)HOhxq4;?ro&%N7S&Q9j^yn6|S zs-!h%yazh~AR5~h_-$}HfTcR^2^G0v+Ll}DuG&-b$){uj7Hd!WImaHZ!^9sEXA#3Z zq+4vd!<`>DCwA~f4J&iXMkP5nmP9qNfj=QwQdaWyA8F4|+slbi8>m#e%&GgmTn^=X zV)hXiE@|~Dc-y)tcoJXjgr4-MEP`0)d0Sazz*fSo+cpE~XuwJ68^bEb1F`Uecl}+1 zV}UD*Z}uBsD84Ej8A>O@YeWy%lazaJwY_xzM6O=@eYTN{G-mqNnN&PuUa)iQiZpVv z^L~&4BjD9Tn66{3(E2Sbn*8~fcgeqYzlFASyt`eqR}gA-EXtGPFZIPKt=)I%)fDdj z!m_`!-q8cY^a+wdW~^ZF5>`>!60cF(5_r}jgv*lmk`KA1;UskMNX2b=`}Zl8Aw0dU zeDkMzE*`0BrYrGY)6Y2Hkm;k3EuIwMMY(_gDL+=5Rx761Cf$8L&>`0}uIdYbB;yy4 zap62_b=V(iEokGBqJV~;mor{T@rV2)t2KQ~wvkaTH!no5V$W|2F_n^^-_l~pt2I)c zeu^>!fQN{WsuvhK#e#%)Ns;yA6Y}aRa(R#@rWdgbU%%#v|6zX?~A(BA$^nO5^6)g($rp@FcRoaHXof{wwA%hLqtJK zve-Y&EE6hQ;m7cO%tvY7KeJ`+y-`URB-p~hSIFen=YpD087H(jWdypBw-# ztcF(BBOAy+kc_sgwo>~BwU&9boNQ&8ziTNT`gQz#qb{ObdD-ugRQD3gwp{9604R#P z@B2r;)FR!)9clicOml>6Fa>ixx>L*e-c}Xs(a+Dp?|dydmPEv^8M5r}a-sn{U7h`Q zs`r?BTLhPv+qvDpwcTdx1|!@1l07 z;cX8c?p;V02>M#>=indYiqzjD{me@CxSO=C`z|$S{z*l0JD0JHRa_~L)^!^IH0M1_ zTt4iu`LyN)@3WliA=sos*7lYw_cl;U*=$ zo9)W{I%|p|Yw^n}vzCm(4C*0xyUKg~m4sDGq|zne=^waok~0h6uH04TTjlUw4n5+& z>?e6ucwqG&_ueiglSpNz)-rnQpbM<^>K4!}5;8_|nvk@hxXJTjg!U@`TI6?;2a&Kb z(`VV!4x;PV&jY~S(0~mF1K~hJX-CD_peC86%E#HWxsyA4S0m8}Y31MOS-2kKi}3@% z3{6%Aw8}Fzc~}x&q(j*HRbwy|!KHoXeIRc?Xq4}>w4xFW{sh5UNKz-IaU#I>wW|PC zy8Wgh**r^{L0hZByOWdc$k`_Tg~5>wP7XY5G*B^Fgj<-1Y^F~nyyA_HcsFD6)gHs{ zOE#!IoDmOK@#$!0ZWpE^HQ14cv%`oDtGne~dRKG2yvuixrb6tfp?t-dax9$knelsz zlhzZiR&bF78(%^ar>c#2WvI~V`LqrVsUf;l9H~f+4(qN6M3_JuTLv_BlS>1R zl*xnQG7f3DKlA36v#37vu0;dpSl&oyh`(!NWL~h1DfMIZA8YhccbD+Vfk>M?On!CGD=Utj0TcLtfB(+||5tdx)Bl=)KzzX%B%{y~!E-q|#Y}7x`IXU>A|F@O`yNha6kIvepE`6Z1txy#fUXl zL8DR@ZS`jVNplwqmq~tzA!W)h!UaZu+ZXaHVobDPW9|||Y zLgr;NrT>r7ZYBipBmW#fJxtx+bI{)y{o}T(j{YQIp|&Yk&i-wiznr>yn1?2iHlMpG zP44QsXLww0HO$CuHI{HV>&sv44tI&b$pscT84&Lth<#8?ghks{a>PmK9rbz`bP&4s9Gtg0rh0u?j&EJs` zzDlJ>pDpkxT(20;)aUfF&8^dMpB^;73glknbUv#6*bjR<+8xT>q;d8c{k9LLxs59p zI23$oL7?!Jlj1G>BJ$b8+BhT|rKos)PGe)s2OyvbJrS$V&BPPbyUK*FrFWm{QW>z# zOh0qtodyUkVvnYNgob?P-|20o;2ny-(gaKqVc8P3xT2Cu9dss3TjwS8=pTykEgj4f z4ni@SOIC(my03BO6uLy9E0!W8wfOn2jVr;h3{O@7|3c}~CWam32~F-|vzdiVA-WB& zwd;ragHWtyBwq!WC1~q{x1x=u(0y>2=e&1Q($mZ5X!L!LmX9n%Nu7kQ7SMT(GQ#J zZj0UYRMtGpzI8XeNQqkCi>k*3FS%(|KXtvi-OP-4G~#LiqLbekpacX|cyd`RCtb62 zHD6_lDSO60xx@e>rc>3#s{rx1nd6Q6V82(R-aUioGxmiCh5#JYF<>bwFDndeSAPo(Xp2#B_X)}Y21j7Hc`b9R(E8nJSfXX zEoj3LmUiF(`BkhqO(%3o$F+L&3uF?Z4PB3%jZ5l53j~erUDLfkC=#(wUncj%k*ew2 zHCb^7)M#jy*|kuYrEcWOOm^AmLmRs37smrel@Vz3wiC%10W)kEHT|{QpPsd?cj6aN zbic+;V8+W1x)>2CX;l73F z*IneZmoA`0E%5l)&)XsiB5CTSmox#=Yl1mLa3r0UUKd=cIhG-MUw>hLSoyi&MT4lM z^n}9;0qM#Jxpx8#Z}WQ5pb+{-e9I5+Lzg|7D^n66fwGgws!*%ps4fGHl$RX|1RG5)I>tkdi zWE4WY8Z%EI+Ii(f+AuuU>oMo=~HrR#Woo$jVR zv|tiiflp+~YgN`639RPys;ftN6nPcbY0v;qv3P%xBd7OAy$fUMtmur%AEPbfe@FYY z#Nzq1ArbU#O~LG^%sNkcmjB``h_bwxj9x4}C|bj6y3sBu*drU8hG=iRvA; z(tFs#J@&n@P6L2$wIstx|yN>sSy1X=T?=W z07LyxKg`?XF#_&y>56RVtgf0nl_sTJuM=TLJ0!D@o)~q!qO_!wCAWPiu&M`&(RR~A zktlXPa5JOGnpG3ZQ_&;_@-Uk zKbSUgM|UTsp3=VsHC8yg&5nS4%Qh7-GrjIq@AieCkdHznZyP}Z2(9Q2FRsEOsv>Ah z5(yO_O`(0-(BdD!nv@#U*SIqK!*BccbVtsTPW%9)0T6H06rn4NUnxSL_WL!h0CEJ* zKPh$Zp#D;$wED$ou4>7`GG3o717wb*7_pji{Y`F=!E`H8WG2g*y zEP~!#d<1sZ6)0SXfhJWGgVENHw}*0OaDBa#1V$maK3(*R%^73>3)_40$BZFp7a6t! zxhVQblh*x7?}sZL9(~#x9Ss+LxxuiGie5DKs4(fw z84Fyw5y@fc+I1)hILRKsR zDc{uKqwN6^6(O*qyL_kkn;e|p3wkdB5dIfAWye(!A@miAT${hkGUZ9@{m@iCu~kM? z_H}Bhf`p$9Pqn0LlcE>>{IH&Pok0ZjW~LGOcvcKW?K0V_4_0UjU{GqY`>8QW9}4ea zn3U3l-om~shvin1Sl-e9fzpl0<-7L#0~vn(Gu&55^-}5wl65h18&2`yvOxtBR7v7M z&OT%?Z+3^-(~@qJ$EerWMvTpQa^ry3l8&1I(?3T(T4+0OGXqOKq!wHZ5~)C#lkMWv zQ=xhfa?>g9=jWH;(sej5OB^C3e4@3dR^LCnKPjaxB4{AB3rB9xxPX<1B^{n1_FYv! zo?g=5r<)nUwYW(Qg&=L58h*i%Z_@#^qx`NtkP~VmR&+x3aJSKQb7@M|*BF>z_t=`i zIcJ0ELPi7nh>K8kWF^nNII-M#!U0Ew5nMMV=Xjv>yV!G(SsM>`qoUs+^{8_PQy$Ze zgf;LN_hjZ%<6vOVJ^nl?CDatcyquiwP)VeZH4{Iy-_DQ3B7XQ9Qor0e!YlE?gIrUo z!+UTfS_f-}cS~e>?)Y(I&+!Tn1-o~iPfAht zXw}e_CpumuQ*$lp4q371WH7gTJP?7SRS`TaAfPT_W{48rphw5tDbba2D^5H(x{6R= z`g{~h$V}P}S1L*cJe=k(H{O8Zh61p^lfL0gGf?#r%<0Fz|ZVSKgYv1fqZ z_IFg3;k%ikL@&zz5DY?R{H5*3(O_OO<(!nlRPcJzt<6z$O^yl@uvxG~#RpL@kK4=` zkbt0V_h+g59v+;*QWRspm(76QOs|`n4V|YlTy?{Xx~=Ag2KHdk;?@76ONP;vd&=dj@4Oa${S zSbg+UauWk!U;--#1Q=Bz852@Vd z=EVP24H2WGVTtvL3ceZ8~5>S(vGlaW9!=KMZ}K7X;WKv^Cb zOJQta0#s{~Ad>8hQx3A+tDvU&2p{0odQlK$-{zj|bwxo`J>v&WHg04a{-<7<6h|LqRz+0eEWwrLeSq}M?!)hJGj(SS@iGudEv=D(&k999i8x(va)R|o3Ae-7fEj+w|NvQLy3a7 zC$(JqS!nR45JPoNk_5J&rJDM@K7WLbQ_RRs*iuH%Fhe>( zhmY1XO{(8z%<449+KiZ(xY&?uuD#E6ktVSFEZJ1#6*Ao|SeaNppp%&;DQ|}fo_Inb zR#+n61TyMO3en}SQ}n`<43F0&n_|6WK6L9#HtD)t;0U?B>4~H;0$+LNw%HF>fB`mi z4cGp0%tAk{6#)#i6mV}kt)K^ss`8gT5fty$=>as0?X_HV{?|;9P5it<3j3DCa@~7#A^~|@yJJP? z{<)AuGRAEX1KFN9sC>VW6&$Jgi#fI=a8 zY#b(WT9!;`IW0Dzp%I&=>NT@Qz8W_28Uiq#Ho&m^<=meMA>-(Qw^sQQ5Urf;OsLia zOu&+PSkg-gNnP*-4S+`rur=RPg}P)NDgezR(jAy5ifz(;LgIf`3{^DNsfWxZ*<)8yREF+ zcpzy3eieH`2(ZUqqFgI#JARGsT{mofV`Rs~*u#|g397#~&W&+l1H_g%n82Hn?kwQy z+y_Dk*s{i>0kY=gH!-NCh*tM zj1ZbP^CQ7m0-E1;fG*%%N5fTCz8T?IUdr4|%zZN-QRsb40QdbRgBKd`{k^Uic%J>& zpp^M0(C{%u(5hcq09&s2KZ%yuUki}`G!ueOdyAT$EaXuR#lH@XxLT0HNRKqH@TYQZ7!B+Now2Ksk^j}Ju7Bhe}`O96B_Ww*22GK&a{A-jzHO7J_ ze1kzI5Jj1ET11!tmj=-j)nys^a#n1>wDUITiWrnDFbV;@Oq3@^F#lv#O5Pln%m&pW zQEJ!G4wTmaM}X|I^i7XHAoM;U=Zr=$J3+i}G&rKBpajko9445n7nWqIO9=G8)%AMA zE#r~~Qv^iCm_QcmrKrKBmH{}L4GNaZFXra>@**|HP*tV~SZ(L=| z3WlRwH{2R`^93G&waom6zm+L7*P|kx5@R{g(MXweA>w?aY5xsEOVzK735zBM1wQ3c=qn z4|Fu5*2>-u8<MtIT-exNfdGL9P^?j3m_ft z0reL6{ridn9+gOdj=w9L2XjmU;`OAAK{Uzy$<4gSlu*d}-5^V}#`&-NBMqVy(czez znf(X&Q9|JMza{>6`egBP;CzfxzUIL^36=im2ykZ7QhjB@Ak;j*D8a0vU^GPQsRdYu z4OTylfDx#}SNVTi=DBG9TESI=*vnkeq{IZsx=}6xJp#s9M`dmB2Uw`abyW1q{0DC4 z2>7gilopUBTv1FyeP}TC>kKQeB;i} zo1t$r&Dm}`4RxUC1+E`d=BPnr{?nvgfP;$gH+Gt%#G?`$7~sLjRo@I$VFep2!*38~ zg;jt9T~*Ff(HaeIR(;Z;v9yRvGq3#({oMXB1hw}6dUWW2U;9s0<^NVM%?vl8{x2*E zU8pq&1_PDh=o>@2P!tF)!vTF~P6ev}4-ZQDY5&$o%?#^k1sH+9c7}Z@8 zbV2SY3!&DAHRv=DTjVh3KWUmoPsCUvDNKk!uBb4Arh(+?Pzm`b2qa+cdz9fVnUsuk zq*mw}UU!fL4|jsqZsbVhF#nTNQO^7~3*6}X4;|)SaO?e34<;9-Smfdc8c5qSUQiJ{ z@&*E2Zqb`AVo*>WnD%d+pz{BZ4S(m4znS^}i47Sy-HmP%{@?lgRiZcpS_qa5Be_}s zluk&3UM&FG2qIG~HT}=EPvg-nRq_7mEdR#}ILzn90e)a1l1(CcgPiFd(CTP0P|7&r zoD3}YUzh)c1{0#vjAX_+qVbo^&CILW*e9Q5A^15s|3riKfqPZ|4aq{;r-^c*EaWN= z@lQTjHAqXzmyv=bF~z+>g61&&fUE8$1n|qp=~p6;PI}J^;?xhOF=FP3n@}Qf81>&S zsA!Qrjt5dG5*&k~kk16QP>(fOLp;3+8#hM}*ikb#IA62u z|4A4ElLr{8ntjZJ|3`l6Bk3ChbCmDmu&bWsqIraow4wz?c_6&>HHhARjiUqA;YOmq zPMK-`Ef(UY|Il2jK$=V+wxUhZqy8&qZNAGb1}f!KMoBQx_2Mx92r4PnJ}W^J9^m?l z`HkvQ1Cm^f>t%z}uZU^{`$(C8I$*D}PdYHfyqJfA^=IyzRRg$5?tu@c+q|hLPQUWm zceF;Z@XK8@Th)Zq$^H9k8O18p%_)&h?!u0mz z!60V6waHf;1+&6~MNC0!?G&7^C(#G{nDsq3v58Q<^E0Ki$lK<@N-d(diRO$#tq&ar z;Hz}F&f~RSL@CI&^-M~RIRhR{XMOH4iunM3*DnXpZ`FfEIx1z|DXh*#5V6#iq|Bglsx(5atdPO z+}4anh}bw+{SF{rS1aZEjk2mE8LbpLYP zUqY97`n#2H8>+$Xxlg zh|q(HcqS4GgW(YsXZ=q_H%@zKOI>iUA|)U{(kHgBPb&}N@0fxrohme4N-t=(Oc*rt zDSV2+S{+qtM{N&P|9*O z2tltNdD_)!B5gR{rsf&{P1ujIz4$#Tnw9LG!8q+7a3V9&7v@pqJqRXUFRdp+{E+*~ z$87SYeuOjcZmM+4kF@hKJLD>oooLAdZqKYwL(r> znz0F>9yVHid8hna*)_+3@+viuUhxK-q3&;%e|o2}m1)ae`HZ+(LyArTcv*62O&-hU z{^)I5#$Y6Cvj(@E3lFZ+;i!;Qvxz_lNm}HKe19mm#8F7&M(raUw8Nl1|>arw#S?!jk3vkZeDS=&c+U6asdV>#q zo|A<+#bTyFlD^t%uDPu~!0_w_BcL?Q3(O}n^drn6pzFX14@;mVhXpu4AFhnd2;_sE+s?xAGlZiCJ z_Sk!w9#PEz8uP8%fi(E+&Dq=UbTc+av49CUKIwt-B|^`V)Vo0$$5#55u*$Wq5nCg@mCWfpir~btr9vmce1bNkTI11` z(SU^FB^fDt{kUbRj>nBHiY~}pIa1-SDdelH`6xvZX|l#xfD$27eNxGAp4mrMZ}i0& zLgJp~k*5xj%zY>Uowu#K>VQ?$S;8V}$&7b9;TvPjjPRw!Y6})YF+;O3Ofw&jmJ!OE z@I|1^pdAZ|b@#{LoTy8v{pmJ_@|y+Y-0@lIu*PG->9wY7j}$oi;U_{$;#X z!!J3p6DNEtnEgRs2WGx9QGN0xjml@1R3w(zJNi)?Vc>))0}D>iw`4N<=%}ou7vC8Z ziRLP!H*+`B-yz~5ZCNXMLONMpqKe+d>ZOLB(Z|lnSa~#j%oZb@<9~M@jY~~L2_Qt+ zD|S`)WymxAC{lrR<%n9qsyEO~#YN9{sNO8}Rv*2r49587Ppfu^PtU8G@4i>|Q>$j2hVaA~C)g7(m%x!+~@&ZL4UGNou2vfq|oY z)2eQ>-JG0c-Zh-iOm^rT(sf7^k=956?yDZ5FM5(B@foO2+PA)Zxj`v~te&P>RV<9t z&*b@d_-q>TqcHCo%XDibYF4R@P=+cKtL>DwBt;V^_ z5yx#jqpcYw+6&WUkySaR(1_?fPZONTEr9k-Ke*E_PZdl|8o!0PrBzN#CXX_7)?}Nd z8W@0QEgBmu5?)%N8kbZpA)V(*0v&tjteN7qGvoZYoZ?Rnn1@`EzMNq3R)#d`E+>$h zN<>PGvZ-aKNQ#yt;iU`C&ktLBFS*^lTf`6Ry!B-1g8T({LC#l@+GDPUTmh^|m?4%? z`4q6UrQ7xFGuAGK#ogXtkna{EwPO(Yd})32e3oNeCPZ__M%M;8`VmLvI1U|>9ec{g zx5A20ZqEe*LJldnLhsa%Vp!e^FFaa|Xd5FWwna3&9VmIUn}b8}peRXdv}N=u-y?3m zS@T`OB%fLNdW{qZpbHa(Ak=P9C1f5i=v#km%nc21V@tU*8)P(Dn$g-96XpP={&y z{WSKR>4L>Ewr#~LFDV@ikW^K?-zj@95!_kTDKA=|vu^v3K*PEsS= zqMyl-6c1g@T#7-}dxEycj?~fF5iw09g@k|MBe%8S2IKgJV=3WScJ3(OU&?dp1)oPr z!Xxou$r{A5Q0@^Tw804H0xlk67d&NqCeoU5c*)s8^cY(rWLU*}>4J|@ZQQMqYEE2b zHC6Q(UGH$Jxe_I1h5P4`lUfNpG68C;z6YjS(y@t@Lz0Pd)Cb~*B!K*4nD+YC({?>& zwb0Mg{#TJs0wU&tkI7p=<nC`rsHzMg&uoE{7(wdGWQ{VPgiMTOj=w{_q28#&@CY)Vh-6w5 zyPX=F4doKIq|q_-ULef5v|S#c3kXYDS}(VjT#ofuC)>iDGJvV53WnvAw?=c^rW1D8fUXNvstca7;=gCj$VyCF`Gs`OzvPWl8oa^Ttzw+blcH?m9~^9Vz; zchqZF2myv#6=ao}wzIZ}vzaLdm?6K>Ak*{zz$~?4jiHq0@%D4O9!%Mt8m){5P@FiF z9rV09VLrqKqdD$pZHc|M+^X$Ld84pWDc^y zt+mqjMG80WXWHIcL~}3QMdmw|y|-`PCWaspIM&V1#F9+ClQKqXszCKfp^Vk_w)4ae z^>RcqC!Ayzr|AD^8i_XcQbO@O_Pcr@-Dnh;xw(1D5xLmU$swS&-uuZ!avYZ32K-Nn zOgm+bT2x7_Lj5ey*eb`PydP!jXr&`-PXz+cNMuL9@;<$^`FJ}`djj&KMcyk(?wn!B zkkps%8Xe{mz@kb#PeL_k>b<*+(l!Z+7*}Mymr60U&rLmnPVvGx$JaB92)>bBNihgh zK=NMD*_K^+CGlD2bb^_i5$e*qZCfFPV3R|AqZy@&VdkXKEIkfMd=NLX=4yJHKM?38 z^m0dsERE8%n>VpbJq`Jo_YyccwPrT76JracOS^~ij@xbO7L1R+M*FZ92k>6*g_mN} z*mS#AX5tib|K^ikdovv@ND)4C#krhp(+qDsJe4$_2dO&v<;_!>2FsnOBCt55RI;HZ zfb1$#Oga@w%Z@wj`h7yu@fWPGCM!wl+#nz$%c{O&aChuj*m(R-6 zb(0}dgSm6kFZagRLL)&J8{^!W`qv80&aaJYq=d{TUNE#y`#8t#ouTiM67}*%$4_g+v8s zEXX{88;e=+O9R7iJ%v! zm}k|1l_L~Ifa07k`E&@BY?Bgrhw&{S)4ul7tHhi~TO9$0NNc6HrI?sw77L|m&%K85 zS1r*4*ANg~9BB&XmY?DKU&UJuj_0}%3SD9qFpEWafV~KEQ$Ui2c@?KZWiPl zj895d5`c{OvnEyoW3S_pq0g_nbs__uV=9VNwB?-0LY^B=KJ^9-2=Pa2J{G;~V;F#V zI7Qe&*dX{4yvN7{Xfo%?lm@qTR056A+c&J~uzy`96H+X&K>(@?y;#GO7n?**T@E+UZy>D4vDxfI+0NHxKkUFof%Y zX;+5&|E`3S@j9hTqOzoH@;SL<5tx6Qz-%*2pS}T;Y~_k z2!v#ZG!z*^qn;euvgJ36eg&S`KBs(M5Q7$}X&V=4=0#>CBMb?9gA7PdG-1;YYCJD& zc(((N*Ds&WLKvJ;fLrI+>Yd@;F@6TsgAb&W`P?)ka1SvyA>J({yPI(O-(9mb3x>Lm zewGGkK*zxH+zHZD0eQ4|LdsPF=v(Uijf6W?5F`jPr$pNTt9OnkDjmc->2Z@PH-umv z*Bb(ViX9d31QDbo#Qgsu!vo}VKHVg1}%Y>*u7>Xu=OpGxELpnj_tA0p% zxzJuAxgZ}OzsS$>a$&^s^6SP|Eo{uS;U(sLhgFel%AW-)!<}tRoh)o^u;3Nx-~rg? zoUOI7g$>q4pjTe3OIX~R#x_8q`j12SslC%OJn(a;czK0|1cZ5jk)7fd5)tAP7TEnM z!ox4h$14PHFT?xeLOxzW-~xW&LO%Fq@M`r_d_Yq{5fMK4b*ez$K$$vF`EKiQ)p55C z5BN_&NJNC6pATrk!^6ePCo0Ix$0xFT#KR@bCnCrrBqV^v2MmEvKu|yg-kYqe6Ht^7 z^y1{;Z1&@Sm*CxlmHI&I-AesG)Z_~a|18Pp=Q)g)e_xRgjQF2aof6Ao8uJe~d zWx&6UDM#l+aQ({9pJfgAu+>Go7yECmje1P=UG@qVeY+_lu<5?W7xU!X2P2m5+Z|rm zi{ky4L$0j7s!+12xE<))`e~D^|BZP2HnPpK)$?1upI~?xr_cI%vTe2ktJeyjCT;JL zRft&K;2ysFnnvkUyDx(F;zmu>> zGBKDdXvfx!VK;Z?+vvh$8gHMn$Wx?is@voGA|Hp> zt(_^8C9d2$CchCwqGy+W-AO6#_^}XZFq?SjT1iZze*VOcZ9MJb^QvktO^;wTe5)KPhJC$LxfvWmJ04P78te{NYdB*e|M z)hX_68fVeNpyCO~57%)`kCU}h-LE%R`@}zhsT%5gy2w!QwT}!}Pw6QWIpu&Gw<${q zsJC(l-@YXq?6$kXb*o$6TlR)qIYtRR_0*kjB>ir@zQ~R^)N2umk4zYzDfpwOeY*wx z%^kxE`|{<^`OnQy*kgIl4lZNihG;*hrb}olAx{>FjYIQnvl+i0ix^JR$7EW}5UD4SaF60`L#vXbcMQ2KQsl!!fqQyeF&)t@x40oO= zYn)keR*ABaCpg=7ku<9Wq>1IK`fvP_#qsD)Qz2h2{b>@ zQ60cSCte;b{=K$8j`^|p;iLa?xxSi-rJ3oE8|}{O;pN5R-|PIxF&`EH*Sj~{Jr=|Q z?)U4ER{%=@{@6cy1At3j%L$mdvpaC<8+O-?0mS|BckbOoJ}llJxUxG|2U}AuGbaG( zxYf_eVR37lxjOAlE&_ml_jWRSdqn^je<7eCBB6G%A9!x~j3jkq2l%|AALQUxF}rGE zeAd<#j>o`%!hAfyUd9ivCRDdNf{HY2|rsEmxvdRO=|p*pdDgW`>Z2SjHgMMkgrL*KGX z(rJ1@BpjBw8+aAgnr@@$i1QDKmzvgxh)HBj?Zp9@cF?Y)B#2KQTr3&f6 z9U&R5qDmFLOS9P8<8Kr4n6HhUcqm(sVW zw;HG=JezGk4^Pp2NvR}qSa|#$ue&9!*4@N;Hzl2*>p8F1vVX zZ3DCR3oO8d&0v!U?E*5Vn(5w@G23uqxU(_mdp8wFCtfXIi0CdK2@Op*5-TZnGs- zK`-rg=>nRHoK_Qu?6VDY7Q23nN&?l>0hYtbZ47HfL0FfA5-zYf7l6({Mh2OJ3UL%g@bOCK278{ z&&)bX;#FpI`);JI#k&@|V!%Fg*44__hSciSs?|219ofD%uQKn#8_T1D&P75?`uU3> z?yL>55ouu#hWMrWO=s$L{+-KDbI#mwzvC$(o}E>7#mUO)N_L$xk&vgts|uu6BKF|* z3nqGI8Q@xRsV` zskxkQc*X%H<`ape;XxyALj4AkO+vbpl?vlreFtT|jjfzm$g=F6ys*8nzQ$8*O(%=W zVs$4?W%cE&bDUkl)F15L+7~{zOB1ceV1@f_cjxqD zH;GU1d7$YjbXbyMRnjvo^;WHZ8j-_EfjdAWKT;hu*~&Iz zTu)|^dHz#@!-;u!XZte9a8z&F>;2nQ_?t8h|nQm@e2GK{sI>_%03uY-J9*4cGuoxaQZn)bL-$~6N zHdb^k$;mSsm+*x4s`!wNhs3QEan+~Fa#E^iO|#`(LrwFghq&~^Rv$1<@>s_7vOgJ3 zk+89kNO~~M8!g-kLvtf7)|<@hFA3}%yrFrK10P44?7?|z{p!#Q!Kii3v|;q$I%8S` zp9^A}`qq>*l4aE0EsOJO3Xe(3e8c|cGIo{9B}Ko!+n1l+qi2n^7AN&xZ{L~6WDqx! zXI)92ZwY=Sj8Z$@Pxq0wu=+Ccv&2muR-3xzz=aDfmAaBw+YQ|CHBHnwRNRD8;AyW1l(vI7Bw26zyE8u22$m zAnoRHb}`K>TbB6KCvA+&w97fJ)fYHoL|2Z)BM(TzAoa*-4_8K(rr){E0_)hfr(O%K zx|#gyJms7G5;;oqhGcU|I+0lpF&JbpD8g2P`Y!j0VN=YLmG=xVkGnEe#|wP0Z>(d# zNvxYgKoEd&9xwHF@jS}gdyqbLH# z*TK#fKE?M(bOX*L78C_$5AV$+<^|%X!vdGxAn>r6#9AuGj#gMg2f~(fGTM97h(S{e z595CLD|@CE)&m=Y;48@~%0ZBT;>)0_Y zVq83Id@^Ekax!94Qpyv|w3Jkg)TE?zC+QejSlKz)DQLNPxY&4@+1T0OogiUgU|?Zl z5n*8wu~Cvzvi-;ZV3iO8Oq4P7(S?sK8nVNS?soA*cjsg!H`9=tLUE7!3Bre7D1%V=|u2eM_R* zHpj$o;^1=(i@b{R;-BSIw@OU$?My zbaHmN>FVZw=dSNPzx)0H55pftL`FS+5}lBkl$?_KBJE|~tNeo3g+;|BRn;}Mb@dI6 zP3;|>AG^AHKJ^ZN8TtC{`{>yC#QehI((=mc+WH3kxsV_zKOPJC|Boj-@LUAIb0MRm zqM%~Hp9=~3Ca|FpprX<9q7zDMU>MsIF#yXA5uXivp8NI~BfsVxiHSoS7Acd!F!Mb8 z(RQEgpFNn*|LDnnKG?74>V;sV0Lc{s6at7OWFsYjEgt!3JEFmn3>?Y8kqjKkz>y3b z$-t2e9Ld0u3>?Y8zgz}z88zl-dzOzswVfK+IiE>0D@m23&?2;{16|XvSUwJeG=}Wd z6~Q3*Fh~Pb3kJzfgD&x3SZ+_N>!W@6MI=tZ_d=bZlgjqv)g^J19a8S?voOelDGZXE zh_gJ$F<473b_J<7&scOZ^9rC>$gIrU=ZIx7(~5d>oE*6b$#EFRqI&d zr}`XdrfBxoHb6Dg9r<`@RV@ti!f59_bVUH+x8UfK#?(lUWLHf0ju-GyxiARh2gzX* z7^IUM24Ruhq}+F~xWTq!KSevKY6XKxLKpO5kgze@xm@T384MCmyZr$1x7#-HEs+(x zBQgUdKO*xl(LR#qzkmk)5f1EP`w`qye)u3}v7MPNZMK5P+B~qh-k0mkn$k9Y+2|66 zcg5Em06xEt+u%x5iqUjG@#H4qHJx0iH0^ZPCJi-(son~i?y-b`?~>YBYzf}~Et{B3 zjpPDtCk!$%xj<8Ht9#cwF_h4Bxjc->uI;yX)0ui_2@Uf4;k}e&+%_KhxCPp9tH{B zNrgd-G+~gjYp*5`@Z5zftyN{w<#nB?iu9kkJr8df*#e zfyJ7R^k6@6B4=@NdbScSw zn^?opZ-#ykIlxi>oA(&^_nY8MyaN$?&ud8xARMJh-NS2;OW+>PVvt)Pq2M?U!Yv}V zKra23?b5%YJlNqu9RJCFk`J!OcjVsDZd$+~3BAP|V`6APbZi!~oezVwS!;1U88bUz zlVy-CruU=Vieq0+fb>5`icgh;AIH!*I#?Y1I+$ z3SPW>A!qy?+17(d$(0TmM7F?jc^}hLF7kh9f_@%@21{;eihBjHWy!39^77xXN2xhr zguDFiL%&L;7(GXN0k@Mi4b~(Do8Mui23Uv1awBhzXGo2Py)hf>p zgFv6}h`=D@3d}ES-{b4X555}wC9KN5;e`{pBerey9Uw42qJn~$ z3D+^uGyVy#Aj_)updAsJ!A?M!2ZaQ_--pm(C%@bO?EJ{ZM!-4{^T7T8$SlK23s(T? zJ+pj}*?-~HPhKE2Ks39E$hprk1Ml>AcZ2-dEE^pc$4=ee@mm{#L6RBaNw2SxcKfgZ z5f}c2zkemYzW*-iCGj)q)p8}_hs6aU6wXgX7zNq&)8fK)(C0VE2)D#=1*hBV6jX4; zJtD~e7T|sM#Z7vW`}F#y+1#tPBi9Qd|8bb>1-z#NU9ZtY#Q%>j7$T2AP(~DrpTdAB z2yo_uj6c``BBOtr{y)abnvw5k_w$&475@)ng(zbGhTs3GdkyFD&$J>4)*vAeK^wFN zprr;C{ILC@_zZTAXtjT9t*ib{k&j}iABjw}-9+YLiu`vm6bQ(O`Uf%|+#~Aa;kt+r zkR8?$yaPnH9F&$HNU+bFK9Ka%1e|M`J?DDoI^4A`YCUqT_r0;$?^?$I78nt95d)c@ zF)uP;ff4xxG8oiuIIj*e`WNsb1kOl%CL7$-0T_$OY;Yw1*y~zP{NZ!iA7XTV#bf_6 zzw4LJ_1hPX2tJn`K;y$88Dt)O55n_b0x7t~B>{xoeVrYYgx@s+IsbPrD6YAS9!z%){kNpL;LrKHbk|;51fK4?@hjc+ z7_L9y=JPj@3|G#>VELyf4(|xw30x?^%^1O{1_cAY2l4)Jn|ze*`b9yIl8F0%l}IX=`BgKPnL4F_V-4FBY_&mMn4-hzz|3dhd|h!O^W40uB%xM1udHgvZX z@XJy&PWi1K`8(|nxE2u$kc<%`P)XIY=VtJ4afZ3R2TJ8s_W17U4YxQEdC>B z4cB5&ArJC#AOCiBE8(wiq7W4o)EQ7H;Jn?}3Ef@?pd^78{uM+1E<`@cbs^UJ92O!Y zRO9UdctO7&Z01rZh0!h`z%M;w5wFk-{QbRIMSKlcCF@%oVoIeN)> zpmr1BGT?TJtNkh&_=%~AVgu(YTn!N!1d0NPulpJzHUNz)sPw<})qD=|({@ezkyYL= z^#_tU|5-BR%AS%TvIG2m&?DXjbYFxp2~oWf`3Pz%qPqXI&|sVeHiiqtL815?&+8)p zkx~9TqkJH5y{nIiqz4rkk@O(L5n=f+4e9pyb&zid8y|`U$OuaP_oej*tN6V490gE7 z|IPbdVW|VumNb0_Xz@`6dCWU^Eqs;+mS*3@#c6hDn4Yc8$wzAVV*Lg(}c*E z-|`03YD5J^bgO^c5H1af67f@%{+J3mN?RY85c5~82GZ88A9n!0Xo-T#gQ#@})fACI zyXuPA2vN7;;sA2?w;+$mRe0lrVzFz(|IQqXAEmATW?C{rwZIhwDj#kc54?l~S%kPp z)M60B5#24s--z~lpTHn?i2Qe1>%SCs;RDYBqR+p5k5Ik$`@$}Sto3g79thWn$_x?; zR5L{0fM#@`(FS=0GW=i%h>S-34N4XwT6kmqIiDH%e#zm0UtNjdEFyOQul$Yhit)+r zazlq=HTa4V^sC_<0RtE?@&QAreYG9%5Eu-DrT2WX!@?)HKEpc#L#BOlf!GOLHo%UM zfDU&%(?cxt8J*lWA{$| z0pH+40SW^s1b^)0AIHbdM@zx{W+@mTJWc~AtG?ai1KbY6l@kP1&>F*iA;fK;b*?(h zm>z(Ac;kJIej@T7yh|fU!%x$GWRVZh9gznRjc|nyv#_LawO2PyEN~QljFO1w6E}%|T(pCdx~A((e97-48q7 z0j%udMYP3vHsDnC#3RWt&xY2Wn!WSh<2%Gqlkt7S3e4F^#`|jIzz?iE>6E>J4lLs| zbQ0_2WUj!kF<#e@?eWy~Ti`CH02ZPAHQp#h(xoqHxX@}p-wK4&{S+eI z|34(@?+1@CT-u(JU6RgLL4AKW^pL4bKgnxAj4<+j67!Enj=*%1=dxtR%SyBjZ@!uz zkjsBW&=3Ts|9(_^a{SLk6cEM#Wuw~T^5z^|L=jlNPec)DsIeWmt3^9otp5Y$0+sIX zll_^WdL;Qs2cWYupa0pWpuV#l9p{{LDMe#!0cVd0nD{vHGYf77^@$|VNPA_wcb*!2>VIFei@&3>l7S-`IFf-Q890)GBN;f7 zfg>3>l7S-`_#p$duut%B+wXnBeea|5LhujO!@qq0AANLQlt=LAN9Xx?1VsKPADtK2 z{iHm%oW%{`%l25@hkSHi@c+J#&SOF_?2kS=e;oKKeZl|rADv&<+^bYT{#WnW=j9d^ za%+NS21w)-x7bj#6DZW~v9pBAW7{(MCB!#M`a1QR-#x|TY%N=(apfC9-um?P?B}i1 z1CnY59c^7L1mup9Umrq=nhoyUijAe^OxL=wnLaPd#aI<0U~);em)WeTF3!W#L1g3B zN>;jBPGQFo!9_VTZ;ISS;bQTP=+_oFmI-0g>Q$QY<+a&fDJ*HjeVpSo8gD3`GUd@6 zTV~wijsEJag1b;9|6b)JBa_k{MwH^EEvt4M`lO*J_ZYd8FKTCOg)k+QZYx(u>M7I_ zlXei|E>U|5jnYPPKKv+P)hvSk1f@>yeAw3)qvT@ty?OT6=Q)R7wtY;`8f#7n;82y? zD}sR+!W?b?SJEJ|Yw%+FU7rE$hs9MdW~JJ#KM`oZURg9OR(8D_QQ4@iSx-}@cQMIT zw9sEr{?cPqSt7^S;b2Kz$w_rv1OhF$k@>A1Djy8ovCW*%F$V@%GB z`=ViNa>Af~!@7U+-K+lUSFhZZhj^=@Lx@4-AJ)yK&zPjtC5+LFW4{^T& zBEGbh9?_Y9v0PlNQRnh0zWEq$PvA?a87TIXKYJC`0Sr#}nq zJo}(=bnX6hh|K2~wazO-x+|n#j*HyYxEg~U6Q`-hlK((xRovs0if(qf9w68a7GB34 zzcr?vCpPE8_J}ckZqvVEK6%OdSwz93TU>O(bW#|WLorT`6Hv-LI7mmyl$h}fL*p@@93uzMMfzk?!>0tt~;gLcqvr7tE*!` zRQbBulgfTwfs<0pUrM%V-*PcszLw5eQ%@&DfEsf4V%TKm%4mU$E~!wjXOT|}a{!%U zWn-gwqgZs8z|;PfoML9nH_JxOUXpXT!isas*Vvs!y(!*F(~6RhT`Uy0k2AgG`RqYv zz>WOEU;=O4+P61$#XKJ_=83sWA|52veB1rbvz;<30wXE{E%)e?1X4mjDDR5B0&tWp z@Cct-=$T5A45bB*;j4}rZgMx?XXX8KiSwB+#LnRBZl23{?|x&1c*^W_Snw#11&-C{ zv74krWs+}#pf_J^anj#L_2H3Mw>YM#Y@G7&QM)FyzoN3DG@}K(1v`FCl0g1FAMy?b z3l;h#8NOv4()J0ubjr%fhm?XSizjLw-S7F`v|^nJ%VHF%W>}1~?<#dv5j@2n6JeJ> zVP(bN%$C)s(PnK+{svofXsZDo@S@5cZ6&~m;Vouk)KOJ|Cf#@bG+AcFi|qX45evXRRm>14Q2j0=ajZF`y2iA*V<`x_b&SD zvN5_{wYeXlA6Kd8nBYp`k$Wne(YAqs{Hgbudm>vRTia)-IM3W7M->W9;tg)%4G+4y z5sSh4LrLa}aV*oL)4v({*NoF(Shp#^JRgq|=_BF5`=QXreMF+Jl!}w;BJn44TVlFj zI#QruWkzx$B&qt!bz{Amk!-I7N{duVi% zqh2Ltv)XE9yqd>u3oTS&x;#}Tyrvson`(un6v2n|(bax=IZNnRV)1R3+toEA9M$Ct z84Yj40&>Qr-=;cT64)M#j@mf!9yOn_CFJ$z@^xKt8-1%qS>F;GOX#gcy!lMI5Y;Xs zhmrRpjkKHrx^HSkn{2=Y9vpPyBd<+R$`*Wy3za>kIOvV62#n8GyWKn&n9z}NCu9&Q zh}OOj2Kjg?lUZ3$)N*)Ot1;G5)}^pSHo5=l0G5P<0Uwg&<sr_%Fg<*$NU$d&|i3g?ctJA2_COcy> zWV#+S-DMU^BynkSHmPg*vSE)C!!3}S7c^uJ*wC=XFQu7OmG+p4QMwWDQ?aiEd6Ruq zzB%1-VqM(oRl)0fExl)MUGEYxCD*z9G5>mD@$9gOSAnup={KX0ExbvYfHn`TT;=bU z3rR2eP6uwuqh*+JT?rs&wb%c^#@daXDsb<0khY7&Qyib?zPia& zZp)iB@Yv?Xm?=9B7k!d4eus)khYIQs7zo4uVMqZnmeHM>I>n7kA2dBv?=49=_^OR- zI_iCiF(a|iGHDT4z2V$D9 z!N^w0=u10dxcqIo_S5@z!r}&vN?KoZ?pQB{&u_ZvZo3$~i0~UqD4u*b8Cdszf$$95 z5MEV!bp1y$Y11oAT5OTS@&v46qvWjdtFzOJr8eiDojx9IGni6v)v|Xv@(F7Mr$D&< z;}Hr*iE_WiuX-oaT?1A%WN6OeKlIXXM7upzUqLH9tzQtH)-yj(QK7{79R_LW`{*Hm z>lW+GrD}FrW3f>Kt(p;C0=}-?l||DsbG+f)>-J-eEqo$xS5Lfj zx+aGmq~muM7stXevx?8K?OOTHZ84^T+{N$?0N65gH8XT>W8-3q%kCoH!T_G2WO-IiV&)K6I5A;(y|yNXK( zI40U|p7v9n@}u*-)qTwZ&mc0(QTzF^3AbgEPe$XBt08aH-?2jSVhGV3yGvx7b6k4& z&@L^vR`c%j@8$r^1)cp@XZZfSAo%}p+0CTFd&*Dm$NSz?=0ufk;Zv+6IYEqLuo3H* z;CjsD>H98b#Ya~$jZYG95cbnv#wZj|&&$huol~fPa#+EHw(1UrNS#{Rkb~RHSc-~p ztq&P9DYWIz^sQ-{+Of~(V{Ual$!d^ge!d}raqM2AD*y8nA7{HYa0EIY2z)#dBm;M> z5e4=1*5|&+!~1*I3g<8|Yj;Pw95t zG=54F3)@I+E9}GN$xx|MF1=>k%K@BmEDKrD>dvDD1K`A8+FWOP|LP0z7CTAo(J;fy*1b;Y&&OZr9P(DH7{^LUok z2?5QoSH(^jr0NVN7Qxk_3PBx?WoEGyJW{mftlN1BgiRBiNgZ3dIzpeT^lz_znQ(W; zm>*rr(haawq0+3;PMqWKn9edTxvyx;(BM}R8(aTjQ~SmHAPVwy+`H5SmyK)%A{Uu* ziWTv{@??ddpO>*c_JVB>tQ24nyrxXG;)%BR^x~|ETX?d$^Qdjs%E^nN_N8zy%0Xb; zL~{5h^?Y^6;<_H5wLMPfS!FlUbK;##D-!oobg$Yq)apCY4F$B1D*L$CbXR;}y&DNY zjk}Zaj^HlR(EFhhG-STR!&f2bb9!S5b+xPBvNC)ic_BoSQ-XJFatF$BGPXukNs^$J z(jv22rh2iucsk@6d1K#}6x5*BnL{au-cMatB}0&Dg#r#wM1+8&7IsobC6&_pprte8 z91!ZA4s5uqAVt+V1cUfGu9nEw=J7wsljBpo9Pb_mgG^@Sv{R~(t3JAF=cH$RE46Rn zYr|vcY&HfAlC4ixa(?A2`P(PQ>eQ)2UL>1FI>nry0Q|DhBfsqDCvE?C_+dz6lGx5d zWx2hDE($zgxhe4?9I2}GKt z=bf1_Ydb59vXF5+JuNHFX@Rs}y2p!{yg)N$gVABtFn~U<86~W4q$(se^UA=0iqmFl zXkq-6gwJ!q+ZnD2RaM;m3Q>;K#ta@o?vWHIsjB4?1zgF+B+T+SG!~^)DLH~rVttE+ zGDeTZ6lwhpPTZQf@t7;!M448rCAoc^nDNwZ8V`vVGPDn=~QDY}b`TcszQ@Q-~7U08MN`*!DzVkAd z1v1b~xZk3cnbzXuBoyi|?#SV@io z&e&%somi8W%;S4peXhGCx34$w2t!FFGjEV|6g&o0`7_0cpAi5;IJVAc?K6cDOysE3 zqKp!W1VeW>J*a{6SXoOWlfc%9nrVR2-3N&ON}pwnfXl8sHl+M zMiNS^>NU4@Yez7LR<$b}16}F;2Il3A>J~g;pz9|XuA~~^AN{ReBu)LzIA8Ab&=VNELTFI_gBjIz0^riOabJl~C zxwVh-RleF6%_WZO3+riJk{JKWHQnPyg5%iR8nCp934_=(TvoNe>%YJ|p??+k+3BT? z&exG&wVzR+bW54CjUFusAIStOajsI~;$^HK#30g^wvYxU*_& zYph=o^m0W4N*4QhpgJ3lGp1VeG|4a0lU}Xc73zPXl0Q!nn?!roiY9=QrLTW|Bf?x~ zQTwKsu`IDB|F18!WtMYSM@1z)k$xRSO~ml5KKR|byOz@TN8_sL-+YSwFGkC;P`s_iC3syffy7MYi6 z?sP9_nksF^J~)ZZxTSaV6ZFYwq!G?YCs!L$b3R3D@6~mGit$%;v>mBNM%Ht!)t~*^ zELzR2llu%C?ePQT%9%%Rus3RYjW{UsPA^aKR!>NAtF#uExcn{US}lRo3zkDUeagAG}pyL+4>e| zK1Zok6A$*#*Q<9*&lE9|OW=Hg9-q8SR(jDIsv6rQw;41<91bDMt<%XZGDjT|5$mpS zHUA=%mdq&o0=;vnzVUnGYgy6O&u^I=Tt%mScmtMhahX=r2o?nQe&;;%s>1z~QB}~} zN-^IXKK8MCBIpH97P?)y@8@#K4X>dX$Zz6&ZoReGe*u*}R>2P$;p-IFqyw^t?SC z7s?nj+<9g6b64J}{7><8@qB3`9HLvYjI5*q0vfWYzDIMJe|{|Oe@Q)}g{#BYPm`~S zj*;@PsJHY~YTA8j%@urVbkT!+j@x&tj5&Fdv@6F_xI3)crCXSuAn~DmBL-nnTsD>Xr(V?$WGmVRJhCxo?QLyzS&h&sei#Z+*bhwBWb<{Dy|lIZT7>s7@SrS`lfaiKv?N zV(AoA#N-n!e}lEI!3(*wJv(b(pPJKb+{KsKvp!{xFX@N-#&)Zsbw)@KN?>{VrGOsc z%gP!eVk_T~Wr?!bf)H7fKe)__@J~u^1#|yJZ17^zvhe8HwcFu;BoL@Yp zI2&=I0!XNKTcbZsx!#u1jh!Oh_Vw%Nc9=n3#Oj&xp<&uDXWlf7hzSpQXFaS%3W0=3 zm?(;^(3HQrUF)*4Ve>Rm{(C=P)YsXl@HM;zD}K#+86ndgmGqAH_N_yl&tlzdm@Qac zZi*{YcfD-uSsHH(*Im=Q>P#6DAk`m9Fk1L{WEo}4>S<9)?8Mns!u$s_?w;ZtSUL%- zr^h>jgk*f#l86(+@~GM64WyOWqZte5W@|1Poi__!ugK?;Cx7%sx;t@MENt~v2en=@ zOZsp&rA5cMrXtQ)VO}Jzq$Z7Exhd?ClS$5+c5>2VR-^Np)r{2~%E$8^=&`d>(Gxvv{pICfirui0zE^u|Zk2h!deP{c>C3g-bA(N`$S zdmj{vD#nerzFL5a?U0PUrfj`eW@Q;!_T$Wgu z1zddz36Lw4k+3gz^QDZzL8+*^1Ah0-f+EV%by&|lg2)el=)xiH$hAx3u$edav~ou4 zwJi)Yym_L&(ur7aia9|V-AXXWy>pB)XxK0uD201!t4xr zA`=-rvdX%+S69e)UDc%X`|QtNDGB**M%V(ssaw~s-(k{kXJO8YVN@j=|AK-O3eytf zT;`&-vm3U{RqSsKhIcwDmg4=%0e>6ye+keY8L}US%=66VDXVU>9rDh6i*DX=hxDp- zYNq7I^GKf}f)yp9)DX_^97|B|LH4KBu@bKeS>$p*Ub>O`K#|drT5hd@LYFZ-hEoDv z#mU&xLFfEvt=4E#d;esaEa6xjv6x~~-utl2D%;66i`Z@{vN$XqbyC)qS7?hqiJ}*0 zTGd5+CTTL?@qGE!Ob;@pc_zHylRw7!gjIWmB_6im%5AeRR98d1Vg^+jd!I+MV`3>2 z9>dx~g8=VFS-o*Q-s#=9dDO2lHN-zL|F$lO%Q<-i1~GCg$XE;4{FuPguat&F_c-xV zeAs0FHh+&U7qK3v^^E<;OwIh_i8DFC!YmZO+5^< z=i3+;uX51lKcvpxfG(%&x4#)R6FX@-UkWz`{6n@U*GsXL6c{dea|b~&>uFOjFZar% zj=PI-GW7}LdNjJ3c>1mBs-}L4G|^I1NpD!Bc3i`o&vJ45Ruq;LD;L(Yp#MEzH@N;e zmZoLjsfKZ9TH;s8kpxpPNJ=mt6v=REQQ4l}Ey;rRW3VNGYEqy1rPKEJssij%0wT!= zFCd=_nsMg{3YX5K(v+cU8fKJp5l0S+?(f(VWei=-{Fc2+_RuS};ClJW(JbGF%!V8QXx~_YnWmM`Y^6^=;96 z@uV$2ehu~Qd+QfNG3#zQWn-pd4U&92LGxlhw_nn?cC*d!;Y@`N41&GY5>f|)yxLB@ z(0^&|?2J>%r3J1B@6Z)RQ5huBc!ZHkU0fTfqvtA!Tulw;%6t2)dYx7@h5OARNsl4V zviLF|REw}uy!~DdgH*?!`RMdSp(Ik}Y|q!nqoI)))W$6eV`D=P;QFb$9S_vVCi__P%MgMRGiqePwp_t#W+F@BZal@ z6|aKQqR7cAy|y0Y0MfdzXX;BuOqd(5@U~#uI5uE}pv<%SEgNA^Sf@@#I$Rj=#ml`< z|7eM$GPL?d18ba!IvG%nvUyix-xmO$kY#Ay(2rmFI=ie1&Tnqdwr*LO**FcDp*kRacl7ll_rxJpGogBPQzTKr z>UpP!=*g?);couhb;H1$OVr#lRZZ=y_8;}H1l)^8V_IQ=*J6b}-YssC{`DHWsw?@k z6C*_xUMCC^cG00ISjeS?n9$y^tX&{4KiJ{DqjbzYAPgn^PZK{!*Z=b*8j1P&H$@$S zoXVRNVx^@QG+m9ZTW2Nl#o$Z7Me*U)c@Zxx(ORJ(!S2BldZ8k0JKd53$pqCg5heF= zmXbe_1-%<2tW&Qp3LnTUpCscI`Ug_h|y?W@r^p*~3g!Vy*Hf~MTjC_rF_QAhu3#h%vSm!beJ=STeNEv9%=SNG(6Fbx-bHxV5eLvdCy-85DI z1*3_?Xs@alEvLxznvS!P``)nv+LwhUL!v*@*8jZu;yL1MzNk6_o5e;!wDnQOQ}fb} zg;ODK!j$B(C*-jSD9RwG(QbMKl#RwI?xh-UIc3PBb9DHf4r7^_87Auf05E~x{p#P0 zfDPyDYwv2>!&s}4nFWpNqaB40SBad~FLN71JYR||S${MmmXx%A1+=oh)!N@NP7Y2q zU)=~>`D%{N`kg=jgb5A<0o?ExxiI?xKofnmjqKOA-+DT<<}OQ)DH34JHY5jmdQO!! zJbuY9@4|9dc|raFqB-p7brslFmlBerJ*Zk;UE+CNx7;?`NqP++H{Wv8<>M){c+fag zASD-{)&rN4RU$3$DNO_~dD(4zc-gj{Jni|IZVH>%S6r`-FQ$fX-6QTjHfXxiQS?>3 z*XhV6E2Cu=2k^Qna7RV(S=MmZUbWG}c+%|t0ld3a(S#%yUTd#p#KsO+4`Y8Xf`xZ= zh-B{l*ffd&AF)yPHS=S*rHgXkr>dSS=HlFlzU6<61i0FtHCZksefDip-kL^y3n&rkNEBQ8y?;~R8(4!~*_LevGwr;89giL{P-pmiZ zk5+}Q;x%4ujZ;@kWy-jsyZw8+ahDveIJ4>HKcv)rMg=9-J7J%3dKOp2+|zSxH;ef( zRG>$xRGBcsE6+m_vRoZ>?XXk){ARtgYZe)bJnElKjTS-~R21gyD*zILuA;SB5}SH( z8ZGXXL3FQ@h0aGsf^SJ7&@=0OvxLi6_RtnRiC)`g?{~{WyXjYtC@yp8gK(idadBXC zyb`M)$_mC5FAdBbl(j-y-@&#R@&uwWy`7ik1f6Besg?Xc{UmGP=Q_`y=tJHpI6`kp zFJplJPnfFzT|Wb6)dz9roy=`sZd)T7+&k3ksz!H8rVu4O)E|SjRe%6*^Y-BDT*wnB zXWf@iJ1{UtIw{$8%_lxl@s6gJ9vPr8mIdIrK=CbdAOvo%!zm4N6m0)4$q!*2zy@C@ zkpAWq0hH(QBbVsE5%XB@^pscauz168<7T9><)bBrQ)QK-JB(AnfS9eXQ&iwc5@|%Y zk8N6-Y*_l%*b#6bXKS^H(%&2Gh|H3K&Rgqk(zto2;qn7W*Z3h6!@hkhA%)+axKsLY zy?(L|8;yZB5o$(1j`{^Ru4{ubuPi=Wi3{OY)$jVvcODc+GA zC?mi8QbM5wSTc`2wK*@en|Jm2`d@alBDyh2`=U~+V|!4905%fiRuPl4gKNa}bQGTy z%8eY4Lhn}5>1ON;d>@rLW`=x9e~_=jkmJL)$rX3ilCB8pW)<%YB~Bn~z1cTiXd`?v(tUxF1K% zBbbu=^E6(7#u*AU(c*oVHv)&eX>>DO&6a&hMRaYvbnle=9`bJPyVu`T#g z0Bv0(#1qBAN}sx|)-VNbxi`xrJHu^nbu%loR84+Ykd*VAduhc^%qQ&JTK0D9A*G&f zrUiw^8b88L1^v`bjzWgdC*JG_;<-D)E!Zk0xtX#H1lI)HBh^TB7kQT^1NQ{W(Yx|9 z3AQ;NG3zfh*{N<__4^&x^zRPHW%YIi;fTRWBa~=YXA*ERkk|Y?K1+G#6PFjOfIuXn#zgV&}#xN1$NL+avIn&XoA`rYvai_o)Rkm>Ns05Udw z@Ms5lCoyB%+6FnE+V`lbjUy?WN{y{{9Xip z>-|mJ=qq^6ok?w2IC)RSK#f2VoW#EgTPY!}oG0Dbn8sT$HqP z!aN*F!jmNbR-H7kyB8oXJWxsB!r!H)~3z%d#R4%T*0YYUrie%kN~ z;6mG%T~JeSshhewgkqk`3+82a&0cb~xL1>=kSYHGEGLALib6q8N4MWOBo_*L0%9^5 zMA7xqa&P+ulqL=Y2@GZCJJ#ohT*k&p&nm62w1jY&(B8E!K}4TM;@h&NrlU*RU` zmK(u<{;%F{?!RB8;(uQMy9KNN_l{MCjsUKwblq(Pt0(-a$^J7t4qmgZ+24W0X0-zV z>^T%4KfUx7$2W~4QZOx-WXK4|-g+#HEe8;5jd@)#2na4theoh;lKM6aJvsC=)bVv2 zm5T6Xh@+A|O?6k4$W5iNvS*=kytm3kty+hc8!9CS7~Kx$DK6|szhp2qx2xk7Xec8C zvjPw&qvxc?$uT80MgZ#>Coa%3MzbY5V&^+{wE`8|StH}~tL6ntPt%VKwao{bTWLj< znG;j;iOs6|Vf$`EIC4zN-TaBq56<96hRkG*G*QaR(cLnZK@PkE9F)f9DTLx9ZsiCO zLY4D)ZlW@xsNS0ws4 z)#I>`Du$c8KJ)u}m=JfS%r*O-tEuLWAv-mCMEdwiM-;mn|qiYqcITVAx&`)w*3RkeTQ zt-hs^=2xD}GyNem7~&7B8&-s96%!{Qw{(g&M4~+bEx`^QSJyR1qX?7S%wB8^jdG4} z>9TYVoI)p^mmH16JK3cmip);~z+Q;N_*9LFywa*lGInmmY290jp+&Cmoy+_f&m7Tv z6U|cCWiMJ2qX`fi;&@(ybB^?~jOa!l9itc|~6YASMHMhU^siNb&%VyxtlL z>#N~@h-VvuDLkJ&ztdLF*w%=@PYHrJrMbVubXUeS&A=HCvJe!rwPnM@^(`J-bNo~ zT762d{=97jgdf)^!CKO7<}k3f9za26szIg8zwaX>il`ak=J&2-bV3X#@TDR7@6|%7 zbgXKu1X=V>}8YU>y z@{b+!!QlkNIf^`FnB4A41HD_moBFV4-!y9H1gUIN?rlSL#FNOS1a*Z{2tZoW@rd#H z!CB&H`2FtEB)_8W2e#CF+ihIKLC|&-klVi+2LCgS>E9j;^@guM3=U;MqZ}A?i<1M6 z0h`=cLIDEeR?sN$K zsAx@NCez*oReGm=$1G|USKQYnE?d8N?YXHGJj0hzJaH_4Y{dp>A zat8-Y7%KJ1;Ji4BWX_0eB!i3<@1LoKedItOFz}%~r%v{BCzpr4<}-(-id9eQ1df?0 zxAG*Sw)tOFqrcQTL4QRjtF-q)g$+T_bSU&S(Ip~7?vxLcBjq&ZBJZ80e`;AH0VuOT zVrw2$xfv-jZZduIWIgSjMtehV)q%$^RV-ESbq6hx6mHcPu6((qMNtxMC{W8tWgi;< z04keDBs5w(DW#|fTE#Qaz_YdeM1!{4?(-9!Gbg9rTKP-R6;hI|dj0^e4wBeaN?6Bp zGw5@1idB<9lrZ-1}I%HN6$ z(KX}Mwja$?nLD<7XA7q*EiNqnT4H*RrS$L}Z}{Tw&=;re9B%&IY?Z0=@0bpFNp zmLymE0jSRNGV7v60sfXo|IDpR4!3(NfOCN<|L%QE(x@&(5*c+O8B9iC#d#DFNyTMZ zR-0ZK+~bEf$FJsrtSy+$|8wwT;+$+GSy*5~hpeF?y3<@-fE3_iEbtl5ijy z(uMsSJSx{9mbf5<#iM!ngun|EBGZH0ubVVqeApPQ(p;UbNi7;*ksfWw9Q|^Cj5}Qh z5YbYJzJ_mpZBxkYr#7OrK=Or|9w{4xN$ob{1Jq#x{b(`t_Vt^&LMfF+vme4e;X-4^ zbmZw?7=?%B2R^s2KN`FYMLdW10SsK>7~{f4N9C1b37eqov$znRY< zO$|07b!$QA=JrXnwt_d;sP37YOxX7G^{?6|rI|1g2Oh35R!rqTqhx-_XrQcbOIjpr zm7twBho^{j$y~;WBt<^^80wadtXI*|UZh|_;R|v^lnQvexJf_1%ogO7L1KfLXrbWh zG}kkeb5_B3$pS4)hIbK{CLX1Hi|jt_Y%C)qYzc7Vbsw-qX9|>IMp)ICvKMH(nvKXU zWaZ@DhJuxaxx#1$4CuuH@&2ucVtJD*fR&R?VKqO;FLb@aL%^)0hiFM;Oi*lj+Q zdzQ53SV8O0Qcm%t&?*a%wd)$ z(d;Y=8VlctJU$%`F%;eg``qZiPbOv2Cp4rGj*5K?Xl!tH^k0Fkci|XPdzd})^UpLE z=wMP`*JD2U!#ooQ%6WW=ny4tNQYse2?4R2wP5)RQW48HQCKoD$ORvAX@Sd_Hda z3RF~528|x*HB9c$on&{gBHPJkNat^RSlhF>Yna0hQY1H@)-E%GZICzvwy}5NgRH@OsJ>Q8v)@K`4l;%Yj zY^tCWU6hk(&eVF~=5ZGQZzSgw+`6ns*An-HF=l~ekTl;TcJhIgIn*eTk%NS{=&NBP zZcE!YuZ!j!zg^JlEO4qQ`Gp4XOr}hW(%~jRe38 zzh<%=aqqzhs#DrlE#s}c@W73akElWZ13=#|DcfgT0Z+o+SifrLM!RXL}glS$HJL!GEyg7 z3wBtNzk7?OuM4#)a0Cjj#!^tgHk0-%H>1Nr;-njdwgzKxe(DrtiG zH;Tx|YRHd=vb3>wI8`ejQp!9r@QH@w!;6wH0SgZg2VcN9Y zx7KTNDa6lSP}cI?u88fTV>}%{KRM0eJp@s=;sp6`r#W^$d5vKQB`UXr>WS#Y$O^D= zzaqLB|F*gQX=XHh!hHwS@911l+pW5?X`P{C2*e;e5(#`}&xmKqV#2hwbTwDZ@ zlW%-t`(jk*E9aseTH)rk>l#A7i;>d>I2)_l)Vfr?U>hq7FHxz0#`th(xRu0QN!~#m z!hBSAh~Z_j4!AE`bjzKBSdxDCF`a%VZXQK-lA~UUQ~H)rr?xOQC%P^KZ_`2F8p=qj zkR@rF^2?@B9R0KK;3_pUGXnSFKo@0z?`iic%%u#H6HRzQf?BIvuNYySB1lp{UDBK^ zlrS6+d?Qlffa9YF$qu=kZJ01?oIa_DbnG`Xm+r&DA4sGVE(PG}X2h~gSIIg)mZjy@ z2p||@zY`?aEjxSexS;9Ees$SSzW$M4ir4xgL|n%RU(z@hU59^1BrY%(2LD&aS>8rf z#BVH!S|qL@Y3Q7ibHPT#6bVOTN3a;58*#%_eNLMgmA)q8Vrc{*8M3)d;7u1SQeqlV;b{l?b7IQYg$f z541ruIKb~8rWRXX3_xQV;wuR|B42GUncw;r6IpDxuWdY>7{|Vx#`obUHfX%h5?JWP zV3L7}b`*8V66Oc`hx1ca-CE7tq^Zs1zInULY9Ic+at&7`$s`i;cFz~Zl?3UwWWxbz z&tZ=Z;JKvr<6<*x_ zS;%3`IT$|=TSD5y1FMFp)=P*F%d#00NFaArl)jGpJkp`} zLzKS~!aX=hdE#a-K>@vj-#GK5_3LBJKGHeC@jho=$MB|vC2ME^*47i_;y~igtO8<2 z%8~mg(Y&|Pb%InyexbzJN?JtSI*VN4r**r1(R1pLJ3NFL_n})cMe?26-MMLYwl?DJ z(yTj$M`NlJZ4xFWKVFHz-63sDcVQ~r__x2XxF&|)LvP75`J5tzT&CJ3vVYIwe)L$B zt@nLQ`vdrR{t%;ro%^%SAIs`Kx$gq*9Wwk$KKCwnmjIejOuYl*3j4KSe3Z3Y-iX`^ zS^;($mdg1fM16*7$K8`FWU!!ZvP&m8l&)-SD94V=EWS$b-=Wdb_HGi#?w>C-#(gm?LcV$>L1Mk){dp z*1V@3oR++#p^uLD9$&fg=^O~hVA*~KsU+0l;*%AE4wkETf3DetDmmG)T|`tnrblKj zLPgsA0H`|)JLv;|7To8D*TUfI#93R!dF^deQu7doXO)CkCk@q-xjtwLFn zytj8aS#3*-U0aLak3Ig4O+pnK%n}~`)GMX9>}cA`Qq7jwiGyhECSI2r%dxUH7YLWg z+3U5|N$TgGCcE6vL9c;$0P)X;m9s)0$u^@?Dd)!g7$NZCJ`9w90E>&d8?#JuTlA&@ zC3dAA(eG&RP(rs%kt3!d3jGdPx7sq2>i06o^tgoOm6C>vw0aR+xWWKDz#7K*IokL$ z#%*GQuB!AjZuT_Zs1Jd{xr&+r7`D?)>jT6!RK>9-rSCg zv(BzlG#lI$EK3Zins)HjyAVvhvK;F;;8O1uSPQVo>B6~KjpBd3@e$t6*BLxiAFm$4 z@I6C{=!21P91D`9>|rx6VlUY!cmG|e2A)mPJs_$(`Ib7jw2KjpjHP|gpYAHiz>Y86iC|)g_l9{X)iB5Lp z+#Z*K*Rw-X)Enro{Tpnj3^h&k;__gd9f3&OWyM`hI8~u8slKRNf?w%iC1O4@5q4%&Kum0x& zJq8RqQjq6@($e;VT2IQro#w@MD4OUR?&25WHS>|1ad+#>4-8h=5%%6kSCAuF;u{-E zW(lhcavw%}Zo&$UwvI4#6S$>QrpVsJS6SSt@C@)tYzIm5pXuqjPjxqzk8w7bCMPC6 zj_Qa)^g^>nsCJh2UCvXn5c5b^2H~sxZH-%i6Xa1QQEC{%YHD}@)Br?nh6eOVoZJ|u z0<9U3^rq(gJoY4U+7K_U1FCRf%A7<6)hQ?WgMJa~2Srq$PVL)+l&yn#eG^_XH9e49a8n>g z=~(R$WWC6?uhP;2Jvsiq*7m=Z*8V|iv|O~RV1-X=pz8)WOFk!M>ZCE8)YD7y=>+Zx zjam{gE-m!~Ua|j$sXcRWLlYpWrBJgq^6Qo(HH#enX`GuVZW<8RX5<1PN^jg9Z6x(-}&S=WN>iPxPT@5+4QMz z&G#kemP>a*RV^*$L!FgVu5S=jGuS}!2k_y=BAN9iD=6@ezWK}74HyJCThbxYnj;o` z5BOmk?+7SQUvd78ZDjAW?+FXL4ZnQz$dKJJ&GgZc+UO_I7o`B9v37=31uQ(fGG2yb zuip#TpE|rf=(|4dj=0P%CXF0oF(iEgoR7!0d8^UW>okLv+YT&$2SW3sEQqv~wLL;; zK5`p%QgxXeBk8Oqt>42o0M)Mp`J3Q~j*!K9EwDG=(U?Yj`HRk!P+8lZjrJ(EaTt~& zR}HM7RCn@qj!eE)3BFi6;n_q=$hd}!0YVJAj$x%_WGa9iCB@{S@zl0DZ=sp~N*F_y znD4R6@p;??f^4@#>zS{9t4-OP%(`KlDLL3~iHqQWFke&w_o3y?S;+Zb802qjUvT) zRD~1;xjxu@MC-RIZharmV8<#s`uU;rji5M{F}-0%HahLcFK9C1Y& z^=y6Z?>K1>`{lLjW$}0TYj${mcm*7(4Q%%Oa!l~2`0ZZt-@fv@pjE6#sg3m3sJW^6 z{TheQ)eW(^2=jm!>PF_$8Z8fi$LUoPbNMANe{`{{tVYV7IS(btl>h#;CW%{%i6o(f zY_C4bGFi-)6FPZ&H;4Q7A>%+%5Rb^YEsNDzptiRY+XsJ>k>!{prM|{paZ1a&mA?=) z)!R7G>$J)3kisX!hYp{&CD zXr4)gl#dj&_i4-qzz}J4=VJf>FbIaiU9k3!e5my&emJ-7>k8Ob8*@7GC`<>NKFSNf zGa)sGSFy#P3V^*P8IdG!XFySUnW>YTA^kod;|&7O-Ec0eBA;Jbc{s{&eK{fNxvWWQ zY))+NST+iE)Fs^*WE>R-@Q~na#Jsuv+Vfj$uCDpmB!STESDR_Zxo$$OOJIia z&k}Lh8wng+Ds3UmsZP;ssAo>`ogrtUO{3WA{P|g;Enw^Wwx7!Z-d1!buiO2cz>BN5 z80D2nH6pKWQDK=y^>aoMhODs(s>!LpXmU>{z^iNgiV1xTJ=Bnm)+c(3w{P8GmO{Q) z)4t&r&Em$}CG%3BC|kb&K;l;yP31FpM^YuDsm&FBxgz^H$Siap%sdD}bqeqz@iNJ_ zUa3e>Fxj`9Ez;(n-by3ZuV16pkb%Utv?UpZ53TUYoPV%0Vmp|J>N_K}zC=P!|)D_Ju`yw#wDGF3|Yb?gu0qVwfmhB8UX>nU3g+yl=Gb zXk$&m?Gt!NkalKk?opz|dNL=fipKMcccU#Fq`7PK%^OEvbv$+kbpYLv@4BJVb~5LdbM+*RbMF{NCNxubtvr zo$DNMq3=(&iP&>n20jdLY>0Cp>fL7sRRNRG&j%)kf*i^;j=B575g|425H2Ip2jP zGNIxB8g`XFhJM)C(opn1{^UfIB6Ijtbf5-hY$-sItqb5@VPkAW@AFf=W5<Q?=^wi*|NA~~xU51tXo=5{)45X=k}~HLXNh&14hEB9s6mN|7#0r*@!Xw- zLFM!KX??2uqC^T0zLa^s^@^;#}B0^sTe~0(+ZexjH$M*vl zJy(c>XYEME_kscrf3}qIM|`8AS}D(ld)>#v&ppK;!4pXV?*|i{De-V@>$uWfTEx;k z0L(ayOd3PWzYvq@7h;mfo@ibikek4+_-fKTLRy%~GJgacSzC5eIY6olpB-QxE!B0X zt?tEt5it3@F8~%wvME>BHnyiygARSDE^wOPVITW~wDDx_`{_m{83Zt4{Z#$N6JE3~ zp3@PYl8dIu`Vx)kkq1(c(ko|A$Vjp{Q}Lm&DPo6vrU*4)fQ{i*A11TsLw;a1%ZM%z ztU7sok`KAW9dn&HR%?MP*>Z<-iQJ^Y=bw{#5W20r=@&$6vC}{2%aoqI7IVq|jqSr* ziyB~Wq1FX}>mpJWXFnaZGjplopyzfmkX#bol4fYQ9r@9_z8bbzpPAVft0g()^s45y zUS&@7Fn|-DDUXV{4R&)yWsl9#bVE{zV&=68X=hQ4QBrS&xWj7=z%1JO6C2 z0(o)TgI|unoKXPL<;oEeE5os%VaK_igimo(2i_{;17FnA8Kh3B z&X04g2s_{vN{;me)7L*ozICG$fi1Um6v9%se}u-k1`MZiwGf_n5zyw^4L-V48bQ3x@g4qjSG$vfnPkz2(|=C$&$up;yZDk2HY zt*PQD11f!iA4!R27F6^dyH&@zdc4W^9DW5G8^Qeg9l6>jaXnX+TNC4|smyL8KK;DG z=uf886Z>zTH4VLwfOW6k0=3)(3-*Iw-XYjZl28Y(WfkF(|BNeQQ|dC4FW#m4@($~a6AenebGjM&*K=m|@r(b9)| z;*cPEH!`l-=u3dG@%+=;C^Pz6fS(b_OPyF$yAqs3glxrR`?J$nOXLySifTov-CdF#Kr3*!SB$(7c#^YefSiyonOwg zxhdytl;HY4S`N4%)NIzY306x6Exe zqoHy4yvQg#rE!0OpMO>bqV9GJVL|;Cn^xb(sa31$BZ=zf*cQBLbey+?F@Uqi$iP_P zes6G42lcJZ2D1PBeSL=dTtbq;&sE!GhR}~8nuB=mqrG*-Jp8ahHd_Y_)^58fToQW7 zcG|r9hqZ#4XRBT9A2ph6#!wVUVt6Dz+M0YsuECVv%mA@Ex(5M3*e2Q8Z940E20dQs z3pVO8Z;^+Hx}_og_&qNnu+!@x{J* zEiYpM56>SY4DJA`KwA?-_!WwtQndd@krwqc$7>9CS#c0ltMF`H;)1(*7nAhbXWg8k zf)`rz$F4ixhKw)~XhRc4VL}HLRYj@A4y~1d-EoNT>PuCuN@NHgq)_cg$ zsQP1iZ_TYPEg?|Rl$$R#@d6BMg z7BuaILo1V&SUy(Z2X}~m8?4oyMaZM7tph_bfL`v*vqm@S{Hc?B4;5;Ol3u4y&z^!C zu9bA#!cEM>DJ9(J3yen{(eP{;iYOq814i1_o>u#_35H`FbMQlLcR8;gqX8`i2h zuQfK}q@h^N*89KL@Au!KkFsKgu;)IxaDqD|r{0;3Jp;g!5jcG|MdUpr&LltaS>7qA zEi;mSVf>M&*amUT{u>dQsSKx@PKF^7(WOw5*PCza#C)=8Jfjca61&mfuWNcB3ROA< z>fyMnbpOQ+N}f&`-ep%n*k5!t*vBY1+U1E?9RUAOiRE=WoZHtU#!juA?-tRfy`WKc zBi=e;#7o^nh#^_wVO5rA>g|}xS_ijApNi5W zgHw{uC+mTDiMS!j{_j_m<7~zkx^dw;YV)1H?G?5)Pbv6t-OWvwGtxpma~s18vOY&} z9Gr9uKgv1t&P5%sBc@4L48-85s?d-{$8j>X~!h6A#wrX*K17y)6@ELO`vI^`85%X8YhIj92 z2Ty$I9+dZ3bb$`?bL5Tgt#wVf=TZd72)bA)+@r7|NC^R^0*f8yRrQxhWd`8}$c8CO z0Uxvr%EWl#NGSsn&4oQoPzw?>;z9&$Hio`aH8dq7ea{aCe$S5^DA2+qLKoRW_g339 zY)%rZB|+3bEWG*bswCz_ob#V?2}=T8PF-rduWJ{_z-X?V7k8f z51?+VF?>2Mv{s z#i8!HkVwbZC`~BAq1_-PvnG6+SIu6umFCM(8%x?bz3oK`!4Chg-o5!^Ui-+O(S%eU zUmJ}17E$+kGn63ZM2WyCW_*XB5jt|?!y#+50Sz{azO=b)?=5EjY;10s&o-GR*Lt5O z->TNE5~>u{Ek)(X*6))oW+&gaUbuIZ6ICYWeA3Fc9}^}7`+>tsZuiSpuuKcjM;kH+ za&g9tAXbwu#;(^u#aHJFfwzr4EuCMkxN2rAD8Gc7MH}Y#bK~9R*&2o7LmP#J`PIRJ z9aO+?-Nlgose+LNrkT376-uRygl2%D>Q;lJqsss#viE6-;76cJ-#xH?_T`hBF36Kd zFHb`f;LAfk;h1fr1iy$Sv(u%=C$)JgC=s^?l%23!2lJ57V4?6fxgyK!BHI+_FCPQk z$?!e8Dfm=bK%Su2z8Fw?5vWa4^pxk3GbWhn&ozcjm~vG71R8HmQV>8J%6bFP?z`oI z6zM{4q6yW`;FNk_M+`KKU_Il+2E>xYE95nyOaw?z{ea( zQs2dchZjIokiH~F>q+xVB1=bcaRl`KfYuS&IboAecDLv* z`{Xn|;~ey6wew!|yGbBJg;qWipR>vItsKJI!ApPm{RRwZV9S9ChGsa{r|m2%mEvMd zD3o`IPbPgI+H!xPJ1p-0DP)PH3FlJds~|eiTQ*!r8Pht2ETgSi^5Ih0mt{Ij9JsF^ zY-V9+0tf>ACbSfxlt6@2RQOqTKTKDqB5nh#Uba&~vAu*A+VP6;Rcml8~cZPeUK9r`$Djd4eC&l#-6ulpNxHdMlRGM3r7E(J_@_IHhWc%Xqs z_)1g$0O0vm>}m&f2uBvi;siOLJVFkSvyv_|sXkUr6Ata&Wz!t^0nX$zcknN5QdB|O z=u||Th0D7YE?5$jtZgb367(z@5_t3ya2WG*i-omrnWS>F?=h^C)o&z!gj^`H=x%Zg zNQg{L)r4HT0h#Q@kpRsc{lEl`P>--`~wK*XDhpP z-u*RW`9tkf8?mvtD1Mlh-^*ACcL$VoHpL2JI*QzFwF|8 zv%U1(>6Lj%6wJ&1RsTwJ-x_bz-`LYc3~a(WCYj~KzS^STR|Kgrh0-CpVKvP^04!%v z%_&ET>75-oF{@p3RyCeIT3`GFxP(1mzHN@uS$)PG?Uak=yxhax{lk$~jI*;fVfe;h z$q?1SNf*p*+SV1+r4Y3~M*UvmLOWoknf(FX+vL<^iwN5D#TysYYF@WDT2`ktH?U7+ zd(N6mOO+Z8fNkagA3Sq6L~zP6ac0>@N|DEr@SVjf6gix2aOlY&sy4IfOOFiFr{1Xu zB)abjRVY`|e=od@{#qdMG19H1#9w*#;}vu6{r0xnUK{;xmLoIU;BJLtZp5}-yVf3M zZg~)Npf1~9_JU2{g&axV`nMRCNo=l$kwJ{gZ7nQH2p20l;6OKFpi<&G8WKrDdZx=; z5i?|0epkzjkA%VdlNB9dUH*z9VbInPzz}ikvJu`!y77Rb&GtT!bO^d+!NY*gS6$Or zP6Ke8&LzhN@{d4B9|^^+ueT$djdwwwfe2mKovQig(Md-|k~gfsQn_*VL~rIjNUHe{ zQu4x-_dgy!zdhT=R?_#}gDMAq9V+y{_)82Q&?X@i;-gV?5Ie%}2&Vs*^c8Lh#;Bbc z$O9XB)4diTQTC`m5f$}NLybu%sEf+UMbWr^RfSNM%Wjh%L;A=)RcRJ&^X zY4`7X{o&i*uZKll7oz4-vN$B$iKPt0AbK>(zD9Ib7;CkM=fN*sMfYRhTZA)T>K%Dg zTbxm1xq5^C*o>^}_!xIya@185HzwU%%w+vSkKnABe4ru;GK8iZ1*)rPwTYLMTl2*W zqi%;{zL5?YJALC4-wOwG9_^e(dAqRgk0!q87ifE*zC;_%(eR4FY|;G)Z4WT8SRe^P zD+;{*D?RFKX&+s3TdEm-HS`J{VHrIkdAq|TVU#TrW@r)^fzZ#N^=$?mfTcQGAx~9DVRhK(OqY`uG_VlD0q)&&e(PkB zn(`n!BY7>x1)OCsCJeDAlQZ{WOk#0G$y^2}@7`va(ga@>n`obQ$~8EQLqOrzx!;l- z<5)_o`^broy(3%XCO1wtbl~9hHq`8g$~&+As|@e|-u)}u-}P!omwW&Qt~J_X@qY`f zyNE^m{V34lR{GMQ`7e-u2_0<2+otcY$NFJ&z&|Su44bLIz&hG#s zeY>IVU4Img$;pC~Ri3JsLb&|1vi>){IwB zwra`IqqZ`h&W~Q$i0yke34lf3vfvg#ankOLHi;0AkqI#eAj?sI+U*?bev%NX`g|ac zr0!X_C!bfRG_SYZYh_1y!}`Gy#5(M)L0k^pc#j=tIV{=Go;>5NCa?9Z9-jvlfg#m_@7Z!h%yVAWQ@Tr9VBep^j zFl$~shV2_e0p9B+8+M1Tt#vIanjgaOZ#w+S%cic~h~ylv1PVCFUTj-vAoG8{VsVw@ zQ!2kQBZqeGFY$aY)wyo{KO>=r=IOLxvO6Oz z_hTCYN6+&G&IMmmkm$ zgS->TSrNLFP^H(3J@V>Sy_#4XURA#&Eq05t>f8_D8PT<5s>GN zhzFWACgnDTZzOr;l_(3rD$PoWum2M*59UAJ?y9X2>^36pf>#qiBk?{fXjW0?wRUB7%%0N>czxfB&Stx0`^tVw zuA?n-(8|n(-|(0bTegc-Ht>XD<#Gi}elih7a1>7-@e~PKHm+4~Mc!xiRI<+HAm`m} z-;nrR6kNZ*sRbSL!&i)TjzlBbHG$J<`8v{F?(e5}*RM;3wl~1f5B|^8?M5NuJuT`Q zB20y(i}g!;o>GuE#X{TdDNomb0FQF)w`i)Q=f8)Z9~_|jN`-vxfd<-0{5@@0%O6M# zeNakb?i?)s0DK#vHI$OVTDvlB>P$s}(FDe*!VcicW@=vb108?O*VNo$`Yb;00)qty zF3tqA~w-aUs)dx9EFl+ zT$^)X@2X3fy3zk~6u~2#vWfjSBcT5OZBl4qeAlBLo%iu{)0_K^3uQ@gwr~;L)!|f? zKxy7vsYTlG=_n3QKB8k+0@4r;6g9Yf#`30YLG5K- zQ?7LSAQ93P(%vz_j-5t^nk=lB9z_#qvgEtAMu=-GLV|CL?(jRCLFQ$=tI?^hXTPiV zG--w!7A1Ab3yYV_e_j2u3@J)QsiC?ia?r(bgWbU8aE~uRjbZf};a1VgOKR4^n86pw zf^Ky4ev`O~ac(~%qFx}w-sbC%Lxsen$JguL4sZ9A7W!*slJ6>Mkb)`v1NMaa()LA) zMT&y;b<-1C1w)w?rCH`v*v-GAFj=!DMKN%E z9+8D}QQNZiuGfewji)t@Qr(8?1f}uqma!8%1_XY@TDNl|X*!l|?d~%qI$9K67wM!2 z*_5vcE%9l#xp_b$x4(AY+SyYzHb+3MfL~HX5l}0j8;(Q-zTPin_{nC6bn#=?r=EKQ zoc-*xV>kMWEhG{+WsDeR9K6LoX9d2cl9fP?_eHGOc{3!$&`|F`ObJ$R2wY#W=wtg{ zC&zknmo&*`Y5XBBg~tARFJSGw4;3w^Fv06RXM8KGjl`!3H%5O&8DfH8-b;nu3z)l> z1BBl%)dulR0@wztfDnbFCv+K^v3CZ1Jc{R5vt6|6%c!#{G>%KLp8^Nhn+C5KP4pot zy(84XmAYdN47q`y^{P_lG~3A4$hefnge^X8u`m=hS*Yqe#YfS+-{)78(^~n5x;g>m zb?sb&tgVe5Q68lW+U$X(WUt*5w(VKLmawr!lx8-Q^}Z@S*+^|X2=UymOI#nw8XLc{ z>b8)LvJ7#)dUfQLwA@SHCIs#zzLGOuDSu>hppJpD&}e3bPtzQD?*t;}=HaFcj${T4 z3i*4w73&ST`MYq;Oc$}r@rSI8m6!}dS3y)&E3WWPE$7f4y~@grk-6hM%o(FdrmdhT<7_jhk~oTCPO zd_+wH(sNIX=u^}F#f-4Pz72A{y)hplK6Z05I+ZP5U23CM{*oo9M}_-q_Kr(yR>rr5=W+(;!DM*r ztE^|i&6{Pzg>!r_cEaU-X6v<$5oL);@dSy;EUOISa;=sNs8YQ_Z5raCdmmAQ1h}dXgL~Grpb>|6;*lfN73J6QHnLhd3e-#h>Ycp~j z3Vp^%H{MW}*=LZl1nNFuIEW@PQ02=M8s~xwr!3;LA|dsJ!IB2b0hQI^Oh}WCQpv?; zOiHW8`J*22o}hJpjrOPcy#DojoJzG=C;GgswW*DT#8kH21XmM!H96$645>n@`Cw{v z3j+-P1MXRSMn-$OIa{tyH!P~?5RzFhRFGdLGOecdMhoDrmUO2UpklEpN6O4hI;n0goP*a%=F$YiSrpZ#j?2G31nYcLzCiqlTvcEJrSQpN6p;s@kRe}Hf#u?d@w;RK38pAIU;j+rs2u?BC(+&g0bnh6AC!azF5kqzF(}LDC&ZB zW?y|Ui+SEXN*1|nN%euUz)s!T#b_B6E>FoJBs4sH$p}sr&ngYN_bpWzox0UR$P~bI z8r~{!giL<2KhmU#Ljft)T2C7hQW%BwuxVHA@bs24_n0>nus7gEC}}PW;ux@iGaOb5 z5!Zm=kSZko4>+7XqIH+da(>K0>ibp?!D`Pt9qE(SjujQ*)A>(scFxpJ^|nXy2J(U* z3{^y8ozBrIKe)_Sib?c7y_n`T50JEPB&`0F7A8s8;L^k-2twH+i&me2jMoL(>~r3r zYPi*}x%&(-@K%IQUm3<4RB$Dg*FbGqzHNY5xS{WuM^VFqkV+EMHQq7zq6YQT>eL_+ zprL;2$#IffWUbuHand5w;E-DdhPlS-O~rb#bqYV383;t69KiAM&Y2?zNBeBu->qH; zu@gcE29#ktLRK2ajl(=&oxf#kR~K~;c zm0zS!GjobZ?{8Ko;M0ehUH*oArb{^!GIB#R*rZU*B&I<>$ zgO(3reKg+r2t4wWLKCm|g$|;8Va^fL7Ok`d1ZL6vf0BZ1_y7jsmIb;n5>#IbtAs3K zJ<$0v)z!p$=rf($3rDY1a&rq?e!7{5R@=SRc>Nc`<)Vu1hPV(-0%Ovz7uRUC`wuu{ zZe)MM*@M!{y-oUY7I(1+3`$GIv@*8fA_UFZl8v&=L1RI%BlshqARh}#vKwhB8`M6x zOHMDQUIy4+!f($ImjsnWK!0+L&EnPbW#)L4%9*rkdQpT?l*wIMqstqWyt}wHD^-`* zqXW@oz_1LfYiEJHE)3;Wku;%s+gJ%1$`Go+0F-TPlx?kuUs`s388$k7bo`NG1{Ka0H%c(&d0mEe7Z`KvU9m7>6x8Xxxz@=ZW0j%1L|<6V!_eAWs02l;5d!zY zAiE#9iwZwSD&Aw<_-mZ87q<9?SkmwO0Nvw%B#;G-$)O6P#|crn(X`KZzpuS`Cc-lL za&71rJ{Eh1ea;*H^*6lDBEhSe--Sd4h{eBbVi9@@Y)oW`GF_2cztm(av@Rj~+6sS8 z)J=5zS|p7OenJkpG81PhwX8;PFG71Kzj9Le#`hEhXi8WkRU%u@k@(SY-1SVu)F(SI zk-nyE;I&BTka(6$xhKm;dt^tJ*j!d_*OEdv3D3~79WHmarS0c#XH2>6-8O{5_hfu0 z*h^?i6tp?|*yxdnJ4Gg#o-xlC+Xdk$Fy)a6b`~QacZ)o)A&Im7D>EM{thc#EKEQGJ z0X-!M3#g5uMbdiV^Uai6WxA`iw-m!$lhJw=muvCs>#j@BQGM=1)hfvwGP(kE37kC# zR7Nmm6rx`?XX=-Q*|VF+S?`$qlBa!XY2qx;5GQ}4Hf4~=JdxLy@bV_giW`k*(iEz_P25McOjO3R2DY7egKL;=~)Bwto- zJL~4Q=&w9uiXZWGJu@UFz ze!_PXqg0tiO}p3GF&`jJv_(H_`mhy0VDoX#2gBDv@M-K1IK@vjUgk2&p2!TyQCn-D zjMAjdK@rUMu2cO$*l)WC1saVgh}W5gwuE`47ZC@Fqf})#>-vQp#Gp9pYH7YmkBS&B z93h}KxnUq)vCdMgnLopz9~*yP)Wb=<;wj?(N(8Czhq`cJxb9n0EoVPrp zhpHl4Y!hp!Ml38)b)K!<<5gxcFnb{ZHIn}}SCL@KQ=(_SgQh)V5D!C)9?eO7y;T-O zC^TyNoeY=fBX}*qhtz5FMcY!fi*?cG)!NXew7o@5dD^L`52Vi>W%-Ut>@qsCEHNt5 z6*1Zr>v14hXJY58?V_0QbJvH~lw)VLWYfHOMT)w9?@wj+7nPD?E!bR_+yXHA8v>N& zkL8CMVEZg@*=SG`rG3dva?6uKh9>M)Qk8$&FIwwm+3^LbrN$a22aLS&|>AVH-b0A6U5qsW0|93lZ{ zAr~7JL4poQ`#zP{16;onSt&8mhd`~&Y)DdN`FO6gUPr>*gju7O6_y}b!ri_1oRUX{ z!D?-xmw8dc`}i`dCrYQIC%;T~9)wXy!qrdrnG#>(NNIfSB-{Vj|M%ZNW{4EHVRNKW z20SQ0JbS{ITajfk$}aOoM&6o#5mn|}mklrM!Lp~?7)rozm=xIB%L5&gq@b2Hmj^== z@RyY*Z%-$(3S_X78VQLpc1N;fWUu{O0V-tgStE~O!fA$uSA8vJLh@MOv?xcRb(~jh z-^@EqE%_mncCJqmn6d_ztBpKL;{-p5ipyvx(su;BM82fHo05N*hL+02BV&bzCZDRn zgl;gCE0d%V#g*(#AX~yaHa8i_`n0xL!M*muji-z|KBDwt{0>3Bl_e47TwdBuJns9E z>5OZd2%`+NG0c>BKp9y*iW`yznb9tX#udr4Oj_L~lCsd;waZbIuqM(Bs~PJwQDk(K zA{SsObm^^~0DY8@iq6%@rwbh|R>FJ^&C!{62|8v!FGuW4 z+*w$zEW?@dfS7i-UO5OK16^iUzzkh8@3!fJ?pgDN>3o6D8>4Uuq;<&%}UGR0ERm2ez5)nQiQY?hT$^OS>1=45<9a zf@HOJOYK9$>hax!fu1K@9-*RdV!QKR@RBMu#psW>=#n}Lox7K)ata!_3DJ>Zu{LGu zr-fNIC+=oyanQwaS-3OM#d*)@6qTEs*a88Zd6S1*$a$RT)%Ua8RfZ4D0e#jBv!M<6S z{qE-ro;_}~w#qat#^oe}7gPh%CxSjK+Yr_&kiDA<5<&%h!Vre>TbUd0%L9w{7=IzKn?_2=@|N8GuiMadQ>eY%8wl@iL0aA-c? zE0@m}6?9GlsY*M=7M|Aw5|Nm)?;dT$+evDwE^PD@9v91T-OY?7a6p@m8r@4eWNrlh zYSVkwCOQsZ>cR!dt}l)>n3aX3`+o%eUnm2kz*Ab8r-hr8g4?7`Z*R8ixSgw?3*s_| zFZzPTk$eYujC|j#`i-RuEVSWylnf&c*OTVeDBYe@N7xzh43LcoKlA%q@$GakRn`b8 zxxPHv&TmU<3p2;Y#k;^N8c$x7?Xhq?ut5|liqpAC&nHIqC|g^95H7B>H_yjHifF|_v_9-3dUXM zJ1B$A&TZ+?Vq@}mRKCwkcvy?&9W_Pdh+&yt@IvFcOJr16a4aHbtj2j*FmuyV4Q2?! zAq~marAtH(CfY>Q?kMhQLhRpgANu>y+i5$p(rGB!AI`xmzTc)R**g_2gN-*p+$!i>M|aBfQ8NZJZDv_ zOVv0M8tTLSz%TOf1Md8%;G-wl*c`w#Fty*9W`BYt+%@!UXlkfDD!+^c9a~man!j23 zuK_UsT)nOQ(rrW%-v{|Z?aw@c&if19zIy_gk-GP?2fvdYAuD9*&QjGhXpP3UcTFax z>_jVP8F`Y!)_8q|mlUd_=0^DBzQf6>qQ$^1FCefwa@$OGeRynZE;_C1JLh5bnB5x2 z3VV9qEvXwV*zpBC_58C#dCiRnjM}EN!^oZ{!{rlMD zKjTP!J**H8w_x-y+e?n`rV#>o0vqoKs~X8-mARbV-%dCM?8et{+2l?8P#3Qal1=XD zFEwdn9>tA#4IwO5_q*RQ1efzRb^n^%+@fy#p@EC?baL&rH^02Dwd4M$+C*ziSp7W@ zsr2b;M!w?S>u9=%O77}>l!^lO`5UUu89v9A<9*B^KlhTfW0#dn?@7Ud&f znx)_Df5BsPxQ@Zfl^q_PN#DQS3SyUqDW%Hu8V}Ed1xs2C%Qu zaH{AcEcJ{q7PuoJ2NzYS{HJ&EkxhuQq%N5o(FcQjO0UNEH%hhL1BBA_tt$&~^xsYk z{md(BzM#0Aw$8-opm>y#iAdiR92&Z2h=mQp49z&Do+Sn_Zi1ZOFsfzs7 zq?7O7hO$-U)Q3vj;SL1WM0M;z@1b>Sz`B{P{NuEmoE4DLLY@DLo?f@UwyD)tl2o8% zA9>60d34A|C~}(vR|vfDF5Hg^KlLkOnG@?~%d(Y#$hn^Il>N*Iwd@;Y)Ca5WTE zd*Wl;{c~O}4I^@V=9qT|av| zvRek1R|PH*m5f(-_g{KunK3YyodQA=)a1Z2JxNSPObC5HBZRS?lz0`A?;Lx@0p~V0->^NW zn<(bE1~&|(-Q}c@UcjGIdmRGx4>H9G44jK+k{1hz3zVkj!l2HL`L2jM);U#CnUPPL zmslfj^!YCKiKs$Y;oXE9NGncobcOj4+KSJCo7K^F28+rq*3M2H>zF#KRKEs)lN09V zpbRas+A0ZxA;jiZty*hql{Lo*o6_fPV^u+NK+X#6!koGPewYrtsd8_6_npepcOT?bRB|qIK+K2e~lRA=*N; zIbS3#-6a8sA|I>LrZVgJKN|3r5lRip)cz-nUfH#MT|%mz|z7E(hl3z zC=j-v(V`p2ADiAS9&7#$K7KUD6i+B*N(dpfI`P4V% zIk^jm4n7j-Tfdo*0{kI_INX*whZ0=UiI4qhyDw14p}(*;3^9^A9h`$jwsGRS z>C90IN_p#c)b`*{$nTS@19I*k?2wtQ=^5BM$`UzakIPzakHw|BO6xca!-t6gW$o+sTv^ zB+zE6Hwdvu9ayBD@cvRd@z@6oU$el_l-`IXH%uvWY7nX_1kNJ^nN;g;SduFi)5;Q*%k5f1>X{#9+Q zZG5^XWhbSne;dqZyUaNxA)4_Tc`3jjQ>emfI?=jVwj>c;orf&sDv|}~>E&w3tLTO_ zu51t{|Dj*o0~KY92<{PbK?F;fHRt0_y<61SQb5J|K}l+qUphXaU(=JCs03gL7OfE8 zSaZF649&!njgl0>_~U#wHT!(F*UhrE8t<&w)M{1r-f$Ivo%srVXHC+NZmQZ`R9&ny z%@On?^wa7kk6Z}#L>u~7l| zH!l))h+LBXyRt&3qH#h+h|TL`_6sYg%t0->T}`k=y8lv`#(7$1O6X4q{}~ns{W>Ix zx)Qib1g!UvzN*wJ>8Z3YeBf?CA3*cJE|)YGS*GlsepvofYURJDqN>~n_+A?{hfVf=CkC7bHoh-{IvD3*K52F*8|+eH^#>VHGD%a?rqW zE&Kkd-l}d+&%~BgGvu_2)em^MB3b^}w_mU+T##sKOP%s6ud8Fu(ToNT+EAS9W;$wd zEazN^KDm9BXQ12uj+Aj+D|)Nr??$OCoHbD4`AUs4yxc6dYuG7COkM`z{8e+=Xsb6P z`n(IBTGUUc_=t5#Cf2hWAAv1T`ZM=PjQ03p^hU0M0qq4z(>iP<2yVrEI?fs&ZVA!; zkC~tXA&rRK2CF-Fp~u4!l@lGDW$)SIW3fX6mBQ+#_{Bi&M@xVDKl2)LdtFU}aqMfVgx@hDjFNr@SXz#j| zO``qvHDFmqTMdzaJS>mDpA}*kJFIJ@xCGP6)w4cbD%eCrD)=Vb)iU?0`0_vKNrxQ^ zpX)Xfl6w`iv-`rhcY&AdKIpw|)E4t9|I(V-2KCT31V`aT(Af69HcV(?OsV2dOI z=2C1h@i8b#%Mr@}R|(RQe}a_kC2EN)i`J5EiO59L7SQ%EwUorb{z|(B;H|Y|od16N z{_QsYKYS-(tHWKMi0KO2aS2jeZOLHiQEC$}+_Hzqky+krGQD%UodK-sf0GU?*_}hX zw&i;r=~6btaqsXxzV5oDJ7p=DX`|5n%xHql7QgM{)g-eeZJUdkAL2u!6|bl?TL3&se_* zLJC)SVJxr3W_!%Oge^0E2!RJgLFU;~C|K@KrkDy*`2LY1#3Nvl^v8_!YljAuQAnfl zC10m0aK@VFs;S$b;D&y;-o_%+@UP(J;a*$Jzr{ZpXq>Y7{^-!)GJy*}qUm3{G#SczOle1-FQlh8P0cp7xl9 zFHWaVyHrEs+wKoM`lsV$r{&+ic`lgYD2XI0*D+VQMe_o5OA>XFG)pg)XGZMc8%(AI z62$RGi9Tnl7oM3WfY#1aBDw-B?@(lea~rPt6-a_~?1ce;OC@^-Su|d7*bgEP^*~tx z7h*~KIzB!C2rUqPxju_Nj!yek?v6-Cf#J$eK^u#r4_)nCQwzLxtq`)Sdo0R_`xibnKP5`r=NkaUB6i~E@`3h2# z%%^6Kyh^e2yx&Hz@h}r)fN7U7(#Xr}re~~1yTQ}rjZ3ZwUtYj;>sM2Ayb6{KLg=3< z$gUX)T@Fgg=f!#Y?+B5wyt!9sss}yDQ>ZYde>#)}PnHO!8@L(+Wg38e`{xz%f4#qa zDpr{6yLt3#t&dRNra%;S6-GBPotKdxfErB2{xh<*b}?1koy>G>T0H+orAWt9YC|(| zdHN_=-?VgPygqvM_4d*5eKCP2tWj{dD)y3e_>%n1?$s|9?!#TJRP8R(j4)P5L9+Pi zj@h%!PYzrDD5FKM^62=J!)x-dmgsbmSEYtT;zjg#sM4{%KC{{BB=g}oV+gDe|4}UU zeEj1g#o^RwzHQ$}B5Wd8vMq-(BxfhXuV3Zq;-)A%OclUf5rnPyj!>YHoI+6Zkyfj9 z+LHT+Vxzl24zV`e1?}DC_ADw>;YlI0)d5Ti0T@tjl0e@!{T1S;X-I6$8Ma|Ir7GjT$XQM5q~aT^lkxVR1ZQi zoXTU66uYIb7>}+!Ro^z|UK>HweL3L_FOggYIm~m5=NT(e za9zm{<55gCXVXn_9(mdvuXUhSOHcgG@u*VX@^F@7>XU{}H|ryLhGNaNr zVM5(1l3AzNYuqvl0}5OTfKXqb?Y|nP+*xs=z0h^=(O|6Ell|}K75)wLElCVe? zV58N^DF?s$v!O($T8ap&Z2c4bk~cCpSg2TMW&zkGmBy(qHh@Ne33($oLl^(VXgc5R z@MSL1{_hu46mZiK_ z;C2>1bjC|bCjj(8^d5Rg!;Fl?vv`GC$>WPW-&cPECcUWt#iXa%&Y{u-J;7a^5|CSt zgD@V;|76Nvs=>2nsX?Jm+SCk3S=A-YrAcBqCD`vEJWbc4P+Iu|?t}w*jCP2L_~_CY zHZzmWSF~}2x+D{LZEV(TT))@-JXjuqSnz13^102tFPU&u&GIiU!9fXkQZyNB#>%{p zJkrGZ;|M^94ig+;u*LJbKQ}Ik*P4tDtQ-CMIlM8CLijIE4bYf3e7xS39$gfIA%FkV zKJfgWD?4#9EtCOqwho?F(LE}`snvepHu)2dX>32aK@`)-xfEoOo(|Kq`sSpME1aAX z)pum~+f|@*PQ1a^D=-1P9n(Jfr^)vdwZKzFS-w=bu*jxRKc#X^x()WE%Ol>F{NwpRt7a5KdiFEQTJ-jKEP_O~%fJ3glUj4ijkz!ud+ zuCig^SHGpTYC4T=+l{2Foqom4b8`-xiSoQ3ZT<3NY~Dq*hT2yo$bJ#O;bBvP4=LJiB2!cOb<16 z$6KwLVw3IW?ep!D^z-eYPX>kQ$>NtF z{Vd2t9Bj2@)a^ton-5RMrV28d39I6hvFT`=^SSo*sxW;9Rcs^#AYN-)N87C8m$nN& z)ufp7>Bb1u`jAl`IY%bis4Ox!3qhDU9!X-HkP78$ni#R&mT%1p|IEAyGFyPeI_EKeq?O#n+W56m{VtW>uS?n3VdT@WSj7nrnv;8*-DL_x3zK5zLh^y;ECmI1 z`Pa{ZBF@`TYvz@Vpz$rNS3HfanQ#v_ka@|5Pj8b|b_uq(H>?*%H1U-o(-Yo*C%Wb! z=-3=7kd2}3hz;4Bnaayi8%-Qts+g#+L}~_)N00qm7G5vN6C9B@WI`v`vf>0z_(p9s zxO8cTw5dKA1F`24-u_OWE~1|+o$-N_G)pjE4H7Z_q^D=f&*!HGPzZgfH4FbAaQZbh zzEQjK@ZEB^w6LW{<@(8nyb>69+sm!dpeHRU)RT72rzJ%51e{ zb__zbRf=y6&EoyCXa+EO$Ud)o2M%9sHm9X|RhR>BFxB+4x2ow9xSe^u>a8?#A9v1$ z$tC)X*UW#he%QmM5~S#J_9s~jx7r1LABtlXq$k43>S^08s&CDly4D{VQZaCqQ2Rau zI<`|JWjqj5k<733P&vb1#JyGi`4NaD6_W$v(nlKClY};PsXy%ZQiYc-p9EP!jbN1W zlDR4Gq?E(8gI}MC&_;bGBQd8(tj(Tzkft%_&>k~Fx?Fz}uP>wT$S9ZHWuG&hjoBEq z2l(!O&>(Fekm({r4qczwJvL`#n+vXZ3UsqYlfJ(hyp|om)e;&K6eZcW^^vDBc2FOq zT$B6_kLB$yj!d|RG_&pxdaQ zBDx_Jlo5<&_K+wrVNk>8^MXiT7;99yE_pYu(bROhO9glLvkZqz1yb$WyPQ?&KKou?UJgREgmz?al|kX1UIml31vhb`ncCkjY3o(cBdh*Z>^(X;~>JrEZB=r;-bi`1e90|An z`mJ+@&ajrO;i$`;?3jTq@`r)_7Qs4&$c_Fc$BShVQcGyvQ59obU08}5{x374#~%YP zCS*mqx(6tO9?Ul>(YyjBXBq0F-X(nriHMJA7NRFexHzalSD;~1X0YV6w=szI3{C@+{WxxAa+PS`D zQ?aWbP?&dsMdg)cqq?}gw{m=lg`K;ycFWA0{ZdsLi1Nrp*QQB3@h&tHp*Ck5VQ1=G_ zU9%+S23J}GHQPabj~u-fhBRZE9PtomlD!jKd)6#MoWCIS+`6{E+`GOalszq^9N4{r zzpA#-S_8VwRiL0*62HSDpk(U;h|s>YV=f+{&*3t^{0nQE)n46HYil5*VF@2X^~5{F zok1++8_GB?0I1N+ja?L#azE)*`5IgMQ;d#!7Q$f*6w|x>NpWuSRXyWX^GbbN#e

h(Br`JMuwfDE*nfXRn-uMN5AF;Ge?i6MN~l8q{s|64Z|mca+h zGrk$7(v9X4g0h9Y=gO#PIYHLK@h-lK%(FD9u)z>z-GFZM4p6Gd#r)Un<^Kv0ECIc&{IxFe zEh4-UZOQYGiPul>WB7iX>Ra+XA7=~YWqS$JY0~(F+MShY(#d@Hs6rckFb*k9E?PQB zvbM8IQ}d#`G+mBgp807o`GAy*OWn$$y;5(bx zJO+rfb7T7R$LaCmn)7qR;TTIQ>Pc<@|t8OJ5u$&I*mh zSf>`>Z!rFnFD1306s*-^-kf@@nul0wx$EPuwpLupp?j8oj-9HP=8F7E7CxovAnNrA zY^lIfxH@9%ll$Y-w`(xW=qA$rpi0&@c z?l&O*TfNd~ijUYeLvQg8J~`-@c617abKfaOZnE7QNTBQWvLo*=FJt9KFRSuDKX@;q zZMn{Y%~w{LBJ>E2c&Ds?+<5Kv)7!N9Bva&+FTs46Eo;}|jk`}($(w%O?-Q+(#1T71uM>^kw(IibW{ZQ=h!elU z3UxF({nYdCv)ZxS;sJ>!C2`DCZ^Ja?f@sH;W1+(Y%CVaH&d^F}GB?@2#q94FUhF+( zBXUvnwj1epTi>5~yAIfxeGcc3)6$59x3CaIMFuH(PDb$U&bzUl0o0=D<2O74ZhzN(Nfc#4s0s_>4B-e%n6Y zkfuLwb+G5xV@wQj>IvVg;yC6YYF7?FuQ>_`U} z=HA`s6$JG41RLep=d@tkzJn5&B=BBR;#K;m|R7#u3G9mtYDbJ!1e_q5j#2YJik(B}F4XenaOpH8r!+pG>a|a} zmucUuG5?G}!@{89ZvPpejA{DrQ&!dc9YcJp*lf93HCbu3kBkKb^7^I_jT}X}9BIb< z3Jej2)()zEiiOFCIzPfc;Hs3sw&A?>i;Fie^^3JfQW9H-U_lQpvjwMa?E!WjGAYrd z*VxThgO{Z{W+QdR&0RAL!6KnXObMd)oFm@hhkP7p!$ce=PvGcVi)Ddz2+3YSxSSc+ zSVWX?FcBY{zVntKRF5n(XT#yLMpyCp+qXvn%Ughig{8ODHPzcSa<*C0Vf4anRbu(~ zv~y~B@Sm={HED`8lll>&; z64t}bkv{P__x7pxxvx~EXRVTP0{X-`tGX3y#Y*&yk%vmb6PSTH%FifbqB6|SWH>5m z%?a6!GVM=5Ggnf`^}a-lxWh|$zX7SfG&Y~89t&J{*Ae}n3jM|2Q2>+5DUgk;~~gd zroGvjuI5n^rc_!x{ z>FevX`h`d#+4O5})yhHqQi)T;TVlE@Rk426e6tz--*uaS|KT|VAQ9MIQE)vUlviZ1 zt`$`s^07PN5Vpp21}J?-vPd~6~%BOGir78=r`DKZl7P5~~lljx346F2Ysh1Y^A z&9h!Z>1(}S>puH9bTc8q@~nthkj^PS{AvyH!Ka=->8gXhE`vSU%+A*~C-#=AwdlDc zr}D~=Jvc`e4`$5{HsU4bueMsX*JgJY;vTsj^=BM_s2KTXb#?0>F#8MI*i((TX2xC* zwnoGlzYp?N=x6gi4mh45A^Xo#pc&1yN19oA#y|$wuvw(3I4`vsk9Rwwq8pX_dletc zjv|J! z+D%ObBHV=k43eANuuKEorXS=|!|knIw9IsCTQet=u6}XjLERV0XR*!QL5hA5m(FoW(p8P-O>!pwqL&U~4c^uAJW2KfhuDU|q@& zeghorM>10Y zSIrJ^)wII^@@7W;7LY5cg{{S7>5GCpz}$lx_FPBOV8*ig4Fks(O8Cms=)hdG)#Z@H zqm#j-dnRk+Id2Xl+Shbk6$1)R30w*0P1sN$i&CbMu}WO+ITUC;0X{|lQp02g8=73x z90wvNMs*dpf-H(e$pz)3ixLBa8I!!U;ZMbl6--}??b4+1=ZJOvFW@2^MJ!_nAljw6 zi~2uaQ`ZI2M7XO(q?{tj`}jR!CXOViv?8*i3CbsnH01*%#%aErGYG_ z>5RD%-{F7L&eUIItedl+$-&{Oyk>-V(bKa?y7r8FmoIw0{K&kUoEOwL9~e6nE$YX6 zq@s(n%fgN3KdGGU%lK@zf3`9aC5n$UnwqfW`c?DN(!mKScjIXKXY%Lj%}sK#yFjr) zmh~4uvUvVHan((q?XNm_k=k?R;Q_(>>?hjTCqBUQnWa|G)lzej@v!PrgiRFB%Y{r9 z?uda^QgBFZxKcvvtUQiIw(za-wuv>T{@TtqreB*jy_*x;N?-i4oLS<8ZZsskspwDY zxCo$*VQji={e9Q$6uZ{1963p3SYN}U{0eh{U`OF;#kT-pM)>>1s06ZZ(9Q_M+j_ID z)mH{7q!eSxK17&%R0ECh$o4LQ>FR3E?sCcs%tz^$u6~%O(V?O${r+Y)<0}jy?Z8yyw*l~iY4`}5!W-%o~um}q6OA{6C6OM75moxs}fu}w3*3$k`&h} zNUpuHnzzx3p}TCj#-1Y#*GNxGYb@6NL{Bb&{bGG9KI*+G=I1$%s3-25=)Rg|siKiP z@px86;`*Rop+VMnty0b|U0q8bCAU*M@Xp?PsIfJa@pF*8j%`fx_iD{v|3G%O)YuNu z@v&o)u)L|A>X|Ri0WW1RObC;x{=&Sp?N|EMUiN)Qc-B?x+$?V_uKd;r>SY9NmOYx% z_X%ldn1H0#?|7?!*0_BO%gyY8?50&Q)f!Cma9t>fi8Xle%$MQl&C!)kzTJ1ds1X9 zZ=apD?6s_8NAvc@x~1SI7j|!N>U$5D=S-UJp=+Uj%+ab7DTU%N4ck%f>b`t`ltInw z5>2u|1j@}tAn|A1!9n=X%cOVfa-`- zL;yF79NnZ1bFXT7dQo|@a@MKL(o(N|5Zh)H9Rt0oYMywTMjeP`;SN7eOH$6-y6$sN z%yg=Cc1%8>{Y1~^Sx7wb(&Kp-Wu(K8efPQEu@+;d-+*0&SUERr@`sLr5#{oL``+_O zI6uBl%bX>Bh7|W6EwYSd#y{Z1FN|OfS6icXYAoGhYW8^j61Oqpif^*V+Q_{8j| z`%zY3CDVBUi&onCnTIojhsDg2G6TjMT>aiAIMo>ZsGY(2qM3-g3@pn2|!3)xwUe-^#h~Zvly-5to)VLZ@;#fC_Vh(04QlqN)uCd=NIqc8;I|1 z`gHFIpxOniRlH#AS_9)2N^T>3Uu6IJdVAh0Js-2mp4VM*w$F(!D7Un7mQyq%c)h=- z%6{I6;^G_9raYfE!aF7Z15R%>$yKl|e$ijST{)VP6J zrT~26Ue)Mg)06^}3y+n01izT@;s$+~5d*Fagj49zsi)7?nLwxvvT~2>QZ!8mNzaf?PT|S z=-DRG&VW<928SKD33-)Vv$g;0G)zgNrG7^dNfR9i`Aof-9QaEJ?md#Y26V z^X2J3=aZQm`|W)fa2PzVv^bpJoVr@>rIY>paz+$b&U{~aW77N&%Ne|dt*T`8%(@Hz zPdjxt1#vG|@S`Fl%#|_R^d^JuMhmedxAATPOTmz}1B2P4{44dZ_IX^xADv>Hv6?n( zt@DN|LP{j>NB6!j)SSVO&@X?8SRZN+0lIx|wYCYdm)ZB}WQh=uL?iC*w2?uQyfJbV zgur5k1do|0g^j*s6{Iaz1S`iJUHj@DD=X$5eR@$bY7<&%a!%!VkZz`Fa2TmGY4Th7 z5)csNE`uJS31kqghbu@)vi@Fyh`wc8yd8er=*2p#NFs5sr|{Eu#?v5B%6<-GbjO}%M)Md;Yhy$!3V&sil)&OaI#QBdEwsS?C%}4d9(h=2<+7m9WzUG*X>tl1 z0jYCvsvR3WP=ElMpS~u7U@8IYW|adI9#n8yRTcXAytosP6U8KKblnsnF%U&UAzKn8 ziHOsU1SC>AStD-O#Re?UI<8;9*WhQ*+V!>Y3#M1ziYiAo_&XN0x9I^(uep357rLpX z;4_PmYBMPuXTcFH>&(-$;I?Rf!0izsl=(QT^u6^qsYr?mT+$+@MjTgMQQ)mRfkL=- zeJP%N8P60i&|S5nL`Hb}n6iYn8$4p!EOehIVbu2jvGx`~aWrbW@Zf|Xfk1E_2<{Ld zSb*TcT?4`0U4sR8cXxLU&JZ*>!QI_u!grf|=bYXDzqM!Yy|qPkWja&UR84w1@AE#E zc|9Y<2CzVibf|u_V9pf;;3mgQT+|>eEFmw)mKb;bl!Ol_VLCE5#*}!^G8fq(!BG~MQZi= zEx&IxKI0Actux^do-z4r`gILo2f2$hSL93|E4B>;Kvo$r{r;%L}xO(;vdvMh^b?`aDFw)*0=vA;%=REBl z56JNY#j9339Vpl>I4iqRp?w}|!^D1}pC*l4(RtBFfts2>8sk4Am`_tV5xWTnA=12# zu)grBF+F4qeQPi)tvZ5oK|Rd%+A%vcKPb=Y52e*P%9I%TaEa=&w&-7~&B**@IHG70 zY7XKCqzDo(-#3=ep-yPksK0-`-1#swXt6@xFsWqodTEzLsuB4#@d_}OL{+(V=rbe6 z<7~l~ed?v-KKR~#%V)RB*~?oWISzi~%wud2D_2r!-W*W>byWm$`&4;;Vy0pESZ03d zlj>U#o&hB_(bYKLCD4Cngst}4s;zD^Tv_Eg#4-jD-O9uKIdJA&#n%D zLVl?oJH%kCGbmS6CxJ@Fy7~+XZRvpAZqu?jS~0o{XC8t*Pw?8YOMg;yZ=TuZFm~*{ zjN@PrawMC}k8o6UyXkXZNziY&wJ6^Ou{g$z+hFS~<&MC<3hPpY5^hp@TKHzPxY!T+ zzH0bLMdvns<1bv<20XYckBd6%zgZF(B@YhO2w@r_P%J2KtNUTw7SUm7+oqSL)&XfL zVLP7nD!+#BFxJEp@|GBPLyDr*)9Ki>;GYA{UYev2vazs%z&uKsoSsVOYTZEo5xD;B zcHZel5+WfnXM(QyF$yW6y5WkqQbHGRml| zbSuhNAS7yVAs>JjSPENAtCI7AGSo(Opi$E2SpzoMuHpI4aesjfG$Hg7{&F#!3E$4X z#qn5Te8`TA<;J^|qN$V|Q*w!G`GsQVSFZx>$BG#a>X`{Xn;lH7z2h4+0SxmTaLuL~gXR0rFSu5K7q}6t9MW$VXyi&OQB0 zg82HxVi{-Pmi=*)H*{0QIwe4Ep17@gLt_K}!60$5blwGT%kvk=xb?RnB$c?owqv?h zQ+guL_1AsZ7>a+)V$EiDm2oC7hSIUtoCrP-B($G$&T+%)E6^!W%Uqlih2YU&sFJP<_OL^$YPzd9=J;I74{of?Ptoep3kD!5H zB`G%}=f@;?DplLt#Vi|hzgsTgsa_Y40?(PdLO{>ZYyfWPC?OQBw}00IhxHP5tqGit z?*COCFw${K#g;IcwbeBOQIf#7KpFMlKWYBECs8PfzU)l3W^1q&7;p}@zI?G?b?R&z zH&`Sd?<6YVA*G@m0>AJ`q| zOQVRWFC+yYRVV~7F&V?71-m|+3p;SyBLRlU^HxN+f*B4|x(BJ#Bjn7)EtFPD4Iu78>P~=|fUWptD&MDY zf;Y6bYjgIS|Ii5gUkHlO#=*~_?DM9xPE3q`cK=JH7JYU-eY-%UhuJ>U7&3tSKmxcA zT2V$0WpX?-Y{vJg^hz=l)~D6oe8rvLp>S8k`vnfl#BjB>p~54qjaYzU(}wh7!2z0BFMslE(YR&3@_8v_9mZSC%_qYJC-7W{ zp!IrLeSg9&MJeju0{E+8?aZo8#Do;fUS50nTIX9hs1MzCWo1!YoYzPN*dsGb%39Kr z*}L!oTs{NUo#c6=H@JE^E1Tt8sd;eV(ef#Ytv>1iQZzMLHaTl8liGtB)H6A$7>f3) zzCJ$JFS@?oFJ6iE4a3RqpW)+MGcm@rOJ$tgIUU>acj0ou2t*+$uNv)#!ZcBmGz&N4 zKK=C=BiR(C$;6Y%g(vUf(mfaC%z95>t}hn-1ip1ROo>vm;qCkbVu>}hMQ*U14c3yMpfQeCG#psA zgcy?i7T*+!(x;321F=ftgm8M`GikQv?cs{`vve(rrahS%K6HfLmkNG8BfQ+R$V{Xq zkIpY1+$`4jSDc9q9%I)eN-S9C?2A>G5*kp&-KFM-bKaZ-FxJV~#zf;%H>Cz8?69xh z98wOHe!7&f%oGrPY4`n8^mU!)=Ru@$G2}3t8Fj{2nT1{Zu|L;E42-W7ddP|Kg3Pxe zU=knub*(n>N>{i6aHnauq%9Jr;lt|mOvFv`WBk10x8QmcMbh}D0wcn6REytr8|#2Y z%+~PpZs>yF27TZ%YUm~?og@X2wUK0@MxlmLeo~pKv!d$wcmgS5I7v~&7zPoQ6D#rz2}hWav2767 zt|~1Wd>!JU3;?a%670s1z-Ohh<&i@ND)DQ6EJBr~WjY$Y_CmHIK5njW{Rnu5=%5eU z6PNfJxS8pgU-zGIgueo+jepyP^87wwCgHht=Xw!Z&OwuEFkVZ@XU9+d&ao5eWkfDy zS0sKN<2|ILDwc3Vlt-8xt8K9ZdqE zJukNnX4pIS4a5{DfwbQlH??Dk1%kzAR%z1tpv{ConXIvQ-G6cRlP-`Ol1{g8@n49$YeW4h%o3S zhC;d@2It8W;@x@C=d#|7JAZwC6wYaL%sT2N=dc)JKLTh~I(<9EQDl4`X84Ed4)z^z;SXiEHZ|Q@lU8Ri*ub)0PzIKAIV~4yZJn*1-&XQcS*zrwynv$cAA!^4bf^N!A95yD z(=T594S<3)0E$K|^w}#g%?=y{l&CX=1OQuO2D}2W4m)7uzg9c^8B#_4oG$xGHo!OBhKhs_i3{z00JqS0_bNaj^CVxoljA4Bdhf< zkgw0)m-dSe+@()i7Ii4lqk|K&@yw_G+b@fY0L(;^=?wMQ zQG%~Yxcy5X*84|Q+<+^eV=Ix{ym!&-1-*LdyC5$K=-1r>_XMZ)lFzFqSrJu6N1KMf9D&142dFTm(KNT$*bhM(ZT7*m7LuPR}CUysv4uo9iQVOzs^O*zU` z6O9SaF9ol#Q;ky18pj!qat4RFZp8tw{7z+Mt+w_cMPslD{29_U$2(rGT*{dSu>C0I z2>2@u*=ygt>C}r=th+=jp@o%+aMe%^`*H`GEyJr#(%$>shR;|QwTHNP_>mJBC!0Xm zlv&4LprjpHPTSe4(G!TlOs~E&|NaTE7kBtiO_Vq;;*+ON6^e_plgBGNH|sZ|SWX5| zUtlxe1&Zs+q2K%3W)W?kn*QYIE2{Ntj4splxi(l00Xre$@RcP?jgqGwRy-9B2xh7zJzl;QWU zpv^|evZS%z#>DY~iagW6zjhxW1-?W1<#?#R**2Z6KFR-X{@w!H(5}TV;RCj9Gj+ly z61W@cbN;PQfT_uYrq5k9)i64_g19espcj_svmiH$1Q`Nati*m4XK5l6#~dS$4I4Nh zL()Oj<%0K=1gd;a8dixfGrZsGJQu9-YiOu4+zl)J>1-3U3m1uPxcfCXbmKWTjQvlQ zdO7eB|L=X_stl)0mIZ7Y+A=oeIt97*0g=sv$6cjYN-{-`gsE9)(H4SNxYIsoR6spK zT|vxF!dAjBAh0hbQu_5YAeW;lq8-wzp(y~iYB*p3a{B&H9{l2KyS<|xeOzY;rhdaB zdgmQW*`(}v@DwJDmoDqxs)V(yx_%t=UUZTOHw5Y-sD@qg?vDF9knSwPs&FX%Yn`S1 z*5%y5@5;g1@O1&!X_7{tGTPxXkzm`WHu|rxllnZuh>cH{H(Eoet6vSsQySJDdB!CT zW!gI&N9X-apb?IZcWU{rkgR-jil(r@Z1ee!^7a9$;FoBz!*v@4@`-S`O^RFozQ4t| z$BU6&Ec32Lpp`{oo)!(*Ue?gkaL7v#NcB&*iyN7TliNA4kXedA=3L~4IY*XP&E4l0 za4~7RB`%6(g?6dqCUbs(gT4!7@PkhU!G$wWAqzdv`oBODX{~vv%-r4lQM&Z0S@P2j zW#80w^1j8?XqlI03K*;c^XXSr%PWaonp;#uTZg7QKrUYG`;TGTJZO<`A)$2cE+fg% zNPRE5_gk}o#WmzC3b-}-ROB?!y zTeF(1F6ZCwv!TTObTL7XDVpMej7PIPy92HilHWc%eZE{wolkuj{uDfzgG=k`%ni|)2O;rNFt4uDFCnN;Pi!n(QDi`U;x{>Ic}*P=7mPF;GRHACe(wbC zGTz)NHQ`WAA!#8AO$8b3dhC$nN~*?aJ}eGv-jd2NU>+xDj(b|5zQ!3*oRZ0nl4xwv z*t}#c)Oan>Lh`hcc<@qdug}E}^$Px)=teNXZMmVZani<5Ozax5l^z2NQGpn$=ilu_ zEZ$s!9k(>5tTbZ^+-IzmZXURoxN+M}@Lm}1yM=&S%XC{zT(`6rUM+i3JAaU}F~Lw| zj6Jin7?5dARq8i%d}cbKqHa7bGPwV_IWLvJ50%=xOf~!|V*8beB2op3?0pbE)S|TW ztgJM#HqBemPZnc$>RyeP4{K4vAoE=W#2Bx{bT52e!PI^sE08>6L7J8?h(|yRwa}{# zsK^*xS&%d02|8dWN=8CTkCGSHyq2=85$7=Gi7^bnR>em;E8m76V-VAlt*izV*lvsh zw3H!DACI0{6Z)zdJ}Uf(t*LxFvLBc{@T7VkE{B<`n%k#Wk7Y5&uFroR%t2^S$I3`Q6? z@hXYxX<8`K!`SCcAu;5kJ>dYY(r809UwdJ?H}SH6$w+@uk|}s@smiNmG5k{gJj%=D zbG%4f@Cn`xdkOFxj!S=LdD)cmh!(LpBA=I`8>Xl#Ulm2*qQ%V%sHcB)TSs(=_tteu zYi0=u$^z4R^|A(D8EiQ^G8mp>)N<&HaGEKr7 z`&1t9vKf_htf*A8U@iuIT7QQN?*yp=^hE|g)C|n85PAiXGWtJ{kcBD9zVlZ*`#qkO zd%&eCtDzIXhNDJj&s8Nxl!*+EJJj7=>x`<7ud6#Z3J+d~l`htb?oP8MTwp-Uv!OQQ zi^NUG$SkfPS9N@PXsNW^sFqF%4`Ni3rRf^f+A*ea9==2+ zikqnx;;BNs3p@+cK8qJSng0u9VdhU&)D+_12YbRu;n3iHJMw~*nR^hY*Hm-1Ap78j zN1pDuiDNV2hNU$=k_CEr3mlz2IuFh%3G&@N@#yL=sJ;n8x>a+J;dDT~Lp^A&VV8h^7OfTpW`&XW`<)OsU-;Cu=GzNYyoYp9{M^*L6% zWD6~wWvLl1Jla!azz4BiCVNTh!KgiTEIqWGy72=gWjYSaR-@3<$$B_Z?Eu~b9ulqz|9E{WSSH#pUPVoEPv9@ zUn~Y*p5!^f3`zgPa0~Y@A3;7RmN4KU=m7@pH@Vymtf{HMpbZS!&r@~ae+=2-GlZOo zAt(d6#yP2Z1`-ow1`4bNz%dF|_D!FfFvB!A)C^%SP2i0bEtxPYZg|h=FeF|gmb|5z z@g_A)DR+)9V1Wd;lhGjZB(<$N4Eof4m$gVrAN=)C*+~kF}+H ze+)&+tL!e7%eXfRF!6o==E;Ecw|T3rLqbe~d1<^`%CzY$ZQ*{k76nCZ@g<7S>&>{# zqO2(#7mj$f;_`%;^>7VQg5NiqS?IjcjaM3H9@e*U){7FrsAe16ME);mTfS8VXKv-%;n{7`LQYR^fa@j z3!bBzIbmTZ&Lv%j96n8X`~_kjNxCc2v{F6GXY%gH|GltD7|HWRkk7;2LEWiWvx%#< zk>BzizL0~oEx^O2AN|LKR^@c3fA($z8X+=pK5Alh!S{}4O_GM&a!^c)NkFk(z#*d< ze=-9QxP)YA*5p^cwIxM+BC;UiZH_4q)!hI29uT6y)nkdNfF4hfH}>xtG)k(Wzz0;v@gJYk|Ljcr@2>kk zE9g5@^O;)caf1ZN!uj{;k_Q|<8N*A2A9&UCG7a)# zd*b1a6lNXoN9TLW=!zqY0zW_$o)*eA7e06@k9PX`AX?}96JUb%^BuNWX^?NL^PfpO!6Mco@5JHJ`64fd= z&=8LRq5;A9BI$o9$Tz|(K4PRP44s+c;2l0UG??$F98bUR12NV&02}KZ)RU? z3)?+HHlyTu=gji%WEaK&c@2@zFfi5LszHBS=x#hr$p*9@%j7-Jz<0>U52-UE%~Ezj zQ4ZANXBi#2`Ez*V@RBUQReZ*08>zq7O(~7Y1S7#d56q6FV=ZU~1BhaFh6PJo`1wzI zK2h7+70XMv_V>WbIO4?Ji}sQ#7iU+H(#gFkY`Eo(l%dW2A(M}gcEil{t$hlUksIku zlw47PS^-X4oJXoK3NLytF#K`|PnF~XE9IBcDwU^Xbt)Diu!!75SaNIhS>Ml5$3_~> z!Jkms!yA2)E(<&`729c{pZ2XQDH?o7Z6Cq#sGFSy4yjqen#!!d=*9B&+PqGCi3P`{ zx{R6nlM{gw03OOo<(7ALDg#pH6F)s;`6_kQOdMvCw^EHHZQz@@FompMkMfmcac?S) z9La(}_LBT%vz{-{M6_p4-q>IvO^BgA+nnm9L>yl;fYhr0Zdw;biY6~?vixx&A{xQi2BeV2%< zSqsXTJ!~`rF{_7AZpHZqHY>`~ORn!CI7f!2c)6S3bQTsRi*Qu4ni{&!ha2JfNA`+b`qrQeOvd`Jn`3O; z-4Dte2d5<%a4o0C=l=a>|Hbl>kbr*cs^CIKh;{*1nNnrc2Ol4?ROK{>LvZ^ou-4 zCM?Th263RZ%a{Y?L)}W+*nXmk+)YupKc*iCMm~}%rZqK0N78nN(nl940u#Fsksq&e@<5(eMgo=o!XXwd z>=u%?{SeFQy5{UHrZ%j;?flwJKf5U9&08Q>S_*_lMoHxF|GYr|H3b!Mun7dFc!L%} zuHDu1ivGAyv+^a#lb91hbEHzwh`^tg%>Nk?a7~ZN%PHF&2oNT+>HcV+dD^t?g<8O> zuTay{)p8${vxr*mKasUG^(=Wm38bI(o}X&Pi~>YKpkDdroz^$f-Gz+!Mlb*hzU8)} ziS#N$66<_8eVUiJ?g+YLNVw=JYFQ5O^rq`)x8G*=DM{3PoD^JENZmQ1V*hl(rOMAw zw^HW#HlETdd8+e^c_5iSAPe}vO<;gi`*8lIW_^ET;cbD7VgJOkesn-|36)EgI2?5l zyuFu}c`p=p+fwQzoL9>{x#y ziOfh=2tv`Z+qFuv(c1oQg|)$N=-tw=hiRpPEh0|deOgx94*Z3(9%_TlxKvYr9xs0- zAr4e@nCZ7*)xqxAwAx(jsee2Ex$qFN?275~EuzISPmGaeE;M#qj?D62-C7%FKth0e zqth>wW|C?5X~_TaOAmMZgdL{D(wb4y5My%_5{!!p!2hD|eoJ@K%tQGXB51ALo2qCm zvH@?JT4Kqv#)LoNkE#M+D2ouimXP(#x3rY@w5noA@UPt9NoI(RUT{lFI&vFUrkdmf zYw_}By8TK^@`R^HR8o6%_6L=pGuO7U>B>n;qwx$!>VTU;r5DK1d9@)+kkR^QkItm% zHT}mR{MA0rI?qX@HDVfx_T7QZ%$oyY;1w<4aENl^Xdu6ceN&iNJgg)QNQf@}?ACjL zv7aY3dGtAaN1_4q&tBc!fD`fW-Fo;8K2N@BG;4uMj%uN3vHg3qsb-4lz53t=Hbw(l zk_bBC+<%+_<9?A?^nZ-|`R?&%e`A6AdrAqiSTouAO~oU-bP$_GrXs(TyrfR1&*m?M z>;8|H^|qxf5Rq7)7@X1R+a@;MV0`Nu#1b}`vEoe(96G2ANLnRg9u@oFO0hQV}Kv1D7gscTfZ36NNfno;0#-PSg z2KKPWJ}0=?U7Rcxi(m+iDKRndMR2m%Hhr)evG-W>+TnmfZ*XsP-dI3IG8$mLRV#4q z40l>>9I-sw9?kW-=%BQzvgL-l?S?L$uY6bKu`-C}T>1-i=sMO1E~?@4CP`PzRHJh5 z)F+9=`UY)JdM<_D;s@paGkL6he-<}2W6L?!s-S;)I)xUk-B{cbRu&sp7DT;==B0HO zw=NnLpxUePo&CoKVgo&gJ%<%GI)r+-XN%=?bOwaS8Ukm|L8bA_QeU^-w5(&~)PEJ3 z5z3FPSruxf*F5(|C3X2@!Q{LZ-e4EvhyGe`J(LoqOtVhh@2uVHmv(t~y2@!(iW=kRN)VOoxPH>h+^W zknOp$2~S1Y=D-o^P>)Le^Oo-~&_kJoV*Cw9Ag!E1Qgv8SB<+?-8=W6)t32)0WBYHLPJmd%i-jdX{>%_P{`y;_#C#bT zE*khh4uhw-w7(<&7T(P+qv$RQ?lPOv0f=u3AYqatbtMj}*wQwCbP%dyCUsBapq>z`DTL8IO^SLeLF;gIYIx6{(J`F6^TZ1R}`43*`9A~?4S1|F9i zXymIX3T~G#)d-Y!uHVl_tP~g(^ta=D@)_1}`{MIUceMmsrXttOBSv^I(m~qee53!i zc`@Bk5-@iDd>-#r4;5=B^HxyEAy_hgkl!=F4t0*O+_gvJS72;3q`cPN2S&U77Het9 zusJ5*VL8&QrFbvUZTttZamgl9%#x;<`Yx=7tR$2^xwSR(M2Tvo3Y>ZLytJ+^LK*$h zF&u#H{3c#eL1F@h){NFH{+r^Abld!M2OLaIwErn-cKORu_l?i2WUw^jFr87Pnrb!d z6?oQ;E=jfvA9Y>e!UIoMh19uL$YY+gI4&T!OR%d+LaVdYDPgR}lr=n**KcFvVjxO5 zw5Ii>990|@l;t{$u`+D=O@3Nw!P$)=+nK5_i0n#$z7Y_Jhca{KP!Qwkh55rlzsCk{ zoOtz$P~axT&Ide`Z7?$Oa*$=ZuXD6e5sH0Uy+X!&PI{@IY9=vim9ETd&YfkFW)4-@ zlUKWXlOIRZ;z)jat8}Bt+Fia<-leniKh`7(Sz8TUFk^HuGogpjr?u@X9kUnrvXyi( zAihTSkBfXs;+ZtyL((AK7NUQa(W?F{LB0u>6{&eSy#|g7^hES($#CoS*NG#2Y0W5I zhiyY6l- zj}D0=`7^HkklN8I8;mJHYqkwb)Yh}t;#uy(`*BYHxY!|fB3&W8<55<^`rT}c>DU)E zOd<<{J1f0r?`yN~*1(?`p`4?l8fuS>93NPrs5@7IgfL$7;A%9l?u;qmaqIgPApfej z3mm{TUqj0y>0SFAW#^S)0VW`>iq+K-S% z(oOxq!^qBc9fYcH6^YDOK`zmi=;$DUJU})j6<$j1nxcO&TX>3ed*sDjdH1?|71MHK zjxYDr3njUMkO$RzsE8P2NTOS$MG_B!AjT)%mj&0Zl)t#7J)b6{iu@~B+L*!s5B_An z3v~@6L7FHU(S42@Eio_KT=k*o+ev|Rnae666IT&w9NZw7$Upp*jC+%xH}8_DGXvDd zyo_X8w5>6qtjzYMRKNu?@AnU^k=VNthWn!nxpgPbJU=UsHTh~!8u?&DA9?$p@Xm_* zym+8L%1-W{A^7c^7OPZs;(ywDGER&IC$_}bs%7ra?r_A7C%afwIw9&@s{A4gU64@ic9w5oX zPLOFje?w+_zDa!`DBvTta{@q|4Rxk3t|lR&|G8#aT>b6DxE!WpVvG-Xs-lv-HCWOH zfIh96nUJ54%02DhSIii9B=zlM$p`gyn36VvR$eP8G=W}#bsd&s9?tJoN-`@@d$1k_s^(|zuw`eKiK$O}GJRmy0~|<&);=+n&KobR@-KEH^1Pe% zLr=@Aa$7!}Nz^hQ(0K&wwMPyA1Jfzm9ibFR`MfE<)K^&Q#u>pt-6NsKGvYridxmtt z)rdWt_?`erm(kpmxFAAwUT=-g(o>L^i$kuUK@?Q6j<-dA1;NDfHr)aWN{-wFv#NkV z#B!!`$`>v#`{ab(Nppxu@(SFW^BpBIV@1`(@aTX9tkEesgKwA#ie=^eb9Y{lsHvD= zcxEVTn<(ULWv#%#pk3yO?A(Xh~xQEw;oTQ_o-V(*wG# zmze%#-@G5DI)wqj-CVb5xHl&htkK& z9@mx9{Q!^~?fVD0l(Q36yZ!;az|L??aYxnYviCkO-_vZE%X@F$I|}@mX(wMB z4|c{hKea%ZTgZJ&|7grQXb&4iY2d*06J+b0Ko*(XPCwuS-!7Wn&A5`fU%mjQ3v7%C z?1r}=U~)x@N=V*B0-2DwjOV# z<|qn80J-u^umC3WFeUtwf)dc%nB3sksrD6g6`#uFw;ZPm>`DP_1)PPc4~geUML#1g zy%CwoKAC-n>S7o7KUHJMPo9Q=A*x z2i^L2s%m<1p{dU*(*{ktuRJf_*#*FxkU*arGIRsiWCUn9COk5xv<>Z%2H`M$z0TwA z+*RXq#_91k=sdXJHNBUhkRXr53!2}Q4`ojWvC!TFf$;kzGzvgcDU9iJ=8}SBYEz+R z!}fw0%sjgG0}5#F>^O0TOObiR^@F&L=5D*i27FUfti63n{8#5)hiJPjYeDiu9i~o4 z#tOv+B3ip}^kH3`4KEo^8R^lGcMyVmDTjC95qK|dyQ2COT4Q#2h&2)- zakG)KlGmN`#8ixi!pl^Z4Ms-g{8nGg^$ev#g7qV=&mJoPUtHoZ0{#LCJcO}bq*HXn zsp(9U&7}U4*bN)>JH-P)8#}w5_r3kY7q3C_AFqQ3VVV%R;S=z9C6_I3g6<+`Cu9J# z%W;8LvG~HtTFcV;7cn*8(yWBzS~!pUgyaQ3?+?h=ZL9L9hX9*0liL_ z%YQ3F`|o6G|Nr-K>>)C39Yz=AR^RUC_1!nC?$l(8?yOf<6mOYt!VSz57GQ37Qzx+t z_#^bil;(HpkKgUedwxh3N+0}%!e4hd6}nfyiYAK3=-p!shQW?58`r+(oWPQ#Opp7) zkuZmX8TpW5+dIH}@Q!AZ@&y(h*4B z{<-&FjY~J8WZ`#XkA>%2>zNk>Ebt4q{dgwkmyT3z`g1)~cknlcs-?>smhFVch}=r^ zRNb8XB?f|uh?(%Cwprd}&A0TiY;YjEXtx_q*_MUI-S;jt|GRikCCo#z2>j($Q3mAe z{Z9n<8VfVVG0*CE{(gOHC^HRH6d_F#o>TLfkZnz#Q3RS>8qNLaf$Sl^AKcW`U+;V( zOi`pXjYHHm_o4Wu$<&Y7r;jBVCznvh{ku69o{9?k-nphWL;WpbTao6iD0#X($1D1{ z4E3Mqi3wZ7H+#6Z_Cyj$qBfr)_rJ{(Q`Q$3C-LWw&VAe_}CRf0*<2BY23_jp*j&r%^$iKB%O@`&dx8TkAtzKV$-{PFiQ}2% zow!s@iYlOir)&nQ&oI{WL)P7G@%IPXS3KAK)bIt9Iy-5M&_Z|QV% zLreE4@-)eflq{!Tb~drp#GvI@hlM<-GU70%PxVP@G9nl=^e4ymZN*Jbs)W6yuMj)o z)e%?##(VZ!JTNfcOZG&{fwFo!JOJqttP{WH0^us=^1FnW@pk4lry0=~-L-c31FX?~ zSoVl4=Gfax>%s-Xf4B+W|BB>T;KM(|Rc>nzwRxjW6_KLKXk$g=5%H@hd@Y-_KUyms z71o|VNv`oMs#gY!o9~gBjUAJb;Uw3ilL1Tei5AbA4`kPdg7~3|@;nK$e{%e`;jAE_ zkquWk>6RgK9W;zVk03-Ho@foTNolozqr4CF72oh91m*;(RndPR2BPr6Q@K-~NM{XH z)36Ks%=T?uKNw<%DT45k^Xo7Z6@{aO-BI0qBE9*Sbtr_^7F}wETVf9`sLVtR0VpKT zf=s!~+YE;0fXxB_t+Tgh z-)nHFhN^ZAwd@yXE+n`_XHE#)>A2C!yC0VHxSSpc0tzs`&dVoAX-+1zw~~G|Um-d( z={rPjc=O5}FSwt0yS%_K%s!~s;4aCQSDQHhYRi8kljDxK%8c2~DI4!vhKC49Kkz9) zzKOeJ0)1g^+NP}OMq&Tj=VP?Gj|=-K+L1{g+=T6_4WaX6y{OG>rXPXbuXg07x^Uze|{mG4dHBd+EIu)3D} zG^D+-A{9dTvW@nYc2^OVN(g*0k53Fl`wV&ToSDcIbB<5Yl<6v@v+;OffFh)Y8N-H?EtdR7Y0e_!DVCO81^JJUN% zl%IZSk@*QAr>wA)&|KqRoZ&jTeT0^1n875SsvTCT6QXvy%JON{0{T zN?8j3h>;M#f{DUe3%&=^_-}RxXw=;tj~#sDg&V+(b!xNpyCkY9$l-ZNDi_^)@fr}9 zn$5l}?o*4QMI!Zx$uaXn>4^3k?tnL{!T~!wfy@tBC(;m)m1d#ZaFh@kIMj5JTz|7E zZC(461G)W%*m1k|?W=K1>}sE8LmR|=kg8roK-JszOVORg?y4UfnweBw8I!V!YPp$s zN=B4leH!UE0r=Kg&UnlvN->Y1H39BLydNN-uAZAR8qKq2lh}K+pM-kaDXrlb)l!?E zt!F)m?(GNsg&Z-UfG1PN9ryUf=CBX8MdE{QgwyUmfw#0oz)`A0xBeKuvTa4=sh<#H zdu(IhwCwbHEzjBXc7?`CPbf{LQu)6dU;j_vn?Bp=EOoU|(h(79kDWZCl{tVzRGMas z7D4|8Px68PLq+rTVuka;#;H;YRcB0-#4rJ*Z50Is4YUUqwF56ERSt@ZicfX8wMFtc z9^ljB-E4B^pZyOtQnh5R^K6+yC2(q!K!NzqHZ_`bYxc5qYjTU^twL+gve*H_zw)V` zZQxvh72??tUhuamLXnh~++6riW)+IUb8EsUM#&%91(^LM?Wywh*HTGf(<#d@6;dT~ z$|X4TT;S3S%+Ln93VzjmmGS~`YX&Bcxr(NWW{PS}eB^`UN0kxnS;?mJ!sB$W4EbU#*4 zxP7mB*aK$neAj2%^1s^fBSZ+yRM})Ve%euc8Qs!#Vt2$-rR~Szhqn=I70HR5$I}G| z+g$Z+HuM&k%Q_&rOJY8f%^}@m4WsLE&L;JwcVJ@Y#Le}`rCd^Vy`pjG9(O;`IQ5)O zB??%>VJu1~^<)I)%nH|&ZN7M*_tbD`$u;O!ZjYElRoyyWvKQSQjRkK6NnCRB`tW=dOx_N@tSd_t>2;_7If(-7hx^ zPhJNZZr9Y~^qHe5x??Y#o`p#7{uT^XR;_pXS9uz3Xi3xPH9w8NrfF}DAhdiDWRQd+ zTnDe$vX(WF{$=YZkd~&buKEt)?D7fAOWne~TwXe7UP``~dGsd4&kxsB(8-0K=*(67 zl@>|U`RWD+l;S=~_{pxO(QAS$OroB44=8+5qVvwR6QcS6mMk}jME ze+|T|mZK<*Cie@n;gRXY-L4{M#vEvA0^pBb5&(q&Q0{-~P_wKbZtMB}iLs`0I}eqK zJrXdQpzH$=YV<`dfybank;tz}C_rvvKCP5-bph>>!+Ym6hhhP;Pc&nOmVtQ3S-J^R zX5Wb$zryK!>jhW|7^4YsNIC~^^)}j2D?7G z7HP^QpYNMdU24=DG&{4FD?Ej7KLrW*tzjNtQF?Reu3T5zZ=7B9P1$usY5XpPGNb3L zOSFr;`q(~2tSH8fD52wbydNu)K!ycE{XOd0_SpnVdoJaA+ht}~yyzD9*3u@?NL6x) z;=~fhubc?08Se+t*SL$QK2jjZlYWy?O;p2k{D5X}LkKscgdrWzgH)}3IVu^>`iC1+qP z`RXRyw9KlopTM8ylC)&^tJ+@f*HBtf4yTF^=H8~JZk?pTfVES*A0$1gYD}~p;qHr* zP#zC=5s6NdZ;xX8WFQH>T%fy}IoN=YDr5m;rznG)Hf!($TpAtsf>LYcB1w8qB*VhXl{rpUj@INUiC}{Hn;_h?97Up?_4Ley1x38kBMd*m3T#31fdfdjs3+`Q_S5seTASxNqVy8gg~**q8G z$}B7Xndy{YsF+F4T|fSTX8gMaVL2I9Cs%I!TsnW*{;28C6>qfA*_C!mj910hkyEp!xhXTfkvmj#=g8}&KA zGs5fWsLwfpGeLRL{XsB{tO*Yfe#^Z+V(oL_f<sWrVHMo3J8Ps#GKPaWgx+zAS05mF;ec`@7M-P+=<1Qqu`~E&>@QH6e6NMB znpe{GlX&g>JN9+45GNpYzexO@(M3RzZU4vV>7embC-*^E<5N#FiG;`%OVN>fgQ&DTHr%kHc%Qig_8zjyb^ng;O z!1pOLdIDc{gqmtt(!Ppfr>bP-@O{QWPN}w}gPZN*R>C-gPc|F~rV9kquT(bct}`=1 z2&M@z@i=4s?Sryf{qy)Z#H_~le$##p=IT_vSV}Y994oEmtA3&Oir*LclHa#$q(B>@ z>U*k+R)4yXEqLe%H?&nXmPQ378vzc4?yFRm%aI!yJQ*$=uc$a1lsh4+TRT~K(o=7D z{QLkpqYXT65v$NLyH#UN3PLo58(+4f||c>yfP5>Rps` z@YCFzq}8<2YMxK783`$eC?X#--M<^&55q_LOdOKd#>&_fVU^#8+)34+FI8u=WKaA; zWdNOxHKN@=JyJp$S5>n+=Mua(L7qr_CH9O6rphejtZuwuNy>(brZ@(@+bVvx&k}^mm&Cn$+ z-L29f-HjliNaGCBQqtWa0z-FqcX!wKEPP|{{hr^u_c_1w2iLHGiwkD0^{nUq+@(G! z=GZB2l(I|}#aHj6I(-FKf*nYizw$(#0!E4&B&7t&$I;s14zg?C(uJ9rMK;O{B$}YB zy=+@YVa$8__fMLCevuXBZr)SFK_v0Cj*6Yy|4Fz{VW?s2a7+vdYn@DQ7ysr@1fKAtlfN@tfg7QXjZv(Xb%`VISSusQgK7^49Aq5# zY|=-4v{^h9B}94rH#0!bf7^xDu^mBT&k7&FZ=sRd4HUnNq-um7Ak>F%lD&Ln}V#Xy>so4#0C(g(Z_>26aMjXqhhC|zJ`j|Zs2qW>dx zAO^r0<$H9J0-@Ax8!lGwnfcYVd?$^$wg<`YkVjq>2`!?FUYMQiBa&{of9z0Nk(=9@ zixj6_@8It`5+%J7)H`y$(c7&~RZgmfGqHPYs5r=%-r?YoAabHgxrv}(O|B^81P7@B zR|CQwu^Jxd{b9o^`aCKRK1@)%H-PJDu7Dty*KYA6Q=N{E>sd2K>6IH2i%iAG)y4_p z&z<}Z#OMhiDkVoETAs=0M?gg2hD;~7_UHoS3gf4Bjq}2l-Q_Kl6;fR#@F+J%vNU*V zVz4Rdfpr8TDM3884{}|^G*ZT?$QdM1?OkUb$t0lzn|_ER;YWh(PEtP=+b9Z6VZ9K@ zd(Sw2Wt1ZMVg!bnCt+GJ5`qb zKgDwYCqFkjVmEE7Lmm+te8E#uUnj7|-Md(Y7`u-j?tXjktz8n(Znc+l@)wB4X|AC@ z-W7$BcQVgW;Dg%^pSoM(8!~rdTJXGFeL|2lHZd_R6+j2Q9F?A76On$N_e4EV?NfH2 zTGrHn<&2^{eky)kOrd4;r<_lD66&oQ{7J1J$+CsjvH(6u%g#cB0WV)84EiElHcz*X z!Xbl0ElV>ee=HyREz4~*gF`D@Glyv`zbZV-T|MJPk$i!CfjZL!XUvvb#tYUrUnKw% zDeP}hPP5p!(`#_5@Bxm{-rjn5ZSaw_OXwyw4ai*AZ`143V@-Usz0tK_MT~jAavT-rI#gtCpplnn+B-8uZL^xuY<$k!UE`9%)p)+< zdUk`Lz0FXf$jnR&k8^T=zwy{sS4aRrHqc{fOkLKjZ}By)sDn@c83DqOl_OiqPg3*c z&!|8}#Eg@o`5L#n>6k)6qr{3h9 zAU$`K7c0TAg?4%qr!$$xVmr6fs=krN1-y%4%%9Hx`JXkxulSdryh8F|F`AbH^VJN= zxaZ2b-ln5t>d>e;q$BalZSvD2fjk!XR+p|_(+IJ>mQ5Z8M)au_@ZNFv z{@7bhj-0)SJ06^JxoYIdGTLvf>$Rp-zZ-@}(%L~5lcUiEwPQjze`6EM<5V`uqTcq=ns2mS=}g38i#MxZ=wlWEi?v;6@v;wgzH3%-l2%5OB5Y^muX*V%!Gx!3 z2>jW34F4zB`v3Sd1u#9^`DNpmL{oF2?}9rVlP~X>e~vZ^+kd#-w67F>+Z#+3>h*{2 zp^*pZ9u~m6In*(Ozti|E8g0Yo=ctdcJtArYqNfwCL&1LJU!VwErcWyQi231w?2Djk z9N>FO)E^<2(T}j)bQKg8b`S|jJ+HE=tQJ7%uPTIQ`^JWaZvMzyA-q`O+jFu$F$B8 z=lF1oBZ^>f-`_XMX`d?XcDXNB#AxS2{P05cTe)KA?E&Nt#rcwt%b@9c&BESqoRFY5 zTx|-d6qRRSSiE8_^l#-kX1Ds$Nt9G9RT}y>EROp9cd(P(T)H?ZXJjp6z5h%UTK5dH(cgw)CTb~D^lsfu7@K`@C3CU~n$WC;$g?g~feSK~)^ zT}}RIEbH+^t@7&YQP1%C)Z0d4j^{R43P?a&L0lzvxI;OJUE3*UYUGpWSnl2MXs>qCvrp}M{=q`gO|2)L`al4L6BJqRop+J`!A5G8{k==5Xl1& z9bD#plLXbOP#M)oT{lIR(+L+>SvOEfGipuVKw4j7x%CAcvliVL-nW@&5^Kd+nUNI( z7~5GngR=<&!yb918op9}qzwp*=toccp7IhNPdb#hs5Eh>7T~CDsg{0PYnxnZYGtN$ zkvjU_kNxlGce!L&_x=Lai|=9ZBp!@#Sdk_~sdc_glIqLW{1yCO_bUh8mu~uBbh@K^ zcIV8s``o*_2M1XLU2ns?{!mMR)b^<4?U8b`uYyKJP17;q;f1N%hiE;pcMfA*^mKDX zS-9_>MKpT524j!iu#{T5T16${AVo!0ZBu>ZOb><~8(2_{A-bXL4CG`p<%4@fuhrCW z>SM4tUCmre@)k%_E{s-)Z-?i{llkMHqpIXFBPtmhisr$VHY$#fZ)$v6Kz z@)9M4A40Mg(CCR4`5<7O_^Uzp%K8r)yL>5jsz8d&25GZEqeqT*3?bRfnO4uflX0Iq zys5(Cty=eVGoHMrY^Fb=YOMu-G^-rJo@I$5v7%2@LRXXNyG5M<-48j>ovs=2T^$w} z8(tgX8}H51&Ac9MixLV&qYkPg^dtu<_a>i)onTAc9I7?M?y3Sh$elL;9K(v70%4V{ zErCP=3$&cuy0RU^7@84R_%t|yfhs5x#i>nt$lxakaP$CyW ztQqMC!OjBrnBubBYep*u!t~tAN@!-zHnDa9=g+RFfLW^98W;7#Hs8aZ`dIzorkoK60fac2>PMBQn*}}Xif>PUQO_qXNy=G(@Rg#0| zlt207f};;CI2p0ka*aSSb_d$J!Fm7Kq?&zgOiF{rj~mReuMv`kUyAL_>wPEjxzhX= zgMsK?GR!~HCYKl0F86*bAfhGD?H!MIR}-v=iO=K?+-yXW3SUlwy2EY#p`F4JX4aIH zFlwXW#xe4JAwD23ue3m~)3Cm}wa4eG(?aOMrF-4+>P@F~MA+Zp;iyfS+}XUD1O!#7 zXAW|sWd;xlX5p|(dmhnxk9YUjGV50vUelXnOZDd$()Wg+tV1 zx{>`}6sk&U&$%f}zty+8fraL`qz$Dam*O!hY330Mqsh=wO=yxn4H%ew1 z&ME$ox-a^PeULk^F%g zR~Na1fR}dGmBQ+;ixezgKh9B$`Z#AUqgEn*O!9q7EyTD~PR!$}Xs4`YVWt9+jo3VC z03r6=X0{&Cz-BzDYa>by3CMhGdNF0xh>>mF?~G4sw=dzF z&k_|4>o|K?lj-jgh~8B~bzIZzE2B_R+jO*kd6BGo7(FATPmhj1^NbXqmn*Fy*#U!E zOC2s}L!mmT|LPAH=Sj&$P%cRwOKdskVg{i-E{>Buev|jIU*Ym||3j4+3fd5k%}v#~*X&&~v7PR%?1k{35_h~I zJ|oZmKt}<+JhNOqqX1hw+UTW}AIkv)oZ@R*#n5*mdAYOGdTiS{4qscSz2X9tK;87E zsFiwqUS+YdjfTU+J_1KG9-&&%^9Q%sxws7K5o>8sfi&-?7#^FlO3a*mI8;s z^eAhx)2k!LyKu*yEF{n2lCK84NzOP=vuN3qVw{H)0D0@mtMyB zT5Vj3|E{o)w|qLt^{XK~r7f;*ypB9jrZ*gG&C&<;%F%K8xk8G%VNmxZo4Xk8Gc-JL zC`8a>uCH##Y{Aal?w56DwDzWrDdG8UF(>j)Vgn=MSddlZIHTaz zSCM+QivhS72(hew=R#koeRn3rgHU5kL8!D;jL1O2Br4|QYo>RH`$Q2g{MM3B<14&! z##a0-ajEFPxVB_%O)gpv?OniTzLqOM7oKFUIvSSL6yso!lF)ZEWHjDDDdhOMhI16v z!@?yVQ&IoNedPZb1^gcYos3=k&kNGwj9nsUGYnHWneq+#wIFj;S1R@nQL=iq+BUa{ zAnCqB0Yb=&`UqyV$Zg&?nlBAr^}#nq7Ne}skERB^rS(%ZOmhx?_3ATBYq_a?C|+>R zoFcqXEie3Vk!evyzH))$`z@WRqsQ=@^S4~WR`o!QWkv~&Q&{fPPdUhWfxvNHlJrM( zc@O#TbPzg)ghop|NUKJ+DWY#!peX6|Rw| zX|)5uHZw-xC_*z23b1No9KiR+wspifG+a}(X633l=ep9n?Af@IyP7S?ks{&3s8TY; zHd^&k4MGFJ*g6{ZI!Rb0C}{9}rLjR{?4U{^h;^-SE;cU>$~7%x7j&{w@hgfRGLRk+ zRgqmJbLI8$*)Av7z}h{^+3hyV4w&$`f!qky!kBOeEci9zlILfEOU_=FpUV2)9B0{o7@RA zB0ZH5c20ON)f*@O!6MKA+6qo#>wueD`hk9rYOU!@eu%IK$zPz4+6h{R;r77`#lz_$ zhP5X*$##Q%jv@iTF zHrlEGdQji+t>+3HJSb%lEAcS^)dPeHM4`>tx9|HFNiN%XtVLq;!@NUmYhha91haD} z+QQdt9@pX`RE8w=UwWrIO`Vsv^+ZPWAN^gcg8%j`{p(r#x5vMJTE*?)-lkVmJB&~U z-6^_Mlc8i+lfAq6B5dIEJN{~;5->4o*kE#|{=#_=SE_63u8CqmN9k?`e5mz;R5-Kn z^{WwF887< z?tM{(sJ>b=^R>gc8{89X-~@dB(xdwl?Q+if3bQ5EiaxrVtD^2e5wSA6DOB8lh0_Tp z7j-e`Powj!AAHzkVPUVupS#tMlAB#xX&%PFU@$Bv+lQyXftk-Kw}k={h?!PZ;D0=T zfV6P3S7hIsP-J|WMSGRZAUb(>YS6!b-@jX-%uGn{@Fpd5i#|5>W<(@pDNN- zw6=T&tM%&IFmEf<5RdOdPSWkVB;NUsMEOKXKq8(msGP`tF6K|?`S6gODCOb5nJem+0G-OI>F=rY}-9+DNi^fJ2?L1-b z~s>3Sm_>Ut$647%Rf@dCr|eFC)EmU_ahl=Kxe~VGymTi#E^kbNDk4XT2Et zhZRXEr1>VwR30`C~&wU zGsiToHz2$OYNJ+`WE5h#Y<3ydZ@N79GV=<(i!B^LuFpT25qAaYR1&%MXCd=)M5LwyZ44xOY-IrRDWwcB@sR`v6-MCrA^> zc`${X%&>NZamPH@NO6Sde#DJiA>?SYTf7Al%iK+k`7{6><~LA?i_hdiVPb` zY_*0;yya>lZM}#&w|d{oOKmj^Q+8>?Sx{Usc`AZvus89?2V`sa(aMEaF_pa)w+=SbB?msVN4>8-+lcf`&Dn_<@Lpf)LqPrn;e0r9koj0?xsqqc zlbwp{+BM#y*kU)YQBw4lx+tw^se}JBtLDw*Qk8pfOYs*-3%=}He4X~kDODY{Wc+F3 ziTR|1)rr9ePGVM`wku>bGZlUNo_Ua%Tr=`yoJYm#Muj){=*n&cn|JIeuCM9C9k09d z37a-34?EIf9{u=U;^I&h0CFnzsXKpw+~0Y%=0~ek@-e5E>cQO3Y^D9nOM==-1>mUJYGshGBmnRK=#T`=3+5P_blSd?c zbKB}qDl`xyM&oSOggjQ!S&(^(ftg-Ey z4S4J2*nv(RExr^U=^S>ph<4}JR6X{-^f)_Nnmo(i(=OXc1f6Y*lZxKz+HJ`+z=N=J zjE{H7pm_Fktau>ma@Sz`zRHi)LWyoj5D8tsDIN zx;1PL4!tQ^0dN~zG$7T{zXOo(@^~|s(SOpvmG8dzh;@>oOxn^7-j_B4CJ?74C zEAJI#>k<#)i7EZx2C~ru&A)^>$RDc5a-yLPd1+@{$*lGtq!GCJag6?Kh|&GJAYRSy z76V0PL7^8iC0r%P=T~z`g=(fb%V}mBzj^Ix?BZe8hCgedfYPUob<8108zW!N4xtX} zqQ1!8-5U=D6vg<3sg6WRh1g-?w{8Zn)4M^b;BfrsfaG_K(#NJ_5#Z?AMpiE2@xN!H zJDVh}kN1;bN+YhmknV84l`sX(Ru7dde!;L7JJzzcvA9U{b#gSlJAFNN$j}A zTx2uxIsTHwMrN)k$xZ5o7y`t6PJ93ziG-B@*!~kGGT`+s=!l)RVK-B2wnv1dUnJ6bEi~MA`pB0tBAASCk@^axXN+ta`wMJ45+#jb;E6KcM4J2l`zog zdvi1Da`^cA204p#HItHS02!A?!oPDL5OdFq_)42l)Q2==NNBm!>B8d(q4h> z)uDi{$`4YU(^^esT6&t0)K`lTb{xRpx#fIytJRxdPv}6Z^EQwZy}0Y$w{-WqX)Mlf zY?ne!Vf*K=aP{V&4!xf~JtZ^<6iFbtV}_2o%%%t*3z*?>yjaV-7%VYj#u)y_$DSvx zviKef1c#CS?=t`YA-DHm4G~Ngw5Sq)s+NM}q(Cn9M)l={VVCG_0br!4E8?7!%_{p` zZIvELMpA%%EDeUf~lVJ$sr2(BVDx9I}{=kld2;cr%@8h4M81j33(5N*L;&vN05rtHc5T zsG@|QjGx^%!Hq5fV3-!hWhV0eRk2TWLUfO8Q+nT4Fe1+*biq*8D4ZL}RiOpI3L^kk ziph7}Q70Hdj#m9>1NQz6uZIX`BzOq(MSh9-MHK=LEgIO#n z2K~HoCA*4F*3MQMgLFpMM$R!<%>=7YN&=A>xBLektj2N}m@8Ht8;!||hJm|eN%_op z^YZDU;h?X}C9!goMaM=nX>;?EH)dcM^Rsm`dfs(fqOXng% zi$88AIzywye{v5v6e`4Rq5TEQZ@lc}lXv+Fa{!7MBraP94*WsZru#&l=%;eDgT>}H zUlYt7kh<0f1Wc31G*pco_y2LB;p>aDj<;!D49jt!l*+C~C~%cQKnUI7i;{{nf9B=O zRt1atnn<*fvqfGT_hir{iaV!0IJ~k@tV3D{B!GD&I$a|ks(pOj*bpd3J<8hO$_FFk z;CP!$5)YH2baXaj@;EHP-2+Jy@1(oq zV#y!CP?*~vxS!~o<1%v9BEM^%J#YV@YRH~Ra-E`*NphGA>;&>k&0(=&CPYBd4^TF0 ztz#Ll{hHYLrRX7K^Q36&Lm_wW-8AOG!(DP(vx-8ZG)`KE!Th^qPY$orwR;r%7L%N9 z)h~3+jm{f#V`=Xm2vhu5UdSnco3}Rr*aD>UbM=Eyh!dvgE?*|_eyia-ypvW^>*n|i zq)7e|a0IK9dRvQr0Bn2mfm@xr` zpM!*vpaz#L4ie?F-NV7ZK*e%~Q3Ql$HYi6?j+!z=ON}^QkH1Izd+TF4DiF zuHkm~>$T*Zh+|4VD&jp;5n-=DdFm#3r^g#ua&>`qR|7Vr;Oa>Dt5QwzzlL+=A}xpl zb6=ts8%OtLo8K^nI>qr!WP0aM_bX+CR7{NICLx;;)X;sN<>y~t;k^obL9^$I%Z4H6 zSkFJs4l+Qh%zC?-DrrG#um~gz8n@M3e0KR|uh|r&aLbZm|AL;gZ`J_mIU$Wi{Q+`_ z9S-{1$8BItU*vK-7?N122OZBY_;hM(T00xZ>9b7RO(lq8x|+#B5<@kn%9 zRwI>_^?t~KW98`cxS@TXlbB2$X=d)Z^PM(1GlQkgLsLxf6U%-mH7)xOg!GqbWah3ZD;%k&W|6PNe2#O zJ8*Mt1O@{ih^&%KYN{%s6FfvP*^muaQp`RKlmNKTfv+cc>6)sIDpLEV(tNPhaWH!( zIkY~yB#oLm5JZZ%1Y5(OV?^;J9NpVio3J}9+wwKW4wEW1GfG2HgEOrDK+%C7t(cyCf~vC1j$6B zMeS9nt7mW{_!6~fudE`FIA1wj^p+->G>xir^bh9*Wwjvz+ml%VE4m)p6Dh>X58Pi1 z`U~^QAB$)JmI_^Q)>)v^1sH8yZfKmWKHMJRj!x9w1B2TgaSzl}0Y40=+?_|bV z)RArvM5FVoYUmSwfBI#UHMPCnv>dZ|dlHSd^oL^_7XObktuib{D@ITWwOi=WEp;rzb(YX3(`Lr3vNvOyTYZ01Wi_iS zi3^!~DAH22OrNX5S-0_qq_=czob#B64Ofm>Bw@cgFgdsT4YjP~Q7B81)xm8P8!WQ# z&(`Obh9tlYEIj!|p-x`aQNGrL;DG+8-KRkCuj5QybjmPY`zN)v+^L1koORuJqVkqr zHtkz@HVbhqyxF#QYdq85mmm|%jW5&XZpX#cvhSUOJ~0u8yqs}Nl;h}0;r6~+D9oVb zGE`p6Qi=7c3PVP8F!20GXuhPd(N~^iv;C~AoI;i9N+qd_2>Z^Rx@m#EkXF!vFP8lm zsP>M1FdcY6^#49u&0{sa?YtykdTp^vF;mYqZ8?;`D3sG~-T zifI%tnBSe5Kgi1!xh<%BQ_@Z2Jgg0l{_z&L!w{=naj``%youF9!P1+^-bjnb?at*L z$NX}tF`b(40+~}AH<=k}Sv+Zv-Iftc-2=5-su>N##BL% z83~CHH%ts_N={$q5h48}WBsGE6_1=y)e!_rvo`;RSdNqXt!|-M+2;x_-R;(X{YC^q z8WV@E^Ad~wp-NM*4B2i;{!Nb$OXVO)OUJp;Q|6%uut(?K&GE=5w01jk zQT1@5E<#4JZglb4PmNW4HuF4u;;7N69WSnEkK14`!)#RE_RU07&q-L7ZLX0% zvJTtN*OE|`P0LMT0j=XUk(@F~0UP<@-|5@4j1t;ZCM(x*PrU77BT>%;mFsBJMWHs5 zEAzZ^i1l-?agXbe}I$tdfk$f(j@kX3BYPJwlj7Gx5=vi59{E1mpZo zq4CC_Px^SzJ<~2-@7(U>n%ijwO8k3jgy@ByVHD*=(z0=4sKSg^%6XEMOLy>JqdvXs ze%LOemAp<^GN~Ogh;JFKN&emKpP-vXpF_|$Vjezm92VKxX5vh)Bw#T0rOr=b_(O2N z(}KWAd;9m_U*u9jNGG0eZoHqR{q!x!%`($c13Yxnn5D>gTjD#6Np6T%^0LQa zOdCa}Gj5qYnYGTORO}>Ow6teDN{thRdxMVL<3qr06#^)6K>yu`Ybq#Mv3+eVWh*Se z4UVt;5XfBF?`#Bs{OH$<=Ric<7PBFpyP8&@P@&{6X;L7TPAlZaFrZQ*F^7t~VK&A( zFxC~!fc@-pKrPLJk!U~qLH4^?tlaht&w2_aQ@#8HN+^!^`X(oaqItn)Er&3O=nZ;_ z+Ofto3|)L#{5{v)+3MYS3E8o5=ZtH^Pn4ca&$oQGjpW`I^v8uZ4bq*`_<-%(6lku z2UF9Omt%CX$0MrYrh96cNb3xr;l<9$OJUcUD{ghfpYQyOcVHtjtc5i!u#*f<44OA! z+p0R`j6CW~`i~<`NmmWUuL2%ONL)-~(OeZdyD~Z05kJ|@*RnHxp862iVCUTL<7rsi z*-J8Fh(k`c@h!h8U5Y>(W8uGh+yDLd^y-Zwc$RhPP#HM+X;DIr-$sz0}$zRshYFpC3y6Jkn*tQO<=MrB*;>A|f?BjT2XTM zT8`25JB3guRW1N#0Gi|x%uHRr{0^wz>=&=XqqVv@9%laniR*9;f=}!drf0_^tpylZ zrC5VAV#9}2Dph6oabL4&jFKS7y>-rIsc z-=F3V0ysgtA3Hn?EsQv3)k#-qDXIj7CEFaNzn4>f2&Lj;#1xGg1PrwPzQSke2ULL7 z0|~(osui}8BB$&e>uM$pi~26DP7u zjH?bRyoL8iP3;qUZAs~^Bg5+GG1*Z)2y?14CFSK0>*C9bjP;6p%ML_@uI^vW=uNh0 z9bY3*P+pwS)>g}Ef8h!MU56YwM`MONFMAE-c^6s73q!9Px zg8{Mg-^6#~M~A^KQ^kiRvCabEX#E+^ZkDcj3Td(F0HqbN)u3dgr3ay_`J!E7T-=Zu zMJlD4<5=FxQA7ulYEd`Ga1?&zwC~3e*-8=go`TmDahbtzxw?jH%3jwMQN%kSR$4C1 zl4Y8&_k!7W^vz(vqNp0_M-{A3j^X4uLi+7#Ob}LeE>L$*h^in%o6)-@~eyv<2(Tu9#Z|3=Jk*%*!@PU+0 zJ*9v5tWe`QKP_tCb78iPwe%^q7k;;1ULO}~3SA1kwQz&L-^rUGB0t=UFqzGeBQh1K zvkAUwlHvSN)l2mI;_4>JdCft!;yAd(n9duM@aJppA!d*3$||s~42i!3W+d0;(E0mo zfd|Bjb6mVswRQ+FAbF6yvo4xTHGjZA6EIKt*+!R~XGY!_S~8@`45;5y|2Zcyxci%p zj&$lY)>?p#2WKsAkhLvo!_93Q#zR4%qKC;)P(9;Q9&O-hb2xeO6WSy9E6mkyrbD-` zqwU;!w5B}dS#(3vcwK=+kz`#)s8dzdH}Mkcsx z-UqC$RI+j>Y$B|+ais2#-J=-7Z26?$G$65Ya-H(u;EWGi`@O8IW2w&UmW*jAz`Ga4 z)J7ed+oDTS9FFEH<-DNZa6Y3bc%pGEG-}2&*=v+E3lmkA-!x2^swguTmgDChRh!1K zPiLr0Ht>9~xt<=lpPRTyTJfZ9HKzaGh`kHPEh%yid%~`X47l76^@*Cu$Jl5%J#DB+ zpU||}!|xmw)cCKxl47@KjH>Wp={u6P~IZj|`oon(mE~%OTKWygauz)T7rKXW>N00m;tzAaSIoDNGGPkZNdR zZpJUZhz9u8W}U25Xvcb+uB`Y6oz4WO???qlN9WvrCP`jq=+u^lseZeDKIT$54FIvj zKhTZ$N%z|&ir)KCJ*~^3KK4!%FFxggM62Mj@EEBN%4P&v&}))Q3Q?wk)CnCYU8mm* z6pY+M$$B)|KS#olS%Cq0vulwzw$sK`@VD#X8$Q)Do*0EUWXjGJVY>jKHMOkp7s&DI zU7GSkmAUbi>lm!u7k(S=AhT+41tyQgwwl`2*2+S4=Jua=j=Lhmctmd3?_>Xi)cV9X z<5xry=BlzuMSJADXCngG+=>H!CHuDwOt=7JdGyMKe>3FkgaDrcUpZCxUJ>1?h){gzCwN!CG?_u!L|yis#nhj#5k;#XOZ=3aX=xo!9&SQiy0%YvGVjZO%kR<8V~7lh^<`{j zl+=!3Snji?CL7?B?CRBzHRfDFk@fhSO5d7f@&bXh;N|?i3lWoyU%0C>AJGCEB}&XH zEid=>%|p}x|`!UOzIA>Eyg4HBSrEuigM|eZ>tdM zHFbtOE@2ayCPf*gkY!TRu#eQn%RWv_>kdX}W3ZY1y>&2M%X18SsE$PqAhJem=$p)x z_c^Xx)z04A80INFv~?sOHt`}4KP#>={^%ad4h#Os(a>t1Ov2XLsHR zW!?gCz+2bge`Wjr<(M*J8PZsUI?Gs==1j@1q_gy(bH|}is4lM+rBETGR#^IjI{c|y zBvZc^hgO(O6rU&W;|4$B#fYjD66X9-rDvk2;# z@`rvzbE+?P<7@|;KrVXT02)NK>%n!EaEFrmJ8x319CLsXU$>BHw0{E6`g!kXugu@* zm5-U|n*zYj`3K@J{R{gc+VKbKC%xY(6?{379I`s=IXGxkIA}p9eZNi;D42U}wyCCN zloDB=w~@th`$@I8X>I*TY01O>B5fBp3tCB{-Y zzHk|kXvhQkays^*P>7$g9higYB>i6xLzwc+F@M15K?t#mA|$DvT99uQWzC57^R%)G z&o;VR<+^qwi6^O6wbA)2WYwL`go&jviB`^?=CxiRkaQj+-8E=S$w|3(Ffn!QeIg)? zu2fS^EN{;Mh{o)G-Llfu3&m0z=2V>{6qkuaLs$}3l2g~={WSz>i{Yi3Y}@FWLP04- zXdK?d%N?20qOE=I{TCeIY@e3lG?=Kk?&Sk5xExTcDRXr0pj}OhvXpQKufN~(1dqNP zfogYyAphx2Fpe_7Uu>P za5NKuZcJmrvPRk(;^W_!a63xvedO>npFpOw29O}FtCPk4Q0K|`8sfqtXBwwWU?YEr zVj?iCZ*3xQ966Ihl(RzkrO!>ioHLoLhRN@{(7k_(v%5BzVeiHqzk3I#uLu;Iu%9Uw zw#l+1|41FFh^a~$44?JRTd3EJo;6sp+1ougb(H4RIllvuf>S}rsVEr6ud!#f)CF4GOorl( zsrvfQ;z8mo&m(%3@fH0=qHYnWwS(FO`%h1TVkfz-DC9_VRyZPYpl^**FVLSaNBwEoz=IJA&OQmD>`Dl_~)7mGDpA>t80YpuZm@414%p$x%&b(|Y;# zrRsS3QT1-?^T6TEaHj5Ogs%L^+J-qsbnCUQv>qUV8>*uspi$ReNqZR9P5>=GfOID*Tw%01|XIG+49E<2LlE>-w-HO5~JGUVqD1*v#823>2++ou*~<> zb0lETZ`-|LzszlWb}uUbS%JfF_i^B``^cV3svJ|Hu&6)GKprIOwl`rb5~p1Qopszj zucoXibXfox@DlLV`6ZaBj$rCZ1v6y*+4rBU_A2}RhH{sb$?=sb73*)G^dQ*J=N))G zXy(~k5g;+u*&k9?y{}R^up;yAV%?_+LLp|oU+vD@Dq3K8~^-@%8$1kw5Dnf0~ z0!NuJ-70Gkf=hp3B0QUS$8;BKHN$D=hH7AH@n>I;q;|~O-mz9iDM7We)8;R)7*syD z2s7l9Q5k6NofYK*ZqM^VY~{8ZKIEd@6O;3u&O2t5>6EX6L?&Z#iSn>6=l8OG2fE$n z^x(KyMP8`5If6Kg5{P2g`OVS%_ypzZJtbRXc-ftxA9wgV9Yr5I1_Tthub*fiQhX5L z9d+h0cp2J%?H}Qys=w_;AfB8ddbt=c3T%kq?-((`#MD}ZvL9}jYSxF;%k>jZdyFx8 zV;2>MGESerhmdon49o+{wp}f$%db@Zh&_aOLEUk&ivimPedXO;@zCkHa~3CSF1g-P zCIwGxcQ?I@w7i@cmkeG%Oog7b&TP$bAy%xqIAwpr-WFnU_}$ z9d}Xik*|x60(Jr|(FXcPR_@eY<&rPbpq-Lu!n-DKj)h`?>Y_d)wC|1VH<9NhCdE_M z9M{_NWpz8TOL;eBMR^`tq(Bpq&`;6kHRv6XXCuHmMXTFBqlX)>JaV2JUR|8WxK`=& z)PLp?k>H%P5ixGG-=A$#sg7xSf3@l7d}}I4?bnBEoK9Hw2kXTD6YHcf1;KB>yGPb)}HeeU@Ns#wD@UbX&M~g_i*RKw*n+p&MUw#-9A;?Y_{L8kw@j` zD`r$hwvA4;GxYdG>P&{|rPutfNq z(^^T_LPkYSHH`e=4^`!cnn(ixXiSjaVbMot5$#b=^HU`s2 z#Du|7`xuGifo0KovLIdhwgQX)Vi_}aA4hlnjH zX$Eeh%v6#C8q1$z$E7W(z!Z@`MFGxS+LYSqC&$q>XHtrG=P$5nXKPVqTl2Kh0*nm@ ztrp{YorOiNEIiK*cgHLI?9IM?AdLI#osf`Op$q@cyG&M-^o?)Y+PPP61rJMI!^zG0 z=#l0qm6r|r`x_@lz8}z9&bht&gOb)#_$8fVUDmO?09A1i`{VPpq)dd^YI|ugc*g&t z6>j#TV^aH#N*>mpu4Etr8$kwM__`Qra|!6`+42`3$<K3ajGa~MQMYe zBno)1UVB!x0d?kzLWfOOSyraLKZxDH6;FZ3S6nlN6;!MBVd3G$#bC0DQ%qpaLXoz- zRS~8lkISF2FJLf7aUAX%uJxFPc1q+RYh9$RSgl;!6AvgK;*bDs&}S;#GlGVRTJ_l> z$n(c1z-ul5M-qxNhm)-zhE(ke8^5t^pD!R%eQ}_LOlU?s6evR?bR@n}zV$OD zWoXpVU1nI@)>?swf-i6U4AKA7iZ6w#fg){m~yU#wWzJs zpdHNB)(-w#9!elCbq=Tb*jO)_h zmL=#4nO9l6LoEK&HwC7jGni<;Gt7}hV)z+QW*x4Er{?$0v}hW0jkafh&M3oMH20(c zNYGH29C8WraX(&LOsOkm0G*$l?40$*IS;nT^G~McW|VIq5e~40E;*vO$xCcMdP2p^ zwc~(5;R_P|ShS@yQq~)m(@$xaySFot0Cf{X@cVVZnH^Yf%$|MHEiFTGh-fsX6NGgbvx)?+c zAse z%QO59j(oIE9@uR_P`ktR;<9~Ti9&RF@Jn$qkwoltHwZ64*2>@Qm+TT(_^m~W{6UM= zph(wJC+{51JP-_@aLoF@ID5;eIMy|7xRC@B2m}HIZwT%LcLD?t5Zv8q+}$O(LkJcu zxVyW%ySuwf-XeR>%s%s-Gi&Di(Y;`GEhwtH9-iyIY~XBRL7aP_4A4UTbI2`l6&n7p zpKeMK9j8sDHJPDq&}+iL?O5GFaZX$iRp}VhL`g8&8&2ee-=LpY`M$UbSsdo3>O^0{ z+NhJ54tN}%eC8@B7{%2Ci3`FyV&nl0J6hjs@@!$8zEvWb0cQ|{5maS;mXXXC1=SWA zYCW=3VAuABOgOC9^*+6jTrI+xtWbLLa-H1Bv@FLOF(CKOMV8UpdWXpw0X0@}=G;2b!=T4&$Bvs5mXgg-1nmt=a_SvQ7 z4IM;z6q>cPuaZ@joHfr4kPru9#CuX_AjBvs5VRDuZ*ls|!+Z+)MJllgW*7hJF;ny7 zYsUj6nD?yZh6cG-OwMkk zAUviP6&g4FaEybRofg8HRGJ{T<@g7_!ESA`~@X&tf!QcPbT16Gr#}V!?@t4CQtAFRWVT~NR zkDYu}p1WXzoiz~u$C#?eRl0lg4`=H5{8(BRiNiww-erFMq`i8$*=hD6jEw_?yV$pY zxYT+_x2cx=>;()pR{=U~65?O^&?otSfQ3tf9>9<_M2U0)3|W*Yz>rPYD&mQi=N*$e z$Y#A38wF-n3I<;P+d-8^=}GFUdF7fa1+zg46&|fp;=vgYF)I>g5ww4wr=0iT9zBvM zzLdu7J?DeKQ_sY^cI<}o#@K_rIGXFYB?Ds9F2>4UJR}&K@PzLc0blJ7OmbYTF$zY~_NpX=O9s$S|+`k^uM&Cm+n{veDz07R@jY)G1l>i zpteaaX)7L?L08}1XU>DXvYKH#rU}hFt0_KBaEqnW)pE%C@Z#ZKfhBt_L63y`UB8C# z_k~h`E*b1OB#Mg+{LrnPsyR1ksTE}F zWR-*zu;YwfDt0}iD5dqh8!W`*RBjk=QPNv{`x_Kz0c^W3^EskoJH~((kAuraUYYQo zI{DC4ZvaF*ILoU`wT+4){&2Z9>ph!~Y&L8CR!cAN|#yR6f7Rz6@p)*)7 zz_JQN0XrGUl52_5h0McI2q(vx{KBe+t*P5NLk1nEn`hX$7AR$qUu!K zw{s>Gyfy2mJ(jUb?FmsB4z!athN|}ZuGYf?OzlCJcd1X!Sypzv-*T@|dIR&X-U0)W z9xFdI`9W-P^2%T=W+e?bcCyeSosiWOf_CRHVPZWyurxomqCHQ}4d?2_3Alas_%Z`m zR*i6iHnCUhK2%ZhtYKp6!EoTbQA1}6Jhh~FExR$2+`#}grsD@ zW^n8shRJf%T|Gv3v{)1Jv4KErNM}daYf7C$-hbfooQ0pAY4s#V&14y0P>gjPUO^ve zsHr`PJ$Pdx&{O5`rEk}-Cln0JBKc{t8cZv?ncq~&N=_mr7jF2TUp5O}K&fax1*xE? zH6m8a8lH_{>M40mR7)`Ih?iaH<%#9Y^(Akt?j8oKv)w{monOIKwe-3xW0$U753Ifv zkvH8QNSxIg#OcS5KpWFa~+VRzWa=Y z3;;DfusMwIQ=n{(iD=nCnZRBcZxFUI=T}GO;Yr}4e{h*XN9#%yHq{-g98uDeS_qGQ zZ;G9Vjl~s{FqEWtdac; zfu4Mftus5)Ux~t5Bk>-m#18IZ3r+@E#LBN>_NVn=JwoE-vfjnX>A&N6mYsP2P5A)* zfA|{V4k>+3s5aX~x~q&kdBEXyh$Uvm%htQKrlQlMNQ+Z})fh(OcRbhf6V#Jpcw@fW zo4jmrTY9{#eTz2U$UX8G0SCQn#g)6P?pU=J%gP2@(_y8IuKO)d?@fUw`-E-;btPlc zMRwC+ak`vDTe6B~#;rT5rkmx}SuV~~z*;a+8)P?;aEbX)NvW$$>=7C8#T%KQ50eY^ z(+VU-dee;2I}?wct;tJ~$z}N9QF3XcXjACcpA*F=-1VK@P9^|L5)~B;i!%zo6@_47 z>bP@T zMDk`cdIqoYRD<&b=1FYJ=Qqd#d?!WXjC^Pybc}$seklAK^m*EjhJHN$a%81oyrYfo zZuucRWhXsom9y>t@cD&K3L0wtieUg4AEJyan^yTCCaL_l1#P< zynQjVV)*kX^wKMH5|p-(BNwQ#x_tyrH|)V*$pH!B$)|V7=Y!NA=XUH#lDwBY78mYb zZ!vR=nel(pZ%coiz0@hKq+zdC%=OXfP`HGFSpShyu$y_aBZM zM3pdQT|WVd4?>yi)Gdfpv{}Vnfn^=HVeOCFurGM|*?Aw$D~Hw9rEKquNDPU7IV1lB z%>D}Ex>(cVW|Cp|9Uu7*@haS{uyA_Yw&y3@<%bqE78VT;-*JX)8}rgS+wRKm6p%>w z+x)P@y#`jwpPuPK^%=YIbwk+}*~a!`YD)_&J!^dZ_|2X$z}yKG-2#l?z3NT+Gu zD&J_V{v0!nD0oj`PRPgB3&XS4*uJ{lq8do5I*d#2kKQVd;N)dbSc}TB z@q)lsAi6#;(r3TR0^arG2r5R@xNr&eP-&cDlmYQe0_!uBT5G44?oVt7**?)~lX#Jx zvN&kB#`)#lTguiN)4>)gEpb{?EUowwHEq$fVm>LBFjfoix=RBe&`<7WSCpCD z(7vJ1(f33TVsB6o9rw6jArmKEGOzQZG;uC3XmY1|E2*gPF(Oyj!9ikSKzSSwL6TBL zRygj*R2pPCn(BLsQR+Yl=HjAg=(!YO=_in%GLg^?2lr}u|?dNRW5Ews|Lez&+S&xyz#iW_jz&v+t|}MJSqhkZa<;tDa=gL zcIkKnAxwqhz$=#HsU+OUOT2z+KlUX?qhVfZ&$teGwADTebi_Nn3AWh~KI{i~KTw1V z){geFBxleK^pOxX4{VRgtdU^#j5yv^)#X#F5v?aQSC2+uT%OwUoYesdJd4xqkvg{1;myLP8K~W)^PNAt zNQSrIL=_kZD4Xm`VDms$lS*OG^x0#H>-p?jBIksu50t}YBqdn>HdEhSfe4($gKUD%vIB*6NLI-pH8-zH`>XNIj0bMR;|1LQg z*zE&T)|kC6PRyYS-KuQi97xqw2Q^!b>v?4f=nlxmOlq0{I*@M5-ugmqrV%<`ar(E7|n}{ zWHu>Ow=8XCv4xlgp|jP7t}jvS#D*{>-O)hm6i=4!2Z_~JnzCN=5Y?ew+|oDAE>4sM z49IC%xcDNq+Is>@duFn9g`zgXngV`hQ)aY^TUH3`u@Nioa9PHRa31=0+3LNJ991cZ z-9M*_z7LdIFn7Fw%gGHjk78d}E+n@1k18*yOjJz|jK(dnM5#{&uqZ@s zd}dZu9KeGDUw#(ivHk&snSTMoo(FC!j-Xe@+*pgV`*rSF;Aq=?EOSKbf55>~5ri4u zxJB2hKa3UAyzt;hrRiygt;_kQ?2bUz0e78W@%2ZY2 z8sr;&eDHSn<0>FhDs-WHJG1v{V_B#aEqph{4Sw@bustq> zt=WZNv1-h2WcVEvt92^X6H)V2?W0utbewiFTo0$`hSH@t@m(GO*U<8iY*pw z`ha207<;P*wpxBTSHeyWC_3mhnjQ|g?_mc^%Vn;YOf%U}z9*{;Qj1_IJ)-ozDie$j z?cbyHt6Z4chF>Os!q`w~EXqdAq<;RX0jGs%6Tz}FjJpsOh|(`C7~`k2NvuM>;3RWR zX?dLjMF5GvO^=I^8KFo2LqPq72X+6#gCnHT3kO;g)XX9svM&%lHj`4Cx~EbhE2@PC ztK&j?GWpS0-ux7;T}seGRy!`!tZBP8CU?FHBUCI~P~Q%yCL3JVsHFT-;Kg0Eh6|U4 zPF3n?EmuH#IxQijn=6m&VeC2-%48I#;k;PiY-zAP-pxM@$3IAA?K!j5+i4en)|p7B z)aT#3Sx5_@6xk6LP?jedI9pT`x3Zy*mZFOPr$CX0`23Mh&7xI7G#L=^H$kgH0t?M` zYAWMI%n7ZCt-GExcKiXqJ=a#F6mZ|-R1PE0xkW1m+?y{tpgC>pCyNrS^az+spIZt! z?R&m(;zqYj`gx225v$k*0_yKkyH!ufIuhA*Vs@*iQHg}&s!j6ku*k96V9uf86a+$Y zTh|(zyF5Teg#>ZiZ4Se(0_3Vx5xJxbT9LH;(J7Yvrwft80rSH&l^wG4Vkg7z;Qm(9 z?tGaF4G8WoT>Jt${3UdyW+J`qGeQR9FcIBg=jiM`H|Y)0~BbF&1`xnBfld>co> z;n@d>RL1^FZie3=(VDj=af%AEu}eg?ff+irL~L3}49Gl_l1;4@ldcG-DkHOHtvM2i z;#7QGW@slbDJ7>?PWb)FJ8WSigj|Q$;93%Uj*jSDF;9ohi2dRvW3RXfBK<@$S6lks z*5E!+snywz7d z1{6aC>yc_w`(u%FFDzypC}>Pb_pAZpfdS4=KBz>W7>FIRFC1j;aA4V#*>O6xWN<%u zaCrhOQZN#QVH4e1ke_8MQXx@1ig>k`hf32=IQ7*petuYmyB5MZD-hHvz!HVEC8{(x z2Ci#06s>S7ICnK*UGf>Lvd9$3dm*wBT%yG;7>ZBpKE0!RJpYj7-keh)A>1C%veKA) zK0adEesV0FJtj7@j>=->2(mN7=#<31BrUim{N8Y#|1&wV>TfI%F#7D>&_q?=vTk2X5|7jrqwb z6a=y931TAIu-Kb1xDM{qZNL=T02i|acAi(qh5TS(p6Hz$MaWm58WXlJ|olJl}!{b zeURM6@15*<`Njl5&i427u=*B8&+CZy?1Xx9+qin~b{8QfgHFSKwC;n2t?_eFTP*AB z!+bzok51!z=6Sv)7On+3GtO(g9|skK)lct@B*)~jI8TI$?y%SPvrpt^T)vBPdA6sX zAF4zPtX13m0K{FB+AMRS9iPFmLku>p8}7dHUq*B$lLMqh1wZ0DtdlP?-_CZy1{Gv; z3ytu8XAV>k2rq12pW2n3A~SuW{0RJNMX(yW{I6jZ-`d=tz)3TH1y-Kt)#qP5U?z9c zqnUT`KLPr(Pk*&cy@!4Z07By-9=T6K6zIL7-8MJQDE4i<`?;I)K5;B>Y^Q&NNFbM7{6XZ!T$jM}zYh=mr`IS(iNrq$ z`OtQd<7bY%7$j{iK4RG@5brMmXHNj)2m2s&IZDsGXWt2BO1uGe!4$Rk?ZSpF*~5x_ z-(EJpoV{!SB~Y`(2)L_%sEtW~LJq`MMt`gSeFaKA)GxUy)L>k)e@l1U)!pae{Ob;f z^~`)?VsewV`tlKt_P$EO1Q`yWlB^%>T^xLDrFxd?TYkuaipFUiAztA zHpNtge0I9kh4TUqyv_^h{9cZ#loTZ?$`sqr0ZbwHY5@t|bNYh(BKS+=lpUuVr+8J= z*41j2Fe(y21bhNaQ=U*{Ui^xqF!qx%c}KBXCLEpZt(i0G%aVaxf3RSF1nb+MNqSzX zRvOcQ)reJ5t(H-6zl`-*y{L?t!YuO z{aT?%B3$06R{Y z$G51L5{}(Lzd=TL=0{FIAY@ikqAC2@b~5aE5{rY@gAWlXSD~9L<>T5lW51mh^)*8; z(^;t#abz%KDLZj=FY$H0-LCXlQ2miX$t47$JZsP0+__wVk>+B|TcJ@L|o8lnY zmxMdg3r$9XKqNBLW>iiuwXNFr_>DLdgk&K_ED6t3zw~&=gJZYA^kk~T8_RKLR6H3MWd%sQCd|2Qf>KW724w3VYfe3hm2$rn!V^389tlIW;FvoRuJ>< zcmW$d@_KIkfz!qkW&!+xaR$(pQKeCt+FFy=%CJ`6qc9-!Th*4Z0{tS7#~vql@&NjC zvYZCjN(o$tuc})F*uCME2vO=KaPb4zBRX&*t=~>ltc&;8yLi$B`VXnC_{0sT@ot}{ zC5&H#iGyVpcI)Vg2nNGG-6jFtmCaoEx1uBK5|4~7k2-gY;RhXm}z~~`TfuBIY-V+ z>Mg7MU&h7m=IO(qLaMsk;ysvPa-QwxRkg#XTsxOY>hIxCPT2_a=etW~$wu9}SW`d% zbrcLAw_8tusbQ~6u*`j74&R)^Pf+g?04 z%2J3D*-FFMnHI(ddD9HB{5`nH-=jDflUx^4Ae|4or{kJaW`kA1&_*R3hmq^igWosk z*{ng*-W;Ho5dT9Bsef4B`v1EkBXCWhhA91G;di+on*ntV!RyKsUHOl{n5mWz>2B}O z=ZEg=-Jfj6!y4I&IYGny_1)Ms-CN)p&-z9hzJnQ%16eoo5E!t)Q3*; zMrX)GDJUkD3F`{h!2|h;L`5ahD{E+kTA&zt6wK&>J;CtAQoRaXpy>MiGTxKU= znXyA!I#+g=$80p04VG~H**0hvzpl@rA=^jWxX_YRU4{R~4e5gH{lsZQ{*H+)x z+9JU~B`2*LbK#y*^>NvpfTc?vw@zHkOe{IgAdmo&&2MI4mNR)ZJ^Vf)VYn!?lC$te zI9oxrHzF<buj{Dtj2?bBn^EC&O66YM%db zQrszpc1HEm?LT*ld%%*HDEVW;Oc3VGu%V#AvMCz#AVOW-0;|#h4*>Q{nEr6V0s2kF z$kV<2G{)^9joi(nn>-rUy5@3|*kS1Rm$q+M1v*|PhtQfZ&wwN=!>eXQ5@@-j$uCB2aLFkf5iJ8nhPiDtYHux zg#qi3AI1UOl%;)~cVkmD(5XcKZk;$ApsK$eUlw`Do*ZtbY=^j|6F!Il;9Q=r;(n1q zZ6F*AZZlE}Zb#5~H-)^$=aplVtH;t#`-8DFfc{;+PgO?)=wIKX&I!F3k|#h8t-09T zEHzZ6F)uouPKQ7_BxK!8<#Pm-lcYeHZWv{28^qlxFb0ot}DFI?Fns?GqrXO zoImqiwtuCh%Eml>Ps}{V1ndLm3e^hPU%Et_vtB&MQzFQi5t^H%DiuzB*y+RJ8$&!gJ!~seZZ^4M$O3-sd{>Wnq>(QzA9eh*os`V@YLjn45XKkRGN^Opr|L@8L3A3@ zf*xaL1IxLvWbTkmk*tj2egZJXZxBqkSeAyL)oV3AVg|&F5b){UG+}|Ug*NF%zbYzp zDG__Oz%BM>u6VqBX|GH?ZN4r8Ktq4|-(#-7uo-fuhkheam-u8i<(jAz ztNSJv8$!$w2)7*HMuYWKQ#hFKCa`Em)ybWIc&n?li%4lo5Eb?{8jL=Z{cW!oSXkb$JhI(yCI|zgNmBo-vD{2QyOOn`#kJ zdi6lLW(?c2aRLS%dabyqZhOaK~bvi_kh!iWD@Mw zjY}tFjcxcs!yLK|pGW`=(zM-g(1=Qn*oD-4$|^5QWj;!|T%xpvm%=L&PK#F48h|?0 z9YFR}?=qhe_P={vnurx<_l+y5iV`jyqn3kZJ`E}jI%M1Qnam;l_yS;8rRTyj3MdbL zK>S+S48UI^g$6}n41fu+2@y{Qc{?6w7}a;F8z#rWXb9iINijrcypPUqFDBNx6tSBE z8R>h46f|`scq5rxr`^^(ZlQqSmllr;LbW&6Q#WA`ylu|{T65qDOS;{kS{^e>Q}npO66G*RwzJh}(qjd1Qc;_SeY3l)3S5BZFhH z8=-sNiE~Oh%Pt}AiwB%XpcU>vy8eGN@%X1HNa6AuW$LhL88fW_liY&^+$rt? zWE;zf&d>wL-j<>@%qYw_wirtC7U;?>occtW(8XQ~)p!wiE-071XJPydM^)O=kd=H7eWq!%)A@|5Ew9x z)KJSw_xKLg%ZMmZ;*FHdQIX7o0>F1Us0~pWYMHt+bsdOx=wi8QxxNP8i02AAnW&)p zcN&v@?<*_W%vnVW_+(RjE*=GKY^BwrqND5CHp$5BflDk(C@5|QTdjzqIxk2(4ybnj zt3kJmY8UL63QI%%K|;8zYTw4){U~XJ=_^BzrTevkahLyZnRcV(84yn4E>N`+B= z&v~kE^Q)o-zr5 zxG0z^ca}}Ak7~KD=JuSTbKLY9AgDoCiJShc8|AI>3w;S$mC!i~St}G(dX1u)+a6-* zJQsQrk?k!DjGJhgQ;k}l{DQ$PHPN=blSqP{Z=B@454}Jr;ekz-zk+`m+XUrW@^+>R ze)9To*j-Vn`II}Bw*)@)QL(iiGE-^fU!miN#6BVP-8=&ShVV@S!L7>Y6j8<+N-upm z$`(VLO!o$svO(y78WH_{l(cWl3$w=>Ep+Go7&Yy08o5Q!?YRy2c%aLTEVh5xfRZ5q zVWPn;tN0ntB78fZz1RZM3ah!q4WmlOREbus4CAP|V_Gcs5a`*-rPYp_TT>!cFYD;U zvq^euDU6P1lN|V`^$hfUkNm5Ltp;*kD6Puuy2Q~d(U0dYMQ&`vtLkP>elGq#D~B?g zNV_UUMWdbQ2mJCVfC_z6^x%~m{-X;%RrMQ|X*%8d*9+01RqU59z5_tL1*Xw#cL}ey zhVq)XCb$S7SpzJ(s?;kA5nc0|9JF{0xtm{iOf(4C*@^-4yIL^a60htN`k1{k&0yo4 zf-gKK<2oFe5uj}Yc9om~;9c~ezfreE<7z zObW^%VO}cT~`KpcjV-GLDfJ+OErZ)6iC8t{L@nAFj zMp}n`n7bGtb| zm@~>sAjX&rAUI0>b#JFzc}aQ(A)DgzEb(;*L(S55?dG7{tXU7u)CCvw+G0nlRrz$) zU?tNd(!keqv!4*p)05MZPLuS*w#_YPh_@P~x;3#ckKcCVVzWi_SIh=}erFLUw1DI~ zm?wt_<=3syOR(Z3kDhdj8W;RoTNNymz8PLu|L;RJM+I$?2>-S>e-Vr@U&wL9S;({H zqWb;3%!rtLKhnn^H|!NS)VbToonxPa*+*qRu6f?Y{+oeQL&96A5XKjrcQ8OdA3GTl zKChq}r5G52IZGo8NI?Ya%k_-~@s+W_)lD*ThvEl5wrJ|x3@xQfHXaQSu zGfi=Eao)G{q}lqY-{$N{%&j8NQ6;Adt?54zuhS$&kL8W$X9*fETwsv;6Mgw?dSAT% zFbuBo26#uU+Q8KmQVL>g3ShSn`_>5-f6}~NzNP|*`2H`zUQmq>e^Zz>tcy2T^mC^O z&F}2U?CD4y#x+SA7bItGWKa1da zSI>sd(B8*$fj64`<%I~XvlNgM56RxUy4IpXL2F*no!)Vo3bnf13eGj+@R^0M$j&a( zO7<$^coLh-j>Z$L`txsaYkXLcYWG@s|esJjmNe@!$ zrouI~&;(#Rm3Ve(p78+*5P1M^a+R2`zB~97PI1=T8(IsjS^Pm-W6q3q;}4?xZs2Iw ze1z&gfwRyXV7$*LbJAEimSC#Je|QcxiF~7otax##axO)5aF*=zq+CsP>*2>^zD1i{ z>4VV7@*5(R10N1LbU|eq1a)>mk0KQX>K`CL+A%v>=tGHg5K&^OLmeNn=Y#; zdI^CO|2b}B-byjhdB z7!V)kg7Y?dC5Lr+jGfyX1r|1vVR@6Q!#!8OwLxSOV^ z4bhq8RWltK8_#u4Mk6QnV}NEhB0v`xMTz3mG{>sC?rY|K9on@!$Tnj&&ihSRH~!DkzOB!> z4+Svb8Uj_SaUK!J>a5+%*vJS*^f%(4Q4oUX4OFwK;)0-A)-hWRZ@sub!LC!oA2e9x z?P?;p!d`RmBpW0A>KA8YiNF_#Vx`|$d1)>BqD08rMiXojKaKq>+aX7jE$ZmVFvajS z8e=(zt{(_VbOl6Jj3PVJ9cd20n7~QL+1yH_!uSLQfE8le{hvH!#MLRPkZ;*lvA_+2 z{1+T1@Med_zua3wxS1}#v7SCqnJkCUzZt|?_|nTp9ERx2vI%B|HB6}iDJB`)3nm-H zib(tO?H{Wg0oKL|hLjFH`8I2x2IWf1N(z9ezsvY^`rg-_aJGv813Mw$U1jLS>ofjO zSfs3QzfS7?6^T71oIFCGpo(Z|AHa@$t#;!_Vb<1?6VcU}Al8XW$HK0d%y%%cJfUNa z2yM++4HB#Q5EmK^_)8ak2OE-s!YhBc^xIk@sM<}@RwB0fuyC{2KjbtSN0j=QFFLxn znv2gbxVn|b>1@p;*QF+DmgcS&t3=;j!ri_Vf+zBZC-RZo-ybCE(tx{3fHpd(wi#xq z4@TIr@2Pnqs<7#BNbDV211*Kg21t!CA3#QCAx|h1#L1)X5b?FNq=$~f2oQt&S2RzK zsKq?P0Q)VUx{tZ>eG9;>jtfOO(ua@|n0Z+86}s_i)KeaPjUhrH6&O<&q>%&kM) zk=qJ46cZID{hO^`eXi{oh3V}c4lnlTJ}+EXHzP{N^t%eHXNr~Vm#J(Z)Q+(r;=}=z zsM8OWo8~{9Gt!tY`2^7tenCI0YN3x3a@CB_j{M33jtO@rC%Z`kzM1i}%`=2{+MJV( zT!SA?R`A&>eTK`zsHz|hW8Wfc(hDnA6zs_&MQ^k)0{}L zg`ji6UE^Q+6dNOFi#KsqmV;xP>ko_|c{t&6`m)5IV_%B|?KtNn`iKjPCiFs_May-W zK#4l;S;%Quz($|!L*ttmhFGoFe^~a2sfz0I*o{EmQBh3xp@l2%-=Ll%lbFLic9XHH zQih%MppF*u{{i>?_t$pZ@j@Oxo%H+$qn}%3 zdZu^V4&dvNBItS#SdSi3&ATIy3-m&x2Vou(4LD&TWAZ_}6sOr6AG2=%weRL2(@5b7 z-PEC)gJ})$A^w|10=0tA$TzQAp5(j7S&Q?f>hOM0R2cZAbV?Y@U$~6yVLH(Q!WmG6 z2gmvAOP6nPYfDOM5mAKv!fGgCRDD#5D0Q4A;X=T+zsRQGzh9}pe}9oo_QYrJaoNdx zfufMl+8$N$gC?K7_qE~)tk)fs3VYGaK{$ihm=5rXqWH!rNNO|)(ilx5%{5j1b>L1G zGX;_BOvRvwSA(@E3JW~1`~vjA9tjgv)*!;s~kIL^C~HQ<|ka+^UW!VV8&3 z?>nEi6=NTUeH1pnS1ul2HMo2)@EauP5$dGaCLyHGxTfj9U9B{`bV}1>DKbxY^!-Gb zQ!Vm1tdVN68Nz!T>v4DtaHZ3B>>g#kPQO8s+mpXiXi+_;LfyaI9s!r>-N^s6j{etc z+3oKJDZ5eQ?AbtHUtaqiilC~qd?M1hzf0Y`n|c(4K&z@|el*kxW0aXzQ=}}NebH9{ zKptsraZ!~g+|u_BDSE-*(_49buh2RcV+RL6%rZ4H|Eg*05!&YQDftcJ9<;8WmU6N_ z7oDs_YH?N=4l2H8D-TJc#s1>J9dKD>pGb<3k0(f?*i;`jw9rpCDtsNr7;YX*GgCir z9oC%l7zh6Fq0Q-~0}@NP=C)e?M+54PxIYmY9L5^PDxyl|rM;vHYSHnGY}-7Bmgzy1 zBCn(7UYQqtsICeU&5mso#x+q+4r~Gb>5x^@6gEsd(9h3xoU46VV_WBovj;+d7NRwk zA24oo-}{(G%TB~5cCgYP#JaZhnrD@lTGC5GA90=0XJZWuB68*P(r%&ecZHZ=Bm45c zI($GK_Q>nC@F*(P7uA97hPLK)sDX*YQ}VR5_hhGOe=xdfM<1-;NqN&y7pAlgHkv5h zfG^79Irze(gJ7qnc(h`!FlY!I)$(Jre8(Lnh3}V0Oh-Aw`pK~ar15N*QiO2g=Y8f)E9=G?3gDv#)fS;E28?T;+*ip#6NNYXfFEesGud@ z>fbic&mY47cyeG+>8;pA~gOUU_gglKo zED)mTlD30^O<7tV8dAVgQHD1pWE0MJ12tk$XS{02t?_NGFg#maFrN+YeJe-kgE37% zP0Z(r&q1z3oQLbpx%f>97u;lgb}EXAq%i1* zgy0d8FxO4I8m=&Jk81PAV#)f6nqrM6!BB!Inf~V_qH%tOHPo!A(43284YI3x zi0C8X^t}X@cA1>rA|6Lp$IDwBaU+N4os8X6T75_HE{BT=Js^H z3JqHmCeS-^_pf!nq=UH$n_jc<2~9~OmRf@_JwCX6cDLS!YT4n#9Qx>g0Ht<2Rh%vH zOHqlD5DftK+`G0To*po&{Lb1aEPpGcH1-G?BPsbcOEU~U0&c$56TG63a;GH)v~ zqP+k~s&I#8*Z0!D2kLU?n6SP-PFUVthi@Q%0I)J+A$rv>#$o_4kD1^TR{3(M8W?|C z@j5f)X$0uAEenexIy}HQoXhF0cL?TFY+zn3H0+o*nCBnQZisZh<@5dGEws%hKQs=I z!di+oj$|u%ITh7)r*;d+*7L*=9D~<^y(Dj(O(xaB1fV?vdD8k#a|+3Z=66y1ZgJs6%=cW^v5 zRQ)g^4K+F_z@8Ig1wr*CIIdLlQs#EO6dAJJ$QE9Aa0^S-4QSh!KNqjQe00K}E`&V2 zx=}QU+ckTU)lo`2uS(9BVk=w0SdG=Cx@Eup##<87$>nmIp)qYvRz0#6EizUei50L} z6KM@kyRs>%$i~m6^UAz(Qx0e~7gM1@@iTQ33y$O2I|wv4{ILh9<)2O2YQXH~Iqiug z5U9gr&jG5khTf+CYvI`Q7!|tH?{F&F0dFeRhP!aWX_g5U&90}l9Z48AysJ@nb+~I# zTwqpz&4X8d-2aSh=suGyf|XHwntkPr)vg6W;}3vFIyI=s9|~^3x-v-cSUC>D=CgWH zlvzsK9khijVXDqYU>M7#YmJMV4ZGG*+|>*^>Rjxc_BCH|QCR*kt5&Kg2?ZbCW18eu zZ_d`s_2Z=8>8}n;4T?3b(_S2OJ;1$46v20_(YjI`HrEsv2hiPB5|Vu+D3xtd)ocqq zI-+wMv_kN(NvMmWyH^u?`Em+w!-6_HI`3&eu((ZMJ{d;-PwaA7u9Zpq7K5-S3p+80 zo11DsU-KPM297IZ487MayErzt#S+>}xy+>9!s&f<8y&kJsiD3e?rE(u=a$_%ZL=g& zFQB|w250^^nv1<9Hx6HX>DN(6o)#JUu;4iz(IB-Q#HDI>K*s8<7L#lQ|MDj!YMRMR zoWI$HMyJn(Gpl!&a^12QC+0%GhfO=es`Z!ho+3*SD(g#n(V2Fl2MDutA+dE{810y_ zrl9^TMBywwa5$C@1Zc1B@s~qQut%A$m}R82snSna{S8lrs_`=Qvg#hr#VaE6pUASb zRa7OM?9dwv%&5;wJ_}+|OYv!(LIZ_4ub#jXxtc=dns4hPIPxW^+-4?H+M}$ZJ-gvB z3kh-R8zV;pGJoA>ofHm)hvC!mygI22^I4r$n0nfM4THhTXZ{ia$-1E1bA}rX`}U1v zx7QQ-O?+Ft{XN}w)41+TxULPM?Z+Gf%6HNDQ0o@Bh~6)$VozTdI}}3{>wf*bKPt*% zX#S@r+u;H-4N2Egd$!V81xk&xYiFVZUZ@9+lkH$ynGsRagq(wrZ^c+B`jI8CKi}T= z=zw6U-txf|F*XsnqK`1&J001w>5g8ir`Ded%{yVf0C8z)3%$qs#IDovaji+BXuqWy ztwDTcUcfM0;>A!3D_Uhe|1J*dD@r~@4t&PyEix?jqHk;K%>Bxm184faF<|ERI?W+X zIKUs}V1Kea>z2-$`x)bWHkwj`5abJk!#@F5&w{B@us3GMWzjXE>A>lRooQu(~)zMK`l0UF^7z``In0f zblCJdfbNz7lxzRW$7IU`eNwp`(jW!Nm}QOK(%(!<)Awh_G9YjV8G=fsBa_BM)RH5z zNYL$VCM_f@@4qb5KhB*kJn=Wp-?Id)BEt#%T6j!m%AtAcBTCh}m+G_5v@AM4NBww? z3fWe7X`iZAyjE2CEIljCR7hSWeMTy2S+m1k=d5L=j$X3VH@BE{@sTp$SsB+7ga`s% zz<{J>7w4pm3B|u9AU6wKFu$JUtuEIQ^o zVsAL!gnvrs>rTEqu0oBn#6-0%uImOmC&VJhwZl8D7415C1*~G@-I`GP_X6sU46BGQ z)aQndWH4E*^Ko=xQCgOSK1OwOIUaV!<519}hDUlz^@ne(H~YKO-_*Bj(_Fq+SDChs zq7yZ?--tsXXD2?|n=ke9@(S9OPm>kP-*N`4Wvg4S>7ENGL$LLaLUR|4@3I==rsEFF zM3StL&wz|iVc56AFLS4->x4rZP)->ZZJoTOnEK8T{sr1!eQ-FzKrX{ceKAa4hfLIK z>_kuA8LC19?Qn2gyJ=&=Ba9;mX?Y# zUV}lY*@c?L?1iDc>M0AtXnke;HF)%`R$-h9r-ct)C&gpJ>Z0<8bOa3w5MvlWHm^)R<>Etgzh*LW<3B>M}0s&6XLfrplm!q5XQ}CL_Z2gmJHzEgb zi7rXbgS*VhqgYCJcHiaYv)p%M_Q>M^D+d6PvWk*8PIN@0{gp9m|Btb+42vr4+8w14 zK@g-v0qG9u5s>a2B&AEba{#3W5D<`7y1P@PTVUw!?yli%-#Fi!-#I@R_GXA-@424m zUTfWP;b7i>rXt})VGprein>Pbe*ozXBLb>BAT~?s|8rVQ8Pbk>L{5M|H@eX<^n^ST z_HKb7kz5k~9&NJqyhNno5Ks*FR00EO8}J#)ngws+QTOk^h?Ci0G$l0~HKo<>o(UYK z0!X&Rsq7yM=zl#v^ahCPRDyO_gow}9YCO@)mIP;78j7+nG%xt+u5q=;rzry|oF|() z2WbHW&-o{N%hF1Be2xUmb`eOl|w0GU@N-(!YP!5h1BzbGF46d&e%^ zOSyc{MAER2ibJgs#sBo>f~ZI{_$}jhVWq6q33sIgEy1YE6A5DAE&f;w6IxLn8wt^!l+#$Rywe-S$ln1pf|8~a4k=4 zVrl9@w*D&or8Ik&Y>wbf`e<$Stv_nY4k->>PiAB)ATWe-=mr{V z8klSrvsD0v`iBqrDgYmg?x(`aA|4Ck2Uhx2k{1SzF-etEANs53jRENEbwc(IbtHA7 z@R+byS>t^5(r2Z9tymw6xxK)6?g4%L)%>ZpMQ(ESh9M;?HIZ*p;x}DIdYB-&hWyMEp1KtMorO9JHz#!;9^sL4OUq%Ssj>h1+u~Y(VOj-Zd+w0{umNsSHi0I?Ap_chT-|rA!!Q#7jq&(wOr~H90_pcVLQ&v z3+RdO?gJ&R`U|JCoj#NagF) z6;fiVm(zxInDT^F9}Yr$9t9CAr*U!WGpKq^n4x(;c%e#}NqKYl82XV?hmTgg)y1ogc&wr+( z<4buoe^AkuY4CdLLt+*hvN@XFWt4#}|Ep#?(WCpw5EJXShcqd~v{Yr3^F&Bdr&F3| zWheP1J!_?~K=L={7@6)&%B>N!^`?~}F&wYbxgu}f4|k+WbG+{9+HcIh_FcsHZ-UU0 zHl3WiM1{FxQ;e$VOT|*r)n=W#i^KDEB=;JzGr1EpdFuNF!X!{aFfjo2v5qi>rEAq@ zpJE;26*!wI5Z3vZC%zNpn`aKP4f3DFj$K7q`kUsw_SN`kEUYzQvr)~Q&Qf#UVe^R{#>%b`XCyicSjpTMk>g=vqM@f6 z|5t-tG>mH*Uby{yhCD-(G}DaIrCWR~N<6XyJ}A?9(yWlD$dQ*4A6#M6u<8e_uS8a3-c_foZ`mm6bL20ox+PBY`P8f?&k>3PP2 z3;V83D+SA3;0BfHzaBuS@1sfHm_*Aqq&)K?vGJtq#KBAzSueFo;Aj;x&z1L)Iw|Eh z`@f@nrt&QpMQrQ=H5o0>+K^YZ1Fl|X37;AZaQXqWK#}o*#YJ5MS&HRT*uFA5;kNGS zpT5N4U)-vJ9(;(+cRbn}v#&T`f%b&(@NTCQ`gv@em}JQ-fH=@mastu@Q8t|&u)*!vNN zRBOxMCPeawYd;mDS{&xPGj=4z)P4ilWV1+o|rMbFSkklLjjW?N#$^ z8zpF^y75*CX1mlB;f7LKWsW|Lgf;42+&y^WCxBE33p+SJ457d};_<79+?ZtNl5BAO zmNx*S+(c0i6nlavPB1(OpA2yyUbPEx+4ZpDhDS+OxoP6qP?P$B*1hKg1Dhz|Q$lo07u%a$c*BSVVeG z-NX?x`;4yvyUjn3?f;?k`0raOu-*Q5%B}Iwbkgc(iecx17igTEa?PF85q3^mt_ z`slze^yPO=M>t^4@@`@zqOHGTc()=wGO?P!wH{Lb!1(Y2-R+s|###N@mR=*@@Asa6 zAKJ;7=grOdmA4oZUlW-?CX=8cch8S0<>cs+x-N%%UJ!nu*}BCLRKJ^zlk?tAaSB?g zAAGXp8=K+YDnG%(!<29HF-74*ClDn`qgNB}r7mbzkvF|@812)}X!Fv6|N3Zyv#E2( zmBP|i)gbR|r@(k;MNxdA%d`0taZ)Oug8@`@v@MQ_rr1@34%}5?8InSIt4=B57O8G1O4}XvyX`5O~{?;Sn z>lT=VqQQLk2D6QZf{%V$KU5hYHGVmL{9ox<|3l4sBH$9&m7S+OH7&IO=%&Iw@s|E$tvT&6X%|Fb} zj|z21t&%-Fhm^-}iE~n_V)SlCpo6R3Xjq`9wIu#p?KYxsY@@YOMa2T;(;*TeGI{$UMU$Pu@rE4D9S z*ZjV@yspBh7B}w9_B(<{`+HeVPxvc*dtxPJOSm$s%TNL-s|`Z(jE-tD(_Ly69Lg;$ zIf3)M^&&0qnr)nAj5bn-5{Fr zHVe380qrV3=PBz_H&-LtEy{*r3g-dU546~78Cs%cMQlz9kIP8J;{iJBQdGr=M-bPF z#sn-q^yW|1z_kv|q5e{e@915MM%w z!><6e_mf`e83tW^Nt`wTcR`D}XQyiE!HRLIvxmZc9MHj}E%{*sbTHi)v5vp~gN51N zytTwpZYRs*`32{uYAMagoj!@@V$zx>y=az=2 z6K)gZ%3@0sZAp z`sLtk?ml4jaxoz%m=N#*>Bs)>+pvH}J=+OkV|lqoW$kyW{oOQfx}K8+W5rLkXi3?N z4DhBsCRWxTalT`R&fj>MgHvtHVlq@VG+(KxYMQ5wXbbG;PO|~p6b2E~Gm6aIQagD~ z7e^j*{?j=V0CxS%!5C*scHjq)RIdRQWP%c-nsN{7chQg@x9Jl$ zakAMzU+ddzYE$3Vsow&PA`a?g$aHZ+_rr7M*iZ(Sn*jIMPJfFwemjksaGJ(p$8 zh(D8Aa?$^#+Cwv4I=n`e0}Agbpzvi5->T^{RGq$7Rx*6XEPd`Mj5ZcqQctCfG|579vw}A30UJqb35CZgY1&?*l z4}ARO)&skk&DaIxKmq>O3Kvvb+-k}4W`7aOyzbPyb?-LM)^&e4F~(>%WelX&zlwO^wr;9LnV7XIJJ$Dx&)eUUH4&?tol`PUSte;b|4r>qJ zJeOwy!m!-az9Sgv7@}o-f~X$XJc~~dU|?bbxYHJc7FI0y>KD8lI|uZHg*6yweOIL}ef--eT!G(gZ{+2f_ek6sMZ?{JUA+@U;_hu@@ zIbGmH|r++}!12yweWP{j}Je0-pJ?J%#;1GLv!_-!F-m*; zj365K-<7g^b8)JQPkOpRDNpC$5>r5K*{?)i+BvNBcRKN#S651fpgaj&WGp9(aZDuY zA|u;`foGJuj(2XV^ohrYY^tW^=6WzIdPU|y96eJ{kcOE%a8Ck!NO*rpjC(al2~-~w zXwX*7ohUuCh9F*!Z;tbXB1U{f7CH68l56r*e)*wcqR9?rgq_aX%%=s&Fuj_H%bnYq z$xchn?c7+<8;C!Ws$;z-56J7K!iwRiBectDcoYfK|uYc^x$Ono+WofwJxFt=2H0r>4s^h(tCuwL=m&4?qa9T=twz{Q&Z4ycf102(xh)5v1UwmS{%iSeK#ykYr^F(m0sDON-tL8SJyWk77lQrPKgq;HSei* zynJ!p3H-S3{t!`Z!o|g5W;Ea#imW7A8y4ljK^AUDdo&&+K{KKH zpJ#{CEKYq*cDVorK4#%mflHibe={reHL=;#81+a=5w*0A_Nesy3fDn!Mz)~X4~^t7+7sq3=J$fW_o$DqF?oVE?MFl&J(syPJ11s8F5_i z132PXX3NpSA+94$Iils!_%Y~PP_}jDE9lRfo04pxorOU*Iz5di{tf-q;ZvkE71mN3 z4)J-36xyJPr*p>6On2Of{`PU{vT#Xsj(E|PNZaV>Jn8;#=E0X5JG9Evd}Ifk{#C1w zBHZ-|7#eH`Mw>ByC(r<0xIB*kVT=Ir6n}Gg7x{EWx$33oC0BhU*-Uz$L1Soa|AZqN z;`GtTsXES)Fk@e@4%r)!m+Ye~)eC_gEc3R%mjv?T5)CB7)Rs~{oTwM9k=3Bv`uTYW zEO^+Iyh@va1i60`a+LhzwiAH9_RMQ?iURfcMZz)o=P*S+N>N3Fhd@LK&F7CP?88)K zsH!+E)pu7_Q znIvCR!>QHWL1EOHV|gn{^YoPIBT*C}<3J1gNn_MRxq{O<=+;?Yon43M9m5tEwPPau zN-(1-wd#1XNDp%A;X{qoR`+Gm@)F{G{=UW1b^9KwDcr4dTpQ3rB$>q0M4{VT)*PRX zZmtY@v}W{{S**m3!zoVaQ_|4`h~Uly5Lqy9Te{uH8r?DTLYe$X?Oz+THh!m-{S^7> zb<<2(pL?jBLbi)?$oN-y1;q#Xt-Uwch^Y2j1*|qrT}UE|*3uFpW}k7|5U&qlfoL?aKs< z;Rgy%qSQ0$xXR4J@&1fVRZ@N&Rm!^L$}C`aMo6CcNGaDhH^mM#)W_w-UHI2e#dIV2 z_X;yM-Hvf!JS$qPfkV zh5yul5vy3OBZC`rAV#rP;b+Wu+ZwFcEOTD^7JjfgTBOMbT8zlctZnwhFFS^*#lWv; zuBIDels!Kx9Jh9zy8HfOp_ZA25*Jf7yberx)DZANm3Qu?=-ijt*AIzpk5{6E-1S4Vk za`>0`W^?XNf+n+2B8KADTt2Ytdm%vtnOIy$&xH!Bak=cpPl~Sq0;&{rd5ZN>OmBz$ zoc}n^*l0b;-^!?$4EJ5@(3^4Z$*Yj{+Fw#$#!e2}NG@o{1>@82t$96TeA4y_ z0CMylkS3I0;BHSoy1jw+-Ax9UG?Fu+i}sR@f>3tsmo=ryY{a@Q38okq}# zH1xzn!^h_+eZ?miR{Ysb!6tXNoKNLrCE4I-EECu>Y);B`l(4|Hlc(;7fDjO zXOK*WHP%J2s+{JfW=}aOk2&}!t$~Xefib!_fl9mH>}UI`b%?_DJE6{ z7xCrUohO7q-(NQ&ghitH+60*<(|r}l!`i)?ATWmis`4F41R@H6oWuV(|NiHhI0T-C z9iRgR!b0dmSDdmI`5>xUg~acbghQx4%{{YTZ@7u=;_A1%<(X~5Yf^MhMrMYo#~I_5 zt(GGP2nI+vFIR2&O8rRK-lv;kzP1G>YsSNvhfQq2_>AeV<1>GNQQI!7_O2Q$Tajof zvNM$6uXDVluYl)RgCcb)u-@N=zcIJ~SOcOZk`1@0CrxBSeyH@@{Mxdspxc=ES;-__7p%QfRo0q$Oj>3mBk3MYS%5 zPl1EN8G7i`2O!i*yR=GNzuKH&Vx%W+h_AmB`yfe>Y)Gn}#F}nDwws5o8ef;agO|W>KQp!M6wVW^gTs_nM9LBLprc7U}G+)%0J|C*k?Z!M0 z!Rww|jq1S}YLK7A^`TEX@j!Z^>8PGAe|)3qq94yya8?d%Vp?R&kSbwbJ#(G0vwn|P zk=C;z`_bz(uPV!wbwDX5r+!M+Dy8=K@n^)gLNa-~6>X&2+HY-EV&3sT=SQP=fPKco z;eRYTT_~%5p9PoSRll%z6b|p2RPh$RdJm-w-XBFNtJShmvFGKgd%H;$^fKL}=Q@Oc zN5R|p@17}x|LmEvI}5eabG5va%Gq+zm7IvLS=o?Yjir%a5269BzI+_l(}VYXq_Dlv z+f>o=q&RvwAh#deyb+T=pXGb}&I&zCM$Eqi59;2ijFo^#h1OTyDW^J^O_V7&6MoxSHja&9X?dWxZmNIFn-%BZ|SoW zoxYH1dB3&(E+Gw!)OX);e*@s@j&N^*Ls!&g!#*3(WYmyW~6B9G~8 z@fRyucaU1~hnNjRGI3_lw4a_yTl+Rkqx-OmIJT(7sv^pVoG}J*sD&$XyZ1Y!y`hzH;=L3bb%o=ftAv{< zaF-W(q)vn#7cLb9Ui$M^efRiS;Kpt^m)>)#uT)}Pd#WpEt28}AlrKF@N9O1`dL^iQ z`#N{6$AP@-*#oF~_ImZWFioHgcbNPH3qwR|^U81aj56DpZjdxHcZP>mBf~uFj_mlW zc60PmO9S%ZdWD!-d(p@$>T9%8;?*ybQikb_S0hLJO~eIH=7o@cEcEr;CZ{euCXj&` zeaDKq^`QC8zh<&BGt5#v0C{o3?bNaI&V>(S&pf-%0$4HF8q+H1C zs!!0F7}N96>U!FcT_&DtM$y#jP^7*tcfN-qXe;k=qVq~Vb+zEbo2ZNDw5)hfndO*@ zoBO+~S)UnW=h9GM#ysL1!r>X7WKv`uI5j0i>!&CJich-S8bPVLU@=Hb zAT<`ARO(@A=Rwi`E&i>5dEO00X10>VV@sL$DK(kPK@0kAleQQfJs!g!u))|s2q5dr zzd?O60P4p*9WNr3t69PS^1;8(k!upIT0Gb|pyn~>1PRxmMM;A4QF}(^RFBD;(VL%q zH~$gob7m8d`kwqpr2kJ>>0hdVKhIH=-ilmtDtL8r>_Sw^M$ht*{lm)ehWI6raW56g z&bPk9c)XNC5LCsv5tHo#Hmx(}k<)2MG0Gi-WnItCjDu)kk4{-hsfq=E%?MFG5h2ne z4Q1J=s}9ncjX(9yO0#KtRp~s0$I(6TR?yKwck&bW^j&`S;D@Y+p`r(nb&B6&Jr-yA z(?xdlI$g5WFBk;dqfxI^bPk3F+VM{2UgbWeW7|bMn)^9pUwMxhPxKpdH(Kz!EaB1_ zWzDYh3P~Qq@;wyGycvh$CD)|0!fN_2IeLck^O$-13w4>&1vsXM!Ku#l)deEpnO~lO za*R`brc+Pa5RMzbi1*ofqft~OvBzm`)A!|+`>DKuNamB8VuJJ=6DP?WrnuY4cCruaj#)UZ{$DUkQ+J-o z&8xL1Jb-5ODVpmll0o1v>yAG@*%*$*GG^uXEIH_?6m7Rs7d{P*r_i<;C#573dcqda zBPH(J;ctcLcFkYHlBV_W*LP z03RKce!Wxrv2bOr-!#g@BkE?gtYd7eiTt<-=La%{y~i3-r-r9)X_6pkd7Y_3!B+%f zc`|90Bh!y|1}vN(1T&Uy0T&~tKe4eVk-qbEOaz5`GMAjb_Rb~MA#cV84{Hyl)W7eS z^)A}W%NnG0PBq%7a%K@N;z4%o5ZnCt2@XAPn6SaueO{BRwkk+r+zi8_j8WQx=C12j zyUx&r7F_x4lLws{&|h|6DuRb)S6_!NC$4-k{2fQVkbIzf`y)Q0Usa8U_^ZoR6`t{)DWesL<7 zWJ56G^mVT<+zt)Jb!e*s8{FiGwyW#oa+7`+dJLVU2ZDvBa|R0!629y()MpQ(qSC=k zOh(1>e|l)>%za4TKye_LaUVm7IzT54fh4kO2bX@xilBuzFdo-5``?=NXgW*R_)~*K zV1eGcC?iyGbn(uHH|Yb2E&T}RKB+-_JNQ?mK=^_YU2)W4D8QNMkv&8-w4U-TZqz+hLWsRFI3IriB^Fuj zIjhXaLP}T$ojV^fhoZizCfF6DG3?QCU_zJwShfa#GhS6u#DZTwq)1!a>T27Tj%mK1PoVl`8-XO@;_4t}yio&T} zY;*E)x{O@Xj^Lk}vY}plkx2XUDP{_JAq50>gYceY%kJLT;q6T^6TRE@>cTU6VsU)= zt;W|68lgHhq?6@DoXP!Fm78hD$>YWI-gsmNP^q#K2w_&&u+t>|dXOi9_>_p%2QWyJ zUAM-JQcEj@121c!hiUIHAc>$g7(u$t^u*R{DnU6-41Ml|UYOG%aHh#v(8*7xG`fi? zQ(=V-&$2Bb4Y`v2}eGdYoA=KMC*hPE!sf+&TV|G-QWppago{{ka{(p^Ruj@ zky;YXaW$hfJ~9&t1~bk(Xq&;*FcAMl>QOhUr}VW+yhv~NX8oWrujRI|UK`Rz!wOhE z#^7UtxPF2(UGO2#-Q3I_H8n-GDJbC3^7DHxwUeg9a@|g+^@G_~;~=2GN^$8lACWd+ z{H^abzEyI+8&UyZO`?fmP?eq+XUas?MEikkFV$=*;d7`To8w%UYNh7|57=F(|J-t! zFLBr`RY}M&LR#t>anQVrybz@wdf2?B-u`tu{%|30*yHd$mx0%W3qaM>x0W7bcsJV6 zv^!|HXkhPA07(kgw@z<`d!FjCXIT=(^DrTBc!mUJ^7KNCNJH2DfaXG|?rR73qRk_w;Y#Ix;Uo`4W`&yyoOORK@^Z3n~d3QUJp9D`h$)7-PwBEb+(tQ6`y|Q zEX?KeaOv(BQHK*ba9f>ZVQ=GGQ_AWB!B3`$qTbBICxaSZYgb;mgvET6-(6XvLC*{citIKzdtFmfqRgTSBOIOnZM#J#eBNBOOJRp1-SA1tBYt)k*togVK*; zg0EgPajGZ#sy1Tn%Y{nPj&mt`rICWHLMFmP(&J9)N>#;iDpW?wDZV1HHl!ym{^ByP(0&AV`lUpGY}_kCPWE>u`#XHTwa#b#=0KZ0!f_@y)Xq+v#(eK6 zjrYe|l+y!frj$_o`Zmtz^O7>3uES`Er)Vd_%mirx_k4 z2EG}Ooh&AZadneCjty^^yJ72U;Eg+0`uX}&9;T4riBuiVMPOk{`#zJY9>P*-rbA_J ze_s04g_QqnUu>iA1kAcKqZy>$Bd8~X#mOi1X|&mV85%)*lv9ScoLE&D|Ja%GrzaZ4 zs?d%9S;_1ww7us}!NgnRJ85`?R8Oep=;-9&o7q&cve}?Hf+)U^fhzv6N%hfU3YUht zGiwQ>?OTgGIbhx8{*&J3VfeqyaDlb;A1Fr#<)a6zQ{FjzN7$FhCX`Cr3l*a*`(u}3 zl``|G?sxflHF7bMC?yFljs!8ndC<@+a<22@T|J5kPb|6UYYX=M@{4aUsHHpGz8H+8bjr@oXcP980^`+lG#5$+p$gs41G7; zbHrj8+SK$DlY%xT7PejI-o;=&dxI_MgJYFI(T(yE*|dlo>c3G1k@H!0RUR}2+%Kfp zmd?)4hs#QQ-Cx&!sO+SXmwfBOD1E-Utvnv}2UuT469CG;KVyRbYC`t+=a}GN^K@*{ zlB+GGnvBn6^gw0Jjzo{9h`H@B;hYfH%CW_=CSQ#sO!}`x*<14iIRq9`f{wm3c z6eZ86|L!UV!@k!=14@jyQ#6wI(c*-cT}OL0S>R2zr3oferm7?0f>X*k(GZiaFr= zIp7+HmO_UvMfEi0)PGV;*1g_WR|lV#V$RGRD6kzV`(=~L3a%a?}Spow*RJ$zXl@|Gh6G){G#klbjbQzc23QGNi7 z|2Budgew@WpBnB6Rod0vclFFJZzzx90kv?}lXqWtuj-mQ!L?JyHBy1uZqWen@W1=; zw{%?XKY(bWIt&hU9zfgj8Yi3WrPuT#M1V2iU(6|PxGrMgX608OCyqWdKs^Ym8iS-& z8uW#+w-Sy9U4Cn3^Lo1Td=!SPBh35MRU{lKK0vZ{I?6=Jq-C_=^uxN3!cMi%1}5O1 zDd#uXgRGW`*@GXQQgd>Ej&?YrUgDl9vZT9HmD7TQaTU8KcRK+3y@WHFr=)pJAk5a% zNxG|x5Z1azNO&s4Kb+q z+B)_K24gdWQATIZN!3wP4opIl7Sew?j_V(($Rsfi0C|5|0P_c8n3;Z+n{eL^fXlr} zy^Mz1;G^i|Hv{*u<|a8$%TE4(5=NpO(`^Gpwb#ey3X$ z7J%4d?9#3|7;8rRn)g=yq5k~%r)}>ax4^$0L!3?C^Y9^I`N{cG;eq2+3vUST0zW)} z{GnT~lja=e$xZQ9^w5-5lIXvi)do>>S{;9>M=$E0g+VzP4PMB!s;VO|QzN0}C@Nj4 zr{Tbor`J}kx~mX0&_LDW=LzGRJzaBb+Zw;4s?1d+EwbJRuLK*CHz1wFbVND8pj^85 zAKeq9W{q`IGuYqWDHu-*A*hpbJAk)eKGj+4^u*B0=1NI2Pm|YbRhUN(KavqqlF;eo zMzj>*CQ$nJzR<;{MgTi93dtiz#*NXO^Yw3BY_4CaCoW`ht3Qf{r^OY+^o%$J zdVe#3-1|zQb%&oBOm27t0xrRH?m#{I2zcwG-N~^G1zZqf4bq0AK!i4Uhel#NVeEUL zC;GA2*@$uP>g9P=1xiT30q3mxezer_%N+sO4eau9b9}pA|9lw1_hpS8*%Nx0S69NAd~V%WxmM9!TXP@96CUDz%PFnHK53Sk0eh;v9R zgmU4B3buG@x+>Y-c%n;wq_5Tb#<-j_%{V{n>#xA1hFhvHeq;O~e{!S9^1vjut_L6P z|82dV$CeaowZOe+E^r+1yA+x1R8`O%6Q{44v9s-2&dBBL8G&N`v6{hS5ij;mfzoI| zd+{}sX33>Qd;s6kUSNFcB|2w2%UwRpGWwf03kVIaiVQA66b)jU6cD2hD+hT}zE8f+ zbVXK?wmB8E^cz7R6d*F~WsG&SX(nAF7kP^rCl_LPx3>@|(v!$rXL&H(=HK8j;mOcd zJbSuNa=)J(v)DGWk^a_+nA zGvpdWnb{V~*UFz4$NIzL`4GpzPQ6}jfVZ#^Q~qXp8L>m51fL-0=NGofclww&Ca3uq z|AofXfYN-vJZ5bvQwioh0x3s(Ce}?2B2#~*?@kDURGyAXXmRv6moE3aJc2>FVio*H zcEL10t6xyOCim`-v0221z*ttrWNycJ%(6^o&h3p1KY!8_=2KJo!vd5(T|s``bcdC8 z<^&tF^gl+9c@(nJLqq5reyPYcNkl9J8KK1S#ng5;*Q^*ntPU@17DIt(6~o)e90^{+ z%Zx_ZgnS14#2Jvow%aAW`&6dR*q;^e<1bb1*i%v<$a#a^5!9oIaR*Z`p&0!`Oo^(< zYcy&iN#?gbOMXxAenKK9$J1Z<(z@%&mDT?~*w38YOvO|%$M=(>AbL#m#UwKT1N8W3 z-fa`fwPG$VQT}Za%$wm?>A_;@7Xab=|5>vC>uQa!8I+o>GV!rjRKj#s!XB?WNHR=i;-hq}6l?ihL+8K) z8Xq+ZDO=fYgRjG$9t~fPoWFysNT9)iHRGRHDJbG@Hc#hXGkt6CPFXr0RFHVdom9!M zAlJ_7$McC8m0t$^X}U3BFMbXI3vucU9LopNs0HLSvu30%5MNv$b+axc!+F613HbKo zKgG1$#ewd5uJX~Z{TMl7Y1_i*ku7bFzTi|RwRYO3Vf-Fd2|g+~kMUrkm~#t_6u_GN zkEE@?&nkr9ETIKvPu@A$rAR|oTcUA-%I7nbddS-T+-c_FYgOQv} z*2c7WTDhm6F6>=XhSdiNdMyxqWlgdD%@IW@DGX+F!8x2$L_3}^hlz&vPS;;qW~DE@ zS!C6+_IW;J#BwJVaFy-BYbKp$TDE9RgpYqC2vG2YjdRM6vFrkylz`rzj|XLfcDY;D z^kQzJtp?GV#SLX%iR7O$U_#+Yy2mTBdxrt5+AUY#aufqZtG*^fX?Ikt$EN=t^hx>2 zaQ}uY_z)WLf`Teio_6P>@S9Sqdnv1Or>tp%+*BlFvrTXBPgkm*2iA&N`HdaLgfm7|Arw`*$er|ig?32P*EtbT{_GF%v zo-$M8V-XsIPjAT*JDofiJ`-_YFuHBBJlpb(8>usKl|ttHBb>6evQmqXFjF8o%{Y8M z*h94xX;D(yAt0`oUtfi^FWdBk4=+moLL~S|IApcBpv-vy2Qhzxr8g+`iM627*>d%k*x_qP)HP--(_t{M zj2wWgpr4`DcU%;W=GeRYZ1=XE{lfLP)4yU|$==X_a>NbTAQP=mc|ISP`rB10XzxH8 zPfV)Q6xs(ZQe}gYH))Vy(QvGd7RW@^wR42gtwO!Uj2Hh}ZFDA0zKKy5%+Dcui^*F| z)hc5;mH4wU9m&XyL85G<9;a)4SrCMh3yabbo9hNbpo1W)djRR!O5Jm#ouJ+LR>!?D zHx7%f6u<%+uS`x^Oyx%(5iUTEBH3qKROsi6yVL7Q(xjQAh~e16g6DyWvW`>4J0i^- zS7SN}XqLoo_SMbsvbuK3bttv+M$MfeT3lg5H{N&K*5I=u0TS9m!6&-RBj2*!XHlZV zQoJBey0sz3)A?NHg77zEwP!^I#jM8fEuH?DxntXB{CCTjKejJOKmJ8Ftqm4ODZ zf9?ZlN)dcdz~YY9UKtfaK@2|stFT)C@>XRS?}}R9KU-9AhjE+Ous+V{3kOmiN&?;e zk6k_I)=$)9fP}AMT*UaVvY%$wrqO1`>TLM0R#A(rK@pzCS0xU0{z)^N{8R40mFtL{ zMKrJ>0>-<|8Yzk66c}e-Ex!52F8mf4>`ORQ%g?lS338hyOIi{UwXpx8+8dltLAO|R zU0n1z;{uzjv`F8FKVPH*z_A%m-z1Mx$ZqBlu+S?1uVCKh3TSL|LMN&3I$h#=+~1G$ za2DC?a~2)|<_f3{I}2&uJO&|Le{AbizE!E3#rP5OjJq3p559IDdL!KqKEl<_c1gnn zUX645IbgB=Qc*BWhb$9|g97+vNo;KDW<%Z`PtW%6nM$2bYbWZJ2*`GD0g68mv}P_G zk?$?Z@(-x~4nX@cQr{myv(S6`m=?a$vImfP?@GclFDzP)w24K?v7n5WbjWpPA=sLs zZBO)2uMTGgEFR2`AUOvz8dv*(ZhGX>|KnDJ3U4Uy0$=_W%I9g^;~>Po08F6Pv*(I} zk%F0pncRPXJ&+xj1lsl{y*!Be$aY@jW7?5aJoYFmC8|GaTc-sexkOn;F7zp1<0RR7|73eLd9&~F0h$J^nzowfBz7M1UNIoi%;dJ22 zt^K&lMEt5XxZy8sXg#8`|BVnDa{XgtSNEqC#guiF8={!}YE~a_g4y$&gHmOG2aJ0- zIHIju$f&v*xvJ{mCRH_a{U&~7PP?Zt5KwDiL1P?n{+ zP@6kU{-cYL7t)}7P0RQeeQtSp_jMwM&Auje%|-FMnv1*zFD>7*0;P;og=}(@A**i> zAWov<=6u^M9d#t)=wPIqi7F-%9gKApLfaK0M-<0Nwd&6HzByYV9MNsvxN;dwr9(c( zm28%vN^zqv2EuGrWrh2&x>x!*=7MjCj~VE~IGkfB}mHfkNUwOK_9 z7w*u8;MjAXFquC&VsoQLIcguRVzkTYGoq(eEzLgr-wE?3tqzwX;f~of8bCL~xjn zBJuNy1U0X=r9X0Rlzx@mnScXzCl1${l~rA|W&fUnMt4<#dFmg4swA;;7)F7A#Ohr5 z#QlJk`n`1J7#?>J#v97$V}D|nMykhBG?9|tXkClXn`Bm!8zU~qrnW2W-j&yU$v~e1 zY4o(kQaLq7DuU1mYFU8tzG!!?-Ov~8tJeTE7?1ic^!`}qR~mMt59jauf}8$(@{i1` zGtum7fh>Mu-~DoJWz%?%-X7tQc`F~&!E8i2^Au33{b%$iMlfk$Szokbw9d)Q?fS4e zxpa95Qsv)m=JafqMi%NQB$xoW{)5B6VdcMLX9C}L+4^RM~L>`%Fq3;7ZiwA_)d-7*ag^lg~$x({o~JpJL5;)a>C+U&lju}BGBkIs>* zEmgGXvrHLkUek91$Q~n%1Mm>~bBquAmencnS6~lUCL|5xPy~Ws=TyR6h`ytahf_AQ z0Zn}M8~s?X0%_H*`Sotit;`)y$af0^97CWVsN%4CRbWMCQ*Yr zlT_-t&`sDL&*J07_qMT0;E#S-OIQL3fNqA`;5f`qY4PQ2j^QG+h~4L5Wt ze@|0YwHNv9OS!5$KiE_=`t5+)V$RiYa?Uf#Gbl-@uZm7?<()bZY)SR6J5M2rbD3x! zFz>awDAZbq#4ma%@jOC_wO@DS_8WI$jWk#`c23|UzTL{>hfj&W(eu&Oe~yi84vL#kBUtuL~fDD#Z+Ls{S9!-U6)2_U#`Zq97rNfYMVzYJ!4v4MadhTDp`@ z>5v+T3L=e&%>;FFvb>T7C?)%<#ou4>A=k}F$ z^fUtlZxpXkYnQBCR?Z1)g;!cfW#8jw=gMnsvTQZ?Q2woZdj(&rZq02HdrJk|P(K`1 zoMse#63lB3u_rBxYM-`aV~8wcAtRa<^VzyNc`|KqB;oPJH0r)tX{FnahT{+~RpGpg zFjVk@Wc~91LoAyUY#}F|AzQ*S*(c?wuYKcg{98SRkesj#sQ7MpEYdL1=|z5ypgd@c zFmriItD_`Em;&gZ#>s0#7#@d+)ls{qXyKcJu0NeFQzeD*=J|CbQig;K&}n|pS_wg# zRUkMJ3(-k!A@daoBQ7oPc!{3}w!Qkv;d6TQ8Ns6KL#Xr5K88+0if^`t zL~$11y#W%b35%%tujk1A4CXg`q~9yn_hXwojlrLt){NRZ=crZ@sW5b_%Kw2|8JPhc zKXFb=RDvXgbP1oPrKfM$AY=T6exQorIiBvaGTohpYuC(usOf^!pG2C6sP#S^tq<<) z+3b8heOo!|=nDDjk)|s*yHefYo=5?;_KU)Ity^7RtL#))-DxFKt0wn(1MerXBBcasR zE=~?8jb{L649p+S^CDaa-L<@B*lNT&-8S&MA$QW9fL@uiWe^oZRmd_hhr&L-zORqhZY`SmH>EutpZ6n^uaYUV;ttR2mN(5_M*IrX{l3X6TjivDMt-0kl1uP3#8`O18gi>0WV7V}^` zE@pa$sgPfgg>D@1))%Ah8L)+Xyjr3kTF1jI=I4kbsHpsbpcqt`k&>Z$LU-ZM&iCKk z(n)|Wm58QV49Qs&^QhJ}Ae0@GfX{ta*&8I==z1~iyAyM;=iV!<06pd^cm{H>3_?qP zSS*lTJc$I?5_JbkafTcaOq+N1bHZjnveKHk9BmIKJjrjQfDkQt_}&x#olYOcQ$VV;i4VZn zIM{H(Zz{LoO+wpKKP0TTnG&#}vyAEryWX2c1`2kI>%gcIbLP;ZZC133iKj~>Xv)LIGX?ns`O9)zUTb&@xLIQCkN1NtUYMfzINQN7y8`IMNMsJ z>ERh|Kjod8A2@0k9o?!3p{o<>Yf;FI!!5aN8_*av}nmGKAX` z$3rD1oqW&UB5w&Uy6o+Jc-VYJP89`-RPBx5i~iOUBpes_?%q|C@x;N-o2Yg7taRUX zU-J`B4bGK4cA3%urKMQ<@Ios62TUxLbqY_WeHL*q3!T*rx=@0=kFeS}>B20l*Ma?M zY8zCp{7lySQFe+;*(-Y~p|Ik1b{S$3;stM`oGZTd_@u7y!I9MST>Qj$N)SP@Sk^&v zxQ~Io?fYUj=t>>VvLQO}^a5WDndhX19Ffa?*|1yVR(+{}aCuht)U_{w?iVCilTrDw z2DwzKzO9*WpC59W=akQafr&8?k(puVk*Q)JQh%GvSIcFrWh+w|mElO;$weKx*141a z9G1o&uPEY&7{%Aq`9M96xHPkS0 zel>1O6uSyHs+j6FD~Z}mq$4=fE2t-z7!nc|^e9$O=0_9r=qMRKEh8rn`QHWW!dN$R z`Bmk0h=T9mf2r+9$P#b%bH$z_>hZLr|G?0Nh51;r21g2u*DEd6Hw2CMhjOU=ZK+$- zI*}dJv0{D7tjBuJPsu)J-@ct+N?*S2a%#1apWfB_H01j?0wpRZkMlU{J;H`sf7Lq0 zsnDu-NZ#9AuaxFGOiJEZQ3w8%FyrJE-Qdp+ONqUOi1c0cir#Rw>3W^hA3g$Ed-tSlWoDb zlN(p7y|}o|MQ!t1RVb|tLZ%5Eq=e5;NB1}o%4Dk^m0H+y)01qUf?kFf+t8*dLJ#xK zJeRh9mE?)@4x=k*u?%|Nw4bN`gzcGD#`g}DE;3!1L%hYYY`@MN-Y5F>tx!~9bo9o9 z$oEksR}`4iLe`I^nq_SQQ;V~M68AA1b-#*J(XMRLeBIP02HLr~3E2Yy`*y zZhwT{^Y`KgU<0~}$0Hx?c6JL? zgEdvjOHI_->6Wo4U;Qocsk%r*f7}^B*{2?njb19Yj`B&B0>o!e1QMx!qFJ)6^tp90 z?_Gx6tmlCc7fil-kdx1Q(T{?GJ?cqIU;MHF+sZFU%jlOkl`cb_2XM$xH-`oW zilFIG<`4&JDhQmoaR{T4X(iRuwlq!}&dHnzb?!kV!@dc5y2SF0EIet^YLs~NXfh!| zbF0aoxXGSQ?h1B5%8zsK9f3Kg)CG_0sL<8q+XJqTo1tq%$G;$26!mcR0j!8thBt_t zhzmW;P;ZNnbclO(AU|MCuEUM~4_^edR_* z*-fSG2b9|5@+8Hd%tbk5cthFcW#4bdW4J z;Fc5L6_9B|^sd9fbe+>X9}Zo%;h0e$B3(^M=t`Jxyt8{6PM%tcb+1DW=|t6Gi^XYkG5jAT6sdD*6Y}d)2Oro zErD(QMw9YTQ|XaFWyj?|nCudC`b8=AptS@Y+36ai2_bE0TiqdH^pO_7vprYIXVIWh zLB@}+hfJxU|Ctx`KmQNrEm)s7_4d2QWSXyKh0X*SpBsv5?rNQ`>?ita*!m8UDb{l4Q?8|7bGh8D)DpqiAhKPBi3`1w2ArhQDtZ$#& z(`yzHF1_5_GzJm6Mpa~Z_$>a&N}Fu0*D}^wdnTb7I%m1JMyUPa1#gWRMf)GIs(MEO z%29ptz?@KADOATsmY&Vbe4Qa=H#jeK)xA>ed!Fe}3(*ws_r`Mi76tf7>yykMH9}iu zjT1M0I5+shUJS?yB)HY_A-QKwt}oPGk7ytjSR!e1fL`$>P&f$xc0?!i^Ma(0h)&Sc z5qzHSiI-*NNgHT{*sfpTyyUf)gqk%m;#LpjhkC-p_m2{vzng=JmjAH6V8_jStwOHb zdv0L~m6@IYx$6ERQQq@gWfj2>E#CfglDipW`qbe`K-Ioiq55^gp4>*}ZBN}a6M^m-rj*XNQ)rNGeET(W&GH^Zek8_Nbh z;3|Q9n6%Udx`_5A%%BH z-w2L+*fM~YhXT`1NBHHv9yP}MH199FJ#HscR!l!wll7^~_g0iJ`&r2-MAyYT@5P%` zl`95gc`-V1PtCZn#HK}Fb7Gh#LDb22<>2H*bKfC(&7enBhUQahSCY$+R^-q08RegZ zj^kQjpn+*+zvkj~+O!4&MnJqLqM*TRVq6Z~d`sUV2zF}J$c5FBxN3dZp0~MPEl^p` zp)^~&JLa$UH0M^v_HqUZf_Mz>1Yb7v;8a~8G%o6(>F^G@IB$|Ys_h)P%XGvXpPxVF zeDrw!gM=QrAwFH!J~!t|TB~LD=Cf1rfk=xR%21`$Pgz3AfmY8zHtf}@{Z2$gHo6A+ z=Ru5ie)^v1)p{_N=o49AD-nijIka8&7(>M0wD=uPo+dw|_exS{#8idQNyaheamCup zucga_dnofRl{Yl|UBZ}7%fUeh9 zy#|@SAi?%Q%ph)H^i{D3Qnp`5y|wJCAaNaIQ@Ya^a-rs%`i|o`24tP`F-+td7T}iN zD_T;&b)R35GvS99j-}^vX*nVv*n7JEGWMvpb^C-pwIW>T>t~=1$)a$TnY+}Ji{;{6 z3f7t_Qf!^-b!+7OlbQnuck?Q*=2=~5RQq}NJZ;2fFU*e|jcR7x{UM|M5%}H>U0OL8 zdyj>&?$XDY6a|whIM#X*V4pDZ6N56Km81CM?VVP=ZFM==)6JcHxc~xrkJxWT2z+@o zwr!7j1tcB-J4%hU#12JLwg3j;RQQjQ_#X|+f1cx7QR+o&HjxoU+?iG)U$!aFzorC! zgtI;B?qSHp%gzo!089_etFRdW^*p7-+AEhvTNdH_NF7RY-EPl}@Weag~iUg#3 z=Cy3z;TCYc&EIkdSi_LZ#>xjhHPxagx z-tV>PC$STM8Zuo&MY>yph}5Z}e^tGzfZ-`Xdm?l#f-H9J5Ab)Izk42{5#6N_^TiJd z@w(^biC;upj15XCpH3ueR1Yx%Z=Bt#w zpYLA_)uwqSs>M{@y<~7L(2lv!<;9)n4oot;MB?}7UY{V*u#X_32bW7~`#pkj$D+p* z^Z+%NdD~|>GKQGWV|EZySOn)x^`?LiKb`e^zGWvA>dp&yuEtF6CAhNGv1aCLmz1oj zYwyh`&-U!_XE+}iEk)9x%9WoEkPVyO%WQ#F;vewRW!hR~ow4^$p41ymd>n{=1RAtG zy0tjzmCK$##BT3xTmzx(*{m^(F$*#89xgdkj`wps((jrJq0)GjmCqJDA^3QhDG4-1 zFGd=_O-EFwu~y`E#8$lj%EL}HO#UoBQhwNOuwlHT=CK70gbb2*hv>*zZCkU9EH#p?N;}dX*F1eya+jiQ8*X+UQ zK%nGNSy{Td(ceoq>sZw>(%W|fP)!_5|0B~wo%;-+mef|aCd#L8eA7MsaYFe~{SS*v z9eN+=w8%zmFeirFp89Kk8cEDyPaJ&n))g!qRkAO662BI}{ZXC`{$bR}4qGYI^{j>n#n24s)4Ghfr0`XNeX><4rYgrpW#UCZt4*_sugalWc}@!ZStu2vdrUzq8vGp6GlM=$pKTThlv}0!<+}r zrn?)2n6K{=eUzp4R`tosW~=4Y+hN%FDcp-j2jzi%czeZ3@W+}6*#W1nQlr+Xp(>qh zYp)*o$od#_N6;K|PjcqoiI%uh8g&!LBc&aSY^6l2Tq$ikFD*aBydH2S<^zK9KL6}d zfyLG}%sV%u{Z^3uCtG>9mU2(H2x&4fSHq4x$^sQaff+FJ#+PGIM%!{YSsKLZ2x5;l zU!o${+xGM^`Dv9n$yKdbfqQTBSUt=bo=b;>OQT`s00)WqUo8TbHThH;caiBG z_Yw6i^4GCOBnp@FR1tBTp1vtIS#_+%@D>IUN7& zkh}X;b)r1hC|W{U>EI0)cn~SE%omw*2eG3-=JA3fUkwz)1M@sSkC@`h0jM}3;%7HX z>=MGF#y|{Pj2A`acpVD%%s`_@^M8@^j8Zf=tLKylxLhwj_@vNG)d1wz%x8G{o02L9brkzpvo_t-8!E>H$^?_kiN%#cA*d zWwrHv)-Yqb`ab(}mgL?0_8;_kk9Xe4PhC}_E|zEZ8xdY26+dlZy3&JV^U!d;#PwyN zHfjoY>m>5dYx)N2r|FKMJDBMHPq(F;m1Z=v*Z6#yd$TW^q@vaPY+T2W^%_nln%{|5 zaYo6po)4O+6Aw3O!<=a4j7;iH*0Gkv-3mEWPjpO#N_R^eie~9_XHJce7|Jb-k3H&X zk0Z3nz8(@rc2OK=@*{qCMT>)U6X&<~*zfu+dC2qqH8|;Zd@ywd^!7Ii_iL}04x#k3QO~vN+3wXh68j@6$?YLtdq&P|Bq6d{#aX!{Y&elpR_4{Ib+bR=v zv6^4?I*{B?*oRkN^0ZXDFmd&hCFHi}z+IM{PQ4IF-Nwv{58285J~p>v#=rH4$kS7c zJNPtvF{M^A@;W-2heql6YIci-@5Uo%$&wbvTe4&&bQ~Fwn|SrB zZ1L_uPQ#F>y#j8>`DnS`XF0n~3Kc!73c;L89Ynf@Oy#En*%T(P5feyI*%SnKrN;Nr zRTlMm)btPrugDoimSe(?5AvUXS182|Y;8HX%NGj4*U75kAk5;L#;v@zH$%i|7hdJS zd?^8CLSiXW#Tu2l$>4SK}MVr}~utw+NXwxFbhxYZCEyNvj= z_}{_r_t)2OOC|)>AdpPSDaXj)%@Jgtu)g`5U<3g z6S}vyXTS!?+W#MbP1>o@%GC3txJxYwU)QdF)n6Y&-n%YSCOn6I?%e&@y|wIANtvql za-JH8>LjBGU!;aV`=n{;n>`^jA@Lw_wDO1-P7W)LtB*n~59cC}4gm>o0VJVs(36`Y zE2Duw_l&;3)LdomUQP{O6q}Q4nA)KMpy;gU;rrv@Sq$K~Zg?TUfRmRt#d*()UK_Lw zVhNZ9zFOu;-joF0_+PvCzKo)_z;^g{zu+$+CiN!Cq|7e}eP!t$G5OD;9f{8s?GxK) zG72F6QMYjBg;r%*XpF7yJ+OXsi8l7d@mr`7Fl(rWKejj-(y;Of{L>VoY3JPG=Gt5Q9aqSl)oU9?~qw%jVO*dPSE*cbaZVmzqS#+ zLsM}Q4!Tut%p#A0HsgY@|#L zut_FvC_fRporZM*yJUUr{=n|kC_e7d;`cppxcfX-yJ0;*h9d)Wo2Cvne?ii>QOTMb zwQuieT1g){?tvqqX`b>AsSoeJxld>>BV)OK>kIeN?bdXp_mk4Q5v(BcUVq2Ca03}AS7NNSU98F zbw_ipoTKnyB_Uyf4*6=8ofbGLEhsp@J+GZyV-$Z{Z=8XwxV<}TvHeX(2P?lIrMca{ z;Ie7c2T8nBU>~2$4?NI018v}V4s$DG=`UIM_IcV5`?4uJE*>LCuNIE4kA>fXG=U^v ztfq6zWQ%R`h|Oz5WlR^%N^oraF9>r7IPtThFaPEo$#Q3~WpP>K`j=nHF!d&mMZl-Gh<3IMZjh*N$y*D2|T%xz8I2aSJ2kKsj;aI)*c^$XtY=3qKt-61HB=6B*g zzaVq^sm#XT_fVp3X1$uez5Wt7p_7L!gVE#jz|gxISHe&8Jwyh>{cqi5bC+Qs zx0AX|%f2xNendpzWGmxm_*(=$$8!=fvpoJQExY-i8@=L>sYM5BO+Ib8oagh#6&>aXWVu3?@C(7fbIMEb`@wy;@vl>mA4)ErkT;iGFMfz;8s95X z+$7Y-=02h1`Jsn7+6VJsF`Nkc$vFEfoey_r=@S@%P_ti~Wb2_uUDy-9s3H~33&6Va z0D|>QrQD?sSn5L+uS}@(#DWg;1^s;e?dd{~L2d+GWwi`jC<+R5|P3G2n18pd7 z_x2mI7bv5{H#H5YSK(j5Wo?I1&KtM(Y${92usR~44=A?kzM)KGrb1-a?b3QZ^1;oe zTU2IBiMazRVQc${mo+2-^@dbFTH2STvnQIC#uYi=3l!R2THvw&9&+_Lp%}wDK^1)V zu#vui&c;dle1Z#1UR(D;+&O*I7o8DA#vlu39MA*X6 zc})bR@Yzb>0N*K`_xaA&FyJ(sUg`J!nxITgQ0iR38IoL1N7_a7NU-?n1(lT9{EKSCX!h> zSt5|T7o0~??_97#RIh6W9kIjR?Gkx7+WhjKOnF0#I57in>4ndED>w^jIu^$q*%S&% z4Gn-b{eVDHrJ8AF76Akj@?#5%E{V)fIM@1B3C;o6+n*3$fgmF`E7X04911x(jZY+p z!t{o6kLfE>!KIAK-p_E|wj)gX7FptN!MpiFtP2ZMb8?SF->3MTNB!)#0wiw?4#b%( zWL%w4huGoP0oLPRkQBP@FIvS%lsK6V_{ltCkJ&)m=2uuVkepW!Ln$fawcet$4oSZ%-YDOzfr|JbUXqk zScB%kxdWA(LpLWy6)!Js8=>Kx)9ksg<)zJ^8Ie4yEI}P7?>@`YMPDZRk}03I5+hEY z!YDVV!JkB;Jai4q3o&axpW6`Lg0X47y|Hoo^OaFW7GCmM>EQJ}W$0aws|8nQ>h3k( z_02dFVajKj`K{8L@;+#OI$jpVnTZ?Kxqn-f>z~)l`nr>HYy?=K8+>Zg%yPVZP8{`` zG}p1PiQ9M9|Hcu1zUr+fVQJf0t_C+-G=ehLh?i){dt;X^lj(SeNL`$*-%oM5B7Sb6 zVI?RrB3D~F11?-YP20{`ApTep78V}QaXltAj!yX6%P)6j9J{W(iIOXoqfn}>7IYE; zT-0yg?ccv49K}rxZN*Qtls5`nGgT$S+(7!`!?kX+>*4-EQ!Ey%sAH6%vyFJJUHRKN z;p@*C7(AKwmj^~n*bm}yON*N&vbJEV!C-(J@r zoJcg=K7C>^+4Y zY_jnuf{F0TF%2aT1_8-SNY>OGN(b-OzEB<2_(XTPzF!ci_vIRv-qdZwS3^4;R<@=| zkw+EZ@Eu%j*F|OLa6RHmRM2=B8aje%j-@*Y6bQ`vDAAkVL^oFclu27yh1h-MHGSY= ztk}+^%yvut!Q|y_C%Fv0DiMuwlG`MKoFNigl56rN5j4BaTRi>Z{Ij29w3CiTt-oAl zr5A7YCdoVQ<&Ja274x&QaUI5xe>v=_v5)}Y$CaH|8~J`;AqOe>G$aF zQ*tHPh)wIhm!nP2L|vB2gP4~b-6Y8(r^XdLJfm{Y3A`H7c%*o07sXzR_C9eDCjCZC zFMMB}Wl0&n)NB%`^kW+0fE2FE!t0Hs0KA3WP^G)UH;xKG;+Yd*(SKt%~Sibhk&`;%v{9Y ze(SmNN~dN0gZo3uLBAk#?Z3&|Jl&>kSfPRo;Q~vPcr(0l$Z5D4K@@P7)A@g8rsAzZ ziw`m3CxO@i79cScX~DNQfj$AqT3h(u1J`9}aX6+EegK?TrMZ6pT9l)sN-wP9EHYH} z@UKmP=%J+n&=a0)l{fRT0qylxIFy9ca}QTKWL{weY)`HCmBHHiF+a8RO*6G1G=6BS z027#pm^L~g`ro)<{_fM(bbWd#l2#11-AGWA{v$`^U+-TCh2!As zwW~QGM$h1zO+e_VFm=z&`nY=+P@&>rL9M? zII%N4OCJNzGohO<2iHH_SY{RJg8eX7?>1n%0$;a$v;6uv&! z1A0oVM}9%N?JsLMd~?8F)~N#O%Wl+W^@ZcCc@GwsEtOpX}a9!|;;IX~uRoY@@?t8Jk?- zP`-zlo0aE>qQx5zU%I?+ho~^~#EcR$W1n@&FNFWt}CME2ImHi`M$? z)?WFkMMf3t{1`U~RFLGUBk((4n{|a^Qw90cLb)AR0gAa#-9A{cPm(=rxe)6ls9Hk4 zqQS|s@pFmWoJv*8B@d=DxIuS`^~c7EtJ*qa2^Z`_EA0&_p*Duo;P(YZTw~6IzaXId zg`F-O`*I$9X$pH!)e&uy{k3b?pt#WZ^dtPVqXfyLP}@UKf($z|cYCg?-SLt3cXaEM z7r_YR5^Ldo=4@){x*|AB_<*=8)JL2MSZ|DxSd7n1QM(RrSAt$4r9Ztw_|;qIvidR| zJ_#qj9G>^f^*=#&ReFPfUz3LzIR4F#*_sa zaiVi+xgwUA5YK5$X$j=!G)-M3Sd8PH*q6KTFyTj9cj70vb!bZ&arP_PR87wYot2>X z$}*{COZK+kd7ngC2^jFdxT^Cq+x$9&SAH25y7iNF*Cp>cZq$c7Js_mXSu)b@fS zIH6<5nsEPT!j*|{S}u~C0L-e~Re@e*33uiS%X^Qpb6m8RhX`v&n0iun?=(5LfB#4} zKbw#KN+0@YQM0@AMza^0pYIbaF?os2RY$+tReXlM>rMzM{mzM`ey^|j+svWx2IKP# zh1vwd_+bc1o9=Cc*l<&NyPIuYI@s^TbK4r~&UCPe^3gg}rabGz{_`zKjZ8~rD+U*w zu5sV0_#ks0Cj681&KB1m#4;{lzg?kn)funo3vg7L%mBLu<|wNfxF@;kbl=i9_E_*VXFqF!#iZ<4d` zPp*i|=>)g@#*%T>;g8n%I+@0lZ}iZz;WL@I%_WjebtjiP21F*J*%OD7K1~>0F(a6~ z>+m?(9r`IhTB$eB_C4cE9VfCwNQ7KwhE=a#GZ;LP%W)|+Nk%oPxmQ63&+$xeApHv^ zK>h(1WgD>+A$vnTtX3AiIU0Sqy(;0)87s^5rO8WsvrRymzj1q6`$DX(=0H zLzn82A0dzy>zad;Z7!M>m(#ew8r$KwA1pzI^@?xKNUgZV#^&bf@apLw#BlRf6HP`F zO}c1k6HTUZG}VR1v&UyQUQmC;ygtCFzh#I5#scFlLCm`kKq&_*ghv0HBV^ET0kV)Nw=qg=fEd zdz1Tirp}o>!AMI6$486je(S+_b_A7rl#%s65XNX>0Hm<|4Jn*a4eI$|Ds1&@Y<>!1 zl9`AiljCnhk;ACu}QvA`AsYKar8P5DVPfyLH@i2C_qp?H7VF1ymGUGjYxX-H>xPE z7IZulBmQrBA~o2RgwN_`K%&UYd&;T);_kx0nth46$cy8=H>vC~Gu*JYt70`*G(pX` zm*i8IAVs}IONJ*SuZKzU)nKzTSp)dM+O!CXY(Q_$o|g0%%S%kR`UjJEcI6TyH^hCD z5Sijqq1{1q5_ z>Kz?*L6`)+{EN?$vF`HE%SK%?Xe9behuQJn4Dj$C&aZb}Jn#M5NY(deWqI|M_)x;F z)+ir|m6r{L0aU!81`lDVO&E_1a}Ypj(q?+vn|tcG3?ybLSV6f_FSd3LeKML7$~q}u z1d$+!(2%|Jh`GV=ZRW>z(3VPUv|dK>t@&^&)pg<`;VGtbTLjI9qAs)99%@T#mDsc^ zrv_E2RQnTk-QOG##O(?5+1c~PD~7xQ6TX4jeX8@l@^%K_4SsN=$qhZTfnhR8_jxS4m6b_K)j+7K2&s)0oly#sSeIZ2yw#Zs6s z?tNtf+!L8nXI}LS(lYdtO9>VOA?hcLj_PPe+^mgpk7>n7zx^qo=6_mhq2}BZaS>2{ zie?6eq*ctNPfR_YKd$HVIQ>Eo2Ud`wyx_X6u}H_;CN!qw2zr8q}ZrmNSH ztkFJ)27!ADGp6vj_oDMb8HtktrQT{H;-?mufd&`_5Znu1EA$KUF;!eKZD7GsKP(p- zlhswxrRToXy`NuGktB0f(aR(xSLB>{A*W8aj%8RZpPH&3DFC16-Bb~+At0;bgf?H` zJ5BAp9DDr4jt-~RgGow5Vpd_PDVtv%H(Cl5#NXu3|F0$DVb8CX>gz)_3K#7!W8m1C+!ezyE5 zuRy#io0A}zx3$i%gBV68`sO^v@Jm<@Vq<$BG&=X^;^xSWc7*_-2YlDaR%KCj%*&)y zG0HGJ7L#MJoLm3c$~;NvK1}-s8Oe16aNyp!{?OseZj2H+*2#VmcCPZy`IhhMF}sJ% z%uqGXp&5Cvcbs!XK{p)7+421!d3sn?KH2w= z6Q(jQ!kUnPb**!(59G4dtvNnXkksJby3|K z(YoGD?K?_R<*jsuvw~C#oYTK5(yHgx;RnDK78Q_r#%u%Q7{A8?4RW^i?$nPUfC&7{ z{|`j)2QA<&8$san`Ihj5ZNU8RX!ROV)iBCzpR=P}7l|IxTiN7@WPT<3s9<59fQ{G@ zN_YvC$$)t~gS7^v&1eC1cd zJOtW5tS3@*$WldiKc36{l;6(3@+0BZ;J#4q3|c8Co6rVPFJ6nIUHyUFyNrTw?ipdM zE1^f~66XNIAjc``Beq?4KBUYRTt;g;=~{~%%IiY{K-QPKSXw+>@ol z%b;Ck?Ucydd8_+}JFnC;pR|!Gbis{&F85sj#OIbzUdoA4Mj|~kbG==+48mg$bT&)5 zjwcTEjB5;eLXI;;mcDs1%!Od0Wyl%DQ==~Uz1gutK1SD;D7~ew{1%;x*1ETe7qt*| zfh3^Sj9b1-sKvRP;aIMz;4O5k5K&w^tARxxKm~DzViTtah~o0*Zr{?S5={*reok&3 z@k`k=R{h?+x&Tk=FG>D=O7T`CDB#=5x(J{Z?g`|D3=zJ}+;!noEZ;FT?E)U8tBCE* zzOvlj&)5NveXSa-oW?qZH2T9#r75zN5(|?kaRJLDr6v3fspsCaESn8KIt|2jqiyKE zd4mEM>hRZfeAS;s_W-%QkyH-g`~VcKj_s9?@6!#b0jeY{{A6*eJ;%esuHen*j~myI zqwX>_F!*Xb-!t!WAY>K5X~-v~Y$+{or8iP-4}T+HR(z)JmAt5z8ZDGFvK3-`vR`2s zL>u031sy6{^{O}8p@Z&s)@C@%SckpE+)ik5qRf_JBDl&`hXrSgcriD1yBqU{8B|^{ z%xJ~9s(6#~jEthrPfwS%@-~C2(?o>s{AwmjpEVIJbv(?D*~P*>W|{MsNrYfOxOhZA z9CH1YMMaIV@D=qfr@007HBlV@7xs40 z(^llNVmUF=U?p-1m;L73tDta9sqeLd0>qE+K5X?vSN(N21)aitpS@mP!SVO`Wql&$ z%&NopyYSRT0#?|+3kvqQW?${@cJc~vT34Q=C>qKo-Bz@fUdYS@wxaD++2F{W9QHaO z4rme-&33|-$0G$tGa2kcwj}bvG)wX?9>E}8%v|RdkEC-@+O)}31;&Qy?-D-`{nbc& z`)W$gxoCxjI>f?zZ;q2g{%{2urwU=wuYIqWFIeVY`u))(@Ba}6{?-Qm)Uye`-4?nzvNG`f4#tPOBodV$UnvY#0f)r-VE9iK^cyD0)#&luqQ1m>WA6n9VPrj zFu0{3b0!#&oCyZ;_hhK!20#WjnAKx>))NSxpn{l(^vXbfKS?<gj3a40lfgTF-uUST@txm`lVQ-pSn)icZRgX5ISN41F1b zZ3afWVsd=u-x+P{P@44%{idgnP1rh~GyGNcGyiMVe~U=k#f#68Y8BS+PJ4FfSnL1o zc>VJr7Vn4N6x}jaEE-232p8*w2=|soOWD&0+Y*`iJD9szLT8<#(wM_?8qTZ3z76e_ z)CRRyT)UWQ&a>-Y{|h3%8f?biq)q+QL5k-3kdvlGs9`_`%;icjd-~I}FDvy5^y}dK zK`m9u@Y85hcSl9i2FRuqy%59RailU6Qg_$0cWWa98$NsKuK;iZnZEZ1>=sbJWfa7&+NzbxndI^WYfMxoH<-XjzvOKQtnZp=jU~=8 z3w1tLG(M6a!HAk0#08P^DtVAfLSt-DrUtWdJJI2{;~5lLt=K<5JTm2Z6a^uYCB-`^ zP&taiKYGDplyHTc#uK^&>wxuD$yX`|YT89L%HZ>`4Xc^=3~@2pXfp{0cJ{;_nzTh4 z(X3)X{o7LeXrj~1BS$bnvP!#Io88u;@Tv0hB^gEICOP@cMF$+Hslq|smTz$!yuzc+ zL>oeD5uMbYA~y%}uk&A)Q|y&!RkCtercu!iKe5Zt3z=T5?7k|n&Uv-@9w!pxf?^9s zV?ecf-3D>8Tzf*4qsPlqD#vDE6r}(8-Ie^iYdO9jyZ7=nE5XckiOA;^3XH3Dv^dK9 zBMCB=UAh&yo5wVPSeNi)Vl*8Gm06ktq0{FIMa4$l)rTXa`5}&L7vx_fUNdr0Coq*- z&%fEdY?6ED$Q+5yvjA5_?RGzox`3BC&izhrdOgHKCdD9<`hDa@;boeB8T2^bQAC$5n(c+6b>b6AuCWVDbMN3wLI&m+-^BM=V+agNG3|&roWc{H)=c5;3d< zxO~}Cu=B5h3jCfj7Hl=^);r`u2+(kyfcxQYbi$we8Brhp6HvgF>idWUVKjSQ?L`kQ zz3s5#O072~$M&0Xbjn=BSx*eV{A}b53t$O*$oP=@=L=xL1MBSz+#aGW*Pb7pjE_wa z(;o`wu5it?GW6(<(C_BtErJM4MW1Jw=UGo=nCk^A=EzqC`I~lfM%5qg!aXAH7ezUa zgsnNRdE|yf$vVBWJ&xt?Kce~t`K%9CO&-kZG7LG=@naqTot?UFn6ZRr)WamH!*e{y zpBnT=ev0X0Q7iG&NpTlpV)Vl6t*rU?v>1g(<-aa5J_Qk0qldWf@Lhhj@5+oA_%=MS zlq7rq5~qpfuCPLo<851BC8vt9y6(;ZkicUV*Jdpe{J1xsNGM4f2j4)f<|6KCpuH9^ zc{#L8sWV@elkSw#W<2BM2>!W2|NDLFQEfy^Xc^YoXdd=1za7+Ip8&T23|seeSX#lr z+{b+y5u$u?>8T*P%Kd>eQ=YX}wok49+{qxrVD)wIp8NVi?AC6|b8-{)X3!%|j&;U; zuHXW_C((cPo){qi(V>1V57EkNf9B-k=yqeb4bwey`}{VeRFg~-Vq!W8ag*@9&XfH-_i%7GQ)u?-gTnU8Z1-bXT(%m(~Re>=x`!Yt%O;5_gfJ zG%fUAVD$mnPd4!57{oeo|5&2BT|aZ_mV|7D?HPj)@634Pe-T^o{(t-*q5HJ*@p(Xz z8+3yK-hEooY4T&lUzQoy{R#QWi#tWcgEXaH42urTdSjVXz6_i2X$JE&DF9htzQuC+Aa8sKF;zAWBgbk_7S2IM$TVGe)91bWP<9R zHB3`pC%)r_Aw}5}2;swenghb);J!|Cn+6<*g7P6?wR&vmzB3K!mmoX#h0v(2gyPkq z872JZgyVK>Cz`S_tsmny2XS*?AM8l2&9QF78z)T zBjy(SvCTN+3hQjl19d|*uQ&L1GI4;9OSr?|iBgX{3>c=Tj`^u@NSY(^tzV-lc#bt^liKGJi@V}W<}rvz40Csh19`!2@r z!8;oGL8j~ z^ncy}FGcWRp9^eVH87Gw`+GYEkPXlu-wmKYz#t4$u=YGc2JDi@C>MeQ(?^wYkGMR? zrNmx6sILTuRla0Tb`!ocq#WZp_gB&QL*S~6;S!cx6}!EIn1at4&=9}#f2|_nM_e}~ zrf!n?A&m9(@f`fNg`ZESE2qlm0_Ls{H%r|+$m^yccz$89*s9Vp(fmbF3SZqyFc%bV@Y07_GJiySpn zv|^cWamEAR4f%H-_)qzKz5H);{_i-VTW36as{c61Bu%Y9yZi1!V}Zez*6#}O=NTP5 z@4A{y44QP^P`C;tmbminX{~fDWtF%RY}Nu32!8Wl7WE3wRS8z;5wZcW!(bH$?66M$ zqbYic?hBZUo+M{;-pyTq-$1||84zp@GVwxs&H*5HPx8M!eLg~wt19&&i$^*mEloBw zD8E}~dwiR>C0A}qZc@9B6ix=pJZ3)g9Lo0s=KO_wtGSB$hoEBlIxx$tqZH*ITIZ^N z5;icQC0{gXJmPh(Mq)LL*7r@7=H#rN)d#&7Ov2Y9+8t!vMA*VI{ch`~`+Ab%aXQSQ zK}lLU7Zg$wFXlO7_DDH7pmtGEZ;QXPg4fFa;A8Dlg2UViw6B6FHHwx_I5I8LgLCe@ zFZH^odA3FN50>I27RDA?sOo^4wTMAjYI*gyF!c}u=0*JB{mn<(9v#|u)8Ym`AH#BS z7H?GzYD%Z&RZ8L?*I4gUJd}L4Cr&;WJjZ=KepH>YQBCGLIzJscRFSEqGQrfuAR~g_ zGIaq5Y=Hj19IL+%q5ftt-`q`XG4-wY#*&2go4(MF6$3KMPS$)2&G>94P0#|ImaknJ zvl{V9nwgSGTx5=Eq{%|lPJ5f}8j(;T;GC|U?GHYx+pJ(T@qzoP-F&jyU}tDZUkzk@ zZR>*&1DX7a5ezlJB>W2!ZTSr-gXT%#G=q#x6u1%$15@HeySRWK605ARg*dxTwX<&mwwOnpL8Pc0kF@Y}ZQ*Bb$lUgUt50)? zj2$4GhAFdsaxW|Q0am`BZlmD7{K7|V2r*CY0|Y(b2Ix`L`|=BNxvS7JHh((8n4=}v zJ8hpY<0~u4q#W%G;`qgHl1+E=ixFu{5L-0-#ml*6Fl)Nh&{HBc>JUiH+#K=R+9;Rc z%#`a|TC+`K8TZpla^Tzj`X$g+P<(hGM9^X;tXy`pEt5_oC*-(lwUNkMo6ONo_Vu%D z4}Y}T=J`Q5k8p1aEz=WZa}~ql?@%;0zFkk!!hX1f**1JVQxGyqUiOBIccqjB&+cji z-@$3*$ETOY{vT;?9th?BzK@S2QjsE&Od)HMJ&H-Pha~$lg{;YzeR(QLSwj+Gtl4K0 zvK!e|_AN_Uv+wH+Gt>7q>YUR#zw`cVzdvd`k7btU^}O!uzV7S3?sqM1Tox1$O@WtI z5k2k)4CIgKJVJ}Ho$Bkd{bm{R`Y4S-9BSlyeckoOeGk|bY2K)xN_nIqW%(2)(+qRZ z!{Umd4e$X>eTN6jpW8%`Mk4d;L8Bs-$hv~;)(L{)}}904;xFER_k0^jx2;39Jack%YoV) z#LRR-lXoOI?`i)2#Ebfuj1!yUxA^6r>HMMI!cUpKtf zpE(in-M;gpRD(#P*hc}*xY7SXB&P1dzME$ddL%B@%XPFWrKywZM653F$46ez4@gkk zH}+QD>vi4l>T9-hqg21wyLqA{!hA2Um08`vNT;Ydq$=st@aicf+2BW$$i(CfFNpat zhdOTizKXNYY}H59=DbIzel27zEjdJ6?SGh)PWi)krHeuLdq`{y(`MMOGeXFAtLnCg zh8dyfl6na82jd(9IXu!2I2{e_J{)b9ACkrJ4!)5D*5_b(0@ey=RXczPSkGJ^rnl)G z@Qu8McRXeCnep7DjKNc_mu4!BT)j_i-RxeiHBLSUJTdnJ#<IcJa(41PO zKQ2BF9VOAvlx+_UPaj}EVQ>GNbFnN-{^z4>+{J>Kx5uO| za4zqCXq@0GEky7?y(@)R1gH`lcdbJ~>$CzR7*|u2{#ISJ=heu5W}cPo*erX^?VE_D z@F|543G^X<85^vz zB%C>^<|TGp+;*m1U3@4gXxU~{CVaC1los?z-$0Qe)MpE+P3lhj0jsHa%Q7;X?*#Nm zmYA0UKDI@cE+Yxkpp97I#oX?5{!0(>|MtA}5)1+r9U^!E{W%!4d^HaVfn7j>krA$L z9XN(bGsM&S7BySt(x+Lc0@=dz3jdf%PDZ^JMse_r`8(o0&p54C%vRX>xMZ1g@ zz&lPX1MmwO6v2IP1l2m$lZTp2WdB?k=oq$F{JzU;4{FWWfBrA$pe zd1c<5NOvus@G1Ob=|MfK@!^eQ(30dTQ^Qy`#E>BLkY#&{@M!X9{o_ih>YVs6o~q^7 z#dUU#I*(a_-}KO3^#<>~%o9Da#%033df0K_5n=vQ;~hFmqiy1=mA-N#5WtbBoqe{5 zZN{Ee;{7p+z~r7V_Wjb;@6@B&t zMZ)@Oj@AC6x17)Gc(hGwem9{L$bMme^ic&q{a&q;0_a{W5AL^xccQ?^HG0COOe5GkJJQ~qUH^iJR1FZj zqW0_ei!?itqIpR;JhX&bX}QmkEq^2h7Lf!XQ5bclX=>=u+P-?Do}qbLyvE0q}8L@15f*rLP@yy%>Um z3a@Jcg6MobU@(%%GGnsd`Zp&_P=18{@~khs&ir>&%`|6v@Go#!@tSE)_RwF)#mVJT z`6p_7*fi^~c>2Gfp-!)lDyUKs5F3kRF*46CxA^7&?(jOeT?(ZC=uz174}X;3kN2O7 zGxFT~TzN%VT15B;g2Civ=y>Uv0DBHRKH+-^tacf&d}G$xkG~&^4ZSNP{jp0=rku?2 z@doz;gxF1&vvE@492gO7d;S&XmWuX}vut1{hOszt7a+1q>FokUR-Q1c$GZU0ac@>_ zc;+;u*-$nL5Mu0j?$4t&o3_$c1>stOW96}Zct}@-qi6qlr6YN z|5kWSWsZ9Hg7}5K@3nJ-hv-=RQZuv5CIhT;YQ`*XqK+H9@c9U3Zl+(7j;x>#{G6e_ zs)wBP_|BAto-Q_&=?J?o$bjIg2F^3do4I8ZHW`-Qj`5bIDU0A!N+Zj*|15yTj-5~_ z>q@{KxpE+D^Q6-E?Xi;V^`H@P0f+oy^?lBVmwm%IS3YD$&U${Cwtb@u+z;q4kqeF6 z#p9n}8q(J=cjk@Wf23EOU!-vH@ogH%{X7>28CWK!*e9!QU@{?FIR5Zm#5@n26!fyn z6djLTIqSvpnz&KU<>mh5w6)j?G3Wh!*l@)&fzx&xS<}O-)cFA0FaX@gk=J+aevquL zS93nlEZXoz>Vxlu50bgC)=Gf}kKhka*+SkA`SFNPzC^6-IDkx(8Q+)cBj@9BqeHlv z7XlHaFU?L9lRT*tJ~oVJ2F2eI_%>^ArAw8Rn+f~*+{-pE&QoXBvcc0BKO&8C5oGV+H`Rz>8PnYCWn&4;k?@2F)R(f#G zATN7pE52Lq3%tL;tfv0b?Ru^-A^X5B=Y>L;L6||ag=86b6iiI&w2aJ*a3MRZGsCj%q48Px zR^wWxi-sca?57?L1q$=L6^P)U0@hwCo^=ePxqY&c=;H9*1Qo0zZNWo|1FdI$%pk%3Vhl_ukJeE2bJwzzjvl~f;71rJsQ44YY5hE58A6tC=juFy+Rnc5~?AItVP#x z5u!MQbsn-vl50y7VBR!no8K01S@njPg`G&80jPm79GE|%QU9 z9&<^M<(xZ3QY;Oc^|_K<_*_%x4ksQm{O)q?h2Y(piPtyVN^-x_Gch1k-qjV zyv{H)RS-<(*w`dY>|a4$D^iIwKul2ik|wZCy)H5#*zw5KOQbjNUetQ-O|nP}s%FPY zW!iK=d77DM^U74r${4C(fQ@b6EzJ>u(0X@MkU2iThS(S)d+&?i+!9G$X4#$w;)I(& zU|@O`jUK0oTP5Jgv%t-b*glL_d}k%gIVPJ$OgIM>RWVlvtRGgfvv(CwQoQzz^VYk= zBNJ?~`d;R2UW7d4^<6|i{0E}-w6E$--Mr?XocETaOcGSvpxfjRsf zn-xx`4ZFJCr{?W`D7v7{d6d&MZEKT#-Slhiox5v87nIvAP{`X$rZ$*4QQN+Yulep} zY&mUvqrB!`q$)}%#nNap$=cjC=p(2(WgQC|Dm)gulQfDV&O`jw>8VVOe4s4Y^O#fJ zkk=lV!v!e-!5F*7xX;%JLc)j!CfRN z3?jEDp>_V%c)c7C1W94eVfS$0$^2xU1HJY$TojN|PeXHG$<_oKW!PuPRd&#K1hC^3 z+ljfb;)b@u56~X=M;$5(RxX*qnM|8t)Z_^kRELi8B4{VKc+Ad8% z8~G+CcRb?Yk}B?B!}+3D!YURTNiy3vUN#(mwWjT-bb{QJ6~g4M*!8_5v!-ZfN~0X{)SH_ zQj-KuaM;w6Qb0firMFiCsmHJ$?v_v^p0j)10l!xt?1X#4UaMgIh9jFJh4-e`gQQy& zGioLRSABANhKvDC$9sTT?6HCPMV-4NP11TvKFaJG53PLZ)g$H8r$JBxJ< zd$iS|R104jC0EA zwsm7d5aYAM#9G2E>Iq;(!~t+1M+|k7l|X_osAZHu33~mf3D#57>Ge$9FInsOUz+WC z7^zatRNd#42^v3Sr%0uetKzkt5sg7#f$)l7<8sP>J@5qfkMC2?FZH(&u#X2$w;>Tf zU`oxVIZTa}o^7>w0%i~Hwii@~?glUI3_AM+)@$(vU0FwA-UOC2U4=NSg{Zux@Djxysa5_PZhPp8e-4XXE?)HdHBoTnFCxUz#0|2P{%V7GghAZlH=3_rrFrYRK zOx~^n$=P!OUp;&uWA*vd4^AzEAtW(R6D->0lRv(%q0dB1WP3*)3X=v^q0l{K*#FO< z+u9rRq)0dg7p~gFdQ|$$*Lr6&`nOFCwf0~AL&jM?G$v;U7hH=KcoPm1bz288{sSTg z0Pe6uTkn(3hR|-P2EzY8W3_FW6SiK;5m5uMNGV8flJF$Oy!hXtQ!JZhVtA75bDmEI{Hydd#C)nlO1sv3W z*ly3sv%---m$D29i1a@`&NACoMOTxg)?spKN6+RvIgtGp+Q8S$g@WQmGKv=+9Z{Z5 zKvsnF6Q5PiV!X|u!>RQER=o$1uY2{2-oNT8HK{*>vH8kee zN2zEslMA);75SK)$Pc_H8#*-VxycSmK^c8JySyx}9N+Wa1{lKGc#bMh!-%&7e}8^bznsXC#ZQVr1n89+e!8);=V3vmXY z4BT8_|9aQ0>QYAw@o9PS<$HpSEwjx-ekUR6HR&x8rWcPWZk(5!R`3A6{OfCP=9rJ+ z_Q(v5e;`qI5fHRpM-RwaIDhwe(v`M-*Ak$)k6u5~9C#N7-%fK`_sQ-6uR}xe*JDC> zN@KDX_q58ql^)J{-HM4ENS^{!f068-FpByU)t3)H1dYBcMsg}+D%ZtYnYzy(d|S>p zRdS0)=IOp{+EwMwpvf$z$?)66Ozgx}&_Kln7P=w+NmUdv3o{m8>vb;vBkBH@y<;wH z;FuV{+}7uu@MO&E(a_0Qj*xrqx3Wb;qB@J~%e&uQ6qTqfUsuWlqmi!l$*tCO0FpP! z^2y@^cE^$xH3+0VxoL$Y~$QL=PQ8&_PX>!z8MoEpQFySsYO{4d)R@RYnnb zS~$RYuTtxwRYv&6XUGuy&T8|sA)k${`d!^_XaWxMC*#+6*3q1@Zo~u}EIeZrII^{H z9NUru_T}*p|79ip+v@t`9CiOUmZ)YNG^%nDvNYoR0mJeczD0WXo{JVQ!q%KTGPyY> zV12tY57`o3lPP-xCZfz1^>ERSd-w+Y8|IFDEGKB+DU4c-_@?B$q@A}^>7-?gT+j*V zh6b|khnZ?)b{r~&F}`yzNgZ36!{lDUn0L&4ou7P{Zdzft(0(S$kXON?xGYxO*oHCb zo(XbeGGEA*j=n{ID=q^W_ZB10F%cjo-bKqDv@a|*%N3uKSc3Zel`Hqi8LD96YM8rN zvZ>{#HG^-06~P+q=&Mg#*BUzb{X;Cw-JAwbjbk;W`>vMS$hE9AY{Rx=rO9dZsAnWAaL z767^JV|YF2gPgKyPF{>F z$ng+XdFW@Ek&5^w1z^p|0a_Y{WzrKz%37Uv8XAkN} z(hn`3NPm3J^Hd}h4YF*SC87*8fgn}Ns<_cxook?C0+Hv>lR^Ye?D_^+;6Gs7>)uk- z1u^ERlrnmp5;OxU(WgNV^>k`~lix>^Fu&q;dfXb|ouKErwBOo~`-0{>3t1-|?F-8m zRaI5KrvT|HT9;5UzPNGVHy;i@0e;{bewA8^m>pc!|ory=M+)?+H;2ZQVaFFqtKGqUg%ax(SH3m}iY? z{@bZr-wGSR_$3N(dCupSOpD{X?zhoLrlf-lriHV1#g8t^r`vTd^= zoH>ED`FoSqP%O)bx~mr6M`UK~N|_zt0URa8XG||VKNv=qoPQKc?Vit2WF1-y#s(S^ z^qgz$Pv#BTglIC=q{u3I9AUaA?M$uN09IXq_ZSkt90+!Hp#K@0%LA7(MvJtL+^UB! zN7*921(R^8{g-8;g+yZuaCgQA`zvxxM5HVl7IHlIIf3ilGmO)&0vmA>GfDjeXf5m0 zOeH8(F86fViW)Y0vnI>aIPk_l7cHlTN8bgqe1#vdZVVvx=}A56+9_lRiHS(#yDhlW zEC#;hZ2JKl)xZH0FeF|Q;4S8x8=3*%#JU7~?NIbz%S7+)`I261wRbiDo<7g*{&MGGz-b2fN25$UXg4q9yH^rt$}+!8Ss zqMeD>?${OWFw*@R7!2DjO_BdktB37Q6#nB3=zrzreM>Im{KHFUEa~H@w z&B`7DWgD;IU5!sgRVAVZ1t2Hb?Z}u@x7!_Pym-ChmFgfoUHzX5pQ3IbMX>G8BY&20 z1dVn4Bz)h{;~3TfwId+!IHn!0_mJZ6cH{Qww=*P2edApw#ku09I9lg1DG>*jLM6?S_m&-$lM9Am&yc279)q-=d@yV1xWuu=+Qi5 zA{6TN`ZhL{UIz~fa0{R~^lNC)@-GW(a;emGW=9YD47N@OWlqo2{Q+Vfa_ zjJIGb!ddfJ9*v1!c37!}q=0N}bBP}7F9IWJcF z$dGaOs1;N5DXDT@EeUGkrU!e;V>=}#B-Qjz3i^RE!+)M8^-AD0f20qg~q<0MM3*$1H?8x4z+ zC**Ml_$ra)wvZdmV6mZ(l;^2Gn(0$`O8N12^P&<{O?T5sgO4)6rT>Q#ihm<~)&AJ< z=D{xPIx`M%2P04LQi7H z2Mlc+eeQi2qFwjJ=I0#Sd{;VaZqXOPa7`z@CvYq0X?u~KjIGeR+n{4k znX*y#=ExTNc()Zxp62O57t=a(+Tgfz(=9jsrI8D_iL;>__hdI*zNvY|QI*QL=*(XS zCZ?}-LHx;V$t))h#XYmH%(i&HnSC=tr0&X@8+Tq1>c-N8h6gZ8_6yqYl=dnbeB})F zDu}1R^=9+gI`uTHD`>ISpHMkX8zj=$uJ_ub1~QKy>IWtdg*x;tQnJkyeBgMOCs85nC zFh00vD+g4U;hWHAedYSF{n{n$yA%lt`&M_6A21)UEes{`RnP0OOKE$qd{I@QOd9gv z?hRki@w|v@RL-{%wL26T|LkFHMcDBv42Kw@s_;r`#*-UifZx~P?@rY|lCpEMjUXlz zfS87(q2X6p+=9?whfl$wPl1AquU8hP+Xk);)m{NJb{}pp5plskU|}7g@A<$eVw-vn zyEP_6x`;g6q10y^2!8UaF{z_Nur9}b^cmL!DTa!e4=gd4j--fCG~SK(ifium6D$rU zB*cmI`^L!J^ZB}yPpTO|;k(`Uq)%>C6YmA&2#}%LQC)|Zn(`@6j=kWHGfYeX)kesD zqLAO;=B|HS^9qs>KusP?+W~%IH!T9=RIG$@KBgVy$PWL605fNYqSKS3fyJU2Ey(i0 zUR-#6k0sdT3K*(;8v)w*4sHda9sB!BfFu+o7dU!LS~-zoAS3J|Q{E2_l7Z*Ru+j+; zoV*K+CPaw65hx8==kG!j+78>JJfs$5`As z0(t#qDz|OBeO(Jd&y`-LhF=$Wimv@F?JF#nNG+Ywi@;YM)S*6JtVnnZr8}0Ow>9xc z8;M@w#C;{Kvk~{po|yy^n&Hdz#KcnCc`X(KbjqEm}G53{KNKtz$mud z*ZMMEhw&7)ZedAzFBOLFkjEK6VPV%sHANY}x6954o6&9T+zV81sq|fCSDR_#83H2j z&Sc@bCA^Yl%3m%I9?I%!u0pO^W45Q@YhIWeGa?k3LrVTHpPg70B#EEhbX42Q96N^{ zpLE!2Tg%LD%{U&cRjR-h5D|zl%rl;P(=m)7JOi8WEMlE?MA&5Jjsx`_WzPAMCYkCF zXu53QgS>gfs~i=Zm2@QsUR4A?Gvncw6hIlX>E1YBpLbMd?YCZMu#MLt@Nj}U;QcS6 zh^#$xsCV%zf{o9TY_4m}-J2s1)V}uc=}BcUQ2YJpoT=4{w}!M{UEAToSf8(3ic@Z1 zOV%#Oz@HGTszi<2aKd7_*e^3!$?bUGKeaPVE=nK(REF<{B^~KfK=hh6lFBoHc)#)f zwW?!Y(PyMX^in*=t;xm`f0}-yQ>&E^ZG1W`Nz*`|A^zE{3`ODON#+F_*YfxX%8d*J z2?yL8Irae8a>RLB;aO#jM7&+u$+T;qb#!qdZz0N!-I|pykN%4nv%CjF zf$IkapwhB=TDxQ62Sm5*_|7$wTchi|lmB2?Zi)lKW=lLe&yrCXTGxcy`c+h4$iLv?L?o&Eu6 zuD>rt7GI=r zdF+I6aeNmtdPqNZpo+2rNd=CwFk}HO&u^2*#7C@g=B+De6W3JC-Hu@Lb`?t8D zhZ#QCxNzZ-8XRCVZZ9F6odEn--BXK#5XmJ*QKkH<6@`RB#&b>~BW7v2nwdfG0QiVu{Fq-k@&kt3 z1_;R!l1?8(;13RwIYkD&3U)*%8ZiWKEpUxxHMueKn&k)+ftnJpJ$=P=hj%Q7vCu3c zJ!Cfz;@EX976?Ii)p3%zc74BS^q92-+b*)KU@rfkN=>uF1De-gei|)(bmmG-UxZPU zK3l+vw2y0j!WiRa&0exd2k|$N4w5X=p_dnR$E;p`U(jsl!c=$gn0~zS;|Gp%O(V;8 z70Z2LHy4WgeA@=1p;I5JyDhw(y8BRC+VTw2M<)F*O`^Rk!;&+QitN3MJbNwnxW#*o zjPyP&+QhIIAf}%~CD@PX5AIHsOOM8^2akW0qJ{@}Iktda1cXz3)~8gN+xEU$t6bL= zEfPA#D9^ka(TkSI$rOpU+j*CE3rO$6TS32Dqz{ixRMb<@0M6Pm*->0hU-xP>Lu@c2 zJrkFz{_gDaqprMco{+oj0`GDn4Z<++#Nl=Czk+%WYQ}}(Mvaik~`H_03p}xYwTALGW1x?g4etO!C7_?mh>9(I0J)zzw zoC_qDPk&BVoT)gMI)CH+zVXw0x26#drE#;DK$^~e1nSc!1lVYfiKVZcEPf2zv6y0e zOe#{VgH~CV^dZtl&TzC7Hbymb3vr z_>|0IFTiaFE3}LZ+UF+iO*tz0f%hX)u#)soD*UyuSX1_y>KDde1lZiF4dSmlXW|dxBq@p~* z7Hfji8#w{>k(AFcj(w&w6sN!-k-3Tv#Do?LSSZe5cr%)=EWN!qaj9D%zjMDVLuoS) z!$;}~yD)UE64;*=0aNga5DL(TOE~CKV2LHy%>Kk1CEE)dXAWfyJ%NP_hI0;-1OfQb zX5pCae~=J;4422X1MwiydhiwW?OwQCjo+X)G~ zl(5eeb@u|&-*omiN_9_O-1dzfa*zB zC=k2!3@avOQ?*u)=+XhL6}dmxv+e!cLhUi;?3T~pxow!?q({es;S$OIZF->>AJ z)VbLD`=->-(HUnwj$1$D0e<8?UATysoQ8L&E41OU$;Kh$)`##6rY@$@U}xWB3Y8M= zTC(Q^uaRK~up|~Zanei+cnuQJR+cIUVQK1KPL5drWQ1C_d8vrkeU zK2y;ElTUtfF+ZIO$fMxNaD`i-lK?gWj&)E**~K0u7}e!QLh$m>lAdm1v8A{lpjUY6 zka#)}1b;P9;Q{*K`5k@Oj{Za+AHtK!?oql{%H)T?Pqg?CgD(Et)BBblf&Twq2(;}` z1 zMDANr7^VrVgvTb?4XnZ2?DtU{cFdrVME6sPZkbPRcRV!>R#7HNG3rYLcDbKCqbzoU z%4=%AaqkVnl`>B=C6D_v>=JkOrg}!8_1Z^YS-5ezV>mIlc2^U*^t`*)dIMJ&dLEH3 z`Km&NiOEb$b^d!*N9XU36+eG_{H(i5^wb+J(~=3+5%M;CdJuTf1GY5h?{1;re|~S5 zNwsPDma`$!C~F%nH0eck26%h5dwc+5L*Rcp>MmVTx(;v74zKe(fJ?b^p@!oj-fFvN zIAC~{`8BbF5Le)Lssv*E%Fy+&?QOm6li(4ni^j-M!~`ER(FqQO&UfNQFJ1pUFf{t= zdGh7G>nG$$Z}PLj#MJ}er02mD2LaL9vuDnM8nBzRCbjP%7DOP!x?TAQNczY#!-kgK zzm{)fHgW~826mq_(75@r4&Lzk%TtVR^mHm?VdzLSGGj2vnwj{X<(1_>{fJm}eM?oZX6QbU2}` ze7*I9+=ad4Je^s6a?4vJrKLllygvvC*Srfkg+Y%hBCV?Yx?Sq3Xu3{;v}8M|Oi};d z9sRU}muD}ZEtM&zH^hfkJs{>_Cjk{wj3K5X5xuyKod!3{bGRqvMyupxu=Qwe3m^-x z7Y%vjQ(*(`M=YtLBm7F3YW3{L+i)xIK~xXK>oi*0(LYgQjx)4p+Q*qAVCu{naNz?N z2}vsJ&Q0(p=|k1n^z$--n_68dG5Ra}(pq>>4tsT{lS0!iEG>CLri9N)EkblW009u9 zE4@iyATSAR8u<=MX!)BFzY#Fv4+NvpOrntU`5R#CdqhvnHbqT%E`Y4*=a?`(z0u5% zHs#NbyPp-tL#p2e-nJtqj#85cI$RO|84B-=tbZ;RO579B*!Kh0qraU2wo)v)f7{59 zZU$Ur7^&!4Hq@lLL@Fy@+l~9zasa7t7G%Akms@K{Wn%EtInjJI^9!x}tSSA;uw#U_ zqXRL%@B=o4_^j({ZH-!4{{dTsPx4aU1D7u;<)@yBvS>Mj@Q9hXiRLe-r;)OkR=7~p zbeRy~wBg*(aI(K`7P|swevJ|WZsvGl2+$`SbXtdhw|$(c8)rn4TiwMkK#KdYz}S2Y3SW_P0wajJ%*L>t#o90 z?1{vra8jjHbiaqtZmW172ro%NoTVL_F2Q7NMB1bGK*(@v2emyh+|);J^0nL2$RPCw zrL;)M`h?zoeci8Y8{`7BE;n^I0vH58Wd?cm(I}v|RX|GOg4Ib4EBi9ucviW8L8rf8 zlUNwe|G3zoAsRByUG<#2b)bfUO!Nj&q8#%10sA>69Q$iXc-frL*URhqYQ(rG;4F|* zN-y?rbi;plt|%R(kQ!~IavsuSfeyRYLM(oN|DSN+jDwP;i<#t=jyP3OBeq79QTIa` zA|c<6CxHftT!3JAf%-J31>(!D$B1$qwx7@Yb8=9+1hAJCbr;ZP4>Wh?!KF5l%C)s2&QVh})U zyH{7|)|QNW=>YDYVodGP)0A6&X6G)hpeF5}p{G6|R%xP0n7q{}b`Vj_1Mxe2btRTUHJ1$j_;A)$W2Zh@a#zgzTv-3gZ5sUPp}iF z{y!@$-zwp?(5g@^nMfxE7;4Yn(H;xTs__Az!}Ez>^%Nl!1R#12{Z((-_@D>;Hb)Wu za5=ykCQXy8D7)<8zkhL@Ty!DpYhnMNFDSZwWXaEj+W3Ht>vKY%H(|vUz%B){$j;gY z;Cw-(Yy`XOAwq9C9QZ?5`ht&*sb2|qcSSe|_o9-X4-{?2W%9|yG#FkJc>ysh!JQ(qBu2cVR`!P(1(K`8x%IB&B(b|)2(E?_TE)m~?M2(@34|Mp_4T7D0{iq)4 zjHX~?ozRhr)e5vYOS@>k8IuKnYGO4EHVXSLCxNDH7 zH`rHczhAO|#xlFHbNO#J1%39(IF-c^LT5m9P9dq81UR|h$o(dud;KyqO~v*j3X)EM zN$7IUR-ge8c4f)N)c{Qw@5!)?8iui6PnWIubF%(`Su*}SJO@OJfYy_qC2)eBubg4VtZ;_b9(mq9z5R(NPVERqz5RLC>7s z>)h|96K2CpWDP>ttzTRJ|46)u_8(m$gnwfNs4AhD6lyp%SAk>Ms|RPg&zQ&+P5E)u zL>~6(z`I26M-Zs0AL1CQ@0R`8CdHj25 znm9SiAh_~}v*Y77XB%gQN#bfC=08$`1CdeeK05&u#4NCY>nyV4G1+M+(yu37+k*OK zTkm%fRJ=OIdTnk!k!->zP`*4qR~>;szEI#E+*mIL^4F+H0eeE)r0r&Cj zeg-xUdXCnGHde`({QkN`cwN(UN{~VTqt>-OAXQx@8;zmW38DI#;`DfGuoH8WfwQLh z6EX%ErELco0IUKs2JkiR)X!Um0SiMy0g;!|?{^e{24zGKKpdMuNocbj65<|WE)|lV zsbH<{A3EoEn_GDkEWlj5*eWvD9lkw1+=@ohav+XMeYK`=OM~sdtcm3=n3D&EVY1HF z5fU}npu9~cAx-EXgCfTqiGpaChz_nnu5JM^1D0g=3_-awrXgG(SV}yClgdFeXluFcrq)pQ>ZbLu4@)Q&jA&~(NM zTjA4=a?TKuNSdv*tR+zT*d8a9Nv>t`u{`zCL+K?YMo;ww+zXWP1DU(-zMt42Y6qnE zv>-!CNyeZ^yFvoVUqXUHzmG9dRj4rm<|v7`pZ0dVp{5(HW!sogM8%Y1B>$ek&Sftt zo?TyI-=vGLLZa~OzT|G6$^Q#CK;?DEGr`NmUM;H)nY1g_Fk+k18AagMUX#jzsrbSY z!A}!hpA-1r;m7(5WybM)(&$_BU8(qd9do7DPT+g)pSdR&SDAL6*%CS~1?=T5#y!{hfI9)ajg&KNl7dO(}l>p-N+VsC(}<_i;y4y)gOWhKIq z--gkg(J!hTr^nM~5S`(ldr#gGY`dLWw5&p{`h1Vb87cO7+A*4mzB?lhxQ#MU{)70x zJ0u@A9lDYh!4~o$5qIIurqU&5ESGM*<3P8mMvil7E7Hwr4j9KSmV^V|_0Rh6N2BB8 zF(s(jKA*ingjtXb4MIeQGj8xA*@W+Q+w2*@&F2_!^I6!bGWyfa#}_wF+5>okcI*O{ z^fa=PauaY4u|}kC*v(J}DpH#ea+OIeai1S{0-!i>Ir#p(9PAA!C%+d(Opk}H^NUgU zhDF4EtS&UQ@_TK#cQ2cU*n=4xhX?q&U%;aCMji0>dt%?^Nw^NSCMw;=b-z5M-nw_ulRWpaZ5#R&(t3=7I-uBM&IP{B%J7)v)_h zFT4wfOoK<;@XVuN)35^R2iiq-8ToX>js|o8EBowZr}2C=GyfMZcsGM-Kr&9U?z(lp z!nuh1k$XSfs36W}YVdDad_3yxud?U~uM^sZAjaSmxMDjg&|P7-yj0&;R_JUv&D@#v znD35UpWqT;A_)TYAbPYHgFT&+VD}_dwEKihwPuN3*gBpdVMa28flk4 zk1FM;UY`JEp`7d$tsk%;uN~kZD)0*D3ht{I6wtj&PhYYUP#T>}D8awaYD?xQ=bKSU zJjbzgEGF(!O%N|ybl}e_&!msRxqGLA;jRa)WSpId0&mcI^~lx3;iOXfN!vU5ZO@=` zOL0c6>z)shm;F8>*2Dl~havT1P;)bF{cbcdA6Vn(7|qIH zMh zwZS9aZ;e=`K&FDc+SpaX>d==L04ga4ijNE7!K;1<{%lc;p31mTrL_!dTTjwJ&7}dr zVkWRr?g3rUE+9%?{vYqgUewh{ya4MTbL&xk>7>@pBj0>9-z9QietBKp>6DrC&E#;( zu+j+M3;POFFgIl1;BJ1kHY&TQIZ(WWL(YJuQJ7OL0CE@GVeBXbx)?e!u$;P|FX&JK zeCwGHmWxUJ755@2-i?Fmyn`wTm^dsD?@&IS2AK@4pbcV`u>jnh&E&G@Gy&Sm^$Q1= zrw@^$c&BH+N13`syDh(MJr68G>Db(Mh6;frG87Gnh#cer@$lvT<_-m>eR2lUOWy*g zp>#W4iITcD)|CgPgf>7KJ+SH|yE8{E00|wKSea=zg?)+wjbb3K+*ZSYf-wNH^DB28 z?3Ods;=aj5nlxWpdq3u05}isN)%b~(?)-%f?y6h3XXFteb;FyCVDIn9GrSvC?7KF*Fcf=azWnLf09d zhm$BGmEDV1{$h{W9yOG;9cnC4aBFohkn9S9R444RUMsl)0b6>SKKaV;V@kk)`0=ZT zrdUt}s+)Vk%cmd{>Y)C7jdaWjw2C;zpVnQ+;C{e@S4fK4I(g?G`Z93QrJ|CP=$`zJ zdNKg`sDi2yo3=GQ=Bq^lFIt^WPpzQ+t292$GQ6e|oFUUC2#7T}*IqjBK`p^SDCss_W0xELs#jZF7Z{8O|Ee7b$ zgt>&JWc+|V@dBdjy<&(Rq7X1*$kz7?HM!cVAEeUXv{EK84DR~=kBe%`gIX(GhfUa) z!Vbvu(`lTq?@kmZaCRjY6{L|`%dVL^Y*v-~y2g7#cb*AuZnU~Pw0blMhp?B9_0kng zTdus&)1J(pCQtnlf|lv$kjgd?Ma79b7n_~M1?5;Io-W?olO6A0;%OUriJ`fXC+t=7 zI6P4H=<-5kZkc_KfhTC79V*`sV}UL448M`?&HvCHSTS#M&|d1MmYx*-9*}Y6_3ez~ z^@Owe-(ymz&JR^%!EG_O3p0~);>u_? z)Y6Pcl)w5F-G~s}Z+vF^aaD;9j5p!|<=Yl_5A+GJJ3kNTBf2_F+OZCDCRR1&fw(XA z`9HhFgZZECJA7?NhCJf-MekjFznK5>MC{F`;}5$Z7&v?1V=t=l@g@TjfGh^-i3}%Q zHE|3ZU<>-?6MtzN?C#p1|J>dGH|{R$Mg~4R*69ty!j$Gx4T^THIqhP#KVU}&!Kf)z z6JY$$=e-lOeEC`pz(18ydOUa?51{#;s9ZQM4g}LGJIxvq-pEN2KTFzb?}JnLpijN@ z1od;!u(-+oS-{aD2~a&)_?$Oqy^jfa?$`D&p>GRPs8!)i&jPM~q+#MXnU#MOr?R%- zgxVlef?odpsRZTi7X-63TWjSD!Uy4|>bK3xG+Cj>mg1d2e4kX%N2A0~(jb+jUpK;R zHLjwq^uQ;cw?uS@h%|i)BYKD#ru$v6R2~#s{IaZc!6n?sb;dO7H`!#dKd~+bg=e_|&Fe775$RDNRr-FZ{a3J!6F^@283S3m1Ud$E;hq>!DLgPP`#GLjX+NNdoGe-%jw zeUTUha8%F-iM00k+ZpFEHzhafu{+Q+XjQX99u#?i=4qO{N&@rF58T7eh!uLGryBX9 z;l71P*3_O{InA4%B{=eO(&EVg-5^Rc>eZg-~APM{d zJ%zndh0NDK?fn$m(Uh)lVPOHc6+5ARPwuAz`0>w5)G>04nUmsAVK5-A&PWHr$at8d zP&X7EoNZEFFfdbGP}4ui<#>_r!-o%)CvA~9C2{OFC3pn%+NkPujwpAK3!g53^%Ls7 z>@;ch!f*q^L2wfpq>xcP{ET~ajnChXT_?M7u?shFoYRkj@OERsFrLLGkuP!hTF;Hn ze#N~ic1J0m+>S4c8ti>r*cO&3RS=svM(QQ1jwm_VKD;@VxmpuX)R0R4kYSEK?y14A zmbJ;`L=wk2jbfM^Pj}BB5onZ>eE-25b;KWBlSTqk8*-MXL`=_>Q$Nx6WZ9(<9*=DQ)fdXT&PiHBLOdBpbd+_;`)6d_bvlIRCEjN~ASdEXsVshyi(jYz)(^h`YPnlRjyUcnAz zkW^Y?h>yXY-r?LW*mf>_g<&O8VNvy0$n>?U_#J0Q*2fjunEyJia!msMd^+*@}ow3JB9RDnVN|L ztwjJ(9yJ=?2FPWb0i%X8R2p6cyVbn3*iAqxcjR`_q_xf3mfA{7enH*?uH63 zGR-|zuv+0}JmS}_N%{6}+=5+X7c^n(ustWVYFm>b@55htwUVwJYz1=b9~6N30?c)r zbMNx9+XWpxE)sVMLGQK=d)t8$YN>$1wSA>*+LrfwbMNsvsVQ(8v9*OXN?2jRXZEg7 z)PyHwLR&ER7Gaj<>E?w-V7Jf#A_CuC8 zi*h`^ee@Mj>UOwgB6Yag{_ZNTgNXK{n+)*`jU^aP>~a-0!%)RF)7mRNFV|yOY%`MM zoHFHEMQSekhRQ8fVzQWu{g>GRiFA9}d43}ijdVw;v-LDmZO7NAI!B2~m-q&1LCnK4 zfVP(Dcs}(~mwWC#=}+=_5H@xwA)QJA5@L)1MPM@S1Gpf|P*xtsGTw7{{O+XZLU+oo zqfLsIQyH+0^~of5E}V>)LasonQL_|7Zch4f)uRpWuO1+?PSI_k-Ubg?H_qN1uGR5F zW{ryJz5j~S8%@KM(I2(Zid3;52)Rq&zVCR>7K%!&muqlX^Muu6L^Wa6#@Eo7YJ(Ot zT7XX!9L3=2KqUuDJY?;$M7pvJhyk$flEuA3;QLw*wz8L;`j^@oPF-?6e(L&JXn=9neUo%XyAd|X_)L#+}<{{ECtle0bU5X zCqeZL=H<_BnLkLb|Hs;UfHk#kUBe(KDkvf#orp9w6cLb41f`172})By5s+S`MLDN6U8XRH)MtFP21hU8wy(qRTRu=XA9sGLnk+!FbnQu)CZ>HO1$|{f_G3%(!TFHgM z`cNRZBAq`1Rc?~@phW3iMjQu#1|sL~fq43BH~?xTRph}^Q~~;&|o)FjzAz+u$JVY%~5MaPADL>&dTRZj2eITL9FpX$T zmkjIXdQHOas|391$nWjCQ8k2iM$g;BRA2v`mWYgxP>W8mp#vr{r+l~&wbg`v@R8s< zK_gYDJ$G#BvoS)Oh16jMJT+qY7N!=x2Xf67-OYabDj`u0cKxqZyn&e#PAXR3#~luo zD&;Pgtyg3;C@Xp%E*6BJ(q!baC{^myqri*s27|2~lKKb9*lPrC#(jovRG{cUUjG4f zIXTQ}Bdf{r#~m(@dV9{o$H7v{svme)!&>iA+*6Uw7?91|;B0)5RNL+}DWk%sbMZpY zdzVI)gTfW^O$-x0z)?icwnV8aJ}v#O4gD^&WNBHRwJdz6I?Ed|W6^e?Th~@3-XTUC zI_@K1EX`Ht(lc$#q0BUg#$jX(jOoD%3q3M?5W3Ccc=vtJ=cvLyK;>40YYx+Q;h+S0 zVFX5S5t@t)0?j{~6hb*d^RBIqn6PN)9wo8*bxX&JP?hNt@~OtZDy1V^%hWT#z9Itu zQsAg}ZPfqUf&Rb{>-LU<6|sMBHVAvXwg=g!J~*KQ7y^9c})9 zvw}c*I|A{Wz0*7V@kI}?{W}8OtoZzpNKH=uzp!opM=vS*v4tQ4_W*jk1q{L+t28+a zLM{8zz;h~dPx7p2smOdrx@cjCt-BiFRo8;_91)j0dQqdIYC=)ifB$qL7=%6vVvS+M zCOyR~^t2!h3p)U!emjOg)kgI8=Sj==w)6T za9Z@f`u|p2bszJ!2p(x9uqV&z1fDEmaf?!6yqfk}CrV|UL<&>k)3;e8DYaW1x@H0<7xOWgFa!M?Qs&xrK4R+Nt{F4F)}k=_{6?+5_L~ zH`Iw8+t^?@sN3t6_ek&ALy3V|bPgBrq`_XoRwyRX3WhxgN)|*_U2C1`+SS%#?d<$} z--z^aQYeV}q=;rv8$CENf|$=lg<3DK{r&*bP_KEd2Cs(NfD*tp`wFqt3XnXe#hB?+ zi0%eYOjbw7r=LF?$UdKAgnrRd^c=?wjGYIZ0^sypl}W4-dligxfI<)^2)4|9w7Q|N znx@c!49%_TkoC%1Ne%f5HMrxIj)S7vxlqTfncanfN-1~KQa^G2Ddp7H@?1|-b?K-` zNWf}qFTKS@Pi~BVJtlK|n58t=3?wLEDZ?MpVw+rkT=x7m{$o)oI7C`Z~l}*>zIB_$w7e&8ihvyh&1n15P z%>30bqHzg(X0`94tYEYvo=rQNd7>lwp<+d|HemZBN(T6F{ZEV_&ZlA1T^~ydWlUF&vyf)VuH8&G~ z`23sn0mkz{4bfbf0X89Ut93DdSsOwTl=9XNPP7nrl)Mn1h9Zf~?Y9xGU=~@b4zeZi zbPPuZYSpwRGK4N>oA7s222VxWpw{ANf+fO7xx?<*y|Fk=(n*FzWn0gt3@Z_o+SCsy z05nYJ%3oh8e{VV&BSSMo-{mD+7P!>JOvj+9By!$Z5ycwJqxz4bf>tv0_lhf}~>jzHz*nIriSf@bFJg zz8m3ZyM&E5jRgiXu3!ysCN0%?7XmS1<33JLA+sch@^o~J9k6MvqR%vRp_mDbsNjwBMD9y{W) z(n>dyp0ka<6D^pMpBy!Cy-#o6)T;c5RJ~)Z^S+yYG&sxwWn{vV}MnAhTBn zRtfBw`?9L5OE3SAM`E+;JLTW4Pt8XJRYSp=PJtXBRIs`u3|(9yAo@+)gYW|859|!R zEwv{t3IYjq^3|(2n;i9gcZ!?URVuNw*5dfO>nj!yubHrih1K=Zm@vC@ej7%Imgp~U zd0Lo{UaO8R^kQNzh%dh<|a>{~Nh0>dSWCR?n8_(w^$8m50yc%4=$K zq*H3ES=YG&?Os*0zYS&Rw;5rNkAHf5qBL5z9bDWjwI*B8c@vyq5Xf9m+=rQXvDA42 z`KK>EA~rV~UHj6*GD=F6<8p$vi(^QpF0y)_-fi887%n2H%q9V-qz`f^wZ6z0CRvx9 z%`#tUjvQRCQG{BLh6T%PJYo7u@_qD&H4{U3mWiOiDh_hRfmW%uEwF*vRwz8b<&o1! zi&~%hkuZgL9LB^iP3xK4VtameeX>QP~O!kx})uyi}Gj{7{!IkUrdAQ8+Oa3!|Bo zr3IlV3+!X4LBy8OUCy)s2{~D_wc&pO)tJw4f1iHYi@gy+%g*Fq;Qg`#@6^w4&NR|A z8gwPqku9m%I(ESmWS^u3@4);Zr!qEfZ!8&Kd_CDU_0a6qx^45ya&i`0?nm(8R+i{- zSKe>bFR|_)pO$>}xe+0!$Ri$p%jlB~MH*S(ZX<=G%m{&=7hI!8;4()?AvSbJ>geom zv1+6>(OJ>cC?4~zA#tVu?xnC%{eIl$)LO}fO#ukh#wuto{*dAWQ;SScPK~fyt~D`CE^ghi z`A{?VHI9l2@E2k&*A_j!txBaHetm0q141Fo_|tt#gTc*ryo-N~_D=UlPQv{xv|94e zHYy!Gq2FeWP=%OZSMMlF?moBIRYVM9E#V+a=-Tdz$1C)o>Y_6RRqO zo6$9**jTi;P4?ohn4YAUq)lGgYJsU~t?05CyUMn-`3@V@dQvcK8^*d6=AA9}&Nkk_ zS{KH3Wnooa%kzMWw6&khRqNvf1FztSzop5$!0<-^qZ8v(qAN2}?JrP8x260Bt zDr92Is>0^`hop9a-h~&WkbRmQ*^3Zd^ey0%M+pjgB`&D(Wa*Mdua0A&o_uTY?|Sk- z7fW14o2)@Ch9TwG%yc~KAlla>9&|ZW<^sIs4nQNJ+4nCAEibf*hEE%K^+mu^`9*y+ z5?7yO54?|eneTkJRIu)MxiI0TtZTHTYz-Ac*f7Rr6gVyNzd`hx;bRN4%4c+OcfSKw zKh+;|pUTq!|A}-74aCs3?9#zN28xq6VLOE^y`Xy%nQ?s-?3S_WU7ZT*WmFuT zGefd%^3f&MbQMmr#gkS`)=}$;cX$fQi{hr9Fm8_{wDmhv`~BeAUp0pSk4{r=tCR{X z;n^lL3Va9!;p+$(#L3H#NftcihlVoNEDXM(p0|G6aKqxREjK?uUDz{+(cjWoecj3_ z$lfUsXAPBr2X(-GnNA8?{C$8+m1{sF?Y|lm{dccF0OQV}f~oQWv;h!@m!qo1QOIhl zMIlQF8J{RLCh|j(-|D17=&=SZOMTy{6ZSF+ULi(bvJNV&+wkG6R}W{D<_LfU1E={x z1Ss_LS5tMaz5qF#B&o5taezVhqO-=L>kV+W_#peccErh+>I*vS<$O2UZ=LnNcN2Mw zzN`IFA8~*&gqE%tbTTd6{Rwhliz4b+JrE582D21OAiq_@iVFAe#aAjM763S8aq`d1 z`uDE(-(Txt0$|geyoZi}5X5hVvyxB9y-ao+L*9j7Uk8A%vkhX{x*38I(^4Rml7h@j!F-@B81|3D#~Qn*Z0nH>zcpnl8yq~a z0sY8hFHXo!^=0QnpE+S3aDtITq|@82&Y=-7yEf^aNOP60+RyqqCE1%)s(9Az@77D- zM1S!^53@j_>N;?M<^LCYDD@FNbSLF+dT0;&#i6>Q0FIX+h?VvLzrd{H@4M>1>C&u7 zgO2q@PsEYzK?t(5ZVY?Up8yi)ROSlLcyNzM3acnunpUc!AsIlLm!qrV@r*rUA+nVFoqwmJ}zI; zpO>ZqKiLwo1dvi!Y%UH76EsMild3Jdm#B*-2m6Aa$^Il_i#uET5qKR~L_AnA22lk|5~iE)XrZrIx!6UK2~S?!*z-v0 znS)jF!i=rEG*%VtG!w>4x2!KGq>hDxdyWxRBn{5mC9xpH zG7Csr(qgNH|Br{t9Sk_pq#M_%fj;d;aEJYg*HA}ztrL9bFT7TrjRQBsC5l(DU(m0W z05ZwQxjOXDc@UYq^X^cuUoT9lf4%egIcx<)uuC#v<+MT5=Z}9teaRnJYfx<@+ z*ojFI8aO)4IH#NeQ(No6i{cl|S$$XADUebhQD_ZzV@uTDv3bx~Xy<8Y| zJqt@A^NN03-M`8*-5uG^-HUuAhVUJ$wV?At+`-Y`$agvvts6z}Uf)&u8r!Q?5<4&}92l;9 zRS6g2v%PyXWOAx&i}KcTO~lhbBAqjYoHqu|aFOl)@EN=p*~ywAKNWabVf|5g8#{a7D{Ca@($E zZI8Qx_pl6H0$8}4p&;>iSn$td7h`Yru;g~gL{m4bZPt3zx8ckY!?F1{?NTmIeE!nW zLtj-s4tnveD}>b~K+ftHy-?&ia~)I^1(Xk=WG1+Yi6m+*PiWiS`hGHB1vmKSYqjPzwg!e&Bph)z_3+$?q2X!Vpv`2T0 zAt;7XBc^@UF^4Z#&|6mh%N|00FZm*X^gqmMY>(H&?J&R$ER`_42ovhlkH+5HT01!1 z1a9LeIZ7!?Qy`Ig{PnS56`8}wSasOFibsWVo$q+R=X*MiKAbv0r+kLjL8!beodCy7 zA*UuxwCGCs?2l_EqSVjE$Nl|eroEZBr;sPvnr{e)nkkBz1Lag%+Lp<9 z(}5~E79PKsag$tul@A?!=U>e6R$r5f+3)n8 zz8A#PHD0~CMo0RBWcg~)Ytd6%NvHP-J&iW4+pWAC&x$j1n+m&WG#XUab8A+j=Pdj!Y)W_BXRE=-YM0eYk9JRG!3qqrhG)iF+UF+UWiv%>My4& z$Qi8)5Qj1qCx4sCbR&?!HhA6>s)?7%1OG|7<Be4PKOeokS4?5>%egxt|KDUZ+F!g8SLV{jk{Eh8*#c z(+BPT9W-!WaS{)BtL`?nFM4`d0I|#fLfgDH{2qgf*tCa)b%}~79= z6)DruC}dGB7&MJOI$-up)-`!K(oPqjRwm&uqN#9ECa4a}Saq!DGI_@FK<_v32sqMG zuxO$$3nX$%O|u{1Z)S59yx;OW58Noy8LG~`{$r!-&&hA zV_rzzzD*lW3PdULA6H0SqukA2+5m$d4Z;h2-24KUKUf&#fF&pbc2QFVYr}A8LBA2a zPWjYK)HMKN_TjvD<9i-l12gT+`V&>!oU%n%3!87|R@VW()OBl~5@}EzqQ`l@7(LXzvNEiww2t2;FDGA(y$};b;!xhqKDabc zt$-^0gJgCLy$T1=NEJ6(=@9%QIq2-Ev826#zs4R(xoF})hI3yO{-mL<7Hvd;2K1t* zIRKOe#rojYJTU6MkXj^J*@wknW{@}>hP3-4wJHwP2?`DX)1`xj39xPFC^~(`LE-r8 zJH)K=pJszgttlHmPY#drdC&1DZq+mq+BLN&%yn@0zk_k%Mu(&RVDwQF!&+EZUNS~2X_au?pXnnEzpR93$?nX9GeRsn?(9;wnlPTYJj!7pX#F7 z>8MQN#&voHW)&vYirJD;Z|@xDHy&vl+4U;>St&6m>nap}W4DvtWPOupm`p_^M~o0h zZapb}8^T!#EaqPH5GncA?rOayi#STxiS-LmefaPGRtkb!p!w1-QMfSRcm*KrZ}6xO zcbBziHY&JpPE=ZaLiB0Tk8`lAg_Gb_w11+YoTnz(3m^sX+-L6D@bDEaGMl|xlkzBH z1CZDb6i-;neIs|F8@@udq%lL6oS|(?dQFu=D{D_X{SOj7w4Cag^Wl}`KIb9<_dLSQ z*s*QUc%wB8a~Zt?mY%=t(3#kn;Z-$Ao(V&oQte)HxH@$n3iTFBnLRET0&2csqgoZj zesnh=+$tR-UIYD|ED^YPaFU3ngr^6*QUtN)IUz%I7<#6S*p>Q>(Kamm`(VIvFw}1S zF&5upT%C_g&%TrA(}`UayBZ=hlN3`Q!pLz;I#P&?E75!()9SKK5e}Ok=0`6xWg+G@ z2I3HbK0z0bAH=|S)!zY_Ju5w)_U9aKH_*IpK9AVPfsqXBoCXKP8Ma`nllOzkm?)D; zr9LC%_TV+O=;kajTfJi#R}eY&0vB%r^u%AWUj$&_3Rra$K6ffagVV&=!Aa0H>qq4f zxWJX+KS{lheFs8^C>HYqEV%pn+TlxpzP7A->hM(g78|DC(Z-qwDu~|!Q6AJZ#Pbzc<*xzvSEmGBh=mi1%FZNzVE#p$CoSTQJ$iA+}DS zxN({}N*Q>$ZsZe4<@Gp~xv)iTX~fqD+VHgQ7)!@VV7r0Q-Aq~GwOW|`DLEg5oh_ot zW|M=PIsy5U)BD%IfaM*f3~5ZbRKtDE#DJE&IDXHK#xGxnnth7w2fLN9M#8g|`d*hS z#bvUJ08W+RBM6W`;gt56m+Z#lm~VkLC-xGlW*PDQfaDp?xn0m1BztOu&quUJz@ppk zq2KTXPprz6(ADfm$p%cabqQ;4(_6Qtd%!#jO-A6If5f)NT+^I#t(bSl` z$5qLj%OkVmMWyWt2pObNf|msAgy9ukl_lRGL`~re?k;6?SOA@{4xO%%(pFmK_o)+)tc^jyxB!znovh3*g5Nk)9We2E^k{V zimAkW?N#UAP{;W1Ls~!8p}pDM>yvnfM!mpB7G;!nRNn&>McrCrMdbGflGMZY-)jh>18Y^x@ zocR+&$|6Az3Vt>^BN`?r4a>j3w9o%B=c6ijamCH~8vpQmRyXoNZ0&Gv~r{6FI_6Fs~$@S)(5 zJ?B<(T2uz+(oo)Xog~ZITT!@4_5-{XLG8;9Tkql|w{jf=KA6!`mVI+U@w-XxO)CbV z^|l81KA-Xt`#e_Qf{Pd~BdClf{nb$FzdQ-R{>;@vv*#|4oZsDG5H>Jubd0K=>UqDhn1<_Cz8# z`A*F#mC3mA+yriY(tB9)(pP#eEAr-@uJ0Z7YqF=gw_SI||VCeW_}uh$oNl`QxC zrHYu6j`*x5vWCx(2Ql0)YFDIJSZ_FlW|K)zh&+0bC}CS{(G!DZSmB-+EQY<}cd=y2 ztj;-CAtAwTt86c|qqkq!#7d2_p0gXiwY+O`u8PUxO1Rn^?pKNUu&d!psddyfJ&KHO zmWgQ4_UQp_pKa8++uie*omg+jSeH^TvcJ0K=()w#ywy4E?j1DI7{`b1u4hh^g~wo@ zy9XQEG^x2Zc+$}**-_blV^*TGqM@tMe@G}#w;Am}Qp*_ZvE zb{x@=u_3MbG?^nt+eq$J=EdWc8Zf1$$g%8I=#ceh1(Uho(-}XdaQ#6^N!II;%@@N1 zL12SyJb}^HT?m>yr6uDiTCXisQwbu1#Wvf1_+(%(N`7=p4Hcep5>{LVJVo5K#tvcJ ztIMY9+XUnb1SGquJ#qVBO!(|s1)tX#KQC9@ZBZJBN!aO;$t^POp9zRI+u7TYv2C`E zCfM_jlJqO9%^~CJ4QnNbDRn;3FFZ>#!L2*D2t}X5I(I8bJa^|%UG#f{a^!v|IsMLf zbFV`ucZaJxC(!giNF8?h1vBlolOxMv4TJ3XvtJeczEYRamf~90YcWmC&nrKlI)S#0 z3p5V72El?2!;pPw3-v}+Ms`iLPk_&bk*loIw^fDC|F|-$D|b^p)P!6g zJmo=7b4?ueIKuAM$b!oCr|_BG$Audu^cGs5DtZOyKKEUW8eOHh!lgxZJ#sitmu=!t z**%I3qC3`-NgjX*iiHG@Py7$dSzb6QK5uFxoG8JwBPNqe_R&C5mkh)y>^YDLAx-)) zfa(~q%dS9A=sUdM1`^O_kH3B%si7>`COIfm_7}&#V;p`z>WOR#9-;@SMD#1@;@Fu5 z>_SS>+fVnJJNCJM)?8L$d91>v*~~goBfAIEb|3^N4YF&VZV-$gwo3s@LSTjcuoH~4 zyXI-`o#Ol0LziT5U%YWn+3o|s&oIeVmR0vI&!zO^ZNi?3Q+uTPbxy5$>j}kgU-syg zNi^`hN$gg9N;de?(r$g<@Lcwz=1yDxeRw$LlT`}#?i28_AP1uEt5&lnL${eARnhI*$5_&KrV@{P_++k1#q5u#kh=K9o50 zSla}jRIYy@;*i6|dDYL`7pYB;!Q~O;{0SA*)7Ec3?h0qF2N1;;!tRmPYw=a|_i{8- zF>H{K?FYB#JwV|D1Yt`6dCe>44hTBU=2mv7f4`g-eEUD*g@1=5{)fjQaQDp>54+_b zktwo0i!uU@r!;284C5lZgEZgVSC-9S-czh@KKuZij#>iZBz1tA$%zVEDq}4WsS4*K zt76#%8173rabV$C2iQzGC{6Yk(cj^2!IN9`XYvey6-{*KC(&W}UAFLC$~#GVpJu$o zNZ6RnD6pMdNWDsGAj-f8?6wZABMOF`cfb#e1jtZB>bO(205Aqr$3X~fM)Xdjf`1*{ z@5kLwGVx8E0jMqL+<$5u=_ZL0 zYPc7;YX+|PWD%3U_rWC@5x9gQK+yqJp{{_F7iP=CbOSRfBe8KWD1OiqE|o7X;2j7R zy@vyYnD5%LQz`ZItvD1xUI=^(2fp1!_xB?+_{6n>^|)f-1e9nY_aBkY#vdd>Xe`X# znovuOT-Ni{!$Ckf9!97ISO0vDb#B5}CiYl1lT(@=5J508*ZMs5&pVg&zxm$?9>^A+ zSQ91R3^bbgEie<=xKf%!tR!6&Ljvp)?2_$ zw8DVCuRt{sBC0eC==LWap5bj+g0Q&;=XNDpuL$4K(j2(?Ej27i{zI^*ckfpAGxSsk z^)ADnPE(|gr_hk_Edxr2iR{^ja>vBTWKPu(J_0tmSx#6rt>ywN;yWAy0MJC%L?9({ zI98nL5iaHu5;sPW*8odPL+oR9fOjNh3DEd)YuqHC;c#0@Re;a}paUiZtjFEK<#o+M z-*4ng71(_Ixy$-d2*U|G5L`0ifl@Rgu#_Q$O6tSoc@od=@f(MR3sir?h^(!c4E0DM z#9D_^4SuYSRLbgD3XG;Bzgv_#b*k>kR-;Y!E<$$sQVzKb>|60|%@b`=R%zZ5L{HQi z>6*V#&=;HqaLyGx0RI+&jZUdfaPKwI!7{lrVGDE|>Xd>)2_k5u|IX&3}QP zwXM#*6T=7$7eT%p2I!&9rgk8$<1l&x5~hp4hO6L$lW{v%?~9V=Sr$h2^`Zu6(l?6O ziO}i$B9MwvB@r?)cc&%XMgS`4pyb%mxQ?9>e^z*vx`p+blF|}4)^ll1%uuSUzAq@c zPS=+3YI23=i@GS3c4o{a9?s78S2L&3b1H(?Soj{8v&l8ion@n#c+2c^Ds>ACkb+&OBL!k zePccVC$`rPw_vs9OPVgsPnYXV%@jnsmk`BS_z+3>uO`!6_Y@@u0#p%571x3xV^?Gv9%V6 zct29`ngV3T&U*Cb6bO)G@qk;chsO0!=Ecd&SGc@C(HT!pUdWyzb**V487i2kHn!9k zk-5}}utb0^6?z+7QTr#sU`I6PF&9o%K_6 zL3hJ73}rP8z0l*rlBbp!6D&`cXvXC%I<$ab#NRg;5*c{cR(zS^nsbv^s+M|Rg6=i! z+r(&r@ar_eAqEh2O%rioEx)-ThR4m1?arDIBy>d~VeHV#S6n=`&Him8H7c@WQeq4D z4<9^1u_^CE4F~u{_+{2y46;`WFku}IU&fPir4q?%=7RSGCqZ+wA^A#0Uu*LlRwX-@ z#J8c&>@Sj4$jW6r2A&k=ElT!dhFuI=R%aW@REKJ|*i!;D8k~F5au#>R3mLNv6w+k# zaU3A&M=Sizx3iuq5NtHQ)RTYdb8m@to~M4%XRc?*Tet`r2`j~&Ot|2?^pB(A6_z(F z9Bh5IAM^2LjFf+scD|HODf4{^ye-M@D_vde!EGmJRy^{iTS-Rt@fRft{@3d~NKWw`EsDdj!Rhxth5nh)AC3l?|br7ag@%wj&1y|@W86vEGcN)38zp46F#w)iS_AT?q9R<)jezQwVfai&b@ zo2`VDd_>LJ{`u{7-XL(-<6K^MiyBmlauq61bDR=yfp#TRh_4tC;x~31OP}0w;7LMM zGBVs4arKt|{MCE2Con*pnrB1_^A_G}vfk~(5AJPO|3654c)%=4$-4r)+Xga=z1fy; ztN*HQb<>GcyKS)-4^L*AUSPK9m%XyV6Fp(WUvkEAg}>n2aQRHqr+fWmQSPD}138oL zQH*$3#iD^+n=v8q09eJdtXP ziPyJD^ueelKk`yC#T7m^Hbxgcii^F<^H~bF`VMJO%!j$?>BJ!*9w-RRO5GXo{16sI zR|`;)FvCNIO*T?qRoyZ#O&CSFcs~1lN>4)n9OE%k{A>JtVd6DxXmq)6g7fvN>lvRa zl`frYU9{H;f63k$uOOViUkC6|HeQp?gZI^A{p~)+V6AIqRut2aKDR|F-{q3M5vtE} zB2IFgO?=PT*iKR9pOqtb79B*?c5jp&QY8c(?!ane!c``aYqUcINjwLkXA`e9amQY; zsCu=Pt0`sa5-Hv%9dbiuX}9_b1qEk;tI2w?7f85o@uY%sQN%h@i-7f(-?6T2p(+!W zc+Pe4aojd9+d{gP!&}`9Z>Du#fNcmz*ane-FT8Kuj2LjGDJSfziTU8S_fMcD^F9Sl z+J$kvz7$cP@anckUi@`?nNFT)Mcr%ojt$v_-++%DYUCrwyR`2V_#z^Nk&W3PCM9&WY#}jpdCxYqnW5N@1pyaQL9T&)o-ZTUUX*q7)q26s~czb6IY3Sr)H1Z-x^N>*8X3jJHEsk+Ke_7CQk8GR*YX!o^Egk ziEPFcm=tXK-OFQUA9OeqX$-s|0}o4s#UBRn_lQqv~8?{qw~wpT1OU)MZOyYgTd|k=vS+4=-_HZWG@)Ic~CTeJ5!hM zo6hBAa$rXU02&kulZ}@;z)!?S)RtQTBO9Ox_z6*sh;iH+oz^m**97Cc z$^%XBt$^SM0OZI{Vv3ii9;+A&kGl2Fm9MEU;qgPSs-zJj98msGdH(6=o|+DI3myhVjce_;!Fup&Ys5K2iYRyFOpV8>pvY96|BeW;nW_0$)&TP zEqD3f>ZTF3mR}aYmU0n7y15-7@#KK2?=Po(*ER^3O8*M_Emd3c1^*=Qk*76$XWFRl z#?MiMyeaXHvrm~NAuQnZfrh9HI@5^}S=2aRt(!MB+a@?+m`Ux>=^$h{7V`E)$+I){ z*LYc{K*yv9BLNV_p7Wn-C^04hae6qW4r2YlfsLYWY!6ZeT2has?0`Z2){&m#rL%xA z_Xs2xpvb<7_D5aptujd+9aWhb9x;&dXGa2tpy!stgYWY858ykR@HVmgFWm z1#YGSHNFSE>UcF91aUcysEKE9cnlcb<|P!xJgW3l>gaPZi@0f>v4OyQf-C~u3R;7K zB}#&K5^ODt8z2uTu}}N*D*LzBVGDP<#-U5w zpuS8Brq^1)WafjtW7RD<7(yU(Jxe~>MZu-i+Wy?R8}%#9$(|D@K*TPoUE`j9zNe*? znEDgKLOi9<<^BYy6i(|+1XGipHc*p8E`G5Kglq!TQ)+S`Nr^bu8>vvAwnb|uP ztVZku87LA}69GNFb|0;Mnn>dA|GNi24lV10P1XMLv#ZwvM&ceB;2o&6 z((f<;%}TCeZ~;&sUJkF8L4B&0f#8b414I?eo>xmK>UH&Ae5X1Yo_RDST~-EIM8Y-% ziB-Zo_yGIuk%h613Gmho-|d~A^PSciEKInZ(f-t&Us7;8hp?W#spnh*4B15-Vl3a# zEQ*~b*;aog7(sqJZfPd*5QH9PEFY!-uR22g@`K`|D0;ZG`HVUw62;lBv&&yVqhvUz z`sL5z+w^t$Pj?!xx<N_ee-jWP^|b-XyWv?}xNJ$=c8=xS)JVcPnJ^T?HLOi9E`)X;vAqU|5~v?V z66;5KGr0>*2)fxCptb?Z7t>P2ZSV}BvNfCj>6p9r+ozu(a)~)Yh+JYn>&jlRj}b-) z6{t=6{#z50*?7MBDnNl@e{&Sf`+IQTnhkUa=k>vUxPi1Pee#xY4uqT|ooD(cT!M+P z?&C)3V%-j+i^3qBVG^=Ob>wSIqmRLt(ZKp`*dUqsXX*{WSPOd>{<@`)q;?OYXJ z5~^U70;OD*S@(Pc9X!qBl4*?3dfHnTI?{gJ2tlR*F$QZbzq%}K^>S$B6Xdevsr?8- zi32Wm)o}OpT$SO=rf2wv7a+;7+6v~{4LiKYEpWzRnHHMHe2r;UM^)^4`{UknM>4;@ zSwvm}3}o|1V+wsR>_y@#(-K$tj*$qU5_i=ij-k>H|7?w~|EE~{@184IqeQe}@D%$4 zXRJZ}50(M$8jHPPhad6Jocqc@_RN-C|5Sp(eIomqTGRaIA>qWA{bgwo`!53SD$xrh zv*?mRdSpAlm`HK3qz!~1*F}JR@Bh)yM&oa};oGl5vDvwuH<+tbbZ0ywH5ZMA-XScf z?9(7&^h1`@>JtZXL+5Bg66TCd!VuGJ)Q2vRX3UkR zOKd*`=1wCsQsferyq>`(jVOpubd^34Wmvo9;1WHVvPTM90!Li`!Tdi+&fS`u$5>X{ z()u{0RBoDW<&QSN;h9{O!X4I2YrY7qvWUs9Eo{px27AW)`TALXq%5takOH6WM*P$p z=rJ=h;ZjCd@yFsauVj|gcpDF?p;ugyhcF$lAV561G6QHkM@ngIZgucS`9D59Icd{I z-$@>5$m+wpDLRh>%9qyQG9CgM(hz!!8>Q0V;chaK%nrlV5(RHU;R@kW#2QmDP+TVN z^yPy%1VQe?QF?ZAz%HbE8`X`@G+OV(`@_a9_H|7za9nwI==*4I3V(I1)~QJ~NK8R8 zsz}oIms{mu_6kRW%YO&-M&k+Bf-VegNgKLAR_4*}Y zrGy%{4nikU1=c|%!(q}5Bndi+-@qsk@gCC$5c=q*YqBFR6Qhx{p>3DWKQBI|^?mss z35lbMOx{8#u{=&meQ>G?aBDM>39!2O`9}y}c(+eh+xE}KJXWh$*K&{f&L6jr8Ku>) z!OjX;UJ+Kfe}O^NP8l=;{gq-{j_NH|F13)D4ybInR zSjC&7Gr9|ZkX(qst2(dkHh~?ntw>j<&Du1)VzI)!wdwdyz^(+v9+{pO1Gp#45le+2 z)aVseDS<6g6MSGfeAqL0RqhCdu(ye=-{)k@o3`i^a1ly;@I34dKot|X+UZlPyFyEl zFCAM$sAdMEQ*$H>s!7G4ZEU5UzN2XAj$V6k$g&TY3I4HRCN`2L@1x0na~H5yUgWFV zIcOU%5+`j`8)KzE5~EM#e-&Z=Q-qoa^qv;Ezk`pA5p^AE@3QRg!6zQiw@4rYcZ{M(^B62~eF&ROV|cJ3|(0s*0ypcjKw0t~!j*dC<;;_D$4 z8By!fgF9owc(|mV4mwhE(6kMI>g)ZEVkGt9xGDS@r;;MkEYMZcRQ^ERc9DYhFf8Mr zIl`q%)k!?a2ma!>F#{@FAm@beQ&85I`0IN8cmGo>rKK0W>9izAl2|C1g~xM>3P8JM zxU=7CDv(L8(X!%v`jYQW6XBktD8~IAXsN32MiX00&ApG+?eigEduhsmtbzADny-E# z0{8B==U)0Ab4OO~_gpE3#3T?4d6Vh4mFnNOY(s{A0E{zhWH>n34jn(!(Rm8!n@lIi zV843HO{M(i``H_WvzYf_WLVWT`DxL%Mbs*A|KEe+f5ck7vOx6IzWV+wA}&9nr;BSS zJD|}m$0Q4}aMzX>$ZXtg7qGs?VU5K2w@=_^xX#~@@|=s9wT^6eWd?q9kev?LY>DPj zB!71^@Qb`cZ3*E^7=V+;Dd0Rj$+}FA^U2jG=FW zKbnXo|M}79VXMPR@QlEvYn@zba+e!a*qi9p%{||i1aDnJjx-7d_0YdQh$7owga$Xb z$@0%B*zFDk6bTn(jN5<7^+4nOP>7`vknr#z`#t9$OtwzaT@;D@e9XfdCdsb(v`V#_3A*vt}5yDfGg zZ7=5@`BS0j>DklApVZ8&h447FNXTHl7C$FGH}7tHz#7BNPHf{w6X7{oHqJ%z*5t)d z#`uY+7`BKro#P+B%2zqn_I@pURlFN|h39cZisGL7{9R9O4{;@T{S7C^;WY0q;1LMT z-mIfD4Zh51N*o??PNsioGpB}SWc3Ey&x6bj$rHW(g;7X}Ef9^V?tI27w@mbkZ*%@Z zQjqYo-*mHh>E&Kgab$Q#xDqzcfEC;0CLXFu#7e$Gfc^X71W^9X{`GGIFj)qu49Key z|0UWO2CHc>9I^OLaC1umV32<#fo)v%=$Lc5ZpIM5UXku3#O6OJMq>^&T2KoA4Fbrk~WfZRZOROP17%8pRu z#lzFyE69CXyi%+|mi@8&=2>t^A{lH$NAl~TjC9}&ru8JW3kZiL2m{{$o~P|VKP>)V z9)=f-e@|#gKwjt8n;V?l*QFX5^Pkvsi7_RmNkwGYE$JSA&MAqCJ(C1x3k11@jXI%b zPL)DUIid?5p?*-xc*gS=Zty}>vC9Mfqs>z_O_Qd?UuQV?;kRE!&is4aTN2&X?d77f zH~b|=RxTOqU}{ozq=w~`kJHR*%kffPpT00dmN{w2Hb?eM>APK%6|3juSM8m=uOKEl zHV7c*s<0!kVLwhTqj%SjA%>egX3$T*^4nEkVksy8V7U{e7MkMbX?l$%Vzu&(__QZ; z$-f#_xNx`0RWEOSNW7-yJv7z-6GLmm7(07;gu|#d(KBI1SpPQmqhz#5d`2#p;Q;z2 zV%ik&bDjfTY5lzdFhE(~>t1$G_wKj^pHSm9rv!(erwY#2O>w%aU$t){H}k8H==ms>oUDWP0GXearUGLDwa2#yKHwq&vxtpzUw0$vbDlIG^+WjBRc+<&JFRjJlIL&^}(>~?A`vWpJ=m>Q5CYq6{y{j3a6FoeS zWnYp77Y66$QR8BaL9C`AZrnVQ2?|Buv(tj-WPyj`|37oN&`KQJV>`qKyl(wx)2!m> zsv28PYSw%6?pu$w=N&rfYvHMQK$edx{{V=6O@!!{2bu#J-kM2v6K&ne{s#{b-}8XW zHsV0B+7p!uvsT}WL9Bov@)XnQf)vK}5Gt4+{z2joS;__#m+#KR%$Q~LeCYe~ndae~ z;{E9qP_mkeKu@Pnm&i`Z^P z+{jlQ0SM_Oh_J|8dnKlNAKwfe2eW^X^2G9p+9N|a5D^jvTP3Itbt$-()LCoo4HvYT zF?xUL%!2fMLanD$Db)sx5a|z({x2*AiVv14*fXGrh`fRic#xZ*eWI8D^c$tO=@)m& zP848L*&-K|%<1AX)8abn;DAMN`z`8f8vmp$WOZoe{r+5axo*>O*MF!>-IJjIJ<_Cb~P|IO_8>dtGB zhKM7GZoj#ro**ZAlL#ZyyL$~@C+Pu8lH!Z5)`b=AodMV{kaE4b!$ewqURb-Uhpnxb zXz`o!*S&z*@;Y%}IJ}+z`a4nX_tmUsr7p`SVI8H`iR%Xe)fd5*dJcB$5SpH=l=sr@ zV;D76vtpJLyZF;Oiv{09YluOpLhg_34$9TJF(AZW9%1leI>26I3Qe&;`F`@t&Z2Ko z(uV)mA}rIg3yg%&&zr$5Jua9~q-sE(ophfgHv`_!6)RgBw)kt0455sp*Hos^u!75x zuX}MPs(JT+pNXrPNzvr{+zO)j&g#vbl!EKYue!7mk1CGGXkm>{r zurvI~`DiQ(8nh8At5>>KDQg9tVuJ-ia4SmVD<%gN4IcM$jh(}L79}2I&$6XciDge) zK)*apWF6nQ{|$RrcoydSdJEyZkWxZ-9u>CLGR%8UHZl7%z102K`;;Ue=g9<=Z0ZK8 zY^&oAvz;SK+_lyEHF=-&*@oWz^!U64Jl0lxFY4Oan|p;Vm#QuD>Kpr+?!T0RFed>{!~+k9V7FlPn{QZQ(2t*`h!F zV>hJpJ782HeOlc{P0n9)FD*gcIcxy&Mdyp-StH?4Dg<3STV-WT(* zRr%sH&2Z)W=j2^V7aQ5+Y9tzT)T|2P>pGc&Ejgv>P0=yJ^qHt{(~AN+kIcay$o>b( z+-Omuwwd`V^6v^JC|#ZbHp3)DOCMn3M^xM=I{zI7YdHtdLty+MaD-Wp*MlcCj%fmX zM)r>+f(KdvAWWne0s}itD3@H~LrjBmPbsKuQa=$#5JNPA1=0KfU{7L%HlhdvJfUCE zGX-@OK+n=tyg1l_G_2@;RWKQd-G?s#hAI$c4g^RQ=rrxYa)!JBDXJmJv(v`GQw+oc z(61xFj=Mm@S@A`jPdU_~nN58zau3d795nIX$u9jS%bK!u9d7GT=s`C;vMnSgXQZ4V zWDZ+=pEjxIlbnC}9;|H}d7>hPwKLwPpy}~-b{Th2y5LtWMqR8`icKNzk4YUwOz`Us z)od5heg<$eeRKs}7%whb;>t&`mSAlCo}is1wKsgjQ5t03kWrW|L^b^YcAL$5&GEH!Yph4#EE)ZEqbA)w-{b526B!paN17 z0!j>^bf?lKIW$Oj4V?ng-618QbV+x2x0G~uH~ahI-e;eE&$;*9bMNo|{#Y~2a%2{3 z)_UL1`#jI*c}`zXOo^E?%%@{?ZAo0Wlsn-vM?M!ss(bgLxc%pqR998d(natWxRV2U zoDCc*aa-QEM6*6e6IoZYk@cczuUua+mwG7qd9&d7G};=cdxN4GM}XRm+D&==Q1#U3 zNzh0>QWwVE%W$5CaX!`k9|yV>dj6CQ;{4;fd*3j~{hb?lpYZp%9D z0)Fgeq7*E@co{oQc-5tM9prfwFM1JJ;Yh2EfnP+N^ZH^g`2sl~5g<~bk+VJrSZjDf zS01_bn;vd!B)(>j=djk-{G*r^sU=+9C@O@{cqiku6Vi2kR*;T!{nwmH{BwnbInT7vB6YEpq}d@ZizPXbxr9y z+uV$7-#bj}KyM5mot<%#)h_JMgcghf?OOmh1)vNk4*|3&*sIPa1)M=1KD?p;HQh;MwKMr_-6AYALqu8?7zP9TD}0hK#Ve;fPn|N{eNF2BgugO8w700-Byh2 z@{zy|@V8f}f*q?ZCjKM0Q@Q(pHpc5K^{@`wy>X(Y*)*xiN3!Ml;ij zDg`4N8;Cm}r@2BrKw^xkEi=ynIm@+G#CiN;kwgrwyHXNZtAsMO|ISWl{KuCVXG)R4 zJs*5)7K9cs(3kuhBtjpcN`-o$V)-JW@p}9R56EVVSmU|PW)mgL&n2muJm8`(g3E;; zxP93_z6GA+|J9fNU;P`Fxu_-K7sTgtWk0#vc=F^jT2?4!1lr`haZggv`WZ{QR7XSE zs{pRReN8VsQEnO>$*pw=P`71nja@}0!I9{;D?kV>HN%5TF6H$pX00Z zT9-D)#j4p{X6VL~H{}d51L9@3>OZaGvR-ZG3G!uN3^r6} zJh_`BF;nuj%*#TAz}q1&1m_*9!q9$btJL#^!)qSpmMYwU;I=9nF`HHIG1X`b|Lt}e zcCb1e<6xL=u5NrD3@zGI{j&ASw@itwj|+il;gRL&pgpZx`LIAW0$44ABI3CB$#m{J z^ZOrWTRzk#(O276;vB8yjMe+4yfJ3jxA9Q}{*b=5=uUf3^`{{O{X?66|SVo_o+&Q#-R(3PlFGAHmdCq2g z`)gSz?H0{$4@cv{03)2I$1*V+e>3>LeL+~xM##k2=B3KKb2Q5U-^;wxkui5%da@vo zj<=qnR=OY711&cXd3;M|x7;2ZIqH92b@AU&F=sHFxqP0#r32_{dShp)nl$dU8n<0i z$#QG`!9SI>>cx9E2FrW3-$`{-^@VWO?4I3-LpyUS&(!Rjb`CmrDAryPu{_{|?C(~< zZ#wc5s4I;e6BN(j(&l9uUj}bizQCSOR#zd*5m-r-Eih%iOcZf(thcNRzFth z3=o!;3EM%!@Yh7rHxi8RMhA^s2F$!EN31doFNh8=0L4>!L}XABO|A2N|9D$f{?UWa zLroyV7m9bwTq^#aopbxkaejA{gn(7IE#;p{I=|ZEC_vtCYN+aM)()8GOK#aq_Q3au z27d(jW*39m-R<|0gvNivl;?JO2WHeGTygJj$XujXZkTxXnL}~yzJ#0K?T3@?E zk{t-JWmPFpQ|B3h3{Bgn8lsaBqHd-!qZs~vsU*_|`mCwsUE6EpRR0n)haZ(}y?oDE ze9c^kb5&W{ctCE6o`cp7}MHD-)|v zOg^+TbD9ByY*piAc}?||TM17|T?9?7Q_C_iLOhdmWoHLdTFtJ>l<<+$0h6dlQd?g9z$it8~*2 zVtB#y=)1_c>$6{-;Toc@BaSU)bp%6lv3?Ix@+w{NZxj4_`9CdnpFA|>@v0Ju%D5Dpi^u97Z zy%)1Vb-eJ3GEn(U(kZ6lsrZ5Zbtq(Y|9%aeX^Y$}Y%eYJ%h!?{v=#7`8|5dRB6iZQ z9PWIJ4Ri?BAdF+ngo{Y46+J7)B6}RjM^KT8+xx~iXXu5DveKKB{Z39;=6J%H6;`rJ zi4YlN>g@Qv@U?&=H&u#Lr8rloSpNagu!AB~W;ChxQ+`g9uR@z3Ycmf~l-20ydS&U} zdPJmE;9S^j0@1PruKbya)hXJ`BoRo1Elo()H=qW>`vFC4`_68#k!?X1C12Zya-#|3 zQymXZ=gUxO0WpC)hy)+mZnPqS6MOy$*;VkXTev$KlxDXn^8eqrf1JJ-qjr$g#g{ME_G0-rzo!B5}Q(v6ez3{_`2Q*4Lqb-9vi zPS*S&o};+FrzgK{e#2kRvpY&HAK(4~j0NuAw>Sp0cXJ4A$xjAWT8_Xes|fqbr z{J+`|D*?3PZhG55_#}_2cW?FYFOFX9r49Ntf!ZOPVvCw*Ny6=78L)2c;~(ZvunF;# zC^1bX){k*OfEu^AY8jtAldi%rZ8JnDvi+_dA_=e$kiFq6cRL0YW>}UJZnvHTn2gmO zR=iw1_b_fmxIKS^04Dw@RrKtl?(20N?aR;e+dWpjWPbO*kXb_MNSG+`O{IUB>9G=Y za&6`Sg@C=Il1izuolv)&e6PM#jL6vQlBsCHq&^3lC4){XC7di$;^#V!^6bk$4&#f9 z!C&tV&ilU~wDdQs(KP1Dp%Hv5K|p-GF!<_ zqbocCm>hbTO{xeYM%!9H=N!l*{$K+@G8B>JpHe6{O#KV!;CRQ19FqmS&XnJ%i54l~ z5YPD!?kzPDXiY~?KHuWhXItaplx6DR43e=yd>}dBb|0PR+DPXa%TJ@&?F_UG3l7mm z!Xq2@^vX1C{k8$ulS#|KC<=$8CE&&f))u~u9M#tZWQwB%qMhDs4V+IdR`)<#GHMTe zRaG$QGlI!)5Gqr(*!g99r6V?{P2HN}_?dmb$N9p2=-MILy$;$rq~F=2bXkc59~-af z?9F7)butD*R#UJh*C#caXL#NgewHcTTOu+uC3RHqWH-eem?+g;wSa;G84l)%qr+n{51e)OVE&50c zGFCp%A8b}7ki>!T5DiT!&e-|ISv=!EUt@V|+yAvBUt z7ExpeCMbuKSjYwhY&e}zw8{+ZNUQ|uS`1MakWr|`JTK!mOR(w3a;z=c$#*V^2r&HB zD?x|if4kVvqFFW|7s1YcY#8|-3H0X#sY$+t2v|*y5DHw*5fmJTv=?lu5E4}!nxdMB z81%6nZHpC5otL?41(vAZAmy=S1!_>|!a)Fp@Fa)^2DyBYKT3^%egdpE=%PXd^~JC7 z6;TMNIa(nvL23k0O97eUEz+cN_&mU*h&E{RmZPj}|Q znZ&-G04e~0aIXohWoSXwj$i?XwTJ)srkr?zj42!B4<=jWG$DLr@i1GAaM7(TXF9_Z z2`c&qzn9$F`m-rlMHgdkL9`9t`0|`ZKW`dwOTbgJ7q)pO`|d~ z>xgKTX;Av0tv#8KJxX;#@YcO=@bAZg6}Le7z;H_N%?{>o5T12qo4&K~InMPv5x#9I zNvj#_S8IAUx(3B~Aj6)OzZQOCI572ozo#lE=NwNJwJ|CZotal!-hIiV?!#hLU{ZU> z=0^WSxm0xbd|^f0BHgUIm?hzmRrZ}WJIlr%6Q_Ou*++y%0Ug`j>zAS%*G!xRCn5WI z#)Qlv5~ZJeN{3PpVj*AOZNXpRSXtbmL`ow?MT0Mwg*lwkwfEr`TCV@hI}4Dx`2hmQ zvwUkp%4Wpi%VsmhPSH~dsGxAZhxh#DE@%IIpw6`v(c-xRJce^R*zuSvPekIFor*z3 zBp&r1u%<~*e@0_imgkbGqWtZx1W9`+Ltuhlt;)i3*Oa~Om z*7MW8YN9BrTp_OVXwEfV9;Ba*H@Ubzl%G`iNozSyZN+!xWl$2JUDPy6prt|E+R#DE z@4?fb!USguDF~}V2n&k{>H1C(K#1z4GiF!B=Fe=?UhuGguC2OjrRI@Ir>>>N#2wg! zlt3L?2c&wkkfti5v4?Nhtu~w^u`V{iWty71TZo`$Rwz*RiB$FqiZe3;);eeT#!>-& zbspTV`nc_1&F#xn-;9;1#{PvQO@%q_pVH z5n$R%@!vM?t5E^2^uGfVyvqKc32hB&m7nc^w1_xxZE88s{cp(G|Lp(329m$)Yk;fk zSM*}i=9<(5LxF$&_V{lQW0)lR*&yI7X&KJw&t3JCuG|2>P+s6Rg?>#QTyyeI6-lD` zg4k&M05A>!O_f+-04W2(l4oK!d_!*IvR7VqKhZYrKm+VeX~XT#@3%XntAB$a*?@y!4FiSWTubLDe~uY3Q>r=-==@Tc z6{wzi>d@TldG{#0(S0|Z?)sj!V*Z8Mo=}>|Ph?Sw)ZA(UbB`aTUwceF+#B1tgg~tY zrH_mnbyrXz_MiiR6y}`j^cT*^yXXL8*&Gur#|?m0D-cJ#FylfeJs+mLqWCK8h^I{X z)Zr@@&4{`{Pm#V|^fE)BJ`xs|Lq;^#F3o7S)Ls*;kb1ENJ8GQMBhJz z#_%;WID2}U;NgD^e3_oP@@vPjHoU0k`3)j(tZ?6pw)-2u1%ab>7SXlI*fHaak(5v? z_F;owI)ZOG0sUy_8TqXd<4Bs5 z_s+TsgDGo%onOO*r!C!0xvN*qoPm#BG}%GYwQiJRGP3ejy6unj;tFQvNVpp^&l`fq zP1VKC7$p3sOjjtmYIZ6ksftV9F8(5qK4~;qahE!;6ZTTKMX?#%hNwog*!sht%M@|h z-^u)WR>omXEkhxf0PQ74_ekFU>-b2mA|jGrR1kaP8Ja^!J<+G z?@g&go*lVZY?jKg4`>=YWfn0T5D&rY#Lpl0hE7LJ*1*;GoeX16pJCgvyoQ@Yo9W+i zFMesnUF7r}=7J9J=oUP|&wD64K>LdNMCM_DO}KM1<;_7Vp?^NhbIUjqPTU5H7Cos;=Z^No1?$jz7e!O5uI{m@eEYVpA?NpZwJ+RX%O0u34mg$Ve`X8~$BiE~~*kFr6ZaaQl_)Mu3p-y4u@#Dq zZO!a&3#4%P0=HW4UrYrMX#;T_THdckZjK3HldqWfZ7;;a@DK3 zQtqt#XRV=EnA4Hm(qEo-#fY262&jwON8bAey`V~qXAr=I=mic6K>od*)vu8!9GHWw z7gs-fooL)t-b8h;+XgwgU_L-Y>3;IVj%h879u>Ng6z{vt#aR&1oi#Q z>)JEkXdHjP3fSH-{?u!1AAh+W?@5w8^Y-9%<&N>IZ|RkB-w2E0Fb-eI+^0VM(_~NLXkaYNn zHRG+JA*3Rl5uVJ}iDQ|dLo7p2kC@b}W_{g7p9~*qzFB?9o~WD3DOr9*2Gvu{y!Rv2 zMM!Ejz9GMi=}DV!h8G0&5=O;Ybfot=p5o!dc=162#G;Ml`&%ux%3hbDEQP)pKPWnH z+`d|HQ`fTl`0nn|i^hrOOYyQ2b=4{~;y2HtEu!G#N1&K~G$H57`IKCe_C@AD2kn1Fd(jjo&s|BA9d5=q8&>#^T+YMXq!0Tb!A0~Z(6N~C93`-XJH2Y3PwlM7jAs8fSYxl74dhVp1A-Z6U*LVDKqc<~0*8hM{08>HF9aIBI zrXUR*QRR1fL2dOD&*G5VDQJQ>W|7LY^ABZy2Ke%veUIh^@a5dt9T*1jjXL73c>}^drnTaQ14bhtM_xwpBgjpZg zIWWBCN%V%GbS`fqSM;qRnZ^%8hf()XcvAh9Af^ zZjCBFjNcP5Wa!PzdxbUa{ItfSeIeSNX(UP26xxJ_a=sKah(ws%#Y1T9lY?iobYc6& z)JdN_#>SMY7h{efKOKvelaO~)lzutH(k)x z?2ELM$RY08y>s(H;zP#G^r&>pL*Lm`UAe_-Mx9`!?k(uD;}m9|bfQBbn{hoCKUhD( zKmBj6)TCB_b$+?IUBo?3ybWl$ppK1>R&EBdr^h3k$HK3?$W%XgTcBBPi=)7Ad#wx* z)Aw8&lrqY-PaAAjD>kpdHPXM2`s$JLhd`v}U^-Ae7sUGrB&ZlgA7FURlq74nnw+&E z_|iho>qnC_q_2%m{gQ^*a)*WuvZ!t3M@gUl=t84UvtaF)H0m=XkRJ^5miI>@ojy^d!2)Yap8xVFZ`iX6`Y%$#~Aq zC_C58m{00P;j2p(TwQw9GGtGgEam zEIk$?_WW7bKbp6^-`<3TF(t&clacjULBG zSy=HL9y)=6&bip+T;~v1H8!TvPg$KD+!^<^g(hWIR0_JY)~&%GT6B2&^j2;EtEUP) zAzH#pJ{NqS4w^WaT{bs&%139?(AIyV!F zBO;RClpNjW9yJj~SRp5!os2`7NT{P|W%WQqUI`CNiM(yr0`y4k9l(@4L-<{3;ZJuf zssDo}`KuTa*qQ!C*!Z`fwW@^c|5iUtuBCzc!KVHfHUR><)m|?MjS}jE^o9pQ0FCfD zWb#r;dIN~b^jnz}gQEOmKcGbh&mM!g)b|Ge98^m4kEi#~*9yU&A5Jdk^3fxc87?nf z8HcJ1zrMt>wdTee?k&x#3`M8^(6ECIu1AF$KDQJ6XB3u<$y82`$<0?#-q4(IUc{sP zhbna}r+srb>#mA7N%cY2A_syUbKeq;5_-Pe`g8uCd-&@Ew``AGM?i*E*FXF1J2FP}VpR=6{2ni8^b4U2Bt~<%n~0 zY%F|d^ssK&^UxHa`wW4@qB|X=*soH{^@o!0m#DnH?@TYDa6G8KgTBpCIcjGbptt;- zb^(iRs=uc{xb$Gwm&vKtNu_qw25HvDjxy?;jMkBADI5e$Ff>45L&+uBexI9eP)i0G zW5W@%a;6>?Jqnv5`M8nBD)W{k7`bi7=YE|^eu9{EDbv6a0}6%JK*$6mqhhpJ>JADr zJ$G$=p1J%Z5_GC@hsz=OnJoZrj-8l#9GZso!UKm8;IJcnjWVOL!6%V3l^558ofnR- zOo{QEH7Lfty;BJ8m!+I8Qb!qBwrZ@0BBWXSu)r@K!Zd^v4f3;}OfJzB@=r#hdvKNVylatvQ?$7UKZB#HQdMx=8fveW#EdGIFUDRnj;y-ubJ{1(&9K+ z^4XNW`(A_~CkUYG0}Hxwf=%rCE>Qg=UQde0~7u-!F3WO)ujpJ`Wz zPpt&$shz%HYeEOGM3~y^=A&>9`6!!kd-vC8oekO6-% z>Co4`ALoHEBHr$6w~J9_DRec;bG%nXGE|@JPJvL)lH%dOvyQ9mCCB4~JGf!j6K>6z z1};7{0wV>q5iU=6jP*%b&n?;yuoQ%K0>jA6KG~qAYn7AiKmT}hG9%o+SH_kjedaOA zdv{Q{l9ls5;?*_90Nc0ncZCb>%@brgf>N9ZGd!}YLFSuP3E0fWk8;8v>Uty3DLg{W zmbNuL26cO)Kb`Q%sx>{^v6_f4M3Rr%P?FM@Rb zUsbzXNB?Q)*2w)Gd&;B1!LJ6om=Hup8MCo&4KaOR(aH9g#kn zZ>P($igO8u8|9rVs_ZJ`a(>mNn>!WVtUb)3?^>P-k4m!Zpu%)B+_AlJ3MXQx69V8fTz}^0zRxeI@olEO15NL}L|H%PnTXoRVu`qFrV4 z086Sn|6+USDA)E#bdt9b5_+dS1tDb+Reyl{%p&B&e}mSY9v+nmKD;$s|x>x{5%HF$9X_A z55+*-(!dY~HaIUG9I~3c@=N%fJ8^a8Bj3H0Ve3QuXd$xh8Gp6`5-{#jg9eW#mLYSR zLu1tPXHSDxPcwgma1g$M`HAj1>2vNM-cQrD{I-Fuz*2N>r!Z7P|7~tcO$3#mmD6*m zst7N$yW{8(sUOeADYf)gFcSN}0adW7Q;V2&Fq$e6k9fukbKVNZ=ypn4EFKdr4cy-` zG%R^fH#({AnPqQhj~kj2YB_DQes*Kis#n#IJbhjkKE=bW)IkV<@Pez2`5%7y8BhVK zOt7e4pC`pvTwEVCsLi}*kGSj8#&EFR*=O7j-5{DYZ`#*5Qy_ZW@`U!NU2)kAAskz?qK{s*QszD{ zLULt6OlGU>i4ESfrx_*RYDxfNSlJhv`WJ#ShuvnW%H;^#cJ*mfqYpXKkHw-jmmr1I zc-v8w^wGFoNBIRKcGJ>nC*JrsX9_bVi&6bW9amIi(7u~z8yP*x;z@eMA@nnffvEZx z1m_*BC)%6p0sbdzBPXFU+!`1ngPC)`^A*P0NejQa1f?}A0Pj&EgG-aJZEErTwHY#K zauXow#_RB*Y9^_CFfwS)nenFUhu~%9mSMz8%c_}JZz*=VPw9)1T-X0ixy$#aDo7{4=QncHW9QepM-d6gFrJps+yz(oH~f{LyEK zH9&q9kax3s(*s4ss;RO6OSM9@&^}72yNLeRYUTB+Y{*R|`ie1Hjp3E}rK83jaB@=y z{@r5RS-NJ3+A>RD`y-O$Zpmk?!eT|fdv%9l(_=7i#@SbNcI-F%?H$O=LIsOgIV!TX zV)!g^m0VaZQbubTgz`OoRL5+yWa0%_8~1U%(uL58yOU2`c<`38#r%>M?4o63;NeE> zZ89r%?1s(Z%;3n<|2#72!xlT@$a2-EXeTFtZ<#Fn7WTn!3GVe?WcBJ$)um?_&LKw2 zQl8Rql-^@3+SMW_EkGIzUDue%Xo6~|b}#rX1&bVG8qkc|=}|=U6WM7gh1#+{U;_ge zkG+aeObfs#tYcCAPb1O=h8SK1iJT`JY+&k!kbZQ)I&Kdp)VSyTrk?w8v9NLzq-?(( z*YasJ!cw~xf<868qgy|IqgesL2b4~^+*EX~0jY?FKs8H&&F`KyY$}{ zs>9OXHE?h{^VPjWx=OWx%kEt*ypczFx2dx&O6c0= zHwc3d)~?(q&i)94RR1}S-zRV?C!8^rP5UKWp)h%$%vWBSFX025g(Gg3^M%1|Pe`6S z?m@%+-irD=KD}q-N@@ODJebME%mR6b7YVe2smHDLTL+7RR%pJINPw&U0*gBL-{la7 zk%YoYsRA8Wd4?*oH)^zLY4YaVe_EaQi=(=2jdqP=**PSz`s{+`qhjpeYMTG@+3tcm zhdIiq3;E8Qnu}oc0}x@2j@-XuxQk*^BGu3?z!@@bWA0-c6&%P=l4}Omr9bTM*>dCm z1`!(|FQXQk4Ixj^xz$kSCpXG2h{d9q@mg@8S^$fOtkf@+J<>2H-&*m9dC(z^4e@2M!l@nFc9nnU5PD^C5)_(7+1Abc%fobRW2;=DvSlnJ4vV#wA(a z7vn(evKUC~EtTZ5MGHwY*)WHTF%@zog%^$cIzrri?huyzE_u45Z3SuY9F`VAscX)x);wp1RLMwX?cmF{8LCg8-gRliXG-RRU6r^yRyhe-N1&7AwS@XUVcv<)B~x+oOV@Lv7PqECgDj3U4=-8` zhu@Qk!iH{@rGGglfV8xmqJ+zO5yf$P1h|JS;HOoZ#^77v`tpR{)JJK_rrU;1OfScV zOVu)mwNk=4zzE9savNK|Zs1tVMM$J7dgx@PT!>o#u8wAi1>bGXvS+CA&l`Mat4q`6 zvbaT@IrsE)Y?-%3ESd-_1p=MZVjh?}&M7(}iJ5tnqfspOp9fk-Qg-jVsO_WA>$xwo z&W#>zR=ZH?-8XzqvjFp7VeU59#N{(d*zG4ySPitlJE=M;Nwezvg{U?7`Gx1t9DAWQ z$8zteJkxwK7ZQiX=$&q2>PF!XR6Ytt)Mx6B`m9*%c(ldo_C@zfzeiV7DNab%bKl9* z`ef1Ybmq+u{#M@guOfo^MGE=?O2aL62DC~xhnxrg>&GDvy6>->phVLFCaHgxNJ@D{ zO$jF_OM!q7hosOjEnM1iT9hJ3SuJf=quDGVvG>sFHT+!WDQsY~2Kr!ql5D&>#b$+!OSe3YArkf;HPx_1}$d-_)M#YK3ZIHBs_GK2^S25LLA@G(~~1 zfGvEn8)t$D5og2kH%PM4kBZ2*4?AWsU2S^86~jfy4n#8Pw1DUV`LAQ>{~tde^GuXW z81MR>oIWJx%b4u7k_+6u>!3)O(1kv)7P74mGLs6fYu&c-+OMN>cZk~XY7btSekeR3 zb7}T*coM0d)e!_LB}-tHfj3dNpO+McIX^#a>TZ8kgR>I4WBwV}B<0gFv2EjwTGwDx zJ+lRm)3chG=1ty~mDB-Ak+DZk&BW^O{Z_^QeKyp(Gd78zSsMAOW-d}8@OsKOD&=IcTr%2Q zF3XJzs_26cxZ3AYa!4?UN)C(fWKkLv@VBSGf~qtPoh!GzB}aR(e*`2R3i2YRufyP& z4Q6x|&W>{{AC(zYTKCQ!GehsUWTHul2fyKYaXv<1^OM1sE3c+O-xzBqsRcwUg}0(+ znZ2|meC6AkD=Ip#ilpussD19KRts0BE5|q85oG8w?d;s)DOgn;hq?Fq!rX6jo|-K1 z2_Myz{|o=RlH-``bu2YvM#s$3c1AkIJ*Fe)XbyuOA9zE}4|eb1fpscw_rE`lzUEyu(c7=$bNF5rc-h3&a4kr%z{(FF zPV|LGilFKVAgxF=r|5Piq2Jvz-Xg+YXRd$3jmQ4>iL9GJOqrnk`~40%P6t-gTH7+V z$sUB2I-b3LpHdBs4Nu8|+@CvJX(C066!OxYdRhStF)jv` zBsN<4BzZ4L>-Wl;H3%DsQ~#GInH?De*U3M4-jy^uF20A#%c93{ERG)2b0`Vn1BNOHPnaFAFt^ zf8!Y3gCrh2aZDPxQd>s(RB=c+QJn=LDst%!7c$fK2V*Bi<0@`#0`C(n#xwOsz?Gy{ zNkW5eV~d1oZ=D`Q{O>Fp8LRk|MRMvVEf!%B0zrn2!r{vne&Ig8YpUps48O+cCw@ZG z*Sj~hx=Pcvxz(Y|Qa?46*YZ|GfM0M2&sP##HhyHXCmtMlqO&6<`#ifZAY#*Qj)gP0 zI60K4?4IK3ZPH?Z{n`0@FDh`6h`i;BfU(4_xw#-1HcqYzt)`O=`*5eE12O=CgH; z(~eJpp2^3txRWSI31$rt+ww`hsQk7=rRk~ZPZOU%Da_>4N6`JuX!0yGBLCFst8mMOX^DOyY;{8 z)My_nzj~s-tkUa30b%L#sY8;zaiMhPS`1=P2*x*+?H(>jrs$ctWb`4X#R-3(kg#(u zIK2azH?{B6PG4V?67G508A%sKB`>7T;pl38E^``Y^dzJ%aj<<8JIF0dij6GG1r(WE`Z8>c~HG`dw?rM|hCYuSkD`+%E|T(!M6dcTy@KGp{duW*5nfO?DNC z#(o&6?+@|}i@3Kb-pw~Vjb@93Yij;?V4$i1Ng%-3uiWJnCD6K||E3pYbE}Q}e0j6} z_&#rLLuI>jg6FwbSxN!)^Ze*4ym-&U`IKHibNwXzJdO1G|{0 zg9S2KRuWh2`n1tUSGd%=TX2D<60&nD-sls|J(5DD@*W2$2~UeU@_9Eu!rx2t z4`39nkH`}|(BKd*HLbSzOqX!|ljo~?tE1nH>alFqtpvNx7UMTahQ08cNhNJ0GHWV_ z_BrHy?y6nn?p4F#sY)JF%YI%V^LCy@tBAG_Ny4!o!u-RI80o)$*M<_cGOw6Y#=&D_ zxgmW*Z?6u|6k6#O#}t!TaD`;j9X(|!4qpW>6Y31EL`n-d_(WqJzup?n&rh2(WXv#V zxscoXBCkk9#jmF1Hy7R}-L8vE(BCb;#Z&xfH)1ho6IOY!SW)OwSn~PZcjy-!)vF%t z9_|#g?fBV8w8{ZJ+ua*hFm*>lm;F2Kmn`k<*C}O})Rwan%dN{>4{@zzjZS3Jp9H@V zgeDj0UT0XpEZR5qE_xg!EBi6`<3FMaXQKj&2fb;}C3y4|q+ObT7^vsZ;o@I#KL7Nd zsz>y;Nh8>oUAC)SE}O}D1b9}(u~Jl5AzD2B2Pp=Vsla~-W}IHN;fUhTOOM$E-#|h- z$6LtJZyI;gA9*LvE8;yIFT^IxuaoKoH2Z zPhecQ-`-w9L$js57sz~CZsxx8wKC``Gni*Ivn$%){(xLjC+r<>>lMu9IRXuI1s?)u`eUoy2T*s-*;q2HZIX z7xo|JFS{Q-!L;y4k2l)__s8#Eop=19!>-s@0!^0b3f{6mGR?%|jifnog> z*)}IDpRv82(akdq%1n*F(QIu+4-_X3cL|D+g^SFgMqIZN$icjB25%lnkSm0=lp#K= zimay9egK3><-~zjb{|{zPd%TyYC==L;Wn|tb;@3lwcN&&gac1flVJ z`hH)=X|z2AKV%6J>dMr-!MWFn_&l8T;$)>t`Sb%5Q!mES#&8rRtAr5{iAu`}{4&IP z=uHW*69h{-1?nC3F^SHuLBYS(p5WXnOF%Irt@%r=3K5sl0-hW!fB*+aRgo9Rv!ohv4SLDG zJm|=CsQ>c?aDwYC{0(wj$dtGG+`PK&0R)1RfcS}h;IQBq?slu*(psru`@NU}?X3}v zdg%i|3o1Ss4~#|rt*4>X;zBu@9!CUTRR$G2?%-2h-2}|?&7Ik6qsnvxCtST+M2mH7 zX&{#Kvc{E@?8@f;_+Sk4qB#DmSs1cbFmg0&D9LNcgQjt&Gz@$v=Ic2gj^Lk7*_(Lt zF{cXRUCAxiC>Kr&Xoh_*kF%sNWuB{mD~dde5vVsA6cgVT3mO9S2C_96Zw7q1IDYNs zMe7xSvxB8shpYV2hG9>mTr@F4CwVEH{p+DxXQ>4VzwILDW%A)q4}ESqg~}wcxWMp) zqN|TbSXh`cY%Krj98!t)1x^&6#~3c~AX0e7PhO_gS9&U%Jb39MJ_C5AJ+m8}{@}Wl zJi{|E!d^S*cb6_4x4nn24HRe^@vRvgH9oXG?cYRt5i2JDm+gZ8B^3Ur{^u{UE44xE za~l_}c8M~BA*as8@}P7w3VqF#ggcfIYerEvvnbZb2^fwb&_QbH)S~iWJ|E#xMaReYEUI*f3`c0@p_NK)^9jziQtR5;@_5WXtI2S`B@H3Ldi^6ij8aYT=%gaD zBGvy9n1Q|_$lEA=!ZYph@_&Mh;PYMz@t7n}fyIB>;3zQ#RfHs~KZE>2PGXWKjK!eL z@^&Kr_nCQH*C&-v*S}!|4HV%(jyOHsp5Mqa-1wNfmyzw+(|v*^i~Z_T?(YxgVszz?DM- zQh!1x%Em2M<$?lETt@ZRXD_j$qo`13MNQxMDZ1|H26UgFEV(DJ9=9;8h@EQuTvOi z>}w?TQk;9HeU^Y)1etq|cfrt1_-t>rNsU|OGN7zxbViwy7KK8YS(BeyGZd)iD(Y-ut`xvGD=`i8Fs3;TZX8tsD5lL=%MM#w7Y)sDm zRwMh(McSD8Zk&=`lu02=dtVQ({p~XEH^Nh1#Nl^7LK+~!_EV~ML7b*;3t}GCllXL@ zMV^5kPU9F^N_pEwf#EpLUGP~X+>@1Z8%%5(29d=@vFYX<+G|O(LzPi;8|2r!OdOj5 zYs}}cr_&srgu_vjElZl=g6wz~!}I07N4vi2_q~_|N^7g%DVE|ZMQNjdYhVwMxUM?oI8Uly8JwVK8M>XtO2iM=iyGJ95k@vQc;6?67ro zuu11_E$8}N0bjzKRpT*2o&)%~SHWpckxa5ZE7gcCih&{9KhTPvnMt$?fVU3S7 z%EfOX@1gKn#vBeUO*8}b0DchneC&M>8SYK28TYW#@g$!r4{o6`#_kz>*^1#(F$bCg z(=&@0Wv4XSPh8HWXYc~U|Dd|u3~P8 zehS1RN8CQ;!^FoQiU>O=w)#+Q(KnyexV}6~+V!WCKiZsf5$)orrsV8)U??q%>O(>D z?0;|62c1yPNn61)ocINQyt%cE2Cc8ZI&$tTT1p1Rv!MB)vfY&yq(IbamsWZcF|Sc< z%aq!M1L!_SPt`K2Sw1Sk7_OPzQcAH2d8oNVdnW)&;7TmDc@;qx~>P5O^D>6(?BXO8kM@WoFU4w>?mMWQlHaLHQ zTSc6&9ZoRPY zd}Jd_qT_uctzNwt;-OsUlQyNXwsVoQEl^eJK|dt8EXVMQEsSO7<}oic)K!bqKi?vf zAU()vFcG_(Ni)@-3ia>9*1whk-uZKQ`)}S?yLuu&NbaJdG_EKbJ=j1U8XMfH7N=Ht zP5%XhH2L`Bew#C1UG{Zs$$B0)k(3=fmdez4I7Y?ej_j-iv}F2<)#1a9#`gH^12)U> z<@Brm*Vo^eyz9^WPVO0gQZ_BI#MC=ysW^N{u^pvz_n5=Q%Ynvv_G#(p{_Ei5JcU<5 zDe+c?RZt51(7Qo}(;o7235((O1kkwL9I>Rduu_}@S!wWPeP_J=#+a^XFhp|NnsI`Z zf?eoBHlTx7JVbFhZ~K^+>tCqCJT+Tj7@;+x{!W2bZfHWwz<>@%B+20%L5_GaU(zjO zQ|$;V#ZE@GWQRN;y?5k^_RbfRRiM*7&bd>t`Q6V(#T%!A!=7!8P7bPVkVBm6PeDNe z-1Z<*efC|>0_G5CC#{fWFw%VIRZe<7c`JQMe2YJCi%~Y+df;ymS;cW%_h1qQ_b|ZO zAgp@*XZ7NLvhSJoW`v>3-MIwPJ3nyA?1-X`2XlI$14o9>)TjnSmyk!@9=~yuR1Q{f_TX1)GcX$16 zlkc2;_dc@kU;iy?m}w@JYMQs_U28pdIBNe*57v`Y(d~=M;2A-~qA8<+$5;ftbQT~F zoq^Lz-7hUJg`z@45$4C-zKO(Buh+5IW}%9vkDA?BuBWG;VvN8fkbe(QIAb??zCFcN zv#{JhCw%O5M_sQE1a<&X!>ArR9u?n1w!L(Zkqyh#cf1(Yx0d?n8>Vu44ALW{CdaN< zM*6pBT|_X|bC*Ql=Oy?WH(KH>$iDj4f7F2^#n-K=#U5TXcx^t#YX(Lto;ONcXG0yl zKBhiqfzX|&P=`v{WT}(nlkty$l(o+&Oh*A2D9pcN8GQQOO0vTN5H7%Uz^Bjum1Zh_ z-pJ1|>di*M6=B@CANFf_;&b>?rJ5>LLG{D|kA6EiK%i8{goMkaU@wVJ)u4>PeV>te zqEf5&tI_nsVR&CTPamu?>`FysqiX!yJJZvCY%VwVKNc3au@ zA~~Og>=k!k*K4{2YZ9Q2V+_0QBb!EoK1Ns9!tC-fy^0%#w zixdSGrI{_&A=~4M@o$vvI4()%*gc@=h8tFc2`fR%y(W>Uxmz#fUR z(*A??aI`|Pc6j3w7My2b0RKpc_aO4wsQf^`3+|ch6EG&}xnPb+KFzPcVS2{EkWFTk zlaUn$1`IDR0d*5#2mVS32XgO~VC%wOED3_D3ZGu($3xj_rjKbo6MqzWZg~cTykuNW&EUGI62#!Jj@+(wUOMX%R6#fCR=PwWe zfDDb2jVtTzC;Kf>iQo)w+I9;(nWyTh2LEYTMmsCfI-^}lZ*p_(`!(8yEcXbpryPal zkt&7WylUEO|3Vz<$C>&7HK}Z?zbZ+&0=qfluwc`kVzx60(++HeVeAt6lkJ;zO={cU zEE=16*GB04aI8M6WQJ`;HGKG_=lx2Zg$HBm_?oEF6}868G{uU3zt#P+Of>|%WL>3X zLo{3Kdk6;d6AX#cSx0H{%_o~73UejPd(&s{tnHw-`^djQ@z>rr3*Ki;6RT;W-UH^+ z4@a%H$(KO|^VKRYSkyn@8+e;8a#n}F{CRH=c+d3IDU)}ry6ow44wwhLm1W;nXC4(<@;xuqcb_%-u6EEGc_U`mF~BB7!cIPj|H{v0 zBqRfNZN>mMA^>fELN40Ws0n@GJ=Vu(3qJ{%_myoRf+t}ZkGX4JSM)|qJ61Z9S* z@fOhHq1fM{7W+hRTj*A9_4_BPFL<)Ddax4EGUb_D7=*`d>s`CCPwD+Y?NfRrvgea( z1gJgorHk}$CH6L5H9OH3G$ddKr4i5Q#Ym#WE9lsW{dqL*|_Wnv9L}7K6XU za9ND*vq%;H=HWx+4HMkiB1KX3A)(P`F`MUpjv>aHt`x%K%(bhsD5Rb6ll_htM3P@n z>Q>d9Qr;2V!GTtN9C{DbjsKr&ng8Q5`K6q0Sx)blhV}T|P&>9vZ<}k%P$f@_040I{ zwOcNTBp#-hecwLaeA7E{9_==v$Bj0QvU^n02G_vJ5DD$|IjwS}IOJ8Rod`(@Kva*`a6j-1jD!#)a8_%_|A)v{Pdp_#2~`rQvxSwO z%EodM5Ehyv`zKc7mYL6G^(yE9+6zr(pz2c)wN7zN2)M0}!yc1Hn`+!1v*ig%tl zSlr7P;=Ca?;_-*}W}u=xYr+X|x!_OL1U&m}x1-fZXsSEq7sO9T(BZ;GXCWj|k^K06 zV7L2A@U2<~T(_;IZK1j&?+2PrVD9_+11|%weeH4!Pgx$X5if9S`Ma+@BuL)7yH0o5 z1=6#B^pRl@X#E(>djQ&a-SDg8CRJ8d`7g6iNDZ#TOb{iD$kR1GQGSVBX@+1E77DxyO!P;nGT8~H z@w$|X&uR-@mN=qVW-*O8kAVarxW~zRosaohp$Ui)`$8);(!c3%UtceDr?jA<_kjwg~7u~J}0S$##-N1mV zMQN^|4OG?+zW<5Bj11(h`+$+45Jq;?cX`8Lvf!LJK@vn1)5~l>sn3eP+~1te(${}P zw(n_e70=P!x~kBeZ(?{AxNCbOt*>E}Wpb@7{Wf(Ya<+TzKvkTD_1j%7PtfhhGyMnY z-qV{9THbZt-)dUDD`#hWco}zlyDMFzk1OtY8)d%_BpHUS(Og`q51DRBh|H@9jkH7( zL1W_?j}KZE^qzjvu(y0>Ge6&nIg zDQctd(+|GZ$E*JI!?S_;-hBe7(&D|n;Y<)PUb~@hObxNIaWW2<2rC$@F#+2u|4Z`9 zt1%bO&Wl^G6Ql<9H{cW9W8Qgf!N+^TPIuabg1P+~za8l`<8RT8J|xgi#OJ(3vf5lq zBLUS95#W6ZTVw;@@96D~CUKsO{{Ay?aD*Gg*Sh6a35_(ZB!fMM`wjL%U3ckMA@r(* z_-8Qjjm8-9=N~jMsjs`*9opMBN*Pxc9ro0*%k&uJltqT6(7vS_=KMhq$tb@Au;Ghs z|DPurdH`Ak-24G*HV|}ZHvOz(gMT6|IO)Y)Vr@&%HfT9w;}){BrvO9<*oY7VDDSS3 zFPT6E1e!i`|+Wr@h%FysZIOcr3;_o={l^Pb60UMdw4re|)LF}bl{7$P-*&H{pkyVP(v83g zgCQ&TFRVOZu>f;O{e88}`7yPaMm7fI#A_g%^o?E3W^!rHCORT?urChVD)?+qMXGBl zEnGER?B?fmx^Iq#xpFq1Z4L9bnCKeZ6_0=GwuxA+!50#_rYSb6+R?)Nxsd|R9&=No zB+ebPV<wLow;!L6H~N0k=aMB3sgru*|0KZ; zE<7}2VHVv=4P^c@dCiQ6JBA-)U@6Ni+MTVh6fRc5QZS!Bg@;>ZCmF@eGkm@MdyAI3 z^kZ!r&tX)#953ouv*4n!E=9895!q9~jVzHi*S||@hUNU%Cr5mXC*cjYsxl zQmhzrYKEN_oohRVEug8=2!w*o!=#uO-@Pk#QYbsJSw3uZ06bpq2)#F2Vay5NOm0+8 zXA6APJY5u!5Te-N6a#Id`@uuoxS>chYFnAQwFWhLuhktM&v&ntS$;`S)BlRA;`+*0 z3)|8Q%7?w<(2~h=z8Op!sxmt+N2vc&~43wJE-qS`UA(}}KJ_s}XEhNMk zZ>+$TlIp#RnCobFuEo9dqHGKibvRIrqESh8J&%-$r0)l5p!W>JF2f6VX1adVK+^Z&W^dC!P&yQ|9Cjh_^FDQ0^86^(9^u3CPnOwxyp7$ouEK9aWD$qH^gWh>dstq9x}L+c(w6O}qD7att9 z0pn2U_YwLywOzH&4M>L!tXamMF$I*BlGR7jL&Ji%Jeq7+I-Bi>z5KVzFwGfmgF2Jr z%WSvdn$ou6&vAgo(w`C`0|~%K2CXVPYA>yA5ZSJ zd4yPZUFg!RVs9pJc|qMJm#tB-E)CE_p_alC03<|pX7$b(*ZE=}{9+w)jVJSQ&YPr! zzd3y&8ZQYkY7|gZoinftVlh^N;$L)D37ft7%mYeOx{LFQC+QZUqB(tR{qKqT>yuYI zIfr{PzB{M+0erKs|Gp#oG?pXwA=hm9P@t%wkM#Pr4>K2IwshHkp|MrJKi+0ktM4mN zsxwzO_XD!|E&-fG#W?l!jI^)rH?&#kXt8}Uu9&M!!nna(bP-(I9~kyRxLSP|!~J$* zeQo5kC~O<-SA7S%F_@QkUZ^rbObJZ@x$N@=j|g+u04k4YtD_f>_oiv4X4544dUB<$ ztOTw3D3?jsB81m%IHOrJ>43-SKyG+nGz&ORFB^87cG%8Jk0Ui6S+30A$TN|0n|5qJ zkQot=n!RO|4>@kXT!<&MS;RoS8I70>_eN-|``*D7#kwp^=?$eKyEtHOkAFSRWS7-n zksdd>ACq@l+ZvJAsqb>>xEisg<>_WdyL-O0PX;K4{<*mWyd707e$x- z>>gLwR8&YEW!tJB9skeiosh$T=F>D)r$vK91b#VC-zEF7H`l}3OdMOCSXa8n>Kgew zz}N|6>Mv0FGnq*=5{v>#mZgG0pdLjWRjJ2W9bT(xybMAOfPw7F0$ zj-r}q5&!~7yZ~0ozcrxvvw-qy{L~@eOOCRmO}A{KdT`^7^=v>;(PA5zg=^kOW-Vls zdX?kUJBd~0U8Do(RW{aaNF)@T%7x^kMB?|gYbPC^Z`ZEA)h3|vJ9`uE8B8AQt31Yn zB4SAI%rH_@FJfXsUyTWZDa$I@57tS9oQ;W2J60`Ql7+K26l$9resi&iZe@Qv?HSx9 z@Vyg1PbJhQA=Exw`Tb)pf?(L<2yH>URo2$5{1bdWNHiz(H6FRiDy&x0>t@~_B7)+> zCVtqowcDYtP%K%`N*Mv7!7y!xTuK*qs8@aMeLbhmPDD6OjNs5`B59Ts4Az9{vmXO* zat0E#-op29)?DJh>L6(G3Gb83{*$(=NZ<8PY?k%BHDxXP7n{s%#8}K8iknzLxfwL7+13XlOL8#Up~97hnZ! z7EhEi1hSY<2lU^^LNIj%q5QyRRKI{2iR>12M8?5;8d8sj}I^C6W!t5k#u9_KCX-ldO zuCIjbBznc6$o$ZD@Z1Nrlf`rVTmctG@8bXl#LCc)(nn1C)0-AkZ{vBvPrpH`57`6 zsr0?vsF9?>5HX82b?P@V5JFednQzKt8L%y%g&eJtKZjbA1a6c51rnJwwt-Ok-Wck) z*>KQ5EInJP|76xzwNqHBKa}ef#KaVCc_O-cV%*`N+SUHS3$xC0qc-BNYs;ojJ#Xe) zRSN473Cj;hZp=Q6g^l3lRTrpk9;{Oryq-?>iPY|sk}w=JiYqkX)QDVaVIyN;3!%fu z0R{k~s{FI-(VDu&Eyp?0I^50U_)yh>?7(_pxU({~Q}58?D-+%7ri9)}MNIV}N(iGd z(Wfgef;s}1VMZ-RAqUw`sUH(oJ!DjH(rC>`MD}|cvLWXgZ(N?$nL|cY!CZLd*V$dU zd}5?E_H}j~IzF72Ws(zRM~+m6b>->oYrLI7Y;16FqpRUy=0n*sgn=cu4Ce2@Cp#J? zO&2SHH0>I8;W4S~ABdJ1`{LAplOqAgWPm|HMk#9OqU~V8|Lia*8v>fCo<#df-Adwi z&Ft*QiDI78rBc%nkBqV9-QcEB7ru2+!cBUY{hKu(xTGDVB50q~7HS&9JwQ&aHH)>cb=QNUkI+iXO$jx7% za~kQtj||mUjc&C!1gE@=V_Z`I0(G|Y9wa^+RZuB+uKZ^MlYDAee?xaG16X^>X?A6o zsO()Vqv>f7vr#W1>>e`J(a^P7ClI+ddU8|7s((<#_-c-XYaYtg+7Pi)_(+vgS>-pz z(w2Bd9&LKwANAgqKvqOfiV7?<6n-he*th(d>U$>0MGLm(=n`f zA>tHoe+YfVfa&@v`Jn^7cLyPdtY}5M$E)WHIFPJzgR`M&dM-KWSJ*}f8wf#`4?_uq1>jj zdxm4o)&U%{>!bB4FvVifnQR0c>h0B3ZWQ|7%8UKnPF70`w#P`;#}%0TZ5B-*+aC6% zJGDDUUmt_BkMFM2yjrFmh z41KKbmj;yO9G-KiAr4K`e)z{ zY>79-!)2U(f-t)lJ8i+)nmyW;0_0=B~N88p(Bd3TNYrE#lE^hg6N8Hv4w?Y zwt>_+xz<&0(()kMbtz8X?N% zz$DRsF)7OaFB8K5lViyIyA;~WlD&J)rYI5SqfV#Z^JrAnSqd5-DF)Xz^7(?9qUWIo zp{XGJIe%VzKr6Lta8eA!b;HY#I^6zliGC`oE*VKH(L0%(m($j-{qwBac9&I}$3``~`N@{?-PY-RMI6!0;bEPkGQmtq`4 zKDYq1iIIN)uG*~iKsT`V5HpQjAm(w$B-XbkDSJ>C*-%m3B|^$kIkeh=K8cq3=JY!> z;t7662_d1X1mnqTBL#~ULC)mT!~kMDaH4W1p@gP(pF0wl#;79s)zvI0?L>6^VWK`d zSCTqT+&EjzEVn|T#z8(`kA0=YczDUoHMfY7TY__suY^;{;b^)<>dBnPsn9q}{G;<$ zm$fP4xSFJeYtM;%xE;^wBj9K4GmRl=zg=5J2lLdjg_!p{(%rxP*|AS^Pk*IN&cYFs zc@xRpks7HF5D00z1=fW_u$MnoJSe3a@;~%4Y@|aT1@E5;uR4|UCH`(PIO25okzBiu z8r7DDpp5CuHKIbpdk8m@*Smy=MAy0mhD3pDRw^HRvodF_p=(>bi^ddyqjZmn(5T>t zCLpbm+U47OCoT18d<2uFwwr-UW=`Cn{O!ZtWV9_wV^FuJc>JRcTbErc_$uNMjAzo2 zqT!j2O&c?uVD$8>e1ROB^f90T@!meS zWxl-+2RqbL#K7BCsHccq&AatCn`6YLM;<_r!rA(>6#qv==s)Q7PTI)NgyvdoO+-3B z`X=;aMQlCEScJNzVELVTP9qfiWb73m8Q0jW(a2lCFuwqCNh{#Q*Akhq&Kkr;vdTt| zI^X4p8~a1NO7VNsw`iM8U76H!3;md>I&L;M*_37xgK!Ta)poVyMq{BY6CUha)3t&6 zl1`_0vPFH)&YbUD5yCRd_r*k z8xW^HcCH#*_vho_l$!T=F;8<@7m2u*h+(6W^;)jM=zX_M%Z#=Y?IQ(PZ6K(mqO#x} zjo8cJG{nzTI|V1i0IT1~8%urV*5+1A2JJy=g-KmzT@>eB%p$6eGit%FZWw!JkhyWy z8g*dpGv?m?QWNSTH-w&^otUE{RyS(&NZ)@L85t}-09Kxp6rDkpm~ZbXT<{trL?hL95G{~HT#UOm*}Dk zDMil$zmTSaRw#6&ICqFq&$>Dp7NkkBP@CkxbP=-30d@QfL5dslRg+fif+h)DyyFiEGaBl#M_ zrM7HAJqn{mqLUdf9}4Bi&&K;1XezM1u;y6%A;UqzxDH=J$cc>Q^=Gm| zLpKh~aZ8`Vp*lIpveuTgJU^@WsITy0^kGLCEYu5vlf($Hoj0A6svk#<@bt;!pPh# z7!mUL)Q=wJ9~z2|X~Je!EsULtU+^$C%{?p*%#M)hURFQ}H=IW6XldxY#{#SVU|66W zAF_?e6*gBYYVu%qa?FngGMUgB>bS9^XY8||8Kq20o6OaZ0Y0_FHGDX|I`pB)x4WK| zlgdMwb1u$3_wk7(1gDn5h#r2bbo=%ht$w0AStAyD%^cXzab6c4U54QGtQ+qbAg-tB zT8-+nz!_{xsZgVIol+!X70r2XGh^H(4ipIq_kl9zp0K$1UOMRp1&=Bf{h!{3;Y%0U zi!085W-@mEoqz=0^`Z|$^pBb@UC?gQq4syXzbSH%!Qy~73^yFKfPYq)JK9LqvW-<{UO`dENhky)-9l=sP9ty8MA zc@RvgfbzbBiG}=TV@akM7DFfdV>eGq4q>?zcZ7eCqq0Nb5e^>T&}1|77;oHl z$Kk>I8tE^i#0?h8|@2Bsz~Vv|BMH| z&?QMeeN|%mZ9Dhxm|a%K!>3P{lU%Fm)4i1hlr5QF|cgilm@k{{VdEgkCMz8*7LqI!8Qb(Ea;ATdr3;{>Cm@} z3P{V_py~mm!m1x)69AWrbfE#TBcAgfaXUL0cPKI~-#~d>2UXS^nUiFyNBKuJf;XZ-@vM4Ea9jI%54C4AWkaD6LS{VqOC9UL z@@{>3Nx`@2yk}*+UYh%zNp=V#9HN%!EX>>)`cf!qrkh3)C-? z0qi}}!{v`+1!;nEPVx_l&!RoGWgE|!W4AxAn3fng-)a_(lPw|_rGWv?dnsY58WrxO z2Lv#Cl>Zo|7nU~CpTi7GW>rtzDSN6O&t(U9_pBHr{SU9k%>UmVM_ECuVKY5V6J~)K zk|n7#Rze!u3LRJP|n*$ z39c5kV-svW-vcnI)dS7=3yq44_w%`Bx|9C9(&uG>7^)6+$VPa)%cjCPC9<_>F zYF{Eg?IH5E#&eOukXmF%h=`p0{>d|rYuxXLsfcdBwvg)KuRJZ z#wJYhio=Gwgn$TC{;~Xax|=HQEN<2~a14*r%NgJC=yroQvG_nD9mF3Z_re_-a~xw=~cUvAOTj^}eZ z{UXhJw32+a?=u=4Q6f>E<82Y{QpCdL-Up%sxDldPw7{44jJF$ zYmC;}imOS@UE`H0^ZepN!}(U~U~ooOi0#ZhxPTCX;XxQ}V^wYAte)Eq0c#|eM#XV# zHVM@^JqCtKCXwy1U@Zoj!bdmcxFD^&2iaXzA+ne6%aJ~~M*I0-!&Yf9)?9y(Pew%gvw@9mohO_M|)qirU{63lVM96ftdPGQnY#%D+M z%PKo^D%M1OHMp~SgLCK!m}=y{h)SS#Pv(Af6FP>C1YF?_IGWp$PGlJ_kcM>4E5hYi zvRM$NY+Ge|)Dcxh_->U?!v$A0LQ68N@in`6`>mGWExCc(3VK(6vA63s_IhwbmP~NB z;vxAp3n^k>3gdO~2o!4~ouVT7NQk4fbxoBUc)PrVXm)x?of7u8H27k`49f~Swo!|8 zN;vpoxuwWdquEn#QZY*wu2V4`Q`ZpV`ZGgJ$a)&CHP|IWZrsW_iF(JSmdg+^1l<21 z&DVj*aVnzLUkaP-WSsRbHwL&B<*@%IS-cP}{`IlDl=I?iD5~QLUs@|V8GXl6^KSLE zDj!?7Tg0I9dpUllNKry81KUMh)7d1E#1kQo0#mn8^zO+&FK)Q}spv?#$`IuT-}|9{$eeE^$ySehkl4%J zyW{+j>eEC`!7`?G?spHQ^&^pXx4Fs7xLQ{=EZ>bff!_Vu13xe{fRy)#ZW<8fKN4)5 zAUz6?mom-ST07dJ`gwA!^OaE;a6VQbYudI(1!DKTjnXEXjK3JLw8gj{Z({6h|L53{ zqBvLiiL5={@|dijXNT@0on?Nk4faC?F5Ct!l}5(qM0e&^S@!4A_Qbu!;N}~VK|Ax# zgJmzgNBakYycaLRom7!?+B}@)2RqP(GDOE}z)xk>BX=`{@2s|i7wPsu601SAs-iim zX>-ydO4F!s01JUHhMkwiKGiya!tc5p`6G)d1t>) zS9OLkq0N&&uEgqea~-9r+F!BI&q`7zz?*e_B){I`I_9_}BAm`zULS?3?fR|!d~pNL zZU>GeLhW(|(LMO_pVD z64ssBaxm(0Fy~$M^Z;c2Rh4`}CM*D#_y9qw(SPeAV8sy61?=%qxH)krYFonPtDl8$ zxRit`y2wi3q`d)!67m-xxeA!Dn&lv107A>xm@v(Yk*nzS+(@`jn@E|$7qj21dmyZx+Q-h>| z{;k9tvL;s28lGXMg~iF1X@i7MR$NujXAeD(RDhEMX|%MQX_W%2y+QP>BgXtEMBp36 zt4Vp2OgLG|Y##z4mJkr|qwsZy+V4#zJ{-t9vog?Aa>w^?E%%3#_= z7v9j5mv26ELpc0ddAbIGu$N!pUjMKnX|5aK?{lEYL6K{;^!q1U%t(!(Sb z{k6)m2&l^?&0VwYN4(b^xo?Eu4t521!-G~4Z+4|O)K_O9K|wUk+nz@1U_$|_mR9e_ z*EXhe1yJ(-N;TXc87wEQ3ToxH<3e^wmqgWamc$x*rM4hj7B+!x+UWVqPETGvR3YWCsF5Nq88hjrt!AS@z)o@@hyl`SCE7cw^ zR(n3u!+~daA_%ZHpMmI_)hN{|8}<VO#;wvjz>cy10?=349ow1r z%zD4BmFM^iBo%mS7}&?#l9QhHWS-Pml|0T@Ny|7I&R;rQUagE(nOCgM(7lkS`^YnQ zb?|Jj+J``MC_8o}rfbs!GN8D+DRKLvD1;D#DZ&ScvR?8(LCTJ6kT2s7!Jn-HXB?N8 zv)sWw_tS6zOzqy@+v1GSyo~PY9gp{lC%9(m7TMi!uuSZch5O4HLHQ*b4$3TkTN;OL zQ=he-@704DFNk7|kHdc#jS2C`I8RcMsMRh0hJo6;3%Cl}LR+%kXsjMvHY)sA0-h+XCTM zhoLqREq^Am#9G;JUd+cYK}TwUXXzeK0O)q&QdUW26e>Xd=nc=-D) z+QE0y0>TriD0Sr4bI7-tQtMJkOr@MeiONbBYMPRk&WMp30^96*apDbhY?N*1@FdW< zAua2-E2k^cXV3AZ(zG*LH3Br&@M}TZlwa*+q5;de@M64myzjtAVf@>~bewg)Xps+b z20Au?^)vsGl&lGEIRQXye5oBk|MY+wZGpOVe?|ib<9gk(2E_W`KTHL5G^T%n-g!odR-JZ1yzU>cST!61)Hk)1Z`14}`3beaNXooM+Hbq^ZBWELz=4CK%(%5r@yD@x|zT)v0h|Bo0R9`&k2sacp{3zxU zKVwVXi>B`V`&#YwyM;UO!JTqJTwH{>gh@_vHsITnRPf?N@<#(oHS)+$IaIvF;0Lm7 zx-S664V1^spTb%)Y$@x6Rc0YX8n*ZAP0RJRa${dMyCj5AfYS|K|NC_R4ZD1|iQILo zs%Cf==^}HZ%-dVKcZO45O=441h*kw!M{2q5M15`lfilEEifgQVxA1ebC|Pmh4q~Ps zJeMEmWVW^2y~8k^=)^@K;#9_t`#4VX-eQJi5f|*+8=q;C=W{CP#%;&s^yQa+E6<-X;NN9&@M%ky^dcd zOqKtfYK>aB=JsShVz-kPkqf~L=n%Jd&b~__L~dAMnl6^Yx7OAJK6#}3E13@jjSKsI z2tu8+u6dt4LQ0G|)is3}b|~8GxJ7I=Swl(!hQ29B`Yq5&flt%_0`)h5QqKc}42GB&|IFbvk70xHTO_dKf`l z#ZGSc3&5eGqOOI5xXU`V1E>%aA~hx5^=L}-=wZ)GYmf%zLm67Ik$Jy`!!w^f=NR*( z6==+9iEJ&Yi;wmv!I>An4-|ombW^T)9@HXL=XQJOxB-(5@p~NTsD=dVL;rdk`ns>r zig(I)1d|Bx3-75sWB%C;ja}3FU5M#N-SZP0UghsC7N1u;`uH|thmePP@q7ihx{T{k zF7uMrI%_{Ph~=j?w?FvHwVOM&>2Gujtr%uUzYUdsN^W{ zpBHqofigiLC?6Oa7?qXNw9~+~5(6DH`M8mr*89Ie<4NlfbeNraRM8Nt{9iy7o1r~i zjv4Z|ZOYMD&h({RJ)u4=Jn!#~d*e%p)_FO2$(haV)5Vw5!81{o27J`71=MApR<$UR z{Ir>I-EeGs8e5KzK@fFUc~{5{Df>MxbU)Ayy+!~SjT_w~0FNI1XONTq&;9daol5$1 z<92vOVUa=c!d34#q%b>u6p(yYDRI$|*eTJv%Dt6&iFPd9=?u$t8d@TT1L@%LLo28! z96_GHKuJD#$j2bk6CeV8t$c; zDCqC(=jzEsj;+qf*{3StlVa&lL~d@$uA*`TVtAAm_nUajvO?9&B;y_+BzEwZ)@MIm ze(;_9HcX5rM$q71)GoR!Gf-uZGT&66AC*3vd-*=(--hHqBzK#c#~X8tQ~jD@!e~Tt z)lqgw>VgxwfqUGpe+Q!ic@57-e4Uj|4iKe?^Rh!wBeT;)KMB#}B$xiME_nT-!9wPB zfwhAx0IuYIDa&>Dc2^W2a!kO{;)grK+`S^`YGS3wJ|R-uZvI_uL2+i;c`uOoWMXI%Uy!UcM8> z;d1We^)|dt!EGTd>O>^!XQV+Ud9Xb+CY#8AydV>% zaC+HHtxYvhP=An#V|+wkzowl$|SM!#JCGKByZu?)8{gtBuM+UJ77o? zb)pR5637aXF2q;G`wyRmCp|u%iF~ z+u1OC+YTX;bcjfxLNvKS6uhA!8>NTsIhw46Kg2vk}jAt0C7E z>+e*iARp1- z_Lp}TtM@Yydb(?_c3YhB4$xRv|HrYa@-u!j&V;}B5z3Wz(w2g(kjL5$Ft_`YIQHtF zpG6M~^3wbY_Ql$YSQ}zxtVEw(MX(RS&3YOd12&z#n|}7ST;R-HiD==p;}ZXx8Mso_ zggd~xiA)Sv6=zd#(3Nz8BD1gN1WouW zH{|q3^VFnlhJ@@&A<^!CW2W7ww)iQT%&MSXXfNJnA8i!lDAEu%c}Q!!RhT>RR_aR z!^#pCJ8C$pw5|dYM|NGDPQX^=nvB8B2qRuie?#7eTCO=7M3Tf(W{G!1dbmiHf3qu| zv>%9giDzfOpP=#Akg_&fOVvexfINF=G^-b<)K}>Pz{n>IOy<0%1ZVno_*c(45WaQJXo zf)PL3Ek?PzMCgihJFNo6qrC92S|By8M^0lz(l3NEzR-TNy&MmX7YZ(t+wAM$lGLWg zR~G#49RGuZXV0QE3>ne?I-~h7$FFEgnr58;C(jx>s!R8_`>%x9r$1w|)v-gJSo&VM ztfK~FgOeq5*r@09`?ey;OFRfpo!ZQJ(I44SQ~J(Jrw^Q#=Fa&OtYv467#G-g@;oOj zz2Nbue+5kShty9MFJJz&c59ay3$NO6<2KnO`cy)_id>!IYzN|+`g9V=G0lCQ4dP`s z#nqQ3DAEFfna`b%P_s%}gY{>0Ts0lR(K^aoVPlHQNYCTpK^bx3?%>R;Fd5Javx{;M z-kE)tdN;DIQ^{YTaNgVLi=2m_54hrl2gW~u&1NTc?VpzFDYb)rT`s?g`FI z{)5DGqCG`?>v}qbyMF#IMe3J?gmN4_7J9C_KHjU5k9K@qh^edS+8D~Ce}Sq+zUQ1* zwIWf|8ZI{c=$Gz?B@I(>%V?4Q38#_jai+;Ow`}&-z+T7nyd&u){itqu^rZnP&1rY~ z3v_m2Gq8tSbm)X8Ci|Z@RgsZAKCs6K=C#p#$EQg^W~_iccLWZHFnZhUHZx? zS{f6^FW+>52x#H=|9qwYm)Ec@5$--TiviDTSL}Q0c(YEW0u7Q>^5L7gtVGm1K1(T& z;JfQGb-2)qYx_G)1lg2ITGyb_acgTqWv`JVahfN{*mdu&sz(SfJ0Puho4TsKE{tB8 z&sH1`Q8jmu&Gw%!>4K|P4_}!t5rV6>S15I7v#9O$!{#n}M0rq%;y;ob`moRwGeGE9 zXDr({MBp>R)qy^OJ8bwFB2vs_FoSLOEL)TVQuS zH%ss4@QB@-#rtDho2dv8`K<3@ExH&vw$1F;ri5d{xV{0?TIy!}sj14h!4k2ZO_Ck& z8~`2Js^i9vD08)1Xk-(n=AzK2Xcq}P^w2fH+HMuT?+|~w;~1BxE+3G=_*+Ww51vo^ zYuWELX=@rPlut*zB%@e|j-wB~vJ5acQY_gFO-~ynizJEmTe{-}mBCEZgwuOkD2l+4 zgYSBnaUY=c)1DT%7>D`~QvU5NP8uZ)*Y4@RIT_?Zy)9vsPXSAU!C2Cf}g{Qc_3e`M1 z&U9ia{SU=03W9yO^r+l|-0a%qRL(Hf$hWI>C3=0e1_tQq;-Tk<<7kb+zbAW8&fQ)g z=lDpf`pZnIkPpfu30vEmv4U7OB`A&I@Q$+Ysw&&Q6&!YAcoEB?WZA;>amBjcfhlk$ z!Mw6kac#TbBD-+3QOvi(?k0cN4h-j;UAY*&Y%MA#NLrE^sziAOhdn!YwT_StYy>BfS|`pK>zhwIAr?6b8Tbuva;9APmAjrt?TMNO4)&vLbkmT$A>#w<2mAhg(rbBGl;S%HY^rZB&NOt6M9?xMnzetfqSBjRlCl#$et@L1F zDP*O0G_5WK#OHiVL@$*fKjX%tXgg2rS#r?m^iGn9Yq<;tql9q3h)De54J$>vMDwj; zv$zt%9hC`zO;RbNB2JLOeoFOI!Ap@SpXg2O;PSsw+TTaNdvQxXMKIsybs2+Ez`mOy z$K|vcr`v}{AN~c)BBYeb$MiN~PLSlc>C|-K&T>mUubqoUC3E10$@(exv849I(!Dnm z?V+S#c^xnAdQ=#bYr$SmO_=PZb`ENC)sf1%5h8tYqJ!f>eajlDeP!I>zD1eAX>Hl3 zs}RZB0J;VOa+m@ls>si^^Sw)&`bGb;<^fN{ogLRYys#uUsg+2gg%$S@_k=jdjkR9~ z$b_e6=^LOost`^wTS|X~ z8lnSTm!UB=xhau7Q!mIqG&1q_B`2CR%1OU?iFKLKuap0wwWp;s;Fhaqp@J9#FA3yB zP1`j%PN0v>GJ5vO4|3~giJ0;|cQvk5f&f*KJqo}uiUMk>j}T=Vj<0KJ4vpA27{Y7- zhmFv{m|Gyvw|lE}T81-YDpgU{xa2`+>x--(Dq1v?uumf^8J!qtEicASFhD=kAM2oD z5lySBR%4uSs=;ZP09MK0-;e)z&+YdVpLD4SZ?bIDGE$Rs=p0)$iME(HV1JqE*N%w$ zC@z&+)puF#`o;KMVfyaC6CsRMGdjq_vC!<)+MKt({<*XSEK@=mV28GI89QJjE3TyF zML%Dp$bq$W=JBfWDUV4bZ0xH-7$DrJCHvb~1G=AzCk(>U00`6)tq^(b2jGdDgrWBMzZb+@DdDB&fG^to93W)T2Avqq{I+mCVpsz)gN zpd1@eNDJ_1aAy(9B=!>m^uOv00}u0~TqSU4a(8Bx4dz1@iu=t52kH%&&}Q{DG6u*w zGXDHKQk$O3E6v}5EoF~wtZ%r}b~Qb>&jcq)BGu;h-AlA5e&4|WrO9iwEF?*kI1%k- z?tm{EjKUP+V~KQ50L6S1;G_8da~R!PqAqowThgU%rh0Wu-hyv|CwjrA7UlY?>oxNe zyLhI+wYT$&*?EMcH|s=}MXw&o+E0GDdvBD#AYRR87S8pi>Y7d&x<0UN+PEsLMz`BU zNMoo0MMCDS^{OgI{ElXsEpT7*M~|2K**7ELR8?S~jFGbEN>E0enP{!tdYyl@rKhjm zbN~SKp6_&lEtT}oYx{pVpuj!Jv8Hbyr_Zf)46qkt#wosMlvW~e6W(CmX=T>12$(&1 zwP$VKhqs-gto;sEFQ3-^jss`F-eA#q!l{8=?dLPhKYShp(Du? z`k^-UQl^TEaXxX*!{;WK!6Dw8NgA3=*Mcb9JkiQ35yZr;*P$Ob3ZgD>-2Za-hX60? zK-@T84EDmG)l23DTC3l3nIe|XEMR1dq#cjpN$}Vh;BJ7ahcCid)=& z?HbvL2`kl#f>R3QCN$WNUFaxyc&*|LyqI~^HI}@E{RV9)`W?zo2XugJwoMTuF~Adb zg1@U+`b3C34C0>Fl1qLgI~Kf%dD#9ox3GPRHtF#8rIphvQ1;hD*Wgeo2=8{EV`5s= zR-r=CF(#smqg>UY96wIp?!0QU(-39 zI-4lfN|>Mv=YahLi^s0UfxmOp<6AO`J%8D8t|sq8B~V zzz5u${zy$IN*}CkO608lu$0jxrY{qkv3A^xMotVnwXDOGJMl8PVOP$ryu)$=L!-ig5OjHwF5c;+PA|uPo$6E-_kr`~HDZE; z*VQ$@uH|c~a^qbUZ9_{_!|I*sZm<)Vs})#KQ+a)9Df;Cvh}FL!*7pFLhQ<(!+r#|? zjQf(#w%d@?*HX}V-Sa2%m9=jJmyu(Uq$}K$tH)VpS4Hz22TT5sy&W#!v{VMBxO2Dc`VSH`^7#3k6*9pX%3D zE$p_7W+Qyyim@h?VpE8KkUQET(hYy9PquNfn_IPCWtq%W3LIJ-_@%;vM)r6|)y~Lh zMr~tb0o|GsxHRKdT*`SKmKKPKMj4gWEk9ty9AtysP2$Vw&3RK9ln4Uh5uDSKE;I&J zi56yKO^~PUQr_`LKi-zKsq62ohW{AAux>vf0J^a^cFbEaiy3_}#?g`l6`r_O(ejG> zT%G*7VQP1j|+rcvbl`!