From 5e9d6f3e1cd2689624fdf8065123f15be5538574 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20Gr=C3=B8ndahl?= Date: Wed, 18 Mar 2026 01:02:51 +0100 Subject: [PATCH] feat: add SDLC Registry section with controls, risks, and governance pages MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Migrates the full SDLC Registry from the Hugo-based kosli-sdlc site into Mintlify docs — including 23 control pages, 9 risk pages, background and governance content, colored card grids with dark mode support, reusable snippets for all cards, and navigation wired up in docs.json. --- docs.json | 766 ++++++++++-------- .../controls/binary-provenance.svg | 25 + .../sdlc-registry/controls/change-records.svg | 99 +++ .../controls/defined-toolchain.svg | 37 + .../controls/dependency-management.svg | 43 + .../controls/deployment-approvals.svg | 100 +++ .../controls/deployment-controls.svg | 99 +++ .../controls/feature-branch-pr.svg | 114 +++ .../controls/secrets-management.svg | 99 +++ .../controls/workload-monitoring.jpg | Bin 0 -> 477651 bytes images/sdlc-registry/governance-scope.svg | 98 +++ images/sdlc-registry/governance.svg | 13 + images/sdlc-registry/hero-home.svg | 9 + images/sdlc-registry/padlock.svg | 18 + images/sdlc-registry/value-stream.svg | 70 ++ sdlc-registry/background.mdx | 41 + sdlc-registry/controls-engineering.mdx | 76 ++ sdlc-registry/controls.mdx | 73 ++ .../controls/build/binary_provenance.mdx | 70 ++ sdlc-registry/controls/build/dependencies.mdx | 68 ++ .../infrastructure_and_config_management.mdx | 63 ++ .../controls/build/secrets-scanning.mdx | 82 ++ sdlc-registry/controls/build/toolchain.mdx | 65 ++ .../controls/build/versioncontrol.mdx | 111 +++ .../lifecycle/penetration_testing.mdx | 60 ++ .../controls/lifecycle/service_ownership.mdx | 60 ++ sdlc-registry/controls/lifecycle/training.mdx | 59 ++ .../controls/release/code_review.mdx | 72 ++ .../controls/release/deployment_approvals.mdx | 60 ++ .../controls/release/feature_flags.mdx | 68 ++ sdlc-registry/controls/release/quality.mdx | 67 ++ .../vulnerability_scanning_containers.mdx | 64 ++ .../release/vulnerability_scanning_sast.mdx | 60 ++ .../release/vulnerability_scanning_sca.mdx | 67 ++ .../controls/runtime/change_records.mdx | 63 ++ .../controls/runtime/deployment_controls.mdx | 61 ++ .../controls/runtime/drift_detection.mdx | 63 ++ .../controls/runtime/secrets_managment.mdx | 91 +++ .../controls/runtime/system_access.mdx | 64 ++ .../controls/runtime/workload_monitoring.mdx | 65 ++ sdlc-registry/governance-bottleneck.mdx | 61 ++ sdlc-registry/overview.mdx | 92 +++ sdlc-registry/risks.mdx | 29 + .../risks/audit_and_compliance_failure.mdx | 49 ++ sdlc-registry/risks/configuration_drift.mdx | 45 + .../risks/credential_and_secret_exposure.mdx | 43 + sdlc-registry/risks/environment_breach.mdx | 53 ++ sdlc-registry/risks/insider_threat.mdx | 59 ++ .../risks/supply_chain_compromise.mdx | 55 ++ .../risks/unauthorised_deployment.mdx | 49 ++ .../risks/unauthorised_system_access.mdx | 41 + .../vulnerable_software_in_production.mdx | 55 ++ .../sdlc/controls/build/binary_provenance.mdx | 1 + snippets/sdlc/controls/build/dependencies.mdx | 1 + .../infrastructure_and_config_management.mdx | 1 + .../sdlc/controls/build/secrets-scanning.mdx | 1 + snippets/sdlc/controls/build/toolchain.mdx | 1 + .../sdlc/controls/build/versioncontrol.mdx | 1 + .../lifecycle/penetration_testing.mdx | 1 + .../controls/lifecycle/service_ownership.mdx | 1 + snippets/sdlc/controls/lifecycle/training.mdx | 1 + .../sdlc/controls/release/code_review.mdx | 1 + .../controls/release/deployment_approvals.mdx | 1 + .../sdlc/controls/release/feature_flags.mdx | 1 + snippets/sdlc/controls/release/quality.mdx | 1 + .../vulnerability_scanning_containers.mdx | 1 + .../release/vulnerability_scanning_sast.mdx | 1 + .../release/vulnerability_scanning_sca.mdx | 1 + .../sdlc/controls/runtime/change_records.mdx | 1 + .../controls/runtime/deployment_controls.mdx | 1 + .../sdlc/controls/runtime/drift_detection.mdx | 1 + .../controls/runtime/secrets_managment.mdx | 1 + .../sdlc/controls/runtime/system_access.mdx | 1 + .../controls/runtime/workload_monitoring.mdx | 1 + .../risks/audit_and_compliance_failure.mdx | 1 + snippets/sdlc/risks/configuration_drift.mdx | 1 + .../risks/credential_and_secret_exposure.mdx | 1 + snippets/sdlc/risks/environment_breach.mdx | 1 + snippets/sdlc/risks/insider_threat.mdx | 1 + .../sdlc/risks/supply_chain_compromise.mdx | 1 + .../sdlc/risks/unauthorised_deployment.mdx | 1 + .../sdlc/risks/unauthorised_system_access.mdx | 1 + .../vulnerable_software_in_production.mdx | 1 + style.css | 139 ++++ 84 files changed, 3757 insertions(+), 327 deletions(-) create mode 100644 images/sdlc-registry/controls/binary-provenance.svg create mode 100644 images/sdlc-registry/controls/change-records.svg create mode 100644 images/sdlc-registry/controls/defined-toolchain.svg create mode 100644 images/sdlc-registry/controls/dependency-management.svg create mode 100644 images/sdlc-registry/controls/deployment-approvals.svg create mode 100644 images/sdlc-registry/controls/deployment-controls.svg create mode 100644 images/sdlc-registry/controls/feature-branch-pr.svg create mode 100644 images/sdlc-registry/controls/secrets-management.svg create mode 100644 images/sdlc-registry/controls/workload-monitoring.jpg create mode 100644 images/sdlc-registry/governance-scope.svg create mode 100644 images/sdlc-registry/governance.svg create mode 100644 images/sdlc-registry/hero-home.svg create mode 100644 images/sdlc-registry/padlock.svg create mode 100644 images/sdlc-registry/value-stream.svg create mode 100644 sdlc-registry/background.mdx create mode 100644 sdlc-registry/controls-engineering.mdx create mode 100644 sdlc-registry/controls.mdx create mode 100644 sdlc-registry/controls/build/binary_provenance.mdx create mode 100644 sdlc-registry/controls/build/dependencies.mdx create mode 100644 sdlc-registry/controls/build/infrastructure_and_config_management.mdx create mode 100644 sdlc-registry/controls/build/secrets-scanning.mdx create mode 100644 sdlc-registry/controls/build/toolchain.mdx create mode 100644 sdlc-registry/controls/build/versioncontrol.mdx create mode 100644 sdlc-registry/controls/lifecycle/penetration_testing.mdx create mode 100644 sdlc-registry/controls/lifecycle/service_ownership.mdx create mode 100644 sdlc-registry/controls/lifecycle/training.mdx create mode 100644 sdlc-registry/controls/release/code_review.mdx create mode 100644 sdlc-registry/controls/release/deployment_approvals.mdx create mode 100644 sdlc-registry/controls/release/feature_flags.mdx create mode 100644 sdlc-registry/controls/release/quality.mdx create mode 100644 sdlc-registry/controls/release/vulnerability_scanning_containers.mdx create mode 100644 sdlc-registry/controls/release/vulnerability_scanning_sast.mdx create mode 100644 sdlc-registry/controls/release/vulnerability_scanning_sca.mdx create mode 100644 sdlc-registry/controls/runtime/change_records.mdx create mode 100644 sdlc-registry/controls/runtime/deployment_controls.mdx create mode 100644 sdlc-registry/controls/runtime/drift_detection.mdx create mode 100644 sdlc-registry/controls/runtime/secrets_managment.mdx create mode 100644 sdlc-registry/controls/runtime/system_access.mdx create mode 100644 sdlc-registry/controls/runtime/workload_monitoring.mdx create mode 100644 sdlc-registry/governance-bottleneck.mdx create mode 100644 sdlc-registry/overview.mdx create mode 100644 sdlc-registry/risks.mdx create mode 100644 sdlc-registry/risks/audit_and_compliance_failure.mdx create mode 100644 sdlc-registry/risks/configuration_drift.mdx create mode 100644 sdlc-registry/risks/credential_and_secret_exposure.mdx create mode 100644 sdlc-registry/risks/environment_breach.mdx create mode 100644 sdlc-registry/risks/insider_threat.mdx create mode 100644 sdlc-registry/risks/supply_chain_compromise.mdx create mode 100644 sdlc-registry/risks/unauthorised_deployment.mdx create mode 100644 sdlc-registry/risks/unauthorised_system_access.mdx create mode 100644 sdlc-registry/risks/vulnerable_software_in_production.mdx create mode 100644 snippets/sdlc/controls/build/binary_provenance.mdx create mode 100644 snippets/sdlc/controls/build/dependencies.mdx create mode 100644 snippets/sdlc/controls/build/infrastructure_and_config_management.mdx create mode 100644 snippets/sdlc/controls/build/secrets-scanning.mdx create mode 100644 snippets/sdlc/controls/build/toolchain.mdx create mode 100644 snippets/sdlc/controls/build/versioncontrol.mdx create mode 100644 snippets/sdlc/controls/lifecycle/penetration_testing.mdx create mode 100644 snippets/sdlc/controls/lifecycle/service_ownership.mdx create mode 100644 snippets/sdlc/controls/lifecycle/training.mdx create mode 100644 snippets/sdlc/controls/release/code_review.mdx create mode 100644 snippets/sdlc/controls/release/deployment_approvals.mdx create mode 100644 snippets/sdlc/controls/release/feature_flags.mdx create mode 100644 snippets/sdlc/controls/release/quality.mdx create mode 100644 snippets/sdlc/controls/release/vulnerability_scanning_containers.mdx create mode 100644 snippets/sdlc/controls/release/vulnerability_scanning_sast.mdx create mode 100644 snippets/sdlc/controls/release/vulnerability_scanning_sca.mdx create mode 100644 snippets/sdlc/controls/runtime/change_records.mdx create mode 100644 snippets/sdlc/controls/runtime/deployment_controls.mdx create mode 100644 snippets/sdlc/controls/runtime/drift_detection.mdx create mode 100644 snippets/sdlc/controls/runtime/secrets_managment.mdx create mode 100644 snippets/sdlc/controls/runtime/system_access.mdx create mode 100644 snippets/sdlc/controls/runtime/workload_monitoring.mdx create mode 100644 snippets/sdlc/risks/audit_and_compliance_failure.mdx create mode 100644 snippets/sdlc/risks/configuration_drift.mdx create mode 100644 snippets/sdlc/risks/credential_and_secret_exposure.mdx create mode 100644 snippets/sdlc/risks/environment_breach.mdx create mode 100644 snippets/sdlc/risks/insider_threat.mdx create mode 100644 snippets/sdlc/risks/supply_chain_compromise.mdx create mode 100644 snippets/sdlc/risks/unauthorised_deployment.mdx create mode 100644 snippets/sdlc/risks/unauthorised_system_access.mdx create mode 100644 snippets/sdlc/risks/vulnerable_software_in_production.mdx diff --git a/docs.json b/docs.json index 759e19b..180e4c1 100644 --- a/docs.json +++ b/docs.json @@ -46,436 +46,548 @@ } ], "navigation": { - "tabs": [ + "products": [ { - "tab": "Documentation", - "groups": [ + "tabs": [ { - "group": "Understand Kosli", - "icon": "book-open", - "pages": [ - "understand_kosli/what_is_kosli", - "understand_kosli/concepts" - ] - }, - { - "group": "Getting started", - "icon": "rocket", - "pages": [ - "getting_started/install", - "getting_started/service-accounts", - "getting_started/flows", - "getting_started/trails", - "getting_started/artifacts", - "getting_started/attestations", - "getting_started/environments", - "getting_started/policies", - "getting_started/approvals" - ] - }, - { - "group": "Administration", - "icon": "cog", - "pages": [ - { - "group": "Managing Users", - "pages": [ - "administration/managing_users/roles_in_kosli" - ] - }, + "tab": "Documentation", + "groups": [ { - "group": "Managing Environments", + "group": "Understand Kosli", + "icon": "book-open", "pages": [ - "administration/managing_environments/overview" + "understand_kosli/what_is_kosli", + "understand_kosli/concepts" ] }, - { - "group": "Managing Custom Attestation Types", - "pages": [ - "administration/managing_custom_attestation_types/overview" - ] - } - ] - }, - { - "group": "Tutorials", - "icon": "graduation-cap", - "pages": [ { "group": "Getting started", - "pages": [ - "tutorials/try_kosli_locally", - "tutorials/cli_and_http_proxy" + "icon": "rocket", + "pages": [ + "getting_started/install", + "getting_started/service-accounts", + "getting_started/flows", + "getting_started/trails", + "getting_started/artifacts", + "getting_started/attestations", + "getting_started/environments", + "getting_started/policies", + "getting_started/approvals" ] }, { - "group": "Attesting", + "group": "Administration", + "icon": "cog", "pages": [ - "tutorials/attest_snyk", - "tutorials/custom-attestation-ctrf" + { + "group": "Managing Users", + "pages": [ + "administration/managing_users/roles_in_kosli" + ] + }, + { + "group": "Managing Environments", + "pages": [ + "administration/managing_environments/overview" + ] + }, + { + "group": "Managing Custom Attestation Types", + "pages": [ + "administration/managing_custom_attestation_types/overview" + ] + } ] }, { - "group": "Reporting environments", + "group": "Tutorials", + "icon": "graduation-cap", "pages": [ - "tutorials/report_aws_envs", - "tutorials/report_k8s_envs" + { + "group": "Getting started", + "pages": [ + "tutorials/try_kosli_locally", + "tutorials/cli_and_http_proxy" + ] + }, + { + "group": "Attesting", + "pages": [ + "tutorials/attest_snyk", + "tutorials/custom-attestation-ctrf" + ] + }, + { + "group": "Reporting environments", + "pages": [ + "tutorials/report_aws_envs", + "tutorials/report_k8s_envs" + ] + }, + { + "group": "Querying & tracing", + "pages": [ + "tutorials/querying_kosli", + "tutorials/following_a_git_commit_to_runtime_environments", + "tutorials/tracing_a_production_incident_back_to_git_commits" + ] + }, + { + "group": "Security", + "pages": [ + "tutorials/unauthorized_iac_changes" + ] + } ] }, { - "group": "Querying & tracing", + "group": "Troubleshooting", + "icon": "wrench", "pages": [ - "tutorials/querying_kosli", - "tutorials/following_a_git_commit_to_runtime_environments", - "tutorials/tracing_a_production_incident_back_to_git_commits" + "troubleshooting/what_do_i_do_if_kosli_is_down" ] }, { - "group": "Security", + "group": "Integrations", + "icon": "puzzle-piece", "pages": [ - "tutorials/unauthorized_iac_changes" + "integrations/actions", + "integrations/ci_cd", + "integrations/slack", + "integrations/launchdarkly", + "integrations/sonar" ] } ] }, { - "group": "Troubleshooting", - "icon": "wrench", - "pages": [ - "troubleshooting/what_do_i_do_if_kosli_is_down" - ] - }, - { - "group": "Integrations", - "icon": "puzzle-piece", - "pages": [ - "integrations/actions", - "integrations/ci_cd", - "integrations/slack", - "integrations/launchdarkly", - "integrations/sonar" - ] - } - ] - }, - { - "tab": "Labs", - "groups": [ - { - "group": "Kosli Learning Labs", - "pages": [ - "labs/index", - "labs/lab-01-get-ready", - "labs/lab-02-flows-and-trails", - "labs/lab-03-build-controls", - "labs/lab-04-release-controls", - "labs/lab-05-runtime-controls" - ] - } - ] - }, - { - "tab": "Implementation Guide", - "groups": [ - { - "group": "Phase 1: Initial Discovery", - "icon": "lightbulb", - "pages": [ + "tab": "Labs", + "groups": [ { - "group": "Roles & Responsibilities", + "group": "Kosli Learning Labs", "pages": [ - "implementation_guide/phase_1/roles_and_responsibilities/overview", - "implementation_guide/phase_1/roles_and_responsibilities/platform_engineers", - "implementation_guide/phase_1/roles_and_responsibilities/app_developers", - "implementation_guide/phase_1/roles_and_responsibilities/security_compliance", - "implementation_guide/phase_1/roles_and_responsibilities/sponsors" + "labs/index", + "labs/lab-01-get-ready", + "labs/lab-02-flows-and-trails", + "labs/lab-03-build-controls", + "labs/lab-04-release-controls", + "labs/lab-05-runtime-controls" ] } ] }, { - "group": "Phase 2: Configure Kosli", - "icon": "gear", - "pages": [ + "tab": "Implementation Guide", + "groups": [ { - "group": "Plan Organizational Structure", + "group": "Phase 1: Initial Discovery", + "icon": "lightbulb", "pages": [ { - "group": "Naming Conventions", + "group": "Roles & Responsibilities", "pages": [ - "implementation_guide/phase_2/plan_organizational_structure/naming_conventions/overview", - "implementation_guide/phase_2/plan_organizational_structure/naming_conventions/attestation_types", - "implementation_guide/phase_2/plan_organizational_structure/naming_conventions/flows_and_trails" + "implementation_guide/phase_1/roles_and_responsibilities/overview", + "implementation_guide/phase_1/roles_and_responsibilities/platform_engineers", + "implementation_guide/phase_1/roles_and_responsibilities/app_developers", + "implementation_guide/phase_1/roles_and_responsibilities/security_compliance", + "implementation_guide/phase_1/roles_and_responsibilities/sponsors" ] } ] - } - ] - } - ] - }, - { - "tab": "Reference", - "menu": [ - { - "item": "CLI Reference", - "icon": "terminal", - "groups": [ - { - "group": "General", - "pages": [ - "client_reference/overview", - "client_reference/kosli", - "client_reference/kosli_attach-policy", - "client_reference/kosli_completion", - "client_reference/kosli_config", - "client_reference/kosli_detach-policy", - "client_reference/kosli_fingerprint", - "client_reference/kosli_search", - "client_reference/kosli_status", - "client_reference/kosli_tag", - "client_reference/kosli_version" - ] - }, - { - "group": "kosli allow", - "pages": [ - "client_reference/kosli_allow_artifact" - ] - }, - { - "group": "kosli archive", - "pages": [ - "client_reference/kosli_archive_attestation-type", - "client_reference/kosli_archive_environment", - "client_reference/kosli_archive_flow" - ] - }, - { - "group": "kosli assert", - "pages": [ - "client_reference/kosli_assert_approval", - "client_reference/kosli_assert_artifact", - "client_reference/kosli_assert_pullrequest_azure", - "client_reference/kosli_assert_pullrequest_bitbucket", - "client_reference/kosli_assert_pullrequest_github", - "client_reference/kosli_assert_pullrequest_gitlab", - "client_reference/kosli_assert_snapshot", - "client_reference/kosli_assert_status" - ] - }, - { - "group": "kosli attest", - "pages": [ - "client_reference/kosli_attest_artifact", - "client_reference/kosli_attest_custom", - "client_reference/kosli_attest_generic", - "client_reference/kosli_attest_jira", - "client_reference/kosli_attest_junit", - "client_reference/kosli_attest_pullrequest_azure", - "client_reference/kosli_attest_pullrequest_bitbucket", - "client_reference/kosli_attest_pullrequest_github", - "client_reference/kosli_attest_pullrequest_gitlab", - "client_reference/kosli_attest_snyk", - "client_reference/kosli_attest_sonar" - ] - }, - { - "group": "kosli begin", - "pages": [ - "client_reference/kosli_begin_trail" - ] - }, - { - "group": "kosli create", - "pages": [ - "client_reference/kosli_create_attestation-type", - "client_reference/kosli_create_environment", - "client_reference/kosli_create_flow", - "client_reference/kosli_create_policy" - ] - }, - { - "group": "kosli diff", - "pages": [ - "client_reference/kosli_diff_snapshots" - ] - }, - { - "group": "kosli disable / enable", - "pages": [ - "client_reference/kosli_disable_beta", - "client_reference/kosli_enable_beta" - ] - }, - { - "group": "kosli evaluate", - "pages": [ - "client_reference/kosli_evaluate_trail", - "client_reference/kosli_evaluate_trails" - ] - }, - { - "group": "kosli get", - "pages": [ - "client_reference/kosli_get_approval", - "client_reference/kosli_get_artifact", - "client_reference/kosli_get_attestation-type", - "client_reference/kosli_get_attestation", - "client_reference/kosli_get_deployment", - "client_reference/kosli_get_environment", - "client_reference/kosli_get_flow", - "client_reference/kosli_get_policy", - "client_reference/kosli_get_snapshot", - "client_reference/kosli_get_trail" - ] - }, - { - "group": "kosli join", - "pages": [ - "client_reference/kosli_join_environment" - ] - }, - { - "group": "kosli list", - "pages": [ - "client_reference/kosli_list_approvals", - "client_reference/kosli_list_artifacts", - "client_reference/kosli_list_attestation-types", - "client_reference/kosli_list_deployments", - "client_reference/kosli_list_environments", - "client_reference/kosli_list_flows", - "client_reference/kosli_list_policies", - "client_reference/kosli_list_snapshots", - "client_reference/kosli_list_trails" - ] }, { - "group": "kosli log", + "group": "Phase 2: Configure Kosli", + "icon": "gear", "pages": [ - "client_reference/kosli_log_environment" + { + "group": "Plan Organizational Structure", + "pages": [ + { + "group": "Naming Conventions", + "pages": [ + "implementation_guide/phase_2/plan_organizational_structure/naming_conventions/overview", + "implementation_guide/phase_2/plan_organizational_structure/naming_conventions/attestation_types", + "implementation_guide/phase_2/plan_organizational_structure/naming_conventions/flows_and_trails" + ] + } + ] + } ] - }, + } + ] + }, + { + "tab": "Reference", + "menu": [ { - "group": "kosli rename", - "pages": [ - "client_reference/kosli_rename_environment", - "client_reference/kosli_rename_flow" + "item": "CLI Reference", + "icon": "terminal", + "groups": [ + { + "group": "General", + "pages": [ + "client_reference/overview", + "client_reference/kosli", + "client_reference/kosli_attach-policy", + "client_reference/kosli_completion", + "client_reference/kosli_config", + "client_reference/kosli_detach-policy", + "client_reference/kosli_fingerprint", + "client_reference/kosli_search", + "client_reference/kosli_status", + "client_reference/kosli_tag", + "client_reference/kosli_version" + ] + }, + { + "group": "kosli allow", + "pages": [ + "client_reference/kosli_allow_artifact" + ] + }, + { + "group": "kosli archive", + "pages": [ + "client_reference/kosli_archive_attestation-type", + "client_reference/kosli_archive_environment", + "client_reference/kosli_archive_flow" + ] + }, + { + "group": "kosli assert", + "pages": [ + "client_reference/kosli_assert_approval", + "client_reference/kosli_assert_artifact", + "client_reference/kosli_assert_pullrequest_azure", + "client_reference/kosli_assert_pullrequest_bitbucket", + "client_reference/kosli_assert_pullrequest_github", + "client_reference/kosli_assert_pullrequest_gitlab", + "client_reference/kosli_assert_snapshot", + "client_reference/kosli_assert_status" + ] + }, + { + "group": "kosli attest", + "pages": [ + "client_reference/kosli_attest_artifact", + "client_reference/kosli_attest_custom", + "client_reference/kosli_attest_generic", + "client_reference/kosli_attest_jira", + "client_reference/kosli_attest_junit", + "client_reference/kosli_attest_pullrequest_azure", + "client_reference/kosli_attest_pullrequest_bitbucket", + "client_reference/kosli_attest_pullrequest_github", + "client_reference/kosli_attest_pullrequest_gitlab", + "client_reference/kosli_attest_snyk", + "client_reference/kosli_attest_sonar" + ] + }, + { + "group": "kosli begin", + "pages": [ + "client_reference/kosli_begin_trail" + ] + }, + { + "group": "kosli create", + "pages": [ + "client_reference/kosli_create_attestation-type", + "client_reference/kosli_create_environment", + "client_reference/kosli_create_flow", + "client_reference/kosli_create_policy" + ] + }, + { + "group": "kosli diff", + "pages": [ + "client_reference/kosli_diff_snapshots" + ] + }, + { + "group": "kosli disable / enable", + "pages": [ + "client_reference/kosli_disable_beta", + "client_reference/kosli_enable_beta" + ] + }, + { + "group": "kosli evaluate", + "pages": [ + "client_reference/kosli_evaluate_trail", + "client_reference/kosli_evaluate_trails" + ] + }, + { + "group": "kosli get", + "pages": [ + "client_reference/kosli_get_approval", + "client_reference/kosli_get_artifact", + "client_reference/kosli_get_attestation-type", + "client_reference/kosli_get_attestation", + "client_reference/kosli_get_deployment", + "client_reference/kosli_get_environment", + "client_reference/kosli_get_flow", + "client_reference/kosli_get_policy", + "client_reference/kosli_get_snapshot", + "client_reference/kosli_get_trail" + ] + }, + { + "group": "kosli join", + "pages": [ + "client_reference/kosli_join_environment" + ] + }, + { + "group": "kosli list", + "pages": [ + "client_reference/kosli_list_approvals", + "client_reference/kosli_list_artifacts", + "client_reference/kosli_list_attestation-types", + "client_reference/kosli_list_deployments", + "client_reference/kosli_list_environments", + "client_reference/kosli_list_flows", + "client_reference/kosli_list_policies", + "client_reference/kosli_list_snapshots", + "client_reference/kosli_list_trails" + ] + }, + { + "group": "kosli log", + "pages": [ + "client_reference/kosli_log_environment" + ] + }, + { + "group": "kosli rename", + "pages": [ + "client_reference/kosli_rename_environment", + "client_reference/kosli_rename_flow" + ] + }, + { + "group": "kosli report", + "pages": [ + "client_reference/kosli_report_approval" + ] + }, + { + "group": "kosli request", + "pages": [ + "client_reference/kosli_request_approval" + ] + }, + { + "group": "kosli snapshot", + "pages": [ + "client_reference/kosli_snapshot_azure", + "client_reference/kosli_snapshot_docker", + "client_reference/kosli_snapshot_ecs", + "client_reference/kosli_snapshot_k8s", + "client_reference/kosli_snapshot_lambda", + "client_reference/kosli_snapshot_path", + "client_reference/kosli_snapshot_paths", + "client_reference/kosli_snapshot_s3" + ] + }, + { + "group": "Deprecated", + "pages": [ + "client_reference/kosli_expect_deployment", + "client_reference/kosli_report_artifact", + "client_reference/kosli_snapshot_server" + ] + } ] }, { - "group": "kosli report", - "pages": [ - "client_reference/kosli_report_approval" + "item": "Template Reference", + "icon": "file-code", + "groups": [ + { + "group": "Templates", + "pages": [ + "template-reference/flow_template" + ] + } ] }, { - "group": "kosli request", - "pages": [ - "client_reference/kosli_request_approval" + "item": "API Reference", + "icon": "code", + "groups": [ + { + "group": "Environments", + "pages": [ + "api-reference/endpoint/list_environments", + "api-reference/endpoint/put_environment" + ] + } ] }, { - "group": "kosli snapshot", - "pages": [ - "client_reference/kosli_snapshot_azure", - "client_reference/kosli_snapshot_docker", - "client_reference/kosli_snapshot_ecs", - "client_reference/kosli_snapshot_k8s", - "client_reference/kosli_snapshot_lambda", - "client_reference/kosli_snapshot_path", - "client_reference/kosli_snapshot_paths", - "client_reference/kosli_snapshot_s3" + "item": "Helm Reference", + "icon": "layer-group", + "groups": [ + { + "group": "Helm Charts", + "pages": [ + "helm/k8s_reporter" + ] + } ] }, { - "group": "Deprecated", - "pages": [ - "client_reference/kosli_expect_deployment", - "client_reference/kosli_report_artifact", - "client_reference/kosli_snapshot_server" + "item": "Terraform Reference", + "icon": "cubes", + "groups": [ + { + "group": "Provider", + "pages": [ + "terraform-reference/index" + ] + }, + { + "group": "Resources", + "pages": [ + "terraform-reference/resources/environment", + "terraform-reference/resources/logical_environment", + "terraform-reference/resources/custom_attestation_type" + ] + }, + { + "group": "Data Sources", + "pages": [ + "terraform-reference/data-sources/environment", + "terraform-reference/data-sources/logical_environment", + "terraform-reference/data-sources/custom_attestation_type" + ] + } ] } ] }, { - "item": "Template Reference", - "icon": "file-code", + "tab": "Changelog", + "icon": "clock", "groups": [ { - "group": "Templates", + "group": "Changelog", "pages": [ - "template-reference/flow_template" + "changelog/index" ] } ] - }, + } + ], + "product": "Platform" + }, + { + "tabs": [ { - "item": "API Reference", - "icon": "code", + "tab": "Overview", "groups": [ { - "group": "Environments", + "group": "Introduction", + "icon": "book-open", "pages": [ - "api-reference/endpoint/list_environments", - "api-reference/endpoint/put_environment" + "sdlc-registry/overview", + "sdlc-registry/background" + ] + }, + { + "group": "Background", + "icon": "book-open", + "pages": [ + "sdlc-registry/governance-bottleneck", + "sdlc-registry/controls-engineering" ] } ] }, { - "item": "Helm Reference", - "icon": "layer-group", + "tab": "Risks", "groups": [ { - "group": "Helm Charts", + "group": "Overview", + "icon": "triangle-exclamation", + "pages": ["sdlc-registry/risks"] + }, + { + "group": "Risks", + "icon": "triangle-exclamation", "pages": [ - "helm/k8s_reporter" + "sdlc-registry/risks/supply_chain_compromise", + "sdlc-registry/risks/insider_threat", + "sdlc-registry/risks/unauthorised_deployment", + "sdlc-registry/risks/credential_and_secret_exposure", + "sdlc-registry/risks/vulnerable_software_in_production", + "sdlc-registry/risks/audit_and_compliance_failure", + "sdlc-registry/risks/unauthorised_system_access", + "sdlc-registry/risks/configuration_drift", + "sdlc-registry/risks/environment_breach" ] } ] }, { - "item": "Terraform Reference", - "icon": "cubes", + "tab": "Controls", "groups": [ { - "group": "Provider", + "group": "Overview", + "icon": "shield-halved", + "pages": ["sdlc-registry/controls"] + }, + { + "group": "Build", + "icon": "hammer", + "pages": [ + "sdlc-registry/controls/build/versioncontrol", + "sdlc-registry/controls/build/binary_provenance", + "sdlc-registry/controls/build/toolchain", + "sdlc-registry/controls/build/dependencies", + "sdlc-registry/controls/build/infrastructure_and_config_management", + "sdlc-registry/controls/build/secrets-scanning" + ] + }, + { + "group": "Release", + "icon": "rocket", "pages": [ - "terraform-reference/index" + "sdlc-registry/controls/release/code_review", + "sdlc-registry/controls/release/quality", + "sdlc-registry/controls/release/deployment_approvals", + "sdlc-registry/controls/release/vulnerability_scanning_sast", + "sdlc-registry/controls/release/vulnerability_scanning_sca", + "sdlc-registry/controls/release/vulnerability_scanning_containers", + "sdlc-registry/controls/release/feature_flags" ] }, { - "group": "Resources", + "group": "Runtime", + "icon": "server", "pages": [ - "terraform-reference/resources/environment", - "terraform-reference/resources/logical_environment", - "terraform-reference/resources/custom_attestation_type" + "sdlc-registry/controls/runtime/change_records", + "sdlc-registry/controls/runtime/deployment_controls", + "sdlc-registry/controls/runtime/secrets_managment", + "sdlc-registry/controls/runtime/system_access", + "sdlc-registry/controls/runtime/workload_monitoring", + "sdlc-registry/controls/runtime/drift_detection" ] }, { - "group": "Data Sources", + "group": "Lifecycle", + "icon": "arrows-spin", "pages": [ - "terraform-reference/data-sources/environment", - "terraform-reference/data-sources/logical_environment", - "terraform-reference/data-sources/custom_attestation_type" + "sdlc-registry/controls/lifecycle/service_ownership", + "sdlc-registry/controls/lifecycle/training", + "sdlc-registry/controls/lifecycle/penetration_testing" ] } ] } - ] - }, - { - "tab": "Changelog", - "icon": "clock", - "groups": [ - { - "group": "Changelog", - "pages": [ - "changelog/index" - ] - } - ] + ], + "product": "SDLC Registry" } ] }, diff --git a/images/sdlc-registry/controls/binary-provenance.svg b/images/sdlc-registry/controls/binary-provenance.svg new file mode 100644 index 0000000..418a2b9 --- /dev/null +++ b/images/sdlc-registry/controls/binary-provenance.svg @@ -0,0 +1,25 @@ + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/images/sdlc-registry/controls/change-records.svg b/images/sdlc-registry/controls/change-records.svg new file mode 100644 index 0000000..dafbd6f --- /dev/null +++ b/images/sdlc-registry/controls/change-records.svg @@ -0,0 +1,99 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/images/sdlc-registry/controls/defined-toolchain.svg b/images/sdlc-registry/controls/defined-toolchain.svg new file mode 100644 index 0000000..309d394 --- /dev/null +++ b/images/sdlc-registry/controls/defined-toolchain.svg @@ -0,0 +1,37 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/images/sdlc-registry/controls/dependency-management.svg b/images/sdlc-registry/controls/dependency-management.svg new file mode 100644 index 0000000..e1d691d --- /dev/null +++ b/images/sdlc-registry/controls/dependency-management.svg @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/images/sdlc-registry/controls/deployment-approvals.svg b/images/sdlc-registry/controls/deployment-approvals.svg new file mode 100644 index 0000000..7d1597b --- /dev/null +++ b/images/sdlc-registry/controls/deployment-approvals.svg @@ -0,0 +1,100 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/images/sdlc-registry/controls/deployment-controls.svg b/images/sdlc-registry/controls/deployment-controls.svg new file mode 100644 index 0000000..658ff5c --- /dev/null +++ b/images/sdlc-registry/controls/deployment-controls.svg @@ -0,0 +1,99 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/images/sdlc-registry/controls/feature-branch-pr.svg b/images/sdlc-registry/controls/feature-branch-pr.svg new file mode 100644 index 0000000..1c756fd --- /dev/null +++ b/images/sdlc-registry/controls/feature-branch-pr.svg @@ -0,0 +1,114 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/images/sdlc-registry/controls/secrets-management.svg b/images/sdlc-registry/controls/secrets-management.svg new file mode 100644 index 0000000..7df9e76 --- /dev/null +++ b/images/sdlc-registry/controls/secrets-management.svg @@ -0,0 +1,99 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/images/sdlc-registry/controls/workload-monitoring.jpg b/images/sdlc-registry/controls/workload-monitoring.jpg new file mode 100644 index 0000000000000000000000000000000000000000..00bcb5aec79a612d1d3f5305a24c1db4ddcfb7c8 GIT binary patch literal 477651 zcmeFa30PCvx-A+D6+6TRK|oBEf(QtxfGAzIT8e-W0qKRPh;#xXJ%p^S2q*|qKu{1; zO5aALlP-~7K#24bnm`bgCXmpC1xZ%ks=e=KRN) z{~Z6A{4e}5#4f{&1{V<xS*6TtW zb|Ze+y+LUA27V&~i9l@F^!IBc{>R6LAA~k;+AO?f>$dIi6UufWe%K%+^utD>O`A4u zgr6M>{~ob%_oh8RojALBujvipL*8O1?>~FJf86}8P?*`@(OzuTwDLOT^kTW|I%fDZ`l8*U2rFC_+jHlp^d`7wrj%=0r02L?v0y% zIyw|l&TvmNtj`eHP{?@Ypy@oybr&{(e z4g1%2Q4u?YHo!MeXg30dfM&|<%|h0`@+Oqu6?92l5etj62u1-Z*CHp(B3f-o9S! zha$C7r9EYPAH)TR^mnaD-L|k6j2Xdv5rhmu)D!@R06PV|;lDR;5X=C<3=qr!0Us3b zK>;5W@Ie6@3eZr1h5|GcprHT_1!yQhLjf8J&`^Me0yGq$p#Tj9XedBK0U8R>P=JO4 zG(;Q~TEsxxcJmRNUh|?*W2rZn>S=pw9D`VUCxX8yPey(qgts~uf!)Z`rYURV3FUL{ zDPB9VdT%TD*bM_s#<_LG5m%oW^jYRq^|m?B;Zs7pqxyGGW{0|=FRd*We&y{Wrn`J? zoN&2O8hYrMe*7^1jvM;LjRp^yP+dp7*SdAv%`qFa2#101fd3&ea-4w5UZi1wvK zI;emhK2G<-&zAH;O5hvSt=JzUt{U8kv$Ns;qJQpxx}N06nF9Dc!bgl_rhi#@RqNrU%Ek;_;h?w&jd&Dp z2(;CSk7zRGBenno1458EK+F>!CL^xq~<~|z$b&@y)aFx5KosWo0hj#H1#3EttF+KuwRkVbU zsQXGD<|A6jV~H591(F%b3%!dPcV1urC6oY(%0b^CUAQUl_y~FqAMp@1JA0px*p3?L z6Pn{Am_e$mDAocfm&8Zx)93yKU-FtLXakXQkj{KWSSwJ;N8o|FV`MN7H7>foJ_giN zR#yHZXsY0@3I?!Xt_s4EAOZ`(Mu4jV3L#)i0%9nj`+}8?U=b%+uL_ptf-Hm};UdT_ z{hCI*TFuKujlr3=!F~no1(xQROiOdBsxh7+5quT373EBhLb*iWNs<-OW~2L-DSLTF@AdaMXYAir$^V=HX8OnnGaSBq!pl~S{rqXywEo0-;A>5&OlS*W?`iD(%U+NA*<_c0^UU2X@ZKNIE67Au}W;(_I-A=yC1(GG{f zVb}E}{KB`WubtG;S9ino{O&!zw=|xYSL`-(@|_n~4PUKVCD+|yrFrB?e74eHo5COv zwP!Vb@g7cp#gth=CpVyCAR#84=@bovbeV)kN+eFPEQBH&NU77BBG6Su-HI=$Csr7E z@?m^5FEUA^4vQB=w}H%eWnh6Hkh>V3bCpKjY@*KCkQLNh}xb5>rT zz8dvPHdCVXO%Hmi+Ry&rlVz#62Y;r`In)a@sN&2O$25~m%B!<+b(pubp&B&j7S}M| z;B$>l5$LR6%@VI=zG-MKf7&um*byjgTw)`|M@*n&Hs@xId@o3(K4m68_TID{j3xav zpsv)hx4)fvA}>vTx6?TZS4}59`(c8icL`~jQW#H8ifwL7S+Ct*wfN3M>AjD#n3YZ2 z%+R2FwdFTBGo46gdhihqq7jx-`iy;W=6!#0Iqx;fg|=^hjg1d8y(yrj2_-^0IJ5pL zCTEx!Ya5dC1$P`|Wu)l+SUDiyt0U@>(;DjGoE?}tR?51(65S!M-CYmO#Py`Qo{`J0 z=00P%8}?V*Hdgdt&2eQ`m3l|VUBIWZ#9y3FI zC4B~Rw+a#;E61rTAg*lq%O-@F;LAVI1shm+Mhv`Hz~#k}y^tHxV??U?xNs!a@z`CH zG$gApwLnU>k+S((htN4y9l43>{Z`j{PVE)zo;F7ZjWZ1G>`;tUX|t&Q{qe#3lfMM{ zn5EzY7q$XX+9>;hi%;Bdd>_CoTPye{c00t41bd7io6%2n_Hph4b;ZcCo$++|m1lzo z7(&0k1F)TLd}_cZ`btS0`m5dR2bIY@z8gNQ*TR+ zS_}N_RoWXzw=-AYXGV79yl+(uOm;0B@pmuCt?+bNkQk(*o4kq7`%IL38#-nO*HDu= ziQTqFWyF0vGOiO@imE42tH+WWXw>avghxq@e1r&2?z`zM4%sWU*ERG`t4_aG(c?mE zwU6u0k92hNsTh}FcJkt-JAQWCtNjuKyN<+v$T#$LGkku*wP~;@wFjN&ewA~Oq4>0L zOK(`sts?SOj{35DC8O`b_*5Z*wi_`RlUMw7`l6)4-_ZY1InVAa+zg zdQuF!eLAWwTE>ds`k|xnw%0YXD-tZ!Q{q~H z_gPZyWBtVi2H!@GuN9mI2Vu&$r28j(ApBVh2vxqjsd7kY1LduppsIvD?# znmC1sR62Uc4AaKFYIFM6w({i6@Y1+CZ$#p#y@Exm)YE)p>XiU{f-fhl)V<_T;Ze(M zMIWmt&k25mMIE~4^Z1D&Xp1r{k{-a_+YW70;#`1-3lilbVzy{}xY0q0WxQIS>sj;N z_XSB7)IOioSY8F)_qfOLT@c0I12tS->D4~!g|Zb?;fLy=a*}DkDwg7Y;^B$Yw$@Yw zdpQa%&ZIwdYG=YqrRyIj$rVEuelc@z_U=T9RfK*bS3 z?Pz-6LL}g%Iv71xo7q^-!kU2-L~zL5I<_k$8+(L#D{;HyU42@)7O|0`bY&6W=2<#x zgYMWiP!dCHXAHgg7b>0&=;itrJNL)}C^u=SdwaSlSC z$U^GXz7_cKq&j4zo@B4&;l-GRM};+N*&Xykhg*wha46so|8r*nq9~^K z!8E`L1uCJrdx`8JW`?QDdIYQy*rL1o$W!@;4}J`*F=Ugml>Ke{s~^POGkdv06EQ;d z0aG`pCe9Z}d_W#ij$W7~lj?51U9j`9 z*&z5Z$CHRy{nH52guql-QqhR|CPP>aKyv2%7H$!iV6uG|SXH1qqn1SY2ygQ0ZeFd` zgOEQBNBF-nhmehU?m#+^uq<`?*g(1_Z(c<3g1UKE^fL7vxy=%_NcKNSIZOapb!L*B5G zEx?70j89D^t{Uft&1NRclS0{j_ zSUjhi%wtQfzC*7?!SM>kNnoiF)*|4CG|nTaFTYOr?Vn~v0?7koEYY%SiL!d>Uuz`FAe7;;YPZN?g~ z2=&M)T3O^nERuyBpRW!YCrAc5EYxH6E)blT5rOW?b|Xig`R6}Iub`6U~Hb5@0Tpif6&+!mTMXRa9_OVm67jp zhQ<|N;}?p>Sb@Rsu4J2*y3!%ICE;U#S}FoxIaFG|)yl~sIk zaE{XsJ#Pcban89){oEmq&0K*=VfdB0n{mImIwqNOc7*6B9d5bHs^_U5Yt955SFdK! zMks3s+E3P1czG<{%}Iiutr7BRoAq?K`*?4-5*{pxG0i3nf{S5l3@_U1(}76R(QX~{ zjHXb8xp&s+u&bsOYLHr3G$|46@Jl&0JpH&`ipz`p*ZdTEGgWM#Cdg3@vOQ-wM2**j z+n(kgbn|&KF{-RFosChZ*yJ2tq&&e$L!vkeZgVe5j(ZPG8N)w>e&{}4F{;Q~c(hCr zaov9R`@*L1vgT}W;h_~figI^@!CSjj^pzJ|j(MmYae6YW&{>e6P;VYTEjF~$<1|vc zTP=5+w@>cTdZmJ7qaORA?}^0MYs$Is3~RZQFc3I7S!Zs(PS(mpMhSt52IvvN*^x@6+Bhkm2%K*nkKLvR{BJ-8k$+~Q~uddG6 z@e!A}_%6aAf&GOSPref>zI2WEQcn+i25i{;au2#-8n?f{OUGuM6Xdk`V;rvwS8}v1vX5eJ4^;7Fi4u!Zk{4fx`BfB^6J+gl|;@8<5|B zi_qL|X8KSu*U+TvT1g+-`U?+LbUx<~mVg$e>qDY&KzQW~jKD~+@b-6e6or4L9EC7T z8>ZclfKF|gb)#0l%>Fj%4*tWDZd9v2v>jeDC>Zgo;LSHWHUN%4&jtps10%=zh?N=n zR!3lTmX8={27<}V%NVNWIC?G~-oZV@OD4PEW72*^i*PkTN2a!A|4RGkH}12uk8y_r zv(a5Tx^HZfp3LYSV(C=|We0{dQ18_Mp8Xn1+Wv|AN2c)KihZ-~PUIUV*JP_FK^w$} z=HjZo-sy6cFPVNY%QdB*$cEp_ef7Bcp)QqgYaD2pT&~*U1uCjC!t$}UEOC5+8|erO zB4=W?K{;l0Lo4c$ijMraUEw`<)kxZQtdhqKM=u|uyM$CkF_h%zk<}DRCy38VMZ77$ zVvy6|B-}Or-Ms$F6=ONENi#2_>X4p*U?ml{se!LvaIM>myiSi(Uwd8a+;7pUH;v3L zd62T#cfbLDCmgxrrG&YAo!L0_9@woM-BX65woF{aXSxw2xaarVMKVv})lUT{zGT{+ ztB#tVZ#LGhuc#~1LFZ40-(;bq8Y_-W@evogu&QiSO3TDS#mqO0hWa942!m;-PILa5`q=7f@y#)^cDE5-wNq z@*u4t_gz@+&~u$bmTy7VF`jCB2}`(17h_ntO{N9clpKJX5K3JnrzK=?)xQudx&k)Bq{HNT`RF( z;rqy{K{|I)PaG@5dkc)ElS>b#zvk+|LZLx=6Oy>=8}xc6F>59uqwFHqHy!An85vctfM20>U!F} z$L2=a6Cd=pf+bnQ;MfH*v^vY~EL~Zx0Vml@JoK~nF<FGTs!9~t`BB?#u%zH*PEGd z%R<)!QFY3+!o1cj)ja#Oi>>V|D|@T3N4dX(q-GVw&6wTr@j1 z08uw7`A5g*H0(^ON?qu=_c|2n4Oy@5P)Xen%SyOXU0Fr3wifO;@_f#|H&N-19vlkn z)U~2l7;CHXjLBnZv~pSl1w5)hm&>HFUxFcbsK;3sYWrg*@S7ReBijC)v}9gr<9)*=l4w06McptW0frm{zYle@wN?nz9% zE!7~u8fg(pJaFM?Uu;sh>8zycV_bff>$DFSZurMqR|$`$%!tb{FV?bk;NBM_ilS(tEUP4%g~3ctysC zf9_&1aM?nU5eFacF-r4(GGkPb(Z|4b)xIg8t#FRwo`s2noTg%X* zGLB8`s#{dy2tVT9>D%3$pNr#UjErM-jnL>_u=E39Y{*{f>u@n6Dyr;t+vEMJuOK5e z_00&?WV-fXZ0j^G%Erm9)X~CZYo|_ESS>X;zuM+hnO&g;wVxJ+`aw?t*NrLWBjB97 z2-X2Si;5*lV=X~vx}0B}2+F>PYEW8u5yb$ufF(wcY*R4}RT+uKnStpIQi-$5CKO6> z?ZdFe)!uN$H!9MsK9@cU(UHiF$ z0q+;ysxamwdROcB4Z?-Tq#J+hqve+eUM#E{!b6FV7g%8XU};d)VV`CNDaT6EvJ_K znX=``#s%)dpWwYWSn^u^9^QL%{QbSRnLpg#8y_Ku1drjlnW}7<)08}B(V#?qjMIHS z!nXnDI5`Bl7(OC|2v^BVe!_JVm{)+uG$hK&Yfzefs!T#p0$#`+10@-vkrVG@^;xS; z%0_mqQ<=FSA7SU>cusk_@Gu77peNRq5jUy+=aP&u_NZJkcuEu6dS*OSwO&htD@L5S zCWU;=Mbk0hC3VVRO8sM>^x1Vxn0kuz>Sv9GC~7{{C{S7N$Kjb|fATnb=k(s%T1wdR zi?UGkm5O-#{$(+HL9Qly}d={w(0%aSG~rH>kZ{>9G4~!R5K3s*F-M zC1*|EY*rjck>@}d>f%|dB+qVAd7Ud!x%mi&OMnB@|@OEOEgsE18M8DHr(>inapvq1Muhb^sYw@ME zC!Lr=sQ9Y=51Y0_WcoRsq=kk}~B$~s%cvLAf*rNCA6SxRq0u>)nU`=Ob=s>UZ; z$7v$RcjaWB+i7QW#?@Cv>r}lNjQl4)f-$k~Ogy?w8PkV$PV&-fM8}X+CAI_aHC7|T z+67iF!S4h07+(G^O|!df3A2jLaDsy_?I0zMls+C(shGUqv6z~YSnefG&T?rED zp;q;_sS9&UECSu?2{)AKNcVr~tV;{08M1KI09^wF3TLh~U+?0&kI@(sT`J2RMswz~ z{>fN}!`(k78IdrDKYzHHOFvqtpz3b2JLZz^f>_c?dq?H@^4hfQ&6*-Qx~}CZ*=G!| z#8EqF&q;AHj3Q2#wZ20g4)dk5_*y> z$^)#fhnj(CBv*!|bg``FrLUdKWU>ef%_2l%U6L=nv33pKQKc7sV{@`v<7C2#J^a8$2$?V4A9falbUJ8flKa@6yBVxvxWo7$(#^>7U>2W?z{8??6=?t!hG zjkw`;S|sj36W!PyHr^PaYriP%P#sTdzL7QUpC;QsWz9`h`v9SO7F4kEbfuKFuN?8{ z%o(eLQY?oOEcw%-an2LO9U+05^h`;+}kfHQ^U!ko$AS!*mD;fRnZuM+tUz9Snw;pb*T^#r!J z-X<8qE0v~;$@4Gp>no^_Yr_(pKGF5Hy*&5)33TBfOgkY2K7%I-+qA5J|Kk^Z6W_*MvnRA*T!$(Zt z@?%>gS1+S@!H*ZMX{&JJVTDDo$Mqta2BGF?_z!HLk4UB&<-V3NJ3D0mBya<#_%E-vK#s+C56fI8U0=epMu zcc#z;{?RSuJ7hC$w_PgcO0VZFj(nZyqYBoLYdL1G$A(x_WO&&l#+*9lvAE&&OTI&) znoXaLz6H8184skNs0+P)usfNzqVa~0AUvbR_qmOK3tXuxAWNE{+m;K;K-M)^(zS3ffhmVJj`!NaerACU_XXCvE&y1wi?_F&B z-gHTR5}%3cAV51G^HOWhGLxWfHww5nQ_!hc84en&$&`;-ma#X(%&qAdjERc4@Dbav zH^!HfFI?5iN)is&QKQRT9Noiea-NVmc$02a5rxWabITpSs=8p7@Mgfypt5OQ?{*Ss zvt*O0xx+lQmRkHIektlo+=`_!AMqGTq%qxSTrt&gbF4T^Vr~;ly2)1cA?awKdrR^{ zENLrsHh?u9`niWz&&I!YC&wqKFg|5gIk?Vx=6)}A zW^4HQc{q7^2L*X=%1q7JGh#n7Vst>fzx?yXZi=_JPQkPD8&4cIIQH&j%K^8}Ik7!D zYJ*?+h*N0rj6SqYg4x0z;1%j@XVS)SwT=_0aLhYOB-Ubl3pXh9vP!9{1lNF-R+xE> zd#;*UICtlIA67Y|ZXB~MFu37b#b%0a?{cBnm2OWBksmyy&1=_R5k<7boD`!I{gRWE zMvq5fE9OSNQokpgbbenepzM}fN#Cz=)XdmNIa5KS!*kk3sZiQDtM4TT<~^Gq<2tFU z;m|f*FRheanSG7w3W&oHOb8zpdS7YtlT^e@W>$Nn7CE}iZcCcFUE#?Ed)8FSo1$Oh zjCc28mGZynPof_+Df#rL@Fb1Tc3+^^p);jykM zTWgLo`kS^s6c~$6{sgC{(JZeC3u3hTN7XX?R*+KXaGaNn(*R2vl6t0BHMLBLnQm1k z+01m)t};7}mQspMda`ti-J|yVQ$KST&#Sbk*wm+{#XU*4Ob+caHdgng9Iw-JF~PPm z)TfOL)q_vl5OlckIxY+#kHHJXEBLU3k|2j8f3^TeDdyTUpA%wn2eB7HUA+?d`+iDZ zyUtZqg;E~rZ3Ab#9kZx|L2*ZF*)eZfmbJLH^~gtMUYofm!PGI=8l#+#&(6J@(L0P0IZ~Np zSe(}$l!N~9qeshRwuyR)#unFoQ5oHKatig94u5;W+ z`!&KhVa|_yMC%~bPGftcHlbFW0&kPvR4`%QIsmW9r;n{wp_(&c!U3t9UJx-duNx$N6dtbZ<~Xi$Y^i^cmi0z9D6x{lL;^Z1{}tD| zeqBB>RiWpt7~>e2Tr>g$xsX0gN=I{mfsce)dyG`5%O6b0BM>kA*Ap)Qad@t{K4g}} z@q=q@8^HxQO?;U6?gJlD1!t9Jd(m+)8LSh;w`dcnBY_zjXK=wpzp)A$S+qF>2?SyM~S9bBTwQOcsx_G=vim|S_ajQBv85QmYD$}@o zk{nfGeSXM6^NAzrdG5f*8lw|c7MKnXVd)+>AVBBGuJD$<9M5U$&2Xz<>96UPx}0 zxkufCC)2BHI<&ufm^TRrS2tj+Sg0`>h(wLO!juvp_XdXPmx!a@5%3yAQ>sPZ`>$N1 zXx53io08uDTMP&flG6~8(#CH*=P_T3-)8Lw;oR?+1m+p(7rGR|6S}>z8dWjK z8M!rpvw2cw?MA#>coCfk(;1JoP`qkDhAHm=Oi6!D=E1sSVboYAt)%=l6HUj)fj*7N zx?f51pb_i5ahYAM&p0vGveWK#*(DE=rZ?^m$Ucu-9-2)K`>QG=dTe`=&-_9_5BPS7 z+IH8}s3->7=4EK04eA)D*^BPJ>w43rykjO(`;$FimAYFScu58

J0a)sy)M4djqH zv=ze`Pqk~0P_kfl z=F^o%6fLelyKvx#*877}irl=-Z87^vF5TIZz{!W^obJl_d`qL}y}5GSqI>T1o-MN| z?p_SEWdp|%H;hwa4n*l40X3UYCC+o72235mXnFvCS^qQFp6+pQt7%q`-ac^eH9HR< z+g`t0pTzZ)`+VCmLaxOrF+a~}F(#krN%x&Dwt2oo$M#{mCGpaQQH9l4iH}u^(J#Lj z#8=HVIIZNDPD&Ui*%;Uw`#*FjB+Yl(jg&b<3CN9l+qkEAsd{^`C{TtO)?kU-4SF!! z8~pVom}&QKr8^adzi>{RnZKU5N-fV1RqiJixm8FLH9~K%^AT5T01EnJ=0~d+@ zN%!#|uErSjr%P!0c-}L$N|0SiOnG17pKN=Faf>$otquSc0=QyoY%|a&54#c6ggN$g z(3H8Zu%hkE+*dfa0W0qp>KEdZ-!P70@J?}Tzz{#bTnueS>H&ChwxOpzf7m$pnrAPX zD*W1fdqkm}neUA=E^FlE{tAs`^Dfy+Vpht5sEfP-CrveS8pAw9y+yVl zBcc6Kll^vsrIa09A=d4e`=IQ*c@JhS`wni^P>5R|!oz z#%J^f{0`04B)0nMclSPY9al7ueHL-h+aW5&cCB`3hO%hOq&(K3YzE^SAXR2_x*nd6 z-ZmR-^%$R z`Xc_BaZ|4R?POQB`&CLW0mLP7_hmzPA9@nB9SbKuK83@ra=uRf)`(l8x*(K!09N)ka6QmPQ|^rW=qfgOIK4yO}BVsi$-5PlmrCIt44#&aZfs^t0ph zpPTr}PHIYyq66Ftm8)f+ai0Tq(&R}6;B7YV75YA~Tx7`h{(ti_i^nkwS5dQH(JMv7 z7`;+~?BkD6W&K}P_VKT2J)x&P5E9&esn4W3Gf=)>>vnm2Sy>FKAy^|ZuRYE`^&GWL z`(35%SjUsNkYsGPTc>f+fd8H+=2cPXD#LG>OTSjK-Ag9l*AbT&y0`LBJN27px38>d^F8Tibekh<` z0_r88UjM#la{jR#CXkd>?!Lp&&dt1JV2n_eSjO}jC#6U*kQ_7D#q!i#uFhu-pX@-T z@uJtVijJ7aX(!7|dr!??sp%qff5b_b_v)Nuh?NKPXkky-R`KiBm&=Rf6k0iosuo9x z3dDK+iq+I4CuKBh-wU&biY-KU3m1B7I+A5b!ORy1Ywl&G)RVUWV^e5Q>66HW*DkC< zKX8-sSBImnD$BZBuwr=txQ*FCd3|l|GF-SK3?k8eBox?lp}MS+b2}v$d(i`ZuAk94 zi{4}8S^hoMoS1Muv~S;|yi#ngWx!HGa;8M6RBV2MiQEo~ zkZ=k(fp0Tj)BEY6Z*~}#h&=c7=o*Fn$Lr6I z1Nb!M-d}i}eXbMTU*o!DrXsW>dF>jF#}l6)_eyGeM<|L-u%aWs^u)exgzMEDhW)1V za^*pnAo3%wWCleB$P4$Vi`;s;TnTm|=l5a%>d_ZN*&=`liMp#s?%P0gE= zd!GGQ?AhRogPXzU`4?n*9PF^FEc=EF_xy4$q!^kMSLIiv(r= z@_VTq;l&x6Sp_P24o`;o= zA_-s1u(Xkw{%E=<<>#Kor2}_zY@f@!#a-)8jH%aF0)j1rYvZc=vdCe%>S!u~oj;&K zIY5eGt+HcTQVwc?@l6ev!Elz3b<{dHB@y~EATGMgzQNny=d@jWLQrI<(1zr7>8>{k zUM6whiTjncl|_H(bE{CgnzK$0_FSm$E#V_}gmG;6h%O?o3kBYS6mjY{-s?OBz?CL-Phq!8wg&L656%4n^A*Ybh$Niy_oWBxWY$Kdf_2$59tJKp>>A2(oxu)IW`1W&!$S4RG(Lz*=-HB!$u4YOam2q z=}%!t_F#?2+h?`IUuNx!mw#blc=g2b(ur-wAx8R>fgNsyWGC}{jHpt*dA3}QpTWxN zn`QUbbe;xk>=}k>IwA^fbK=Ol0Fsm4%M07NR?Ng=R0Aaj+R^>>>2$It-nUvwX{BFB zSEhGqX8XA6eiv#4f%rW-M0Rm{VDAh`GW5J?L+hfcYmG&P=9@VZjnb!v1x%yuW zOy-!TQ9ERAr5f9xHq00|*|zv9!Et7!Y;k`5kn`!DhuQKj^(yEtB_6MavN#2+H6H+V z4!|7(cr?4Q_NFn=;-JEmsN;0l8mUH-ONb2}Ar^0$5%HPEciHO~h>w()z2?^7(-NBL zXNp7Vs=J5mDHt{Fa*>dK9m3}##tU})yb44bt@)htyvh}^P0=OXv{5|-8_f=>M zJkvJyfh;CvVxWOAXvD4nQ|O}6NCb4uy$aO;^IDM7vYtMhb`sQ_uy=D=#&7A=xsj(m zD^<}j;%t#(%!Fz)1LMtW%9+n=*d*D{D!$dm+VS19eSDG#Ws$oy+dZ_K5xLQO3nw-fjJuf)UE41G=2M^gMp>|kd8*@Sdweb@gz zw;a?T&PIL%w+pEI05Gjk`*0ui_J0N(QG>P%SE_hKvWxD{{Z0cqs_Zqc5i|0`r~)~q zAy{`cd;onv%PT4k)qAM76#qkJ_=o-)RgnUcQtWp7iwkuXR%u0c4`Oc5_P={=z)-r^ zX=;TX;Ow@%N5Xql;?<5fYbls!0v@KG6%Xy+m63*1dxHyCi{aIO9b7dz_E)_hcz9o3 zVRjnt9T%03wdIx77-)gz18CNP&tP=}3Q^>T7>IVyto@W!9xX$3}v~po|+RZ2ZdwZv-J+B5@Qs{(aJFsq)%BB;Yuwr(0r)f z$7Y=R`cZtEBqx^~e3jVe_Z&49QEuB(;50e$4(vB6-1yqw-RVuPR~@>vw7T0~icTJ* zkwGPVG|HW}4UA-K^71vdr=Y1z?9gu8&H)?NLUK~ZOVI@5!;6pI(3YUL2S*u7Ss6|I+{T z4Y~lVZl;DqWV*7C`TK20NTizD>fk0>m__svZF9*6$dqJw{P#uy5=CIPi)KR|nu#^mSl zEV*S7HE3@&GJ5nFQ|I7OJL`BGy*+(cNk5|f_r0`3kLP{s3S9baV+sovWG$_XgEZdM zudZeRUUCVwnJ)H=?=Mq!?>kn4VBiS+KaljEp)Vv zmU8$Ae6~zDoQfkOU7<_Rm)|$s`1dhF-2hg?*(?z^E2~ot37O9uKhfsz2nsSeD^hx`ZF{~CB_X}qAaUdbu@h~&)l7*FYcJNt%BFU zb*n?R=yRo&##FZk(x7dbV|KKCE{R%SNeI{p0Np|ovp*+R8D_-th>1x0WtuwdznEXY zN_9$lv~s4jHREC^%Is8fX8L)+(N)J`)I&jEST?mXdrRAhW4`-TH`(v?gp;>fQ}Yb> z?W^bO+BT@?Bh|VAsO}lk)%ENDK-}4;mG&}g*4FcNy1Q0rY+;65zh?05{7g6hr|^b`NXK!nM^b%R_eD~QoiTGC zk9q7Fc~K(z(^lCfjJLs(S=MC!^V4U7Miu#pAl7pUWt*Job~A$@TN9c$)LI5R;D!Gq zXMp_kM?Cz72I-Gw5F>;KBPYlru#vQIEL^_Y$>FHM8}U19kaRB@kZ3kI1vrE5^;*iX ziS*FIv3(~)Lldx+|k3EQjd zl0V?X6Qw*;)0@NzPG4t&S0DP#y61TMzEu9UvJ{-Z^7#X@=ROg;=Mo*}a1w63hLOrNZ?w z=dbjXJsP*{Ez`Bq2gB$_FP+G}RKN9tH+jw1XRo_eS9z~W_i@f(PmyiSZG8>um3|JC ze0We|pOJ*IU9wf&pic`O{VsQN&kW-T;0lOxea6X;;X|U)jl|6~mE3XBN4VWgS}ay6 zH|I(fK7wnPZsWc#vlt#ErabyG$95P|G_&!Q_D(eZ=zG{FtTbI-y!v#t#%lV|lZ13h zeGAzPf^XlznBU6b-|RqCyBDK>^;h=6mnGpcH+INX9xc} zv=BaXjgMIFQ{%AV-q8fwlu-N_o zFZ}~zEa62BI4TFjUK?3Z8^HF~8i4Zcaka0Kz&`S9H*BcY_0<_!2ait-!0yK~;30bt z=)3?Qz|w_U{g!`i0lESFdVrK#D|t%(?+3HMC*l3>aV-B{sVDfb%mWsD#8EHaTllTe zfR$X*7Pz_};+==+aL*)1iaSA*cF;KdnCiUvYi7O-XfqvyjXnawYSal2gD*7@JyC>_{!*dqPR8nf>#hLpPt;rsUXH{(wC9GLgC3BN>M3ouELh`Vcn(u(1J zYZkumM@!A-!XP zMT`5tR)eZ6qcNZ{^pNGH_PUUK?zwJgmq}O2Ti+#hT2w$6Ill7CDM_8T^Jydl%>(tj zF^h|-)~Ey-bZ4^8T)(3A8S>ZEGper=Q0yhxU1}^0(k1`-nhHqLi(1LJN1gEsndRONu76} z&?XKs_uQ-d?3Hm1cO~H$(xf!9NTbp3HwgxEvH}i9l0cgia0kPwAoHAn`ztGz&YT!g zPBe^Sc}V4#00{=n_rSW_OCINMHRj?3xW+uC0>f)A&1A#j%ZiUQ!xI`ZF+mXrKSTY|UfemyahSMmD}e*a$bd?A)L zv=gRt37XIsVAYGf-b>r)PCmv*;NTptH?Z7sJ{rc8d;bGZ7;0;B@LRVfPab6ggEd%q zKf0SNY*ms1d(i;H);KdAY(8%m8mBCyx>ZQm*01~ng!hNPqFO}RHLwqAF)thT;U9-I zfSFd7a%dBBtPAcpII*+*5bNYchc`-za9+3jCDigdpeE0>gs=^1j9NS6Jy@TdZU&Z=h>t0cmAfGwh*@*4q_9k zYnO=(ICA)}!s=NfQ;$>u&j|0o&xn=tlO?LFRN5-MabawZBLB?}>`l+#?7;kCJFqwd zj5fTW$HI1Ct;kmZgsLPcZwnT( zMCqjJ0vEy#J@M~Vlf-b7T8Z%M-9#NHx`$<2w2Gb&hSgCd&s;ot<;fnO6sxj@wgk_j5yI7i6jJNrP1fD|b0@uh5{674 z_}3PG8Y+2bWiMTA>p8Fl&!^ond_=z%Y6&()<-Tz5hG1<@4)JdaVl;~5480~V!U6W4 zDEPz+Du(A`3LLJ!Ht4hEc^805Bs7B@Lam7WKkU7CSd(eiKhCTL6_G(i1ci(OA|PM^ zDI!^Q00AKa(uIs7AVj2zfRtxciqwo$r9~;yiAqN#(nW+wml_hP)PxcqNb>NznRj<* z%k1^teXrg3-Ru3$KU^VKo_0U?eeU!5oX;cjS*HIDlYxJ}% z@VCHAxPtV7le(~hB^ks|nISvR19HX&HU@u9V9cnCFs%H(f1wut7~17oAn-k$Nw2f& z`Hpebawo&2Fw2*E&ZQ1HRn$=|3+;t{vG|L<1#lx(nFq>sd8KRK_OFgRnVK1p)4VWx z7NqXPQMF%b2Dk;LZx-C*zUL=J=WB2gft5$HW_=6%oM9ho3NYi}f3B9sp~aj74&X%^ zUK;ec!;db}Q%E(G$I+JFzQ*NYxRl=k*U|=WT-`qQrn>8HiU^bDFGC*4if+3Sk!yB! ztb0&UBfx6eeKIPqAdYx9X$W39{aDLA;#ft)nb;u%8=R+Jw53Mk@IdD4F%;tfg<}h5 z@fmPW&A~*L0Fp*p#Dh5|{!hK8Co>yd-+<{iPY%-10DT%r+x?t4Q7e>(BtCWh0`sZF z-g?fK(R`GkB;BoR{>7WJo)ygYX1WV?u3(a)BxjM4hYJSN*Q<-y;4*k=;Lzy{ummcf7MNE}zzE#alW|vKmHXqFFX=C;& zzu<)QKK9*oVIXlV-HXUhbeRRl-$9@Nnl9;`>1&1}t&n#L962#9H?|0N1*}JBhc*h` zL5e+wMK-l80ryMVK%7ws*=*^ko`l?hHe1x9OQ-*CW7>aB0o?#8P|_K@7z_&e^C5HK zzATeQBE7~53ti}W1>{+_n>}{kgfx#rQeHw5Bs$KFohio0QpSgq*3CwynI6z8h852D zQ5zozy@Li-k&t!G-WG!HzHc7Ti2Go#_lOWf3bdRma2!5JPk6Kp+Bj%PGxifbMB`(g z!(Mgk{*46%GnScSnKz0%i{G8$|P} zVeT<+!ko+A=vbFc;g`UOJ&c5ET2LifP3TY?DSE=J^(YU(A!O$L_J#Rk;+~mx4SXgl zoWP%7ATJSy7Mwwj^c1sLl&w}yX(|hMiM-xAijjJ{#XnijR8ADRE^50hmtV_`RFSgL z=*cs4ENezd#8ng&xmWt{)$kH{){}EITc`77N{o(2OKTaOl4e?FN^T~>z7FhtqX?eF zOapP~ceDk>yw|1c6=9iA8_2e_rFu_dm-)>A#DykMbS4>=ZsLHB6#zzt_%=}3uhXZ^ zG3(r5IsEwDI_U5D5cn}8F6=r)449g2Dj*WQz{w`j7rX&RJQz zSrf|!ChI9wH-H|=LM;PkxI_pMT@Zp68}T{U(Nki0gzM4FQ{ws#V5%RGmiT_#Zi>3Y0ZM2}IWeOtGpL zGZeOCoUVm<&@RwEVk7>6h9v1Vozv9tb_k{a8ko*RtAW?N#L$&<7cUfdj=&E_W~Ajs z*(MGJUu@tuioQwrUD5lD}KSz1w=sua%? z?n843yLB|Q=Tc^5qN=#v-5VJKOAeo7K65jG)!GJL#-pHs?~pe1esvwz;egupkdWnt z$En|xi#Rl5qxw^yqOVfzQ^gQXS)YXuc7Hdpxui8RL)dy#`9gUCQv45!aSw81& zZE2-sDKP`1}5d>NGa?Ptc^EF97-P0Ad! z_}b&fM}64VvqJzDw_NGr*-^ayP9fQtZIc!Arx(=E4ugJWj%NLj&XExIxgunj+Xk05 zg=Gj)hZ$g}K7MOGUI2M81s2B+jfyZZ3ByS6K>#?wGAe~?4A4_7P|#0-eRf!WgKInz zWmF4&K8Ip|!~Ne{edO2Zn-Hwxh3wK~DR~cE>QeV)JTl|FM1)Io9F@ZZ4*5BiKeFyp zaz1VlKoJVj5O20cM^;JaD`gZFKD(>Li>+gp5$wvl*m4C{mIdKdtK+rZ;f4=0&pOK7 zw^(bU;;KWLI1eY)sH3qlu|wt*bFvjt+E0hsUHFwS^^PSDI%4iZJ7fB0s7-U?bgWS- zs|Lk?*TYvd>bV@Pw@RVVoGeeEp}FDIwtnBIx2rU%Dfayfx?O3(G+G<=IsQtg{6cZk z0M88JDN*aLOj|5+>|Iamos6o)Zhx}z*JIs5_ucZi=bJr;&Lv|L@1x({@|Uy_0g2e( zASzJFBs&E^hXxxM9|M>TQ%ops9ymYS@tpf$SIZC|m4)^bIer8rmdsQqhG=~HCjjQJ zqR#*RmwYrYgb#!OlK(T(oKc}Dx?2MKMIN&OXq^EA>*9-`JO1}44uaSW$sgR662SPOa(Xp{yqoO4$=ABiXC zf5GYh{So`!Kin#suMP{VDj-*0vmBtIN>HQKjJ=D9k=o#T62IAc`fFI$9)~~jjMENa z8`=)UY9B>NwnSDrhU0{f66|}n!9@ZaUpaQ&{+X)FACZ_7s&wW3z5ihjDGMDSNnJqU~{h4Wz^Y5enyNB|-8!B#tw2CZQX zIb|DMS4eAC8(bCKASe!w-2^ny1rl8s1xs?*La?M+E#VNXT$6gHr&`wUB1|ltTBp>5 z7M7O7p*X5BQIl$}WQE=iL*LU=;>WyaVC}`7JGD-E#P)k6nZ6?e{5Bg$ zF`XYSeS^(YYV-s~=C7GOZU&Vxitq}+#-j`2Vu}nx4R%1t8kVIm)%SNZ%hK2@AEdkwtIQe#U&S)I6mEy-8$FVmUTc& z>6lEkZktnG!S$^>)B~o&k|CO%m5mI5SA+c-6+U7eMAD$2 z(F{6NW);61oT3swJ-3O<5G~Tk0(MQ2(uV>4KtQ;^8%OLdiUtycGR}SMx}|!=D6B}D zSwQ;9DWs7$%-RPMr(X(Tui#RElcm4`6JSuwN0|-Y+aQYb5pwPxN&WKc;f{YzU6svt z6_3J5<6v=@qBsK!NQrWd$U+O6k_`=FIj67CK9T;5x;T3o(Sb&Kh-4wb zz>MmN7!}4`zUVztyzJQIK46Q;OHp7E`>{{ay&7ElakbTAjA6VpjgRkZzxHEwoui?C zsdrLxY^HiH=xd1T4yGjBJ2})M`iW`GU0Suczkgo3z%EhhD{c0U)Hl&LWUo8vMmlz- zYnlYd1Ul(y7}1oP~A*$R976o{$h7JhTo{$ zPRqA8J@A^i(U}yDJKnmdBW{v1$6-}^sGy;SAY0{o&0UYHx#_jJxe+qCk;k{0Y?e#> z=0QV%G$;M(IUBUdz!1l2lZJp$8sCwVoF{$WIuDgSv$b-bA7BoEXAC+=k3m9R>Im#3 z>ZgIJ_=qm{;9K9*2vJQS99S#y!~T zs;TtMUi#&0xT_~8-{fxRd}7WEL)sx^uThjwvX-G&MEbMQt1(uJ-FG{!+u0QX1L!?$ zS$Y=p1xy@q+3MJm;f>YnQa=Y}esz1RF5=2ic;t7M7TzMOKURG2On-2Zr(jUEZhv3? z{wdvh*;NhUMzf|d@7<;{0UcFTOM&cF!mIk87s7f~@m^=K9_Ear7x{QnDh(H!s57?s`n6#L zZSO#TGiM%xvg2~wR|48(=i38za1Iq3XKZjCSP*ndB-9fk10;H?O#I!laT@2~ z%zUR*iLSAGzIj8K294w8Z+jF{b%cis?7sTMc& zpp1C!d&i+4-Tchzzs&02wvp0k&9bZ-H@c%5ER!q{;}V}D<7sOUr!xFG%iv_zj{Xy2 zI^vwgkA5=rUh$S!&rGe~CrjyZKYU>jBxroN<)l)ki0c*R(+E>>UNeEP`m5s;1)=pO zc{U|l(94`YNx-z2G>uxB+hj*NG9@0hNvwE0TRY*BZq&cpV|d# z(QxD#gU~&H=UFJDlSjy6x+(!{IsZoxM^vKtbv64q~Dy|w9+u0#b9Mvi` zbq{}=H}_d;1pb>RH@uU0>x)lEXqW`2|M>of)D!Y|@qGJUsoXNEGiqp4Z9H-yclm3h z`P0tl(@O?>+>r{>NIP-=OeKCcl4StPGZEj&Ewz;5qt6O%-7|XSz04x*XP^5#(i8OB zZt2LwDcIH^rJ$bRU_~gt*0kGW$hyUCz0Gr9UPpqNE}0x}KuJP}yWblUc|DbTw2CMQ zHKTfhyqgMv*TW4{kzT^$J#_H~7bh9rNaR>(ND|A_*&^tbX#(;SKB9naNm^Ni){W6$ z7OM}jPW)4mr++Ct_>YtS21r0Pjex2o4hSK0fP%41AMyWnrqT;dcg|wJuw|YEAPg`C zJw$lsnokou;x&4e8$?lzWI-I{4^fnri>oqKb>;uF2o}u?jf|1jE;P*nzwX`)i1T3S zGVjz0h?cnvD-wuBWs+41f5eG7$;#}5NdPATZkseuMX%&)sF>M1ARH`0g}x@<94F0R zh32J@le57~j{;BlPS(EKoH(-nts_x6kv<`p-2-qdWrQac0` z>!$*}My|u^9DqP~Kn%_@0CbkSGrSFiDRpEg-6#v7v)r2a)Cp+57(Fuxi7!`H?D^^W zKPr$s54^HJlh0(g{gLqg?jMuS{9$^d>!Yjb@FPy?%m}#*eD_<(`d35Ne2oNHMHacj zVc9`n1gI#aSg6)%z6GM(x)1g-{mY}D(1SDU7XeTO;8ueOOJ=cCf}d<~-9Sg8m!taA zqex@tjgi_{lyxg~DjV<=(PAV{#2a9^R8NC$oAu<;_rDk?bUYsn7$SBm)QDwe5!Q44 zc(HF?UDz=`E}S-KI^Y=64V+Z{1wK&C2k-%AK2MMs3SASkrfD{N4m26Y07kg8vFKVk z2(fKSx}a$E-S;3Ge`SN~ckI6P@M|H4$O#b_c3cV?`6x+5GG6y~O`;Z$wnDQOzy-(;V-OqV}Ub;n^M>e=9$B;Di$Y;u$vO+%#X>oW!TG^UNy4ywy*GAs8Y;ftK$;kxR zgw%xMNFeX>8qWO)2IIHL|3Azv{R#{9pBnk+{;u~q5HY;Xna4VUQDjrlNVi!Yy)YvpLQ)-S>X`H-n+bFv7VW%an9iYkN?sGD6Vn3<09&pt38|y%SDtk}Z30UrY6demiq6DiP z)16X}!ZW$BQhv$8{#F_pDAsx4^Yp^b2BFF#Z>w4{zV@o~`IaD_7T;@MXRg1cPDA)r zIVpZXzgx-qQtOdv%Y2f9%+uYuDJmr*x;C>uKa3k?$yH=Z3AW00k4rflS@SRP2P>RN z9!tvZDO?;6RPdEZdNXq~ZrORo;WNbG!LtQNkx=bg0$ald;FIwnJ5E^wNSdo5{weL+&p_i~Gl&^b!?J z`kwk}iEpts%KP*@Bi$%DrNdx&+0#)mrPHAG4wSvk&v0eaC;X$M_|5-SjnY3-n3WGc z9fP*UXP!JRPR=`B_I$MO1W^7`ko{05PTTMem4&6Q!d z`b*4LZ6i~@T;O^*YKS_qRCvg0M^ul7Pj4cd| zsj3hFEZ+m~BelSTv=#*TQVQ!a`6vkR6IdX^P=T4NtP&XbJ1`HCfJPXkwI*%O5CviJ z`u0h&8=y^^*!vlo{j=7r9&-BogfY0~Pzv46jQxVdtOK_J?yKh|EdKX`SA=E-wg}K% zNozksT1SE8Ar4l1mrUVwBDA{2C!^!o1?=h`=mqk`b8)f*=*1L)^Hqag3|SbEMcxy3 z00i>9TEOg{6~emM1LUj@V%L#LYzJ!HoqKHss*yvF%_`zq{F{Df#=Y)Co*P_8b`h9@ z!2pT$u~$bi?4MSExY7=6LSLH+o#z6MLSlb5quH;Z8f_r%T0%|%KM$0a>^2^8;tV{3 z#*$i~c@NMhj-kyY1`-xsydh+owEp%JemNEJZZgnE8PfFy){*;IBvmPKylI20`UZMt zl>LPDlAF^J0t-!$yDZ1l@Qfcjp|Sk08(d67IcP;PsyYkkG@hKn0r&Zn7n0VkKEDSz z%uPYi>`UN1tT+atGXVRoN?w=v<>hTzoJ4kEKtKtLOe-K$aU9uYF#8hg5P-fobA*ZB zxt)N%1CFZKDzc`%!Vl0Bc>LyyfL;pIN}U%393;9~FFo0o=#_cwx*_5R0vELf2)L22 zQY&*d(z9Sdev9V*>T3N5zx)r4=A!>8_JHsNqT7?%KLIoI2>Do6i{gCmXKfS04+-!9 zk8J&_fqKFS5jhrMgf5z1tLy(|e*T>hGvDGWaP-ni;|gd&umoc_^+#P>FvQYk^cWVy z_Jo#8{Yo8?H8i~wELKD0g&;$!E9g(V4Isg&MD`)Da6#O=h%`S0fw=cJv#gj6t`9BX zRBoi@2IG*^zlgP0PJ>zh$O9VZ#lG(43`!v-+D*G=KLI0|2clpKoYR++%QzqL91s)h zEa4ltKXUfMub~jWMG&HU6hRt4MJiR`3{a3ar1$IVgGHRi5KaR)w3{#f6N!S`l;J8} zMmVIANXlY3=8G}XI`E#ft|RF;f0nZZ)*x2Ge>)$iCxqjR9}7q@JKVAFn>Br)2f_mL zafK}n{^qi!=$J?9cB3g?RPB0nkXlbg0b33xq}`%>=gMt`b9*npVc3V#__hx_RSJ?q z{m{gw7gNe!`mAk)Bz3C+hZ&Nf=AQl@9{-Cr9VG>)G40Dk z?uRo)4FH|jRZPMhuQhHkNYC@yrK>@6_E252oU`b2eAB`RiEr-Pv_gQyXYePm_nRSjA<&C-foZnEHHot6W!iHie$cojh5d@L z!Bza4w8R3tT?arv0O;@wLp65L6a!ka0o|7&#BCX}{{fn8LQD!kXkZIV4@3yiq{S2v zI7a=-*|q=d$R&LWIKnwv1Bt`<-Tp zGDAg|V}|>t)_Y1u2IgG!I_2kAcv57Vt~}Bw7UTQ2xy4ER&4nm`W>~Q*O>a$_FzGVoHW5hvVAr?E8kDg@ToMn1<*Q zSNKzaGCTy7U3gf(w~@?J&>v}4bG#YO($c@q240y^21BO`3L$&n=x8HI{W!+3pr`3& zq9X_v&;0cHUUObsePN*;P`H+sxr*v*gUO{6r6eJRGgYOl7%A4#gpx^SG}CWzxFybu zq;L)qBk(E9C--(C`M9QYKWs8&Pl)i@UPND+X}sBXyoa=6IkPf5Mrs7h#wG!Y$BU~V zyb9}JrIi*=Ya;;US`hw9W9(K<1j<=L84Gsn|d9mjg*02 z9^+e@278Mo)cnN}#T19Z-g;>+S7iqIUJyMi%L_6qi`Etz32TREHn_gD06fzfgMN9R zeHl^zWkcVx_5(Nt9{7-xY&$@%`fPCJX1(ubm2C%KDaV7|bP~y;;pebB(PP7O;DmNV zD_+k~Ujae8^(u%4m;}^OnBOmxIO;g17I2!)+>oX<@zu+GtV}+-LMtJ=B(G4z1{4Ris^q+tqbnb#KtsowRX8mHivKqHn>;==vHFC07xDPM-~=1i}-1Agcl4zj5{a; zGh6BnEbkSayw%Gya4|G9NLo&3uQdaagcTdyLx13n|Mb^&Hh+$!|3SC%7ohSF9)PM} zV2go$N@W({GC+}2Y>B=S02C7c3ls_fqWkI3aienl-1OfEi2uSE7kV!!bD{temHwDs zRA5Ng_wG|AG}~bA9la zdGODTZh!~?na$8*5Psk+GS>@2grpIZ`#xxP#4E~XR^nw76%X_u)+)vr4e}O8TEUV5 z91S-o&Lt4N{ur)&x913QRERBzUd~STQK-SPudp*9hwi12;{WGep~k@^<<^Ei+62gg z$t}I9PR`y=z&b}mAF2s3SifIyuiftCEJD;Q0Bh4Z7i4LeoL|-_*Yp2dipxI$h<{Xg z$&g|n1ishS2~H&11tbVKqhK8V5rJL`QH`NGFvn{_lqNigVf-HYf}*EFwW}LkfkZ@y z5T!26$>RVtu)`skG^WhSWTIv%a6AV;mjD#uQ>`aW=)-ki$T5WeCEr(ZYyK(KDj$0$ ze69TNAFzAsq=I*udqHlVUGx9iI5-UayWQ!&ivwY`=e~tRTY*<3*IsmJ^?#+_fk!s5Ti)Ds9lK{U%1ZiPO*Va^BP$Uf&QRa&tYX+; zl4YR&3NINqQ1Z1FV{vBH8Q6p^tbxD9w`+rB&N_)x3-)nEG9>pWwZdQJeDaOqkUfA1 zi_z!Ag8i1}N#vMTa(q=47K1=kK$+NvO&31!l7z$#?jY4 z3c(tC*$SO^;ybUwaij4?@r!cu2a8J?7MeIq8Bxss!#J|2Z>Dxzq7-YCsilUeaw|eTzEkAQ=pxDa`Bt){&tbRHQdN6II!z$gI?w(N#U&F zueh(WMDdqV3jF7@c11SjOAJ0o^uNv=M4#pWb2XBLq8nl!QRqg*zEKR^OK(&K>P3CA zMTOmL3;24DwcKz8eV}QlgWy=@wXz#LnmtwM+<{A#2|<1soHK7>QI_IQt=kEOj)@bI znSQ0RJnC|02KTe_kCw*zt|=8+pA&KU`l|ftjhv+>t>R=GMuLmtDkgWfQ*T+MB5E@N z{>x_e@6O2oP2TXEyy5@hNdJe`()tfAZ17Lhv5N}G?miIRK(Sn*K2!K2aB}hCd7o(t zwChj}fc3heP0?&X4L5+aV5UD-#rOR0h41&2rNJ(G?|RiW^S<8S6Z*1Ya$2piB-_&Q zzIEWi9<sVa>8Tp;%L}ZX3=rdOh3u z4b)!g){PW6n8Cflb(VaP;{`@_Di3%=OTb-T`aM+F4UH5-%lDvCG_u^1h_*3BXn&^QHrXM>$DKpuM+!YWP5!qpGwZT(6A zXhQZaM43Lve5PpjT3h0@Qg%t#Xi!FUBeR1lUXE{UW2?}PKjJxL_ATA)+c6cjIKf@s zRRf1x-4g{0j#X&Io;*->Ml3nEywT`t*I;6}U%}CPBi>ot@cCcu*5bU7GYGrx5 zi_7)0cunn_Q4ZRkS~5F~@fuf>6_f4uGmXL{k>#ilA5Xz{!cb7wnrM*D`QIN9lVq3$ zv4t~QiQaYfiQGYoXYEbOd;IkB9sBpk+-Wg&ka+X|u!^h*@Su?EK8T@*Lu;1IEQBBAB(N%isyG;0zfn2$X5E;+T1J);AfRp(U@cxuF1283I`F`c+>8#UW&S;<)3s8U)=r>nb;{f&)K)uDH z0djul2!<8yFMEn5x@Hv=Q=HmleUno7>QfIg_7KwH z^xDcn(}Z}l)^zU#&5n}OSrl_89;e&H0*9pd0+C{=X45@;OJ-;130FHE3lsG7UY2R= z%XH0Xr^a@T`dV9C6hzt${ar^Z9vC zNmsYR{ED^56^qQ`cJ*^q3g6fDrqC+=d>v<;Pe4C5q}bVDUG!9)VYk%7b7wK{Du2w> zD)3n}dX$_$6c-mgJ>V$WF;`$|RV;`zP8YjhbR}}m%gd`zBFUv7`o2?u15~etrE3w_ z)v@eeQa`ZU$^M>@y)9`oat8iu+2b;ITRVg6%J0HxHT-$?x#FT&$cmLj)H$!hN!W)HS#|dZXSUC zw(L{Yp+BPlJpQ*SfC(y~HuVBNr%J#tz-A=#7MAtQ9)xO9tW$pSbW~9BIlfP}*Ij5X zq16Z5k>lRPdL5p<0>(YdL;-IFEmGXBj8cug?J+-ii;k^Fq(uh{^;-?+sh(Ny=dDrr zzAF)MDH<+H*^{ATUv>F)e43@praQyd#Mg?5SC;-9Rc=y>=nPQVu!$MOKmqmwmKG${ z$l|_Y0@04--~eTMPg#1r%bOM&HV6^!4UmD2vBxsDKVuiI4xA{B{!(0%~Fo2 z2iUmiV0h*%c8&hnspAVQTPL=gKHfT!;xH%rxb$}w){>V4r#DC@)l|DiXR2}E`c7p z)oR-l(i~p})V){dO>(pMh<9z;LzSi#<#+bGSH>N_5NmrO=(6e20zXYXt*C>17vglP z-;7_$+7&l_L4XY)5B!KH{`yIam$sHyU#VyxJl4>LNzHIHid1v!@pNi4w2m8yO*fD? zWV3rAI{+!v_C)5)7-Oh!rxf#~7bZ(OT~>q_G9UJzK3?0i^KSUvM3YeKdK>rR2fB@7 z7qTgzg*TC3{XDAK#0!OQRIUqu*Wls#x|W>}{I2%P>V# zZ$Qg)-y!LoF4sWP+4tTBb;7~QJP!g-s|lX;{7U`WT~DQV(djv+y5BNO4oBo1JKvgJ zv8Z%#*fh-D5?w@WAnx)55HK*F+`vEdKC$j=XaBV6z2GIsH+sdy+stC zc&(*fd4xmhP4$g(?||))qLK34_)~$WbH>XfI1^9}Kx{x<}V z8N|xeko$9U2^CT;G&AlAHina6B@-tSU2|Mtt=y^m9sU$iMqbHLSFf)^!Qoh!k(*yt zRiS0(GRSpO;;u!n^Ei=U@h&tx1c3;7eK&j-ME7q~KoCha1bByN8SplY8_~-<13~zT zjo#prK+(HUI{@I80|Jk-gs02HqJ;AiZWt`)iKa&lCw$WtH* z#!zssq;sf6u7{E+@gTB1NFru#`w_ol-Xn;`D7r(TF6uaa22D*xrP?Oi`*fXn>U5%h z+|%{xZJErdx*L-b1!jUR3x>g>92>>!MtSv>m{nKfJigo!(jM;^X_`9e^r!tOo}e1t z5{pXnY?C~bwjfKx^c@}5F>#u6hX!qDV|(8nO+!3kU;61r%HHCn6qgJBN5}?c?{M3a z%qy!(l#QGAxqourKY)3+bR$qtL`QZXRxGWFGd@W#ik2>S_7_R?4fts?*q^|Kv|23q`|&oEDEy5NXYLhY@BrDaq+|JSl%RB!P>&aA>L zaZaN0M?bKd5k5DwV3Sj`%KNXh;HX7UZ=`Yy$I~*yYfV#m+szZr3NG@5zOV_a|D4Et zdf&+{J5$T!?lcRn9aK)1rI|b~h`n0hnfEYG(kAL?bh;&f0eLp-*3~?NOw~%yBWq5& zZE^-Djqu9rfMlsTOLC&JTsO;X77^wQ<)1iGImWbwI#>xKFqP<2u4bPw>dbw$i;Wt6 zEBf6~ae{+Z86zRYv#TBHKHiJ&d)P@%_3`?+!PRD7i82Lc6Yh1Z_RG!FI%2I#6ULno zhiTZUdN@d}v?%#buckzQTvbI(*%SICTL|2OTZd)vT-bdS}tRLYF_t%M~uL&yFltcRD-Y{W4jG3^L9XrJJkgy==DbtoKmR=S<3Mv^j$@W-?=!^HGU@>< z06hN{KU@LZ9wv;E4)~c=Rdf-*Pt|}6Xi0er++P!v1@Z=`Y<6^*N-MS=)Ojs&j1CI? zvClfcxYe#Hnq6FUbeNmzv3p69x*{TI|H7m}=lZM9%(x2Yj9jN!pX!zZCF%LX7~G

hAo=kcFuQ{4J*-2Edxk&(l z1{hi?j7};(vdV(q#?npfAF7u2+sBActGxR=TwD~8S;o_wvaStISw_t97BnW&hPFdI zI5|(TXC9)n3B30035-2D1m&PC1&U&SE$wTr=gsK1aZ*0DMqzKAQnZa^bB56ErgVMBQfvEoisgYQ^Bmo~Urlq2P6TGjI3-S?KckTy zo0QfQJhBU-L-o}=;J4dD0k-Jx9EpriLf4-a-MeGCm4{~ba7DT`7|+1eiD)Ozz5H1D zkXN87QS@od< zp^UYC%fXdwm9~$?a;?t$(wK?XXLW9;q_#@3ST=@JzwtYNoyq-g<98TxRaI}h?#!3) zUYMR(N7g5NTLuQ2$1C1ey{(9QSy5S8@hlY=o)nrgp6X*g9&hF-VSi78GtpGPkf+fL z*k0EF5OG-6A}t->lvqzpRNHdgsibvbXgn2cs?RWBAEe2_AU3bbjoc_AA@@>Ij0C1D zOlE0-jaPYti^sQyM1KrETW|8jJ673OZT9t&iqWs2H=txDY0SLWllaCzhK0Ml!G&Ka z0u;I<;JcTqlJK%!Egs2b%1lZhOvv}g_OV31mERERTJK=*_nNI6 zplI`AG(y1!*AEjYn{|9QQi3!`)v^={d|j?1Yr%C(OB|ar`r4Y$ImG7H67&P80IM|K z*$>rxe_V`a`lhsk6SE*Urx&wT*{nUFXtCaeWxS6D!12_>N;iNU08h$Pzv0V3=m zFDenf1X0D1woR5kwDCa(2hXya18frTP!4t9B^Udrvre&)b6^*e{QxMhgo%q2*Xyrc zuS=F*LC>+9rcv1SrfziK$uC6Q3idiUa`06-!C@9D(uS*&2a!qT<7)wBpyHF?_Y5-@ zmUDr+Ft;#^0^>aA0-JtVBmtMn$=_=ly{P(Walr)~U-X(VKRnRqi=z0V9rZxJY-%{k z(PjN8Wz8Gr2J~Ix8Uc}b#3 zIiAZ_dC|4QUnovq`%5XelJk5{tX1DkI*|5LLBw=V=7mEmxt*CjnPelkz&p%q9gfz^ z+Iwsh?JBf{M^9g?+ZKO)A61{`2Is0=R?9J(-p46Da`)>}8#!Kmu%qZrd(s&prdnoP zVdhJlekV20l`1n+Wv0-HVGA3}wuhJQINvE4z9cU<5gA8I6c$tcHdssMd|pJlMCSfX zVTsXW#hn=Y#P+QA^xQ}%m9VQb)ag#*g<^4|IH%K*mL`s^9v3pzesT|_N_0k~4c<)Y zyj6Dj^B?q&8(eZA6QKn$mSx=loW?sKx|L<~5eq=E#ao+I&CXp}yWPTJf*xByeRGvu zAGV-!;m?E(KT}Y*p^+i%+U1a0U?{w{fl7QujLLFQryU3oH|w-xjL*KItoEZ<1wf^R ztLQFW(30V&ze3Fa-i8Ig$s<&MtN!q3Nmsujr2S1EafSOmsU(3dD8$^(c?^OV%%4Dk z-$ULC4f|i`hfv$%vRg;-VRzmLT@tMpfyF5G8mHeBm&dCf4ma*v#)*o53bTtwPVR0{ zqr-#eV<4b@tr$RZRZF?Gqm(CPE5VQ#Y|Gc-$knwh;Qco)u9euX5jii>BMiPE zHHp=J<=JqSw0B+8d<1>KdttOJOmQJ({X(_k3A^jljzlGi_aes>>KBA8o0meA_lq4a zda4`NUhMdkoQ08mZ#mzs`rp7LsuX%%?tB-}H2@d7Lh6 zCf@w2v(aAZ&8MQB7|W+s{@3L91`7GmPM*pFJjp=k_l6cx8oBAgQKyA0A>KpkIMW;j zdPhd4)M99#BSZ%YV6Y6Tp_t{_`<{qbi?OabE)PQZo?Z0J!FZZv)Ft`v-~^iWE{3gl zY5n2y(C@R=Gqib%1Dv0FGe#y%ly_^3-Bdbc`L@MIN;zntGu}t*;K7|f<;~gi{Tk`K z)X77(MsXTqpKc^V3pOp=BhvZ8Ht6@SnBYCuBWh%pDcr$ zI@k8RX78oO0T*6x=H!*w$CGh_MnX5DKj!Z6;ts=i$ktrD+O6W&_KnUgL->wQa2D}? zd46HsvAH}CJ>0S~A^4h?mb^;{V?TCjMlhi};p0BHn4~rF;BE~$sKyYo9T+&B%QoVa zlN=o7CIcOpFr$=63g6wNoc*VsXgjzn`JdJ7E=c{BN#4EJ#uCGw;wYmdlp+`q6zzuI z#<+Q?96CoGTyMYQ+TsT9_H=SQ=U*VABxM<{pXK!Gkr~E5X{{>2j4;-rck;dcGv|K8 zc$r`+zMZ6b1Gh+EQU{`=hweJ`V7G&$7$9&Y)jV@PQp(9I!G>DOmHl+|bHFM1^m`J2 z8p-OOFN>WHnQ}a8^OOw6|2P|4#3q`!5&7CtszU0K(ttha9xQCN7dG2d!V5*Og z1=~i1u&dpzvktT{a7hfbBgp{+t7B;z$?NwLSmpsAQu!IyInn*1dW{4w_Vrx&v|&l< zd68>2nsinZiT?Bp&a8uGQQb!Rwo1Wa;#6bsjtZ<=8Q=M#&-J?J(oJRbI#Ul7D6rfw z&t)YyTbQO1e2ksZ?CoYGWGjA(!UPlPA!w;258;ZgXTn%!M2E(=Fm3HTHiS@YU4`DE zv>exc*)$$G+~ZOhAUu;8*k*I!E@ihj%eqU<{3(y~8>_0}bAEZEA#d+mUm})iuY&mT zH#+(Xs^`T!(w|<(-O4?tx8~%FUkI34HgcGaHEK{dY~B5&b$5HlYdwMdCwlwB#8kzf z?9`6@9IS0*5*uuEetXquar9ri9{=9tUyuQYc|cfn?SOh$K^-W9F>wx+*2GRVIJCj_ z`W^%_hAun8LSckOtqC-fAE2N)iZznD<74!d?k+pd_S!?zC>1!5 zX#;!E^mUz$+E-k7TRg<|+#J(d?JIE~Kz~14(c3o_`!ka!7Uwd<2KNs9a4iBl?dH;M zTxWCi)6B#d)yYFAtptrs+*H(~N_VMVo7VSTN`Kfe@)~{BJ>lIfy~Oc)y3eueqn<76 zcMNG|d&i%eUzgS9PP`C%)v>4P!rO*p1?g(bd7aE0In~@+PwTkpv$#)C9SRmlf?Wh5 zilsJyD!6eH?J_Kcgry#5EkejWF(O;bZxso$zzjtItoakrcA)9noZZ7Rpc+6i9x(;f z*ItMBq~)s&2MP!VExkh1PEV4SWj+SXIsk1^2>T?MO6Vzjh8bri16nM_!!a7bM@-8K z*I*L>26+JTM+xUPxL%kVuY#hi8E7h=%@25EW=n5P`b&FLX*k;dy zjx}owoLz4SZ-s$i>M&rJp%MJLa21eE`8%T61?h+c`2jSQLnD)-tx&q$2m*#Lu93L-(*<=>rGDKAZf~z z+ICP-w^~_^R@D|H-RNF(wZX33QYA2DNNvTn;`T}1*!bx6cYf!v;|2S#KW5+`Pj{rK z9XOuHYowEDqxf3M0jwh@{=CpQdArX33mIo?2zpcNXA-EKQ)KP-+s?~Fr)m%LW~Suc z4&K*n8ol$wCnbHgz%nDt@|{IniDO&-r1IK5<%8j$+)Q4V&uU&amF3sC-#y)u=n)rf9cz0a z^S}k^3*Qdl0Ggq3y7&I z1|P?}g|s|z0wjWwU}Y=hN;_*GNUY-<6+(*58USKDxdegQP5zFc0H4E(y)`m^u>)Fn zcUT1H=5~Oa8bnsv`&e~|Q1^HRmd{&==>Xearye}>OoTjJx$xM}izaGo{BT$?Les-1 zAA8N*y5(fzw0AL1(Gh8Jao9%seDh>jjjG(Z@=w8QT5-$#9-D;GP{T{!RpwUQM zIy9ryWSc2{gQ3DU(PgizUE%%H%-6i)JK_KK;Na_JaBXC^^gKHKAXtTC1Mn#Z-oG89@xy0U~jad9s>V=;O(Gi%Hz z1^A3WJ@OqLq;5-5%|fb_vvt=MqBKPP{OH*5o279byvDVaE_JOgP5Wil8mD9WN#TBc z)U)tttj@RPWu+-s^mZFbEpK;^UF_2}ERM}?m8!BIKTtB(>wMHGO3H-`7Vz|aDkUj`tG-s>ZMt0c{lvWo!EBtQ`LTL(QE(B+31YOYcCTlKxZ%Hxra!_@uqo7=QxgyB#z! z2+acx)`C2-ldS?+Kr*M3wCasSt)rnN*ghdy3txv009v&i`Yd zB|cc)1#ts*-OCHu_&P11?>mXzEEVb=>;Vb_{hU1LhH4|R1#A(VHm8%w8J?j-8QN@c z$f_%}@a+cI1<0X{Jw#!>f>u}1hIwn*8(cb=@eWc)5#o$t4iFz{4E~eE!(17{+xl}O zye90bD`CAGbx5}6)1TG7SUp8qmHC-tFz7-%&-^&|r|gS=N1ge;Nz%T6W3cQ9mQO7 z?jc4@{Pd7zl%TnEPp4$mjr&`>YbWDwcqC5>9FphZ5w(fVv&oNPn%`EE&9V}( zD73sgT3wVBq+;NPxM(PV?4MSa58J+-tx9bbW9msOIJ}{A|9Cu0?j`K2e?z0U5SQSs zXM5lICu{goz0eI6x#tm9Ry&SAFDoOG-OTgteIkO?T<^WTdQ57*6AzM)d~rtU?Q(+A zmk<$}jU)|!KqZ~`!Fy`%$JpGqc>Nfol&K%4(6k#2PsNwhmAHOew-VLs2K-|olE*G^ zFP~(ovL(x5VLJ9bfk%F&ks&%6RLttG?k-h#)%VYH>JP5)-4^JMtSGh|EHJ={p18c% z{#99-k8PONt(XOOwrtH0Q`eI@>6t>U@=->yS(0K^uic%Ld*fuMAtzUDUUHzf)iLUH zd0A9mLVIrBjoV$4Rsx{~;d#4cY!>U;jO78Ek5J> zvV_b7M$5us)YH`-npXl9{e_U!mtJ>CCMKLOoKsSdT zRG;LelSZCVN>*zzA^n~cMWg3zsmWrJbY^JQMP`bg4GDInk$Kq$)>|%@e!vyzS%=qj zII4LT`y|qsi#vWWdp2s^{UArgyiy>h`0DIHpL9d*LbJ!UiN*^iCrVz3-lX2GtTxTG zn^?PzUu1G(HPkP%RM>!w&66sJCUyx>8kiB?9kj8SrotBG_=qKu=>wP>?