@0j(agnfpJc1jGoW!$_f`!vE zJS8oyN;%v*4apm7+MNr3L0;evw?|g56NiKLxZCH{RYbQmPoQsAwu7U zA^f{xo0pgEt$CTplpfTg>Zj-3mv!wCw4tI@qRoUR?859z#0_+Vl>GP)>;ArTdb(cF z4~B1@BUfa+OusjmRSEmTmK5jG<5Qcl5+{c&%xxvhRa}MguzYd-hE`$8#NJfI^M0SD z)uRUiG)7e$-!()N$Nd;qT}jicO*ZfGsU%Y5b9>yx30XvoPj|wtsv^8@7dPn@pM z#D%S1HU?RHP;E)K)5uFghK2^I%H+D#I1RPM`oVooC-fiU2-J3$Wg5FtQUnYCPxPKY z8#Guv&%BSV+e2(c*O1@-ZSmpFtA0X3hBGulIWgt%WA_|e%!rsU9BG)NZHsIx#}Bn4 zSQ7{c)Ggr?_gBLPOXerSZSv7#$|)+oci{CsGN5uOOn) zXr3L?eEjJg8GXfHR$zUyjwbXuU8IOnz)?Whuy35GIq&$IMMd8{UZ8!wGUgC5T{4-Q~zaX4fs8tvP^X{6N^Kvw6E+ zy&v^h*`=WLk=9C?P6}0Iq#$xLCck)SyYy!_Ng!K0m;5Xv2Xz0KPy-90O>Y%IB$C>8 zv_@I|jbIdkV3`n~Xi-z?!ob4o=7ztYK|`eQTei(OZ#uOD@*%j=h2oSpzwU#^irw9! z)FiH#fDI%xCoDH#gfTbnlTwd1&qZS&BL{=gGi_@MWSUgFeBaMeT@hpn*q+~bT@W!v zVGn0vr7FAcxx|Zt2j+6l&WQ)xJR}|n?s%m$iq*9a7wt5TuxFQ6|5iwfYx;;OUvZPZaU2W4J?xhs3dmH2Y~k0(o$BzCF`_2peAXhT()B!WuXhaH+#ct?3}y#{Xu>@+p_DO*EFHpu(9U%zyqnwEKZ0C zzRG4}1mPv|4Aq1~=_IpmfP|XzH}%hv82hrYVDkZ{&YWmG^I}c8c?9{T8=lYjK+JVe z^Xf*W$FA@(_hjs7CeY++4lF*+gBnsd?!u73>f|1U| zo&SjGxKU~0ptu~cb*%$zT@6wZlzDgnZ?!A_5I+AHS1b-UsYzv*Xc^oD#c3e~ zwKrzKE!9{aFgx@c(S60eXd*b4Pm+{;;&ZmAp?F=#DuR{mDJDjE!M>?7xik7VZ5K*L;$9~92= z8D;yLqZwuXd{AdZtPElo#slELMn*)z-_XAd3or#R{BtSHfyW_5?U**S4N*y^5dui(RC~-!^3Ren60J5Mzzue)|LV~IK(x^Y1m|%dx8^>s5 z78RcBfjN~)iu~uK%ST)PM$mrA(_BK`kE(Q5U|x+0@4?zOlW$9FY##_P@vnN|`MC1x z770gwv03ihp1|#^crfNOMo_;!kT+`$x4x-YRV@ITKQy!PQmr%j;deG+az~y=i!GIw zB&(Ii&2kEDNpGk7DWOJu@4OC9U{rwy0s9O~M7foPG)nL`LXhnEwhXLP(Z)z&ALY+4 zV;?s(Gc>Wkr=JQv06dxhwmJLfa{Tj*rPp&LP4J5;r`si+1v;Ipx*HBIXFsR(MoFf~ z0j|V^m|_+%1;B|HF?Pz^mn1MF)KAnO1RbW|-i$j!$=+4LR3H(VEB#bUnw4(}ExkfsJE_jhsLXa*A^H8gt{>oxvn+ z-2>%sv_v|QeA-KEj25aA?3;cn7sLR0)0`++_aXDwj!ABtTfMP{=Cxa@7#-aZ@R}UU z{`(dDci&W7q^@bE5m*tK;AJ>JR)#DY!^Mk+X>h?NaV$jgL*Vqlo&N-?P)g!_s0q# z=7nOnDu*U@bhEKn{)$f0I$yoi>y$5tukGUo?2PR*nnV@EL`Xe zVthYQ90g|Wy{_J`vL57ngDqvy(@L*#^t-!v-3tyJ*y&lW)^{u zfcE_i^)`JZeq@f+o78DCr;>K|g)5WiZ@yO+)~ahV>vE;j0GsQP+~ceHoYWGd%k4UrzH&)+QzOX;$jsCi^sb?nE z?yFM}b;ux(LJ`+E)uXLA_$JFYrXPE+31Gtl^?eKLfmL4P?mNw|D=VG^jSuq5>S1Ci z@2Tm{`#Htdo+ng*ukTL-La9i-De7`zcZ){Vc%ff?VPF8ntsZRDxHbhw_3&=+PII&OT#>@jEl6SIC+WdhI6ityM`QYVWQW=D&n^%)R!a}AqkOz9 zp#fNF12yKQjwli3Y~?JX_D_M;4e7r31c`uQ0Q5BAnwu@G9ewd_3$p`xF>dW`Pk3{= zQP3<}H-5z8yHp+sj!Z-!q}>-dn699L&?G5Esq9yRgGXZcqI~g{1l@zxEY)*00sOIN zZ|P!y3Zq1<2LX-@wtj_0F zquu>nFX&;-0dQ|X-id(E@D z4866#AQ0Y4?Xy zQM&D7UB8c*xGV+v1(?Iw35tj|g%l(jQ;fG<*Uq?BEU>qD(5MRQQG%~3eP%pbYv~Wo zApsN6{)znVZ$vzcMNx|2_i>9(r1$ac=ZS@OXYT!@v4X&1zz)P^n$r3u96lNk>0t@);Q%qMeURS?Iv=)v3i)Gb=*oHv3H>C~s zDph$FADdnC2r(p?&dFdT^?Nq`*@WC9hDb?{hg>T{S-5fE=hw5EyN<U_dq z0GRQC%wqQ6|AJVfeX1I}lKNOUbd3M088I(T#$))tx0E3KN5xzU;X7ET{rCq}!-euO zhz1x>^p-PZzH6EfeFSp=zsL zlA-P!h}yE-;D;Z10O89FmnbgW$~MG@eov%}`;Dad{3V1o6-@lflD%LRac^?cA|E({ z>$x-B)2M>_A~6+C9-9ZL#5b%W`+*mvi`qVIh9=c#_Ef8^YAUYeShlh}bbqwLbCi|X z2o#WRY*r2*KEd6#fY)p zhwBu(bWiqowwI9$jrrOpE$N4pPiFmhnu)5M&rUFi5R_yJNg%;Ch`Y%s58aF47qU0j zrpCJZOd{fKjNg2bZ7fS%#nyLfvHsWkrl27zu#~Ne{#=BEikkQbl-6_(Oa;y0AO9@1 z|8drC--z~2efxRmtZ^wrFXQx{(&Bfs$({dICA^}2^bfzbxFTFG+4NFgQFO(8)3V`T z*OQ3-e2rjg_`*2uoNKC&fqqQ8^5anuqmc0fYAE?&q4%C3j%0rUA{V`lQETIZLnS?g zA7#9gO$}Jl%rt9OARxMyeh;sxt|?R9VUqVmhQgKDi*G!Ido_wnzmj|0-NnS6`;m@X4f0 zVy1i`p}IgVk~RZ9gxrVC1uA_J-!T#7|x|h|1wEA;AC@Dogcz^0>WN@&1;@rF?UG`w)c=C%E(24TjU^$X6v)_mBPq_k*NzIha};@dFwd@Z|id`?RV8 zPC6!w9#6h`4j?G9`h1F>1igsbrCR26bcFrZlJD@+`xNocyTC0d!~CvwC|mQR{sf#5 z&!Q?mj>p(>PcN8j>d*mKG%0R&xZB1+pv&P81Ustvb@9V6Lze5W>dLgf`*%o~4H1xg zHm(P`%^IgXIaO`I8|;%%E)X{ZgV~hp13JgmW>A$jV*xfe@m&9`{pg`Z0*y?H_HU~S zOMJN7#2T?Hz;rG}Fo>S1ZDe*Y%{W=x8mabALD4MZ6qUb#I_0S zhh8SUNz8WW-2bI75feTUHI?#+Yc8P6oRG}S2&4TuRQn}P%q}V?;mLm{OS|MavOrPA zpO(}=M%)ar)pIJT)tY*<>~LbuI%_(AbI0FWmExsGW=lucc*E=DOwOgT5Mf=i|8>W~ z9M0eoUTx=dl6LL}3($yw?gYxM><5RAeEqj&P{qoIL=zB6uP*~5|N zuNaGwVmVlr>+GD#tt=Zz(mAT!3ZFN$eXyK7`gC(wsoK^OvlA~KuSytaix{`&YFSC1 zxdaBdJA8Ix|KadH=b((2_5Fa&v=iG4Z@Ht{64r`~Vc43K(UJ$Fb?!=`ItXHa*9K+7 z^^qPtYt8N{yDc|&y0&z+dMEkeR_P^#AF$#QCIn}Dz+6UXV_%woJNiV)qg|Mbmv4uq z7h^E6vvD~}y93!tbGDcZf`1p4_KyApfPMVe6{a_qY`uo?lWWV{708>ZE}3o>+nh?& zoeG0EGAZ6jq>13OjPVvZRQ!jK9IUWu`4#<+H+cU|9mD%_Y4>nwED8@n6^=A&ZnpLV zSe4^NywEdhV;sZRnrs7gQ{cxGfC5&gGzG97!ac_x&2T{KNEyyXLTE^peI*?YZv92!p zM;=l8GlOXW3w=^vuK_ z1u$My%0z;ZTLz+&x&NTJKU5$i8%*Mr$c;3IvgbVxI zP5@rTAc({T)%Mk#2tgG&-;W1f3pQ~}^7}j9DZ>bF+~?jG(^UI`!uaWX(38d~6Z^QJ zx(I){ufc(~;1T_gIfu~<{!1Q1UY@JMl=MR>p0hB$BwtZj@-PiyDcaC*`PJXc+SJR% z6bavbo9)EhHtt^N%rqEnsTYbj9jy^ozL6#MkB=C{{pkI8`gXth2nI1IijYMan5?>$ zA)`Nls}_t(a@Ear*e@-U-`oa!osN%Z3HN?x67lOf&i2>mPqI{fdGNl}*S?4!guW6e z$Va~r61*p)fV zIaH|JdOVbPy8nEM>M!uoH4>^S6jC64vOWanJy)NFg`gh96w=!~KTL zUWzsUeV|pAd}F9|8Yuad0)lykj+N|r5Ld|uVnxQK9ROh(Sv56ADY?*^;z0U;oMA=Y zfuM=)wHGh$w+mkDr|K`Wo-E62qHlgpE1WLkf<)zs?EMFDJ=WcQwdl&}4i(H-Zni`7 zLN%KLjaR*OE>J)GTcpD?vDC%AJL?03{+yQOE$PoXbnS0nM=5!eNeR)fnKrr!2|tWn z2|qp$dc*UHY)02>X%yWR##*DLoNXaSA*hyyqnT~YQKRs$`cB_cr$L?y;$>WwQo#U9Ut37_?7<=Yf~Al%$i66 z2UlvGrNo#=7h8s9lyP%pwR&XRpBRiGSm~wk#u07HmyCg(7N-EGOFfXCC4g zMnA^~b78M_3A2`EU)q279&wARnTuTQ_fCY*=UhJtBe*hT$T&M8C53>(Q%qCYgrg2M z`b=wGL&xIPLGz+zIY&ooClP4F)t?C53d0*89>6Uxf)6M&l+GROiCbjDZxgck_8)N^4&_j?zssr4&9|;{2*8 z{9akHI7UHmJsTV007b+19xL(dm%<9bE_%CEMYBxePFP7}X+>*Dzur%M1vxPiiO_8W zES>8@FW;8L)uB_fl+HQ~^9wy4asqV`cT!}g9Y=bmye>bM{n;_lz;b+8&l5zMj##Ru zE~jo1{Q*5Xke{NAg%2vvO#8zEBgaB}5{|FGoVhtk>a0k&OEW2km=IyahJOq^&RKsxd9=Ncp@k~mE^B`HRtaB_^|{qRXw0~p z8<7CSCdLB#-ZdO&C(;0mmU?!_8sVxsb~5}4N87Gv(M{S~dvNFmT>LhbiS^cXS$l+i z9L}ikIC7o-75-YBL2{Vvy6f=*@P2c2RSFMCSFhKwN?4(q0`}v0pyU31F&M;Ag{jTa z;9n%?PX2o310C%rw$H6HF&hz^{@q@NdNn3ZQtQY3vJ2E^L+3Vc2=UDPXJ zB)r@E{R{KOvxND$wlqO&@vgd#QfDNEnuLXTtt~kp253T>xYGe((J~K8GqSl?aP>?N z7E640!1t35@Uy6iEFJpdqx+5Y6m+glyWJTAOoJmcITo1EEy*n}m%bGa#Wwi1;!#Cw ztEF36d?y4`e7Q8Ej|;1T|NfZ8VeDjjy!2MFg;Z-_VTQw1b7n;B5D>6p_qj@xxC^qY z$OKFd(x$P1>(V5%6|ENAZVvbGsgnNF!zkJN%WQj;3g)995upWEhoV1}#Y>8>&d@$R;ja{+$)0oE)r`^TK)Q zR17?)L*ypp!nS)wij|;N^Sj9ojLZyz+b!Oti0y!G;RC?iRU%K==Y0gKp_6#1FNgQ zfEcg>&JvdoiGiTlt^)Q@Wr;m=z*+$yl(LO4XYWqDtY+tjmPwO!TKvby5#RG%xLOUZ5}JpM>f zP;o@cu|&nYCL!}4$oG4%dOoZ}NBw$u9KA`ht(LH_cQ!W2Fi1ITiuSjK!N20&kpF^x z|G&A0D|(xJL-WRPS)hNUjH747+irFK+-xdh#J(Scpi1fEqR35&f77{SK7gQ`E52z$ z9wm88seXocZ-kp9q-3q99urjrDM!LWQTCv+c}xQ7!7V*H$9a$O&9hT6RYGd0NoE(% z)jHOW^$2$Zo4n)uL*!OUo9@>0tA+@v@A7DU_sW>K#tqGL7-74C z>(uM3msKn%^3yEG$=^!t)$tIs7LCzHt`{jB|CE`Q*O_^VGhrs9cMIPv$|TYgdd0jI#LRz zRF;zzk3)n5RcOAJDI`8F73oFmzDbs{>m}83Ni87&eAs_5PO-pB?a^|z?xCt;SE98%H9P*s%z%|>lI#C3i=?&Dy2C1INU_;# z9r0n#8R{_Njk+c58i^pNt}V!MnDwUxR7BLaz;@V8t7~3UAeC?Lz&2fPyBn@q`t+_R zsx*>PDqmF&6{dogxIEa{=Z7vTv>nB=#X94ac{MXumAI8hK!u-2Pm$bG6<#!MhyOTG=pr<#&hcJ)nmQ}*0 zRLwspmA`Y}0zDlszoc@t!;l)mhe zGjXq^twGU%~=6vJ9eG(1x^vjvnK z1cGNu{#M*U7G#^J76n)JpM`qc>f1rUY}&QXu~?S#uc~cr zR2cdlkIn6CeC_HoQ0A*?7>} z-g{Q$n7PUIlLXiB#hli6hMu00GDO{7p`f6^ub|*b;yqXR&U9!!VLIyR1zyHgU{Zq#C zU(QNfv70e`vVW7kNFv$7AP#S$Kd?(;;v8uScc=0BE>m_gP7DeLM328!w+;MH3*D5ChPNZ8b|Ew=pr^jM3Pu` zEZ^`{Z-)TJS)khI{G93qpkDLa`XrD+USjom|KqyIQge8ksihICCYdEUXS=O8R`qGa>Cnne$1Gjmu z1%p`tLuJH0A@3Z{m!~kxbn}R3rR%6-nJa`caNb?2auU}UFHETzF-V@Mn{I&aM<2D& zMySl*qJ$0l3qpR!?N0x25NwZwgL8`{c`vPU zOb(TE)v67f%Xe{_xy8;0r0x2oB3qc~unHyF=2$MAwl#T1i_PEb^Al*30CHlSR zGFMA0O218HyPRIyQw3Frqmi_!TbqZ{1P=e%3xV>>#vT%shmN&@YoWMBanJ0~a?AOg zOma4qemaC5v<=|(=Q22%Nq2!7>cLDkcvqNgd#47w*A|EzW6AuJ)wX9R*5{WX%MczG zvyX>&`2)Fo@XVM}Hyak`q7237a;Yp9@|ws8p=QuV?9CH>PZmZS&Gtdg4ATaZyOUEx znmb%-l!{0k0Suxa3exvoHxznzrHY-2ou3cm?Za=#kHkP&_@FnW?lZ5J3)_}3x3P0= zYXTO1L}}lzA<_%3`1FXMg912}2Q5jy#T-eshWr^bJ12>N5Fc!p8PN=f%!b0vF{zkP z@*=TO6;vYpd@un}B0l{uQvdIZNub95uv*^%)Yz`%+wP>06ho9&_JNwG+{1VSFzjhg zA`zMyNqZbl#E8JKP7v2J{%h@3d6f68RcI8+)`5+*UA{;5#x{4A0U$8tm8)s|Ip?9K zy|1Wxt=-3#=D58pzL89NW#be-fNQrb!2eL2?ZUI>N%19;>Gqon=jHO}G|SVJ&pwr6 zun;u6U#|*e*Xm~pdBXNePol*#VLl7YqMfulGCpu^P6qKo=GX64QAN(r*_Bt7tPg}# zqpeeq_k~sw)8o}T9Ct}^~;FsEbBT(FK_v;kkxrKjWWG zVs~&BXmJYBielE!*aor&9NL;X8gs=uoAPLi(2NPuxgujFBpNd08^;V}$>!wGr^u(5 z49lX76YWPizza}%a7k`8_?T^>)@htL#`JOzJc#U|Nd1^_fi{RJ9voUk8@1$%(GXvTOQ>=6D$FE{`G|!k^_-ph#^K^_-sW zI=4s=Ubtpxh_xbu4RH%rj}fxv*Dr1{&j1e`#per!2PWsoarnP}mF_iAXATZj{K<<(p9J zC3drUp&FA>Mi*mUO!#UVQQ-UHvRV}a>=&4gNbo>v+L9@2X})xed8i#l2;nv*)Nps# zarX_!t(;E>-h+4dv^Z6L%bJ-8sJ%&E6NAMmDuhL1JDpgvq6+@OTlS(O95yAtcefXJ zlyx`X!tTT!ua*pQ9E_hA21W$gj`mc7C|7Xot0Bc?A$FqV zFyDcB1^u;=b?{u8$=ajDW-M_gTj|uDQNoEgxEb6Hh)N%T2$mO#2fTmMz`3LMEjfkT z?{?yMxm3HB-l3^&0FeeH@)rex!M&)#XyO&C-v)`QCS4to8AK#0e+(lcadOeY4%p=R zPPt|Uya|jf^>%N4!=07M+>CHWi!-Q?ObJ1Oc-@d!Hh|$)wCUSwZO`Bq6)QZsQ$gm( zH_Px2eS-@;;>1ZcTwXF$ZNyHNz^vm!|FJ3pF(MTMKSUZWFI+l*$JxG71@9p?b9$?f z*ts+%iBe$X(X45JBFoZe@jDp064%CjFDpb4wY~~^mE;t@?UYCItJ8h;wn3Z0yH5!g zP6CmBLgTuM0XdZiTYcY)MC}>%SGEsw!@9Qr(d_;UC-KJH=M7T_)8!1dy-qrVuKRue z%t*OH6nvyCECQo{-GvH4CA@&Gj`0ii#rX>v3Cii|tu9Q#&^0r2`gnpE-|mm}_tm9P z(aF0snMGv?(o3@E26kIV&)n)(6XJJ?mjO!xzOcS})1kM@`ZmY37@~-Y+a~)ccFlZf zl`Qsyqx17G3YQcQWrG@(xlGV^nWjP0@h);?2=FR8i7NtnECNRQzUg3Eg^;pSqxH`h zbM1-jEdb1`M(_vgg|U7R>z!=lQe@H#KHIU;xjJ3EDo4E0!st``B?_-dX~FK3{<4Go z7ep{%2eCO$f5*dev6t~o1P-)>Ze+IECTGGqGGqRr<$C|7k)BUs{eskaLlS5OqeUUg zw>j_j1aO%J3vBa~D61(mB{>d=s_zTNfIj!@AKVad)Rqo|Ft5q|#0#T>2ZTn@k2720 zADx*lgJQ$Kr*Amn-5qKLM=-?^F%MBN^Fr|ZkjB3RZ)=L$Y!x}>+UV^&$fx~Dy``43Bry+P@j8Ljj)DS{&#QN8s~H59WbD@~>H zil`{&J{DInk+(KVo-RAcq!Xe~Z58ypwVt@+baVsH=Tp@blak^r@x(SvtP}c5mHq?Z z;CR0t&*{B>aRCxq$&_`!GgZm|oFaiL5(?^o&V|c2@F!m^JDuk<3l|kgv!6Fz*n!R^zUjJs=yZ9>; z1qj8xWbOh+mdi{u4V8M$NCGsl6oaPA66|q ztVJzcdWExkiK*ut%nR44@(Z9gP+8$e1R%Lr3S>VG*tnLv?U+rBT@~P9&#nS@O9`N> z{|A*+HgbszB_N0hzHnNIh_Rq&rH4{pTn|-W3Cyo+w=i={fa~*{sNFnU3?*#DuAJ>X z44KK_gZzYdeGmvVKeJKtdhshS7|w8$f!uHl*X@}SmvG5v${=?GL1XJSxC@et(gh8U zmtAe{2q8P7iFGgDMO{p$JNox`!)ld;z_2tAK}KWHlCTU1yjCQ$JSjJJy`rEM;6+j$ z?X*dma@gGBrB(u#su4wGoQn36QS2Sg3~=$rc%x3fJ+Q?f9}1+DA93^7JiTrFZS=d< zh7`>{N+sicu=SdWk)rh!aE#p!(KG8)7l00xu)^i;2IwY z`zxm2$IACca+{2x9V4-(NVzZKxFkPlZu2i{5A5fL%LX@1(_yd{v>$|hsYiCuW3R?o zeWMi?v&{NhrX7*gBI3WX2+x(gkGA)-;Xei`q&thh*CaC2!IX&(_TrptL#<@I%lz6f zqia=x7a}?3BoM)7^J^n>BgU(8_Kck*OaNMvDr(K$y;y3P7+btHJx3K$-Anz0ZLj4G zg&+M^*pV0U!?MzaKpnHg!ZqVg&&pDDkF0<7jc$C<5u2Nz@FHr+o!7}5w(E~{!8*<9 zhghz@b*R+`oIaB88N1E3u~?^7_#}+Rk75@PM%}8E`k(<62wlxU&t{kj|4WgsWb|(K znnULU@)U)(W?e_RO*Q)#NDW_28upQOnq8AC_$Xe1#*uX zgu7o2<#%H9j6C1{X_pF>@g;o>WlJAW9?GLX>0OR_G zrR0B5OtXiWr9eyB8yK+<`s)zcx&V$rW7Dx_$|NL*f-aEnnu*sVYL0ZHh2&HB4KK87 zMH@#o`UE&vyc~{&rL#<$OF9x@%NFXXXB6N0e~D{;N$gP43~XK2SK?LsW^?i_X$bz= z^5WBrgX*bsE2A2iqm{0I={}-gNJ-T=ec9GQCBH&u%x)~LsulN z#arO=SkXZ5gu5it^g*AD&8y^iTpgpzUCl?3mWfgS`2Eljy5YFfv>V7ccM5l}KCdpD zW(-IVjF?EUOVTbl1}XmX*;_2 zex=mo#L<}XUCNpC;pYat7o5aP)gLSGWyHhT&(Uen(f$UNBQ}~KB8m&14Un?x-Jh*) zX60=j>G3$T;8Jp+eE$$+k|i0=B7zSpjW#eLPUIWIap&vG#jU@)*5-S@m3b3Me<lN59swFpLWIok! z0|XC>n=0M9JB$qiZ#jXKnc+7O)TY7$mKOuqAcA%f(r&yx5)s0A>pXiE7Esf3CNULU z_+)*U6+(kfRCxr4;Xt8jUHV3HH*{ZpiF4|3ezLQCS(XJ&t;N+L5X)~Z*bnXaT)K2J zgiVU46De+QTk^;Yz;c;OY8ou2liA6E zV`jJ!PkDf&XVfH76Tgn{U1Cp;6m`~YY&k7N&T45^BZJ#?C`{dF73h3}PJzr5&AB#> z3lW4k=sweTxh!mxj=|4%@gNP79-DQCSX2T*H!i|52|hyhL^|>ElODR#=tKo!L|0F;fR&vU+H0O1&~HJ}sWiy4d|vycQOlg^_#TaBS^SNQcxD*&ateB|H>XXlyyH;LNkxFekTSO`SGyf276k5Xh+^=oQ>80YQ~f>lFKA znxWMltsB}MBj%wJVEb(rFX6keqsoqBtmuS!px zkdAe$?U&2r&YZ}Ge25g5)Nx2h5|^KZ!|x_OzwC&3QmAmxJGOOs7Wev%cY+K6MnELt zEM?jG-0<83J2k~sY?U8fe5t>$%3z`CqfG+~$etydqHdfdNpJ|E1dz2R^+aDZ@x(Cl zIHKTa*c2goA4Z&rx>*d<_bl!lGNM*y(aPG+F1W1=w=rgu3bg0`bxqyiN~jR}y*^&X zb;$nFU9^KP=h+iLt9JXYpd7DB8VDzR>nc8$=a@pH)}v6Mzt$shFV zRgjFBr2!@TR0+n182;xPhh{Om?~s?t^tC3l zrM|dD6wtNU?rq5aMJh(B>&iR&-Dtvt70^-HW3rT8fgjY_70n}0i=u+-Q^WFQa8bRr zaQ^}-aBWGMU87X^N<^C2mLvrg*FHMwy;5*d_(6Yc4!D$2xUyzCibUh>R2SN7MRJY9 zJ)z%=qS^u=v*&>gQSLg_qPI-ghIb+LP3FBu;p{~XXUE90w;t1xX!CpauSVr{H50^nB zjt|f?(4{UrAmwEhG?}g->{e>7j}LXHuoxgYb5JcSyoixGx5JLd*MfWK+)xD7cmGllJJd+FHCy+=S2s4{mUdMUR$8S`j{; zZ>CiL$z_fJuP^Rxc5c%V=#6_r!u3p~ z*dD$xUqGX3CG8}zkgfyq`Rq?aS;f*P zi-+LzZsMO-T6Hyn%Ho)JmqGEMF+C&{^0!xE-OQ1Mc5y~uC1#Ed8m3nmE39|D)gg_$ z3n&1Ao5tzl)|yjLp~NN+asrNU`f9*U0BhH!n=E{ash)31)=e#|xuWjL4d}3GYo2~0 zqj2cAsb@J*A$b{(+5!c@9bUru3wr)%TB@TJ?7M)9JuVdU)?6ijAag^z89nxI z(Ah_)jH_euxh|pi^<^gQi6$+LV=1-zOcpZM%=N@&<`x9xkH!_2>u4?A67xqTAw}W0 zC0?~h-f?1X9d88jtX9yan06&kol^|*F5tVi!*%yOl{UkqH@+09t~6lZ zHY@Lnq$wc>t{VTyc&}FdN#7*({NxCIkZ?b8c8fg`7iF778itG+sU$i~NUp_O&2?C; z;&=l3FOs{xa_tYPFo zi(er5=WeS0HWSp$_l7hi?w?pHC~ zEopiAqYFxEsy{)j3IG0Y;QqaI``_Fmi>)1t*qmg{D!Yz~cWH+h=Bzwn{ZhBmQwLmT zB>+$^nn2+@3H^k#%y|i9p9jtap{#fm9_!@?)~4>A)>obAE0z?dW&&S8Sz1>wt1h$7 zcXU#dmPo{qzU38nct6Jll$1QUrKQC zGX%wdy43+Nnt}~|QbZD9a5Nyi-m^gBZ2B97w-2R!w5ExA+trWb)Rc5dx{~!UXQ;Tm z2%V{qmu5?({c?OFa0nzDM@6J)Sr%A(_~1IJ)mgp1H!$cF8GQF70~i2u?n_;^0jeE; zXqIl8I^-;~kL`}HceW8*ejlpC68XR)KO4P;O#Vtr)D0ay>kZbhRa9R1K<_dxYKxa|Ve56M~44@gu$WvYChGoM_T7rW-or5K25(TONmJ_Q7#tgK}jBbaOp4?cf;A@egnz}nFLNSo7jqh>YpID|0l)XLMZ zPVtDeDZ~~qqeWNlQ|@aHjSP0cnWf5@tGa%+aBu%J#r-Gb>)+ijxFz|^HiDlMf(8@4 z9@KPk;AW=dKU4OU;n3)b@8y?N=wsd4zMSBERV6c1cB(h_z(+1J2GaaU=o@Nl8*8FW z>n(GNnjbP|*)x|O_&dVNHf(rTw!Clsm@j!UvC#NHx06S^&svTS*Oh@|@(s1hjNetM z6Jd#d@6-XazwX<>SlHZpZ5tETozh(E%-1O)2%`w5{4SeYD* zyerSFyxz;%?uN&?(t{Ir4OQ?~308#st+M72ArA^s4=KFppnxlG@<2HJzE9nDap?zd<-J1eSWJ)07!2Jg4mM@AKMFa~Vu964wm1DM0QRIXr`L0#!9Hcu&Gp zz8@`|v{u9rJoElizUl1SO28V_6?vS}d!@p}j^SteD#M5dFUH7VhQylq- zG@NP-CJ%Jn`xM_z0djL*vabkJyGd@4z$KRHs4L6o|8vfLs{i*(@c(4%%{BlyM|C&j zolUvH=aqHR=XT3+%5jUM(LOx%_c=mzTQsH7ORk@?xu^Bc4<~9{kj2r<;Sh)e1t1%3 zWwO(@?27@6bv}wo4NU^V{MW#2<6JIf*rL(q26BfCrco#s2%9VP%xRcIn@D{i#r8O=Y=L$JPd^WYa^=q^1p+G3TCM~nA5q3`si@lM&j z^iD^&qRl34<1nbx4)|ntm-2dis($YH8uy}sLN#G*SmRZ+k57sD#7@0ky~PyHiIH)9 z_rr@&w!?LPq2(N}$1Bd&_Z~4VzNE<-%c@`0ihr7mnOA^?emBsJv^`_4U*w*>=v}|h zU*Cg%p^QSAzpTC}+VfIPtGqgPKv1qaMgBk*C>UBMQ29MSa8}-y5odSMFcJCwsNUXhRx|7sugnbxB3ERfDI-o@Csm=0g?K z+|6~EYb16))nR;&8O^mfXp6{82HD#?V%bX|wWq1Lsh#UC4j}dzNfzLn3LK)PSq!P> z^X_e$Vo;XyEC1kU-H=o7)(Uph65BenN#!vKF?EUc3HxB83U<5@7eKwPXt(NAzy|L# zQf$Q&@}LFsJ}owp2H{tVx|=qpQsXHGxQ{Uc5+kBd2k0!)R#t;&C<;ppWI6U=Ls%$M9$iBWwkj;mq-w})sW zgSJvPetx*QNkV%t>euc2{>S7dwl0G@SNakKeU~%0q7TaBJaWc94NhL`cSJ-J4^=wp z{GFutkuQK`SZYLR>0)u;|NY5s!4Gm51w1jT?hD*`I*cdr&! zw9`37i1<9=CR<6cI-e*Wl0e@~3f;*zUp!~$Uk1;vn-{=KNHRXWzC!7h`da6*x7Nyw z+i`VopTh2@mxqk4zCeGL@1HhQ2#E!Mwl2lw{#cHYfl_@UTOJL= zpZxggBpva_^H(dxu>9VeFyJ0I8CbHIcP#+pezLSw3C8=$%WkRq^<-kVB_^xI=j!Gw zJa*T%0y6TFdCh@9j9SSlQ&D?M;?9A1st2a#V#obenU-3dTj_hw{yYwD2=Tf|pKsCG zHSVU?$%J6eQ%&3O!NSCofJ-rR8UVmQb2a~xy2+!os#PC+g!2!xja@ntumf=|G}mr*z(7CX|-;lDALVCMm@xWV?3o^0&LS-Qy-c< zA&kzhoH0Ii6%|#BAB3a7VmP-)i$1DqZczN16~J`J*+3r96Q6E_``Y7Ogx0l6FhY~w zxX}?~wJp^g!+apQ7Fs3l6sBTWBWiD@5~C&3_eo-R=140K>+ zCpS(iOwmTg{<8K6JKWd$z`$-1#EHKAX=dQ&s$5q=Bj?od!^JnDF5ZL_2$5qS+54S_ zlM<_V6DsCgpn;j zm1b`*w`bTjrx+s_dggvR@SGFi*j}kg7UR63{CP*ghi**bG3uME^Tj9Z_$TTE5Ni;F-HX<)MuR26^TvylQ*7*gt`;JkdOs z&7;knm-i{WS^Do8R^AaK31_?02RC6PH5PYK4vC`c5YTapfxZn_0WWymuZop^3r>*}LodIrc zr4&VWGd%v%rxbc9uWdoI(ofRhvJp{gx3j-N-8W?D-pCXgOR1cv*_rF0fA_bJ+?uj(s$@d1fTCVshE zBb81=$vV!4Kv^WIUjH(jgR861)2MZPo#mvtKTwO5B1HxHe!aTRAJ0@c&93@X0I^fj-gSS(msuu+M6lm_n1qxrV?Urlgf?=s8Gi z?o=&j$;r?$#spY&$q=UG$>{5wwDYVMvviyF3Qo7koqO3v>)=4fd&O*Co>6;|E`vbA zpJo+gZw~Q1Uz)v2513mHPSjG)q+aJlHdBPagV4`FxY?TOr3WMZ3n7%!|2TjD1pwDt zA*^|{E%<4K9QvWX8x!l>)1w#RK$Ym(anL-Z1SkDcH>!4*n;M=ho-D>rG?%|E;U{S> zf7JwuMCj4a39p@|=Ovx1gXOU6GC|t5Rl0@m_g{7#vHTP+54Btq3KI(O>|Y18x0=S; z?dt?j@=w+$61Ng3=|!xx@9UWU+obuQlAk{O+~#3fpMmuv^?2hvt8&yVFROFZj07BaUG~865%3cKUwYWM z>nrOD-W7Bln0K-E6Un<9=X6tFj#>8Rm9jZlN)}6XmVjqjr8IKT+LM$TA4#Vud&m(~ z^)&hHd4U;l&9t*j8PQ)kx=^WZ#9i}3tJ&b`je>-oPFRpE`pHPq}F7uBhA>6(XDg)Eo-URsZ=L{eDMSLh1-YMhjh>!w~~^|~*5 ztIy-}flyzG^4qu#ImQMe4wlWa@KjlVPIe;nbz29~v)v(wX>x@=wLRn$dfFxH6XW5P z;Lql3Tv#OZW}-U^>gPke3{-*CaFlHqi#lQg^;PKSEbdz|k+m#52ygqzZ>uVO@!ea7 zHn@Up85;1HPe1x=St@Z2Qer~gLUlmINNWZq{riEwqLo3va%fu4{30q`yf`ks+X|}j z=<39~(F@{!MQ5C$HsDp~(l>L5iA@Poxg(p#49ejg-jux#aV(`$9E3KFvT16(O}Mm2+1zXw z9|XWlEj4X%f51!MQ@D`+#l_zuO+K8wu{|{7HzS&tKA&Ya0?J(t;y))ZoEQ+*QV*n{ zEG~*q%6;f6J{6vHbk&Y&43&ur{~qEd14a-VWs~}adq9eFmc^@hc^a&a*F2bIYTVhs zm@pT;dvTh%LOOoztnE`B$7Z&@<3bcG+>d}B(m%>m;cr!$O{%N6yR=O}!7^K+uX(fA zF_O3wJ?&MztTq2&>(DbLRRAR2@V%u)0YG=kK%fm66-b#UD0(MLRYH7W{7=anQ#vt1 z#XfDLU>Q@IFh<2%5}MVQHe<1q3AQx;G9o@BxdRl$IFTgM)#wEVfov#1X>3{VINTp} zyn;7lILFT;^t-Y`#FP>t#1SnE3E^!h&xjA+S=a_NENZP`@-%zx97hqJJjp`4Q0bE2 z#K0WhK?mJr^Me%Wo0))0h@RPDl=ITArL4kZpdA}=TTlN%(Me?<)u^rd^ z*-uTtX#>^?M)QNX6V4#kzabM+zyc2*VY-QH{MZnAY$kJy>8;Thnwu0tec|kN50g6| zS+ZX~Ar=2-jFNa_Z4*z^^)|QNzlnG)x=|aT(u${Vig13n>>JX5Ya{jb70|9^)6O1~7(oR$Nyi~0*gB@$=12+Rz`Yxxm$I|@T5S|-7-#qx-&pc43aZfpVY5I z4%V8IZ$8%@PGtBRd6PQvsuf*ix-O@Path=SQ*ha2tc8=US)4XkcJyt_O^>%>qK)M2 zIHA&Imc^W7Mmxa}oXUEd?^;*HhEp>?{KecD%ID?&EyT5#Fj#EV9`p-$ zzr)vdkx|e*N?AHt+3(%lmWlFg@ND=~(V(An!34WGW`VMUMcRlY9(f=)7;3Zc`83;U z+&nx1KX>Q<(hwmAmK^C^p|+wd%&nl!K<>#0wb)Bcs~Wl#Ll{atb1fQ>U#T7--(No+ zrUgRC6p{+i|UKlo**|?Z@PLM$G z%T*Z6J~32I{{9n2K`Z8px4>9&;W0Z5b|pX*JoF`7*O@sE=}ijYH-VoBqw^y)69dlg zytKf&2AlWYs-10N&XG_xF-lFRtHaoQ9$cs}pw~^?q{efv3;A(I^m>EIcBcH-S|4XW zj5Lhg>BQ6Pd>)daoAZ?j8vTlVmvMmNg*u~I>@QkTqK^j~bSjgwO7b{?S@d5(&~M7) zlFE@H>I@7_%+R-s;=>Bw_Ov0Hu3}oV6IVndagiq%`n+5M^}ozyM^04zb<8;=B=gHZ5SeXD=;!V=lC^y=-p!VgNkzy zkpDxtlA8}}xpC2CO^NVuJ&eZs6`h6USvalwJK1RK7}pgtC$K?=JHJ;)EzZW-&)JZ(P-A+jhOLo05{<9{q|)BiLap3)9g@ia%plrAX;g_9(^E z`70&6lcz**ew3GG2o-gRZ?=zu-1KC)(1g$c-TJzWgjuryfA`cGZk&gQz~)Kz zWo*zlTm+T@{wQKe-T5^*vCa=vsZs^Z^mWY#QYF?$=50yVs0qt)AYYEgqCK>Zwx8CU z*^%x~a)Osyfs;a1ow$Q%SZ8tP1-2!Nnijl^()Cjt@ATMOV;xtWeULqiiVshuWIi-V zoLBFj;U>5^aZG3KIv$^n`ydKKFs6Sbj7tEJ_an_XWqGLrb~V?MvW5MF&L#de2kacD z)BU-2s>!9~tn7sE8lI_53DS&L*V>t(eJDI4Ii5jdWM9`KN1Xi10&ZZB{I5GBa4Jtk z29WO`oy%^2Y? zq07TPAcae``g!{J`g_2o>h!F*;I%zhD3R67k4SGx^$(~6&{g|(!uBRn4)Dl3^C2&t z)6rU?cGc}aJ35fs47|{ZQu~%$rV^_M9ys4>jd$Lcy+2g*aC}Eq%2>yGUu!wcnKM&v zQDDyS7rDxBijl7rk1C$M(^`TF4sP^)vBiIhT!tkfTdp}e`pM3=6)p^NB;ITgxewW3 zu?N5jrVD-6th_1T`JmEOlR zsDL!na)rO;u(_|j>t(Mz3QbC?vwIz9+iR;9>YEBW|A`72Zr@(x2baU4(Myz$_?!C#2 z-DlE8%I%98)7I=-dmIzMu2xhKNm81VT0eYCtZ$i& zaUv)itK#`0G;}CO|5YB-wl6lO(@35-Ak4?W^F~tfs|mZs&P|mg?YLfF&M#^AUST_FW0iE%yKBQcE=2}&UYc@ zP}cE{cX3he44Nw~9a%b-?qB5<5)zRv%hvB{ou=|~yBjPgBqPM6G_&LY$m78Fa0n4W zub6fYMe`7})?ajeemCnf;NFk7;cT<(;;y^zJ)txzVrxgb%SRLZbv>P31o*gQY}V#v z()whb?1bH!2EH4K3g6)zG)+>w_Xlq!(PhUW_YB{%p(aWA-RPXZ9L3$XOkUCWPUSFp zEnAYk79mdPE@E5K`4rMq+h$O>!uBdZ$7#R`Hi&wo5b?q=^@O!{7#6EhUPTeGHpO_n zp+~V8vPia!lCJFj3!g+1dE@Xuvpg(^TgGsR^Ih{F@wy!FPA+~Y0haj4-~M&@$%~o0 zs3`ww<|WF3tlWXz7#D`&%cVFyH5)`hm=T4`tK7~KEPa~B4EC*ydGJ9)Z@2}MCvASC z)~EbV(Q7=LTl-P85yhvguHHmwmc&Vd2jO~0B|(RUR{klJXAg4{h2y{v{U%GqYAwjkX2|d!jF|kk{teuo_vgFcdG5YcKh7>YD=Z~|_;9k1WMAoe ze|29-3>MYB8WbLL;b(_bdY*3CtMp3eZ+)xUv5_md<6CzNtkT_he-n!%114kJI8ba- z{510rkA!0yi(@kP_WQw24%OuH3@40y`?X1k01wHdkC-#DCSBuUu<9LoZSWy#dQ5v^AF{V(i74A)Gwp-5taE1MS><&v^SSh zHoS7LZ4xj=3MWLq&+ACMZ!JItgJi#@AeS~e+yN*>hsyHU!8IUs0n1pc1vAf@sRm3| z*MTV@a46BsYth*r?CBBI_>CR6rFr-ZRRmSYMv5Cauv|c-gjEXAV=rn}+weZG*(yFw zWbM-Dd^%OJns8ZWb>S0Yc$4&Dndt56_#@d_6+d7CmQXG)LUZv!X zWz7l1P@!X~+)GUTw*D=!Z+_6fa#N8u--uaYx6=cFmN z$51`a$6EZx1U}XQaIrXr!IpndEZeucWvA(&;AYKkt?1&BE)js6Pk{MnNEV}+9gbGY zCM6K!85dlSf0e0{Ve&U9BB%tLp$Rj_DRb`wq*YdL-u#F#y}2K0hrJbN(E%P@@)0h6p!%40E~C1ffyhS%At}}my^yoI zO~$`Lq5Ro=JybrQKSwgt;l`+p*hQx-$a69C*~9#iCSM)%Z(g8q3|OX`O|JP1IWLv$ z##vt0utUZ5X1@+!va*9YO2;4m2KD;BIfL~wzQPcveY>5y6vZfyej<{!Rz>7*AR@kH z>c1examm%A5SB3)aEf&ktmm3ZQOM`DcV4T<#>OViDHQy``5G=GXnicEfehYiz{fbf z!sLVP(a^DWFmj>2YxTgwJU8`sgrIA?0B^hRcaLI!gCs1(hT~gw_mf!6#lTj9MW=nA zja^wj8?0^r#cUp_Ti~IvU`Xbk`))#S^PG9j^dy&JAuj0is%EO26?`1$@~e}3RH1eP zbkHL}(e>V?YU6DxRZii8fLpRPX4InqIY%8k@Z|sBJ-FIluMc=@Z?p^j6}ZEv-eNX9 zNox>UtlLB)kF#cv+9ydISJ~#a!ABP6i}0=|__ezlOgK#oNp%MR+=g!k9L{mJ}DqU%x**r;T0y!)F7CxfSsib3>iIE>|{ zDqZLUaLY}b;d067ypk5bS8j@&_3%2C-(pfX!3We^f9~ub<3VuQ+}F`>t30_85L#MS z&1-m){~~sFy;6doj@E0}O0>%Va7=Q3r|tmVbLF)qL}`>3+Ah!i{R0+h10hKb=Xoo z6t~}AKLDzN9Yr!G;^&#uYmUs=89#+7>UJKH9}H{FKuGOe#olo_yEC@*uc26iX6ijY zl}yo0&!gyUzRww(SPp4@|p_K?N?Q|NDcksuABp*qgAr?zv?z&gXCI{K)rJT)gnD($Y zM-qPtYImNW^5#ME9POTBdj52UGi|FCa_xmv?}t$Ue@vJ&sbYIEaIa1>aQak|F%}_e z+c*XKh0k`g{{()R<*X{#IgnKy?RQEbyt)}HDIX;I5pJud7G8d$?_tKAbuz}$Sm++G zPQFk~DY=i*AA~40R-OG_LKs8{8OXmGrKZMwH_qq=$|+)<)PXOCojzHs5#R z$*HHPJCK@n6*fp?0Adu7>6wP`=BJi9f1rj5vD2-BT{mp6xGYm8HF>7vUAE!rd26Qc z$8%0-Rc+Khj&Mvfd4y|Tma$;bIW+-ypA~i_{ZQ7n(xudLHrl^ZI1)nsrxO()$eG)( z8h5Pjy46EJ(>S$k^sk>%@qYw^ylb~M;StlK(H}yPn&N&xuD9iFFaurv;t%sg@`0w5 zQP?QCBp~>cE#h7KJ{(}+ZvmJ;EfV!nA=urNwa2`{WtZdi|=0`S!Y6v#?x2F&-7sl3lipznt(ds z#PX)0_$SoegkQXa!D>&auULuNClKglQ!?UGV3f|?N}1c5+ADCYl8k5>;mWYW0o~~a zN6+Qmh04JaB$|t|(*uYAdg)lApeZUzK|=PZW(39K+#DI)6Bb@5KRwcSA4AHY9lpU! z1m{1wZ%GmYp2&;Uz?BL@&TyN#Aby~!;VqsqG8~7LS)f4tEtn_Az>V&eI19^bw@#(F zOz>of#or*J&xLn3Z32bM->2A|ulQc~w&!{TJHsk1? zh$tQF{GWm@@J|uff`tkh5m;E^)~9+;{_0b6&4V%d?*5%YUR_Hmt(mbuXn?By)8{F~ zHbqTs?-K>aXj|$M?!Q6YxD#PTBlJJR#0hiRD{myE*1f)-%$J=NyAq)I3#S0WbVq^|VJy*$)$rJvx-Yt98cAN7isRJ0cVEU3~D9ZA{S zH7O%UIfYvJw(vJ89LC0TM_YVE_pQqdn|wu?91gs&dN$f-H`H=AG_ydHtd7XCNg3O{ z@)O&-@;bUQ5-BcVKpZf}zxF>>2mH7DwFsfQ)9V9c3Do@kMr`dNR{s@tYsL)&c+Pv) z0Dlpfo;Vx@{1q&~7yZtuTZ$qh7*eU%-%4<5@EJR%=P7~M-=Q8`hLrmkh1!+LspsIdEtqNbQpkhh3{^ zZ8T_|&$)#j<={vh4?Re_j4?Gu4XVG!ngO~$qJ0O>3+IBxi*5QkUf|39#(mX9cegDJ ze-T(?4II`Jo4XC??+UnSO*cG?oi_YiJz9~SPjRd?p-!2F6~on3ouR_@x+by%Hp zd(wFwYBE&jpoS7C==HdM{8ky%%opN9N-+K2A||GDpc6HBgQVB-YHv9|K^GOhh&;A0 zpvdT^v4}+Q@O9Gbi{O{Mx*FZ=w)n#Z%~)B6{8PBm*&~VjYuo{yPRjaYoS}xf;%_!@ zHk#w!?<2Wz&8~TbceLptsrcbd`!PdZaOPBoQV=z-eT8zyjTLppWH zAQIX^XYzUgay&PAWSN*0^(+~Bn`YsY%$akGPU+4Or;MXbkW`WV1n ztuBan?)R(qj=IN0ta_ho_(GGdk?vb`->*c+)?|}wd;v#fo^>H?OFi7#^%-`Lr?T)D zHMMO@QE?@h3pZIj7~z#*)sLpL-QGBaa5D=kO(Q9)Kpv5dJ|h$oVY*+Tpm=zYJDt3j z(d#Q+YjgIAKjqijTj9=-!~{`F(n}r$2;2fjZfV&=9DOlL-6rjpc#;{}~mh0XyK&{isHEcragV{-h;iCg8Bv1n;hVwV%H=G2=) z$cK8E)9)W`xlf#GmKg3h&1Rnfr<)?LbXn5`a6Db_uD#F$54 z5VKfH_C%a0d`Z9&6NS1*kn#zueZ1mjbzQx6rh+TP>oe(LcmN2A$Zr;Xms?R79LV<9 zY!`d;{y`KpO4+-C-8^bS8Ymu7z=0T)j)2sk4`?nH!2K7l2;`b4_Pa&D^}FNxv9~>d zkoe<8o;z4I2Uisi#}PN#2F8Dx4Z{~KE33{81HuXvJ@8V;ad zbXrZf`atEZUl*N%ul4c|=s6p$T@nSgYZ87>108I)B5l3zso3z1ACk`$+FkUUcZqvH zl&PnF(IQ)^8kC2}3@uZHhtN)k2E=d>C(vJxKTH=UCViIg4m5`JH)I$droI6)J`WWn0|!OY)Rpf zrB!l58=6vQ4Jj~{U=GrK=T$`vGZT~0=aV$=c4@p+a`$wHsi%iawMy%97mK$3bnnrh zMlMehcQaNPoJX|m_1pL+$GT`W1fCcThhaxQcd0Q$-j#X{tkgfNGxxn!(HZANIl#@%wbxFUDvX6 z)bR9E0NPZ!p7yl40-aHMY+1{VPr$F|hVT=+^81V<^n2DD04^qgZ09S|>oME9q5D~# z4aN}4CvF}74gjShT-)h+-QdQ{HgX{(UX0Ou0fyWAL^->?mv`;$YF_2Pd*hN@Ow)EB zn-P2kXS#W3==mg!XNyAfLvYzO4R{@!L z4_gjcOe3EY`ZffWuC6ORfkprY^QW)IhjM>Gi0SA*kp_rMRSaRkWn$}bPRtGIbwm^l zMHByEwW%m<@u~jTFJk1x*qQMk{>JSmAqpYeRA`y8VZVFIWS21DrCvr}x~+6Qx$*ij zeDNMW?+X5`!0M!XB$GF`4UbhLz@LQz2ERw2n<|kqG&1a<-!3Kb#WEXDcT^i z;tOqzS;cACYX}6wPNX|ubLbluoBNa6j!x=cd1svz<8|UVevXp{sz>z zt7Zj+ZhI!%Clr+}MXs#SyFWE4e%$3Q0b&3Ts*{!e$WlWP!_fduI_@My4=+PqllgCu z3!bh&AZDhK-c)h~4uOV@6D8a>8=wRA@Sv_*c;~n>g4kE|kyTGR=>n_Lb0(_di^BLC z=WIBsDt}*52XRg17v&kI2E37;Ff&K69*!^0m6#Ums+!%w3-#O7AUQ>0MDIy%vXjVd z%7pENf|TFO&3|yb7A3ZT6-_%r3@2K&#EhJVfa0b=vZ=K3>-YlPPR)`BT0T{YC1IC1 zx@(hLAJ@&7<3kP1WAOWg^t5XRM@ve2YjfH~Bd^5)+f_EQWNcM?K}9cBOPca%?SG{w z{R=Dl|6)`Af3cXR z0~bm8cHtKh$Y113HdHj=*T5#c5dF-uu}b@F17D1UN^|1Q&3fYi{WW#bIEV#A3<43O zL6x-1O6adxdyVuyy6sN@5-3gLPF>fiqUT8L$&ky{65?ah^io06Dfx9b`+VC^gbAa5 z?Js1xP-pH^$&>Dh#-Ba;II0z#Bd4d}KtV3D^mb$?6&G6zcXJu8IX&n6XHszg%lQ%A zYE*;h1ra{Ve8(YH$yJ4b(Fr4-jEt3ag!FM-Y)%2to7P&7)3aQO>=km+0D{wtKUqlA zl-|xsnOjeBk8;1xGI>y@Y^AT`>QOJGc%*wpC^p3DW&Z7{G%lo`X!YG);E=>*kJ-uo zU`fJ{QvcVV-tFPM>r)_pK|eWjjvF5ediZb@Il5U6*S5&MYdsa(LEQvV<&unHB1WPKMA(l2qI|92_mIMP@v4Q zZN`kn{XA~)bOWJ-=r^ly4(EPS&z*9_DCKjx$r3!(FO-7NN|C=QBJ=P&N)1##Zl1>a zt<#+IOw|vK@qL~;E7=w_&aft#ydvmxg->Kb{SwNtol?kDo4FO+zuTo`uXAyi2540K zUH_#?Q*CGJlM}rL?mtdLoNPEiuFdXG+JePeLb+D(_cPlpVXJ-N?pHO=0%r=1vc4|+ zFZeYVn^w)@1WmFJZX98GkPVOZA2AN-1}5ftu|f|s<9CrqTE8pGxiLPjMLz@nIezsL zdE$g^i6VSQu`l9O4W4#(8bOZ*_h0r8?`F_wDy(f&QvNBg|Cy806_&XF;A9&e{vMbe z&=FDdt6)L;h)7B|YcAU5y;oc{tXY|#K!7+Ns87U+@>1*z7nX9P z^0Ma#f1dyEO<^6ulAXqCW&*DO0?rK~xwsTl8f%}d`x=?kO5i%OK%C8UF27BohWp1u z+16NYrei9PcSBJ~do2Bw%|rhWXO)0I`+5^LyUMeAuI{VUDmP&Uw0BYwJ9=q+cLE zxq?^d{VZJ@UMLCNP}>1o)QC<^3M=v{kNFbontq#~fB?yjF_U@14wp1tIteb4I!HWxa}(AJ{J-d+u8!D_tD9Hb=QC#V|Mo z@7$DGgo{xje@2jh*AmfH-5G6AjbHoKMR`}(bL#Z202n3B=D;j8s|?dRfti+h+lfEo zoHC`+FM3&BCr4xnh#kQLQZTNSv6Wu1oO4!%pA($DJTSsS)hPllA0D5bC(or5ZX_eB zJJ4ci?pujMixC;?HmvdD%73$m5PEbUU?hYaAW?mL?< z-A{1C_w`iao=rHs%Tyz&gs)A;OT;umOl^k5n}=En3JxCZgwl%x$=fyqVhFTeoeRIp zB^N}chUg}4q9*Nz_6jXYq8FU}?PQ?C=6eZUVq{x&(dzk|Sm9FahlU|H5@p2s9GlK7|3;22@yo zmIB%>SbP3l6=KT6lmMi^Id%g=Oa*fj6?vFS;Vw*X3+5(+04@}q^wlH}Kzm_f09QIN zdyadoALe;Z;33L3q^ttCi8e1z_3y<{E|G6Xfo>$WogIa0MScj%fg&(a>Vw&dC|ucF zNNvr`UFtV;vs~PaXYt9;-vC1Q&IC!$%=U-_1c(^$Ch&>zUH0vpstU>A#kuq@dx8im1cfSg*< z7N+&M-F&_E77jVBXK%x+>Eq$UiLF{KzLhIgAFJ{dkb{e!d-wsxWj%3oe3$m1lI}Ig>N-wln&vqAXlaqIrLW6hT zT~fFxo($XbL%AN{-7Asm_&@4L=!)*VvP6qbt@!%Fj!Qp{;v=8xrDpH<$V}qw6uq;H z4rVEqgZie_in^^WlS$zVi!lmpZiq7XWmaOPAfvUTY1s{1LMN0Pa0+s<+^csE#0S(X zXw}UUEppJ1q7HcQ0w?4#xbgXv@FU3@WW$|zPm;oKA&}R{sFSlgyq@sCq%Sy zP9q*mpZRFjj(FmX{Kd#=XydGeuaVqE|yTX^a~I8{j031O~8Zdm}Fk|*TkD5 zy?R8Elk*Z4N^tLhnSc~4$UizhIu)OXWi+t8k*7HZ73 z>bU3ITM8B_WPLB>Y|1XO!W7=}`Nfqm78Nm4nKN_!7RhkiC*{dEV>Ca1w$u<&4MRk_ zdN*4yh+bS*oKHL}c*kKCM`gcNZQ-aju7QjOewyg$)$SqyucGBcvA6p2r4pZg~rXAdlp~_}W0s4k3 zWXSF{eDEJKHqQ&_ODxONEpnTy-hHO{Kx#KhmGNZepGOOwKqwY{h3I*$?A0fEI2dy1 zpLSuCB>(i))h-21a8$5cbHX0~Ssume{hZ8GP0Y6RGoK62Cfl5G+Pk{SSSj~?$43a5 z=7Q#Q_SDUYSVlS(T`vsEh8X;*C>w+(D1l>m{qtZ`kJvGq>B9^p zlVo)xrov^$l)76}P4e@TdFYrgTkb%Qh`C;6F|kz|sA+l*Pp?TndS&c00m{l&{<78G zixN#?)wC^(kXzuUN*94JBe7#}!k@)4`POs@A-~&%d)&RKvLz@7s_ZDjJvn)$deUkl zU`Jex3OrC3w?}*eTB_~9Nega^M?k5ODfdw&lcdaY@1za!pT|&cX!P-~V%2v;A)=@C zWdyZv_upQXFbFHwH`6yY*UR94Xq%db5$B?!OcwE@4cn_0g5r@Id@*uF3}#kI0r8oo zO}RsOSF85XJ<6;$JRLuBK8dz|-m*0{pdjo><&s*UUTkXcnZRTiD#SxQa(zUTKh_vN zX>ju5NXT-pAjRKyz~xQzzB!#_gPGIN94723wVtfUy$HNl06b^7?N5i|V6icJ(}L^_ zId3{DF3EnPTx3MGp=_f(VOU%WevjW4J)(yxz?bRab@5zoRTjVVV-lk^+D~a7}D|Ah*r^uZZ zf-Ct;j;R^mO5QRpWh1-kpIb?WH0(4|N5BfKkOh$j#}7L6S(aJ+Sf$awrXq>wGb-mL z8u*NOCdR~)ih^*M2WXN6qp|35wZoD>(3(7Yu%0$$i{(WDgl2ynMnP*d&! zXloBf>J6a$$nehkFPabk{dc7@$i_~s6tg8)VN9~i%S?)w_@)J*Dkgq!80Y>?ZyBsr zRO4GMlGzg0WKf$)bE1yYw{Cf=c#DikKx713gE2e!3k2^hBYda6o?KjfSWoVJ+iz1i z4Ab+7ItJD-sC_E_F=!A$5J_jsswwJJG5e#V@uF#h&QWD@W2_b9Ng(Vaqt|%pg?=m~ zOTA$+g*Lpz#``U&A}%M?Z2Ke5UB1G(<1Yt7Q-x^jRt+-(o%fu#EO0nm-YOU3{5dnd z-P#0_o9XBwHDSkBj}A;~?L*>7DG53$2$n42zai4h&W%OaE-iCMAw9ZrkiyA3Szs|f zV(n*Q{9v{+P}Yv*VD&R*mawQb)$n$fjJl7&;O7ld&BAXurSrgb5fMV~!xNAFT)TWU z(bP*xoqua>?yqYd^mlyg`R7pQVEUIn*_KpEXG-)8HgVo}>igtdPEO4h1ASAx^=GX?R=In#{L-Zbmdj-5tvCp; z1GtoQKP&Yb{RX-z2!%9})<1O46OAlB<1M}-W2PN+;`wIq^I9)7`c+3^d&hTeuyejv z%Q=6WONnV1Zd2no?ZMB%8K9yJ*ViDsXq$d2%BCVV|NNubu3KI;lMPchad$dBN}vm! z^M7=qH-{6?s%p`t4*CdRg2R5qZ%!^c`bh}eiqn|Z} zC1rD>=1IzHXYfWPc}q9}+~n#>Jo2l!hR|A51(+DT$C3-ykY%FoX21gJ)_Z+0B|A7% z{~{CjinKAbP59pa=`i;kK8JM?WALT*Yl$A%H=<=!=Y^^=&~EL&+`9;;N#rhYFjCj1aw{T%+0jF`@bYPO=B?;JaR@}_#piGcHJ z?bTCToNKtBYhzr4Qy8y))J4^E72JsUOgsX)rj{fV<18nEWVO zSTp+L^~@^J=!529vsPu0u%5HO{e)>>6N~nOhcB^|=3;MDbedj& z@?-(m+6{Q5B4r0Jl-9N!@|o~x434g~m&7aJG^&h7#%kHO2^2x{p|}PuUDJ#vx`cLP zRm+;_<)5wO@8-{yjch>PMNR2tmbAD@nj!g&(>$^~PtGDtR4K%L8<66z$& zTJ>#aR@lCX-;*gFf)&sjKq#UFI`-ZmEBwVYSRDL17o_KWATwom{RAreDn(@F z$&=!o#5*iC-y)QM^#m!6u_33xnZT5yObyK?`R7K{Xr_NjJ}C>qxMFYfm~ttB$sIWD zU$hp^zpRd|8>Y;rfUS`fptWq+aM_G^V=$`N<~+sna1MX{1!8(OQ-nyd-wbJ~-y00* z_`<-OrGG#*Wro-&8_|eJIapAXv}&}&hK3SsxlXZN`uI^+U03va#@>ezY>!OzTXXO_(MN?x0NyBDIeEkVReMC1k?JI13w&M%7ihqQzvf3Nf zJbk`<>tb-D+Ke%Iz*N`I)-p9-66iwONm!&@K`7WOE4_-=;G?b{WO1S!jk{qRElL)r z|IJzuAyV*I>wFC@!ph=(dY*I9pgT?NhpDWn#Az6BqAy&G^SFj^4xCU3TA6cs2NBL) zNR9|wZ;Wku1X#Ypp82)XH${DrPs0jgN@z?E1XAY5J(v_STM^x*ka2Iu!1G5r8h4Ji z_R_MBlXL+XZp=*dDDrEAe7j&y7|85uoUMLhaBhWu*D}+P|B-P_?$}|I)U4SNOkF_# zKc9u@ew}dylZnPt*)<}2BQyPiHR;-W<268DmHA}cI0-jjs(*tvhsM~YcCYJY=ZY6gXDznjhRvXO_ z4`$4i7n$GjaOjD&mrLbC@!%;)b2BDzhM>VHSjY~B2M;^xIp4HKYn7mbcs@hz9^6J5 zBd;mzth}6z^(M=e#?NdQnbpJLy#fy4J@}p?C(d~nWs}Fu zDc$(4o3*G>)H6n^)!LBWhd2;W-vS!Q*-R5|zWCUmRX^x9QNXsxlZ8*O+BX*(^dJt} ztl|3`G&-~7=sm_ONNKv-iiUNct-(UL$>9xKs4FcG$}VPBD7nqn>JYFWJhrIm&k1FH z8c5REWzlS^^648Bnw})np&zUZHaVawP)4*f$SFfte%)VuiJW?*_ZN1lPL??1Y$Ly# z!{U?Z6CK2?n2+%z?I#XY$B$I}JCOr3YIq`#gFVXNJJDrgdFhrJ(%R?g${<__JpW!v z$g_l7hcID<(GTL?q^wu;Ah?)zn8Za7<}r25NyZUWf|=KHw5mv`3Lhlf(FvtU2> zVr-N;?=BtDF(tn1r`w1`b)fqF*Lw17K9wb<;XWIBB^jqD6}Z;J?KE9 z^;U6o=%wB1fZB4QiZvz8uc&YO8YqpamT*5DO)y7FNlBMQMRNxfg;GVP-0OnoL>=>< zdSnfQM51td;6Jche$He}wWmo=O>RbrYqTy`e`mGBRpApxLW}$t#Z)#FD5{6sgZ)mmMMm%fDb^eGS0j7}8c-!u_NnW_3848TBd41ITO>$4*nyG;6nm!= z?E+_=&65_KOfG8Xakg|KZDyM}KjIiq8|J=n09y19a{j%fASGxpvs zHgh_bbrhNQb+Vkh-VPJYC;t2=+Mdh}Bq=`LFmBGRZvp{7w9m`D6lN^1VH8*Osa{me z0eNW^bxSRNlG>LF7dIQ%$Ff`#v~R9x9mTrw(K%sVS@Fdynw`eUdG1CT1Tn&xV`)|8 z4(e_e1NlR7(uk-6YJIKKI}HnD%P`?h>d~Gxi7Es6dT$kv)LUDV&SMAtWcd$vad%UU z%Gsd7bnGYk%h!N&82VqV=fL{!RFXpcnWUW!*86eZ$${VCa5nmpt~C$>dCWrm!rQVk zvbx$}@%*?hn}5<=uz)z{^WcZ{wcU<8cT&rw+UknI^1gsjpLoFOlb@-}Y54HHN776p zrr>IBzhgZ&FoAZlnEvV08DBtWI;zGYUQWbwHpS1R7jbkIby}E{plZzTJx7@J86@`D zo7#Au6kZ)hj*XV_O{{d{?tRM%Xf`BpE&;qnYmo?Awl3}JZTK&gbwNf6g5yI`CQ5av zRT43D6gLy>Db$bOebF!9%`3H&==Bw=O+&Rt@CiAazbbh65&L{?$|Qr%b?5X`1Shfk+O#>yEP4ofVPQDzw*9DgD_CGiy+B|?f)#9i|+_ZgK# z;{FYfhm=}lDnsdtiCqP}G`y6Ja@|KK+lxLKs_*HIJc#i}cC*EOC3U2R^xZ$ByS8Gc zW@lGlw-V(00MAal%;9h@RwHcS5QN-C_DNRswUe!&0S-CHY*@hPW5DXd2OH-)g^igR zC3R{%-XMKgc&Lh=Y0PheQ>|=E)Z1gK&E8*iM3@t~(L9Oc2CeZNa)CbyglzigKlSDh zR@)NHS`s0K@&Ss-QC-SInYqp#m)@S$K(Di;LjYI}a*mnb`4Mkp_Kz6Sg@*ciql&=_ z&=_Lx#L8*dC8wn1ICdbWDChzfK0)AfD*H-aZE?_vyVJ61+k8zQdCjOrSTp^HeRuG@ zm7&b4c=|_yj@CB$!~F<(HE8}Zg`S$ib54mp-uqav7=3B1QP>cI{Bp$oP1(rH1|RsV zSSB$)d&cdFNfLHsMU`2I_j`!ukjz=Rc1Odp($T6GYyL?@970C9B6+oFRsu`qJT^|e z?vOb7R?JEaR<%6)FWrC5Np(c9eK&^1)Ku{SlaVHO)RcSis(_a0?!G)1wP<1#SAj@> z%4%Q@dckUZU<{m|xl7+@VQ<4TsHBLxoDyp5WE4Te#cv3_NO9mZ_fLDof4G00%D<$k zC5ptPsB0_wYuLfjF>(Q-gx%u`WE%B~fIG?hF|i%E;FJxFtP_;>Y0>+(j84)vlDMsJ z?qlRc804mK{+@`$$A6D!eax?H6wf|D15Y_&Pam+4A99;Y!XtZI3ioOO1Wsu=iYev7 z=FtW5(tz_{AcMAtYdH^G%m@YBhi>m??@)AB7n+nUyl_S_blNtX|Cqb5@D59CqYt;09p{0D?C`1`rfv1(p@nDY> zI3MsZwa0ah3!5f`5R>AhQ|#gIAXhZWvRB%MVL~~e$NR=}=-Fjta{sDC;)IX7UtIIG zqy=yMB>k@nWi9`#tVB^m&(ZSzdIa;3(MFCtWl}rXMd`BvpnuHc`M`tyK@us7-WiNz zAkamZH)WwaQ+-um13S{AkoNXkUd%1Uk~+UH48M{)&VZBTCT~nCoTHl?A9A6s2GiG7 zT{u;E(z!T0xj&g&8D!M#Lq$#>O^d<3mZDt9O_vQWFwpUN(??c+EG%pxpj1;|`??g* z{+21V)AxAK3#}Z*oG*8nFdT2rOKDny0mz)il*NctDS^C=1EAK~7Q$+v*jt*7vBs>cD4^F^6P z`8pAW$bY|>lr#O-M)RPcpzNy!i4<|s6W7y^5(Xo`GsE}`1o`&6=#O6NQbm>78jfJZ5+Mtm^GtbvyeIJ{=PR zf%=NzQD^1+J@_kKeREf?au%PL&`7ZrnL02bB+eua51GfzMrLsf-FoLzLQ9jkaq?p# zx{5#N>_e{wu`;@vb0U0|!J)EMSvxcFH3R_q@FZp3g!sq3J)7K?)rvqvFe`X)Ic514H)%!A&J5PK}KDHu~NoR_N`d}pEwEr!lt<`hTlgMAy z!Ry`fXEia2`2`+012~_F$Tv%62(hrp?q!=PDVm&I{UZ3XS%(U;nld78ZrVRq5gC)Z zJtrwbMTSb>5qWflVzGFO4mQL(kdu9n3BJddYfhJ&Vzja%zho>kFv<1EuyiD^XkW9H zk+>xeSDSE-=)PH?C>>J91Nya3COC9nq8I&Ves^Mn^oX78eC#55W1wf-UHEBZ_vhh` zS2nYkPXe_2T~rKY)uNVM4K;XX%i-y>TP&Z?88fpW=V~}<@D!o8d63QTDS&&&soT}? z`$m|6@~2+pR>eccO;{t6@OsYQ*PAJJ-$!_LgGb^i?XQ-J;K8q@Yn%9YCvNbD#@wrR zR32R;&P!=Z&1+O{JAUgQHaH6emcyOhhLzL9bQZuj*Nv_iK5uM2q_?d4-hbDM$~;th z2&HkzTXJuQ89*iCz0q0Byx}~dYfV*AxYNo{P>PelQ&0{n^~#qqv^{L(A87%!4ib$> zgy!tv7P(RU_RVu_ij|1h6Zf^!1u|fQLST(PbF=h&5;}vxCT8kZY+{ja-luRgDtuL7 z8d|%QG;`smG$ie~8^`Ob9={M)bMZ4@5%O|)B_OP^3?C!>b+L8aR&oJ7)T6^Isze+; zTep%%=?aYPIjE4fh}b(E>IFppj?L7&F(~oALqhHK#|AHL8<$ER6B*l%z1#@sT%vVU z?!7{x;GC3#eK%z%jJ3!+Hz5^D=tRwWJ&R| zloFa02R=V5)qTeslU)U3$4R=v@`n zJuH;>8!~&fc1CpkGK$-Y?5BHgHGiZj$2rG7F{qb@D{b-;vvdCzKqY$DW=mMm=47IbIp?MAjGI8<5O%wC#@=%$ezJ20`jT~)p*ED zDK&ahA`ZMtwWn;Ifg6JHdJ7e7>6nZ2gA_GcY~6Ef7Td6{m{aLGR}Xp=VaG>lhE=wc zq@8bsBQq<)KeyxD0P=@z+G67aN1Zdf(z3ofmkr6}el0>&l!1(sc){?y*S0pNqubqz z)e~5fyQ_V(%5b*YQImu~YHyrLFW#5$U|?pC4FTmVIa;X_O(QdK(}@)P%!&`rE|8E= zqo(YDDkjr$of=#mXB+YL?eXW=IBzVit(n9{RN8H6e)v-7zyO=-KzN- zvdzCc1c#z^&NLdE+b^S{v9A>mG@n>C%UEO;9;8t!5Gf`3g7k(A);wO@-eLkZf|5Xu zV7NG|ae#BLo|WP`MfYzSqo1Vv=^KEhZg<}}=bE(k79%>IVZ0Ss94|MU1%-V4Is_>!C78fNlDdAo_wLv>+N^c2l3W2Ik5QvLBZTec~ce&r#9b}$O(*VQjokR*MuKCop zBHvOtZa`x=v$~o>sBU|j1TUUX(Mrt}<+Mi9dX?zVaYW~2?_BSJ_e3NA zCs64AA%L~2!SdvtMUO6&YxK6Q^YRJ+G&GYA6ayhd#1q4fA<2GZwy4tr9jF4}*~`)a z>SBrBazxV<7ulc1cpfQrv*O4k(Y-PAqP8aSW8!wq-H7o~;UMh!P68sL3DqUKA=jwi zj#m$e1;z1M6x-dc-}6e|=?}CY5%!<-)F!G>F@?m2Hc z%Uk4EgC$G_9R*b9R3Mn{aCjSyV+dtaF$24xf96qk*%9y!y~{21kBrSs(uJ{1&xbT2 zsy4#P?pR2945QUQ-Jf;b%cD{I`rZ0ZYbS!U{JAwCulrzyaPno+X17nk4*f4sYx3m7 z3~@kpR;2p8de+-dNRiGA;p%J)s~RHN`~3vqk6{IzhtHc@xp<6y)>qnadb%tI+ zHOT3eUz`d0yduk7q=rq%Ro)&^s?yURH(B;<*BK2yRkq&feTqUC(K?8*kPU@ zVepc8my(bDw2qHwj3w6yV1-Ml2VR+vJI_gbDH|s4TJl*cljdV@#B+$+i zS<;rXHYoj3lx=gt{2#R`fK~4Q<@V|;y3s047xMOWF6Q5O+|J&sa4 zBoP)vmB+MPukyb@MK!eJdk_hUJsKMkhSz@tj2-d8)VQ;I9}c~YXX=PqgPWwi!dyKa zMh?}y=E~A2@iVO@b|aO?rrk_d7VMM20m4zI$C{yqs13O=0Vq?LJ+r-DBjpffsR#eiH*FV^|cdwYb30hUxG5e?|Vv(*EqP<@v8;OI<)pV}ZbwBRCUVE0`U2PX^xEXR+HAqjXYe zwy3`0yCA*`33|HhtIa$!OqI!;$+98yw_%lfRzP*^widzcM_z$KhHYOzU3Re?7((W^ zT7o^+Tm-Xi3#0jWRYKth;~^dQh+>^z){qOYz+mv0@0hPv8c`j0)zWdM)~I|yR$g;$ z{K$G{Dq`bH>qcf-_Sh1gC}b*KrXH8Py?0mp0H~G-hId%lNoowGb23!SSxgfM^$N57 z@=gp4=U8e1tH3TFm}_-q#0$tdJVcD|0wg$KkK=zDg6WI+&#sB8{jaCC_ba`My)yIV z4gLZt-CePc1(O!GPmxSksm)D)jm6WLQq3Kvd!HxycRa^Lg~nE5HXD)g@OxC-uM>ue zNngix?4k{0Scj()0aFqxWh7ub`Y~C7DjWoW9pEQN7F#Sp+Xf(+d_AiF1^RpfpbvnD z{;)fkf~*~;(VqayCltuB%#Kmep`;B>N`0RcqJ(bhLv72T63*@whxNC*|EoxGtsRo; zW@2oda5REi(Ej`3jnG~Qg!Vx3`){~!!C#dv7+U;m-WvDO3xq*%Jj_z2s@;+qM(c)t z*tNK!c}d*w_~)eUSOAL3Y!2CptcH)|UQH>NXe}Teu05BRCrK;k9{K<^!eI1jH z&C;KHkNgAt%k|HwdM(UEFD!V)iEmnh*WHhf8$|9QPWCY%rcRw8-WKO&Z2JR=BG9_}pb8Rl zf(sC8-0Hkv1cWT&XM1Wdki7ST+>GAQD&rW%*+mN8hqv2B!-OK=x|y;~7ZvmGeyAu8 zaLPGpBIeT&WT@%-rO|aZiis7?g;flO^?AeVgJv4uI(S~*X@%^3u%h{;C#Ycgb1Nj@ zd}~XOdRuUjqz7Jx!uk~socsPc@w#Qr+7IEC zQ|w07k+@w?!uB@S<)spLujEAR2q6IhS0SZt>Xj2$SIZ7g)IrQ|kfoQ0Yf=67nt^;R^?j#m}ckG00M)9w%2tntyw z>LSWuv)Jd&PrU+k1q8R|p=;A#Aw*!`?iIH1kvIC1+Gy3kDx!p{G;rA~aP(rkOhtuL zcA5%$qd%y(L}()s>j+LgLKh#Nq(#MkX>tz<;Z$L^T-b7agAGR@P+VXVv8T={@x#h0 z3FeMZuqXf-2@xP8$os=SJDSyL^-x>O{!S8xqf4N5n?R-G4R+Hw_19d=lodk3g9Yea7e zHrcwlZT)vqB$)jl3F`u$9M$AdYtg|ApfpylzLzuH!y`_(n45S zh7W$VqTPJ!KL0fI@rwcdO<05L5uX?AO7m@J>!-@8r)0O78?%{?WAK*a?n!!Q=5_n9 z4l@OqWMqCfsV>;&kt zkY_SC^G45`kBSHUS*4NLx%-l=}TtHBa=){^f!l*)|$PEAH#8s9uRE$H|E|gxBa! z<_@a0H~uwGQV2bQ#AusU!-z}F)GXP>B3&Oqdbb4t@S2eKCijLHFXbU5QXSd9#B$yY zmm*D!>bmH|prG%~fT=BE{fbU8zh$=_abS8CJ#S)zEt}c?m>n;m*3~*~)Oas?vN^ge zKYL(;WvY1)KV!13?&qilQ;sNr_q(|{>9~qz%TcbK*iX<$8iBILoK-dd)h<8O75$R9 zBWA3idr*&-Gwo0A{jQzi?iG{gY?kUFgp_-pLGb(teV3=ew7o=dj zL_>@8*k^8`<(8l*0_QFEIuLHnsBkmaHs)|4ycisY!%)+xcUxJo)LVbT^OEY){Ut9u zn=LaS)yO#8PIcD&s@jI!N79>LMPWN=v;5XIyv^S%r9MG^7T;ozy%uh_U*6x`2)D0) zm(ZH~9nB3MUuhn`RWkJp$C2|MkNv~rOqlL{?m5v8@kc)fgJL>WRY3z>F-+W^4Ht&% zVk|i!rMXja1|MKZEDIwisg9={aAJkXo84c>d%`DngQa4^Q4t9kz<@Y9XAp9XCS~Hf zKRvOmMUlXE5|PXlkOOAIV$w?dJLa7(5fJ%(iY9dZPrl~NL3QJUzo2Ag z0`|KRVs=}hU07Hy&Jh8LT?ax-)pUzYzGxW zsm8#su4JDRM-uA(HCs`&hx~Q4jsjjh>C7Tlj>gMv^v&1Vb@DynKDY`(bK~YbUQ7Eqj~8 zSS++_3Q0iO_;J=~)++pnp>~^!rD_9o^OJM?T^reN9+CN%wXFe#dhDf8FrAs;1pmyJ zTad?34E7YC-Y0>MBxS}_E`(%9Ke-B zU5Zh01kEXg^hwyuHCNKx6dLJyBgg}$F~p2`DiG@RoUyBdt3Kt;eVhSOnkz)0Cn;WV$%TIrd?wL;wynI9Y;m_xij2y_(Racn?R|ku2*xZz$WaBQT?Vi2F z4Rm7NCdhTd*~-|l{P^-&b<6he4hPl*%>F;q0L!R~7;hfk*4XECe*C;dJ*$mWL(WCn zdc|ZJMaLm@=1=t2j?o9tZ+Jcv_=sUk#FX+YIM)xU1@Cx~+qWS+y)|3=h|Ko#D^j>r z3O)K^ee3nNQ1=xTOF%}aPVgQf8fNo1Kl78I7r~)8)+hD6#C%ES`GN1ZLt)jH9&?Ak z-m&{|eA~q>+r0_B3%W_9I17&;$51PqEcn{S#7w6z#M!=}C=R9)_=xk(9ks4&THFoC zJe;15a<#S)h)Bt*45l_xkxP$YNiaYIS z(`jK4uW>!IFAndOi=EA+S2j)z?ms-M@Qs!_t`~aL0v9#rE9Pc675i8u;3$(ne$W_A|1V!Ssw zulRa*HTX>Tls9IS!lCYkZ+0K^XUk=@GxEar6t*4R2&J%~(}W$sX$pwP6k&ixR*DZO zz(>lge_6k?**{gSmWMAZ8ENX`wr=*;R7bfe+TGrD1#EVgsa`UeU6!OmMj9|!`t|#O zykb2}22ORvS>RwUE&XVUhxGVx zc3|h>M&sV`W}LN>{}mNtMvV8{2UyKhUr#(!e*W_uZp+B?#r6ZEriREZ^`1A#>$XT3 zDxmB_-Z)(Faa+JDs{6+^IyvG1`@XCOno9L~FBcmQq|^zb&lK3fWgmF`u!D9-P|@Pj zaqiUD(7FWPdBn>cX&()W-+KN9g2oDOACIm^Btpd6@45Q;xXOGLpA(+k40IT}s~0FU zY4t2>Y9>n}q7mS~h-`9g2Y@!IU|Ls(nUZ{DhSRa!`OcmE!UoM&2&YQF)h_NV-BTRT zIx;fFl#$A;H42&EuC>P1hzIIxTYEWN z&ZbPtncj({+_=03T}E@mV8h=Rc|o0YYf+)$Xj~6?8-%z7#f3@;f08B*+*!|;8r{_P zlCr~%s*R2K~ZB)@)bRZJW`=tICsElqVS56^p zd{3u%bvdd_H`oRa zWu3uO$}F0w-%IY*Ev)dF($GiG9*Iq5-Wjhb9Ttl`&jK<3{F@8kYdqw-(r_ZAsfQWH z=B?LUcd}5_6E9T~SQ`p%p*ta1|3p0|u&TIkUP4R~v;Tc1XZZaG&Zh~?ufvoF^pZa> zOy1_b&!J2Wvi(D&{eh4b$&mnw_IKw2ZUf>!+}gBC4;1Df`C!uDJ}F8clNQqwJsJeH zxc5=-^F{I`l(B(bj!5yF>fudvITOoP6|{zKi4fV<6gX|*Kpu>b4J*}G`gacf35tD^ zRp4~1z8pCfK5?8?E*~!cmHP;P@V>)G)Nicu^x}YV z&)h5OPn><8zZgMIU*Ae7lX&s_oU|?nl<8_^Ijls%E56x1Q&SD-uVcHPZR0!MCv_;S zo}D`c4^B^Xv`quK9(jw)Cx)7pQQn&m;nyjJH!N|Cy`&-$kgWC$mc~<2NQb@5ALar~7Oj-ByeX!gJ2S~7wip1y5mOVLfE3hC|I4Gd{<^71~H`(GU2lJ4IJ?_~$2GSqS%>SQV_x7i)6 z25G;pUd7T}I%wqUy)i817&%b>^!1MS7eO)8Vm$7i^aPN9*#=aB7u@M}$?msOiqkW! z*bp!NkRtz@s5t>~UIBfx<^mFtyY02nJQ>Yi(4(mtDPj~S&=HZiwtvgSzMdzAE5H{W z9N6TAvE>guI}LHCIu{menIwCDXjW~QJekxFPX2}OBe(_IfOAaYf`C0aD2iEPA2pP( zj`(~%j43Z!I~ntPW47aiqhmas<@x;5qD2yQ1lUW13nkjtg=A}&?K1X(#rT_Q*{u(= z5?7+*y{~{9E+KHl{Q5vi)|X^-Wv+s%WdwEVtyRSUPWz{l^%8+)mnl4doxRuJd_F^ikyp_2W(Ol!`Xum*gm58!)tQ&Fh$`LZ0S{$ zSsLs62*rTG;X_QHIjcqf$n>LVDtn@PpbE;u(<=IS4p>RB@zcEQ=tSxt$U*7@mNIsJ z0+GFk8e0|3(oh9`n`xDA!B+#NZU$DaMRjs-VN$}yz~|V*@~CMQTtzxDGu%XW>I(?L zAFm8lvgz0|xGwaMqu(yLhQBPu1V<>2QB|o@{s^*|+I`Ld7SuNnGYqzmSLue=k)Hm)sQ&i0Ve8CI zwhV0}5cU-<$35Ky+*-uGY}(Qm=46QNXEfJLWnbjV5`-RE?U|;I{P^m*ORl8%j}f(~@zbp-sK#ZBP$Cqt!zz5*kzXkGG@pKoC+> zP)@zaC70uEZf$MSj#MP6-UC`s2v*IU-_I&wwo8u) zmYY$OZ*Zcxh-PpKh1>$|&eEj_oD}&5xlOr}BM7Z)mZ8YGFl=<*UPWZ6XwC%3fa%zG zlB!&qXO}IVA}zaEf_%o3>799qy#V#$ey?Y9ic=}RnQhp`ZY>ZO zB8P=u)o?_kLNBOnzs$TVYs)aXO{iH9(@4nC8TGl4KWi=SK3Ly^sOvW0REx}K+C7yG zyANjx9^2Emg~y2ove1__D=~RxJhO2kVuB#*nFt7KJiOF~rkf?n=fk^jVqRQ{n?2Lw z{2c7~ru-#?)F43W!Q@0{W^4QQIN~-yNz!+1Mcaz!O^ibgDX?@aKVJ7S+~yFsCJ>+x z7#+S~r9>}DOYkH`H$wcj3`7W3!$Bp4qFSJ%ir;HKM{V%}T3HpRR%IXYS^6Y)Nf8hQ z(0YnyFp5@sc@H^qM2G2y>BQ;YJ93dvQfF0s`nT--KiZFvRcp#bn_utSe$C#a z=a%wnD3OX52LlL8BiBcU-ld<5DxAl4cc)ghqzBxhF^+-oq;l4Cz|rEnmX4txp&Z0K z#l@=XK)}l^c1TD>MJAAK0SLQn)2!u0ERDIDn&$0n>W=2YhSI?DrZj!~PZdB)kz_n+ z#vYKoLFtz35F|$Zrsw7P(TjIh%~r+s0H$<_`y zb6kDMUm%q&dqo3It(zPYIgUmsD1SF*9jw2J#1jd;gjg49oUBHa5k*pN3me}n7p?v<{w8l$_ zp{-&ceh{+;aCYpb_Y?`^57Ua^3^u)%OUt<`7e8BxxDnH>2?T5Oc{&k}-l1L2)MZL8 zNNR@dL2sgG_05f4zcoa2>Oterso}z{5d>pa8c`hY%}f1STHh<-;5*ONFn!u|J(m@mm)rCs0Zdn;!bVG45Dd!z0{b_BAM|lO2>$V9XR*( zm5mH+GagT<^ljO`dd#mc`g)ovpQw5wBMH1z`@hMyU^Nt4U~;nOh33(6P?* z_H`L|+1~eLmC7%6_`H3|-XpI#1xAt_u{MVyie3=zxF@7)wd1V_CnemlM=nJ3PYnb!Q`e$=+Kyiu0IJQzPFWYL zp9OLd0Ym}nTt+NI4h;X$Z#MVYKz4*-s&9%X0F-uOSb@C!`J7?a8d6h7iXlgn+(N)p zCEa5w^tagX@0>u+ze6Ve$Pob?1;`CS!z@&!+*1Xy1#!#_pXBNTYq%NS#BnpQ7W*iPr>&@*6lyXAJ{8DbPL#DQ_%XvN(W_^cF3NlFo^NvX1_`>=J^#!Lu{U9MNI*IJNULZm6a3*)!FT4~z{=FRO?vQj_V7}QAqhTvJ zG^_l8TX8r92@rw=0txOCG`Kf}5IneRf(Hoh9w2C-ad-Dd8<(Js zyEg9b5`3S^-p~7-bMLul-1pdEw9s^apsKp+zt&vyHy<#?^cGIwLMC+LPT*j`fd1i& z%N%KE^EbDBK+lWFGh(#*X22--?aP>a6d5lARTbMF!Iw}gQ{z9U34HMP#AThIS{NEA z;%5sy<7Mes9$$VJG8LRy`3Zve&wA&nK^J@*8NVWC5YSZJ+-TNR{*7#R=Zv+Xk1UNA z=PiGM5^z77Mn0YdfQ-{03xs0&_=l{dQIg8LTcphNOH&2zh*ow_hG=k610})%ekJ!_ zx_@>;d)8PD5%dRk%wvpcZhF$MW4O|N@qq@Bb$tr0I4&ggo_ED#lIU~DRDXA2p>CL4 zG2gwoPU~nHH>mElJ(^wvHW^P{+q7>_O;+w8sY2(>>#W>5I#=Hv)IrpV7DF;@?n!u| zg@72db}S1GXhn*j?+S=_CbL+$5^%12A!prgBGS`L@)xLvfp|_fxkc{^($`Q%_!UduM2hHC7dg+1FH_bVtS)`{jg49yJ zQ!{;jGlm1c1CP4kE~9Z4s4^jVZkGxH6l)Jy!%!dLy**s$htZd#-u0A<2NNHuKZ+eK6QYd)1anBzm^})qSQCHQ9ELsj1Tf$H*8=~LB zo%u!xe_aYW;(ZOC{*(-);OP&@ep-?*zV7d7ZgScYdBWie;C#-zem6#GUJ$#4u%C}` zM8s}5Za^|rM&udGAU~gek#>DHG=V#OB>gnKnXFAkv$1R!d7{%Krl|Bnv`BAHpGws? z(@MD4eigEII6oRS0m;y398M|_E9iJlf$_s2mpUH!{@aa1$F$D&2QST9Br)YfYhD7! zm>O|7^>}oKl*Cu0n&Q86u2Vq*$&=$3f+gooWU73_SEN80;3$oilG)xUm;Z$`W}t4= zxxg@1XR>$vo|}2qxWx#=EY1HIK;!GANy?8Iu_3a#(#APQ?$Q1N#b_oM1hZP7MZS7U zAI5MK@uy91I9A&}7~j1psn*y=BS(p|O~t+Hb9*Ucs5M%w5&5{&b!jwzXKOKJK$*f8BF$o*CF&k;HPSA&I#J@AHH*q0CRE4%HrY z0NhcE|7dsruRKE6SK*!E8a>H=taBF+?AdPK%e2)sRyBu+pa9dwdD|7S4o!$}eoBmc5)@ydt(GmZai{^o?&PQl{eE>q{ z>`JGY5|S;d&4TKK7w6um%sxZU$y5V9Bb5h{M7zgmsc~EK-&Kwgu2n+n8ZfCEft8ac ziKsaK_)apijr8%PRgXILjL4x+(DtqzQ?ha%BXo>%v_>Lhpt0e`@F_=+h9JDH?i^Yb zA3DbL)kC$gC)Nswfn7Fq?*fzXi>RA7=nF3+?@5HpG4Sc|Q7)4@B@gc>RpI?*zeM-E z08EJ4{_VhLcE5$VTJn?(mBT~XHB6K8)J|)ec?Mv-?BOvkM0F|teHTzJM`wOeRsmuI zLbZC;kZEGRKjYBGNu-K5#DCvMvx20nUtP?TxmTP=`N0|LewUo0I~Bf9@P*dO_x6o& z!TkJv_`4wQ=abD2&=;gaZt7#JQ0Stx)T`ww2%6fF7l=l_%Cl0aRG&dB_d+NBkQ`u zRgkyE`PL~KeEGp5U?w;g`TVhFnlMB~P)^mxREhrf7zvCSC>Gg@Z*0kH#(*WJ&;YT?3XKoWIrOLa^? zkVI`7a)LFZjGjt{g+^+r&8^4(Inx3L*{*l>7q@)FIqx^!_4w8cyROAx1~5CmnR6YG z4MiMjCUpHI_R5|gn5~m(I~x~SU95{&f`q;QRXXzW>yY7=rLFc{gnS-$!FbD8z@9~x zPmEh!0v;4#u#;efR5GDIl2fht{#Kx>v&hdwN?+b2blOnsP&ZY}8Y0Ee9X~3pmQCKN z+%Af?&RhH^wX2U;sqqi%p?z4oF~*6LD=8Z=LN$g>a7rgLv)bL{(gCA_6P2t+eSgLR zleN==?aAc0U|ayqe0HeUj%%qVOS%Z3A*O_&Bsoqwy-2xOg^`^oM1@KviqTjGGY1EU z(O6qmCJ8sG)DR7*Rv1}?C8a2%&E;puWZ8RcQR(7)#zInx2eZZ(IF6~^bk8A4k4_&N zUbM*U?cFc-QNHrQ5_o%oJYG|CXqoF$K>Mr%#oCKu+B39hdLv_je_- zGR5p$t$s3pbAzkd6y(__mLR+f91P!woRhoGN187;ki<{Zym5}vmN800uQQtcQ-Z`n z^NdO)H{>(<{{qF^EbsXAl^)7=Li2Jf1ry5Sfn_1r;jD!h;fRvFqp=}0Pt)n?mvLq0 zBDaG1#iDaXR2tGfkj-$z{sWPRRX)o^(aM3o=&gp9_@~U=k3~gfKH^R@x8RoPE2Yg( za9X%Xfy~zNH&$jK$0r{z6$O=I8rMH$gwdK-yP;rDLme~4O-gqoYg0jfIY=KS9~z68 z!cCFiIpSKz(O!(MUPFAk&zfhHyqhJsx3q4qf;lcapAA?XpJx#e)A0XV&pP~d>!G11 zq#&IZd#Xq0GG(JMY5k36(T4IxYOGL+m$;FpMXgI0^DAt&@6NoK6MWlHaPg&6etO~l zxU8HKV%D-&JIq`BjOJTsT+B0qyH^huF90%QGY4@RojOFcH$tTMFOZmSxTU%F;ndG( z&YYqXMr0XcpZX^3rcq$f#*==lOV>~Ge9I6KoCk5btkpY@!sbK%IKtL1oUsNEOcKOt zg8FsOsfv7Vwze?}5LH{_mzbo@4+1Je6dOH~BEiSkin^BcM10 zemhwM;gH>A&f7g0U$J5=w|25NeOP(TCHvx0%TEHu<3N>+<1f*|t+U}@@ArRT$Z!1cQ#;tnF5g4KB=2W4&XGuzUA!f;I zg__We{BXiHm3pA}lbtrCkG=?s+}XBmtq?TM~ahWr0A3Ud1Qx zVB9dwQ-{Md5088Kp!#Z4u!hff^5#|t(##c1Z~5pc2 zduOMbwJR3-tn##B7sU-6)YhWE+KC;aVn$@(5i;o)rHIAB84mjns%?u`lRm78Brau4 zvQo_JUk`K6Mr+qN6hy)mwD=kKs zKKin?nTv@RBsWUAB&A^xK4^dVH@b+w>^fUZ=?4ajRb`+l#jA9IE2xJ0j6tX*r_9V7 zRDRHQx_df6fw?V-ZkdFZBWdLca;E(R@?L=eyV(7=J7M!-yi;i-fz3JvyWUI{mM}Li zAU;RZiNX*R7Wo3>i6&M(a;n`7_d#0?z2CvHCmJFyAW`;^8Y`dRCufH|sXVr5+Ga2x zVv$46v*fdu_pmo(!sip6S^WXx#a*oUz1JMMI)`LRMxz;VGZ0&Uq15EgA+;8UOQB}R zZ6_^oM9fzJrwkY(J6Z)=G+D?n8Bd40Q>+w!ynIo7xbneGH4fv0)^#AmuhSb@|0n};6O%+OhFQoi$Z5=J!HCi{Xc5ys)Gd`6ltwlAwYW80s;~05A zLRLDdtPf}Gzn(OKv85pW1e?ih*1i1v!wXmBL6_Tj;|(nsLM31xiZL#Hm~nj*yoQ9>`7sND?4>%kuGyCM!B52lu{h z>@}kf4{Y}us9x}e6(g7j+09$c1X<_;@J5(eA_hK_(=9W76S!^oeRWj`8`8TZbk0|v z^WM9?OYYBV4JH6u460}{4CZK=Pa5=mw9Z|0wCav-h5WBug8qyV{{50Rg7>KL-!GM~ zzQf$}W}03dulXu8A0ljOx=JNFwQ!{rb@QD=3dPB~_w3XaW=7B=P;rtFc=-;0Khj*A zi_EGkwVL-iE*5mVD(o>6BO2-Ub{yVG{-PO3JECpLYi9R6YoZ!)-6?H%VJF@Y5uO_H z1fk-S2MF;4f^aM0PZ(sHv!i&0 z{eqyl5i2sfq7EjCS>s0YM1EA>mNQ0AxWql#B)i)hPeuaY2N<=S%#&7D-*dMuI7nbz zC|P4s7*Mf9elmy_d5bNxWj-idX-ZScPxG5geVRASP3=cF0dV>j{TK6qt<(o+Zy+Cm z7Xn9YkW=*73RXVY9bZq~0aMQ`$sU0S|4dTNTWt4p55P%v^xrtC8Y=NylB*U|>ywv; zw5)q+oTDY&2-9Zc|4jSsN#~D=y9LGnR|)Aqq@@3IkBpV-7`cI{6p-x3hc}9EYFG7w z5HCGD33@N_;giz|90>WUj#&f1qBJ@o-&138$NxENNl6i*+wJmX;Dw2T^~x<#3cguk z>C~w5m^k~Nvs_=9nWdXpxo{3&FBH;mQb5H!xmNT_ zVCk*SCh`4m%MW%nU#x@y#+{pfLmn}|(14@EH%Xe*Lz;B3-FSl?e~fugbY0Sq6PT{s z*6~JI5sjO%8?Cb&$$#A&u3djbu0OZe%r{vB^m0JYlC z%8qo>P>FQApirN*6tL;lE*K&mu{%Wxn`SnvdsY^5uXsyt$Nn8V@%w4&tJtR*krf0hrvDUgI)2lGK6qER8YP59OgYn?hH7eN4FDoZ zn{l`rSslhEyY=q2P9&8aqPJ1Ss{OH-GI7fOYB-^B9C`f8d8+xA1i>XLRO7{}#r2uf z>^K_u-PaSE=ebq_*q3${92GXr%Zuw3$LZ^c+IzV&x|DCHAN~UELNhbxBa!$PcV{2@ z*73Kk52>r0fawQjd1+zTrYS+nI}_CXM+t(^c->&YIi=6uqhRjDQku1D&%fbpQwa6z z)C#r7wWaiQqTdAk&RcJb!;%>}?F9Roq9!gGN*~oad+g3Cg}lH_xs{U?ErJFt&6wRX zXDD_T7iBqI!@)yRb%5w;G4Kkn=Fg#_yq4I7U!A`ngE)ZLEOqd0A0r)Dl7$+YgNMhW zJ9UC=Z<1VlSK}+3Sa8=SJfk9bkcL+$vF)^?dQbUWXG^etkPz)S9^<6rKG=(FXGd%S zaf}=G^#=})8YUjOb9)TiIu()zodsf-_=C&4GdwJJ7dIXPX9cI(-96H=yH!+D0W@k( zU@;7Tg>1ht!G~uiQ5!I)uyoHVz7cN^Z?zGHr?qEzNrc3sp~uB92BfUl7zB{vn2X+l zRdF;|9BFu0d@@XyilYG4sb;Wp{pfE+A?Xi^n~jem?4@N|H{2mz$!@_>Sx6Z*WRAqq zgpc~P?18syLX=3{g*-I}+4UO__(5S)_YhyP=&dKS?Vr1gd7VPm7^mhwieL2ReT2JF z^QT26gJn=USgf=SwZwX3dMkX=14wRhO(zu9IidW*K`P3)Z~>?Bx!tcyr<9fc>O9fa zqb)0zD`EU6SgL@+-w)GKTO%YdIQY0dPGmdtu5(Xth9?YK+$+X}0T|KnVBMHLIq`VJmzSMcDib8={#KEf81HLd4jwKoo|4QjV+(go7@|D7$cjS5 z?Uf(@I>>jq%)T)&!O3uFTSA)+>HH;b>fKD{I7gtmI;aHWr8~~9ru+|+qHr0U_!5Uf zOG~k;DZ-GNZ-2Kx!iqwN)5(UZX=1l;}Mbk@O{k0Q7C*$NF3ascqr<} zIaPg5ev;j-#WLgubv#6&55*tsGW)U_k*{E}1p^!ID+=n>0zu?LqbuIRFwqc0SzKv= z=oI-x3J^HIE7|ed{f#?GGW31XyNIWL6t|l4GYq`-<>y^nk5A|Qsm_F+c_W^%_A@Ou z;g5u-K%m9tPUQ&W&#!xfi%cDRZOxPNTO&AG>!;k7N;8Md)L*|%8OM1m7PI~QgW}fU zgt~@W2B&RB>L3a?RZqNIVO@LaR8(@w-qUi;z5VV{vmPEmxw553{nU&m9!B1~%YEqM zaFZO+qeG~faQp7tdYN6q?d8<4I`x(7!^``{roTXeOswWa=K9iDdb8CeMl=&l5U12y z_B8biZ9qI>qNad0tty0Qba)F+a0`ZzGS?+q*H$BK@*!kF&%fjb&HG3Dw_@6JsY%GQ zNITLgDa*erx_Z;2fW{kf|Hj&ppM|c)w|g-+$oy57N~{)V00w&M1+4}jNkoL@?($qp z_w?^2QX34pv(M&tTR)!iMWc8|>(FmuZIGqn_t@HPijX#wzxmPpwWpni$T>TIk8<;= zRAS{aE>8Q4c90QLEV;^jXlT(hZ4u6&FX-j1!&)U%fdc23OTfP_jDIeU|LGfk(P|s^ zUOMgMjKb)_($PVYSLlZTrO9gCClG%ch!m+*d5$-+C(U>>J!yHckfcajkxmyYA^mKm z7SCu`x|Hb$;_cz3l_yAL=3{YkwF0)++HuQGbq?RJT}~ubr}eDw)$54lf`;2nnW_#G zZ8=KoMN=PEW9sq=xZQt;cq*(a1h`XF!Rq{o{of?n6zH&$*|YhkRoJCsG@Uu8T2tfq z-OF4rn-tI>eEbJpX2MFtJ$Y7CvD6oVJ}Md;s2uFWVs09 z0$HM1(kpg4jgi?6=6iQ(Rpqj14R0-3OLv8Q)`yIGl4GluM`(D6J4L@llQS|KGr%Q0 zIZb*;=rezj#Nlbs#->N>oD(jMSJti&$$Hg9_{N78ab(pC-OctiB)$Od#jV z^&EOcMnK2M)#Jgg?V{RDqKuZZTF@;Voh+AqxWS%<7q3F{qaBIZ3&4Pi&IF8#iJe^f zf{x?bjtfLa)o8uo1}rS!E|}Q4`&8IhS~(ncV1xTav5jGODVrhQYwjKy?mv~!~46AU`jPYk0>%v9WufRAYd)RaBCaEI)dtakMQc^TS$$!b?kG=Y1WXhZ)I8pEng( zk3RAxYowOLiYBhaS#{9q866ol*>6PC(|artWi zS9()L14<_En?8dWGa?y|)z46Z>w5{y*iRYfx>ie|L8#dYN=*>AXe;zw*N007T3 zoqMLB!12je7qW;)f|Xn6X+%QfmRFi|J|0_XzX^#FJvCbcA44wR2h-G!vCO7eD!b7a zB+>D)N?M0vp}4X90@nHGDJfg=+gWIDSv3!U6~FX9r3F4q^PimNUjZ8q0ZL2Z?M%^{ zT0>s;6*^G8#+Wh5qO0;xqmCxwMzHD-p`jcP-|*Q->Y16#wPIHzF&?{M!@)Y0FAb!8 z2jD;j?w!}C;@P`{!!Eq)U|w=j{WNspA-yAaE^`lBms57r_<8Y4bbn^=z26RdmQm>% z>8A1O%m?<;MK;H@EvbEgGU(*-w)k>1Y6@-Ms{Tb+TZz+cLEYaZ;aT9h9=Od4;b?Oxa7n zb>B9^9WIW)Aun%}lrFTfb(8qNjDz`~IQO?nxpwYwGuZmGvkoa3Sml*oJk84vMZv4jj`s}!#ZmYH z{Y~I^r(5oO?YN@arcSvqHk);_>&lN&gQrWY?t zybOCg`B2^qJAr+c@O5^KXQ&%zPs1(cJO~Hg4mD*&1=(CF+-y}_PQr$0=3fUo;m-Gs z1+V-C@+}vfDkbXJDHt>q${||^hEug#WNl87r5hkp(WK5})UP_m>E4Ozaut4mf~6X- z$j19lgokM>G#cS%1*J+yXi=uqVUt8v{#$v15e>(jy^<6Dx-;T*iWPk88P3co*J>-e zPk13b6{1)0{oc)Jee1Qr52e}btbuP3JR7RR57oE=2VaUE>Q^pNQ(0X?YTi^wOCPQ? zet$fp;um`)?{E1kC#Uz#-Bnk+@; z%RtdiUM5*HqvrB0f&I`MZD%Pi$id=7N-c;q!bndsgSTiyqodJ!-w-k(F`>?*R8_-& zBXcK5%sAYy7>i1&Ny|s8`CJCq_w41#wne)@cZfSe5 zwfitj^^I}CpDs?|jUJsMeJyNf{$InkU{rcv!29PaS9>&!a$FC5{r)EMGpL1Dn9#8C zKXt;3RYd8@DC>LT=7K)K>T0;mM*0XFn;#(^{Gdr9fGgp(|D&Ljsgv;^s-${U;q+Ez z@$|Nv1QWL03{Gs>Df%zl6*BKkm$Ldrn)jzwjp+gMqGjteSG-}dwWQ*B03jwj)Ce7D zS%VbJ+`y?>E0N`e2j1C$8_9m@5JMxhvSA%H&OkQ}?}+~CaE{W+8J{_Gisj`Qz%&Dw zq}12NBjjRwfS4R{-3ge-PwMZUy^X*$-|ns+Y0DI(@=XFDp&W@Uk&8Xz{iZt-Of?}W zTa@fP`}G3xiUSzA3%Z`BW>6M;f_7l8Su-&!Q{a(5ukXO@>T_Ix2`EpyOVG7YA_ZG> zFkz2{`=={@pUX%L?-LB8JwbIRcUof$B9b>K(uSrG)4u&Umeh^krSy`epMaaZOlYNx z890S;K|-;jcjKiGj@mv-sRPVvpwTqXuAo1kfw+G$Awr04T|^A7eZUoNzpP~Q&OFf5 z%!tJQ0(=cc51mdk7aK*SnX6oY5u8asa*n%T`;1e*XWbYhH@1)w; z*F7?11dfN-fJtSvjPSr^qKqhoSlhJ3so>Ryun|2S&j$Gk6gr|_F}3=7hViu|@h6+n z45LRm+e!7DIBpjAG?OKN2a|UQE^|#1&t9F3&dPi9ZVilu(cZ+Vz!+ z)EwW4s-0@w=$vFQ)B!5RSgwFU}WIH#t@)jEoQ<)Ny!*4a1 zh%#pS zqW%Jks&sZ+m@$b$WSt;+!+F`wsQCA7IX z;KhaCHmzIgk&vVvVgJm+x7iITt=obwQ~xZ$)gKd9`wA$J9WXw6jr|_E_7*xFFJ`lM z7MH-X?(GcajqCUrcI3_&7Nf_K5YQg3eP)WGk+_b$DWdOiqkb74`&u#haP%Dk%e~x@ zf_t@|ZD(F7OpswUdRjZR&A(aPV?~5eybw_oJ6|oy%sfOig0oTtFUR1FL{sq(z0Fyx z`*G;$w2~CvXLV$=9&t!y)%C3`{uiId(@9fV&$BetoX4Bt!~QrZJRvyXgU3|FJBD0vvPc!bai~ z(Iuoa8=gbr?#qXSs|*)DgtBF#HsSA7J8zlD~o6U`C>(VJHV5n>>9e}%7rN`Tjwj*E5^u(Ji*+Bkq$JG{ddfPAWRa& zjYE8AgP9`Fch};Dt~JDmdQh%1+7DdTqmO4hxCI-i1bRO*IG>skU=D+AR=3;B$U8Y_ zE!<-x3N6{_)(HGrx*7<4%@Fhzvpw^jToS%5+Ew%k0#`Al%X?OI$I|JvXfx6kqJwGX}H%bI8fR??{# zsnNFN#Pi7c@5|F#DepC=?{)X_+mdp3_aX@EYU@1*p~ZwI6yMkVeQUn3lUzcHH7Adq z(&X0_r&wtkn(M93WVYi)Mv=aQRzRQ?HG$B?pm)v!)FcuDYHw)XFna)%p6)i9lDKAd zb$v^WNvRwqsokiTg6Oz!53771{(jNuy^sTGPbP{$DUG+zA7)({3-QMw`FW-cj&17~ z&Y$(#21Ew9%e5uIBRZJAo4<>XXDy1epNXRv|Lvj~A4Q@8aVS_+k5?e3#%j!+P_S+w z^LLMJGHuyAWM8$81F5O0gn!(=QrRaud!J!8;T(-JzGB-_Ap*}+R-Xz^{|ls4J65KS z7*fk4Z%$t=zoc^qL zJ#_xs?c}%iY4-||r@nj&Nw#3hE_)SoSSp6!A*6H4UX^4rkD*mFU6_*~*<6ry^Bu?) zXk_**QOYsNeO;r(n2@7fd)p4G6^MxkAuRxK5L5_-d&zgFJ8FM;=e#`Sb6 zbUoJ$J-dB-m{}(QSwheo7UqTY^|jlh`~AW=)JI`z9PN-e)*?f8=fra|m+X1qWqOCym0w$hD27g1VxwZRCKfg@~Ak3-8{-amOhZ9Mv zhHIq-qXUs!-~bR>=}}>*R^keXL;3>xyW^3ZCx9kSXkdHg?Y1cZ&Qf{&L`E=5G&R1p zOMK`?`I6^7DrE8Y_wl}dTK4WhLC3^G9Bx#!!bfuL3$_b>uU%`G(VT-Bq2D_qpQ?V! zz}yOKX{fiqoqz)zlGE-JCXT$RKiB7E;?tEEf$!@HHQyYSmp7E&9!MR8xwrhQcp(6! zC0!+8B2HIH73TE;%rR6D`+D2r?IYdAh;?j=lExQAXwzHQ0`ueh$Q{S87D7s8iy`mUu){tS%2Hh?%qDE#AO{1v`5 z@dK?WGtUZ6dTUy@wpmtS`OuN9gM2&?$_nr^v{C37zGnLdNZWA5pZ@`Ct3--RiX$1p zDjNN@D_yq~5-|jB$+|Si%fGI^KrB+Sv-gXfQQS@(9GO(7nfO+8o>7m^=;6gTZic86 z7)&{wQ(oeK#)*kwz2oeJF+KmrD%9Yn($BZkd4E;xw3~bsQSDT=W-YNv;={gUIdUoZ z?{|=}0ampV1_^jZaOa(fyCB|9c4$oOpQ`iEEqdvnszf8uHBrc3qFalA1aO$Y^q2t_ zJXpe%yXnjo6E&EQu=0>6H!qi@2VIOoF9lHw$G6%-B?i~II=C;D(CMNI9_(d9;bqtTtC46_O^`Za;O+wO5llXHN=UkTNjF2vBBl6OWCgvKjpf=YY+5dlDa5Zb1)5j(|sXAEp6v5!pkDO!H$+&4a#&Xl0wno8OvedpDjB~dGv{4>T{JyDdB8@UyD?izkmMz zi5@bCkB10wU=htGBRaKy4oWDmUrz**e|~JSi(`H@U_*DU7u9G?*6_bnE4Uy~`3^gfP8Rn~#N{W20z)rgC|h8sFz+pc z^{33dhHZO^Q+{cjD7cz|9|LSzUt7!#M|zZ(;EzhvFeEFQOwVFWq*=S+C$SnaAQIpp z9|M7N?bPqV*cncxPNm4`jqS!_S0Z|n#ElIdZ+Sz6YH%!Q6EU7eY0xj!iOBnNPwEVj zb}=xslJOE^2+ky`{UmNEwN|%uMy&f`OOOR28qL>q9peksgk&MnlNXJS)_^pX76t!M z@Ki%2&lR%dTIt#M^zJ(WswMJrEBms@W7*!}kIAXAc|wMgoPzOt#b2fFets=NQ~TGD z%RG;q*}bu{?xr86B+>+{t=aV!l_nl`CUke^gkVXdOZ<;A37R`Lw9^IIagZ}k?(9@l zk`=Sc$3SQ^k#!SJ6dN6UiG=SKa$&wi1#9_C_kc@Bjq37tIYR+{p1*u;_bKD+_$Hea z|BG}1XK>r?MG(=DN3|rlXs1q{(3#9wWLbV$2~o{d2Ae)&p*`ac) zX&mpJ@m>(vVNbIM<=%-lG*fPpeH1R`7ZKH&n{XtsYfm9rM*(cHNLua%A+(VPl_)ev z2f{`d7f`pv|A4N3B^{rgoV*+;S?n#_=!TgRFU_L$6Hi%=3Xaa%+jTWiu$VRk7n z1)hm(iy~)jj(A!X=h3+dpZOvJOkATIS+NX$tg$?t-X)9~R4&aKJ#jnKFFTQ4g`{PQ zqO^IuZJCzk4~R-qo|7_W3cDXvgGl$180D`Ij<^}+N>GUtx7DX+6mj>tPIMs_mjj>| zJFLwu9Fo}FRXqjveg(%bHNO<6qmh2qt@J$8sN7yJ9Kn$vow$$q_>j|Vl=&CPK>u3( zW4xEGkaFRfl#b~Q3A-tLDSQ^QVb3A-COMR8xJ+w0fs=1%T-B%_7=I}Z|L~t7<^B)B zY&-f-t|iN_i!$pQ!fRTnGzWjWaiFlWpB+R{LhP~RQ8?^fQI~64UbO?8hU;}x+pwNPZ*3>L!axwqW5GMpfO3-$sk+3Ma=a&RHII28GuZ zd9}#{Td-i$H<%;+5x>yTHdc<1!x;EKYt0DBt{ev>f8!xj*0xciapqC7j#uii;ioW* zXg+vhB^1rBFL(NCJ^bOY`!Q{mEgoU{F1Bv4l$AImX(I9^&ad7DRDNaKR(frL(Y!ov zmxaZ(B7+20QoY}14yUiyO8{+cQN2IKpxHe+(2wtRhF&^I}*e+l#oa%DpX)ym0 zQh1zbm31dv41mRHBpwij)Mv*bj{YVJ5GO8Yc9uv&pFu1~^;bOSk!}>Pb|)V*hLeAq ziDPi>H%VG=(f!OCDm;uENw92s)>H>w-ptqzJt$?)to$KqL!b}(r%r}RFo_eBEn?8T zE#vm;0-~rsk6$!gK1b=Ee<{KhlzHnu#Uk&Q){MI#Lmfc4aP_3Ig;UD^Q<&ao0YZ(` z?aj{$MMXa~cV1^2IhL}+mmD6R*(2g}?0o2UQ_uvc9>##)R`EF1yM2L!1e5GqIzG-Y zf4}u*M8)pcBI~t3IxHFhiq9(Ei@$aBX%Wn$W+K@0`Q>xDLuViMhAS-!e7L})e#mwB zgA~d zE$Gb6>Bx~N4+*sDILo@Z>Xr6`Xl36meb$XAbSe|;T*hdo_^mW2ZdTA?6mE5h^IAGJ zKr}3>SF@bfT6gtm(EHVlhM*N={>7I)FD+u;)H99o4G!mvT$#~>3btD z!9CtOWCcz_ipp~lC$xcY1RxX>EDbl}U?`BUH4>YeHn-Em$oSt_cmT8fp%88MvvAfU zBQ3fZ%MbN^O0y3NOw{#O9tYsZ;QEJ0a^nfIQ$J1kUA&~J8D;x0E$vR!0w>bo3+{!vMRAuWL&$%Rp^>}S z9JwdDKaK%30&zSwQb0bd&ol^qo1NHEP~8|m?i7#GiM0rP3KI`y+wxCg;tLcelP+R= zOpuuxuckwrSB_TweCwxV7k7e5R`gn5zOmf{Z=VsTg*F(f1)}XW+(h1nmIrsk6C^8F z8`FL?dchOkF}g{T68J>GRLbRN91V-FW}@OlS`Ykh{AXv<_ndKef0OAp7j2R_0NI6cMjKkjxb zTdb*#so^Zr_&l?q!Egd!Bg#4^9Bc76x=T!-+U~@1x>vX@EI_wIHLpKzL1DBIf$$TkTGri^moTRBmh_i1joN=j8?2|a+s?4cH0-lVH`TTc_@OB2 zuT?&GxmV{fG*Pg%cf1uzB*gbYI5vrN-VfXk3X;Ww^2*f`5m-73$Rs< zAh2#F-HAbq0r9MquAzgkOZ(aZhYfyP8_gg6R2iXm7x-!7_}vWs)@Lqk_V#}owaWj0 zE?K01YdR=(-?*>DncT_5QiBx1^>DKLX-s^j7)ZB-yddd42hA9B6q~U@q`0&$KCG*@ z>L!w3vWElAlrsUFHAP}Q#mjwI5f7wfLC45Cb-tr?vOVJ3 z4rnIF`-5w5C>{=|Gp@e>&hAuc4eRMF6DV{tuucpu5aFE$eVe2n8IqvT2wshA_ z57oM+b4H`Aw!^cIb*uB&8~Ol#^#*rdz9p~vGaPcS#?-`=tjqR2CZ5nlz*mUQVdwJc z0+UG_Hi;Jg9AeM8S?A5)etdtutL?NI*Oc!H*_tL8#dc#ME zzW~bE3Xc5GwnsPV8IgmGGfRPW@#YDdJBc_>smzTo_x0V;8OGca6lF1F07ktu-YgBS zoO5e*t^Dp2>=XW)V|&1NUUUY{-j-BcG0@q_T@c z_XVl2e7SlIKI7Zatz%DKkEi_=g=w0Rgs$)zFaur*gEp-* zu5wIq)MK08C^#k3jpWR9T9GRRF@?c{UL|m!xxS(6BhukVD%($pF^6L>o?vUdT0dGi2W~eK#4N1$w=y=(f|2Z*X!C z6bd%%yHSkP1Rz_b#p+?;Pr2)urboju8mAaM)s1Pt-;hdUu&1v0xo=0vY?NOTm#jZV zQ8J|dAbESwn1LL z-L;0Sl?{IB3yc@F+`}l+aDD(%u2)e&@Xfg+)u2L2HniHr1iXG&7gj;4d4jsGuBC&Y zS783;O^ObgE`8eJf`|HIe7L0vd5Uu%HBz7F)6XNfQ(lr?jBT{R7#_Wyz882ngG*8G z#GgST(9F>=e8K}YADGCMX7W?)wIdigdlZ(aZ`D7ZOA7@`r=^Y9TL_?JO@&I+)5m;@ z=T4@Fh{oEg1r>7L15Q_=W9{nK0@e6Qkg=SQY0k0v}K&l=X-LcGaOB%(+J9JH2~B(|nm1cr^DkS0DA zUbr!k1mQ%xA_p>^Ye0mYpsvHmLsLi2^U%e3+t->eze}wA$ViF5387ClBS7|996dL4 zs<;L}+&sRxy&L&2Uh?HDFcc8fI(l7x^;2PLR z^^`6j5m@I&yEvzqG7G|&d|wPg7f1#2g)Zr;c1ju5;Hh5K zCcLq!MG(^RgANIi!5kjmT$pr=QO_*R1@MP+$dmI7gPeJV?U!<~uJ4($#_oBaRp9C$ zrh9wqSNhKT@r!)cPc?1CP!A;?(ZG(cJ65|3)%H%Y{E}E3jMDQWUGw7j+HqIoZFcG9 z`ZN5mC6w&{rcLLUX=;vmvG%^=+k<~+Duh*3jb*-h!&=7nNWK4Gn0xD}INmK?xRC@x zkU$`~1oz9)^}&Ex%ZEznuRoU zz4g}K&wgYtD>{$)PCM~a*)!rhpy`eunNjDL0i3jvRU^qE3AQNb#E$2?`EPS?Ol%TLgG{NP8 z+1W;rB(QX<_~YA2YwBLIfDDi>d7*5oqkiRO;!$Two5aK8h%`{DbXf6(nfBDR_~Okp zxz-bQM_FTQ-D1(7%5)aZ+Mc^^xR?77v9Sdj&h7*m_^=1oP_})8?Q^8sdc#;xLCpkW z?R(U@>#JkJC+wJ2sy9#}l_>5TWC(14a!W#OUxA|F@p8C@Mfp*jm1`uUITHUg%9i?O zHo8#RqI=m;p>?KKB2`4OF?#1_y?&79n&KYx8U*77f&nQ~Qvz->2ctqXMnL2L_k-VyDLSe z$@L3wA&cxMoJfm`lY$HfP!JFVm@}#KJ%kuv#?;$MdmXMG(A4^<>;~!k`3iRu1&?#5bt4QET@t>u9Z(WNbT58y zFbHWQI}ouM6$m0XAfB0Gk-<$(jazQ3HaHje;^o!5y2Ti93K4`aeKnBaeJ=(l)|wb<7w$1ike`deiQ@ETn{1iL12T-;}OUAt3jaL!s^eza^R!rC1R@2M`H zdF0Q2YqfW{vmnt6ZjJca>fBSEBavTeHx$2>!T?9j@q4)$kWT(-JsQDx=J(hyy+_Z# z_8zTkKR=kXAy1EFXAYvw8IQ!45*U62->ebQ4-{PNjFG!MztOigcuyopPP^ zfk@Mpb}4_D=tl&gJR1@!o}Oe^)x__Z-CF~b)tEVyq2Mb^ ztUF=|Hey{7h;sp5TMG!=98=1NlT{(1ld49Xz(E)hdKK^fSng6@n zDeyH+Gkfl09{6+sh_t@fdal=;o-}T%!5rN#Fxu{MsP|MSxbBfv6V49G0a7_ag4MR{ zT5TX-RPwagP}@20V?DL<4>ed*m)N7;5Lqqhl{sq_9BaHwj+#aYcKrZcE@QwY87c!M zOl6eEsF;Msga(MMtRWAUff@+8dn>6t-FOiNWgfw>8)>`xw)v_il|dWd0Nbs>FVESJ z$vf9b^gCTK)F%-Y{^)Y{HJmo=kHlukQ@CsPC27cq|S|udniia`D5J zf)B3gps9St48GV9IC#DRdi0%>Qu3M@{VubBIv2vs7fnj!l(N#;@)w6P{$gfJSnYJ%DO;{6YP(6QSj9di$nYevI9JK}1;#VC`$3aCo5(E;fcw{* zF=>@VX~1ll1BV78J9c8uFz(A^*hJO0*-(CJR?ii5{4Uo;PRVL z_E>{AVZ)yKy{sIr7pc(NlgOQiV*j|ZR7qiTR;H57d|Ebo5Uuuxy&V`^ivQ7gdgsCY zsVAMv)o?MzLXHW`HR8gwY~qpM+_}|o(d4iXc@x&%X?LO7c!LB?5PFgy7<%Qx>;eoR zbJ02gZ)HD8yLet|8Ysw|!~h&(B5p*(G4OhW+|)G86^gRaV(riste?;p7yEQ;`K{)@ zK^)N8`4`ii9~`e{8kHKe5L?798|1!}514$go7u(n3L3;V_n}-a-yHU5OHHW#6cs_#ULbtXRc_gW zoi382p*f4LGMTX|(>K_-UC^!4{gVTUW(g{Z$kO(~R*rtf8EEIu(6xg`en zOoKi0swvTYga8s zW)71ZOVA_Y)U~kBWjFnTMcN+Z=)B^$EGbeWEC&CGluaiVHFMNq+S{`L|2EA13u)d= zL}hkY?d0cYy%6ViOFCw+BJudeXeVq6qu%7Z)6L|%-(l})yJ3}jtn3bYgJ&;D{EI^#3K+TZ>igG zwy+>e+fhz-R%wYA?M|9Yi5A<62JA^O7}4UR#<7%pN3ym8nh9UDEGg@M-as1~?jquN z0}c>kv^$Nm=vZ0p8(w`QqQ&MRJD%MRwFIc8F*w-YCwjyg;MmNktY4QA3YhH3>C;DZw zfm!#IUHuk;23KiTzZnS~)D4Bjw_;hU7`+su1fZm~lO(^v(Igzt7{80JZ_Ct94on-r zCZJ(jj=8@Q45o&d(V_$7A*dR;jcD&Tvg%8Mrl`>yLSb+YVE2H+nZvlj(+d0{ofiDC zhC9}$`&R@{CbQl=7$r`N^3kJ0L5ygp$s0OKlmQ$|pD9Q~K~NMiq0l1wXNzkil^d#C z>0053LX+D1u#!-!`JAxdm3m&UZW4t?c`a?OJ_?rK>8?Bao9jk@G&O<`UKp4bl%T>| z`b=twJ;+S(7%e(-Wi=v^Ru*{gCIuc*3fYOlT`Pw(@9q;5K||Ahu1{WL(T^6GSV>HYlz94Mx{YbH+D5asfcvxHN_=B zL0raM^KTVlI-;B;Q8>CW-jyOY#aYH{W!v?iNVPRSkiH2>iZ2d5!~kwfdN))LC;it7 z!M`z$21m6|4?O#?QrUjt)6eHO=wDjL>yC?LlneM1Cak3Gy5k@aT-_cqi%g>Re5zSC zzqC$s0g7gv{+U{(7F%@E5PQDc*~XmdYs0purEk5U<21+;pq1C3)!`<=bbT2c7AD(fQuZ)>(a{5hN6h{Raq_Jw7)|qeH?I7D1o#B+K zfg&s)X{vDI%0fe3EZI9Qgq3H3m7A4-j>!1(KS_lxuqy*qVTun|usIz}<*adX4o)ne zK{EomwoiWc6Af+`4w1K>(Nt@WS25y6%&1qz6%`1KLdk{hp(5R ze3P!O22$b!JyDu|yLxEO4**gMEXePxw#{TfOM$}kZwoINbe-<^7YNJJjjeJ&jr6^V z3xd#gS8&n9;wG6uOxWOhsLwyV5|f{L z=TeMlA=_xfsD-91zeb32kcKp4ZgG^C3}K0EnIU%&&41;P;$__o=fmFtTHC~!7sME7 zq&5lXy3;fql@`{#i#uCYKEpe!Jrr@wS7)YWk9@rtDTUfWNE3%!8OTVM9jBCp)5{i@qN{b5FMD?SNDdcj z<9rMBKgNavqF{_kY$`K*VPIHll#O090C;fGfyn47bMsy;bIUhWYH!!={mv!;YTpSp zlMgN>0#wsq0wU;sKOtF9$xy%!KZ$gXq9s)85)rn$05Z};gfB)*Il+nnGQ#ks=Ik12 zOWzv+yWv7UhDX<#MKb?dWMM=vU6KH;%X|4hY6dzJ6E3>$Gz~uYci6PqQP&s={8^53 zG!zQsbSE<+L0^<<9WDDicsEyS0V+@-4a19_ZHEb${zw{sDt~Con|Iq{J=TCI^@>%v zm0WZ}fr^?Y^Pq$Y$@U?_f4aV3=eH={mn9$fAij}CL;g}78->o=5-GLd_>C2a@mJfP z@rI+$@`h^+4BI1HGnM3v4O63xcqJp9-@&e)=@Z4{LTslEihh=H_bb9uaon$3}=5*RM0RwfR#D*Mrm)C^_SxwQEQ_*Tf zx!sb+rmRz09Pg?f!2wgVBHEdP7H#^6w4t26LR#k;a?y~)WRC=Emrk9dh~|pTv+J_( znVv!MPzh$LNZTC%Zcua=(F&&0u$;|k>OLx^{;zo}-qo%Rj+i;#P)=Q66r>bFDB=L*1A0+;{&eD=E?DQb7e`bfO1J*N7 zYU`y}#kj@u(-MitnZ{U@M1}}&dP&k<=&W;A0`oOcd|C)goCf8869ie{ebnN0MxM)1 z;#fMqPXVcTSs~L*Kf;~iIJXVDZ~Ts^E*kinY^GvhhYurO>eqjO$@j@hdT=j|?)>NX zXPkL(YFueSi=)Bw@MJVcpSzcTEJ_3X91}k&s@G?ZeSbnJlkmPPs&6=&6V2NZ8+uNd zYyJV*?bS}9$Vj%8l_&`wH+w>L0U9ukd-T}@bO`f~WT%+n`l|8nrB2Dn1?jOYByUk;XNKPw4@+2f%?k` zid6hC2E|m0689$66ZQ3%md}+#SVu8NVcUqNNL!51OT-mrW!}g5$-I_&p+$pVX#+tH zb&JhB^J4ugQZL!t0tnP9M9J#|kZ#hF*P=qS)`#8pT*`j%M%z;w@TbtbY1|bgu!Pd$ zCUi%Zf=F`BHK-%T3-%+~R1zw;<~=(UP$G?gfykSYNII2fLfVe#hE~42h4g-Pd`P!= zWzmgp)kEU7_E!j0+JDGs_i{t6xl4+9mJ6D+38w{b z3&ZGc5lX9dPuW9$YzWr%MLbr^_ii4l-ev!&C=s*fsYk<16LtXi7gP#i5Rsub4PTj4(-0cl<&z!FUtF26;UKz3j*OX~?PD`wh`+2&|a5 zJmMK2v`P?cnROhe44|XL7v?Ww3N=WX9^X_B&3~P7&6{~QxOsKP>mP(D&s$i~&7|7* z1EK4%2GecpyyYERWEW~Ld7Jn-a&3WAh)TM`3gEuyfGG$JHEjuOWS||ZLtedVaY~3tchb?;KzY8Hg=(WA1 zIUd_?cV&OuYXdZg4ajHzMvG|8HLgBjr@|8-#O5$|h%WAN&db_53czaQCZ^*WFc;XT zJD#Oq7JG^QP|m!AboNX;2>6)x0wFQ&E{IozqZiP#{ybb!=Kj-AF@&uR`n!LDrh8!k z-j7BDMDoLM;OXIQ%51KHPk!;zl`+6pcj=RmFm=Zn&WZDOa~pk0`?x7C?DtsH)uS0_ zUY(j!^Lw0~c%Ar|eNwPToolah5Nciw1ayVU)Ban;`=4S`g_m?zSz6H2Oi-iZA+Wdb z_KGlKX5?pyP%giBK$G=_$o`4@&-C30?qrc){3?P6!v{ zO@l--Mb4K)S}|h0Y_9?9DI9le9JW%j??3cb$r`cdn@=vMJX)-ikF%o4KA&?n5rpOw z%@i)(6eueuBpy&^C5@rWN_>9(haV3eAN<-5hrUktY4|caz4PN%gzm9Ytvd$2@@N%& z6>4<0*IyuMmu*vs$n;jVeYlR=Vjg#SLy>f2O2%yK`>=E5@71)?5W%W5HdWiOC+3tC znAOWNUX=wZP0rW&Zq`M> zDUQRbP}c_+1#$dvt~r(I+sy1E=Vc6&=bnuoxdha>Ek852(g?xTg2#hWJ!eUdW(Hv8 zzWe(rf+DNASXdIWHm3!aJY2Zw9FV&m$&crQ;_`sGp5N;v`E#ztktC=yIyqD(EZ0hk z^b0mD9!OEjhUxWN!qkFNW2HC>rzFK}grW)Fp7YU8LL{d<`obO7)~hpLf=q*sc-i_b z148@RNE-%GkOd6J#cUW4eyJ0?3`EjlcHoj7%Rm?fZy+DG7^Qt}-HU`sPpP+aG^pv+ zCr{;g>$gR`6;99kTvpg(P(*rEI3yDOzKXxSJhz2x)AH@3z&MeQ?YCKWKH3GLeG&J= z%Xg?hXDEBt+U@WIi5yrZFzTW?%9Y>#Y<<6pK(oY4?uOJlnPx81@k`>6+`yp%Fh;FA ztmmVmU_$f({az}#50`WTm@_wy@@gxBw3rOsBD8Xu%3)J$#V~z9avf{8Tx=n?82;2j zPf?315->hZ{_kMHe}2~3_@R3`ZF+g9i(~F703XF7UD{+gE7{z{KWDRuyBSGt<`$ZY zk>c^v1NSdb`DCp|IfoKuM{L|T8+Z<)nVs|vs!W*#)7?)XhW2k<9(=pW`+oK};RVVN z(L+WFnML&uo95DOvDZ-C(j>guwUQcdO4|?olPn7lo_;k zYL0rbK<@iyaysbLjW1@&rux#g1uhfD;DU~ny4XJ zIcdcB3#=Vs5&Xb{{bW=Ph@c~8f-P1Qa|!|HL%3<&)FYS&rKyi)Y?Bm?ot`g!UBjQs zloPNqWlp6WwH;di0~Wtnp(3$0A4`kZ{|xn)#mm_pQp61c^5CtHkJan4GnW^>exO|0 zU}7R*p*W0W4&F+|78%we6oi*aCV3~JXZ1WMMkiL(ArtJWlm%3dhV zFptIA!7M@0UxEXF#A`Gu$8kQNZ5 zzWkhR?Y7!#Mxmz(DzcNOW)KB7b-GtU0PLCfg8c)NLmFJU^H;fv(8Tn5Bt*iUM!SuV z2l`|f4pd@7nqTJ}6od^w{^1TH?AWKHQSuWc-rEj}E9Y0h{k(s$eeln=_qcC}jT;d_ zMz;rq%7+Sv;dx}O#MTPk>^X1f$)h(6;|)KNq{Or0qbpPOzX;L)dGpms@b51FlFHPotV|UL?H#v%m>e1*$ zKfVhs9N7F6j`a>V*R@*JiDcbA!~}X`Rm^9@l42BfkUL(xd2soXcS$705YMo%ocDaS zx7f*JR)77iWexKeSeKNXqU^L>9sR*?c61RxDq(ic=;RfqSWW%X72BHHQk8Z3ZJEV8 zY^0!cq?p8d8%tYrxwr(Cmk#Xrv{|wmbC>@DX(g<<1azf`;p8=2-&npKw$It;|4a`r z5dp2@j@8wvAoha=tc|s%gwS0Y*yvK-F)&&qcSAbD%2_`F^N` z0d#Y{zj&1wH<&M_NJxt@p9Fc3_P01$*4&qD!QOR576HRqq(0dW+jA-T8Rlo)!%ph4 zClUMb6E0uvrXO~jDg~$8&UbDr-4^pjNp(usPL9VcmFxB$82vN=DYIBGrqFtGjr%IYC+R)H;Dn@Gmy}_`#v{u^g zR^1S)W5<2O=0c?yt(cA&Pqa~1?g2Nj1&RXs0tFegY`&qk3ijr5t6#lpN^sQmiQ#rE z&+zQaJ}J#w0AR5a02bE|ity}~NxMji;i-h`bK!usbS)w0q}IiP`E2*DfVntaoe21; zu}pl!n4a7@-{yj|UsrZqrEY$0wo9tHCH)1R6MiXr;95L}H97oyTq6(_A{(dmqVM4P+s# zu}uz|T4QwAR0;A(5pa^|l!PMl!`i@u506ekP7%^~VQU5YQ>9n?yY|q(r3Z#8D{RoK z*hCTKZTufcm^J-g7f;&hH_crhc8?Vlix@VZn`2D6iJY~xp`80?=2S#3W}ntZT_%0B zkl6*jkBE(AY*ayx8=8g9+Bh27>ldQ}@O3J5bXg6yp!Fm}ZThToM3cD-RZ)Xp^;=C( z!u;1|=-aXjloLQ+xkE6eks9ej?7#>Px9p%;MC(yoenjV0`PZ}AfZ3x%jHY{~{^`Dc z+tmY8X`wMk;@SacnF3s57;M5ZCI8Z5vPia@qC6SK-Y?}+aafa!wqyBX@)KNbTeAuA z3qn;wIM8$VGM>!pxzk+<@-@|LD$k!?5W?nD2f050{;j8CkQ}=no-CaNfHIKrr({k* zmw}eshz|yd56oUC))X)>+)D9^K7oN4^=HKviE{cB|CKra7VT?PAi`pg@BQhoC26vu zQNv~C78stwzTG>lPnu4sR!EWO6uYaXa{0oiZ|KhQ> z2CPwY!`R0TVYc{&NsG*F18$m;M5oZn zrPGd0Otiz)h4}E~RJOCQft&a}{(?5pwQ&E)9i`SNb<`9kP%$Bij1FC=U>`w^GD90! z*$lbe=rT+@sh+H%9od}H8v;(Olf|ls4%(1YWYN(f|AvA16=S+>Gy#B-OkBuB_V%D2 z1$B?2--zCuf!Qq@h!(nEyLmhutt}4l1;Ix77Vq zMLU#!moG+~m6RF^Fp{*q-C2xu%(nG@5~kLFdl0TRMFJ5srr!;g)!=Ph-wvi|tmOEj zG5Vgs%bqBG`!CQznNF2SZ;VoC!C*YU5V{=GzhZ%v+OGEb8ol=UOQWXt1P+q0e)u*F zR-I8DB9J@O7{^X-Ts)NAey%Gzd)U- zFdG;x>=#n!D~ae3twpg`H6CViWo}ib-who++Fs>hG-Y?ro5xxmI63kvLzny8L1`UZ z#8mw46!;it*~qVjU)wODnDc1NlIh!7P5n~69Cy%Leb-K{9!CGa!+L|obkXN5Qtp6id@HS;}n3%{Hb!u^3f@nVtK`O)?y>~Y7`O4{Y z2bgShKb+zJ82zu`*&k{c#FcauuqV`XvoTks07fZ?Wf<9XT&b~#!Y=l#z+X4D^wN#C zGrmj!)VLfjzO-YSS9RHz8$OyWb%*Pruw+ zmm6g7W_D6DdeMR`6Pcl+(|_^iw~D!!E-qw*4=V}dxwTM79P%SOPLReY>!dj}-dz1?JY z^JuMpQn;b2k0xl4#nP|EPFjh*77kSIhqHXN5iEY&4vt{eaIr_z_&hQ?BAcmhvK%C^ zv}SXgAi)<#y~oPvw=i>Q*D*pEy;Pjs)xmN$e>76j|3VJ>+fj4<>~Kwg`K)HD1wt`z zj%)UFeh)rrHa%XjH{p>2h5|MsGPprLPQ>VkY$n&mwhvECrw8FQ5Pwvbo;lyTJTLq= zPrrB_5dLd1yhyGn&D%9;ZyYl<_tMpn1=o<9!G3-8X6?_y(9EBPhPa|jUOR0erpYd&A{#Qwt&jgJT5L01^nS93fa4r4Bv-f81g*91Y2O%o9#+p{K>+y;)ZA-M zGdwiYq^!z9O-1&(tu9?^Kt96E$@jRe~Gu6%1**ILKVJqN?F%Vz)72 z5|Kui9x@+cshx|+_gq6&RyKIAtzY?MO=qHO4*Ni)`yJhSy+HiA2-^E-RDsZkb2Z`A zTd*0MB3IhAmc0kx8M3ADSqUR4vkA6y$C3`L8G#ot+5c4Tk&P~^MjGGSEP^8S-TB-1 ztau zZ!gFTF4>*ekZ+9!Ms9}w6TkGeRm?5=^+Vd#QT*1y4O=;@sU#aS5-V=Z;9 zQS#~xc$6_;u__z%U@U|g(=v4H+)dNM-Y7Wkxm+1>CAXqR0VeKmb3D`& zqV8{L`KEPk%G{gNC+}x-0bfLi;$2O1W6%i7m*NjIGs)neNhC;H+BsmcD-7Qvld6^I zki_-pJ+MdZz5oKkI2fLvY!C_6QF&(Y#J|5yfI)BT{Z$D9WvLu{sN5W|g=1yt{3++Y z0v_Oh!fr9VH#F?+w%BgEST|7$LS525`R|^z&o%4JI#n0ZDC`DBOZXgPCJ#d&bctr) z0r>IB-|*vfwT&(vXZJn}YaK?Owk>uzgBO#HAsaDH(uYZ-td`B;e>%PYn8QT^oO?NcE1l@??M*atiuL`5z<|1HLdj>>EeD3!)OP{ z&Ie@Plx>Pltxshc1gYXPwnFOMQLJY#N{LTgIn3k$<2#!tz-O@F7%e^+;4=x)F(3l( zFAP*i-y!5ds!6v?xvR<{rjSretv&1e5tWdbiG6Zj1jfPrjh~Y6eHF^Ub-R;q=b=4G zH4VQLCN>FFE4ydJC6FgOwNv3nwTjBeLnSHu~uA9dY8c3^kxh6m-j)%m0{bIG`W=LD@I#ZuM> z0GMGI zxc8>DjmPdgf1qBMQ&`^UE0kiz$cd<%v4nS%8Y94no>ZwoEF1UNi~a!XM{0E*Q(NKG zH!5S=`AqDFFva3$y84D^AvZa+wdRM%IM&-}VFuDI0uWLkh@HH}S7MqKiFj+tSb0{7 zxhj?k@^ze1j=x92Hyn;&`g8^Q?g^?EqJ`5z)QEyZww*$hP0lb%ebPr1`slSwfxy7- z@Y_Ujx~Q0U7p1Z|z%l2fnUH6xgRZu#LcN=mxvQHrT!^}_ea#1j$af*Typ~7n>@U!- z6|UOwgOde5E`7A#LY1nLDyp}>EzqQ|6hALvfuxoUSud5lJpGzxeNZh7?0!yaEWQ0< zw0bL!Es#{j)&sF>Uvlp2@8wYXHImkx?ZVNZIB8%7+>dQvgpELv@ZWp9E=wv^S3M3} z9P%ak*htOow>t?~&UMPxw)NG=(1Ucoe~SR>eNX9Nk)Y15qi`;!6jX>nb$IAPs07`!Fhd6@Z7887oVV&@#ooqRFDV0qes4VZQ!n{Y=U@&#S@mJ`E`Xk@>X`*u zE{q@lZsC0I3=psob}dTi>GbDWzP{m*<3zg3SJ4{PC*M;)J_(59^RshsIW8GHX?U6n z>BqOd%7}2`HL&=RF-T8v%1EJ+-UaZy44W$_bmq~@{sNs)kUmM@%}8aJOL9<|AW}UY zJ@!7*phrtdlY3t@x(PjrC^fWlPz;9r4t4>E>b${f20L*dUrTiMO<(rZCS0r`2U zf6vcLC^~dlaJ~PEqgt6-7!Jrf4A0916{mKm4CrVuLilJuKNdeztW*?gGE6$?%C%_c z9qrkFdf)l(?YArg60)Ut*=dPu=@X5n&4uOUOiO)wZn_i|4+`kY=m!I?DHzlPdFw!7 zVW9o*PdOwFexl@h^uxZIX1>Ese7$W69j$R=mB)eiT(!216K<6gMt~e-6j-J5i{fYh z4%#=KUyl0_8{?Ax&De#)_xb%Eog+b&?);^s;7PPG4srCme|8i4y|RG!I&kQr`n8KH z6?R+a-!DrHhagQv?=sux(vwafQ@mv}0|yGyXlK&2YXESB+VFc}Sz~188ne5k{4meH ze{D;nM|3kz+c zu7>c;O>ewGyRPpTa>kR$&)MpUs~?g~;JWec5nGzI#!<5eD~?hG8l!HKy^1*m6?dJo z-<1Hp@5N{#>5J7zfS_QKT@qY6XFQ8J0fq1`73dQnbp(XLl#k2&-b8u@W|Raw2{N-A z-d`LL%0$jl{RqX29Y3~p)h*bE$Dobcb>wI|*6SY8aLWU9gs}K;Jpsk2mxTGby6Vz& zUH)P@hPoqS1%;e;pR<>+;&q0^{y-@bLZU}xz<>W8h~~^_Zt|IUPd8MIr`t@BKjxBd z^2VIZK|+C5Lupo0aJR3`TA-hh6G+yE2~A`2%(YpV4ccy!rfwIrB(Tw24zRS~vOQHl ztmX#75)59Q&%@L7U1}e)VFTCnIiHL(&wekgNqvE zQ0SD+=W#;U*Q|s=ZeqFph07i5u5%V^VK+6ETi-c3Wuq>UIkY211We;~UYH;ez%tt_ z2G{Wh$J|uP?@2m4vM%L`{h+8g;*A4_ensqy+CYTnzarj%ltK~!)E&PSWdr%BaHSxw zM!xq>-@As5^V{$&#I%fGiE{i(*F@oqQ#i*Ae4fRwt5~T>2_hwV)thle2;_V1(2REJ zl%I5-@;nMtKOgY|V`Unz%m1e!tbc!&)6v7w3rP);L$Rf}P`_q*&7H7-O}Nj96W-YS zhJnPgR&dpyS>X}>X$jBfH^@rEDw~tSzqJxcx+SWyy z+mgRi=>Yw4G5BRN3HnF-F`l}MppQ1;+`-}T-V3|RxrYqP89t|PX^?W#o30@WW7bJ# z&RG4Sz?Ai@%%P5@)dV6_Ihv%6hjL1JbDi&cqPMnLg8W|ftf^XpEKMg-FA?jT;h3l6 zPhc?B2-sS#7zXQ65vO2)i}!GUaDz2b*vO%Ni)N=h;B40Z1wtXguOEY%C)Y%Av%OCN z0wa&CW;z7QYOWG20^-KilIucj^Sq9}RHAvE%#y%>(5B4To_6ztkT9M0&|gf z|JY00wY@q|D_<*BEVnb33Bok1yR={!Vz6%H$0i~5jT9M+^a#82JkJ+6M|V)-`k9n} zXv<>dEI{s*7q@71F{kI9;{K@Xz%)nRCYjYlxnU?FROx5NLVenJozP|J^B@v*VtFme zrpoeUV7~++Il7QYiMQ|JxA*?q z{2)A?5v{h(U(V~tVE@Jr2N#LFrCSrXg{Le{hbP^c6E0;kX9FmjUcriep!w`HXhzP z7iD}k=A2_vhlx^zqH}#0%B(8Z|8{ksJaJ$u*0Sh~z{?mlA~KN)6wq%L73?1j1GAFE zSIzuCe}>ibAMvEMo|?J9ut&^cs(4Y#YwD}1Syb9aLv&29vdmQRoPlb4KQpd+s4P3b;`X*6RkYKFLXJW6yt%-H zt?tc_pwDJ{MB5RXK&EC~|G^4TLyM~Rclgq|&4@PTv2;(%Ts?J3vaV6u5lvxES`)7I z!ob)oH4^_kV)^kGfnf=<)!#0*mkaJcJYZ(|47D%^v+r_@n5#Su4@$lCV+;JhR52Y3?q01XH;=a#6D}5rh7n^OukJ-qhi52tN(9zPWE<`mZed zX1UbQ-K6d~##su%+tcY$jB!3@&7T=YNPcGzDZ1&NMD-xklqH-}HCcKD6#99pWYTgk zoBS+4wB4en?#VXfO)XHL*A&@ahKP?1B*B>$e)JcCi*!-u&%G1aSrei=@_|pZpnR=& zI2P_3Q3j@o6KX}K<}j(<9+cEbInFJ)wS_Oua@GUK8p2Eg$y`Tvp737^q7Te8`T$og zD3>$Qt(*Pu)We*~BlDU&H5!h`hCvGwYo0UibZsS5qe%(dJ%&a}F3oE#=Vw5QoJDI? zh~p=Oh430g5L;8DQ*vFxjt&xQhfU{Kb1{grc2NwxSm!wH+@8Z09g(K@ zh@G+!j22eS7ZWVE$D@F@eWBmNRU?-YGm+9+1o^CN` zJ7JjqK^sxk0!qt6~fv_aymSwwLKG13#>e$<6LdFuo zhmk0knKk_v2$D))y3w#P*Yr&_@nV!XGJ6pZP>rSMf3&v+FZDo@G{sOHz}#yt$Sw*j zO7xQHe1Y8xU3~8Qiy6QU82;@)SzZ6Q;$Y-EA7b|F4;EtuKPn_Rh`x=A@m@lFxMtml zAJ{7k#m0KUm#@o7$}Zd4FiLB1+p*0?NU2x`W_AG8mKebwOHEu%=JDU&{n$_d}JeZVIuT`A2-5o48 zF4bpL7ydiNn&2AA}8;s-5Ht3~N^V zNba(AYpgzxEWHyJa+8HzF<|jW7jPugQpLL=~rxuvQ z;m_@1)fR{y^CE*pWc44`!{LU58?`ebt69&&*4o>N$Zn@MSR)=ag@@4?c!iY$(W1F1fmTKK!QIct4?rUvo|kB%Bpw{Xh?*h6|b= zyVB=`JI~)}lFFnqej)X|2pV&m|HkamNLKVMz6*Y< zH?P;vbH8;h1lWn3mANX+l+}X9D^c5}+-gtvV^;62C#nEG5BbCA&BEY)=#flU@KbN9 zReRlw;kI6iN3B{gO9XrYvfTatNfU=v$MC+B$X z>L&qYamguI!-R%oJ?;1dr=F6IdO0X18g2mHEd!>;I?Xh#tO>1YBv3Yx8Orwn%Z@MN zx=buK8{?ZGj1P**e*7(ORkW;nAyPM)1fty6bz*=89c$3^76qlKApWTb)c@HEZfa^_ zTP#O=URBzaeC}N&SH1S#tcY=r>i&6Bxd!Ps&QG@@V~#m(Gv-IJojQR>+y%d2o=kr< zH>aIQ-lAcGTj9p!$59PQOy$pE*mNs#MINuf&ps7oQQMI%B_q3qx`5@SoOxwIZbd9` zsv_SAVF4e4#r22IA)ha$0E4=C-Gzo@NcSkwo4k*KsFz~IKJB{|{e)>QH#uAJyYwU& z63FH3l5R`z5n=xwbbb0t^4E5_wjpPke`t2sNb!5q39 z(&Q>5SN<_sF9@C}7Ol;uERqXeP7)A$qf|IR{rIbJa3wc2c3wbMVH?9mEuU3_+qfz; zt5BT!s#aVr-cg>j)bLCAcABZ}_DC=3`-^n>Yrro0Qaxv!hpEPmkOoP%0j5vb*@Iy&Y7Ka&N^r{APE`aa60+zLIMYO*DY=09%SNQdr0&*|1d*6=C2UUjh(P|9C;% zegPX$=${b}2I+eVSnqWQk!yL`iLnn{=G zKGDP#$K&{Q#~6?gI0|p!IGz~nFRCQA5uZ&+iA!SDHy}kZ<*xvPOxFhw`(FoKk~?Wf zu=za@B?rEDmJxd?2HwzB0Hgm0K<74Kfw3|YE$(emeL@G~J z8fu(b&uS^%B&4>0%Yr2FAGbJ~qBHgg*40;<&Q0KvLx&~J5u0Jy?_TWau-Xk;iSL|x ztRtP(sDLrgUXqZQnh3zlMsA}u@}RHnsus*S@Ruf?S68RkTM?DT#dA)=d-s}u6N@O# zbA!Dd$jW5T14t^9kiB|dshK(nE4poa(8ph!gZutOc-K8PknLa~Dm{P?i**!HT}Ac4 zwkhLdE-F~k*cs=(f)O#Z;?071 z{KA2|6+bKr^6Wx*nxNz`97x2IZwaG2;@8P5WgU{cxVOFb11KFoY zq3-}35som|{=qY_lzus0`$lPW0RI9WSV17ei!y>gQ9MGGrCbyFS##Ia>dH{Lrpjtg zsD)^sk=^Q!4}BN!Z6}%r@ojpJRqnIU@^KA5irwPPnsc3}M=eXW7;X)7`5zp-RamxV z5@rxxa^^VnUIp%=iswv4_bygT%iH#A)^osMfP0qN*7}d(8jc8f?&^lXcOff}OhoiR z=<8SA9DBBFKD0sG_d=%F-eN!>(Qw)$%ov{bCjOgQu6ux{bvJw z$RkY^lcb4zDZ)>cyrRy+YPz2E?2n?6*wTuckaKWxI-oiV*%;W>Bi$0_D=(ELjTYl1 zk3na%$cWDbl7*?z*@D%?1uA5Kyn~X%8y8ihr6h~bqp_(~9Q}KI>0nBW#U#aI1lgS* zRjl|kEQSsU!AvSCAh4wE!f3F0$$VDzTU$2XGt1@B2-(?sn9DM0<=IcHY}&MbL==JY ze!ckaE{;z$^i^?Ey}rT2i?>EJ&hfRl``2&l8yd};?O?J1siC4#RuzvJ5F{?~f^Ynb z%;BG^>i#+rFp5r{HT5>AIyn;AurS>i;pGkY5(H~e(#6fP#BdS8S~ z%Bs`=zkei{1MN8`35g1?*b(^wU?uC(aUr_IQl{I}!YRcgTgqB8rx<^)EI>uFDy1vf39$*Vf0ZR1htzhDDHK>kwex~C`C z>+6znn(lM7smY)_*+tw}FVQ^WJ|V#|oil^sY-nlj|G+&#YwYrM|Lts$)SPE)z{+vh zoaiD;^`wez-*Kt-i)=obm-UV)=iJt|@cgCT*Xttzg48F2G>wje4MreqOfv)`#Y1Eu zjl<`R_E*yD>DbR51PMd^T`)%u2mCN zP5!1{hg;ormg-E?Cbga9l_|xxyt}`R-KVsIuEuG=F$Db#g z^y6o9oB{IZP|3{M&uo0wo~oG0Z|#*M{Xl=%Ff=BCH|+c$wlM#r7U}<{JORhot%({! z+cAXH{@*e^B8U{D(Y&$ggjYKgvkfE4FI5g-}fEl;a5VqM~lG! z18E?&CY0-FyejK)hwDw=E+o~z+MUP;l0oL%6p5E31~?$5&P1&sL<t6=f3?x5v80UW5}!g zb$Arp>t0Mk&a+AAr_j?NtL64aQF&pv1|5kFeb^5ZE;pjV zS7{iSj%;jB%lFaAosjw}6V%N$GNl-b2g@D(rphV97xYg7DMCsYLaQ=)L-ZJj|%4dz;1=sm6Dr$rg)?mQ@Tc1iXKN^JBDl(iV!pcGjSqPJ(gunTNl>M=kad&%&)m$%JA_xwb*wRLff7( z9^)S?op=}gItWg<<2l{vbN_8*%ikJl@5m8^zDn$f2 zNoz%2gPi0~Qe^s4(%Lhl%{Z}7kjqXZWHcU86W!MvhD6f^_rXO z6-j8}V#gyo&R%W2?K0^xt{u{|bw*9Gqt}geJ**>Ir?Tr%S;%5u^qh-9>;n-hK5U8=|={+){LC@qz-j^W|O!t~JDX^)+1+hZiqzU--_CxL~oj zeV|F@Y0OnWta*!Du^*n}1YzgI)MoTv2nUWHmnAJmU3GKugx_mVfJkucmk2$C*Xui& z`OaPvR#~cyOOY0DkCw$Yn~ z{9TzxRp}XsmCr)-sB4s2cI>mKsyTKwrF>Gin$);{(SgGfbC}VTYNCEWc9mCp z-2JB#-W_jSR#@jBIBn#|z^M`SF!gn_l<1gu)K)`Jyz)=8SM#q`K-BSZmxv5rVWr5} z&oOUP4-t647lMzMUnO4r4`ti@w!5_`Pbx7@Qj2T$E#@v5Xc{3@^8P9>JsoV&B#he7^2Z=X2yIaIfyI7#sIYn__yN4LlwdnQr#vR`LuR z`ckjlZCQpXZ>iPLGBXwL_`L9EVMewn8|#^Tx2Da1;M7LTIhI*BYtkLzHc9!A2ed@j*)C#iJ-SIJs%Rsx6)g4BwWgE1k^PSFJ;qF^w*6rZjy?S~1 z<6By)-BQe}L}2qh1!8CSG4*~WqVECb$L1m>zHBiuY2U5{*_vl$s>{ zz|#T!>D+n1$ca|%Q&(&!uLp4+Y$~fI$}?&+n_4m^QTJ=^zm}#c*WE@a(8E^#og^;v zeoLi+e5l^IfFlXgFUO|j05d*(EqVr#do4b$+>oa)umL+0;M^!8+a>9Nf6^(FrCgeKU$LwTJFB3^56x=)MOYYyqMBByXwxq># z_KvJJbe@Ld0~hPad1>N=zygGxK*DgVMy2^X`zk(qH*M z%8xL8b6P`WtX)EDSq3p&Gl_hID=zⓈDSz7Uo@yT@csHK`r9YvXHFM_VKcL-GerS z4)d}m^%E}%EFUhZxD=xB55~8#?&Rq{9*5dBL)de}Cks?EimQoNCE8jGrwpr>qmR_T zFQ|b%L(LWr;MMD>alobp|>z zE%d8_cy!D*sAhY3CaPy#X2p}@d|$_%7?uQC8WH1-+lq>wGKL~1Wqw!bO1f|ZFS7lC zOOr~21ZG~enzisH91I34cpAjR(gb!3o;0fOQnVK%3k@d2x1~x8Dj4;0qa|;jey$Z#8JcddVWH;3b?HUQ z2|!O5ZvUG#^zU5vPxy_r6thNBOc2hK`qMnuwgXA{N^mJ8dTMT0E2Fj$K7KZ4z`k#R z?LorBhlea~YAn1lJs260LaY8~?r5heC*3ZS(te^kN$ySQRG{a#g_eAY4X1mtiQV0$ z#(A$$TNR&XD7_hxBqGAD763!j7Sc6QR*w8=Tn!kzX3|d{&c8&{YbGYZ%?YFse+H#* zhf+qb)p0Dktk09JybFk0KlT-@36T&80zgV#uJP48OQ2@A)Xp(gUT zCGMu@3R1~z@0ccy8zb4Gc^Dpvc83{|S|i%Vs2cRRekKt{eiB^w3vwW*IcZjRN^Xu? zZR|lTzSkfm@4^r`VU5#l)QO?4RVBKcBx}wBg1mGKf#6)vo(Q)BIZF2>X@WR5=$r_@ z+31~`iQ!ZXvGb<9_LIXCuWIE1X}z1AcB0x!toD6_C_%fR7JP~~HhYa2sad+dicFoc z>74Arb0V`$JzSWpNo0@Zaf#CWkQDs^7rm*Y()>Pm6&6jcf29MUxCa#oa8x%FGjv z5I|$!#&eg^PRFjsVGN5J1d`b&jxC9`3KH56E)ZX{xYsE2$1nO)LmD!JV%TEXVmoCv ziI2BMEb+y9dT4E~pGE9T;!=3*nLPRli#Cc~U`7O#nQ0QH7Q~C0 zd7+@#*FQ)*fGkS8`xAA$T1hZBfdLngGXJQX2$1OL8{m9NPVM+>C;6>|a2F8r2iIU! zw4hmkwvc+4ydwYxcY%4K2{FittyCG&PLJ!Iu9H13;e;N}FmC*$X!sqn{_&$Vr~CO?)#n%~ zE%~?UQ$;;Fo24XW4+`n!rEe-5+}|n1O=f=k)CpwwR_fKdCAiW*Now4k_N8m7TXa7A z>h&g`n!g%h+nHwNh*5>op)%Nm`a7o`TJ->BGH&DNVK()ngdU&9ObJiCk%+^4(8`+t z@$u}BP12%TT5rVVXE!bx9pblX8J&jZEl)-xX@3fa3~e=-XmmbgEh!vJ#rcjcy{kLL z3||>P@U`+G84B8tu zaE9|aHGc_=t#8pccT)A3cCP-psU%upF_84`2T~)MP*=&P*B6o^328WRk2*q0p175D zYH7O$ryQF{Q)AcMU4oN<3{tRiuyXlq!>^3pR9lSp`G_~V#vC~BNIr7~U71W;hsqdS zLGg(jD<&f_YfSetoKFNL#Dfc^TVUg2Dm1E*u*@h@%s5>zY{)^0|JPMqNW&L8#dM@N ze}5k~tCT5zJDV483q_}qk*{OU=)mg;&}|^|&Io-9FN1o=it7GP=67w5le?S@`#$e} z9@%DDTeTw;lec4RH3OK$7jr**kaiB%g_>ff9}2D?_0o9Urk$2`1iB}V(@q;IknCB& z@=5kZ0~(WZ~(21b;kO=={_Y z@Q!c0jl3eprKo|4|d~Gu-#>Ed@h9XHGl34Yg~Wj}2ZP z#$kOu8-|7C>FP$g?ls2d-zF8QdeBx*6s#j1E-x?0I3tg91p{7w>B!Gjm%8z5=bfWx z0CX?KmgdTVPb=S946@|uwMH)!m9$^!Z~RtT{K&Lex0&Pf3hw^MvN(A|Lv(J;Uu$|MUkqeT0EdM1NbEq zBL6FW)&D5k49d%TQ=iDoxQ>1x(ylr@derO5zrvW#m%tm@l9?{xYWzP zLTCTY=F0y={K@|~PWaDO4&F^+^4R&IV|;a8Wy+mlKAoJseXGfaq8r~WG|aVQZk_aK z^~HAf;Y3>*PdR@MjLrO@(+IY@+<4T)K1)~5HP$TUQHUpHT3?Gmu2Lrt{;?5hR4Cu3 zb$AhFI-wHGP8ym}hlFoXk2Q@@e_fi(F_PP{g;NzU z*&nBw-)gnQItas#M8rF`qq)sa!1q=ji$;z`i8sMK*=Q)G_Cp0AgyUqW8#~WEE*S%HMIYLG8G$DX3 z5^ujBq1-n0-m0Raxvs4aM@yC_hQ`<-U`J#_J$CXcMP+vAbxqP*teZ;Yc{+tsuk1J{ z@xtXvLyfHNp`M4Y(DbF#3|*Ou)Ty^hqgYW7l`9w<`kU`^1XNePs-t81#fw5h3`+rv z+|u@mJAVRNY5_ZPk5+2M_#B?9g>8T&{K(6g)W_WOt8&g#KU_=ZqP+>SyKiCP;s_@8 z;J)5}5!J)$W<6WrtP*t_>uM3e2}SzfL;LTC_Mf&-v^=@0T=JT}`jkbZoNX{dNMpXj zMZ5R-0N^S(mG)42$E|=W0dCn-uB;*shZOU7q=#62yy>pCnVs2!Np-r+I`|=L5yeEP zOB^YRtcb_fjkmE1XOG&y#-Iz=Cuu*I-+=%OZ1%BY#py?M{WZPT*}Ld%N|^wUizKKH|3ev?}=!vF3N^CkJQFds%Iupt21GeB^3KPt0|xq-2Ttr^6_-UO8ml^ICPZs(|CZ(wAC$}Dc;YGGueEG3G{Ea_rv*Aa4e;iz3FgrUNP=keqiIt6qla-AP{MQ`|6E_=}lZA_m1C2l$Da zgu64)KL8bHM;DX7eds)q|9htawEkzOxfnV>br`dZjREkg%<2}#&gQ7BoID(;%+e+n zX6DYQtUyct@48dU(ZBl^rTE<76!Sx~^A+c&r`L|!4D zzV7+f09n4iDvP7K7!5pPX*B2c6Unmd_q$wvP>_FxD58yd;rFLZN~s4$9`WZ&+qdQ; zzcFFmK0kvAw3~V0@2~WbE{JAiWYKPvw}N|^V&2r2QNFpiQ$l%-()Y)4xb*4S-h|*7 z$GfJl)8>Y}Q>o47;{+Gw#gmdoLdRc-HxnK;fij`Y*hq2-XB@D7O+*`x+sU`t7HbS; zob4=f(;L!$gSS&wZKA-_ys22EmC+i&(h0N^=#^n4Xz(2sDPIU>f1eBhZfKfS+uBf_$}9lw?sb{>*cs)4Y#_#ak(3mPu1Ty#dN3PHtko zy(i1zio)S#9vSg=qSHr1JEs#YdBSehH(NwtIL?_&!m^Ld}=52%zUg*uR%7ux6Sk(+ozbZf0X*k z0CLmtwsv|Twbk#GO=MYtx_6+=bunhYB?Xd8sXr7yX*eMy)W@sdNm*j{{Zb~b;a-JI#Q~bRXct;E+_Tph*(d}tGT%|vUWv7o54*0Fb zu&PqH1X?Th?7ZNlQ@J>Ku_Nl|KQ6{RCdKT>_9@~_oALO5OF}Q04|r8UWEz1u!SXu2 zrsX!ilCcQ8a{+`*&fUt#6-EPQ&K7-K+IXuuDlx(Qj&Rk1ug-rqp9WQdXfZJZnd5sy zoUv3s2k-Yz>2JFx$~W&7mC!=-b4}O$SbsBWlKpNIxr{>unB{c0Qy{>aSsmZQEoeaU zz5CMOKsIJ))`fNb^z$CgsF$(#ZNHMpJ-E5K-1z1jp9ZTCO)sV6da*~M=Tp$f$efee z8t3i`p@Axc_0UyuipOpd4s7fcaL0qHY5Gy#222?uXGIUnwT{G0%vZ5}IYndgsN>)N}-35k*!` zeY(O1#KM~0v(|g~0)yq%xW8!x8Yw*3H0?}x_^R%(jInjdgq9qj|(Z-(< z9{5swPYom)%cFh6+I;$})O3cl665O-nm2n4_r#0NA83!(;zDFZMDRv^@6XDF`gMCp z2zvC=cu?*fbsq{Pze2=00qgB88@kvU}>}nQj z!rGXt*}juL`&%@MgYrR7<4=S{ff|jD7(_4*sS*-CBaTT5puhdld9&LVG{BRb+!aU> zySSv0#?p{Hti6sUcALoLYkbgVh<5=dNaxLGa+x^3Qx>r z)#0YP?-~ss0l5k0XF;@GZoF*b;SgtH@@J3~A-tl@x|xVm`tw2uU+I!nIRdl(D9P{W zPpFKm@p^7m;Xa>w9tJ?<54x=}B;ji|$85i+(a9}DAg$y2GVTjkI%Omc#QY{fHBR#zcdFUd(dT7pN z{U9Id%KGauwyyGGd`IK)ts;4u^!I11nXnf$`IAQGN!Sq@)g5h)33JXQe*n28f)=dK zu+SVcG(g*foD!w9+A;--U`PE@p`E*P-fX)N2!?nqyVMpax3lR41BxQ29`ID8@+ zjGtIQaIRgfjh%eEWAT++1FLe=YHk|)iB1c91hESJrvgIE50QSam+zA;x)B5A(Us^_tD##q--B>=_ ztgNh5F$kK*EV-#PyI@Mzwt;|R+bPw87|SX8e4aBcTY&~@KpDtszy2|-UGVj$ctf(h z%A=Sa7Cnl>%rE)DgZw#lDq*=`B?ZovZtJI%K;;9m6zO#S9ubPLW=YGV_Ey^#lce-B z`yl~r9>uR%h$7Y^9ApKdxKcP*NI4{_XDf}tnj}1H1jL{Mm36@s*kn&&e1LCa?@cr2 z`c=^fLl_M^a-@q2*AH@|ex8v`sk0%_I@ZIlwa{6@S_p&*Co1kq+qt2cCPx6)xFa?_0O`S@_x1oM@YJPl5k=t5+;jC0Qo zL)dTq!uThnc?J+6hE_Sp^h+y5N$;bZ1FU$2HtHG1+qWQe=rt@o$o=8{{bzzaJQmih zFUC&_uR7b{9u>)z7nO@+%j_}(d(E#~r81by*FF~sT92!}yLNivKQk8^-p0ZmjC81c zITl>5B*Df{M0{is*~F@()RTwf&*JZ$s(6d*pKxZ!xiDh|u)0OIi*_3uPE2qngTk(UWlCHoz$>U(gXHy9Mt1cGz2f}(-B@DWY! zvT{C`d}!4ht5?6OZ7j@sV{v}N!dctyL*6YbXHbmF)o!9M7w4v41}c79q(!n*ERJ;6 zHLGrdRNWftK<9c?9E^cmAFtcHd-K(MuGbo3sz?RCMF+tdu|N>)r+RzsfHN z)AH%MeV2Zxv{)A&sqX`+n5%+qtBJ+=7?3}8UcltDi2UqC9TqRpR3Anmr}q7+H-|}= zm<_Vldy5+h}OUPgB;8^vvcfYVA{xT zW<%#nJGy^80n8EMH;ddMm~2YVhdaA42NAH&R~ZGz{mZx$^wpBEKM%J7^H)t??&BFJ;sA0{k+X)`|$4lBfP4^O8=m*tu`sz#jXvy?6^*FqWOGO-nEsMjk+^Cu0gRD5*Zx`}=ut%RQm zGT1%yj-G3mk1m=St z>k3JFN{AcIx<$r-&8bGmPZ5W6t~b_qwOTD1EK;Bz6&SMRxP88on1zwr@}->KHEozg z0qYQKL#mrRjn~`uIqck>hcu?L+H%SSqbNFaT649sYWD-sZamQ>y}|0SVxQC1`qr^s zc?!Ad`%wD!Vj1B6i7V7fdZ4QHswX$_`EavB z-;LL++^SvvB6@OzDxzN>Q%^AB&!<;T=q681mk`IGN?UKyvJVvC=U*duG)$uJ?F!&9 zyuKn{ht74|lNlWA4E^rp+@*PmWfuE^QiZko%MhP>|HY2R=26m1w~IoAudU{k1Fdv` zHhmLr@U11zQnF)ZCzYgAjm7^MCS&_yvevzX?RVgSMQ4xf&6c1QTW$>Fmg#mN;}+T( zR4|SG&07UzZ0XGaeedU6sa(CJ8wUFwp($SN+JxdUA`}Zl>O7#FMB(rNJZ!zig_8;cSL}(zDa}wy)Q)?ECen zKW>HzN5(l*y!@!yK{3<%MHE2|^@Uo^fvx+73ON=dFqcBiRK$Gt#$N-k5fAd=>*NN{ zta~U=>2&>+s|RKftN@bw=UZoOC&?pI^IUQVp={gbe$#1(_np|%*7hk>unO}^hDl~z zW6=C9l|or0FT~ru{7yVYAV*m}P0TJi2J#&wSE9VAUPevj1B~pZ#5J5!i`>-4jU;O1 zHCC_tlq@H!?ktIlg*fNo?^a7Y%U^Fh1I3VsUv%J|KfBXc*eLv@v9-nU3~C*hHalw> z;>J4>A|>E$KgBwv(j(S#<|x1tC>8GJ&S>8!ByJ`U766#C0$;#c8L6OPi0W7<7bNWm z>)b9|mmq_DlV^VD?U+j=CN{`arAntU)y;-VW3(>lj4o?n;`yDj@NDM=im7%L*GLB< zgHnjyq2#P8XVsTbBSk2SZ}l%S1h!2B*9}>0d*t6wk70rdy^xxh#{8aJfc^m{$=_jRu&<=9s6Ww5)EbEy8dX2)%sRoTMOi>r-Py{DfoVJ{5`HHELcBm2W@zU@` zSQMfBYXYNI|0*$k))q5x+7L721y-N;Xh>8UZ$uN;HOii_x5Kk0H6xynnPu+I<76I# zFnSopiC!jPu?!+G!`UHekm~pu(eSOe23t)*Y6JOp)8m>X=*@C-A~~{ThlA*mlkm^O z7!%*%&(j{>`8PA6`itTdu&1pY*TC_zowaAGX)Q`L$eax>vT?twmRyuZj_&>49=B69 zuCm!Fz^HK<`?j2oYy%yTpMfWKhChe{2w>LvmNYLhDv*dLK}};(HqKW?736%=g`C)S zU;{c@Mq&|0LWK(i#P3Db&pd(CDOAZXF;h=#4&l#saJ7F+IPvKTX8&0;(ioS>P8!6B zLE8GbiRZ>agZcD`zL%*ab)}g*353eOzwL!JRe9<Iu#AHSCcz5j;wkoG=|-`N`v@jKiZOKHHuiZ#vigiWlsm=W$8{H^0;y9d_B1D$j+ z)>0X}(r#H#OAca1&FC8;_fRnv(oRKE6#G00ZIoz^yf4zqo$Anqg-`APpir_LmmCo-S^ zXO;nx?#pD`92qQ+TA;Hx zPiVu$2nJpb;JeozDBQmvcs=+y&A3VQ%l~Dpy-2k)?dF5d&+Vd~aU@GkL{=t8;qawy2BVSPQKOL>^Ece;lL>8iigmA-97d&N6LO5^T z>`b;@$4XDSE9kV%8JYR?2&EE3Y;^kG50FaId}b7)f1Y#CnuVn9qx2&UmMGAC_V%ay z&93I+7#U{nLXlCPX|%R6Uf$Sb8~Ky^A-a$9)b zXIr$*zx~2tjQHg&2DgG(Yi^Sg*7EgB5QL_(<)Kn;Y184()rYFZ((id+Ud}6{7#cxi z_sx#ZTz^$D85XHzavVCbA#Q$2soWQpZ38gqP&CT;lkcZ;b-vDANtP#|If`##9}Q-W zGwtZNK9%1#nYGjwFmGm)D6}DF4teK(#Z>#&fiZyPUZ-9(GsO(mLsjSpy9wqfM#-yl zVMAJm*Mj(#S4ArRq3$2Na?4^$68U;^61tGpVEkt_?R)l8IzG}!fO;7bZAn%4o##vF zW5Y(MNK)3a@K5P*+YhugtJPSJM#H(Q9zOJP1^yg~tlFB^2x2H|_x<5M-@mtDD$<65 zYnhP!ZZ=T&a=C`KvE7C=;G2)NRD(h_-SkDcL-@Rn@j5^WQntQSPio8appn90M}efD zP*12smm6$DVbrMa(Z#}udO5gs04?t7Yt)gbf+b^7>6o3luyIiVO2?~sjj=jGYrP-) zXCFdo;=*3wT?*@eGfLxL3!vi1_vam0uSoG1drzM5`;%0eXkuK_7qJX!kMe;8 z%uO>fi)p~DS&InfFJ>DvxI)7CBf(VWjX=7ezVgZpy!m+Ro(p4zES+>A6+n119rNQ# zA`b;Ul|?GC11n*6#b@3%KCOG@C2!u$mfcqxB4WFSVyUE36bK|o^5e(he0bh8HDuW{ z@mWR2YdUq5T6tGx@t%8|4iob?{!~fV>OC4{HUO}b0?2r0Tqu@mUdopHG#Z(sLXY*BjYJg4$R)(>9TgI7RGc8qiCxgdIWENRkkX z-Cyn?C8QnEZVAOsd9QiR%(~d^%`x2_qj<|?lV6SH2C54N8*v3{5t5`Y=b&G`N-NAb zgWib?X$ZpenGYRCcagJxx7;%hc|9OQ49F>X1N0D|0Q%+bBq6e5_NCSsFLVAol8jur z30wQ2VGnl@3{9X$iD~(^gDJTnokPuryry=`I-5f&)u7O5x-28$8<6t?7B0lntkp@3 zuN=5F!VGwChRGu6`3{n$k}$0QbPGVDv6B<&%R9(&eW2}>w&`A$z){P7z(LeXX};#A zj87(j>2TrrKFN*b%~~Ix>cmq1(e@Y9mQi~umx8ZUt+=lBJZlC4<@ze91^)YWfyD9lH1llQA{Zg;mho`P=#yUR|ZIKOv!lJeFz9xLG7_bqV zHd7^fK})B6nFd%Hd_wpA(77CnFS7VZ5!lwL!AQmEX)4{S8WG{NR-Nao zY`L;ytpj7yiE*#2sb&^iliWO%1?_|wjyWTx{iTpzzBva$< z<>H{`9FjuWGe-MygiNG5SEfPue(q^WF!*$nbsfDyDpmfTG^5F{p0z91&+8qKtv=L} zens$Hg*Hd2m$ccDFXbb}$%)FQ5symQ!r0*mdRDF&B@N&KFQed3U!d&$Y_%@;u7?cT z;kRg2nJ{K!{!v20VP^Mer^Cgm^8mf6vf3K{lp_z7*&BJmJ~Gu1E&rC<+)&}psIEB$ z*`rlz>7Y1F0+L$)Oh!<8uH(D-s_bSOiHo($CKe6@&o-;xWyN+?71URN0*$o%__^AC zgQw)6cnI{z9zir9xIL+FB@e_#hNC)H?SB}M_tvLGp)GWk?%8K>@ zX3~rQ-9na1lWrA1V0$KQ?1!4$;QcCQc}bUyoNi}yOk=kB84 zy`WVgHTq>6%1*kTu`V~JXwu7Vy8XQ^Tc94QN3;2Gc4qUP)7yid!`~`$F^pD=re}tM z8Re?)t2as!BNp-Ob2FOa7;7)%qfk{HMy=mvs;%pvwSRv|jQ_AHiS0DNFgqrIKf@$! z4a=r}S~=hXLdCY<97WwJCsEkL@OmLRQQDm2r`*Z(eh4kp^xQd8h+4UCqI9U(T}k8) zN-N4@_V;hU*O@xWOD~5U7!+pTUOPYB99Sa`7Mc|l?x!U& z?R-%xAOy22;l)RqRds4RPHtn+>5jD719K{ixx>jOerhbjztfu? zUqH1lG6vMeiucPMOiIN)o@!a??8cajr0xnuN+lsw4w|#a;nzmnj&!N$xfP^B_E@MZ z_vvK+J=FT8pN0eFLMoo(Ta2tnNoi@YK^c}vagAsP!u!UTqN$SPbowb?Rk36^{l|T7 ze3GRCbt%NJync`@8Uu2?>r(hJ7}1H8Pqjt2kuzFup>mEWi)|^Dc!&f+`_!gEpQayu zIR|@g=5=*;p3?6nS;Cs?8Fd2$3a%55Z~XBbeYZ=NzDaKGR%bJxudZwdKp_YzAKVxj zjb~Xu%9U&gr7e1YA-w+Jk#$hSW2WxX} zS#=Nw1|R4CW31jfp`~U2SQRJ5Wskt!b^=V4Tm_3H%VBNQABO!fp(ZvNY3_;80wFF> z;K4IDqV@Ofvo@Cm{VepRe63Q1ZWI+2_;46=Hu|jmAVr-m(MmKVH3j2xb-t;9pHeV~ zW-KwJFWP3FepN{|e&}cS5PcJw%ERXVdX1c}&S3?X;Zh|vpej1(eA<;_>plP7rfcHh zJmH7`$iDPxr4LM%v80lUtOw;)OW%3=vc624L!cjxCZKgM!@65$!CBYX3F28NF9vZ#@kn)OoyMl{&{Pi~FM8A82r^aE8q8NWE3W#?S}9tO zz^BGU;T1KNYNzqs&H0_{WLxOdyyRTF(3|THS~0i3W5!c8AebhZS~s*Fh>Tzrv>J9F zB#GFa(c6lGn1%98$*)H(HpR|XxM;3Md4luvvX_5Hz2M3q=EA|SCFh@MO`(lOkf)QS zx^f$To7}Yh{nO@0buWI)=*py-O;5E~rXGO^Dy<;VO{a4avT@_2m(KgzQmavx#z|YM zU>rhkg*9MRa6(+`Yu%f5c7+WQ0htA5FT?h5LkM7ZvZ^PNb+h(ge-W=~tI!iFsq<@+ zG-Ytl9WUNRf}Pz^ZIKETeXO&^sS;V?HW|_+xuS$H0&iyQUTSG9UJg-yC)e6}w@|so zUOYw0R9@m3D^-U)hUyF`0IDG>$o^!Vl?GFR2b2a+{HZTl%zsHLg%dz8M7%%UlWS`{ zu0m?-fP3d=%cUBXsPq&2=%Io6$TRmL*{WuDrafvhn2*F##|~_DfSHlKe8C+=9ms|l zg3<5wd(4-g=J-rouaETmE-AGiw+2mz97$ze1T;xH29|A1dw{_QD%u$Pp1U!y>Z(B{ z(|Wfd_#4tlKq#PQ)M_;Kor}KYEL+&VrEWbz9I%el^@rUz9fTe0dCJ~K&p?T@c8<9r zYen?1Eit=932htBh1Sv%l~Oeo7!9|pW~H=N%O%m2FNvavsjxmckTH^8i&UOsE~GQ$ z;q`AG$v2c(1eC}N57Mo@t(S}fUGJ_fi!*$Gg7%{m85DwOR4MvP7T>C$jj~}=XhubC zk`*hGb*gzT-&CO9ueN=A;+@xDaCZp5w~$qWu^l1{B9)5Ddu6Cpnflj!@R zOd=x6owp!ANbnaF*DBJpyw`h%OQQ=RrbT|)m?0Sc?;^=C{HQl*5hFq|W}UA_|9pPn zYO(xd#&m&YfO)WoznWbWy5+V*ggN52lautJMBjagIdGO$C55uUSZdoeWVbaAJPTii z&}Kh4@N z%<-E&jq|HB-~4~Y9-ncg$|~xDv2h*pgoW0~^aKpio}Gbbuqal&>1-q*EWP~RQ}kM; zXPHT*nl2M$magva>^Qq{dGxX8gig0VD|_sVO(8?fMZwC{we1_XBYNjVZb( zB=;&!P{{Lwu2lm|<`>10-_B#%&(bR|hcNC#*T7y3y(+DbNz_*~eBS1-UpAWST_0UG zdb9wUykNR@xn%XYJE}C5`bnI~9)Q<#1TC5Re2;%Ss;9|8fSdfZ?e z;q^7W>PhasZzsQwS^!dxcAq*&B0x|3A(2)oU~d9~&EWS+;l(di!E<@4^{)7?>I?Hl zP9(eqqKch9=yh#Bh~H5~gH@~f9prGaE0IC*qm+A}Nr7W)F>=c@E@vl>T>@abdX;N{ zL%t1LN=Wq9IyW0(`Ov(@(@2VQ_jm{CEi!r5y>H(?HaOUzlba5R8kJx_FN<4DI5m-I zLe<$tjaBqr2th<{88qCfa!g5;lf-i*^!M77MO$B(oklsz8L>`jwxJkUELfq8Ih`%K z&W>rI_bg11$CkOD;9;BCi?sWmzF{ZC+kVqSWcJv9Gy9Nc3N{6|iX~+h#FISk`wjz1 zi+(hhOjm+!^&BQnwyQ6dP!D2Kj}ru@cI1i|&sjz<-;@s-ch;Y(40=5nc1*4=40g;t zTRDSEG=dcJB08ggsn4;q0Pw9PUmRU`Ae4_AuT(@1 zNs2o%lby28s_dC{XA@Gg?>L)MapswavJ%4G+3Rd&948`sk2`yxY}N0+zklzq_kHi# z&*$@bZm%wFOf~^>fEx9wiKg|aVFxD~Y?p-Zd|L9C|15{Dg)mV}V04{MCWU%VmvyUI6(HWP*~|_NP58En(a$iO4y-yFij=xB<3%DTZO08ltj?`h46pfFr!`H4MKUGm zl}zQLWZw@)DPk@e{T+~X;y33GAul|M51H5-=Zw&F`L&g=km`+5tOQk6&7(eIE>#2x zm3wCcF?mfJFA+&eDO9vo@XJV5gToaw5eNZFU18q@=4dHFPMDF5m}Pd}??%$51zZPN zHM8R+xTB*ZH~DIWX~tKX=zm@vI4{RIM}lz3f*Q;?a`DB zOHcGQ%q4kPYr+xwc8)vAQ;-S}(Z*B3Rs@rM` zhTbKTi<$Pks7j-NikR^jko~3|l#u4xmX@U+`*@mt&3^@HLe3)wY#v$8nAcFIs-XEI zoDCwjZ7ogi#Zttf8PsO-N-}6|d?=keXuUJHa2Fhr^ogHpJJ*@#UZ1b}A5xF)6<{i& z#6A7zv>NU-COjq8M#nrEi3XEuk*@FBe|MeEl0DqiCZ9d!)Zl#Wr=v|WSLa}6HDHyU z_R^VsmIW60`8(W%@_YFHuD1H!d+(J|v_bi3Y?Euv$93(5z444*AJ>VBhF?k$<1CCq5o|{~XH-j2zf0y1(^%-l{^Go}!sEAu28Bi ze`@2_PM-9d-7UfF%83#lWY@wJ?xO-e$ia`xY&&iA2V31d`M>d$`cpcjxluf9(_T3J zEAAhD$d$Z+b#e8la9=50V$2zTR^-pGVTnFlnB=R_6t$XwFg;2>&PFrD-$2b7xvzfT zzJM66RNekzc_*qLdv5&PQ1fPDM>9%p?Ax+1H598pf>Z?JN!b@VExpBR&Papn6r&PK9!)*jOC{u1cA+hEW1Di&M++D9KAeUMahcnj*!l(z~M zBECAzZ^}|iPV8xaY2MF`-eSo{-V(UA#B-GUIMbgv7!1Buu+9oQ_XMNj6ksU@ z!maHKPJEJbzK3F_0&nu@qg~aS$TE`oN!QR_k8Zq@bB&BO{4R&x{EXl0I~+O*ra_0c4SM)hV7-vz0pyTlKrlRS1WyPFE53l8)OqRzGPpTK|zSmT)XWKx4kcy#-kX|b(7 zCN-_05r6BB>?`0q)x+Y^KOJ^X(cIAx;b$inda5fXg+9uN(`tG~<_qZyT~Aq~y(wPX zT^wD4pIKJo_3qwfs!^g0udgNoS*8`!rzzuu>J5%{wwaypwq2?d`KufUcYgG*cMwy( z3-=LlZVPoLZ4~0UlAllnw2!%-8mn8m|7sfHiy%JJ8!!`6w|VqGNDoW`_+&~eq*c2= zw(d=rt?ql_#>wij0}Y)&0?qc@5r?;UZ-xFE(MY_q{HF1jAB=A+$BGMULX5O zKjle^atH9iY0*`)BGE9C{T9DNTFkc4KaNr75s-!Y#l~(FWlnHzEAnbby@4Qe^M>)8 zqMD8MB&@!&qBRzkZ2>w66{iM-Iodxa&Q5U|O3K!0kN}caGqhl(YiPpUvl!z*l6!=r zL+&indyd2QiVVxn85iR6bbthV&mvB)4U_e^js46l_8$_v7n|CY^H(U4fa=!At28&% zKnFTOZHKE#1RjJUz_N1sD^#8X&l##IqOj?UB%*x8yzVdcWGVdW0VIP+@?%Dkj*oIS zoCEcnU!X%vs9>JIzT}0vH^@ODiw4lfElm%g(WK;J!k?Up`ugVp5JU{QI4%x?Ox&qs z1zLDrc6V!-ZWBg#$tYHaF=Eo6J#i6oylj@)s|QPNxjz~I_x$VUBySBK4epn@jo#ux zjZ*kZgvjk>O%&ImfBgm^5yZ*Kqu^^*6l?~#I(ksAJM)6z#$i69&kteKuI2{Z%cBv2 z@>BP&%3^9&MkXu&A~q^9!w~7xK-Dri{QwBsChj1kVnn^ zAo}{SY@eAnL`~vV(@r{-jIYKT!0&9bYgRD~6x-0%sqjkyBat1EoruVy_^QRX4@;du<*^T#qc7Fm5cvpCybO6Fm?AP;_ zFx6$8CL)cJ{``r^fF<*)=&QbV1K|_)tk}OV2v6DW9X+Z?m@j;HgS<(1)%tDbLx-(D z?bW|T-F5A#;%59Wl&^gv<;ppjvYp{sfH_Rw(`L_)_6 zPSxw^L}3t4j-jHfrcRS&z9I&Uh(}BP?qx6C-~qp&i`HLm!oR7}4O5XXiyvtbnO@s( zNx4~2nW|_p?7@NZwvY$1>ynwCpZ^{0Ve`HPBF=5az+T>rH;nhv5WKW(84z?=QU*Yy><7?e99c|o)nRj8!Deu9*;e_=`9X;IU58T|QP^Mx`7@?@*%!$_vG7s>48 zh0VlQP_YpI2ihJ(>H<9)|GHgP#CxwmZ3!}NE4BaR#h!7&C?5^}*th(CbgLeP8hJ3B z@Q7O3n7%#d=11nl>mTB;W4lBa)1&WdO49y-ZFF_!(>K|RKpKs8AyQqsPev~K6ge6= zmEuR{K26FkEngkhsD0FSXDO&vJ0^xbPQnAty_DN@N1XU-2|-GX5!7@`zd~u-BJoevrMzw4)#1V;2(7aB)eBQFUTb)9iSNd$On_gzaOm29 z@k7U75!b?<;moIb0oL>SS0m;N1aylK4E$%s@d%@X#Rqvc_OJpayFv_>I_#Aq1h&(< zOe+GgSQE)_o-HTKq7TKv+S9&M?pvxSnG=%?_IGR>*>P^L^9du z5IsGf>!6{<^T@NS5c}A>aZm5my?YpY?|L1B$I#KCNdUv`_jo$(WkO%iBNcWs>`-qJ z<<*<_OZWxhD?1McVmo(#&S=YgB8qZ4Jp}wkmcJp#(pfJEUhgG0h^8&R)jwUjNBu*4 z2ak2oq3e4vd%zB)OdM`Xd%@%~GaGU(dPs@`fTgZLHn}rl46&Z4yrm^3+UsS14BQm( z;<65LI$2aqB-`ZM@T#sHq(x&!s0hGXOA)l#%p}OC4f9j`0i}9FKmIG~7)U z-v`$((Nsai-6KPNeE)^2obxy2se*VFY8{o#IGEFd+lg53=5`%3++A>2*Fxf1L1Fe5 z@x&MHXC_Ui_VIs(AAJOKjDcn{3(GLE&mtZ~T#^0GGUlK2;gJW_jO3ujxO9ED6V#SCM$tKnJKcyK#|Kgbf7ARKh##YIvRa|Imm?R77h%Uy-SQ z)uSoKvN{HqtcXsk-1w6bPerNRb6CuZ%rgh_L2=5dUr5@p$Zrp_yn*P>ip{#NK2o_Z z@HM-vQh9z4;gCt4tZpee`aZSY5|k9fHZ%M=6p(zYyMSQ>l8^>kjRrckDZ< z=A$X%^+O6tf|Uv~tyL%O*Ah$`NC~n$ytmUWnTI;>8G)n`{-y0t!^*+$6dvhk+fW8? z(&74h0ZZTS{P)>z>#$L9;@EYrcu?Q+alSi5KMzZM3EB4+!dO;+XE7y}o)*L6{_#lL z$^$b5q(bRd{<`H7MHtmR{F@`M$cireF$_mkM8G4`ZuK(*8^C#!=1vSuqhWPRDx;4uG`4GJ;l(6YDZ;v3F)H;Ub$XG;ej(;5W-ft6r zq3L0hvvy3T0>9(hSf&HkAxiueZ=e$$0hq;CYzB&UoK*yv z0exdt4PejjjGbv5;@UZ7I~VlVec!eRYE%yy26_F=uDFlhG76s@;6c}O)D;il_fet` zGex)SHSrD?QdG$w_o)Zx;>w~=%R!KUWE6&PkG~@9?Y0w>{L^gs0s1PG^cENxeMN*76r~^prh4|&{G0U-D7sQ}`hsY? za6BsBieR5b5;|I6#@?nC2K*WKCwCo15*85aFXQsuE??CgHhCS~?heB*vU^Z?Aa_iP zIXxVx_wdpZBVNZmr9VnN3ff8J2BnNCs9mDqMfA(`g8Y|hdZC~8<@{!gNwH~`3l~yy zM9Us7ajqvfu9rI#I7~HVS;x!3qWa46Xx6ZqF2oX`RhKIfkn~?Ld_a+njr9KgDIH=l zXrE3ZWmO8B0N3XI*Skgvgr~Y@7IY!Yu$z-_2^IBsWaWNepuI#IF9h4vFW#CiR}!9U z5^Gx6zyG6P`_{F@qQ#b=9oBIq{TBOst!-@zN!)vA=R!dBKgXmK{OS{L#%m4Rblbbn z>kn2P9Gn(Ve=L0c*`sFYW9910%po!-)|2JGmZuHEN1VT+0;+rL@fTr1sa%K+fpAb-CX!r@P~Jx(Z86_^gSc(_-I8pX9TG}k~U%{mk;Zx z`2>XY=^?%#oGQ;%Jk7S|WMf8(MaaT$34Du)3rgt zAj^ zx>+Y;;zcsD5fSo+{RS1i_T&{5-7ta-DI>;=BrgkfJa}Ee7aFgsplJz z@aE$9Z#0Gvxz*+`Y|P#~7-{QGwXWz5(Q1k z4UteGW;9CI+pQlF$7I)p7qqsZykLyz>l1n9+ zp8GzKKD9EiBFae{<*DhVNZk~{Hm&NkAw=(n@cos4 zP)FmXW$L{9&vTq5X_cd*8_(ZmHGMmfrYZNZ%UuJQIELr6R88p$N&C@>$ED=P?!CS7 zVg4H}w;MNCTV4o;*`c2MwEYM32-gw9jS0e4>$Zf_{DIT+%S`pxY=EK;tnb?${k1l| z3srzR^G<9l2PA^ltO?eaFBS4JrF$Y`QP49;@p(e-f8_^!m0L<7DKGj03gyzbfNvyC z;*>#K_$^tnOrTx&id-9~Gw{i`g}}ourg;F;>EEe;`?Be-thhO%VJMGsCBB)4w}De+f2u%-1BM7-ebPcpNh1Q)-@{b#!u zR~VncAJtpV#EcLq+lN9r9`M?Y!KJCfH3Z{$AgL;d{QH z#lhEP9TpqjiUct3OQ$??Q%1D*eYq=~B6^ug<$R!>k{cds$%R%=(dP2HcIg0iWs=mQ zJHW-OSYEv0+EC#P!Shi-czM_QHpiBnj1ah01^q}O;L4%Er8w}iaG@&a*u5dV3+@@h zzdR4Tr*@0lBeD*v5dvkpRbjFD4H#?r8?^Gv-+>Z&n9h`cR#EQOb_9J!q&Wth0t7_G z77pp_0Ba+Is_u|(v88ozo72ojG%U#ER4$~%6>wd$7lPchZnm7AJi<~Y+L!7nk#KDx zmcn>ZB~e)+Z;`6r_X?#Cs)P*!WKBGlHeUL6bm$bdv7z2s}(SWoB=Qm!xHC}5`n3jHAH+H_3~^s|FUT8wCX7A&nYP56GU`Yz4}b!Hq$je zYc?XY;;$AZ-uT1(5IV){4;+5)y=_=s2&M}l7ZGf>Q#k`x@5D2}m6-4KI;zT|`dscr zjjb$iSx=NFC4*cQMxod!w3)eBN5I6ycwdR<--O|2%zr* zfUjpzzURSfL4waPh9GcH2#^DrIBCuNH&s}%Cnt@1g4W0Ad41NJ*^W*d=RPd1e$Kxi zv1KGsVZVQ$6pPd|6|%b-O&7eCSXSe&HroPKt{RI|DP7mYGShWvs&l1V7O2lWs%mg< z$Sc>>Mq3q4OD(;2K$yqiyqrgg-hYgrqc^${Vw{6k*&48iQgWMkeV0ZRjNf)Mz7K2D%q zGt6~2Vw_X5vsV~$$N1Ys`N{D6*N-5#X%u<%jCNP^mi`P9{mQ8TAJCu17b9}RIcFVXpAt&Ysz5bCWrR+U=8))#*x zW-t+cp$muYobFvpHZoYIvi2@u9vUp=Ey*o@O3os8-+3(2o%PGaK#q%30I9o(a$Snl z!;F?gAa*dyG50BB{7JpJ!mSt@Aa#p&5?9_iGMDgF*od<>h@ry1wyXWN-V;m3FK$Mw zi-VfnLBA^qWRl}jo?>dp!11)TW-+RSvwYI!kh2Md+27abj z8txlN7s$rUL) zW*N%N<>LR?e|3OpIqvQN!M9s6XDOgSx_wmN8}}`hByj2BFkz68wb$bP2t5UaUcNOU zeNLe43;Cikl`Zg3f#WjRjgS5Bad$blH%FPYCROjCHxU5$w}RA@sw3v{5)gN{=UAOc z)j$ktq!IrrXN9R3<>I7assDM@J>q+1*Blii z<$y)lDKoHj>p$4Mb~-B_A$`UfU-d}uNu~_?vJ&^la#QLg?3t|6ST!l zxus^QqnT~L&6+s~+F)xZShk&%=LMQJ(gjSF@gkTnKe(;`XLFLLZI_U@?4|P)^;2;1 zu@(BNJk*WbkBYE4ijd`MGKy?h1>W;0ip+ykQ$}4-PhnXoaAbRbs9e_U@w7QRO?r42^i+`LOA zIz6D%&o=ouYxpL3+y)@gExr7f@PNioF$Yfk!7_tybma7-3E@KmK6U2y;zNq}?gH#O zYT7yd#{Ozp76cZ3WjuQH_>LH>kPUzEpW?DNRM-}>ko+;^i3PbQ|H+TPMH75MT;;tZ zqDN2FcB+JZkuQlq^H3e8gq}rTAacUU1qTQa^5Ux}uOl{nGJ>6g9+`{rGN)U5lcWN8 z{{5v1Q<@GS&LICIieIJiBMhRk*pJ)ro0GS-#c7j(gWk@v7glZsmk?2?GBqD-ebk}C ztgRKHL==DqCjC`-z1RBiwXqX`pw0&T#I9MG>(trDHZ~nWKK~U7Gx(8_R6A;O6rLb_Voqq+F1q2Zg3K0M9jEn-n+`t+07{7_{c~`3g;MF{R3jXmZeS zg*YP^FINv;nQWq0;x|&O{Gj{H$*3WL;PVxgNn0H-;&mOzp+ZS9=uLV;_ij~nL~cUpqSm-!C-QWEnCi$XEcUDy_lrs)WaR;`iqa{D)Omhhc177MQ&CUDN}S5{lb3<=5Wq4 znHO8ib;h9>j}+NvUdSzgepE307COk(pRJjQzNcWIv)@p<@|6)=nHBRM)abniE=3$S zx$vZM_xq}8E+vhb^<-S!fc(dZy2`h&L9@7fR*^(*)9}ay<mn^r53UoYR9ufG4l~ z7Xc`(%+b!z;fkO%6Xan+`dG!y#(M8gfgIhqjoFY@4T8Dd-EvqNjWj=*N@_c0!Lcyb z&zec64v}nq%$*1;m5bxIoFEOTm<#jSc+yRzqoZkfOJaiuzh80Tm&72)to5)n?%j@@ zphaO>pCy@!t|6&V`mPJM&T~@P)Hc(VQm}%4td>5`+&kXx#zZZ=R7Jddja(5Hub>dA z@>LY@zKSQSNb%$0#RHOq?+5)-@%jmJkV^)&S*wLGK;%IEb^J!eWA`Rh#{_$ML8}LPeDc91puIi*oL?Ux-^oS)Kko zWt5l?Or}FAAPUyA0Wih4w!$RF7c$vG9eXK*5g$2zDx0*NaJo0`HYIg1NZeX=j62kw zPh|g~k}W~iWZ?e!g5rOPY_EzHUbJWb!K1JpX0lzVkO}TD;9SChQSE}yK0dDM$&)j? z3hh~M3mv&ckE3MWa{{apC4!i2`V!*+E7Y$`_c`hb8VoAtt!p7t8MVJ5`u5O~9#lq; zQ5xi$w-43OVZh?jxG4iP7zi$IxRMLIj`=Yksbswxhh2|upJJ}h)iteraHW`swU}Mc zvHHW_FI|adb1vH?+Rm86V~2o;Hy#KqR*C49xp@@WGkGDC2<=QtZq59V9P||$b%dIz zVKGV6I1D`oGj9SwK%@3cv@iW!_`TS+kl->*CaRtv>}3U2*VIAqcP@-w3`owr8!2uG zmrGfOWCa=U^>A_feGB`lDufDXzE~tk@J$5Tqjn~jj^w=LYn@Q|#o@p8;CCeDV(`wI zil5wFIiI}sXa+!coTl5yby#&|(WKC9Z2$-OhoPn?^9L@_F&QyV6#^`OtGvh zQkTgJFSTUUO>$jMRlz+J8KY)w3Y8K$AXeP=9aJ2n=8F6MxW1#OBely4Joh8>r>^h<71Pt4a6W%TI*7{DYn81nTu=IstNlZryaMy7<8=8X_GD2$i67!|OioLO8%r9*5j zqsXV2@e-HYQ~@5|d8B+W<3p*p-+_5qlPp=L`V(xA@1er+OVyjM5LavhFkCjcL?@Co zzx?fV9xn#zVJs9fjaL8$erUf;5NMwCX-(y5Xie-gy#=U~76uu8yjCiem!MIuel}~Y z5o2cOK4%9DriuS9FmU%d)4>3bQaO$a9Pl{di^rS&eQUETSqMCO`RDoP@JltyvUVR2 zmZrosrL&^fFf`babq`LBgpW(*e+Ux1 zX3Wt4bt`>8`U-aO6Qrpj#>Y(XyBG0q@+L80jtZmV`XeoEWSq9C`s{UwualzZ2H-j z7C%&LeXO=4m9S@h+xQ)0+krS|&9gEfh9nBbWrF!xit16TJjEuU@1Vh_#&ZJk0qB*B z3IhCmyfUgj$2s?RgO(cp8VJxWGF(dMMA$)oV9qm#KDd*=19P%VF(V}_hNXm3x3cJw ztyMV#!m>B8!4$0lX^G9a2eI&KyEAry@V;PVmt~dF>U(Fp&UF|Yr%O2dz+gZCeV!NlV$9mV)ha>5k*|>L=UaaXb?w2b*B43D zAEmwTpaMy`*2FbExQe43uWO@xerN-_iPDAmOOe^C84&FRNB6=K2znK71DA^Dg99fx zC9EK|rfg|)9(DWrF#Bm)3|DBkl?IoI-LxLestuxPtwj=`zRmOQn>ruVz0|&OE|r`+ ztJL~~gzVVUOk&?W2ie&e6S=~-rkTU7+1M_(xireV$>A2ax-Y+Glh zcSekSWyGa`e{0N(>mvBqB?ljPjychO0Czno8+KW#|0&`zYg~LeCg}Gn9$M zMP9yt;|dA;lv^w)g`chqDyW!!tDO{ePv5U-#t5(KsUq*UT4Pa!vKnm44jl828X3%+ zRjpjJ)ofr{6+iK{PSdY*irIV|GV;g((GkcNi%PUt7)o>mss0Czkoq)Tk`1`1qrOe| z1?a@%cPX0h00Kcke3ST+s3W}Xwci*Km|71H3N~F7&NnN&IC?yz0eny_+;u#Hta;Tz z-D-L&?&C_0*J9TN2B`Q}GxS4SGXwvj-BBygRBq4pykJV|J|RPc2cta9n5ZO*=u6(+ z%|(~4eTlJoL4Z&X-gE!isLk1UNl-6&+_d&JL#JG|!JB1MZh=-obgbfy;~VsP$TEfgC7m6BJ28E-P*^z2ASu! zxbTjZjM-{x0sfUdy~GnK7XNbI0lh-d{6qEbEl5ExX@YFN%dZK%X#HNHMIlmE52f!0 z0mYRF?{t-@<6C9oNoGa#P>UJY~(%4_&(@r+sHWpS@79-m>mQbfEj1KID-+8qk2HSbD zGcgq=F@xkJF%d&x+Oc&>?MMGL{@Yy)U7UuT7-`9Dcw+AFfkmr1m$@kdy=QL>kq4s* zUR3QNu|+XX4zH_UFNxliY^7;v-vlsTwbf?DHVz9t6M!ZGbyyPvkAEw|JBE6z;Ze$p+R$Y5vDF*^ZmT=t6u?e)_@~ycIuV@n&U{CyXS< z{Z5GI-K|$HG}U_%$q@$mvoc-Bqjj_QRe(EPLw>}uHeTXg^|!&SzuIl~&FokX>9!Np zv9I1MaMk%BZziR1sm=U6P&=6!?;lw_7|se>*1L{-(N4Sy#s9v!gj_~^mNCmC3k+9O zKfeM^rOhm*A0ymzXx8B;ba#8n>dtzZsxzx?^G0h!@-KL+Z<`|m6thGB=4B5p=KxJt?0WcHv>lX%$fl$xL-5fd;*6!hA0*Uk4w_9e-JZurh_mf66 z3Z!Rc5PJY2lFhtQz?+{cZ&qw_Zxp1}sfQPxJC6`JHMq;(E2b#eCcO>#fm58#on}dd zlK|8U!-ZFgo+BLC45hJ)8PhU2)Ted1{HQiY&+^HvMkegTXX9m`GSW;yzUW}E9=wr~ z@(|QcbBHA$U8hbJYaem+UOZ$6)eeVECKAb7YkLN&+Z4DaT+2V0y^_TF00Z_}?M~zi z?Ox0OL>h$@SV5eMG5$b5!59*yV7$0N_+8#?M+irsDc5loMA(ee^XBBSV0A>L26I5sje5w_|)5{8l?K-6-l_jvT7QUSy^~ zh5QIAh)=uO65?tzgD4TKU%)63%X)bL+IC}nV+q;lyQ$S!ukIsi#n5x!#7&oZc#4UN z@<|D<-ZVq#c-z1psRAunI;eMnfg>JhFM<{Z+<_z7psaoHcYhdhbJ;;sIuHY+T&(3j|)jZFRm_5I(mRv-e|Zp zXioeQ&oN4=mb-NybhbIw&%47B(&Shr;@$tCHn6Wd?|O-jY?Sz#^2T%+=^3wrDEsOl zz^=ljo<^Ua{kiXS5d*Z)upwKG@b${2qXN--w$iev-ubs~NcZUbkolfLQl^LAjuZnt zmTz3Pj|_lFyax2ZR|OtVd;hXP(*b_M$8FIX7t&x?2W}D!WaYtU_ypiRgIO=i)eX#3 zQsmOVFY~*zLEG;;bHyNL?(9bu1f_4e43GeWg6hN{adkdV4{G&`=wCHqe=Sbw+?YG* z_v@YV>rLL7%vhM3XI@}Rm#^T{qvMM^x1D!tG}@L`@OmKw2fg~SE*J1UP>U>8Zw{hO zSRdyjIQgxGw?RbBbHh8z6#M!#l7eq&Q=(Sy-g!c+-N1Ca*MICtmI|LAV;u~c^z(WU=-!7+##H1$syTHoxk=ugl**=7%axW_G74WE;Vb6Up~EE*4yNo zHlk29iUwVOA`76_xQsHv<qi`(tNA(_5Z`cB5TO2$_C2XH&5q(OyvjI{PZ1La8Qy;_A z_jiGt7&L!&`oz{7pnW+h9~rRh>1e`^LLRQ2enKOOIVn|CRgHtT3pvyD%uhMqe!o)ob+ZN8Ow2V_f!%pAH>jzFfh!VB)HBCA}S( z=i(iEZ@t_DF#_}+$4d28^v&!+On{9F2neJvSDo<8bw%s)g--I@Mah`mhoaj9V+Q zUvX@UWhW!*gU=kS9pk0jkI+DkqiPvF#v=$n=QzepMZX-rpsZ)@GM%!5nQ1&nJP z*?PBW%nL{ZD*U1UEJ3D+0hN>V0Xx8o5{#8coGUQ(UrYhUEiTQ*+BB|uE~)*tL|Ryq}cAist%3Cdeg)1RoDiAJA6h6edN6;v~;AjPt@K4ettap(_BIB+@08uiA@ zvLHVJLlqCn#VwVX71U56!ZSzh9MGaI`4i5ZX6p2!$RbpN}gN%O4knt8-E4n8$Q9TrCl>k}9KWM;+(^FwZTE@W1Sk7BW zbe!T*rkg1nvi;C&WR9+xXIbNpan$7TdiID((|U$d#!1oxV?VV z1KhFd0X<2fiRQCg+C@)Sn$_SplN@WP+IM9->5i>aBy~7YA#ke(BSmG-@v#zUm=vEY zK;jiSk}+i}TOaq*=3`q=CpRo#7Zt1IF^+J)j6{w)zgB%|Y{s`aRqHYNCb_(y**VgR8eV-ME3l& zOg-<2VkNje4}W~Of$6{$snKKR-YP83-GAm%%0hTFIZD9l5q7C6&4o?G(BA6{3H;RX z%M`~+*0)KDx%t_X4EO=BHm5XWw&az#wvSs(&8T@0(AphVBU}RfRz!pYTjE3*k*l2t z4}p`?Ntt_N-#8be+h+}R&uLuBKgbvN?C2Iaf+sqU8!z`5~d2a=4U(;`Z;Zo8lYqXXz%wr@&F>aMsGNja%tMxo)uqBziWCDaK}=4(eh+()j}bzxJON5z+xJd4 zUdB#=M;hlsf0841uU_9{dUN-df6^V52j7ohpFwvY26(m@Bq-iG=C)sa#d@byK>PS`Te6T(A)Db!-}NxM3bxC}9XE2nnT-sDD6;f*)# zXPb~R z^09cGjGo&{a149t+a}lw?`Za(z7PRuW#cak#kb z)1Cq-o1fb|`M=YDR|DE|UnC|!rE}>0T%66}N#`wuh{Zg~CXteb1;iE6SCDE1mO%#;iHFl0$ab8qVl-SMltIO2DgBk3tD?}Qm|E>5#3s2whTPS8SAW8 zuc=GazqVjTo;Yr7|MA+hZ>(2Z2e?lcR!*yfFT_M%GCDm@{Do}bs`YT1-m~eUZ8<6} zvCzg@m-dgI)tmoBkm7TbRSn?tdVkyXO)#*?}U1b1`k&DW^GYK!nrj8AHw#ASSlmGWIzam~2}nDxcs z8q7l?P#yl9+bq3(8#Z2~^JA~t)M*xf4KP*wD;gtPl0#hN9Mu+RH0_z98x_)_$@oa!Ub|l0>J|<_C;`~@&47MXyws*x2g~jBA+!3e@0hIx zjyNMg0}5LBR9$8(=E#31TQE2B7k_?h)cWzUUjK!D0?%VU00_Dj?QL-Og~u!z=n$VH z%JMh`)q&F)h3(+0egb9V^Mn9Oe~x}U{5d|OGS?{vK;GgE-LTqe;nTXS3HgR6e;wIVZ8h|@&Ktq){&e23F^j$VYoGpgjr->EYB9M=xW`gh{zNhBik9DgU3{f#PAZIgM9u%ka*Jbs62>0$B=G2Pb#bW&9hZu~gue9e{xniI8^Gy7 z>%z>VFpzy_nzCZsSy8xJZafI%?C(8&hyFx{FZWn#8FP6lZJ8A;tAfnL3KrX+f*wME z<>FTHdYTgQRFbiq5w*$ng>T)Q*8=)f+Cxl1%c^h9ag*7?aKA`}7S1%nk>7XHI-JT) zB}S3H`Vf1V;2rWPWU1wX)|#o=qW`wV^uhr4jSf)D>ozP>%y!w7`_pW~*3@@SUYSt9 z2l61Q zKhU6Pc(pvJwwN9>_jGLkNP-G~6nUY?7J`gB4}hB&Lil8G#5l+}jy{=YZ*NHec*%5G ztA_7v^v_$|O%T_C3!)4Qme597c@z^dq8FX>FxWxUgOru79HzwqG)C4b53?Hg6o`>c znm!g9>U#F(YyO_D03$00@n$RJJnwVxvDhx>0?P{12-jJOwVwqse+E<~*c1{6pm=7LmhLKvYcwIB4vs?!kYDJ-E1!vaQX46I_~s!9?N+ERBXX>x=ITYTLN@c2n7!t8N$1 z?M>OJXn}@Xpwmf5HmR$4;Dx5sZoVZBr0u^Tuo$EnScCU$VH;FIbcM?jzv2#!deU_c zi%dNthYc$Rlb$TZ%$*-{$4UNO%lTW})QhAPD_)Ji9W=fwybOIAP-Ima19d^aA!tAa zW^z4{`Z(K&2_r$MorLlUYwFP!gL=q(Y$bAV#rlh<&f(XM3KLBwBuJ?bTtYjeGR+XKvZQQgGAKDCD4g`>=u zD~lg+;{VMnQCX7mKe+rBAJ;XAlLKwgMn1;GsnqUilt7BxA2Z`{a~Gc5B!L$>@-QF}#ZIsNUJ z`t@UfNrC}&JoDcw`j^Fs(S7i6JLy$_X5zc)efE5W+7u?(6meqAe__8!_$D%& z8&3w5(x!}z^uH_}F@rQClTDJ7__%W-r{1=o@CM+P8jh)OJ>9lI%}=6o z>wySAd1B6ERakY~HH!*D8tkVwJKXORdA#wJjW8T7{|iUl+#7ldTrsW+>_J&sK%!Cq zBk4-~nehL=`zjOV-rS;*NRG{IG!!A5`wAuG*x^o&YEou%CyEfZnIm$SBQ{5pTe)rS zgf1QQ+voTF6W)*4`}KZ3U(eU`{d@(Z{(f*o1SBh-!nv>r&Vxv&>iUu}^?ERC|AhMUZ|t09RvFK|?izOQ+0T_MnO47aEN!=^ zeYyt~h-wF)R4c)g9w?n%`<*;t^syy@_POa(#LO{a<&18uDCjZt2X(M{U==}57nwPn6Sh; zVjG?eeC>=i6hpo5v&Fkpst4*<#2BjLY)lkI78uo=bQQ=<&YC?87G)WfV(gUxxazBq zXAd67O22V3nSI-5f-G~eT8>J}_`K)WZqN5tzidKB)Rfre1LT0Nu`Vue?L54kN(0(J)pHH`F(eNJ? zaqA~m^ON9SnFe!mF>AWTS-7L4miaeX{K*Hi_A$U0dfAYR0Z66>%L#v$&Zr(gsH|j!ziERfznT$$@e8JMOkPyU&ks8lYtfIROS6Fa;=hcr?W5>Z8PkXVy&9KQ ziu{$G?bv^N<(!8*05_gyorJe?MxUB0v@2P!r64vaBnm=wwKie4A%nbnkaflA`}o*n zeYbw!!RG$u+T*zKO2y8lSQyQz-b%Th{iEinRmfh={!tC!kn6(!pM5kULG^a?R!KL^ zxw??0RCzuKwmI>^lB0%287d@Yv|XZl@lvs~F>9ZrW&t0FVc6*^fIf&sr&(@SmYW9Of)jg>>7;lF zb8p4wDLR9eMHUAloj^OOadr|&korrokzCv|*LH+9WWapqY}0%!S&Y1JuK?D@@IQ-l zL>*)^|1~&uxRHXmX$D$VQks>Sken9jUJ=}^J!=F?vy&J&^^fQ8(gMe4GE07D;-9L_ zU|(9Y&d4n;Hb@AHq`~_@vIlQBiySXz22s2w=dpv>bree@Yv})#WDctL$*IOa83@{u zWYH%`T<)rjeO|oLg!7U;oU1<%6*oaa5H5qU7Eu$^RuF)`NI7nHNIA8dcb5G-tiI#7 zgj}lP4akdqSNyMW1BFZ&0Q$K$XV&PZOJhv{QA=yYDh1GdQN_+6WgHWq z<%Fn$9HoH)YJJ#;Jw|mO-r;hji$<-5K|9CZcYT)l;ORi;X1@y7i+e&ouOF*7 z#hJ94dE-OG`CF@Qz;MnLaF}t(ovLodnoI^2LiuUWlI;K?s|8EwaIHL6c7>4Zkw9c- za5@4?F0gt@(l>rx+g$6^0-U72R=!dwad-ISu(nJGg_gAA#}~_UK=A6 ztBTEjH#>$bh-(MNKpEvN($dSsPbGLWR(6$#-1aisKLKjZ-+BzV#2NV;zAYs8TRM%k z*Ft^y-`boyZz}+f+DrXwFLrmHexb+Y#s=|_EG*t~)E^bFfz)tjdN4H)^m zdnz%(vI5&JC;DYAQ%~jI{AaFX>>pD82RQ(GqqTET-jA1kxP4#-IyNq<=0tQk+5hld zuGQkpD@~-HIIFV1wdyXOuYo#B33-3JZPyT3mxbRCRuZxepYc+{GM%FWZh444X<=Dr zo_N^uIqdF-I*gPif-nyG&sHS9@k6J=7ZF}mV#IAj(TsIpysHs+vrmWO;I)i3bzTAT zkFe-3sZnG_PL_|(R|sd|OEAP>UW9fihp(A&n;5G{ioTVX!Ob1T{hSNSOMrz*|61pj zowOI{mM>ts=&30O^W|P#(L4+bg^DW8=Wpe-^ayXRD_5kP zhM2`Om;Q;@M4=RU0@FBs@%%;`j2wg|N@AT zH~(%dA zdmuoL*X{|BYl0~~!-K}zS3yw=0bjw}&U1l>h+ZZ5jh&Lp8uPs+jW=p-qfwyRpdnk{ ze&LO9a_J3?7$<_q`-OKbFP7JQd8GwNL=TB|6+imoB~3OO@|AG1#Kvw?F7(IJ(=oHQ zHKjC8wU);aLqjSS5m2*fmId6we=^>Acn!5)X>$xN5J6YQ|J3P~XWlQjF%kieunfn3 zgQ9x^dm8RX+$Z+l$&KoI#$0;;o8QG^qx5p^xViY4M-GnScC*z3TAeoMy8%EOgqY|# z&_1mX_jUnnxduY1px87i5&wQ=8@yQN*At)@Q2ei0(N)ApFVXR(&j?Fw<$A3^rW@w6 z9b+)D^fnRjkV}}g_XV!Ltk*oWB;V;Pgl@Pq+K^@U`R9o$XyMbMbic%amjg)DS*}W7 zfHM9&_Ki`(y1f%4w}W)`#^^<=4Im$Q4?>Z19>$ye$ZtYeJ5L;AH36r3eJ7eDyIHi9 zkQvZqFCDDiXBpNxr}^VnH$6i( z7m;ty@0jM~h^@1J14dn#-UHZ0T4AXl86RQSk~(RcHL;8AEfWz79UlswPz`5dMRn1G z?VGz@DZF1}C!S_*OgHv`(bXM6H(Oe*s5d*ScIj6?%ePK`FdHS4$j!c%C%kWe`vdF& zt*S1ZA7WPCN3hl;j$ixq$_BOF&<2dnEd^7$xo500$o&zYs+$%ZJn(Vjj6hLb1KuN@ z&&L7y-f&A9SMyrR9q~mh0~WKwDHM^fvX_uaa%{C0|xGG)!~GgXX*k)2K|2JKsuWb9S(v z?+>5y8ocJ-9ASEVBe+mFHCkQ~{K-AGD9Wl0KYxMH#O5?b7hSF0G>lMHR`b+TYw-%KL=EHfoWB@enl*XodOYfry zpJVoq5CJhGXMki9Nzpl%Z7XfygXtOg*VT9K-I<^I7D&yS}e$t~s{Ke2%U&C3gV;pSWz~R3(`AH31xYV#-CK(kxzqt#AKPlz4*H zea!?mquc>z(4H?IX$R)rl3VxLu01bu#!GgKj4tZhRM&Q?v)PfJsyq8>2Kkhr6gCF6 zg({7kne!4#Bj1g9F+U@iXW<$T8NCnP@gBs|K$+pCM8zE=@tq4(fILJTyp1@Wv8BpOnutrK%g^j3y}*~E{TWt; zBy(Dc4RGaV7ry~e4#*#Fm7J33r*U`BeImInaPPVDLqT0GoqRtfiMngO`=WpE&CjXL zUj5tru**-<4;Q#PWXNSOeFKZ`Hdq}pYlWebctBZ@nTVXe{;CHS?^#8V&V4G;r-@!5aE^e z&ZRx76muj98-%Olz)K z8^Hm*sN1QLD7G_)&iL!geVgjzB+rw)B|4JQ>9=>S2f!m_189HbX zO=aQ)z%6Hu%r@CDfj@nxH%)^><9;~%%8U>cLkuT=-rCX;g@_D0+_T1=0huYDdmKRp zZ*C*ffE((?hjJp`@q5gbJkf@TFv>t>|2tx?$0NGijQlxhPJ}NW(-E7`VbRt~hK77d z7V~$P)fkZPj2NhLBMdf?hAaVjY{#W&2sXU6v-j<@Pe?DM!aLK*_rb~O+`En+iqbYN zCQA)w2dV3gG_UQ%?bsTxAM1$g=Dbg_-);U%4T#b}Y}Q%SDY9pT*C#vf+{Bsk&bC}1 zM&uN_^0v413_}O|prex>XFa}DUIGb#LS9q03wmj544&>ZrX9$ za9i&^>hlOSQb!%cA=pc6?tIgWjNj}1dFQv&s_9l0lXg27_GhBQ(5v46=407&H|V~< zo4sY>d?TvxtGAqanSm*39uH9%hnV&o*BgIJzOELC1B%-i>`X_{BlyBKSMoWuHLQVz zzOZYH`8VQWjP$#qbfS%r6I(jhSuPFaKCMG-W6z`pBiFr4BnT1T^Rq6b)gB=po(x(y z_b-X>dn9R<9jqE&-{7*>mF7b0wc9cc({SO{qaMSo4_uAfaR0)W4y1RD$WwYI*{_0> z8oTY_IpcQlZm9nYSThU>~nBmHhy^S^}+rpZLO>S`nE3cdXf)R z1{CgT@#JShPC>>q-G?3U1CEBt2hpa0^GJCvRlElb;7TxZU`Dvgz`YS)=J{7lx2((| z_mA_h)D7sXv#HKCZoe>m!_`VSZey51WZkDUY8V;xc$~iJ0?h&E_QkciFVdcI8`cg=&5v`~H@2 z(1`r-Z0PFHXSovmH+%TlX&%t_P__G1lk+bt_&otkHMl}lNm;v?({oGmUQ5u>L|Ezg zPb4dZdET;IwwE%rBTqRpRIlM@4SfOLHGoT@Oq-mZ=O;xoOl3@L(h=!nu7F(HCtow< z8Qvhc-QK=_U*WJOHvaC!ieoiYh)p2;(KESEcdk;~?9L&yCmb!i^_Tkoawmn^PYN}g z)tYhi&2>KF66ez1xni94lkLuKTZS<(c~)&a#nYKh2<2AyVN-X~V5H38oCl@Q&X`#c zd>Sp+Cdk@_jA}D`R<4mG+zW9ug1C5$J@2MX(6FCnO+o&8M z0xF1uaxL$PYcHg%-sW!+6xGxyL|jR&$^H}QYt|EE689VS{OgLr0bhLwKUDl&3PtVfDREwKP zl#xs|)_ovd^L<>}JWH~14M4OAFm2;Q=yW zV)Hm~9Rl=Kz-1#!KvO7Sw?5VRK}ydZJ+*Lkms+-nh!cQr!4}84^kWkPah!pCUL$eq zC5$ZDf4|HYX`F9OjvMC3P+WYGbLE$m7bBje;GfJqi}RC$Qj-kCiKeHBojy8g$B}DA z&4+O6^Ut*uz9NI6UzO}-Q(Ixt!OgOG!FRLGQl-9GS% zd}RAVkrl$hrgMK&^FNow5tj~c8G+ZI}I|jGlrxxKvs$-UQl$_Kj++6SgIWV5Aa3&$1czEktGGtDs^-p zoB`~5Oip3AlF-e=q*OUpDhfS&TIJZGD8{Mop{h?#YqeDYlFbulL1YWr8ZXZ^nuDuy zuVOOr9XBMLoHy4Qf!;mI`#N;O?5fmS!pKEZz9OfpU%aS8T`C4BS|!)pP4>( zUY^fEm-5b9))uN+D_y1DQtJPQ)lBedZ0+Dwm&crJaZ;yN40#A?cB?HqqG5M*G^ z(1eGEsbpM@24YzyouAokb=dq?pPD@&EV&}LXx~S)2Mj*CB&{LK8h15a`!#o5`Zy5v z992y8>FpuQ4oCAxj<6_TZex*kpKm_>hS-MXtO*bgXxHUkku(6QZK0yFzUYCAMV|wy zd<1b`q&^iI<($y1SCZ~97kDA=Rwz(Uj>X8)fn!R^Z?vJ*8KBJqhyhV5?o zv=qY7mo}mHl)97p{P2N^+SQcVKK+g&}^w>O!EP;OWa`W-AND8e&NlL-z3m9r%Qr8o>rItEsTiGxdf zulX{Ba*r2p<6qL{n@IK<2EsXthWdbXzsZnq>EUU9Nt^(YKH&xX+nkxrBk63?rfD=8 zcbM$o4cT3okc*FukRd&j*R|T^i_gc1icx^rfFyMFUB`psltGp*?OCDQl*-_ERx}#x zh3tbylNBk3OJ1UdEpnibW(q&R{g?~lH$oL}43(o1p9>oO3GHd#IgLA{(Q?nS(rD_A z0ds>2mIzn8l=tA@de|0gWb)xb(j2{4(0vorQ zg?Xh_3Xa zCi8v;7`aB^sIipQu4|S6H5t`sv4`2=waY|PT^H*V(FY7g_$HEz@ch~j*FVBHdC<>Wsu|_yOyfk72UI*h+6wDQ^>Zz=W;@-x$9Uq-#3e!0ss!V;Ri(S13oFWxx;`^@U1eQS4HRxQkxT%XA5MyFDf$E*qxd<4pQWBbZfFejYp9(&egb&bxHc zcf%=YkYGtV`49B>}V_A?nxehJI(~#F`>|R@R>0 zIl321mZIJFP-0WL$w5$qUmq^GCtSg$zxw{!`>(bSA#b}zn+1UJ6(X+jI-XT7Qzxi< zT!&z#LbNQ4Lqc_&>tzHrkvw|1W+= z3E+$;re3NqV=OWdk3hp&@`U&=WF5IkhpO${~tq54wrg_MBg6_cX) zefPE>8;w^6RStuF_?CFfgn9t2uELRq;R}b9?375W2H1d=>Wo>(7J7B0Z+l3x%SSoM zR3=ucq6+UIFGRP&DfRb1ewePp)!$}wgBr-FA6rUqaq}vtn~lidYbnE6`Gx)(@xXk|q(o^h=?vrU+Pc+<7CUwwzSEPV?oE+%(BF+n*%ba-&ULebUw-z6E^2qI z)LT0N!UGN$Io3^2KFCLh(RWwV#v?ZL&v@kBnh~~v4l`P@pNEu*?YyG0kz30<2-dIM zG;3b5rv(>=*WGGBQfM+yc?zKi4z-D1r=Pk0q+T6+>cTo*AiZVj)0WVo7z-a99Q}Ou z*C+o6;+{jr^R8@iA9#>GO}UA(0t|f&gOWWig_hda*!@1JbE`>Meh}3EdGf3}yWRrK!8m3SG zK1%x=JpuNTT|4E|5gShtxgmNM3PK-GgMSQ~Dsciq2R^h#dA~*oHmLGm#iQRFT_H`- z?6>%I$ld`n5se6kYUoX%UW~KoQ1hUL)Kq8lBF~mIkMtGeGaj7z@?nR+Z)6Jn9(cwf z|Lv4vcq3}sY>^$OQ4A}f1U97<_dG#!VmzYePMrqTYsCEuaBJ2m!K0PNBgCwDvjLdZ z(H52BHrl-Z@wpkY{yyL1Z~JU8;DJah*z^oXGWXLdu)iWtTSQGEliIN-PbS7*A2H zk#RVo66i)8oZIv;Fjt@joPeCZT&OCY$OfPSAD2qu3Q4)M5jagios)cLNo#bsp3IuI zXi48y8J)?MTP|;s7W&e^0uUwMQi#h6{Fox%<8b=dAd2>c{SWQ z37b7O3A+!-qGKgTe!~T&)-!i4;CNWhAq_;wQn2$c=1pe>Q>mm)$?;h8W?03LrV ze0C^q<(QbpU0wVsnt&!i0jM5Mi9J}t`F7hL@OW2=%*u^N_t|qs*F~(nu$A6`$(Ye& z?+Xz!8rg)9hIgYYXU(uka|2}lWZm0k2CFH-TK$p_=)Zba$sEc;{^cv%z9p{(o-jHB zLAy?8-M`EdS(?}KpS#Tjo{$|K)H~uaj1w8DBg&)B8f}qk&*R9SlE<);` zTgZ6F|Jt?As(P4FAvIa$(@~oRLD{a_`{jh=_tgo~%tZ+wR*wW}@GjzD*eVZw0Gr`; z<0+%3e1c%e<(0!fLVRQ(KdMl1Uw^W&4=;`TFrJvQmsGSh-Und;F0zo2M z`MS0oNm*Rb6PwLGM?wR-_G+5uVdiDm3dLq-rYKvDEHKPpc@Kg7+2^MMq4>paG4 zBDOK;qbDmdSLuhqm;nz&_FcTa>2t09Z;jwS_LYa{7CO{_r6qsgzJMw-AeZ?X>6JnJ z1#8uL>1upTx%Ju$I1F;5EQ>-9N&vbizCi8P38W*8denK(vI8W~U%)U1_M5*WO0X75 zeg)H{GNkAA!d&&!&Z0k;9XsT$fxsoXOQNI8!7?|_ z(JtkaPxYb2zILy^HzRP7Otbi`IoTz{8Ub6Ky)Q(ydXX43o9ck|9r5e=mtUPRZ z@i&S6qgSsKga~*XZT`i#Z3RDeq1Zh-C~z#X748L707X_WPr{mx2TqY@XIZ7_cFSum zJ$Ira+4M3OD~FBayxwBY!(R;mM`#ZNZ|0nY+(ld6K-}BcHTB9N!hTN#w`q0WPfte` zE9(tqeAU2hu5`KFa~G8)Qxx^=0sd??&B=O@2Dv;vwizV$q!5HPcDu$6*pYU)k|PY@ zTiNc)(H4Cv$S#=lh;b_>^4J@O&_4fPpWk(6J4jMA8#F)a#OGpTk&_0MMtLb9RRuG& zMlUq9K}tk`D|0+a^;bY%YaGHJ8eRkSJP+!av%?+B^phSD%;ZgPPq?iI-s(=Ajv`s1 z8Ie?h3ByJ-8d#}ABFou3l`oxGad{oj{l3?xMgE39;g6rJhDF5w75<>aK)&lCy`Snu@0>b5 z!@*M@a}wZ;dg<1dTbGhnEfe>s2b2`aqE7?iAAQSt)ROR9)D_iVZ{;#GN|hiB(A49GNMNP{W zW+m+Bdqsiy=wE%EI})~pHtv1h?nr73jJhdiurHTlGkOX05GCu*}Wsryk~b{9T}D+h(e|JL;@4HP=Iq z*E}(A7tG7p<3Gieiz!UH@{?eOnkmi8MjT^51o~Zm@Y{(Unc08>OHkR;2JwF z*Zbqvr(Z_@{{Gl~m6V_vS-aVl2_G?_KbO9Xs&m;3#MJ}Dx0)?u(N&!+BsfPt9Ygeh z_rJd~N9Kb3{t5dc-{@STqV2CSZq?Fx(3GYVF}M}vhi-@_F~Q7FbTuEaeRCBjfI>t`mRQy<`5i5uWxw^ zUis3xm(CsIzlcKRijN)&psUnI5fMEbRwPx84OcKTIXU&%D^Tck2g#OB)XTGgyKJ0z zFe|=_q&RiC2@MvE_y#km-$#TvuLqYY_B@tmS7P;U6IrsyULKj8;Z=l7V8OSvOdmlJ zr1e--RZLm#BxB$x+OHx*k!M<}}6=8^%H-g=RT8Mlo&zE}iE$E3E|3?pb;Hn>du z3)?3jFR<|H_mG7%4Khel{PYWK9`}&thOeE&I}WkQV8qaWV9@wZF875b4?=0N4n@3Q zYkl{3bd}?J|5-9Rak+mY8GDBkl<0@J+O#o#e*ge`6RTp){zKmqflo-t4qJ{J5Ep5ZOY?e_A4+=#a5&eb7pzH{rJ1u~8v*ekJT6k*=fznsXeR?kg|IuV&q zO9LQ%Kti+6Y5^Oy*Cyq4lt!DM4sd#%9jmXbc^)wHK}yL4rwy`G{4xc<5nu*wrFV|; ztE_isiLIU%yJotT&Ucz5va;5CO5v z{Xockw%RS60y;bACf;VW*6S>6mG36LPggPScp<`YL&+DwgWn0YKoU7USqnB_4w!x3 zbaW}-Z>|KcBlCW_1cA)n$%i6tE=C9Dl#<4m&rP#vmCj=CwhgqN z$zMsf%)c4ir*@~QX}r-mb6hGY5igfj3W<6=OP($;2%GnC=VKg^f?Mud%Gw`wUV@(j9x+v-;C#FVy;cu>y{kI|gs;&%)SR!qePD}l)O$YK z3|`S(;?U#LHNC*6;nmRenL)wMD8v?yOhx%IEYrlk?~wAjAF&9*zxCVBwf4VVRZh~m zA!RNvt&A-vzkP+C(b~J_)=|QWN!o$@yip=XFmp7PJy1qLqAJ z9>y5E-U`UlU;so697mR1c!h@2Y(mqwGI_HRsH&RQv@ZyWO&>q%8PE-GKaC3ZD=*FV zsbEYXXMde3;HI24q0}L0-a3yR<{f$(b)fDO`oDX+eX`p@PR+oek=JFKkdiUei$Ya5 z+FUFeP-Tv^!m4E0ne=evlFLMUOgOU97D5&okPpB)y6X7IDbff%?x@G8k!l+R{^nSv z`|Vfsm8PL*Z|sRH!v=Y{dN6?PeE2SaR|8S&WHflUXN3nXxGH{JEJntU?<#@I$ZPt0 zGN@WENBi?MJpic?*_<-LDdeI+ScTFH+ERnju1YF*CLT$LS`k?GzncWx{hkJA-=&S? z+10@@qBj|H>Z2dn#}f6OB&od~s z>t$z5cR(eP*bREo^K6)Q;yQ#eu@`Wi-0DptZ97?ZG;;y3_0F|^Z@KkeD?GJTc={s8 z$#W{t&b|3Np!QoiMnLx5PK@vkaw4d9eV{jpGZTcgRIpU~Iae`18(;$!(-_%=-G#6 ze!nQbu(Y-fxlsq!yHyR|3cxS+S9^`UfS5w00zb(+;B$8wBH_R*e^x-4i<3xyetikZ zu>I}7wb`&Zc&%Jq3X-vmY?PZN$)UnA@i}a~*MRznThqmNVc*laSiq)J$BW0m-Tck& zj~(X1DHBs82}213pN4CVe%gV!OOb&EzPXy zv8Sqns^ofmsOIk5vBb~sJj?I3tW$$35nEX8V^-#3gc8{87WrfOf4WlOjILBFDLl&NT650U*dSi4PPWVp5 z_XalJOF;kL^67=I9Kg1yC9Ch5nu7NqcEow-T={J^uNEh1%sQ_@q*|om6*12jpeF~{ z?#%%{KxJM4$h^gwFS`V|k?}Rx?ucdqz6>z|A`R87z>RY|nO)NcNhp2E=$jp@)Dn+l z6s3%QuoFOk_UNs~2@ZMQi&1el6*(Os39-pLBU-E|UZ$ur=5fz@W}701d20{f z4_SVRhrio2|D(W$jlQ&hJ*UL5asZ@dTxqe3h40f>ni18Si&g|qW;2SEtVSCCSiYJzg1#GbJRg} z0wD@^`Oqo=QZ5=v()9VD@Pa5lZi$vB$$!Bs(EA0qt zq?a}W@PUFMhkky>L~j;LcJY*({)Ap<697nOx4D5x23D|^DXOCj6JnqGi8|oxUSwP; zq`Lw*@Y13ATIe6?di#ZA)w-*9XChuB9_Sy{Vt~s|jq~O}_h)gT27I{YDpvIjKXHBA zmXO@JjQ!oYa!2H#lL=0w9jjdr#r4}@QN(`P8|yxkdvdYpiGnx-l28oOdTWw%BR`O? z6&j-IF1yjherD8n2fX2?Ql0{V$1MYIjlK4migl?8O$K6v*dc$VAXLQbR+2^kh)20J zs4F)Z3V(Hv-upzlUU4e|6 z&gkvK7xPF(apgHTy3jAwXt|Xj;9|d zIL4Ei)BvAXVNy4f15EEwSrwBpm}3F=JR=wJ)s6?`#=;E5p7<8%ar!&NJJGOpDm>uAb-RDQqAT|WK(GOb`gg-?i_-Xb`Il=()6)`R z!hW(wM`wR=a5=2jMTI2-91Xk{&DF#VRA+og_82Fx*#9XZF;F#b2^DkX)%S0hxiNYR z6zo>+MlrTit)_i>K>{5?HIK>R0~u|5l<$z_h<@{D2!IRKQ^V8Q)o-)vv)5JCxRq|A z5n#(uk(Ng0W(znngLR=_#{zV-QC7dKHr=>yx4TTsoy##sA}+sUpEOOL9R&(vtdP=^ z4pGy9^SlC+ZQ%)pg@}spo1Bk1)#_o^va)8LIDXV48QW~X+42z@zdj%2JS=gZIM^8> z^d0EvF3Js=q!58LC=cGY;3$iWcS}0XOCctuL2yK{=h5M}t}t1d9$vh2O>)$tzvZ;N zIQdrL_99s1Ox?Ad!ZdUvs^}GTryV^5(!C^;jhD9A;4?!#&FN4oBwxHw#hw|`8BId7 z>ds1lWNi-8S?9xKPw5uO@^;H*Xi)fuug+_vR%B|EO>wDzmB{PFw`t@wv0qKDrYHLq z=#NV>1ZGUd^ghL`egf8we(h)sYmUkcg@mG_VHCiss51oAjlE9z0?i zVSc8cB>r zOv)=OZ4Pz(T76P$O)X1_6;iR{en13xd-bY;I5FiZKZ-a|T;8EixS;l)mWrTSrp=?j zs$$UD_NzGqB^phIPu5k>SZ*B$_P)&tF2^YlgVBg~#DCMb_>0hNbQvB2p?)D0AtI~6 z51)J3q7RHZvxh#|Va-_?8pZi#Q$0ko6&)t!T$7(eLhR)W$ z8mn}j4`w4J=I|%uEjIOug30Haat~0RX}~q`E9MIlIZYhq8R~EnDj*K_7!j|os8ckz zVil%5mHTlu=#i=cD#9{kyedB%Xx--Ijdx=5m{gC0*Lib z75~|l$7hb2E~3_kEMN3ARcC4GWmjjkF_!OQxEK;UFWC7ZBJ1`grQ|PE)a@3-1x`ehboneyD}8sR7z;zkq(5-?{KD zaaX<}r4Cl2*aaZ=H&yo7w71YRd%T&KtQ^bya#cWCWyx>oS1&Zh=C#RI&MN}l}l z&90X|<2iBk_M}~>R7~&zO8MBd#2RV5^{N$7dMzB=QoqA+WQ;%v>$Rph0~d%1Yc%uU zE3ES=j;PpH497qBEmG7&)M=c@Jx1M1HY|f+k_$(H=^tw6J-+Yh(i(%epyW#5Lq?WE z))P7S9WJ^y%Rnm$$l?U|QXTM5LR(|z+ug&8ga*vUR(OCy`iqNvaw3WEjUP(jH1S45 z`rG!s$@*P=Nll3oVQ+fAc>ZN=@?75&o2z9}Nl~@$(t7cpmkpjeqj#=5^uH@;`?x@6 z&G={K_!Dg2E{z#ug$v*@3>pFjA834 zVAO0$_KGncMe%yqM50wy2NfMe=%G>ZZ8w2&UYU%A;F=F5LH`nr9Qgy=FMTOac>PDi zkN(M2$V%pqTvYpjIYh<4r_MY^BMz;n$|^ZCa3`gTD!^$_(*pi7Enau^`Ogz&D+T0} z>xmZuQKDJ+Z!H48rU$4i+9jM1@BqmN_}sGv)?-km{nB4}AOk|e2kFs;D3-kcR z4O#a>T%d4>y|RFtNv{){s}g9ew<;dK{}p}9m3t_c906!Rn#rBZReU;|%@T+9LcrIZ zC{y)ZzdpeAMj)LpX0ynGTemz5N-v3T^_R0jK;%=9=&_rOmbIsOGc|Z$z;mD}fTgHI z&A!G+I^abO*UFl}ZlF6hVTeMuGC`Gh={;AuXMMW6Zh%|u`2&IRKNq`FzJM@SMpE7* zxnv%JuDv{8mtxIp#>+bYqSto}SjcLuo-xF9Ksi9$FB;#LdPW}dw1l7@Vp1)PACV?o zzMs%SL7cH)<{Q=C8DO2z2={Sjrp5g8$6p35J*fp`(t{DA4bgqg*Lo@@-){nOS2~u8 zdgY;l{u{CI`Tr#Zzb`!_JIO`0*+C>P)vFFPx~hzWkb7i1FF6%PAh^`7+HHfd&A$k& zH+{O^~ikDuS#hg^-mB&euRgDt<9SZFxP{bi33_38i}|g2o#Y_Il4mi6W|>#r)nF&)Xuf z8mA(=?iV2^ptEHZKG1ioHMX@y%b6g=*eVHSrvUd1-E(>$>%eLZEpQ<7Ur*E({_87n zd0PDWpQ#8tIk<=>H!#MAEJtt-7PKV^NRMBb8ZB8D&I8*s6q1S^?Y? zLS0@Zl4~aaHgB%*GxOh=F0V*%T<%{Pr5p`uZ#b`=2e~AI#WF>zy7kD_gPt;cWEWhBr4L@2q0^ z%B$>)#)=Gjb&@|zYX5II?^BZy);WUxfw!V~NlzcW-(x~w4sN95JW=VpWtTJLA$pzt zl2&;3qN)#7*SYHKlo{?*7Pc4nUyzAMj4-T?;<! z$gk^X`^)zt93aiLn`U+yao(a1fdAv@%Hx^-|9GyP%@K(>Vb-tjiK;0YTRD6otH-Xxws<>i$KqcoMT-ZJt3gtcPz8sb zdb9XTe7U~(YZzPP;>)k|n5a?t5k}c9(M9?kYjS7CGS1t-KTc7T)3O^T9);VbW+4~E zZ@%VPg3?;q?acSFK42*m!M=BoxO5zC@H5RCR;k~D2e8S4;>viQG$ghXUM`^P>siVy zXv&)d#y#$h#ZUsAm(Fyr2}x+WzZ)=!8*A$!T5GKffeVo*Gv2+2@^>J*zs-U$QxY8b zIjC}{O&~~tYp^r=-~j(zW*a21r-GDuq6w zY`mjGfLBfy<;C~MAcbK@B59PA`E{oq1uUSS033zL%ZHz!#P3Q%ld3ciC^<&Yunw!0m)Y2xXDTf4)7<4gV8AZXd3A@ffcL zQ})HY|8Lt%8;Mp?;_8(hf$m66Fa*@DFE{qB9FMz~ zwq&*Ku}vKlZzGQ~K`ooS7bTI_x&jM?dd2++=qcVBd=-bdWY{C}-+17G(-tRGwdafSm5>6IYu*4-5M(jpb7&TaH{nLcb7oHWV)rDpQ!`=BTLCnk%kc4V#;e01S zdC6x@Re@Z5Q?cTtNm%U_dxW)2N8eF$Ha6lC?>z(ey(JNxaB8ZxI)&Spny9l4pE;h{y~wBpLk3rNYd(1EkrLgGOaug!*UZ#vx)wKcWc(d7W0@V)V{ z*XZ|3x{KTdfD9CDrA}NK%DwB;DvAt9#qak|FfdI`Z^zpU=)a$Cr#~35pDw56 zlClhgcS9O+lZm<)0$79sa^V%brP}~UyHq3Pw^QiR_bNFvGAWH;{;o|b=0F%I6YIuE|lXPfeh z6^oc@MlTN8fEKr+H6VNh|8Qf%@8 zWiITqCN?U7``%uRfWWR!_-6m)7cN{Q1jgYxJJ|bkIXmptADWwvI-9=W7ez^Z-95hu;KgM`r$DCQKxL&8I zqr7Bg=6C7{{^P8NUN`x$Y``!2WS7r7?+R5mtJ7$YO*`46-&qvXh2cDix*2!gI;KVWpT7e(;&L`i=4iR!6 zaqSlk;d2B0d)-@45%JFB4Fx|+?cPh#Wv-zb=PJBHXOcxG`eXt>M%&J&3 zryaB`XgL64;MNElVQV2RxZtll`-Cn5?0ZFekiVe{QJL&O9#nIx1E%@J>1hXQLXHq% zc^klJk*EeZ1<2KKLsCT(r-0g@&`CI5*~a4w7-Pr^R(Y;MopXmYA8ynjHHgzn3u>dg?P>fnOAf z?+6b_NdO}4o=Q5N3FXIy6(3&DiM{dbV{s2($b5%d?6a$Xn-jh_OOJee$2LM~4+%4@ zk=%2SP>`&hO>5_7Ed2nC3bLi_GdS*qAlOhuk#EltmhF}AsXkKJ2s=#zQc~9WgRWPH zlO7Bnk=DIK@g;qhREW8L6gOZ=r+g&1UcIebG%xIUnP2k9 z)skBJLrfYMT;u^b?C_B)ec;-ixA%^vs$e7UyHM=!=ExC7->lBsBCvoOh2j7A?nDUY z8kFEdO;~8ur(_-uA=8~jk4hZQSla;lWkbn3V4`ZVb+5W-uOIbnF7*;eiKh^w7HlVw zrs^RhV<*Uk47@LkN{Jx~zRdG5PScHl+*D?YS^$rMeBM6D_41#_W!yu*(OS~nA-X7% zW`NT{o`O|oHC$@W8YU3$l1o-K2JskU{mvCaKa zP&Dhi+5v-SPLl=JJR~}xGuu<=OvN*69&prU1V`C!{(3HcTasYN96u~xfk7o#z59kP zsC@>HCiE9zekgZVU(Ry_9q5?!1f8SW`(*#b1ZGTRH(y&l6A|~h@o`vho@3YqwJ6zQ z$8DE1Q45Ff(7T44#IM)MpV_K&(HoODPa^TxvI`lDb`;vqjw3R+U*Vs6;m$9bIq*ws z10mPhT;UZq9cMHmmetqJlOS;o$Es@O`#((^||g(ey8e~V&PQLRQgBaX!Y!`Pq_pc>KV$Wi$zJ6Z-EQt zQbWiimDU1_j%BwZa7B32>0nJYGey(A#w}HA8_J@PR5dvZw+fLq(B6vS2YTCZg^rk~ zzU@0TAzn5F^?gK7Km)H1YZ*{O7W?*wgF6C#N8&kdX@pY4B#~%dBT+Mj6PtblK$jR(RCvMs?aLN`kt^#x272C zv(L1-{*)L&&%#1R5LZW!^bY%%atc^;_>p7aed|v&L{Oyd`BcrvJ>;d32tc_{$QUq@ z%EB?z9d$bpqJ#q;4G-{nqzoU>Eb{Pmyg8wvsM0Zi07h^@7_QtDm!-cJdR1JN-ufo@ zcg8WvxVV_T3q`gHjYQcn`Hs2DQd84RlFKC)1DZ|*km+#lNt&-b7I~Xgv>G-W5y`q` z=VU9cwURnZ7ous%D#Vz+l#Y%yFPIMa*cYKTIJBKUGIIxX%>EotiJ4nfvPuJ+zK6wt zt|UIX$3AEecp}k%o^9G-&2UK)F|eU1kBa+)SkJ)hIS*Okm~1+r@SHu%c%60E^NDZS ze_M@_S32ubRzq}llV~}4P<8mOIRSv#MG52J!AP@{gFEb}#(cB0AUivk8=rzl(-|x4 zca1K0!|sAh!khkXZ>rx|FUHevhw5I5U7f_8pQ+@lxA^hbEnsTz%%PFck2YSMv!N#{ zM0R0~F5gtLLE9n+&r<&Y38Hgby(m~8td86ea~`1Z`&q!#>M_6fn5cAuFW?`r6eZAJ zapMhEKnrZPqq6^`m(qUZg)Zjqi$dD(eOPz|E?Zxz3B%41P-o!`i=X*%8Pm7L8SCTb z~lqw{>6+Igu3iQeTFM~L{B3{?dxMLFt{E@W=dlIh5q%{t!l z6LcBc){>d8IduA?%#B!)!IjJz>+H2l&$wULIKsqwkfO`D}Wg6l8U7Xo!cJ zQGbeMdMV|K>FYR>L%R$Lt9A4~If0NLJhZR+FXrH6Ac+uo7Ha4=8pp2bCQ@wty0W+BFR^NZvK5&PZhR`QU36w{Ac^PNe*_2XEoQ_4(^^AG zO#kvpev(NJ*SF}OsPq2WLt$o|mINfp#BtC&Sc!tMfmKp75COE(WDmydpt;vhp?ycv zDG|y72@~>yP+_E3rBx$#*I-J-tQxGd4OOFjUgHyZw{0A)A8gWXbFlSIU|zc{F<|-j zMZ~%2wx{6#xQ`?*^qN`uk2y$)x9t=`-%|N{Bmd8MWg_I1mGFXG!Jh=#uu9<>ZUPtz zf$eHc?!ibBT*?xB`CU0)1J6@Q?`R0$-yh~G#R*lt;Yp5s+H~*171*W1nJa8KX{n@Q zClXAkwN7aY_kDqN6%?N$S!-0{wKb(26kJQ*;RkfWImW>mez;bnhw` zDa0+kAxZutw--*?aM!|wr~**GS5gpWuc#KU*uBQDa{+E5ZaVqjiO8i368tJ`LE7{7 zgAPQ8_UDfg(I0?Ik*0(JLq$P8+Ra2ZObWPS|^c~!e^Qg!_3nJfdGo{AO zyy=yEU9 zVvzyNXzoc{4#r7CJ$OsAy-M2bzBb{Z#`m|joD&xB!~ZM?N4VDeU*6Lzj=bEV54GjP z(>FU&fXm7yCtm~d@$cgw#z4~8yyT%Ym26`z&n>Vu`~hw|J6VBA2D@+>bJg&}lSc!_ zDlw_x;Iad`mkN*(Gqb1I&36bgd(Cv4#iQHA%*yaU(C2jT=ug2lJGqBy zMm_7i(lFx{BTb0uiNI`>Bl?SG1a0ExYcr2;>wOnA+fu)0%3gnE(Q*rWWBM6N@}v(_ z69)O-EFKi%f~=CgPo)G)lEPG}U4!gjORhgAAM}2k;<5v;za>dPaOVpiWI-m(#DAlq zq@Q!2lxY)ZtZ?#zuzGwD%k2){Oxy-73?{Jpk|?R3t!{33jKv$o6(zYX&5u^7#sA{u zQ2>SDaI=KSuLB7G1Uli627e?fK#ED`wMI4~C>z&=|8H zp1L#Yy&3e98(P5E`{>A=w#7`9_R6ayl!8k-Y7~g*Y5~A2cDW{%=+Skxn3UKQP%S6u zebwIQRRbzO)%zW^J;%5hY(r_sGrSH70(3rW?iEar0NnVsuz#dE6~P;`1m2MzbWk=6 z$%c7~a@mV=ffVfq;;Mwy;CFP~AJ;&&;*I6gj)=(HoiANwLd_TF_5`9*jl<0)V49&~W(TvVrncvN5!PQ5Gk9o&94LtMq%bA1#xzKK9aj+F$nm#{~!6iGwsFdBj&B|!D)&N&N!v00|Z zG*?oA%@V%2se3^*72wB>ocD9@h4mWYtZaXPzhvz*Bl~mPD>9kH4{|(LT)K!b8$~%P z2MDs<_xCC>mcfG^UW``62d{`~rO8)bk2r9(i~@lu0Yv>utlU#^QbvvkSDz|+3x5o* ze3|Y-X((gOULU4IDeZ2L8kgJGj{O0eQ-A7h{BBRPmYs%_WIp>)yi@NN4iY_Q&`Db2 z_IDZO9XI?G2i}?ZLW)Ull4->7D;Uz4(YP{9@Bg;{N293 zNjFel)hvkEv$S5XDrWK6zG{-NC1FF>0Gw=3gR)T+H!^_a#&jRJ=FH_27Eaow1K+jV z`5aT6Sm!q>S!v~?V`1_HR)KEztcPq?>E$obqH~M~JKYUQlwTmkbMtsG*G3p|vEVo* zD`oZW9U`73xsqkQSb;e_TRZPW5n{bog?53RO$fc!v!3SINB1y^U_N6U@+9p52lkj= z`7*~`Y4<(#zqF#a4`(EA7=OR;6x?ewHR`;6Zq@2D<0n1|ir`_)W71=#htz(*!tX{d z?zt2DKG@AWVz(RL^i+Sz>c2DEpBtX;M3TA0cPR2*g3hV~9se*My&R7rdY6^9G>BlmKM*v;W~%7Rirn;F$*l z+~3pSMK5h(_5r?9G4%x$dWwyHYHdhsKgGVvob83BQrC)XTF+@wf7H#&ND3#1Qx5tX z4z{2UP7-J+KM;RMpu;bUd83cFAB7C$a{hEYA=yXXeZAvzb&3=tmEa;ueL)9Rb8S*5 z@cU%6JT8GYGn3lT>oX!fH9*wgOd-cq@$lY@IT<~hv?5D?#3=bhY1ID^;}z>3XmDR_uJ9g zTy3e_HKWNRIoGoE(}%JwKb|3G-)HFB8BWp12}})Kh&)3*+?LEx-za@K2jp2={(kF{ zy6GS$^sLQH%JXY6od1Ts!1P$Xu=gSaN-gu$Z`;uDR-g_0M4`2K73wvJk2E_4>I+|jB8h7+fvXOh`fY4Eh9D6u9RYlK z5>Bv)^ReE89L{-RJydY9=L{cO>?<6lwqhr)Mfjp|Z1YNBS9VagEQzE<9Jo_#(4aI2 zuJ46OvG?ExD%9R#l(LCgnS~L@LAUP7Y4jWn&E_Mtr0%;RHKG9xUw*6N{O8DmS9K}r zr4rp#;w>5v!)9H#qiV)eRwiw~`eefg=x#JrGbSPp`TX4VLBzDj8w|S&dqR$yPcV-> z&bb=UxiECB7JGs=@uxRSI%vS|KH-Veg!adM{sV#Wo{XGIk79(iJ!q9bQtkK(eBk6_ z8#Il<6&hPFj7yk#dw%K0c3#zlQKH%_q{0X=5LmDc2M6&S*QNTpP0Q* zSDop-M@bqvMwqDZyal$=!13CG*(TCvq}vqp)drw57-+$(8TyeXUto<}F_p9d4 z9LP!w<2;`QW_!7BbDo$`8^W(ZM4n)({psbgokBf_-C6b6@HL4U@NOl<X0^5#0Bz5K0~<)ZIwz#?(sEu?gmUjq z1Hl*c&o0L!X^p?+#VE!-=^w3ZP0%wYhCJ7&3I@X1_B#3=Wi_?Q%ZvxpNV2|gA1jl= zoXxQXDGT;m{Q=)4Qmw5F)9Nn2eV6x422nLzoBC^q5A&)77dYit=S*Ezxx^GOV1k?h z=!Nsw3sxpZ%uBei*5x`Oae2zi9i~6!Nq^o|OrZNZUfNeAl!2^p*HgFQmn$`V4YQdq zSEQsN=9Bn3|Ni4&qOLx0<4ewXG(YIZ#JuGSx(m7@*oVpj3O3Pk;OF*+@f3OB`=|N3 z94|_+<$EIqcZBPu7;#O#@j=;sT%Rtc@Ew{6K?;eL>3u4^kP91}003OsS= zLN|(>hLLU=U}w;Vu$HRI`VpNw`3~D%NkM?))fJV7xlJ{_k~jiCCwhuV$#fd0#*|%Ixr9^#ojZ!LLoUNsJinxWZNy0|&)Ze()>>H2J^vmkL-I5Tfx?a|EOJ86_xtCo8V8pwFBXpRU1!HoQ$(&U90izL`W&#{+I89EIa?)^@K`(3%n#0s`8;wjAW37 zet{RPl52u4XVM?lVSG+v_XxGKc59+_^eoD}pL}VSO#tV)*WkS0oMsP|99Y{a&;6Li zxE43_yq(jE7<6ra{s?i{+K@*VMU;7a11hQbSNhmnF~Sbh8z-%9mKxoHkg7EX+ji=e zA#WYuZYdL5`)*q7Yx;r_t+Mp7dkn0fe(dcKovP9EOjoZP^IzA%6#XR0WzQ77U4yL4 ze<~NVuR^$FnJNrvX>_c_sKiqUdDm(>qU^@Nm%AQ)p?|1%2h4S=<^WwfZccdkobWlP zVvbp(MED(V5>FXVg*=zg<+`$LH&T?~7w;2-V5ksUJC++EPwhgFn7bQl@M99kl{k816VkPacVc4JR0s~Aza28e=2>r#7v}Ef7a3Sf5ijIUB*b|=u5k6&Pze4RsPJ4-kX5S@#C|9Es=8Eg->3h`bwRqw4K9?EK z-Gi0HgW`z-Y<3tZ_9H!Om74l7zz*q3-|+PKcJ{7>y=#^`dt^ZtxOK!p@rYA&vJ*ZNfc=C9^$FI%Lo z&>bvJj5ttg46M~Q3WzjwgW4d#;n|PT(BU_Bu2zU3j;EUClR(3S_Ih_=fIsi5n=RWd zLI_Z-3bdyD&Js|QKxzOx=ktZW5)VjoF)76RJlFCIbU(|h3_uV3+9VTCBY~7*Mz?;+ z14yN?H2SJMbp;GO?QnNdfoJoK`q6T$^UgBFJ8rCBfv-`38AUDCePv`V&ha`)C7kj+?-Z zz5U8RNcywVWpoO;{ca7;u=+q85T9aQortJa^NLV9iZrt~^ySNn{~J#YUt3<+O@1k# zaC(i{@9UBi%=R@@wM2f-nM+S-D7fl(#T-#k>VNlQ_k$yW^Ln!Og7Wy^>50TMblMK| zo0X@;?5hkn6~YUwlGYu-y;Jh)U#?M*7m`;@uome4*NjmRa8J8aOdg25dnV!WDYv3@ z$#^4F2bVoJgea?*n$&zuq#^7`fPZ+`q-O3E8=G!zb#@#)nkDVNNbt^hWX5@L1ZmR( zlj)$>b&9S;eL+N1X&8kmXy zN+wdYAfYsFk47jUk?a5+TPQ=KW6o+^Dk#kg7IsUvXafa$8kHc$5AZ!(E?OQ1e3yXs zZ@Y!xtAU%>Eu)n>B-g(;5dh4Um&N&9;z;R$hY;f(9-howOBr^w_h{7JjN<*nk+#k4!Q# zH5zjk?DN)BV=~YXj41f!!7EFfTi+AaZ)yX8d_qSTVu$48S3f>^7;9TccDuhhn7>&O zr)5J?F8djFNE~VV{<)pdcL19yT<$7RzX-6!OVSWYK^*&XtpSNHC?lL?yy%U+E7-0Wv=px1mehKGG+D6$wiOk$D`S|iLG9%q8voPt=PMy zwE2E)q?9VBb5zvpi8Um^VVEqzWT zxtw3Ln(caXTs)6awP;71$g3N~*UiFmxOa%HId_AydBR_;r6EJ);3r+}h4V?ux&rI& z-(&F}Vr4-95j)?xa0*F|npD%2hMdNG{p5$`Rf~#f`{tk zK?CRqVthOD$@K4bDWjU=!Vp=@^`c#!hP(Oqow)~rfWG_Z`rR=ML&&v`z30T5T64Ja z0LV?JQrw+pzOgV1?282@aUn&ecLZQnvBU;S^JW!CL(H zmVVxY4;@=auWZk~oSyssa^K9DE?Ww6K8_Td!4po7c;c-vJq#}(&ynu_`Gzr+x^3eL z70;b4SqXy^DIGJGp8bg0m8G9HE&90#^pK%9GGe}51Tqu&#JE=|6cenXf!>mMLC`yM z0mu59Y1w4E$irM@)r20|{PHjKOBv3cRqI&Mo=cKJh$20pMvIwo#n-hyU@;7} z?oLGHM>Fz%uIxo9Csz%~*eLL95+`0}to87Rj@`(;HULcc^251ZjCc6e6BkqdV1^0) zqjyFKrd^Gh$A#pl8wG_gB0hB}t{`k+&So4fEEjc~hGz>pbjLhVJicq|_SR+$E@X&x z4u&plKfphO#~e!)?yRF<#hCWG!j4GYKZ;|+Ry3YkppO#bB5P7mKyy=6*|9&y(Pm?E z{N8bZV0njVYDme9Gm-SL=lBK9T8W#H@j$*_#K?=ax*?Mn=u~2?0e9KA zm-BZ!YA5C93fk8E%uLZvJqP|*dM}Vr*U8(`tZe>uIfZ!TV@-^E74SfpV7t zF&P13bb4>JitK?sF%#DmKgBlxkhR&#kR&vv+ftl`2}ScuXiKa%Ex`^@<+e8}Z*HA* zAP+NMd#`S--2$HnBmESBx5?@-_ zlT%Z>NW<_86&64S@y}XnM3J9m0x*Ujm7!E+1CyFgsdP|ZsH|M>v(h+WeH;|cP&FMm z(Te3HYeDU~<|n?vc9|Cp=Hr2W!7}1f-7G$0QdO|`Sa^vpKNTFye85N|M^*8{*FNi7 zoT5$u-a%K+@2N`-Rt=CZ@M$oG*hGeWbl(2?@zO(SLad$;frvdQSQot9-q#yXRC*(X zIL<4Z*mneXJsB`)cr*4Q3ek#T?$#hYL+uRTqh4lJGm>dL`E6AVFyJUD5}bq!V~}aW zE4BTBu}rDbxD;^kVH69AMq#;g9c)K$Hij``jgHCB>@N2-%9&wiylwwbSsB32#PiLkfbdC8T#ILkpVEC~I)cjLQ%NJT{mszFuajBlKdg zz>J9t4N+Gyb0HU;f|(YG48aRU%Y1Y=h!7#c4nhECk&Y=LUXTy#e|+hoKTnW}){^pPFsQ;L5{PoSRH~)&mI4`$1U;bU~xd|uyq1ysZv9E9f_;;$}N?LTP z#SgE#%_L>Nls}$flrZMFRuKV&;kF^lR+g@w)p$9ZlEsUU2lW7%{{_?#oM|!N_vqP0 zF7sl+4{$f4=e;p$^1s`olZd{cnn!gPz1I+gA0fiYbbNtmYWY7nH{tK;%Mv0t5~RsK zPg1p@->JEv6Rj&=H53_yG*I@S^>@MDnT6T4k9-~U6Pxray@=?tc^l8znRL)|3ap%X zqP6R=D|+wh@GV0eVskyGyA-oZl~EB0wqBzkq;ob9Y{X1LxS^yyw`!B9RET zu9x5r=#z#xVgCB0zo7H;xDsIsEL+^zIaC3p%8DtY{gQfY#1*MxEPr|ycKD45V ze(=$8=Ng>~r`*}y%=<MGaG9Md!Jn{}P$ov{`H?D;G@)d1jmkni2fwv5+ z!#>r^jr62jBI>8RWSzL$Nk>sQ5<$Hl;n;3x_xl8N+WVJuJ}oS~`OEh0Yp zn=Xc%N3@2$1gQ{C2xsU;z1L8Se4a_7T-&P3WKly$<}>1Y5iT``QXAyr`q?g{n0T7r zpn=5RCJc%3oAaH(90z)eKoOG}JeyU`zyeKQXKcDJ@J{9Z`>3Kmvq>`xckA@mE~)@v zWA<_-F|{sefL%hQb+AS)q+&X=^-%l~t8qobTqhjk)`dw&U{Xx@d`6n=|5OBN{|d z8QX>Irk+f0;yis~E0{jE!<$VLj9sVvXs??!Szt;@ZRi8DUJw=ox~%TXYa60>R}l9S zn#O;CzpKUmO&DYT{?ldT8tpIyc&yU(l%;^O7=^KQBSUDs_4c#+$p^e*X-FWB1?5PO zGc)2Tbtb*bdT4M*9XEi0GZ;>V=k0#Of z$sRyig~=%rP74z@B{VsYdJ+5GLI;khe1T7afmcPBAM*ozrAsO4&yjI(sN2LhpUk+g z*PRtMoDW+$)sMd1vQ&Zz%s8QgX8|khD+CC#AJy`Gb!Zo&H@Zq80sQl!%3Z}X@;@Tb(A#$w)7?;^ zt}TVgq)e3%Ya?TT9YhRq^>zb2^zXLF&Z!yZ^RU_lVgQcCCS2;T**ym~l$79)y=_N7 zYLHS{>9wjcXHuU~Ck~yjVNJoQpn9Bk(Q?|?o3iqR5cLgtT0$p*t!HXOk%bU?Yx^13 z5*j+|(u$T{t}@gbLnj^gX`mITBnpCf@kbrJJ$s+xinJMux1f0`qv0}CTj&7l%QKw? z>Rr8|NbZ8yK%X~5^+V-%Q=x&gk505osr)-LrQ`h9 zX^!3Lflhw~n2u?s(H$A8)4Gfkttmjs zKPvPlJBS-z+(oS79Sqn3L#x|@9*WKv-6I=MI&M1jpTV&V%snSyO#lhwzv_i~RlvY+ zO5_vzn=!>#fku|`F7X~L_fUNM%bGxMcvQ~75;ML1)hOr zWwAy@5rxq!Cw^kXCtzf5)WTKQvx8rU*QWBtK}|nE`3x)JnRReBITh>y%iWe&n}!ar z7YGnpgg^GWoG7nohe^#;@F~Q7V$rg3F~C4;@Q05#13JA&WQGNBetX93Gsk;eW-6BKtz+{Vx z4zI!lYU$~-dyr-R&Ch;f3p%~oeO83ud6)LneD~_{xzzJo=KNt%KVETAjp-Ls<`nSz zFPz?!A6GkHo19xv7_+m>=`2Pt1|ishcBS{TXPx2c#PESAYs$mF0KpUh-T3r%CLs)k z7D})x91$%uBdak$Rdp#*-18%v=KN3fA&&rDOJ;SffY{NDGcX+gKC{bd=s)r()mO&A zT!j!vlu?@>^mDe<76Q$6X8S)m+Lzrm1Rq4GR@vUjIvc6LFE6RXG|gwRd)mIhk=V&z zP|W*Q#Pk!np>_|JD)yu_5c+NpsmFQUO_-iClN!W(C)J8nXi{8B}v*#tQ?;vc=2B zwG|EVy!Yn@{a%pf_ItCN6NzC8a?O}w(JVPO0XQrJ`$Z8&RHIfaPL26DX5SIdJHmw9 z;QY8x+IHJD18Kvc4Ybqr`tP~Qm)Z6BgHzkHQQU}Adww^nF}jJVL~?VD1+Dvm@(NN5wga@0jl;vt`N}|d!C2V2NL2+hbZD?= z17u})x~K)Ecw%oQ@i0|}?aqB4t=o*5tZM+WkJ^1hbnr85M~!XFSbsj79 zY~;{oKVX6L+1_xS0Bkok^Ji+ZzQQU!+L#@K)(TZ1JR7a<{Ss!v?;gfK%8ygjX!t^B zdB2DfT&MJ3C3-GeM@|;rfe`E|ci*P6qvt(rDS8~|F`&xKJiJKL2J}(1>H5<|E<_M* zdzW!ExV{E|{+O)*K#+f^$Ay4Ihtzt(0SLdc~V+g{}S=UuF~$^)X2_1dxcK3GM?+U!o-L{e$^O6NcW25MsC;wmBFSv?Hu$*tSFk+lu< zqQNxdx!xM#t(O0<<3DqyNYnc-EMX@Dib@;jiCHVFn)6J$M@J^;J!15M{tWnZ#BP^L z%z_YP7oL}y#ZZ>So*E~+sq?PjZhDcc0@@+c!>y4m8{D&oV zvk7Z);LwbB%g>JkjFW}>t+=2eD zR81k^AC^@i?1yo7peXLw95x-$VIU?`>K?gCvOJv9L`yiX{?QBbWzg?rj+6y zK?Fg?vnPL1J5f+hQQH_8|4faA0U$-7&WALpQ~ORA2o4^0ue;Shh|ib7Qh4E^|>&nEb348>OEv!3I6~lOgw|BL^&!`VcGKgARv^4VnSrJq+ zk$G%c0r4sh3OTlIcY=WM+!Fo(9fgjyf-i8>b`zG&fCJ!#5aQgmRi#;TQfAy}wNo9& z*?}g4VXr0AfrDq=OM6liUt?u|nGwcRy|(-&6)Y$)&8Wn*$ALve1ZJ2OaDjOq@0%jw z2lj|x=)n8ulDe!>`lyvKe=G>25~v;?RKw1rmAWipH(s?LTiLV(X2j;#*yjsb*YAI! zm#9w5@wvO2F|kazvIDuU;?sU8Rb-03-$ZKfQK3(Pg{8YyW$zJxo`!L56SeHD9%RIo zTYy7p?E@7(7`{ga%acQ!pHLLTH{3{Y;D4$!So4>Fgw6wHhUZzQNU>7W&`0ejAhFfI zHRH=&@>t7D@2MsnDAX1I=SVaMM#Ty!7sQg!8ct{_aHZ73TA=VnQ=s zbr-e`eoT7-I{7YuH2C&f(gbBSNThu0MCkJ5sim9_ov69NN5o4{h#qoPNvDNV8tAM= z>QET1J(8P5%=(oX2SQZ%TT(%$Jpl9rG{&BY$y;G%@u()u9x?rkrEz)Yd?mn!qG|@{ z)N>;>?!G8cGj^u7{{-uX)*D1@_w!xpY5j8SN(*4IJfzI6zI}z=wb(Rg2tc)eQxJhW zadz>CdDP-a^I2_zE$GAKtK6Q>H;gQI>+Y~W7`^TIIf-LBEmPrVsD^Y5cX3xZ6U3Ly>r zm?|xB&_xFw2Zc}GB7V@s8IFUG)cJXvp<{wQjSMjCELcxcZ~8y?fRw)mc`J2A{N|_s zzvt~bxJv`b!%`j&9KR!WhL1<_FRdoIs1-^yk!iEy`7=Lr?!;I-|gDAka(X!%F8uuaRB)9rk z-md!I>V#);*NpAAuTBBZOj>% zpkKcV;h3GF0InqzQB>-6KQcqNC~GpsHUz~t#uezsgKR-EB$r8_n;$A3hF{z}ZCro~ z8r;o~V@q-4YevsD+uc~RRJm3IG-hJ8fJeO!$Z&vi^mV%dq*XQnHD&7bF6+1<=g+Mg zs8^T`*^Dh`7QJ=e0aDFsL}M;Z!<5~#CPxbZ9U*@!E{fikk@)pb&b_-AT>iMRFp*G>Yh;s@BR z=7vQlx(uEhK{>wbksl-+FoJ~d<)uT(>eE!2nENp00?m9)ejEr^FQzf^FQ2j0XU_NB zPYMXf9QR~>6&M$bNX7W43J*%eP)aKngzFv%%PmyYdFB{?Kptu=HyDAV;*!Fg=R>n_g?z@S0(+RCT+B}4Vf277 z*nyQN{hqB5to6$5TuHh*ln=eBgaSHK-y_3n#!CleFYJ3|+OoO0??3SQ8W z0KaAPSA5g&btft6u?Bx>Oqx~}AkugH-U6@f7I?t8@`DHqLSqC-RETrG?(*v}xVjKQ zrZ)zZgLob_Fal3U%zI_4X4-E!d>&C5f_n<&ctE3&310|-?|5F>xl4Oa-Uv|5jy1`N zof@jRL`-f9^GTr4e%8A8A}aK8wtR)@-WvP_SSx)_4k3o5`15<^VxI7T(e?n8{)`PE zQ-POa7?_$ci*CGho&GCrT45vjuCfRM8&D!*%Xz>7pdYJ4!I3{qoY;s_bv}$ zrpmJ(h}On{^q6pP!W(|@N+ z*$B#ktd=WYJDzg!yGOp?bcU+H2Lo%wg^tj7f3Vb_+njOga@T6gw@J8xP|I>e|88pSU)Nst;BaxIu zOD|Qgz*ss1&PNIURVMQ2WM{BeyVDXjo_HpAgx*OZIs_|CAskC$U!N9EHWSaScxF+^ zd`s6Q{6C3h*bQqwpcYXe4(QUr4|K1;e zKx891JWja9$LDpe!Q&}LFMlJyK>&Thpcrjyl_6`pt955s!VwUZyhGfJ@O9*+kqwB? zIcUTBz5e*#T*A9z$(2oysW|J9fBE!h7XyQ`p`7gJ5_|nXUa(8Nw#WF-5rEstKpkO~ zl~#M@W8WSjPvB&`a5b4GC98Ld091=KVw9qUW1e4son3LZqg#DzmpTB`wkj2MCHL`Yb(>d&(=Bj&@~%nWfeSw&ZiyB`K=RbZN&`6T()Sp69qyNixz6bH z?{w{_0*Cn0Af2ys2j7nnH8r`)I4r)7zM1xaq;}FdttYUrSd~qn02VT(OPG*53W2=% zK%G@AMzY_@>)8#`^=Lpsy-k8j-Ts{pf*AC+)sLQQ&L+};zdr5chrX6`zJ~I|>@sd; z(hHytfK#vzTp;g6f=b^flPq3nPvBQO8I=T8>Ka#mw(1P$lC61*#F)^Z^#{W{&FL+F z#=Cl8;ZSZ{ou(t=3*R4Dxh#!Fs%O~-Jqm=19%~TG+%G=%DSt;yBA%LXiam7q9SkxD zTx~XdWD>;5nV)$gYx}ME7o_taw3#+9dpvrSc{T}JGy#q%CWhT=x;pToj!yIE`ky*l zL2O(}r-~j9!W=#WC@wdyhA8)n5}tZCz<`bu3w;pJhY{z$fPduL+KMo-<)6NC2h0t} zo8M<>*?qak!#n{>@Mc;JhO}0yeT|fW0HoHedioUH1Q+OS2qR~yeaVE1J8((^ye<`^ zj;shCer5ki`doWpA7Eq+Z9csQPo|{tFC^Vn(wj^Ka+Yzam7dCf-TueXmH0FL|8cX5 z922z?n_HMt`sUc&SENFixg{jz+T7$!6PeAC2ob`@93>`1VslH54riNdjv^wV->2W7 z@OivHpZDkadcK~A5*n|)e}bP@LikygY(!9#O#42m*bCDL)&9Gux>^ZXpvcBDy3|s% zd{1dp$8XJnKxXR8+kI`^$R^`6j=_l%#>W`7%O})<(!hHXxXl?SxfG&-gulT>t{m)B zwb6G5Ig-^@#@A`1|0!^hvAvlC6Tus3no)_n(;MSD>&2x16VwO)b@g`IJK_ ztd+{Lo}_>WZP*cQ@DmoiFBE><`S3L;hI9@ChEva}6?@)$&md7fwN&IIt7K5_Cj+Lc zfI5myLwbJiEHyn9vetXg@(-3IEzlc#{`)<29u0!hHmppjWgf$jV#6*(Fg|LG78z8g zcBK9J!1ZJ<3~vw%=-@~aT&L2?wOdn(2^&mx8?B;DFoSd>GjjPHF8tU9J;G8vEQd2Z z9=0Hgb+@JH)0@7g`(`H-)w0zAPxy6-Q&xUxCGiT5Mfs;Z*%Qho zLqb6?TYTM@Hlg!w9w8Rm^v%?SHSVZkBm{qX+ar&%23Q>L2DxAB;aU1rP!V*eJfVul z2S2(T+nGG?@i6RI2#5Bfp;0*?_x=@kd~droTyRLea>ZhEy$mfr&hfh? z)ZvDbJ7fSfP*4RpS;c5T9ji2}VhpH7JfOPehvwVPt6zDFmE~rPBOW6UAqjO7H~Ga6 zW%^`2PGjj2ZXuE33&=X&2Rn@sSmx-zqNnzcZ+qjgKc;u|O;O3aCupCsS7+@HkP!S(lF~6D{c=f3>l@!k*{>t&JwAKe)K{t7$Y_Mz zqCaG+w@g?SkEW8Md1=pNYy zaZJqH&C{RHzunoR>kJ@_wQU~uNoF#`Eg+{CxN|y&Vc5!B@y$Rx0j-`L&r6h`qv-RC zwl1k_q!SAkagOc;Ao-uW97VTXLw(jXb`bTUY}%Ldge!*TN0c23&#W9zkL|zPbMC9z zT-NxF0@urOlqzq|xfy-ql+4adnMgPf;smfr*_(LdvFV`Dv5&p`CD#QsS@)b$`=+9U|>tUcVg zJaUxZD={b&<4g~mat=J4Y{i|vCwNnAkeU}?OJ7h4$Tdt3EtQ-yEX`P)-5f5H03 ziLi?Z#gDP5ANPHAUso-+By%YaL1?z5u=1Jpw;U4BefM69kRJu?g>o9-hQ0m$)8!*c z(FsrDd|%7XNYf!);5x%_iOf=N^S`sjaQng1E-Y~5VX67#GC$Q`;to^pLZ;W7{(-2O z_+&Xy93?^r0(VyyHS$(2axr22*J%}Q`CbIuL)T7YD{+APa}^bQac76DGuI2`V*Z`3 zu23ENkO_c3+oWavB0!&t`{Qo_K07NR9G=;KuM$;Bs>1+tMo3Wl_Krf9_y zRlR#_LGlZhANlHz({VTy3)3)rxOXy(Q7i9refjl=xbQMHedz`qIzPyrv^W0tpx@tn z2(&^>$zs5}G!H4QczinM<+$1ylO4-cd#g&4hS6&Kid1Mo&{|rt+;&A-L0c_bPY-gg zr$y_rI}~X>4`BKnHb9kFsW2Zmt-Tz0o{bY60zqA;K5YvF{I&K*w-Cr1HcCZ$+ckuJ^DIQY3--+(19a6T3Vt=LCCQtOE zX*BQC5o5t816pz^*QBQFBL!r!3R;g0xk$|0FBpofA>3%kMTI}C40B^)izZ6z?-$T{ z(-MPKw9d}#cdyS)lay$&@HU;l{r>U67AqE0MfOOUG#*VBrTOn#qvU-i5RUbI%Ubrn zv@n;dyB-pNf+>SE9jb!v=b(t}-+>x7EjzccHaT+JQ;}=5WrBvEK`t|*2u7y@M)7Q< z(tTYjbopz2q`O-|dOe`c)s}Tww)M19It6k|jFLyv3*!<*4q?S85vLaxr>a_Xr|w_Z z^@PbnY@Ng5Go>yA4`A1Uk|%qZ+DuQ@w7lhC?l`x$wk|C@A|w|$@8o7F_{&GQLeI&& zG;R4es;L^Zp+Jtj1W|aMQFLW(lPR6yBpvf$0da{KF#Qn6iibS|s>1SVF5F8yIhVwT zbN~40(p_$>6n<%c3T-n0-6s~28{4{c;{0_*@m=je+$Ju0b4NUi+JLyvp@*C*?J05v z!UO|tv<`b_Swd7RrvVA9KJuGwDY7jYn^cb&hJEd`mraPJh*qItlH>oPO?r?-2~VG_ zFsw1(%V0EiD^0LYN-5mYz{r;43(l)u+(i&FJD-c2-$Oy z5QEx(!rY4&{VV@&M@N2IB4E$vH2vA%oL2gj z8qw1ehz-z%e4q==!EPEMpGZt6xj_$MpQR`ExiUaLqb!9h^TIfLZk7r0s}w-&SM6hG zUC*cB4lOL|vy!IBX3lla5F6m9E$FN+`}FMaEH51RM_py9;IjTbu<*zWM%+9CnBN8% zv-5}?sfM$KFBq;=`&!H6@LZ{B4wtnMrJl8~4S#j7FLJYpI5ZYxC;X$k>{0{dgfjB9 ze83*tJh~#Y_!jINCH>e;n!Djihgk9GAFVJ-VVbngL3#t6%^7Zle4pV1+HlCwE-`UD|%J~@MY#iBz%#|J#oI+$E(}&`I2^tVU;YDDf-{qv@mUE$d?;jqQ!#(ei z*+7O+?VH1{2%+3lqFQ!=q&(Kb1&M? zr3cVoMM6OWbHfG|RDI#0h5Y6>$-S{n!|TZzkSU5bv2Key*t(K=HG$yrzTMOdpI^zk z-ANhM*^@R*ixJ}4NW0Jft!w&rBDj#6YP|}DDCsu@kFK16DA2S zW}@77{7X&rWbgx6w%z1xJ9w21QLE5hW5RkZYFqEbNpQ(?xf2$}PJe$f@jwuJ1ay6# zJFXd1EvAQLz4|i zHuRfEyl0#Wc=k4T1?*v#Qau_gCxPBA$wV_c%ihna@)r^1dm8Pku*lUdjNPCXG%?dfdaLIA~cI9 zAnI4gcOUKx!SFF_h#fd8w_jR7=h0#8Ll9!l!knsFDc(OSUB@o*BEYwvJ36Hsb?#ow z0%XxMm8O%@NUksul0gaX^OiAhjnWPILXylw5C%L_rz$^9e zV9(k$1ubpN84^@{WOy692hnftPAS~4T14}LZ})BB#TGf_?u*WzmLz8P zkT-gkg$L_e*4xxKPKGxeLpd%iW_-c^!5a?DBd(APqz2;%3Ljt0ot=R>Q&t>}SOK`v z@C6laI2Y~_Y!dx~^wFu)1fKypUrjbK?nGHHSuFm`;|wlmzHAx+jTOCOVk~bZTF>~$ zP@1KSj92&hIhiq~Q3*X^j%0>yPf0SUGJ76u00Zt6xT|(N3SVzRgJ= zC~S}3d!3B|?j)u2X*iZ}_=0_*!LG5lQ20vsu%k-bS1g`S^mZ_<_#@5x)+LPVOed4{kPM_ZCo&B^9Qx^{)BTAmv=gsoOta9;s&bVRAknn?#Y}#W+w1yOhpGzW$T`h>xRzBF(Bl>5FP`11{D&E*&07M z;Bf@IGta}-3}@R)*{5PkvdKDoM-yOg|NfD}Mv1q@Ib_}En2z|_@82rfg~*^^LDuxO zyNv=K#OSZ*8Yc2?#X=jrmBCIP^Gm zt8StIfFe*LAJ#!hW<#(Gx!9Y(xG$Z4Sd;n4{$xP6Whf?Rh(u?EsufVEmBE;BS1JOo zics`w8;P_Hop1HGqzlCCeD>6_Tnwm6_ylAzHA}ZK&;J!#6co?_*MSU1pNaYr18ORH z%E;nRQ3p$O@f61TRHRBzdlz{j=!x{^`X7(WHpGrG4uFO7A}A_p{H`^{J&USe2o z(5t{i{4Cv`@s(sV7<8X@mq(T(UfgfoC*aL%i zO!gg(LbK)=q$5#%Sp=YFoWyHBy%{+gY29taZfj@L??d{7C64c0?I5`P%{5l^5bHU2 zFkGbRr}UB7S7#!c6JK@0nN@ z6l>__w?cZkZBb-!g}yAWy*KdHQvX&3!~_18Yi#}SN7hKU(dy3e4oE!RKUOSe-J$iZ z1r?+=`ixSGtgwY0l9s`{kX&=%f{f&^9bfSA7 z9#>npEp;U*4s(X1Y>MQ@)6ff*4_=x!AWs_1>rT#|9Rz);^={?{LXOnE4Pg{1J*CXz zXGd8o_wpLs30nhBeCmC+Su;$^LEic5=8Xd_XR9|VcB70pi-ve#jiXrG=f!GBJc4yr z3ueL+{sy?&8FD*HGeM_AZ-I`6fKH|3Oddr+qi8H1_COhP zX#+2Q&zi{WmVj?XX4&KF{abFqBWm=2OWM-SV}89{sok{-e>+wTJhu6^+HO`Xh+5PL zYQ3?3LLR2Co+N4qYmlMifh$05n29`O(xaCJ?jpY_aoN9r7FV*jGsjOSPa<`x{L3Qq zRG6xf5zh65?V7juwPC1Tk{UL>$67rb%;p6ORq5Z8A8{xcdL^ z_}hOoKislbyC0m(J`QvX)6RwJY8h$2tBYm#!gXBt-hZKak1eTV`tuvw$dtz~gnu^$ zi)vmr3mw&d7-SMUDhpjw$9{&UiqJ|x-#0hN#$xwYYLjsRvq!fPlJMzQk)s;lyRGTQ z)Zm$$Tfa|Tymnw!3@2)g+}w1-&*d8`0tIVqDZuC6q4~$4DB4L8B7PSiC|@ZNk54uRj!J)F})H zN?xIpr0c&JTmg?|67cVx6Q?@LJ~(eZ51D79B-9EvofF?}na30ktxH2SV&Ob+oxg5P zm5;)>!xraE1zF=8TjLKz8Z8y>3QuzcM0q`uHbXy)+Wf$E1{<|q)zG?Mm0>}UL-eed zzu@@(_IxVHJGxmP0)i}6lC2;lWXQ^=f(P#XcJ<%xUL%5$K-a_7I(E0m4JA^CDkC4; zSdU;speU*S59<2P&m_%r?SU_QT(6)k>Zd*)gXwIvGIt97R&QD(O+}lc9vGes7%{m@ zN&~XlmjQz`8c=Tpo#Zt^EUFvdqb-m5Jc{!1)5<&|Bnii#uPOwhl!cZWuUw(S89@^< zG2Ycek*&b5)FPgSz^iqmw^V@30hj+O50E1EWSzYeWf{0P`=JKk6xz#8NbVZRUx zXJ#LPed{b$J)oJwbaq$p&-P>WAc9B^STrS~A4UuR(ESJ<`miTZ6islZr&_#Xa(!ffdXPyL%C$_jgqffxea@QN6WfPQnXY$@5_V z{)8`o1~vIrkyS87aqrp26OX@^`TMlcOz#2uDn4;BeS99k)vFCFXV|rAULH6r5k-Sy z7ir!~?d|{nXjF=V=D~TE`3EysahHAhqqf9E8TWXumMimK( z%jw+i0!NKGi$dgAhYlR$@p)AzbPld@7-}CV=rS=fqA|~F)_IwtX96um=~0#a95#=b zlcBA=GliN;ZAHsWbDjN>j5Lb$_AHlAr*uSR6C?|5Jep1cv+Qf4LGHl8$7?I$VgoDf zNoN=fm^S4FzEg}c^Zbj4DP|_bXAc4)uWk5mSgjRW+mBYC_sow#E|@@<&x#A?6u%sY ztI}i}H~?-iI4RqVTcyZgsN*YE*06xbBqH(Lsf4;E$HPT#!qwS1ENr!?xouwq`P!%c-=OMCBhC%l$D{TzfH?2 zGY`t%!#`69y7LfP*b$CDmgd5tIpSA(sATt-V(jJHqGbQQyeNaFz&O!sK=*spUJ(dy z$e{xMr~lrqGUcVbCoMbSo1`56vvGR5wVr~WOS*u!PP^Y%ds!ZDlXj@>l-I6U7pPOIShF zE1#Bl2ocg9WEh$CkYyfLE6R?5Yf{xY6!x-NE$?E9Tb>uokdX7zTO>S>a+a^Li##^x zc(~NfU&GDs6R-|9vt|^nqPK6(F1fBskaiLFI2RtDwWreu1EH=p8wt>haUycnHB6ji zWl*8x*(T^ui*9hXqL%ai#i{c!Rm4bn0MqkKfbi@wUs#)~3jTXb@f85QwEo^*w%6E5 ze?cF`Y`GtXSq96?(zron*;8HQX|HZ5>t;KO2rigFvnzWFCTO^Y0tH;`OPu+d43I9C zL7^kgSBbDhSsed#eB0}nxLAQw#^aA8AT<@Oga4l_E5}*(#v^I>hh~Ms{|p;cYSf-< zaGmtZG-0{r;YQSe`8nzQ_Sx5B@3MJWNgi!*GU@x*^G?gB#D{O#3FE4@LsskUmKvoq zAY+*JTuLdex-Iw5d_(6=SrwT8+wg^5&!O(b(7pC-m*|JrXm0rDTxwRh@*X$6w0ty)&Lx>-`YgRDv;>E3= zbJfj+?I%A+T~_;nZ~&&6*NxYwG6_Joj>Ktqp>X?9)OAvEJmJc5+;izp#;FHGwYOvk z(aEq{zD6q&SP?EK30Iqt8Io+lhfW0xe2ZoGZOwOh@}r#ZX+dpi$WvY$;-5NsJY^kLK`2@hl;pkT|J-4J?o>ZfkuX7b8(PwS zPcL5n(Zr+^DzqUzlD#l4uWl93(UZk6O`9ux$9(ZAEppq}fSmG?d~_X`dc*9`Bx{A>b{yo_FkG z|5z>j;1qhAIjX$DqQ0XgGX#N3!EcVGy|K$29d;T_5D-Aly++F{di;OGf8=ZrDI3V67gKl-24nkh6Fwlm9B#Re8Q z=j5)Raoa8X}&5pL+i7oitGqm?suihG^$^gH z2Ycd;dhjJkw2{(%Qcq;JX82JZ`x(Cl)7_YBFf*Mmk$W~P7;FOTcWb3{dKi5 z;Y&pxpwrTx!WQHC?v}5m;PX`b6RnQjBx6^lM>LJldc|tgxBuXkeOhs^gY9JAZntuY zMg1rO@aAUimljj&4UDhEP=v`4?LhKHfwt`Gj$kRa2=4O3TXv?XOfinAbEtO+kR3*p ze9KAZ#4EtQsK;Anfw_3G^^)7A+0J3Jzdg5XN?XZ1>S7;c+y1<&F)iab*Ly>fenXGY zi(oaDIKAEd{WXX`p!h^3Cexq;_5|!$XQ;sC0Yu)}v?&AeyIxjRFTM8~hv*7Kfxx&4 z(J_ZVx8oc=AS`6l{F-2cjf$E|*5eL<3ko}Lc=cJ=optt->nzibNRW13Tq>j8v+P&i=!9baN&};>ZmH z-FX4)Q-1?(y3n&06Fa(BAvY=yR{awKO+p-F4gAn9m@eSKrN!n&osy|7=5kh!5c&(2>Jbz_!`2909E{; zTX&?@F)c`V>67`e8nC17-J@U;t2o=M#;&u8O~cd6{*ua452tsla-eZ7!Tiuq&? z*kH7DHP%Ax)J)??f4~|^*F`F2M{K!wPs(Mwl@UM%n2&UfL-fQ8T?TEtS(JO57SqkbxlgQs&N<+QhNr=6AH;x3GN{9b)WxDhskj z(zBU2J-jwTGd|sLrI+ap-Q}tQzc;ABL&A>fZTxx1=n{`I3r~nLfI?QgO5YbLL-NSa z=ZRYQJMa$Ef@LyNgMj%V38?*mE&Vie^PN(dKy!l!N|iCBj>n+d@2~v!yYBV{mond_C_iZAs}Y@8%dQcoKzfo_S_@$nF8BJ8Uo_ucmy@DLmBJo@F8@plu}MYG z{1`^?5;d@4@y+JT{AU;cDLv^M-g%4>hqhoWb z+rPRH{4+KdViw$XvlQr4$qX(`Vx1H0nZ6OJByvpltK=-m5 zEU(MI8CbHQ9v<;GNeZ8;5$xqv!3zh*dF73(JoA8bJl8>75pd>U?tY=yfF86RwA4{iXM>ihJ*%6rDWl!;3le%(%^ z$E)xyyHAEbd_jz&a~Fj*KNS}5PL@4~X@8fwz6`})%l)>7P@5kx5Dr)ux(cQ``a)$y z)%?B)rP5ZkG<8`+65;PblED+Xd+6<_D%xr!oiKRkIA9a_x|{P?0Ty}C1V1~>A4-A z(i+q&1U#SmnkC7AmvTvq`UZxjG_4F@9sM^K>LW+&WG~_ySlApl1p?Z;J3pI%{%^R} zJ8F}qFOG?8_BFYbW}92QD<@Wp*7{}-{R*o+vN$Q7===YhYw6ge#gks;jW3tE{$Q^! zSgb6Le>tB@>b+2Sium5d*w@MiP)T_9-(H?={yh;I-@?;1@e1)Kn6g4*I%a)~l}hi( ziR`bBu0{o>WX*eL?&*2;L$e&cah*?7F8sbag8CG*_=?%G?KOmcmUS^rT>fX_t%ICz z^zR_0u>ACAdnKY8 zV>iqByI&hZY7|5%$>$n?pYN0pHmBICKRd<5_>?>7%?kib(%!ILyzTLqoh9j?*2zKF zR9*bsN)i?Tx=v9v3u2drUi|dZbNX-%#>w%!1a00vU#2>1o-I$SAsDy5u){v+2BVxk zYQW*xoRzTcmQb)pW>^&2lfoy?BdIH>ZOPwu`LLR}!^Zc>7Xi&bL!Jb7T4${^-UJ@6 z&&Lcp*C>54R?SfkK_9iWHR=iMmaIbE?g|kN0E8XC#j&37H1Nz!i4e z90>8a@Ki$lP~600Bp=e-3nD<&SSk;;fqwd@kgNe`taT-_#uZs zaKQH!NN$!k9kIHEkHgK!aV#^`0He6BD2N*y_Ps~}UeUsSmvG8TX1s_{jCpDT85SIp z+$I~3-0U#g7?0x)UW{zTPeO zZ0Pz{kx1a2#ghTmR+F7ZB^BsYcp+>o_)}rp zGmlI+rCYHtJqPm+dyZz_hq?7-_-NG4cJsTT!?2OJJ+pdY=a9P2C~U9d_Y+~)?G_jh z0lWBO@9OQ64m>EF%1#TH!$XJ!LFuD#u_Jj;cyIs+=1+}kP3uwm0Q>#f5OS#7Xz9~~ z#4;z#*8`DR*EG=#*KM-fxU=U~xGCzD%C@#x<*Rm6M5X?j@oR;{5LS0$NYsL_@?v_Z z?%BU4RW_Vr5wzjuteYlV>sCX2hf~dUNTSec>kHpn|0?A-MwDC5?94AOs#oTd7s1yesMg`r0^2SLazD_y+L?2Of?!3j*W+THJkWn@}q5uJ&O+t zk0b_aSr^R^vl01B3*Wu)FM(CI`y@P|*a6+92U5PpS5AyWWNm9$mJmO;E9UbeP@EhM&@G zrP~Po=G+;6ys%$-G+%hpu!SwFLhWdG*h*Dt|Zy}vYGBzSVbOgOY}Jz|P+ z5ss@BFIvdCR}X8I^&V1(Jd_T7`-suA+o)#aJ0-Klwm?=oJN=@U)_F(wF$N&_qS7rO zXK{~CyFE3lSPcN;(Csq5W@i?klE*8ul3`9wL|hP6()b^=aDBE)43!FLJlBBRn0sMj zT!s2V{v?@Z(2gW7-2UW|){bP)Vw9NvsWHNsw5vg10S-E?Dd z(oOaL*qU{apY`{OX1y7UxQ<_4qgEbY8hz>Zy{>t{nA4!hywD@rikKq5a@?1az<1Jp zKLEc7Tf0)lIy2-z(9F;UV6NuqH!* z)ptkhi=EqA%eB0pXsVZ|_*3e{q{k!CKG%AN0gVE^Mlgh0XF|V!V(E^5bOBdUha%rfBho?;qiT!gyN{0(vRz!QvYg4~ffrCz#n|mhH!b`b?EPv} z8>D7WV9_*L{jlwSHu=XprR$a3{u^XGp6Jf7YHz9r-Od67eTm&K;Xu4CA%Mgc4 zT%SG*8-F1I*)Q#B|DWI5z_*Nvkgd6pE8_@4&?b9no_wUJxG1h99xz3X)ejsIS|eeG zT-vK&i4dp@>r^fGZ@W<% zEFDoEQE?k6DwIHpl}d;9R3I)RFM-P+IBubxZY82$Yqus?#XeQ@Wo)sxzLCN|REs@! zgi*SH_`YWku9wYrJixRSjUyUtidKNqjyOVrR+W5%s2$fZz_-b(fsOT2foDz{jCM7~ z7+NuDWFKz{5^tz54lO;nKyKGV*+xFOv|+pS#8sbb70s8P5yXKSdGeXczBhJz29@L&s+iD zBEyb|NQhGXNkxC7df|0K_L;Z8DtSfP^%(>cs2VfkkRyB$)WIu#7V8Tn>>JadcW!IlQ)Y|y3C}@$E?A6AD zvRQYoCk#wjM>Tpro1~l_x$y==3QlTg6EwcJ{_)eW)zV)KO9#x2t?PNigj0u6&4<<< zOtL6fw%-(m$3`($O?5bwrsyuqZ+8fVT^dj;$-B*4^9_{0@`DHAliV_pNm%Gi7)ugF z`18H9f(=oCKU67eL`(Ka(t(5hwQ{m6@F3)b&5b$r?A;x#2<7B?Lyu9%>dM^H3c6z~ z!u9{^GJ#>I@9?tS{G!)58F+h3Q{)&=b6Z~a-1+|nr2GsiZ!WfU2T4;NmxAxxyHZ7n zmo|!M-cEyP=O-Gn&nQohVZcdVI0Ojw%JmiS^V6F)I9PDNr5Q`x%?;w@a#O! z2gplw6sz1E;>EpDc|;mF#2OP`t7B44dt<$;Em<|_&zVcdO2J=aV+qMYm3om`T_C5W zPt0v{g1vq`Nlw=|5k5XGVTbjvxkY70XLZ{(QBP5h^`I4Ea+D})@nOwdC!?B7wWf|l zG)uGM#eW>SFg5n}N{h8W`Yw3%f!OI&t$J6pAoS?{rLux(%ZbJ_fj2`Yo-_R@O_14j zz>$*N7N~AWxEHy-)>UXVL5|0kbRnbw_osPvY)3D|gYQBjQhn)CUx+)PS2?^9z5l1S zt_KB_#FWN70D6~>dP2|AG%>-5i@=En{}^}wqp{>X`gs@oCJ6m7&(t`r>GIS#uSryC zF~6(sC8B(Y3@a&4E)D>@HJEepEo3RUqD{GS_7JGFW0_(oGo8JLHVI~EOYm0OK26D& z`^tT(7T6Zh_it^T9U*XsHvjq}%8{m)6(%1Q8(F@o$G2|Ww*zT>a7Q#*gi|zK*!YcP z=K6x*x1HVbXVG1`WHFVQMuB|k&=2UW({vR~3Q7q|%kHUQ-#VJMAlv3^2;m~&Z2l+# zR8!7ep|TkUf_kaK;mV3za)LFAEf(J|jRfQ5k6h^lkliuJDQF{m3*14#d7!rrj& zmopwuam%h4Ll7<$EuKz@ZdK4=@ZzpZ`=71efc<`y^ItbIO7ud602HNZGO$bj8TzT~ zxZy@h<)!fw$n@jjMPjOM9OTiVT(biiEgKQu6H|aRE=%2hX_O}y{~Z4fZ~G!vQs#8> zX^5zQYlS;F6tN(B-s*JBKz}0#fv*2eS8L5FbZX#G;U>(P%OOjZ&b<7u7W7^SUf9t$+ph@s3H!EyaZ{KM45!FOgxOt zs$daON*~82iYM5O2VKI;jUVeFM>NFlojp1S4H_y;$v}5%Sf3635oX0BsQBXohak_! z$(nB({k}~slh)NaN(Ywm%y?1gZ21+KfL7RB0)5ITwPW7x18%WO`T{GL z0m?GChh{VC$sNgo+`#VQ>qcoVr?nfv7oIMJJqNfn<#tbZW16=1qb_ngCk*@t#}ANb zEibjjcviMck=bXJ`s5XrA4|1DA1R zx7D5Hsbn8fd@N4B7OmJv3!OZivj<|cPV_trDs^NL7M{g?NTMsghZqUeI^-}-K_%-7 zw;7ROS?M0tS3={PsS6{?DS~CW@7LSFP4qx>minG`=WJjl5*|2X(IaROTOfw-aTTqT z!rr+;J&*EQXH?#;%ss|XM%{Kl3TsP^YnA@`rJ<##$OFG6X?GkMb*$z-9YA){Z_lWi zkB#R8VNG_K5HP{-8bIHE?d8R7*?XXu(-)5|3Tta-5|qQysy$;b|HE9N-;#v)TI48R z*{EL*f*xEejVWgmUVp6lv3dL@kEh1bPjI~<*FN%NXJ-|{?} zPI(7Ep?&DY{V0ol6Z06$q$4*C0+{uf3A55DW;j!{T$H2?dH>f!{awg}#%T`g8RBo- zFXT#lxD2u0rQ|jJ&XFK3p0-Rp5PA>mQ7=37x;qzBA9nPI;uu9B; zj&Umf2%AkjCH#ZqCo$mnvQ&=ZZ;Ns0r$iE8>v;ZM-4k+t<;{Ant`&i+qV10|%;{4P zsR$%`^4g4gNWaQBOw0QQOl!biek}%mleKAh0^t)BR=yDKMCvrRu5PaMTF-V4 z3YT89h6W^+nwAEhB*+Ia7S*vZIg7NbU4bKPGDN(UB}7H80=N#i{X!_iQ-X@!ol11a z$+_}T3NP~s>mpu+a%*i=WpE%K-IGQg8Ci`q_4-k%^e4w@0)h zC%2?w3}f4yUnSGmVk*q$yY-BydBsH~XGdqU74=k~^Ob=awJQ&kX z`iYD_8??kfnDgsr_uwMcyN8Z=7Wz#jJX5UcP4W;xcSw4rIbNYZQT`CA9^S*M@S0U1 zK~T6+7a-UAfXo2w!ujB`2&6gNf{IKUR2wa8xcoXyf!}Juug% z_)G(NrF&I!yr&Y|s9WF`d;N3h`sh99|8H52Rx5-V|5w=2G*(6HNu^y`Tx5zM?FG0l zyR8Kv;KfEuL)2hDuvx)H50O>$OS6VVxdg(?jTZIdj*7jBztrcN>9$i-)Pa}~zU2zxX7TT;mm!70D-U|ek2wfQpj|oZc3{lX zkabql+B7jvQJWtlcKl*^Sic?>F*$OX5GB8Y9$~y}K|}~71hKw#z}RgqrnbgLsMmf8 zBeiez3BYT*c!YBGya9jr2l;_Sq?%LZn&3*~;2o}-grW@qg3d2hdv<~si|X(Q@%zW( zj>ac)KDc=q4!o__K?Yl?$^IsaYfP77DCQP(RSDft-WAB)8W(@N)(FC1rsD>SY$*SA z&)!3CIb=a?NLUj$Xr%Fot;#)bw{gi^u`88z(OY_|K-U>4D*+62ujok_M>kVKZAv-9 z<&O6O`-QoG`vsl3`aw=rphG5W86%Se8;Yxtn~dQ35@(1sv-x6d`2iwal?3M$ix(TD*li!4 zqGl$@KWg52ZgBaq2;-p-migJUKamoG_^8%;S&=G6UZW>xunFr|dhM>^K=`kBlNo?#|w; z?6X(S$oS%pWEEwW`n~=B^q-gK-g}#m$R>Y{jYTExR)2;#gc>5~zXPDl)2Y@$Y{yV8 zf<%+UfqPYK-`0&S%BEn;!W#(3F8{Zayln`ZBD7Kk;KCHOeg{#r9YoX6vytgbMaHkl zGI66yYpIA%s(=*uc-bij+6(hK3a}2qT0cE+b_P>}-{Yr@K*iwg8O=;Jwa94jWaTR| z*?-9Bybj<$SMRHM^$FEeYVDL*QrkqE+?(DLwv6pIfONxu6Zz_P+N`+t0KCBOq}_z| z6+Yy#lSC`fWL~fORXe$*Y#wHxmn9RLwT$0r)~@`6TW>b6s1421hCtJKw&&_Fbri;) z{7`l1EMmK8u6PeP`j@hIT8=H!vf>m*TuZ50^@5)Ct8x5z&I^rT)4ZxPaF3!QB9F@I zmHBZjy|!kM3bc7^KjQEy2`E2UIbq=-!+4X_E=NwoBwE=Tp@q~0F2+`p+(N;p&vfA7 zoZA)&7v||-po?sjHi(`Yjc1~FnMGQ9FkKdXr>Kj*ca)ap62Y(5wcR5tQ|_s}@?5rC zb@l(JX6O5JOWo@aZo|0>_mtu`!eJgE2B86mp#Yo;Q#JHX+WwYex%Pch45hC5Q!%PD zmSAPqNLT|Orj_aG`oEuMw>Y4E>2KZ7EZ#pjum0w?S<}+0DE?P;pyHcYVXrBU4Tnu5 z0qSN9?SOA2bHw<8;vtI=&$#05R@?wj0uL3IkuT``pI>#Q37rDX0`gdL3qE1HCdV{M zh$Uq<1N@3wan>6lHN1MImWlea1TphrhVjF_r+IwlLtUpReoQ%d*9{#i>nz{;&ILPm zjlYR0nED@Rb0T>T_ck0bA%z?+Xaw#lv`jf5wzr0NiP}Vai!4v3^w*D%prd|43un5X zR?16(E}Zt{7st>u{LEca&3p-EB>me`Q-tymYbpBtd)frN^8SqpR7X5SZuwG;nmZvg zpm|XhQ^{Mw8&M!(Q_A}$cVQhMHu?9VSk)1qX|@S%iACbBZfQj`tIG9{$6jLKDLI<% zuHUbzh$J&~ya@t?7W1k0ql;TyG|w6)aW;KKjMfME2SBjn{kXI^u&nZZF;h?w8UhQU zOyT;k&xbtnN&|M#Z&!mw5%61|*c&iQt%ppZ2=7$v{ffp*V)$CO5lDd`)!NJXCPE#wERE(h@FUt@Z;)e8M#JyZ+_crM!Z@%Z1xE5;b3M(`030shvKWDZKri? z5gz6IFA5pPsA?|i#;d$6G02S^E?7?Jek zzH$>$3uJyW(+Z4D6;ujda1+$(gCzm~vAGJjU(5hIG;q2R1X_|wxm3B=ILd*oe?BBm33W0JeM3MWK#k#O~glH3u`k8N5 zfLMS}iFLyPBi~F3M}^tvr-vt3IG7dboAy2#P(xHyUzth8_(WADTt}CLtfAygN)X}FWrl@RdD=(yZLnTsV=#~ zZ6H=r#b+dcmMhXEnkEF(x_G;#a0y8&A7s+1m;ASML5^RJunR#Nr;1BzZ_nGs zYHOwVRc(>+wKuiKLJ@R>1`3`#Toogv(5z(IJQ=wnp(VUFT+H9Y&wDR`XS=THXaj26k_0wrln)EkH0@T{<{A7d5AZM%zKZ{ zN3qjQo(7ZVv&hrIhHR z7BKX7uoB%Hzw>?Sv(4EB-u^4oXNR-80-?s+o}_zkLBpoy1POG848F&`9m!ACI7Dd{;C3ycmPS5yN% zAcNBoi<>27I9sJm)Xz;#C&X-a_SKCijmmDBGM&J#!SR|y>#eSq>&0}@smYE;==L9| zXBBfOM`6oaC60q{%FYGV`Sjkqd!V2=3>+EO+t*7pf9r4WYGLWI@7chX3q|?N zfzXq3-IWQoEE`3= z-J|VdT%qfD|<&>XJNwgwaE>M`#dd_g|)?u;;ESvmvy7)o!7I|@< z3)co-0Y`zucrfx4ic_O!B&SQ&zT6u={YG9uR7T*CVt+FYJkOZ+VNN#8++Vr84Ob;H z$Ve#!1*E3>6?rPf!THn2*&?!T46fVDRE1^!-pRt3#5te$CokJ`SQ2f;Z9a183Hy9` zyc0RdEGlm4=iN~ljfo+49500`e>3Y>;x&fv`;hNB2TznUWbj-&yExZubA`Oud#LHJ zO*Utj<07YG)w)=yu}f`%=FejUiP@H4nb!9?ZlK=_$hm1f9&fbDl7YB=8$hyBV;yH# z4du*OoO4U;{+hWHwn}~g&-gw3&^kanxS$~Bwer79HKcX@Oy=rcaV zC$-%mMk=tgQcN@V?R{0Y?0&EPH%% z=Th78PRv|!C}b`K?&wG~y8bdNG0Ty7=r++|kz&@Z;B{pgg@IR?N_;f`v>wMx$JWCZ z!FpNh(mmdyG-eO-tH@*pZ8_5wm9|y?<@eYRX~U9%CLG*a5~eG2?&O-g3fLu7HWpde zN=3Y@hrX3P!=6DLpV&pIf)cG}u=&{Pn6#X3efbB^boI z`E*E1EjF29&JbaJm~7>xr0TE;LdfY)YBx}(&8o>xv!Ey7@8on8;V|0zGfrFH z2bXv6OVXm>dm|7Szh#7Ff4E+Kh{_=1BQn|fye9yK>HGdJ85Pcf^DE{599M;c<7jJv z01AKbBVfVwRG|!P>u3dRfE>UR39QtRfGXpNtiy`&fPWg;Zf*ZLGmJZgM|`Gu*;<_@ zaE~V7`HTR8e7OW-Zu|7G1(&%nm|#_xC;stv45oKDD^x5*>@OP=&|A7j{fyIqo%|v6 zTN`F5uB*S$XBBq~6sFdu*_+^g9ki2d$NLHg1{);B+{Wa~X?`7Wq{F}!b!BK@M z_kfHo^2)Q!X^|r#KzOzQ_|_(P)N>ui$B%0XRlRl!ZvQlDj=D+1NqK#Z);&lUsZkyVugleAAkY@lgM<7UFGqL|DQ6F4F(9|1fY zS~8B>g!Y21*ND#Jnp+F#EldKbK!BKcQ)_G6gdaHapJ1mZT< zK}5x6u(Qd)+~=6wa5ap(*zf$)&Si@W6upa^RT|xJ^#lp z4jwH7$l$w|Kt_tl)Z}m|>#q=(Jt_p8q0Gjj!MtT!0M%JPE#(B)di4y~12W4Ej@IF= z!LsOP|DA8*hchIvT_L%?Lb||{dD)>I+}g9jjni%af%9SSm44r?$6$h;p$)0 zHgCC`GCZFQ$9FUM&^}WOgw-#zHAm_A2jQSAhUO&O+r++2SOz&4avW|gK49|!K!mT2 z$yp&h#|E2-Jb56KZ}BMunhsgsfK;Qzta_O~vqWAl#qTcAe~kpJ*(TpCa6*3Q?O{Y| ziA4JGNL{T&dRgsZV^{f!k25_lhaa0f@Aayh$Ed00J@hA*VsEg*H5x`AvT^0#eba`Bzu|efB2=W$iYa}v&@L8VF@z^I2*_On zg1_GBF!)S8zaTrjDu^+MG_urS7o*M@DgC%*+knk1#8OEuF0l}I@F$4!@FI|SvwZV7 zU8dbdItx>Sdxl!D9m2=Q-gs(zT4(k2W(}Re5*7XI{{<% z0UoUUu(l3ol8cAuYh!)00s*r6XRXG;au|#J9qqBpms7FDdsXTDEy9CetMbIg7J z{e1RckxA(a+jn9Rrj_|KHG@S$mb3GPiKZ(8e7lCrD3RzWbG{!n^V?NlCUrzuIYvgk zHO>U8eK4=yNS_oV(U{3gmswO<%mI+8teTqBtI#{BO@IT$ieg$de9_a3dV~$d3Q-f8 z^C>WQ_B5xxg4O}4LJdp^?r!k!`cKldu)ACsJ?gxgp-`<5cV@O9WEcV!-Yy;|e|P=6 z6QT_L9tsTN(Wy6mHl6xAp%7Mg9n2y=r5SLo#fW-(K5U%K0i5h z5o)+{BEZ%y+4P@-vabTw#*EduI{oxS)c#Jl#`kYP?&X`#G$vvn=O>fWmVKr0^0icx zErea@p8S_e+rG_aPxNLu!5DjQGF2h;T^zB@ox$gFT8TsGVm}cxSAo-)_rWLJ>{OSx zoVugs`i}ULwqB`>h8I|wwv;}}ZGXXyZHy!z;HF;=4=paEDj&E?6gz1{;F>9w4}p}= zjE;|P?<&&OMC`=g#;}+jB8i_5WoHG%qpX^Q^eg9TX5(lif1X)$`RzV-u?%KoMOGw* zERGCwd?%X~Ul9#vzD1P;Tn;`lUb(kGHr75dR^&^`?gpeTTG{>@Ia*@lkH&(gd3}U4 z7(asOn@a0L;nTl2H(+(EBAswtXwhOp&dxLh=$@I#(4<{d&l zYs&O*Kc7n3_^r?K05IF!M(^k!L*G${3S7#~!cxnBk{Z#`)_fdFdVb+Xdg8Ry5|a4R z_47!Es@C(tPhD>34F7H0-$=bC{sRe7eBvogf#htDGF!Gd5*zvzgBn{WTZk7zDzBy4+g-F-4M}Nn<@4=sQ{blbtkf z!@Yjhq(fdOyB%JyMo1}oeSjvXq)?vkOcaYgO0jAS`IaX%TSVK0lYk2@#AYFEm8N=4 zTmcL-aHvC?E-#PO9i@^$S+W*3cnL}eRaqJIVbrGjKfRwUv$!}&Cpqf*L_ofWHcFQc zx;=3BG|zcVCXvGreT+OEOi-xP0xP5=!*7q7QF!GRgJ@eA4a}+7R{2FQ8?Q)Sy`%r0 zJN$>lN4+OmrKiw0K78Ptbuq-GIP2vMB`M&Kn2-&#r?{E0w+@OI#2$F(}U4{sC zMMQ5}59h1anWUEBwQ_?wJmEA|FnGZ*2HR|&Y?P*mV^w-|KM{IbKnFop!$V11h%ZRt z>NJ1D-PGm7Fw-H{1l1f-alGo)l)Wr1#4XVvu<{shz=ops{doQa-bl8-%P|+9aBIqd zWeR}Z;29am|AwhJ>494W{LUuG?G-4>j{jxjP0!#?hmN^jHefFd69FIe7)Pm>pM>t(kJCp z%tblUq&SOQr(Ev!FGqZCxLdLxoQOxe**srpR$Bet*{J+hzVmD8qU)`AwbZ=)@c9Bc z4MJ!F_u@5y&US$XVm6gY$YK*!g&l+@c+?W1{qMulol;y`AoQ(3=HP8QQ1Q4SNpD7871niLX5LQL7F!pl7Nb;}CtZO(EHWdo%J-;|xwt8oSvf459NW3C zWTh9ZD^WZLDuXC5ODKcVVi7D!P6Cl7VF8O#Jz|)6uuisr&Bib4{EK3h#hK!# zcfM7Ol9ro2(JXr)5719npXt34Oi{51c2L!W%2Qj?Fp;`T{#jZQo``Y=iy1UyxXbOU@eoB;&(>Rzy~YX8OK7K=tb^FPl!h=ipqY8Q6sOA{ zk<{iHJ#mgwaqq+FRgpBdT6xxU8__=AWf_nbk1Gso9!c@v3rV z+lT!Nk}YGmOo_oo(Sj0Fan&rh`qp$yn~f$}M8G3|=8x|=x$~v6$C1&B@MOFpYd-AP`^?byzthz)$$?CMV*8z>p+&Pumn*W=N7%G9pvH_4vJ-W z`9^XHPvF1Z>&s_eOe6R%QNTn$9G9R6IwWg0oSiVNd>13KW#U=W-}U^lplp5`GmkYv z$Ti}vW{c&_YWV7^|B=ppeEGt)+RFt2g#FTNv`g7|$;0(0#f)DSznTkQ~AYbTIGKjlE zQsHa%eQ7H4$gj4B_J|q-@3@sZ?t5aV+R*hua$yNiH@Lq{@!NjBv!Sb zG$f4`+%BtO(Oxspy^y1^m6Ll*UyVf1*<0!++W!~nGw=o~j==P@?=~}oFAAV1faQeU z6`W1UUD3dlbObmfN6oX`w9ZHmB9%Mt07lQvHEV=I(#plB9iXdQma=MyXs7?asQDHV(1AsPxrKb{JvO5h!jEUvou`a z)|-)egMs49KjUsvScAg4s9W_ly?D#W7jsmXD_zO+OoZE zKhR(L0ugTTRN)DV{-^`P2xuMqY%uR`CI)w&^_zHF%zQ(b*_WC?;6JW5wA?$l*T9gX zts@4yK-c(ng7?l~7KN@C*ChgX=)b8*e}BNrNTUG4Y!)x7&1+G`7c)gta6#seCwzYG zy6DSZl96Cof<;nc#^j1UoM%DPJRv0^rew`N2g=`07=brXe-8I}o~g(f`@%L=VMZNf zlPa@PjlfdV4#MW(G|44_VGph)^`syGZ}q4U{T)CVs~FsFz0feE2r+I5geDJ%$n~zbPLnbjN11hwQgT-euCo8E!E$1)CwYu-TPc)Q`A%K z^qND!_?E$lkOQN>dCrB?&bD-BCg;?XRSuXQBI30aON*h=<+5h>r>KoS3mKZlJK_?o zhEGgZO7b<&w|`DmLH zYt6%F{<5cx=-we@L-;yzOdQnRt$PRP@f9@e&X$VyD&4TLWtF!BDsUfAtAjJt9UVBC zI;`q^o?%XgXBVzfT_JZe*lWPv_&KLvM|W6ubhFeTlDU>UVQybh zCE$*&WW>(E?#vX)r^II7p(_y(yhtklwTTi8Hu+NUb@TIO?%>n3fPmV zQywKpSW7V8Qf2!U_wA~=MBR_fKRgBQ&Gb2sfoNJUxt3yPEELh-l+e8@06I3U=>KD9 ziYOgopM}{I3)8F-&4_)|b(R((E?)0MVN5nYe*jQo84S$8(eePEU*R=iBn-f+;#DRU zQFQGk@<@z0;zBa-{=RcqK|!Qi1qxQ0PkY zvzP0GhmIOMb44!>^stbHIhWG*o+Pthy-zgqB{p7LOA&W<_Q}R zwRA7YO{^sAypvngagngj>I*J=AYN&SLacsoP4nNLA?S6kt~Z0g-7v$H(2xpW;ReLh zfM=J^n}t4IvRCMzG`Okt-^_g@BuSiBOM`GBm% z&uZA1shDg%I~Fn_CoRo;9ebGBZ|?L*QiqfSBU7#B3VjY5MU-Yb2{smtq%0Vk%Q(j$ zBUo^9ki7oMg?o`4X*-W6CetbV8`hP3PqD^Ph6CZtNFtFk6qVvbV_iZ>Qper(+4-!AHNdl^g9E)tU5Y2aty25^sMKH3y=7T78bWm*yVY zfJG1#9wkW+ zPCp#89pcNgiY?O_U}ddRjM(Q#uNRerfF1#ol*dW+ zvnn{tF|J->7>SW5wEyvW<*6hv-vzzwK3-~E=|;SfF@)H&Z+9YA7Pb`!gGNFo2i7`p6~^hFyZU&KUwAz0Ug**Od2FI>uTb|GZ+3dzaUMm4`=5S-5M%JDy_U3Y%&x^9=q_`;MNtbo(}b>v&L_5gfxE} z(vAn0Q1bjY(@zEyWq9}8VC3*aAr1$%uMD!VMxOtwEv@a=I!kr%C?PqouKm+;vqEmb zcu+<3H1~btu3yeS`=#KP;__!parjTGtSo$!v?icxKC^H%CYt{mv;?N<{PlOR?1_1J z1+I*m^m4e>|A+ZueJOT;_NeE+Jsin$9q#eIDfP+eDwi^HGGD=;d4W~xGS@jKo=zeu zk#xWzd)M70>MaC*TL1Ks_Id(DAz&|cr%_XJ#J$1pbtIXx@dsS1z-$iHaPhxV2lpV4 zxh8DEY+KeZs>coIHrnjp?U3YDN%@kBdN54}=;?RFA8hs| zRa?RcOd55)>i@kE=C+Ezl8Xm5&^d4*ohn$xig9PY?!4AR85OR{YbdXk&smwmB|l|~ zeg}WHS#GP24#`B0zLrz218A$9w4k?(+!&hCpP(A} zFO&!kmv|(>j88GhKAmW?8(&VANXZwGGsT9`Rof~UPXLPJp?jSxDRmG2DBO7EK^X*_ zZB;RQd;Nv`y`L7idm0~!m8y9(cBEDesgc~Kt-DoYNwry|#AzceZjwgI^AD(fvmAw# z*KK8nJWzTcym>$<=S92SrD{p#lkgKR}F*%6!aT&H*~&SN~Sjzgivd^as)NnO!{?7al^(wXOJ4(2;pV+%&t6)^w_K42LPe zNoU-dm0I#Uu&4&~!cN$2%8Z8KO3j<_+S*c!Yw35)Ks$4ddcXDh6$32PeNqkuxx=aM zOWzAhXY8Eg8?!Q(y_!&cNIYc8ks}l{U%(!+!7{z4dm=nwrY58}u^_N3H<`+dj-0El zu!meg8?SU$xNY7M1-Do(U1|xNuUP){6Xi?U;=9-y($va>wn$&N5bBrf$%5!TV7aPH6oM(Ljk9$d6Gcj(W9N zbS##HA6IG$sAJxNjZdRLTBZf>EYr@b#j;vgrE*@SL3jN*`bP61OwnN1cObI1Cc_N+ zRxZiAQ{Ux`A#0x>3^TnQ*j=3D^kMyPJ=v$x49nkNEP^pgu~H@Gw(aN)* z(B9MMn4O~TtR{z4oC)7TGm*JW>{3c$_orD}reS9yEAg#3ZgOM|uFE{D1WYgS&u^CT z!Ds#Mgi#`Gz&jbarV2Sh#&<5i`W~zlIgfHs?rdr^;`bM~4L7Sj4_?lN9LyYgjQ8~o z)sT0x#6Jx}z04Lb(S5UT1g{=E=k*XXI+dGpzAOROt4lhI??s0)%?{sXr5h2^;8hdb0iJ!U;?LaYU ztD@o%qGGjf*gvU+Cx1nf7AO3XoBwJ9%p;_ZvSTP>0;s7;`nNFzwRKWnS3H*vLYOnOd zm(Qk|26!LP{kR_beUx9wpf1*#Ot84XR^_q@bL731_Qwx(U zdSV!S#u1!Hu4d^(QnMR%RA#CEow`ECbPcaqguHKb>@FM?9QZZRXIQNw(i=A9qwG2pIOn|gs8o%+L8z!sD zx2#|R7>-uIrs;{8yi0m{~K9aO# zF8^$z{016`kqb-s|B&pn})m(P6b^cX*a!BAOhJ6LE41qH;i$Ljr2iWkz5zjTJeQr z8UeiucAiZOQCtg6Ut@Kg)@0cq`8)N*?R3W$50yl?^8Cm2DC^j?MV7a@%h*4jd}YTN z!9$s_LR`h;;rH!TXs|P;@Hg)IN{dMPsmX3D#1|EiuNi=PQvd&=+L!5*yT~FpD`D0W z`*zZvgy&`2;jC!+z=q6$I|>=P9H6pq$Q6RODIwKEQRo{(*KZ!{%GVzt#LcTL3%3X~ zin3mdo8KK)1Qykl%<0$$_!Pc#+(Cu2UHWvd=&6|VgrfT9}ZJ^D+}y zVayK=CN$4UDWyX^#${@Rbj{ucPCQ=sG}BQu-B*!(;m(^cB%Hedee3!BmJ*G~RhlM%~Ggn zcF-Mc9#Eb{4#y1*I3x*OYOzgQxZLT`1cl?_77mCPDgOkLAIYT$IDLsUMnAuR(h@7& z{Y#&X@*!ms8HoLA_)KymhSetCrGW_btO z>@ReLV6KQ_`Cg}%^uyv#Gc(w*s>$cgVO#ei_2oS>d+tWsv5G|)y%mgrEXWs%x)Gq8w@GR-ixh*O?%W%@v*Xjy zV_-J_*yV;z9PMnbUd~92t9U0d`?jXC&qtbQrVG?b9^Zdcu3cH2Cc~5g->A(-yw3nI-$lue|@Wck&!{RtFk`kY%riZRSdRPW^1uL~% zcf>Y9A5$r)fdd~&gwivUfy|bJKkHho$|7hjPz=a@)Zbm=h&uGBzY8bHVphQq0dI3< z)?+uVS^uSbCuSJDO6tNs{p1SUj&{4sWAxfbM0L zui?!qEw3MF_7uByMK2~k>J~^UiB7)$X|DXfODzYM0>;b(#Vc`hnHkGC<6#H99(wvF zutV9jS!`>U2sF(nkS+%Nd*}UK^IZtnr)|{+c~^4#@|eA%gB#{A43}a*l*`Gz1zr6T zr~B&NtGS4H?G@px{ElLV)lNsZ@|l1BvCbvTxvZBT{C9yjMBVY`TF4ddk;0Pz|H z)G0+m+8EbCtBjtZBHDVVC%g7pINzE%hv0*9iGb9A0*( zCQ^J%l%6%DvLH%@#)yp_Y$Q2zLxjup-cMQjks>f?#Bh$y(@Bq zg9ERva1p01R|ifQl1rjlevp~LtVfRid)TIsuiBqe)*}gtV0LPPsC-^9u68o}AI#Mr zvEP?uU{a)&imhiw@-gkKE-!jiZvk1|!>m0HG6ip)GUdM9HP~}xe2$I+LD#QcytG{7 z(=jE`>l1@`J#AmgAie=-5SlUK zxd2?~u>9P^LEuB@QPh4TlQG~HWiUY&4|ps3CWk7_e5}5%>P$N6X{H=*LsT<$Jg6Rc zQ0zSK&@XMbKP+ua&t=&*yCO(*56}_SQ z-KTAjyTgWEC8$#{f#BWA9CL}~^y|lm6Rs@78oxC;nrmpPYYGCOKTK}FEr#YK7og&p z$#mGK(&Tg>UBVTRE)jdDTk4i3aS(Qf0W$utVDtE9>&S;+QB8=KK;ZrVi?+N&f=wH3 zBjQ6j6nuqrDgj8rKL+stdkGR_z0HODRr}7LvbBi1dt{0MDO*S_u%&UU*v?`@o%0p z!VA`@w*(U&kB%|eJObD`WWCt>P>w|M4I4LJd^|6O_r2KQi7K`8Z2_7gxf6PRCl+rL z_r;LVO2>YAytxdxJk#se>|c)ir=riCs1I3|%b%UHHaqa>XZDNgy}2G}y^M0C@<9%v z>TA%?P4p$u^(j;V$206>RJHzZAAR;kf9NuZd7$|J58F1rf^N!@eoD21c4l$QpmK?) zl{K^{PrRPCqvf2(6#W{ob9dQe>aeIve_fp;>s=Mo?~#k_gDO^+>OG30fOgYCcluGM z(jG>HuWeOQ43)-{wRIvLr(>Ja?6}DnD(N?N&+~!^-olGM%2^dY1;LtP#o{44AA z?SR)=*0H4G6%F4D59<(o0eb~*zHN;~ow(3ZTaJrSb4(P8)5t#!)|gp75S}<_z$4VK z%@Lw|rw|N@7tA!scW77BHQTJ6^20b_Dgwp!4Oh#cCwGc-kn@rT!;lC zk7_5Uj{K8+^oDOXn>e4sQvz1U=BD0`75eu@_jktEK<_FtR;H=XLMujQwxb1{vzsqV zBQ@JqDvH6r%@E(^%8)R-3J`C{H}La=#XM^37q2zC@(yQ{mdqkqh4|j`IrA$z7OI(1 zXYv!Nh7JE-ZSc9NkEyIN{;V-(R$DVt%kyaT`NdY%FeiyamJXA`G!VkAJa3Cf{|Ysj z+-@2s-HOtZ&IZGMp5upPK@0ZZZXOn_n zW3M=R)yB=H5}si2S>f%*S34E79C|bTG_L-7LBg|0o_yy+9qE|MPDeg!bhu%ik{J5E z>V^-0x0G*OO7cRfTerF`U@&@uAZZg>T2Y>~6J-T{0gIl94(ADY4bBEoC+ucXM z1yp?pf8^}$TZ!xph#S~ggwH8S(j6U0w-Dh4{u2)C;!$e9?GgDq05HH2ud47)ZCBgI zELA~8aU&n;HP_|Wa&zOacj%WcUe^X^n~tT5>2!j}AiBGs&M8{2Aas@X@y6f3W#eJ` zu{LG-3c}?2YemkhzuT=4ZEoi7)(wlFms>BNBP+swd*ieZJ~l3y3zH*4sDEr%X~?42 z$8Aswi$BAXOb%5S!=L_sq`Y#qyEs^AvV2IB)REuTD978f#pyylVTsV1!5@_44xRLC ziN$zw-C%3xA9E_Im16-$b#gsn%>2*_VgnCQ>Kgit_%$3;I%*E-zk50?`P{%j|A)>> zEJNCKANCET(eTyv_{W){(OyXw!JnX?%_>|Et0u5BO$k%v*+!SW&<)!t!cIz7{O|F< zm7kW_vy$FRx7JPSuw3s7J9To+8R{=5EDm_|*!n0YsvN%KvGsX&;^6UD$vVIPFrO@` zande=oiimpO1?kVhx)i)&-WD3R-^FYhp~L)7m+V_zTj>ofT&Jy_~^F@K}rY8N0X0Jfb~m1`cT&vmB?NUa zc*E}#bX+^#yL9iQYDVHL@MN7g@ubebQdfl#x(+&vz@$?`KUPk^F~6?o9lrl3lY>W3 zx^`|rU{P`L>JL-97N56W`xaKK-=C@3@%-(K!PTw|B=syvmL7M*5h1h_Xwu=%$<#IZ z0EE0_ikc4ghfKS6rji{}bq(XvTI9Q9O)WP3>p`P52 z$NoCz4I<)X2xla0&eUq)euJAQ5Xu{_^B?((T{t!?#jX{4>35*y z!|(=g>GB%WwAX)Mb`X){uZ}s~50+-^6QEU7Q z_-pfgkZS{3y*P{y!JBFenN^Q7>wxM(UOtvj5nljPQAI>PG>G2_v*^%SuJ3Wu4)O4+ zq&uqtwMpd53s-E3J;tOUmvR>--;y0(*PIo7K|bVu*vo%E5!_pq7u0^I?)SF$hvXqL zBYTQju;1b41rbk*+u`Ql`Ky$i_i9rY*&9w;{NIJw+$Ddhmzid3vd8hA)qIrTk&Jj? zcdWR$W707C(Y5w$R`T!Q!GCf3BpWMm)6>O;n*L&P^Gkeq>RwP4%!6Mp2K1!?A@dI5 z;7`^0n*YPebYbUmRi4Yop(eOrx7**MPzd9>=E{3WkE7POjpP-x)eKC4;#U`~g^SN{ zPG)wp`&7ZRHLPH7Vqam~t%f zCx&F;o+k}_wmVzfwe{e{8r<>_27?s(R(qO{KXVh4D^b?AntjFl%}tttih9@)BB=#u zp-&l8B)AQ4)KF9Xxx;QP9K3zbey?e#2QgVQBw&Q^*}!Kr*64-5mu(r{X#BePsO?Uu z!YDQ$?nIIslEG50yskxm9ZF6H^r6AwX7h*UNmD1TcUw-)vhlzA>c(HU$aodvWR2Iua5L}EI{nDu7jaNE1RDL@ zqv3S~(9vOw0`pS#=fYCt7w7eS7Xzp?WSw(psa7P@*fqmel&#S$)=dfq>zXS*UkCSw zv#}%>i2&yWl1-w@vlR$lE5^jj!py+@Hhz3bT&}MDI&TZvAv_p|NhE%(^(S3S-HU9# zIAwdPIAfsf!ay?kqkR60cvSe4l(yk<5{3NH+t#u_3VpTJLNr-dL0Fvsu(tkhbs!h2 zv^HIddeWCxv!x+t3&rS>w~!<+EP05dlWBnCf9!qrUsS;t=-LVbqJlI^OZOrv5=-|k z4boCeE*&aL2<%ErDh*4QG^oVFA|SEkE=YH`)Vuoqe%~MQK5u{7d*{x~IdgL2%uHkm z0|n>|ieINv+pXum9_qf|IPWj|l9kt23FD?mFJOtwmCN^7cz%NAaG4mW9A&*J5OPoE zsG*ItPdb?V^i7G&fhpYglTX*rgcL^DJK-lM6^`Ag9XLlPdhodR5lu^_MOMs0CwO{( zaC&b^Ae8o^vns8>rDOm0!S*KfRTt{=>xJ%?+&NXs zp!B8#xs77o41?`*M<^j2;XQYv-`_g?nsW~f!zr53Y*{cf8mZyhJjJm5n+P5;*iA@1 zeJTV)#zQ~qjq#Q$;mpGM`{aH_yL(%G;G+V8F1UjhF-PJ*nftTk$gY3QMS9hFCdd!w zW`ABYfYP(m$j?52*#bMEkO0bCioV|1#>p9h@Z3$;wrsK$Q4F(fNz3?fEzy;e(bfQX zZEbmq_?iDVTnB4giteS&w6=?uFKX483*6wa{}c~{e}YRA6OMCAE)MkY>@BB993E~S zRJCiNMsx&PmvqiGC_Q9eiQ9d>QKBX3(B~_<+E`>Sbe>Y<7U)bwm|LU~T2&z4pvpTQ zCLx}>_Pu@;F=hraUpGjgcjGAM^U}*cll??b*wET2&wvW`NZr|q?5}ZLm|Rehd?6Ds zot?_K80=#*tGNE4MCKqQiDu+Wr7WjJ^G=p$Van4Mo#=k&;5qvuu=M6l%meC<=os|6 z9zn!009QcsRczgJ-Hin)|2<~2ZVOp!#W|?}UL+S6+~fLa+{W}6^o`Ma_shW;x5f@t z328kaZOqzK<^8I*P!G)^_STOQZ}i>1NQM?SZTiGRu!POy9QoJ)*tHVBJgCr5^Wsj+ z);ptf#@eWapnXp-)mLN}I9yJvMsb%?@3sYbkDVk3WJUc&~e|{T-2@Gkw zi%hEAG1zoH-Zfv;GcCIlMnQ+cxOoKR{;Kbs@qqfvmHRn?61iS)kfr_Aoxpa3QpM8# zgN9-=HsCDhdOqwxs0S)*RV=y#DQ$%?cJX>QK2U8%p=c>pgrNypRxe62{}!AWxlpoh z(2ddZ4X`Q>c%`%F?HpVGWl8bQr_PckvHg#6=AfS+tk`u(G1X{sq%pGVD(KAj zjHy2FqndL`n>Z}nt8TQSICBl|)vofT*WdsN#2H)mGucNDdVkPnXrwpu4xrM7!Mv&^ zixS`0smPr*MPT#|{hM5SBujmTPr9N}!}sFIxfK624Ik}Z_(dG zgpsZSyGk8US}5q6N@B123mv7Fwac2jF&WIe&5hJWzbCg^?%@93$JRWig$p-C_j|0B z;UI!xj-7QlTFL^mv>n>2&W+Hx^~>}F7*4tM*(TQQC4sY0Y?yYd1TAVH;^YqO$L8F> z2D)Hy=oL_I#csuJDGfZKeZydhu-0b51b#lNMj52n_9FLs>NGdO5^uEN5-x<0h- zikPZh6W-@u8nb4HKS zaru#$9+*kJx!BbQue7DtanNcox7=38UVowg!>!S2`RdEhorF?K$S@r*ExGYQ!{yg2 z-y~kEEg7|PGDFK8P9~0{7N98ao?4Cj&S*qLG=YW-d zLC1v(7%V_(gM1_`dgG8r{(X*jwGMZ&T1DURD4$uA5*TmOb|~7iZQ14po)Avx4mJJ# zN|rf8`(QbfdQRJQKN;=VO5=~1Bt}N2bw@$mN zpflE4j)QpOHyih~T6gt4JVxJoBoWwTB)8L_e=f)35ynKqD|Lg$Z+Nh1M6tZ&&#i5i z_ELKCA1$%S{QicOm>HHl2Gi$%O27Cr!h)&HG^@csI**MUqD)3#k)RDG${*tS&`t(5 zJB3NKj3-yaK2s;*TK%a-?~fcOFkTwFEmB~*S9U7W==2E&yf!r6wGqCb==OkvF%q%l zn_@q%fP$}SyS8VI^3YiR>_6*2bw=Hz_?zVL7N6-4u6E@o4vD@zt~8c zb(Y+_evmJ!#;RM#OAB|cYukAVC@TGrfdng&ca#k=ZFT2YzkHq(D}S49Oc!{~)nNWp zuWIQZek3ty`{=#i_);-uzJk3-+|1pbX{H{A7;}J-RXPm1VX&m$ z*i^5varXKt3!5;&VMzIjMT|1628{j2={JWQG@+G(w@&spt(%sec^}el*tH#@wy*x8iN-MI$$c{NgJI?QW;d*tbSSq9Vb^^ zkh)XxITcq046%wA&DEc|)n&^L)>1$izZ56>DkyFn=&EpvqNH;;o&70nZ5Ti zLnMWwS$H24Y&1N|aU}c(+T6cBv%$@e#@os~kS+dF`I^Z4R1-Q-g`AgeOs&iv(CKYKjE7pACY9U zdM6Ig%AFIBl#6gkNS;yPhz_~`N`*M{GA_)IvGj2fle{^JOYn-QkE2HSdI=S6$%N0J zLdZ-CT+;A-uAzdcz;8aLF2k9F8tTpDl!JE_v^yJCM8g^dS}wg`8PgRFRWw6w41uv0 zKkqYj96f{w^gDsS+t|?iIFsE`e?{=5)T?-SLu^0yc^neBodo7P>9fbeHTje=yZBG; zZkRy!ntBoLn)qE5FJrSKMG*tn&T@+{)spt>YRZu$bKnBhRBiLX6-AL=AO8_wW9k>G}J5NE(v zkV`A87Do*p8h|K*4Ls)xl4rn2cecmJ2xmF2gVN*#2!a$Z)viH@J)w%>Y#;wobU>*U+8UtbE;@QQLs2oVFBnL4=^Zqg- ztT61>s^|(;G+Ej65n-0;ZSRJ*&7e@o2gy@z%5#`@=%SNPy~Tq%b&3RDK&nrFwNeeec!NxB+CMwS%R^#E2>Exgf`^|ifA z9_pskDqr+@=wiemEJIl&kjGHX3(}i}- z4AluBCu7lx6KFIAL?7wviN=yYcPG8_J3(k+KU$)wDy@9Cgj8k}xSS;cxzo9>?Nux( z4d#tEH#yAcO}PG~(+eUXDLCLjA-RUc#IZA``uVI3?3GB@bjGegXu||W_z}yOKDs>z zS-~nJ)TJ~}sO`fc{0X0CQCU;v?|1x@-<;_D9k3N9V2Oqu$EV>-Qhw)y`Nd`qVJypv z7Y&SQH8)TY6gF)$j@`^pUNYijQMAI5mT@!a)4P3@tTnk7dY8bF1t#G(Xq!W{X7RAA z>RE&yEy^inHPaN{;Bu&Ftw*poWUigFT(?oB-JwU06gots=LTk$D=VTr==@7*eI>jy z^Q~-(9k}E^UICd=$2HFTR%inIJfG;f7_np45adm6YeA6Lkr z+NH!NwuzaYZf-2ftXS4HrLa3|>d;f>-;8)fM;TqTBqmAEOI}k4!RB{z&}n6$FQjBo@H>-?QBGE-)-LEvncp=lPBox-{6I z8!~w2O)kK?1K!V`d8_Kb8iyLyWA@V<$sMFR*o?HRcU#gJrp<<@QH0GIypy{M;hrf6 zZeaQBHn9;o=jRy^Sd4`|;}8S=X0+sS58MrfQqq^KZX0U~rcd@ujYp5e;~8t05nKA{ zd0y3YTtYo%r|&iq=3C|dRnAIBEv!a{+{$XJUafd|Qmvb*F~$Cu`=9ZMb64t}{n-2q zf$7`khOB_}gq{wD=I2l59nV2>RS)<_FNS}2ksv22MY9Z?E zu1zEE=={yW+`PZzgur@Sqb~2G&rB$5ip*5ma6}m%zY9;2F`!^jmzv0ce8xr7?^y=E zdl&wOLG%y%56oa9=X*t7rvfL*)my33+ZO0sWV?Stqh_WAX6kfiI4Uhhe5Pl@=YnGj zd7C+_#16f7L0?#qcP*gfc{-_dpx;nS_SbpB-9@Slw{rLl9aT^peACZ=HUWO_iLKjQFasiL3LzdB7$+I0%xHe7Q^4q z<(ZB7EjgYwUI%RvyZy?1g_-AiW5e!h7f-6(Z^|X%-o=?H(Z^eChXCBY+tE|rzC{OL zJ_-Du569}vBm+vOTAjE|TJq_D>Box^OdciULL`2}LoR!ihVhUmb}EZAPOl_*L_rQ8 z4K1HhC)V+{G9gCpd34h}Ll8I|=Wd17Ol`-v5$Fk*JuqAoZ#2a0f^y*|=&WjZ%%nox zU9>itezK6ha(rf{zLL_XhfJFOa}L36(+p$a`5Wyl~mr%hH8~!N)lTBuglZ!$D z+clWA&6EP>9Ut#paa7HP2T(N^!W^otV+;->Wzo=YN>fg&GkWK+V73(ei)>!aP#F zsx{79q74qNx7+xWl9Gq3OKPMNEN0e5s<3LYYitZf6WJmquvrVur8-c;t?Q;T#k)Q% zy91*KgV*k`KHYMNiMh1%)^a}{sclDSO4`hAnliT4gaog+%-4+J7N<{qkH8v|xoCFu zBnO;|PRcFk;1c%Z$s^1GG7bVg(11F^6t0dtp3wrFqi>K%^uF47#Zj9jFg;*Xn2PC^_{_3!Ru}iJl}wXL0G4-+rjh2qUUj z227Tt8gfF|v@p=eQpnLq|B8|hNDa}O%30+KHWmBv5aovEO3oKQdOP=X%QapRmuXDb zBYBbkhPee}(TqNk+;odKI4BU6B>r7)nP1b0)QyjMe2YgaStrH$xD8JK8iA`devO{t)xz4F#iY}MQuVdPc4(QD(>PwS?1chDSmGxQVUfaV z1D5PSZ?aL(IWyFEbxl0Pb<4VDz;W5%v9Y)K`u8NmOWNNW7^~V=#ksSBRGzzxf+IlF&F);n$F1N0=dBuVCxn~>Lv39G3@E_(qi&x5ILNyB&L@= z9&}c-UBX4I7}!mut0E=HjNQz`$vzaiUsP?8uu@+?SrL!KVK>8X6Yv}1EbV(rRh*#^ z>y8M~HJ8j@BPg6P{ zRXksA{EXeVrF%8HOV@i`%pmby8x?xO-YXVD$Lm*wO@&tBLHi4Cpx2|aW>0F~GSkAU zl#7sT^pP7i)Lf6qz*w@x3d&_0NLBc$J0x#81M?P>8_z)4Q97uLn9Yua++Fu;hx#lL zu0BPC*FDO+Kat?xdyfyVfBr(`Pm4KQloAcR)FsV4Ehz#Whd<+L41PklaBLnoT@3b` z4Uc0%#$S6qB%cltKRwD2u?4+VtS4E$UjF+)G=1%KK14Gk$=0TCHRpP{xjcdVJ!WGz zX}X?y!Xll^T-f{k71`x2rpHrQzu$rb4;4DHerle0j}EywBRR`HU^t*(3wd*=>NxiF zrqH`p!6WEh3A$T>VRA%Bf|TiH(HrJDu}#?7k>6z}2qf&8%k4*VIO0XiLK_@(ezIT~0dL-T6a6RtaETg`t0%{Ru(6YmhRACigm zXqt%kISgU{!1VP+(QB%2ZA|nXP#0sPL^&=Q-cKr$j(Lg633&Bdh9wb$E0ETv|oFI8#>6@(Ml^-gE>&?$o*C z)@V))y!ShhNtaG`<1_SJ)RjhuiBJJ7>&KiWLui{Ee)k?~-AG}>qJK|YN=J^RdVb2Z zkYm=gcC3mgLARDLtVAg2Q>4$uIxx=_YIIO;#nn}u+F{At>ilDMaa`a=@RT2vMo%P_ zq^d4=>*}ySGXpFEhaDBU1ll)cv$a3mt&Zyy8&0&1XmD zToCa&aUGmdK-j`yuWmdh@{K<{-kUJS*F!&5 zA=t{i>7Dkcd%UaK!MyK?ALZo-vqhBYN#dVvfo}+HuCl3oq~%eB&oT!#YSDQY3YiEr z$u1Pp=FvDx1mmW{mGBIcHgR=O;bPUAtpvz6bZRSI4Naq{+V!wR7Jhfq~-#k)G3o`~m*jwgq+RGwmP*{ht`C#`Bpi zoqL8)*2-MwJpy#+CbA3m@ruJVEp-(wd)^K9Y1sY_hQtK7HQhoHcnMk$*^y^~A9wY@ zUqsy_0r|*%s?^P8J5j@vJ|Ls*Go5eFClp8=9?ilb^*X@SAg5-&X4v@A;KNUX{6V(GrCIBFTAdf zj>;c=gKpdJNRra6qnUGv?x763iS%3u&)s>&$wUv@zA4y|@SL$cW&I^aMTU~{Ogj#?kI`-F?zY{Ta6t-F~ZH6Qf2MELaCCx zPL0FdkGDDvv~fdvFqf_cHZoDk`^NZ9@CrTY9ld@YWWBT7afe$vrq_QC1af&eKpG*D zYtzY@B;nNQz#(CD_{S{t@kH~tYtx%zVm}GrvgxYPF)$t+R`WSd0hPxXgYrT6FPkY0 z!&SO#P$Oo>&Y3ql4-$Gh5?J#lv&=S-e!R>Fo6GPF3LsXZ4c%2RHN+RYLJj zESyS$&h6CYVA@0xy;wB^ce)OZk+=$S;U=FhvBmss8(rEPV(R~P7DrQ?-MOp{n64S8VOewmxS`dp z*sU%`D2o)5abENQ>KIbja$dXQ5aiv<+Mc8II=rt{W~Un5^CZBir~&- zQf_&DjRee>1p6>Tu!AatonVpiDNNMerUpX(F~JWns!YYgL`1BgG#NsYkrfj=a3K}x zo=t3&Hs$IuH@0=|`_T^`#fORFlxeFlCP8);x`$bPAbxF}t1j|{8nhicM|*v+I^`tu zTe4DE0)4FFtl3G6BV@~<+YeaTEitZfOrU*hry$-}>_U-$JsYHanLYfNP*Znbx!%;i zff;Qvz1E@SDD0noZtZ>*99D>|!iz;2S0KzyNTZjoT1mgf#=X*4?bHfu;=h zi6==cSgNwyy#wppx0R?f zuM=;XR?EW`B<<%v(^eY+hu6V9H~96N2o*#)F^+{!GYZl|upW4^Ml*pI68bxv4z%6* zU_7i@m1&K>gRLwKIF4#22v~1`isN@)Vck3(#bzuf7fL)3G#S2(BY`KoKiI7M<-~Y- z!E=ip8yu=xe25sYP@0+Z=_+kuKWaV2LbyV~Oy)2x8!ehvWRjm$EE;Sj_iXi?Ofe+>dPhr3fXR z^Gk9ll1G9-O*iiT5QrmQuz5Z@ad=?z@|m8Q_qCp8ck`X_wyOJ)R70?Q=WG4o-qaJf z86tOvs>biRNh}Q3SyH@Q#`rrj{TJ~(f6@)hxRcIv6c+N1d8P?s;RbS_+Ya6`qrl_% zO4BI9NDOB$xY&)^BBlzMO>_}w?V9wyGq`(uyj-X%QbEn|1oo0{bF5|oDbVNeOt=L3 zLejF;L=mwNEtzk9mvN%2{M&a2DU9#H^`msQjPRZFgxvKF)mShLum{}!xl(N*zP~lF_VuWw_ma2 zrOMxt0~VyM3q;{I?MhL)3nSC+$+FCWg)NG-ourV`%LL%!i!5FKzqXyL>#VKjVY@ng zQG(x?Vs%E~s-kc4P2Q^gaK{A;U%C|YAUze7m4um@)1EXZZBnMm^WB6lIUJGyN@!s7nCs`p4DF!`s9keYuuNg`eD!6@jT00;(bmr!a%Jnv~P(!~O!M zJ(+j1>3VDoBEBEIo%?e6;OlWvSEw!RpWSH<5i!ch_g$fwS(Ww~m=XO(|IERK2nck1 zK5w&Yz}t^zUh*)NYO<^06tA?gNrXH?E*ou34z|5v;5iavsLk<62>YT@dA7U>$zuu4 zB{;@#lAf#%r$uS=X{b;_i~l$mi;{YzsaOvCm(J+ibW;a=Vb9q<7tqvRdWKo4s9yUH zdR?1L^?>4}oG+oVTY{EA+Fwbdnc&FTEm%FL1-^bta5ooVJiH#andYx&xlS6I6hve6 z#PRp8GW!K*gDxgE*k3j4?!jg#i!MF46>06O(CR`jCrWP#PiEL<02)1gLEL-WTka5~ zeGla0*mbW+sRDZ|t-ZA0*4@tQz=zuc)@bvKGtM*D8P_q#FG!xfTL(4Wn+vb2tRU#p zHdm4+rbl2ct((isC$fSa#AqrPyiGa_97-&_!Pdc6b%*+zuIuuO(Bh~gg0dmaC~rb_ z!FI=$-z97l&^A{%0^6f;;zeCKLESEQgiSiwcIvh~QZju+)?Zs$SQM8TvapF!<_+|Q zMvzSeUzA{CShBL7@SvHsk!Fr#i=lUQH&hEU=V?eIgDZbL2}B1u2Yh|%loO@ciu@Ns zg7U&Itj#K4O>}RxO7sF|tJ5lD^Ke0ZD_Dp6E{Fkx4UQR7T6xh`@_nLPoM$U7BP}g0 zah1tSSOfhEuYwDwcZ>KQo!;6|uYDD50&wOzF3ZF<#lD%myDmApk(F-%5OCvxvezQg zU~dWTpcSy3=Oi)xU^LyKj+eotikQwx-9n5uEO34VQ{m$GnXV`!&S8lyn@F{4RL&nBrKiLpHN&g=6L5!Jd2^11bqoAs&G&)=qd61!fQlxgzu zih&yJ%h;bo(Ik7rr2RIdUy97$y}A=y`BCToE|bbYZ&X@_;PgWx`!dYVUz=W7H=es8IGD!C?)>gSK&H9>5f7*-?E{ZUxNEEo!;|sQjgy$LC z(`QV{R33DoDH1$wZSCH?)*pH!ulaYIUQveia}`yz>~`KoKI@U5O5B#t#tX8t=8q)r z-;xh4FQ!~cUA`!(>Ev%7W1+#_Lp{cGfCJJvZCzErYiqcU_0^5f3ToT5Itzq1CRp8G zz6okNpV$9BrI!3dknCW41DTw07tiaz(3q0#=(rFhUOvL`)slUe-1}9>AF&T%!3`6w zpR+|sS=;zMtyV7Wxd91u*Oz=})ksO_VXsF*fq6)Qfjt!#n+GPQ9@kfjb|m%FKn8Q$ z(smVWWA~pDDx7V4?x{cPG-l|jIP6kg)CnHjFSUlD{)lJRsz)`Ts3#N6X0`(w) znuyHB$fg{M=S@m3g6kF`ram9S?NInweOjWZ(nrl;)@ypXvWUkdoV~fb1G5B!M_X~2 z`@;8uur&0l^6K8Ff)sm2==fP1)2-LuVNTyBCuEUJ@LW$dkwDWIW6s~RPZqqEyW+Ep z6So$=z|G#qc0xzVk|(7&nFiNl;$vjB*7u8^QCqw+kXe6@u%h<1K*V#}$enFVzb%@a zb>GumEDZg?oC7v~Q~F2@=qQ(J5he>IL3V|7PZ>mr+$JF(~j1 z$gk{#1tRx(#-s_Bc{Uo|JepgBnc}WRthMb)nKUbrcH#+?w9hnaw%yQzS_#;Sg}FNI zUzt>(?Y{fwv}M5Mb4W<~K#6Vx%>SL&I~#@?%!Lm4##+nE2dEIAS(JEIM%Q-CZLhMx zr(BMS2P#AE=CeabmT8;{d^D~>8!nQBhx(VDRuwxA8?_Xm-=Bmf;23i#&&HUgo!h@ydv+v47m)kIiY(H znbx!s{Zw5bYG-mHOK^OQ=j-tgY_!4I(EA;l2--LY0h114UQiR`rw%UW7rTf9HC0r_ zs_V+Kmv8N-wJ)1+I=DZAbP9zg`EGu*lrk`9eZ;})| zDJ2KiO1gGC3uyi90tO#!?a+Sk1c;#KH=l~?{qq)L%5_AK+CVd2EHpZQIvpNVk=!Te z_0T`9u+p|>`D4IFizpwN8t7;lOg19bI1U=Pd*?faaZ}1{%vxf z1+*neZ7b3N$0Ux?8+!fR^MSx`EuOGfNd7qbNc?s-c`IoVDq7LhU5&TSLmev=2BxMO zZ5BOhF;|T)2x*%5NR7XpH<9RsR%oaBAYhiQ$gM7A>89}R3TO%;cwM{UK*#N8wVgo122o{7vy*XInI?N%7<1BQum zMi~A~nDfdRVc8>Itvi3rmAZV>Ha=$RsPo=-SWE6HSkkdQnClG8^Dc2i2IR9<5SX|; zn}kfDpE%4*FvJk2R)6Tjc}02dPC27>XaDVMeBbt8RiB0cG@O9LZ_Q!RI+ii&$ePxV6U_9MUK@>n4|-L z7CJ22q}%ZOIrodfYXY)LH^zx;wy7u2cV+Tz*Eev_Ir)OTMv9{8@@TNpDcNSBZrNq} zxT`au*GG{SC00Esd(9B{_Ad$QM!gP`STbMkKPzx3vS}rT%+voHW&+bv$5_gIF>_v^ zc?h9p=Avr-*wQF1Un7x7OKkY?^HS+CH|3>uHtQsmVb1I%K$_2Ro%q>R8?Tdcn-)jy#oV~+#(c-6 zMt_0#A{qzSrHw_YJgGtf>s44u^u}N&XI`Cr0fr+1In#%BjnZBPfwrDG9BD8yokV`;~V&?vnt-~9WIAMPu~`n=ZIJ*eZp zwVDDcz({5ct@`UN1?ck;UxdDOdYRue6_Msi5mm>++gzxC?PQX2GsK5y$wAzhU*%j< z3TWN{X%+T&NJ2|vScGJBwPVL1(^gct1Z*}1qfXHLx~^GId7o~OTJ?|g*mV_XHx*Gd zC;gt0>(36tr_l7)w44uFa=}TzNIf9GkJ*fmP-rc$5ON4z3oUi>@pj+<@1~VPY3u)h_qRcy=gHW} zPeX(cJat)*ndq&uHUlzuU{B~LpU_D-u09bL9HUr6C{R-6Q6Yj<+FW{KeW<^sW5g10 zx`OHn89pr)39Wp<7J_+QozU=+&f=`yf;iZ~SDo{M#>Itdh}dKMw|BjioL@w5!ONm2 zNnytvw1-u3R3<_lRq-D-({A2&8OXj0I!38k)pG93#g<$Uy9v>;qL!aJ)obod4S?%wP|xR2T41FP%_nj!96 z(ZCc|S=Bt)I%^&nbx7UiDUuZ%+%)i(+NabDSlC)TVY2ed?x^1A)-NQXh35KG?Y4HO zgdz!tZ`*PXv32~UAeG2i%48Vo1dCgiU6B!Jt@(IucCUf1#Wp-CMBM`3 zZW_C*TC#Nw2oe6CL?_r`ABbVjE*TkaBf6LD&e^6vVq>&CnDLOZ@M$T%V_@MQLMd_5 z*SyZ_2m3!*Q;3=Y%6X{GH3}BcSPBZ4j$BjGlMb-rPccYPxM&O~jjw0ktSoz~NJ*1N zyO;H-vQ8UI5}~hrz|rb7|2Lpt2fv%*M8QW8JnC4VDaAM?)*k67j9j0ujrcnHbDHm( zUI*^eiA8H#)-KP^a>IC;ouetMz%w8!T>30)HHT015d#~|+%FurDoVX3?CJNh5S^Lu z+_qI)>x!5w(T*0OW>!j>0=Zgs$S<_O0R26c#D~d;gB2-wi$nv0JwHWfI?BfwP4*xz zGm5{1qqp>c*C6P#=%P(%&&~SV$;6X+ynRDCS3y3kN}`bTidb)(XOkW(S=W+E z=&jx<9A zaIJmF57B;c6ZB06IYx7mmNBcnA?iEAc2RsOvsf1NNZN+$z4{5}(WSi52Ot_6}$FYSr>=QFX=@CTM&GtluW*~Onh*a_m^PGcHgj~o8if_=xEonJU-rv zpKcYO9U93I6d)nG3IL{y3y6_X&kc$9s!=mh=;8c)vHNsKmJj0Y#Yu8k`^ji-A@+tg zGmw!*5M#}EtEcT$Wyf&58XG#qQX_ZRT)kw&I2OyuYGdno+17&^F za252M$97_SF%RWj7(&mcXuOEadHmnweYmm z2b7C(>=w?k16-f{@Keosr7EZ>yls1Yr$mAA1%oJ#YNZ9R7sfx2sTd)-7aq(#(#nORD zREUV5=ppu5uYx?($m+~hKNtu*}@L^)3>+wd_^Sij9-L^PszsK z?v*EzAiuB}5ucoklZ(5qtA!PiN#4fG-pU5zZsAMB_rl)OL(9fp&c)f)1#ScPBm(lP z*}(09T13GBARQt;MSCYt8+YK}$->h{-p0zs+J;D4n&`i{`lPKByk9?DIG5R8AgzX$2 z4@ZsZgmhnE*2Qiyc`3PHsA_9eh6%qR-7n;^S04zZ(Gy*H&3F*dgtj9`09Fz7*16LL ziu-D=NC2$(YfzEyp)%BDoMPDd3J7#NFD;Q4ZNNiZXbc#Pdy-Xr1?ZV?E55_gfZ@HJ zco@^~I5O$52G4{)0=l>#=~Q%`=lrz5z|{QX$F^sE)p*!xdCoJ$HK3|9m+iS}J9I5h zWh)mBzb^1keKsDluw*yH;@%c(mob0iCSN7$yKPwfcY8>)+<7#Yv|{ z{;Lg^j_C+$P=8(wd<4za2X}MSLjTqMi{uke;RM^`5g`5X@ahO^VPq1GM%3zf-v`<< z7J6izH2KN9@5?4&(n0BPc0X!@AS%3H@!)d--bRePsD!U`0aLVE>wU4$n(7EqN+gE$(b40TSf#Rs>LAxaQoW_ z8-Se;U6_b`{-N|XYf^a_DkAikw9i4FmnHe+HzdDaCi;B@@Hg3&&U%g6oYqD?0N!NK z0I_-gp?)DxrTuLV@wd=x#^x6^+TW}QTo$Xc094mSja?w0%%z$X94K`7^uG2tn+22A z0pMG?LT30?Uesl*-*te-#XRTn4VDcDgnUH7Epnh?*%wuXMY&XskdbT#6`-t82`-A` zccsshgI9nI=G1DB0~JrV488Yz4itA-@nS-}f4J4ma0BR00~FhpmA{g7t3R8;5GWfW z1GMn0&j0SgZ=mceBNKU33RcG$h*Uf9@mi3wDcOSmePavYMc`85p{wj)rfcom$zLJ+ zCu9^dkcZpwk?y5YcU**id|Bs4yd--xoU5Ol!e?{>g zC++|EBae;!9~A9PY|8(h$#3>&mcCl`_a!~h2HN-8pPTr9c$tWaa6KTZ3plbTJs1GK z1v|*ZHiVz3QU61(-q=g)5xq$L~!g3uMr1l!Xv2v;VJd3l>jlV{@E1JIE4+Zoz@`G2$4Pcs~N?Fmehuq$tUh= zd+~|L6M96X+F2d(-$sAbw%}W}v{}sW56idTYP`&YC;g|gLfh6eE=0QE-mdyeD*jv< zs>=Hh$@Vtm!pQjKkUg5@uYSAr!zDr?f61a`g|}F}YJ;{}R8Mo~ETDZgyVS-&F9C2R zl6f&e&NTgJam!%Ci8|~ut|6HX#`G7fyC~;OUNu{>Z+9geMb8#9fWc$p1rxNB{CDhRN$ThB zZHWT^my5Fh%F`m4iCPNC|7)ARy!|mX{2udD^E26lVaVSMpbFd8093=`CqoNBhq6!O z%(cBS?Yd(`*FcYHC5zWfb#5)C0%H0pfB}K}S!`m+U7ZgCeWAMq1gz_6{$_k~TQKDm zpbT1}Sn?aKNka=SY^+GorJs27djPrYy#%CsI9lZRqT>5*10bn-K|6O4Zv=4IAo(jO zSWkh(tHmPC953K_0Le!=fZ$;}Y4iy0)wc+@Kp<509X%k|&c8IlsnjO`x+lAvxxlpt zVt^oW&^l@zbWdiG0P?5g#fs2Y&L30<@~hbBbIS}6<}!io&)CjG8ghnbMYCRqHB{V$ zCiQIx0ptAVO&kc>LRoo06aQj+QLlQ|$q10OzIXWG9V_pDGSjAJF9MSs3>CT{+$ z*N~%py=ajF@nFi0Uw}z+9L|*oo4W!4yO(rOZXUv$`hr_eaKlvvVeLPUg8!O>*DmKN zb>Tl>DN9|gsWDQK$A#1hWLn;nq<>ldTI~A5Y_CLtg!2&pzjuxYl4TTD z0sA{nQI$vT|C%9m&{Xok+(eFGkw0~gs%5sG?zAna2S)8NjfA%QJFB|GgoR)KF*e^S zrf^{=Ku}T-gkTWD_YYOt3<~^EfaH}F-9;S7v-f}XYT9QcvSE9ba~0k&T&Fi4_OA4k zq7=Z2mtnVV98IGY9&T%aM}CLN+|6VFgrOXE>@t2sw&Q=M2t3dGL#jN!A(-i(8K^U5 zskqy8B=H^)1GVGy_5t^$#hu|008Das(G_NK-{JRpx_LhP8ky2q_;L7O_#J^9OMm!e zvVMm%uVOBAYX{O?YraQYx0=TSwAB3bYFZ8SdR@q@GuJ#wUUu3yrfXd2Mdl_X^g%;y z;(5lMf3zhPB-%7sVXT4sN$NOvn6kek5yD`DMsq5xMwO^U$S>-JMvG(tsSDer4CuX_ zbr|P?d%6`*D8fpRFo_+pyhUU&`)M=6Jb>K?FaOs7zRuFPmlDn_llAf&O9@_4bTi6< zp)s+rZl=`Px;1#vO*4WH9K-uhCSor*w~hFuvc7z$(9DgW{FJ{~E5fmOMM&GdidBU>MUT0_u@6CPR*--Wvalo_%!m=bA|i{nN)rP4(ER; z7}s6I6qS_Gz4j^||16_~4(oW3e0nAR>R(-OSXtU_xcDPD&a+O9l(}8~6<_exCY7lM zKkTt?oxONy&)aCKe0~(bmGk0*_nP)U>+bfi6-gH;TXM>t zKRn>3-7c0;NKhJpXZ*%d0WzP!WopvD0C|YN%z>$lCJM!MJHqnIYGb-0kG$bldU(T( z4w~VuDszMAhyUCORxHeWGzWWX1KtQ9ngwznQsKS^gc#OD`_G3D3`M1^nHI~&VK0eF z;%EO__UGit^Y`}23r*jFWkhcP%H}^Wz)ZK;bCXme-mJm+Ow7*e>&}t+_jDy zdXshfG$iSOpBiENOXZIqJ}ZaPSggb2q+yp!oMwKBy}37=VF^AmtH)}HS|A`k850YiPyQENz3M%jE7V98?2 z<-p>>L`e8s>K&tQ`G@fv^XRW`g%vlYB%?%*4ILIdEe;=-{l(DXPeKXTf&N4C8~)&g zhJxA{nu?oyK&Co#_nG;_D1A9VBShxM(Ii42tZSLo<-hy2bX$+8YAzujM~J*Cc~yLc zh!+Hkz%T0lu;_`tV{XpbNN>+Xg!QT`{ptojl1yhA`SSTg#Z7ZxoIhYM4yf)I$x`0X z2h{Xvg8T-BF+R9KB#k};urefnD|%zAyJ%0bydIUbJd^$(fZ|CfeaKn zjedSO1PH|cQwjEXZ*8xUtP3tLnDu42;OoL<2W+zLJ?l?~9=WDS5uYQ+Eo`Ak*~r%Ouv<~J{IyDYa?A~ zK)!U3?EH(r`}F_03)FGNXy(rQ)!gKRvsupZtqiuTm;IE!IMK~j?QuHCZNjU5aUj>- zlHYyy3`F$Cd)Twpp~2}!FZnm+x84Y*_=@g*)Oys@sK1cpkqf8+4T@u| zjpd=!Zr+3gO!`+FU?8OYmBJ-QewW?uxB+^cwc$?=e?YX7?9Ldk53!g)(@vSkhOiJzYzA-&)AmA92ct5`cjKg<8 zx6%$krr%9}L)ou@zOa?xe->V}=~oc%O6?}yV`U=x^zJG${H>J#;cbq3RrALmM2;Up zzaO9@f!b9wVb18w^4!&Psln-zB>|&c+__mq_|?OylD+V^B%R(a1dcEB8T6ao@%aBk(p85=*?jFa07X$^ z0cl>4PQ?Y05-DkxZjcaRiKQC^M3x3=5Gf^>uBAZ^Q>tXb>{p{$Y3|sBd%xrjUGiEyQn~?x7HQ=;QEFf?_Qm{Qj97e@3SwYsj!Lg zSX9B>*uHMi`Cj8X2u|2s-{!OozH>WL61;DH=C!|=2^CW47~=$nnGy|nM9orTXDO$3 zgSeX3!SVV!Wb+o?6A^RHdbvn~M*P5Ta+s=7-fVa3mVV0@0lw#W@uO08 z2b}3&w@>ke=;38vLLw=fE;v?mPB3L^Q>GH58YO?fK1#vcI^3 ztYnxfXEgc2uyM-*i@uD3(OXS}RT8|S-orf`QDO^G{i?3rAQ@}J8RVH^(@NAHFK%8j z+Ki~i3&#wAlcG(VGT1Zxxk1A8w z4$uJ&3J@|peb3k@!JLn?-=~DCobN1mQerr39Jv_s1yuOz0>WVLR<%q3o{?_WHvC`` zeXcylncRR1JUp}c-PF)0PL;Gh%yo8jXdh}}Ht05nG|y3x*zw1T zaMv~EynMw(h@+Wn`nF>6G~9Fgop)|&rS<7|lJvtck%0!?Ac37EU8MiA7D(S)HLZ5> zbd;n6u4XK?=Ni0{jB&y3)S~G^N_=%~DA>z3JV@r4wm~Y__Jl?(30}EDt!0fMl3T!@ z+<_tnfpi+!6^Lx&*QX?;N$<1hphh3&UxMZ9ejSTf3x2<&jg$f&Qycl{I*r88H zdb)>r89MCXduZ*i5a@JVk@#K06I>GdPwMp*B2I#GYk>iiBaha^Bv8ynHL8 zFYI`Hx>e|1b(7^EU?xEj7mxR!QUhfar`h(h$`SXN>9kD%-dIC=)(r?_+-K4xReTsN zL#YZcGa=`vxsAOA`W45obT^%dO5T_geK!&-GL~w&kXLHDq{gEJA#%%*e7c5gF<4#& z0B=?tV?DgJ-AMs0i3!qqcsJPInB(g_{gRgV4M^*&#`y>H=PO*>xUf%+00j0)y&@N} z6Z@G42bX*7!OcSE40HZU9v`}i9KrD+YMpAuQGb0_pYU}llG4EEMY*C=LfwpL??NEBmFIjID=|7gsV@NG@|zKP91Z2Ou;3U)5&2(p;EHb$ zP(#Rj(?>a4#OGNBTV5SpFreV;$Bg$(8~4gc@DS;Y4g90$js0@atK@=yjvg14D*jL)u(^6=anb(8_pGg!o{tsG6NPHvFqdTtAX z-3ThMx=+X%%z&5*8U`V`o75!f4Nmf5h`%BlR&u{6_}L7TWsGu zOzGJy#9odsHyH(c?h~hD2a>zAu@g<{klOd9;1w4UG4Nc1HJ1|sKE42i>D^iZFF*DqXsSq1)`;Dmo!1mlZvm=ZOhYYJ~KUj65^1%99`L*WT5kZUtfz#9s&; zEvZO@=kDiUnhNGzV~v-iywySpQfDPrXIZErOhkF4#4BL+8xu_g9m6FE>fS}VK|u@F zUtj=JZ4MW9yVgSa0DY&tp>Ine3TpkO2b^UaZC7}&Ro{mE*s(+%mOHvCEB1fT$E zwNmYIhn{MOB4K5-d)m@rQ=f)(!zl%U5Ennf)xJ`s&e(C(#yrqK8r`OGs)TM++A$-V z{1@6zl;0Fz#*autHRFYOWDr7B36Xr+^GA*;G_!x*n$zkwB39F++o?Y*K@rF(Yjm4> zLz?SN$or%{*)GBk(aY<5Dt^*jk2jm9cvS9OB&+T1E!Fo_+e*VZuuR3`#fX z=b8qH^7x;kw0IU;E(|N@wI>yF0I=Lqehr;YtY#)WvUfhaG3qPb#=`a-aaA_rIm=>c zrU&d2o~I1sw3l}u5Vx3x3*hEM%d8N!U>lMEm}TSZx&>aWT2v2)i!R+)4e=dV@XUK{ zF=Ov*rq`Fi0{k!?<$pIw@T}eD%Yp@P z?>)EWrO}cW+Q|S#9UxUpXTc0<2{SyE4+(~~IKbt!l#ItDcuDkKa|FM1Z@uNZ|6e(N z?8F-Yr_yw?!J_5w_}K}ev}~mV_7}~ip_`Mfhm3<;O2Apd%!ru6cbEWPPDa7TJua}F z#!Y|-e(u!Q+qtcHSEW`-1^6Rw%>v*&)_?OZ_&DV3GHow6`%o*RCBt>wd>@O>76}2) zouCTryJg$z;_>CG@BDGy4YYZ8txHl_@1Qj@D8G8vqxG)&J(^-XtKb>KAi=3R{%0q!DxF!w$LfJ|sS00e|3|IV~e?aTgu z91SU0^E0PXbE5UmB!uT*6~JS>Y?xJYMGfTFhq1FSO)h_b3PKGNFvNd(UepLRRqqU+ ziGS5amB-A4q*Z|%;IMR2lzehYi3D*V3(iWJv<)dBQW z2!Mavk4W$=H!!Sm*R6nK3wnW@PqvWKkBX;53>q8cZ0b<}oMAC+8kn{oTc!XYcSBOq zWOHN0zo9N!@;SRYmzFa|c>m~{8vodr!Un@-ihQ|y6QU+#K(d@Tp=HzcwnPV`IoxBR z;e6smbi1AUD|A}zJc|^V^MMq=Cu;4>?)zGiP+RF6WA`wTfD$}7G_-T2L#R13EW62e zlY?=nd5^l8nLr_s&mtck%wP$GBzT5SPQp_Nm*iDr`(ih20W%kl(HOa_1k?+~M{-U$ zn#6NdV3AeBnpE$vh3#TPpX;whb(5Q{I8%7NTh-G<)zApoAo!hSkZld7{k`LQ?+$?Q zhK>wyWMmpDP&UXs9I1%kP@p!#yJ{okj}DMG7kT)!=KCY=LTNKuDhPBp+Fu7Q6wo)J zs+WYXXjw&qr}37J6Z<)Z*O;Y+N~hP;oJgTB%v$Bjw&^!v80=Aa;5`W8Bhkfj-KWPw z*e%9b;BFOPN(ZD_siqy@sXW6>OuZT3GTc%Pg_SiBti<2nVy899cF%WpK0aqqjcSUa zjFpB!a_eVKb_xq^c`$fvVrE8^XiPLa=HfY}?>n53p~hSyukj8h9COyXDX!H#inF>P zc)C+DJ~8ggDVkdv{-C2OH5d#7dvsaMx$t)jYqx9I56TQB%!JxtA18}4>m}rps|>Hc zVQcW{2z+4Z%?o#&^MXRS+i!k=>AGi(4%nf?ejF)W&vYI^T0=`HHJ>EHg}O8% zr%<{nO0@97GLs6%1f_7Tt+SDX(D63=LXR;yZDiy};5m&P>ilf7Tt$EvL`q#9G_OqF zQ(C<8gFxKzjSLeOU#hNCc)r_K7A60NzlaJ1UP4d$V#TNAil404 zThJih&|u5djOaTVMq;`19`BC(EeNKnsiN>B9#$E^eIciWIO=IR=z%jCoL@UbiC(82 zeau7sO_jSrFEnAy;mKGgz!O6i=~OMlZ>7SLSDm_?W_#07z&IAE)B2T@ogQ&&Qaq(G zMW3*YjM?>I1VU43ev)t*RS-Y?fU734<;2xe!_qEfooo#Q98AIOHLihb|bK$n;k^|2=U zFQDmcyXnM!zG16cc#-PgPYy~Pt5;U)_C@eo<(db4E#I{y)VH4HDhZpkX-T(XPQCtg zKeL?!7ZK1_P_;LJ#Nne|3*7JtK2R zd^9g5{FuRwKqn(bHz*&VBU*nE!pN%+Kl*KzxZOvZKV1{ufY1&x6LQ-UC!G{W#g!~@ zk{4h@*&j{!FC4o)aYHzfBaoZHhLMWcV2p0i(M9AP;YiqEbK&49%}vPo$l13kAfm_!8I`WELo)%%pt?1)$!!yiK0+Njd%n(d#k>M5dTDtRZ&8{WhfR=^7K; zvY;uR4xl>L`#VJA;Mh97zLQQ3BAOBpwF={f8G^}Vjq9QeFox znqb)?z?q>3b>ow&RezP- zP91@|9PuF8!GoCEe2|w82;Rt_;(7H2VBO)!&PX|cqYZe8$>D?W!Pb91=K-%aX_K*lhj)xE!t_WMrguWw0Zi_RwYLdN2T^wGK(&9No7u4O z*Xv)pK}6)Cfm{~)b+Ty5;ynKssG=9q;g_LM8D2kPngH&Bgniwy(mYq{NXVynT0end7 zPjp1oYoptAi>rhZcC{ffGe_6T(sjj!XLCCR-ix0zQ8&%cCBce6upjm?1ob#z^W3Q4 z{^@}a1}5lpj^0?~)z(XpMSK#e3(-azx!i*=rt?NI5k76ms26wuv+viSMIagAf7iNs z&(sFhu3b7o3M{3GmK>AY>Y%38AogaXbdTi0TAt-lF>Mt?7`cQa*?-!)6KuF^qNu^d zKW}H>!<&gpM~;wJN2{)lndi*gdVC0i2NVr;+Q(kS~Jf*n~)o@3+V1LP6touKvXsK*}u4c_=>XF!6JU@ z@1RO{=ZBy&-Jp8{4{*EsZHJ~pmA~nG|1IVn2XK78VK1FpjoMhE*dM)7V!a0-R9idb zXE^NLvyMvZS+{cE+%xYzZ3wZ?1vuc%S=%YM8ok%L_yN6pVho~!1cb!BHn2u?UH6{Op?w+u^>8#279Gnh#D>{n?h@{c82=o1M- zEq^O#bKM%~C8A;e<3`ew?+Lg6_#EO;?Cf*x)tc+wf9#nE@l~I0&u~_snyxx_yMg1J z{6!F#$^XxNh*x&FN=v?-`<1hu<$LK_$U+9V0ocGjX)my)9_8otDuNlQ^O-oLt?34R zdNKK_fYvb*4-%vB8qA$6U&Pu(sOv5UY-CG=y24@r+-3VC4ZaOC6JlIoZm*$Kh%y&U zO$!0V(;M$qT`0-mrVHdkX@9*p?}v;IgCQO26Xn9To<`24+W;9jPwya)bUs$P}SG|{#x)qnbLxmn|kWS|kx z+!Cl20o2d&8~SXKHq%9YFh*F?lARAq@Z_`W*44!|#eOps-QmUGkEvmNx?>80*`~}o z)vlCqHCwdO7cTUi@jG#Mzl!B;GonQ6f!o2$_;@!Un8$3{t=~sGZ@*((zfm^WU8oCQ z+2DpuFmNQnqYHMOV!k{GwbTJTj@l+U>q@u{1?2thPfUc|qHm#hM|T?Z$PJl6Edjs8 zjyI4D49;G}*Sb1QH;AO1a_zqoP@T`_i6aM#_jjV11LI0zQJA>RO!yIxJ^Q^Po%wNr z=cR{7lPkP0BRA9K#Gj#bbWG7H? zdeOHRBzVD+-hboyaGA3a<3gA_^fw{IJ19SFF!*xO=FJq5-iL7k{VDndD$;FLD%odw zP*z-KQ-8rjJC0WF>F;=uV5qUCywO{#NgM3ZWP;Z2?I8Ryw(x(?&B4F3@x_J~?3)N* zJGSoPn-JuDIpI2W+AA)Mr+L+?ett;j_XFu_7Y6v?9H^BIot3EXhX)F#^qH9xb&j8$ z@&8+?EU?AfMR#y2zSDVMrI<=_ZpMy#9K z4^3)k7i+kYNNxus5<=ONhjGj!bNWe_7NsGGi1a9SWET@I6aEN*oqShXStCv5CNJ8N zUn`UL8unk3V;wY4j)&IlS4WSwoedkU`2kg70l*RExq(UEja%<`X3C=L(W#!hh1kRg z5k^l}YqF?Vy~FAVd6@`5Jc)+g$pLH)j|>yx@JR_s9J)^@8~?ogUYps%&&Kv0olNyly5C{tb#H(t zn}f8BD2~CodQR~(8}1earRI^PK!V4SXq;Blv8y?)O&=Y{EWA*}l`Udds@}YGpK>RG z4#Y&TtN(tm-)#vapY{w3F@d~P6Kf9nH-7h5%yEK12 z2XbgYci)K)W%=bEWv3~aR<8$%iG)V5zdqTW+v-ab(`g9w5>ld_46c>Ufs2e%kl?8U z=eqE*?$Yc!MP-H+@>5(v7TV6!Agb{r%_d3p8yo&q@Q)h8k}}lIYRXtRSkPS1uOI}2 z-1%zRkl$OFQnB>36jdn1x^Awy(dVede04~B-xLN$vV z>YV)@mhaiW(>+;ySH*2!XSBwe#fTM91Pk>K*OsNtIRZvQ9TZQ})B6*{s;l{be2b2w zarSTG&@b<-niO}6Orspw23WFF`w>q;+D*vB?**sz3LDvI_OeXnTonYXd-8M&jUPYt zjE%NKp1b@0q#nRO%p?eYYQ?%6tpY8V$-sm*2F|Mn0-o!9X*~mK$Y_V{l>{IVoNlP* zqel#8)KfuXcrHlcrZQYYP4N$W?}iA;fJSSbDY+e&{X(z_b2dKQwUOhv^%8jkJp3#F z;@|8|O-nIVc<#%NbViMDXT;C^f>G?C&Y1+{Qx7!8?p0+A=>2*g3WtgdQ1g^}?$iXO zB>|lhwF>~~5Qrs=Ue!pe-y(v&jQ@qUZzuaDbiJyQD|=|G+~&NolI2Z-(+17d<9@9d z3B(Y_qG~Zcz~8P4$U=43vd9^~G3-4eZr0$!L>v8Hbex!eaK=ly01s-1ff7Xf9>87+ zCn|~xI~T;_2=gklt=B>Wy+^PLdtx{!;qsb*_>iBcm4*MRQ~ne3IjL{FKTZ_N`HYnC zfB)xh0ssFw+7nZ>s&9!P_2Z{qna#}hLzq95`)7#!jjX3&sTZ$*k*L{AWxbG!_lMSo zrcpfLXN_ZXYs)i$K(vft^vgFW<0JYWsf5XR1tm|ldnogY&M}nCLnz0{x7@+r&LcoL2J|otv zPUfGb>$iR4>Pu3o7(IeDfP7f5D~MeDvN$IUcxs=jezl8^ovY z%9f2)?7zMktqbD7^GNU@vkhgFBW|ULBpv_VZY&QzlPWt6oIfk>GksSQdAFzClSyHA z4A^yyF0(Z@QGE8-#aFra3ep}JBc7@Fq(he^tmHRbxRx0@`p5Kj2hQ$kFcIqaIy{0r zCVysskv+9Bof1j2blPM)bo84~1}l5ljVE?|%cD(8n7nrOwgH|HOSWkyC8!DYN5rXK zaZ|B_(;CYcJjAGSOk4sr^;c*aX|*g`*+CW7I1m=gLpZ{L0`*?7ww!8p4p@fVbz8 z%6kz(^7Vr1v}uRb|LN;1n%xoc4?+T$t1soCN*Urt%f&*Ka$hHjq}J7hq&P+#5X#6!HGE!bzL7UGM(&pDGW3P2uzT`W8h71cf&?U zbB>p?tIG_wTC9L=BKDf~)JN$OD8s3b!1!278HRB)N2Yn`g4R%On3i3UmEO2 zP`O6KE}r{olWZL!4(dW&2v-l*Z}YO+(^Kj7@|w9#p5x~m3px&hRrXZ*MeNU5-y*XMIb2-xSr&u@rCXp8aZKaCjT zhj&SyH@US%O8?4`n&B=r!b}(Sn!FfeUTV!ynN#qb9Cv-a&b0iXllOW7H2hv~Ckv(W zV3edK;s04yK7Lev=$|qWeq5_A^yJ>RqT2FRr^3>xN8wUFx!0^(eqH50NyO$R;-7Gv-oyy&N*d>lb?F;KF1`hg606+C_^f&Dq-l99QT&!qLP=T(UoQQFvb^r&+xI4CFxnT7e*Y4n zzfHJ$@{YN^Zt|jb_F!Awre19BdTsOf$r~Ei@XF3o0o>GUi)E*EiXK8(_DBxnBGs(B>Hv_;+) z#$^VD4e>g-WYbgp++1JHA0Xj<)s?xbmh(39K(Ee{aQlK+a%yD}x@|Q7(A3@i^rPKx@(Nj{u4R0k{x+!gJp$#UXJnJ%o^S{9j#T0`2Ef&$L>X{GrCzH#X09mS^N3&LkNcJ?5Pez7i2YGheeaXi62C-u`H4| zjhXrgf`ne!#rM{F)a~(`=XgS-db+P>3P+b1%9ahWp>$~5rS<@ph;@7)q|6+-*>W<*h5`vj6!dCxN5WN3WLXMmeZ$+?@y zP{Rjb^|c0ipQc~49*Cy=?xn$7M=YY}WdlhOgYdNpj^60v{I0t$l<2SGbkZl2qmNEF zvl-Ja*2Ra|dL;PXDb5ry*7sRA6}w&8u4^}pF5O&~nC)y@7!k2(TZ%^AL`WEQOW=!# zv;U;eDP|(XY#PYVl+II~M7a7Y|5z=@_w@gS^y+aW?oA+{&j6S6IZ`Mv$U-d$(m+Ki zsw*nmEOM!^_Q_QwEXFfXp^Qsc@yF#)RT4a0)GBolXk*xX{WU6%A<3)eGq;72Nc*zB z-9~cTvUnuy-QOxKnP%fEalGRCB4xn0jhll*g?rFN3XGvVw-T9L*ytPI@>0tfdApq^P_g4Q4_$`_YAG+3$Oge`+||z4f?i zjF}4D=+zBsqW_$gec6ce!dArdF%zPNsc!+Cahuu%5Ep;MyM?v27BPZO%vse!;VT<PN~O8J zt4}{;u+Y57>;Ijv9AD_-_pUtW;8=6xn{5N-kAAYg?JO_GaF4JEK}EhAG6H#eWLfF< z;LPJZA~T}r)lt{P=@p#%cE|e1u;T!GPpognoBz7?IQwF;OGz>pba2yd?Y1pDX{gdV z_|&D`4K~*Q_3@m%laLSkE+n^9W9MYzK98eI=gub4u_XZbS9^Mipmn~o6^3Y z#gLjSPx7Z)^J_-REh}E^iCjjWVGB~nqr9LOvIYc0T-X<+1>OqJ+T7c?umlriR9)`@izU&T<48c`SDk#;7e+d97i z-CCd5=+5O+i3vLtf7kPPb8F{ z?GskK+Hn;7BcZ;jg%BkbuZXjVg5}5U)Z@cQpUo}~X#E&_>^G4E?>eTM?5@6L|IeAaHs224 z-CDYWhHgy4Ss!$rOO)=h@yI+NA2Bt!e?u?UO8eSl^967=VC2>Hld4)lgYqz&--R<^ z<{Qn6vfA8P+xgo)@5MAvN7U9yh?4O~u3!5qHRAptoM8#Lv?_rn*Bm z4JrhED?bHRs1@VVvZf1}$AC1Go?%8tOoj7a*S&3lKZ+KA9{3v9y=o0x{-&ztJ~rTq zw?dyqk9&W|4KSkJfm40s%Qs2zIH?q%pmXdIpcmdftd3R?|B$Al7kp*7t$zb{Ogk(E zKe>5Wz}|%yA4L6VOib06_U@%5P2iDlgp)`?QUy(iWk&g!Mh0UPBd%3Cd;Zse8dFL! z|A$R+SEe_8%BBtjMsh;Al22A6-xudP=X>38V(XWb4)`>CB69d=0h>XLh>F8nfl^waQ_WS-Sv%7FnhSd?KmOz7fR4&B+h+Xh zwsQOdPdY@*G242jYDxO+11q)PuxxQ;*a=W|7Z!}X6FbyfnB9%c4}sH7s_Hfj5;w@G zyPzeTLqs~s)iOMW?T+pFgP4mzap4Ty5tici;86HKd^4g?W)fy2sUd!E8l=O3pbOU! zx*UnkOLuWN-m~QoS|nw056Ii)U?PkkzUpWdg+}QHVXn#pMV^gFVXB`rsGf4-OeZA@ z240*RJ8bpq;>#S#KrQyb^_ot93D(J8ecj>9qE{tXilUreO&@(d^lutNqeq4Kws#JL zD5a=~iE=I9NK3M2%*!)cD&1Ezb04mv$L1&~PieljXRrEh9SH@>u|3m2zTd>BM4u|0 zy~LMs10k&{`7HV6bS6Pdo;an2huD-k5hqj1Q{S0(4Bcc{n@J;nxrL4ez!e3$_>l*O`BH3`GiYrn$7g#T2K$-qRkS7fFqgU|b{Q;l=Dhkoh-cBZK*30ZCj=7q zm?G&jX59O;`}~hDK!zd+>dq0P25xbC5~5vNk3sEg?MVF? zrsIQ_+>b6$<#YHia<-2M8zO7Rj``q23pz4KHp5{k@@Zj?rfqjtoluMaNlHaoo~i!b z)(9_9<&92oCl&FNbnK*9XU=&JHGEoUP+|5orP_hzFw?tes&Tv~3U=kx%3;XzsV=F( zD(QS#L$SnxsVqlI{Hu6%ibds?5ZV~#{*66 zTA-GC>jsOC1-gxPeWb^G!i9b+2z8SN%;`1@nA1@^_3!9V@@bdr;Xh0zpL*M=@1*Eb zfLgQYp|H%nzu8A#eqy-kJwo1qBfhtXQVXS)ifGA=GQBpU;E!}aw3t$6@{TrLT6`4L z&}~B4JZQiV%J4^ZneWbKRIvo@3~I=xeXdK3c|teH zX^dQ`!YuUMPh84ZJoe=X(Ja=RLh45erGr5pCsH<#L+)}|C)1ec`4~9^oPj_>vh7eE2`Dq#tNax*fwrdu_46Os zt1w|j(x69UNQ``&s{~XDF3@5H*S{p*1w46w#&~j{u*52=G4{-qYwc$uHbf?sq})rS zt&?*0kXt8~TYxpOmhdFr`@zoQZY*|{IGr2A^GPpS#zceRRt9+8YYG5`^_oy;KYwPE zPph~!5Bs7eT{d1Evn281<|(mO#93RSw>Wn4IEyJej^BFcP0oIT^>N1^#mD*9<(O{@;?fnh}J_de@zF*r5Dc$suTA?tH zU-D?lCx@O==;;M(5@MqKu9?!=JaMPC#A<+n3DXnUs;v)eDwiA#7J-P)7|TXfeg8c5 zwsvpa-!-1Rj zHT7eIwoSk|8X#PL3j*suHbhFNU;1Ki{~_nXJXp5-b)`|O zFMf(24Z35^x6Q$wP4h4EH(8^WPfvsLr%YG=x>FbkoVGu@3M>LbQD>a;jH++*U_`j1P9a(fj4YdmSGCl!` za`Krd{5#u4*SLv3gS;5F`oh&D+fJMV;}A#R`trpd>w1vQVuSB3o7$sEUu^%=Jzt`{P{yg@K7A}>VQN(DIHO=~E&SXSn;&}#iS~8x1 zABBx%$LxGQ;Azf{sJDE3L5mn{Ofq)-;j6#j0-ke2q@4T7KhFzqmpF+o&1jSo`vpsH zo8D&M>zW~g8kWzV5FC=g%KbC{kd?^Y|7!o4L!yiN*`ETPX}vhZ|Ba-u+H%;OsH{NI zP!KxZNKhbG_pxP1!7j4`@lwy^C`;I@4ZHhfeaU(;?U*MQ=6@;fN~Y|3up72qP+f5|!+VweDG@8gzOOgiF{ZbktH)BZZd7aRwT4OE4Rjw^>khyn;mZKXcb*BaQ)(z z%1RMX-h@TKP@*1UBe@+|wvSK6skhIh;d(jd1q9DK{7qD*6xQEPl+7*OqSSPyw)-j` z&+2zl8f4#hRT}uPy6aRJXWF>S;cjLW@}`m-C{=zM1J$l{cjV{KqR_gB8X4s4$sE6x z;Mhmsc<=4-^efNxCFL8uCBoA|S+A-wycSTT(FtXxJ$YAL5&vAQw=UlZ6GQv9L!Gi2;M+KH!bPo0Xum5u$K`S5bVeqte z?`3E($dM_I+l_V^QHL7(muOk((_cSvE$Wx{p+%@+;iVYo5QD2p^C+Md=BQ%=lHP|V z)QJ0pyi(Yd>@Pc4a$+?R9aMf>N5GG6=i?>Sli;1Yro3%FsBkOr`NL9l^_$~7W^iH0 z%K&C_l(+!1cHu#I|MTmNO7s|=_T_=DPfWJZ1y#`Tm;JEM#k z!6+ly7H`pU=!&l@!apI~G4~S6(O(mD+MY z!Luw-c?K2e4Ms5mV~f*kDUXnAc`M}V&=-I99LI>wav(M%G8R+vCCy*n%CuATKit4d zQ6GN}3ec*b2R}D~zG>gTQMk?NYD!E7A6)*jOvRVNHy6iYAey_yxc(r;Yo@Cl-!(OY z0TL%Hy#Vn*FIDP}{L|F4j~kYrE|5fv9ja-cUm;3zxf)uIkMRN@ zs{e&)3i|K(Z+7bm&Fzi~%-M`yqD!?-B87N>EJ~)F^2& zBT^`ct`GcGCa%)Vf3C3}i`KU|y&cRUGgg^Meoyq(#5|rQTO6oLbeiE{Y3p;<*q^wieR@W zGJV?Bl+Tf1c(LKX^lxX%-^2~y`py32O=ECLKMa1FV?dy{omsQ1iuD!T9nxfwc#O5J zGIl<%a@u{teDVtdKEJ_IYJ>fd{_ulBb0*!7Il7G+f@0jr5o2+s3~kzG%z0}@L3CnD zA1Li|n-jfi8u+$dP4&;hFOJB7pgz@8e9Y0E7J!Aa1edI`k$}FC>;LH5inoeC_1R(q zs_t3yl-a}D#fmngUVyfPV9-qK!R?4q<+2XRj|))f8sG@osr0>BXcytsYbU;7=#=j2rJN(K`PLSw%ua$VL635H1;ZJ@ zzJ!O32)qGDcPJRl=Y%TY$X~Mc4YPjjQTf04_)a`D($zhag3@ie3jRTwS;&iI|+77FpHKz}*53k>|@w8rP3PuBS zbBTYYzb63Nxq|gYJ6&}oSa7WeZHCb4DqadVQjgMsG>ac@bI_r5s?yV@;F6|ZqPQbTLxkOMRibRkg#e5 zK<;T{U$3dblYI=4Gz?#_OYC=P+0@hR{qk9k*9l2wRLOPJ zZMjoo)G3hU?XLGbnvdEJrhbcj+zr;$?+4OJOCS$*BSFLn{FNoJLV+GeRN{`pIXOGV z`m}a_g)H)sm2^P01L}oluedzj{fL*cQ1oPuk+_L(aYe=6DEkka0WUz44oaD5M27>T zYI+Aa>^uQ|9`$uc!r7aAU)xKNZw^6+Al5$;CnMjIiWx28H1#axQL!j;7F55*)eKz_nq0kQd1!Nd5PJqp4;He02t9z z%a*8Gd>L_uD(s2IJ0=^Dvkpgrba*exW42n;Pn524Ar2MD_Qlz$SjqOy-?I#^YCunV zE9l55xaSts4y_r7i*4wPqhKd2hwoCJUo3>oUZ8pzd2#O@*zSYn*C%O7YKT4a;OzC+ z(H#)7JhN@lkqA?6_-JyBapn-uu$k#Ze?>~S`LSka_UfsW#37a}5379>LT2R?u@%3+ z99Vh}Yfis&sqOf3=)Y!Gx9(n4L59~5f{pVemG5Y$zV8N7^V%uhTXtqtcw_NpQrjd0 z`-JU)#C$jG?ROX*-qmD&Xt^FS)Ad1)g&BzI{@zvLjissWH9P(XqBUnc6Z`gG^SYW59oZU11|k&3Zyck#Jn>#J6FyCSW_13hZfxqR9N%M9 z%YRp1x=n20IYzWZ#fQmrKfR~+h@~XX5}|R-r`y1z+!X0cC^#dbV-B`OQbjrbT;p~N zN6TY)IsPGNRB_u_eSHcdt-8_os9LthelB9bxtB;fT#k+8`5#n-f4q*^E39l@j79}A z$vsq0>^xTRJFM=J^2hBAl&I_nlmB5$^I@-AFw+9xx!D#mSh>qWNro7V7RORY`H*iE3#iSmqlR4H`pwT=D{Y3MWk19Xt0nP~RQ2KVzWi@KSF1uBC$ z@4A2}*oou*qm;aO!{U#CQ{eT>pXmSyB9+wr>$m-Z2BHAJ?7FvubP|5XMEHPCAyFmV=<7j9h|OImw4|0)Z)XvJLU)cGM~JR; zZ$S+;zDHH~G&IsA7}1N}#b%GQ*N%ixHE=fnHqtQ{PpXrvnj_&gR}7D2e!IGq~RW|;M>1}`10gH|_`i9=m+=MQbcn=l%P7pQ1jYL`6=@9S1{+Na*+C^EB zgwJum+mVlU3K=kEjY|`_R^Pc%dPZGIJTUimaXG83$|7K>>?lcmXZ|UuEUZ1eIl)o; zWJ4(LI);l8_i{qZT5G`j@MY%hzNYB{`|Eg&#zi2EL)W%*}knGl>xy2H%W)45vG z0nTm^DUsc=7o|Ta5${)#%Aq3dPLX>yF9p3SWy@sA%=Dc(Po3NJjI2F~tY+yA$blC|UQ_?SCBy;mA~AU@SLTI%Axg$kTW z zMkD=sFMF-ny}sr`z4D6(EsHCsC+H#ltAH}~zANn`4DehQ@uEPCkZPZHk4C}$YldzO zXxzKP02H$O2g_``vT?n?6KDxyfT;81>y6*lE;VHMhfg$;F+p5$Lgu@Y&KrrCvG|D< zv&r@dlS%iM>DGM(zB8KJ{_$RqxVI#dtiy9ae{<-l3TSnncq>OaK>fRe+7|Biu>W6w z^%Uh^OH_{Tt@T^E{El+k*}bAvVTcfq!2}O!NyDAl$l~UUG1Bw%^VOe3>ix^Bo87Yf=rkA z%MA=gK=Y-tPd&)dIl1Z6s#VR<0r4Y7AC5(S>w)AFw0dB|!(D0mK_h?~17~ok$k&R` zt8MI!K4}+zpsI8${jv56kDrc0ZH+qG} z6R*qxw1alo29s>tAe?x_3_u)IW8iQN70Isf_}kj*M5$UZ0h>%#q95!z>(w}*Y#cbZ zaBv$YjQ?ZyFo4KJ$=!4fI@sn;FP=!kz-nq{ibe>Um*9 zjm4-uTGwShoztV}J?|&d5@V}+;_=D2rtBln>(dSM+wQ!Iv}|jTap#kbtWE=waCY75 zAIVBMpj)OOah^=`i?alsX%CrjFY!U|s2WoFu1KO2)?fPUPUC-0&f)oSj$H2t z+pfwjj##l?R^}^KvkN=UrgTrMe=`?k?b+Jc0o_8cKz34!{=?8$JxRF4x$!WpclHR0 zq4T`B?a7v6TO2||)>~pm#M|woug1U(ERm@Gb50#oQTv-07}s~Q&LivUp5IbUWd<+O zY5$QrEz5D%yUwY5)Km@|K&?9()o$^$vPkn(_WxM=3Wun^=WRMAgaxEqKvE>6LrS`9 z>5%U3l5#0Ux)%xQT)L#YyOxq}>H6Kz_kI6?bMBopXX2Te=b-z&75btMP@ZC17(maetv?Svc7~?<+P@ngG2}F`nlm0_IaP z6}3KFeaUl`IB9Kf?;jPsax1>9O{o1Bs%iJ5<7ywgMy+UQs$zV)U;!e^f&H*D8H#E& zZn=0M8{=g>Vg5E>V&J+P^Z{)9K>i9a|Gv#>iWM8Jm+h`|%6`{gTw+cP$Q~Jq^eP-0}@N!<*GO1)yN8Y{Oj-SGND~|x6sMjGF{r|rmA8TILar}n!$HH}lQtWJSEz^*^ z_qs9rC-l-gZ){!0!IeZ>UTEiF(K0X=Rr;{@8sN+^chFmk{8|RMc@p<(G7o^5Z3uvb z@NLD^I%JxndH2+W{^yPxyP1|iO+sm6EYO`)wZ{+B5F#!sZAV*EEz14tW=$#<5c z{_tc^fB5!{j2oaF?G|3>c~@v%HO6B?vXWT;)NA5-Q{5s!hjrcNCI<`?$7|UQPbss3 zfp9u`#eo-d2E3{ph75FeV9YuJ5NkSL+>7N!^RK@D+(jDw$pR*yv2BN!yq#B|LjICq zG&6$n-i~uyIy-e$M$owwsP%q{mJ~>4wRQFghnEvwq}9l)(IDSk*&+g){#2uh2Ch}? zxQlRU>Xvmyyr@wVXt6vDFQ#$(8PYnOKDSnUi1h{39^rB0-G-I9tyC8UdM`Vv8h(bN zGSH^^6IS}uaHQuV*)@M#Uzv^Cyxy}25kR!|%c_WVR0wcV*6lFgFuF-C9js~-FUvslXpzOF$S8CM@WB}5u+S5OD z*u8+(38{m>>9yL|AI^6B0Qe4GAieWr?+@R#&vUs_Il3o_hnpToG5>SDs&()+ z+Uj97lG?XvQGgihiSY1b!?V7X8p?uNpNodX+P;_BZzm42eTm;u@*BDm0|Tl`OyS^x zkxU8lMCke9z2uWy)NZB+P{skD%8Pw+N#NINteg@q4GR7v*mL5^j$ha96&n>wazs*V zAtm9_By#Hu{V@oP&zSyP5!uOz#cR^8MjPfl{^9}x0iew1gWpWXS=U>MI$ZPBXv~fK zgZ>};P@`L#cuP17dVzj7o`%<`xg|Yy8L0yUb3iKdjx`Yz6=>(AdJIA``fA!kcErAJ z_P9s~AgP;-rO0Zks&BX7VC-zMa}l_@UX`W-oILcZ&eJWrD_sOd<*n>L#XPGSIt|?T zpq;%#zN$;APt29h0d$Vd5k4Csz_{Ig5tw$_fXxuJjOaf3gk&_-*+XW(W~ayo?kCed zuBNbU-6upOL2-HJ*qPdFs>r{pT>&T%tO>8qRTF=p>a4B(URV4vxkkS&1qwFPXS90X z=i%W)g%!;_ak}~q=)cQp^wJmB=qV)yn(EtHQokYtE+H>%7qf{O<09r)?U9x(BzMwkzbYK?Yxs`3pZp8gb&Ag}BX+e2c4`*-2-7_ZukL&YwDwsn3pbfq`IOu>L`il~Zm*`g%$X;3-@U@{n_T0~e=`-FXmepDRs9>MAeqrQH=Wl$Ek$w%F%2Bvt>#QC}=j>j(-VhXaN!$smpGEfijcNW6ON zksQ@9nFg3ley}j31*siAS+(wF?L%@!wQaU>Qxq?aFvWqO@tEo6&DXN*=0yR<@=4z| zhaI{m(#OJD&k=J7KhsBnm-bXT8Yui2d2qHJ7!y^ly@YIvSKqi!_mfGndRjii3LxLg z$OP|f_2zNy9*YtWZq0GNOjF`|d=`{nIiUP8JxRQ01z{`)dDCAXLAxG#+dUwQw)kavQK}{O|VIfoU(9UEZ+#&N1)h zt4$0v?>-=YgQ6;Y;q6~Bs#hBZMB~+DuTfvdFHAGYB9bw@b;3TEb!AhgrKprw#qeT` zHmXkX_N*9(J|Xf)FwN22h>pj9z0magDLoaF07tg~Gg;~Wr755xXXNvaKlbGxx!<-+ z9QQ8;Mp5SyYwKqQTMRpe$fp3g-slT6)ICZMNAM*y5c>JvX)9qN0T?YWeU==HwzF8$ z)L?v*7n4Hi=b9B|yuL3xaNWR16l-EEk7tFyZcc;`jZwgmjxd>^{(C#ef8T$LJE)cJp{sDOH2fiF;>);D^WOC$&+O1)GN z17sn<%>Ob_vVBNuLA)Zdszx)SL|RuZh0E(5)9_W&a5g2Ge`fm5i5>WXE0C<`OVpZt z(B^+3;5S*p-;z`^AZM34+5*P^R?~*a=5W*j?LBbmvaTn|z8P7H9w0I(ymy81M-IFt zH3VhoOb7|&Pjw^?q@cd+=X0uy(XIOQ%Yf?i;oIHiJyD^iq4yk|b2Q-(0J9(!(5^wI zAyy4^=8U{-$9LouU#U(60;@Ee7>kYHe>C34?D|0{Mp#mLcjZ_TumqHn_{ENX-FpL* z^k$nZlEJecHuzhYn#9gI7pM#-PU% zrO!tOsRUrb8jhXJhr6(4wu|LRs`l4dfL z>f!)q#;ukYa|*O{p4JR>gv9tovdWrautAIe9Cp_eu*q7r0SBc4FfeC<)5^)B<*br2 z(G`}}TVDw_Bd~O2waKAdqd(&f|imBtC+BTXiemEYkyNJ&`#8>up#+iT`)w}hV~ z>09Y`usZY-0bB)1UrQD0D<2j~7jtU}?P#o40^|!qmn9`%+KJ{{S76Z}?6Mo@Q92+w z1WkFWZKw5w96&W{d~%2mU=dmQzLDOyydc6$Ku1f!&ZS+Z*@(U3TUjXuL1ek>00<6f8*mF!kOHDjoj>|Dsok>w5`$y_G z{k%FqlgWQ!w_;HKP5-rx0YyCfx=GcK;bE~Pj0wm$Q-t?&2L>R_AD@}Y+nC>EuM9H^ zmo?tMK+u_9yvELClGoYa0}5tY*2M^5#~(Ne{G&;o%-xYHm8+@j@ToNH5_kB>QR188 zSCaw8;3MMoHg(h3(i8(^C!tiVnr?*Sy3}<+P|14m-SKlPNtWgt8-Uw(0ib@-gc@@a zCJuPSI2`OMHJoF4TsRU==y#XY5$VX4Nu&+1j+mh@R!RH^H!0Yj95(1~M?EYn{>V?9 zbLzcutSyG|S|@!>ks*Qje#ZEAE5DO{Wb8q@`KuAg1P2S$C1Fk8W7@!M0{@e`Kr`>< z4ZF-Cp8mD1<^5^|+J9QfOk{T!@9Z@^tG^ifAHl^tlb0QX&xp>?mwBtYpYHUd$EWYZ zimkjZ`WVOZv*(Pl^_T)3-^|~kS&9A4ttwk2esO1|1y01mH8I3jkJ8}M$f*eNp2*$A zjl7a~W|B}f83=@CRGI+Rl`m01LmMYW_Iy|0fJJ0QUrkFjOUJc8jdf$d>FbhD8eo-; zEU=NuQ^hp{b@ET{ge47{rMuPsxn3^}Lu5_A)zMCCux z5bA*W<~N*;J=MvnPG2OFP=e#RLn$24bf`6?-(p{HT3e zD^|XWL~WujJ}}1lqbW@5kjuM3Yj?-14>x9>GGD#uwJ+7<=?6k1?{kV9aMq?hOOc^zyYR|Lq06ZZ`~X#!R8*5y}!{3GjSnsoF62rKB-9D(Y!2eB8^ zaW$!0?&&+;YMZ}FBOd8-vz&Pv{R`gv99B_#GCxLi!&+7h%-+?%uKqB$SYV`KKKamd zD{2rXZ7}r|f7|)yf{I|ZUI?YWEO3)*-a?`hJ+7Xa5BJa(?04W-+3cO=8Ng%P5>;lD zldAZI4(lDPrA+btFtwAz>XK@)c+eQkLPkVrovXVs!n3ZHZ_|az=4-OIIZlO>&7JDZ zOTd_4^qnx@8@Jge)}kNDA7WOE$acad176rSp(kF+ZXDU9EX{VtV9cS(vvh4r_!{cAyI{i(ATd>mqg2FrJSU?b z^)8(Jx7BDx{SkkZ>7=y(8#{F`C%>TisT*(rTG5gAa`>4W!KjT8Q+36H(9>dRcMzgg z2j}orZ+See)^hQBTPOzz^NQ|mq7$jL9XT2>NdI&8vfj#p`*~%kk)MCjKF2p1U{AQR zNnuOuCHwi@aS)PfV?|zZ^j`tBALrnrB5Js~gPnI&<3c}VuOeD+U2}JD`$~FXI7H)a z)sA{8VkWkP{q*Yrwx53n+Trm#ZAO^lm;V^+h*T4dU@I1%0j{?Z&g$E#dmJ<5K#~s- zW2jgy`H4*tOpJqX&cxw9+7e)l4{~dbun=>E>jO%Z@Xha5|6nWcAq8I1rsn4KozGlsH;;V71cEJK=4+oS`y+^vE* zVOB|IqVTulNgJsug;m}G_xTE|6=cAWy%fu+_r|(fVG39TYLXu{xV^rtCv3n9rAbuC z;g5La9FFPW{|~M^I?`bJIA=23ci~P1fbw18$`$W#Hit|UvNm0q8(lsW$A_P|bcvKw z;`f?sZc3$@SlxKx+yCMJqM$dY&L7(=17Z-ZOgFx2V6c)(1IX#<2(ajUJfWKa-C?Tj z-KYvn*mLanVsPYY;hHO-T!gYRlp#i#nJi)AIivq{{Q`cmefI2PYpEFQFZmLvC#R{3k2Sy?5r9 zCv`cl4SM#s)>$%wm;9a;@0aVd!CvG9X4Po%0_{K12jwl3nIUUdmu$4L^1=e&nYMd7 zLo~`g1z#iwetc}00+7Kt71Gn+0eS1hDk<^Lcd7t^22Ji+8C#9V3xk`K#J3IVM{B{0 zp!LEaQlN=7+jRHt4^#oweZETYsi#J|EF^1n)4qqy{{f=gP<@q&d`0$E#dmolNm!Mm zP!vgUtbc5Dg%zq4-5P2mhkl_;F67tg@yoHmMoQwb#MqojlN)Mcd{qR_dyUGu?qKC% zLQfCP?cssa+eK;Qy@ut0V!W zCS}(aF)Y?aI-iE4LM73=jkP>5FF~iT%*}w85NT@iLfgViUs#mNLZ*8?frL;@q;j>v z^VUq2{pAA_lU@RIt=YSE3u%U;A`~7>A5@evzo|jf=LB1lGu#j56))he`G*DS#Mh|k zYsDad4|+mbN}{`>&%7b|HR^7;>usXvn#q$Nz&Vx*v{s*({7tn32(O3wQVYmjUN(3{ zf@tT))pS?8wg%)Qi}b|pi7&QeFxbCdABqK_{*DsAI49I*7m8lS`Ep+R#32HO z&xS?H(P7D`OqIgrO5?k&geYHZlkCevsyFC?M8p=T*RnPDrs^sO45jUUncil#^D;Or zB*5MYuui)qWXDi0pz_LE2*k8j9rGVy@+;*~aqs=U)==BtMkHppY02j@8FZC3^a-dK zYqwhzl{Xpw!?FfAZ7C^TNiO~TqN`Qf%5}q-egU$DD792I~eBWm>dQWtdm&e9Eo0r4{I=ldQ0_thgE zVEKlhx?#I!PqjpXul9wvHtjDJIInsNQeZTU&WbeL*l6jZb=n!jG@uk@hLOXGt4()Mj(Al*rSQqAUf0yeo%ZA(Iz+(PJ zQ=n#*cZmfODl-dp>jhym$VSCA4W<23!h|(V-hIzC$VA}$$9fi3xu+NV=IF8})fa;F zmiIg$ihq5jK_^(c3&o)nG!4yd=mIt|-d9Ad;Wb7U1&6WH{((Ykd96!lUB%>KXvYF{ zR_YV}JEL%n-;M#4Pr4Dcb1w1N6wprJcK~RNhq>Pgt!qetP9$bAju%uDBUv zR0moK(p`3P&c=S9ebz6=pt*L`N)9Ak?s?PPKcqt_p&#mvDeJ}A5pv4A!tlG)CKt($ z>?d(CMP?xM-ha!A*Mi`krRr_kcYkAKX_`oj=TRegq4X8pXmv(n9tPQKrbw2j3+^rX zbI+U3PT$gO)lAS}%-;7&0S`t&58%OXKE!o>R3IINzI1xD(o8Uj5|$$s!#O+*G9RzJGv82VSG#3} zt$%nA-`dnx8TwqsoSUx;>M>TO!~zHfQu7#HEc8LGH>3kfMS$EAE@oKE{tAqoWS2_} zQ)S*ACQGT!364kCzAi}B-@o51Ts9v$<`#X^A11Zuy3a>h)P_5; zIn+7d)&hpH^FWa3EcKJS3e)xPD2G2mkQ}(vY}B~QK{Ssnd-gbVpJt9Vpbj{mb@hGJ z$q?=}J=w0^>|~+)*aQ@(#>uBg`T9L;JNwYGd7n54J+8fO=Gg^$@K-gaYeH^6O zLUCy~O7=F=yBA6$k?+1j+-7`?R?WOHpf<+zV|WhE zyzozBN#9YyJPTGKGS=mOCeGHVO~4(Azu|(SKyvb$(w-8(QUHrna7}=j=?^)oS}ney zTlN#RYKB4w47AhcxiwQ4EiLixs$`{)b%MebHB}mMJR-E|kr-7Z$CC6+0A6lYk6nLS zksLidN8@#igK(}6s77Y3ZH@jGoEAnKHj#8B=Z0Nu ze21o8Hj;z*2dV$@8e{}bt9`CV$o`yds%G+LnYCWJ+b{u&=%|(;6g3||$ma_V6D^%R z()i@_W6-nRi`C-R0vuLKm_l9Ul69Rf)TwN?T=sp>3ETeBMh;78(v z;~Bv$uGd#<_`KM(8k(pJn*>S+_(R_mwO@NwcaE87zv#~sU>wiW1UDTX+kbV0dgzC{NMmUYOm10Xt2ZS@e z=u@eSrCUjuMf`=VJ;%iOr=-jsx24?H| z^NzFgBDXfjIasYUIBa0d+Ngch#SLis?F3AaupMoMer*w$l%1N zvPQcyx1-J`fZR~LxNg$@AB|XFTz3}_>vM6of%nf$XK|T2J9Y2yD*b-l-1gVfbQuN{ zv3lsIO78{gAI|xV#q`6Z5ySZ7-puG386vY3p+Z7+%Z#!V9e*QbDZ*^ks{HZ0p(ejE zNYt5NXy3y-P`~ZC3VZP?KkWq4dk_w{g5@rq&!2cC-gsl7{QK^#TtglWH4pc z;Yb(j*MYaGW$K#B3I@oPQvxEUMm=IN^CgLcO0&664chEj#2vf!W-ILG*3YdmFf=fwN4ul9@&yVYP z>M|qyo1_sT={;JmDS7j$VOdGM5dQgaTQ&Unl#q&5eHinA)#~&FF{DH`my7SFy!VmC5rrA|m1*32VZg6Ozj?D5h@2uV;iScgMe5X`r=cK>Ax6@# zH1myDO6cQ=r5)G52&SWme;c2H$9HfX_E=|>*ltb~*}F{sg~yu4d63|*elXl3o&3&= z(BN=!XlBJo8tT;e`N%0k7ij=cX^064Tp1DVtK!kvtz**dZuGNh*3xCm-AO@ zn5&Ry=V)^B=jJ9ZOfv zF2v{16s;FsvCoNw9n1TIWseO@8;|S7_9S<=6IadKhZb=zHS12I}*QZyK3C1Dj0ql>a2GKho$ntmgfQcUXQG$Q+%m!P~pa zwNeGoh{rot{>y9{#XfaLd4o0io)@XHwI}Ik{a?c!0MW(cxa?s)9bQN0JEKj=W z8OPrfx_7WyY`@_&`R)dK;Mj61! z2FU_@K_j?sn~m6TD*cU2TESElI7*6D7=2c@x7Nu1`6zyjA0X~uvG0#VP`s?C8rc`1 zCeSZx3A;Lgr2X%9#%Ekx0Kp)kk1c(btts#7`HBxGSvkX~7`AxQc8^5a@)9-37RD&^ zWFNx{J!Q)VxzWB_VlPFu(;{b(PiT8(UGH$7KU7Sq4{98&$+O+>a=^ju9iIwMmhE5w zWN`jsevF0ZGL{7OqsO2BhRcBYvC9(Y(_c8~_eMkzg7W3tQc#itp=GCCR(_VwUwxk$ z+&JkjnMq<)n032eX^0j$jJGHi^|sOkE-sgdpR^u-|A4{q8i+wdofQg5EO0)DWocO5x_J!JxB|A@@0;eU})u02+20^*h~T%_OT_fjprpKO z)LSymPJ@gTNC&vC8$O9+-0$Z;iLT_Zxd>~buI~zRs342=ReUYcDs=73QXSooTK-i7 z$}>&geVWYN lR|8sxY^i1f+2xob*5?I>?U`kx69Q*-=QB;If(n>l)@Gr*G<;SR zVdTDW=$33AW=ZH6OmXAkH>+v^_s>tlfF_-N|M{K-({W}WL%`kU-vSd5v7UNgqt#0a z0_&;c4vta=2H2*iY+b?gD60AL9vJ?yKD+WNIfWiuz&jq*Q#nlZI4OvbIpG%!E;xA! zVyge9%Hzy`5ro*glIl^!uHiWW^L7Ek#Hc>RY*=Wbtb%(ciYNKn3RZUb#{>Fp$`kvd zVdY)>O#`tAolb67&3m@H9Rz<=oU>j%?&{<^b7&Hsx~YF_->cwo7JW)>^0o(z=sSY! z@7tq)Wz9ct@}HoLz4I94^r^7#g~D~$f&091thBVo0LXd6IW8t14UBBhU-fK~9sFTW zU^cSo-E?|q`_}zfr8ughvyai6Vz{56@T4R8IAB75GGfh=caRB|rPuBJJ@ftm|D1cQ z(X_J40}1sAfiYJ}Ctf3z*YZYjYzx4OfLk|5{j@3}jEHwmj_ASd?GBiHHBw}){?p9N zUD620A*5n?OENk(EM0$kB{Aji=^nAuqjx^h)B=^fxW8a34q1Ke77SC$LN9|bX1U0M zWleYOb3p3WUfI{0_Bgm*p2)%((~|zt@pHeuePrB66cGql2q{5yBroDtTH8jmZtE`XJ8=2dAhpp^VKzy8l!XG*%T?YS*XDze) z$NJy=XgPwm{|(3HQi@d<5PYe0<9+I;x0S9%XIEqNLL6u4g0A<$V!F^!5bpXUrQY8& zPPR=DR8k(>)mjwWCJVBlv_pKxtiQf_4Y)!COpa{Tqr?vEL20686VQY;JQ-I7~H-|?`&a$}S+pC%U zd6;#5eSUV-Scpw1rcO}l`U{pqJ?_S+K#Y159aqbg0GNk>h0C5rLeq3HDK^v>{8e;; zJDqyBAZ{H*1?0WlS8bD21D2*^*roQ(lqFZW0&U_f^i(dC)PF{l9|y*BoNJs8B0PjY z-C%5c{kZ)h#4YdqcV49+#f%U z&V!${ukan!#JAqA4lX--BTczDL^1{Lz;3CQeU~#1eK_dZu#UuGyipZqM=hP$jqM+W z{mw5e zR8jrY?qRaAO>>B!V$3c4)qlat;v9{wncalMk|A#5#h>^6a!)3y`38ujV@>0blaN>K zLdNb<3kIl~^X#}(W|MlO#hlrp$lYnrRm?Qb=Mjnv96P_R7pE_##` z6DYgrfh=(52?Q-t0bGO`hBmBjkAs#MbkmFESOf1nF(PdKv1mD24i%yaae7XF0}A92 zsT@Gd|xGQ0K6U1`f*`!0`zYt69vn+#}O@mT`{`9TuE?;tcl|vDKUm*+3}% z^8zyt&E7M*dfI0ZOUSyRQ}qkEbXcj|?pC8mw%7R%ywT9(by3WoBP{_tiNc=&=i`wMeM!lN%Y&urt z2-lUrX|n;UK&<=4pRM_YwtcxY=VbE&k#NvYd=_Sm)QSWWwW+!7(MkO13-j1qh!CXa z{m_YQJ$GyUuZo?mcc+GVuRs9w6^J-))fAG{oyz)Se|l$uJRO}#d95_j6d*ZYIS~kFK%=$F{Pd9ojT0UAOAEmT+{&7k~FkMtT7_cCQFS!}_wmR!H ze>cX#r+6=c3!kHLy5Pa}SRzgd%)0q=;vgv%ABXhf*=2AI-Bc+|K_rvx^w3`B|m(8Vw41bi;EJ_dBRY? zY_UIm?5`vZY~p+xY z*OD`GYJ=CTKD3&)G{O7K^2$RD?_-E(k3EwT^)Hks5#OU)7arLzqrM3_8EyhT{X^jz z>a^6^8^GTpZD*3hnjJKJ_Y3 zrYre5GA3|+%DQzP(3w748;-vpt|!LMoNk}`+(>MNc9&xNdL_;bdv|wc)%}N?eT87tueAjnxZROwk-J zCTTodxZ{HQ0ZDrFqDNZ{UF0To6DBPP%%4W@#{f~0*Pz|cIbCgaER+)HSLVFBAftU! z&k9s0U4fdwlc3#-TP;se1@TWnNR?Kn|0t;@)+*N#qTw{D0R{w>akK9Aw72PH9Moek znUiXnfIwidJbwy7@p@$vI~9S`5pF~7y$AfmnE-{%y_9GnW8hwlcdToC2pBZ-pQqD& zUV6NLfDVgqRc43-4??cY$?_i8bP|oxHg6L?8w1hDLR*rc|MW*$E*`u*i>g%F7 z&|?c9XwpeAR+hk9=OQiaawkbe5Du^4{RYD$ z)6qw*DJEoSR1rWnW;O$-aT`KcNThE`U#(&u@Y8iqwRyY^<0}zHcY}_jVuhb3{m=_b ze>nRHjq!BM=&75S>%?^OzZ9`gxj*j@%9Yu+|FkQb%YjIU)AAvv27b@5T;haLC5?#f zFGIM^=4c@$>Eaa6Z{W+_?*)VcY=ZLt+d#rqbQtf^R}}1IN0UIMPS67V!&C+D%ka`q zSSbetMUT5$W67!Mb-#;Ft=az$T)?L&kShMyb#k@{kr2NnG(!VF8&lrYH37H|Y$zau zIy(O@RN<4qfD$!}UF7X?P2ZXr2S{Hus@Id;N+ZRH#HY$ElK=8}-Wv*K+QRa)y(8kU z<8>Y?&W}eMn7Ce9Yx~&IOZ6KS%!8ZEJvkg)Xb$)`K{cRXB1$FO+O8+95?^6x_>Xmkg?