&H~mKT z$5Ump?3hT{{+d-?c~xra5tVD2I_>`-d+#0AWd7w1JEIONDk@Du$fy(n0g+xLKXn8F zA<~(HfA(rR z(PJ1s(!!E2Ef7(qmI~a_R}I}X`Esira8TN=cLZpPq+FPJa9VN$vBjkY2k+n5Z85~| z9_Gx$URbWjsqR4!UoBO)-FwI$q)CnLWV7Bvlx0NeHfKL94N)YsKzM7ayZby7QrQnC zoJd3KAmo36XoWVmLDisf8N|<*!LX+140|w-32H&H#Wo?>)djTRd-u$KhA1~t@Ertw zKeGqMPUDz%FF-sEd}YK3Y$th>hnWXh9ho2`>oP_!BQ!7~~JKmB7LKa!RJeC|$O7Ux5& zuxJBI9{L?g#lxopkw7^>33{(SxA8NQ_6`q(hj^Gz+0HZHU>4upDS0U(~#Wt+H8{nB6toj;mgc82g*{K=9=hIpkZbNrGP)h zbl|oSHYF#(vZ*>y*Iif-Di|Ndqz3kgWJ|6HCH9FII@v1|2G)b?oYWr(eh22q3{tcM zlV?ma^b?BAvl-7a^t{OCe1xK&1?;IWf=6i#%U3#OEe8Ab-{o2BCYci=n=M*~AB7j0 zGMG`XveUd6u38gYJzEe+OMKZpbe`og))BZJw4T;FxHII>1Zy(SOddnD212hN2sy_T zD;b1Xwp82PMy(|n&;{P+Vdx#-7e+oTe$^WDo~Rl5KA$RM_Oc{NPpzI__YQV#TMTgZ zNEVG%4>rd0%S*adtb4SL4n8e`H9%zz*${UYZYNemv?8BpD)$kTdIW;cF{`M@G}N|i z{UcbGM*S6|%JN5;FApj-Fp7j*0uQ9>zSxW&F;Vk9cEP;7=J`X@TJl$n?%lA`vcDkF^&wzaA-Z|yO}Mbgb!A?k8Oy^j!q3NP znHu&d=Czck*4oF~&ylND*?f|dTSI9Wm8!P^WW7O~)9|>Xd+tJDQnsolU&p1j@REny z7H>N*DWWjWn)$N^Rv&xTv5KGVWpiE>92HfSXmK!`S(Y(tzV~R$*=Q|k@Hbi#zeaLd z;yH_QUcXp9AHb3Hio^SdolYlmTdK7ObYA*8qmQs_a9C$oU2g1a_G%fly6f8Yp}(2( zY0NBtsF5P0C)2}&GFXI~K5HKU3m+c`(Qy65oshd^`u722z;+-ede3%v!P<|UquIhw z)yN_D`bNy8!?fJj?+xQOW?+e0a)phxH0{^kDyLM3T4$&)ox45L>|sWT9*x zW&qb`+|DL_4d&eiagzLd;0kzK$s60?@J9AuT>%RDjJ$cc6@YU0I)R-s5i}alQ{=|N z6qzl#xdx++L2r&^EOBlX93IAugB^I7nb1MvJTHjIXe}wg-O!MfNyPWiTz?ypiCQ4D z>$Bh=QNmEqH{d9^>3iOQt_5>Lze@^(D~*=l>#?U{Q&oP=GqTA|BDy*KkQc>-1p35z_(_PeBWFL}{p_i;kS17u1Z?=Mi0x6E1rx z6mfjUIvoA#Q7%IHrQpf5OII&7U2d5(>9oI+b6ZZJQW`Mybkr>bP6u#YEA(HQyPBDO z$})t!5H#1g&uGD511u6n9JO1iWsPMLHWw*=A>txlMnsxts!fdU3`p zdG;oPr%LB=^HpDUo~lK9M%@34V4^DSkXRV^~wa9^)~6}N3R%3e6IS^>jiejH)nqX z$rt}dDouKla5|jO#$lMaTwNo$mjX z?Eq1^3*6Al5qi1R&vH^Jbd;67}#z%%DxY5FqIia6_CqxqLvoQ|y zCeQQi%V)A3g&rAxy1HY&W4I|G3Tm@@LLv>$g!l^K_85VSa9(`vi@R3uEMiAPXLSsrUAj1dp_b`e8iuovvo6O-%QAU zQXBe8{}^MNox8g5dn~5obfDCNkkSRCnDdDahg!slKAolMWfy<@uw%df@GtM;YcH2e z^_pUAQ?o+N^1HS&bfwzII}9s(3<-xezyIapVxaw-qJ`mVoie=D;;vDSyK-_?&Z1xP z_O34{qw(}yd0lDsOIx=B%+v$D-!i4nzdCGbVRF;`dR?%rt5uA$>&M`mhg*w;Hl>YX zU6p@aJCc~+|2RXvC3^}0UGirA=W{fC-)fjU94XJg+32&VqZm3R?tG?EuhrO1ClyoF z%UodDfwy-Gc^`1&1W|((Yhi)1Rm*d9BdghuC4=mP4rkFkz6NV`BE(4TvpS4j<%;x( zuNE~l46XGoUqAO)Q=$0B{#p1HZE4{Km50lsiK589&FncB9V1QIaP78kIby3HaA_fr z>T32f*7Pe}r(+yfir;cZx+6M2rZw6NcT-F%?ex_J?)5(^c=pUnC}BZ}d0^L{xeaiR#NVD3c(8oOv98pH1k3$L#6(PVGt!Gpy8+` z>S2`ykz`}{)i1UC*Xp{;(R z5(=9ghmOAkb6ltNJqGA}9430lRj1=lyv?ZhhU~q~__ze!Lv#g?Q0n4Mdo$c74V7gDlG+ytzoVx$x9W#5A6cbtk~Ny+6L zy3p#aLJBh?#~_bMoRs+Ff8oGOgR$u`BR9TfCYZ{0t*_!!QOM%BfWxHM$AHwC&@3y90?Z)LTR1Nj%K6Vaq zdVIC$>nX7h9rV%?TIyquD@Iq0x|I42JyHX6YZM0!^(0a;1-TjhcKtR=5BpC4FWELk zIFaUs-kS^54RqANG5~Xd`0X=MdlOex_hu{h^BaMtyNM zQh4BZ+H!;&FNl$0pqP&0NK1+u&@BJh$A^?cjBW)}Rsf$g8vnUxM-78qVzuISQF+6R zxL!vXC3zegsR3!|po9{ey9Kp#!5hIk^ch-o=iPKP9(d>z&D~{cS{>er`cRd;y1wc+ zdaSPY(EVgf&zpCQ_FZZ_^7i#F(7@NuE1&Q0U=@|S6nq}3`=P^&qFbjFc&D=>n(jQ$ zvnbN@i!t@n>oDq#ags=Yt(zQ5PJg|5Rze_giTarToKBdKTdJ?LnX5vKrQgJAyR5CA zO289NZavTUf1w{++IQ=yl876ZNbAyxM}aZFg#1Oza&m1!Z?e%{?tGh`L|;6Gz1}@; zsd7-i$JYnvlNm7~&#l(i3G=>}mwf%RM{Pzy#kNXqGg!ZAOmL$&4sOGTd~xvg9FTb! zO!jd206xps-5|jC5bW#SilFwjhv6PSEf3#C(E1@R&=B!+JurmhWk3el3~KJ%8@zV& zIQXfP>?M%VgTZOe0226}$OF)Wqk@0zljC7xh|dAIei;o-Mpy%_Z)qeI6AX@d7Xg0x z1q@#A*K5G0%0LZo9vuPH2EqZ1mBPhVB7@htds?1IyHN+Fx<`_`?{=3eUsr3qB-I-kQro|B+PbX1VcJU0aG9EoG5qJMzq-?jnXDKZ1vH~}?Z znnLahQb3?Y0qwyv;2g(PX%HOFy~aMVgk*<-jt%+e$jv)bKyDTw$vZEQRDs7h4mViv z%tsB-`c!W%FI~71abji7BUmc`k9{t3X_xMhZ-OrSjFvK^Vwz%u|IsU_@h977Za<|y zh%y_mS2gFzJPkIOB%iuGvWz-3OC~9F%9v!uWtnnEH{5&F*R12+)EyA)B%~}Nw3vZ* zvN_^|mo~@bvGh%2u+CR0>2u+WcXHAw+QszC>GMX)7)!jlDaOn=PsckdL-pcDqoJNu zqs2_3?M?~<+~}{KzW}Nn3k}-eLZpewa4K$H23$Sd!~{>*cs*eYc@Q}f5CPXZk$1gM zL)mDya1j7oTsTqCG8a7>sPV~Ax1iTMM0U($?Q-H~m*Q?2plW!%T|k17LhE?=H~@d1 z-3PHFBaFuL3(|x9Ok1Rm?ipRbF92{|KSM%nsdo$gi`wT0u*c*|LZ~6!t<{D_i6(aT zw!zB7$~gYJ0l9-0J|@c_56JX9@f?E>K$}0QDb;#-u_M5yNJsfT-pFuNI@$QKe?M7Y zi?EYa;bk%1^`SKHH1)^gg|=jjOcnRI9u!suNn&GQOXxm%}?;t{liSUH>@jrWlz5S(C6DFV>+NT;xXChKEy3^?0O?Zz2EQ|H^yh_&2OyR zF!IEspGrpZKQ5P6NSnKLn9ER>HgwYS+b4Xb%t9roi<%ve(rvsw^dF;=AO(8Q^MvlQ zOGe%R08|k?8Jnl2qxxN}uM}l2^8HT!aFb=0etBL;?YDgM9E-H*A}J$fhcjNfZ$baa zWZtfSOs!yH0MDdqgqFcO1FGhk%{p|Oy^Mf{M;0D4d<&@HQ8Fa;27Iqqr6jLS=T<WBZHkAXSJQ1M`}eS)bw8!MRZ=)?yC^0_<10&^Nf9+kSgBD?G0tYB;B<_G;r~V zPd;>mNOMK9d3mW^O=EGVp@y5VGSl%6En8HX_7m^~&;tUGTcy8+P<;u-^90(;6|2mw zk;w3OKQNRkQR1GxAS%QRdjF&pYP^|^4(PPBRq8F)QYdf*ULteKLHn+Vx|COEW|>Wn zxUZ1^YVnM6@B0Gs8~MfCct9pW0s_LHN{02*W6S&Wy4*fBX_uV0BX|E zOI}aGfeo0UkNp7%l75FD9=nfQm&d~z#9do$TTsIb#xXHKzVRXeHlvsci~p1lx}P=- zA2$GXnoHPG^0o(YcMt>(1^obCn|2D{o8Yi}FR$qh7~Wt3{sHXVGU2+fT`d@7b7|!pw}vhs|YwX7s8ThI%_*O@yk+R2+7JMnj;op?=J%H zya1CZ;WSwuEWei*Nm8%MD=zP9naP&R>OU!qcCfWBb zClDt>2!J_;;DEhg9-vjTT1->m%$0-NcGH@mO)p}H(b_~aTBA1w77P+s_BpXXlJqZ{<4mOLH=EBf?E6Q7{7{j-J=zT!k<6ah zS}xj5M>c9*Z6w>m4V`e-)>;9_jYANLVi3(46HS~A-WSu;yDgrSb->1Fe=C`R8^BO! zH_h^L;OAbr^0;{=3#uYZLozCsu1S;b+KsfZ^bCXC4z?Q~tx|ckC=^_EM`uO0)^f;8 z|9#5klxYyP%%1V(Y)>r{+c|CIY4Qem?vJ4Di%`Rqia!c0&;x5kgC{l}q&dcivX9k= zZl4%O-(;zDIeUt|CY63`!ISll@TM48k6t@jc{BmO2d(nJGe_tC)=%&!-CsysoPF-E zbbl(EsS6~G{zmuLep(Px#*$q58{NOJ0$Ikvv5fZU{&A{398i9pX_}!l-$gW~Tkf&_ zYrwXBXOHerqK}}Rwg`XH{Y$JoF)P|dfbP$(&76~0+NlS0f5FL_8*t+x-<{)vY5A4Fd)6R$n5MiMq#!xVLG5>V9V!_?NTchGX8LoJVnMK!a zK>xtzF9h3c+itTBGNL@7^s8Tc(EEumMU1N#Zk2tDcNMC9d;au_?1c+z@lU3o^>IhP zz`F59W`$;HY|Xwk;+~W2JArmJnXmU~S1EX*_FS40Q^1=(r}moi$jWMQGs$M_KCZM0 zs10h2q;`4r<3+a8zezQE$89{J2T`|MJ;!>cRN^Q-$6dBdt@VPgru?Gyos+t|Y7@!r zB%{vzZcU@DaR0++Yt5oR)|_l`KX8vUa?R;rT^%+ks>M<9>wT&I=M|*4*N}ecf!&^N zV>U^mkuHVty0qa_ba}pjhL+P0k8>TfFw3#s zkXF7;_`9@nA%Uh{Uv&wz|e(+St+-8e1!iS&8}YmK3$WTh0=xVJ?;f+`(nTj9|%Tm@*ofk}iD{S0lp8&td4~MjO9T ziS;cgoS`a6nEF^)BJy?+E25H>?|Pg}Qe;YAD-ry@zq?`1Dv%Ktp(~ z!QZc(eYgx-gWpe>5o|;awxfqMHf(EsmpbBRZQw?hetliPvZhR(rb&PC>Lul4+VF&% z<`VakdgjDx$Dcx76*Uzf0T);4Bm^n9nokaUE1w}xTtxWe#Wt>;e_kY{?kpJyl zI{MqLnF|sJEE8jQ@Zy`!j=({pIlWLcS z$+L9|LMnDP&-g6qbtl#(rqw194yz8z;03n*s@H9C@nrfT{E7q6N-}3@L6a#|kV;>a zDPy_Dv3K&e+t}U62?8cQ$Q?L7oU%3(WO$I{ z5cpgUFF?OS&F66y5gZZAWjfd>(UC~@Z(0BN%_f#8C~e`l4cH(jIKySQtq9c7FdX1h_fo%` zNH?Bc4IrQj_EX|1Xy=+PV-T^kVY(K#6T!F&N@S?jl$|3)nhSpAuJsLg5Gw0?>rj_+ zgZb-n0q%9a$l?8$&zv*(&9T9$`x>W07Y-g^O~DSFI9nLo&&q*yS9sXGy6`a~2h{5B zArS$dQ^Z!B2#R%^{fL%MTdY48wcR98e}-v1c?^rpB%}MZqm zWj1XF*X65iDu;C@;>-vSpj(48nZMrQ0?h&ZT<{@0OA%@?Ot?*ti&PdtO_JL<`)@!0 zsTTz4$XjKDs})y&n1EEs*XY|}a-KeED4~VwfcQC#nIL;uQ%4Yxd~;T@uU z({lUq0-^%{*=JYs;L{lKq-BOE7je ztNuL?lDY|NU~g@RqAYV<{WeU{VYpdx941GnGEI~aa$cOj^Nj-@oHNh_n7+}Y4kZ;DpcZ~nFRW9fST-uXmEyG_I%*+h-^}eW6pw*PKqO+ zN+31^KiYJxA}6O@q3M7^_TzW?PwmCBr@v*7CAe3Pk9qoyE{nZOycZv(Czcd%aQ_wY z)}KmzFA*zG{@5q!$O1lQw22K8zrh5m4J!)S01Vka59BuMn0uT-X-;$%qiIbu9 zl>H-{`TPF5*S+^&^2hy5VBXK0k#i!rZGQx7*>~+eZiD~NcwLI>jNCZ(*GVRvI?HE4 zdpG!RP8ax39l}M`{d4{|m?8eR`QQ24T*FvvnDf_sF*QQK37+}u{BM%8H;5%kP=^50 z5yARM;DBfSvZ5^=`qKGlzOmVIzO?6W#6y%B(yQRB=CgnHOnD-R9-hpLgk|sq4lFZW z$)`XsN2E&T*&wFeSOf9+rg+sbR*J1#S3XjTnfQTbGfuK|)s#p+B=1|NKX;3k87baX z77)>_@e^;G!b0QZ5_PU!N3g0zHT&G0lr2h(Ala*Ugqf=5vSFS?ptZQEKhe1wVi&*I z3qwenF&OIO$d~~eM|42))TICNlmnGG%9_MQZ;8=BosOR^_HocRE*8x{W*&c4yGNg% z5)+L4-i=hayIiVVYyUm%Smvv&Z!HifvLNn^9-l@G(eio6qY>p5H?_e6{;!K>rFbJ! z)#*BZVy1tfo!4?OLsEed8JxIgbZqpxpm)ZuUXdM;2~@EY+13X3{LBk#$b%5|sx1^E z$W*H$qU4DW*1|Pn1gf*qhl1sXRKaj5flp2v*}b-I>#iyqDPh`toOg#$=|-48Z^^t= zmL#Xt<=n7)aB-)E64Qe*sl8lco?Fg{uYOl|X&^uNljERX)`7t0n-l{MjQay-6Jq1d!DWNtc^BJR{c_cigYbYl`RgCRk_atwf+Q5wGaAXT^+p& zptpQ?(E+I}!?54d%#u4ctRtFI4c<)m`;1@d{mGa;9&9fuD7IvtVHh&veqbVV`GO0+ zk1-o!d$n3E@N@vYdNMq7~`%ALd1m3#{8*b0`Q% zXz^M^7+hD=ijZx2@FXcvO<(Py^4$kWL3@3^53g_-c&+bUB%S1NwNCinVw@YO`mkkA6c=l z4k%b@u=C7vu9_Mb==&7(=U9m9_`jM-zmYQ3>3vt}@oCq*k5x_)J}xCzVCnK)1 z#d!OLlc*Osp89hO z+uEYc3|bIXA~uUTJ51Sbt`pF7sYOqAZVhg>AV@+Y%R{Mz@L)Yp$LvK_690C1tu0F`NtF{WrFBENiirEtM%oOE0oNpo1_*`9W@3OG1)TKvkBj(Lw+xk2)?qfqGMGK5F zOx&`0)6d@e`tKfR3})G@`M+b;P_p+c=DJ)3pb=yQ?h2KxJ>w*i@Ee+ z6m&!MSj`M|Rl>NY)W<8gZ$8b+Dz|U^eZiVj$!;S(OTDz-I2m1pkJ5(?NHu|WyI_Yr z8bm?t3Tx>CNZF?c)&cm|DMwIE+q9(1!-v44-APAMm7I~A7dw$OEl_^F#KUwX9|E<( zQ7V$PkqfOWBj^%ZpaysoIt8GV7=R_eX@W24fS~4jOc@}(wm|EjL80<0Esk?6^THqd zh#JnI0t_k9O8beFD4&5+ITN=j<J(XIl0CB`ZJwU>PJnWYwh8w6B%aj+J`cwL z#)Xk1&z`$`?n|6GhA2UCet{LBrJKR_gbf6Um0rD+97+LY63D`dylQq8#QJy%?9gzk zAFd0u+?m3M0PuU@N4k7ev9=i8pLv04$Kqp-wZ?x#+bvC;V$vs3qa^v$Xg#sg@kNV? z{q*#z`tRxoS3Nw$YX`Qjay1yc1{O_KOb{N2C~8HFG(I@4_Z>$c-NlN{-91?Cq6n^X4F* z@io3jO=ll99mVh&{}g@J_@+?kOSP%LoV@VUcgB1N&A&6-w~xTLbr_^W|0C!4eqUfe zT12u^9xo;99sc;T9sk0v-J{SLZ{P)cUoSlJ#{9?+2L!&f$P}!Pd)qLo>uSb=PAvAB z^9!1!0yX~Dg!GWCXMWyyh>B4dyjW3)9F!veXI>$u&W3;$(mT0kuwN4o(5we%Gp zx?&6RG*$-t1r`~^o(muwUUAxYo8e{%09n;bIu69b&snoL6M)tVg zISr`}qm?`()eyTZvEpqHQl0e-@?RNvX34?71V|om)cSFtyIS)9`wX*)g}CKT)B_FBPq@_?c1B+H`w4>i@<01e2rPOCl{1a7F#L0l?cZReKsqXg-+-x-u z4r<*fT=f5aAz8>TK!go$2gN3u3%snp4QpXddSQ_lnm(cD`E%++C73 zWl>bp*j*YqQtK)h6>*VPT*aR=vl6wWEj(0SbbDcYcsIySSZ3_Kgp@_W_2A81ij2)- z_fnam(y*=4U|-O01v(in>*mkWJ%cn0v=?$yL*!EXZ)|A7=emG1QHFXmpxH(cOtaZC z1uT>ZKq`SlO+vsH-q3?d;#?1GRsbrZ`~UaDFT(vmwH_2lbHHAj6v6P|hJiBIj6RY5 zVaxN`-xkoG+ibezcsp#goKjrofzknC4 zJ1Ewh{ioi(q3P{RptoO99WMRgbjOE8N$Zd8HhMbg9@Pbn3VuP#Ar^5uW|!6Uy-dUS zas++8;bpX6_9a-_;@$B110089#lruwjgcW7zy$k&nM1d1#Ua>slb}A_7W9tk{aI+} zZEgT>ldwc(ztJ!2ukZmSj$RfptHt85XP!Zx!mrs^+HyZTRF$2OpR!(+ENb;c= zh0X}^Z5cECw*lf3Xzqwn_Y2N%w}Qp!xEBG@%2Ss*FLhtAbuK#cU3gK%NlS8+=|15fD~?7yYq7u^r1m9A zn}(@(>3GNFoUQe2p*l{h4$ZocDX29-$?7If-+&BinPZU@LFUF|;96s_+ z7zMD3d?MIds6E=zyCzT_U{O3lOD-SeIZNIY1P=HznVpTKs_bEGH&tPW00_t`oCBl* z-aU1{c~EDV)n?iP(!fo`*iID(`01IWAa;=AVaC==LcNCI7wtj(F?S1U0;tDBX!jCw zC$3%qbf28m{b!eT1HRxHN!~PtW(6aFN9#lUi@Px95YwRF(eRxnX#Lm!Kkh(}jfNVm zwa+s%j}Posr^6V8RLI_RWVD*M1?`WBZCwMczHh3Pd^8lZRLzV(t~4&Ut59 zF;V5bNr>2)z%&P6NSssemRWj}thfaFLz`J=wGpHcv|=m81)k&94;MZAI*>09UQK-R z=}AtPx;|dyxFVY&)c1JP}qdzu8M8Aij-Q_4^V<9>Nxxv(AyrP%WI!u{R$Xx@(^7vkfdE z>{nP0cv|1!>zt}uOWK9TiSIasU3=t51rxKm` zWgYwyFgDxU3C>t&orEU+n%pewAmo#)AqzLvI!H$CGinWr=&u&;c!Cks*mU7yUYg^SQt*<#~Xq0o@Y{ zu9AntzsCNc4UBq&|KGAbTF)349JLKwA-I7tMrHl869Dr+S=GF@D@EMk1}=lW0Q%LO zSDph00VrOVc*4M+TK+9_Rb(^(hf@dOTdqdngYLbD$z8;Gc~I4KAnx3Pn%(J|aFi#z zk+#R0)&Om$XIMW2>L_S_?c7fRK1jjr-}F%b;wd4kHavI1-E^GxgiR21;b0?h0coHp zS&Ia^$iSsUgkwjLo0i1&&rCFUa_0YMho%>F8!TmzbZsoETpnZJ)@W(2x}$qMQCl=v zD{;}JHY)G_`TkmjCv@)9z4M2iwJc?8PJD^ycQEeR@V}T7IpDc?`2iys15j+i{(5B0ny39 ztwH5FZ}?CU&;zrV=!|*)LkMjd3Kz|lCC!<6b~NFBtCvVvoqx zOGv4+JC>|rP7`h(%C-yswE6b$NYB5k!UFx@LezhzR`p+4h}yps0&JlLEQK~Sz=!Ug z(L%AVV%yuAkf4>!wZ>^c34L;@b;cJBSXtjI2Z(|28{)fbWrU-p24C-&w0@_3ppS6w z!|(ExUjzCrDr!ogBS4PaE@7Z~eW=;nIHzu%QN8{FW z(E6~bVcB4Jyt@mQUHsn7kLO|ixoBJ9b$>ZvdK%Qrd;shnI(7ys^9Z%?)(c}Wac;_i z0YNCc44psr`PEx^uRpfyoqg~+&gsTz3(1#&xFsLARvnk>S;8Iz>w$vM4lq{c2Lq?=+8Se{MBQG24MJny=EYPjy|l zkJa4%d(Kl@r&P24sTR|>Y4o2K3=1ebJL`q{!31-Q9Mw1X^4eu|GHu0Xgc1z4dJYDd zC`-Pe);cK-N|`k{DWscn=H%rR&j=Tty&#|87r%7L#P4x5GM@w=KxX|jZt+GFeB?1p z2!pGHmWfp2p^=4NL%QYX%Iygarh1*c`V5#ncvtV*Ck>Pw!9rRMFoH8OFG%MP$tCVM znT`}%2pv~wF(WoHpEi~=2@xe~R;H*c4XpuRi{I&?mXs#f!e;~X1HMS=Jg$y zei|2xpt+^2EaYRqqN@&)m(!-wSe>XasG|P{Mbl1WC+8)(ktkZLcx-uM|KP#G9XF|9 zOLq=|wq*W{G@+THYc;5KMk4EC1#R;law|o>sfj=IrCdVH_{IEJ=|YLFcTx>MwrlFE zJkC2KF)XhNtVh%-Dd)zCc|*1QxL2)uc%hQI;>^6dpNF<97|6b;daYg4SsqdwLy?mT zxdWhAkbD@_pTk7YFw-d3@9N>UPlK`oJbVF)Cd4Y+CtBAgQT(JGo9$5LX{$*jNke?A zz)tKWX;EQfJ1!>pqV3?s+NotU|Jz|OHes_xvVe%KSfw3Q)GInJu53esJmm;f{$19*|N-)iGrBw zBev}YE}25{!z)E}$%bCr*z>~Z70(m%nSvD+8lgDrr(N^Z6`kr>>At&_fqexbvH}dR zv3T3%^t6(VkG0jsqFYj`Chbf+ei3K~tf=21J1oW~p19 zZgcY4PvLrJye%4X&Ui`->)3HpZV^{Cb$9MQe7Ae~Nmgtg)i!?Ae7ty~zZzzgu7&ih z&NWU*(|TS8EB_YI(||qKs|6aT_%TAz3oS)z+_A-E8*&8u##`5+5;P{TJGu~4c6VVn zGv)ng*RjE*t)%9mVT<)Pr7N`_g;;yz#QRe~>bWxKj6^EviVV!H&JAkM69?MQmWGB08WEhIg6-@hPC~rg@DbdunUPk?BmusN zH9?jw?lh5(fLQN8E{aH=P#RK3@Gw!$HWLXy`x>GQ`s6(y7GD2C4SI3TIY#U8J!{99 zI2EgRGM7qP>CK%NWOz24VmAsqBh+q0Dt^PsKPko}PBWMNxb|h4xSf3Q_PS{<-YB-f zJjamWZV@XeG>9?H&@c_t(=ph=U1)G9J3A%&*--&u-bke*8u8XuykHN5i~PS%!JA+=1O zG^~7As;^=>|EWOT`eE_d>ev7rXV3d6EM>KfYnI+$v*Gs)?Pc%#~>ZGL&AUgm&YUMDxyHD#p4FBR1E|hXeshO zieT@6#Gm2=f_(7o!*iJ+sYeDP;KL4JTn-RN90>p+`n69y@ag$KYdJ3r8xb3G2+$zj z54tY)!$N5w8RpCbfD~NS%U)0+bf9i?ewaow9pC;HD^ooL^`t|vAPTfK@i1LIqY)e1 z;J+r55wIrc)QX5EZwiC;L3s&&02G-1Q@5~x(Q|Z;8W9bPjRZuY_^igB1e$jx`f0Re z6j+aqU+pj&Rym$FA(+|aSoOMA>`I&8Gar+C7-V7nOHpY$E^-t)Wk#+2;Y?qLf|^jk z*|~$E$viyKc~N+KtMq!GojIMHU_Ok)(x=}st;tu?-5OpPcSF4=OspASVeL5o}(~N%`<#9-6(o$`qrJ2|%+73~hJr&a-1WofPPq zQovLtm;vg3!{Fny#UA6qp9eh4IozL9<%&*W0&~k$ii+%x88tOjXFktgNOD>dwlK+q z9Q402`ZH0knAN1>>7hJpm+91=%dJ|n%BO8f14P-a>8J_6#Wg3sO^-Eu3*62QTM>jF zu5n{c_H@a%I7Gk%>rP6mP|FPbiS9{VttnoDFVMR`h`D%rToN)H@C|ur-6=%6Iy1eC zP4M_oiF5E5t2|}ZFqTHwF@L46rh9m(Sx1JG#(i2`N7i0@$Scv&uwC2fbY6FtzOiw9 z0^1-a_|6wK(^IqneB{>+i^N6BWo$Q!=SK5gs{3i+BGp{gh!|j+et$}8%wDfm4(<46;u~9> zO5~wytDFf@qm~wS_y@SEwdt8Qx4SLVMpDg%d{_MP%)+D$WlR_^7a(6U&4a)e&;*DX z?G8EIUYe5$x)h6y`dEw{CO3s6Z>25E?TL9z$5Za6Tz0`s*)APY(M816N*1DWUFx+m zhbG2Q13fRapX~HXD>Dv$|%>$nx z*)bpfl>EDGt_J2aNdL*SN13X5GF4UKJA*6{XuJ_xG7ElG{Plm0=xpzVzJW{qhT>@6 z;ZzmxFaO^dhdc>;fj)`&*LH(p|G%{xXfWj)+_d-F4SGe~Y!oi1wlyUy9!05*YG-MP zXc}qzlRO><*Y+!ACHK~pFLfaub#|+&v{ni+EvwrJ+m1!wAPu@;^WCyvyn5U$69m(# z6y>BDSHC1{nYJaXV#_Yw{W|Egn;95_!;Oi#4EYw~Xhb6sfpjI4f()2MmAbs5p0HZm zcg(U@^a+VmH}Uh8HX+mgDiZ>I=dM?_Yzd!s>Mid%Hul_EG)26L+{AgEqJ#Ri6XRHR zyF;x?-9E|6yvT0h^u?O|JGMc+cVFd}8xyb00RNmEz$HHgiZTEhYA$WP$A6os&^W7} z>n-Q`7qbLTQ}6fwk^E5u59&KMakC4S!J zH2u@=2NpNTT|$Zgl@d6XK}8k-JD;gS9kNIV6ie0fdywsmC2f3M+y1J{34XPC8o6zQ z*jh!t+O@kI@sGF9MZW-gYhnS!qJdmp1tN|kZWHauSs8c|bm5sccSEzn@D#NABe)iI zmgj(?$yJ5d+<2t`=jZ~pxDry+^D zlv{n}u?mHoW2k(5lEZ~Vc?|=p_M6`pb=Ha!o%m9m+(^Uji@{yDd-$c=8(q_FgG=r_ zFJ17z*k0wnRl(46dBVf~$q67a0MN|>>2FsM2YlLT8w8>L&(PkaUGVHW55aw{fNczh z=Njx)hyK-X^m5)j1*JU1jz!hpHn?)h^Uu+|KExesP5{(UgQl7F!~t($Oa>`5LQ8>V zP#;D`0?$=eTtOR9Z64>n(N`-a|B|grw-|2o%#nPdr9fE{(QHz&Kli&YPedT;uB+(T z{&G8c<9_9<5X!OQ3gM(Jnu%R&))pf&Bi}Z7zIP*8RODiIwbP1! zQp(CBFQg_XJH6Hq$Q$tWpy=s-Gc0!2cC#zcl(T$?sT`^_R0KIw)AiIGC+U~=8+z;S zy(Zen?LNu&Tc8X^3DZdU{9d{Z$Sb{6P@1TN!6)|A5()nL8N328R~nQml0}h>WK|e~ zW;D?3LL~KqJo6HPBPtKOk(UWzoodG|f8}9=&9b9{xbriFafIf!VN(Efb@bRXdB9zR zGc=e4e@Az0z)CXP=xNuPE40QYn-Wn~rW1jEjww4iQhSZ^$>Xh|gA$RKt<3bM@bJ3S zpNl}T4CXa{0h?@%9cme@2MS?Mm#5C$Xp>WH}DBJH~P}LY!(*7>M?*dmoI0MMOn&GHe1g3vcKSo` zgCQ+->QzyO=Eb$2OX&ask$0BKWkwj9VB3pb`~!j<0%g<3nNYL9vs-dM|2lRzavA@z ziV)REEqNn)#b@yvX~FV0a*fGVNv?{OB8_OBa(~0D9pUhgDN$MoYK#$=NO*yeLctO1 zZo~hFz4wl4GF|tEbsR-SjD@10WE2o-A_7t+TOB|^Kzb)CDovVzbe>TJ1jLL~rA4F! zj2P*iNEZ;04xuI>y(E+nNb>mI%5HQ@4Bwv z&-8J6^jl(hRGo1@wwUhHTWjZ-do5FBao)2#WdcYhan=C#*GbW*MG%s)$2`iMO3&vt z2^(DTS{UpL9?Ep02c+quOnat0PLF0jo0RGNIhLgF=Akfa{!sUn%?Yz~d1X(uV$G){ z<|T~DnwhQwyRDveHQqzbBn;FVZhDwY8hiO`e{A(8XtK8~K!<=t{JN+9VS_L@1+ z_6_ej^jF{hf3aTtr-F~#EZBk$fr1Pn+9rL0oeUp?yDeYv>wm`bGDwSo2E7+pX2>TG zrK&{J8Fpxz2-7L}VgjW-P$^5Pi-IxfGu*Coc2QbR8o%|aY<184)14yR=nkAFU< ztlSSP8>8JdztLr}(3N_^+$h&JPQ23S(dOuumsa)tE=T-QA94V*Bm(v+4^)dHPNYHz zSHLPlU9USiie9#b6tAFh1>88pVj1WbkS=aA^os3h(_l@b0 z`yb=O4GS3I6ct0&acoB1U0STk+QEWoxIVDYa)}ieU!rxn#9fnMCR0z&Sp4KQDG`)e z?uZ-Tdat%bVy?+DM%W)AR|1JhpQDWskD#0o(SjEk$vMqFJ|1rw!P|^M-{ZCJqm{g$ zsHi7$wa#QWPRsp~SB2*M?&HW#>?R_+ z4kQe{9gC%GI))7b%pMcO#xXFPp83yF6bn>GLLxz5*pFQ$NcQjwT&z&bztV;p&)E@f zlD$RwN*uvMBPh1YO;`(>=qGGxt0L)cNIqztP}{c%l9OfZCNDA$gA@l9b})47$p*b< zghaKtorb7R{b5-E05A{1wX#<;;4Y%TdJt!`Lc*u9!N7~u;;^hqOoRfjkHoa)*eJuS z-gID74cS8wLWsP?Q*yne#2Fe3_5rF<1r-jrX(yr`ja*S3q!+=P&P0*No&$~F>gNpK z8N%v*I@9rsl?wN^kx6J8H;#2|5)MW=KrA^^B5TmhjIJSDjA9|+-EC}qC}?iOGC)K# z6#}1)1IyPM>TF&D#y%_(1gpshQ3W!oxnT7`)ICfy5SZwrsC&V#U5g83!T@Wb=)m!`+K zAG?6_|BP6&mS(Gh7koS7wg1Zr8?ax!SkebwmB2C~NoDA5Pzn4^8oq&|i0SY2^0I=z zfyCb-58C>a!4x`4!onOscI`qH1G~NkUZ7dOe+Q2gq=*v=uU^w7V3-Tj!M?rO4I zQLoju1=4&7h{TBe^1k9XfvDx zEM3KxL>#Yfc}irmQn9ZFuJc?!3f-3@ja{I{fEf;(WLu|&ugseA_PXEH{Mg{^L0~`B zNk>tC9zPB_>PL+oW@wT3I+F7%X_wz>;3)#b4heomg#C;MbrR#p81)u6EFQQZ>-jbE zawUK6=*Rz56_qD0@7xv>C!*vh#g~#?5V__eq+Fb9fRVRo;>;Q&w2C>4PQ}_&#jB^$y9&e57Lv@L(7XWX0(0r?}d+H-taPY3(EJf?^oGJ zE?ely7Rygf7cpbe5e;kBqW+ln>nsxVMDu^MwD$ggV;#QQ7+(ZSes3?>W=`>3FFkU}rK)yT(v1dDDY|#DI4!kha@$0U9+bN>&$0WN z5~J&y3rilSpX`((cf*QM@eC^!vxEYr2m}rPW0$FZg!A%wFqMU2`-79r6q=NPcnR!4 zEF9NKS0#k2ef?)U`G4{qg5m=sj{Mk_@)#N&fmZSds$-z9X6#y!3*#bEK*{#o~;uVh}fBm&R!6jaA+O9f@w?=z@` zrRz+eIruEYo2fL<=|(~9VF_AAU#}nMR=aFj^vcF!eoQ3wZIl6(ua13Jwnm`RZ>h>- zlIzM;`M2bHev^I-rCrmyO)>hg(+N|Yg`;wkHaFI|LeIG*KWhBVn1m{?m3Tj(BF)}- zaXE!Gz6x&egrSv%1#w+~;Z2?VjM`s?AY;R@oPj6F*l;4EN+7HL9VmtdAMW~~iXsyb zbMCSg7LJx0Z}wKlX95|qvgFq1R~mbJM)kU_^(6_bo+UPdIi}Vds=Hw6^3d(-G73eV8rixvzQ{@ViaQHA&(Qy z6stw~)x3&U4qRy|oR$>>5;{Xyl@wPEo|&$ud{|8MQF_FB#nue|irrg;9qOS6F|JZI zHFZ4PsNizp7MB;BS?I|$ z(FPCf2@fRqUF)s255s&fvJSKwd0mXjnVY!y-q6+h^-b=J3`<9r+-#GWa145+3KiG$ zW%VZEd}c=5Z?#?NO6tPzO%0|SOdTEDt&WNp-`j3=sVwyzmH3XheSS|kBc3J-A_NW= z2L&5JJXWQJ^VR%Z!`W@$U!_GkZK$E6tJd^W&c#>4iF|-E<=9ob?74pT5hwoa3{PjA zBYi+&z?7;rKlSFEbAw;W9-)?tCWWU4WE-w?KCS(x)thJP6VTGcJ=gQ>zG<~nK`1}> z9m8VBx_G4y)z_?GghVYx_E7NIG(L`J+4BPg1JcE(1w*1@+J;WtbG6#u;@Wa^O-6Bd zL9&b{Im3sMj8{3nQKsLZ`_f@!eAJbYC0E=2`sQ(NN$KJhUT61OA*i9FzK+iSF*Tjx zDo}u*vYcP_O`9SiFOemsMK06PV<}wgiY*QkR7MS|gT@$X&E(M@(oi=|I4)h+YJe`w z!{Ed7BAZ%M$FJN}{@g>4N;q76eytCFOhE|H)(D0eu8E857xQCZ$dtbj1$q^ttQ&X8 zhN-8N6L0kSMm(DDJ-2mdZ4>BCDT>m&sA=WS9yGqI38FxKk#ZjW6W$(=15b$ zY`u7bll1YBW+QLs9^G7JFPSo>)_#+B1n9UljSxxg%aHUwReCAidr3??q|Vf%q9O~8 zxS;*WSzY|KKh2CNgu-D5G4u_F5YyZD;7TL%klO_>H(pFn`wXgvh|tKK{Z? z$>lqZHN|B1)$|lc+p|4aiz+U*Is5RYzPAFi`Qvr)d0(AILGI~Z>dEit?>=I=6(ty? z-QiB#a|x$KaNOJONA`#_&e(Xt<2Ghw7_I#%@0!;_=QiiFvbOV+hfd|64E(Nh{Q4`q zN89a^8oWkCiN~8x-;(u*25`%*9hZ#fHH;_eeZjUtJG?l^+7%$H^tt8?I~p~ST_aB0 ztan7$EA%iXYthBXx>4w%R4tzHmx#_-%i$Z$kH(baCPgTqc zeWQyB+mq|wl*A^%qwb6O@~0o#>S_}?Cr4854YwLQ-tJB6>+ri`UEzJ&_`SAgTvq4T z_xgsPj3-ZZZIbRNcQ#mBIvL5 zd4ju%pDw>5uY`g%b%^+IAkdMjWD8Ut55gBmrUANnt2aW zXz*C-WftEvZ?O%C+sPKTNomDMoig&wdKYbDJ-4on?%WF!fM(pKA~Q^Mn~+h`$J6I~ z$BgOEn5zH_#KORLR4k9L0c7!Kkb*qz2=2vFZ|FxUV-}gT;d(VC8hUZgk+LPHA30tK zig3U5c@dtY_sKv1m^N-b5Derhpq#M-CVq%tL@a-?4BlJcX9IHZ}tBC~Op zm4@543Ea!rq=wT|8M+glFVQ~*dcO&?*#<3aSmI=2rLO% zbxWt0^~kq#nv@jwt?QchFX;9zF1fj6hpJu96OR+ujyEsUJKP<`8qi4UllSV+9o%;E zK4W?`S5Ny^Ooj7yS6-4oF5^mYq2x{yS&wEYNyE4DnfB0V1>j3GV;v;ui-NhOgdIeA zE)oa0pZ-2*KW{&UW}O6gM;Jv1Ie$SOH5?ErBKgeH8_*4P;HKi>_~RH6hQyCuksxPX z+^%t_Km85W*fU|zN|D2EuqXA|qP+`D&Dngwj1U`+TC~A}d8%0c;Jp+a>s2|1{p>bs z<8s9IjT^Ttp6~ieOLW)n7U8sAdt&spK};!Npl9f)es0*cMFj6seN4x6ta&v?w)hbd6Y8Om`Um9IMt);&|{qE?BXJ+03Sz!3tgA@ zRRNABN&3ew5#t}bJ_er#@Tf&C#0dHV(CQp$uu2n5?4_)LmIWCAm*$|zG7Jb%c$tL| zsebQ3nb8EffDMP%P2JHj@(~JlLI6E8KrE^UV7+H2K=-CGlKPqjLg;jS?KnfV3)&LL zY;@KWwzi0%2|5s2@tWH+%d48`84+(|RtthE1IVLTQeB&(qibJ5Ft-rlhxjE&te$OOC9!yI35Qrhtg3H}x>2`@T1E z==1Q`ur9VcSypMGVx^0~Ko6mwHUP4a3Ex%+QDw#WY8Yk^2Y-f65I5e{NSke8k^#GG^YI0pAG>b$pzxPgHpK;F zL6{wj!k`!`62>(76&8=QPW}KFX?7d6*hozpsLk(iRr^Zf8F(IiW}a`8SL?!=)hU|p z!1LQlI=AiomTZ+yv>%GZUVn9-t+C)^iBrgX2Tan^m{C)E@;0faHBM^I57jY4B61e3 zARLigYDmYlW9EEybX!hpBQZR>;9dQ>mq}8;_e@_sc|MSdzVN{P>peey4W9>+(B5Xf z;+w7)e506tcbzK+T#60)5|syRM7*csF>6uEc~OLv2gUgv`T|BWO>I0K!!Zr2>iW)n zL1vOG+#f!~XbFGt=Kr1+n=@O{ge7P?UI-1!n&Vih!UoO3>Cn0v5jMytgn^oDk9=vLp27DdHj+xx=hE_q9KQCx=AKo0LCPw&ff z@lGZeSF_re>}-#}$f*dd*(@^QwpI#ScD6EFt%SK=^cFA4!kkE|e{&t5PjkJ0=My#5 zoSLKqPq)g-zN^&c22#iCilj14D-Bv0W}>aw;;6aP#lbL>JI(8Y9v`g~3`FE+iz02@(H{^8MF(c~TTu z0$^1EUXz!^Wio2xy_%xggTL7I?tLdN8}F!8rRD?=59}uWOZK>X)n^IKG-IgH?^1n8 z%P^R2zdGPDgWk)KvLBY3!dD38IcuCdZq9hrbSGj)K(yEXI?l1VgQ?q&NlbbW_lTtM zIMolg=rC?dpGhr_R;(Ud4PNxF#LU>9Wke;oAGTO>TD`lLVtuZl3Y5w5BED>Ap4P3L z35T}HwAeiP#q$9pYgr64YB(A3Co5h)1$A_RufV(|VDAcs1qJMOQK{edJWkg|TrX<1 zOzv?C>#2v4MKXXD4{|JDm3*7#Ni)BBPFAH!FH5T}@s08ZY16Se^Out8lDN6NV|^sC z!Y#hAGUv#^+msYN1%U{>xFP;vd55Pd*SFeRZkxV0MXrcdd`$A9nv1($d?wVXrhO}= za}GiFsax3_c#3L@nLzAvpgF*TU6i_ChDDY$0?rbK<%4Y3oV0SBNY9>&R940vqA33I zlJkbt5}D1(6$V%W4|4zV2TNeTC*))}S~~k7Mu(Xg&Va z`$xeFC}M}A7Duaq)y<4C>zE{t%OE#aHNV{kUEdDSKpCt#=l$sPnSX;2kPR4?pu&$` zin9PEs05;VcL)K(U~GZF3;}$M`p1>PYqvjS0z=?KQvltF0>^m=t#lfs?#wT+LG5(p zYAp2i51e2GM;`^?29~0Q_6@ws)(3{a3}uJd7D8|R4og65p6F-5!C8Yna9x^J_!(Lg zW0`yfcmB%geF(6G%ooybvE`P>)Bz6+0iRjb}WE@Iw;NaVJAP1^#R z6g#Rnre4q_(OThOD+`nglOU1bKl(6ZFXwk;4vPq8HGM zuTPm3ZxiVD;28wg-&Iml%eP_#ri{QqGe^=7G6J`M1eqVsK1yJHfp~~p)rY`J za@&D2?T_a{^Th)TLoHCW6Mc>1`+EA`Rp{!|uGk$L>7C#~w^)3?dPg=z_}pq$ z*R|CwQNJKFp4M{wZD*ayu)=hOrP+WHDt^aC?l6ZA%1&O+CwCs5-OL}-4A`59VeJl3 zvQcPIc8aCzdS0)rALi_OIK5I2|59}9s^`yPq$&OTR~oAWP5F3Ue4)kS3=a=zSMOt! zUd<_9A-Fj9TFPfsxFElb$Tw6OfC!xXuDjx*ym?o&xnaj6r^4bxE_+$3w#TxI*n~pY zY)%1PZJsmI_C{%OGkdmgGMoWjJC?VKi`@AC{g37u+S$sEBY#q& z?b$W}CP)l!24Skk3Q2ZCq0#L)RC_}W^fZ%^jaN7+3$wQSx&n2WHyEB1c^x<^h_R21 zADTb#-fGr=bm;@B2uXc4x{wfV8fqycQfU#xKN3k>lhm-&$Wxq{)6P7t((?XNuH%}# zb6!zNIPPi2(_B5b;|AB99!Gj}OA8vW*w>WyvR{Kh+ZsfVce(mSE}}ab`__! zn(8#@n;bZ~1Ze6p+e{o(w`kyVG}JL@q6Ax@$vTFhdoZl1npWU49rwdfl+^Yx|t^Y(9TPk*S=2Cvv@DMB|R7 zx9O$0+@_0qTwU=ht=sdPJ?Zr?GeU6tRpr%{l;nlqiw#-n@{+I}_x)#*xOX${z>Wo` zr}ZAnu9I0N&AyL~?yCjnt!x1NLj%t5(FC9?+XdcWx1G}AcP6Wvy?<@mKY|iu#5mQ% zjFnEL*8_(X1YqlIhR}ZoTVq?KS^Rw<$kGgf+b1b2a6Ch~I%S;Q15@f(Url~Tub?*% zL+S7<@70;^&|QH(psw)~I|s3Nhj}8n3sp2)lj@A0A3qp;dVD^Ow|k|&BpI3va$0S! zOWRY_mmrom<01&1bS828R}Aa(^f=~um3%DSCuBv=4e(#jeTWlIw#v!7@1|zFX!jhy zc-|QAT&6L1B_-_@F`h(x1?!VsFu*?!%TA82ZzojZ18*?eXwD7%xaWbolyTnq7#$BN zNZ80pxrs>OGBx?#(vi;lyVB8GM53Du*T>k5!9vJ>ZfTt{;(A;R$dBJe7Sxj`dD`}m z>9*w5r7AkME45@6>-gyzM8+k~D8WHbzFZoy^-ea8yEy25(%1u2lxLcy)s!kO=Q!%w zhc`5MVdvWUn!Vc& zUIgiY zYsAXkAUA#TU%vvt9DZOAtwHE@jR;H3@0v`saB?FpLy_ZdRTMeGQtrWLd-F{319t>o z6-70uew=4W22~8*87_^X&%=qf8Mdm_(Z1C{ngqW1)E-A~N7aW$jt`T~NDH16{e!-x zlQWCb%o~ou;?&30?*lI}CaL<3k2fnG=VjWu9<|Pt>B#?LcgH1)7Rx+U$d_R0gF991U&1XiVd_%nNJinT~Sm81RU3TsYa2a{r{%q+)RpV(60f z%z@;IixwRwHhp!Jx%Y$qB_0Ve@yc=YR~Pu>-e2=_zB-=Zp5oeF4g<@AX^vK*r?cO{ zKfztfwpcdCg_c1^J*hd{_RbHZKtG&8fe?f9mQ7D)zT^y`1}%#QD)dQD7b}=Z(pjlf zIn7fGMqclGGe_Ae-#Ir8TtwF_v2VL_-gn~+Bs}Xbl|JYrZCydUb(X!(0v2Nek1FM8 z0Q9~bO9Yx7*~YbJ0ESOlW z{#<%xy-=KkDZ*}g^VZt2-S6;YYpLk(OYh6hN|X;w6EJy{eFl1&WPL<5VSh`O>BWrw zdgD$9y))FzdeUU#OCwQ-8X0qSy)rxw-#*))Xf>WDpVCz}xAek4stnLJ$cqehvzMaG z_uwwqhLDu$;M+@zp4`8-#}pe7yv4Xpvp)S^!0?FZH%=Xq1nJbM%RtNBf zM-dWWd|4724F~uO8N8nfN6qS|vIi0HLj=PM(KHTbjSm9-aUzH(*OWB>`JBR8nrWv1 z_@w5uc^kF$2}S;f5`bp2S>Tv8Ea0NPen--dtP;0>YGw~Yur2bxc>#zB$YFdaisG|K zpj7jz(;AX&MwEe1#)Sf6z~su7qSTv?Jyv<^rmJI?j-=4++)N$Mdv1AI#n(AVOQNM| zlmnF1n&fkx7cG_!#=EC=U&;_U*ejtSgV${bW48Ad%Zv>Yh2v7U?j`BU1xMGNvXApf zJ6t0nvE3;CTKo5`sJgr4{dX^}=46S>2DfHeKFYGVhAYVBf4Q78dA`oT13jAsTqF%1 zsZnN^pl&B$rFmKtX_}3lL(FFW@LDj=S7=@yvuQ>9_{2G578a(8M#E?vkmAhZ2NdpQ0b;R_Hnt{I znCa>@H8DJ<-O@-@QBnIi5P+@Rm^n=b3E=-f!u$WCj{cv2s*8BnsG zZo(2`s#-V)1v-6OEh49ug2H{FUUc97{%h6+dw#JcK^qaH4n4CMP-1*B-jwQTZQWaw z$I&KeJYQT@UVLjc`os8|?XXnP9(cbHSij42{FjrdYxGHWb)baH2j39GlAbC@sw~}w zwl~Gc(k%SLN7FVVDzO0@m2j!>dJZFU`k1`*;Xs9&r!J_!m83Nr(E@!0h1?jLfwD>; zU5C^7I3+}U`#z-Q&1W49O4QPI+A!!Di@$woD$be0GrXCuwOEm>Upb%Aqp{Hixp=Q> zmi-wlPGwOlaf~ex)_tQTq9b^6G5j;_toz zx=}jO+3Kk-c4n{TYFm05s=QV)2NefSYFNjAV)3Ljz33?n^&ir8;(jm6`i3`^)xm2C zLY&`TD!f=#mbLzd$4;b7I_DaNUFH$xn<8@{g`vmtuncmfc4s?@qp2R~r85M=^P0nO ztN*zSkNf0W@;Jk~My;eIF4Lc$4&j{zPf#yl0}XhR#;@vfHf-YutGb76Y@GRZS@br~ z%())I=J>asr=Ku;8&aUijDuz4A0fPjx>nO_odHldvn#ah{YWxutg_`e{6442YmS`H zouP0@-2pX&I#oy-8ZMfFhf}iE>8Xt5hfq5^8Pc*z)l3{MUvsU9(F~vET@7_KE9}~J)wnTT3 zjt9}QbR~8HamSYbN^@h0S|V$)5!;*3=X58*3td1d{9u!kjY}~$Jnd5NViEcn zX>|C*tLDes505ueuACDayw3MrPWRkWBs=BkR`ZLLlOdCY!@kMq8Vo{jnw+XUo^)@+ z+9*vxsm;NpVZzBM*)U$-);)pq==lqdw`t~)PAs|__Q@KFb){j;R5|54zidNy?d03! z@AxN;#-WnG+H-d&7V4U1X1yb5#9`~8ckxiP=;n@|AF@S(bt;N%<*XltEJQ@VI%4Y^ zPM*P3NvMXnZkAAeBIIl=y95pj+?Tz+c(6aUQL;0V+J+_7muD13vT*g+p+qqwC z)J(b@>OgpGBb?BMO>}fa%BQpJz`_7{s2gY?h4;5H1Dw!>GtD+CR@BZq=s4?EPw;WL zcbtQz<0CZei?nbt9Jm@q84u^}Uky5oI_j$?mglYHoqBP6F8B%~xM1$v$Vj6nIVeD5 zTQc}qf?cSIqrCX55YSy7++EC0?xrX7KXy;62xwuH-BiEHd!{ERDI_M;996L5>fOB% zfX~&O8rXhi)_^qJxiMq{>lApHplPd+xI7AhrmekZH~_kRX#;J+9>n!Vqi|UuE0_1@ zfY65Qsx*9P2sFAPneNb#DdRdIM8!nmzfq(qcc5AT?rBFf$FM+p)re@-qz9oD1FrrJ zNtvU{!g~Dr+b|6W$Ig4RGuAys8ub&+2);4W4A)&mZYTfB-c5V? z8!SdGA(FqW-0R8gFT%H9k+$2LG`f8Dp2bO?-&=TZSY#XyyP?x`Qs*9&ZS7d!L+Ln9 z5#-0c%uVR+SWS6gqkmdUNry{SSL~X+$o|%2xjJuh1~PFRrqA9R8AT;tg73F@^2ALK zJ+>D=+R(fwDkCEPfQ5KuTyKhzV@?ODPFMb9PHRWM+A&lC0<+fqybAepsJ#D4a}Sey zat&n(?}4tPk6u`62;}WscjHStH=sjU6t(~EUgJHy?k3zEcY6T9~B?JaU|93!<_U8pOD>LJN{Bk_jeLh1W zq|Uk=)n7^d#rJcpogX<;RCFar;`udBNm-)MA542vCg>2h{ z0>ng<4_V}}aDrdzgy$)Z0HX`WRKJ_~o^90L0tSWDpqDL+2+cL(vo&wl%^{Ny%H`nu zKF*WEr-Og-$mWQ8e;>c+2_X#k+e?ww5-CIT$e0FYROJhYUi^vf?3`Si-q@6E_TYJ2 z-0R>$07(3MF4pg8UHvVdowE8J*3Q1z(%J|<2vyM#Y~MEG`t-#gyKWE}3Rdu~E+#ji zYeh`*!9`|`0O^uhgSJjkf*hf_B>RmAHt_fB-O%1Ihk%x@)iMg{IBl;A!xeClrnrLCZQ zs&pv}SLEhx&k725c^^(mMjn#ax|Mgq(j>_vmc+xGnCQ@Mq0rT&P*7>Tm3GX8%wN_M`QSwB;+UcY#Hyr>| zL1X5lRFY)0&wZbLdD(;5%Tj6`D~k&LcaPpnYzI2P_nlt`)cOVv9F=rER#8iFs&S%u zv9k{Ll+vV5Y8cP!==o_T$p)`IO^(ZAEj5iDnea_Snklr&;KjbmAg}^@UZ(>EFXVk# zSgp%aA}@5b^r!ILFp2RN(K3nGjvZuYqb6{+l8lxKwhozCkL2j2GOyC)Q%GhJ-cd`s z@}Mzi`~IqY^;iV1+0og}K4WP9$PIeZv-jK48%srdoy*G0x)8(@fkZfndoNEK#tPi4PE5j7s`6J400z z6;dM{=s?vi4GHFC97h*AL);7_vIY(Uvq_dT%=4m!vV_TcQYVHWmv`_A-_19-`y~UV zar$a+KWS1P7esyQpiw_ghGtxFFiMoy0lB3jBDe3Cdp zbM@u7iz7+1-|yeAE**iZ@iU#EQIS;*&S`dKOQ*9DVv3;lKpVSy7M2S1xA=N~>^hBR zOJSvwpc;J^0F2k;pd9r;t&P8Ge;~El&2R?2CnCV+@S+~BFiX)pA{S3g=BB^~xl|8< za+ZuS`75Yv{V`2)Hp^#ps01>i4*6mn$T+*$ zH3SRwOW(_np>vKS88H1Pl27>hwCG}zV7Oyku|jqq7cQKIaXAJ+FitYEJg4|M)s@HT`LRn09JlgU0Qsh6fbje^`p-)AIq(w84B07A zFI7|>A4WCA)KD2A+gN~iVc;g@x&^c*7-$L*Fn%Ifq(;86a42!hZwC^~VBq01qR-Lm z`rwTji0o!wZQTL+<3)A`d?@%Enwo_o-(s}E$5t4>LS#GONP$1#UWr^sg7LJa6~^B{ zRT!GG|5k)9W)qlvAZ)@Qi?)ytz~!$7ErJB$O6|srTG|{6i zEgO-jhNV~&~p#oKhnbXKk zABedq_m|wx`G2VGuxL=NEJ%02N0EgqtP4bj)flLUJ=5H|ZZjkm12w8pssotUnH=!( z&Ly`kUO6e}MeIG8)PtI2E{;JYsH*m(!uil|>( zW80Qex3>JQz_t!+!8p)B&<~uR#b{gE+B*-jW+1(uX@lErBkRGhv`G=EpAnQno*O z+fwz#Btwq4umY1hQ-S>HKUxQzQ~&Cu(C|}WHGp42vRfgSzKJv-%-fDF(p=1?X3$^v zc;VfUmQMb``RO;H0>CE}u?X;uVkdl9|`MAh8-)~<&W+=>kJD#aZz%P;ww(F z7;{rWCfxBn(P(D)VuIaTG-79PA-^g^n6g=@*J)xOz>*g5^{cP)yN=LT#68c5sMBF5 zU;3;UeJV&?cP#s4Z{GEz+S!5`o2lYO57JdSVsT=+ZGFLff$~%W*yFo>-N?;P^X!YL z*YE1iJRn#oM`NDOOT0vS2;gI|LITVCB!Pg$^W%wW_#oxEi;IOuf%cZozY17 zo2(lj*Pi{$h|nH-GtAWoR=}6wX6&Xrdb+E0g zQ<&Vp*1#VJLmekhPzYPsp`~zu%QJzK)TL@vu6AzD|51Cs*{cX-EB_?Z(Cb0Ppc(Rb z*bu|PPHt`-XG>7M1C)qN9J?|6yHIm0ag4YO(DUo;vkTulvkvZJIfBc3O8kx(FEL|3 zQ9BA6Yp({L`?xbN8vX&e_}&iHdUgjf6SY2tSOZS^sU_4h=!m2XF?v7@yYyah0sfT- zwJ5>0(|@+L(uCbQvj76xHt9dQ53~JQH(}L(T+N=X+u#r&UucPs`mgImwyLvy8#qj0 z12oXQCA4`H!OTKXrQ5MN#b3OUlSneOB~=6Rm;ziT=-ah&L*IV^Zg?X!C?ly?*p4=a+a$I=fqh>053Q}8?$#Yvf%Y=coP_?dYs?0XV|ai936_b2mTBzM z>%pL7wG^I3F-fSmD-1aWShtN{1AcI5!i|0P9N|L;F-jAzZUad$3jYWq1J`j1T94hP z6S)6aS>P>-vQDis9;nU1g|YvD(?f{qPxzVs@9yHi?1cX*g*Ze5 zhN0ND!xwWGJRK0O0>&7`M^+(w`_C>m`NNWJ?AAZK*or!4V6GytawLPBP@5j;ZE&Mc zJ7W}g+Qvn9I7#Lr)qy6#AFYgOIl4m)@f&^VBp^v`bhwl5c^% z)^`(W_v-E$qXQcOS%%NDmN(o}QhF1;+eP_?vVywSEQ(KFKf08+Y+^9*F7E8R$xU_n zv6Vv92WiIH0Typ8S(?Q?Ox8%AAo9*Di~a^Z)ZgWBIY00w!^RWZ`-#?9lIp@!JA0b#@tp0c|0q?{qfX{sNnkC_%gcN;kkj=KA}4Uf*f1td`*z#0We^9 ztJ}M8$U7aX)l&7DSfIu3k1{L=m;(iQAi+&h;;ed(jf8TU*SDPU%~R__0Zv29ujrAx_l<9pflrNwna}~9(rPR2oW_MNZO1}pDS`G0 z1{%EQ_b`Cz35g6o;hZGBq(H?`x{6b)q$bBh`r%`xHLFt>MI%+gT-A{=r+$rFHOBX5 zYc5c~HyoASDv0%+&pIm%WumX&+~ka$a6L<2apb|Y`o{P@o3jq8D|;*bTU3 zQo-UwQHe*50rCM~U>jPSbe_)hOJCdK+31t;ALQ)q-9FsTm!C0J7z$qCxu)gHp83Yw zV8;@%b8FOf$?w zGfq3yTg)ASDw0+eITt0ro_o5lN5^k(bpv{UhpKqKP_G*;l!>pF`Ya(6R zbQFJ9RKu;PQ1Op4{-iEPg-Yv|)za^FWWcwGZ3wO|?Ys#aIa!-I#G{DH(Pt8TKz3%PZ|GEeDUG5K%AX3H0EPQ+3EtxXbbdd3}DC z9`*5y>>-8f)MrVfDWs;nU&L!&ymSQx*mvosrsfY9?cc=5??*{BTTFwlS%pa1k$dEW zCm(3OxrHn zk%f^yV-fYdB6vyP8X z*jCeK=n=F)e%=VX(~XJGszmKX@|s_&onsVPws_zeqMwzy2Y6SV`Iol-*7LR7YEGHw zH>?$nHzUg-!7P#Lb;rFp-`hl7rqaJvpZv_f)$JWRz+e4xw+z8HO%Q}erZ#+}*truQ z^Vn^VyL&-O^$atKW$^*rr^kmdC%CJqJJ5i6Gff|6)v3!iKn3 ztCk3%(NM3=7M=ok&5{Rq z9Yn<6Iguqk>|p|241IpTz6x!fyhB`8fM36NpN5uAh|5SgEjw5pBsDN@S#O-GDpsGYAI&h1jU=gIelAI*A^W11>p8k608O zg0>hfYnZKapq z>iPQ1HPaIzN7AQbA8M~&Y6>lFZR0OQtWQQMV)oXZl24_n-O($4D5#ZqSN349dzT@> z=2nP%y1G`5c>KJg;fr}~x!m%#z7(-0L-bb*Ju54Pub-422;K^P`1o9!;PIR#J;82M zZ&Byc6B?^dVy&j%BOf`UFvIk=TkWOf7KzxR(x|8T)>I44uv20}G3l@Oe6|A*^<>*z zK9AUWUx)7kHD(uN3}U0#A4QTKb4osp7*EA^XcNfm$1+l}+a=IeIbfy8K{1}9H+HlgK)MTpdalGDyNoAyda6KT z3}D#^aP#o?pgRNvKao#<>^hJYS{huY~YquOHr{na38KNIJ( zcXBE~go*KCsL+zyD82mOFu!8261xPyj#yT&&YP}Tq1l;M?RzOC^ZehhWVWeZvdsQ` z*J0|l%5!2cpg0&oyx^8C)<4_e4%@xb-z%wi%y)L$*MIO~{elj{GVHRV>d&b+Iyo%m zXN~KO=#E|S%EfW>0n)!s>g^}gZd_Cy-1ZAYBKhZ2O|Fuiu4N;Klz&gQ- z#i=c+$MA)eAjHQ8LG3>=PBy6hE92y{D))bjagsz@)9cv+&-3ZKKv32Qc|5~-;*AH3 zK%I~74sKsl8$o>1I(K(R_dAFKn3>#=kJR3S1dSTQ@@*>hrwkwHNUGGZxh&iy^=KK3~vu^eAg3Aj*g zPm$PHp!K$z;g&u$Uvf0FC*q7%a=GY-duwT$8(0^9)6H^jJH65DS-i#gQspK0t~RB_ zPjo$>p41l5!#!%^O=OsK&goU{FeLuphLir$YmR4~X3F@gEcrn81Hr#6l&le+vUm%Z z5>`z{kMZ&T!uq!;_i_;p-3ZeeSRb2N#m3NDWP9@y(Hcc0d&)t^M?zOwAs z&5~eTr-n}|EX~l8&1uNz8&N}&_o|<6Hp8gu-%3)+Y^4b1x$tz-eJS0!;_HsU03b*w zCQ6>7ibl40Z|N&BKAby#GIdfEXy&zjP4!<2D4Og(V&!S2?bRRQw8TBcimJDkZ&bVJ zp(iR3-Ov{=W)f;WqlDi#dpk#gS#|DMTHL6auClKrkHU#-M`y4i=k@H@!>N^IpQkm4 zeI+!h9KXr=7C{IH+MOdVF`EX}ugsQ`Y6yPC!oBh?*M2=VI@-F=qdg2vHt9p#@BohTNrbgnh4gv+mQUDnpZ?C_GcueaCou8nxI$aGcSr>0a_i6AAVuzION|N6Ak{nuq3+DA;zVk<=yB|at^ z##ufdwHz2K&Yk*0G>z8`ez5@BfsfP80A@)BqG`av06(*(T?$0ggqR8ffDRQ}&60-A zkvk%5|MGcFdKw1|frvtU9FPSTdJxxU!1Ssi_(S*xSdsgd07FoX8nAUc42Td-b4jw| z-xv_<;{g}txyrv75NV5+SDH#GXoU6nUkr#J^*wO2${+t^KumA-Htk*6xFV}V^HjA_ zHJ*EK=AN0gQZyiom0C zjuwGjI1xTzPXpn|K@}=?0vQ3CU7mfb(xjp2-u*QqJPiB1g(S035!yf)EKXt^l{W(> zI)ZgQ2h(|)PZ`!b2T~IzCsG$r<;{ND_5W<@zD!Iv(Yhnb?oE+hrKtChjRb>$Lq96l1d0=DoM5^WX+s(5JL9d z97#e5i85TLkg^_o)=8GJG$#9QvL7VbvyLHT8D^}*%v|U9*5`Adb3W%j_wV<;zmMdOe@d*Yl;;+aYC;Vl&s~}0u zhX%o7W@Y^H5gDKj13ZfSc5CEc+w4q!?<;foQ=8ql8vi#G2{8?_G?vqja@*bvZt0DJ znwoMSmvyqz#C}}XjftS@cVO@xO(VU{{pjiaYW*_STA!k#W-NZGZ2wuMT+DIe-j?Fa zZMr$3En|B1+`wggQuZLW=ozCI$-YoC@jD{;4^U{wr7pmIEuX0Yvw_^)#(bn^VEb?? zb2&i7iwW;%2^hQ+6;irAl2Gn|q>Cf{Ryzj`slYWgQ--VE(MmYu!YgTwW(X6lxc z8?Sbokz4Ojr@sqgeh=!L-}is?B?k0lD!3^ws2xOs`$&2@k?G|2OqLiA5pI2>r0%9S zCqk6~t*d~xA0;wCY4PvI-3)btWZ>Jl8vzw#7(9jtv)hO{9@Is@3%6LN^cW|(fP}^$ zNX-^mDUqO7VI#?U+Y^>cu7ZR&JKKE*vE;=(13Ju3Ll{%Wv0hlW5mYpVh!)JYhKqhH zYUOk;5Dl2Q0iw0bUk1RU94NTO9D-94nbL!k4%CU??+4Mr!Z;4WddMkBW^WhMSYbnHev;3N00I9T0JBww!$=?tFV5KnFEOS%l1y&G! zMi8z;wjrv1gvKsFPyO#R)e5fX{JQG|$gsdQxKNgvaXTYn4Mv{O#U1DoVsO1P_}N56 ziUVpzq?52{4Q{p13AI~kR`5mcb0YP&o#=5k^06TzJ=9$RG$gLExgaA?Wj{Lfu zvB~HsY+eHxYd4bxs!u1ZxS~ooneknFpm|nVzq?)x3*`C|YFnRa83P0|lCXLY4rqI0e~)XPT=B;VUv2e8}~A4E%Fs7>;2Q2%x z{R?~ie+rWPCt2`+{~zQ_;FfS5b_cJOH>gPJTK^-a5;4;6BV6|T8vgc5{sv9{pZS0O z=b-u))XH=G2oFqN23s{_!q0mev)s2cp*1nb{VwVswR38=Hbrh%CFZ^3H)`le`2W5vILzk3=WN7PXM1cB@giXh@H(Df#)LtSo^ z6qv)=zP-0OZ&y`R6}DC7@Io1x+Z;N!r)hiN*GPj;UgRq`+}1j1c4@3qGwQ$##E`>4 z)={(Jfwzvo2rk8<8=Il-<)~UBq?>7!A(Y2R^5YwmErjnODTa8O5DOX9hp_ugbp_y3eI% za9B4fZm!?5c`Xe0CV?bWZbZm;qX`N#P8w5+Hzvv`U5l%93lzArP1Dj1vM5 zb6jZeREv+jx&kLE`%1YZ8S7|I#yq`I=oMAC3HlE1tJ_8J8SZy0Ks&o+_z;cjUNjV9E_O@?VZvl$ zJlUi>F2l||7DPI=($n|Eav?tRh-&zSXWZFnL`4z=kvwH%1DZqmv+wjw# zk`U~)!S5^D3zOBU>X8n(xo9a>Q(tqUs?~Sj-;d~r&pRlXNS^InwTeL;zUiv}YRcn- zm8?}o%Kr1&+*PIn?Klw&ra0vDqkF99A#M&tFuG5w!s0~LZ46r^X8@@?>y*+3;ozIp!;4wU+FZ)~@@-Y*#M)h}YQH0mAo#2@m(vNk1N&A+Bb^1NA;IeqAgOT2Nc5Q@b@ z-{9eF=K+(3$>YM}S487P3%DHfVx1U7t_Ll9LNA95nOs>LaVq2FI+1H!KRJ|AC=NGtZd! zm!o87Vbug*xRvhfmT+BnW7QUSPIyPP!DQ+dv2f#jT?MNWn5q-dDTd5c$|=4I-Lvnf zd1KQ#-rh;vIRD)A)h*n)%3OV)yjaRs;O()v`*me!*)3BIF|q*H5psY9+)X(KQ^f3F zg}HKR*>oTh401yojh?yoVhY3ZNXgn}w{11Y88y@rOc#=!a0fH&3-H$cPbni4h~`Kx zC(co!;;RYIWEcEI+cggcxmeoti7&26aF4pFM=zW9-N)Tl=Met|BkLF8J<0POWrokE zW;wJ1lFT@vkYy^hF$2gvT4C$)IW{$mv0|C9fjZj@%v zTDa&BeGid=+uU#Rh6_^d^1>S5(yC3vH0%qUABoD)*^XCs%ZTMKu#IUO_Cuij&*bRY z?GxA5z>qwo%NaoNiF<*6(WKVh?7shEC}fH=<)GRYEh^(p*@E(zrA`GW-Wn?!JL;zg z!>=gBMrhqK`ATP&R++a=3|2Sp3RXiR139V6btOL}4|lLXeM$A8(Y^KusakPJw}q|y z%m*NNa*zlxTL#rbG89wZQcPn14n?-q3#enIKn*WA^}q-QOZ+iyfL?{kewFCids#Eb zVtyP%=Rl8@(Z|tQaHvqu?x_pNevUT@?0vtW&o|f=9tRVOIcJ8R`#MFrCpGxbiq~Jk zFsk#fUo>l%IG3f(#hagN1z)EI%S70<7{6P~#OjIElZxogSRTvGS5wFTx&l>>yuA-aHn2XWWZnH5zguM{jQtw z1?}=ThU#xY69t%J9>%dvQn3?|C#?I_xKWFD+OR-w0yzNPs*?$UlH^k~ZD5A;iaern zQR69N&#C#xa`2@A32TQHHwk6gY+9swX^i%%&*F7uR~|i^&cqN*G*?>NAQ`$EG}0-d zd(-4{JhxoTOwM4X4)XC9VLI{=tXa#kS~Ixgmb4G#K>=Pfei8bjF?6Y^hnY)8JeIIBiiqwT|oPT zuEl28u~duRvQVrHMlJI;A)a|=FKv#Su8}iIc%bd#<>JoQv9G!2Yj@|NZuvXWB6fE*)c2Wd?mgnn z)NdwTs$g6c-WT53-8?~!6(tp#S*gjJG)_KPCy5&8m}JRb0E)Vltb;!%xu@Kj?7az_ zWSQU&mMnbARg}&7$mM8^6+Rd{Zx|gb%-Wo*{vg^QEJjBrNx1}!piqAd-Z*~E+3w}w zuNNsQ&j{zixI4uWXkI`+zb;OCZ=I%{fp(kN#oz%jg!lU?#5Mv@)|8V-Ag<b=@xZ8Fbf#RW|~qL%$avWVWJ5Ab^_*uA7edEMi` zyi*W5WPfk4xs{c5b<(LfG)Tb&XX52-Wc21suB!1#5zoF2_t0DwHxAj4tM`|1qC*9W zb&6RhDmGNa}YDUfTcR3P>=Z&ECns7p>6Q12sxlVh!7q~fD^MJ6MN#4 z(N0~3J&z6og{cr!Z=vi=-wR%Kw?#T#nHB;af_qRUkCJiY9gW?AE+gC56 z!jMN8-pD{1#0i^u#TtRLRQ9s;DUMUL;U(Wnfz2jqOO%s^Z)tY!6ITq~+iU=Ht1pWK z;tHCM`@qxtb~)^U`Bldsb8N?@Ikn@A0`KO0O84^8>6^}(HV_>Q6j^Cu6s6qF;sUTx zOWH+yE6IrbIMRbS>6D(($bqSoKRlq_6rZU~6|KNHyhy!y(=aU00ISw=ax_j%^{s=h z9KjJmJ0IL6`P84YPesUwqeYA=*qFxmV!n!T>1z+ow;348llOXPZY;tPCdBEwoJ=xeo)=6nNIVMO>*R$u6 zj+S)Hw1I(pSfvlLMI8TP^`L@@-P3rT@Max@`o8VGm~o-amNZ?lmGxOjYX8ZGZvaqM?F67 z?zoDxxoP7W8aQAYmpg2H2amwru0+Y6WamYD_IPF227v)04}taP5is+mlm3_i28d`( zUcJ4c%`5q1Efwf?mw%MN`art3{oB&NK1$R!eByFz*avFdcrGvTI+84>q87{f(O--; zu*JcrtuI%>V^!Fu+J-E@7RWt1(32|r#-dv73Urn-$nLHecGB==%apsUy_T`9slrF6 z`l=J6?C>&cAT~?RxK}rgZJ$odk-*2ZZCad(%rlIOH0ud`K-$4>#_kDr0SQFou(H_? z{C8^m-0m3D@8a{vT{LCcEpJ8bE%)|#nxe7yXuadU+8SiK?Yq7Qv9_v#$3^PVU$#HG zk+m$#m|W4CkO#=$IHs*6<7|uWC$pct!p44zJ38OyZS+P(ijL)uBX5>y9O!Bb6g+q< zQ1Gj9CHY&O`9GG&_%k5+KV9YfN62V5!yBsaAyRaZd}u51T%SR1_-AQcRn&{6l#B*% zfj!Lh5}jk8M;F*BJq;Vn7L>@QSNG3|$*$v{xp_%In$)lX%J@7tjOZ_sFfk)DkR%PoXu%i(q0P3;^ymxTl_A1 zFjoNh(SNU`3jkgevOrT;19Jvk_B`utbmK#X4WP<`!3Z zC)fF7GdaDziPjgOk#bk-i-Tsxtg*pmb7t{R zDER-2_CY)FZhbv!C3ty641SL}0NNj4*KwLYvV`f^2cT^y2LW4n7S)5;_F&mshw3Ge zUlwH|=|^`YyP1#rPkI68$Ag#+E+EC|8DeY#==o=WMlad}vBg{)ruVAL0WAT6g&|dA10RT4ar1%TdBS$}hsd=wuvR53|d1poXr9R&^Dr^vytV@wAeP|X>j4PY7& zAc+1-Bqbk;KyGU?eN97rcXr%=fjPxi{zf%3ALj6HA^?p^B;g+LXSVpTZTb|=V&~e@ zrTbi|>!=SF)wg8V%TSsCXtrad%pOB3&kHZjiQ?j*new8dpT?XOJC~Bv9h0)L_PB%6 zO~&D(PAdtfB?kR%buT3e_K$j`aTdo#+Ost7wJy7mk5`oeHOtWXt_jbLc#vnjK~7{K zjx!wdZ2Y^16P_aNK?h6sxK`as3jA`yZ68CQ>b7zF1KD+4jB45}$?lV^*)QvORy0A{ z2Wqh4?(H`=VB3ARw(r+n8rl~c8pMW0OcG3{FQ|hZbIUPnK?Es1J3mvA*hZJ*)BhT4 zC+sFC)9e3IQg8-Edyx;b0bWBR7$~FZbbtr1M&Y31OUP9K*ozJT0`)m+*o?Tv1Y+Dd zXyqNy-h>b)iV$l)&=#Ih)CF2|_>h16_)}(9IACsxTe@IFi*fwb@6Vu1?*VKsas}rG z*xbK=`|m6N_saaeXa0Vh{x{-`5+N9(cn}y|<@IUjiUw-*sa^FD_gbj$3!y4Xa75h! z^qC$R9n}MgH4El$bv!gB67l70%eWu;EUlmL+TEMF7ZNEelxS}zaz0K0keV`1I;ATq znS}2$5~t2C&8s_?Yr_XhCu%)>wO`zc@Kx(q7Rt~49^X5mQ<=e%bn5-At*q!3M?Wm&w;-m7?mSl-kW8E^$gc;4yP79e&Vi)6E4{sCXX1vo(_UBCQTe`9Dl%8SlLuR#M7PA!N7ccocd3af)c;U;eV+&AXjI`ow85^F8_#7sE(l?=IO|J7We>AL9rYehDT9HWg>^1fdd0Ju#OMyPu=%6 zgOm`7M#zq1DD=sX8CbIpZ$FY{C!1*{p@QNNkyTub(eI9yaMS;UMqQ}sdAI;^IA6L~ zrT0=f<&pWiPgS24RtN1KU-ZmZQl)i>4* zf$=h41|T^I(~7SQ8tY)60B;IQyec}QJ9)m^0VgIQ1T1sbxk z4oUNyayh$jjp`79HqSC&@E4%&kMen~XO}yd(5>U*dDLFhPCU)Nw&~XBNR8={W>F(y zMUOBNpqR!lhZgHq-Ah!L4h@^k;uVuGeK?qe?23WeH~}-%&(LMQl2kUNYx&nJdcUX> z_3s+!nO6~}O4cuE^vPmEQF~p^#`~#*Ic3+X`uznNSGy&8rRLd`;j0vKioQyz%cPQ} zwRW?+-(6Hn0|5*sGFrHoVW_5?KVltwo{p9vyPQRDNQ&fDo;fV$tbRf?{X*mYV|%A`Hd;mLQwV$7A^BFcIV|W{mgWd-GPL(6zkXl1B`&&Z+~CohvmPg$r9fC(!wQc~xNUja z)z3s@oqR$+@{1;aL{2Wq&Qc|>MlQ!pbhRu8B1<$HJ6R@M-*>%$kI?cdQ%#>(f$b7a z%%XT;Ei|5$zso_ntVkxwKmWG<4X>;G1|hvBJq6_!P9`P^`ZZ!Jr6NWda=LGYblt}< z>maSY^)f7E^IQZNqN@=JJV zO@-&YW*c&Lxo5C3F9q4WCO@@X6&gBe5i8BwaQWf8lxu-mCyc|s)DAmKH>jpv3~@^; zIQ!gADDyt_gO79*^+SJ{CQ3yd}7U#+M4mFa$0} znE$8WUx3};3+$ucf65g;ZNo#!P7REL z$0j8_d?hX`1iG*XN_XXsmneFLk2N8!-=~~Pq;7KG85N6DMVWOEO){z7B@^(cn4D+ zt6OTx-xt`kC#c3xnbhVa2|5Rb2+#b`&}Cf%N*D0gVeuC;XOCM z(%+2LO`DJJ7amE5{aQPw{4z3>(Ke0;y|KY1v&FeJf-qth+LBBu)mXho{|-b2fcCg? z&?H)0PeD`ICP{9evM$o|>dB!3|I7XW`r+~?;sABybX13DBjGuG%5l@v0vSc9E`6V=D^j(CzoqJ8Z$uqgA_6XtsFKQqv&N?qdeMMp^uAm6i)yYJQ|9b6sr>YQlhba9d5+DLoEW0<=!=#B$mO+Oh$9^1V4Q4 ztaH6ZMZ7On7IBiHMOCYfePrlU+-h@1O6?*xPd8^~xP4emg5~;iM{)GkOh=2ybP2S- z7?&lFem_pEHiIkEmY*SI&69>(K0mZpa%t@y1(q>L5ya3sngoazC=~m?YfIh{xj+Z1VZGeJjmU00 zSWoyc^tl=daNYAV47O&yEkREN{lI%@-i31+H2T#~vSC8-nMI5lMm%;IH?g#;_Ggt%HGHD>z%`i^k%h1 z#_@`(e8gGmXV~ac8VBA^sfRx{%s0`;vT8!ocj7M3o7Y(y$_3=cU*}ad`+T9@v@y59 z|K4?C%CUjW(V%TKFqb}YmTzT*O4SPW+rl$I4K8ncyYkyeGm{eYht$dQzZexH3X1F<#u?K z(gFKZ2H_*NpiLz9&p*-)XE4u0U-_E|4CGxDW0iy4b%-##%np(E1Hd}*I(&pMd>!_K z1)+&eK!QxCBIc1j4)D_&ZO|gQ0r1zZOaI;fg5F!m!38my9fhSm^*`H@7pic#5N;?L zl>C^U(|k5GyU$+z@zVM7l7tVXY=??=t)45=I1bf3Cg4@V6D30xRIHoysprdF-^n^p zAm3d|+^`jIyqsYo#v|U2Q!r|}?M!;-<(GX_J>2P~ZjESPmKJ7N7`4K2tguEXtZBOI zd3xXmB?!U~ytf@du*(zfy!#X#uJ|C=;$*31ieQ$4`sI|`&y8J#KMhM;#b;v~Av;bT z?_hvC_n|Ylk^7M2KEZH}J#pLf1nBu^@Pn{(;T|&tT4bSu9MD2+avgfLMPP)vtCSGd zI;FRZF9O|i`W%v}AWZ`aVn8vDq0a+GrKu&`n72fE(j^!|(B7K7$@7#i{vxzQuK5vZ zrTmt(OM1r>l?zXpr+weObl%)Q;LP-PXc;_?m7`UHJyf=mcEt_CiIEr6JLVok>Q|Np4QrkrocKI# zZs#6)6ml&zW|m)B!j~qLxVcyrY#=|LoRP0^;C<`PAX=M8$St5ZXM8Yk`!<$LwM`8Z z$A`yf^>A&OjTug>&g8pQ$1Us`Nxe>IrLhGur{3anWht*tgug206M9A`j*I=BS&e8CJG2xgoS238EP%-r5>RWeL*9n z04vCOzAZ3 zaV@6SZE2NU4yub%Xo^a(!73F6x9PnnGQXGErr(c&)z-kkCJ-vM9Xjq} zmSaHQF_I~Sm_Ld-=6B}lxo>ZWCgxs#BhIhib?gPTQFvCDLztBu35tShj$pm(E973i>rPll64+F z9nxuE(W{K~7H+J4(lCXp43hCZ1&&PJ+S>BkfrmMgz*izuP;qVgT$aA!13g_=UH?1P zr5{quONUK#$5q^QJ%V_1%1zC z4Mvn$TbZeInZv#Xj_q0t86|PO{Z|FB3+(QxztP8tUj`Yc762ujOcwzJbkhQA8|SsX z;enbm0j7cADAv}9N`dw#F#W*%9P`!kKbZmIes{j>I{zm#z<IchZH1*rJPwcSrgg$2%KOFM#aa$qY1s7 zZdYizp>epqa_hQ06MIB@_fKYL_bUh8dZ0)s1Byi+K#)P3g2{A#_zkoY`Rgt(K&T(_ zfCkh6bE}VJU~}LRU|fr0fFpD?;P+2)&;nxMB9J{Ly#&e5RgDcIQx$yS27f_(CawdB zA{L_O(m?Rt7Y;5%0cy+wMhq#x?wS%rk|3x71{Mm{fENjcxl9>nAxa*BWCr!?(W02O zJ2vfXg79nN5cHY2dK3l~&9&wCQ+1VO$ZL^_5gwVHnVp5dxVWN}h*=RQ?{dtib#12g z4tp{qv^_k2-SxzjAQy)lm?fJst`UFTWe%>T69^twQVKZ8gzX@pp(QeZS%O=@U11nN zDKK^&J`FPCx8Oczz_(kv`pj}L(wVSj349<~HsqMVCUP19&m*WT5c7^6m}(31y>^et z-+vjhkT5R{G7R8Vs^0;?8Sfl>urT|M-Tl7t34Ss9XrkxpK2N%iyoumxDUE}VMc@C3 z8G+W>Kr1VO{xf6;_36O?Qd+{!X)HQ|A8&{2iN(kl4+#Qj>l&&a*>NhIZ=Q`TIx^`J zpPG&q?Ok?xaSy~GlIgvkaZB3M&4g8PWzR_@&(~udLWDw-$$b^drK?tIMpK6^q@Ji~ zR}$!cAZ)qj5TvssOoKD~vd0`HDx*P?`kwpOT^p;;zrf*VL*xY`PT1YB4LWw=%}Z|i z$p~52lkP1)iJrZ1@WpG7s!L_;3}t zf#^NW-*jaMw&rdUU>|fb^_mgGb;qE#TGFq(=y~AHS-y2Z@R2JTORo@{T8If$GE(39=XqocvH@&EOSBRw@bol6s#-Q)*TD-#mwAf*xfG zc0g|Gf{i@2t@IV>DrDW5pP-LO0aFs)SJGYVWfIH>txjJ4iN=OwVU_eV0HV1eRDa7ql~ z#xv0vIJRp;88oha__tK&f1!(V4-Hi00ff4ta6_6r72k?F<-8#^ zdf9S(0XnpX3aUapx34T`3w>T(Ld%+TJCpYPyVAy}li_D;RAw}f&%VHzwWOG4j*fr> z_~?|wF(;Wbe&^;j3zkG#{YF1*3Bv5jAnrK&w_{2PfxwXz6A6_JHoEXnovYhVjeK6m zOJl3I5tHko>HQEt`+ZDPnh^DTM#hNs$k4)eS~_>eo4G12r@~Q-d!IhfCmglZd7NWu zW#*DJxu72>`Y?NLRqdlec)@y+=9*S#wVT)HR}&x zP}aONu2mOT_17p(>g;EmdcClHw=xUYA7X`a?8>{h>E_~_MI328HJ!D2m*vz;pCqGM z6XP=mT9?BXH*1p~RXHwX6c25A*gY`w3eJ@`3=`H>ZfjX^$aB7%v{ewiD!W4p(Lj5V zKL?0=6^#9q@lfBZWeHTvdd$fhwn_TE*=YIFQ!F=WN>j*}1M!1L&kQ|?^1+gb!IIGm z*Nl<|6cUc9m(I@=8q^!P`DmqNd>NhMXx9xi*TARZ01e zfMpnlLB~We=gNX;~6dhL=Kq*s$1ggxFpv@K)c)FI*GuRSEQ*9VNCD>@1l%3$|kn?%Y zn-4C`LOJhmpJ7WT3+vVPys0R4`QEyI%{=HaiPDoQ=UAyO6&Eu-^Q8JJe~}|9pK$&C zd;K8v54QR?2QMcByCQopTtPo0E^_T0iYDm5IM&H^3zU?_^#{|hx$PNII+C%+v*zv6 z=aa?7(gJ4Dn)sw`(2f606i{t9w-LFv$k}FOg*QW?8fFDKqq+!P2_mt9uUaqs_PP5i zSs>fRfHHsr9!Rjm31OKh zu!|sJ43q%p{mG04V9|a6Bmz(0ZO8M#XhU#lU58JO{UhhfI1YM*C_y0mnu_)F2F1iR zE{JjkVE{6nt`LZJ0BTGoOvGc>Zexne;Ui@jhDT( z@xTZ(+yJ%9Kh8+~_0fMu{Lg;cY(U;A0&e{bn5GFbU*JC69pe9yNK+k#sO>7%pr;J?@J z@Adniu>UwCshf-=%P^}Um8C&(Hc%3>;|Lt*4Yept>PBCi;6HV}Ugcsp_Mxp??pOb_ zpCrkW_m|(^74bae$&b4-J!$D@sMjZcF72aJ1d^9mM0EAhoNy=4mtNo&By;nfyyp4Z zFs|(us&l6dc*nevAJ{Bnte9~~CzsoLdz=#@Cy_&~Q%jl3f|F`?wtg22f${F~h4ck} zT!hQTyVaj0@F%`^XRBoW`AuD+MJd;Zl6)O&x6G+LhF*eqmhnohqtPQ@r3MS+dr*c{ z(L5I$emB_u{S^7Ha&!I%H`iIt;0l1*TbQ6oa8qFDP_Y|O@-=1>(g~-Jm$lZjc-QkK zn8eYH^B@h+_(s00hgo(}}BL``s>eIzLF_FRBOCD7YB$uKEe0XDYr_*9>gjVa-xHn6eC#1sTG!3mcSH79 z2qYa-HQGzk1vlZ|{kVx`Fpk~LVa-+k&_FnII9K8vM#2f4Z(q6{7aWCIEjFT+jm2$H z2IFg|HvHEWU-}=jam5JMNe*^*C!j-UFE+8Ktb47KEGYeYxm%yRg4xFz^m#})K)3pjPuKnD0uG-?@MDLij^rw_FCdUFnw>CE>$vJ~zXp;lFts{peC)~)O zpx-M8PLY=?KV8hO>Z?OIBPcOwIjVD`1U3j(Kp&;Oq?K^AGO~OVL8Q_T0l+A&q)t`Ko!Ay*OP;(l}?y zME?y{ZMpO_(=2mb3;SXg1%xR5qo3+(C)~I#nmL`|j$a9gHyKqfzw-9b;%4%&lR;cpVy-BlwudEbHEq0hx6V58!smwcP8v{ju)bmPnk zg^tNAW3`s7D`PjWoaK7Zk28twW@a>6X(YI-8()|0z%ChCy$VxK@_Og#tYbTut>wwng3P&EH;S5hsiI)C|YL?K(VUpXI1%95;}a=adxJ$F2A%8EaNA z)K6wI$$e3l=0oNqY7));{Y{1SZlEJq{3V|>`@LJZmpBdf=NYC)Uo;tGRf7&5pEW6c z(tkI%Cqq3>R-`ZAz#~kgH_%?;qn4CT$%|ZrR8h}-lLuI>6d{8wt>{}=-4xE)Sp_h@ z{78sLY-Uf0PFXbag(OW3IAbA9nN{$muh4$~gK9V@%w7iTBx=!Z@7xoe(&h~;6`B+x zk0zb7xmenBA2$xqvk^)PUQV1kYB0ZTX;~e9v+;2HBzI5A^19sD<%t@!^e=f1iR+4P zVbY6N73?@sD}o&sK~9f>C9L-b=Ra#T_nt!K|gKosB*QJ zj3i~ja$VVs?`f-k#|O%T8xulr-=<(2LfIBX3huj>5QCq1^^ZOQjn>U$Ww}!lcFh(+ zY3W{XI^L)`Zhv$P-(EUXfgJ6r5s~mC`^|@6b(3=zc2-lf*d%=T@e;u#!%=d)Ydm*) zSRl%BGsaKcn@G`@q)A{FrNM=e-VwS%KQ+@|2<>(wlMghbQ<7$H0>hwlm7lYDm7S$( zLa))Bv*P2&O))Ks;m?bGZ?9U@oEyi_`D%ySr<}J8X^|lv*0Of$tFZ+L+JTate3< zE07h%*6k`F;O1dP%UnU{t4fnsN;8K?XrYtMUvBTMsw}GPU5ngnq3OoVcbi~d_I0Sk z=QK=zzFBwp?WnzcetWH@kiZh_oX*4U%7-()0_Tyctl2qBZAXi*3 zq=PhiFNhWa##6<~4TMvKiL6a2t1eCp=O@C8i6lQ=g~cA@m5btoQ*IG5p}A*k%|5rg z`6FloUx#l{0lszLXMCf79XhBvGgaIb63^B>c@9|c+4InJZ61Y_1EMJ49aAc$PV#!IP3#pz5o(}xvvz(I69ADxJLdD{Tq>*6v-z10knEK zkO~*P*~AP*H*zsJheypvN0?c6oE`c2164nLJo8FTlw0*vd*E|bv9+b$RAc~JyYcRc zh+`kHVQ@#jYP@Z5ldby+aTERpsa$bc&F&`E!$$50!@aa{a`IXaMe9p1$e>%GhOMqc zeT}`H@47SAb98;4#LoBPw6I0)#<#J$IwHNZ0kJ}NV<-CiVpJUeovHRT@N)c<`h=-b zueX^73ROI>H=NP}EFl3hvjDa8A#Y>oyBW6ulMzCzMa`(V0VUW;J>1UlC-`j#VKnCn zD1~)zZUL%T1SBUKG%%M|m?GGK;emJ0Y3BL&p^CGzE5-#VRh@2*!p->SNsaZ;q~xv< zE2~%O0%AR~Y!?{UC(d|!?MrR$Z+)q(GDWr#Dh77V?NZbR<2c2FJ~4|GfCqS5fL|Yk ze}vjtpi3whpX6`qHO$7Fq%IQDBux=U>ye#a$N=OspkEmzAEonlrcpvf1(JBV zQttXM#%Vm9`Wi{K`wqtDXTHr+bjcD~$&4i#uxBlM-Wwz-+mm!Pn$6l~R0fa6-YuSv z5Ih=;Js4YfGU|G>Fw(>$F2BLFvB!vH`?ks$?S!ME5|>PF51 zGa5f6wST9Dd}Rnr2h>m_*o~SR+kvJ{n4PJ>zmb0bNnPVd{(nFCtQe#g{`hZWuR1S# z{Poy*f(L-qWGX>QCrEHkB( z=l*Ij#@J4=If&rI`Ab>Sif>RD<>3-7iKK-}l~Z5kHn#Vbv}Jsr_i!2x505KdD$eWj zaWEqBe#$+OB^vT3*}~Jq!=rqx;4Z%QZE}&x`2t&=aPpxc55CQ2LN%P!G#)`ZKEWa+aK#j=GXip-)*>WSk=^&F??51Hg2KG zmPEs;+FFz|d25=iP+3_(C&L0M)gE)sh{dZwSN8(MhyOC^&2P62gT7fRVXIYxIYxx( z?0?yy>hx{e;cw9kaNK{4Wq-SR{O#)TZz8?#{tA}-!#~3R&+X8D93a;Vf!eVC{m6|6 z+j4Ne8^?h8AQdF;gLr10dg6{7$snjhGBdVE@F&)PgHL|j(!T?ufB4Ja{t+n)O%y^a zp^+mQaOYGjYFqP^*N@Q7bj0-y;VW{?9s<+Xfg%YmU>?Ym?jY^D=oOModrWx$+G7ko z9HIw-c$|wt#slA$?r#ljPU-L);}wm*|A2)%zMBC=CH0et)rc;7btH2`aTAPx24a;8 zBt4cYjoAXKpKl{#$Mfs2?pQ?r#ZCODP~9%zXU`7Gpx7+H*$h>qZ9q0cU@O$=o#t9 zZ=4^g)r`s6bh|!eI^V2d^~9ovN6%_i8Q@F;`?ZXPbe+j+r7M1XOR2r{FLHHL%_@un z9e8@QfLds1D_;iU1`H^kCKGH{lz^f|0{ml=79~)4XT^G6j4p?E7&ueZkBb|cu@)wE zHP6LM$Qgv&s1^4-bbDF0tz1@S0{a(J6VZr+C zYyu_2s;son#FD;z;A@@WN_t_BY-rGs?-WOXzu+fJ>$13Wp-tXWr6nEnMh(+jv3^;( zeJ&7RY;;aZw`S|3`0kukLhQtILEdKx!i0T*LY!BtK+0e=7@wS&UHxvuV9J0RxYadK zZMDK5O$fUQ6R(l13_bc8v>)X|f+Dt_FdRdI6TGMiq`}5z?#@$T-aHlqaoLui87A*2 zJfY}9+bPNK%gL7gAs z0aH!twD$_<^@o}`4p-PUF`k*r9s6+>D|?e5mBIJ0*ec_Ak8a(;8WO0>+GW3L8aGU) zAJ1!e6Ryx$94w!Fg(Ti)S5))Elk1$%W3!Y6u7nH@4PtrKs;#TMID?!nyR_)L>O-HG z7d3$-O^=yGxX+Z+>K2z>Kt4zE&W4{M(5_GEn0y>Gt|PEG15%eQzjH%d@}zmkhfnp{ ztsF1TJiQZh>(krG7wyCuy%2%#+zHRUs3-C&v=WyOHRu}ogo-!z=c>j@3~m$%sPq(= z8Xym0%{y2`Dq12gW@fb$@+-8PtO7!Ed$SI9cdVM=l#6)`q;eJ3w^L0!4q4gE8ERE& zR(3x#g|fM5k2mXg{H1nJ5KCCdN)*8jD+)SIjcFeIV?Rrt8=Fa_T zK!ux9mzH32ntEzJ@kr<4D6Dm;yxAD>DlXR0N@Km|%=;Si*2FN6y5nt9iDl=h8|xS9 zukU*nhbuEUn!8N%W=68ro!Y{?)qSN{p zoR2MqVt}`CnxBtT@Q{3hey6KV19jK4pFz;IsT1-alE^_z&`|q}Dfo?t5nn>XkBo(a z=dN?~_$58+!CBp^qyhG0yoTf}Dy+Q)t`AEqrHIbnRb+B@^svUZ#st25@EoOIzpHr2 zwiuRvuqmaLoMsudib~?Ws@OMW;FGJiV%#Za`20-6+Pji>v3a+-g||E-7`m-gJr(N& z^#bcC5#PSbN_X=hTsyTWFvU(yw)2pXf)+*=YvF}GsGCp(t`i(L_lPuMAYXvzJ2t>j zhW*v_AN_~iKerS2!Fw5!y<``dhp|^~;86j55$M33TexrC^Cobvvx!ybvva~+&!ebf zdNjX-<9=1;ZSnm=*-6HS{EdaF-mmycwNT=YFY zL<4fjzqhFutxbJ1fB)0)*Q&uLev@i|AG_$z@ZRlRk|FMCp1^TfmBx+`eN3i{nr&B7 zxR3g3y)=$B9@ApfM3s@R-%#_asZ5$XGw{LPEVzxWH>~7VmcJt^BcX{H``B>NkA=P$ zEDR1+h9S%O*;08n8V9~Gqha28Q)t+`N}X^>MS_{GYz9Zv#%|njTS6;Wnr#mDkmAPb|Ha;SKsA}J>pG*33IYNm3P@&@qEr=- zD%t8N0s_*TkU>QZ2oVrzfq$e33W!prX6RsmC{=2t3kXP;8WKRHCzKFUe($Gy-@Rw= zGyAN&?_KBKbM88>WrIKD&-Z`d`#$gUmPfCh@E{UeUbMI9zoKAKHg~n3FWwTrY7y9~ zXnW2X$@0F#Y$ve_;aSLm$dK~>T1LEUg_=4k#(7cCj}8s;bK|IPpJ1YLBzAdvy&c1K8CZp5#0 zyWivc+W|-E_zg8MZxl2o0k>}PEi&{=+WtzCfxhx~KF%BD5*`cavjLr!!O!l(v{S^X z0>G62Jl!711=NIqdNoU%kb3U7-}q?v8ArbCkmix*KtBC|tk~3mdzo@j`wY2?!sL1Y~!z?QbS1 zJwEo#>DH5?;7ChmaI-qEZS%Gix@n~Dq-Cd4q!9LpGpSPZ1NU7TS~}vdEE<-pI>)_~ z*p|6)rnDTlMn^?A&-yGWI0Pp@lHOx4^tr>>B>J4{{T$)!3`w7Eq_aF8k2{4M+4*)` z6RS^ob><%T{H})|1(aKMJsb!iCo96tZQC^6Kq`L2P+#_mtNduB zso%)mz?Zd7J%xn$S)MVAgwwK{CCvVkwVKTvP!oc29Dalmf=D(xprRiQH78LOIYL_2 zTfn5Smk{jB*ey8J+GrvYRJj8S^9V`R;q0H30bsB!8nys{P{8Real?$}M2ZE4|F4h~ zr8(k;Oh@1nSV-kC_GxgWke_eUEIFIm&{{<_BUT$Y)XcmHZ8q-9jDEo;b~ch6%?8}{Mb#(7)gn;59bfhjH^j$?++O8ymEdZ?BkTf?dp|T4%{)>Ixb6Tn zf?bpaOY}U1J{M4Wh|)m6>ldimsR#OO9>@9E1EcvE;Cb$XK6FtCtVICGW?d09DJ=Jw z9hZy_1#E-LWzC)Nac%!EJ1!LFt+Ybxx=YCYf&4x$ep;><5rNmLi$l_XVmfJ`6ZVq^<4<;}T%JQ)!?}CoN#~4>f_Z8)R zC|3-Jg?nepsR5hW5i|Ba`o=W)IeyH5?(25{)&U7BlOdrTI4o=keT!1}e= zEn@R;!%1^DULWyGl=m{s9*R2Q*>0N^W8J&n*2XK$OJF7yv!e62|S&s)h#`aa8aS^0gi1m0OVImE)xHGXh; z{lZpc<85}a`Gn2JG=8R_=U_r59i5lEymlvktVEh8ywf)(v!E}f*YjeGQD+(+TNOS3 zq}KGml3?S1D>eQnR%-kUh4ddR*ob_LU}#}rcVL{oy@8=_`e#B>d;Xz|ElcyOI4&y+ zIM-mQf47V6Z!Y`K%^ScC=&_n8eDpCwu=Y5JfdB7k%>6Z7hXjyR9};^y3tm|Tp5Rg4 zQY?If2;${gt*dkJH!)`lvfP)CS&x0xz8eG2f7#*guziKL_GiZ7!6{YA?Uv_vB=J`14JK4;y zwXbUrM07aeFet6-({z3cgmRznHezu#LGyQEf6%OS1(;;|na(deHfDO}(}{w}=-)9Z zuoal&3Yvy|!Q=*LB^_EQpsEBeHxSnhW{F$sUv?BQvRIalM%${j!0UOTICh_Om_|^8 z5OP)s^=gar{2T!2Mj~Av(_eOwP9rvH@D)z~PI&$zn|s}9LEhu24x^2Mg7qYNZ!A0u0N!UAVDJ4CyYH^3a@}g3V8ZQJ5Dq;2_9tV3tvu6;m=Q!iSa7j<=0#mDp z16Zs^u%`!laGen84k)oV;;3Bvvcp(r`}o3zKjP!QZms_X9`oND>$r!a!xnP{O>fSe z*U-u&pdVjq?->rXhB+5uumtnTVTT;ySzDM4{yplnrUHQdD?mt^EQ1F)QLhNiqk{3H zUEp3x9BkNv?-5JZFsBJOC&-bOosG`^M}zdwj`_DUvXkusxsbLs6-UG1Zs}nGRAMuV>&~QH-?3VL{at=hQ5B`=`^pnGlj=E#{3=piy)>mf z=!y5**Dc}}2D23W%%u%cUHjB(9z5_PNM{|pPqxr1|LI6uS&Yjd%IQ-%@&$2}1@lO7 zq5@^pE;b`eESp!4!kyYuNqL~}PUB-Oql=nBy34~8pOzP1UZ+Y?2q}G+_`T}|j5s5i z`~3ZA^lxPrE{@3Zu%6ckm+*~3)9lVIuXDD#4NMQ6fwe`)gHGO;J+cA9XHnUxGn=0R z!`97N`cOkDifWD;*({gWX+m;gs?SC%(64 zr0De(H)p+zxsoI(@pIqhD;Ju2BR>yC%%o|&ib1b+s2rErK#!F58+M&jQOn_q%dX1O z@Gx9VJ`-$kcd*ZUDIkX`2y>BG-f&MvLbY}udUJbG9@KH^S8>g-#A!(*&$3JW%Y!x9ZYhig`3PuA_I&f5KZxpvF2{Q zh9->;l(p(|$&RX*!<`F*n56Yd6U<5pMo_IyA`)%fXj!uRqFpR%W0u z$6aCPGVKc2?fAvk_beUBja5DVgUQ1`RhfiZCEO#M26JynHC(W4^@(`We9^Xz8xT=3 z^O(TmfGEB0t*xUg@$o4EDpt(_P--tt586Q7;Tfj~!&L6I~ z@iaqu_ei~(jj1vB@t>4E)1?W9#s!_Jx5Yd6EFT-QXqYwg*wnBrjTbY&ZmvF-keMoZ z0vX$-b!&P**2#$5bZ1EIQB%+4AFbU z-aKyRFxL?`qr@qX$VzT;o5NbX;!pXwb-iYDE-TL$=nbcieo7^rtkSIrbc$%b=_zM$ z)k0M;yp^)3IY0olv32PB#MJTZKATJSy*3gtubECP;Kmz%Ku+O7nND&*TPQddxT9<> z>MS$6i?aH(wR5WYxr>vWyDsl<%0%%VFkIK7^o=gr#aBz6Z0EXi+*9jxU9D-SkVV%i zWlUFi$V`2g?0_r1RuQC*TO>4m_S@OzcgWTmxd-%>;o6m$r@jeH_PFvHzUiygW!($x z_wWg6l2AgiWjU#3HBm~sX_;%YXSZ;N*xq?k1mBw;W6KzM<(@~{2%^=&PDjdKsU(r% zcg^lQy{(+jE^BnJ&KmNzZw|S7>*VN2*=THHI33OaGVP2Z!dL2y7GmkTfS-5(w-8@- zhga(?HL$dOxXDFJ&m=?=Bd1@bG$RF6-d1!1f@uumuQk$sJ#BDdpXK{!^MoRW=NS2} zerq%x?)(6%J!Aq~ED^XxD^4kKWdhp7!@Di>04RCa2~dwaaihgFObHAbDgtFM0Jdx@ttrC$ zM?iZyf^`oXv0z*T;|QW7@E<6O6bGo`tH*lW7Q+?->kHcB=>aG;|MP!BQ0A#hu%U<% z69&LBcEO92wE;{@Y_!u>7bU)5Z zGqvcykFTlIetSs{$l*LX)?4uC2i;GXkhMMzj>%@1pB_7!Kl)T>|JwyWlLO5M;ilK3 zyuR1Z91``zHdl(pxUfe-ePyePx^%MRDR4dFquTCwE32YacWT{zZW=$>mL zOG?2;(SMN{pL~dH z#byABHr+ktI`u zp`ya5Nbi_&?kwM19Yu7Puu?168PeVG4@GZn(^{NibXi(W=O~Lx>oJ zZ+-#`eY%<12SBrO&%*l}PDdEPE+F#iB7Get#r2%VO*dxPQMc%4IXJdufsZtWxXe%H z*tU=a*)AFO0b$MdhZskAhBC$>K@}#qj%!5iS!-=c%`exwfil zl!LYXHD|8wm+kgRer=L>S?^TDsQLYP(&gWhANZ+CFs;`+kl z$K=UclWqwyS_xf&8}Z&!t?;;rU9)bc=Ct8(v@(xzgR8u#3+YmI`_wFpY)s7112%eb z4ttIa#EHiymIXz|2AQDC*&}V@r~1k4)_Q~IQ+IA3elIp5=O!zx5wY(=t=mfnbYJHD zAi*TI%*ANTBvj*xSxkYXG|%d&C%g}XY(njFK^zF&Jeg(f~yUQDxW78jtME01M_ zZr~->30^#W#=XmOt}6TFiY#34Q8KOyLlk`%Uz_fQh0iUH3f73Da&9u|d}o^an!0NT zHPoI6#ALqIztUJJqvsJ6S0rR?7GvU)d^&2T%15&`eC|jBLWZ)R7xA5`sKvokZAX~@P1{8+21U#8Cm1I(2nHjkizufHSNlydGT zgZhVL1Ci0;k)BhhbEhM6goM;R%%9kJmW?~3D^-#cbrdXX(?D5pNvc^M_MDFQ-gQ$< zpjqF&_45Ac_@Q>h$RKw9>+r@zBKzo3(30fKAOLrqH-&+J6A1{Y0FLY!6PgCMn^QVl zYP8i3Od1Z3iQe2xc&wfM`)~;PFDY`SszC~?Mi7R9z2-?&vZ#%&p6ikNZlW)xu zSInRlX*exEU>g{>D(a8y2Z++CfzAHuoy9n=qfRWTpU6VAd+|j`@*#~BRMeG)HWS3i zPs5j8Pc7W72sW1U(8jQwc5jmMJ&i`!Sqg#XOLaxdOI6_4c3n?!Vv6BS&{Iv3rG_y{ za1Q6DFeh)5xU^anU@t3g9TS_!!7WcXq87C$0<2X+eZ0e+lL?-S)tg3r7k>TkQqcbj zrJx|1{x8di@&TVam5CG6@@1*OO;EXT8{v_#h$EpH5sKK0HJ(=7JHDuK*RMXFw=(BX zF*dqT?p0b#fLmeP`$}(f_l9GYO{P)TFNt^(<>n4|ba(f>Z{t@t$*{LbygOy{8$2j?xS`aR0XR)I6fD8YHZ z;jmkSo7w%v$|<%R0|{gHW&KN7cHlk-ne&$o%@$CJ$>Z%U#dj(S)93RX>xyzn54aE0 z%s$P;6c~;V5oHaut!0<}l?Nw^0xM7tk*}TDLa{I}u!lh*P-6$Md4|;0w?>Z<)O;ct zpt=y&a=I`>cM4j;!+Tw~33w128~FA+pW>prpNijIQ{KFjn6~uR$XF z2*I7F#?waz!jP&8<&uH6C~`!3RRX7*>u_xwf7g<^x`)R)dhb{=osmrlw0zAG15QE# zs{;yJVu!VCX>Le{jP$R8B0j2(7VuGOCtEV*tv8OVxEND=Nh+@(TJTanUzoiz&Aj70 z?~Cf2jb2v@r_N|bpe3K_70gnGc3(!A#m&mr2f76m7SUR~>f3TceTL>X^IK#U4DAh8 zRs$`Vww`OU(?DhhKp8G;mIpizFdlT{%MQlzwy@frnGDQSB3t4a13%3daX)(R!tmse zUq7mS1(oy!>)>9%z7lOhMTN1sRUf;_v6ZI4C<GI+lJFI9VG&u(qd zkqjvv(1}MM38T|M4foUw6x9s3%g0HFG3&+2;rq4zxDRx>PfNue8D0jQ#&w^*{!275 z`$K8$odkwco47zQOaHC79JMa@kzpR)j*CgMt)&U&(RqDph4}D5B-^0BKUuyq3tM@8 za?L#quT)8^8_Ge1;$3o!=2>+t->>87_JEs72gBzv zkw`QmvTySGXQo)iC|^jebatG`Rx>hOq@`}DUWBS0vW9QK_`U?QtVs6u3#u|h)e51x ziy{;6J1Yi_00Z=m;sg{KQ*P5?|{cb((oRty-U(9YTWdGzo*>0gPS!x z<29Z&-0-}6S>QQEv;;dp3~dvy?@H;y^vhbiRS*+U-0M6^Gu?y4CQHHmir1sCoWAGp4s|sAg+)? zsaHC3QT5&WUHkLRzHYK7x=*RhK5F^p^+&%K*A2L6Uv?yV<(nJ3dm8A)QR>pH^aOKf z_q7@^rwLjE->?p{Ii{Y<2o&yM6I5uV z77Nn;UkhPNQ$Q*O8n+5G(Zb?6i!ixo1KFogf1P>lH@;RPL+vMP@SvkX-D8vyW{ z$f$L8iG-`yedX5=T$cyK&%Bp+b#v1y>)bx2FLk!HSwTHAr)e|UAfIxoFIJEJnx0x2 zkfB;iF{%(f8D%7_0d!du5eNQH`m>5E{(ez)( zq=I};Jj6JWGg}0*YqWG1&G6zI`nX-zwa?x>KeTAXaG4t8Ui9d=A~0${cHO2s?PmIs z=hLRm?vE>xi+|Ac#91{~@dKLaiO;4R?Kux^`M=ls1iT^n} z*-gkZvav|rnv>L@DlJ?Z8Ed1&kwZ>J3?*8isCug(Jw$7KU2~v^_K2D*pDv1)7iahv zkUoy@{$<~jg^o{?3w!1z1a*$Z6!Li7B!0`P;oeLUCr&`aOv$aUDUV-QJk9lz%^O8j+^=Ld;d|g3ManTp0dvi$bvp8c1P{c$8G*vt+aK zZ+ZO`AOFZa{?SF*@Av-r?EE_lF`3@`c?fJ;EgN)Mzk#Om2D+%~%Xg0`qP8R2VohjwxgS@rxH-P6d%Ew)1wDEqSICQ7+{~~r z{+Orkn%dS{yUdER;w(Qpxe07Pqa+0a@;g7xF{pFU~MM7|LsZn_g5ykn~u)n z-_@DB9g|+=V%9D)%AmzDa0sFoYQLr0W}uB&<|^Ufw*q=FqX;>=4jZ=7alj>nF$TZv zz)LrmZykh!b>KR{r1kOB;)xNKa6KSZKpsfkvI%$l5A#5O{KfypGI%Be<^dc;tRd$m zv_#&(a4aSfg{6dPfK3P}7B=b(LTpup zo)R}=G#0=>m9Nt%7ncn0Vpus4lio9hf_cE_k9!x`hTFP_Vs;`$@t@a`Tfk^;af4K_ zsWv1JvYdd}az}0qf>GM|ndpLlYP1+>zzQ`Z=Z@mGyb-J=uhm<)b%0d98cm85avk6@ zcj6X5r|#dep8&zRC$cl}^cG-1{Xy?*J_BL5?Zn#r)*qJZEM}d^ipQ|RKw%Ra2WIz* z0HW)pekFL24;XbI1`gyUxB&a>32m++3T7NptEeqrDAi~qm5`wQ>}$HeeKiWAUXNx- zIxVf!6kDLZ+A{F4_|d+=9~lVqst>i+nG6^5a4YoqQ1YRw8;&Elj zW)e46oMFnk?&EFF2%QeN%p=<9r}()3DAtML>QuaF8Pn#P_xXXg1S5$`YJi0UFcvk* zqDO@<2cT8Xxm-&>iqtEwtxHxDk#S^nT#K8#l;2`+pqE-$U30qGG%~$af z8C>lhhV5$IssTc?2aD-?TbN4)%%$G@o_(Z3lj=#ydJaD0^Y z(rB081DwCt4`um-1Z}-*p7ALqB_(#Yt`gOD<#_!Ekqbk4m$f!;XNZojtgM#ko+a5z zYz(lwfs||{aViS6;X~XeK;>Y`)tC#ve*j{nQLDc#Dd2kl?e)mg)1+@owcyy!0_oZR z{Rg(uMtA(GRPTftlP1SkwjxGSD1@*;dF(lyaaC{bP?^NQlA>~&bGNL2N*Z5tx+sko zm&M3xtRA;WOt9?A@=3hZSFV&tvU28jzDp=_N=YaZDU)uu;1wueT3W%G^`nau4e+^@ zItDTWi#q9X1JnL?cGksF%E|tk%4x~|N}rwIefWApXhj?XG_yo>MzGXyQ4q7F)&PaM z$WVqB2a%kg5Tdq>L1=N=h;tIRl!H1D@azwsEttpq{Lg)!BE&!Uc{)cw+$1GH#A~3& zh{(L1(UJuHrI`0Y5{O|MDsW(|{>L_WMfU4h{plk2ImFr-K%E2m$kSH}OF13U9Pq#X zLB8>q>%3Ect0(z;TXe>&ZqG&9*(5Ijq%Zej&u5`@W>IL7$uy^z^NFB8Wx@*8{F3ElG~3`mWs7NtBl~Y$i#3GRgc7w>S>9Hh#(z>8$pOTSx_)}#j$n> zge<}0d#K$+|C2u^DXIXT9xb9!>Mebk6R3?t|JkKN~91jz}YJAMC6x-tZ7}B^8_}m=R+eQiv$nAUeruoE^S*ix$w%h@b zi_|cqP{!!;{j<-M?+TkR=2!+U2X3qKR+SIJ$|zeQxzop9=yfDLy+(`4_H6~e;gcl0 zz!>!;H>6}-0N`pwfF5BzX#?>PngWSZJzSVKznzaiotu-YC>6%BrV)OR<%3w3J5=C7J~ zrmU)~BkL;eUp^32cKmR0?~^C27#--^wLjQ$|C%@h@)%gLF5ET&(IL`4 zFKlv?a(%)mKLi(iwCz?Biy31C8w@JCIgCq%dg=R0MBR8(=?mmZ;_P?l)Vi3NY&!EG zt8&(~?oOyYF<6>EPxyHTN5M@7#8MNR#l>lsjjLhl$Ec~#bjfwL4e4Svz4bk>Zw9rL z;mx1CZ#!%rWP3EXn=*DorKnk8tk%8uY6Ro5!{rLZ(a5ZD1B<-JMIwn4ouhhdH52+2 zli?)gl@%y8X+>B#sJryKl)CQC6Soh)xuL%5Yi|B&)?~Tz!~n4@WMyDlQh5|zpVyq+ z8bMy=b4lI`Uy(1;LS~^wp5_&ePwsNDx{nvtb;HcOvD_^#S^m_7_UhRAxKZz4$QROV z1`A9wb7Tf(E*#7fUDt?-xu!Ro_kO5ORqfRa>}6S@M@# z+$fzhY4mmq>7bAH;GdLmm7TX4KV2>0e3z=I`Pqt{wl%D4%;IsvG7j7z5=1H6h=?7}+if z$J+eX9GZ)cO#nfyF|g=3=7S8tcg#4!t00-_pA!g>v&tUM5OV82%nPQElR&P`5(KZ) z%uqs~(dzVnYn=S&);Re~VDld;b@HE4<75w02x`c`NH0c|M7PptFBl~F2w4j=^$v2J zp_Mvon|U++8 z8Ja3Vtwn%BCAe$s@7uPKNnM~F#|uOQ_Bq>#Chw&qfM4_m^&?Yhpjm==&<9EOUMkJ- z37#T64LptgQ*W8#=*`vy`?Il)Or4f!VTSb2wz$2v6|o9wWRAXFud*VqVz{faZ@G(q z!StCfcd>+L)v6zEoH9GD_M*efrr_|UYGe1BkXxK(x23W2B_FfX@vlBQ9X2r(NR7cO zxSZ^eo#<;Xi(mF+0zVpzCQjk%&vJlGxTP2Ym64jGOfMu_b4swsr;G%A1e+$shs##^ z$37$X)yn?nQ)x==E+|~kkZo$KnT!rimc^Z#jVhpD0`QpUE}ViHC&Tr+>wXPL$IUiLwviJC&FS`Eljcmoc1Eh-(;`MW z#+TUQ{VB05cEy|vYYfXojBc?7=Dwy&8WuEA%ZI@mni=h9$Tn5dhY-9ebU$(K#HrbS z`^j^}=2#kHd7fH|8lIlOC_}v3&GpA@Z+V`3*MF%o>dK|5=|fx__4zZfqD$8@vZ|Ao z!&$Bm;KOjyqRg0mPaZ^<&d$JFD%-a33V?Kw28wz|Cq=q#b{AR!`eTgu z*=)ze)^zCro$eUy#1V<=D>hrc8ZhTeFy7)PYc3^b-U4MAr>eBnyDZjy!x}8A3)y?Js z$REsgG1lNc(W#yu*I;`ziER_`WCkI#rC$vsHsRIybSc0)e)cO z`bn(aw4R-{JDchyuOp)#c`rE$+pF!4&e3{!BZJ2QiPoZ+r7oM?cjVjl7SUn0T7J%> z&BI#AN?#71NXFMI^NpGLOd#)g)9PzfqxxGH^Rw$+7F791kf8!}-NLq}X{Y_C8G9KI z(6uMQw8Lx-6CY=5~axtwYo<@o4h$F;e%yCdUs{UiB**i1%%o4Y>VSQkHJ^B>pEofdUh~(@$J0 zw-uI`Vg_p@>@+;_YK{CJacMEAl%<5_I)TB@Q0X%EH2oo<9H8SUsyBh1j9JP9XI-!e zS|}f09BGH5Y~eaZj=cC~ceV&>bL-0vSEp_g)k&H?gMya<>mTS>4#-8(ritZPa91U2nF z&31wQpm?bNdVrVAN37QosSFdrh$tJOgSU$$(HF8MlH=_0X44Yb2bw#oWXSGuCx@Gc zA`1rcY*L-cw1e42CkzEmLa*p4^yevWJc!YH4&5b=W(ZvaiLIv>@~_!83-dOgcsssw zWa5>&)9u?@uO(vby_uEIKp7r>H!$5MY<^mF6U^mG+;loINV+N^FkE7x>njlhT2n+- z=>?#ll|}=!_@0t4J7~%f-j|QV^$KE~+{3=O!UewR1giTQt-{!6G0T8ezBK(+Owsm1#5k7-20dnRY~O*7*I+=VTtQM0_bfSr>N>DM zGm=~iIpdg$2!0~fUlF8>b^h`Z_kfT13~JV%A~2;qqS=y<#fTL~%SOs3KZChYffAt! zs!@^l$Et&_73b(ay@RdFc=o-X{=vs`u3=Gwzy4G#_Ab_lCA&Mz$mX<*;rxWkgmVAF zqc=N)G6xd(-`X-z!Ah#j<^|l8ZPl-iK^KYKVJgAveJabE zZ+F_TP_2B?%$4|j6hrf^&8?WCPeoq-`0Ki^dmdvw3naQY!BZ?(BbLkc0R@2-x`FD2 z$|03yRU-f6jG*kq>Z%)AdXe%+17w@n^{QQyNM(MA46A5#kvY5B<1N)H0O&pSSJqXU>t8N+)651TFx|o zG}I?$>wm}irywKoxQ^OI zeX7ZCDg1;yo?9VRJE1q26P$AdTAn(ZU%x*tKW9f~0l%@$;i!TV}hM;J;|3K=ia zfyWq$g)Sn5WTIot~b@g1P`at+=QL0X7$8(3ejWXAC zPvi{^m()e~>&<8cfey6)A2N1(60pB8$W%{y0M&7|8Tk}>P-`DGvEdNU?6?n(vgh$e zG&fq_!#G`2)Hcm#VF0z@{oP?3^n+t_#~#G7J@nX^Vw?=I<$RVVd<+yK z1gU}(N(LaP9{6x$v-XzYo!REjjb?#*81AmDmuBD-1Fk_hClFd(qqxk>_v_;Pa z80feT{kA5Ig=TG#>{rOLSEzLs$l4A5d5AGT2)Th1{Y(X8Bv6nu2KG>f{?q^Ln~5+l z@a{osnlgN2Jm+t7aR>H%*-c|<8gt3U8qX$C0~|9(*she(Xt@5jWP)1oE0|}c^D8%A0>*m@jugA{j_LG z-s7BXYqCY^+M7q3oQvlxN@MO(CA#F?BDyU3?89hi!=owoiyJYuwi`~D*yD9WlrbQPn3SRp?1c6SSfN)F*}E^js`#3$wlrC3_jhd~Df{_`Auk zf9;n9bkZK0CICv|P`4&>Wd*tQadEO8`AHU@0zb&Kxf}W<`VCvN{0O_~jep#TiWERj zO)G9+v|Nq=st^FA7a3EvYu0+U77$y)p!s+}tyJ+Z;>(8p$maxxN*HXChyfdQnFhS+ z*FNnb3=9hT7iW;B?>dN+#1&A!r-qwXN67{J2r>!?imk7&cmBkLvq|lxQ6B{OHb~&&p|w|V7ly=VQE7RWjLz2qA>dg^@nI0ihL-Zg~Vz>f@oE31x8T;_6Fl5rHXy>w-LKG z?*eBL;jnr!>;)Pwyc{JcStuYKCif^2lLs`ue@U(=%0@q0H7$EmRV;8SHe^EAdadC? zwlD7I@vMW10T`DN)mwI8I@ZY+L#|Y}s@%Cfj)OTzbSua7Q4bRGnD)aRxT}9q`GDxo zV~gnkkVE8T5~s3|d$f1EAWG$!mf_kz2KK0L}xn3$JfBovoY739t*_E@2XA%_(YGjM;6o#S}d%x`XkwoLgun$?n zk&9n;oE4;llQ&1UAEu}8fkEzNR))kb1gEpqowyF3l#I#OEG~c%V4E~JLZ7>d>kddq z2o40}-GBEen^>yAVrfHbIf}3qR)=*HT&+&LOZ>PK7V2TEv^DfF%t&7;B>=ZW!Mg}^ zlTp#gN-(*7Cjj{1NvC}5 z!Nn$~Or*MY`D5LqRy*kRqZ_A+9ux zq4!3d29R{kqj&yUZS6Z)g;>7IPD@Ckym#uJL>*#V%3MD{)$vgOE zu;T3<#{XbH{@(h0tvC3?Oa8;NhF3t0XWH{oak`ByP)YwlOHYExX?EH|i<75mmXDE6 z#K)BhN(sj!B;}Ue7(EEbBy#&Al{r6~$<< zVF~p=LLcg;R@u9UKr@^#Y5+k~w?78;sy9Fk-E?T3!7hb=?BRtzv}u4t@DTz3!pCq~ z4M%J!`T&Ffofi?dHwH0hJVlx#mDaUuuZ54aMnYK zykK+_;z0S>a6e$`QDIDl41aG=PoEDQqFLRU@kvgE;p@s!xAG{AadpXu4SAVS*NY}^ zO3Q*4R)|MvmaTzOG(%rkH_1n)iBoG}8f- zstI1iJyfkVO-S7=&8Up5&DH5+cLP0(Ir5nBG#=?{E2QBiqt^F{et#;zH^cDY)SUX+ zshRPVxNS2tXb1=IYhazUgPRerNJ}FudFSM!rXcn(J4_VNstA7om<2?)A02DUla(N0}I%#ph$ zqd+7bHg!Gu6BxN^J#^g~EqNV#5lQH^EKmlKq+1 zJWnGCjF|cAl3HlMx&HnHSB1I2q&!wdU}5?}vTfdAw&yezvdOKw`?9|#*kAYD6iI(X znTeF@S+DNZJ`*?!Op2kRFmPu(wSQtr+fuc&ep@h2Ga^g3V)i??yX4xv$Ih?TYSSj? zy`OztK;03h*)zPYQkq63xp9Tu$B+ZF$p6ch9>06o)DE@Zd5p%9=HdQJ1mZ{Gh&+al)eZk0reHywG z$lF<5X5^F7o$oW}I(-UkOpJIBQkxzzP{Lxjzkj5NNIKDR(A|gmtl8qXJTKL-yvtEs z$~hme4Cp4Z9Ab=4^^BTy|cqoBk zQo!ri^?jYImmCZ)B3RYX9;j;-h>7FB>>#?c3Rsr#Ak52oQG1kLLo8h+9`G9T9c~EZ zwx)Ob%B+Mh+VnmS8PXPe{o;miYy0Mr5A&n$>-GJfH|bTmXdU@1Z}f0-U~AMS#?5!k zsy||4ReGh(_RW_a*TI}k1?#u!PUZOah;H|L$sKFuntFxt)0>5svY)aZW+^`PGb|f^ zm9gsCok&JCB0`Wyh!|w#Xj?d2r_jFrrsR@vJ(9**+FiEFH~-#fMEM+V|4C@DPyp!8AV=qE3 zK1mCH;;uICCRJFVS12>5-eskFarb%R1o>3lM(#p2y1(ItBTHj^0WHJ18BK8K~O{|VudP2NAxar?jAeDi47Wgq?W#yVu_*9UZ{EwBD zVHDCd}D$Bdo|anL&u62MgnhF*S~d$Z%uf9+&f02&#@P*(~6GlnW8P_^qT zL0^G;2KWtaY+jrNQPe1Di|@-015+ds!#M8E&g`dyVx-asR7E&O7p3|1%MNTaG~A9j z53raQc%A+9HX>*6-TmJeDDP>)QB6p}B!1!@#79y3D~2pJqKQaNU>h(JsZK3{f>fhN z#PSXKJuH`Ik@#xK_%M3U=zj5NuU%PU7cPwWipU0*dOCiU&A*c#&3Q<4;d_(} zH7Q2I+KhObDh1KVL0+SI|H^jY4V~sj@i6vWW9UQx^-%voss$2zvBI{;0f7rqvTA&%DDIl*$}M+mf%-%HnLd?1mERYQ&UJd1+@^ z@>$3z#pRrsXtj6{5nOAlKWX7NIc#SH2=9jg3?Zj7h$W;Y9PJ|Am{Xy>&kn2gp_Zo* zFY|ly3ei4Z91-1mY&ylYh992%CZ-GDPN6A7O0M2 zMLaMZ@&iX!X(@0A{1&vig9fEg5U&AJJ`|kr{Vl8$jN>5g5A6ZWydql)xS1DhV@?d) z4nVfXYH)jPFh5~wwVdr!337Twvc@nxGP}w`CAknWBZ=Ax$NA$aRp*M(NT;sOPOe@? z6~^Cmn5=^f%Sdvl;>4dQ4zzbe_dd1D zc`n2it4e;X%|FgS8Z+emwR0%yDh38vgWU^k8AjA}#5+o5zwp(VJ(i9B2L~B{Q=#gA=5wxN2K}L{h7vYE{qXYUu?u~8YyJ5)X)W-lll7Akft$MF8Pt1_;(ukuVx zWK1<9OVVYb+V+XnbqisBjgMDeK1*8_b``{q7b_UMO4W^AnjAeh0sjha18@fos>rEq z)B)mDrZ{*ELD^7)p4UN!F{Lv?Kb8y_K5b!|A?_0ce+~0P*A#-=#w8FzMLt%U*x3Z} zzzBvjc}3ZXchTlk9>vwRnQG(g$H66gxn8vG6n@g!w*S=&^B(bXiS+a>rP3IKZleb= zx_7E2bA@>xC;UWt{Xf`y&wwV=bzPVl3o2s90thM@1w}wa5kwHlQWOLPq)RiSs0av% zN|E-Ch@#Yysz+Z6eoFIP+$Mh12h-9+g{7if8Dl#-J_>~2e!#!M#f zDRq>0OiF*wE-09_-PIo;RH?Endhmk_<3sgfhlHIPV%g^z<_3wI5^#3gC$V-7*O__R zix8M%c-`={*@G!TG$;PyyVtbkL&a)VVUx{ohFBRGq$x;j?BMndSnGf#Y4^7YT9HbM zQl<$+EbT0oA?sZO=UnmFb$lM4wT-jN7~}78h;dvmk1ko>_`rB=$z3W_a-(zITa(hz zf$2wzQlSzP^Tf@J%hx-LB`DDxRxWFwAU284_lnQB-@a;@aKS~2=vn^L=+HA|-Tfs!Zyi#xF^eJGFo# z&G-{Xn>Dc`I|xR*^4TuZX)j3)KJ(^`5%Vt0w4tacq0U zr_o&5GJ$VPETF1Le>-tWO#!=Lhvh@&h-GaPQ0bW>Eb?MQ0u zWZ_Z708Twbc!PfI2biT*e`1Q5#e*pMBL7GG}#l68%yaBk} zxGatBbOPhgS&pDrl9#KHCAJB$UuXf*5ayB+>ISiV*-faTee1#F#(AKaHgCt`$DwCW z{6Bo`oun+xgsER9;U#vWG{BF4mj?%Hzkz{n=+#SXT!5u?-e9tN6;Pb@4VU4t7oye(l(Np$??}RkcO3SbZRfcv{KLsTKPy_7vV9TrXw8|A=UYiv$eo1qq>>o*$olc=dsr^p>4Q_( zF3*~p_B2wA_Ql*a4G%Ih8+6?J?6GirXnug*?MlQ^7@SCn$M zWQug9eAF3Ar`o za}^Lf;LW^<)P6u)pq2)^TYxlwg%MUt4WvQJ+L4MZpHh^{r(40_Yk`#V97uE4{h18; z*YWjlVfM-&xW{CMf)Z*Ev6YiOQ1RCM85J*92@cqE!i*&uz#LJEU<^~cE9S!-ST4Bv zanKrnlBmTJBhS;3(fw%Nc=d^!zen_nvg}gi2ARX-HQ{A`6{gFM%1v4*$@k0|ca>bv zI3?cNGR<-wV7pN6G;%VImJh`iy4p=@7+i@oXub53Q~!39S&C-1_*|v)?YM>%MOY05pSC=2_-ABGCy%xH+Ewe0@x&v zV`Bt94|zuR1$vUNO!v}(Vj&9mF*4~vF(%%uaf>C&#jvNG4jbOZr}{|6X0zuzIhhlV zY`kHI?YxcS!tD8i=GATN=r!PBqvFq3b7^m&aY)OOq^UhB^%tT)I8WT^ns zWz$!7=tKOHMIcycT`a@bLlD}fCt=t-eHz&AV?S|h>St#|lhYp=R$}M^gM9;bJRCgM z`}$8D2j~C>ti#fIStkHA1Uc1VBQj9ZE1|o}m=fN-$gjS;UE6&L*Lb-mK&I7a(|l4(+*T7z)^MS!pEGR2HboBw5)t&|lq;RGQEh zQ6CJe$^v0cVi-=Gli(&!TYut^!j=Bgat zI?yY)2RK$w6IyVS%-%?vX~e=)!h3GEs~|7$$IbFUG%%ZU1z^dz?xWIocl5V}`tyHK zp|7Ic$UNm)DXi_>JNV=c_JDod@hCCz!yLYTuWX7COFQ!VK=o;76G_8gJA5xuHaX)?yH5SenDgEuOYDggr0T%VG^%ZQay6>JI6}vl$@>XZ-%lT1G|u;OGmOQb zdY4!D?p}uFtZ{GrEzBX~u|oZUuHM&;gQgm*{fl}ls5hTISYya-93YO-Hi_8ce^!wm z#FWBYZBf&9k$$!)chTnOh8L~$B~AHSmn>WTRWeZB+kBI^EgB{)L?gRJY)-IBbP%YxyvodMjJtVER<`jYj1TTE)28;+HB zm>oo0B&&+g?XCXDTxVx$)*#J&3$Et{%Y=iySb~1cXm68c0154 zy1y<|{Bvsv`4>3FF^nU@=q*WTL_dZa*a>9_p?)KZSgQdC7`Mm?>{WQ@dJy4nrHkhbflaF!7t;5L}(`|oMnLCFUc zCS&`UwlaFdo=n(yec7nkUzknZTk|ya6NmiIJ*}D<#$h0oqL?Ilt9&x)y;Y6m^eL#N6)?SWcI@94XmcIm=Yl#z2Tc72-W;Rv(6JbM|5 zdJH=nzJI!`NPQgRg1C(rI0$sd=!BNYMZQq}!Mki-Idi5;W#;T$p{M6(@Y{dU?f`3+ zkwG0N!Aj<-R1yR~72?D8ImJaZa@7eHqrBY0>qY<|eViV|-z8#n zTC@77K^gX!%c+I@rF)8XLXwANQj?213!R^7h}hid%FfHfHD28FHuXxM$j5>zftwj7 zq62Rmr4rQAf|3jpIUiY5V>RP^b~E+_*`I&y8QE<&Lx~=_Fw1C2cMhy{shS9r zx>)84K@zs_wTUJTjjCh^E4`nT3QL^pip`;Y;_#l_c+=!0w#(MdcfUx~v{$+Lk>V?3 zdQk;;gNbHD$0(OmT(;Jhnh{MBX3rx}1pE)E{=;Pd3^XrS#3-dmU&JV1l3p(__hhrH zzeruQVZz>$$kqtRQOcY{*+7jzhB>qkx-f_KnzXFC*KO)Jdlt&;cwzUo7|DZeq%4Xs`vhU;Xt9^ZI*vm${Y9h1Z^mv3-0q63DBAsh&=RGppcn|3qwXNRy`MOy zUv!iNA#V-809+nN{f>KC$oK+w`St^^keYDvAa!u18#rb@nQdj~Df4Gk1}rF)ftK4$ zh%;`YPw^mRkDy-A*#IaO+|&V_sGy=gIuCP1AD6MCeE5Uz`@inu{hO=!KO=3$`4buN zS=MwdMAJwMI~itn(&LoC?aqq>-hsKk4%c{_$I0BR6SRSfzMT>JoaS0<33S6MRol0+ z2b^S2uG_SkAbDW5bLZO#|8;jlQdO6$PD+;FKpm0(CwT5+IjYuU z{8q(1V+%llhTSBM+jPPCn)uI|2Z(Ogl8^S3w%ZKs*XowI1IbxKV%4#myYCwn;w9q4 zM0YQdf5^&B?tgJX-ljU{Xoh8n^`y#%(nzx!tp%lN7G9VU#l5g6>j#^{PF@W?CJ?t>YI$`qhQ?3u^o|I11Ac$PhEE z2;_DqELgND+(qoHv5!jytUY#>(9q|9GwH~oOFqg8+-NNzb(a5JSibg{<8u6q7r|Rb z-q+nbdK{b6Z+g{*zvs{|x9%LyNmI^ItP9;BBi@qSp?apQMN300w+%~lmWUiU@ki(TWn`KG+4JI# zrm2IwTNK3^TL+MP3Pu|bj&t{UC$RR@wJMosGn+I!_XJjwHx=U)F8}RR&l#?R+c&Vy zWqiUm#JQI14PgysFm*T3clE*pex4?pGJDwDR^XO#Y#H$(Ow#YGuxi#2<>CXP*;njB zI5P?kKp^p?!+?`LjR8w@`L;RI3o%(o9`Zf(qil(+M5P7r=0%<`jc&x~#j896L(l=g z@XIdGW|!=klUOF$hQw6t*j}(xe`u3`eZa7l(=5T=@IVuAF=#fE&HtRJZS2p9+E{15 zSk!-8-gl+0-i}>TGb4eNebqEuoaW$aL}Eq)3B)gKEup{Ho>^2Re#k9r?(?|X@a-|>CwKz_c`K3%tdFHWv0&Jt%<^|UiRA`&5BxU zMlwuYG_5nxw~l$4qodSeelLpbsry6r%?W4dq7Hs|bq81S8Eb2nwsT`mpFATl!_+yL z%IB|OG|;%&tf=0J$Y`u|sqv9XOS#fLtZJWX9Uk7%q7Z55T6_G6jag;CVafJtF`)4< z*&iR?lcS)jrsEV6MYwyE-1koN+3qhWJx;^^#$Aj7N_B|^mEc_}MaTcl(n?a_wv0St z@lz%6<;(Maw6obtGBL#1z6)c#%@tC@S*mNw6>jY*{Go0gMEX%zd4v~rRFlSH?)xS1 zIp_2BNhB@CF#$Q}33*wWo8kdCV@4JQ`@wgimwwB6z<^$U)R!hckeQQ$@tw!;l?Tdr zS0Io1Xz`AvLWD}ktXfM7md^}CXb&o!nfwl6&fB*T1uR;PiGVK|YW=j2bECGbLR|rXB1i)ry6>KA!;0zv!Y) zLP`D>^6m`uDw=SMACn>3`7(|8V=ZY|R{egRUL?8gi^9cki~ zZ3}a_-}%jQN&diZ)(Sb-Gqg^h&e{39hyKb7V*fpCT+xlJ9hRT<4E&HODhc!qINH)P3)^Xxj}p{d`Ez*m*if8mR`e;1K80jS-tHL`vIErmN`C!Nn3+X5^KqmhNgNMI z6os&$jMutKi(R92}gtKa>d%25U<%V0ckZk4N_}K_K|Z@`G2QJ%Ejzr$07X$Le9GqdIib7i;coJ?cTO`b>cDFhzMzXdl6GZG&DGisW`&*34{N{85wpHixQp~`n4i~N z!FFGUfLN}4TdILyoAIIM^qwVCD?KkF-$BEK=**ZTdgD$QQhWOD0Ci){{<@TF&pa$6 z&1cUk?h7*yrQ9`tO0}Z)ZV0je&?9lZwW2ONL3F=b)RG+KXu?%0LYsmbGWuu{y@Gu} zVs&?57uMQv_= z-5o<~UiEKP`NJ*mIq#*qcd*P2+N{~R70Y)=Bgk43uGsfA6GLE-fP7hqHeQBona`zT z{EKn1J5E^Zm=xHxDdGD}Een4teP*Ceo{-pM&5fD7!t+YrDJpP}{2Q`scoWgPj50zM znH1N3kR)E zkS4K}))MEn5Rn>F@l0-C3;HQ zqPm{zh|x7j>1Evbfa3i%=(rMEQprA)sq_av`L7SfHxA6IrImQ1B*D+44)@Y)-|4NY z%v0mdHJcr_DBNVpwl^DXk#dqc-BSMY*c$D`M~By*=KQBgY$%M69#|SjH$p`z3W`U) z&yndyg90+E9Cp4PyVBw-zAWWr`NSz>Al;Y{6p*6^|#iu|8K45Z!GDbm`M!%H9KP{0O`tJh>YOha{U@R zR#94gTb6w7&a7HGwlW|{c|@&H{+BmnYA=5|`Qv@Oy~;`pAK2XXV);!NxyU%I?_461 z#dechxb$aG`LCm=-@L`YBZvZ5)Ze7FBs~q&&F`?v04uPeEZ57UCqQ})`Y&%<31Tk?K5PbD}VuXE%W9@8X3OIW&JZ0Zc2U&28dSQF9JrjyAi`1*{Le0M`C}~yX zvF^HKEL(-mD*siH{e53!MT{IN*hA>O!tRVU4_&<>cD}0Lc0ffqI?ian*<6H^H#yz? zN}#OtuVa)}Dp5=_qSsU)XL2;25MspQ_ILxd4a3>YgKnAtdnzYu2IFbf`AK=+1Gr6R z6bxF%B{Juj&*FfL!E7IW%h=mDyy8zIrnSOMoQW5Q1xtUd75(@Mn^usjKdRM5 zNs}Io)#=GR;$vCpuxIJ2&E=(Q!S+K)uzd&TB}U7>Wv{XHgGaax$K^bL4@KHK`IRQm zCEloH!^9pj;pz4J^?gE8lGPW(Vck5#J!)JMqix*X=^}cxp||w7`nYk$@8~_t{=rh> z(y~$v*NU!%UuKlwn%}laH7hsUUUT3{$P<`tNhvcuv%c33C!)z28EZB?Ge?mBMr`6vA;<-5`Ml2nAk5zW)C1{=LItQZ5X~De=g#o+(wOw#2=9uLJq@_Sbab%WT<&Q7H$vUO=18D@B zWN$N7VIT{D5Z-}kHFnMjnH6+1fa?eZ&dWZ=jhFz1-ct-}g<*Kb>_(cPy8O&E7`%{@ z2@EDPx2I-f{LT&O{o+fTr9QRz@rqbD?bMIg6u76-f@h`tenC>A;OeKwk)F?w`LI}s zz9xtCVoOo)aDha4WZvc8@F2UF7K4kE15Bq;QjTV15=)90fzs&DH&xY3up{t|6&zpPHc z_kM%XMy{5^sh6$ymv7Re#;FlO3ijilICwpNH0mnLYA%`{Taq68+Md*Uv8+NPd$(8vuL$QO~AFPW}iu#24~bY2Lw zuAKsEE9$HYrIeLFJe;p?5~*ozg~Xk4E1Ubxy>K$pS!zI)r(j9vtASCd%KRgYj;a_L zn2B=3%M1o-ILQJ9rX!Fl(pTr})Xk_%yp70h>uvaV+)4P|B|mT^Q@);pQ6 z9;ZsEoDX#CN*K-z2oJn_qN+?(Oob~W=VmqG-Q5`39RbxHX#puZ`s|Feby3~9n~ZWN zE^%Jfl02mbvag?)q4(Y^_v$#d<=8GM5}! zG%sI`;vm^@&64JgqR6h+)ksZVZJ4!V5Z`qD;a6|h%3|zrainNuTl19K1!mSpik&& z#Dc)wGk_(+;G`m*vC@*8Sz7F92jb&19{l4j!=V&aHwOyIC$Dt1hCT~NMSdV#_VK@@ zuf3lPLQ8^VExKUb^HG<8XDMTlTiJG99L;la%o-hfTIg)ls&5;suS8ZYHQZ!vCfu#{ zY%JI^AtAaW@+rmY@+FPt>`+-rhn#|tCA(`AnNbG*@hvXBMg*E|2Ww0Hz%*;CFGUMH z!8VWP`sWNMs`n&lK+730ES_5z;(TiEu@2KBFoIQaJ=Pw3Y4Z)>1g2O@RCRDy5rc~Y z9`{qnjjs{nMhkZ)>DxfapxYvyeFREvnh^<38`Lf`HEzqz^woBD?$0pR$eVkqQC!5O z%e^5WBV_Ct^KnvLY=d>KgX7?wMto5FWCB~j@Ttp6Ed=qmn}n!PYi9j{|_k*m|7P-ca!;FPY4G44;SG>yK_5x#r`m4S?7^(#{!mm!WW zfhlM`H_V^OT)+E>a_2x&aloS*w`h-FZu`Ws%R2BFNIQppE;fw%oViN)qW=_=>@j5c z)aje$gMZImd1@L-zE~PaLSYEpB4; zk6xt*EfslREE#DgP$L_^ucA!K>^=N?aXI>>sj11|noZAihZ_W7cX+4CURSo2a^I7B zO0S0yayOF|ZWdsARn(xoJ!