&RPmtNG2#qVL#^hV!y zZ5xcwQ^S4mMgn#eog$LWW&0z zo!aYoRQc~0_pz;i{njv^(g(lFSFp_5WuuD4bDJ@XUDWS9`%M zDNLnz?YcaF@~1?u(wKti*zXVG)W0IWXt`yuvf1lVku8yZWFi-PaSEt-hCfmVQ$+Hy94+uKcj+3r0Q_zqGRRUCjjLPpz^qjR>zllS^3x?}>Y2 zZ~1O!D=P=KY52nJcb0EpQ^39mGS0_uzfknPbSC~CS$&|CQ|P=z@Av5>shrsMwD*d# zW}GB?a&{T&03`2Q-JBZ4jwKq1I$VC@0fS0p>GFMPTGrxhZsh@@5+eWs89XSDph-HN z@MPmBEy7g9aKNFM4s4%cARo9?Lpz~sKuX`(P#}Bj{(z9C%w@yrVAS@33@0Sc0xc~J zEtCgY*pnTLM-X>@#xqMOK9hc8G2Z8MQ2+n~mFnpgqZu&@j_?HDQu}oA%|RVr-a9V( zk2XXO6?(U>dU4r4XC`8N0;(6u%U>9uGy%5*dORCVa(Ecu<`XaPyUBEqS+1`h;WTk% z%+To%Jv25(j~@US>r%f2|Aj2uGvO!hmn1Gje>+-!?GHo|d~gGfn0xLn|E}m8?uVqH zwm48;g|G+nqF&KEnJeXPD}eE1uB9XUprBmhTJiUjRSaExuLn>Z%0e{`^V5!mp^b@q z?MP)i;WF||AiuDlgtz;NhQ40OS!liA1diEOoD7i)ofwt-G6gu}KW)N3BGq*zm5qXs z&~`)8pq5L+{}eo)|JV0|ydO12TEFETOV8Q8Qi2?CPQ1zqe+9c8Y^$O0Ya9K3=je}T zd_mWf)Nx*cwLf4z!&dvTees;X2W`RBH2;EmzSR8no38qn5WMhgCQf6rL=R#)!r)7X zjOp}x^2*;1=LAu@YJ=T65-;Vo!0Qmc5;v97UC-3#{zd!FQ-#WG{NzQ_pTNk%&95M- zJx*R3h5s2U9mV7&OPq1sx=%TD5go+Gi@UZgMIYSZ7(^@Wc>u+8Hrf=@#77u&lsk3t z;PKKT2VTwb`775`21sZ@Eol%?ocr(hwmK%YfBVis=Hq-F`fFUw?vOjug#!0u%Mphp zV1?uM(+G2==)i-feF*9Jz`ZfS7q=?Fp?6ySiRpPI z+N+O*6yUIkNW)Y7=zf;pgd-4pzIbDwr0XAGCt8v|A}e3jaGo8L)`jl#(fw_BKBbd~ z!SS}QW!WV5_H%W{-7CzBtxrr6eK~ix+0OpTb`gJx@Uym}-|zSfyOl=^AC_D_!oBSu+%Q-^mlH3xI_;P!NoKN&093WAkc4+s8IK-MD)z@K4Tpxp8jw z)VYOY4*y*v;jbzu3LJ1gf{QAq+`o{JdS=}=d^&YuwiymGe@G}yM4Q54=%(22I|~f$ z^v(^7v8yz^!uRV2{j(tl95eTeor%o@a3xFZ=i=;ByNZAxG_^`KUK@Px#g7ezO8?YJic~+oyu~db3tgit%uBe<{-t zE|Gcnv(1Q_e^lp6aJaXfX!|oO+`hzs;yS(nTG=OMYZODp6lT^52GU8C24<5FxgT$d zQ4KEBcyAqG0M1$7z{{2Ga$a8E6(Y;&p2zv>lfs>0gB#8u7Eo_(20|pQ3DXtk{=gw5 zvjMN%Lh1{pGjK%_P_Aa3$D2nx;!VIhBdq*zeNbEOH6`JkLJ)Ty1^P4(YiZX8bsPK>W zBp9SfiSe4z>$Y}Jm9UE#RoI3@-mCu26(3b4|A-{|)Er#=NVC)PBv{!}h0Gaw+&fbe zu+gY(6Q*c!8exmuS_U(s25IuJ7GqMQbnz1+zj-6b3Fg8*3Sz>FQLym#3b%@t8W)5q zD2D4Eg3E{43s5*>lJTa^wng>cym9AE02I{onV>9d=P6aeJHi|Z5DbZX%91sutl7Fx zk4gS3Qx=w<&tF4Xzh|X|W*klbjA!ZaEPGvt1|Zc<4yO29`8GP6^}XN{-*l1qWYHUv98Dh{;CmwH zHYsG3#U>YRB4%PP7*AM8yYqR|yoc-bJJ}aJl`v<6KZFsjNG_2JWHt{jqAR~%hwF$- zkw-Y$Qc$CxuBm7&hl|i4ZR12n$F=oX?d`xE@cPxpxu2GfvoB^iHBTqoC#+Mmlxujo z430$BmDxJ}j?9^)&oJp+!y2R)2dF&U(g7SFfvqwMeJ4YIaB`vNO+F8&aP*=-edBKE z3RNE5wHlLQfy>|tyQqFJ3ut0cB*Vg|8h>+Fx3@=qyKTr8B5b8>>j6A{%tDyqJIMP* zZpt#p_P5fS*^fdPnxX0xgjSlOYsXZ!o-d7hiL7&qb!!Y~3S+6ti~} zhTWaI*dtDDU})#becSOy-CKbcg0Php_P|HK6 zYwU$_#5#U^CCJ=PMmK}+|12pMskOhLw47?7nTk$8r4l0W$}0ZJxGh4)(Gh}VS?pvs zP#gH538B4e2Ot3>%haFBVqoN%_bu03q>)WF>eT*hi)6y0Gg`yzJP4#)H4Wf6-vp3R zYfy-l@*-19A;7Nr%~(Q;ER;3yr0$(LHcwkt=Z5wEryd8Rhdn26$AwVokbR39swZ07 z#ONIuS=jdd{2ctf5Daa=*26S%jKuA0Y7S+~?`qzi%roBkpKF;PvY7DmmpfS--{08% z`NZ6~#&wcbNlSN}ne`z{`6bR6I(QsPg}9hzFEz86>tyUBLq=Ps59%Smo!Uz|Sc}>M ze1~^!*L-I`3~gMufp>w~WAy!Zxts3>5?h5(nGA<2po0RSo5B|P=rE8L8|VDKWBxEu z-Tr%|%Lf%!Z&f1P9?S|?9Sf8vnmF>4S#iNL#aky|8!J_+-F6fSR-|80F>2i?z@Y6{^XhLOmY~653Lhkwz@5 z`IX=?SJGX5esoCrZb0u{hDr$uPz(4vZ>4P#2VMC)P#H;srr&V4TEIGq+eZ-WPp%O!38B$+(6V^lX3Ym|xm z?+2MZ?*on4`?8hLhcj9#&G6ngQ5jvyaH`OV)y&s$lP-3Iia5@+2TG}gtc?X|Zg;0g`Wjjn zAiqly?3a#piLhFrQYqxTMAqX)_BJ`d&aQK@q^TG}7GFa75_C=fId=wVQak!~2Q(y| z;0&~QBVF2Abd}?wrbNcPUb#D!=vjE(0EDoq)v67iGtJ;IGfzlM9l-A|D@kC_n@j3V)y9j3ZuzgKJ-nHQ08(bzCP(9-KdvNMqCuDO$v15n`XWazj#tmroePF}zZTnKJ)uwwwqT6y|6eJj?fxg1V2|5iU% zKduEC;KedN|5+}EjNp1u`H(7V5|QzOky#U88kDe1T={fJ*+iyDyetD8-cNqOSmhTM z>YJ8w?x@+4N}>&I(LH;%04`7>U^}~Nm`&a{(fIxxW}(Uhpk9I-ct{-DTD^)(uP=!26G$=ItdN(N8l zpf$e6&7{vyoWfx#DR7|jlYk3DTN(eCue&9mBAVM(Z)aEabW)9w z^)X=J)36qLZMzI;<%ghh*Of#Ki&|(#_*51La%FtS8ytMYWdNQoRP4K2+R(l|)(7!a z1Iyt9Hl-sTZa;hUe=L0kLzK_kwMa=fNF&|d-Q6JF-7MWLB`w_z5=+O@t~5wWw{#=j z^4`Dy`+R|&ow={M@|-gYnx*(TA@*kp4KrxYXz#>*cFgt{V^XB2goT%vguf$35W}1! z2!+SppZmP4PpYSXpcD5zyP{K%3y+1i(6bj`_!~8gb>ajAvEQ*k!&XCm%A*^K9@fV5 zV20&dvprDy3wUn1%f?aNad2VFsWN+W_QTCP;b?(q*?3E9rphfr)z_VmF{_^dmF%5= z=vc-9{O$Bv$>{j-HlBlC<6cxRye!BD;BE?i>X9~tm*)Br-vX*!RUoMI36^xF_!U?P za>TRbg$Fbf@NmFydw+n>jN$JKpDqbSNrPeUblcJW@u%HUW7@*HtW8SY8SUTXdKu}i z=xWLi#oF4lSr8hK4BDa|tjtS^u0#rYlL{>qZ&k3xeVG`H#D@>u{ljoA@M8f2{D)&l zX4F}4j&`2!x?s!-xR6?V!HUxsQ6C5y)KX@B!O*Mo%62w=z zwZSHw&OU%;hU^s^X8NbWOdjUq4E05K;~^+~>V_ zlUu?v@>D~OtV;;N+|_+&rZKIhwc64^&u+=_m$Qy0E?iONaphqu)v2rT0qL9#=f6ef zMY#e0A&R@>__wT;*I2#wZqunCA5l&KwK5FI=XpKKc@0M#n(?HGk#W5eZSw%WKaNB& ze6dWJ%(Ms@sU{*$a4tSP+6%EExv<>WjTibQH>H>j;2Rvyq%7~MmJp}M*GZgOS1QhI z>UI483fJu=d$@q`C#`@pUoGM#9(`JfEIUkBy4+v-6GHZO^+ia04ZC=Y2x~_d(*ReG z7Gu#1YruZ(ZK;{wt|eL9q1!0*M` z05|Qgny|^VhGS|XO2=D#%*Fx*&28_wR4G`Zc8w~U20j2IMSyG0I)$=;U^tN}FY@@!|+Q1)7Eq)tv7Yq<;N_$qrKXqH3n#u)Ngf7!30Ja- zo(EamKip=&7q;${+jvG~bAM$Ywa0`>9TW*r<`;)MIvinn@=CzXW9yP%wEQ{(qI!{7 z-F3W}z=u8n4oQ?R6BgOJy41-~C3Den4)c$k!raEO$Z*`5XNhRw*!2BL2kO6_B5Mqy zs=LD@;eMw=uOvYfTh2CTv_wz!gHSHa^{=(ASp89OnU;cooY;=d-wzm@?=&4TL;C&- zs=TX}fi|@Op71xJZa~S|U&99a@9g8k=08V+My$o`knhzn|1-3i{~4Nh&-)(1HU8yf=g;S=U zotgY#7UU(XKhX(zmCGw(j?j`K=@7EY*bvy0ed39)Awvn1S2Q%sL}|nYFy0R2M9ydy zg&lpCk6dlW#Bq{d!&k>H!T}_~KDniKL;&tM&5)gcQqM3#UsI{EAi;g4IKxE>y%baJ zSORgox4~_h8{a4<<_gCEm%qaCQ}y!~NW%YiH*>|W-$c*vPg43qmAL=Lf&HJouRBy} zIiWdhJiv4d(P{nU!E;h=za&oI5Q(6hP(LWW@CIz&69{@lC>`vRqrWUWF|`nwLZC@ za|=Z+k|H_|Ej%&vA_tO%3lFgEXw+>G zR=yIABs>?72EH~=3&eI+MyXBVf_kDmq5qRhmt1^BYKheSD$*k^e6n+N7ghC;(KfMd zpVu5(BHm8qFj}%z9MDk%x{g@uQv{Y5Z@+Q^77uy>EA#`nrC zz)s^Gf+|1H=vSs$TcQ*6sFe87ZO&J#q`4@PFxRdGe#v41UXzXr_0(@MA^Y8i= z_cO7y#ix^PVIfXv2KOLW{a&fRFO~1g5DZ3_c;{a^H57S(*5Xv2xcBY?&2&3wVrk{i0#pia#2TuE_7T|9b1%{4kY=ly1*0N~kOej+e zmM|2#=vX@=Y|U@vOX9|aZ!crTH6l7Toi4)qnh_=C)M`?Z#0J(Q{+ zpy#0LBf8j3aH}yi;S32r6IB(IrV}3UL7GCv@0UId*IG&FJwPP;onk5ih)RLl8fJN<@mR%pLCp@G~@dm^FxN}kX#!= z;FMLL`!Nze=CmV>^=1(=hon4cIr>%-ssc-~Z8wytl%LMF!-7m7{}Ag(f;a!12^WukNr|)CmAA)o zNl~~Z=W?A4G$oBBSgA!Ow4+MS!^8i3SBMVFr?(#?Xs2# z5R~}Ok%7Cuk^{kZavhJyrRe|`e#*G{|aW0 zF*avwgG1}MaQsAJ_%;^gb1DKh*R(bSal_xo-Lew}+yza_Thj{^IyHtV8XoH85NhN2BQwegh6zzi5OdFW+dt+bnJ5(Rcp9-7 zF@r6~C46;$o^)(;{d_k?*;Rwx_Pt(u#MIK~G$Ekl`6wPM0+d-f$^b3vP}Il}Hp`#A zhv>i8(*NvANvZ;I*Q@jX&Y{1W8v>Rvs*a5w%Kr~1dI&=j0=k-*EXj_yahx9T@^xCp zU8JJSTP6t?iv38+z4}v?ep`iSM4Uc+FRmhY%fKzWagvix=C?j>?db`(t*oFMmYam? zM$YO3*;iq}nEtqtylbb|D{fo$yl$lHs_zu;n6;}VeJfIz5a#PT$DX~aEYp!|08YM%CL&sa%u3NxxrqGy^w@U`FVCX zK5rh%tM5Ic2YEs$xI{U+FKJ=yxPJ_)|0e|;v)@sJqXvj|5U8cw5ZEjEOw*&LG~R69 z2`H%zd;9_79ZyuOHIP7pLt3ZTnaYT=l#9A#x&&7A58Q+o#R!0C9mkSX2~Bu4N{Uv$ z%8U$m9P0y{aQDF7bH;qse293pIATUdMyOP(g*o)BsJc3}3)s62dcG5h%b52iL0oI5 z*RvYbv-m5#H}$;@0UhV^#2Ibn7_Czg$m?QA+?hi{GROM#MvUTtQ}@LmUZ4hYDtDST z@GS`!?q_S}9;{T0gRW#&|0S-gw4NRRBMyH5rH}AeY)Tsm~nr~XmFd|L(2e2@y z@7!wb?)B0uK_dEFgSLChT|JOsd2&u!i2^wA1ngdfL>$S=%Il1H=&Tl<<@I|F&?SDn zIw+wmb<5;EmIS5RQa*o9Z9>;I10f#gw|{h52Ssd9In_cx=gnSS)0k%XMZkynU(F;6 zPn4L|t=s%wB}(R7OEjG_RmTR__XV4eYP4sp>M_0c*Uz6!niYP2llO<>1)RzNke>Ws zDNYqr{y+y@u$;^7l!PCMW-*ou^bi}XrY)0w>eze+G~=^$c~^~ThKP9X?6sEV7hWgz zCjRc0i|opsOWvrYxHx=x^qhp@g{{gpYZ}cqDd7Fj+g{N}IVF`-tRQkSZ{E`3!esgz z&zW)Z|8_2t^vRVCi1yz&_slCYUiZX0$dKK>05ZY|C@z`9pWe%Fi3E(6-{8YX!iF&s zTSalYlVmuKr>cCu$~H)?@3PZSU)nVP+yhi{i^SMyhrbQIxs(HY|0XJAikT2u`>kEA z$pT=#$ucG|os=+yK$XC&7bYcgL)RTmQCFc~22FfmdHDCZIH z{!m?BNgEE%=;M-bl0m8^WL-7HOKN5F0XO3JAa-ZzBV@37LgYDDIgdXOMx+ATGM!QikKk?O%4j{|Jqp zEUCh%6<(Yj65Vi*d=A6>VhkNzp4N9mf#>@U@uWP&5wafDO1+4}hgTqR3BFH1(~K;Y zF>V_aWexaX;qbd;>++eQ{5LZ)Z(Z0gJ9+@SiEW$*da61%{UXX1)IOqipfm^&bTzlf zHo)DCDw8@yZn_}L1Ai?PY@j<;K7Sf}p3-uvDX_VFYvo=-6m8Re)I*iXdT@nPJ5KNjVcvv(SCV>&1|$Y5K#tftv6m z1k28m!d2I0c`$8_yLBYpqId4)k|_fI{@vM8zHH}*Iw4w#H|l_t+*$KpLH=Jiiw%3Q zb;X;00du2P5i()I<_?(uEoG}#nWhZ5rv-xGfI4-<2x9`JMPu>hXTF1mUD3YV>48j? zA5>eIZfyu(1w>XI&-L#6Dc<3FTuVFBhK~!+5Fooy2%uAXGX&c9Q0Olow^-TeX&Zj| z2I-ULc}J&*JCYsptrr+E?YGnWx)Yac=g2^ZEEW@8k(znF3n+BbpD9p5b=Lir!8gXH z-p1pAZ!E2%lxvNA9Bc_3p0GqYKO3;4fI8a@GUKjM%;HgcGIUF}$?;I>P8eM@D+u&W zKMMX-(Jdy0bD;QzmbtyGIbr-8z&Cd^k66zd;zIoJWs|`Y%NNNbx%eurJP-d|>=9-P zZHFS4iAL6)F|L0tGcH)Vkf0-OHW%&1+=4j8Xm% zCf6$(nqOrk1TwJn4S-%po}_-)1Td$;H)sTyN0^2YbTjaTG(i1Ym)aCboV>2(RJ&(~>haC2&%x^55h!x6 zFr@AkL!u2~3>!hotx$Nbl|AM?(mBF4OackuJ(0>H4b@qscTv0TABEM}tf}eCoZ^rq z4qf@yRSRXCJIwtwr+_nS8>i2m$Ol*fP)oyzo=W+hJ@&eio|mg^P3m_{DB@wBd>fTQ zK{M9HPw~6Jz3T`Rjmb8!?r;plln!XgWhaGimtzQ3wJO>m)sn^qzOhtm$F(^ap0&W00(&{TY%khX|iFUNx49hbkSw7{juQJn}~)!?-SF7 zPnX!C>v+@Xig>yf#3Xi;ImrpFdiM;rc7twV0h44koOlOoO$n}o8wGw5|D6Vx*?c{P zPi@o8yvepTUx&E<_lDr1QJ#GfjZ)H6Ak|Z8&{}4mw}KXL@sE8aY60-{Ku2YK7`xpu zfj_FRf?CmAOpEsD41Tt)s(hrQCjxkG`uE=6OY?K?nNI*uK!SD?#zO zZw<$~$<4}s`tIexWA)x3&7MFHPG50u|EO-VAy5WiqBqM6L#ha{uoNA@E?J4|j{h^T zU^c8jbC{j^X3{h8-hcniC@*QwREIdq#!1@VOJ+roFD41hMS>XxNvWs9;{dvy`i z61bX);py^FJfUMbyr%#9$N( zJB5J}{d>D#+Ig;Y4@@x!=j=MC*M(nMQ7@W_#4K@aA214AE+Nc8F(&bg@{|e zPe4FuwxhlRa&my185mM9j_E+EpU$!o>aLbn>ib>8>wsS{D)zg|F!VOgA9j@V2wRmF+&KRFM^!a<+R+ zqXjbI%`=u z!!+hjN18dD!Dwi{(;LS4zn#MG(jmmPA(Uf~gAlfaojLLmdx0&o!(G8}zX5si21AN>$1pykwZgX(ZTKJ<_(3h15!?75QYmk-&A zC@jXtGpqCe^w6c1pH30|Z>0%TX&fE6{n6wKgyWp1DoLgn^>KHfzBhVW9XR;wNvm>a zheSoHYyX4$tn+p+0Nbi`$n~~ELLrRkC~U<$b@nu2yFzZYSNG|2qN2_}zqV&W-f~y2 zkl~RKN0nCZTtxMkcnuj|9`$tW#eDJv*UDpFpahME#`XSp2C$t7ZHXxl6JU=7xD}a>%9?bz#;=(v)Vi?mWjuu44rmjR1~_KwwR2*p@N78T zfqWWos9&>T0p`YL>ZupMpU(1)@Hth)+SjCZU|*87NaqZgFj|j4$6)R6-~x5)FGt0_ zrm5=$T`s3?d=3U`7RZTqUb2afoH}CjK2?;2tkavG(%}0N@e0#y)PJP@(@$E_LD0u2AUd*w(`RVJ?0sf;p>IltXl2({IDB)c!!`*g$zNuebs zosdUBa^Vt(c5y<8PECN2S5MDE+ThbAnPU`m`liK-}`DL2vvua6&@&5CR z=)hGN5u28p{d%)7rvdgzqK0~v;%B6gzh77%HX{0TdGxz8NK?ldjdtnC@4-_&by>Gf zpENNDsM%=sT>i-PcKl(U-4O}}RlN*L_PWtn&-jbwm9Yb4&g8;}=IbkLJbL_Gs~~4? ze?6(SQ6|=jk|HU-&q@P^09PHL@4Jf$Fo6{2IW$|dyNYP5az_^)w@HEvjB=>%S9+pJ z0RW73&;1{L>+5D`lr@wr+yB1i{)cm&P&@mVfuHGnx2t#yO;(WpQLlyLN3m{L2Kt*eg#HnsYjlA~+_YhhuM7naYW*JPOundV z#+8}fS5K)1-gFi2%QGt&ce)Ty?zQZLmP|r^|Yu_NzKUeVgF)AV7Ut4w~zH`~{#F z23H0+2LZh>=Kyyz1NHgGYh+d<6m1>bEyX$#H^@%FqX!TRR|{H}P^<@eZWDx832^RI z|J$E3)|$~Y_ZY^NsotHSA=GR8hs>2dz^QSGIp$b5*b$xG$JhDy4*THS{gyXLg9JGH zf*IL~LrO_Z24HaCM?2nqJ;RMj;r2-4dKRY4-$J?e(O^1V)WDkdcq)L%wU<>^_PxkBc^}nkRco zz#)2mtaWi=EXuoKc!=a3T0f1el&FdSQO#d5#l_Bd69IG}6pqt|mG>EXvt{tRwpFPi z0l#|PBe$XrhUFU#Ei)iYxJD>N9Ajb%-hMDDoULhZosL157IqGRwt}5@go!aoWk83T zlb;A6-CZ~1$pXv@DNm0*Q9#f_M%Aa)0M{_W`w?S%I&FilJnJh0_zJdhBXR2K{c&QO zvtx4WjH0f#HVxpC(u-C<7ENcD%b>w8zK6jx3RPza^dP$bEHr`>sB@=uYg}U9Qvm1B z{FvE{Ot+C<_A1-YqC1E-M2)ao?JII&Zs%yn}{xLmXTF7WB1;sD>So#4r-WKBGO3;zavkYHmQDU^39lW)18- zl}F~P2k^iv2}Tujt_%SGwrO`s@3wrFzy|RQUbhW~5ORl8DI%0T1<+cpH z_)h}b-Dx9UFYU*|sR>bl-9~K}Iz=;T+xhEbjF^%p6yUn9o4XrU03nz~(4hhrK(#*< zM&gdcL_(JGr(jhQ3I@6W^@{|hr!2ghd-*8!Lk4HbeTa>K;uJ_Ikrf-cjxd`7(*Nmw zq+ir?$(8yrKV-!*qkR0{wlYu3^9)1R8tKs%v4k=9{ze72BqP{Sv^V=j_bkE%5P|q} z{3#Ro?L55MJ|{D$4_BmD%zoa{h-N~*oNPCXBJp6YpP8=5>l|sPXc84XlPf6!Wy`HE zD!p;x0d=;m6qv}YbOhpX$o=`p+LMt|qnkDCzpE=RE$Oa}0?kN`60qD^3(lDWFTWCJ zlO~Y0CS-t)(_{wv?8TJ18c}M2{Z>>hR|08=FF?WZOJSLY6%%0|d9Okux7B1h=eVz? zMeWmJAD*m_@6MDtpug=dG5syYP8z6{BmA}iLw}Fy_U%tEZNXEH8QBJDNTW%(;nHF- zGKiP(I{anaF4`{TZ>_QbSLw`-#U;^CQUxF!r;q{E+`}bZFrZU14e!iOj~!IKLYaTr z78B{G-i31**dw(H@tnpiKlsJRw9c>En!YsAa%{;e^N24OKF)suG>P7gM8@Dm^|zx$ zOzpdJKL>k1W1Qms49w_!Z3NAK_R~nAPs22O?~1!-slfdte{4SVs{yFX#3H~jiIInz z`qYNOYDvO>Bni~^Je(b`KF|azO$?21tUegKpQLPmBO}BM_cl_3hj;igN&u9f;_u+^ zX=3<46gwzY>pF;A)((Ge^XdxcM z8>w$#iIAH&3~XcCxRIKf6e#%I)14{+{de2OL`wVW1aHv3Xt*J$QNSfa;b&EVQBtK+ zk-~>&Hn`6qT}jVsbr1`P@q*@Z8UD9&?fo*_P^MVvtKAgh8@kRiwF${rw$OH!$D&s` z>C)(pg0##iXN`v7hQFhrutR6GX_Qsr%dSmk4mdGBl@Ub0-&@-$9& z@a&YB z#bNIb7;}z8@O7K?5hwJ3#3ETU0^p^xG z$?G-jPEoX$QJBKfy_!0=Vr?Duu@d!kwj%AFEPE3Qu!RBoh7@+h?(0CqL!9H{n&rw; z(kdsnCodGglB{NLI>jT)JaNl-cu*nTaQtYqAU<2d4&$XRMvdwk?(l8|4;^|2XYT;4Dj!q{+|=F zXM@N|N-J!OOyaH8)ml%ki9vDY?^7c}osfS)RC@6z$vN!dI$@Nr*E^JTN~m+kLR3Ay zruA`|xz_h6zbND`W*_W(WxI`k$raV7azu3)L+huQnls!oZ%swhCHbVR`IWpaU&}3* za2#Sdv0oPy7Z?6KcUdqW4kxXv7yuN{*xPh@1OovKDw@j1u-ZkX^QI(kl+$WCSeZ%N zO5T}rCQS9(NIfu}B^}SLRrr7OEm80~jF0sk9%%88`A>m>ts32ER8Tg@M`-ZwjE?<1RxDidw>oSC8o$|##WtJ)~iV0J1pv0 z#Yrv*4zD6sj;xx^4W@RiXgUt7?A1p2lY$nm;k4aNFXwH?i?Uq8PI9*0q0(r7aWnnl zrf59+v*3Vz5SBYeGv-7GAe$qi` zyyV?{wEF%|YhzfTssNvR3485OoxouSUHw4wesj#H$J=A34%vS!j`eA5ySd$j) z8b(e8)3h@J5zWeOz?PkZipaY???hSw+GA$qg?OybtVGMNJ~T2deGj;lz5BRxgQ_xJ z|4L7Ue%)19raqKA6bQ?SPCGRXdEyps4<);*!>-2%r|(_r3j^&EEM!*l!fRvJ0EB{( zvfyGL0rfD&rcY;YNE5?xWUeJE6&m@#6X)Dvdz4y% zZ5(B6c_iltCBL7M=LV~HG7AXPg%84b#g?qWnsrWjt&Vs>I@yb(MF{JPL%8LFzDfU{ zW7I(t0K7A4FEDc)8X+QLZ^EVS$KL*qgnj!USAMtKaZW?>@)m;qz1%4bW2L%-6=1{# z1@UDI+YN_&kN|h+cy_#uqs~DUb9XM+lStdjcKXTgys*jZwU9HSn=`>hxrBcO35&jH zsodzU#r4E+(eFq>dHSz#w1NAK9`jKFWP*WlM_N^QAf7Jwfqdk(m*J@6B{+p4j@I6A z4&ZTCAksu8r*|b0EnH?7ypKaTH(eU5J1glDIX&W@%lL+qHB%WFAT~+^v1Tsq{UKmD zk-6RUV;6-R3jXy0y2qE7I;sqH-s&=96E0Q``Fi;@C(8Vm!Q<_7CB0N1N;Hnov}bJu z5H~G6#AvW^Ukmk(#Q2%*MBf*%>mD2J9kw`hbL^*Bh6%Vju4M-8ztEkbeukOtV<43IoRvcD_n>tk03rZDMpm;txpIGuoQb@k*tm{WX?3QG~!A{)o{68OxmC0zP zDZbYUi;xLG=!w=TZ01{Rxsk{Xa07=fvs&M{$agF62yEqzYu+y}4W3vAcX;&%>a&^% z`PFl-Gp8znENQ-ncYQC+&31bNR#OuDgoo^csfUJL0*mOf+i4&aNLx@)&TF0Ouw@4& z?c-*UQ(aEP*LIVrA{nxCIFX7A53ljF?CL8be?FKk>-Rpi3qf(%Wm54LGu|fYmqp&xj+j%6~y8@r}N4Sn3(KGW?|O zCVkZ_EYH22&)lfTvobe(Bh(_0RdCU-BDn1~6^#$?`nGD}yNOFc<)KNA<5`QUEP!QOTq773w^_ZnlM8tUB)v*4Q%e1(ym`xo5S3W==C^b z-GKg;8$~U|lP<#153U`%XP8ez3}c}iQ3<40^qC9Sh*AQ3?OL32fS4+cJ%mu?a#l7I z?WX$=&Dovr<(_U~#$KD>eff9Gn9?zD})I121_BgnmmTz?3p1<6#oBxD+N$kLG0r!JciVP zxa~||1AGN{xCWfhaC80HYWoGDFs)A7poMO60TwkC1Hovbkig(KD4>pJ)ziZ@Q)3cv z*0I~M5Ox2fv(eJ!=iXUp0_S&C1TA1|sLq2GT?nK{`VTPjme4c!8Mj&!Pv?Ck)XA+d5oEc*jj<_-q z?j5G+0EfUJH)!qZTc27r1Y?3Vg~JW)do>=_On5>)p1`dP5VYbgY^3BZQ5dX3*ypz& z9$;o_Ug9IuLpaTkVt>=SH5f0EuOzQnng~@G2@t3IabjwX^fL;@d zzX{>;+XX*Q6I4}BenUyjbhAI`@LfCfQSkq*Xgt_6T#64u$6k|C?lq%@OvKas>7Z}| zF_V+rMy(VcYHZeYnjsqgd^gTd46|XF-7;@^JvE&%p^S}$1}F@ZdT+3HniR~Svy8{f zzhvg2lvGtKiX0f5I)4l-e2qq#Y5N)|?M=B+tz5M@9l(!EkZ)IC9@JU>qm&l}w7HvO zvw_SL5G#P4PaBha!KD;NMEBh9z;CnW;kuJ2fWEGpaQ{1F)^ML~J-Uc-rbj2{bfm?- zu2ND}e-@j-HH77Ek;cIQ>yA#j2Ve))>ZGsnMx-j+M+(8T|4h;?{${HphoacRd@M{z zHZw6ND-uVXg=$s2#o6Gm5vXgGyme(%{c6-qX9TBg4tITP`!G=ob06X)UC1qeDwxt5 zm70NTwBxYG)xYrWHqSgoe)DqUq4YF zPgn&e=n5pAbZjDi2_OG)EF%S_ndTeIvx{bkSHJ7Kr(9Xl0Czi>v1OKl$!PdW)Zvau zB0K=rK&l+GAX5wb4?w8)xVp}&F)}XmliDo`2d3BZv zK1Rerd_G(w1RXY_kI*yJ)QdpYsn(|^(-U!Is}2RHni0>Q%bW6$&nK=9U_dtWcqhkbx=5*BQ))c%xQt zl4pQoIDran734&a1$9YEAN+u+t0kbPWm4&TuSH}Y7)O_yn`%7ZFl}HMbS1sXrok;3 z#$EE34OwpH&B|K9881zXUckGY8;0oBD&*_AF!3of^99rDcudJwM#yHBdmDF0exl)6 zCaOw!YK&I-12k3%(+s-pqL5sybrY2mWI2jg@#RC)WN|lx9)!QGuFK{+2_x&!zOJ(3 zCMd9j4?PxE0U^Ww0`AGiJR!AX9vsS)l&0DR>I2XC^b40#fRW0`JId+JDZWn=X*@E| zWF@bl%!}r*s_?wD8{bz5U)qayF82g8k%(8LQ!P~IM{5u>mhOs~`d`&U@+D(Gs? zS|io=)$?aIVDPhx3q?4`+_64`6UX=rrRK(w-tyl^iSK1dW4vyukVML=m4l-*5P`JiykvyzgBr;88P&O?DhOvAPe?IF|Zz`-19AgPJ zbwgWr@p;Aa`gWs@kiFe3!!wG~rzm9@0izk6;$*EBn?8R;?UQMqq-~$ynXzhi=+&4x zsKPA9SY;lNrqx?QW8 zzSm;-&Q+V&<@URD{+9!Dnj-Dc|BM}AZ)GTu+SpKYYL1PySY}p0CIV1{YAh=W9j(7_BbGLOv8*ydqV8naWw|UH42AQ=n23?KIT|+2PWuvlyAsXtdMPI% zlu?+Dub#|9s;H{48x+x`o&X}MNeApcy%J@yL zcnrFn?Ta?vIPGfWO5McfRpjI)6y*4xvZG^N2nV8%tQ@Dwmf^rjhxhnrcGJ{8l^iu8 z5rU2Xkq|`KMu7LyJQZQ)sTAA3uv&B>d`=~&w3?L!(akszAhTu{eK_~SgbJvS^s4jz zMk0XGB*6d({GaD`>lo7qz+`x0a&hkaa^>&k?_gbl)gs4Mr4eD{3l8y#KE~$NT}XX4 zAlt*=*Qn7;GGsR_?*7RFtpe#-epdGwAUkq?kM z$dJ8zz^qYkZ`URg^MCMVU>y{Wm3sg4#$tvgRZ${jMkDOqx?~S!%4WG|!^17mmfMeF9DMn1Ry%HC+_@*>pthl z9K3w*q|uOjmkh4#kV#!Vo)e>&QAm%Q-Ns|au6oQp%qYIp*>Xl(kSDcvr*8VPHZ_*h z(rUER5|<5@XkE-^7tJR~`8^4yV&(ASPxVtvM>GNn)dCsD;kqcU(R*NMNHQ;dWc?L^ zvky^&WDzh1mfCV$ZcaNY8NNx}`RR-(@CEoYDywI_8D1Dq7d zwhs-Hm<(!c=e}S(HIKRHMle|N1EMWkR3e+Y+P2=(@=<7Nf91!S&rsf5>tTgCmX%?| zq*9qG=UAXtii^eaz(Ua|fBk7IIIP9Zp-rK(FUilArz~u1l1Jg#fe}(c_fHCX%Vqoi z3xYOCC=7Q*1!$%-a049gn!_g}cVlie)t#Yxz_!V@31Sjcjh`6ad*#~~)=W?CuV~=hHAspbVdhm5YjRwAt4h`r%w{X^}9tgd_J= zrVypBLq-C-d}Um=dp^r|>W4nPuw_K9TlJ=XiD6V>=n7F0>nzV@#rUZocxAv{#s2DF zRgTUX&Q9Uypp!oq=WNZCIAuXvHKV_)e+iyDacPll7Q&*yXUfn+JR$IzrQ*H#Mj60s z3qb{|8J%g+i4hulQA?8c%8wPVik{oY6_}2>{(nd1MLLkP)IpKh$gFsqNG@G96pFj(fS@|ce2KVak_)H6 zo)LA}SPkrq@rZW!r%vly%^>h$mcC8ti?sKM)agdrp_<^RvvRN~bB%VTv8IlUqJh|D zHIlb1WluRHn9@d{c(T^KXF2bRC0K18ADJ~y9dy(HPhe<ZF0`x}(9ko zbTCx)@l$vp{ylx&(+nKn!s_ZmqcWhXP(bK#SyH@p{3Codu~HhPM=WLvrj0&1qc;l{ zip~<`+#Q({%nIMF<)<1jta8l2g@L!u+4lH%`rR_oE`fZHr3LkDQkN7!m}@yx_E*)O ztZqH0X7=_47#J@x@;*-=N9iDQ0CmbJMf}5g7!HdGw+CFi--l~Xd^o-)_#*jf!1?%g zCprXx)eWZFxt2$GaMWo-%{peDM}Q$IOcT$?+IZRnxBKsUKx4YQvETv8jjxce4Z&HY z@p;BmGctO;zcw#>>)+(gT_ZrWP@dHUMF+!TW=AhABDHPxR-+o6-hVb$TzzmMQ-jTZ zL2p`@N$JPG#r_YE@rk_+q2tiL*5ixivkRvnfQ~l&hSAeBvMRd*bC>{zis#jSJ6&^w zZFc#7)AEYD(UxQ_3AO%~5iUeR$w?9(X8~2^iVXAp5V~`nl>W$f9G)T>>0;~7l~ft_ zYfsO*tJFC6L~zwrl`Xqh!*l!x<_AMqPXr&CXZc;5erE`>YMr5;BT8qmQ28H^~Eg0w`fHERaemT;v#X(>e{{-L z2PVq_RFRs4HdrUWYIUvu7fEkfdU1`&_q2k&b(Qr`87=e5t@Uu#k1Bg++T`jXY0kO5 z7VWM8L47OWKeA)HUKUO)$@pgd&3{}umQI2d&b`eMLmZ=ao`<`ZL_5OBtZjec8Xb9% zAwBt%aJ23J-v$(aZBmnd!2@L!IYv|9U_8m95!tV}X8GlmB}oP*HkW|dAyF`4s>kgW z7&9T7t`fD#>8Dl7QkFgjWWe-*!zR0nlpk$#My+l(&xe8-k1tE*ThAw|e<$kTTwZn% zQ)z)v7;cf_GiB)^M6@_^)UxN1^ch;B%M2G^;+vZyuk~@uuA(jDc`l*^Cx#-xttFN5 z0-L6er{WLG3ubAYX?efaTQz6Ym`{G8q&Xv|o!z$=`gPQp_eJ*RH~p5WWt`7h%aI^3 zGRT*LmSZ8;Mae)D){r%rqq(&ikPMFqciDllq-ul72E2IkS-wf;BVB7W~qtC`cSOT(V$Ho4@*1CM7 z+3bZA^lY2=Rq!i1M_9pkC3%67C|4Vz!JJY6;igNUi=755nWlnlOxa4_L2!9rsWGfj zu{C6%jPI6o14*w<*$5|&g}Fhk319X2ObE z$+g|=ph3YE(IhM6WTI^zT5jhj`4<>9Yq(_{iW6sL%mE5nkl3z5tWN-@IRKNsj->rQ z0X1l*)wjE+dDvgn&;NuwPmdI7#_s%?j$6Mb5**zC@bk{q4#>Mo0^HzHI5Vq;T!M*PO`is;~fvxz|TcsI;3ETj$)4v_L`q8s`en=RObu z^VKF=O}!HQLjZ=TO7cH&J(1$K#afs++z#WTJ{B#&0XN8;s?T689x|$Q;3vsHwOh0q z*D}Bv!k&Ixl`W|7Gqa;^vdcA``k_n9sJ9fW?PDWT#(7a(yZc}ODlOh>0*a?_p>Se- zM0IZBz%Sm^nLCeGD?Lt&C1%gqWBR)q&2x*ZP!Se{F|QT)RbX0crYaImh0Xib5^_DG!>!V2BDo zu?%E}SX`-m-s;El<+4SY2>Jm4s@DSDRjwCYwRgQO>gL)1BUAynqV15vr~Vv>T;m*z zW`N9d;JJ(3ke#D?cp=B?$U5O!RZ=JJ3DIhJ7u86(qhP8`6+5<(ELm4P{@Qy22iO?8 z@LaCn3#D?KeeZB5iA?`|dAFyh#z0u=WPocVm#sW`)M}KkY+@xK@4^LMx|aQmrV7}T{Z!eD(+_u#Y5UM8pKj=T z?_Q#5oC{3%5})n+$NmzrzjtDsou^vh)^eKv$JCd{Q}M<9+ueJGYY(Z5>{%j9ma=4D zLZP^5Q%SBtQAC!x6cGvuiBO2jlCd)tr4WT=$dE0$(uO3zbNlu@&+i|vmzgu?e$M%9 z@6R%4zTVed%<0m}fxmOPjbF%>Z7Z6;4Lxwm0U_ZvfbI}^BsCWN1ZU2u!!18Q`3E1~ zgR1lEMCy}UD*Z1$IvrQhKVqd0?8t?01B8$pSfTM~ZF5@V@`sWwp<-M24crTv&S)3> zz1#h=(fam}LLYEZUG(<{*@9jd_|qa$&7VItdw%@7Ba{Wl*tQw9C7t=MG4XaO59dg( zjJ44!QOW$=8>awXV)k&59aO8G<1+VmQ>_u&>?S@gEdY&vq>iL2Jzy11 zxjGF6XlL)OaN0ZS{!kJ5@orPlNc$_-xV{2nvsUhwZ}HV2hxyF&1nKmpWTAo5G=swg zaF}ae*Ra@&8TpLKb(tRJbq;Taj_#41dr~Dq;DCqcls2Q+!{Z>6lO9MxQd7yk56`D~ zAFy4#9w=lI5PGV(0Gw%Sv83Skd5rDsCaLj;n&BPHjKq?E;*fN35{>=sE$98l)XFnWSoE3t{n0uo|84@C*Y47mwCB&Fh_U!V zaGH=@W~YG_VFWQ9@jB90Fn0H&{^ZA!qciX6A?yHWdm7RHG&GdF$b{X3q?X)-^~X9`}Xvwt%Xq>!qRaTNlm zq`2O-V%UcF9+eApJ?PLGwEM!jh2#nu`|lbjUS@-+85CYGE;>Nv7JDu8=Nz~ao{2e( zkKTBnFQO28t}!j#@2eeOBHIU_bP!m^0YK5oFZNDtWVNK}_(UV<;RHtnXO%~Tv(Yd9 zDst<+uj!kK7A-sP9E{>#YRa?h5Ksp76OgIwBXYX6myB7+h(+)_Iw-HEOT9QZaO2Es zX`)A?ZxP!mr?KwsFTb1ID{tHJgK%)iO>^wgXYdY!dzMS2k;8D}neq!G9j#`oWscAf z$5Kg>TCOAHV__hQSsfex#v&*8E!Hq^Q`wbk9a+vlG{~}-OKeU$rBqz1(Y|p$G01e#jk? zI8=q*^&VLg?0%So^4gHZz8su9SuL5bf8TT8_WH41USqCWdhv3|UB^@Z7GcbxyZv1b z!SMjwSNDFt`?Y74*4$pGrvD;l)m^{t1WuhgN4+j}WNi7vMe}Zz>0~F7P_u-1a)Fsb zcd|`Eq3{To`n*|!ZCFQyoznA&*1!l(cj#!#nR1a$PXsYbr5fH#V}Aq+%$U-u(q`}I zvMy~LeJy2;be;45^~U=KAD4#Zcl8W|)trX;{KDRBdpmF_Rp*gme2(VZ)NfHJEXm0YGdeA~1I0S7+rm(E;}fp{BH#spH2EMS*Xy6|RF* z;Iu}8#2@kJ)#r5)sXZwd_@oka7WZk|2U^c5UQJGYzZI3fZnl-WjQ zFp<2*JR8V6ZOQhOF^P8ZUFP;li)R%aN)3CiZ>`#+z|LOF)mL!nbC1bHmQ$lvo5EwR zL~v42)#+i0>$cV!UZA$~tO+)PAKf_Bv+DN_9&VBAk8v5Oq>yL|4KW^4Ks-SwA3Ohc zH8$`bp{ekJN$<}6`;8XgUQO$a&|O{onen=S!fx&15!(ragF)2WzCG=2I#9=Q+U6$7 zS?Yi}Z{e8QBPB#`5d?j3Od_i=wsRd;e289Dp4^q-PrMSYnZ9z2?O8Wm(mt0ma^Cv7!mqU|Vq3(wooT$2M?Y~Mda^Uqk<-iaO z?8w`z$Vd!K8!rv`8M`ZX!(;>eRg1?)4D;T1JojlV$KYq4<1sI-TCNSnG^ADckL>2K zhXP>52WWT@zp5p-^p(xGJ1=Oyxx8Q)J{Y9Bwx zA;F73d94GjLtFdTu5VF?4eu?f<$u2)l#!K_y7VN{QwAJHc*qvIbM)N@A*&edfCNpD{_6)bpBWZTY)aqEgH0~Nq~8KwvIfC6YlI>@n|3U1AxoU zs)Xw8uR}#SchXawHnb6ded(;$e%IY;Z6`h=_bejy`|GT`e|8i;dahbRKOtJB4>D`u z?7!_1-W&uw3TNp0%b@kA702vfgx>$`)_QYq+JF+ck+NNb8Y%1LM5B+u=(xp zr-ASKR$+IX}m0iytlNTaYwQro9kP5Z@EnbN9 z2<_VULuSdLbz?D!vENnNtj%8DpJQoXnHVpp*c(Y3NZMXcMD^LNZ@e#bnFPPfYs}ek ze%dcFX2LX{O;^Cr540v6m^}~9SatZ;)u44g>f%8`EJC$pi@#gVqqTjI^lzD>cl!?d zY~a+*ss(pk+Ru*0$I zc}?H=9^NTkS{^wq;hSpf0PF|vAs;&q$fe7>@cz5BxV-w!pep2 z=%`=AnLA6(k6sF$llqU^I8&sn!(btns5@6zma9}>`n5hIyDZB?@~o}b$pGTc0hQ$@ z^QC&x(~?bsob2tdd8No>lb5b*KRj@@BVwrelY$7o>%^m0-@qSPu$f3U|SJ2A8`X%ksi#)sG9X5Q(X zGxTpi-tTdFvsq`~&}q!&nT4gHg-%eY#4m&B!QJv$QpOe&1;4kUcDP6V`f&el*jg*PV$DtEhgxg6U2@O(TEdX^1!krq@l-z%QyKj0jkyRyHZ zrWg=xH8b4h>F0Ltv<@14z54q`OPy1#+7V{k{4}b+$kxW5=UgAodGPM|yS-S`RQ9fQ zPwLqAZ+b)bBFsMw5gWV918i z8(})04VCuWYG*<&Vbw{eo=0ty&d^qzyQ>Nxj+AXw2yNP9R5o<8GrTr?*YbJ4>}f|{ zad^%i=_TBh5uz>#qdt4=kY}$>YxX>TNS%Hp9Q-Jza_Ig1u?MVuF@l^<(oZY7+@FD zf1#HEqw4C7%@Y}oiK{}Ti#E;RtnUH(QVmx@n*p9iEZAM(6UFv&G)wKG~9jq z$li1GlhuFj&&_bq2FDe!*s3(N=73nwo0u8WF7e;g*#x+TNzvLVK!i`uN z?pPn`FczZfgO0S7ln5RWPEMJQCTu6uj%&5Ga!{}~j*(-+8TZPzs|V!&X{}K|2$h$( zJ$airG|m`}xx*nxlCd$f^5Lylt8OT}Q1gxMv3F87Aux0xo2Fc=Mp;oP&F}jW#8&IK zU8Lg8Zb(?|gkB5@75{2THW44l5=~@STyBN^YBK8eVu|%7Uq&<1-uAmqzR75OsQkEV zneH3;b>k1`$8QY-ckXbVr${Iock|-cwP#BDwKkskeMoP*v;4$FRYG8wt$svHjY(;A zUz447^spAe&C=0C&n%U@BDC`>_Wk|wYJwf|((r7shKa5SsZ7yhKhfEn`2JMrlc@|^ z`>v!n42AeQTE%9tT{{k^YtNKV&2D{iJT!fSa_Ga$ok_(an>{3Rtamun6gB0v&Wpo- z!G`ySkCj~5)axh zu%F!RSZLBToC|EgD1G?a?M&4RrCpEiYqqT4>Aq3=*m~UWij;ER=KK$}icVzRUq5-n zR!Ue;tyoRi3h`_nqc+=~->-D!%YoRy46_$|f7;ouA-FAPjP?(;E`O zq{3dZ$K*(lGrjZ%H1UBUmo{yScOfK$$BAL##Dq(m!Q5uewT5Fm#5;?Zvy{cRO@oBrfZuepb3LINQ27Gi+5YF`57IVLFE^i! z@Y8FxgBwUXPQM;q*LKlll6cVb!SAPCx*HeRrH0;1biMn`m@K{s49e{oC{Bi#LX{ks z!CL&34xVt|UN;cfl_=NFxc7tPdQ&Bd%YG-A@J0*pa-`);zeKYirJ3A~*Ax39_}K8S z;WO=~(p^n8H9fu-#b>9qU=I>JXXOqzBz!aOtb#0?tX|v3LT4AoN>S}ml{ZM2UO!xJ zbj$PY%gP6=!14u73%&{6xn(FIdXjCUNDj|A;#~UW&K{#vl^$~v?w-Ew&ypZjdE-;Y z2yT+fNv@E}>902ASqe&U(7Bjj^r_yWXpf0+vMU3+Szy@qI@=-m9S@SfDk?`B?@_3g zXz5zHMWeSZ=v!itKpp*6Cb(KYHzD;*yjb!tfW z&4JgCUX1yCM&djlu*i|p+ExR&Gqq01u}@^ZGr3S4G@Ap`D6k-M}W%&1@J$%_RmjcheC6zd*4&Lm$_)6AqS?z2ptBo$5XBl zE^)MIb{+eg$jE44BTfr?g%umVfc<{c^pST1mv@-;z28a8)Vblcs6zI@9jc`Mydz{5 zq;bN2@ja;2YvbM*sPaBLq(1w|To;c@ZP2a!hwuM<=4QNd6m#@)vDBncl<(h^vKv2R zm|(=av-RQ1aE{+OmFz9yw1v^T-?jKWko)h1VHIN%+>k>dQm6(OL>XHXc8Su5ZyzhC z6-AvqbgK7Yx7ebfj?st=X8EmMkc%hLe#BODBe&?yhO5J} zVCpZe1rP^XBTc}MPwg>5ew;D|`@~Xt@0jDqT}Qp&{ZMYrDhlhocuA1+#bmrmvQuw za%%U=0mEo8$J7st^~?h_Ej7Qux|U}v%A+8R(vXVe{s84GkpE@4AH~%{3Kz;(eU+A z!xwr{R#k0F!2BH)kDZOHi!v-1DG5LJK-0ey`E;)5h;6C>!+sZk;SM{*R_agm9Vn^) z<_2RV5;h~WwLUdP)Js>8q3Yw6=CikD;9I5xyaD+7p?H6UEeM(COeiv>zPN$Y3f)r-+HSPl7m|{LG0lj4uUb!0)h;i6}#Ir z1@hP@u6^CKS}}&)$ag96=V~s8w{52ja?axO%6Ts(?y0BE&2jNgP&+(csQ3hiia%I& ztJX2!&NYsDdh+8LX<@j&8ZN?0;IgnnhLrL{9<6X@Bx~!GdA)U?q%qD!?Cu;|-0+8& zdR@^<@=u1gqgak+<3fncwCQMA^F36%`%{4bE91HE< z|0b2_=H_*}ya@`>`5wF0nk)2O1yOWLu}}*PYoAX2dQeoXSUfba;v;A2*PhQKtH-Kg zzw^IL5otF3y@`g#c0oqSHR#|hWv=tvo9`nV+xVtU`VK!2oO4b1VuCGy9C*<@d0k)Z z@b$=vvpFi~S>>@NdHj#tqkL~Cm>+j%!S&hkQ+q6t^M1I5x61zQXJVU-bf2t?>Dui4 zp_(vevg!P~>W98lrD>g2--q=98Rj~>?h^)=$A6U`G2>B;iHB6JvY>4Bpt^kowwi62wbR3)uR_%sWq z$nX!Lbefd+Np5tK1t)>sAgkb?UVh0+oDkLX^j-|v5~8t`&Wma*IZE8HX#EqW)Zx3Rt zu38a8?R~@E^DIe3DDb(M>XkN~<@c@Qk|RY$4@#CSl-unW42!1iTk;N8o8tVs_wz`@ ziMxx26nwDVRXZ5Pw{gD8i(u|I#JMuPbDv@bshmMh_OAD9Xi5 zRtgZ_OnlEI#Bjd&7+y$3-u=!PCUrk+G?s(sI0x|KQ9~N?Ky0 zc>~m@z$F%^b(o;5rSu0K`H?BAoPF~qtvgJwzlo6f@%sp>CNv5g?AsN|Dt|(0oWuHr z_QA8y8B_hm9GRi_?*|LhrWQB?O_AdiD&L|AL(Y3}W6AIA?$6v_GH`=S%dX^HsOOD3 z8Vm~>Z&_Jhu{$3vW0!K_6pdn2$Cw({DVS3lG(|S+nK~nWUC$crjgde>MjwOoySnsN zD@5|l>MMMHF!<4ZD0o;H*O9pO41Da86Fm!uY6l9_in`(@ z$h4n|yHVoCP*h6WJGSYQ+o6NI>msg^LgOofqRXKNuR~1)7)M59dixBm1SnP_3kyXz z476+I9=L6GuJ_5at&2OVfq$B#(YIn;gj!*OuEB?^5L>$ml3Oo&Bk%0-+gP(T-S5DJ zsU0$rJ_^jVQD$#T{w4mxeQaltsQDQRz47Z4a7NDfm_5>CVUBpH?p`$1k7UJ3X+gNM zmbNm9;HRUBj+~ao+LeRfe+qAf=gx0X-MMfyVa8bbJR1B<>2lMaX@3*EVu&5LVaG{9 zJ|2G}&uq0tXa~cp<7)fc@4+ueB|a4I-D{5UHU_7cM^9gc9=+rI(rW8zIQ2nLu8Mm` z$Eek1(-Rw{4&ARt7!)A5U3XFoy=jAQ*0;W+(gl`X*3(^+grY_{@*AZ@?(T!R`dT^;$2Y3G(Z#)aox;%t1IX`uexzyGOWk53;g*3dNxQmF_ESOgJeb zH;Eekf_P_b!Zpdn+ENEs#AfE3{=RtaB$;g~VUIsA$nkVN*n(sgZ@_I>@q{#YJVfgL z*xaYJ$7Et?>@(BCarA8X$GTVO+A(8vDk$>t(2>O$Bey_ha>Wineu)U}h9hb43zy?L zbbg)Hd_T($-Ihsd{wyf-lTM(>T{h;%0;1zsUX+#Igm{OPw_>*<37M3wEc+!UrCXPy?6@4q8q)7C(b0#Z!{$w?NLS~E`F*!#CzxANOx)$TcZ<&Gi zCyBYq53SjZSO6PjjSlhw`zqTf0Xm0*+lMHqq z9KrVMrzM9ptK*pY?EWhVYlpyTYl!i=V)kxM2E8P$YQ}x4_H#Z)v`}krV>M`v!dHSFy75pL3@vCJ1+;wD6j3l zvgVc_IrMyWLJ70x9e0Zh^^S$gqaY$hfaWr4ie#ITX{(Y-C~K?n-jXwh)Vg0=4%Yjm zr9j!gMHwr4oH*R zYf`9)`3{ziD`nJO7W)zPoYb1*cnaHE!rIk5D09p04+B%*Ee6f1%QmChY`CDY0_J`+ zl0*o#$=Hu9IdQN@UFL6=PEQdKVHoK&tKu`hq(x!IktdH&Wo`fUT+enB>H=pQJ-rG! z!#!wMz!XpBwv5VkNAMhH)iF)Y0<h!QsOD4fr7sEb!nN!$m2tchHr zLzypcCF6&L8AV?0v#M*D5Q*>hg89I{*?PSSYh*WBlu@-}MbM>PCxs3fjK+T|PkZT(!gFD+Y_Kisv(&^W zs3k!HX$^Q^*JX1JqF>;_JNGGLeuTKv6*EFD%ilpf-iZH2Qvq(4WW?Tbb?Ah$=)^5W{fcf7DuhQl|v8E+p|Zj|D{O_9-j zy&#-t$tgjD1uA~;juvFQjWRcKIz%?mUl45d>BtE5|@j1r^q(Tc= zqB=PJsgp%H5KtIj5;_md6fpnu1UFH8 zWU}S%#=C6Z|KG@+CV2AFrYBdGVpyVj!rU$sajqnJOk4QL+s-#mLW~y0f}nw-;r=qD{QL)J_-GSh%3j2-{PY#KvNr6T2t)nlr+`>7{!V zB;^FJy2VIW9$NVHFjj>wBQt2=(zkQ2S$T&def+rzLNRZo+|0g?HaYpTqGz94;`P*T zPfsYa1vLRauq4Qe6+?N&1QwP+3iiBD2Kx}XM`MqxF#@(@U0yFpnpCT6vcw8K>yLQ> zcxj&qEy!$?_Cxt9t~-uLL&O_WMF@Zzt-9lGVv=4K;k<1NS zLYWL_A&9YrHd2;puoyliO(nMbL{O)H)E>5UV>34l#~8w>9Ay+;(=u6Lg{cgfe5m!ia|Myg(F`xSl5yh)X^( z5CzkSf>@!hdA8Y|+fa@i>zl`l@V9Gdm@E0rjWOWkWp~ zMjs0J;W@TJREq7dfAaqPSd7+m6_uOOXVF|%!}OoHn&O?eXxmxPv(bL|&nT$LOd6XK zo2UD|C*d(1(6-%1SJljorwzL`tY&r^H@?)P)ySVHH3C7eRN!k!{#nVNY)3xQXQzrkeMlYe6>eSVf6@ z5!p3@g1IrmV)Z&XJFgI3%XrUW-XpiScH>wTwB5H;kB5wKp`6AsQS>rxliuJLZ&bOA z5n2@Vgauq>Bj|?x_urwX9|(M&is+iCNe62R2b#2*Tp>xp9Fd%{*FdoSjgj6vp+7@~ z*^gPG@ahY?8YoRUv*2uFn=jH=H^M3=3#Z*nIh_c#E6SN5)2jsbJ0&XnwimogfK{Sf z(6!~9hZBCBXp-s~w44r^gpJ87!je1wkU~S>;pr@RyQn@+i~oE59zQxFVbyWeHW7Mo z2PgnjcUc7SDJo$pp|7dR49VNyAx$OAV;nzBkS*MOi|>FgeN(h}E&*(~9EFN+CgL&Y zPn zle$Hhp!;}P0mCeI(+#3-e_*kC(&Y$zg*%+xlz8OQ{bkM1Gd9uCQ688lildQZJ||t6 zu@A^o0_4`Tce{n?ri~$IioPGTB?|zdB&)Fqei3||4GpfyW8ZwbAD_ET&;=%Bd!>vs z+Vz{?WDkw*p~D9}4;^Z`S0zSchk4Qn>LyLZLFAx+v?;>Qd}iz}bn$Im%Q_3u49VI~ zt_W3xhp7STm^{!?0k0TMygL?R|48w9-XL@(HEVB+_yJ+dgZY^0pMsB|kQm6xWHfUa zpCVHfH#FRRy=D_*qPf_v`HK-!*C{x>%NVi#D-K>UH{tMiBjk#fd+12sp%lBfHaxXY zF3>xcZk%uP*+Rj#0+v%))lKZtax#$5IaZ&imM1h%2wX{vUJ44sLl~!?2^{oLoN}-< zL!LBlF1pVC-*{l#d*SfqM2;tgck30gN&%AX=l+{#aJ8bHt|k8nOe58r`m>>D_XyF7 z;||?8W9W8Jm?l|U3Zz9TP(*FOnJXWCxz`!zbIJy$Sc#BXm~fcrZI}}aX_3{4FGsiP zogu4PNjCn5A@;k9*lvL<`&7Jl-MS{o7`HC}9e;ZZnI`kj9Gam}Q*_QT)yTmK@mIXC z|6}4NH{{8x$Lp#>zW|}{6R*;KTCwG*=|8OM--Z=ZUrW|pH++0Q9o5*Ns3NO(g~*L^ zwi-45{w@QO2r32ts3GYFZ)-Cad67jQ9`YYlgbf-Co4(LJY?`em`LFyQ9A8rnG>Ey( z`ro5W0$q@-;N7wtmD4Q=NnxecA&5Rf3=|g@0Tge_I>lz_0VbKC? zcRZA6j4%!Z;1>m%xS#BJxpxa3{wr_!JftBlPeVN(;MnsmRt4DCh zj4M(Xb_73u+!zVcBh>aO;J3aK&4I~7y>VBdqye_Mrx#mIk*o(TYPt@2<-Jl-c^M3L zRGS5_Z#{ue)k@R~5_PMR3no~sq_<+6Bepum$S$qtHb~YhRm~^gqYsZ565Lo(IiOFi z+NNkOwVoCIk>xXh`d6J!oO3#*=~ZJ$TEg}c`J~`%0)@&#op48Tmn&VOprS_tG@gZe zkAgY5Z-*BZF%M$$COCToa|}Cf!Do&H-`}nOF`pl{oJndqxJi`Y7Oi^!;i#cLxq|0^ z265xZH9I_&b#`rGR10&%WsU*oP2wR>R$!@b8q>prBnLR)xl3RdCyheCT25!x^bf?# zji5%~`OXR-gR_HAZA8;KP|jHyM||@G9ada_d>bYjw4y6D;1>CG6e?RBdDBjUSm6eOZqOxy+u=KC!!v=B z55JxYU7hyJ;kV_0S9jNIqrjML!!8ms$qBODc+466E|k}8h6r9F4L+Bc)D(%py>9yn z0KXw@$p`3SLqQ`&g$KOKj|-Xxe!Kxmx=O}Lpq#`>ORRE;OnVL7nE+!qY)g2ST6Wqw z4qN_ty9T=IyRR}>o?6EyPgWx&9j%+SR>y>t^!f0cQBa*R0t2W?Ek~f>CZ?)1Se1SN z!+3#jcQJDPWq}+vA}+2yQ4IO@zXc&E4nB0zU#Hr2JcmaSeD5L%gC= zJeZKlV~Nz+d%*@>KcIHWznihYO@wjM8sF6jlEzzI(2=XRpM9YZ^P%bNC}&BG3RVX| z_EfU-wEH%zbjVt57+q_5z8C{eV%q?#bWHz5M`#xe#8A#h9p1QvZE_#6*7ei=MD9pZ z?d$d(%yAgcj$^`91omLRs@pD<4h07^}S#77$bdlPHLl;dcWBfaGm$%*N#1m z%Ym*+>jjZ%&bPr|H7gM^?c)v9V^5nk;-S}3^qLFyTN&X1NbXr`EM!s|1<7*5a}qd< z4L#fY#OBQkct{{qGMVcJl3C&G0X#r7S<#s?&g1SHKEsSw~hv}`6P zc7`x0`B!L4{u3I%r?OGd>_$82@8$yto(kbKt!nGn$Eud;VrbD(jkdo({>23WAr~8A zP(F)pD^J6(_@*OCo*%+tVtaIYYMq1o|zE&$=$I4l|8Zd#N{*NRrq zv^Sa~mZ2G+^h{bb_zQz zX%r*GFs}8qjfdv$$Md1u8aKw60fs#gz4!72w~R4(uHJ8!TrqpOfCT#;0;E?7&_uiu zaUgnpK=h>f@lI5THaK^hOA4KQBA^ytps0eKU#;K#`heE|%%y-SP^i}DP@`_zYia7P zO~5i6ft=*qA5rZ$0ck+re1VkZzm%glFeT6j9R2qC_%iCx%}jyC>;Td^bDta65qA(b z#cgs=F1GH)NAqi(BKOzR8+g$l-G^dim&|jUpsu?6!$vUAk@yxMk|5+t0EouG*MCD- zu?GU+-NFVC{d8Td6{9uxAqQ*2&*PhIdjnZ8S$Qn7$Rp>$j0CyDkX+#hU_6t1rUEqX zgk<)y&D-%$kM+EJwJB6zuCLUS3K-W1`fvs_5VJn~A1`l0>X=II-wAfyf`_X|r_6W> zZc^NY%&33sV~U0yBD?8N^fgFQuY(hH=>W!?xt~A|fpw7O7OHqt@R?je+=;uZ-uz6# zvRC!0d2kyxJVsdHKGZKtp;}U?OB^y7ro{KpKma_R%8s7Bia^}=CRlL6|6$($UaqnJ z3F7?|LYwq~)DpbutJ?sA?xXvizHW+a*(R85!X%LmLgO54_+KQNt zg{eMKkQ_kqQ4Yx2xcoTCL~!LRmly391(Oyw%GB>Y0v=(8MO#tN1yf`nh{>)je~&o! zix-c9&c$bE?*i~?T66lK;lF7>G$tR2d+niFXvbzr&Lh_$)H6(-1IV1bJ`ry^1OPoF&YG7u@}(@HZ&bpz@$TB`S66>$+6{7uos*?KNGTN0)U?=Ndz4U zs4Il>q9Hl!Y)DH?aEC-aq!mk{Dgn#68A0c1H@iMrAlbax{i2HcYCm+04ZrL|bWd8G z)Y6$mJ)5NdV(Rs(XI@DA95>7}4q_&4nybg{89ms~!Wa>8mz1hf5~~O^sg;l+xNRcg zI=hdkQ{S-42-1e?gr&G!Rga)j`|CN;AL2}7pu1sQ8GE((@5a1mW&TT-?#weH1h<NX#&Diispo=Kl5}y}nO$n&=Rk~X%feh5usm(BK}FIUvnOd9 z*?$rQSD#~=-ygX|p#}m!jo7qVi1kpPSi28t8RRPw8BuN19 zgU31c0U9BSrc-87?cLl(WX33X3mLdWCX-v;a7GMM#EK3`ORxif3P|Sxq_Z-0KaMpE zvR6+rLnzU2ziNV1KyuN{Ih3B=r8aZ0b(x<+RROw65nyly;-fmv$ENL&cpGlWrFMV{ zIIRfmC=cy8uisClJ6WXvB?ZT{qm8PQhc5+1>=|H%y8Qa0D7mC`~-@%7E z1UT!n{?IgGTg%h*)e}s6El4|Jid^2~fcO!Tb1p#-*5l&dXqs|oX&aojVvTQ!g@{bs zz^c1F37roSfwNf(6tUnik(26uSwGEt9;;KTQ@H=hA#&MQnC310!4wfta7THC0eS># zCk6=#q4rzJ71yDj(0@SIH#++UNXS`vmb0O}TL^A8$j-ZQ(o}0;MMROy)=C)tln|M= zTzCM<3NS;CVWz19K!H3s_l zf!IB{276j4#+W%l07x{99i>Col;@YGN|VOXwGWYU1}D&5<^BMI7;Ma`yM2}(&d1d0 zfPa(sQe9-#Ff5um%v0@uhk@UbS$ab;LbZ*YV5l6BCW+I=c|ymWfk0m-(T;QyYx&S5 z9dbn#)Ro>NO|>Oxq87-`W)SFsq>6$v0`kc6f`q|aNnUXHF-NC895Gjz!REa&`C<^N zfeN67IJnE}1$ziMlAWR{vdpbiK6k$EfGZLnA;ORhF6`EH1h`3z@dqTinf6)`+!lAj zN0rW|Maz)Ynn1u_v1tLwp49#?U;C~>x*H#xB2I^uVIDlqI7OhV>nGYJ`9OL<>iL7y zx`!1q<5X7{!POK;#w?KbOmVRL8a)4Y%Ms2#f3{4a7^^M8|VJBx!fX+)rGGI!*ITQ-~{J*K?G0~4g7u=GYe~k!r?dm=GF8fiJ@nWU`bzLyaHNt z^A%)(3@^vjNlHWp4w{bx)u=mS=(xfnQxCFvDw&e;4N{7zYcO7!)yC zF0tXoLIgKgg#Xs(w;Hetzz@zQ57GH&pa$?nVG>>2avq=R{@;j%asV$?1+9+Pg7B}$ z|Ck`-|E9S11zw#T{C%lIm8>Q{=|(=r3Fe6gE_VZ(q>K}nf_I~Vys&KtXoUunQUW~g z6j&eAOzeM69DFFa4VVrtINO2AYmz<=5)G8z-`~hy&H&}P|1YPNf$#JKdG{?$jCbxQ zOG&cOcS#oA##VcqEik~*APQna5A!j!sqV}IU?4wW;15@VZl4Cenep>MpBy#VQxCXd z;QWSBF$S<@Pq|uPkKA}jw##atJxQQX4x0x^0&qD)9gCn)$pFG!XT$X;%#k6QiMasi zLuGmTWiQeLl$ZQx*teo?4PXs^SR!Ws83QihqO+5Vp&|zjM-Jxo zH2~`Vc>1ejH9!IgM^MiL_0K?A_e%EcSL!DYcHl>vEs3mPSB`^J!SBK*$bR936LHB4 z_!LU=4d|>GnV`$c6fW^cB8=0_t9)S7w$g_|y@Y}lg472kE*!t5IPO8v9k(K7{tXa7 zBxwv16S;q%144Pk7@6fj)5REO4l2M+F~fXL4i)U@DIsC0O#L?F=(jveVqeiN6Y#1E zSS`U7nSUz}falqmXtokDh7}=m0}%D?6zq&(0krpr^rj{7U5hgpE>Tp0m0`Oe!f*h7 z0am1LDM)2OmJF&Pk(eJu?g*??O}$Ws*p z4_wQURgl3fCWOohgA(g-Lm0s7{-E=Oq6P&!JA;UqDGxt`*G|0H8Dxm-D2x620eJq0 zs9T$^g1w3ca>Ik=To++HA=9o$LpzC$?-L<@zHL`dGBd&)x(Yt@)sH~SQPAT^8eDs_ z$V5cU>nA`3G4n-^H&dOjL0Urp2>~0jGYiPTbm!k2%vDKanWdlU4WcOLi>T~tHkv(i z`zza$pd_Zsr_g~#(`077{nRo2Jh)-qg30C$x(fEe#($I2rpTG6AfxIBayn5O*mdB% zFXuo2X8;8^1pI=>iVK~PCorfATWs2i>j;3vl*QW9~HTr_0z6))ae1O+(t0HAuoSsfd7GeM61dlvMslz=Q*+}=<0?49DM98;_a zG#h|(H~=4rD=8Fp!2b(~(yR&6kYrnFf}~0t;%bYsn?Uz2XtHP7Ggb^5k^Y)#x zA3*B1e?$PKC1gS0w1HNDB>|uyBD@v{H8C{-2B}?lklH0Oy??r75J8Ni^8n4Jk7r3i z7#RBh#xO}7%Y<~zkY0o_RN@HP{d^h@6G2+uI< z>98Z{?`?u42foq`jQ`5C@I|_xp*`r>ddR}u%6u}dstNj*y^Q9ny;+F$x-+B45(DC_ zelm@X>F{h&5t;??yqStX1Sp`X&(l}cKHj6(Hv^S!CuAKcIvGVaCsrZ;5CT< zZ?bf2ZEqqpeI{*o*%r7V<11ShzdE@is?8$}FCB-!8rENK5+vXi*Z*0+15& zu(LuYfj+Vu;(X46bw_72Jf6~5a{}XbgK1D9Mp7g!%L!!1ROmY$5*b{@WdsEl%Gzu?U<)RVCGwFx8$KfQXZRCGqE??le47MU;bu$rGRW4YlOeYN`V#0V34b1)g;OwfE{jqrk05IG!%!>zK@ zR8J6BMA0Pu1Ss2_iWJwqtXl-oFDsZgP(Bwk_TJ8f-^t(|o z$3kd*X)bs9>b4OL>*uvPX#e}$WX4P9yP}G({kMZ%cV_N-&nc}m-k@?P9h#O@%m;q; zk#*sHIL!&{5n1d@kN|40I8n)T>_n5}J6i6H?5e0CS3HZp;Z%Q79^0vD1mK?W_vylM zoJ=!~1~5uZi6bkYP;29gWKCA0Mw1Z<&Frmo1x&nHr9)Ht!;}t#4#_6vKpo7ay>6Cc zVY@*-LH8TM`~&Nl3{xSbN2Y>)xISAUiIsQ|!v0jg&Eg~(gM4GAaKhVj9c7T4mBfR`dohJLH$btR?WHo%@6P9tOL*BKEGRk-gu9UP5!rwqUPl z8G!V>fl3l#TkdqI9Q0r5D!Z%>WM7S`;BG3SgEprRtPp6lkH4Ny69lzn@LH{b`3JGi z95>)H%fNTIOyn>uB+)6r@v;B*Eu5bGA3( zE7%m0q^V*69rvFCU8+v+V_&ZOIb;ANn{!v1&QeSZoumg zjfuv5JULnbIvH<(F4nV$4T0=$Q0J|xL_Hr6LTmFsc1Y1}Hvd&uP}wn!v`yJ$j??(} zBmR-by`e0d@S^;*=6z>_i#g~G_H}oD!-tP9`U70Xrh$h*!0!lGEWRMXe(dQ`uqf)1 zNa(*r2u-#7&|(fA&N(^06>qlr<)Aj=EIl=h-ARB#-xHR&(z;*fxZF+;bl%Mc5b$7z z1{{8;f`yh>1Z>~7c|B{r!E7i=Oqrl-1Dc|83@g6MU~(g|2{JNZ@e%eF_Hn;Bbdvyio2H)XLvOGWAMpZkR=^4#&Uv%> zoqN|!K|xwbjNP=K73eoneNc1Oq3!245j=x7yR~>2`*l|;0q-NYeJW%t2NX2gWr)zO z?jY%|Zi)Hq2z&TSW2dqY?hC^=gDSy2bTw5^UPT2{O$Z2;tQB>ShGbiJO`(Z0#)vtE zD)fMSEdCCpdi=_|SIcX9HPqq!U5W+R!ZHsjEFIdioz^e0^Ygl*K0h9Ir?&1(0f9^d z?^JMJ z6}nsL;d*WPvCuWrWoQd1mGSxFoBtn6U*Qnd_q(a5L^a8H5z#=Um@VlSy`~Csv-h0kHGiPR==a~Z(^PRkCIZ%5F1;!)$?SZ>7 z8(z86mx;V(hFe70O>=20=t9Ux385O?tk8!hdsi12v>yJ|b^U`hVczfVrp7iiasL2&ik%r4@7)>|CLxLF5XY;LUOJ|J$_l1AEA*o=r_B* z8N!eTeBgsulY8`iGC~A6kWFPF$&W?)u^6vyjAeY-0NBu^1( zf95@!RUnf?K80rG*f)n)vGo`ThIezfO7@zZ+Hd2b7Dw{pz>!j+U4cc0>;}s3n_r(y zUYg~Lh-jBxlrwM~N~0M5nb#sgW&&GQA*RqM`o7}xb0n<1%}~1X;7#;V4spzpyzo5m z2s*Wl7l|NmFhFQF*1UaY@q!!(GO`XIO1T1w!r6L{^`d)ZI~DaIJ$0%W_1tY}h<9k% zd8mj?!31WRf+O#*Kwve6#bV_mO&o}DsED~g5>W0Y3eU&YJlD{l2L~SJ_P_6j)rXps zG&C2nMbiRFO>84nW9x&H4|HSaEhMinPp@Rbpz@w|mXy95n zJSWb%P+9!8BZoV$#;g-__pswBXN_?h+i@Do@hu7J0oh_Hu`c8bfzn(+d^u|L z&~#zOWb`19twUS?o@^u2kb60>-6VtI(0&gp>lueNC6|@;8oI|2;~~ zlQc~VN?)_?Q~U|^!jl}Cz`BuVqJ()64x$EVS2YU*%B*pj`Um&s)SEC&#FFdkJkS@W zp@kf&9pnCw;dKj;WFgV5!}I)k)S<<9j&ca;FT545b>^T@ta>0xWmb;@Q3R8@uLsnS zyE{-R#AKMtMTQYF z$xZd9eY&YxyRUpwl64~vB$X8dq5$yc;k`b_QKO^1w-6v9b=RgW`~a`hJ6dqf2VV`) z9+`5|9nrgX^u#Lz`5ur8NLokt#9`r8Ijkactjj{=SD6CguE)2y7@LXa-HTwe3V(vMECf)=6 zt3aQY@KZno8ouB!&m|C#IlunglBDvQBN_lUg(tCMtnkx@Aw)~&?trCmDh?>$%P&vdY^G4mQXukr~XeKDHnP=w-&NlH|| zEJFw0KhWCD33n?r<7}AP-Hqf(p0p(2 z_s+b0+GPn5pP9#uuKiUA>XC;qSQB|JbJr~qba@GL4|pGZd}aIZ_Y;>eDvCDajEaOW z0f-CHVAK9zEhY(;emSrdx4`Qw3*iP#u;X^Nc^BYf6DuZGLl@6}7US;ndPv@`JbAJ{ zV0{{6*PQUx^$M(ZU*L;`);pwu++unXDxLtQD{(_&I!J>jN*>ZNi+#hkQE0qh>OC!C zWnX_U07qBeGeOsm&hs(}Kr|Taoyc?yH?uYFA+FWeQ=aTZ69B z-)k1~HF7fn+A93o#+mF;buttbn%-nR-9YgEJRcsCjNCoSo(~R=0XszpWxuF0S;N+X z#NCsm3cms3cz`MZ81B~j`MK!G9+tyH11?Z2()FJd)-Vz@9YFhQ64`IC1-&wZgcjM? zphFEL{sGAP%xU=HMrG_X!7y^kUzPY7)ppN}60k6HlQhD!@E(9lhq=KHf5ov&wA= zBBXDcW}u3%%yAjb378N|W?|qQy+LORq^B^3>Tv;pBn+gLk{q+*poBX-(&>Qn$A0f~ z^HN;8Eea)q#ArJx_c@6^CwwZenfWH-YJz!_gjJyp5dlaplA^?{D&7}0qV+dcHlaI; zQz)4zC{DR#4WB%`&9dz)8R9^;-*mB!0Jzt@oC?9ujmMpOAj<+L0K)`;s6P1lkV?m` z>T99}4>AgOmRj;3PLS7f5Rzw5zMlZBJDBqdsIfFt@S9bv3t zGv8{t^!yVo;Hqk^x@-nxzalK!Vx532A0VVA`4b~Igo$hJb6;vXGBWCu~J`)>x zdCIFsmI#tCps80b2YHu7A2mKN8!vulGVdz0QK5yhtxATfEcphJI$jWM#`JsL^m+%p zumqqD@eAHv*&vRmq@UQ8?;sX?mHLokoR*4w4tPR;tSm4{!c3wO1FRGJ)8YQ80|&1& z0VnTaznik7w*SHRd#6#DEGZz9_`Xw@4GPone5S`@?wj!=yeytn8c$3pq7Ot7M=aaj zm6GMK0TXk1ouHZj9xB3L-pd|lDF?Zki$?j6>f13t90i*3G(W?JUd3A6Z|8Vg%)@4g z*QDN&qbt8U{WG7;ceG;GS(8=m(YebPUD)HP%r4|*iYMe8ecx~8XxtqRG9w{%-=H~~ zp|f()ss*iYDr9h6Lr=OCsEyZ`W0l2A*q^04Xd>)QmU!W<7C3&zo=46x;CH?M`*^hI zbzCEeh^hlE6*d(mGW*l7cw!FiorJ*xRJ;c&cO`XwOiKjYDxD~`oV&@WuSTwcK_awR zoeY@w{~Nm40=2iYu9A36vU|%4F9x5y_#R4qc_tDo>GU4uaF^OLl`H1f@F35Zj*}a1 zIw?63#wmI!QtrPGK@RbQhLQM5hIPD7Ia2rf}bLk5q7We>^Y)pS1q7 zIPk!KVoE@*$X$Q!E$I4wi4~q01jKrsnXS zUGh2p<}Y`Z=ywoU-g^6h2eC`y>=26XL=~0yd2Oj8sQ}q!eV~r1N0|Ht+4Au_zOEEw&?0690Wc~LbtAJY(m2sN~ z!HMEfU^#lffM)nQF8vA^8O=#qVeEYR z48^a)7tuUt#zPbWq>8AzqiK`kT_OhKTPAmI%Uz`IUp$YvH>J%uU1}Mh4{aT*>Y^LT zLIMG>?9&fiF|7<97_4yx8NT}mRa!}o?3psXM_5djNfhs1eF^99^{>6{Ad6kFqA%VH ziFao$wU`m~EzrJnMzXE@*CB5#0U$A7E1d@h;AuCvJdhq*5Q>wqCuwbPcV<7!CG7@| zUy^g{5KSmY@hVgbtkZkkFK3NPhWydd@RZ6-R(j3E(CANsjN%Y)pNbCh0WPY-VMc_y z2g%#XIGEq494C4T>x8$>Wn~$=g5waieULjX%B3fBygtu%Xt)ldDudW-*%;6gGCQf0sVaT%6p0 z37q2?%2a7*=U>Il3fubJ*XeY&8f>z}HIiVKCsG?TP9Hvt;GYtp#qdVg#&N)l02)>e z392FqUqjVc?%tl#@p;<`i5%~#Klxmu6r;iA_O8LwuNXOCZm2vA%IjE`P_v*nJ3)gs(sK@%0P6c0t=`h~lhMcARehW|hW=dr-)9M|s*SBE4& zjHc2TPKlxV~`|E25J1$;te+K_yr6B;K6%!TBI z`1Fy}XN#C&zhN_lkjY#OCqcLCE`Q4ON)|IpkEWvmTGfo?400qFGqnBVmv7Ivf1Ll! z;j^_M(SAM`sSLR$%1nK)hIPE}{XC2j7ri3(gQX@xt3Qq4Bfs2M!)AkdvZx%S*@mX4 z6!CbvS*bjNceu?Ip10EukUeA}mdzV-jBHVY_hd1sx`Rwb*}oyOD(3QRb*;}rT#WcG zjVk=IQJFsD=1J4x`m0!CAiCq2ElmH;g0TQ*+_T)}vmp}&&+zO&gaYL&V#B+4Mq@-2 zS8ne0UVMTYI@1<=>o_QH&=3VcEi{YH%rLs=Q{lFZ3OD)T{4pz>YYI{vOlW&86OV>^ z7=G_AuC{)5Hz5tLGF3cZf?6Q{|5#up2@8qn%`BaD$XMCTWitd|u+mb;&L}VN?(6we z@efYFP!4|@^_uZ-w{UmYMmBkLHbH|cRUz}WmMB~K>|O6=*MPK$v{NH6Mlylf$`rEh zj`bB35_Y8OQ{#tXDju7sWnTbl^0ny4&imdG zu5=|s2LMW_hm)`MjKX{K`AtF5bLWxR6#4FbUZX3$X zYi`)-N)S!UvI0$A1vfmoPi2wgt zpkF+OmCQOl!am4v>OyYrq&K%A|su04Gh-rfBbNqF!6OlsmVcBzZFizokIl1Ov@_ULoA`fPP}k z(MQzxezaAXtnmAqx2WU0jmV1+L!Vb)w3ODbi~b3jEcq$A^s%E;>>)9a9y`Z2BgQ$+a!z#ny=cjx&c~(?Wy(4 z**#0Q{a*F3K)>GK3XJM20+Dk6!W?((60?)LKu1#-=+sK$qJ7VySIK=KtY*g@vS6a! zp_}UWs5rx2?jNOgCmTIy5UtA>wkQU%DFGCQRUbaBLFZsgOQ&+1lC=(pPV z(3id;x3YX=Oi2=hMmkY^F7R~q(YO8s{Lby#=+ngOBehvE>@2!;bc89C0{H=8cvW6@ z%&f9HFGPln2qI`E1MX1`I2ki`r0N?WPbq6|yOs4FQ2SB<4?Sa6N4Tf`Nh}3OLuK16 zo*j=rA^*)=ZR^t*EyjIFQ?m5Rlktd73|i*cBEy2qgvWBt#D-l->{L_N=rva64yN=g zH7{L`1W@PPsC;ZX=wvh3yQDP>P-=*3@1#UN@V~>lbkI&y{c0?Wc2;CXpSoK8FtPEz zL7sSb*~1TO{j__{BU# zPTIj$De#qP9B1uTPzM&X0l}+b&-cCJPg}Fc&;LFnLmJJes5wRa|`& z1qcvDi>WxN*zfJnT_Zr=UG<{vugUp6T?3QNBP#7cQ&p^83vZ3qLww8`RxIxQfG<%& z7|NU<{~U0d*s#o>G-x@;G@Dwcm$}A2IA9O5U?y?*JNM^A;EHkZ!BN$6RHRUcNhFY! zWArgb$2XqV+DDQOYwqQ^SgcW6@s>D(FZZf)3cSR2M4Rs?_a>)_f>(tY(V^{*v#@>~ zF(E)__%mw3^=2+0HFISl3VUDtD@az*cu%jaz1Xat+Rv=-iVSW}R0<}DPp3fkK9!G6 zIpO6ETqo%<_rg|!Br>-m7n$7o0{Av+>%Zi z(W~pEzUIlP)eXA|^J77%M?n-XBXDPmRd06_U4Ttp*)% z12_5C{9Zqvix~38H<4xB>t(g_wM?I;D9kyUcDN9!O4{ndw8SxhSaA@=J!eAf!7y5$ zPs?nrej~!>OdWfb#vJn8(8_e8XJ)~t&|>9Px<6q^3NItEN2GG6bEn6I*vCe3e=M={ zrne5HldcPOLRY@${_zN0zuGnsQ3Ock?=1Z99~F!Z2PMp_+4q}fb|ewv-WH69OP-rr zu$X;sxw;FqH_d>O3{Wu8I3vKC?VujGVx}z25K7-w_Gz7@e`~{KSMh7OY*82gM@eoz z$5~cvu~=D1>LnFv!w;_sb;v3T<$VhKau#bkbmJ~ok|Jz_pRpPR8EG`mjMlun-HJ8^ zxgc0BbVfzejxq7TYsgn`sqX&wjT(J*p!FH$c2Min=P|~ZVyryjb$esP{z;K1s#3H_ zj@(68L?yf?FUQh7R8n}h7#$~&&$&yOFALJFl35HS6Wy_pWS~5v#|NL{Vdbj$v$*um zafuhi>5IEBR?%t_co*`JOwj>WD8>hlUO&^9GNGvd2ztgWwcR07{wK^~C6B)V{g zx4B0<;;=fpLxq`CnBFXC( zwHnHjSo{ZkK}Hw*R9vx6A{$gGg_TnLCy{;4ZK3~TGS=#Ew{jqU#|NalpC zT#%~_t$-E2cO<1IlEuND^#@ngh}o{Zsvn>r(a zGCq827Z~S%F%PxlI>p$>YQ0HxP+NLqtWHT5Pd)0dDV6TCLKM|Z8itMN_{9kCDK2Ff zRK&;SOh1^j7gMBs<*pkdIeQ@}<3=f9RA|b)`i-&Wqih{Spqi~xHrOVQGGWnS;GRn{ zQB@y7P|_M5?V?kViEv$5o%mDr*X^p9+@!*b9R`bR7*3d8eb_N|Qt~UO8;aN1%pziC zFhN+VXO>@{{Y3?6krgrP{6P1b6xNjIi>rrN7k*=(PYy8Zp%(17A)p`IJ~|OAKP7Hu zal=8kpcu0gMmQ~9p##+7hx8{|W^5Ijnkg2}`Zoe*6VJvC3H{Sv@)8qio|S|!p6PQg z=ctfo9nG`CX=9>!+PiJdIxZCxOCQpu{sdoO%!D{En3z#|A;_;{>W{5gE33=UULh7< z1Zc{nqvdkt<-9^Zx$~;z_P=|P{=x^S-+t8$l-QL6lI5^MWS>BslZ2!ZvOpV7558WmiRC>j%y6U`iIzZn?)^A^QL=j}cS3p@%?M2?FiQ zc*9UiOy(Y%bmds}y2GM_c^7*1QSAgfP}`C-XjZ9+1>kEz;`5q_WcOi)0K63O65*V6q=qiLvmVw4&m{?+yptx z7+v%E<{T+clM;J^)f$vBbw^QFjb1op+I?`1F6@fGCj(He<=4w^9eH-sfVJnGS9u)~ zI>tr7q|lRp%nK13I1}Gi+W6>6b(QOOhs9cj6EEEJ$_5vknGZgoYxle7EP(c%Iz&Tc zsZ?SH?errUkz34`C$oN^r7v%*mS(qnVqDy_bZHWFy*eMlTDV#IOBi*o5=({%MVr&? zL#R6&W&-F*g(2M|I0YzG5&IPPLrlJk_O|IL<&eJsMHtGKHmcP~| z&;q4@!d2;?$J$}J@k;3#eB?k{OjGQQa*f)^0iHW6AX4IDu1ENu=k!zZ?HR|8SOH<~ z;nwwg4^=gza=)NKx}j(VxYp9d`?=r*j8wXsjhV_4?4W?iKsJ<_6MixewGb8mC|jnoMU#;&k>TW_x47)`V&(l6!*bN5`jchx61(@; zYW2Syqkyyto=HF|ph45QtTM5e(LNtsYn< ze?40y%*bqh!i7~ncv%K&Rl3o*p&0XsRULR#$!r#&Q>RZKh{q8dur!639EzNieOF0c zJzo;TB0X`$r#&j&Fzy_AR1O`zG`i=rBU|5Dh8155j+>yDeZT3eu#P_HQyxG1ETq5d z)u8*0j0x{%|Hs*1d@G0xUG%-D? z@q-uc)S+hlyjL-i3;4(#0Zua5o+j#%!Kp;AHJ?@dB~Z#Tz6!w+8>~<0F(qjjZZnE) z1@)+f-Kr3hx#{g97HY0POD9ROY#E;fa~kDuHNlnoSjPus=I{nQvm%r3$I+|WtQV$g zCmi*l!IbcX-L~@+o05V}C9u|5`QgF$uTcASm49p+7}+~GonD3S%?qtGr=cg}=+KkS zady2>#f~J@(Zt4XrXY$Dj|(yyx-3u{?0|`Y2G?HvI2%ppRpheVH&Fb5^-w zTmGc`@4D6AX~daZ#FNNFKv27O-_(RFjXb9&9kJ+s;y>);yPYhpepa~Mq)e_B4^dO{ zl7o`Z+@7We{uhq%xDEN|T%PC%$5K7JlZ8u?+mw%>UEJp{5&Q(~sbeh*MeL1}OQB-r zp@VNcZ3i*?-OUc1-6J%LCayD2-}V5G>NO*9>*27}6ngBV{@26L^7g7<0jyw(Mx>=`kocdf4c8)f`8xfbl( z7(d6J*;_k~@e--An4gFLb7Z}t>C34PVPZ4yxSQLtMoZxBo^L*#*T|iy-V)G))T{jH zz@>D#(U=JAt4&tL^xR7-m7rT~anAvcvbDQ&?8(khhI1H0tq}`mOXpt8=v7|W6M?ay z8nsb=rtRqL4tap=;~cV0|?TAvxvoVR@Q;?v$bV-ht+iG;E9E$84!R3)cb<80e$Hl5t?EY^V`GQ@h&O3T6Z~v51}r|)@lvmMEa^>hCo4v z9QvCAIx>p`B=YSG3tf{{87Q3h~Xd8jRmP zWDKvPR56=}+(T-blm4x3UpU&CJ9)-4Rg%sT)Qajq)LSmj*4V!81r%m$Sz%Yz~!yVB$8yq z&7Hhoj!K_wNtaq0y@yk0cZPJs?ESv-$w&rVfx!)R_c)cBB+W!YKs$n~Sos2=)kR5A zL_-c`Lw719FD@$K(=Ai?7yd-}$jCsVg(8gw&J7dZ{f$mzn5E&)p`tfs#LuQ$qdyY^ zAsZ(H9>@*PYzKIGRe-VtdWcC9J+DlUgwePm`PhDfBY$O{JEahG_%D_UjRna}qvqB= z(C1=BOdbd@Xl1PPk6)o``p_6cUN!TdzD$Cr=I>F)RqL4$UN=ok0zV~5sgB6D>&mO5 zE!ia`TXHTy1x(enw`UsaQ<-_~OK@x#aM0AYlS}T+;#bd8(dAf7q|G2-`xKf6;jjk8Nap+B>MuuD{geKS zcjxAZZ7bP>W*E5YkZ8Y@aHs(r)~7_6zB_rfg?6ODD$YqmOI{2|+oF+6R~g6fY14q=1kvEN zPPNqv<0WPTn=lNZ%7GEzr!U&i16I+o9e7@hR7#nJ8BX0#U|v56KdrY7)E&?pst4sy zq4_Sd9=4{uVJ`j2r|@`-+=#8c=w=T>JZ5;yaPmlI5v(*p{jpaFfLO4pA~sw*$S%CW8&}55K9uWFyRfC7CMQ(UV6t>KEbIC!cZmt3 z)TE#WRO+o0)4AB@>`aiG>-a2tAX4zUrUmqv_Q|wr0FJK_Kf#OsJE5#uSNqPR{I^|!(3J%fS#b?PNPiEQu#yBb{B-kX4m72YgdO8Do0d0*4a6@NYPhfGR5!X7HZ!TmcYC-iMkwO@hI9l!zI}6eE=$|- zby+-N;7u00?-&d7euWGK_uw?GW3M_2o}Wac^m_9&!~tZgp(`Ij?Q-H@+HQ zb2=%4zi-A@`N_XdA95v1W+Nf+fUirKte8T>D1U!y%n(IzjMlPP?Ah2^oxWu8km6F; z`72d%t6bts_>1Fq^Y0fWP2Cr#wt`sBBgK4r{_hk+*v7iYkm}yQJ@iw0O!u&8td;Tn zWXd?Gc1Y#~r-nCnn5~erq}ft8#x5Znk4YD)SSkYy1iZ$s0r+26uLce5%?nwU-}POa zG^TN=u6_~TC;x*wIZS>^&?r-y2E!MC8#JWDAcw~;WxN0GQp1{+LwrfjgV7x^ahuAQ zRe@4$xeDz}>v6FC&=%|9ovZf|#)i8gq2t!^1Na5E=a=j(-ZVM4tf8`rE=j_dodW_v zqFKcbeQ!%Rm*D7B%@j0YF#SXhM ze5>lbJmq9YyzA~bBar;E9eDa>0ucXG6&C#d6G{h4I}`a);)zfLr3mT19_%k(TsRTmz}(vvX)) z4!d(1FP!6z;&n!5aUp&5z1n_XrxgxDcYgDZbBAr>`Hq+2k*e<}NUeGQ6MF#}9`XCL z2ktBhp-bo8(#d0|NW$5QDTz4? zqM!+R2HX1^)06x-*y6vNBElviXFJB`%E&W6WBQoI->;jIx&BkTb)l3#CKb~~=fXx3 zSpm^IQ)v3Z*Pxh18&hiV0QsiO%dC8>zZovKnN8>)Rtq9>OZhy<9#pTgO?sXS=s;o# zx_&gO7ewFE_{!RuBcvc<(s^d4Vu$#Ng?%7$)$m%78R5RR_^9O|{9*fH{hZqjV9SioELQN(n(|3&xo zNt<^QAa?jPo;QYjLzDT(61FJWdln2|ae+#p&^;&H2gT_E^yfbOtrw8k}$-=Ox_xf74g@PISNnMfRkp z$F089N1S05oZ}ou#(GFJP4%J%)lZx~ita^1fx9J8G4 z*>hwqA}?dFJZF*VU1aY3Vk_^l=-b$Cdi4dh|H_p8LuUv$dq25NmT*7Lrq9qQ(b@V( zP7whrSlL1sB!lBBf#ZXH&z9ZKX;#5y0hMCr?+UG^( zm&aqdoOjV1csVbOUtnE{x!0R*oARm6dw>2{F-ICZK9hzO4R;Umk4K)8oNFWGkor2? z48LAlExm`~u^j1dFDdgCWE8qzni;b;!mU<2(4w)?L!Y9Dio z$-rXz-R5=ybcRCPqFo}$()#3{Mlj++_eEz6q7}!RSovJ35Lf#NzsJ_0q*q6+H$Rek z8yk!CIH)FdNLf7_IxNb{MU2hrB7V{22{CMhG^scOmLY<$%9-U`ZW(98JVecS4 zULGAtTA+%%mwsh!UF*@h%4Ku&uKf7fk^JY!k@ngzPLofqewz_GbjvSfa8$w%tOHN! z=V}k=pS{h4SW6}Z`Tcrq-NrW^v)#C)Rwb&UBJcv6Ef_n(Yj5!Zhg^H zyt>h|a5B|f9MaS2H@{!{>T19yel-cC>$>MLM&kFH6OX+W3J^HN- zEUdU=1WgEMHLw3e{*R`9CJV_m<;_LTGtFRg0e%y`zKg{GBoxpN$pqDDos$;Q5W z&Fp-i!pFXfoyF19th9aMWTZJ}bpL}xAnG<&GPd9~CZ zP)CJB(>9o&flMjCyBkgzl-Cw9wPkHyrE$a7YKR^Le|Z$}c^L?;J>MeG^~>Q=XCJ+y zb`<<`sndvsqq%^R?2Txj`MV2SmXLoXzSbV44XVGpgb7Qx9w|OLkz1eI*f-zO$ z&qJZ=xZS*>ndVvhIn{9VWmZH-Z7=*~;a7=X@Txrvg6?Nxx+VR|Z&Zov%)4jPVi3BQ zY5!v8rteXg8Y=gN{!aES@kxa;HJ7)3L5uOELsBjuo>#5qJwM@*v8~c2-VoDH@GwS> zfZQoHOnG%muhZ|<6&9w}1p?c@jtY%LW$39@l8!`35^dWbi~AZ;%O#C|0Pnp+`Iq(L zR!DN~O6YscZ$RGisNycPS-#?c_igDgsKygq|Aq2u@mC&e%ZcN28?IldbXop1Ju0~- zu?sI*LdAz((~$pgX4vl?&PiVC$QqpIPk%zAH0&&9?|e=)LU?{|>1Mi};rqO_GFG#_ z({eX%gW(13{Ttr+>Ui+O)SnBtHCy9T3sCp@3o7aX6Q3~R_rHg>S|W7~jXN*@RtQiN z41$PA#0hWi^_mOq@}oEjg!ZCTV{dVP|BxP`LkeF>l+rPnX^_2wIC}KL+(ybXl*Dpi zSen!hf`3@?zw|Yay@Yj2bcsKOdr6;cFpO?J+)fe0~6nRL$^g3GNzV%4Dy7?C5{% zM@G|nR8T9&K(yU$BPum2LN7kNX24Jj#vb`4eT!wr*CuxX%PQL(;8`;ehB^PZG>jgK zX#Zq`F~a9c`0C$$-ZEvBL5JL4(P)_x5GSxD@$^VJ z@0Crd#yBPMq>|V7>uFM|u=z60>OQKdcD0Z)%90ld|FBm=O*W{G$)J^1(`Mvgt^az` zlGg20FgWpV$K{Tbk#4Ni<{uwh;iG??+sik4Oz%q6N(jNfoof7Ydba>KWeKCH}(vhx2dQEHBybZ$Uv)A7f)Ld}~)`@f$vU@Vq>~O~jTBeVb32e{! zgg^EjhunMDP6An~e|~teP1(^+`~IiFKjPhcnk-Cep?HO+ zw(Q&A%i<0%se4omC5Dkozn9aVt5xn}h_HxNT7(K!!@L&1fHH0TEjsnJY^P}T)vDaF z>~L`%x3LE!GYe`rqAvR9JlkL$Yt}2P^kCx)^)?>vnKP|6;*l@CSbs3$1E{zpCw!09 zyp2A8^rI6rdqkue#RXAn_K5#0ZYN`@rdC0ICua7;s!=lt%lxi4Qmz}9L|01@ewz&E z+@t+jY@0ACrVb5{ znpScQw8lct4*EFZLV**|eQ45qv{LHEXJzr|gn1O|0=R|DLcUf?fpUrKZFS4?;t8-f zC6o#}0r}1HiKKOf#KNf5`%Q_k0_j+`_C@l_FGCK@U8~ac^O#Vg$#2E<+aV7NZi7-K z4R&N7vOUq2`mkS}SVZ#3HLUe}k?lOb%l$!-LglIclmD3A>Md=932OV?2J+rIZT{963vmsfno#y_U% z?^SOF^Q%ds$y^!F(o`oKj4Xc+8HJ9KE+?f+VWokOsI%g_Yk5h&9$&PJ@Yg1RXH(Lr z!v7$`=$qF5R{T(xxk&)KkvtE>+(+?48T#t{Ax(F0%gT4ISjKOz;LR1DUH=_z(cBX? zCG7#@oDZZw>(~S`Ha~!@p!el^H_ZVHXE z6!LwIu*JKg?eL8edhaPN;<`tXHHvo#dVwRRKFaqC0jxfy?GAr#Eq`Kygq@?OB~Dl$ghGknu&Mn+E^ z%}>bt9*E;4*E3RIe$Py=+(5g>)i4s9+YHQSD;9~<{tO;a-^o73G<+v*U>X1hqU32& zfv{ikS0h-B=58HfCj$dNpD)w4H$Hrbm!is4`W*RydK637=;P)C$zT*oCR#uw*0o15 z>lGmyqzXd|`*EGu5YnFn+S!+NsBas~hgJNV*-7wvCi)kX=QDw8QT6j41YA3z?%>}hwll>= z7PIE4;sflLGBKTQ!pCL`(i?@l4H~=b$vcoc8l!ipgE#o)ZP5yg+YPeaj5}w-Qi~+_ zDFFql6>RQ)yld?vJAdoqG2LUH3xyCr_xgj|(AV)iBz};d<;tK!=S3`>`B}Q@NL&c! zd3JT^#K-SwSw%K0GDl*Be-)Ya4}A;weuvZrC`gUwXb0eb%N*9quj)4Mx@3xVJ(GM7 zeKqBGtNTInq|Cy@F0{HTuOboClFV)A{|x`F2DASFR|TBunR9V0k-zBp3x; zSQqs}Q2N-#m9`T5x6+=Yp(V|qID6tspBUfoM43#d~ z_kXwR@N`9G>5!x~jeCgXzlLJFPI}*+^HFx+q}w#_121>S@`=h`sgg z<=_jnx$lX1jy}bR(&syZk24&<1b)rh1pJ_HI24z|`Ubpl_`_r}-!*r{op#(8q{*+2 zE$5YPCF?Du96l)bDDzdFjRrfVAoVkA9Bgn=v7&|hJ8nzb>Bngj$y5nxILpSDsB#NG z$?CamBT_9?>Q@0MA67{8_IwnIDz5&{7#D*|g{W6vPn;fD#0$ey2$xajZb`?fSyjD% zVt2aPwl%yszCRp7t9r%%^<9ee)ZtL%o_=^&9U4|m5?msliD3WVFo}HXEBD+aW2S7S zp7V~TZPB&vttfSfHfz~&gBjN6y8SEY7tJ5m!9VDcaSdv)ea~4$%jF;25k!k#l%R#0 zIA3+?cT(~Z=H0hTKJVGGB4#=>sI}%DdiT7}Of#|#5%FB3q~A~iZGSBwO2nHZ+6e8w z$Ly$Tvjs&2RVI~53_|WvI*CHXf6D&l4}k7oZfDTBOL!$|e{(Jfr`dd~qA#C0ota@V zDUoUDxrX&XU^Jo;@J39~k({SM5B1}1h6AsT1rp_ASw5dN<$j-e&NDpDk$9(~ zUYkl;B%8(6799aeX6Mk%3@K|-SK07lxclEV_XlaxX6DZH5iiIX9~8C5E!ZodF_Bim zfR#+hu!LG-`q$Al!vM*(kd$+HgRMKk71~0|l6Eenawp=UdElT9~HB{ar1X<9j8vb;qAJAdiHU-W~m%cW#3u%ns z_7saRi(liC=lC*~px9jKbQzTO(Hn1)R;fU6*QoeT>PDXJelOv;v8ZT%BFWNS%t6fwE~s`<7x!Rq$CCn|AdaVlU~6)>&NS43V{Ap2AD zsjegY&~M8Bym{VojMNN1=qGs4VYRHEi1hYQpd!JJLqB$ZPXCqI=r^sH&h~>OrDLwg zwAPL02SeDTt=N<@F7xI7aaXDvV$S4G+G18bP|Oa|{IoAc4t-y7I&5Jr87wlXJK?@Z zb|;!RrDc2_)#wC;u|L}-oct{=u$ptzY8H9mn7uiC{6W=L;XJhctD50268P1KyzYH2eZJ|8cUHV zT;obAVEBA&kDD+-TjZ|5JTvHNvq8IhU5f%1g zxN<6w0sg>Qz)oAFy4=o~GI_TZ+G^1*<&&vc{TJ<)*unv28)_-YVt4rYNeg@%v3eSp zTg~-|UB|dIFW3yJ@7{JS8{+`nalow3-_o3^w@2#M_8FOtwJ4c3#sqMxx;lJ&Gg%ff##5NK!#|`I#DIb z_+j230rDxlm4(2cOeUHS%iVYal+3)3t7=X$Q&0$bZ7us=SF=vqzOtOsIfHipwa=v8 z$dj1QN3X=CGj{uVdAhFqOL*D}aa9d)InYLD57GWj> ze+?&cQ@|6vf@i7@H*+p#F2-h$+F{aeW0qxMsd~hr!#!VV*V7<76-r(_&%Rq8RX#G` zEg}&FDTsvaY`H|FNW*;`xk-pTh15hApQ%<_&WrmKr330i6eAqWCELgB`Zho};BOD5 zY7g$bIM3cyrjaCmKRbJhkSjUc?g@*Qt3G#WDq{4M=fi*D+qA3r5as4=81d(D6>aG@ zTR=vdQ^yevAfWd*5-xGLeaTZiQR=%rkjDEx`3EhHr7`J<;TqM89y?807D(@i;IBtt@ameA) ztGKKeM^Ug0*@w;O>PUxpJb#pmw)y6Fz@MjLmGc}vlLnH^z8#cHH{1M`pqa~%ZCnw| zfttsiJ`}MQ)h5c@jO9iEn%l5M>M>OwPJ9I4Dx!0^?np;Pi}T*155 zyiCpKHpARkewv@|DMtDETf{C3;jU;m3>zh#b~~7L=Fn(-_6J`7jXj-i9hW%VX5{e& zYTef3L8JlaZKOq?GNe`-@t=@aMQ+*|Q6(oTqc{$85@wMO6LU1;24E2>^d3xfa}Kg$ zt2|PTPQSn0!a=TYCT}yn`CQH8&PSEw+KFh?F5%^sm>m>CygA&1NRs)y!r=gP%h7}N2T&(Vz96}*feE2R-<4);AJE$gW;(=6s`&=OoJ z5=U@}!zIsdn$&sOu%k#r-e4W>m!W%)`Mm3G_lauRTN%d{ws%HL`Soppqrg%UrsH2a zMTC>dz?ZE`U~qJJguHe?ukCsi6^sTPrc=8ipwg zr9mc<>(sV(M2AYN4Sob#)Bxg7qL$@X$hquEXGg7Hq%{lR!s(pS6Z*~47P+G_r?^XA z!LaJ6vly{U42Ua-`>G=8dnL>!sl-$f`vYs_R&I{q4u?zcJW4uTq#^%i7HX4hpes^K z>r)tRt~s@wmC*)~_>BZX}c@)Sozawb&%=Oa@vcr{BK|HjOdZ zIFeU>N^@fatA7G1`;QzG;|WYL3}!!4ZDXHgmrEv_?3OE=$vFfd6t znp3`=>ir<;6uE@0`~$IpE3{j=ZABTAO^~=ZrlqHjl;Cv*i+FOlYXa>#9cGR>)gsA@ z2kq~B3%DU@s>x^zp*CM5jrmU8Hrc@xq^5@PbxDN9a%X8_Ey?U_+aU^$zddmiv^;Xr z$veZn9+#cTK#MN%`wKar5%bte?(Kp8qqSA;h~9|p%De?0k z@#Ao>QMN{&fSF>RNbfz#s71oefUB?D9xu{;qPN8m#P>PmxPFy%VP<$^<*Ow1EACI}l&Da7NhaI5@9faFp4aptHJ)#F-{oeJ>G zZQM$99IClo$=e3TjQ=g>pxaH&T+9VNpLlV&GXrfIxE5xEMRlT^ZW|rze@O;?VZMtV z!wn%>s63@p-VOpf<@q{)n}OuJG%-46`MXfMtw7ju6#xi87$0@Y^nx9f%27 ztYIYeBm7O(D6^3>2klaWm20geGf;S;8CM%-jFu|b+YM7->8zMZY4ATsPY>h7;VLWA zWRi=&!Jn%z*F*{sra<^HqD;c(wkPN-lx=hf>IJc%iv4X^pwm={v}9Cy2rINT+2-^FscU)!fKjt)|j z1H8#MZRW9`u!>~TwIRz6Uegr{!R1mf;_7IOlkVnBLpiF)tz^AJf!THq_Xxj@p3`6! z=1uG#cBaZg;%565#KVaThx?@>9=aSRp)8h|^4;Rz+XO*OcTzEG@vRqFaJZY1#{Esy zCfQ3Dq&A;85qSewhnP0&vfB%yDt54NubKyL0*7BNgqGVr20U)ktGu~N3s$!5aeZ4- zxz%W^dE6E0h>c5bhC1^29Odt}+d*77TxA<<`s*;uqyCmNY5AUYA~C3CCYtRe+>6B> z$>S+$u2|z9OAgmF|4WoMf4PTay1Bf~n+>8GwpwVxpy}?FzfidK zS>AwFQ;%E1k>~;P@EGoCLE3c9=l1S^*t!b}P{$sXqXmc!g%Sr2_pf~e?U)2KJE9KY zui|~=iYN?&dHVm=Trc4+aMkTPx$lm}8hP9%+0CL~5t{rK*SfRIIWoNB(EDLT1_8h2 zk0UfZgcqUZwp&cEytq4|)X?>u5!KQMaku1vT*<9QlL?x~%|KOvxD9vk@wkMaRLLgd zz~K@R9iYu+S8#XT6hzs&-NLQrdZ{ID>Ey{22EH1Thc)uJO|qRHf3V!*w*(=pMZ6`h zFlsKDM9<)7fo_X@EfZXDQ|dunzGc;pH=;Rts_Ya`_Z`UEEM7H|^ppn6F*D{Q_t=L! z`bb16P$%{s?g2%Q?pmP9(f38}ZSp?R83@y~K4hksF2{|1r*Vz#{0&(7=giDeLa$R8jqi1o2e-ONse71Fo?TT(GKMi2SyRO;@g9Pl0+r$j=cD0K?CL z+i^~o>T@S!8bSNLSW2!~?0o>Sd8UYYhkG#4h~%?@=0>I?ZjPW$^P@Eqrde;Im;QsB zx6r&WU{p(LmASDt9&*KT5j@Gx~Yuc zB2B#yQRz|Pfo|NI4ANG)6NX|o@HAWlu*kk!FxzI1Sa-O&tpbfWA82g! zK%|OV$>+#$V?xkbD!7Z5{_sBWiR@;$=zMwsBqZ}bkK9fOC8Xzt(mz$MCxVPFx z8P`SlXPzsO#$4rdaLSDSbdR(LdW&%Bmc|{`B6W?+6Ays$G=Fi|X1wNd=VBh^rd^3^ z0ap0RiL5{@y1pOn=3C?9KpUEV z9HQt`sn&jR$m7`xFmht!j6C#W^G?mMX$KZLbOyd*qlN;x{^e}uX5Ofls^Kl#H7#%AmTDxD_KR*{>i+!MU@+1A^M!hl7Au% zyUJPMl1Ez!sCSS>{BbQ;7rBfObdyZsR;AMt)!{Dek9m~)hzp{pUb+#nK~luD!+k8! zfVQ^+jf~z1;);Reo^(0@5xR%17XWn^4~ol{+A&7|R{j9L?iaFt;yE@bYckC4al_+8TG( zSi}|%G;jFGJk8htaDrHNxT}@JCSJ;oPzvjW!ld_OUio%}#M{NagdQ=HNFGJmgAlC2 zFT-q-)0|;O+Wp&Ww6Bea*g2V&Sv!wHeb1?O-CV^QcacYV6k$XnDPAbYr!KeAf1 z@=lCxW#1Zps)9+H%f%J@yc#o$he>|?7PBR?#IVCXmgVszKM%C8Jiv}jw8uh*bpkns zpGKn>nL?gJNu6^)*68E5$#K>Lg=Rl}<(1%<`aTJ;^m3lGi&#*b3~pci24`apyvjUq z$>g$=cM`7Dnk{fsIvb37aWE^Z&JfmhiDF1h^*D=`O-ayox#^HqmiTV^?fkis?GI~mP; zWNJsb!lQo^G(9ysN4clElSw4sEt}L8uO52tr=xCn8Pkq%Cq$^*&RO4FSUQ?h(|ELhF%O4^PQgO01NZ zbKZA#jQZOEO&OUCn%SahH%)m0XGkhn-H0{#F&0nGFT0|8xmz*j`5#=Ik2;Q}t!!u%I`{AgR~5nF46rG-j^Rd6^_`}<+>xCT z+c>r0XIxtl;76>xWgKleCdaPp3%Qu6kS~@aeck;R2Y5VIP;aqRPyo)WdmUEN=9)#OOg-oo$S9wKTq)PJ{#AxTm zg2!!j6Mt}b?ovH&Id{Jf%<2oc)#*1ybGf52qo>Y$5ZM?wd~qpiHU_J#a<1jL{CD6} zP@|$D^@Y5T#K3+NpOMN${gcu$JCy%tTRGI>@&)3UpgG(>;5I6DfS5Z8RIX+G@jhV@ zBtTV|T1Wz{!B_bnzR{UXZW@)ka{TQw_)F=a-=tRRaj^i}oi7NgAxf9R#rV9kskA zuJ~Fu2{IajU-y<+qp#5%UN-d^v2hU5nwKJ1p;~jf+%zn3CUWoirOeT!rxv#5-z74~ z-cPXY!GN`h6~-ZE9quuxIng)58eX!E7Y9ar7-EIa3;}VtG(?ak zsdjrCQ5hsGZn|U`I){`kSmUp97rbmLIJLrt#0)kt;8gzj<`!!ggi3H+?u#qA5(GVm zYOCC_m`4rMZb7z(2)0ErO#zGc1$MXECiuCygKQ`7gEc!iA9=<7Iy7#9-f5H!FhdjW zZnzG&DgUk}C0Ch`>sUF|C$;WjF^cobsx#OPU@I>Pw%RwQwIZyPHABbEuMY=%dxtEpaN=J4nbqA}LOm9c`S zd>P|-^=X-=9p%o&jP_2zO4nJBM^++M5|ueloL%F?60Zv+r`D`~fg z>?liq8_nT9gxaVW19XbJlc(?aw6F}a|0D`mMixD<7%NAA$#yC5_ zO7*xE+zS|RUgYb*w%69U^CfQu8q#s@H`qpT;>4?SC2NyD-Tp&|a{Tr>0LDq)*nJ*Rx@Wy+o+B)ST%&<2OThUbmJMjYBbA%e zP37saqj0lEG|Y8cLIdVdn}siyGf-1|^bW?1SDyOaFQ_*0!+yz%kUNjIi*6U9Hr642 zVPzl-V>>_x?QXmKH-2bC15YHsy$EaUW8ylceRPFbehJU;ZxLRPAwj*<@B@`S3$ctq zV;{V1HP7ofTLjo_;bze==V>RowS_41%0Azff}94kHJ6Kez4ZY^i}=SYl0p}q`jUp( zA0UF*SjTt|Vm$ePx4#=~@80-fkfmT6w6Sk=xME7U+G^r$Rk|3&uY4Em*ZcpNNY8N+ zbrt;d>u#b&x=7q7uRvSlR+d5R0>D}PD$P+H?y`xPYHz1*z%qz)B_;NnP1M4|5SwKT zR#Tk>;&2P-Z8ffhvM=Ux;6@Q^_J}p~#ja9nbDo4O$h1j<7g%%f7GWVB?3#L#KgF^G zm18D$zEd2UQSnF;4s>>@=5mod?zYX`z_P?7ZH>EP5oSZ1;h4jPk}B_WS7^<$<2^H+ zE;vnflJ6mB79{{P%#a+P1_?1oS$Fp(*4T?0h098%lufhL0PJ6n%W7orHlSy)fDy@ zN*3K|qBjH^gv7&Whhg^4@;$(6NTjB}ocozGZSLB*g3Q5-CDT!l_zr34fBF+{t74El zA(JMJUuFDpgRqQYWDO&G$RGHZrVBYFJVbF|hRDvvVDhTw%zn!bc%_ztp9Y%?W*{p2{2P`p6n z7Mkrlh1g)!#F6|rK9?nua5vnyux|Bf7jT(+vV@n@?Csb1q9d`yC6eF%E!x7VMmrRsCo-Sr$>|Ohh;_)ul^Y(FPJrk_t3MY5aQyQcX zMQmxWTmL0t0gp$8SsG(VAhkyTQ$wl@!tpTI7Esx~M%0F#PkDfYrxz~FUuF{9y zd?3{8uHwdMQa16`x*G|{Yh|w`8Ex!kbtU7ADG<4-GOntrc!@W_w%s*!HQDb^GEw>> zOQsw(o_$3;DVl zr+_7XAr2TkiJa2eaqGDcmO1E%!>)sq7DFzR{F#eB02TkZ=VOp3@<#6S{O>c(Kh)DXUYd#+R39yl`1SXPQMg#Wp zc^`U6GUZJ}g@h>2mVKts#{N#!M#U~5hf7q5s#%(U;wy2}$=<6Cr=86nM>7bO&u5t^ zo=W)Prgn9Lf$8Eg-?3Ado)RCtf!MN|doQ(hCw*TTv#s6c!3O^3d6EUB>x=XH0d(X) z+9HTF$*XfC_7h+u{HwJ-pL!3RAFL<)UerJtOzyf5ll=CbXk*{#a8mHFr!xgEP}f5x(iAZChJ1%YGF<9eYnXX&xs6LuW z==|A4>7CWN&yJSaOG5fxfN|GT8dPJYG`RjWUagXQEKqxNDe4Ktt-Jw0RWg5MM_tEp zig7Bw5z60Ipk@t9(z7gir_zY(3ID}^1Z?3Weu%RAcE^v4zc!Y{R9!&AOiR-fp2Nj# zRE#qjGEI`JnatGD;t;q#wz;K_Xf~noiwRL>PfK<3v!iJ?lavA&`0PT><<=n`<-VT5 ztyQAtPgZ0iwl%T&yR6~9K{hNpQ%_USgmLFBk-R;Oldg3n>H4mFuuwE{d7C-Fw+niH zAxI9{m~-A7iI&y_U4BLzeAHIOHUrl}rpY>Pz^b?uvZ*}VhUzyzgk}^ve98TAx{}); z-qEp>95+axRht1ruj^nG^LP8;jOIqHchMtoCt~g^_bU9#V5mzUl>4(HQ{Z3EeD|0sz0ksy{ZGqF!27dr*t74o>AamqS zZtzT&u#nD5c+t|%HdKGmJ~Xq?c)?8hs(Y|QE!uu&fyQ3XB7~*(_yFIN_SYTDaLmR= zUZFX7sbpNikO^812XWmg=JtpBYDWqU`@?l z=5eud8obDto@%b$d&ydixybEtZTK+vki4_gZn2hEa9VS|Wa&wGM=6V!>&x4Eg-*tQ z0BnG354Dg0<=@(&Ru|XM*FtG;hc@=BF>f8jKC2*8WIlI^d$PC`GWI>hpEFM_nqg?X zV@9Q;3B8Cp-yVqr`*{Q~`rE6tD?(LyNJ1DHe8G@8nw&%yYMjiz_q8!Twr{4~Po(N; z3Knud*JqBeN9tl6k4uFjX`zuW{x0+f03B}P`CRI6tN8}AAvRxWqexQ{GBsWH>wc`k z|Mm>bR>c93`Efhh^kFSetobEBgif@9=G*8(zF>d>T#Q&`Xpfdcb00a z+)}3Im^rqkbF0-!+d-W_6!Uz1$bLG)&s`(=14GrTVBXB3y#1Q)D>o@;jvdI`n31UX`+{8Sn{YNJxUy>uA>F@QYnD3_l*4bCeMaRY=~b<@1eJj_7f zUZa)qeO_|iJZi31sovaNjt@Rfny996w00q`t6nCn&>{E_04`tf4*z$M1#XSN-%6&t zX}~nKw!MOM?I^brEmtnLR!P$} zXVX9WX%O4$(bF@z8PKPA_13*OlwJ**AiFD`+E|6DK|%Yoh!VHK+wMrq*Fv zracd^fgMHKBDVr!G5}U{vj#NRQyMJdANkr(x+a3H>@Y)0`aRL=xPWC3`O<6>a!` zte-`z5f3a-nQkgGFR+UhvRjaFUSu_Q$~ZLp2y%+48cZWI;|g2Su{p)0s~~1j7R+gY zlSXL64DNn$UtMKlq}6a=S-KC^sxW~Yyffp*h{mbupv}kFwhyK$;1^1<;Q_$m*gp2i ztNY1xSmB|JD>*)NWoKgUd63d4?T;}MAYahD19~A$^eljx>lkyV(#&#n{q>{x=mh5cw`){#^ z-;bKSBW~ydnis3N;SJ(a5{VT|u%iLVHfSmz2k3bOQ5QigVtQ9OAq66X5|o~*6R6*U z+00!6CN|N$&kAlzU30{fjT zw+<8y@Qk^hYeb<9eOhF{{vg`$Z^3L;9I+fUEs_U>mDh5ExRfzo+cuS-L^F{fcbW?E z8?DZeF&-q)WYs!=C6rWXJ{K!qc`|q3G&Oyh+P(8SIr&PH*lCtpZe}{~=571Ytcz8b ztEUYnWKBDb^nwZv=aye>cm%BS9a|=42Q2#T9(cbsqC?F`_S<+HhQHp7*{V3AFGOz0 zSIm1twg9pL5i^)(OYqChST+*EQ>JP_k4?Obqq6OZNE#%Gkg5-)>i}X2sDktwr+tHFCOUQIt_`belP-2N&slDK3}6j;dQO81r0A*31t|^m zNTRm(PsGjjECq|^a6dR%(5M8uPKHQ-CbeA%EYyhU|HOX+FgO;O*Ks@OK9KJb(|yoL zfKk>KxM_GpkJ+j?<9Cn=F|USu>>@s0YfseN?MeJmjAti0JIvi8qgy%NIEc(^a~s4S zbRCTH63E8^tmJOJwi>EM6U`ZFa|fjAq7(DEr}Cp$3Y+BVs?<6|EQ>No-@*1SkO>9I zKnpHK=F@r`%lUN>eJS5fu`At1=x(=>8q|uXg(wg_I0ed zsfWeI5V5}Hw!}^KN3)X<-ZE7MHJUav4sJ5E?F+GoJUxq071B}e`eEE^wbosd`4ylU zX6V9FZMgd}4*}9idpsoB;7C!KLv@W0Z(FHNpqr1`@d%*sL1>5U0O?Eld}8@JSJQc! zcWyNHRH5p)?WeZL3%7^OD?;XXoeEPK2ufbni)5{ z${x>5Q1q03E7y;-ul#yPu5}Dqq8&2S?yLCa~e^(LaH0w0}Eoyo)+YzZ`NYKOqx#}iG}p|`q9>1{^?oo3O60E@^j)m(0E5t7Tjg8ycmrd`#s z=Z2Z5i=L){uhg^j5@37gd5A2^D9&%S3MS!`lLs1d`7btDKPG$B-pB{~+Y6=o!95J5 z!@1b$yc>Nhe$XlTat-L~Zq)mD!T_xfD~4>F61u{3b&+DrvA+FI4K!}^i&}$XR=AwPUkwGK@+v<4AYW&>X{O_Z|BXYKVhyh zo}OggVR%!$OK@hEnA zbd%ZKqvkN^R{ysaYng~dg);fk4vV*oU*9GMA`;*RWY=~%&B>6a1oLiWWjdk(o=ELU zy8nE5V?6`2UGd4lwV>I9`;PiJKv0an{n?{A{5YP)gkbWGu@_yn@C5;5idAa>hEb^R zEAPq&S&|sOTuy8KiqK4}w=bG@(pH*_xj`!Cs#;XgJ+_qI#qB5M}xu*KYM z3%^5z)7fa_5srsgU>wne&TSe+cusifx<(!Q<-UWoDs4oaTKEEj_&4;mrE`s=;o zFnFrsv(T0%%=`+?WI{N0mbqH=P&Wx}X<}69wFF`sMP-`HEoB}$m}1)nT;b#n`VF4+ zG)v7(({t|j=gN6r0MWcO;GVY0Br$I23q;>E-QV^X%TO8ds2#R$FUJ81rT}SBTn^2& zq2`|Gp^fqkZXh5Ev><8i+>7uA`cBMd#VaiVx;Z{yb{Y3-5a0?b5gpF5Cu+PKp3Q^+ zNIn>b`iR+*{5MK;2H8fXzONi1pex7A&v9$je7H89Ew*r!J5KwN(foTx&q+6#PkK8>?sC(~AKPN;HuHt({8q555ep0;8@p4qP2}d=$e>GK)2kj=8%dKTc?FZ(uZ^{PfCzMU*;h~$#Q|NCs)l(yQ=W`2X z(Rr*bX6^vH`TewMzD#$xiY6rScW7Y2Xw62)*qSc8DKW9-rm{MQ(iLx%-^6TJ90Qv? z$dp>i^0>{_e~m#?i5m(w$R ze+`wcNAc_?geT3_qJ{c^#Z9a-p#vzcZl^9iRSL2vA)6oM9#pi@*NY2G&o;WoQ%A1S zMJHa)TL`Z$qi>mgJe~n_ys$!st$Kp6VvcQEk4@>T zqnt@8APzEOv*Mb*8$h#1EjMoJQn5N+8*-&%xjj(?1&D?d!e!=a(Ii7%!wOR&iuK|2D%C3WiN1r^Gq z`wDyP+cDUEw0V|Hhqw$9I=?*f5=I9tTshUI;Hh?W&qVtBe!L-$7YzdYITJK_EGLA`CSM)fsym(Bj59IFipu~NlA}jYRU<`D-NR35Fhbw7>krM< z)JczVp30ALJ_n@%LzB|I-j$c!4J?$!oNsKgZU+H>bK9_jiFWbUAW%FGAn0YE_{j9`g91JfJLa>C8XWHnl=yGZdA ztE`ZGF2F=`^^^wH6%dmGu=+G^tvYFku}jlIlTL>vn(Ld!Jx5&uPgB6<{`C3Y8&}9^ThRUYb05-C-PQR5~?=M9KaskW> z_)aQQ*KHEYHYI2hKmwhr?e1C~~DQqXX5j1^}G<|-Sy20kb;&NzIkvM~{TqE$T zCzLHFvtG4Uca@zJFL#PTpq&t12ctO5QgS#UcLJt!CzP(b8uA4G-H1f}@OC2igIykw zt7ZiGMgD!e6?c2@^?wu<%4Fq}_L#NP{LScs!&Yu6daOXTj5+shC(hPRJ^-40W}ugS z<+3R&T!%NlWq7S>0Ca)PAbzg;#TDXmlISgMfNPck&w9crFj&iloa?35`IC$t9Znb*oo|G3zFl@5+DZZ%uHTOx?F@o)7b^iTFkGyv8y|?nmhRh4;zdR2d4%Ls`WTTqk1TLINdExh@S4<~Z{Q?&VRHyK zQ2BMhZT^HAf|o%nbVRhDP|Vgt+qsNCkLyV}A7Ccg*}C*p@W@~N50YoQ4{~djpo=tS zvhH8B($f^ovsPp@ezWeUG#rOX9H(u{7IT`yOezwV^qkw_KjfeAFUFwPZ znZ#t!VTMWCke>wH$Yg+d(G0O!4S^{yL*|g2YOcri0peC@g0(bzj&V;%G@uZ^G^@$o zLRG+sqf7=tAUYVqqufe0r9qYEgZ+h&??;ls-=a^~qM?>`GC1>X35=~8B3HLa@+w3&|=Lh1tc)bFFs@erS^$tDZ$5}%ZQ#U<1PJE7eWBEKiUv>fyq z-ssw@rWKFe37SXps<~H#E&>!pCqAo*UW^&E56^-^IkbiXKFw{XPVn(?rN2I{mOKlv zl)@6t!R}Io>+|(Hy3#ogHebL!`wzMA6Y;k+U3G$cd#K9=uSnG_f}N#){~_XT4;}Dt z;1|l|?$_)w=BQD>m!6jD7PpZ|C2Ikn%qhNt8X?w3`cU#~^2fptA`Wh&!!=18*i=G} z=jxb?6hJ|(h?UqBEYZQ0HMVhG-e7xNbBDC!fF_m0xQCnA&yFJ9;D*pjy zZ1s7GU#;$%S6v*wRXI{y-glfeMNjJ{W!tHu*rnXn9Sss_p}xl z)Qi}hoaVe3JR9ONb?jLF0aRROG6(`W%Jo&%=mE=ni0GsKZ`m9NxA)_A=j5PfqyFF8 z4%Ge|Ujee;pQUOPK~A3EzlV6+Bk!mohUQne{bDvv0f*wSep=Vnbg#IPmc+CGB1n|(nz-

;ONUwGEz zS&@iUt5$I;5}%n2bWXb#U@UoBN`rUbKB%1iZ!gww>6R6Xzi!0uxwUGlCkPlyLpR$F z)&9dwZdA+k)8wiXK~9B#_rZ4*e|vCWz}=Eo{@G;THeY2=_NyrKRcJr0i;r7#^eJB` zUaU8{j+#gDld3&hz8l%m>Q*75Hs2PjjcI@+o&uXu$Q)YD`s;ImC2k8MRbVy{2}tWr zcxEJK|Ni~#W~xtCd}T7wY0+;Zz*_Q(6mxk?2_7Oz$hYe`4*XU5FoUbdgWOc*!4!B) zlwguMi?n~X>ObZ7xj8f^q_$Q z0M*76t>N2q?j_$@KF4Al3%%|Sm~UC&jqGs?X{j49{|A~<3dka*iuGsy9Y@MSi--Mu z{*GrzFfQxW$*>|?CIiW!8Ta$-s{nf`t?}5(kplObkO zc+*+bEK{X|*HxNZUEux~Z)A^IXh#EP-Zs#*q9_>nYnbZvkUO?hh_TqzjN9-G3CfYn z4Ry`5Oa@+Vp1BxiGUzC`biWorRJ5J^JDB63NbV?iHGd0F(~H*_%Y6%6igbAE+fnD= zcR*?BJBPL4Yz^=_Wa{P4TQ8UQ|AqEbL5F)j|I%vgK+J0z;B{(ZsG;mEx$`{wO$!Nj zXc{8mCkA%O^pXUPY`oQyWC zCr&hmD9dsOY<8hrg3LcdHc*K!kYutlAt(O_(V9%Lvc4N=JyBicN+ZX+H9+w>uz-8?<+&IrJ1HD7KaqE4TRI!odm-+Y6h+yWAAZD=)lwU5%NVUc-{n@GPY zA9tF9HmWC1JSAO=MlOcUFl6pz%LPG7I*C|}U7Ha@5ben<-`5kkY_EFU_+8_AJUowE ztG%7+DGk&u*KA#WsxER57R2V&yhgxQviMxGwH~T$Q5F*&_dp8J6 z(H*BvTS6<2>~Q1e{8o*ag6s(2ZEOpvQWjX6s$Mb->NrB`Hj zRA?@?g4oXX3jHj%MDAAZC24Zi9XM60xJa_|Yj*D^H*b&b_xr2a$&h&OTfOnTnmnKF zBzYaW)=PSf>Tov$gmGeoR!fyU^1lSbEuff&4|@F=&H&;>0HD zS~TME%!N%eg=CUs<`X{`P*QtxjJv?53wfiW>v4Cl39U>IHGn5>W0e)!-)?9M1@!)p z_D@~+qM|g!km%Vi%=GGWfsC+78t}zZNJ+W>Al*$q5b(D}oW1d@*tJ2rE%3bvH`U7whMaZg>RE;A zYI1?bSI^jEZ1jUf@3APDW*}|2WE~N;sK5hz~?m8`I&UX!g5< z4rJR3B6-o5X%Xbv*!868vU`yo<(YtFs0_|Tyo1~5aIG;2Hr3GdFYKc?NKr&n8Ios1 ziUWu?CB?-dyPZAMU1i&HHn@X%57xJXyzm7sA(+E}=wSGQw{mObavHqc&rCv|W`B|? z!+_j8|DL_X-6~lMs+d89DmNI`W@NO@l(3(!zxx@9&HWRrkoV>zn3!82Pcx)Jy_g0; z1r73jtN0l?B1jxg3YU)!PQDXsNCQlgu0|sY9e|;mWMNXr%xwA_KvBuyOp-FBY(cat zDSloxQm;)f)!{Db$f+6A$%pD9SPc!5^jF~)|riiXm zo{ck2l|9mHao+5PHKGA3;zSfXdbEEEG~eWqNs>9uY=9IsfEbQl`%LW$5$#Hj4}+-< z+G`#+zSp=-`h~r)(W^fZ+7{dMH3wT=uKYVUPxrW0l39e#hShK6gD^QYA!Pykr&$X2 z?**hA>}NPP?|VPm7OHS~42ixO|Ddt7E1JW_v$Ci&oaj7_0i>eM+G5zLKK0qCrSGB- znzHd+8@Fn!;~9 zpW`YdzN8yLc4bJ2ayUWVi-O?vW4IoM(nq}BXf5~4k>r;6_t3-JBL~Fyh&MlL^p=%) zb+nC>@bABo+O%bEeSU&f60)5|5gG+K2k=R@k{Jyb3?_jAt0K=PgNfoM&B!9t_jc(04LWfDH3 z$wvA<$*we4V!jyiODc89zG1%Z&78KX4uq_?TD5o&rUsO`XK6Y7pL3QUe_=(lb8TKc3=hX z=HzRaaBC{)zx7}$&UIEUTmi*%fx@Liw%7Rgymgf9Chzh4cZn_#8y?>F*!fko?UJyF zhTg1ZT@_V8DvGcA6-!Jfk1-%;f#*hMrn?OH^WNU3c@ ziufKE6sb&uiEO!^mm2k`DUGSxF0#7D^{y}%mKcjX>eF7yI4V**^hGT_0^J_WX&`%) z%R0&EC--}iWY_w4)5F`N0Ew*E)*4kNIW^iQN%-}9A_Sb+bPcx+c_@Yb6gRprR9A5Y z;Akj`DQ1>UEWM=Of4xLJFVGu?D=gF=Gqp=xD+@SBn3gJsNIxqDJR@fKgoBINbi^0ft=f8~hBbOR4^v!7JtK z8T_B5Z|snz3=530)ZnP6HDZQj;mkv!6C+Df*#{C%rHM;n0Rv!qxk3v*gdhJ!E0)k? z4)wT@tX{FrpsZ8x2n!2gpyxEGqkAQKFcohzn#XG!>(ykf-0wu7Wbr+!D_xX{L^@6} z+}>VtEZVk6d7o;|j{#hh+J{hFp}3~DkPJLDGOPG zJZ~Y4rAB4EjA`^q6+eZ*zvBq^bs z4{ZXR#pYCKX@hF=i4&{Pqo*n)_m$5I_HEi}az9a@?EGr~p0~-_?OS{N{wmR%#2rSR z(rvyAlJEuidM8a<-RE^s+ds8lV!Yhfr1$CPK{lwyGy9W92C^0^Y3$YWD67f^gFm-E zlsaYd^=KrVq$@xVqI#K(Ejte>D|Mz~M9UEsOO~SD)yJezO=yrb(QEl2CI)D&3VqxQ zFr)k;&BK{)a_Mqfiy;?CecgaEzyI*tRO!O+uPtJ3>rft9VwALOO>wl1 zQ02FzIw=>xL~eXF)?X8xGdz2l1CCHO$~sTkDVR0yVu|CloNM)7A?i)ZEctpgQV-zO zplq6ajcGeKLdqIVY$2=Sx7dND>)|;>uxpv$))sKp?vkHe1l;>8uImMBmyHDb0diH>|z?v z$&j+ri5>ODsd$esFl`E#zo^TeIrJ#TJI1Eugf4(CaEatY+RMzttPm=7LFGJhmRlYa zSk4pqH)Ede_psFWBH8Zu?XUr7nI5oM<_F0R znx2hNiK$tDPbU42*_S2!b2!ROgWqgJO1C0OeLji>sUXMQG;q>kr#rr4dZ~l;=i5Op z#S4u?5Yr!1M+KdS)LOQlr!I1h?y$rK3rX|Hx%JF~Jr@EjDYsZV%B?1P06E3Mqg=^b zxj1YuuG@2v1WUcM*Y7VE)#Y+SL!Rf7V~zu>=<(y?^Gx-@-z^n-aF~OZXD9H9$}m?Y zAva_rhr?-+Cr&iwm<5d~)DY#@xzSyXn1!9jF`Od)``TlWvU(CrGJ2^q&3l+Oh0m*M zHB&R`v%6w2Mx))wK(h5VnJjGHJ#pgAgAh~Nt~uD6s_=h9f}L%ns>c5|Rl3-_N4(m8 zrk~+FwBIHBF5l2#DbLc)<~m`!rMRi}&KaJq(DY^??e|BST}gLt#Ca%Rs-IMxW=t4s zA=a`I%ZwC$FD|bUGrS};3BnGtsa(UHhd?i6>ilduZnwjam?mWlOVp|^RoA#Z<1v{* z;#j3=S>(Q8chc--J6;AD(@uR+TSE4g3-y2d3nX(ISS0X1xrf}mJ#x_Rud5M!`jsw5 zz0vd4DBGOMv5zN{`m|&(znHvhA#Unz2QAM|=p|T)x_~DlF|6h~?RHP9@E(Sh|BqS@e3_TxLPZ*3 z@I3HYWb397#zM+Ur2;M%JZ{o1M0>K8WonJvtWaHU(>N1)Y(iSqUirVj32nIV8qm?9 zp2DCuJN)1Na`Dj@9@T#TZnC<4H{fmSssx|jbe&O8G>evv)#In{)e0?;?2KK0zuYnI zudpOI?uSNQfPz5T-Ixc7P}X=k)7fs7u_!Lc#GFwIcSh1gNk9 z7O$qZcmdO%>_xjQ)jdP?xbs>{x7&rZCv($$rA-MBhPV72k>4Wh)LkqM<}3`lTsa*K z2@1>oZ@fu&llS>+%LK7fPhVry5v@);5*-7p&!=-~g+|Sj>x=^BD$8G`q9Y0YO&YH?hm{Nqz?ql^RW4tTM%bJj81?)zo-ZZjkmQba z%(?J#NLgwUj!v?5bx8&m5Xb+hR=RUP)#F-ul3d4l(xl1>1iefQ0@7=T+`C` ztK;ObqzOI!0bQdwpV^V6q#K!{1>uAx$E7dkAZ>aE+b~V)x%k$Bj~;)}u4M>}V^_%j zpAl0bg(X=C3+Vqorad`;c8=>Au6kVWgm}rlF^n{aoZOEwZ2JcG5+HozeIMkl8;^-$$+_m(I2a_m#_q zLOt@7R`~sIk=^72`vOG^;uoG?YPik!C}tWo3;g49^%l#SlD&~rs=jj<({rUaO%%Qf za^M*g&;{ls&?_;!FU!qDOsx(5P5MY#k)^u`)2cqVP?1L1%<+1Eug-9y*L<3bo~;Y; z9HhJ^Q^}^XgwQ!=(kX}75N!4o)#Jv;{fWiF+Y_h%z-avOFHeO`I=RJ~hpi!kin+lY z2Q_vb@QSVl%HBt?Z38mQg25BW_pFM9hY$hV;LzcI}UF|%7EI{nEgYa2?UB?S#6 zW&34A37!b#veEZ+iEf@b{t`^!HdEVH2C2rmn--)YixvH>Amk*Y9Vo9_T+ z|9gL&xM+bh&7Z|288@(v-wK#%V1NeF$*y5>ZpZ^G{T_AQ0f9s z-&jVUInk>=Q3$GL%3nM=KwPHBGX!qgLEN3MfXzd}CJddWdffW@sjp~dC#N`(2QdHH&$Va(K`hcbl_{Rw(5L=?>BS zZ9OIHqIZso3SSjZxl%_3qwYoYdW6-N+sOjA7ATi?XUGD#*>vkCPN>6_VyG zQ$4`qmDzN=xLRN$RB4{Ask{hOFkM!IVytw`1#-BESA%V6zC`WsIWaEu*qs;-z2$UB z(EbCZR{-XoTy2v@J+TP>+g}9?_yiJ|65pXoZ}$X#J5S)w|7^G&(fboeOh?RERTAma zhh@7%d)29nOxRG$*HC>0q;(T3Odt>DV917U^3%-Tq*riZ5>vh>LKWy~R=yQh4#Y7< z9Zx(LH%IesA*s2x#kp*;$8$$EO`9f?EXbxCeaydumbenx=zCxqle4T2X~tsh6{i)m zr7=LlU>aVc{Qu5?9;k$V}F+>jASAZkl7XTSx$Eff?UE0OF(Zq zLfLZ@rfvOfD5=(nJjs(af4fv!Ze^$w9$PJ$l1)W#*&-Pr6{#LX(tkQUh0emCF|Em2 zc7&=Zch>R;^^f7q&do>*$O32FhmbC~c^yOuqqt1-utmhaih?-}ig0oo6#4xJh|yfqU_KIAAAs=L}<;LHO|?ZGc+Y< zBw4*7pPk6;Dpg_%D0va4G1ZGaQd2B6p#!P_%V7&OX~clBdI(Psy0I}yjb|5S-p;Ay zFNE(06;Bh*%z@T+PD}<&Y1D-_rM=eg^J6!)GfAl8CGj$UhIPRQA5H_zK-u})E!R@%x#iXGDz!qZ*&Cb!vMXxU-W9#hRI5BN zU%@dua}F9^0m?5jaXqt}=wd_^6reFH*f+enxE<@OHc&CBl+S`%Rm%}7#TB6#L^L!E(%h@+e?fWJcZU96RIy?1J{_k*j zC;V*-WEQH^_mQ*f{kzs;@RV{GLbDVc1#J6mzTK$hDb4LO5>x!Bu0Rqmv(_P?cWjN< zoHH?pSws&|Ast0gB<#1m=XG;=Fiw7K((*`S*b}Q_35U$+t8r6Vb7^MdLm0H z69fkIfmERdIWzH20M+*_RAY()kA*d7u-5yNQy2|)HLVtqI6D%qbB&2k_{(lciq;+a zzH&K9Oq*90Jjw+n^fo3t@Uw5cL)`6tzrR`}1azO#X-Cu3_Sj}2ruf&ZYEJ3&-&^Vs z+Re~AERR5P*2N@kNqUh5phF(^{(UZN`c!!#G~|rRwk@{Oh742-lTb-$ghiW)nd*c; zqi5(E>pE2}nVDr?L+~PZ3#=AYC%nD*lb#zVs5LiEZ@XF&E1B3MWTO{cm-ys3P#RKhTK@nd+C5+-V6U}+aADzql{lSRhO zj0B*Xh2FBJL>#U2e9iiYTLnVP0x z6KId#7+u^8yieabek3mHVy=FC^p$-J>E`oaq zc}85N*rwPmM(ZwQz@epa#p+mO zE{dhRlXQoKyd+HeMye-%xsSas7bHi!BkHdqnu9q(>8ToMSZ#n^0Y^>T?YsMxGzFr) zn~sM1I&Zk;R$4FhE!n#j-UIci(OzW=z;Yrm{kYhqD_LI7gKe0z1zf0gLVNV4Q1?!= z^3AujWshrSR%+6SPOGk(yPY?l@sX3a(ycpT_HX(zi;>FOYKeFItm{!+TZ$exM4VQ) z)RZ2*u@j@vTzySw8}Ll$N%zH!EgJySQklMwOv96dN4e0P26-j^y$9*xt+FK}*tyyG zU?-y{Ux8=@R`^jpSv#p8sO^j%sZe{c3LJp;;2BODn8VOW5}1T>2e!YZlD8sZT#e14 zzuF#lvc~1VsD>89l00srqo#4>oyyKY^?WWl`>zvSzz}`xwaK754Hp{QYE)B-Dv@6G zBsF)0cj3@j2}v2H8PWVUR$i<3g6^VZYoWBNN=1ntO~pCS2(qJCcejW9{#~MV@mceX z8hq-lSmSSz$N#8S=mALAG0-w!`{DZ3@tuZzn2FHE^O=2=Pj(HepbOknLVwk3q6Q4I ze#A7iZLzD!<0j_l%c-`U+n>GFN3vFQ7?C505qLQbQmF)*IEWpQG4wM`Q;IHc7__gm zzUctzE*GG!aJ}9|RhD|=-zxw!Q*a--wu=5+zm!`eQvLQ-)%bVQECqXa2TWCPczZ`b zqmBJG`@TjReTy6#t4@RW1G6 zrl6Hegf33}N7bA-i7j&^CPxoWhN|oPd@nd?Sk9xq@27)4+=1Oo^yawm4NzrcXbQl7 zqy{VcSZT#YsJ6DnLRA`38KceWD@3=~JKpaT&t`-&!N-=tszzsTMjFbPmzWCUh~d7G zJ~ks_C0u!+Qrk=3wca6jK-L6>`qAw!@_JVgJjyL*9%<|he28Qzc=zyuz-m~qU$glF z!>+$8`pIx6(m3~BqBUCaw6I8iQv}VR(Ty9A_io_p{ z+L+L3y7o2{D}rjBMtQyWVsyy2OCeKKzJ8QjK|E)^o<*p(!uZ&%sLp?Y2ur=SKk%sn zkRxh9xYX3N-vsh@m$>5tS0Y=Ao+GY{-u>+;#^Ze#@W;apu6d9Su z+R$H}feqIM$&4w?A z&E_CA&?=wN`Xr=02I(gT+4?IAJXq@W%^2DkEWxd0LoMw;3gV#CqBld`fzM9*2`ep{C&txI0HSsE;~_e$qg{N zfU3EY$KUXRwEH+6txMj%0WeMFmT9*~s|yu-%P!M}Fv`Q#^s)=9{CnOehqrI;@%t+U zKm5=&My>09n%os*bdJ2L*60*KCo$30s4L->L5_6LH2J!5jx=p|6JJe*c@q-yYl_Sl$*2 zZfZPXxW3s?f!I7NtQRPB~WO@qvZuMvsszoRWoG@9Ub6RO2MWu-0+ zo=y|ANj%*!-58TQRF5l+0}#c-KMsq!Xi2tKGFylL*Z-lKl1o_4?1Wx=XxnH*!6P@( zy$-os{{1Y(r&I(Zf5;41uK(MgpF^?~`1jH*1#bb4D_5^HYT9_L(`l=eKT0dq4w6Nf zMRvZ{MHS#YHa_12e|FNCqCzXOrL?#$=);`oaQYGmR_(eZ^k@5;I_Wd!R8*V$+)`Z{ zI>YtV?EsVCoUA5D6Utv~uM&LhUf8{Y_GDLiL74fU9S2$YBH7)O-3vqX0UKm;z?|kn z^nNKiaxP%L$}Q5CYt^On-`dfxzoIm^%D?9@QM!0%uisxTnglN~YFMX7U81yd_;OWn z;{4Tseqm9pOLLi!pZ48uDN$TZ(24|1EjtPH;TCr?yJ`msC8&l*D4!PkvqKRgl&`_H zx^pa5reV`@QI z!XS5|i|B|eZA1C&#%BOiR<6FLrRohi`oG^f8{dxufB3vP<0Ui4*Gm zy#>z#`h-PZjrMv{3C>dx;Mv$w_Lhc*OaR4s)-k&(hraKDkH*8ct`?Cxh=dXN?8db^ zOLb|`q_)u(OABU5e7)JTs=9zkQ&|g~V*j19q6=j{t!*$_%Ne+)*lzu-tMoL58RLX+ru-)KwixCz(r;y4MT&9s@X z2ffOL!1Y;EEb^o(BEhLw#()Y;o)&(fk+KEXmfXXY+s)!iQ1yW3wbI#4^WpHZV`?mK2*v&`_4x}&?=im+6vz74Pw zdcH`ow&02pIxkb6uK6&3+nwWY$&P&mctbgC?||OCZ_O$e#M`)*cZa3QG*}Xv&(cl; z7h5=ud3pyu04f#Q5tSfd3$((t!L{qSs=N)ZDY=TrMIA9zJAL=|=VzLT4u7__cQ)Mj z9ANIs(T^vqbBS*`ax~y>_h?y#IIJ^jQj4Cpwh7MHAFDMw=_)`ku*faacazNoOT~F6 zK8==Uf|c5Hy31USAYZ71PobOI5jP=C(G}PB4qK{B!$r%n>h-2yYDIherd_~zixQDz z2A-89(OT0rF0L)PiV9(z#IT9l5Ds+TiCX(?oBQX|Z4ed1ow`~f<&C2U1MYU0z*?Wa zz-V35>}8vq1m$z}Q5kC`O+lV65n@JI%ICZF0!QsAT6CpPma%wy1e~BX;k*~l>QLb! zdVo9InylOhxW;#*rOGr|#%go*sM5L<)fRqe-1b^vNI;Qb^Z9ky+hoEBQtxF-nAKl! zZOL6M6m~_@cx@Cj(jz4=qss`}`{&DdK&OtyVGg&nsED`CLK$rsEcMVX+nWUA6dJYC ze3g~M+uUlcOY+UcCi`xK-ARpgx@OQ|C79yH;?2zdGAE(zyE9ao`Xrj1e3+${T=WB~ z@%_P4Wg0GX=tP}4d#%!oRs>_t-$tKXaZCVx*JEd+zZ#h8RTb)J<4M|uYD+Eyl(;ZN zBg|ciavkZSF|Tg}Ok(=JvRD)?z_yEwn$v8QBMlPs!&X|MCLG;fG1khLH`8h@pdd8tumSto+jRG#a!{ z7pKVX=X#Q?gi zJa;dyF}aNwKz-4%m%hk#QSj({PIc1X_WK z+SzS|8KDcG@2-XsoUG7~JV{xDK_5;$gWYG_$-7Mrw4-0k2>snO8VzYJ5#D-a8?;oJ zhRvgucwISo9es$!*9-E9$E{&ckaqw>;Cly*5!smB$42l7G}q*ny$jM@5Ii;0;g0$| z130H~xXSRh*_YeJHdPcO!TE|bo zHN&qm#6>n@K*qO5-Fd)@3VzF5>DiE2p__^-``Ll=>!7;m2XM{FjchRt;$hKul(`S^hKkzi5 zxK2Be?a7^(9)`A~SLiwzQF$dzd^V~bR(Csij#IeDaM$kAny9ux=j+GRgT1+?8dZ;c zJxxKmNq>8s@{R0%v#UNqRGHBt5;aZ(_(wAw}*sK?jzj8Ga*2rHjle zw0T>X&r~pIy4UIs9DVcaRnXS-;@5sUE&;`FF_G^ zNxwGse!?d6-R`kwUf6RD#ZxY1;qH;gyKOw=1z7c@&D^_aAKM`)s6gSig1(@y#udjn z={4a%61ZoESbtJunt9*B;_~$8)Q$`M;nA8I>r(kz^MY7+{NZdqbE1!-`)E!_9^tyi zVNg`L&f3EYK+e4R2M({WxRzLd3R`RjTu*X3p5$7-y9g!M?H&i{wnIHc1sFzxGiT*COb36Nv8=15*C6NRLX+^iw>A~UKQK?*0(tDhrvEF zXNf6KhTw`VAM%+KeY`_?h=%JTZGjvR&E5qlO;vCH0V^FSvHldc{Cd94v4~5;5qF)F z5+C6aaGQSpkvzX>7az*_m%`mTScbFd42gPvba= z_>TR)V227@F0nrvW9H$Q+oPlXpJAl<6}P(#a>Bl6Ol5*2VMfX5uPCy8?rcjzTyGEaQ*#n6tm zF)ftYC*AM1y^!tDptJ6wePoBAtP;&`i>*^Cj4X7_Q^JS#U_E&eZJayZy!&!$w6`2; z0jtA?1krw)9VhA8LRt;nR9kSl3^Sm<a?qFaIvDuFv8yyg7Mop|l6M3MU_dl)VG)(iBkcWo}qYM**k#ux9GXC z)a{M~{Jtx&+|P+2RZeg4xosunMo{Tu(D6J+Z}X4{UtK9K<9}l;I3W7b0ZWZM*AP~tAy z$8{)bu;?vgr3>FMI@OSfql>nVyOOrx1*xhv$W*JPf6*}{s`OpUbQ0K%e+u@?wVd`u z4GI11b^R_|<&7}+!~31W-Ri8?U$%$73);CQNaF@vg8^BIC%H>GU!NHm@R{ht2{vim z{8Y0qJ$`y9BYU}R9O6A-Ph3}?LKoR(DB9LBp1eJJrel5)X0!)425qibyITp}Z<&`8 zghBi}1sKAq5#;$=uw#DV;JR4r<}SNkynySn8{lz!itNZt%Om1jLT1;di*%@Phifn( z@e`M$h&w0bs;UgU-kk+*cOGPG#W^99-g{s8iQA?D-gpR{f}4LL{nNT7SQV&>zHC0= zPp3QO72!tD^-N)|-4*7YSYVlz62ujTpN2OmXM2{2mX)-sh@b#$Dzx3joTsi9fgH(t ziiiuI5DkR4@!LaPA*urIqkN+Q>D&uXa_91{S7w+Ey=Ayl`aU!+e7liM9y=ct(Wd#@nt<$E)^~t6TjaI?1@XDeo}`(S1D*<{N~}1Wk8~X1aLp3QGPt`K0-eh zgO?rZem{DA;7^a#49Va*1?cA_(cW3eX;4&2^59vVE^JD^Ml$iq zThek-NdCxov$txxf!l$$+<1p83H=CEhZzoHof`Pl@iT;M;BFM{orgIMiV8Z^^LFz) zd;>ooN?y|lLV{yN1gXA9<+tOa)Mzt_0k ze~^lO*u3O@VNyEf&6ARWMVkqWm6nv~g{2rPU0fJa#34%P3D%RR&@T84CUhitjI#I2!lJ8Qv%gDrlZzkRKZANa-t6W0YV zE3cE9J(V1|blu?wxBCzB?J3Ya0k?=4U>bfJ&*p75Rw<}ql_|Kvfz5@mr9H@(nn$hF zaL~LXp#(0&@`7RUc&V7Jo};4O^Q@>-jbdi;qe6O`uM%L}o%9I=Q1F1Ts(c_gF{dGx${+uOSNoW@cC{b7CcK;!!G~Xh-+%^JIvJ!O85cb~DQGw`RAz{(SE$>Q@xJLo4%I4z2Nt`XJO zd}j1}1b84tiAT8kK{~e^oS81Fjjf6T(=s5844IB1?&=A$wsN%;kOcw1o_NXYZg(Ky zgZslprC>J{rs#Cm6V%V?mXy`t)nvv>7po^q8vNElFA(IW(9YrdZYT6*1$EL2b85H?U`uESGI(rYFCCNuE!zc!vUn2+}?4N44rFGanI z`y`<+t6A5ReVqe;8if9p37k!`QC5)5&zuHDI{hb#?Co&$(3=>-vHjDEx{FPv>tC}L> z=2=S&1twGeD72leijUIx1_jf1G@j*->?`OuF^LQOzdO9;Km6%Qw>vOA*a}l5rX5fH zjBZJ82@bb3#{mL({KRNaJ_ULO-l^7~gj`POP7rS!7=(unso{MkC3Ghk1%@5;8w2Mu zJywHw%bTHmooFvT6zy+iR*3HKrXHLISu5URvO#brrCI9QVbL6Ln|Vr<YN%t(m3lmyPu>C;^$I+m-h}?l(oR`4 zFpPph12@haoX~HNrK0`x*V}kaiga>BcloKL6Z$g;y!kLJ>KnJupabo_cXc4j2!0$h-0j-Z8NdI_l z36?2nV3a91(z0e-6aw`M=;xGutjB_3AdJGpgMlsF`d#ARV0o)LM+F}X@Ag%k7VT-I zj=1Puk+7-^O7p6K>*w|3J8=68V1}MOl_KEh`f5KluKCF}l<=vz{qMTngO2kUXnOM8 z$LXKXEhwl$;kF`|?VJ141dML02kI4g$I^abBB@WoVAL>__%bZ%#{mVeRlFspdI(?K z{2S@!RY1I=yS?dOoEA-iCk1J0p20j2(nrtIepCfqjZA)r(TM5407cwo{E`MS3()@9 z)sJ3A`ru6AN@C$n_DP`K=if;GbZ$unn%TV|dF zajfCDX98oo^R}u)w6p$a0_N*;G&!cmb=}7PLk9XH2NH#++@6YOOn?L$=&VL=B)?o z6?lhPe-yIeh2Hn=45W8qKF5D z_y0@0tCqv|gTyJSh+A&Gs{EVqCbn{JK1GP@cswb(q`@RR=K|WyLOW#V7>DeFb)>It zbGrkj@%>gft69PDU~WM^mMNfFCJN+^6K#xQWCHaHyd$kY3fVyF*<$APlbxp z{&qXF;lYL?m;=62~Ss~-a}A#v!tdT9ld2;O&-ENgpmr=E1<70 zx}NMa+@dMKoEhAUx8f&QDr1U`bHs0Prt;df6J~o*IVMJ_dbjtcvbY&Fbf*9qFd?eLs%zbz3ZMixB?AA_b` zUXwcC%kYwJ_4=p+ZfFWF7U4b3bksEs=FuNn^z_%ZrDk|M19zE>+)bwwzCQ09w>wZI z>4QM4j^~jnz;zrO%NgX&{oFZ8Wt!?hy@ILqeR2w^bK#acVG*tcw-^$pfW8NR31v@( zaKEiq%OcFA2p@%}3wi6*oLvi?lxowXh&;zt0oRN*qTWuE*JYrPJDfUSd6bp}+Wa3A z%!f9ExJq3aAt%0m`vGpAc42rXw*adYuoTDFIHY6>0)cu3Y4qQS-A3qLI3b`ZSBuzd z`1Jv->04&}S-k5$%WYKj(V;>7IP~H*>O7W52l*9J1zb~pK7ODG4{B!2EIiBY*NN&I z$vEwjIJR?17Iu>G2yvbRSAf>^oy+h{4koJroxH89U=!gx^hf&24$%PAE0{(9jkXsP zy4S}3t`^)W9D{=K#1HHsBTUzRPV?baGhyNL29J6nhcyR63QDBEqtb3b;ga z1UQg3V7jD%H=W}1+6VnRK+jr??SY-7pGj)vDng$pft|vW_Om>agDFGdmT`9L^PR1d zUJO9Jf_V(-f47tRw~{^HUSPQPTyRSfbM~niFWz}oqMc2O#E-?b+(tbK9wBt;A0_6G z8x?RZ*f>Lg3;F3b4{zm;uqqIkt{uDR;_+;v7~Kt|0?StlR~vJT?@Hi8;po*YPvjtS zuuMS>W2K87HwhZ~hym&q%(MO^qCLrhGr^k>lX}GEfxjL*L9=Hye{Rxj@$UO5w^31x z_`#^-Q;}(Aej`hEADH8YDuAH^t`+}XDZ+>R48oJ#4D#-9A1y_BQu8++q8Z(zOGrO< zNtxR{XcJiSYv5TNg)TD7(B^G@aW>mmcPZKMAfR5s6o#bF%Sk<4&azAgIL+|uaHEDl z-g>_h?!8~}p9_v!&JaEtO&@R@HL;Q9^$>ixy5&EpfNRMY?+WlCjl{_);;vgxI#n^= z|B+P*9?vYg(LJy$k??C>Qr+%BJKUZMtl#+*{o}YLSfwDJG2HrwrVzR`DuH?hvlz}u z-9hSMic;?_Fx0j}sfhed+b-UJxrG9wnVsUt<6qoHEw5lm@XM<=Syfg6mxhBA1bC6g z;*}`oF6?Bs6V@F)M&jt7ME9f;3SkU>S-i@pTwVu;$EMy)-vuqm#hbS^EXO>X*?zXD z@s1eUuVOwA)SfiIg=J^!SCV{^k>J7% zb+{BQk&wgo$rNs@HZ_`V&9)>b^r~{X_?AT^zrVP`dO)ZMC_S|(boF=b-@14#&fvD- z9@1uWd@E8BnhL81rSaq@=OC4W#%e~Dg6D>G5H!>g#4_Nq(;3#2iTTNJJ(;PbwK3R( z`R#fEV^t;Ig&$Kc#K))N$7BPyQHem-s)p{cLoS%(28(itZ&<|AO@Je5Ox4c_wQso+ ztZkKz@p#(a#PT%KAnrT9|GC>8NW*XN6^NRz2K7NI${oD3O#5?h;{ANWtgZ?6ZRETSURE$0hVkq4!d_H&x zl^g#mzFiT^KQ0g@{xNY5j<^eg^PPJ5i?OfnZ6Vnmn&(!K4jfH0t<2TP`sG$@!BrO8rb|U>(;z;$S;K^vV_2jLF-vDhFPq_zK9!H3K zt|wh~k=q?;!F%bQfuUE}X*;3>7nWiwsnE>DlLU=#L=guRua>balWrw-GpKjb$X4~s za7wH5au9D>H7{Ed|FU>DKF#{F3M>99eq8qQ=ht~a#HCy}%MKB7#WyRmnZrM3fNr=B zhBr0f&;7KT`#nI1<0EG1p__8;8tKy!W>0c=d5JPj3+%q$db8)_N9`n;&2jVxk; zldfm^3Q4cPS7BrS_E6gpCehSvvmil+9}nWUOCckb?H(qD)Q}tt%70g}tttoX<9;Tg zT@lT3{Ml}R0n>5B9f((g;iF_lzXX=YkD(o>!Tue#lXCLCC++1GQ9{g(TDIkhO> z)-s;Fec}qzVdkhMuHO={5W_H;B>nBYEZl_WGblO^QG|%&O{_LfjcfqV)zbGuOJh| z+d7u4p@ig0O_jj2f5vWEy;n|+FN;!0+lwP za9hMEQ?Oa76oe)Xx+BZ(7x6rh4~`Mj02xLn4yHeh;Xf_iM@AN5dv3E78pnPiesCK5 z8n2PO_?-}+N++fV?g0^(@{O@DXuVAZTsz#lm^2~`B+OflLhdxUt~|@16M7eWR*8|z z&B|(M-0XG-8u*|Dnze|d!M?m=6mFTy;Wu;7p9GC&q|pW*U|Yhl_tpMVQdeh#C5T$4 zv(fh%F3=0uBqF~}hBJ#g$)NCTkT5)@hVi*+f9OxWyPYtM{q_SNrb|M|0UlqCBCZO! z_Sn8akXQ8{if6gw`)Pk^KhJyW5p9&pm=a5ZIE%E$wdpapJ5Xm66knKr7DsDy%Fy(- zhA}t!>D65Y4Q0duvkVrotS1xo3bLwMo>h=r4QJg31Di&fU7y8N3C{csf8w+PAz^%) z0(65GzWb}`$NrOPYE|qEu&P{7=e}7DhQ#LV|Hx=n6!5vQ^5lbY#9a#>EeVO|z~E8O zTDKvP=SY*>#MCd{?m@^g(4t*d+P@^~aAB!z#==rQ6>iOd>&c02tv`w(Z^1(`38o?1 zV^F&t02Y)-38=n#v4jQXT$Xneg#{gD1gBx}#|KUzf9@gk0{S!Hvxd@x;ZY(u#|^cH zt)St}38L~^7o?+*o6$*oL-rNn?4L4L)${<4q>}Fc$r9?PvGRrw*phg){Q%fNC%;zu ze7V)=C=lz(+wDYY!>FbcnBT7M!tfoUUV$$Qq>$G!dGsTO3&6UlYX!XRT0C!U@%vr; zb}4jDlQ2f_gO$JWuUmfdVpF>=hnbmlE^J&?Rsq*OJ2ne)ti;i4P{^G*(&Jg>L)Ccv z5tmWw#=zCb6Rw)R)#d*C&sJD2^Z3g++E`eMx~iNp-flTj(D+3lBY-=u>BaITqFw=7 zPiD#=zr|3l6iG^x^`z-|Sb{?n%g!j6=_*6aTdM<>L=pFXyv)q5c%WlITPqD#ngxXc z3d6tNU-nFts#70wwfjZ_E2iJg(Z1{&ym_0; zxEOG&N^mh{40J{&F`nCq-3{iq4NT{wA2H6aL5)eTh+Tjz84fMLE`lka4Xruj0naThUecOQ6MiSU^N^9t6oypj<03VfM$ESV+|rhAV(scSfp!2KJS)Rw=5|x*~whb!=+5M@Qm!dfppc$%boAC0$2z4BJwJv1(m3CO7j`N zxlYuOMIybSm=#-Q5>c3NHG(ESu7$7X2gFZ z!K;4~V3?vM=eRo~yw^114t+v%YT882EWE1hYI`CD0m>zS!4)Wup#6bL9C8bIvZrQ~ zuKI+GB{mbjhGmn7@yHZp<8WJBY5i#f_p6h)B;d&#?+BJJQRx*h>PcK>xWZ^)RXS4^ zmkE1ixb-vvhABeuv5e88$9%)EA9w)K*5HN0Dm7Vuceg>2!54c6i*c{zx%iYzV+Gil z%qc{FsHtFjWEnWRc?{vQJvM&iP*44F4Y=ZFp3U1#l)~Lu$XbnSfv}1t5lP=Qc23?1 z*DLV(&N0?+23D<3F)@IJ8ShGP>!a#5P7)m?j1~jmm|M00ZfH?@bS7Mot8lkLk-~Rx z3URMZIHA)&HgFLx6L00#Fg>)4JiniG;Y3GzsXhrV(eS7g_^Pl>0c*HjsbmU>bOzFQ z-T_SC60cX_yV4kMR{^sGNQisd%2=a(U6pi{#!Lz0#ejLmsg&#Lm{yfD!5r7RpBW*UHSSq`N{tl0sj60p94Y_#2U(Kqhw2gm&BAO&9 zr9s?&XhAx$&u!@y824{IZRcrbEf-QaQHp0jCc-jBNO~1X88TY(%q{D_g>8-tYEJz% zT&n7}ezyOC)3;)`fRV|?Q`*J~n4VmWsy#N8act#oI)-%lO(yCYg4hJ}IM>*>-{&j9 zr;{rfv&imRt&ZLj>9`mk2V(lx3B*pfrB@Jq02ic9uMl$N{X7|-y;X!|3KLTPDPzoN z`F^9hW$mwI+s6e;2JgGsoXFzacllnzE&&zig=k`){Jjj{ zX3FSRFe78ks5y^dSn?LIOiWn-1Kbbq{^n|XB8(Th6UN61!`NT}gT{K0-9@l}@Hd^1-R+YbVvpEq* z-gUP9YMya$N^!`oLF>xp=r6R}2BEn7IFb=w33Gtjo8XUM$YHjx1Rt3qQ~}9te#Tb@ zKj6<>V|z@ZgxDD%tj%Z3Dm#WaV7BxMd_Kcj+xXeQusNiYZ_}@?3m%+YJjtyA5jGP?+#1TFVj;Qvbb=KV&l24s zQ~QBmKAuOWpa8#qR1oI(HFYglFz+9#a!9R!x&TYr;_b;ti9=>bufXS9V7LU_S6(Qj zw#?I_JzIn6$g;u?=ent}LoVLkev9_Vsit1VX^yxqHYPGz$)swA2$AlYtLG~h!{=6j z*g8k;skOv&gVh30oB#Cw5bZZRcC~M9^JGci(l-B4Ha^1~@W*|R+Zl_fBBuQU5Y|?* zeQhOi$n5DA95U8!Y-`6b6XNd@=hZs@Bds_p1hHAh&{6UyvS~vPf@uKl(>S}P@xLy% zCNlZ*0=AQke%gjqg)P-fPZfcgT^^q0R`I9^tsrH3^r{!t6OThx$$s~9*qT*@UOegv zWs~uFp}-`Db4M}{MAR`7M70$Y*_Lg|+2;223Vg;i`V^p{HP^Jj9t*dK@@WGni!e=L z#W7L_j}EeBi6?_+PBpEI=hVIIVq+qe7qeMiYFp^x$;`*K9c!z=pYqWksyRwe`5q=| z8VnXAX;8NuKErQ#fWy*qd6 zo6le?~FO`t%Kr;QXHN~Kxg6bsxtzG`J!+$kk&tIApba;+^9&1q>2 z4s{n{fbuK#NCM|>c+%I%Q+n#y=_Hd5a<%@)15?4zOy;R{k&9&tstNJ704w9x!LG{j zJ!~pwsnF>S!|imoV!#v0qh?R9z-LUK?+goH3DE`UktgV;HnLBIZ3-F=OBp~KEKTch z3V7eIqIL9=uU%_QMDy|99@PFs3b=v$lMNtAH>(iM>FQWZE(P*D>3Czz#!8OHZva2i zck{FM&GS{D&D(}T^M`k_zRz8l3%jank2-lv!N7GOsP$v}+N{0AQM0F4;4_xCNCxZ4 z-myX&DyO8&9YSnV(9qtsMP+N-;*NtWkhHG;satJ{biSqbr?$Px&oDixAV~v!XsChu z&8j7bo+BC6uA|+C-wTsBcOS5CTfky^zWGaqUV^K!O#77fpBE^Z0t$LSv4Y-gUmJ9Y zIBJ!)^a^}F;~orr6__NZAg9Qi8uNG?A+{;#a4Xk{#s?0M?a@mz47c-!uzhbNao959urcZt_?{eRunopr;+_XJqoq`I{P9vD#wjRS zC1VgNps_9S6m3_lhBo55)Rd^;ChOsXtR@P1`||Y6pmOjReKEC+a9+j|Vx^8#Z)I)p z+f%?dm!8F8lOAp>3Hn!McrUxI7(L*#cOBRKq+Y`~Yl}WoY_8ePCTlCgw?J0CfxpZl^DCXC9(`a3)ZI9MkXIefAP4zh(*;Bq$l7+9lN88d@wu5hUO69O6GY98N z)tEoHbM#EI8dT}x$aa661&?czNJG?vH31mcY`c@So>1*kM!f>xGsgOe@MQ1|F>RG| zPk%B-jCBfnu97p9WbUIhZt~`GhE?Sk-DpY_aftdLpQ+R`R*lh0vz+02X7MCFxk z8vyz14r;F&dM;_CvUEuURC+2GZ{^l-Y~?<5Bgv?#ms_{-e^Wby4_{^93ZD;40XGsh zZ+-eqzYYJz-=QSv#3wyZrMW|t9<<=3_PA% zjki2=cnT~NGpg^ksP*zSoTjAA;IJS|-;^dCYRksc`~We7Cv{Uhuk}B%S5x09(M9Zd z5N=nmu>P!pWb)X-qiYSUDf7<_G+ZSGST|QpW2eZump>L`oq~~da`d_hRCc1bZrY{V zY=N$Tctq;Z|Jg4h5MSiB8ITXCH_Q^x+f5p)LcHkO*a+sdS>-6?))sMWVw*GC4?uufE(o`JkW}H@+Op6g+ue;3o7~ttMdi(9MW)2EbyD%Q`cD zao|Jb!2@~a4F%*+wcu&vdU9X5fjiX13N|*#xsz+y3UeuhF;~ujnsXk5adDF_1kYfa zSx>FgEpdRi!Cl*Hd6?vcy`4`zc0sEx|$s5`ej2dA&$=$si zd?Myvj*I)M@IozeLbJw`RBHmV7j$CMr zdQSb<0`mlk0!YeDQ73R+W2l@FHRHFlnXH?00(d&nOnM@4iu(fYh=sqpZ3|=<_0H5x zazbc;rU8twMffkJJo(DEkt`hfV<q7Mx!6v{ z!YClN7c8F4I{S~^P98nnE8HXDDQgK@-nF8?O7E>26a_Eu)r?&&GKWiZAO7iHzcw5i9 zp8TXSmmIwgh*?keTp{NcJ|f0Cg)K(CA!k%WLtQ8k59eMcB;skS&{CLAv2H4Y5FylT+cW|;8 z^Az?-lr*d%VYV)ICa5_@Ax-&?lMQi#px5{W+okvg^TXG)qZi+vJY@Q*+yS zWh@j#O@sKretZ(D6nLJqSOF(ehgZWh%~!(%le6)sCYq=eB&nl8Em#ZV*%;=c`wx?c z554#?9>4YZjQhyl?P)2Pai^qBva{5>iM#NKm@$%I!@M~c(kdCar|~O=OImbAw^GNm z%0u(=B2sRWf%#-jgKC^-RG$ZO39*PW$@q_Eh)y(V3#`2rpfO+c~wG_-q zIU?oO{q1@&<|%B`cCVC?4Z#xxT^DmET}rED;8Z&t;hz&j^u>CL`VEe-r)8p#8OIUF zEW21Qxl{)JgiB8mOGj97EwMQJxy^0(coUq9oNTefN2CbL6qK2(0%exry2(|zQP+}A z+ICL&KfTktPh0Jy)LDyYGd6w80IzOq6xr^y-G z798nd%e=U0r-Lbwf?jhd}^MyXXTRU^$^mab; za`M?n$s-6~_}Jg=jCEjouNAtU?0H?%eVZ!CJ_QH&{4Qy94SZ$WzPXf22Bkkb(GF*L z&9pb_-*($J$oRgr0~kxJgW)T#!SN^$jB!>Cj$=Hfr$&cl*MJ_}T4AR+fPWIAis~$fVOG&>72_D*&f@$s>pcu$26}P@sU@7>xQO@uhxz@gYv`Pjw5fgEb5VpGq-}Hss<^f)~j&=b1pG3|{D%FKyOF)Fx z>tOIm8tguTS;ggL)< zfyD@-L^ft03$0h+6%=pV$T|f0h#316ylj#*zyX}gVIH-T!I$#e;S47c`(vEj<{|2- zhj8#R;=pC;)%;-*;#^z-v4$t)K0q?+;`=y$S)Z4e63#Hy;M2y{`lr^@^jLyQRMzOS z5N7|TFmFlCC5zwsa^c{ZZ@!z6YPe26xSnjiph8DGNw@2#tml^%l34tmq#;Ipu$9li zxu?-78AQeu_xDGw`eSprNE%#1ehW{p^as5eYO?{E1q@bbIcNt#&GjY?K>u4{#eusbml?h5q^YfuchmsdC#&$ob=~jRl-{Cwc7j!VpDZi580i zG!`+RkqlsYsCC&9%Q=2A8`q(%EjRy^-k^qZG`-z-9`!V+3rJLEEz%!RBn^hizZ0nw z1`xxn1{kgC1Dq+MzNrSBMBzY%|21+G^?003h!zq^0^vD27 zmCc!XgE}*_*JSdOOg|7*2LevDZEueD-a#J2%qp<@P{Cff+o)GCKyZF?H(BxaSysIVg-m{u zG|WxE{3ymiN+p9&WVORN%*!DdY5QZCXd1lUmRi$b3Hg*py=W{ zWuWv=DUNT&%(ZRCwQM6O_Ucs^&^YPr>Ib0N>1 zL2Gf$f?G+$rwikvIc;Vk)^)GoD1>pvap3x6H{1UWpD!P!LDd$TFSY3J2#tmK_3+*W z@ofI?K}UneS${AB88Z{avc&_~3)J0YF^XBxqin1vOVumzc&?XqgKidOp+Xe0ikmc5 z2r`gT$)J@-T+50G2I4yYpW6llex{Z*@FYA-96w!I7S%e*#Ot#ZA{M3`dCtGhmdvA4 z;A_xj3d}#GZ$&riF9?Zt3W@gyySO&K+3Fbyv!%Q?>cLtHKQ-8$-^$f1Xnq@%bP;VoV@Q*feVi?bm_w&z(5h7oUa;8UE}1l-hZ2ZtHm(;*NRvFI60p z2EN_n9^m+PUIj9u+I(?4ClA|RjW=%(XE2W{U~-gBal683yJ{YDpokrJGkF*@^T2v? zE&KFVu3mx1Gh5cJd53rwVb31r0+rN2Zqj~O@nJe4=n|Dk-aM9t(K1CVdn4p zp6p*f*J>Q$YZHYUN-&c33OwGgWZjvfEK~@kldSUp?~Af9ZYqtELF+w@`?nNZ-7@Gp zw+)B9L)7RAq|NEXA4eG!|F;hR)$||HLf_yAMP)V2>)#;Tku$aNlp6r{qm{r;% zJ)}r|{sFHTb zNiJ{L@0VBIwjI&(%&QsOA16NE0=7coWJIr%n8QDIUXqkEvEM*Oe%5Vq?t@Oza`WMGvUy7sd@z-&sbS^^NnWzxWow5eKE>)C? zlQ)-HuLw2#BC8=%;V2H*=BC%&wjS`wb<{d3-kTvT65N0BklEL?~+98v>?PRiI22XR_e#qbRscjxXe8y$w;&t3Q zIJ4ACPgN4XDw1+sSgOGMEib!9uLX^#w^aThEo!(+i%sgnK}n8LK_mr-=Beu&3Qf zl$~tj%bh1#4JE8u(qJQ9YMt>~qV)+G%ohM*Co9Uy?rP87xQ8{HW47V#L+DJ1Sz0Ybai>%-CSO7SbyaH+Q^P){Xc& z@1BN2GU>90zUf#|CdN(jUadu3(iEpyw&b8-Znv?9){>6P-*menfRFQOLqyVK@+3DO zhqHz%@QRg#roDAMk_I$X;pud~`L18FE>no9CdN{3<0 zYiBKN$Zm_FEP$g_XyYv{&3G-*dIcWOEz<5or8yt=tdchPqUv9GJafF)Y7brFZ6a;1 zE`zO-{H-O_ntu$1gDk%z%2KAi_!`KWv%e38Zw;D{8 zY-dMu>Nvx-IWKi<8tcHl@ zc2WHTIQap$8w7dgIBR183oar)^z!sWHx=N}O(9kYsNhi%GQA+4-c}JJdIc^ySzn0u zHy&AFqh3QG&%mnY6*1ud+f0l2qd`a*$UDZ)w>RHrF__sE^|t4?zQu-XB`<@P3Y*`0 zwn@AFj&>Dhq(UM|(mdb?VcQca(nV~ z4<86ZbJ|S2nA^akX%Lz$U8TT$&AM1$>dw_a)s}DQ9@O6wksib_?Fm1N?{~wPesE9J zySz<|jjvy8IhqX|+Ydo=1Sk(AaR2ryc}ELw5@w`ADl??HK$E!h4RgJ>Y732(gw(0* zRx!urKMxdwviIC>7U1)Rw6EE*+x8G2eHHjTY-1i+*uY|Wb$KGUa#4Bv=6P$i`3g#a zkYF{Q1aIT?@3d6TX3J{Bi7Hp#mcytoo>n37hok9)VU9x<>WTr>@Q)Fw|{ zLwx#W>FL1L;4Q157_Tdr62HoVUg4_5ylQiH8Ll%~p%<1~!#8Bp?=$LdWWm3KV<>Y) zuY-gI-BzIKZ5KOV&#)ZM9QdAAZu!ZUoNK&TXSkj$Qod=gwEIrYZ(9#3|CHti{~KX_ zc{<{zdau-OrCP!*lOOiE%J*}wL7KC|?WRHAp+B3@^Fq?|FEc>W0M1vk@m6k~psm~z zv`}0{$PcK&SzL`(cyfIOXWis?{u|VB-yIMC1w7}aIf{#X zBO7A#zD>r`Z*f3M!aH7|xNNnwyY8lld_Rj=-jL=9O?*ct0-3wa`?T?y7lN=kl@$wtRVa52eH-+sI#}h4zklx8nxxsj~4qoBw$w|@*IyQZCvN$sp z@);t{6Po@fZdJMceD9;$>nrKL32P;T2ZZ%SNIK@Z-9X5@GiXijw2@Xtr~%ArvrEzH zZfyzYR&EIj=MAOi2hIwxDo|r7UUPoNPO<#}&bu#Uw?Rd?xLMkxURWi;@L(v4w=?aP zLz?`o<#<*ab|Bce(0H{JSeRpifR-bq$+I;zogvUng?!qEegFu8UZ>oW_REfa$bUx> zrXxOIxxA)u(m0JvuYiIc;Ua19pBJcY?nkbQn~S${(fl$8pN6fmvr~uBXU~N4_62zJ zHsF-WY`$1H{sog7<}bky4Ah?WXEi<93Vyrg zz}T?@*OM#d-EIr4udWC$4$Jd~4c1quW|j9T?H!ghwOYFZSr|Hke-G)<$B14Il|?*21St#^|j`SEBbmhVUk>= zZ{C*U$N0^hG6mj&;Xie_CmH0%=!!kao+G92@jX^B<8Jg@Wybny6A?wOT0c*~aIm`KwciF!{ z5Fb_#QtP$=&<`B_63cQJ|gcyDw`bA&|(C|~3XyyJwe_G+t5#m#^S`UBlFSznk zJzMfrCYG~pFkgPm#LBph4Y<(75$YF+&?KB?)nC`bXFRN#FK`FZHDc$(__f~N5y6;s z)LhsyjUHGxAx*Mmoe*Hf2GvnEbnsRPF!EecUwE^+fuV8o3}^Lh^jtS*}Hp}fX0 z^Zh}Q$&OSU^SRrN1~eQ?t#-QbO5%W4;v}a!C`PX@`Ia&~X>rzZrMUxT7wB~y^-3#O zuCQ(dff2`2^w%i=CliqbtGEn*x9EXnZ@sf^{=y2&5zR##1mq`z33nRb3ER#A=FaDD zJEpzN^<;ZztQ29uN%GvHN#Lq-hcxf02mJRJaaB3<9f_@B#Em1BD=u=o)sO?%Qrqk$ zJ{fcL>WWox=d}>0Fw;J3i*R8nlK1G-X}yl)7S2@AUR3)W{&G`o(!7xpaQm)-Em=Ik zp5oxF&6Y!&16M3cZ7E6J(ZhJbdBEPewkmU&ATc9VN#M3-HpugfUj$}O#l?G%E45rz z&ddpuW#!wF#WkIQm}H6TSS{T86F& zP~^oQOQfEuhvtQE=z8m~o;j$xzt`K^%LlDRXMyO|l8p?u&Q3;K3-*qP9SBNHgXN`G zh!iB2cpj+fLy<2A3a8m2(KSS#4oX?!&7_#u{MY2Xqm$I_7T9h^%3gQ7^^k?MA=i_% z?HSUDmgsZOJdiAvU5&zHt(B%h7XC6R(Ms36ZNMjQpWS9N-3Ky|OQOY$h88ar(0t4d^6smqKZ`U};W&$B>g`-6 z(9rH{PQKMY$t@!fdH#VNb*Cs zOkaOCKRc4IYu)Qhl*i8D8;0Y*XXvU-_|O+u6V)BYp%;gV)Nfls^xaN&g=RA0m{!@^ zzTG?4c)^L#;yEJgSof`$c2_kOa@O-!xXl20&e8PaMFI_N@AaM*u(W7KVS~g5Q838W zc-zdt6W#3q%saQzn%r|aaY(atC4oAS(3Fkypa?}Q=!#|3;S;|#`lm8DlZD@5dX4?= zN^N@ELExDb7wD6Y;_Vc>tFsS3N%R9h6>v~%ZB@JQ1x>uCLW`Gh?j9IyS#NrTU`0yyK0He zUx*z@tc3!`3l`e0vn5vGd$OPLierGuEA5&bl0Gs|OB}Mkz9QUN@~K1*5jn^0vC4aq zRu91{Iq{z|-ysMD$yvL{wsLnmAei5_jHfkupLOyRy6Wr$cj+#Z4XH1a-D*jrleP z>D3y=Dxm6Mq|F9u#S*!Yy8t=psLg+{aD!de71xu~vsL^D87a$&7=XMG{2P z=Wi}_Kq%g!jwIcNlE+k65vqsDQ>gesV{NduMHQ}ek!zkTm8WYN6zflLyW5YDlV7mY zOE2+r{(IM&)o51~;f3gWXz2Z(H? z5H8x~UCI45Hi2fpv(z>w4NQ z$k69e>v)+9*D^}TXB14CVZ7wvb-?QNop?JSkc5}S-7_s|-P`;MBT_??NF@VLzYOnX z+TBNUpOwq6J@v~^`68Pqmj8x}Qg8zGx^nDc;)s^&MWJ9o)fb0rGc)mjH<sWtl7Yw5f2`MgxBq!d zRopH6FA}wK?-2SbA%zTit!Lv&YLn+~Bn@b0VXYoA!Ji7t4B@t%aBi#uf4Qa*9~e3# zjjM~3p8gMa?>xh0feZAUio-2O{=&r+cQD$gue4X}!gs3il3kWVyT$5NcWD%GkC>w7 zw~h^`-+H_9c7YK}sS10zp+2UNj9jT1p{Ij9GrZniNBqxL>X+XC{#WRB?we)1gf>Vn zwIZ9&1AQXvwjIRb)KBF$!ZOL#AePoun|~<}Z{9XkJ>CKeYr@iwTkc{@mZN(BUH)26Fb4{J<&hMtz%H>$}OrA(2ySn4{m*hZ+ndp z&~g#{r-0h#VZ_1A%+~8*z|y+erG%mgS^A=LIX+T$D(6w4$zO=;nNJ0;aY|!!28y>l zWw~||RT%*}Xv}hK&Tk(GDkFuqZ$}BfgWnV91|bN)GyV!8Trc+!iAW`bW|n%rT5&(3 zD1A#ZUwzefasN+Vef1i#jc|}#60;H ztyP2%SIKl7u}TIWPy8J3vG?UNN8J6*U){EiJ(1|0<}bDGrJXI$NElN)Y*|Tba?Hl< zq_ND`w{lB~iWd56avk2hePknNY1+M_`-RUOM@U|RN+OQ#VEoNs;VX2|L`8xA%@n!tN zzj)t5EPBgRqRC4>Xbq@F=eKOua`gH78m~GVzAMa05xkx(Q?H<@NzHE~nyclmDvQlk z_N-jv^=hXE=+~Sk1pmf69|FEITKYTu^W|bKcAJqxj-Sn z2S+mXN>uf@aKh0&d|7W@N6YAx7sU$Kh^E~r6m3@y<@lKtn%guJ9|oenvyB|wV@#ip zoq|@v`8uHmon`73G&Q9PHdhg5Tqo6i#3~sy-@NJGb9VaYFIEz{hzCs7PSYMWz^OtW zwybzm?f_HsKW~SI-Rc*C%h%6Pp;-OOD=s;xSh|l z1=?phxpXI>2{EQ>9pSK zy|j^9MC7UdVlUqsS@EFM5vC`P`Z)h&azUb8UDKed*!WLXcs02Jiy1sNnPdCWPu?4n zdgLGBn~$0_XDtj_3llkh=KAe4w<+41r%)&{A!q?(_#9~bEc?fXLn2qNpy}mQvF0km zkj+wENNio@W-`3q^Zm8W^Jxmv>=1nM)=8FADoR$2il?^u5OHEupi3GQ1o#0~>cizR ze7+-x_&P7)E{Pq|V#6amh>2YZ16Ia*j-t;oZEmIsmMA&7(QddsdT6}y!bps7JzqDp zATB|oFEsO$V0#te$m&n!deI4D&FwT}o%h3m&BpJ`_cKI3FD2CXJ%4B`2i6*SQji%ZnoJPhRX z1#edLht@CQT-gXF@iDp1&`6!$3Qvrh^`uuQ=i(+mg-W?f1X zEb(EWBHQsc=q~Sp%wH~4{I;3Ha($s;kYIZiVM;%_jwDvepqXx7?=g4y=eQQD$|tu% z4K!)2k~_%M{Qdy7$%&T{hgTQFZLIRu=!?vm*e$kjicNeeHzT!~H~9>dK>S)%SZaAZ z&v}|>pQj0ywP@IAvmje=U!w6YZ;!+ZI*L{r5mB~|z>jKv8#OGGys9ktbdYD@Jg@hm zL;kEr(zefY3k6@cm9tN7f+al*=_?W3OMKWC>g&pg`f3zz_iW?quK0yD4)nzV(bF(K z+IPo=rFhn3JC36$x8VYsf;NUn6Fb9U0i$^vwpy3VFjK{Gvrjx4P}4d}>Ye<-RYyTLO&hp!Z^k9nWV zbtu6~1|H93f8{oRUTV3?B$rwkE~+@zwvvNj?ixpH@)EM7fv*;3OXdv`s#uwernjYe)*lYdp^ZVB@*~sG{G6*NLh*!T z9|-@d+6vL6{#UL~{n$8Fu*C^;z1}}u=wC?;aXa4G+4={flbGpwaz~n$?;ELSBAv)u zxw%D+jrv4s7}xfr=h{YRyWyAXxy%*Af@NrWo5Ho4eAjNOU|ECWt?jcwK3{NsXT1H) zb#^!;m6BcHalr?M6|Dlv5x1$SmuQQZul9P+^=GQK6e5o>5dy({_^s@*rsKc8X(jVw z_8g#k4DXrC*E79Ocf1o0wBs|Go0xX9QK5^KJhgn=q&!G9Mp;N0h)MR#$bq1h__$f9 z5+zqxgrfaX$qt~_lcST=zeskhAB5}6c3k51Ub(ZerKZ<~qOTNT9Q&2^a5=)m)Fv;a z5izG%NC?Tu^W5lz3_hcI={*$94X1PMC#Ri47b{Wak<`at*@h~(xuuJ?NX-D}(n5?r%9@>p=bcImCtqdp z7`|aLU#BFylTr2;!Gf)9^jQsK)v}&Er6Pu2PgUu{SB%oitL-Nz`&I^B9Mz&s=W0S| z3MG&J4ps0XdXcM++l+Vx(DfN!@6GAT;%JI4eyJel64_&4B;002>!Ih% zvi*y5i!B8G)_A@5>}}MG*!z5sjS_y9NF+t}9s(^JhSQqd^-8l6M$cW@m#Z_6=A`szf1P7 z4;BlzxmWYOwqb|A&?8)=dS1m_I);afq``|%Q`y=1BPet!#DGFL7Mvqlkajo%P$#;0NY0Wy>c3IHWhx? zN8z@%m}7c-C^!p!{9S9oXJPY=cXm!~u{TxxZ$~;qU;SSC zm{Uqhob+TW!vo+PFinn^qqUM|L=G(pA5#pDuBcAiO zOCNJOww*$2^4jxn-^kbKuGh*g^+L&8qU($k=r#hy+u2-IB4$zMO8F|#?6#CAIoTI{ zPIwe*24}UCkgS(~M*S)YW-D4JoexWQw>Ko1oru(@S3A5T774^pcdhP&k*}$vXac7K zT}5aEL@2KRSHjDZ@atp(#6Tr8dNwrmnYm_Ff7P`iKrQqsMkd3S^Amu zF<0x!iU6b+z-anLhMdnzbkd=N+Q?<+!~aPibvk+r*AEZDTDMyX`OU$s`q-%`Os(Tm z5@~lkWt_|^Myts+JmL1K;B?*;)Q(j=%`jt-^g;jm3K@1QS}*eFxQ*vYcs1>fPQfqb z)I^O+CO_)#aa2qJrwD;HX|Bi=gur)??564r!jYdBWIm@r0i<3D;Xf?Se+xpYy z+!`!j*B7;8L3~I9`B*J~)VD}5ThW^7EPo%jDPMx!UD2($#JvKwt(c|qN1cvm<+d~T zJ+~VO_+VuhxeX1VI}+jZ&g7cjF1(I1PGT9p#(b`Ldr$Bg+x}=Ft5+gVLrhpBU8l6^ zbO~lFS~>D_m75B=D%_Yb7(G@NsVXiuxI0`V4c5z;ylBK`yWKX(uMXBAjY&ZF1z(AO zT9pEy4~N@e?Mya~wDbd*FO?x-iOkbR{(AE77fG;N(du!a{?2Y0(o`eSlV!TJM|MQ> z{A=e27WA9qz>N)d{rz4CqUkPO2IpbW;@<7NDO#4|2DYC$wL)dug~31Icp zZnp~ZIQ97_e#T%`pdnnV$rs;587B)--Q?;*o^Wd>vQ?KVL=IhaR364gzf%eCe+_gUI7*?{70 z1CLHYGiDl4$y#&P@U$i*-^d?$rB|RZ#es<1bfy%`QIS9Kc8AGO`y!lhhsO5pu~C44Oh2B(snTUqdz5(OaMIkEX`71*M<`t7{MYME=l! zxg8tz>!s!2B=aJwy#&C5hJ$r@bW zf89_Xz1WUtJVqHM%c{gAOZl!}OR%T27IBw%0={@By-#oJ;Ubh~tQQ%a5((;h02D3I67cY=mC+!ofMa9hT8 z6v*d$fc$o-<7$<5XnR}qmo@YdIKh7`*?qDqh6WL0;{7SrUPNTlNs zcj>8t!i6>;t4gedao zb3~b|h*+L;z!BvXI_o|LJ#S`lm1&P&R^IHu;M4H*HC*jTy!H*ZTL5_fW(h*+W(+{? zKYt9*&rCj+GDv2XAX%WgQqE+ljn*#+V?o<^S{6XO1BHH?z9ub_D-;@?597{woJzNg0Hu7xc{>5$U5u=3-j3w!T?M5(CcL3%arY?8N9#6l1F*!jZ3J(2SfS2cGFD ze|VDEfgupv4sG79U&&MBG$G|MWsJxUt zf{r5&xMR~wIkr!l2cJBn`^&jN#FM<^|C|_qYu-B7a$_$9$GdGdVyEztF=s4#&zwAj z=V#I{rVNt#Sf-$oH{NccE)0>X9WS26pP+HI6T|) zejJ$MF5qfoGY>lA0D{j9DPlnk1Yl-jfw725HtWo4UWgo~uXoh-GIV&mltiBs|0 z&(cPw1u?P6+cUUMFvsM5Pl(S}xE8EOep!BgQM&Nyxd%3n;d-_BE<*>PBE z-$F%n(zeP8$NWZ?`Q6ZSXw6Jnmxy>eI^h8{{Ex!eZeNDUD)NJv*tJg)#W&2YFWb`Z= z?_lkL2xDWpBR*iw?P+8~2fXgKg^+)Ac4S~QQu-qo=gT7+Lm45n@^G$HHE*=_-Ex{O zTY)avFqsa@#h@d0dBJ*+^S~UMG{d3QO&vEi6@r zWeWH=Zx8gcZ8In)x6Z~l+dEXzMV&@e*u|OCK{;b(9a)USPo-pmG9yt&+-qMr;s%zy zJvP*?->6gEwhQdNbx>SSw>COB8G>tY3GVLh2^QR412edLaEIU?Lht|yHn<0OC%C%@ zNw7O4zr5!?-?{bGIbYqXd;hppF?9FtUcGwt+Ut3C&!+qQJI_wfOHV`rV7Kde-LOp( zCWjz?8IHPR*n$=5>Q~RCndA8(@0pTVzK+pK`WDy_->l+*@gdZz!xJvV?0&@q@&m$z z(NMB1N4VFzc=m*TNA6%EgyOdOhO^x$jlja#&7av8{vVzvG(g9$HK4cKxwFu#h1MX5 zfpE}!Q(I!szmBNoRI7-21f8bU9X}gpIq}iLf{OwJs`YfA3Qn-G{6?)z7vYM_0%f1e z4ltrlC!EJ#>(gmc?4JLu_yC4ZkXB*?qrr_2iU+kRzAZ@EY5^X62cZJ5uEN+!o3Dqz z7gw8{ZuwLTPy3Q(xCmU+@QFLkc55Eqe%um}PRF zwcco(=K=QD6okThrm)EOhR)sSehE~9rQr<3Z#b-Fk|r!(_k2KQtqhW9#+1#K2_x=^ zOqBry%@`clQO6e%>&p@c`+BM>=d8%Lg>XpVtqa6%-K|~CTuA>Ar`!en()t0OAK~l7 z!z@>m;?E}j-g|#8Wuq9L8=9k9?ftq*uA9@mfHT&(pRvKundfd4BnUud{JCXYoE}W< z2|F7(7J5KOWe&zIb$K)FkJINKmxg`j_yNCo8YZXIu?JfTe?mZdYD1yINo^8G-W1XA zOAd_H-o@_rXSR~pJ*ux2ps-bf!Z&tWa>~;^@~$ zf!IN-(`K%#9BCp-l+ri#xL-WIwLb|l@eytosM5^u$Fs@_+T?``yw57(hki-gW9=EU z8@N+ny=CxnJ%XQGKT;qBu2*pG;v)VQZFk^;GxNAGI-VLDeS@`di__J%BleME)XQlt zwf#@u6%jjyREN|lV=nRKn~x1au!t~oBT02^d*quHK25eJO15HLEsj!Q_x7nnqi*Vm zKaxejP!E)JE;2wLg?rU}IN(8IM%sSI1VvY3BkF=0zyv;?N_xwrK68^zALyQFG$#z0 z(D!Igvd=?Lw~m~41e%>$H|tP}&hAF~wrbXR(D75&SzXo^=<{fh$3WULB1BviOB7Z& zM_y;l>Qda#Qu$rTA@s7Q`$;)l>Fmqm&}g<1?U3N*9^>9XNk+8f5I8Zf|7^VaT1}>} zijYZ-{KLdIvo2{@DF6w+4GBl&kMxGeog`j;%Dj+Bx}qYrGEV!~c2fFb$-8T{uTB}X z)DzgcORg(V&2^1-ehHA^rkuO2zPerzXY`74Djuv4|-B0g_ z<7f3K;R5lHchQ{F;~DcboN@J3ue7cTsRe0qNj;md0@aQ&z|B`5oLh)_Uw9s14AFO%^%uZ)mdC%sr_hmF?m1$gp?AOesmn=(10)T7{6c#QcH=W*%+zHadnbT;}_u+oY z@G<5y=}0AW7_s-=<(L`4QNGHbNyI(B8DbYTd|68}dDd73DW5`-=DYUaOp^>oSP{_L z?Zl2N&4)gR&|52)sjd!ohOq1-Y`!9yqbj8uN-Mq`*-W{WcorwPjX_;SR1*GHl|)Yi zETC2T-kGU_>WdeKMhBs^wOjLgnr!`OtQqma?3}nm;zUy@qj(uMXnqs6IYa+VCmGmx zM=e#LPVuo;_pwGuwtk5{Y>u`iA#&I9rYV;HqUjtc%rjYmuUm1!l0|XRe`75XqV3#fp!hMF3NGGRpwGdSksyWN|F{ILTsbhrh^vn(U#<$v$xYZaqzq zw>H7ssR&7vE3IO`+kx#@>Pq&-v)P+(9i&I$yh3;m_aj{U$Pv;vgg^7kPx`Xo{ptWZ zz*TbIf%2VM-t4My;*KkzBPkneUM7A|QfFe>KVsdfF-~&Oi**)RLn9-7<@T93@s_eu zU+N9>Toz^x2ZD|U-FMCHv#0yy36XugbNWPKZ8e0EEzs#yeSgcnM{74 z>?^Y#-lS?O-``iXgblq)l=a$qoPoVJn;bg>G)2+9YdkLeNUsXB#9xqC z52zGGHR{8hU1{QT)yvr4Z;6hLRW9>a7B>w2Okwz#-Z8@OJ{gBE4^{}v+Z9husCZw* zM{u4N1YUa%mvzwMp&wHKm&z~}+mZxR^~&0W-iUSQe82^3Z9S>zm+(&3I#t1Oi9=dL zuHep!Vy{Da<@gtjQK#9mYFDA=tq*!~JGGp|2aq{)^18$tc zzT^us&T8l?h`3lD%8E#8;_U+0^`fh&z}Ac0#szI@F6V4D!{efHsb8w(RE29g$K*Te zbCmHUAxd7M9&TCtE^&(2f=e%B$>bFLgE_?Tk~fAIU>_X3cYS_dQ@>CQe>wW1*TWwv zRpp~Z$F~9;w4AeznMjvkbJ58)@f|3zC#i{3N|KUPREFxZSmY z;T#%{PY7~S;l+R0A2%o(@vpzoujRo78nQUnfPE9-qO@Lk7|(QzRlQU zsz;}UL7T9wOH}seZB?|lC)0j$)$Y%I7@%&=AVzC{zz7X?!XC-1B436Zw=29g8f}|- zM~~bXaEgxOk9Py@TtCR)_pVD2s7}x{=Y+F~>4iC+qe|L#z5lh)) zK%jhIfQN>&jO2F4%JBH6&i0OL<;ao&hgA8Ua$OP9`2qgMCNI4umQs!`tyUs$r_Hq$ zt#43n)Tg4(%t;yVE;Dpf<&&c4@fIH3I>8KMjbC&Pk2WsB@ytRepMpaqOq3$bmC;Q* zRFJ-N`SSxCq8dvi2(IKyZiaMDRzGwuRp_o>*E!ma$h3H7CWd_kDJBOvcpuoj7wDj& zXKcAZdeHc2f9FxMpr}rVAxQ1zh5R6}7|7$Q6KK_tNK&uAS@qy#)zZZh1IGUpH=7kB zPi(u@kOad4!2>Phq0nXejDG*(jdUb3w85|Q(Y;>#)$2TDO2=F&E%XkgO8&9pD+9-F zMR!vrl7_64&+c<(a_EpIddqrE+_VRjC3h9*F3S5VCM7bM3<$Sfu8yubTqoKGZj(4b zIQ!QZm+_l?PNT{_xYy17rB^set|tNqq@VA0uMRcyA(~;iZuT`7`AKK&ML5z6-zgug zy?0?)_QXnlJgCHa-#O$hFsso;|0qk?IIt9QkHIdF%#NS}>uOU+)bOa9U zPPG|tW{x?oCIUkvtTf%CW`qiTy+g|s>FTB_{qb46ov%vByL3M#l%C@YD!smG)m}?U?4?XaRyhHSO zTa{Lm?&VntycO-bf<^52ehdYH8K_KsCh`zmEcsW&a*g>=3{D2ljnf8{1HSw&jn@m?^Q zCPCe#^BIKin3CegI&$G2<2{S*UBtk>#DiX?;w>GVxil(EW>yy&I9E4q-GTL#&1eqA z;42o2TCiwu__@2T-(zP*G#%9$r%Ja$TTeQp3=K%&anOd$ren$+;@trcqM)u3>ve{P zV))r)20TX`Yx9p?2JP~+;wt;oW_>(e{w=px|Md&93+U?3TbS_~_f`~x_I^f6pUo8|96K#Kc!yZzFso)^Vu7Uu zK08!kLp2HTJfZ)`V3s>p_rsT*#^`Io*&nNI4}lya+evv6_}t%MJCBmfzlNW-zx5;Y z^iNqRSD~|h@e8A^m-Bp253QE@jc8J4MV%8rfmh6i5-b5>MOl9UONRZ6N1ntwuoH+x zlOE%1#$r=)IgKRgru+K`Fho4hcon&Au=@O(9c?<0uo*sVk+ig(0|~wDxIXdj*Dp$l z9;lz7%?jb=GZ$hpA~NT({)N!*`VZDkCxM#Yh?k;1hUZ5IElc1)iH`0rQ_^?^pU|BjlriZLgDrmntRmB}HY3Efze zL85>hl(cZPL%vh_QK;~jJY?ac%9r)}w7^`-FnCm<92bL0av2*!2XdW>)$oNQGxM}r z?;*~ZBp9qzMet_~3@|#YbJH1d4L#-_H#)?zNf?Mgl(>xNi8NNVkf$3*s=TgB>_}TS zP)5we&ooN1kJhv#py^fF`YWMFCS!Wd&Y<9fs#tx?#al?`NYH7d;K5Tk>F61HjA(sU zJh!iYD}XwNViN7P{}Ho)@4f!o!KAJcW>7!+jihz5YrxQFnX@{>_I|yUqopMqJ~H1WT_ z0^>Dy=~VK=^Tk@x%K2CPI?*{6cbaB&Y+qx3%Q`EM7VLPBAW34o<^%PO0wwHIm9rdU z+G4)hBbu+1&RWigla>`0n{>M28o&W)MAFl2TykKs1YQwGGo)8oTVydD7?NMiHf6sx z9{M6px6XoA{<-jjS%<&0msp)zh)S?ir089sbL}UuzMmF!%bJmCOF74G)j#`gbU$st zpZhy6fis~N83R=vBXU&o&vd%ULwC7{@2wyVe6E1cd&gQwv*bd;y!tEhKCfm(NNmP* ze8CRp%+32`COhGFCUt$0hM?Ew4G!>)5X*@l`FSsUEVpB~7qPS6PLPN`Ms@P-GZnf~(0x?Z_vq0yeeC_4MIW0MW}GMV zqJlG0d~6(ipfAbBP^trc;u@DU!K&TDbjUtq<4=?;`tUB3>RRS?)rjNgm?h{jK~Fjtcbf3{$2CyR6YUVL10 zDz$!0Nn`5cR6)MdzExdtD z?)*E~!aIwjx2%t+$rpDyr-Cb4-nkb-EGzUGIGe(S31x55buW9@Mr_SAHyvWR9OS=S z8BHOc4=+$LM{lojD%H%O^x;Eyh-r+kvwhSx_(b%}!?DsjYY7$JVK9WWm2I}UW%5V_ zhtSbb$gwvGt07$wJY7-a*Q;EDbeIyACAYZRe4~~c*QP|Qc3Mj0>3u=HPq^ezC(9ev zb0}zFz#L!qwhNDc$bLv^V3<)p$A+zW@vxLa-BV+~ZH2cDd$T2g$VuXCZ#EGn*(lcE z^Y&M@Vslnz>}~J-<-4%Lg6nJTlsf14Fz<>yS}hW}PJa?MaWv6jx$BZOm4zyoCAEEG ztka7=ZaG$B5onTcNxESTBf8}yoi;Sc6~y!Kgz!x~cWn_vd|0kiBxJi=f4e&;wM{yl zPNj3B2rOG@YmgUyqJMCQE zkD4C{AQeH_#BKQEX;kPoePy3MX;ubCczh%wHhCMLl62@ z7Z@TF^NNFBRArHSj|ML(L$Ae%e%@sdkQ$17M&#CP$)KZ_`#6YdLc@SRKCi#3B{}~s z3*?poBCB!!S-(0ebo_e%9u{)1FHC5U>ipiREA*1t+y+Sc0Je4IJ{H&^ng(t7E2+(* znOpy0(pca#^l1M)k)NoitPyNH=#gDY_RZg0gSMo1{p-43wet5gT1m+D0Cr$yH2zm@C$S zX7s;8g};++uZTh5>FMH^*&#i%nJ|GP=veGRM>woQ}0t6=chQ!|=O_maU)7y4lu# zj$5jSFhd zT9MNyn2a-HOUK)AuSL=f#@07dd<6Iu4wqf~Jim~dOb3+|z{0N4OBR@1)9Kwu8=PHt z_L1!f`YH~&jd6yVR+@HYFcICtZBft;`Ce=u?T&$%G>qbo_7|jHs^;gwwaMy8>CM#8$Wwe7r z(u$p_YouOMXf>7+;o{@MzG=55)=+!iUE z=C+K=7U-RR&bw{VC}U=5XV|;zz<-mb-#)ryxRhgVE@AZ z1C&{H)?e*Z&JqcbXSTO04YLV?nnlwI(wIw`!1~bjd9m&&QI_yIdlSREkKRDXTR9Un zpDbeORoDu>U!jfplnEMcvV>EQ43M%V4NT-CvbPkVT}egj|;BIlpeL9sK(Od=xuv%$$iuez*r zhg6gUq-9i0nj{R>Yv!%1mGn{LAzzu79%?p*^5S?)ISVkC$W3Z_*%}hOEQ+k(u9sc5 ztaYt9b>N1Je=P?V=59Z(I{i8V;fY=d3r#Q2y~c(L(m#T6b(b!$Sr{zRb0Uj2B(@2V ztoTd@v30uC070)W|7^X{=RfDA8fFl2Ri|`%Z3EieVpfJuu-a768wv*)6z8e?tsCoR zosOdcnjUQTMH@@45c_Q0IK9FA&v!ktfwzp8`haB{jrFLo#mWaeEvJRey&q-Q~?)?&%bTw1MM!8-r z0Q<}3Psi-Ntp3(oPM(yGwCE;O(Tkc+x8F->OOYrFkMDmyiTa#LhQ<{xb=BscqSGH@ zMRVQ3)Z*-KjO%XWS~QXVOL+()^LDZ!$4?duDj zhv!4Sa!b~+PW4V255Pf8p zeq5I9z_L}TE!nb*?t-<>`?_}qCQ+PzwqR^>k+p;k_Tcy7BE;R8dT+^Xax^j1pZC7x z)n;L9VpyexXCY^+d9`HEej;L_>D0TKfM^z)Zh(7=35y@kH;a!%C`CzDQ>Vwj$k}kM zjy}Ukb&XLU(3j6z;>}{&VP5_IHb(B{aSc{=8LWu-DlCJ+Y-uJ76m*fRGX_T@X^*=n z4`Wf_eFEDN%mtE)n<_?*V=cKM{mMd{nz=S^8tv%F`eMbsJ)=`G_!lSnLn&zPgu?u! z4YXt+*Ej7*1CM%3yN)L{TB8W$4jt%I;oHzH!O>-VB@WQ zvm3AXo84n{hRcBmXvZ7Q%$qo{_$mwQspuJq*IyVsKP5u$KeHg+zy_l9UA7&dxWe_= z9h<2+oWWb=Ica55o>z-8>IOx#74m zq~O>NDG-IPqD+I=Y$$P3i1BNm&PSmLgTnZr2aToqH_D|}FsBhwCvV)%vMo4;OC3I3 z1bBzaijtgGbGRDGme9hS#@w-xmEN*jp0FtI3%-5DWnTn6MI;RFL9-BiKzI2P;8!(H ztEYTKwAHa+!m->Tjh0z=jCp zxKVj9;9j5kd@=5Gt%NDi@7Zo~;Ihf$DCqy8g6y>D!79?5^B4qSV5o@R2I20kQo6@L zsgYhOtRlfhgfdU3_Wp?1mg)}7HL;c-9)=uAL71c0MHLwantSCNH!I=lQMWw86goK0 zB;O%8ma*s&Kj>?7y=k9q`Iq_^9$1Ee7}~xfg>8hzT<~P-Z;;Y!S=d z5&@ZRZDkB)sur$Qt3h`*50z3Q}&ingId7bf??xOBj*f8ON4NqPy#Db0=l( z5M!$!E`J6Da;Z(Xs!b)siI0^IGHAr{s5dcgq*{AdNxg6={;p-fi$Or-Ui`f#FZ-T@ z(9agCB72vps>?Ci(n1F!a*MNwn#*3o^1!ZK&>W2#ZM`tP7~o!gyk4uU4DsEk6CCMG zp7o{MNiv^9m{i5Wfad1oce0C$Ou2xGjl@c)N&i4Us9&f15~2pj`VN*dBEH+H*f|ue zeRC03z4>BbDQsm3x=QxUyvHHqc>Dp)E0~RQpV|N*g)6${FIjO(Sj@rp!WOhX2ky_VGC@v0W0>rQTyn*Fk!|P@2xw0 z)ym&n8U-(5w!w2E$U~h!kU?nr;$#(8QG4}FH+rdh3Ky1w<22O1`DjiZ)Y=q*d5*?1 z_Q|#dG zqo>|5%YfL1-|oDXdK0VaEMoAuYNalZ;%yPJNYxyFeGwfE0&?(A!`clyR|_#Z*HVw( zvO>ktN6`M9vGKR$@#gY%V*L;DxH(zo4zEKRS;%X=ju&^NXA4h~!Jzl~46dXOy$6K| z$N~5U_FX}7#kQ~#M*_2%JdziQW~LDw@$Y1Ln-+pbg+5mxBRA|fErGsAmq)SA@I5*I zgbobshtZS8!}iOisY?LAF=X6tmpPK;kMo~>0>F%o*Debevmo?g(zcyw&RSZ{P91xC zc4aq{e9plpN0uosam~LJF`CpecoxqnoRvyE%3R@X9c*Tk1T0P%#Ct**n2<1Lo*X>I_&WxxGW#L(v@H|Ez#fi6jH zRf3al3qN0ZU+xAHtGjeHfwwKUMGOY{>&0|gbkcOHmsHA0`Q!6r1^bsahvxjt)szu1 zm_UPrlgHI@1B26Dh)&uTF}<>&!u>Vz{Sv^t!YY~=D*3l>J#YaSO=bn|^cg9cG{r@* z$XU`+s=5yzyZ&l%IAVr|JCSiMBNJ11C&-uT02uW*Z^rG+j)Z@R7WX2PgROdAlP=Ys z&|NA3#JNFMR7$FG!1lFLG7YQpjdtAq2mqj6uX@Uas8(4R1px3k*11nW+^2_@iZyYQ zSzowSdm#bU^RZbv339t#@)~+U<=Tonuu0N@ z4*)1^ENr81B>Gi)fCy;+{`|JQsIJTwnp|F4wj!zTnx=*WkdHO4^G`M#Xckux000T2 zN9S&jKCWK@fa2$dclc%POQjXK06^Z^ECIr?wrc?ZV11t{y-cdE^$Za3J)?XX2~6gi z008u%p5J|5#FgGBgaMoes>Z=x>$(O405@Ibl^$sj*3vRKKszt^l*Os7yaE*fc-(F6 zDr?u!LIea;q0g}XL&RfNhJFEVP(fIJpg zAOQgWgb%X#7j;)aSAOV~sj>cJgkwWjc4&GI4#@zh?@9qpE+A^1yHz(n2LSHM2S1B8 zVANwzTL1v7?%84H*^t*4)6&q4|76vok>`q#D*^xj-x(8Ufn6^+)rABgCyzw*N%mYN ztt1r&06M-NjlS4Ea=Yw<0U*EckK#aCG}#Y?17I*wkqwjEr{b1|p#sFln!hkEH7|)8 z30ndH?~2UN!uAl3H7~=VZ9ZW_liHUa&}6ZF0e1a<2P^PzUBAm(cWHQ!^GkARth0c6xAOcz+xKz|aI)wxl30M(lS$ zGltUsC4&nVM^ln80P-OvZ`YH&<|X$QFJb^7crhy%O6*FJU;tvfxQk@`hQf#dhowh2 z-ZP>&pat06*~Q7i1oV`$H+>7_;Rdn+pAwuLyu5sT|0?GBr}0Bm`uYu?M>V|0Z~V>`#(Z{}l5A*`Eablj8%j^Zm|=hyYntOk7+noWQ>u zs+ib-U7+o_|KqZ@vgun3vp;g>K_*rfoIrNYKcaqTp>m;G{uccw&j;jT`?owdko`$V zRp3)!(jG3dYAz-&7QcHFw{x&IVFR-NQ~h_A1IW(tuj(pJ_GW4pE0t3ROsn6YP8LujvHwv}(ZbxuM8e(! z+QE|!yc}#mE;eqcBvwhNDWMgefjs|=P1VBL-qp#>!Wqc>S6wjJ9$JC-kGia~PWG-2 zzxz{zcIjjSc6Km<_GRV?6$UMlvT(C8vrv_lc+&FU6nzr^S5X-oJLpV6C(I6NAt?(p zdvmD93Kn217i%EzAC;jk|M4P^tXl1UFp(?#TZ*2 zf^{?}LSVQ_kktIFkCmYB1pX9#6Z;&uVKc+ba5{W5{*W%EbIsVYF-px~`oz_BddRkf zk$SJ*kT>hRUQ{HhvY<3+g8yYDu_*gOucV7$63-0*P8m8aNxqNE6v03`nnCVhpwPR7 zS*OdUwX&VKBq5K%*60ylq#eTh1|K&K@J8ATFV}iS?zlgw$POGoa5C3Sc zP)LN&1410=6|+%a@N(SwgCun>fcJod!s?-*q1sW2)lGSuKcj>~>#YDxt`bcGnLy@h ze~aYaJH-lmLLMpkbg$Kjb?vDD*RNe@73Umm@)ky0S^KrSpuU>#+pb@BHSI}71U&Y) zzQ4ZO>t4U_~=ZbDeZ%m>%1|4Dy>-~QWB(e#zE0}e;$&&boEsQ6?W3%X9e{y zSyr2wG`qRK(t;zJOpQDiufKuLzH0BiQpVm7uk0ovX1rS|yb*tX3V-QUfBnG|eKw}T zhwe7>T;{R4b$^xNNZfdQLrLq(Xl(Z}aL49O7y2>-mL zfrMCD>sO;A&I2V?h60NcTx1gLY$kJy#NboPFuR)69<2^;cI;Hy;%s*ZBqWV57m}<2 zXh#|((gK9N9fd6y13Xe)5p)e{T@l4InQ|ja0mI4841%n}p%eW*@_5zomVMS%8($A5 zj){_$aiXi|q$T8rJMe6G^{+I;((7+s_pVuxEUorVSZE~6x3-c+yTwzH_L%NxzUB0k zLpLP&I$}gMe(t0tfM*a$=WyWb+%7N0;-INZfvclnYpFRao096*Tdn5>`BAD@)>&Ie zd|o)=xSUtnG@(Rwog=JEi&VLQnW7s*K4qq^$n4Eq(CDzkj8#3-$QKwAtOaBVExD=U zDYPqGw`H1;m*#%eLYsj)KQB2%-JPa5GZd^nuQ#IJ2o$#ft(LMkzFM|kh({w*wPh>^ zMPsT?WFPU?t_m({;wDNpoA_B5@)tf=eBt$jaa%Q!;Y;@Lp)R(dDN1kboQ&y^wr2wN z4)jbRkWzx}I^z2sk}S9^xvb%>q?UfA%so76F{{z-b@-fj`6TsMm=>2_7R(b&s_~NZ zAEPX35ntbMmNrCo5Q+}pN(p>x>gho(AvqJ7w110vVwGvhXOSZJK8eFLg-(6DqlHdH zgsi4${!<@)dcO2EC>6&h{qjpQIB1E4sRnn-%C_D<-1P@=Ak%8oAHSy-y`jswUX={BX+7Bx~C`~rz0n2d5^bc`$MIgWa#kV1F%}i3I2T>w*^6%c100xq0 z(bV;R%3eq;{hm7*#_v50M4#=Dl= zZ`waYF^%#WetxQp+%WZv5=joUO{6b-Eq{G6 zlg6;n)N`xO=|CrNOu;deUdz1w?o2lGx{3!Ys_Z>y&)ShE`|xAdx4@pfNg=Ss!!;w2jt}CWZ~oBDn)56EVf zaRvV|%Wrn|Pv&nMDSHrMKHL@C&w%2?Rhd3m^a*`S)U zu=DWoaPV^dPV%vF@^e6$*HcCIKNUIHxuF%H)`89(v>G>55(@{kDK{S<$5TBesB9=7 zfN~Y+ggXCj!}j-wi-(VolM_l!SlHN@**W;R**Q3%oCum@W9H@H<7VUG;rhpl++4rC z0!q!G_JK-qadNfz^YQPD>No58YqbA1(S#Bzs6+l`fB%(f@&kX*{vUGqUzq0qE7b9~ zPyHR}Uw8aJqK>@(Fz$b&j(=!1>+c)c8OZk!ll(uUj=#nKRrG&L9sf|+f2WS+8pB|0 zb_};Z5Skn^MST}VNna1?<7Z!Z80NKH7S!T>ihbo*wemJZ5n8*>r_Y5X$O5ldzf*B8 zzig6!Wg}^JytdZ?g9I^PV`~#?sHqRfcK_O@3L3RAv#2!IJB@<=IZ-pqvEiUW} z$x&q&CIjC*>BFcj!&jW*cY{C8159bM(|4mNz1+#(eU z~6#}<#`(87_rpBrjQyvV59#wRk1sEb`2Cqg{Ti2rae8=Zf5D(eCteq zUhh6YqnmEr{)$jAu25f{|3I13sV_F~e%*o32?LA7KmKS~)7luHa>IOItuGR5$jum= za6PY{_ISeCXzH8UnS3)|?zhk{Q}*GI_1I$Gj`L8$^#l*ua?%}v_2k_NAZhuVHkllw z-Injc%zXlPBd>)uskR>WU#B?Vjs|jSqCe5l6a((rI4tD#gLSGIXH?tnKHCg zDkzS6cex~RTl{i-Pb2D#i=F8WslR=aPa0<0m0@~^Qq1&0F{|V)4XJ{<9#1{RyNSJT zW4!Tb7BLdb0k6xWzZEvudS6XOuGag z2BcINwEC&p2y1OLd(dkegomN5f3pp;=Zmi9oSv<`2g4e9#(du^U#N9<)D$ewp7opZ zkI+nPULW$p))mkd?Pt);O%8EO)UWM*c@ywUqDM=a7b2>M83XvgLC3!jNIX0|e-Y#N zee>k`deAWVPf+K3inD+3hQGJ%|AQz34Y~h>vA-QY75we+|3{JkCW`#~bNPPT)Jvm#0=wFb}13Pp$}M0P6M{V4L5|1bqKO z*?-*g_j1qwkv__97ETT(&d$sd_IBp~1Fim`-GA2V58gp1@vm0@KL7tCEB#9=RSPRu zI}_+C$$!^e{7;eLe=!&T|9Urb{nzmE-<-aGDfYCOv84}<+? zPya{L_}i_1&*A^XxA^~Xh5w`!JKGR)}G-{$zXeKIihbci$jTFc|1!58n{uS5{~C!%Q9Kv zItTo3_DVqq!?ES9b&BDcEw!R-0cT7R!N!D*Vm~O4%7_ELA?wWwOnHk|!fjV>IM=oF z_0Xf{%b+GE1GBgU!%JThca-ipNWse(O=C;cl7!@~-So%dUNV!Mn+MX$dr+p(DbmA= zlOGPS%%||c762=wzudJaZ6uSur=~ukPmj1TnK&@v!`w#SIls#lI+06-cMf@_BQCGX zP+#BRMpFU`n#;0enOv~l*?NP~#MueUKF($l)&DM(Ue2P+zS00=ZQJx{tCD3~P)Ft{ z8wD&L_E8Zp=m(+_OMUaDAsVz)!4A#5XLM81OhSn7E*p@^`ujxTqN9@OmW$ zy6C`i*|Ks8J@uNH^V%d`@}|e@<-_2yjmO(#%N3vP7XIbt>ju$WUKk7jc_4QH%&(e) z*F&JMD-Q^>LeBuA;O%!h7b|+pH+-SW8!L*{V0{ti?#bzT0}!I|c4D=aLbhM$^|ld= zwhv71q&rW=sX9U=KwCBDI?8I)sLJluaL6-{Hkg2nJ>F#@5QDo0Az9M~ceAMX!;}Sz zQ29O~AQpdPV;CXIl1a{&Yu&Y36d5q9+~9`M(}sKvi(GAk0ZV>O{g6$$aG147KcQ5& zYwP2t_kh&y_62(c2D$;~Dyj!z?j-{sK(~Wc9OHTCXf4(qh8;jCE!_4PadwS0?7$zn zt3gxcS>2lB9AfOMStSxA$PFVPZ&AybyFSX3EY}rZMI5spD;kkE$a}4}L9gB1A*%)Z z2i)wt%y!s%n%Vd!)@$Qq{!=rDfS(o>*!5!Y3SBEy4fgdbTMq!QRZddaxWJ85aU0ez zrv@{tRQ~XIfxYQ8c-xj+BWt8D+so_GnFwHF+a>9ODn;OYo=G}Tb7B~6&FjBDW)opR z%xJee<+BdscA$IZkmyY1Br673F?-RvZ)VIp7uE(^rCr4?b|`Wl-BJo-D+Y9(UevrZ z>X1~Za|YFs#u0?cmOP(YPs!|1?$BE$Q0UCf%j6F^=+aq?TtsR|@(Mbuhp?`4wn0w} zglwF=-BxsyJ7!qz**FKh0G*N%BnbjSwEiH&@0kAt8l069`K|=MPtd<#2I0&7M7eS>A7FD)=sqD z*u7~XIZa`r$)G;ckq7AMk@~rdUTlaPUAl|6VeM)+{b&LCt7dn?Xb3w3<9K;-o9 z@GXu+%{R(3GV#fQE##!a=uxjB0ZWw`Gcs(aoTcUsuF5%NC~kc9!xoMi`8b${>A**f zvi))SYTASBmU4OOt0)r5q3zAQAN2IxXsy+wT|GmXCJM3Io18Xdudgq*4Njjq69W%< zPQ5il#pePIjb+T3Zk~A~%mT265?668DfAJpK6U{5cD@Z0#L0Hzvl|g0-L{{k6C01o zMN8kOi3SOF2>lQo3*7Ud@_<*evI@Kv!_|M*3O{OAO1A-CAM_OUAsRN}rC_x~2ww`! zt-!;R47~_+{Sx7s^@!*D91J6?^TMa6IojJFr=>I6SlM~DV?GU5Gw{;b1k9{G!u_Q! zuo?hI8-U{t>kLU&Ama&yl(B22M|*x3QCK=kL)Y(*Zs(?m=ASifCWzzj-nhA?+s0<< z`M{snQ`xJ3sP!S4EbMzb(+Dd2EKGneuQy3rnm4IXN+tq$Kp5G}*zXGk1k1=#@P>F1 zy{@aN3KEDw9!tN&>A}nkPqG!d>GeTz*Nh8K*k|uD}{}-%K4OUF;2FlGv5_uThv_-t~ah}qO@)Oym1h5 z>gq%b`b|@jd*wimFayVyMFI7mx?>fc30@D1>9`yp&hr~z!?-+Ku!dv*d%9ENL2_gU zMA|T}Oy<39Jf7_4U;CuyqWrj83P+mbi>B+P6se?>raY5fL$Bj%P7^pEx8w#zCiVre z_AN<@58jxdDP=IrB2o|Y@Hr~Lg`SWk*>UL!&L{tb9Ap@dJY`ez`D&Y>sklA&8Z6&}kv>8j+I^dkA)F=FRe3w&P&>F(GSLxH4iszcQ(N{pHuccWVUPM;4*pl;N*n)+d^LN$vaQ3!1M%|_ZqR5 zr)N~Isr_1kfq9nWl1B)3UrkXcENIU95YC1%N`Jh8>(W*z`)z_JNr7cdvALrQNoM0~ z_IJJySm^$g;xsooJSd9+?z%J4Heaq49VA_Nzc6sdFc+uS5IgDKZO9K278M-)*nZiw zsVO$4;UATD{A=<@fcxno3^Uv5B(fPD+`)&@6%)LKnX}PV88NJp6 ziHGe?QkY6oUO53htviW=8(|V2PspQ3Jf<0SdEjLoQE_WCYubu=?|Gu%UZI9<@e*uw)Q1N1e?f@u zO-k?d2Q^6E_gAuiH(jG3l0$31vC`UdXXR(h2qQWRGq#G0q(~bFedl^sIOu&TOjyAyJ_U3>!zf~P`e}Q($}!}=4R;8G03V2nQ+=>_y9SAXH+35 z;UUKeiTo}d>+PP#RbgL@yHyF>QME6u#0G$Q0_6FP^xD)$F&ctyjNp|4us2uI_$Uvz zYrwDA<(AU7rFTcNvBVwjFdNQBRfz7$yB`2HDW&w0PSYNWjtv!rqmV5n9mM$^33H<{ z`4`l+EU@#kYxkU*Vj7i%WE=7&^q+8CRF5S#VVL=`toV)eHG;528Z;)yJYcm=G`_{d z;HbjEM!tI;G8H(WK;sOLFYDkhAD7>Btghu_Jg0F$^aJ}a5pl9JvIf6O>Bh#_Uaw`a z;8tqin{>5br^G#1b@*yd{eHUTCGtxHi60$(m@eU_o5(h=^Tc<)IV2)VzD({h4S4pA z-tCeJ~pz)oxpmcG__47Y4QH#?AT;KWgwa8$$j~2ch-it$F~b2+7Io4B#c_ebB?zI zwi#o$@gb>gLKezA*YZ4>_diEuue-=B$bMdN)j_uXIIV;`<~9f}N6bDacF@j{&mZ$M zTl@+RNU6HVsWE4oF3#z#kh#w9mAbOPdlj&QLFK3-eoBNQ`7DTZy-#_ax4W0sw= zcB{4Sd88qGq#-!c&|{>WO`H@-lCDk)2Mt?{Tef10W_JBU#F2J)h{4epv}FW|^n_pX zLVj2A@6ne_h{ko0_78$;$BL;po@H>1ffZh&=HS2mb#lm=>GypK)1gNaTGcL1WXxZ1VoG&bp8cGD+Hi5l&COj?4fjJQ-fsa zYRK#5$EyTq41)sSSdy+|DDLCp1cQR)fOwp=#$#^W5?9F6#@oPGM>U$Y?8Gn#_oj)kNCB7XKhAEB8IQKkdx_gCZh4*gHYo5;| zpGQwel-FJRy(p^3^a4Gu^FPg<#-n%wh)L*xyo&z4d4c zx*4s;Vxb)sgF<-!E=qPyXF4#V)ahqzdaLWKtMBM+I%#+auHa&WyJyC|N-@Y}~nCf_;q%R>!zYk*;{$qs;{ZKIV?Bm~Vf9$q9o`eUy z-~amkvsb_H#xs-SJ9l1LH|@~vhd-Y=?*~tA@*e&8>zxfRzV_V4sl5pWPRM=11~Ber zVCz06M45bB9s>!mryKirg+msZyig24LK_(c@4&L8jHQJZm*p~lJjTY$VqBS;RFzN| z0*|Q^YBPm2y(T_9T}hblkxKFfp4$3)y+iN7li%^C{-&o^Kb+}9eq{1XIW?dTR@bZS zVB>mYX_UDxaHBrgH$8BRy4<&3-Q>GF`eRk*Ook$zOHtjd0P%exnNuQt4?^OVQeh2# z7(W|oN6&#Unr%tAmmKb<>T#yn<4m!qix+zqPcd&ckr^T+Vy+RKLj~thq3cj#ahkI2 zGz4iqjqsD6*-y?&Z|M5l9J=Md=Bxg%8bJ{pvHT zs;>2UT#MV*&z-Z`*P8hHm1XbDn>qcCE!k5a{VWIX3_Z4?<&Krxd{3cetESztZk@UJ zty#OLPkFLu{3rJv%KrTeqAf%)$I`iW%(qpz{{T>O=d72>_^3QZ9LmCZT1qxMrzJ<( zIZsQ;X6>{TM9T1JDNw;BigrC2V3C#_EqPi>w6w*7r$L#mJg)3e-d4D4nQPS_vWy3l zH&A#+;A9sgV0ogd?=Y;7VOT~5NKsjVIfxDd5$jf4Eg7&ZJ_NiYvu$YRevXr^g2HOq z5gf9uRZ!p?s$R%#u%D$0R#CEASd*v`wrGeDgG=>Q1FYzoh(Y9Jat;Pg?jz@*z3w)+ zna=lLi3}!k;|w9|I{gcsiVgit-Pt;$mP~SO?S`Hi7V`s5)9`d-75@NGbD!<@)M9S? zf#s^IWr}*#GHgLX9l1m!Mh1M0!fF zMwLHlFa|^qcdkP}`oWuTwq|SKlpizuE?o2D>^98G9_pM&_yo}p6WsG44lh_hz3KGamwL=drnUJH6z-k&QUDZh`3k~icok1$d%u9vGF3ls)(8r>`VJznoSZq4WR`rMj|*^T8T z9kJY7-N^0MEI-V5YQM(9_X#V);>9vZ_lzm}&H8Hnex23-A50}gnMw$PkRC!IhpB|N zn4Z^Q4bb32nDYAXcJKX9%%$*B=5h&pX~Nh>qz@g3CIkO42R^w$?3v*($^j~ZsPusg zn=tD9E82ADH<-zI6aEB)84d9J1gsgR$N$9t*o}9z?%aI+=F%Pap^rQFk6QP@At)}n z_slOl;TnC@J%^upeD|pO0Q%pTvr8vu&;I(Y2X>zz9AyN?FF%$;1)v-;2eA5mnvRXp zmIq8{v_uCeanLB)g+>Y6KB1+XA`?BDat@-Y$hJwMT$E{r8Z3lUAOoYNaZ81&inW+1 zR}}ZDavXw`PR^p{i5?H?1gC;jq6MjW63p8YM?N^B|H8qorVjmZ6Tz(>^TKeDVEG4y z2bmK+5}Rl6X|Ku+0I5bO|*tc!5YV57BgzMZnPe5xE9^-O!LZzb8~N zY~F+`$KQaid~H^1=dH)q{V{v;M|Ypv`DtgrQTL5p^xQMIt$2|g>z>_2|9spEDy9Ik{rezyIM3!gT<*x2^eqp!Y-M|3KdZ2|5Dpn?UK`>+aG{D(wV!oq_v znqCO9lALV4QB*A~(JN?P`C^t`ez-krX9 zIJNAHC?&9emx{@}eLl@b6 zs{*3&oy9JH!+0&DV^IU1%qsECwK^+HY_EEnU(zUM?-_4;Jw=#(?2efcvN6p{vgu)_2~P=^nF@%9 zfP%ZRwI}R0(heJmJ8UFQ*a&5!@x`x8P-;iBKqh}s#yKd{#cMK)HOs`jMuR}pHKet{ z2dr?P5M?kS%3wm2!GspKFpz0Ovn+oxZ7imZ#k8?_vEMPoO~2(w{w=-Va%3A7Xw;!` zrc1tcY0sY8COU{jqssFdD%YA8Ed&c2|D#f5e_%RYQ=PZ29OW6{8n3S#&*{#9;M@f_ ze)0ODujkF*aBueP#~)|UK5)bOd9&}jd*-Z-1BPuGyLS7|J66BIM9UtXyY-XfTW3B} zR&jXaYdHYnq5FRZ$IV`M=agw1)?LVr*fQ$*HFvzY-SNi}%8p}sxb*0V zH@nC%lV+FG>>|?IxKvHtQb9BTD~MG9iVi7CM=8-3{6-fY8J2;JEtyN`2utcb4dp4Q zOG$JjHE3E0n;QR3CG64)uRt}`B}7W&Ex_dCF{ryR4JncMDfKMa8CW@W?5fdyVc&!E z_g#R(oA-Czw&H)EdHECc?vIx&+r4Aus%>zrzT&29SO0E-5}Gg%ioZJ!^~bY+&VHBu zGP~!M*O}@k_8oq5GZxjDN^Z`M5kBNT1Vh2~;2+lYY(h5!iA1VKt#S``4+{-S3@IKm zZ0Lk>?iFS3K&lL;rSgJwSxuyG?ZDK8P-DTQ#Dua5!x|^d2+c^%EL$2`QLw1^uF$&3 z=7M_?8`5F7KH3eKu|(|4T1hY0Xcuw`frIF3Fc1t!2U`aYVB|ug=nsHqW{rFu zW8JT>r=}VeCyQ9*_j%YVv$$Us&$G#*;^Go~bUzPB^kIVmzfLvxk~H+?=Mc}98?kp^ zxou42_Bqdfx9Iw(YK!)4iI)}BOjvZ+OWB=AzRs@t@I&~6ze670(6G1a`|OMV`&stx z?Dqr5O!hY9 zI;U>dq9vD)hU)zZd5=_!|xrZ-G$b?S^B->%d!EMNT=XM ze*@3jUWfca=WJdm@}y*mra<=*<&}`^UrD*7OgU(PI;m-!i+Vm}nO=vMlAB(i!UBb% zThpmm;Jem5@IB?2h+MakDic&O;AmN?_tIyHv!!NzBeO++n|qT#q@UJZBG(8fpwaql zSBw5PD(hxkvc$2hqPj(15EKlHydppV$P;VS>um~(4>uu(A$5LI$C#|* z!)HlxjuYcN!?&RYmIOrQD+@t{+Mx@JDVOC@OfW-Wt{crBWskGW78bH?5L&L$$|2#n z!fa8XLiTk{I4Ypk!WsbyKhQq@8+O!&_WqhquJXOl)XnHAWQLbEmQC`#s@Jjc^gM zSO5Db39Dd|Nig07lP=)}237qUHGKL~=M&pLhX4E6kfK->*M4pYd@VZ&O@t30xb@z9 zh}UCg?n`bd_dd2tzuh|x%`HIC7LPoM9h|bJ5Xc05)M;P=SW>VCtSi_89_L!|`d8DR;q^*$Beou^obeyj5mU*CK8raUiS$ErLPHDlj|n6jxzB zA*2ZtC!B<^akll1%dT={3T&pTbl-5mT)O3Sijsn1yhl7%PZld^7a82E<@n zF8gm$va?oE{=pU+pL%etPZqr4_KK}LYHE_Armx&4@ zFLEL)vV1rc2_fDkE3ztM<{a<^ya9%fGQkA&xN#8@V+k0LjRdiKGnsPySqq!0j6|Pc zAQ-@=FLI+~D$ytJ{>OH4;wkvgmnPocxMcCj6%QP_E4vHUKJeq-gGW4aJJj~;#@o82+B&(6NR2Y>ba7yl@a<7a;cTel?h)dgBDKhMQQQ4j#blEIgyxC@8^ z!L~}>Q!R{Rt}$g(MRG)CC1kTS>c68HCjFns@?5JVb=B~8)Ga@#%4L)CIGG>T5p-NB zYMwcHaZIrqQm2!l#e?Ec=_&;r;>V1d!#I5-VBkBKX{ z0EV+Y%48fv`SJa$Grr$A<9pW9ZKh7y(KGBvjot8b;N*tgYcS_-YFxOeuCt3X5?3>& zbLUfKR2i?oL0BIixrZ@sl;e@(z#WzX5zE9mAew~LqZh1%fb3ypC=xJqP?-NS5}f@v zg5v)ZL4DC=&pDZCGS?5kfqsK~_qUyd8$SvFui^gbOwdxqau@CZqNU>+7V)6C$PGoe zYES`-M+*ZS35S*vNb!(nPE!~OKqN{oHxMNxyLj>hE}irmYuM-Zk)vEXAm0D{vwiP8 z+lAIkQWJ=Kp#IPy{n)WXBtVnN*y9VFRE0u;P7qH^hL$WXIa-RC#aT%LAmG%MGlK+69HCz2mLElrF%Jt5i`$tO1m1%*x4RdId>n^F zY%KQTL=1|`b=q~%!s>@8N?6lURkvFw^VIBF<3XNwv>m9h_ioM<+hA`iphz-R$86?50v+mYXu^JzYv$H)nDWr}J;r62l)_kZ zInz`Z>Lh4M^%lGr>9%{a3F|R*yENmY)D6cOGNuM_6_J zh-xjvTNK<@irYw#=lfl5nbhWEJ|FB$)VeDYH14ynU#+`OKML;cfot=zolGOvd%(gb zVweF!&RCEH`}TtgBWb`SG#-V;a8j>8xCTyv+`;UGSF;UV`}yx4xO(&x%!PA9*muv@ zuqV!&gu0%@Qn?UQmjqwSM}je`o!UzyJuaG8;q_OGAtgXvXvD36Arb46rXXUiQbYp7 zh!TsCB#10S87ScvjtD0;mPD&ep648n#u5Cdtd6ru6U$yJP3fb_bU_o_T+OZpt~D;s zC3cA)g^C}V?4jaL{XbZc%@P2cSKIzww9A)uW1X3%OdXwMtg}*YVmU)+Bc+DwEEa!pIV_PTuW5DePImt zu|ZOsq@d+W)(UPP{&~s%nSEXi7T90`2K@y5ewV-2@m6&sP8$WPAZDF-?w@>%LG5o{ z$l?iK%dWT#lqk>kXfoqVi*T)-Eyc2^{LK7m_NAC$fhV*cpVLWk{s1Dpu2UUH5QH`()45q=2uEcos3VRZRd5Bw_oTl5Z`4}bJV_Q!uXp540lmvG`wv;W8*h1D>+ z2fBWc{oK}m*-lJnDhPqoR(ysr&xeNV!+n$VNj}!4#4$$%!4Of%far0C^pYHfeKc5_ z7Rl%uG|DBDF%e<2Tv2vm4=UuRYatZSQs2 zySa9^XU4wy2eX}>FEeoS>dANdRboMG!@O!I9>WkQLIbRX$K{5ezOjjgGsXFZ*fgSY zl9mE3i!tF*>{4xa8`c9Hz~umVVE?qo6RF1A(|d|astvMVP*Sbuw_1LS+kdyGAZ@qf z19f$FkitG@oH;hNeiK zC`v>EGVdWdRa{7t0>MZ)9wa@^TRw*@KbeGJ5G0ByT7*KH<`&})Zgh9gpT#VexaZUE zCwV8wl6R(+C+_}g@~}KlhJ|l3ix(8HDQ1d`La3Wlo?=Mo|B4~}f90#m%eMa~?LJR@ z;gg}f-9#j39#JxxPP|iFNpqv@)F={{CdhM%IS=wmt|g0>R;%d)49@_<0O3L^JKdO% zM#8lQ=CmICb6c@my~u}uh4|OSIvWW#=5u7QrR7aBJrPF6Bt=Z>+fQsmn-0IX;+^+L zl#ahPcjk@pH(lQ&G5n8k+g%TjeB{||FRp#mFPA_0Q9-JBBH1>aP#eGD1t$@x&_*;BtVN1JESg z%P*!@AX-9NPGhFAirN8nA#+^p z04WDZJ3xs8BflAeMF)C(CQhl}RciT@{&-%6?vY4)qUnf~E`w6YL9qH3Z}RKNBE!ZMvM25;_(1OnR~|Y)HdN?e$zy= zsVY0{Z`A6MDt4aS^V=HgdE_#3HDEKjx(!0nmdwWT>{HLlcgM z&2RzS0(sa5TP$}Ea!Yb++~aE`$GtB(G%9t4(4;gdgJneAx!s6FMbB7;Z_hK1P;0pNv`Kjv^2rQ|zULi1j-1PTdvt6O6324p z3>gJXXT;?OG1y34$_p=&8SK78iO$%al@Jw>(Bq_t?b_(gTK{p zy7&6477rRcD;b=c>G$l6n}0Ta&U0e| z*~Oo$ zngA2{4+=)wl%edH4YHX}rnAL}?BK85B}Qa6Z?D>7MD7wJa+9B^=NH9@?QR>PV?C|A zrqNMPRg4U1f>lOdajU_KupOv1*ycB;XU~7|tL(W2Zw%eJ>Z5&J`-NSfW-mN@A5_0$ zMqSwb`raGffIdP)00>KoZh=;kxNFun6>Ue7+g60GA`$-1d;`wnPdvNPd6u&A4(45W=RPdZc!`Wm&KzM)}Y zs4>hlG}HjDHyS+GhxA9qM>UjZnpHZCgfsqXu38zy4N`{t$8qD7N&e~FbY-4@3AaSK z&98BO;xzDx7=MvSG>dxjAv~dpdf}s1oMEwP&I_W*$@p<4)valY&+GB{1Hn)T>-Tkg zI1n<)R`D2QYfbcvk_kA3u!ZJ>5QI2UjQc}Azdz(rBq{FqV9;YInr7;TPuC5Pq=+Fu zrx`j%QQRet3F(?9Nur2wpF$pwVE{1_3`X=TB{&9{K*6OS|17}4G5bv70}qGW;61x+ zb)zW~9?^*{_0CARGcHsg1DWD*j$ZTl3iET^_TAZwZOo&Yzl*`rvTMb=qhoL$rey3Dw4R1d4X z)ReFCdho_uh0S>qxq$Gg>}_uyFOKw=VesqUj7r9OeDU+_O$W2@mIy&#_HB&U^^ZLC zmty9#&PevJf4irZc?Fw(O`FXbL(e};bmwbwr`Q;K1tkhO=r2`xr%_!eC)2Q&C=B%hpy5W3R55AU0-ZigPkcl?}?< z%0JbAW{iH-ZpiAD#nr(+314VR+0A9BELQ2Rci-=R+MRQAPrF}rf9q!4T>(2cT|49^ zR75xpp(`sv)<3vu3WA#_DGKg1p)fb~ZMfYrCfJ5vwA4@qReB%t#bN^J>N*%)BKL_g zuCl56)b5@mJBmmcJ6Xv0U#+3D3(e!8jEK+~c4 z5H%NQniNlMLEcSG2b$Bt_wL_i020Q$(AF_B86E2lbh%MS7uTltVdnGC38y}psqg5_ zoU~Vcbe+4T!AF!qCEdhFepw>ACFm`MWOf4?iu9>7^qouWp_+>hfEO z7BV__is``A6oG#`0D{;$E}~9II*<}AHCpPlG-#R6J*{@H)}ZEs#QnbjFo5;MTtXN< z#w40?x3++--~>1gB%o<7aIudu+;vA(X+%@-Q0Z6f7Ad_IMX7#t#-WyPthJPYid~sP zEE6!tw%i%4e^~_WphctOeW}7`5hQ~aL1B0`K{6O2SA@f2eu~F_ipPG6$Nu7@0xT5j z1thqs&qyYx36$#y_WDD5w9q?ReYi{IveEP+;x;YHFTJF><^3CR>!LFx3ucj%i)YkU z>P;u{A61XBQtV`p!JwU$n$Nv(RA7RBOx>=6Z(sQ&`;SFm-M#Yg+cjM3B|LBc7FlQcuap^eLJPc3(U$<7uh*eW+wK_=UYJ4@Z z>(My*I^WpXEHs^)Ax-l&#|{;KzTonz9pW1nyI!84&Qd?;zYLs%XWTmUGj5lzfhe9@1IT{N^+Jw; zN`U>;HBd$7^Sk|Y7E^}i9B?TTlu#r{>H0AP>V{=B8*2=<&?1;?$7~G`VUY%9vxLhS zJi&8=MsE$OaFTg6++-dNCwO5vK?(v`&6JRqcI9@%vo32T$AF5t;p<{kJ@X?|W6Stu z{ut$M-27=*5CnTwd+WwN3Rl2Qa(MdyLMz%`0Mb#%bz0nfHE|+87z?t2&A6FbJdJxh$%bwo-t7*I?6DzFV0$|u8)El-`OufKI zZQxRB0~Zl`1{Hbh_q)80(3kfS677rvU(lRU;zgvZ55Tjb@N2LgB*0lHgHR@OwmZQQ zpWzv-wNt9=$aFLjBe{;QqpT&1Z3iy5e7eC)0xx2HMwdKMVDMTLVx_u#?OK?@^th9v!i{rg-u=;%@A@y!e8RS&t|^CNjk^9`FX z%*2#;Rdx*XHKx2cD2KnWnq4l=SK&(eu5}Ie@lrv!pu&~*RU~U&eSO!shWI834X)X) zbMoK)?w-ktk}Hx|lw4b~rDAJ^&^OVytiEE1Ye-^n*|@~GvN^)E#I&;JiZvCVl$=U@ zll->C2nKk68`{-c8uJQN6zeAFMFsI1a0na&SVKjtES-zRGNVzdt&OvLxwz)AmiY)KQ zbK{^L0;j+^ht|(ovnl2*(O?P`6;fm>q{viAk*Towb?vBjT+3-}p;oVr!kUKth5^c} zHA=aXUS@(llffM zleULoAr|35l2}7^#1cDSm2l}`O_f2tR_X4U-ZNiy^%=Ni)y9w;E^Yb!>6?Ci?`tcb zpYi*xKmGc#=U1)VzH`O0?G2GJsXo&u_G`HZ)_wXYgqt5-b7AiHN0+_Cl>hqB>+k*i z&7Tvh-2eb{ih64vIsgKgr2N5Zx_Ff;)G4-x8O*e+EUoef!_`62Pz)c#L7>Gr!RL|{ zN9HQdbdxBCRZhJHDaoqpTb+~OAqfVkzztY5J*t$JJ~FWqu}ln_C`Bz3DMF5uXgHj{ zFTqD9ntCYd3M7(RMfcC{qv;4EscWgMx^Hz$;B){j2y6|s1abj3fP8eSeRN8Fbn<;E zJ3g!9UY#cIRWUL4o&YQjCFNrZ=d2**7PK=Ye%CEZd(H|_4uL3pK-70O(m!-`sJr5} zFq2Ok!O)pY5g?z%OeC{Gme_b~KH=uwLdwl6QK*WTLjYoTuLT*hR-YuC*lT8uq(P^i z_Zu5pZ$Gs3mEo9>m;XBc9wkl5YeA_<|Ki z@bqrzHVMh0+3Pjr4TB z>V%Y&9=(H*{GZQQxj#z<1?vb3)^VHCe#!(D*pcGDBEh0Mx`Y-_bp|>f9YW}fy8Es# z{djAt{0yG&jjgS%>|c%^J@04J=RYA-if5Dgp5(`&H}~0@PF=2h(E(T@*m~P*DCkVt ztDEyMRVerg{6vY-)W30Oc}7ym6Z1}_QFZ{y0hs(sD1Q8S=2jVbc+;Dx7D*t|Q&KGv zl?rb?9IZ&u3Tqv%;aQer`F_$+mP_$Hv!00A%4=5&*$QU6&^i>+8WiTH|eqzJfu}#X7N$p=I8Wst%W6p|p-cQb;BF z9oYD@S7lqWR8deXi3J69JW13osKuKPcAIpwE0JG&O_OsLf=q_SCHdT;-3gipvO7RF zpY7Ibd3!_m6uQ~va*}(9nMrQt`ILpCFM#jn^VQLU1a)_Z$jN`*6}1nCO^vqC{GcIRW4 z@UDEeWH(NA33sv=8g}PJm+&8ZNfAf64b6`1*Wb>Ptgf-Qy?Wc*B0G!HN?|dnafRH| z+;NT_g^SZ1Q^+mg)^ItF#d1YPj4f)&m8i(^V?FO_01tuF7?rxoo$oKooq}$1$3`n# zLlyJtsS~Wp<(%+Mp8bH4?4|67@E_vb%4b&6y?_0XDY&zhCRy5g0H4O%WD@=90PyBn ziry{1!v+ioC~$@^<^WL#h&Vujv*01-08s~sIDq0reN+c6@9Z)|jbszZXQm_0na10^pL{O*`fqGaC zCxNA#D*-lH@sQXp?SUd|D77UDqx1&Rt{X(@4Wh)2Wsn<0sg@F@-liyFR#aVzD&$sC z$C(=?cPIs@DoHP&q|7c!nO!mkj{!(rYp4(qmd8+*SMYBvkNRCfAg>c$aIB{@mX9h& zHcGl}E?AsugUj|LhF+>6Q~7AyvU;~l`&A4N09fj81w}-wT|kf z_`GSKVnm@w^*gGQWApwuK}+5*LF2se}O3}0C!nl zj^Vv%yWXb%nfcOtnmOy`St2KkFv>00;iLMo(1}nk#G0bd?F)FYMh*FZDyweA?I5k& zp*VLw7LTFg5Y?hXRHJrLUD`!;X;+sn?V@bNRYZ@-uNdO-QDm-MBtid}XQ+yONkhh7C`d!r7-Kpv>evC^kYrI7 zWQNz%2JenSP4?swhAeDYNQ5XwjJ)f<8&+(1=9W*Jw~f~2*7A8*FMfedKl19}1ta>b z>RgQ0-!%Wq2jA(#R^(kuxfx@)GBgkQ8D1Ws$ zfo~LN@pDA6S|8vU5U2?a)`xqB2L^{GbCad(^d?VJ;JVO!ZoV{KpYNF;m>#+n`X!!I zCo$u=aq=YPMrH;#L%vawgE3YxFr(@oKR@F{)W5g9)EFv`QX4x;QAg-{0hvI3oq2CQ zQSI`{j;EbuM|-(=J|U6Cy?4XXYJpZ8F643WK01MxaFeU`33oZXjIl9gb^o|f$S^i~m z-7!I5m}$alR@0^U;bc}4pD58}q_Nys=?3lwi6!a^Im%04=>YOCc<63=4|?wIU;G{h zZu`qU$Fm&=c5hg}d(T}Pb|Wt=xo>IqkDW*UatDk<^}ToB`}Hs0eFt}TLv{|Ez*yk{ zarm&cMA3Wbm+QlIw%%+pQK4C;Bn$fZ`xIPNu)y46iUWcJqSpkki8hLpl*z%#(YfM0 zWsW{SI4^q0eBbwJ=+nsi@sqxj@e^jw3?$i%p7GbP1N0&6HTp#TbJt%AvbxJ~Gl5u) z$g4oi?E>zwgAic{A;S4|eGC;Jlc6qKa&L;HnbcQ2_eT&Sz%%*l%`7(2j%6`~Hx7o3Hv zSh_6qI`Sak_tC|{B?i-N#y31S;KA7&kIlX1_-zyK?`b^0blFQUELprOJBRzprZHnS z=N^4Fd;Xql2Xvlio;z~*-4EY==eI5{ zk|9c>qDT-5;<)< zG5BuQ%1F=9!~e;NaZ+zOv*;wrz`#RR>%0mI=x=Xu(^Ujbi^!5Nd-QAvrhxh7UC&%G zr+(7^TyfP^m;H|~&Zf65yn4V3B}40*7j=Gs`&^$p#q7c((~H3p(suFM%1)S;rQP18 zV*}}Kua2>SVh2b%K#>C^9Dux>$68Ij5k0$t8>M<(p-72Ypya^ZB4h9Xe7a`xU6sS zM7hy5Jw3g2NpeZ?n&KbGPbv?VK2q^eujk|)%CjZUmF`LZA{{7oG|eIhNIF2V1LU8V zcOHRv9*TD!lP9Y5XO<^kJ5el2DKZ-|(|*>~vmip8u|?qu8p;aShew5{gkKFG4f9&K zFnn|Pc$h5=-ycTdpI{8|V|=7h63a&p*U3^A9UjBBGt?njLV9SAFHlXRC%W6HhOp=4 zf*T7^LCi0(c8&n`k9^_yK)$fN1dZ5OPgh|CMvB9hH&oq+oL)n{@FBY-R2`;oPYs*o z%&Wl7VQy3nOic~3B1WUUn)cN_)b-ubvq)4~yFx=9_(tTP>pMmlK- znan~Gz3Ha#c97U^hP-TYAx%Ocb{olvBpW*oA)keS^%<+AM?A^-D$<7T(Y-pu7pZ0x zNTos)ay@Vn_u<`yI~fH@(0GQ`pHD2 zMOi#&<=jA^GP>^dM<&d9bJfw0;pMS;i)IYEJQ+&$8Mb!h(B-9tnX7M`6}oQnb^VgD z0+&*6Q92RWx`vFbKjwI?lBOAh2%YdS?6sOS?6V3S?3*QHo!Z8OqW8YiMQ&I zH5LPF!Vo}3l_3KHx|GpmEHfFGrWb)Cs9qw*WLu0WFeiwErNPa@0%47?MPLC|ezpoN z!Xe?9z|*B8`86bGD6-P`sL`|uTcghd`Bf$7DDDxpiild`qRVSnw$doHqq!gi`|g_g zFV;O4Y#n(o^T{)HG}_x)M}(SDRi(e(EipY6v?IPG&}8(Z@71HZhe(fHTX(~a73L`J0cPOw162XXehE0rN1)4o38X?nVrWFD6%(ZPOVC4uJY88z zK`Ok0U6xDGmk;;kqX0o_*3uQ&DjBj|5FQG`;K&G>*b-v2L{3N0g2>iLOC%RzNwNuv zQP8PWlzecaOOTSc8=KNG>4d~ejv$q~1Zh4lA=79Cxg(XI617?+8U&C=hA(lz^)ldV_JA62s$J=nSD-rhsUjJ>UWEb@?-0VjzZ zL|idlM^~Bo^oaiH5sZ~YhagWI-Cx5&P-N7~M5L)kt%U8~YLOHO-*gY&!u(by-We&L zs0O9Dph~7xl&S^+T;RP=tlLX_Rs$0kno*FPB{UY{EO%e({9d7pwFBT*=Kt$k`Q^j%~Wz zN0b-fcC_8~ys{VUccygFDK8i&^v&CyjT|O`VUvdj!oq{|Q>T_rg)ks}tEV%r}@< zN6Ry2|KfuYH_sG*nD8+j8$nn^k`UxmWq9Z?c$@QYO7g_6R@#p)XrAH@@hkY z?9&(*6ANn|-o<+@k7l|o#nhrHuNAKuXvOmZogjE!*FOO_(Icya*{(_^SI z_IeD(+ED#o4UdK8YeVBKSG~vbpedf$J;>7ruiB@lOGu437k+%!k%zWT(dzy#{(tSA3tUxI zzQ_OjarQZ22%;z|a8M8*q$p-)nj8@DK`DwNn4^|x8kJ7iW12>fW4=;*S&o_c8Y@G) z9-$1eJJ>jBT4~b_o60GB&XiL&PBmjD`~LoGuYEXfQL^cN?)}`)!M^*y*V^m-{I3Vm z(Ifss+oq4Y_F(x+;lQ2WZ9j8E40$dQeE_;D(VjB!<4*{@qP%G(fMoT20zKw2$+e(ZnAgF&De zbdYw}fa^dJo8fjB`$ZVDIUFG?XoAN}vs}gI8N|2BwV$Sgb$H*Te?(i10dzCWo8hlc zC+g2`;AfRlNvmPM7T>4BZXIL^%p37O5&nA1_Xzh2YR?iFuNXmnwxJgwGm!uBR=&Z0n!$Mv<_YPSX*w4xjRm0~&i@1{>HzZ-$cT`% zIa%OfxYn2akmaBw7_GiWH|tlEg7SLQ^$BSVS{|3vd*CX)j7Gw&Ae}|5y>(O^Pq+7* z;10nxXmDq6clY27?jBqQ2mwNHcXx;2?(PJ4f;$9vxI=#TdCqyyIqzBPu66%lR(EyP zu3fvTXBOYxU7rebOXSop_HPK6VeJVV7W&gzcdm(52=~;Y9=Gq;RlYxP9$GqQdsyf< z!TAbk1~I?VE{WoWi$ArIJRWBL;HZV8m(-;?cHFG?^AI?6LE3!C@Pc~6@yjm45o`>e z_P=9m9Bo>Q-~9gG;gMxU&ct9{;cKf?s)^t+v7t-!iGylxp1ea1#EvJD3hb9O7=mBp z6nFKg8?~@7Qc!K3R0bH-uo~YWCXv5jY|e^#iKlMV(=5R*eYX}IMzh4Qog41qQO;D) zT%_*VbmzfaF4CO}?%96nw#BwwGz=Q^4p|Ok5PxLEIeC#Cr)nt95?h~+oK{ls-}krB zso(Yq0yz0Cx^yCR+Jy=p8G^N=NwnHSDA=(0Lz{uh50v^ zLRg$i@0&{30MVI2jf#ztbZx@b42Js9Pwz%BOzR4Di@!wX;?mo6z|=Ss0}n2geZ5f+ zsZh4~9w3efngp_VY@r!ukH#9X1n*}(wYMX3k7m?xr_mBU1F)G11-6f)T%FZZo$5d7 zES=2Kc#J064kKD-y%NQM=-^Lm_j;``PO1Y#mPqW-D{lMS|Kl-2Z+ZL+45dcwD?x^4P-Zp6Rm8$Q+T0# z|CiyJ0mHIYQBz%wG*kuD`L;cdkc(c!w4y?RhiL~4$!LcL;W)p@4D^$4&k3UWB3g}w zF$A`*6e|wy1cAiFeZvf3t?VMjujxncDxts{}F^f(?9 zv*j$VEVsnvF;k7GMY-c1U(QCJCCdjFS0%tJfQ{ww6CI>{4 z_GA)t;978HY13Jn!eiMLuNt|SOFe#aI%{pn5j(%{SVSj2m z73GxE2)?90YL~dC%CJc^$dwAEm^w1! z_43%06nMks^AxvZdjbVra|Qc-tH${dnl-BpYn#8-e?vax1&FnL_sOXZW@y$DDg-mxejS*6Rtl=(srdmm7tvNIQI91p{t9S zuV;h`JL~JBZVDrmk7rO^E)yWq)my0k`8^?W^bq~d%Aefn8)M<;aY#XooySjoTDCv5 zX(dN#1==Q}#Hf=m(J*?5J^!t756E_eLceJBhv4nrr0u*#@<2r&pxI755;4;DAem6)q z_@N%@q-NabsJ3PxreKBZLE`K(@ctG4D&5~eaN$;vC{e_slmrG>GCRmbII=9r$C2R` zrVB6Z)4KUrDi)ORKoFv9QX4_DKXq%vw^ih*NR0Fsn6rlN_Oyqp$q9?SLHJD||(|C)>7ad?kE2^?Pc&ejYVRvWI2r1QG70 z3c;@te+~0*#jJ&?`qL3&=)IlhvaiUPs^|Np1fOn7J9V(b&otPQZvBIp{^Y?%f@dDz z^_i1O^ahD=iWaskSs-8y2M+kCYY}cNJ7X?N{lImJ_6wx&yyVoKjm6_!Cnr@l9d~`DCe72iYm?CB;F9 zjK;cxpLdzzXir2?EIIhgpZ5xareFO?u#ewyF1w6bOZ7h2hiE0vH$6aI5Ei zBTxPd)7B&}f)p3r!w{p{dS00*yIgAoj#QUE!CK_Edj+^uET|C!Alxn|*i8m(bCDgM zv#pH0pgQb0y4$Gb1+Sr2!M@A*U!g|50uuWI7m_oQnNm$8vJKAvnVuJUA#{5lKpieCcnS6_EaJ-+8|j~k}3{{7KqKer*P zG7I^Tt`BdGAH9)16Z6HcdVDO5EGp1hKBz-RfVVn3Fg%I)Xlq~3Z$X2Nv)FbN7}Zcx z`Gc+B!UKCj5BwTnUxwLMvO(*b{IQPP^Z>++;2rd6G1-|)NcBaRK48uzO>!;uNIby) zqixm-dA!}~glhY8(9P1f3*c;A$=J7-YFJ|+#GxJ3A$tn81+hwu548NOwlZGsc4|=E zR@CGS-nG+02l741DCp)9TfTZ?w(QxGhk*+Y_boi=@&+prj+Qo_@|@&Jd5$+i~Z z$0Xm+4Vy(k8D|Vx|L%+Oh1AqY%_XqpdY5dl+VgXZMdRDYtc8%!XO83gP3%D~f)a*T z^9(=GqM;q4K;0(Bm&*km#AJxM!6%03bC|MP&N3V4^(ccK^{qys^#f~WGda?3-PL}erSx;6a~-Y|Y9_nJ81~kN zWUY9Z8)bjHaGa%>FsetIqo)0DmKApSM*Usdo)xi4#gIM^y(XV9-3Qs3wQG3!Is0r~ zTdJ$gY+U;fL0pN#3w(Ap><~&m(?uV`A3f@=fPcwVjTCd1`sF2OVkvh{V!3LbFGe$+TaVy%cRefM_~|>fr2pXr6_klmfo&<_nH_YXsnbw( zhTQ1$os|aT0FP!oErXKC+SxI^bA>;xxrsc>%XBj4hx?KNC=`S{sXE=)^yI8{({}$f zpyQWZ-fNHbDaeSFuceVXr?K~&u_9Aq`l{WlH@D+ z+p&OEO)>EbYbD0=;=#5=qg7FwjBB z4(NI?@beL8IkX+Vh0QweIsCUB^Yp{``l!d;V={*N-RAOY!Xw*$5M^dpF{u~(na&Rv zDaWD=+A|df9!ZXjRj0=xd-a!2e!yuDsIVlM&8JWop1X%bbi#|+`-=2V9_D+wByYam zs$#OWbT&aXNMv~3QO6iKL6d%~G47VR1L0XVJ7ME-(}ts?5W~vg&Qyqp=c!nroKgU2 zc*^#2bDSvmXGm@IH8>e!m)T0YRxQGG5lNXb*77AL9lyV~8;6El+jwAK>RiNR17&8> zAdOOlJr>kNd%k$EoCXR0KIdV1?IIbwWEdTw82FTmE8nG!zmEzoB(-?(0al!IZ9->c zV4p%_i@bKcqlR?Mh4nHD1h_M{l1#GV-og*D5=@&MJ2s5`V#L`#QQh{EU>wM`MMj-8vL>dsb%S)HJpMrm4a8O`H#uVJN#0jE3g%Lg`!)~Al&2KNCsJujo$Zf%X@lyrM#0hlgQAm5&ZL-m*S9g>c% zUJ%9U6kS=HZ5@F1i|^8*waA3a-W0^u7KmAH?J>hHJyIA}e0{pyt7P?xiu%{omOJw7 z*D3IGcbJAYaHnn6+q||b^?8hNmAf3*$a?cB&-Y~_4BL;|-Dh=k%`@B2he7Ypv?`Ff zeYN|Z>@)3)BbeO=Qv%NEr1cqZu5h$Al&!<$x#!ke z@7tdEVXHESy`0JttBe=frs}2lkHWr{t8{jSkgBL#(sM>1;y!Ib zaVO&Kb$?3*{g~z*^`I5ok=-ki1M|`=rwT6*SO2EGx}?}!Rk!wK0$sNc*H~`3f>=lK zhIivUQn?xSXAPmAB1Br|k0DOL&OL73hMSbNB~EL1HZg^Iv`awZmVQ>ExY1ghcCR0c zLfY-;B>fTRi-$b^rGx6=$Frkq({qRVU41WUo+6$ zl1UA3@mG**c9B_vTA}n{eWCQfk1vTn^JIcNW`DPg=9#Icl6N|f76x>LZ z=T}R+&5w&oMWqve3iqsWzh6nWQ zFN(3iQ*YV_FMUeOyvf>H#fG;>`xH)baU+nrO+avfDILe-PmSzx5K?`#)=&2ACWcq^ zx<>TlVYI%n>`%}y-}Jt(6TvWs2t;AC3fQ%W$BDt;vl4e!jaZP*Q6} zPYLE#U;o;c!AFu&#qF17xsHo=>+Lm8?Wr?Tk@juLmDm|$d1-<=Zpkuuj9JL;qBNudExC`Jl1*3X24a9rbtX26a)Kj+MWg(SwsrM` zCOQ-#j*O58*bsHhizyg}2neBBB+IR7qf*sr*7!$Zbw8*&%-^f=hnR;wFjikPX8bzjb@!6= zhLwJ-EO~)sbqh|sLb~5PA=3wc|1(wDvRTh?mMFMLhRTS_=Zc@q@k|>Wmbz3NP7Ubf z_Guue9F!{ymMAFP+6|tTw@bgzBKu@dw#!L_hxv`hfP?vuE0n$DAnM0=1VZn!;y3Uh zV`lw-t2qRCLK0I$eZ0P=6;sXqSRpfVZq}fNTKrf{B=f|6ZAz-Ib_;(W@(>dROA$y|uXl7i^bWIbg zIu*qejH+ou)%+MgojdH&3$*=66)O)+UiHBR{QRPXXuS2H^LVQC5G?8IS_&ZeN2^Q;>Eu=%_ypZOFF+@=9oQm$*o879gWWzgf z5F>{tm6vE+&7b8#tTbIICw+34*HEsg=aQK@a0pg%D4k*8Bv#Y4;xyVc*$bG=P3M)= zjPvm}2mfa3QAiT{M4W9YROp86s|9$mnEZrIdq>IqyO|B$r^8)hEBSqOrwKD^+Pm*k z@8+dXwq?Vle@I8-6|81viBZwy#*9+b3D()lidB{K zm0QIXrN4$f%nRmHlktkQDYj*zD}O+h^6;H47PAkpZl<+u;N(@fNB(qR;WGSAMzvW; zPZ+CvB@&&Fo+%f~h0erGO@yUYTq7TNSgxjBU75b73Qz1MC|jg_{xBb~y4Db5?VLZX zgPK~-+h$KmfBkW==)7|`uofRWheL~NHQpicHrc=X00h!h-ANxYD!kQz7j4^t-|PV# z_2eNWfqt#ASYovHpy}ClU+d{Zcds0b$s}zPnKT^^__%s{k;5O%S))?adwu%>_#_R* zRpA@X+T&L272nd!KkVJaJMCTE5(|D!-r3E$;k?(=h>w9k(VdL{W8}s!{*oX*TdPsy zcIOwwNL!@yppW+&%~(@?USY$E=dXpoJ7SKMEuo;bt)Z=il_ONp7TDquDil#bI&mtw zVi6f=4*A>EehUz^xTzS8WNlgfwh{1GicD~gh?NYB+0?i3-5gnr#mW{o(&0wcv)vJX z3#6Y~q?EN8bbm#gHU!ei$kMc*oM@eERr%{64^G%_vWN?az66*(X`Kc8sX>c>@*D1* z5~A!#3eJc2ix(flkaeY@im$wIbffV#SJtkUB`8Z9CFr?X`n@tW^$kB?voY6X=gc7p z`_gS=+&?&ZRk@mK$g!c{aUS|*gE1a@MO;h?XQM(^EWn|V?$}OJ+)D2>V&?Nk0gzP< zjuY!7Ms$_%7=jbn4998v?5xzty)ZXn2jL$W8vw;6ErX^IhZ0AUMnO#!5W6Wsg*P=c zl@*&$Mk#OU9Ba@N%wyIP%mc%Tb9dBi{wg;jt*B7~o1l=M#L4iM+7i=geV2^>2Q#cY~-oD51StPEgi=O<2&fzDugP{v>;Y{B+vR}i{pbPDXc5r0DG-3M&{$?UN)hIZ$zo!0Q(H* z=U(xgaGZqWKS~M*QNami>N;XMZ3+hq#ehQF(c`Y1bChFD!3JZ7+IWT;vNnK&w2T4? z!k@y7MgE$5j0a3#EBGUedm5k9P6Z!3yVm5UIbWtezwLi zurusOoxoH9#R8n&?Vi^u^Y2OHf2?ImBfp&rD$Fa-Y)`R*k{?=6~*+g`{g^byi9Wd2bx#F73JghuJ}|iMtp=DL_BKp5aPgagw;}y)2tIyu`k#hCaFhQ89D9r3zhGAX!HxS* z5oUUexPqZAnA`hbxq1>dhUQM-DE_S?B4Ymr5N3Ge-!ibVzCm!o{elr^?BEWWgx^?u z&R{pV{srE12GfPXfnbt$Hng!c7Pd3DF$KHABx>j&Wol_|0j>+4941xpa#4Tdx&G|~ zOhf}OvA+PWzlg&B7k=h*KjKCTo1WS5 z_HI*yt_02y{n#=I=IZ%U{SB%IC?!f_QjDlHR;%sk7&Jwzgs5#3Q7kUl z@6VhZ=UI@iG0pP9ED3={*t|T6XS+hJV1WR^0;M?JG(0C|EW>6-B>j3UF#AWuzSh`z1D)@i4e#5lfyBCP@+Ut}5{$<4d zcJuygx&H4n{dODuT_pdW=@TsvA@$jMeRCMr9bBfd9twT7kVII=Yo^QBe8ENNA_q@+C zSDv-4&uVU#tSj4Yv>#PBe@JCpY!3OVymYtPo;Y6`qO@PvC{5kvWM&qigoj`q@&Qe^#U_fBqtkva3#7_zLKR+*geu@9Nchg|>>x30%fmngUR3uTvb+Ts{(e7JY>SPd@g+RB_y2Y@j z)drXbSw0BZJ<#^mw^7tJs3lR3OO|gDH9=FZXVlm8d&`RvVrepl`o_`1w-6nl?(_vg zNnQy1DJYD~5U=&L@t^Haf;ZJ*-n-#@J*}_Q5R>3{@)@aqrFE@zBj(_s-5UC^%D086 z%9?TUn(cP~s1T~?@LAjBzSd;)F#5i$ihqjMl_FxTij|wwQ0^x50P1K1eh6!>AvYog z2SS{RN)lEJo4?f`g1m|^;ksz&aBXvcXT!gAX4xxpPEm)qAjsbH-d&AW_s65 zhNk#h8(ERzxoY=%*xgn1eURAn{=Qk3`kkT^`fV#u;Hw;MYyQWkeD&8nSts7Qnn{K1 z1dJqm0Dpq#LFC;9E~v}H!=r~4gO}W$8~_MI6rth*h$UckX?QDF#d9mLJ3(;%>Nhbp zwH}jy{s3Gw*&(Yv`n_eaJYr(UgtgYRKQq19l$bkNT%6WnIA7WZM8&ui^)s!;MCfRV z5>&rTFhyN`bj{8leRdtC3UP9CU*kn8wf13&5IqJ=`^s!bjKurHsOha$ZK>>Zel-5R zlWM>0W}Vq#ACeg&I67BU0_W4NkIC=C09krmrD zwpGq}%)1*~yDlXt?0r3Fsu3BtT*swHJZZ^YghV>V({nP5k^l#F(nDByE!lJu6OW0%H_)dlzw z48Rr>ap6>CP6?xbtlRA7lAH~Q9d`xqA#->_-#VHTTu3k5<{;rL0=Tz&Waroqdp7b7 zX_#{Yc#veZei@Sgrsb9Ieq_lf9{icdB5g!OQm&iPY2^P?#4*Ei1~9Gt?yph$(_A5wke zr4EpwFEQG4NNl7P=b1(&R-3w7*}oBHVXlvKhwL-B!!DHsIUoP%aa-j@+c#N_VqPWJ z$*Z76#5kv47~FM<*7Pc`gPgKbYdaHlxFpN4{(OE~K%dAuT;ca3P@U?*0O3o91x_9IwiWX9(MxOih1zv`Z1|cmI_wn46&o$|sg`Vg_{S&2#chsE$NmuvXu(fd5BFXzA+Q7O=RbHO6j+-E|jBoC0hT~}G! z%3=+$kx_6~mx;l0L2p?JRBkm}BA*I=`@gqVy;!x6andS>QEX_m!YusgKEG)?%+j6q-LCRQ3|W3cZ>Q;~2BWQx6NleaLk>6-x>)(Yj!r{L$WZ_v1XSzBcbjiI&vX%>*5;for*nP)EK+J(k^tWt%9 zS@4^T7<4g&OyE;ed3!??{i2x(O57Q7f2~PdhhX0-TRdJboY)&5r>~yd?1d6GrK+$* zm;wZ_em7OBI7jtLnHtzL<>YuMci{H^s&6Bp$LA~jffy7tfq-g`|3~l(9N=eagp%9b zvPZDtaUY@E_>wyKIqN;HagZ{@W(Gz@ zlD-Sl@d8U{u%fN@C}6a2@zfv2dI6`qDyFxIdwgfPI33FVl40$T-)B?9K9w_L`V>!N zz-z3O zVMM<8tBn{NRxR{_Vkd1$UGV(-wUldQi&hW>Pgwgk-Dhj>B&)v54w!_?4r*25Us+q9 zs8VvTZ&jPWi~q*aqRlf|xF;dx*yrt3UuX))49AaR>VA>Yo}l`=E>xEldk-}N+lkm2 z3i{TJd!Y1d(nz2>hM-Gi}>VwLD7n%YFxCM84fv)Nqvo-H-b}(Ph8r`_~aY zN+nu`hJL>UT+WB~QtuaD zhnorKi9`Q7X~D9{O#89mGmOBwKFC_iUKAU=i)g_DtgyCe(_*)V3YI^iTw96qpJPjhn`I3J-V2LYYE>T_2`oBa(lzZ+}&DBuIt(C!W-fD1$FV1`Kn-u7Ac%_Rzb8;;dvjg|gXx5qIJd zyLLEFg;>FUeTanhpxlI5Bg#2ziO-0{-KfGZ1R`63_hH&|U-iiYtc@pR2TwM28asfs zK0gDrDd#s(_BEGVQ9a&&YN+CbOklk?DSdH%Uh&0CxX65rSemBvu|rvdKd=p_W3|Au zv4-JoI3p2^DnXKikqPumh?em67jA*eRK|xS{_$cSXK@vqGLT)GRwlQb_)zo{b78X z_=)PM-`ybD$)*eO${23^yP->ez#vjY4McUv^@i{;w1T$+ zJy<0Wiv>>g$m!kDU1MP@r~OQqu(U69elDl5>pa=3*@ou-c{%BCoai#%z_0zk`%}ehR;?X?qV#hcqy0M6ebQ%Nx*+1*zePuf}2 zy1B1%agyYZ6)f$SfX(4!F50DI!(0>YC`-1hV;O*i(ja`I-TDVhitu?!(lC(9&xUq~r2W z?IrgVQoQ7@iMI#0nLF_1zS14*^ny|!ugWIFVM2*jsv1M9DS}se{cF)~=+PmwURnDi zRVvcNNl`KGRypCRIhByESod`e%7x7l_^E@J6)T=h5&BYlfDV+fFKicEl^bq-D%Cp- zfVkI;r`L|{J2q^u1KK89vQN^9LSD*6pXDnqYPK0y#X6V*hu33UHYHKyP|l16TlInY zFn{!8TR<@0Zq@O;A~)1cjz{M;_b{usk{|OST`fDCKE&oDO%C|^zB{>Y!e{Pxh6nhUyI#rV-wN^}L1n5SvzQFa-t>;i`S@3Ue!)><7l}ZoLph?+$ z#~kPWt%Gt$IQgYh7rZGlBv9Uog7=X8Ca2gDnPKi{G^niFq6AI;xe+znmuQ^Vf6V}G zUZv>|@+SIcg>3XvO53*Eoub@J*sZVqe@3dAZB|J?jYbS=bSn!^9 z`9tZc`|=@mRdXQUW(4Q7@b)i3RpzT2kNZwgryeMiPYd+*Y~&QiH)9j8cPkCqA^F)` zab!X9r`AA$`ctzy$a)6X;0Zndy}AE7rFMJE_w^E3%Le!N9<786fsMi_V#q_)Yoc0X zM_mnmn?4r_3ukCb8(fZ;KD~o#wtT;aVcdSB2X^%v4)b}w|50@q_Vh738wNL|VGr#$ zH)Z6*&4<*HtGWUkqJHZmqC#b)7|5}{HW?T=@0b(^yRUau347@IyjRfv$HC{Iv~x&m zlRe1muc#F_0J2c6!hmC;=vxv*&0w3(J600dJBS6yFphpaG9)6ZuVTL~Z|uim#LcP* zr#qZPg<;>pcA~-n-{Zr2e!T0SWFJeq&8u4b;K~_*uT3-K5S?Y3<(ifIe$E&F$Gd{} z;P%GH5S`A9tTqvo^Z9h0>(RtU0SF;m6{>{GL8M3GVKYz3uX)CpLH{g9p)rMRrxw?AuF!x(20DR84J?}fy~522)|=mScvf&rumdb_$~Y@n?qvlZflFEb zmV)~Mmx7giR(6)RQg+t2x?F!t+1bE?`P<-G!D{oH4*z#hU~!#|<;@Q^aAE*l3YPo9 z17iiBv%X2mY^)q_rC_1`t&|fiz5lKI*XMsMuz`JM+_95)^C@n0eSpB5b86a)90 zCv4nrp0I*-{I{^NfwKy4Q38N_e)HsQgaB~=0PuLhrQoo=#p%rx0N4uvI6(m}WqY&E z#rYun-od;HM#s-MM4W5U;sf4#>!u(bn0Pgv} zq%z)y^xyBU|238IUv8-XF`>Z*6iD!NB%* z_J2=kfb${$V?yJvs{Nl68sNzN$58%vnfq;>{GT#6Fm^d)g&FDl*(GNCiXQzrX;lp~ z)Nn$#?v+rX_qzf00>20hzT{AkN1lh8NVRCav=I+oUcL#suR9 z0jeV=@FvNGnDm%D&fTtAz{n$2J%5-o&H&!QuV*4?%Bqk?HJwK8n ztS8YuE8de@53pObNmlXOCD^Mx`|j){8Cu$Er=31DIQ?D=_p_Ts7{IZh*EYn2V*sS3 z1XD{pefS<#geTmH-G(v6$aYQn%T~J~-xC<0z$0OL_JzLQ62 zT7i!9xYusO?c+xtlHKy7(I=Lw$MfU1^|s9CV{<`bFXI66fPE>54e9OgF+}29C>pJS z88RXuPx;6SIwU?;rsSxWtx0o0w(%9kJz&YK);x(LnSn_k(d*p_rO1`#r_}k%5tlL@ z38~*$A`*di+U7K|Id^g*-QLVT+KUO2BXSons}?~uYT`yzVpq}hVnRoZtSM3DK7Ky8 zFb~jGHIuht1UDR2g9?6Y%ZtF0kI^bF>z9mM4 zK@*Q6qeBFK@e_d}-W)j!X?)?Rcunf_F!Z8wE6~~Fl!%jfJfJ3L)H&FG@X#X0;CHog z4*S?zq`TKO5+rB9DlWhAeBBOGl5(CQ6EL%bBE~e?D{1bq)=vA=>Ug-453ICLV>dT$ z!TYB5at9oXuooz@(s`UJt`oQCtRxK}cd01dYyqp$GJ~53U0nt&a~5F{2ynQSh$tv2 zr--Mjcl*@2ER>Ygl#}{QBTs#ag8UAzG3HF1^MnkDmcc8=Yd4NQnkE~vsdED96<~Oq z0L$^+SB#t4FW^UtXd(yp-X34NPJfDV3UXr01bXRP2c3){G_$TsbGka>tV#lE2~KbV z)?EpF2hE%kq_E9#GFg-c=6UF5f30A#YI8V zNt`3*r1b3rb&;ibWZ1t zu@qIuJQ2(7`pR`|_K{ZQ;zW8Z`&5<8Qr%rpW=B*zKjU2W@YpYeh}@xGVlI)-j6Vqa z0kvBv@xibSUp8EKsxKHd)PA~*moX5;;SU-4I6aqW3?q+Y`_$F=6HCz~3%Xr8?)M=r z!v)%os@saHF>c|YllG2Y*J3Q{M;>DO;Yr!uFM6vk_q=?uRx=*&8imErkYeBgHr&_A zzm#LRrgFSKbUk3nX8N*@O_^)nJ1eY^>$uqfwVG{)^YYkR=C<2vInK{NZ+%mPUJOS4 zB$wQpx6iHWa;rV466QT_ARsn(58aIp`P}G}ugjGk7wTKB-4WTDBqFly5SILnMfZy9 z`mX<3$xnfVM-4?I7qsNm`)H>;_XyGv{0*6Sd49@Ya5YQE3F;rdz$M;+QK+IPb6Kj* zHx%*DwK41Fzoi(%MEMQIr+ku6jzK$>DtKV}{!D}pX#jrgOg2TkUsQH7gfXDbK!K&2 z5ZyE^{0m*E*ZNYbTW_n){8J1AYHJ)}-BbEgM#fE}#8ymU*e`a(VXM*aTjc~P>d-I+ z0#%E+i)j33ZuUG*7rP8LGSd4g99zGF)Nu@5=+xb$PI@Cxlb1Stqx8!%J(*uT1p?Bs z<9nD$zD`J&>YCJupL%B%%wL`7r@MHS;+(-Fywr7Z`PRiH7yn^Fw0c+u4*S-oANX9( zTtLe>Jh2`UIS08cY*5T1tPl|Lxh9DnyQe)YEUl4EFMC->2GuEQX6kC`7;ClDWS!`> zWIxCr30`R=rf$WkDBKeArbk-4J%B83F^JAPJtIb?jw{Q^it zC0?s%;jy0^-Ol1>>$nr4wmPI|;KaqhGTs|qUf;GTP@!Aw#-n5>b2Nez(F!Bn&c4CL zUI-vP++Z}HB?88Kr1zS?e^cI!LyHam}%aZR6p+6;Rb=GSk# z00XBkb7}}xIoh=AqcY>8JAs-%pPVNWB6N>CWq$l&R1i~iW44e0JXFO$mDMk{)VOxU zSa}_v+bT+F;f=ra_D=bF^e>L#=%Ade?bv*MLRJzFc82@nS&Lr`y^Apef8`itdtG*S zr&Y7H1>M&bI-o2sm&Q-0r}Ky~*DebrkVaoC>50+R&b(l6sL`n6?3N*d)NOYhv-};Z z6GvTg&Gy#=V8J6V`!tYWa1>^FkzcC718&wD<~5={W-N&!`B|n z7o2*~T>dT@T8}96@-2`qA+MmrZAPmz@wiN}Li508SJw4}UnzpfTDym5i*F9Eq;?5b z(RsPvZsjH*D+zr|@IH;U?183$c}&6Hpq(lFx4%!;_j6&`ewND*zRk)HYpRdy%K_`N z6Z{&$=}Cj%1uxgLFTmO7%Jv5}`DJ3gGoHtB!L}Ea9V@jEafk|f*0LPOCXenEk*9tS z37FFI+Tz`E1+bKysd@(PI!vQj-q>m{bakbamFy>_z&=$mIof0R%5sL!keHMoFH~#yi9D_ ztDvmsAk+`*2c{7tMuF7#qM-aL4$?x0x$npG8NAn<{T1%Arx{q*9LEf+IKKUV217RQ z;X`r0Q;ue0`&z{2f9b34{uapcYb00XlK#NU*PlHWsBv$mDf1P-usF2aph#y57rRuH znycnZ&8(FZSB|kN>vat{mi3p{^15aTG1J?}p1*yJ3rW9ft0RW%e#=?qUI6+JDcUpt zxO_@#SgWJN(1{sxnNLr^Gk2?<=GMg7mtOTB}_&}+uad8Wrl_SQKgKcf5sj zfZK4AdW++C9a}+ev+BwTejh3iez%ilc;zi*CrVH$6j!CwG?fHCQZz=q>}T41l{=`` zGl^|HPHJqIzG8;qkExD{mE$9Bm;=O4KG~lgg97QsXQVe`{}B6vvJfsyNp#?My+rGA zBPcByCp$vs={#S`F7YeZhx9EgoE2=c9|t>`JgII9?)j);ZsQg#1npkx`b_a&)QnDV zii^*Weaxp$Nje;LLaeBTx!Qy=Q0_@9N-4(+TVG~#>Q_b{b@W#>l4?BcZHH3KdzOp@ z>=^~?XatYWiLh{x=jQShZ|&-iEh{zcOGYPvwP$@UM3Lo>ws&P2At7t>GydqhneZHC zeBr-ilBC*L=k{;w50J==4Z+Kc!1jZseq;gQEdHd;w4@sgHb_eCpAq1+o!L)?*Aawp2UVuFN9qc$yy@BA6L)*vzZX?qxP~F zPnB08T8qUajRQ>skyBC`Y&m)*WbLXn0v>`glk>IAebl9T(R5Mz$pE8^kev+sU}*AF zIo}Nx&Ieu#DtqTPSi<*UC|h7X5v^1tf(Cz)7J*x|{`N!I8JTN#0A{YYwjAYc6KS9k z5$X?*-qYD03%YXDptK%~xU>+SclRf218Sbujh-%bA5ZL#ukA%&BE1tYCHo^U!YFhk z4(IWtiN+@wpU1D;7Al8up?NU%@UOEm&20;QpFL)u!Vl$Ld_axb)PdkQt&oM@hU)P_ zXV=s)B%Eu9cN`vUw6r0vLYYIJJQFjh(@sQ<>E4)3HXPumkld8+|FKUrHy2y7k>x5n z0Za??ez9q^X&_P^ob(AjbGcwqIfm)i0>2F846h-5E``Qv33B=(;Nfr0yuTzAX=VH8 zYFHu@n7_G_3867zI}i|yPa3pseZq$vhzVko?%v{-rtjuNh^9c9<3H!Qxnh@oj}RET zP3q?T=h0N6d{d!+ga?Ts%^&cNNQhz2p$*|!Eqn5&kakemC9M<-Q6v?LvVK|NN|TFxVyW%I|O$K?(XjH zaEI)(@4KJ2x)Mx*;cno?wZP|i z2X%BmrR0B_@^_u{f0^ogW_~}6K|m=DK)>hD8<)6)^qAhT%-@DsZa!*W$FDdec%~gA@!`!8wS!!j&rge+~fj-l!;~A1FKP>>O z+6He&e0okHRf6241|weeYN{r^ZiRS`-DQoDu@>&p!FK}U=gE_Whpi;JbKUyh%5S9$ zbC)5YK9DafW5_CKNjefB>>V|kzeO2CE;q1%MCiXhlSsHisL}(x9AfGm3ripk#JqtM z{ym-)YW(v#Djl|NXA?)(vQm+fXOKJ0Q0_)%0RMBArn1 z1268eaPJNv0&eKctnG;cqrPoptW-T&WPi;VI(13*Rvrr%vPn-AQ;DYIL5iTE>xvv2 zVy-PTMe5ToUXHpIhDajvglRg>x7>S-6cn#nT=LP+_&~-x&v#|E`9U@nFe%P};gT z>sc(e5t$e6Gu4hOMx9#xSH^Rh0AAI>*uKy6`W`0Mkv!zHUHW4L6)=&{K=HF}df*q? z&xZH#DLB%>7D4chzVB$ib6W~|>v^b0_)5+-{p(UUXet6mMPfL|)fpPQY|65BwdrwbS()?xDa zcNo3d&j~NiNx=fLYevA%(L;GHZ9Fs!rn|?nPmnzRn)E`kr4qjl=C=qQ%zCVID zjDpWyi+B^OV~7rp3$y`0qq$+oAc#rz{#I#<_)~df1rkphA6)j+7!d!FHu%lu_H1)b z_byN~X6z{x-kJ*Q+qF`bPc$h|nVy8G4I~L!P-26g^T5{0Ozj5d|-E`zV4*MEjwo6MfIQy?Mds*w0Lu+5(B(Oh3YDgK3qSD;MXMxS^a+bfIK*ZOV3p}qQz6Q;zg>%0?K1+(K@12`aCMV6Nmd_r>+3!r`QAZK(4 z7E*}EB%zESZ^#$zV0{axohpQ=71o5kPKx=x7`H#NvwSef7K6ZV80?`mDY@X)zdLqr zG9_FUfgQZ}AcnOgs7Q6L&z5=bgM6<2jvr2Ov|{|_scq61Azcj|6@)-xeZx-o#Uuhk z7N`RF@Wo^v$Q&@G{Aaq2+`DKSAYRE5YL@MAr=gM0eBlT`q3m)}&muYNs=G)}eTtIK zUEPfQ>}@2PFF4|DZPc2Q-@lSc)3EgnHzN)A@#wj}%F~vfNi3Gfa|Fc6+oOFJh&`{3E!(bTa>BVgXRWU$BWCU;`i6^#94y zKl}zDOMkK;fN;PE>3jeKfZG6+0Z3VVY~lbE-vN%m0q}!=!KOdp@&}ukKSqoRkdpX- zh!6T;0$|Hu3F@Qn{||!tvoD}X{~=u;Ps;@8$OlP%z|^1P1Hk8F>t9idjq6X-{|%+s z{Q9IN zMpggV_ur}NA71zGR0YV9e6YfZtD&uITUV6psx!M_0(pdSEw`gg$kLtuXctUrBZ z`v5G!5dm!i^bXK-ra#!l2EZ=B{U0s;$5y~zfW**$U@gG009yg9#R=Gx5per4ek>dx zk7fS@lAM5Z{4eAM0KI>Z7uTOR2p2#CK92iw{&4}$GJt^n;}re_rXPs+@yGJ#?E2Si z&z}eX{X^h?24esFeg7X#j0tei|1vRvbuuxre)RnRu8Dn&)n82PLpJ}}oBy6eJ|OU~ z9HJ95ZsW@c+keh08nK#9428%IMI@U}Znr=XehN%z$DN1tB@1HByQ^SzPJ+p6b>8YIyC;flD0sZ!Fsi8qA>VsO~oXi3JeoMoaC?L~ElX z{5vme59(t2$Qn_Ye3(i7V!pO3P&q#Xm1?%A(wITaY_`&BG^H`=wfXaZ`Q4~(&kHH~ z3#AoG1{(({lE$N~lHh3)`{pU-$q;ME=BXlYeb4)(Xc%1OD^Z-;4Noi`#GIFgvMUi- z4(*H)PHGw4kR)a)8Okh@rwKe&prk=+9wkIVs+h11+pRc?>m()jdKCv5R1?z>yo~Zb zuYDo12_%VW)|P&8wSH!+nu!@ht{`JLuZ=Z#+t~MHs|KSRo;$tVNbS0xlN#_m}WA*+V;CWo}^Jf$wuc_KJuo5(u2|&bLVs z_$+&-Ux?5F-@j|ap&_FAN2LmdOlp}bN<~1XgmAM^OHn3~TUt0LC)1nCs-@2JYn(eO zY^L2eX6|!+3b~!TNp^c5e0^-VTN`gLYr9|idWzDE6dmz1h@vv=B>r%7zal@kAZW0L zjfIYD_Ho1S8*%An(e;Q(9}q?}_AYLm4hzOEh9~~lccNjOU@PL9LZtBV&=Q{y>9If8%`7cG>6(2ti9%eQjW822o~j_!R%ECK7_Grz4_FPEQ@!z z*Z=$kdviVQvAno=%l`5yIp|5; zf7slZJICUSaUxgw=}&`e{Y6Mr52K>zwRA( z={~nBWN%F_NjO0i!==rIaBrZFo^B;Um?IMo#;xDnlILE*K)58(?5H->I|>?lOqW6H zarJB8z;*^dYU0d`F|7d{W_0P7JJ9XJa;>py{~Gscv_r`mgq|f%4h|O{9<8q!U-<(2 z9v>ea+)+JWJONPDgf)MUW7v1SFK73a4nk8?UCS>1v=UOa=ZOnap{Ib8O9p3dkqFH( zVcCs)!D9&~a;*rNoKtiOE*!IB1j$tl&cy!6jL%UO9<({PRXZ0Yv+wPcg*jiw<%jMg%G@R<_i zXePMXr@Nu|6&WWJXu2^UM^8sub8b#@b5a>w*eS?~B&>$!j&a3#&n~!@mz8mna^75w z;RTwCd{XB7p;B!(F3nT5e4;IWb<}w`_hv<8g*Uf{b@K2=Au!CV`edvrF7A0bljd=* zgRS@lJ!!iWu0z+SoHyBn`c2GJS+&%F*kx|~+c&kjIZW#p`K(5g@RNKl9;NhJXDs7n z2h)4uy;n$1^jHUC3WmF3gaxyePOqV7GntWvgD zJ;sS#`I|;<1Z*OgTnhf#XeV(sVNBg%Cj2Ys`YzhQdW-o30gp%J)=$?$mHu{W)1`Vr zVXM0Kyd%5|ll4BIBRJysDHsJkO^- z^E)1WI`cb^6FBuYKDPR;@2B$fjWR{0k`5XnC8k5JZn&`I{ z0e;1N;Fi^KuwN>tZ>u_k&({SKD;+bP^)4_^ix=CoNtZB;IjQVmo!4fG?LwWNhl7DI z?~?-dO@YS)ilWyP?!0ffz{MoP@C#rVq6k_}ho+$Qs<5hOV~d95<7|_5vo_leq~~76 zMqMvipUxxlcH*qMl28#D`Dm@4XaZZ%uN#pSe`;>}NX2(%ur&K2sqVrIJ6e-n9WYJ6+n z@w^SV4o&>klATpk1JrreZrh})>s}7*yy|W|5J4i2eVn>jbldNrgC;8W+n|R?PTUH zZe)8?awq0xn-R|5oKMb}6Zg&vG++W06Rj&b9nRX)t_6=hX<(Ux@eiw8GkNRDp7p=& z{+bF(imOS3>%xPVR2U)0gx%Jmc#34?tv8{_kd-e#2!#mDsvfpdr{*7hW(#_GW zc%nS+-&!8nbzrSimb`y4zX_6|{R<#F5w;z8$9Vk9Yb>+bby4GM1ODV#+jmasaL^Nt zoC{1NCH{9lXkjP4@zFQKklwUCyacwBo_QoRBxaK0foj1$`O=<-^BFZ)Q^;?da{OH1 zh3rAfeizp3MfPc9+rJ%}>0_~G4^_&rhfdGy<>vHc0^;W0_VfaA^C?h7V5kJod;2xE z*kCEvH`Y`PHa)kqTZ!d8c>M$undwDpZDx65bY1qy!gkJ<@DP^L%1NBfNW)%YsAhT{ z(ydcUFj2_hbAf6q*(0|Ss3De0C&=~*BTcR`_>D7LE23Ga#HZ3JgkKpYaoY1{jNcqi&-iYV(Z7yj{$>w;C)!A994IQ;GeQJ*nUips; z)iSk|y=S`|N{;7{yh%t#%*Hj@*m@nf->>Ypxf_}MG4OTny{S?GD{d1jU&*rwV4NOX zrP3_esih=c_rS>YmY#F1&+j2XJ|uiv6`h%Q?nw=#VIK5ps4gna+_i%t31OZqe-jpX ztfh}D0|^)9=-0wm6Fa(;$0pUyL#OiHdxL3uw@UR@o>FUji8ushi4nK~y26}xvLIe1 z)5wz7Q>HPhR|hL0JntRGmeP$Fz|>r{2d`J(QwUwSlV*IqHd~%iq&04L^;MOv+l&NGDK9`9@|DE`1~4nmNHLf_34u8`40fj+|HK3C4jY;! zU{*>!(B#5;k4yv(ug>>mO+Q*Gp~oUjNnO*tZ@;HO?SSjme^m_L()!TYXAlnzMh}7( zgL}AZ#=G>_$*axh{v!DL+JW?_w7zTNbscNut{|p&+tRE|>yXR z3Lb#~LsGS>&!Z#q)4#MP(WZDWp_e!(bA|6X$xpC z0(m?uLtG#^P#G|Gfl14~eSeV__f z1(x^tsnLq;uxd%-EJ&O;3yNU zp6|*mh=f?tf-yQ^l0n`XIs!{0@{UGc$J>XG*f^f`~sJR;E+l{w7SHG^tKZAmuRcZNO< zRBRIiSEqqx>-)Ovl;Vh_Ng3U>?r#q>rbm}*LVVH`Fy8ZqMde2%QiL4FK2OB&f8ldb zfe@`k>9-gVFhPP)#n3ja?C@2W`dBoa%SXCHv&_reC1cU0jF>{w!(yp?5Gy3?`>9_r zu=z5?lyBp#Eb_C$W_f4BOA?(#sNFzF*LD+5IjgQ`d_T-`)qI%Pi9jy!=~8v$1sHT< zlx^N8@D8MB4Pk?BfufA#Jn}9Aj|k=te=){Zbd8g{uIB1UKE7d5b}lfmH4LTB7q3Ok0I<^wysRSTs)(ttoYb55Lww z3>fl-2BTZT#-54e0$oXjbs2)Jks%v)i1IG@JDW$kPUVF5sAI($+xc$M)yyswh1vP; z)wsZ}5vHG<5>e#Bc{HBp;5J9cs1rQuNU7}E^goQUc6O^wyTJ6rf*ofKkPWhw=&stC zQ7;h$@+U)|r012XP~E#4)$r*vCEG3Q-nb$#>Wm(%baGnh47d9B^*e@~*9Wp;t_OKr zoi8RW;iv=y5;XKZTm@_WgiHwR+h86?o5$4{1{e2GTe>T@EGF3Jv4yChixrQBVxtIz zs$J~;sizwB-5jRx%XaeZ{_7*a*5>m?Ps&_~R}k2h+e1qH1rNR=bbI;cZ>f*hn&>b) zmUZD>eEN2q#GakB66`KeSiQ(f`ScpIYS=%W^^EvvCQN~L3{)6)+nL!FlSC%WT8|>* zIjnOFa?uOp7gk96R~s<+UWpt}odTI6YUm$C_8`=)23q143c_N8UJnm_7QDF);7&EI zK9@z!DM!}bfUOfY#N)n14}M{{iQZ>^wu)!qM444|iNr)qc2UyAHn(=_DjPm_o~ z35#o8$y)R2ldrlWyY*&yC%i3`^`uzJ$fkbrmgvF5A!(O1*)mv&Mga@9&3a>`>(`Kb zqU%bghe#EKQ-^`gf>r+EE?a>Ht_XY28@{cv1T(+;W=9D+_jx2$qIZ-EhNb4CxBGQhulM8Sgynb+}<`@4NaL zh-mJrwy16v=BgZb*NcDv{PXyrpepcK%yI1eVox%HEG{-ygnl1wox=t=DV_=7*4=~i;xeS3pxDaV9r8qUW zP)J2kVZ}}thQg-{#GjPDJc3v+D$}wLv6wnMeJ})5=nF%oia;uqOozm7z8a=^Kx5$R ziqZ1^VGxgmI=Y{^6p`ry#&6O1DAo8se?>Kvuw_cIw-W$qMlWMQ+Al9O4M>t^>jv&M zmvCc`*H|n6eP5F%znmnyeXmV@#lhNO!Mz}XX5~GtveLn#sYBV$0G`+j8e+qK#i9P5 ziBt(}MS#s4Zk}0Ur%4o~xR|EMW;Lc4nk-D!$OE5b4*w!W|6Hzb z(dqq`p3`S_G|(Tnmlck-b%S=*!;>qt0+(sv&u#nQhZMq4oCqExs3u!cgfKp$4?1vV@T%4`23kaY!z-L+C0EDx)zP$3S`fQd0vv(GiJC8{}Gh$ z%Ed7BOlj8&Ic_~6<6(47gaWaUxtF#I&lxaHU87RUuEs(-JHg!?p)=u~x*&nXLm%Vd zr#KC-pJy7(kharS2blDFxub-djUnvP=hRlf*;l;&?)mHJ+&xbt%vx@bT`$$2=O9N*W){X^27r^o_MLfoC-T%uCee}OElt9S*;*cQcXpe?*pocG~I z0o&?BV8NtyQGEe5&GyckJHxjQR{{C;VAU;ByZDE&ho|%6 zNXN(f8;>V7lxF~91U(aAi$LYI?ta8t!^K)1l3^e%sfRs4r)(ML7>pVgxOBg2q2 zF}85B{(nRm|F{7Ezab3PkIVl5IRVv2UIrio|C*HnNXAF#<6lMNAK4D}f3u2@kjdYJ zF@K&9P`Uq$KLD!B|K$(=8g%(nacBPbpbH>4@=sIvm!Qj^YV+Uq;6Dak{?UU!dhjtC zA7=9*1Ru3}mVb}9{KE|ZrRl#!T>fas-y$v?|1sk7XM!w1-JRnCJyz%V+waw!hZ$O=4sLwR}YXdw&1KL*i~s z2^=Vm5=9lmNrL!0Abo^hMWzHM7#lqnn<>)zPkYn9J;t$PaZ3t^&E;cVIEJx#PwN!m z3+$Yc&0*TuNq3bk4t=23?agT=e>UloBM6(cM8}cI@(bBr*<`1Rvo(AZkKrinw3wbA zozI5X9-s5>0qR#0^UH#6(Z88mm^TGV$+FTa{xa{q2tKMeuy6RoeuoubECQN*S>jvx z;g2|4TEUV1s!zbVHb=B2OZ0~3oL+l{A-wGHUNsv%m}Z9gaiWS6o`G>@5{vl73&G|= z@P|%QOX=bYKbGmy5-(ra`F(<{!Nhi$r{0)+>(!9 zC)PR`+_ zcpurUrq`p?II_3I%5h6mko);niA?<<4MBn|g~Eh_gglan>N7C~LIMM!Y$9wzQiuk| z<%Ti@;p|r!utwDW7H8N0D}?4MIAnzI@cCWk_7oB1;9>0fE%W>_!|~y^_;kkpXr@@n z$rh4{xMl)5X2^ZF`!ND=iIY1f6#{ZH`Dj_k5y#&6oiX7HN%T`=X+@hwLBo9vlSnp1 z@RP_`3X_xj0NS~>_zovX25@Z@VlySVKP4B^<%~v0vd?x^gP9T1JtCT1hx1sx(xKj= z8j7qZ>?PnncO$PGMiZjRBg8nD89jmAw_|Dk2tnRd$}L$Z1Ttt|!Qhb4FNNNuK|zF??Qduxxi1-=}*bc_N_t^m+&p945pweW2Ulx9O!!JlPfCE& zbXRqkB45erk=s+?F!$zsQ0&r?YE>qbXj#12-+A)bF{nM;_Rz!B1ay)14)VGN{x07* zS}|`@v8_(m9k9X*K3QdKrV@0#!7$sf_imMYYs)a}><&+TpG)JpzHBn&M#Myob$AVsea3 zuVzDM?2c5OTA$2rn^enW=a1^gWu#?Ce*2vMK6)vP^sM#N)q`=Ihm~!?ig8V17e03} zfYWt&dPOdJ>5V+)tQ1;nJu~ z9UfaC#gb<-Wp5E)2P5E-r31T=&>1#y_BARK zKQl5I@Dg~1CTzv=rzu@i>RybSc@#&rNrbXV2B;`=7bUkbI8lyEV@wgL4s69y>>SUi zli9jsor6Z^6o!i5;mvLosgk?F(xD)(c@%C{`%F7ynB9S}Uy16tAW52H*0LB5AWZvLdKK8wvN}K~?=4$YOQJKgH)%7Ds!dt+ z2LiE3k^?mpgxnDf`2>9H?Qos9?4MBDMo7^^k#vIZMvDrO?K6H(X)*dX)}ZIf1kR4- z)|34s_f_A9W%mI8Xpa1d|)HXoTV11&zY>qKWx_s_S- z*DHI5!69ce6VtrbDaCZEA$X7Vyk5TtPAw}LN9D{x$gi&I<`Unc`mCmuMH4Vh5_xEj zaCOzv)c}jvwsQs!q$@=;)@uo+&;Q5^VHt77bIM8D{vCrKm$sOjH=s8)trDYw*QcBo zdrIlT{p)!oEkc#uLWZsT>u?$y{5ca6K2`TuQBKs&9b-n$Ve8sqTwT?D%6nDXwAnAZ zY5_+nKYasu0>>eThYAX^^gsC`UG;Mxr>dWPAqP>kdfXrn{+)dg$FZiNdKT`GaEb4_ zTX$7F-KJtxGBSc36Z_S^rp@Xhe#}DG9{xI@RTK%EKIPJ~r;U6v%!r);uH2s0q>-b{ zrhcl9+hx#k|E4%m&11Ki?N>M?#}eIj|C(p7Gk3@^NuV0Tc}6NBN8GY0k854FL37VC ze?g0f4fA_Nu^`??{1o*OHuc1fC1kaI8fdv>(XXD zXCRjuo3>71aj@;h)Iw@Z>h?CDwL3&#A`f=I8c%E+8Pr%xu}QG3!VKeGK>}wa$=UC; zv=j2LetK212Ag7pq;($pVrm(X!CSn_Tn*ASVfTYvAkdpm+J~RzOVTl?KfkdV5wdA> zA@*Gq8*E(34TSx^(+rqrQ-`>A96MK;E|U}Qarp%I4gdM-cU-YpNP_8Wglp8XWMT=C z0ODQC>RK6X1#!VkRCC+giGgvj{xISXPGX<(>#v$FFVJj0*NJ&V^28l7G+}zX*@QdLu zsVyD~q4G1%;zEQK2jNhhUWBrsKtp*G_Gx259QJHmyO~!gQQO1G0Y%GBN5b7{E;OVNR)34#k zLzT>xMs;2vv35b9vQ(reCC#cYi5x+T$wtvB6^$YpZM!s;j2x~KM|Cdd5?ib@Suvw&mg_UVTrtCP>Zk%tN0fS)#w0u_!Uh4M{4g4 zv?TKd`rt=arBdasL*bIGSgOIi2h6@?wpogy=cG{DZvocE4q6=yXSDbxdt0vTo#9LOQE4Rpz(^v%yQv zB$44YbKZJ9R|~;L%2RILIz0D5sY>{r>ct7Ob92lpN@?&RRf;tv?BuFW&1qDceryFk zZ$SBei-C`KK8GIbfVB>PL#rRm9X_^q3<$JeOwQ}tXgA49C3(I$I8%(F&sTeJ=xmlZ zc`stL$F?)HYaeW>^qYfG3AfKYd1p#&LUhSwf>0v{H!KH}L{=3wutc=D zguGE|nzsu(Sw%ED>);3<>aB3?3@Q>AwXCXd7rDa|Fi&1(-{Qem-Z6P9M07 zcj?*Vq1$eEESfqUtI#_vMQJvt-Ck{ThDL#_Lrw}RijQP>Uogqko6Rd>H#1=c@fq{{ z@1|1i#@4ftRvvF@Ppxk0O9l!*b4_!{Fm#OA3KOyU-c`a?dh5xIska<|UagA^6)CCF zbBt)blp{O6FHuL5L!D~cid|_lO2vwnqR3AtLohH5O^m?`F>FJrHt~o!S?;Mg@=&-Wc z?xJLgV)*Q0Zw~__lq+YcnbxcG``aTE)1%3K!^@?&5*Ir0gY(p3Vs?Q57C&S8sFrhdnT79fhX5)9rJ!jXEjnsAd&K=DJK4vL=QpBz7{7i0i4*j}13lL@3uf zqQxwPSGyAd9#s+DRMGgBxe~A9@*Nw3qEHxQ645C2!Gb783h2|RnITgRsIMuU;ql(ac5s<7Co-8$PvU z_r!k1kE_8a(CM&vJ`=~^qRB=zk{^%?$`QFU$I)QA3)v9Fp}P;PXtYtugk1W%h_i%k z%Pw9Wnjcyhk~Qho7;rY{JkWu9V?W3vcpmU#{zSye%EZgGR=O>ElCoX{FMW`9E zw}iFUC^At6Se`7Lf|QrGhPsSi2D(<1+4v+vno|Fj#Q%q!{R5nnR6%Bo!^=zpWf29g zbY8Rvm#U+OlrbskYR)I|rKVmbU)i|d_PMd*fz?$HEA2{8V~4H9l~WwNiziTU42%P0 zSlDO$J%$9nC|kibZp=ASRvGP^58X92m$wl0PV;e&#F@v!9xzfOS7TXU@~U4rt>IDo zrZ#8jFd?y`eO(Jvjkqow)PDwqm|NHfr@B6pc&f~V?Dg5n|Z)#2i9he(T3vk7 z$-Tkf3ukToV?vtvrxb4jb!c7hR(+ioyk>h%k+XEVNp(IFR7qL#hW_AYFRvpag<7&@ zH9D&b3zcBZP#-G4UBb=`2-%pn;z=fO&+LXkdc8xa30gsyC1&99>I$EJ=f{oRuuZ{( z+^b{o*3%*5-kT%BKz(#b3ya(P47G}8j{B_hZPrtK$qkm;c7v zigI8X&^TgFG`1P`l=0}UBio@mEk?B6>-rt>n{oK}XqixdZ8CweWpc(t?@#33#2}g3 zxU!_JSi`1QNM^gQ=ZB?9Wk^VeP{F|!H-tefD@P$=7c$gkq52MlX{yEDDEOHhQc@yI zX(Fl+1Yj1eQ`!}d;5^eZarEe!`F={{KsP*iqSJi&pP8akbfeC&JPibGo_^dQOzmDc zdOXEACQsoVx*fW=#Na1hD%j}@e|r|_BPky!OYd739^WMN7HCXBA>ysp(eghv{9*}0 zI1U)b85Wn!9dnywBmch0@Zf+Tn5pLaDUk^@NP5GolDp*NYif4Ac6|r2nDgnp8zx~> zosH)@+oA7M8eHx2X!9)sVVR5uFL5Iy?2dC1O8D(r4_hk7UNOp-op~oACOACu24izb zRBTDLm`gj=$xpp^$;KHbs+wp4i!}+!Bi#axCD<5tihfkI$}mvyre6^DLWm+s>h&o+ zsg;p!w-rMrCF#_^eyx+dZP;c%q`|2L18WuPZt@fs7WNYakv4+liO^xEpPQf>9En2x z4NJTp`iY2Yb0!WKMR#*$Y3Iy05>e=gMwEuFU0!Jb7Mp1uZdXmMO~vEgymiK9Anb?A zNQ#$p-|a@lW^KZ2Lgj3A)$+YjUN)-uy&L^on3v^S_Bg`iu=JE!2`W}$zeXPRaW6lL zk)_qWBu*XN-m{PA4oXzh{Yei5I%1SNBWGjoPW(wVu!n*k1e+b1g1W9V2H# zD5VsWC>(R&JlPC|1eC!LDu&)^WA=*Q6GxemA*W|;O6ck^^D;M!z3FeO)b0n^?+SjGnii!L+x+nw-3y#f1udWB9Y{)hO#NrYsRa`*5Iuq% z&4TcWat*K)al$3+(Qk6^>CZ16jP9!Iql7Mx+KV^r0B`7 z>A2Nn5~{?k4(yP~tZAb`mL2Egy!CK6t{@lvUbzFX@Z-kmSkkadZu%oiZ_u|mmr&yb z5J4o+uc4uOQ+h?jtHk(Adn&0)OPfz}U;@KNRkZJQlvE#9!Sa_q^^C&Yl9XurlgM5d zrz=Fwo7DcYN=O~8 zc_!c2NUj%gUrHKX$1}y{|)qKTA&wsmk5OrPr15&&{g~pSJBTiO(cIZ=`%-C(I`{5kBCfV#xcI zo?$QAeB`880spe30#;#y5M8@vZCD=$KBwEXU5D#W9TG< zME2a9MQW50omWLQY$v)U9CVp=l=N1OKZA2Dm|vaIo%2)Odn)KQ&twbcHeg`MU#YTJ zF6h4Vr~g20i7THjGq^xv>-kpCcyYbMWALrJ&kO^sPr*B@sKaG(IU2oe$y>+(GOh-4 z#t(+U&5_k?U!fc!@JoG%K|+ax(1H!YZfk=Lz%nDT=pluQ)_46edYLdB_>KUoJNrSv&Mw}wk zqoR|JgCatTaJlV_dfItZZ*jPP<8Pnfq;p=!3@@L%Plu`)&kMxP6(e-fpWPdC4|b&q zCU5%o&_k6%arBAC%0>hiEDZ81(6TFr7_u)KLNog>G&S{5H89QL(9Hj++t!{Lj@vWu z*Lgw@*}JE@<})DbN?6I#&e3KEQw1U8#bRGX!{H)oA+=PR8KZ2bx0IY&D)Lnr$W;!h z5#!3a%84s#dceT}#j(t9gmgB9JQ2YWJv;^d8X|thlZaB^H-}=kQiqFj&q(S1Ny|dy z{hMb~xWVLD5GB#HIz20HDl|!&|0~QiabD`O?=;FZL$&PlYCZ=7bi;~0OsJYRUi+o= zYA{q_?NcPxxeEi&#O0h(dwkS5wtBK%2#m*$Z^pt1aYcxFOCLR!n&l^1_>4(8`C|O#=*1a?Lniy zxmxGJr5zzV%3i|Q*B*Sv?-08RzM08hqYcs;XrNKJX$(+C*m52eyS`aJ0`l?*{J69sBJ5Ge{NSZa+ODd7%99zFB zO(b|2KIQur3}PmPdn2pFxyWO1r)ib|Bl0)k*dHUXVW3i7*U(jPPBNRfkWWZD)=Tmj zIdmX%ph`bHW`Z3VuFj^xCs{Kh8dP)PDY|i@-=Z4A=ZJm*KeGKQ%S!Vh*7^Bj<#(=1 zanxb~mmDPq=|ap0e!AZG40|N>d>!ZZ#N=1|X*;z5B^I#FZdG(c;{m+`7$oh>mr#mhP}v0E>uk7(?Wx&(8x&XSM~QFpegtC z{q-1M;tyxWWuDk?YDHE>aS+ELLcsQrl<@PouAqK*(YI)5$wv~V=XrPD$B}zUUTR{a z33|^Ky))~BA9?B?^f<0Tyh?v*y<+Oit>E6Utb3LEET_#Lq!;E^F1D!TDf+o$lQ*|~u#L>nmL&550R(So!gtHTo5;@E zPKRFzz>s__ghxwaHFdJ@=yeE)2qzG8c3z-I-vxicE+Gg#5@uIUU{$1Q3pCjjF+l0y z4LqL__^QK{hOu4aT*!lOeTTJ%(6J!|HEH%NuuI=PCi}uMPglVLOzrrDoqf-6ZD*f; zBzCT_Yyo@jYmU)^mgTvcy_U)upDUVqmWU8sZM*S=o~2E%J^$do^R+umWwk%Wx-8o2 z;vTI9UI%vKJ8jDWa0`Kx+{~PyeB>16E@ODiyHxH>>gV(Bhoz{1OUgj~o)y-m6}jZ3 zk;#qK1z(#DMm$5c+;X1y)2KcocZtEp)L@Z@w{1&eUZIEBuO`-s zZ-o8ni}i&K&(>Ia@;}<*MuN{ne|RZ7P0I9StTGJecvVNrp*nxBORajVD6lBHuk_U0 zJ^td2cnp6f;w2ql?pS_BR4%&Svzz|rXo4HQ#jc)B;L=w_3snJ=p`z`3UY!&{hFlEf=&=XQ zFK^%L?}6fn<-bHRqrCNC)F}_=?_NRy!@g*ocFa#M7~$?_-_SiEd6-d6$P52IpHia0jwa$%nnPH>9} zze_%h;kioqgbj3ly=UXqj*;5}_SE?t`tAPhs@?f^`e3{HiK2h#7%Y?W+J)LbZ4F}T zWrjmcQ+WA@*dgP~g|lYw+_4AYdu|#geM@c*i}Tdw@&C=X-$m!r4M|@|8`@PRF zkzp3z`SOkomqs?06M(yM-8MXVdU9QBmIl=4`8LuCwLxQ&zXp{#Mfzg?P}9A?_m(T@ z-{B?k5c|7H2{rC{Y{h4{o#kFnkN|c67wEw_Z%bU}wP**(vjoR7waGLrVL#9bKAdZiji?H!zh&3(;6;G4IbcW2pJGNc9_292}Mhh2!4(XY2VvnLMY`_hqoZo8)xXX_nv zh2$gkau!;}C)T)1ZcuKf@gm3;85`MVEl z7%TuN`ZLN!YDM$d?m5PTZbJ3-l|zN6$UD4~mkYn%g(qMLk00F-F2D8m7=)tKkspnm zv-Li<;{C7Mz66@e?rq;ZhF8culsT0%55`0kMTSylO@>S%Q#gi7nPn*ROez@?84saQ z=92jsL&Y)WIELf@9PeAd&+)F``mb-TkG1x8F8AK|-uE7!$6D^|n)w=K#cP>0kdI$q z)h#?7S7|nUTr^L=cm;Y}DlOYL2me>6iv!BuOw=p#$U+}Npwr;s`bhMg9OVDP$4Xtfw^~M;wV;wcPUj)+Aioo`K%-55*gs>BS2ZHe!C)Up z9Y=ovl4f{5K`(2eJ;*cOOKOG7J6_uE2G>;V?2PhuqkG_E*})ZD>($On>KF7L&Q=3$ z>gWc8%oI9jSm}MaCL=>tZA|Tzg5{{P!poN4$;;&GfGx9$sfkr74%)O4@#S;!?(u=0 z5(|8myb440n+5CXLy}ZqTht5A4Ti!2?d(U2trgACnxO;7g3_EgJ3mE+Ru`8HdIaDU zzrzldZcM?7%d0XlSq@sJLKBtgq@X~?IPfXe$pa(jF8JqY-+0lLcxE!u>TN0eSm}$9 zNOlk?O7$*RCxMQqRDq=u3FyUW`XeiZeOQSt9ATRct%0TA4hlG%F#C-#k6a1$kZXD6 zNTnNnUhW>IKj8M0U{Be?=(;>#c8?HJW{y~Rq)UqikwwX^Uu2@wp9r;{tQ@2n6A2Gd z9ok5E!gXW2(-mEc%5gk4;HAsQL|6(rJ@|s54qluqctLkZeoT6f4~y2=KDhA6E%3-Awnirxf`)DJ~Tvs!O`b3Tkd)wxWI1ZJs|)>Z$o+-vuMPVT0M`#CA^If?uy3z&S~G zJn|8WzBW~aa^#)8k-}9JqLybn_Ss> z7<>L2>RwUziM8(rb)t0UXW)ZYt8;YC*(AE&A7v)hL0HQpYc*EA$C`?Qa1H4(iME+U zYZFHwULxe86;?px3`dINn<01e_PjAFI7Sbi_cgjMJjGrK?R_`z)P$$P>A>>pv=RK+ zj2Rej=GnJ?yN%84=tejxNHai+ZdC9uh&R2BYhr0LG@m1;Q^qK)xk}+QzZC0M*htyC zBi)+4+_ybMvmCO5obaqui!*wI$#I3F+TDS#t3CK!x7ogRWo$V~xQJ$`Xb|M&vtNa@ z98SB%PoOr3U0}qFdc=v0;k8#+Z_)T0J;7WX=5&8!9Ufv>=jkDc%^2BY+etmeW&S=r zVrjuptpUJNQzh&z1TO0llf6) z_*3{t6LHE6|25)^$f;_M%v5Guj!VO znV>RRC8^Gc>WZW;>ow%4gIhIi<8ia8gVGz-c{;0@#XI%5?eVd?&y`cxk}|Q>!doGB z%CkSlDos*i-r}3nRadG7Ns;qLjcbyoYu9#6#22m$`4%DXW)9J9t_Za&_0IHu;72^g zGJeF#hJH4&t@)Y#(Z#|d|6aXRZ8qjzV0i++S984r7N3u0QgW^lZ|&Xb5?-eN{DgMA z!IqkSD}T|jPb}?mIOHFz`vn2!D$iMBg{%l91 zpLO-L56diDeFRhWNoNKrTE*~HoI#zy{VJn-XqSXb9-9RYDKDA_HUdOTX&uGPeR!r5 z^aEGfdQLC|1#mKWCHgHcd5wbfPgrgUIhtv!xdw5HMAkG03}F0u2`o51??6bS?i2ke z{nK3x>qdS7@f#vWO!Q zYE|_#J3_?kHEzeAm8I?+6@0I#_A_ss+5W zgyji%nsfSEYI#M!SanmG-aMg;gxFvdA@)=>=sWaWfZPnLiatA+Ss+_Kuiudl8uT5Uk!P}?s?8J8( z`P5YdA6&N#wqDwRu!}Y4h-Wa7n_a_^NsqlQtJ2lTh<~Cs?~C!|tBMPEtl$qup2K`3nN#4#ypy-!`s(kluTbjpbn1+thKyL*aa}fVZifgvTqKdTT?HA_<4C z!iNK0c$T%+=eaA?mbn+tsSTdRwjV^q4k7B;t&6U6xX@2n@&&Lxjtrn#PT$&&R+;Ry z_w^(;5QK12bx7tRS>g{KLNt>gHtHQgg*3Wh6eqVWiD_Mwr&amJsyvCE;?4RbH_{Eo z{^0Lm+%m_kv&!p-?|52-yFFQQD(kaMF}^p_U?$~Wjgbc}q_8&m7UnSZ$K89~K@Vvk zcN0YQs_SCFqsN)MWc?rdC4F2nw3g%l5{j^zJW$(v&$6-8bL(eu`_8dcja31&%jMxOZ#H8Ioe#$~~WAV@P^E_jDzC==|k78Zbox!K(7#83u|cohF6v-P%$A zNyJerE~zqlIqV=lU-h!3)oV2CqfJkFaN}4*DvcHYDFt2eRr;)lVp%Q6NIS%}EZ*AL z)AByuVHT_Z`ybb_eBnE%wpLBj`&Qz7W|of?SzAZleRvc~SS&wN7-dZ;>GB95lvJ4%Xg+Es%x0a&TGHKWD{*~qGPT`dq$*abZ79mTB@Z-i)ONPg_xKx@-6h;>0{uypNC9oY@Rtks8SLCu#wLY4))bfi{U!V zbmFN*rL$Yvh^f6+id<>x)79th(X3~EbQGHMO%(!A`9=KhST#$6VXe8stR;6(a*9Ws zl(uMgsces`E!U~XWyU^f%k?go?Wb#_M`H({(XE;{O(f zvPX;u$EP`a%m`55P2zlb9z+uZCg$4pr034aa9-SEgYm4Q3sMbE0(tL&GQ-eG!B8}UDEDD;NAL%a^CcqL>0Eg zersKFh*{}bc3m!SiG*oIX1A0y>)XdK1W*r1SZ`~;STxsQXC9>W3V74gb~Crdbnp>) z>Gs(&I$XpNqY%6g=Mi7iYS*Z+3y<6dBN!w;moQyEaE#jNFg*@Qi>3Ex+_K2|#CV7b zS)cSdI9o*M*Vr>&a>1yjjQUQmRcq@iUM>Uq7sB)OoEJlZf$9l|Ii;^Ia3cU3>mN&ZBxyvJH-wM0L4s8WOBsk9hT3iaKG z$pv*JyNf#$xd_NsugW~Da(Uy(W%i(HvCHf%3BguqCUPP34~*qn|UZ+CSNDJ_X^TiB6vwW7?ZE4koImtc#e z%y%w#m4Wt`0~P@NH7yrN;3>@~Y6La#2PkzclQ5MEm3u)~Y}UPG&16KPM^YNRK=Hh= zl&qOxp<|DSeW(3*-9q(Pp$E7UB3JDu*NMCpa??7EsL}s_!^7k$>{& zqK1&0Z+tWR^%9%c{T;_VY!1o2Il~J+eOZB#=j<%%#oE2M4+e4cp=NXH)`<)K+c#d; z4#4Y2+t!F@^FFX`NOsXVP$$rwKB*E-n?vmplW>3eOB#1}o8L)==mRJ(E^aP$jTp|G zddb{vB(mx>%~~u5KItckN`7PkP*c9f_Ppg(vrxw68sqLF5gjF;6(@dM@=` zv6W$~OnjLX8IZ?sRzONfXF=B`;@?R?$YiN2a{gKbjzqS9xP{9yIw=Jc9h zO|ntr^W6FB`HRn7=rm*c9I!Hl7u`$V`Nxi2)2rZc{W-au8%XjAb6va5e4!5e%b^7+ zR~Y|e{a)6kL*uOwVPqlvJc13%21cKk&8y3kFpNX@IKV>^)jz4-e0>EfceC}}HyIML zcx20YLep+SZ_=J+=aNSM(Iw|4)eWl`S8qN#aoAb3(%`ueGW?>?P*F~s9Xp;dnNoPn z_LD@>ccJ$+G4V!d|EHcA)umr@qJAB!l&j5q-umTy_=tY6QBhe|eE0hIOL;3fLkDYO z8e`5@6rQyee?Q@5YG|ll{`9_N`Qw&M&fueM9ZMH&e5>^^4kN*5M}NgnKCc~mY+plE z%8>qIR{~|y5>)f zEe&A}X$K~oL0Tl&6UEtP5NR1+ZtWBL9X#Ae+hoI^-17OVZ_zj9@(^ODfe(e?^Ykkq zU3`lP@Jh3+xZZ~6-m;hG-5*BY2o3$|!QEOCcI1G6>a&&(jccRBy{CJ^kK8vu&2ril zqGYDfe3H4fFf(VokYaMF z*TBHc+(*+?u6pqK2^Fmy%{8U=qnFOkp-XkVJ(!(e#8q5u8#=la_prRp#;vyKxf7(f zIBERJrd=4f5S{QVoinfa4_zx1ZR4qOJX7kZ|4!t7|0NcWuU_gYjWwB6oo%x1veQ>C z+bGE$XdTx~aO{qrx~J^$BId?v*L!Y!^cp%f7ji3H&gCM#hjZ*-9kuBE?AAG;MB*Gk z98EWWfO*)-TdzlW48y0S6K6J#T`sl~*)bVQ(=wWC7cia^1~Dju6T6JeuK<61G3B(D zp1DsYF}+F3j7idddE`oBrb2LpN6 z)Uo6wdmt-+SMP9F?vU*1w?`DfRZBMgZBFK{B{w1aCS!YZ!T+Ay?+o7mFeCieWbnNq z|JO`#1dzuLWP&3A-Ao`s8}LF-LjRo!js%j}|08q=0S5J7gbsn|{j1R7-?_)T8O486 z!O1+hB-OWbd9qj*T4`liO?FtM-0ej@P?LVNB5{vxb zOLW27=7t-KypG*?`49HD-7W@3?6U*I_P2#V zq5JHhXw+T|3P(ZEu)P>C95@=j4?}?e1%vKyi$Lxh3mA#o-xdW%@AUyjA<+nmxj}$U z3)wplFc=M(?QKiOP~iP`XvAI&1c3mWtDwDpApj2qgd#2ghJYgX+ChQnA;J4G%J@M6 zmJ7;xkTDd64i#BV%xi*aH|6zOOA90jC%X5L1Boe((6m zaRyPG4>Cp>XJEU4V0&W#jE{U8_VfqrdpH=i7X$17()WFBp(w;YzfcrvKL)Us@9_ab zfDiyX%w7x)-25<#vkG9qowmmgV7>t;WBvt0?_H1Gd4Tthc^9L&Uv@EywIpLOiuE94 z0E5fku>jQmD2lxc*pU}$pBvb4_G6UK1wbnSi3Cyj0OkRRR`2xz0rUze_AdDhqA2bSKyLwx zK#`QfRr@lUV}j45Q;qs^oKz1 z_W?#AC}RLa!YS7S0)v3Td(Q{?ISqnQ#tMc+QryL4I~a7I58x3+xrczG1-u3P&*wh5 zEdov%0|48%9>5a{wD;_j+XA=5zW$J~{eF=YclK^u)PBDxisup84tQz!j}LcOYdeP< zt}NuYCPO=)8vq{>pr~!&?Cj1$eoqA6=g&IbbY}UZ4dCW(?drb!PDJhs4X|iQN}kr! GWchzChcz4k literal 0 HcmV?d00001 diff --git a/Templates/Diagram_It_Webinar_Series/IoT - Wearable Device.xml b/Templates/Diagram_It_Webinar_Series/IoT - Wearable Device.xml new file mode 100644 index 0000000..78e0669 --- /dev/null +++ b/Templates/Diagram_It_Webinar_Series/IoT - Wearable Device.xml @@ -0,0 +1,25945 @@ + + + + + PG14R3JhcGhNb2RlbCBkeD0iMjg2MyIgZHk9IjExMjYiIGdyaWQ9IjAiIGdyaWRTaXplPSIxMCIgZ3VpZGVzPSIxIiB0b29sdGlwcz0iMSIgY29ubmVjdD0iMSIgYXJyb3dzPSIwIiBmb2xkPSIxIiBwYWdlPSIwIiBwYWdlU2NhbGU9IjEiIHBhZ2VXaWR0aD0iODUwIiBwYWdlSGVpZ2h0PSIxMTAwIiBtYXRoPSIwIiBzaGFkb3c9IjAiIGlyRHJhd2lvVmVyc2lvbj0iNi40LjAiIGlySXJpdXNSaXNrVmVyc2lvbj0iNC4yNy4zIj48cm9vdD48bXhDZWxsIGlkPSIwIi8+PG14Q2VsbCBpZD0iMSIgc3R5bGU9IiIgcGFyZW50PSIwIi8+PG14Q2VsbCBpZD0iMyIgdmFsdWU9IkludGVybmV0IiBzdHlsZT0iaXIucmVmPWYwYmE3NzIyLTM5YjYtNGM4MS04MjkwLWEzMGEyNDhiYjhkOTtyb3VuZGVkPTE7d2hpdGVTcGFjZT13cmFwO3JlY3Vyc2l2ZVJlc2l6ZT0wO2h0bWw9MTt2ZXJ0aWNhbEFsaWduPXRvcDthbGlnbj1sZWZ0O2Rhc2hlZD0xO3N0cm9rZVdpZHRoPTE7YXJjU2l6ZT0zO2Fic29sdXRlQXJjU2l6ZT0xO3NwYWNpbmdUb3A9MTtzcGFjaW5nTGVmdD0zMjtzdHJva2VDb2xvcj0jNzU3NUVCO2ZpbGxDb2xvcj0jRjBGMEZGO2ZpbGxPcGFjaXR5PTMwO2ZvbnRDb2xvcj0jNTY1MUUwO2Nvbm5lY3RhYmxlPTA7Y29udGFpbmVyPTE7c291cmNlPWlyaXVzcmlzaztpci50eXBlPVRSVVNUWk9ORTsiIHBhcmVudD0iMSIgdmVydGV4PSIxIiBpc1RodW1iPSIwIj48bXhHZW9tZXRyeSB4PSItNDM1IiB5PSIyMjIiIHdpZHRoPSIxMjY3IiBoZWlnaHQ9IjQyMyIgYXM9Imdlb21ldHJ5Ii8+PC9teENlbGw+PG9iamVjdCBsYWJlbD0iaU9TIERldmljZSBDbGllbnQiIGlyLnNvdXJjZVN0eWxlPSJyb3VuZGVkPTE7d2hpdGVTcGFjZT13cmFwO2h0bWw9MTtpbWFnZUFsaWduPWNlbnRlcjtpbWFnZVdpZHRoPTgyO2ltYWdlSGVpZ2h0PTgyO2Fic29sdXRlQXJjU2l6ZT0xO3N0cm9rZUNvbG9yPSMyMEM5RTM7Zm9udFNpemU9MTI7c291cmNlPWlyaXVzcmlzazt2ZXJ0aWNhbEFsaWduPXRvcDtzdHJva2VXaWR0aD0xO2NvbnRhaW5lcj0wO3JlY3Vyc2l2ZVJlc2l6ZT0xO2FsaWduPWNlbnRlcjthcmNTaXplPTkwO2ltYWdlPWRhdGE6aW1hZ2Uvc3ZnK3htbCxQSE4yWnlCNGJXeHVjejBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01DOXpkbWNpSUhkcFpIUm9QU0l4SWlCb1pXbG5hSFE5SWpFaUlIWnBaWGRDYjNnOUlqQWdNQ0F4SURFaUlHWnBiR3c5SW01dmJtVWlQaVlqZUdFN1BITjBlV3hsUGlZamVHRTdJQ0FnSUM1cFkyOXVMV1pwYkd3Z2V5WWplR0U3SUNBZ0lDQWdJQ0JtYVd4c09pQWpNVEZCT0VOR095WWplR0U3SUNBZ0lIMG1JM2hoT3p3dmMzUjViR1UrSmlONFlUczhaeUJqYkdsd0xYQmhkR2c5SW5WeWJDZ2pZMnhwY0RBcElqNG1JM2hoT3p4d1lYUm9JR1E5SWswd0xqWTFORFV6TkNBd0xqVXdOemMwTWtNd0xqWTFOREkxTmlBd0xqUTJNRFF4T0NBd0xqWTNOVFk1T0NBd0xqUXlORGMxTWlBd0xqY3hPRGs1TmlBd0xqTTVPRFExTTBNd0xqWTVORGM0SURBdU16WXpOelU1SURBdU5qVTRNVFF5SURBdU16UTBOamMzSURBdU5qQTVPRFEzSURBdU16UXdPVGs1UXpBdU5UWTBNVElnTUM0ek16Y3pPVEVnTUM0MU1UUXdPU0F3TGpNMk56WTBOU0F3TGpRNU5UYzNNU0F3TGpNMk56WTBOVU13TGpRM05qUXhNaUF3TGpNMk56WTBOU0F3TGpRek1qRTBNaUF3TGpNME1qSTBPQ0F3TGpNNU56TXdPQ0F3TGpNME1qSTBPRU13TGpNeU5UUXlNU0F3TGpNME16TTFPQ0F3TGpJME9UQXlNeUF3TGpNNU9UVTJOQ0F3TGpJME9UQXlNeUF3TGpVeE16a3hOME13TGpJME9UQXlNeUF3TGpVME56Y3hJREF1TWpVMU1UazVJREF1TlRneU5qRXpJREF1TWpZM05UVWdNQzQyTVRnMU5UZERNQzR5T0RRd05qVWdNQzQyTmpVNE9DQXdMak0wTXpZd01TQXdMamM0TVRneklEQXVOREExTnpBMElEQXVOemM1T1RVMlF6QXVORE00TVRjNElEQXVOemM1TVRreklEQXVORFl4TVRRMklEQXVOelUyT1RFNUlEQXVOVEF6TkRBMElEQXVOelUyT1RFNVF6QXVOVFEwTkRFeklEQXVOelUyT1RFNUlEQXVOVFkxTmpRMklEQXVOemM1T1RVMklEQXVOakF4T0RZM0lEQXVOemM1T1RVMlF6QXVOalkwTlRJMklEQXVOemM1TURVMElEQXVOekU0TXpjeUlEQXVOamN6TmpVeUlEQXVOek0wTURVMElEQXVOakkyTVRnNVF6QXVOalV3TURJMElEQXVOVGcyTlRZNElEQXVOalUwTlRNMElEQXVOVEV3TVRjZ01DNDJOVFExTXpRZ01DNDFNRGMzTkRKV01DNDFNRGMzTkRKYVRUQXVOVGd4TmpBMklEQXVNamsyTVRBMFF6QXVOakUyTnpnMklEQXVNalUwTXpNeUlEQXVOakV6TlRrMElEQXVNakUyTXpBMklEQXVOakV5TlRVeklEQXVNakF5TmpNM1F6QXVOVGd4TkRZM0lEQXVNakEwTkRReElEQXVOVFExTlRJeklEQXVNakl6T0NBd0xqVXlOVEExTkNBd0xqSTBOell3TVVNd0xqVXdNalV3TWlBd0xqSTNNekV6TmlBd0xqUTRPVEkwT1NBd0xqTXdORGN3T0NBd0xqUTVNakE1TkNBd0xqTTBNRE13TlVNd0xqVXlOVFkzT0NBd0xqTTBNamczTXlBd0xqVTFOak0wT0NBd0xqTXlOVFU1TlNBd0xqVTRNVFl3TmlBd0xqSTVOakV3TkZZd0xqSTVOakV3TkZvaUlHTnNZWE56UFNKcFkyOXVMV1pwYkd3aUx6NG1JM2hoT3p3dlp6NG1JM2hoT3p4a1pXWnpQaVlqZUdFN1BHTnNhWEJRWVhSb0lHbGtQU0pqYkdsd01DSStKaU40WVRzOGNtVmpkQ0IzYVdSMGFEMGlNQzQzTVRBMU5EY2lJR2hsYVdkb2REMGlNQzQzTVRBMU5EY2lJR1pwYkd3OUluZG9hWFJsSWlCMGNtRnVjMlp2Y20wOUluUnlZVzV6YkdGMFpTZ3dMakV6TlRrNE5pQXdMakV6TmpFd09Da2lMejRtSTNoaE96d3ZZMnhwY0ZCaGRHZytKaU40WVRzOEwyUmxabk0rSmlONFlUczhMM04yWno0PTt2ZXJ0aWNhbExhYmVsUG9zaXRpb249Ym90dG9tOyIgaWQ9IjYiPjxteENlbGwgc3R5bGU9ImlyLnJlZj02NTQzZDYxNS0yYjNlLTQzMmItYTcyZC03ZTNiNzY5NDE1NDc7cm91bmRlZD0xO3doaXRlU3BhY2U9d3JhcDtodG1sPTE7aW1hZ2VBbGlnbj1jZW50ZXI7aW1hZ2VXaWR0aD04MjtpbWFnZUhlaWdodD04MjthYnNvbHV0ZUFyY1NpemU9MTtzdHJva2VDb2xvcj0jMjBDOUUzO2ZpbGxDb2xvcj0jRTNGQ0ZDO2ZvbnRDb2xvcj0jMDA4NEFEO2ZvbnRTaXplPTEzO3NvdXJjZT1jdXN0b207aXIudHlwZT1DT01QT05FTlQ7aXIuY29tcG9uZW50RGVmaW5pdGlvbi5yZWY9aW9zLWRldmljZS1jbGllbnQ7dmVydGljYWxBbGlnbj10b3A7aXIuc3luY2hyb25pemVkPTE7c3Ryb2tlV2lkdGg9MTtjb250YWluZXI9MTtyZWN1cnNpdmVSZXNpemU9MDthbGlnbj1sZWZ0O2FyY1NpemU9MztwZXJpbWV0ZXI9cmVjdGFuZ2xlUGVyaW1ldGVyO3RleHREaXJlY3Rpb249bHRyO3NwYWNpbmdUb3A9MTtzcGFjaW5nTGVmdD0zMjsiIHBhcmVudD0iMyIgdmVydGV4PSIxIiBpc1RodW1iPSIwIj48bXhHZW9tZXRyeSB4PSI0OCIgeT0iNjEiIHdpZHRoPSI0MjAiIGhlaWdodD0iMzE5IiBhcz0iZ2VvbWV0cnkiLz48L214Q2VsbD48L29iamVjdD48bXhDZWxsIGlkPSI1NiIgdmFsdWU9IklvVCBPcGVyYXRpbmcgU3lzdGVtIC0+IFdpLUZpIHBvcnQiIHN0eWxlPSJpci5yZWY9YzM3NmI0YzktNzAyMy00N2U0LTk2NGUtZmNjZTQ4MTQ4ZjViO2VkZ2VTdHlsZT1ub25lO2N1cnZlZD0xO2h0bWw9MTtpci5zeW5jaHJvbml6ZWQ9MTtleGl0WD0xO2V4aXRZPTAuMjU7ZXhpdER4PTA7ZXhpdER5PTA7ZW50cnlYPTA7ZW50cnlZPTAuNTtlbnRyeUR4PTA7ZW50cnlEeT0wO3N0cm9rZUNvbG9yPSNCRkJGQkY7c3Ryb2tlV2lkdGg9MjtlbmRBcnJvdz1vcGVuO2VuZEZpbGw9MDtlbmRTaXplPTQ7c291cmNlUGVyaW1ldGVyU3BhY2luZz05OyIgcGFyZW50PSI2IiBzb3VyY2U9IjUiIHRhcmdldD0iMTgiIGVkZ2U9IjEiPjxteEdlb21ldHJ5IHJlbGF0aXZlPSIxIiBhcz0iZ2VvbWV0cnkiLz48L214Q2VsbD48b2JqZWN0IGxhYmVsPSJJb1QgT3BlcmF0aW5nIFN5c3RlbSIgaXIuc291cmNlU3R5bGU9InJvdW5kZWQ9MTt3aGl0ZVNwYWNlPXdyYXA7aHRtbD0xO2ltYWdlQWxpZ249Y2VudGVyO2ltYWdlV2lkdGg9ODI7aW1hZ2VIZWlnaHQ9ODI7YWJzb2x1dGVBcmNTaXplPTE7c3Ryb2tlQ29sb3I9IzIwQzlFMztmb250U2l6ZT0xMjtzb3VyY2U9aXJpdXNyaXNrO3ZlcnRpY2FsQWxpZ249dG9wO3N0cm9rZVdpZHRoPTE7Y29udGFpbmVyPTA7cmVjdXJzaXZlUmVzaXplPTE7YWxpZ249Y2VudGVyO2FyY1NpemU9OTA7aW1hZ2U9ZGF0YTppbWFnZS9zdmcreG1sLFBITjJaeUI0Yld4dWN6MGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM5emRtY2lJSGRwWkhSb1BTSXhJaUJvWldsbmFIUTlJakVpSUhacFpYZENiM2c5SWpBZ01DQXhJREVpSUdacGJHdzlJbTV2Ym1VaVBpWWplR0U3UEhOMGVXeGxQaVlqZUdFN0lDQWdJQzVwWTI5dUxXWnBiR3dnZXlZamVHRTdJQ0FnSUNBZ0lDQm1hV3hzT2lBak1URkJPRU5HT3lZamVHRTdJQ0FnSUgwbUkzaGhPend2YzNSNWJHVStKaU40WVRzOFp5QmpiR2x3TFhCaGRHZzlJblZ5YkNnalkyeHBjREFwSWo0bUkzaGhPenh3WVhSb0lHUTlJazB3TGpNNE1EUTNOaUF3TGpjeE5qWTNPRU13TGpNMU56ZzNNU0F3TGpjeU5UVTNNeUF3TGpNek1qY3dPQ0F3TGpjek1EQXlNU0F3TGpNd05EazROaUF3TGpjek1EQXlNVU13TGpJM056STJNeUF3TGpjek1EQXlNU0F3TGpJMU1qRWdNQzQzTWpVMU56TWdNQzR5TWprME9UWWdNQzQzTVRZMk56aERNQzR5TURZNE9URWdNQzQzTURjM09ETWdNQzR4T0Rnek16a2dNQzQyT1RVNU1qTWdNQzR4TnpNNE16Z2dNQzQyT0RFd09UaERNQzR4TlRrek16Y2dNQzQyTmpZeU56TWdNQzR4TkRjeE9ESWdNQzQyTkRnMk9UUWdNQzR4TXpjek56SWdNQzQyTWpnek5qTkRNQzR4TWpjMU5qTWdNQzQyTURnd016RWdNQzR4TWpBMU1qWWdNQzQxT0RjeU56WWdNQzR4TVRZeU5qRWdNQzQxTmpZd09UaERNQzR4TVRFNU9UWWdNQzQxTkRRNU1Ua2dNQzR4TURrNE5qTWdNQzQxTWpJNE9UTWdNQzR4TURrNE5qTWdNQzQxTURBd01rTXdMakV3T1RnMk15QXdMalEzTnpFME55QXdMakV4TVRrNU5pQXdMalExTlRFeU1TQXdMakV4TmpJMk1TQXdMalF6TXprME0wTXdMakV5TURVeU5pQXdMalF4TWpjMk5DQXdMakV5TnpVMk15QXdMak01TWpBd09TQXdMakV6TnpNM01pQXdMak0zTVRZM04wTXdMakUwTnpFNE1pQXdMak0xTVRNME5pQXdMakUxT1RNek55QXdMak16TXpjMk55QXdMakUzTXpnek9DQXdMak14T0RrME1rTXdMakU0T0RNek9TQXdMak13TkRFeE55QXdMakl3TmpnNU1TQXdMakk1TWpJMU55QXdMakl5T1RRNU5pQXdMakk0TXpNMk1rTXdMakkxTWpFZ01DNHlOelEwTmpjZ01DNHlOemN5TmpNZ01DNHlOekF3TWlBd0xqTXdORGs0TmlBd0xqSTNNREF5UXpBdU16TXlOekE0SURBdU1qY3dNRElnTUM0ek5UYzROekVnTUM0eU56UTBOamNnTUM0ek9EQTBOellnTUM0eU9ETXpOakpETUM0ME1ETXdPQ0F3TGpJNU1qSTFOeUF3TGpReU1UWXpNeUF3TGpNd05ERXhOeUF3TGpRek5qRXpOQ0F3TGpNeE9EazBNa013TGpRMU1EWXpOU0F3TGpNek16YzJOeUF3TGpRMk1qYzVJREF1TXpVeE16UTJJREF1TkRjeU5UazVJREF1TXpjeE5qYzNRekF1TkRneU5EQTVJREF1TXpreU1EQTVJREF1TkRnNU5EUTJJREF1TkRFeU56WTBJREF1TkRrek56RXhJREF1TkRNek9UUXpRekF1TkRrM09UYzJJREF1TkRVMU1USXhJREF1TlRBd01UQTRJREF1TkRjM01UUTNJREF1TlRBd01UQTRJREF1TlRBd01ESkRNQzQxTURBeE1EZ2dNQzQxTWpJNE9UTWdNQzQwT1RjNU56WWdNQzQxTkRRNU1Ua2dNQzQwT1RNM01URWdNQzQxTmpZd09UaERNQzQwT0RrME5EWWdNQzQxT0RjeU56WWdNQzQwT0RJME1Ea2dNQzQyTURnd016RWdNQzQwTnpJMU9Ua2dNQzQyTWpnek5qTkRNQzQwTmpJM09TQXdMalkwT0RZNU5DQXdMalExTURZek5TQXdMalkyTmpJM015QXdMalF6TmpFek5DQXdMalk0TVRBNU9FTXdMalF5TVRZek15QXdMalk1TlRreU15QXdMalF3TXpBNElEQXVOekEzTnpneklEQXVNemd3TkRjMklEQXVOekUyTmpjNFdrMHdMakkwTmpFeU9TQXdMalkxTVRnM01VTXdMakkyTXpFNE9TQXdMalkyTVRZeE15QXdMakk0TWpnd09DQXdMalkyTmpRNE5TQXdMak13TkRrNE5pQXdMalkyTmpRNE5VTXdMak15TnpFMk5DQXdMalkyTmpRNE5TQXdMak0wTmpjNE1pQXdMalkyTVRRd01pQXdMak0yTXpnME1pQXdMalkxTVRJek5rTXdMak00TURrd01pQXdMalkwTURZME55QXdMak01TkRFeU5DQXdMall5TmpnNElEQXVOREF6TlRBM0lEQXVOakE1T1RNM1F6QXVOREV5T0RrZ01DNDFPVEk1T1RVZ01DNDBNVGszTVRNZ01DNDFOelUwTVRZZ01DNDBNak01TnpnZ01DNDFOVGN5TURORE1DNDBNamcyTnlBd0xqVXpPRFUyTlNBd0xqUXpNVEF4TmlBd0xqVXhPVFV3TkNBd0xqUXpNVEF4TmlBd0xqVXdNREF5UXpBdU5ETXhNREUySURBdU5EYzVOamc1SURBdU5ESTROamNnTUM0ME5qQXlNRFFnTUM0ME1qTTVOemdnTUM0ME5ERTFOamRETUM0ME1UazNNVE1nTUM0ME1qSTFNRFlnTUM0ME1USTRPU0F3TGpRd05EY3hOaUF3TGpRd016VXdOeUF3TGpNNE9ERTVOME13TGpNNU5ERXlOQ0F3TGpNM01UWTNOeUF3TGpNNE1Ea3dNaUF3TGpNMU9EVTBOaUF3TGpNMk16ZzBNaUF3TGpNME9EZ3dORU13TGpNME5qYzRNaUF3TGpNek9EWXpPQ0F3TGpNeU56RTJOQ0F3TGpNek16VTFOaUF3TGpNd05EazROaUF3TGpNek16VTFOa013TGpJNE1qZ3dPQ0F3TGpNek16VTFOaUF3TGpJMk16RTRPU0F3TGpNek9EZzFJREF1TWpRMk1USTVJREF1TXpRNU5EUkRNQzR5TWprd05qa2dNQzR6TlRrMk1EVWdNQzR5TVRVNE5EZ2dNQzR6TnpNeE5pQXdMakl3TmpRMk5TQXdMak01TURFd00wTXdMakU1TnpBNE1pQXdMalF3TnpBME5pQXdMakU1TURBME5TQXdMalF5TkRnek5pQXdMakU0TlRNMU15QXdMalEwTXpRM00wTXdMakU0TVRBNE9DQXdMalEyTVRZNE55QXdMakUzT0RrMU5pQXdMalE0TURVek5pQXdMakUzT0RrMU5pQXdMalV3TURBeVF6QXVNVGM0T1RVMklEQXVOVEl3TXpVeUlEQXVNVGd4TURnNElEQXVOVFF3TURRNElEQXVNVGcxTXpVeklEQXVOVFU1TVRBNVF6QXVNVGt3TURRMUlEQXVOVGMzTnpRMklEQXVNVGszTURneUlEQXVOVGsxTXpJMElEQXVNakEyTkRZMUlEQXVOakV4T0RRMFF6QXVNakUxT0RRNElEQXVOakk0TXpZeklEQXVNakk1TURZNUlEQXVOalF4TnpBMUlEQXVNalEyTVRJNUlEQXVOalV4T0RjeFdpSWdZMnhoYzNNOUltbGpiMjR0Wm1sc2JDSXZQaVlqZUdFN1BIQmhkR2dnWkQwaVRUQXVOek0yT1RZMElEQXVOek13TURJeFF6QXVOamszTXlBd0xqY3pNREF5TVNBd0xqWTJNamsyTnlBd0xqY3lNRFE1SURBdU5qTXpPVFkxSURBdU56QXhOREk1UXpBdU5qQTBPVFl6SURBdU5qZ3hPVFExSURBdU5UZzBPVEU0SURBdU5qVTFORGN5SURBdU5UY3pPREk1SURBdU5qSXlNREE1VERBdU5qTTJOVEkwSURBdU5UazVNVE0yUXpBdU5qUTFPVEEzSURBdU5qRTVPRGt4SURBdU5qVTVOVFUxSURBdU5qTTJOREV4SURBdU5qYzNORFk0SURBdU5qUTROamswUXpBdU5qazFNemd4SURBdU5qWXdOVFUxSURBdU56RTJNRFkySURBdU5qWTJORGcxSURBdU56TTVOVEl6SURBdU5qWTJORGcxUXpBdU56WTBNallnTUM0Mk5qWTBPRFVnTUM0M09ETTROemtnTUM0Mk5qQTFOVFVnTUM0M09UZ3pPQ0F3TGpZME9EWTVORU13TGpneE16TXdOeUF3TGpZek5qZ3pOQ0F3TGpneU1EYzNNU0F3TGpZeE9UZzVNU0F3TGpneU1EYzNNU0F3TGpVNU56ZzJOa013TGpneU1EYzNNU0F3TGpVNE9EVTBOeUF3TGpneE9EWXpPQ0F3TGpVNE1EQTNOaUF3TGpneE5ETTNNeUF3TGpVM01qUTFNVU13TGpneE1EVXpOU0F3TGpVMk5EUXdNeUF3TGpnd05qQTFOaUF3TGpVMU56Z3pPQ0F3TGpnd01Ea3pPU0F3TGpVMU1qYzFOVU13TGpjNU5UZ3lNU0F3TGpVME56WTNNaUF3TGpjNE56a3pJREF1TlRReU5UZzVJREF1TnpjM01qWTRJREF1TlRNM05UQTJRekF1TnpZMk5qQTJJREF1TlRNeUlEQXVOelUzTmpRNUlEQXVOVEkzT1RjMklEQXVOelV3TXprNUlEQXVOVEkxTkRNMFF6QXVOelF6TlRjMUlEQXVOVEl5TkRZNUlEQXVOek16TXpNNUlEQXVOVEU0TmpVM0lEQXVOekU1TmpreElEQXVOVEV6T1RrNFF6QXVOekF5TmpNeElEQXVOVEE0TURZNElEQXVOamc1T0RNMklEQXVOVEF6TkRBNUlEQXVOamd4TXpBMklEQXVOVEF3TURKRE1DNDJOekkzTnpZZ01DNDBPVFkyTXpFZ01DNDJOakUwTnpRZ01DNDBPVEV4TWpVZ01DNDJORGMwSURBdU5EZ3pOVEF4UXpBdU5qTXpOelV5SURBdU5EYzFORFV6SURBdU5qSXpNekF6SURBdU5EWTNOakUzSURBdU5qRTJNRFV5SURBdU5EVTVPVGt5UXpBdU5qQTVNakk0SURBdU5EVXhPVFEwSURBdU5qQXpNRFEwSURBdU5EUXhOVFkzSURBdU5UazNORGs1SURBdU5ESTRPRFpETUM0MU9URTVOVFVnTUM0ME1UWXhOVElnTUM0MU9Ea3hPRE1nTUM0ME1ERTVOak1nTUM0MU9Ea3hPRE1nTUM0ek9EWXlPVEZETUM0MU9Ea3hPRE1nTUM0ek5UTTJOelVnTUM0Mk1ERTVOemdnTUM0ek1qWXhORE1nTUM0Mk1qYzFOamdnTUM0ek1ETTJPVFJETUM0Mk5UTXhOVGNnTUM0eU9ERXlORFFnTUM0Mk9EYzVNVGNnTUM0eU56QXdNaUF3TGpjek1UZzBOaUF3TGpJM01EQXlRekF1TnpZNE5USTFJREF1TWpjd01ESWdNQzQzT1RnMU9UTWdNQzR5Tnpnd05qY2dNQzQ0TWpJd05TQXdMakk1TkRFMk0wTXdMamcwTlRrek5DQXdMak14TURJMU9TQXdMamcyTVRreU9DQXdMak16TVRZME9TQXdMamczTURBek1TQXdMak0xT0RNek5Vd3dMamd3T0RZeE5pQXdMak0zT0RZMk5rTXdMamd3TWpZME5TQXdMak0yTlRFeE1pQXdMamM1TWpZeU1pQXdMak0xTkRNeE1TQXdMamMzT0RVME55QXdMak0wTmpJMk0wTXdMamMyTkRrZ01DNHpNemMzT1RFZ01DNDNORGMyTWpZZ01DNHpNek0xTlRZZ01DNDNNalkzTWpnZ01DNHpNek0xTlRaRE1DNDNNRFUwTURNZ01DNHpNek0xTlRZZ01DNDJPRGcxTlRjZ01DNHpNemd5TVRVZ01DNDJOell4T0RnZ01DNHpORGMxTXpSRE1DNDJOalF5TkRZZ01DNHpOVFk0TlRJZ01DNDJOVGd5TnpVZ01DNHpOams1T0RNZ01DNDJOVGd5TnpVZ01DNHpPRFk1TWpaRE1DNDJOVGd5TnpVZ01DNHpPVGd6TmpJZ01DNDJOakk1TmpjZ01DNDBNRGcxTWpnZ01DNDJOekl6TlNBd0xqUXhOelF5TTBNd0xqWTRNVGN6TXlBd0xqUXlOak14T0NBd0xqWTVNVFUwTWlBd0xqUXpNamc0TkNBd0xqY3dNVGMzT0NBd0xqUXpOekV4T1VNd0xqY3hNakF4TkNBd0xqUTBNVE0xTlNBd0xqY3lOelU0TVNBd0xqUTBOekEzTXlBd0xqYzBPRFEzT1NBd0xqUTFOREkzTkVNd0xqYzJNVEkzTkNBd0xqUTFPRGt6TXlBd0xqYzNNRFkxTnlBd0xqUTJNalV6TkNBd0xqYzNOall5T0NBd0xqUTJOVEEzTlVNd0xqYzRNekF5TmlBd0xqUTJOekU1TXlBd0xqYzVNakU1TlNBd0xqUTNNVEF3TlNBd0xqZ3dOREV6TnlBd0xqUTNOalV4TWtNd0xqZ3hOakEzT1NBd0xqUTRNakF4T0NBd0xqZ3lOVEkwT1NBd0xqUTROekV3TVNBd0xqZ3pNVFkwTmlBd0xqUTVNVGMyUXpBdU9ETTRNRFEwSURBdU5EazFPVGsySURBdU9EUTFOVEE0SURBdU5UQXhPVEkySURBdU9EVTBNRE0zSURBdU5UQTVOVFZETUM0NE5qSTFOamNnTUM0MU1UY3hOelVnTUM0NE5qZzVOalVnTUM0MU1qVXdNVEVnTUM0NE56TXlNeUF3TGpVek16QTFPVU13TGpnM056a3lNU0F3TGpVME1EWTRNeUF3TGpnNE1UYzJJREF1TlRVd01qRTBJREF1T0RnME56UTFJREF1TlRZeE5qVkRNQzQ0T0RneE5UY2dNQzQxTnpJMk5qTWdNQzQ0T0RrNE5qTWdNQzQxT0RRMU1qTWdNQzQ0T0RrNE5qTWdNQzQxT1RjeU0wTXdMamc0T1RnMk15QXdMall6T0RjMElEQXVPRGMxTlRjMklEQXVOamN4TXpVMklEQXVPRFEzSURBdU5qazFNRGMyUXpBdU9ERTROREkxSURBdU56RTRNemN5SURBdU56Z3hOelEySURBdU56TXdNREl4SURBdU56TTJPVFkwSURBdU56TXdNREl4V2lJZ1kyeGhjM005SW1samIyNHRabWxzYkNJdlBpWWplR0U3UEhCaGRHZ2daRDBpVFRBdU16WTNOVEV6SURBdU5EZzJOREUxUXpBdU16YzBNakl5SURBdU5Ea3pNVEkwSURBdU16Z3dNREUxSURBdU5UQXhNalFnTUM0ek9EUTBNamtnTUM0MU1EazROamxETUM0ek9EY3lOVGdnTUM0MU1UVTBNREVnTUM0ek9EVXdOamdnTUM0MU1qSXhOemtnTUM0ek56azFNellnTUM0MU1qVXdNRGhETUM0ek56UXdNRFFnTUM0MU1qYzRNemNnTUM0ek5qY3lNallnTUM0MU1qVTJORGNnTUM0ek5qUXpPVGNnTUM0MU1qQXhNVFZETUM0ek5qRXdNalFnTUM0MU1UTTFNVGtnTUM0ek5UWTFPVGtnTUM0MU1EY3pNaUF3TGpNMU1UWXdNeUF3TGpVd01qTXlORU13TGpNeU5EWTRNU0F3TGpRM05UUXdNaUF3TGpJNE1UQXpJREF1TkRjMU5EQXlJREF1TWpVME1UQTRJREF1TlRBeU16STBRekF1TWpRNE9EYzJJREF1TlRBM05UVTJJREF1TWpRME5qTWdNQzQxTVRNME16UWdNQzR5TkRFek5Ua2dNQzQxTVRrNE9UbERNQzR5TXpnMU5UVWdNQzQxTWpVME5EUWdNQzR5TXpFM09EY2dNQzQxTWpjMk5qVWdNQzR5TWpZeU5ESWdNQzQxTWpRNE5rTXdMakl5TURZNU9DQXdMalV5TWpBMU5pQXdMakl4T0RRM055QXdMalV4TlRJNE9DQXdMakl5TVRJNE1TQXdMalV3T1RjME5FTXdMakl5TlRZeU5DQXdMalV3TVRFMU9TQXdMakl6TVRJM05DQXdMalE1TXpNek9DQXdMakl6T0RFNU9DQXdMalE0TmpReE5VTXdMakkzTXprd055QXdMalExTURjd05TQXdMak16TVRnd05DQXdMalExTURjd05TQXdMak0yTnpVeE15QXdMalE0TmpReE5WcE5NQzR6TkRRME5qSWdNQzQxTWpBd05qbERNQzR6TkRrMk5EUWdNQzQxTWpVeU5URWdNQzR6TlRNNE9UTWdNQzQxTXpFMU9UUWdNQzR6TlRZNE5USWdNQzQxTXpnek5EVkRNQzR6TlRrek5EVWdNQzQxTkRRd016WWdNQzR6TlRZM05UUWdNQzQxTlRBMk56RWdNQzR6TlRFd05qTWdNQzQxTlRNeE5qUkRNQzR6TkRVek56SWdNQzQxTlRVMk5UZ2dNQzR6TXpnM016Y2dNQzQxTlRNd05qWWdNQzR6TXpZeU5ETWdNQzQxTkRjek56WkRNQzR6TXpRek9ETWdNQzQxTkRNeE16RWdNQzR6TXpFM01ETWdNQzQxTXpreE15QXdMak15T0RVMU15QXdMalV6TlRrM09VTXdMak14TkRNMUlEQXVOVEl4TnpjM0lEQXVNamt4TXpJMElEQXVOVEl4TnpjM0lEQXVNamMzTVRJeUlEQXVOVE0xT1RjNVF6QXVNamN6T1RreUlEQXVOVE01TVRBNUlEQXVNamN4TkRNM0lEQXVOVFF5T1RReElEQXVNalk1TlRZZ01DNDFORGN5TXpKRE1DNHlOamN3TmprZ01DNDFOVEk1TWpRZ01DNHlOakEwTXpZZ01DNDFOVFUxTVRrZ01DNHlOVFEzTkRRZ01DNDFOVE13TWpoRE1DNHlORGt3TlRJZ01DNDFOVEExTXpnZ01DNHlORFkwTlRZZ01DNDFORE01TURRZ01DNHlORGc1TkRjZ01DNDFNemd5TVRKRE1DNHlOVEU1TVRjZ01DNDFNekUwTWpRZ01DNHlOVFl3TXpZZ01DNDFNalV5TkRZZ01DNHlOakV5TVRJZ01DNDFNakF3TmpsRE1DNHlPRFF5TURFZ01DNDBPVGN3T0RFZ01DNHpNakUwTnpRZ01DNDBPVGN3T0RFZ01DNHpORFEwTmpJZ01DNDFNakF3TmpsYVRUQXVNemszTVRVNElEQXVORFU1TXpBMlF6QXVOREF5T0RjeklEQXVORFkxTURJeElEQXVOREE0TWpZeElEQXVORGN4TlRRZ01DNDBNVEk1TlRFZ01DNDBOemd6TXpaRE1DNDBNVFkwT0RFZ01DNDBPRE0wTlNBd0xqUXhOVEU1TmlBd0xqUTVNRFExTmlBd0xqUXhNREE0TXlBd0xqUTVNems0TlVNd0xqUXdORGsyT1NBd0xqUTVOelV4TkNBd0xqTTVOemsyTXlBd0xqUTVOakl6SURBdU16azBORE0wSURBdU5Ea3hNVEUzUXpBdU16a3dORGs1SURBdU5EZzFOREUySURBdU16ZzFPVGM1SURBdU5EYzVPVFEySURBdU16Z3hNalE0SURBdU5EYzFNakUyUXpBdU16TTNOamcxSURBdU5ETXhOalV6SURBdU1qWTNNRFUxSURBdU5ETXhOalV6SURBdU1qSXpORGt4SURBdU5EYzFNakUyUXpBdU1qRTVJREF1TkRjNU56QTNJREF1TWpFME5USTFJREF1TkRnMU1UZ2dNQzR5TVRBME16WWdNQzQwT1RFd056TkRNQzR5TURZNE9UUWdNQzQwT1RZeE56Z2dNQzR4T1RrNE9EVWdNQzQwT1RjME5EWWdNQzR4T1RRM09DQXdMalE1TXprd05FTXdMakU0T1RZM05TQXdMalE1TURNMk15QXdMakU0T0RRd055QXdMalE0TXpNMU15QXdMakU1TVRrME9TQXdMalEzT0RJME9FTXdMakU1TmpjMk5DQXdMalEzTVRNd09DQXdMakl3TWpBNElEQXVORFkwT0RBNElEQXVNakEzTlRneElEQXVORFU1TXpBMlF6QXVNalU1T1RNeElEQXVOREEyT1RVMklEQXVNelEwT0RBNElEQXVOREEyT1RVMklEQXVNemszTVRVNElEQXVORFU1TXpBMldrMHdMak14TkRNNE5DQXdMalUxTURreFF6QXVNekl3T1RjNElEQXVOVFUzTlRBMElEQXVNekl3T1RjNElEQXVOVFk0TVRrMklEQXVNekUwTXpnMElEQXVOVGMwTnpreFF6QXVNekEzTnpnNUlEQXVOVGd4TXpnMklEQXVNamszTURrM0lEQXVOVGd4TXpnMklEQXVNamt3TlRBeUlEQXVOVGMwTnpreFF6QXVNamd6T1RBM0lEQXVOVFk0TVRrMklEQXVNamd6T1RBM0lEQXVOVFUzTlRBMElEQXVNamt3TlRBeUlEQXVOVFV3T1RGRE1DNHlPVGN3T1RjZ01DNDFORFF6TVRVZ01DNHpNRGMzT0RrZ01DNDFORFF6TVRVZ01DNHpNVFF6T0RRZ01DNDFOVEE1TVZvaUlHTnNZWE56UFNKcFkyOXVMV1pwYkd3aUx6NG1JM2hoT3p3dlp6NG1JM2hoT3p4a1pXWnpQaVlqZUdFN1BHTnNhWEJRWVhSb0lHbGtQU0pqYkdsd01DSStKaU40WVRzOGNtVmpkQ0IzYVdSMGFEMGlNU0lnYUdWcFoyaDBQU0l4SWlCbWFXeHNQU0ozYUdsMFpTSXZQaVlqZUdFN1BDOWpiR2x3VUdGMGFENG1JM2hoT3p3dlpHVm1jejRtSTNoaE96d3ZjM1puUGc9PTt2ZXJ0aWNhbExhYmVsUG9zaXRpb249Ym90dG9tOyIgaWQ9IjUiPjxteENlbGwgc3R5bGU9ImlyLnJlZj04ZWZmOGNhNi1lZmE0LTQ0MjAtOTY5Ni03MGYwNDExZGY3YTk7cm91bmRlZD0xO3doaXRlU3BhY2U9d3JhcDtodG1sPTE7aW1hZ2VBbGlnbj1jZW50ZXI7aW1hZ2VXaWR0aD04MjtpbWFnZUhlaWdodD04MjthYnNvbHV0ZUFyY1NpemU9MTtzdHJva2VDb2xvcj0jMjBDOUUzO2ZpbGxDb2xvcj0jRTNGQ0ZDO2ZvbnRDb2xvcj0jMDA4NEFEO2ZvbnRTaXplPTEzO3NvdXJjZT1jdXN0b207aXIudHlwZT1DT01QT05FTlQ7aXIuY29tcG9uZW50RGVmaW5pdGlvbi5yZWY9aW90LW9wZXJhdGluZy1zeXN0ZW07dmVydGljYWxBbGlnbj10b3A7aXIuc3luY2hyb25pemVkPTE7c3Ryb2tlV2lkdGg9MTtjb250YWluZXI9MTtyZWN1cnNpdmVSZXNpemU9MDthbGlnbj1sZWZ0O2FyY1NpemU9MztwZXJpbWV0ZXI9cmVjdGFuZ2xlUGVyaW1ldGVyO3RleHREaXJlY3Rpb249bHRyO3NwYWNpbmdUb3A9MTtzcGFjaW5nTGVmdD0zMjsiIHBhcmVudD0iNiIgdmVydGV4PSIxIiBpc1RodW1iPSIwIj48bXhHZW9tZXRyeSB4PSIzMCIgeT0iMzgiIHdpZHRoPSIyMDgiIGhlaWdodD0iMjQyIiBhcz0iZ2VvbWV0cnkiLz48L214Q2VsbD48L29iamVjdD48bXhDZWxsIGlkPSIxMiIgdmFsdWU9IklvVCBNb2JpbGUgQXBwbGljYXRpb24iIHN0eWxlPSJpci5yZWY9ZjU0M2VhZjQtZjEyMC00OTA4LTkwZWUtMDE1MTVmOGUxM2FkO3JvdW5kZWQ9MTt3aGl0ZVNwYWNlPXdyYXA7aHRtbD0xO2FsaWduPWNlbnRlcjtpbWFnZUFsaWduPWNlbnRlcjtpbWFnZVdpZHRoPTgyO2ltYWdlSGVpZ2h0PTgyO2FyY1NpemU9OTA7YWJzb2x1dGVBcmNTaXplPTE7c3Ryb2tlQ29sb3I9IzIwQzlFMztmaWxsQ29sb3I9I0UzRkNGQztmb250Q29sb3I9IzAwODRBRDtmb250U2l6ZT0xMjtzb3VyY2U9aXJpdXNyaXNrO2lyLnR5cGU9Q09NUE9ORU5UO2lyLmNvbXBvbmVudERlZmluaXRpb24ucmVmPWlvdC1tb2JpbGUtYXBwbGljYXRpb247aW1hZ2U9ZGF0YTppbWFnZS9zdmcreG1sLFBITjJaeUI0Yld4dWN6MGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM5emRtY2lJSGRwWkhSb1BTSXhJaUJvWldsbmFIUTlJakVpSUhacFpYZENiM2c5SWpBZ01DQXhJREVpSUdacGJHdzlJbTV2Ym1VaVBpWWplR0U3UEhOMGVXeGxQaVlqZUdFN0lDQWdJQzVwWTI5dUxXWnBiR3dnZXlZamVHRTdJQ0FnSUNBZ0lDQm1hV3hzT2lBak1URkJPRU5HT3lZamVHRTdJQ0FnSUgwbUkzaGhPend2YzNSNWJHVStKaU40WVRzOFp5QmpiR2x3TFhCaGRHZzlJblZ5YkNnalkyeHBjREFwSWo0bUkzaGhPenh3WVhSb0lHWnBiR3d0Y25Wc1pUMGlaWFpsYm05a1pDSWdZMnhwY0MxeWRXeGxQU0psZG1WdWIyUmtJaUJrUFNKTk1DNHpOVFl5TlRRZ01DNHhNVFU1TmpkRE1DNHpNRE15TXpVZ01DNHhNVFU1TmpjZ01DNHlOakF5TlRRZ01DNHhOVGc1TkRjZ01DNHlOakF5TlRRZ01DNHlNVEU1TmpaV01DNDNPRGM1TmpSRE1DNHlOakF5TlRRZ01DNDROREE1T0RNZ01DNHpNRE15TXpVZ01DNDRPRE01TmpRZ01DNHpOVFl5TlRRZ01DNDRPRE01TmpSSU1DNDJORFF5TlRSRE1DNDJPVGN5TnpNZ01DNDRPRE01TmpRZ01DNDNOREF5TlRRZ01DNDROREE1T0RNZ01DNDNOREF5TlRRZ01DNDNPRGM1TmpSV01DNHlNVEU1TmpaRE1DNDNOREF5TlRRZ01DNHhOVGc1TkRjZ01DNDJPVGN5TnpNZ01DNHhNVFU1TmpjZ01DNDJORFF5TlRRZ01DNHhNVFU1TmpkSU1DNHpOVFl5TlRSYVRUQXVNek15TWpVMElEQXVNVGs1T1RZMlF6QXVNek15TWpVMElEQXVNVGcyTnpFeUlEQXVNelF5T1RrNUlEQXVNVGMxT1RZMklEQXVNelUyTWpVMElEQXVNVGMxT1RZMlNEQXVOalEwTWpVMFF6QXVOalUzTlRBNUlEQXVNVGMxT1RZMklEQXVOalk0TWpVMElEQXVNVGcyTnpFeUlEQXVOalk0TWpVMElEQXVNVGs1T1RZMlZqQXVOekkzT1RZMFF6QXVOalk0TWpVMElEQXVOelF4TWpFNUlEQXVOalUzTlRBNUlEQXVOelV4T1RZMElEQXVOalEwTWpVMElEQXVOelV4T1RZMFNEQXVNelUyTWpVMFF6QXVNelF5T1RrNUlEQXVOelV4T1RZMElEQXVNek15TWpVMElEQXVOelF4TWpFNUlEQXVNek15TWpVMElEQXVOekkzT1RZMFZqQXVNVGs1T1RZMldrMHdMalEzTWpJMU5DQXdMamcwTnprMk0wTXdMalExTmpjNUlEQXVPRFEzT1RZeklEQXVORFEwTWpVMElEQXVPRE0xTkRJM0lEQXVORFEwTWpVMElEQXVPREU1T1RZelF6QXVORFEwTWpVMElEQXVPREEwTlNBd0xqUTFOamM1SURBdU56a3hPVFkwSURBdU5EY3lNalUwSURBdU56a3hPVFkwU0RBdU5USTRNalUwUXpBdU5UUXpOekU0SURBdU56a3hPVFkwSURBdU5UVTJNalUwSURBdU9EQTBOU0F3TGpVMU5qSTFOQ0F3TGpneE9UazJNME13TGpVMU5qSTFOQ0F3TGpnek5UUXlOeUF3TGpVME16Y3hPQ0F3TGpnME56azJNeUF3TGpVeU9ESTFOQ0F3TGpnME56azJNMGd3TGpRM01qSTFORm9pSUdOc1lYTnpQU0pwWTI5dUxXWnBiR3dpTHo0bUkzaGhPend2Wno0bUkzaGhPenhuSUdOc2FYQXRjR0YwYUQwaWRYSnNLQ05qYkdsd01Ta2lQaVlqZUdFN1BIQmhkR2dnWkQwaVRUQXVOVFUzTnpRMElEQXVORFUzTURZNFF6QXVOVFl6TnpBNElEQXVORFl6TURNeUlEQXVOVFk0T0RVM0lEQXVORGN3TWpRM0lEQXVOVGN5TnpnZ01DNDBOemM1TVRoRE1DNDFOelV5T1RVZ01DNDBPREk0TXpVZ01DNDFOek16TkRnZ01DNDBPRGc0TmlBd0xqVTJPRFF6TVNBd0xqUTVNVE0zTkVNd0xqVTJNelV4TkNBd0xqUTVNemc0T1NBd0xqVTFOelE0T1NBd0xqUTVNVGswTWlBd0xqVTFORGszTkNBd0xqUTROekF5TlVNd0xqVTFNVGszTlNBd0xqUTRNVEUyTWlBd0xqVTBPREEwTWlBd0xqUTNOVFkxTWlBd0xqVTBNell3TWlBd0xqUTNNVEl4TVVNd0xqVXhPVFkzTVNBd0xqUTBOekkzT1NBd0xqUTRNRGczSURBdU5EUTNNamM1SURBdU5EVTJPVE01SURBdU5EY3hNakV4UXpBdU5EVXlNamc1SURBdU5EYzFPRFl5SURBdU5EUTROVEUwSURBdU5EZ3hNRGcySURBdU5EUTFOakEzSURBdU5EZzJPRE16UXpBdU5EUXpNVEUwSURBdU5Ea3hOell5SURBdU5ETTNNRGs0SURBdU5Ea3pOek0ySURBdU5ETXlNVGNnTUM0ME9URXlORE5ETUM0ME1qY3lORElnTUM0ME9EZzNOU0F3TGpReU5USTJOeUF3TGpRNE1qY3pOQ0F3TGpReU56YzJJREF1TkRjM09EQTJRekF1TkRNeE5qSWdNQzQwTnpBeE56VWdNQzQwTXpZMk5ETWdNQzQwTmpNeU1qTWdNQzQwTkRJM09UY2dNQzQwTlRjd05qaERNQzQwTnpRMU16a2dNQzQwTWpVek1qWWdNQzQxTWpZd01ESWdNQzQwTWpVek1qWWdNQzQxTlRjM05EUWdNQzQwTlRjd05qaGFUVEF1TlRNM01qVTBJREF1TkRnMk9UZzBRekF1TlRReE9EWXhJREF1TkRreE5Ua3hJREF1TlRRMU5qTTNJREF1TkRrM01qSTVJREF1TlRRNE1qWTNJREF1TlRBek1qTkRNQzQxTlRBME9EUWdNQzQxTURneU9Ea2dNQzQxTkRneE9DQXdMalV4TkRFNE5pQXdMalUwTXpFeU1TQXdMalV4TmpRd00wTXdMalV6T0RBMk15QXdMalV4T0RZeUlEQXVOVE15TVRZMUlEQXVOVEUyTXpFMklEQXVOVEk1T1RRNUlEQXVOVEV4TWpVM1F6QXVOVEk0TWprMUlEQXVOVEEzTkRnMElEQXVOVEkxT1RFeklEQXVOVEF6T1RJM0lEQXVOVEl6TVRFeUlEQXVOVEF4TVRJM1F6QXVOVEV3TkRnNElEQXVORGc0TlRBeklEQXVORGt3TURJZ01DNDBPRGcxTURNZ01DNDBOemN6T1RZZ01DNDFNREV4TWpkRE1DNDBOelEyTVRRZ01DNDFNRE01TURrZ01DNDBOekl6TkRNZ01DNDFNRGN6TVRZZ01DNDBOekEyTnpVZ01DNDFNVEV4TWpsRE1DNDBOamcwTmpFZ01DNDFNVFl4T0RrZ01DNDBOakkxTmpRZ01DNDFNVGcwT1RZZ01DNDBOVGMxTURRZ01DNDFNVFl5T0RKRE1DNDBOVEkwTkRVZ01DNDFNVFF3TmpnZ01DNDBOVEF4TXpnZ01DNDFNRGd4TnpJZ01DNDBOVEl6TlRJZ01DNDFNRE14TVRKRE1DNDBOVFE1T1RJZ01DNDBPVGN3TnpnZ01DNDBOVGcyTlRNZ01DNDBPVEUxT0RZZ01DNDBOak15TlRRZ01DNDBPRFk1T0RSRE1DNDBPRE0yT0RrZ01DNDBOalkxTlNBd0xqVXhOamd5SURBdU5EWTJOVFVnTUM0MU16Y3lOVFFnTUM0ME9EWTVPRFJhVFRBdU5UZzBNRGsxSURBdU5ETXlPVGN5UXpBdU5UZzVNVGMxSURBdU5ETTRNRFV5SURBdU5Ua3pPVFkwSURBdU5EUXpPRFEzSURBdU5UazRNVE16SURBdU5EUTVPRGc0UXpBdU5qQXhNamN4SURBdU5EVTBORE16SURBdU5qQXdNVEk1SURBdU5EWXdOall4SURBdU5UazFOVGd6SURBdU5EWXpOems0UXpBdU5Ua3hNRE00SURBdU5EWTJPVE0xSURBdU5UZzBPREVnTUM0ME5qVTNPVFFnTUM0MU9ERTJOek1nTUM0ME5qRXlORGhETUM0MU56Z3hOellnTUM0ME5UWXhPREVnTUM0MU56UXhOVGdnTUM0ME5URXpNVGtnTUM0MU5qazVOVE1nTUM0ME5EY3hNVFJETUM0MU16RXlNeUF3TGpRd09ETTVNU0F3TGpRMk9EUTBOeUF3TGpRd09ETTVNU0F3TGpReU9UY3lOQ0F3TGpRME56RXhORU13TGpReU5UY3pNeUF3TGpRMU1URXdOaUF3TGpReU1UYzFOQ0F3TGpRMU5UazNNU0F3TGpReE9ERXlJREF1TkRZeE1qRkRNQzQwTVRRNU56SWdNQzQwTmpVM05EZ2dNQzQwTURnM05ERWdNQzQwTmpZNE56UWdNQzQwTURReU1ETWdNQzQwTmpNM01qWkRNQzR6T1RrMk5qVWdNQzQwTmpBMU56Z2dNQzR6T1RnMU16a2dNQzQwTlRRek5EY2dNQzQwTURFMk9EY2dNQzQwTkRrNE1VTXdMalF3TlRrMk55QXdMalEwTXpZMElEQXVOREV3TmpreUlEQXVORE0zT0RZeUlEQXVOREUxTlRneUlEQXVORE15T1RjeVF6QXVORFl5TVRFMklEQXVNemcyTkRNNElEQXVOVE0zTlRZeUlEQXVNemcyTkRNNElEQXVOVGcwTURrMUlEQXVORE15T1RjeVdrMHdMalV4TURVeE9DQXdMalV4TkRNNU9VTXdMalV4TmpNNElEQXVOVEl3TWpZeElEQXVOVEUyTXpnZ01DNDFNamszTmpVZ01DNDFNVEExTVRnZ01DNDFNelUyTWpkRE1DNDFNRFEyTlRZZ01DNDFOREUwT0RrZ01DNDBPVFV4TlRJZ01DNDFOREUwT0RrZ01DNDBPRGt5T1NBd0xqVXpOVFl5TjBNd0xqUTRNelF5T0NBd0xqVXlPVGMyTlNBd0xqUTRNelF5T0NBd0xqVXlNREkyTVNBd0xqUTRPVEk1SURBdU5URTBNems1UXpBdU5EazFNVFV5SURBdU5UQTROVE0ySURBdU5UQTBOalUySURBdU5UQTROVE0ySURBdU5URXdOVEU0SURBdU5URTBNems1V2lJZ1kyeGhjM005SW1samIyNHRabWxzYkNJdlBpWWplR0U3UEM5blBpWWplR0U3UEdSbFpuTStKaU40WVRzOFkyeHBjRkJoZEdnZ2FXUTlJbU5zYVhBd0lqNG1JM2hoT3p4eVpXTjBJSGRwWkhSb1BTSXhJaUJvWldsbmFIUTlJakVpSUdacGJHdzlJbmRvYVhSbElpOCtKaU40WVRzOEwyTnNhWEJRWVhSb1BpWWplR0U3UEdOc2FYQlFZWFJvSUdsa1BTSmpiR2x3TVNJK0ppTjRZVHM4Y21WamRDQjNhV1IwYUQwaU1DNHlOQ0lnYUdWcFoyaDBQU0l3TGpJME1EQXdNaUlnWm1sc2JEMGlkMmhwZEdVaUlIUnlZVzV6Wm05eWJUMGlkSEpoYm5Oc1lYUmxLREF1TXpnd016Y3hJREF1TXpRNU9UYzJLU0l2UGlZamVHRTdQQzlqYkdsd1VHRjBhRDRtSTNoaE96d3ZaR1ZtY3o0bUkzaGhPend2YzNablBnPT07dmVydGljYWxMYWJlbFBvc2l0aW9uPWJvdHRvbTt2ZXJ0aWNhbEFsaWduPXRvcDtpci5zeW5jaHJvbml6ZWQ9MTtzdHJva2VXaWR0aD0xOyIgcGFyZW50PSI1IiB2ZXJ0ZXg9IjEiIGlzVGh1bWI9IjAiPjxteEdlb21ldHJ5IHg9IjU5IiB5PSI3OCIgd2lkdGg9IjkwIiBoZWlnaHQ9IjkwIiBhcz0iZ2VvbWV0cnkiLz48L214Q2VsbD48bXhDZWxsIGlkPSIxNCIgdmFsdWU9IkJsdWV0b290aCBwb3J0IC0+IElvVCBNb2JpbGUgQXBwbGljYXRpb24iIHN0eWxlPSJpci5yZWY9OTBiNjQzZTctMGU3NC00MGMyLWIyYTMtZTc4Yzg4NGMwYzUwO2VkZ2VTdHlsZT1ub25lO2N1cnZlZD0xO2h0bWw9MTtpci5zeW5jaHJvbml6ZWQ9MTtzdHJva2VDb2xvcj0jQkZCRkJGO3N0cm9rZVdpZHRoPTI7ZW5kQXJyb3c9b3BlbjtlbmRGaWxsPTA7ZW5kU2l6ZT00O3NvdXJjZVBlcmltZXRlclNwYWNpbmc9OTsiIHBhcmVudD0iNiIgc291cmNlPSI5IiB0YXJnZXQ9IjEyIiBlZGdlPSIxIj48bXhHZW9tZXRyeSByZWxhdGl2ZT0iMSIgYXM9Imdlb21ldHJ5Ij48QXJyYXkgYXM9InBvaW50cyI+PG14UG9pbnQgeD0iMjE0IiB5PSIyMzkiLz48L0FycmF5PjwvbXhHZW9tZXRyeT48L214Q2VsbD48bXhDZWxsIGlkPSI5IiB2YWx1ZT0iQmx1ZXRvb3RoIHBvcnQiIHN0eWxlPSJpci5yZWY9MjA0YmVmMTgtNmE0NS00Y2EwLTg2YzctNGE5ZjMwNWZjYmJmO3JvdW5kZWQ9MTt3aGl0ZVNwYWNlPXdyYXA7aHRtbD0xO2FsaWduPWNlbnRlcjtpbWFnZUFsaWduPWNlbnRlcjtpbWFnZVdpZHRoPTgyO2ltYWdlSGVpZ2h0PTgyO2FyY1NpemU9OTA7YWJzb2x1dGVBcmNTaXplPTE7c3Ryb2tlQ29sb3I9IzIwQzlFMztmaWxsQ29sb3I9I0UzRkNGQztmb250Q29sb3I9IzAwODRBRDtmb250U2l6ZT0xMjtzb3VyY2U9aXJpdXNyaXNrO2lyLnR5cGU9Q09NUE9ORU5UO2lyLmNvbXBvbmVudERlZmluaXRpb24ucmVmPUNELUJMVUVUT09USC1QT1JUO2ltYWdlPWRhdGE6aW1hZ2Uvc3ZnK3htbCxQSE4yWnlCM2FXUjBhRDBpTVNJZ2FHVnBaMmgwUFNJeElpQjJhV1YzUW05NFBTSXdJREFnTVNBeElpQm1hV3hzUFNKdWIyNWxJaUI0Yld4dWN6MGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM5emRtY2lQanh6ZEhsc1pUNGdJQ0FnTG1samIyNHRabWxzYkNCN0lDQWdJQ0FnSUNCbWFXeHNPaUFqTVRGQk9FTkdPeUFnSUNCOVBDOXpkSGxzWlQ0OFp5QmpiR2x3TFhCaGRHZzlJblZ5YkNnalkyeHBjREJmTWpJMk4xOHlNalk0TVNraVBqeHdZWFJvSUdROUlrMHdMakUzTkRNeE5pQXdMakl4TWpnMk5rTXdMakUzTkRNeE5pQXdMakU1TVRjeE1TQXdMakU1TVRRMk55QXdMakUzTkRVMk1TQXdMakl4TWpZeU1pQXdMakUzTkRVMk1VZ3dMamM0TnpJeE1VTXdMamd3T0RNMk5pQXdMakUzTkRVMk1TQXdMamd5TlRVeE5pQXdMakU1TVRjeE1TQXdMamd5TlRVeE5pQXdMakl4TWpnMk5sWXdMamM0TnpRMU5VTXdMamd5TlRVeE5pQXdMamd3T0RZeElEQXVPREE0TXpZMklEQXVPREkxTnpZZ01DNDNPRGN5TVRFZ01DNDRNalUzTmtnd0xqSXhNall5TWtNd0xqRTVNVFEyTnlBd0xqZ3lOVGMySURBdU1UYzBNekUySURBdU9EQTROakVnTUM0eE56UXpNVFlnTUM0M09EYzBOVFZXTUM0eU1USTROalphSWlCamJHRnpjejBpYVdOdmJpMW1hV3hzSWk4K1BIQmhkR2dnWkQwaVRUQXVNVGd6TVRBMUlEQXVNakl3TmpKRE1DNHhPRE14TURVZ01DNHlNREF3TXpZZ01DNHhPVGszT1RJZ01DNHhPRE16TlNBd0xqSXlNRE0zTmlBd0xqRTRNek0xU0RBdU56YzVORE0xUXpBdU9EQXdNREU1SURBdU1UZ3pNelVnTUM0NE1UWTNNRFVnTUM0eU1EQXdNellnTUM0NE1UWTNNRFVnTUM0eU1qQTJNbFl3TGpjM09UWTNPVU13TGpneE5qY3dOU0F3TGpnd01ESTJNeUF3TGpnd01EQXhPU0F3TGpneE5qazFJREF1TnpjNU5ETTFJREF1T0RFMk9UVklNQzR5TWpBek56WkRNQzR4T1RrM09USWdNQzQ0TVRZNU5TQXdMakU0TXpFd05TQXdMamd3TURJMk15QXdMakU0TXpFd05TQXdMamMzT1RZM09WWXdMakl5TURZeVdpSWdabWxzYkQwaWQyaHBkR1VpSUdacGJHd3RiM0JoWTJsMGVUMGlNQzQ0SWk4K1BIQmhkR2dnWkQwaVRUQXVORGMwTnpZNUlEQXVNamt4TVRjM1F6QXVORGd4TURnZ01DNHlPRGd5TnpVZ01DNDBPRGcxTURNZ01DNHlPRGt6TVRRZ01DNDBPVE0zTnpZZ01DNHlPVE00TXpaTU1DNDJNVGd5TnlBd0xqUXdNRFl3TlVNd0xqWXlNakkwTXlBd0xqUXdOREF4TWlBd0xqWXlORFV4TkNBd0xqUXdPRGs1T0NBd0xqWXlORFEzTmlBd0xqUXhOREl6TWtNd0xqWXlORFF6T1NBd0xqUXhPVFEyTnlBd0xqWXlNakE1TnlBd0xqUXlORFF4T1NBd0xqWXhPREEzTlNBd0xqUXlOemMyT1V3d0xqVXlOemM0TkNBd0xqVXdNams0TjB3d0xqWXhPREEzT0NBd0xqVTNPREl6TVVNd0xqWXlNakE1T1NBd0xqVTRNVFU0TWlBd0xqWXlORFEwSURBdU5UZzJOVE0xSURBdU5qSTBORGMySURBdU5Ua3hOemRETUM0Mk1qUTFNVE1nTUM0MU9UY3dNRFVnTUM0Mk1qSXlOREVnTUM0Mk1ERTVPU0F3TGpZeE9ESTJOaUF3TGpZd05UTTVOMHd3TGpRNU16YzNNaUF3TGpjeE1qRXdOa013TGpRNE9EUTVPU0F3TGpjeE5qWXlOaUF3TGpRNE1UQTNOeUF3TGpjeE56WTJNeUF3TGpRM05EYzJOaUF3TGpjeE5EYzJNVU13TGpRMk9EUTFOaUF3TGpjeE1UZzFPU0F3TGpRMk5EUXhNeUF3TGpjd05UVTBPQ0F3TGpRMk5EUXhNeUF3TGpZNU9EWXdNMVl3TGpVMU5UYzNPRXd3TGpRd05EWTFOeUF3TGpZd05UVTFPRU13TGpNNU56RXhJREF1TmpFeE9EUTFJREF1TXpnMU9EazJJREF1TmpFd09ESTBJREF1TXpjNU5qQTVJREF1TmpBek1qYzNRekF1TXpjek16SXlJREF1TlRrMU56TWdNQzR6TnpRek5EUWdNQzQxT0RRMU1UWWdNQzR6T0RFNE9TQXdMalUzT0RJeU9Vd3dMalEyTkRReE15QXdMalV3T1RRNE0xWXdMalE1TmpRM09Vd3dMak00TVRnNE9DQXdMalF5Tnpjd09FTXdMak0zTkRNME1pQXdMalF5TVRReUlEQXVNemN6TXpJeklEQXVOREV3TWpBMUlEQXVNemM1TmpFeElEQXVOREF5TmpaRE1DNHpPRFU0T1RrZ01DNHpPVFV4TVRRZ01DNHpPVGN4TVRNZ01DNHpPVFF3T1RRZ01DNDBNRFEyTlRrZ01DNDBNREF6T0RKTU1DNDBOalEwTVRNZ01DNDBOVEF4TnpkV01DNHpNRGN6TXpaRE1DNDBOalEwTVRNZ01DNHpNREF6T0RrZ01DNDBOamcwTlRjZ01DNHlPVFF3TnprZ01DNDBOelEzTmprZ01DNHlPVEV4TnpkYVRUQXVOVEF3TURBeklEQXVORGM1T0RNMVREQXVOVGM1TVRReklEQXVOREV6T1RBM1REQXVORGs1T1RneklEQXVNelEyTURFNFZqQXVORGM1T0RFNVREQXVOVEF3TURBeklEQXVORGM1T0RNMVdrMHdMalE1T1RrNU9TQXdMalV5TmpFek0wd3dMalE1T1RrNE15QXdMalV5TmpFME4xWXdMalkxT1Rrek5Vd3dMalUzT1RFME1TQXdMalU1TWpBNE5Vd3dMalE1T1RrNU9TQXdMalV5TmpFek0xb2lJR05zWVhOelBTSnBZMjl1TFdacGJHd2lMejQ4TDJjK1BHUmxabk0rUEdOc2FYQlFZWFJvSUdsa1BTSmpiR2x3TUY4eU1qWTNYekl5TmpneElqNDhjbVZqZENCM2FXUjBhRDBpTUM0NE9DSWdhR1ZwWjJoMFBTSXdMamc0SWlCbWFXeHNQU0ozYUdsMFpTSWdkSEpoYm5ObWIzSnRQU0owY21GdWMyeGhkR1VvTUM0d05qQXdOVGcySURBdU1EWXdNRFU0TmlraUx6NDhMMk5zYVhCUVlYUm9Qand2WkdWbWN6NDhMM04yWno0PTt2ZXJ0aWNhbExhYmVsUG9zaXRpb249Ym90dG9tO3ZlcnRpY2FsQWxpZ249dG9wO2lyLnN5bmNocm9uaXplZD0xO3N0cm9rZVdpZHRoPTE7IiBwYXJlbnQ9IjYiIHZlcnRleD0iMSIgaXNUaHVtYj0iMCI+PG14R2VvbWV0cnkgeD0iMjc4IiB5PSIxODgiIHdpZHRoPSI5MCIgaGVpZ2h0PSI5MCIgYXM9Imdlb21ldHJ5Ii8+PC9teENlbGw+PG14Q2VsbCBpZD0iMTUiIHZhbHVlPSJJb1QgTW9iaWxlIEFwcGxpY2F0aW9uIC0+IEJsdWV0b290aCBwb3J0IiBzdHlsZT0iaXIucmVmPWQzMGRmNGJmLTc4NmYtNDY3NC05ODJlLTViNGYwMmM5M2IwZDtlZGdlU3R5bGU9bm9uZTtjdXJ2ZWQ9MTtodG1sPTE7aXIuc3luY2hyb25pemVkPTE7c3Ryb2tlQ29sb3I9I0JGQkZCRjtzdHJva2VXaWR0aD0yO2VuZEFycm93PW9wZW47ZW5kRmlsbD0wO2VuZFNpemU9NDtzb3VyY2VQZXJpbWV0ZXJTcGFjaW5nPTk7IiBwYXJlbnQ9IjYiIHNvdXJjZT0iMTIiIHRhcmdldD0iOSIgZWRnZT0iMSI+PG14R2VvbWV0cnkgcmVsYXRpdmU9IjEiIGFzPSJnZW9tZXRyeSI+PEFycmF5IGFzPSJwb2ludHMiPjxteFBvaW50IHg9IjI0MiIgeT0iMTc0Ii8+PC9BcnJheT48L214R2VvbWV0cnk+PC9teENlbGw+PG14Q2VsbCBpZD0iMTgiIHZhbHVlPSJXaS1GaSBwb3J0IiBzdHlsZT0iaXIucmVmPTE5Y2RkMmZiLTRjOTQtNGJiMi1iN2I4LTNkMDhlMWU2MGUzZTtyb3VuZGVkPTE7d2hpdGVTcGFjZT13cmFwO2h0bWw9MTthbGlnbj1jZW50ZXI7aW1hZ2VBbGlnbj1jZW50ZXI7aW1hZ2VXaWR0aD04MjtpbWFnZUhlaWdodD04MjthcmNTaXplPTkwO2Fic29sdXRlQXJjU2l6ZT0xO3N0cm9rZUNvbG9yPSMyMEM5RTM7ZmlsbENvbG9yPSNFM0ZDRkM7Zm9udENvbG9yPSMwMDg0QUQ7Zm9udFNpemU9MTI7c291cmNlPWlyaXVzcmlzaztpci50eXBlPUNPTVBPTkVOVDtpci5jb21wb25lbnREZWZpbml0aW9uLnJlZj1DRC1XSS1GSS1QT1JUO2ltYWdlPWRhdGE6aW1hZ2Uvc3ZnK3htbCxQSE4yWnlCM2FXUjBhRDBpTVNJZ2FHVnBaMmgwUFNJeElpQjJhV1YzUW05NFBTSXdJREFnTVNBeElpQm1hV3hzUFNKdWIyNWxJaUI0Yld4dWN6MGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM5emRtY2lQanh6ZEhsc1pUNGdJQ0FnTG1samIyNHRabWxzYkNCN0lDQWdJQ0FnSUNCbWFXeHNPaUFqTVRGQk9FTkdPeUFnSUNCOVBDOXpkSGxzWlQ0OFp5QmpiR2x3TFhCaGRHZzlJblZ5YkNnalkyeHBjREJmTWpJMk4xOHlNamcxTWlraVBqeHdZWFJvSUdROUlrMHdMakUzTkRNeE5pQXdMakl4TWpnMk5rTXdMakUzTkRNeE5pQXdMakU1TVRjeE1TQXdMakU1TVRRMk55QXdMakUzTkRVMk1TQXdMakl4TWpZeU1pQXdMakUzTkRVMk1VZ3dMamM0TnpJeE1VTXdMamd3T0RNMk5pQXdMakUzTkRVMk1TQXdMamd5TlRVeE5pQXdMakU1TVRjeE1TQXdMamd5TlRVeE5pQXdMakl4TWpnMk5sWXdMamM0TnpRMU5VTXdMamd5TlRVeE5pQXdMamd3T0RZeElEQXVPREE0TXpZMklEQXVPREkxTnpZZ01DNDNPRGN5TVRFZ01DNDRNalUzTmtnd0xqSXhNall5TWtNd0xqRTVNVFEyTnlBd0xqZ3lOVGMySURBdU1UYzBNekUySURBdU9EQTROakVnTUM0eE56UXpNVFlnTUM0M09EYzBOVFZXTUM0eU1USTROalphSWlCamJHRnpjejBpYVdOdmJpMW1hV3hzSWk4K1BIQmhkR2dnWkQwaVRUQXVNVGd6TVRBMUlEQXVNakl3TmpKRE1DNHhPRE14TURVZ01DNHlNREF3TXpZZ01DNHhPVGszT1RJZ01DNHhPRE16TlNBd0xqSXlNRE0zTmlBd0xqRTRNek0xU0RBdU56YzVORE0xUXpBdU9EQXdNREU1SURBdU1UZ3pNelVnTUM0NE1UWTNNRFVnTUM0eU1EQXdNellnTUM0NE1UWTNNRFVnTUM0eU1qQTJNbFl3TGpjM09UWTNPVU13TGpneE5qY3dOU0F3TGpnd01ESTJNeUF3TGpnd01EQXhPU0F3TGpneE5qazFJREF1TnpjNU5ETTFJREF1T0RFMk9UVklNQzR5TWpBek56WkRNQzR4T1RrM09USWdNQzQ0TVRZNU5TQXdMakU0TXpFd05TQXdMamd3TURJMk15QXdMakU0TXpFd05TQXdMamMzT1RZM09WWXdMakl5TURZeVdpSWdabWxzYkQwaWQyaHBkR1VpSUdacGJHd3RiM0JoWTJsMGVUMGlNQzQ0SWk4K1BIQmhkR2dnWkQwaVRUQXVNemM0TnpBNUlEQXVNekkzTnpJNVREQXVNell4T0RFMklEQXVNalEzTWpnMlNEQXVNemMzTWpFMVREQXVNemcxT1RRNUlEQXVNamt5TlRZMFF6QXVNemcyTVRjNUlEQXVNamt6TnprZ01DNHpPRFl6TnlBd0xqSTVORGc0TVNBd0xqTTROalV5TkNBd0xqSTVOVGd6T1VNd0xqTTROalkzTnlBd0xqSTVOamM1TnlBd0xqTTROamd4TVNBd0xqSTVOemcxSURBdU16ZzJPVEkySURBdU1qazRPVGs1UXpBdU16ZzNNRGM1SURBdU1qazNPVEkzSURBdU16ZzNNamN4SURBdU1qazJPRGN6SURBdU16ZzNOVEF4SURBdU1qazFPRE01UXpBdU16ZzNOek1nTUM0eU9UUTNOallnTUM0ek9EYzVPVGdnTUM0eU9UTTJOelVnTUM0ek9EZ3pNRFVnTUM0eU9USTFOalJNTUM0ek9UazNNemtnTUM0eU5EY3lPRFpJTUM0ME1USTBPVFZNTUM0ME1qTTVPRGNnTUM0eU9USTFNRFpETUM0ME1qUXlPVE1nTUM0eU9UTTFOemtnTUM0ME1qUTFORElnTUM0eU9UUTJNeklnTUM0ME1qUTNNelFnTUM0eU9UVTJOamRETUM0ME1qUTVNalVnTUM0eU9UWTNNREVnTUM0ME1qVXdPVGdnTUM0eU9UYzNOVFFnTUM0ME1qVXlOVEVnTUM0eU9UZzRNamRETUM0ME1qVTBNRFFnTUM0eU9UYzNPVE1nTUM0ME1qVTFOVGNnTUM0eU9UWTNPVGNnTUM0ME1qVTNNVEVnTUM0eU9UVTRNemxETUM0ME1qVTVNRElnTUM0eU9UUTRORE1nTUM0ME1qWXdPVFFnTUM0eU9UTTRNamdnTUM0ME1qWXlPRFVnTUM0eU9USTNPVFJNTUM0ME16VTBNakVnTUM0eU5EY3lPRFpJTUM0ME5UQTNOak5NTUM0ME16TXpOVE1nTUM0ek1qYzNNamxJTUM0ME1UazROVXd3TGpRd056QTVOQ0F3TGpJM09UUTJNME13TGpRd05qZ3lOaUF3TGpJM09EVTBOQ0F3TGpRd05qVTVOaUF3TGpJM056WTJNeUF3TGpRd05qUXdOQ0F3TGpJM05qZ3lRekF1TkRBMk1qVXhJREF1TWpjMU9UYzNJREF1TkRBMk1EazRJREF1TWpjMU1EQXhJREF1TkRBMU9UUTFJREF1TWpjek9EbERNQzQwTURVM05UTWdNQzR5TnpVd016a2dNQzQwTURVMU5qSWdNQzR5TnpZd01UWWdNQzQwTURVek55QXdMakkzTmpneVF6QXVOREExTWpFM0lEQXVNamMzTmpJMUlEQXVOREExTURJMUlEQXVNamM0TkRnMklEQXVOREEwTnprMklEQXVNamM1TkRBMlREQXVNemt5TXpJM0lEQXVNekkzTnpJNVNEQXVNemM0TnpBNVdpSWdZMnhoYzNNOUltbGpiMjR0Wm1sc2JDSXZQanh3WVhSb0lHUTlJazB3TGpRMk5EQTFOQ0F3TGpNeU56Y3lPVll3TGpJMk9UQXdOa2d3TGpRM09EUXhPRll3TGpNeU56Y3lPVWd3TGpRMk5EQTFORnBOTUM0ME56RXlNellnTUM0eU5qRTJOVEZETUM0ME5qZzVNemdnTUM0eU5qRTJOVEVnTUM0ME5qWTVORFlnTUM0eU5qQTRNamNnTUM0ME5qVXlOaUF3TGpJMU9URTRRekF1TkRZek5qRXpJREF1TWpVM05EazFJREF1TkRZeU56a2dNQzR5TlRVMU1ETWdNQzQwTmpJM09TQXdMakkxTXpJd05VTXdMalEyTWpjNUlEQXVNalV3T1RBMklEQXVORFl6TmpFeklEQXVNalE0T1RVeklEQXVORFkxTWpZZ01DNHlORGN6TkRSRE1DNDBOalk1TURjZ01DNHlORFUyT1RjZ01DNDBOamc0T1RrZ01DNHlORFE0TnpNZ01DNDBOekV5TXpZZ01DNHlORFE0TnpORE1DNDBOek0yTkRrZ01DNHlORFE0TnpNZ01DNDBOelUyTmlBd0xqSTBOVFkzTnlBd0xqUTNOekkyT1NBd0xqSTBOekk0TmtNd0xqUTNPRGczT0NBd0xqSTBPRGc1TlNBd0xqUTNPVFk0TWlBd0xqSTFNRGcyT0NBd0xqUTNPVFk0TWlBd0xqSTFNekl3TlVNd0xqUTNPVFk0TWlBd0xqSTFOVFUwTVNBd0xqUTNPRGcxT1NBd0xqSTFOelV6TXlBd0xqUTNOekl4TWlBd0xqSTFPVEU0UXpBdU5EYzFOakF6SURBdU1qWXdPREkzSURBdU5EY3pOakV4SURBdU1qWXhOalV4SURBdU5EY3hNak0ySURBdU1qWXhOalV4V2lJZ1kyeGhjM005SW1samIyNHRabWxzYkNJdlBqeHdZWFJvSUdROUlrMHdMalE1TmpRNE5DQXdMak13TURZd09GWXdMakk0TmpnM05VZ3dMalV5TmpJME4xWXdMak13TURZd09FZ3dMalE1TmpRNE5Gb2lJR05zWVhOelBTSnBZMjl1TFdacGJHd2lMejQ4Y0dGMGFDQmtQU0pOTUM0MU5ETTROVFlnTUM0ek1qYzNNamxXTUM0eU5EY3lPRFpJTUM0MU9UY3pOVll3TGpJMk1UUXlNVWd3TGpVMU9EY3pPRll3TGpJM09URXhPVWd3TGpVNE16UTBOVll3TGpJNU16STFNMGd3TGpVMU9EY3pPRll3TGpNeU56Y3lPVWd3TGpVME16ZzFObG9pSUdOc1lYTnpQU0pwWTI5dUxXWnBiR3dpTHo0OGNHRjBhQ0JrUFNKTk1DNDJNRGt6T0RRZ01DNHpNamMzTWpsV01DNHlOamt3TURaSU1DNDJNak0zTkRsV01DNHpNamMzTWpsSU1DNDJNRGt6T0RSYVRUQXVOakUyTlRZMklEQXVNall4TmpVeFF6QXVOakUwTWpZNElEQXVNall4TmpVeElEQXVOakV5TWpjMklEQXVNall3T0RJM0lEQXVOakV3TlRreElEQXVNalU1TVRoRE1DNDJNRGc1TkRRZ01DNHlOVGMwT1RVZ01DNDJNRGd4TWlBd0xqSTFOVFV3TXlBd0xqWXdPREV5SURBdU1qVXpNakExUXpBdU5qQTRNVElnTUM0eU5UQTVNRFlnTUM0Mk1EZzVORFFnTUM0eU5EZzVOVE1nTUM0Mk1UQTFPVEVnTUM0eU5EY3pORFJETUM0Mk1USXlNemdnTUM0eU5EVTJPVGNnTUM0Mk1UUXlNeUF3TGpJME5EZzNNeUF3TGpZeE5qVTJOaUF3TGpJME5EZzNNME13TGpZeE9EazRJREF1TWpRME9EY3pJREF1TmpJd09Ua3hJREF1TWpRMU5qYzNJREF1TmpJeU5pQXdMakkwTnpJNE5rTXdMall5TkRJd09DQXdMakkwT0RnNU5TQXdMall5TlRBeE15QXdMakkxTURnMk9DQXdMall5TlRBeE15QXdMakkxTXpJd05VTXdMall5TlRBeE15QXdMakkxTlRVME1TQXdMall5TkRFNE9TQXdMakkxTnpVek15QXdMall5TWpVME1pQXdMakkxT1RFNFF6QXVOakl3T1RNeklEQXVNall3T0RJM0lEQXVOakU0T1RReElEQXVNall4TmpVeElEQXVOakUyTlRZMklEQXVNall4TmpVeFdpSWdZMnhoYzNNOUltbGpiMjR0Wm1sc2JDSXZQanhuSUdOc2FYQXRjR0YwYUQwaWRYSnNLQ05qYkdsd01WOHlNalkzWHpJeU9EVXlLU0krUEhCaGRHZ2daRDBpVFRBdU5qUXlPVEk1SURBdU5UUTBOak0wUXpBdU5qVTNOamd6SURBdU5UVTVNemc0SURBdU5qY3dOREl5SURBdU5UYzNNak0zSURBdU5qZ3dNVEkzSURBdU5UazJNakV6UXpBdU5qZzJNelE1SURBdU5qQTRNemMzSURBdU5qZ3hOVE15SURBdU5qSXpNamd5SURBdU5qWTVNelkzSURBdU5qSTVOVEF6UXpBdU5qVTNNakF6SURBdU5qTTFOekkxSURBdU5qUXlNams0SURBdU5qTXdPVEE0SURBdU5qTTJNRGMzSURBdU5qRTROelEwUXpBdU5qSTROalU0SURBdU5qQTBNak01SURBdU5qRTRPVEk0SURBdU5Ua3dOakEzSURBdU5qQTNPVFF5SURBdU5UYzVOakl4UXpBdU5UUTROek01SURBdU5USXdOREUzSURBdU5EVXlOelVnTUM0MU1qQTBNVGNnTUM0ek9UTTFORFlnTUM0MU56azJNakZETUM0ek9ESXdOREVnTUM0MU9URXhNallnTUM0ek56STNNRE1nTUM0Mk1EUXdOVEVnTUM0ek5qVTFNVEVnTUM0Mk1UZ3lOamxETUM0ek5Ua3pORFFnTUM0Mk16QTBOakVnTUM0ek5EUTBOakVnTUM0Mk16VXpORFlnTUM0ek16SXlOamtnTUM0Mk1qa3hOemxETUM0ek1qQXdOemNnTUM0Mk1qTXdNVElnTUM0ek1UVXhPVElnTUM0Mk1EZ3hNamtnTUM0ek1qRXpOVGtnTUM0MU9UVTVNemRETUM0ek16QTVNRGdnTUM0MU56Y3dOVGtnTUM0ek5ETXpNelFnTUM0MU5UazROaUF3TGpNMU9EVTFPU0F3TGpVME5EWXpORU13TGpRek56QTROaUF3TGpRMk5qRXdPQ0F3TGpVMk5EUXdNeUF3TGpRMk5qRXdPQ0F3TGpZME1qa3lPU0F3TGpVME5EWXpORnBOTUM0MU9USXlOQ0F3TGpZeE9EWTBNME13TGpZd016WXpOU0F3TGpZek1EQXpPQ0F3TGpZeE1qazNPU0F3TGpZME16azROeUF3TGpZeE9UUTROQ0F3TGpZMU9EZ3pNME13TGpZeU5EazJPQ0F3TGpZM01UTTBOeUF3TGpZeE9USTJPQ0F3TGpZNE5Ua3pOeUF3TGpZd05qYzFOQ0F3TGpZNU1UUXlNVU13TGpVNU5ESTBJREF1TmprMk9UQTFJREF1TlRjNU5qUTVJREF1TmpreE1qQTJJREF1TlRjME1UWTJJREF1TmpjNE5qa3hRekF1TlRjd01EYzFJREF1TmpZNU16VTJJREF1TlRZME1UZ3hJREF1TmpZd05UVTRJREF1TlRVM01qVXpJREF1TmpVek5qTkRNQzQxTWpZd01qSWdNQzQyTWpJek9Ua2dNQzQwTnpVek9EWWdNQzQyTWpJek9Ua2dNQzQwTkRReE5UVWdNQzQyTlRNMk0wTXdMalF6TnpJM01pQXdMalkyTURVeE15QXdMalF6TVRZMU5DQXdMalkyT0RrMElEQXVOREkzTlRJMklEQXVOamM0TXpjMVF6QXVOREl5TURRNUlEQXVOamt3T0RreUlEQXVOREEzTkRZeUlEQXVOamsyTlRrNUlEQXVNemswT1RRMUlEQXVOamt4TVRJeVF6QXVNemd5TkRJM0lEQXVOamcxTmpRMUlEQXVNemMyTnpJZ01DNDJOekV3TlRnZ01DNHpPREl4T1RjZ01DNDJOVGcxTkVNd0xqTTRPRGN5T1NBd0xqWTBNell4TWlBd0xqTTVOemM0TmlBd0xqWXpNREF5TmlBd0xqUXdPVEUyT1NBd0xqWXhPRFkwTTBNd0xqUTFPVGN5TWlBd0xqVTJPREE1SURBdU5UUXhOamcySURBdU5UWTRNRGtnTUM0MU9USXlOQ0F3TGpZeE9EWTBNMXBOTUM0M01EZ3hNaUF3TGpRNE5UQXlNa013TGpjeU1EWTROeUF3TGpRNU56VTRPU0F3TGpjek1qVXpOU0F3TGpVeE1Ua3lOU0F3TGpjME1qZzBPU0F3TGpVeU5qZzNRekF1TnpVd05qRWdNQzQxTXpneE1UUWdNQzQzTkRjM09EWWdNQzQxTlRNMU1qSWdNQzQzTXpZMU5ERWdNQzQxTmpFeU9ETkRNQzQzTWpVeU9UWWdNQzQxTmprd05EUWdNQzQzTURrNE9Ea2dNQzQxTmpZeU1Ua2dNQzQzTURJeE1qZ2dNQzQxTlRRNU56UkRNQzQyT1RNME56Y2dNQzQxTkRJME16a2dNQzQyT0RNMU16VWdNQzQxTXpBME1TQXdMalkzTXpFek15QXdMalV5TURBd09FTXdMalUzTnpNek5TQXdMalF5TkRJeE1TQXdMalF5TWpBeE5pQXdMalF5TkRJeE1TQXdMak15TmpJeE9DQXdMalV5TURBd09FTXdMak14TmpNME15QXdMalV5T1RnNE5DQXdMak13TmpVd01TQXdMalUwTVRreE9TQXdMakk1TnpVeElEQXVOVFUwT0RjNVF6QXVNamc1TnpJeUlEQXVOVFkyTVRBMUlEQXVNamMwTXpBNElEQXVOVFk0T0RreklEQXVNall6TURneElEQXVOVFl4TVRBMVF6QXVNalV4T0RVMUlEQXVOVFV6TXpFM0lEQXVNalE1TURZNElEQXVOVE0zT1RBeklEQXVNalUyT0RVMklEQXVOVEkyTmpjMlF6QXVNalkzTkRRMUlEQXVOVEV4TkRFeklEQXVNamM1TVRNMElEQXVORGszTVRJZ01DNHlPVEV5TXpJZ01DNDBPRFV3TWpKRE1DNDBNRFl6TlRJZ01DNHpOams1TURJZ01DNDFPVEk1T1RrZ01DNHpOams1TURJZ01DNDNNRGd4TWlBd0xqUTROVEF5TWxwTk1DNDFNall3T1RVZ01DNDJPRFkwTmpKRE1DNDFOREExT1RjZ01DNDNNREE1TmpRZ01DNDFOREExT1RjZ01DNDNNalEwTnpjZ01DNDFNall3T1RVZ01DNDNNemc1TnpsRE1DNDFNVEUxT1RNZ01DNDNOVE0wT0RFZ01DNDBPRGd3T0NBd0xqYzFNelE0TVNBd0xqUTNNelUzT0NBd0xqY3pPRGszT1VNd0xqUTFPVEEzTmlBd0xqY3lORFEzTnlBd0xqUTFPVEEzTmlBd0xqY3dNRGsyTkNBd0xqUTNNelUzT0NBd0xqWTROalEyTWtNd0xqUTRPREE0SURBdU5qY3hPVFlnTUM0MU1URTFPVE1nTUM0Mk56RTVOaUF3TGpVeU5qQTVOU0F3TGpZNE5qUTJNbG9pSUdOc1lYTnpQU0pwWTI5dUxXWnBiR3dpTHo0OEwyYytQQzluUGp4a1pXWnpQanhqYkdsd1VHRjBhQ0JwWkQwaVkyeHBjREJmTWpJMk4xOHlNamcxTWlJK1BISmxZM1FnZDJsa2RHZzlJakF1T0RnaUlHaGxhV2RvZEQwaU1DNDRPQ0lnWm1sc2JEMGlkMmhwZEdVaUlIUnlZVzV6Wm05eWJUMGlkSEpoYm5Oc1lYUmxLREF1TURZd01EVTROaUF3TGpBMk1EQTFPRFlwSWk4K1BDOWpiR2x3VUdGMGFENDhZMnhwY0ZCaGRHZ2dhV1E5SW1Oc2FYQXhYekl5TmpkZk1qSTROVElpUGp4eVpXTjBJSGRwWkhSb1BTSXdMalE1TnprM05pSWdhR1ZwWjJoMFBTSXdMak0yTXprd05pSWdabWxzYkQwaWQyaHBkR1VpSUhSeVlXNXpabTl5YlQwaWRISmhibk5zWVhSbEtEQXVNalV3T1RjM0lEQXVNemswTnpjMUtTSXZQand2WTJ4cGNGQmhkR2crUEM5a1pXWnpQand2YzNablBnPT07dmVydGljYWxMYWJlbFBvc2l0aW9uPWJvdHRvbTt2ZXJ0aWNhbEFsaWduPXRvcDtpci5zeW5jaHJvbml6ZWQ9MTtzdHJva2VXaWR0aD0xOyIgcGFyZW50PSI2IiB2ZXJ0ZXg9IjEiIGlzVGh1bWI9IjAiPjxteEdlb21ldHJ5IHg9IjI4MCIgeT0iMjgiIHdpZHRoPSI5MCIgaGVpZ2h0PSI5MCIgYXM9Imdlb21ldHJ5Ii8+PC9teENlbGw+PG14Q2VsbCBpZD0iMTkiIHZhbHVlPSJSb3V0ZXIiIHN0eWxlPSJpci5yZWY9ZjM2MmRmZTktNjlhNS00NmU4LTk3MTctZDBlYmJhMzE0ODhlO3JvdW5kZWQ9MTt3aGl0ZVNwYWNlPXdyYXA7aHRtbD0xO2FsaWduPWNlbnRlcjtpbWFnZUFsaWduPWNlbnRlcjtpbWFnZVdpZHRoPTgyO2ltYWdlSGVpZ2h0PTgyO2FyY1NpemU9OTA7YWJzb2x1dGVBcmNTaXplPTE7c3Ryb2tlQ29sb3I9IzIwQzlFMztmaWxsQ29sb3I9I0UzRkNGQztmb250Q29sb3I9IzAwODRBRDtmb250U2l6ZT0xMjtzb3VyY2U9aXJpdXNyaXNrO2lyLnR5cGU9Q09NUE9ORU5UO2lyLmNvbXBvbmVudERlZmluaXRpb24ucmVmPUNELVJPVVRFUjtpbWFnZT1kYXRhOmltYWdlL3N2Zyt4bWwsUEhOMlp5QjNhV1IwYUQwaU1TSWdhR1ZwWjJoMFBTSXhJaUIyYVdWM1FtOTRQU0l3SURBZ01TQXhJaUJtYVd4c1BTSnViMjVsSWlCNGJXeHVjejBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01DOXpkbWNpUGp4bklHTnNhWEF0Y0dGMGFEMGlkWEpzS0NOamJHbHdNRjh5TkRVM1h6SXpNVFEzS1NJK1BHY2dZMnhwY0Mxd1lYUm9QU0oxY213b0kyTnNhWEF4WHpJME5UZGZNak14TkRjcElqNDhjR0YwYUNCa1BTSk5NQzR6TVRZeU5EY2dNQzR5T0Rjd016bERNQzR6TVRVME9URWdNQzR5T1RVeU5qa2dNQzR6TVRFM09EWWdNQzR6TURJNU5Ea2dNQzR6TURVNE1UTWdNQzR6TURnMk5qRk1NQzR6TlRNM05UY2dNQzQwTkRBek9EVk1NQzR6TWpneE9TQXdMalEwT1RZNU1Vd3dMakk0TURJME5pQXdMak14TnprMk5rTXdMakkyTnpFNE1pQXdMak14TnpBM05TQXdMakkxTlRFMk1pQXdMak13T0RjeE1TQXdMakkxTURReE55QXdMakk1TlRZM01rTXdMakkwTWpnM09TQXdMakkzTkRrMk15QXdMakkxTmpjd015QXdMakkxTVRZNU1TQXdMakk0TURVMElEQXVNalE1T1RZMFF6QXVNamt4T1RZMUlEQXVNalE1TVRNMUlEQXVNekF6TXpRMUlEQXVNalUwTlRRNElEQXVNekE1T1RJMklEQXVNall6T0RjNVF6QXVNekUwTnpVNElEQXVNamN3TlRneklEQXVNekUzTURBeklEQXVNamM0T0RBNUlEQXVNekUyTWpRM0lEQXVNamczTURNNVdpSWdabWxzYkQwaUl6QkNRVEJDTnlJdlBqeHdZWFJvSUdROUlrMHdMalV5T1RZMU55QXdMakk0TkRJNU4wTXdMalV5TmpFek1pQXdMakk1TVRjM01pQXdMalV5TURBeU15QXdMakk1TnpjeU1TQXdMalV4TWpRMU55QXdMak13TVRBME5sWXdMalEwTVRJeU5FZ3dMalE0TlRJME9WWXdMak13TVRBME5rTXdMalEzTXpJM09DQXdMakk1TlRjME1TQXdMalEyTkRnME5DQXdMakk0TXpjMk9TQXdMalEyTkRnME5DQXdMakkyT1RnNU5FTXdMalEyTkRnME5DQXdMakkwTnpnMU5pQXdMalE0TlRjNU15QXdMakl6TURjeE5TQXdMalV3T0RjNE5DQXdMakl6TnpJME5VTXdMalV4T1Rnd015QXdMakkwTURNM015QXdMalV5T0RZME5TQXdMakkwT1RNMU1pQXdMalV6TVRZek9DQXdMakkyTURNM01VTXdMalV6TXpnNE5pQXdMakkyT0RNeU5DQXdMalV6TXpFNE1pQXdMakkzTmpneU1pQXdMalV5T1RZMU55QXdMakk0TkRJNU4xb2lJR1pwYkd3OUlpTXdRa0V3UWpjaUx6NDhjR0YwYUNCa1BTSk5NQzQzTkRBeE16SWdNQzR6TURjME5EaERNQzQzTXpReU5qTWdNQzR6TVRNeU5qY2dNQzQzTWpZME9EZ2dNQzR6TVRZM05qZ2dNQzQzTVRneU5ERWdNQzR6TVRjek1EUk1NQzQyTnpBeU9UY2dNQzQwTkRrd01qbE1NQzQyTkRRM015QXdMalF6T1RjeU0wd3dMalk1TWpZM05DQXdMak13TnprNU9VTXdMalk0TXpJek9TQXdMakk1T0RreE9TQXdMalkzT1RRd09DQXdMakk0TkRjNE5TQXdMalk0TkRFMU5DQXdMakkzTVRjME5rTXdMalk1TVRZNU1TQXdMakkxTVRBek55QXdMamN4TnpJMElEQXVNalF5TURrMUlEQXVOek0yTmpFZ01DNHlOVFl3T1RWRE1DNDNORFU0T1RVZ01DNHlOakk0TURNZ01DNDNOVEV4TXpNZ01DNHlOelF5TmpVZ01DNDNOVEF4TnpjZ01DNHlPRFUyTkRORE1DNDNORGsxTmprZ01DNHlPVE00T0RVZ01DNDNORFl3TURFZ01DNHpNREUyTXlBd0xqYzBNREV6TWlBd0xqTXdOelEwT0ZvaUlHWnBiR3c5SWlNd1FrRXdRamNpTHo0OGNHRjBhQ0JtYVd4c0xYSjFiR1U5SW1WMlpXNXZaR1FpSUdOc2FYQXRjblZzWlQwaVpYWmxibTlrWkNJZ1pEMGlUVEF1TWpVMk16UTRJREF1TmpZNE9UUTFRekF1TWpVNE1EYzJJREF1TmpnME56WTVJREF1TWpjeE5EYzVJREF1TmprM01EYzFJREF1TWpnM056WTBJREF1TmprM01EYzFRekF1TXpBd01qUTRJREF1TmprM01EYzFJREF1TXpFeE1EUXpJREF1TmpnNU9ETTRJREF1TXpFMk1UYzVJREF1TmpjNU16STVTREF1TXpBMU5qVTNRekF1TWpnNE1UQTRJREF1TmpjNU16STVJREF1TWpjeE5ESTBJREF1TmpjMU5qSXhJREF1TWpVMk16UTRJREF1TmpZNE9UUTFXaUlnWm1sc2JEMGlJekJDUVRCQ055SXZQanh3WVhSb0lHWnBiR3d0Y25Wc1pUMGlaWFpsYm05a1pDSWdZMnhwY0MxeWRXeGxQU0psZG1WdWIyUmtJaUJrUFNKTk1DNDNNVEE1TXpnZ01DNDJOemt5T1RoRE1DNDNNVFl3TnpZZ01DNDJPRGs0TURnZ01DNDNNalk0TnpFZ01DNDJPVGN3TkRRZ01DNDNNemt6TlRjZ01DNDJPVGN3TkRSRE1DNDNOVFUyTXlBd0xqWTVOekEwTkNBd0xqYzJPVEF5T0NBd0xqWTRORGMxTnlBd0xqYzNNRGMyTnlBd0xqWTJPRGswTlVNd0xqYzFOVGN3TnlBd0xqWTNOVFl3TWlBd0xqY3pPVEEwT0NBd0xqWTNPVEk1T0NBd0xqY3lNVFV5TXlBd0xqWTNPVEk1T0Vnd0xqY3hNRGt6T0ZvaUlHWnBiR3c5SWlNd1FrRXdRamNpTHo0OGNHRjBhQ0JtYVd4c0xYSjFiR1U5SW1WMlpXNXZaR1FpSUdOc2FYQXRjblZzWlQwaVpYWmxibTlrWkNJZ1pEMGlUVEF1TnpnNE56RWdNQzQwTmpFME5UbElNQzR5TXpjM09ETkRNQzR5TWpJME16WWdNQzQwTmpFME5Ua2dNQzR5TURrNU9UUWdNQzQwTnpNNUlEQXVNakE1T1RrMElEQXVORGc1TWpRNFZqQXVOakkwTnpJeVF6QXVNakE1T1RrMElEQXVOalF3TURZNUlEQXVNakl5TkRNMUlEQXVOalV5TlRFeElEQXVNak0zTnpneklEQXVOalV5TlRFeFNEQXVOemc0TnpBNVF6QXVPREEwTURVM0lEQXVOalV5TlRFeElEQXVPREUyTkRrNUlEQXVOalF3TURZNUlEQXVPREUyTkRrNUlEQXVOakkwTnpJeVZqQXVORGc1TWpRNFF6QXVPREUyTkRrNUlEQXVORGN6T1NBd0xqZ3dOREExTnlBd0xqUTJNVFExT1NBd0xqYzRPRGN4SURBdU5EWXhORFU1V2swd0xqSXpOemM0TXlBd0xqUXpOVEExT1VNd0xqSXdOemcxTlNBd0xqUXpOVEExT1NBd0xqRTRNelU1TkNBd0xqUTFPVE15SURBdU1UZ3pOVGswSURBdU5EZzVNalE0VmpBdU5qSTBOekl5UXpBdU1UZ3pOVGswSURBdU5qVTBOalVnTUM0eU1EYzROVFVnTUM0Mk56ZzVNVEVnTUM0eU16YzNPRE1nTUM0Mk56ZzVNVEZJTUM0M09EZzNNRGxETUM0NE1UZzJNemNnTUM0Mk56ZzVNVEVnTUM0NE5ESTRPVGtnTUM0Mk5UUTJOU0F3TGpnME1qZzVPU0F3TGpZeU5EY3lNbFl3TGpRNE9USTBPRU13TGpnME1qZzVPU0F3TGpRMU9UTXlJREF1T0RFNE5qTTRJREF1TkRNMU1EVTVJREF1TnpnNE56RWdNQzQwTXpVd05UbElNQzR5TXpjM09ETmFJaUJtYVd4c1BTSWpNRUpCTUVJM0lpOCtQR05wY21Oc1pTQmplRDBpTUM0MU9UUTRORFVpSUdONVBTSXdMalUxTnpJME55SWdjajBpTUM0d01qSTFOemc1SWlCbWFXeHNQU0lqTUVKQk1FSTNJaTgrUEdWc2JHbHdjMlVnWTNnOUlqQXVOalkzTVRFaUlHTjVQU0l3TGpVMU56STBOeUlnY25nOUlqQXVNREl5TlRjNUlpQnllVDBpTUM0d01qSTFOemc1SWlCbWFXeHNQU0lqTUVKQk1FSTNJaTgrUEdWc2JHbHdjMlVnWTNnOUlqQXVOek01TXpjMklpQmplVDBpTUM0MU5UY3lORGNpSUhKNFBTSXdMakF5TWpVM09TSWdjbms5SWpBdU1ESXlOVGM0T1NJZ1ptbHNiRDBpSXpCQ1FUQkNOeUl2UGp4d1lYUm9JR1pwYkd3dGNuVnNaVDBpWlhabGJtOWtaQ0lnWTJ4cGNDMXlkV3hsUFNKbGRtVnViMlJrSWlCa1BTSk5NQzR5TlRZNE16WWdNQzQxTlRjeE5URkRNQzR5TlRZNE16WWdNQzQxTkRjME16RWdNQzR5TmpRM01UWWdNQzQxTXprMU5URWdNQzR5TnpRME16WWdNQzQxTXprMU5URklNQzQwTWpjNU56TkRNQzQwTXpjMk9UTWdNQzQxTXprMU5URWdNQzQwTkRVMU56TWdNQzQxTkRjME16RWdNQzQwTkRVMU56TWdNQzQxTlRjeE5URkRNQzQwTkRVMU56TWdNQzQxTmpZNE56RWdNQzQwTXpjMk9UTWdNQzQxTnpRM05URWdNQzQwTWpjNU56TWdNQzQxTnpRM05URklNQzR5TnpRME16WkRNQzR5TmpRM01UWWdNQzQxTnpRM05URWdNQzR5TlRZNE16WWdNQzQxTmpZNE56RWdNQzR5TlRZNE16WWdNQzQxTlRjeE5URmFJaUJtYVd4c1BTSWpNRUpCTUVJM0lpOCtQQzluUGp3dlp6NDhaR1ZtY3o0OFkyeHBjRkJoZEdnZ2FXUTlJbU5zYVhBd1h6STBOVGRmTWpNeE5EY2lQanh5WldOMElIZHBaSFJvUFNJeElpQm9aV2xuYUhROUlqRWlJR1pwYkd3OUluZG9hWFJsSWk4K1BDOWpiR2x3VUdGMGFENDhZMnhwY0ZCaGRHZ2dhV1E5SW1Oc2FYQXhYekkwTlRkZk1qTXhORGNpUGp4eVpXTjBJSGRwWkhSb1BTSXdMamc0SWlCb1pXbG5hSFE5SWpBdU9EZ2lJR1pwYkd3OUluZG9hWFJsSWlCMGNtRnVjMlp2Y20wOUluUnlZVzV6YkdGMFpTZ3dMakEyTURBMU9EWWdNQzR3TmpBd05UZzJLU0l2UGp3dlkyeHBjRkJoZEdnK1BDOWtaV1p6UGp3dmMzWm5QZz09O3ZlcnRpY2FsTGFiZWxQb3NpdGlvbj1ib3R0b207dmVydGljYWxBbGlnbj10b3A7aXIuc3luY2hyb25pemVkPTE7c3Ryb2tlV2lkdGg9MTsiIHBhcmVudD0iMyIgdmVydGV4PSIxIiBpc1RodW1iPSIwIj48bXhHZW9tZXRyeSB4PSI1NTUiIHk9IjU4IiB3aWR0aD0iOTAiIGhlaWdodD0iOTAiIGFzPSJnZW9tZXRyeSIvPjwvbXhDZWxsPjxvYmplY3QgbGFiZWw9IkdlbmVyaWMgaGFyZHdhcmUiIGlyLnNvdXJjZVN0eWxlPSJyb3VuZGVkPTE7d2hpdGVTcGFjZT13cmFwO2h0bWw9MTthbGlnbj1jZW50ZXI7aW1hZ2VBbGlnbj1jZW50ZXI7aW1hZ2VXaWR0aD04MjtpbWFnZUhlaWdodD04MjthcmNTaXplPTkwO2Fic29sdXRlQXJjU2l6ZT0xO3N0cm9rZUNvbG9yPSMyMEM5RTM7Zm9udFNpemU9MTI7c291cmNlPWlyaXVzcmlzaztpbWFnZT1kYXRhOmltYWdlL3N2Zyt4bWwsUEhOMlp5QjNhV1IwYUQwaU1TSWdhR1ZwWjJoMFBTSXhJaUIyYVdWM1FtOTRQU0l3SURBZ01TQXhJaUJtYVd4c1BTSnViMjVsSWlCNGJXeHVjejBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01DOXpkbWNpUGp4emRIbHNaVDRnSUNBZ0xtbGpiMjR0Wm1sc2JDQjdJQ0FnSUNBZ0lDQm1hV3hzT2lBak1URkJPRU5HT3lBZ0lDQjlQQzl6ZEhsc1pUNDhaeUJqYkdsd0xYQmhkR2c5SW5WeWJDZ2pZMnhwY0RCZk1qSTJOMTh5TXpBME5Da2lQanh3WVhSb0lHWnBiR3d0Y25Wc1pUMGlaWFpsYm05a1pDSWdZMnhwY0MxeWRXeGxQU0psZG1WdWIyUmtJaUJrUFNKTk1DNDNNVEV5TkRZZ01DNHpPVGN5TVRkRE1DNDNNVFV3TXpRZ01DNHpPVGN5TVRjZ01DNDNNVGd4TmpZZ01DNDBNREF3TXlBd0xqY3hPRFkxT0NBd0xqUXdNelk0TTB3d0xqY3hPRGN5TnlBd0xqUXdORFk1TjB3d0xqY3hPRGN6TlNBd0xqUXlOemc0TlVNd0xqY3pNek00TnlBd0xqUXpNRGcyTWlBd0xqYzBORGt5TmlBd0xqUTBNalF3TmlBd0xqYzBOemt3TWlBd0xqUTFOekExT0V3d0xqYzNNVEE0T0NBd0xqUTFOekExTmtNd0xqYzNOVEl4T1NBd0xqUTFOekExTmlBd0xqYzNPRFUyT0NBd0xqUTJNRFF3TlNBd0xqYzNPRFUyT0NBd0xqUTJORFV6TjBNd0xqYzNPRFUyT0NBd0xqUTJPRE15TXlBd0xqYzNOVGMxTXlBd0xqUTNNVFExTXlBd0xqYzNNakV3TWlBd0xqUTNNVGswT1V3d0xqYzNNVEE0T0NBd0xqUTNNakF4TjBnd0xqYzBPRFkxVmpBdU5EZzVORGRJTUM0M056RXdPRGhETUM0M056UTROellnTUM0ME9EazBOeUF3TGpjM09EQXdOQ0F3TGpRNU1qSTROU0F3TGpjM09EVWdNQzQwT1RVNU16Vk1NQzQzTnpnMU5qZ2dNQzQwT1RZNU5VTXdMamMzT0RVMk9DQXdMalV3TURjek5pQXdMamMzTlRjMU15QXdMalV3TXpnMk5pQXdMamMzTWpFd01pQXdMalV3TkRNMk1rd3dMamMzTVRBNE9DQXdMalV3TkRRek1VZ3dMamMwT0RZMVZqQXVOVEl4T0RnelNEQXVOemN4TURnNFF6QXVOemMwT0RjMklEQXVOVEl4T0RneklEQXVOemM0TURBMElEQXVOVEkwTmprNElEQXVOemM0TlNBd0xqVXlPRE0wT1V3d0xqYzNPRFUyT0NBd0xqVXlPVE0yTkVNd0xqYzNPRFUyT0NBd0xqVXpNVGMxTWlBd0xqYzNOelExTVNBd0xqVXpNemczT0NBd0xqYzNOVGN3TnlBd0xqVXpOVEkwT0VNd0xqYzNORFk0TlNBd0xqVXpOakExTVNBd0xqYzNNelEwT1NBd0xqVXpOalU1TWlBd0xqYzNNakV3TWlBd0xqVXpOamMzTmt3d0xqYzNNVEE0T0NBd0xqVXpOamcwTkV3d0xqYzBOemc1T0NBd0xqVXpOamcxTWtNd0xqYzBORGt5TXlBd0xqVTFNVFVnTUM0M016TXpPRE1nTUM0MU5qTXdNemdnTUM0M01UZzNNelVnTUM0MU5qWXdNVE5NTUM0M01UZzNNamNnTUM0MU9Ea3lNRE5ETUM0M01UZzNNamNnTUM0MU9UTXpNelFnTUM0M01UVXpOemdnTUM0MU9UWTJPRFFnTUM0M01URXlORFlnTUM0MU9UWTJPRFJETUM0M01EYzBOaklnTUM0MU9UWTJPRFFnTUM0M01EUXpNeUF3TGpVNU16ZzNJREF1TnpBek9ETTRJREF1TlRrd01qRTRUREF1TnpBek56Y2dNQzQxT0RreU1ETldNQzQxTmpZM05UTklNQzQyT0RZek1EWk1NQzQyT0RZek1UUWdNQzQxT0RreU1ETkRNQzQyT0RZek1UUWdNQzQxT1RJNU9URWdNQzQyT0RNMU1ESWdNQzQxT1RZeE1Ua2dNQzQyTnprNE5USWdNQzQxT1RZMk1UVk1NQzQyTnpnNE16TWdNQzQxT1RZMk9EUkRNQzQyTnpVd05Ea2dNQzQxT1RZMk9EUWdNQzQyTnpFNU1UY2dNQzQxT1RNNE55QXdMalkzTVRReU5TQXdMalU1TURJeE9Fd3dMalkzTVRNMU5pQXdMalU0T1RJd00wd3dMalkzTVRNME5TQXdMalUyTmpjMU0wZ3dMalkxTXpsV01DNDFPRGt5TURORE1DNDJOVE01SURBdU5Ua3lPVGt4SURBdU5qVXhNRGc1SURBdU5UazJNVEU1SURBdU5qUTNORE00SURBdU5UazJOakUxVERBdU5qUTJOREl6SURBdU5UazJOamcwUXpBdU5qUXlOak0xSURBdU5UazJOamcwSURBdU5qTTVOVEF6SURBdU5Ua3pPRGNnTUM0Mk16a3dNVEVnTUM0MU9UQXlNVGhNTUM0Mk16ZzVORE1nTUM0MU9Ea3lNRE5NTUM0Mk16ZzVORGNnTUM0MU5qWXdNVGRETUM0Mk1qUXlPU0F3TGpVMk16QTBOQ0F3TGpZeE1qYzBNeUF3TGpVMU1UUTVPQ0F3TGpZd09UYzJPQ0F3TGpVek5qZzBNa3d3TGpVNE5qVTRNaUF3TGpVek5qZzBORU13TGpVNE1qUTFNU0F3TGpVek5qZzBOQ0F3TGpVM09URXdNaUF3TGpVek16UTVOU0F3TGpVM09URXdNaUF3TGpVeU9UTTJORU13TGpVM09URXdNaUF3TGpVeU5UVTNPQ0F3TGpVNE1Ua3hOeUF3TGpVeU1qUTBPQ0F3TGpVNE5UVTJOeUF3TGpVeU1UazFNa3d3TGpVNE5qVTRNaUF3TGpVeU1UZzRNMHd3TGpZd09UQXlJREF1TlRJeE9EY3pWakF1TlRBME5ERTVUREF1TlRnMk5UZ3lJREF1TlRBME5ETXhRekF1TlRneU56azBJREF1TlRBME5ETXhJREF1TlRjNU5qWTJJREF1TlRBeE5qRTJJREF1TlRjNU1UY2dNQzQwT1RjNU5qVk1NQzQxTnpreE1ESWdNQzQwT1RZNU5VTXdMalUzT1RFd01pQXdMalE1TXpFMk5DQXdMalU0TVRreE55QXdMalE1TURBek5DQXdMalU0TlRVMk55QXdMalE0T1RVek9Fd3dMalU0TmpVNE1pQXdMalE0T1RRM1REQXVOakE1TURJZ01DNDBPRGswTmxZd0xqUTNNakF3T0V3d0xqVTROalU0TWlBd0xqUTNNakF4TjBNd0xqVTRNamM1TkNBd0xqUTNNakF4TnlBd0xqVTNPVFkyTmlBd0xqUTJPVEl3TWlBd0xqVTNPVEUzSURBdU5EWTFOVFV4VERBdU5UYzVNVEF5SURBdU5EWTBOVE0zUXpBdU5UYzVNVEF5SURBdU5EWXdOelV4SURBdU5UZ3hPVEUzSURBdU5EVTNOakl4SURBdU5UZzFOVFkzSURBdU5EVTNNVEkxVERBdU5UZzJOVGd5SURBdU5EVTNNRFUyVERBdU5qQTVOemN5SURBdU5EVTNNRFEzUXpBdU5qRXlOelV4SURBdU5EUXlNemsySURBdU5qSTBNamswSURBdU5ETXdPRFUzSURBdU5qTTRPVFEzSURBdU5ESTNPRGd6VERBdU5qTTRPVFF6SURBdU5EQTBOamszUXpBdU5qTTRPVFF6SURBdU5EQXdOVFkySURBdU5qUXlNamt5SURBdU16azNNakUzSURBdU5qUTJOREl6SURBdU16azNNakUzUXpBdU5qVXdNakE0SURBdU16azNNakUzSURBdU5qVXpNek01SURBdU5EQXdNRE1nTUM0Mk5UTTRNekVnTUM0ME1ETTJPRE5NTUM0Mk5UTTVJREF1TkRBME5qazNWakF1TkRJM01USTJTREF1TmpjeE16UTFUREF1TmpjeE16VTJJREF1TkRBME5qazNRekF1TmpjeE16VTJJREF1TkRBd09UQTVJREF1TmpjME1UWTRJREF1TXprM056YzVJREF1TmpjM09ERTRJREF1TXprM01qZzFUREF1TmpjNE9ETXpJREF1TXprM01qRTNRekF1TmpneU5qSXhJREF1TXprM01qRTNJREF1TmpnMU56VXpJREF1TkRBd01ETWdNQzQyT0RZeU5EVWdNQzQwTURNMk9ETk1NQzQyT0RZek1UUWdNQzQwTURRMk9UZE1NQzQyT0RZek1EWWdNQzQwTWpjeE1qWklNQzQzTURNM04xWXdMalF3TkRZNU4wTXdMamN3TXpjM0lEQXVOREF4TWpVMUlEQXVOekEyTURreklEQXVNems0TXpVMUlEQXVOekE1TWpVNUlEQXVNemszTkRnMFREQXVOekV3TWpNeUlEQXVNemszTWpnMVREQXVOekV4TWpRMklEQXVNemszTWpFM1drMHdMalkwTnpRNElEQXVORFEwTWpJelF6QXVOak0xTlRVeElEQXVORFEwTWpJeklEQXVOakkxT0RneElEQXVORFV6T0RrMElEQXVOakkxT0RneElEQXVORFkxT0RJMFZqQXVOVEk0TWpJelF6QXVOakkxT0RneElEQXVOVFF3TVRVMElEQXVOak0xTlRVeElEQXVOVFE1T0RJMElEQXVOalEzTkRnZ01DNDFORGs0TWpSSU1DNDNNRGs0T0RGRE1DNDNNakU0TURrZ01DNDFORGs0TWpRZ01DNDNNekUwT0NBd0xqVTBNREUxTkNBd0xqY3pNVFE0SURBdU5USTRNakl6VmpBdU5EWTFPREkwUXpBdU56TXhORGdnTUM0ME5UTTRPVFFnTUM0M01qRTRNRGtnTUM0ME5EUXlNak1nTUM0M01EazRPREVnTUM0ME5EUXlNak5JTUM0Mk5EYzBPRnBOTUM0Mk56ZzNNeUF3TGpRMk9ESTNNVU13TGpZNU5EWXpNeUF3TGpRMk9ESTNNU0F3TGpjd056VXlOeUF3TGpRNE1URTJOU0F3TGpjd056VXlOeUF3TGpRNU56QTNRekF1TnpBM05USTNJREF1TlRFeU9UYzJJREF1TmprME5qTXpJREF1TlRJMU9EY3hJREF1TmpjNE56TWdNQzQxTWpVNE56RkRNQzQyTmpJNE1qTWdNQzQxTWpVNE56RWdNQzQyTkRrNU1qa2dNQzQxTVRJNU56WWdNQzQyTkRrNU1qa2dNQzQwT1Rjd04wTXdMalkwT1RreU9TQXdMalE0TVRFMk5TQXdMalkyTWpneU15QXdMalEyT0RJM01TQXdMalkzT0RjeklEQXVORFk0TWpjeFdrMHdMalkzT0RjeklEQXVORGd5TmpkRE1DNDJOekEzTnpZZ01DNDBPREkyTnlBd0xqWTJORE16SURBdU5EZzVNVEU1SURBdU5qWTBNek1nTUM0ME9UY3dOME13TGpZMk5ETXpJREF1TlRBMU1ESTBJREF1Tmpjd056YzJJREF1TlRFeE5EY3hJREF1TmpjNE56TWdNQzQxTVRFME56RkRNQzQyT0RZMk9DQXdMalV4TVRRM01TQXdMalk1TXpFeU55QXdMalV3TlRBeU5DQXdMalk1TXpFeU55QXdMalE1TnpBM1F6QXVOamt6TVRJM0lEQXVORGc1TVRFNUlEQXVOamcyTmpnZ01DNDBPREkyTnlBd0xqWTNPRGN6SURBdU5EZ3lOamRhSWlCamJHRnpjejBpYVdOdmJpMW1hV3hzSWk4K1BIQmhkR2dnWm1sc2JDMXlkV3hsUFNKbGRtVnViMlJrSWlCamJHbHdMWEoxYkdVOUltVjJaVzV2WkdRaUlHUTlJazB3TGpFMk5qazVNaUF3TGpJek16RTNNVU13TGpFMk5qazVNaUF3TGpJeU5UZzRNU0F3TGpFM01qa3dNaUF3TGpJeE9UazNNU0F3TGpFNE1ERTVNaUF3TGpJeE9UazNNVWd3TGpJd016WTFPVU13TGpJeU16a3dPU0F3TGpJeE9UazNNU0F3TGpJME1ETXlOaUF3TGpJek5qTTROeUF3TGpJME1ETXlOaUF3TGpJMU5qWXpOMVl3TGpNeE16Z3pOMGd3TGpneE9UWTFPVU13TGpnek9Ua3dPU0F3TGpNeE16Z3pOeUF3TGpnMU5qTXlOaUF3TGpNek1ESTFOQ0F3TGpnMU5qTXlOaUF3TGpNMU1EVXdORll3TGpZME16Z3pOME13TGpnMU5qTXlOaUF3TGpZMk5EQTRPQ0F3TGpnek9Ua3dPU0F3TGpZNE1EVXdOQ0F3TGpneE9UWTFPU0F3TGpZNE1EVXdORWd3TGpJME1ETXlObFl3TGpjMk1URTNNVU13TGpJME1ETXlOaUF3TGpjMk9EUTJNU0F3TGpJek5EUXhOaUF3TGpjM05ETTNNU0F3TGpJeU56RXlOaUF3TGpjM05ETTNNVU13TGpJeE9UZ3pOU0F3TGpjM05ETTNNU0F3TGpJeE16a3lOaUF3TGpjMk9EUTJNU0F3TGpJeE16a3lOaUF3TGpjMk1URTNNVll3TGpJMU5qWXpOME13TGpJeE16a3lOaUF3TGpJMU1EazJOeUF3TGpJd09UTXlPU0F3TGpJME5qTTNNU0F3TGpJd016WTFPU0F3TGpJME5qTTNNVWd3TGpFNE1ERTVNa013TGpFM01qa3dNaUF3TGpJME5qTTNNU0F3TGpFMk5qazVNaUF3TGpJME1EUTJNU0F3TGpFMk5qazVNaUF3TGpJek16RTNNVnBOTUM0eU5EQXpNallnTUM0Mk5UUXhNRFJJTUM0NE1UazJOVGxETUM0NE1qVXpNamtnTUM0Mk5UUXhNRFFnTUM0NE1qazVNallnTUM0Mk5EazFNRGNnTUM0NE1qazVNallnTUM0Mk5ETTRNemRXTUM0ek5UQTFNRFJETUM0NE1qazVNallnTUM0ek5EUTRNelFnTUM0NE1qVXpNamtnTUM0ek5EQXlNemNnTUM0NE1UazJOVGtnTUM0ek5EQXlNemRJTUM0eU5EQXpNalpXTUM0Mk5UUXhNRFJhSWlCamJHRnpjejBpYVdOdmJpMW1hV3hzSWk4K1BIQmhkR2dnWm1sc2JDMXlkV3hsUFNKbGRtVnViMlJrSWlCamJHbHdMWEoxYkdVOUltVjJaVzV2WkdRaUlHUTlJazB3TGpJNE9EVTROU0F3TGpZMk56SXpOa013TGpJNU16UTBOU0F3TGpZMk56SXpOaUF3TGpJNU56TTROU0F3TGpZM01URTNOaUF3TGpJNU56TTROU0F3TGpZM05qQXpObFl3TGpjeE1USXpOa013TGpJNU56TTROU0F3TGpjeE5qQTVOaUF3TGpNd01UTXlOU0F3TGpjeU1EQXpOaUF3TGpNd05qRTROU0F3TGpjeU1EQXpOa2d3TGpVeU5qRTROVU13TGpVek1UQTBOU0F3TGpjeU1EQXpOaUF3TGpVek5EazROU0F3TGpjeE5qQTVOaUF3TGpVek5EazROU0F3TGpjeE1USXpObFl3TGpZM05qQXpOa013TGpVek5EazROU0F3TGpZM01URTNOaUF3TGpVek9Ea3lOU0F3TGpZMk56SXpOaUF3TGpVME16YzROU0F3TGpZMk56SXpOa013TGpVME9EWTBOU0F3TGpZMk56SXpOaUF3TGpVMU1qVTROU0F3TGpZM01URTNOaUF3TGpVMU1qVTROU0F3TGpZM05qQXpObFl3TGpjeE1USXpOa013TGpVMU1qVTROU0F3TGpjeU5UZ3hOeUF3TGpVME1EYzJOU0F3TGpjek56WXpOaUF3TGpVeU5qRTROU0F3TGpjek56WXpOa2d3TGpNd05qRTROVU13TGpJNU1UWXdOU0F3TGpjek56WXpOaUF3TGpJM09UYzROU0F3TGpjeU5UZ3hOeUF3TGpJM09UYzROU0F3TGpjeE1USXpObFl3TGpZM05qQXpOa013TGpJM09UYzROU0F3TGpZM01URTNOaUF3TGpJNE16Y3lOU0F3TGpZMk56SXpOaUF3TGpJNE9EVTROU0F3TGpZMk56SXpObG9pSUdOc1lYTnpQU0pwWTI5dUxXWnBiR3dpTHo0OGNHRjBhQ0JtYVd4c0xYSjFiR1U5SW1WMlpXNXZaR1FpSUdOc2FYQXRjblZzWlQwaVpYWmxibTlrWkNJZ1pEMGlUVEF1TmpRNU5ESTFJREF1TmpVNE5EUTNRekF1TmpVME1qZzFJREF1TmpVNE5EUTNJREF1TmpVNE1qSTFJREF1TmpZeU16ZzNJREF1TmpVNE1qSTFJREF1TmpZM01qUTNWakF1TnpFeE1qUTNRekF1TmpVNE1qSTFJREF1TnpFMk1UQTNJREF1TmpZeU1UWTFJREF1TnpJd01EUTNJREF1TmpZM01ESTFJREF1TnpJd01EUTNTREF1TnpneE5ESTFRekF1TnpnMk1qZzFJREF1TnpJd01EUTNJREF1Tnprd01qSTFJREF1TnpFMk1UQTNJREF1Tnprd01qSTFJREF1TnpFeE1qUTNWakF1TmpZM01qUTNRekF1Tnprd01qSTFJREF1TmpZeU16ZzNJREF1TnprME1UWTFJREF1TmpVNE5EUTNJREF1TnprNU1ESTFJREF1TmpVNE5EUTNRekF1T0RBek9EZzFJREF1TmpVNE5EUTNJREF1T0RBM09ESTFJREF1TmpZeU16ZzNJREF1T0RBM09ESTFJREF1TmpZM01qUTNWakF1TnpFeE1qUTNRekF1T0RBM09ESTFJREF1TnpJMU9ESTRJREF1TnprMk1EQTFJREF1TnpNM05qUTNJREF1TnpneE5ESTFJREF1TnpNM05qUTNTREF1TmpZM01ESTFRekF1TmpVeU5EUTFJREF1TnpNM05qUTNJREF1TmpRd05qSTFJREF1TnpJMU9ESTRJREF1TmpRd05qSTFJREF1TnpFeE1qUTNWakF1TmpZM01qUTNRekF1TmpRd05qSTFJREF1TmpZeU16ZzNJREF1TmpRME5UWTFJREF1TmpVNE5EUTNJREF1TmpRNU5ESTFJREF1TmpVNE5EUTNXaUlnWTJ4aGMzTTlJbWxqYjI0dFptbHNiQ0l2UGp4d1lYUm9JR1pwYkd3dGNuVnNaVDBpWlhabGJtOWtaQ0lnWTJ4cGNDMXlkV3hsUFNKbGRtVnViMlJrSWlCa1BTSk5NQzR5TnpnNE1UWWdNQzQwTVRRNE1URkRNQzR5TnpnNE1UWWdNQzQwTURjMU1qRWdNQzR5T0RRM01qWWdNQzQwTURFMk1URWdNQzR5T1RJd01UWWdNQzQwTURFMk1URklNQzQwTnpNNE9ETkRNQzQwT0RFeE56TWdNQzQwTURFMk1URWdNQzQwT0Rjd09ETWdNQzQwTURjMU1qRWdNQzQwT0Rjd09ETWdNQzQwTVRRNE1URkRNQzQwT0Rjd09ETWdNQzQwTWpJeE1ERWdNQzQwT0RFeE56TWdNQzQwTWpnd01URWdNQzQwTnpNNE9ETWdNQzQwTWpnd01URklNQzR5T1RJd01UWkRNQzR5T0RRM01qWWdNQzQwTWpnd01URWdNQzR5TnpnNE1UWWdNQzQwTWpJeE1ERWdNQzR5TnpnNE1UWWdNQzQwTVRRNE1URmFUVEF1TWpjeU9UUTVJREF1TkRreE1EYzRRekF1TWpjeU9UUTVJREF1TkRnek56ZzRJREF1TWpjNE9EVTVJREF1TkRjM09EYzRJREF1TWpnMk1UUTVJREF1TkRjM09EYzRTREF1TXpjME1UUTVRekF1TXpneE5ETTVJREF1TkRjM09EYzRJREF1TXpnM016UTVJREF1TkRnek56ZzRJREF1TXpnM016UTVJREF1TkRreE1EYzRRekF1TXpnM016UTVJREF1TkRrNE16WTRJREF1TXpneE5ETTVJREF1TlRBME1qYzRJREF1TXpjME1UUTVJREF1TlRBME1qYzRTREF1TWpnMk1UUTVRekF1TWpjNE9EVTVJREF1TlRBME1qYzRJREF1TWpjeU9UUTVJREF1TkRrNE16WTRJREF1TWpjeU9UUTVJREF1TkRreE1EYzRXaUlnWTJ4aGMzTTlJbWxqYjI0dFptbHNiQ0l2UGp4amFYSmpiR1VnWTNnOUlqQXVNekEzTmpRMUlpQmplVDBpTUM0Mk1EWTVOakVpSUhJOUlqQXVNREl5SWlCamJHRnpjejBpYVdOdmJpMW1hV3hzSWk4K1BHVnNiR2x3YzJVZ1kzZzlJakF1TXpjM09UVTNJaUJqZVQwaU1DNDJNRFk1TmpFaUlISjRQU0l3TGpBeU1pSWdjbms5SWpBdU1ESXlJaUJqYkdGemN6MGlhV052YmkxbWFXeHNJaTgrUEdOcGNtTnNaU0JqZUQwaU1DNDBORGczTlRnaUlHTjVQU0l3TGpZd05qazJNU0lnY2owaU1DNHdNaklpSUdOc1lYTnpQU0pwWTI5dUxXWnBiR3dpTHo0OGNHRjBhQ0JtYVd4c0xYSjFiR1U5SW1WMlpXNXZaR1FpSUdOc2FYQXRjblZzWlQwaVpYWmxibTlrWkNJZ1pEMGlUVEF1TVRZMU5USTNJREF1TlRVelF6QXVNVFkxTlRJM0lEQXVOVFF6TWpnZ01DNHhOek0wTURjZ01DNDFNelUwSURBdU1UZ3pNVEkzSURBdU5UTTFORWd3TGpJek5Ua3lOMVl3TGpVMU0wd3dMakU0TXpFeU55QXdMalUxTTFZd0xqWXpNakpJTUM0eU16VTVNamRXTUM0Mk5EazRTREF1TVRnek1USTNRekF1TVRjek5EQTNJREF1TmpRNU9DQXdMakUyTlRVeU55QXdMalkwTVRreU1TQXdMakUyTlRVeU55QXdMall6TWpKV01DNDFOVE5hSWlCamJHRnpjejBpYVdOdmJpMW1hV3hzSWk4K1BDOW5QanhrWldaelBqeGpiR2x3VUdGMGFDQnBaRDBpWTJ4cGNEQmZNakkyTjE4eU16QTBOQ0krUEhKbFkzUWdkMmxrZEdnOUlqQXVPRGdpSUdobGFXZG9kRDBpTUM0NE9DSWdabWxzYkQwaWQyaHBkR1VpSUhSeVlXNXpabTl5YlQwaWRISmhibk5zWVhSbEtEQXVNRFl3TURVNE5pQXdMakEyTURBMU9EWXBJaTgrUEM5amJHbHdVR0YwYUQ0OEwyUmxabk0rUEM5emRtYys7dmVydGljYWxMYWJlbFBvc2l0aW9uPWJvdHRvbTt2ZXJ0aWNhbEFsaWduPXRvcDtzdHJva2VXaWR0aD0xOyIgaWQ9IjciPjxteENlbGwgc3R5bGU9ImlyLnJlZj0xNzkxYzNiOC1hNTFjLTQ1YzItODZhZi0xYzQ3OWYzM2JkYzg7cm91bmRlZD0xO3doaXRlU3BhY2U9d3JhcDtodG1sPTE7YWxpZ249bGVmdDtpbWFnZUFsaWduPWNlbnRlcjtpbWFnZVdpZHRoPTgyO2ltYWdlSGVpZ2h0PTgyO2FyY1NpemU9MzthYnNvbHV0ZUFyY1NpemU9MTtzdHJva2VDb2xvcj0jMjBDOUUzO2ZpbGxDb2xvcj0jRTNGQ0ZDO2ZvbnRDb2xvcj0jMDA4NEFEO2ZvbnRTaXplPTEzO3NvdXJjZT1jdXN0b207aXIudHlwZT1DT01QT05FTlQ7aXIuY29tcG9uZW50RGVmaW5pdGlvbi5yZWY9Q0QtR0VORVJJQy1IQVJEV0FSRTt2ZXJ0aWNhbEFsaWduPXRvcDtpci5zeW5jaHJvbml6ZWQ9MTtzdHJva2VXaWR0aD0xO2NvbnRhaW5lcj0xO3BlcmltZXRlcj1yZWN0YW5nbGVQZXJpbWV0ZXI7cmVjdXJzaXZlUmVzaXplPTA7dGV4dERpcmVjdGlvbj1sdHI7c3BhY2luZ1RvcD0xO3NwYWNpbmdMZWZ0PTMyOyIgcGFyZW50PSIzIiB2ZXJ0ZXg9IjEiIGlzVGh1bWI9IjAiPjxteEdlb21ldHJ5IHg9IjY4NiIgeT0iMzMiIHdpZHRoPSI1MzkiIGhlaWdodD0iMzYzIiBhcz0iZ2VvbWV0cnkiLz48L214Q2VsbD48L29iamVjdD48bXhDZWxsIGlkPSIzOCIgdmFsdWU9IklvVCBBcHBsaWNhdGlvbiAtPiBFbWJlZGRlZCBTdG9yYWdlIiBzdHlsZT0iaXIucmVmPTc2ZDlmZGM4LWI3MzktNDkwMS04MWJjLTUxYzgwZmI0NDEwNjtlZGdlU3R5bGU9bm9uZTtjdXJ2ZWQ9MTtodG1sPTE7aXIuc3luY2hyb25pemVkPTE7ZXhpdFg9MC4yNTtleGl0WT0wO2V4aXREeD0wO2V4aXREeT0wO2VudHJ5WD0wLjI1O2VudHJ5WT0wLjkzMztlbnRyeUR4PTA7ZW50cnlEeT0wO2VudHJ5UGVyaW1ldGVyPTA7c3Ryb2tlQ29sb3I9I0JGQkZCRjtzdHJva2VXaWR0aD0yO2VuZEFycm93PW9wZW47ZW5kRmlsbD0wO2VuZFNpemU9NDtzb3VyY2VQZXJpbWV0ZXJTcGFjaW5nPTk7IiBwYXJlbnQ9IjciIHNvdXJjZT0iNCIgdGFyZ2V0PSIzNCIgZWRnZT0iMSI+PG14R2VvbWV0cnkgcmVsYXRpdmU9IjEiIGFzPSJnZW9tZXRyeSI+PEFycmF5IGFzPSJwb2ludHMiPjxteFBvaW50IHg9IjE3OCIgeT0iMTYxIi8+PC9BcnJheT48L214R2VvbWV0cnk+PC9teENlbGw+PG14Q2VsbCBpZD0iNCIgdmFsdWU9IklvVCBBcHBsaWNhdGlvbiIgc3R5bGU9ImlyLnJlZj05YzRiNmRjMi00ZDRiLTQ4MWYtYmZmNS05NmE2MjQ3ZWRhMWU7cm91bmRlZD0xO3doaXRlU3BhY2U9d3JhcDtodG1sPTE7YWxpZ249Y2VudGVyO2ltYWdlQWxpZ249Y2VudGVyO2ltYWdlV2lkdGg9ODI7aW1hZ2VIZWlnaHQ9ODI7YXJjU2l6ZT05MDthYnNvbHV0ZUFyY1NpemU9MTtzdHJva2VDb2xvcj0jMjBDOUUzO2ZpbGxDb2xvcj0jRTNGQ0ZDO2ZvbnRDb2xvcj0jMDA4NEFEO2ZvbnRTaXplPTEyO3NvdXJjZT1pcml1c3Jpc2s7aXIudHlwZT1DT01QT05FTlQ7aXIuY29tcG9uZW50RGVmaW5pdGlvbi5yZWY9aW90LWFwcGxpY2F0aW9uO2ltYWdlPWRhdGE6aW1hZ2Uvc3ZnK3htbCxQSE4yWnlCNGJXeHVjejBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01DOXpkbWNpSUhkcFpIUm9QU0l4SWlCb1pXbG5hSFE5SWpFaUlIWnBaWGRDYjNnOUlqQWdNQ0F4SURFaUlHWnBiR3c5SW01dmJtVWlQaVlqZUdFN1BHY2dZMnhwY0Mxd1lYUm9QU0oxY213b0kyTnNhWEF3S1NJK0ppTjRZVHM4Y0dGMGFDQmtQU0pOTUM0Mk9UTXhPVGtnTUM0Mk9EYzFNREZETUM0Mk9UTXhPVGtnTUM0Mk56VXdOelFnTUM0M01ETXlOek1nTUM0Mk5qVXdNREVnTUM0M01UVTJPVGtnTUM0Mk5qVXdNREZETUM0M01qZ3hNalVnTUM0Mk5qVXdNREVnTUM0M016Z3hPVGtnTUM0Mk56VXdOelFnTUM0M016Z3hPVGtnTUM0Mk9EYzFNREZETUM0M016Z3hPVGtnTUM0Mk9UazVNamNnTUM0M01qZ3hNalVnTUM0M01UQXdNREVnTUM0M01UVTJPVGtnTUM0M01UQXdNREZETUM0M01ETXlOek1nTUM0M01UQXdNREVnTUM0Mk9UTXhPVGtnTUM0Mk9UazVNamNnTUM0Mk9UTXhPVGtnTUM0Mk9EYzFNREZhSWlCbWFXeHNQU0lqTVRGQk9FTkdJaTgrSmlONFlUczhjR0YwYUNCbWFXeHNMWEoxYkdVOUltVjJaVzV2WkdRaUlHTnNhWEF0Y25Wc1pUMGlaWFpsYm05a1pDSWdaRDBpVFRBdU5qTXpNVEkxSURBdU5qTTROamMzUXpBdU5qTXpNVEkxSURBdU5qSXdNRE0zSURBdU5qUTRNak0xSURBdU5qQTBPVEkzSURBdU5qWTJPRGMxSURBdU5qQTBPVEkzU0RBdU56WTBNemMxUXpBdU56Z3pNREUxSURBdU5qQTBPVEkzSURBdU56azRNVEkxSURBdU5qSXdNRE0zSURBdU56azRNVEkxSURBdU5qTTROamMzVmpBdU56TTJNVGMzUXpBdU56azRNVEkxSURBdU56VTBPREUySURBdU56Z3pNREUxSURBdU56WTVPVEkzSURBdU56WTBNemMxSURBdU56WTVPVEkzU0RBdU5qWTJPRGMxUXpBdU5qUTRNak0xSURBdU56WTVPVEkzSURBdU5qTXpNVEkxSURBdU56VTBPREUySURBdU5qTXpNVEkxSURBdU56TTJNVGMzVmpBdU5qTTROamMzV2swd0xqYzJNRFk1T1NBd0xqWTROelV3TVVNd0xqYzJNRFk1T1NBd0xqWTJNalkwT0NBd0xqYzBNRFUxTWlBd0xqWTBNalV3TVNBd0xqY3hOVFk1T1NBd0xqWTBNalV3TVVNd0xqWTVNRGcwTmlBd0xqWTBNalV3TVNBd0xqWTNNRFk1T1NBd0xqWTJNalkwT0NBd0xqWTNNRFk1T1NBd0xqWTROelV3TVVNd0xqWTNNRFk1T1NBd0xqY3hNak0xTkNBd0xqWTVNRGcwTmlBd0xqY3pNalV3TVNBd0xqY3hOVFk1T1NBd0xqY3pNalV3TVVNd0xqYzBNRFUxTWlBd0xqY3pNalV3TVNBd0xqYzJNRFk1T1NBd0xqY3hNak0xTkNBd0xqYzJNRFk1T1NBd0xqWTROelV3TVZvaUlHWnBiR3c5SWlNeE1VRTRRMFlpTHo0bUkzaGhPenh3WVhSb0lHWnBiR3d0Y25Wc1pUMGlaWFpsYm05a1pDSWdZMnhwY0MxeWRXeGxQU0psZG1WdWIyUmtJaUJrUFNKTk1DNDNNVFUyTWpVZ01DNDVNRE13TlRKRE1DNDRNelEzTVRFZ01DNDVNRE13TlRJZ01DNDVNekV5TlNBd0xqZ3dOalV4TXlBd0xqa3pNVEkxSURBdU5qZzNOREkzUXpBdU9UTXhNalVnTUM0MU5qZ3pOQ0F3TGpnek5EY3hNU0F3TGpRM01UZ3dNaUF3TGpjeE5UWXlOU0F3TGpRM01UZ3dNa013TGpVNU5qVXpPU0F3TGpRM01UZ3dNaUF3TGpVZ01DNDFOamd6TkNBd0xqVWdNQzQyT0RjME1qZERNQzQxSURBdU9EQTJOVEV6SURBdU5UazJOVE01SURBdU9UQXpNRFV5SURBdU56RTFOakkxSURBdU9UQXpNRFV5V2swd0xqYzNOVFV5TWlBd0xqVTBOekUxUXpBdU56YzBOemMzSURBdU5UUXhOalU1SURBdU56Y3dNRGNnTUM0MU16YzBNamNnTUM0M05qUXpOelVnTUM0MU16YzBNamRNTUM0M05qSTRORGdnTUM0MU16YzFNamxNTUM0M05qRXpPRFFnTUM0MU16YzRNamxETUM0M05UWTJNak1nTUM0MU16a3hNemdnTUM0M05UTXhNalVnTUM0MU5ETTBPVGtnTUM0M05UTXhNalVnTUM0MU5EZzJOemRXTUM0MU9ESTBNVEpJTUM0M01qWTROa3d3TGpjeU5qZzNOU0F3TGpVME9EWTNOMHd3TGpjeU5qYzNNaUF3TGpVME56RTFRekF1TnpJMk1ESTNJREF1TlRReE5qVTVJREF1TnpJeE16SWdNQzQxTXpjME1qY2dNQzQzTVRVMk1qVWdNQzQxTXpjME1qZE1NQzQzTVRRd09UZ2dNQzQxTXpjMU1qbERNQzQzTURnMk1EY2dNQzQxTXpneU56UWdNQzQzTURRek56VWdNQzQxTkRJNU9ERWdNQzQzTURRek56VWdNQzQxTkRnMk56ZE1NQzQzTURRek5pQXdMalU0TWpReE1rZ3dMalkzT0RFeU5WWXdMalUwT0RZM04wd3dMalkzT0RBeU1pQXdMalUwTnpFMVF6QXVOamMzTWpjM0lEQXVOVFF4TmpVNUlEQXVOamN5TlRjZ01DNDFNemMwTWpjZ01DNDJOalk0TnpVZ01DNDFNemMwTWpkRE1DNDJOakEyTmpJZ01DNDFNemMwTWpjZ01DNDJOVFUyTWpVZ01DNDFOREkwTmpRZ01DNDJOVFUyTWpVZ01DNDFORGcyTnpkTU1DNDJOVFUyTXpJZ01DNDFPRE0xTlRGRE1DNDJNek0xT1RNZ01DNDFPRGd3TWpFZ01DNDJNVFl5TXpJZ01DNDJNRFV6TnpjZ01DNDJNVEUzTlRNZ01DNDJNamMwTVRKTU1DNDFOelk0TnpVZ01DNDJNamMwTWpkTU1DNDFOelV6TkRnZ01DNDJNamMxTWpsRE1DNDFOams0TlRjZ01DNDJNamd5TnpRZ01DNDFOalUyTWpVZ01DNDJNekk1T0RFZ01DNDFOalUyTWpVZ01DNDJNemcyTnpkTU1DNDFOalUzTWpnZ01DNDJOREF5TURORE1DNDFOalkwTnpNZ01DNDJORFUyT1RRZ01DNDFOekV4T0NBd0xqWTBPVGt5TnlBd0xqVTNOamczTlNBd0xqWTBPVGt5TjB3d0xqWXhNRFl5TlNBd0xqWTBPVGt4TWxZd0xqWTNOakUyTWt3d0xqVTNOamczTlNBd0xqWTNOakUzTjB3d0xqVTNOVE0wT0NBd0xqWTNOakkzT1VNd0xqVTJPVGcxTnlBd0xqWTNOekF5TkNBd0xqVTJOVFl5TlNBd0xqWTRNVGN6TVNBd0xqVTJOVFl5TlNBd0xqWTROelF5TjB3d0xqVTJOVGN5T0NBd0xqWTRPRGsxTTBNd0xqVTJOalEzTXlBd0xqWTVORFEwTkNBd0xqVTNNVEU0SURBdU5qazROamMzSURBdU5UYzJPRGMxSURBdU5qazROamMzVERBdU5qRXdOakkxSURBdU5qazROall5VmpBdU56STBPVEV5VERBdU5UYzJPRGMxSURBdU56STBPVEkzVERBdU5UYzFNelE0SURBdU56STFNREk1UXpBdU5UWTVPRFUzSURBdU56STFOemMwSURBdU5UWTFOakkxSURBdU56TXdORGd4SURBdU5UWTFOakkxSURBdU56TTJNVGMzUXpBdU5UWTFOakkxSURBdU56UXlNemtnTUM0MU56QTJOaklnTUM0M05EYzBNamNnTUM0MU56WTROelVnTUM0M05EYzBNamRNTUM0Mk1URTNOU0F3TGpjME56UXlOa013TGpZeE5qSXlOQ0F3TGpjMk9UUTJPU0F3TGpZek16VTRPQ0F3TGpjNE5qZ3pNU0F3TGpZMU5UWXpNaUF3TGpjNU1UTXdNMHd3TGpZMU5UWXlOU0F3TGpneU5qRTNOMHd3TGpZMU5UY3lPQ0F3TGpneU56Y3dNME13TGpZMU5qUTNNeUF3TGpnek16RTVOQ0F3TGpZMk1URTRJREF1T0RNM05ESTNJREF1TmpZMk9EYzFJREF1T0RNM05ESTNUREF1TmpZNE5EQXlJREF1T0RNM016STBRekF1Tmpjek9Ea3pJREF1T0RNMk5UYzVJREF1TmpjNE1USTFJREF1T0RNeE9EY3lJREF1TmpjNE1USTFJREF1T0RJMk1UYzNWakF1TnpreU5ERXlTREF1TnpBME16Wk1NQzQzTURRek56VWdNQzQ0TWpZeE56ZE1NQzQzTURRME56Z2dNQzQ0TWpjM01ETkRNQzQzTURVeU1qTWdNQzQ0TXpNeE9UUWdNQzQzTURrNU15QXdMamd6TnpReU55QXdMamN4TlRZeU5TQXdMamd6TnpReU4wd3dMamN4TnpFMU1pQXdMamd6TnpNeU5FTXdMamN5TWpZME15QXdMamd6TmpVM09TQXdMamN5TmpnM05TQXdMamd6TVRnM01pQXdMamN5TmpnM05TQXdMamd5TmpFM04wd3dMamN5TmpnMklEQXVOemt5TkRFeVNEQXVOelV6TVRJMVZqQXVPREkyTVRjM1REQXVOelV6TWpJNElEQXVPREkzTnpBelF6QXVOelV6T1RjeklEQXVPRE16TVRrMElEQXVOelU0TmpnZ01DNDRNemMwTWpjZ01DNDNOalF6TnpVZ01DNDRNemMwTWpkRE1DNDNOekExT0RnZ01DNDRNemMwTWpjZ01DNDNOelUyTWpVZ01DNDRNekl6T1NBd0xqYzNOVFl5TlNBd0xqZ3lOakUzTjB3d0xqYzNOVFl6TXlBd0xqYzVNVE5ETUM0M09UYzJOalVnTUM0M09EWTRNalFnTUM0NE1UVXdNaUF3TGpjMk9UUTNNU0F3TGpneE9UUTVOeUF3TGpjME56UXpPVXd3TGpnMU5ETTNOU0F3TGpjME56UXlOMHd3TGpnMU5Ua3dNaUF3TGpjME56TXlORU13TGpnMk1UTTVNeUF3TGpjME5qVTNPU0F3TGpnMk5UWXlOU0F3TGpjME1UZzNNaUF3TGpnMk5UWXlOU0F3TGpjek5qRTNOMHd3TGpnMk5UVXlNaUF3TGpjek5EWTFRekF1T0RZME56YzNJREF1TnpJNU1UVTVJREF1T0RZd01EY2dNQzQzTWpRNU1qY2dNQzQ0TlRRek56VWdNQzQzTWpRNU1qZElNQzQ0TWpBMk1qVldNQzQyT1RnMk56ZElNQzQ0TlRRek56Vk1NQzQ0TlRVNU1ESWdNQzQyT1RnMU56UkRNQzQ0TmpFek9UTWdNQzQyT1RjNE1qa2dNQzQ0TmpVMk1qVWdNQzQyT1RNeE1qSWdNQzQ0TmpVMk1qVWdNQzQyT0RjME1qZE1NQzQ0TmpVMU1qSWdNQzQyT0RVNVF6QXVPRFkwTnpjM0lEQXVOamd3TkRBNUlEQXVPRFl3TURjZ01DNDJOell4TnpjZ01DNDROVFF6TnpVZ01DNDJOell4TnpkSU1DNDRNakEyTWpWV01DNDJORGs1TWpkSU1DNDROVFF6TnpWTU1DNDROVFU1TURJZ01DNDJORGs0TWpSRE1DNDROakV6T1RNZ01DNDJORGt3TnprZ01DNDROalUyTWpVZ01DNDJORFF6TnpJZ01DNDROalUyTWpVZ01DNDJNemcyTnpkRE1DNDROalUyTWpVZ01DNDJNekkwTmpRZ01DNDROakExT0RnZ01DNDJNamMwTWpjZ01DNDROVFF6TnpVZ01DNDJNamMwTWpkTU1DNDRNVGsxSURBdU5qSTNORE5ETUM0NE1UVXdNamdnTUM0Mk1EVXpPVEVnTUM0M09UYzJOeUF3TGpVNE9EQXpJREF1TnpjMU5qTXpJREF1TlRnek5UVTBUREF1TnpjMU5qSTFJREF1TlRRNE5qYzNUREF1TnpjMU5USXlJREF1TlRRM01UVmFJaUJtYVd4c1BTSWpNVEZCT0VOR0lpOCtKaU40WVRzOGNHRjBhQ0JrUFNKTk1DNDRNVEEyT1RNZ01DNDBOVEkzT1RaRE1DNDNPVFF5T0RjZ01DNDBNakl6TkRFZ01DNDNOek0wTWpVZ01DNHpPVE0zT1RJZ01DNDNORGsxTXpJZ01DNHpOams0T1RoRE1DNDJNVEkyTkRjZ01DNHlNek13TVRRZ01DNHpPVEEzTVRRZ01DNHlNek13TVRRZ01DNHlOVE00TWprZ01DNHpOams0T1RoRE1DNHlNamN5T0RnZ01DNHpPVFkwTXprZ01DNHlNRFUyTWpnZ01DNDBNalkwTWlBd0xqRTRPRGs0TXlBd0xqUTFPVE15TjBNd0xqRTNPREl6TXlBd0xqUTRNRFU0SURBdU1UZzJOelEzSURBdU5UQTJOVEkwSURBdU1qQTRJREF1TlRFM01qYzBRekF1TWpJNU1qVXpJREF1TlRJNE1ESTBJREF1TWpVMU1UazNJREF1TlRFNU5UQTVJREF1TWpZMU9UUTNJREF1TkRrNE1qVTJRekF1TWpjNE5EZzBJREF1TkRjek5EY3hJREF1TWprME56WXhJREF1TkRVd09UUXlJREF1TXpFME9ERTJJREF1TkRNd09EZzJRekF1TkRFNE1ERTVJREF1TXpJM05qZ3pJREF1TlRnMU16UXlJREF1TXpJM05qZ3pJREF1TmpnNE5UUTFJREF1TkRNd09EZzJRekF1Tmprd01ERTVJREF1TkRNeU16WWdNQzQyT1RFME9DQXdMalF6TXpnMk1pQXdMalk1TWpreU9DQXdMalF6TlRNNE9VTXdMamN3TURRek5pQXdMalF6TkRjeE9TQXdMamN3T0RBMElEQXVORE0wTXpjMklEQXVOekUxTnpJeklEQXVORE0wTXpjMlF6QXVOelE1TXpBNUlEQXVORE0wTXpjMklEQXVOemd4TXpZM0lEQXVORFF3T1RFNElEQXVPREV3TmpreklEQXVORFV5TnprMldpSWdabWxzYkQwaUl6RXhRVGhEUmlJdlBpWWplR0U3UEhCaGRHZ2daRDBpVFRBdU5EYzNNamswSURBdU5qQXlNekF5UXpBdU5EWTNOemdnTUM0Mk1qZzVNalVnTUM0ME5qSTFPVGdnTUM0Mk5UYzJNRGdnTUM0ME5qSTFPVGdnTUM0Mk9EYzFNREpETUM0ME5qSTFPVGdnTUM0Mk9UYzBNak1nTUM0ME5qTXhOamtnTUM0M01EY3lNVEVnTUM0ME5qUXlOemtnTUM0M01UWTRNelZETUM0ME5qQTNOalFnTUM0M01UUTBPVFVnTUM0ME5UYzBNamNnTUM0M01URTNOelFnTUM0ME5UUXpNallnTUM0M01EZzJOek5ETUM0ME1qa3dORFlnTUM0Mk9ETXpPVFFnTUM0ME1qa3dORFlnTUM0Mk5ESTBNRGdnTUM0ME5UUXpNallnTUM0Mk1UY3hNamxETUM0ME5qRXdOalFnTUM0Mk1UQXpPU0F3TGpRMk9Ea3hPU0F3TGpZd05UUTBPQ0F3TGpRM056STVOQ0F3TGpZd01qTXdNbG9pSUdacGJHdzlJaU14TVVFNFEwWWlMejRtSTNoaE96eHdZWFJvSUdROUlrMHdMall3TmprNElEQXVORFU0T0RaRE1DNDFOelUxTkRZZ01DNDBOek00TXpZZ01DNDFORGMyT0RjZ01DNDBPVFV4TURRZ01DNDFNalV3TXpJZ01DNDFNakV3TXpWRE1DNDBPREl3TVRZZ01DNDFNVE0zTkRJZ01DNDBNell5TXpjZ01DNDFNalkyT1RZZ01DNDBNRE13TXpjZ01DNDFOVGs0T1RaRE1DNHpPVEV3TXpjZ01DNDFOekU0T1RVZ01DNHpPREV5TkRZZ01DNDFPRFkxT0RRZ01DNHpOelF3TkRrZ01DNDJNRE13TTBNd0xqTTJORFV3TWlBd0xqWXlORGcxSURBdU16TTVNRGMwSURBdU5qTTBOems1SURBdU16RTNNalUwSURBdU5qSTFNalV4UXpBdU1qazFORE0xSURBdU5qRTFOekEwSURBdU1qZzFORGcySURBdU5Ua3dNamMySURBdU1qazFNRE16SURBdU5UWTRORFUyUXpBdU16QTJORElnTUM0MU5ESTBNelFnTUM0ek1qSXlNRGdnTUM0MU1UZzNOU0F3TGpNME1qQTFJREF1TkRrNE9UQTRRekF1TkRFek56Y2dNQzQwTWpjeE9EY2dNQzQxTWpFM05UZ2dNQzQwTVRNNE16Z2dNQzQyTURZNU9DQXdMalExT0RnMldpSWdabWxzYkQwaUl6RXhRVGhEUmlJdlBpWWplR0U3UEhCaGRHZ2daRDBpVFRBdU9USXpOekVnTUM0ek16ZzVNekpETUM0NU1EVTNNeUF3TGpNeE1qZzRNU0F3TGpnNE5UQTNPQ0F3TGpJNE56ZzVNU0F3TGpnMk16RTNNU0F3TGpJMk5UazRORU13TGpZMk1qUTVOeUF3TGpBMk5UTXhJREF1TXpNM01UUWdNQzR3TmpVek1TQXdMakV6TmpRMk5pQXdMakkyTlRrNE5FTXdMakV4TlRNM055QXdMakk0TnpBM015QXdMakE1TlRBd01EZ2dNQzR6TVRFNU9Ea2dNQzR3TnpZMU5ETXhJREF1TXpNNE5UazFRekF1TURZeU9UWTNNeUF3TGpNMU9ERTJOQ0F3TGpBMk56Z3lOVGdnTUM0ek9EVXdNek1nTUM0d09EY3pPVFE1SURBdU16azROakE1UXpBdU1UQTJPVFkwSURBdU5ERXlNVGcxSURBdU1UTXpPRE16SURBdU5EQTNNekkySURBdU1UUTNOREE1SURBdU16ZzNOelUzUXpBdU1UWXpNRGd5SURBdU16WTFNVFkwSURBdU1UZ3dNak01SURBdU16UTBNVGcySURBdU1UazNORFV6SURBdU16STJPVGN5UXpBdU16WTBORFExSURBdU1UVTVPVGdnTUM0Mk16VXhPVElnTUM0eE5UazVPQ0F3TGpnd01qRTRNeUF3TGpNeU5qazNNa013TGpneU1ETXhOU0F3TGpNME5URXdOQ0F3TGpnek56WTBOU0F3TGpNMk5qQTNNaUF3TGpnMU1qY3lOaUF3TGpNNE56a3lNME13TGpnMk5qSTFOQ0F3TGpRd056VXlOU0F3TGpnNU16RXhNaUF3TGpReE1qUTBPQ0F3TGpreE1qY3hNeUF3TGpNNU9Ea3hPVU13TGprek1qTXhOU0F3TGpNNE5UTTVNU0F3TGprek56SXpPQ0F3TGpNMU9EVXpNeUF3TGpreU16Y3hJREF1TXpNNE9UTXlXaUlnWm1sc2JEMGlJekV4UVRoRFJpSXZQaVlqZUdFN1BDOW5QaVlqZUdFN1BHUmxabk0rSmlONFlUczhZMnhwY0ZCaGRHZ2dhV1E5SW1Oc2FYQXdJajRtSTNoaE96eHlaV04wSUhkcFpIUm9QU0l3TGprek56VWlJR2hsYVdkb2REMGlNQzQ1TXpjMUlpQm1hV3hzUFNKM2FHbDBaU0lnZEhKaGJuTm1iM0p0UFNKMGNtRnVjMnhoZEdVb01DNHdNekV5TlNBd0xqQXpNVEkxS1NJdlBpWWplR0U3UEM5amJHbHdVR0YwYUQ0bUkzaGhPend2WkdWbWN6NG1JM2hoT3p3dmMzWm5QZz09O3ZlcnRpY2FsTGFiZWxQb3NpdGlvbj1ib3R0b207dmVydGljYWxBbGlnbj10b3A7aXIuc3luY2hyb25pemVkPTE7c3Ryb2tlV2lkdGg9MTsiIHBhcmVudD0iNyIgdmVydGV4PSIxIiBpc1RodW1iPSIwIj48bXhHZW9tZXRyeSB4PSIxODQiIHk9IjIxOCIgd2lkdGg9IjEwNSIgaGVpZ2h0PSIxMDEiIGFzPSJnZW9tZXRyeSIvPjwvbXhDZWxsPjxteENlbGwgaWQ9IjgiIHZhbHVlPSJCbHVldG9vdGggcG9ydCIgc3R5bGU9ImlyLnJlZj1jNzdlYmQ3Ni1jNmM1LTRlZmMtOGNlNy0xMjk0MGI4YTIwZjk7cm91bmRlZD0xO3doaXRlU3BhY2U9d3JhcDtodG1sPTE7YWxpZ249Y2VudGVyO2ltYWdlQWxpZ249Y2VudGVyO2ltYWdlV2lkdGg9ODI7aW1hZ2VIZWlnaHQ9ODI7YXJjU2l6ZT05MDthYnNvbHV0ZUFyY1NpemU9MTtzdHJva2VDb2xvcj0jMjBDOUUzO2ZpbGxDb2xvcj0jRTNGQ0ZDO2ZvbnRDb2xvcj0jMDA4NEFEO2ZvbnRTaXplPTEyO3NvdXJjZT1pcml1c3Jpc2s7aXIudHlwZT1DT01QT05FTlQ7aXIuY29tcG9uZW50RGVmaW5pdGlvbi5yZWY9Q0QtQkxVRVRPT1RILVBPUlQ7aW1hZ2U9ZGF0YTppbWFnZS9zdmcreG1sLFBITjJaeUIzYVdSMGFEMGlNU0lnYUdWcFoyaDBQU0l4SWlCMmFXVjNRbTk0UFNJd0lEQWdNU0F4SWlCbWFXeHNQU0p1YjI1bElpQjRiV3h1Y3owaWFIUjBjRG92TDNkM2R5NTNNeTV2Y21jdk1qQXdNQzl6ZG1jaVBqeHpkSGxzWlQ0Z0lDQWdMbWxqYjI0dFptbHNiQ0I3SUNBZ0lDQWdJQ0JtYVd4c09pQWpNVEZCT0VOR095QWdJQ0I5UEM5emRIbHNaVDQ4WnlCamJHbHdMWEJoZEdnOUluVnliQ2dqWTJ4cGNEQmZNakkyTjE4eU1qWTRNU2tpUGp4d1lYUm9JR1E5SWswd0xqRTNORE14TmlBd0xqSXhNamcyTmtNd0xqRTNORE14TmlBd0xqRTVNVGN4TVNBd0xqRTVNVFEyTnlBd0xqRTNORFUyTVNBd0xqSXhNall5TWlBd0xqRTNORFUyTVVnd0xqYzROekl4TVVNd0xqZ3dPRE0yTmlBd0xqRTNORFUyTVNBd0xqZ3lOVFV4TmlBd0xqRTVNVGN4TVNBd0xqZ3lOVFV4TmlBd0xqSXhNamcyTmxZd0xqYzROelExTlVNd0xqZ3lOVFV4TmlBd0xqZ3dPRFl4SURBdU9EQTRNelkySURBdU9ESTFOellnTUM0M09EY3lNVEVnTUM0NE1qVTNOa2d3TGpJeE1qWXlNa013TGpFNU1UUTJOeUF3TGpneU5UYzJJREF1TVRjME16RTJJREF1T0RBNE5qRWdNQzR4TnpRek1UWWdNQzQzT0RjME5UVldNQzR5TVRJNE5qWmFJaUJqYkdGemN6MGlhV052YmkxbWFXeHNJaTgrUEhCaGRHZ2daRDBpVFRBdU1UZ3pNVEExSURBdU1qSXdOakpETUM0eE9ETXhNRFVnTUM0eU1EQXdNellnTUM0eE9UazNPVElnTUM0eE9ETXpOU0F3TGpJeU1ETTNOaUF3TGpFNE16TTFTREF1TnpjNU5ETTFRekF1T0RBd01ERTVJREF1TVRnek16VWdNQzQ0TVRZM01EVWdNQzR5TURBd016WWdNQzQ0TVRZM01EVWdNQzR5TWpBMk1sWXdMamMzT1RZM09VTXdMamd4Tmpjd05TQXdMamd3TURJMk15QXdMamd3TURBeE9TQXdMamd4TmprMUlEQXVOemM1TkRNMUlEQXVPREUyT1RWSU1DNHlNakF6TnpaRE1DNHhPVGszT1RJZ01DNDRNVFk1TlNBd0xqRTRNekV3TlNBd0xqZ3dNREkyTXlBd0xqRTRNekV3TlNBd0xqYzNPVFkzT1ZZd0xqSXlNRFl5V2lJZ1ptbHNiRDBpZDJocGRHVWlJR1pwYkd3dGIzQmhZMmwwZVQwaU1DNDRJaTgrUEhCaGRHZ2daRDBpVFRBdU5EYzBOelk1SURBdU1qa3hNVGMzUXpBdU5EZ3hNRGdnTUM0eU9EZ3lOelVnTUM0ME9EZzFNRE1nTUM0eU9Ea3pNVFFnTUM0ME9UTTNOellnTUM0eU9UTTRNelpNTUM0Mk1UZ3lOeUF3TGpRd01EWXdOVU13TGpZeU1qSTBNeUF3TGpRd05EQXhNaUF3TGpZeU5EVXhOQ0F3TGpRd09EazVPQ0F3TGpZeU5EUTNOaUF3TGpReE5ESXpNa013TGpZeU5EUXpPU0F3TGpReE9UUTJOeUF3TGpZeU1qQTVOeUF3TGpReU5EUXhPU0F3TGpZeE9EQTNOU0F3TGpReU56YzJPVXd3TGpVeU56YzROQ0F3TGpVd01qazROMHd3TGpZeE9EQTNPQ0F3TGpVM09ESXpNVU13TGpZeU1qQTVPU0F3TGpVNE1UVTRNaUF3TGpZeU5EUTBJREF1TlRnMk5UTTFJREF1TmpJME5EYzJJREF1TlRreE56ZERNQzQyTWpRMU1UTWdNQzQxT1Rjd01EVWdNQzQyTWpJeU5ERWdNQzQyTURFNU9TQXdMall4T0RJMk5pQXdMall3TlRNNU4wd3dMalE1TXpjM01pQXdMamN4TWpFd05rTXdMalE0T0RRNU9TQXdMamN4TmpZeU5pQXdMalE0TVRBM055QXdMamN4TnpZMk15QXdMalEzTkRjMk5pQXdMamN4TkRjMk1VTXdMalEyT0RRMU5pQXdMamN4TVRnMU9TQXdMalEyTkRReE15QXdMamN3TlRVME9DQXdMalEyTkRReE15QXdMalk1T0RZd00xWXdMalUxTlRjM09Fd3dMalF3TkRZMU55QXdMall3TlRVMU9FTXdMak01TnpFeElEQXVOakV4T0RRMUlEQXVNemcxT0RrMklEQXVOakV3T0RJMElEQXVNemM1TmpBNUlEQXVOakF6TWpjM1F6QXVNemN6TXpJeUlEQXVOVGsxTnpNZ01DNHpOelF6TkRRZ01DNDFPRFExTVRZZ01DNHpPREU0T1NBd0xqVTNPREl5T1V3d0xqUTJORFF4TXlBd0xqVXdPVFE0TTFZd0xqUTVOalEzT1V3d0xqTTRNVGc0T0NBd0xqUXlOemN3T0VNd0xqTTNORE0wTWlBd0xqUXlNVFF5SURBdU16Y3pNekl6SURBdU5ERXdNakExSURBdU16YzVOakV4SURBdU5EQXlOalpETUM0ek9EVTRPVGtnTUM0ek9UVXhNVFFnTUM0ek9UY3hNVE1nTUM0ek9UUXdPVFFnTUM0ME1EUTJOVGtnTUM0ME1EQXpPREpNTUM0ME5qUTBNVE1nTUM0ME5UQXhOemRXTUM0ek1EY3pNelpETUM0ME5qUTBNVE1nTUM0ek1EQXpPRGtnTUM0ME5qZzBOVGNnTUM0eU9UUXdOemtnTUM0ME56UTNOamtnTUM0eU9URXhOemRhVFRBdU5UQXdNREF6SURBdU5EYzVPRE0xVERBdU5UYzVNVFF6SURBdU5ERXpPVEEzVERBdU5EazVPVGd6SURBdU16UTJNREU0VmpBdU5EYzVPREU1VERBdU5UQXdNREF6SURBdU5EYzVPRE0xV2swd0xqUTVPVGs1T1NBd0xqVXlOakV6TTB3d0xqUTVPVGs0TXlBd0xqVXlOakUwTjFZd0xqWTFPVGt6TlV3d0xqVTNPVEUwTVNBd0xqVTVNakE0TlV3d0xqUTVPVGs1T1NBd0xqVXlOakV6TTFvaUlHTnNZWE56UFNKcFkyOXVMV1pwYkd3aUx6NDhMMmMrUEdSbFpuTStQR05zYVhCUVlYUm9JR2xrUFNKamJHbHdNRjh5TWpZM1h6SXlOamd4SWo0OGNtVmpkQ0IzYVdSMGFEMGlNQzQ0T0NJZ2FHVnBaMmgwUFNJd0xqZzRJaUJtYVd4c1BTSjNhR2wwWlNJZ2RISmhibk5tYjNKdFBTSjBjbUZ1YzJ4aGRHVW9NQzR3TmpBd05UZzJJREF1TURZd01EVTROaWtpTHo0OEwyTnNhWEJRWVhSb1Bqd3ZaR1ZtY3o0OEwzTjJaejQ9O3ZlcnRpY2FsTGFiZWxQb3NpdGlvbj1ib3R0b207dmVydGljYWxBbGlnbj10b3A7aXIuc3luY2hyb25pemVkPTE7c3Ryb2tlV2lkdGg9MTsiIHBhcmVudD0iNyIgdmVydGV4PSIxIiBpc1RodW1iPSIwIj48bXhHZW9tZXRyeSB4PSIzNSIgeT0iMjA5IiB3aWR0aD0iOTAiIGhlaWdodD0iOTAiIGFzPSJnZW9tZXRyeSIvPjwvbXhDZWxsPjxteENlbGwgaWQ9IjM5IiB2YWx1ZT0iRW1iZWRkZWQgU3RvcmFnZSAtPiBJb1QgQXBwbGljYXRpb24iIHN0eWxlPSJpci5yZWY9ODM1YTM2ODUtMTRmZS00MGU5LTk5MjQtNmI2YmRiNzM0NjBiO2VkZ2VTdHlsZT1ub25lO2N1cnZlZD0xO2h0bWw9MTtpci5zeW5jaHJvbml6ZWQ9MTtleGl0WD0wLjc1O2V4aXRZPTE7ZXhpdER4PTA7ZXhpdER5PTA7ZW50cnlYPTAuNzU7ZW50cnlZPTA7ZW50cnlEeD0wO2VudHJ5RHk9MDtzdHJva2VDb2xvcj0jQkZCRkJGO3N0cm9rZVdpZHRoPTI7ZW5kQXJyb3c9b3BlbjtlbmRGaWxsPTA7ZW5kU2l6ZT00O3NvdXJjZVBlcmltZXRlclNwYWNpbmc9OTsiIHBhcmVudD0iNyIgc291cmNlPSIzNCIgdGFyZ2V0PSI0IiBlZGdlPSIxIj48bXhHZW9tZXRyeSByZWxhdGl2ZT0iMSIgYXM9Imdlb21ldHJ5Ij48QXJyYXkgYXM9InBvaW50cyI+PG14UG9pbnQgeD0iMzA3IiB5PSIxNTEiLz48L0FycmF5PjwvbXhHZW9tZXRyeT48L214Q2VsbD48bXhDZWxsIGlkPSI0MCIgdmFsdWU9IkVtYmVkZGVkIFN0b3JhZ2UgLT4gT3RoZXIgZGF0YWJhc2UiIHN0eWxlPSJpci5yZWY9MGRiYjY4MmEtMDY4MC00OTg3LWI3NGEtNmViMjA2Yzc0MmVjO2VkZ2VTdHlsZT1ub25lO2N1cnZlZD0xO2h0bWw9MTtpci5zeW5jaHJvbml6ZWQ9MTtleGl0WD0xO2V4aXRZPTAuMjU7ZXhpdER4PTA7ZXhpdER5PTA7ZW50cnlYPTA7ZW50cnlZPTAuMjU7ZW50cnlEeD0wO2VudHJ5RHk9MDtzdHJva2VDb2xvcj0jQkZCRkJGO3N0cm9rZVdpZHRoPTI7ZW5kQXJyb3c9b3BlbjtlbmRGaWxsPTA7ZW5kU2l6ZT00O3NvdXJjZVBlcmltZXRlclNwYWNpbmc9OTsiIHBhcmVudD0iNyIgc291cmNlPSIzNCIgdGFyZ2V0PSIzNSIgZWRnZT0iMSI+PG14R2VvbWV0cnkgcmVsYXRpdmU9IjEiIGFzPSJnZW9tZXRyeSI+PEFycmF5IGFzPSJwb2ludHMiPjxteFBvaW50IHg9IjM0NSIgeT0iMzgiLz48L0FycmF5PjwvbXhHZW9tZXRyeT48L214Q2VsbD48bXhDZWxsIGlkPSIzNCIgdmFsdWU9IkVtYmVkZGVkIFN0b3JhZ2UiIHN0eWxlPSJpci5yZWY9NTI1ODU5ODYtZTEwYS00YTU5LWJmNTEtOTEwZjc2ZGJkNmU1O3JvdW5kZWQ9MTt3aGl0ZVNwYWNlPXdyYXA7aHRtbD0xO2FsaWduPWNlbnRlcjtpbWFnZUFsaWduPWNlbnRlcjtpbWFnZVdpZHRoPTgyO2ltYWdlSGVpZ2h0PTgyO2FyY1NpemU9OTA7YWJzb2x1dGVBcmNTaXplPTE7c3Ryb2tlQ29sb3I9IzIwQzlFMztmaWxsQ29sb3I9I0ZGMzMzMztmb250Q29sb3I9IzAwODRBRDtmb250U2l6ZT0xMjtzb3VyY2U9aXJpdXNyaXNrO2lyLnR5cGU9Q09NUE9ORU5UO2lyLmNvbXBvbmVudERlZmluaXRpb24ucmVmPWVtYmVkZGVkLXN0b3JhZ2U7aW1hZ2U9ZGF0YTppbWFnZS9wbmcsaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQU1nQUFBRElDQVlBQUFDdFdLNmVBQUJxakVsRVFWUjQydTJkZjl6MmR6bi9yei82WTMvMHh4NlA5dERTTUFxamZRa2hoQWhSR0lycEI4T2lxRXlTcGNuU2FQM0FNQmxLaTFHU2ZsbFpESGRaM0JTTkZpc3JkNnlNTnQzVnlxcFY1L2Z6L0xpZTkrTzFZOGY3YzE3WDNYMXY5MzNkMS9sNGZCN25lWjNYNS96OGVIK08zOGZyT0k2TmpkM1hZWHV0VnFzVHB1MCswM2JHdEoyN3VWMHdiUmR2Ym5zMnR5dW5iVi9aM3JENXY4dGovMmR0SHVPY2FYdll0TjE3Mm83ZlhlbmQxNUhNQk1kTjI2blRkdHEwbmIxSnlIdW5iZi9xdG50ZFAyMVhUTnRGMC9iNGFYdmd0SjB5YlhmWWZVSzdyOXVhSVk3ZlpJWUxwKzJxMVpIOXVubFRPNTAvYmZlZnRqdnVQc0hkMTZGbWlEdHVFdGV6Tm9udGFIN2R2S25kenB1Mis2TDlkcC93N3V0Z21PS2VtMFMwZDVPb2R1cnJwazAvQjUvbTdydFBmdmUxeEJRbmJkcnZWNjZPM1JkK3pDTUpMdXhTeE81TEI1dG8wR1U3WEZNY2pHWjU4YWF2dGV2b0g0T01jYi9OYU5PTnU3eXdwUWdaQVlsNzcxTE96bWFLTzJ4cWl4MXZRbjM4NHgrLzFkOTE2MzZ6aGYzd1YwN2JwYWFkeHhnazZxN1o2VXpoOXJHUGZld0FjZnZkUnovNjBRUGZkMHhROTEvREtGZnVNc3JPOEMvT21yWnJqd1U3YUVUWU1nWHZ5U0F3VEdXUTNLL3VQM2hkdlNsOGR2MlVvNGd4anQ5a2pPdU9OVk9xRW5yZGIvLysvYXZYdk9ZMXExLzZwVjlhUGVFSlQxajkxbS85MXVxYWE2NDV3QXdmL3ZDSFZ6ZmZmUE4yR01RWDJ2bk0zYnpLa2M4Y1o5N0dFSS9ibkJrNnM2Z3lCeStJKzZhYmJscTkrOTN2WHYzcG4vN3A2aG5QZU1icU83L3pPMWVubm5ycTZqTSs0ek5XSjU5ODh1b3VkN25MNml1KzRpdFd2L2lMdjdoNjYxdmZlaXZtU0xOc2k2OXJkMDJ2STVNeDdyV1oxTnZ4NWxNU0xRU3RxZVRyUXgvNjBPcnRiMy83NmxXdmV0WHE2VTkvK3VxTU04NVlmYzNYZk0zcW52ZTg1N3g5d1JkOHdlcmU5NzczNnN1Ly9NdFhYL3pGWDd6NndpLzh3dFhuZi83bnI3N2xXNzVsOVlJWHZHRDFILy94SC9NeDJUN3lrWS9jU29Nc09mcnh1bXczOFhqa21GTVg3dVFjUnZvRk1BUkVLNU1vOGZsdTM3NTlxMWUrOHBXcnB6M3RhYXZ2L3U3dlhuM3BsMzdwekJCZjhpVmZzcnJQZmU0emIxLzVsVjg1YXd3M21NVFBNQXVNZ3BiNXd6Lzh3OVY3My92ZW9UK3pMaUlXdVpSemQ4MnUyNDg1SHJhVC9ZeEttRXIwOUMwKzhJRVByUDd5TC85eVpvcHYvZFp2WFgzTzUzek82ck0vKzdOWFgvUkZYelFUUFV6eDFWLzkxZk5ubU9PcnZ1cXJEakNMLytjZERmTzFYL3UxczJiQi9QcmN6LzNjMVZsbm5iWDZ4My84eDZHSnR3MUd3VCs1L3k3RjNuYU1jY29tSkdMSE8rRHBEL0NDU2Q3M3Z2ZXQvdVZmL21YMW5PYzhaemFmUHUvelBtOTE5N3ZmZlg2LzE3M3VOV3NGVFNnWmduYzJtRVJONHViLytQN0x2dXpMWm9iQzdMcmIzZTQyYTVWZitaVmZXZjNYZi8zWExVeTVVY1JyemV0bHdIbDJLZmp3TXNmWk84bWMyb29KQTJIKzkzLy85K3JLSzYrY2ZZUWYrWkVmT2VCVFlCSWxBMGpvTW9LYnpESGErRCthUk1iaW5iOHh6ejdyc3o1cmRmcnBwNi8rNkkvK2FMNk95cncxdjdMbUJYTGhqRjFLUHZTTWNjS200N2ZqTklRT2NjMUxvQ25lK01ZM3JwNy8vT2ZQVEhHLys5MXYxaEwzdU1jOVp2OGlDUnlwbjFwQ1h3TmlyeG9qdHpTMS9DeURxRTM0SGtZayt2WERQL3pEcTcvKzY3OWUvZS8vL3U4QkJpRW9rQXl5UldhNWVMYzI1ZEF4eDMyT3RtVGZFbkZVdjZLYUp2L3pQLyt6dXV5eXkxYVBmZXhqVi9lOTczMW5jd2ZHd054SjRrN0Nya3dnc2J2UGlFSFNZUjl0NmNqajI4QTQ1NTEzM3VxZDczem4veFdZYkFZS0RDMVhqYmp3b3RqczFGMEtQMFpOcWhHVFNEZ1FGcC9KVlZ4Ly9mV3paUDZwbi9xcDJWbkdmRUppd3hUOFhTWDl5SnhhTXFOR0RMVEVHRENEREtKRzRacE9PZVdVT1N6ODZsZS9lblhqalRjZTBINWQ3bVNOSnRrMXVZNDFrMnFVTTBpQytlQUhQempuRzY2NDRvclZNNS81ekRtMGlvTk5CQXJtd01TQkFkQWdFbXYxR2FxZnNjNlVxdi9maXRiZ1hUTXRUVEIrajZuMy8vN2YvMXM5N25HUG15TnBob1dYb0NvTHpMSnJjdTFrazJxcllWRE1KNkFldi96THY3ejZ3Ui84d1puUXNlOWhDaVF6VWpxMVFwcEpOUXExRmFib2lMOGVmNnZhSkpuRWE0R3BZUkkweTgvOTNNK3QzdmEydHgwd3RkUW0yd2dINzVwY1cyQ08wNDlHazZxR1BaTUlJSkovL2RkL1hmMzJiLy8yNnFFUGZlak1CR3c0MmthUDFCWVNvZ1FvZ2FibVdJcEtaVEt3bWtqSklFbnNIUU9sYzEvMzgvd3doZWZpWG1BVUFnbC84QWQvTUp1TjNudjFTOVpvRWt5dSsrNXlRczhjWisyRTZCUytCWFk1bWUyWHZleGxxOGM4NWpFekFYMzZwMy82YkpaZ1BobDVJbHlibWlDSnI1cFIxYnhhMnRJODZoaWttbDdkVnBteUpoamRQQWNNampiOGxFLzVsRG5hOVEvLzhBOXp0Q3MxeWhZalhBaklCKzF5eEMyWjQxbEhFMUsyKzk0RTNzdGYvdkxWazU3MHBOVURIdkNBMlhRaXUwMzBCMktEaU5pNmtLeEVPV0tBZE16WG1WWkxQa2FlWngyemRlZEpzNnVhWHJ4amR1SEVjNTgvLy9NL3YzckxXOTV5SUNDeHhDRGxPNWprckYzRytMOWlwb3R2NzdxSjBmOUhRTUhVRnU5NHh6dG1wbmppRTUrNCtyWnYrN2FaNlBBbjBCcG1zMlVNTklQdkVtZEdvNVlJVm8yajJkUnBsQ1Q2Tk0rcVpuQS96YVNxVlphMFZXZWFwVk52eEl2d05KRzQwMDQ3YmZWN3YvZDdjNlN1VzlzMTJ1VzhZNWs1N3JnSlA3amRzdGVkVnFqK1JCZVpldi83MzcvYXMyZlA2cWQvK3FkbmdqZWlveFExRXkyeFFZaVp6Sk00M1pKb3Q2TkJrcmtxUVhjWjlYb3N0Vmt5VTJXNHpzd2I1VW5Tck5PVTVIdTA2RU1lOHBEVjNyMTcyN1hPWEVxalhTNDY1Z3F5TmxHNFY5eWVEdlZTZlFVUExLSGtnQVJoQ2pMYnYvQUx2N0Q2bnUvNW5sbENmdVpuZnViTUdCQUVEbXJpb0hTK0srRUxJS3dNSTdHbmhzbmZwSU84eEVUdW4vNkhuLzF0NTRUbjcvTmNIbXRkbEN2dk85LzVQUm9WSHd5b1BjREtmL3UzZnp0Z2RsbWtWWkVFNWZYaVl3WVZ2Sm5qdVBwSXdUOTFKcFloU3N5QzE3Lys5YXZuUGU5NXEwYy8rdEdyci8vNnJ6K0FnY0tNa0RBbGFvaWlFbmhsRUJtbjdpT0JqaGhuWFZaOGxQdElSdkgzRXE3L3E3K1I4TlV1Nnhpa01wdmhhbXRPaEs2SUNuandneCs4ZXVFTFh6aXZMK3NzazZ4eDRLL1k4VXl5YVZiZExwcWp3d3QxZGk4Skw1aUNzQ3dSS094K0hqTE9KdzlaWXRhZnFHWkxaNkowWWRyMFE5TFBxTWVxK1krYVJWK0tkcVg1bElSZkNiNXFrc3pZMTN6TUtPS1YrK2J4WlE0MzlrR1RzRDN5a1k5Y3ZmYTFyNTNEd2hrUzdrTERvVW51c0ZPWkE0ZjgwdHRMYTZqR3Uxd0YvNk1LNzVKTExwbUJnVHhnL0FxMGhjREFsUElWSURnaStFckFTV1RwSUZjZm9OTXVsWkVxZzJTK3BNTnNlUTZJTk0ydXZLYXFhZExmV05KZTVsenFjVWYraVg0YVpiOHd5bE9mK3RRNTJDRnpXUGN5S1BlOWFLY3l5Q1dIMGtSYXltU1BvT1F1dkJnbzZoeW8xMzdLVTU2eSt1WnYvdWE1VUlqSWk1cENMZEZGaWpybVdJcENMVW5oSlFMc3RGQW1HRWNhSklrM3RVVks4eVdDVm9QVTBIQjNyWm1Zck5Hc1BIYitqZUNCU1dBUUlEWkV1NmlJSkZ5ZW1maUI0MzdlVG1PT0N3NEh2bWtyT1l2Y0Y2WUFEdkhuZi83bnEyYzk2MW1yQnozb1FiUHBoRzJNR1pXT2JLY3BPbE9uKzd6T0wraE1ueVM2R3QzcW1DYXZkYXQrU1RLTnZrZVgvRnZLc2xlenFwcDlWVnZVUUVIK2JUa3dmK09iRU8wNjg4d3o1d2doeWRZMVBzbFpPNFU1empwVVdxT0xtUzgxUXZNMzExNTc3YXdwTHJqZ2dobnVvZVNDT1hqQStCa1NaR2ZYYjhXL1NQTm9GS0pOcGx1WHZSNlpXSjJ6dngzbXlGRHhrbWFzSUVrMVFnZUFyREFWdFlVK1J6WHg4djlHdi9qTTg4QzA1WmcwbkNEeG1qNWtob0tuN2VqUHVHL1dqUjhTQjN2VUFLMHIrVFEwKzgvLy9NOXp5U2hOREhnUWdnTFRCOGljUU9ZbVJpV3E3cmZFQkowWlV2TWY2d2g0eVp4TFgySTdrYTFSeUhpZHo1T2g0eTc3WHgzNU5LZHE4VmJWTGgyVG9WblFKbHdMZmlIb1o3RmQyV2xsZXVZM0g3WFlyZFgvTllpKytWQXlTR1dHbENnNDJ1UXEzdld1ZDgyQXVSLzRnUitZRjF1b1J6WXZTRWM1ZlkyYW4xZ24wZXZ2L08xSUs4Z1lGYjYrbEJpczVoM242eUpMNjQ3VitVTDFXcmZMSU5YOHFnNDVRa2xmWTFSbllwUXIvN2EySHJPTEpoS1BldFNqWm13WEpuSVQ1YnJ4cUVNQlR4ZDg0cUhzT0ZMTnA0eEd2ZWM5NzFtOStjMXZYcjNvUlMrYU8zR0FnY0o4d3RsbXNTRW9UQ2dKTXdrNTM2dm1HRW4vVHFyWDMzVEVtNS9YbGNLT3ppR1JJbUdOcmxYRTcxWTB5S2pjdG02amV4cEJUZEsvcWM2NVc5VWczbzlyVXBuSWlDTHZOTCtqd1IxNWt4S3l2K3FvcVNmWkRPZGUvb2tBQWtkMnB5L1VMQzB6NmQ5RUZkNjNmL3Uzend1STVGRWlwWm1Ta2owWm9vTjlMREZJL2UwNllreFRLazJTRGxXN3ptZmhIVUxDaHpyLy9QTlhqM2pFSTI3RktCMzhaS3QrU1pwQ28veklPaXhXUFVZMXQycmtMTFZHMWU1WkY4LzFZUVdnVVFpc1lIYUo3WXJrN3NWSEM0T2N1NDFXbGJkZ2hvUWJkTDZGOWRxZ1piL2hHNzVoamo2eGNCQktSbjkwZ2xOU2o4S3kyOTA2Skd6blNIZkF4SnBRNjQ1YkNkVDlZQVJDb2E5NHhTdm03aUovKzdkL3Uvcis3Ly8rQXhXSUVsUXRzS3FFWFczL3FxRzZxRnFhWDBzWjljb2dGZjNiTVZidXk1YWFwbU5HbmpYMy9QQ0hQM3hlQTJsbnM2SGVHVWU4MzBGMFlic01rblhhQ1RtZ1l3WW1GQ0EzMUt1NUN1RFVPTnVZVG1DZ3FOdE9hY3Yzd0VJNmRHcU4vQndzbzFSSHV6cTliZ2x2OTMvSklGMVFBQ0xnL3RqOEhvSWhzLy9zWno5N2JqNTk0WVVYcnM0NTU1eDVYelJuQ29TdXNLb3lTSWF3YTNoNVZNWXJBOWU4U1dwR2lUczErUWpjMk9HMmxxRDZDQW12eXlaNVFPcEo4bTdtdUk1Y2Z3Uy9ZeUxxNjVaaTExc1o3QUtqWEhmZGRhdlh2ZTUxYy9meEgvcWhINW9KSHZ3VEdpT1RlQmw5U2lMVTc5aXFwa2lDcnViVzBtOUczL0VPMDdMVlkwbklmT1lhVXlvclBYL2lKMzVpOVdkLzltY3pUSnlPaWZiUUJVNlB3d3FqOFA1ZDMvVmRzNi9GLy9DOTBLcHFrNlVpcWRSa0thblgxWUtzTXhjenRGdUx0V29Tc2pydGhwQ1g5czAxNG5zMENVeUNpWTNaaFdZOUl2MFIvSTdwd2k3ZlltUGpOdkZIQmhWTjhkem5QdmRBSHlna294aW85QjhnUEJtZ1lwdVdDTDJHZGtlTXNiUjF0UlJkYVd5Vnlxa0pkRXhCQXNQNFNFYk5oKy80anUrWUh6YkpNcnFHSUNHNVY1aUEvUWxBOEh0K0EzUHdONk1NRUNoLzhSZC9NVE9PU2M5cTduU2gzazRUTERuMW5VbmxQbXFOdW4rTlhOVndyNlpoTmJ0R3lPSGN4M1hrbnFueko5OTEwMDAzWFh4RStoMVZFMlFsV2RkS244K1VwdjdPNy96TzZ2dSs3L3ZtbStabURmTjE0ZFFLRnR5cTFGK0NqWFNtVnBwSWVaNmxzRzluTW5WK0VROFZhWThtSUhPY2NIR2NVQUlQMUpvOCtjbFBYdjNrVC83a2ZDeE1DckJMbi9acG56YTNCUVZxai9Ra3gzUFJSUmZOUlZ0QU5jajdmTk0zZmROOGpzeVhkTDdCQ0k1U3NWZzFHbGROdHNvSUZWWEF2WTNnTmNrOE5TUmNOVWc5WjVwei9KWXVrRVM4ME1BVFhaMXhwRERIdlVqWWRNeGhPQzdqMXRRcFkwTGhiRC8rOFkrZkNZY2JZK05Hay9DelJEVUp0cFBzU3pEelVaUnFLZC9SNVVVNjMyVXBWS3pOcmwva1E4WS9RbFBpWDlFZ21tcEU5a1ZMUU5qM3YvLzlaMGFoSFJESG9jNmIzOEl3ZEEvaGVHZ09pT0Vidi9FYjUvQTJhM24yMldldmZ1ekhmbXcrUGd5bFdjcStWamhtbVd5YVdSM0N0L29jWGJZOTYwRE1qS2RQbHVmc1RLNzZYZlY5UnRmWEFTSHRLL3pKbi96SkNJa2JKeFAxcENQQnRIckRxTCtzbitsQ2ppTkYveVJNQm14bmJ0NTVGWFlZWDJjcXJkdXFRN3dkQnVuMkg5VnVkNXFwU3pKQzdHejZUa3JyNy8zZTc1MmQ3Ti85M2QrZC9Rd0NFREFGNjRHZ29CazFuOUdtYUEwaWRjQmt5QUg4MHovOTB3eXU1RnlhWEJ3WHJZRy9nbWxLRUFQQ0FxNkJIOGQ2cTVXN1pnNmRTYVAycTFHdkxpRllJMjhaRWN2SVd1ZXcxMGhXaDFNYk5hRG9mSk0wWHljVDlHVzNONE04Y2xSOGhBYkJmUHJqUC83ajFjLys3TS9PRFpDdExqTjJyeStSMHIvVEZDT3RVUW0vU3U5Ui9tSTdUbnRYUTk2RmNtdDVLOTloUW1IMi9QcXYvL29zNmZVTkh2akFCODdCQitvaDhMY3dMeUZncXU1NHlEeGdpQnpHZ2xIUUpqQVJFU3hNS0lRTURFRmVBSVpDdzZBeCtBME14YkZZODcvN3U3K2JrNmd3Q1owUTllZEdoTmFGZWRjMWlLaStSV2RDVmFjK2ZZOEtPK25nS0VuOFcybVJxbG0zaWUyNi8rM0ZIQ2RNRExHL05qTEFyTUpoSkpsRjNCNDdtWWNIY1hEeE90bWRXWlJtRll5VFcvb0NYU1JKTXlhMVNDWDBycVBJaUVuY3YydTRZR2JlL0lSVG0yemp3OE9FNkYveWtwZXNycnJxcXJtdEtLV20vSVl3TllTdFk4NjZzRVpvalljOTdHRnp0OFcvK3F1L21zdDZMU3ppbkdnZEhIQ1lpdnB1bUFkL3hGa2dPT3lzTS92ajM4QWdJSmJSSWpBWDE4TTFjajZkV3A1RGh5aXVlSzJ1N3FRU3RwSS9mWjZ1N3FReVNNMndkMmpnRVdOMCs3Q3VIbTlUR0Y4elBiZmJ2aEp4WW95THN3OFU2di9paXkrZUh5QUxnWDNNUTFTYThqQlEvMGFma25CbGdpVGswVGJLZ0V1NGVmenFZRytWUVFRbHBvYXJZRVUySkQxRWh5RGdlek8vUEJ5Y2I1Z0NoeHVUaUp3RlpoVE1nS2JBVG9ZcFdLZVRUanBwWGh0S2UvL21iLzVtTnFQbzZ2NTFYL2QxTStHemozNEU3ekRZWGU5NjF6bThpWVppZjRxT1dHKzd2Nk4xeUxhendWemNpMzRlR3N4anBZOVhnWlpkVSt4OFQ4S3Q5ZXVWMkVmRW5iVXBYZFJyM2UrN3JIOWx1dW43YzI5VDVwaVk0ajZrK25Fd21Wbng0ei8rNDNNYzNwcGpIYVlrN0U0YjZIZU16S21xSFpZNmd4Z2xrckE3YzZzenM1YTBTUFVwc21zSkQ0QjcvdFZmL2RYWmpDRWtpeG1KUkZmcTQyUlRmdzJ4d2h3d0JJNHprU2RoOXhBdGE0Yi9BRUxnM0hQUG5kK0pYa0hJTUFoYWg4Z1Z2NGZCK0EzWFFnTUpaaEZTMy9MaUY3OTR6aTd6ZjVPcFBBK2gvZnlXKy9qTjMvek51VmZWUzEvNjB0bVp0dy93T2t4WCtpWFZuNmhhWXJ0aDI4NThHbW1SSmRPck1vWkJnMGtZM0RUUnhXMHpNM0hQbmoxM3VPU1NTNjRpV2dLQlFCQTJNVEEwVzZWdk1rUktlNUdwUzA3M3V2eUc5citTc0FzSDEvMlgvSkdPZ1Zoa2lNMzZFUjFCdENWYWsrRXlFQnkrQWVlSDRDRlN3NDRnVXRFU0VDMmpBNjYrK3VwNXd3eGk3VEI1V0VlUUFtZ2oxaFhpOWZjZ2s0bDBvVEg0RzZiaEdvaGU4VDBiRVM0WUZET0xFREFiSmhqbjVEZGNFNElNUnNJdnhQemo3elJ6cWovUmxReG5NNGVSczUzSFNLM1V0VEd0djYwMUpWblRYcjgzZ2xieFc3a0YwdUN5MjRSQnBvZDNscUZERmc0eklIc3N1VldOa2M1NE1zaUlLYnBRYjJXeUJQS05jaHhMREpJU3NVYlFaRjRXbUFRVURqSk90L2ZPNHFNRklES2tQYkYzQ0piZlE1aWYrcW1mT2pNRnhBa1RJTm5SQ0J5SHZBOFJMSngzRW9NNDR1d25JY01BYUF6TU1NNkpId01PRGFMbW1pUjZyaCttNFJqQ2NEZ3ZUSWJmd1c4NW51UFpNUHU0Vm9RYlRFV0xVQmhURFlYcHAwL1RNVVpYNDE2alR0VXY2WmhwbE5lb1ROUTU3VmxvVmZGbitiZjdDay9aRERrZjNoSFZrOU56NG5UU0cvVXAwblNxeEY1OWg4Njhxa3cwOGh1Mm0rSHVycUZMTXFaUGthbytaL2JoRUJOMHdNOTYwNXZlTkVlZllCQ2tQc3lDUTR5UXdJU0N1Smc5anZUSGxLR0xPOGVEUWRqd015QktDSmZvRmU5OFp4NElJb1dZT2E0RlF3UTdTQVRDVEhSYTRmY3dWSnBkZk9ZZGh1SmFNUGZJc2RCL0NzYmxtREFWMTRBcEJ6UEJyRndiRE1WNTBIN01TeWZhbFVSbGtpL0R2c2xBQ1ZYSnhGOFNlUWQxMzhyd25sRzcweTRLbGxHMWV2NzQvYldIMVdHZkRuNWVsY1Exd3JUa1lGZEc2ckxXMVZsUHpOVlNrckQrZndtRm0zL0Q2RHJYMnVRUWlGQnl0QUxFK1d1Lzltc3owWlBodGthQjhDcGFBbk1HQW9YWUlGQWNiSUlXK0NiNENSd0hEUUtCWnVLUTd3bkw4aG5peEovRG5FTGFvMFZnQkNKYk9Ob3dCcjI1SUdDUFpWZDFFNEpFYldCZ3RCUkRQZ252a2xqa25Qd0dVdzh0d2ZYQ01MeGJaNEdXb3JNSUNVd3o4WlZCYWlsdWRjYVRFVEpwT0lvNHJkdnFYSkpSK0pmekdERHBjanpsZkdjZUx1WTRmdHIyWjlSalhjU3AweGhML2tZU3VhT0pxeTh4Q3ZFbWc0NllvNE9rUTR5WUtiLy8rNzgvdzZjWmFJTlUxKzlBMGhKeUpVeUt6MEhTVFdmYm5sbWFNUkFyazJjNUJnU1BCaUdTQmVQQlVCQXA1aGVFQ29HaU5UZ09qamxhQ29haUk3d2dSQk9CRUFIWHhEV2pOZmllM3pCckJJSUd4TWgrYWdpdUZYTUtac0Z4NTMrY3krYlNNSWJSTWJRSkVUQ3VsUTJObGMwc09KZk5GU3F4ci9ORHNySEVra08rRG5lMUxzU2JwbFU5Zm5OZGhIMFBmVyt0NlNiUFRYTklQMk5rVW8yMnBTaFVyUkUzeXJYVTM3Ym1ManJtOE5nbTNoSmN4enZFQm5vV2dpTnNTcDJGeEtGVHJKU0cwUGdieURsVG9vZ2dRVkJJYy90bzhYdWtQa1NLaVlZSlJGaVcvem1oRnNiaW1EQVBFQkVZQ2FjZFV3ZUdoRUROcHJQQmdKcDJNQUIxSWVSWEFEVkM0QnhQVTgxOGlDMC9ZVVorUXdpWmFibjRJTjRmYTRCeno3Vmk5c0hnRUJQSHdXVGtlamtXKzJlOVNtZEtkWURHa2JtekJEbXBZZURxMzlRSVdJVzdWSE91WWNvekRyWDJPQTd0b2QvaGhsVFRsaCtaT3ZYN0NoeE1SdXNnNjZsNWx1ckEweS9xVEMwV21KQXIwbGI3RmlJa1lzVEFUQkN4NUN4KzVtZCtaaVltQ1VpaVErcXo4Umt6Q0ljWjZNemxsMTgrSitRNEo4ZER1NWdZaGFoTkFpTE42ZTNMTUIwaVdmd2ZBdVRCWVRiQlNPUXJlT2Y2SUdxTHdUVDNOQ1BRWkRBVjF5eWdrZVBBaURycWFBa2phREFoZmd3SlNMUWs4QlljZSsrUDMzQy9odW01WHRZU1ZESERPb25Rb1dtOGpscG5zcFUyUVVzUWtRd05WL3hWTlp1RTFkZE1mbzFlZGIyRFk5K3JEeldEbkZVZGJVMmc2bENQR0tUNkdUSld4eUFIQXplcFlkN0toQkErZGpZYmlUditCd0ZDMVBnTkVBeDVDOHdiQ0FFQ2c1bUlVaEVWRXFiQk80Uk1GQWlHZ2tEWmg0WG5OeEFiVWh2Q1ZBUGh5T1BEb0tYUU9FU3dPSitaY3ZaVCswQ2sraGpDY25Mai8xdzcwQlZNUXhnSzRzWDA0bjZJck1IZ0VJL2FCek9SNnlSWlNZNkY2K2JldURhWUdZYlFOMkdEU1dBK2NpeG9WWUNsM0c4NnhGMXo3WTQ1dW5tS1ZRTVlnY29BeVNpcm50R3E3ZFM5MThqWElZdG9vVDBtQXI2dVJwMUdZZHRSSktrajVHNW1SdjE5Ri8zcWZCMlJuTTc4RTcycWo0RlBRTU5rOGdEZ21TQlFTM2IxSDh4ZlFOd1FIZ1NOR1lXMmdIbllWeE1OelNQaWx2UGpXL0E5a2gyTkpETnhQVVM0K0o0TjFDM0VCNEZhR2VseERTSGI4Tm1BZ1RCdzN2bWZwaGZ2Tmx6alBKaGFKRzlwZDRTcEJxTnpQeHlmNitXZTJkQlk3RStBZ2M4TTRtU05EQXlZNDBHb3FGbUJ1WEIrODE2Y1U3TnJuWU85Tk9xdGFwQUVPVlp0VUtzVmwwQ1RYZmRJMTNEemYxY2VGdTNSTWNpb0VVTG5xQ2NPcTB2dUxjRklPa2RlUHdWaXhING00Z1NCNmxpeUdFaHdIamhSSUtKUzJPQktYU1FuSm9rMnQwazRwQzFKUUNRL0VoOEp6T0pDSEVoWmJYM2VUenp4eFBsY09QcnZmdmU3WitReTBTT09CeUZEcEZ3bkRJVVRqY2FDc0kxRTJkWEQzRXN5aUxIODNHUSttRWtHaDhDSlhIR3RYRGV3Rlh3THpnRWpjby9jbStCR29tZVluR2dJeTVyUlB1eVBadUdhTU0xWUo3U1ZFVGNZaVBYRFh5TGFKUnA3cXdOQk00U3JWSy81RTdWRUhhblE0YlpHaU9UNmU3OExCdm5FdFFqZS9yUmRNOHBscE1hbzFYU2owdGVSajlEQnhkTjV6eExXWkNwaDVUaTIrQVJVSm1McmsyT3dWbHRKWjJLVGE0SXhXQ3lrSktIWTFDZ3NKS1lXVWhOaVFNSVNiczNzT0dhUXM4eGhBcHhjd3NEbUxIRGlJU0NsTXZ0cjhzQllFTFVtVkQ3TTZwaFdlOXA5WFdQK0Q1RkN5QWdHTnV0RE1LMDArekNqekxOd2oyeUVyRWxhd2t5RXBna1VjSDZ1bWV2VjNPSjZDVEx3RG1QUXZwVXUrUFFmNDVwRUdBaEdYWnA5bUdIYnpJVFhSZzJqS0ZWWGhaaCtTOVUydFY0K0JjKzA3Zm1FR0dSeXdrK3ZDTnNSeW5YMGZRZE83Q0RxbFVrU3JwSkF1cFF5U2x3VzRFZC85RWRuNHFSdWduQWxrU2xOTEFpSWh3dGg2M1JEdEpnaG1DTzBFRUxxY2p5SWc5K0lkb1hJdVFZZFlDSTlFQlNNeFNJamNka2ZVd1V0eFhWWUtjajFjazRsUGtUcHVHZWxXVEpCRW9HTVV5RVhWUW82ZDRQamN2MW9TMHc2UThKb0Q2NEg3YUxRTUFDQmhvR2gwS3k4RXhMV0wrR2QreFYweWp2Q2hSQTJ6RVRTa25VdzRwWlo2M1dOOFdwVGlPcHNXMVZZQzdHcUNWWlJ3bDBVclBiYXFoQ1Y2WnJ2L1lsb2tFczc1M3VySWQxMUVhM3VmM1lwcVNGYmJzcDY3VXN2dlhTV2ttZ09ieHBIbWtnUnNCRGU4UTBnWGg2eXRqc0VhcVFHNllyRVJIc1FoY0l2Z1VBRUQwSllTRjBqVjBoVENJcHprMUZuaGdnK2hlUFhZRGdXSFlhQ2tMSm0zUFBuS0lWdW9JM0VvQjlpVFg1RnFYWU00OHh5OHlkbTVuSFlpYlNCL1NLQ0JTTndiL29Rckx2UlNNNXJzaE1RSnZmS1dvb0U0QnBZSTRTRWlVdnVWODBvWTR2aXJqQ1VVYzE3Tng2aHEwRFVIS3Z0a1VhaDQ3cFdYYVJyK3QrRkI4c2NKMHlMZDNPSGtkb3FNM1FWZCs2bmRzZ0tOUGVUOEJNU3drT0VtSEZDYVdwTUhnQ2IzcXBFOHdSS2FleGx6Q2lnRmlUaEFCVHlNSDNZVnZZSkI4ZC80VHo4RGdMU0FkWlBZSkZoUGhKcE9NTmtuOUZTWENQRUp2eERDV3pOaHlaYndqZEduUTJ0WVVBTDRSdlFMUktmUlFtZDVrRXhGVzdoMUl2ZzVYdTBCalVoQ0FNQ0ZWdy8rM0NQaHFCbEpyN2pONWlIYUZiYXVBSmI0UnBjRTYrRisrYmVXR1B1Rzhaam5Ra0pJOGpFZEtYV0grVXBFaXFTKzNVYW9QTkhxbGxWc1ZsVmM1VHQrb05LSE9LY2R6N0hWckxuMWF6cXNGb0phRXkvSTlVMG0wVkltREJJYkhJSU9NQThSSWhiZ3JlaWpvZk5RM053NUovOHlaL004Rzc4RWdnRUFyUzR5S1pyWXArd3M3a0d0TlFiM3ZDR21RRnNlbzJFUkV2QkpFaGx6bzFHY1pwckRjbW01S29tZ2FhaGt0Ly9jeDZnOElSVmNmVFprT1JPemhVRE5ZcjlKMEhZVnd0aWhmblpSQUt3VGpDRVVIck5LUDdHbCtHK0VRSXdFMEtKKzRYaE5WRlpYNWlMWS9BZDZ3QUNBT3lYMTJ6SGtiVC91NEtwTHZsWENibXJPY21JVnExNTc3VFNpREUzVGNQdE8rc1RFYjhoZllDUmViVGtmOVF0OHlaWmdLU1pnV3JIZjhBVW9LMm85cTJxbFVnTkR3TWlzb1NYQjhaeFlTRExMTmw0T1BnQk9LSXdGWnNTUHgxWEhqUVBtZThnVUh3TEVtbzBTNmFGRE9hRUlXQUl5R1FkbXhHcVd2aVROblpLUG9rRnd1VTZJRjZ1SFdsckFST01CM0Z5clJBb3dvQVFyWGtSR2JHcnFhZ2pCVVFPV1BuSXRiTmVtRkVJRDB3b012Rm9XWDZEa0dBZk5ETm9BRGFlQWI5bmZjejhjMTlxVjg2QkJ1WTZXVHY4T2o1and0b0F6eEIyTjhTbjYvUmVDNkZHZzRCR0RleGtuSUhHdU5XKzA3RmV2RjN0Y2FwUm8rMW9qNjRmbE16Q3NYQWcrU3dzUXdhUmtMQjNrVVQwZHlKSmhmVGltSnBRRUtPWUl4ODBqQUloWTNiaFI4QmtOcS9tdDBoOUhqaVNrOXlENFZsQ25EQWN4MkovcjRla0h5RmRFMnRFc25Sc2RmakZYcGxvN0dBTnRUWTdJMUJJYVlDRW1vb3dpc2VHQUxsT2hBQ1NtMzNWamhBZG9WakQyaU1idnM0cjF5blhKOE5jUlJBUjlVTVlrRmxubllUUklEQU1LbkJONUhoNEo4R0tKc2FuUWZod1BOYUJaNGpQeHpYam8vRFpaOEQxR2RyT3RScVpQUXJQVEFZbTBYZFJyR3E2WmRmNHpteXJmdEgwL1UzVHZaNndIZHpWK1puNDI2NURuc3lTenJmMUZTeGdQbWdYQm1LRUtDMENJa0hGd3NJSVBDU2ttRTYyNER1aVZoQVpHQ3BzZHNLeVJwZXNzUkJPUWI2Q1l4Q0owUnpBYkpOaCtRMmFDR0tCU0dFaTY3MlJoRDQ0eloyYTBjMkh3Q1l6S1FuNW0vdm5uQlF0c2RIUHl2Q3FSTVgxaW4vaSt0RjBNQXVCQWJvSGtwdXBBMnd5NWw5ekNabXA1dHE1TjY2Qk5XYTlrZnpjYTlhdTRJdXBOYmdITkFtTWhEQ0NRVUFNODF5TjdsbHpJakNTWjhZekpkTEZBQ01FbnY1VU5uM1RIRTFUTExWeFpZUzZUNGZSU2hPMDY5NlNrYk00N2lPM1kxNWRtM0R3VWIxRzlUMjZKbXErYzNGSUpCNEljWFJLZG5uUUdlSGhPQkNvcGFvd0ZVa3Qvc2ZmbUJxWktJTjVZQ3FjV3VMK21GT1lLQkFXRXRlSWp0bDFIaHdTamhBbEpoekVDUnBXOUtvbUU3LzFIU0tSSVRUM1RISjE0NDlUZXFNeElVWnpOWmJBNHRBQytiQndpV3cxditIODNKOGF5aVFmOTQxMnhDVENwd0lOZ1BuRC9sbjFtSTU3bW5mNmRuelduT082RUZLc0IvZlB1U0JxM2trTXNyYWlpVms3bmdtWUw2NlZkWWFwb0EzV3lldTB6TmQycU53bmpBRkQ0ZXhqT3FZSktNNnNHekM2bEh5c0xZazZKSEdOOG5uT3pOV1Yzc0ZYYklrNUprSy8zeExVWTZuSlFpYnVhbGlUdjFsNGNoVklUa3dwQjkyWXVNb0dCVHlVTzkvNXp2TkNreDMrei8vOHp6bXlnazlndUpZSHd6bVYrcGdnL0U4VENnTGs0VXM0N00vM0pQNnNBR1FqYjhELzlHRTRoaWplVk92WjlVL0NxeVdsYmpBdEVwL3J4cHpTeE9DNFhEUFNGQk1QUWhVT3ozbXp5eURyeUZvUWZZUFlyRjVFeUVEWUdjRlRNaWNCZHRDTE5Mc01VRURrQ0FMdUJRZWJkY2JNeGJGblhkU2dyQk9tS2lZaGF3MERvVzBRQk95TE9laHhPU2ZDQ2taU1c3SHVvb01OalJ2bFMyMDhtcUZZc1dDMS9xVDZKZW1MZFB2VmMyMnBibjNhNlRram1NaVNNeTVIaXpiRldST1p5c2xkWUlnVzRtUmo0U0JzRTFPaVVKV2dmSWRwQVlOZ1BpRTVDYTlDVUphcG10RTIrNHZHNFRmWTFreXhSWG9oS1VYVzhvNW00Z0VqbVNGY2lVQUhQSjN0cm83QmQ0aVNhMmZMdGpQY0oyWWNJVS9DeTBURmlINlpGOUdQVWlnWVNjb0hhUkdRZmdEM0RGT3hYcndMYXVRKzBKNFFvMlpMMSsrMm1pUThENW5MbW5qeUdtVFcwVlNzTlZFL2hKcmExTnlKZURXaVdXZ1c3aEhNR211TlQ1akJDNjZQNjBVUVFOU1lpNXdMMmtBNDhYK2hOVFY3bmhueVducWJTZFRPekRVeU9ocm8wMEhocDJPZXN4WHphbC9GVGxWUVlXM1hZeVNLQlVlUzBMQU1FNHAzVENBYkxyTzQ3TWVpSU5tNWFjcEVXVkFrTHZGNkcwR1lRMEJpd1ZUQ0o1Q2szQXdoUnV4a0dFSzROc2ZoZjBndEhqU1NtM2ZNQW9kMnFoM2NqR2laZTZsWld6VkZCY2hwNHVFbmNVMCtRSTZQUkNYZ2dMYmp1c2xGb0xrZ0RtY2ttZ2dVMHA1Z09oK2NKb2kxSXdvT3JobmloSGp4dmZidjN6OFhXNkZoYkU3bk1XbzVzUVNVSVdrSkZDWkdjQ25FTlAwME9mRURLU2xXb09pNGcwRkRDSUJHSUxqQnNleUg1cWJ3TW5sSi95K3VHM1F6VEdaK3hlczBDS0VwTktwRzdMU0NuVnF5ZjFlYXhCMWVhL1A1N2xtblBVN09xTk9vWGp3akVEcnhuSng5VWYrV3FDTDVoWHdJM0dPQlhEd2VNcHFBYUJXT0hNTWFNYjh3bVV4S1FjU2NBOGJCMU9EY1BDak9pVTNMQStHelVTYXVDZk1EYWNnRFI3TENaREpJTm5WV1kzU2hXU05zbWNGTkprQ2lReGhna3FpWk1PS21aR1kvQ0ZndFpYT0VhcXBKQkJrVWtUR3pXN3JYS21DU3p6QWZUakRFeWJWd0RaelA0L05ianF2SmxyaW5SQWliV09RY21IMnNQK1lTMXdOUnc1Q3NJWUtINzAzS2NxODQ3OWJYdzZDaWZ0T2Y0MW5yNDNGdThGejRmbXhjTjR6bzJxbzV1MFlRUzFXRjZXL1Vtdm51TndsbmliVythYkZtZmZybkdha1p1aGtYL0I4VDZqZCs0emZtRzhWY1Nld04wZ0VZQXNUSk96Nkc1bzBKTjMwSXBCRHFGMVdPOUFFdkJPQ1AzeWloZFA3RVUrRm9JNkhSRFAvKzcvOCsxMzRERlJHaW9hUExkVU9nN0d0eVVJbmNkU3F2OHk2VXZKcEUrbFRtRkxoUEhqQUV5a2JZVkJ0Yy80aHoyZGFITmZEY05SNXZoajBacEdhZzh6cDF1REVkSVU2MEw4VEpaNDZoZHN4TytWbGtsQXpvLzlUQVJnbGRhNTRiSWQzWHZ2YTFzOG1LYjRKNVpOU1AzME1EckxYRmFHcEtoQk1ST3NLLytrdU9LVUJMb1dWNUorQ2dId3BUNmZNa3ZtdGQ0N21NaEhYaDd3bzlVVERVL05HMDNYZUpRUzVKMHlvWlJEOENWQ3RoVlFnVEo1U2tFTC9SUkZIU21TbVgwSEhTY01veGszSTRJL3NoaFdBbUhqVE1oNlpBU3lDOVRPU1pjQkxXampPSkNZV21zaHNILzJmcmJIMU5Hck83RmV0VHNVS2FIMFNia05CSWE1a0VJc0lYRUpPRTFJU3BuY3dxRTFWdzRWSnR4R2ljUWkwNFNqQWoxNE4yZ2pqeGUvZ2ZmaHpud3IrRGNTSENIQ2RSaDkwa29mQ3U4T0kzM2t1YXJBQVZlWlltU3ROZnRQQ0s5WWRoZ2N0QUoxZ0ZtSmdRditYRzBBYlhqU2EyL1NySDVIZUU3cUV6VGUxdWxGdlZITFVsNnFnTFNrYjNCazNtemx0aWtPc1NHaUtqdUtEY0NLWUx2Z0xxSEVjVUJyRUF4L3dEa2dlcGI1a3FkanFaYVV3Um1Bb204R0hZQUNGajQ1aGgvQTN4NHl4Q2lNYk1PUzdFWUgwSDBnMkpoQlJUYXB1dDFyWk9oN3VibDhGK2R2SEljQzNNUVZ0UGFqendwNUNJaG80dGR1SzhiRDVrN3FtYmxaN0RLdXNjampvdnNDWmJ1OUhMK25RSlVMUzdDbUZZU25zWk5VSGRPaElhWWRFMVVNaUpWR25pYU1wWlNzQzlZMFlSaVVKemNaK0NPUEVGMlRnSFRNRHpRWE1vdk9oa2o2WVE0bS9aZ0UzdStNeTlZSkVBQzNJV0pVeVZKUUZkV0xlT1Z4aEZ0cEpCS2kwb0lEYTE5OTRSYzV6U3RlYXhtNGFxSFRVS3RJQkZoekJaUEJaU1hJNWRNSXo3Y3l3ZUdHWVFESVhrUjdycHFNcFFMQlFhQXllUTM0RzF3b1RDMlNmMnoyS2xodUNtTUo4TURoaGhTYlJuUnFPeWVVTVNtZWFYNWtWS1ppUW4wZ3lCUUI0QzdXZTRXRkNpRVRqTm1ady8yRTI4cllqVy9MNTJZY25wdkxXME5mdFdLUXhZRzU0WDY4djZzZGFZd2dpb1VUK3ArbmRDNlRtMmE1M3pGZTBpei9jY216WEMwZGFNRWdpS2RrVzRvVjBKeWxpQ3JGL0N1eWdGbmlYUUdyUWVtb3JOd3JkMHBKZGFDTlhhODFwWnVPVFloMmwyODBTemQrd1k1SkVkZzJUalpyV0lEcmtkT3BBSU9GcmtOcHh3cEMzT2dsc25iVE5saUYzZlFvbmk0dklaUnhQTmhKWkMrdkNnV1dUUnVpNnlvVjQrMnhPNEVoRDMwSFV1ZDErT2l5L0JBN0ZDVGp3WERpdGFDbTNGaGkxZHg2QnB0dFU2bGE3WmRoSjd6dEJZR3MwOGFwRFE1VG00RHM2Smo2Qm1oVUFWTHZwbjFvL0lZR3VhcmQyaWVZVkFSOWFBNXdOY0JrUUNTVmNzQ1VQV1BDZnVIVUhETlhGK3pDKytJM0JESUllUXNKQWQ3bzlyWnIyNVpwaUR3SUQ1RXEvZkFFVTM4RWNhemVkYk83R01HanhrUzZQcHUxdVBUSmhNcVJjdVBWZ2ZscWFSdGlvWGpiUkF5cE5nd3BSQ0VsZ2pyaS9nRUJrMnBJOWFBcWVQL1oyRnJSYUFHTkZTU0NHSUUxdVZCYlo3dWM1K3AxcHJwVmxIZUJBSUR3Qy9pQkFwMXc1emkvMHkrNjZVNTloSVV6UHJOY21VV3FEcnFOS05YVjVxYnBjdFVldnNrMHJBR1pLMi9vUm5DSEVLeCtlNllYaUg5ckMyYWJvWS9hbTVueHB1OXBranhNaEpJY0RRSUx6ajcxaEJxWU12UTlrRERNR0h1VXFUT2dRcUlYL0R4dUs2RUZRaUMrektndm5GdGNOQW1sMVpQbENqZzB1RGdtcWdwSTZtbSs3NS9FNkQ3SzhKd2RvWnBEcVQrZ3hJS3N3b0ZneHpoTmc0RHBoY2IwZHlUUkgreGd6QXZzZm14QzlCVld2M0dnWTJvODRHVTNFK29sekUwR0VxR3hOM2crNFQyNk1XekRvQk5weDlqdU4xVzNxcnVXWDhYNmtvUEw0bUVrY3pDaE9hWHNkUmR3dzFtcHhiVGJCUnA1Q01TQmxpMVRlQjZBaXBJdTB4WGZsc0JqL25hblFhS3MwVlM0elpUNnNBeWM4NzUxRFRxRzJzM3VROCtDWXdFdVkyYTQ1QVFsczRUczdaaXpyOC9BMDlzTy9mLy8zZno5ZE5QUkFDbWQ5STZCa0V5YlpBQ3ZUYVRMdEM1bXRlNUZZTkhjaC8xR1lJWFdsczEraU5pME1LaU9URUo4SGVORE51bENNSDN2TTdJQlBjT0hrVHBBcC9jK0htU3h4RjVrSlpJa3RVaEJtSE5FRkRDbHFZVk1PMUtZMnpTNGJkR21FdTdIWE1FYTRaVTR2anNZOXpPeExabWhvcG95WlZNM1J6enlzalpCZzlJVHRMODl0dGlWUG5zOWVSenNtUTdHdkNsZnRqdmZFREVRUjhSaGlJQXRBeFh4by9rTnJHU0dIYSthd2JuVkpnRkJpQlZxcEVvMFE1d0Z4Y2gva3BISGZNTXBFUU1MVjFKanh2R0F3dGFQMlBtZ3J6Uy9NMlE3elNzSG1yQk0xMjNWUXFrMFJFNytaYkZGRk5EK24rWGJaODFNa3d2M2ZCbEphcVJnaVhjQ0RvVDVDZmhFVVRtTWpDSU1HUklFZ0VtTXlXbkdvU0NWL1ZDeE94V0VoN3BCQk9zNDYrZmtEWFlqUlZxcHJQYXpFM29VbUlCT05hY1JZeEc0bmFHQ2F1dlp4R3BsRm5uaTUxbWUvVzI5L1VqcEYxbjI3WXBlaG9udy9YRHpNaXdDQk1pQlNwejI5RVNMc1crcGdqUWxLREd0elE0YmIzTDc4amVtV3ZYMEs4NUlkRVZVUDROVUNDNll3Mkk2QkFpeVg3RTV0Z1JJQVJTc2U4Z21aNFB1WmhOUDlNZEthdjJYVmVySENUcnVCczgvdFRVb004dW5QUTY0T3JmYWl5enNFOGcwNHVmZ09oT3V4N1NqRUo5L0dRVE9aWm5NTytFQ3RTZysrUWJtQjZrQlk2elNhWVlDb2VNcXFkRFp0YWZKV0VMeUhYYVZMVkFYVkJqT0ZyQjdNdnFwKzZCNjZkZTNBd1RwMmJzVFRmY05UcnF4TTJJNjFSbmZTbEpoZExMWERFYzlsYVNGL0YrZzhJRDMrQUhBZUpXM05GSTl4UzVsQWtVRGFJbG1lRXB1YzU4c3pSVkR3ejYyNnlTWjBOOW5nT0JHSXduN0FRY1BpSmxrSVBWajdLVU9abitCNExnTjl4N1ZnaVB0TVUzRjNVYnRRQXUzUk9lV0F5eUlXWlFYZFUybWlnWlRjSE1HSFhuQVFHSVZyQkFtSG44NW5GMTFtejJzMmFhTlFyaVVLd09SQW5KaFNhUWtDZk5TQkdNVnhzSGd6cUY4ZVBiTHlkeVd0ZW9jNEhyN0JwR1FkcHA5bUhZNGhKSW56Q0JlL0N0dXNHZ05hY1JwcGJXWmpXTlRYb1pwN1Vmc1ZkbHJtaVhyUERpNFNISmtIS2t6ZUJPREZoc2kvQXVwbUNPWWZEeGc0SUx4eDIxbzEzNkVtejFWbnYxcndnNFBCWDhWdXhDa0Frc09aY2w0Z0VzL29HR3pnV05BQmQ4ZHlwN1NIWXcyKzBKTExoM2xMaXNGWmh4dmI0QkNoZVZ2dmdyaHRGMEEyOTFJZmdJbUVHZkJGOEUyeE9iRkUwaHpVSE5tY1dzY29Od0NBVzhMQklPTzVjZzhrd0hXWVhpZ1huTjVoeGRCcWhNYk1STkxPd1hmS3RScDM4TEphTHNDaFNqd2RNY2d6MXI4TXJmTVJqNS96d3JreWdhb3djZDl4cGhXNy9aTUljN2xOekpWWEthNGNicXRYMEZReklob25MbW1YemJKdGhwSE8rbEtTVHlGaHpmUTNQYlFOdE5yUUNxQVI4RTlaWHZCWnJpUytvNlFlRE9jL1JRSWs1SjBjOEl3Z1JZZ2hnckEydW4zdkowSHNtR1pmYWtuYWgzMm03S0RYSXRhTUlWdGNrcm1vTllTVVNYcmFzRWVhQUJFQjZFTzBDMTBPR0hFSVVDb0swd0NIRGJNTG14R0VXT20ya3hYRUZBZ0l0UGtMNjhHQlpMTExmSE1lZ1FJWURPemhIYnVZSXJNdlE0ZVBCOEg4ZUF2QUpDcTZzZ2M5QlBKMW02TXl3N1BVMW1sc3ljdHB6SHFNZ3h5NEJtbFdOK0hlWWpRZ1NpQXFKcm9DQ0VQRUJFV0NFdlZsemlBdEdxbDFFUmpYbDJRR1M4eUc4MEZCRzB2aE1XSmpJR2UySGlGenlHYzBobWxvejJyQXk5SUttc1R5WTBnRVF4aklLNXlTL2h2REZXdUVkb2F3cHB5YVJGcnVCb1oyUEZVeDBoY3h4eDlHZ3phN3RaNkpPUi9QSWpScHBsMnJuUS9qZ3VGQ0xoR29KMmJKL0pnbXRSak04eVFMYlNBRm9OOGRRU21qenNsQThZRGJyU3pnbmpKSXcreVRLcFdHVlpxVU5NL00zV0N6TVAreGtyaDlDUzBCaERjZm1NTkhSTEpOdVBMVU9jaDFwM1dtWG5KQ1ZzSENGbFlsYUVNL1VuNk5sOFFmUmloSzB4VllTcHdTZVRSWnFzN1ZhaU9TN3dvWGpTc2hHMFdBOEJCZytBd1NQT1lWMUlkYk9FSy9XQWI0SnYyTi9Pc3hnL3JIK2FKcTBKdEtrY3VvV1dYbDhJSVFaSmlOMGtGV01YVkZWYzIvWHl5RDNyQUJGbTdkVjU3dzY4cFZCcXAyZDZvdi9FMEVoRWdYQjAyVUViWUxHTUVPcU0ybk9oSnRGRmNNWUpDREJGY0ZVamp0alh5V1ZvOHNjU1lZbUlma0hNYU95VFo2bFRaOG1WamZxbVAzVlhFU3owRkpvS3p0NDhOdWNONUp0TjlOY0hmVWNUbk0xTmJGbTBXaW9hTlUram5JdytHRllXc2dNcGlyYWp6WG5IZFNEZm9aTW9obWpXYUlQazNYakNYak1zbFdkZGRZQ000ZW0zeVJna2VpYWR0eVhjMVB3Uy9nTUlXSjY2YmdieGRSUDRqbXoxdmJ6d2ljbE5DeU15U2lhZVRaaCtOQVZnUjc4S25KdG1PMkp5NnY0czRxMDBDeGphQlFNY25yVkhyVVdwRE81dW5CbGw0RlA1NUhqb3NiRjZXaENHZjR6MUtpcHcrS3prQkNqdFI5c2FBMFRkenhZajhHaXNzZ3doSjFPY1BpQmtlQkhRRGc1dFNwajVYWFlUc0xDdVI1SERhQ2xPSDUyYnN3d2FVSk5sZ2FKMWp4VDlVZHFhTGp6VXpUcmVKZ1FuclhmRGdCU2czQ3RtQ0I4ei9WanZ4dTUwNHpzQnRGMDlua1hEVFRNaWcvQk5kREtsUTFUbFA4YmFkUjN5MGdVeklHcFRjVW9sWXhjbjgwcjdCTUdRd2xUTXJybGM3Y2RrL2c0MW9Na05BeUZRTUN2d2pTRGxybk9ETW9raURRWnlIdWFQdDhiQmptblZoREtJTmtHdE91dXVHNXNzMzlubWFjbjU5MmlLWmlGbkFNaFZkdnMyRktIODdOb0p2TXdwM2p3cW1BREErWTE3TlBFd3JBUlBXT2hZRVlXTWl2TGNrWkpuVktWaFZOMlBVazR2OUlhWnFFQkJGcE8xUEZXOGh5am5FbHQ4cDM3WlFPMmxPQ1lsY0RSc2UyUm1rQXlyTXhVc2t2d0dSVTB4SzYyWDNKb2s1QmtEb1dhUk0vOTI4cVZ5Q0ltbGNLTTlUTHBhMGRIMXMrQnB3aXpmZnYyelNZNDk2T0RibE03YzFIOERsK1czMkUrRVJMbUdYTk5qb0ZBQ0NNUW9BTXNFRkhCQm9NcTQ2Y3BxYld6ZWM4UG0ydlFVM3NJMys1cXoydXA3Vlo2N2RaeHpVNWVFcFdMUk9EaFlncXg4WENSMXBwUWdnT1ZVaFlEa1RCQ1MrRHdZLzc0ZnhzNTJHUk9aNThiaHhuRmVvbTg3WnozMnNYUHFJOVNrR3ZuWVNDSkFUclM2QTRURUNrSUEydVdWUUx2MXFjYkg1ZStuNHdzck1ja1hkYUZRQWlZZjVoUEVDZmFsbnZXT2ZYYU5XWFRhVlhyWlgxTWJidmo5NDVrdytUQkh5RFNtSFVoRUswQkZoeG5pTk1TQmYxQ1RXQjlQSzZUNjRXeHpQQnpQeUlZY3BxdjZBYnVIOU1MODRsY0ZUUkFORk9FdFcxWFhTZWhOMnJVV2pSVmEwbWlYL0k1TU1qRnRjdzJUYXlhRHhrNTgxMlNzUnQ5WUNzaHBSK0xRWkVNdGowTDVZeStST25LVEhZY3g3WWwwNDNEeklZRXg0eGdYMjdZdklwMTNHZ2JhdCtSVERBVkM0dlpaZzFMZFlickJGY1gwUHZUSWVVNnVXWTBsUzFSU2JyVjNFWFZCalU4cTJEcWNqWnFPUnhQSkNhWUpFeEcvczRCbjZ3ajE4TTdhMkZCV2pZOXFGMEtVek1rUkQvbmRtaE9tZFJsM1JCa09NMDR6OWo3VmdMS0JQcEFac2xoSUtLTkJBcndUZEFxMmZVUllZY21WdXB6UHdZTDBCYUNIUVhKRXBWanZmRkpqRjdDSUhacHNWN0hSR2gyVU1tOFI1cForbDJsVHVUY2pZbnJYMnhpTUlrZjUwNUgzYjlIMDJ2WHRTR3RCT0gvV0Vpa2psMzV4RU54OGVSTElPeEVBd3QzUityb2owQ1UySnVZWWRyVk1vYWdSeGFMNjRTcE1FUG95MFhMVFVGdlNmdzFYNUdBUVAwWGsyNzhqY2JBTjBGYWN2MFFybzZ5cHFKTTJKbGNTY0ErQjk2VHVmaE0wSUVJRkdZSTVnaUU2aVF0S3kzVGxGVlM2MEIzTlNVNTBpejlpaXlKMW96VjRVZVFvVUhRVmhBbzVvMElDVXVreFZPWnErTFpPSzJMTmtoWURKWUdpNkJRTzNFZlRnSzJGUzN3RXpTUytURDdEdWhYc2Y0SVRZR3RxUlZ5Y0U3dG5xSmxrMjJjc3NuZTlQMnpZSkE5K2huVlVUZWlsVkd0T2pUVGdUUkxjMFFxd0RGYmpnclBUbWVQUllOaFNDZ2g4WWw4MmJQS0lpejc4d283NGZjVVhCbGExRzdWTk1HVVMwbVBqVXhFeERpNUMxUVpwQU1HeXVqV01tUnROOFRCWndnSm53cjdHczJWM2V0ekhiT3hkZTAwNG5vaFJJaEVJU2t4b1FoOWduUGpHb1gyNktUcVh4amtxT1crRllaU2s1ZmNEMnVMTUVIYTYxZVpwM0FpcnFCRGF6WTBQd1VlV2tCbVpNc0tWTjVaRzU2SGdpdzd6TE4rYkt3TEdENkVBUUlOQjk2eVhXYzRzcDZzRGUrT3JPaHdWNk1KdUxXeU14RVZtMHgyTVVERlBhTThTTTdycUxDSWRmbVNVZlNyMnZ6R3lYUDJIdWNFdUVabUhKT0N4VUdDR0MzU0w4bVpmYWhpYnBER2ROakhNSUtvWFJmRFhBa3FuWWdJanF3bHYybHFqSXFZS3J4Y1UwdXR4UVBpSFRQTG1SeGNQeHFPZGF1SlJZOGpVNUNmd0VsRk1NRDBXYzhPUWZFZDEwNVVCeUpPQnExSnV3UnFwdWJJNkdMdGtNNjVFSGlDRFlIR0UzeXdVRXdKYlZtekNUMEVFMy9EQUR3ckJCSG5zMkVGdmhyWGJrTnNub0ZPdFQyMjFEYWFYdHd2NjJhOUNWcUwrM2Jtb21hM1BxRmF0TTRpcksyRHVoa2lxVzJ5UDhHMHo4d2cxM1R6QjVkZ0p0VWN5M0VHT1k0NVJ4eU1USzZzV3BSWWtCU1lGRXA3RmdxaWt5bTBNKzNPemtKekxLU3JGVzZZSTRUN05CZVVyam5iejA0cm1DdnNqMjFQZGpmOWtpNlJtQ0hnbWt6amQwaE14d2RnSS9NWkxXSVZYMGFpTkdrdzFXQU9vbENZSW1TYU1kZVV6QkNHMms3Y0U5OTFYVkpxRWplWjJudVFxQnczYmRZZERjRjEyMjhBNGtUVHFyMU4waGxTZDZ3YnBoWU9NeVlVNzRSV05ZdjFCM1dLK2F6VHpYM1R6UWFtZFBJdTU0QXVoSjdJVlBndTFyWExCS1lGYW5qYWlKdkk1dEZRMFZwaFduSWpsK09rNzZzRVB4cVlxU05aQ1Q4LzY0UjN5Y1Z1UG1ITkE5anhBdFV0amd2cFk0OG0xWGlPQStCQlk0TkM2TmpHSnBVd1F3eHpXc09RWTQ4aERFTE1TSHVJRXVKRVVpRkZhN0ZTQlRqbWVtUWhGc2VFR1hTYXNaVzVEeE5RMXNkQU9OcS8zQVAzNlBWRG5Gdy92N09WcHhFOVRRa3hWYlZ4UVZkZW5GbDNUVUdjWnFiK2NoN3VsL05ZSTRPV1l0MnQyMEJvYUxvaFZJU0cyT2FWMzVDTTA0Umk0MTQ0dDBMSUNrUFdYVk9LZWhUQys3UVRvdmNBUW9GMTFZL1JpZWM3MXNnd2JqYllHK0dwRkdEU0NOZmlySm5PQkt1ejJUZTNQWFJ5djc3NkhaWDR1d20xSStlODVrQkc1dGdJMDJVa0loTTNQRGhNS0I0UzlpdXRMbm5YaDlFT3g5bUhJQ0ZPaDhWbzN3b2J5WG5qdkJQOXdMWkgwb05YNGgxSmxYN0p5QS94bm1VY0djUjhqOStaRkdQOVlBQktYb25jMmFHUmE4R1dkdEFOa3BPTnRURXkxL1hTeWpMVER2bWJzZjJzdHNOVVFTaFFvWWNwaGFiUVhMUTNzdHFRZHhHNG1LUTJneER5WWVremE0K3c0ZGdJQnY3UHZabnZNS091T2NvNU1DbFpjNDZKQm9IQjBDZytVeEVTbXQ1c1dZOVN5MmU3TGlaMTNhcTJxR3RUT3MyL1lTTjlpMDZUWkgrc3lpQnBobFdza2Z2VW5FbzF0VEpobHcvV3NLS1JDeFlWalVCbUhHblBPMzhidm5NL0hyS1JIS1VWeVVjaUlUaDl3QmUwM1RrbVVzeTVoanhnVkxrbVNNNFlUTWlNS3R1MXEwM1pKRFRqL1h6bTl4QUE1b2Q5YkNFa3IxK05tTlZ0RW10WGIrL0RUa0JrQmtFeUwyU3dRc2VkUWpPSUhPSmtRK1BDb0JLa1hXYUV4VVBrL0IvL0RyK0tTQm81SDU1dHdueUV4M0FPblcrZWk0MEdNYnZVNUh6UDJvTnhZKzBSREFnM25vKzVEZ016bWF2Skx2YmRRSjNha3plamRkbnlxSnNvWENlQlRlLzdObXJ1WTVUbjBHRkhIYk9OQ0w4enkwYmQ0ZXVzOVFxeHlIWkRuSk5vRnVvYmFjTURSbzJyUllSYkc5YlZSZ2E2VGEwQWN6WHdUWGpJUmoxMEluWGtPYWRqQUlpMWN4N1VQbWFHV2lGekJYbnRNb3dhSmMwQWZrdWRDZGNMazNMdDNJZTliM1BJalRIOGJKOVUremxWeUx5YVN1UXk1OFBNNHh6WTk0NjQxaHpsYjRnUys5Nm1kMm5DT0dMTkFJQXdFcTlicVc5RGJoSFhKdXJFVlhFTS9ERjZEdENIRjQyRktXYWkxWTd5MElpT3Y1V0NGZitWZ013VVNEVzNVMzFGbjBVbVhIUDBkdnFSTW5kMGM5eTNrWENTQkNxT0lsb3lSekpXcllHb1RqbjdWeWUvTWtkRnQyWlV3WnZUaEJMdzV1QjdLOVJzYTZPdDc5Qjc3R3lrSkE0bkR4bkpiUmhZU2Nmdk1TTWdUcTREd2tKU01uZWRxQmpuemJoNjlpWDJYcEpKRWxzbG9CSHR4SFZqMWhGMElOdHZQNitNeWRkaXJvdytWWWU3WnZ5dHU2ZXREclg3WEQ4RlVYWVBzUWJEWTlyMFRxRkNnQVF6RThMTzBkVkVvbUFtdEFHbUVaOUZUdnRidFk2UkpkWUlVNWhRTjlFb3Jna2ZqM1BLV1BvMC9qNmJNYVJmbFNIcDJpV3lqZ2pQa0swQzFtZlR0VjFOcGlzWXZXczNxaG1WeEYrbGZkMFMwdDBOOCt6YW1OYklWN2QvbHZTNmp4RWNOUmZmWXdvd05Zb0haZFFGU1MwbWl3ZVY4L1pRNTVoUi9GNjcyS3k3Y1g2a0lFUkNnZ29Od29iVTU3ZUdsVE81VjB0bjg2SEoyQmI1OEJzaVUyeXNoWjNhc3h0NTFvSjA5ZTRKTWNrNWdSN0RZVGVHU0dGMENOUEJRbHdMeEdtQ0RnSjE1QVQ3b0cyWmJndENBVDlKTUtDZFRCTGdpWmJBUCtFekVVT1lBVWJNM21MNEl2WnFSbU1obk96QWFhUXA0Ui9ad0M2alV6SkZGNGJQUGdPalVRZlZqK3oyYXpyVnpCcGsveEtEVkltZlJKOU1zbVNpYlhWK2VzZEFHWTJ4U2t4MTdnZ0FvQ1owaDZmMEVtd1V6cVRtaXRMWjQvTTNKcFI5ZDlFb0VJWVAxQmFkTUJSU0ZFbVB0RXhZdnI1SjJyVzFPakUxaU5ndlE2dHF0NUVwa1VuVkd2SEw1dFVRSHFGdDNyWFBPVGJTSGszRnRST3RRdXBEdU9acDlDMkVoVmpUVHpnYUJLNE51ZEc4TUxQVHVqU2hqRWhaK21vRHVSdHV1R0hPZ3hCUkZLREk4ektoYkgyT2plVjhucG03NllaMzFpUnpIUURiZFU2c1Ruak5ZVlVobDM4SFZ1dEtmSkI5blROZWlUenJGZHhmWmpMYlhuK3pUdnRVSkd1R2h6dlRTOGJKYUJHMk1Xb2Izd0pWanJURTRUT1VLa2pQREMwUGh3ZkRReVcwU1A5YWlyY3cxOHcxYVA5elBweFQ3dDBLTnlKYytCSVFYNDQ3cXc5VzA0ZDc0bDF0NVdETHJDRVoxWHRVUVpWei9kQm8xTHZjZE5OTmN5UUtocERwTEpkVlczRk1XL0p3elpoNE1KV1JLeU5DOWp0bVl4ODJTNTVaTys2Zk5iSTBtV3NoYjRLUVFWT1JSNEt4T0k2QkVNMDNFNEVkK3FCRzJyb09tRlZ6cEZQZE5RYXZmWkZyY0tOT3I1S3UxSkNiLzk4ek00aEVuaEQzTHZTYlRGRzFUUkp4RnlwZVNrSW1rcmptU1RyTmsvQnNwQlhTSGltUHRPU2hHcmNYUkdkN0dFdDErUTBNQW5MWWtRdVlCMWxGYUMyMFpvUmxvd0R1SUVvY1RoS1pkWnBxMVI2WnhZZndrTzRRMkZMTG9CUVEyVmpiNmtqV2wrc2xYQXl1Q1EyS3RPZmNhaWdGZ2s2ek0xVWdZSnFJNDV2UTVJSnJWeU9MalVQUzQ4aHpQSm1DMytLSDhiMkViNXRZeHkvd0ROQzY2ZU1KSVRJYVZac2pKSUYzTlVUZEFNNk1WTlhKdG15MWNyUk9HKzRZcUJ0TlBtMTdacWhKTWtqVkNKVXBSa3pRbVVtZGFkYjVLcldLc2V1aTBwbG1MaHlmQ1EvYVRsOVVLVVFKMDJCZW1BUGhvWEV1ekNvSUZpZWVCOHpEdHdqSGJLNG1rYVlRWVVxaVdrQkJJRXBDbC9nL2xxZG1LeVNaaGdkR09KcndMc04ycU1YSFQ4b3hZZG1BSVRQMDNKTzlvTEx6T211R1BZOFc0ZjZBKzZNUlRJcmFxRTBUUjE5RmpCVnRja2dTMGtBQnpXUGVRWWRieGtJd1dOQkVUVGhkN3ZGTmNOSkY2d29OWW8xaGZnZXQybWFvWTRpYW05Qzhxb1ZNcVZWcXA1YXMxMGxtc2I2bFEwQ2tzNStJN1dTZzdLMXdBSXNsZ2RyUDFVaFZwMFd5M3ZwZ0dXUXAzMkkvMlJGakpJTm9meHFOOG9IeG1SQXFENU5XK3VDSlNCcWFwQko3eFhtZEFPV0lNWTZIQklTWTFEaUdXMGxBUW93UUp1OHdGd3lwdHRMUmQ3SEZGQkVTQmZoSDdnQWZDV2tyZzNjOXNmZ3RSSW1HSUJLRkNZVlpWMEdZTUpwRXlURk1wbkpPVEUrdVRiZ0gzOFBNTUN1K2x5YVVYZG10empTeEo2UUVBbWN0dVg0WWkzd1NKaTNNYTRjWGZSdUx5TEliWmRkVHEwcnhUS3FtTTI1ZXd3eDRBajVyTFU4ZCtsbkJwdFVrUzc4bnoxZit2aGdUNjJXcEVhb2Ywam5obzJoVmwwK3Bma1g2RWwxRVRIVG1VdFpkNHNwdUtrWXhlRkJJTTdMakVCaVNIcWxONk5KOGc3QnN3NUthSWRqcmFBZ2tKU0Zlb21LQzgvUm4wRkpFeHRnNHR6Ri9yaGVpNXRyMGM5andXV0FtaUl5TlhBNndFcEc0RUdLMkVMSXNsUDBjVmMyR2ZROURlRDNXeXpqUDNBMG14cWRDV3dIcHQ5ZXdDVDJZaWV0RXUwTGtGaVNwQ1J3Q1pMWWJJc0tuZ0xGSU1NSlVhQkNFaWhsMzgwZ0dPaEtmMW8xeXJxWm9oclZIVGZQOHphaGJmZ3Faa2I4aEkrWG9pSHJlRkx6VCt3VXd5TVZWNGxkSHZZdHNWZk1Jd2s1VExQMlVMZ2ZTYVpyODN5anFsVWxJdFUxS0V4Z0FRdkpCWW9Md2NKSDJsdkVLWFJBbUxqb1l6WUFwUVNTRzNBRm1DRTVvQXZ2c3RKS1RYdEZPZEYzQk40RW9rZFFlM3h3Q1VwM3J3cFRqSHN3eVp6L1pKQ3hNS0VLbk1Bb1NuM2QrNzZBYTd5RnJaU0I0d3ROY08yVUMxS2NqR0RROUxHQ0NJYndIUTd6NE5JUjNFUTVFeHF3elFYaHdmVncvakFYRElVaU1FbnE5RnBMVnZFVWRqMTJyRi9PN3JxMXE1NmpYQVoxMTNFVTNpazFHTWh5ZWMyODZjMnpUWVQvM0ZnelNhUkVUaENuUms3aXRCNm4raXhDSTFDYTE2S3ByRkpGbTJtZzJ1OGROMUhEMjVOTDg0S0hhd0k3L0VjV1JZRG1PKytwRVFyeEtlVGFxNVNBS3c3TFpwalJibGFLdEFOMEJIOEdKUi9PSWp0VW5zRU84WVZMK1IxZ1ZNeERZakJCeGN5YmNFOWZOUFdEdVdkdU5md0JEdU01ZW0wTm91SDRZQ3FFQWcrRTNjWTNtUzZ6WHlBRkFNRGdCQzY2ZGpwYVlVZmc5TUk4d0g4K2pUNlk1bVVHSzJ0d2g1eTEySXlGcTVHclV0Nnd5VW9VMGRTTW1qUHJWMEhzWENVc3pMWDBlR2VUY3FqSFNhYzVrb0U1TU1oS2Fvd011SnZHdTB4YlZKRnNLRDNmNWxWd0VvMXY2RGs1Skl2ZkJBMFhDVW1jQ0lhQmxuTWZuR0RnWUFyc2N6VUh1dzFvVFVjWTZ0QndYSXVNN2lCQm1zc0xSSWlOOW9oeVRabUtTNDZPaElNcTllL2ZPL2dtTUlQUEpVQklvakVIWk1QZExTSnR5VjZyMC9JMG1vQ08yMFdLY0EyRmdsdHJ4Y0dLL3VHK096ejNEVUZ3L1VCQ0tzekRWc2pPS2VEZC9sNzJ5dWtac25ZblZKZmk2L01hby9XclZGTm56b0pwYStpMFpJcGRoMHVxb2ZsTDZSZFAvemdEdS9yRE85NmlFbTZhTmYrdlFwOVJQRGVMZndzY3piRHNLQlM5cGo5b090VUphNmd6c2JDRUVzZGthaDVwcWlKSm9GQnBHNkxiUkh4dlk4UTdFSHI4RHFVcXRBdzJla2RRNUh4QzdIa2x2NXhXdVN4U3h1UmVuM0FyQUkrOENVZUo4WTk1QW5HU2JsZlNpZkFVYzJpZ05VNUZLUmE2ZmpldkJ0TkpVaEprNVowTDdNYW5RcURBaHRlU0V0bmtXYWdYV0M2RkExaHRtNFoyMXRINm1UbXBLZ2s4Sm5BU2NUblp0a3lwQloyODFvVHFwQ1dvTnk2aHhlTlV3dFJhbTAwYmRjTlRhQUhEYTdnT0QzR3Zrbk5jY1JacGMxUnpyc3V4ZFhxVnJMN1FVT3E3NWttUzBwV3JGWEZBalZraDJ6QStrUGNTSldRTlJaN01CaUZJSWh0SVMyQWFOSGtDeXdseVlWRnlyazY2RWZOdU1HU0tGT1pEZ01CWmFBblBINlZnUUpkZk8vOWt3WjVEWVhLc1o3Z3cxV3dMQWZTSGhZU2czN2dVdDRaeVU5RThjYzhkeHVRZTZyOUN2aWc0cy9OYU9KSUlqOWMvVVdMWWZUVnlVVG0yVjNsb0tpZTVPeWQ2Vk51UnpxZzU4S1gyOWxXbFU2L296RTE1N0lDUVRaK01OdTkybjFlUmMrYzJHR1NmQUlNZVA4Rklad1VyTjBJV0JhOHVnTG05U3MrMWQxbjRwRkt6RDMrVlZhaWVWWEd3WEdrbXJwSVF4aU9RNGVzRU1kQmIzODdkRFNHRW11NjdBWkh4dkJFckdjaklTa2g1VEI5Z0dUQVZSSXZYUkdoWWUyWWhaVThVWmZueFBib0t3S2prTHpMeEVCYUNwdUc3OEpkNjVGNUc0WnNWejVKMW1GL2VBK1VkeWs0MTdZRzBNeWVib1o1a3RSeXgzeEZ2YkkyVVkxdWRTY3hkTFVTZWZjdzNMNnNPa2MxNFpzWVA0MUs2Vk5jbFl0VlBaWjMvT0o3eXVScDlTUTR4QWgxM0d2Zk5uUmhDV3BhM0w3TXNnV2RhN1ZPK2VEeUtIOHVRQUdKc3NrSWttZWdVRDZHdEljSGFEdEppSlNBNkVaVVJMYVdzSktOb0VBa1pxTzkyWFhBaFJOZk1ZWnUzTkhXaU84VHUwam5VWG1JSDRlVG1QM0FTZ2pJWEc0cGc0NklTME9aOGRRc3htdzB4RXhxekx4NVNTcVdvU3JUclR0VDFuRXJab2dVVFBWdTJkbWVvS0o2bElna1JLNVBVc0RUck5RRUR0VXRsbDB6Tmkxa1hMTnYrM055ZE03Umt4U09ZZWt1Z3plbFhEdTZPd2NacHB1WFVNWmR1aHppbFBFNnd6N3hMeFd5ZEI2YUJtcUJlemhVeTNOU05JV0NOREpzSnNDQ0MyQ0llWnhVU3pnUFlsdHlFRHN1RzNXRlBOUnFZYlU4aEJwRFlzU0RRcjcyVE9ZU2FnTUJ5WDJndDhrK3kyN20rNURvOUhpSnE2ZWdDRE1CWk1ZaWRGazZkMmllUTRCZ0VNZmVwdzUwaUhORitTZUR2SWZiYlBxVnFqZG91cFJVNFZxRm5iTHRYRVluV3lQVTYxTHVyK0ZmMmJsYUJWT0JEZFRRMXkwWWhCc2s1a2xLdW96bm1uUlNCNGN5VWpaSENOa0ZYRzBPR3ZXbTNKb1UvYk0rdFhMSTdoZVBnSFNIcUlFYUpFOHVPSUM4bUdXV3lRVEtpWS9BZkhBR29DNFBFREgvakFUSnhvbHV4T2IrUkxVME9DNW1IZ2JCUDlNdHZOcGpsa3ZRaEJCZndtSE94RUVvdUV0WkVheDhCOHNrb1F3Q1lNUW1oWTNKUk92R0ZuUG5QL0NZK3BqbTNXNVdTUHJwcUVTNDJmU2R3Nmw2WG1yRG9FUWZWcmN2WmdWbkdtSnVxQ05wVUp1akVTbmZrVmFZMnpEekRJOU1WWk5ibVhIVXBHQU1icWpIZUp3dFFJYXAwbE02d0RNc29ZbmVhcERTU3E3MU45azhUYUtIa2MzdUxJYVQ0THk4NVIxamtHbWQvQUlFU0VnSS9nYjVBeDE3RTM1eUFzSEtaaVE3UGdXekMvRHhnSlFFbStzNU9nbmRBenhBNWo4VnVZRnVhQmNleE82WFdoWlRnLy9ndE1CWUNUK3pVYjNrVnMxQnBkWjhrNjkyWFV6VCsxZE00cVNST244d2xHemJvMTZXcG0yMnZXT2hpTjNsN1h2YithYzVWSnBKSHBHazVMRSt1Qkl4TXBtYVZyS0pjSnd3UTRqaGlrbWtLZDFxbmFvSFA0UitESlVhQWhtU1hEaXRhQkc0V3hmeFdTSG9rT0k0Z1FUb2NhcVUyV0htSmtBMStWcy9oTXlCbmQwcXlEK1NqQ0FnWkQyQlVHNHp2M3liYVpSckw0bTFBeSsyc0dha0ladGVLelNGdzJ3N1MyOUtuaDJRVDRkVU5HRTlrNm1xL1l3VFM2RXVwYVNsM0hXcWZqM1hXMjcvYXZDT2l1dDFYWC9LOGJocW9peU5tRzA3TS9OU2RNblRKeXdLcy9rTkFTSytPc20xaW5RVG96YmFtbVpLUmhhclNzZTRpcFpUcE5rMkZLSkw3WUpoc1d3RGc0N3NBdjN2T2U5OHk0S0NjejZWeHpMR3N1OEM4Z05tZi91VDdtWWl4bXd1R0htZkFaWUR5aVNVVFdiQTZoSXk2V3kycEJma05pVVNnTStROStsNG5PekhvYlpCajFnVXJ6S2lzM2EzRlNOMW0zSTdJUmczVFBwR3FqTGt1ZVdyOG1EYnRCcHQ2Yk9iZnNIMUMzaWhaUEZJRFA5dVNUVHo3dUZyUFNwd1BmV0VPMGxZZzdwenVaeUcwckRESWEydE9OWXVpWU44OVRzVjVMU2M3VUptbmZDbDR6MDB5VUIvZ0Y0VmxnSkNDQ3M0dUtnMzdzK3FFWkJaRVNDYU56Q1lCQi9BSzFEczQxN3pBVGZnWCtobkI1Zm10WnE2YWM0RDg3dUdOQ0NZTWhZZ1dEV01xYlphY3BQV3ZJTldjY2RpMk1xaFpaR2x0ZHh6V2tnNTErUVMydFRxRldJMUtqWjlPWmRqWGZsY0dFYnF5Mng4eW1JeWFTYzdEczlIN1ZSbjFOUDdvMHMrS2RDVFFLM2JyZmtoL1NhWkRxWXl5MUcrcWdNSG0rMGJXT3VxblV6dk5wa3lKSmNMakZOWkZESUxLRnhNOU80VWFITkkrUS9KaGttRTlNd3lMVERSS1g4TENWZVBvbG1sTlc2L0Uva25jazh4Z2RSa2hZSjV5TmEwUDdrUGtuRndKejJkWS9vZDVjKzZpYlpkZHlxV3NiT3hyc1V4bXVRbjNTejBtaXp5UmpWby9tNUFDUDdYTmM4aC9TVjZpTVZMVkVwZ1VTSTJnOXZHSDNmSisyQzIvRklEanFvNFRkVm5JYlhiaTJobTA3VFpTZFVpcithNlNOUnFaZ2QvN2E5VEhCbHFQbTJrcGtva0FRSTlsdUVvdElLMnBHc29lc1RyRE9QQTQwVVRHVGltejZHTm1QeTkvYTRJQnFQQkM0Wk9ycDV3dVRjVzVOSmV2Z0hRUWpoRjNJZG9Zdk80bGZwWHhYeFZqUkM3V2w3TktNK0l4QTFaeEh3a2hxclg1ZW83NVRqVUIyUU1aYXQ5OEpncXhTelVaNm1xNnVyUmFCMzAzUDVyUmJNVWlkVmJoZEJxblo4cEVHR1pscU5WeTdsRlBwR0dEcEduTWh1eUt2eWlEaXBRUThHcm15a0loSUY2MkE2QUNDZHJCcG11aGVBSVMySjRJNUlBUW5KbG5DcTJsazFSME1ncFp5VGpnTVJtN0Z4aE9HZFlXcVpLNmgxc0YzWTZZN1I3c2JxOWYxQktpUnFOSDByRG9ueHV0eW5FT0ZpVGh3MUd1eWZDRmhLeDB6ZHBHeGpHcm1zN2UxcTB3ZzdpNFpKRDl2TXNqeEc5MkxEaWRKbkoxMFRxS3V1WTJjSzlJNTRoMU9xeWIzbHVZbGpreXZ5bWlqZ3ErYVhPek1oWlJPOW5YVmZHS0RhRUhSVXRkTlJBa2ZCWFBNMm11WVFQd1V2N1haQVk0LzVoY2hZZndTb2xJOERPMWdISHFIWE5xUG1Qdkp0a0JWbWh1QjZreXBORHZ6dnRLR0h5RVJVakJXbjZMRHdZMHkzZXVpV2hsUnEzaTdhdWJWZTZoTVVndnkzRDgxdlg2ZERKTGZ4L3VWRzZPWHczUlMybS9IdDZoSTNoRlJkeHBpeWRmcFJzUXRNVXJISkYzaDEyam9UeTV3bWwwc0xKS2VaQno1Q3pzODJzWEQ3b1pXNU5sUmhRMnRZcU5tR2o3UWJNR20wU0tKcmFmV0Q5S3ByeHFoVnRoMUlleWEwQjBOQnUwMGhyOTMvNHdFSmtOMkRKWUU3SHFuODF5NzJHUlNjbW0yWXpKaGFyVzBFakphSjBTL01vWkZjOGtvWlh2V2tFR21HM3BreHlEcktnNjc1ZzViTmRHV2lyVkdHZmxxcnFXSnRnN3cyS0VBbHFvWC9leWk0NCtRakNNVFR0MEVaYWc0ekphMDZyam41RmlJZ0p3SmRSeUVhaW5yaGNIQVJEbnJXNG1XL2ttMkhhM1RlTk5XcjFLM0cxWTBHaDVxNW5qVVc4RElrb25KS3JYek54a2RTc2FxWWVTRUxuWDFIZlU2UFdiNk1iVWdyM1p6VDZLWEthb3pua0VRdCtuNyt3OFpaRkx6cDZUNWxObnZyZ05qOTcrUjFtQmZrbTJZRXNsOE9hbXFSdEE2RTZxR2s1Y1lwRHFlbzhaNG85cVM2dUFiSytmY01BV2hXajdiOElEL2dkamwrNXlhNWZkQVMyQXFvbVBrTllTbUdKck5rY3lacGVaYWpPOVhoRUJLNzVHNVdFMUhHYWRxMVZyM1h3bDR5YkhQcGdvMWFKT0F4V3pLb2ZtV3hENUtVaWJLMS93VDM5dE5NU2NqcDdid081bEdqV0wwc2V4NzgyUkczM0ZqNlRVdDJIVTF1alN5OTd0eTIyb081VEd5d2xEZnhZV3BPWmpPdDZqaDVHcmFyWVBOWndTckpoN3JROVZwOU9GSldKa1pGN2FPYndJc25hNGZILzd3aCtjY0NDQkdIcHdsdER3Z1FyVGtWM2duRjJKU1NtZmRURzVITEdueWRPWlUxNld5T3M0VmI1U2Q0VHNiZnQzYzloUXVHZkdxYTE0SG1sWnRrbWlOT2tLandreDhKa0psQkpWV2hxaWF3cjVjNlpSbmk5VE43L2R1ckh0Tko3OGt5MmxIa3J6Mnpxb2gyVkVSVmo2MExqZFN6N2RkZnlQUDYrSXZkWmdmbVpHamtkaGRtU1ovb3hWdzNpbmxKUWRDbU5aTXR5RmVvUi9aeVIwSldCc1NqS0FkM1pUY21vQWJoVzFySnhnRlZqS2t4SnpDYk5RbXRpdG9HeUd1ZlU4ZlMwRlpuMDBLcEVSSzVQWGFwVDZqVUNPVHljMFF1UTBFMC85d24rbjc4OVl5eUhTeHAyMlhRRk5iYkNWdmtRUlpJMW1kLzdOVkJ1bHlINk9oUUtNQlFSSktwMVZTc3FZL1lMVWlpRnFIOFFDaHg4ZXdnVnIyRms1b1F3ZS9HR1d0TzhUcWtzTmRJMXpkYkpmTy9rOFRzNDdTNnhLUW94QndSdE1xOUgxVVlsMFpJczNiTEVQTzZGUG1NNG8vY1FzR2tTR3NuRXptMnZSZDdybVdRYVlMdXNOMEE5Y3ZFZWRTVzlLdU5Xa0hXbFF5ZDdpdjdXaU4wY2lHcFJxU1VWNGxOVThTd1Nnem56MlVNSnVjdU92R2NaellxdGFwUTRVNjIzKzBkVG1OVVg1ajFHYXBOdFpJcDdvbUIvVUxhMENnWnE1SGVLMzhuZjZIdmtwRmpGZWhwYzlsSCthcytMU0tNM01iYVVyVnlGUXlpL2trUVo3dVAzMS81Y1pXWDlQT0YzYjIrcExUWE1PM1czR3dFL2pvM3pXdmt0cGtpVm1yMWhsMW9oL2xXUEo0Nlh2VUlFRFdwV1N0aHhXRkJoNTRzT0N6SE5uUUVYTXliQ1hTVWJ2VlRnTjJ5SURhYUx6bW1qcWZvUVB4NVc4NnRIVTk5aWlobDExR2N1MnFwV0FDTWV0ZFVoTlVoenNUZi9tLzZwUDRQejluTi8vTkVYbVAzektEVENlNHR4TloxMkd3dXJEckNGeVlFU3dKVCtiSXYydTU3UWdhWDY5ajFKR2xtazVabDdMRUtFczl2TG9hZU0ybWJKZFR0VmQxYm10ZjRuWDlqL1AzV1lKYzBjMTFnRkhGUG5YK1dHV1lycnQrRGUxMm5UTXIzcXFhWENPa3VCV1BtY1JMaHpzWnBtYkNLNFA0Ry8yT3JMdjNIQ1IxTjBjNDNQell4ejcycEkzdHZLYURYNjI5UEVMWWRsMVBLckszTTdsa2dLcE5LaWFyeThWVWN5MDFUNFhEZDhPQXV0ek1xTTYrWXd6UG1RVkZTU2daclZucURsUHJhRVlWa2gyWXNFc0Nqa3pNWko1a2dBeDdKOXdqMTZzaWZUdUJVVTI2Q2dISmZFajFEV1Z3dytINkFwVkIwb2VvVEpLZlpaQTB1M1RJaldMWmRoYkc0QnFvSHIzaWlpc3UyOWp1YXpyZ09WNmN0dlBTRktxdXVyQ1cyOG9RRW5ObGhrcEEyM0hVSmR3OGZrcW5lcDFkVjVhbEtWcHFubG80Vm4yQnBjRkRHVjd0YWxTNkNGRksxeEhUalFqWTQxUVRlTlF5cVpvLzFlUWJqZEhyZkorTVJubk9LalJ0VXlTSU03VkNFbmFIbVVxelNnYXEyZkhVT2h5UDBvUzczT1V1ODdrWng4ZkFwUTk5NkVPcjZmV3diVFBJZE5FbmVVSVRXVnRwenBEU08xRzV1VGlkSTk2Tlg2am0wS2dYVjVwcXFaV1NNU3VqalVDWFhlV2l4NWRCMGg3MzJGMXBiNmNSc3JkWU4xTmxIWU5VSjN0VTc5SXhaYjIvT3Nnb3MrcHBkamtJcU5aMjVEWFdOYTB0WW4wdU5xZXc4NlIxR1BvSDFheGFsdzJ2RUpMVUpqcjM0Tm5vSmVDa1huQjB2RDcrOFkrdlB2clJqOTQ0ZlR4dTQyQmUwOFh1eVl0Q2t5UUIxMUVKWFUxR2RjNjdaRjhORVZkbThudDltR1N5cXFVazVPNzh1WDgzQzZXR25sTkNjbHo2YW5WbW51Y2IxYWpVaUZnRlRuYTVvczZmNktKcG5RWlo2alhXTlFJYzVZZGt6RFFscSticHJJb01sR1JpTHlFMVJwSFNOUExkM21UcGo5U0VYL1ZOTW9PdVZuS2dLTVZtWU45STRNb1liQi83Mk1mWUx0NDQyTmQwd2pNclROaFcvU09ZU2ZVTlJneFNtYUQ3WEdQcFpKOHJnOVQ4eWFpR3ZacC9iaGtVcUwrRElTc0VKcE9uMWJmb2dKM1p1N2o2R1IzYWVRUi9HYzErckxOYkt0eDdaR1oyT1l2S0hKMURYNituOC9mU0gzTStvMkhha1U4aGc5VHZyTitvMFNmTnJab3R0OTBxZEFyK2pSb2J5cVluVFRFenhNMDMzenkvd3lDYnIvc2ROSU5NTjNuY2RPTHIwdW5oSm0xbmcwUk5abkRSSktMcW9DZWpqTGIwVlpiTXJTNGFOc3I4cDExZGZhSDBoMnI0TVJuYTgxcUhYODI4M0wvK3JzSTRSbEQ4VWEvaUxzK1RjK2hyTGlOL0k0Tm1LTFltQ2J2SVhXZFNkWDVQOWlmdytFTDlLeU5raEVtYWtzaFRDMlR5THYrWFhTeHRqaUZxbHpvYmVwWHhtU3BRMnF1Ky8vM3ZWMHVzUHZLUmp4eGdFaGxrMnE3YytFUmYwOFdja3pka0Mzd3VuZ1dCU1pTMG5lYW9mNjlqbEtYLzF3ckZKZTNRSlJKSDBiVmF0RFZDSE5kN1RDSm1EVmdMR1hDcE84dFNicVlMSzQ4aVhOWEhxQVN2UUtnOWM3T3BXamZiSlgyYW1pU3NqS3FnVVdQWXdiTHpHWkpCTXZ6YU9kZHFELzJTTkxuOHJmNEZ6amQvZzMrakl5VU13RXVOd1FaenlDQ2FXQWZsbk5jWDFWWFRSZTJ2MlVtZEtTTmNFa2duK2F0VVhhZEZPdUx0Zkk1UjlHbUVHZXR5TFg0bmszZEJoNnFsdHRLQ3RRc3pkeUhtNmx4M3ZsQUh3ZS9hR2kwVm5OWGd3dEpNK3pvSnJJT091SWFXeWFicHBBQ3RKbEVpYnF0cFZCbEpoc2hqcUZIMEx6Z1hxR282VWNJWU1FQTQzek5qeUF6NkhPR0RYRE45dk1QR29YaE5GMzV1VlkycU9jcy9POEpQYzJZN1crZlRWQWQvSk1tNzY2aWQ2VHRUTENOVjY1REVvenI0VWJDaXc0aU5jR0NqWnVEVlRLdGFyWXRNMWVTYzk3aWtxYm9oU1oyZzRITkNQclFzS2lpd2htR1RjZEtzeW1pVXByelFFSjEyU2dvb1YrYWRIZ0gwSWFZeE9KTzkwcS9Jei9VOVhtZHNIS29YV21SaWhwdGtpT3hibTdaZzVpQ1dZQ1pMMnlnaG1NZE53a2tpV2RKUVhUSnlpZWlYOWhtWlRHaWhwVjdGbVc4WU5ibnJZUHdkZzNRTTFlVmF1dVlabzdaTE5jcW5ka3Nmdy9xT3hEVFZzbFY3ZW1VVVNwcXBabFV5VVFJTEU0b09ROXoxcm5lZFo3VlFsc3c0Q1lhemFqTFY5OVFXdnBmWHRZZE1ld1NUWENBemRJWHVUbDB5Yzd0ZDdWSE5ucTcyZlFtSFZjT3I2WVRuTmdvL1oydlRFWk50dFVuM1ZnUkVwOEZxTjVkMXpTcEdXcVhXWTR5SzNWS1QxdkI4WnJxejQzb0NCMnVQNEE3L2xCRW5HU2ZOcW1TUzdBTm1jd3A4REw2akxTeU1nZG1rUmtqL0lqVkVtbFdONXVCMTFzYWhmdDNqSHZjNGNickptNm9mVWhNellyaTJ5aEJWNm8rSXF3dkgxa2hSMVNZcCtTcGhka1RiNVVlNjM0NUtqak54dUdTbWRYWDJTdmFsc3VVTXJYYlJydFRDQ1JJY2xTVFVmRThYZXM2UmRoMXN2S3ZnUzFOSlRlTFl0aXhha3NIUzlISjREMXFEOHpPQml4cWJEMzd3Zzdjd2w0eEdsYWpVTGZZWk1NZDFCNTBZM0s0V3lkNU8yVitJRzdWWWFhUkpLc0duYjdBa3dkT21ybEt3ODFkcXlIZ3JnWUdSRmx2SElGdEZIcS9MNUkvcVdrWjRycTdjb0d0eTBkMW5oZEtJRnNqQ0pKOXpKKzFIVEpKT2RZZkU5VmhxQ3h4dlIycFRza3lIZXFaNjBUbS8raEtWOEJmOGpOdEdlNFN6ZnZlSlFXNnU3VktxRFdwQ3lPcTBmRWd5aklTZGtyOUdpU3J6cEpUdm9DdHB3eWVScFAwOENpY3ZFWElYUGg2MUpPcVNoNk5TNWE1dVpna2ZsaEdtcFdiZHFjbHk3UkxSN0xHTTRHWHo1dlFEbHJxQzFNM29VMDNrMVgxRU9xY1poZGFnYlBtU1N5NlpaMEZTdXF3Wk5mQWpEdWExZjlxTzN6aWNyK21tejJ0YU5kNGlUSmRxR096TmtwU3YvYlR5NFNVQlpMUHNsSFFKWVI5QlhHUzZEaHZXU2RXbEZrZlZGS3ZIVGZPbjNuTVgrdTdNdk81K011cVY5ek1DV1ZhbVQvK3JtcHFzb1VqWDZtZDJNUE9PU1dTT0RoTlZFMzR5RHFoYTZ2bHBpVVE5L3ladzhJQnpYVExlaCtKMTVzYmhmcEZkbjI1OFgxZXgxYlZhc1R0NVo3Skl2RFZFcThRWC81VFNyaEoyU3NWSzJEV3YwVG5nSXlrL2Nsbzc1aG5aOTZOUWRkZnNlNTJ2azJqWUpQWlJtOVdPS2ZOY05xeVRjSFc2dTRLamprRkdtcVJDUnZJN3gwTFE5QnVHcE1QOXExNzFxcmxYV09Zb0RzSnMyc3ByNzhadDlhSjNxWXVFeE1sdTVMbDRpYmkwcnFURFQxV2ZJa0dITlFwVmlUb2xadFZFWFJIVmRrTE9OY2w0TUUyN0s0TjAybWhrYW8yYytlMzBLcTZKV2lzZ0pkZ09ORmg5aHRRTVM2YVd6bmo2SzJiV1lRcG0xWFArYzg4OWQvWGExNzUyRHRYV2lGT05SaDJpRjZHdmUyM2NscTlwQVM0MXE1bFZXbWxxWmRHTFVZenNabEZWZmNjTUhhTmt0S1l5V0ZkL3NsMU1XTFhkcTIvVUJSN1dhYUZxbmkxRjdVWVJzSzVCM3loWldpRTJPWkdLYmlwWlA5RTUyMzdPMEt3SndBNUJtMXBDTEJiUDMxN0VuSisrd3lCcWlVaWhNZkF6TUt0cW1QWXd2QzdjdUsxZjA4MmZUTmpYQldOUnFtT1hDUitsRVB0M1RkeTYvRVYxdmp1aTc2b0t1eXgrQjNrWm9ZMHIvS1JxcnZTcGxxb251N0R5VWpmNnFxMjY1RjJIN2VvaWI5aytGRC9RanZBVlBDZ0QxQVJlbDhqcnRFbk5keWdvNlVkTWNvOXJZTTdLdGRkZWV3c3pxbUtrYXBUcUVETE1kWWZkTVY5WGRaaUwyMFcxY21IdFRKRXRMZXRXR2FRelZaWXdXeDNoZHd5emprRTZUV0d3d1BPc1M0Z3VtVlJMM1ZrNmpUSUtLSFROTThoMkorR0tqK3JnSDhKQ0VsMmJ2a05ON0kzNjNHSk5ZRXJ4VGcwR2pFRWY0aVQ2Q2hwTVovd3dPT1dIQnBCNHNDL0dWRTFTNlpxS3hzekdYRFVPbmt4amk4MGt0SFNrTzh4VVI0RFZHUjBsR212bWVDbkRQY3JMVk9hdDViMVZlOVRRODdyV3F0MTFKek5XYlNaSU5HRWdZcGQ4QmhLNmpGQWpVZWxZZDBuQUdzTDFzNGhhb2xGc1dCSDBLbjcxcTE5OXdQSHVJQ0Exc2JlRnpQZkJ2cTdZdUwxZmQ3clRuZTVuczJZYk45ZkY3aUloYWhoK1YwT2pOVmRSZlkrdGFJV3RNTWhJK21kZXByWlFyZnNhZXE3bzRKRkoxU1gwdW1LeldvV1lhOEE1L2Rzb24vMmowdW11U1QxTllSa2xpWDZkQXk1ajhGdTcySk8vT09HRUUrYnpBVFcvNnFxcjVzU2VESkRtVTJkQ0hXWUd3VEUvWmVOSWVFMk8yRVhDQklBSXJHc0pXVE9zU0QySk1oOStsZG9wUFVmWitZcklIVUh1MTRFYTB6SHZ3c0hWa1UvRXNJMjZQVWJIT0ZVNytuZEYwdWF4cmIzSlRpUzFLWE0yUDZobVVvSUZsNWlnL2k4UnRmeVAzQVdPTitkZzZNK2IzdlNtdVNBSjRzYnhIaFFuM2RZTWN2YkdrZko2eWxPZWN0eXBwNTU2SlJva3RjY29FMXNmSk85T0tLM216SFlLcWthUWlpNFFzSzZpY1YwZFM1NnJWa0dPUUpaTDVseUYwblQxSjM0MjQ2MkpZNEZTK25valRaRFBZSVNpN2N3dnRBU013VHVqNFppTDhwYTN2T1VXOVJkcWk0NHhidVBYWlJ0SDJ1djg4OCsvKzkzdWRyY2JnUXp3NEJLTzRzUExlZUcxakZmMWI4V2I0NVVyTVkxQ3dLTkNyUzVYc1pUUnJyYi9VcTZpbHZwV0I3cUNNanVtVHhoSTFWYWFiMGFrbkgrUllmVVJEbXBkQ0xmbU9hckdNRlNMYndGR0N1WTQ4OHd6NTNIWWIzdmIyK2J3YkFVTkhzWkkxSFplUU5sUDJEZ1NYODk3M3ZOT0orN05vbmFtbFlNb3UrNTRKaDE1dDVmVEtFVGJtVlZiaGRlUG5QaVJscW9tVk5md29lWkxSbTJPRWwzY3RTcEtIeXpiNXpnYXVtdXphUXVkcGF4MkpYNjNOTDlrQ3R2eVlDclRRd3JtWUdBUW5ldVpGNTl3ODdwMXpuY0hLanlNTHk3dVBodEg4bXRheUl0NGtKUkVxcmJWRGp3TXh5anJUS1pLNTIrY2ZCNldwYnhwcGxScG5GSlpqRkp0U2plQ3RZL01ucEZmVTUxazY4K3I5cWh0aUNyY1BpTnZOVnljeDdQK29tYW5jODdGa3Fib0lPZ3BsR29lUk9DZ25VSDRURVNLc2RSVTdFbmcrQmUxbFBVd1I2S09UcjlqOUFKci8rcFh2L3BLSGo1UkRoYzlrWnhDcU5QVVN2c1hKbUUvbmZlYUlPdytwL1E5bUc0cTJ5M3NXcW84VEcyUkRGS2Q4bHJBWlRNRkUzdjZGNXFnb3dsS0k3T3EvcitHM3JPL0ZQa0xHSVByeGZHR01aSVJNaG8xcXIyNG5SbmtzbzJqNVRYWnAzZmZ1M2Z2all3WUk1dWFTU3FsbUE4OXMrMmFXT25nd3lSZFNGWWJQYzJjYk91ekxscFZFMy9icllEc2ZJN1JuSk91SlZGV1hqcXV1RFpXeTV6UlZqUkU1MnRVK0U4MjF1YjRSS01RWkR3cjVpWlNnMEc3bkhWRlNVZVlCamx5L1k3UmE1STRwNy83M2UrZUo4REtKTUpTT3VSdkIxSFJES3NScmt6QTBVd3VjVm5yektRbDh5azdkYXlMa2xWdE1zSkNkZGx1LzA0enF1c1BsVDVETWttTlZtVTFYaGV5clVOazJJOVdPVERHZ3g3MG9OV0xYdlNpMVhYWFhUZWJUN1VvNlFneW40NWV2MlBCM0RvYmFmUzR4ejF1ZmlBU3ZRTVVjUVJUazlUUWNOWXlaMy9nYkR6Z1o3UUF6TEtPR1dwa3FhSjhhOFJwbEl6czBNZHFvZzRpbjlFcTdzT0t2ZXcxVnFIazFVK29MVHByUmp6TjJRb2s1SjMxeHVuR0Q2UXJDRkJ6bVNMN1NHM0g4VDRDWHFkdkhNMnZhWUV2QUhidzFLYytkYlp6MmRJSHFUVWw2YnduQWNoSWx2TFdZVGZwOUc0bFo5S1pTWFUyeWNqMDZ2SXRYZjZraG5BdFRPcE1JM0ZxTlFTYldxUkwvS1hteVRhZHFWVmdETnB4c2kvQ0Npakk5ZGRmZjZ2UTdDaXgxOVY4SHlHdnN6WjJ3bXRhMUJjVElzVEd0Uk5lNWtDcWZWeFJ3UktQRllyWkhaMTNzdFkxY1pkRFBFZDl0YnFjeHRKb3VacnB6emFrTmFtWHg4NFozbll6cjAzVERObDJabGJ0TTFVN2dpU0RDQU5oN1Z4cjF1ZnBUMy82Nm5XdmU5MGNxdTBZWXBUWU93STFocTluYmV5VUZ6MklKdFY5T1RDRVY3emlGZlBEUTlWWEg2U0dJVHNHeVFLc2hIWUl3K2hNcktXNmllcXNtOG11TmZBMU1UaktxS3NwOUM5TXVKa2tUVEJuZGpLdk1JOWFrK0YrTmVmaFJLdjBNMlFNcnVuWnozNzI2aDN2ZU1jY3FsMHltNDVnRTZwN1hieXgwMTdUVGQxeGN0ejNZdU8rOHBXdm5COG1OUU0rOEJydXJTMU9Pek1NNGtpQ1QrYkluc0hkckk4Umxpb2pZMm9NdDNYRlhBWVBoSnJYMWtoRzg5THg3clREQ0NSWW1ja2tJWnY0cUR2ZitjN3pmVHozdWM5ZEVTU3BVSkN0UktPTzhOZkxEbm5UdHlPSVNVNmNHT1JxbU9TS0s2NlluV28wU1VMaEs0TklXT1pHS21JMUo4ZU9FbnNWRzVXK1JXcUFDcGlzKzJkSU9VMHFPeWFLajZxUThhV21CL1Z6TFY2cTJlL2NPSlkxR0RBTVVCRG1zMU9Ea1hrTEllZWpYTVpSeENCWElHZzNkdkpydXNHVHB3ZDFIUS9pclc5OTYrcWhEMzNvQVFmU01zMVJHRGo3dHViLzFTUWpHRXJuT0hjNHFsRmZybzZaWkNpMGhTaUJycnRMTWtFMzB6dk5xdFFvcVIzeU8ydThNYU5ZTjh5NUp6N3hpWFBYd1J0dXVLRjFyTGVUeXppQ1gxZmZicFdCdHdlVG9FbDRJUFJBZXN4akhqUG5Tbmp3aVFqT1dkWVNUNDF5U1d6WjlyUnFqVm9Ea21aVDdTd3lNci95R0dpTXpIYlhFRzNXV2xUNGVOVXVWU3RrYWJKTWxYWGhNTVluZmRJbnpYL1RkZkROYjM3emdScU1yY0xMajhMWEZVZGRJdkJRbUZ1MFl1SHVzWlhCL1ZCOFk3SXJJU2t3amZYVVMrT0FNWEc2K1I0ZCtyYjZGclVXSkJrb1lTQnNSb2xHalEvU3YwaC9JUk9DTWxnMlVhdU9lUUk0QVhvQ0JPVjN6M3ptTStldTVyVktyM3Z0QU9hNGRNZWJWV3NjOTh0NWNJUWZlZkF3QW5INzdJcFNoOFozMmZnY0VXZUVxL2JPcXY1RWx3aXMrQ29qVWpyZVhmNWkxSnUySnV4a0FxZTZkbFY5R2RreWh3R3pQT1FoRDVuRDVHOS8rOXR2MGJrYzJMbkp2UjM0dW1USE91VGJDUUdUSitFQjB3NkdlZ01JQldsWnc3OFYzRmlaSktOZTl1SEtpVWxkeFdJSFg3ZmNWYWU3Rm5xbGhNL2dRUjBDVXpWS01uMDNnODkzSWxMY1Avcys0aEdQbUVQamhHcHJscnRXN2UydzF3VWJ1NjliWnR5RlV3T0JjSzYxa3RROFFzNG9NYnZlTVlwOXVOSmtTdWZiV1I0bUhXVWNTMW16ejFkdGdqZWFuTlFOdGM5R0NhTkpyV29XN28wWkdQZ1pkQjNjdTNmdjZyM3ZmZStCeVVrSkNkbmhESExXTGtmMFRISzJvVWpDd0dnQkpDbjJkenJDZk80cUU3dldtQkJmb253N2NLTEp2YXpZeTFhY28rSDBTMjMvNnh3KzJ4MVZjMG9maXlJenZudkNFNTZ3ZXVNYjMzaWd4dHNlVWxuT09rcjQ3WURYemJkcm01NmpCUVhNY0hjZU9NMEFIdjd3aDg4SlJSbkNkKzM0a2JubC95QStpTlJPOHpsaVd2UEw5dnZadURrTGs3b2hsRFVmMC9ralZZUElJUHpHY2NXOFArQUJENWloSUs5Ly9lc1BkRFd2Z01FUmFQQjJydjArbEM4YXZOMXZsd08yNXBmY25SRzlyQnJSR3V6d2swNDZhU1ppQ1JMQ1QxelR5QjlKQWhhckpGNHBSeFhuYkwzMEdWSmJWS0JoSFRuV0RhbE1IOFFtQ3pBOG12SDAwMDlmUGYvNXp6OFFxdDFxMTQ5dERJczVXbDZYRTlYY3BmenRNY2x4azNTOENBbjV6bmUrY3pZOWFINnNVNXhvNE03RXlyOGhTc3cwdFlTL1M3Tk5oc2xPa0pwR3RWdjlxSE5rZGRZVFIyVU9BNytLR295WHYvemxjMkxQK1Jmci9JZ2RHcVhDcERyM21JOVVIUXFUQzdBZGtIbXdSblJPcWRucU5IKzZMZWZwMVc0cW1aeXIrQ2cxaTU4elk5N1ZjQ1NqY1F5WUVxYUFRUmxBK1pyWHZPYkFISXgxU05xYXk5aGhyMTJUNmxDOUtPR2RpT2hLSEZmUXFiYlRyK1pNNWtzNkI5N09IUWtPVEEzUU5YRk8vOExQRllHY2RSc2NuKzl3dWpHanlKODg2VWxQbW1zdzBCZzYyd2tlWERkQmFRY3l4NjVKZFRoTXJvbWdMa0w2dnZTbEw1MmRhNGd3RzBIb1pGZVRLeUVyUktwa2tpVkViVGNBcHBheGVoNk82WVFtcmdubXBRYmpHYzk0eHV4NHYrOTk3N3RGTktxcjlUNUdYcnNtMWVGK1RVUjJ2MG1UWEVQeEQ0UjVwenZkcVUwbWRnd0NjVnNEbm1EQVdzcGFlOVRXWEVZeWtkL2plQU0zQjJiL25PYzhaNTZEWVhPMVpJeFJPZXN4OEhyRDZyWWVZbk1zYTVOcE8rZU5iM3pqVFlSdmNkNjdSblNWU1NCbTBiY1pXY3IzZFF3aVkxaW9aRVRxd1E5KzhPb0ZMM2pCSEZCSTA2Z0x6eDdDb1pSSHc0dkJtWS9jMVJxM0Q2T2NmTTAxMTF6NnFFYzk2a0NpcmZvS1JxNnkxNVpWZmhWTzNwVzFKb1A0UGNmaWZEQWRYVnRlOHBLWHpLamtDZ0hwL0ljZGx0aGJXL2wzektGd2o4VFhaTTZjTmpuQyswaThFZUhLL0laaFhiUHhXUVpibmZQTVphVC9ZZlFMMzRKUUxZbkdKei81eVhPMmYvLysvYmRLNk4wR0k4V085TmRWcTZPMUZjOU9mZTNidCsrNHB6M3RhZWZkNVM1M3VabnNkT0tsZE9DRm1kZlMxU3huclUwUVlESk11Qk5QUEhIKzdmbm5uejhuOWdCV2loMWpPOHhUa282VzE0M2dxSGJOcVNQNDlkem5QdmZ1a3hhNVlHS1NtMnFMSEdlUjJNV3dHeldXQXlzeG8zQzhnWUxRN2gvSGU1MS9jWXhxRC95TTgzWkR0MGZSNjc3M3ZlK0premwwd2NRWU45bXNUaE1yUVltMTlKWDZDK0RtL0k4YWpFc3V1V1IydkVkbHExdnhMM1l3dyt6ZkROc2V2MHR4UitscjBnREhULzdIdVJOejdCZTBDSVBrYkc5YjVWRDJ5OTlubjMzMjNIa0ZqVkdyOXJhQ29EMEdOTWgxbTZiVWNic1V0b01ZWmRJZTUwem0xWFdZV09aRE1LTmdEUHdORW50QXpXKzg4Y1lETlJoTERaeVBzZXozakIzZFpZeWRiM29kTjJtT015ZkcySVBKaFJsRll1OWQ3M3JYTFlpNmZ0NEJ0ZDJmU1BhYnV2RFRkNTN2WSt5MVo4K2VrMjY0NFlaekpvSy9PcXYwMWpISE1aVDVQbXMzajdIN21sOGYrY2hIN2oweHg0VVRvMXkvNUh6dmNBWmh6c2I1MDNicUxrWHN2dG9YWnNURUtLZE5qSExKcGpPNjB4bGszN1E5WnhkNnZ2czZXSVk1QlN6Ulp1ZVYvVHVBUVdCNm1QOE1vRHE3VDNqM2RhZ1o1cDZidHZtbG01bmpveUZYOGNKTndPQXB1MDl3OTNWN2FKZ0hiakxOUmRPMlI5UHNkdkFmTHB1MkM2ZnQwZE4yLzEwTnNmczZraG5uZU9vZnB1MWhtOW5taXplM2wyMHkwWjVOKzMvZnBwU3ZyK3MzLzNkTjdQL2l6V1BnTTV5ekdYcEZvOTF4ZDhVUHordi9BN25BWGNLUHQ1QUtBQUFBQUVsRlRrU3VRbUNDO3ZlcnRpY2FsTGFiZWxQb3NpdGlvbj1ib3R0b207dmVydGljYWxBbGlnbj10b3A7aXIuc3luY2hyb25pemVkPTE7c3Ryb2tlV2lkdGg9MTsiIHBhcmVudD0iNyIgdmVydGV4PSIxIiBpc1RodW1iPSIwIj48bXhHZW9tZXRyeSB4PSIxOTQiIHk9IjM1IiB3aWR0aD0iOTAiIGhlaWdodD0iOTAiIGFzPSJnZW9tZXRyeSIvPjwvbXhDZWxsPjxteENlbGwgaWQ9IjQxIiB2YWx1ZT0iT3RoZXIgZGF0YWJhc2UgLT4gRW1iZWRkZWQgU3RvcmFnZSIgc3R5bGU9ImlyLnJlZj1jNzQxMTI4YS01OWIwLTQwMDEtOWUzMC04MGQ5ZTRmYjdjNWY7ZWRnZVN0eWxlPW5vbmU7Y3VydmVkPTE7aHRtbD0xO2lyLnN5bmNocm9uaXplZD0xO2V4aXRYPTA7ZXhpdFk9MC43NTtleGl0RHg9MDtleGl0RHk9MDtlbnRyeVg9MTtlbnRyeVk9MC43NTtlbnRyeUR4PTA7ZW50cnlEeT0wO3N0cm9rZUNvbG9yPSNCRkJGQkY7c3Ryb2tlV2lkdGg9MjtlbmRBcnJvdz1vcGVuO2VuZEZpbGw9MDtlbmRTaXplPTQ7c291cmNlUGVyaW1ldGVyU3BhY2luZz05OyIgcGFyZW50PSI3IiBzb3VyY2U9IjM1IiB0YXJnZXQ9IjM0IiBlZGdlPSIxIj48bXhHZW9tZXRyeSByZWxhdGl2ZT0iMSIgYXM9Imdlb21ldHJ5Ij48QXJyYXkgYXM9InBvaW50cyI+PG14UG9pbnQgeD0iMzQ2IiB5PSIxMjIiLz48L0FycmF5PjwvbXhHZW9tZXRyeT48L214Q2VsbD48bXhDZWxsIGlkPSIzNSIgdmFsdWU9Ik90aGVyIGRhdGFiYXNlIiBzdHlsZT0iaXIucmVmPTgyM2VlZDhlLTc5YjQtNDMyNC05ZWI1LWJkZmMxMmVkZjJhYjtyb3VuZGVkPTE7d2hpdGVTcGFjZT13cmFwO2h0bWw9MTthbGlnbj1jZW50ZXI7aW1hZ2VBbGlnbj1jZW50ZXI7aW1hZ2VXaWR0aD04MjtpbWFnZUhlaWdodD04MjthcmNTaXplPTkwO2Fic29sdXRlQXJjU2l6ZT0xO3N0cm9rZUNvbG9yPSMyMEM5RTM7ZmlsbENvbG9yPSNFM0ZDRkM7Zm9udENvbG9yPSMwMDg0QUQ7Zm9udFNpemU9MTI7c291cmNlPWlyaXVzcmlzaztpci50eXBlPUNPTVBPTkVOVDtpci5jb21wb25lbnREZWZpbml0aW9uLnJlZj1vdGhlcjtpbWFnZT1kYXRhOmltYWdlL3N2Zyt4bWwsUEhOMlp5QjRiV3h1Y3owaWFIUjBjRG92TDNkM2R5NTNNeTV2Y21jdk1qQXdNQzl6ZG1jaUlIZHBaSFJvUFNJeElpQm9aV2xuYUhROUlqRWlJSFpwWlhkQ2IzZzlJakFnTUNBeElERWlJR1pwYkd3OUltNXZibVVpUGlZamVHRTdQSE4wZVd4bFBpWWplR0U3SUNBZ0lDNXBZMjl1TFdacGJHd2dleVlqZUdFN0lDQWdJQ0FnSUNCbWFXeHNPaUFqTVRGQk9FTkdPeVlqZUdFN0lDQWdJSDBtSTNoaE96d3ZjM1I1YkdVK0ppTjRZVHM4WnlCamJHbHdMWEJoZEdnOUluVnliQ2dqWTJ4cGNEQXBJajRtSTNoaE96eHdZWFJvSUdROUlrMHdMalV3TURFMU5pQXdMalF4TlRrMU5rTXdMalk0TnpreU1TQXdMalF4TlRrMU5pQXdMamcwTURFMU5pQXdMak0wTURjM05pQXdMamcwTURFMU5pQXdMakkwTnprMU5rTXdMamcwTURFMU5pQXdMakUxTlRFek5pQXdMalk0TnpreU1TQXdMakEzT1RrMU5qRWdNQzQxTURBeE5UWWdNQzR3TnprNU5UWXhRekF1TXpFeU16a3hJREF1TURjNU9UVTJNU0F3TGpFMk1ERTFOaUF3TGpFMU5URXpOaUF3TGpFMk1ERTFOaUF3TGpJME56azFOa013TGpFMk1ERTFOaUF3TGpNME1EYzNOaUF3TGpNeE1qTTVNU0F3TGpReE5UazFOaUF3TGpVd01ERTFOaUF3TGpReE5UazFObHBOTUM0M05qa3dPVFlnTUM0ME1qTXdPVFpETUM0M09UUTNOemdnTUM0ME1UQTJNek1nTUM0NE1UZzJOelFnTUM0ek9UUTROVGNnTUM0NE5EQXhOVFlnTUM0ek56WXhPREpXTUM0M05URTVOVFpETUM0NE5EQXhOVFlnTUM0NE5EUTNOellnTUM0Mk9EYzVNakVnTUM0NU1UazVOVFlnTUM0MU1EQXhOVFlnTUM0NU1UazVOVFpETUM0ek1USXpPVEVnTUM0NU1UazVOVFlnTUM0eE5qQXhOVFlnTUM0NE5EUTNOellnTUM0eE5qQXhOVFlnTUM0M05URTVOVFpXTUM0ek56WXhPREpETUM0eE9ERTJNemtnTUM0ek9UUTROVGNnTUM0eU1EVTFNelFnTUM0ME1UQTJNek1nTUM0eU16RXlNVFlnTUM0ME1qTXdPVFpETUM0ek1ETXpPREVnTUM0ME5UZzNNVElnTUM0ek9UZzBPVFlnTUM0ME56ZzVOVFlnTUM0MU1EQXhOVFlnTUM0ME56ZzVOVFpETUM0Mk1ERTRNVFlnTUM0ME56ZzVOVFlnTUM0Mk9UWTVNekVnTUM0ME5UZzNNVElnTUM0M05qa3dPVFlnTUM0ME1qTXdPVFphSWlCamJHRnpjejBpYVdOdmJpMW1hV3hzSWk4K0ppTjRZVHM4TDJjK0ppTjRZVHM4WkdWbWN6NG1JM2hoT3p4amJHbHdVR0YwYUNCcFpEMGlZMnhwY0RBaVBpWWplR0U3UEhKbFkzUWdkMmxrZEdnOUlqRWlJR2hsYVdkb2REMGlNU0lnWm1sc2JEMGlkMmhwZEdVaUx6NG1JM2hoT3p3dlkyeHBjRkJoZEdnK0ppTjRZVHM4TDJSbFpuTStKaU40WVRzOEwzTjJaejQ9O3ZlcnRpY2FsTGFiZWxQb3NpdGlvbj1ib3R0b207dmVydGljYWxBbGlnbj10b3A7aXIuc3luY2hyb25pemVkPTE7c3Ryb2tlV2lkdGg9MTsiIHBhcmVudD0iNyIgdmVydGV4PSIxIiBpc1RodW1iPSIwIj48bXhHZW9tZXRyeSB4PSI0MDkiIHk9IjMzIiB3aWR0aD0iOTAiIGhlaWdodD0iOTAiIGFzPSJnZW9tZXRyeSIvPjwvbXhDZWxsPjxteENlbGwgaWQ9IjM3IiB2YWx1ZT0iU2Vuc29yIC0+IElvVCBBcHBsaWNhdGlvbiIgc3R5bGU9ImlyLnJlZj0zNjI4NGJhNi1kZTI2LTQ0ZGItOWM3NC1hZmIzOWE3MmIwY2E7ZWRnZVN0eWxlPW5vbmU7Y3VydmVkPTE7aHRtbD0xO2lyLnN5bmNocm9uaXplZD0xO2V4aXRYPTA7ZXhpdFk9MC41O2V4aXREeD0wO2V4aXREeT0wO3N0cm9rZUNvbG9yPSNCRkJGQkY7c3Ryb2tlV2lkdGg9MjtlbmRBcnJvdz1vcGVuO2VuZEZpbGw9MDtlbmRTaXplPTQ7c291cmNlUGVyaW1ldGVyU3BhY2luZz05OyIgcGFyZW50PSI3IiBzb3VyY2U9IjM2IiB0YXJnZXQ9IjQiIGVkZ2U9IjEiPjxteEdlb21ldHJ5IHJlbGF0aXZlPSIxIiBhcz0iZ2VvbWV0cnkiLz48L214Q2VsbD48bXhDZWxsIGlkPSIzNiIgdmFsdWU9IlNlbnNvciIgc3R5bGU9ImlyLnJlZj05MjQ2ZDg2MC1kYjMyLTQxOWMtOGZlNi1lOGZhMmVlZTE0YTA7cm91bmRlZD0xO3doaXRlU3BhY2U9d3JhcDtodG1sPTE7YWxpZ249Y2VudGVyO2ltYWdlQWxpZ249Y2VudGVyO2ltYWdlV2lkdGg9ODI7aW1hZ2VIZWlnaHQ9ODI7YXJjU2l6ZT05MDthYnNvbHV0ZUFyY1NpemU9MTtzdHJva2VDb2xvcj0jMjBDOUUzO2ZpbGxDb2xvcj0jRTNGQ0ZDO2ZvbnRDb2xvcj0jMDA4NEFEO2ZvbnRTaXplPTEyO3NvdXJjZT1pcml1c3Jpc2s7aXIudHlwZT1DT01QT05FTlQ7aXIuY29tcG9uZW50RGVmaW5pdGlvbi5yZWY9Q0QtU0VOU09SO2ltYWdlPWRhdGE6aW1hZ2Uvc3ZnK3htbCxQSE4yWnlCM2FXUjBhRDBpTVNJZ2FHVnBaMmgwUFNJeElpQjJhV1YzUW05NFBTSXdJREFnTVNBeElpQm1hV3hzUFNKdWIyNWxJaUI0Yld4dWN6MGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM5emRtY2lQanh6ZEhsc1pUNGdJQ0FnTG1samIyNHRabWxzYkNCN0lDQWdJQ0FnSUNCbWFXeHNPaUFqTVRGQk9FTkdPeUFnSUNCOVBDOXpkSGxzWlQ0OFp5QmpiR2x3TFhCaGRHZzlJblZ5YkNnalkyeHBjREJmTWpJMk4xOHlNall4TmlraVBqeHdZWFJvSUdROUlrMHdMakkyTVRReE9DQXdMalkzTlRBeU9VTXdMakkzTnpNNElEQXVOamt5TmpFeElEQXVNamsyTmprZ01DNDNNRGMzT1RFZ01DNHpNVGN5TVRrZ01DNDNNVGt6TlRaRE1DNHpNekF6TnprZ01DNDNNalkzTnlBd0xqTTBOalV3TkNBd0xqY3lNVEF5T1NBd0xqTTFNekl6TlNBd0xqY3dOalV6TkVNd0xqTTFPVGsyTnlBd0xqWTVNakF6T1NBd0xqTTFORGMxTlNBd0xqWTNOREkzT0NBd0xqTTBNVFU1TlNBd0xqWTJOamcyTkVNd0xqTXlOVGt3TXlBd0xqWTFPREF5TkNBd0xqTXhNVEUxTkNBd0xqWTBOalF6SURBdU1qazVNalk1SURBdU5qTXpNek01UXpBdU1qTTFNakU0SURBdU5UWXlOemtnTUM0eU16VXlNVGdnTUM0ME5EZzBNRGdnTUM0eU9Ua3lOamtnTUM0ek56YzROa013TGpNeE1UY3hOaUF3TGpNMk5ERTFJREF1TXpJMU5qazVJREF1TXpVek1ESXpJREF1TXpReE1EZ3hJREF1TXpRME5EVXpRekF1TXpVME1qY3lJREF1TXpNM01UQTBJREF1TXpVNU5UVTJJREF1TXpFNU16WTVJREF1TXpVeU9EZzBJREF1TXpBME9EUXhRekF1TXpRMk1qRXlJREF1TWprd016RXlJREF1TXpNd01URXhJREF1TWpnME5Ea3lJREF1TXpFMk9USWdNQzR5T1RFNE5ERkRNQzR5T1RZME9UY2dNQzR6TURNeU1Ua2dNQzR5TnpjNE9TQXdMak14T0RBeU5pQXdMakkyTVRReE9DQXdMak16TmpFMk9VTXdMakUzTmpRMk1pQXdMalF5T1RjME15QXdMakUzTmpRMk1pQXdMalU0TVRRMU5pQXdMakkyTVRReE9DQXdMalkzTlRBeU9WcE5NQzR6TkRFME9EWWdNQzQyTVRRMk1qZERNQzR6TlRNNE1UUWdNQzQyTWpneU1EWWdNQzR6TmpnNU1EVWdNQzQyTXprek5DQXdMak00TkRrMk5pQXdMalkwTnpBNU1rTXdMak01T0RVd05TQXdMalkxTXpZeU5pQXdMalF4TkRJNUlEQXVOalEyT0RNMUlEQXVOREl3TWpJeUlEQXVOak14T1RJelF6QXVOREkyTVRVMUlEQXVOakUzTURFZ01DNDBNVGs1T0RrZ01DNDFPVGsyTWpRZ01DNDBNRFkwTlNBd0xqVTVNekE1UXpBdU16azJNelV4SURBdU5UZzRNakUxSURBdU16ZzJPRE15SURBdU5UZ3hNVGt5SURBdU16YzVNek0zSURBdU5UY3lPVE0yUXpBdU16UTFOVFE1SURBdU5UTTFOekl4SURBdU16UTFOVFE1SURBdU5EYzFNemd5SURBdU16YzVNek0zSURBdU5ETTRNVFkzUXpBdU16ZzJOemcwSURBdU5ESTVPVFkwSURBdU16azFPVEF4SURBdU5ESXpNamN4SURBdU5EQTJNVEE0SURBdU5ERTRNelV4UXpBdU5ERTVOalVnTUM0ME1URTRNalVnTUM0ME1qVTRNalFnTUM0ek9UUTBORElnTUM0ME1UazRPVGtnTUM0ek56azFNalpETUM0ME1UTTVOek1nTUM0ek5qUTJNVEVnTUM0ek9UZ3hPVElnTUM0ek5UYzRNU0F3TGpNNE5EWTFJREF1TXpZME16TTJRekF1TXpZNE5TQXdMak0zTWpFeUlEQXVNelV6T0RBeElEQXVNemd5T1RFeUlEQXVNelF4TkRnMklEQXVNemsyTkRjMlF6QXVNamcyTnpreklEQXVORFUyTnpFM0lEQXVNamcyTnpreklEQXVOVFUwTXpnMklEQXVNelF4TkRnMklEQXVOakUwTmpJM1drMHdMakU1TmpreU5TQXdMamMxTWpjeE1rTXdMakl4TURVeU1TQXdMamMyTnpZNE9DQXdMakl5TmpBek1TQXdMamM0TVRnd05pQXdMakkwTWpFNU9TQXdMamM1TkRBNU4wTXdMakkxTkRNMk5DQXdMamd3TXpNME5TQXdMakkzTVRBek15QXdMamM1T1RrM09TQXdMakkzT1RReU9TQXdMamM0TmpVM09VTXdMakk0TnpneU5pQXdMamMzTXpFNElEQXVNamcwTnpjZ01DNDNOVFE0TWlBd0xqSTNNall3TlNBd0xqYzBOVFUzTWtNd0xqSTFPVEEwTXlBd0xqY3pOVEkyTXlBd0xqSTBOakF5T1NBd0xqY3lNelF4TnlBd0xqSXpORGMzTmlBd0xqY3hNVEF5TWtNd0xqRXpNVEV6TlNBd0xqVTVOamcyTnlBd0xqRXpNVEV6TlNBd0xqUXhNVGM0TmlBd0xqSXpORGMzTmlBd0xqSTVOell6TVVNd0xqSTBOVFEySURBdU1qZzFPRFl6SURBdU1qVTRORGdnTUM0eU56UXhNelVnTUM0eU56STFNRElnTUM0eU5qTTBNakZETUM0eU9EUTJORGNnTUM0eU5UUXhOREVnTUM0eU9EYzJOaklnTUM0eU16VTNOek1nTUM0eU56a3lNemNnTUM0eU1qSXpPVFpETUM0eU56QTRNVEVnTUM0eU1Ea3dNVGdnTUM0eU5UUXhNelVnTUM0eU1EVTJPVGNnTUM0eU5ERTVPU0F3TGpJeE5EazNOME13TGpJeU5UUTNOeUF3TGpJeU56VTVOU0F3TGpJeE1EQXhNeUF3TGpJME1UVXlOQ0F3TGpFNU5qa3lOU0F3TGpJMU5UazBRekF1TURjeU16YzVNaUF3TGpNNU16RXlJREF1TURjeU16YzVNaUF3TGpZeE5UVXpNaUF3TGpFNU5qa3lOU0F3TGpjMU1qY3hNbG9pSUdOc1lYTnpQU0pwWTI5dUxXWnBiR3dpTHo0OGNHRjBhQ0JrUFNKTk1DNDNNemd3T1RRZ01DNDJOelV3TWpsRE1DNDNNakl4TXpJZ01DNDJPVEkyTVRFZ01DNDNNREk0TWpJZ01DNDNNRGMzT1RFZ01DNDJPREl5T1RNZ01DNDNNVGt6TlRaRE1DNDJOamt4TXpNZ01DNDNNalkzTnlBd0xqWTFNekF3TnlBd0xqY3lNVEF5T1NBd0xqWTBOakkzTmlBd0xqY3dOalV6TkVNd0xqWXpPVFUwTlNBd0xqWTVNakF6T1NBd0xqWTBORGMxTnlBd0xqWTNOREkzT0NBd0xqWTFOemt4TnlBd0xqWTJOamcyTkVNd0xqWTNNell3T1NBd0xqWTFPREF5TkNBd0xqWTRPRE0xT0NBd0xqWTBOalF6SURBdU56QXdNalF6SURBdU5qTXpNek01UXpBdU56WTBNamswSURBdU5UWXlOemtnTUM0M05qUXlPVFFnTUM0ME5EZzBNRGdnTUM0M01EQXlORE1nTUM0ek56YzROa013TGpZNE56YzVOaUF3TGpNMk5ERTFJREF1Tmpjek9ERXpJREF1TXpVek1ESXpJREF1TmpVNE5ETWdNQzR6TkRRME5UTkRNQzQyTkRVeU5DQXdMak16TnpFd05DQXdMall6T1RrMU5pQXdMak14T1RNMk9TQXdMalkwTmpZeU9DQXdMak13TkRnME1VTXdMalkxTXpJNU9TQXdMakk1TURNeE1pQXdMalkyT1RRd01TQXdMakk0TkRRNU1pQXdMalk0TWpVNU1TQXdMakk1TVRnME1VTXdMamN3TXpBeE5TQXdMak13TXpJeE9TQXdMamN5TVRZeU1pQXdMak14T0RBeU5pQXdMamN6T0RBNU5DQXdMak16TmpFMk9VTXdMamd5TXpBMUlEQXVOREk1TnpReklEQXVPREl6TURVZ01DNDFPREUwTlRZZ01DNDNNemd3T1RRZ01DNDJOelV3TWpsYVRUQXVOalU0TURJMklEQXVOakUwTmpJM1F6QXVOalExTmprNElEQXVOakk0TWpBMklEQXVOak13TmpBM0lEQXVOak01TXpRZ01DNDJNVFExTkRZZ01DNDJORGN3T1RKRE1DNDJNREV3TURjZ01DNDJOVE0yTWpZZ01DNDFPRFV5TWpJZ01DNDJORFk0TXpVZ01DNDFOemt5T0RrZ01DNDJNekU1TWpORE1DNDFOek16TlRjZ01DNDJNVGN3TVNBd0xqVTNPVFV5TXlBd0xqVTVPVFl5TkNBd0xqVTVNekEyTVNBd0xqVTVNekE1UXpBdU5qQXpNVFl4SURBdU5UZzRNakUxSURBdU5qRXlOamdnTUM0MU9ERXhPVElnTUM0Mk1qQXhOelVnTUM0MU56STVNelpETUM0Mk5UTTVOak1nTUM0MU16VTNNakVnTUM0Mk5UTTVOak1nTUM0ME56VXpPRElnTUM0Mk1qQXhOelVnTUM0ME16Z3hOamRETUM0Mk1USTNNamdnTUM0ME1qazVOalFnTUM0Mk1ETTJNVEVnTUM0ME1qTXlOekVnTUM0MU9UTTBNRFFnTUM0ME1UZ3pOVEZETUM0MU56azROaklnTUM0ME1URTRNalVnTUM0MU56TTJPRGNnTUM0ek9UUTBORElnTUM0MU56azJNVE1nTUM0ek56azFNalpETUM0MU9EVTFNemdnTUM0ek5qUTJNVEVnTUM0Mk1ERXpNaUF3TGpNMU56Z3hJREF1TmpFME9EWXlJREF1TXpZME16TTJRekF1TmpNeE1ERXlJREF1TXpjeU1USWdNQzQyTkRVM01URWdNQzR6T0RJNU1USWdNQzQyTlRnd01qWWdNQzR6T1RZME56WkRNQzQzTVRJM01UZ2dNQzQwTlRZM01UY2dNQzQzTVRJM01UZ2dNQzQxTlRRek9EWWdNQzQyTlRnd01qWWdNQzQyTVRRMk1qZGFUVEF1T0RBeU5UZzNJREF1TnpVeU56RXlRekF1TnpnNE9Ua2dNQzQzTmpjMk9EZ2dNQzQzTnpNME9ERWdNQzQzT0RFNE1EWWdNQzQzTlRjek1UTWdNQzQzT1RRd09UZERNQzQzTkRVeE5EY2dNQzQ0TURNek5EVWdNQzQzTWpnME56a2dNQzQzT1RrNU56a2dNQzQzTWpBd09ESWdNQzQzT0RZMU56bERNQzQzTVRFMk9EWWdNQzQzTnpNeE9DQXdMamN4TkRjME1pQXdMamMxTkRneUlEQXVOekkyT1RBM0lEQXVOelExTlRjeVF6QXVOelF3TkRZNUlEQXVOek0xTWpZeklEQXVOelV6TkRneUlEQXVOekl6TkRFM0lEQXVOelkwTnpNMklEQXVOekV4TURJeVF6QXVPRFk0TXpjM0lEQXVOVGsyT0RZM0lEQXVPRFk0TXpjM0lEQXVOREV4TnpnMklEQXVOelkwTnpNMklEQXVNamszTmpNeFF6QXVOelUwTURVeUlEQXVNamcxT0RZeklEQXVOelF4TURNeUlEQXVNamMwTVRNMUlEQXVOekkzTURFZ01DNHlOak0wTWpGRE1DNDNNVFE0TmpVZ01DNHlOVFF4TkRFZ01DNDNNVEU0TkRrZ01DNHlNelUzTnpNZ01DNDNNakF5TnpVZ01DNHlNakl6T1RaRE1DNDNNamczTURFZ01DNHlNRGt3TVRnZ01DNDNORFV6TnpjZ01DNHlNRFUyT1RjZ01DNDNOVGMxTWpJZ01DNHlNVFE1TnpkRE1DNDNOelF3TXpVZ01DNHlNamMxT1RVZ01DNDNPRGswT1RnZ01DNHlOREUxTWpRZ01DNDRNREkxT0RjZ01DNHlOVFU1TkVNd0xqa3lOekV6TWlBd0xqTTVNekV5SURBdU9USTNNVE15SURBdU5qRTFOVE15SURBdU9EQXlOVGczSURBdU56VXlOekV5V2lJZ1kyeGhjM005SW1samIyNHRabWxzYkNJdlBqeGxiR3hwY0hObElHTjRQU0l3TGpRNU9UWTRPQ0lnWTNrOUlqQXVOVEE1TkRVeklpQnllRDBpTUM0d056Y3pNalEySWlCeWVUMGlNQzR3Tnpjek1qUTJJaUJqYkdGemN6MGlhV052YmkxbWFXeHNJaTgrUEM5blBqeGtaV1p6UGp4amJHbHdVR0YwYUNCcFpEMGlZMnhwY0RCZk1qSTJOMTh5TWpZeE5pSStQSEpsWTNRZ2QybGtkR2c5SWpBdU9EZ2lJR2hsYVdkb2REMGlNQzQ0T0NJZ1ptbHNiRDBpZDJocGRHVWlJSFJ5WVc1elptOXliVDBpZEhKaGJuTnNZWFJsS0RBdU1EWXdNRFU0TmlBd0xqQTJNREExT0RZcElpOCtQQzlqYkdsd1VHRjBhRDQ4TDJSbFpuTStQQzl6ZG1jKzt2ZXJ0aWNhbExhYmVsUG9zaXRpb249Ym90dG9tO3ZlcnRpY2FsQWxpZ249dG9wO2lyLnN5bmNocm9uaXplZD0xO3N0cm9rZVdpZHRoPTE7IiBwYXJlbnQ9IjciIHZlcnRleD0iMSIgaXNUaHVtYj0iMCI+PG14R2VvbWV0cnkgeD0iNDExIiB5PSIyMTEiIHdpZHRoPSI4NiIgaGVpZ2h0PSI5MCIgYXM9Imdlb21ldHJ5Ii8+PC9teENlbGw+PG14Q2VsbCBpZD0iNTgiIHZhbHVlPSJFeHRlcm5hbCBWaWRlbyBpbnRlcmZhY2UiIHN0eWxlPSJpci5yZWY9MzU2ODAyZWItZTVkNy00ODllLWIzMjUtOGNhMWIwYWNjODk4O3JvdW5kZWQ9MTt3aGl0ZVNwYWNlPXdyYXA7aHRtbD0xO2FsaWduPWNlbnRlcjtpbWFnZUFsaWduPWNlbnRlcjtpbWFnZVdpZHRoPTgyO2ltYWdlSGVpZ2h0PTgyO2FyY1NpemU9OTA7YWJzb2x1dGVBcmNTaXplPTE7c3Ryb2tlQ29sb3I9IzIwQzlFMztmaWxsQ29sb3I9I0UzRkNGQztmb250Q29sb3I9IzAwODRBRDtmb250U2l6ZT0xMjtzb3VyY2U9aXJpdXNyaXNrO2lyLnR5cGU9Q09NUE9ORU5UO2lyLmNvbXBvbmVudERlZmluaXRpb24ucmVmPWVtcHR5LWNvbXBvbmVudDt2ZXJ0aWNhbExhYmVsUG9zaXRpb249bWlkZGxlO3ZlcnRpY2FsQWxpZ249bWlkZGxlO2lyLnN5bmNocm9uaXplZD0xO3N0cm9rZVdpZHRoPTE7IiBwYXJlbnQ9IjciIHZlcnRleD0iMSIgaXNUaHVtYj0iMCI+PG14R2VvbWV0cnkgeD0iMjMiIHk9IjUwIiB3aWR0aD0iMTIyIiBoZWlnaHQ9IjQzIiBhcz0iZ2VvbWV0cnkiLz48L214Q2VsbD48bXhDZWxsIGlkPSI1OSIgdmFsdWU9IlVTQiBwb3J0IiBzdHlsZT0iaXIucmVmPThlZTQ4NWI4LTYyNTQtNGEyZC1hMDVlLTMzOWEyN2FhYmFmZjtyb3VuZGVkPTE7d2hpdGVTcGFjZT13cmFwO2h0bWw9MTthbGlnbj1jZW50ZXI7aW1hZ2VBbGlnbj1jZW50ZXI7aW1hZ2VXaWR0aD04MjtpbWFnZUhlaWdodD04MjthcmNTaXplPTkwO2Fic29sdXRlQXJjU2l6ZT0xO3N0cm9rZUNvbG9yPSMyMEM5RTM7ZmlsbENvbG9yPSNFM0ZDRkM7Zm9udENvbG9yPSMwMDg0QUQ7Zm9udFNpemU9MTI7c291cmNlPWlyaXVzcmlzaztpci50eXBlPUNPTVBPTkVOVDtpci5jb21wb25lbnREZWZpbml0aW9uLnJlZj1DRC1VU0ItUE9SVDtpbWFnZT1kYXRhOmltYWdlL3N2Zyt4bWwsUEhOMlp5QjNhV1IwYUQwaU1TSWdhR1ZwWjJoMFBTSXhJaUIyYVdWM1FtOTRQU0l3SURBZ01TQXhJaUJtYVd4c1BTSnViMjVsSWlCNGJXeHVjejBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01DOXpkbWNpUGp4emRIbHNaVDRnSUNBZ0xtbGpiMjR0Wm1sc2JDQjdJQ0FnSUNBZ0lDQm1hV3hzT2lBak1URkJPRU5HT3lBZ0lDQjlQQzl6ZEhsc1pUNDhaeUJqYkdsd0xYQmhkR2c5SW5WeWJDZ2pZMnhwY0RCZk1qSTJOMTh5TWpnek5pa2lQanh3WVhSb0lHUTlJazB3TGpFM05ETXhOaUF3TGpJeE1qZzJOa013TGpFM05ETXhOaUF3TGpFNU1UY3hNU0F3TGpFNU1UUTJOeUF3TGpFM05EVTJNU0F3TGpJeE1qWXlNaUF3TGpFM05EVTJNVWd3TGpjNE56SXhNVU13TGpnd09ETTJOaUF3TGpFM05EVTJNU0F3TGpneU5UVXhOaUF3TGpFNU1UY3hNU0F3TGpneU5UVXhOaUF3TGpJeE1qZzJObFl3TGpjNE56UTFOVU13TGpneU5UVXhOaUF3TGpnd09EWXhJREF1T0RBNE16WTJJREF1T0RJMU56WWdNQzQzT0RjeU1URWdNQzQ0TWpVM05rZ3dMakl4TWpZeU1rTXdMakU1TVRRMk55QXdMamd5TlRjMklEQXVNVGMwTXpFMklEQXVPREE0TmpFZ01DNHhOelF6TVRZZ01DNDNPRGMwTlRWV01DNHlNVEk0TmpaYUlpQmpiR0Z6Y3owaWFXTnZiaTFtYVd4c0lpOCtQSEJoZEdnZ1pEMGlUVEF1TVRnek1UQTFJREF1TWpJd05qSkRNQzR4T0RNeE1EVWdNQzR5TURBd016WWdNQzR4T1RrM09USWdNQzR4T0RNek5TQXdMakl5TURNM05pQXdMakU0TXpNMVNEQXVOemM1TkRNMVF6QXVPREF3TURFNUlEQXVNVGd6TXpVZ01DNDRNVFkzTURVZ01DNHlNREF3TXpZZ01DNDRNVFkzTURVZ01DNHlNakEyTWxZd0xqYzNPVFkzT1VNd0xqZ3hOamN3TlNBd0xqZ3dNREkyTXlBd0xqZ3dNREF4T1NBd0xqZ3hOamsxSURBdU56YzVORE0xSURBdU9ERTJPVFZJTUM0eU1qQXpOelpETUM0eE9UazNPVElnTUM0NE1UWTVOU0F3TGpFNE16RXdOU0F3TGpnd01ESTJNeUF3TGpFNE16RXdOU0F3TGpjM09UWTNPVll3TGpJeU1EWXlXaUlnWm1sc2JEMGlkMmhwZEdVaUlHWnBiR3d0YjNCaFkybDBlVDBpTUM0NElpOCtQSEJoZEdnZ1pEMGlUVEF1TlRreE1ETTRJREF1TWpVNE5qSTBRekF1TlRreE9UQTVJREF1TWpVNU1EWWdNQzQxT1RJek5EUWdNQzR5TlRrM09UUWdNQzQxT1RJek5EUWdNQzR5TmpBNE1qaERNQzQxT1RJek5EUWdNQzR5TmpFNE5qSWdNQzQxT1RFNU1Ea2dNQzR5TmpJMU9UWWdNQzQxT1RFd016Z2dNQzR5TmpNd016Sk1NQzQxTmpRNU1pQXdMakkzT0Rjd01rTXdMalUyTkRRNE5TQXdMakkzT0RrM05DQXdMalUyTkRBMUlEQXVNamM1TVRFZ01DNDFOak0yTVRVZ01DNHlOemt4TVVNd0xqVTJNekV5TlNBd0xqSTNPVEV4SURBdU5UWXlOamtnTUM0eU56a3dNREVnTUM0MU5qSXpNRGtnTUM0eU56ZzNPRFJETUM0MU5qRTBNemdnTUM0eU56Z3lOQ0F3TGpVMk1UQXdNeUF3TGpJM056UTNPQ0F3TGpVMk1UQXdNeUF3TGpJM05qUTVPVll3TGpJMk5qQTFNVWd3TGpRNU1EazNOVU13TGpRNU1qazRPQ0F3TGpJMk9USXdOeUF3TGpRNU5USTBOaUF3TGpJM016WTVOaUF3TGpRNU56YzBPU0F3TGpJM09UVXhPRU13TGpRNU9EWXlJREF1TWpneE5UTXlJREF1TkRrNU1qZzJJREF1TWpnek1ESTRJREF1TkRrNU56UTVJREF1TWpnME1EQTNRekF1TlRBd01qRXhJREF1TWpnME9UZzNJREF1TlRBd09EWTBJREF1TWpnMk16SWdNQzQxTURFM01EZ2dNQzR5T0Rnd01EZERNQzQxTURJMU5URWdNQzR5T0RrMk9UTWdNQzQxTURNeU9EVWdNQzR5T1RBNU56SWdNQzQxTURNNU1URWdNQzR5T1RFNE5ETkRNQzQxTURRMU16Y2dNQzR5T1RJM01UTWdNQzQxTURVeU56SWdNQzR5T1RNMk16Z2dNQzQxTURZeE1UVWdNQzR5T1RRMk1UaERNQzQxTURZNU5UZ2dNQzR5T1RVMU9UY2dNQzQxTURjNE1UVWdNQzR5T1RZek1EUWdNQzQxTURnMk9EWWdNQzR5T1RZM05FTXdMalV3T1RVMU5pQXdMakk1TnpFM05TQXdMalV4TURRMU5DQXdMakk1TnpNNU15QXdMalV4TVRNM09TQXdMakk1TnpNNU0wZ3dMalV4T1RJeE5WWXdMakk0T1RVMU4wTXdMalV4T1RJeE5TQXdMakk0T0RjNU5pQXdMalV4T1RRMU9TQXdMakk0T0RFM0lEQXVOVEU1T1RRNUlEQXVNamczTmpoRE1DNDFNakEwTXprZ01DNHlPRGN4T1NBd0xqVXlNVEEyTlNBd0xqSTROamswTmlBd0xqVXlNVGd5TmlBd0xqSTROamswTmtnd0xqVTBOemswTkVNd0xqVTBPRGN3TmlBd0xqSTROamswTmlBd0xqVTBPVE16TVNBd0xqSTROekU1SURBdU5UUTVPREl4SURBdU1qZzNOamhETUM0MU5UQXpNVEVnTUM0eU9EZ3hOeUF3TGpVMU1EVTFOaUF3TGpJNE9EYzVOaUF3TGpVMU1EVTFOaUF3TGpJNE9UVTFOMVl3TGpNeE5UWTNOVU13TGpVMU1EVTFOaUF3TGpNeE5qUXpOeUF3TGpVMU1ETXhNU0F3TGpNeE56QTJNeUF3TGpVME9UZ3lNU0F3TGpNeE56VTFNa013TGpVME9UTXpNU0F3TGpNeE9EQTBNaUF3TGpVME9EY3dOaUF3TGpNeE9ESTROeUF3TGpVME56azBOQ0F3TGpNeE9ESTROMGd3TGpVeU1UZ3lOa013TGpVeU1UQTJOU0F3TGpNeE9ESTROeUF3TGpVeU1EUXpPU0F3TGpNeE9EQTBNaUF3TGpVeE9UazBPU0F3TGpNeE56VTFNa013TGpVeE9UUTFPU0F3TGpNeE56QTJNeUF3TGpVeE9USXhOU0F3TGpNeE5qUXpOeUF3TGpVeE9USXhOU0F3TGpNeE5UWTNOVll3TGpNd056ZzBTREF1TlRFeE16YzVRekF1TlRBNU5qTTRJREF1TXpBM09EUWdNQzQxTURjNU56Z2dNQzR6TURjMU5qZ2dNQzQxTURZME1ERWdNQzR6TURjd01qUkRNQzQxTURRNE1qTWdNQzR6TURZME56a2dNQzQxTURNME16VWdNQzR6TURVNE5DQXdMalV3TWpJek9DQXdMak13TlRFd05rTXdMalV3TVRBME1TQXdMak13TkRNM01TQXdMalE1T1RneE55QXdMak13TXpJMk9TQXdMalE1T0RVMk5TQXdMak13TVRoRE1DNDBPVGN6TVRRZ01DNHpNREF6TXpFZ01DNDBPVFl6TURjZ01DNHlPVGt3TnprZ01DNDBPVFUxTkRVZ01DNHlPVGd3TkRaRE1DNDBPVFEzT0RRZ01DNHlPVGN3TVRJZ01DNDBPVE00TnpJZ01DNHlPVFUwTmpFZ01DNDBPVEk0TVRFZ01DNHlPVE16T1RORE1DNDBPVEUzTlNBd0xqSTVNVE15TmlBd0xqUTVNRGszTlNBd0xqSTRPVGMyTVNBd0xqUTVNRFE0TlNBd0xqSTRPRGRETUM0ME9EazVPVFVnTUM0eU9EYzJNemtnTUM0ME9Ea3lNelFnTUM0eU9EVTVPVE1nTUM0ME9EZ3lJREF1TWpnek56WXpRekF1TkRnMk9UUTRJREF1TWpnd09EYzVJREF1TkRnMU9UUXlJREF1TWpjNE5qWXhJREF1TkRnMU1UZ2dNQzR5TnpjeE1URkRNQzQwT0RRME1UZ2dNQzR5TnpVMU5pQXdMalE0TXpRek9TQXdMakkzTXpjNU1pQXdMalE0TWpJME1pQXdMakkzTVRnd05rTXdMalE0TVRBME5TQXdMakkyT1RneE9TQXdMalEzT1Rnek5DQXdMakkyT0RNMk5DQXdMalEzT0RZeElEQXVNalkzTkRNNVF6QXVORGMzTXpnMUlEQXVNalkyTlRFMElEQXVORGMyTVRJZ01DNHlOall3TlRFZ01DNDBOelE0TVRVZ01DNHlOall3TlRGSU1DNDBORFUwTXpKRE1DNDBORFF5TXpVZ01DNHlOekEyTWpJZ01DNDBOREUzTlRrZ01DNHlOelF6TnpZZ01DNDBNemd3TURVZ01DNHlOemN6TVRWRE1DNDBNelF5TlRFZ01DNHlPREF5TlRNZ01DNDBNams1TnprZ01DNHlPREUzTWpJZ01DNDBNalV4T1RFZ01DNHlPREUzTWpKRE1DNDBNVGswTWpNZ01DNHlPREUzTWpJZ01DNDBNVFEwT1RrZ01DNHlOemsyT0RJZ01DNDBNVEEwTVRnZ01DNHlOelUyTURGRE1DNDBNRFl6TXpjZ01DNHlOekUxTWlBd0xqUXdOREk1TnlBd0xqSTJOalU1TmlBd0xqUXdOREk1TnlBd0xqSTJNRGd5T0VNd0xqUXdOREk1TnlBd0xqSTFOVEEySURBdU5EQTJNek0zSURBdU1qVXdNVE0ySURBdU5ERXdOREU0SURBdU1qUTJNRFUxUXpBdU5ERTBORGs1SURBdU1qUXhPVGMwSURBdU5ERTVOREl6SURBdU1qTTVPVE0wSURBdU5ESTFNVGt4SURBdU1qTTVPVE0wUXpBdU5ESTVPVGM1SURBdU1qTTVPVE0wSURBdU5ETTBNalV4SURBdU1qUXhOREF6SURBdU5ETTRNREExSURBdU1qUTBNelF4UXpBdU5EUXhOelU1SURBdU1qUTNNamM1SURBdU5EUTBNak0xSURBdU1qVXhNRE0wSURBdU5EUTFORE15SURBdU1qVTFOakEwU0RBdU5EVXpPVEpETUM0ME5UVXlNallnTUM0eU5UVTJNRFFnTUM0ME5UWTBPVEVnTUM0eU5UVXhORElnTUM0ME5UYzNNVFlnTUM0eU5UUXlNVGRETUM0ME5UZzVOQ0F3TGpJMU16STVNaUF3TGpRMk1ERTFNU0F3TGpJMU1UZ3pOaUF3TGpRMk1UTTBPQ0F3TGpJME9UZzFRekF1TkRZeU5UUTFJREF1TWpRM09EWTBJREF1TkRZek5USTBJREF1TWpRMk1EazJJREF1TkRZME1qZzJJREF1TWpRME5UUTFRekF1TkRZMU1EUTRJREF1TWpReU9UazFJREF1TkRZMk1EVTBJREF1TWpRd056YzNJREF1TkRZM016QTJJREF1TWpNM09Ea3pRekF1TkRZNE16UWdNQzR5TXpVMk5qTWdNQzQwTmpreE1ERWdNQzR5TXpRd01UY2dNQzQwTmprMU9URWdNQzR5TXpJNU5UWkRNQzQwTnpBd09ERWdNQzR5TXpFNE9UVWdNQzQwTnpBNE5UWWdNQzR5TXpBek15QXdMalEzTVRreE55QXdMakl5T0RJMk0wTXdMalEzTWprM09DQXdMakl5TmpFNU5TQXdMalEzTXpnNUlEQXVNakkwTmpRMElEQXVORGMwTmpVeElEQXVNakl6TmpGRE1DNDBOelUwTVRNZ01DNHlNakkxTnpZZ01DNDBOelkwTWlBd0xqSXlNVE15TlNBd0xqUTNOelkzTVNBd0xqSXhPVGcxTmtNd0xqUTNPRGt5TXlBd0xqSXhPRE00TnlBd0xqUTRNREUwTnlBd0xqSXhOekk0TlNBd0xqUTRNVE0wTkNBd0xqSXhOalUxUXpBdU5EZ3lOVFF4SURBdU1qRTFPREUySURBdU5EZ3pPVEk1SURBdU1qRTFNVGMySURBdU5EZzFOVEEySURBdU1qRTBOak15UXpBdU5EZzNNRGcwSURBdU1qRTBNRGc0SURBdU5EZzROelEwSURBdU1qRXpPREUySURBdU5Ea3dORGcxSURBdU1qRXpPREUyU0RBdU5EazVNakU0UXpBdU5UQXdNell4SURBdU1qRXdOekUxSURBdU5UQXlNalkxSURBdU1qQTRNVGs0SURBdU5UQTBPVE14SURBdU1qQTJNalkzUXpBdU5UQTNOVGs0SURBdU1qQTBNek0xSURBdU5URXdOakUzSURBdU1qQXpNelk1SURBdU5URXpPVGt4SURBdU1qQXpNelk1UXpBdU5URTRNelEwSURBdU1qQXpNelk1SURBdU5USXlNRFEwSURBdU1qQTBPRGt6SURBdU5USTFNRGt4SURBdU1qQTNPVFJETUM0MU1qZ3hNemdnTUM0eU1UQTVPRGNnTUM0MU1qazJOaklnTUM0eU1UUTJPRGNnTUM0MU1qazJOaklnTUM0eU1Ua3dORU13TGpVeU9UWTJNaUF3TGpJeU16TTVNeUF3TGpVeU9ERXpPQ0F3TGpJeU56QTVNeUF3TGpVeU5UQTVNU0F3TGpJek1ERTBRekF1TlRJeU1EUTBJREF1TWpNek1UZzNJREF1TlRFNE16UTBJREF1TWpNME56RWdNQzQxTVRNNU9URWdNQzR5TXpRM01VTXdMalV4TURZeE55QXdMakl6TkRjeElEQXVOVEEzTlRrNElEQXVNak16TnpRMUlEQXVOVEEwT1RNeElEQXVNak14T0RFelF6QXVOVEF5TWpZMUlEQXVNakk1T0RneElEQXVOVEF3TXpZeElEQXVNakkzTXpZMUlEQXVORGs1TWpFNElEQXVNakkwTWpZelNEQXVORGt3TkRnMVF6QXVORGc1TlRZZ01DNHlNalF5TmpNZ01DNDBPRGcyTmpJZ01DNHlNalEwT0RFZ01DNDBPRGMzT1RJZ01DNHlNalE1TVRaRE1DNDBPRFk1TWpFZ01DNHlNalV6TlRFZ01DNDBPRFl3TmpRZ01DNHlNall3TlRrZ01DNDBPRFV5TWpFZ01DNHlNamN3TXpoRE1DNDBPRFF6TnpjZ01DNHlNamd3TVRnZ01DNDBPRE0yTkRNZ01DNHlNamc1TkRNZ01DNDBPRE13TVRjZ01DNHlNams0TVRORE1DNDBPREl6T1RFZ01DNHlNekEyT0RRZ01DNDBPREUyTlRjZ01DNHlNekU1TmpNZ01DNDBPREE0TVRNZ01DNHlNek0yTkRsRE1DNDBOems1TnlBd0xqSXpOVE16TmlBd0xqUTNPVE14TnlBd0xqSXpOalkyT1NBd0xqUTNPRGcxTlNBd0xqSXpOelkwT1VNd0xqUTNPRE01TWlBd0xqSXpPRFl5T0NBd0xqUTNOemN5TmlBd0xqSTBNREV5TkNBd0xqUTNOamcxTlNBd0xqSTBNakV6T0VNd0xqUTNORE0xTWlBd0xqSTBOemsySURBdU5EY3lNRGswSURBdU1qVXlORFE1SURBdU5EY3dNRGd4SURBdU1qVTFOakEwU0RBdU5UWXhNREF6VmpBdU1qUTFNVFUzUXpBdU5UWXhNREF6SURBdU1qUTBNVGM0SURBdU5UWXhORE00SURBdU1qUXpOREUySURBdU5UWXlNekE1SURBdU1qUXlPRGN5UXpBdU5UWXpNVGM1SURBdU1qUXlNekk0SURBdU5UWTBNRFVnTUM0eU5ESXpOVFVnTUM0MU5qUTVNaUF3TGpJME1qazFORXd3TGpVNU1UQXpPQ0F3TGpJMU9EWXlORm9pSUdOc1lYTnpQU0pwWTI5dUxXWnBiR3dpTHo0OGNHRjBhQ0JrUFNKTk1DNDJPVGsyT1RRZ01DNDBNVGN5TXpaSU1DNHpNREF3TVRKRE1DNHlPREl6TmpFZ01DNDBNVGN5T0RrZ01DNHlOalUwTkRnZ01DNDBNalF6TWpRZ01DNHlOVEk1TmpjZ01DNDBNelk0TURWRE1DNHlOREEwT0RZZ01DNDBORGt5T0RZZ01DNHlNek0wTlRFZ01DNDBOall4T1RrZ01DNHlNek16T1RnZ01DNDBPRE00TlZZd0xqWXhOekEzTjBNd0xqSXpNelExTVNBd0xqWXpORGN5T0NBd0xqSTBNRFE0TmlBd0xqWTFNVFkwTVNBd0xqSTFNamsyTnlBd0xqWTJOREV5TWtNd0xqSTJOVFEwT0NBd0xqWTNOall3TXlBd0xqSTRNak0yTVNBd0xqWTRNell6T0NBd0xqTXdNREF4TWlBd0xqWTRNelk1TVVnd0xqWTVPVFk1TkVNd0xqY3hOek0wTlNBd0xqWTRNell6T0NBd0xqY3pOREkxT0NBd0xqWTNOall3TXlBd0xqYzBOamN6T1NBd0xqWTJOREV5TWtNd0xqYzFPVEl5SURBdU5qVXhOalF4SURBdU56WTJNalUxSURBdU5qTTBOekk0SURBdU56WTJNekE0SURBdU5qRTNNRGMzVmpBdU5EZ3pPRFZETUM0M05qWXlOVFVnTUM0ME5qWXhPVGtnTUM0M05Ua3lNaUF3TGpRME9USTROaUF3TGpjME5qY3pPU0F3TGpRek5qZ3dOVU13TGpjek5ESTFPQ0F3TGpReU5ETXlOQ0F3TGpjeE56TTBOU0F3TGpReE56STRPU0F3TGpZNU9UWTVOQ0F3TGpReE56SXpObFl3TGpReE56SXpObHBOTUM0eU9ETXpOVGtnTUM0ME9ETTROVU13TGpJNE16TXpOaUF3TGpRNE1UWTFOeUF3TGpJNE16YzFNaUF3TGpRM09UUTRNU0F3TGpJNE5EVTRNU0F3TGpRM056UTFNVU13TGpJNE5UUXhJREF1TkRjMU5ESWdNQzR5T0RZMk16WWdNQzQwTnpNMU56WWdNQzR5T0RneE9EY2dNQzQwTnpJd01qVkRNQzR5T0RrM016Z2dNQzQwTnpBME56UWdNQzR5T1RFMU9ESWdNQzQwTmpreU5EZ2dNQzR5T1RNMk1UTWdNQzQwTmpnME1UbERNQzR5T1RVMk5ETWdNQzQwTmpjMU9TQXdMakk1TnpneE9TQXdMalEyTnpFM05DQXdMak13TURBeE1pQXdMalEyTnpFNU4wZ3dMalk1T1RZNU5FTXdMamN3TVRnNE55QXdMalEyTnpFM05DQXdMamN3TkRBMk15QXdMalEyTnpVNUlEQXVOekEyTURrMElEQXVORFk0TkRFNVF6QXVOekE0TVRJMElEQXVORFk1TWpRNElEQXVOekE1T1RZNUlEQXVORGN3TkRjMElEQXVOekV4TlRJZ01DNDBOekl3TWpWRE1DNDNNVE13TnpFZ01DNDBOek0xTnpZZ01DNDNNVFF5T1RZZ01DNDBOelUwTWlBd0xqY3hOVEV5TlNBd0xqUTNOelExTVVNd0xqY3hOVGsxTkNBd0xqUTNPVFE0TVNBd0xqY3hOak0zSURBdU5EZ3hOalUzSURBdU56RTJNelE0SURBdU5EZ3pPRFZXTUM0MU5UQTBOalJJTUM0eU9ETXpOVGxXTUM0ME9ETTROVm9pSUdOc1lYTnpQU0pwWTI5dUxXWnBiR3dpTHo0OEwyYytQR1JsWm5NK1BHTnNhWEJRWVhSb0lHbGtQU0pqYkdsd01GOHlNalkzWHpJeU9ETTJJajQ4Y21WamRDQjNhV1IwYUQwaU1DNDRPQ0lnYUdWcFoyaDBQU0l3TGpnNElpQm1hV3hzUFNKM2FHbDBaU0lnZEhKaGJuTm1iM0p0UFNKMGNtRnVjMnhoZEdVb01DNHdOakF3TlRnMklEQXVNRFl3TURVNE5pa2lMejQ4TDJOc2FYQlFZWFJvUGp3dlpHVm1jejQ4TDNOMlp6ND07dmVydGljYWxMYWJlbFBvc2l0aW9uPWJvdHRvbTt2ZXJ0aWNhbEFsaWduPXRvcDtpci5zeW5jaHJvbml6ZWQ9MTtzdHJva2VXaWR0aD0xOyIgcGFyZW50PSI3IiB2ZXJ0ZXg9IjEiIGlzVGh1bWI9IjAiPjxteEdlb21ldHJ5IHg9IjIxIiB5PSIxMDYiIHdpZHRoPSI5MCIgaGVpZ2h0PSI5MCIgYXM9Imdlb21ldHJ5Ii8+PC9teENlbGw+PG14Q2VsbCBpZD0iMjEiIHZhbHVlPSJXaS1GaSBwb3J0IC0+IFJvdXRlciIgc3R5bGU9ImlyLnJlZj1iOTdlZTY5Zi01NjViLTQ4YWMtYmUyNS1jZjNmYjYzMWQ3NDg7ZWRnZVN0eWxlPW5vbmU7Y3VydmVkPTE7aHRtbD0xO2lyLnN5bmNocm9uaXplZD0xO3N0cm9rZUNvbG9yPSNCRkJGQkY7c3Ryb2tlV2lkdGg9MjtlbmRBcnJvdz1vcGVuO2VuZEZpbGw9MDtlbmRTaXplPTQ7c291cmNlUGVyaW1ldGVyU3BhY2luZz05OyIgcGFyZW50PSIzIiBzb3VyY2U9IjE4IiB0YXJnZXQ9IjE5IiBlZGdlPSIxIj48bXhHZW9tZXRyeSByZWxhdGl2ZT0iMSIgYXM9Imdlb21ldHJ5Ii8+PC9teENlbGw+PG14Q2VsbCBpZD0iMTYiIHZhbHVlPSJCbHVldG9vdGggcG9ydCAtPiBCbHVldG9vdGggcG9ydCIgc3R5bGU9ImlyLnJlZj05ZGM2MzVhYi00ZTQ4LTQ1ODYtYWEwNS0xNmYxMWRkNzQ5M2U7ZWRnZVN0eWxlPW5vbmU7Y3VydmVkPTE7aHRtbD0xO2lyLnN5bmNocm9uaXplZD0xO3N0cm9rZUNvbG9yPSNCRkJGQkY7c3Ryb2tlV2lkdGg9MjtlbmRBcnJvdz1vcGVuO2VuZEZpbGw9MDtlbmRTaXplPTQ7c291cmNlUGVyaW1ldGVyU3BhY2luZz05OyIgcGFyZW50PSIzIiBzb3VyY2U9IjgiIHRhcmdldD0iOSIgZWRnZT0iMSI+PG14R2VvbWV0cnkgcmVsYXRpdmU9IjEiIGFzPSJnZW9tZXRyeSI+PEFycmF5IGFzPSJwb2ludHMiPjxteFBvaW50IHg9IjYxNSIgeT0iMjUyIi8+PC9BcnJheT48L214R2VvbWV0cnk+PC9teENlbGw+PG14Q2VsbCBpZD0iMTciIHZhbHVlPSJCbHVldG9vdGggcG9ydCAtPiBCbHVldG9vdGggcG9ydCIgc3R5bGU9ImlyLnJlZj0wYzA4NWIxNC03MWQwLTQyMGYtOTExMC0wOGZjM2M1MGI4ODc7ZWRnZVN0eWxlPW5vbmU7Y3VydmVkPTE7aHRtbD0xO2lyLnN5bmNocm9uaXplZD0xO3N0cm9rZUNvbG9yPSNCRkJGQkY7c3Ryb2tlV2lkdGg9MjtlbmRBcnJvdz1vcGVuO2VuZEZpbGw9MDtlbmRTaXplPTQ7c291cmNlUGVyaW1ldGVyU3BhY2luZz05OyIgcGFyZW50PSIzIiBzb3VyY2U9IjkiIHRhcmdldD0iOCIgZWRnZT0iMSI+PG14R2VvbWV0cnkgcmVsYXRpdmU9IjEiIGFzPSJnZW9tZXRyeSI+PEFycmF5IGFzPSJwb2ludHMiPjxteFBvaW50IHg9IjYyNCIgeT0iMzIyIi8+PC9BcnJheT48L214R2VvbWV0cnk+PC9teENlbGw+PG14Q2VsbCBpZD0idGVtcGxhdGUtMTAwNDIxLWI2MWQ2OTExLTMzOGQtNDZhOC05ZjM5LThkY2QyNGFiZmU5MS0yIiB2YWx1ZT0iUHVibGljIENsb3VkIiBzdHlsZT0iaXIucmVmPWI2MWQ2OTExLTMzOGQtNDZhOC05ZjM5LThkY2QyNGFiZmU5MTtyb3VuZGVkPTE7d2hpdGVTcGFjZT13cmFwO3JlY3Vyc2l2ZVJlc2l6ZT0wO2h0bWw9MTt2ZXJ0aWNhbEFsaWduPXRvcDthbGlnbj1sZWZ0O2Rhc2hlZD0xO3N0cm9rZVdpZHRoPTE7YXJjU2l6ZT0zO2Fic29sdXRlQXJjU2l6ZT0xO3NwYWNpbmdUb3A9MTtzcGFjaW5nTGVmdD0zMjtzdHJva2VDb2xvcj0jNzU3NUVCO2ZpbGxDb2xvcj0jRjBGMEZGO2ZpbGxPcGFjaXR5PTMwO2ZvbnRDb2xvcj0jNTY1MUUwO2Nvbm5lY3RhYmxlPTA7Y29udGFpbmVyPTE7c291cmNlPWlyaXVzcmlzaztpci50eXBlPVRSVVNUWk9ORTsiIHBhcmVudD0iMSIgdmVydGV4PSIxIiBpc1RodW1iPSIwIj48bXhHZW9tZXRyeSB4PSItNDIwIiB5PSItMzUyIiB3aWR0aD0iODc0IiBoZWlnaHQ9IjUyMCIgYXM9Imdlb21ldHJ5Ii8+PC9teENlbGw+PG9iamVjdCBsYWJlbD0iQVdTIEFjY291bnQgRW52aXJvbm1lbnQiIGlyLnNvdXJjZVN0eWxlPSJyb3VuZGVkPTE7d2hpdGVTcGFjZT13cmFwO2h0bWw9MTtpbWFnZUFsaWduPWNlbnRlcjtpbWFnZVdpZHRoPTgyO2ltYWdlSGVpZ2h0PTgyO2Fic29sdXRlQXJjU2l6ZT0xO3N0cm9rZUNvbG9yPSMyMEM5RTM7Zm9udFNpemU9MTI7c291cmNlPWlyaXVzcmlzazt2ZXJ0aWNhbEFsaWduPXRvcDtzdHJva2VXaWR0aD0xO2NvbnRhaW5lcj0wO3JlY3Vyc2l2ZVJlc2l6ZT0xO2FsaWduPWNlbnRlcjthcmNTaXplPTkwO2ltYWdlPWRhdGE6aW1hZ2Uvc3ZnK3htbCxQSE4yWnlCNGJXeHVjejBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01DOXpkbWNpSUhkcFpIUm9QU0l4SWlCb1pXbG5hSFE5SWpFaUlIWnBaWGRDYjNnOUlqQWdNQ0F4SURFaUlHWnBiR3c5SW01dmJtVWlQaVlqZUdFN1BHMWhjMnNnYVdROUltMWhjMnN3SWlCdFlYTnJMWFI1Y0dVOUltRnNjR2hoSWlCdFlYTnJWVzVwZEhNOUluVnpaWEpUY0dGalpVOXVWWE5sSWlCNFBTSXdJaUI1UFNJd0lpQjNhV1IwYUQwaU1TSWdhR1ZwWjJoMFBTSXhJajRtSTNoaE96eGphWEpqYkdVZ1kzZzlJakF1TlNJZ1kzazlJakF1TlNJZ2NqMGlNQzQxSWlCbWFXeHNQU0ppYkdGamF5SXZQaVlqZUdFN1BDOXRZWE5yUGlZamVHRTdQR2NnYldGemF6MGlkWEpzS0NOdFlYTnJNQ2tpUGlZamVHRTdQSEJoZEdnZ1pEMGlUVEVnTUVnd1ZqRklNVll3V2lJZ1ptbHNiRDBpZFhKc0tDTndZV2x1ZERCZmJHbHVaV0Z5S1NJdlBpWWplR0U3UEhCaGRHZ2daRDBpVFRBdU5EYzJOekkwSURBdU5qZ3dNekF6U0RBdU1UVTVPVEV5VmpBdU5qTXdPRGM0UXpBdU1UVTVPRE16SURBdU5UY3lOakExSURBdU1UYzVNekl5SURBdU5URTFPVGt6SURBdU1qRTFNalUySURBdU5EY3dNVEU1UXpBdU1qVXhNVGc1SURBdU5ESTBNalExSURBdU16QXhORGcwSURBdU16a3hOelkzSURBdU16VTRNRGM0SURBdU16YzNPRGt4VERBdU16WXpPVE01SURBdU16YzJORFkxVERBdU16WTVNekkxSURBdU16YzVNekUyUXpBdU16ZzNNemM0SURBdU16ZzRPVGd4SURBdU5EQTNOVE0zSURBdU16azBNRE00SURBdU5ESTRNREUwSURBdU16azBNRE00UXpBdU5EUTRORGt4SURBdU16azBNRE00SURBdU5EWTROalV4SURBdU16ZzRPVGd4SURBdU5EZzJOekEwSURBdU16YzVNekUyVERBdU5Ea3lNRGc1SURBdU16YzJORFkxVERBdU5EazNPVFVnTUM0ek56YzRPVEZETUM0MU5EZzRNVGdnTUM0ek9UQTFNRGdnTUM0MU9UUTNNamtnTUM0ME1UZ3hJREF1TmpJNU56UTBJREF1TkRVM01EazRUREF1TmpBMk15QXdMalEzT0RNeU5VTXdMalUzTmpZd09DQXdMalEwTlRVMU5TQXdMalV6T0RFeE5pQXdMalF5TWpBeE9TQXdMalE1TlRReE5pQXdMalF4TURVeU5FTXdMalEzTkRJd09DQXdMalF5TURnZ01DNDBOVEE1TkRjZ01DNDBNall4TXprZ01DNDBNamN6T0RFZ01DNDBNall4TXpsRE1DNDBNRE00TVRRZ01DNDBNall4TXprZ01DNHpPREExTlRRZ01DNDBNakE0SURBdU16VTVNelExSURBdU5ERXdOVEkwUXpBdU16RXhNREl4SURBdU5ESXpOelF6SURBdU1qWTRNemMwSURBdU5EVXlORFl6SURBdU1qTTNPVFV6SURBdU5Ea3lNamN5UXpBdU1qQTNOVE16SURBdU5UTXlNRGdnTUM0eE9URXdNak1nTUM0MU9EQTNOellnTUM0eE9UQTVOaUF3TGpZek1EZzNPRll3TGpZME9EWXlTREF1TkRjMk1EbE1NQzQwTnpZM01qUWdNQzQyT0RBek1ETmFJaUJtYVd4c1BTSjNhR2wwWlNJdlBpWWplR0U3UEhCaGRHZ2daRDBpVFRBdU5ESTNOak0xSURBdU5ESTFNREUxUXpBdU5EQXpOek00SURBdU5ESTFNRGcySURBdU16Z3dNakEzSURBdU5ERTVNVFE1SURBdU16VTVNakEwSURBdU5EQTNOelE0UXpBdU16TXhNemswSURBdU16a3lOVGMzSURBdU16QTVOREk1SURBdU16WTROVGMwSURBdU1qazJOemMzSURBdU16TTVOVE5ETUM0eU9EUXhNalFnTUM0ek1UQTBPRFlnTUM0eU9ERTFNRFVnTUM0eU56Z3dOVFVnTUM0eU9Ea3pNek1nTUM0eU5EY3pOVFpETUM0eU9UY3hOaklnTUM0eU1UWTJOVGdnTUM0ek1UUTVPVEVnTUM0eE9EazBORElnTUM0ek5EQXdNRFlnTUM0eE56QXdNRFJETUM0ek5qVXdNakVnTUM0eE5UQTFOallnTUM0ek9UVTNPVGdnTUM0eE5EQXdNVFVnTUM0ME1qYzBOemNnTUM0eE5EQXdNVFZETUM0ME5Ua3hOVFlnTUM0eE5EQXdNVFVnTUM0ME9EazVNek1nTUM0eE5UQTFOallnTUM0MU1UUTVORGdnTUM0eE56QXdNRFJETUM0MU16azVOak1nTUM0eE9EazBORElnTUM0MU5UYzNPVE1nTUM0eU1UWTJOVGdnTUM0MU5qVTJNakVnTUM0eU5EY3pOVFpETUM0MU56TTBORGtnTUM0eU56Z3dOVFVnTUM0MU56QTRNeUF3TGpNeE1EUTROaUF3TGpVMU9ERTNOeUF3TGpNek9UVXpRekF1TlRRMU5USTFJREF1TXpZNE5UYzBJREF1TlRJek5UWWdNQzR6T1RJMU56Y2dNQzQwT1RVM05TQXdMalF3TnpjME9GWXdMalF3TnpjME9FTXdMalEzTkRneE1pQXdMalF4T1RBeU1pQXdMalExTVRReE5TQXdMalF5TkRrMU5DQXdMalF5TnpZek5TQXdMalF5TlRBeE5WcE5NQzQwTWpjMk16VWdNQzR4TnpVMk56SkRNQzQwTURNeU9Ea2dNQzR4TnpVeU1EVWdNQzR6TnprME9USWdNQzR4T0RJNU15QXdMak0yTURBMk1TQXdMakU1TnpZd05rTXdMak0wTURZeklEQXVNakV5TWpneklEQXVNekkyTmpreUlEQXVNak16TURZeElEQXVNekl3TkRneElEQXVNalUyTmpBM1F6QXVNekUwTWpjeElEQXVNamd3TVRVMElEQXVNekUyTVRRNElEQXVNekExTVRBMElEQXVNekkxT0RFeklEQXVNekkzTkRVMVF6QXVNek0xTkRjM0lEQXVNelE1T0RBM0lEQXVNelV5TXpZNUlEQXVNelk0TWpZMUlEQXVNemN6TnpjNElEQXVNemM1T0RZM1F6QXVNemt3TVRRMUlEQXVNemc0TmpRMUlEQXVOREE0TkRJNUlEQXVNemt6TWpNNElEQXVOREkzTURBeUlEQXVNemt6TWpNNFF6QXVORFExTlRjMElEQXVNemt6TWpNNElEQXVORFl6T0RVNElEQXVNemc0TmpRMUlEQXVORGd3TWpJMklEQXVNemM1T0RZM1F6QXVOVEF4TlRNZ01DNHpOamd6TVRJZ01DNDFNVGd6TmlBd0xqTTBPVGsyTmlBd0xqVXlPREEwTVNBd0xqTXlOemMwTmtNd0xqVXpOemN5TVNBd0xqTXdOVFV5TmlBd0xqVXpPVFk1TlNBd0xqSTRNRGN3TnlBd0xqVXpNelkxSURBdU1qVTNNak0yUXpBdU5USTNOakExSURBdU1qTXpOelkwSURBdU5URXpPRGc0SURBdU1qRXlPVGczSURBdU5EazBOamM0SURBdU1UazRNakE1UXpBdU5EYzFORFk1SURBdU1UZ3pORE1nTUM0ME5URTROekVnTUM0eE56VTBPVGNnTUM0ME1qYzJNelVnTUM0eE56VTJOekpXTUM0eE56VTJOekphSWlCbWFXeHNQU0ozYUdsMFpTSXZQaVlqZUdFN1BIQmhkR2dnWkQwaVRUQXVOamN6TkRJMklEQXVPRFl3TURRNFREQXVOVEEwT0RneklEQXVOell5TnpneVZqQXVOVFk0TURreFREQXVOamN6TkRJMklEQXVORGN3T0RJMVREQXVPRFF4T1RZNUlEQXVOVFk0TURreFZqQXVOell5TnpneVREQXVOamN6TkRJMklEQXVPRFl3TURRNFdrMHdMalV6TmpVMk5DQXdMamMwTkRRd05rd3dMalkzTXpReU5pQXdMamd5TXpZeE0wd3dMamd4TURJNE9DQXdMamMwTkRRd05sWXdMalU0TlRrNU1rd3dMalkzTXpReU5pQXdMalV3TmpjNE5Vd3dMalV6TmpVMk5DQXdMalU0TlRrNU1sWXdMamMwTkRRd05sb2lJR1pwYkd3OUluZG9hWFJsSWk4K0ppTjRZVHM4Y0dGMGFDQmtQU0pOTUM0Mk56TTFOak1nTUM0Mk9ETTJOemRNTUM0MU1USTVNemtnTUM0MU9URXdNRFJNTUM0MU1qZzNPQ0F3TGpVMk16VTVPVXd3TGpZM016VTJNeUF3TGpZME56QTRNMHd3TGpneE9ETTBOaUF3TGpVMk16VTVPVXd3TGpnek5ERTROeUF3TGpVNU1UQXdORXd3TGpZM016VTJNeUF3TGpZNE16WTNOMW9pSUdacGJHdzlJbmRvYVhSbElpOCtKaU40WVRzOGNHRjBhQ0JrUFNKTk1DNDJPRGt6T1RZZ01DNDJOalUxTWpkSU1DNDJOVGMzTVRWV01DNDROREU0TkRKSU1DNDJPRGt6T1RaV01DNDJOalUxTWpkYUlpQm1hV3hzUFNKM2FHbDBaU0l2UGlZamVHRTdQQzluUGlZamVHRTdQR1JsWm5NK0ppTjRZVHM4YkdsdVpXRnlSM0poWkdsbGJuUWdhV1E5SW5CaGFXNTBNRjlzYVc1bFlYSWlJSGd4UFNJdE1DNHlNRGN4TURjaUlIa3hQU0l4TGpJd056RTFJaUI0TWowaU1TNHlNRGN4TVNJZ2VUSTlJaTB3TGpJd056QTJOeUlnWjNKaFpHbGxiblJWYm1sMGN6MGlkWE5sY2xOd1lXTmxUMjVWYzJVaVBpWWplR0U3UEhOMGIzQWdjM1J2Y0MxamIyeHZjajBpSTBNNE5URXhRaUl2UGlZamVHRTdQSE4wYjNBZ2IyWm1jMlYwUFNJeElpQnpkRzl3TFdOdmJHOXlQU0lqUmtZNU9UQXdJaTgrSmlONFlUczhMMnhwYm1WaGNrZHlZV1JwWlc1MFBpWWplR0U3UEM5a1pXWnpQaVlqZUdFN1BDOXpkbWMrO3ZlcnRpY2FsTGFiZWxQb3NpdGlvbj1ib3R0b207IiBpZD0idGVtcGxhdGUtMTAwNDIxLWZhYzg5ZjQxLTVmNGItNDliOC1iMmIxLTJjZGJmNjE2NjM5ZC0xMSI+PG14Q2VsbCBzdHlsZT0iaXIucmVmPWZhYzg5ZjQxLTVmNGItNDliOC1iMmIxLTJjZGJmNjE2NjM5ZDtyb3VuZGVkPTE7d2hpdGVTcGFjZT13cmFwO2h0bWw9MTtpbWFnZUFsaWduPWNlbnRlcjtpbWFnZVdpZHRoPTgyO2ltYWdlSGVpZ2h0PTgyO2Fic29sdXRlQXJjU2l6ZT0xO3N0cm9rZUNvbG9yPSMyMEM5RTM7ZmlsbENvbG9yPSNFM0ZDRkM7Zm9udENvbG9yPSMwMDg0QUQ7Zm9udFNpemU9MTM7c291cmNlPWN1c3RvbTtpci50eXBlPUNPTVBPTkVOVDtpci5jb21wb25lbnREZWZpbml0aW9uLnJlZj1hbWF6b24td2ViLXNlcnZpY2VzLWVudmlyb25tZW50O3ZlcnRpY2FsQWxpZ249dG9wO2lyLnN5bmNocm9uaXplZD0xO3N0cm9rZVdpZHRoPTE7Y29udGFpbmVyPTE7cmVjdXJzaXZlUmVzaXplPTA7YWxpZ249bGVmdDthcmNTaXplPTM7cGVyaW1ldGVyPXJlY3RhbmdsZVBlcmltZXRlcjt0ZXh0RGlyZWN0aW9uPWx0cjtzcGFjaW5nVG9wPTE7c3BhY2luZ0xlZnQ9MzI7IiBwYXJlbnQ9InRlbXBsYXRlLTEwMDQyMS1iNjFkNjkxMS0zMzhkLTQ2YTgtOWYzOS04ZGNkMjRhYmZlOTEtMiIgdmVydGV4PSIxIiBpc1RodW1iPSIwIj48bXhHZW9tZXRyeSB4PSIyOCIgeT0iMzkiIHdpZHRoPSI4MTUiIGhlaWdodD0iNDQ3IiBhcz0iZ2VvbWV0cnkiLz48L214Q2VsbD48L29iamVjdD48bXhDZWxsIGlkPSIyMCIgdmFsdWU9IkFXUyBXQUYgKFdlYiBBcHBsaWNhdGlvbiBGaXJld2FsbCkiIHN0eWxlPSJpci5yZWY9ZGEyMWU1MWItZmYyZS00NzcyLTgwZjUtNjAwZDdmZWVhZmZhO3JvdW5kZWQ9MTt3aGl0ZVNwYWNlPXdyYXA7aHRtbD0xO2FsaWduPWNlbnRlcjtpbWFnZUFsaWduPWNlbnRlcjtpbWFnZVdpZHRoPTgyO2ltYWdlSGVpZ2h0PTgyO2FyY1NpemU9OTA7YWJzb2x1dGVBcmNTaXplPTE7c3Ryb2tlQ29sb3I9IzIwQzlFMztmaWxsQ29sb3I9I0UzRkNGQztmb250Q29sb3I9IzAwODRBRDtmb250U2l6ZT0xMjtzb3VyY2U9aXJpdXNyaXNrO2lyLnR5cGU9Q09NUE9ORU5UO2lyLmNvbXBvbmVudERlZmluaXRpb24ucmVmPUNELVdBRjtpbWFnZT1kYXRhOmltYWdlL3N2Zyt4bWwsUEhOMlp5QjRiV3h1Y3owaWFIUjBjRG92TDNkM2R5NTNNeTV2Y21jdk1qQXdNQzl6ZG1jaUlIZHBaSFJvUFNJeElpQm9aV2xuYUhROUlqRWlJSFpwWlhkQ2IzZzlJakFnTUNBeElERWlJR1pwYkd3OUltNXZibVVpUGlZamVHRTdQRzFoYzJzZ2FXUTlJbTFoYzJzd0lpQnRZWE5yTFhSNWNHVTlJbUZzY0doaElpQnRZWE5yVlc1cGRITTlJblZ6WlhKVGNHRmpaVTl1VlhObElpQjRQU0l3SWlCNVBTSXdJaUIzYVdSMGFEMGlNU0lnYUdWcFoyaDBQU0l4SWo0bUkzaGhPenhqYVhKamJHVWdZM2c5SWpBdU5TSWdZM2s5SWpBdU5TSWdjajBpTUM0MUlpQm1hV3hzUFNKaWJHRmpheUl2UGlZamVHRTdQQzl0WVhOclBpWWplR0U3UEdjZ2JXRnphejBpZFhKc0tDTnRZWE5yTUNraVBpWWplR0U3UEdjZ1kyeHBjQzF3WVhSb1BTSjFjbXdvSTJOc2FYQXdLU0krSmlONFlUczhjR0YwYUNCa1BTSk5NU0F3U0RCV01VZ3hWakJhSWlCbWFXeHNQU0oxY213b0kzQmhhVzUwTUY5c2FXNWxZWElwSWk4K0ppTjRZVHM4Y0dGMGFDQmtQU0pOTUM0Mk5qazVOemtnTUM0Mk5UQTJPVGxNTUM0Mk5URXhNak1nTUM0Mk5qazFOVFpNTUM0NE1UQTFOVElnTUM0NE1qZzVPRGxNTUM0NE1qazBNRGdnTUM0NE1UQXhNekpNTUM0Mk5qazVOemtnTUM0Mk5UQTJPVGxhSWlCbWFXeHNQU0ozYUdsMFpTSXZQaVlqZUdFN1BIQmhkR2dnWkQwaVRUQXVNVGc1TlRFeElEQXVNVGN3TVRBNVREQXVNVGN3TmpVMElEQXVNVGc0T1RZMVREQXVNelEzTXpNNElEQXVNelkxTmpRM1REQXVNelkyTVRrMUlEQXVNelEyTnpreFREQXVNVGc1TlRFeElEQXVNVGN3TVRBNVdpSWdabWxzYkQwaWQyaHBkR1VpTHo0bUkzaGhPenh3WVhSb0lHUTlJazB3TGpNd05EQXpNaUF3TGpZM056STRPRXd3TGpJeE1EWTVNeUF3TGpjM01EWXpUREF1TWpJNU5UVWdNQzQzT0RrME9EZE1NQzR6TWpJNE9EZ2dNQzQyT1RZeE5EVk1NQzR6TURRd016SWdNQzQyTnpjeU9EaGFJaUJtYVd4c1BTSjNhR2wwWlNJdlBpWWplR0U3UEhCaGRHZ2daRDBpVFRBdU56Y3dOekEzSURBdU1qRXdOakUzVERBdU5qYzNNelk0SURBdU16QXpPVFUxVERBdU5qazJNakkwSURBdU16SXlPREV4VERBdU56ZzVOVFl6SURBdU1qSTVORGN6VERBdU56Y3dOekEzSURBdU1qRXdOakUzV2lJZ1ptbHNiRDBpZDJocGRHVWlMejRtSTNoaE96eHdZWFJvSUdROUlrMHdMamd6TXpNeE55QXdMalE0Tmpjek5WWXdMalV4TXpRd01rZ3dMamd3TmpZMU1VTXdMamd3TkRJeU1pQXdMalUzTXpRM0lEQXVOemcwTURNNElEQXVOak14TkRjZ01DNDNORGcyTlRFZ01DNDJPREF3TmpoTU1DNDNNamN3TlRFZ01DNDJOalF6TXpWRE1DNDNOVGt3TmpNZ01DNDJNakF6TURZZ01DNDNOemN6TkRFZ01DNDFOamMzT1RNZ01DNDNOemsxT0RRZ01DNDFNVE0wTURKSU1DNDNOVEk1TVRkV01DNDBPRFkzTXpWSU1DNDNOemsxT0RSRE1DNDNOemN5TmpNZ01DNDBNekkwT0RJZ01DNDNOVGc1T0RrZ01DNHpPREF4TVRrZ01DNDNNamN3TlRFZ01DNHpNell5TURKTU1DNDNORGcyTlRFZ01DNHpNakF3TmpoRE1DNDNPRE01TkRNZ01DNHpOamcyT1RnZ01DNDRNRFF3TXpRZ01DNDBNalkyT1RVZ01DNDRNRFl6T0RRZ01DNDBPRFkzTXpWSU1DNDRNek16TVRkYUlpQm1hV3hzUFNKM2FHbDBaU0l2UGlZamVHRTdQSEJoZEdnZ1pEMGlUVEF1Tmpnd01EWTRJREF1TWpVeE16a3lUREF1TmpZME16TTFJREF1TWpjeU9Ua3lRekF1TmpJd016QTJJREF1TWpRd09UZ2dNQzQxTmpjM09UTWdNQzR5TWpJM01ESWdNQzQxTVRNME1ESWdNQzR5TWpBME5UbFdNQzR5TkRjeE1qWklNQzQwT0RZM016VldNQzR5TWpBME5UbERNQzQwTXpJME9ESWdNQzR5TWpJM09DQXdMak00TURFeE9TQXdMakkwTVRBMU5DQXdMak16TmpJd01pQXdMakkzTWprNU1rd3dMak15TURBMk9DQXdMakkxTVRNNU1rTXdMak0yT0RZNU9DQXdMakl4TmpFZ01DNDBNalkyT1RVZ01DNHhPVFl3TURrZ01DNDBPRFkzTXpVZ01DNHhPVE0yTlRsV01DNHhOalk1T1RKSU1DNDFNVE0wTURKV01DNHhPVE0yTlRsRE1DNDFOek0wTkRJZ01DNHhPVFl3TURrZ01DNDJNekUwTXprZ01DNHlNVFl4SURBdU5qZ3dNRFk0SURBdU1qVXhNemt5VmpBdU1qVXhNemt5V2lJZ1ptbHNiRDBpZDJocGRHVWlMejRtSTNoaE96eHdZWFJvSUdROUlrMHdMalk0TURBMk9DQXdMamMwT0RZMU1VTXdMall6TVRRek9TQXdMamM0TXprME15QXdMalUzTXpRME1pQXdMamd3TkRBek5DQXdMalV4TXpRd01pQXdMamd3TmpNNE5GWXdMamd6TXpBMU1VZ3dMalE0Tmpjek5WWXdMamd3TmpNNE5FTXdMalF5TmpZNU5TQXdMamd3TkRBek5DQXdMak0yT0RZNU9DQXdMamM0TXprME15QXdMak15TURBMk9DQXdMamMwT0RZMU1Vd3dMak16TlRnd01pQXdMamN5TnpBMU1VTXdMak0zT1Rnek1TQXdMamMxT1RBMk15QXdMalF6TWpNME5DQXdMamMzTnpNME1TQXdMalE0Tmpjek5TQXdMamMzT1RVNE5GWXdMamMxTWpreE9FZ3dMalV4TXpRd01sWXdMamMzT1RVNE5FTXdMalUyTnpZMU5TQXdMamMzTnpJMk15QXdMall5TURBeE9DQXdMamMxT0RrNE9TQXdMalkyTXprek5TQXdMamN5TnpBMU1Vd3dMalk0TURBMk9DQXdMamMwT0RZMU1Wb2lJR1pwYkd3OUluZG9hWFJsSWk4K0ppTjRZVHM4Y0dGMGFDQmtQU0pOTUM0eU1qQTBOVGtnTUM0MU1UTTBNREpETUM0eU1qSTNPQ0F3TGpVMk56WTFOU0F3TGpJME1UQTFOQ0F3TGpZeU1EQXhPQ0F3TGpJM01qazVNaUF3TGpZMk16a3pOVXd3TGpJMU1UTTVNaUF3TGpZNE1EQTJPRU13TGpJeE5qRWdNQzQyTXpFME16a2dNQzR4T1RZd01Ea2dNQzQxTnpNME5ESWdNQzR4T1RNMk5Ua2dNQzQxTVRNME1ESklNQzR4TmpZNU9USldNQzQwT0RZM016VklNQzR4T1RNMk5UbERNQzR4T1RZd01Ea2dNQzQwTWpZMk9UVWdNQzR5TVRZeElEQXVNelk0TmprNElEQXVNalV4TXpreUlEQXVNekl3TURZNFREQXVNamN5T1RreUlEQXVNek0xT0RBeVF6QXVNalF3T1RnZ01DNHpOems0TXpFZ01DNHlNakkzTURJZ01DNDBNekl6TkRRZ01DNHlNakEwTlRrZ01DNDBPRFkzTXpWSU1DNHlORGN4TWpaV01DNDFNVE0wTURKSU1DNHlNakEwTlRsYUlpQm1hV3hzUFNKM2FHbDBaU0l2UGlZamVHRTdQSEJoZEdnZ1pEMGlUVEF1TmpJd05EYzVJREF1TkRFMU9EUXhRekF1TmpFNE5UVWdNQzQwTVRRNE1UUWdNQzQyTVRZek9UZ2dNQzQwTVRReU56Y2dNQzQyTVRReU1USWdNQzQwTVRReU56ZERNQzQyTVRJd01qWWdNQzQwTVRReU56Y2dNQzQyTURrNE56UWdNQzQwTVRRNE1UUWdNQzQyTURjNU5EVWdNQzQwTVRVNE5ERkRNQzQyTURVNU56Z2dNQzQwTVRZNE5ETWdNQzQyTURReU9TQXdMalF4T0RNeE9DQXdMall3TXpBek5DQXdMalF5TURFek0wTXdMall3TVRjM055QXdMalF5TVRrME9DQXdMall3TURrNU1TQXdMalF5TkRBME55QXdMall3TURjME5TQXdMalF5TmpJME1VTXdMalU1T1RreU5pQXdMalF6TkRNM01TQXdMalU1T0RVME5TQXdMalEwTWpRek5TQXdMalU1TmpZeE1pQXdMalExTURNM05VTXdMalU1TXpRNE5TQXdMalF4T0RBNU9DQXdMalU0TWpBd05TQXdMak00TnpFNU5DQXdMalUyTXpNd01TQXdMak0yTURjd05FTXdMalUwTkRVNU55QXdMak16TkRJeE5TQXdMalV4T1RNeE5TQXdMak14TXpBMU5TQXdMalE0T1RrME5TQXdMakk1T1RNd09VTXdMalEzTVRreU9DQXdMakk0TlRVMU55QXdMalExTURneklEQXVNamMyTkRBMElEQXVOREk0TkRjNUlEQXVNamN5TmpReVF6QXVOREkxTlRrNElEQXVNamN5TVRZeUlEQXVOREl5TmpRZ01DNHlOekkyTkRFZ01DNDBNakF3TlRrZ01DNHlOelF3TURaRE1DNDBNVGMwTnpjZ01DNHlOelV6TnlBd0xqUXhOVFF4TkNBd0xqSTNOelUwTkNBd0xqUXhOREU0T0NBd0xqSTRNREU1TkVNd0xqUXhNamsyTVNBd0xqSTRNamcwTkNBd0xqUXhNall6T1NBd0xqSTROVGd5TXlBd0xqUXhNekkyT1NBd0xqSTRPRFkzTkVNd0xqUXhNemtnTUM0eU9URTFNalVnTUM0ME1UVTBORGtnTUM0eU9UUXdPU0F3TGpReE56WTNPU0F3TGpJNU5UazNOVU13TGpRek1UVTVOeUF3TGpNd09UVTVJREF1TkRReE9EQTJJREF1TXpJMk5UTTFJREF1TkRRM016TTJJREF1TXpRMU1qQXpRekF1TkRVeU9EWTNJREF1TXpZek9EY3hJREF1TkRVek5UTTFJREF1TXpnek5qUXpJREF1TkRRNU1qYzVJREF1TkRBeU5qUXhRekF1TkRNek9ERXlJREF1TXpneU1qUXlJREF1TkRBNU1qYzVJREF1TXpVM09EUXlJREF1TXpnd01qRXlJREF1TXpVM09EUXlRekF1TXpjNE1EWXlJREF1TXpVM09EUTFJREF1TXpjMU9UUTFJREF1TXpVNE16WTRJREF1TXpjME1EUXlJREF1TXpVNU16WTNRekF1TXpjeU1UTTRJREF1TXpZd016WTFJREF1TXpjd05UQTBJREF1TXpZeE9EQTVJREF1TXpZNU1qYzVJREF1TXpZek5UYzFRekF1TXpZNE1EUXhJREF1TXpZMU16WTFJREF1TXpZM01qWWdNQzR6TmpjME16RWdNQzR6Tmpjd01EUWdNQzR6TmprMU9UTkRNQzR6TmpZM05EZ2dNQzR6TnpFM05UUWdNQzR6Tmpjd01qWWdNQzR6TnpNNU5EVWdNQzR6TmpjNE1USWdNQzR6TnpVNU56VkRNQzR6TnpVMU5EVWdNQzR6T1RVNE5ESWdNQzR6T1RBNE56a2dNQzQwTlRVeE56VWdNQzR6Tmprd01USWdNQzQwT0RrMU56UkRNQzR6TmpjMU5EVWdNQzQwT1RFM01EZ2dNQzR6TmpZek5EVWdNQzQwT1RNNE5ERWdNQzR6TmpVd01USWdNQzQwT1RZeE1EaERNQzR6TlRBME5Ea2dNQzQxTWpJMk9EUWdNQzR6TkRZeE9USWdNQzQxTlRNMk9UVWdNQzR6TlRNd05UUWdNQzQxT0RNeU1USkRNQzR6TlRrNU1UY2dNQzQyTVRJM01qa2dNQzR6TnpjME1UZ2dNQzQyTXpnMk9ERWdNQzQwTURJeU1USWdNQzQyTlRZeE1EZERNQzQwTWpneU5EWWdNQzQyTnpNM016VWdNQzQwTlRZME9Ea2dNQzQyT0RjNE5UWWdNQzQwT0RZeU1USWdNQzQyT1RneE1EZERNQzQwT0RjMk5qVWdNQzQyT1RnMk16UWdNQzQwT0RreE9Ua2dNQzQyT1RnNU1EVWdNQzQwT1RBM05EVWdNQzQyT1RnNU1EZElNQzQwT1RNMU5EVkRNQzQxTVRFeU56a2dNQzQyT1Rjek1EY2dNQzQyTXpFNU5EVWdNQzQyT0RFM01EY2dNQzQyTlRZMk1USWdNQzQxT0RVNU56UkRNQzQyT1RBM05EVWdNQzQwTlRVNU56VWdNQzQyTWpNME1USWdNQzQwTVRjME5ERWdNQzQyTWpBME56a2dNQzQwTVRVNE5ERmFUVEF1TkRjeE1UUTFJREF1TmpZek9UY3pRekF1TkRVeU5EWTFJREF1TmpVMk1EUXlJREF1TkRNME5qQXpJREF1TmpRMk16QTNJREF1TkRFM09ERXlJREF1TmpNME9UQTNRekF1TXprNE16STRJREF1TmpJeE1qYzNJREF1TXpnME5UWTRJREF1TmpBd09USTNJREF1TXpjNU1UYzRJREF1TlRjM056WTNRekF1TXpjek56ZzRJREF1TlRVME5qQTRJREF1TXpjM01UUTRJREF1TlRNd01qY3pJREF1TXpnNE5qRXlJREF1TlRBNU5EUXhUREF1TXpreE9ERXlJREF1TlRBek9UYzBRekF1TkRFME16UTFJREF1TkRZNE56YzBJREF1TkRBM09ERXlJREF1TkRJd056YzFJREF1TkRBd056UTFJREF1TXpreE56QTRRekF1TkRFNE1Ua3lJREF1TkRBMU1EazBJREF1TkRNeU5qTTNJREF1TkRJeE9Ua3hJREF1TkRRek1UUTFJREF1TkRReE16QTRRekF1TkRRME1qazBJREF1TkRRek5qWTFJREF1TkRRMk1URXpJREF1TkRRMU5qTXhJREF1TkRRNE16Y3pJREF1TkRRMk9UWkRNQzQwTlRBMk16UWdNQzQwTkRneU9Ea2dNQzQwTlRNeU16WWdNQzQwTkRnNU1qSWdNQzQwTlRVNE5UUWdNQzQwTkRnM09FTXdMalExT0RRM015QXdMalEwT0RZek55QXdMalEyTURrNU1TQXdMalEwTnpjeU5pQXdMalEyTXpBNU5DQXdMalEwTmpFMlF6QXVORFkxTVRrM0lEQXVORFEwTlRrMElEQXVORFkyTnpreUlEQXVORFF5TkRReUlEQXVORFkzTmpjNUlEQXVORE01T1RjMVF6QXVORGMxT0RRMUlEQXVOREU1T0RBeUlEQXVORGM1TmpnMUlEQXVNems0TVRNNUlEQXVORGM0T1RVZ01DNHpOell6T0RsRE1DNDBOemd5TVRVZ01DNHpOVFEyTXpnZ01DNDBOekk1TWpFZ01DNHpNek15T0RRZ01DNDBOak0wTVRJZ01DNHpNVE0zTURsRE1DNDBPREF6TkRZZ01DNHpNak0xTWlBd0xqUTVNemc0TWlBd0xqTXpPREkyTlNBd0xqVXdNakl4TWlBd0xqTTFOVGszTlVNd0xqVXlNVEUwTlNBd0xqTTVOVEUzTlNBd0xqVXhOamczT1NBd0xqUTBPVE13T0NBd0xqUTVNVEkzT1NBd0xqUTVOakV3T0VNd0xqUTJORGs0SURBdU5UUTNPVE0zSURBdU5EVTNPRFE0SURBdU5qQTNNemsxSURBdU5EY3hNVFExSURBdU5qWXpPVGN6V2swd0xqWXpNVEUwTlNBd0xqVTNPVFUzTkVNd0xqWXhNelkzT1NBd0xqWTBOelUzTkNBd0xqVXpNRE0wTlNBd0xqWTJOamMzTXlBd0xqVXdNRFEzT1NBd0xqWTNNVFEwUXpBdU5Ea3pNamM1SURBdU5qUTFOVGMwSURBdU5EYzVNREV5SURBdU5UY3pNekEzSURBdU5URTBOakV5SURBdU5UQTRNalF4UXpBdU5UTTVOVEE0SURBdU5EWTBPRFk1SURBdU5UUTJOVE0zSURBdU5ERXpOVEE0SURBdU5UTTBNakV5SURBdU16WTFNRFF5UXpBdU5UVTRNelExSURBdU16a3pNekE0SURBdU5UYzROakV5SURBdU5ETTNPVGMxSURBdU5UWTNPREV5SURBdU5UQTBPVEE0UXpBdU5UWTNNemt6SURBdU5UQTNOVGMwSURBdU5UWTNOemswSURBdU5URXdNekExSURBdU5UWTRPVFlnTUM0MU1USTNNemxETUM0MU56QXhNamNnTUM0MU1UVXhOek1nTUM0MU56SXdNRFVnTUM0MU1UY3hPVFVnTUM0MU56UXpORFlnTUM0MU1UZzFNemxETUM0MU56WTJPRGNnTUM0MU1UazRPRE1nTUM0MU56a3pPQ0F3TGpVeU1EUTROU0F3TGpVNE1qQTNJREF1TlRJd01qWTFRekF1TlRnME56WWdNQzQxTWpBd05EVWdNQzQxT0Rjek1pQXdMalV4T1RBeE5DQXdMalU0T1RReE1pQXdMalV4TnpNd09FTXdMall3TmpjNE55QXdMalV3TURRME1TQXdMall4T0RRNE15QXdMalEzT0RVNE55QXdMall5TWpnM09TQXdMalExTkRjM05VTXdMall6TlRZM09TQXdMalEzTXpNd09DQXdMalkwT1RBeE1pQXdMalV4TURjM05DQXdMall6TVRJM09TQXdMalUzT1RVM05FZ3dMall6TVRFME5Wb2lJR1pwYkd3OUluZG9hWFJsSWk4K0ppTjRZVHM4TDJjK0ppTjRZVHM4TDJjK0ppTjRZVHM4WkdWbWN6NG1JM2hoT3p4c2FXNWxZWEpIY21Ga2FXVnVkQ0JwWkQwaWNHRnBiblF3WDJ4cGJtVmhjaUlnZURFOUlpMHdMakl3TnpBMk55SWdlVEU5SWpFdU1qQTNNRGNpSUhneVBTSXhMakl3TnpJaUlIa3lQU0l0TUM0eU1EY3lJaUJuY21Ga2FXVnVkRlZ1YVhSelBTSjFjMlZ5VTNCaFkyVlBibFZ6WlNJK0ppTjRZVHM4YzNSdmNDQnpkRzl3TFdOdmJHOXlQU0lqUWtRd09ERTJJaTgrSmlONFlUczhjM1J2Y0NCdlptWnpaWFE5SWpFaUlITjBiM0F0WTI5c2IzSTlJaU5HUmpVeU5USWlMejRtSTNoaE96d3ZiR2x1WldGeVIzSmhaR2xsYm5RK0ppTjRZVHM4WTJ4cGNGQmhkR2dnYVdROUltTnNhWEF3SWo0bUkzaGhPenh5WldOMElIZHBaSFJvUFNJeElpQm9aV2xuYUhROUlqRWlJR1pwYkd3OUluZG9hWFJsSWk4K0ppTjRZVHM4TDJOc2FYQlFZWFJvUGlZamVHRTdQQzlrWldaelBpWWplR0U3UEM5emRtYys7dmVydGljYWxMYWJlbFBvc2l0aW9uPWJvdHRvbTt2ZXJ0aWNhbEFsaWduPXRvcDtpci5zeW5jaHJvbml6ZWQ9MTtzdHJva2VXaWR0aD0xOyIgcGFyZW50PSJ0ZW1wbGF0ZS0xMDA0MjEtZmFjODlmNDEtNWY0Yi00OWI4LWIyYjEtMmNkYmY2MTY2MzlkLTExIiB2ZXJ0ZXg9IjEiIGlzVGh1bWI9IjAiPjxteEdlb21ldHJ5IHg9IjU4NCIgeT0iMzIzIiB3aWR0aD0iMTYxIiBoZWlnaHQ9IjkwIiBhcz0iZ2VvbWV0cnkiLz48L214Q2VsbD48b2JqZWN0IGxhYmVsPSJBV1MgVlBDIChWaXJ0dWFsIFByaXZhdGUgQ2xvdWQpIiBpci5zb3VyY2VTdHlsZT0icm91bmRlZD0xO3doaXRlU3BhY2U9d3JhcDtodG1sPTE7YWxpZ249Y2VudGVyO2ltYWdlQWxpZ249Y2VudGVyO2ltYWdlV2lkdGg9ODI7aW1hZ2VIZWlnaHQ9ODI7YXJjU2l6ZT05MDthYnNvbHV0ZUFyY1NpemU9MTtzdHJva2VDb2xvcj0jMjBDOUUzO2ZvbnRTaXplPTEyO3NvdXJjZT1pcml1c3Jpc2s7aW1hZ2U9ZGF0YTppbWFnZS9zdmcreG1sLFBITjJaeUI0Yld4dWN6MGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM5emRtY2lJSGRwWkhSb1BTSXhJaUJvWldsbmFIUTlJakVpSUhacFpYZENiM2c5SWpBZ01DQXhJREVpSUdacGJHdzlJbTV2Ym1VaVBpWWplR0U3UEcxaGMyc2dhV1E5SW0xaGMyc3dJaUJ0WVhOckxYUjVjR1U5SW1Gc2NHaGhJaUJ0WVhOclZXNXBkSE05SW5WelpYSlRjR0ZqWlU5dVZYTmxJaUI0UFNJd0lpQjVQU0l3SWlCM2FXUjBhRDBpTVNJZ2FHVnBaMmgwUFNJeElqNG1JM2hoT3p4amFYSmpiR1VnWTNnOUlqQXVOU0lnWTNrOUlqQXVOU0lnY2owaU1DNDFJaUJtYVd4c1BTSmliR0ZqYXlJdlBpWWplR0U3UEM5dFlYTnJQaVlqZUdFN1BHY2diV0Z6YXowaWRYSnNLQ050WVhOck1Da2lQaVlqZUdFN1BHY2dZMnhwY0Mxd1lYUm9QU0oxY213b0kyTnNhWEF3S1NJK0ppTjRZVHM4Y21WamRDQjNhV1IwYUQwaU1TSWdhR1ZwWjJoMFBTSXhJaUJtYVd4c1BTSWpSVE5HUTBaRElpOCtKaU40WVRzOGNHRjBhQ0JrUFNKTk1TQXdTREJXTVVneFZqQmFJaUJtYVd4c1BTSjFjbXdvSTNCaGFXNTBNRjlzYVc1bFlYSXBJaTgrSmlONFlUczhjR0YwYUNCa1BTSk5NQzQwT0RVNU5DQXdMall5TUROSU1DNHlPVGt5TnpORE1DNHlNall5TURZZ01DNDJNakF6SURBdU1UY3dNelFnTUM0MU56RTFJREF1TVRZMk5qQTJJREF1TlRBME5ETXpRekF1TVRZMk5qQTJJREF1TlRBeE5qTXpJREF1TVRZMk5qQTJJREF1TkRrNE5ETXpJREF1TVRZMk5qQTJJREF1TkRrMU1qTXpRekF1TVRZMU5EY3hJREF1TkRZM05EQTRJREF1TVRjek9EQTNJREF1TkRRd01ESXhJREF1TVRrd01qVXhJREF1TkRFM05UUTJRekF1TWpBMk5qazFJREF1TXprMU1EY3hJREF1TWpNd01qYzJJREF1TXpjNE9ETTVJREF1TWpVM01UUWdNQzR6TnpFMVF6QXVNalUzTVRRZ01DNHpOamM1SURBdU1qVTNNVFFnTUM0ek5qUTBNek1nTUM0eU5UY3hOQ0F3TGpNMk1EZ3pNME13TGpJMU56Z3hNaUF3TGpNeU5Ea3pOeUF3TGpJMk9UQTVOQ0F3TGpJNU1EQTBOQ0F3TGpJNE9UVTJNeUF3TGpJMk1EVTBPVU13TGpNeE1EQXpNeUF3TGpJek1UQTFOQ0F3TGpNek9EYzNOQ0F3TGpJd09ESTNOeUF3TGpNM01qRTJOaUF3TGpFNU5UQTRPVU13TGpRd05UVTFPQ0F3TGpFNE1Ua2dNQzQwTkRJeE1EWWdNQzR4TnpnNE9TQXdMalEzTnpJd05pQXdMakU0TmpRek4wTXdMalV4TWpNd05pQXdMakU1TXprNE5DQXdMalUwTkRNNE55QXdMakl4TVRjMU1TQXdMalUyT1RRd05pQXdMakl6TnpWRE1DNDFPRFk0TlRVZ01DNHlOVFEzTnlBd0xqWXdNVEF6T0NBd0xqSTNOVEExTVNBd0xqWXhNVEkzTXlBd0xqSTVOek0yTjBNd0xqWXlOVGt3TWlBd0xqSTROVFl4TkNBd0xqWTBOREV3T0NBd0xqSTNPVEl4TmlBd0xqWTJNamczTXlBd0xqSTNPVEl6TTBNd0xqY3dNVFUwSURBdU1qYzVNak16SURBdU56UXlPRGN6SURBdU16QTJPRE16SURBdU56UTVOamN6SURBdU16WTRNME13TGpjNE1qVXpJREF1TXpjME9DQXdMamd4TWpFM015QXdMak01TWpNMUlEQXVPRE16TmpjeklEQXVOREU0TURNelREQXVPREV5TnpRZ01DNDBNelEwTXpORE1DNDNPVEkzTnpVZ01DNDBNVEUxT1RJZ01DNDNOalV5T1RjZ01DNHpPVFkyTkRjZ01DNDNNelV5TnpNZ01DNHpPVEl6UXpBdU56TXlNamN6SURBdU16a3hPREU1SURBdU56STVOVEkySURBdU16a3dNekkzSURBdU56STNORGtnTUM0ek9EZ3dOekpETUM0M01qVTBOVE1nTUM0ek9EVTRNVGNnTUM0M01qUXlORGNnTUM0ek9ESTVNelFnTUM0M01qUXdOek1nTUM0ek56azVRekF1TnpJeE1EQTJJREF1TXpJNE9ETXpJREF1TmpreE1UUWdNQzR6TURVNUlEQXVOall5T0RjeklEQXVNekExT1VNd0xqWTFNems1TnlBd0xqTXdOVGs0TWlBd0xqWTBOVEkySURBdU16QTRNVElnTUM0Mk16Y3pORGtnTUM0ek1USXhORFZETUM0Mk1qazBNemNnTUM0ek1UWXhOeUF3TGpZeU1qVTJOaUF3TGpNeU1UazNOQ0F3TGpZeE56STNNeUF3TGpNeU9URkRNQzQyTVRVNE5ERWdNQzR6TXpFd01Ea2dNQzQyTVRNNU1qSWdNQzR6TXpJME9Ua2dNQzQyTVRFM01UY2dNQzR6TXpNME1UTkRNQzQyTURrMU1UTWdNQzR6TXpRek1qZ2dNQzQyTURjeE1ETWdNQzR6TXpRMk16UWdNQzQyTURRM05DQXdMak16TkRORE1DNDJNREl6TmpZZ01DNHpNek01TXpjZ01DNDJNREF4TXpVZ01DNHpNekk1TkRFZ01DNDFPVGd5T0RFZ01DNHpNekUwTVRaRE1DNDFPVFkwTWpjZ01DNHpNams0T1NBd0xqVTVOVEF4T1NBd0xqTXlOemc1TWlBd0xqVTVOREl3TmlBd0xqTXlOVFl6TTBNd0xqVTROVEEzT1NBd0xqSTVPVGN4TkNBd0xqVTNNREkzTXlBd0xqSTNOakUyTWlBd0xqVTFNRGczTXlBd0xqSTFOamRETUM0MU1qazFOelFnTUM0eU16UTNPRGNnTUM0MU1ESXlPRFlnTUM0eU1UazJORElnTUM0ME56STBNaklnTUM0eU1UTXhOak5ETUM0ME5ESTFOVGtnTUM0eU1EWTJPRE1nTUM0ME1URTBORGNnTUM0eU1Ea3hOVFlnTUM0ek9ESTVPRElnTUM0eU1qQXlOekZETUM0ek5UUTFNVGNnTUM0eU16RXpPRGNnTUM0ek1qazVOak1nTUM0eU5UQTJOVElnTUM0ek1USXpPVE1nTUM0eU56VTJOVFJETUM0eU9UUTRNalFnTUM0ek1EQTJOVFlnTUM0eU9EVXdNVGtnTUM0ek16QXlPRFlnTUM0eU9EUXlNRFlnTUM0ek5qQTRNek5ETUM0eU9EUXlNalVnTUM0ek5qY3lNRE1nTUM0eU9EUTFPREVnTUM0ek56TTFOamdnTUM0eU9EVXlOek1nTUM0ek56azVRekF1TWpnMU5UazBJREF1TXpnek1EZ3lJREF1TWpnME56WXhJREF1TXpnMk1qY3pJREF1TWpneU9USTFJREF1TXpnNE9Ea3lRekF1TWpneE1Ea2dNQzR6T1RFMU1URWdNQzR5Tnpnek56UWdNQzR6T1RNek9ETWdNQzR5TnpVeU56TWdNQzR6T1RReE5qZERNQzR5TkRVd01EWWdNQzQwTURFMk16TWdNQzR4T1RNNU5DQXdMalF5TkRnek15QXdMakU1TXprMElEQXVORGsxTWpNelF6QXVNVGt6T0RBMklEQXVORGszTmpNeElEQXVNVGt6T0RBMklEQXVOVEF3TURNMUlEQXVNVGt6T1RRZ01DNDFNREkwTXpORE1DNHhPVFk0TnpNZ01DNDFOVFUzTmpjZ01DNHlOREUxTkNBd0xqVTVNell6TXlBd0xqTXdNRFl3TmlBd0xqVTVNell6TTBnd0xqUTROekkzTTB3d0xqUTROVGswSURBdU5qSXdNMW9pSUdacGJHdzlJbmRvYVhSbElpOCtKaU40WVRzOGNHRjBhQ0JrUFNKTk1DNDJOekkwTlRFZ01DNDRNVFk0TURWRE1DNDFNVFF6TVRnZ01DNDRNVFk0TURVZ01DNDFNVEkwTlRFZ01DNDJNemt3TnpFZ01DNDFNVEkwTlRFZ01DNDJNemN6TXpoV01DNDBOelV3TnpGRE1DNDFNVEkwTkRJZ01DNDBOekl6TkRjZ01DNDFNVE15TmpnZ01DNDBOamsyT0RVZ01DNDFNVFE0TVRnZ01DNDBOamMwTkRWRE1DNDFNVFl6TmpjZ01DNDBOalV5TURRZ01DNDFNVGcxTmpZZ01DNDBOak0wT1RJZ01DNDFNakV4TVRnZ01DNDBOakkxTXpoTU1DNDJOamMzT0RVZ01DNDBNRGd5TnpGRE1DNDJOekE0TURRZ01DNDBNRGN5TURRZ01DNDJOelF3T1RnZ01DNDBNRGN5TURRZ01DNDJOemN4TVRnZ01DNDBNRGd5TnpGTU1DNDRNak0zT0RVZ01DNDBOakkxTXpoRE1DNDRNall6TXpjZ01DNDBOak0wT1RJZ01DNDRNamcxTXpVZ01DNDBOalV5TURRZ01DNDRNekF3T0RVZ01DNDBOamMwTkRWRE1DNDRNekUyTXpRZ01DNDBOamsyT0RVZ01DNDRNekkwTmlBd0xqUTNNak0wTnlBd0xqZ3pNalExTVNBd0xqUTNOVEEzTVZZd0xqWTBOek16T0VNd0xqZ3pNalExTVNBd0xqWTBPVEEzTVNBd0xqZ3pNRFU0TlNBd0xqZ3hOamd3TlNBd0xqWTNNalExTVNBd0xqZ3hOamd3TlZwTk1DNDFNemt4TVRnZ01DNDBPRFEwTURWV01DNDJNemN6TXpoRE1DNDFNemt4TVRnZ01DNDJORE0yTURVZ01DNDFOREE1T0RVZ01DNDNPVEF4TXpnZ01DNDJOekkwTlRFZ01DNDNPVEF4TXpoRE1DNDRNRE01TVRnZ01DNDNPVEF4TXpnZ01DNDRNRFUzT0RVZ01DNDJOVE15TURVZ01DNDRNRFUzT0RVZ01DNDJORGN6TXpoV01DNDBPRFEwTURWTU1DNDJOekkwTlRFZ01DNDBNelE1TXpoTU1DNDFNemt4TVRnZ01DNDBPRFEwTURWYUlpQm1hV3hzUFNKM2FHbDBaU0l2UGlZamVHRTdQSEJoZEdnZ1pEMGlUVEF1TmpjeU5ETTVJREF1TnpZMk9USTBRekF1TlRnM05qTTVJREF1TnpZMk9USTBJREF1TlRZMk9ETTVJREF1TmpVNU16STBJREF1TlRZMU56Y3pJREF1TmpVME56a3hRekF1TlRZMU5qUXhJREF1TmpVek9UazJJREF1TlRZMU5qUXhJREF1TmpVek1UZzFJREF1TlRZMU56Y3pJREF1TmpVeU16a3hWakF1TlRFME1qVTRRekF1TlRZMU56Y2dNQzQxTVRFMU9EY2dNQzQxTmpZMU5qa2dNQzQxTURnNU56Z2dNQzQxTmpnd05qY2dNQzQxTURZM05qZERNQzQxTmprMU5qVWdNQzQxTURRMU5UWWdNQzQxTnpFMk9USWdNQzQxTURJNE5EWWdNQzQxTnpReE56TWdNQzQxTURFNE5UaE1NQzQyTmpjMU1EWWdNQzQwTmpVd05UaERNQzQyTnpBMk56UWdNQzQwTmpNM09UWWdNQzQyTnpReU1EVWdNQzQwTmpNM09UWWdNQzQyTnpjek56TWdNQzQwTmpVd05UaE1NQzQzTnpBM01EWWdNQzQxTURFNE5UaERNQzQzTnpNeE9EY2dNQzQxTURJNE5EWWdNQzQzTnpVek1UUWdNQzQxTURRMU5UWWdNQzQzTnpZNE1USWdNQzQxTURZM05qZERNQzQzTnpnek1Ea2dNQzQxTURnNU56Z2dNQzQzTnpreE1Ea2dNQzQxTVRFMU9EY2dNQzQzTnpreE1EWWdNQzQxTVRReU5UaFdNQzQyTlRJek9URkRNQzQzTnpreE56SWdNQzQyTlRNeE9TQXdMamMzT1RFM01pQXdMalkxTXprNU1pQXdMamMzT1RFd05pQXdMalkxTkRjNU1VTXdMamMzT0RBek9TQXdMalkxT1RNeU5DQXdMamMxTnpJek9TQXdMamMyTmpreU5DQXdMalkzTWpRek9TQXdMamMyTmpreU5GcE5NQzQxT1RJME16a2dNQzQyTlRFd05UaERNQzQxT1RRMU56TWdNQzQyTmpFeE9URWdNQzQyTVRNMk16a2dNQzQzTkRBeU5UZ2dNQzQyTnpJME16a2dNQzQzTkRBeU5UaERNQzQzTXpFeU16a2dNQzQzTkRBeU5UZ2dNQzQzTlRBek1EWWdNQzQyTmpFek1qUWdNQzQzTlRJME16a2dNQzQyTlRFd05UaFdNQzQxTWpNek1qUk1NQzQyTnpJME16a2dNQzQwT1RFNE5UaE1NQzQxT1RJME16a2dNQzQxTWpNek1qUldNQzQyTlRFd05UaGFJaUJtYVd4c1BTSjNhR2wwWlNJdlBpWWplR0U3UEM5blBpWWplR0U3UEM5blBpWWplR0U3UEdSbFpuTStKaU40WVRzOGJHbHVaV0Z5UjNKaFpHbGxiblFnYVdROUluQmhhVzUwTUY5c2FXNWxZWElpSUhneFBTSXRNQzR5TURjd05qY2lJSGt4UFNJeExqSXdOekEzSWlCNE1qMGlNUzR5TURjd055SWdlVEk5SWkwd0xqSXdOekEyTnlJZ1ozSmhaR2xsYm5SVmJtbDBjejBpZFhObGNsTndZV05sVDI1VmMyVWlQaVlqZUdFN1BITjBiM0FnYzNSdmNDMWpiMnh2Y2owaUl6UkVNamRCT0NJdlBpWWplR0U3UEhOMGIzQWdiMlptYzJWMFBTSXhJaUJ6ZEc5d0xXTnZiRzl5UFNJalFURTJOa1pHSWk4K0ppTjRZVHM4TDJ4cGJtVmhja2R5WVdScFpXNTBQaVlqZUdFN1BHTnNhWEJRWVhSb0lHbGtQU0pqYkdsd01DSStKaU40WVRzOGNtVmpkQ0IzYVdSMGFEMGlNU0lnYUdWcFoyaDBQU0l4SWlCbWFXeHNQU0ozYUdsMFpTSXZQaVlqZUdFN1BDOWpiR2x3VUdGMGFENG1JM2hoT3p3dlpHVm1jejRtSTNoaE96d3ZjM1puUGc9PTt2ZXJ0aWNhbExhYmVsUG9zaXRpb249Ym90dG9tO3ZlcnRpY2FsQWxpZ249dG9wO3N0cm9rZVdpZHRoPTE7IiBpZD0iMjMiPjxteENlbGwgc3R5bGU9ImlyLnJlZj05NDc1MTYwNC1mY2Y3LTQ2M2EtYjYwMy1iNmZhZDRjNWQwZjA7cm91bmRlZD0xO3doaXRlU3BhY2U9d3JhcDtodG1sPTE7YWxpZ249bGVmdDtpbWFnZUFsaWduPWNlbnRlcjtpbWFnZVdpZHRoPTgyO2ltYWdlSGVpZ2h0PTgyO2FyY1NpemU9MzthYnNvbHV0ZUFyY1NpemU9MTtzdHJva2VDb2xvcj0jMjBDOUUzO2ZpbGxDb2xvcj0jRTNGQ0ZDO2ZvbnRDb2xvcj0jMDA4NEFEO2ZvbnRTaXplPTEzO3NvdXJjZT1jdXN0b207aXIudHlwZT1DT01QT05FTlQ7aXIuY29tcG9uZW50RGVmaW5pdGlvbi5yZWY9dnBjO3ZlcnRpY2FsQWxpZ249dG9wO2lyLnN5bmNocm9uaXplZD0xO3N0cm9rZVdpZHRoPTE7Y29udGFpbmVyPTE7cGVyaW1ldGVyPXJlY3RhbmdsZVBlcmltZXRlcjtyZWN1cnNpdmVSZXNpemU9MDt0ZXh0RGlyZWN0aW9uPWx0cjtzcGFjaW5nVG9wPTE7c3BhY2luZ0xlZnQ9MzI7IiBwYXJlbnQ9InRlbXBsYXRlLTEwMDQyMS1mYWM4OWY0MS01ZjRiLTQ5YjgtYjJiMS0yY2RiZjYxNjYzOWQtMTEiIHZlcnRleD0iMSIgaXNUaHVtYj0iMCI+PG14R2VvbWV0cnkgeD0iMzYiIHk9IjYxIiB3aWR0aD0iNzQ4IiBoZWlnaHQ9IjI0NCIgYXM9Imdlb21ldHJ5Ii8+PC9teENlbGw+PC9vYmplY3Q+PG14Q2VsbCBpZD0iMjYiIHZhbHVlPSJBV1MgRUMyIChFbGFzdGljIENvbXB1dGUgQ2xvdWQpIC0+IEFXUyBSRFMgKFJlbGF0aW9uYWwgRGF0YWJhc2UgU2VydmljZSkiIHN0eWxlPSJpci5yZWY9ODg4NTM3NTAtMGYwNC00NmZkLTkzMTAtYzljNDk4ZDgwMGY3O2VkZ2VTdHlsZT1ub25lO2N1cnZlZD0xO2h0bWw9MTtpci5zeW5jaHJvbml6ZWQ9MTtzdHJva2VDb2xvcj0jQkZCRkJGO3N0cm9rZVdpZHRoPTI7ZW5kQXJyb3c9b3BlbjtlbmRGaWxsPTA7ZW5kU2l6ZT00O3NvdXJjZVBlcmltZXRlclNwYWNpbmc9OTsiIHBhcmVudD0iMjMiIHNvdXJjZT0iMjQiIHRhcmdldD0iMjUiIGVkZ2U9IjEiPjxteEdlb21ldHJ5IHJlbGF0aXZlPSIxIiBhcz0iZ2VvbWV0cnkiPjxBcnJheSBhcz0icG9pbnRzIj48bXhQb2ludCB4PSIzNDYiIHk9IjM0Ii8+PC9BcnJheT48L214R2VvbWV0cnk+PC9teENlbGw+PG14Q2VsbCBpZD0iMjQiIHZhbHVlPSJBV1MgRUMyIChFbGFzdGljIENvbXB1dGUgQ2xvdWQpIiBzdHlsZT0iaXIucmVmPTg3ZGMwNjZhLTNiNGQtNDM5Yy1hMDAyLWRkNDI0YWJmODdmZjtyb3VuZGVkPTE7d2hpdGVTcGFjZT13cmFwO2h0bWw9MTthbGlnbj1jZW50ZXI7aW1hZ2VBbGlnbj1jZW50ZXI7aW1hZ2VXaWR0aD04MjtpbWFnZUhlaWdodD04MjthcmNTaXplPTkwO2Fic29sdXRlQXJjU2l6ZT0xO3N0cm9rZUNvbG9yPSMyMEM5RTM7ZmlsbENvbG9yPSNFM0ZDRkM7Zm9udENvbG9yPSMwMDg0QUQ7Zm9udFNpemU9MTI7c291cmNlPWlyaXVzcmlzaztpci50eXBlPUNPTVBPTkVOVDtpci5jb21wb25lbnREZWZpbml0aW9uLnJlZj1lYzI7aW1hZ2U9ZGF0YTppbWFnZS9zdmcreG1sLFBITjJaeUI0Yld4dWN6MGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM5emRtY2lJSGRwWkhSb1BTSXhJaUJvWldsbmFIUTlJakVpSUhacFpYZENiM2c5SWpBZ01DQXhJREVpSUdacGJHdzlJbTV2Ym1VaVBpWWplR0U3UEcxaGMyc2dhV1E5SW0xaGMyc3dJaUJ0WVhOckxYUjVjR1U5SW1Gc2NHaGhJaUJ0WVhOclZXNXBkSE05SW5WelpYSlRjR0ZqWlU5dVZYTmxJaUI0UFNJd0lpQjVQU0l3SWlCM2FXUjBhRDBpTVNJZ2FHVnBaMmgwUFNJeElqNG1JM2hoT3p4amFYSmpiR1VnWTNnOUlqQXVOU0lnWTNrOUlqQXVOU0lnY2owaU1DNDFJaUJtYVd4c1BTSmliR0ZqYXlJdlBpWWplR0U3UEM5dFlYTnJQaVlqZUdFN1BHY2diV0Z6YXowaWRYSnNLQ050WVhOck1Da2lQaVlqZUdFN1BHY2dZMnhwY0Mxd1lYUm9QU0oxY213b0kyTnNhWEF3S1NJK0ppTjRZVHM4Y0dGMGFDQmtQU0pOTVNBd1NEQldNVWd4VmpCYUlpQm1hV3hzUFNKMWNtd29JM0JoYVc1ME1GOXNhVzVsWVhJcElpOCtKaU40WVRzOGNHRjBhQ0JrUFNKTk1DNDRNRFkyTWpnZ01DNDFNems1TlRsSU1DNDNNems1TmpGV01DNDFNVE15T1ROSU1DNDRNRFkyTWpoV01DNHhPVE15T1ROSU1DNDBPRFkyTWpoV01DNHlOVGs1TlRsSU1DNDBOVGs1TmpGV01DNHhPVE15T1RORE1DNDBOVGs1TmpFZ01DNHhPRFl5TWlBd0xqUTJNamMzSURBdU1UYzVORE0zSURBdU5EWTNOemN4SURBdU1UYzBORE0yUXpBdU5EY3lOemN5SURBdU1UWTVORE0xSURBdU5EYzVOVFUxSURBdU1UWTJOakkySURBdU5EZzJOakk0SURBdU1UWTJOakkyU0RBdU9EQTJOakk0UXpBdU9ERXpOeUF3TGpFMk5qWXlOaUF3TGpneU1EUTRNeUF3TGpFMk9UUXpOU0F3TGpneU5UUTROQ0F3TGpFM05EUXpOa013TGpnek1EUTROU0F3TGpFM09UUXpOeUF3TGpnek16STVOQ0F3TGpFNE5qSXlJREF1T0RNek1qazBJREF1TVRrek1qa3pWakF1TlRFek1qa3pRekF1T0RNek1qazBJREF1TlRJd016WTFJREF1T0RNd05EZzFJREF1TlRJM01UUTRJREF1T0RJMU5EZzBJREF1TlRNeU1UUTVRekF1T0RJd05EZ3pJREF1TlRNM01UVWdNQzQ0TVRNM0lEQXVOVE01T1RVNUlEQXVPREEyTmpJNElEQXVOVE01T1RVNVdpSWdabWxzYkQwaWQyaHBkR1VpTHo0bUkzaGhPenh3WVhSb0lHUTlJazB3TGpVeE16RTNJREF1T0RNek1qazBTREF1TVRrek1UY3hRekF1TVRnMk1EazRJREF1T0RNek1qazBJREF1TVRjNU16RTFJREF1T0RNd05EZzFJREF1TVRjME16RTBJREF1T0RJMU5EZzBRekF1TVRZNU16RXpJREF1T0RJd05EZ3pJREF1TVRZMk5UQTBJREF1T0RFek55QXdMakUyTmpVd05DQXdMamd3TmpZeU4xWXdMalE0TmpZeU9FTXdMakUyTmpVd05DQXdMalEzT1RVMU5TQXdMakUyT1RNeE15QXdMalEzTWpjM01pQXdMakUzTkRNeE5DQXdMalEyTnpjM01VTXdMakUzT1RNeE5TQXdMalEyTWpjM0lEQXVNVGcyTURrNElEQXVORFU1T1RZeElEQXVNVGt6TVRjeElEQXVORFU1T1RZeFNEQXVNalU1T0RNM1ZqQXVORGcyTmpJNFNEQXVNVGt6TVRjeFZqQXVPREEyTmpJM1NEQXVOVEV6TVRkV01DNDNNems1TmpGSU1DNDFNems0TXpaV01DNDRNRFkyTWpkRE1DNDFNems0TXpZZ01DNDRNVE0zSURBdU5UTTNNREkzSURBdU9ESXdORGd6SURBdU5UTXlNREkySURBdU9ESTFORGcwUXpBdU5USTNNREkxSURBdU9ETXdORGcxSURBdU5USXdNalF5SURBdU9ETXpNamswSURBdU5URXpNVGNnTUM0NE16TXlPVFJhSWlCbWFXeHNQU0ozYUdsMFpTSXZQaVlqZUdFN1BIQmhkR2dnWkQwaVRUQXVOekV6TWpnNUlEQXVNemM1T1RVMVZqQXVNelV6TWpnNFNEQXVOamN6TWpnNVF6QXVOamN5TnpRZ01DNHpORFl6T1RnZ01DNDJOamszTlRRZ01DNHpNems1TXlBd0xqWTJORGcyTnlBd0xqTXpOVEEwTTBNd0xqWTFPVGs0SURBdU16TXdNVFUySURBdU5qVXpOVEV5SURBdU16STNNVGNnTUM0Mk5EWTJNaklnTUM0ek1qWTJNakZXTUM0eU9EWTJNakZJTUM0Mk1UazVOVFZXTUM0ek1qWTJNakZJTUM0MU56azVOVFZXTUM0eU9EWTJNakZJTUM0MU5UTXlPRGhXTUM0ek1qWTJNakZJTUM0MU1UTXlPRGhXTUM0eU9EWTJNakZJTUM0ME9EWTJNakpXTUM0ek1qWTJNakZJTUM0ME5EWTJNakZXTUM0eU9EWTJNakZJTUM0ME1UazVOVFZXTUM0ek1qWTJNakZJTUM0ek56azVOVFZXTUM0eU9EWTJNakZJTUM0ek5UTXlPRGhXTUM0ek1qWTJNakZETUM0ek5EWXpPVGdnTUM0ek1qY3hOeUF3TGpNek9Ua3pJREF1TXpNd01UVTJJREF1TXpNMU1EUXpJREF1TXpNMU1EUXpRekF1TXpNd01UVTJJREF1TXpNNU9UTWdNQzR6TWpjeE55QXdMak0wTmpNNU9DQXdMak15TmpZeU1TQXdMak0xTXpJNE9FZ3dMakk0TmpZeU1WWXdMak0zT1RrMU5VZ3dMak15TmpZeU1WWXdMalF4T1RrMU5VZ3dMakk0TmpZeU1WWXdMalEwTmpZeU1VZ3dMak15TmpZeU1WWXdMalE0TmpZeU1rZ3dMakk0TmpZeU1WWXdMalV4TXpJNE9FZ3dMak15TmpZeU1WWXdMalUxTXpJNE9FZ3dMakk0TmpZeU1WWXdMalUzT1RrMU5VZ3dMak15TmpZeU1WWXdMall4T1RrMU5VZ3dMakk0TmpZeU1WWXdMalkwTmpZeU1rZ3dMak15TmpZeU1VTXdMak15TnpFM0lEQXVOalV6TlRFeElEQXVNek13TVRVMklEQXVOalU1T1RnZ01DNHpNelV3TkRNZ01DNDJOalE0TmpkRE1DNHpNems1TXlBd0xqWTJPVGMxTkNBd0xqTTBOak01T0NBd0xqWTNNamMwSURBdU16VXpNamc0SURBdU5qY3pNamc1VmpBdU56RXpNamc1U0RBdU16YzVPVFUxVmpBdU5qY3pNamc1U0RBdU5ERTVPVFUxVmpBdU56RXpNamc1U0RBdU5EUTJOakl4VmpBdU5qY3pNamc1U0RBdU5EZzJOakl5VmpBdU56RXpNamc1U0RBdU5URXpNamc0VmpBdU5qY3pNamc1U0RBdU5UVXpNamc0VmpBdU56RXpNamc1U0RBdU5UYzVPVFUxVmpBdU5qY3pNamc1U0RBdU5qRTVPVFUxVmpBdU56RXpNamc1U0RBdU5qUTJOakl5VmpBdU5qY3pNamc1UXpBdU5qVXpOVEV5SURBdU5qY3lOelFnTUM0Mk5UazVPQ0F3TGpZMk9UYzFOQ0F3TGpZMk5EZzJOeUF3TGpZMk5EZzJOME13TGpZMk9UYzFOQ0F3TGpZMU9UazRJREF1TmpjeU56UWdNQzQyTlRNMU1URWdNQzQyTnpNeU9Ea2dNQzQyTkRZMk1qSklNQzQzTVRNeU9EbFdNQzQyTVRrNU5UVklNQzQyTnpNeU9EbFdNQzQxTnprNU5UVklNQzQzTVRNeU9EbFdNQzQxTlRNeU9EaElNQzQyTnpNeU9EbFdNQzQxTVRNeU9EaElNQzQzTVRNeU9EbFdNQzQwT0RZMk1qSklNQzQyTnpNeU9EbFdNQzQwTkRZMk1qRklNQzQzTVRNeU9EbFdNQzQwTVRrNU5UVklNQzQyTnpNeU9EbFdNQzR6TnprNU5UVklNQzQzTVRNeU9EbGFUVEF1TmpRMk5qSXlJREF1TmpRME1qSXlRekF1TmpRMk5qSXlJREF1TmpRME9EVTRJREF1TmpRMk16WTVJREF1TmpRMU5EWTVJREF1TmpRMU9URTVJREF1TmpRMU9URTVRekF1TmpRMU5EWTVJREF1TmpRMk16WTVJREF1TmpRME9EVTVJREF1TmpRMk5qSXlJREF1TmpRME1qSXlJREF1TmpRMk5qSXlTREF1TXpVMU5qZzRRekF1TXpVMU1EVXhJREF1TmpRMk5qSXlJREF1TXpVME5EUXhJREF1TmpRMk16WTVJREF1TXpVek9Ua3hJREF1TmpRMU9URTVRekF1TXpVek5UUXhJREF1TmpRMU5EWTVJREF1TXpVek1qZzRJREF1TmpRME9EVTRJREF1TXpVek1qZzRJREF1TmpRME1qSXlWakF1TXpVMU5qZzRRekF1TXpVek1qZzRJREF1TXpVMU1EVXhJREF1TXpVek5UUXhJREF1TXpVME5EUXhJREF1TXpVek9Ua3hJREF1TXpVek9Ua3hRekF1TXpVME5EUXhJREF1TXpVek5UUXhJREF1TXpVMU1EVXhJREF1TXpVek1qZzRJREF1TXpVMU5qZzRJREF1TXpVek1qZzRTREF1TmpRME1qSXlRekF1TmpRME9EVTVJREF1TXpVek1qZzRJREF1TmpRMU5EWTVJREF1TXpVek5UUXhJREF1TmpRMU9URTVJREF1TXpVek9Ua3hRekF1TmpRMk16WTVJREF1TXpVME5EUXhJREF1TmpRMk5qSXlJREF1TXpVMU1EVXhJREF1TmpRMk5qSXlJREF1TXpVMU5qZzRWakF1TmpRME1qSXlXaUlnWm1sc2JEMGlkMmhwZEdVaUx6NG1JM2hoT3p3dlp6NG1JM2hoT3p3dlp6NG1JM2hoT3p4a1pXWnpQaVlqZUdFN1BHeHBibVZoY2tkeVlXUnBaVzUwSUdsa1BTSndZV2x1ZERCZmJHbHVaV0Z5SWlCNE1UMGlMVEF1TWpBM01pSWdlVEU5SWpFdU1qQTNNaUlnZURJOUlqRXVNakEzTURjaUlIa3lQU0l0TUM0eU1EY3dOamNpSUdkeVlXUnBaVzUwVlc1cGRITTlJblZ6WlhKVGNHRmpaVTl1VlhObElqNG1JM2hoT3p4emRHOXdJSE4wYjNBdFkyOXNiM0k5SWlORE9EVXhNVUlpTHo0bUkzaGhPenh6ZEc5d0lHOW1abk5sZEQwaU1TSWdjM1J2Y0MxamIyeHZjajBpSTBaR09Ua3dNQ0l2UGlZamVHRTdQQzlzYVc1bFlYSkhjbUZrYVdWdWRENG1JM2hoT3p4amJHbHdVR0YwYUNCcFpEMGlZMnhwY0RBaVBpWWplR0U3UEhKbFkzUWdkMmxrZEdnOUlqRWlJR2hsYVdkb2REMGlNU0lnWm1sc2JEMGlkMmhwZEdVaUx6NG1JM2hoT3p3dlkyeHBjRkJoZEdnK0ppTjRZVHM4TDJSbFpuTStKaU40WVRzOEwzTjJaejQ9O3ZlcnRpY2FsTGFiZWxQb3NpdGlvbj1ib3R0b207dmVydGljYWxBbGlnbj10b3A7aXIuc3luY2hyb25pemVkPTE7c3Ryb2tlV2lkdGg9MTsiIHBhcmVudD0iMjMiIHZlcnRleD0iMSIgaXNUaHVtYj0iMCI+PG14R2VvbWV0cnkgeD0iNTUyIiB5PSI0OCIgd2lkdGg9IjkwIiBoZWlnaHQ9IjkwIiBhcz0iZ2VvbWV0cnkiLz48L214Q2VsbD48bXhDZWxsIGlkPSIzMCIgdmFsdWU9IkFXUyBSRFMgKFJlbGF0aW9uYWwgRGF0YWJhc2UgU2VydmljZSkgLT4gQVdTIEEySSAoQXVnbWVudGVkIEFJKSIgc3R5bGU9ImlyLnJlZj04OTAxM2UyZC04YzRkLTQ5NDYtOTcxYy02MmU4ZDk1MWMyNzA7ZWRnZVN0eWxlPW5vbmU7Y3VydmVkPTE7aHRtbD0xO2lyLnN5bmNocm9uaXplZD0xO3N0cm9rZUNvbG9yPSNCRkJGQkY7c3Ryb2tlV2lkdGg9MjtlbmRBcnJvdz1vcGVuO2VuZEZpbGw9MDtlbmRTaXplPTQ7c291cmNlUGVyaW1ldGVyU3BhY2luZz05OyIgcGFyZW50PSIyMyIgc291cmNlPSIyNSIgdGFyZ2V0PSIyOCIgZWRnZT0iMSI+PG14R2VvbWV0cnkgcmVsYXRpdmU9IjEiIGFzPSJnZW9tZXRyeSIvPjwvbXhDZWxsPjxteENlbGwgaWQ9IjI1IiB2YWx1ZT0iQVdTIFJEUyAoUmVsYXRpb25hbCBEYXRhYmFzZSBTZXJ2aWNlKSIgc3R5bGU9ImlyLnJlZj1lMGJkOWZiNS1mMWYzLTRkMzktODJlZi1kMDEzMDVlZGQzZDQ7cm91bmRlZD0xO3doaXRlU3BhY2U9d3JhcDtodG1sPTE7YWxpZ249Y2VudGVyO2ltYWdlQWxpZ249Y2VudGVyO2ltYWdlV2lkdGg9ODI7aW1hZ2VIZWlnaHQ9ODI7YXJjU2l6ZT05MDthYnNvbHV0ZUFyY1NpemU9MTtzdHJva2VDb2xvcj0jMjBDOUUzO2ZpbGxDb2xvcj0jRTNGQ0ZDO2ZvbnRDb2xvcj0jMDA4NEFEO2ZvbnRTaXplPTEyO3NvdXJjZT1pcml1c3Jpc2s7aXIudHlwZT1DT01QT05FTlQ7aXIuY29tcG9uZW50RGVmaW5pdGlvbi5yZWY9cmRzO2ltYWdlPWRhdGE6aW1hZ2Uvc3ZnK3htbCxQSE4yWnlCNGJXeHVjejBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01DOXpkbWNpSUhkcFpIUm9QU0l4SWlCb1pXbG5hSFE5SWpFaUlIWnBaWGRDYjNnOUlqQWdNQ0F4SURFaUlHWnBiR3c5SW01dmJtVWlQaVlqZUdFN1BHMWhjMnNnYVdROUltMWhjMnN3SWlCdFlYTnJMWFI1Y0dVOUltRnNjR2hoSWlCdFlYTnJWVzVwZEhNOUluVnpaWEpUY0dGalpVOXVWWE5sSWlCNFBTSXdJaUI1UFNJd0lpQjNhV1IwYUQwaU1TSWdhR1ZwWjJoMFBTSXhJajRtSTNoaE96eGphWEpqYkdVZ1kzZzlJakF1TlNJZ1kzazlJakF1TlNJZ2NqMGlNQzQxSWlCbWFXeHNQU0ppYkdGamF5SXZQaVlqZUdFN1BDOXRZWE5yUGlZamVHRTdQR2NnYldGemF6MGlkWEpzS0NOdFlYTnJNQ2tpUGlZamVHRTdQR2NnWTJ4cGNDMXdZWFJvUFNKMWNtd29JMk5zYVhBd0tTSStKaU40WVRzOGNHRjBhQ0JrUFNKTk1TQXdTREJXTVVneFZqQmFJaUJtYVd4c1BTSjFjbXdvSTNCaGFXNTBNRjlzYVc1bFlYSXBJaTgrSmlONFlUczhjR0YwYUNCa1BTSk5NQzQyTkRZd01ETWdNQzR6TnpZME56bERNQzQyTkRZd01ETWdNQzR6TXpjNE1UTWdNQzQxTnpBeE16Y2dNQzR6TVRrNU5EWWdNQzQwT1Rrek16Y2dNQzR6TVRrNU5EWkRNQzQwTWpnMU16Y2dNQzR6TVRrNU5EWWdNQzR6TlRJMk55QXdMak16TnpneE15QXdMak0xTWpZM0lEQXVNemMyTkRjNVF6QXVNelV5TmpFeUlEQXVNemM0TkRFeklEQXVNelV5T0RNM0lEQXVNemd3TXpRMElEQXVNelV6TXpNM0lEQXVNemd5TWpFelZqQXVOakl5T0RjNVF6QXVNelV5TmpjZ01DNDJOakk0TnprZ01DNDBNamcyTnlBd0xqWTNPVGswTlNBd0xqVXdNREF3TXlBd0xqWTNPVGswTlVNd0xqVTNNVE16TnlBd0xqWTNPVGswTlNBd0xqWTBOalkzSURBdU5qWXlNelExSURBdU5qUTJOamNnTUM0Mk1qTTJOemxXTUM0ek56WTBOemxJTUM0Mk5EWXdNRE5hVFRBdU5EazVOakF6SURBdU16UTJOelEyUXpBdU5UYzNNek0zSURBdU16UTJOelEySURBdU5qRTVOakF6SURBdU16WTNPVFEySURBdU5qRTVOakF6SURBdU16YzJOakV6UXpBdU5qRTVOakF6SURBdU16ZzFNamM1SURBdU5UYzNOakF6SURBdU5EQTJORGM1SURBdU5EazVOakF6SURBdU5EQTJORGM1UXpBdU5ESXhOakF6SURBdU5EQTJORGM1SURBdU16YzVOakF6SURBdU16ZzFOREV6SURBdU16YzVOakF6SURBdU16YzJOakV6UXpBdU16YzVOakF6SURBdU16WTNPREV6SURBdU5ESXhPRGNnTUM0ek5EWTNORFlnTUM0ME9UazJNRE1nTUM0ek5EWTNORFphVFRBdU5qRTVOakF6SURBdU5qSXpPREV5UXpBdU5qRTVOakF6SURBdU5qTXlNelExSURBdU5UYzNORGNnTUM0Mk5UTTBNVElnTUM0ME9UazJNRE1nTUM0Mk5UTTBNVEpETUM0ME1qRTNNemNnTUM0Mk5UTTBNVElnTUM0ek56azJNRE1nTUM0Mk16SXpORFVnTUM0ek56azJNRE1nTUM0Mk1qTTRNVEpXTUM0MU9ERTJOemxETUM0ME1EYzNNemNnTUM0MU9UY3dNVElnTUM0ME5UUTVNemNnTUM0Mk1EUXpORFVnTUM0ME9UazJNRE1nTUM0Mk1EUXpORFZETUM0MU5EUXlOeUF3TGpZd05ETTBOU0F3TGpVNU1UQTNJREF1TlRrM01UUTFJREF1TmpFNU5qQXpJREF1TlRneU1EYzVWakF1TmpJek9ERXlXazB3TGpZeE9UWXdNeUF3TGpVME56azBOa013TGpZeE9UWXdNeUF3TGpVMU5qUTNPU0F3TGpVM056WXdNeUF3TGpVM056Z3hNaUF3TGpRNU9UWXdNeUF3TGpVM056Z3hNa013TGpReU1UWXdNeUF3TGpVM056Z3hNaUF3TGpNM09UWXdNeUF3TGpVMU5qUTNPU0F3TGpNM09UWXdNeUF3TGpVME56azBOa2d3TGpNNE1EQXdNMVl3TGpRNU56QXhNa013TGpRd09ERXpOeUF3TGpVeE1qSXhNaUF3TGpRMU5UTXpOeUF3TGpVeE9UVTBOaUF3TGpVd01EQXdNeUF3TGpVeE9UVTBOa013TGpVME5EWTNJREF1TlRFNU5UUTJJREF1TlRreE5EY2dNQzQxTVRJek5EWWdNQzQyTWpBd01ETWdNQzQwT1RjeU56bE1NQzQyTVRrMk1ETWdNQzQxTkRjNU5EWmFUVEF1TmpFNU5qQXpJREF1TkRZek1ERXpRekF1TmpFNU5qQXpJREF1TkRjeE5qYzVJREF1TlRjM05qQXpJREF1TkRrek1ERXlJREF1TkRrNU5qQXpJREF1TkRrek1ERXlRekF1TkRJeE5qQXpJREF1TkRrek1ERXlJREF1TXpjNU5qQXpJREF1TkRjeE5qYzVJREF1TXpjNU5qQXpJREF1TkRZek1ERXpTREF1TXpnd01EQXpWakF1TkRFeE1ERXpRekF1TkRBNE5EQXpJREF1TkRJMk1EYzVJREF1TkRVMU1EY2dNQzQwTXpNd01UTWdNQzQxTURBd01ETWdNQzQwTXpNd01UTkRNQzQxTkRRNU16Y2dNQzQwTXpNd01UTWdNQzQxT1RJeE16Y2dNQzQwTWpVNE1UTWdNQzQyTWpBd01ETWdNQzQwTVRBME56bE1NQzQyTVRrMk1ETWdNQzQwTmpNd01UTmFJaUJtYVd4c1BTSjNhR2wwWlNJdlBpWWplR0U3UEhCaGRHZ2daRDBpVFRBdU1qRXlNRGt6SURBdU9EQTJPRWd3TGpJNU9UazFPVll3TGpnek16UTJOa2d3TGpFM09UazFPVU13TGpFM05qUXlNeUF3TGpnek16UTJOaUF3TGpFM016QXpNaUF3TGpnek1qQTJNU0F3TGpFM01EVXpNU0F3TGpneU9UVTJNVU13TGpFMk9EQXpNU0F3TGpneU56QTJNU0F3TGpFMk5qWXlOaUF3TGpneU16WTJPU0F3TGpFMk5qWXlOaUF3TGpneU1ERXpNMVl3TGpjd01ERXpNMGd3TGpFNU16STVNMVl3TGpjNE56Y3pNMHd3TGpJNU16STVNeUF3TGpZNE56ZzJOa3d3TGpNeE1UazFPU0F3TGpjd05qWTJOa3d3TGpJeE1qQTVNeUF3TGpnd05qaGFJaUJtYVd4c1BTSjNhR2wwWlNJdlBpWWplR0U3UEhCaGRHZ2daRDBpVFRBdU9ETXpNek14SURBdU56QXdNVE14VmpBdU9ESXdNVE14UXpBdU9ETXpNek14SURBdU9ESXpOalkzSURBdU9ETXhPVEkySURBdU9ESTNNRFU1SURBdU9ESTVOREkySURBdU9ESTVOVFU1UXpBdU9ESTJPVEkxSURBdU9ETXlNRFlnTUM0NE1qTTFNelFnTUM0NE16TTBOalFnTUM0NE1UazVPVGdnTUM0NE16TTBOalJJTUM0Mk9UazVPVGhXTUM0NE1EWTNPVGhJTUM0M09EYzROalJNTUM0Mk9Ea3pNekVnTUM0M01EYzVPVGhNTUM0M01EZ3hNekVnTUM0Mk9Ea3pNekZNTUM0NE1EWTJOalFnTUM0M09EYzNNekZXTUM0M01EQXhNekZJTUM0NE16TXpNekZhSWlCbWFXeHNQU0ozYUdsMFpTSXZQaVlqZUdFN1BIQmhkR2dnWkQwaVRUQXVPRE16TXpNeElEQXVNVGd3TWpBMFZqQXVNekF3TWpBMFNEQXVPREEyTmpZMFZqQXVNakV5TWpBMFREQXVOekE0TVRNeElEQXVNekV3TnpNNFREQXVOamc1TXpNeElEQXVNamt4T1RNNFREQXVOemczTnpNeElEQXVNVGt6TlRNM1NEQXVOams1T1RrNFZqQXVNVFkyT0RkSU1DNDRNVGs1T1RoRE1DNDRNak0xTXpRZ01DNHhOalk0TnlBd0xqZ3lOamt5TlNBd0xqRTJPREkzTlNBd0xqZ3lPVFF5TmlBd0xqRTNNRGMzTlVNd0xqZ3pNVGt5TmlBd0xqRTNNekkzTmlBd0xqZ3pNek16TVNBd0xqRTNOalkyTnlBd0xqZ3pNek16TVNBd0xqRTRNREl3TkZvaUlHWnBiR3c5SW5kb2FYUmxJaTgrSmlONFlUczhjR0YwYUNCa1BTSk5NQzR6TVRFNU5Ua2dNQzR5T1RNek1EUk1NQzR5T1RNeU9UTWdNQzR6TVRFNU56Rk1NQzR4T1RNeU9UTWdNQzR5TVRJeE1EUldNQzR5T1RrNE16ZElNQzR4TmpZMk1qWldNQzR4TnprNE16ZERNQzR4TmpZMk1qWWdNQzR4TnpZek1ERWdNQzR4Tmpnd016RWdNQzR4TnpJNU1TQXdMakUzTURVek1TQXdMakUzTURRd09VTXdMakUzTXpBek1pQXdMakUyTnprd09TQXdMakUzTmpReU15QXdMakUyTmpVd05DQXdMakUzT1RrMU9TQXdMakUyTmpVd05FZ3dMakk1T1RrMU9WWXdMakU1TXpFM01VZ3dMakl4TWpBNU0wd3dMak14TVRrMU9TQXdMakk1TXpNd05Gb2lJR1pwYkd3OUluZG9hWFJsSWk4K0ppTjRZVHM4Y0dGMGFDQmtQU0pOTUM0eU9UVTBPVEVnTUM0Mk1UazFNRE5ETUM0eU1UUXdNalVnTUM0MU9UQXhOeUF3TGpFMk56TTFPQ0F3TGpVME5UTTJPU0F3TGpFMk56TTFPQ0F3TGpRNU5qY3dNa013TGpFMk56TTFPQ0F3TGpRME9EQXpOU0F3TGpJeE5EQXlOU0F3TGpRd016TTJPQ0F3TGpJNU5UUTVNU0F3TGpNM016a3dNVXd3TGpNd05EVTFOeUF3TGpNNU9EazJPRU13TGpJek5UTTFPQ0F3TGpReU16a3dNaUF3TGpFNU5EQXlOU0F3TGpRMk1EUXpOU0F3TGpFNU5EQXlOU0F3TGpRNU5qY3dNa013TGpFNU5EQXlOU0F3TGpVek1qazJPU0F3TGpJek5UTTFPQ0F3TGpVMk9UVXdNeUF3TGpNd05EVTFOeUF3TGpVNU5EUXpOMHd3TGpJNU5UUTVNU0F3TGpZeE9UVXdNMW9pSUdacGJHdzlJbmRvYVhSbElpOCtKaU40WVRzOGNHRjBhQ0JrUFNKTk1DNDJPVGN4TXpJZ01DNDJNakkwTkV3d0xqWTRPRFU1T1NBd0xqVTVOekV3TjBNd0xqYzJNalU1T1NBd0xqVTNNakUzTXlBd0xqZ3dOamN6TWlBd0xqVXpORFUzTXlBd0xqZ3dOamN6TWlBd0xqUTVOamN3TmtNd0xqZ3dOamN6TWlBd0xqUTFPRGd6T1NBd0xqYzJNalU1T1NBd0xqUXlNVEl6T1NBd0xqWTRPRFU1T1NBd0xqTTVOakUzTWt3d0xqWTVOekV6TWlBd0xqTTNNRGszTWtNd0xqYzRNelkyTlNBd0xqUXdNREF6T1NBd0xqZ3pNek01T1NBd0xqUTBOakUzTWlBd0xqZ3pNek01T1NBd0xqUTVOamN3TmtNd0xqZ3pNek01T1NBd0xqVTBOekkwSURBdU56Z3pOalkxSURBdU5Ua3pNVEEzSURBdU5qazNNVE15SURBdU5qSXlORFJhSWlCbWFXeHNQU0ozYUdsMFpTSXZQaVlqZUdFN1BDOW5QaVlqZUdFN1BDOW5QaVlqZUdFN1BHUmxabk0rSmlONFlUczhiR2x1WldGeVIzSmhaR2xsYm5RZ2FXUTlJbkJoYVc1ME1GOXNhVzVsWVhJaUlIZ3hQU0l0TUM0eU1EY3dOamNpSUhreFBTSXhMakl3TnpBM0lpQjRNajBpTVM0eU1EY3lJaUI1TWowaUxUQXVNakEzTWlJZ1ozSmhaR2xsYm5SVmJtbDBjejBpZFhObGNsTndZV05sVDI1VmMyVWlQaVlqZUdFN1BITjBiM0FnYzNSdmNDMWpiMnh2Y2owaUl6SkZNamRCUkNJdlBpWWplR0U3UEhOMGIzQWdiMlptYzJWMFBTSXhJaUJ6ZEc5d0xXTnZiRzl5UFNJak5USTNSa1pHSWk4K0ppTjRZVHM4TDJ4cGJtVmhja2R5WVdScFpXNTBQaVlqZUdFN1BHTnNhWEJRWVhSb0lHbGtQU0pqYkdsd01DSStKaU40WVRzOGNtVmpkQ0IzYVdSMGFEMGlNU0lnYUdWcFoyaDBQU0l4SWlCbWFXeHNQU0ozYUdsMFpTSXZQaVlqZUdFN1BDOWpiR2x3VUdGMGFENG1JM2hoT3p3dlpHVm1jejRtSTNoaE96d3ZjM1puUGc9PTt2ZXJ0aWNhbExhYmVsUG9zaXRpb249Ym90dG9tO3ZlcnRpY2FsQWxpZ249dG9wO2lyLnN5bmNocm9uaXplZD0xO3N0cm9rZVdpZHRoPTE7IiBwYXJlbnQ9IjIzIiB2ZXJ0ZXg9IjEiIGlzVGh1bWI9IjAiPjxteEdlb21ldHJ5IHg9IjU4IiB5PSI1MyIgd2lkdGg9IjkwIiBoZWlnaHQ9IjkwIiBhcz0iZ2VvbWV0cnkiLz48L214Q2VsbD48bXhDZWxsIGlkPSIzMSIgdmFsdWU9IkFXUyBBMkkgKEF1Z21lbnRlZCBBSSkgLT4gQVdTIEVDMiAoRWxhc3RpYyBDb21wdXRlIENsb3VkKSIgc3R5bGU9ImlyLnJlZj0wMjVhYjFmMi1mNjE1LTQzOGUtYTQwYS0zZjg4YzYzNDNkN2E7ZWRnZVN0eWxlPW5vbmU7Y3VydmVkPTE7aHRtbD0xO2lyLnN5bmNocm9uaXplZD0xO3N0cm9rZUNvbG9yPSNCRkJGQkY7c3Ryb2tlV2lkdGg9MjtlbmRBcnJvdz1vcGVuO2VuZEZpbGw9MDtlbmRTaXplPTQ7c291cmNlUGVyaW1ldGVyU3BhY2luZz05OyIgcGFyZW50PSIyMyIgc291cmNlPSIyOCIgdGFyZ2V0PSIyNCIgZWRnZT0iMSI+PG14R2VvbWV0cnkgcmVsYXRpdmU9IjEiIGFzPSJnZW9tZXRyeSIvPjwvbXhDZWxsPjxteENlbGwgaWQ9IjI4IiB2YWx1ZT0iQVdTIEEySSAoQXVnbWVudGVkIEFJKSIgc3R5bGU9ImlyLnJlZj1jNjIwNmZiYy0yYWRhLTRkMGYtODZiNi02NmFhZjA4ZTk3YjI7cm91bmRlZD0xO3doaXRlU3BhY2U9d3JhcDtodG1sPTE7YWxpZ249Y2VudGVyO2ltYWdlQWxpZ249Y2VudGVyO2ltYWdlV2lkdGg9ODI7aW1hZ2VIZWlnaHQ9ODI7YXJjU2l6ZT05MDthYnNvbHV0ZUFyY1NpemU9MTtzdHJva2VDb2xvcj0jMjBDOUUzO2ZpbGxDb2xvcj0jRTNGQ0ZDO2ZvbnRDb2xvcj0jMDA4NEFEO2ZvbnRTaXplPTEyO3NvdXJjZT1pcml1c3Jpc2s7aXIudHlwZT1DT01QT05FTlQ7aXIuY29tcG9uZW50RGVmaW5pdGlvbi5yZWY9Q0QtQTJJO2ltYWdlPWRhdGE6aW1hZ2Uvc3ZnK3htbCxQSE4yWnlCNGJXeHVjejBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01DOXpkbWNpSUhkcFpIUm9QU0l4SWlCb1pXbG5hSFE5SWpFaUlIWnBaWGRDYjNnOUlqQWdNQ0F4SURFaUlHWnBiR3c5SW01dmJtVWlQaVlqZUdFN1BHMWhjMnNnYVdROUltMWhjMnN3WHpFMU16WmZNalF6TlRjaUlITjBlV3hsUFNKdFlYTnJMWFI1Y0dVNllXeHdhR0VpSUcxaGMydFZibWwwY3owaWRYTmxjbE53WVdObFQyNVZjMlVpSUhnOUlqQWlJSGs5SWpBaUlIZHBaSFJvUFNJeElpQm9aV2xuYUhROUlqRWlQaVlqZUdFN1BHTnBjbU5zWlNCamVEMGlNQzQxSWlCamVUMGlNQzQxSWlCeVBTSXdMalVpSUdacGJHdzlJbUpzWVdOcklpOCtKaU40WVRzOEwyMWhjMnMrSmlONFlUczhaeUJ0WVhOclBTSjFjbXdvSTIxaGMyc3dYekUxTXpaZk1qUXpOVGNwSWo0bUkzaGhPenh3WVhSb0lHWnBiR3d0Y25Wc1pUMGlaWFpsYm05a1pDSWdZMnhwY0MxeWRXeGxQU0psZG1WdWIyUmtJaUJrUFNKTk1DQXdTREZXTUM0NU9UazVPVGxJTUZZd1dpSWdabWxzYkQwaWRYSnNLQ053WVdsdWREQmZiR2x1WldGeVh6RTFNelpmTWpRek5UY3BJaTgrSmlONFlUczhjR0YwYUNCbWFXeHNMWEoxYkdVOUltVjJaVzV2WkdRaUlHTnNhWEF0Y25Wc1pUMGlaWFpsYm05a1pDSWdaRDBpVFRBdU5qWXdNekV5SURBdU9ESTFNRFkyUXpBdU5qVTJORFl5SURBdU56YzJOVEkySURBdU5qTXdORGt6SURBdU56TXlNRFUySURBdU5Ua3dOVGN6SURBdU56QTJPRGsyUXpBdU5UWTRORGt6SURBdU5qa3lPVGsySURBdU5UUXpNVGN6SURBdU5qZzFOak0zSURBdU5URTNNek16SURBdU5qZzFOakkzUXpBdU5EUXlNakV6SURBdU5qZzFOakkzSURBdU16Z3dNemcwSURBdU56UTNNVEUySURBdU16YzBNelkwSURBdU9ESTFNRFkyU0RBdU5qWXdNekV5V2swd0xqVXhOell3TXlBd0xqWTJNRFl5TjBNd0xqVTJNRFU0TXlBd0xqWTJNRFl5TnlBd0xqVTVOVFV6TXlBd0xqWXlOVFkyTnlBd0xqVTVOVFV5TXlBd0xqVTRNalk1TjBNd0xqVTVOVFV5TXlBd0xqVXpPVGN4TnlBd0xqVTJNRFUzTXlBd0xqVXdORGMxTnlBd0xqVXhOell3TXlBd0xqVXdORGMxTjBNd0xqUTNORFl5TXlBd0xqVXdORGMxTnlBd0xqUXpPVFkyTXlBd0xqVXpPVGN4TnlBd0xqUXpPVFkyTXlBd0xqVTRNalk1TjBNd0xqUXpPVFkyTXlBd0xqWXlOVFkzTnlBd0xqUTNORFl5TXlBd0xqWTJNRFl6TnlBd0xqVXhOell3TXlBd0xqWTJNRFl5TjFwTk1DNDJPRFU0TURJZ01DNDRNemMxTmpaRE1DNDJPRFU0TURJZ01DNDRORFEwTmpZZ01DNDJPREF5TVRJZ01DNDROVEF3TmpZZ01DNDJOek16TURJZ01DNDROVEF3TmpaSU1DNHpOakV6T0RSRE1DNHpOVFEwTnpRZ01DNDROVEF3TmpZZ01DNHpORGc0T0RRZ01DNDRORFEwTmpZZ01DNHpORGc0T0RRZ01DNDRNemMxTmpaRE1DNHpORGc0T0RRZ01DNDNOVGs0TURZZ01DNHpPVFk1TmpNZ01DNDJPVE0zTlRZZ01DNDBOak0wTmpNZ01DNDJOekF3TnpkRE1DNDBNelF5TWpNZ01DNDJOVEU1TURjZ01DNDBNVFEyTmpNZ01DNDJNVGsxTnpjZ01DNDBNVFEyTmpNZ01DNDFPREkyT1RkRE1DNDBNVFEyTmpNZ01DNDFNalU1TXpjZ01DNDBOakE0TXpNZ01DNDBOemszTlRjZ01DNDFNVGMyTURNZ01DNDBOemszTlRkRE1DNDFOelF6TlRNZ01DNDBOemszTlRjZ01DNDJNakExTXpNZ01DNDFNalU1TWpjZ01DNDJNakExTWpNZ01DNDFPREkyT1RkRE1DNDJNakExTWpNZ01DNDJNVGsyTURjZ01DNDJNREE1TXpNZ01DNDJOVEU1TXpjZ01DNDFOekUyT0RNZ01DNDJOekF4TVRkRE1DNDFPREk0T0RNZ01DNDJOelF4TURjZ01DNDFPVE0yT1RNZ01DNDJOemt6TURjZ01DNDJNRE01TURNZ01DNDJPRFUzTkRkRE1DNDJOVFEwTVRJZ01DNDNNVGMxT0RZZ01DNDJPRFU0TURJZ01DNDNOelUzTlRZZ01DNDJPRFU0TURJZ01DNDRNemMxTmpaV01DNDRNemMxTmpaYVRUQXVNalUyTWpnMElEQXVOVEUwTkRFM1REQXVNalk1TVRVMElEQXVOVE0xT0RVM1REQXVNelF5TXpjMElEQXVORGt4T1RJM1REQXVNemczT0RBeklEQXVOVEU1TXprM1REQXVOREF3TnpNeklEQXVORGs0TURBM1REQXVNelV3T0RFMElEQXVORFkzT0RBM1REQXVNelV3T0RJMElEQXVOREV6T0RrM1REQXVORE15TURJeklEQXVNelkzTXpJM1F6QXVORE0xT1RJeklEQXVNelkxTVRBM0lEQXVORE00TXpFeklEQXVNell3T1RZM0lEQXVORE00TXpFeklEQXVNelUyTkRrM1ZqQXVNak0zTXpVNFNEQXVOREV6TXpFelZqQXVNelE1TWpVM1REQXVNek00TlRFMElEQXVNemt5TVRRM1REQXVNall6TXpFMElEQXVNelV3TVRrM1ZqQXVNalUyTVRrNFREQXVNek00TXpFMElEQXVNakV4TkRZNFZqQXVNams1T0RVM1NEQXVNell6TXpFMFZqQXVNVGsyTlRVNFREQXVOREUzTmpVeklEQXVNVFkwTVRRNFREQXVOVEF3T0RFeklEQXVNakEwTVRRNFZqQXVORFE1T0RVM1NEQXVOVEkxT0RFelZqQXVNVGsyTWpjNFF6QXVOVEkxT0RFeklEQXVNVGt4TkRjNElEQXVOVEl6TURZeklEQXVNVGczTURnNElEQXVOVEU0TnpNeklEQXVNVGcxTURFNFREQXVOREl5TkRNeklEQXVNVE00TnpBNFF6QXVOREU0TmpNeklEQXVNVE0yT0RrNElEQXVOREUwTWpJeklEQXVNVE0zTURrNElEQXVOREV3TmpBeklEQXVNVE01TWpJNFREQXVNalEwTkRFMElEQXVNak00TXpVNFF6QXVNalF3TmpNMElEQXVNalF3TmpFNElEQXVNak00TXpFMElEQXVNalEwTmprNElEQXVNak00TXpFMElEQXVNalE1TURrNFZqQXVNelF6TnprM1REQXVNVFU0TmpjMElEQXVNemMxTmpRM1F6QXVNVFV6T1RNMElEQXVNemMzTlRRM0lEQXVNVFV3T0RNMElEQXVNemd5TVRBM0lEQXVNVFV3T0RFMElEQXVNemczTWpBM1REQXVNVFV3TURJMElEQXVOVGMyT1RJM1F6QXVNVFV3TURFMElEQXVOVGd4TWpRM0lEQXVNVFV5TWpJMElEQXVOVGcxTWpjM0lEQXVNVFUxT0RnMElEQXVOVGczTlRjM1REQXVNak00TXpFMElEQXVOak01TVRjM1ZqQXVOekl5TkRZMlF6QXVNak00TXpFMElEQXVOekkyTXprMklEQXVNalF3TVRjMElEQXVOek13TVRBMklEQXVNalF6TXpJMElEQXVOek15TkRVMlREQXVNekE1TURnMElEQXVOemd4TnprMlREQXVNekkwTURnMElEQXVOell4TnprMlREQXVNall6TXpFMElEQXVOekUyTWpFMlZqQXVOak15TWpVM1F6QXVNall6TXpFMElEQXVOak13T1RZM0lEQXVNall6TVRJMElEQXVOakk1TnpBM0lEQXVNall5TnpNMElEQXVOakk0TlRBM1REQXVNek0wT1RNMElEQXVOVGcxTVRrM1REQXVNekl5TURZMElEQXVOVFl6TnpVM1REQXVNalF4T0RJMElEQXVOakV4T0RrM1REQXVNVGMxTURVMElEQXVOVGN3TURjM1REQXVNVGMxTXpNMElEQXVOVEF3TURZM1REQXVNalV5TnpFMElEQXVORFV6TmpRM1REQXVNak01T0RNMElEQXVORE15TWpBM1REQXVNVGMxTkRZMElEQXVORGN3T0RJM1REQXVNVGMxTnpjMElEQXVNemsxTnpJM1REQXVNalEwTkRJMElEQXVNelk0TWpjM1REQXVNekkxT0RJMElEQXVOREV6TmprM1REQXVNekkxT0RFMElEQXVORGN5TnpFM1REQXVNalUyTWpnMElEQXVOVEUwTkRFM1drMHdMalkwTmpjeE1pQXdMalV5T0Rnd04wTXdMalkxTVRBd01pQXdMalV4TkRZeE55QXdMalkxTXpFM01pQXdMalV3TURFeE55QXdMalkxTXpFM01pQXdMalE0TlRjeU4wTXdMalkxTXpFM01pQXdMalF4T1RneE55QXdMall3T1RBMU15QXdMak0yTVRNM055QXdMalUwTlRnNE15QXdMak0wTXpZeE4wd3dMalV6T1RFeU15QXdMak0yTnpZNU4wTXdMalU1TVRVME15QXdMak00TWpRek55QXdMall5T0RFM015QXdMalF6TURrM055QXdMall5T0RFM015QXdMalE0TlRjeU4wTXdMall5T0RFM015QXdMalE1TnpZMk55QXdMall5TmpNMk15QXdMalV3T1RjeU55QXdMall5TWpjNE15QXdMalV5TVRVM04wd3dMalkwTmpjeE1pQXdMalV5T0Rnd04xcE5NQzQ0TlRBd01ESWdNQzQxTkRVME1qZE1NQzQ0TURJNE1ESWdNQzQyTmpnNU1UZERNQzQ0TURFMU9ESWdNQzQyTnpJeE5EY2dNQzQzT1Rrd09ESWdNQzQyTnpRM01EY2dNQzQzT1RVNE9ESWdNQzQyTnpZd01UZERNQzQzT1RJMk9USWdNQzQyTnpjek1qY2dNQzQzT0RreE1qSWdNQzQyTnpjeU5qY2dNQzQzT0RVNU9ESWdNQzQyTnpVNE5UZE1NQzQzTkRVME56SWdNQzQyTlRjMU9UZERNQzQzTkRNM01ESWdNQzQyTmpBME16Y2dNQzQzTkRJd01qSWdNQzQyTmpNeE5qY2dNQzQzTkRBek9ESWdNQzQyTmpVNE1qZERNQzQzTWpreU9ESWdNQzQyT0RNNU1UWWdNQzQzTVRrMk9USWdNQzQyT1RrMU5UWWdNQzQyT1RjNE5qSWdNQzQzTVRZd05EWk1NQzQyT0RJNE1ESWdNQzQyT1RZd056WkRNQzQzTURBNE5qSWdNQzQyT0RJME5EWWdNQzQzTURnMU1ESWdNQzQyTmprNU9EY2dNQzQzTVRrd09ESWdNQzQyTlRJM05UZERNQzQzTWpJMU1USWdNQzQyTkRjeE9EY2dNQzQzTWpZeE5ESWdNQzQyTkRFeU5UY2dNQzQzTXpBek9ESWdNQzQyTXpRNE5UZERNQzQzTXpNM09ESWdNQzQyTWprM05UY2dNQzQzTkRBek5qSWdNQzQyTWpjNE5qY2dNQzQzTkRVNU5USWdNQzQyTXpBek56ZE1NQzQzT0RReE56SWdNQzQyTkRjMk1UZE1NQzQ0TWpFNU1USWdNQzQxTkRnNE56ZE1NQzQzT0RFM05USWdNQzQxTXpZeE1UZERNQzQzTnpVNU1USWdNQzQxTXpReU5UY2dNQzQzTnpJeU56SWdNQzQxTWpnME5UY2dNQzQzTnpNeE5qSWdNQzQxTWpJek9UZERNQzQzTnpjMk1USWdNQzQwT1RJd05UY2dNQzQzTnpZM05USWdNQzQwTmpFeE9UY2dNQzQzTnpBMk16SWdNQzQwTXpBMk1UZERNQzQzTmprME16SWdNQzQwTWpRMk1qY2dNQzQzTnpJM05ESWdNQzQwTVRnMk16Y2dNQzQzTnpnME5qSWdNQzQwTVRZME56ZE1NQzQ0TVRjM01ESWdNQzQwTURFMk1UZE1NQzQzTnpRME5USWdNQzR6TURVeE1UZE1NQzQzTXpjeU1ESWdNQzR6TWpRME9UZERNQzQzTXpFM05USWdNQzR6TWpjek1EY2dNQzQzTWpVeE1qSWdNQzR6TWpVM09UY2dNQzQzTWpFME5qSWdNQzR6TWpBNU1UZERNQzQzTURJM016SWdNQzR5T1RZeE1EZ2dNQzQyT0RBeU5USWdNQzR5TnpRNE9EZ2dNQzQyTlRRMk1qSWdNQzR5TlRjNE56aERNQzQyTkRrMU16SWdNQzR5TlRRME9EZ2dNQzQyTkRjMk16SWdNQzR5TkRjNU1UZ2dNQzQyTlRBeE5USWdNQzR5TkRJek1qaE1NQzQyTmpjME1ESWdNQzR5TURNNU5EaE1NQzQxTmpjMU1qTWdNQzR4TmpVNU1EaE1NQzQxTlRNd01UTWdNQzR4T1RrNU1EaE1NQzQxTXpBd01UTWdNQzR4T1RBd09UaE1NQzQxTkRreU5UTWdNQzR4TkRVd05EaERNQzQxTlRFNE9UTWdNQzR4TXpnNE56Z2dNQzQxTlRnNU5UTWdNQzR4TXpVNE9EZ2dNQzQxTmpVeU1ETWdNQzR4TXpneU5qaE1NQzQyT0RnMk9ESWdNQzR4T0RVeU9UaERNQzQyT1RFNE9USWdNQzR4T0RZMU16Z2dNQzQyT1RRME5qSWdNQzR4T0Rrd01UZ2dNQzQyT1RVM09ESWdNQzR4T1RJeU1EaERNQzQyT1Rjd09USWdNQzR4T1RVek9EZ2dNQzQyT1Rjd05ESWdNQzR4T1RnNU5qZ2dNQzQyT1RVMk16SWdNQzR5TURJeE1EaE1NQzQyTnpjeU1qSWdNQzR5TkRNd09UaERNQzQyT1RnM01qSWdNQzR5TlRnMU16Z2dNQzQzTVRnd05qSWdNQzR5TnpZM09EZ2dNQzQzTXpRNE56SWdNQzR5T1RjMU1UaE1NQzQzTnpRMk5USWdNQzR5TnpZNE1UaERNQzQzTnpjM01qSWdNQzR5TnpVeU16Z2dNQzQzT0RFeU9ESWdNQzR5TnpRNU56Z2dNQzQzT0RRMU16SWdNQzR5TnpZeE1EaERNQzQzT0RjM09ESWdNQzR5TnpjeU1qZ2dNQzQzT1RBME1qSWdNQzR5TnprMk5UZ2dNQzQzT1RFNE1qSWdNQzR5T0RJM09UaE1NQzQ0TkRVNU16SWdNQzQwTURNME9UZERNQzQ0TkRjek5ESWdNQzQwTURZMk16Y2dNQzQ0TkRjek9USWdNQzQwTVRBeU1qY2dNQzQ0TkRZd056SWdNQzQwTVRNME1EZERNQzQ0TkRRM05ESWdNQzQwTVRZMU9EY2dNQzQ0TkRJeE9ESWdNQzQwTVRrd09EY2dNQzQ0TXpnNU5qSWdNQzQwTWpBeU9UZE1NQzQzT1Rjd05USWdNQzQwTXpZeE5qZERNQzQ0TURFek9USWdNQzQwTmpJMU56Y2dNQzQ0TURJeE16SWdNQzQwT0RreE5UY2dNQzQzT1RreU5USWdNQzQxTVRVME5EZE1NQzQ0TkRJeE1ESWdNQzQxTWprd05UZERNQzQ0TkRVek9USWdNQzQxTXpBeE1EY2dNQzQ0TkRnd056SWdNQzQxTXpJME5EY2dNQzQ0TkRrMU56SWdNQzQxTXpVMU5EZERNQzQ0TlRFd056SWdNQzQxTXpnMk5EY2dNQzQ0TlRFeU1USWdNQzQxTkRJeU16Y2dNQzQ0TlRBd01ESWdNQzQxTkRVME1qZFdNQzQxTkRVME1qZGFJaUJtYVd4c1BTSjNhR2wwWlNJdlBpWWplR0U3UEM5blBpWWplR0U3UEdSbFpuTStKaU40WVRzOGJHbHVaV0Z5UjNKaFpHbGxiblFnYVdROUluQmhhVzUwTUY5c2FXNWxZWEpmTVRVek5sOHlORE0xTnlJZ2VERTlJakFpSUhreFBTSXdMams1T1RrNU9TSWdlREk5SWpBdU9UazVPVGs1SWlCNU1qMGlMVFF1TnpZNE16ZGxMVEEzSWlCbmNtRmthV1Z1ZEZWdWFYUnpQU0oxYzJWeVUzQmhZMlZQYmxWelpTSStKaU40WVRzOGMzUnZjQ0J6ZEc5d0xXTnZiRzl5UFNJak1EVTFSalJGSWk4K0ppTjRZVHM4YzNSdmNDQnZabVp6WlhROUlqRWlJSE4wYjNBdFkyOXNiM0k5SWlNMU5rTXdRVGNpTHo0bUkzaGhPend2YkdsdVpXRnlSM0poWkdsbGJuUStKaU40WVRzOEwyUmxabk0rSmlONFlUczhMM04yWno0PTt2ZXJ0aWNhbExhYmVsUG9zaXRpb249Ym90dG9tO3ZlcnRpY2FsQWxpZ249dG9wO2lyLnN5bmNocm9uaXplZD0xO3N0cm9rZVdpZHRoPTE7IiBwYXJlbnQ9IjIzIiB2ZXJ0ZXg9IjEiIGlzVGh1bWI9IjAiPjxteEdlb21ldHJ5IHg9IjMwMCIgeT0iMTAxIiB3aWR0aD0iOTAiIGhlaWdodD0iOTAiIGFzPSJnZW9tZXRyeSIvPjwvbXhDZWxsPjxteENlbGwgaWQ9IjI5IiB2YWx1ZT0iQVdTIFdBRiAoV2ViIEFwcGxpY2F0aW9uIEZpcmV3YWxsKSAtPiBBV1MgRUMyIChFbGFzdGljIENvbXB1dGUgQ2xvdWQpIiBzdHlsZT0iaXIucmVmPWU0ZjZiZDE1LTFmYTctNDg2Zi1hMzRjLWNjMGQ0ZGNiNzY0ZjtlZGdlU3R5bGU9bm9uZTtjdXJ2ZWQ9MTtodG1sPTE7aXIuc3luY2hyb25pemVkPTE7c3Ryb2tlQ29sb3I9I0JGQkZCRjtzdHJva2VXaWR0aD0yO2VuZEFycm93PW9wZW47ZW5kRmlsbD0wO2VuZFNpemU9NDtzb3VyY2VQZXJpbWV0ZXJTcGFjaW5nPTk7IiBwYXJlbnQ9InRlbXBsYXRlLTEwMDQyMS1mYWM4OWY0MS01ZjRiLTQ5YjgtYjJiMS0yY2RiZjYxNjYzOWQtMTEiIHNvdXJjZT0iMjAiIHRhcmdldD0iMjQiIGVkZ2U9IjEiPjxteEdlb21ldHJ5IHJlbGF0aXZlPSIxIiBhcz0iZ2VvbWV0cnkiLz48L214Q2VsbD48bXhDZWxsIGlkPSIyNyIgdmFsdWU9IkFXUyBDbG91ZFRyYWlsIiBzdHlsZT0iaXIucmVmPTE0MjcxZTExLTU0YWQtNGY2OC1hYzdhLTA4MTY3ZTEwZTQ3Yjtyb3VuZGVkPTE7d2hpdGVTcGFjZT13cmFwO2h0bWw9MTthbGlnbj1jZW50ZXI7aW1hZ2VBbGlnbj1jZW50ZXI7aW1hZ2VXaWR0aD04MjtpbWFnZUhlaWdodD04MjthcmNTaXplPTkwO2Fic29sdXRlQXJjU2l6ZT0xO3N0cm9rZUNvbG9yPSMyMEM5RTM7ZmlsbENvbG9yPSNFM0ZDRkM7Zm9udENvbG9yPSMwMDg0QUQ7Zm9udFNpemU9MTI7c291cmNlPWlyaXVzcmlzaztpci50eXBlPUNPTVBPTkVOVDtpci5jb21wb25lbnREZWZpbml0aW9uLnJlZj1jbG91ZHRyYWlsO2ltYWdlPWRhdGE6aW1hZ2Uvc3ZnK3htbCxQSE4yWnlCNGJXeHVjejBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01DOXpkbWNpSUhkcFpIUm9QU0l4SWlCb1pXbG5hSFE5SWpFaUlIWnBaWGRDYjNnOUlqQWdNQ0F4SURFaUlHWnBiR3c5SW01dmJtVWlQaVlqZUdFN1BHMWhjMnNnYVdROUltMWhjMnN3SWlCdFlYTnJMWFI1Y0dVOUltRnNjR2hoSWlCdFlYTnJWVzVwZEhNOUluVnpaWEpUY0dGalpVOXVWWE5sSWlCNFBTSXdJaUI1UFNJd0lpQjNhV1IwYUQwaU1TSWdhR1ZwWjJoMFBTSXhJajRtSTNoaE96eGphWEpqYkdVZ1kzZzlJakF1TlNJZ1kzazlJakF1TlNJZ2NqMGlNQzQxSWlCbWFXeHNQU0ppYkdGamF5SXZQaVlqZUdFN1BDOXRZWE5yUGlZamVHRTdQR2NnYldGemF6MGlkWEpzS0NOdFlYTnJNQ2tpUGlZamVHRTdQR2NnWTJ4cGNDMXdZWFJvUFNKMWNtd29JMk5zYVhBd0tTSStKaU40WVRzOGNHRjBhQ0JrUFNKTk1TQXdTREJXTVVneFZqQmFJaUJtYVd4c1BTSjFjbXdvSTNCaGFXNTBNRjlzYVc1bFlYSXBJaTgrSmlONFlUczhjR0YwYUNCa1BTSk5NQzQzTXprNE16VWdNQzQwTmpZMk16bERNQzQzTXprM01UWWdNQzQwTlRBME1UUWdNQzQzTXpRMk5qVWdNQzQwTXpRMk1Ea2dNQzQzTWpVek5UUWdNQzQwTWpFek1qRkRNQzQzTVRZd05ETWdNQzQwTURnd016TWdNQzQzTURJNU1USWdNQzR6T1RjNE9TQXdMalk0Tnpjd01pQXdMak01TWpJek9VTXdMalkzTmpJd01pQXdMak00T0RReU5pQXdMalkyTXprMU1TQXdMak00TnpRMU15QXdMalkxTVRrNU15QXdMak00T1RRd00wTXdMalkwTURBek5pQXdMak01TVRNMU5DQXdMall5T0RjeU9DQXdMak01TmpFMk9TQXdMall4T1RBek5pQXdMalF3TXpRek9VTXdMall4TURNME1TQXdMak00TkRRNE5DQXdMalU1T0RNek1TQXdMak0yTnpJek5pQXdMalU0TXpVMk9TQXdMak0xTWpVd05rTXdMalUyTURrMk9TQXdMak15T1RJM05pQXdMalV6TVRneE55QXdMak14TXpRNU9DQXdMalV3TURBeElEQXVNekEzTWpjNVF6QXVORFk0TWpBeUlEQXVNekF4TURZeElEQXVORE0xTWpVMUlEQXVNekEwTmprNElEQXVOREExTlRjZ01DNHpNVGMzTURaRE1DNHpOemM1TVRjZ01DNHpNekExT1RnZ01DNHpOVFEwTXpVZ01DNHpOVEE1T1NBd0xqTXpOemM1TkNBd0xqTTNOalUyTkVNd0xqTXlNVEUxTkNBd0xqUXdNakV6TnlBd0xqTXhNakF5TWlBd0xqUXpNVGcyTnlBd0xqTXhNVFF6TnlBd0xqUTJNak0zTWxZd0xqUTJPVFUzTWtNd0xqSTVOVEl5TmlBd0xqUTNORFEyTWlBd0xqSTRNRE0ySURBdU5EZ3pNREU1SURBdU1qWTNPVGc1SURBdU5EazBOVGhETUM0eU5UVTJNVGtnTUM0MU1EWXhOREVnTUM0eU5EWXdOemNnTUM0MU1qQXpPVFVnTUM0eU5EQXhNRFFnTUM0MU16WXlNemxJTUM0eU5qa3hOME13TGpJM05USTROaUF3TGpVeU5EazRNU0F3TGpJNE16YzJPU0F3TGpVeE5URTRNaUF3TGpJNU5EQXpOU0F3TGpVd056VXhPRU13TGpNd05ETXdNU0F3TGpRNU9UZzFNeUF3TGpNeE5qRXdOU0F3TGpRNU5EVXdOQ0F3TGpNeU9EWXpOeUF3TGpRNU1UZ3pPVU13TGpNek1UVTNJREF1TkRreE1EZ3pJREF1TXpNME1UVTVJREF1TkRnNU16VWdNQzR6TXpVNU56Y2dNQzQwT0RZNU1qZERNQzR6TXpjM09UUWdNQzQwT0RRMU1ETWdNQzR6TXpnM016TWdNQzQwT0RFMU16TWdNQzR6TXpnMk16Y2dNQzQwTnpnMU1EVk1NQzR6TXpjMU55QXdMalEyTVRVM01rTXdMak16T0RNNU5DQXdMalF6TmpRM09TQXdMak0wTmpBM05TQXdMalF4TWpBNU1TQXdMak0xT1RjM09DQXdMak01TVRBMU5FTXdMak0zTXpRNE1TQXdMak0zTURBeE55QXdMak01TWpZNE5DQXdMak0xTXpFek5TQXdMalF4TlRNd015QXdMak0wTWpJek9VTXdMalEwTURFNU9DQXdMak16TVRNME1TQXdMalEyTnpneU9TQXdMak15T0RNeElEQXVORGswTkRrMElEQXVNek16TlRVelF6QXVOVEl4TVRZZ01DNHpNemczT1RVZ01DNDFORFUxT0RZZ01DNHpOVEl3TmpFZ01DNDFOalExTURNZ01DNHpOekUxTnpKRE1DNDFPREV4TkRrZ01DNHpPRGcwTWpnZ01DNDFPVE0zTXpVZ01DNDBNRGc0TlRZZ01DNDJNREV6TURNZ01DNDBNekV6TURWRE1DNDJNREl4TWpZZ01DNDBNek0xT0RJZ01DNDJNRE0xTlRRZ01DNDBNelUxT1RJZ01DNDJNRFUwTXpNZ01DNDBNemN4TVRsRE1DNDJNRGN6TVRJZ01DNDBNemcyTkRZZ01DNDJNRGsxTnpJZ01DNDBNemsyTXpJZ01DNDJNVEU1TmprZ01DNDBNems1TnpKRE1DNDJNVFF6TXpJZ01DNDBOREF6TURZZ01DNDJNVFkzTkRJZ01DNDBOQ0F3TGpZeE9EazBOeUF3TGpRek9UQTROa013TGpZeU1URTFNU0F3TGpRek9ERTNNU0F3TGpZeU16QTNJREF1TkRNMk5qZ3hJREF1TmpJME5UQXpJREF1TkRNME56Y3lRekF1TmpNd05UZzBJREF1TkRJMk5UVTFJREF1TmpNNU1UQTBJREF1TkRJd05EWTVJREF1TmpRNE9EUTVJREF1TkRFM016aERNQzQyTlRnMU9UUWdNQzQwTVRReU9USWdNQzQyTmprd05qVWdNQzQwTVRRek5Ua2dNQzQyTnpnM05qa2dNQzQwTVRjMU56SkRNQzQzTURBM05qa2dNQzQwTWpRNU1EVWdNQzQzTVRNek1ESWdNQzQwTkRZek56SWdNQzQzTVRNek1ESWdNQzQwTnpVME16bERNQzQzTVRJM05qSWdNQzQwTnpnNU1ERWdNQzQzTVRNMk1EWWdNQzQwT0RJME16WWdNQzQzTVRVMk5USWdNQzQwT0RVeU9ERkRNQzQzTVRjMk9UZ2dNQzQwT0RneE1qVWdNQzQzTWpBM09ERWdNQzQwT1RBd05TQXdMamN5TkRJek5pQXdMalE1TURZek9VTXdMamMwT0RjMk9TQXdMalE1TkRrd05TQXdMamd3TmpFd01pQXdMalV4TVRrM01pQXdMamd3TmpFd01pQXdMalUzT1RrM01rTXdMamd3TmpFd01pQXdMalkyTVRFM01TQXdMamN5TmpFd01pQXdMalkyT1Rjd05TQXdMamN5TXpjd01pQXdMalkyT1RrM01VZ3dMalEwTnpBek5sWXdMalk1TmpZek9FZ3dMamN5TlRRek5rTXdMamMyTWpjMk9TQXdMalk1TXpNd05TQXdMamd6TXpFMk9DQXdMalkyTkRZek9DQXdMamd6TXpFMk9DQXdMalUzT1RrM01rTXdMamd6TXpFMk9DQXdMalV4TWpNM01pQXdMamM0TmpjMk9TQXdMalEzTnpVM01pQXdMamN6T1Rnek5TQXdMalEyTmpZek9WcE5NQzR4T1RNeE55QXdMalk1TmpZek9FZ3dMakUyTmpVd05GWXdMalkyT1RrM01VZ3dMakU1TXpFM1ZqQXVOamsyTmpNNFdrMHdMak14TXpFM0lEQXVOamsyTmpNNFNEQXVNakU1T0RNM1ZqQXVOalk1T1RjeFNEQXVNekV6TVRkV01DNDJPVFkyTXpoYVRUQXVOREU1T0RNMklEQXVOamsyTmpNNFNEQXVNek01T0RNM1ZqQXVOalk1T1RjeFNEQXVOREU1T0RNMlZqQXVOamsyTmpNNFdrMHdMakk1T1Rnek55QXdMalkwTXpNd05VZ3dMakUzT1Rnek4xWXdMall4TmpZek9FZ3dMakk1T1Rnek4xWXdMalkwTXpNd05WcE5NQzQxTlRNeE5qa2dNQzQyTkRNek1EVklNQzR6T1RNeE4xWXdMall4TmpZek9FZ3dMalUxTXpFMk9WWXdMalkwTXpNd05WcE5NQzQwTVRrNE16WWdNQzQxT0RrNU56SklNQzR6TXprNE16ZFdNQzQxTmpNek1EVklNQzQwTVRrNE16WldNQzQxT0RrNU56SmFUVEF1TXpFek1UY2dNQzQxT0RrNU56SklNQzR5TURZMU1EUldNQzQxTmpNek1EVklNQzR6TVRNeE4xWXdMalU0T1RrM01scE5NQzR6TmpZMU1ETWdNQzQyTkRNek1EVklNQzR6TWpZMU1ETldNQzQyTVRZMk16aElNQzR6TmpZMU1ETldNQzQyTkRNek1EVmFJaUJtYVd4c1BTSjNhR2wwWlNJdlBpWWplR0U3UEM5blBpWWplR0U3UEM5blBpWWplR0U3UEdSbFpuTStKaU40WVRzOGJHbHVaV0Z5UjNKaFpHbGxiblFnYVdROUluQmhhVzUwTUY5c2FXNWxZWElpSUhneFBTSXRNQzR5TURjd05qY2lJSGt4UFNJeExqSXdOekEzSWlCNE1qMGlNUzR5TURjd055SWdlVEk5SWkwd0xqSXdOekEyTnlJZ1ozSmhaR2xsYm5SVmJtbDBjejBpZFhObGNsTndZV05sVDI1VmMyVWlQaVlqZUdFN1BITjBiM0FnYzNSdmNDMWpiMnh2Y2owaUkwSXdNRGcwUkNJdlBpWWplR0U3UEhOMGIzQWdiMlptYzJWMFBTSXhJaUJ6ZEc5d0xXTnZiRzl5UFNJalJrWTBSamhDSWk4K0ppTjRZVHM4TDJ4cGJtVmhja2R5WVdScFpXNTBQaVlqZUdFN1BHTnNhWEJRWVhSb0lHbGtQU0pqYkdsd01DSStKaU40WVRzOGNtVmpkQ0IzYVdSMGFEMGlNU0lnYUdWcFoyaDBQU0l4SWlCbWFXeHNQU0ozYUdsMFpTSXZQaVlqZUdFN1BDOWpiR2x3VUdGMGFENG1JM2hoT3p3dlpHVm1jejRtSTNoaE96d3ZjM1puUGc9PTt2ZXJ0aWNhbExhYmVsUG9zaXRpb249Ym90dG9tO3ZlcnRpY2FsQWxpZ249dG9wO2lyLnN5bmNocm9uaXplZD0xO3N0cm9rZVdpZHRoPTE7IiBwYXJlbnQ9InRlbXBsYXRlLTEwMDQyMS1mYWM4OWY0MS01ZjRiLTQ5YjgtYjJiMS0yY2RiZjYxNjYzOWQtMTEiIHZlcnRleD0iMSIgaXNUaHVtYj0iMCI+PG14R2VvbWV0cnkgeD0iMjUiIHk9IjMxNCIgd2lkdGg9IjkwIiBoZWlnaHQ9IjkwIiBhcz0iZ2VvbWV0cnkiLz48L214Q2VsbD48bXhDZWxsIGlkPSIxMCIgdmFsdWU9IlRydXN0ZWQgUGFydG5lciIgc3R5bGU9ImlyLnJlZj01MzEzMTVhNy00MWEyLTQwZWQtYWI4Ny0yMmMzYTRjM2M3ZmY7cm91bmRlZD0xO3doaXRlU3BhY2U9d3JhcDtyZWN1cnNpdmVSZXNpemU9MDtodG1sPTE7dmVydGljYWxBbGlnbj10b3A7YWxpZ249bGVmdDtkYXNoZWQ9MTtzdHJva2VXaWR0aD0xO2FyY1NpemU9MzthYnNvbHV0ZUFyY1NpemU9MTtzcGFjaW5nVG9wPTE7c3BhY2luZ0xlZnQ9MzI7c3Ryb2tlQ29sb3I9Izc1NzVFQjtmaWxsQ29sb3I9I0YwRjBGRjtmaWxsT3BhY2l0eT0zMDtmb250Q29sb3I9IzU2NTFFMDtjb25uZWN0YWJsZT0wO2NvbnRhaW5lcj0xO3NvdXJjZT1pcml1c3Jpc2s7aXIudHlwZT1UUlVTVFpPTkU7IiBwYXJlbnQ9IjEiIHZlcnRleD0iMSIgaXNUaHVtYj0iMCI+PG14R2VvbWV0cnkgeD0iLTg1NSIgeT0iMTg2IiB3aWR0aD0iMzE2IiBoZWlnaHQ9IjQ5NiIgYXM9Imdlb21ldHJ5Ii8+PC9teENlbGw+PG9iamVjdCBsYWJlbD0iT3V0IE9mIFNjb3BlIiBpci5zb3VyY2VTdHlsZT0icm91bmRlZD0xO3doaXRlU3BhY2U9d3JhcDtodG1sPTE7YWxpZ249Y2VudGVyO2ltYWdlQWxpZ249Y2VudGVyO2ltYWdlV2lkdGg9ODI7aW1hZ2VIZWlnaHQ9ODI7YXJjU2l6ZT05MDthYnNvbHV0ZUFyY1NpemU9MTtzdHJva2VDb2xvcj0jMjBDOUUzO2ZvbnRTaXplPTEyO3NvdXJjZT1pcml1c3Jpc2s7aW1hZ2U9ZGF0YTppbWFnZS9zdmcreG1sLFBITjJaeUI0Yld4dWN6MGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM5emRtY2lJSGRwWkhSb1BTSTJOQ0lnYUdWcFoyaDBQU0kyTkNJZ2RtbGxkMEp2ZUQwaU1DQXdJRFkwSURZMElpQm1hV3hzUFNKdWIyNWxJajRtSTNoaE96eHpkSGxzWlQ0bUkzaGhPeUFnSUNBdWFXTnZiaTFtYVd4c0lIc21JM2hoT3lBZ0lDQWdJQ0FnWm1sc2JEb2dJekV4UVRoRFJqc21JM2hoT3lBZ0lDQjlKaU40WVRzOEwzTjBlV3hsUGlZamVHRTdQSEJoZEdnZ1pEMGlUVE14TGprNU9UZ2dPUzQxT1RZNU1rTXpPQzR3TXpRZ09TNDFPVFk1TWlBME15NDFNVEVnTVRFdU9UZ3lOaUEwTnk0MU16a3hJREUxTGpnMk1qRkRORGN1TmpVMElERTFMamswTVRjZ05EY3VOell6TVNBeE5pNHdNekkxSURRM0xqZzJOVElnTVRZdU1UTTBOa00wTnk0NU5qY3pJREUyTGpJek5qY2dORGd1TURVNE1TQXhOaTR6TkRVNElEUTRMakV6TnpZZ01UWXVORFl3TlVNMU1pNHdNVGN6SURJd0xqUTRPRGtnTlRRdU5EQXlPU0F5TlM0NU5qVTVJRFUwTGpRd01qa2dNekpETlRRdU5EQXlPU0EwTkM0ek56TWdORFF1TXpjeU55QTFOQzQwTURNeUlETXhMams1T1RnZ05UUXVOREF6TWtNeE9TNDJNalk1SURVMExqUXdNeklnT1M0MU9UWTJPQ0EwTkM0ek56TWdPUzQxT1RZMk9DQXpNa001TGpVNU5qWTRJREU1TGpZeU56RWdNVGt1TmpJMk9TQTVMalU1TmpreUlETXhMams1T1RnZ09TNDFPVFk1TWxwTk5EWXVNRFl6SURJeExqSTNNalpNTWpFdU1qY3lOQ0EwTmk0d05qTXlRekkwTGpJME56a2dORGd1TXpNMk5DQXlOeTQ1TmpZeUlEUTVMalk0TmpjZ016RXVPVGs1T0NBME9TNDJPRFkzUXpReExqYzJOemtnTkRrdU5qZzJOeUEwT1M0Mk9EWTFJRFF4TGpjMk9ERWdORGt1TmpnMk5TQXpNa00wT1M0Mk9EWTFJREk0TGpFeU56Z2dORGd1TkRReU1TQXlOQzQxTkRZeElEUTJMak16TVRNZ01qRXVOak16TWt3ME5pNHdOak1nTWpFdU1qY3lObHBOTXpFdU9UazVPQ0F4TkM0ek1UTTBRekl5TGpJek1UY2dNVFF1TXpFek5DQXhOQzR6TVRNeElESXlMakl6TWlBeE5DNHpNVE14SURNeVF6RTBMak14TXpFZ016WXVNRE16TnlBeE5TNDJOak0wSURNNUxqYzFNaUF4Tnk0NU16WTJJRFF5TGpjeU56Vk1OREl1TnpJM01pQXhOeTQ1TXpZNVF6TTVMamMxTVRjZ01UVXVOall6TnlBek5pNHdNek0wSURFMExqTXhNelFnTXpFdU9UazVPQ0F4TkM0ek1UTTBXaUlnWTJ4aGMzTTlJbWxqYjI0dFptbHNiQ0l2UGlZamVHRTdQQzl6ZG1jKzt2ZXJ0aWNhbExhYmVsUG9zaXRpb249Ym90dG9tO3ZlcnRpY2FsQWxpZ249dG9wO3N0cm9rZVdpZHRoPTE7IiBpZD0iNTciPjxteENlbGwgc3R5bGU9ImlyLnJlZj1jZjI2MDcwZi1hZDhhLTQ5MWItYTViYy05ZDY0MDY0OTk2Y2Y7cm91bmRlZD0xO3doaXRlU3BhY2U9d3JhcDtodG1sPTE7YWxpZ249bGVmdDtpbWFnZUFsaWduPWNlbnRlcjtpbWFnZVdpZHRoPTgyO2ltYWdlSGVpZ2h0PTgyO2FyY1NpemU9MzthYnNvbHV0ZUFyY1NpemU9MTtzdHJva2VDb2xvcj0jMjBDOUUzO2ZpbGxDb2xvcj0jRTNGQ0ZDO2ZvbnRDb2xvcj0jMDA4NEFEO2ZvbnRTaXplPTEzO3NvdXJjZT1jdXN0b207aXIudHlwZT1DT01QT05FTlQ7aXIuY29tcG9uZW50RGVmaW5pdGlvbi5yZWY9b3V0LW9mLXNjb3BlO3ZlcnRpY2FsQWxpZ249dG9wO2lyLnN5bmNocm9uaXplZD0xO3N0cm9rZVdpZHRoPTE7Y29udGFpbmVyPTE7cGVyaW1ldGVyPXJlY3RhbmdsZVBlcmltZXRlcjtyZWN1cnNpdmVSZXNpemU9MDt0ZXh0RGlyZWN0aW9uPWx0cjtzcGFjaW5nVG9wPTE7c3BhY2luZ0xlZnQ9MzI7IiBwYXJlbnQ9IjEwIiB2ZXJ0ZXg9IjEiIGlzVGh1bWI9IjAiPjxteEdlb21ldHJ5IHg9IjI3IiB5PSIxOTAiIHdpZHRoPSIyNTIiIGhlaWdodD0iMjQ0IiBhcz0iZ2VvbWV0cnkiLz48L214Q2VsbD48L29iamVjdD48bXhDZWxsIGlkPSIzMiIgdmFsdWU9ImlPUyBBcHAgU3RvcmUiIHN0eWxlPSJpci5yZWY9MGY3MDZlZWYtMWI3My00NzMxLThlMDctNTMwYTdmOWY1NzMwO3JvdW5kZWQ9MTt3aGl0ZVNwYWNlPXdyYXA7aHRtbD0xO2FsaWduPWNlbnRlcjtpbWFnZUFsaWduPWNlbnRlcjtpbWFnZVdpZHRoPTgyO2ltYWdlSGVpZ2h0PTgyO2FyY1NpemU9OTA7YWJzb2x1dGVBcmNTaXplPTE7c3Ryb2tlQ29sb3I9IzIwQzlFMztmaWxsQ29sb3I9I0ZGMzMzMztmb250Q29sb3I9IzAwODRBRDtmb250U2l6ZT0xMjtzb3VyY2U9aXJpdXNyaXNrO2lyLnR5cGU9Q09NUE9ORU5UO2lyLmNvbXBvbmVudERlZmluaXRpb24ucmVmPWlvcy1hcHAtc3RvcmU7aW1hZ2U9ZGF0YTppbWFnZS9wbmcsaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQU1nQUFBRElDQVlBQUFDdFdLNmVBQUFyY2tsRVFWUjQydTE5Q1hnVTE1V3Vac1kyR0xRdlNPcXFrdlV5ZmhrU3M3MFhKM0Ztdk1YT2ZKN0pNbmFTZVIvZlBETFA4NTZUNTh4a0Vvd2RHMk5oSkNNV3NSaUJNV1kxTW1CQWlFV0FFRUpzd29BUmZtRGpoRGpZSmpaZ2JCT01iYUhlcXF1cXBmUE9yVzVKclZLdDNiZGIzZXA3disvL3FxdnFydWVjLzU1emErdU1ESmJpbGdDZ0VIRW40bUZFWlJpMWlMb3cyc0k0ZzdpZ3dhbnd1UU1SK1JlRTY2aEFURUxjZ2NobGttWXBhZE85YlRCODNDa1lNL1pVOE1HeHA3dW1qbjh6V0RmdVRhVjkzSnZCRHR3Q2JzTlFJclphQkhYT0JYVmdtUGNhNHRpNDA4SGw0MDkzUFRIbWRQQUhZMDlMb3pQYTRBYW1JWllTbXNyUFFLN3JaUEJCVjN0d0tkZXVuSFdkVkNDSm9iaE9kcDNCN2R6U041UUhpdG9nazJtUUphcUpHQlV4TGpTeUJZZ3ovUXl3UFl4NEduazdiY0lvN2FVbmxXcStYYm0zSEwwZjB6QkxqaFAzdWp5aHRGMnBSdU5zUnlpOVJCaDZFSEdjYmVnSksvZ1RnVnVaNWxreUpzVko0TG1UeWhPcWx4aTZoTERDTWU2RS9LanJOQlF5aTJBcGc0UVlwZTNCU2E0VFNndENRVURLb1QwdTlZcWxKNVN0cnRlREQ3S0ZmanA2aXhQSy9hajhPalFFVDBxU0lwRjRYYm5tT2hGY3loMlg3MkNXTTVRVHpvU2x4OUZidkk0aDFPdXE0cE1iSjVLdkRmUXFiYXBYWVdsb0VZTTdIbndZRlhzK0pZaVJHampEaURJVTFoY241TW1vek12TW9PT0djMlR5WWV1VTFDSkdidWt4Sk1aeDVRb0NHQklCOU03SDVVZllmWlVrVDBSSnFMQU9ackNEaEdQRVc3UFFLK2xTNlhINWRsUk9Pd0lZa2dJdDdNWmprb1JUcnFQQnBhZ1FoUmxsMGtGRVZMS3dhOUM4Um5BU0t1QUtNOFFreDlIZytkS2p5Z1BNWWhPMXptaVRScnVPS3NjUXdKQlNhT1RhZ0djV0hFOXlIRk9tb3FBVlptd3BDdy8zV3ZCaFpzblV2UVlVb25CYlhLK2hrQmxTSDBlQ2RlemRGR3JrVU81RW9WNW1oalcwd0wybW5DMXVrOFl3QzQrRkhLOWhTUFVhaGxUTW9JWXFXTWdWZFVoMUJFT3FJOFFkeHd0eUF1cVU0OUEvT1FFeWtDRytzaC9RSGd1NUhJVlVSekNraWtwcHN1YTMzcjVza0RjYXczRGFoaHlGOGNvNnYyVVRNdEtXVXlMYWtJRTd3a0l1TzVkd0o3cmFaQVVCREdrSkQ5K20zTXVZb0hmanIwMmV6QXlFZ1V5UXBZZWxuekpHOVBjY0MxVGhISTRRMU9HSTdXSE5NVHV3VTlkaEcyMloxYU9GazNxZGpPT3d3YmpzanUyd2pmb1BtL1RUcm56YUxPclFrNTkrR1lWTW1Jd1piWENENjVCY1oyaHdER21OMGphcE9tMjVRYTVhdUE0cGphb3dEa1VJNWxDU3drbi9Ec2V4M2NNMjJ6MmNZTGtjcHR4dXVKN1NRL0x5dEhzaFMzMEs5N0I4TEduSndKQlVLRDJrYkUyYnA0TFZleHlINUhQcTRBOUdDT0tnaGFBT0d1UTdhSkpmcjh4QkczVWVjbmhjMjlaQkcrUFJLK3NVUm0zRlVtYzBmYkRieDRNT3loNGM0RkdPRFhtU3FHSFZRZlFjQjNVRXg4QmdnZEtEeXRhaEcyNlJCZmxCcVlrcG1pRW1raHpBTmNsUVROeEJlWVByQUE2U2dTRkdsQjRZWWxlM3VBTnlMUTNCY0NtaVFNNW1IbzRaZS9RazJUOUU3cE9RZ2JqMjQ2QVlFZ0l1eGRybm9qK3ZvQ2RKN1R2dXBhM1NwR1JUWUNJTWpaVEZpUUdLVzJVWTFScmFsclRTNjFOcHVON0l1a3VUUkxheEVDU0svaXY4Z1JSOWRvdmJyOXpQdGNxS2l4aEcyRGk0SGlOcDFRaWxWU09nVmdQQnRZYnIwTllaYVh5UmRiY08zT2MwYlhGNnZ5UGFpV3lQYTQzb2IvZzNGMUUvajhodmtTR3pXWVk4M0g0RkY1VmZiMVBncnc4cVVCZytUczV6ZWtiUzJyOWVsNDVjQ3ZyVnJjQnRhdDF5cU80OVdQZmUvbVBSams5WFJ2czFZMmsxTU9CV1RYOGlaZEk2Y0F3RHhxSnRYMGVQaGdUUmswc2ZQTVd0S2ZZVWNGRXpsTGhhcFN0Y2hBQUhDRTVubjdQNGJYWE9xRDY5ZHJWMWNBWjFjemI2M0hQOHh0MW91QmdmTC8yd0N5NzZ1cUVua1YrZmlBRHJQdXFDcjZKQjM5U0VNLzQrODNGbzZ4N1dGQ0xnaTJyZEFGMTkxY09WY04xZlB5ekREYnNIMXUweXFadXpNVGJPUkI2Y3d6Sm00RXhrNFRMcE0yN1Bwczc3Sk9SeWJxdDhnSE1vYUx0Q05oQ1FiV09uRFo2RU9QdENSbDl6UGdnZE1waW1UZ1ZneVFkQmRiWXZickdXQzZrN0M3MUQxYnZXZGJ1eDdsVVhnM0FUa3FSNG43Myt1MndRZ0xOQkxMczY1R3pXYmFmZGZ2djc1THJVdUZQZXFsUzY5cWtkamdrdWkyTTAyb2dWUEtLVWhEZElqZzA0Z3dlN3dYYXF2OXdGaFVpU2toYmora25kaEJ3ckxnVDdlUXl6UlBMdHU5b05lYzE5ZFNlRHJEaUh1bk5GbytkV09ibGYzK1ZhY04yeFQxYTRKRk5JUEVISU1mV2RJRVNUbHFIaDM3eGJVb25tMGlIZjhGMFN6SHczdXJwci94U0U3RDNKUjQ0NHd5TWs2M3Frbkt3N1duRGRRV2F0bElka0sxOHhlb0FKaDJRUW83TmhDSFFCL095MEF0bE5BK3ZPeFdQZlBhYW9ZVk0waVhpeis0NHFVTkE4RlBUaEFIdVRjVDFDL3FTbUJkY2R1Z1ltNmV6cm5aTTBrRTIyUnZWSUJnWXVtUmkvWkZDSFdmOUR5R3FTWU01N1ViSWpuRDcyZDhOZk5VcFFzcmQvM3pOMlNQQ0h6dTZZNnQ2TVlWeG0yRVBwajFlMnFTZlpRa2VTZ1N6dDZNbU9yaVNUU1V1M3o4bTFIa0hQVWNrUkJTY01NaVMydllGd0lYS1JJS2Uvak0ySVNlbjU3d2NoYTNkb1hLUmVZdFNQbmxGc3J6dU0wbnVlYnJnRnlWRVNUMW0wSkZyMnNqMGJhRW1TOVlqUUxOK09IVklHMjJBVGplSTlFdnpOZmhtdUJtSzA0bkNvTmZhZ0RBVklqRUtzOXhhczMrcUtsWjFFNnZoMm13ejVTR1EremZTRDhIQjcvZnpnWDlMZEs1M2ltaU02MWh3QmJhZWJkZkkwRzVUVDJ6Y3FxM2U4MmFRZHZUN1o2VjlFdmlJMDVHL2krc090eEU0UWtyWiszQVhaTzlGN1lMaTE5bUlYbFRwOUdQMTk3eGl1WjNhRkNhSWRuNUZ1OWthaG43MDI5TGJYd0NhYzJJVlJXUjNnbUJzSDk2cFZzL3lvTGNNY2dpakdXZmxyclRKOEtWR3haWFZSL1E5SFpMaGpuNFNMZmpxazgrSUMvenZFZzVCMVNKcnFTZGdUR0p5L1huQTFRU0Yyb0NOZENlSkNENUszTy9hRmRHUnEvNklMOXYyWlhuMlhmTjFxdUZheUp6MTFwR0tQZEg1UTNrVEVodXU0UFdvSDBoWWpNQnlxZlQ4SXlabzJYOExGUDRadGZKcnJ5ZFVzVlNiWWV5aDNjaGhpcEJWNkJCNXhiQlI2a0R0d0hTSjFKUjg1U0plK2ordVBnbDJhZnV1TUl3MGc4cnNTOVorSjVKNUhrM1EyN1FoaWdHejBJcHMvU2o2R0hMemFCWVZJanRMZFRFY0VydDFTUzBMNHdUY0ZKak9CaDhBajhqR0VtYkJmQnFVN2VjaEJ1bkxmRVFYeUcwTjlaTHJxSlVsOC82SzZ2Tmxid3UyV1BCeVpsUmhVOElqaFd5VllkajU1dkVqTGxTNFl0aTNBOUtQRkx1bHlYQmZzMkVBMUUvUkFGR01vazd0ZGdrL0Z3U2NIdWV4TStsUzBrK2xGRDY3ZDhpUHg4UjZOa0lzRTZlQjJxVXhrMENCN213UlB2SzBNYXFoRm1sNXdMZ2laMjNwblRJYUJPQitYYjJ1NWRrbVZUTGpHY09HTVBhSkJndmJQQjQ4aDc3cTdvV2lIQkNVN21UN01RZms1TFJLM2NUdkQzbU5uQkhvYWpOemZxWE5NRHp0MTlzM0s3dFJwMjZoZG8zWjJHdFJqMUNlejhwbzhBZ216Y09iK3A2TUt5SU93SENFUE52N3lsQUlqdDRiNllrdEdabnJjWlNMdm5RN3J0Wkw5VGdOWjc0cENYL1pzOUJ6ZEsxZTdBcE4xQjhqUUR6eGkyQllKdGd6Q1pkL2oxN3BnWkVPb0Qwd1gxcUIyUmF1OERvWmorSEJGcmJqUm9FR254NjN5TlRvWWJLUG1kNk9EZWhwTnlwbU5xZEg0V0Q0dTF2L2JYZ2s4Q1Z5TWtLYnVPeVJEM2phTHNUYWF5THZSZW15bXNtMjBrSnVWM25ZNnNLRkdLclp6aG83M2FFVHYwYWdqUkFaRFpPTk1YblZXU1JoQlZwMFBxbTB5MlR1RGEwZXNYb1RjTlcrVXpuTTc0dHpaSGNrc3lJRGpNc1hvUlVweFROY0M4ZmNpUHVUaHJlU3lMcmJKSjFvMk8xSkUvNGIxeTIyeFhibmFMazFVSys5RklBekpBZlRLQkJ6bU44dHJWbDgwZlhXYVQvOTNia01BL3VkeEdZTGQ4VjJZUC9XV0RObGJBaFRHYmxmT2dSanRJVkd3MmEvdC9qdWl2ekc0STlEVUo0U2hBQ2xoNVYzYkE1Q3hNUUJ2ZlJrL2huemc2WWFiNndOUXNqMlZaSmhjL2VLM0I1WkcrY1N1dTVEYkhsQTRJbndHeDBEQlF3SE83UGZzbDlVWGwyZ25jaW41WDQ3aHdydysxQmFUZWRTNEZ0V05RMzRiTHM2WjhHSWpDYzVRTjZJWGVmazgvWGRHV2o3cGdtRWJRMjB3V2NlR3FCYnJybTNpS1k0ODhNWVFFN0kyQitDQkF6SW9GRytOWEpjQTdtbVZvUURYT1R5VGNlellHdGpxN0VzbE82UXhUSEN4ZzRRK043MGFnRzJYNk40NFhQekhvT285bUl5cFFYUnRjaGM2OFI1emtWWEFFRDE0UkM1Nmp4OGVscWsrZXRJaGRjTlhNS3dxMmhKcWc4bWFHaDYxZi9WcWErQXlFMWhzS01YdzU0YjFBZmhEQjkycldMODRJVVB1cHY1RVpQS21nbU0yeVNIZXo2RnlvOExXS01zbFd4c1VrSTFHL0o5djBMMFA4dTcxYmloQXIxUkN2RWU0blpHdmlsQllueG95aVZxM0NkSTV5dFQ2dlhYWGxzRHFJU0hzUVFJeFhHS3daYWpVNnpJOWRnU0NBUCs0WDFhSlI5cHhJWEp3SGZKTDlDamYzQ05CL3FZKzBqQkVDNm5DMm9NMEJDNXc1TTdzbG5DaHlOOE5Pc2ZOMEdEaldJT04zMDd5T2UxZmc0TyttL1VuWWo4VEYrWnJLSDhPYU4vSFhmQVhhMFZ3aGR2TFJYSjhhM2ZvcTNYMUh3WWhDOXQwbWVtcHdZWWVuT3BYVzlacHVTMDJkTnhnTG12TGNXMXhZRWNOQWZOSFQwbzJpK1V4RFRETndTUHkwSEMvalRPNlFuVmhEbkFiZWNZTFBaT0Fpc3hEYjNITFZnbis3Ty96VUQ4NktFUE9xMHdITVVJa1Q2OGJlNDh0NHNOY2ZVU0IrakNNOXJkWW5LL1h3RWtac3phMldPelhhODZabGQ5aWt0Y3NqOEU0UitMQ3ZPVXkzY3U2TDd5andMQjFJcFNTOVFlMk1XSmRBTFpydnQ5Nyt2TXVsWnl1ZXB0amNxSURQVDBhMVZsdllZVDFGcnF5VTNlOVNWdDJ4MlV3RG42emFQeXZ1ZHhtYWNNQVlURFlBdkVlMlJzQzhHOUg1WmovdGlBeW5YZDNReG5XWGZCcVh4di85N2ordSs5UGtUY0trYUE4MDBmMDJDeFdHeS9RNndOWG1KQ2lBNW5kYzlCNGYwLzU0Y1JmSEpjaGMzM0lNNUEyY3JHTmR3emErREJNcGxHYm1ENmloOVN1VDQ1TjBtaHVNMkVRUXpUSXdyQ242aTI2VHlXKzhWazM1RzhJRWNPRkdGNG53dFJUNW4rc3MrSWNlcEYxVEI4eFFDbHEwUGtMTjI1VDRGRW1uT2hRaUxGL0FScnk1NVJma0xvVEYvdkVLNUUyaWpERUdvWUV1ZVF4WDk5NFpJQ3ZiSkZVWWpIZFJBZGhvODVmSm5DYnhNMGNjYzBNam5Fekd1NjY5NE5Ba3g2N0x3VWg4eFVSWE9UK0JpSVB3Nng3a1RBQkcxZVBUMTd0Z2hGMTZIVTJoc295SFRtRGE1TTRWOCtEZEREaE9JTnF1QmpPM05Va1VTVUg4VVQ4SmhFS04vUVpPQ0hMcW5QMlE3aWZIRUR2czQ0UkpFcjAvNkREaEVheG5DTlBoMjRNWjdENnJVTHN2NjlXTEViOERnejhUYU1OVytYMElBNnNMeHBFempRWTl1U2g0Ylo5UXUreXJ2cW5ubS9qT21KdFgxK0pKOGhmTDhJblh2czBQUHRsRjVSc0VLSGtWUjBETUpQYkpwdnkzR1FpNTAxRzhyZVdhV2hmdEtsYmtiSWQ5SjVUK3IxRU5YNWI0SUgrR1NJckVTbUNkbjJEQnpJeloyRm85YitQeUZUWEhlYzZ1cUVJdzZtU1Y4UHRJRWFob2QrMkxlQzRybWR3UVorNWx0UVJMN2tIaHF6ZXgyNlRSdmNTWk95MndLODRvaEFHMnlqRkdiMEVRNkNMYnJvTDgwZGVrOEpHSFdxSGJQUFhpZkNUVmltcVVPMnI5YmpBWDhmMDVSUmpHZ0kvNkNOSVEyQXBFNG9ENEl3K2JJMGZReUc2ejF1OTlpa3V6RjlHVW1qYXl5R1hkMDlHZHdsNTNYdEJ1R2tOMDVsamdtd05QTkZMa0hFTmdSYWlkQVo3SURQeWJRMEIrTXhQejN1SXlMWDdtM0JOVXpld1BYSnMyUitpSTRoYjdvYTdkd2VnY0IzVG14T00yeHBZSGtFUThUSVRpbjNjc0VxRUhSZm9lbzhWN3lpcTk5QnJMd2REcm0wZkJHUHdURjF3RS9iWnRaN3B6alpCR3NUUUMxUW92OHh4NUVFdElqd0dTeEJqL2R2R2dQcEZRNXJ2ZXZ3WFhNZ1dvYWZnZGRyTXdoQnBmd3dmeEphdy9uL0dOVXh1RHdHWkhpMHhybDY4MWtPUUNZd2c5bENLWVVyV2FoRStwUGpmNktTbXljZGx5RjVqYkx6WjJHWnJqRitNL3hJWDdQbEk3bEd2TUQzYUlzZ1c5YXBoTGlISVJKVWdKRVpsTUVVbUd1b3YydWhlMW4zdmVqZU13UENuNUJYOU52bDFJUSt5OVlQWVE3cHBKMlYxREV5WDFnZ1Q1QTVDa0FwR0VITVFJeDJGNGM4dHVQM1VTL2MxMmtrSFpNaXhNRm9TR2kzK1hld3hYYWNFTUw0K0FBVXZoOGJFZEd0SmtFbUVJS3NaUWF3eFlxVUlTMzVIOTJuZDVvdEJHTDRDNjMvRmdpRG9RVWdZUmlPOStwNENtU3V0MjJRRVVRbFNRUWhTTjQ0OEIvK0t5R0NBZkRUUU83WUdvSVBpMDdwKzlCNTM3d2pQNWladGszTWt6L2ViSkNydFNyaVVJWFhscm1aNk5RUGhCS1pLUXBDdDR6WWJFS1JPczlVZXE3T1I1eFdkMzY4NFBGOW4wTFpWMzE2eGFOTkdHUUh4Vjh0RTJIdVI3bVhkbDg3S01IeTV2NzhjRFdSYmpJdnJyMjRJVUd2NzFGWDBYQzhaRU5PdTNPekNTbWRPMnFtejBVY2p1Nml6WVFNRENiS0FFS1JOSlloV1VRd3E4bkFCL2VObVNaMTVhYVVydm03NHl2b0FGQkh2WWFNUExrUXU5dU5QMStsMGdueXI2NWR0TW1TdnROZCtPb0p3Z2tSWGZRUWhUNCt1RFdlSS9GMm5PYWFYendoMU9uWG8vYWJSeGxxTDhuWE95NWFnQWQvNGtoL09mazczSXd6L2pzWkpESDVBK3laOXpNYjh0Vy9UV3dPUjEzTUxNWFFzWGhNbWliWVBlbnF6b3g4N09yUFNVNTFETzdUU3YxRjlKblZFRXVUOHVFMEI1NE5LQStUZ0RQdllVYnBmUjN6bkN6Uk1qUDlMWDNiV2wzd2t5SGR3SGVTbnhCSHkydTY4TnhYSVdjSDByQWZDQ1V3SENFRXVNSUlNQkRGaUFiZHVpZTVsM2U5dUQ2akc3clEveEpzTlgrYUg4OWZwOVllRWpiZTlLa0xCS3FadkE0SzBFWUpjRzBlZTF5Y3pHb01LZmkweFJoK3NPMGQzWVg3b2NoZjh4UXQrY0VYWnA1dVJJTk5lbDZtK3ZkaDhJUWdqc0Y2bTkvNGduQ0RYTXdoQm9JOGdURkE4SW4rRkgrN2VKbEw5MjRMUHhXNFlTejQwdlNyVVJqUjljNjN4UTlFcVAzeEEwWXVRVU9zbnpSTGtMdmZiNkpjLzRicUl2cnlmQmtFdWhBaENYc3hCNFhQa2VTQjFxd2RSODFzME9PNDMzSGZlaHQ5eEcvcjdabTBPUkJiT3FFMGYwdlVlaTg4b01QSWxJZ014b2svMitzVkhqQ1hycFpBWG9mcDVvVDkzUWRGS1A1U3UxdXFvYjhzYnl0ZHUzKzNxM3E1K3Jmb2gyc3lycndmQ0NSMkNtQTNPV2hDOEkyRTVxOTlKZWExU2VKdDFFdVBOUmdQOHQxWUp1bWwrSGJHakc4cHhWaXBlWlQxdTNvSWdMalRpUWpUbVUxZnBYbG1iZGx5R2tjdk1KakhSbHQ0RzZzZ1pvV0t4aitqS2k3cGx4b2NJY2xrbHlIanlGQ21aUFJCRzI1N2ZSdUIxd0JtVTE4dG4xSVpSUFhwMTZ2M1dHd2R2VUo4TERUZ0hDZkxITHlpL1JudEFVcjJTT29sWXlNNVNsbXRDZmZ4cGswVDFFNmVYT3J2VitvdFhXc3VTdDJFRFJ1WHQ2dEdxRHF2NmVCTTU2dTFyNnlPYzZQRWdIV1NIdHhpZzFUSE9wRkhlcEZPOERRT3gwdzh6b3ZFV1JPbEI1b3MrbUhtU2J2aHlHbWY2M0dVaDh0bWRoSGdMSlpMZkk1ZjZZUi9sbDdiV25nM0M4QmQ4dG5Sa05oRnhGc1pxWjVJMG15UzRLQ1ppemdaQitJRUVPYU5lNXUwbHlDcC8zMWI3TzZ4Z2JsVUkvVHEvU3BNdkluKy9lclZsOU1xdWpxaERXOWFxalZXYXZxL1czOWRUUUJFdXpGMHJSYXF2MFpJWi9wNkdBT1MvMUw4dm5ON1dTTzZSL1E0ZkUzQy9BT3NjdTE2aytqY0xuVkkzakY0blF1RnlBK05lRldGRUJ2cmhWdW5vd2tESFZqYWdlMTd2bktZZm5OMzhHajFFSGgrL1h1eTl6SHVCN0pnT3lNYWdrd0d4OUhQRUMzNVkvMGU2WDBmYy9yNmllbzk0alRjSDYxN3lsa0sxendjdkJTSHJSWlRseXRUUXVSTzlPN0dQU0lLMERTREl5akMweDZ3cVhta3ozeXFEK2xkR1VTNUdDSWc4TklpNzZnTjB2NDZJbnFoc0ZjN0dMOFhQTUlweHBzL0J2bjlFK2ROREQrMEtRTzZMVWZScEpVVmREVEpCd3dRSlBZczFucndVdE5LZmxuQmhhRVdNNGVqSDlPSjVZcTQxYjhnd1lvbUcvTFNCZFdmald1VFhoK2d1Mk4vL29odEtsdnNRL3JTMUM4S0pIb0kwOWlQSWlqQWlmNi9RT2FmRkNvUGZSbm1ONmx4aFVjNXVHMGJ0YVpDTm9kWC9hcEdvenNEdmY5a0ZlV2k0M0FxTkRGZFFVSjZtUGdFeHZOWVBiLzZaN21YZnA0L0pNSEtKRHdRclBSanBKVnBkeFZxV0xrRnExUmVtVklMb0tYT0lvM1I1Q085L1NYZGgvdk5XQ1hKZUNCbHZ2TWRBMmlCay9OR09BSWdVWDNqOHpOY05ZK3BFS0ZybVQwdmJDQk9rTWtRUTh1WWFjYWZwQkJUQ3NFVStlUDRVM2N1NkJ5NEdrUnkraEk2RmtHVGtZajgwdkV2M3N1LzZkeFM0NmZrSXcwa2oreUNjNkNGSVpUb1NwQkJuM1RGMWZyanFvL3QxeFB2cVJjZ2ozaVBCNHlsWVNwUWFnT3NVWHd2MllPUjV6MllSQ2wvMHA1MTloQW55TUNISXBIUWt5QTBML2REMEo3b2ZZVmo2bGd5WnRZTTNwbXowSWhYSDZLNm4yajhKd3JDRlB1RFNreUIzRW9MY1BwNTgwWTljamh6aUVCQmxpTnpGUHZqbWVqL1ZtRDNZM1kxMWl6QUtaL0t5NWFHMmFNTE8yRXB3cGk5R2ZFN3haaWQ1b3ZtZnRrdVF2NFQrbU95T2JUQkFPSUdwa0JBa04xa0kwaU13MTdLUW9vbXgwVVFCaGo2WmkveVFoWEgxdVMrNnFCclJidzRFNEM5cmZKQ0ZIb1FZVStFTG9XM2U0cjU5MGo2WjVVa2Y3Q0liNnl0WTBqZUdZa1RwTW4zakl2dDVtUGVmZHdhb1BxcFB3dERDSlRpMlJhR3g1T0lZeURqNzlYTnhDT1I0enVKUXY3VmpJZWR5YTBQYjdMQ2NpcGFHZE8xNk1ia0lNNzdPMzlIMzhlcTE0aFdlWEswWUJBamg3U2hjMkdZVEllTENtUWhwN0JvUnZyVXVBSCs3SVFCL0Y0bFhEYlpHaURoL0ovNytKazRHTTQ3UlhaaC9lTDBieHF6Mnd6MVkvOTBiTlcxcituY1g3dCs3MFQ1SWZYZEcxUEhmMTRwd3kwdEVWajdWNklqY0l1VkpETzNHK1Q1NC9STzZsMzFyVHNyd0RaUmRqeHp2anVqalBSdEQ0N29yb3I5M21ZeUZiTzhPaitsYjZ3TXdGc2RVdGl5a2UwSkNNZ2tNbGozMkFEblI5M2ZRNDllS2JZUFZFZTdGMEl4MDYwby9URDRvdytHTFhYREozYTJHQ1dUQjJVa1I1UFZaQW9XdTdhaXpOYW5YSzNmand0YTZEejQ1bE5jdTNCRjFmaWwydzZYT0xqaUVjbnI2aUF5amtaZzVPQnNYbzNmaVh3ek5mbmtZUXQ2UGkyc3Z4WG1BeUt5enB4K1NmaDk3WkVDMkhybi9PSDFoMmZUS1NRN1ZRM1JNZEUxMDNuYXBDNTVxazFWYklKNlgyTVpnMmVYNGw4VzZQZy95c3JoY0ZXNmlnVFBGelF0ODhDKzdKTGhNK1hHSmRFbFNzQnZtdGN0UVNrSzYycEJjUzlHcjNEalBCeHZmQ2Fia21ENzFkTU9rM1FISVhSU3lFWE03OHNYRk5zZXY4VS90SThnYS8yVHpobjAyT3VUVDJUY3VSMmFIRVVpT2FVY2s2ak42T3FZTEdPYU5JKytLUE84REY1S2xDTmNNWDEzaGh5L0UxSng0Z21nVFR4NldjTDNvUTF2eFdkaVprVjA2T2RiZlhpZXM5VDNZOXkrM2Ezdy80SmZpeVFId0cvelcyM2VHWEJ6NHozQ1dDRExIUVhYbXZXK2pDTmtvMjFJa3lMRDVYbmoyTlRsbHgwTkk4dkFlQ1VtUGE5V283UzI2Y3VQV1NHUDYvcU53cFRTNjkrUUxPZ1ZlTU5sL1FXZmZyQzVFRWNiSVgxL2xoMDg4akIyMDA4Y1lxbzRtRDJBdThrSXhrcVNrMWdmdmZwNjZMcHA4VFg4c2VYSjVpWVZkNnRtb0RWczB5bnR2SFF6djkxL3BlTkRUbXpHT0VCQ1o4MzB3OWJERXJEbE82VzN5RnVOQ0RMWFFxRWJPODhMRXh0U1dkZVZSR2JJWHhOODJJM0EyUTV2NEpiNm1oQkNFaEZlb3ZOY3ZCNWtseHpIOXBqVUFJM0VpS2tadm5ZWGJJeGVWbEIzTC8vdWtTdzNKaGNRUlpLa09RWENoVHR4WW5PRkNoWlVqU2E1NldYZ1Z6M1FPdzZwUmkwTHl6c0haOTI5ZThxdVhXVk14a2N2QXQ1SjdQTFh4dDA4Q1lVbkVBcjBuY2JYZUNRbG9XSTJKYjhNWTJTMHhnc1F6RWVsK3YxNkUvSENvTmFMR0M2LzhMalVYN09RZXlqaGNoNVFtaUNEbHRSMjVHWHFKWCt6clFFQS9MTkhaMTJLeDVyZFJXUVNIZ3lTendlYytScEI0cC9rbkpNaWVqNHQxOUNRbGkwSVQxRWVkcVNmM0RyRmI5WUM5QkxGcmIwc3NiSGF4N3JFekdVWUpNMjBkUUpBNG9IQ2hGMzUvbGQzOGlIZHErVk1RY2hmMGtTT3p4Z2ZUVXZEaXlCK3ZkYWsya3dqYjVHdjlDd3dKd2kzMlBXcS9JcFA5V3VOeVJGRWo1bnBoMlNtWldYQ2NFNW1FaWttSVZkdm52UXNYZU5WRmJ5cWxGYWRsdUJsdFJ0RGFXNjIxdmRrNkgybWZpNzBQR0JMRXRkQTl1cmZoT0NJZjNmN2ZyZld6TytnSm1IbEx5SjMxUlNHNUV3UExRUy95WUwyWVV1TzQ5eFUvRWp2K2RvbFFpcFpCWm9aWlFoWmQ2UzJ3eUVIbGl3eCtHeUI3cmcrV3ZNRzhTRHpUNng5MTZScFdGczdHemUrbnhtWGYycE15Wk5kNDQwdU1SYjFlcGozREt2R0wvQnZVQW5GR0ticitmSnpORG43STdvZkVLNjEvVzRIY212NXlGeEFGODMwd2JybGYvVU9mWkw0SzEzWUJDVDQvWkN1SnNFbHVrYS9ha2lBb3dBY1QwUm1WSkF0Q3M5azZWS1NIM1Zpbm5xYnNreUN2SmtRS3JleHowWU0vZjBLbStqMHRXc2tyaGNpZE04Y0xKUXNTWTRzcVFXcTlFeXdKa2xFRk4vRFArNjRoSUJIZ1VBQWpxcjN3OSt0RjJJdHUvek52dC9vL2ZISXc5QTRDZzMyUWgvdUl3UlA0TVhvZC81SWZpaGZveTUwWVh2WWMrcGQ5U1cxTyswM2VweUd2UDVOUERiWCtTWUVITm9nd2NwWVh1SVdKc1VFVkMwMHU3dzRJczU3M0xVMVl4OExJeHpnemN6YVpNYnh3eDJvUkpqWUU0T2M3QS9ETHBnRDhPOEdlTUpvaW9IZk1ESHRNNm5GYTFtbVpQUlpqMkJQRE9NUG5mOVVjVUwzR2svc2xlR2l6cU1yUzBNZ1dFWUo0NFQvMjBIWGQxOURJZjdFN0FQOW5wOEdZSS9hSmJoL0J2Qk1iUkxoempWOGxMYkdCUExMbVNMRDlDWXU4VDlnbUNQZTgvdzUrb2NxcXhJSmNzOGVZYzlROEgrVGg3SlpETUJ2RE1Kc2dudWptbWYxQmptWE5HcGczZTNhb2JyTE5KWmpUaHh6TitkNzhGdjNKbWQxWDNxeWZQWFhuNkpRbEdKQjNqbjVlM1hiQ1l5M0FFSXF6a0xlQWhqRVM1ZlBHeC9RdUp4THY5Y3RkQWZqTDZkNWUyV25IMm50c1Rsait1QjJGb2FCci9pRFlYQWdLTjgvUFp6aEovRUwvdVVIcXJDTUk0Um15bER5WU55OUVycUthRUVhRjkwdm1lOVc4WmMrSDh5L3MyNlk3aUpFK3RFbkVrSXhlcUVVZXVSL3pJdXBnWG9pRVNTK0hCYjZXREtkSldPQ3JJRE42VWdNSFY0Z3o1YzNQZVZYUE0yNlpYM1hWLzdCT2hCOWdIUHU5T2hHK3VjSVBaWmh2Qk9iSnhObXl1Q1pFRnM1UlcxNUllbG5FZ0pIb2FldC9UL2V5YjkxYkNneXI4b0tRQ2pKWTZKM2ttQ0RFNVpnYmlWZHpqSVlST1d1amFLNFhibHZxaHcxdksvQ0hxMTN3aGI5N3dGOFlrTVhmcGV0ZDBQU3VvcTVwdm9JeldoWVNwV1NlWHJ0ZW5iYU4ydmZhN0xmWG9wMW81ZVExYWR0K1hVSjRraG16MUtjdTdHa2w4dVR3UFMvN3NXNnZpUzY5RG1UcVJDNk95bnJLcXpRdlI5a09zK1o3MjNnU25wakNGK041TzJYMDY4aDR4Z1BON3ptYitRS1lmV203REZrelBWQXcyeHRGMzdUOThzVXdiaDhGV1VYYnovNzdXZWhGS2c3UVhiQ2YvcVFMYnByaEJXNmVUbjhXT0pXcEx5NzJ4TTMzMVdWRW01QmRqOFJIWWJFakg0MzdiZ3luQWxGRUJ1UWZiRC9GT1BtSDYvMlFYYTJud1BTQ2dNWmFncUZuTVhxU1R5bCtYWVpjd3YzcEpqL2t6Y0kya25Uc3FQdjdveVlJY1QzOFBPOFZuaGhRc2dBSFZZckt6RVBEUHZkWlY0dzNwTHJoTjAwUzVQU1FKQmt4MzJhZStiRzNsWXR5bUZnZkFJbmlIZmFybm01Vlg4VnprMUt1WnpKaVRjSThYS3dubWRIa1lEanc4eDBCS2dva055VWYyeE5RallPZmw5N2cwSkJ2Zk5ZRHh5L1NmWXEwK3JBRTJjOGw1WmdueFV3UThuWVZYK1B0NEdzc0dxdUpnUGE0V1JtenNqcjVSODMyd0Yvand2SVRpbmVBeWMydGJ5enpRY2tjRzMzWDlyUEc1SGlOQTluVVdNalZUcmthZyswOGl6d1IrWW93SExwN2xWLzkraUd0Uk40ZUhiL1VEMFd6VGZSY1kyRWpSdU90c1RGMjNmWjg1OGxUSXhrMEVqL1BWOWxQeVlPRU1oellzT2tlV1BJNjNhZUE5NzBmaEt3cUQzQnpCMytNZ3c2VXdZM1R2YkQ1ZDNRdit6YWNWZUNtNlc0UTVpWEhPREdrZmppRFZpcXZRaTh5MXl0cUJUbGdmNjdtdU40eEhZWDB5MnVRVDBBVVZudmdPOHY5NEE3UXZCd0pjT2NLSCtUTnREWWMwN0hYeEhCc2JuU0dyTHMxYThzbVJxRVgrVnF0VDMwdWpsWWk2NXFITm9pNGR2U291cVRXOTdrT3o0ZmtmWm1hOStoZGk5UjRhL3NaL0NCZ09IcVBwbk4wWjdZbHh5VVlPY016a05CcGpzeEtEenpUU3ZleTc0bExRY2lwOUlKcnppQ1ByOFk3T1lOMktwL3ZMVkc5eUNBTnFnQm4rUCt4TWJyTHVrYnBpcnNML2l1NXhEbWJFVUlMMVlnUjczNUdiOEZPbmpiK3plNEE1RHdYaWdnR2FXeFhvcjR4YU9sRjVxQVhDUXN1a1hDaEFkLzBqSWVxc2tqNmo1MEJ5SzVNL0hoU0FtaE1PZWhGZnJ5Tzd1dTVIM2QyUXhaNjdKTHFRUnJYN0RoNGo5N0YrdHpPVzdFUkpaRURRbEpDTGhyeHorcEZkUWFpbFM1MWRFSFc5QkQ1aExtTUVIcmdFQ09mOWNCUmltOTlrbFZOUlV0QUpZbVErREYxa1BWMFJqd1ROOHRUemM5V21aZ1FsT0tDc2FES0N4OThRVy9CU01LMDc2N0VoWGxsNHNhUnFpakUwUFpyejN2QlRmSGZjOGszMFZ5NFdDZTZUZWg0NXZnZXlZaDNJdkViTjl0N0lSRURFbVlUY25qZzJ5LzRxTDRhMnZnSEJVWk9aOFp2RjVub1JWWlIvc0RHRDlmNjFZa3ZjZVB3dEdja0tnbXpmQS8yTm14bkZwaWw4enR5TzB1L0xrS1E3R2U5OEorTjlLN3Jra3VYRTJwOWZjcVpwZW1EMVRobUdZekx5ZGl0enMxeVVPZHNCMzJZWlUvdVdwbVVvQmU1QlVPVVN4MzBacWs1NU05eG5yVXhOaXU1bU5sV0h4UzAyZHN6RXBtd0UwMzlCQmtIQ0FpeVRuaitLTDNMalV1d3JwdW5lVlR5eGJ2L1F3Vmx4SXRVZUdCcXN3UzBLTExoVFJsMTYwblFHSFMrMWg3M1VHdXVXTTVYZThYZVRsUkh3TzR4N2JsWkVmdTRGUkRacUpnRlIrZ1E1TU12dXNDRnN5RTNVOU9XR2FvTnRucDVqTVpkYmRKV3RVTmxtOG5VU2RscWszSUd4L05tZU9GTlNxL25ibmhUNlNOSXRRMFpWZHZRajc2OHI4UjlZVzRZYWxYN0tneUZUZ2s1R1AvK3ZJSE9wY1pIdDRrcTRZUTQ5M2tvZ3Nnc0J3MzZvVG8vbGZVZ0NiR0lMdUxlOTFrVUhraU02WEg0V2I3enVoMmJHWWJWQUNMenpleC9qQ2lsc05JTDM2aU5mWkYrOG1JUUNwRnNycGsyK3FFOVhxM1R2MWpHYkpSL3BrbmJrZmxuMnVoanRjVllxaDJNSWJ4UFBDOGh5WTZ6c2QrdC9jYzF1QTU4MWtHL2pHekY1RGRYN1R1V01kaUplODU3ZjUvaVBQMlZhQXA3ZVYzUGVhRUFsZkoyREI5Y0p2ZFA3bnJSRDNsWWorQ29qd3lSdWhJUUJUakozRFl2dHRkelA3N2VEYU1xUFZENlhIVDlzQW5GVmVVZW5aRU1DWTF1ZWFqem5vaEJlRFFEMHY2MmozeWNhZjUraFIvRUtKUkNQTStDTm5UbnozZ2N0NnMvRm8vTmZXOE03WGx0OXNmc3ZEZUdjWnFmejhYUTZOZU5nYWh1M0pJUEF2N3JSbEd0UXpDVWw5a1liQjZyZGsvTlNKYWtobHJQZWM0Z0lGNFkvcFFINWtmeDN4Yk5mMVJneEZRTXJhcmkxN2QwQTRleXZPbEpEMng4MDNtb3RlRzBERGYrMWgzZlBzNTB0MlFrVytJck8yL0Z6bm5pT2ZETXA5MHcrNEQ5UzQzMWJ5bFFNc01McFpYTXFHbkRoVExOZThZTkt4eThtN01jOCtaWGhNckdzVytYTWJRcXpFakdKRHpubWNpVG1UcE80RkN3V1VpU0g3L3NoMk1mQmxWM1BUQ2s2b2IzUCt1Q1gyOFhvUkNWVVRJamZ2MUpkNUNKSng5RDE1KzlLc0xwajdwMFF5N3k0WVpUSHdYaFh6RlB6clF3T2VMWEo2V3N5bjFuUmpJbm9RclhJM0ZXVEQ3T1hNVDR2N2ZjQjVVdEFWalZMc01heE55REVreGM1MWZ6Wk1kZkdReFZvWEFyRDBuaXdvbm9JWnk0cXZkTHFpNklUbWEyQnVCSHEvMVFQQ1BrYmJoNDkrZTVKRnAzbUs1SHFuQTlRb3pUQ2xYUm5VZFBCYVVvOUFKVVRENFNJZmRwQkc3enBwRmpiaWg1MXFCc1ZSUjlTQ1ZVRFU1Wm5CUlZtWk9KaStpZ1J4ZDUwOXptK3FDS0pGeDNtSzVIS25FOWtnQ2pFQXgrTXd3ZWhEQnBFcWlQNUYxM0dJWmFNM0E5b2gzSURKc0RuaEdGa0daRVFGdFB0TzNPTUNtck9TY1lsWS9ZQ2lidENySElZVWFVZVdiWUt5dk1pRUlQMGVoeGhubC9CZjIya24vZFllaEpacmluUmhxdU1LTy9JUXNHeC9nRVE0anlYRElnV2hrbVV1NUNmUFV6TVNPVkU3SysxbzV5aFFRYnF0MjJCQWQ5RUFhUkpNbEMxc1MyR2NmWFp4UHFTWjcxYkVXQVFCWnJFZHRJQ0JIUUh1Tk44dk02ZFFwUnRpSG85RkV3S0t2WGhsR2J2TTIrOFRiSHpsdVVOK3ViMVZpZDFtT2xHOEZBN3J5SnJPM0lTWGpXdlNCanlLUXF1QUVIZGtDd2FYQ0NoYUQxQkM4WTFNSGJWQlp2VVRkdnc4RHNHTHRnbzM3QkFaRjRCNFp1TmpId052b25PTkNERlhudDZFd3d0QXR2WGNaUVMwVlZuMlVLMHozdFBIa0hnRHcwR0FHOVk5cnpna05vNitTanFKTjNrTS9PZVQ2S1BFNzNuY2dyWHZsNEM5bEZJOWVJTW8zVVAvcVdQUGRJdkNVNEE1d1RvakQ0VkFCUGdkaXh0RWR6Z2htTWZ0ckFNVExSWmd6bFZGN1ZVWTREdlNKVWhBY2R1YTNRRVVxRmdiQXFUTXBhMVRsZEozK0Z5VG05YmZnM1g2SC8yN1MvUnUxcnhzUlg2QmhaUkI2K3drSk9abTFVT095WG1XejE1Rnhoa25lNlNSc1YrdTNpV004TjJwdUJDU2ZKMHgzbFpNQzZTa3NTOElOY25xRWZqcVhjalVBYTRSWU92SjBwbjhGOG92RTJEZm13eW5UaFBzMXpRSGdHaGNIQW9FSFpNKzROUTNaQjd1UVNNRC9Oc3pXdXdwNldBSVdxYmJpSFNCdEpVUDgwVDIwR1N4RjMzRkVncXZDaWhqc01UeHdSNy9vOUNScERjcmRSOXN3UXVVTk9PNVU5N1o3YVg4QmFHQ2xDbThjZEplelVUNk1OdDQwMjdOWVRheHVlR003RnFvc0I1eFgrNmM1SmpBbG1udVJwejBUaGFiY0hBUXhwaFN2b09lNW5ETER6N05iVG5iZVdUZTA4dzR3bVhkQjVvUHhKYndtemZFZVhnV0c0OEZUbmNtRXFDcEJocUVMaG4vSlVzaXRWc1laY1V6SGtZc1kwMUhDbDdDa1dVdEVOdVpoUkRSR3drQ3ArSWRkVEtHQ0dWQVVMcWVKK0tSamRNZ3I2UERPMmxNTXA0YW5ydHpNTFRwUTMrYTJuUW5qU0xTS0FJYW5SVWZaYno2UE1hd3dHVWNoVHdVKzZtNWdSSmkzcVhFK2syVk80U1htbDY3ZnVCMUVaRjVoQkpnM09sazFOMFUveERPbXc2OG5PYWlTTGdnQ0dRWUduN0luT3lTeWNTdVpMd2xNNmI4WDFTUzBxUzJRR216QjBrTW1KWGJwTkpZK0N5aEllUjZJOGdVUjVBcFhJRUE5MDhJOTdLc3NmUzVOWFlZY2tVVkI1UklsRW1jeWdxZUVLQ2FWSVdNc3NiQWdSQlQxS0JWRXVNL0NvY1o0Ukl3MFc4L3dVOXlQQ0ZIZWI4RGdxbmNFS0N2KzR1d2tubDRsczhaMW1pWHZLenhPdmdnWndqcnBoVFVtQThjYTNqVlBFVzdEN0dDeUZ5UEo0NXgzQ0ZNOVNOTHBycXVHbEp5NmpkNTByL01Zemhsa0VTL3FKZkVkNGl2dkJzaW51RGJpOWtnYWt1RkQydUh0MTJlUHMwWE9Xb2xtelBPRWVYVGI1K3FQOFkrNnR3bVB1RG1GS0orRFdBSjFoR0ozVCt4MDJWSEpzaXNGNWJUN2RlanZOKzlGVGRyTDdDaUUvNHVIeXh6ckttWVpab2h1S1BkWXhvV3hLNTJRTVJaclE4RHdEamJUVFlOL3N1QjJTMldsRE4xK0hNTGx6Yzlsa3o2T0U3RXlETENVMGpaM21IajNobWM0ZlRKamVPWGw4UmVmeUNkUGRiZU9udTYvZ0ZoSURUOC8yTXJiYk1yN0NzeFIvLzJyOGpNNEhKbFF4RDhGU2tpWUF5RVhjanBpRXFFVFVoZEdJYUF2alFoZ2RBLzloSEs2Rno1MlB5TDgxWE1kcVJBVmlJbUlDSXBOSlBEN3Avd09OZ0YrMVBsdUErd0FBQUFCSlJVNUVya0pnZ2c9PTt2ZXJ0aWNhbExhYmVsUG9zaXRpb249Ym90dG9tO3ZlcnRpY2FsQWxpZ249dG9wO2lyLnN5bmNocm9uaXplZD0xO3N0cm9rZVdpZHRoPTE7IiBwYXJlbnQ9IjU3IiB2ZXJ0ZXg9IjEiIGlzVGh1bWI9IjAiPjxteEdlb21ldHJ5IHg9Ijc2IiB5PSI3MyIgd2lkdGg9IjkwIiBoZWlnaHQ9IjkwIiBhcz0iZ2VvbWV0cnkiLz48L214Q2VsbD48bXhDZWxsIGlkPSIxMyIgdmFsdWU9ImlPUyBBcHAgU3RvcmUgLT4gSW9UIE1vYmlsZSBBcHBsaWNhdGlvbiIgc3R5bGU9ImlyLnJlZj02Y2ExNzM1ZC0yYjkxLTRmMmEtYWVmOC1lMjJmYzk2YTQ0MWE7ZWRnZVN0eWxlPW5vbmU7Y3VydmVkPTE7aHRtbD0xO2lyLnN5bmNocm9uaXplZD0xO2VudHJ5WD0wO2VudHJ5WT0wLjU7ZW50cnlEeD0wO2VudHJ5RHk9MDtzdHJva2VDb2xvcj0jQkZCRkJGO3N0cm9rZVdpZHRoPTI7ZW5kQXJyb3c9b3BlbjtlbmRGaWxsPTA7ZW5kU2l6ZT00O3NvdXJjZVBlcmltZXRlclNwYWNpbmc9OTsiIHBhcmVudD0iMSIgc291cmNlPSIzMiIgdGFyZ2V0PSIxMiIgZWRnZT0iMSI+PG14R2VvbWV0cnkgcmVsYXRpdmU9IjEiIGFzPSJnZW9tZXRyeSIvPjwvbXhDZWxsPjxteENlbGwgaWQ9IjIyIiB2YWx1ZT0iUm91dGVyIC0+IEFXUyBXQUYgKFdlYiBBcHBsaWNhdGlvbiBGaXJld2FsbCkiIHN0eWxlPSJpci5yZWY9ZTEzODc0Y2YtYTZhYS00ZjVlLWJmNGUtODM3MGVhNTZlNWUwO2VkZ2VTdHlsZT1ub25lO2N1cnZlZD0xO2h0bWw9MTtpci5zeW5jaHJvbml6ZWQ9MTtzdHJva2VDb2xvcj0jQkZCRkJGO3N0cm9rZVdpZHRoPTI7ZW5kQXJyb3c9b3BlbjtlbmRGaWxsPTA7ZW5kU2l6ZT00O3NvdXJjZVBlcmltZXRlclNwYWNpbmc9OTsiIHBhcmVudD0iMSIgc291cmNlPSIxOSIgdGFyZ2V0PSIyMCIgZWRnZT0iMSI+PG14R2VvbWV0cnkgcmVsYXRpdmU9IjEiIGFzPSJnZW9tZXRyeSIvPjwvbXhDZWxsPjxvYmplY3QgbGFiZWw9IkNvbW1vbiBWdWxucyIgaWQ9IjQyIj48bXhDZWxsIHN0eWxlPSIiIHBhcmVudD0iMCIgdmlzaWJsZT0iMCIvPjwvb2JqZWN0PjxteENlbGwgaWQ9IjQzIiB2YWx1ZT0iV2VhayBvciBIYXJkIENvZGVkIFBhc3N3b3JkcyIgc3R5bGU9InJvdW5kZWQ9MDt3aGl0ZVNwYWNlPXdyYXA7aHRtbD0xO3N0cm9rZUNvbG9yPSNiODU0NTA7c3Ryb2tlV2lkdGg9MTtmb250Q29sb3I9IzAwMDAwMDtmaWxsQ29sb3I9I2Y4Y2VjYztmb250U3R5bGU9MSIgcGFyZW50PSI0MiIgdmVydGV4PSIxIj48bXhHZW9tZXRyeSB4PSIyOTUiIHk9IjYyNyIgd2lkdGg9IjEyMCIgaGVpZ2h0PSI2MCIgYXM9Imdlb21ldHJ5Ii8+PC9teENlbGw+PG14Q2VsbCBpZD0iNDQiIHZhbHVlPSJJbnNlY3VyZSBOZXR3b3JrcyIgc3R5bGU9InJvdW5kZWQ9MDt3aGl0ZVNwYWNlPXdyYXA7aHRtbD0xO3N0cm9rZUNvbG9yPSNiODU0NTA7c3Ryb2tlV2lkdGg9MTtmb250Q29sb3I9IzAwMDAwMDtmaWxsQ29sb3I9I2Y4Y2VjYztmb250U3R5bGU9MSIgcGFyZW50PSI0MiIgdmVydGV4PSIxIj48bXhHZW9tZXRyeSB4PSI0NCIgeT0iNDAwIiB3aWR0aD0iMTIwIiBoZWlnaHQ9IjYwIiBhcz0iZ2VvbWV0cnkiLz48L214Q2VsbD48bXhDZWxsIGlkPSI0NSIgdmFsdWU9Ikluc2VjdXJlIEVjb3N5c3RlbSBJbnRlcmZhY2VzIiBzdHlsZT0icm91bmRlZD0wO3doaXRlU3BhY2U9d3JhcDtodG1sPTE7c3Ryb2tlQ29sb3I9I2I4NTQ1MDtzdHJva2VXaWR0aD0xO2ZvbnRDb2xvcj0jMDAwMDAwO2ZpbGxDb2xvcj0jZjhjZWNjO2ZvbnRTdHlsZT0xIiBwYXJlbnQ9IjQyIiB2ZXJ0ZXg9IjEiPjxteEdlb21ldHJ5IHg9Ijg2IiB5PSI1NDciIHdpZHRoPSIxMjAiIGhlaWdodD0iNjAiIGFzPSJnZW9tZXRyeSIvPjwvbXhDZWxsPjxteENlbGwgaWQ9IjQ2IiB2YWx1ZT0iSW5zZWN1cmUgVXBkYXRlIE1lY2hhbmlzbXMiIHN0eWxlPSJyb3VuZGVkPTA7d2hpdGVTcGFjZT13cmFwO2h0bWw9MTtzdHJva2VDb2xvcj0jYjg1NDUwO3N0cm9rZVdpZHRoPTE7Zm9udENvbG9yPSMwMDAwMDA7ZmlsbENvbG9yPSNmOGNlY2M7Zm9udFN0eWxlPTEiIHBhcmVudD0iNDIiIHZlcnRleD0iMSI+PG14R2VvbWV0cnkgeD0iNDMzIiB5PSI2MjkiIHdpZHRoPSIxMjAiIGhlaWdodD0iNjAiIGFzPSJnZW9tZXRyeSIvPjwvbXhDZWxsPjxteENlbGwgaWQ9IjQ3IiB2YWx1ZT0iT3V0ZGF0ZWQgQ29tcG9uZW50cyIgc3R5bGU9InJvdW5kZWQ9MDt3aGl0ZVNwYWNlPXdyYXA7aHRtbD0xO3N0cm9rZUNvbG9yPSNiODU0NTA7c3Ryb2tlV2lkdGg9MTtmb250Q29sb3I9IzAwMDAwMDtmaWxsQ29sb3I9I2Y4Y2VjYztmb250U3R5bGU9MSIgcGFyZW50PSI0MiIgdmVydGV4PSIxIj48bXhHZW9tZXRyeSB4PSI1NzUiIHk9IjYyNyIgd2lkdGg9IjEyMCIgaGVpZ2h0PSI2MCIgYXM9Imdlb21ldHJ5Ii8+PC9teENlbGw+PG14Q2VsbCBpZD0iNDgiIHZhbHVlPSJMYWNrIG9mIFByb3BlciBQcml2YWN5IENvbnRyb2xzIiBzdHlsZT0icm91bmRlZD0wO3doaXRlU3BhY2U9d3JhcDtodG1sPTE7c3Ryb2tlQ29sb3I9I2I4NTQ1MDtzdHJva2VXaWR0aD0xO2ZvbnRDb2xvcj0jMDAwMDAwO2ZpbGxDb2xvcj0jZjhjZWNjO2ZvbnRTdHlsZT0xIiBwYXJlbnQ9IjQyIiB2ZXJ0ZXg9IjEiPjxteEdlb21ldHJ5IHg9Ijc3NSIgeT0iMjcyIiB3aWR0aD0iMTIwIiBoZWlnaHQ9IjYwIiBhcz0iZ2VvbWV0cnkiLz48L214Q2VsbD48bXhDZWxsIGlkPSI0OSIgdmFsdWU9Ikluc2VjdXJlIERhdGEgVHJhbnNmZXIgb3IgU3RvcmFnZSIgc3R5bGU9InJvdW5kZWQ9MDt3aGl0ZVNwYWNlPXdyYXA7aHRtbD0xO3N0cm9rZUNvbG9yPSNiODU0NTA7c3Ryb2tlV2lkdGg9MTtmb250Q29sb3I9IzAwMDAwMDtmaWxsQ29sb3I9I2Y4Y2VjYztmb250U3R5bGU9MSIgcGFyZW50PSI0MiIgdmVydGV4PSIxIj48bXhHZW9tZXRyeSB4PSIyMzciIHk9IjE3OCIgd2lkdGg9IjEyMCIgaGVpZ2h0PSI2MCIgYXM9Imdlb21ldHJ5Ii8+PC9teENlbGw+PG14Q2VsbCBpZD0iNTAiIHZhbHVlPSJJbXByb3BlciBEZXZpY2UgTWFuYWdlbWVudCIgc3R5bGU9InJvdW5kZWQ9MDt3aGl0ZVNwYWNlPXdyYXA7aHRtbD0xO3N0cm9rZUNvbG9yPSNiODU0NTA7c3Ryb2tlV2lkdGg9MTtmb250Q29sb3I9IzAwMDAwMDtmaWxsQ29sb3I9I2Y4Y2VjYztmb250U3R5bGU9MSIgcGFyZW50PSI0MiIgdmVydGV4PSIxIj48bXhHZW9tZXRyeSB4PSItMzI1IiB5PSI2MjIiIHdpZHRoPSIxMjAiIGhlaWdodD0iNjAiIGFzPSJnZW9tZXRyeSIvPjwvbXhDZWxsPjxteENlbGwgaWQ9IjUxIiB2YWx1ZT0iSW5zZWN1cmUgRGVmYXVsdCBTZXR0aW5ncyIgc3R5bGU9InJvdW5kZWQ9MDt3aGl0ZVNwYWNlPXdyYXA7aHRtbD0xO3N0cm9rZUNvbG9yPSNiODU0NTA7c3Ryb2tlV2lkdGg9MTtmb250Q29sb3I9IzAwMDAwMDtmaWxsQ29sb3I9I2Y4Y2VjYztmb250U3R5bGU9MSIgcGFyZW50PSI0MiIgdmVydGV4PSIxIj48bXhHZW9tZXRyeSB4PSItMTgyIiB5PSI2MjAiIHdpZHRoPSIxMjAiIGhlaWdodD0iNjAiIGFzPSJnZW9tZXRyeSIvPjwvbXhDZWxsPjxteENlbGwgaWQ9IjUyIiB2YWx1ZT0iTGFjayBvZiBQaHlzaWNhbCBIYXJkZW5pbmciIHN0eWxlPSJyb3VuZGVkPTA7d2hpdGVTcGFjZT13cmFwO2h0bWw9MTtzdHJva2VDb2xvcj0jYjg1NDUwO3N0cm9rZVdpZHRoPTE7Zm9udENvbG9yPSMwMDAwMDA7ZmlsbENvbG9yPSNmOGNlY2M7Zm9udFN0eWxlPTEiIHBhcmVudD0iNDIiIHZlcnRleD0iMSI+PG14R2VvbWV0cnkgeD0iMTQ0IiB5PSI2MzUiIHdpZHRoPSIxMjAiIGhlaWdodD0iNjAiIGFzPSJnZW9tZXRyeSIvPjwvbXhDZWxsPjxteENlbGwgaWQ9IjUzIiB2YWx1ZT0iTGFjayBvZiBQcm9wZXIgUHJpdmFjeSBDb250cm9scyIgc3R5bGU9InJvdW5kZWQ9MDt3aGl0ZVNwYWNlPXdyYXA7aHRtbD0xO3N0cm9rZUNvbG9yPSNiODU0NTA7c3Ryb2tlV2lkdGg9MTtmb250Q29sb3I9IzAwMDAwMDtmaWxsQ29sb3I9I2Y4Y2VjYztmb250U3R5bGU9MSIgcGFyZW50PSI0MiIgdmVydGV4PSIxIj48bXhHZW9tZXRyeSB4PSI0NjIiIHk9Ii0yNDQiIHdpZHRoPSIxMjAiIGhlaWdodD0iNjAiIGFzPSJnZW9tZXRyeSIvPjwvbXhDZWxsPjxteENlbGwgaWQ9IjU0IiB2YWx1ZT0iSW5zZWN1cmUgVXBkYXRlIE1lY2hhbmlzbXMiIHN0eWxlPSJyb3VuZGVkPTA7d2hpdGVTcGFjZT13cmFwO2h0bWw9MTtzdHJva2VDb2xvcj0jYjg1NDUwO3N0cm9rZVdpZHRoPTE7Zm9udENvbG9yPSMwMDAwMDA7ZmlsbENvbG9yPSNmOGNlY2M7Zm9udFN0eWxlPTEiIHBhcmVudD0iNDIiIHZlcnRleD0iMSI+PG14R2VvbWV0cnkgeD0iLTQ2MSIgeT0iNjE4IiB3aWR0aD0iMTIwIiBoZWlnaHQ9IjYwIiBhcz0iZ2VvbWV0cnkiLz48L214Q2VsbD48bXhDZWxsIGlkPSI1NSIgdmFsdWU9Ik91dGRhdGVkIENvbXBvbmVudHMiIHN0eWxlPSJyb3VuZGVkPTA7d2hpdGVTcGFjZT13cmFwO2h0bWw9MTtzdHJva2VDb2xvcj0jYjg1NDUwO3N0cm9rZVdpZHRoPTE7Zm9udENvbG9yPSMwMDAwMDA7ZmlsbENvbG9yPSNmOGNlY2M7Zm9udFN0eWxlPTEiIHBhcmVudD0iNDIiIHZlcnRleD0iMSI+PG14R2VvbWV0cnkgeD0iLTU2MiIgeT0iNTM4IiB3aWR0aD0iMTIwIiBoZWlnaHQ9IjYwIiBhcz0iZ2VvbWV0cnkiLz48L214Q2VsbD48L3Jvb3Q+PC9teEdyYXBoTW9kZWw+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Credentials for groups and roles not properly configured. User accounts are configured with excessive privileges. + + + + + + + + + + + + + + <p>Control access to AWS Augmented AI (A2I)</p> +<p>Rationale:<br> When using Amazon Augmented AI (Amazon A2I) to create a human review workflow for your ML/AI application, you create and configure resources in Amazon SageMaker such as a human workforce and worker task templates. To configure and start a human loop, you either integrate Amazon A2I with other AWS services such as Amazon Textract or Amazon Rekognition, or use the Amazon Augmented AI Runtime API. To create a human review workflow and start a human loop, you must attach certain policies to your AWS Identity and Access Management (IAM) role or user.