#h!YLubVdeMZjr5hz${X5Wg6#(7%wGHVH>`JO3dlP;@ zEGBiS;a;VpRw%Zho;=8Wp$6DRA6nGen zB%O3vGdx$?VyBpPxIXNs6it~>IbEIXp^tt8#})letP?XMTpbjVHU7@BI#P+liEV95 zSNWC4Q{5+8vJJqmA#{G(*Pl3+4}aqDAv2tccSFG8e-{~>)LLHejdDT2B^a83SjQJLWYoLqy`m7D19_BS%Zc{{SazCx@&qJGApFA zT%?P7UV^hbw9>*}XuvIjM&TyhAog32js5zm|9a@ZR{D>-`oH@2KxDDoib1{y<$~N} zjRla-bGjWSl;x9lxoP#|H!4xgHc;_ft7vKcjrZMR*dua zX)Uz?9lr{N!dK+w%PAFLRexhwcX?KUlogO>9uhx{qf=lFjN=9#I9@}h;m3f&<5{An z2|Dzd!K2H2vgGEj*l(r(oHQHgf$AV-$4hsQV)^F?jQw^M(-<-cBLoJx9j4fQ&$?6C zB5|cCk^&UOZX&A%`Duuc!;t5X?J?Wvfe-mA(Cyi6!dtpV`-EvDFItHbiF8?S30n{E z{gqWM&X&?iyhGqMtt5^1vPX)F95lzTIm=}Vs9A5`)*~EZWinBFJ#r@K<&3pqDsC6f z9LG3FWNkaLAiz*hVsSCf&^gP{-3jgo{z%p|^QbC)HI*!|l)-$rq z&I@%!AzPOvLWSpjqCSjoq_wWft>*VnVpXc z>>!~xuA^_tkrpzG8=2Y7PV)hg41~eS`T@d}BvOA0GD}{7kh((22~ubOub&u~Ymc9U z2jc(>kEL&0WbsI%uIM{5T-&jiSe zkJ#}P_w5hTvlffIfr zYX58@v9h3?O7un<-4)9lFYYd3Te4$FwjrORX; zJeW?bci3KKBtCtmut>tJ?-4o!hrb75h|~m ze?~Qblo_Xyq8lHj7uFo?6l~V+BRVnZaHr)2D<31a%_PFg!8q8r@32~v#vPZu4)xB? z#J~}?;+FT{$aq%j=cq8!PbV$asIYsdyz%fD=jt z?Zswqie_4Pydhvo*CbT5?<*s|B+UFS&eQEvPljH;XI;8vZ%M_jvUZ|XZEI;ry54uB zDQB0~dC$Hh4ktp>=_b-nn4P|Pf@!hF(R##M;jZaj@g=4v$`^bt_W7$B<}2JFSV~+b z2L&0<;OdBK?Ko>Y#y;6eixch7aF0x+c!o{2|~TGVL|?S62S3V8{d~4tj@h*RN zaUgpRCb3UU; z9OoyFE^vpECAcphPKQL(L%_o+Ae85S^l%{TaUOi(V$$Co9B`5ceu*FgS<;3OLHutA zhlM~0oM9<6>VAtK)Bv-f{W*Yufb^jc`01|#h`*Nhucd{^?7#J{9dfgS{6ZEf(`8vu zP9WuZrAHWN`tLeSN{y>4iqTZcyKQh)5z>ZFq_>)l2m}x_tixPv6Q3OSH9KwD-1|Yz zV5-{0`pr+T0^&mY2lgH`s(ZH(GR-#@WO&iABRL`B@?gZUmu-e~*}jq;wvBI>RM2%y z2)36QPr$gWWxw>;IdZgAu>D{u7wZJw7Iek$<Qnhqzs;;Wtx?NFwvcyadAI83WC367f zjVNu9z`O};u_+B%;0DniL#coweha)VH`zdI8`Tq0Lp8tj-$KV;HqzsrWj-#_?aDvP`+cR^kW$+B#H#xj&)G- zXAdzHl6tSSDtWAD4wmr?L!3%@#L_?(U~<7ZP`L$1HHy3F9zIF9QOr~%*f}|^4axdo z+~P0qa5qVOrY7ilNpNucc~zr*^T=bKLl;sHg{p-VT-sqa+u~THZLDlF)!gL43B|1&mPSQp$r*bhoopod z`Y&lljcZDe)G&-XbaRt;jgR& z6Ii}z{8tMJ|MAa1fXkubV4;Dr)L?~N_75Kv57OU@V;pdmN?`}Ktva-(d%=?(zTsDq zHBUvVYi^~=9p4kO` zY58SZ9LBvTk0#MzFf=T~oW6>hNwVYTwoe4s6s6Ti+!Se6n%fV!4DyvKMsK{W?51#! zQnWL7)<;|85=FE=KC$4Z;zE^Kl9x^5`!m{5>q z{Mkzn1dXnSwjZMg$Q+zGJ9X;$9?y3Zr&2vtIkx@{TQd!b54y?!z2X+((wcSQQV(g3#!zS#|@7<*N? z(BJ`;gy}K1TJ-4S+ke|9<#Dj5OR6?wlD#CoWXDR8wdrz^#PUQWt5#rmj^;S*rICpT z^b1IpU51@9DU9{0UTDTce-lQsg#%^B$E!?P$ zf7`BKd&dlQe&TLET&w6)M-xTXkYra#Vb>=x1YO@|fjQxk+^ZQrz822*Z+y#OfGAKT zDMi5oeWqLf30a|Ah99b5!%l#oAdr_d!2qr3f~I{oKq}tQ`eS}JKujQYItsk9aBO@?E9cA^St62F&Y7G5F8dJfvxp@e@f8uvudc4RkDUdCq9h=6 zTZH{LjtX=PU|14?3_S=>!;x|l5cjy#vR@NEU};bkDnAS_WylKFTJ0>$Gz4O>AIRKL zGqPr?PvAO9bO|Q5TM}(+QsPqLZkV`K+gRT)t!X$^QYxp`KJ04Z?y}vWvc2*a({gqO zAKvR_(_qay47{iLrCnHv5Gs}ND-62|cvc5#g<&_!{WfgJ-`551l#@mJ%q`u#a{Qt6 z#*eJfxYChX!2SY{tNk4E)%OE!^$s`?KwB*dMw-4ke1#@95Vo<*^k%^^XB)T`T#k|tV5)#G$-8_xQ5+uRjBvlP+N zV1LNt6UW{Q^O|Ct`ZU)Iv&|)ym=C};!AqAxN?>8f5Opf6RTN=uZIzTpwm3VQn8{MT z%kf*)ua(L%tTW9r%5uE*eBK#JbdY5CadW1H=;ZWDeYxM=X^1f0ikp%|pC#L0!%yjxrm$#q;)?o;HHMXNkPHJw)I~Iu zAzzYCW;X!3|BXk|lTf4t>5)V2am}|%FD(DTMEwmvaU51s3BA z=xc>w;7}`)QY;I|B{HiR9%A-9QYj1s1CLiAUmua*AYUsK179FtKr!$I@@4lK@)ZaM z?pH8Ksz5QYbp`VE4u1QB`2v!G&zLVD8Cb!5(a4`MU)aB6zJO#v1a2n|CTI2yc>Kpe z$S^5Kx2rJpz|cQd`J3p`+8A8Pqw zr@BgN_r+p9?!jm7*Qtk|Zn!h9)Sn_BI{peb?ApW*S>e1v zPKD*#&o38UO4~u@Kfg*ZQ}ki8{XJsL|W>TpuoBs2~$DdoPtzs-{3ygI_~9H$H*UV z4`Ub)ThMh`kOsiXiR57#!p5A>fYI0^lFRF1LS7oTq)k}3#`PtZT=6H=9a@Y%HEjMs z^oHRi9>U!Az)8P))DxNU$Dn#38zA{PXAnnbRzh7HT)!`N?iy|>3!jUC(=x_=b>;Km z)kq&3Q9Za}{VH^K4!r#Vr0FRfuPP77W?1a&=!dtY5jZmY--Bm7$$sYfC4&L`02$0T z9zBj}E(PEK0xM1lB5%&Wp8T&hU()&Sy<2cfxT`B%q;hQUJJE(`*`bI9`8zj3fjRq= zL~9p`yx4R`BR=esSHqTYhkIXy)#yk|XXaa05W^R&EQA`K$}AoF-bEjlE|bq$ ztkJO5*7o33@avdkj51of3u^$IbR^e}3)B^V3Jv@Og3p zN4Y``L&Im4w<2x>B8;e8uYVfuiC)(Wb}4Di;wf$XJ&34Rv@(>5U!*m<;=pn}FkFZ^ z{zbn5$4ZB?z!zI7wj!|t#_~4O?~k9ez%RWZC{U_K5#c*~css9%! zr)V^Gid3~L;uzda5vUsG2i$pF)$Toj-E1W&#fYOKoBF(spc-2t|FH_$${_2|`r`P_ zvaIBJ-Vt0kY6u_J{H1=+QGNSYsZB#E#+s7O3EM>mTes<6)EsFJ!*DB`wvJS(+Uy%T zTHF#DN{GnDofQum{gcKyRQjJlIjlZbECZc`&j9gDd3MlHMdf z^`kc{m>Q%GbrMM633bPs~9!6#wclM|Y)hcW`&YO{P zS^T_BbIN}FotVJ(gLJ!wv}gLU$}e+`?W6N-tV)D4_Rd&*Y-A~=fmgBvm@7~OG}7*i=B{bz0YCf;GJH>0g2&g*UjjDNePR4Fivnp=`Fnx#j{&S zC98B_9Vl9zyMS|7BhqeXEvM0t{-kor&c)Y-_==T26So^5E$+3zafL9!Er8tuq1lmI z2dOi=-o>5BjI`q@Z6kX9kQbLm-Vv><6DAXZPEl{XasH^|ApBA1R#ePPu+6e{(;bt8 z-ln@Z*lQchL2pW-$B!{{^ znO_;>`G?znw**dS4O~3L)T0-O$OYwrCgSXP+A4Gr?n2Cx%OXvM!hB9Q?jFLBHAHoH zGX;^}GGzP!%a$1T78+>Q@Jo_?;@lD|pA8}x(8F!f$INdb1}Xl-d_EM@`-jQhl9l9a z+ypksZ4Yg2ilYC3T~|w0ICI_mi_H|KYu{31r$?Qupyn{EM2&ahf=l9gyN+*>7{ZO5P6CIU@9KKb^=WKTtf; zdLswFnO(Xw)wGu4`dE5;*Y&3CN>Vq<+svvB>&@g@vd`fa!szfW27SCgd2FndeVG+0 z|H7en;~6<}ugxjzIIrkvw&LF5CunXiJ*oY{A6Eb0#b-iz)4>veT_LKT54+2eQ33*Y z9-D~PvY$9^BY!eqxsq-FmV#H%B_F!ULbcI=M)Xs_J$ELSFSGrYuN6^9TSkuxOaVD< zzWB?JT5UP*I(_4st?9N~2VcInrXN z;b=M1_~sJ_KhzLN5Hg;{3R-u>2zB5tPj9#|#@Adg-HvW#JfT-msyzdx{l$H8TtHkA zO+hwVHm$w2=e}06#IK%*UR3P7`FzhpjZ}4&k)b2LLEskR_G|Z2c7Tz`Ce10&BGgDz ze9A8fFMNxzBA&Q8?eF4=5aN8KX#F8Mmi%LY^iP@k{~? zVj5F+4YV{tbP*3N&2K!H%GZG&F8e0_v!bIuB>dhc{f&$tF{~|IuU*6X&c z+&e+X6fEdF2AnG0c_L19pQ(9>?q+GwRlIHAPaUTgH75p~lYHu*bu;1Vz?JmzI&!c7 zFPR_tfXDg{#hAfV~*}5|EM;R1X8J^{_#A1wo05-71mDZ{_MA6XCYJ2N19Jnj$=>j1A6g!>1aVBKs+e^jTOuJ5g{Qm!?q1_ zA`VxtwB@$czcwFl%S_R?vU(m$IB=Odz$YQ6Q~1)_q$GEmonz?fdg;r4Tg&O=rb{8N zVp!wp1iyJUw!Cx;Ei*8galf*3FMVyCb^M6SChz#JdiPYT<;mmGV;le!bW~vRJ*z11b{xs-U5}XNgp~Z_6*lo;x->}uxK^6 zJV`qkv!x3~T)9HTMX8acXx+i~nW*;snfnH)MHYp6+t6vFltFh_tr_XqnbFxGCscRo zEMpRo_U-tbp}sf=I)Ksq7*+I(yL3h_nvRr8(x)HEU^Xa;^>Td()}UQ4@hx|e$;fSv zUvQLH_BFqHgCuJkR(8^l@_Fi9h*LhBTkD*2%AxSW~v^aOdUVxZ-1ZomA(O=%XE zY=R`ujeIU6TyLsQdvn6|@!l#|;xKVIpiA!IK3{yXgHXH7iOJ)lxVv|ax@~r)BTfX` zIUGZrJOPpD8d;kATgBBeh&N$Zv3OiXs@oaHR;ur-;f^`iqXoQ@RNQ*2aqbL4fZO&C z|BaIAmcN`#zW%arw7qnH)7)`?Ej0n}cT}4G&7j4SF`F(K-o`q0=la@_W!a39iGxyM zqOPTrr-@>A4j=gz;)ZjL&BW8t7l!=pzlFJoJVLuU&EgRnAhWhcQVd^9ZuDrdiF0

`tGE%yO&Yk;trvBvTnR=I~ubpH{d0j5y+V8aCY@PQ{ zhqizGrUVlsis(#RG1FiBm!0Wv>PFtKX!fXn5$y3ykN7JR zQbm13l1#}!9on8SdG|zA2|-peci3#Qq1MhjV~JQ#l$gV%3D6t$KEJl&HFgHhdirN< z7N)G^_5g8m$3Plxweya%VJ8%874ljY&QKeF=shD{=;X!PL1EqoT<>P*U>$YW$3MQv z(dNmB&K=H3H62|(N=P0%8qpN1yIDpvJGy1wU-u;2-)%ibtCRG4f6K{4=bCB(%|QC`0p9qhLC13W zW80sXFf1q!B4kw~PX$&89*U_Omg%I{e^9UPV{eS{+u|@dR-b;k=f~ol9CF40GNkgr zmew(Y6fBVD?LfhnRoPIu`P@uwNBG1rAtu=0+>(H_G?Gn|y`m$SWO zW>_g;@ZdS?03$!ig!goq`@!jQUSo@j5~H8)zYVc;3G}?fj2tIOm{hiJwv!k%s2$Oe zJyRD_xUZ+5eK#^_UZ*Adgt1(%bCH2|nqbD>^{fILzR~(wmBsZ;KC}nPMkeQJh!&%X zDeF9j*>+uW!9;5-!&>{Sbfch~9DU;gm8!MD?If+d*R0{!amRkOJwf7;Y>e?k-d5I; z4C@H#u;q}xHEt(NrF-SGvPaspg3#-wX)wDL<6Wd&a^Uo~QMK{ZE^YVtLR{HYq%py? zeP8T~Gyaa1gki`pE@;EZ5JO6FopUb$^8y(f-DRT8^A!Upk9V^weeWR6l&vE98lPyD zbf@&{SRXD$*0T<@N#NDZ_^141Vh7UPb#>YfOzng52#c)cbHueNWtYXoTa$?zGPINP z_`ZmCw$PP)r=^KT-Z2fzXp!#yoC#Deqh;oPbMIBh1r;iO!ko$F9KH})fbcQG7N*Pb z>!gd8Zb-_c=|8gW+t(`bL~uZjmTq`n%j!wjGa(HXvtmzIan+}tUENlOSr;qJhv*{P z-q#AvyBrP>I-IiRSaT>lbe(EWs-eA=MqNXBh;c}GiRh_=2l0N+52yy1`@g=}E`NvK zId7$%riGD}O#5k6Blmx?_ugSmZrl1OF1v`R2uO{EA|RslCfOE1K!|jy5fPCt9R!l4 zNRgH$RcTpBiPT8%M7n^0^d^J^=`EpzK#F&|&n|22z0W!O+_TTQ_qq4?2hS7oe91TS z%{j*$;~npK2QPKxsD?{VcYm{CyrWSBB`%HE10#<90&VIYi=0+yOkuTvve0EnZE3#F zCo99Hwy54XPOH25q3QE2H8oR?-)gyEyJXb7Xd0V+?OZ7N(CrdJ6V)qY+3Ar8`oX&= z(W_rhURE`I@&(fc)2&Xm{1!VGpN`p>@@})#ZQ-;xlmA{d(D29hMX}`(}gySs=xMdH##6)w9MgEfi%S2AOA8cKbow@W>Y!>v{e& zmyBYLV3iXb2km+_3e64mmb~(`Q?dADNfmnUe)gzVg1C6qU6YHf#%gwk?AC?65ju}C zdin_?0bl9Ej2!6nTlg`i(4y%cfZLqd6bNo8LdaZY|4K^*b3ggOr%b!FwYZbXP_~W> z?_>BFKaES=`TAB$Hl_XbJgmG!aRTxp_n1=rd`y#kT&{$w)tQ}mM-}A`SAuc1T$ZD{ z1azbd+ID&U5>|(`Mb63I%rYxed0WZ;E#cu*x!6dOM4Qm$tPZD=k(0LfV%9q#Q{NyM zc#FD7;|mPv3-q79?$!c1%2c59ku7xXkPf1+k=aWXCn!5LK`TnJU1ne8Qp7|)49PAh z)PJedCD3+PU2Spw-iOR^78pY|6rd0*-E81HrK`tb-gYmx#;M>@`r`P#Schz(er8dZ zC%>8s+sn@zE4L*G#j+XU%@4&?+On1MF@2aiM?=uOBtCaA>QOc)GZ#;~+dBbdl}Y-r zF>b>8DkovW!iuA%68eOMY(*WKu;dFN!CGM_Zah|ny;Hv!C*k1RXT3NjO8OcX=P4CJ zzmciscY5n7Y$7WJ^uh4SB2hl%wWDV-q8G= z0yM}w{PXhj#Ao$0&A)fNfBbYt#qxA-<)7Z?ov5hjuBD`mTAw7qZXy%9^c&X+pD{&t=#gwf1>W$+@^9(#}>fF$}t18qxYtoYE9gZaA zds;VV;b}OJYn{UTgsi+%QM<3G!N0L)NQQIy;nbT z(8ZzisCpr<;{ubvnTjGp_K}NZ7!ECSXLq*W-jeGmu1YR#G-@_N%R1SeN=Y~_Ll~pNgA4ZcEYp!B%I(p4DxChzDQS1cs=ZccuXcA%6U~yt# zK3nRy(Ko~o_unsUMVoUzOe$}F=wMZ&m@K(5h>Nqw(=qP#{tlD@aEq4tGc>IG3Oi;eI2GEyN01g~hhHe5C7W$hf zOpxh$kEMgNYw{M&o|%E$03N>wJ2lFUSqv6iiZ75xY1X8OGSrc?5atqO0=f-$Kmv{i zw8CtW+c7Bm1jreP@Is5BOA-L~1s!+qF~`7ny3q?kN(nW$$vhSeVhDLEfaVTfr|tmW z9=yGRgUU+S3Ef&KgT4gE;YyvpKcJ!nD)w8m+7?)fV6MFV^+pjD)3O%@aU(+_pajAG zE8a&4{aaaOmHlPc#rr1)n{3X%#B@NO=}vh|+A9p`09adlZM=TMJ|&_R#%Y*ty<+l9 z$lAM_Wjmi8*G`)AYf@PAq%DCGhHZaO*Cc7wlK0uPYj<#OUD?ItmO20_q=@}FT}dhFxqHka9Me4)oY<*0B$F`s!6+$ zlfsC{ec%q&%|&%?!e@M62@O_!;|DbtTGKg0Evd*N?kOK>1<-UvenaiNCk4Ii;_5Wj zCGl$p@Fj*t$0oWGr!?n#Ur<+vL6Ap2FmKf>JOdT)IPsk)8h_`!UmK$Uqmpwf&R=Ezb1ZSQ+ZaM?U1whecd|7%h zd6`gN*C0ls5BK{aiRh+)!e{f%pxt=>bYyI|T5zu8$x)}HSxe(C_=EyK(-!<_P1%&- zaN)bOvQ?N)HAr;nk?%iwn5*pBw|;bd?etn=63js&zbJPM8^9Kx&YPDjU@{Q0f)VUq zeq5>7)0=4u+XD+f9FUNf1t7bXNakI+S>!|Hpea)yY!6H>qx3t=J^Zc(5W51BbqYW% z3joaBwSb0WlS$)XzQb*xzO#68^|sM}A* zSq$Kw@Et-owp-Tq(Qi%rsb0@^Q0{FmNpgN+bvnRFMOV`}PK(cgIAU23L@ic1)5n*l z=I*=Z6W+U@kPnr2Z*SYG{wl6-G;@@&J;f$0=CN()F>fI|ZciT8pGo3=^wlgfqs_~5 zqdhV=q;2+UqYY`a;B{WKr;X?_qh+FSn28}KGT&lZHqLA5rbqOx9e5M-5@{zo@OqYC zY16a%#Ck&avrb9PJ40KGw}+D|;`UeEnb`NbFSyy=OOD?`^UB$A+Z}{yljWj=eqLZFx?m333 zahQ^M8E>!Wo}m0XYUWbmUTMKUk20+xrzc>$H``ZiL8t%>a3P#LT(ybX<#~u)V`sj} zGBNv;G}=T62y()fc?6WnB3clK z`x>PEFa$b;6T!0Fz}>HE#op%jQYwh(vcLJ6NpY6>vJQ8P?lBz+7^mNfAm#owp}}%p z_#L;ye6KGn!z1Nj;u_Y+z`w)DV=Hm#PkKC zt-L%EAL}!0^litYmDV@B$n+*kg_+qy?9w~2A{awok07K1A2Wj0WSj)~$%3c=fq35!W`F|rk-IcuAn;aBF7(letV-SW z5A|Fa+sMe+|+7G0n!&XNN*A&x_=%+-v&+Zw8^U6KtF&zx1HEY%s&%G{swKQST`< z3;KW4P2ajKFA{SlO5#g$ni4h@eqT4}t!CbCeohK=mcTsMS%nsFwpWrDQ7qsRSH6DH zB;eJC=Q`Z=g$iQ;3E*H_m%APN0cY&Ec%!BOY#W}-il{khY>iPDv-CwGWeg3=E z#(#3r8Ng2tlS2-*Bj?Tmk1Z1pO6giaB}uLV^AVEP!gL1}r_Vv_LY?m{GI-`ecB-c- z!_t@e5ahjiWs$$R5=wl4T#5w+w!oKuev8RJ^qs|2094unH@htwl$-2s$T={8x?4<CZk%{#xxMB4HcYog?evz!Y?kYrYzsucdLeN^>%? zuaL7`8HL+`t*kKcVdP#;Rf#6|hSO&0X1w?HM4JrCd3y#IAIIlneGf(_cD}P-2FV1q+a-DD1MGfgQxFUvN@8F>G+d&AVv9r1GF@ z%7TyB;MT_ury}!r(lu7uY2T1iiI2TEk~f-(7oj#iGv-lAIPCzX#_L%PgFeZdrO-50 z6*7k+X+RMhYwvZn>~3T)iDvW|rfg*E=Vj39aW7LM}glT4*FxRldDgRbCZi;q)e> zD)fHb7O%0xFy>ephG!tvC_}L}2fh6`J$F(z`3ZBTYx6jl(~IWEN5LU^vX-J^G|y%#=~j!aNBdc44S|)RI%;mDkq327?<#+M{$q!KI=LsgEin zl2k_u&Uef0Kp<&k;4C~{&OMF~FZn9xsN0sqmF8AtYa?7|_o7krR7B+By1w~ZpwbMA z3b25WZ0tS3jcRPvS2MNm>Am8_09}cuWT9EVsKQysHl-x;{I|D($_3#@tM_f817A%E+9@0z1*$#I`w?WT#RYryi(yEe4+;?tcz4yF`RE+XsHdOjSBTI zOhwN20+ZMH7;)ii8IBZA=Omd#grGpS@+c&H8_ywKWayT{c#?b`n8D#hR5|8=T~$9obRVBtNs z=|{;15QZxwZ~blZ@BqO&iqD5bmlT>SohWQ@x$gT(6tVe2DZAzDPDuuY zG?2ucRDvkM7uni}EW8%Kopr)%^Y~oQf>#c^kA~%RuI^5z&eN~MC=Hu+y;QA0fl?m? zSSUy2qrc72YAbeW0f2Ki$s86(R(i6}V-{C30cPutYzZWDr=%>8xnL2nl>!B+?A2a3 z8iM(l3F=1ylLg}^{12ZGo;96on;rsKgJ2~E z)c$aSD7T_V)Q&w%3eu0Pi&1|yOu;4&M=WD#@(L$bu>lL^Q_OloFZFVJ%d%+{wRXDq z=k2OSK}V{mHTiHzT6@Q9{^Vq8>qF7g56V1kJst@}&w1SnU&az`a&>S*^RVwM+7xu| z)_tk0B7a@%svvKtyUyxmE-9X$-CWYV-(K3DlAiSO-3x96$~Um*%3Yd=V^j~4*&8`N zE#=HL$|AWJNMd#-{%bDlvM%r=XR9rO4iO?Qx*WRsy3+f~g{Cg;vV4P}5y?CBardOj zLqWr)TQP*YI#Du~7{$(ck+?L@(9ci5m}*rUh1`|Ds8jjGMr0+eyaee+muFy+kFk-u z2Lz8&Tc?-1HRiicE+p5}{4C&!nn!7GWMLewS&qIQ7nR%Edd7*@>6fFf!Z4aw8y{ZI zeJEB9Efwv6#@lz|J7l&m$F*1=A#xwF3)D&+EL6EfaObq%&n>1B@S$lYGZd?z(~s!n zFdZvhO!`!0`oPZbl{4B9pNS51#k6nV301UTK{ zb}W5t7H@NZ>rjqoh+?%-stsoyM))k&Wcr3Z02{QqPps zxN?NAuXaTgZaW_sa2yF0H>q*c^aP|&Aedu+xi34Iu=BC&?U#IiUUXEQ4QHl=J?q?p zxd`eRkNb-W)!SjvOVe&@E_y;1`c0LLr3A_EEU|4;-&u5^GM^h_w+7;+5uB+*XyL#v z>1cVhp0fxyo3WhBYP3~dZ%W+_uQr@8PpAav< zUE>Mkj43>-YTkqf()Y^lm>hO?%f(2 z5OlDE@X_^j6YyH+;P({UqS~d2}s4?pcbD z9`NuI?XyUI;Zw44=&JOI;@;AOb&D{%(L3B$x?z7al}402R9_@>xy}Efbj>N)$P(%p zbFSigdlL?*Bt>$$qDd)%=cob1vtfI!q_%t_^l;~l-?>-bT68yFg`@=AZ_;m%{38B- z17)msu|pnPJ=SUhUmCYd#Q)}4a3FC89+;3O)#?4-uYU~=|33Zl|9}erKZR-hv#81c&)LTR1x5joO2Sh` z57X0;jab@yoB>8CJ8HZ7BRDy7k7t%MIU0 zMFI<$01`It-&txvq*+&kgOO&K_Rt+YklLBqQ(0gD4Kg>z7vxSEqVMj$I;$8yl8ZyjfqO)^VXM9u9Mc^@yyR#s~=UeXin!#b>Fo>kHo+w?GU)zeQ* z&Fiq<8>M1Tt6DVq1x0_HjT9|RwI#oSVf7%EG4QaAmkExe&kQK*tkDVD<>G{8sYmZy zZ=N(r(CNIU1}t`1J!p(nkDN0Dp}K=LY!9Tg?m>3Fzq3rW&!NdO@NIyX&4Ia^235Mh zyH@izmo@_FJvq>C490XuGg;WF0eFVR2-6M?y4A%a3(?#AKz~0tV+Hd6&F_OIu2Yp@ zKk7<*lt7i0#>hMN56sZOWdQ`uKnP)F+U)uQ-J~Z+F9kKLGSyS zP6O5J?CCDZxao9Jf-Q#nc%WVRU``wX9-V%QG@DlT%)3CQ^#B**7&RqlG1>W~Su4iL zM2&|mxAeAX8z!(6CvM(Fu$5Mpv&^%}S{QWcN~jd~2-xjpt9MPYdWW)LOCH2LF^$MS zh>B7jazcS}c-V%KrfQ3AEwTd7!(tj5wucT= zgZM?ZD(e=Qj?agxi3G9_*^+wD*~`PGCG|NOL|mBR6O9@DhMEznD~R(J!Vw+w{h!^( zyxsC2j#NZc)+%A-xXUt(J>`?fWf~%;<}faIxj6V>69jyz>t36rdU?J<&Pv>7bos~> zw5O?|Z1>}z&nfn8;D>?6t-QTV7 z-+bYJv|;|={B>%kjQ0S*f$d`s3i6bH7zQLwJXIsm{vDZs5;P0cLERgat$Gx%<(=cm zB}$k=Gs@pt&VEz&s-&P?{M2U?CQIx4t^BJK-ET?fWU3x6Eo3K*#9U0)x3ay&0NR7d z&Tj?Vx=zSm)jyC8MQ7*-l@%LU_d*>28RTh?n0;TN1v`)S_9c_74Q;4-lhLqslW}g1 zw~I-Fw#%Tgsx8HWk*n%NllB|(PUFcQR^=g9yit9I440)& zPUsFMu$z|FX|32NbF?SU8JCQICDko-XPZYp)AfaS89*PyMg1yJNhDee|H#j!#t}`` z4@>HdGWbWtnG$eNJ zB7NrX+_XPl5`K)C2JLJ99bx7eI0|_2<2y{fE=mR{?|ela0U1Y$mLbX(G#Hc*1MAg) zid>G1Hf1&pg4b`E4LH6A1wVEQf+XDA0tq)Y{jxxYn=i_nJTrcWciihK4iIP=t}#h+ z5gM-O^%X8po9%Pz>QcE=Sa?M^dG2bk?|ju)m*WQyTi3>hNxw8Qm7SMQ(T{MEC`%d2 zighWiji8o_PJe!v<;*lds;mX-g|{eE(B>LP)(H7owqTlkofK8qsar6xdkS;g(0P+=^Q2=T2g6{rGk7J6cynrqkx5BBn z;(@vml&}gZMKg{fd4Ww${lR8ZjeriP;+TOmP?8lp^9jJB*Ny-kNK;NE;e;R$XL61k z33)eiZ@Q-vgv&C;IpWPX9CA==;?x2)l}n)tM@{5NRiD+kIYY6m8z#*}0p2plrbRXL z_<5eTMHM+O)LlSXbb-#YLW)t0ucpj$WV`un5A>VeD?k^7?mc`xl!&Ybdk#s^L>GmgjIQ{G|hZuTS8Ytx5C=zmFv1)=qaI> zE}`e<%(5;hzMg#XCfDH1yLkh5%#n4m4h@O972M~U_PMjiv8<*7Z*8xR9v9&3Hsy%K z!q{&nFLoOgWS;r973J0~`lMC9A1aCfTe;B+!9z8gT)^$GlL8IM%|cCI`k`BndJ^yl z+RI+gkC|8CPcQ$hTq0{Q?&opHL~C`MFMgLjID&ZW%sT&N0SA{}m8PUTIDft5!6A7h z)ZMiI;>C{vcNJJ4h|l}I>1babZB^wm;|t0&nk*hIG}M#Eyol7*=FBOBo=03oOhC%8 zZDUt5$Zjp&PP$)Qle*lFP?i1bLlm5rOC(=d!@_nGH!ndJuW*e z-u_iIICPxy!xL859ryxsEf0VEeQ*uY4HN|8*iU+&msqGz!(S!OQv|B_GfzpKx*MoV z(1`RXZ9WlQkn+B)Sj>3yimaAwZT}&z#TyR-p65W)pUUY&+?_ zRfOKtioGG07ZdE?VDp-pcGQlb04etx*K5rWgR-7@npyjq-o!datT6nj+`xPWkfg%1 zOZ(KW`>7#WmN@QwsEi7{P?@~*Qp@L|{h*i9U8YFixo97agTd4iEx2?C<$ejr!qd82 z+CDMjDOo_V7vn#$9q*lLiYeQL^jS)5MRpdKU_yvrEBw_RNABU#EZp3%FMdN zH9hw|NRp3@uP#rzW~qKA?~~e#G;{A?G1~6Ahs!dAg?Ebb^CrEa86_*dSGq~@#ki$`HWLVcTH4SgH5r< zV&+S!K})e)FNQ?v{bhl@C}NQ+!IkaZeEQ?~_e6fBh1o&qxXk67BS~Wfu?D{;T{F|7 z1wvfE@jHYh-3`$DY6JDj`nCOPN2nGss(ofn_fLLF)?5vj$f*n6wAy?NGaGOkI^F!G z%}l5~aiFCL_3FXk%!8lk!xG^VgLO~KhK?*%&pQkv94ul56VdUgIcu@K+w-87)FF%z zc#t1;eDGay70y29^Bi_q{^BrPC*E#v%UNG=?Vb8@G5#m{gdwbXU3I>3nwe9< zw^^qxQy-lUvn%0rh+MBs)Xqt=S&u`^=jAC~qc&pxLjgHaUtaxOF^%Z!u^8>Em^1OV zXJU223s9GTi;n*X<$xRxIVrlb1A5(Zd7xT$p|`Yw4S~m(?KD0vE$gQTdCoxD#>HD2 z&QK#MC{72bpN=G|1nAHr->Yh6Hy+U6^#P7mwY}Z3Qsg@v%d`8=69SE+SMJqQmEVt;l?9Hp7oe12uW6eqb05UKbv13g8Im zKa}>bW}FHedHnXX?ZSt*6t3EPMd`e51!y^u?=0L9f<+H|_fYExmm(`ezQe1o`w4;(|`rYILC6lLdFk2@-RZ=JF- zgO6G^``h_DDIYywU0ze^f3E7qqX%T&<0$^{TNh8>z`Dx`Wpe=~&YWbY8Yd0Zq=QLz zc(z{sv9e|T{3C#1_&52 zoMUglv*1j@kpo_L!4=#@OF?-w8l|(c^?61zwkQ?oSPYoT6V3o9RZ`?PgY@`5C<%B1?DJn z#|^hPh(F+j1F$yeB9t?pZq(ts@vKK2wygsjTYHvy&s+3*MRiCY7gEaj5BU4W3k z?i_pvOnxrakhBh%zu%_Fhe6fDwr?VOkbyXj@Wea)IkRYmv-h7P>kPLVnCZw zy8ySD1UQi|YGFNdhdzYcxdCvwKAJkXukY`uY%6~)%wXpIuW{Lo=oXB0HMT%6Wt~7H zl3Y@R{g*_7Y<};mfamQ&m-97`{8vM>36q9*aLIk&)Z@**T6Q_ct|cm(X!^Q^w$4&j zeMN`gix+Xv1`fQ84JdN-c$vKXc)X#asw(M)qD3ULfEsxz`%UkmoDV}m4N^y~QypdJ zVH4BtXB`K!#tkTjskyn<+TyyEAoWIChmO*iuh^Mz(1#wnTV4cRIgVjIhi){0`AC9D zd}leS(+t@YL2k;mK2P~uTPTQGoL=Hn``)zTY5x_gs> z!Y%v)9CUy`f%~MGLqABP_YMGyK}9nyA>;#f*T4wu0dL9@EQH<%Ah7gjw&S<%AUD3V zP%{93yAU$U17rMzoc+;_{0ckuh4tC*EPWtcd|Px51dbn&&2`^dY}faMpu0%=JrF?- zqkj9G4%2T)9Y-zzlk|DyByw{UN|-_x?=Vh7=s4yjGp;bD9JNJrsx=3#zMGTXq5(>_Qg09O~bA=Uvu>7=V zdG%~LHptD+b%px?sr_&OeB13ZvxnLDZEv3DY7<4l8_w_HXiO>26$W}ZACzFkq0#uc z*)XXMHn@>5FsJ(%Ys^k4={BA!>_+Dh1sQ&%Gm0v1+74l%>yuC52$S5cKs*KA^29=i zs*YJwsFBR66nRdNdMUrLEGWhJm9C31Uvd}jPS4C*RyHE-`r=7Nmmj~7yn!%pu#0IM zOo!~(eyXh}9WR&rXw~1SU-sen4?;HX%g*A1r*H0SRETFi9@iCfU>&F28#d;}8IA0~ zP@qx(O7eD#3Dm?aArC-7#lQ(K+zTY@Wv@z7Ii?N9N3~V2CJzn2KERIA?VC z%i|JW8NS1O1c`vtCq`zG zzg<_VQvYCK)k1Aidl&J$zaYern{NN{N`d^%_y4DRuap8fWbdwnb$plzwx9ggf4Y}e z7%|WV6msqc6_8oF>;Kbz@jo|wNFuzFD-0AKo{L>3z#CDaT&Bn~r}_eQh)Aj);=RuekG zpT^{HFAL{x39PQz2@lO`4s7k*AKus)`&KQ{T170@cW-K)I{8fX7Ca&=eSMXF4Ny2< zB2EnwBjWuc!{7IyPUxfMxmm9`ddt+r&z6ke>#`BYd3l}q>lVzWVY)yzSZSv#mn0cbIo@)5DNmZ7UojrLuLMAwlvE@W;_o02k>O222XL1kZr$ z<4GqXvt|Q}x1Rqwc!ChM;C_KO7`TzmQ%rYYSN>kC3es{AsfS)5Feki8_7i`(1R3qN z8t|P()Q$$s?^w$Z>~Sc8=tz48Y0Ly3N-mHKJ3<}Dw*lh?cSJ4%;|hmG;|~NLrTu|= zVwtes!soQ;<&Q0tvrw57SyGX-)fiea@mnp|6<=}+=z6l&Kfbil9Ws zD!}OrEk;wN!FeZxjzzXqku(`>em@Lx35w|+MpuSYJOMU3Fau|vK^z1plAGpUA=uEp zEB4Ie-~jtf09Jmc5waym#L};HLU-FBe}5y$@9z^v*FhaXei@0tk!k_1I)4_~47R*I zbWcD{4s?~%oQ5-fwvc&aNIJ6(Io%1N_dv*3R8M_pxn&LJx9JDbEY${_zDW$=ZY_BI z0JB3N&yl+meaw72fV$Fn0O$lxKgIv^bN+620(oe507EZ9uZ&Ga(%8~6*70<%dQ&QVJiqJ4b<^ep14s@Bixe{O>l80GHyp_1KLmg4&Sl$D72cMu zD&UMTy?o`Tmj%NYuNiqfGe!moT&3PO&Nj(Ij2mLK)Q6^#wo;=&SgQ;jZrUPv&SLT~ z;ZX3i+@j_8IefTNR!t_Fq~1_#b@3g&Y>nK!gRyvx%3n?kHzW=Z-<6Jfmt$)H86SEoPqHKh9d0tQk%44H=zMZYy|v&A5>?d?N4u=ZBW%*UB$Cs21jn|wx1L82%2W<=X~c1@Mn-J!KxDhos+Vq)V~s9o0A)ML1HJdG<@{!=zZPi?o;q zZuXx$&p&T6h(0dD&K}Z4cyf~-|CH*h5zVVV=W1ED*mN~|!bf|x9;W**Ku#ga&~i8W z84LmW@vWTHA-bxLR0IhAg<|{HdWILsaR#};G z$K;quj|ePrW;5@swWF7dbxmIu2yDQp5IR1%SmmiDgGlJ98PGMv ztEBcPw>qzyUm2mIO?qdhL}vsq%p8XgZ?1G!Tx;wgkUH}2^Iu3{e7$lSEy=4l9F@1x zS#Nxn=2$LNryK-mazw!6EuBuj+4Z!CGat z35S%rF0nj{d!F2%CSDGg6bJG{<%-&FYZ1;{()3KZ?j;(3{^idy%AF(GKQ|JuC2-Q3 z+4ZuL^6%_5Hz7%S$O-n=4t`SLx%w~8-yRlv6T6Ykg8Y8rEX+-vLGL%)lNeRiXGW2~ z+<4$uwCAs8YtU`;)%021OUY#(E!bKl^hOt*hYY!Fan521 zZZ}23`1Jvhu6S`1F;KY>>nJEhg=QQ&Zq0}1pr)@a9{HqSsZFxl&gVK0<9>6*Gj^uy zx;|mWbIQ+eS2+%#dBWMkRJ3u}p0fLpQJS;c2^+V7wjvb)1E&CqdtKrKz5`5aGg17l zTsZY&Si3k+qjKwa?1O$8@Dasos!zbU#hkOe}z%Gmw8+qyM(aln~jfu<^mZ ziOPE<^}?#JezzzEk4`i1H(t9U*e;0)O^Qvs4FWtzErcj1G84^jV4960)ajunLlv%K zREiP{69z)-A!XaeL_rDgG+ddZ>1VV=-9p%j5{jX^y&({-)8R2n#->9U#nn~GhwXiTnER>+? z*#1o^A&|}9&OFsTH>C9jva8O7D=+OB37<56qbDVBD_ief)W{Yq4V=)8dTM<1$8j){ zX=}?s16SakDzCEQhV&K8&vm9xKQ)*;fLk0QP360vi&flm@$fCLid*@xn7qo&Knf-u z9-fw|QA{ytF%PkS=fYgd+=!zJ0lJI%^)rtqX5k}s`(_e#T8d)KTC`(srRnB*<@IEj zq&B%+G1fd~j6WEjQgh$gC{3v=R`!~)lX3JBW|nCcg7ioKjlVsr&WQjGOXnM;!)H(@ z7p=KSJ<;swTqpDHuRcB|pY97e%-y+>NF>o(M|!jk zQd6@<#k8gj;#_s>CtO!?@<@e;*Um;+J*!GJem0t_>)%-zsBxiS*|gBWbtBiLP)i#~ z(kzSh=;VYzfL-1tE8IhI3OqCd0n$HG`nlpWfWv>1cj@Z+G|V`Mc57uHR& zQ6pPyS7xcO*|FZRz3c*Wa@19a(^!Ap}39c%ckBQ#X9>TQn!Czg}JXKb_HvJvw6UYin|~-q;@4xzVw%nsR}MN z(ZSa+z8Cdv=xmvNJ^i-2qdctX$`_m8pvuGF;hOSvHltwgGPj(FO2XSQ7djlSUwPl( zZmLtCxtP1&WcIKD9)M@tLq1^cu;wC9vX( z2Vv<=rz4YT71=oRXk|6~m@%_#JrlmNhndupdaY_WjXO&Po#;D2w@A7U=p=apS*mK7 z;g}8?yvFDJ3j<|RURK=%{WRaTYccCADAAjy9FLYX_ryrerrI6e(Go%UqPk=*=T#1E zs^SC^iE@Z$$V+T+;iDCxj}VU0dv+aCo7tB-bff8q7XUn;QtWCZxt8)|@Em+UHGIkX zq*E~HZ%u1KxMmY{wqB>rJ6U*Muv$>)*SZK}WMo*5>PmLDc^@2<44lxa{oo%XdSIjk zEvG^ov@cYc>he>oj5J^O&ZJEpCtr+EyijIh8b#UlM9T%D`MNEn3bH0rUMeNr6*ieb zS2PV~i|I-^=Nrypq!zj;mW--~lZb%|`8}VcXALK*uLX*e45|KDtD7~!Z*U`Dsjk#; z7rGV(yVo>a-1>e(eG|V}@v1@-)C4$$wF|vtq&Wo)J|3cf6&$cmF3N?B)g2|GPq=qq z($6rq8ykEu3m0u2j40SeC{5?lKD6~&OeIG@(KIg;%U7TTJ=0wLOSJr3*!wU6OXmj> z-=+JEQry}kayy@S&=eB~`W$z${ZJg*YBda#`774GEfWeHS5G9+y(}JKd=+JuYqlR- z`3w>jAgBaF{xWw{D;b^trsH4EKJjc?4>NO3TEdC z101ZuDgYR`fZTcVorSiUK;gmDo4^FQFE4xonZ zumXCop&C;1-_y(c)3SuV!c$dmG2O>NFysz&uiC9CTHjf&!FNCs!6RM76LbmwV`D>i zNXvFWd*}}nQxIrNT_&R_FUgM7WuU*0JsSukTbf&^WsEH`rG|^P9b^j+->Hb{)%qf< zi^E(kL}iFgGb$2I75T7xWbh|>`L-1t)DbF~XpTS921Eoqb_MB}#X_vCbPm*5uz+GmGO~*C%S&L%uko4>zzozP1e1u8Posa{A@< z+)iX?X%y#7f(^_X^mWbf*gh0!d_*G3@AQ1o2T$`&&t`e3L6eP8`uTk0ymBLsscS(_ zP&$SQ4cnb>UFXhdCbc~6Jx;u+N^$opJ>C>&5UP7rLOYsABKNTe%rx&K#+Nx@r#XWi z^`!_5BIK9kac9-8nooh6C5e%S{;k^i^y`{L>rDQYO?|%W_FGAt)~V@ zE*cMI+{{nLqD>854dPRbxvcXCefH)bKN5R~t`GM3->4&R zN%!t7L3X%7SI|KvPpLn31=SmXzQ$7J!k7k0AZUHON)7;3n{)x|VK?R+*xcWshMzid zQ@AyLkP}BQD#0%Yo%^$}$YE-%=@jH7(rugGf=spfNA~(Kc^`ZLv!{rxm<;5h5dM4# zWX6JK{hg&_3^53$xI=+`*tYXaZkP%q0fRJ>hupiVCSOU;1Fy%?dxp?4?S^x-bAQ7) zVE-AcJNSg@ZAO}`Rv=`0*SQ=Ql{}e9V?8|PZ9Cn?m!$>^54?3kyM7>d(@XcXrQGtt zh6dvSF2!wjR>hw4NsawkGpd#|Ywdo0k>lCw_=0mg)a*4nJjO4Vn8WenYHXKuhe0b@ z?MlKzpHHriM7DlF)mLX9Z{D2`Z?v3@#|w?#3*{qVh)#G(5(?^s7j%T5QoG=2J|3v1 z>uRyiL+#l!gP4&MOEy>|3t4a0RI$%nch~;_)dH+e5A_)fuCA=$=cMb38l0@}N8QG( zD1FU0i3{Au1XSIqpP(6xv-W&qdXmtwQM^d;<9&l(xjK7lBwPsn`ZSi^LGTPI=e6ChRL>hFVS4?t(aNXTvJ>iu4*TO)E_`N8xCh@B;jpGfNMH54{6%+P5 zg7Bp2k^(NiD_tK3Klt$rT>8>%^IkJCP23&CbuJaNN*$fvqGCq5VxR{A9VBG`Zta17 z9)DhY|I$7n*8Do4tra?FDP48?ws`1argFA5pvha zWU;GMDQSD2Hgvb=DTYVSv=g5YuKJl96o$7D#WfOm zWq-wr4d%*co~am`tcb03fb`&3GXPsolC02bR*nqC|K#QkIYO72bjK_;T#4-YKsJq; zK7GdX$;vNNRQqOMZJcBlLa#D+LSD|yxp2+Z%a}^u#d^>E>BO@ z=$5C=e4pk+3>?~|oWw7CZl#M5A^p!c$$8a~+Ux>@&#>ve$zOzWrf&IP4>y*UA$D0pK+OMgK zO>=YEJDyEl^P)QKm(bGWU@w^Sz8K{H^vu$Ydwp8a!jTLUsRSBO^g>hy0*vE@Golk@ zQf$ks>q!=L-I3`Vb58J6Ylo^`H#n;4Sk_hnOvq`;X@96gANC4C-H7HKW#=D6SJU}9 z*>ymz=OZEr7q2)R9jmEMhljZ=D`6CmdA}%>ovZ! zu&eQA-^ofUcYE8l=5kS^j}FC5EGnOf%UMV^ewR=_;1$Vdr2wli@GzO`>AB>RVc>s3 zanL?_`{LQgOHJ3JO!^}9b^0WP5SXxLn-5+#VNEs*Hct#qFt^yX(~e!W%Fv6qJ%SZJ z<6zA9Cl~q5Hk%4;sG!Je(xk1|Z~%MZ>g1>+*Ow_XtDB>foZW?;S_jDThint&4WGZ( z$`+at%1V!xO-AG{d|uYi49`}UTQtOKWLY{I6aprffs|iQ>R^UqL!MS95fup~>EXsq ziA|Q4TBJQl*xt7#n)iCBM=L?e))#p#%jJYb0Q#uqr~iw+_YP|^UDro-EQ}(eQ~`xi zLAr>5AT48|3rO!oP=tVh^q@d&fOMrQEn)~UKtO7wM*08((xsD7l%7yRAZ5<$T6_K0 z%xZi8&f4ef>-^4KUjC7bfw&ZZ0yh`HDwJniwEodx4;t9%$c_`#_{8#9}j)6!KO{-X8KC z-3-?i7r!cREz@^g?-D8kYw9nro=>HoNboitiV%AJ4w*XI8dnGpGOzDdzmmIXD_oIh zM6FJJS!g{0OV304znbz4b$ZCdADEP>RD%zsu&!I1|gq1Wn@?7|Pz)@#+H!bUKQ zVH{CS&i4Zri9W9$(CiHlRR_GMrCUf?p_FQ+dJ9erV3dXwqCHA7bekpiZHZGaf;syV zPMCfOgC1p_@5I8Vh@u7@@mcRewkOY%PyTr3$%tY*=7aG{!V#Nhw8)hz*`V7$H2X`x zbE**3*seH9&gKlVqLH5yhYzd>#3zl_zyS%Gr`6Qiy)gFL#RDN7Ek%A+MU z+0Nw#jT%+tI_LyDJ@h=M{VnhLi&E`H^7xgX3}Wn_&sA1MOOg_m=u!cvEstZ3Ofp4_ z1+*rVmS{@V4>XKdWC#~N&VNwXbV?cC%nPB4CiwG7^5} z3h)*|o?1lSCR35>3B-gSU|i!`#Dt?)Lz?xRD-y2;oO0K_bEkf|`012`H~bczFTHX! z0N*s@LyPs_$?y1VJdPGxzw#gyYZqMS*wI@GZM64nV_a#oUMrj*WM&_Y9s4+^5^SV$ zk|#jlByWuR<+WCY6~E<{yF;sR#}kY;vP-EsME53J0Yi)?L~)(T`v6oiEv7>~TDCt2 zYqK6okShBWlQR%W=PQa9xklZpuloi22D6zEDwSo0(50Pcl5u33y|$EnvZOw0ap+|N zEpO$-j-OIkIa2NJ&XN*4 zeyj|RvQ>?!+eqe8guN3LhPhfNmlOv^upNrPm*f~-gnAaa1I*nDIpckH`%~m&xK4zH za^kE&AXkNAvQOfhk`qiWD>%crvSrDmyg*{Z;T>wyqj2}*Ujob{4v3~OVanY!%_ve9 zn-=AKOaOkxR-1tSvZU(JJ-)KBtaReM=ee;Y{HLgrr0Ca;yk}-ik7qhkGR@yI&694- zx88am9Da!CL%VTFjooyzpCdNMfct9TSazJ7Q6{cGU53G+HGrY5VZII%6Pw!(FV8Xn z1bB=Uyf}pS{vGm8mFp4VwMNwpdsxA}n5qNWPn9FB4j88&-k5d1sLtzA?UO3(jZ=n0 zyEBV$b8P$8kDeuqKi;S?E!xKkjr1uqY%Q`;o8B3#4!F3u>d&iKRF}YeO z(sxGi52m(Ql5bmA6b3y$DKI0^7i*ty8C?d^m=L^lC*Y31bA0^a(u;`#Ho6CFbborX zcmFYMk6$3dfQ4bGxZK~Hhd1fbLns^ckD*Vmf0T?u(`|dU>zuJ#<0Z60^#`HzvkvY;LeJ+1i&+IS-8(yO zx9=oZMx6eJ?$ySnfTGL7e9wvvy=S+riSy)43_Rp%TtQ>%>Csg7=k6-~CCBRDCO6TS;i`S&3j}%BBiLl&%?8;A1U$%tGGd0s; ziv5P?(t`{&%nZGd+NzKLBYOC2*=#S(0~Dvk0Bw>Fa&L`}hkp0ldu*{V3t+#CO$bo- zkvAuT65@CPVjKdjK#7Fu@u{6_R?7jP2y+NXnVL`WlQf}{nR?I*Y+ z=_;W@zwWWXM=r@M(KZoF!>p;ZH;^<7!V(E|ikdJzhhranPn*NU5e+TSbx@)l<7BOD zgLcV`>A0Y||0P!F^Bb|kY{2Av$})yb4>JcKObgA+xDTByz1mI|_`$azhr>>hrWhHM zKLNc6D^}5Z|1Pq)(U|n+pZ`7#2#8xiq}}xa(60fbY0?3Tp@HI@0+NnFtWub#Hp4(4 zC7$&SLLY^=5vGBR=*}-l<|u^4mv0wp`bHh4%MkwF_}1}Kh=i!eJ7_bjHfzko`D zNIHRRP1w_xH%?Lzi}M($Q3oO>#t~~J|Exq!(Qu>? z|6>ISN0Hk|+bzf^VPf6_3;|jWg_|f6D`HsPi)=w03GpC7_rg;)V-{rR>-sVr$VHgk z#kjml0~kzpFsk|zp38QuwnXikfOVE?0Kcs6)m-l|n^pxYJ2gEe#6{HQhDomEQ#g2g z%UDIfQQK!Enc_{8P-cp_em7i-(xBi0;rT)5;w$6b15KdDmyTdWVTR;IHduHT2NH;+ z`8monKM*{j&+AVN)gGs?Q9m-@F#@IuTsD`oNOC{Y+Nh6cB_zZVkKKpWx>UiT$2eLg zU4Kv}TX!a~qP{%)pue_+K9=|7B|$FJ2;paUvIbE4nRk%>17^mbjp|_H0+t05b%Fus z`W<043UeJ_e)%r8N*()+6PL&NIhW4!bJA5t0>1Jo8m|J_O6DKAFW@W&i|~%wt}}9t zJv6ZZY6iu9tr>En*7Yr|hd7jlHOz;NdcD>x0YqrdxbuQ@m?v^4ggT|&%4=M2e_dR{ zxK~%S=CWMMgDkNM6LP;e!S9;1sJ^QHjEjuTM4hOj>vwNE4lPI&mCYq*R#qE*UH{4% zDqL`rr2lGCyz4?$p5E2k5*~@0+0si@g%dg|Itl?Wvv}bQZzR_{XL*I99c(LFN!cW< zePm=5Moq2cc-s{U^M;ev`zht093&tUy%qfGPDMwve)JN>97 z(Rln%A4$|ocR@x0erFmZr+^Ch95o>69C}9+`KK1q|94G;_c8RO*EpX;@VhK$$ZvIN z|GEM1qdh8K=x3h%TcuhG4oIWTE)(2E=qkuK#BOP=A=LXCO%bs)2w|QU5wfEVB9>N+ znUct5H1t^Li@($Y|BTiQ9kF;)*(!Cla-XNOiYMmj({4_-6N>xlva+(uAC7F7&;+K9 zY3IJSd5eU24F!md9%eL6Q*aI*nrA32_~-szP-|Mmx`V(G!IKvp>=$kA)3dKs)eg%5 zOT&z-ogN;3J}3DG$pb16g`fhLZ_l~guLej&0qEho%mqCR%Z zb;HYep|MN8E=XH!blcs}twf4S;X(&0?HtzytZBWlbpqasUprwCTZ!$*sx-c)lw0pd0v#gIPd`pCXh#TfTvab$ zFpF=Owe!RSklze@8Q}f;zRB54n=k)$(}*Al*%QOaxlNS^^C%k3qhi{UeQ+BiwgmDW zD!E}QE%U$5=&ftpQngJVeh&hERd*n*anLxMRKLd7LJMu&gayd+NKI_v;_kDz(st5n z0i6oMjy5j7FKoxImfBA`7;vBq&Fs5)jCrN5CX1QoCZFCv2fX8;gNe5IJ4GWcujW-` zF#DoEm7O${ImdQDJAk4R-8YBP&*Z~xCFiajz8~#}H8sH)UCc!BGd{3J5qLQOp}EWY z8Xx`kWV?}YaMNx(=^B}kQM%o1Huei?tT{~XLXDON{ha9g-aftZ6%M<5#=)Uq-OU)6 zT++?k3=)+w5i#3NL!O?hslD~Rqncjph(_UaH0&$Nq~tVta(HhO+`Y*92Afj;jQAm? zBVM;V#$9c2FsJ^MlTv{(SgY(>){n&!jAV&@tB?_6>QP!5-N@LpSk(376g$^6dMzO! zLr+vNu}MC9akx=c4}OkvVAdyY$~9ZrO6<(U!_Glm0j<>WBF`*^|L3d5Drm7n(hfRcZKF5B);sV&Ym+ukp^Uw>5cNkkSv3rh5MAba@-? z9~9bD-FY|eITXw*t>Pe4il|5oq~hA4!#uVI>0BwZtjwbRKdI#WezNRr%=9c1$hWES zy+Q`GG@_av&gjGqTjN;&ibz9BYIs}=q%2?{LN9yJVN|CtfQQhFNxFv@^e=7WZflSE zNGy3dhcmn^7m@2J_;NF=lC@mSKWI;5$xIsw&fJjB$(q|-w2BSBzms}OJHqAJKjE~w~ zIA1~=yB>~7Gl=IZK14Zynt+FeR<1kPFYx2ZutO9Y19kjK?aYHOh@BnYwJV7JFH4gy4^-w~yU7!zDCHezn)&n=L!3B)&p6AFZ~@<5TZ`5|+Kw0Ba|VQDKiP9b|lA?X->8=J&v42_8vZXwn4C1ALA^s_kvxQE%Wj9 zMB)o|Rqc%Vmh%PgUg6Fro``E1#5;1bSqa%HVsVNA;@*Loa)n5wZgKhM>hSP=tAq2I z-dV);*h;QAO*ivT@_kQJj?^6Ja(@+Fe0_d!CNif>z**Y2-$?!|mUHR$bX!Bu{*Z&T zpf?Of8Uj<7`t2^|q28ZrY07NrZm0IzpbbY7D-_E!rVbZGA(=&M(8XII38~ z!?{F>%dxKx=5Y=ja_{=khy7vw7?G3AB8UfKe^^KTLDtZqdX`^X^`^2sT&UrA&)m5C zu+N@^eD^qEmwtwFUdOlL?c77>PvXKKC9ax&-nc6eE_2{K%+}&AvJ@S92ZWRkIl{$7 zoo4g3*D0LR(d!00Tclt|;n6R9hntnwOd3p*jBwCsuK~Bo+>FR|G{uTU zNYGS*k6FE46x3Y_iAjUThy2JE7nNY8JG^7zg7Cae_1xKw!Xf$>ZQ|n z+z+oOURCwsb)Upf5z47H0;Y<0Z?WsOziYXySDvU>Io2zhio=&`C%X+cTVSq+OQkFg zWx`BQ-wAa%y>@M$h5jeWUjbRJ_4s$o<#Qu+6S^d#L1OC^OmXdGSpP+bZx1|ntO7+2 zZ)P+ctq2x20jz*$Z8jCIs_I;C&KPp*q|tBRDWKx4v}+5#Q%WlVGKk#@E?*&i=v#;&zKfPUe$C_&1X&LfnUT<~7}oJhFD&mmW6 zYk)i+ffX=?_%isXz1c!8lUEX+)gB^d@i#gO^;?8z$G!Ptw?H+ineJ3;`9TgDbie6S zP2Go!z(Ly9<25?vbx(gE+9;M+^=6!kj$4Cho&Q8VZgCQa92B@~kvjWD)h5jBagz&8 zN|LUAi7Qs3F9yLgek)Bwug={ZsidE{jgi!=46w+V{5whsTNAQ;c$uB7LrsX@wo3#2 zk7w*8^ZGlVY1@rda?^Q~Z>QuKsg7p{C?dT{h4FdBRPu%WG{K{Hu!@6#^z@mV@y)z+ zaUEY;v_*aYy~z*raul}pz?eQ%jY#!rdzLBJT2c_5BC;I2YL)DFZ~s{V%M8>03r#Q` zfkS#&BNWxTvsFsvT~jtU%NOC+GXfBDNLzPeXN+B7O&zv z=IJe{_)tU3=?9N2p_}njH}R%-jvKn)u1=Z(UM1RxLn=_Kl{->x)S)XfQ)&0*y-rDJLD z-*Aq|(ZtsnJQopr4c>-u(v}L#C-))B7980q^C-#STAsPu0z>xZAYZONnigJEFbt!> zPyTRxY`lcL+O8;q>hKHFYh#a2S%3*zIBwQxd*d{tp|^{x01ZWtc5Q~I^tBV*E}C-Q z#$Yxl}UV15ESrlk^f3I&;!xqy${CDLCzB@krwvOCAs<{Ri5Jg?}ovVjUVKTEE4w+$*H1S!9NNLi6B%{&c+KiEqP+*l?A9Omt(3OHZo* z#6*&&-$S?OD8wVDIhZ`!e@A{ z6%fq_g2EKegsfS!{#UqPrR@LnRFgmLIQuAPSw{ham#h@_g|O|7*c}wvxAZSG5voAR z>Tjf(W_~NpWaIi5ZHs)7DvSA34SylWfQsba1A~LOI9%7t$|t_S!25;)K|ukEfz-;% zN=kXz_;`=B=*=tpb=SKTi%QxA%W9;sr!OUXmM2MxRSI^(=qMs12J!RJNk%I<#u<{WN|PP-hb(+I?2+3@vtJ zDG%Xpylf}oEV-lNo+zk;bKL8`=L#D&Yp_-@Wn=UUL(}thr-0drsizZ`5a79ThcGu= zOGuP+SyRj?WpPpbns>)NUUf=$6j)#yX@?0P!n2gqov{-J7n*hS9*T~|AC5D0GTz=g zeR$A86`ENwgN%*d>&$yaMt9HNM7`-fY@$gY_u=-|$5>KzRsc5!z$Krd$46lz{0O%d zsd)}TqVs^dBsqUYth{RQR)CFcK!Q+gn;#6LpKIt!OgT0&iH-KWYc0d*k^+_Y(%Q5v zo#U}FCV?rcoH}CFDUSIXIW?1(j!UdJ9L=Sa$bpMF+l$E`u70vG9 z;dcD=lOJze#7j6|k5{y~e)G-Y-P}Yy(M0`r5KxbRl2IU}5VYWGXG-*9K)L9u;zA$# z$9{~_F@5=Gr+H96YD-GAN{WI{*yMe0Qu(_A^VDC4_P$+uNHxMN)pwE$lV(^!-kOxq;LG&Tta z&ejoR45DI~!PPq4GCB%hqTX{j+hjG`TI|9Z6(;P?ox#b`z{DUsx&n?u)GDSvA>gL#OhiA+5 zId?LejrYRlPrRG2<$6z(`jBZTF;n`Wk7_L;wS^M=u*_@KwdL-AdE%b-fvY$DQOZwZ z#Sg>v2>@g$<6j<|MvgosqLGgn=Z@xJ?K`S5vFcWSKU~AY3z|6(x5zI4f)oF;xuiQ_ z3(!#C_M=&Mb8FLVSvdRZRy8792B3R8o0IH0i-4-=J5w{nQ8mP zY_l}hZk?XgPO6j2yP>w3ljbg#`s-AG7W8orxdtoiM6e;LzJhj90#|8B4%SL z`&u^Ie1c02))J7m6bEn^K!hLN7ukLwa!Qa zAihE;s6qugiPe1R=x~Si$%`%?;@N5g-G3)wBc#M7( zx|WxXb~vwOg`}?;a@~r8nvsjI*9f^fR4>Z7I?$a{u+D*$p`diHe7!07$ zLCc8pbCm6tzdYmv9dj<>&_0%MG3QxRLwj$d6RgT$#OWIrlw5q1=Ts|PR0l!eonp!M zClQdsoTZl4Br{xwUv9b`ikzcNT6e$xnaF<9%Mc+P{9 zQ*nWnluJ9u{?62ZUF*ouu;BRnmcm8KP9F5V^*G{A19c?OLgxVQW!pTl;s+?JoAs33 z^j?2o8hREf$?PH$!Uc5pIW5fi$fIBT$lB^TD+uVMr*d>Xq=gjmo z=Y6T>m@Rndnq$fC=YO3#3wOm~kli&1p)Zuzj zV)HmpDtk=uOgyP?byU}DdG&4d{E(a1nRu;koK!%LRDhE}e_}aG%pVXZG5PLY8fH}u zujhipfS$g~>msgrwY|}i=gx9GPf${QX{axko1W|aRrd)1DC#gIg+L7)R8Q0>pw|9W&WU^9Vfb_VF*aA(F7R*8_Ud`%UryRIxIltn}=q~Dn%tePWM#aUVJ!p4U8j{aSS z`VThve-DU6a6!oMDaH(nwYmn#_7VTkJ+H!@Y<%x;a;g8$bm2d_^nVqN`wWDP+%Syv zpcONqV8Dq&ELM`4E?EfS1m**PgwDbMRCXB841w*kyDY_GY zE9(J=*(~IE5u=Q`8_5KqOTW@lnNDU0o(Vv;{_>uUE`V*`N3?%sfW=S^e$aeOn-X3C z(XRX&F^*(mh{jE|cAy#LVYA4#K9HuEv_+V0(exPR|NMs(0apR089R6pI;dFEI}0{} zm;z+p4@mm2F()CY`h=+sz>J&#W%`FYEBp+BsbBY82Bn1>9ni&-S^OTrr~l!?xLa@z zP~wq)mL6M){%Bkvj&G@8^r0T_V|Z33$E8Z@B{ga6Ro2d_7Fyy+`{5?IU27g-d8iiYa`Zu{EH z0F|SLE@%nnIRcjOMYV^t_Gq&P=g}ro3XS#-J7>ROc|j;+;u_Ji4x@z%F`=K7+PC&u zcA0T`CSymLq_MA2@Uyk+hlc^ec@_?)&Axi0N{Qi9dKh@u+~( zgAD~nlj(XpTFChY=*^J7-9_0JtQcGnsysz`rH3BOI7GXa2lJbtiC?35y`(75Tq>AV zPZi{Egzj}84J#ud@i%f(M-e=VfsO}0-|ZMd~-=@LJm&kt#ebg{ozWJ zzJ@xhG-RTy<TiuL#CECk+m^L4Xiz zrGdtouZ>8S)4N~yn8CeS;e?&w1aPG{K+8*yxW)u?ZYSkCSU)R5rhw%HVa3R?Zuf*k z7)>UuJn|Hi9kIS40&xE;KrJk(X=+y-sDDUL6I;Sfo1DZzv-Wx#;=1{P%6E70-e&PjWgEer&`z*oMu z2fJN1xYNHMGLc1Z4xnU)2hwH$En^IbP!6eU0Qn>YAR$*xfx5y|mN10w3a;Y-Gy@Qar;17X38TeKgKLRV5jiHX9_JE6Yf;Vpv!Gm5HKwxW? zfz&k6LIuydar6Js-{mZEch_&z@848F@35e-jr?6|^Zn!#`QL%avw9dpus=0V#v)cp z1kgOGIxOt->z=bR#^2iy`+1@}A>&~B17e8AO=d^&h1K6KXwD|kT%NEJELLhvmuF}U z4Bq(=J-S4i#NAfEx8(hkK^^2{)EQ|-Syg6+Ipuh?_1p!aQ)jd<*e?zhukWlnc}%-? zK2*P+v`~%S(ML!u&nC0Pd`}n^(Vzmn+x`3A_Ceg_;)O-TtzV3}BiI?-1x>9feEWy$6)8tE z)Pq@rFLwNBw~ec23}d`1eD)6H_6yzEEksJr&9#tn)?iXRxjnna_>awH$|cPx)Q(o8o;CFQ zmX;MfFYGtJ|H182UEbN_YG!D5bl}&^SChrTFo{9Szpk8}fsQ^TIcz6{SR%?c$KYc( z$dS)hRz;D9%E?RA*;7dxLJj70%iTVQ5j?>?A(oVL=fc6r?CD4QcsyCk5*@j8;0xZ|3 z?dyf=B`SBh$52*|ezLf!r?xC|aB4Y|l=D+E_Lf_F zg?3hQK4i+$C>JMEv|vzN{hu06T4f|s<>Q~=CdGGNfKH(IuzRYP4y%2R_ zckZZu0`qOOe$ZrYV4T)cIo-g4ClON1I7Q*`$y}feqx4bc#3(Rt922ODwE-BJ&+G{=amt0xN$_NVN4 z52xy{LWr<}<-X619|sZB;|Q9JW){N7)s-#<8{MisZ>nLXPovXSt~mw1c_E5Vu%}g^ z+@oU;{#?`Vd8a`LW%fdYH~p3^OTp17%Z_!-gQC8jI>XK43UfzGhbb776$qqLP?}66 zQ{XG>9{(~(S$e9G)ND2u2(jm+rWl3Lkq=Wl8$i2C60!afq#pr@=~9tRSLDunXeo%I zH5Vb}WC-~CuX`jxYCPw}%!vDS4-&Ft3UU}3PFf^Lc~AekM>`mBVh_*(vu$G)MK|6D z#1#RBJ;j@4De{}^H<7%@xLJn=>370_aBC5PhzsLHG=iW$yaZ5AgBTz?rhS00s|S5I zX8%!~aaM$!f@oKy5Ml|X;2-fKd5RH1C<~ilqQQ7hRffj@x@WnLN8VgseX=!#ky$&r zJmcjtHWTX|W>rBQ&I!M#bPpm|87Z!@6Z%b`QAuc$v>oq!=$%6a$;P#eKil)6R6!o~ zjF|#*37Qq;w?i{UR|biOCSn~e$Fdfo9QFP#dmXz3v>dppRv>jE>iqWIkTM^_#@Ao> zNST6RdJOV1@S8WdAii}IHk=?X2v!&m0yd2RZ(y0?0O7ysw-*nUr>i3xa3W+=?`TcY zl1kcyH@TDQM24prl@-C$+JpsYD3Y6}@&Ug$a5JJ&4M|qons74+omVnr%x+UHy*hX{ z^!biO7x_K3<}2=elvYE?oMO7;%d{MvdI7gGz1!AgaXfjd{Yp8@Hv!9RKr~$bPFzNo z;ThaI)3eAUnulQ9>1|Q!I#*xI0bw+QTw00O|a`zyE*)tG^8a)&~Qv1J+I?)r*}K0zRitV7!NrPEOIz zS}_HNS@*tn?@P4mCg+i1mqH(N|9Wxhi! zlfsmM{(c8VDYTArx)dbBAe(uJ(v*-Z)GL1vECQ5*q{BD~iXfnv zU4mGh1nnaEnry>iHZ0~f7QlEG(j))7n)i2-s5Q(t%aFUpk6GfhXDstc(GM2nsYjb5 zfydv$JFT9~!aPMyL&|Jm#~Ol)7w;$Lg{tXSS4Ooolb<%davox5SDo^tC#O9~G)^1T z?)F`MJG3IgL6SRRI-Ske=E|9BJ%WDH;np#Pd+qE5xi!b1i*=eg{HmJLpB*oJKgKN6 zcvi@MXv>>xNwxTSz{=IH7DHQIS2rvNx76B?;DdJK80!v>4&%CEjA8Ch(fIoZ=THB9 zV&BGszF9Kn(wwBSq~7XSkmqh0W1+>lHeWijoy%Fm zu1V@>ssJ+nuPml|w@asifj(mfKOhx3^{YMBp?KaciyRFa8 zW6c;}HRA!Vvu-fdp71E-28Ca!ZKN8@Yjx=5wEe=|Jc<8;P(z{r=!BmOu)C_^qWI z=RSBR$0$oh)CH*v9N@gbF;8LOBu;@9B2IC<6(Vohryjk(#isE!}TAEP0R)y~B< zj2`GezxLklMuBE==#MdUZ&Tgbq)#RNo4HR{OKU4t1Vj4E0YjIXX#4Jb@-$s`cDO}O zObGE1Zb8fzdbHl|ET11Q9;NW3)(qvQzE7h`pGoKa06{{@v&7Uhg~4GJ4w7npsK}f2 zp*pjz7ymNFIbzI3^SDAuh}=pzOhf6F4u`0bI8>MPhy3HTk85P-U?#7B9=9_VXc+z0 z=8YRWqeV%Kbe*Zd^oBL54al!dLyhEXhbbs(I z2Bi8geKN)Qdod`>WCt`~ZW6RTXaz}^^$;l?Zh442+Um8%8Oai}i}N53KR>U%AgAaf zg&T@__v!hI${OMbI=;u`_%pgiVYOG$PZbH~@k1hyKE1#Ak#thY9}{enu_Ux4pixCE zTg6GA_mJC|Y3}}^naqF8cz>4ui1uY;-lW^-iWZ%!60-%%6HVZ?Jh|ARIea-r>O{7_ z$1!Zvtm;NjcY+%esd)*WMh&5r5h2l<0>Q!#M>nq(E?l*WpK2Bstdl-imE-U(KqsF1 zsm!+a?e)@u>GuOKIa-p%9^8NRnkdh+)U-@^pdrqd`-W*bk(-Ry-Sy%mg?O`3jzW>Q z?0g#s=bDK-=@AMCEPGp=q@;5PZLR#rlgtZRQ~awIw2GIZ4Z;fK?Pg;(ns=KccfFxO zQQ=Jrtc@H3aOvi?6Npo41|NQYz1Ji5dut($AGP3%B)72Z%QR z?BLe&P?vv@&hE98dAR!5^9^^aLM@;NUO8c%-w*PwqiqlC={c+qgpW&Isdo=JD`7Ah zqniGC?YGsR{|O5qo&XJF!(RW1Yc@jx?5D(a`|f#dX;@hdtWLl0_wTyYc<6j_1;^Fh zMNkDSyoYm6onKv@x1Pp7xqL4DdYr&hy~;#Gus#PXsd_;N`wa1SDm<6d0>iW!KZ5{{ z1_JCez^E>MyRlxBSzap;n!m8oQAu%a;*1o&K*p_mvvsDo z*?fp_Va{IE6X|kz*;!Jim(Nwkf|))2b}k8f+L7oimpi}x>1o*ocQ4qI)yUQVb@yqF})!JZqJ zV$UZP8=P;F7(J=i3Jb=wiKbsI6DROV@jq zRlrqv2}w1bzpPyxFfPR3LHw>X?D5v8Yew!2PYI8dHqq zSYXQA+RUuC$fUa#9=$o<9;O%S+X=xt?+V(B)vOsTuxm$yT^nR@aKuhAp#s3mmjxGC zpFmL{fl&Z9@l+to_qY4}-+$s?Z}bJM9{~ui6A6wHI^7Jh@$z3EBY#}}U!1Xj49*{e z^B>XKAIs{W1($L#0{Q+h|hdk@CDaXIw>wvTAlQ*{jX4 z?1rSU=fwE&)X~S=rC4E`cw0JWHCmh|InH4S&f^}JRj;_WRcQKS{|j3At>tfB4UHOM(m1qI$ z{g;)DuYnBXEpi<;RbkA`)C9YI{#esiY5?N_WDCFm-Y@fv8B$YQ6vToAt8%GT<32d( zAl!s$Qt{3;#0uE91L=UGYDm`pr(HLn(ujoS1i_HAl)N|!J8>1@Gd}{xwmO7~V!i~W zXIGdlegslcUa-P_6KIcw;csJMK_YH_The3D%>v2VVzutb&JXdDw|CXO*g0M~<=>(t zGb@Gh;^mkgQ>1bk_VD}d1tV_D%(HTV`qZ*&Psr1*^;m*NCq=;0BXW0WAMbKq9jAw5 zWI2_0!5J2|&0!hmwmyV13Y*j2@Llg9`^M~|{s9MzO!z$si&p#x-|G(^-XA=?Kk*~a zHnA?UKujy}>mD~bnl^BD^M-e_xYlUb5tR@kU`0j;HKub?5!7uel!|A>2=c{H2^GKY zab7@Dm{jE1<*9Fz##uh|yRW?rQ|E-o=n#%AMBzh-Cw*DV5#h3;fut-B&dpKFXu;lH zYmOaLdQFV8P2;j#gyoZjMTp}rVTdqF`BLn$1@#2RMDi-}M#hDfED>>K2%)P}7`oKP zI3YNr$15j#xc~EKf40#-2q$C0Z`3Iwhx;Sp?V7g z$h1#)sbC*#8*FmLC6`MGt0{oaJqCGvTW$%mFLMh4uUeej8B)~5}) zP@^7Kh=QlKT0l7>>cs*VLkId?lDO%CA|0S8vQ7v~r`r)|*IdZ!4a5&DB>gPMaG(781H6*WMW_>#@!(ptp4++({b6kecNxLU^YLpx1VJd3glXRn>QuLweuV-`c(K zhI1ngLiSKzp&{Iflyg@dAxyLh7o9RM`?vLY&!izv}&glNmI(8G9VTAX}6sJV{op8^I7)SWIuQPN+j+r%mt3)-e5MS3`P`6UFjBGWf1-nv25ys5o2&y`3yK;`jFH;Yp zj3uS+PHxZ9l|S$FEEnoj%x;IKDN}+`_Ht_!17@#mpY*y#jao>7QtEI|Y~ zU_%dw?SbE>!aVt#2s{wCxFC{(TyvMl)n10BIwvvV*=P7+2j{8lm_cA5dD6w(VDBiWm-`5i}WC+w3wh*j)c4rf$Bdioc(WT0J+cfK)0P%u18)RUGrM zJBQ4AMap-|F*Ger(UA+z-7&xHeP^|3JawT!9K8(ogo7)H1~W}Sj%d&c<7R}A+g8r+ z@;_&Zv%0H?n{G~V`x|oVlXL6U$WtwL&{Orv**}rnA`AW3j*P$~uMB9OT7vn!gZmlv z`q$~)7}$ITdG9G#KGvmUt)MQZF0)W=bu%BmdTB~JQg(UF6Z5G&2!_F>>von{$X|Gu zKhlwrP@ibu5i(S5X=Nm5o(RL8&p`B|gCpO9)S8Vp#2O~72SO`2nVH6|1g4GSxng_{ zLlCmHh-AG;h{G}530qVQE4hbiTKrt|yXx5AMplRSFm%DN|Bbx;S|?=c9bz2HRJcj{ zMEJ9oq1ugA#PpakXysYH4YGgU@2xzPp${7gI|9y#RZiBcTuU3)oDPeGSXhi)wFr*9 z|JU{hkNCr*TmN z?%_EsI;DtsE7=^Lsj`BE*p=5LTv^y8JKLdiGg2zL=HYdP#XFsjmuU?vgtFoWSp+ql zMwkX%mTI=wKMu<^?^5&g54&md^-}^!9PU>adxKLSJkYH?)?p!6VN<9$y(Bgp(Eqf_ zSl~J4st9b-m!YtYCVd_=aNnDqL~DD#z8rZ7&U7!c#<)$=mYh7g{&J zVWs3#QtYq4>#Ytr&WxmSHwX*Syr;iwMl}kCJb*^jO6HEbjcO#r&#BqzQg@Pcd2eh7 znF^dQ_OcI7vr01dlf0-u%Zk!ZmH?Xa9;rMe6z^=!ws+ue1~@LCfPZeq}uU$^Y16XUuMM*XeKj0<@UpT_n_3# zu#CJ>`>93#?Xosc*W0&U*~c9w9mYSk1Gn7rN!+SMu`>N4Ja^e>ML-p(>2Mtnz>|&vorzC)7X}7w0=^O$+Ob{#WQu6kN(~@{gE|= ztepG0avInbUt#PGeP_+!CD)A!>1K45CAFmwaDgt_M#KEkV~Ir>-f`JN{c`+WPtNS3 zmyfygJNFpTV#gHVBXlXlLPg;$jl#6CM3x2h43(B$)XU)H87-ORtM5b~Up1_ewd)nDxgG0r8Te*mF1KqRi}p=Mi@UYT zTlppfsjCdn5s^L&gS(B&pD^te=S}e@6(xDgwQ_`gx)hf?(VT>D3gucqsgWOXV zgu}#~=F2Q$E|R)~8u9(sncQ`IS=}W=$A!DRGv`W__{t>-`3(htO*VLV+j#On&A0Z= zLr2G`fndvnB|O#qiOlik$yjr0{^<6jEv!k98%wr-I%E03tco;dv84S{LV?_;1L2!^ zNg)T@(eeW)VD@ck{$xVYO62Ftkd_sgyK~^1d`2fMqEmV*J8Lu ziz7a{H9EGgPnZ;;WiFlepy!vS8|6w?FrIo;3l|f!ysgOd1ScP~NA*Dr0_CCVG8!CY z8;H$wFmOS*+<)|<%y#0M%*98#MJH>>F%(rhU9<^%~O?MgG8X3FC2ay{jQ!i4o zk9u1>;sEtb8d3XXGs(;#s7tvNf~$`ozrFJQ!zz30AakC3^lq@SI=;y~o%Ol#DivB) ztU_97a5S}!HQx-Eg?KJ4BrN`Je`Y9wjX4p(N$et(L7=;mRe|`JzqyXs5pW``DzjeY z-=9aUS`b!6SlM~^r^sI3-=z>ioLBSgPg00Phu28@7J?rB>z+JVQtGdJs!Twq8ge%< zhwg39=Jwak`LE2by$oSQ!vKMNbM1L`TB|2J>kx&!);wAq!4ja!H9DT647Yilk_x^j zMBJ@ zo~h;4)s{L+^-ZZNTwbmStWVSY0BXk8ARs|(G*JPSzo`xc-Jb%Sn8jd(F$CHVzwVih zBb1gvH$iN^@7Fz#L@4Z>3|=`FJgj?)7E}cIiSZ~p^bl}sLXZ!DPGdHzr8FxG@c0m9 zKu`nE_XG{NW}G8qps8^S)Q#l_5WpjHVU4wiu=5kEqXp4VU~sbbAev<$WOKp}k*f8Ifp$g+Z7-la0x+`y&>z1>F0X(du?OHmUM)f@$jHs@U-#^RGF~8DoCyn4EH>~8 zLgEvlNkJK8W)^|G<^YJJr*x?G+^lTyK_x0!VWvcbAw&s{|NorB zoSn!qBe5Gwx<9ctAk*VOM%gui;05_I)2zus>n(DG7tcVJ8%Tyi9|gB# zwbTeQ|forx_`ezpECvGB{J$^$c!W0Nk|}+Pogm`1t9EvOM93PkJRZc+D~v9sB{}3TGhH6?7E&g3P*v3R?3joB9Hl%yP4;W|KluwdorshQ$g} zTNa0vr0Rmt`q$udt-1}*GO*>L(o|40ev-)=`V31ggD1=kuUw`8PxI|z;Xuqg>(S1K zO1SXJf>4<>tA1-YO&)U4vkD1Sz^L@90#YSMQ4ko2)JTnjNQn^Xoy>rMbfrqoNR<*IU23EY z2uLrH5_%`0gg}blgEMp9nfIMJ>zuXz^Zoz%*KxT-BV_OF{p|a?pX<8s>n_l1I29O6 zbW@a2YyWf=%Km#W=cN~o(Br~Zp}(STn)hP6R-zs4e#=nxAS(mt3syj|+n>?*f3NHRUf2J*>vcv6q;E&sL3*k0bA}*}Y&JAM zOo2}Cx+rp#9U$&Jvw?`onY(Ywd6 z5x06fH!QC%VcW9jticlJRf;z+FJAs7D{g8kdGKT;*o=8^Ut(+buJcNm&)1D=0|hd0c{$#jJ*zesnFCR#Jw>?A&WT`XZjQ#%zKw zDdOIiqr*^z$66iYN%yuDHcI*3?{vza_Huvy;=%n%w*gI%d2aNMJ1=#`b^S4V6Qt+Q zP&>j?){sr+{h`G>XSN_TPT{Wy1X8J>|6rtXVPX$c12M9Ow}OytjwA1K0)O8I3@|KV zXGBLWJJeVX0WI|)Ns)0%1PB1KjA7Ic61UesaR~7rSnN@*ffz5z=t3X)dH^9w5w>0d zDhA^-&naN@N+s|{;RueX1`~oL<(`io0ltc)-1Ym8rbj9a_e+dP&D3^XG1737S|ggfFLXJ+GK%9d_Rstcs{Aq*&KM~