</p> +<p>Remediation:<br> - When you start a human loop using image input data on or after January 12th, 2020, you must add a CORS header policy to the Amazon S3 bucket that contains your input data.</p> +<p>- When you create a flow definition, you need to provide a role that grants Amazon A2I permission to access Amazon S3 both for reading objects that are rendered in a human task UI and for writing the results of the human review.<br> This role must also have a trust policy attached to give SageMaker permission to assume the role. This allows Amazon A2I to perform actions in accordance with permissions that you attach to the role.</p> +<p>- To create and start human loops, you either use an API operation from a built-in task type (such as DetectModerationLabel or AnalyzeDocument) or the Amazon A2I Runtime API operation StartHumanLoop in a custom ML application. You need to attach the AmazonAugmentedAIFullAccess managed policy to the IAM user that invokes these API operations to grant permission to these services to use Amazon A2I operations. <br> This policy does not grant permission to invoke the API operations of the AWS service associated with built-in task types. For example, AmazonAugmentedAIFullAccess does not grant permission to call the Amazon Rekognition DetectModerationLabel API operation or Amazon Textract AnalyzeDocument API operation. You can use the more general policy, AmazonAugmentedAIIntegratedAPIAccess, to grant these permissions.</p> +<p>- To preview your custom worker task UI template, you need an IAM role with permissions to read Amazon S3 objects that get rendered on your user interface.</p> +<p>For more information please see Reference URL.</p> +<p>Impact:<br> None</p> + + + + + + + + <p>With the IAM policy simulator, you can test and troubleshoot identity-based policies, IAM permissions boundaries, Organizations service control policies, and resource-based policies.</p> + + + + + + + + + + + + + + + + + + + + + <p>Attackers could gain unauthorized access to the control of the environment, due to improper definition and configuration of user accounts or role groups.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <div> + The audit logs are not encrypted and they can be accessed by attackers and obtain sensitive data + in clear text. + </div> + + + + + + + + + + + + The failure connection attempts (brute force) must be audited and monitored and the + correspondent personnel must be alerted and informed. + + + + + + + + + + + + <div> + The changes in the network configurations (NACLs, route and gateway tables) are not detected + because the monitorization and alerts of the network configuration are not configured to detect + these changes. + </div> + + + + + + + + + + + + <div> + Monitoring and alerting for security configurations are not configured and changes cannot be + detected.&nbsp; + </div> + + + + + + + + + + + + The changes in the security groups must be audited and monitored and the correspondent + personnel must approve these changes. If the situation is not the correct, attackers can access + to security systems. + + + + + + + + + + + + + + + + + + + + + + + + <div> + The administrator accounts are used for all actions, not only for administrative actions. This + is because these users have not got a personal or a user account to do the daily actions. + </div> + + + + + + + + + + + + The administrator accounts are used for all actions, not only for administrative actions. This + is because these users have not got a personal or a user account to do the daily actions. + + + + + + + + + + + + Resources are not registered in the safety net systems, and/or additional unidentified resources exist. As such, additional weakness might be introduced. + + + + + + + + + + + + Access to sensitive systems without using MFA to log into the systems. + + + + + + + + + + + + Login to the console without using the Multi-factor Authentication (MFA) and they are not + detected. The connection without the MFA must be audited and monitored, the correct security + group must be informed and they must validate this connection. + + + + + + + + + + + + Credentials for groups and roles not properly configured. User accounts are configured with excessive privileges. + + + + + + + + + + + + The security contact details for the Azure subscription are not properly configured. + + <div> + <ol> + <li>Access &quot;Azure Security Center&quot;.&nbsp;</li> + <li>In the &quot;Recommendations&quot; tab choose &quot;Provide security + contact details&quot;.&nbsp;</li> + <li>Check that all fields are filled.</li> + </ol> + </div> + + + + + + + + + + + <p>Without proper segmentation, when attackers gain access to one resource, any other resources in the same VNet are compromised.</p> + + + + + + + + + + + + The actions in the resources are not audited and not recorded in the logs. + + + + + + + + + + + + The API call to the resources is not audited and the actions are not recorded into the logs. + + + + + + + + + + + + The audit logs are not stored in a central system. Therefore, the audit logs cannot be + exploited correctly by the security personnel. + + + + + + + + + + + + <div> + The system doesn't require additional steps to create access keys, the access keys are + generating when the process to create an user is starting. The problem is that these keys can be + in use somewhere in the organization and maybe these keys are not necessary for the user. + </div> + + + + + + + + + + + + <div> + Being highly selective in peering routing tables is a very effective way of minimizing the + impact of breach as resources outside of these routes are inaccessible to the peered VPC. + </div> + + + + + + + + + + + + <div> + The authentication method &quot;Multi-factor Authentication&quot; for the Administrator + accounts are not configured. + </div> + + + + + + + + + + + + The password expiration is not configured and users are not obliged to change their passwords. + Not change frequently the passwords gives facilities to attackers to obtain them. + + + + + + + + + + + + The administrator account is not configured. The security question to recover or reset the + password and the authentication method are not configured. + + + + + + + + + + + + + The security policies are not configured and the security configurations are exposed for the + attackers. + + + + + + + + + + + + <p>Key security settings such as the resetting of the password and other password controls are not configured.</p> + + + + + + + + + + + + The connections with the applications and with the databases cannot be audited and not + detected. + + + + + + + + + + + + The changes in the applications and in the databases and these changes are not detected and + not audited. + + + + + + + + + + + + + + Granting least privilege ensures that users only have the permissions required to complete + their jobs rather than additional privileges that are not required. Following this model ensures + that, should an account be compromised, the blast radius of damage is limited. + <br /> + <br /> + <b>Remediation:</b> + <div> + <ul> + <li>Allocate privileges via groups or roles via the recommendation in &quot;Use RBAC + with pre-defined policies added into groups or roles&quot;.</li> + </ul> + </div> + + + + + + + + + + + + + + <ol> + <li>Follow the audit check in &quot;Use RBAC with pre-defined policies added into + groups or roles&quot;.</li> + <li>Ensure the privileges granted to these groups or roles only give the user the + ability to perform their and no more.</li> + </ol> + + + + + + + + + + + + + + + + + + <div> + <b>Description</b>: +</div> +<div> + <br> + AWS Config provides you with a detailed inventory of your AWS resources and their current configuration, and continuously records configuration changes to these resources. You can evaluate these configurations and changes for compliance with ideal configurations as defined by AWS Config Rules. +</div> +<div> + <br> +</div> +<div> + <b>Remediation</b>: +</div> +<div> + <br> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>Create locally a json file (similar with the below sample) with the configuration of the Config Rule, and save it as /tmp/ConfigRule.json:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + "Description": "Checks whether all EIP addresses allocated to a VPC are attached to + </div> + </blockquote> + <blockquote> + <div> + EC2 instances or in-use ENIs.", + </div> + </blockquote> + <blockquote> + <div> + "ConfigRuleName": "eip-attached", + </div> + </blockquote> + <blockquote> + <div> + "Source": { + </div> + </blockquote> + <blockquote> + <div> + "Owner": "AWS", + </div> + </blockquote> + <blockquote> + <div> + "SourceIdentifier": "EIP_ATTACHED" + </div> + </blockquote> + <blockquote> + <div> + }, + </div> + </blockquote> + <blockquote> + <div> + "Scope": { + </div> + </blockquote> + <blockquote> + <div> + "ComplianceResourceTypes": [ + </div> + </blockquote> + <blockquote> + <div> + "AWS::EC2::EIP" + </div> + </blockquote> + <blockquote> + <div> + ] + </div> + </blockquote> + <blockquote> + <div> + } + </div> + </blockquote> + <blockquote> + <div> + } + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>Create a Config Rule using the configuration saved earlier:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws configservice put-config-rule --config-rule file:///tmp/ConfigRule.json + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>Search for a Config Rule that checks whether all EIP addresses allocated to a VPC are attached to EC2 instances or in-use ENIs:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws configservice describe-config-rules --query "ConfigRules[?Source.SourceIdentifier== 'EIP_ATTACHED']" + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + <b>Description</b>:&nbsp; +<div> + <br> + An IAM role is similar to a user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it.&nbsp; +</div> +<div> + <br> + Also, a role does not have any credentials (password or access keys) associated with it. Instead, if a user is assigned to a role, access keys are created dynamically and provided to the user.&nbsp; +</div> +<div> + <br> + You can use roles to delegate access to users, applications, or services that don't normally have access to your AWS resources. Applications must sign their API requests with AWS credentials. Therefore, if you are an application developer, you need a strategy for managing credentials for your applications that run on EC2 instances. +</div> +<div> + <br> + IAM Roles for EC2 allow application running within an EC2 instance assume the role applied to the instance. +</div> +<div> + <br> +</div> +<div> + <div> + <b>Remediation</b>: + </div> + <div> + <br> + </div> + <div> + *Note: references to Web tier are also applicable to App tier. + </div> + <div> + <br> + </div> + <div> + Using the Amazon unified command line interface: + </div> + <div> + <ul> + <li>If doesn't exist, create an instance profile for Web tier instances:</li> + </ul> + </div> + <div> + aws iam create-instance-profile --instance-profile-name &lt;web_tier_instance_profile&gt; + </div> + <div> + <ul> + <li>If doesn't exist, create an IAM role for the instance profile:</li> + <ul> + <li>Create a trust relationship policy document and save it locally as /tmp/TrustPolicy.json:</li> + </ul> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <blockquote> + <div> + <div> + { + </div> + </div> + </blockquote> + </blockquote> + <blockquote> + <blockquote> + <div> + <div> + "Version": "2012-10-17", + </div> + </div> + </blockquote> + </blockquote> + <blockquote> + <blockquote> + <div> + <div> + "Statement": [ + </div> + </div> + </blockquote> + </blockquote> +</blockquote> +<blockquote> + <blockquote> + <blockquote> + <blockquote> + <div> + <div> + { + </div> + </div> + </blockquote> + </blockquote> + </blockquote> + <blockquote> + <blockquote> + <blockquote> + <div> + <div> + "Effect": "Allow", + </div> + </div> + </blockquote> + </blockquote> + </blockquote> + <blockquote> + <blockquote> + <blockquote> + <div> + <div> + "Principal": { + </div> + </div> + </blockquote> + </blockquote> + </blockquote> +</blockquote> +<blockquote> + <blockquote> + <blockquote> + <blockquote> + <blockquote> + <div> + <div> + "Service": "ec2.amazonaws.com" + </div> + </div> + </blockquote> + </blockquote> + </blockquote> + </blockquote> +</blockquote> +<blockquote> + <blockquote> + <blockquote> + <blockquote> + <div> + <div> + }, + </div> + </div> + </blockquote> + </blockquote> + </blockquote> + <blockquote> + <blockquote> + <blockquote> + <div> + <div> + "Action": "sts:AssumeRole" + </div> + </div> + </blockquote> + </blockquote> + </blockquote> + <blockquote> + <blockquote> + <blockquote> + <div> + <div> + } + </div> + </div> + </blockquote> + </blockquote> + </blockquote> +</blockquote> +<blockquote> + <blockquote> + <blockquote> + <div> + <div> + ] + </div> + </div> + </blockquote> + </blockquote> + <blockquote> + <blockquote> + <div> + <div> + } + </div> + </div> + </blockquote> + </blockquote> +</blockquote> +<div> + <div> + <ul> + <ul> + <li>Create the IAM role using the above trust policy:</li> + </ul> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <blockquote> + <div> + <div> + aws iam create-role --role-name &lt;web_tier_iam_role&gt; --assume-role-policydocument file:///tmp/TrustPolicy.json + </div> + </div> + </blockquote> + </blockquote> +</blockquote> +<div> + <div> + <ul> + <li>Add the IAM role created to the Instance profile:</li> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div> + aws iam add-role-to-instance-profile --role-name &lt;web_tier_iam_role&gt; --instanceprofile-name &lt;web_tier_instance_profile&gt; + </div> + </div> + </blockquote> +</blockquote> +<div> + <div> + <br> + </div> +</div> + + + + + + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>List all the Web tier EC2 instances, check if and which IAM instance profile they have attached, and note the name of the instance profile:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 describe-instances --filters Name=tag:&lt;web_tier_tag&gt;,Values=&lt;web_tier_tag_value&gt; --query "Reservations[*].Instances[*].{IamInstanceProfile:IamInstanceProfile, InstanceId:InstanceId}" + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>Check and note the IAM role name used by the Web tier instance profile:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws iam get-instance-profile --instance-profile-name &lt;web_tier_instance_profile&gt; --query "InstanceProfile.Roles[*].RoleName" + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + <b>Description</b>:&nbsp; +<div> + <br> + By default, IAM users, groups, and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users, groups, or roles defined with AWS Identity Access Management. An IAM policy is a document that formally states one or more permissions using the following structure:&nbsp; +</div> +<div> + <ul> + <li>Actions: what actions are allowed (each AWS service has its own set of actions)</li> + <li>Resources: which resources will be affected by the action</li> + <li>Effect: what effect will be when the subject (user/group/roles) requests access Policies are documents that are created using JSON. A policy consists of one or more statements, each of which describes one set of permissions.</li> + </ul> + <div> + <div> + <b>Remediation</b>: + </div> + <div> + <br> + </div> + <div> + *Note: references to Web tier are also applicable to App tier + </div> + <div> + <br> + </div> + <div> + Using the Amazon unified command line interface: + </div> + <div> + <ul> + <li>If doesn't exist, create an instance profile for Web tier instances:</li> + </ul> + </div> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div> + <div> + aws iam create-instance-profile --instance-profile-name &lt;web_tier_instance_profile&gt; + </div> + </div> + </div> + </blockquote> +</blockquote> +<div> + <div> + <div> + <ul> + <li>If doesn't exist, create an IAM role for the instance profile:</li> + <ul> + <li>Create a trust relationship policy document and save it locally as /tmp/TrustPolicy.json:</li> + </ul> + </ul> + </div> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div> + <div> + { + </div> + </div> + </div> + </blockquote> +</blockquote> +<blockquote> + <blockquote> + <blockquote> + <div> + <div> + "Version": "2012-10-17", + </div> + </div> + </blockquote> + </blockquote> + <blockquote> + <blockquote> + <div> + <div> + "Statement": [ + </div> + </div> + </blockquote> + </blockquote> +</blockquote> +<blockquote> + <blockquote> + <blockquote> + <blockquote> + <div> + <div> + { + </div> + </div> + </blockquote> + </blockquote> + </blockquote> + <blockquote> + <blockquote> + <blockquote> + <div> + <div> + "Effect": "Allow", + </div> + </div> + </blockquote> + </blockquote> + </blockquote> + <blockquote> + <blockquote> + <blockquote> + <div> + <div> + "Principal": { + </div> + </div> + </blockquote> + </blockquote> + </blockquote> +</blockquote> +<blockquote> + <blockquote> + <blockquote> + <blockquote> + <blockquote> + <div> + <div> + "Service": "ec2.amazonaws.com" + </div> + </div> + </blockquote> + </blockquote> + </blockquote> + </blockquote> +</blockquote> +<blockquote> + <blockquote> + <blockquote> + <blockquote> + <div> + <div> + }, + </div> + </div> + </blockquote> + </blockquote> + </blockquote> + <blockquote> + <blockquote> + <blockquote> + <div> + <div> + "Action": "sts:AssumeRole" + </div> + </div> + </blockquote> + </blockquote> + </blockquote> + <blockquote> + <blockquote> + <blockquote> + <div> + <div> + } + </div> + </div> + </blockquote> + </blockquote> + </blockquote> +</blockquote> +<blockquote> + <blockquote> + <blockquote> + <div> + <div> + ] + </div> + </div> + </blockquote> + </blockquote> +</blockquote> +<blockquote> + <blockquote> + <div> + <div> + } + </div> + </div> + </blockquote> +</blockquote> +<div> + <div> + <ul> + <ul> + <li>Create the IAM role using the above trust policy:</li> + </ul> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <blockquote> + <div> + <div> + <div> + aws iam create-role --role-name &lt;web_tier_iam_role&gt; --assume-role-policydocument file:///tmp/TrustPolicy.json + </div> + </div> + </div> + </blockquote> + </blockquote> +</blockquote> +<div> + <div> + <div> + <ul> + <li>Add the IAM role created to the Instance profile:</li> + </ul> + </div> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div> + <div> + aws iam add-role-to-instance-profile --role-name &lt;web_tier_iam_role&gt; --instanceprofile-name &lt;web_tier_instance_profile&gt; + </div> + </div> + </div> + </blockquote> +</blockquote> +<div> + <div> + <div> + <ul> + <li>If doesn't exist, create an IAM managed policy for Web tier instances, and note the policy ARN:</li> + </ul> + </div> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div> + <div> + aws iam create-policy --policy-name &lt;iam_policy_name&gt; --policy-document file://policy + </div> + </div> + </div> + </blockquote> +</blockquote> +<div> + <div> + <div> + <ul> + <li>Attach the IAM policy created to the Web tier IAM role:</li> + </ul> + </div> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div> + <div> + aws iam attach-role-policy --policy-arn &lt;iam_policy_arn&gt; --rolename &lt;web_tier_iam_role&gt; + </div> + </div> + </div> + </blockquote> +</blockquote> +<div> + <div> + <div> + <br> + </div> + </div> +</div> + + + + + + + + + + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>Check and note the IAM role name used by the Web tier instance profile:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws iam get-instance-profile --instance-profile-name &lt;web_tier_instance_profile&gt; --query "InstanceProfile.Roles[*].RoleName" + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>Check managed policies attached to the IAM role, and note the policies ARN:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws iam list-attached-role-policies --role-name &lt;web_tier_iam_role&gt; + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>Check and note the version of the IAM policies attached to the IAM role:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws iam get-policy --policy-arn &lt;iam_policy_arn&gt; --query "Policy.DefaultVersionId" + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>Check the document policy:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws iam get-policy-version --policy-arn &lt;iam_policy_arn&gt; --version-id &lt;iam_policy_version&gt; + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + Applications that run on an Amazon EC2/S3 instance need credentials in order to access other AWS services. To provide credentials to the application in a secure way, use IAM roles. A role is an entity that has its own set of permissions, but that isn't a user or group. Roles also don't have their own permanent set of credentials the way IAM users do. In the case of Amazon EC2/S3, IAM dynamically provides temporary credentials to the EC2/S3 instance, and these credentials are automatically rotated for you. +<br /> +<br />When you launch an EC2/S3 instance, you can specify a role for the instance as a launch parameter. Applications that run on the EC2/S3 instance can use the role's credentials when they access AWS resources. The role's permissions determine what the application is allowed to do. It is recommended that all EC2/S3 instances are launched with a role, even if the role has no permissions (as they can be added later if desired). +<div> + <br /> + <b>Remediation:</b> + <br /> + <ol> + <li>Login to the AWS Management Console.</li> + <li>Select EC2/S3 from the services menu.</li> + <li>Select &quot;Launch Instance&quot;.</li> + <li>Complete the wizard until step 3 at which point ensure an IAM role is selected for the &quot;IAM role&quot; option (note the role must already exist).</li> + <li>Complete the wizard to launch the instance.</li> + </ol>NB: You cannot add a role to an instance that has been launched without one. In these cases create an AMI from an existing instance and launch a new instance, assigning an IAM role as detailed above. +</div> +<div> + <br /> <br /> +</div> + + + + + + + + <ol> + <li>Login to the AWS Management Console.</li> + <li>Select EC2/S3 from the services menu.</li> + <li>Select &quot;Instances&quot; from the left hand menu.</li> + <li>For each instance in the list:</li> + <ul> + <li>select the instance</li> + <li>in the preview pane confirm the instance has an &quot;IAM Role&quot; + assigned (if a hyphen &quot;-&quot; is shown then your instance has no role + assigned).</li> + </ul> + </ol> + + + + + + + + + + + + + + + + + Instead of defining permissions for individual IAM users, it's usually more convenient to create groups that relate to job functions (administrators, developers, accounting, etc.), define the relevant permissions for each group, and then assign IAM users to those groups. All the users in an IAM group inherit the permissions assigned to the group. That way, you can make changes for everyone in a group in just one place. As people move around in your company, you can simply change what IAM group their IAM user belongs to. This method is know as Role Based Access Control (RBAC). +<div> + <br /> + <b>Remediation:<br /></b>Remove privilege granted directly to a user: + <br /> + <ol> + <li>Sign in to the AWS Management Console (with IAM update privileges).</li> + <li>Go to IAM Service on the AWS Console.</li> + <li>Click on Users.</li> + <li>For each user complete the following:</li> + <ul> + <li>Select the user.</li> + <li>Click on the Permissions tab.</li> + <li>Expand &quot;Managed Policies&quot;.</li> + <li>Click &quot;Detach Policy&quot;.</li> + <li>Expand &quot;Inline Policies&quot;.</li> + <li>Click &quot;Remove Policy&quot;.</li> + </ul> + </ol>Create a Group and add a user: + <br /> + <ol> + <li>Sign in to the AWS Management Console (with IAM update privileges).</li> + <li>Go to IAM Service on the AWS Console.</li> + <li>Select Groups and click Create New Group.&nbsp;</li> + <li>In the Group Name box, type the name of the group and click Next Step.&nbsp;</li> + <li>In the list of policies, select the check box for each policy that you want to apply to all members of the group. Click Next Step.</li> + <li>Click Create Group.</li> + <li>Click the new Group and select the &quot;Users&quot; tab.</li> + <li>Click &quot;Add Users to Group&quot;.</li> + <li>Select the users and click &quot;Add Users&quot;.</li> + </ol></div> + + + + + + + + + <ol> + <li>Obtain a list of IAM users by: aws iam list-users --query 'Users[*].UserName' + --output text</li> + <li>Run the following to determine if they have policies directly attached:&nbsp;</li> + </ol> + <blockquote> + <blockquote> + <div> + aws iam list-attached-user-policies --user-name user + </div> + </blockquote> + <blockquote> + <div> + <br /> + </div> + </blockquote> + <blockquote> + <div> + aws iam list-user-policies --user-name user + </div> + </blockquote> + </blockquote> + + + + + + + + + + + + + + + + + + To the extent that it is practical consider enforcing MFA access for sensitive API calls. For example, you can require that a user has authenticated with an MFA device in order to be allowed to terminate an Amazon EC2 instance. This ensures that such high level changes to your AWS environment are protected with an extra layer of security thus helping to prevent accidental or malicious damage. +<div> + <br> + <b>Remediation:</b> + <br>The following is an example of how to create a policy that enforces MFA to terminate EC2 instances: + <br> + <ul> + <li>Sign in to the AWS Management Console (with IAM update privileges).</li> + <li>Go to IAM Service on the AWS Console.</li> + <li>Select "Policies".</li> + <li>Select "Create Policy".</li> + <li>Select "Create your own policy".</li> + <li>Provide a policy name and description.</li> + <li>In the policy document add the following:&nbsp;</li> + </ul> +</div> +<blockquote> + <div> + <i> {</i> + </div> + <div> + <i> "Version": "2012-10-17",</i> + </div> + <div> + <i> "Statement": [{</i> + </div> + <div> + <i> "Effect": "Allow",</i> + </div> + <div> + <i> "Action": [</i> + </div> + <div> + <i> "ec2:StopInstances",</i> + </div> + <div> + <i> "ec2:TerminateInstances"</i> + </div> + <div> + <i> ],</i> + </div> + <div> + <i> "Resource": ["*"],</i> + </div> + <div> + <i> "Condition": {"Bool": {"aws:MultiFactorAuthPresent": "true"}}</i> + </div> + <div> + <i> }]</i> + </div> + <div> + <i>}</i> + </div> +</blockquote> +<div> + <ul> + <li>Click "Create policy".</li> + <li>The policy may now be added to a group by following the outlines in "Use RBAC with pre-defined policies added into groups or roles".</li> + </ul> </div> + + + + + + + + The following checks that MFA is forced on a policy: + <br /> + <ol> + <li>Sign in to the AWS Management Console (with IAM update privileges).</li> + <li>Go to IAM Service on the AWS Console.&nbsp;</li> + <li>Select &quot;Policies&quot;.</li> + <li>In the filter select &quot;Customer Managed Policies&quot;.&nbsp;</li> + <li>Select the policy to check.</li> + <li>In the policy document check for the presence of the line: &quot;Condition&quot;: + {&quot;Bool&quot;: {&quot;aws:MultiFactorAuthPresent&quot;: &quot;true&quot;}}</li> + </ol> + + + + + + + + + + + + + + + + + You use an access key (an access key ID and secret access key) to make programmatic requests to AWS. However, do not use your AWS account (root) access key. The access key for your AWS account gives full access to all your resources for all AWS services, including your billing information. You cannot restrict the permissions associated with your AWS account access key.&nbsp; +<div> + <br> +</div> +<div> + <b>Remediation:</b> + <br> + <ol> + <li>Sign in to the AWS Management Console as Root.</li> + <li>Click on Account Name at the top left and select Security Credentials.</li> + <li>On the pop up screen Click on Continue to Security Credentials.</li> + <li>Click on Access Keys.</li> + <li>Under the Status column if there are any Keys which are "Active".</li> + <li>Click on "Make Inactive" and click "Delete".</li> + </ol></div> + + + + + + + + + + + + <ol> + <li>Generate a credential report with the command: aws iam generate-credential-report</li> + <li>Run the following command: aws iam get-credential-report --query 'Content' + --output text | base64 -D | egrep &quot;root|access&quot; | awk -F, '{print + $1,$9,$14}'</li> + <li>For the &lt;root_account&gt; user ensure access_key_1_active and + access_key_2_active are false.</li> + </ol> + + + + + + + + + + + + + + + + + Since cloudtrail logs capture all API calls for the AWS account they should be stored in an S3 bucket that is not accessible to the public. Applying the correct bucket policy helps ensure the confidentiality of the data. +<div> + <br> + <b>Remediation:</b> +</div> +<div> + <ol> + <li>Sign in to the AWS Management Console (with s3 update privileges).</li> + <li>Select s3 from the services list.</li> + <li>Right-click on the bucket you have used for "cloudtrail" and click "Properties".</li> + <li>In the Properties pane, click the Permissions tab.&nbsp;</li> + <li>Select the row that grants permission to "Everyone" or "Any Authenticated User".</li> + <li>Uncheck all the permissions granted to Everyone or Any Authenticated User.</li> + <li>Click Save to save the ACL.&nbsp;</li> + <li>If the Edit bucket policy button is present, click it.</li> + <li>Remove any Statement having an Effect set to Allow and a Principal set to *.&nbsp;</li> + </ol></div> + + + + + + + + + <ol> + <li>Obtain the bucket name of the cloudtrail:&nbsp;aws cloudtrail describe-trails + --query 'trailList[*].S3BucketName'</li> + <li>Ensure &quot;AllUsers&quot; is not granted access to the bucket:&nbsp;aws + s3api get-bucket-acl --bucket &lt;bucket_name&gt; --query + 'Grants[?Grantee.URI==`http://acs.amazonaws.com/groups/global/AllUsers`]'</li> + <li>Ensure &quot;Authenticated Users&quot; is not granted access to the + bucket: aws s3api get-bucket-acl --bucket &lt;bucket_name&gt; --query + 'Grants[?Grantee.URI==`http://acs.amazonaws.com/groups/global/Authenticated Users`]'</li> + <li>Validate the bucket policy does not grant access to all:&nbsp;aws s3api + get-bucket-policy --bucket &lt;bucket_name&gt;</li> + <li>Check that the above command does not provide a principal of *, with EFFECT set to + ALLOW.&nbsp;</li> + </ol> + + + + + + + + + + + + + + + + + The root account is the one which was used to open the AWS account with Amazon. Therefore it has full unrestricted access to all resources within the account including billing information. Reducing the use of this account and instead using personalized accounts with restricted permissions ensures the principles of least privilege and can help prevent accidental disclosure of credentials or unintended changes. +<br> +<b><br></b> +<div> + <b>Remediation:</b> + <br>Follow the remediation in "Create Individual Accounts". +</div> +<div> + <br> +</div> + + + + + + + + + <blockquote> + aws iam create-credential-report + </blockquote> + <blockquote> + aws iam get-credential-report --query 'Content' --output text | base64 -D | cut -d, + -f1,5,11,16 | grep -B1 '&lt;root_account&gt;'&nbsp; + </blockquote> + <ol> + </ol>From the above determine the &quot;password_last_used&quot; time In + addition to the above set up a metric filter as described elsewhere in this library to + determine ad-hoc use of root. + + + + + + + + + + + + + + + + + <div> + <b>Description</b>: +</div> +<div> + <br> +</div>An IAM role is similar to a user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it.&nbsp; +<div> + <br> + Also, a role does not have any credentials (password or access keys) associated with it. Instead, if a user is assigned to a role, access keys are created dynamically and provided to the user.&nbsp; +</div> +<div> + <br> + You can use roles to delegate access to users, applications, or services that don't normally have access to your AWS resources. Applications must sign their API requests with AWS credentials. Therefore, if you are an application developer, you need a strategy for managing credentials for your applications that run on EC2 instances.&nbsp; +</div> +<div> + <br> + IAM Roles for EC2 allow application running within an EC2 instance assume the role applied to the instance. +</div> +<div> + <br> +</div> +<div> + <b>Remediation</b>: +</div> +<div> + <br> + *Note: references to Web tier are also applicable to App tier. +</div> +<div> + <br> +</div> +<div> + <div> + Using the Amazon unified command line interface: + </div> + <div> + <ul> + <li>Create new launch configuration for the Web tier using the Web tier IAM instance profile :</li> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div> + aws autoscaling create-launch-configuration --launch-configurationname &lt;web_tier_launch_config&gt; --image-id &lt;web_tier_ami&gt; --key-name &lt;your_key_pair&gt; --security-groups &lt;web_tier_security_group&gt; --instance-type &lt;desired_instance_type&gt; --iam-instance-profile &lt;web_tier_instance_profile&gt; + </div> + </div> + </blockquote> +</blockquote> +<div> + <br> +</div> + + + + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>Check if your Web tier autoscaling group is using a launch configuration with an IAM instance profile configured:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws autoscaling describe-launch-configurations --launch-configuration-names &lt;web_tier_launch_config&gt; --query "LaunchConfigurations[*].IamInstanceProfile" + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>Check and note the IAM role name used by the Web tier instance profile:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws iam get-instance-profile --instance-profile-name &lt;web_tier_instance_profile&gt; --query "InstanceProfile.Roles[*].RoleName" + </div> + </blockquote> +</blockquote> +<div> + <br> +</div> + + + + + + + + + + + + + + + + + <p>Ensure contact email and telephone details for AWS accounts are current and map to more than one individual in your organization.</p><p>An AWS account supports a number of contact details, and AWS will use these to contact the account owner if activity judged to be in breach of Acceptable Use Policy or indicative of likely security compromise is observed by the AWS Abuse team. Contact details should not be for a single individual, as circumstances may arise where that individual is unavailable. Email contact details should point to a mail alias which forwards email to multiple individuals within the organization; where feasible, phone contact details should point to a PABX hunt group or other call-forwarding system.</p><p>Rationale:</p><p>If an AWS account is observed to be behaving in a prohibited or suspicious manner, AWS will attempt to contact the account owner by email and phone using the contact details listed. If this is unsuccessful and the account behavior needs urgent mitigation, proactive measures may be taken, including throttling of traffic between the account exhibiting suspicious behavior and the AWS API endpoints and the Internet. This will result in impaired service to and from the account in question, so it is in both the customers' and AWS' best interests that prompt contact can be established. This is best achieved by setting AWS account contact details to point to resources which have multiple individuals as recipients, such as email aliases and PABX hunt groups.</p><p>Remediation:</p><p>This activity can only be performed via the AWS Console, with a user who has permission to read and write Billing information (aws-portal:*Billing ).</p><ol><li>Sign in to the AWS Management Console and open the Billing and Cost Management console at https://console.aws.amazon.com/billing/home#/.</li><li>On the navigation bar, choose your account name, and then choose My Account.</li><li>On the Account Settings page, next to Account Settings, choose Edit.</li><li>Next to the field that you need to update, choose Edit.</li><li>After you have entered your changes, choose Save changes.</li><li>After you have made your changes, choose Done.</li><li>To edit your contact information, under Contact Information, choose Edit.</li><li>For the fields that you want to change, type your updated information, and then choose Update.</li></ol> + + + + + + + + + <p>This activity can only be performed via the AWS Console, with a user who has permission to read and write Billing information (aws-portal:*Billing )</p><ol><li>Sign in to the AWS Management Console and open the Billing and Cost Management console at https://console.aws.amazon.com/billing/home#/.</li><li>On the navigation bar, choose your account name, and then choose My Account.</li><li>On the Account Settings page, review and verify the current details.</li><li>Under Contact Information, review and verify the current details.</li></ol> + + + + + + + + + + + + + + + + + Change access keys regularly, and make sure that all IAM users in your account do as well. That way, if an access key is compromised without your knowledge, you limit how long the credentials can be used to access your resources. Credential reports can be used to determine how long access keys have been active for. +<div> + <br /> + <b>Remediation:</b> + <br /> + <ol> + <li>Sign in to the AWS Management Console (with IAM update privileges).</li> + <li>Go to IAM Service on the AWS Console.</li> + <li>Click on Users.</li> + <li>Select the user you wish to rotate the key for.</li> + <li>Under access keys click &quot;Create Access Key&quot; (do not touch the existing key yet).</li> + <li>Click &quot;Download credentials&quot; or &quot;Show credentials&quot; so that you have a record of them.</li> + <li>Update any applications with the new credentials and test (we recommend to leave a few days or a week for testing).</li> + <li>Once complete complete 1-4 above and for the key which needs rotating click &quot;Make Inactive | Delete&quot; and click &quot;Deactive&quot;.</li> + <li>Once you are confident you will no longer need the key (wait several more days) repeat 1-4 and select &quot;Delete&quot; for the inactive key.</li> + </ol> + </div> + + + + + + + + + <ol> + <li>Generate a credential report: aws iam generate-credential-report</li> + <li>Check the access keys created time: aws iam get-credential-report --query + 'Content' --output text | base64 -D | awk -F, '{print $1,$9,$10,$14,$15}'&nbsp;</li> + <li>For each access_key_1_active and access_key_9_active that is set to True ensure + the created date is within the last 90 days.</li> + </ol> + + + + + + + + + + + + + + + + + When an AWS account is initially created it is configured with a top level account known as the &quot;root&quot; account that has full administration access to all resources. In the event that the password or MFA device associated with this account is lost AWS support may recover it by asking you to answer the security questions. +<div> + <br /> + <b>Remediation:</b> + <br /> + <ol> + <li>Login to the AWS Account as root.</li> + <li>Click account name on the top right of the management console.</li> + <li>Select &quot;My Account&quot;.</li> + <li>Scroll down to &quot;Configure Security Challenge Questions&quot;.</li> + <li>Click on Edit.</li> + <li>For each question:</li> + <ul> + <li>Select an appropriate question.</li> + <li>Enter an appropriate answer.</li> + <li>Follow the above process for all 3 questions.</li> + </ul> + <li>Click Update when complete.</li> + <li>We recommend to store the questions and answers in a secure location such as a safe where they can be used in case recovery is required.</li> + </ol></div> + + + + + + + + + <ol> + <li>Login to the AWS Account as root.</li> + <li>Click account name on the top right of the management console.</li> + <li>Select &quot;My Account&quot;.</li> + <li>Scroll down to &quot;Configure Security Challenge Questions&quot;.</li> + <li>Confirm whether questions and answers have been saved.</li> + </ol> + + + + + + + + + + + + + + + + + <b>Description</b>:&nbsp; +<div> + <br> + <div> + A Cloudwatch alarm watches a single metric over a time period you specify, and performs one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The action is a notification sent to an Amazon SNS topic.&nbsp; + </div> + <div> + <br> + </div> + <div> + The Cloudwatch Alarm will trigger a notification being sent to the administrators every time the "REJECT packets" specified threshold is reached. The alarm should be created for the "VPC Flow Logs" metric, and the action should have a SNS topic configured.&nbsp; + </div> +</div> +<div> + <br> +</div> +<div> + <div> + <b>Remediation</b>: + </div> + <div> + <br> + </div> + <div> + Using the Amazon unified command line interface: + </div> + <div> + <ul> + <li>Create a Cloudwatch alarm for the VPC Flow Logs metric, and configure an Alarm Action:</li> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div> + aws cloudwatch put-metric-alarm --alarm-name &lt;vpc_flow_log_alarm_name&gt; --alarm-actions &lt;sns_topic_arn&gt; --metric-name &lt;vpc_flow_log_metric_name&gt; --namespace LogMetrics --statistic &lt;desired_statistic&gt; --period &lt;desired_period&gt; --evaluation-periods &lt;desired_evaluation_periods&gt; --threshold &lt;desired_threshold&gt; --comparison-operator &lt;desired_operator&gt; + </div> + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>List all the Cloudwatch alarms configured for the VPC Flow Logs metric, and check if an Alarm Action is configured:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws cloudwatch describe-alarms --query "MetricAlarms[?MetricName =='&lt;vpc_flow_log_metric_name&gt;'].{MetricName:MetricName,AlarmActions:AlarmActions,AlarmName:AlarmName}" + </div> + </blockquote> +</blockquote> +<div> + <br> +</div> + + + + + + + + + + + + + + + + + Description:&nbsp; +<div> + <br> + This recommendation builds upon the Foundation benchmark recommendation: "Ensure VPC Flow Logging is Enabled in all Applicable Regions"&nbsp; +</div> +<div> + <br> + VPC flow logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data is stored using Amazon CloudWatch Logs. VPC flow logs can capture accepted traffic, rejected traffic, or all traffic.&nbsp; +</div> +<div> + <br> + Metric filters can be used to express how the service would extract metric observations from ingested events and transform them to data points in a CloudWatch metric. Metric filters are assigned to log groups, and all of the filters assigned to a log group are applied to their log streams.&nbsp; +</div> +<div> + <br> + A metric filter should be created for counting how many IP packets are rejected in the VPC flow logs.&nbsp; +</div> +<div> + <br> +</div> +<div> + <b>Remediation</b>: +</div> +<div> + <br> +</div> +<div> + <div> + Using the Amazon unified command line interface: + </div> + <div> + <ul> + <li>Create a metric filter for the Cloudwatch Log group assigned to the "VPC Flow Logs":</li> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div> + aws logs put-metric-filter --log-group-name &lt;vpc_flow_log_group_name&gt; --filter-name &lt;vpc_flow_log_filter_name&gt; --filter-pattern "{ $.errorCode =\"AccessDenied\" }" --metric-transformations metricName= &lt;vpc_flow_log_metric_name&gt;,metricNamespace=LogMetrics,metricValue=1 + </div> + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + <div> + Using the Amazon unified command line interface to check if the log metric filter: +</div> +<blockquote> + <div> + aws logs describe-metric-filters --region &lt;application_region&gt; --log-group-name &lt;vpc_flow_log_group_name&gt; + </div> +</blockquote> +<div> + <br> +</div> + + + + + + + + + + + + + + + + + <b>Description</b>: +<div> + <br> + An IAM group is a collection of IAM users. You can use groups to specify permissions for a collection of users, which can make those permissions easier to manage for those users. For example, you could have a group called Admins and give that group the types of permissions that administrators typically need. Any user in that group automatically has the permissions that are assigned to the group. If a new user joins your organization and should have administrator privileges, you can assign the appropriate permissions by adding the user to that group. Similarly, if a person changes jobs in your organization, instead of editing that user's permissions, you can remove him or her from the old groups and add him or her to the appropriate new groups. +</div> +<div> + <br> +</div> +<div> + <b>Remediation</b>: +</div> +<div> + <br> +</div> +<div> + <div> + Using the Amazon unified command line interface: + </div> + <div> + <ul> + <li>Create a new IAM group for administration purposes:</li> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div> + aws iam create-group --group-name &lt;iam_admin_group_name&gt; + </div> + </div> + </blockquote> +</blockquote> +<div> + <div> + <ul> + <li>Attach the Admin policy to the administration IAM group:</li> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div> + aws iam attach-group-policy --policy-arn &lt;admin_policy_arn&gt; --group-name &lt;iam_admin_group_name&gt; + </div> + </div> + </blockquote> +</blockquote> +<div> + <br> +</div> +<div> + <b>Impact</b>: +</div> +<div> + <br> + The name of the IAM admin group name should be known prior to auditing this recommendation. For a sample admin policy arn see recommendation 2.1. +</div> + + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>List the IAM groups created for administration purposes:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws iam list-groups --query "Groups[?GroupName == '&lt;iam_admin_group_name&gt;']" + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + <b>Description</b>:&nbsp; +<div> + <br> + A policy is a document that formally states one or more permissions.&nbsp; +</div> +<div> + <br> + Managed policies are standalone policies that you can attach to multiple users, groups, and roles in your AWS account. Managed policies apply only to identities (users, groups, and roles) - not resources. You must ensure that you have an IAM managed policy created with admin permissions for all the AWS services used by the application. +</div> +<div> + <br> +</div> +<div> + <div> + <b>Remediation</b>: + </div> + <div> + <br> + </div> + <div> + Using the Amazon unified command line interface: + </div> + <div> + <ul> + <li>Create an IAM managed admin policy for all AWS services used:</li> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div> + aws iam create-policy --policy-name &lt;admin_policy_name&gt; --policy-document file://policy + </div> + <div> + <br> + </div> + </div> + </blockquote> +</blockquote> +<b>Impact</b>:&nbsp; +<div> + <br> + The admin policy should be defined prior to auditing and remediating this recommendation. For a sample admin policy see recommendation 2.1. +</div> + + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>List the IAM admin policies and note the policy ARN and DefaultVersionId:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws iam list-policies --query "Policies[?PolicyName == '&lt;admin_policy_name&gt;']" + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>If the policy exists, check the policy document:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws iam get-policy-version --policy-arn &lt;admin_policy_arn&gt; --version-id &lt;admin_policy_version&gt; + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + WS provides a support center that can be used for incident notification and response, as well as technical support and customer services. Create an IAM Role to allow authorized users to manage incidents with AWS Support. +<br /> +<br /> +<b>Remediation:</b> +<br />Using the Amazon unified command line interface, create an IAM role for managing incidents with AWS: +<br /> +<br />Create a trust relationship policy document that allows &lt;iam_user&gt; to manage AWS incidents, and save it locally as /tmp/TrustPolicy.json: +<br /> +<br />{ +<br />&quot;Version&quot;: &quot;2012-10-17&quot;, +<br />&quot;Statement&quot;: [{ +<br />&nbsp;&nbsp;&nbsp; &quot;Effect&quot;: &quot;Allow&quot;, +<br />&nbsp;&nbsp;&nbsp; &quot;Principal&quot;: { +<br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &quot;AWS&quot;: &quot;&lt;iam_user&gt;&quot; +<br />&nbsp; }, +<br />&nbsp; &quot;Action&quot;: &quot;sts:AssumeRole&quot; +<br />&nbsp; }] +<br />} +<br /> +<br />Create the IAM role using the above trust policy: +<br /> +<br />aws iam create-role --role-name &lt;aws_support_iam_role&gt; --assume-role-policy-document file:///tmp/TrustPolicy.json +<br /> +<br />Attach 'AWSSupportAccess' managed policy to the created IAM role: +<br /> +<br />aws iam attach-role-policy --policy-arn &lt;iam_policy_arn&gt; --role-name &lt;aws_support_iam_role&gt; +<br /> + + + + + + + + + + + + + + Using the Amazon unified command line interface: + <br /> + <div> + <ul> + <li>List IAM policies, filter for the 'AWSSupportAccess' managed policy, and note the &quot;Arn&quot; element value: </li> + </ul> + </div>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; aws iam list-policies --query &quot;Policies[?PolicyName == 'AWSSupportAccess']&quot; + <br /> + <div> + <ul> + <li>Check if the 'AWSSupportAccess' is attached to any IAM user, group or role: </li> + </ul> + </div>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; aws iam list-entities-for-policy --policy-arn &lt;iam_policy_arn&gt; + <span style=" , Arial;"></span> + + + + + + + + + + + + + + + + + <p>Enforcing a strong password policy increases resiliency and reduces the chances of the password being compromised either through brute force attempts, keystroke logging tools or stolen credentials amongst others.</p><p><br><strong>Remediation:</strong>&nbsp;<br>&nbsp;</p><ol><li>Login to AWS Console (ensure you have permissions to update IAM).</li><li>Go to IAM Service on the AWS Console.</li><li>Click on Account Settings.</li><li>Set "Minimum password length" to 14 or greater.</li><li>Check "Require at least one uppercase letter".</li><li>Check "Require at least one lowercase letter".</li><li>Check "Require at least one number".</li><li>Check "Require at least one non-alphanumeric character"</li><li>Check "Enable password expiration" and set the period to at least 90 days.</li><li>Check "Prevent password reuse" and set the number to at least 10.</li></ol><p></p> + + + + + + + + + + + + + + + Validate that mechanisms exist to ensure that created passwords are strong enough. + + + + + + + + + + + + + + + + + When cloudtrail is configured and sending alerts to cloudwatch logs these logs can be queried + to identify suspicious API activity. One such activity that should be monitored is AWS Config + changes. AWS config tracks configuration changes within the environment and is a useful change + management tool. Therefore alerting on config changes ensures the continued visibility of AWS + configuration items. + <div> + &nbsp; + <br /> + <b>Remediation:</b> + <br /> + <ul> + <li>Create a metric filter that checks for AWS Config changes:&nbsp;</li> + </ul> + </div> + <blockquote> + <blockquote> + <div> + aws logs put-metric-filter&nbsp; + </div> + </blockquote> + </blockquote> + <blockquote> + <blockquote> + <blockquote> + <div> + --log-group-name &lt;group&gt;&nbsp; + </div> + <div> + --filter-name &lt;name&gt;&nbsp; + </div> + <div> + --metric- transformations &lt;value&gt;&nbsp; + </div> + <div> + --filter-pattern '{($.eventSource = config.amazonaws.com) &amp;&amp; + (($.eventName=StopConfigurationRecorder)||($.eventName=DeleteDeliveryChannel)||($.even + tName=PutDeliveryChannel)||($.eventName=PutConfigurationRecorder))}'&nbsp; + </div> + </blockquote> + </blockquote> + </blockquote> + <div> + <ul> + <li>Create an SNS topic for notifications: aws sns create-topic --name &lt;topic_name&gt;</li> + <li>Create an SNS subscription to the topic created above: aws sns subscribe --topic-arn + &lt;topic_arn&gt; --protocol email --notification-endpoint &lt;email@example.com&gt;</li> + <li>Create an alarm based on the above steps:</li> + </ul> + </div> + <blockquote> + <blockquote> + <div> + aws cloudwatch put-metric-alarm&nbsp; + </div> + </blockquote> + </blockquote> + <blockquote> + <blockquote> + <blockquote> + <div> + --alarm-name &lt;value&gt;&nbsp; + </div> + <div> + --metric-name &lt;metric_filter_name&gt;&nbsp; + </div> + <div> + --statistic Sum&nbsp; + </div> + <div> + --period 300&nbsp; + </div> + <div> + --threshold 1&nbsp; + </div> + <div> + --comparison-operator GreaterThanOrEqualToThreshold&nbsp; + </div> + <div> + --evaluation-periods 1&nbsp; + </div> + <div> + --namespace &lt;CloudTrailMetrics&gt;&nbsp; + </div> + <div> + --alarm-actions &lt;topic_arn&gt; + </div> + </blockquote> + </blockquote> + </blockquote> + <blockquote> + <blockquote> + <div> + <br /> + </div> + </blockquote> + </blockquote> + <div> + + </div> + + + + + + + + + + + + + + <ul> + <li>Identify the log group name: aws cloudtrail describe-trails</li> + <li>Note the &lt;group&gt; value associated with CloudWatchLogsLogGroupArn.</li> + <li>Get a list of all associated metric filters for this &lt;group&gt;: aws + logs describe-metric-filters --log-group-name &quot;&lt;group&gt;&quot;&nbsp;</li> + <li>Ensure the output contains the following:</li> + </ul> + <blockquote> + <blockquote> + &quot;filterPattern&quot;: &quot;{($.eventSource = config.amazonaws.com) &amp;&amp; + (($.eventName=StopConfigurationRecorder)||($.eventName=DeleteDeliveryChannel)||($.even + tName=PutDeliveryChannel)||($.eventName=PutConfigurationRecorder))}&quot;&nbsp; + </blockquote> + </blockquote> + <ul> + <li>Note the metricName value associated with the filterPattern found in step 4.&nbsp;</li> + <li>Get a list of CloudWatch alarms and filter on the metricName captured in step 4: + aws cloudwatch describe-alarms --query 'MetricAlarms[?MetricName==`&lt;metricName&gt;`]'</li> + <li>Note the AlarmActions value - this will provide the SNS topic ARN value.&nbsp;</li> + <li>Ensure there is at least one subscriber to the SNS topic: aws sns + list-subscriptions-by-topic --topic-arn &lt;topic_arm&gt;</li> + </ul> + + + + + + + + + + + + + + + + + <p>Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms. It is recommended that a metric filter and alarm be established for AWS Organizations changes made in the master AWS Account.</p><p>Rationale:</p><p>Monitoring AWS Organizations changes can help you prevent any unwanted, accidental or intentional modifications that may lead to unauthorized access or other security breaches. This monitoring technique helps you to ensure that any unexpected changes performed within your AWS Organizations can be investigated and any unwanted changes can be rolled back.</p><p>Remediation:</p><p>Perform the following to setup the metric filter, alarm, SNS topic, and subscription:</p><p>1. Create a metric filter based on filter pattern provided which checks for AWS Organizations changes and the &lt;cloudtrail_log_group_name&gt; taken from audit step 1:&nbsp;</p><blockquote><p>aws logs put-metric-filter --log-group-name &lt;cloudtrail_log_group_name&gt; --filter-name `&lt;organizations_changes&gt;` --metric-transformations metricName= `&lt;organizations_changes&gt;` ,metricNamespace='CISBenchmark',metricValue=1 --filter-pattern '{ ($.eventSource = organizations.amazonaws.com) &amp;&amp; (($.eventName = "AcceptHandshake") || ($.eventName = "AttachPolicy") || ($.eventName = "CreateAccount") || ($.eventName = "CreateOrganizationalUnit") || ($.eventName = "CreatePolicy") || ($.eventName = "DeclineHandshake") || ($.eventName = "DeleteOrganization") || ($.eventName = "DeleteOrganizationalUnit") || ($.eventName = "DeletePolicy") || ($.eventName = "DetachPolicy") || ($.eventName = "DisablePolicyType") || ($.eventName = "EnablePolicyType") || ($.eventName = "InviteAccountToOrganization") || ($.eventName = "LeaveOrganization") || ($.eventName = "MoveAccount") || ($.eventName = "RemoveAccountFromOrganization") || ($.eventName = "UpdatePolicy") || ($.eventName = "UpdateOrganizationalUnit")) }'</p></blockquote><p>Note: You can choose your own metricName and metricNamespace strings. Using the same metricNamespace for all Foundations Benchmark metrics will group them together.</p><p>2. Create an SNS topic that the alarm will notify:&nbsp;</p><blockquote><p>aws sns create-topic --name &lt;sns_topic_name&gt;</p></blockquote><p>Note: you can execute this command once and then re-use the same topic for all monitoring alarms.</p><p>3. Create an SNS subscription to the topic created in step 2:&nbsp;</p><blockquote><p>aws sns subscribe --topic-arn &lt;sns_topic_arn&gt; --protocol &lt;protocol_for_sns&gt; --notification-endpoint &lt;sns_subscription_endpoints&gt;</p></blockquote><p>Note: you can execute this command once and then re-use the SNS subscription for all monitoring alarms.</p><p>4. Create an alarm that is associated with the CloudWatch Logs Metric Filter created in step 1 and an SNS topic created in step 2:&nbsp;</p><blockquote><p>aws cloudwatch put-metric-alarm --alarm-name `&lt;organizations_changes&gt;` --metric-name `&lt;organizations_changes&gt;` --statistic Sum --period 300 --threshold 1 --comparison-operator GreaterThanOrEqualToThreshold --evaluation-periods 1 --namespace 'CISBenchmark' --alarm-actions &lt;sns_topic_arn&gt;</p></blockquote> + + + + + + + + + <p>Perform the following to ensure that there is at least one active multi-region CloudTrail with prescribed metric filters and alarms configured:</p><p>1. Identify the log group name configured for use with active multi-region CloudTrail:</p><p>List all CloudTrails:&nbsp;</p><blockquote><p>aws cloudtrail describe-trails</p></blockquote><p>Identify Multi region Cloudtrails: Trails with "IsMultiRegionTrail" set to true</p><p>From value associated with CloudWatchLogsLogGroupArn note &lt;cloudtrail_log_group_name&gt;</p><p>Example: for CloudWatchLogsLogGroupArn that looks like arn:aws:logs:&lt;region&gt;:&lt;aws_account_number&gt;:log-group:NewGroup:*, &lt;cloudtrail_log_group_name&gt; would be NewGroup</p><p>Ensure Identified Multi region CloudTrail is active</p><blockquote><p>aws cloudtrail get-trail-status --name &lt;Name of a Multi-region CloudTrail&gt; ensure IsLogging is set to TRUE</p></blockquote><p>Ensure identified Multi-region Cloudtrail captures all Management Events</p><blockquote><p>aws cloudtrail get-event-selectors --trail-name &lt;trailname shown in describe-trails&gt; Ensure there is at least one Event Selector for a Trail with IncludeManagementEvents set to true and ReadWriteType set to All</p></blockquote><p>2. Get a list of all associated metric filters for this &lt;cloudtrail_log_group_name&gt;:&nbsp;</p><blockquote><p>aws logs describe-metric-filters --log-group-name "&lt;cloudtrail_log_group_name&gt;"</p></blockquote><p>3. Ensure the output from the above command contains the following:&nbsp;</p><blockquote><p>"Filter = {(($.errorCode="*UnauthorizedOperation") || ($.errorCode="AccessDenied*")) &amp;&amp; (($.sourceIPAddress!="delivery.logs.amazonaws.com") &amp;&amp; ($.eventName!="HeadBucket"))}"</p></blockquote><p>4. Note the &lt;unauthorized_api_calls_metric&gt; value associated with the filterPattern found in step 3.</p><p>5. Get a list of CloudWatch alarms and filter on the &lt;unauthorized_api_calls_metric&gt; captured in step 4.&nbsp;</p><blockquote><p>aws cloudwatch describe-alarms --query 'MetricAlarms[?MetricName== `&lt;unauthorized_api_calls_metric&gt;`]'</p></blockquote><p>6. Note the AlarmActions value - this will provide the SNS topic ARN value.</p><p>7. Ensure there is at least one active subscriber to the SNS topic&nbsp;</p><blockquote><p>aws sns list-subscriptions-by-topic --topic-arn &lt;sns_topic_arn&gt;</p></blockquote><p>at least one subscription should have "SubscriptionArn" with valid aws ARN.&nbsp;</p><blockquote><p>Example of valid "SubscriptionArn": "arn:aws:sns:&lt;region&gt;:&lt;aws_account_number&gt;:&lt;SnsTopicName&gt;:&lt;SubscriptionID&gt;"</p></blockquote> + + + + + + + + + + + + + + + + + By setting billing alarms you can monitor your AWS spend and be alerted if it exceeds certain thresholds thus protecting you from accruing unnecessary charges. +<div> + <br> + <b>Remediation:</b> + <br> + <ol> + <li>Sign in to the AWS Management Console and open the Billing and Cost Management console at https://console.aws.amazon.com/billing/home#/.&nbsp;</li> + <li>On the navigation pane, choose Preferences.&nbsp;</li> + <li>Select the Receive Billing Alerts check box.&nbsp;</li> + <li>Choose Save preferences.&nbsp;</li> + <li>Open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/.&nbsp;</li> + <li>If necessary, change the region on the navigation bar to US East (N. Virginia). The billing metric data is stored in this region, even for resources in other regions.&nbsp;</li> + <li>On the navigation pane, under "Metrics", choose "Billing".&nbsp;</li> + <li>In the list of billing metrics, select the check box next to Currency USD, for the metric named EstimatedCharges. Define the alarm as follows:</li> + <ul> + <li>If you want the alarm to trigger as soon as you go over the free tier, set "When my total AWS charges for the month exceed" to $.01. This means that you'll receive a notification as soon as you incur a charge. Otherwise, set it to the amount you want to trigger the alarm, and you will be notified when you go over that amount.&nbsp;</li> + <li>Choose the "New list" link next to the "send a notification to" box.&nbsp;</li> + <li>When prompted, enter your email address or choose your Amazon SNS notification from the drop down.&nbsp;</li> + <li>Choose "Create Alarm".&nbsp;</li> + </ul> + <li>In the "Confirm new email addresses" dialog box, confirm the email address or choose "I will do it later". If you don't confirm the email address now, the alarm remains in the Pending confirmation status until you do so, and does not send an alert. To view the status of your alarm, choose "Alarms" in the navigation panel.</li> + </ol> <br> + <br> +</div> + + + + + + + + + <ol> + <li>Sign in to the AWS Management Console and open the Billing and Cost Management + console at https://console.aws.amazon.com/billing/home#/.&nbsp;</li> + <li>On the navigation pane, choose Preferences.&nbsp;</li> + <li>Ensure the &quot;Receive Billing Alerts&quot; check box is checked.&nbsp;</li> + <li>Open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/.&nbsp;</li> + <li>If necessary, change the region on the navigation bar to US East (N. Virginia). + The billing metric data is stored in this region, even for resources in other regions.&nbsp;</li> + <li>On the navigation pane, under &quot;Alarms&quot;, check for one called + &quot;Billing&quot;.&nbsp;</li> + <li>Click on the alert if it exists and select the checkbox in the first column.</li> + <li>In the preview pane check that the &quot;EstimatedCharges&quot; threshold + is set to the correct value and that the &quot;Actions&quot; is send an alarm to a + valid email address.</li> + </ol> + + + + + + + + + + + + + + + + + When cloudtrail is configured and sending alerts to cloudwatch logs these logs can be queried + to identify suspicious API activity. One such activity that should be monitored is changes to + cloudtrail. Since cloudtrail is the actual utility logging API calls it's security is paramount + to ensuring that this continues. Therefore alerting on changes to cloudtrail activity can + prevent a malicious user switching off the logging in order to carry out untracked activities. + <div> + <br /> + <b>Remediation:&nbsp;&nbsp;</b> + <br /> + <ol> + <li>Identify the log group name: aws cloudtrail describe-trails</li> + <li>Note the &lt;group&gt; value associated with CloudWatchLogsLogGroupArn&nbsp;</li> + <li>Get a list of all associated metric filters for this &lt;group&gt;:&nbsp;aws + logs describe-metric-filters --log-group-name &quot;&lt;group&gt;&quot;&nbsp;</li> + <li>Ensure the output contains the following: &quot;filterPattern&quot;: &quot;{ + ($.eventName = CreateTrail) || ($.eventName = UpdateTrail) || ($.eventName = DeleteTrail) || + ($.eventName = StartLogging) || ($.eventName = StopLogging) }&quot;&nbsp;</li> + <li>Note the metricName value associated with the filterPattern found in step 4.&nbsp;</li> + <li>Get a list of CloudWatch alarms and filter on the metricName captured in step 4: aws + cloudwatch describe-alarms --query 'MetricAlarms[?MetricName==`&lt;metricName&gt;`]'</li> + <li>Note the AlarmActions value - this will provide the SNS topic ARN value.&nbsp;</li> + <li>Ensure there is at least one subscriber to the SNS topic: aws sns + list-subscriptions-by-topic --topic-arn &lt;topic_arm&gt;&nbsp;</li> + </ol> + </div> + <div> + + <br /> + <br /> + </div> + + + + + + + + + <ol> + <li>Identify the log group name: aws cloudtrail describe-trails</li> + <li>Note the &lt;group&gt; value associated with CloudWatchLogsLogGroupArn.</li> + <li>Get a list of all associated metric filters for this &lt;group&gt;: aws + logs describe-metric-filters --log-group-name &quot;&lt;group&gt;&quot;</li> + <li>Ensure the output contains the following:&nbsp;&quot;filterPattern&quot;: + &quot;{ ($.eventName = CreateTrail) || ($.eventName = UpdateTrail) || ($.eventName = + DeleteTrail) || ($.eventName = StartLogging) || ($.eventName = StopLogging) }&quot;&nbsp;</li> + <li>Note the metricName value associated with the filterPattern found in step 4.</li> + <li>Get a list of CloudWatch alarms and filter on the metricName captured in step 4: + aws cloudwatch describe-alarms --query 'MetricAlarms[?MetricName==`&lt;metricName&gt;`]'</li> + <li>Note the AlarmActions value - this will provide the SNS topic ARN value.&nbsp;</li> + <li>Ensure there is at least one subscriber to the SNS topic: aws sns + list-subscriptions-by-topic --topic-arn &lt;topic_arm&gt;</li> + </ol> + + + + + + + + + + + + + + + + + <b>Description</b>:&nbsp; +<div> + <br> + AWS CloudWatch Log groups define groups of log streams that share the same retention, monitoring, and access control settings. Each log stream has to belong to one log group.&nbsp; +</div> +<div> + <br> + Note:&nbsp; +</div> +<div> + <ul> + <li>You can also use any third party log management tools (like Splunk, Loggly, AlertLogic Log Manager, etc.) as long as the recommendation goal is achieved.</li> + <li>The below Audit and Remediation steps need to be modified for your specific log management tool, as they are provided in the benchmark only for Amazon Cloudwatch</li> + </ul> + <div> + <b>Remediation</b>: + </div> +</div> +<div> + <br> +</div> +<div> + <div> + *Note: references to Web tier are also applicable to App tier. + </div> +</div> +<div> + <br> +</div> +<div> + <div> + Using the Amazon unified command line interface: + </div> + <div> + <ul> + <li>Create a Cloudwatch log group for the Web tier:</li> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div> + aws logs create-log-group --log-group-name &lt;web_tier_log_group&gt; + </div> + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>Search for your Web tier Cloudwatch log group:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws logs describe-log-groups --query "logGroups[?logGroupName =='&lt;web_tier_log_group&gt;']" + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + When cloudtrail is configured and sending alerts to cloudwatch logs these logs can be queried to identify suspicious API activity. One such activity that should be monitored is management IAM policy changes. IAM manages authorization and authentication controls with AWS and therefore it is vital that unauthorized changes are detected. Enabling monitoring of these changes ensures that these policies remain intact and as desired. +<div> + <br /> + <b>Remediation:</b> +</div> +<div> + <ol> + <li>Create a metric filter that checks for IAM policy changes: aws logs put-metric-filter --log-group-name &lt;group&gt; --filter-name &lt;name&gt; --metric- transformations &lt;value&gt; --filter-pattern '{($.eventName=DeleteGroupPolicy)||($.eventName=DeleteRolePolicy)||($.eventName=Delete UserPolicy)||($.eventName=PutGroupPolicy)||($.eventName=PutRolePolicy)||($.eventName=P utUserPolicy)||($.eventName=CreatePolicy)||($.eventName=DeletePolicy)||($.eventName=Cr eatePolicyVersion)||($.eventName=DeletePolicyVersion)||($.eventName=AttachRolePolicy)| |($.eventName=DetachRolePolicy)||($.eventName=AttachUserPolicy)||($.eventName=DetachUs erPolicy)||($.eventName=AttachGroupPolicy)||($.eventName=DetachGroupPolicy)}'&nbsp;</li> + <li>Create an SNS topic for notifications: aws sns create-topic --name &lt;topic_name&gt;</li> + <li>Create an SNS subscription to the topic created above:aws sns subscribe --topic-arn &lt;topic_arn&gt; --protocol email --notification-endpoint &lt;email@example.com&gt;</li> + <li>Create an alarm based on the above steps: aws cloudwatch put-metric-alarm --alarm-name &lt;value&gt; --metric-name &lt;metric_filter_name&gt; --statistic Sum --period 300 --threshold 1 --comparison-operator GreaterThanOrEqualToThreshold --evaluation-periods 1 --namespace &lt;CloudTrailMetrics&gt; --alarm-actions &lt;topic_arn&gt;</li> + </ol> <br /> + <br /> +</div> + + + + + + + + + <ol> + <li>Identify the log group name: aws cloudtrail describe-trails</li> + <li>Note the &lt;group&gt; value associated with CloudWatchLogsLogGroupArn.</li> + <li>Get a list of all associated metric filters for this &lt;group&gt;: aws + logs describe-metric-filters --log-group-name &quot;&lt;group&gt;&quot;&nbsp;</li> + <li>Ensure the output contains the following: &quot;filterPattern&quot;: &quot;{($.eventSource + = kms.amazonaws.com) &amp;&amp; + (($.eventName=DisableKey)||($.eventName=ScheduleKeyDeletion))} }&quot;&nbsp;</li> + <li>Note the metricName value associated with the filterPattern found in step 4.&nbsp;</li> + <li>Get a list of CloudWatch alarms and filter on the metricName captured in step 4: + aws cloudwatch describe-alarms --query 'MetricAlarms[?MetricName==`&lt;metricName&gt;`]'</li> + <li>Note the AlarmActions value - this will provide the SNS topic ARN value.&nbsp;</li> + <li>Ensure there is at least one subscriber to the SNS topic: aws sns + list-subscriptions-by-topic --topic-arn &lt;topic_arm&gt;</li> + </ol> + + + + + + + + + + + + + + + + + By creating individual IAM users for people accessing your account, you can give each IAM user a unique set of security credentials. You can also grant different permissions to each IAM user. If necessary, you can change or revoke an IAM user's permissions any time. (If you give out your AWS root credentials, it can be difficult to revoke them, and it is impossible to restrict their permissions.). +<div> + <br> + <b>Remediation:</b> + <br> + <ol> + <li>Login to the AWS Management Console as an administrator.</li> + <li>Select IAM.</li> + <li>Select Users.</li> + <li>Click "Create New Users".</li> + <li>Complete the required information.</li> + <li>Uncheck "Create access key for users".</li> + <li>Click "Create".</li> + <li>Select the user.</li> + <li>Click "Manage Password".</li> + <li>Select the required options and click "apply".</li> + <li>Select "Show User Security Credentials".</li> + <li>Securely supply the password to your user.</li> + </ol></div> + + + + + + Check that each user has got the corresponding account with the corresponding + credentials. + + + + + + + + + + + + + + + + + When cloudtrail is configured and sending alerts to cloudwatch logs these logs can be queried + to identify suspicious API activity. One such activity that should be monitored is login on the + console without MFA. Since logging on at the console should be restricted to only those users + with an active MFA this alert will highlight those with password only access. This helps to + capture weaker login procedures (password only) as they occur. + <div> + <br /> + <b>Remediation:</b> + <br /> + <ol> + <li>Create a metric filter that checks for console login without MFA: aws logs + put-metric-filter --log-group-name &lt;cloudwatch-logs-group&gt; --filter-name &lt;name&gt; + --metric- transformations &lt;value&gt; --filter-pattern '{ + $.userIdentity.sessionContext.attributes.mfaAuthenticated != &quot;true&quot; }'</li> + <li>Create an SNS topic for notifications: aws sns create-topic --name &lt;topic_name&gt;</li> + <li>Create an SNS subscription to the topic created above: aws sns subscribe --topic-arn + &lt;topic_arn&gt; --protocol email --notification-endpoint &lt;email@example.com&gt;</li> + <li>Create an alarm based on the above steps: aws cloudwatch put-metric-alarm --alarm-name + &lt;value&gt; --metric-name &lt;metric_filter_name&gt; --statistic Sum --period + 300 --threshold 1 --comparison-operator GreaterThanOrEqualToThreshold --evaluation-periods 1 + --namespace &lt;CloudTrailMetrics&gt; --alarm-actions &lt;topic_arn&gt;</li> + </ol> + </div> + + + + + + + + + <ol> + <li>Identify the log group name: aws cloudtrail describe-trails</li> + <li>Note the &lt;group&gt; value associated with CloudWatchLogsLogGroupArn&nbsp;</li> + <li>Get a list of all associated metric filters for this &lt;group&gt;:&nbsp; + aws logs describe-metric-filters --log-group-name &quot;&lt;group&gt;&quot;&nbsp;</li> + <li>Ensure the output contains the following:&nbsp;&quot;filterPattern&quot;: + &quot;{ $.userIdentity.sessionContext.attributes.mfaAuthenticated != &quot;true&quot; + }&quot;&nbsp;</li> + <li>Note the metricName value associated with the filterPattern found in step 4.&nbsp;</li> + <li>Get a list of CloudWatch alarms and filter on the metricName captured in step 4:&nbsp;aws + cloudwatch describe-alarms --query 'MetricAlarms[?MetricName==`&lt;metricName&gt;`]'</li> + <li>Note the AlarmActions value - this will provide the SNS topic ARN value.&nbsp;</li> + <li>Ensure there is at least one subscriber to the SNS topic: aws sns + list-subscriptions-by-topic --topic-arn &lt;topic_arm&gt;</li> + </ol> + + + + + + + + + + + + + + + + + When cloudtrail is configured and sending alerts to cloudwatch logs these logs can be queried + to identify suspicious API activity. One such activity that should be monitored is management + console login failures. The management console is the AWS account GUI where administration + activity is performed and is therefore a primary target for brute force attempts. To identify + these attempts alerts for login failures should be enabled as this can highlight suspicious + activity. + <div> + <br /> + </div> + <div> + <b>Remediation:<br /></b> + <ol> + <li>Create a metric filter that checks for console login failures: aws logs + put-metric-filter --log-group-name &lt;group&gt; --filter-name &lt;name&gt; + --metric- transformations &lt;value&gt; --filter-pattern '{ ($.eventName = ConsoleLogin) + &amp;&amp; ($.errorMessage = &quot;Failed authentication&quot;) }'&nbsp;</li> + <li>Create an SNS topic for notifications: aws sns create-topic --name &lt;topic_name&gt;</li> + <li>Create an SNS subscription to the topic created above: aws sns subscribe --topic-arn + &lt;topic_arn&gt; --protocol email --notification-endpoint &lt;email@example.com&gt;</li> + <li>Create an alarm based on the above steps: aws cloudwatch put-metric-alarm --alarm-name + &lt;value&gt; --metric-name &lt;metric_filter_name&gt; --statistic Sum --period + 300 --threshold 1 --comparison-operator GreaterThanOrEqualToThreshold --evaluation-periods 1 + --namespace &lt;CloudTrailMetrics&gt; --alarm-actions &lt;topic_arn&gt;</li> + </ol> + </div> + + + + + + + + <ol> + <li>Identify the log group name: aws cloudtrail describe-trails</li> + <li>Note the &lt;group&gt; value associated with CloudWatchLogsLogGroupArn.</li> + <li>Get a list of all associated metric filters for this &lt;group&gt;: aws + logs describe-metric-filters --log-group-name &quot;&lt;group&gt;&quot;&nbsp;</li> + <li>Ensure the output contains the following:&nbsp;&quot;filterPattern&quot;: + &quot;{ ($.eventName = ConsoleLogin) &amp;&amp; ($.errorMessage = \&quot;Failed + authentication\&quot;) }&quot;&nbsp;</li> + <li>Note the metricName value associated with the filterPattern found in step 4.&nbsp;</li> + <li>Get a list of CloudWatch alarms and filter on the metricName captured in step 4: + aws cloudwatch describe-alarms --query 'MetricAlarms[?MetricName==`&lt;metricName&gt;`]'</li> + <li>Note the AlarmActions value - this will provide the SNS topic ARN value.&nbsp;</li> + <li>Ensure there is at least one subscriber to the SNS topic: aws sns + list-subscriptions-by-topic --topic-arn &lt;topic_arm&gt;</li> + </ol> + + + + + + + + + + + + + + + + + <p>Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms. Network gateways are required to send/receive traffic to a destination outside of a VPC. It is recommended that a metric filter and alarm be established for changes to network gateways.</p><p>Rationale:</p><p>Monitoring changes to network gateways will help ensure that all ingress/egress traffic traverses the VPC border via a controlled path.</p><p>Perform the following to setup the metric filter, alarm, SNS topic, and subscription:</p><p>1. Create a metric filter based on filter pattern provided which checks for network gateways changes and the &lt;cloudtrail_log_group_name&gt; taken from audit step 1.&nbsp;</p><blockquote><p>aws logs put-metric-filter --log-group-name &lt;cloudtrail_log_group_name&gt; --filter-name `&lt;network_gw_changes_metric&gt;` --metric-transformations metricName= `&lt;network_gw_changes_metric&gt;` ,metricNamespace='CISBenchmark',metricValue=1 --filter-pattern '{ ($.eventName = CreateCustomerGateway) || ($.eventName = DeleteCustomerGateway) || ($.eventName = AttachInternetGateway) ||($.eventName = CreateInternetGateway) || ($.eventName = DeleteInternetGateway) || ($.eventName = DetachInternetGateway) }'</p></blockquote><p>Note: You can choose your own metricName and metricNamespace strings. Using the same metricNamespace for all Foundations Benchmark metrics will group them together.</p><p>2. Create an SNS topic that the alarm will notify&nbsp;</p><blockquote><p>aws sns create-topic --name &lt;sns_topic_name&gt;</p></blockquote><p>Note: you can execute this command once and then re-use the same topic for all monitoring alarms.</p><p>3. Create an SNS subscription to the topic created in step 2&nbsp;</p><blockquote><p>aws sns subscribe --topic-arn &lt;sns_topic_arn&gt; --protocol &lt;protocol_for_sns&gt; --notification-endpoint &lt;sns_subscription_endpoints&gt;</p></blockquote><p>Note: you can execute this command once and then re-use the SNS subscription for all monitoring alarms.</p><p>4. Create an alarm that is associated with the CloudWatch Logs Metric Filter created in step 1 and an SNS topic created in step 2&nbsp;</p><blockquote><p>aws cloudwatch put-metric-alarm --alarm-name `&lt;network_gw_changes_alarm&gt;` --metric-name `&lt;network_gw_changes_metric&gt;` --statistic Sum --period 300 --threshold 1 --comparison-operator GreaterThanOrEqualToThreshold --evaluation-periods 1 --namespace 'CISBenchmark' --alarm-actions &lt;sns_topic_arn&gt;</p></blockquote> + + + + + + + + + <p>Perform the following to ensure that there is at least one active multi-region CloudTrail with prescribed metric filters and alarms configured:</p><p>1. Identify the log group name configured for use with active multi-region CloudTrail:</p><p>List all CloudTrails:&nbsp;</p><blockquote><p>aws cloudtrail describe-trails</p></blockquote><p>Identify Multi region Cloudtrails: Trails with "IsMultiRegionTrail" set to true</p><p>From value associated with CloudWatchLogsLogGroupArn note &lt;cloudtrail_log_group_name&gt;</p><p>Example: for CloudWatchLogsLogGroupArn that looks like arn:aws:logs:&lt;region&gt;:&lt;aws_account_number&gt;:log-group:NewGroup:*, &lt;cloudtrail_log_group_name&gt; would be NewGroup</p><p>Ensure Identified Multi region CloudTrail is active</p><blockquote><p>aws cloudtrail get-trail-status --name &lt;Name of a Multi-region CloudTrail&gt; ensure IsLogging is set to TRUE</p></blockquote><p>Ensure identified Multi-region Cloudtrail captures all Management Events</p><blockquote><p>aws cloudtrail get-event-selectors --trail-name &lt;trailname shown in describe-trails&gt; Ensure there is at least one Event Selector for a Trail with IncludeManagementEvents set to true and ReadWriteType set to All</p></blockquote><p>2. Get a list of all associated metric filters for this &lt;cloudtrail_log_group_name&gt;:&nbsp;</p><blockquote><p>aws logs describe-metric-filters --log-group-name "&lt;cloudtrail_log_group_name&gt;"</p></blockquote><p>3. Ensure the output from the above command contains the following:&nbsp;</p><blockquote><p>"Filter = {(($.errorCode="*UnauthorizedOperation") || ($.errorCode="AccessDenied*")) &amp;&amp; (($.sourceIPAddress!="delivery.logs.amazonaws.com") &amp;&amp; ($.eventName!="HeadBucket"))}"</p></blockquote><p>4. Note the &lt;unauthorized_api_calls_metric&gt; value associated with the filterPattern found in step 3.</p><p>5. Get a list of CloudWatch alarms and filter on the &lt;unauthorized_api_calls_metric&gt; captured in step 4.&nbsp;</p><blockquote><p>aws cloudwatch describe-alarms --query 'MetricAlarms[?MetricName== `&lt;unauthorized_api_calls_metric&gt;`]'</p></blockquote><p>6. Note the AlarmActions value - this will provide the SNS topic ARN value.</p><p>7. Ensure there is at least one active subscriber to the SNS topic&nbsp;</p><blockquote><p>aws sns list-subscriptions-by-topic --topic-arn &lt;sns_topic_arn&gt;</p></blockquote><p>at least one subscription should have "SubscriptionArn" with valid aws ARN.&nbsp;</p><blockquote><p>Example of valid "SubscriptionArn": "arn:aws:sns:&lt;region&gt;:&lt;aws_account_number&gt;:&lt;SnsTopicName&gt;:&lt;SubscriptionID&gt;"</p></blockquote> + + + + + + + + + + + + + + + + + When cloudtrail is configured and sending alerts to cloudwatch logs these logs can be queried + to identify suspicious API activity. One such activity that should be monitored is usage of the + root account. This account should not be used on a day to day basis due to its full unrestricted + privilege therefore usage should be by exception. Monitoring this usage should capture any + suspicious activity used on the account. + <div> + <br /> + </div> + <div> + <b>Remediation:</b> + <br /> + <ol> + <li>Identify the log group name: aws cloudtrail describe-trails</li> + <li>Note the &lt;group&gt; value associated with CloudWatchLogsLogGroupArn.</li> + <li>Get a list of all associated metric filters for this &lt;group&gt;: aws logs + describe-metric-filters --log-group-name &quot;&lt;group&gt;&quot;</li> + <li>Ensure the output contains the following: &quot;filterPattern&quot;: &quot;{ + $.userIdentity.type = \&quot;Root\&quot; &amp;&amp; $.userIdentity.invokedBy NOT + EXISTS &amp;&amp; $.eventType != \&quot;AwsServiceEvent\&quot; } &quot;</li> + <li>Note the metricName value associated with the filterPattern found in step 4.&nbsp;</li> + <li>Get a list of CloudWatch alarms and filter on the metricName captured in step 4: aws + cloudwatch describe-alarms --query 'MetricAlarms[?MetricName==`&lt;metricName&gt;`]'</li> + <li>Note the AlarmActions value - this will provide the SNS topic ARN value.&nbsp;</li> + <li>Ensure there is at least one subscriber to the SNS topic: aws sns + list-subscriptions-by-topic --topic-arn &lt;topic_arm&gt;&nbsp;</li> + </ol> + </div> + <div> + + </div> + + + + + + + + + + <ol> + <li>Identify the log group name: aws cloudtrail describe-trails</li> + <li>Note the &lt;group&gt; value associated with CloudWatchLogsLogGroupArn.</li> + <li>Get a list of all associated metric filters for this &lt;group&gt;: aws + logs describe-metric-filters --log-group-name &quot;&lt;group&gt;&quot;</li> + <li>Ensure the output contains the following: &quot;filterPattern&quot;: &quot;{ + $.userIdentity.type = \&quot;Root\&quot; &amp;&amp; $.userIdentity.invokedBy + NOT EXISTS &amp;&amp; $.eventType != \&quot;AwsServiceEvent\&quot; } &quot;&nbsp;</li> + <li>Note the metricName value associated with the filterPattern found in step 4.&nbsp;</li> + <li>Get a list of CloudWatch alarms and filter on the metricName captured in step 4:&nbsp;aws + cloudwatch describe-alarms --query 'MetricAlarms[?MetricName==`&lt;metricName&gt;`]'</li> + <li>Note the AlarmActions value - this will provide the SNS topic ARN value.&nbsp;</li> + <li>Ensure there is at least one subscriber to the SNS topic: aws sns + list-subscriptions-by-topic --topic-arn &lt;topic_arm&gt;</li> + </ol> + + + + + + + + + + + + + + + + + When cloudtrail is configured and sending alerts to cloudwatch logs these logs can be queried to identify suspicious API activity. One such activity that should be monitored is S3 bucket policy changes. S3 bucket policies are a resource based policy that provide authorizations on S3 buckets. +<div> + <br /> + Making sure that their integrity remains intact is vital in ensuring the data within the S3 bucket remains secure and authorizations intact. Therefore s3 bucket policy changes should be alerted upon + <br /> + <br /> +</div> +<div> + <b>Remediation:</b> + <br /> + <ul> + <li>Create a metric filter that checks for S3 Bucket policy changes:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws logs put-metric-filter --log-group-name &lt;group&gt; --filter-name &lt;value&gt; --metric- transformations &lt;value&gt; --filter-pattern '{ ($.eventSource = s3.amazonaws.com) &amp;&amp; (($.eventName = PutBucketAcl) || ($.eventName = PutBucketPolicy) || ($.eventName = PutBucketCors) || ($.eventName = PutBucketLifecycle) || ($.eventName = PutBucketReplication) || ($.eventName = DeleteBucketPolicy) || ($.eventName = DeleteBucketCors) || ($.eventName = DeleteBucketLifecycle) || ($.eventName = DeleteBucketReplication)) }' + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>Create an SNS topic for notifications:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws sns create-topic --name &lt;topic_name&gt; + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>Create an SNS subscription to the topic created above&nbsp;</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws sns subscribe --topic-arn &lt;topic_arn&gt; --protocol email --notification-endpoint &lt;email@example.com&gt; + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>Create an alarm based on the above steps:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws cloudwatch put-metric-alarm --alarm-name &lt;value&gt; --metric-name &lt;metric_filter_name&gt; --statistic Sum --period 300 --threshold 1 --comparison-operator GreaterThanOrEqualToThreshold --evaluation-periods 1 --namespace &lt;CloudTrailMetrics&gt; --alarm-actions &lt;topic_arn&gt; + </div> + </blockquote> +</blockquote> +<blockquote> + <div> + <br /> + </div> +</blockquote> +<div> + </div> + + + + + + + + + <ol> + <li>Identify the log group name: aws cloudtrail describe-trails</li> + <li>Note the &lt;group&gt; value associated with CloudWatchLogsLogGroupArn.</li> + <li>Get a list of all associated metric filters for this &lt;group&gt;:&nbsp; + aws logs describe-metric-filters --log-group-name &quot;&lt;group&gt;&quot;&nbsp;</li> + <li>Ensure the output contains the following: &quot;filterPattern&quot;: &quot;{ + ($.eventSource = s3.amazonaws.com) &amp;&amp; (($.eventName = PutBucketAcl) || + ($.eventName = PutBucketPolicy) || ($.eventName = PutBucketCors) || ($.eventName = + PutBucketLifecycle) || ($.eventName = PutBucketReplication) || ($.eventName = + DeleteBucketPolicy) || ($.eventName = DeleteBucketCors) || ($.eventName = + DeleteBucketLifecycle) || ($.eventName = DeleteBucketReplication)) }&quot;&nbsp;</li> + <li>Note the metricName value associated with the filterPattern found in step 4.&nbsp;</li> + <li>Get a list of CloudWatch alarms and filter on the metricName captured in step 4: + aws cloudwatch describe-alarms --query 'MetricAlarms[?MetricName==`&lt;metricName&gt;`]'</li> + <li>Note the AlarmActions value - this will provide the SNS topic ARN value.&nbsp;</li> + <li>Ensure there is at least one subscriber to the SNS topic: aws sns + list-subscriptions-by-topic --topic-arn &lt;topic_arm&gt;</li> + </ol> + + + + + + + + + + + + + + + + + When cloudtrail is configured and sending alerts to cloudwatch logs these logs can be queried to identify suspicious API activity. One such activity that should be monitored is security group changes. Security groups are analogous to firewalls and therefore protect inbound and outbound access to &amp; from AWS resources such as ec2 instances and RDS databases (amongst other things. Therefore alerting on changes to security groups helps ensure that the resources protected by them are not exposed.&nbsp; +<div> + &nbsp; + <br /> + <b>Remediation:</b> + <br /> + <ol> + <li>Create a metric filter that checks for security group changes: aws logs put-metric-filter --log-group-name &lt;group&gt; --filter-name &lt;name&gt; --metric- transformations &lt;value&gt; --filter-pattern '{ ($.eventName = AuthorizeSecurityGroupIngress) || ($.eventName = AuthorizeSecurityGroupEgress) || ($.eventName = RevokeSecurityGroupIngress) || ($.eventName = RevokeSecurityGroupEgress) || ($.eventName = CreateSecurityGroup) || ($.eventName = DeleteSecurityGroup)}'&nbsp;</li> + <li>Create an SNS topic for notifications: aws sns create-topic --name &lt;topic_name&gt;</li> + <li>Create an SNS subscription to the topic created above: aws sns subscribe --topic-arn &lt;topic_arn&gt; --protocol email --notification-endpoint &lt;email@example.com&gt;</li> + <li>Create an alarm based on the above steps: aws cloudwatch put-metric-alarm --alarm-name &lt;value&gt; --metric-name &lt;metric_filter_name&gt; --statistic Sum --period 300 --threshold 1 --comparison-operator GreaterThanOrEqualToThreshold --evaluation-periods 1 --namespace &lt;CloudTrailMetrics&gt; --alarm-actions &lt;topic_arn&gt;</li> + </ol></div> + + + + + + + + <ol> + <li>Identify the log group name: aws cloudtrail describe-trails</li> + <li>Note the &lt;group&gt; value associated with CloudWatchLogsLogGroupArn.</li> + <li>Get a list of all associated metric filters for this &lt;group&gt;: aws + logs describe-metric-filters --log-group-name &quot;&lt;group&gt;&quot;&nbsp;</li> + <li>Ensure the output contains the following: &quot;filterPattern&quot;: &quot;{ + ($.eventName = AuthorizeSecurityGroupIngress) || ($.eventName = + AuthorizeSecurityGroupEgress) || ($.eventName = RevokeSecurityGroupIngress) || ($.eventName + = RevokeSecurityGroupEgress) || ($.eventName = CreateSecurityGroup) || ($.eventName = + DeleteSecurityGroup)}&quot;&nbsp;</li> + <li>Note the metricName value associated with the filterPattern found in step 4.&nbsp;</li> + <li>Get a list of CloudWatch alarms and filter on the metricName captured in step 4: + aws cloudwatch describe-alarms --query 'MetricAlarms[?MetricName==`&lt;metricName&gt;`]'</li> + <li>Note the AlarmActions value - this will provide the SNS topic ARN value.&nbsp;</li> + <li>Ensure there is at least one subscriber to the SNS topic: aws sns + list-subscriptions-by-topic --topic-arn &lt;topic_arm&gt;</li> + </ol> + + + + + + + + + + + + + + + + + <p>Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms. It is recommended that a metric filter and alarm be established for unauthorized API calls.</p><p>Rationale:</p><p>Monitoring unauthorized API calls will help reveal application errors and may reduce time to detect malicious activity.</p><p>Impact:</p><p>This alert may be triggered by normal read-only console activities that attempt to opportunistically gather optional information, but gracefully fail if they don't have permissions.</p><p>If an excessive number of alerts are being generated then an organization may wish to consider adding read access to the limited IAM user permissions simply to quiet the alerts.</p><p>In some cases doing this may allow the users to actually view some areas of the system - any additional access given should be reviewed for alignment with the original limited IAM user intent.</p><p>Remediation:</p><p>Perform the following to setup the metric filter, alarm, SNS topic, and subscription:</p><p>1. Create a metric filter based on filter pattern provided which checks for unauthorized API calls and the &lt;cloudtrail_log_group_name&gt; taken from audit step 1.&nbsp;</p><blockquote><p>aws logs put-metric-filter --log-group-name &lt;cloudtrail_log_group_name&gt; --filter-name `&lt;unauthorized_api_calls_metric&gt;` --metric-transformations metricName= `&lt;unauthorized_api_calls_metric&gt;` ,metricNamespace='CISBenchmark',metricValue=1 --filter-pattern '{ ($.errorCode = "*UnauthorizedOperation") || ($.errorCode = "AccessDenied*") || ($.sourceIPAddress!="delivery.logs.amazonaws.com") || ($.eventName!="HeadBucket") }'</p></blockquote><p>Note: You can choose your own metricName and metricNamespace strings. Using the same metricNamespace for all Foundations Benchmark metrics will group them together.</p><p>2. Create an SNS topic that the alarm will notify&nbsp;</p><blockquote><p>aws sns create-topic --name &lt;sns_topic_name&gt;</p></blockquote><p>Note: you can execute this command once and then re-use the same topic for all monitoring alarms.</p><p>3. Create an SNS subscription to the topic created in step 2&nbsp;</p><blockquote><p>aws sns subscribe --topic-arn &lt;sns_topic_arn&gt; --protocol &lt;protocol_for_sns&gt; --notification-endpoint &lt;sns_subscription_endpoints&gt;</p></blockquote><p>Note: you can execute this command once and then re-use the SNS subscription for all monitoring alarms.</p><p>4. Create an alarm that is associated with the CloudWatch Logs Metric Filter created in step 1 and an SNS topic created in step 2&nbsp;</p><blockquote><p>aws cloudwatch put-metric-alarm --alarm-name `&lt;unauthorized_api_calls_alarm&gt;` --metric-name `&lt;unauthorized_api_calls_metric&gt;` --statistic Sum --period 300 --threshold 1 --comparison-operator GreaterThanOrEqualToThreshold --evaluation-periods 1 --namespace 'CISBenchmark' --alarm-actions &lt;sns_topic_arn&gt;</p></blockquote> + + + + + + + + + <p>Perform the following to ensure that there is at least one active multi-region CloudTrail with prescribed metric filters and alarms configured:</p><p>1. Identify the log group name configured for use with active multi-region CloudTrail:</p><p>List all CloudTrails:&nbsp;</p><blockquote><p>aws cloudtrail describe-trails</p></blockquote><p>Identify Multi region Cloudtrails: Trails with "IsMultiRegionTrail" set to true</p><p>From value associated with CloudWatchLogsLogGroupArn note &lt;cloudtrail_log_group_name&gt;</p><p>Example: for CloudWatchLogsLogGroupArn that looks like arn:aws:logs:&lt;region&gt;:&lt;aws_account_number&gt;:log-group:NewGroup:*, &lt;cloudtrail_log_group_name&gt; would be NewGroup</p><p>Ensure Identified Multi region CloudTrail is active</p><blockquote><p>aws cloudtrail get-trail-status --name &lt;Name of a Multi-region CloudTrail&gt; ensure IsLogging is set to TRUE</p></blockquote><p>Ensure identified Multi-region Cloudtrail captures all Management Events</p><blockquote><p>aws cloudtrail get-event-selectors --trail-name &lt;trailname shown in describe-trails&gt; Ensure there is at least one Event Selector for a Trail with IncludeManagementEvents set to true and ReadWriteType set to All</p></blockquote><p>2. Get a list of all associated metric filters for this &lt;cloudtrail_log_group_name&gt;:&nbsp;</p><blockquote><p>aws logs describe-metric-filters --log-group-name "&lt;cloudtrail_log_group_name&gt;"</p></blockquote><p>3. Ensure the output from the above command contains the following:&nbsp;</p><blockquote><p>"Filter = {(($.errorCode="*UnauthorizedOperation") || ($.errorCode="AccessDenied*")) &amp;&amp; (($.sourceIPAddress!="delivery.logs.amazonaws.com") &amp;&amp; ($.eventName!="HeadBucket"))}"</p></blockquote><p>4. Note the &lt;unauthorized_api_calls_metric&gt; value associated with the filterPattern found in step 3.</p><p>5. Get a list of CloudWatch alarms and filter on the &lt;unauthorized_api_calls_metric&gt; captured in step 4.&nbsp;</p><blockquote><p>aws cloudwatch describe-alarms --query 'MetricAlarms[?MetricName== `&lt;unauthorized_api_calls_metric&gt;`]'</p></blockquote><p>6. Note the AlarmActions value - this will provide the SNS topic ARN value.</p><p>7. Ensure there is at least one active subscriber to the SNS topic&nbsp;</p><blockquote><p>aws sns list-subscriptions-by-topic --topic-arn &lt;sns_topic_arn&gt;</p></blockquote><p>at least one subscription should have "SubscriptionArn" with valid aws ARN.&nbsp;</p><blockquote><p>Example of valid "SubscriptionArn": "arn:aws:sns:&lt;region&gt;:&lt;aws_account_number&gt;:&lt;SnsTopicName&gt;:&lt;SubscriptionID&gt;"</p></blockquote> + + + + + + + + + + + + + + + + + When cloudtrail is configured and sending alerts to cloudwatch logs these logs can be queried + to identify suspicious API activity. One such activity that should be monitored is VPC gateway + changes. VPC gateways are used as a means of sending traffic outside of a VPC (ie to the + internet) and are vital in ensuring traffic flows to the correct destination. Therefore alerting + on changes to VPC gateways ensuring traffic continues to flow as expected via the correct + gateway.&nbsp; + <div> + &nbsp; + <br /> + <b>Remediation:</b> + </div> + <div> + <ol> + <li>Create a metric filter that checks for VPC gateway changes: aws logs put-metric-filter + --log-group-name &lt;group&gt; --filter-name &lt;name&gt; --metric- + transformations &lt;value&gt; --filter-pattern '{ ($.eventName = CreateCustomerGateway) + || ($.eventName = DeleteCustomerGateway) || ($.eventName = AttachInternetGateway) || + ($.eventName = CreateInternetGateway) || ($.eventName = DeleteInternetGateway) || ($.eventName = + DetachInternetGateway) }'&nbsp;</li> + <li>Create an SNS topic for notifications: aws sns create-topic --name &lt;topic_name&gt;</li> + <li>Create an SNS subscription to the topic created above: aws sns subscribe --topic-arn + &lt;topic_arn&gt; --protocol email --notification-endpoint &lt;email@example.com&gt;</li> + <li>Create an alarm based on the above steps: aws cloudwatch put-metric-alarm --alarm-name + &lt;value&gt; --metric-name &lt;metric_filter_name&gt; --statistic Sum --period + 300 --threshold 1 --comparison-operator GreaterThanOrEqualToThreshold --evaluation-periods 1 + --namespace &lt;CloudTrailMetrics&gt; --alarm-actions &lt;topic_arn&gt;</li> + </ol> + </div> + <div> + + </div> + + + + + + + + + <ol> + <li>Identify the log group name: aws cloudtrail describe-trails</li> + <li>Note the &lt;group&gt; value associated with CloudWatchLogsLogGroupArn&nbsp;</li> + <li>Get a list of all associated metric filters for this &lt;group&gt;: aws + logs describe-metric-filters --log-group-name &quot;&lt;group&gt;&quot;&nbsp;</li> + <li>Ensure the output contains the following: &quot;filterPattern&quot;: &quot;{ + ($.eventName = CreateCustomerGateway) || ($.eventName = DeleteCustomerGateway) || + ($.eventName = AttachInternetGateway) || ($.eventName = CreateInternetGateway) || + ($.eventName = DeleteInternetGateway) || ($.eventName = DetachInternetGateway) }&quot;&nbsp;</li> + <li>Note the metricName value associated with the filterPattern found in step 4.&nbsp;</li> + <li>Get a list of CloudWatch alarms and filter on the metricName captured in step 4: + aws cloudwatch describe-alarms --query 'MetricAlarms[?MetricName==`&lt;metricName&gt;`]'</li> + <li>Note the AlarmActions value - this will provide the SNS topic ARN value.&nbsp;</li> + <li>Ensure there is at least one subscriber to the SNS topic: aws sns + list-subscriptions-by-topic --topic-arn &lt;topic_arm&gt;</li> + </ol> + + + + + + + + + + + + + + + + + When cloudtrail is configured and sending alerts to cloudwatch logs these logs can be queried + to identify suspicious API activity. One such activity that should be monitored is VPC NACL + changes. Network Access Control Lists (NACLS) control inbound and outbound access to &amp; + from AWS subnets and work like packet filters to protect the network. Therefore alerting on + changes to NACLS helps ensure that the subnets protected by them are not exposed.&nbsp; + <div> + &nbsp; + <br /> + <b>Remediation:</b> + <br /> + <ol> + <li>Create a metric filter that checks for NACL changes: aws logs put-metric-filter + --log-group-name &lt;group&gt; --filter-name &lt;name&gt; --metric- + transformations &lt;value&gt; --filter-pattern '{ ($.eventName = CreateNetworkAcl) || + ($.eventName = CreateNetworkAclEntry) || ($.eventName = DeleteNetworkAcl) || ($.eventName = + DeleteNetworkAclEntry) || ($.eventName = ReplaceNetworkAclEntry) || ($.eventName = + ReplaceNetworkAclAssociation) }'&nbsp;</li> + <li>Create an SNS topic for notifications: aws sns create-topic --name &lt;topic_name&gt;</li> + <li>Create an SNS subscription to the topic created above: aws sns subscribe --topic-arn + &lt;topic_arn&gt; --protocol email --notification-endpoint &lt;email@example.com&gt;</li> + <li>Create an alarm based on the above steps: aws cloudwatch put-metric-alarm --alarm-name + &lt;value&gt; --metric-name &lt;metric_filter_name&gt; --statistic Sum --period + 300 --threshold 1 --comparison-operator GreaterThanOrEqualToThreshold --evaluation-periods 1 + --namespace &lt;CloudTrailMetrics&gt; --alarm-actions &lt;topic_arn&gt;</li> + </ol> + </div> + + + + + + + + <ol> + <li>Identify the log group name: aws cloudtrail describe-trails</li> + <li>Note the &lt;group&gt; value associated with CloudWatchLogsLogGroupArn.</li> + <li>Get a list of all associated metric filters for this &lt;group&gt;: aws + logs describe-metric-filters --log-group-name &quot;&lt;group&gt;&quot;&nbsp;</li> + <li>Ensure the output contains the following:&nbsp;&quot;filterPattern&quot;: + &quot;{ ($.eventName = CreateNetworkAcl) || ($.eventName = CreateNetworkAclEntry) || + ($.eventName = DeleteNetworkAcl) || ($.eventName = DeleteNetworkAclEntry) || ($.eventName = + ReplaceNetworkAclEntry) || ($.eventName = ReplaceNetworkAclAssociation) }&quot;&nbsp;</li> + <li>Note the metricName value associated with the filterPattern found in step 4.&nbsp;</li> + <li>Get a list of CloudWatch alarms and filter on the metricName captured in step 4: + aws cloudwatch describe-alarms --query 'MetricAlarms[?MetricName==`&lt;metricName&gt;`]'</li> + <li>Note the AlarmActions value - this will provide the SNS topic ARN value.&nbsp;</li> + <li>Ensure there is at least one subscriber to the SNS topic: aws sns + list-subscriptions-by-topic --topic-arn &lt;topic_arm&gt;</li> + </ol> + + + + + + + + + + + + + + + + + When cloudtrail is configured and sending alerts to cloudwatch logs these logs can be queried + to identify suspicious API activity. One such activity that should be monitored is VPC route + table changes. VPC route tables provide a means of routing network traffic between subnets and + via gateways and ensures traffic flows via the correct path. Therefore alerting on changes to + route tables ensuring traffic continues to flow as expected.&nbsp; + <div> + &nbsp; + <br /> + <b>Remediation:<br /></b> + <ol> + <li>Create a metric filter that checks for VPC route table changes: aws logs + put-metric-filter --log-group-name &lt;group&gt; --filter-name &lt;name&gt; + --metric- transformations &lt;value&gt; --filter-pattern '{ ($.eventName = CreateRoute) + || ($.eventName = CreateRouteTable) || ($.eventName = ReplaceRoute) || ($.eventName = + ReplaceRouteTableAssociation) || ($.eventName = DeleteRouteTable) || ($.eventName = DeleteRoute) + || ($.eventName = DisassociateRouteTable) }'&nbsp;</li> + <li>Create an SNS topic for notifications: aws sns create-topic --name &lt;topic_name&gt;</li> + <li>Create an SNS subscription to the topic created above: aws sns subscribe --topic-arn + &lt;topic_arn&gt; --protocol email --notification-endpoint &lt;email@example.com&gt;</li> + <li>Create an alarm based on the above steps: aws cloudwatch put-metric-alarm --alarm-name + &lt;value&gt; --metric-name &lt;metric_filter_name&gt; --statistic Sum --period + 300 --threshold 1 --comparison-operator GreaterThanOrEqualToThreshold --evaluation-periods 1 + --namespace &lt;CloudTrailMetrics&gt; --alarm-actions &lt;topic_arn&gt;</li> + </ol> + </div> + + + + + + + + + <ol> + <li>Identify the log group name: aws cloudtrail describe-trails&nbsp;</li> + <li>Note the &lt;group&gt; value associated with CloudWatchLogsLogGroupArn.</li> + <li>Get a list of all associated metric filters for this &lt;group&gt;: aws + logs describe-metric-filters --log-group-name &quot;&lt;group&gt;&quot;&nbsp;</li> + <li>Ensure the output contains the following:&nbsp;&quot;filterPattern&quot;: + &quot;{ ($.eventName = CreateRoute) || ($.eventName = CreateRouteTable) || ($.eventName + = ReplaceRoute) || ($.eventName = ReplaceRouteTableAssociation) || ($.eventName = + DeleteRouteTable) || ($.eventName = DeleteRoute) || ($.eventName = DisassociateRouteTable) }&quot;&nbsp;</li> + <li>Note the metricName value associated with the filterPattern found in step 4.&nbsp;</li> + <li>Get a list of CloudWatch alarms and filter on the metricName captured in step 4:&nbsp;aws + cloudwatch describe-alarms --query 'MetricAlarms[?MetricName==`&lt;metricName&gt;`]'</li> + <li>Note the AlarmActions value - this will provide the SNS topic ARN value.&nbsp;</li> + <li>Ensure there is at least one subscriber to the SNS topic: aws sns + list-subscriptions-by-topic --topic-arn &lt;topic_arm&gt;</li> + </ol> + + + + + + + + + + + + + + + + + <b>Description</b>:&nbsp; +<div> + <br> + Retention period should be used to specify how long log events are kept in CloudWatch Logs. Expired log events get deleted automatically. Just like metric filters, retention settings are also assigned to log groups, and the retention assigned to a log group is applied to their log streams.&nbsp; +</div> +<div> + <br> + Note:&nbsp; +</div> +<div> + <ul> + <li>You can also use any third party log management tools (like Splunk, Loggly, AlertLogic Log Manager, etc.) as long as the recommendation goal is achieved.&nbsp;</li> + <li>The below Audit and Remediation steps need to be modified for your specific log management tool, as they are provided in the benchmark only for Amazon Cloudwatch</li> + </ul> + <b>Remediation</b>:&nbsp; +</div> +<div> + <br> +</div> +<div> + <div> + *Note: references to Web tier are also applicable to App tier. + </div> +</div> +<div> + <br> + Using the Amazon unified command line interface:&nbsp; +</div> +<div> + <ul> + <li>Put a retention policy for your Web tier Cloudwatch log group:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws logs put-retention-policy --log-group-name &lt;web_tier_log_group&gt; --retention-indays &lt;log_retention_period&gt; + </div> + </blockquote> +</blockquote> +<div> + <b>Impact</b>:&nbsp; +</div> +<div> + <br> + If the retention period is not configured then logs will be retained indefinitely with increasing cost. +</div> + + + + + + + + + + + + + + Using the Amazon unified command line interface:&nbsp; +<div> + <ul> + <li>Search for your Web tier Cloudwatch log group, and check for the presence of "retentionInDays" element:&nbsp;</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + <div> + aws logs describe-log-groups --query "logGroups[?logGroupName == + </div> + <div> + '&lt;web_tier_log_group&gt;']" + </div> + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + <p>AWS IAM users can access AWS resources using different types of credentials, such as passwords or access keys. It is recommended that all credentials that have been unused in 45 or greater days be deactivated or removed.</p><p>Rationale:</p><p>Disabling or removing unnecessary credentials will reduce the window of opportunity for credentials associated with a compromised or abandoned account to be used.</p><p>Remediation:</p><p><strong>From Console:&nbsp;</strong></p><p>Perform the following to manage Unused Password (IAM user console access)</p><ol><li>Login to the AWS Management Console:</li><li>Click Services</li><li>Click IAM</li><li>Click on Users</li><li>Click on Security Credentials</li><li>Select user whose Console last sign-in is greater than 45 days</li><li>Click Security credentials</li><li>In section Sign-in credentials, Console password click Manage</li><li>Under Console Access select Disable 10.Click Apply</li></ol><p>Perform the following to deactivate Access Keys:</p><ol><li>Login to the AWS Management Console:</li><li>Click Services</li><li>Click IAM</li><li>Click on Users</li><li>Click on Security Credentials</li><li>Select any access keys that are over 45 days old and that have been used and<ol><li>Click on Make Inactive</li></ol></li><li>Select any access keys that are over 45 days old and that have not been used and<ol><li>Click the X to Delete</li></ol></li></ol> + + + + + + + + + + <p>Perform the following to determine if unused credentials exist:&nbsp;</p><p><strong>From Console:</strong></p><ol><li>Login to the AWS Management Console</li><li>Click Services</li><li>Click IAM</li><li>Click on Users</li><li>Click the Settings (gear) icon.</li><li>Select Console last sign-in, Access key last used, and Access Key Id</li><li>Click on Close</li><li>Check and ensure that Console last sign-in is less than 45 days ago.<ol><li>Note - Never means the user has never logged in.</li></ol></li><li>Check and ensure that Access key age is less than 45 days and that Access key last used does not say None</li></ol><p>If the user hasn't signed into the Console in the last 45 days or Access keys are over 45 days old refer to the remediation.</p><p><strong>From Command Line:&nbsp;</strong></p><p>Download Credential Report:</p><p>1. Run the following commands:</p><blockquote><p>aws iam generate-credential-report&nbsp;</p></blockquote><blockquote><p>aws iam get-credential-report --query 'Content' --output text | base64 -d | cut -d, -f1,4,5,6,9,10,11,14,15,16</p></blockquote><p>Ensure unused credentials do not exist:</p><p>2. For each user having password_enabled set to TRUE , ensure password_last_used_date is less than 45 days ago.</p><p>When password_enabled is set to TRUE and password_last_used is set to No_Information , ensure password_last_changed is less than 45 days ago.</p><p>3. For each user having an access_key_1_active or access_key_2_active to TRUE , ensure the corresponding access_key_n_last_used_date is less than 45 days ago.</p><p>When a user having an access_key_x_active (where x is 1 or 2) to TRUE and corresponding access_key_x_last_used_date is set to N/A', ensure access_key_x_last_rotated` is less than 45 days ago.</p> + + + + + + + + + + + + + + + + + AWS console defaults the checkbox for creating access keys to enabled. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials, it also generates unnecessary management work in auditing and rotating these keys. +<br /> +<br /> +<b>Remediation: </b> +<br />Perform the following to delete access keys that do not pass the audit. +<br /> +<div> + <br /> +</div> +<ol> + <li>Login to the AWS Management Console.Click Services.</li> + <li>Click IAM</li> + <li>Click on Users.Click on Security Credentials.</li> + <li>As an Administrator.</li> + <ul> + <li>Click on Delete for keys that were created at the same time as the user profile but have not been used.<br /></li> + </ul> + <li>&nbsp;&nbsp;&nbsp; As an IAM User</li> + <ul> + <li>Click on Delete for keys that were created at the same time as the user profile but have not been used.</li> + </ul> + <li>Via CLI:</li> + <ul> + <li>aws iam delete-access-key</li> + </ul> +</ol> +<span style="font-weight: bold;"></span> + + + + + + + + + Perform the following to determine if access keys are rotated as prescribed: + <br /> + <ol> + <li>Login to the AWS Management Console</li> + <li>Click Services</li> + <li>Click IAM</li> + <li>Click on a User</li> + <li>Compare the user creation date to the key 1 creation date.</li> + <li>For any that match, the key was created during initial user setup.</li> + </ol>Keys that were created at the same time as the user profile and do not have a last used date should be deleted. + <br /> + <br />Via the CLI: + <br /> + <ul> + <li>Run the following command (OSX/Linux/UNIX) to generate a list of all IAM users along with their access keys utilization:</li> + </ul> + <blockquote> + <blockquote> + aws iam generate-credential-report + </blockquote> + </blockquote> + <br /> + <blockquote> + <blockquote> + aws iam get-credential-report --query 'Content' --output text | base64 -d | cut -d, -f1,4,9,11,14,16 + </blockquote> + </blockquote> + <ul> + <li>The output of this command will produce a table similar to the following:&nbsp;</li> + </ul> + <blockquote> + <blockquote> + user,password_enabled,access_key_1_active,access_key_1_last_used_date,access_ + </blockquote> + <blockquote> + key_2_active,access_key_2_last_used_date + </blockquote> + <blockquote> + elise,false,true,2015-04-16T15:14:00+00:00,false,N/A + </blockquote> + <blockquote> + brandon,true,true,N/A,false,N/A + </blockquote> + <blockquote> + rakesh,false,false,N/A,false,N/A + </blockquote> + <blockquote> + helene,false,true,2015-11-18T17:47:00+00:00,false,N/A + </blockquote> + <blockquote> + paras,true,true,2016-08-28T12:04:00+00:00,true,2016-03-04T10:11:00+00:00 + </blockquote> + <blockquote> + anitha,true,true,2016-06-08T11:43:00+00:00,true,N/A + </blockquote> + </blockquote> + <ul> + <li>For any user having access_key_last_used_date set to N/A , ensure that access key is deleted</li> + </ul> + + + + + + + + + + + + + + + + + AWS Config tracks configuration changes to resources as they occur and is therefore a good + source of identifying whether unintentional or malicious changes have occurred to resources with + the AWS account. + <div> + <br /> + <b>Remediation:</b> + <br /> + <ol> + <li>Sign in to the AWS Management Console (with Config update permissions).</li> + <li>Select Config from the services menu.</li> + <li>Define which resources you want to record in the selected region.</li> + <li>Choose to include global resources (IAM resources).</li> + <li>Specify an S3 bucket.</li> + <li>Create an SNS Topic&nbsp;&nbsp;</li> + </ol> + <br />&nbsp; + </div> + + + + + + + + + + + + + + + + <ol> + <li>Sign in to the AWS Management Console (with Config update permissions)&nbsp;</li> + <li>Select Config from the services menu&nbsp;</li> + <li>If presented with Setup AWS Config follow the procedure highlighted in the + remediation section&nbsp;</li> + <li>On the Resource inventory page, Click on &quot;edit&quot;&nbsp;</li> + <li>Ensure 1 or both check-boxes under &quot;All Resources&quot; is checked.&nbsp;</li> + <ul> + <li>Include global resources related to IAM resources&nbsp;</li> + <li>which needs to be enabled in 1 region only.</li> + </ul> + <li>Ensure the correct S3 bucket has been defined.&nbsp;</li> + <li>Ensure the correct SNS topic has been defined.&nbsp;</li> + <li>Repeat steps 2 to 7 for each region (you'll need to change region in the top right + corner of the AWS management console to do this).</li> + </ol> + + + + + + + + + + + + + + + + + Cloudtrail records events of all API calls made within a AWS account. This enables security + analysis, resource change tracking, and compliance auditing. Cloudtrail should be enabled in all + regions, even if they are not being used, to identify unintended or accidental changes. + <br /> + <br /> + <b>Remediation</b>: + <br />Create a global trail using a previously created S3 bucket: + <br /> + <blockquote> + aws cloudtrail create-trail --name &lt;trail_name&gt; --s3-bucket-name &lt;s3-bucket-name&gt; + --is-multi-region-trail + </blockquote> + <br /> + <br /> + <br /> + + + + + + + + + + + + + + + + + + + + + + + + <ol> + <li>Run: aws cloudtrail describe-trails</li> + <li>Ensure &quot;IsMultiRegionTrail&quot; = TRUE</li> + </ol> + + + + + + + + + + + + + + + + + Enabling log file validation will provide additional integrity checking of CloudTrail as it + creates a digest for each log file it writes to S3. These digests can then be used to determine + if a log has been modified since being written + <br /> + <br /> + <b>Remediation:<br /></b> + <blockquote> + aws cloudtrail update-trail --name &lt;trail_name&gt; --enable-log-file-validation + </blockquote> + <br /> + + + + + + + + + + + + + + + + <blockquote> + aws cloudtrail describe-trails&nbsp; + </blockquote>Ensure LogFileValidationEnabled = true (for each trail) + <ol> + </ol> + + + + + + + + + + + + + + + + + <p>Enable IAM Access analyzer for IAM policies about all resources in each region.</p><p>IAM Access Analyzer is a technology introduced at AWS reinvent 2019. After the Analyzer is enabled in IAM, scan results are displayed on the console showing the accessible resources. Scans show resources that other accounts and federated users can access, such as KMS keys and IAM roles. So the results allow you to determine if an unintended user is allowed, making it easier for administrators to monitor least privileges access. Access Analyzer analyzes only policies that are applied to resources in the same AWS Region.</p><p>Rationale:</p><p>AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data. Access Analyzer identifies resources that are shared with external principals by using logic-based reasoning to analyze the resource-based policies in your AWS environment. IAM Access Analyzer continuously monitors all policies for S3 bucket, IAM roles, KMS(Key Management Service) keys, AWS Lambda functions, and Amazon SQS(Simple Queue Service) queues.</p><p>Remediation:</p><p><strong>From Console:&nbsp;</strong></p><p>Perform the following to enable IAM Access analyzer for IAM policies:</p><ol><li>Open the IAM console at https://console.aws.amazon.com/iam/.</li><li>Choose Access analyzer.</li><li>Choose Create analyzer.</li><li>On the Create analyzer page, confirm that the Region displayed is the Region where you want to enable Access Analyzer.</li><li>Enter a name for the analyzer. Optional as it will generate a name for you automatically.</li><li>Add any tags that you want to apply to the analyzer. Optional.</li><li>Choose Create Analyzer.</li><li>Repeat these step for each active region</li></ol><p><strong>From Command Line:&nbsp;</strong></p><p>Run the following command:&nbsp;</p><blockquote><p>aws accessanalyzer create-analyzer --analyzer-name &lt;NAME&gt; --type &lt;ACCOUNT|ORGANIZATION&gt;</p></blockquote><p>Repeat this command above for each active region. Note: The IAM Access Analyzer is successfully configured only when the account you use has the necessary permissions.</p> + + + + + + + + + <p><strong>From Console:</strong></p><ol><li>Open the IAM console at https://console.aws.amazon.com/iam/</li><li>Choose Access analyzer</li><li>Click 'Analyzers'</li><li>Ensure that at least one analyzer is present</li><li>Ensure that the STATUS is set to Active</li><li>Repeat these step for each active region</li></ol><p><strong>From Command Line:</strong></p><p>1. Run the following command:</p><blockquote><p>aws accessanalyzer list-analyzers | grep status</p></blockquote><p>2. Ensure that at least one Analyzer the status is set to ACTIVE</p><p>3. Repeat the steps above for each active region.</p><p>If an Access analyzer is not listed for each region or the status is not set to active refer to the remediation procedure below.</p> + + + + + + + + + + + + + + + + + Using a multi-factor authentication (MFA) device enhances the security of the login process. With MFA, users have a device that generates a unique authentication code (a one-time password, or OTP) and users must provide both their normal credentials (like their username and password) and the OTP. +<div> + <br> +</div> +<div> + The MFA device can either be a special piece of hardware, or it can be a virtual device. The recommendation for all console login accounts is to use MFA to increase the level of security of the login process. + <div> + <div> + <br> + <b>Remediation:</b> + <br> + <ol> + <li>Login to the AWS Management Console as an administrator.</li> + <li>Select IAM.</li> + <li>Select Users.</li> + <li>For each user:</li> + <ul> + <li>Select the user.</li> + <li>Under "Sign-In Credentials" if "Password" is set to "Yes".</li> + <li>Select "Manage MFA Device".</li> + <li>Choose the type of MFA.</li> + <li>Either scan the code or enter your device secret key.</li> + <li>Enter the Authentication code in "Authentication Code 1" box.</li> + <li>Wait for the code to change and enter the next code in "Authentication Code 2" box.</li> + <li>Click Activate MFA.</li> + </ul> + </ol> + </div> + </div> +</div> + + + + + + + + + + <ol> + <li>Generate a credential report with the command: aws iam generate-credential-report</li> + <li>The following command displays a list of all IAM users along with their password + and MFA status: aws iam get-credential-report --output text | base64 -D | cut - d, -f1,4,8</li> + <li>For any column having password_enabled set to true ensure mfa_active is also set + to true.&nbsp;</li> + </ol> + + + + + + + + + + + + + + + + + + Root is highly privileged and therefore using a multi-factor authentication (MFA) device enhances the security of the login process. With MFA, users have a device that generates a unique authentication code (a one-time password, or OTP) and users must provide both their normal credentials (like their username and password) and the OTP. The MFA device can either be a special piece of hardware, or it can be a virtual device. The recommendation for the root account is to use a hardware based device as it has a smaller attack surface and cannot be duplicated. +<div> + <br> + <b>Remediation:</b> + <br> + <ol> + <li>Login to the AWS Management Console as root.</li> + <li>Select "Dashboard" and under "Security Status" choose "Activate MFA" on your root account.</li> + <li>Select Activate MFA".</li> + <li>In the wizard, choose "A hardware MFA" device and then select Next Step.</li> + <li>In the Serial Number box, enter the serial number that is found on the back of the MFA device.&nbsp;</li> + <li>In the Authentication Code 1 box, enter the six-digit number displayed by the MFA device.</li> + <li>Wait until the device refreshes the code, and then enter the next six-digit number into the Authentication Code 2 box.</li> + <li>Select "Next Step".&nbsp;</li> + </ol>The MFA device is now associated with the AWS account.&nbsp; +</div> +<div> + &nbsp; + <br></div> + + + + + + + + + + + <ol> + <li>Run: aws iam get-account-summary</li> + <li>Ensure the AccountMFAEnabled property is 1.</li> + </ol> + + + + + + + + + + + + + + + + + S3 Bucket Access Logging generates log files that contain access records for each request made + to an S3 bucket. By enabling this it is possible to capture events relating to the objects + within that bucket thus helping to capture potential security issues or identifying threats. It + is recommended to enable S3 bucket logging on any S3 bucket that contains sensitive data and + stored the logs in a separate bucket for security analysis. + <div> + <br /> + <b>Remediation:<br /></b> + <ol> + <li>Sign in to the AWS Management Console (with S3 update access).</li> + <li>Select S3 from the services menu.</li> + <li>Under All Buckets click on the S3 bucket you wish to enable logging.</li> + <li>Click on Properties in the top right of the console.</li> + <li>Under Bucket:&lt;bucket_name&gt; click on Logging.</li> + <li>Click on the &quot;Enabled&quot; checkbox.</li> + <li>Select a &quot;Target Bucket&quot; to store the logs.</li> + <li>Select a &quot;Target Prefix&quot; for the logs.</li> + <li>Click &quot;Save&quot;.</li> + </ol> + </div> + + + + + + + + + <ol> + <li>Sign in to the AWS Management Console (with S3 update access).</li> + <li>Select S3 from the services menu.</li> + <li>Under All Buckets click on the S3 bucket you wish to enable logging.&nbsp;</li> + <li>Click on Properties in the top right of the console.&nbsp;</li> + <li>Under Bucket:&lt;bucket_name&gt; click on Logging.</li> + <li>Ensure &quot;Enabled&quot; is checked.</li> + </ol> + + + + + + + + + + + + + + + + + VPC Flow logs enable the capture of IP traffic that traverses the network interfaces within a + VPC. These logs are captured and sent to cloudtrail logs enabling you to detect security + incidents that may be occurring across the network. + <div> + <br /> + </div> + <div> + <b>Remediation:</b> + <br /> + <ol> + <li>Sign into the management console.</li> + <li>Select VPC from the services menu.</li> + <li>In the left pane click &quot;Your VPCs&quot;.</li> + <li>Select a VPC.</li> + <li>Select the Flow Logs tab from the preview panel.</li> + <li>Select &quot;Create Flow Log&quot;.</li> + <li>Choose a role (note this must be pre-created. Follow the link provided in the text + underneath &quot;Role&quot; for help).</li> + <li>Select a &quot;Destination Log Group&quot;.</li> + <li>Click &quot;Create flow Log&quot;.</li> + </ol> + + + + + + + + + + + + + + + <ol> + <li>Sign into the management console.</li> + <li>Select VPC from the services menu.</li> + <li>In the left pane click &quot;Your VPCs&quot;.</li> + <li>Select a VPC.</li> + <li>Select the Flow Logs tab from the preview panel.</li> + <li>Ensure a Log Flow exists that has Active in the Status column.</li> + </ol> + + + + + + + + + + + + + + + + + By default, the log files delivered by CloudTrail to your bucket are encrypted by Amazon + server-side encryption with Amazon S3-managed encryption keys (SSE-S3). To provide a security + layer that is directly manageable, you can instead use server-side encryption with AWS + KMS-managed + keys (SSE-KMS) for your CloudTrail log files. This provides several advantages: + <br /> + <ul> + <li>You can create and manage the CMK encryption keys yourself.&nbsp;</li> + <li>You can use a single CMK to encrypt and decrypt log files for multiple accounts across + all regions.&nbsp;</li> + <li>You have control over who can use your key for encrypting and decrypting CloudTrail + log files.&nbsp;</li> + <li>You can assign permissions for the key to the users in your organization according to + your requirements.</li> + <li>You have enhanced security. With this feature, in order to read log files, you now + need to meet two conditions:&nbsp;</li> + <ol> + <li>you must have S3 read permission on the bucket, and&nbsp;</li> + <li>you must be granted decrypt permission by the CMK policy.&nbsp;</li> + </ol> + </ul>Because S3 automatically decrypts the log files for requests from users authorized to + use the CMK, SSE-KMS encryption for CloudTrail log files is backward compatible with existing + applications that read CloudTrail log data.&nbsp; + <br /> + <br /> + <b>Remediation:</b>&nbsp;&nbsp; + <br /> + <ol> + <li>Sign in to the AWS Management Console (with cloudtrail update permissions).</li> + <li>Select CloudTrail from the services menu.</li> + <li>Select &quot;Trails&quot;.</li> + <li>Click on a Trail.</li> + <li>Under the S3 section click on the edit button.</li> + <li>Click Advanced.</li> + <li>Set &quot;Encrypt Log Files&quot; to &quot;Yes&quot;.</li> + <li>Set &quot;Create a new KMS key&quot; to &quot;Yes&quot;.</li> + <li>In &quot;KMS key&quot; type a name for your key.</li> + <li>Click &quot;Save&quot;.</li> + </ol> + <br /> + <br /> + + + + + + + + + <blockquote> + aws cloudtrail describe-trails + </blockquote>Check that KMS is enabled if the &quot;KmsKeyId&quot; property is + set. + <ol> + </ol> + + + + + + + + + + + + + + + + + Regular reviews of accounts on the system should be conducted to ensure that stale accounts + cannot be abused either by those former employees using them or compromised by attackers. + <div> + <br /> + <b>Remediation:</b>&nbsp;&nbsp; + <br />At least every 90 days complete the following: + </div> + <div> + <ol> + <li>Sign in to the AWS Management Console (with IAM update privileges).</li> + <li>Go to IAM Service on the AWS Console.</li> + <li>Click on Users.</li> + <li>For any user that should no longer exist:</li> + <ul> + <li>select the user,</li> + <li>click &quot;User Actions&quot;,</li> + <li>click &quot;Delete&quot;.</li> + </ul> + </ol> + </div> + + + + + + <ol> + <li>Obtain a list of IAM users by: aws iam list-users --query 'Users[*].UserName' + --output text</li> + <li>Ensure all users are valid users.</li> + </ol> + + + + + + + + + + + + + + + + + <p>IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant least privilege -that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks, instead of allowing full administrative privileges.</p><p>Rationale:</p><p>It's more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later.</p><p>Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.</p><p>IAM policies that have a statement with "Effect": "Allow" with "Action": "*" over "Resource": "*" should be removed.</p><p>Remediation:</p><p><strong>From Console:&nbsp;</strong></p><p>Perform the following to detach the policy that has full administrative privileges:</p><ol><li>Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.</li><li>In the navigation pane, click Policies and then search for the policy name found in the audit step.</li><li>Select the policy that needs to be deleted.</li><li>In the policy action menu, select first Detach</li><li>Select all Users, Groups, Roles that have this policy attached</li><li>Click Detach Policy</li><li>In the policy action menu, select Detach</li></ol><p><strong>From Command Line:&nbsp;</strong></p><p>Perform the following to detach the policy that has full administrative privileges as found in the audit step:</p><ol><li>Lists all IAM users, groups, and roles that the specified managed policy is attached to. aws iam list-entities-for-policy --policy-arn &lt;policy_arn&gt;</li><li>Detach the policy from all IAM Users: aws iam detach-user-policy --user-name &lt;iam_user&gt; --policy-arn &lt;policy_arn&gt;</li><li>Detach the policy from all IAM Groups: aws iam detach-group-policy --group-name &lt;iam_group&gt; --policy-arn &lt;policy_arn&gt;</li><li>Detach the policy from all IAM Roles: aws iam detach-role-policy --role-name &lt;iam_role&gt; --policy-arn &lt;policy_arn&gt;</li></ol> + + + + + + + + + + <p>Perform the following to determine what policies are created: From Command Line:</p><ol><li>Run the following to get a list of IAM policies: aws iam list-policies --only-attached --output text</li><li>For each policy returned, run the following command to determine if any policies is allowing full administrative privileges on the account: aws iam get-policy-version --policy-arn &lt;policy_arn&gt; --version-id &lt;version&gt;</li><li>In output ensure policy should not have any Statement block with "Effect": "Allow" and Action set to "*" and Resource set to "*"</li></ol> + + + + + + + + + + + + + + + + + <p>The Network Access Control List (NACL) function provide stateless filtering of ingress and egress network traffic to AWS resources. It is recommended that no NACL allows unrestricted ingress access to remote server administration ports, such as SSH to port 22 and RDP to port 3389.</p><p>Rationale:</p><p>Public access to remote server administration ports, such as 22 and 3389, increases resource attack surface and unnecessarily raises the risk of resource compromise.</p><p>Remediation:</p><p><strong>From Console:&nbsp;</strong></p><p>Perform the following:</p><ol><li>Login to the AWS Management Console at https://console.aws.amazon.com/vpc/home</li><li>In the left pane, click Network ACLs</li><li>For each network ACL to remediate, perform the following:<ol><li>Select the network ACL</li><li>Click the Inbound Rules tab</li><li>Click Edit inbound rules</li><li>Either A) update the Source field to a range other than 0.0.0.0/0, or, B) Click Delete to remove the offending inbound rule</li><li>Click Save</li></ol></li></ol><p>&nbsp;</p> + + + + + + + + + <p><strong>From Console:</strong></p><p>Perform the following to determine if the account is configured as prescribed:</p><ol><li>Login to the AWS Management Console at https://console.aws.amazon.com/vpc/home</li><li>In the left pane, click Network ACLs</li><li>For each network ACL, perform the following:<ol><li>Select the network ACL</li><li>Click the Inbound Rules tab</li><li>Ensure no rule exists that has a port range that includes port 22, 3389, or other remote server administration ports for your environment and has a Source of 0.0.0.0/0 and shows ALLOW</li></ol></li></ol><p>Note: A Port value of ALL or a port range such as 0-1024 are inclusive of port 22, 3389, and other remote server administration ports</p> + + + + + + + + + + + + + + + + + <p>Access keys are long-term credentials for an IAM user or the AWS account 'root' user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK)</p><p>Rationale:</p><p>Access keys are long-term credentials for an IAM user or the AWS account 'root' user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API. One of the best ways to protect your account is to not allow users to have multiple access keys.</p><p>Remediation:</p><p><strong>From Console:</strong></p><ol><li>Sign in to the AWS Management Console and navigate to IAM dashboard at https://console.aws.amazon.com/iam/.</li><li>In the left navigation panel, choose Users.</li><li>Click on the IAM user name that you want to examine.</li><li>On the IAM user configuration page, select Security Credentials tab.</li><li>In Access Keys section, choose one access key that is less than 90 days old. This should be the only active key used by this IAM user to access AWS resources programmatically. Test your application(s) to make sure that the chosen access key is working.</li><li>In the same Access Keys section, identify your non-operational access keys (other than the chosen one) and deactivate it by clicking the Make Inactive link.</li><li>If you receive the Change Key Status confirmation box, click Deactivate to switch off the selected key.</li><li>Repeat steps no. 3 - 7 for each IAM user in your AWS account.</li></ol><p><strong>From Command Line:</strong></p><p>1. Using the IAM user and access key information provided in the Audit CLI, choose one access key that is less than 90 days old. This should be the only active key used by this IAM user to access AWS resources programmatically. Test your application(s) to make sure that the chosen access key is working.</p><p>2. Run the update-access-key command below using the IAM user name and the non-operational access key IDs to deactivate the unnecessary key(s). Refer to the Audit section to identify the unnecessary access key ID for the selected IAM user</p><p>Note - the command does not return any output:</p><blockquote><p>aws iam update-access-key --access-key-id &lt;access-key-id&gt; --status Inactive --user-name &lt;user-name&gt;</p></blockquote><p>3. To confirm that the selected access key pair has been successfully deactivated run the list-access-keys audit command again for that IAM User:&nbsp;</p><blockquote><p>aws iam list-access-keys --user-name &lt;user-name&gt;</p></blockquote><p>The command output should expose the metadata for each access key associated with the IAM user. If the non-operational key pair(s) Status is set to Inactive, the key has been successfully deactivated and the IAM user access configuration adheres now to this recommendation.</p><p>4. Repeat steps no. 1 - 3 for each IAM user in your AWS account.</p> + + + + + + + + + <p><strong>From Console:</strong></p><ol><li>Sign in to the AWS Management Console and navigate to IAM dashboard at https://console.aws.amazon.com/iam/.</li><li>In the left navigation panel, choose Users.</li><li>Click on the IAM user name that you want to examine.</li><li>On the IAM user configuration page, select Security Credentials tab.</li><li>Under Access Keys section, in the Status column, check the current status for each access key associated with the IAM user. If the selected IAM user has more than one access key activated then the users access configuration does not adhere to security best practices and the risk of accidental exposures increases.</li></ol><p>Repeat steps no. 3 - 5 for each IAM user in your AWS account.</p><p><strong>From Command Line:</strong></p><p>1. Run list-users command to list all IAM users within your account:&nbsp;</p><blockquote><p>aws iam list-users --query "Users[*].UserName"</p></blockquote><p>The command output should return an array that contains all your IAM user names.</p><p>2. Run list-access-keys command using the IAM user name list to return the current status of each access key associated with the selected IAM user:&nbsp;</p><blockquote><p>aws iam list-access-keys --user-name &lt;user-name&gt;</p></blockquote><p>The command output should expose the metadata ("Username", "AccessKeyId", "Status", "CreateDate") for each access key on that user account.</p><p>3. Check the Status property value for each key returned to determine each keys current state. If the Status property value for more than one IAM access key is set to Active, the user access configuration does not adhere to this recommendation, refer to the remediation below.</p><p>Repeat steps no. 2 and 3 for each IAM user in your AWS account.</p> + + + + + + + + + + + + + + + + + Cloudwatch logs is an AWS service that allows you to send logs from an EC2 instance to + cloudwatch via an agent installed locally on the machine. The logs are then stored centrally + within cloudwatch logs and metric alerts can be configured so that security incidents can be + reported to the security team. It is recommended to enable cloudwatch log monitoring on all EC2 + servers. + <br /> + <br /> + <b>Remediation:<br /></b>Follow the directions provided in &quot;http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/EC2NewInstanceCWL.html&quot; + to install and enable Cloudwatch Logs on a new EC2 instance. + <br /> + <br /> + + + + + + <ol> + <li>Sign into the management console.</li> + <li>Select Cloudwatch from the services menu.&nbsp;&nbsp;</li> + <li>In the left pane click &quot;Logs&quot;.&nbsp;&nbsp;</li> + <li>Click on your log group.</li> + <li>Click on your log stream.</li> + <li>Ensure event data is being captured as per the logs on your machine.</li> + </ol> + + + + + + + + + + + + + + + + + <div> + <b>Description</b>: +</div> +<div> + <br> + You can use CloudWatch Logs to monitor, store and access log files from an Amazon EC2 instance (application or system data). +</div> +<div> + <br> + With CloudWatch Logs, you can monitor your logs, in near real-time, for specific phrases, values or patterns (metrics). For example, you could set an alarm on the number of errors that occur in your system logs or view graphs of web request latency from your application logs. Log data can be stored and accessed for as long as you need using highly durable, lowcost storage so you don't have to worry about filling up hard drives. +</div> +<div> + <br> + A Cloudwatch agent needs to run within the Guest Operating System of each EC2 instance you wish to ship logs from. +</div> +<div> + <br> + Note: +</div> +<div> + <ul> + <li>You can also use any third party log management tools (like Splunk, Loggly, AlertLogic Log Manager, etc.) as long as the recommendation goal is achieved.</li> + <li>The below Audit and Remediation steps need to be modified for your specific log management tool, as they are provided in the benchmark only for Amazon Cloudwatch</li> + </ul> +</div> +<div> + <br> +</div> +<div> + <b>Remediation</b>: +</div> +<div> + <br> +</div> +<div> + <div> + *Note: references to Web tier are also applicable to App tier. + </div> +</div> +<div> + <br> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>Create a sample agent configuration file for Amazon Linux and save it as a text file (for example, awslogs.cfg) either on the AMI's filesystem, in a publicly accessible http/https location, or an Amazon S3 location (for example, s3://&lt;s3_bucket_name&gt;/&lt;cloudwatch_agent_config_file&gt;):</li> + </ul> + [general] + state_file = /var/awslogs/state/agent-state + [/var/log/messages] + file = /var/log/messages + log_group_name = /var/log/messages + log_stream_name = {instance_id} + datetime_format = %b %d %H:%M:%S +</div> +<div> + <br> +</div> +<div> + <ul> + <li>Create a new Web tier Autoscaling Launch Configuration with UserData populated for installing Cloudwatch Logs agent:</li> + <ul> + <li>Create and save locally a file containing the UserData, for example /tmp/UserData.txt:</li> + </ul> + </ul> +</div> +<blockquote> + <blockquote> + <blockquote> + <div> + #!/bin/bashcurl https://s3.amazonaws.com/awscloudwatch/downloads/latest/awslogs-agent-setup.py -Ochmod +x ./awslogs-agentsetup.py./awslogs-agent-setup.py -n -r us-east-1 -c s3://&lt;s3_bucket_name&gt;/&lt;cloudwatch_agent_config_file&gt; + </div> + </blockquote> + </blockquote> +</blockquote> +<div> + <ul> + <ul> + <li>Note: You can install the CloudWatch Logs agent by specifying the us-east-1, uswest-1, us-west-2, eu-west-1, eu-central-1, ap-southeast-1, ap-southeast-2, ap-northeast-1, or sa-east-1 regions.</li> + </ul> + </ul> +</div> +<blockquote> + <blockquote> + <blockquote> + <div> + aws autoscaling create-launch-configuration --launch-configurationname &lt;web_tier_launch_config&gt; --image-id &lt;web_tier_ami&gt; --key-name &lt;your_key_pair&gt; --security-groups &lt;web_tier_security_group&gt; --instance-type &lt;desired_instance_type&gt; --iam-instance-profile &lt;web_tier_instance_profile&gt; -- user-data file:///tmp/UserData.txt + </div> + </blockquote> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>Check if the Cloudwatch Logs agent is installed through UserData in the Web tier Autoscaling Launch Configuration:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws autoscaling describe-launch-configurations --launch-configuration-names &lt;web_tier_launch_config&gt;--query "LaunchConfigurations[*].UserData" + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>Output should be similar with:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + #!/bin/bash + </div> + <div> + curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -Ochmod +x ./awslogs-agent-setup.py ./awslogs-agent-setup.py -n -r us-east-1 -c s3://&lt;s3_bucket_name&gt;/&lt;cloudwatch_agent_config_file&gt; + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + One way to work with cloudtrail logs is to send them to cloudwatch logs which allows you to + define metric filters for alerting and monitoring. This allows you to take immediate action if a + certain threshold has been met. Enabling this provides the opportunity to monitor for sensitive + account activity. + <div> + <br /> + <b>Remediation:</b> + <br /> + <ol> + <li>Sign in to the AWS Management Console (with cloudtrail update permission).</li> + <li>Select Cloudtrail from the services list.</li> + <li>Under All Buckets select the target bucket you want to check.</li> + <li>Select &quot;Properties&quot; then &quot;Trails&quot;.</li> + <li>Click on each trail where no CloudWatch Logs are defined.</li> + <li>Go to the &quot;CloudWatch Logs&quot; section and click on &quot;Configure&quot;.</li> + <li>Define a new or select an existing log group and click &quot;Continue&quot;.</li> + <li>Configure the IAM Role which will deliver CloudTrail events to CloudWatch Logs.</li> + <li>Create/Select an IAM Role and Policy Name.</li> + <li>Click Allow.</li> + </ol> + <br />&nbsp; + </div> + + + + + + + + + + + + + + + + <blockquote> + aws cloudtrail get-trail-status --name &lt;trail_name&gt; + </blockquote>Ensure the &quot;LatestcloudwatchLogdDeliveryTime&quot; property + is set to a recent time (ie within the latest day or so). + + + + + + + + + + + + + + + + + <p>AWS virtual private cloud is the de-facto standard for networking AWS as it provides additional security controls such as Security Groups, Network Access Control Lists (NACLs) and routing. However, the use of VPC is not compulsory and resources such as EC2 can be created outside of VPC (usingEC2 Classic). It is recommended to make all resources a member of a VPC if possible to benefit from the increased security controls they offer and reduce undue network exposure. &nbsp;</p><p><br><strong>Remediation:</strong><br>&nbsp;</p><ol><li>Log in to the AWS Management Console.</li><li>Select EC2 from the services menu.</li><li>Select "Launch Instance".</li><li>Complete the wizard until step 3. At this point, ensure a VPC ID is selected for the "Network" option, choose an appropriate "Subnet" and "Auto-assign Public IP" option.</li><li>Complete the wizard to launch the instance.</li></ol><p>NB: If you want to migrate an already running instance you will need to convert the image into an AMI and then launch a new instance using the AMI and placing in a VPC, as per the steps above<br>&nbsp;</p><p></p> + + + + + + <ol><li>Log in to the AWS Management Console.</li><li>Select EC2 from the services menu.</li><li>Select "Instances" from the left hand menu.</li><li>For each instance in the list:<ul><li>select the instance</li><li>in the preview pane confirm the instance has a "VPC ID". If a hyphen "-" is shown then your instance is running in EC2-Classic mode.</li></ul></li></ol> + + + + + + + + + + + + + + + + + <p>In multi-account environments, IAM user centralization facilitates greater user control. User access beyond the initial account is then provided via role assumption. Centralization of users can be accomplished through federation with an external identity provider or through the use of AWS Organizations.</p><p>Rationale:</p><p>Centralizing IAM user management to a single identity store reduces complexity and thus the likelihood of access management errors.</p><p>Remediation:</p><p>The remediation procedure will vary based on the individual organization's implementation of identity federation and/or AWS Organizations with the acceptance criteria that no non-service IAM users, and non-root accounts, are present outside the account providing centralized IAM user management.</p> + + + + + + + + <p>For multi-account AWS environments with an external identity provider...</p><ol><li>Determine the master account for identity federation or IAM user management</li><li>Login to that account through the AWS Management Console</li><li>Click Services</li><li>Click IAM</li><li>Click Identity providers</li><li>Verify the configuration</li></ol><p>Then..., determine all accounts that should not have local users present. For each account...</p><ol><li>Determine all accounts that should not have local users present</li><li>Log into the AWS Management Console</li><li>Switch role into each identified account</li><li>Click Services</li><li>Click IAM</li><li>Click Users</li><li>Confirm that no IAM users representing individuals are present</li></ol><p>For multi-account AWS environments implementing AWS Organizations without an external identity provider...</p><ol><li>Determine all accounts that should not have local users present</li><li>Log into the AWS Management Console</li><li>Switch role into each identified account</li><li>Click Services</li><li>Click IAM</li><li>Click Users</li><li>Confirm that no IAM users representing individuals are present</li></ol> + + + + + + + + + + + + + + + + + <div> + Once a VPC peering connection is established, routing tables must be updated to establish any connections between the peered VPCs. These routes can be as specific as desired - even peering a VPC to only a single host on the other side of the connection. +</div> +<div> + <br> +</div> +<div> + <b> Rationale: </b> + Being highly selective in peering routing tables is a very effective way of minimizing the impact of breach as resources outside of these routes are inaccessible to the peered VPC. +</div> +<div> + <br> +</div> +<div> + <b> Remediation: </b> + Remove and add route table entries to ensure that the least number of subnets or hosts as is required to accomplish the purpose for peering are routable. +</div> +<div> + <br> + Via CLI: +</div> +<div> + <ul> + <li>For each &lt;route_table_id&gt; containing routes non compliant with your routing policy (which grants more than desired ""least access""), delete the non compliant route:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 delete-route --route-table-id &lt;route_table_id&gt; --destination-cidr-block &lt;non_compliant_destination_CIDR&gt; + </div> + </blockquote> +</blockquote> +<div> + <br> +</div> +<div> + <ul> + <li>Create a new compliant route:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 create-route --route-table-id &lt;route_table_id&gt; --destination-cidr-block &lt;compliant_destination_CIDR&gt; --vpc-peering-connection-id &lt;peering_connection_id&gt; + </div> + </blockquote> +</blockquote> + + + + + + + + + + Review routing tables of peered VPCs for whether they route + all subnets of each VPC and whether that is necessary to accomplish the intended purposes + for peering the VPCs.<br /><br /><b>Via CLI:</b><br />List all + the route tables from a VPC and check if &quot;GatewayId&quot; is pointing to a + &lt;peering_connection_id&gt; (e.g. pcx-1a2b3c4d) and if &quot;DestinationCidrBlock&quot; + is as specific as desired.<br /> + <blockquote> + aws ec2 describe-route-tables --filter &quot;Name=vpc-id,Values=&lt;vpc_id&gt;&quot; + --query &quot;RouteTables[*].{RouteTableId:RouteTableId, VpcId:VpcId, Routes:Routes, + AssociatedSubnets:Associations[*].SubnetId}&quot; + </blockquote> + + + + + + + + + + + + + + + + + AWS will occasionally send security advisories and alerts to the account holder. By default this will go to the email address that the account is registered under. However if a security contact is specified these alerts will be sent here instead. Therefore this provides the means of ensuring these advisories are routed to the security team, especially if a distribution email address is used.&nbsp; +<div> + &nbsp; + <br /> + <b>Remediation:</b> + <br /> + <ol> + <li>Login to the AWS Account as root.</li> + <li>Click account name on the top right of the management console.</li> + <li>Select &quot;My Account&quot;.</li> + <li>Scroll down to &quot;Alternate Contacts&quot; section.</li> + <li>Click on Edit.</li> + <li>In the &quot;Security&quot; section complete the requested contact information.</li> + <li>Click update when complete.</li> + </ol></div> + + + + + + + + + <ol> + <li>Login to the AWS Account as root.</li> + <li>Click account name on the top right of the management console.&nbsp;</li> + <li>Select &quot;My Account&quot;.</li> + <li>Scroll down to &quot;Alternate Contacts&quot; section.</li> + <li>Confirm whether a contact has been set for &quot;Security&quot;.&nbsp;</li> + </ol> + + + + + + + + + + + + + + + + + <p>To enable HTTPS connections to your website or application in AWS, you need an SSL/TLS server certificate. You can use ACM or IAM to store and deploy server certificates. Use IAM as a certificate manager only when you must support HTTPS connections in a region that is not supported by ACM. IAM securely encrypts your private keys and stores the encrypted version in IAM SSL certificate storage. IAM supports deploying server certificates in all regions, but you must obtain your certificate from an external provider for use with AWS. You cannot upload an ACM certificate to IAM. Additionally, you cannot manage your certificates from the IAM Console.</p><p>Rationale:</p><p>Removing expired SSL/TLS certificates eliminates the risk that an invalid certificate will be deployed accidentally to a resource such as AWS Elastic Load Balancer (ELB), which can damage the credibility of the application/website behind the ELB. As a best practice, it is recommended to delete expired certificates.</p><p>Remediation:</p><p><strong>From Console:&nbsp;</strong></p><p>Removing expired certificates via AWS Management Console is not currently supported. To delete SSL/TLS certificates stored in IAM via the AWS API use the Command Line Interface (CLI).&nbsp;</p><p><strong>From Command Line:&nbsp;</strong></p><p>To delete Expired Certificate run following command by replacing &lt;CERTIFICATE_NAME&gt; with the name of the certificate to delete:&nbsp;</p><blockquote><p>aws iam delete-server-certificate --server-certificate-name &lt;CERTIFICATE_NAME&gt;</p></blockquote><p>When the preceding command is successful, it does not return any output.</p> + + + + + + + + + <p><strong>From Console:&nbsp;</strong></p><p>Getting the certificates expiration information via AWS Management Console is not currently supported. To request information about the SSL/TLS certificates stored in IAM via the AWS API use the Command Line Interface (CLI).&nbsp;</p><p><strong>From Command Line:&nbsp;</strong></p><p>Run list-server-certificates command to list all the IAM-stored server certificates:&nbsp;</p><blockquote><p>aws iam list-server-certificates</p></blockquote><p>The command output should return an array that contains all the SSL/TLS certificates currently stored in IAM and their metadata (name, ID, expiration date, etc):&nbsp;</p><blockquote><p>{ "ServerCertificateMetadataList": [ { "ServerCertificateId": "EHDGFRW7EJFYTE88D", "ServerCertificateName": "MyServerCertificate", "Expiration": "2018-07-10T23:59:59Z", "Path": "/", "Arn": "arn:aws:iam::012345678910:server-certificate/MySSLCertificate", "UploadDate": "2018-06-10T11:56:08Z" } ] }</p></blockquote><p>Verify the ServerCertificateName and Expiration parameter value (expiration date) for each SSL/TLS certificate returned by the list-server-certificates command and determine if there are any expired server certificates currently stored in AWS IAM. If so, use the AWS API to remove them. If this command returns:&nbsp;</p><blockquote><p>{ { "ServerCertificateMetadataList": [] }</p></blockquote><p>This means that there are no expired certificates, It DOES NOT mean that no certificates exist.</p> + + + + + + + + + + + + + + + + + AWS virtual private cloud is the de-facto standard for networking AWS as it provides additional security controls such as Security Groups, Network Access Control Lists (NACL's) and routing. It is recommended that resources be placed into VPC's according to use case (ie dev/test/prod) and that appropriate security levels be set on these VPC's. Placing such resources accordingly ensures that a resource of a higher security level is not exposed by the security settings of a lower labeled VPC.&nbsp; +<div> + &nbsp; + <br> + <b>Remediation:</b> + <br> + <ol> + <li>Identify the resources that exist within an incorrect VPC.</li> + <li>Migrate or move them to the correct VPC.</li> + </ol> + <br> + <br> + <br> + <br> + <br> + <br> + <br> + <br> + <br> +</div> + + + + + + Ensure that each AWS resource added to a VPC is isolated according to its designation (ie + test/dev/prod). + + + + + + + + + + + + + + + + + AWS virtual private cloud is the de-facto standard for networking AWS as it provides additional security controls such as Security Groups, Network Access Control Lists (NACL's) and routing. +<div> + <br> +</div> +<div> + However the use of VPC is not compulsory and resources such as EC2 can be created outside of VPC (usingEC2 Classic). It is the recommendation to make all resources a member of a VPC if possible to benefit from the increased security controls they offer and reduce undue network exposure.&nbsp; + <div> + &nbsp; + <br> + <b>Remediation:<br></b>Move or migrate the resources to a VPC. + </div> + +</div> + + + + + + + + + + + + + Ensure that each AWS resource you own that is able to exist in a VPC does so. + + + + + + + + + + + + + + + + + + + + + <div> + If audit trails are not properly protected, an attacker could gain access to the system, + modify the status of the resources or exfiltrate sensitive data without being noticed. + </div> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <div> + If audit trails in the resources are not enabled or not protected, attackers could gain + access to the system and modify or delete data from the resources and the changes are + not detected. + </div> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <div> + Attackers could gain unauthorized access to the administrator account due to the lack of + the account and its security mechanisms, like modifying credentials and adding/removing + user accounts. + </div> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers could gain unauthorized access to the user account due to a lack of configuration of the account, such as an incorrect configuration of the security question to reset the password.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers could gain unauthorized access to the control of the environment, due to improper definition and configuration of user accounts or role groups.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <div> + Attackers gain undetected access to the network systems and the changes of the attackers + could not be audited or detected. + </div> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers gain undetected access to the security configurations and changes made by the attackers are undetected and unaudited.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <div> + Attackers gain access to the systems and they are not detected and the changes of the + attackers could not be detected and audited. + </div> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers could gain unauthorized network access to the resources through misconfigured ports or security network configurations.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + When a critical security event occurs, the software either does not record the event or omits important details about the event when logging it. When critical security events are not logged properly, such as in the case of a failed login attempt, this can make malicious behavior more difficult to detect and may hinder forensic analyses after a successful attack. + + + + + + + + + + + + Resources are not registered in the safety net systems, and/or additional unidentified resources exist. As such, additional weakness might be introduced. + + + + + + + + + + + + Credentials for groups and roles not properly configured. User accounts are configured with excessive privileges. + + + + + + + + + + + + <p>There are not any processes or mechanisms to regularly save the data to another place in order to have an older version of the data to restore in case of loss. Consequently, the data cannot be easily recovered or they cannot be recovered at all.</p> + + + + + + + + + + + + + + Since cloudtrail logs capture all API calls for the AWS account they should be stored in an S3 bucket that is not accessible to the public. Applying the correct bucket policy helps ensure the confidentiality of the data. +<div> + <br> + <b>Remediation:</b> +</div> +<div> + <ol> + <li>Sign in to the AWS Management Console (with s3 update privileges).</li> + <li>Select s3 from the services list.</li> + <li>Right-click on the bucket you have used for "cloudtrail" and click "Properties".</li> + <li>In the Properties pane, click the Permissions tab.&nbsp;</li> + <li>Select the row that grants permission to "Everyone" or "Any Authenticated User".</li> + <li>Uncheck all the permissions granted to Everyone or Any Authenticated User.</li> + <li>Click Save to save the ACL.&nbsp;</li> + <li>If the Edit bucket policy button is present, click it.</li> + <li>Remove any Statement having an Effect set to Allow and a Principal set to *.&nbsp;</li> + </ol></div> + + + + + + + + + <ol> + <li>Obtain the bucket name of the cloudtrail:&nbsp;aws cloudtrail describe-trails + --query 'trailList[*].S3BucketName'</li> + <li>Ensure &quot;AllUsers&quot; is not granted access to the bucket:&nbsp;aws + s3api get-bucket-acl --bucket &lt;bucket_name&gt; --query + 'Grants[?Grantee.URI==`http://acs.amazonaws.com/groups/global/AllUsers`]'</li> + <li>Ensure &quot;Authenticated Users&quot; is not granted access to the + bucket: aws s3api get-bucket-acl --bucket &lt;bucket_name&gt; --query + 'Grants[?Grantee.URI==`http://acs.amazonaws.com/groups/global/Authenticated Users`]'</li> + <li>Validate the bucket policy does not grant access to all:&nbsp;aws s3api + get-bucket-policy --bucket &lt;bucket_name&gt;</li> + <li>Check that the above command does not provide a principal of *, with EFFECT set to + ALLOW.&nbsp;</li> + </ol> + + + + + + + + + + + + + + + + + <p><strong>To generate a policy in the AWS Management Console</strong></p><ol><li>Open the IAM Console, and in the navigation pane choose Roles.</li><li>Choose a role to analyze.</li><li>Under Generate policy based on CloudTrail events, choose Generate policy.</li><li>In the Generate policy page, you select the time window for which IAM Access Analyzer will review the CloudTrail logs to create the policy.</li><li>If you are using this feature for the first time: for Select trail, you select the trail you want IAM Access Analyzer to review, select Create and use a new service role, then choose Generate policy. If you have existing service roles, you select Use an existing service role, select a role from the available options, and choose Generate policy.</li><li>After the policy is ready, you see a notification on the role page. To review the permissions, choose View generated policy.</li></ol><p><strong>(Optional) To customize the policy</strong></p><ol><li>For some services, on the Generated policy page, you can review a summary of the services and associated actions in the generated policy.</li><li>You can also look at all services used and select the permissions that your application requires.</li><li>Next, you review the policy and specify resource-level permissions by replacing placeholders with the resource ARN your application uses. Resource placeholders make it easier for you to specify fine-grained permissions that restrict access to specific resources. This helps you follow security best practices and enables you to specify the exact resources to which you want to grant access, thereby restricting access to just a sub-set of the resources.</li><li>On the Customize generated policy page, after you are done customizing the policy, choose Next to review the policy.</li></ol><p><strong>To create and attach the policy</strong></p><ol><li>On the Review and create as a customer managed policy page, update the policy name according to your company's best practices, and review the permission summary. Optionally, you can add a description to define the intent of policy.</li><li>Choose Create and attach, to attach the policy to the application role.</li></ol> + + + + + + + + <p><strong>To generate and view policies programmatically</strong></p><p>You can use the following IAM Access Analyzer APIs to request and retrieve policies:</p><ul><li>start-policy-generation: Generates policy for an IAM user or role. Call this API first to start policy generation. Specify the time period for which IAM Access Analyzer should review your CloudTrail logs.</li><li>get-generated-policy: Call this API to retrieve and view the generated policy.</li></ul><p>For more information, see Generate policies based on access activity in the AWS IAM User Guide.</p> + + + + + + + + + + + + + + + + + Amazon Simple Storage Service is storage for the Internet. It is designed to make web-scale computing easier for developers. +<br> +<br>Amazon S3 has a simple web services interface that you can use to store and retrieve any amount of data, at any time, from anywhere on the web. It gives any developer access to the same highly scalable, reliable, fast, inexpensive data storage infrastructure that Amazon uses to run its own global network of websites. +<br> +<br>To add an extra layer of security to data stored within S3 it is possible to enable object versioning. Object versioning enables the recovery of objects from accidental overwrite or accidental deletion. If an object is deleted, instead of being removed, S3 write a delete marker which becomes the current version that means previous versions can always be recovered. It is recommended that versioning be enabled for buckets storing sensitive data. +<div> + <br> + <b>Remediation:<br></b> +</div> +<blockquote> + <div> + aws s3api put-bucket-versioning --bucket my-bucket --versioning-configuration Status=Enabled + </div> +</blockquote> + + + + + + + + + + + + + + <blockquote> + aws s3api get-bucket-versioning --bucket my-bucket&nbsp; + </blockquote>If you don't see &quot;Status&quot;: &quot;Enabled&quot; + then your bucket has no versioning enabled. + + + + + + + + + + + + + + + + + <p>Control access to Amazon CloudTrail resources</p> +<p>Rationale:<br> With IAM identity-based policies, you can specify allowed or denied actions and resources as well as the conditions under which actions are allowed or denied. CloudTrail supports specific actions and resources. There are no CloudTrail service-specific condition keys that can be used in the Condition element of policy statements.</p> +<p>Remediation:<br> The following shows an example of a permissions policy.</p> +<p>{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudtrail:StartLogging", "cloudtrail:StopLogging", "cloudtrail:GetTrail", "cloudtrail:GetTrailStatus", "cloudtrail:GetEventSelectors" ], "Resource": [ "arn:aws:cloudtrail:us-east-2:123456789012:trail/My-First-Trail" ] } ]<br> }</p> +<p>Limit access to the AWSCloudTrail_FullAccess policy</p> +<p>Users with the AWSCloudTrail_FullAccess policy have the ability to disable or reconfigure the most sensitive and important auditing functions in their AWS accounts. This policy is not intended to be shared or applied broadly to users and roles in your AWS account. Limit application of this policy to as few individuals as possible, those you expect to act as AWS account administrators.</p> +<p>For further information please see Reference URLs.</p> +<p>Impact:<br> None</p> + + + + + + + + + + + + + <p>With the IAM policy simulator, you can test and troubleshoot identity-based policies, IAM permissions boundaries, Organizations service control policies, and resource-based policies.</p> + + + + + + + + + + + + + + + + + Enabling log file validation will provide additional integrity checking of CloudTrail as it + creates a digest for each log file it writes to S3. These digests can then be used to determine + if a log has been modified since being written + <br /> + <br /> + <b>Remediation:<br /></b> + <blockquote> + aws cloudtrail update-trail --name &lt;trail_name&gt; --enable-log-file-validation + </blockquote> + <br /> + + + + + + + + + + + + + + + + <blockquote> + aws cloudtrail describe-trails&nbsp; + </blockquote>Ensure LogFileValidationEnabled = true (for each trail) + <ol> + </ol> + + + + + + + + + + + + + + + + + <p>Enable Logging Insights Events for CloudTrail</p> +<p>Rationale:<br> AWS CloudTrail Insights helps AWS users identify and respond to unusual activity associated with write API calls by continuously analyzing CloudTrail management events.<br> CloudTrail Insights continuously monitors CloudTrail write management events, and uses mathematical models to determine the normal levels of API and service event activity for an account. CloudTrail Insights identifies behavior that is outside normal patterns, generates Insights events, and delivers those events to a /CloudTrail-Insight folder in the chosen destination S3 bucket for your trail. You can also access and view Insights events in the AWS Management Console for CloudTrail. For more information about how to access and view Insights events in the console and by using the AWS CLI, see Viewing CloudTrail Insights Events in this guide.</p> +<p>Remediation:<br> Logging Insights events with the AWS Management Console<br> Enable CloudTrail Insights events on an existing trail. By default, Insights events are not enabled.</p> +<p>In the left navigation pane of the CloudTrail console, open the Trails page, and choose a trail name.</p> +<p>In Insights events choose Edit.</p> +<p>Note<br> Additional charges apply for logging Insights events. For CloudTrail pricing, see AWS CloudTrail Pricing.</p> +<p>In Event type, select Insights events. You must be logging Write management events to log Insights events.</p> +<p>Choose Update trail to save your changes.</p> +<p>It can take up to 36 hours for CloudTrail to deliver the first Insights events, if unusual activity is detected.</p> +<p>Impact:<br> None</p> + + + + + + + + + + + + + + + <p>To view whether your trail is logging Insights events, run the get-insight-selectors command.</p> + + <p>aws cloudtrail get-insight-selectors -trail-name TrailName</p> + + + + + + + + + + + + + + + + + One way to work with cloudtrail logs is to send them to cloudwatch logs which allows you to + define metric filters for alerting and monitoring. This allows you to take immediate action if a + certain threshold has been met. Enabling this provides the opportunity to monitor for sensitive + account activity. + <div> + <br /> + <b>Remediation:</b> + <br /> + <ol> + <li>Sign in to the AWS Management Console (with cloudtrail update permission).</li> + <li>Select Cloudtrail from the services list.</li> + <li>Under All Buckets select the target bucket you want to check.</li> + <li>Select &quot;Properties&quot; then &quot;Trails&quot;.</li> + <li>Click on each trail where no CloudWatch Logs are defined.</li> + <li>Go to the &quot;CloudWatch Logs&quot; section and click on &quot;Configure&quot;.</li> + <li>Define a new or select an existing log group and click &quot;Continue&quot;.</li> + <li>Configure the IAM Role which will deliver CloudTrail events to CloudWatch Logs.</li> + <li>Create/Select an IAM Role and Policy Name.</li> + <li>Click Allow.</li> + </ol> + <br />&nbsp; + </div> + + + + + + + + + + + + + + + + <blockquote> + aws cloudtrail get-trail-status --name &lt;trail_name&gt; + </blockquote>Ensure the &quot;LatestcloudwatchLogdDeliveryTime&quot; property + is set to a recent time (ie within the latest day or so). + + + + + + + + + + + + + + + + + <p>Log to a dedicated and centralized Amazon S3 bucket</p> +<p>Rationale:<br> CloudTrail log files are an audit log of actions taken by a user, role or an AWS service. The integrity, completeness and availability of these logs is crucial for forensic and auditing purposes. By logging to a dedicated and centralized Amazon S3 bucket, you can enforce strict security controls, access, and segregation of duties.</p> +<p>Remediation:<br> The following are some steps you can take:</p> +<p>- Create a separate AWS account as a log archive account. If you use AWS Organizations, enroll this account in the organization, and consider creating an organization trail to log data for all AWS accounts in your organization.</p> +<p>- If you do not use Organizations but want to log data for multiple AWS accounts, create a trail to log activity in this log archive account. Restrict access to this account to only trusted administrative users who should have access to account and auditing data.</p> +<p>- As part of creating a trail, whether it is an organization trail or a trail for a single AWS account, create a dedicated Amazon S3 bucket to store log files for this trail.</p> +<p>- If you want to log activity for more than one AWS account, modify the bucket policy to allow logging and storing log files for all AWS accounts that you want to log AWS account activity.</p> +<p>- If you are not using an organization trail, create trails in all of your AWS accounts, specifying the Amazon S3 bucket in the log archive account.</p> +<p>Impact:<br> None</p> + + + + + + + + + <p>Ensure that you are using a dedicated and centralized Amazon S3 bucket for CloudTrail log files.</p> + + + + + + + + + + + + + + + + + <div> + <b>Description</b>: +</div> +<div> + <br> + Tags enable customers to categorize AWS resources in different ways, for example, by purpose, owner, or environment. +</div> +<div> + <br> + Each tag consists of a key and an optional value, both of which customer's define. + You should define a set of tags for the following items to help you track each instance's owner and operating environment, cost center, and other items. +</div> +<div> + <ol> + <li>Amazon EC2 instances</li> + <li>ELB</li> + <li>EBS Volumes</li> + <li>S3 Buckets</li> + </ol> +</div> +<div> + <br> + A resource may have up to 10 tags associated with key &amp; value such as: +</div> +<div> + <ul> + <li>Key=tier, Value=app</li> + <li>Key=environment, Value=production</li> + <li>Key=costcenter, Value=sales</li> + </ul> + <div> + <b>Remediation:</b> + </div> +</div> +<div> + <b><br></b> + Tag all your 3 tier Web Application resources based on their tier membership (Web, App, Data), and your organizational requirements. +</div> + + + + + + + + + + + + Verify tags are being used.&nbsp; + + + + + + + + + + + + + + + + + Amazon Simple Storage Service is storage for the Internet. It is designed to make web-scale computing easier for developers. +<br /> +<br />Amazon S3 has a simple web services interface that you can use to store and retrieve any amount of data, at any time, from anywhere on the web. It gives any developer access to the same highly scalable, reliable, fast, inexpensive data storage infrastructure that Amazon uses to run its own global network of websites. +<br /> +<br />To add an extra layer of security to data stored within S3 the account owner (root) can enable MFA Delete which means that buckets and the objects within them can only be deleted with the use of Multi-factor authentication device. It is recommended to enable MFA Delete on any buckets containing sensitive data to protect against accidental deletion +<br />Remediation +<br />1. aws s3api put-bucket-versioning --bucket my-bucket --versioning-configuration Status=Enabled,MFADelete=Enabled +<br /> + + + + + + + + + <blockquote> + aws s3api get-bucket-versioning --bucket my-bucket&nbsp; + </blockquote> + <div> + If you don't see &quot;MFADelete&quot;: &quot;Enabled&quot; then your bucket + has no MFA delete enabled. + </div> + + + + + + + + + + + + + + + + + + + + + <p>Attackers could gain unauthorized access to the control of the environment, due to improper definition and configuration of user accounts or role groups.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Data can be deleted intentionally or accidentally and cannot be recovered. Attackers could rely on the lack of backup and recovery mechanisms.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Exploitation of insufficient logging and monitoring is the bedrock of nearly every major incident.<br /> + Attackers rely on the lack of monitoring and timely response to achieve their goals without being detected.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers could gain unauthorized network access to the resources through misconfigured ports or security network configurations.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + AWS Resources are indistinguishable and countermeasures cannot be applied confidently. + + + + + + + + + + + + When a critical security event occurs, the software either does not record the event or omits important details about the event when logging it. When critical security events are not logged properly, such as in the case of a failed login attempt, this can make malicious behavior more difficult to detect and may hinder forensic analyses after a successful attack. + + + + + + + + + + + + Sensitive data is not encrypted and is exposed. + + + + + + + + + + + + The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. + + + + + + + + + + + + Attackers can perform a successful denial of service on the system + + + + + + + + + + + + The latest vendor updates that ensure that the systems are not vulnerable have not been applied to the systems. + + + + + + + + + + + + <p>Volumes are not encrypted, leading to the disclosure of information.</p> + + + + + + + + + + + + Receiving unauthorized connections to Amazon resources is most likely to be receiving an attack. To avoid this, access to the network must be as restricted as possible using Network Access Control Lists for blacklisting. + + + + + + + + + + + + Receiving unauthorized connections to port 22 is most likely to be receiving an SSH attack. To + avoid this, access to the network must be as restricted as possible, so that only the necessary + ports are open and the minimum inbound traffic is accepted. + + + + + + + + + + + + Receiving unauthorized connections to port 3389 is most likely to be receiving an RDP attack. + To avoid this, access to the network must be as restricted as possible, so that only the + necessary ports are open and the minimum inbound traffic is accepted. + + + + + + + + + + + + <p>Receiving unauthorized connections to open ports makes systems vulnerable to attacks. To avoid this, access to network must be as restricted as possible, so that only the necessary ports are open and the minimum inbound traffic is accepted.</p> + + + + + + + + + + + + + + <div> + <b> Description</b>: +</div> +<div> + <br> + An Elastic IP address is a static, public IP address designed for dynamic cloud computing. + You can associate an Elastic IP address with any instance, network interface for your VPC or a NAT Gateway. With an Elastic IP address, you can mask the failure of an instance by rapidly remapping the address to another instance in your VPC. +</div> +<div> + <b><br></b> +</div> +<div> + <b> Remediation</b>: +</div> +<div> + <br> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>Allocate Elastic IP address for the number of NAT Gateways that you want to deploy:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 allocate-address --domain vpc + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>Check if you have Elastic IP addresses allocated and unused for the number of NAT Gateways that you want to deploy:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 describe-addresses --filters Name=domain,Values=vpc --query "Addresses[?AssociationId == null]" + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + <p><strong>Description</strong>:</p><p><br>AWS Config provides you with a detailed inventory of your AWS resources and their current configuration, and continuously records all configuration changes to these resources. You can evaluate these configurations and changes to comply with the ideal configurations defined by AWS Config Rules.</p><p><strong>Remediation</strong>:</p><p>*Note: references to Web tier are also applicable to App tier.</p><p><br>Using the Amazon unified command line interface:</p><ul><li>Create locally a json file (similar to the below example) with the configuration of the Config Rule, and save it as /tmp/ConfigRule.json:</li></ul><blockquote><p>{</p></blockquote><blockquote><p>"Description": "Checks whether Web Tier EBS volumes that are in an attached state</p></blockquote><blockquote><p>are encrypted.",</p></blockquote><blockquote><p>"ConfigRuleName": "encrypted-volumes-web-tier",</p></blockquote><blockquote><p>"Source": {</p></blockquote><blockquote><p>"Owner": "AWS",</p></blockquote><blockquote><p>"SourceIdentifier": "ENCRYPTED_VOLUMES"</p></blockquote><blockquote><p>},</p></blockquote><blockquote><p>"InputParameters": "{\"kmsId\":\"&lt;web_tier_kms_key&gt;\"}",</p></blockquote><blockquote><p>"Scope": {</p></blockquote><blockquote><p>"TagKey": "&lt;web_tier_tag&gt;",</p></blockquote><blockquote><p>"TagValue": "&lt;web_tier_tag_value&gt;"</p></blockquote><blockquote><p>}</p></blockquote><blockquote><p>}</p></blockquote><ul><li>Create a Config Rule using the configuration saved earlier:</li></ul><blockquote><p>aws configservice put-config-rule --config-rule file:///tmp/ConfigRule.json</p></blockquote> + + + + + + + + + + + + + <p>Using the Amazon unified command line interface:</p><ul><li>Search for a Config Rule that checks if the EBS volumes tagged with Web tier tags are encrypted with the Web tier KMS key:</li></ul><blockquote><p>aws configservice describe-config-rules --query "ConfigRules[?Source.SourceIdentifier== 'ENCRYPTED_VOLUMES']|[?Scope.TagKey == '&lt;web_tier_tag&gt;']|[?Scope.TagValue =='&lt;web_tier_tag_value&gt;']|[?InputParameters == '{\"kmsId\":\"&lt;web_tier_kms_key&gt;\"}']"</p></blockquote> + + + + + + + + + + + + + + + + + <b>Description</b>:&nbsp; +<div> + <br> + Auto Scaling helps maintain application availability and allows you to scale your Amazon EC2 capacity up or down automatically according to conditions you define.&nbsp; +</div> +<div> + <br> + You can use Auto Scaling to help ensure that you are running your desired number of Amazon EC2 instances or can automatically increase the number of Amazon EC2 instances during demand spikes to maintain performance and decrease capacity during lulls to reduce costs.&nbsp; +</div> +<div> + <br> + These properties can be defined within the Auto-Scaling Group configuration. +</div> +<div> + <br> +</div> +<div> + <div> + <b>Remediation</b>: + </div> + <div> + <br> + </div> + <div> + Using the Amazon Unified CLI: + </div> + <div> + <ul> + <li>List all the subnets and the associated Availability Zones from the application VPC:</li> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div> + aws ec2 describe-subnets --query "Subnets[?VpcId == '&lt;application_vpc&gt;'].{VPC:VpcId,Subnet:SubnetId, AZ:AvailabilityZone, CIDR:CidrBlock}" + </div> + </div> + </blockquote> +</blockquote> +<div> + <div> + <ul> + <li>Update AutoScaling Group to include more than 1 Availability Zones within the same VPC:</li> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div> + aws autoscaling update-auto-scaling-group --auto-scaling-group-name &lt;autoscaling_group_name&gt; --availability-zones &lt;application_az&gt; + </div> + </div> + </blockquote> +</blockquote> +<div> + <br> +</div> + + + + + + + + + + + + <div> + Using the Amazon Unified CLI: +</div> +<div> + <ul> + <li>List all Auto-Scaling Groups and associated Availability Zones, and ensure there is more than 1 Availability Zone assigned to the Auto-Scaling Group:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws autoscaling describe-auto-scaling-groups --query 'AutoScalingGroups[*].{AZs:AvailabilityZones, ASG:AutoScalingGroupName}' + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + <b>Description</b>:&nbsp; +<div> + <br> + Auto Scaling helps maintain application availability and allows you to scale your Amazon EC2 capacity up or down automatically according to conditions you define.&nbsp; +</div> +<div> + <br> + You can use Auto Scaling to help ensure that you are running your desired number of Amazon EC2 instances or can automatically increase the number of Amazon EC2 instances during demand spikes to maintain performance and decrease capacity during lulls to reduce costs.&nbsp; +</div> +<div> + <br> + These properties can be defined within the Auto-Scaling Group configuration.&nbsp; +</div> +<div> + <br> + Additional properties can be defined through the launch configuration such as:&nbsp; +</div> +<div> + <ul> + <li>Instance Type</li> + <li>Amazon Machine Image (Pre-configured Operating System Images - allows for O.S Hardening)</li> + <li>IAM Role</li> + <li>Security Groups&nbsp;</li> + </ul>Your Organization must maintain a list of approved AMIs. Use these when creating AutoScaling Groups. +</div> +<div> + <br> +</div> +<div> + <div> + <b>Remediation</b>: + </div> + <div> + <br> + </div> + <div> + <div> + *Note: references to Web tier are also applicable to App tier. + </div> + </div> + <div> + <br> + </div> + <div> + Using the Amazon unified command line interface: + </div> + <div> + <ul> + <li>Create new launch configuration for the Web tier using the approved Web tier AMI from your organization's list:</li> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div> + aws autoscaling create-launch-configuration --launch-configurationname &lt;new_web_tier_launch_config&gt; --image-id &lt;web_tier_ami&gt; --key-name &lt;your_key_pair&gt; --security-groups &lt;web_tier_security_group&gt; --instance-type &lt;desired_instance_type&gt; --iam-instance-profile &lt;web_tier_instance_profile&gt;&nbsp; + </div> + <div> + <br> + </div> + </div> + </blockquote> +</blockquote> +<b>Impact</b>: +<div> + <br> + <div> + <div> + A list of approved AMIs must be maintained by the organization. + </div> + </div> +</div> + + + + + + + + + + + + + + + <div> + Using the Amazon Unified CLI: +</div> +<div> + <ul> + <li>List the associated Launch Configuration of the Web Tier Auto-Scaling Group (note the value of "LaunchConfig" element):</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names &lt;web_tier_autoscaling_group_name&gt; --query 'AutoScalingGroups[*].{LaunchConfig:LaunchConfigurationName,ASG:AutoScalingGroupName}' + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>Ensure actively used Launch Configuration found in the previous step is using an approved AMI from your organization's list (replace &lt;web_tier_launch_config&gt; with the Launch Configuration previously found):</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws autoscaling describe-launch-configurations --launch-configuration-names &lt;web_tier_launch_config&gt; --query 'LaunchConfigurations[*].{LaunchConfig:LaunchConfigurationName, AMI:ImageId,InstanceType:InstanceType}' + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + <div> + <b> Description</b>: +</div> +<div> + <br> + Auto Scaling helps maintain application availability and allows you to scale your Amazon + EC2 capacity up or down automatically according to conditions you define. You can use Auto Scaling to help ensure that you are running your desired number of Amazon EC2 instances or can automatically increase the number of Amazon EC2 instances during demand spikes to maintain performance and decrease capacity during lulls to reduce costs. These properties can be defined within the Auto-Scaling Group configuration. +</div> +<div> + <br> + Additional properties can be defined through the launch configuration such as: +</div> +<div> + <ul> + <li>Instance Type</li> + <li>Amazon Machine Image (Pre-configured Operating System Images - allows for O.S Hardening)</li> + <li>IAM Role</li> + <li>Security Groups</li> + </ul> +</div> +<div> + <br> +</div> +<div> + <b> Remediation</b>: +</div> +<div> + <br> +</div> +<div> + <div> + *Note: references to Web tier are also applicable to App tier. + </div> +</div> +<div> + <br> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>Create new launch configuration for the Web tier using the Web Tier Security Group:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws autoscaling create-launch-configuration --launch-configurationname &lt;new_web_tier_launch_config&gt; --image-id &lt;web_tier_ami&gt; --key-name &lt;your_key_pair&gt; --security-groups &lt;web_tier_security_group&gt; --instance-type &lt;desired_instance_type&gt; --iam-instance-profile &lt;web_tier_instance_profile&gt; + </div> + </blockquote> +</blockquote> +<div> + <br> +</div> + + + + + + + + + + + + + + + <div> + Using the Amazon Unified CLI: +</div> +<div> + <ul> + <li>List the associated Launch Configuration of the Web Tier Auto-Scaling Group (note the value of "LaunchConfig" element):</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names &lt;web_tier_autoscaling_group_name&gt; --query 'AutoScalingGroups[*].{LaunchConfig:LaunchConfigurationName,ASG:AutoScalingGroupName}' + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>Ensure actively used Launch Configuration found in the previous step is using the Web Tier Security Group (replace &lt;web_tier_launch_config&gt; with the Launch Configuration previously found):</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws autoscaling describe-launch-configurations --launch-configuration-names &lt;web_tier_launch_config&gt; --query 'LaunchConfigurations[*].{LaunchConfig:LaunchConfigurationName, SecurityGroups:SecurityGroups}' + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + <div> + <b> Description</b>: +</div> +<div> + <br> + A route table contains a set of rules, called routes, that are used to determine where + network traffic is directed. +</div> +<div> + <br> + Each subnet in your VPC must be associated with a route table; the table controls the + routing for the subnet. A subnet can only be associated with one route table at a time, but + you can associate multiple subnets with the same route table. +</div> +<div> + <br> +</div> +<div> + <b> Remediation</b>: +</div> +<div> + <br> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>Create a route table for your private subnets, and note the RouteTableId in the output:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 create-route-table --vpc-id &lt;application_vpc&gt; + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>Associate the new route table with the private subnets: </li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 associate-route-table --route-table-id &lt;route_table_id&gt; --subnetid &lt;private_subnet1&gt; + </div> + </blockquote> +</blockquote> +<blockquote> + <blockquote> + <div> + aws ec2 associate-route-table --route-table-id &lt;route_table_id&gt; --subnetid &lt;private_subnet2&gt; + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>List route tables attached to the private subnets, and check if they contain the default route (0.0.0.0/0) pointing to the NAT Gateway:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 describe-route-tables --filters Name=association.subnetid,Values=&lt;private_subnet1&gt;,&lt;private_subnet2&gt; --query "RouteTables[*].{RouteTableId:RouteTableId, Tags:Tags, Routes:Routes}" + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + <div> + <b> Description</b>: +</div> +<div> + <br> + A route table contains a set of rules, called routes, that are used to determine where + network traffic is directed. +</div> +<div> + <br> + Each subnet in your VPC must be associated with a route table; the table controls the + routing for the subnet. A subnet can only be associated with one route table at a time, but + you can associate multiple subnets with the same route table. +</div> +<div> + <br> +</div> +<div> + <b> Remediation</b>: +</div> +<div> + <br> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>Create a route table for your public subnets, and note the RouteTableId in the output:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 create-route-table --vpc-id &lt;application_vpc&gt; + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>Associate the new route table with the public subnets: </li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 associate-route-table --route-table-id &lt;route_table_id&gt; --subnet-id &lt;public_subnet1&gt; + </div> + </blockquote> +</blockquote> +<blockquote> + <blockquote> + <div> + aws ec2 associate-route-table --route-table-id &lt;route_table_id&gt; --subnet-id &lt;public_subnet2&gt; + </div> + </blockquote> +</blockquote> +<div> + <br> +</div> + + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>List route tables attached to the public subnets, and check if they contain the default route (0.0.0.0/0) pointing to the Internet Gateway (IGW):</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 describe-route-tables --filters Name=association.subnetid,Values=&lt;public_subnet1&gt;,&lt;public_subnet2&gt; --query "RouteTables[*].{RouteTableId:RouteTableId, Tags:Tags, Routes:Routes}" + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + <div> + <b> Description</b>: +</div> +<div> + <br> + A route table contains a set of rules, called routes, that are used to determine where + network traffic is directed. +</div> +<div> + <br> + Each subnet in your VPC must be associated with a route table; the table controls the + routing for the subnet. A subnet can only be associated with one route table at a time, but + you can associate multiple subnets with the same route table. +</div> +<div> + <br> +</div> +<div> + <b> Remediation</b>: +</div> +<div> + <br> +</div> +<div> + <div> + *Note: references to Web tier are also applicable to App tier. + </div> +</div> +<div> + <br> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>For the above route tables, if the default route (0.0.0.0/0) exists but it doesn't have a NAT GW configured as gateway:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 replace-route --route-table-id &lt;route_table_id&gt; --destination-cidr-block 0.0.0.0/0 --gateway-id &lt;vpc_nat_gw&gt; + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>For the above route tables, if the default route (0.0.0.0/0) doesn't exist: </li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 create-route --route-table-id &lt;route_table_id&gt; --destination-cidr-block 0.0.0.0/0 --gateway-id &lt;vpc_nat_gw&gt; + </div> + </blockquote> +</blockquote> +<div> + <br> +</div> + + + + + + + + + + + + + + + + <div> + Using the Amazon unified command line interface:: +</div> +<div> + <ul> + <li>List the subnets associated with the Web tier:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 describe-subnets --filters Name=tag:&lt;web_tier_tag&gt;,Values=&lt;web_tier_tag_value&gt; --query "Subnets[*].SubnetId" + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>List the routes of the route tables associated with the above subnets, and check if the default route (0.0.0.0/0) has a NAT GW configured as gateway:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 describe-route-tables --filters Name=association.subnetid,Values=&lt;web_tier_subnet1&gt;,&lt;web_tier_subnet2&gt; --query "RouteTables[*].{RouteTableId:RouteTableId, Routes:Routes}" + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + <div> + <b> Description</b>: +</div> +<div> + <br> + You can use a network address translation (NAT) gateway to enable instances in a private subnet to connect to the Internet or other AWS services, but prevent the Internet from initiating a connection with those instances. +</div> +<div> + <br> + To create a NAT gateway, you must specify the public subnet in which the NAT gateway will reside. You must also specify an Elastic IP address to associate with the NAT gateway when you create it. This enables instances in your private subnets to communicate with the Internet. +</div> +<div> + <br> + Each NAT gateway is created in a specific Availability Zone and implemented with + redundancy in that zone. +</div> +<div> + <br> +</div> +<div> + <b> Remediation</b>: +</div> +<div> + <br> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>Create a NAT Gateway in a public subnet from a different Availability Zone: </li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 create-nat-gateway --subnet-id &lt;public_subnet1&gt; --allocation-id &lt;elastic_ip_allocation&gt; + </div> + </blockquote> +</blockquote> +<blockquote> + <div> + and/or + </div> +</blockquote> +<blockquote> + <blockquote> + <div> + aws ec2 create-nat-gateway --subnet-id &lt;public_subnet2&gt; --allocation-id &lt;elastic_ip_allocation&gt; + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>List the NAT Gateways from your application VPC, and note the subnets they are deployed in:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 describe-nat-gateways --filter Name=vpc-id,Values=&lt;application_vpc&gt; --query "NatGateways[*].{NatGatewayId:NatGatewayId, SubnetId:SubnetId}" + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>Check the Availability Zones where the above subnets are deployed:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 describe-subnets --subnet-ids &lt;public_subnet1&gt; &lt;public_subnet2&gt; --query "Subnets[*].{SubnetId:SubnetId, AvailabilityZone:AvailabilityZone}" + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + <div> + <b> Description</b>: +</div> +<div> + <br> + You can create a VPC that spans multiple Availability Zones. After creating a VPC, you can + add one or more subnets in each Availability Zone. Each subnet must reside entirely within + one Availability Zone and cannot span zones. Availability Zones are distinct locations that + are engineered to be isolated from failures in other Availability Zones. By launching + instances in separate Availability Zones, you can protect your applications from the failure + of a single location. AWS assigns a unique ID to each subnet. +</div> +<div> + <br> + When you create a subnet, you specify the CIDR block for the subnet. The CIDR block of a + subnet shouldn't be the same as the CIDR block for the VPC (for a single subnet in the VPC). + The allowed block size is between a /28 netmask and /16 netmask. If you create more than + one subnet in a VPC, the CIDR blocks of the subnets must not overlap. + Some AWS regions have more than 2 availability zones and it is recommended to use more + than 2 where possible. +</div> +<div> + <br> +</div> +<div> + <b> Remediation</b>: +</div> +<div> + <br> +</div> +<div> + <div> + *Note: references to Web tier are also applicable to App and Data tier. + </div> +</div> +<div> + <br> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>Create subnets for Web tier, and note the subnet id: </li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 create-subnet --vpc-id &lt;application_vpc&gt; --cidr-block &lt;desired_cidr&gt; + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>Tag the above subnets with the Web tier tags: </li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 create-tags --resources &lt;web_tier_subnet1&gt; &lt;web_tier_subnet2&gt; --tags Key=&lt;web_tier_tag&gt;,Value=&lt;web_tier_tag_value&gt; + </div> + </blockquote> +</blockquote> +<div> + <br> +</div> + + + + + + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>List the subnets associated with the Web tier:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 describe-subnets --filters Name=tag:&lt;web_tier_tag&gt;,Values=&lt;web_tier_tag_value&gt; --query "Subnets[*].SubnetId" + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + <div> + <b> Description</b>: +</div> +<div> + <br> + A security group acts as a virtual firewall for your instance to control inbound and + outbound traffic. When you launch an instance in the AWS Virtual Private Cloud (VPC), you + can assign the instance to up to five security groups. Security groups act at the instance + level, not the subnet level. Therefore, each instance in a subnet in your VPC could be + assigned to a different set of security groups. If you don't specify a particular group at + launch time, the instance is automatically assigned to the default security group for the + VPC. +</div> +<div> + <br> + For each security group, you add rules that control the inbound traffic to instances, and a + separate set of rules that control the outbound traffic. +</div> +<div> + <br> + The port for these inbound rules would depend on the Database engine used and the + configured port. +</div> +<div> + <br> + The default values are: +</div> +<div> + <ul> + <li> MySQL - TCP 3306</li> + <li>MSSQL - TCP 1433</li> + <li>Oracle SQL - TCP 1521</li> + <li>PostgreSQL - TCP 5432</li> + <li>MariaDB - TCP 3306</li> + <li>Amazon Aurora DB - TCP 3306</li> + </ul> +</div> +<div> + <b> Remediation</b>: +</div> +<div> + <br> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>First remove all the ingress rules for the security group configured for your RDS DB instance:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 describe-security-groups --group-id &lt;data_tier_security_group&gt; --query "SecurityGroups[0].IpPermissions" &gt; /tmp/IpPermissions.json + </div> + </blockquote> +</blockquote> +<blockquote> + <blockquote> + <div> + aws ec2 revoke-security-group-ingress --group-id &lt;data_tier_security_group&gt; --ippermissions file:///tmp/IpPermissions.json + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>Add an ingress rule for a specific port, using --source-group option to specify the App tier security group as the source of the connections:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 authorize-security-group-ingress --group-id &lt;data_tier_security_group&gt; -- protocol tcp --port &lt;specific_port&gt; --source-group &lt;app_tier_security_group&gt; + </div> + </blockquote> +</blockquote> +<div> + <br> +</div> + + + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>Retrieve the Data tier security group configured for your RDS DB instance:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws rds describe-db-instances --db-instance-identifier &lt;your_db_instance&gt; --query "DBInstances[*].VpcSecurityGroups" + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>List the ingress rules for the above security group, and make sure that allows connections only from App tier security group on specific ports:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 describe-security-groups --group-ids &lt;data_tier_security_group&gt; --query "SecurityGroups[*].{GroupName:GroupName, IpPermissions:IpPermissions}" --output table + </div> + </blockquote> +</blockquote> +<div> + <br> +</div> + + + + + + + + + + + + + + + + + <div> + <b> Description</b>: +</div> +<div> + <br> + A default VPC is ready for you to use - you can immediately start launching instances into your default VPC without having to perform any additional configuration steps. +</div> +<div> + <br> + When we create a default VPC, AWS does the following to set it up: +</div> +<div> + <ol> + <li>Create a default subnet in each Availability Zone.</li> + <li>Create an Internet gateway and connect it to your default VPC.</li> + <li>Create a main route table for your default VPC with a rule that sends all traffic destined for the Internet to the Internet gateway.</li> + <li>Create a default security group and associate it with your default VPC.</li> + <li>Create a default network access control list (ACL) and associate it with your default VPC.</li> + <li>Associate the default DHCP options set for your AWS account with your default VPC.</li> + </ol> + Label this Default VPC "Do Not Use". +</div> +<div> + <br> +</div> +<div> + <b> Remediation</b>: +</div> +<div> + <br> + Using the Amazon Unified CLI: +</div> +<div> + <ul> + <li>Create a new VPC with the desired CIDR and migrate your application: </li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 create-vpc --cidr-block &lt;desired_cidr&gt; + </div> + </blockquote> +</blockquote> +<div> + <b><br></b> +</div> +<div> + <b> Impact</b>: +</div> +<div> + <br> + The Default VPC can be deleted but only AWS Support can restore it. Don't delete it - just + set a label to remind others not to use it. +</div> + + + + + + + + + + + + + <div> + Using the Amazon Unified CLI: +</div> +<div> + <ul> + <li>List the attributes of the VPC's in your account and note the value of the "IsDefault" attribute for the VPC where the application is deployed:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 describe-vpcs --query "Vpcs[*].{VpcId:VpcId, IsDefault:IsDefault, Tags:Tags}" --output table + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + <p><strong>Description</strong>:</p><p><br>Elastic Block Storage (EBS) volumes can be encrypted using AWS Key Management Service (KMS). In this configuration, encryption and decryption are handled transparently and require no additional action from the user, an Amazon EC2 instance, or an application. When an encrypted Amazon EBS volume is attached to a supported Amazon EC2 instance type, the data stored at rest on the volume, disk I/O, and snapshots created from the volume are all encrypted. The encryption occurs on the servers that host Amazon EC2 instances. Additionally, snapshots of encrypted volumes are automatically encrypted, and volumes that are created from encrypted snapshots are also automatically encrypted. It is recommended that all EBS volumes for the web tier be encrypted.</p><p><strong>Remediation</strong>:</p><p>*Note: references to Web tier are also applicable to App tier.</p><p><br>Using the Amazon unified command line interface:</p><ul><li>Note all the volume ids of unencrypted EBS volumes and create a snapshot for each of them:</li></ul><blockquote><p>aws ec2 create-snapshot --volume-id &lt;unencrypted_ebs_volume&gt; --description "Snapshot for encryption operation"</p></blockquote><ul><li>Note the SnapshotIdelement from the output of step 1 and copy the snapshot to an encrypted snapshot using the KMS key created for the Web-tier:</li></ul><blockquote><p>aws ec2 copy-snapshot --source-region &lt;application_region&gt; --source-snapshot-id &lt;unencrypted_ebs_snapshot&gt; --description "Encrypted snapshot." --encrypted --kms-keyid &lt;web_tier_kms_key&gt;</p></blockquote><ul><li>Note the SnapshotId element from the output of step 2 and create a new EBS volume from the encrypted snapshot in the same Availability Zone as the unencrypted volume:</li></ul><blockquote><p>aws ec2 create-volume --availability-zone &lt;application_az&gt; --snapshot-id &lt;encrypted_ebs_snapshot&gt;</p></blockquote><ul><li>Tag the newly created EBS volume using the Volume Id from the previous step &lt;encrypted_ebs_volume&gt;:</li></ul><blockquote><p>aws ec2 create-tags --resources &lt;encrypted_ebs_volume&gt; --tags Key=&lt;web_tier_tag&gt;,Value=&lt;web_tier_tag_value&gt;</p></blockquote><ul><li>Delete unencrypted EBS volume:</li></ul><blockquote><p>aws ec2 delete-volume --volume-id &lt;unencrypted_ebs_volume&gt;</p></blockquote> + + + + + + + + + + + + + + + + + + <p>Using the Amazon unified command line interface: (Note that you should replace &lt;web_tier_tag&gt;:&lt;web_tier_tag_value&gt; with your own tag and value for the Web tier)</p><ul><li>Note the EBS volume ids, Instance ids, Availability Zones, and check if the Encrypted element is True or False</li></ul><blockquote><p>aws ec2 describe-volumes --filters Name=tag:&lt;web_tier_tag&gt;,Values=&lt;web_tier_tag_value&gt; --query 'Volumes[*].{VolumeId:VolumeId, Encrypted:Encrypted, AvailabilityZone:AvailabilityZone, InstanceId:Attachments[*].InstanceId}' --output table</p></blockquote> + + + + + + + + + + + + + + + + + <p>AWS Systems Manager is an AWS service that you can use to view and control your AWS infrastructure. To help you to maintain security and compliance, Systems Manager scans your managed instances. A managed instance is a machine that is configured for use with Systems Manager. Systems Manager then reports or takes corrective action on any policy violations that it detects. Systems Manager also helps you to configure and maintain your managed instances. Additional configuration is needed in Systems Manager for patch deployment to managed EC2 instances.</p><p>If you use EC2 instances managed by Systems Manager to collect inventory for your cardholder data environment (CDE), make sure that the instances are managed by Systems Manager. Using Systems Manager can help to maintain an inventory of system components that are in scope for PCI DSS.&nbsp;</p><p>For systems that are in scope for PCI DSS, before you install vendor patches in a production environment, you should test and validate them. After you deploy patches, validate security settings and controls to ensure that deployed patches have not affected the security of the CDE. If you use EC2 instances managed by Systems Manager to patch managed instances in your CDE, ensure that the instances are managed by Systems Manager. Systems Manager deploys system patches, which helps to protect system components and software from known vulnerabilities.</p><h3><strong>Remediation</strong></h3><p>You can use the Systems Manager quick setup to set up Systems Manager to manage your EC2 instances.</p><p>To determine whether your instances can support Systems Manager associations, see Systems Manager prerequisites in the <i>AWS Systems Manager User Guide</i>.</p><p><strong>To ensure EC2 instances are managed by Systems Manager</strong></p><ol><li>Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/.</li><li>In the navigation pane, choose <strong>Quick setup</strong>.</li><li>On the configuration screen, keep the default options.</li><li>Choose <strong>Set up Systems Manager</strong>.</li></ol> + + + + + + + + + + + + + + + + + + + + + + + + + + + + Patching instances ensures that packages within the Operating System (OS) are updated to the + latest version and/or have security fixes applied. It is recommended to patch EC2 instances + every 90 days (or immediately if security patches become available) to avoid undue exposure + <br /> + <br /> + <b>Remediation:</b> + <br /> + <ol> + <li>For linux instances ensure your OS is updated as per: + http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/managing-software.html&nbsp;</li> + <li>For Windows instances ensure your OS is updated as per: + http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/windows-ami-version-history.html#update-windows-instance</li> + </ol> + + + + + + <ol> + <li>Ensure you have a documented patching policy.</li> + <li>Ensure your systems have been patched at least every 90 days.</li> + </ol> + + + + + + + + + + + + + + + + + <div> + <b> Description</b>: +</div> +<div> + <br> + A route table contains a set of rules, called routes, that are used to determine where + network traffic is directed. +</div> +<div> + <br> + Each subnet in your VPC must be associated with a route table; the table controls the + routing for the subnet. A subnet can only be associated with one route table at a time, but + you can associate multiple subnets with the same route table. +</div> +<div> + <br> +</div> +<div> + <b> Remediation</b>: +</div> +<div> + <br> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>For the above route tables, if the default route (0.0.0.0/0) exists and it has a NAT GW configured as gateway:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 delete-route --route-table-id &lt;route_table_id&gt; --destination-cidrblock 0.0.0.0/0 + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: +</div> +<div> + <div> + <ul> + <li>List the subnets associated with the Data tier:</li> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div> + aws ec2 describe-subnets --filters Name=tag:&lt;data_tier_tag&gt;,Values=&lt;data_tier_tag_value&gt; --query "Subnets[*].SubnetId" + </div> + </div> + </blockquote> +</blockquote> +<div> + <div> + <ul> + <li>List the routes of the route tables associated with the above subnets, and check if the default route (0.0.0.0/0) has a NAT GW configured as gateway:</li> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div> + aws ec2 describe-route-tables --filters Name=association.subnetid,Values=&lt;data_tier_subnet1&gt;,&lt;data_tier_subnet2&gt; --query "RouteTables[*].{RouteTableId:RouteTableId, Routes:Routes}" + </div> + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + <div> + <b> Description</b>: +</div> +<div> + <br> + All subnets have an attribute that determines whether instances launched into that subnet receive a public IP address. The public IP address is assigned to the default network interface (eth0). By default, instances launched into a default subnet are assigned a public IP address. A public IP address is mapped to the primary private IP address through network address translation (NAT). +</div> +<div> + <br> + An Elastic IP address is a static, public IP address designed for dynamic cloud computing. You can associate an Elastic IP address with any instance or network interface for your VPC. With an Elastic IP address, you can mask the failure of an instance by rapidly remapping the address to another instance in your VPC. +</div> +<div> + <br> +</div> +<div> + <b> Remediation</b>: +</div> +<div> + <br> +</div> +<div> + <div> + *Note: references to Web tier are also applicable to App and Data tier. + </div> +</div> +<div> + <br> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>If in the above output the "IpOwnerId" is "amazon" the public Ip is not an Elastic IP and it cannot be manually disassociated from the instance after launch:</li> + <ul> + <li>Make sure that the Web tier subnet doesn't assign public Ip's at launch (run the command for all Web tier subnets)</li> + </ul> + </ul> +</div> +<blockquote> + <blockquote> + <blockquote> + <div> + aws ec2 modify-subnet-attribute --subnet-id &lt;web_tier_subnet1&gt; --no-map-publicip-on-launch + </div> + </blockquote> + </blockquote> +</blockquote> +<ul> + <ul> + <li>Create an AMI from the instance and launch a replacement instance in the same subnet</li> + </ul> + <li>If in the above output the "IpOwnerId" is an AWS account number, this is an Elastic IP and it can be disassociated:</li> +</ul> +<blockquote> + <blockquote> + <div> + aws ec2 disassociate-address --public-ip &lt;elastic_ip_address&gt; + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: +</div> +<div> + <div> + <ul> + <li>List the instance-id's, tags and public IP's of the EC2 instances from the application VPC that have a public IP associated, and check if there are any instances with Web tier tags listed:</li> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div> + aws ec2 describe-instances --filters "Name=vpc-id,Values=&lt;application_vpc&gt;" --query "Reservations[*].Instances[?PublicIpAddress != null].{InstanceId:InstanceId, PublicIpAddresses:NetworkInterfaces[*].Association, SubnetId:SubnetId, Tags:Tags}" + </div> + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + <div> + <b> Description</b>: +</div> +<div> + <br> + A security group acts as a virtual firewall for your instance to control inbound and + outbound traffic. When you launch an instance in the AWS Virtual Private Cloud (VPC), you can assign the instance to up to five security groups. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC could be assigned to a different set of security groups. If you don't specify a particular group at launch time, the instance is automatically assigned to the default security group for the VPC. +</div> +<div> + <br> + For each security group, you add rules that control the inbound traffic to instances, and a separate set of rules that control the outbound traffic. +</div> +<div> + <br> +</div> +<div> + <b> Remediation</b>: +</div> +<div> + <br> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>Remove the ingress rules for CIDR 0.0.0.0/0:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 revoke-security-group-ingress --group-id &lt;data_tier_security_group&gt; --protocol tcp/udp --port &lt;specific_port&gt; --cidr 0.0.0.0/0 + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>Retrieve the Data tier security group configured for your RDS DB instance:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws rds describe-db-instances --db-instance-identifier &lt;your_db_instance&gt; + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>List the ingress rules for the above security group, and make sure it has no inbound rules for CIDR of 0.0.0.0/0:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 describe-security-groups --group-ids &lt;data_tier_security_group&gt; --query "SecurityGroups[*].{GroupName:GroupName, IpPermissions:IpPermissions}" --output table + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + <div> + <b> Description</b>: +</div> +<div> + <br> + A security group acts as a virtual firewall for your instance to control inbound and + outbound traffic. When you launch an instance in the AWS Virtual Private Cloud (VPC), you + can assign the instance to up to five security groups. Security groups act at the instance + level, not the subnet level. Therefore, each instance in a subnet in your VPC could be + assigned to a different set of security groups. If you don't specify a particular group at + launch time, the instance is automatically assigned to the default security group for the + VPC. +</div> +<div> + <br> + For each security group, you add rules that control the inbound traffic to instances, and a + separate set of rules that control the outbound traffic. +</div> +<div> + <br> +</div> +<div> + <b> Remediation</b>: +</div> +<div> + <br> +</div> +<div> + <div> + *Note: references to Web tier are also applicable to App tier. + </div> +</div> +<div> + <br> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>Remove the ingress rules for CIDR 0.0.0.0/0 (use the "WebTierSecurityGroup" element from Audit procedure):</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 revoke-security-group-ingress --group-id &lt;web_tier_security_group&gt; --protocol tcp/udp --port &lt;specific_port&gt; --cidr 0.0.0.0/0 + </div> + </blockquote> +</blockquote> +<div> + <br> +</div> + + + + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: +</div> +<div> + <div> + <ul> + <li>List the ingress rules for the Web tier security group, and make sure it has no inbound rules for CIDR of 0.0.0.0/0:</li> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div> + aws ec2 describe-security-groups --filters Name=tag:&lt;web_tier_tag&gt;,Values=&lt;web_tier_tag_value&gt; --query "SecurityGroups[*].{GroupName:GroupName, IpPermissions:IpPermissions, WebTierSecurityGroup:GroupId}" --output table + </div> + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + Security groups are analogous to firewalls and therefore provide stateful filtering of + ingress/egress network traffic to AWS resources. It is recommended to limit all traffic + (ingress/egress) on the default security group in order to force the use of least privilege via + custom created security groups. + <div> + <br /> + <b>Remediation:</b> + <br /> + <ol> + <li>Identify AWS resources that exist within the default security group.</li> + <li>Create a set of least privilege security groups for those resources.</li> + <li>Place the resources in those security groups.</li> + <li>Remove the resources noted in 1 from the default security group.</li> + </ol> + </div> + + + + + + + + <ol> + <li>Login to the AWS Management Console.</li> + <li>Select VPC from the services menu.</li> + <li>Select Security Groups.</li> + <li>For each security group, perform the following:&nbsp;</li> + <ul> + <li>Select the default security group.</li> + <li>Click the Inbound Rules tab.</li> + <li>Ensure no rule exist.</li> + <li>Click the Outbound Rules tab.&nbsp;</li> + <li>Ensure no rules exist.</li> + </ul> + </ol> + + + + + + + + + + + + + + + + + <b>Description</b>:&nbsp; +<div> + <br> + Amazon Machine Images (AMI) are an exact duplicate of the instance they were created from and will allow anyone with access to create a complete replica of the original instance. The original instance may contain intellectual property, proprietary applications, and configuration information that can be used to exploit or compromise any running instance in the web tier.&nbsp; +</div> +<div> + <br> +</div> +<div> + <div> + <b>Remediation</b>: + </div> + <div> + <br> + </div> + <div> + Using the Amazon unified command line interface: + </div> + <div> + <ul> + <li>For each AMI that is public remove group ALL from the launch permissions:</li> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div> + aws ec2 modify-image-attribute --image-id &lt;public_image_id&gt; --launch-permission "{\"Remove\":[{\"Group\":\"all\"}]}" + </div> + </div> + </blockquote> +</blockquote> +<div> + <div> + <br> + </div> + <div> + <b>Default Value</b>: + </div> + <div> + The prescribed value is the default value. + </div> +</div> + + + + + + + + + + + + + + + Using the Amazon unified command line interface: (Note that you should replace&nbsp;&lt;tier_tag&gt;:&lt;tier_tag_value&gt;&nbsp;with your own tag and value for the tier)&nbsp; +<div> + <ul> + <li>Note the image id's, AMI name, and check if Public element is True or False:&nbsp;</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 describe-images --owners self --filters + </div> + <div> + Name=tag:&lt;tier_tag&gt;,Values=&lt;tier_tag_value&gt; --query 'Images[*].{Name:Name, + </div> + <div> + ImageId:ImageId, Public:Public}' --output table + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + <div> + <b>Description</b>: +</div> +<div> + <br> + Tags enable customers to categorize AWS resources in different ways, for example, by purpose, owner, or environment. +</div> +<div> + <br> + Each tag consists of a key and an optional value, both of which customer's define. + You should define a set of tags for the following items to help you track each instance's owner and operating environment, cost center, and other items. +</div> +<div> + <ol> + <li>Amazon EC2 instances</li> + <li>ELB</li> + <li>EBS Volumes</li> + <li>S3 Buckets</li> + </ol> +</div> +<div> + <br> + A resource may have up to 10 tags associated with key &amp; value such as: +</div> +<div> + <ul> + <li>Key=tier, Value=app</li> + <li>Key=environment, Value=production</li> + <li>Key=costcenter, Value=sales</li> + </ul> + <div> + <b>Remediation:</b> + </div> +</div> +<div> + <b><br></b> + Tag all your 3 tier Web Application resources based on their tier membership (Web, App, Data), and your organizational requirements. +</div> + + + + + + + + + + + + Verify tags are being used.&nbsp; + + + + + + + + + + + + + + + + + <div> + Use AWS Shield for protection against most common DDoS attacks, and access to tools and best practices to build a DDoS resilient architecture. +</div> +<div> + <br> +</div> +<div> + Rationale: +</div> +<div> + AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection. There are two tiers of AWS Shield - Standard and Advanced. +</div> +<div> + <br> +</div> +<div> + All AWS customers benefit from the automatic protections of AWS Shield Standard, at no additional charge. AWS Shield Standard defends against most common, frequently occurring network and transport layer DDoS attacks that target your web site or applications. When you use AWS Shield Standard with Amazon CloudFront and Amazon Route 53, you receive comprehensive availability protection against all known infrastructure (Layer 3 and 4) attacks. +</div> +<div> + <br> +</div> +<div> + For higher levels of protection against attacks targeting your applications running on Amazon Elastic Compute Cloud (EC2), Elastic Load Balancing (ELB), Amazon CloudFront, AWS Global Accelerator and Amazon Route 53 resources, you can subscribe to AWS Shield Advanced. In addition to the network and transport layer protections that come with Standard, AWS Shield Advanced provides additional detection and mitigation against large and sophisticated DDoS attacks, near real-time visibility into attacks, and integration with AWS WAF, a web application firewall. AWS Shield Advanced also gives you 24x7 access to the AWS DDoS Response Team (DRT) and protection against DDoS related spikes in your Amazon Elastic Compute Cloud (EC2), Elastic Load Balancing (ELB), Amazon CloudFront, AWS Global Accelerator and Amazon Route 53 charges. +</div> +<div> + <br> +</div> +<div> + AWS Shield Advanced is available globally on all Amazon CloudFront, AWS Global Accelerator, and Amazon Route 53 edge locations. You can protect your web applications hosted anywhere in the world by deploying Amazon CloudFront in front of your application. Your origin servers can be Amazon S3, Amazon Elastic Compute Cloud (EC2), Elastic Load Balancing (ELB), or a custom server outside of AWS. You can also enable AWS Shield Advanced directly on an Elastic IP or Elastic Load Balancing (ELB) in the following AWS Regions - Northern Virginia, Ohio, Oregon, Northern California, Montreal, Sao Paulo, Ireland, Frankfurt, London, Paris, Stockholm, Singapore, Tokyo, Sydney, Seoul, and Mumbai. +</div> +<div> + <br> +</div> +<div> + Remediation: +</div> +<div> + Enable AWS Shield. +</div> +<div> + <br> +</div> +<div> + Impact: +</div> +<div> + None +</div> + + + + + + + + <div> + <b>How can I test AWS Shield?</b> +</div> +<div> + <br> +</div> +<div> + AWS Acceptable Use Policy describes permitted and prohibited behavior on AWS, and it includes descriptions of prohibited security violations and network abuse. However, because penetration testing and other simulated events are frequently indistinguishable from these activities, AWS has established a policy for customers to request permission to conduct penetration tests and vulnerability scans to or originating from the AWS environment. Visit AWS Penetration testing page to request permissions (see link in References). +</div> + + + + + + + + + + + + + + + + + + + + <p>You can use Traffic Mirroring to copy network traffic from an elastic network interface of EC2 instances. You can then send the traffic to out-of-band security and monitoring appliances for content inspection, threat monitoring, or troubleshooting. For example, you might want to monitor the traffic that is leaving your VPC or the traffic whose source is outside your VPC. In this case, you will mirror all traffic except for the traffic passing within your VPC and send it to a single monitoring appliance. VPC flow logs do not capture mirrored traffic; they generally capture information from packet headers only. Traffic Mirroring provides deeper insight into the network traffic by allowing you to analyze actual traffic content, including payload. Enable Traffic Mirroring only for the elastic network interface of EC2 instances that might be operating as part of sensitive workloads or for which you expect to need detailed diagnostics in the event of an issue.</p> + + + + + + + + <p>Ensure that the network traffic is copied from an EC2 instance after having configured Traffic Mirroring.</p> + + + + + + + + + + + + + + + + + <div> + <b> Description</b>: +</div> +<div> + <br> + Amazon CloudFront can be used to deliver either the entire website, including dynamic, + static, streaming, and interactive content using a global network of edge locations. + Requests for your content are automatically routed to the nearest edge location, so content + is delivered with the best possible performance. Amazon CloudFront is optimized to work + with other Amazon Web Services, like Amazon Simple Storage Service (Amazon S3), + Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Load Balancing, and + Amazon Route 53. +</div> +<div> + <br> + Amazon CloudFront gives you three options for accelerating your entire website while + delivering your content securely over HTTPS from all of CloudFront's edge locations. In + addition to delivering securely from the edge, you can also configure CloudFront to use + HTTPS connections for origin fetches so that your data is encrypted end-to-end from your + origin to your end users. +</div> +<div> + <br> +</div> +<div> + <br> +</div> +<div> + <b> Remediation</b>: +</div> +<div> + <br> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>You can either create a Cloudfront distribution only by specifying the origin domain name (ELB, S3 bucket or web server):</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws cloudfront create-distribution --origin-domain-name &lt;your_original_domain_name&gt; -- default-root-object index.html + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>Or by creating locally a distribution config file distconfig.json with all the Cloudfront distribution parameters:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws cloudfront create-distribution --distribution-config file://distconfig.json + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: +</div> +<div> + <ul> + <li>List the Cloudfront distributions present in the AWS account, and check in the aliases field for the presence of the domain name used by the application:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws cloudfront list-distributions --query "DistributionList.Items[*].{Id:Id, Status:Status, DomainName:DomainName, Aliases:Aliases.Items}" + </div> + </blockquote> +</blockquote> +<div> + <br> +</div> + + + + + + + + + + + + + + + + + <p>All EC2 Instances have access to the metadata service at 169.254.169.254. This contains useful information about the instance such as its IP address, the name of the security group, etc. On EC2 instances that have an IAM role attached the metadata service will also contain IAM credentials to authenticate as this role. Depending on what version of IMDS is in place, and what capabilities the SSRF has those credentials could be stolen.</p><p><strong>Tools for helping with the transition to IMDSv2</strong></p><p>If your software uses IMDSv1, use the following tools to help reconfigure your software to use IMDSv2.</p><p><strong>AWS software:</strong> The latest versions of the AWS SDKs and CLIs support IMDSv2. To use IMDSv2, make sure that your EC2 instances have the latest versions of the AWS SDKs and CLIs. For information about updating the CLI, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html">Installing, updating, and uninstalling the AWS CLI</a> in the <i>AWS Command Line Interface User Guide</i>.</p><p><strong>CloudWatch</strong>: IMDSv2 uses token-backed sessions, while IMDSv1 does not. The MetadataNoToken CloudWatch metric tracks the number of calls to the instance metadata service that are using IMDSv1. By tracking this metric to zero, you can determine if and when all of your software has been upgraded to use IMDSv2. For more information, see <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/viewing_metrics_with_cloudwatch.html#ec2-cloudwatch-metrics">Instance metrics</a>.</p><p><strong>Updates to EC2 APIs and CLIs</strong>: For existing instances, you can use the <a href="https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-metadata-options.html">modify-instance-metadata-options</a> CLI command (or the <a href="https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceMetadataOptions.html">ModifyInstanceMetadataOptions</a> API) to require the use of IMDSv2. For new instances, you can use the <a href="https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html">run-instances</a> CLI command (or the <a href="https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html">RunInstances</a> API) and the metadata-options parameter to launch new instances that require the use of IMDSv2.</p><p>To require the use of IMDSv2 on all new instances launched by Auto Scaling groups, your Auto Scaling groups can use either a launch template or a launch configuration. When you <a href="https://docs.aws.amazon.com/cli/latest/reference/ec2/create-launch-template.html">create a launch template</a> or <a href="https://docs.aws.amazon.com/cli/latest/reference/autoscaling/create-launch-configuration.html">create a launch configuration</a>, you must configure the MetadataOptions parameters to require the use of IMDSv2. After you configure the launch template or launch configuration, the Auto Scaling group launches new instances using the new launch template or launch configuration, but existing instances are not affected.</p><p>Use the <a href="https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-metadata-options.html">modify-instance-metadata-options</a> CLI command (or the <a href="https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceMetadataOptions.html">ModifyInstanceMetadataOptions</a> API) to require the use of IMDSv2 on the existing instances, or terminate the instances and the Auto Scaling group will launch new replacement instances with the instance metadata options settings that are defined in the launch template or launch configuration.</p><p><strong>IAM policies and SCPs</strong>: You can use an IAM condition to enforce that IAM users can't launch an instance unless it uses IMDSv2. You can also use IAM conditions to enforce that IAM users can't modify running instances to re-enable IMDSv1, and to enforce that the instance metadata service is available on the instance.</p><p>The ec2:MetadataHttpTokens, ec2:MetadataHttpPutResponseHopLimit, and ec2:MetadataHttpEndpoint IAM condition keys can be used to control the use of the <a href="https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html">RunInstances</a> and the <a href="https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceMetadataOptions.html">ModifyInstanceMetadataOptions</a> API and corresponding CLI. If a policy is created, and a parameter in the API call does not match the state specified in the policy using the condition key, the API or CLI call fails with an UnauthorizedOperation response. These condition keys can be used either in IAM policies or AWS Organizations service control policies (SCPs).</p><p>Furthermore, you can choose an additional layer of protection to enforce the change from IMDSv1 to IMDSv2. At the access management layer with respect to the APIs called via EC2 Role credentials, you can use a new condition key in either IAM policies or AWS Organizations service control policies (SCPs). Specifically, by using the policy condition key ec2:RoleDelivery with a value of 2.0 in your IAM policies, API calls made with EC2 Role credentials obtained from IMDSv1 will receive an UnauthorizedOperation response. The same thing can be achieved more broadly with that condition required by an SCP. This ensures that credentials delivered via IMDSv1 cannot actually be used to call APIs because any API calls not matching the specified condition will receive an UnauthorizedOperation error. For example IAM policies, see <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ExamplePolicies_EC2.html#iam-example-instance-metadata">Work with instance metadata</a>. For more information, see <a href="https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html">Service Control Policies</a> in the <i>AWS Organizations User Guide</i>.</p><p><strong>Recommended path to requiring IMDSv2 access</strong></p><p>Using the above tools, we recommend that you follow this path for transitioning to IMDSv2:</p><h3><strong>Step 1: At the start</strong></h3><p>Update the SDKs, CLIs, and your software that use Role credentials on their EC2 instances to IMDSv2-compatible versions. For information about updating the CLI, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/install-linux.html#install-linux-awscli-upgrade">Upgrading to the latest version of the AWS CLI</a> in the <i>AWS Command Line Interface User Guide</i>.</p><p>Then, change your software that directly accesses instance metadata (in other words, that does not use an SDK) using the IMDSv2 requests.</p><h3><strong>Step 2: During the transition</strong></h3><p>Track your transition progress by using the CloudWatch metric MetadataNoToken. This metric shows the number of calls to the instance metadata service that are using IMDSv1 on your instances. For more information, see <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/viewing_metrics_with_cloudwatch.html#ec2-cloudwatch-metrics">Instance metrics</a>.</p><h3><strong>Step 3: When everything is ready on all instances</strong></h3><p>Everything is ready on all instances when the CloudWatch metric MetadataNoToken records zero IMDSv1 usage. At this stage, you can do the following:</p><p>For existing instances: You can require IMDSv2 use through the <a href="https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-instance-metadata-options.html">modify-instance-metadata-options</a> command. You can make these changes on running instances; you do not need to restart your instances.</p><p>For new instances: When launching a new instance, you can do one of the following:</p><p>In the Amazon EC2 console launch instance wizard, set <strong>Metadata accessible</strong> to <strong>Enabled</strong> and <strong>Metadata version</strong> to <strong>V2</strong>. For more information, see <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/launching-instance.html#configure_instance_details_step">Step 3: Configure Instance Details</a>.</p><p>Use the <a href="https://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html">run-instances</a> command to specify that only IMDSv2 is to be used.</p><p>Updating instance metadata options for existing instances is available only through the API or AWS CLI. It is currently not available in the Amazon EC2 console. For more information, see <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html">Configure the instance metadata options</a>.</p><h3><strong>Step 4: When all of your instances are transitioned to IMDSv2</strong></h3><p>The ec2:MetadataHttpTokens, ec2:MetadataHttpPutResponseHopLimit, and ec2:MetadataHttpEndpoint IAM condition keys can be used to control the use of the <a href="https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html">RunInstances</a> and the <a href="https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceMetadataOptions.html">ModifyInstanceMetadataOptions</a> API and corresponding CLI. If a policy is created, and a parameter in the API call does not match the state specified in the policy using the condition key, the API or CLI call fails with an UnauthorizedOperation response. For example IAM policies, see <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ExamplePolicies_EC2.html#iam-example-instance-metadata">Work with instance metadata</a>.</p><p>&nbsp;</p> + + + + + + + + + + <p>If there is a valid role you can steal, make a request to http://&lt;aws-ip&gt;/?proxy=http://169.254.169.254/latest/meta-data/iam/security-credentials/. This will return the name of the IAM role the credentials represent.</p> + + + + + + + + + + + + + + + + + + + <p>Network Access Control Lists (NACLs) act as packet filters across subnets, allowing or deny traffic per pre-created rules. It is recommended to use NACLs as a method to blacklist IP addresses, denying either inbound or outbound access across your subnets.&nbsp;</p><p><br><strong>Remediation:</strong><br>&nbsp;</p><ol><li>Log in to the AWS Management Console (with VPC update).</li><li>Select VPC from the service menu.</li><li>Select Network ACL's.</li><li>For each Network ACL ID, perform the following:<ul><li>Select the Inbound Rules tab.</li><li>Click edit.</li><li>add a DENY rule that will restrict inbound access from a blacklisted IP address or range to a designated port or IP range.</li></ul></li></ol><p></p> + + + + + + <ol><li>Log in to the AWS Management Console.</li><li>Select VPC from the services menu.</li><li>Select Network ACLs.</li><li>For each Network ACL ID, perform the following:</li></ol><ul><li>Click the Inbound Rules tab.</li><li>Ensure a rule exists to DENY access from a blacklisted IP or range.</li><li>Click the Outbound Rules tab.</li><li>Ensure a rule exists to DENY access to a blacklisted IP or range.</li></ul> + + + + + + + + + + + + + + + + + Security groups are analogous to firewalls and therefore provide stateful filtering of + ingress/egress network traffic to AWS resources. It is recommended to limit inbound access to + ALL TCP or ALL ports to avoid undue server exposure. + <div> + <br /> + <b>Remediation:</b> + <br /> + <ol> + <li>Login to the AWS Management Console (with VPC update).</li> + <li>Select VPC from the services menu.</li> + <li>Select Security Groups.</li> + <li>For each security group, perform the following:&nbsp;</li> + <ul> + <li>Select the security group.</li> + <li>Click the Inbound tab.</li> + <li>Identify the rules to be edited or removed.</li> + <li>Either A) update the Source field to a range other than 0.0.0.0/0 or ::/0, or, B) Click Delete to remove the offending inbound rule.</li> + <li>Click Save rules.</li> + </ul> + </ol> + </div> + + + + + + + + + + <ol> + <li>Login to the AWS Management Console.&nbsp;</li> + <li>Select VPC from the services menu.&nbsp;</li> + <li>Select Security Groups.</li> + <li>For each security group, perform the following:&nbsp;</li> + <ul> + <li>Select the security group.&nbsp;</li> + <li>Click the Inbound tab.</li> + <li>Ensure no rule exists that has a port range of 0-1024 of 0-65535 and has a source + of 0.0.0.0/0.</li> + </ul> + </ol> + <br /> + + + + + + + + + + + + + + + + + Security groups are analogous to firewalls and therefore provide stateful filtering of + ingress/egress network traffic to AWS resources. It is recommended to limit inbound access to + port 22 (SSH) to IP addresses that require this access to avoid undue exposure to risk. + <div> + <br /> + <b>Remediation:</b> + <br /> + <ol> + <li>Login to the AWS Management Console (with VPC update)&nbsp;</li> + <li>Select VPC from the services menu&nbsp;</li> + <li>Select Security Groups&nbsp;</li> + <li>For each security group, perform the following:&nbsp;</li> + <ul> + <li>Select the security group.</li> + <li>Click the Inbound tab.</li> + <li>Identify the rules to be removed.</li> + <li>Click the x in the Remove column.</li> + <li>Click Save.</li> + </ul> + </ol> + </div> + + + + + + + + + + + + + <ol> + <li>Login to the AWS Management Console.&nbsp;</li> + <li>Select VPC from the services menu.&nbsp;</li> + <li>Select Security Groups.</li> + <li>For each security group, perform the following:&nbsp;</li> + <ul> + <li>Select the security group.&nbsp;</li> + <li>Click the Inbound tab.</li> + <li>Ensure no rule exists that has a port range that includes port 22 and has a source + of 0.0.0.0/0.</li> + </ul> + </ol>NB: Note that if the port range includes 0-1024 or 0-65535 these also include + port 22 + + + + + + + + + + + + + + + + + Security groups are analogous to firewalls and therefore provide stateful filtering of + ingress/egress network traffic to AWS resources. It is recommended to limit inbound access to + port 3389 (RDP) to IP addresses that require this access to avoid undue exposure to risk. + <div> + <br /> + <b>Remediation:</b> + <br /> + <ol> + <li>Login to the AWS Management Console (with VPC update).</li> + <li>Select VPC from the services menu.</li> + <li>Select Security Groups.</li> + <li>For each security group, perform the following:</li> + <ul> + <li>Select the security group.</li> + <li>Click the Inbound tab.</li> + <li>Identify the rules to be removed.</li> + <li>Click the x in the Remove column.</li> + <li>Click Save&nbsp;</li> + </ul> + </ol> + </div> + + + + + + + + + <ol> + <li>Login to the AWS Management Console.&nbsp;</li> + <li>Select VPC from the services menu.&nbsp;</li> + <li>Select Security Groups.&nbsp;</li> + <li>For each security group, perform the following:&nbsp;</li> + <ul> + <li>Select the security group.&nbsp;</li> + <li>Click the Inbound tab.</li> + <li>Ensure no rule exists that has a port range that includes port 22 and has a source + of 0.0.0.0/0.</li> + </ul> + </ol>NB: Note that if the port range includes 0-1024 or 0-65535 these also include + port 3389 + + + + + + + + + + + + + + + + + <p>If a service that is in scope for PCI DSS is associated with the default security group, the default rules for the security group will allow all outbound traffic. The rules also allow all inbound traffic from network interfaces (and their associated instances) that are assigned to the same security group.</p><p>You should change the default security group rules setting to restrict inbound and outbound traffic. Using the default might violate the requirement to allow only necessary traffic to and from the CDE.</p><h3><strong>Remediation</strong></h3><p>To remediate this issue, create new security groups and assign those security groups to your resources. To prevent the default security groups from being used, remove their inbound and outbound rules.</p><p><strong>To create new security groups and assign them to your resources</strong></p><ol><li>Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.</li><li>In the navigation pane, choose <strong>Security groups</strong>. View the default security groups details to see the resources that are assigned to them.</li><li>Create a set of least-privilege security groups for the resources. For details on how to create security groups, see Creating a security group in the <i>Amazon VPC User Guide</i>.</li><li>Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.</li><li>On the Amazon EC2 console, change the security group for the resources that use the default security groups to the least-privilege security group you created. See Changing an instance's security groups in the <i>Amazon VPC User Guide</i>.</li></ol><p>After you assign the new security groups to the resources, remove the inbound and outbound rules from the default security groups. This ensures that the default security groups are not used.</p><p><strong>To remove the rules from the default security group</strong></p><ol><li>Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.</li><li>In the navigation pane, choose <strong>Security groups</strong>.</li><li>Select a default security group, and choose the <strong>Inbound rules</strong> tab. Choose <strong>Edit inbound rules</strong>. Then delete all of the inbound rules. Choose <strong>Save rules</strong>.</li><li>Repeat the previous step for each default security group.</li><li>Select a default security group and choose the <strong>Outbound rules</strong> tab. Choose <strong>Edit outbound rules</strong>. Then delete all of the outbound rules. Choose <strong>Save rules</strong>.</li><li>Repeat the previous step for each default security group.</li></ol> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>The attacker can abuse functionality on the server to read or update internal resources. The attacker can supply - or modify - a URL which the code running on the server will read or submit data to, and by carefully selecting the URLs, the attacker may be able to read server configuration details such as AWS metadata, connect to internal services like http enabled databases, or perform post requests towards internal services which are not intended to be exposed.&nbsp;</p> + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers can gain access to sensitive data when the data is in transit in clear text, or when the data is stored without encryption.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>A Denial of Service (DoS) attack is a deliberate attempt to make your website unavailable. Attackers use a variety of techniques that consume large amount of resources.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Exploitation of insufficient logging and monitoring is the bedrock of nearly every major incident.<br /> + Attackers rely on the lack of monitoring and timely response to achieve their goals without being detected.</p> + + + + + + + + + + + + + + + + + + + + + + + Attackers gain access to data on EC2 instances by exploiting weaknesses in non-updated or misconfigured systems. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers could potentially gain unauthorized connection to the resources through misconfigured ports or security network configurations.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Everyone can access the RDS database and obtain the data. + + + + + + + + + + + + Credentials for groups and roles not properly configured. User accounts are configured with excessive privileges. + + + + + + + + + + + + <p>Without proper segmentation, when attackers gain access to one resource, any other resources in the same VNet are compromised.</p> + + + + + + + + + + + + There are no notifications when a security incident occurs. Therefore, we do not know when an + attacker gains access to our systems and/or security systems + + + + + + + + + + + + + There are no access control mechanisms on the RDS database resources and any user can gain access + to them and exfiltrate the data. + + + + + + + + + + + + There are no data backup retention policies. + + + + + + + + + + + + Sensitive data is not encrypted and is exposed. + + + + + + + + + + + + <p>Sensitive data is not encrypted in transit with HTTPS or SSL, and is accessible while traversing the network.</p> + + + + + + + + + + + + The latest vendor updates that ensure that the systems are not vulnerable have not been applied to the systems. + + + + + + + + + + + + + + The following AWS managed policies, which you can attach to users in your account, are + specific to Amazon RDS: + <br /> + <ul> + <li><b>AmazonRDSReadOnlyAccess:</b> Grants read-only access to all Amazon RDS + resources for the root AWS account.&nbsp;</li> + <li><b>AmazonRDSFullAccess:</b> Grants full access to all Amazon RDS resources + for the root AWS account.</li> + </ul>You can also create custom IAM policies that allow users to access the required + Amazon RDS API actions and resources. You can attach these custom policies to the IAM users or + groups that require those permissions. + <br /> + <br />The permissions above shall be assigned to roles or groups: + <br /> + <ul> + <li>The roles or groups only do calls to the API to get information, the + AmazonRDSReadOnlyAccess permission shall be assigned.&nbsp;</li> + <li>The roles or groups who are responsible of managing the RDS instances shall be + assigned the AmazonRDSFullAccess permission.</li> + </ul> + + + + + + <ul> + <li>Review the IAM roles and groups.&nbsp;</li> + <li>Check that all roles or groups have got the AmazonRDSReadOnlyAccess permission.</li> + <li>Check that only the appropriate personnel have got AmazonRDSFullAccess permissions + to manage the RDS instances.</li> + </ul> + + + + + + + + + + + + + + + + + <div> + Amazon Relational Database Service (RDS) is a managed relational database service which handles routine database tasks such as provisioning, patching, backup, recovery, failure detection, and repair. +</div> +<div> + <br /> + There are 6 database engines available for customer to run their database workloads on: +</div> +<div> + <ul> + <li>Amazon Aurora (MySQL Compatible)</li> + <li>MySQL</li> + <li>MariaDB</li> + <li>Oracle</li> + <li>Microsoft SQL Server</li> + <li>PostgreSQL</li> + </ul> + Customers can deploy RDS databases within a VPC through the configuration of: +</div> +<div> + <ul> + <li>Subnet Group for RDS, this group will be used for deployment of single or Multi-AZ RDS instances.</li> + <li>Network access through configuration of Security Groups for RDS</li> + <li>Access from outside the VPC hosting the DB instance by enabling/disabling a Public IP address</li> + <li>Network access to the managed Data-Tier must be tightly controlled using Security Groups for RDS and non local accessibility of the DB instance.</li> + </ul> +</div> +<div> + <br /> +</div> +<div> + <b>Remediation: </b> +</div> +<div> + <div style=""> + Using the Amazon unified command line interface: + </div> + <div style=""> + <ul> + <li>Modify each non-compliant DB instance, and configure it to use the Data Tier Security Group:</li> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div style=""> + aws rds modify-db-instance --db-instance-identifier &lt;your_db_instance&gt; --vpc-security-group-ids &lt;data_tier_security_group&gt; + </div> + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: + </div> + <div> + <ul> + <li>Check if your application DB instances are configured to use the Data Tier + Security Group:</li> + </ul> + </div> + <blockquote> + <blockquote> + <div> + aws rds describe-db-instances --filters Name=tag:data_tier_tag,Values=data_tier_tag_value + --query &quot;DBInstances[*].{VpcSecurityGroups:VpcSecurityGroups, + DBInstanceIdentifier:DBInstanceIdentifier}&quot; + </div> + </blockquote> + </blockquote> + + + + + + + + + + + + + + + + + <div> + Amazon Relational Database Service (RDS) is a managed relational database service which handles routine database tasks such as provisioning, patching, backup, recovery, failure detection, and repair. +</div> +<div> + <br /> + There are 6 database engines available for customer to run their database workloads on: +</div> +<div> + <ul> + <li>Amazon Aurora (MySQL Compatible)</li> + <li>MySQL</li> + <li>MariaDB</li> + <li>Oracle</li> + <li>Microsoft SQL Server</li> + <li>PostgreSQL</li> + </ul>Customers can deploy RDS databases within a VPC through the configuration of: +</div> +<div> + <ul> + <li>Subnet Group for RDS, this group will be used for deployment of single or Multi-AZ RDS instances.</li> + <li>Network access through configuration of Security Groups for RDS</li> + <li>Access from outside the VPC hosting the DB instance by enabling/disabling a Public IP address</li> + </ul> +</div> +<div> + <br /> +</div> +<div> + <b>Remediation:</b> +</div> +<div> + <div style=""> + Using the Amazon unified command line interface: + </div> + <div style=""> + <ul> + <li>Modify each publicly accessible DB instance, and make it private:</li> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div style=""> + aws rds modify-db-instance --db-instance-identifier &lt;your_db_instance&gt; --no-publicly-accessible + </div> + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: + </div> + <div> + <ul> + <li>Check if your application DB instances are publicly available:</li> + </ul> + </div> + <blockquote> + <blockquote> + <div> + aws rds describe-db-instances --filters Name=tag:data_tier_tag,Values=data_tier_tag_value + --query &quot;DBInstances[*].{PubliclyAccessible:PubliclyAccessible, + DBInstanceIdentifier:DBInstanceIdentifier}&quot; + </div> + </blockquote> + </blockquote> + + + + + + + + + + + + + + + + + <p>Amazon Relational Database Service (RDS) is a managed relational database service which handles routine database tasks such as provisioning, patching, backup, recovery, failure detection, and repair.</p> +<p>There are 6 database engines available for customers to run their database workloads on:</p> +<ul> + <li>Amazon Aurora (MySQL Compatible)</li> + <li>MySQL</li> + <li>MariaDB</li> + <li>Oracle</li> + <li>Microsoft SQL Server</li> + <li>PostgreSQL</li> +</ul> +<p>If the database engine used by your application supports it, ensure that the RDS Instances have Auto Minor Version Upgrade Enabled.</p> +<p><b>Remediation:</b></p> +<p>Using the Amazon unified command line interface:</p> +<p></p> +<ul> + <li>Modify each DB instance with auto-minor-version-upgrade set to False, and enable auto-minor-version-upgrade:</li> +</ul> +<p></p> +<blockquote> + <blockquote> + <p>aws rds modify-db-instance --db-instance-identifier &lt;your_db_instance&gt; --auto-minor-version-upgrade</p> + </blockquote> +</blockquote> + + + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: + </div> + <div> + <ul> + <li>Check if your application DB instances have Auto Minor Version Upgrade enabled:</li> + </ul> + </div> + <blockquote> + <blockquote> + <div> + aws rds describe-db-instances --filters Name=tag:data_tier_tag,Values=data_tier_tag_value + --query &quot;DBInstances[*].{AutoMinorVersionUpgrade:AutoMinorVersionUpgrade, + DBInstanceIdentifier:DBInstanceIdentifier}&quot; + </div> + </blockquote> + </blockquote> + + + + + + + + + + + + + + + + + <div> + Amazon RDS instances and snapshots can be encrypted at rest by enabling the encryption option on the Amazon RDS DB instance. Data that is encrypted at rest includes the underlying storage for a DB instance, its automated backups, read replicas, and snapshots. Encryption at rest should be enabled. +</div> +<div> + <br> +</div> +<div> + <b>Remediation:</b> + Using the Amazon unified CLI: +</div> +<div> + <ul> + <li>Perform a snapshot of the DB instance:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws rds create-db-snapshot --db-snapshot-identifier db_snapshot --db-instance-identifier your_db_instance + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>Confirm created snapshot is available (once snapshot process has completed):</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws rds describe-db-snapshots --query 'DBSnapshots[*].{DBSnapshotIdentifier:DBSnapshotIdentifier, DBInstanceIdentifier:DBInstanceIdentifier, Snapshotstatus:Status}' + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>List all KMS Customer Managed Keys:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws kms list-aliases + </div> + </blockquote> +</blockquote> +<div> + <ul> + <li>Copy to source RDS snapshot (from previous step) to a destination snapshot which will be encrypted:</li> + </ul> +</div> +<blockquote> + <blockquote> + aws rds copy-db-snapshot --source-db-snapshot-identifier db_snapshot&nbsp; --target-db-snapshot-identifier encrypted_db_snapshot --kms-key-id data_tier_kms_key + </blockquote> +</blockquote> +<ul> + <li>Restore a snapshot to the target DB instance(from previous step) with the same values as original db instance with additional encrypted storage values:</li> +</ul> +<blockquote> + <blockquote> + <div> + aws rds restore-db-instance-from-db-snapshot --db-instance-identifier your_db_instance --db-snapshot-identifier encrypted_db_snapshot + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + + + + + + + + <p>Using the Amazon unified CLI:</p> + <ul> + <li>List all current RDS instances and review the encryption status of the DB + instance:</li> + </ul> + <blockquote> + <blockquote> + aws rds describe-db-instances --query 'DBInstances[*].{DBName:DBName, + EncryptionEnabled:StorageEncrypted, CMK:KmsKeyId}' + </blockquote> + </blockquote> + + + + + + + + + + + + + + + + + <p>AWS Relational Database Services offers customers a managed database engine solution + for hosting customer created databases which can allow for a reduction in operational burden on + customers.</p> + <p>RDS event subscriptions provide notification of selected event changes at a DB security + group level.</p> + <p>Event subscriptions are designed to provide incident notification of events which may + affect the network availability of the RDS instance.</p> + <p><b>Remediation:</b></p> + <p>Using the Amazon unified CLI:</p> + <p></p> + <ul> + <li>Create a new event subscription for DB Security Group events:</li> + </ul> + <p></p> + <p></p> + <blockquote> + <blockquote> + <p>aws rds create-event-subscription --subscription-name rds_event_subscription + --sns-topic-arn + sns_topic_arn + --source-type db-security-group --event-categories rds_events + --source-ids events_source_ids --enabled</p> + </blockquote> + </blockquote> + + + + + + + + + <div> + Using the Amazon unified CLI: + </div> + <div> + <ul> + <li>List all present event subscriptions and review the value of &quot;db-security-group&quot; + associated with &quot;SourceType&quot; element:</li> + </ul> + </div> + <blockquote> + <blockquote> + <div> + aws rds describe-event-subscriptions --query + 'EventSubscriptionsList[*].{SourceType:SourceType, SourceIdsList:SourceIdsList, + EventCategoriesList:EventCategoriesList}' + </div> + <div> + <br /> + </div> + </blockquote> + </blockquote> + <div> + &quot;EventCategoriesList&quot; will list all event categories which will be + reported on + </div> + <div> + &quot;SourceIdsList&quot; will list all RDS DB instances included (null=all + instances) + </div> + + + + + + + + + + + + + + + + + <div> + AWS Relational Database Services offers customers a managed database engine solution for hosting customer created databases which can allow for a reduction in operational burden on customers. +</div> +<div> + <br /> + RDS event subscriptions provide notification of selected event changes at DataBase engine level such as: +</div> +<div> + <ul> + <li>Deletion</li> + <li>Failure</li> + <li>Failover</li> + <li>Low Storage</li> + <li>Maintenance</li> + </ul> + Event subscriptions are designed to provide incident notification of events which may affect the availability of a RDS database instance. +</div> +<div> + <br /> +</div> +<div> + <b>Remediation:</b> +</div> +<div> + <div style=""> + Using the Amazon unified CLI: + </div> + <div style=""> + <ul> + <li>Create a new event subscription for DB instance level events:</li> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div style=""> + aws rds create-event-subscription --subscription-name &lt;rds_event_subscription&gt; --sns-topic-arn sns_topic_arn --source-type &lt;db-instance&gt; --event-categories &lt;rds_events&gt; --source-ids &lt;events_source_ids&gt; --enabled + </div> + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + + <div> + Using the Amazon unified CLI: + </div> + <div> + <ul> + <li>List all present event subscriptions and review the value of &quot;db-instance&quot; + associated with &quot;SourceType&quot; element:</li> + </ul> + </div> + <blockquote> + <blockquote> + <div> + aws rds describe-event-subscriptions --query + 'EventSubscriptionsList[*].{SourceType:SourceType, SourceIdsList:SourceIdsList, + EventCategoriesList:EventCategoriesList}' + </div> + <div> + <br /> + </div> + </blockquote> + </blockquote> + <div> + &quot;EventCategoriesList&quot; will list all event categories which will be + reported on + </div> + <div> + &quot;SourceIdsList&quot; will list all RDS DB instances included (null=all + instances) + </div> + <div> + <br /> + </div> + + + + + + + + + + + + + + + + + <div> + Amazon Relational Database Service (RDS) is a managed relational database service which handles routine database tasks such as provisioning, patching, backup, recovery, failure detection, and repair. +</div> +<div> + <br /> + There are 6 database engines available for customer to run their database workloads on: +</div> +<div> + <ul> + <li>Amazon Aurora (MySQL Compatible)</li> + <li>MySQL</li> + <li>MariaDB</li> + <li>Oracle</li> + <li>Microsoft SQL Server</li> + <li>PostgreSQL</li> + </ul> +</div> +<div> + <br /> +</div> +<div> + <div> + Provides AWS managed high availability of the Database Tier across 2 availability zones within a region through asynchronous replication at the data layer. + </div> + <div> + <br /> + </div> +</div> +<div> + <b>Remediation:</b> +</div> +<div> + <div style=""> + Using the Amazon unified command line interface: + </div> + <div style=""> + <ul> + <li>Modify each no-multi-az DB instance, and make it Multi-AZ enabled:</li> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div style=""> + aws rds modify-db-instance --db-instance-identifier &lt;your_db_instance&gt; --multi-az + </div> + </div> + </blockquote> +</blockquote> + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: + </div> + <div> + <ul> + <li>Check if your application DB instances are Multi-AZ enabled:</li> + </ul> + </div> + <blockquote> + <blockquote> + <div> + aws rds describe-db-instances --filters Name=tag:data_tier_tag,Values=data_tier_tag_value + --query &quot;DBInstances[*].{MultiAZ:MultiAZ, + DBInstanceIdentifier:DBInstanceIdentifier}&quot; + </div> + </blockquote> + </blockquote> + + + + + + + + + + + + + + + + + <div> + Amazon Relational Database Service (RDS) is a managed relational database service which handles routine database tasks such as provisioning, patching, backup, recovery, failure detection, and repair. +</div> +<div> + <br> + There are 6 database engines available for customer to run their database workloads on: +</div> +<div> + <ul> + <li>Amazon Aurora (MySQL Compatible)</li> + <li>MySQL</li> + <li>MariaDB</li> + <li>Oracle</li> + <li>Microsoft SQL Server</li> + <li>PostgreSQL</li> + </ul> +</div> +<div> + <div> + Provides a managed backup function of the RDS Database, it is possible to define the backup window and retention period of the backup. Each customer should have a retention policy set for the type of data being stored. It is recommended to set this to at least 7. + </div> + <div> + <br> + </div> + <div> + Possible values are from 0 to 35 days. + </div> +</div> +<div> + <br> +</div> +<div> + <b>Remediation:</b> +</div> +<div> + <div style=""> + Using the Amazon unified command line interface: + </div> + <div style=""> + <ul> + <li>Modify each DB instance with a Backup Retention Period of 0, and set a desired Backup Retention Period in days (recommended value = 7):</li> + </ul> + </div> +</div> +<blockquote> + <blockquote> + <div> + <div style=""> + aws rds modify-db-instance --db-instance-identifier &lt;your_db_instance&gt; --backup-retention-period &lt;backup_retention_period&gt; + </div> + </div> + </blockquote> +</blockquote> +<div> + <br> +</div> + + + + + + + + + + + + <div> + Using the Amazon unified command line interface: + </div> + <div> + <ul> + <li>Check if your application DB instances have a Backup Retention Period set (0 = + there is no backup retention in place, 7 = there are 7 daily backups retained):</li> + </ul> + </div> + <blockquote> + <blockquote> + <div> + aws rds describe-db-instances --filters Name=tag:data_tier_tag,Values=data_tier_tag_value + --query &quot;DBInstances[*].{BackupRetentionPeriod:BackupRetentionPeriod, + DBInstanceIdentifier:DBInstanceIdentifier}&quot; + </div> + </blockquote> + </blockquote> + <div> + <br /> + </div> + + + + + + + + + + + + + + + + + Use SSL from your application to encrypt a connection to a DB instance running MySQL, MariaDB, + Amazon Aurora, SQL Server, Oracle, or PostgreSQL. Each DB engine has its own process for + implementing SSL. To learn how to implement SSL for your particular DB instance, please see link + provided in &quot;References&quot; section. + + + + + + Check that the SSL protocol is used to encrypt the data in transit. + + + + + + + + + + + + + + + + + + + + + <p>Attackers can gain access to sensitive data when the data is in transit in clear text, or when the data is stored without encryption.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers could gain unauthorized access to the control of the environment, due to improper definition and configuration of user accounts or role groups.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>Data can be deleted intentionally or accidentally and cannot be recovered. Attackers could rely on the lack of backup and recovery mechanisms.</p> + + + + + + + + + + + + + + + + + + + + + + + Attackers gain access to data on EC2 instances by exploiting weaknesses in non-updated or misconfigured systems. + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers gain undetected access to the security configurations and changes made by the attackers are undetected and unaudited.</p> + + + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers could gain unauthorized network access to the resources through misconfigured ports or security network configurations.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. + +Many communication channels can be "sniffed" by attackers during data transmission. For example, network traffic can often be sniffed by any attacker who has access to a network interface. This significantly lowers the difficulty of exploitation by attackers. + + + + + + + + + + + + When a critical security event occurs, the software either does not record the event or omits important details about the event when logging it. When critical security events are not logged properly, such as in the case of a failed login attempt, this can make malicious behavior more difficult to detect and may hinder forensic analyses after a successful attack. + + + + + + + + + + + + Resources are not registered in the safety net systems, and/or additional unidentified resources exist. As such, additional weakness might be introduced. + + + + + + + + + + + + Credentials for groups and roles not properly configured. User accounts are configured with excessive privileges. + + + + + + + + + + + + <p>Without proper segmentation, when attackers gain access to one resource, any other resources in the same VNet are compromised.</p> + + + + + + + + + + + + Sensitive data is not encrypted and is exposed. + + + + + + + + + + + + <div> + Being highly selective in peering routing tables is a very effective way of minimizing the + impact of breach as resources outside of these routes are inaccessible to the peered VPC. + </div> + + + + + + + + + + + + <p>Receiving unauthorized connections to open ports makes systems vulnerable to attacks. To avoid this, access to network must be as restricted as possible, so that only the necessary ports are open and the minimum inbound traffic is accepted.</p> + + + + + + + + + + + + + + <div> + Connect to VPC using an AWS Site-to-Site VPN connection&nbsp; +</div> +<div> + <br> +</div> +<div> + Rationale: +</div> +<div> + By default, instances that you launch into an Amazon VPC can't communicate with your own (remote) network. You can enable access to your remote network from your VPC by creating an AWS Site-to-Site VPN (Site-to-Site VPN) connection, and configuring routing to pass traffic through the connection. +</div> +<div> + <br> +</div> +<div> + Remediation: +</div> +<div> + You can create, access, and manage your Site-to-Site VPN resources using any of the following interfaces: +</div> +<div> + <br> +</div> +<div> + AWS Management Console- Provides a web interface that you can use to access your Site-to-Site VPN resources. +</div> +<div> + <br> +</div> +<div> + AWS Command Line Interface (AWS CLI) - Provides commands for a broad set of AWS services, including Amazon VPC, and is supported on Windows, macOS, and Linux. +</div> +<div> + <br> +</div> +<div> + AWS SDKs - Provide language-specific APIs and takes care of many of the connection details, such as calculating signatures, handling request retries, and error handling. +</div> +<div> + <br> +</div> +<div> + Query API- Provides low-level API actions that you call using HTTPS requests. Using the Query API is the most direct way to access Amazon VPC, but it requires that your application handle low-level details such as generating the hash to sign the request, and error handling. +</div> +<div> + <br> +</div> +<div> + Impact: +</div> +<div> + None +</div> + + + + + + + + + <div> + After you create the AWS Site-to-Site VPN connection and configure the customer gateway, you can launch an instance and test the connection by pinging the instance. +</div> +<div> + <br> +</div> +<div> + Before you begin, make sure of the following: +</div> +<div> + <br> +</div> +<div> + <ul> + <li>Use an AMI that responds to ping requests. AWS recommends that you use one of the Amazon Linux AMIs.</li> + <li>Configure any security group or network ACL in your VPC that filters traffic to the instance to allow inbound and outbound ICMP traffic.</li> + <li>If you are using instances running Windows Server, connect to the instance and enable inbound ICMPv4 on the Windows firewall in order to ping the instance.</li> + <li>(Static routing) Ensure that the customer gateway device has a static route to your VPC, and that your VPN connection has a VPN connection has a static route so that traffic can get back to your customer gateway device.</li> + <li>(Dynamic routing) Ensure that the BGP status on your customer gateway device is established. It takes approximately 30 seconds for a BGP peering session to be established. Ensure that routes are advertised with BGP correctly and showing in the subnet route table, so that traffic can get back to your customer gateway. Make sure that both tunnels are configured with BGP routing.</li> + <li>Ensure that you have configured routing in your subnet route tables for the VPN connection.</li> + </ul> +</div> +<div> + <br> +</div> +<div> + To test end-to-end connectivity +</div> +<div> + <br> +</div> +<div> + 1. Open the Amazon EC2 console. +</div> +<div> + <br> +</div> +<div> + 2. On the dashboard, choose Launch Instance. +</div> +<div> + <br> +</div> +<div> + 3. On the Choose an Amazon Machine Image (AMI) page, choose an AMI, and then choose Select. +</div> +<div> + <br> +</div> +<div> + 4. Choose an instance type, and then choose Next: Configure Instance Details. +</div> +<div> + <br> +</div> +<div> + 5. On the Configure Instance Details page, for Network, select your VPC. For Subnet, select your subnet. Choose Next until you reach the Configure Security Group page. +</div> +<div> + <br> +</div> +<div> + 6. Select the Select an existing security group option, and then select the group that you configured earlier. Choose Review and Launch. +</div> +<div> + <br> +</div> +<div> + 7. Review the settings that you've chosen. Make any changes that you need, and then choose Launch to select a key pair and launch the instance. +</div> +<div> + <br> +</div> +<div> + 8. After the instance is running, get its private IP address (for example, 10.0.0.4). The Amazon EC2 console displays the address as part of the instance's details. +</div> +<div> + <br> +</div> +<div> + 9. From a computer in your network that is behind the customer gateway device, use the ping command with the instance's private IP address. A successful response is similar to the following: +</div> +<div> + <br> +</div> +<div> + ping 10.0.0.4 +</div> +<div> + Pinging 10.0.0.4 with 32 bytes of data: +</div> +<div> + <br> +</div> +<div> + Reply from 10.0.0.4: bytes=32 time&lt;1ms TTL=128 +</div> +<div> + Reply from 10.0.0.4: bytes=32 time&lt;1ms TTL=128 +</div> +<div> + Reply from 10.0.0.4: bytes=32 time&lt;1ms TTL=128 +</div> +<div> + <br> +</div> +<div> + Ping statistics for 10.0.0.4: +</div> +<div> + Packets: Sent = 3, Received = 3, Lost = 0 (0% loss), +</div> +<div> + <br> +</div> +<div> + Approximate round trip times in milliseconds: +</div> +<div> + Minimum = 0ms, Maximum = 0ms, Average = 0ms +</div> +<div> + <br> +</div> +<div> + To test tunnel failover, you can temporarily disable one of the tunnels on your customer gateway device, and repeat the above step. You cannot disable a tunnel on the AWS side of the VPN connection. +</div> +<div> + <br> +</div> +<div> + You can use SSH or RDP to connect to your instances in the VPC. +</div> + + + + + + + + + + + + + + + + + + + <div> + Control access to VPC resources with IAM identities and policies +</div> +<div> + <br> +</div> +<div> + Rationale: +</div> +<div> + AWS Identity and Access Management (IAM) is an AWS service that helps an administrator securely control access to AWS resources. IAM administrators control who can be authenticated (signed in) and authorized (have permissions) to use Amazon VPC resources. IAM is an AWS service that you can use with no additional charge. +</div> +<div> + <br> +</div> +<div> + Remediation: +</div> +<div> + Control access to VPC resources by using: +</div> +<div> + 1. Identities: +</div> +<div> + Authentication is how you sign in to AWS using your identity credentials. +</div> +<div> + You must be authenticated (signed in to AWS) as the AWS account root user, an IAM user, or by assuming an IAM role. You can also use your company's single sign-on authentication, or even sign in using Google or Facebook. In these cases, your administrator previously set up identity federation using IAM roles. When you access AWS using credentials from another company, you are assuming a role indirectly. +</div> +<div> + <br> +</div> +<div> + 2. Identity-based policies: +</div> +<div> + Identity-based policies are JSON permissions policy documents that you can attach to an identity, such as an IAM user, role, or group. These policies control what actions that identity can perform, on which resources, and under what conditions. +</div> +<div> + <br> +</div> +<div> + 3. Resource-based policies: +</div> +<div> + Resource-based policies are JSON policy documents that you attach to a resource such as an Amazon S3 bucket. Service administrators can use these policies to define what actions a specified principal (account member, user, or role) can perform on that resource and under what conditions. Resource-based policies are inline policies. There are no managed resource-based policies. +</div> +<div> + <br> +</div> +<div> + 4. Access control lists (ACLs): +</div> +<div> + Access control lists (ACLs) are a type of policy that controls which principals (account members, users, or roles) have permissions to access a resource. ACLs are similar to resource-based policies, although they do not use the JSON policy document format. Amazon S3, AWS WAF, and Amazon VPC are examples of services that support ACLs. +</div> +<div> + <br> +</div> +<div> + Impact: +</div> +<div> + None +</div> + + + + + + + + With the IAM policy simulator, you can test and troubleshoot identity-based policies, IAM permissions boundaries, Organizations service control policies, and resource-based policies. + + + + + + + + + + + + + + + + + + + <div> + Creating CloudWatch alarms to monitor a NAT gateway +</div> +<div> + <br> +</div> +<div> + Rationale: +</div> +<div> + You can monitor your NAT gateway using CloudWatch, which collects information from your NAT gateway and creates readable, near real-time metrics. You can use this information to monitor and troubleshoot your NAT gateway. NAT gateway metric data is provided at 1-minute intervals, and statistics are recorded for a period of 15 months. +</div> +<div> + <br> +</div> +<div> + Remediation: +</div> +<div> + You can create a CloudWatch alarm that sends an Amazon SNS message when the alarm changes state. An alarm watches a single metric over a time period that you specify. It sends a notification to an Amazon SNS topic based on the value of the metric relative to a given threshold over a number of time periods. +</div> +<div> + <br> +</div> +<div> + For example, you can create an alarm that monitors the amount of traffic coming in or leaving the NAT gateway. The following alarm monitors the amount of outbound traffic from clients in your VPC through the NAT gateway to the internet. It sends a notification when the number of bytes reaches a threshold of 5,000,000 during a 15-minute period. +</div> +<div> + <br> +</div> +<div> + To create an alarm for outbound traffic through the NAT gateway +</div> +<div> + <br> +</div> +<div> + Open the CloudWatch console. +</div> +<div> + <br> +</div> +<div> + In the navigation pane, choose Alarms, Create Alarm. +</div> +<div> + <br> +</div> +<div> + Choose NAT gateway. +</div> +<div> + <br> +</div> +<div> + Select the NAT gateway and the BytesOutToDestination metric and choose Next. +</div> +<div> + <br> +</div> +<div> + Configure the alarm as follows, and choose Create Alarm when you are done: +</div> +<div> + <br> +</div> +<div> + Under Alarm Threshold, enter a name and description for your alarm. For Whenever, choose &gt;= and enter 5000000. Enter 1 for the consecutive periods. +</div> +<div> + <br> +</div> +<div> + Under Actions, select an existing notification list or choose New list to create a new one. +</div> +<div> + <br> +</div> +<div> + Under Alarm Preview, select a period of 15 minutes and specify a statistic of Sum. +</div> +<div> + <br> +</div> +<div> + You can create an alarm that monitors the ErrorPortAllocation metric and sends a notification when the value is greater than zero (0) for three consecutive 5-minute periods. +</div> +<div> + <br> +</div> +<div> + To create an alarm to monitor port allocation errors +</div> +<div> + <br> +</div> +<div> + Open the CloudWatch console. +</div> +<div> + <br> +</div> +<div> + In the navigation pane, choose Alarms, Create Alarm. +</div> +<div> + <br> +</div> +<div> + Choose NAT Gateway. +</div> +<div> + <br> +</div> +<div> + Select the NAT gateway and the ErrorPortAllocation metric and choose Next. +</div> +<div> + <br> +</div> +<div> + Configure the alarm as follows, and choose Create Alarm when you are done: +</div> +<div> + <br> +</div> +<div> + Under Alarm Threshold, enter a name and description for your alarm. For Whenever, choose &gt; and enter 0. Enter 3 for the consecutive periods. +</div> +<div> + <br> +</div> +<div> + Under Actions, select an existing notification list or choose New list to create a new one. +</div> +<div> + <br> +</div> +<div> + Under Alarm Preview, select a period of 5 minutes and specify a statistic of Maximum. +</div> +<div> + <br> +</div> +<div> + Impact: +</div> +<div> + None +</div> + + + + + + + + + + + + + + + <div> + You can test an alarm by setting it to any state using the SetAlarmState API action or the set-alarm-state command in the AWS CLI. This temporary state change lasts only until the next alarm comparison occurs. +</div> +<div> + <br> +</div> + + + + + + + + + + + + + + + + + + + <div> + Create Route 53 alias records for VPC endpoints +</div> +<div> + <br> +</div> +<div> + Rationale: +</div> +<div> + Attackers sometimes hijack traffic to internet endpoints such as web servers by intercepting DNS queries and returning their own IP addresses to DNS resolvers in place of the actual IP addresses for those endpoints. Users are then routed to the IP addresses provided by the attackers in the spoofed response, for example, to fake websites. +</div> +<div> + <br> +</div> +<div> + You can protect your domain from this type of attack, known as DNS spoofing or a man-in-the-middle attack, by configuring Domain Name System Security Extensions (DNSSEC), a protocol for securing DNS traffic. +</div> +<div> + <br> +</div> +<div> + An Amazon Virtual Private Cloud (Amazon VPC) interface endpoint lets you use AWS PrivateLink to access selected services. These services include some AWS services, services that are hosted by other AWS customers and partners in their own VPCs, and supported AWS Marketplace partner services. +</div> +<div> + <br> +</div> +<div> + Remediation: +</div> +<div> + To route domain traffic to an interface endpoint, use Amazon Route 53 to create an alias record. An alias record is a Route 53 extension to DNS. It's similar to a CNAME record, but you can create an alias record both for the root domain, such as example.com, and for subdomains, such as www.example.com. (You can create CNAME records only for subdomains.) +</div> +<div> + <br> +</div> +<div> + To route traffic to an Amazon VPC interface endpoint +</div> +<div> + <br> +</div> +<div> + If you created the Route 53 hosted zone and the Amazon VPC interface endpoint using the same account, skip to step 2. +</div> +<div> + <br> +</div> +<div> + If you created the hosted zone and the interface endpoint using different accounts, get the service name for the interface endpoint: +</div> +<div> + <br> +</div> +<div> + Sign in to the AWS Management Console and open the Amazon VPC console. +</div> +<div> + <br> +</div> +<div> + In the navigation pane, choose Endpoints. +</div> +<div> + <br> +</div> +<div> + In the right pane, choose the endpoint that you want to route internet traffic to. +</div> +<div> + <br> +</div> +<div> + In the bottom pane, get the value of DNS name, for example, vpce-0fd00dd593example-dexample.cloudtrail.us-west-2.vpce.amazonaws.com. +</div> +<div> + <br> +</div> +<div> + Open the Route 53 console. +</div> +<div> + <br> +</div> +<div> + In the navigation pane, choose Hosted Zones. +</div> +<div> + <br> +</div> +<div> + Choose the name of the hosted zone that has the domain name that you want to use to route traffic to your interface endpoint. +</div> +<div> + <br> +</div> +<div> + Choose Create Record Set. +</div> +<div> + <br> +</div> +<div> + Specify the following values: +</div> +<div> + <br> +</div> +<div> + Name +</div> +<div> + Enter the domain name that you want to use to route traffic to your Amazon VPC interface endpoint. +</div> +<div> + <br> +</div> +<div> + Type +</div> +<div> + Choose A - IPv4 address. +</div> +<div> + <br> +</div> +<div> + Alias +</div> +<div> + Choose Yes. +</div> +<div> + <br> +</div> +<div> + Alias Target +</div> +<div> + How you specify the value for Alias Target depends on whether you created the hosted zone and the interface endpoint using the same AWS account or different accounts: +</div> +<div> + <br> +</div> +<div> + Same account - Choose the list, and find the category Amazon VPC Endpoints. Then choose the DNS name of the interface endpoint that you want to route internet traffic to. +</div> +<div> + <br> +</div> +<div> + Different accounts - Enter the value that you got in step 1 of this procedure. +</div> +<div> + <br> +</div> +<div> + Routing Policy +</div> +<div> + Choose the applicable routing policy. For more information, see Choosing a routing policy. +</div> +<div> + <br> +</div> +<div> + Evaluate Target Health +</div> +<div> + Accept the default value of No. +</div> +<div> + <br> +</div> +<div> + Choose Create. +</div> +<div> + <br> +</div> +<div> + Changes generally propagate to all Route 53 servers within 60 seconds. When propagation is done, you'll be able to route traffic to your interface endpoint by using the name of the alias record that you created in this procedure. +</div> +<div> + <br> +</div> +<div> + Impact: +</div> +<div> + None +</div> + + + + + + + + Changes generally propagate to all Route 53 servers within 60 seconds. When propagation is done, you'll be able to route traffic to your interface endpoint by using the name of the alias record that you created in this procedure. + + + + + + + + + + + + + + + + + + + <div> + Do not put sensitive identifying information, such as your customers' account numbers, into free-form fields such as a Name field. +</div> +<div> + <br> +</div> +<div> + Rationale: +</div> +<div> + AWS strongly recommends that you never put sensitive identifying information, such as your customers' account numbers, into free-form fields such as a Name field. This includes when you work with Amazon VPC or other AWS services using the console, API, AWS CLI, or AWS SDKs. Any data that you enter into Amazon VPC or other services might get picked up for inclusion in diagnostic logs. When you provide a URL to an external server, don't include credentials information in the URL to validate your request to that server. +</div> +<div> + <br> +</div> +<div> + Remediation: +</div> +<div> + Ensure that free-form fields do not contain sensitive data. +</div> +<div> + <br> +</div> +<div> + Impact: +</div> +<div> + None +</div> + + + + + + + + + + + + + + + + + + + + + + + + + VPC Flow logs enable the capture of IP traffic that traverses the network interfaces within a + VPC. These logs are captured and sent to cloudtrail logs enabling you to detect security + incidents that may be occurring across the network. + <div> + <br /> + </div> + <div> + <b>Remediation:</b> + <br /> + <ol> + <li>Sign into the management console.</li> + <li>Select VPC from the services menu.</li> + <li>In the left pane click &quot;Your VPCs&quot;.</li> + <li>Select a VPC.</li> + <li>Select the Flow Logs tab from the preview panel.</li> + <li>Select &quot;Create Flow Log&quot;.</li> + <li>Choose a role (note this must be pre-created. Follow the link provided in the text + underneath &quot;Role&quot; for help).</li> + <li>Select a &quot;Destination Log Group&quot;.</li> + <li>Click &quot;Create flow Log&quot;.</li> + </ol> + + + + + + + + + + + + + + + <ol> + <li>Sign into the management console.</li> + <li>Select VPC from the services menu.</li> + <li>In the left pane click &quot;Your VPCs&quot;.</li> + <li>Select a VPC.</li> + <li>Select the Flow Logs tab from the preview panel.</li> + <li>Ensure a Log Flow exists that has Active in the Status column.</li> + </ol> + + + + + + + + + + + + + + + + + <div> + Enable VPC Traffic Mirroring +</div> +<div> + <br> +</div> +<div> + Rationale: +</div> +<div> + Traffic Mirroring is an Amazon VPC feature that you can use to copy network traffic from an elastic network interface of Amazon EC2 instances. You can then send the traffic to out-of-band security and monitoring appliances for: +</div> +<div> + <br> +</div> +<div> + Content inspection +</div> +<div> + <br> +</div> +<div> + Threat monitoring +</div> +<div> + <br> +</div> +<div> + Troubleshooting +</div> +<div> + <br> +</div> +<div> + The security and monitoring appliances can be deployed as individual instances, or as a fleet of instances behind a Network Load Balancer with a UDP listener. Traffic Mirroring supports filters and packet truncation, so that you only extract the traffic of interest to monitor by using monitoring tools of your choice. +</div> +<div> + <br> +</div> +<div> + Remediation: +</div> +<div> + You can create, access, and manage your traffic mirror resources using any of the following: +</div> +<div> + <br> +</div> +<div> + AWS Management Console- Provides a web interface that you can use to access your traffic mirror resources. +</div> +<div> + <br> +</div> +<div> + AWS Command Line Interface (AWS CLI) - Provides commands for a broad set of AWS services, including Amazon VPC. The AWS CLI is supported on Windows, macOS, and Linux. +</div> +<div> + <br> +</div> +<div> + AWS SDKs - Provide language-specific APIs. The AWS SDKs take care of many of the connection details, such as calculating signatures, handling request retries, and handling errors. +</div> +<div> + <br> +</div> +<div> + Query API- Provides low-level API actions that you call using HTTPS requests. Using the Query API is the most direct way to access Amazon VPC. However, it requires that your application handle low-level details such as generating the hash to sign the request and handling errors. +</div> +<div> + <br> +</div> +<div> + Impact: +</div> +<div> + None +</div> + + + + + + + + + + + + + + + <div> + You can review your traffic mirror targets, filters and sessions from Amazon VPC console:&nbsp; +</div> +<div> + <br> +</div> +<div> + 1. Open the Amazon VPC console. +</div> +<div> + <br> +</div> +<div> + 2. In the Region selector, choose the AWS Region that you used when you created the VPCs. +</div> +<div> + <br> +</div> +<div> + 3. On the navigation pane, choose Traffic Mirroring, Mirror Targets/Mirror Filters/Mirror Sessions. +</div> + + + + + + + + + + + + + + + + + + + <p>Log to a dedicated and centralized Amazon S3 bucket</p> +<p>Rationale:<br> CloudTrail log files are an audit log of actions taken by a user, role or an AWS service. The integrity, completeness and availability of these logs is crucial for forensic and auditing purposes. By logging to a dedicated and centralized Amazon S3 bucket, you can enforce strict security controls, access, and segregation of duties.</p> +<p>Remediation:<br> The following are some steps you can take:</p> +<p>- Create a separate AWS account as a log archive account. If you use AWS Organizations, enroll this account in the organization, and consider creating an organization trail to log data for all AWS accounts in your organization.</p> +<p>- If you do not use Organizations but want to log data for multiple AWS accounts, create a trail to log activity in this log archive account. Restrict access to this account to only trusted administrative users who should have access to account and auditing data.</p> +<p>- As part of creating a trail, whether it is an organization trail or a trail for a single AWS account, create a dedicated Amazon S3 bucket to store log files for this trail.</p> +<p>- If you want to log activity for more than one AWS account, modify the bucket policy to allow logging and storing log files for all AWS accounts that you want to log AWS account activity.</p> +<p>- If you are not using an organization trail, create trails in all of your AWS accounts, specifying the Amazon S3 bucket in the log archive account.</p> +<p>Impact:<br> None</p> + + + + + + + + + <p>Ensure that you are using a dedicated and centralized Amazon S3 bucket for CloudTrail log files.</p> + + + + + + + + + + + + + + + + + <div> + Once a VPC peering connection is established, routing tables must be updated to establish any connections between the peered VPCs. These routes can be as specific as desired - even peering a VPC to only a single host on the other side of the connection. +</div> +<div> + <br> +</div> +<div> + <b> Rationale: </b> + Being highly selective in peering routing tables is a very effective way of minimizing the impact of breach as resources outside of these routes are inaccessible to the peered VPC. +</div> +<div> + <br> +</div> +<div> + <b> Remediation: </b> + Remove and add route table entries to ensure that the least number of subnets or hosts as is required to accomplish the purpose for peering are routable. +</div> +<div> + <br> + Via CLI: +</div> +<div> + <ul> + <li>For each &lt;route_table_id&gt; containing routes non compliant with your routing policy (which grants more than desired ""least access""), delete the non compliant route:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 delete-route --route-table-id &lt;route_table_id&gt; --destination-cidr-block &lt;non_compliant_destination_CIDR&gt; + </div> + </blockquote> +</blockquote> +<div> + <br> +</div> +<div> + <ul> + <li>Create a new compliant route:</li> + </ul> +</div> +<blockquote> + <blockquote> + <div> + aws ec2 create-route --route-table-id &lt;route_table_id&gt; --destination-cidr-block &lt;compliant_destination_CIDR&gt; --vpc-peering-connection-id &lt;peering_connection_id&gt; + </div> + </blockquote> +</blockquote> + + + + + + + + + + Review routing tables of peered VPCs for whether they route + all subnets of each VPC and whether that is necessary to accomplish the intended purposes + for peering the VPCs.<br /><br /><b>Via CLI:</b><br />List all + the route tables from a VPC and check if &quot;GatewayId&quot; is pointing to a + &lt;peering_connection_id&gt; (e.g. pcx-1a2b3c4d) and if &quot;DestinationCidrBlock&quot; + is as specific as desired.<br /> + <blockquote> + aws ec2 describe-route-tables --filter &quot;Name=vpc-id,Values=&lt;vpc_id&gt;&quot; + --query &quot;RouteTables[*].{RouteTableId:RouteTableId, VpcId:VpcId, Routes:Routes, + AssociatedSubnets:Associations[*].SubnetId}&quot; + </blockquote> + + + + + + + + + + + + + + + + + AWS virtual private cloud is the de-facto standard for networking AWS as it provides additional security controls such as Security Groups, Network Access Control Lists (NACL's) and routing. It is recommended that resources be placed into VPC's according to use case (ie dev/test/prod) and that appropriate security levels be set on these VPC's. Placing such resources accordingly ensures that a resource of a higher security level is not exposed by the security settings of a lower labeled VPC.&nbsp; +<div> + &nbsp; + <br> + <b>Remediation:</b> + <br> + <ol> + <li>Identify the resources that exist within an incorrect VPC.</li> + <li>Migrate or move them to the correct VPC.</li> + </ol> + <br> + <br> + <br> + <br> + <br> + <br> + <br> + <br> + <br> +</div> + + + + + + Ensure that each AWS resource added to a VPC is isolated according to its designation (ie + test/dev/prod). + + + + + + + + + + + + + + + + + <div> + Use Network ACLs for VPC as an additional layer of security +</div> +<div> + <br> +</div> +<div> + Rationale: +</div> +<div> + A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC. +</div> +<div> + <br> +</div> +<div> + Remediation: +</div> +<div> + You can add or remove rules from the default network ACL, or create additional network ACLs for your VPC. When you add or remove rules from a network ACL, the changes are automatically applied to the subnets that it's associated with. +</div> +<div> + <br> +</div> +<div> + The following are the parts of a network ACL rule: +</div> +<div> + <br> +</div> +<div> + Rule number. Rules are evaluated starting with the lowest numbered rule. As soon as a rule matches traffic, it's applied regardless of any higher-numbered rule that might contradict it. +</div> +<div> + <br> +</div> +<div> + Type. The type of traffic; for example, SSH. You can also specify all traffic or a custom range. +</div> +<div> + <br> +</div> +<div> + Protocol. You can specify any protocol that has a standard protocol number. For more information, see Protocol Numbers. If you specify ICMP as the protocol, you can specify any or all of the ICMP types and codes. +</div> +<div> + <br> +</div> +<div> + Port range. The listening port or port range for the traffic. For example, 80 for HTTP traffic. +</div> +<div> + <br> +</div> +<div> + Source. [Inbound rules only] The source of the traffic (CIDR range). +</div> +<div> + <br> +</div> +<div> + Destination. [Outbound rules only] The destination for the traffic (CIDR range). +</div> +<div> + <br> +</div> +<div> + Allow/Deny. Whether to allow or deny the specified traffic. +</div> +<div> + <br> +</div> +<div> + Impact: +</div> +<div> + None +</div> + + + + + + + + <div> + <b>Review your Network ACLs using the console:</b> +</div> +<div> + <br> +</div> +<div> + 1. Open the Amazon VPC console. +</div> +<div> + <br> +</div> +<div> + 2. In the navigation pane, choose Network ACLs. +</div> +<div> + <br> +</div> +<div> + 3. Select a Network ACL to see details. +</div> + + + + + + + + + + + + + + + + + + + <div> + Use VPC endpoint policies +</div> +<div> + <br> +</div> +<div> + Rationale: +</div> +<div> + When you create an endpoint, you can attach an endpoint policy to it that controls access to the service to which you are connecting. Endpoint policies must be written in JSON format. Not all services support endpoint policies. +</div> +<div> + <br> +</div> +<div> + Remediation: +</div> +<div> + A VPC endpoint policy is an IAM resource policy that you attach to an endpoint when you create or modify the endpoint. If you do not attach a policy when you create an endpoint, AWS attaches a default policy for you that allows full access to the service. If a service does not support endpoint policies, the endpoint allows full access to the service. An endpoint policy does not override or replace IAM user policies or service-specific policies (such as S3 bucket policies). It is a separate policy for controlling access from the endpoint to the specified service. +</div> +<div> + <br> +</div> +<div> + You cannot attach more than one policy to an endpoint. However, you can modify the policy at any time. If you do modify a policy, it can take a few minutes for the changes to take effect. For more information about writing policies, see Overview of IAM Policies in the IAM User Guide. +</div> +<div> + <br> +</div> +<div> + Your endpoint policy can be like any IAM policy; however, take note of the following: +</div> +<div> + <br> +</div> +<div> + Only the parts of the policy that relate to the specified service will work. You cannot use an endpoint policy to allow resources in your VPC to perform other actions; for example, if you add EC2 actions to an endpoint policy for an endpoint to Amazon S3, they will have no effect. +</div> +<div> + <br> +</div> +<div> + Your policy must contain a Principal element. For additional information related gateway endpoints, see Endpoint policies for gateway endpoints. +</div> +<div> + <br> +</div> +<div> + The size of an endpoint policy cannot exceed 20,480 characters (including white space). +</div> +<div> + <br> +</div> +<div> + Impact: +</div> +<div> + None +</div> + + + + + + + + With the IAM policy simulator, you can test and troubleshoot identity-based policies, IAM permissions boundaries, Organizations service control policies, and resource-based policies. + + + + + + + + + + + + + + + + + + + <p>Use VPC security groups</p><p>Rationale:</p><p>A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC can be assigned to a different set of security groups.</p><p>If you launch an instance using the Amazon EC2 API or a command line tool and you don't specify a security group, the instance is automatically assigned to the default security group for the VPC. If you launch an instance using the Amazon EC2 console, you have an option to create a new security group for the instance.</p><p>For each security group, you add rules that control the inbound traffic to instances, and a separate set of rules that control the outbound traffic.</p><p>Remediation:</p><p>To create a security group using the console</p><p>Open the Amazon VPC console.</p><p>In the navigation pane, choose Security Groups.</p><p>Choose Create Security Group.</p><p>Enter a name for the security group (for example, my-security-group) and provide a description. Select the ID of your VPC from the VPC menu and choose Yes, Create.</p><p>To create a security group use the command line</p><p>create-security-group (AWS CLI)</p><p>New-EC2SecurityGroup (AWS Tools for Windows PowerShell)</p><p>Describe one or more security groups using the command line</p><p>describe-security-groups (AWS CLI)</p><p>Get-EC2SecurityGroup (AWS Tools for Windows PowerShell)</p><p>By default, new security groups start with only an outbound rule that allows all traffic to leave the instances. You must add rules to enable any inbound traffic or to restrict the outbound traffic.</p><p>Impact:</p><p>None</p> + + + + + + + + <p><strong>Review your security groups using the console:</strong></p><p>1. Open the Amazon VPC console.</p><p>2. In the navigation pane, choose Security Groups.</p><p>3. Select a security group to see the details.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers could gain unauthorized access to the control of the environment, due to improper definition and configuration of user accounts or role groups.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers can gain access to sensitive data when the data is in transit in clear text, or when the data is stored without encryption.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Exploitation of insufficient logging and monitoring is the bedrock of nearly every major incident.<br /> + Attackers rely on the lack of monitoring and timely response to achieve their goals without being detected.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Eavesdropping on communication is a network attack that captures network packets transmitted by other computers and reads the data content. This type of network attack is most effective when weak encryption services are used. An attacker could eavesdrop on the communication between the client and server and decrypt the encrypted data.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers could gain unauthorized network access to the resources through misconfigured ports or security network configurations.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Credentials for groups and roles not properly configured. User accounts are configured with excessive privileges. + + + + + + + + + + + + + + <p>Control access to AWS WAF resources</p> +<p>Rationale:<br> Every AWS resource is owned by an AWS account, and permissions to create or access a resource are governed by permissions policies. An account administrator can attach permissions policies to IAM identities (that is, users, groups, and roles). <br> Policies that are attached to an IAM identity are known as identity-based policies, and policies that are attached to a resource are known as resource-based policies. AWS WAF supports only identity-based policies.</p> +<p>Remediation:<br> Using identity-based policies (IAM policies) for AWS WAF</p> +<p>The following shows an example of a permissions policy:</p> +<p>{ "Version": "2019-07-29", "Statement": [ { "Sid": "CreateFunctionPermissions", "Effect": "Allow", "Action": [ "wafv2:ListWebACLs", "wafv2:GetWebACL", "cloudwatch:ListMetrics", "wafv2:GetSampledRequests" ], "Resource": "*" }, { "Sid": "PermissionToPassAnyRole", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "arn:aws:iam::account-id:role/*" } ]<br> }</p> +<p>Impact:<br> None</p> + + + + + + + + <p>With the IAM policy simulator, you can test and troubleshoot identity-based policies, IAM permissions boundaries, Organizations service control policies, and resource-based policies.</p> + + + + + + + + + + + + + + + + + <p>Log to a dedicated and centralized Amazon S3 bucket</p> +<p>Rationale:<br> CloudTrail log files are an audit log of actions taken by a user, role or an AWS service. The integrity, completeness and availability of these logs is crucial for forensic and auditing purposes. By logging to a dedicated and centralized Amazon S3 bucket, you can enforce strict security controls, access, and segregation of duties.</p> +<p>Remediation:<br> The following are some steps you can take:</p> +<p>- Create a separate AWS account as a log archive account. If you use AWS Organizations, enroll this account in the organization, and consider creating an organization trail to log data for all AWS accounts in your organization.</p> +<p>- If you do not use Organizations but want to log data for multiple AWS accounts, create a trail to log activity in this log archive account. Restrict access to this account to only trusted administrative users who should have access to account and auditing data.</p> +<p>- As part of creating a trail, whether it is an organization trail or a trail for a single AWS account, create a dedicated Amazon S3 bucket to store log files for this trail.</p> +<p>- If you want to log activity for more than one AWS account, modify the bucket policy to allow logging and storing log files for all AWS accounts that you want to log AWS account activity.</p> +<p>- If you are not using an organization trail, create trails in all of your AWS accounts, specifying the Amazon S3 bucket in the log archive account.</p> +<p>Impact:<br> None</p> + + + + + + + + + <p>Ensure that you are using a dedicated and centralized Amazon S3 bucket for CloudTrail log files.</p> + + + + + + + + + + + + + + + + + + + + + <p>Attackers could gain unauthorized access to the control of the environment, due to improper definition and configuration of user accounts or role groups.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers could gain unauthorized access to the control of the environment, due to improper definition and configuration of user accounts or role groups.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + The software does not encrypt sensitive or critical information + before storage or transmission. + + + + + + + + + + + + + A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make a decision about granting access to restricted resources or functionality. + + + + + + + + + + + + + + When using password or key material within an application, these are copied in memory and can be copied back to the disk depending on several factors. + +If the application handles passwords or key material, an attacker with access to the system could inspect the memory or the hard disk to retrieve back those secrets on its original form. + + + + + + + + + + + + + + <p>The version of the firmware installed on a hardware device is not the latest version available.</p> + + + + + + + + + + + + Weaknesses in this category affect memory + resources. + + + + + + + + + + + + + + + <div> + <div> + Data stored on the server or the client must be protected by encryption (data + <i>at rest</i>). + </div> + <div> + <ul> + <li>Cryptographically strong symmetric or asymmetric (public-key) encryption&nbsp;should + be used to protect the data.</li> + <li>Encryption should be performed before the data is written to disk or other persistent + storage.</li> + <li>The key for encrypting and decrypting the data should <i>not</i> be + accessible from the same host.&nbsp;</li> + <li>The encryption and decryption operation should be performed on a different host.</li> + <li>A recognized, proven, and tested implementation/library should be used (in preference + to a bespoke implementation).</li> + </ul> + </div> + </div> + <div> + </div> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <ol><li>Check the functions of the application which are storing sensitive data.</li><li>For each of the functions check they are using an external service to encrypt the data.</li><li>Check that neither the sensitive data nor the keys used to encrypt the data are stored on the host after the encryption process completes.</li></ol> + + + + + + + + + + + + + + + + + <p>Custom chipsets continue to anchor a great deal of the hardware within corporate data centers or in high-end desktops. Because these purpose-built chips are tailored for niche purposes, manufacturer security reviews are not nearly as intense as those conducted for chips that are to be installed in much larger groups of devices. Over time, hackers find vulnerabilities in these chips, causing the manufacturer to scramble to find a patch.</p><p>When possible avoid using custom chipsets.</p> + + + + + + + + + + + + + + + + + + + + + + + + + <p>In many cases IoT, IIoT and smart building hardware can be accessed locally though a managed Ethernet or serial interface. If these connections aren't locked down -- from both a configuration and physical sense -- a bad actor may be able to compromise a company's infrastructure by tampering with these devices while visiting the office, warehouse or manufacturing plant.</p><p>Ensure that the local connections to these devices are protected enough to avoid physical attacks.</p> + + + + + + + + + + + + + + + + + + + + + + + + + <div> + Security is often compromised through default or predictable account credentials, such as + 'admin/admin'. Best-practice dictates that accounts are only enabled when required, do not have + common account names, and force users to choose unique strong passwords rather than using vendor + defaults. + </div> + <div> + <ul> + <li>Ensure all default application and software accounts are disabled or removed if not + required</li> + <li>Strong passwords should be set on accounts that are required, default credentials must + be changed.</li> + <li>Build application accounts from a least-privilege perspective.&nbsp;</li> + <ul> + <li>Accounts should only be enabled if required.&nbsp;</li> + <li>Users should have individual accounts rather than role-based ones (e.g. dave-admin, + sue-admin rather than a shared 'admin' user)</li> + </ul> + </ul> + </div> + <div> + <br /> + </div> + + + + + + + + + + + + + + + + + + + <ol> + <li>Identify all the authentication points for this component.&nbsp;</li> + <li>Check that authentication with default credentials is not possible.</li> + </ol> + + + + + + + + + + + + + + + + + + <p>There's a set of steps to follow in order to update the firmware of a device:</p><ul><li>Know the model of your device and what firmware it uses</li><li>Check if there is a firmware update available for your device</li><li>Prepare your device for the firmware update<ul><li>Read the <strong>Readme</strong> file that is distributed with the new firmware update</li><li>Always use a <strong>reliable power supply</strong> for your device during the firmware update process</li><li>If you use a computer to update a device's firmware, make sure that the computer has <strong>no third-party antivirus</strong> running on it</li><li>If you're going to update the firmware on a device using a USB memory stick or any other kind of external memory, make sure that you use a memory stick of good quality</li></ul></li><li>Backup the current firmware from your device</li></ul><p>&nbsp;</p> + + + + + + + + + + + + + + + + + + + + <p>Verify that the latest version of the firmware has been successfully installed by checking that the installed version is the same as the latest version.</p> + + + + + + + + + + + + + + + + + + + + + <p>A data breach is a security violation in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Sensitive data could be exposed due to a bad configuration in user permissions.</p> + + + + + + + + + + + + + + + + + + + + + + + Buffer Overflow attacks target improper or missing bounds checking on buffer + operations, typically triggered by input injected by an attacker. As a consequence, an + attacker is able to write past the boundaries of allocated buffer regions in memory, + causing a program crash or potentially redirection of execution as per the attackers' + choice. + + + + + + + + + + + + + + + + + + + + + + + + <p>In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions.&nbsp;</p> +<p>The key factor in this attack is the attackers' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. While the defender cannot control the resources available to an attacker, they can control the size of the secret space.&nbsp;</p> +<p>Creating a large secret space involves selecting one's secret from as large a field of equally likely alternative secrets as possible and ensuring that an attacker is unable to reduce the size of this field using available clues or cryptanalysis. Doing this is more difficult than it sounds since eliminating patterns (which, in turn, would provide an attacker clues that would help them reduce the space of potential secrets) is difficult to do using deterministic machines, such as computers.&nbsp;</p> +<p>Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information. For example, a secret space that will likely take hundreds of years to explore is likely safe from raw-brute force attacks.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>A device has a vulnerability that is used by malicious actors to exploit the system.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers gain access to sensitive data using known vulnerabilities in the default configuration. These configurations are not secure enough for production environments.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + The software does not encrypt sensitive or critical information + before storage or transmission. + + + + + + + + + + + + + A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make a decision about granting access to restricted resources or functionality. + + + + + + + + + + + + + + When using password or key material within an application, these are copied in memory and can be copied back to the disk depending on several factors. + +If the application handles passwords or key material, an attacker with access to the system could inspect the memory or the hard disk to retrieve back those secrets on its original form. + + + + + + + + + + + + + + <p>The version of the firmware installed on a hardware device is not the latest version available.</p> + + + + + + + + + + + + Weaknesses in this category affect memory + resources. + + + + + + + + + + + + + + + <div> + <div> + Data stored on the server or the client must be protected by encryption (data + <i>at rest</i>). + </div> + <div> + <ul> + <li>Cryptographically strong symmetric or asymmetric (public-key) encryption&nbsp;should + be used to protect the data.</li> + <li>Encryption should be performed before the data is written to disk or other persistent + storage.</li> + <li>The key for encrypting and decrypting the data should <i>not</i> be + accessible from the same host.&nbsp;</li> + <li>The encryption and decryption operation should be performed on a different host.</li> + <li>A recognized, proven, and tested implementation/library should be used (in preference + to a bespoke implementation).</li> + </ul> + </div> + </div> + <div> + </div> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <ol><li>Check the functions of the application which are storing sensitive data.</li><li>For each of the functions check they are using an external service to encrypt the data.</li><li>Check that neither the sensitive data nor the keys used to encrypt the data are stored on the host after the encryption process completes.</li></ol> + + + + + + + + + + + + + + + + + <p>Custom chipsets continue to anchor a great deal of the hardware within corporate data centers or in high-end desktops. Because these purpose-built chips are tailored for niche purposes, manufacturer security reviews are not nearly as intense as those conducted for chips that are to be installed in much larger groups of devices. Over time, hackers find vulnerabilities in these chips, causing the manufacturer to scramble to find a patch.</p><p>When possible avoid using custom chipsets.</p> + + + + + + + + + + + + + + + + + + + + + + + + + <p>In many cases IoT, IIoT and smart building hardware can be accessed locally though a managed Ethernet or serial interface. If these connections aren't locked down -- from both a configuration and physical sense -- a bad actor may be able to compromise a company's infrastructure by tampering with these devices while visiting the office, warehouse or manufacturing plant.</p><p>Ensure that the local connections to these devices are protected enough to avoid physical attacks.</p> + + + + + + + + + + + + + + + + + + + + + + + + + <div> + Security is often compromised through default or predictable account credentials, such as + 'admin/admin'. Best-practice dictates that accounts are only enabled when required, do not have + common account names, and force users to choose unique strong passwords rather than using vendor + defaults. + </div> + <div> + <ul> + <li>Ensure all default application and software accounts are disabled or removed if not + required</li> + <li>Strong passwords should be set on accounts that are required, default credentials must + be changed.</li> + <li>Build application accounts from a least-privilege perspective.&nbsp;</li> + <ul> + <li>Accounts should only be enabled if required.&nbsp;</li> + <li>Users should have individual accounts rather than role-based ones (e.g. dave-admin, + sue-admin rather than a shared 'admin' user)</li> + </ul> + </ul> + </div> + <div> + <br /> + </div> + + + + + + + + + + + + + + + + + + + <ol> + <li>Identify all the authentication points for this component.&nbsp;</li> + <li>Check that authentication with default credentials is not possible.</li> + </ol> + + + + + + + + + + + + + + + + + + <p>There's a set of steps to follow in order to update the firmware of a device:</p><ul><li>Know the model of your device and what firmware it uses</li><li>Check if there is a firmware update available for your device</li><li>Prepare your device for the firmware update<ul><li>Read the <strong>Readme</strong> file that is distributed with the new firmware update</li><li>Always use a <strong>reliable power supply</strong> for your device during the firmware update process</li><li>If you use a computer to update a device's firmware, make sure that the computer has <strong>no third-party antivirus</strong> running on it</li><li>If you're going to update the firmware on a device using a USB memory stick or any other kind of external memory, make sure that you use a memory stick of good quality</li></ul></li><li>Backup the current firmware from your device</li></ul><p>&nbsp;</p> + + + + + + + + + + + + + + + + + + + + <p>Verify that the latest version of the firmware has been successfully installed by checking that the installed version is the same as the latest version.</p> + + + + + + + + + + + + + + + + + + + + + <p>A device has a vulnerability that is used by malicious actors to exploit the system.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>A data breach is a security violation in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Sensitive data could be exposed due to a bad configuration in user permissions.</p> + + + + + + + + + + + + + + + + + + + + + + + Buffer Overflow attacks target improper or missing bounds checking on buffer + operations, typically triggered by input injected by an attacker. As a consequence, an + attacker is able to write past the boundaries of allocated buffer regions in memory, + causing a program crash or potentially redirection of execution as per the attackers' + choice. + + + + + + + + + + + + + + + + + + + + + + + + <p>In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions.&nbsp;</p> +<p>The key factor in this attack is the attackers' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. While the defender cannot control the resources available to an attacker, they can control the size of the secret space.&nbsp;</p> +<p>Creating a large secret space involves selecting one's secret from as large a field of equally likely alternative secrets as possible and ensuring that an attacker is unable to reduce the size of this field using available clues or cryptanalysis. Doing this is more difficult than it sounds since eliminating patterns (which, in turn, would provide an attacker clues that would help them reduce the space of potential secrets) is difficult to do using deterministic machines, such as computers.&nbsp;</p> +<p>Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information. For example, a secret space that will likely take hundreds of years to explore is likely safe from raw-brute force attacks.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers gain access to sensitive data using known vulnerabilities in the default configuration. These configurations are not secure enough for production environments.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.&nbsp;</p><p>&nbsp;&nbsp;<br>Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted and executed as SQL instead of ordinary user data. This can be leveraged to alter query logic in order to bypass security checks, or to insert additional statements that modify the back-end database, possibly including execution of system commands. SQL injection has become a common issue with database-driven web sites. The flaw is relatively easily detected, and often easily exploited, and as such, any site or software package with even a minimal user base is likely to be subject to an attempted automated attack of this kind. This flaw depends on the fact that SQL makes no real distinction between the control and data planes.</p> + + + + + + + + + + + + + + + The software does not encrypt sensitive or critical information + before storage or transmission. + + + + + + + + + + + + + A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make a decision about granting access to restricted resources or functionality. + + + + + + + + + + + + + + When using password or key material within an application, these are copied in memory and can be copied back to the disk depending on several factors. + +If the application handles passwords or key material, an attacker with access to the system could inspect the memory or the hard disk to retrieve back those secrets on its original form. + + + + + + + + + + + + + + <p>The version of the firmware installed on a hardware device is not the latest version available.</p> + + + + + + + + + + + + Weaknesses in this category affect memory + resources. + + + + + + + + + + + + + + + <div> + <div> + Data stored on the server or the client must be protected by encryption (data + <i>at rest</i>). + </div> + <div> + <ul> + <li>Cryptographically strong symmetric or asymmetric (public-key) encryption&nbsp;should + be used to protect the data.</li> + <li>Encryption should be performed before the data is written to disk or other persistent + storage.</li> + <li>The key for encrypting and decrypting the data should <i>not</i> be + accessible from the same host.&nbsp;</li> + <li>The encryption and decryption operation should be performed on a different host.</li> + <li>A recognized, proven, and tested implementation/library should be used (in preference + to a bespoke implementation).</li> + </ul> + </div> + </div> + <div> + </div> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <ol><li>Check the functions of the application which are storing sensitive data.</li><li>For each of the functions check they are using an external service to encrypt the data.</li><li>Check that neither the sensitive data nor the keys used to encrypt the data are stored on the host after the encryption process completes.</li></ol> + + + + + + + + + + + + + + + + + <p>Custom chipsets continue to anchor a great deal of the hardware within corporate data centers or in high-end desktops. Because these purpose-built chips are tailored for niche purposes, manufacturer security reviews are not nearly as intense as those conducted for chips that are to be installed in much larger groups of devices. Over time, hackers find vulnerabilities in these chips, causing the manufacturer to scramble to find a patch.</p><p>When possible avoid using custom chipsets.</p> + + + + + + + + + + + + + + + + + + + + + + + + + <p>In many cases IoT, IIoT and smart building hardware can be accessed locally though a managed Ethernet or serial interface. If these connections aren't locked down -- from both a configuration and physical sense -- a bad actor may be able to compromise a company's infrastructure by tampering with these devices while visiting the office, warehouse or manufacturing plant.</p><p>Ensure that the local connections to these devices are protected enough to avoid physical attacks.</p> + + + + + + + + + + + + + + + + + + + + + + + + + <div> + Security is often compromised through default or predictable account credentials, such as + 'admin/admin'. Best-practice dictates that accounts are only enabled when required, do not have + common account names, and force users to choose unique strong passwords rather than using vendor + defaults. + </div> + <div> + <ul> + <li>Ensure all default application and software accounts are disabled or removed if not + required</li> + <li>Strong passwords should be set on accounts that are required, default credentials must + be changed.</li> + <li>Build application accounts from a least-privilege perspective.&nbsp;</li> + <ul> + <li>Accounts should only be enabled if required.&nbsp;</li> + <li>Users should have individual accounts rather than role-based ones (e.g. dave-admin, + sue-admin rather than a shared 'admin' user)</li> + </ul> + </ul> + </div> + <div> + <br /> + </div> + + + + + + + + + + + + + + + + + + + <ol> + <li>Identify all the authentication points for this component.&nbsp;</li> + <li>Check that authentication with default credentials is not possible.</li> + </ol> + + + + + + + + + + + + + + + + + + <p>There's a set of steps to follow in order to update the firmware of a device:</p><ul><li>Know the model of your device and what firmware it uses</li><li>Check if there is a firmware update available for your device</li><li>Prepare your device for the firmware update<ul><li>Read the <strong>Readme</strong> file that is distributed with the new firmware update</li><li>Always use a <strong>reliable power supply</strong> for your device during the firmware update process</li><li>If you use a computer to update a device's firmware, make sure that the computer has <strong>no third-party antivirus</strong> running on it</li><li>If you're going to update the firmware on a device using a USB memory stick or any other kind of external memory, make sure that you use a memory stick of good quality</li></ul></li><li>Backup the current firmware from your device</li></ul><p>&nbsp;</p> + + + + + + + + + + + + + + + + + + + + <p>Verify that the latest version of the firmware has been successfully installed by checking that the installed version is the same as the latest version.</p> + + + + + + + + + + + + + + + + + <p>Database injection attacks, such as SQLi (SQL Injection) rely on sending tainted client-side data which is used in dynamic SQL queries on the server-side in an unsafe manner. Creating queries by concatenating strings using untrusted data may result in&nbsp;vulnerable code;&nbsp;for example, an attacker appending an 'OR' statement to the customerName parameter in order to bypass checks and retrieve additional data from the database:</p><p> + &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;</p><ul><li>String query = "SELECT user FROM users WHERE name = '"</li></ul><p>&nbsp;+ request.getParameter("customerName")+"'";</p><p>The use of prepared statements with carefully controlled and validated input conditions mitigates SQLi and related attacks.</p><ul><li>Database queries should always be executed using prepared statements or parameterized queries.</li><li>Queries through an Object-Relational mapper should also be treated as tainted input, and again executed using prepared statements to mitigate the threat.</li></ul> + + + ClN0cmluZyBxdWVyeSA9ICJTRUxFQ1QgYWNjb3VudF9iYWxhbmNlIEZST00gdXNlcl9kYXRhIFdIRVJFIHVzZXJfbmFtZSA9ID8iOwp0cnkgewogCU9sZURiQ29tbWFuZCBjb21tYW5kID0gbmV3IE9sZURiQ29tbWFuZChxdWVyeSwgY29ubmVjdGlvbik7CiAJY29tbWFuZC5QYXJhbWV0ZXJzLkFkZChuZXcgT2xlRGJQYXJhbWV0ZXIoImN1c3RvbWVyTmFtZSIsIEN1c3RvbWVyTmFtZSBOYW1lLlRleHQpKTsKIAlPbGVEYkRhdGFSZWFkZXIgcmVhZGVyID0gY29tbWFuZC5FeGVjdXRlUmVhZGVyKCk7IAkKIH0gY2F0Y2ggKE9sZURiRXhjZXB0aW9uIHNlKSB7CiAJLy8gZXJyb3IgaGFuZGxpbmcKIH0g + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>For inputs receiving data that is subsequently added to - or used - in an SQL query:</p><ol><li>Ensure SQL meta-characters are identified and properly escaped or encoded.</li><li>Data should be used in the form of parameterized SQL queries, rather than dynamically generated queries.</li></ol><p>To test data validation:</p><ol><li>Review the code processing potentially tainted user input to SQL queries and confirm the data is executed only in pre-prepared parameterized SQL queries.</li><li>Review the acceptable input criteria, and build test cases that deviate from it (invalid characters, lengths, ranges etc.)</li><li>Pass invalid input to the application and review error trapping and handling.</li><li>Where unexpected exceptions occur, the application may be vulnerable to attack.</li></ol> + + + + + + + + + + + + + + + + + + + + + <p>A data breach is a security violation in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Sensitive data could be exposed due to a bad configuration in user permissions.</p> + + + + + + + + + + + + + + + + + + + + + + + Buffer Overflow attacks target improper or missing bounds checking on buffer + operations, typically triggered by input injected by an attacker. As a consequence, an + attacker is able to write past the boundaries of allocated buffer regions in memory, + causing a program crash or potentially redirection of execution as per the attackers' + choice. + + + + + + + + + + + + + + + + + + + + + + + + <p>In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions.&nbsp;</p> +<p>The key factor in this attack is the attackers' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. While the defender cannot control the resources available to an attacker, they can control the size of the secret space.&nbsp;</p> +<p>Creating a large secret space involves selecting one's secret from as large a field of equally likely alternative secrets as possible and ensuring that an attacker is unable to reduce the size of this field using available clues or cryptanalysis. Doing this is more difficult than it sounds since eliminating patterns (which, in turn, would provide an attacker clues that would help them reduce the space of potential secrets) is difficult to do using deterministic machines, such as computers.&nbsp;</p> +<p>Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information. For example, a secret space that will likely take hundreds of years to explore is likely safe from raw-brute force attacks.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>A device has a vulnerability that is used by malicious actors to exploit the system.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers gain access to sensitive data using known vulnerabilities in the default configuration. These configurations are not secure enough for production environments.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Successful SQL Injection attacks could lead to full compromise of the database or to a partial compromise of only the data visible to the application.</p><p><br>&nbsp;</p><p>Typically, these types of attacks result in unauthorized disclosure of sensitive data, but can also be used to inject spurious data into the database or to drop tables and deny services to legitimate users.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + The software does not encrypt sensitive or critical information + before storage or transmission. + + + + + + + + + + + + + A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make a decision about granting access to restricted resources or functionality. + + + + + + + + + + + + + + When using password or key material within an application, these are copied in memory and can be copied back to the disk depending on several factors. + +If the application handles passwords or key material, an attacker with access to the system could inspect the memory or the hard disk to retrieve back those secrets on its original form. + + + + + + + + + + + + + + <p>The version of the firmware installed on a hardware device is not the latest version available.</p> + + + + + + + + + + + + Weaknesses in this category affect memory + resources. + + + + + + + + + + + + + + + <div> + <div> + Data stored on the server or the client must be protected by encryption (data + <i>at rest</i>). + </div> + <div> + <ul> + <li>Cryptographically strong symmetric or asymmetric (public-key) encryption&nbsp;should + be used to protect the data.</li> + <li>Encryption should be performed before the data is written to disk or other persistent + storage.</li> + <li>The key for encrypting and decrypting the data should <i>not</i> be + accessible from the same host.&nbsp;</li> + <li>The encryption and decryption operation should be performed on a different host.</li> + <li>A recognized, proven, and tested implementation/library should be used (in preference + to a bespoke implementation).</li> + </ul> + </div> + </div> + <div> + </div> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <ol><li>Check the functions of the application which are storing sensitive data.</li><li>For each of the functions check they are using an external service to encrypt the data.</li><li>Check that neither the sensitive data nor the keys used to encrypt the data are stored on the host after the encryption process completes.</li></ol> + + + + + + + + + + + + + + + + + <p>Custom chipsets continue to anchor a great deal of the hardware within corporate data centers or in high-end desktops. Because these purpose-built chips are tailored for niche purposes, manufacturer security reviews are not nearly as intense as those conducted for chips that are to be installed in much larger groups of devices. Over time, hackers find vulnerabilities in these chips, causing the manufacturer to scramble to find a patch.</p><p>When possible avoid using custom chipsets.</p> + + + + + + + + + + + + + + + + + + + + + + + + + <p>In many cases IoT, IIoT and smart building hardware can be accessed locally though a managed Ethernet or serial interface. If these connections aren't locked down -- from both a configuration and physical sense -- a bad actor may be able to compromise a company's infrastructure by tampering with these devices while visiting the office, warehouse or manufacturing plant.</p><p>Ensure that the local connections to these devices are protected enough to avoid physical attacks.</p> + + + + + + + + + + + + + + + + + + + + + + + + + <div> + Security is often compromised through default or predictable account credentials, such as + 'admin/admin'. Best-practice dictates that accounts are only enabled when required, do not have + common account names, and force users to choose unique strong passwords rather than using vendor + defaults. + </div> + <div> + <ul> + <li>Ensure all default application and software accounts are disabled or removed if not + required</li> + <li>Strong passwords should be set on accounts that are required, default credentials must + be changed.</li> + <li>Build application accounts from a least-privilege perspective.&nbsp;</li> + <ul> + <li>Accounts should only be enabled if required.&nbsp;</li> + <li>Users should have individual accounts rather than role-based ones (e.g. dave-admin, + sue-admin rather than a shared 'admin' user)</li> + </ul> + </ul> + </div> + <div> + <br /> + </div> + + + + + + + + + + + + + + + + + + + <ol> + <li>Identify all the authentication points for this component.&nbsp;</li> + <li>Check that authentication with default credentials is not possible.</li> + </ol> + + + + + + + + + + + + + + + + + + <p>There's a set of steps to follow in order to update the firmware of a device:</p><ul><li>Know the model of your device and what firmware it uses</li><li>Check if there is a firmware update available for your device</li><li>Prepare your device for the firmware update<ul><li>Read the <strong>Readme</strong> file that is distributed with the new firmware update</li><li>Always use a <strong>reliable power supply</strong> for your device during the firmware update process</li><li>If you use a computer to update a device's firmware, make sure that the computer has <strong>no third-party antivirus</strong> running on it</li><li>If you're going to update the firmware on a device using a USB memory stick or any other kind of external memory, make sure that you use a memory stick of good quality</li></ul></li><li>Backup the current firmware from your device</li></ul><p>&nbsp;</p> + + + + + + + + + + + + + + + + + + + + <p>Verify that the latest version of the firmware has been successfully installed by checking that the installed version is the same as the latest version.</p> + + + + + + + + + + + + + + + + + + + + + <p>A data breach is a security violation in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Sensitive data could be exposed due to a bad configuration in user permissions.</p> + + + + + + + + + + + + + + + + + + + + + + + Buffer Overflow attacks target improper or missing bounds checking on buffer + operations, typically triggered by input injected by an attacker. As a consequence, an + attacker is able to write past the boundaries of allocated buffer regions in memory, + causing a program crash or potentially redirection of execution as per the attackers' + choice. + + + + + + + + + + + + + + + + + + + + + + + + <p>In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions.&nbsp;</p> +<p>The key factor in this attack is the attackers' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. While the defender cannot control the resources available to an attacker, they can control the size of the secret space.&nbsp;</p> +<p>Creating a large secret space involves selecting one's secret from as large a field of equally likely alternative secrets as possible and ensuring that an attacker is unable to reduce the size of this field using available clues or cryptanalysis. Doing this is more difficult than it sounds since eliminating patterns (which, in turn, would provide an attacker clues that would help them reduce the space of potential secrets) is difficult to do using deterministic machines, such as computers.&nbsp;</p> +<p>Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information. For example, a secret space that will likely take hundreds of years to explore is likely safe from raw-brute force attacks.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>A device has a vulnerability that is used by malicious actors to exploit the system.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers gain access to sensitive data using known vulnerabilities in the default configuration. These configurations are not secure enough for production environments.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + The application contains debugging code that can expose sensitive information to untrusted parties. + + + + + + + + + + + + + + + + + <p>All the production test and calibration software used during manufacture is erased, removed or secured before the product is dispatched from the factory.