6=N0ULxrmN37IZg4`W;h6~ z0BloAp25F$aT)AaUV<&n5?FIwz}cc3viT5ahh+Hnqim;f^ZRXF;DYV9ae=+qevcUZ zTaOr)b_T}?-vm8kC&<|#7LS1*v46Zj@b?1HTHgEd6H)Asj-8 zuKP#JB{PT)Ck`?sSehZ+pqv3b_kdkEF3LCq-xc89#@K+ zvLbgE4f`exwUZ1;$`g1fI%dR)`YxifHj8nrWoOo8!d@ZG&^jn1n9S31F@@2WJf4E> zSXm`$7*aCvfU>Fs2LzOr-5bVVbPNAuNARB{}^lx0p?qI3G zkS@VJZCD5Iy>DX8uLFMnJiPZGpWzR?8s4TT8jmcfDqjF(UNtbXdW7``cl0%u3W9AV zlofP>zW!#O_CA1dat6r4Vc?Y0QS04008Tzhewz<}>kpdn*l(IJLk3s2PD@Q#RRLux ztR(E$1BS4W{M7~25nurZ($~x@(+CtNmcE}KXGzgx^QTyf|Kd`CJN#d3ZuBwk z7f~;Ovus8!!)UIBO4Gpq?VA@@wlG^f>NjT6>kT!|{Lz=+i$=fO3|>W$(jh;=!G5U; z`l82F?MSsPu>6|bMhcH3FCgZrlK*BinIP;`KP=s^jc#e zrnKMF7U;ok)OUSYQJ+qfm=VeElH+xP#OW^Q*PSZt(38XwCm&45wPxI-=Z@i}Ng28* zqg-aBY9I_Dfa2EElKIs8#Z;4ThqaBbuUk4otWQgnJsu45=;n)7lxn+DWNl#-!k0u_ zEXUiA)tY!$jG^afS;FmlDOvJh97#%YY?iQMyKYQ%Y$o2m9Ph9a=?`7hV=(DZZ{8(N zOb)cRaJ#iglY(1VB&L6ie$fAA5yeuvo9bd>GZr8XA-*!lw7zhtNjwCr@+6L=UAy@c zp6q#wS*KCy&d~Zb&ej^6oHZ=fm%3gxQ}>oJN<0ye5l!r;M6s)jb-Y+rIHhB{b=~Va zg85j5J8$8DUW@*$Pniu}GtpVMZ(Fx^dgsGm$br9QDz|U@fBLukOnfQ8JT}_nz$x{c zLd<1e{MC@uD2mX;>ZqRp+>ZBqzf;TMeis*GYAYgXI@#^*X$k}OPj*Yq6c&$3d8qxE zrqu1ov7vO=&;MR{)!nSpJ#_0l2etxvA~<2qV$~4AFmHndLUwo9tEot8t~`p9(ldo4 z&l=YVH+p1m7_&a>bnJiJ?`(Qk9#yTAG-%|?q&A+kb1g1G+VkDkVi#_j?n9!@o%`+^ zfsdy@hZJ4z#n~VulzCe!Bu88!f#zoh(sxTej$@iDB4v`9Ku=EgCnt(U*P{EP<9C?0 zWBpdWGktYff%ZyI$JejDM>PWFedDU~`DxuNf<&6h27V7;4?V7&e-Uzlqx-zq@Lx3^li|L`pTkDsHa7p{LpGm4oD+)4Upt zN%hTKHg=7~WQ{ktt9a(v8TObPnceYjb+nh(ZSl?zfM=>|IEJUMbMOn5m1vpCEG04$ z2u0@{J$#fUnRR8JQSzjV&WSXS%LolVx6{pKAC!8Y!AF%+O?>wcse?BNM|6VkkNW8X zq1E-|@iu*!{bsVSg7FgSiugc^SV}_|7vlaH+m1S|auJfFB5* z&v09v*PSMIL?An?fKcyOawh{o^#7UBXUq=XD1^aAghYt>a1f#nQzn|mPxeXY1G5Rp z11S}P{gWLPh1A)dkWy|thGwVwit*ax&?&BaK0PPT_vD>NecC*^b1g`gRU^WtCr7mm zSQ*>urVa?VU+gltByVn7;gyMf95tOLM@o)*=3|7O9nrQ`6a8T2SqKqrBrIB0J`qfk z_Y)~(#SdVj>ZkHGFz)L8N#O(yrS_}Y(bXgf#RI(>1yb^0pg8O_OfW1&qo}AGUl06( zqrC|NNwi=)s>vQ~A3~9|27uZ?OjBX-2vRM9sT%;jPrk$o06?LTicRDm;QiY#AQ`&6 zBrYEyDx?DhyjlZlCAwb07{|en#NStzMDqW%pQKO;j^oY^1fR1P))qHjej(n<_|rju zsIez0FEg&2ER`~v33Q**b}Tl&Hfq6=>_ke4towm>hT=Lc8REs|;oh>h_T0g>Q>I|H zFEL4!+M&sOfA~kX6;wrOwKuo>inoDyP}WRS$l1$LwH?baY(V2+Q{%{BiliJq!B&RD z2^X9uB2}S{;2lk2NqVw7#59wb?fcwA4A1f0^_mN}u#SC8nX!u_Pm7^TU1e~fn00Zn zJ{`xW8+wo2zM}m0k6SrN2l7`R^LECsKIUM*dvJN#se6Z$cZVJ5KKjZgK*II~o3m%2 z@nArTx&hXR%-xF+BJdS9xEyg=k9yNXM7JnCJy9^oGy7%W0rn(YzIfObmuSV0GbLyJ z+_@RMFF?gs)RuC=TW%g z;DqujGZok4&8OcTJ*lJK)e~jS&yYdxZQ-^`Jvmy5wy2?2kQ9{6M^U6=7*3L)I2NRO zxSPiFs7-L+_jjggT3`u%8#DDw6I_;vC)H55`0ls|KjXDuG1v`_5w&2YhQNmmqt&|UJEN!Q=J z$Ph$Ll2~?It?6T}3@W$xh#;*QwLcZoBe9$IZ6IlrFAK=ELs4xxeghElvprcxK9Xh7 zXov*T%ONbiPBjri%tsA1gL|E^hsR#nZU7#>G#FSjFT^FVxXDO#x!4W2jW6x-6W=?G z%iXWW6r!nGKJ2)<_aeW%V#CChHTSRg%3X?9y`-P?Tjdb6CGJk7SnKbR^xb{|x2!_f z+B~pZrSfUnBOD!1p^?;oGlzE^I@`e(k-_+c;}AQ$v~h1BespXdTTl@18G2{PJ-)m? zeCW&->Im2vAor)F=h&w4m@uen9iwo7o?5(1Z2w}k`X}^7otq$fxMuZ@qUx2fz2k<( z<(2e&jD&mgZKk6-7e5xz~}MnT0j+nwIq&u4oF-R|G9kNTEw$ALS9+L7GNXzD`E zaWSS*Yd?T%qV#mFw~uk0%a2^aWa;ck6&k^tm!8FBHIIeEOP>#wzcYdhnZ z{xj8@NVe^i=sfXH{GZkt-(-8x*z`jiZjK*Zdo;a+VZ#_i{O`8uzqV~U3gqQ;-i#AF z#AF6j2UQc*C`G9zyHn64%_g-Eb!?{FPNJ)2#>QRel)w8|sTe8Av2yHrGG^62Q8SDK&T)gVr6vCFJ%dzMFOMP1S!urn1w z)qjQ*;Z~25N*YjylrQ@TQ!1$nOLaRghp^k_NJ=UvD(OpEK1(ay_)iY z8u26fo}RY$2n;j>ZWE7H__FN2cOxkpo;BEx=*?bIeU_J=>=@BsP~iwwa~OgaBX0{o ziM7+$pJnQsvlZ6pG+Rk6gRLXni~Ffi#&NIOdH<F0tHo7V%C6bV|IhJB-4=+cF9 z$T{oiYe*qP^D86vK2PbDe#diTcM1vZy}NZ!dN*fwd7L^4E@Q_-lil>@v}keB_HOf# zJl+7*1;2}apLtIxF_CfzETLjPw#1<+Xz)`dy~%Y}+hwKuc3!H#JkLHAh|#6fl`(qSf{ab1|F)HeT;i>{O)!bi?DO zh5+e{(HpqQv5Nu=0Neoo5k?yjkbbOAmHohw4Qt{(&rn=WdaN**N`w<;MxT16MWve+ z%tME2P*XRx4SH!DnM+WIp2c?;WYDZj$4KxIk0;ajHeH3hh_8g;B4I?+aWnN>+<@0UQ5_!URv*Oub#4sGZ+k8pw15YH%P7pZDnPxI z#3V7R>-IVR5YA_@{6g9i*TYKFx4^Rl_gmPW7U~jtW~UQfh0yQ$(jN}+oMlRl!NLU? z6&KXl7^t&<_cx=BZvjAcLUrBUr^FyT^KZd!;#ZsT{m?GRm;|ruQ5~>{$oo+G^#JF@ z=ng}>gZu`N)ghFjuLtr)n+C{RkN`DCtsdZx&XCG*5irKSF4&vM__Qg#o0tba%9%$%-A?DHPXChSGB2xlG$Hq{y@+FwvX;hb zUg=DhO9~SnBdP7hOs$eAvXua%l zki6cin_*~c*4xmsT@=?_HAlXn;kxWJ1|Jz++JTR(MP=I7@%BpB9=%% z*M({&ihPv4Sl(kaZ1f>B`rYVg;rHB=|uBI8`SPH3@a8^0x8 zvhmTvLn6gTfHT&H@UGPM5pnAw=D5DlZRuQH|G}Od?Q7u%baW#G+CM~0PNcD=Gwcv;*x7eDTC zsVaI(ip_DVh+@he=aqNeZiz`=tB_Wtm6frR^?0S%U0E?yjv6SZIMN8|%zfl2^JZ0O zGFJ~1+R~prGnMCS!hAd?NBw=LY8lE(Rrfi8qq4bartSm-KT(2gO?7~rps==nOcPDz zSoM*bGLzILj_3QaI|^r&=OE9g=9?Zid{t0dP3@QoG`1Cw{=qzhIdQT`cP0zA6J?`) z{W+TA8J9^*$8RVxI7n*#?@K_ronCU*Yb{ym!H75T!{&Lgs$Z5Hq#ap{om}1;<{I3U zmlMiI8^JvHj_tcxzkm~U;rRE9*8pK$Qc>^gCeZKju)0rK)B~sa`ku?jC(QQFlUkhQ z>-u(js#a0Wu=1JmRMx_fla2Rd45OgC;qx-HbM=I*d~KN}wG~XNP~AGiT&AKSbr(ac zoQ8*fJpg+U$xKKwHM4EWI`zXR8x2Oob#2!6X9E_itC^J`mst7(^|QHMom zp)((TVHt)}1ld>kl=;SoY3`J^HyVDtw(h6RJPtNgrPd8Ax#!|PnIft%r64&``7xgF ze7Vyd`x-5u2in~k559~p^WKfI@*62I6o6EQX~)Tni?l%^)z`Iep6~Of=H{Z*JS2fx z;h3>0tm(ZG%JOrHh!uyghcO4nL*wfKlcw8n9<$pz=3U8QK?<1N9i!@%Qfs3rp3@qK>5$*O*Iw{%$}?`AommW%F@- zVS>wTc?1_V^SEZXa%{2lIKzdi7IF|y%S>E zrew!Y&(OH~k<3v8yZZaN84huFA>z>K)SiqdYKCg6LJO1mSA;Lc#r|Xv>woNr)3**i z!6`sG=aTHD`?Ru?O0;bHpiipalpbTeMNKBc&$Bd5jKCX4%~spcCKQvma3A@8rM43q zqi*ru+jjszy8>8;jZ;dQm)@*d4OF z235@z8ti<(Db-Oy!V-Nj-0l6 zph?=tfAELD61ThdAlGbxZzRI;?2Og*uLq3alfJ$VMvUoSo&A=AJD$MT%l0d?ld@5M z6GYYZ-Mcv}!e0+OS)GK_`J(H7XLX{L1CD+pby_zdn)xpm{{<5Mu=M`<{}`&c$#wXy z^u!31(Ip6WHUkLkPzk6P=d7T6!S{@n!lx z)$q5J=P#%cKq&x%Fd!5+%M5C}cjzfm zKvIR?InNs##VhjlfEN%3o#`xFVb}!a*uOm7-@V8}YNTT!Gb<>N1ybcu5%9fYA5FNU z8bunlJOH6z;^i=*l%bXZbp-4ki)MY~$$!}}_uHlU=P$fX>olHAK)YK31oL~K-C6#f zb{7S*!AUSzTzY*phtb8W3T~i1VXs4hag%p%8*up_`ve(m$UO>fD;8zqI?eMQ+#BFf z5~d_bh~n|EY*J<-RRotJ&r=}HRX4H-6X!hOO~&@wMZZvjZw-p`zZ-C|x7NUgdW(a$ zv!^*pgXH!lj)(94VWIkuEreUN#WloRbZoOzlMqkPs?U3)9iz2@Lp)6DCa3LMA_=zw zD5*oe^dOW4^cm_g&D7Ebqut(uFq0rk@I2cc)8@67aB5ol`RTcHqCHE*||d6*f@P8 zLQMQPb9F} zsyHI0pC06U*B*88#RoQ55!JiC1k%w}_itWthXL95n^zq8+ivU7QSy_c3?J02@dWMN z8lx9H0Nv}f9L;^_;J^HV9(v->pgM_n*AR#!Vl1m-$bHA5b{E{P5r_mO6SRx_^o>3- zss(ajnU_sj!WLdC*hrcZ7wKq*Gr2+nP)BIuvSHE)DiwjCiXSznm=Px${KWc{bO(!n ztmCZmr{3?I8W=P6~Q`c!j&9tg@;Hj-5CFl zqM7N}!MI5ZYn4`K`+Nm3kIj?(jMK|hoV~VSbV~{F9JrKjK1`;zECoHKjM#}_Pcn?{E z0eeNWBC%-nDM2Sspid(hCzUz+m2P=XBTrM@@Ars(tf(H4349aFwpS4bC!elvpC~Fk@|<`M(akEgEfmtfN1fm>Su^iQ0I@>ehY-jFLE24R5-1_D!Vb@(V%A z(Q`x5s*htc#_mNZzKOqGFyk2&(Te87vo3=L;KXIksU$NtA+A{mN|F2b;Ec=T6h~mF zeuh*HilYSr05@i4O^=Y=V+v+~&HwHd5;0N90^8odTqxTzK>tQnxJ|5 zQ?`Y=^=x{@zf~juwHI(1c%y}8UNy*Lj9zYg{_JHJr=SB{k7i-Ml1XX zxRww`cO82j5!rw{QioCgnSfts^T0N*TLbgq1h2JPr=*;4SB$$}7!_{TFT-uO)HS}u zd|h1aer-~FOOFHhDFeHHtgLRvTnfhBrq#+SQ`eX;!TXAa{u|ZfsnXNO#@i~y$Ht58 zm+)?*>y|W}@>v9{-zaZc>nb}{!{?bQ2^yxPGJVse)p?QUl0OqBV?fEW&~DWd;h3o{ z__GVR{fjqF+j!lGd{av28D~})J@jBjY`~AVCGE;5it`WcPAloPrmUR^3t@|EuRXis zJRT8U7Buv2VcF9nx=meGu7c-t6kL{WDH{RaryqSAwDDR-Q6@q*$3;I7oI`#1e+FhP ze$dytZ$du6TIaS&rEkKUC-Yk}uRZHneE8&TZ!VKg&Wk1;jP#Ojx^F5e0OZ6!*9myA zn|v-CW7i0>Da{{oF|!pT1Z_6%1=glaSl~)411%FTmA$+Iwc(@63>4SakZQDkrcF1P z8l^s)bN6qVEP9>W@F4G6%fm6-u6PKGLJzrLq%S#^U!lleFTZ0|Sl=#_FS8Jpp)5+# zt53W9%-lJ8-bmF*6(d%{0Tb#ZJkL^Ne`UGwNQ4gM27-Qs!so1@r04kreFiq9u|;20 zFHYXbZv<8U2FV_vt)92T)UR?$y|Gfsg_)c+R-_#UD*JOKCI7HT9(T(l8{ z69$Bm+#28KV>svo$@C~@Ij{g>7Nc>yd*>|j@Q|1>pupb2M{5d?<$RD8v4+b+7`w)Y zyrH~e)v(uI*Y4k{x&Db?Y~LinG5a@@fMmO_o>?z}WP1c6r_M4oHz-g>qut(E%jXCMX62vjZHrS5Z$MqW1kp!I3*yc&VCzSA^g; zQYFEJ1=5*>{mBGTKq8h||2CO`SM3jg11T-SZBl_@b1%Sn>n7kqLOW+o?%1EPKrjVC z$JECXbgctGIiAco3#_n#R!2hmu~As42N|s06hKQ7L_tHI^(5*D3Zx3)cLN6jy9-X! z);E|c%izaZQmug5U6s%yn@5$k;qvmkp0$hZw2F#WFm9n6fyAmDA5I#Mgxf3oX>RNn z3t~_~*J^hSckn8E$smiDFZd>cU3z;H)BeEp3!{zfHiS8pZ|mr8$-c@jvs%E;f9Lv_ zk;b>S8)LV)O3O)bqc)Lr(+2p*eWsMdmA*5*f@`C<=KrBet>b@al^QLWF@`&xJOx{Y zlM;;8eem48&1WfsnkNFz8c{fp`G~E5$Ll59L6_LkIi-0NG3avndMFP4q^!0a!YaDR zK^5B5)c}*KnmguDscE9~EQ+LqA&wfR{qKf%tz5*3d7k=LesbWR*2Nqz!(zq^2P615 zZhFpxmXRph89c#j8N#Z}M>DSdsSM|@Bx6M|^@NX|fOieYae$Fn5 zIV2Qd-grbJ%P%U}#u2iFTdlD^fkFz)8XAfz5TPF1I zU2m+FvFYbH>!&w`Rh^x4Xuo)@x0;Jl5~o((Tg~MM*OgSJuxH`QZ}OLh3QktAUN6wO zd(kGB8Izh-^K4}J0bY$QD=_vv+3jVc{UIG}y+OWinfgG!phAp$Y}zVAoj+ak4wxby zwMmufbUwL$t$D7pP$XN5HzIG@;u@RTth{u_g=W4C;5#nVm!*+nsU0VDJ5{dbOgK#5 z($_QFd}PVkb)Y%uP0pCf!~?jo7Juzn>TG82P0RqM>Bs1LN2HRiw3KQGpYG+Vt5%0@ zJAmC87$~0eBxyi;5DX`l%QeWojZx^g(~h%~xnvk;?DQ;GJ4;@;FPEt~S9O07d3s-X zv~70O3W^M)#O3=uq^BvLrKt|hsF$sup=b=0;a?C;T&f34E7x4ijCUXYsCKNbUm72V z6XAcL*M&dMck8rY*iTq7RTdUw<1UvW#WJi=1&5+%yEu6Tm6>ulbxJNO;JvqebD5aA ztYkLHS?9jNHGM%PiOYHZJC>`6`>EOwve-Ipvbgxyw+DSaca1={dzxN3H0c&4+rS%W zjH$t~E2&ssUao4+><~jUmuh}Injm+rV$BDh*LXGIZs4Xs%o9j?;gyK_p1J|Tlii#F z3*r_ZFh5vVN32*3g5u!~xRr0*I-~^kf%ceW@T{EERPm+7C5g)|x(N1=9Dd=)uZ>@t z7WYsqBQIZ{YrIPx_JXfUg_{z``*tzW>in-}q`FxTL!JY}Z;-iPYIo zP0{KyByV(6XQk}^Fal7^S&px^uQfp$j$^`qQCs9)IY>P{#^_=2Dc>Z~G26lQsN)l= z6&H-evq+2zSCs;LUnwheKd_X9=rb8ky8 z_U34dT+PuwqjB~5Wni_R1=e%)y^LCnAUrtRb&AMfFtMY#s^TYQCJIcQ z#Kw?md5dmZN>cp(b~i9=RG&3P z<%r|aSwT6Ry#aOx0uv>3CU4)4baksq*yLm6<8wBHxk2_E_;K^3s!jvtq%!hFeSh3V zZR@annFO)BH>PzX&&TuJ&kv7~moTzWF1j6)^7w6D{};PDsYzZM+uTHxx$ryUL@Vyl zg5R0mZNyv5Bhpa7nhbO$^_05PtGe1>mP+g@CPq4ip`~{53I$P*cpk_6n8thEL#n~? zcuM~@mkjOeZsgK0m6i-S^|n!Jo2GWRb0K{O3le*wr7VaqtLRT6v7c{S47aiq;L&4O8C_26?s^PQ;U_#Zj4D3t=$0 z52LUpdRxY3Fhj0C%P?gs>v-(at#;PuQ~eoo6&!c7lYgxE@$>K8$-&)|^vb#mYQzL` z7Nv|(t?5?LvwaiAU=?R_i+gVCC*?1B#`Ao2u~vC93gw%r>NL#ge#}>#MB9;mv+d({ znaTJ%x-^(#SLiJ%R6hOnfCG9S9-4TTu%P{f% zfE{5vpK-z@+b7QS=zPvfH|VpOx?+nv!w~h6sI0`>PhpuB>#p`ajEn4Eg)rHvXw_)m zH?c|E)Fxd`BHTV7&wS}(F{Yerf#Ot_5Bp_2PPio#wv*cthwsc?p5?u=XR?4#sgfT= zz3g%ef=Iqe)OntkHX(^!5fMUIDa1Oq>lxN$1Zyv9;TGs2xPmZwP`fK=Z>0@& zt%28aJD|6_U(|71rTE5si`2aSah{2(1}lBPCRcqNZqV#hXgAE+OCc02Xi>d*c9cXI zY_v<1T2eCkB&D;!!@0@p=8Bunc)b<4uLsP#U|OV8NtyH*)6Z)}a>JI1d^M;6eIb76 zrD^@8@=Debs3Q{27T9cgUFq>+e?VC;_7=`9(@UELfj4$NA7QhWthOP`>?nE81JZmU z<&+|`p|qvpxssHmf>jl+TPPOx=eZaNVg;Y;-_oZWcu#Yre?Ck81LGxw-A9KAYk?lN zVL*sSiq01iRxQNxnTy63hl=v(CHDqac9fF*FgYKm6sy&lS}fC;1WVJ#r;wlD4JXM} zUB%wEbD67i^nD~lw&Ka3D@;OC6M`uLB2zy3%qcU&uczKUc)PF_Va#TcP}XQ+YgQ$f zB)-v~BVL+vaj}av;f>*Z@t;L9R6O8pK$0vRNB?bnPaNau(BLe3O&YQ$$w+(aQ*One znlJ$4wwPzVvkK@^2SBwM`!%4+4&#S`lCLg0?>MpkI%;qC%EDFDS}A1t3+l>NRpqId ze-~2!u|)r!_h$jECZ_-$9HT{#1q|$zE0%6pMfaAMB!QB>EKo9-@v#dMpveGS#A?AV z{?Gj&hLsbv20-s4=}p#u$h3d!2l*?7@c)5!`v20%_?ZL-GuWQQX4C_5ghX=xdO(B5 zZQg}sECNpQ(e6Fc#;=VuV83^-YS(%3Ho&5Jn$A@BamtlDH6+Oh&~XS1Sb@KqfxQZx zq*{_=!^t07eMq%tz!j0K$z|n!NxxI!h{d_bDS9A!3%AvU++fTI3N@Q+-F3I;-zk}& zpg6D$moOr!WHYd{0^3SJ4<(HbErDx3--)ELLl}3u@!;@i;EVGZ@(DtC53%UpQ(PYb z=L+g78&C{{&0Z~Pchdx9JU~o+#e!5}pmYJT_7c=We?1U1Ne_c8tmCXEXb>l zj6c5l&03aSI-r$~sL&c2TmfV;Kt$Hj6Hr7jsSK2a&Xq^y4}qi0;D})7w|g2?jm&RL z(l}T)0ZH^1C$5ZzGkid{RPPMTX;l6%op^V8Da+{v9?_mHuo3n!G3}wL6X?b)rHfu` zKj)4hIF+;PYcr^-=-kD=FC*r+=C0%U=*PX#0gFX`2PFLRRcWI=GDKk>Ami zT*g$p4E;A6?^9NZRb6CIwn6+d`o$w#eliXfDsKrhpES%1bkEB$C|pYUdf;O>zQ<$` zJUs!I7*>$KypAXs7Bq<>P?MEl;>YFxPhR!^*5yK$491=JW22e&Ih3ITA!ix9H0_?1 z91}z*jIbVFBR{Qmqj#3p8NUM?=jtyLeISSwurJaSxi_x=TCb=m<&B)8_St|{q4&7T zOjB#7{05!qbq-<4`jXEg8sDPa|6~>J?|XXwtOg#P!_v-6GISiNE~t?jkL9li)UOm4 zuu#W&8Ffu_AnmUL#0~Z-1AxWk7<~7~;1y3`tO)*9P(rGzi;@B%5G+E_XtFIezcH~h z`mNJMOCQp&QFm|eZ$acg@0E=o`1^`|$}2#Va-iBdaZlmY3LM=o>gVl=cognF&|PtR zPu?^qqACr+-%)#RiL?k*eF0=6wi-p1MTSl6!6ui;C8!-)P-S;%FHO~e0b=R1`CTA1 ztGDl3F7EFqXlaxYfSBN0{0;p+gBEfnJyP&g#Yz-m3^v6cvCXlKK94ZxpoEdo1Td}* zW3I{H^`;Q+fh3@tqK;C`wrh>oY_Vk+D{1}yZOm=YGG@c24YIAEL%V0t_1JTljNUdI z3%8^cREc(7cQfJl=1>1TlXj3vSKB!~C39^wcG`Vl^t#5n+iLzmnjRnz=Rm~d#Qi$? z(=LkP$A%j9Sl`|6eTjVw0zfh9pWDFy`3JzL(7)?3_o}FeQZC_WXG_SQlmr4a4Dfci z$EZ__kkdXad3Zz}>tKy0iG3Q<6sC2;vn1BeG%GXuhf>YGV*`Dz&=7cTP43pa%7hE+M} z#i7+~)$=iZWqkv7e(#1j2G4y*lK_sUG+DyL1yp?}ya*mxWAe*FoiMTWg(T{6s;D_} z{>4@`H}cltR`moYC5Wq27S<~xCs9h*XjnUMQ}}dUe6AwxhRtk5|10>d00())OUa#UdGLegbC&M#njc&OafxYHm?}~f$0<59gJ!rhCe+VU6(-Ni|sX$ z(D&k{@vu4DdjmeU{w7jv?T6};YU28;s58RVUd$P9iif%r&p(h5pAShB{v}D!=yLoG zo0*8Xp3s*+K2EmqwMDJnE{PyA;vhR5TfwxuV8kz~2km1Ia)9LzXqrU{W51090uqt7E@L03ajn{z12Ij9@JnU^?=?hteZYz0bWCBLMwPGU@&8Pb#^qu8iz$al8qaiiv9 z)f9CSqM`0$ztSVebfb~=sv%e8aXV!;Vj#UMEXSnV)jgxI($^wd>tTF?r=-}E#3VTaA=|<|Q@Tw;X`Ae@5&rF;1X44*f%5puP7#``C zk?%{f1I>zaZ_I-PPNyn(gr1Ef$UAB4p8md*wbP#mXZ*(mbOMN{MF;yCLD z!-<}0W??xZ?=NX5(fR^-$7KMrM8ZDqo9vdvNpR|{4;t?6dC=V$ZjWxT!6-drnG(XyB@Yut(6VViN z*D`bXW^?CUPFCZ&3P&3B6h-{yvo$L<*-y^KBNhEit!Dxn4I6tJ2$qIC+wxOCrJTago~v0lhbmrON11bV~w&610Uvga zcM8I`UG=3$OV58cJ8ji`4O)`m5W-*EJ*#wzeW|q4%32qhWdAg^AietS&JupX&)=^P zUJNV{sgG$=m6V&*A88`Q^=52v$8_;SfY73-4wj#pvjTd`|q%YK(g>@Q@PEt|## z2Kma%O5U02H7RuE_?}99lw;XS=CAq~VDTP$4Gccg-Gw9Fjb5jU zuw(x9-<9`lQ6p5JnZ3U?Yf|@sSPT6=J##=#8)Hhq4H$&cJ%+CbGrUDq1DhJX@glsTQmgcE&Kvt9Zyb?#YtY5`It@X*iLn z`sx+^-vAT}(@v(b(POr-r=>4R)LrrDXigJ}R@EwzDMWkn28d-?fUwBNa-!4KAyb5{ z#&cR%@VYvAms!&Kr|?ybU7U#L2;@nf`7~mX4qd|@aLP)cpj0kQ+a(TKy|%>L^^#re z3W{URwr2q<$K4ZW%d3=(T;EEo%^-jHCmMw1Fg*ihgZkdD6VAL1;idGh$x9q^Huf-S zy!wUDxFW1ZWu|1*meYyt)pVF&o2%BnM)A6sM{{PMqUHR@r(-z6v-~qe%FL_v{Qb7o zx5826MdKc0GIZvBU$|4+u{OlqZt7j(QGMct3!Q3bUQf%Lu-dFWvjA5~*>OR*(N6(mD#^xBV0Zjpv5Sa^3J;jGP zhikj043UTP$j>hwnpR;73W&*g-q2@HRl3P0?9{RmJ1;ztuMn4~p9>KxU^zgR{26kP z=19HmbMJE z{DE*qD39{x$GBLVp0L`&9OI0@;~EBeea~_4uz?dSE^u&(PSvmz@r~K4Jv25#r(`2J z=F|6I%<29kSKjwK#A*Ie-M>~tzrAv4qq*}_`qkVrwS`!rRuKH*e&~2foefw4hh27-Bn{qx*q(!RZ+vFZ~T=IDNg6TNFHse zpyQG6JmV$OFn!_c7iBp3iexhQ@L8%ww4!B&F3glTTyJQ5Rb%JD;C4P0qh~na$`#_U zzRj(=XI)uSTT_*oh6qbeobh}TuWIe?_Jl8qVzfW#T3%j5t6kS&P1j+ye8+yNd$K@V z@Jx6Uta)nLplPZ|#tznGA*yX43hdIgT}1|R1!m>DoSeS-hI|@T6&&R)Laqc%Nsi{X zb|V$X7SJbsL}f7Dku`ef;5CoqYC2FS7oeA4TMcd7Ovjvk7tPGmq@Fw0EJY7$)Y&Tj zQs=Q(?jCX6&DDDMHe@1Uj4giwy_m+~;T%4_GS=Xb&3@&BM#?6rD_EBi^mzCzQZxQR z%^kfRwDi?}ta;{RdYs6_0PZa%x=U{^1S>L@QRDhXFR zsTtkP7yezecSxFMSblK)+?w&%ykOV$FX5tn9UsFuE^JFY zsuM#%HONUr&-v)y3n2;Q=6WWKvivk?Q(sY%)H`ScDN}-qIY{``^M7*lx`VRz)es$e ze}jqeB(b3Z@+ep*6;&aOI1U?;PMSlTnD_K0?G#aXL;bGz5jcB4dbr7%y7^=<@Gmf4 z?|;nFP@Wamd!DgM>V=|5H0@cdr+VVaiqd`G-onoVIk>n%ty^ya5aGQ$0V4<;UH z#9qdXC^$Y(h?(d3DJ>?I2tHLm{15nHo!z?^KvV14?!T zmb>FMBy{#Y)b`lu$q*af<9@vp$6eqdb?1Y$&v&WuDBh)dnJZTuBN&fRL>1OsEKb{~*4~u(Vtr(dAcJVGmCVpm6m8CV zyagZjVQr?IlKpsfWbS*3u#}wOmdSY;h1VBd+1O2(<=-~zo0jAlM;Kh7n%*=v;6Lsh zo7*_PT(I}~7m!g?ge6yp>n>Cb0tX^^z-UtsCGQz1$O-{Ekf05Yz+Lj{peaT1Zf#&= zs@sO_X-eqEkrNrCN>z6pMoV`Z)piT!WoC3iCl9qX%j*^D`(3apwW+d*pu ztvnqEPr{Bon-kFFg?yP$jAMFF*G`Fc?s!&qd5vUXvFjLTu^N;;8>BTQ2wR%?iEYDr zL+Jidpzx|tQ64emXVqoIqfvKvLhDXUObAmI+W1>4CYcH!1LmTiCS81u-S|#;r*oc% zZMZETew$gqL~~K{mjQZ8$&EDTJOiZO$#Hyp+)k`wYr&h%h}3?Z9kIIk3lhk>u}|6y zA2rJ4<$O#|6BUY`T_36!7|jiiad0I{#%aJX!Ep+O1=o1{WCLpq2;E#1_j@Gdb61RF zlR4*5L3+QmFG8bIGyeot-Rb3TxR$!bm-an8IXId)XYe{?Z-O+XHu;!uM zi{WeCY_Fn@y%PY?Ii+BjA5@Ugs_imCZ;Xz{C6lApHXtt<(TTcQ$kSyl1kwd*r@5by^$s8=?i0Pugrgl(3}n`c_X{J;QfV|Pk|AGr*>M9!&1{X ziU{3j7Iun8)VvQTMA5$UmN%1aQm~65YdNb_H{wt9Je^x_Wc*Ni_LlRZpwStq)y?Kw zA47Jw@QDzIy!eD;mBE})`#oO2hb%NXH9s4E5Y8ss^W}IFgZMlc0g*Xx zJR#m5E-iGsMc4{ayz|^e+Za!fmy#iLUQQqzzgwDYj6+qX-suS*sxkAsgZqi#UU)wx z)bBr$9lylS-=43Fudea3&MnADE(JF;sonb1TK>AU2+f@liJwwumi;YNH=hoK!gcRC?T~n$!}D!b||xFlk9| zhQ?nLSO$!1yGRM|OL7-&wB9CHjwef^r1Q$>UA$d_mNIaTD~==iuV0&(-k;ZNBO;_7 zrQP|=%irg!$$L&etE^qBuEdPUr@%O6kA^Io0Gn}gI#$?R_yoqRA_>ekRuuVVS zX*~ip>uxpP2xs*nKE)qaGlz%C@k_Q#$xXs-$ZX9}M7bNoxNOy}d|Ulqu2YnE{Ifx&$uZW` zem2tcyb82sx0Se0z|!k^C-b-@h%E-lbjl75e7A|hGP^#40}Dt-26fFOc1BJNC_)l< z^^-xy3EQ7t0D_JWfr=S?qtFxBs*YI@cNqXYUxYSFhU>vE8oKZ#6ZC;#3lj1L^9udm zr+U@k%kPH@v}2gOZUCkVJszMSb2`Ao`kk?bo(w1zoD3D9-e?|^d2UBw_V1ngRi1xU zdf1qzwpaeN$RfMihioj-sKaslDMq1gG;bggt((`KTT>`l?y_W~*2~S?(&L(Kyz}eK z(MjKuXnR6=52b#wkZr3Km#F?4JdS^t)qnS=1eKS+m(|sbDJbgtG=B8yv`h*D#@n}tM6^2xn1=SOn>98KR>=VrPH5H$Hq zqjDs?utr>2WPKe8nq-a5t`srueBsT0j7l8Ujz@ICBdWWOCl%h|M44pNLauC7ar3sQ zULm^0urI@Bsd{1vd0hQOfLDmlP6M9J2Roh|rA?}MqISij-ew3x2|QOiP^&?a4M=WL zjH1+8E%{$=U>P>biTL;_AvH|N_-Ufmpn!cLcc6auyyMwI+d?fd>WZJb1oy*$j;*hD zUmHy&Ot40BU+osJE9)4iP1qf66|d6QbHO^r;Z|H|CMsCeF92=)=y>8#K7Y~EQc=+?{z0QujWdh3{I(b>sD2N zil2$byQ24g0DlWl(vr=WGc$>KJbW_;!#T(xa z+_(c{o&-Ayc9tjjuelv?Qa<!qWf5=;H`Zk4pH;rL$@NB;g!Hh`YH1~+hM3r zF9Dh{xxqZ!Ny!7YZER$IfV=|I0@(yAc*Djx`2eEIv(SGM0*9KnsbZkS@$OYOjh{I{ z(iH9`@y{9y-|T6GowAwG(TIK}aAwwW9$IVT@>mHl6^(RzzHzbNvgo*td?8o8`>2dr zzW^ZcJ;@Q_Zr)XKAN6(+Z&cYyNQpL2OVP!ugMH8wZ~$n~1>AH4>P4t^^=gaIcf<4> zL8Q^`ua`ov1|J-jS)V0Av2r(M&Ybj^vSB56SA^I9;PRlbmwqAiN@?j+%TL>K3jP4R zR~M=qu7zX$XD<(2DUIK8?B^~fcjxtP|p{4C|I9_3}gNf zplWV0b}o;KY*i6KJ@)~fC&CP{TGkzKcXGbl{IcZr=YxY`!Ov!A#5HvKpQYWcQ7TWN z^=*^mz)riS)zBzvExQPR#Gm^Dyc_7Exp z9on|7?8nOGqERrLW0h@EG{{JK^scR>qIsuoa0QjpHYaM8op-%V>tt)EzF(@ zgI*72W++&m_t)SnDMa5bmC%p5)62q|@Oe&2rO$&yzejf7qd&^*;Ui4eP3kRkep2jl zcJt$rvzKyX&p(^jFB6T*UeL+5Ho~Zzi}1GO<{TM#OE5yD!bq)15a4_odQPOC2TM+5 z0kCTPj}aUVpZ$Sk&fpr=W^(@o9FqUfd)E>|1?e{#xp;e6bc#$&?I9dpi+Ye8(WrPv zr7*Es@?AiXVbZ`Y(Qu+!zsy@c{}*(r{9UP&6jZ^;Qav~?cDE!l(zny%8>hk~MlQ8R zlxCTQ%djcT_3A&&JLOpYB`UZiHrd=Ls=STh7+8M%O6G}BLsZk;DwdKfkC_jv*1|6eCL0 z=d}BoqExe9o!UVUAEhsq)zuZBY7uYULSbZ&cnAM$Ej@{DIO&*cUoxfB_QHm{<{l7D zaS|>SXA%}GYM$ZTc5~CLm)*A2=UATab)Ow5%TA5%A4OPEHe7ORY$v5dlZVgs1CkyK zb%r^N-tdE$emlTOgSX-smg*w7%B+9nUPc$vt?=6$(4H}TWTReycKKg`=KbQrzii3= z;M>jmGugmoo8|{iPC)A){=xuA8?2lpXAC{Xe-+RNoY=CUrE(I(F&z>DR?5Hw^|K3@ z*jOtV!N@%wcwsdeb?2`>@J||ZXww|n`P_uS}`=0%yKg!)7dub+9ZT?Y$kK zNw7y7E{DDYjqt$Hb8k@8z`^nfctOSPQif6!C$P_UY%KnI3|DkbcY&#l1DG%PUYkFd*LBg zs*d=Si}sdTaWgOD5Z}k^uMO2yxGnCmcI*`6gCrRXH*WrkVEN$xUUu2RqcjIM+)VGN z!`vE1AeR?5;~ypWdfvFK-{7=Myfb^LdzB6XZ;TWlh(IV5J2pOTdEFa-Fe-7C7WoPo zYs|F+%K;eYtd`Vtz(4jQ$Ri&Ut-jHJBeLxs}yJBRhIAPW({jI4fTUkXMTi@ zvaGzC+1L9tk$5yM`b7=GGENN?IcScZq1pBomaYB-ds7UU;sa}HZ7dw>3kPo;hP|C9 zQ33>np~V(uxMhnTQ`Tt@G4th^BmH=zg-L?dZ(d`Y2uq2|TDdE}^`S$xYkM_yG7euO zSN=7+b`u>1~O{%rmR2l7ppAk0giS z)qh`M>FF!E+c7>e(r|5H?bS~!a#>nAkKSkLNE@dbMj}%~IIPOI5DL8p7uz>a01ivT z=Up=)i?mSnQs>(_g52|DlRT-szMR7nWy|`Xa&$QJ6td3rE{jsM8Hu$bGzq#A@`Q`g zjlzI7o1hTgwu~zZohMtX^4r*N-Y?iW^w51~@~qmYuR|O+{YrPLqdO|b5=Y@7$x7D)X0!J1N9C)bR%LRS?RxPP%RxjZ5< zob6C6p>gK7GF#DxMs!uUZPIy-1oZdKz{#FjrZ=&g|%`+&aAT zZ%M;VWAJoO^$!8By%($&DP1z2tG``65u$cjDA3B($yW!xiSP{p%CpZ5j={IVKh4pB z?93^qDCe@8Og5QIU;#!GiEX}FN@2JLnes5d^9-*VvEPXwN$2`MI z*=1Wq20FqHPhkRD3b$;|-3xcuSy6UzFQwUNF*{2RJ;BBnE3HBZS6ODq4$ z?A5c|nuiO_DC7_(j7|5X4ws8|(rL5J_+{~HGUC^)X$1wzdz?+9M=YCowb(>D#3atD z3CeSqU~RFwW3wNw>ZlKMK2KjVeb=vVki;IQ)X2W|XoT|QUsim$65O+Q+^?77L29G_ zz&ub#SZB%yyzPt0)|fPvy(zBUdjirYZ01`orUVV`5o>K?@x z+SVb43atuqR1#eW;?s2!MgLY#Ov|3gxj61#oO9vo9suK?C^)BVV;XT$DchfoHD@N> z+ElJ(g!jKVqZ)HVt4~;EwWV5}eRed@nbQ04w8ZAPu1AmUU>v+?=C|(K%?M(gseR^` zIamlz%D$*Nw;DEr*6Na$&bZ!eQT;06fkoQzNdwmTt}K<2`;vPT(;2Y}xbUZGK3>m$ zom?!%-?re{L-8?jdnX8*Obn>$3YzPuDU2k z*3a_z>T~>vc@TdfRDm-Swz(*1+|<3P8TPd4Q!?$=P@&t(&&**)u-mi^Pd&3Ec}D0m zHP0aIa-tG+zFGXCf^3Q@*0?lD_ZgO-=2Bw5e8dQ0{`^nR#XS~79RKvJ$mPp+U}_fmB4g%Z^d_Ikm_Kqly3;Wt%S zQR7)f*HrGwUNFj@H_Acic&B{^)muFf0|EM598n>z0LuSsH?E%pJD89UGy&#Vh9V;| z_$H;OB13{|S~Mw~Ax=`YaaY)^Nam-a8oO0P(E8->FTc$uS0p&51{*qpnr(rLdM#*-3Gu@_SG?^WvAZLoq&Md8ps6_;P*Nwa)WE)M(B< zIOQ1^D|-c@FO!rc%^oAMCL6{#0MCPm!#UM>$q^s-SegwY_L{ATVYS+>9`~jD_;}yO ziQ7(XG%|;NyjVQovs{^5QeXO-<;g71Z5xG~`>%eTnx>dpmb9z4xdHB8%A)X=%S!LM zK$KdiQoKZ?ld{%DrGg_0sp%3glsaUi(%=UO!P2z$)pmVGN$_Mq7h zBt6ft~8#4i*dwNU@21gH-Gr;tKk43 z@`mP5B0mf>CPbNK+HI^WU7#+61u7mH#?@PC6^srP1Hhw%GB!MX<~j3wSZo{Rsmi_T z;Gcc_WZa=A=ua~woTM5W^iTYXo0#*{+It0nXz-*VjW|%LtTe@~7BpR%; z{roN;AYqi{WrYCD^;sF?5#){K>TQF5jbGID8K9w#Y%HOK`cpK)h0!gU=PKN_tJ8SC zOZ+({i4{6NHqJlQ`|d=@v|jX+0CdZz6$8sE^6OekX9 z(l~z7lV@Gq8nZk6Z*|-Mcj`8l|CRoAOkrS0kKb+6W=s;9w3B~kM<0v;;N~E}{FLzy z2IC->jbEF|H#faNmqJrbh@>8f1XK^RGr=Y#7=?u{iY9?^`8Pj{In@7+pT*T%rooEu zDOW!)P->@EL_(2Hp0ToJRT)D>+i>1{e6bhCY0lmoLF&jy4=WT)@l9e=bZpRSCIbOA zD}$gp+}>3jeZ*ia3)DKo0%8Bmz#L?DH$c5;dY(Bbh_KLafMe?Su0X7%0+xIm4-JSzYme~Qauva`u{jg`S62(T`DY^(XLL!08hi~-FRP?)sW^tG=QOB2@6DuTOTb5iY;E$5$-( zCnt8c_VpMv=>|jG2EF~lZIxM;^?tj=;C{wFM0^MCG9(f{Wp*oa;C z;UTmH^pE&0=mL`DkE5q}u3+}lunM82vf<^?b|}W0StrAg64H7|=RQmXT;&AWFOSMVA>eOr&ll8EnfA~c8*?6BzC<#(|K}Lbp?xjQ(^kOh6@=~hL$nq7 zKaY6?tH)nDrvcA5QK+E>xd9f4aW>{EXqQ#$bd3KzdVOGDj{4@^!+XdzQ#`PoOwWac z@gz5MdX5kqO%WA^|6Pyc4ec1vqS!jLQHf9;G@;Cl*wY;DMC))Jq=HwF<&ds0oOF|I zTx#~!ti!LtV$VxGerr``s?){8o!gC$Au?ahCLS9X_5il6r-O=t7D=cCtU=yNn`}EO zOijEO*}?e=~bZ{paHP zqdhJUyK;nJ1@SJr?BUS`s{u59H}xg5{?tuoC^;j0=Hp1&u?~q`xD3Wnb38+6v^UOX zuKQ?tb!FDx16;Gg+2f5;?bRlU z11E<4D|mR!IoRvnUgV@`^sKb)gq}*sX$o|U_j0k%@>|=ri)n6@w0#wAVqYyB*9RLH z;_UHNgU>9Qq+vt^I*zqh$+KFv+UcipLif^@v`$-Vu}7Q6f!&Y}aNs$=J=wBO=cu6w zq%4`Gm{7TAXqtYkM=Rdf4XoUs-TjgO=hE^ghm|JGE(4#hw)p=Dbs-Nh+72@pL8=RG zfT31&15m%ucJm1jFy&lsFG*5Hw%H=jTtQ0pT@5Lerkit2N;P;{AxkgCibx|uRxIN5 zLNdfFr^&KW^ADTM9=d6zVHYY&HhfAm}gR;*opF`KXk zIp*g_zKeYKJkyZtu&L=;@Q*crKbGXsp-86N1jsG6-rv{O>>nw{L#ze=0Nq0Q!JK_} zRmy0Y;$N>DU`ClG&X(o0^tV2lb+Z;%7wC5Jy!6pCz&!_F7k6|t@~0jD6Tk3gOYKEO zaKy(xJYH{6`+b7v+k~Vmh@4`t+mW96(VoTd>`>HZY6LgIJ05fFZhSO<@T+vqRIThe z!2}GS$v}#E9OirAg89{xdGb_-86yQ)WndjHoIOvSn{J*N4^bd95bRA`?Y+hH~-78|!=$K{6+(Z*3MG6DW9c zNkMtCFMY2*HG3*z!wLBvguebGY&^M1RhSSe5DX_|-Tp8VAljI8GgIw-o?E8HkNFqc zH$EOca4Q|}FUpG}h!t7MCA*poPkxWuJ}#X7?rxRlS*(PzEfOJIWn@B1_%*StJj!kH z!?+pd-R~VQ67%*H)Zi4%mGOhZ z81xaxWfNfCJ67Gj5F?k$cADQ)j!lW`dXmkM@QkT{m!?E^(Ejq6ZLA!o79jIN+Z>n{G%Xt{wcd&)G>7sH@LDD{+4c{)bY~am zt0g60(S3+nV!zO77wGlsH{*%M*{=@bG%JqkF+*U%Q99@EDVh(Gs3!vqqGhG!I?p)0 znyo9iAY#B7mY-$7|G0qQnk4-sfsvLS@3X+GALERXFuj;18RYJRzU|GFB%4Rnvdz?a zwlFUZ7Hr9!q`v*TQ7%qgvBq=e+4-~u z#j_f+X>m}8!77IKb3ha&pS9q?zN&KsLl~Enm zT+Z_!b+Tm(4#n5#m0j|ax;S&`-g$9p(*V17V_}M-t5|btc`ae{s=3CeZ4{@Q3VUMrHt?DOL|iPH)5XEmga;|-&Y zYQR1_*{_>ac}HKBGooSos|n!so94}ssE@9AW39?8#f&lf$1QcdT!gDj_A(e@V0k%t zfpUj*r@G=f!C*-JNnpU#?m6>S2suneYHkiYL`GkFG_Y>a@Gqa>p=*9O@m}Q{vi_ z_Bnpyx4#g*!wLp{`x^g-9>{FC*TP|>8(bAxKg zSs4+dO^bn}ff-`{>nI(<;pR^+XM}9hWOZhPQc?JZ>BXPlwI<3J#b&R%n537*Z!j$; z-xczh0WMO}@#z)p6R%t9hDn6z+$`2N;mQqK^$yYVIz<=Diyy|U^KmK93tSVjdg$e9 zjIJBD+|K-Cx&M9shVe2-za1zeM!+4B5seg)55wS7k}u)WY?` zn?82ZgOL>2x$bK10P_etK_d}_%L#=~EgZpu zI`LTLfjm(V)@u|$S+OhK?wlBhxIksO()F;a9?tXTi&Et40zZ|yTl$jhhDEN4uDU7u z?P86RHwl=dt?3f3a*M5(qwT9Yo<840Q*;l?arYy;SXT z$f29}?6}L`hrFL~8*6G2DT=Z0@|T@J_JlVX)cUM-lH{)pCMr$I%{iIn6lDr^*3Orj zV;@}%S&yh?dHrzB|HKi&-jm68Rc`l2<08PA@gqtp*?!89;h0^V$y2OOcM;WzF~b+& zBj9XmBBZPaApvU8w7awvtdYq>$Rzl5%Bg;Kyj8oCT=G(A({MoA)_PKla;G~mNNtBB zZiA1uBL6*-Z2your`xE^wb(n) z$g?(k>VDAqc;7iKlq`s~uufQ_n#VqXt(SE3gE6F6Uz z2u-z~Felc8x^kWi4LVo5OU`NreF)vUY+{mn=$g?8B7TeA=qHOJ-@r-m9#4x9`1G7CX6(I;ysQZKWD$#bjk$Xebm$ zBHUu>@a8{Q`2lX(_lN4HGI~&sb|Q? z&m88Z-*CqyMavxSK&rf?BBjz$X=3W?k8sH*A^Aqot_m`bI*c+&G&psYR}TH5OEy1$ zr`i+jzy>S)@`tJ|>&xLu9aIOZQcbR{LVBLd-jl0YBSb6P3tC*i6}qc=V}J1CsuW`l zKZiKL8BK^Pjb97wB*JQAX|qBFV#(o{6QX09Mg6z$$u2 zow0d?rfowsuxH72iBAGC^oD?7gx>SZq6*dR?TGn~Q|10iT(LkleAI&TiRipUOtE1 zWcewTvUP1Oz?3dYy+IC|Q(WOCr&{d$m;{ZiWYsLrgyw%!eBC*-lX<=8$AUA?)LCNx}Lx+KNdH>rU7 z?7=r{D@KAMuP6!l@fA3?7Kl43%Uh0xD?DKe$s9Ab3LPG;Fg_fUo5T7txg@Vw$NMqk z99^24HI0kTVC|zr(IgUoQ`)^(*wM8>Ifk{tt7d<{IL_!cH4X!p zYjw@UOuG+q4}I)xpA9T_2hZ*`x~+6vGw-&MBkstsk&l=*@0#%|w|}_O^79A7zD2%L zi53~R@aFy+pNDeR^LhH#E=s_3LR3bhu=nnN;F5>v<-na}PG#;5ys6U0BZGZ$4oM{yYA0Z2uf5tmO}U((pR~TzYs!@4po%{CDHJgG}MXorq@G zY6bF0$bLEs?6+aMAiz#8rqaa0#MZow+$;3mqj(|bz=j8>`|W_P_Nz4LNHPP+X~r!# zE9krcFl3pTq>v~4yTctW|Z0+z|NL{D18e)284U53sF3Mb;)Pnq3w zv+K-6stRz2|4+fi$emMACi9i=#zKGCflxUB?=&DcBG$(xnIF+dfraj`^_=E@AU^lT z5VYs&BxJ{2K=#A-yjXU(p#~|Ci6e)ivC~}u-Oz7P0I&|vv!W^70CDagrSHrc&|hu? z2SUeWfQ+@H3D-g|LPCGwDhKKBp$33NeBNZr0?SLlM;tVsc4dq|g+8ZtLTldN4j7ZQ zDY$3o4bK3GxrE=V=|XK~fXc4~)FFYlTc@3Wgk)yOr_8qjji5bzd5->ymdnEEkD&5= z=^e28tb!t=NO*b@@f3Kn#{JN?R0XcM6{?)Yubja%-@Mvw-EVK&IJ0F0utK%+A;(1e z2$W&>$DTD52D-x$`Z58n0rYEK8b_cjeLL``mqEbq1TbUw;83?UK*nHj9~28)4g7XM)PZII zTG&JfAmU*Btkr(h^ZsRdpx6F2>RIxC8ubibkLeZsD5e$733mjavPp>{fqc#a7g&i? zEZzMrbx-wd?wc+6v0(Rdl3ujBWPPmMUA>D-^mBfO)&7k@sS%xB7BMN89A8Sxr!trX>jEN0A^CJj^%$L?X&98U%4 zVX{i!_LmKAxfG@N!@Ae&ooREh5E4j=3-Q3syiss9fpmR;emN#HS`%a&V^s-HmHYxfsuKTE9oG;qmXt3 z^zOn;1;`%dg7yuk(F661-wwQl?gM@ST3($BrUaG3H#oJjv<$cVBA zevdQ^^E%^$E;D$5HpjI4lXhzVqnRxKZsouG^55g~|G&2zyP;B0e z9!;JW{m3Rrhu2fv?A&G`zJT>v#ph~@%6+wGN!|+@L&a(pcA5MV_%3 zMuLi2atI_}SU8j^lHP*S=afif?ZX;n-_0y=;Mz_sNc9+#TB-0`#H&kQHGS8SsN#iE zk4s4DSFAxu(2H%Bt)*m3}RunCFbN7z0L;(p7 zycvHySbQe25_MY8z@(3UeNM{jsOY8KwkDp9?>P!i)!f^5I3ZJvud^~lKz)3TLIVHe^jUbwQ|K21#Atr-8Lu2WE+zv_-AYl z$kX(%a{<2qlUnXMiU-+$70j^TPcRBX4+VVJ7=mmA6xa|9HL77u@K^7kSs6~cG&wn3 zUGi%vFQH%F;bPXTo^HdLu`}tM?vZYj8b@>E#B4s>7I0hiwHW3}ozEUXJ1SKw(Bl$` zampVO((lW=J~WSynXRcr=!txpxL-TUbcU1kaO2n(Ac4?>#uggkrLixjgOEZp5nJmV z)T?bUHs25p&y&5gFxG&i0gGiT)ADjThQ8;i(hBb3t7$TeF%@#Nm5uVN4#F-w4LWaI!-h)% zg`i^PSNrI0ni%s_Uzg#D4=qJ>#T4O$ce27>^%aM7B1ey1xN%(NmsYWMF*Sn~E8^x} z@+5rY8frBXx%mY{gl&Rd3Hu{vJ9^6%U1|Wm5$eki?E^~V{nYs1*FQi) z0PewnqVkIEA1z>`Mh#QIP{}gck9zke4FeT0EBphvq<0Cq3kTb(e_AeaD{sJZnMVVA zX0Tj>t>2|2)t7-VvJSf2yC-ij z20DlZI5zD5nngQJu>!j)GD|GvY!Hp~Bq!x~x{2xPDOwJB)S8o3Th04imU&AFa%^m(&*^&a%J6aJ z6hGPLRBmsR2KUes00k$FA{CocGm74`6|3R%CWShv} zJT?6{!o{H(JXQRX6nw>$TzLAOB-=0dR9_r&uV|6^{*Kbw@7KgRzdzexe^5fUsj~&v4m(sAy+pV#WaQ5+5eR4Rzy-C@z)|q50go0Qosit!(@d*L@G~R6RQ*nJYfOJDuYPNqNzGztcVJe%YRhv7l-DN& z*2;sakG!fk{8g$yt^dBNvwf7IUTS+$wyWk&a%w2**PaPN9(Sw1_?Txtd>x4&OxCG! z`SDP9yaAzf{G4ZH#mnmSo{wnfm-u$Fz{2W-0cImcxv0nE4sOlRY_*Gq{tb_~<0thc zO+KkYL!d~PD449UIg%hZiq-H_NUtD1*ebifHQdK>=);;;XK*~`4v z&pa2bJS0r;bvtvKIHJ?vo)r*vGw?#(`gQW*CkPJWqJM@}l1BSOw+Am>`GP4aF@=Q_ z*UsKIy)R-hlqGE`#Yek}vgr1Wq7eY){>_$}Obc(@(R%||qf#Uc}1Gbw4tF7Ig<(2Mxa9v>Zuw2QE$^MdpQIZ_Qh)Xs| z&4u2!X4^bfP^ zk@89ee#WZ=lRVvUuf6^U{^`n2XJ4zE#^Urw+fM5DF3E{}RdW_yL2 zDSWxxTMlS!bgwmUw4FG8gI`yUpwnJ+Ga%a-u!qJtjZiT^{Ni<-p z$t!jL{><)|H?4C5y25!Y<~X1>^2O>Voi_KxhMZ5fRD5e=NjnpgF&`|SXup{@$0;Dq z!g9(rK6GmdXp7QWxrXb^>Rih76P18A$tp4-dBcHb5=xkoXS}NywxQNE8ynco#K>BA z!Vd;0-y=HAxF2yz$UptqzItezD|{*>$V^PQzB*RS{`6wGl`mi!IFJXg45lN>Gx_sP z)^n7QSII0gs#NAXDnE$JV2i9p1gC_)${u+qJ8`R{UspIz zRal|iFNxe82!;3xEBKwceaF_O`(!CcN3~IoQQ1wS93GW;zi4ywJ>jD9N5ZL(E_~`J zE@)Egdho`~G%PQ=ZO%1cDfpU5puQfk9(8|5!05A@N(`pPsF-A`B#NBXGC~e6toYJI z0t_e?)W9RDC(It#C8#JbwGOP=bIM%9{kyx4%%^+p;do#z#FMC1!{5@)Z3Q0$v zVvQ}Yi4*ku^VBt(!&sln* zo7~7GoiGt!zCo0ZgKYmi8QP$X?PcAA@ zIAL^A#ioATP4&UbxGAPGE~sivGeEsPh3s0`srtbw%Hl?gO5=8r%|JGGvzNx;~&dYFZq0B_T?{aws9WuQK({DgTaZ!Q5xHA> z^VsxF%954gGS&?O0f5z~hQlM^DQfVPtjIkcG!o6I(tGv zVM8JB-Qv(NuLF62Bxi#F?uWiQz=)xyKA(Nc=xeF%CSq6U2lAB7$3T%=O&p8ET@P7( zyrL^I2Cr0NWga1dJ~i4^CEhZ1=W^)O;qYBHdgNUTwH(uc;YMFnC`v(dm@ylJxMpUGAt>aE-NUfSr+F68w;D*)2`WA*{4Z_hfz4 zTZ9jwE8B3udkZ#IyDFpPTb-24&jWF<3KnaX)qe#cM#$3PaRt-b9IJ_o_9RA!J#uW} zn5B^6mf}h$O^HgNq*32ssD~PV8F3+>U$T`Zn^4x((`S%u+7fN*nGYiSj;Ah%+qq>e zy2%+WDfYZ`tSAYmPzbogPxE4n@{Id}O(o=g^#!fhrutCkqZfxqNbtj7g1s{gJN7FE zhLNV50>RS@+6SK+>GrSa}4s;G1X?MGW1x(?OUH;XDW+Z+kADyfgvMIH|zoD+k?OODR8{7#VPRAJBP?&vx=C{%+XTPrdozl`SR_DnCCRaqCPGyMXwc_Dlr<< zU6pB6Gaxw}Z`qb`3OsyE!Lpgdyu}#HV{kCldUZHaOy45d)x2CnZb_>y%YglR;*bl| ziW@nst5~~nbDK!y*W=-$IW@3BD!dNXWmsA-q}=9J%pDYyksQq6Xox3 zQ{Z4EjAP|JV<*1RktW{y?SMdjL)*|NFEmpJ)j$gUE+FbfOM&`@gTHis_0GBEcR{Yf zv}t28ur=vaktC0ljC1G7BV#4=`U_i}v@6V>3=YQY`ZJ5fQ?*y*Qql<%odr}(bMj@8 zx`h|P+Wsd_PcF&+i29+lH1fDxkf7{Gy~`!<%fo~-zAP4btf^NVdWw1c>$`?c)lHLB zGw)P{qDN%ASkVh#f6qPIbflGR3D*tOI*AH9YlQqm;{QYPh&jb;T>{N_cgDs^tMfdL1 z`diQ6m|wBmoD7pc5V-$^DRirK4+Q_t)?#TVmO(3-)9YjY4Mc}pntB+SMWZ6UmS;}$ zsZY6A`J#SQ;nC!tdeZ#XMDGEjdb(=5w!V=6m^&`GmLQq+#;~MRvH|X3HP*7;uIeV? z6;wFO_`2-#?SKlIr>UR>Rov@n9)B!t=A2^Umq?yOan;VH$|BQl>qAyZ0r~V}c+VSC z3t`Ac{4+RD{ngM0G;bN|Q~*l5F1AB;9VjJb82>fCW z{~CAvwXnkQ`5^H%spZ-Cl?C^-qtjJh`c<2LRa_fDAsSYL-1Oh}6$%oZnOZYNBC{YB zCX4fNn_Yfuv}b$M^Er7(*Jhg?tt!>{UxxxUr+__ zFbg&1+kv~T_%Y(h@m!*M1tW{`vic{p65Tv?ECv1Hq=Kqg-%WT05d?XTKzT4Ki`t$FrE1q=LXHXu=}YNGWD3P zzjXbbz1zRCwW6s?lFZu-njZAIARiuui zieTvJ;Xu@8508Ow#g1jg;y+(EW;VVj?peb#_W1*GLU=}WF(||46e`9XB*ioJ_PvfK&A%Nm4}8UpCz3P` zb~Vjcu7TlTpbOrK){;Aw;JI{ZGlHQwxX(v$Yq!50_>Mlh7j-AXka>m40~#?tL!?PO zGGOMEZ&NIKcLdBCPlmy@vT!8;)flHjBQ*ege>Z5bQjAY!+wA%emJD!*Yyw5&OE~&C ziZKXoVt#NBihyl`r&aCGT!-}$wbysC&>DD#by<6WkMQ&c^mzjBwoa4EIP&el0Eg>d z*D|#fTAsjfW$jgn0{s#huo@6>oGaPjXYeWiYqQVJ3W<{{!fPMS6haLdS3k)?+yS~R zR_a-R>%>8IYv%JUD$HCS6Do9*ip|S*-Lu&;wp`-#%XE?(8um-R-2Of3Ci%DM0!^j% zmORbM4k{;DE8m;qu69*AZw~ogKt17B_nC7_HRU0V4eOi_TB@k$#h#E zXU0)%7#pCVWJc)-sB}Rx>Hq>lq<5ksVu*l9uW_VFAE{C!QbLb(rA4}Q>776jke*Nj zNk0Ft&Ya`SId|^5=XdY9>#p^m2J zcH;n0t|iic!CGK@k&qU6S1<;3*agh*`~1GE!gVpqe#xD<@$Lxc*! z*Ng|RrsY&NNlY+`IBf@gfDe*3z!!-&~h|*6i^I%7dV7I=9 zK&qCBW2Azo;~Mn+3Yg#mUvdV#+}6}$g71BkxNQQ03+tu~6MU6vI5ZFc`^laaeSP*xxK0D%XSB9G2O7rZZh((H!#`jL+v<515$lT9w z1!z-IAqrPKSLe;oP zh>5$wN#tV>7)J0BpQiEeX`Pd&9YEq$B+!WEBvt24ArE^h_BgH_c0JY@-&ZGL&2xqd ztMk&H)hP9;kAF5Iot{P0spnx2)+f@Hi}H=E%g3OUEHih*2OZTs!if<%n!;V$Hfka- zbqu;3wY3Yoj11SPCvCV^9fBP*#y*e$f1p-~%u8j2rb`;|UNVgv)9`KN*S_uuNz z0`V!_#xpFV7YX9<{GZ3+4Z2h%V;E4Zgsleg>zr3s7;6W!famUl8wA-3Uxw+6fCda4ahQUKE59eZw-YPPj z2euH!wt2hL@)#288RIXve*OrJEcp*WM6mho#oG`C6=cL}G;!-JBBhfiz{xl&vUweJ z$?ko0Pb2P;ylera3>jK@m2_I?6wqZ^EJ5-tT)Gu;AWPwLYMx&*F4YxLtC4x-^wjAYMXv;;jWdq-r3neq1XT$=~L#3!>xzA@1;$ctp8HfBCNBvRB>ckAP%&IgV5 z9JMq+gwrn!vFiecbA?v(Qjbnw`8p>2wa3g#R{7!pFKGQY2l#A7)&XxLh>K5hR zvzb;ZrbIxT@l6)6d&j?Z#rwMwV6vqV2KFu1WasMVay<=YtGe7obyMhy$XXBM<9-&X z6ML`S(KP{h&vFyoo~TM8d~q;aF~f(uR~TpFbzPbtU*98ApM3G6+ci|$Eqtd>ZKwBx z%N$IvL^~SjnXA(T*f*9BO`4i*CwcQU&&qsaL1K$2^VvWy)LN)vJ9T&=ZRb~Q0)PH8!#b|LM&6TKkurL&wwj=QW%Rw+J4)%^?@3&qh)`Qp;XHPK<=GsiwfhuylVH1380n+p z%{dy+rzs6d-7DSXT_zDnGF#J|@m}T{(T`TAE}Y*gj^6)>F5;xGzKt71PSVPz%QniM zBp>(Em-W6t_B>snz3H@iu;R$+hwlp$C2nY(6uoe?((>nY9pfWFzCB70ebW(ZvoIGv zziXQa9_ZJeW>ol7Z&@^UFURH#jMY<-vKgF{#Anpq|B0m``Al*0j*YbwTj9LA*`d|C z8?UUcK5(&aJs`g6_s%YqeDJ5)pfH{#oz%Upv8h>-BatijOV~%oOBbPYJJ;+vWKK3n z%G&E?9V`>5nJj=CXkaW|+JELqCHeW-F}U7Jivo4b@j z%tjCM2jb1=cNz&EHh8qVd6JFPG?a>U`^@eh8a7Fb9336)Jfn2*!dX?`knC*LZxbzq znw5oGw9(2!WrMa$Z*ykj z1&z|~>!9kpMI6MbGUGk@I71X}qir%hG1PnU!TICI*xMA@x|eUb?5e$V?wz^Bd7%Te z0G*$oqewrMmUcJejZ9h{w&e7UPO&4Nq_j0 ziyvoE-i8OnZ`Bjw^K6zcKH3Xj7wzNgElJXxdW0V43AJARNo+$y?e_FY{oSw= zsYV2G{?dYy@;3noHP6Iwge>$q`*O6BqmsLVKr6g@>u!Pq4m`ohC>$-UM@a zb;wnvwrjL<$IjRDQejMSckb#l-T`g4GOlX;hihV4nUZB}r#KccXbk1VsHLfmn_lK( zDPD6cRMs(Qd8b8xE4f^R5Av`tJ9*F3KG~ps?W9_gNK1^_V;zT-*jrHqBuxE!mM)g( z43XE;yeMk)Hq1&BjxhLPmDP>XG>H%KKJU6v2U;4t)0%UEjOzf=qGyTS_vTN}8n-y( z{g|!a#<<%iSRLOQ_WSTSy(;Z!v;VEk;rA&zNA!VcX}p88I^KC??nF-M4zK$Vk7}Gf z55}kYQKEeP6t&MQiOXd=L_0XixbNON{;Ho~N1k=~bsgXIdyBY@Sh@hzIu2vTKwLvK zq_VmOvY|Z9d29SKHE6`m#hbUk@5Hvf!sF2^DQNQtrR6+{M%sH1mPIN%anrYF>5F^z zB<~5rbE~E0&i9rU#m4IGU1A?G$g$cv03e`mEh||gbXqAbNuIUkex@TAZ%${0Ht?c7hROF-qc(J$TOWiv(>_wvk6MFHY(9AC zi;CHP;FFD5rgkM8Ialg)oFAK)`QCW=MxCj-aLl1EvH)j+EP&m8m3C&cS=F)2=Az_W zg3qHH`Y!RvEk^@>INM2ODeB-G{NlssPNMU==r?NZ+UZ=;8C6Mg65ITMC_o(nh(|H1 zz6wJ&2(wigUTGP=zav^)q!>LJ`fVSME`O!_Y;<@m<^h3s;HaOf6q_1(OZSbAlg90t1h%f>UXXU1ivOoPAROgC(RTwr!hKpw^M`^6j}Fa z5G{P`l#ye24H==9=Kj1(CG*~^xg%8T8O6IBa32&a!-h&C^Z!igdCTQmJy0@~;8hRZ zb-x#yVe&J7YCgt5t3iBlJx>}oj+BX6Z5O#>Va3*w;)2E~(jHtk)w_Q)jUZP=symT4 zEzm7wx2m?3#$4u_Z0iYHOXOFH(%O7oX__>vXnBq8>Vf!Dkz-oQpkc4f)uI0=Dp5!$ zWI-1XL;(nZ{CUY$Wb+=)GM#~-L}`tYqQmG7<3cgRvQh{RTHw^T3p$niyCtQ6`7r!( z$0|wE-8}x8$#xm1sEdco7VX^WbL@M&@j2t^>c)Bk{m5pU6U^sxIThHC$nPH78ok{< zeK1u#C`-R3-y%HfxX8?jMxvW}dV)P3J~^4`pnCH~>LGM{Z;sAK;RVIYKZX-V0f_q* z3(XncZN?nGoZ24er4c4`#LvO1F!+z=Lj3~I0#6K`ZU~Jyd_vAG_50&S7bfiwZa+L9 zzDEAOT8*8TG#)$dePBJXA^X$;-#XHGBX!T7=!)8~WAMNzTtt$vdew)#m(CCxL+&I? zRMT`);YS!+G@HqZ+$MACmQV4mY(t6DI`zg*PxXWk?BVzP_C=}tw;1Civjk;$r+y-q zB9y+9TzbWSXW1*_)*`8Y&9jWn(t~IhlB(7+Od@p;<3{wnpJOwBYe0Pd#O*0lu z4vxq}O9P)L2PgF0-4KkBSESFZ#T$CE4u~z`FN{f~j;tL`Mh3dsM?Z}ntHmzpdOpl= z>tyZ_nY93UmTYdtjsiS#6v>po$t=s?Rs6Tr+x1~(n7Db9;<6+^u~IPZg}X}gNipdd zKR|t1Q*I(>;)qx3_f?-oxjx#lwR&ua(@g3}#lz&6qz9_a(a~LPnM1?u6SxAPF1__3 zsU%wNazE93-KiX#11(WW(;KD+!ZUe4=ZS}Lb@-CX zQdS&l36rQ=crfWC@m6QZa8rPSO6qu%<>^HZa|C7g;NUHtN3haTnQc(gC zMtkyJb$8oQZp^dGQCl1vR6|pJiL;HGN!R7ggx9&ZtX0w`HmgeTTKD_I=8Car9}XO) zs`xOp0^d%(>a$Rmx~(qPoZSJOS~w|GSGD+_&Fc2@=jUvs1a*C@k~H0Q5@B<&NtXur zZqK_E{qU(zEG(EK7#^PfGcB)1PA?~Ua1ll%L(MxKn(_0)o?&MzihoJGCpQt{p}Mrp z&pf~um>QhAf1Mw%iJ9f>KZd%eHD7H#mjR$rSM1Y^`9RQMs6!(#Ok{UZSomir7$FZ+ zY5wSu)WDY{QME@Ssx=*nlXC9twjMuxt_{9{Ot2LDSVo4yCTPi3cmSZ+fCfjI#9&{) z2kjf;j(f`LP%M4v3sW;A3r8wr9I1e`(DeP-p$b<3X{hoNlA5renT;R9U(^8P8T>bb zJtMq({=+38oazSLJ}hBFBb&`MD+h|lW*kj#k`#=BS@qhKJa;s6+E72xE?`^~L>?Y7 zrH}#@E@$3{1S$Dt?CH}>K?{o9{l$4V=C%fQJj}R7Ml$*PqpgbtI@N5CmgMIyS4j3~ zI2CD_36x9ZC@0-t)q9d?=OLe?IF}LcB^KZFBQp;B<)dY2Xjm<5C}Gkd!22jeFK&nCQaqTpwbk=o-8m}~&VaeXXFG*(TfX0gq5ub@sZ?^7@ zieRA^5uaG<`eopUHLD^LsOeUSg+F>C`Ma8I}y z7+Ng-8n#9RaTgmzTeJ98!78TDNNov1DXorg%>ApyCg9N1igS4?i17 z3D641FFeOtE?zFKihkqfNEBaPGr`3So5c5b_rIUr$>1KQ+gZZV-nKS2?L-;TZ8<{T zww;%q7xI0}%%#tX=V$Ye71XvQX$T2*2mlUCABHec1a2r-8PgrLW2_J|MUx~htU$w^ zNyLc`!ROwV^wp zJ^QISlrD)oxi=4s%(P_>q^i(L&K_7y*utgheSoern07STI%scy$UE!Tl8=LLYlnkTM$k|!euY}2185Pn8K*6<EwXdfC_XG>@6v57l0yWs-QkN zW9lQ+)`aZ@mVKa=6~nq2a{$6(r!Ns1xgdB=Oe1N6oxtS`!2NZc*t)X}3vg9MKq4^# z;*x+kSQ#dypyXW;=%o6tLB~}XXK<@J3b2XJCDam%c1=P36U+C=CGl6lo(ec_v@T*F zyrLTrq9-wvRm9Q&0Yu^SR*J|fU7c|>I>6uK%khZhI&bi z5BLAlJ5AFt`l6i8|_6J>d{C#Y!cqb=R;|<3+62j~zjVK~h9N?PC~6TxI2`S-PD(+^C;FpAW>4d`T;TLYr#}%kuKM#4nXd{Gzo~lszyI>TgV!EnC71byhbeLbeNAKh zb4ZK=4`y5pEICyizY?&)CU%~^M%iXdz4-h{#mQXz^O;F|sy#qKihK?B{h)N@y~^?p9M@4F*U_D(#3eeYAln(loc z`<(m!I>wQY1*=b_Xo#N_4+f1r;7iygnJ2p9E9Qxu82hn+)dKDPJ+Z3ijOi)A;JTgU zu*cGSYu=6&<0_l2J#LhTl{t>i5$Vo04W222I8ycA8TAX4S>E8tXw!1n#nO_o#g7)k zeJSiiDy*o3xge;)-3GF~3x9*dfwqsK_d6ntXieP9A4gcCd}0Y*H@v5Kh`JG-XuuT{ zDzfZ=w>}^HGZ^nPyW!c|&aeLbBwu?!&cV{9++d<DsH< zR?bGk6VzdE7TTIF&5a6Iv5_%+WhdRS36r+ruIDlhYenbZ=kjUTOYC0xHYvi*-qhqq zk>NZ?zq?;aUm9XxV4Z%gUNl$Nbi`1eh3tA1Pb{Drm7^uQq5Wj<6CJWD(uBxaL#u1Y zl-6`|c+j^CqPVS-MfMpr3YY8;l$Te27!fV}9&gMp)YOdGHCy`_aU1k?6A`Z>7%G*o zXlvB)pJJiIqGHSAE0bG(B`4IbO@(T9>wG`3VPX_1!*iqujIUc-za61PFz<45uVaMr zO2S_@7ZM-ziyVWGDdClm8tX;SwUO@V#nJ@Qn1=ceq6WL4!$~`w!=9f5H6$r~H3RuL zk6T5OplM1nsn?0vTAjbBwW&M&p|MYUwwfy{B@lXwS?FAR_yX3@NfQQBEK}iu?xm5` z*-6a+4|0-;=KB|vl`sZh>IiqC{$Z+5#@iA$7r7-_zz{cJguWz z!6vPzsK*~ZtGPGi&2@^F)s-R~SvU2t_g2!48&g~nb!4Gy$%Ve>yVEu8L#<#n?IJb6 z_uXlbap9$_1z_+5@+FB{P@uR}YnkDm(RVF@-_AMrcaO&zCFxnL${cOE@Qx52dMPrN z_qLoyg`l!%3-gV36{NE24Hs>@;F|t(?S%dF#0ME!xu*|GS--|hci+_gVV~ZNO}eeg zJoYCN1&JCIs@`WZ%(zRd!2d+zC=rp1tgGgJJ~CQISyQhANj;`AH8~IDEoq!`NFWOot>Ye*$AT0lZO&VsT86L z9MK9UbFF`P%-o>u;(@$(t?PI;G*Q{<^*qkbh_uFVF2~Ct3 zGre|fRzL5OQ3cN_=qO#&x~)0~?v%shq`P&51qcXLgA9qVs?`gQUM$i94L z<9;kDdFziljJfb*<2d#x=7$?w=eQiZ^X>*K7rlAyKWs9x;?w4^|M^b)0@q<1ZTyf; zr^x+TQQ);OrjhOfVQJB19{F&Gxc;gK(kecQDN&Y15zI09N3EQJA#mP;*9i{ofEkh_s{{(IE(Xx2lw#gi*twM9aQ9I zQ&#B1=x6brxO$+%PJcK=Z<_yQ0;&(TC`aeM|5?sZM{7WIQ3@H7EK;aU#XY?v;=uC^ z&HHS$Zej&CdK@L9`s)5fq|Te*nE|J##;a(a#sQU*SM*APSlFKE4^ahDoGSuEVbV|y zNF96Pm|2*@Ak_FchbzW+;zpK!!_{bS-ZmkDxT&+~CYVOErkw2|XVcg2n&+KnPum+l zEibfU1E8QvHINzrS>&b4wV>-BF{!b!Q1IU z>({v&>JF+p>D;S5VPQ_zYP}zOK1)0L$BK}8fB|@oo~`@(s$x>?FpSy zOIr8!s1AEHj_eXW6TUW5FQ(Aux+R}{`{``m^q{x3oTf>~G?LYSrXsQ1GqUlH=t*)8 z--^_JE$_xq!KUf#NyUTnm9PoiamID3?avda?>-KAe@{gQmYgVV=T2urJm1#{>CCR8Mc4 z8-#Zho#NMvp3JtmK%4JM@vrMPh?*5C9dQm3>Uk2a)^~48GgMGBPgOaQkB?~zH4+Pf zhms{W;Fr1Sb5gj#5a6`h6RI*Yrs|vl#YP!QZvyI!CE&tCMzloyznaY2I)eG z_a)r%hpuQPm2vuXHa4*k^B0u@zsMtpv zhS}6*&2teWws*UWFCWsV_))K&@YF#5dBK$RgH}e_QQd(9O3qo@>H{$s7#UbWCSQ@{ z{KHa>lOl~L!>r6@`g>eG#W?g!gST88JSsNz2PhrYrjUVR5z|jWL?8r#!To&6SZO90 z&OPFqeIwH{4DsENIqhvrLv*yWw14`E$DX8f%B??Km0vCQ?m1uERHCN?W|RcLPc~58 z4$M!MHO@7lHtM)rRSf!|NB7*h{AknGxG~9GN_OXV-o3OQ1i_fO_Y;fKZ!`0s5rqE* zNy9JM4_v?-l;?#3K14K$)hldmafh@1^!{;Y3M!O?t$V0tB>j?D@fp-5dR=UfgTgM) z9mi#-)3Rbi&u~3gXRM?@|dO6zs z2ET)^@3=v{pt)|^ig-5pje*nyHniu%en)<070e@<9lIZBZJE>B>3cly^()AcFY|25 z3$ENMqyhnPaVwDwT7ZVOcXR%I7gvwl?xKlfG;BS`lj~x)ei<)z+9HPm3+CPWuLe74p4h?O>d0_I_qj0-{QPOcj5&0I`%-dAWdXS;7KtSPTOS|Y)IKG;L!6QTyb0& z?DHNnu4KJ)VTlX-(yBg$-KXHcywg`5^mFP zx;k*eOhhl}vWRxSfkEH0Ki+ckw93_9=BbMB3iM9lu@;)6{XNOZ`vP4iMpD`O#t!_i zFVKiNSCrumS>CAS20MXSuQSP^W9tCglEiYmPBmhWGE4}xEwVrmLum@fP0P_rFrbPD zSDNI`12QH*G27IlgV?u`q)%SB*(;VP{6qW?z}<+L+r!m~px_GUH+Hi!r|@B&B9 zF1Un{nnnxwF$QcGmq+BR@B01D4}(=_0(Z)_b&?P)3FGlpprW2uvQ63TpFckjaZ&Aj zH?jwdj~dT&a9%(8Uc*Mg*1{z;P{mSMD}+2Hn5C@NaZxp+LUP?A zB%LFjV~Te<-bRuU-v^%q@$$Qq00=9x#!|FlPk8t#Dvi=Tc|r+gO=gLz_hGrkDWx5?-lhk`Q?9(wEJ{pD8d$^Q2tjP0;evX$> z2tRE`)g)h~*SVhHC8zF{xk83XeNChDX7Lh0jFZLDCaKjC>gq#t9^xdfweTPR*17sT zxC&yiCP)l}h|_GJSW4l{krk*!riN>!6+z0xj-r?nH_2_p(VWi=CixqXDt4luu&t&5 z-?W2sVm}*qEY5%ddfXNVJSrRxa6WgiwH%nR^uup35`^vJGo($iCNTIfr9(eQ zn5ko|eT8p!f%+RdAo7Vt8UT_`0Md1H^2SXzF*>lz0FkL^T6gK9L)Ikv3m|lPAMzni zyeDnTh!4}DR;!I{Afst9LLz^4qLT-?!tQ7woKzO#Y+#ByDwQ6CaT?QA2MLbydY)FH3u|G=#OT?6%Rk>~#% z+4;}k?0?9&{OcC@yrKVFuMkHOpH+6R8T?IUH&2VASh3oe$pq~Jgjt1<40mCU@VG2?<{GvabA;cbo{Y`AyJ%t`^etYz9>-i1C%DV^p z#?BvJEYpbCwXLzcG&asB$$o^>XbGANVR`prfiM zT}jSyHMenDlP$w{9xlx%VwBtvkL;$cv2IM%I;JBsy*^Q1`{j%;WvGKA!M#NysKz2A z_P*LlcjpBy7sMmXJZ%2&zDKaV%oK!`T>zpO_n4pnn_^0-`^8MvRr41GeM5%rn{T+l zflnQK7oumF%?IIrkTy<#CB3B;@k0!csrjKW>Bw|r#fR}_mw|c>YNj-zYrU++K48y> zN}H&@mNoZ%6>6>uPO=Ra7a2-b!!+v%&4EI_`z`A^b)#9F%PolZ@J1L-Aa?08C8xeD zUNecZW=2bR;g;`+!)9iFTqUw@57@TMIQF-|yErZC4iUJuoUD->WH<0cD)dK%zeD>nTpODjKDpPD;X z=RSU<*UH3>o!0Lf#}}-g+|sXKL0R@)+`qtS&}os|zE|4VELX$P$xFUWyjesqi|hHj zOS*S@HXn7Tqn3+Hd=YUKs!QyIi*&>x#=#B;1+P<0ArJK)<;KDU``nz+nfFd6zU)oC z>X_BsTQh0WbL>)n48In$Z?952Sr7=rap>#2+azTq;f+lU(VHCajSL5euCV7NMJMH| z?k-7BFW&ph$cRa8;K9RJ1CL)gqrxRDxNGsKmf8hX-Uw9@-k3n%VpY+jCh(!+ES*%% zBreHGwNSyU(ZaeZT#j=(c=i)I_`T^Tt{zc4@2eehCqk9iD8ukSjy=2C4D@;=Ma8xH zH}bA_s&%agbLSyJEBL_EymOLEijAyqDyyo>lOnh=CMK>Q;@zg5!UUfs4GKr9X@{H@ zQq61xGk>H#Ug~t0IQ=1J6S`g%Ll}2P)h3J5 zaH!Ctla_I2#!)oXHzv$@j%c}iu1^IxpWnIF9iNd9^-z~T60g41_rv}T%l)V%y(wJi zvEkt{l$nWBj8ws&%JvOm+XyQKJtNUOqH%iQtv^`X2G7hj46#O z<{hyG&3n7MvHGoe&2(c>Hy_K=Pn*(Ax?~UR57LH1e%Pxdr|AIPZ|)>Sf`5%jC(#6O zi!wG8?jMV31geZ$C?rYqZ$Z5pG>wk)K7F6dm&d5*`yUTt$f0UOW1d$$PmZ??Tf8tT z)(SPY(OG&Fl6U)70s9oxBL(PkGi;uSDa@4Du@5M8D;@CH5ByN;s^)nm`F0Qafu)d# zFz|EM@Xb49aP@#?IAKr!#cZ2y-|8%lMucHBwpVQnHWvPvIFYeqUXktHggVj~RHV*< z%c61i$%Od4qJn3A*Xd*iN_m=S9z z{ERrdBrwFk1Aj)FzQ&HK^IVwE)(+*`w)E6JlbHCbxagpKLg7G6w2E5gco$wx$2r6V z)spV{17km`yEqSN)+f1iOsQu@%FM!`x}--kPaIhmvkW+hy>@tYj6Ao9A^Xgm^77X) zvfn@9Me{}X9Z^4jeCni{+6CZB@|&?x#8}x&WE0Guk+;v}r8c0NSsQKYI!(asa*&w!z8CILLoqZFm6jW{b0YDEKw0Nwawr9pwK z!1eN>Gc*I0qysgZje06n4!m`T*z($Kw7ql!`qUQAK5F_|jm~C?wrhOwxCdR3xb4CT zl9Ob0mzP~;An9;bo%B1jzcn>(CJNn44)GG-42lgkoPLfT%H6|dP1y|PrIyT?3+E|{Koe4__oD^VOoo&N+u+g-8}ZZ1h(f4?1rfH8JS zr5#;DydJ2u%&fDxHBt_f_^F$LP7d$yquz~E@fO1xGYan-O5^4*b} zhH*B$NwyIjkI{-!OSH7};f&J{6&9mo{8GX~%Sjq>Ot`@ieE7=OrtSaAJlW@^{mYG+ z(>E&*fms~MdeYdV?RQ;$sCPD9?k)5S#ObL;F=#~Yz7HWNdkQ!TCYSD<%V8@RpBpI1 zW)@xVTijBJ_s+w=Bg0S;L8l7J?lSsA*6mS_I>z4-T!+p z1VlIt46#sLtZK0=41FrW$9unbQ~5w6DIodefZe*r0dhjK0)sEa@*vZakE#m_8R<3+hziw;3nw{XBz&V zz&Hx3zbXnI+Mh$gHI7SA?0}G*AN(+Me8HGMkg7iEUzU4?oLPK~oMWcBRqIX)U|3qE z-`9uuD4Rr{0D`f}sOd*Vo_cD4CN!$%pJi((orUCMEMcOyXq6 zhH~=rB>R$NxkQU3eJ9rQ_pLveMFY1iHx%Osb=o<{*KKd znG|Ngz*CQZ(GlH-_|N`0=7+2x<`>)4c&j%tV9HbrfEa)D#{qR4>#7u(a|HNCa|YCc z-L$_n0Ogo@S0%>M`iKhvHt6p9Up`qQo%0E zKxBz#;*0<^0sdTvZcF%Xv-S@KD{Kwam_E6<+7HXO7*+CVuaS6C&|zMTS|ovSljyG_^Jy zZZa}DubqnwySUFrwl{eFrUQc;1h?a_ZaO?&xdUAJj@En^$_TE(AyyZt4_Si>je{&Lr4dw5SgK3FEuj>)Gz#|Nqj#V$pz9^D^>amimhettC@G;ZPk*ONKuxp z2)fG$Z=XrKBTas^Dc&{_T}O)ELS@-`tkrznlbwnr&C2K2t0}?JpbD}wMgRoYykzGH z6!iNJz<&Z%_FF1hIqUwU-LZHzJ3FLE;?!^CkfI*qFT1P4yf^ zVkb>-V5v`_!3?QGOCvt znAPTS)IpQ`#A0OQX&zmwMhh56^Y@1JiMCnQl|B;RkqL21kb8e!YUEvK(&UJ$o^tp- z>U{TE>oRH7AP{(nnDz{kZTrbg0FsaA9z0)ZS^pe; z&U2vj-Rdx9dM8@Cs;%{yrrIYKlT4iSp~Q%t5}8v!Mb>NL`iRydbI7?@FZOd~#AYnG z-%EYDz`+rp@hoT1Y|cGD4r|BW7nYha&#`KZGBh7j~Zw)c3X4&bwNC`ciRr zPlSEarKo8^&7$iRAU)O=&Twq z#zq8HP+eAuLq3*ou*77|ZE?P@J1*pui)!gMg~iuDT(p!qcNuH7XJv6-sWpaqR^Hl_K{0q zxa6dA7GGtAacKcI)3hyS<;JI^5g`iv#y3q zZWEPq1`(G31hDUF^Op3y(G9UNgs5BfOjHX7v72V4-EUDA^HZo3o0@E861S?d+ijG* zVLyLC_tHRnXxi(_z#~3|{U_q7Kofc(ruW6P?dtG_ji~sbHLHO7q3J_hlME72xGs0Q zx2Kfvs)mw&erl_KUB)zfdtiM_^j@*Mqw`7v&f#Q|QQrpaFovtNDrdCWEqlQ|dXtbf z*3yt(-YX@NWhZWX_a0xo>hiq^gFC9{>LZX++r??KLYkVZQHg2vH}Yj`4?eM6q{;>j zwrQT_e43E+w80?fDM4FvHOsh4RWCNGL2G*dFKW{JyP3$OsfQd}JnJKw7^^|9cM zvj(R<1)^#EfE^V6iNzJyfuNp8Y^Y*qJizERz8+qRS_F;ZgW&J>PeEb`#yJ?x5KeiH zZ3BFdz4*<~j28+x$a=fTs4^xII*QtPL>C_`11vV?l3#RLw*1XNCKZ&Y7Ll#Pb~XT3_kdVq$_3-ehZvW7zpRxw@KP|rpv5s zzm5zWL`bC@|B zK&2>rC;Zh;crS7Oz{w>q!T@59Bv3^6gjPoWcyneD;U%hIRXH1}J6^M+T8xHuLEH21o{+(u_ z+eMpCnc2{B@3tM=XosnVD&)<6sUg^=if`qG-C-$YlM30EaZtm> z!^>98ip}m$td7#dU$zGsod;r-#VVrkh$qofCv`EoOF~M5dHEmm*F%S$Y39;YSb*yx zf1V6`og*g4f@A5@CXfBN26u{IF6kVd>n8-HBVii!{5<3LI!TkNx>5I1=ZOa(KAO%H z>tlvI6<#CbFz$+}-z+knTQxH&N&kREyE$Z#hQ>`K5YOChXAX@GnZ8s#XYN!{d`#nj zipT~qqb+b0A`6zz^=dTEw;R1~mg;I$#g~_Nm1M1(B9f;^H6kY*+OpH;CoZf{U%HqD zv(gt!GJ2na*eLmmQEDuoGy|4A=f+iRdkWt!Y55f)F$U zgO;|y7D|{1b(zMk^dgqUp}0)@d#GQHk&`m8KqMMtz)0tT(PhGei8}@p^P3LXEhIe{ z)}j&~jjh6t%0U4;N&~Gpwd3E=dca2BjctJw9}wu@dV>Am|AeMtHe^R%f*Aq*psYl< z0D2M_qnmpNp9N3fcg0|+w%@`E$ zg5}5F*r3HRT)$ol>uL=cxq^eY=%lp*AJa7;ZHxRlXUi5KZV`5(0FmlsA{*et)km?- zRUl5$v%zS|%0)!C2edZ}0H)c@0ODfc9CpXG9}^3Qwm~cxap7NhqERi4_^_GrTx1NNiKrDX+IGj88RAx^OFoGQH=$sZH7;|MYV+_`A zLvCM-q;F_oTxEAOKnFn(C?|emsVpZVDN~RYVoMVYKuqn(e`ErUG&|;d>{c=M3W;*x zj*$?%Vu57HV={ot0}OtWG?i1Q+)%;VoPQjN#RQf zP^iJEU}xwf12M}065bQebjJgC+p|+5SPlZy69+|gZYmH06o04v`rjV@_?ln+IvVvy zuX+L}%>SD0Zb_peh2}X21kDa}*z#2o5uuFH~2R%?xv*(bXFQDgmP%Gj$ zy@Sg)nJt9#%YR=S+A(Oq1_fO$=H134RMC^iwNOtyXnUI$`tqrTxV>mb`0n6HtKr_)LmaBTAC!VKJ#6!tq2Uq9gMbq}-F}7&|cd3U$9+U`K?fvDn)`p4f z#d9b)Hu?@!=7R@Ghlg5k_SQ_0ek_y7twwin;46T9Y3dDKWa!XagB&e&iI%BTIg+8w zZG$?UC#gXg=Yr=}YL)4hFx!Qm07~3uw7be&%6|pMg8LIG+PIP2;ZH1f-t8pT4Z~sd zZ7&HjA*6UDqWuA{ye)(E<=BstN_EN#;T+@2%Rht}dCI2SDi@q4w$2*my`i|eVJHJx zoMrA>7=l_jG)jsmwLsFeyylJS{gZ7!nWl4IL$qaTE^|6(MNMX38PZ5^e%>4GnXO$T zf?T)|KFQ`;z<7E58@dRHStCq8m9YF`>@YWZ`T11Mu-VSI=Os#5$^!-B32P29F8J|z zN*gS0GV~JFA>HVr&AVr6 zU04WT{QjR>%zxi=g1bPR*}p-*k}K`a&P-Ie?3#gTET#_BUpw&RPO;xKa<8lRo%ATF z_7*eOpq=3>r>LSh|K*#-G9ld4v;fX@g;PA6ImTne=}~x2!xifI(s}HTu?)V79AJPGc%@VgoE%vQzRd%DoaQXJhp-3OwNU z+D7LITEKP6OpG6&YyX--wSSAyvcmJ}XQHAZBy?q*#qHg>I+}HNA1Fs{LW^ku@%2SZOm8>sRrteoDqRfO&=AAztCgY*OReNABKJll_P=|-Fyk5@#_@dR} zTw$rvAg&v&6UwDKckOzQ?``xv&y^Zd2@mn2A?|!uz{4dg`?N z1Y1nA1mrRudLzu&r-d$?Txxm0{=0zszcsP{CAIjg;QYT?aDx6bi6+|$>4?zpfCIk@ zv}HvYFhVgnD(-(C7QTFQZB2Y@_=}#7h7N*gM?34nc-gag93WoK6mcj*6(t|`iN&)X zJJ1Zj;sZueQUDY?wGB`2d*}G~1M+`(S|1z8=QT-X-2|PvHkIv0Z;)sG7ro?5NE9mp z#s?Ji+1S+Ey}AyhPQQ)OhtKE!Yn5IQf}%{=e!W6ZgVTF4Qw$a0UoXS##curs>FxXo zbaVN@YOFBHxYz94KQqYK!|cpU*wg^J%|H##78^tQB4;TS%`Ct!kAv(i8e$#jpT;dq zeol0gGd)W!A^NX!mf2RDBOqOx0YVd8L<<7_HIiu^9>zW~1AJ3J*O3#7%kYS^qesK( zfgl;RhL>)3D zaKuxoRhISKW{KMcw+^vmM&|l>v|dD|H?Z*Y?0qO{N$phakKa6gdD*R-Aws)G37C>u znx!Tf0%60A;GuJOtDXSqMMTx((xgcyXe{stqzqe%YRr{fLxUU}Hhf~D^a-MPberQQ zQjV6(f9zz^lz?{HbZc9Z`;tfTRQF*M2NN~N{y^)c<3o(#I#a0z#q;)>0^FhXebGXC zex|c>IeR|d%9Np3@*ho(8Z*$i28=(>;`jtLt=8ix1CyYKew4;thdabLc5B$q z-}A!V2kUe#yN36WN=tow6h zY~A}7bhFHhm)M1)d8bY^cA2$5aIg6_fBDzi>E65sZnaR(4 zMQTOxMHuGBxSjR4()$0{dk?6l(|ujo84H67s0auMu~4KLrAQ|#0|*F6M-U<+B?Ls2 zDkUQbNLQ*-RZ4^akrFyY`Tzpbdr6Sq5^5mD`#NQxnX~sk``h>2Z?AptIxd!LQIh=I z`zz1;JkO7PEf}*b)`O{h7K?Cc+l;T?wYc19u-zwWFx)9|aje~Jvi-GK`V3R{r0+v| zcrDD4b0j-3$5)=xPKs?b$A&2B6Cj)m5kf_^LAJeH>1<0Qk8gx~q8&M7D)XCCKSwQg z`Z!zs*k|e<{7xmAFQDFzBKqpi_3c-_KN`+H%fC?4_tqdKZ`Yn#pug8tS1LR_4nC)J z?ZuQ=phVM`3LJMk%X2N6lY+}j206M~ZW#U4tX7lw8_f?NNIuJNm(xwjV)pC7lT6p5 zzB7U~=mm)r)VIy5?}T+kzsiNM%Nq*|h3|NM1!HE2}>6?52)@nyF z44{;s#^k^5Q;k?#`-s{&^^acwA%9o?m=VG~Ir$Sn*e(HIdAzUl*M0A7NmvGj>;hCm zai~V6cG$cki0R;&qGiH}`ybBHS*7s!??C%y4VJM#1w_Li+X-+wnK;QnfKKwccLM6O z2WT)sW4(I=)p&@|wRhSc<-Z>U_XY+(om|EUO{~XLr)Qzs5_B}+%5|~Mzi;3LQ^7^5)N_b1eV&D@cy)Nx2WrOPG z-(wDYrUc1wgdb&G|0M!$-qU}0yS(gWs*$2#OQ#7i)tSU8YZfF z*A%`U^*v3_*}i>Ux5|&;!e)kel3h(A{0J>@OxQ^(c@bnBy2c}8Y;%{rwGrj6p}Rv1BF@e z1(4~g;b7<=g=JdI0-5YA+=yqvbv&3hAuS=yLt+oG6nM$qX&^+O95H_}V*gyaB27@i zeIn7*b6ZY})I@kUp1G@>YNn{{j1Ym&B;>>0=z1?&to>4fMesGPcr}5zc!ELPYKr+2 z8M|p|+MbMmNCTc^GC6WYvpY|E+`b-il%|KWb>XNUS(!~GvH&`%;d+J<)#|NFHYH$E zhwAi+M?2(0@rM#Sm+{-z53#ijkU(FZWAYgNy!rF9WXCvr^@l;@yLaa_yW*YVX5>9% zVJuA)uKIp52hy6n+sqoT+2-0{hzY`IMN7HF#9^%MErwgvI83r`XVxsnfHg%}o8(2! zzxD-9Tdfj!3OfXC|I=d`o6I;P%ZmCutw<$7Xw4AP&RQgX^JXo_*L{=x;5na-iKc|S zwx=_J*t|Xo1X&@ps}D|p-S@WHb7u;+8v*<4kARTbB)j%lTYzH{9sqP~|Ne`&>p9*5 zKjK0}t>_T*dCkc^2$O}kqdM7MHVypTA1cavN(ytd9}MOr`T7Ska;zMA@&*P_j!CoI z9xp~MRGm*AYktZ0zO_h+Q{#G;xNu2qzMw)sMpG+G<3Jz#OvKq!by|0FFT+oQ-Tw3p zQuLwwH10rbP+P*eOtSk~L$2_qzQ~*E=ZyN|FSHNW$6qjfhnCSjxu8C_@#t|}O7td( zihvwwG>48#45CZ~Dpm#0FYwPv zycK^GR-3O7Gly6^*`u%5*|t{fG4H=RnBoaC?f<}R{~ZYKUj?&8nY~LBIg=(g8|*M4 z@;09HMpl@bh`=NDsf^}%t;$QHZCW4Byj0&)HXJ{!A2EHQO;kU|HST_F#Jm2K`)QFf z8G7m^_T(k1742XpJ%yp<)k0WoxI`LD+~4SbuqxTdudFUuzu1kn`krq>C&8PFUp zlx174*4oHSd5)Hu`=_mx59`L4-0jgaPRg2scG0hq&nb`BAQWNzie!2*x_Qa0TJ1^c zBulM;L}F02)5gzB$V{z^eAUXtGUk_n;~=*5daCASgZLAEOx}(6y_pC7?qu+8DH+Up zWSI9YPC6{D0zGKiH|WyCV991HnyH-d(Eg-hlw@wOW~!*!(e75*+J-T{of zI>uA`2>e9P<6C80j(G*S^KJ8s+5?A2XB z=OXfZ=UZ-F`Y+I^U*Ta|8sKP#GsfCU_L{X6K*_viLdhX23t&T)uG!0tlh#!Gh!-#} z0^UI8Y+7vZr^FOBef>iMpTlxRWzT5}cQazkp<0HCy4y0DgsO|ELiM&vRMz>7mZx`3 zNO`?4N3xj)t@E_bQN|R_#%x8FVy%(Qt=C%2X3fH!D;1i(v?Qa%H2WHgcPl*++^NH< zx~?d${+?0_T-e92=YVPVP6z_YWebj!JB)X#$VDkK|D(n}xmU)l~PABC~| zpB>S5Cc*2ID%A%bg@n00PZ|%^oV;3WjhiN|B)`%Kb(a<$JiPK2@#x50AJk0`d7+(O z(tn}|$)aoFypma452gsGS^A%<8gJQQW1>mqG|T;L|GG)ukdT5u7K;{ZzTGJrYv85j zBNLFlYjUNsOu^;Ib*ugXOb{b^#o5`(**PyS|4ngGaR9G{wzio~84iali?l8)EiDT& zxBz4|H{J#dm=Pn5j~g3(x83^dc?sT+0pofuK4(m$bx*!MZ1nc9+d{qcLNA)*2g7G4 zzG<5-G#?KG+NPK=a2bUEp3dxB$Ks7`W()J@rihRR0d9U$$?|fvDk&;nkoGy_-5p2S z7)`$H#LU~TRaE`*96dRcoL@O%M=oaA*B?56RL9Huy%E-sfaV>|OY08X_=Ua_+UUK_ z6fAkOMfsDh(?!b=ciWRasg5ym2m+}Oi^eq$rYf9VLo5F{5t`n@)T9@xB0#Alvo}N7 zl`IwXh-}sm=3(P&jf7NSsFyhzR3)|t2c{862Yn#HT{z%QD_BtvXuWS=VD?V1ww_D5RDJbSH6R!%WM~vITZePq!5`dQZYV6Wg z_w?r1>Lr_JDHG5p1F#3wcGmE_gf`6)?=;aEv!o9`u-vkr^lfXE5d}Mdz{(AWO%rn-eF4nN7*CF&8hi_ot;)B zTUd$r88&8Th34B^e$d7QpM1D(7y)XzIZzd;qAHOS)wXega9Z#Q&RPq{vq`)X>3GzMX)_E{p6&r zk}iZ#cXRxQ4wDCgIUKZCsJdqO`fK0AaW3%a*b?$~nKrO#HOyYqSa`BhD>-eTGTkjJ4=8q=@7 z$fd%~SZ)gRcVFa>`TGgMxcs5<-+Ym$1=1w@rL}#A?#BG)i(JAdIcZh$t1t4Mo|RRe zo$Gz~0_TczU&PHDM#RR;=yynXd+*8{E>DViObqzxuYK8^J7od{zIF@mWzn+2Fe%Hy z>iF%NfrStn-!SPsu`Ifloza5lq47@Tdp1t8sW2nq{BAB`=BuIBDrl~Nkj5o=U>QGq zKkXVvQoC!mm;b6>$dj$0X8hyB4%-STKs)W@j7l(7_A zt0(fcq6@MlFExUgGILl;|G_2qlSzY#$+7XZ?c)G2yZHV$cjoTSJjBc88rp4|^8XgPZRj>=q7_nMR zifrUGiEVpnkSTKASX5ITjO+NiPjI{@#=Pu)I9k`;{?v6~p;n~5;rC5?Xtjg-drT ziz%3o!sVZOrDH>A=MEN5aZ1-uWlcpx6jx-gz<87F;vS92dZc=zmmMZew&zlDk#aQ? z>;B8`RncvfaN@<=ALZ?FnAY%4*M~`M>o`TNy!h#@JX5jRjHemUs3*E5gCBsyd}rb} zhxunPZoCT&ILtq%Y2;b8+6XRl)xya1<%1<_Yzv?ChNYERdqo^wbaHw1*eL#=TMm{S zr)SUoTomBl)nt9?)u%OXg?QnMR`-_%k>hCo7XhP5BZk=}+NKWKU0^-hd**kzO!>|4MdCj-37U4JVB^_^{j1Rwp^zr%Pw5Bo5AefyqWy}7 zb(Uj#@m#R4vxmRf5OU%u?6|aIH1i_k)ZivBZov0g<%1%IP*04X!Gw;6R``v6p|lR6 zb!lpAyu_E;=KB1b5)QYVjpI-reH9SN7{{Ki!ekNML@O%A8f^3K4`ApMAA(rYESYoy3A(_NW9@S z91q-f-La=>Y~&LdVArnJA=3RkU{BY@f8Zy*A5}7OlP> zpHsErY+-N1LX;1`Oj=Bc317KTr3LN3y_#&ECgaHApq-F+8lq8cJI5^nX(5?g2{y;e}%tnm>l$CV_3sBFkemXW{O%IH9 z01eP1P}*6efZfg^{O&OTj{+{yR3cg}Sj zpw`a<3=90W?jme%aytZMy(%QYZ2cf3l+I1SKxCtwrN@J$j!vh5d+W){8&JJ5m|ekiY~bk*WAKf_88-8b!Ddge1@;rFj%_&)N>>7}0v~uz9{3-1Q3NZC z3UTzecf`Keue~@L^pI7nQ16F~pa&r~n7gz*^nt%~3VQu)Lv!C|eR28MCAp75ilKFE ztQ0YLzmuunAmhxU;i8HJ1q^3)(ab98Q*tHx)EHU@YL{1piB(j?GVd(-^K$8{N-HQy z995JTBVveHD9)3L6e+1ULBwKa!2NIa?n2C z9jc~(8>|?;f|}x_*if~61xV>l_=DkD_>x{<4HtKg?dbOxKe|I$y~1x)_WEiQQq_Nq zybEgihLPIW-pV;Xx3gnLG|xFBOfc8)Y@#n{R}L3+C}!6fN@28q9Zcb)l7_%Y(|R?C zomrsrsRXxH+y%S3CgBE;R*p|Z`_=yao)rlB2%L6engQr<4k(&p zDW2BS{fA`(88(COfnf6#%lHvSdFZB zA&j3lcBlqB2?++Vk8KNvyzKb=JHKQOjO3~Fx^l`CA2s$WZ$pcl7e|~3^UwF`@V1&z z?|XR4QF1m?1tF0o`)M#q??>7SN@}a8JnG{wG4JcX)3A{ZhHlGtI@s9{q4a;SrO1V zpQAbzVXLdKouQ?PR@kiAuOi&WPSh;#FWhbFlfRPV{(=AUdwcRL^7G&Lj;%5JTM-Jz z4E;`_F!E(9pcT{iLg-B(Hp;Myx6|8xEka8==NK%2S{f(r-wfMvh3|n2&4-KzoXM97 zzlewz!qjZjfAtDXd+$GE`pWY^F3oql;7K_sPfxO?bdj7@&Qk8x75Ms*0{B$Tf{!?u zYu9+zB_26hE7+rdPCbD*r)%MWqhFD#eqY?TB4H!TlhYNRI#pX7y#3h}6H=X*P?XJ( zTc|QIjLwW1&>%46Nk5h+2M@SD&74aneL>!{`9ZBM8!Da@Q8?uGt^%zfdc5hgIey#} zt*b-{+d%%MASVtj*gpJoPH8shjFSm$g@m*+YrBd=LkGyQr)H{%46k)sNtE09z z1HXz={qx@Qe_X)d9;)wlx2T?skxJ9$76OE#t|TE*izX*G^VqhM#zWU1NYDh)t+j&; zc9us>6M5&7J1qC>Bnd^E^hsnP`b((1jj=y>Jiai6ST`&wlsUJ{8EI(Yqlu-TgA$RJ z?65Oro5sb{EQx*^-(4^z-f4R_aX7I`&UVuhTn@y&H>>I56<`+IyXoioy1KyUSzmh> zl(l|_@O~M-$9MW%-2LoLYbyHObqw_@lGcGO4ZiyITvc^-Rq6yXJUKLVCJAAgreSAy zPsdj}OQaRp9~uCnz&L;c%P`KXT~o{I=V~w3IGKpz?x+hNH*v=d=F1!9o8vU)`!FV% zqj7WcvLaeK6<0>>{LZtlOb#V)E0DQX^rq8QHuW-ng-P-BWXe*bjhn$lLenRIb`sTQ zXJi8X{p>8^@u47en+$K!Ap3%eLLxfBwztK&s`}yP$aeAC;BW)A;{l_sf03BJsB+57 zC31RfFfBI?60*Knl7@^Nki?+;Y$>wag~n4gyI4BsK5Im?yV|I@Y{ojjS$z&FGrY8j8s{TV%tmRRt?G7rHL;;f z>LU@w${*k)j0MWe`kef`$nu>wTa~r-aoCUy;oOldHMcqc!l=SPi|mvw(x)K;B|H2c@rv?6cbi;2rHWC;n+(bzAyU?3w#Jc&NsR{^_>X@s#T ztnH)lHlo;-5QOM`Ue_BJRRqZ%#kTJdoE5ea<5q3wH&(NZUW^V6H_ckX$4}lbDGDIY zUYlv`&k{Annw-qRbY{lgtDZC+mKdFnwa<;B6skK9M54HF&PB0(3m$TtjTC{5^H6c)9#T|S05*#n{uw^K_%PUzclV3 zuCq13De};7rhfLQaZtnnQ@_JlJ>hR5_gkJ=2txzAh~GvBFWR&G4XV{J0Dk`Br^JFG*jkneBVL!`G^{;(T79v@w<5y z`N(0bacoWX^KGM4yX%*(0&pxfZXlwTj50+eUN;VePRDR!NXM+89Il z9T(JI8>k?bmcS@uo?n~{^^8>P!LR-D!Hi>IT-h&0-3CR4EUHZcX01n+b@?6;^9ABJ z%GY*2Y0!ONZk~eem_xQ!VK4VA?}Xg=UB|&hJ`YlBBp3pu0CFqnl|a+_H?8BEV@G zsJp7+(-lx0p4AKJRQhD}zNe(7AyefX&KYd;pU{MeS^E&QxdLzc$yC>DlbUiYG81+J z3@H;nK~4HC#u&>sx1~;lx2C52+SC$!<$`+m%yL{p1VezF9#S46IxXHV)iGni^|aH~ zxR6_2xuP?mZo?|dJahGZe|wIc^*B?zm%7YUis%MJnRb?*#*mZ+pKA)?QNdUOAge3_xTgnZ2Z3dUe!9zQY>P zj0sA~SaGP=R8E)BdJ!ABIjfnuoLr^RL>fFu7UpVaXXX27@JaM;pWyQhdRDx(SUtN( zq?#&UWc@&ncJjD8qTX#<_LP>RL6|>aB(N^iK`fY$M$KNMe4{wjc%bguO>Qy+&l%Dr zt$eSG5@02a>Xrhu$pX-a&V4{NRDq^_@BHNM3x5EaZ@6e|A9DV>?`rxk94yNAK*pKG z(8xr*k=YBBS3h%NO%;^M#X_#sU@G>%xpU_>ogTys56XSjOI_=VyMKgJF&xhT;4V z)8q#7V7;3bE7~{HyLx5B#L_pB!_`>D*5vl`D6`mY-IEOi^Tu3^@?NRD|TiyU5ZLupY^F?K2P_42wpDFlD?>$?p6R*GzC15r7BKuYO>X!P0# z9Fj2C6@t}5uP(MHCMVn}j(CSxz|89vf%vqo$!+ILt>BCf4M{Tz zpYNJPQRH2=8|kmyfM+OMqux+EsL3HJ5ZYBbw)&bU>AD5%fCHz=&V;CrOCA2W5<8aC z(#(JEGfkOZhNhio^paLz6BRKmutxKOcvp91u1fg3D>(<&6V{8IlszMY&qoto90%OWcj(uE z``w-hD3Mbs-qUPhlV#tajC~X)4aNldK@GS@dQ@Re#^;_*JPtrIG!9B+J{;gDOQw|` z$xJV^7X}ky3$ibEYxQE;Ub_nD!@69p_)Epkw0wTchA=_*d!Ow%HJQj8l2WtKcG)Dt zq8~HTZgGCv_iC$@?s>xLQK8lk_&c8p({JsS@{U@Q7`=Kz%ST5UPhsn|;65ZmI^g63)j&D+ z&i?B@sXMT*`?~G|WXGE^1lzoU0@W-99DYasKUzlBU-vmd_5@(NC>j*3_JQa>eg+fm z8k8MB4>IznK>! zdNgb>;6{N{Jf_{awkL$zkZAxE#BDZ;XZlJY2n`_Wfa3uO7H#Ao#hSmmQVxud9r$^$ zcEt$z-G`{g6J$k3XgaL}Wa_W`lmi)jb5wAty1{a32Ot{?gr}1KGCVb{NHLgKs5Tn! zhg#VhE@!kQ-jaS&NC_gXU(POnsWtIhdXnqT;tvv0LK3zv%Abc{or}@Qb(BB!AdB+ps@Y9c|N#C~o7chg?47q!k9%5h!gOg*9db@L{mHOriYByt1Qq)Ij5bhwt zGC$X)M!F{?xP6_bqIe4HWF;AKX_G9M?yU~T=X3Y(#P~CEl-XvW3>HUF4P}5EW=AG_ z0$hT|XSM3W0F9Qb_3n+iHv9yB6;R?->F1Vay0ZRQ68=LNU_TAqnE&zI{->_lAApp9 zjpz2hTi+i$#c}uWi)#n&AM*m^*$zCswsh4cqhGn3R)(rm!`~l<*<-_?(-3CF3Z&j8 z)N>~(IN(e;XDtW$baDZp8vT6hhpEz|wtciK5rs_M6P7B+m6AAS+G$r@f7(k$A#_m1 zgUa^UKuHk#F%N_t1PN5 zd7*joeS_%yLtt;oF;(&OOIdl;4Z)ZzmF~h?t~t88?9bvd1S^qy{Z0eXs#s{tv}E-I zuFLIYj!WfZ91iy`4TTxZ4Hp7uw}(7W)lmyi%@*&!PhwT62t3r$r0;L{z-x zRd=tF*P@jy$cjxPYf;sY^C!FloA}Sy#sKklKNRj3b7RQtO~7SfSnV`rwjwU>93!U9 zD|fd97k1%nlng}_=V+RvfV)2@U)83!ZW&_^yt4&LGTkP?CMU_^r%aEjxV|3>plAcrMR8};|Ht23(!T)+e@6iw>OmoT z)!CjEndsrsse#Iv#T|ramahrfE>X0VKhakFk%bk7OS4+1&0R6eGrVypp$o7Pf8Ota z5a|={o9^|um+vq#`rw7|=_F$fV75*RYM^KtarPA(A8$|G^=$6q$he*+9O#AQ%zFMl z*P0S|>8-%@^|*HgQ;~*#Q{9>$$6UA0fLwEcl&f2^)EqJu&tmb-&g3 z2%(hz&es$Ds@ing@^T)7f1&Jhw5%%0c6P9Q@QcR5cYVIbMKVPnZ%b4wpK?8)U88i& z&tEOE^48vrv17cA<7J=bLcg45pGYy)9el{+v%z*0D@()7M5 z#D9^s_j2f-?)n|5?(5|JYqCT!Xx99(pt;9yc1S+@dt8Y>Lg}z}m%oKsJo*D>Ve#*W zS=dwRd_5^-vdwlPC4U+o3Fo2N=X)&?A<^!mbd==)E_n%4c)F~&ExFx!6FO6cS^x|KfPgFlVY&2Q`X29Et8;8c7g_^Ns8?y{6)$fc~K~ z=th%>k@3lq-sD)o;8}SrjFR zC9_%etxEIa6>ruINNg$_5XZ4@$_i#T6H){fwggYk=osE|v9dxTJ`LLK8q{uAE;h*J z$kj)jOo|xS5Ga}b@?}P^awoZTuy{UtsHD9QeWqY7sIbXmji%^>V1m2Yw58`q z_%RxDzS)w(#i}>(E*tTHo<-j9$n!>FSEwpj;2|yNUx#(zNs)b`QkJdbigrve^)PJT z-=y^r!)%ztaiR4#dbgnCK~lf6VTIeGZrrq-X0yJhj=x@|kMt%|<1M2LM`{`QzZeI z{mkJPi6!VRt%t9vIn)dO{R~z*+Lv#;O0Rexe#}kGi>o>92x3RuUd;J9(p)4yVsPSg z?JFX4=kDgh7-A%JqqgI*-*$x+LPIjc-N7`#Y9w+??|~Qmwqfk>8rN#Og*@sG#U0SD zT88a$S*_1HAHE3akStSdi%ZSe%7aSH=0DAc20ZDEnEZfUd!&mUkXeMh`^yg1KPLnx zs(GfIy$W$d)k&+!(fGd&ItSF7>A{xqD}FWv;d(5uC8eQh&lVlL;%kZW;ZG(+`p%OO zX^>inW$cy-`N)E>7P38D(L&-!^F=PMJ>M%>AEql;;!Z zHPn3ZZG}s?vsyKx@f-wZOAI^%m*_Jx@g%(nMbc-ZC_uJb={W*qCeS1g+i|1rLjye9 zRZ?Uitc%AN)A?!o*{$3Gx82j9cekA6XR_$Pc(SIGCfYRz+=62)RZyoX!Gn^mbJmhK zm5=D+scOdgNw^F63w{`9@6t5d^X10b_}mF;{9~39&-a5VwOyG`17n{UHfw8ZIE$rm zJ;R!+KAeQsDiLgv^|`DHRoCKct6#5PTyuG_%C8-csltQ`q!EeU{D@i41XFuEn-zhW zqHZwDM8G?8(iHQgbT9tGvELw=e{+2+m=XsNkvcWl)GXkyq!(cup(kkU^dyzj=oMKq zd);2do^W_IQZ{UwG*~yuhD?aC>64B;Z`v#FUITC0i;8uNF>{<8)^~WqQZv%Zkr?VO zl3(CV-1;yKDCEYXUBl{Hi%Mn5mb^MyysKExFVRr;B*QFW-8jFzcPk=RpY@6yS9P4W zEt6rwDB?x@NCP9%bQ?h4b%TxR4EUh^wghCCZnzq~dm1&$fuHM#)xu{XWG?uMHJCty zp(>%KmWZIrfX*|TGQRGE<@$Ah-FJpDln?khIdlLDT>@Aw*p@-E?a9E0r@`g}`~+$j zrSX@yW!i3X+1=7xOWX~isSQ%iP~EwVE(k?|5(~hRJy@XwfSDH4-B3TnO2trJxhP-! zC)i&fXE!}ugMl)lW-zYN3oRIahSV7bIKboXi~-1|BfhwW!CET-v~-NnK zmi7RDF7dy9F5v&KK9(xA-#lek;6G5XEj+MiC@1J}Cp6fKYhZ1~Nq|yJ3TaG=4s)A4 zA~Vx?rQMGR52>U_JQ=Hn6m3}TnD+ZB6a8!~a76)Xy}oDj$0e`3=ErJXe)QHfHH)Nk z8?Pyh+}07CjeI}5&??$jVMu-GJURfi@I;giOHq%Iuwm6Q)9EY@{8A)4d$8F&&I`&Rb%gvhkxwKy`!6< z&(c^aGo+=)^rO}8_gthQ$A@>-9XzravG1?eJ4;#gplw}>7oQk|(gk_eG}s^->B-R) z+0;=obnoFN*~tESZnaRpe<9MW4Vw9G%ThrxyO%_X4Jn!sZ7rM@@%C(?NnH&no{#+6hTALq@03Lj z>X0=;9tg%uuRPYZ>+DOt=j9^7on)zaD`2tS&OXqG;TK+STsIicgE7t%sO7GsNktcQ zxFOJm3{Tf+W;4bjrrVCJ2{r>FBrIMT>~aZW;O}rwq({Uh2qTdwfsU(c(LZ4)Mx@u;v>NnmSTE_Hb)sw!>NCZbp_l#B*2$OF`!uoto)! zU;QO_1Z;JZrP{E~YmHg&h`CV_Lm)%5ojXBZ=I~-_1=-szdo({Jz7MU|W)>ke8>yz? z8hj2r4yxPSzf`yXL5cVU!}*R}w&F^)_f?`ND9N0&YGn%b7k1p1)FD9kjp~KYir>79 zSW8ca0m_Dt0MZc=y?z9-Sv;Q*d33NzAilc7gdMnwK zSQZ6Fp-q}mg2-H!V9JzcUi)jI#LFXyZP(&to%1(}46J+I!Vh>vbvBRv(CZd^!?q%g z=&?44CrY1b409bp|_$=>;t5SC!zBGmZpf!t;5gZM?NT7^gJy zzU-;_tqco{-q_>kBKVGmZ$tpS!)JF_j*)otqFFOver_$%0w|Zhh>ya_xcKpuMV?R+fF`#GYFadvRE`%pd+drb4dtqG)ga?ahzGofdT z3PU4HlWk95dGTOqy?uwGBq+|op&ql5GTCI{FO!%PW_@gj(a7A+J{n|x}S3NZ}kTSeVKMG`5^6=ujgIn z=+>)cEI16mUly0wV>zn1;o8DGqr@EBF8!$jV}cRZfVSu8UT(A@i&)mPYUa8j)N+Wf zCn7S`S+7KD;VyLNRFQbM11R=X4KE=GFHL5EWu-{TqjDnDHxx;P9CeI_yc)5pLW>vC z)BN5hjVv-hkY2eifY@AWe;=Rf!W{lKA~Ux;exN73=V9V{hnrtgrB8PEV7;&POLDg9 z>0W_Gs+lm4SDu7X&h#ajG4Gn-i(zpUg2-~CXK3{j!+0Ltxn!$ROX0r1la2lfURtBx zD28#^5Q$bT@I6gW*?Lv5C1Ri>)s)UDjmb>v(hXDdT60VPZo)!dJM~83mphaKZl004 zo2_rTu_JtNo!y8*1x;<1!1$RwN7L|b&q$#%KR&g0faJc3N(A_7Y3eCrxl7<>(JXIa z)l0;q%4(u+_j-*V?&{pQg1${-|8!pXu=ZIzIZObYi78Kk^M*@3+C8%f_%3CgKo7!1sEuZS>S&p!=za zgtCV>U(!?u^LK94@)y65wl1-}VjS$kKK|BKR7ruaT*}G{@aYHi6RIusoXug&eG^>_ zxQ<^CeP|wZO)LGF2e2}VA|Zm(aOw7h>viqmqLJeVkHdpT>Uy8RkEm-&wiuZj z=*pQ{8H;v?Y%b@%&wZZzJdES`RbylQAY=WXa^LI&|1Qa4%U~7Y1ipP~wF=k$c~pCqZT?W&=dMZo^)$`qU~5L4^P_p8@zj7lIAV@Z`!)3OfJ z#=KbgORd2WKuwYHyDb{@@ks`i#b;QU)`S{^(A&ITchMS9-weVbf3jGM_q65`G5|5L_Ysw`FOKK+Ok^2tx9jq)lfqR@Xo+798<=DR%TP zmDowtR3v=Eb#mthZ0G%83nd!(VY^V@1533~8fNn;_&jaK(j>JB_E2nN|867WjM$#r z*L@mn+oRY(m9hVOwTHjhw$I^D`g3`SO$!I$06`R-R=62yyO5KQb!g3PX{f)p1+&1F zY^4J;>HYFpFl+4YwB$9V$0K^KE>}*a$egz1{)|1S@E9&v8xu~Ij9S2IxQ+PB9(%|z zZrn8y7V3Q1-E_B5zaPO>xUx7%(alPwrLO)l6dE5_}Wj@$ZnAYqijO}vu zx@n~u9;Ed+5h~>-mbKccY%NnJQ<9@IKajhSjbd?yvbbsl()5E{?z+m@sLR-!3Uwl` z_gyaGB42t{`J{Kdwjss(X*N?l_!SJy5{Y--6+M6$?a44rz#>=^Lm7;$&(9% zkKhQwOfT!2o-GUdiFIP#41HO1#O+Sa zTu8pciTsd9)isef06|+G=2XzI_}i}O|ArFr*S&aP$~+Z@0@g=EfGk2L@e<1#U?UCN zaB^Y`>=dP!xI|fM@IOZyY=8z@$(8o_N;6nUoloiEt|+o_6XSHh_?)GoI=+@OfpdrR zkYZDEC)bIafi0gtoXWE_fBe=;I)leIU%oGL=F|Af54d7&OFg}V;lReOQwE_B6So_y z|17V<0QaSL9Cm)&hH(yXf&wlBC5ck47>cOk-PitpHTCX5Xu!i0EIjNMScoD z&jY7i1Pmhqe*pk8IRgtR_y;`gq!huW4swXmiYnHKP&w!oPMD0QsS;f{7bgTMND}Jf zXXMDm9Kz5hhEHK+jerfW*6{O_!L8%kM;9Mjn5&0;3N}d=u}ZLb+GH(kViwk&i#~WN zOChFMcZEvUwDgd39jZL_{JJzk;en)c*(vn}jK#PM8J5zv)g^sl|8@(51xPjGe)exk z-+2h%Ylrb-0>N&W>#w_ETT)dLAj)KbAHX*IRp~!szC`EzC20QA?ZMdbQ$*~pDryDL zh&-sE&(a~O|GhEfuoyT+2E#CjW}+vzG)>aQNbWxJcq*FS6f$$Z<*$e>G;nAE^)z=f zc6k`E$v)GuDo~n2UqK0+cRrm(f+kC-@u){g;Gk@dkQ3Dw1bna-Xc{m~rp)nFXqdFH`h(6lD;+tLc-zT1XF60;gkR)h}@`%2}NcqF(HSc`jX!HYrmG zTAs8o3P8qti8nP&Y95>_rE;_sr`utL+Qn=#G);224bfUD$+z4^HPz&CSOMcNeNHpL zv7n;^(keF@n$G-i6)GRhFPFPHr@s zC-{Ohj7R=*6ezvALNpug1(PEtek7V4UT6`rzhg)zV0KU85~I`@L+66XzbC`P(u5GvI}@A zZd^q*KAeW_ZpEMotmlCNyDEbZMunofzV2(%qlrnQ7`7l2fztfTM-)LB&TwF(M4bjJ zNTo=RcD50<;ecvD15V)DE+EzA08*MA$X=gtkfm*J+AB7iFb1U3?*O{l5CNFA1DasO zgj_VknT-Mx*fJm%f)n6?k@5f#yPJ?f_wRzmf$s_Ju>ct zCrg*nz8V#tLo*3|&23^vGkwPu@!`yk0625&aW~;dq32&R?|&jWqkRVjOk>ve(bD+y z(_>4|!Ya_SGSkuA*~u9%TZNMK_JN`g*0!elhdK(gX!ujHRaI;>*QLI)a!V8h`Xh$J&Wq zX}<&t2K(i-bL?|ye_QSzj6u+k>1Oi1v5{Ldj(cN_1Ogy{(d`LiSmkYqae_j;sX;)Z zBpS{Vn*R*jDlsl=!6t9;Xs0GQTDImf9S#Enns{lN)EkU?SdmNf*L^&ee)#6}W3`98 zm`upoS!L~v0diz%xJxDlW48Y6Rvu(zkCFO*5oI5F)C9prBmKiV;(QX$iwAxMHa*32wR@}y4=?ZDNHx1@BIr~4*x|IJsr>!Cr=rpqXjQhu| zdDSeP;=6|RSV5E(gxM!caOstjg+m#FOO?wW-7Ka?MFVb@JoSq^cQ+;)wD}>mG0k0{ z#cmYt?6 zpS5@%Y#(z9Bf_f)x@Ys#J~xT$h`Nza$?F@Ya$M-iIlPE1c03U`!`;-KlwM6-t@J-7NGQHNgTu+#{Daw6iY*KJs_mr>NX~#w?x2UnGajL=xFRk3%?Whygf(Loa zHK-Z@g)~x8_NpSu*or0VF2d%0<>MWD z-b!PG>YVni@Dcq*oJow1uLl1^A;Xr}O6xRV7Ewt1q`z4yBW&vvd4Pp3^d4B6ff?GHIGCzLB0 zCxB*_Yr9B}v(S<0m&vuGIGG3^e4Y_rH<%yPWWA`Ke^l*oY?gWC4aH`+#cRzEV|?UF zx+e67g&Bu)vX(9{_`gaL^XOA+erV6~nJ_-qFPMXV_BYFT z6yrCb;w724FW%ov!7E2pApRG7?*SE6x^;_U8&D81fCQ0hC1=S&pxOWk2qjr!iHIc0 zk_)y8QDRF}Qi+5jmt=`0S+Zow86+2}EU4i7=stbA`<(y2ckg@e-gn1%XXqG|$lk@? z_3iboHP>8oS_ce2EIeTfI9%A*TI0|}$ozU*1;uK5F)~I%A~j~SF%6ji>1Q-DFEz6{ ztP>&$;dGb7T#Ji~8@~h(jAQj;k9NwD)H5CYoJ%po4*M#p*17hI$$6|J&X`P#Ita6T z&R8OEa462WtVqkr+tKZ8-UsumBCoa13pcN(pWP{pxgYbsKaD5J=3D}38ktJ(OGDbX zvDaDD;Sp*F;=jmb=&tqu%#kJv0fNd32dk#SX3 z$%oR9wYbXiqN3s#T8UNd6=`Ka!Y=4!w7I$Ytybn!O&rCoA_dtTf)DP#OVCbFbmECU z7z?d(d4DNG^O1d5zUi+Snn^Z_u|k@cF*>J>!Pu<~TeF~?phkLBl@}c3B#tgbA?QUl z_qkkvyw;kDv-)5j5{z+Y@84V}bHDp+(A?`|Iic!PZIX4ZDdB>e4M@)%_-|%Dqnp#z&j5W^q2j4fC6kjH0OBYik)<-;&fGqfaHMjquXM(Jk9 zTk$#@;ZH@mbqK4DHT|iw&J;0=ye5SE&{?)xKJeSML8jzFe6g6)&x8Eqb2jZ!+6 zgQ`Bvd{OTGw|EncosjYJ!qxiY$)c`&p&92;-7&O8W|iqJuWysSZ!ZGNg%bPNZKi7m)7VAd{wo+i+$^) zq@3JekP?|man1aI%# zF0UGU>vdxtx_TmBiP{J%r?L#{OuVuvi*oWOBN~Sh$LEMi8w%J}*Amg=*G_2Gil3F? zS3ePyIYM|7(j_^s-F)h~tx?`m50Hn3q9RA+2*I0^Yr>n{`kUXw#pWW$T4gXnC@F@9 z_H?3p1Jy%0^EKw;onDQyhw%peVG`yJLsXlwRt`4NeClELu-x!`p;F6)99P6RhJFe3 z5z94)q6c=g$h)&D5}iJyirB;jPfjae{ZDtTPa4z9{GhBH&`2Akq!%QH#r1}kWs~!Em8e`ZN{d0oLMCMz;n~lcdQ0xl zZs;}YE`}|>XwnUwM=7fx-|kB&?TsL@?acymygi4LV2twS{2)QFlG zGjU)|F@C0G==JGFuMg6!CYo|=+4s|Z{6v-FB>#xh+M^n+Mt5~@H>R(5r4rb3_4C`W z)rNFZ*VCwTDV+e%NZ!>H^D8FFJyv@7S-wEpojl+3S!yAb$;K2bW)_)684_U>%B6H_ zAPk>2bsC!EG1qEka-t)bwEflB{yj`FADW*$7bs1>OuR6ijWXF(Z{{!#l8$98%l78h z&R!lmen{4jFVdlSIiYE>Bja7)nyuaKw*@CrUkp`8H4|{sZe z#^B?jQ`TGJ#8(d&8fj}A_(`23EI!KkN@hjH+w_X6iYT+(w>BRWOknHTeL(_h$?{p( zPN+$k@!;~!1`d=CYLW3%MM;dTqU|4c@NYO-*sSnh{j}nkv-OQaENuAmFbZ;t(e6p} zf^B*MEGA$7wGB%IzZ5MmFmyNvf4D&^M^ZrA^Tcpz4$z+@e*^I)45mR(b1WAcgHx1m zP2;A2B6n0VOQ}V;m@H-Rk29;FmkVH~{#ycAYTsk@3slgtY!K z7<8Ci285kv#rJMu4-gfv??96ai&v>F7Xe3t0>};8*}Xnr{J*Q+%o>>cQ!%FIw*c_x zU}!I7ncPCX*h0~Pwl4q;!ItevvetKsA#U#p(7Ni`q+N?AfnEE+2oyjRp>BT~f%3t& z<)MGtfL;RLFT%wC!UvR!enE7hAon*&E`!u^fXxK&U{kEPPGti9l%z+{`1lW+jSoHlw82YF0yxt@T=2H$NgRR05FTu$_(A}U zjY0LF02BqT|2RbMg5g7;`%t|g2m$I8O)4)58U>S$VAWy7izuN~%fLQTgfq`HZui+T zat#NZTnFI`u-}Ya8>r}>zZkhH%+Lk{)rKM93M&luYvAMxQSYk!=Hx2AAO3eISHi!2 zNP9phAGWIierxX^G!QHaYQ#YUX5d0$KWG?WFIo28D4bB)IEtOHxaS0rkbjjz4RAK0 z&R(a2c($}0-2MQ$QHooKQ4=yDCmi0{<-nUy5sXtj2jdi3#A!>QBtiMj=`z8#A`aX~ z-QPS>yi!Rn=CpQyFlT7DWWe+1_k*T2liCIm+!TkXxfX#nN%6!1+zM#?_x8-$!s;>r z{09*RQDEI2bBDTAL0_r|{(Ujm{Ev>BR4Z=bH_f1ReUkHUN=FJf79Y8K6~$h&tDEIP zWaSwO!}`Ta&|n#nO)gjp_k4I~bS&|L&cyQQ+NpCcd@jNrk^V>SvKJ?tO6N92l?r)U zJ=znxCKW!|9jB375H{W6UR^HNpv2`EKUJ*6og}0r3#V6S4fYfqug4TNUdvGNvDj*l zPmuHSE4D`Ttx6}J*A~|-EbfyYSD83}h2aXK>_uC1TkrUh+omI?W;|YmLA+Wn=jH1h zsvH703~wJbw`NmSlh6&*JNO%7$`jSY+ar2{``lhPO)W`KH$&%y z8uL=$(=fsM(;8~0L&EelctT@3|1nASf4f8S2NCOkcYxm>;3!XV^GuUv#*`;2r@`ZJ z6~$MuT23JZ=K=0pf0t4Nr3;r1-mnJ1uu9(_G&z`01Elg} z;9GKFS&uDJF*A{C$P@6n2|U182cTW=x3DE;(0ecdO%lVvhDpMW9UMi;QKlW7=D;1S zWsm#&EhbV16JER%omKkT6E+K*hW12jLF_ETqyzg?GZ&-{K&#!Fps%73MT&bnY=x?