</p> +<p><b><font size="4">Rationale:<br /></font></b> The product should have all of the production test and calibration software used during manufacture erased, removed or secured before the product is dispatched from the factory. This is to prevent alteration of the product post manufacture when using authorized production software, for example, hacking of the RF characteristics for greater RF <span class="caps">ERP</span>. Where such functionality is required in a service center, it should be erased or removed upon completion of any servicing activities.</p> +<p><b><font size="4">Remediation:<br /></font></b> Erase, remove or secure all the production test and calibration software used during manufacture, before the product is dispatched from the factory.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Every point of network interaction or other service is a potential part of the attack surface having exploitable vulnerabilities.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Errors and error handling represent a class of API. Errors related to error handling are so + common that they deserve a special kingdom of their own. As with "API Abuse", there + are two ways to introduce an error-related security vulnerability: the most common one is handling errors poorly (or not at all). The second is producing errors that either give out too much information (to possible attackers) or are difficult to handle + + + + + + + + + + + + + + + The program copies an input buffer to an output buffer without verifying that the size of the + input buffer is less than the size of the output buffer, leading to a buffer overflow. + <br />A buffer overflow condition exists when a program attempts to put more data in a + buffer than it can hold, or when a program attempts to put data in a memory area outside of the + boundaries of a buffer. The simplest type of error, and the most common cause of buffer + overflows, is the &quot;classic&quot; case in which the program copies the buffer + without restricting how much is copied. Other variants exist, but the existence of a classic + overflow strongly suggests that the programmer is not considering even the most basic of + security protections. + <br /> + + + + + + + + + + + + + + + + The product downloads source code or an executable from a remote location and executes the + code without sufficiently verifying the origin and integrity of the code. + + + + + + + + + + + + + + + The software performs an operation at a privilege level that is higher than the minimum level + required, which creates new weaknesses or amplifies the consequences of other weaknesses. + + New weaknesses can be exposed because running with extra privileges, such as root or + Administrator, can disable the normal security checks being performed by the operating system or + surrounding environment. Other pre-existing weaknesses can turn into security vulnerabilities if + they occur while operating at raised privileges. Privilege management functions can behave in + some less-than-obvious ways, and they have different quirks on different platforms. These + inconsistencies are particularly pronounced if you are transitioning from one non-root user to + another. Signal handlers and spawned processes run at the privilege of the owning process, so if + a process is running as root when a signal fires or a sub-process is executed, the signal + handler or sub-process will operate with root privileges. + + + + + + + + + + + + + + + The software provides an Applications Programming Interface (API) or similar interface for + interaction with external actors, but the interface includes a dangerous method or function that + is not properly restricted. + + + + + + + + + + + + + + + The software does not neutralize or incorrectly neutralizes user-controllable input before it + is placed in output that is used as a web page that is served to other users. Cross-site + scripting (XSS) vulnerabilities occur when: + <ol> + <li>Untrusted data enters a web application, typically from a web request.</li> + <li>The web application dynamically generates a web page that contains this untrusted + data.</li> + <li>During page generation, the application does not prevent the data from containing + content that is executable by a web browser, such as JavaScript, HTML tags, HTML attributes, + mouse events, Flash, ActiveX, etc.</li> + <li>A victim visits the generated web page through a web browser, which contains malicious + script that was injected using the untrusted data.</li> + <li>Since the script comes from a web page that was sent by the web server, the victim's + web browser executes the malicious script in the context of the web server's domain.</li> + <li>This effectively violates the intention of the web browser's same-origin policy, which + states that scripts in one domain should not be able to access resources or run code in a + different domain.</li> + </ol>There are three main kinds of XSS: + <ul> + <li><b>Type 1: Reflected XSS (or Non-Persistent)</b></li> + </ul> + <blockquote> + The server reads data directly from the HTTP request and reflects it back in the HTTP response. + Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a + vulnerable web application, which is then reflected back to the victim and executed by the web + browser. The most common mechanism for delivering malicious content is to include it as a + parameter in a URL that is posted publicly or e-mailed directly to the victim. URLs constructed + in this manner constitute the core of many phishing schemes, whereby an attacker convinces a + victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker's + content back to the victim, the content is executed by the victim's browser. + </blockquote> + <ul> + <li><b>Type 2: Stored XSS (or Persistent)</b></li> + </ul> + <blockquote> + The application stores dangerous data in a database, message forum, visitor log, or other + trusted data store. At a later time, the dangerous data is subsequently read back into the + application and included in dynamic content. From an attacker's perspective, the optimal place + to inject malicious content is in an area that is displayed to either many users or particularly + interesting users. Interesting users typically have elevated privileges in the application or + interact with sensitive data that is valuable to the attacker. If one of these users executes + malicious content, the attacker may be able to perform privileged operations on behalf of the + user or gain access to sensitive data belonging to the user. For example, the attacker might + inject XSS into a log message, which might not be handled properly when an administrator views + the logs. + </blockquote> + <ul> + <li><b>Type 0: DOM-Based XSS</b></li> + </ul> + <blockquote> + In DOM-based XSS, the client performs the injection of XSS into the page; in the other types, + the server performs the injection. DOM-based XSS generally involves server-controlled, trusted + script that is sent to the client, such as Javascript that performs sanity checks on a form + before the user submits it. If the server-supplied script processes user-supplied data and then + injects it back into the web page (such as with dynamic HTML), then DOM-based XSS is + possible.Once the malicious script is injected, the attacker can perform a variety of malicious + activities. The attacker could transfer private information, such as cookies that may include + session information, from the victim's machine to the attacker. The attacker could send + malicious requests to a web site on behalf of the victim, which could be especially dangerous to + the site if the victim has administrator privileges to manage that site. Phishing attacks could + be used to emulate trusted web sites and trick the victim into entering a password, allowing the + attacker to compromise the victim's account on that web site. Finally, the script could exploit + a vulnerability in the web browser itself possibly taking over the victim's machine, sometimes + referred to as &quot;drive-by hacking&quot;. + </blockquote> + <blockquote> + <br /> + </blockquote>In many cases, the attack can be launched without the victim even being aware + of it. Even with careful users, attackers frequently use a variety of methods to encode the + malicious portion of the attack, such as URL encoding or Unicode, so the request looks less + suspicious. + + + + + + + + + + + + + + + The software does not neutralize or incorrectly neutralizes "javascript:" or other URIs from + dangerous attributes within tags, such as onmouseover, onload, onerror, or style. + + + + + + + + + + + + + + + The inappropriate use of emulation tools are not detected by the app, and attackers can + leverage them to obtain information about the app. + + + + + + + + + + + + + The inappropriate use of the reverse engineering tools is not detected by the app, and + attackers can leverage them to obtain information about the app. + + + + + + + + + + + + + The software specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. + +When a resource is given a permission setting that provides access to a wider range of actors than required, it can lead to the exposure of sensitive information or to the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution or sensitive user data. + + + + + + + + + + + + + + The application contains debugging code that can expose sensitive information to untrusted parties. + + + + + + + + + + + + + + + Developmental security testing/evaluation is not enforced during post-design phases of the system development life cycle. Such testing/evaluation is necessary because it confirms that the required security controls are implemented correctly, operating as intended, enforcing the desired security policy, and meeting established security requirements. + + + + + + + + + + + + + + The application can be deployed with active debugging code that can create unintended entry + points. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + The software uses a protection mechanism whose strength depends heavily on its obscurity, such + that knowledge of its algorithms or key data is sufficient to defeat the mechanism. + + + + + + + + + + + + + + + + + For Android:&nbsp; +<div> + <ul> + <li>We shall activate the Obfuscation of the code and strip unneeded debugging information.&nbsp;</li> + </ul>For iOS:&nbsp; +</div> +<div> + <ul> + <li>We shall activate:&nbsp;</li> + <ul> + <li>ARC (Automatic Reference Counting): memory management feature, adds retain and release messages when required.&nbsp;</li> + <li>Stack Canary: helps prevent buffer overflow attacks.&nbsp;</li> + <li>PIE (Position Independent Executable): enables full ASLR for binary.</li> + </ul> + </ul> +</div> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Configure the WebViews to allow only the minimum set of protocol handlers required (ideally, only https). Potentially dangerous handlers, such as file, tel and app-id, are disabled. + + + + + + + + + + + + + Check that the set of protocol handlers are deactivated. + + + + + + + + + + + + + + + + + + <div> + A second factor of authentication exists at the remote endpoint and the 2FA requirement is consistently enforced. +</div> + + + + + + + + + + + + + + + + + + + + + + + <span style="white-space: pre;">As a defense in depth, next to having solid hardening of the communicating parties, application level payload encryption can be applied to further impede eavesdropping.</span> + + + + + + + + + + + + + + + + + + + + + + + <span style="white-space: pre;">Verify that the app prevents usage of custom third-party keyboards whenever sensitive data is entered.</span> + + + + + + + + + + + + + + + + + + + + + + + Implement a well-designed and unified scheme to handle exceptions. Make sure the application has centralized handlers for exceptions that result in similar behavior. This can be a static class for instance. For specific exceptions given the methods context, specific catch blocks should be provided. + + + + + + + + + + + + + + + + Check that the exceptions are well-designed and are catched and handled well. + + + + + + + + + + + + + + + + + + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">iOS applications often make use of third party libraries. These third party libraries accelerate development as the developer has to write less code in order to solve a problem. There are two categories of libraries:</span></p> +<ul> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>Libraries that are not (or should not) be packed within the actual production application, such as </span><span><code>OHHTTPStubs</code></span><span> used for testing.</span></span></span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>Libraries that are packed within the actual production application, such as </span><span><code>Alamofire</code></span><span>.</span></span></span></p> + </div></li> +</ul> +<p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">These libraries can lead to unwanted side-effects:</span></p> +<ul> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>A library can contain a vulnerability, which will make the application vulnerable. A good example is </span><span><code>AFNetworking</code></span><span> version 2.5.1, which contained a bug that disabled certificate validation. This vulnerability would allow attackers to execute man-in-the-middle attacks against apps that are using the library to connect to their APIs.</span></span></span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">A library can no longer be maintained or hardly be used, which is why no vulnerabilities are reported and/or fixed. This can lead to having bad and/or vulnerable code in your application through the library.</span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">A library can use a license, such as LGPL2.1, which requires the application author to provide access to the source code for those who use the application and request insight in its sources. In fact the application should then be allowed to be redistributed with modifications to its source code. This can endanger the intellectual property (IP) of the application.</span></p> + </div></li> +</ul> +<p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"></span></p> +<p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">Note: there are two widely used package management tools: Carthage and CocoaPods. Please note that this issue can hold on multiple levels: When you use webviews with JavaScript running in the webview, the JavaScript libraries can have these issues as well. The same holds for plugins/libraries for Cordova, React-native and Xamarin apps.</span></p> +<p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><br></span></p> +<p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">iOS applications often make use of third party libraries. These third party libraries accelerate development as the developer has to write less code in order to solve a problem. There are two categories of libraries:</span></p> +<ul> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>Libraries that are not (or should not) be packed within the actual production application, such as </span><span><code>OHHTTPStubs</code></span><span> used for testing.</span></span></span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>Libraries that are packed within the actual production application, such as </span><span><code>Alamofire</code></span><span>.</span></span></span></p> + </div></li> +</ul> +<p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">These libraries can lead to unwanted side-effects:</span></p> +<ul> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>A library can contain a vulnerability, which will make the application vulnerable. A good example is </span><span><code>AFNetworking</code></span><span> version 2.5.1, which contained a bug that disabled certificate validation. This vulnerability would allow attackers to execute man-in-the-middle attacks against apps that are using the library to connect to their APIs.</span></span></span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">A library can no longer be maintained or hardly be used, which is why no vulnerabilities are reported and/or fixed. This can lead to having bad and/or vulnerable code in your application through the library.</span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">A library can use a license, such as LGPL2.1, which requires the application author to provide access to the source code for those who use the application and request insight in its sources. In fact the application should then be allowed to be redistributed with modifications to its source code. This can endanger the intellectual property (IP) of the application.</span></p> + </div></li> +</ul> +<p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">Note: there are two widely used package management tools: Carthage and CocoaPods. Please note that this issue can hold on multiple levels: When you use webviews with JavaScript running in the webview, the JavaScript libraries can have these issues as well. The same holds for plugins/libraries for Cordova, React-native and Xamarin apps.</span></p> + + + + + + + + + + <span>The dynamic analysis of this section comprises validating whether the copyrights of the licenses have been adhered to. This often means that the application should have an </span> +<span><code>about</code></span> +<span> or </span> +<span><code>EULA</code></span> +<span> section in which the copy-right statements are noted as required by the license of the third party library.</span> + + + + + + + + + + + + + + + + + The app's local storage should be wiped after an excessive number of failed authentication attempts. + + + + + + Check that local storage is cleaned after failed attempts to authenticate + + + + + + + + + + + + + + + + + <span style="white-space: pre;">A WebView's cache, storage, and loaded resources (JavaScript, etc.) should be cleared before the WebView is destroyed.</span> + + + + + + + + + + + + + + + + + + + + + + + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>Starting from Android 5.0 (API level 21), together with the Play Core Library, apps can be forced to be updated. This mechanism is based on using the </span><span><code>AppUpdateManager</code></span><span>. Before that, other mechanisms were used, such as doing http calls to the Google Play Store, which are not as reliable as the APIs of the Play Store might change. Alternatively, Firebase could be used to check for possible forced updates as well (see this </span></span><a href="https://medium.com/@sembozdemir/force-your-users-to-update-your-app-with-using-firebase-33f1e0bcec5a" target="_blank"><span><span>blog</span></span></a><span><span>). Enforced updating can be really helpful when it comes to public key pinning (see the Testing Network communication for more details) when a pin has to be refreshed due to a certificate/public key rotation. Next, vulnerabilities are easily patched by means of forced updates.</span></span></span></p> +<p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>For iOS, enforced updating can be really helpful when it comes to public key pinning (see the Testing Network communication for more details) when a pin has to be refreshed due to a certificate/public key rotation. Next, vulnerabilities are easily patched by means of forced updates. The challenge with iOS however, is that Apple does not provide any APIs yet to automate this process, instead, developers will have to create their own mechanism, such as described at various </span></span><a href="https://mobikul.com/show-update-application-latest-version-functionality-ios-app-swift-3/" target="_blank"><span><span>blogs</span></span></a><span><span> which boil down to looking up properties of the app using </span><span><code>http://itunes.apple.com/lookup\?id\&lt;BundleId&gt;</code></span><span> or third party libraries, such as </span></span><a href="https://github.com/ArtSabintsev/Siren" target="_blank"><span><span>Siren</span></span></a><span><span> and </span></span><a href="https://www.npmjs.com/package/react-native-appstore-version-checker" target="_blank"><span><span>react-native-appstore-version-checker</span></span></a><span><span>. Most of these implementations will require a certain given version offered by an API or just "latest in the appstore", which means users can be frustrated with having to update the app, even though no business/security need for an update is truly there.</span></span></span></p> +<p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">Please note that newer versions of an application will not fix security issues that are living in the backends to which the app communicates. Allowing an app not to communicate with it might not be enough. Having proper API-lifecycle management is key here. Similarly, when a user is not forced to update, do not forget to test older versions of your app against your API and/or use proper API versioning.</span></p> +<p><br></p> + + + + + + + + + + + <span style="white-space: pre;">In order to test for proper updating: try downloading an older version of the application with a security vulnerability, either by a release from the developers or by using a third party app-store. Next, verify whether or not you can continue to use the application without updating it. If an update prompt is given, verify if you can still use the application by canceling the prompt or otherwise circumventing it through normal application usage. This includes validating whether the backend will stop calls to vulnerable backends and/or whether the vulnerable app-version itself is blocked by the backend. Lastly, see if you can play with the version number of a man-in-the-middled app and see how the backend responds to this (and if it is recorded at all for instance).</span> + + + + + + + + + + + + + + + + + <span style="white-space: pre;">Authorization models should be defined and enforced at the remote endpoint.</span> + + + + + + + + + + + + + + + + + + + + + + + <span style="white-space: pre;">Password strength is a key concern when passwords are used for authentication. The password policy defines requirements to which end users should adhere. A password policy typically specifies password length, password complexity, and password topologies. A "strong" password policy makes manual or automated password cracking difficult or impossible.</span> + + + + + + + + + <span>Automated password guessing attacks can be performed using a number of tools. For HTTP(S) services, using an interception proxy is a viable option. For example, you can use </span> +<a href="https://portswigger.net/burp/help/intruder_using.html" target="_blank"><span>Burp Suite Intruder</span></a> +<span> to perform both wordlist-based and brute-force attacks.</span> +<div> + <span><br></span> +</div> +<div> + <span><p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>Execute the following steps for a wordlist based brute force attack with Burp Intruder:</span></span></span></p> + <ul> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>Start Burp Suite Professional.</span></span></span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>Create a new project (or open an existing one).</span></span></span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>Set up your mobile device to use Burp as the HTTP/HTTPS proxy. Log into the mobile app and intercept the authentication request sent to the backend service.</span></span></span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>Right-click this request on the </span><span><strong>Proxy/HTTP History</strong></span><span> tab and select </span><span><strong>Send to Intruder</strong></span><span> in the context menu.</span></span></span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>Select the </span><span><strong>Intruder</strong></span><span> tab. For further information on how to use </span></span><a href="https://portswigger.net/burp/documentation/desktop/tools/intruder/using" target="_blank"><span><span>Burp Intruder</span></span></a><span><span> read the official documentation on Portswigger.</span></span></span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>Make sure all parameters in the </span><span><strong>Target</strong></span><span>, </span><span><strong>Positions</strong></span><span>, and </span><span><strong>Options</strong></span><span> tabs are appropriately set and select the </span><span><strong>Payload</strong></span><span> tab.</span></span></span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>Load or paste the list of passwords you want to try. There are several resources available that offer password lists, like </span></span><a href="https://github.com/fuzzdb-project/fuzzdb/" target="_blank"><span><span>FuzzDB</span></span></a><span><span>, the built-in lists in Burp Intruder or the files available in </span><span><code>/usr/share/wordlists</code></span><span> on Kali Linux.</span></span></span></p> + </div></li> + </ul><p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>Once everything is configured and you have a word-list selected, you're ready to start the attack!</span></span></span></p></span> +</div> + + + + + + + + + + + + + + + + + Different checks on the Android device can be implemented by querying different system preferences from Settings.Secure. The Device Administration API offers different mechanisms to create security aware applications, that are able to enforce password policies or encryption of the device. + + + + + + + + + + + Check that the app verifies the mobile device complies with the minimum + device-access-security policy. + + + + + + + + + + + + + + + + + + Deny the access by default to prevent the app crashing because of uncaught exception and to avoid unauthorized access. + + + + + + + + + + + + + + + + + Check that the application denies access to the session when the exceptions appear. + + + + + + + + + + + + + + + + + + JavaScript is disabled by default in a WebView and if not needed shouldn't be enabled. This reduces the attack surface and potential threats to the app. + + + + + + + + + + + + + For Android:&nbsp; + <div> + <ul> + <li>Search in the code the following instruction: + webview.getSettings().setJavaScriptEnabled(true);</li> + <li>Check that this instruction doesn't exist in the code.&nbsp;</li> + </ul>For iOS:&nbsp; + </div> + <div> + <ul> + <li>Check that the JavaScript is disabled and configured as following:&nbsp;</li> + </ul> + </div> + <blockquote> + <div> + #import &quot;ViewController.h&quot;&nbsp; + </div> + <div> + #import @interface ViewController () @property(strong,nonatomic) WKWebView *webView; + </div> + <div> + @end @implementation ViewController - (void)viewDidLoad { NSURL *url = [NSURL + URLWithString:@&quot;http://www.example.com/&quot;];&nbsp; + </div> + <div> + NSURLRequest *request = [NSURLRequest requestWithURL:url];&nbsp; + </div> + <div> + WKPreferences *pref = [[WKPreferences alloc] init]; //Disable javascript execution: [pref + setJavaScriptEnabled:NO];&nbsp; + </div> + <div> + [pref setJavaScriptCanOpenWindowsAutomatically:NO];&nbsp; + </div> + <div> + WKWebViewConfiguration *conf = [[WKWebViewConfiguration alloc] init];&nbsp; + </div> + <div> + [conf setPreferences:pref]; _webView = [[WKWebView + alloc]initWithFrame:CGRectMake(self.view.frame.origin.x,85, self.view.frame.size.width, + self.view.frame.size.height-85) configuration:conf] ;&nbsp; + </div> + <div> + [_webView loadRequest:request];&nbsp; + </div> + <div> + [self.view addSubview:_webView]; } + </div> + </blockquote> + + + + + + + + + + + + + + + + + + A general best practice is overwriting different functions in the input field to disable the clipboard specifically for it. Also longclickable should be deactivated for the input field. + + + + + + + + + + + + + + + + + + + + + Check the clipboard is disabled when sensitive data is used. + + + + + + + + + + + + + + + + + + UIWebView is deprecated and should not be used. Make sure that either WKWebView or SafariViewController are used to embed web content:&nbsp; +<div> + <ul> + <li>WKWebView is the appropriate choice for extending app functionality, controlling displayed content (i.e., prevent the user from navigating to arbitrary URLs) and customizing. SafariViewController should be used to provide a generalized web viewing experience. Note that SafariViewController shares cookies and other website data with Safari.&nbsp;</li> + <li>WKWebView comes with several security advantages over UIWebView:&nbsp;</li> + <ul> + <li>The JavaScriptEnabled property can be used to completely disable JavaScript in the WKWebView. This prevents all script injection flaws.&nbsp;</li> + <li>The JavaScriptCanOpenWindowsAutomatically can be used to prevent JavaScript from opening new windows, such as pop-ups.&nbsp;</li> + <li>The hasOnlySecureContent property can be used to verify resources loaded by the WebView are retrieved through encrypted connections.&nbsp;</li> + <li>WKWebView implements out-of-process rendering, so memory corruption bugs won't affect the main app process.</li> + </ul> + </ul> +</div> + + + + + + + + + + + + + Check that UIWebView is not used to embed web content. + + + + + + + + + + + + + + + + + + Do not use the SSAID for device binding because the behavior of the SSAID has changed since + Android O and the behavior of MAC addresses have changed in Android N. + + Google has set a new set of recommendations in their SDK documentation regarding identifiers as + well. Because of this new behavior, we recommend developers not rely on the SSAID alone, as the + identifier has become less stable. For instance: The SSAID might change upon a factory reset or + when the app is reinstalled after the upgrade to Android O. Please note that there are a number + of devices which have the same ANDROID_ID and/or have an ANDROID_ID that can be overridden. + Also, the Build.Serial was often used but now apps targeting Android O will get "UNKNOWN" when + they request the Build.Serial. + + + + + + + <ul> + <li>Dynamic Analysis using an Emulator.</li> + <li>Run the application on an Emulator.</li> + <li>Make sure you can raise the trust in the instance of the application (e.g. + authenticate).</li> + <li>Retrieve the data from the Emulator. This has a few steps:&nbsp;</li> + </ul> + <ol> + <ol> + <li>ssh to your emulator using ADB shell&nbsp;</li> + <li>run-as&nbsp;</li> + <li>chmod 777 the contents of cache and shared-preferences&nbsp;</li> + <li>exit the current user</li> + <li>copy the contents of /dat/data//cache &amp; shared-preferences to the sdcard&nbsp;</li> + <li>use ADB or the DDMS to pull the contents&nbsp;</li> + <li>Install the application on another Emulator&nbsp;</li> + <li>&nbsp;Overwrite the data from step 3 in the data folder of the application.&nbsp;</li> + <li>copy the contents of step 3 to the sdcard of the second emulator.&nbsp;</li> + <li>ssh to your emulator using ADB shell&nbsp;</li> + <li>run-as&nbsp;</li> + <li>chmod 777 the folders cache and shared-preferences&nbsp;</li> + <li>copy the older contents of the sdcard to /dat/data//cache &amp; + shared-preferences&nbsp;</li> + <li>Can you continue in an authenticated state? If so, then binding might not be + working properly.</li> + </ol> + </ol> + + + + + + + + + + + + + + + + + + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">There are many legitimate reasons for creating log files on a mobile device, including keeping track of crashes or errors that are stored locally while the device is offline (so that they can be sent to the app's developer once online), and storing usage statistics. However, logging sensitive data, such as credit card numbers and session information, may expose the data to attackers or malicious applications. Log files can be created in several ways.&nbsp;</span></p> +<p>The following list includes two classes that are available for Android:</p> +<p></p> +<ul> + <li>Log Class</li> + <li>Logger Class</li> +</ul> +<p></p> +<p>Use a centralized logging class and mechanism and remove logging statements from the production release because other applications may be able to read them.</p> +<p>The following list shows the methods available on iOS:</p> +<p></p> +<ul> + <li>NSLog Method</li> + <li>printf-like function</li> + <li>NSAssert-like function</li> + <li>Macro</li> +</ul> +<div> + <br> +</div> +<p></p> + + + + + + + + + <ul> + <li>Review app logs in search of sensitive data</li> +</ul> + + + + + + + + + + + + + + + + + Ensure that all executable files and libraries belonging to the app are encrypted on the file level and/or important code and data segments inside the executables are encrypted or packed. + + + + + + + + + + + + Check that all executable files and libraries belonging to the app are encrypted or + packed. + + + + + + + + + + + + + + + + + + If sensitive data is still required to be stored locally, it should be encrypted using a key derived from hardware backed storage which requires authentication + + + + + + Check that sensitive data is not stored in plain text. + + + + + + + + + + + + + + + + + No sensitive data should be stored locally on the mobile device. Instead, data should be retrieved from a remote endpoint when needed and only be kept in memory. + + + + + + Check if any sensitive data is stored on the device and analyze if it is necessary. + + + + + + + + + + + + + + + + + <p>Inter Process Communication (IPC) allows processes to send each other messages and data. For processes that need to communicate with each other, there are different ways to implement IPC on iOS:</p><ul><li>XPC Services: XPC is a structured, asynchronous library that provides basic interprocess communication. It is managed by launchd. It is the most secure and flexible implementation of IPC on iOS and should be the preferred method. It runs in the most restricted environment possible: sandboxed with no root privilege escalation and minimal file system access and network access. Two different APIs are used with XPC Services:<ul><li>NSXPCConnection API</li><li>XPC Services API</li></ul></li><li>Mach Ports: All IPC communication ultimately relies on the Mach Kernel API. Mach Ports allow local communication (intra-device communication) only. They can be implemented either natively or via Core Foundation (CFMachPort) and Foundation (NSMachPort) wrappers.</li><li>NSFileCoordinator: The class NSFileCoordinator can be used to manage and send data to and from apps via files that are available on the local file system to various processes. NSFileCoordinator methods run synchronously, so your code will be blocked until they stop executing. That's convenient because you don't have to wait for an asynchronous block callback, but it also means that the methods block the running thread.</li></ul><p>No sensitive data should be exposed via IPC mechanisms.</p> + + + + + + + + + + + + + + <p><strong>For Android:</strong></p><p><strong>Static Analysis</strong></p><p>The first step is to look at AndroidManifest.xml to detect content providers exposed by the app. You can identify content providers by the &lt;provider&gt; element. Complete the following steps:</p><ul><li>Determine whether the value of the export tag (android:exported) is "true". Even if it is not, the tag will be set to "true" automatically if an &lt;intent-filter&gt; has been defined for the tag. If the content is meant to be accessed only by the app itself, set android:exported to "false". If not, set the flag to "true" and define proper read/write permissions.</li><li>Determine whether the data is being protected by a permission tag (android:permission). Permission tags limit exposure to other apps.</li><li>Determine whether the android:protectionLevel attribute has the value signature. This setting indicates that the data is intended to be accessed only by apps from the same enterprise (i.e., signed with the same key). To make the data accessible to other apps, apply a security policy with the &lt;permission&gt; element and set a proper android:protectionLevel. If you use android:permission, other applications must declare corresponding &lt;uses-permission&gt; elements in their manifests to interact with your content provider. You can use the android:grantUriPermissions attribute to grant more specific access to other apps; you can limit access with the &lt;grant-uri-permission&gt; element.</li></ul><p>Inspect the source code to understand how the content provider is meant to be used. Search for the following keywords:</p><ul><li>android.content.ContentProvider</li><li>android.database.Cursor</li><li>android.database.sqlite</li><li>.query</li><li>.update</li><li>.delete</li></ul><blockquote><p>To avoid SQL injection attacks within the app, use parameterized query methods, such as query, update, and delete. Be sure to properly sanitize all method arguments; for example, the selection argument could lead to SQL injection if it is made up of concatenated user input.</p></blockquote><p>If you expose a content provider, determine whether parameterized <a href="https://developer.android.com/reference/android/content/ContentProvider.html#query%28android.net.Uri%2C%20java.lang.String%5B%5D%2C%20java.lang.String%2C%20java.lang.String%5B%5D%2C%20java.lang.String%29">query methods</a> (query, update, and delete) are being used to prevent SQL injection. If so, make sure all their arguments are properly sanitized.</p><p>We will use the vulnerable password manager app <a href="https://github.com/mwrlabs/drozer/releases/download/2.3.4/sieve.apk">Sieve</a> as an example of a vulnerable content provider.</p><h4>Inspect the Android Manifest</h4><p>Identify all defined &lt;provider&gt; elements:</p><blockquote><p>&lt;provider</p><p>&nbsp; &nbsp; &nbsp;android:authorities="com.mwr.example.sieve.DBContentProvider"</p><p>&nbsp; &nbsp; &nbsp;android:exported="true"</p><p>&nbsp; &nbsp; &nbsp;android:multiprocess="true"</p><p>&nbsp; &nbsp; &nbsp;android:name=".DBContentProvider"&gt;</p><p>&nbsp; &nbsp;&lt;path-permission</p><p>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;android:path="/Keys"</p><p>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;android:readPermission="com.mwr.example.sieve.READ_KEYS"</p><p>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;android:writePermission="com.mwr.example.sieve.WRITE_KEYS"</p><p>&nbsp; &nbsp; /&gt;</p><p>&lt;/provider&gt;</p><p>&lt;provider</p><p>&nbsp; &nbsp; &nbsp;android:authorities="com.mwr.example.sieve.FileBackupProvider"</p><p>&nbsp; &nbsp; &nbsp;android:exported="true"</p><p>&nbsp; &nbsp; &nbsp;android:multiprocess="true"</p><p>&nbsp; &nbsp; &nbsp;android:name=".FileBackupProvider"</p><p>/&gt;</p></blockquote><p>As shown in the AndroidManifest.xml above, the application exports two content providers. Note that one path ("/Keys") is protected by read and write permissions.</p><h4>Inspect the source code</h4><p>Inspect the query function in the DBContentProvider.java file to determine whether any sensitive information is being leaked:</p><p>Example in Java:</p><blockquote><p>public Cursor query(final Uri uri, final String[] array, final String s, final String[] array2, final String s2) {</p><p>&nbsp; &nbsp;final int match = this.sUriMatcher.match(uri);</p><p>&nbsp; &nbsp;final SQLiteQueryBuilder sqLiteQueryBuilder = new SQLiteQueryBuilder();</p><p>&nbsp; &nbsp;if (match &gt;= 100 &amp;&amp; match &lt; 200) {</p><p>&nbsp; &nbsp; &nbsp; &nbsp;sqLiteQueryBuilder.setTables("Passwords");</p><p>&nbsp; &nbsp;}</p><p>&nbsp; &nbsp;else if (match &gt;= 200) {</p><p>&nbsp; &nbsp; &nbsp; &nbsp;sqLiteQueryBuilder.setTables("Key");</p><p>&nbsp; &nbsp;}</p><p>&nbsp; &nbsp;return sqLiteQueryBuilder.query(this.pwdb.getReadableDatabase(), array, s, array2, (String)null, (String)null, s2);</p><p>}</p></blockquote><p>Example in Kotlin:</p><blockquote><p>fun query(uri: Uri?, array: Array&lt;String?&gt;?, s: String?, array2: Array&lt;String?&gt;?, s2: String?): Cursor {</p><p>&nbsp; &nbsp; &nbsp; &nbsp;val match: Int = this.sUriMatcher.match(uri)</p><p>&nbsp; &nbsp; &nbsp; &nbsp;val sqLiteQueryBuilder = SQLiteQueryBuilder()</p><p>&nbsp; &nbsp; &nbsp; &nbsp;if (match &gt;= 100 &amp;&amp; match &lt; 200) {</p><p>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;sqLiteQueryBuilder.tables = "Passwords"</p><p>&nbsp; &nbsp; &nbsp; &nbsp;} else if (match &gt;= 200) {</p><p>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;sqLiteQueryBuilder.tables = "Key"</p><p>&nbsp; &nbsp; &nbsp; &nbsp;}</p><p>&nbsp; &nbsp; &nbsp; &nbsp;return sqLiteQueryBuilder.query(this.pwdb.getReadableDatabase(), array, s, array2, null as String?, null as String?, s2)</p><p>&nbsp; &nbsp;}</p></blockquote><p>Here we see that there are actually two paths, "/Keys" and "/Passwords", and the latter is not being protected in the manifest and is therefore vulnerable.</p><p>When accessing a URI, the query statement returns all passwords and the path Passwords/. We will address this in the "Dynamic Analysis" section and show the exact URI that is required.</p><p><strong>Dynamic Analysis</strong></p><h4>Testing Content Providers</h4><p>To dynamically analyze an application's content providers, first enumerate the attack surface: pass the app's package name to the Drozer module app.provider.info:</p><blockquote><p>dz&gt; run app.provider.info -a com.mwr.example.sieve</p><p>&nbsp;Package: com.mwr.example.sieve</p><p>&nbsp;Authority: com.mwr.example.sieve.DBContentProvider</p><p>&nbsp;Read Permission: null</p><p>&nbsp;Write Permission: null</p><p>&nbsp;Content Provider: com.mwr.example.sieve.DBContentProvider</p><p>&nbsp;Multiprocess Allowed: True</p><p>&nbsp;Grant Uri Permissions: False</p><p>&nbsp;Path Permissions:</p><p>&nbsp;Path: /Keys</p><p>&nbsp;Type: PATTERN_LITERAL</p><p>&nbsp;Read Permission: com.mwr.example.sieve.READ_KEYS</p><p>&nbsp;Write Permission: com.mwr.example.sieve.WRITE_KEYS</p><p>&nbsp;Authority: com.mwr.example.sieve.FileBackupProvider</p><p>&nbsp;Read Permission: null</p><p>&nbsp;Write Permission: null</p><p>&nbsp;Content Provider: com.mwr.example.sieve.FileBackupProvider</p><p>&nbsp;Multiprocess Allowed: True</p><p>&nbsp;Grant Uri Permissions: False</p></blockquote><p>In this example, two content providers are exported. Both can be accessed without permission, except for the /Keys path in the DBContentProvider. With this information, you can reconstruct part of the content URIs to access the DBContentProvider (the URIs begin with content://).</p><p>To identify content provider URIs within the application, use Drozer's scanner.provider.finduris module. This module guesses paths and determines accessible content URIs in several ways:</p><blockquote><p>dz&gt; run scanner.provider.finduris -a com.mwr.example.sieve</p><p>Scanning com.mwr.example.sieve...</p><p>Unable to Query content://com.mwr.example.sieve.DBContentProvider/</p><p>...</p><p>Unable to Query content://com.mwr.example.sieve.DBContentProvider/Keys</p><p>Accessible content URIs:</p><p>content://com.mwr.example.sieve.DBContentProvider/Keys/</p><p>content://com.mwr.example.sieve.DBContentProvider/Passwords</p><p>content://com.mwr.example.sieve.DBContentProvider/Passwords/</p></blockquote><p>Once you have a list of accessible content providers, try to extract data from each provider with the app.provider.query module:</p><blockquote><p>dz&gt; run app.provider.query content://com.mwr.example.sieve.DBContentProvider/Passwords/ --vertical</p><p>_id: 1</p><p>service: Email</p><p>username: incognitoguy50</p><p>password: PSFjqXIMVa5NJFudgDuuLVgJYFD+8w== (Base64 - encoded)</p><p>email: incognitoguy50@gmail.com</p></blockquote><p>You can also use Drozer to insert, update, and delete records from a vulnerable content provider:</p><p>Insert record</p><blockquote><p>dz&gt; run app.provider.insert content://com.vulnerable.im/messages</p><p>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;--string date 1331763850325</p><p>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;--string type 0</p><p>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;--integer _id 7</p></blockquote><p>Update record</p><blockquote><p>dz&gt; run app.provider.update content://settings/secure</p><p>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;--selection "name=?"</p><p>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;--selection-args assisted_gps_enabled</p><p>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;--integer value 0</p></blockquote><p>Delete record</p><blockquote><p>dz&gt; run app.provider.delete content://settings/secure</p><p>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;--selection "name=?"</p><p>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;--selection-args my_setting</p></blockquote><h4>SQL Injection in Content Providers</h4><p>The Android platform promotes SQLite databases for storing user data. Because these databases are based on SQL, they may be vulnerable to SQL injection. You can use the Drozer module app.provider.query to test for SQL injection by manipulating the projection and selection fields that are passed to the content provider:</p><blockquote><p>dz&gt; run app.provider.query content://com.mwr.example.sieve.DBContentProvider/Passwords/ --projection "'"</p><p>unrecognized token: "' FROM Passwords" (code 1): , while compiling: SELECT ' FROM Passwords</p><p>&nbsp;</p><p>dz&gt; run app.provider.query content://com.mwr.example.sieve.DBContentProvider/Passwords/ --selection "'"</p><p>unrecognized token: "')" (code 1): , while compiling: SELECT * FROM Passwords WHERE (') +</p></blockquote><p>If an application is vulnerable to SQL Injection, it will return a verbose error message. SQL Injection on Android may be used to modify or query data from the vulnerable content provider. In the following example, the Drozer module app.provider.query is used to list all the database tables:</p><blockquote><p>dz&gt; run app.provider.query content://com.mwr.example.sieve.DBContentProvider/Passwords/ --projection "*</p><p>FROM SQLITE_MASTER WHERE type='table';--"</p><p>| type &nbsp;| name &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; | tbl_name &nbsp; &nbsp; &nbsp; &nbsp; | rootpage | sql &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;|</p><p>| table | android_metadata | android_metadata | 3 &nbsp; &nbsp; &nbsp; &nbsp;| CREATE TABLE ... |</p><p>| table | Passwords &nbsp; &nbsp; &nbsp; &nbsp;| Passwords &nbsp; &nbsp; &nbsp; &nbsp;| 4 &nbsp; &nbsp; &nbsp; &nbsp;| CREATE TABLE ... |</p><p>| table | Key &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;| Key &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;| 5 &nbsp; &nbsp; &nbsp; &nbsp;| CREATE TABLE ... | +</p></blockquote><p>SQL Injection may also be used to retrieve data from otherwise protected tables:</p><blockquote><p>dz&gt; run app.provider.query content://com.mwr.example.sieve.DBContentProvider/Passwords/ --projection "* FROM Key;--"</p><p>| Password | pin |</p><p>| thisismypassword | 9876 |</p></blockquote><p>You can automate these steps with the scanner.provider.injection module, which automatically finds vulnerable content providers within an app:</p><blockquote><p>dz&gt; run scanner.provider.injection -a com.mwr.example.sieve</p><p>Scanning com.mwr.example.sieve...</p><p>Injection in Projection:</p><p>&nbsp;content://com.mwr.example.sieve.DBContentProvider/Keys/</p><p>&nbsp;content://com.mwr.example.sieve.DBContentProvider/Passwords</p><p>&nbsp;content://com.mwr.example.sieve.DBContentProvider/Passwords/</p><p>Injection in Selection:</p><p>&nbsp;content://com.mwr.example.sieve.DBContentProvider/Keys/</p><p>&nbsp;content://com.mwr.example.sieve.DBContentProvider/Passwords</p><p>&nbsp;content://com.mwr.example.sieve.DBContentProvider/Passwords/ +</p></blockquote><h4>File System Based Content Providers</h4><p>Content providers can provide access to the underlying filesystem. This allows apps to share files (the Android sandbox normally prevents this). You can use the Drozer modules app.provider.read and app.provider.download to read and download files, respectively, from exported file-based content providers. These content providers are susceptible to directory traversal, which allows otherwise protected files in the target application's sandbox to be read.</p><blockquote><p>dz&gt; run app.provider.download content://com.vulnerable.app.FileProvider/../../../../../../../../data/data/com.vulnerable.app/database.db /home/user/database.db +Written 24488 bytes +</p></blockquote><p>Use the scanner.provider.traversal module to automate the process of finding content providers that are susceptible to directory traversal:</p><blockquote><p>dz&gt; run scanner.provider.traversal -a com.mwr.example.sieve</p><p>Scanning com.mwr.example.sieve...</p><p>Vulnerable Providers:</p><p>&nbsp;content://com.mwr.example.sieve.FileBackupProvider/</p><p>&nbsp;content://com.mwr.example.sieve.FileBackupProvider</p></blockquote><p>Note that adb can also be used to query content providers:</p><blockquote><p>$ adb shell content query --uri content://com.owaspomtg.vulnapp.provider.CredentialProvider/credentials</p><p>Row: 0 id=1, username=admin, password=StrongPwd</p><p>Row: 1 id=2, username=test, password=test</p><p>...</p></blockquote><p><strong>For iOS:</strong></p><p><strong>Static Analysis</strong></p><p>The following section summarizes keywords that you should look for to identify IPC implementations within iOS source code.</p><h4>XPC Services</h4><p>Several classes may be used to implement the NSXPCConnection API:</p><ul><li>NSXPCConnection</li><li>NSXPCInterface</li><li>NSXPCListener</li><li>NSXPCListenerEndpoint</li></ul><p>You can set security attributes for the connection. The attributes should be verified.</p><p>Check for the following two files in the Xcode project for the XPC Services API (which is C-based):</p><ul><li>xpc.h</li><li>connection.h</li></ul><h4>Mach Ports</h4><p>Keywords to look for in low-level implementations:</p><ul><li>mach_port_t</li><li>mach_msg_*</li></ul><p>Keywords to look for in high-level implementations (Core Foundation and Foundation wrappers):</p><ul><li>CFMachPort</li><li>CFMessagePort</li><li>NSMachPort</li><li>NSMessagePort</li></ul><h4>NSFileCoordinator</h4><p>Keywords to look for:</p><ul><li>NSFileCoordinator</li></ul><p><strong>Dynamic Analysis</strong></p><p>Verify IPC mechanisms with static analysis of the iOS source code. No iOS tool is currently available to verify IPC usage.</p> + + + + + + + + + + + + + + + + + Ensure the app implements multiple different responses to tampering, debugging and emulation, + including stealthy responses that don't simply terminate the app. + + + + + + + + + + + + + Check the app implements multiple different responses to tampering, debugging and + emulation, including stealthy responses that don't simply terminate the app. + + + + + + + + + + + + + + + + + + Android relies on a security provider to provide SSL/TLS-based connections. The problem with this kind of security provider (one example is OpenSSL), which comes with the device, is that it often has bugs and/or vulnerabilities. To avoid known vulnerabilities, developers need to make sure that the application will install a proper security provider. Since July 11, 2016, Google has been rejecting Play Store application submissions (both new applications and updates) that use vulnerable versions of OpenSSL. + + + + + + + + + + + + + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">When you have the source code:</span></p> +<ul> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">Run the application in debug mode, then create a breakpoint where the app will first contact the endpoint(s).</span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>Right click the highlighted code and select </span><span><code>Evaluate Expression</code></span><span>.</span></span></span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>Type </span><span><code>Security.getProviders()</code></span><span> and press enter.</span></span></span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>Check the providers and try to find </span><span><code>GmsCore_OpenSSL</code></span><span>, which should be the new top-listed provider.</span></span></span></p> + </div></li> +</ul> +<p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">When you do not have the source code:</span></p> +<ul> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>Use Xposed to hook into the </span><span><code>java.security</code></span><span> package, then hook into </span><span><code>java.security.Security</code></span><span> with the method </span><span><code>getProviders</code></span><span> (with no arguments). The return value will be an array of </span><span><code>Provider</code></span><span>.</span></span></span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>Determine whether the first provider is </span><span><code>GmsCore_OpenSSL</code></span><span>.</span></span></span></p> + </div></li> +</ul> + + + + + + + + + + + + + + + + + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">The purpose of this test case is verifying logout functionality and determining whether it effectively terminates the session on both client and server and invalidates a stateless token.</span></p> +<p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">Failing to destroy the server-side session is one of the most common logout functionality implementation errors. This error keeps the session or token alive, even after the user logs out of the application. An attacker who gets valid authentication information can continue to use it and hijack a user's account.</span></p> +<p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">Many mobile apps don't automatically log users out. There can be various reasons, such as: because it is inconvenient for customers, or because of decisions made when implementing stateless authentication. The application should still have a logout function, and it should be implemented according to best practices, destroying all locally stored tokens or session identifiers. If session information is stored on the server, it should also be destroyed by sending a logout request to that server. In case of a high-risk application, tokens should be blacklisted. Not removing tokens or session identifiers can result in unauthorized access to the application in case the tokens are leaked. Note that other sensitive types of information should be removed as well, as any information that is not properly cleared may be leaked later, for example during a device backup.</span></p> + + + + + + + + + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">Use an interception proxy for dynamic application analysis and execute the following steps to check whether the logout is implemented properly:</span></p> +<ol> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">Log in to the application.</span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">Access a resource that requires authentication, typically a request for private information belonging to your account.</span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">Log out of the application.</span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">Try to access the data again by resending the request from step 2.</span></p> + </div></li> +</ol> +<p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">If the logout is correctly implemented on the server, an error message or redirect to the login page will be sent back to the client. On the other hand, if you receive the same response you got in step 2, the token or session ID is still valid and hasn't been correctly terminated on the server.</span></p> + + + + + + + + + + + + + + + + + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">For applications which require L2 protection, the MASVS states that they should inform the user about all login activities within the app with the possibility of blocking certain devices. This can be broken down into various scenarios:</span></p> +<ol> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">The application provides a push notification the moment their account is used on another device to notify the user of different activities. The user can then block this device after opening the app via the push-notification.</span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">The application provides an overview of the last session after login. If the previous session was with a different configuration (e.g. location, device, app-version) compared to the current configuration, then the user should have the option to report suspicious activities and block devices used in the previous session.</span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">The application provides an overview of the last session after login at all times.</span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">The application has a self-service portal in which the user can see an audit-log. This allows the user to manage the different devices that are logged in.</span></p> + </div></li> +</ol> +<p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">The developer can make use of specific meta-information and associate it to each different activity or event within the application. This will make it easier for the user to spot suspicious behavior and block the corresponding device. The meta-information may include:</span></p> +<ul> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">Device: The user can clearly identify all devices where the app is being used.</span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">Date and Time: The user can clearly see the latest date and time when the app was used.</span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">Location: The user can clearly identify the latest locations where the app was used.</span></p> + </div></li> +</ul> +<p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">The application can provide a list of activities history which will be updated after each sensitive activity within the application. The choice of which activities to audit needs to be done for each application based on the data it handles and the level of security risk the team is willing to have. Below is a list of common sensitive activities that are usually audited:</span></p> +<ul> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">Login attempts</span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">Password changes</span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">Personal Identifiable Information changes (name, email address, telephone number, etc.)</span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">Sensitive activities (purchase, accessing important resources, etc.)</span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">Consent to Terms and Conditions clauses</span></p> + </div></li> +</ul> +<p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">Paid content requires special care, and additional meta-information (e.g., operation cost, credit, etc.) might be used to ensure user's knowledge about the whole operation's parameters.</span></p> +<p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">In addition, non-repudiation mechanisms should be applied to sensitive transactions (e.g. payed content access, given consent to Terms and Conditions clauses, etc.) in order to prove that a specific transaction was in fact performed (integrity) and by whom (authentication).</span></p> +<p><br></p> + + + + + + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>In all cases, you should verify whether different devices are detected correctly. Therefore, the binding of the application to the actual device should be tested. In iOS, a developer can use&nbsp;</span><span><code>identifierForVendor</code></span><span>, which is related to the bundle ID: the moment you change a bundle ID, the method will return a different value. When the app is ran for the first time, make sure you store the value returned by&nbsp;</span><span><code>identifierForVendor</code></span><span>&nbsp;to the KeyChain, so that changes to it can be detected at an early stage.</span></span></span></p> +<p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1"><span><span>In Android, the developer can use&nbsp;</span><span><code>Settings.Secure.ANDROID_ID</code></span><span>&nbsp;till Android 8.0 (API level 26) to identify an application instance. Note that starting at Android 8.0 (API level 26),&nbsp;</span><span><code>ANDROID_ID</code></span><span>&nbsp;is no longer a device unique ID. Instead, it becomes scoped by the combination of app signing key, user and device. So validating&nbsp;</span><span><code>ANDROID_ID</code></span><span>&nbsp;for device blocking could be tricky for these Android versions. Because if an app changes its signing key, the&nbsp;</span><span><code>ANDROID_ID</code></span><span>&nbsp;will change and it won't be able to recognize old users devices. Therefore, it's better to store the&nbsp;</span><span><code>ANDROID_ID</code></span><span>&nbsp;encrypted and privately in a private a shared preferences file using a randomly generated key from the&nbsp;</span><span><code>AndroidKeyStore</code></span><span>&nbsp;and preferably AES_GCM encryption. The moment the app signature changes, the application can check for a delta and register the new&nbsp;</span><span><code>ANDROID_ID</code></span><span>. The moment this new ID changes without a new application signing key, it should indicate that something else is wrong. Next, the device binding can be extended by signing requests with a key stored in the&nbsp;</span><span><code>Keychain</code></span><span>&nbsp;for iOS and in the&nbsp;</span><span><code>KeyStore</code></span><span>&nbsp;in Android can reassure strong device binding. You should also test if using different IPs, different locations and/or different time-slots will trigger the right type of information in all scenarios.</span></span></span></p> +<p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">Lastly, the blocking of the devices should be tested, by blocking a registered instance of the app and see if it is then no longer allowed to authenticate. Note: in case of an application which requires L2 protection, it can be a good idea to warn a user even before the first authentication on a new device. Instead: warn the user already when a second instance of the app is registered.</span></p> + + + + + + + + + + + + + + + + + Implement detection and response functionalities to detect rooted devices and if the device is rooted, the app shall respond in two ways:&nbsp; +<div> + <ul> + <li>The app notifies the user that their device is rooted and it's not secure to continue with the app.&nbsp;</li> + <li>Terminate the session and the app, because sensitive data is vulnerable.</li> + </ul> +</div> + + + + + + + + + + + + + <ul> + <li>Check that the app has two or more functionalities with independent methods to + detect a rooted device.&nbsp;</li> + <li>Check that if the device is rooted, the user is alerted or the app is terminated.</li> + </ul> + + + + + + + + + + + + + + + + + + Implement functionality to detect, notify and respond when the app is modified by executable files or by anti-debugging tools within its own sandbox. When the injection is detected the app shall alert the user and terminate the session. + + + + + + + + + + + + <ol> + <li>For the application source integrity checks, run the app on the device in an + unmodified state and make sure that everything works.&nbsp;</li> + <li>Then apply simple patches to the classes.dex and any .so libraries contained in + the app package. Re-package and re-sign the app.&nbsp;</li> + <li>Check the app alerts the user and/or terminates the session.</li> + </ol> + + + + + + + + + + + + + + + + + + Create functionality to detect &quot;hostile&quot; code in its memory and respond + accordingly. Controls in this category verify the integrity of the app's own memory space, with + the goal of protecting against memory patches applied during runtime. This includes unwanted + changes to binary code or bytecode, functions pointer tables, and important data structures, as + well as rogue code loaded into process memory.&nbsp; + <div> + <br /> + <div> + Integrity can be verified either by:&nbsp; + <div> + <ul> + <li>Comparing the contents of memory, or a checksum over the contents, with known good + values.&nbsp;</li> + <li>Searching memory for signatures of unwanted modifications.</li> + </ul> + </div> + </div> + </div> + + + + + + + + + + + + + <ul> + <li>Disable all file-based detection of reverse engineering tools.&nbsp;</li> + <li>Then inject code using Xposed, Frida and Substrate, and attempt to install native + hooks and Java method hooks.&nbsp;</li> + <li>Check that the app detects the &quot;hostile&quot; code in its memory and + responds accordingly.</li> + </ul> + + + + + + + + + + + + + + + + + + Create and implement functionality to detect when the app is being run inside an emulator. If + the app is running inside an emulator, the app shall terminate the session. + + + + + + + + + + + + <ol> + <li>Install and run the app within an emulator.&nbsp;</li> + <li>Check the app detects this and terminates the session.</li> + </ol> + + + + + + + + + + + + + + + + + + Create functionality to detect the presence of widely used reverse engineering tools, such as + code injection tools, hooking frameworks and debugging servers. If any reverse engineering tool + is detected, the app shall force termination of the session. + + + + + + + + + + + + + Launch the app systematically with various apps and frameworks installed, such as the + following:&nbsp; + <div> + <ul> + <li>Substrate for Android&nbsp;</li> + <li>Xposed&nbsp;</li> + <li>Frida&nbsp;</li> + <li>Introspy-Android&nbsp;</li> + <li>Drozer&nbsp;</li> + <li>RootCloak&nbsp;</li> + <li>Android SSL Trust Killer&nbsp;</li> + </ul>The app should alert the user and/or terminate the app. + </div> + + + + + + + + + + + + + + + + + + Implement anti-debugging mechanisms to prohibit debug mode being activated. Anti-debugging + features can be preventive or reactive. As the name implies, preventive anti-debugging + techniques prevent the debugger from attaching in the first place, while reactive techniques + attempt to detect whether a debugger is present and react to it in some way (e.g. terminating + the app, or triggering some kind of hidden behavior).&nbsp; + <div> + <br /> + </div> + <div> + The &quot;more-is-better&quot; rule applies: To maximize effectiveness, defenders + combine multiple methods of prevention and detection which operate on different API layers and + are distributed throughout the app. + </div> + + + + + + + + + + + + + + + Check for the presence of anti-debugging mechanisms and verify if with the following + criteria the anti-debugging mechanisms are bypassed:&nbsp; + <div> + <ul> + <li>Attaching JDB and ptrace based debuggers either fails or causes the app to + terminate or malfunction&nbsp;</li> + <li>Multiple detection methods are scattered throughout the app (as opposed to putting + everything into a single method or function);&nbsp;</li> + <li>The anti-debugging defenses operate on multiple API layers (Java, native library + functions, Assembler/system calls);&nbsp;</li> + <li>The mechanisms show some level of originality (vs. copy/paste from StackOverflow + or other sources);</li> + </ul> + </div> + + + + + + + + + + + + + + + + + + Insert the policy in the if statement with DEVELOPER_MODE as condition. The DEVELOPER_MODE has + to be disabled for release build in order to disable StrictMode too.&nbsp; + <div> + <br /> + </div> + <div> + Remove the debugging code, log verbose errors or debugging messages in the production version. + </div> + + + + + + + + + + + + + + <ul> + <li>Check that there is only one method to activate the DEVELOPMENT_MODE.</li> + <li>Check that the debugging code was removed.</li> + </ul> + + + + + + + + + + + + + + + + + + Obfuscation is the process of transforming code and data in order to make it more difficult to comprehend. It is an integral part of every software protection scheme. +<div> + <br> +</div> +<div> + If the goal of obfuscation is to protect sensitive computations, an obfuscation scheme is used that is both appropriate for the particular task and robust against manual and automated de-obfuscation methods, considering currently published research. The effectiveness of the obfuscation scheme must be verified through manual testing. Note that hardware-based isolation features are preferred over obfuscation whenever possible. +</div> + + + + + + + + + + + + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">Attempt to decompile the byte-code, disassemble any included library files, and perform static analysis. At the very least, the app's core functionality (i.e., the functionality meant to be obfuscated) shouldn't be easily discerned. Verify that</span></p> +<ul> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">meaningful identifiers, such as class names, method names, and variable names, have been discarded,</span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">string resources and strings in binaries are encrypted,</span></p> + </div></li> + <li> + <div class="reset-3c756112--listItemContent-756c9114"> + <p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">code and data related to the protected functionality is encrypted, packed, or otherwise concealed.</span></p> + </div></li> +</ul> +<p><span class="text-4505230f--TextH400-3033861f--textContentFamily-49a318e1">For a more detailed assessment, you need a detailed understanding of the relevant threats and the obfuscation methods used.</span></p> + + + + + + + + + + + + + + + + + If native methods of the app are exposed to a WebView, verify that the WebView only renders JavaScript contained within the app package. + + + + + + + + + + + + + + - Produce a JavaScript payload. + - Inject it into the file that the app is requesting. The injection could be done either + through a MITM attack or by directly modifying the file in case it is stored on external + storage. The whole process could be done through Drozer that uses weasel (MWR's advanced + exploitation payload) which is able to install a full agent, injecting a limited agent into + a running process, or connecting a reverse shell to act as a Remote Access Tool (RAT). + - Check that only the JavaScript provided with the app is allowed. + + + + + + + + + + + + + + + + + + <div> + If the app provides users access to a remote service, some form of authentication, such as username/password authentication, is performed at the remote endpoint. +</div> + + + + + + + + + + + + + + + + + + + + + + + + + + As a general rule of thumb, as little explanative information as possible should be provided + along with the compiled code. Some metadata such as debugging information, line numbers and + descriptive function or method names make the binary or bytecode easier to understand for the + reverse engineer, but isn't actually needed in a release build and can therefore be safely + discarded without impacting the functionality of the app. + + This data shall be removed from the release version or shall be obfuscated in order to be + inaccessible to the reverse engineer. + + + + + + + + + + + + + For Android:&nbsp; + <blockquote> + <div> + Symbols are usually stripped during the build process, so you need the compiled byte-code + and libraries to verify whether any unnecessary metadata has been discarded. First find the + nm binary in your Android NDK and export it (or create an alias). + </div> + <div> + <br /> + </div> + </blockquote> + <blockquote> + <blockquote> + <div> + export $NM = + $ANDROID_NDK_DIR/toolchains/arm-linux-androideabi-4.9/prebuilt/darwin-x86_64/bin/arm-linux-androideabi-nm&nbsp; + </div> + <div> + <br /> + </div> + </blockquote> + </blockquote> + <blockquote> + <div> + To display debug symbols: + </div> + </blockquote> + <blockquote> + <blockquote> + <div> + $ $NM -a + libfoo.so/tmp/toolchains/arm-linux-androideabi-4.9/prebuilt/darwin-x86_64/bin/arm-linux-androideabi-nm: + libfoo.so: no symbols&nbsp; + </div> + </blockquote>To display dynamic symbols: + </blockquote> + <blockquote> + <blockquote> + $ $NM -D libfoo.so&nbsp; + </blockquote>Alternatively, open the file in your favorite disassembler and check the + symbol tables manually. Dynamic symbols can be stripped using the visibility compiler flag. + Adding this flag causes gcc to discard the function names while still preserving the names + of functions declared as JNIEXPORT.&nbsp; + </blockquote> + <blockquote> + <br /> + </blockquote> + <blockquote> + Check if the following was added to build.gradle:&nbsp; + </blockquote> + <blockquote> + <blockquote> + externalNativeBuild { cmake { cppFlags &quot;-fvisibility=hidden&quot; } }&nbsp; + </blockquote> + <blockquote> + <br /> + </blockquote> + </blockquote>For iOS:&nbsp; + <blockquote> + <div> + Use gobjdump to inspect the main binary and any included dylibs for Stabs and DWARF symbols. + </div> + </blockquote> + <blockquote> + <blockquote> + <div> + $ gobjdump --stabs --dwarf TargetApp&nbsp; + </div> + </blockquote>In archive MyTargetApp:&nbsp; + </blockquote> + <blockquote> + <blockquote> + - armv5te: file format mach-o-arm - aarch64: file format mach-o-arm64 Gobjdump is part of + binutils and can be installed via Homebrew on Mac OS X. + </blockquote> + </blockquote> + + + + + + + + + + + + + + + + + + Security best practice dictates the practice of least-privilege is followed, thereby reducing the attack surface and risk of compromise. By limiting the access an application has to the system, developers may reduce the impact a compromise may have.&nbsp; +<div> + <br> +</div> +<div> + Request only the minimum required permissions from the mobile operating system. For example, if there is no requirement to use the camera then the application should not request this permission. +</div> +<div> + <br> +</div> +<div> + Review features and functionality present in the application, in particular legacy features, to determine if they are relevant and required, and if not remove them and associated OS permissions. +</div> + + + + + + + + + + + + + + + + + For Android applications:&nbsp; + <div> + <ol> + <li>Install the application and review the permissions the application is asking for.&nbsp;</li> + <li>Check they are actually needed.</li> + </ol>For iOS applications:&nbsp; + </div> + <div> + <ol> + <li>Install the application and use its main functionality, iOS will ask for the + permission when it is needed.&nbsp;</li> + <li>Verify those permissions requests are in accordance with the minimum set of + permissions needed by the application.</li> + </ol> + </div> + + + + + + + + + + + + + + + + + + <div> + Use periodically a static code analysis tool to analyze the code and detect potentially malicious code, such as time functions, unsafe file operations and networks connections. With the scanning of static code, we ensure the integrity of the application. +</div> + + + + + + + + + + + + <div> + Verify that a code analysis tool is in use and it is configured to detect potentially malicious code, such as time functions, unsafe file operations and network connections. +</div> + + + + + + + + + + + + + + + + + <div> + One of the core mobile app functions is sending/receiving data over untrusted networks like the Internet. If the data is not properly protected in transit, an attacker with access to any part of the network infrastructure (e.g., a Wi-Fi access point) may intercept, read, or modify it. This is why plaintext network protocols are rarely advisable. +</div> +<div> + <br> +</div> +<div> + The vast majority of apps rely on HTTP for communication with the backend. HTTPS wraps HTTP in an encrypted connection (the acronym HTTPS originally referred to HTTP over Secure Socket Layer (SSL); SSL is the deprecated predecessor of TLS). TLS allows authentication of the backend service and ensures confidentiality and integrity of the network data. +</div> +<div> + <br> +</div> +<div> + Ensuring proper TLS configuration on the server side is also important. The SSL protocol is deprecated and should no longer be used. Also TLS v1.0 and TLS v1.1 have known vulnerabilities and their usage is deprecated in all major browsers by 2020. TLS v1.2 and TLS v1.3 are considered best practice for secure transmission of data. Starting with Android 10 (API level 29) TLS v1.3 will be enabled by default for faster and secure communication. The major change with TLS v1.3 is that customizing cipher suites is no longer possible and that all of them are enabled when TLS v1.3 is enabled, whereas Zero Round Trip (0-RTT) mode isn't supported. +</div> +<div> + <br> +</div> +<div> + When both the client and server are controlled by the same organization and used only for communicating with one another, you can increase security by hardening the configuration. +</div> +<div> + If a mobile application connects to a specific server, its networking stack can be tuned to ensure the highest possible security level for the server's configuration. Lack of support in the underlying operating system may force the mobile application to use a weaker configuration. +</div> + + + + + + + + <div> + Intercept the tested app's incoming and outgoing network traffic and make sure that this traffic is encrypted. You can intercept network traffic in any of the following ways: +</div> +<div> + <ul> + <li>Capture all HTTP(S) and Websocket traffic with an interception proxy like OWASP ZAP or Burp Suite and make sure all requests are made via HTTPS instead of HTTP.</li> + <li>Interception proxies like Burp and OWASP ZAP will show HTTP(S) traffic only. You can, however, use a Burp plugin such as Burp-non-HTTP-Extension or the tool mitm-relay to decode and visualize communication via XMPP and other protocols.</li> + </ul> +</div> + + + + + + + + + + + + + + + + + Memory corruption bugs are a popular mainstay for hackers. This class of bug results from a programming error that causes the program to access an unintended memory location. Under the right conditions, attackers can capitalize on this behavior to hijack the execution flow of the vulnerable program and execute arbitrary code.&nbsp; +<div> + <br> +</div> +<div> + This kind of vulnerability occurs in a number of ways: + <div> + <ul> + <li><b>Buffer overflows:</b> This describes a programming error where an app writes beyond an allocated memory range for a particular operation. An attacker can use this flaw to overwrite important control data located in adjacent memory, such as function pointers. Buffer overflows were formerly the most common type of memory corruption flaw, but have become less prevalent over the years due to a number of factors. Notably, awareness among developers of the risks in using unsafe C library functions is now a common best practice plus, catching buffer overflow bugs is relatively simple. However, it is still worth testing for such defects.&nbsp;</li> + <li><b>Out-of-bounds-access: </b>Buggy pointer arithmetic may cause a pointer or index to reference a position beyond the bounds of the intended memory structure (e.g. buffer or list). When an app attempts to write to an out-of-bounds address, a crash or unintended behavior occurs. If the attacker can control the target offset and manipulate the content written to some extent, code execution exploit is likely possible.&nbsp;</li> + <li><b>Dangling pointers:</b> These occur when an object with an incoming reference to a memory location is deleted or deallocated, but the object pointer is not reset. If the program later uses the dangling pointer to call a virtual function of the already deallocated object, it is possible to hijack execution by overwriting the original vtable pointer. Alternatively, it is possible to read or write object variables or other memory structures referenced by a dangling pointer.&nbsp;</li> + <li><b>Use-after-free:</b> This refers to a special case of dangling pointers referencing released (deallocated) memory. After a memory address is cleared, all pointers referencing the location become invalid, causing the memory manager to return the address to a pool of available memory. When this memory location is eventually re-allocated, accessing the original pointer will read or write the data contained in the newly allocated memory. This usually leads to data corruption and undefined behavior, but crafty attackers can set up the appropriate memory locations to leverage control of the instruction pointer.&nbsp;</li> + <li><b>Integer overflows: </b>When the result of an arithmetic operation exceeds the maximum value for the integer type defined by the programmer, this results in the value "wrapping around" the maximum integer value, inevitably resulting in a small value being stored. Conversely, when the result of an arithmetic operation is smaller than the minimum value of the integer type, an integer underflow occurs where the result is larger than expected. Whether a particular integer overflow/underflow bug is exploitable depends on how the integer is used - for example, if the integer type were to represent the length of a buffer, this could create a buffer overflow vulnerability.&nbsp;</li> + <li><b>Format string vulnerabilities: </b>When unchecked user input is passed to the format string parameter of the printf() family of C functions, attackers may inject format tokens such as '%c' and '%n' to access memory. Format string bugs are convenient to exploit due to their flexibility. Should a program output the result of the string formatting operation, the attacker can read and write to memory arbitrarily, thus bypassing protection features such as ASLR.&nbsp;</li> + </ul> + <b>Remediation:&nbsp;</b> + </div> + <div> + A best practice to fix the Memory Corruption Bugs are the following:&nbsp; + </div> + <div> + <ul> + <li>When using integer variables for array indexing, buffer length calculations, or any other security-critical operation, verify that unsigned integer types are used and perform precondition tests to prevent the possibility of integer wrapping.&nbsp;</li> + <li>Ensure the app does not use unsafe string functions such as strcpy, most other functions beginning with the "str" prefix, sprint, vsprintf, gets, etc.; If the app contains C++ code, ANSI C++ string classes are used; iOS apps written in Objective-C use NSString class. C apps on iOS should use CFString, the Core Foundation representation of a string. No untrusted data is concatenated into format strings.</li> + </ul> + </div> +</div> + + + + + + + + + + + + + + + + Check if some of the different Memory Corruption bugs appear when you try to use them to + gain access to the system. + + + + + + + + + + + + + + + + + + <span style="white-space: pre;">The detection mechanisms trigger responses of different types, including delayed and stealthy responses.</span> + + + + + + + + + + + + + + + + + + + + + + + Code signing your app assures users that it is from a known source and the app hasn't been modified since it was last signed. This process can prevent an app from being tampered with, or modified to include malicious code. + + + + + + + + + + + + + Check that the app is correctly signed. + + + + + + + + + + + + + + + + + + + + + + If the mobile application requests permissions or access to components that are not + strictly needed by the application, then users can lose trust in the security of the + application with an associated impact on the trust placed in the application provider. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + An attacker attempts to invoke all common switches and options in the target + application for the purpose of discovering weaknesses in the target. For example, in + some applications, adding the --debug switch causes debugging information to be + displayed, which can sometimes reveal sensitive processing or configuration information + to an attacker.&nbsp; + <div> + <br /> + </div> + <div> + This attack differs from other forms of API abuse in that the attacker is blindly + attempting to invoke options in the hope that one of them will work rather than + specifically targeting a known option. Nonetheless, even if the attacker is familiar + with the published options of a targeted application this attack method may still be + fruitful as it might discover unpublicized functionality. + </div> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + An attacker discovers the structure, function, and composition of an object, resource, + or system by using a variety of analysis techniques to effectively determine how the + analyzed entity was constructed or operates. The goal of reverse engineering is often to + duplicate the function, or a part of the function, of an object in order to duplicate or + &quot;back engineer&quot; some aspect of its functioning.&nbsp; + <div> + <br /> + </div> + <div> + Reverse engineering techniques can be applied to mechanical objects, electronic devices, + or software, although the methodology and techniques involved in each type of analysis + differ widely. When adversaries are reverse engineering software, methodologies fall + into two broad categories, 'white box' and 'black box.' White box techniques involve + methods which can be applied to a piece of software when an executable or some other + compiled object can be directly subjected to analysis, revealing at least a portion of + its machine instructions that can be observed upon execution. + </div> + <div> + <br /> + </div> + <div> + 'Black Box' methods involve interacting with the software indirectly, in the absence of + the ability to measure, instrument, or analyze an executable object directly. Such + analysis typically involves interacting with the software at the boundaries of where the + software interfaces with a larger execution environment, such as input-output vectors, + libraries, or APIs. + </div> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Application security should be embedded into a project's development environment, allowing developers to monitor their code regularly in order to avoid security vulnerabilities when the application is deployed in the production environment. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Errors and error handling represent a class of API. Errors related to error handling + are so common that they deserve a special kingdom of their own. As with API Abuse, there are two ways to introduce an error-related security vulnerability: the most common + one is handling errors poorly (or not at all). The second is producing errors that either give out too much information (to possible attackers) or are difficult to handle. + + + + + + + + + + + + + + + + + + + + + + + + + + An attacker employs forceful browsing to access portions of a website that are + otherwise unreachable through direct URL entry. + + Usually, a front controller or similar design pattern is employed to protect access to + portions of a web application. + + Forceful browsing enables an attacker to access information, perform privileged + operations and otherwise reach sections of the web application that have been improperly + protected. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>In applications, particularly web applications, access to functionality is mitigated by the authorization framework, whose job it is to map ACLs to elements of the application's functionality; particularly URL's for web-apps. In cases in which the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker could potentially access resources that should only be available to users of a higher privilege level, or access management sections of the application, or can run queries for data that he is otherwise not supposed to.&nbsp;<br>&nbsp;</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Buffer Overflow attacks target improper or missing bounds checking on buffer + operations, typically triggered by input injected by an attacker. As a consequence, an + attacker is able to write past the boundaries of allocated buffer regions in memory, + causing a program crash or potentially redirection of execution as per the attackers' + choice. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on how many resources can be allocated, in violation of the intended security policy.</p> + + + + + + + + + + + + The software does not properly perform authentication, allowing it to be bypassed through various methods. + + + + + + + + + + + + + + The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. + +Many communication channels can be "sniffed" by attackers during data transmission. For example, network traffic can often be sniffed by any attacker who has access to a network interface. This significantly lowers the difficulty of exploitation by attackers. + + + + + + + + + + + + When an actor claims to have a given identity, the software does not prove or insufficiently + proves that the claim is correct. + + + + + + + + + + + + + + + The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources. + + + + + + + + + + + + The software specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. + +When a resource is given a permission setting that provides access to a wider range of actors than required, it can lead to the exposure of sensitive information or to the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution or sensitive user data. + + + + + + + + + + + + + + An information exposure is the intentional or unintentional disclosure of information to an + actor that is not explicitly authorized to have access to that information. + + + + + + + + + + + + + + + <p>The software generates an error message that includes sensitive information about its environment, users, or associated data.&nbsp;</p><p>&nbsp;&nbsp;<br>This sensitive information may be valuable on its own (such as a password), or it may be useful for launching other deadlier attacks. If an attack fails, an attacker may use error information provided by the server to launch another more focused attack. For example, an attempt to exploit a path traversal weakness (CWE-22) might yield the full pathname of the installed application. In turn, this could be used to select the proper number of ".." sequences to navigate to the targeted file. An attack using SQL injection (CWE-89) might not initially succeed, but an error message could reveal the malformed query, which would expose query logic and possibly even passwords or other sensitive information used within the query.</p> + + + + + + + + + + + + + + The application contains debugging code that can expose sensitive information to untrusted parties. + + + + + + + + + + + + + + + The product does not validate or incorrectly validates input that can affect the control flow + or data flow of a program. + + When software does not validate input properly, an attacker is able to craft the input in a form + that is not expected by the rest of the application. This will lead to parts of the system + receiving unintended input, which may result in altered control flow, arbitrary control of a + resource, or arbitrary code execution. + + + + + + + + + + + + + + + When the application does not offer a password change facility, a compromise of the current user password will lead to an attacker having persistent access to the account. + + + + + + + + + + + + The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. + + + + + + + + + + + + The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts. + + + + + + + + + + + + + + The product does not enforce a strong password policy, which makes it easier for attackers to compromise user accounts through brute force or dictionary based attacks. + +An authentication mechanism is only as strong as its credentials. For this reason, it is important to require users to have strong passwords. Lack of password complexity significantly reduces the search space when trying to guess user's passwords, making brute-force attacks easier. + + + + + + + + + + + + + + When patches and updates are not applied in a timely manner then a product (e.g. Operating System, Software or Mobile App) or a system could be vulnerable to known security issues. These issues could be leveraged by an attacker to gain access to the system. + + + + + + + + + + + + A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make a decision about granting access to restricted resources or functionality. + + + + + + + + + + + + + + The product is exposed or reachable by an unnecessarily large group of potential attackers. An over-exposure of a component increases the chance of an attacker gaining access to the system through a vulnerability. + + + + + + + + + + + + The software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests. + +This can allow the actor to perform actions more frequently than expected. The actor could be a human or an automated process such as a virus or bot. This could be used to cause a denial of service, to compromise program logic (such as limiting humans to a single vote), or for other purposes. For example, an authentication routine might not limit the number of times an attacker can guess a password, or a website might conduct a poll but only expect humans to vote a maximum of once a day. + + + + + + + + + + + + When using password or key material within an application, these are copied in memory and can be copied back to the disk depending on several factors. + +If the application handles passwords or key material, an attacker with access to the system could inspect the memory or the hard disk to retrieve back those secrets on its original form. + + + + + + + + + + + + + + The product lacks key security features such as protection against tampering or unprotected storages, or it has other misconfigurations and omissions during production. + + + + + + + + + + + + The software does not properly restrict the size or amount of resources that are requested or + influenced by an actor, which can be used to consume more resources than intended. + + + + + + + + + + + + + + + <p>This is a generic weakness which includes several different situations that are all connected to unexpected environmental conditions and could be related to:&nbsp;</p><ul><li>Misconfiguration.</li><li>Uncleared buffers, shared memory, files, etc.</li><li>Problems between the interaction of two different entities that cause unexpected behavior.</li></ul> + + Identify the areas of the application that can be affected by the following causes: + <br /> + <ol> + <li>Misconfiguration.</li> + <li>Uncleared buffers, shared memory, files, etc.&nbsp;</li> + <li>Problems between the interaction of two different entities that cause unexpected + behavior.</li> + </ol> + <div> + Perform testing on them to look for a security problem.&nbsp; + </div> + + + + + + + + + + + + + + + <div> + All product related web servers have their webserver HTTP trace and trace methods disabled. +</div> +<div> + <br> +</div> +<div> + <b> Rationale: </b> +</div> +<div> + The HTTP trace method is normally used to return the full HTTP request back to the requesting client for proxy-debugging purposes. However, servers supporting the HTTP trace method are subject to cross-site scripting (XSS) attacks when used in conjunction with various weaknesses in browsers. +</div> +<div> + <br> +</div> +<div> + <b> Remediation: </b> +</div> +<div> + Disable web servers' HTTP trace and trace methods. +</div> +<div> + For example, regarding an Apache2.0 server: +</div> +<div> + Modify the security.conf file located under /etc/apache2/conf.d/security and set the Track option to Off. +</div> +<div> + <br> +</div> + + + + + + + + + + + + + + + + + + You can use curl to verify if HTTP TRACE was disabled in the server: +<div> + <br> +</div> +<div> + &nbsp;curl -v -X TRACE http://www.yourserver.com +</div> + + + + + + + + + + + + + + + + + + + <p>All the production test and calibration software used during manufacture is erased, removed or secured before the product is dispatched from the factory.</p> +<p><b><font size="4">Rationale:<br /></font></b> The product should have all of the production test and calibration software used during manufacture erased, removed or secured before the product is dispatched from the factory. This is to prevent alteration of the product post manufacture when using authorized production software, for example, hacking of the RF characteristics for greater RF <span class="caps">ERP</span>. Where such functionality is required in a service center, it should be erased or removed upon completion of any servicing activities.</p> +<p><b><font size="4">Remediation:<br /></font></b> Erase, remove or secure all the production test and calibration software used during manufacture, before the product is dispatched from the factory.</p> + + + + + + + + + + + + + + + + + + + + + + + <div> + All the related servers and network elements prevent anonymous/guest access except for read only access to public information. +</div> +<div> + <br> +</div> +<div> + <b> Rationale: </b> +</div> +<div> + Read only access must be granted only for public information, so servers and network elements have to prevent all anonymous/guest access in order to prevent a potential theft or disclosure of sensitive information. +</div> +<div> + <br> +</div> +<div> + <b> Remediation: </b> +</div> +<div> + Ensure that all the related servers and network elements prevent anonymous/guest access except for read only access to public information. +</div> +<div> + <br> +</div> + + + + + + + + + + When you have identified an application interface, for example a Cisco router web interface or a WebLogic administrator portal, check that the known usernames and passwords for these devices do not result in successful authentication. To do this you can consult the manufacturer's documentation or, even simpler, you can find common credentials using a search engine or one of the sites or tools listed in the Reference section. + + + + + + + + + + + + + + + + + + + <div> + All the related servers and network elements store any passwords using a cryptographic implementation using industry standard cryptographic algorithms. +</div> +<div> + <br> +</div> +<div> + <b> Rationale: </b> +</div> +<div> + Passwords must be securely stored using only strong and approved cryptographic algorithms. +</div> +<div> + <br> +</div> +<div> + <b> Remediation: </b> +</div> +<div> + Ensure that the product securely stores any passwords using an industry standard cryptographic algorithm. For example, see FIPS 140 or OWASP Password Storage Cheat Sheet. +</div> +<div> + <br> +</div> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <div> + All the related servers and network elements support access control measures to restrict access to sensitive information or system processes to privileged accounts. +</div> +<div> + <br> +</div> +<div> + <b> Rationale: </b> +</div> +<div> + Sensitive information or system processes must be protected by means of access control measures implemented on servers and network elements. It is very important that users, devices, and systems be verified, authenticated and authorized before access to such critical data is granted, in order to prevent a potential theft or disclosure of sensitive information or system processes. +</div> +<div> + <br> +</div> +<div> + <b> Remediation: </b> +</div> +<div> + Ensure that all the related servers and network elements support access control measures. +</div> +<div> + <br> +</div> + + + + + + + + + + + <div> + <b>Testing for role/privilege manipulation</b> +</div> +<div> + In every portion of the application where a user can create information in the database (e.g., making a payment, adding a contact, or sending a message), receive information (account statement, order details, etc.), or delete information (drop users, messages, etc.), it is necessary to record this functionality. The tester should try to access such functions as a different user in order to check if it is possible to access a function that should not be permitted for the user's role/privilege (but might be permitted as another user).&nbsp; +</div> + + + + + + + + + + + + + + + + + + + <div> + Any product related web servers have their webserver identification options (e.g. Apache or Linux) switched off. +</div> +<div> + <br> +</div> +<div> + <b>Rationale:</b> +</div> +<div> + When a web server is showing the world its type and possibly its version number, it allows attackers to launch targeted attacks against this specific web server and version. In addition, if the version of the web server is known to be vulnerable to a specific exploit, an attacker would just need to use the exploit as part of their attack. +</div> +<div> + <br> +</div> +<div> + <b>Remediation:</b> +</div> +<div> + Switch off the webserver identification options.&nbsp; +</div> +<div> + For example, to limit the information provided by an Apache server, modify the /etc/httpd/conf/httpd.conf file and change the following two lines: +</div> +<div> + <br> +</div> +<div> + ServerSignature Off +</div> +<div> + ServerTokens Prod +</div> +<div> + <br> +</div> +<div> + Save the file, exit, and restart your Apache web server. +</div> +<div> + <br> +</div> + + + + + + + + + + + + + + + + + + <div> + Check what information the web sever is currently revealing. +</div> +<div> + For example, for an Apache server run: +</div> +<div> + <br> +</div> +<div> + curl --head localhost +</div> +<div> + <br> +</div> +<div> + If you receive a response with a line similar to: +</div> +<div> + <br> +</div> +<div> + Server: Apache/2.2.15 (CentOS) +</div> +<div> + <br> +</div> +<div> + Then the web server is revealing too much information and should be reconfigured so that the output is: +</div> +<div> + <br> +</div> +<div> + Server: Apache +</div> + + + + + + + + + + + + + + + + + + + <p>If the product has any virtual port(s) that are not required for normal operation, they are only allowed to communicate with authorized and authenticated entities or are securely disabled when shipped.</p> +<p> Where a port is used for field diagnostics, the port input commands are deactivated and the output provides no information which could compromise the device, such as credentials, memory addresses or function names. </p> +<p><b><font size="4">Rationale:<br /></font></b> One of the most important principles in information security is to reduce the attack surface. Open ports are not always a security risk. For example, a web server has to have 80 or 443 open, or otherwise users will not be able to connect to use the web server. Thus, taking into account that every open port increases the attack surface, any product's port(s) that are not required for normal operation should be restricted or disabled.</p> +<p><b><font size="4">Remediation:<br /></font></b> Restrict or disable any port(s) that are not required for normal operation.</p> +<p> Deactivate port input for port(s) that are used for field diagnostics and ensure their output provides no information which could compromise the device.</p> + + + + + + + + + + <p>Checking for Insecure Network Services includes:</p> +<p></p> +<ol> + <li>Determining if insecure network services exist by reviewing your device for open ports using a port scanner.</li> + <li>As open ports are identified, each can be tested using any number of automated tools that look for DoS vulnerabilities, vulnerabilities related to <span class="caps">UDP</span> services and vulnerabilities related to buffer overflow and fuzzing attacks.</li> + <li>Reviewing network ports to ensure they are absolutely necessary and if there are any ports being exposed to the internet using UPnP.</li> +</ol> +<p></p> + + + + + + + + + + + + + + + + + <p>A number of attacks rely on brute-force techniques to send large volumes of requests to enumerate or attempt to exploit flaws in an application, for example, sending common passwords to multiple target accounts within an application. By profiling normal traffic volumes, and applying rate limiting, the application can be built to actively mitigate such attacks.&nbsp;</p><ul><li>Connection rate-limiting based on the source IP address can be used to restrict attacks against the authentication or registration systems. Multiple failures (or attempts) from a single IP should result in temporarily blocking or dropping traffic from the source. Note however that some corporate and ISP environments may place multiple valid and discrete clients behind the same IP address, resulting in false-positives.</li><li>Attackers may use botnets and other IP masking techniques to deliver attacks to avoid IP based rate-limiting. To mitigate this class of attack, Indicators of Compromise should be monitored (for example a higher rate of login failures than usual), and appropriate actions taken. For example, when the application detects active brute-force attacks, a Web Application Firewall (WAF) or other intermediate devices could be used to block attacks sharing a signature from pattern matching or deep packet inspection (e.g. HTTP headers or common passwords across multiple accounts). Similarly, the application could respond by requiring a CAPTCHA, cookie, or Javascript challenge when an attack is detected.</li></ul><p><strong>Remediation:&nbsp;</strong></p><p>Implement the mechanisms to lockout accounts:&nbsp;</p><ul><li>When the application detects a set number of failure login attempts, the account shall be locked for a certain time period. This period shall be increased as per each new failed attempt up to an hour as maximum.</li><li>When the application detects an account is locked more times than usual, this account should be disabled (no more than 100 failure attempts). A disabled account should only be restored by an administrator.</li><li>When the application detects active brute-force attacks, the application shall require a CAPTCHA, cookie, or JavaScript challenge before attempting authentication.</li><li>Only accept those authentication requests that come from a white list of IP addresses from which the user has been successfully authenticated before.</li><li>If the user successfully authenticates, the previous failed attempts shall be reset for that user from the same IP address.</li></ul><p>For API rate limiting there are several methods that can be applied:</p><ul><li>Throttling: based on certain rules a request can be slowed down considerably to allow other requests to be served first</li><li>Request queues: limit the number of request in a given period of time (e.g. five requests per second)</li><li>Token bucket: commonly used in public APIs, each user has a number of tokens to call the API. After all tokens have been used the user has to wait until the number of tokens are renewed</li><li>Fixed window: requests that exceed a fixed limit in a period of time will be blocked temporarily</li><li>Leaky bucket: requests are put in a FIFO queue and will be served accordingly</li><li>Sliding log: a time-stamped log is used to identify user actions, so the rate limit can be applied for a specified user to avoid more than X actions in a period of time</li><li>Sliding window: combination of fixed window and sliding log</li></ul><p>From a user perspective, implementing timeouts and calling paginated endpoints can reduce the impact of having a very large response that can freeze the system.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Use tools like THC-Hydra, OWASP ZAP or Burp Suite to simulate brute force attacks against the login function.&nbsp;</p><ul><li>Perform a simulation of the attack against the login function.</li><li>Verify the function is blocked for your source after n attempts.</li><li>Verify there is a log alerting function for an unusual amount of failed login attempts, even if they originated from different sources.</li></ul> + + + + + + + + + + + + + + + + + <div> + Input data validation should be maintained in accordance with industry practiced methods. +</div> +<div> + <br> +</div> +<div> + <b> Rationale: </b> +</div> +<div> + The failure to properly validate inputs is one of the most common software security weaknesses, specifically for web applications. This weakness leads to almost all of the major vulnerabilities in applications, such as cross site scripting, SQL injection, interpreter injection, locale/Unicode attacks, file system attacks and buffer overflows. Input data should never be trusted, and therefore software should ensure that input data is strongly typed, has correct syntax, and that it is within length boundaries and contains only permitted characters or that numbers are correctly signed and within range boundaries. +</div> +<div> + <br> +</div> +<div> + <b> Remediation: </b> +</div> +<div> + Ensure that input data validation is maintained in accordance with industry practiced methods as per NIST Special Publication 800-53 SI-10 (please see reference URL). +</div> +<div> + <br> +</div> + + + + + + + + + + + + + <div> + <b>Test</b> +</div> +<div> + Ensure that all areas that accept user data properly handle unexpected data such as: +</div> +<div> + <ul> + <li>special characters (examples: &lt; &gt; $ % &amp;)</li> + <li>values other than the default items (e.g. letters if the URL argument is normally a number)</li> + </ul> +</div> +<div> + <br> +</div> +<div> + <b>Testing Scope</b> +</div> +<div> + &nbsp; &nbsp; Input Form Fields +</div> +<div> + &nbsp; &nbsp; Hidden Variables +</div> +<div> + &nbsp; &nbsp; URL Parameters +</div> +<div> + <br> +</div> +<div> + <b>Desired System Behavior</b> +</div> +<div> + Whenever unexpected data is received by the application, the application will gracefully handle the situation and not return a stack trace or display detailed system information to the user. +</div> +<div> + <br> +</div> +<div> + Invalid form data should result in a message shown to the user explaining how to complete the form correctly. Unexpected data in hidden fields or the URL should result in more generic messages such as: +</div> +<div> + <br> +</div> +<div> + <i>&nbsp;The requested operation could not be performed.</i> +</div> +<div> + <br> +</div> + + + + + + + + + + + + + + + + + + + + <p>Memory locations used to store sensitive material (e.g. cryptographic keys, passwords/passphrases, etc.) are sanitized as soon as possible after they are no longer needed. These can include, but are not limited to, locations on the heap, the stack, and statically-allocated storage.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Only cryptographically strong ciphers should be used. Best-practice dictates that a subset of 'known good' ciphers and protocols must be defined and enforced on the server. &nbsp;This may, however, cause compatibility issues with older browsers, requiring a balance between accessibility and security.&nbsp;</p> +<ul> + <li>Define and enforce a list of acceptable ciphers and protocols. Disable SSLv3 and earlier protocols on the service.</li> + <li>Ideally, only TLSv1.2 and newer versions should be supported.</li> + <li>If TLSv1.1 or 1.0 are required, known secure configurations and ciphers should be selected.</li> + <li>SSLv3.0 and earlier should not be used.</li> +</ul> + + + + + + + + + + + + + + + + + + + + + <ol> + <li>Use automated tools to identify all of the SSL/TLS protocols supported by the + service.</li> + <li>Verify that TLSv1.2 is supported.</li> + </ol>Some of the tools that can perform these tests are: + <ul> + <li><a href="https://www.continuumsecurity.net/bdd-security/">BDD-Security</a></li> + <li><a href="https://www.ssllabs.com/">SSLabs</a></li> + <li><a href="https://github.com/mozilla/cipherscan">cipherscan</a></li> + </ul> + + + + + + + + + + + + + + + + + + <p>Only cryptographically strong ciphers should be used. Best-practice dictates that a subset of ' <i>known good</i>' ciphers and protocols must be defined and enforced on the server. &nbsp;This may, however, cause compatibility issues with older browsers, requiring a balance between accessibility and security.&nbsp;</p> +<ul> + <li>Define and enforce a list of acceptable ciphers and protocols.</li> + <li>Explicitly disable known-bad ciphers and protocols, such as: + <ul> + <li>Null and export ciphers.</li> + <li>DH, MD5 and other weak cryptography.</li> + <li>Ciphers with keys smaller than 128 bits.</li> + <li>CBC ciphers with TLSv1.0 or earlier.</li> + </ul></li> +</ul> + + + + + + + + + + + + + + + + + + <ol> + <li>Use automated tools to identify all the SSL/TLS protocols supported by the + service.</li> + <li>Verify that cryptographically weak (also known as &quot;export&quot; + class) ciphers are not supported.</li> + <ol> + <br /> + </ol> + </ol>Some of the tools that can perform these tests are: + <br /> + <ol> + <ul> + <li><a href="https://www.continuumsecurity.net/bdd-security/" rel="nofollow">BDD-Security</a></li> + <li><a href="https://www.ssllabs.com/" rel="nofollow">SSLabs</a></li> + <li><a href="https://github.com/mozilla/cipherscan" rel="nofollow">cipherscan</a></li> + </ul> + </ol> + + + + + + + + + + + + + + + + + + + + <p><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;">Passwords used either as a sole verification credentials, or as part of a multi-factor authentication, are a key aspect of application security, and strong password selection should be encouraged and enforced. The application should allow flexibility in user password selection, and enforce minimum criteria for password quality. This should include:</span></p> +<ul> + <li>Minimum password length requirements, to mitigate brute-force and dictionary attacks.</li> + <li>Encourage use of pass-phrases using multiple words, achieving longer passwords more resistant to attack.</li> + <li>Enforce use of mixed case, numeric and/or special characters to increase complexity.</li> + <li>Prevent or discourage use of dictionary words and common passwords through black-lists. For example, a set of commonly used passwords can be found on SecLists at <a href="https://github.com/danielmiessler/SecLists/tree/master/Passwords">https://github.com/danielmiessler/SecLists/tree/master/Passwords&nbsp;</a></li> +</ul> +<p><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;"><b>Password length:</b></span></p> +<p><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;">Password length considers the minimum and maximum length of characters comprising the password of your users. For ease of changing this length, its implementation can be configurable possibly using a properties file or xml configuration file.</span></p> +<ul> + <li><b>Minimum length. </b></li> + <ul> + <li>Memory secrets shall be at least 8 characters long. </li> + <li>Memory secrets generated automatically shall be at least 6 numeric characters.</li> + </ul> + <li><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;"><b>Maximum length. </b>People tend to forget their passwords easily. The longer the password, the more likely people are to enter them incorrectly for the system. However, long pass-phrases can be easily remembered, and should not be prevented through unnecessarily strict upper restrictions on length. </span><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;">Passwords with 64 characters or longer shall be permitted.&nbsp;</span></li> +</ul> +<b> + <ul> + </ul><p><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;">Password Complexity:</span></p></b> +<ul> + <ul> + </ul> + <li>Passwords with consecutive multiple spaces shall be coalesced and converter into only one space. After this modification, the password length shall be at least 12 characters long.</li> + <li>Unicode characters shall be allowed in the password. A single Unicode code point is considered a character.</li> + <li>Reject those passwords whose are commonly used and they have been already been leaked in a previous compromise. You may choose to block the top 1000 or 10000 most common passwords which meet the above length requirements and are found in compromised password lists. The following link contains the most commonly found passwords: <a href="https://github.com/danielmiessler/SecLists/tree/master/Passwords">https://github.com/danielmiessler/SecLists/tree/master/Passwords</a></li> + <li>Actual passwords must not be stored, to protect them against brute forcing if the database is compromised Screen reader support enabled.</li> +</ul> +<ul> +</ul> +<p><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;"><b>Password Topologies:</b></span></p> +<ul> + <li>Ban commonly used password topologies.</li> + <li>Force multiple users to use different password topologies.</li> + <li>Require a minimum topology change between old and new passwords.</li> +</ul> +<p><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;"><b>Additional Information:</b></span></p> +<ul> + <li>Make sure that every character the user types in is actually included in the password. We've seen systems that truncate the password at a length shorter than what the user provided (e.g., truncated at 15 characters when they entered 20).</li> + <li>As application's require more complex password policies, they need to be very clear about what these policies are. The required policy needs to be explicitly stated on the password change page</li> + <li>If the new password doesn't comply with the complexity policy, the error message should describe EVERY complexity rule that the new password does not comply with, not just the 1st rule it doesn't comply with.</li> +</ul> +<ul> +</ul> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <ol> + <li>Verify the passwords comply with the company policy for strong passwords.</li> + <li>If there is no policy, check the strength against industry standards as NIST or OWASP.</li> +</ol>An example of strong password policy (&nbsp; +<a href="https://www.owasp.org/index.php/Authentication_Cheat_Sheet#Implement_Proper_Password_Strength_Controls">from the OWASP Authentication Cheat Sheet</a>) is: Password must meet at least 3 out of the following 4 complexity rules: +<ul> + <li>at least 1 uppercase character (A-Z)</li> + <li>at least 1 lowercase character (a-z)</li> + <li>at least 1 digit (0-9)</li> + <li>at least 1 special character (punctuation). Do not forget to treat space as special characters too</li> + <li>at least 10 characters</li> + <li>at most 128 characters</li> +</ul>not more than 2 identical characters in a row (e.g., 111 not allowed). + + + + + + + + + + + + + + + + + <p>Where remote software upgrade can be supported by the device, the software images are digitally signed by the organization's approved signing authority.</p> +<p><b><font size="4">Rationale:<br /></font></b> Code signing is the process of using a certificate-based digital signature to sign executables and scripts in order to confirm the software author and ensure that the code has not been altered or corrupted since it was signed. A Certificate authority (CA) acts as a trusted third party, trusted both by the software author and by the device to verify the entity's identity.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that, for remote software upgrades, the software images are digitally signed by the organization's approved signing authority.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>If remote software upgrades are supported by a device, software images should be encrypted whilst being transferred to it.</p> +<p><b><font size="4">Rationale:<br /></font></b> Data transmitted over a public network can be intercepted by unauthorized parties. A secure file transfer adds security features to the transmission by encrypting the file to preserve its confidentiality and integrity. This prevents eavesdroppers on the networks between the systems from accessing the file contents and reading or modifying them, necessitating the use of encryption for software images that are used for remote software upgrades.</p> +<p><b><font size="4">Remediation:<br /></font></b> Utilize encrypted protocols wherever possible to protect all data in transit. Where protocol encryption is not possible, consider encrypting data before the transfer.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Where the device software communicates with a product related webserver or application over <span class="caps">TCP</span>/IP or <span class="caps">UDP</span>/IP, the device software uses certificate pinning or public/private key equivalent, where appropriate.</p> +<p><b><font size="4">Rationale:<br /></font></b> Secure connections are a cornerstone for client/server communication. Users, developers, and applications expect end-to-end security for their secure channels, but some secure channels are not meeting this expectation. Specifically, channels built using well known protocols can be vulnerable to a number of attacks. For example, traditional certificate validation protects against many types of man-in-the-middle (<span class="caps">MITM</span>) attacks, but it doesn't prevent all of them.</p> +<p>Certificate pinning can still prevent the interception of a program's network traffic. Pinning is the process of associating a host with their expected X509 certificate or public key, which can be added to an application during development, or it can be added upon first encountering the certificate or public key.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the device software uses certificate pinning or a public/private key equivalent for <span class="caps">TCP</span>/IP or <span class="caps">UDP</span>/IP connections.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <span><p><span style="font-size: 11pt; font-family: Arial; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">To protect user passwords from accidental or deliberate exposure, the application should store cryptographic hashes of passwords instead of the actual passwords.</span></p> + <ul> + <li><p><span style="font-size: 11pt; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">Do not store actual passwords in the data storage for verification during login.</span></p></li> + <li><p><span style="font-size: 11pt; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">Instead, create a cryptographic hash of the password using a strong hash function that includes a work factor and a built in 'salt' value, like bcrypt or scrypt. This reduces the risk of brute-force attacks and rainbow tables, and allows flexibility to adapt the hashing function to balance security and performance. Establish some restrictions, depending on the used function:</span></p></li> + <ul> + <li><p><span style="font-size: 11pt; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">The salt length must be at least 32 bits.</span></p></li> + <li><p><span style="font-size: 11pt; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">If bcrypt is used, the work factor must be as large as verification server performance allows, typically at least 13.</span></p></li> + <li><p><span style="font-size: 11pt; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">If we use the PBKDF2, the iteration count shall be as large as verification server performance allows, and it will typically allow at least 100,000 iterations.</span></p></li> + </ul> + <li><p><span style="font-size: 11pt; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">Alternatively, use a strong hash function like SHA-384 together with a unique 'salt' value for every account.&nbsp; Apply multiple iterations of the hash to create the additional computational work required to mitigate brute-force attacks. The secret 'salt' value must be stored separately from the hashed passwords.</span></p></li> + </ul></span> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <span> + <ol> + <li><span><span style="font-size: 11pt; white-space: pre-wrap; font-family: Arial;">Review the mechanism for matching credentials from the client-side to stored credentials for a user.&nbsp;</span></span></li> + </ol> + <ul> + <ul> + <li><span>Best practices dictate that the system should match a strong salted hash (SHA256 or greater and a unique hash for each account) to the one stored at the time the password was set.</span></li> + <li>For example, it is recommended to use a system salt of 32 bits or more, a keyed HMAC hash using <span style="font-family: Arial; font-size: 11pt; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">SHA-2 or SHA-3,</span><span style="font-family: Arial; font-size: 11pt; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;"> and the stretching algorithm PBKDF2 with at least 10,000 iterations.</span></li> + </ul> + </ul> + <ol> + <li><span><span style="font-size: 11pt; white-space: pre-wrap; font-family: Arial;">Confirm the stored credential is not a clear-text password</span></span></li> + <li><span><span style="font-size: 11pt; white-space: pre-wrap; font-family: Arial;">Confirm the stored credential is not an encrypted password which may be recovered (decrypted) at the server- or client- side.</span></span></li> + <li><span><span style="font-size: 11pt; white-space: pre-wrap; font-family: Arial;">Confirm that the hashing algorithm in use is cryptographically secure (e.g. is not SHA1/MD5 or a flawed algorithm).</span></span></li> + <li><span><span style="font-size: 11pt; white-space: pre-wrap; font-family: Arial;">Confirm that the hash is created from the password together with a unique salt value for the user. This prevents the use of rainbow tables, or the identification of password collisions among users.</span></span></li> + <li><span><span style="font-size: 11pt; white-space: pre-wrap; font-family: Arial;">Consider using an algorithm with a configurable work factor, set to a high value to inhibit attacks.</span></span></li> + </ol></span> +<span></span> + + + + + + + + + + + + + + + + + <p>Support for partially downloading updates is provided for devices whose network access is limited or sporadic.</p> +<p><b><font size="4">Rationale:<br /></font></b> Software updates perform numerous tasks and they are available for both the Operating System and individual software programs. Updates can apply a wide range of revisions to a system, adding new features, removing outdated features, updating drivers, fixing bugs, and most importantly, fixing security holes. For this reason, support for partially downloading updates may be provided for devices whose network access is limited or sporadic.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that software provides support for partially downloading updates.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Support for partially installing updates is provided for devices whose on-time is insufficient for the complete installation of a whole update.</p> +<p><b><font size="4">Rationale:<br /></font></b> Software updates perform numerous tasks and they are available for both the Operating System and individual software programs. Updates can apply a wide range of revisions into a system, adding new features, removing outdated features, updating drivers, fixing bugs, and most importantly, fixing security holes. For this reason, support for partially installing updates may be provided for devices whose on-time is insufficient for the complete installation of a whole update.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that software provides support for partially installing updates.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + <div> + The maximum permissible number of consecutive failed user account login attempts follows the recommendations of 3GPP TS33.117. +</div> +<div> + <br> +</div> +<div> + <b>Rationale:</b> +</div> +<div> + If web services allow users to enter passwords as many times as they want, an attacker may try to exploit this by using scripts that enter different combinations until the password cracks. To prevent this, the number of failed login attempts per user should be limited, for example, to 5 failed attempts, locking the user out as a result. +</div> +<div> + <br> +</div> +<div> + <b>Remediation:</b> +</div> +<div> + Ensure that the maximum permissible number of consecutive failed user account login attempts follows the recommendations of 3GPP TS33.117. +</div> + + + + + + + + + + + + + + + + + + + + + Refer to the following test case in the 3GPP TS 33.117 document:&nbsp;&nbsp; +<div> + Test Name: TC_FAILED_LOGIN_ATTEMPTS&nbsp; +</div> + + + + + + + + + + + + + + + + + + + <p>The product allows an authorized factory reset of the device's authorization information.</p> +<p><b><font size="4">Rationale:<br /></font></b> The devices are often authorized to an account, based on license agreements with service providers. The device should have the option to be deauthorized and reset in case the user no longer wants to use it or if the user wants to authorize the device to another account.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the product allows an authorized factory reset of the device's authorization information.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>The product allows the factory issued or <span class="caps">OEM</span> login accounts to be disabled, erased or renamed.</p> +<p><b><font size="4">Rationale:<br /></font></b> The factory issued or <span class="caps">OEM</span> login accounts should be disabled, erased or renamed. This is to avoid the type of attacks where factory default logins and passwords are published on the web, which allows attackers to mount very simple scanning and dictionary attacks on devices.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the product allows the factory issued or <span class="caps">OEM</span> login accounts to be disabled, erased or renamed when installed or commissioned.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>The product has protection against reverting the software to an earlier and potentially less secure version.</p> +<p><b><font size="4">Rationale:<br /></font></b> Software updates perform numerous tasks and they are available for both Operating System and individual software programs. Updates can apply a wide range of revisions into a system such as adding new features, removing outdated features, updating drivers, fixing bugs, and most importantly, fixing security holes. For this reason, the product should have protection to prevent software reverting to an earlier, out-of-date and probably insecure version.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the product has mechanisms against software reverting.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>The product only allows controlled user account access. Access using anonymous or guest user accounts is not supported without justification.</p> +<p><b><font size="4">Rationale:<br /></font></b> Product should not allow any unjustified anonymous or guest access in order to prevent potential theft or disclosure of sensitive information, therefore only controlled user account access should be permitted.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the product only allows controlled user account access and access using anonymous or guest user accounts is not supported without justification.</p> + + + + + + + + + + + <p>The best way to find out if an application has failed to properly restrict function level access is to verify every application function:</p> +<p></p> +<ol> + <li>Does the UI show navigation to unauthorized functions?</li> + <li>Are server side authentication or authorization checks missing?</li> + <li>Are server side checks done that solely rely on information provided by the attacker?</li> +</ol> +<p></p> +<p>Using a proxy, browse your application with a privileged role. Then revisit restricted pages using a less privileged role. If the server responses are alike, you're probably vulnerable. Some testing proxies directly support this type of analysis.</p> +<p>You can also check the access control implementation in the code. Try following a single privileged request through the code and verifying the authorization pattern. Then search the codebase to find where that pattern is not being followed.</p> +<p> Automated tools are unlikely to find these problems.</p> + + + + + + + + + + + + + + + + + <div> + The product related web servers have repeated renegotiation of TLS connections disabled. +</div> +<div> + <br> +</div> +<div> + <b> Rationale: </b> +</div> +<div> + Generally, a TLS renegotiation is a process that allows changing the details of a handshake after a connection is made with the server and it occurs when the session expires on either side and data continues to be sent. This means either that the session has simply expired due to timeout, or that a peer wants to change the cipher suite or wants to request a peer certificate and hasn't done so yet.&nbsp; +</div> +<div> + In the case of web services, the server encrypts traffic using TLS, but allows a client to renegotiate the connection after the initial handshake. If the server does not&nbsp; limit the number of renegotiations for a single TLS connection, then a client may open several simultaneous connections and repeatedly renegotiate them, which may exhaust the server's resources and lead to a Denial of Service (DoS) condition. +</div> +<div> + <br> +</div> +<div> + <b> Remediation: </b> +</div> +<div> + Ensure that web servers have repeated renegotiation of TLS connections disabled. +</div> +<div> + <br> +</div> + + + + + + + + + + + + + + + + + + + + + <div> + The following example demonstrates how to check if client-initiated renegotiation is supported. +</div> +<div> + <br> +</div> +<div> + openssl s_client -connect example.com:443 +</div> +<div> + <br> +</div> +<div> + Once the connection is established, the server will wait for us to type the next command. We can write the following two lines in order to initiate a renegotiation by specifying R in the second line, followed by enter or return. +</div> +<div> + <br> +</div> +<div> + openssl s_client -connect host:port +</div> +<div> + HEAD / HTTP/1.0 +</div> +<div> + R +</div> +<div> + &lt;Enter or Return key&gt; +</div> +<div> + <br> +</div> +<div> + A system that does not support client-initiated renegotiation will return an error and end the connection or the connection will time out. +</div> +<div> + <br> +</div> +<div> + RENEGOTIATING +</div> +<div> + write:errno=104 +</div> +<div> + <br> +</div> +<div> + A system that supports client-initiated renegotiation will keep the connection active and respond to further commands.&nbsp; +</div> + + + + + + + + + + + + + + + + + + + <p>Password entry follows industry standard practice such recommendations of the 3GPP TS33.117 Password policy. [ref. 1] or <span class="caps">NIST</span> SP800-63b [ref. 2] or <span class="caps">NCSC</span> [Ref 3] on password length, characters from the groupings and special characters.</p> +<p><b><font size="4">Rationale:<br /></font></b> A key concern when using passwords for authentication is password strength. A "strong" password policy makes it difficult or even improbable for one to guess the password through either manual or automated means. The main characteristics that define a strong password are length, complexity and topology (the pattern that a password is written).</p> +<p>Passwords should not be vulnerable to dictionary attack, which is a type of brute force attack technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary. </p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the product/system enforces passwords to be compliant with 3GPP TS33.117 or similar (<span class="caps">NIST</span> SP800-63b [ref. 2] or <span class="caps">NCSC</span> [Ref 3]) recommendations to include: At least eight characters in length, characters from the groupings: alpha, numeric and special characters and should not be vulnerable to dictionary attack.</p> + + + + + + + + + + + + + <p>Please see reference [3] for <span class="caps">OWASP</span> testing methodology link.</p> + + + + + + + + + + + + + + + + + <p>The product will not allow new passwords containing the user account name with which the user account is associated.</p> +<p><b><font size="4">Rationale:<br /></font></b> Weak passwords are a serious threat to computer security, and specifically the guessable ones should be forbidden through organizational policy and suitable technical measures. Using the user account name as password or part of a password is completely insecure and makes a brute-force attack against the login interface much easier.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the product does not allow new passwords containing the user account name with which the user account is associated.</p> + + + + + + + + + + + + <p>Please see reference [2] for <span class="caps">OWASP</span> testing methodology link.</p> + + + + + + + + + + + + + + + + + <div> + The related servers have unused IP ports disabled. +</div> +<div> + <br> +</div> +<div> + <b> Rationale: </b> +</div> +<div> + One of the most important principles in information security is to reduce the attack surface. Open ports are not always a security risk. For example, a web server has to have ports 80 or 443 open, or otherwise users will not be able to connect to use the web server. However, taking into account that every open port increases the attack surface, any related servers' port(s) that are not used should be disabled. +</div> +<div> + <br> +</div> +<div> + <b> Remediation: </b> +</div> +<div> + Disable the servers' unused IP ports.&nbsp; +</div> + + + + + + + + + + + <div> + For example, the following command will look up, with a TCP connect scan, all open ports on IP 192.168.1.100 and will try to determine what services are bound to them: +</div> +<div> + <br> +</div> +<div> + nmap -PN -sT -sV -p0-65535 192.168.1.100 +</div> +<div> + <br> +</div> + + + + + + + + + + + + + + + + + + + <p>The software has been designed to meet the safety requirements identified in the risk assessment, i.e. in the case of unexpected invalid inputs, or erroneous software operations, the product does not become dangerous or compromise the security of other connected systems.</p> +<p><b><font size="4">Rationale:<br /></font></b> Software is expected to fail, but when it does it has to be in a safe way and security controls and settings must remain in effect. The confidentiality and integrity of a system should remain intact even if availability has been lost. Attackers must not be permitted to gain access rights to privileged objects during a failure when those objects are normally inaccessible. Upon failing, a system that reveals sensitive information about the failure to potential attackers could supply additional knowledge to launch an attack.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that software has been designed to fail safely. This typically involves several things:<br /></p> +<ul> + <li>Secure defaults (default is to deny access).</li> + <li>Upon failure, undo changes and restore a secure state.</li> + <li>Always check return values for failure.</li> + <li>In conditional code/filters make sure that there is a default case that does the right thing.</li> +</ul> +<p></p> + + + + + + + + + + + + + + + + + + + + + + + + + + + <div> + All the product related web servers' TLS certificate(s) are signed by trusted Certificate Authorities, are within their validity period and processes are in place for their renewal. +</div> +<div> + <br> +</div> +<div> + <b>Rationale:</b> +</div> +<div> + The server validation component of TLS provides authentication between the server and the client via digital certificates. These certificates commonly include: +</div> +<div> + - Issuer: The entity that verified the information and issued the certificate (Certificate Authority). +</div> +<div> + - Valid to: The expiration date after which the certificate is no longer valid. +</div> +<div> + - Signature algorithm: The algorithm used to create the signature (keys) and prove its integrity. +</div> +<div> + As mentioned above, the Certificate Authority (CA) is an entity that issues digital certificates and acts as a trusted third party, trusted both by the client and by the server, and which verifies the server's identity. Therefore, all web server certificates must be signed by a trusted Certificate Authority. +</div> +<div> + Expired or untrusted certificates that users usually ignore are an issue, as they are taken advantage of by attackers to expose users to DNS spoofing or Man-in-the-middle attacks. +</div> +<div> + <br> +</div> +<div> + <b>Remediation:</b> +</div> +<div> + Ensure that the web servers' TLS certificates are signed by trusted certificate authorities, their validity period has not elapsed, and that processes are in place for their renewal. +</div> +<div> + <br> +</div> + + + + + + + + + + + + <div> + Using OpenSSL, we can gather the server and intermediate certificates sent by a server using the following command: +</div> +<div> + <br> +</div> +<div> + openssl s_client -showcerts -connect example.com:443 +</div> + + + + + + + + + + + + + + + + + + + <p>When a device cannot verify the authenticity of updates itself, it should be possible to revert to the last known good configuration which was stored on the device before the update was attempted.</p> +<p><b><font size="4">Rationale:<br /></font></b> To implement certain control capabilities into a system, you'll want to remotely reset the device so as to achieve a known-good state and recover from errors and implement new configuration changes. You may also want to be able to reset the device to a factory default configuration, which is useful when you want to decommission a device or as a more invasive way to recover from unknown error conditions.</p> +<p>Lastly, issuing a command to update or reload firmware is very important in order maintain security of the remote device, implement feature enhancements, and patch bugs.</p> +<p><b><font size="4">Remediation:<br /></font></b> When a device cannot verify authenticity of updates itself, it should be possible to revert to the last known good configuration which was stored on the device before the update was attempted.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Where a device cannot verify the authenticity of updates itself (e.g. due to a lack of cryptographic capabilities), only local update by a physically present user is permitted.</p> +<p><b><font size="4">Rationale:<br /></font></b> Code signing is the process of using a certificate-based digital signature to sign executables and scripts in order to confirm the software author and ensure that the code has not been altered or corrupted since it was signed. This process is used for remote updates too, where devices can verify the signature to confirm that the package is authentic and complete. For this reason, if a device cannot verify the authenticity of updates itself, only local updates should be permitted.</p> +<p><b><font size="4">Remediation:<br /></font></b> If the device cannot verify the authenticity of updates, permit local updates only.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <div> + Where a Product or Service includes any safety-critical or life-impacting functionality, the service's infrastructure shall incorporate protection against Distributed Denial of Service (DDoS) attacks. +</div> +<div> + <br> +</div> +<div> + <b> Rationale: </b> +</div> +<div> + The Denial of Service (DoS) attack focuses on making a resource (site, application, server, etc.) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. If a service receives a very large number of requests, it may stop being available to legitimate users. In the same way, a service may stop if a programming vulnerability is exploited, or the way the service handles the resources it uses. +</div> +<div> + Distributed Denial of Service (DDoS) attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. The exploited machines can include computers and other networked resources such as IoT devices.&nbsp; +</div> +<div> + <br> +</div> +<div> + <b> Remediation: </b> +</div> +<div> + Ensure that the services' infrastructure incorporates protection against Distributed Denial of Service (DDoS) attacks, such as dropping of traffic or sink-holing (please see NIST 800-53 SC-5, reference URL [1]). +</div> +<div> + <br> +</div> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <div> + Where a Product or Service includes any safety-critical or life-impacting functionality, the services' infrastructure must incorporate redundancy to ensure service continuity and availability. +</div> +<div> + <br> +</div> +<div> + <b> Rationale: </b> +</div> +<div> + Since Web Services are susceptible to Denial of Service (DoS) attacks, it is important to replicate data and applications in a robust manner. Replication and redundancy can ensure access to critical data in the event of a failure. It will also enable the system to react in a coordinated way to deal with disruptions. Therefore, Web Services must be designed to include redundancy of critical functions, ensuring diversity among those critical functions implemented.&nbsp; +</div> +<div> + <br> +</div> +<div> + <b> Remediation: </b> +</div> +<div> + Ensure that, where a Product or Service includes a safety-critical or life-impacting functionality, the services' infrastructure incorporates redundancy to ensure service continuity and availability. +</div> +<div> + <br> +</div> + + + + + + + + + + + + + + + + + + + + + + + + + + + + <div> + Where a product related to a webserver encrypts communications using TLS and requests a client certificate, the server(s) only establishes a connection if the client certificate and its chain of trust are valid. +</div> +<div> + <br> +</div> +<div> + <b> Rationale: </b> +</div> +<div> + In a traditional TLS handshake, the client authenticates the server, and the server doesn't know too much about the client. TLS Client Authentication is useful in cases where a server is keeping track of its numerous clients, as in IoT with millions of installs exchanging secure information. For example, an IoT company can issue a unique client certificate per device, and then limit the connections to their IoT infrastructure to only their devices by blocking connections where the client doesn't present a certificate signed by the company's Certificate Authority (CA). +</div> +<div> + <br> +</div> +<div> + <b> Remediation: </b> +</div> +<div> + Ensure that, where a TLS client certificate is requested, the server(s) only establishes a connection if the client certificate and its chain of trust are valid. +</div> +<div> + <br> +</div> + + + + + + + + + + + + Check that only users whose certificates are signed by the trusted certificate authority can successfully authenticate with the server using client certificates. + + + + + + + + + + + + + + + + + <p>Where a user interface password is used for login authentication, the factory issued or reset password is unique to each device in the product family.</p> +<p><b><font size="4">Rationale:<br /></font></b> Where a device needs a password to log in, a default password is usually provided that allows the device to be accessed during its initial setup, and then the user will be prompted to change it after he/she first logs on. An attacker with knowledge of the default password can log in, usually with root or administrative privileges and perform malicious actions. Therefore, all initial passwords and factory reset passwords issued should be unique to each user.</p> +<p><b><font size="4">Remediation:<br /></font></b> Apply a process which ensures that the initial user interface password or factory reset password is unique to each device in the product family. If a password-less authentication is used the same principles of uniqueness apply.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Where passwords are entered on a user interface, the actual pass phrase is obscured by default.</p> +<p><b><font size="4">Rationale:<br /></font></b> Password masking is the practice of obscuring the password characters when entered on a user interface, more often behind bullets (.), asterisks (*) or similar camouflaging characters. The idea behind password masking is primarily the protection against "shoulder surfing", in other words to prevent nearby observers reading the password "over the user's shoulder" and thus stolen, which is crucial for mobile devices. A second reason is to obscure the password in cases of shared screens, projectors, etc.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the actual pass phrase is obscured by default where entered on a user interface.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Where the product has a secure source of time there is a method of validating its integrity.</p> +<p><b><font size="4">Rationale:<br /></font></b> Network Time Protocol (<span class="caps">NTP</span>) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. In operation since before 1985, <span class="caps">NTP</span> is one of the oldest Internet protocols in current use. <span class="caps">NTP</span>sec is a fork implementation of <span class="caps">NTP</span> that has been systematically security-hardened.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that where the product has a secure source of time there is a method of validating its integrity such as <span class="caps">NTP</span>sec (please see reference <span class="caps">URL</span> [1]).</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>The ability to remotely recover from these situations should rely on a known good state, such as locally storing a known good version to enable safe recovery and updating of the device. This will avoid denial of service and costly recalls or maintenance visits, whilst managing the risk of potential takeover of the device by an attacker subverting update or other network communications mechanisms.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions.&nbsp;</p> +<p>The key factor in this attack is the attackers' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. While the defender cannot control the resources available to an attacker, they can control the size of the secret space.&nbsp;</p> +<p>Creating a large secret space involves selecting one's secret from as large a field of equally likely alternative secrets as possible and ensuring that an attacker is unable to reduce the size of this field using available clues or cryptanalysis. Doing this is more difficult than it sounds since eliminating patterns (which, in turn, would provide an attacker clues that would help them reduce the space of potential secrets) is difficult to do using deterministic machines, such as computers.&nbsp;</p> +<p>Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information. For example, a secret space that will likely take hundreds of years to explore is likely safe from raw-brute force attacks.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Attackers could perform a brute force attack against the login function by choosing a + simple password that users are likely to use for the site, and that meets the site's + password policy. + <div> + &nbsp; + <br />Then they could use an automated script to iterate through a list of + possible usernames. &nbsp;These could be obtained from a dictionary, or generated + through pure brute force means. &nbsp; + </div> + <div> + <br /> + </div> + <div> + This type of attack cannot be defended against using an account lockout policy because + each username is only attempted once. + </div> + + + + + + + + + + + + + + + + + + + + + + + + <p>An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources. If access control mechanisms are absent or misconfigured, a user may be able to access resources that are intended only for higher level users. An adversary may be able to exploit this to utilize a less trusted account to gain information and perform activities reserved for more trusted accounts.&nbsp;</p> +<p>This attack differs from privilege escalation and other privilege stealing attacks in that the adversary never actually escalates their privileges but instead is able to use a lesser degree of privilege to access resources that should be (but are not) reserved for higher privilege accounts. Likewise, the adversary does not exploit trust or subvert systems - all control functionality is working as configured but the configuration does not adequately protect sensitive resources at an appropriate level.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>An adversary causes the target to allocate excessive resources to servicing the attackers' request, thereby reducing the resources available for legitimate services and degrading or denying services. Usually, this attack focuses on memory allocation, but any finite resource on the target could be the attacked, including bandwidth, processing cycles, or other resources.&nbsp;</p> +<p>This attack does not attempt to force this allocation through a large number of requests (that would be Resource Depletion through Flooding) but instead uses one or a small number of requests that are carefully formatted to force the target to allocate excessive resources to service this request(s). Often this attack takes advantage of a bug in the target to cause the target to allocate resources vastly beyond what would be needed for a normal request.</p> + + + + + + + + + + + + + + + + + + + + + + + + + A compromise of the storage system medium itself (device, server or database) could + allow attackers full access to the data + stored, including authentication credentials such as passwords. + + + + + + + + + + + + + + + + + + + + + + + + <p>Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials. Alternatively, an attacker may intercept a message from a legitimate sender and attempt to make it look like the message comes from them without changing its content. The latter form of this attack can be used to hijack credentials from legitimate users. Identity Spoofing attacks need not be limited to transmitted messages - any resource that is associated with an identity (for example, a file with a signature) can be the target of an attack where the adversary attempts to change the identity. This attack differs from Content Spoofing attacks where the adversary does not wish to change the identity of the message, but instead wishes to change what the message says. In an Identity Spoofing attack, the adversary is attempting to change the identity of the content.&nbsp;<br>&nbsp;</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext. +<br /> + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Every point of network interaction or other service is a potential part of the attack surface having exploitable vulnerabilities.</p> + + + + + + + + + + + + + + + + + + + + + + + The product lacks key security features such as protection against tampering or unprotected storages, or it has other misconfigurations and omissions during production. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers will often attempt to exploit unpatched flaws or access default accounts, unused pages, unprotected files and directories, etc., to gain unauthorized access or knowledge of the system.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + An attacker can bring a service down by exhausting either the network or the service itself. + <br> + <br>See references for more information. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>This type of attack targets the communication between two components (typically client and server). The attacker places himself in the communication channel between the two components. Whenever one component attempts to communicate with the other (data flow, authentication challenges, etc.), the data first goes to the attacker, who has the opportunity to observe or alter it, and it is then passed on to the other component as if it was never intercepted. This interposition is transparent leaving the two compromised components unaware of the potential corruption or leakage of their communications. The potential for Man-in-the-Middle attacks yields an implicit lack of trust in communication or identify between two components.</p> + + + + + + + + + + + + + + + + + + + + + + + + + <p>An attacker monitors information transmitted between logical or physical nodes of a network. The attacker need not be able to prevent reception or change content but must simply be able to observe and read the traffic. The attacker might precipitate or indirectly influence the content of the observed transaction, but the attacker is never the intended recipient of the information. Any transmission medium can theoretically be sniffed if the attacker can listen to the contents between the sender and recipient.</p> + + + + + + + + + + + + + + + + + + + + + + + + + <p>Every point of network interaction or another service is a potential part of the attack surface having exploitable vulnerabilities.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + An adversary manipulates the content of request parameters for the purpose of undermining the security of the target. Some parameter encodings use text characters as separators. For example, parameters in a HTTP GET message are encoded as name-value pairs separated by an ampersand (&amp;). If an attacker can supply text strings that are used to fill in these parameters, then they can inject special characters used in the encoding scheme to add or modify parameters. For example, if user input is fed directly into an HTTP GET request and the user provides the value "myInput&amp;new_param=myValue", then the input parameter is set to myInput, but a new parameter (new_param) is also added with a value of myValue. This can significantly change the meaning of the query that is processed by the server. Any encoding scheme where parameters are identified and separated by text characters is potentially vulnerable to this attack - the HTTP GET encoding used above is just one example. + + + + + + + + + + + + + + + + + + + + + + + + + + + The product lacks key security features such as protection against tampering or unprotected storages, or it has other misconfigurations and omissions during production. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources. If access control mechanisms are absent or misconfigured, a user may be able to access resources that are intended only for higher level users.&nbsp;</p> +<p>An adversary may be able to exploit this to utilize a less trusted account to gain information and perform activities reserved for more trusted accounts. This attack differs from privilege escalation and other privilege stealing attacks in that the adversary never actually escalates their privileges but instead is able to use a lesser degree of privilege to access resources that should be (but are not) reserved for higher privilege accounts. Likewise, the adversary does not exploit trust or subvert systems - all control functionality is working as configured but the configuration does not adequately protect sensitive resources at an appropriate level.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>An attacker monitors information transmitted between logical or physical nodes of a network. The attacker need not be able to prevent reception or change content but must simply be able to observe and read the traffic. The attacker might precipitate or indirectly influence the content of the observed transaction, but the attacker is never the intended recipient of the information. Any transmission medium can theoretically be sniffed if the attacker can listen to the contents between the sender and recipient.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + The application does not restrict access to administration interfaces to untrusted parties. +This fact could allow an attacker to chain vulnerabilities in order to gain unauthorized access to the system. + + + + + + + + + + + + <p>The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on how many resources can be allocated, in violation of the intended security policy.</p> + + + + + + + + + + + + The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. + +Many communication channels can be "sniffed" by attackers during data transmission. For example, network traffic can often be sniffed by any attacker who has access to a network interface. This significantly lowers the difficulty of exploitation by attackers. + + + + + + + + + + + + When client side code is fully controlled by the user, a malicious user may be able to read the code or reverse engineer it if it is compiled in any form. If the client side code includes secret keys, sensitive business logic (like client authentication) or proprietary information, all of this is directly exposed to the user, allowing them to get the sensitive information or study the business logic with the aim of bypassing it.&nbsp; +<div> + <br /> +</div> +<div> + Some examples of this vulnerability are:&nbsp; + <div> + <ul> + <li>Performing an authentication on the client side without server side validation.&nbsp;</li> + <li>Making privileged calls from the client based solely on client side conditions (i.e. a cash check on the client side to place an order on an e-commerce platform).</li> + <li>&nbsp;Hard-coding keys and secrets on the client side to make client-to-client calls without a proxy.</li> + </ul> + </div> +</div> + + + + + + + + + + + + + + + The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. This could allow attackers to execute unexpected, dangerous commands directly on the operating system. This weakness can lead to a vulnerability in environments in which the attacker does not have direct access to the operating system, such as in web applications.&nbsp; +<div> + <br /> +</div> +<div> + Alternately, if the weakness occurs in a privileged program, it could allow the attacker to specify commands that normally would not be accessible, or to call alternate commands with privileges that the attacker does not have. The problem is exacerbated if the compromised process does not follow the principle of least privilege, because the attacker-controlled commands may run with special system privileges that increases the amount of damage. +</div> +<div> + <br /> +</div> +<div> + There are at least two subtypes of OS command injection:&nbsp; +</div> +<div> + <ul> + <li>The application intends to execute a single, fixed program that is under its own control. It intends to use externally-supplied inputs as arguments to that program. For example, the program might use system(&quot;nslookup [HOSTNAME]&quot;) to run nslookup and allow the user to supply a HOSTNAME, which is used as an argument. Attackers cannot prevent nslookup from executing. However, if the program does not remove command separators from the HOSTNAME argument, attackers could place the separators into the arguments, which allows them to execute their own program after nslookup has finished executing.The application accepts an input that it uses to fully select which program to run, as well as which commands to use.&nbsp;</li> + <li>The application simply redirects this entire command to the operating system. For example, the program might use &quot;exec([COMMAND])&quot; to execute the [COMMAND] that was supplied by the user. If the COMMAND is under attacker control, then the attacker can execute arbitrary commands or programs. If the command is being executed using functions like exec() and CreateProcess(), the attacker might not be able to combine multiple commands together in the same line. From a weakness standpoint, these variants represent distinct programmer errors.&nbsp;</li> + </ul>In the first variant, the programmer clearly intends input from untrusted parties will be part of the arguments in the command to be executed. In the second variant, the programmer does not intend for the command to be accessible to any untrusted party, but the programmer probably has not accounted for alternate ways in which malicious attackers can provide input. +</div> + + + + + + + + + + + + The software specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. + +When a resource is given a permission setting that provides access to a wider range of actors than required, it can lead to the exposure of sensitive information or to the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution or sensitive user data. + + + + + + + + + + + + + + An information exposure is the intentional or unintentional disclosure of information to an + actor that is not explicitly authorized to have access to that information. + + + + + + + + + + + + + + + The product does not validate or incorrectly validates input that can affect the control flow + or data flow of a program. + + When software does not validate input properly, an attacker is able to craft the input in a form + that is not expected by the rest of the application. This will lead to parts of the system + receiving unintended input, which may result in altered control flow, arbitrary control of a + resource, or arbitrary code execution. + + + + + + + + + + + + + + + When the application does not offer a password change facility, a compromise of the current user password will lead to an attacker having persistent access to the account. + + + + + + + + + + + + The software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort to make password cracking attacks infeasible or expensive. Many password storage mechanisms compute a hash and store the hash, instead of storing the original password in plaintext. In this design, authentication involves accepting an incoming password, computing its hash, and comparing it to the stored hash.&nbsp; +<div> + <br /> +</div> +<div> + Many hash algorithms are designed to execute quickly with minimal overhead, even cryptographic hashes. However, this efficiency is a problem for password storage, because it can reduce an attacker's workload for brute-force password cracking. If an attacker can obtain the hashes through some other method (such as SQL injection on a database that stores hashes), then the attacker can store the hashes offline and use various techniques to crack the passwords by computing hashes efficiently. Without a built-in workload, modern attacks can compute large numbers of hashes, or even exhaust the entire space of all possible passwords, within a very short amount of time, using massively-parallel computing (such as cloud computing) and GPU, ASIC, or FPGA hardware. In such a scenario, an efficient hash algorithm helps the attacker. There are several properties of a hash scheme that are relevant to its strength against an offline, massively-parallel attack:&nbsp; +</div> +<div> + <ul> + <li>The amount of CPU time required to compute the hash (&quot;stretching&quot;)&nbsp;</li> + <li>The amount of memory required to compute the hash (&quot;memory-hard&quot; operations)&nbsp;</li> + <li>Including a random value, along with the password, as input to the hash computation (&quot;salting&quot;)&nbsp;</li> + <li>Given a hash, there is no known way of determining a password that produces this hash value, other than by guessing possible passwords (&quot;one-way&quot; hashing)&nbsp;</li> + <li>Relative to the number of all possible hashes that can be generated by the scheme, there is a low likelihood of producing the same hash for multiple different inputs (&quot;collision resistance&quot;)&nbsp;</li> + </ul>Note that the security requirements for the software may vary depending on the environment and the value of the passwords. Different schemes might not provide all of these properties, yet may still provide sufficient security for the environment. Conversely, a solution might be very strong in preserving one property, which still being very weak for an attack against another property, or it might not be able to significantly reduce the efficiency of a massively-parallel attack. +</div> + + + + + + + + + + + + + + The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts. + + + + + + + + + + + + + + The product does not enforce a strong password policy, which makes it easier for attackers to compromise user accounts through brute force or dictionary based attacks. + +An authentication mechanism is only as strong as its credentials. For this reason, it is important to require users to have strong passwords. Lack of password complexity significantly reduces the search space when trying to guess user's passwords, making brute-force attacks easier. + + + + + + + + + + + + + + API keys, passwords or secrets included in the source code or in the configuration files can be leaked to users with access to the code. This access can be incidentally granted by publishing the source code on a package-form or an online, public repository. + + The unauthorized access to any of those secrets could lead to a compromise of sensitive data or a system. + + + + + + + + + + + + + + Attacks leveraging social engineering such as monitoring the keyboard entry by the user or collecting her personal information to verify whether it is used as a password or forms part of the password. + + + + + + + + + + + + When using password or key material within an application, these are copied in memory and can be copied back to the disk depending on several factors. + +If the application handles passwords or key material, an attacker with access to the system could inspect the memory or the hard disk to retrieve back those secrets on its original form. + + + + + + + + + + + + + + The product lacks key security features such as protection against tampering or unprotected storages, or it has other misconfigurations and omissions during production. + + + + + + + + + + + + + + <p>The mobile application ensures that any related databases or files are either tamper resistant or restricted in their access.</p> +<p><b><font size="4">Rationale:<br /></font></b> Anti-tamper software is software which makes it harder for an attacker to modify it. Attackers can tamper with or install a backdoor on an app, re-sign it and publish the malicious version to third-party app marketplaces. Such attacks typically target popular apps and financial apps.</p> +<p><b><font size="4">Remediation:<br /></font></b> Employ anti-tamper and tamper-detection techniques to prevent illegitimate applications from executing. For example use checksums, digital signatures and other validation mechanisms to help detect file tampering. Upon detection of tampering, databases or files are re-initialized.</p> +<p><b><font size="4">Impact:<br /></font></b> Anti-tampering technology typically makes the software somewhat larger and also has a performance impact.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Where the application communicates with a product related remote server(s) or device it does so over a secure connection.</p> +<p><b><font size="4">Rationale:<br /></font></b> Secure connections are a cornerstone for a client/server communication. Cryptographic protocols such as Transport Layer Security (<span class="caps">TLS</span>) are used to prevent eavesdropping and tampering. Therefore the application should always communicate over a secure connection.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the application communicates with the product related remote server(s) or device over a secure connection such as a <span class="caps">TLS</span> connection using certificate pinning.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>A number of attacks rely on brute-force techniques to send large volumes of requests to enumerate or attempt to exploit flaws in an application, for example, sending common passwords to multiple target accounts within an application. By profiling normal traffic volumes, and applying rate limiting, the application can be built to actively mitigate such attacks.&nbsp;</p><ul><li>Connection rate-limiting based on the source IP address can be used to restrict attacks against the authentication or registration systems. Multiple failures (or attempts) from a single IP should result in temporarily blocking or dropping traffic from the source. Note however that some corporate and ISP environments may place multiple valid and discrete clients behind the same IP address, resulting in false-positives.</li><li>Attackers may use botnets and other IP masking techniques to deliver attacks to avoid IP based rate-limiting. To mitigate this class of attack, Indicators of Compromise should be monitored (for example a higher rate of login failures than usual), and appropriate actions taken. For example, when the application detects active brute-force attacks, a Web Application Firewall (WAF) or other intermediate devices could be used to block attacks sharing a signature from pattern matching or deep packet inspection (e.g. HTTP headers or common passwords across multiple accounts). Similarly, the application could respond by requiring a CAPTCHA, cookie, or Javascript challenge when an attack is detected.</li></ul><p><strong>Remediation:&nbsp;</strong></p><p>Implement the mechanisms to lockout accounts:&nbsp;</p><ul><li>When the application detects a set number of failure login attempts, the account shall be locked for a certain time period. This period shall be increased as per each new failed attempt up to an hour as maximum.</li><li>When the application detects an account is locked more times than usual, this account should be disabled (no more than 100 failure attempts). A disabled account should only be restored by an administrator.</li><li>When the application detects active brute-force attacks, the application shall require a CAPTCHA, cookie, or JavaScript challenge before attempting authentication.</li><li>Only accept those authentication requests that come from a white list of IP addresses from which the user has been successfully authenticated before.</li><li>If the user successfully authenticates, the previous failed attempts shall be reset for that user from the same IP address.</li></ul><p>For API rate limiting there are several methods that can be applied:</p><ul><li>Throttling: based on certain rules a request can be slowed down considerably to allow other requests to be served first</li><li>Request queues: limit the number of request in a given period of time (e.g. five requests per second)</li><li>Token bucket: commonly used in public APIs, each user has a number of tokens to call the API. After all tokens have been used the user has to wait until the number of tokens are renewed</li><li>Fixed window: requests that exceed a fixed limit in a period of time will be blocked temporarily</li><li>Leaky bucket: requests are put in a FIFO queue and will be served accordingly</li><li>Sliding log: a time-stamped log is used to identify user actions, so the rate limit can be applied for a specified user to avoid more than X actions in a period of time</li><li>Sliding window: combination of fixed window and sliding log</li></ul><p>From a user perspective, implementing timeouts and calling paginated endpoints can reduce the impact of having a very large response that can freeze the system.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Use tools like THC-Hydra, OWASP ZAP or Burp Suite to simulate brute force attacks against the login function.&nbsp;</p><ul><li>Perform a simulation of the attack against the login function.</li><li>Verify the function is blocked for your source after n attempts.</li><li>Verify there is a log alerting function for an unusual amount of failed login attempts, even if they originated from different sources.</li></ul> + + + + + + + + + + + + + + + + + <p>All data and functionalities on the client-side must be considered tainted and subject to manipulation by a malicious actor, regardless of the controls in place (e.g. encryption or obfuscation of client-side code or content). </p> This includes application logic decisions, such as access controls, and data considered sensitive or secret, such as encryption keys. While controls may be duplicated on the client-side to improve the user experience, it is important to have these enforced on the server-side.&nbsp; +<div> + <ul> + <li>Business logic, in particular access controls, must be implemented on the server-side.</li> + <li>Secret data should be stored on the server-side, and only what is explicitly required should be duplicated on the client-side.&nbsp;</li> + </ul>All data provided from the client-side (even from binary clients) should be considered tainted, and security decisions should not be made solely on this data. For example, an insecure implementation could include a compiled application (e.g. Flash!) performing authentication on the client-side against a stored password. The decompilation of the binary (in this case flv file) or the interception and modification of controls between the client and server could expose the password or allow unauthorized access to the authenticated application content. +</div> + + + + + + + + + + + + + + + + + + + + + + + <p></p> +<ul> + <li>Identify where critical decisions are made on the application. Key areas include:&nbsp;</li> + <ul> + <li>authentication&nbsp;</li> + <li>input validation&nbsp;</li> + <li>access to resources&nbsp;</li> + <li>state bypasses&nbsp;</li> + </ul> + <li>Ensure those decisions are made or validated on the server side, particularly where client-side controls are implemented.&nbsp;</li> + <li>Verify that sensitive data passed to the client side is appropriate, and ensure no inappropriate data is stored or hard-coded into client-side components, for example&nbsp;</li> + <ul> + <li>Personally Identifiable Information.&nbsp;</li> + <li>Financial data, in particular cardholder data (as defined by the <span class="caps">PCI</span> Council).&nbsp;</li> + <li>Application secrets - such as symmetric encryption keys or passwords.</li> + </ul> +</ul> +<p></p> + + + + + + + + + + + + + + + + + <p>Where passwords are entered on a user interface, the actual pass phrase is obscured by default to prevent the capture of passwords.</p> +<p><b><font size="4">Rationale:<br /></font></b> Password masking is the practice of obscuring the password characters when entered on a user interface, more often behind bullets (.), asterisks (*) or similar camouflaging characters. The idea behind password masking is primarily to protect against "shoulder surfing", in other words to prevent nearby observers reading the password "over the user's shoulder" and thus stealing them, which is crucial for mobile devices. A second reason is to obscure the password in cases of shared screens, projectors, etc.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the actual pass phrase is obscured by default where entered on a user interface.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;">Passwords used either as a sole verification credentials, or as part of a multi-factor authentication, are a key aspect of application security, and strong password selection should be encouraged and enforced. The application should allow flexibility in user password selection, and enforce minimum criteria for password quality. This should include:</span></p> +<ul> + <li>Minimum password length requirements, to mitigate brute-force and dictionary attacks.</li> + <li>Encourage use of pass-phrases using multiple words, achieving longer passwords more resistant to attack.</li> + <li>Enforce use of mixed case, numeric and/or special characters to increase complexity.</li> + <li>Prevent or discourage use of dictionary words and common passwords through black-lists. For example, a set of commonly used passwords can be found on SecLists at <a href="https://github.com/danielmiessler/SecLists/tree/master/Passwords">https://github.com/danielmiessler/SecLists/tree/master/Passwords&nbsp;</a></li> +</ul> +<p><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;"><b>Password length:</b></span></p> +<p><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;">Password length considers the minimum and maximum length of characters comprising the password of your users. For ease of changing this length, its implementation can be configurable possibly using a properties file or xml configuration file.</span></p> +<ul> + <li><b>Minimum length. </b></li> + <ul> + <li>Memory secrets shall be at least 8 characters long. </li> + <li>Memory secrets generated automatically shall be at least 6 numeric characters.</li> + </ul> + <li><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;"><b>Maximum length. </b>People tend to forget their passwords easily. The longer the password, the more likely people are to enter them incorrectly for the system. However, long pass-phrases can be easily remembered, and should not be prevented through unnecessarily strict upper restrictions on length. </span><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;">Passwords with 64 characters or longer shall be permitted.&nbsp;</span></li> +</ul> +<b> + <ul> + </ul><p><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;">Password Complexity:</span></p></b> +<ul> + <ul> + </ul> + <li>Passwords with consecutive multiple spaces shall be coalesced and converter into only one space. After this modification, the password length shall be at least 12 characters long.</li> + <li>Unicode characters shall be allowed in the password. A single Unicode code point is considered a character.</li> + <li>Reject those passwords whose are commonly used and they have been already been leaked in a previous compromise. You may choose to block the top 1000 or 10000 most common passwords which meet the above length requirements and are found in compromised password lists. The following link contains the most commonly found passwords: <a href="https://github.com/danielmiessler/SecLists/tree/master/Passwords">https://github.com/danielmiessler/SecLists/tree/master/Passwords</a></li> + <li>Actual passwords must not be stored, to protect them against brute forcing if the database is compromised Screen reader support enabled.</li> +</ul> +<ul> +</ul> +<p><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;"><b>Password Topologies:</b></span></p> +<ul> + <li>Ban commonly used password topologies.</li> + <li>Force multiple users to use different password topologies.</li> + <li>Require a minimum topology change between old and new passwords.</li> +</ul> +<p><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;"><b>Additional Information:</b></span></p> +<ul> + <li>Make sure that every character the user types in is actually included in the password. We've seen systems that truncate the password at a length shorter than what the user provided (e.g., truncated at 15 characters when they entered 20).</li> + <li>As application's require more complex password policies, they need to be very clear about what these policies are. The required policy needs to be explicitly stated on the password change page</li> + <li>If the new password doesn't comply with the complexity policy, the error message should describe EVERY complexity rule that the new password does not comply with, not just the 1st rule it doesn't comply with.</li> +</ul> +<ul> +</ul> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <ol> + <li>Verify the passwords comply with the company policy for strong passwords.</li> + <li>If there is no policy, check the strength against industry standards as NIST or OWASP.</li> +</ol>An example of strong password policy (&nbsp; +<a href="https://www.owasp.org/index.php/Authentication_Cheat_Sheet#Implement_Proper_Password_Strength_Controls">from the OWASP Authentication Cheat Sheet</a>) is: Password must meet at least 3 out of the following 4 complexity rules: +<ul> + <li>at least 1 uppercase character (A-Z)</li> + <li>at least 1 lowercase character (a-z)</li> + <li>at least 1 digit (0-9)</li> + <li>at least 1 special character (punctuation). Do not forget to treat space as special characters too</li> + <li>at least 10 characters</li> + <li>at most 128 characters</li> +</ul>not more than 2 identical characters in a row (e.g., 111 not allowed). + + + + + + + + + + + + + + + + + <p>Restrict access to administrative interfaces to trusted actors from trusted locations to reduce the application attack surface and likelihood of compromise.</p> +<p>Restrict administrative access to specific networks or hosts.</p> +<div> + Use strong authentication for privileged access, for example a 2FA. +</div> + + + + + + + + + + + + + + + + <p>Try to access the administrative interface from an untrusted location. For example, if you are using a Wordpress <span class="caps">CMS</span> you should restrict access to /wp-admin which should not be available from the internet but only from trusted networks or IP addresses.</p> + + + + + + + + + + + + + + + + + <span><p><span style="font-size: 11pt; font-family: Arial; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">To protect user passwords from accidental or deliberate exposure, the application should store cryptographic hashes of passwords instead of the actual passwords.</span></p> + <ul> + <li><p><span style="font-size: 11pt; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">Do not store actual passwords in the data storage for verification during login.</span></p></li> + <li><p><span style="font-size: 11pt; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">Instead, create a cryptographic hash of the password using a strong hash function that includes a work factor and a built in 'salt' value, like bcrypt or scrypt. This reduces the risk of brute-force attacks and rainbow tables, and allows flexibility to adapt the hashing function to balance security and performance. Establish some restrictions, depending on the used function:</span></p></li> + <ul> + <li><p><span style="font-size: 11pt; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">The salt length must be at least 32 bits.</span></p></li> + <li><p><span style="font-size: 11pt; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">If bcrypt is used, the work factor must be as large as verification server performance allows, typically at least 13.</span></p></li> + <li><p><span style="font-size: 11pt; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">If we use the PBKDF2, the iteration count shall be as large as verification server performance allows, and it will typically allow at least 100,000 iterations.</span></p></li> + </ul> + <li><p><span style="font-size: 11pt; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">Alternatively, use a strong hash function like SHA-384 together with a unique 'salt' value for every account.&nbsp; Apply multiple iterations of the hash to create the additional computational work required to mitigate brute-force attacks. The secret 'salt' value must be stored separately from the hashed passwords.</span></p></li> + </ul></span> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <span> + <ol> + <li><span><span style="font-size: 11pt; white-space: pre-wrap; font-family: Arial;">Review the mechanism for matching credentials from the client-side to stored credentials for a user.&nbsp;</span></span></li> + </ol> + <ul> + <ul> + <li><span>Best practices dictate that the system should match a strong salted hash (SHA256 or greater and a unique hash for each account) to the one stored at the time the password was set.</span></li> + <li>For example, it is recommended to use a system salt of 32 bits or more, a keyed HMAC hash using <span style="font-family: Arial; font-size: 11pt; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">SHA-2 or SHA-3,</span><span style="font-family: Arial; font-size: 11pt; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;"> and the stretching algorithm PBKDF2 with at least 10,000 iterations.</span></li> + </ul> + </ul> + <ol> + <li><span><span style="font-size: 11pt; white-space: pre-wrap; font-family: Arial;">Confirm the stored credential is not a clear-text password</span></span></li> + <li><span><span style="font-size: 11pt; white-space: pre-wrap; font-family: Arial;">Confirm the stored credential is not an encrypted password which may be recovered (decrypted) at the server- or client- side.</span></span></li> + <li><span><span style="font-size: 11pt; white-space: pre-wrap; font-family: Arial;">Confirm that the hashing algorithm in use is cryptographically secure (e.g. is not SHA1/MD5 or a flawed algorithm).</span></span></li> + <li><span><span style="font-size: 11pt; white-space: pre-wrap; font-family: Arial;">Confirm that the hash is created from the password together with a unique salt value for the user. This prevents the use of rainbow tables, or the identification of password collisions among users.</span></span></li> + <li><span><span style="font-size: 11pt; white-space: pre-wrap; font-family: Arial;">Consider using an algorithm with a configurable work factor, set to a high value to inhibit attacks.</span></span></li> + </ol></span> +<span></span> + + + + + + + + + + + + + + + + + Applications storing or caching data locally are at risk of attack and compromise the data. Most mobile devices and operating systems offer built in APIs to store data in their encrypted stores, such as the Keychain on iOS. These stores are ultimately encrypted using a key derived from the device passcode and require the user to set a passcode.&nbsp; +<div> + <br /> +</div> +<div> + However, they do not enforce the quality of the passcode, nor is it possible to determine the quality of the passcode (and therefore, ultimately the key) from within the application.&nbsp; +</div> +<div> + <ul> + <li>Data should not be stored locally unless there is an explicit requirement to do so. This includes restricting thumbnails or screenshots of pages in the application that contain private data.&nbsp;</li> + <li>Data that must be stored on the client side must be held in a cryptographically secure store.&nbsp;</li> + <li>Use OS provided stores to protect private data on the client side, acknowledging that the residual risk from users with weak passwords may affect that data.&nbsp;</li> + <li>Do not store highly sensitive/financial data on the client-side without implementing a provably strong cryptographic process. For example, it should be encrypted using a key derived from an independent password where the strength of this password can be verified.</li> +</ul> +<p></p> + + + + + + + + + + + <ol> + <li>Identify which points of the component are storing sensitive data.&nbsp;</li> + <li>Check the storage routines and verify they are using OS APIs which are built on + top of secure storage components.</li> + </ol> + + + + + + + + + + + + + + + + + + <p>The product allows an authorized factory reset of the device's authorization information.</p> +<p><b><font size="4">Rationale:<br /></font></b> The devices are often authorized to an account, based on license agreements with service providers. The device should have the option to be deauthorized and reset in case the user no longer wants to use it or if the user wants to authorize the device to another account.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the product allows an authorized factory reset of the device's authorization information.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>The product allows the factory issued or <span class="caps">OEM</span> login accounts to be disabled, erased or renamed.</p> +<p><b><font size="4">Rationale:<br /></font></b> The factory issued or <span class="caps">OEM</span> login accounts should be disabled, erased or renamed. This is to avoid the type of attacks where factory default logins and passwords are published on the web, which allows attackers to mount very simple scanning and dictionary attacks on devices.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the product allows the factory issued or <span class="caps">OEM</span> login accounts to be disabled, erased or renamed when installed or commissioned.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>The product only allows controlled user account access. Access using anonymous or guest user accounts is not supported without justification.</p> +<p><b><font size="4">Rationale:<br /></font></b> Product should not allow any unjustified anonymous or guest access in order to prevent potential theft or disclosure of sensitive information, therefore only controlled user account access should be permitted.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the product only allows controlled user account access and access using anonymous or guest user accounts is not supported without justification.</p> + + + + + + + + + + + <p>The best way to find out if an application has failed to properly restrict function level access is to verify every application function:</p> +<p></p> +<ol> + <li>Does the UI show navigation to unauthorized functions?</li> + <li>Are server side authentication or authorization checks missing?</li> + <li>Are server side checks done that solely rely on information provided by the attacker?</li> +</ol> +<p></p> +<p>Using a proxy, browse your application with a privileged role. Then revisit restricted pages using a less privileged role. If the server responses are alike, you're probably vulnerable. Some testing proxies directly support this type of analysis.</p> +<p>You can also check the access control implementation in the code. Try following a single privileged request through the code and verifying the authorization pattern. Then search the codebase to find where that pattern is not being followed.</p> +<p> Automated tools are unlikely to find these problems.</p> + + + + + + + + + + + + + + + + + <p>Password entry follows industry standard practice such recommendations of the 3GPP TS33.117 Password policy. [ref. 1] or <span class="caps">NIST</span> SP800-63b [ref. 2] or <span class="caps">NCSC</span> [Ref 3] on password length, characters from the groupings and special characters.</p> +<p><b><font size="4">Rationale:<br /></font></b> A key concern when using passwords for authentication is password strength. A "strong" password policy makes it difficult or even improbable for one to guess the password through either manual or automated means. The main characteristics that define a strong password are length, complexity and topology (the pattern that a password is written).</p> +<p>Passwords should not be vulnerable to dictionary attack, which is a type of brute force attack technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary. </p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the product/system enforces passwords to be compliant with 3GPP TS33.117 or similar (<span class="caps">NIST</span> SP800-63b [ref. 2] or <span class="caps">NCSC</span> [Ref 3]) recommendations to include: At least eight characters in length, characters from the groupings: alpha, numeric and special characters and should not be vulnerable to dictionary attack.</p> + + + + + + + + + + + + + <p>Please see reference [3] for <span class="caps">OWASP</span> testing methodology link.</p> + + + + + + + + + + + + + + + + + <p>The product will not allow new passwords containing the user account name with which the user account is associated.</p> +<p><b><font size="4">Rationale:<br /></font></b> Weak passwords are a serious threat to computer security, and specifically the guessable ones should be forbidden through organizational policy and suitable technical measures. Using the user account name as password or part of a password is completely insecure and makes a brute-force attack against the login interface much easier.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the product does not allow new passwords containing the user account name with which the user account is associated.</p> + + + + + + + + + + + + <p>Please see reference [2] for <span class="caps">OWASP</span> testing methodology link.</p> + + + + + + + + + + + + + + + + + <p>All data received should be considered tainted and a potential risk, regardless of the source or transport method. For example, while hidden form fields, cookies or other headers may be obfuscated from a user, along with parameters passed in ViewStates or other encapsulated forms. These can be modified by the user on the client-side in memory, or in transit on the network. Similarly, data passed from binary or compiled components can be modified in situ or in transit. <i></i> <i>Furthermore, encryption only secures the data in transit between the two ends of the encrypted tunnel (one of which is typically controlled by the client); data passing through the link may still be malicious.</i> </p> As such, all data from the client side must be subjected to strict validation, sanitization, and encoding against expected syntactic and semantic criteria. +<div> + <ul> + <li>Define a specification of the data that is expected at each input; both the syntax (e.g. alphanumeric only) and semantics (e.g. a word of between 1 and 25 characters, or a specific list). As an example of business rule logic, &quot;boat&quot; may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as &quot;red&quot; or &quot;blue.&quot;&nbsp;</li> + <li>Implement a 'known good' or white-list approach, where only inputs that meet the strict criteria for each input are accepted, and reject, transform, or encapsulate any non-compliant data.&nbsp;</li> + <li>While useful for identifying malicious content, do not rely on looking for specific malformed or attack payloads (blacklists). It is almost impossible to maintain a comprehensive and accurate blacklist due to the complexity and evolving nature of attacks, opportunities to obfuscate payloads, and changes to the code's execution environment. As noted, blacklists can be useful for detecting and logging potential attacks, or determining which inputs are so malformed that they should be rejected outright.&nbsp;</li> + <li>Validate all data received from the client, including values such as <span class="caps">HTTP</span> headers and cookie values if these are used as input on the server side, X- headers, and other platform specific data objects passed between the client and server.</li> + </ul> +</div> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Identify data input points for the application, for example:&nbsp;</p><ul><li>Forms with user input (including hidden fields)</li><li>API calls</li><li>HTTP Headers</li><li>Application states such as ASP Viewstates</li><li>Serialized Java objects</li><li>Any data structure received from the client-side</li><li>For every input, define accepted input (both syntactic and semantic criteria)</li><li>Where possible, define a white-list of accepted input or characters</li><li>For each of the inputs, ensure that the data is validated against the defined whitelists (for example with a regular expression) before being processed.</li></ul><p>To test data validation:&nbsp;&nbsp;</p><ul><li>Review the acceptable input criteria, and build test cases that deviate from it (invalid characters, lengths, ranges etc.).</li><li>Pass invalid input to the application and review error trapping and handling.</li><li>Where unexpected exceptions occur, the application may be vulnerable to attack.</li></ul><p>A number of tools can be used to aid in testing:</p><ul><li>Directly from your browser with the Developer Tools.</li><li>Using a browser extension which allows you to modify the request and responses on the fly (i.e. Tamper Data).</li><li>Using a proxy which allows you to modify the request and response on the fly (i.e. OWASP ZAP, Burp, Fiddler, etc.).</li></ul> + + + + + + + + + + + + + + + + + <p>All data received from the client-side should be considered tainted and a potential risk, regardless of the source or transport method. This affects all application platforms, including mobile. All data from the client side must be subjected to strict validation, sanitization, and encoding against expected syntactic and semantic criteria. + Define a specification of the data that is expected at each input; both the syntax (e.g. alphanumeric only) and semantics (e.g. a word of between 1 and 25 characters, or a specific list). As an example of business rule logic, &quot;boat&quot; may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as &quot;red&quot; or &quot;blue.&quot; </p> + + Implement a 'known good' or white-list approach, where only inputs that meet the strict criteria for each input are accepted, and reject, transform, or encapsulate any non-compliant data. While useful for identifying malicious content, do not rely on looking for specific malformed or attack payloads (blacklists). It is almost impossible to maintain a comprehensive and accurate blacklist due to the complexity and evolving nature of attacks, opportunities to obfuscate payloads, and changes to the code's execution environment. As noted, blacklists can be useful for detecting and logging potential attacks, or determining which inputs are so malformed that they should be rejected outright. Validate all data received from the client, including values such as <span class="caps">HTTP</span> headers and cookie values if these are used as input on the server side, X- headers, and other platform specific data objects passed between the client and server. + + This validation and sanitization must be performed in context. For example, data sent to an <span class="caps">SQL</span> database must be escaped for <span class="caps">SQL</span> special characters whereas data sent as part of a shell command must be escaped for shell special characters. + + + + + + + + + + + <p></p> +<ul> + <li>Identify exported activities, intents and content providers.&nbsp;</li> + <li>For every input, define accepted input (both syntactic and semantic criteria).</li> + <li>Where possible, define a white-list of accepted input or characters.</li> + <li>For each of the inputs, ensure the data is validated against the defined whitelists (for example with a regular expression) before being processed.</li> + <li>Check the code to look for input validation methods and input restrictions.&nbsp;</li> + <li>Test that they are effective by fuzzing the identified features.&nbsp;</li> + <li>Tools such as&nbsp;<a href="https://labs.mwrinfosecurity.com/tools/drozer/">Drozer</a>&nbsp;can help with this task.</li> +</ul> +<p></p> + + + + + + + + + + + + + + + + + <p>Where a user interface password is used for login authentication, the factory issued or reset password is unique to each device in the product family.</p> +<p><b><font size="4">Rationale:<br /></font></b> Where a device needs a password to log in, a default password is usually provided that allows the device to be accessed during its initial setup, and then the user will be prompted to change it after he/she first logs on. An attacker with knowledge of the default password can log in, usually with root or administrative privileges and perform malicious actions. Therefore, all initial passwords and factory reset passwords issued should be unique to each user.</p> +<p><b><font size="4">Remediation:<br /></font></b> Apply a process which ensures that the initial user interface password or factory reset password is unique to each device in the product family. If a password-less authentication is used the same principles of uniqueness apply.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Where an application's user interface password is used for login authentication, the initial password or factory reset password is unique to each device in the product family.</p> +<p><b><font size="4">Rationale:<br /></font></b> Where a device needs a password to log in, a default password is usually provided that allows the device to be accessed during its initial setup, and then the user will be prompted to change it after he/she first logs on. An attacker with knowledge of the default password can log in, usually with root or administrative privileges and perform malicious actions. Therefore, all initial passwords and factory reset passwords issued should be unique to each user.</p> +<p><b><font size="4">Remediation:<br /></font></b> Apply a process which ensures that the initial password or factory reset password is unique to each device in the product family.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Where passwords are entered on a user interface, the actual pass phrase is obscured by default.</p> +<p><b><font size="4">Rationale:<br /></font></b> Password masking is the practice of obscuring the password characters when entered on a user interface, more often behind bullets (.), asterisks (*) or similar camouflaging characters. The idea behind password masking is primarily the protection against "shoulder surfing", in other words to prevent nearby observers reading the password "over the user's shoulder" and thus stolen, which is crucial for mobile devices. A second reason is to obscure the password in cases of shared screens, projectors, etc.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the actual pass phrase is obscured by default where entered on a user interface.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Where the product has a secure source of time there is a method of validating its integrity.</p> +<p><b><font size="4">Rationale:<br /></font></b> Network Time Protocol (<span class="caps">NTP</span>) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. In operation since before 1985, <span class="caps">NTP</span> is one of the oldest Internet protocols in current use. <span class="caps">NTP</span>sec is a fork implementation of <span class="caps">NTP</span> that has been systematically security-hardened.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that where the product has a secure source of time there is a method of validating its integrity such as <span class="caps">NTP</span>sec (please see reference <span class="caps">URL</span> [1]).</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>The ability to remotely recover from these situations should rely on a known good state, such as locally storing a known good version to enable safe recovery and updating of the device. This will avoid denial of service and costly recalls or maintenance visits, whilst managing the risk of potential takeover of the device by an attacker subverting update or other network communications mechanisms.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Administrative interfaces grant access to sensitive operations that can typically + affect key security mechanisms, like modifying credentials and adding/removing user + accounts. + + + + + + + + + + + + + + + + + + + + + + + + + + + + A compromise of the storage system medium itself (device, server or database) could + allow attackers full access to the data + stored, including authentication credentials such as passwords. + + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers could use malicious mobile applications to attack legitimate applications that export their components improperly. The attacks and consequences of improperly exporting a component may depend on the exported component: If access to an exported Activity is not restricted, any application will be able to launch the activity. + This may allow a malicious application to gain access to sensitive information, modify the internal state of the application, or trick a user into interacting with the victim application whilst believing they are still interacting with the malicious application. If access to an exported Service is not restricted, any application may start and bind to the Service. </p> + + Depending on the exposed functionality, this may allow a malicious application to perform unauthorized actions, gain access to sensitive information, or corrupt the internal state of the application. If access to a Content Provider is not restricted to only the expected applications, then malicious applications might be able to access the sensitive data. Note that in Android before 4.2, the Content Provider is automatically exported unless it has been explicitly declared as <span class="caps">NOT</span> exported. + + + + + + + + + + + + + + + + + + + + + + + <p>In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions. The key factor in this attack is the attackers' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. While the defender cannot control the resources available to an attacker, they can control the size of the secret space.&nbsp;</p> +<p>Creating a large secret space involves selecting one's secret from as large a field of equally likely alternative secrets as possible and ensuring that an attacker is unable to reduce the size of this field using available clues or cryptanalysis. Doing this is more difficult than it sounds since elimination of patterns (which, in turn, would provide an attacker clues that would help them reduce the space of potential secrets) is difficult to do using deterministic machines, such as computers.&nbsp;</p> +<p>Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information. For example, a secret space that will likely take hundreds of years to explore is likely safe from raw-brute force attacks.</p> + + + + + + + + + + + + + + + + + + + + + + + + + <p>An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources. If access control mechanisms are absent or misconfigured, a user may be able to access resources that are intended only for higher level users.&nbsp;</p> +<p>An adversary may be able to exploit this to utilize a less trusted account to gain information and perform activities reserved for more trusted accounts. This attack differs from privilege escalation and other privilege stealing attacks in that the adversary never actually escalates their privileges but instead is able to use a lesser degree of privilege to access resources that should be (but are not) reserved for higher privilege accounts. Likewise, the adversary does not exploit trust or subvert systems - all control functionality is working as configured but the configuration does not adequately protect sensitive resources at an appropriate level.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>Attack patterns within this category focus on the manipulation and exploitation of people. The techniques defined by each pattern are used to convince a target into performing actions or divulging confidential information that benefit the adversary, often resulting in access to computer systems or facilities. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access. In most cases, the adversary never comes face-to-face with the victim.</p> + + + + + + + + + + + + + + + + + + + + + + + An attacker with access to the plain, readable credential database would have access + to the system as any of those users.&nbsp; + + + + + + + + + + + + + + + + + + + + + + + + <p>In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions.&nbsp;</p> +<p>The key factor in this attack is the attackers' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. While the defender cannot control the resources available to an attacker, they can control the size of the secret space.&nbsp;</p> +<p>Creating a large secret space involves selecting one's secret from as large a field of equally likely alternative secrets as possible and ensuring that an attacker is unable to reduce the size of this field using available clues or cryptanalysis. Doing this is more difficult than it sounds since eliminating patterns (which, in turn, would provide an attacker clues that would help them reduce the space of potential secrets) is difficult to do using deterministic machines, such as computers.&nbsp;</p> +<p>Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information. For example, a secret space that will likely take hundreds of years to explore is likely safe from raw-brute force attacks.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Attackers could perform a brute force attack against the login function by choosing a + simple password that users are likely to use for the site, and that meets the site's + password policy. + <div> + &nbsp; + <br />Then they could use an automated script to iterate through a list of + possible usernames. &nbsp;These could be obtained from a dictionary, or generated + through pure brute force means. &nbsp; + </div> + <div> + <br /> + </div> + <div> + This type of attack cannot be defended against using an account lockout policy because + each username is only attempted once. + </div> + + + + + + + + + + + + + + + + + + + + + + + + <p>An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources. If access control mechanisms are absent or misconfigured, a user may be able to access resources that are intended only for higher level users. An adversary may be able to exploit this to utilize a less trusted account to gain information and perform activities reserved for more trusted accounts.&nbsp;</p> +<p>This attack differs from privilege escalation and other privilege stealing attacks in that the adversary never actually escalates their privileges but instead is able to use a lesser degree of privilege to access resources that should be (but are not) reserved for higher privilege accounts. Likewise, the adversary does not exploit trust or subvert systems - all control functionality is working as configured but the configuration does not adequately protect sensitive resources at an appropriate level.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>An adversary causes the target to allocate excessive resources to servicing the attackers' request, thereby reducing the resources available for legitimate services and degrading or denying services. Usually, this attack focuses on memory allocation, but any finite resource on the target could be the attacked, including bandwidth, processing cycles, or other resources.&nbsp;</p> +<p>This attack does not attempt to force this allocation through a large number of requests (that would be Resource Depletion through Flooding) but instead uses one or a small number of requests that are carefully formatted to force the target to allocate excessive resources to service this request(s). Often this attack takes advantage of a bug in the target to cause the target to allocate resources vastly beyond what would be needed for a normal request.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + The product lacks key security features such as protection against tampering or unprotected storages, or it has other misconfigurations and omissions during production. + + + + + + + + + + + + + + + + + + + + + + + + + + + Secrets stored in any client side components, such as a mobile application, thick + client application or in JavaScript used by a browser, can be accessed by + users/attackers who have access to this client. + <div> + <br /> + </div> + <div> + Attackers could then gain access to the data or services that are protected by this + secret, if no other credentials are required. + </div> + + + + + + + + + + + + + + + + + + + + + + + + + + + + The product lacks key security features such as protection against tampering or unprotected storages, or it has other misconfigurations and omissions during production. + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>An attacker monitors information transmitted between logical or physical nodes of a network. The attacker need not be able to prevent reception or change content but must simply be able to observe and read the traffic. The attacker might precipitate or indirectly influence the content of the observed transaction, but the attacker is never the intended recipient of the information. Any transmission medium can theoretically be sniffed if the attacker can listen to the contents between the sender and recipient.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>An attacker examines a client application for the presence of sensitive information.&nbsp;</p><p><br>&nbsp;</p><p>This information may be stored in configuration files, embedded within the application itself, or stored in other ways. Sensitive information may include long-term keys, passwords, credit card or financial information, and other private material that the client uses in its interactions with the server.&nbsp;</p><p><br>&nbsp;</p><p>While servers are (hopefully) protected by professional security administrators, most users may be less skilled at protecting their data. As a result, the user client may represent a weak link that an attacker could exploit directly. If an attacker can gain access to a client installation, they may be able to detect and lift sensitive information that could be leveraged directly (such as financial information), or allow the attacker to subvert future communication between the client and the server.&nbsp;</p><p><br>&nbsp;</p><p>In some cases, it may not even be necessary to gain access to another user's installation - if all instances of the client software are embedded with the same sensitive information (for example, long term keys for communication with the server), then the attacker must simply find a way to gain their own copy of the client in order to perform this attack.&nbsp;<br>&nbsp;</p> + + + + + + + + + + + + + + + + + + + + + + + <p>Server-Side Code Injection happens when an attacker is able to direct input under his control and mix it with executed code on the server side by modifying the logic executed on it.&nbsp;</p><p><br>&nbsp;</p><p>Depending on the code isolation, this event could grant the user access to system resources and data.&nbsp;</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on how many resources can be allocated, in violation of the intended security policy.</p> + + + + + + + + + + + + The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. + +Many communication channels can be "sniffed" by attackers during data transmission. For example, network traffic can often be sniffed by any attacker who has access to a network interface. This significantly lowers the difficulty of exploitation by attackers. + + + + + + + + + + + + The software performs an operation at a privilege level that is higher than the minimum level + required, which creates new weaknesses or amplifies the consequences of other weaknesses. + + New weaknesses can be exposed because running with extra privileges, such as root or + Administrator, can disable the normal security checks being performed by the operating system or + surrounding environment. Other pre-existing weaknesses can turn into security vulnerabilities if + they occur while operating at raised privileges. Privilege management functions can behave in + some less-than-obvious ways, and they have different quirks on different platforms. These + inconsistencies are particularly pronounced if you are transitioning from one non-root user to + another. Signal handlers and spawned processes run at the privilege of the owning process, so if + a process is running as root when a signal fires or a sub-process is executed, the signal + handler or sub-process will operate with root privileges. + + + + + + + + + + + + + + + The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. + + + + + + + + + + + + The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources. + + + + + + + + + + + + The software assigns an owner to a resource, but the owner is outside of the intended control sphere. + + + + + + + + + + + + + + The software specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. + +When a resource is given a permission setting that provides access to a wider range of actors than required, it can lead to the exposure of sensitive information or to the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution or sensitive user data. + + + + + + + + + + + + + + An information exposure is the intentional or unintentional disclosure of information to an + actor that is not explicitly authorized to have access to that information. + + + + + + + + + + + + + + + When the application does not offer a password change facility, a compromise of the current user password will lead to an attacker having persistent access to the account. + + + + + + + + + + + + The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. + + + + + + + + + + + + The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts. + + + + + + + + + + + + + + The product does not enforce a strong password policy, which makes it easier for attackers to compromise user accounts through brute force or dictionary based attacks. + +An authentication mechanism is only as strong as its credentials. For this reason, it is important to require users to have strong passwords. Lack of password complexity significantly reduces the search space when trying to guess user's passwords, making brute-force attacks easier. + + + + + + + + + + + + + + When patches and updates are not applied in a timely manner then a product (e.g. Operating System, Software or Mobile App) or a system could be vulnerable to known security issues. These issues could be leveraged by an attacker to gain access to the system. + + + + + + + + + + + + The product is exposed or reachable by an unnecessarily large group of potential attackers. An over-exposure of a component increases the chance of an attacker gaining access to the system through a vulnerability. + + + + + + + + + + + + <div> + The application does not sufficiently encapsulate critical data or functionality. + </div> + <p>Encapsulation is about drawing strong boundaries. In a web browser, this might mean + ensuring that your mobile code cannot be abused by other mobile code. On the server, it might + mean differentiating between validated data and unvalidated data, between one user's data and + another's, or between data that users are allowed to see and data that they are not.</p> + + + <div> + <ol> + <li>Identify boundaries on the application.&nbsp;</li> + <li>Make sure that the application adequately enforces access control across those + boundaries. &nbsp;For example, does it require some form of authentication at the + boundary? &nbsp;Or does it prevent access across the boundary entirely?</li> + </ol> + </div> + <div> + </div> + + + + + + + + + + + When using password or key material within an application, these are copied in memory and can be copied back to the disk depending on several factors. + +If the application handles passwords or key material, an attacker with access to the system could inspect the memory or the hard disk to retrieve back those secrets on its original form. + + + + + + + + + + + + + + The product lacks key security features such as protection against tampering or unprotected storages, or it has other misconfigurations and omissions during production. + + + + + + + + + + + + <p>This is a generic weakness which includes several different situations that are all connected to unexpected environmental conditions and could be related to:&nbsp;</p><ul><li>Misconfiguration.</li><li>Uncleared buffers, shared memory, files, etc.</li><li>Problems between the interaction of two different entities that cause unexpected behavior.</li></ul> + + Identify the areas of the application that can be affected by the following causes: + <br /> + <ol> + <li>Misconfiguration.</li> + <li>Uncleared buffers, shared memory, files, etc.&nbsp;</li> + <li>Problems between the interaction of two different entities that cause unexpected + behavior.</li> + </ol> + <div> + Perform testing on them to look for a security problem.&nbsp; + </div> + + + + + + + + + + + + + The application exposes unnecessary services which increase the attack surface. + + + + + + + + + + + + A weak TLS cipher suite could allow an attacker to sniff the transmission by exploiting this weakness. + + + + + + + + + + + + + + <p>Use an account with only the minimum set of permissions required to access the data store. The account should not be able to perform operations that are not explicitly required by the component that performs these operations. For example, if a web application needs to read data from certain tables and insert and update data from others, then a database account with only those specific permissions should be used by the application server.</p> + + + + + + + + + + + + + + + + + + <p></p> +<ul> + <li>Identify the user account used by external components to access this data store.</li> + <li>Check which permissions are assigned to this user account.</li> + <li>Verify that they are the minimum set of permissions necessary and no unnecessary permissions are assigned.</li> +</ul> +<p></p> + + + + + + + + + + + + + + + + + <p>If an unauthorized change is detected, the device should alert the user/administrator to the issue and should not connect to wider networks than those necessary to perform the alerting function.</p> +<p><b><font size="4">Rationale:<br /></font></b> IoT device software should be verified using secure boot mechanisms. When an unauthorized change is detected, the device should alert operators to the issue. The issue notification should not result in connections to wider networks than necessary to deliver the alert.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that, if an unauthorized change is detected, the device alerts the user/administrator to the issue and doesn't connect to wider networks than those necessary to perform the alerting function.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>All network communication keys are stored securely, in accordance with industry standards such as <span class="caps">FIPS</span> 140, or similar.</p> +<p><b><font size="4">Rationale:<br /></font></b> Network communication keys should be securely stored in accordance with industry standards. </p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that cryptographic keys for update integrity protection and confidentiality are securely managed in accordance with industry standards such as <span class="caps">FIPS</span> or 140-2.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>All OS command line access to the most privileged accounts has been removed from the Operating System.</p> +<p><b><font size="4">Rationale:<br /></font></b> The most privileged account or "superuser" of the device's OS is a special user account used for system administration, capable of making unrestricted and potentially adverse system-wide changes. Due to this, it is often recommended that no one use the "superuser" as their normal user account, and any access from the command line should be removed.</p> +<p><b><font size="4">Remediation:<br /></font></b> Remove all OS command line access from the most privileged accounts of the Operating System.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>All the applicable security features supported by the Operating System are enabled.</p> +<p><b><font size="4">Rationale:<br /></font></b> Operating System security features are essential to ensure OS security and to prevent various types of malicious actions and attacks such as malware, viruses, etc. Therefore all the applicable security features should be enabled.</p> +<p><b><font size="4">Remediation:<br /></font></b> Enable all the applicable security features supported by the Operating System such as updates, anti-spyware and anti-virus protection, etc.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>For products with one or more network interfaces, any unintended packet forwarding function should be blocked.</p> +<p><b><font size="4">Rationale:<br /></font></b> Forwarding refers to the router-local action of transferring the packet from an input link interface to the appropriate output link interface. When applications allow user input to forward requests between different parts of the site, the application must check that the user is authorized to access the <span class="caps">URL</span>, to perform the functions it provides, and that it is an appropriate <span class="caps">URL</span> request. If the application fails to perform these checks, an attacker-crafted <span class="caps">URL</span> may pass the application's access control check and then forward the attacker to an administrative function that is not normally permitted.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that any unintended packet forwarding function is blocked to stop undesirable communication paths.</p> + + + + + + + + + + + + <p>The best way to find out if an application has any unvalidated redirects or forwards is to:</p> +<p></p> +<ol> + <li>Review the code for all redirect or forward uses (called transfer in .NET). For each use, identify if the target <span class="caps">URL</span> is included in any parameter values. If the target <span class="caps">URL</span> isn't validated against a whitelist, you are vulnerable.</li> + <li>Also, spider the site to see if it generates any redirects (<span class="caps">HTTP</span> response codes 300-307, typically 302). Look at the parameters supplied prior to the redirect to see if they appear to be a target <span class="caps">URL</span> or a piece of such a <span class="caps">URL</span>. If so, change the <span class="caps">URL</span> target and observe whether the site redirects to the new target.</li> + <li>If the code is unavailable, check all parameters to see if they look like part of a redirect or forward <span class="caps">URL</span> destination and test those that do.</li> +</ol> +<p></p> + + + + + + + + + + + + + + + + + <p>Applications are operated at the lowest privilege level possible. Rationale: Applications follow the principle of the least privilege in every module (such as processes, users, etc.), which means that they must be able to access only the information and resources that are necessary for their legitimate purpose. Doing this minimizes the amount of damage caused if an attacker successfully exploits any known or future vulnerability. Remediation: Configure the Operating System to operate applications at the lowest privilege level possible.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>As far as reasonably possible, devices should remain operating and locally functional in the case of a loss of network connection and should recover cleanly in the case of restoration of a loss of power. Devices should be able to return to a network in a sensible state and in an orderly fashion, rather than in a massive scale reconnect.</p> + + <p>Continuous operation ensures that devices provide basic functionality without relying on other systems or networks. It is important to note here that a device should only be required to supply basic features when the network is inaccessible. Devices should provide continuous operation if the network or the Internet is inaccessible. Manual controls where needed, either physical buttons - or digital - on the device itself.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>A software update package has its digital signature, signing certificate and signing certificate chain verified by the device before the update process begins.</p> +<p><b><font size="4">Rationale:<br /></font></b> Code signing is the process of using a certificate-based digital signature to sign executables and scripts in order to confirm the software author and ensure that the code has not been altered or corrupted since it was signed. The Certificate Authority (CA) acts as a trusted third party, trusted both by the software author and by the device, and verifies the entity's identity. A chain of trust is established by validating each certificate from the end entity to the root certificate.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the device verifies the digital signature, the signing certificate and the signing certificate chain of a software update before the update process begins.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Files and directories are set to appropriate access privileges on a need-to-access basis.</p> +<p><b><font size="4">Rationale:<br /></font></b> Most Operating Systems have methods to assign permissions or access rights to specific users or groups. These permissions control the ability of the users to view, change, navigate, and execute the contents of the file system. Therefore, files and directories should be set to appropriate access privileges according to the principle of the least privilege.</p> +<p><b><font size="4">Remediation:<br /></font></b> Set files, directories and persistent data to the minimum access privileges required to function correctly.</p> + + + + + + + + + + + + + + + + + + + + + + + + + <p>If there is a loss of communications, it should not compromise the integrity of the device.</p> +<p><b><font size="4">Rationale:<br /></font></b> A device is expected to lose communication periodically, but when it does it should be in a safe way and all security controls and settings should remain in effect. The integrity of a system should remain intact even if the network connection has been lost. Therefore, the device's integrity should be ensured regardless of whether or not it is connected to a network. </p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that, if there is a loss of communication, it does not compromise the integrity of the device.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>A number of attacks rely on brute-force techniques to send large volumes of requests to enumerate or attempt to exploit flaws in an application, for example, sending common passwords to multiple target accounts within an application. By profiling normal traffic volumes, and applying rate limiting, the application can be built to actively mitigate such attacks.&nbsp;</p><ul><li>Connection rate-limiting based on the source IP address can be used to restrict attacks against the authentication or registration systems. Multiple failures (or attempts) from a single IP should result in temporarily blocking or dropping traffic from the source. Note however that some corporate and ISP environments may place multiple valid and discrete clients behind the same IP address, resulting in false-positives.</li><li>Attackers may use botnets and other IP masking techniques to deliver attacks to avoid IP based rate-limiting. To mitigate this class of attack, Indicators of Compromise should be monitored (for example a higher rate of login failures than usual), and appropriate actions taken. For example, when the application detects active brute-force attacks, a Web Application Firewall (WAF) or other intermediate devices could be used to block attacks sharing a signature from pattern matching or deep packet inspection (e.g. HTTP headers or common passwords across multiple accounts). Similarly, the application could respond by requiring a CAPTCHA, cookie, or Javascript challenge when an attack is detected.</li></ul><p><strong>Remediation:&nbsp;</strong></p><p>Implement the mechanisms to lockout accounts:&nbsp;</p><ul><li>When the application detects a set number of failure login attempts, the account shall be locked for a certain time period. This period shall be increased as per each new failed attempt up to an hour as maximum.</li><li>When the application detects an account is locked more times than usual, this account should be disabled (no more than 100 failure attempts). A disabled account should only be restored by an administrator.</li><li>When the application detects active brute-force attacks, the application shall require a CAPTCHA, cookie, or JavaScript challenge before attempting authentication.</li><li>Only accept those authentication requests that come from a white list of IP addresses from which the user has been successfully authenticated before.</li><li>If the user successfully authenticates, the previous failed attempts shall be reset for that user from the same IP address.</li></ul><p>For API rate limiting there are several methods that can be applied:</p><ul><li>Throttling: based on certain rules a request can be slowed down considerably to allow other requests to be served first</li><li>Request queues: limit the number of request in a given period of time (e.g. five requests per second)</li><li>Token bucket: commonly used in public APIs, each user has a number of tokens to call the API. After all tokens have been used the user has to wait until the number of tokens are renewed</li><li>Fixed window: requests that exceed a fixed limit in a period of time will be blocked temporarily</li><li>Leaky bucket: requests are put in a FIFO queue and will be served accordingly</li><li>Sliding log: a time-stamped log is used to identify user actions, so the rate limit can be applied for a specified user to avoid more than X actions in a period of time</li><li>Sliding window: combination of fixed window and sliding log</li></ul><p>From a user perspective, implementing timeouts and calling paginated endpoints can reduce the impact of having a very large response that can freeze the system.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Use tools like THC-Hydra, OWASP ZAP or Burp Suite to simulate brute force attacks against the login function.&nbsp;</p><ul><li>Perform a simulation of the attack against the login function.</li><li>Verify the function is blocked for your source after n attempts.</li><li>Verify there is a log alerting function for an unusual amount of failed login attempts, even if they originated from different sources.</li></ul> + + + + + + + + + + + + + + + + + <p>All unnecessary accounts or logins have been disabled or removed from the software at the end of the software development process. E.g. Development or debug accounts.</p> +<p><b><font size="4">Rationale:<br /></font></b> Interactive Operating System accounts have been used during the software development process and in most cases have high privileges. This gives them access to critical resources and consequently they can be exploitable if they remain active after the development process. Therefore, any interactive accounts or logins should be disabled or eliminated at the end of the software development process.</p> +<p><b><font size="4">Remediation:<br /></font></b> Disable or remove all interactive Operating System accounts or logins at the end of the development process.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>The product's OS kernel and its functions are prevented from being called by external product level interfaces and unauthorized applications.</p> +<p><b><font size="4">Rationale:<br /></font></b> The kernel is a computer program that is the core of a computer's Operating System, with complete control over everything in the system. Therefore only internal calls should be allowed and only from authorized applications in order to minimize the exposed attack surface.</p> +<p><b><font size="4">Remediation:<br /></font></b> Configure the product's OS kernel and its functions to prevent it being called by external product level interfaces and unauthorized applications.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + <p>If passwords must absolutely be stored in a local file, then password file(s) are owned by - and are only accessible to - and writable by the most privileged account of the device's OS.</p> +<p><b><font size="4">Rationale:<br /></font></b> The most privileged account or "superuser" of the devices' OS is a special user account used for system administration, capable of making unrestricted and potentially adverse system-wide changes. Due to this, it is often recommended that no-one use the "superuser" as their normal user account.&nbsp;</p> +<p>According to the principle of least privilege, most users and applications run under an ordinary account to perform their work, and must be able to access only the information and resources that are necessary for their legitimate purpose. Thus, if a user only needs to be able to view a particular file, that user should have read-only access to it and should not be able to write to that file. Therefore all files that contain critical or sensitive data, like the password file(s), should have their ownership and access/write permissions set to the most privileged account of the device's OS.</p> +<p><b><font size="4">Remediation:<br /></font></b> Set ownership and access/write permissions for password file(s) to most privileged account of the device's OS.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;">Passwords used either as a sole verification credentials, or as part of a multi-factor authentication, are a key aspect of application security, and strong password selection should be encouraged and enforced. The application should allow flexibility in user password selection, and enforce minimum criteria for password quality. This should include:</span></p> +<ul> + <li>Minimum password length requirements, to mitigate brute-force and dictionary attacks.</li> + <li>Encourage use of pass-phrases using multiple words, achieving longer passwords more resistant to attack.</li> + <li>Enforce use of mixed case, numeric and/or special characters to increase complexity.</li> + <li>Prevent or discourage use of dictionary words and common passwords through black-lists. For example, a set of commonly used passwords can be found on SecLists at <a href="https://github.com/danielmiessler/SecLists/tree/master/Passwords">https://github.com/danielmiessler/SecLists/tree/master/Passwords&nbsp;</a></li> +</ul> +<p><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;"><b>Password length:</b></span></p> +<p><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;">Password length considers the minimum and maximum length of characters comprising the password of your users. For ease of changing this length, its implementation can be configurable possibly using a properties file or xml configuration file.</span></p> +<ul> + <li><b>Minimum length. </b></li> + <ul> + <li>Memory secrets shall be at least 8 characters long. </li> + <li>Memory secrets generated automatically shall be at least 6 numeric characters.</li> + </ul> + <li><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;"><b>Maximum length. </b>People tend to forget their passwords easily. The longer the password, the more likely people are to enter them incorrectly for the system. However, long pass-phrases can be easily remembered, and should not be prevented through unnecessarily strict upper restrictions on length. </span><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;">Passwords with 64 characters or longer shall be permitted.&nbsp;</span></li> +</ul> +<b> + <ul> + </ul><p><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;">Password Complexity:</span></p></b> +<ul> + <ul> + </ul> + <li>Passwords with consecutive multiple spaces shall be coalesced and converter into only one space. After this modification, the password length shall be at least 12 characters long.</li> + <li>Unicode characters shall be allowed in the password. A single Unicode code point is considered a character.</li> + <li>Reject those passwords whose are commonly used and they have been already been leaked in a previous compromise. You may choose to block the top 1000 or 10000 most common passwords which meet the above length requirements and are found in compromised password lists. The following link contains the most commonly found passwords: <a href="https://github.com/danielmiessler/SecLists/tree/master/Passwords">https://github.com/danielmiessler/SecLists/tree/master/Passwords</a></li> + <li>Actual passwords must not be stored, to protect them against brute forcing if the database is compromised Screen reader support enabled.</li> +</ul> +<ul> +</ul> +<p><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;"><b>Password Topologies:</b></span></p> +<ul> + <li>Ban commonly used password topologies.</li> + <li>Force multiple users to use different password topologies.</li> + <li>Require a minimum topology change between old and new passwords.</li> +</ul> +<p><span style="font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline;"><b>Additional Information:</b></span></p> +<ul> + <li>Make sure that every character the user types in is actually included in the password. We've seen systems that truncate the password at a length shorter than what the user provided (e.g., truncated at 15 characters when they entered 20).</li> + <li>As application's require more complex password policies, they need to be very clear about what these policies are. The required policy needs to be explicitly stated on the password change page</li> + <li>If the new password doesn't comply with the complexity policy, the error message should describe EVERY complexity rule that the new password does not comply with, not just the 1st rule it doesn't comply with.</li> +</ul> +<ul> +</ul> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <ol> + <li>Verify the passwords comply with the company policy for strong passwords.</li> + <li>If there is no policy, check the strength against industry standards as NIST or OWASP.</li> +</ol>An example of strong password policy (&nbsp; +<a href="https://www.owasp.org/index.php/Authentication_Cheat_Sheet#Implement_Proper_Password_Strength_Controls">from the OWASP Authentication Cheat Sheet</a>) is: Password must meet at least 3 out of the following 4 complexity rules: +<ul> + <li>at least 1 uppercase character (A-Z)</li> + <li>at least 1 lowercase character (a-z)</li> + <li>at least 1 digit (0-9)</li> + <li>at least 1 special character (punctuation). Do not forget to treat space as special characters too</li> + <li>at least 10 characters</li> + <li>at most 128 characters</li> +</ul>not more than 2 identical characters in a row (e.g., 111 not allowed). + + + + + + + + + + + + + + + + + <p>The attack surface, and therefore susceptibility to attack, should be minimized. In particular, services that are not explicitly required for the proper operation of the server or service should be disable, or access to them be restricted.&nbsp;</p> +<p></p> +<ul> + <li>Any service, feature, or functionality that is not required should be disabled or removed. This applies equally to the operating system, middleware, web-server, or other software in use.</li> + <li>Access to the server and remaining services (in particular those that cannot be disabled or removed) should be controlled use host-based and/or network security controls; for example host firewalls, network firewalls, routers, or switches.</li> +</ul> +<p></p> + + + + + + + + + <ul> + <li>Conduct a host review to confirm the software and services running and exposed on the system. - Support the host review with network based scans across at least all <span class="caps">TCP</span> and <span class="caps">UDP</span> ports (0-65535), together with <span class="caps">RPC</span> and other remote call services.&nbsp;</li> + <li>Verify the running and accessible services against expected configuration for the system, and against the security principal of 'least privilege'.</li> + <li>Where a network or host based firewall is in use, it should be configured to drop connections rather than reject them. i.e. port-scans should identify only 'open' or 'filtered' services; no service should be identifiably 'closed'.&nbsp;</li> + <li>Note however that different network based security solutions exhibit different behavior in this regard.</li> +</ul> + + + + + + + + + + + + + + + + + <p>Access to services should be restricted to expected sources, limiting the exposure of the service and its attack surface; and the likelihood of a malicious actor gaining access to the system.&nbsp;</p> +<p>Apply network layer security controls so that only the necessary and expected IP addresses are permitted access to connect to the service.</p> + + + + + + + + + + + + + + + + + + + + + + + + + <p></p> +<ul> + <li>Check that the network access to the service is only allowed for the components which need it.</li> + <li>There should be a firewall protecting the network segment in which the service is installed.</li> + <li>Check that the firewall restricts all access and only permits the minimum connections required using the principal of least privilege.</li> +</ul> +<p></p> + + + + + + + + + + + + + + + + + <span><p><span style="font-size: 11pt; font-family: Arial; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">To protect user passwords from accidental or deliberate exposure, the application should store cryptographic hashes of passwords instead of the actual passwords.</span></p> + <ul> + <li><p><span style="font-size: 11pt; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">Do not store actual passwords in the data storage for verification during login.</span></p></li> + <li><p><span style="font-size: 11pt; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">Instead, create a cryptographic hash of the password using a strong hash function that includes a work factor and a built in 'salt' value, like bcrypt or scrypt. This reduces the risk of brute-force attacks and rainbow tables, and allows flexibility to adapt the hashing function to balance security and performance. Establish some restrictions, depending on the used function:</span></p></li> + <ul> + <li><p><span style="font-size: 11pt; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">The salt length must be at least 32 bits.</span></p></li> + <li><p><span style="font-size: 11pt; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">If bcrypt is used, the work factor must be as large as verification server performance allows, typically at least 13.</span></p></li> + <li><p><span style="font-size: 11pt; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">If we use the PBKDF2, the iteration count shall be as large as verification server performance allows, and it will typically allow at least 100,000 iterations.</span></p></li> + </ul> + <li><p><span style="font-size: 11pt; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">Alternatively, use a strong hash function like SHA-384 together with a unique 'salt' value for every account.&nbsp; Apply multiple iterations of the hash to create the additional computational work required to mitigate brute-force attacks. The secret 'salt' value must be stored separately from the hashed passwords.</span></p></li> + </ul></span> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <span> + <ol> + <li><span><span style="font-size: 11pt; white-space: pre-wrap; font-family: Arial;">Review the mechanism for matching credentials from the client-side to stored credentials for a user.&nbsp;</span></span></li> + </ol> + <ul> + <ul> + <li><span>Best practices dictate that the system should match a strong salted hash (SHA256 or greater and a unique hash for each account) to the one stored at the time the password was set.</span></li> + <li>For example, it is recommended to use a system salt of 32 bits or more, a keyed HMAC hash using <span style="font-family: Arial; font-size: 11pt; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;">SHA-2 or SHA-3,</span><span style="font-family: Arial; font-size: 11pt; font-variant-numeric: normal; font-variant-east-asian: normal; vertical-align: baseline; white-space: pre-wrap;"> and the stretching algorithm PBKDF2 with at least 10,000 iterations.</span></li> + </ul> + </ul> + <ol> + <li><span><span style="font-size: 11pt; white-space: pre-wrap; font-family: Arial;">Confirm the stored credential is not a clear-text password</span></span></li> + <li><span><span style="font-size: 11pt; white-space: pre-wrap; font-family: Arial;">Confirm the stored credential is not an encrypted password which may be recovered (decrypted) at the server- or client- side.</span></span></li> + <li><span><span style="font-size: 11pt; white-space: pre-wrap; font-family: Arial;">Confirm that the hashing algorithm in use is cryptographically secure (e.g. is not SHA1/MD5 or a flawed algorithm).</span></span></li> + <li><span><span style="font-size: 11pt; white-space: pre-wrap; font-family: Arial;">Confirm that the hash is created from the password together with a unique salt value for the user. This prevents the use of rainbow tables, or the identification of password collisions among users.</span></span></li> + <li><span><span style="font-size: 11pt; white-space: pre-wrap; font-family: Arial;">Consider using an algorithm with a configurable work factor, set to a high value to inhibit attacks.</span></span></li> + </ol></span> +<span></span> + + + + + + + + + + + + + + + + + <p>The trusted execution environment, or <span class="caps">TEE</span>, is an isolated area on the main processor of a device that is separated from the main operating system. It ensures that data is stored, processed and protected in a trusted environment. <span class="caps">TEE</span> provides protection for any connected "thing" by enabling end-to-end security, protected execution of authenticated code, confidentiality, authenticity, privacy, system integrity and data access rights.</p> + + <p>It is already used widely in complex devices, such as smartphones, tablets and set-top boxes, and also by manufacturers of constrained chipsets and IoT devices in sectors such as industrial automation, automotive and healthcare, who are now recognizing its value in protecting connected things.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>The Operating System is separated from the application(s) and is only accessible via defined secure interfaces.</p> +<p><b><font size="4">Rationale:<br /></font></b> Every device that is to be operated by an individual requires a user interface, usually referred to as a shell. The shell is the outermost layer around the Operating System kernel and is used to access its services, including file management, process management (running and terminating applications), batch processing, and the operating system monitoring and configuration.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the Operating System is separated from the application(s) and is only accessible via defined secure interfaces.</p> + + + + + + + + + + + + + + + + + + + + + + + + + <p>The product allows an authorized factory reset of the device's authorization information.</p> +<p><b><font size="4">Rationale:<br /></font></b> The devices are often authorized to an account, based on license agreements with service providers. The device should have the option to be deauthorized and reset in case the user no longer wants to use it or if the user wants to authorize the device to another account.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the product allows an authorized factory reset of the device's authorization information.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>The product allows the factory issued or <span class="caps">OEM</span> login accounts to be disabled, erased or renamed.</p> +<p><b><font size="4">Rationale:<br /></font></b> The factory issued or <span class="caps">OEM</span> login accounts should be disabled, erased or renamed. This is to avoid the type of attacks where factory default logins and passwords are published on the web, which allows attackers to mount very simple scanning and dictionary attacks on devices.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the product allows the factory issued or <span class="caps">OEM</span> login accounts to be disabled, erased or renamed when installed or commissioned.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>The product has measures to prevent unauthenticated software and files being loaded onto it. In the event that the product is intended to allow unauthenticated software, such software should only be run with limited permissions and/or sandbox.</p> +<p><b><font size="4">Rationale:<br /></font></b> The product should have software execution control to limit which software applications and services are able to run on the Operating System and to control the exposed attack surface of the system by reducing the number of potential vulnerabilities.</p> +<p><b><font size="4">Remediation:<br /></font></b> Software execution control is used in combination with an administrator defined set of rules, that define which software a non-privileged user is able to execute. These rules can be based on:</p> +<p></p> +<ul> + <li>Software's properties e.g. name, signature, etc.</li> + <li>More generic rules e.g. permitting execution of files based on their storage location on the system.</li> +</ul> +<p></p> +<p>In the event that the product is intended to allow unauthenticated software, such software should only be run with limited permissions and/or sandbox (security mechanism which executes the software in a restricted operating system environment).</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>The product only allows controlled user account access. Access using anonymous or guest user accounts is not supported without justification.</p> +<p><b><font size="4">Rationale:<br /></font></b> Product should not allow any unjustified anonymous or guest access in order to prevent potential theft or disclosure of sensitive information, therefore only controlled user account access should be permitted.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the product only allows controlled user account access and access using anonymous or guest user accounts is not supported without justification.</p> + + + + + + + + + + + <p>The best way to find out if an application has failed to properly restrict function level access is to verify every application function:</p> +<p></p> +<ol> + <li>Does the UI show navigation to unauthorized functions?</li> + <li>Are server side authentication or authorization checks missing?</li> + <li>Are server side checks done that solely rely on information provided by the attacker?</li> +</ol> +<p></p> +<p>Using a proxy, browse your application with a privileged role. Then revisit restricted pages using a less privileged role. If the server responses are alike, you're probably vulnerable. Some testing proxies directly support this type of analysis.</p> +<p>You can also check the access control implementation in the code. Try following a single privileged request through the code and verifying the authorization pattern. Then search the codebase to find where that pattern is not being followed.</p> +<p> Automated tools are unlikely to find these problems.</p> + + + + + + + + + + + + + + + + + <p>The product prevents unauthorized connections to itself or other devices the product is connected to.</p> +<p><b><font size="4">Rationale:<br /></font></b> A significant vulnerability is networked system accessibility. Because by definition IoT systems are connected to the Internet, attacks can be conducted remotely, either by direct access to networked control interfaces, or by downloading malware to devices. Due to this, the product should prevent unauthorized connections to itself or other devices the product is connected to, for example by means of firewalls.</p> +<p>A firewall is software used to maintain the security of a private network and block unauthorized access to or from private networks and are often employed to prevent unauthorized Web users or malware from gaining access to private networks connected to the Internet.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the product prevents unauthorized connections to itself or other devices the product is connected to. For example, there is a firewall on each interface and internet layer protocol.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Monolithic kernels are large in size and the structure - or lack of structure - makes them difficult to change and maintain without affecting other parts of the kernel. The microkernel approach is based on the idea of only placing essential core real-time operating system functions in the kernel, and another functionality is designed in modules that communicate through the kernel via minimal, well-defined interfaces. The microkernel approach results in easily reconfigurable systems without the need to rebuild the kernel.</p> + + <p>Modern mainstream operating systems (OSs) are designed for functionality, speed and ease of development. With the increase of functionality and support for more diverse hardware, their size and complexity keeps growing. These OSs have a monolithic structure, with most services contained in the kernel, i.e. the part of the system that is executed in the privileged mode of the hardware. The result is an explosive growth of the amount of privileged code.</p> + + <p>Any code executing in privileged mode can bypass security and is therefore inherently part of a system's trusted computing base (<span class="caps">TCB</span>). Hence, we are experiencing a rapid growth of the <span class="caps">TCB</span> of mainstream OSs. As almost all code is buggy, and the number of bugs grows with the size of the code base, this <span class="caps">TCB</span> growth is bound to lead to a growth in the number of vulnerabilities.</p> + + <p>The microkernel design, with its ability to reduce the <span class="caps">TCB</span> size, contains faults and encapsulates untrusted components, and therefore is, in terms of security, superior to monolithic systems.</p> + + <p>Examples of microkernel architectures are: Mach, L4, <span class="caps">QNX</span>, <span class="caps">MINIX</span>, <span class="caps">IBM</span> K42.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Password entry follows industry standard practice such recommendations of the 3GPP TS33.117 Password policy. [ref. 1] or <span class="caps">NIST</span> SP800-63b [ref. 2] or <span class="caps">NCSC</span> [Ref 3] on password length, characters from the groupings and special characters.</p> +<p><b><font size="4">Rationale:<br /></font></b> A key concern when using passwords for authentication is password strength. A "strong" password policy makes it difficult or even improbable for one to guess the password through either manual or automated means. The main characteristics that define a strong password are length, complexity and topology (the pattern that a password is written).</p> +<p>Passwords should not be vulnerable to dictionary attack, which is a type of brute force attack technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary. </p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the product/system enforces passwords to be compliant with 3GPP TS33.117 or similar (<span class="caps">NIST</span> SP800-63b [ref. 2] or <span class="caps">NCSC</span> [Ref 3]) recommendations to include: At least eight characters in length, characters from the groupings: alpha, numeric and special characters and should not be vulnerable to dictionary attack.</p> + + + + + + + + + + + + + <p>Please see reference [3] for <span class="caps">OWASP</span> testing methodology link.</p> + + + + + + + + + + + + + + + + + <p>The product will not allow new passwords containing the user account name with which the user account is associated.</p> +<p><b><font size="4">Rationale:<br /></font></b> Weak passwords are a serious threat to computer security, and specifically the guessable ones should be forbidden through organizational policy and suitable technical measures. Using the user account name as password or part of a password is completely insecure and makes a brute-force attack against the login interface much easier.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the product does not allow new passwords containing the user account name with which the user account is associated.</p> + + + + + + + + + + + + <p>Please see reference [2] for <span class="caps">OWASP</span> testing methodology link.</p> + + + + + + + + + + + + + + + + + <p>Where real-time expectations of performance are present, update mechanisms must not interfere with meeting these expectations.</p> +<p><b><font size="4">Rationale:<br /></font></b> Software update mechanisms may reduce the device's performance when running simultaneously with other processes.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that update mechanisms are not interfering with performance expectations, e.g. by running update processes at low priority.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>If a factory reset is leveraged the device should warn that the secure operation may be compromised unless updated.</p> +<p><b><font size="4">Rationale:<br /></font></b> Software updates perform numerous tasks and they are available for both Operating System and individual software programs. Updates can apply a wide range of revisions on a system such as adding new features, removing outdated features, updating drivers, fixing bugs, and most importantly, fixing security holes. For that reason, after a factory reset, the device may be reverted to an earlier, out-of-date and possibly insecure version and should be updated again to ensure its secure operation.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that if a factory reset is applied the device warns that the secure operation may be compromised unless updated.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Where a user interface password is used for login authentication, the factory issued or reset password is unique to each device in the product family.</p> +<p><b><font size="4">Rationale:<br /></font></b> Where a device needs a password to log in, a default password is usually provided that allows the device to be accessed during its initial setup, and then the user will be prompted to change it after he/she first logs on. An attacker with knowledge of the default password can log in, usually with root or administrative privileges and perform malicious actions. Therefore, all initial passwords and factory reset passwords issued should be unique to each user.</p> +<p><b><font size="4">Remediation:<br /></font></b> Apply a process which ensures that the initial user interface password or factory reset password is unique to each device in the product family. If a password-less authentication is used the same principles of uniqueness apply.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Where passwords are entered on a user interface, the actual pass phrase is obscured by default.</p> +<p><b><font size="4">Rationale:<br /></font></b> Password masking is the practice of obscuring the password characters when entered on a user interface, more often behind bullets (.), asterisks (*) or similar camouflaging characters. The idea behind password masking is primarily the protection against "shoulder surfing", in other words to prevent nearby observers reading the password "over the user's shoulder" and thus stolen, which is crucial for mobile devices. A second reason is to obscure the password in cases of shared screens, projectors, etc.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that the actual pass phrase is obscured by default where entered on a user interface.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Where the CoAP protocol is used, it is protected by a <span class="caps">DTLS</span> connection with no known cipher vulnerabilities.</p> +<p><b><font size="4">Rationale:<br /></font></b> Constrained Application Protocol (CoAP) is a service layer protocol that is intended for use in resource-constrained internet devices, such as wireless sensor network nodes. CoAP is designed to easily translate to <span class="caps">HTTP</span> for simplified integration with the web, whilst also meeting specialized requirements such as multicast support, very low overhead, and simplicity, which are extremely important for IoT.</p> +<p>Because CoAP is built on top of <span class="caps">UDP</span> not <span class="caps">TCP</span>, <span class="caps">SSL</span>/TLS are not available to provide security. Datagram Transport Layer Security (<span class="caps">DTLS</span>) provides the same assurances as <span class="caps">TLS</span> but for transfers of data over <span class="caps">UDP</span>.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that, where the CoAP protocol is used, it is protected by a <span class="caps">DTLS</span> connection with no known cipher vulnerabilities.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Where the <span class="caps">MQTT</span> protocol is used, it is protected by a <span class="caps">TLS</span> connection with no known cipher vulnerabilities.</p> + <p><b><font size="4">Rationale:<br></font></b> <span class="caps">MQTT</span> (Message Queue Telemetry Transport), is a very lightweight and widely used messaging and information exchange protocol for IoT devices throughout the world. The <span class="caps">MQTT</span> communication can be encrypted using <span class="caps">TLS</span> / <span class="caps">SSL</span> protocols, ensuring a secure and safe communication.</p> + <p><b><font size="4">Remediation:<br></font></b> Ensure that where the <span class="caps">MQTT</span> protocol is used, it is protected by a <span class="caps">TLS</span> connection with no known cipher vulnerabilities.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Where the product has a secure source of time there is a method of validating its integrity.</p> +<p><b><font size="4">Rationale:<br /></font></b> Network Time Protocol (<span class="caps">NTP</span>) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. In operation since before 1985, <span class="caps">NTP</span> is one of the oldest Internet protocols in current use. <span class="caps">NTP</span>sec is a fork implementation of <span class="caps">NTP</span> that has been systematically security-hardened.</p> +<p><b><font size="4">Remediation:<br /></font></b> Ensure that where the product has a secure source of time there is a method of validating its integrity such as <span class="caps">NTP</span>sec (please see reference <span class="caps">URL</span> [1]).</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>The ability to remotely recover from these situations should rely on a known good state, such as locally storing a known good version to enable safe recovery and updating of the device. This will avoid denial of service and costly recalls or maintenance visits, whilst managing the risk of potential takeover of the device by an attacker subverting update or other network communications mechanisms.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Attackers exploit vulnerabilities in the service and gain access to data, or to + services for which they are not authorized. + + + + + + + + + + + + + + + + + + + + + + + + + + If attackers gain access to the application or the application server, then they could + directly access the data store using the privilege assigned to the application. + <div> + If the data store user account used by the application has elevated privileges then this + could allow attackers to perform unauthorized operations such as dropping tables, + modifying the database schema or modifying data. + </div> + + + + + + + + + + + + + + + + + + + + + + + + <p>An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources. If access control mechanisms are absent or misconfigured, a user may be able to access resources that are intended only for higher level users. An adversary may be able to exploit this to utilize a less trusted account to gain information and perform activities reserved for more trusted accounts.&nbsp;</p> +<p>This attack differs from privilege escalation and other privilege stealing attacks in that the adversary never actually escalates their privileges but instead is able to use a lesser degree of privilege to access resources that should be (but are not) reserved for higher privilege accounts. Likewise, the adversary does not exploit trust or subvert systems - all control functionality is working as configured but the configuration does not adequately protect sensitive resources at an appropriate level.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + If attackers compromise the server that hosts the service or data, then the data and + the service itself could be at risk of compromise. The server could be compromised + through any of the services that it exposes. + + + + + + + + + + + + + + + + + + + + + + + + <p>In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions.&nbsp;</p> +<p>The key factor in this attack is the attackers' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. While the defender cannot control the resources available to an attacker, they can control the size of the secret space.&nbsp;</p> +<p>Creating a large secret space involves selecting one's secret from as large a field of equally likely alternative secrets as possible and ensuring that an attacker is unable to reduce the size of this field using available clues or cryptanalysis. Doing this is more difficult than it sounds since eliminating patterns (which, in turn, would provide an attacker clues that would help them reduce the space of potential secrets) is difficult to do using deterministic machines, such as computers.&nbsp;</p> +<p>Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information. For example, a secret space that will likely take hundreds of years to explore is likely safe from raw-brute force attacks.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Attackers could perform a brute force attack against the login function by choosing a + simple password that users are likely to use for the site, and that meets the site's + password policy. + <div> + &nbsp; + <br />Then they could use an automated script to iterate through a list of + possible usernames. &nbsp;These could be obtained from a dictionary, or generated + through pure brute force means. &nbsp; + </div> + <div> + <br /> + </div> + <div> + This type of attack cannot be defended against using an account lockout policy because + each username is only attempted once. + </div> + + + + + + + + + + + + + + + + + + + + + + + + <p>An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources. If access control mechanisms are absent or misconfigured, a user may be able to access resources that are intended only for higher level users. An adversary may be able to exploit this to utilize a less trusted account to gain information and perform activities reserved for more trusted accounts.&nbsp;</p> +<p>This attack differs from privilege escalation and other privilege stealing attacks in that the adversary never actually escalates their privileges but instead is able to use a lesser degree of privilege to access resources that should be (but are not) reserved for higher privilege accounts. Likewise, the adversary does not exploit trust or subvert systems - all control functionality is working as configured but the configuration does not adequately protect sensitive resources at an appropriate level.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>An adversary causes the target to allocate excessive resources to servicing the attackers' request, thereby reducing the resources available for legitimate services and degrading or denying services. Usually, this attack focuses on memory allocation, but any finite resource on the target could be the attacked, including bandwidth, processing cycles, or other resources.&nbsp;</p> +<p>This attack does not attempt to force this allocation through a large number of requests (that would be Resource Depletion through Flooding) but instead uses one or a small number of requests that are carefully formatted to force the target to allocate excessive resources to service this request(s). Often this attack takes advantage of a bug in the target to cause the target to allocate resources vastly beyond what would be needed for a normal request.</p> + + + + + + + + + + + + + + + + + + + + + + + + + A compromise of the storage system medium itself (device, server or database) could + allow attackers full access to the data + stored, including authentication credentials such as passwords. + + + + + + + + + + + + + + + + + + + + + + + + <p>An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources. If access control mechanisms are absent or misconfigured, a user may be able to access resources that are intended only for higher level users.&nbsp;</p> +<p>An adversary may be able to exploit this to utilize a less trusted account to gain information and perform activities reserved for more trusted accounts. This attack differs from privilege escalation and other privilege stealing attacks in that the adversary never actually escalates their privileges but instead is able to use a lesser degree of privilege to access resources that should be (but are not) reserved for higher privilege accounts. Likewise, the adversary does not exploit trust or subvert systems - all control functionality is working as configured but the configuration does not adequately protect sensitive resources at an appropriate level.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers will often attempt to exploit unpatched flaws or access default accounts, unused pages, unprotected files and directories, etc., to gain unauthorized access or knowledge of the system.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers will often attempt to exploit unpatched flaws or access default accounts, unused pages, unprotected files and directories, etc., to gain unauthorized access or knowledge of the system.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + The product lacks key security features such as protection against tampering or unprotected storages, or it has other misconfigurations and omissions during production. + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers will often attempt to exploit unpatched flaws or access default accounts, unused pages, unprotected files and directories, etc., to gain unauthorized access or knowledge of the system.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Every point of network interaction or other service is a potential part of the attack surface having exploitable vulnerabilities.</p> + + + + + + + + + + + + + + + + + + + + + + + + + The product lacks key security features such as protection against tampering or unprotected storages, or it has other misconfigurations and omissions during production. + + + + + + + + + + + + + + + + + + + + + + + + + <p>An attacker monitors information transmitted between logical or physical nodes of a network. The attacker need not be able to prevent reception or change content but must simply be able to observe and read the traffic. The attacker might precipitate or indirectly influence the content of the observed transaction, but the attacker is never the intended recipient of the information. Any transmission medium can theoretically be sniffed if the attacker can listen to the contents between the sender and recipient.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. + +Many communication channels can be "sniffed" by attackers during data transmission. For example, network traffic can often be sniffed by any attacker who has access to a network interface. This significantly lowers the difficulty of exploitation by attackers. + + + + + + + + + + + + The software performs an operation at a privilege level that is higher than the minimum level + required, which creates new weaknesses or amplifies the consequences of other weaknesses. + + New weaknesses can be exposed because running with extra privileges, such as root or + Administrator, can disable the normal security checks being performed by the operating system or + surrounding environment. Other pre-existing weaknesses can turn into security vulnerabilities if + they occur while operating at raised privileges. Privilege management functions can behave in + some less-than-obvious ways, and they have different quirks on different platforms. These + inconsistencies are particularly pronounced if you are transitioning from one non-root user to + another. Signal handlers and spawned processes run at the privilege of the owning process, so if + a process is running as root when a signal fires or a sub-process is executed, the signal + handler or sub-process will operate with root privileges. + + + + + + + + + + + + + + + The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. + + + + + + + + + + + + An information exposure is the intentional or unintentional disclosure of information to an + actor that is not explicitly authorized to have access to that information. + + + + + + + + + + + + + + + The application uses a cache to maintain a pool of objects, threads, connections, pages, or + passwords to minimize the time it takes to access them or the resources to which they connect. + If implemented improperly, these caches can allow access to unauthorized information or cause a + denial of service vulnerability. + + + + + + + + + + + + + + + The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. + + + + + + + + + + + + The software does not encrypt sensitive or critical information + before storage or transmission. + + + + + + + + + + + + + <ul> + <li>Weak encryption algorithms&nbsp;</li> + <li>Loss of encryption keys&nbsp;</li> + <li>Compromised encryption keys&nbsp;</li> + <li>Revoked keys are still active (bad key lifecycle management)</li> +</ul> + + + + + + + + + + + + Production data used in pre-production system might not be properly protected as applications + in pre-production are not usually well tested. pre-production environments usually lack the + strong Countermeasures that are set for production environments. + + + + + + + + + + + + + + + The software does not fully clear previously used information in a data structure, file, or + other resource, before making that resource available to a party in another control sphere. + + This typically results from new data that is not as long as the old data, which leaves portions + of the old data still available. Equivalent errors can occur in other situations where the + length of data is variable but the associated data structure is not. If memory is not cleared + after use, it may allow unintended actors to read the data when the memory is reallocated. + + + + + + + + + + + + + + + The sensitive data cannot be recovered after the data has been accidentally or intentionally deleted due to non-existent data backup. + + + + + + + + + + + + + The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in + the exposure of sensitive information. + + + + + + + + + + + + + + + + + <p>Use an account with only the minimum set of permissions required to access the data store. The account should not be able to perform operations that are not explicitly required by the component that performs these operations. For example, if a web application needs to read data from certain tables and insert and update data from others, then a database account with only those specific permissions should be used by the application server.</p> + + + + + + + + + + + + + + + + + + <p></p> +<ul> + <li>Identify the user account used by external components to access this data store.</li> + <li>Check which permissions are assigned to this user account.</li> + <li>Verify that they are the minimum set of permissions necessary and no unnecessary permissions are assigned.</li> +</ul> +<p></p> + + + + + + + + + + + + + + + + + <p>Vendors and other maintainers of software release patches in response to security flaws and other bugs in their products.&nbsp; The longer a system is exposed with a known security vulnerability, the easier to compromise it. &nbsp;As the exploit enters the public domain, they get included in automated exploitation suites like Metasploit and a wider less skilled miscreant is able to leverage them.&nbsp; &nbsp;</p><ul><li>Apply patches and other software updates in a timely manner to prevent unexpected failures or exploitation.</li><li>Clearly define an approach for testing and applying patches, in particular security patches, with expected timescales. &nbsp;There is often a small window between the release of a patch, and potentially malicious actors reverse-engineering the patch to identify and exploit the flaw.</li><li>Use a threat intelligence, vulnerability scanning, or other alerting services to ensure the project team is promptly aware of issues within the project or its components.</li></ul><p><br>&nbsp;</p> + + + + + + + + + + + + + + + + + + + + <br /> + <ol> + <li>Check with the software or service vendor whether security vulnerabilities and + their associated patches are available for the version deployed.</li> + <li>Evaluate the criticality of the vulnerability and schedule a fix accordingly.</li> + </ol> + + + + + + + + + + + + + + + + + + <p>Applications storing or caching data locally are at risk of attack and compromise of that data. Local temporary storage, thumbnail images, and configuration files often contain excerpts of sensitive information that may be left on the device during or after the application is used.</p><ul><li>Ensure all temporary files, caches, and storage are purged after use and when the application is closed.</li><li>Do not allow the application to cache sensitive information outside of the OS provided secure stores.</li><li>Use OS controls to restrict thumbnails of the application in cases where sensitive information is displayed.</li></ul> + + + + + + + + + + + <ol> + <li>Check the application for the use of caching.&nbsp;</li> + <li>Verify they are periodically emptied.</li> + </ol> + + + + + + + + + + + + + + + + + <div> + Sensitive data and Backups of sensitive data shall be stored securely by encryption (data at rest). +</div> +<div> + <ul> + <li>Cryptographically strong symmetric or asymmetric (public-key) encryption should be used to protect the data.</li> + <li>Encryption should be performed before the data is written to disk or other persistent storage.</li> + <li>The key for encrypting and decrypting the data should not be accessible from the same host.&nbsp;</li> + <li>The encryption and decryption operation should be performed on a different host.</li> + <li>A recognized, proven, and tested implementation/library should be used (in preference to a bespoke implementation).</li> + </ul> +</div> + + + + + + + + + + + + + + + + + <ul><li>Check the functions of the application which are storing backups with sensitive data.</li><li>For each of the functions check they are using an external service to encrypt the data.</li><li>Check that neither the sensitive data nor the keys used to encrypt the data are stored on the host after the encryption process completes.</li></ul> + + + + + + + + + + + + + + + + + <p>Data passed between the client and server should be protected by encryption in transit.</p><ul><li>Implement cryptographically strong TLS end-to-end encryption between the client and server, terminating within a secure environment on the server-side.</li><li>Consider use of client certificates to prevent interception of (or man-in-the-middle attacks on) the encrypted connection.</li><li>Alternatively, asymmetric (public-key) encryption could be utilized and a recognized, proven, and tested implementation/library should be used</li></ul> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <ol><li>Check client to server connections use and enforce established encryption protocols, e.g. TLSv1.2.<br>&nbsp;</li><li>Verify only strong cipher suites are in use and permitted.</li><li>Ensure attempts to use unencrypted transport mechanisms are rejected or redirected (e.g. HTTP instead of HTTPS)</li><li>Review configuration of protocols and services against best-practice guidelines.</li></ol> + + + + + + + + + + + + + + + + + + + <div> + <div> + Data stored on the server or the client must be protected by encryption (data + <i>at rest</i>). + </div> + <div> + <ul> + <li>Cryptographically strong symmetric or asymmetric (public-key) encryption&nbsp;should + be used to protect the data.</li> + <li>Encryption should be performed before the data is written to disk or other persistent + storage.</li> + <li>The key for encrypting and decrypting the data should <i>not</i> be + accessible from the same host.&nbsp;</li> + <li>The encryption and decryption operation should be performed on a different host.</li> + <li>A recognized, proven, and tested implementation/library should be used (in preference + to a bespoke implementation).</li> + </ul> + </div> + </div> + <div> + </div> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <ol><li>Check the functions of the application which are storing sensitive data.</li><li>For each of the functions check they are using an external service to encrypt the data.</li><li>Check that neither the sensitive data nor the keys used to encrypt the data are stored on the host after the encryption process completes.</li></ol> + + + + + + + + + + + + + + + + + Implement encryption at rest (see guidance below) or give a risk-based explanation as to why encryption was not implemented.<br /><br />Use well-known encryption libraries, taking into account the data use, and do not invent your own. + <br /> + <ul> + <li>personal data must be encrypted</li> + <li>data that is not used by the application (e.g. passwords, ...) should be hashed so they cannot be recovered easily</li> + </ul> + + + + + + + + + + + + + + + + <div> + <ol> + <li>Verify that users' personal data processed by the application is encrypted at rest (e.g. databases).</li> + <li>If encryption is not being leveraged, verify that there is documentation outlining the reasoning for that decision.</li> + </ol> + </div> + + + + + + + + + + + + + + + + + + <p>Pre-production environments should not expose personally identifiable information (PII) or other sensitive information. Often, such environments are populated with production data for testing or other purposes. &nbsp;Security weaknesses, either in the software or controls around access to pre-production systems, can unnecessarily expose sensitive data. This is often a breach of legal and commercial requirements, including various governmental data protection standards and privacy acts, and industry regulations such as those required by the Payments Card Industry (PCI).</p><p><br>&nbsp;</p><p>Where test data is derived from production data, the following must be observed:</p><ol><li>Data masking or obfuscation techniques must be leveraged to anonymize the data used in pre-production. &nbsp;For example, all but the start and end of a credit card number must be removed/replaced</li><li>No real personally identifiable information (PII) or other sensitive data should be present in pre-production environments. &nbsp;For example, names, dates of birth, and other personal information must be removed, randomized, or replaced.</li><li>Only data that has been processed and anonymized should be transferred into pre-production; ideally representative test data should be generated rather than relying on obfuscated production data.</li></ol> + + + + + + <ol><li>Check the data used on the pre-production environment is not duplicated from production.</li><li>Where production data is modified for use in pre-production, review the transformations applied to ensure all PII and other sensitive data is removed, obfuscated, or otherwise scrubbed.</li><li>Verify that pre-production data is not real, and does not constitute PII data.</li><li>Consider use of 'canaries' or other deliberately injected values in production to perform random searches in pre-production environments for data that has been inappropriately migrated or used.</li></ol> + + + + + + + + + + + + + + + + + <div> + Ensure that the application is using strong algorithms, cyphers and protocols. The general + practice and required minimum key lengths depend on the scenarios listed below. + </div> + <div> + <ul> + <li>Key exchange: Diffie-Hellman key exchange with minimum 2048 bits</li> + <li>Message Integrity: HMAC-SHA2</li> + <li>Message Hash: SHA2 256 bits</li> + <li>Asymmetric encryption: RSA 2048 bits</li> + <li>Symmetric-key algorithm: AES 128 bits</li> + <li>Password Hashing: Argon2, PBKDF2, Scrypt, Bcrypt.</li> + </ul> + </div> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Check that the Cryptographic protocols comply to the best practices listed bellow: + <br /> + <ul> + <li>Key exchange: Diffie-Hellman key exchange with minimum 2048 + bits</li> + <li>Message Integrity: HMAC-SHA2</li> + <li>Message Hash: SHA2 256 bits</li> + <li>Asymmetric encryption: RSA 2048 bits</li> + <li>Symmetric-key algorithm: AES 128 bits</li> + <li>Password Hashing: Argon2, PBKDF2, Scrypt, Bcrypt.<br /></li> + </ul> + + + + + + + + + + + + + + + + + + <p>Create a mechanism or procedures to identify all created and processed data by the application and classify it to determine which level of sensitivity each piece of data belongs to. Each data category can then be mapped to security rules necessary for each level of sensitivity. Therefore, we should create a policy explaining how sensitive data should be managed and processed.</p> +<p><br>&nbsp;</p> +<p>For example, public marketing information that is not sensitive may be categorized as public data which is fine to place on the public website. Credit card numbers may be classified as private user data which may need to be encrypted whilst stored or in transit.</p> + + + + + + + + + + + + <p>Verify all sensitive data created and processed by the application has been identified, and ensure that a policy is in place detailing how to best to deal with this data.</p> + + + + + + + + + + + + + + + + + Ensure backup policy is active and tested.The policy should describe the required recovery time objective (RTO) and recovery point objective (RPO) so that the availability of personal data can be restored in a timely manner (based upon the requirements specified by the DPO/CISO). + <br /><br /> + Ensure an SLA has been defined for data availability. How 'timely manner' will be interpreted depends on your SLA. + + + + + + + + + + + + + <ol> + <li>Verify backup policy documentation exists that are up-to-date and in compliance with the requirements of the Data Protection Practitioner.</li> + <li>Regularly test data backup procedures and data restoration.</li> + </ol> + + + + + + + + + + + + + + + + + + Memory chunks released by an application are not actively overwritten, they are simply de-referenced with the data left until the memory is reallocated and used by another process. As such, sensitive data that is stored in memory may be exposed to an attacker with the ability to inspect that memory; for example through use of an uninitialized variable or other process.&nbsp; +<div> + <br /> +</div> +<div> + Overwrite memory with zeros or random data before release.&nbsp; +</div> +<div> + <br /> +</div> +<div> + Pay particular attention to sensitive data, such as passwords or other credentials, or sensitive personal information. +</div> + + + + + + + + + <ol> + <li>Identify the parts of the code that handles authentication and very sensitive data + (i.e. credit card data).&nbsp;</li> + <li>Verify that the buffers holding that data are overwritten with zeros and freed as + soon as they are not needed anymore.</li> + </ol> + + + + + + + + + + + + + + + + + + <p>The application should ensure users have undergone an Identification and Verification (ID&amp;V) process before allowing access to secret, sensitive or otherwise restricted data. For less sensitive but still restricted data, simple verification of the location of the user may suffice (e.g. IP restrictions).</p><ul><li>For non-sensitive but non-public data, access could be restricted by IP address, limiting access to internal networks, workstations, or gateways</li><li>For more sensitive data, TLS client-side certificates may be appropriate</li><li>Where secret or other sensitive data is handled, a full authentication process to identify and validate users with single or multi-factor authentication may be required</li></ul> + + + + + + + + + + + + + + + + + + + + + + + + + + + + <ol> + <li>Identify which parts of the service present sensitive data.&nbsp;</li> + <li>Try to obtain access to this information without any type of authentication, for example, attempt to navigate directly to URLs that present sensitive data.</li> + </ol> + + + + + + + + + + + + + + + + + + <p>Access to services should be restricted to expected sources, limiting the exposure of the service and its attack surface; and the likelihood of a malicious actor gaining access to the system.&nbsp;</p> +<p>Apply network layer security controls so that only the necessary and expected IP addresses are permitted access to connect to the service.</p> + + + + + + + + + + + + + + + + + + + + + + + + + <p></p> +<ul> + <li>Check that the network access to the service is only allowed for the components which need it.</li> + <li>There should be a firewall protecting the network segment in which the service is installed.</li> + <li>Check that the firewall restricts all access and only permits the minimum connections required using the principal of least privilege.</li> +</ul> +<p></p> + + + + + + + + + + + + + + + + + + + + + <p>An attacker gains access to the application, service, or device with the privileges of an authorized or privileged user by evading - or circumventing - an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place. This refers to an attacker gaining access equivalent to an authenticated user without ever going through an authentication procedure. </p> This is usually the result of the attacker using an unexpected access procedure that does not go through the proper checkpoints where authentication should occur. For example, a web site might assume that all users will click through a given link in order to access secure material and simply authenticate everyone that clicks the link. However, an attacker might be able to reach secured web content by explicitly entering the path to the content rather than clicking through the authentication link, thereby avoiding the check entirely. This attack pattern differs from other authentication attacks in that attacks of this pattern avoid authentication entirely, rather than faking authentication by exploiting flaws or by stealing credentials from legitimate users. + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>An unauthorized party might access/breach the personal data of a data subject.</p> + + + + + + + + + + + + + + + + + + + + + + + Attackers exploit vulnerabilities in the service and gain access to data, or to + services for which they are not authorized. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + If attackers gain access to the application or the application server, then they could + directly access the data store using the privilege assigned to the application. + <div> + If the data store user account used by the application has elevated privileges then this + could allow attackers to perform unauthorized operations such as dropping tables, + modifying the database schema or modifying data. + </div> + + + + + + + + + + + + + + + + + + + + + + + + + + + + Sensitive data could be compromised if an attacker gained access to a backup copy of + that data. + + + + + + + + + + + + + + + + + + + + + + + + + + Personal data can be lost by (accidental or malicious) deletion and system failures. + + + + + + + + + + + + + + + + + + + + + + + If sensitive data is stored or processed on the host, then should the host itself be + compromised by an attacker, the confidentiality and/or the integrity of the data would + also be at risk. + + + + + + + + + + + + + + + + + + + + + + + + + + + + Pre-production environments are usually available to a wide group of developers and + testers who may not be authorized to view sensitive production data. + + + + + + + + + + + + + + + + + + + + + + + + An attacker examines a target application's cache for sensitive information. Many applications that communicate with remote entities or which perform intensive calculations utilize caches to improve efficiency. However, if the application computes or receives sensitive information and the cache is not appropriately protected, an attacker can browse the cache and retrieve this information. This can result in the disclosure of sensitive information. +<br /> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>An attacker gains access to the application, service, or device with the privileges of an authorized or privileged user by evading - or circumventing - an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place. This refers to an attacker gaining access equivalent to an authenticated user without ever going through an authentication procedure. </p> This is usually the result of the attacker using an unexpected access procedure that does not go through the proper checkpoints where authentication should occur. For example, a web site might assume that all users will click through a given link in order to access secure material and simply authenticate everyone that clicks the link. However, an attacker might be able to reach secured web content by explicitly entering the path to the content rather than clicking through the authentication link, thereby avoiding the check entirely. This attack pattern differs from other authentication attacks in that attacks of this pattern avoid authentication entirely, rather than faking authentication by exploiting flaws or by stealing credentials from legitimate users. + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>An attacker monitoring network traffic between nodes of a public or multicast network.&nbsp;</p><ul><li>The attacker need not be able to prevent reception or change content but must simply be able to observe and read the traffic.</li><li>The attacker might precipitate or indirectly influence the content of the observed transaction, but the attacker is never the intended recipient of the information.<br>&nbsp;</li></ul> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor. + + + + + + + + + + + + The product does not enforce a strong password policy, which makes it easier for attackers to compromise user accounts through brute force or dictionary based attacks. + +An authentication mechanism is only as strong as its credentials. For this reason, it is important to require users to have strong passwords. Lack of password complexity significantly reduces the search space when trying to guess user's passwords, making brute-force attacks easier. + + + + + + + + + + + + + + The application exposes unnecessary services which increase the attack surface. + + + + + + + + + + + + + + <p>Limit Unnecessary Lateral Communications</p> +<p>Rationale:<br> Allowing unfiltered peer-to-peer communications, including workstation-to-workstation, creates serious vulnerabilities and can allow a network intruder's access to spread easily to multiple systems. Once an intruder establishes an effective beachhead within the network, unfiltered lateral communications allow the intruder to create backdoors throughout the network. Backdoors help the intruder maintain persistence within the network and hinder defenders' efforts to contain and eradicate the intruder.</p> +<p>Remediation:<br> - Restrict communications using host-based firewall rules to deny the flow of packets from other hosts in the network. The firewall rules can be created to filter on a host device, user, program, or internet protocol (IP) address to limit access from services and systems.<br> - Implement a VLAN access control list (VACL), a filter that controls access to and from VLANs. VACL filters should be created to deny packets the ability to flow to other VLANs.<br> - Logically segregate the network using physical or virtual separation, allowing network administrators to isolate critical devices onto network segments.</p> +<p>Impact:<br> None</p> + + + + + + + + <p>Ensure that you limit Unnecessary Lateral Communications</p> + + + + + + + + + + + + + + + + + <p>Protect routers by controlling access lists for remote administration</p> +<p>Rationale:<br> An access-control list is a list of permissions associated with a system resource. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects.<br> Specifically for routers, an ACL is a list of permit or deny rules detailing what can or can't enter or leave the interface of a router. Every packet that attempts to enter or leave a router must be tested against each rule in the ACL until a match is found. If no match is found, then it will be denied.<br> It is highly recommended to protect routers by controlling access lists for remote administration.</p> +<p>Remediation:<br> Follow your device's guidelines to implement ACLs for remote administration.</p> +<p>Impact:<br> None</p> + + + + + + + + <p>Ensure that routers are protected by controlling access lists for remote administration.</p> + + + + + + + + + + + + + + + + + <p>Setup a strong combination of credentials (username/password) for the web interface of the router</p> +<p>Rationale:<br> Having a strong combination of credentials can prevent unauthorized users from finding these credentials and gaining access to the web interface of the router.</p> +<p>Remediation:<br> 1. Use a non-common username. For instance, avoid using common usernames, such as admin.</p> +<p>2. The password length must be at least 12 characters.</p> +<p>3. The complexity of the password is important. Use at least one digit, one lower-case character, one upper-case character, and one special character.</p> +<p>4. The pair of username/password is unique. This means that these credentials cannot be used to gain access to any other application, say an email address.</p> +<p>Impact:<br> None</p> + + + + + + + + <p>Ensure that the credentials are strong and are not used in another application.</p> + + + + + + + + + + + + + + + + + + + + + <p>An attacker tries each word in a dictionary as passwords to gain access to the system via some user's account. If the password chosen by the user is a word within the dictionary, this attack will be successful (in the absence of other mitigations). This is a specific instance of the password brute forcing attack pattern.<br>&nbsp;</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>In applications, particularly web applications, access to functionality is mitigated by the authorization framework, whose job it is to map ACLs to elements of the application's functionality; particularly URL's for web-apps. In cases in which the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker could potentially access resources that should only be available to users of a higher privilege level, or access management sections of the application, or can run queries for data that he is otherwise not supposed to.&nbsp;<br>&nbsp;</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + <p>Every point of network interaction or other service is a potential part of the attack surface having exploitable vulnerabilities.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + The software does not encrypt sensitive or critical information + before storage or transmission. + + + + + + + + + + + + + A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make a decision about granting access to restricted resources or functionality. + + + + + + + + + + + + + + When using password or key material within an application, these are copied in memory and can be copied back to the disk depending on several factors. + +If the application handles passwords or key material, an attacker with access to the system could inspect the memory or the hard disk to retrieve back those secrets on its original form. + + + + + + + + + + + + + + <p>The version of the firmware installed on a hardware device is not the latest version available.</p> + + + + + + + + + + + + Weaknesses in this category affect memory + resources. + + + + + + + + + + + + + + + <div> + <div> + Data stored on the server or the client must be protected by encryption (data + <i>at rest</i>). + </div> + <div> + <ul> + <li>Cryptographically strong symmetric or asymmetric (public-key) encryption&nbsp;should + be used to protect the data.</li> + <li>Encryption should be performed before the data is written to disk or other persistent + storage.</li> + <li>The key for encrypting and decrypting the data should <i>not</i> be + accessible from the same host.&nbsp;</li> + <li>The encryption and decryption operation should be performed on a different host.</li> + <li>A recognized, proven, and tested implementation/library should be used (in preference + to a bespoke implementation).</li> + </ul> + </div> + </div> + <div> + </div> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <ol><li>Check the functions of the application which are storing sensitive data.</li><li>For each of the functions check they are using an external service to encrypt the data.</li><li>Check that neither the sensitive data nor the keys used to encrypt the data are stored on the host after the encryption process completes.</li></ol> + + + + + + + + + + + + + + + + + <p>Custom chipsets continue to anchor a great deal of the hardware within corporate data centers or in high-end desktops. Because these purpose-built chips are tailored for niche purposes, manufacturer security reviews are not nearly as intense as those conducted for chips that are to be installed in much larger groups of devices. Over time, hackers find vulnerabilities in these chips, causing the manufacturer to scramble to find a patch.</p><p>When possible avoid using custom chipsets.</p> + + + + + + + + + + + + + + + + + + + + + + + + + <p>In many cases IoT, IIoT and smart building hardware can be accessed locally though a managed Ethernet or serial interface. If these connections aren't locked down -- from both a configuration and physical sense -- a bad actor may be able to compromise a company's infrastructure by tampering with these devices while visiting the office, warehouse or manufacturing plant.</p><p>Ensure that the local connections to these devices are protected enough to avoid physical attacks.</p> + + + + + + + + + + + + + + + + + + + + + + + + + <div> + Security is often compromised through default or predictable account credentials, such as + 'admin/admin'. Best-practice dictates that accounts are only enabled when required, do not have + common account names, and force users to choose unique strong passwords rather than using vendor + defaults. + </div> + <div> + <ul> + <li>Ensure all default application and software accounts are disabled or removed if not + required</li> + <li>Strong passwords should be set on accounts that are required, default credentials must + be changed.</li> + <li>Build application accounts from a least-privilege perspective.&nbsp;</li> + <ul> + <li>Accounts should only be enabled if required.&nbsp;</li> + <li>Users should have individual accounts rather than role-based ones (e.g. dave-admin, + sue-admin rather than a shared 'admin' user)</li> + </ul> + </ul> + </div> + <div> + <br /> + </div> + + + + + + + + + + + + + + + + + + + <ol> + <li>Identify all the authentication points for this component.&nbsp;</li> + <li>Check that authentication with default credentials is not possible.</li> + </ol> + + + + + + + + + + + + + + + + + + <p>There's a set of steps to follow in order to update the firmware of a device:</p><ul><li>Know the model of your device and what firmware it uses</li><li>Check if there is a firmware update available for your device</li><li>Prepare your device for the firmware update<ul><li>Read the <strong>Readme</strong> file that is distributed with the new firmware update</li><li>Always use a <strong>reliable power supply</strong> for your device during the firmware update process</li><li>If you use a computer to update a device's firmware, make sure that the computer has <strong>no third-party antivirus</strong> running on it</li><li>If you're going to update the firmware on a device using a USB memory stick or any other kind of external memory, make sure that you use a memory stick of good quality</li></ul></li><li>Backup the current firmware from your device</li></ul><p>&nbsp;</p> + + + + + + + + + + + + + + + + + + + + <p>Verify that the latest version of the firmware has been successfully installed by checking that the installed version is the same as the latest version.</p> + + + + + + + + + + + + + + + + + + + + + <p>A data breach is a security violation in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Sensitive data could be exposed due to a bad configuration in user permissions.</p> + + + + + + + + + + + + + + + + + + + + + + + Buffer Overflow attacks target improper or missing bounds checking on buffer + operations, typically triggered by input injected by an attacker. As a consequence, an + attacker is able to write past the boundaries of allocated buffer regions in memory, + causing a program crash or potentially redirection of execution as per the attackers' + choice. + + + + + + + + + + + + + + + + + + + + + + + + <p>A device has a vulnerability that is used by malicious actors to exploit the system.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions.&nbsp;</p> +<p>The key factor in this attack is the attackers' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. While the defender cannot control the resources available to an attacker, they can control the size of the secret space.&nbsp;</p> +<p>Creating a large secret space involves selecting one's secret from as large a field of equally likely alternative secrets as possible and ensuring that an attacker is unable to reduce the size of this field using available clues or cryptanalysis. Doing this is more difficult than it sounds since eliminating patterns (which, in turn, would provide an attacker clues that would help them reduce the space of potential secrets) is difficult to do using deterministic machines, such as computers.&nbsp;</p> +<p>Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information. For example, a secret space that will likely take hundreds of years to explore is likely safe from raw-brute force attacks.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers gain access to sensitive data using known vulnerabilities in the default configuration. These configurations are not secure enough for production environments.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + The software does not encrypt sensitive or critical information + before storage or transmission. + + + + + + + + + + + + + A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make a decision about granting access to restricted resources or functionality. + + + + + + + + + + + + + + When using password or key material within an application, these are copied in memory and can be copied back to the disk depending on several factors. + +If the application handles passwords or key material, an attacker with access to the system could inspect the memory or the hard disk to retrieve back those secrets on its original form. + + + + + + + + + + + + + + <p>The version of the firmware installed on a hardware device is not the latest version available.</p> + + + + + + + + + + + + Weaknesses in this category affect memory + resources. + + + + + + + + + + + + + + + <div> + <div> + Data stored on the server or the client must be protected by encryption (data + <i>at rest</i>). + </div> + <div> + <ul> + <li>Cryptographically strong symmetric or asymmetric (public-key) encryption&nbsp;should + be used to protect the data.</li> + <li>Encryption should be performed before the data is written to disk or other persistent + storage.</li> + <li>The key for encrypting and decrypting the data should <i>not</i> be + accessible from the same host.&nbsp;</li> + <li>The encryption and decryption operation should be performed on a different host.</li> + <li>A recognized, proven, and tested implementation/library should be used (in preference + to a bespoke implementation).</li> + </ul> + </div> + </div> + <div> + </div> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <ol><li>Check the functions of the application which are storing sensitive data.</li><li>For each of the functions check they are using an external service to encrypt the data.</li><li>Check that neither the sensitive data nor the keys used to encrypt the data are stored on the host after the encryption process completes.</li></ol> + + + + + + + + + + + + + + + + + <p>Custom chipsets continue to anchor a great deal of the hardware within corporate data centers or in high-end desktops. Because these purpose-built chips are tailored for niche purposes, manufacturer security reviews are not nearly as intense as those conducted for chips that are to be installed in much larger groups of devices. Over time, hackers find vulnerabilities in these chips, causing the manufacturer to scramble to find a patch.</p><p>When possible avoid using custom chipsets.</p> + + + + + + + + + + + + + + + + + + + + + + + + + <p>In many cases IoT, IIoT and smart building hardware can be accessed locally though a managed Ethernet or serial interface. If these connections aren't locked down -- from both a configuration and physical sense -- a bad actor may be able to compromise a company's infrastructure by tampering with these devices while visiting the office, warehouse or manufacturing plant.</p><p>Ensure that the local connections to these devices are protected enough to avoid physical attacks.</p> + + + + + + + + + + + + + + + + + + + + + + + + + <div> + Security is often compromised through default or predictable account credentials, such as + 'admin/admin'. Best-practice dictates that accounts are only enabled when required, do not have + common account names, and force users to choose unique strong passwords rather than using vendor + defaults. + </div> + <div> + <ul> + <li>Ensure all default application and software accounts are disabled or removed if not + required</li> + <li>Strong passwords should be set on accounts that are required, default credentials must + be changed.</li> + <li>Build application accounts from a least-privilege perspective.&nbsp;</li> + <ul> + <li>Accounts should only be enabled if required.&nbsp;</li> + <li>Users should have individual accounts rather than role-based ones (e.g. dave-admin, + sue-admin rather than a shared 'admin' user)</li> + </ul> + </ul> + </div> + <div> + <br /> + </div> + + + + + + + + + + + + + + + + + + + <ol> + <li>Identify all the authentication points for this component.&nbsp;</li> + <li>Check that authentication with default credentials is not possible.</li> + </ol> + + + + + + + + + + + + + + + + + + <p>There's a set of steps to follow in order to update the firmware of a device:</p><ul><li>Know the model of your device and what firmware it uses</li><li>Check if there is a firmware update available for your device</li><li>Prepare your device for the firmware update<ul><li>Read the <strong>Readme</strong> file that is distributed with the new firmware update</li><li>Always use a <strong>reliable power supply</strong> for your device during the firmware update process</li><li>If you use a computer to update a device's firmware, make sure that the computer has <strong>no third-party antivirus</strong> running on it</li><li>If you're going to update the firmware on a device using a USB memory stick or any other kind of external memory, make sure that you use a memory stick of good quality</li></ul></li><li>Backup the current firmware from your device</li></ul><p>&nbsp;</p> + + + + + + + + + + + + + + + + + + + + <p>Verify that the latest version of the firmware has been successfully installed by checking that the installed version is the same as the latest version.</p> + + + + + + + + + + + + + + + + + + + + + <p>A data breach is a security violation in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Sensitive data could be exposed due to a bad configuration in user permissions.</p> + + + + + + + + + + + + + + + + + + + + + + + Buffer Overflow attacks target improper or missing bounds checking on buffer + operations, typically triggered by input injected by an attacker. As a consequence, an + attacker is able to write past the boundaries of allocated buffer regions in memory, + causing a program crash or potentially redirection of execution as per the attackers' + choice. + + + + + + + + + + + + + + + + + + + + + + + + <p>A device has a vulnerability that is used by malicious actors to exploit the system.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers gain access to sensitive data using known vulnerabilities in the default configuration. These configurations are not secure enough for production environments.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions.&nbsp;</p> +<p>The key factor in this attack is the attackers' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. While the defender cannot control the resources available to an attacker, they can control the size of the secret space.&nbsp;</p> +<p>Creating a large secret space involves selecting one's secret from as large a field of equally likely alternative secrets as possible and ensuring that an attacker is unable to reduce the size of this field using available clues or cryptanalysis. Doing this is more difficult than it sounds since eliminating patterns (which, in turn, would provide an attacker clues that would help them reduce the space of potential secrets) is difficult to do using deterministic machines, such as computers.&nbsp;</p> +<p>Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information. For example, a secret space that will likely take hundreds of years to explore is likely safe from raw-brute force attacks.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + The software does not encrypt sensitive or critical information + before storage or transmission. + + + + + + + + + + + + + A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make a decision about granting access to restricted resources or functionality. + + + + + + + + + + + + + + When using password or key material within an application, these are copied in memory and can be copied back to the disk depending on several factors. + +If the application handles passwords or key material, an attacker with access to the system could inspect the memory or the hard disk to retrieve back those secrets on its original form. + + + + + + + + + + + + + + <p>The version of the firmware installed on a hardware device is not the latest version available.</p> + + + + + + + + + + + + Weaknesses in this category affect memory + resources. + + + + + + + + + + + + + + + <div> + <div> + Data stored on the server or the client must be protected by encryption (data + <i>at rest</i>). + </div> + <div> + <ul> + <li>Cryptographically strong symmetric or asymmetric (public-key) encryption&nbsp;should + be used to protect the data.</li> + <li>Encryption should be performed before the data is written to disk or other persistent + storage.</li> + <li>The key for encrypting and decrypting the data should <i>not</i> be + accessible from the same host.&nbsp;</li> + <li>The encryption and decryption operation should be performed on a different host.</li> + <li>A recognized, proven, and tested implementation/library should be used (in preference + to a bespoke implementation).</li> + </ul> + </div> + </div> + <div> + </div> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <ol><li>Check the functions of the application which are storing sensitive data.</li><li>For each of the functions check they are using an external service to encrypt the data.</li><li>Check that neither the sensitive data nor the keys used to encrypt the data are stored on the host after the encryption process completes.</li></ol> + + + + + + + + + + + + + + + + + <p>Custom chipsets continue to anchor a great deal of the hardware within corporate data centers or in high-end desktops. Because these purpose-built chips are tailored for niche purposes, manufacturer security reviews are not nearly as intense as those conducted for chips that are to be installed in much larger groups of devices. Over time, hackers find vulnerabilities in these chips, causing the manufacturer to scramble to find a patch.</p><p>When possible avoid using custom chipsets.</p> + + + + + + + + + + + + + + + + + + + + + + + + + <p>In many cases IoT, IIoT and smart building hardware can be accessed locally though a managed Ethernet or serial interface. If these connections aren't locked down -- from both a configuration and physical sense -- a bad actor may be able to compromise a company's infrastructure by tampering with these devices while visiting the office, warehouse or manufacturing plant.</p><p>Ensure that the local connections to these devices are protected enough to avoid physical attacks.</p> + + + + + + + + + + + + + + + + + + + + + + + + + <div> + Security is often compromised through default or predictable account credentials, such as + 'admin/admin'. Best-practice dictates that accounts are only enabled when required, do not have + common account names, and force users to choose unique strong passwords rather than using vendor + defaults. + </div> + <div> + <ul> + <li>Ensure all default application and software accounts are disabled or removed if not + required</li> + <li>Strong passwords should be set on accounts that are required, default credentials must + be changed.</li> + <li>Build application accounts from a least-privilege perspective.&nbsp;</li> + <ul> + <li>Accounts should only be enabled if required.&nbsp;</li> + <li>Users should have individual accounts rather than role-based ones (e.g. dave-admin, + sue-admin rather than a shared 'admin' user)</li> + </ul> + </ul> + </div> + <div> + <br /> + </div> + + + + + + + + + + + + + + + + + + + <ol> + <li>Identify all the authentication points for this component.&nbsp;</li> + <li>Check that authentication with default credentials is not possible.</li> + </ol> + + + + + + + + + + + + + + + + + + <p>There's a set of steps to follow in order to update the firmware of a device:</p><ul><li>Know the model of your device and what firmware it uses</li><li>Check if there is a firmware update available for your device</li><li>Prepare your device for the firmware update<ul><li>Read the <strong>Readme</strong> file that is distributed with the new firmware update</li><li>Always use a <strong>reliable power supply</strong> for your device during the firmware update process</li><li>If you use a computer to update a device's firmware, make sure that the computer has <strong>no third-party antivirus</strong> running on it</li><li>If you're going to update the firmware on a device using a USB memory stick or any other kind of external memory, make sure that you use a memory stick of good quality</li></ul></li><li>Backup the current firmware from your device</li></ul><p>&nbsp;</p> + + + + + + + + + + + + + + + + + + + + <p>Verify that the latest version of the firmware has been successfully installed by checking that the installed version is the same as the latest version.</p> + + + + + + + + + + + + + + + + + + + + + <p>A device has a vulnerability that is used by malicious actors to exploit the system.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>Attackers gain access to sensitive data using known vulnerabilities in the default configuration. These configurations are not secure enough for production environments.</p> + + + + + + + + + + + + + + + + + + + + + + + <p>A data breach is a security violation in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Sensitive data could be exposed due to a bad configuration in user permissions.</p> + + + + + + + + + + + + + + + + + + + + + + + Buffer Overflow attacks target improper or missing bounds checking on buffer + operations, typically triggered by input injected by an attacker. As a consequence, an + attacker is able to write past the boundaries of allocated buffer regions in memory, + causing a program crash or potentially redirection of execution as per the attackers' + choice. + + + + + + + + + + + + + + + + + + + + + + + + <p>In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions.&nbsp;</p> +<p>The key factor in this attack is the attackers' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. While the defender cannot control the resources available to an attacker, they can control the size of the secret space.&nbsp;</p> +<p>Creating a large secret space involves selecting one's secret from as large a field of equally likely alternative secrets as possible and ensuring that an attacker is unable to reduce the size of this field using available clues or cryptanalysis. Doing this is more difficult than it sounds since eliminating patterns (which, in turn, would provide an attacker clues that would help them reduce the space of potential secrets) is difficult to do using deterministic machines, such as computers.&nbsp;</p> +<p>Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information. For example, a secret space that will likely take hundreds of years to explore is likely safe from raw-brute force attacks.</p> + + + + + + + + + + + + + + + + + + + + + + + + + + + + From fb7647ffcbef5501959920623f8e98c2c8c935b2 Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 17:18:08 -0400 Subject: [PATCH 02/28] Add files via upload --- Integrations/Templates_Manager/Readme.md | 28 +++++++++ Integrations/Templates_Manager/config.py | 12 ++++ Integrations/Templates_Manager/setup.py | 20 ++++++ .../Templates_Manager/templates_manager.py | 61 +++++++++++++++++++ 4 files changed, 121 insertions(+) create mode 100644 Integrations/Templates_Manager/Readme.md create mode 100644 Integrations/Templates_Manager/config.py create mode 100644 Integrations/Templates_Manager/setup.py create mode 100644 Integrations/Templates_Manager/templates_manager.py diff --git a/Integrations/Templates_Manager/Readme.md b/Integrations/Templates_Manager/Readme.md new file mode 100644 index 0000000..9007e04 --- /dev/null +++ b/Integrations/Templates_Manager/Readme.md @@ -0,0 +1,28 @@ +# Purpose + +The purpose of this script is to collect templates from a GitHub repo, download those locally to a local repo and then post those to the IriusRisk API. + +# Installation + +Run the setup.py script to install the script dependencies + +```python +python .\setup.py install +``` + +Update the config.py file with the required variables: +```python +# API URL and Token +url = "https://insert_your_domain.iriusrisk.com/api/v2/templates/import" +api_token = 'insert_your_api_token' + +# GitHub +repo_url = "insert_your_repo_root_url" +repo_sub_folder = "insert_your_sub_folder_if_needed" +``` + +# Execute the download and import of templates + +```python +python .\templates_manager.py +``` \ No newline at end of file diff --git a/Integrations/Templates_Manager/config.py b/Integrations/Templates_Manager/config.py new file mode 100644 index 0000000..88674c3 --- /dev/null +++ b/Integrations/Templates_Manager/config.py @@ -0,0 +1,12 @@ + + +# API URL and Token +url = "https:/your_url.iriusrisk.com/api/v2/templates/import" +api_token = 'your_api_key' + + + +# GitHub +repo_url = "https://github.com/iriusrisk/IriusRisk-Central.git" + +repo_sub_folder = "Templates" \ No newline at end of file diff --git a/Integrations/Templates_Manager/setup.py b/Integrations/Templates_Manager/setup.py new file mode 100644 index 0000000..050293a --- /dev/null +++ b/Integrations/Templates_Manager/setup.py @@ -0,0 +1,20 @@ +from setuptools import setup, find_packages + +setup( + name='templates_manager', + version='1.0', + packages=find_packages(), + install_requires=[ + 'certifi>=2024.2.2', + 'charset-normalizer>=3.3.2', + 'gitdb>=4.0.11', + 'GitPython>=3.1.43', + 'idna>=3.7', + 'pip>=22.3.1', + 'requests>=2.31.0', + 'setuptools>=65.5.1', + 'smmap>=5.0.1', + 'urllib3>=2.2.1', + 'wheel>=0.38.4' + ], +) diff --git a/Integrations/Templates_Manager/templates_manager.py b/Integrations/Templates_Manager/templates_manager.py new file mode 100644 index 0000000..7aa47f6 --- /dev/null +++ b/Integrations/Templates_Manager/templates_manager.py @@ -0,0 +1,61 @@ +from git import Repo +import requests +import os +import config + +# Set up the path for cloning +repo_path = os.path.join(os.getcwd(), "cloned_repo") +repo_url = config.repo_url + +# Clone the repository if the directory doesn't exist +if not os.path.exists(repo_path): + os.makedirs(repo_path) + Repo.clone_from(repo_url, repo_path) + print("Repository cloned successfully.") + print("Working on importing templates now...") +else: + print("Directory already exists and is assumed to contain the necessary files.") + print("Working on importing templates now...") + +def get_files(directory, extension): + for root, dirs, files in os.walk(directory): + for file in files: + if file.endswith(extension): + yield os.path.join(root, file) + +# Define the directory where the Templates folder is located +templates_dir = os.path.join(repo_path, config.repo_sub_folder) + +# Example usage: finding all XML files in the Templates directory +files_to_process = list(get_files(templates_dir, ".xml")) + +# API URL and Token +url = config.url +api_token = config.api_token + +# Iterate over each XML file and send it +for file_path in files_to_process: + with open(file_path, 'rb') as f: + # Use the filename (without extension) as the name + file_name = os.path.basename(file_path) + file_base_name = os.path.splitext(file_name)[0] + + # Define the payload + files = { + 'file': (file_name, f, 'application/xml'), + 'name': (None, file_base_name.replace("-"," ").capitalize()), # Using the filename without extension as the name + 'referenceId': (None, file_base_name.lower()) # You may modify 'referenceId' as needed + } + + headers = { + 'Accept': 'application/hal+json', + 'api-token': api_token + } + + # Send the request + response = requests.post(url, headers=headers, files=files) + + if response.status_code == 200: + print(file_base_name, "Successfully Imported!!!") + else: + print(f"File: {file_name}, Status Code: {response.status_code}, Response: {response.text}") From e3dabd763b551697d7f67c467b12ccf691238c1d Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:13:14 -0400 Subject: [PATCH 03/28] Create Submitted_Templates --- Templates/Submitted_Templates | 1 + 1 file changed, 1 insertion(+) create mode 100644 Templates/Submitted_Templates diff --git a/Templates/Submitted_Templates b/Templates/Submitted_Templates new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/Templates/Submitted_Templates @@ -0,0 +1 @@ + From 145789a5c7afdc9b0379c8ba1ea746215cbaf4b7 Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:13:39 -0400 Subject: [PATCH 04/28] Delete Templates/Submitted_Templates --- Templates/Submitted_Templates | 1 - 1 file changed, 1 deletion(-) delete mode 100644 Templates/Submitted_Templates diff --git a/Templates/Submitted_Templates b/Templates/Submitted_Templates deleted file mode 100644 index 8b13789..0000000 --- a/Templates/Submitted_Templates +++ /dev/null @@ -1 +0,0 @@ - From d43ab2ae8ae1f5809f33ce8386d980337b00fa9e Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:15:45 -0400 Subject: [PATCH 05/28] Create README.MD --- Templates/Submitted_Templates/README.MD | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 Templates/Submitted_Templates/README.MD diff --git a/Templates/Submitted_Templates/README.MD b/Templates/Submitted_Templates/README.MD new file mode 100644 index 0000000..5f51e2c --- /dev/null +++ b/Templates/Submitted_Templates/README.MD @@ -0,0 +1,3 @@ +# PURPOSE + +These files were submitted by community members for usage by the at large IriusRisk enterprise or community From 485b7b693d37d6f13e942af7079f43fd83c6cd02 Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:17:32 -0400 Subject: [PATCH 06/28] Delete Templates/3-tier-web-application-and-api-behind-load-balancer.xml --- ...plication-and-api-behind-load-balancer.xml | 531 ------------------ 1 file changed, 531 deletions(-) delete mode 100644 Templates/3-tier-web-application-and-api-behind-load-balancer.xml diff --git a/Templates/3-tier-web-application-and-api-behind-load-balancer.xml b/Templates/3-tier-web-application-and-api-behind-load-balancer.xml deleted file mode 100644 index 83139f8..0000000 --- a/Templates/3-tier-web-application-and-api-behind-load-balancer.xml +++ /dev/null @@ -1,531 +0,0 @@ - - From fcaf3a4fc34edeb10b483083069b16e75baffbc8 Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:17:55 -0400 Subject: [PATCH 07/28] Delete Templates/README.md --- Templates/README.md | 30 ------------------------------ 1 file changed, 30 deletions(-) delete mode 100644 Templates/README.md diff --git a/Templates/README.md b/Templates/README.md deleted file mode 100644 index 36952dc..0000000 --- a/Templates/README.md +++ /dev/null @@ -1,30 +0,0 @@ -## Templates -Templates are common architectures that can be resused as an IriusRisk project, or be added as a part of a project. Take the following steps: - -1. Dowload the rquired template file (.xml format) -2. Go to to your IriusRisk instance -3. Go to Templates -4. Click Import Template and select the .xml file -5. Click the Import button. - -### Template List -* 3-tier-web-application-and-api-behind-load-balancer.xml -* aws-environment-template.xml -* aws-siem-and-cloudwatch.xml -* aws-simple-infrastructure-with-waf.xml -* aws-web-application-remote-access-web-ui-access.xml -* azure-general-network-architecture.xml -* azure-mqtt-client-to-azure-functions-and-web-backend.xml -* external-user-access-through-vpn.xml -* gcp-cloud-architecture.xml -* generic-web-service.xml -* kubernetes-deployment.xml -* llm-template-template.xml -* mobile-client-to-kubernetes-cluster-with-istio.xml -* nwe-autorizacion-de-operaciones.xml -* README.md -* sample-system-template.xml -* simple-3-tier-web-application.xml -* simple-web-app.xml -* st-generator-form-template.xml -* sap-hana-on-gcp.xml \ No newline at end of file From 16c086a00b4a9a1811525bee08bc2f68da8e08b0 Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:18:16 -0400 Subject: [PATCH 08/28] Delete Templates/aws-environment-template.xml --- Templates/aws-environment-template.xml | 21475 ----------------------- 1 file changed, 21475 deletions(-) delete mode 100644 Templates/aws-environment-template.xml diff --git a/Templates/aws-environment-template.xml b/Templates/aws-environment-template.xml deleted file mode 100644 index ed5a169..0000000 --- a/Templates/aws-environment-template.xml +++ /dev/null @@ -1,21475 +0,0 @@ - - From d01cba9f84da5681d2a9145681b19806f6d74eb1 Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:19:00 -0400 Subject: [PATCH 09/28] Delete Templates/aws-siem-and-cloudwatch.xml --- Templates/aws-siem-and-cloudwatch.xml | 17267 ------------------------ 1 file changed, 17267 deletions(-) delete mode 100644 Templates/aws-siem-and-cloudwatch.xml diff --git a/Templates/aws-siem-and-cloudwatch.xml b/Templates/aws-siem-and-cloudwatch.xml deleted file mode 100644 index d48d86d..0000000 --- a/Templates/aws-siem-and-cloudwatch.xml +++ /dev/null @@ -1,17267 +0,0 @@ - - From ed09969954968421a19ed5e46386f87ede2c5c67 Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:19:15 -0400 Subject: [PATCH 10/28] Delete Templates/aws-simple-infrastructure-with-waf.xml --- .../aws-simple-infrastructure-with-waf.xml | 219 ------------------ 1 file changed, 219 deletions(-) delete mode 100644 Templates/aws-simple-infrastructure-with-waf.xml diff --git a/Templates/aws-simple-infrastructure-with-waf.xml b/Templates/aws-simple-infrastructure-with-waf.xml deleted file mode 100644 index cbfeb7b..0000000 --- a/Templates/aws-simple-infrastructure-with-waf.xml +++ /dev/null @@ -1,219 +0,0 @@ - - From 61d0fc6109d1d2da38d0ce7f1fa74820c92a9947 Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:20:39 -0400 Subject: [PATCH 11/28] Delete Templates/aws-web-application-remote-access-web-ui-access.xml --- ...pplication-remote-access-web-ui-access.xml | 29169 ---------------- 1 file changed, 29169 deletions(-) delete mode 100644 Templates/aws-web-application-remote-access-web-ui-access.xml diff --git a/Templates/aws-web-application-remote-access-web-ui-access.xml b/Templates/aws-web-application-remote-access-web-ui-access.xml deleted file mode 100644 index 1110bb2..0000000 --- a/Templates/aws-web-application-remote-access-web-ui-access.xml +++ /dev/null @@ -1,29169 +0,0 @@ - - From 09b79de74abf22f20dcfcdc92b709fbd18195365 Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:20:54 -0400 Subject: [PATCH 12/28] Delete Templates/azure-general-network-architecture.xml --- .../azure-general-network-architecture.xml | 12271 ---------------- 1 file changed, 12271 deletions(-) delete mode 100644 Templates/azure-general-network-architecture.xml diff --git a/Templates/azure-general-network-architecture.xml b/Templates/azure-general-network-architecture.xml deleted file mode 100644 index 87ae44d..0000000 --- a/Templates/azure-general-network-architecture.xml +++ /dev/null @@ -1,12271 +0,0 @@ - - From 966fc26960bb3c5f092b5b4dc91db51b0f2df8fe Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:21:10 -0400 Subject: [PATCH 13/28] Delete Templates/azure-mqtt-client-to-azure-functions-and-web-backend.xml --- ...ent-to-azure-functions-and-web-backend.xml | 7855 ----------------- 1 file changed, 7855 deletions(-) delete mode 100644 Templates/azure-mqtt-client-to-azure-functions-and-web-backend.xml diff --git a/Templates/azure-mqtt-client-to-azure-functions-and-web-backend.xml b/Templates/azure-mqtt-client-to-azure-functions-and-web-backend.xml deleted file mode 100644 index 39209bb..0000000 --- a/Templates/azure-mqtt-client-to-azure-functions-and-web-backend.xml +++ /dev/null @@ -1,7855 +0,0 @@ - - From 0211b8ac3a1d363f12b8b759fa8e18fb1970e277 Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:21:29 -0400 Subject: [PATCH 14/28] Delete Templates/external-user-access-through-vpn.xml --- .../external-user-access-through-vpn.xml | 19104 ---------------- 1 file changed, 19104 deletions(-) delete mode 100644 Templates/external-user-access-through-vpn.xml diff --git a/Templates/external-user-access-through-vpn.xml b/Templates/external-user-access-through-vpn.xml deleted file mode 100644 index ea7d356..0000000 --- a/Templates/external-user-access-through-vpn.xml +++ /dev/null @@ -1,19104 +0,0 @@ - - From d32b12bea3956c558531fedc2a406c1c60140503 Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:21:44 -0400 Subject: [PATCH 15/28] Delete Templates/gcp-cloud-architecture.xml --- Templates/gcp-cloud-architecture.xml | 2288 -------------------------- 1 file changed, 2288 deletions(-) delete mode 100644 Templates/gcp-cloud-architecture.xml diff --git a/Templates/gcp-cloud-architecture.xml b/Templates/gcp-cloud-architecture.xml deleted file mode 100644 index 9b5faf2..0000000 --- a/Templates/gcp-cloud-architecture.xml +++ /dev/null @@ -1,2288 +0,0 @@ - - From 90df5c1938005614e5f50eb59d08d81e2175a0ec Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:22:02 -0400 Subject: [PATCH 16/28] Delete Templates/generic-web-service.xml --- Templates/generic-web-service.xml | 14942 ---------------------------- 1 file changed, 14942 deletions(-) delete mode 100644 Templates/generic-web-service.xml diff --git a/Templates/generic-web-service.xml b/Templates/generic-web-service.xml deleted file mode 100644 index 65fc499..0000000 --- a/Templates/generic-web-service.xml +++ /dev/null @@ -1,14942 +0,0 @@ - - From cf4d540e2255923b3768d0500c5fda968fabb0c1 Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:22:19 -0400 Subject: [PATCH 17/28] Delete Templates/kubernetes-deployment.xml --- Templates/kubernetes-deployment.xml | 10601 -------------------------- 1 file changed, 10601 deletions(-) delete mode 100644 Templates/kubernetes-deployment.xml diff --git a/Templates/kubernetes-deployment.xml b/Templates/kubernetes-deployment.xml deleted file mode 100644 index 3290979..0000000 --- a/Templates/kubernetes-deployment.xml +++ /dev/null @@ -1,10601 +0,0 @@ - - From 0fa4b3edcd5ac64fd66fc44e7c10fab24cde073d Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:22:36 -0400 Subject: [PATCH 18/28] Delete Templates/llm-template-template.xml --- Templates/llm-template-template.xml | 7269 --------------------------- 1 file changed, 7269 deletions(-) delete mode 100644 Templates/llm-template-template.xml diff --git a/Templates/llm-template-template.xml b/Templates/llm-template-template.xml deleted file mode 100644 index 9333492..0000000 --- a/Templates/llm-template-template.xml +++ /dev/null @@ -1,7269 +0,0 @@ - - From cc25e1177a3891ffd614971d0690f2ca9db81cd8 Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:22:54 -0400 Subject: [PATCH 19/28] Delete Templates/mobile-client-to-kubernetes-cluster-with-istio.xml --- ...lient-to-kubernetes-cluster-with-istio.xml | 17032 ---------------- 1 file changed, 17032 deletions(-) delete mode 100644 Templates/mobile-client-to-kubernetes-cluster-with-istio.xml diff --git a/Templates/mobile-client-to-kubernetes-cluster-with-istio.xml b/Templates/mobile-client-to-kubernetes-cluster-with-istio.xml deleted file mode 100644 index c88c660..0000000 --- a/Templates/mobile-client-to-kubernetes-cluster-with-istio.xml +++ /dev/null @@ -1,17032 +0,0 @@ - - From 739e94982611667fbbfd03c5286e209eb363bd28 Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:23:14 -0400 Subject: [PATCH 20/28] Delete Templates/ml-ai-example-template.xml --- Templates/ml-ai-example-template.xml | 8202 -------------------------- 1 file changed, 8202 deletions(-) delete mode 100644 Templates/ml-ai-example-template.xml diff --git a/Templates/ml-ai-example-template.xml b/Templates/ml-ai-example-template.xml deleted file mode 100644 index 3c53d23..0000000 --- a/Templates/ml-ai-example-template.xml +++ /dev/null @@ -1,8202 +0,0 @@ - - From 2f33f6bc4abf96bf421ae7b1086d1190003e965e Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:23:34 -0400 Subject: [PATCH 21/28] Delete Templates/nwe-autorizacion-de-operaciones.xml --- Templates/nwe-autorizacion-de-operaciones.xml | 17529 ---------------- 1 file changed, 17529 deletions(-) delete mode 100644 Templates/nwe-autorizacion-de-operaciones.xml diff --git a/Templates/nwe-autorizacion-de-operaciones.xml b/Templates/nwe-autorizacion-de-operaciones.xml deleted file mode 100644 index b9b95aa..0000000 --- a/Templates/nwe-autorizacion-de-operaciones.xml +++ /dev/null @@ -1,17529 +0,0 @@ - - From 438984784959b5976526b6603dffab14aed6140b Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:23:55 -0400 Subject: [PATCH 22/28] Delete Templates/sample-system-template.xml --- Templates/sample-system-template.xml | 17730 ------------------------- 1 file changed, 17730 deletions(-) delete mode 100644 Templates/sample-system-template.xml diff --git a/Templates/sample-system-template.xml b/Templates/sample-system-template.xml deleted file mode 100644 index c3cb1fb..0000000 --- a/Templates/sample-system-template.xml +++ /dev/null @@ -1,17730 +0,0 @@ - - From 1a7d388bb277d6bf9bf92e988c9def5beb187bfc Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:24:12 -0400 Subject: [PATCH 23/28] Delete Templates/sap-hana-on-gcp.xml --- Templates/sap-hana-on-gcp.xml | 6400 --------------------------------- 1 file changed, 6400 deletions(-) delete mode 100644 Templates/sap-hana-on-gcp.xml diff --git a/Templates/sap-hana-on-gcp.xml b/Templates/sap-hana-on-gcp.xml deleted file mode 100644 index db3a032..0000000 --- a/Templates/sap-hana-on-gcp.xml +++ /dev/null @@ -1,6400 +0,0 @@ - - From 81ee0127401c4cbaa4a2ff3a399d11a120f4d03a Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:24:29 -0400 Subject: [PATCH 24/28] Delete Templates/simple-3-tier-web-application.xml --- Templates/simple-3-tier-web-application.xml | 10151 ------------------ 1 file changed, 10151 deletions(-) delete mode 100644 Templates/simple-3-tier-web-application.xml diff --git a/Templates/simple-3-tier-web-application.xml b/Templates/simple-3-tier-web-application.xml deleted file mode 100644 index 4dfc53f..0000000 --- a/Templates/simple-3-tier-web-application.xml +++ /dev/null @@ -1,10151 +0,0 @@ - - From 801ae90d2b4efccb1e8c552cee9d4ac787ee3cb6 Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:24:45 -0400 Subject: [PATCH 25/28] Delete Templates/simple-web-app.xml --- Templates/simple-web-app.xml | 12339 --------------------------------- 1 file changed, 12339 deletions(-) delete mode 100644 Templates/simple-web-app.xml diff --git a/Templates/simple-web-app.xml b/Templates/simple-web-app.xml deleted file mode 100644 index 5d0792e..0000000 --- a/Templates/simple-web-app.xml +++ /dev/null @@ -1,12339 +0,0 @@ - - From 2edac6d949072099fd6ac89514b59d9593717ab3 Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:25:05 -0400 Subject: [PATCH 26/28] Delete Templates/st-generator-form-template.xml --- Templates/st-generator-form-template.xml | 19625 --------------------- 1 file changed, 19625 deletions(-) delete mode 100644 Templates/st-generator-form-template.xml diff --git a/Templates/st-generator-form-template.xml b/Templates/st-generator-form-template.xml deleted file mode 100644 index a62f6cd..0000000 --- a/Templates/st-generator-form-template.xml +++ /dev/null @@ -1,19625 +0,0 @@ - - From 257fb83f093c1075de3c06dacc4c477747e391f8 Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:25:53 -0400 Subject: [PATCH 27/28] Add files via upload --- ...plication-and-api-behind-load-balancer.xml | 531 + .../aws-environment-template.xml | 21475 ++++++++++++ .../aws-siem-and-cloudwatch.xml | 17267 +++++++++ .../aws-simple-infrastructure-with-waf.xml | 219 + ...pplication-remote-access-web-ui-access.xml | 29169 ++++++++++++++++ .../azure-general-network-architecture.xml | 12271 +++++++ ...ent-to-azure-functions-and-web-backend.xml | 7855 +++++ .../external-user-access-through-vpn.xml | 19104 ++++++++++ .../gcp-cloud-architecture.xml | 2288 ++ .../generic-web-service.xml | 14942 ++++++++ .../kubernetes-deployment.xml | 10601 ++++++ .../llm-template-template.xml | 7269 ++++ .../ml-ai-example-template.xml | 8202 +++++ ...lient-to-kubernetes-cluster-with-istio.xml | 17032 +++++++++ .../nwe-autorizacion-de-operaciones.xml | 17529 ++++++++++ .../sample-system-template.xml | 17730 ++++++++++ .../Submitted_Templates/sap-hana-on-gcp.xml | 6400 ++++ .../simple-3-tier-web-application.xml | 10151 ++++++ .../Submitted_Templates/simple-web-app.xml | 12339 +++++++ .../st-generator-form-template.xml | 19625 +++++++++++ 20 files changed, 251999 insertions(+) create mode 100644 Templates/Submitted_Templates/3-tier-web-application-and-api-behind-load-balancer.xml create mode 100644 Templates/Submitted_Templates/aws-environment-template.xml create mode 100644 Templates/Submitted_Templates/aws-siem-and-cloudwatch.xml create mode 100644 Templates/Submitted_Templates/aws-simple-infrastructure-with-waf.xml create mode 100644 Templates/Submitted_Templates/aws-web-application-remote-access-web-ui-access.xml create mode 100644 Templates/Submitted_Templates/azure-general-network-architecture.xml create mode 100644 Templates/Submitted_Templates/azure-mqtt-client-to-azure-functions-and-web-backend.xml create mode 100644 Templates/Submitted_Templates/external-user-access-through-vpn.xml create mode 100644 Templates/Submitted_Templates/gcp-cloud-architecture.xml create mode 100644 Templates/Submitted_Templates/generic-web-service.xml create mode 100644 Templates/Submitted_Templates/kubernetes-deployment.xml create mode 100644 Templates/Submitted_Templates/llm-template-template.xml create mode 100644 Templates/Submitted_Templates/ml-ai-example-template.xml create mode 100644 Templates/Submitted_Templates/mobile-client-to-kubernetes-cluster-with-istio.xml create mode 100644 Templates/Submitted_Templates/nwe-autorizacion-de-operaciones.xml create mode 100644 Templates/Submitted_Templates/sample-system-template.xml create mode 100644 Templates/Submitted_Templates/sap-hana-on-gcp.xml create mode 100644 Templates/Submitted_Templates/simple-3-tier-web-application.xml create mode 100644 Templates/Submitted_Templates/simple-web-app.xml create mode 100644 Templates/Submitted_Templates/st-generator-form-template.xml diff --git a/Templates/Submitted_Templates/3-tier-web-application-and-api-behind-load-balancer.xml b/Templates/Submitted_Templates/3-tier-web-application-and-api-behind-load-balancer.xml new file mode 100644 index 0000000..83139f8 --- /dev/null +++ b/Templates/Submitted_Templates/3-tier-web-application-and-api-behind-load-balancer.xml @@ -0,0 +1,531 @@ + + diff --git a/Templates/Submitted_Templates/aws-environment-template.xml b/Templates/Submitted_Templates/aws-environment-template.xml new file mode 100644 index 0000000..ed5a169 --- /dev/null +++ b/Templates/Submitted_Templates/aws-environment-template.xml @@ -0,0 +1,21475 @@ + + diff --git a/Templates/Submitted_Templates/aws-siem-and-cloudwatch.xml b/Templates/Submitted_Templates/aws-siem-and-cloudwatch.xml new file mode 100644 index 0000000..d48d86d --- /dev/null +++ b/Templates/Submitted_Templates/aws-siem-and-cloudwatch.xml @@ -0,0 +1,17267 @@ + + diff --git a/Templates/Submitted_Templates/aws-simple-infrastructure-with-waf.xml b/Templates/Submitted_Templates/aws-simple-infrastructure-with-waf.xml new file mode 100644 index 0000000..cbfeb7b --- /dev/null +++ b/Templates/Submitted_Templates/aws-simple-infrastructure-with-waf.xml @@ -0,0 +1,219 @@ + + diff --git a/Templates/Submitted_Templates/aws-web-application-remote-access-web-ui-access.xml b/Templates/Submitted_Templates/aws-web-application-remote-access-web-ui-access.xml new file mode 100644 index 0000000..1110bb2 --- /dev/null +++ b/Templates/Submitted_Templates/aws-web-application-remote-access-web-ui-access.xml @@ -0,0 +1,29169 @@ + + diff --git a/Templates/Submitted_Templates/azure-general-network-architecture.xml b/Templates/Submitted_Templates/azure-general-network-architecture.xml new file mode 100644 index 0000000..87ae44d --- /dev/null +++ b/Templates/Submitted_Templates/azure-general-network-architecture.xml @@ -0,0 +1,12271 @@ + + diff --git a/Templates/Submitted_Templates/azure-mqtt-client-to-azure-functions-and-web-backend.xml b/Templates/Submitted_Templates/azure-mqtt-client-to-azure-functions-and-web-backend.xml new file mode 100644 index 0000000..39209bb --- /dev/null +++ b/Templates/Submitted_Templates/azure-mqtt-client-to-azure-functions-and-web-backend.xml @@ -0,0 +1,7855 @@ + + diff --git a/Templates/Submitted_Templates/external-user-access-through-vpn.xml b/Templates/Submitted_Templates/external-user-access-through-vpn.xml new file mode 100644 index 0000000..ea7d356 --- /dev/null +++ b/Templates/Submitted_Templates/external-user-access-through-vpn.xml @@ -0,0 +1,19104 @@ + + diff --git a/Templates/Submitted_Templates/gcp-cloud-architecture.xml b/Templates/Submitted_Templates/gcp-cloud-architecture.xml new file mode 100644 index 0000000..9b5faf2 --- /dev/null +++ b/Templates/Submitted_Templates/gcp-cloud-architecture.xml @@ -0,0 +1,2288 @@ + + diff --git a/Templates/Submitted_Templates/generic-web-service.xml b/Templates/Submitted_Templates/generic-web-service.xml new file mode 100644 index 0000000..65fc499 --- /dev/null +++ b/Templates/Submitted_Templates/generic-web-service.xml @@ -0,0 +1,14942 @@ + + diff --git a/Templates/Submitted_Templates/kubernetes-deployment.xml b/Templates/Submitted_Templates/kubernetes-deployment.xml new file mode 100644 index 0000000..3290979 --- /dev/null +++ b/Templates/Submitted_Templates/kubernetes-deployment.xml @@ -0,0 +1,10601 @@ + + diff --git a/Templates/Submitted_Templates/llm-template-template.xml b/Templates/Submitted_Templates/llm-template-template.xml new file mode 100644 index 0000000..9333492 --- /dev/null +++ b/Templates/Submitted_Templates/llm-template-template.xml @@ -0,0 +1,7269 @@ + + diff --git a/Templates/Submitted_Templates/ml-ai-example-template.xml b/Templates/Submitted_Templates/ml-ai-example-template.xml new file mode 100644 index 0000000..3c53d23 --- /dev/null +++ b/Templates/Submitted_Templates/ml-ai-example-template.xml @@ -0,0 +1,8202 @@ + + diff --git a/Templates/Submitted_Templates/mobile-client-to-kubernetes-cluster-with-istio.xml b/Templates/Submitted_Templates/mobile-client-to-kubernetes-cluster-with-istio.xml new file mode 100644 index 0000000..c88c660 --- /dev/null +++ b/Templates/Submitted_Templates/mobile-client-to-kubernetes-cluster-with-istio.xml @@ -0,0 +1,17032 @@ + + diff --git a/Templates/Submitted_Templates/nwe-autorizacion-de-operaciones.xml b/Templates/Submitted_Templates/nwe-autorizacion-de-operaciones.xml new file mode 100644 index 0000000..b9b95aa --- /dev/null +++ b/Templates/Submitted_Templates/nwe-autorizacion-de-operaciones.xml @@ -0,0 +1,17529 @@ + + diff --git a/Templates/Submitted_Templates/sample-system-template.xml b/Templates/Submitted_Templates/sample-system-template.xml new file mode 100644 index 0000000..c3cb1fb --- /dev/null +++ b/Templates/Submitted_Templates/sample-system-template.xml @@ -0,0 +1,17730 @@ + + diff --git a/Templates/Submitted_Templates/sap-hana-on-gcp.xml b/Templates/Submitted_Templates/sap-hana-on-gcp.xml new file mode 100644 index 0000000..db3a032 --- /dev/null +++ b/Templates/Submitted_Templates/sap-hana-on-gcp.xml @@ -0,0 +1,6400 @@ + + diff --git a/Templates/Submitted_Templates/simple-3-tier-web-application.xml b/Templates/Submitted_Templates/simple-3-tier-web-application.xml new file mode 100644 index 0000000..4dfc53f --- /dev/null +++ b/Templates/Submitted_Templates/simple-3-tier-web-application.xml @@ -0,0 +1,10151 @@ + + diff --git a/Templates/Submitted_Templates/simple-web-app.xml b/Templates/Submitted_Templates/simple-web-app.xml new file mode 100644 index 0000000..5d0792e --- /dev/null +++ b/Templates/Submitted_Templates/simple-web-app.xml @@ -0,0 +1,12339 @@ + + diff --git a/Templates/Submitted_Templates/st-generator-form-template.xml b/Templates/Submitted_Templates/st-generator-form-template.xml new file mode 100644 index 0000000..a62f6cd --- /dev/null +++ b/Templates/Submitted_Templates/st-generator-form-template.xml @@ -0,0 +1,19625 @@ + + From 276243e288d8686280e2d008dc8f51ce702a5672 Mon Sep 17 00:00:00 2001 From: Rabeco <106360860+Jayarr03@users.noreply.github.com> Date: Wed, 24 Apr 2024 23:27:18 -0400 Subject: [PATCH 28/28] Create README.MD --- Templates/IR_Published_Templates/README.MD | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 Templates/IR_Published_Templates/README.MD diff --git a/Templates/IR_Published_Templates/README.MD b/Templates/IR_Published_Templates/README.MD new file mode 100644 index 0000000..77cfdba --- /dev/null +++ b/Templates/IR_Published_Templates/README.MD @@ -0,0 +1,3 @@ +# Purpose + +These templates were published by IriusRisk to assist programs with a first set of threat models.