- zP)-R2p=CeZfZ8s+_u&VPQvIKkg#SZL<98cGX*sHPJE0c5;qa6TY88m1odY^!0CLFA+|EQw^&>#E6?gZgoXX!aK&(!cHibB&%7>l4aCQ8d=FF$gql3|& z62R5z-K4#7pOeAIj|mrg= zpiINb)o9=ZGkhjN#}<-;XZskpte@>NI%bWR( zlw95?+;PgE9lN#>XJG!TRFsg7K)slLj5SMjdjGu|vm!ONB%SlLYMK13FH?gWdd&wM zXB_%c)snmxvW@c6jtlR`M8V}$6rnnOxb4OZ3FH!ziKl|tI`i4M{fW{Q@vkU$h6dqN zE=ov`lZ6wiY+vVyehsD}_a?4ZmbnQx%-$;=$Eb$y_S&uIp)1GoB~>>g`6pLP>=?iATaq z!itA|h8jWRQw2aVgS9mH9IZ5>sc4w#*?{9IjubzikB`unwf#zOy_I9ULMHC)g<0B! zG>;piMX!wOVb=RB3JS(1lM>6dVD08spttXqm!T!y5`Yx-Sa_iupKbNwbaA!Coo&rB zF}HC9t5G>m!IF^u7Fxjg&>rzNZ55e@l2j`Y*lQ^nS`TBCHcGx|mp(*BWQjK6g2=+w zf)6bnE7Nc5T(rO8P6+TgIs*1vo++hLEB9{! z)-cOc)ZWhAt0G2<=`Lah(NPW4_N_RpAPhg7T5q=Ez}O06nQmR>8_}4sK#7DA^6^G7 z(&A^wzi}zyjYkVm{7zZRa%pv@xs!V^r{W>$ulFj?d3&@tzaI8^+B~q~1oc}q1UzWJ zfQwJCnM7uAX?!%y@Ya^4#9$q>MIY|;+FLyAGYd4F!2~l!Zgs#1+y*YcEi+lOjju0t zKo7@`J0lzstZEY3tIL{~HRB{>E|@|LHwQBNt;m(+t3>ZvWKf{U0E!8WkR_mlsu5|o zzD(FBWK`9!CXQRx6vw}jVUXOs-HBO_lN`I_aBf~qWSuW)pu52+%_vAiFaLyol4W63 zdFLay0G@(`0ollD&RM=r$&(GIV;9+kh$p=`bY$#|pM^TCspTu6Sh5VX62krTk~zMV zEOqJHCs{o3eew&;p9-d-@w&*7!&5>_`z#YVxU=L#_dkqco}(N+-IOPitxp-4K@7yK z6T9K;_ky^~i%Y6Fx`M5LS}p52mE15;x5!q_`)+=1NmM!6XjH32$Wefxv8^ilKCrZ| zR&o=?#IrASLvCYqFoUio@AFRzjZsR7pf)H;e_nZftt-tRsCg-UXyHoW zjc$i&zvyzk6Do-KYT)N?RANZZK{2(hixS`%BC@%bc1A`s9Ody@VtYQc-j6OEIvqLl4}@LU0S5(DAptEQe+eVb-L^Ru09h7|Y+zHPK=>6864+RBPnk zN`|MmW>{}!m9hF9tYwlYyxq+(_>81LRB=>y6JeO$fQ^in^jIZGxV|GobZqeSgwI3SDHVU#MmZfeMW;uEQaxOrVCGPQN8kr|vQO0#+dRh`os;c0+O>Ao zlX4hZf%OXfTTjK1wGPn2q=ErobB_xfF5$%?<(dH0PuvzCvGi^9gaFB7v(({r>b*;j_WwCoC6 zdE#$CGK=gBE{$x%3krkQAsvO$<^^R!xrxuk=CXBP#C+2YjY$&d2~xaWHTSei-tY6) z)5mbFA2j#6iTsgaaJ%!#;xn|3Z#62KWJpm0)*2qat*g11YS&1KEn%f%iur(09)$s zgAT=00F>1UsDK}<6RKq*|#e z!h*Arv2*)-BMmbz3Mbzgwwsy~(Mg$oNh76efd*;b_Y3yRy>?5Z0MQX_MVhc6INlKX zoO%K%E>wFIkOhdrc#P?g3@!+Fc1N3wiAD7tn#FV}&QhdD>FU&Ir}4G&P4VDe;*RpM z^_huLOF-jw%>Krq-4s`GG@ek9obyKMKHeiHjYYnbS6gq*M0)oHO~pSg~G5GQ`( zr1_EKjl#7 zrmvWkD$w^XyEQXrTqn?MS9dNVH)A}y*nV|A1#!GfGTBxh<9!qnoiNT>F`u?#h2OB+AJhh-epnpIQN;`V=wD=22MYdt zEZOJ&&xBQJ_rjpM4kVMz#!;}G&8hOlMB|ba2DzEVCxNs+r24-0vpmL?VzK!6dWc>u zv+UQ$#phpOP^75HD=lMHHi6O&^vJ^n{|0%aZej2@wTajU6zn!-|8nI z5a?<dMFWgiMYqy(^{qprjYGs=7uCaWrEea_CtH!_`V=U~-R zX3`@fX3#-#-_L$HqI%XR9?YWVA1+*Am9D+K%1pZYl^ z9)RlM4=UUMRR1P&pLjr>UIHlmqg3kAz2e<-6^vjNo8-tq<IkwBCpwdd{t zrVM<+1H8)yWdfd78#%cRp7?QEpir&813 zr~+D2-*rZig(hbssZo&Sz)Z>~@J6uNV3H+(Evevc5nMt05Vw1u7*{(Ji9a|f2im`; zB3Zua0A9BOEdJIH8tXQq$Le1a%s(Eu|1Nmy0N(q5cmNgXnr<@fwb)X|Td1T9|J5uE z^Y$Grk-;a9E>dhuS!B50RvD9K|8>$?jwvbkGUEyL=&hj0uPxMdVW3=$o6UDygl$QJx*g2TNZiaTrnE&;z`yzin8tFp8K?fO znI|9l63wW@v}s-Mhkio6NOaNOM7)r(BaGW8BwbR~h`Ic9zs*zF1G8)tG@>P{+3e^) zs(^UwqU6+RV;U}^s-TyDy#IN5SiEJpa(}#ruuM;irAO2}>T3K@TX7i6$w1mu`FcS< z$&1tlKtG%c&We||*^5g}iahhK|?5d zJ^Z|+Vv(YRy82NQc8!yH=|APApSnu(^fZCv25~*Y|l{n09I)h+vtc-}hFm*LZ``Spa&zk4)$H4Yn?#tLUpEgdq!C1e3 zm<&g$ph|U=8!ktuyC>6cSO-d;lSxL!%XUas7TI^*;k0>eETsHOHjJMqaZC5Jfdg&vI=IMN&woA3?7R404LFCLN8Aj=1 zdX<3Y=i7o9d4t~S3y$=fa+ljKxLEdlIVk{5DA_t@HBT+S76A@RWrVG* zaL@rP*Wu^lUZS0*FptC6IxNcWpvscWOC45#p|0dofT@>belLClq^Wfes_C81M;<1h z-E=M${8^npgsh!LyeD%6)vKhaiVl6-CQI|mHnM~BZJLs?s18p$F6c!zKd?^XXM>i6 zFylnD@S6bMqAY$&Z2jH~AybnDwpH1qqB73%4!)sY{;HaCrrYY)b4)Mccq8EYu_Mv_0*-lX#Z1+7Ht=+fq=Bxd$QBs5em5~t|_ZxSk z5Yc9*k*D@@4YLh*7NhNl5>`@wlqc07Q6#h(eOoRV14QCXBhOy+>zNpzSEDKkJCZC1PAe#lH zH(1FQ7Kmw=2Kys&uEX8VABfvcvPGA)SP7Q#zUQ&QJEWJB+{QzqBVI_+yho1T_(I*XDHV%yuZ>mM$Nu&2=xlA?B&9HnTwR1a4|!ZZ}@-?g;2M=o@6!OHWmbjt;jW zd^LtG^_*%K2`cKp+HlIn>$Vl$V&FVR7m*XoR_hSUp&N@*HBm5ZyvLWu<+qDbEY=Ni zFS!^0Zm{J8Ncd>G(Iv3eCVV6z9^d;7cBbU4=x!89sg46?LrHK*LsJSz!tFY==DTwa^ErY9dxZmU4e`yQV*C;@g?MFX~SD zonC#zqo@a0gc_$3V{7smW8ak_ceWHi!j-LZN)juPO-bI<;%D%;mS-&F66Z7~*qa$+ z@-^iG*R6x}vh@$k*!V>lx<)NLeIaDXxzsS-w$0RjkVov|Uf{TDrN~?{@CNv+l*@RO zinZpxb8MdZ4;rg(VaX~D?`cxp#~yK>2e-Ax?YAZ7Y)^jL(QTRmS!zE3mhLx%cC^-|8stxy|xODpso zkOo9sD!ts)(#$KA4IbWDXQ)<8@p!M%OxCsDI_s zA-eI(k#C92>~9%>zU~P%*xT=4Vd-UN@=XuSMI##8CU!n31f4WD8@khQ`udTXl!z{O zhc%0ljiHC|DJ)QT=v`Q8fU`@t&~J+l1(5|M;|@u3`!ijzh|@E9DwTfY<<}y<+j7@t zIO!+Y-t5;Wl5>i`*#}%Ao_kMOpnYX`#R2oUeGZ%Xs<+cYw$#f>jo__yV?zT3YY$4? zY4&(6VyW<<*PMZ8zBJ&9-lCA4pyyq^tPBd@JT|8JMraDKcD5RfcV15MB;E>gvm=n%Y9nsuQ$}orv>cQHZYO zwaVJyZY~M%79GUpbp>ubZ5@Kn?#xu4aiG|y3U+3IU+LzcqH^Rj*$cR>_O;$1=UWjf z`mOpemvPfp*$rLk^ZNJ@%y;Ah%GqWouG2xaMPND%M=P49FVS*O>ge*4RklrBAEq=G zZCtpCY(x_U)Yoh_WrcG^ug|2UPCH#%RV;fwMSlfO+xYr35+$5#{~G%$BPb2xov9ph zK0R}rQ%X9FYV&XsX1O%0HOKIP`#_97G`zeMwp zy?(=Vc17EeMpt@C5QlE1r?63sKwo5yo?FO6$}%MiHx;MCiNCUBsX}>=E3USl`D{wR z2A}TC&DePMNbu7cuxw87)*XYNbGUrdK>7Jql+4M(R?gr?*{vpN$T)uPc1F7yyF)BX z!uwJTE#*7VPUBd^iw4SMgGsiH#~(%Vr?&&82numltaK&rcVzTM>$UycSBgh3=hHg& zhJVnFii#h)D9{Ek)NSF^P1n7o%6zl1h0`IM)9roGjT^UFPBR}hyv<@jL-SK@sP+C; z-UCK9Tl#^XfsqE#Gq8*5xwvznzVxp}5*z@1b2y+Cw3ZBT!<7TAAiPkG5}K-Z$Atut zo=l-61vDwvg%k`5((EKT^7%wipgT|^aO>0X-5eEp;|KrbN8O*t{cdxXoE11abZF#X zV1?hyBq(l@%n7Py!B|Qmv_1i-ay9}+Dz*oi~?w!gC#(#Q!GR>&}o$NML^G~)L z<`pQv|Dd}yqVY~hGP5l~n(`PvT>?!PsDOvGJ`-ep#b7^M{GH(^y3vH-f?U9V&;omb zN$MHg9$z5sCYoSOFedW_0xam)NrKBLt^_w@M(8e_q{OF5*AF$4n5-EC5ssZ3*JKw6 zUc~wHld)?7rQfXL?%7RKaAjzIc=7yqTj4EWvMdps-%(z+59^O7-vIaK2q=lun!v24 zKP3mg*D~~)@-_m@iNW@aB7e|`C?nTISjkiXfO}UJeAz@fx1!ahV)4(}v5x%Rn!B{Du3gOfLTeE+}Oh^_#kK?GI!H z{u)cXGDOt|(tiMSdo_sLHC@?Vox?Tf|Ddsqr^ZEc%TpP|_eno!%8D0V{@#u-UHrpO z>U4_szqBL%9w`D3gB;l(J{6UKCNoD*K`%h*>GWvDWh8itlVh#>@hWz{{6jG@b!yGt zX}$U?z8PrZe@qz}(jMR zr4vX}={H&)+r$NVvX?}jA*wf3%BF%Sb;eFHqgH8!0jW0NwC2g6vUHgHjkD9N$NBUS zIz@^7tTw5TnEM&$3Np?mIJV}qZ%c-y^0R|KwqU$zFVnrh^{=QEBc@J;b~C;ad(MvQ zFwu7!aoT6Lc|xe)s#i&7TKvSfk>Hm~>R5+(_N|A~;per=EBnRQlY~FM7&*bI7RgQX zvV%E;O|{KkH_UJ>y;sAx{5_|&pbQ&EQ0{(|Q~6w69-zfR#Gi-AXUqVO^wb5^pW+cz zN%c%~YCn=obVq~iVSkS>M8MIL+0$PY?1;bM2*e&4lHHHMP*Q!}@`)>ky%~|3{hmR+ z(xLjJ=Yk7#zg^b88 zZ{#KP5==)nzIRp6e);Ql|Md8Os+fZPf4G+a;adJ*`O*IW(}DIc;5F$7QH`TJQC>olKY=9>$tnmceG^d=!qdEL<>F_g%l*>gqJ=k*(658dzAKk3$ z_DG_zGEyp+<>kDNbfI)bBK&0F6{t=I4icAVQ4Sm_&)zeI1~QcL-7MYs$qeC<&s(r? zXcuwxtZbE|l0&W2mtHj-#q!rd+sT({fh%MKU6NdcaiY-yqo5&7G z*bVvA+`hrN6vf9%v1+$p;k490(cdKG?KjjeE@Gj;Q;`#ZTzO>QGU2(J(Z09m=AxXp zZ90Bkw6wFN$ZX7POby@dq9oSSdGgEWTpqoqOGO&zb1D^!ie4Ns{9~RXLU4kIVlS zSsQp1s*}Un!@|~VvX=uvlP1V`YULGk>x?+8K_xk>-TA~ePj59WXp?0%QMM*8o-m>k z?{ndnV%e9~lrmPn<{2l!>tFRD=h9hW$P3*}E=XhTRbN2~PGLDVr7|pQnMj946V1PN zOh~1f-o{nq_q^V;6_qB-nX);s=$n5GwZM*{hg+y8D0o(acT|gIY43fIc{U2Gsv|jl z+UOlCN=T`t3D8M92W*CqXKX(uWs9eJ=+;)9 zoFZDy?Iw(-wCuu<60g^rb1dCknx1e;($~lvk_;2l4A&MHVPxSCt}7X;&=V>UlW>35 z1Z;6AEtaYK|7>m@HZdG{Jz#M`v-0xEyu8b8ZSL%M&K&>wDI*i}3GhMiCD>;c04%?6 zTqTR#MM;IG;-R0YqLeC2q8A#UiE@O$RoP%1=Iws6dp@q+`Zhi|(TVZx!l^=$3HHjK zsmIdsQcDRjliWUUIwI*`R(}Jzkf9$bWG9`xwA8*r%Ulj@j!(_Pe)7?O8Bie3hg=@C zz0yWh)bzEmuYm&Mwy#Nx+pvf*+>*ZNt?&ga3Y&qqFnzTq{7O7IB$vX67ae*@7Cqcu z-kfrDn~VS{#-(vn^-7$X)}ujbdbcwh+tsS+OScPoFU1)d9bRxVv6MRDt*G;80QBj! zCWGRQZ90!q+i z5ge|R7g099k;=*ovp4Ju4d>7(?KH{_5)ieKj<#Jf{=`J&L4@tLI>}6qoNp}j5!XB> zX!ePEs;Y2M$?(zTJiL}F1gwAq4bnk#y@yE^&2;OtsHv4GY%&SiuG^DLyWm_NlM3I)v4bhQV(|z>nbx-3eO2gM>!XMZf!zE5387_cIkeJ;5?fWv&m<`nmn`UVxxG z$-XZ%h5xKTK7UA)p-1CAo`SuAd<_AM=7i?~eS?ng_W!+H|1Es{uXn!%t=#$Y-}{j^ z(C__78|caIZiOu=oQV_)pn)8i=v%0E@VADf!&?dosymOHKZpK+p(K_+fp(%a_r|W&6YYnW-d6DtK^;%h#gu zZKJbHtDT$14Y+f)T-{k?-})R)&p3FoCg_yfvea~T1%vJ$F&NQ9)}6L+7S?JPUg)XT zdcS1)wr?X(=4h#`@nCU>VVcqNJ)ydKqnhO8zU2fbnck(+M}yx4jWDK4JDHgCBg@M` zjX1q;csPBvZy0^uNbSilur4H-6F~1rib0b`Y5392C+Dyjwj?2p+@S(+P-Qjn;8b$+eGj8%C+bjWp&lw-3wCs0~qRfNlo9w zoi*#ec8N#$;;fwUYdOKS(WnB>!AgxXwA27!pO)4YteixBe`9@OhOLmZ<%+$B;MPRv zu!Vg7d5z57%3|tuz_gOt{HuUk&|P1HT~lHrAN;CqU^dcZ4tg*PEp}54 zGJtshVd}+BP+0(iMNcxcP#*|hkjVnnzE9vl@G=98>BR;UoaLw}K<&~*l0U%z{rr)C zJ^h{koc+%`|NqsUp+5)Vo#n{q)E1T}CR~QkjUqzq^%TUha69qgS8GnXFBz2U@1P#k z*4U-Nq(aTEy!}ku9yCgaIQSs{2~_>LN?Ot1bis0Oq`dZ={HjGb4MfyzT$qW`I-9m3 zR5l;)#%Ld`S(SCvXAz3TKg{qzxM!SQ^opn`OD zbZm4{rE$?$Qg20P{bRUN3z@~AdSVQ+e@22uj^s`ck)_!-rF?jZA`LTc=>YqCSblmK zb|ms;OT+B+69E3@<)(^1Zwc#uY1ViT!BCLk`RzepG-lZcZL>xRtBI|sD8Y$uyHBFy zMkeD12MPU)fQ3Cmf;qzM11&9_I?KgnDip9871#jL0H!Z(3yKHGEL9CRwSnA|o*YI{ zyZAv9b-)ojR2&7EGvyRNRx3WPU=}!KeVyYuRZ#%>(00|jW^Zln@Ds-R= z`mbCS+E#c;%jyLZC-v)>5%Dz%k|OFdu>!)3Br-@f*8cqE%uw^bQHn*n(-n=)^(gNMfZ_h@BsfR{d)!W{&wToA07=F6#!V7&3EM_@Dh11(v?n=A>h>n0jZ z;>)1vH2Cygz+@n1&vpY8n)nMCb-wZ2@H4Me3zrnNjS6Dh^X^96))8ta$(s;QzEwL+ zxWZJlzh@~_%Rfr8-`?^ULwcPqmn*^5u}zS3{ns%1Z5{Z2S8Bu8hG_JNhksw}UO;lK zpyuF$zgYlc83a$T7d@2&!7~L~s0-|$B$IMKQ~UmMu_;)B^Ixy_0+PrLQP>x$4_Vg$ zs@7fk-@e-a>g-v6J2?o8fFsc!3_@nsVHuzYC4w`KnU~njxaE|gT+`3(>3L3@`{D}7W zxW(I#O_#y)4&ITe+>FSzql+yX0Pc+KImC9uBDJeLUZyXqJRCVQGH%AHdpSFN4A}); zX(Nx-#P7!GhVN@{e#;0>QzshC(y#Y^N9QHaQMXs<8vFmHy>S@$@iKznB1Vq-75eUi z+wY$|;)nxujlk63lnFYohe`rMbUrY@1M{|PQhU5$y_(|YfdSQUHOc~X8gR76#h~3$ z360$e)Kfy`QdX$b-8=AJv0C%}+rV}OO_Ud=-lmXjps#1AVbl`VdWZFPXwuFPtWE7( zvmNlUm3^>->VT!Af+g}|$jL8W0}ekt9KI7Vk`{rRyQ)vE|1i0422UXah$@N;M+qwe z!?y}j`?lD|?%7X&CgkuqCZYgX@hMOnpsnL^oRm7gE@v8Cn}ZhU_YQRm3W|b10(){LfB}CZ5ATPX z2kTNL4$PLLMyDr9LVgHpM%gamPWN|CW6IMZaI7R;z6&>}p9p=e0+hw90mNz%E|F=w z z95+a!DIievpK;jlSRs}`D`U8wwEc2^DvQfz3z(CFV;wdTcfq^-$2a7^Q4aiTOYiRx z10Bu(BKfz!07+b@HysK0i42>~fPWg4jBf{$#5jpJeMl|eN6^`Nv}}K9;|R})SH(Pc z;cKUKod0$H4!p`8E^{^76CqUP;~Sg`Xl4wh;`LNvtdmXX z?YQ$7Sn^}szMAMZZDsDo%9-@J7}I9&6>f@Ck55lA-0JqlC(dAADG5q2@%YJw?To@% zmLe~X79E$-mZ?_GwkIshMe}x+RVnZse%4r zIJF6H8%%?}<9vL((TCw=I+LJdJ0;wf&*}!#j$&)%?=2SMTf)H(7Yi>%2iYW&Xw~pg zqt=}UMZ`3M)t(@w^ouZRFi;Xnue}%~T1oHWZt^;cHt9`uw^)Jd8+{_TPSJ+Wdt?ye z!NweRF3>Q+=jaUMPkQ^A=S92hb4!(Q5^0(`ipus2j)%k?EjNQpsx|b!YH+1?r#_~n}5~3FRXRIZcXxx}!9`eim{zu9>P5nuCSt?3jJyBpg;_=#i3!?{T=7(*nVmo09NYM`0 z&ODvN=Yt(Rk@S|)mN^;n#YtK65y3k6;82<1tsOKyG1TDKk70bt?;VT_%x6!Ojf@yg zc#E;JD{#6CrRlg6trVaaqSTwKY4H!(;vcHevcL2$&6;)`@LsdKrn8?f*H2(#2y6ps zOlXSCm)gT*!;cYnUkJB%A6cnXNth)d>t#_PMTv9nyrf-WYOH_}wz-Bp9!dui-7HaaZUi2Lti?#0&*ne5j6 zNumEoPY_iMVu>iQ#*?NLEH=aGADwsdTD{c`u&w5avzxGy2Oiv(W0Q7jUCNf<6do{O z%^V6Zba3#|vedn7cfFHX8S``c2B{6IN}e>Dwc)4Aa8D6~8^n&!xY+AUes=w}sei!* z_BgbCvwF+h)7JRJ>g=m*|Eihkml2gs=%mTh@TqV`kqtLbeA+Bu8b<8S=(iO3m;7DB zMPE8951yQ0*7y=ta+rELG+wx3xLv?_bH#PeVghz%$ZqgyJQcx+q{wzROQF+@&gpo{ zL$8E&O}DH(P&^X!xy8*>6Bn99SxI5z1*4V4#NuW!asVIMsPDYkTP;3~ zWRu?X=1X};S*@509kQ(>hyC8uLHmeZ!)v4%-%?4DdUS(Mvf)JXO{$@CA}QK-K_UL} z#HG9E_iGOyO1vhA+ViprjtJS$@eOTXZY?QDqjQhT<{9r!s=iL*4(#V*wLgZ%GtGRs z>Fryt=<;;8#;@&is)n!l&UtOkR_?t|XQXFj6%6mSeRAs-Z@E5Ge@}WjTSsdn#Boza zihX+W0(hgA6Sjo#J5h@=fe~ ziTA|m&7)~~Xt~erZkXmes?pxf?zS;kN7`%EfkHCI`3l%ht_$YDN?^WhuA=l@azbvr zwP49^Pj-*azOq~oK~Nq4gQlgZvW4|2%7Q1tH5>L~H{MGnB=`Ou^j!vV8^bkC4E2!s zmZXV_6JLybb+h(r9Q~Qm9nIKbpr2B_(SkkYM6DWwL$W$|Yo4@N0zf8L8n`|=M!yC8;wKVd3KlwnWnK6sn+H2vi4ht%tC48pn%?q6PMsHH`y?LOkJ2KBiY5-Mbp)=;UEs)PGYu zz2vqD!Y%AHy|ejFUz-$1Tp5R(#j?D9c}`OF9?#_KU3n&;4cx&QfId0%0UwLihaqVn z-_|be6u4K&oNMo7&7qf^Z&#H|aRjtMZcMYX=}jBrt4;Awf%HWId3c||$vc~wg=|#$ z`SKJd`Xvp18y}g_M)ompYpWeW*L6N*bG~L2btcwC+|a>|l-~WN2%QFZq7f>LRvxBG zm=zPI$4U&b@`fE&5i=)mIPve2uctoO*Os1sUgytfXP>X6jWXc%N>3<4rdpoG+dfCp zrkN4_>r~jjpm-iMP98H91ZrNYFd#h@y~a(+uM?9yDno`-## zk@3T&oUW-qv+sXPsbmfsQ~<%Ehn0C#MzPdV=u^(l7PQCyn9G>d~i ze)(-8#4mMgIG(ij8&NAW8$Efji%@m#Np#R~l@G}4HF&VeEl}+}_{v=5yE>4RgTt_H zH8b7S zzqV$oYr1=Sdi5aq^+IlaNXx($&0c?QNKg@wx|7e*h@Q4 zD7HP+00MmZb5e%hI~LzvIV|(Cj{j*W-lxfOV_@)j!z<{$7}Ph*Z$tp-^OZ+y4#3dg zx_eH$p}@)0hbuc|OH16l-iwsM&q}YZh}L3SdtK<7c1(KSO3dHbaJO%rKVYrWmn6Uu z?ax@Nih#BHAB*veRP&cBw3k9#$?c((517`*oku#5K2LkwTw*uDf{Pt6Cdy1lFA3pP z=qqM}22y9{WX58E!04sGk=gn6nwBwaOVU=-6lQo1qOyVEuW4N$~e?d-b72s`$5G-a? ziQm=Ex6oNf8mv%5464hKam*rSJLC=-w+GhkrW3|Nc*6?$Keb6Udc*@ZeVfpR(DW176P|+|QKrw7sAT z`0slfJ<#)CZR9_<>fiYrUK;wO`xidcTfnO!TQ|GTY^CF9WCd{8Pl?NrGf0x2sJh3EKO|AG_tl0k_QhxoK z|5^~;-|FkYuKA@#;^S9fR)i=r3eD{K3ysA8Y$-7fv9&DtHot6YxV;>FaP_h{2;F~g z>h>QaH@YE)C#m*vmHG!@T+e`}r~@fb8iWTD7u3NjvBID__T$eu>xvkrO||gAuRY3_ zTIQEp=C6eP-{~O#6vqB&tbfX-{_L92|G62+zkO|f?za~@hXZ7O0a=78_ z0J44%BzvX&5X|&oHAs}QVy#|{Qs{@!i*x#~zXM5*E7Vtk=uh}w-Tn2qe}$jBhZ&|( z;C=1WZroK6)%BB}auBGLwyhsWdGr15zStdbbec;?zFeQiR^B{SX>i}oMn|$J} zkE;muWnRRQTrDqQpG(zjvE=*&l~jSGs-I~ zU-Jw`C|f61FyUJA1&wakoq}j;_paH=n`s0uhCV9GezDSfz0$oS?|4xBcO&xluU<_o z8mT5vT%%QaT)Wm;U|f2A!pK;S+|!f%q01nrq{N^P zqgJwqtSxBU3Fd5p+P1x0a#IxKOPs9oeQR0tV`09EpxAfMN-HAgcX8(R<~||C`#N4*#M(FO93qDlcDX&dT4JM;&btKFDT4|rx|GD*j^oI)o0-<>P@O(rl_$q` z2?=sx3)fYNey=ppth2X6CD`nFtr%rGExw2F737Y+g)S9{<{7XtHvH6l-nN1u41ABl zHyyQQKSZ{|Az3h^3EJo}w5M9>$&}$pu+{SxC}Wb=_MVvE;>|EDQ1uwe`9QO%K7X`O zJXQRGyIJ_HyqCnCdHTs)G>FAj3Axs8fp#S&3JvCY#swO&SFd$miSuktIBf$aMHWc( z*8p*@g~AH%E*538#pBi8or#@ z0!>f*4M-CLus|V~Q$R1p4NO>rJj!N^g6{;AI+}sl8b6V%qLJ1`Sa$R>#?G8xdOt^w z-XtQKtwf`5GbNO~L)>r#0+&s$3|hhzVPTneo={9Pj%5sq@NC%_VDg@rdl1t5VIR@7d^hU2y-ybm_ zykc@IYQ4!j&mo}pDC7CH}J5NAZPjtknLz~`~f z&e9}6Lx@kTzRt4Z9EEp-K{$YCfga8+TvQZCZO~z$yXt7{ur;|(3w z={nqCZk(U4m+U2{k!Ro0IdRmGan+yJYG}LAhinMuf>vgoB^VKhW}W@GN(6aTOy`~8 zXHte!l8H4hhIm*u_Fk#y5vq=ucuWZ0jujRev|~g`JfLMU>PRCEd(XL)g>8shJu*3Y z15eIrg$mj|o?st+5X_moFg46R=i0O6b|K-lLD@8O-wTtdhc-)(#+=iV?X4#2I~qrd zwj|bAZ9)J(&DVEd?&*n~nHIezx~n|pTwmNtCd8mc$lRDP z%-V%Ehs{k%nUjQmHJik{I^Vc+)~QBVbn*nhD~sJ5Cw)&OhoR^~O;8J`nXkm@w|-yG zcP|H{ZR&i?J^V;c+gFb2)CdJ%@^vi2S!A|JXv76Q#a?9k@2z@Vm}+b22(Rm@-HP;~ z%Zxt2OztUshvcDNo)ZI@-pF3SM)t{tZ#UZXcPh09L^M6T9p)p~uV))?*;bol2~a|NqxVLO3W`5nazB9rlVsE6 z%-^SKlst5$rX7BlsymCBY~P|2Qti`RedIPHpL_4AmeeM?Aa?fyr;7Y?(PU@e%Vd(4 zc2IqI!`MRcPZ!+OFC6Ti=x(y)?ASA9LT#(^SQJDyfMBu~$A1D1r_#y#R7$@YCl3x| zpu_3K&5gVLsmRun3byxM74&ukR<@GRI3jntP~dQ@dvC$;T~QdKE}4I5rckBMbrzmX5N}G9ERo^Fm<>B#|*=HM`w8`<`icmE~Dv9+i!$H;cP7CA06Da^_L%MXN}g zs{XtW3oZ`;totvhhB%J1CK3dV*!JShh}5Ds5=c-#{{A7{m%7-^8a5nza8D+- zLTkwnNj#N-M3r5h>lT)>YOmhOsO5C3&#xKUQgs@c#eF9}_ zBK_6QUSs*K2JbC;-E z!_!{E^3-7f5Nzv_bZts$+ z-1>78M$L@8k~td6nusW>9=jrk+XAu5S?z#K`vH0N67xYo3}l*Qpx5;k^qmWRK^l}n zSpz`fU<|B_VAzN(e}_^S2DXKPTTZwJxj3U2R)har4-ibe@BdePLrMm2W#QLnC3}a{ zH>Zd09I|#wY}OHt-j@+&*diUP^LU4p?%LEhAr@<5SM5!1^%3bjx5>jZE4IGRv%J`_ zf0BMuh1$8W)Ywc;%QuplMhK-Y`rZVH9orM9{GIW!SQ$4Kho*!`GF)~hYGtEHYh zTsg?`9og8GD^RUn`wcmu$+CvHvnM=uLb|I5O_SX1r2aPU_F=8^Ls=gj_jNW}6zGa*!dY@M%UQlWK0x6n5&Yo8~Gp8ZMp`nmr77ucIUnHMQ6Q5QIq zqa}W&{xw#Ant|}GhTA({jA>xm34QrwbO>cPxd79c9Nd;bVofo6Go2Wo`_c_tjr8kv z4kd4P!5(@kCGWHL6~V`|*hI|Q%;Qd7GtDBbyuRm-c+DlPk#!vYm}&++A-80n*NW0I zMxpOSnB?L%0|}NFyrNVai~X|l9!~o`JTF1#@Dlt-Ksl!TL|2e*I?o0U^vQNFdpbCv zHFV(hv{$Berq!HMDR*irkg2hovcs>v z8u;rRixZ^8FP8Y={HI_@k7kM`l-qoIy(N*#yn~ z05VxB0IG#2QVBdo-Vp%8)Bqb7wenRHG@=M0-(vn{J|4#!M>bN~VI%Dgxa~pTun0G+ zEwTa%fj*2MUZaYw*n2b3^T~wjVfYDl{od4^&89D`r?a~+;5HAnLT;PdWy0HB6D9V> zXJWh61r9WQ_rZB*q{YS`11^k(M6K_M%ZNH6Wl@-*fBk)eF z%Wr~4C?C77iPv8!G)~U6wA+0$@rB&SRY`nTtH>K8ppOYfqnXz~ zu99`+VgV$S%5w+U<~W88Hyl%!3Ap3n#51uTenD@{`?v}x3#1&6@MGjh+Dm?|9{Ojc zjbAUF|2MwA`cpUUb^~U7H(|*i&7Jn0y-1kf0m3r0w4dREncoZ=l$51y{2HrUfeycD z)c#rN?Dv+3{^ENA4E>)~Gl25OzpG|E(GmDnX-v>=Sx1AwC@@Dfw}SL(6j(I5`62XE ztMI4$UjX#Q_9Z#Y68H^kj=7rmQuEe-5d8le3-;Sz$!b;~vc(Y8Qxx$1^d&FKN)JG! z<#n|H$r-0m&@H8}T*##+f%>>5_ytKle5S{<=v}csfgOc3C%PdjH2&&dgyPUpltde>bvx7c|Xd zb#4nFQzwv`<~fXE-VYN1wtp3102w$~hR_WB+`id*=zF{@KUw%V8x4-`{e3p@1FMm= z@e%t;+dQQGRN5k{@q#$5QgYTKm7fyBoX$!P@`4wE>O z;*#SbnPwf46OyWHIl04Jdm&})@_TZpQR#A8u4=N4_2Bi&Xp!u_+Xv;3nq6J8HB7=L zaJ*hjG`iA^)CzhCbKrox^*uP`Izb;^QRW>mP7s3M!Gzp~p>fc%G%Wxeo^~m&8fY1R zg4-)0=g{me-k+M9ky9U6sS0zfz_9rdeNLJH0)cc$j?T-+lw6_AgD=aOeyVkS=JMPB z?CR8CUL3+n2>dGoh#_{EGOpEixM5&9nwvDisSXsSCp5{uaiCP?B=yoEDdc3l|B?! zQ#&xAidBr8i@*XnN83O%ZpC1??|0A;NLLp*n4~t4@A-ndls$17J-)=kodNfs#FGO5 zH42#J5cmX)8$kpV`XVO2;;MnK}p9xby+u!~Vo?Vibbnk!4!W5g3b zZq7=)<>j@|zJ2c#6-6_nn+prY$$<}6PR9spU34=iidk{oFF%ZR%NoomL}c6yJ*>68 zf)+&Nb{bgZSTx0yUViuu&3!^vHoL8&SwE0WjF}ciHuv)rF)rS>2rQ!jylRjLI|{5Q zRt)LZ*ajv^61KZn`KI0Te*`~!?q~lst1C!~+~KK2-mkEL3l$$5k0@9eJYiCka+YnL zytot@tEi;U-V&4UrnA?@rr?ZKN$!rFoqpK~<&pWzvrhiXnb%6ADt+C`r^mW;seaYODVJ?*gnVuD~@!pa%lXiSRC$vqC6_iD)A&o;#k8s)*qF_P9cZvyVRDh^Mz z=_A_=FyxuiyFn*ujUi9&Ddj7623l6I@ddaye8+x@BZ(5Qka(c)eYt8Pxw_qPYI|_` zQ%(eJV#a#${J=m0r?-!CpEnNBG0<9`4}%ls@Jw`uS)StG-GQHF98_T>Yy{M1NRC) z*u0A0RODu9;$b5{bYk;(*y4JH5w2&*U}@W~md*J$dj*RL&Q;~+6}R-GiZS=p%kRt= z?s~u~C*+%tXoN!p=mF@1Q z9~RaggvpuhTvvP_x+G`1kENZ`sH4C}MJ^Eja4bLIMu2l!j5#~HGD~nOFW4TXv$l)3 zJL?U$&_kn6G3Nt^~ zJ1XAeYNTgQyqD^izCp&+e4;Dmd`Za1Rj<6W6YuRh)XejyiivJ?d|KJ4BlP_J&LFCK z>tsj6u>9!!4Op(EZsba-tVTeE)56n(zE8RyKJIF`Aa8Of^|VC+^3;M8Hn)tp;!0(C z5=Nk^X2FVS!k|IhW+Sp~0{ktN%}}&ls;7vQwnq}y@s!jels&lIloY|iz+*rNRH`1Y z&=mww%g2Xg%F>$8b}@Q}CY0N^dh|v}5-~kyZI`d!Isbm*^b6MIhn2XvJG*R{Whum> zd6mO2Z5}@O?up(^m)WiNb`qwsZcAOkDR0?e_M;jiDF1Plp6|z1DI2)pr+HT1pA$^) z^HYGAAz+qG6TuN5^|@~V($eaGBQ3>y|4dq<|4dri56w~gYS%z@B^Z`@44P-jvI+sC z^U+iN~_f zPYGM==1o@V{n(eBnq}U0`Tm{Mqg8PRb9KkFyjJX995TT92huo3{i0Zf#?x2KZsn}w zPgK@h+Fi=rugWYYlb#ux@ek#VVY5L}_64@^Sqj!BtZ;z$F?M2@*0B-P4mVYsrBE%4 z4EI_Iwq!_deYu7g`O#E@@WhR#xW~4XmMcz=Czh;4{4bZcDhQv7qKdm!kfo=AE=QHy zpvs3jqBNtY%Sf5y_MvN0e|Ze5(*s!@&70ObjA>933TWmWWEFf|#gyXexC5EPw3{P? z66ReoO}H?T!$0kfq2j-0_2&BIU`O*jl+@3;4t>oso3bg(TbrM#0f=tOVz&%~7b?#8 zMxA=x7fZB|SM96BDECqEPb>{HgLQm_6D)IN|3JmOd5BQf1fN>gQJ~Uw5m3YdZ zfPG`WXuEpowJw^sS)iMZTR?%FZWZ(n&6>c#`=%P8J$WVbBX`RYKFZY%#Wh4uQA*nWI>@TbAS$F@T(Wwco%^jaIo`wATR zq0iiIOyLOT!#6R=y4#Zhq!ocYpr(bHL&4X8yw@lad4iJx9`XcZ7O^r}d@IXeV*<{| zuYag~xpE>$z81q}fgJ*3=&=K2?Io_gMF=Obc*Tac2cq_NcI3&Y>1ZB^x320|Y*TbGdgg<9A92HO(TMoWc&2%-JQ!4tKPB@7 zx1~hYBS<~2v?0z0D^pE!WKkM4Qd3%lw>y`0D-U=)6MVB_O|y@Sk9KKmSg6(Uohu(# z{cM*?yv<5=Y1nSIA>#1K;5H-j$4NX5EVA(m@bX`CO`wrd}G;*Nn*dK`GD zhfv2|d^Zku{X_?SF{$&%U5CnLP(DbKkX1l095d1hvCLvt4xwlfU;r^Hg0gI<-*=g? zuuUJND90AHtoWSU|^>}4Q7`e3%JhCcw;Og-IBZ4Q~yAtMXc#^3`>G8K zhU_Q(v)6l;a(5)}meMQkx~8pZ)a9vjp~j6N_o6_5)?m8Kz%`>fwu^nEtUW7JZ~OkH z2Rb_ohL|V7YZ)Ag4&0`7v$@&V6pz9F!Yz;ExbNd=g(Uk%$7nne9gTC z2O5_p%#0etJ|lF=mhE!WQ;w`WhRe;`eeQ|UdKT4r+DGb^{Nsu=Mb=BZozUBj^}@+) z@?5vl(mbwyT9AFeB_>97OBHj667LTti5~*SdE#U2BgSkxPe^J66Qb}w+K>VO4BKnf zgVcL6tRkyLlPL{~W(=O-HyL?3N!dKJqWfBmnHT+5bM@airq(qd%vD-m-e_hYzL7A# zPR~L{VVCHfaTe~CG4!DQ!>#Ju9siIL)E|pgsPRB#OAMS!gi*)_VYY3(f8Q0`p&)lS zmxUQAi||5BVu7F1hi_){9MaaGjFrBb(OJ90UCo%KP`sYmFD9~I`o4Bh>=x@g(v-15 zjS{>;T^Das>Q&pt%-hMx^?La+8O#fTQmAe{f~E%@0lV1%-%z`&+rjmKic)CRQp5U= z^4MOC2wpm1fRUYeaDIblxrR$5^MEjVkM*~A*K@uqbCA*U^s6$^A78JBV&4l`Uoo;z zw)X&T{|htRotR!4L!O=``hms4h( z?kA=cC9U(<3j%Qkg`}m-Va%In$ol1BQa{k@=wp+R4Rp3JgBs+^!Zq=+jQIC8qvvXO zpI}YSo-TvqMgZ~33q9Swgu7oR#7J%%ZZ`I_H$^T2+f8 zW%i-4l6aLhnQbo#(kVT2%?9>uwq8{a7Y<$_hNg*|aqd4JzkYRYAW0_UeZrGIWA1&Z zPKGl4pcWu_Z`t!y;C>cq71U;a$8tMP!>)gWUE8WMNGpnL(ifHU;pn_NYoylR-X<|9JEQlO zlsv#YbMQw42M6^)Z#S`L#Fo|b1tbBBavi53 z5CvFa__md$Pz)JUg7k1uO!PFCR@TgWY~A*IUtrIXjCT~3~r zPk_!xjd1wUlbQJQ=QD$s-Bbeo$z~iZvcVRFdcvo&_?mZYsBu;p1{nyQJnAERA1bugi+*Hr75HoD3A;3C$wwPYk2qNR4i(;hOPq@F2sRmcx16 zr|A3419cZK)p=k+TfQE}sMt$pdy#T%Cu^nI{&%YlMlsvYy&as;NQ}}tM%s|oL0XiM zHxh4Ll;Ea3ZhSA)aLgn`MK7E@ocgvBzkNF6fn}7gV(-jPU4q|7OM2zMpX~83O)jEqEFWJ zmM4__K}{;(UnKEhsgU6F9M~&hLJB_I4s!EgWEGsJnG9 zIr^D*NrR=}pYH7!(bhlP>t$$HUWC=i-AN#E#Qo&xQ>_A6+x{>CS zD>W$}-VGIdysOGe>JNF|SwCb_J*nby)Mmmj+(uXDS$WUE3C`h)=;y!W)BGc(dHy|^ z3$VdyM*vhXUTI)vW`JPF8;_wD%zJqRfIMc*J`wCBJ`o|LxR#_foXU=|^()rrrxV(5>dw>bWhvy7LNw|UT83}5pMVgL>Il9o?vp*h~*e7QiX z>zM{c*BQc+2>L+`TJGbj8=w>8!$&PdkP>ws{8jz7FR~qf%r!o}mEXR0?{xMANKheR zp1`PgXzk%5JF|N9R-P0CyE-86%!PDc^k%qRujaK%tB6AEKHHijXRFF(?ssoEs<%r# z@}Z1aBMmsR;D>fy+}Fe%`(7OGF;FKDs<^=D#zdY3o1Ft1Q>-%(ydTHZ23swWpXqyQ z;Th^)+7VUU=EcjikbMA>mRz_EbJVBKlR2@6YqTs6J?#NNFOvsuey zH=!{YXAs?I-dRcymsIDXcrqHPgVl#uYg3-bgd~V35c3TWq&vNvys;EfDv@%|tMtbi z*_DSGvGoq}j!*J5?(=Ck)Qr`}z{N}46je?9yIDRPsx9RbgwmcIUZVA%#)1B2#pRym zvVwGeI!}uw8(J#@uYL}O4OELc@{_<053@(H+HY#@&z_yfl<-tWc8j!9S9Zkwcsxm` zg*d?}sJ>_L%JgCC*#4siOIQ89XI;oUA2%I}4&SeCt9h3}L#%yS6HSAVSLjhIB%dJE_tpg2j9ys;=!#SNO_qovZew0TZ&r{&y~9;?*fGED)b)-jvj61KXD;KeJt z#Ju-{L*WXdS%7^me~CaF`lh_9idB<8Kk0{TD+%jqExMmExRLhy3G;f;!3U-OlsB=R zb|PFKNoR-KzOe;{a5tEL*63c~UA}v?hglQdg{)5jMa?CaC^KY)znWvuFXElZGxkYq0gxvTmR+kU^oP+w#1s_I}Z4~>$|X3sgDje(D0 z+xmw|2^I>PzAUy6)o{oy@KyYZPH_&eq_@@J5>f8?`)&F0a&5<}y6kos;x`7566w@_ z$T*&n_ULnN;_qV)0-pdhYx9BkMPNaW_Upyj{xFV8--34puB`l?i}waQ9DH?OklhI3 zdw-kI0oAG=A)4l(S|dgzhnJPw#0 zQNwk{_oya^(3!#9V;_8sM8X&`G!Z{`!l zG*(0pojcd@Vx^$`J%;#VF6PWIpD;WVFY{6WW*F(8p_C}n0uAC|kEyHW2vxt828#8!odG#MsO%zTz~eesmBKO? zeV@dq0~fe8=*o!FZtw$0>Mn3e>!((nYeYk9w@%m#uvc{zrdK4MWP9HM$OLGst9bsQ zq6Dg0*X*9RoN|Nh?QYtsywe>2vXZv>{yR>)obVTW#$S?p756635O|wAW`{2l@1#4Y zKFZ)dyymt{$Wv+Z{ZruiuPqANjbr)KV}hhm&nf+=k-(`0+2-WLMuJ!XhfclnGS=M$ z)<4M#gm28Be^##NrZDZ)8+6RkA*bzX(O#mKM)J8*Cei&5^nn&fB{v(tC37i>h4)u$ zYRCKsj6bmF?OHC$WEE ztUZ``jH^57F7nfAZ@Pzf{zPm`L&5$Ee%yb-1NK0+?CP5J1-dWg%qUL>PsO+Fe%_XD>F^zIC!Dg7PWn2s-RXDH z9oBBW{#J42tYd3pct8X~)A2D5NmHtgKS>deIMlZm3|K;TeAmwdb@jSp9W@r=HfA^% z*+gbrQnFnS!=odjjY?|*%qJ7i_BZB(2`XhBzQLN`mL~h1BA9jOFKFvto3dkga4Ry3 zO07u;JV)XN+A{Y$pyj+1vSj41g;#lZ*x|~?qvBiiMI}lr)7A49z1ozlTpam|9{<+S z{LKzMGk5ZaS48%tcvI2ia}yeRagP4ElU0Ra2zY2pwp-a&1K;4s?xKCBx*jf$E*{&< z)%^VrH?OVU)}q`g?fO#Os1!^-0b2P0#$2Hq>-kJ3&->!D5}r3++d~Ai9Z;&gBauC< zBej*;JUw`vEqac1?Y`b?gZy(arJ2?^8yi zPELqcW)R*71_gAz~=&6Glhofv;9a7c-u%pI-oJ*Nw}#aURwP0wUSrR5faj6zq5qJAuLS87s*ahf3G$Z|KL&i&iJLE*tW)_erP1_2 zE3Op(8jKvdzp-737nr1_Jp$5@t=(SRmwoV)+V%n|uyo9eVCLlose&_(V{;kla8)tx zd+5?Dn-iN!{GhA69qN>ZdF+lLdywTMfsxM#Nw>msPF|B9Zfk|06irgFa;)1y_RQ2``y; z;1BWiyEFIz)8?+NW6^!B{q7CqhikKIgH$N7B0_3Z%(}OOlM*VA?cIbC;dUWAcge4v z!{yul&{fwIIB<0N%Jum3r!R+d%+uJ$a|C!Sn=oi;w_K`uurgRd(=3idzG0B3hZ%_) zq73;5SNiHNthRUi@N1{uuXrU;T?2-thq;R`TO@@-9+-aI@!JibV6-Gblt2LB*k}1` z;FCbNZRCB*b^qKC$zh=fNZG|t3C%--i6%Xx;&%Mb^Dvd_Z%H$b^Wl?6+5}Iq1xN{w znPD~Jue!6AGqrKjX;GSXb1zygST*)hdiv;tQAeM zuueq{KNq@47xEa|k_KKv-}E4(#mfjNXR9hzL##O4%8D)t*9gll$CPiMJ@b&d@?+ae z(|p6rBr(Cm2`dsN`40+=^KWSCdAwWHzs;p7HZMJ(Tg)Dt7<4@cAceJjQ0n>c0dghq zvfD6<484!yTbQ&mqCC50NK!Sik zNgb$l?&0)6<4i1X3+_Fd)kh~2_`6X|P)83dVOV`!rQ9935k3Dt5fKbq7AOPQLX0~! z3urh^p9`lnn8Mn+e0}!pmM_V%gNa%bbFaH7plSNp3W`wBAhNn<+|ZRbusHYMFn zO&9Bqo60kMWqL#AJxzbb9jg0=GW?LH&lA?Q&62PCUip+Ubg<%Z6&9(QMw z^|}K#R{|dwl8EmHyvxF8`XKCWs)FJU!5r1)9GQ~14^=d|7F@7h{4_qp>g(>$S6u!k z?JX_JD6S4LF_G7}^|dlVC^#iswP+X>jtH_*-}7u8B(l`7nE`P|6F(edQ`1S~RlT=VYv3 zoIat!I|FiUXU#X>|3)wvOC6H&5EC{lt4#T}rtg|s7ddaXfa>Ua;kyF$CSuLxRlnF^ zPbgf+eZ|`)eeO-ctEt`^`oI^nm6Z8=uVSw z!uQoG2kA$vXGR^DzLF8}gWNa!Hr{@&~RotL}D=&gRS z%_xZZNF&~9rm{PJ<){IDEExM?99a)C$Tf%HMYh^#GZo0gaSC9cLY^!vz#=q=<6?MX z!}Po2S~R67{NaGs6W4mQB=@kQNxN(cqgYD@y~1bMd-F&Ew~cPm8xwl{Xab>3UkM{K zi@qSt*n6=Mb+c6QBWAhEqx*G-4n}m^&vmrqWyLM|`xRq5pMNKJI!oRnB1B!sNlgCq zRhwr0C*gjc!wR7DMl+F_*^jG& zLu)=w4WN9Q8lZJ%9Qk=}0s}*KXJIe>&soFowW4479_F7-75($s<3Ev+{O%k4n`FSh z9liEX@<~J%8fK%Gn_c*W%?NjQV81M{5qgW}zX(Wb=TV`z-uwp0+u|>0fd1ogV82!p z`(I#te;YXV|2C)g&!vC#FKn=XD`?PP0}uI?c=eCXf0Xn4znFT(#=x2pBa*oc zY`+!f0^H^3zN89mtW^z&s7vl@h-NxCus!MpudhqLQtBDr%(WWHPR%wrGAzh6Grnm& z^*yR2woR_bt(@IuYVRd9(A(+Vapb30dj{pq5Q7Q|H`sfro_=KI4F4{oIzcFfrXlVT zo=@j2le`nz8zc+_-tA7?T7Pq2vD)CuNP!MYWWw}EvCQcClWg7EqD*&@;hD19r+2jq(#&ysIw7_JGr5YS+Aex9`2j|2U}b zzna7Sil+sNjSb=tF=Q-n2L;*C!4(P!^dtIY7z_)dg!u90sj?>gM>+~0dTEVh+V%WB zo>I@#*1xVc3EY3{V6tV-npx$aQWW_-a^Nlz`K=2S6;hAc?Q;5lmB|>?A^yyf&Br{v zY?lKK^5~t1upNW}-vEJ%-<{3=qa4F;y+QPDgia~Ofr6zM_6_J05~iu7_H_iM2GV*1 z(GcI3o=Cg|e0yYS3cEc>hrKCV+9RgO4S%Sk)NS#u;%TGDt`O~pJ$uK(_p_n-ti_35 zn>j;^AteK)hqmP|F0Y%n=~`u)#&soY=ycjN^0MN&d4)Oi9zf)x9sgFNuig$~5O_jZ zPFk=&Aj<5h6^Eyql5^@51sac*SCn;M^7bBwDXgoivB$QHM@JR*PolR5skm)?mE0{( zi7vcQz3rUaW&0bIg}aSTNSyAxlexpBuzi@&W}`&T%pOllu)2J;uBX~X%%BTfTg_TD zp0k@(^rLW$?8T--{-Xgy6f-rMUXpex+fn1`-WDs#=wXhOe`z)N*kS z*|+>u?#}_8+gtTPS6>%6ye`Fx zz$N;yhgZj`ONxjrOrX;6H*-Ez?Q~oJtgChlPpGzwcd%UJ`>NE!pkpJ0x?VCp(=N}# zXfIthsfr|QOzC-C=|TF&-*fpDk#3ayhRxcVAS-MoX5yM+!hF?fpu{@fYCkapUGn{x zI$(XptB2~YLc@`1s{Bl?6FK-H!qYB#fFq{`_SqXz5RgYjcJ;cjdP~@*t#y_~l+YlH zVNc8cbWgQW?CnIO&gq57p^2h^yb~p5#o-9OK|?aigLI=Gub~`AWoSWUv+Dw%L*j*YTRANPI}8lUOh>E|=n-}rHr)};b+ZwfIe29^oq?ebw!8RXC??op`j zq;~u-cld)pNwrqkY%ct3-W!E-1y4~Ioz4ooU zA@tbVT}R9yomF$Yam*)Va)c6SzIo`@y5uF*hu3!k*w`0VeaKU~77#%01?fU- zt8aKW5Mowl!c>@)+tpIen5R6n<5f@E?5R#AEwfQY|F1AIiK{&voF*o3>Ew;c}VVt7IahOCm}uOF(M~PR(HgVqve(wMW23G!*IJpP&Any4er07ModJp1 zs@_t*25mD&zjxu;x!ywqq0NkgL(@*}SS0w>j66@&{LPPv__PLcrQ)Bck+ zXt_q{5$CN8onyvdpy03dc_Jws@otg?vSE=MU>k7zxk#UtsEx}V1-w*1>&V)sOzF6Y zcC~Y`0plFcmgW3@(mG-}Q7uib+AZsPf9Jl!@e>n}>+m5#eh$j*(pan5K&MAS&f6Hx z$(=Ox3>?v%b)AT+-NND-5laE!u4%!^?r^J#r*UW7$+I|eA5U2RtjB{UCNq$+zR$Yi zyL0JrXK`BbO{dq$;G}QRhHy+Mn{b)=us{jIaID}OJR1+Xx&pBuR{>iG6tP>@5L+3l zM=vgdtSf{tHF=X018XI6L4$jiC)5fIKNHys^pFb$cnUx##vBDyZr)MoU^q84oPgsQ zp;=-4;LDg1mz9-A!I=n31_6r0nxF|){Bacn^wIBNrlxL!`3ji6p4Ch=>$=j?$5m`P zECZO?!uq_g!6nb5U~8oI@h7#(+bs|U$XJ87sz8C0F(aszm0_s9eR1(yu0BuFkPjv? z_#+#f0JsA@!+NN%Z#5zUk)8<9FvD{=&~F%}und)uy)p0!q_zUhD&Ys8)%o(YU*7E( zOa8KNzj&!HKKV-o`Vw!yWEWp@sV|x1mpu8)8R*N2@5}l2%W3{g?cz(N=1X1bZ%~EX zJ_`XoDp=Ey6MFKsj!ck$C9IZBKU7}TDI>iL~humfWDZwg){!-jB zi8W;v1ncgb+IvB(gbQJl`t z2v@DBOvhHb6EdFrg^&N*DJ9YKs zb$8~;@bR*c>De#fkAF5;#6N5I{a+2d^X0w&Z^wgtvB)pp`^zr=vWvgq>AvI)pBvBo z_lXbawNTwDiq|X(syj+?wlm`-fI%gLE)2hTBHUbWkAgOS&=`veBX4kFI}J8wspUPM z6tM{@ZghSvnjq|DfA+al?yd!g%d}Q@yZ8HAaAy=dDfSZ9{%K)T# zWO=F#;1gCC9)#U&p%m8+|$a z2r~qteq8lc;&Pfd2Mif+0GxdlM1O`f-4FC$Z1_nS4@$r2s1nnKB{XW^myfIo0JBvT z;QN5A%d&=D7?=<;W+QyWlAR^Ft55M!RiAQ&aD$(X_FE0qz0wq>54CUZ7{07LQ8ZaE z&(USPr>-a6X1lv}puxU+k8`E(GJQ)rS8|+dU4j+tljglHh%m2G?2v*C7cuy$%!YPjk-AgMGjgY~2!(>pG-f z+HonndojX$Z2;wXb*!Skb?3Ddj~e@rt8{xyy;1fpL>qgYoBWeHhg@>ZUikwBAu*+1 zD*LnJ9(X?7=1|gwqsuN9VywUo)oA|G$y8)#3#p-g9^Mld)pLMta|BSra4%! zt6;GxZ~8dta3lAS2c@{Y0lmweF2FMs2%QbG%Hrv>-rvvhxO)Eo5%=CvO{QPFu)lE> z6%_#y1%Vl9QZq=CnsJaWAiW70MWn2vNUr zvBPIc;(9>w)6GAR60THDmY%34T&k$gPDKPy?C)sd3oO#XHTx?I!K)NXk~fjsqu@{y z@Ocl&Jy76s;-(n`Kb6`8ZGvTVURaw`U`?i>twmD4(PdX;f1%d-u@aK?h$giKA=sCz z`&Udh9uP!rNdLJLc41`l5>6t|;gtD!uE(&lg#S5g`(~Rzqv<>|xY{P?H7&a>D@JYe z?jwhHP(U*gwA@T63)~(F@WbncZ%=XiO=Z~*@uq5VpUJ|?KzYmpLW~PejN)TovU#*T zykz2^BfpOMk=V+-U)+WLf)7${Z}Ur!mv{<3F|Dfd2TRUf#W`tSiC5XV+$Pw~8{BU$ zq8&&$$VvT!OW+`M4gX$Va^ur=XX|34V^$x2gK-G_mwWUnOAZ{Ma;@O9Ql0FKd{)3a zFG|LCJEUUmOpyD*VspCGkP;ISnB!iuR`)!>B?SphSrs>S&nvV zxd&g?>l_`+4eK6WHXr;znyp|4hgo`ACf@eZc?Z-C4V{Btp>JfYSR43a)?}m$1jV{aUS|oelBW zCW4f*ZS=D;syd=th7JN3eFE1re69OJrqJp`-aw2|gOsWn{EC@8|t#I?K?OtCgs;17Yk!_5eXb|m^EmPV^<@MW4 zm(lRqNS6{??3K%qy*_{9gE2ndIM`gLe6S$Y;okP>L9|{{_mU1<*90q%Q}fjaS1_xl zSV!Eo=9th0CkDXB$FkgcVugaUk~}53BWP##Q-LIfrvcsA1}xe=%K(@_ln%JkS@ouq z9Qvl6nlm?wL*l7>!_h;6)+WwhT-UCVAo!`oInxPxBuXbRe?T z_2bCQ%xc~ogvBXl9@F8bCS_f%S8hzb=^b=0Lnp&iKH$3RpQZgp(aM*7d5t+pdM*+3 zj`OQ#V80tl$EA+8Y9zC1)&2iTE9U=|RD76aCO82BnSI9v?=f%WdQIT-v5ARjAMSN@ zC~L+sQv&6{5R|@NnG<1IRQ;0R%34lGW2#M78rbIv|J=H@DtnPdPubGR|7idwcu!WE zioK}m4HK7eVwc-(EJmqlvQuWGNz!|*SG5e%FB%u?6kFqy&CAbsj%Kfa%_ezke}zpY z3Qo81vjiHzz6Hx+fd0f6$}hN&Hp2v!f8qTOqGnB20B+tyYHeo~!E9ldFIGIA$DcuA zEN-q$N_AoxY;7wo18_a2rRTndJ^GxQYxumzKhFCq$hnO7wI(Y~uK3yNl^R?g z!>L-Y4o6(YvxCm%7dUK<39u0uS(N-WmN~e^9q>MZ)TlsaHBPFq|50KFKBB{r-mMoW zN}^^o=qE3;Pv*k(MNqr?BaLTD`7VsL+o}cr*uhugP?e*aVUlXo8odXKr;9GilN|x z!kA4d4kJTjJJt90N|mapxz{_XSx@2$tch#+uQ+s`c&gy^3I21;{7YXGs_6;eKv@-j ziK*dwl@SWog*l^ZBJIJ#XN0`GrUp7kHm4|jZ;WU2t0yk=_eo;|M&YK#}wT&@Cde-G$< zgQ*aBZe8fSlW*9GT@VQ#43lvVBZ^c9-A`(Grf~gVWDzCS4Sf}qE_hAo*HvMq{`hX>W#)(;Ky!Y44!Y{{b%; zS$?BHJZ_HOg#3#f1bs@SoO{gtqNyISeKOdYX2%pc1Wa1pecIc3jD5-TJ$s-!a36AZ zVmCg;1ZLJb!n+nAwtCP}sBe1d8Ef3%CZ^8W+XfN@Q3iA-%^pcGlFFstOl`IH+oH(2 zK#eJGS#ATI4tS)OC9?U78-~8lPa;76GX0IENoMT|&P~#IF*T@3^9h|;TY&^L`3`G* zduk7EBKCDKAL5S#al6HNDeeXYe$F2AvQ4WDOWm0Mp^Z?Tu=_@}+j1Cw~w z6NRan(Dttd`!dZW=UpR5Fp_NR6kespb3kTy1E%k|Z2!*E@K;!h;Hq|t0a(@oBOMfi zVMDCjf%FBs5Fj?`+5(g_VhRygmiq+1Qrn?m8zfRPejyK~UOski$;0otLf+LW(eZyo zwLh%=Azp|-`s#wsOygv(K7yBca!x$QZ{u!DS!rBEISn?n6uZs_r!T$&modN1JG*TO zTEjhG0cB2W(%8L*=LU$f8cbDb!1VPd)}B5_##ooN-P?3pS2e^8`Bqx%+-COv09(xS6w%#W=$HpZR{<%X%yM|W( zfza5q^R|t8+exL`6#U*8-2BF;{kcT|QF_ss?>OG(b~I6!SUOmG3Kx!JPA+*Tu2}ac`Q%|!0YdXkR?mDp$gM& z&fJvirL&&*E#LurbkcoHQ+S>B1_X!c7KIj2zpsb#U!9{s-ea_DBp>IAPwl#-@k_Hn zt&;rw7cn304jT3T+M;c(&_D?M@J8#DYuY>8 z)RCpz6M=8;Cce0s?Tzhd~#zt~Tz^`1>xKF}dN8TfL zMlo2)LHmlcwv+M5h=2mY{-&=I6@e$cXGM!!pf{#CflXi&fRXdRY2Q3sW&Fp$d>&HTWa#Y5hk{hSrKelk;87Y)=(+?T(#Y9nGbmeGK0>L`L`d+mjM-0JbW%*_58 zqV4t8*4n$3IF?^9ZCf6WUgw%&xExF95_u{9xj6Qsy zu!z)3v*D?D%D^;M$ZM5WK9CrqV@*8%Cu;%dRO)EXbo7Kw^gCSgIJqW2kq1+K>v<>F zsHtuc~r>HrSWV=7c{|UT=p2SUgNp2kB zUPfE-tJ|&TW4)Pr&sl4`?>JGWXFh+6F%fnem+qf4X3-zNMCsacZP&g1-(Y(~*Tj!& z_-mU5vy=vM@7mwj6-us?Qnk^%H3znKfwQu(PUHd**=Fi#>?^;{N#>}uB zzJQT)6U&`b#!o;axG@0bS|=ZCDvCCo;61EBbs59zyn%uR+Xj}g)b&ZjoG2;T7f8)l zrZt)kaKEy^W~qq&DooV}B+k<;Dmoe|yb2R?%D8kjkmwZV7`o`zmb*8;*Ic*iXL$9k z>nru^`AyGmWiLgMG>9V+oylsXS3vv%5-=K=Z^knDHbV@`28?ai4-=`~5>rD;0;Nn` z0#BH!Rw-qfHfuLOtl!mXOs#eEsh)UlyAY7~=k&dEjVd;K@>ye{x4wbqrTR1rbSp)# ze;nFzPVns0RVuY`%CuN|P3N}_LHL&iPcic)FqR{I3Vdm2R^%>|{4Qn|X-{T-Dn-2H zSp&!gX?jRsk=N z&0b@vcql$ih zLoF3@x)M>wEJ(f89O^Z@&W;oEm6o}9UCqupl%wSo^uZKfWuoH-V8jQ>^Mz#AgMkeY zzd3T8|5BV2n$2)e>HG;;_hku6Yj}p(ep$`WX!9~)-*rSDKI_-5r@hLNx-ns@kZG2& z?K8T0_sP;Jw*l)3Kkrodw6_|X{!%7C>+V!jz=uNKpXZ_sBhd z`gdgF-+&T4zumARw<>jfY#{wtkDpDik@UpAm;705-2Mio;%9rwFj;10q?O{UV8RqCo0PbDid0pD7O%$*gh0*>+57{OjWgyI;5Hw&SE6OysUQwmG{uGQ}=~M3x+e-4g%M$Z&sN-7g>{Nw?wXG{k`*PNV18>9qP3@u02ud(V1j%O3M%=C#(gw30g`KZDqzwmzFDF*689@A z#*C_)3E0O;q4b${X5vMO_~X)4GuJ;2X|-G^fZQc2OaFDb1f)GBaTuGmqrSq;qA^zq7ZJ8PGJj z!vam-3Dz75gTz651IG5`k~%N47;h0+ny)IAU=*v?%c1FoVG4=hoW5mS&_4YUbv zrTHMCoGHyWbD$Eujkw%(+vxU6=VI&X2dTLh8?Q;N^w_$9m??$A$c8nWvR{RqoE)FH zhaqjlzmaW&IhH#^Y(K&2bv~A7uwcZOpI_d{W@|GupKNR?kVtH7YNtXV^u%_AYx4Lh z4whkyJchnrVkDeqt?^=97oqJKX#6y$!sC{;29bn6nOB;==JrgH*N|G^+qjg_nT*$q z*8ZeYrF%j<2lL{Cg&>kZK8Fp@oCIwM&pU_XfK$$&-%%78Krbfa(^rgIW>!vvo zR!RO>eLw6u+4*Yh&6@5T{q}b4YE8d>{PlW9ko(zr3~i3k@qz6T=C(`o}=F=}c&?~q!?bcRf1x1C!?@GiQ8t6rSq zD8J~J@YaZd7oo4=&F%+?jXO(&fdgm3>%r$jy=T>q>10QJ8?H6h4R<%VKRnmNH1Mqf zUMF|+>t53a%+7C129?NP1mJeC@E*c~aqAMqc8nR&PNVQ9S zYCZs!6+Z_Rn7&Y~ePdM;GpwFf`s&LWSvdZ}UwNm0%c-_N?}Rp{x;2vB!Wdd3eS@Jc zGX|H+qZGEILXzcv6?}rR9%jCSW{`;iJ>;oG7$0jKz$%aX6>Wow{~K*HDfktLab*df zGmVA{XXSeC?c0++t83cflZ+i?b6*Z<`~F@K6U?Uj7(AKqN31RC294zUJ83T_LNBG- z)k&|9_UJ$@rr6IMCA2M$2PSNvGJzwIQ~DF z`9=B@7|~%fnnmZhv-CHn+2Zyj0LNC{e&;I*w<)rOSpti@17z1zg< zcMdm1j#1Xlr^RFEhoPYKdp{CSE?8*pPK3} zTvqt*;uW&vI7`;L`H|sUtD@?ZS{S@#P5aPM_cdIOkjcB4%97-G@|%r=xWA%r0>>A) zvC53)UaSZp-Y<6{oN_L3vehEHd|j_VhQFU?`IKrdHN2P*?_U>N&%Hq;=R3ZA(m(H^ z(KpnExKy4yR`-W4!%08qV(HQ1X?FrL#)sHR%cuyj&y990Ht@RQm@}4bZ4@)p+?h|? z--!DhHx47}$CK|tr;M2Sn}G$k=o>5$#7%7ASrVwmT6G@N_%t2cJSwf*PSQ6Jzqj4A zcCIx?GB1j$Rv5H7rI7i^s_xd=z*gcb3tm=Hizam+RzSDCA30uKlr=vPx@iW9Fq3*t<^~}TiNG^ma4?Dd$LoD)CAQ$XOt z#`xCud%N|2o%^N z89ER#j~N;&s<-nbYo_%NkDyki!cdvMk0n|OYeuC;eNrAn;@5|-7^B~|x1wxpYODK$ zhW{AUFmWmVhM6^d(DE$QRYuqTX7K5#FoysMxI!DYb9`C$um9s%{{K$>`2XKpy&Of7 z2aag}ap-b28_Cb3JjEQK#^BUJ3|;=mA>Xw)%i;n|E0o={3oU_s$rcEUa(@<3Aj8ueGnHO<$A}tRGws~F102~I#D$;Py2bUW=NfQ6 zzP{6dJ;Ktqo%(`cwfy$U;L3qV+G(YFEq9#TZ}F?-lwf$SqMEq{ZEAHmAlAV!L0iP( z*vh9OoD&sx@)k@xa=)-Mf0Jr9j`>&N5$w2^Ou*d618UGsQKpQzH*2|zoJ4O7$lx8G zhu1mLVx;AgN)%Z6J@^z_eOrCt%}+@OdHM72bpr{`^}Xp84%Mhs*HLxNE##ihBf3M{ zV41AEkhRY8iIJRIfrQF61+IY?XYPYZff@v-Yj(l0;+5)^G$f}WZ5rO1z8SYQE7MUb zI0XuPK7S}U5%A;CpAJ*t7=0^fuwmLdv-{CFZ>8Wa_fCfjX3Lp9EjR{Vg-3+=|B&ZP zW~{J=Gh_nb(Dzcpaqe$D7Vp1!?o)E zshfKFQTh;VOHtBJs!j1!f>ga~@zv3sI}4@(!z$+9x%kHN8Rk2t%I#$X*R-)|!l-_0`OR7$xNFx0-?*e1f zbjY2|P5~V2(FU)8ROS}(HT{gw4-{F zhE+@qqKU!Bw?;?R5TbP=oT4t*QlVq2DWxNt9(@Wkb*~@7@6I)@*IbpG#&G_A$^lhy zo+b!%1f%*;kwu_Ns2h_RIrmFGV^69zP#g6sBu;Eq3i3sM{OgFZRo)Gpi=?k#U_lb5 z>ASDZ_mcZjiRGI+gW)YL2CLHrlcdhMNuRn_r49$be?H+LP(|CFxygMe;s%!!@C^*X zel7%^A0?2?a-yfpiN;Ax3Eu0|n}#RYnwh-&m9|o4VRl zuy21*j!ZD2EISL1gGD?wdo&2CHg$kc2ceEt$xR905;cK2Xfo@cz)DW2Y^1cnq6r*u z@dZ0r#eW1AJMR2Av?wV@vg8*IWRUl=4A~E$+bGNdSNu!=k3+5Q;IG~n+$GP?(Z65c z=Sl1fda+6LgW*nXytnp`L+CC{irhhjtgnw?H4U6LL*5(9TzU#tuvNH!*s^*Sgf{!Q z&^51;;;OhF=oxYVT@*+G)74aco`OIum1*&cErmSAvu+F=Qd^l5W$X9&K<(Hkm4u7m zpsJ}i+mgdgjJygUZgn=d_E_JX;G$B=u%NIoU)e@y1SVmc5S{bNIV)ndx%jwq$aH;x zn(fHdsRPapeiZon4Dj8q@xXUJ^2@)FVLnuP?_os{RFsg*ujNUz2j1m5iwRBw#pRxY zAw+d5Jg9gpyGK^}iIuSfL->V4i;%@ww(Z*vtjEZ=q&ncu`JmhIJF9JPp?<1ifQncVh6$2&(BaxP%?dAV?;d2U~DC3cSNV4ox_W z)?h)(NgViPQ*eTkd%%xF`|6TF5V%u0VbC|=D4yFd<0#<%kvGP<5Z}0WkMJ2~KokQi zgx10`T`&?Ggz4Cr_bsV*NYV6juqU)OuYNa-@fUIuL@()Mz|CL2KWVt&UFBAXtlinQ zasK)>WEO!5BtxEGMfdBhj+U`zW~$7vFW{q`ub2oyzAd&l4rKNH-qD#3jKDOwBmd?l9c+ zC=kn(6JNa(7-0QNo_uWiJB5tEuPN6D-)B6l8cmb1A-v=iTU|S_v4(z3X?#%b21hv; z<=5V!@f>+N;9fUC8-=>C)8d@ue&!%KkrsX&5(}h#)Q^l)oY*U8$xyy1O!&1oH;?fwH32K6N2mS_l$fESkDUMbU;EoLP`Qb{QF*_ucX(Bb@cx0BZpDcUjwA+-*tp z4ffI0YG7%d;hS5*`vZ6tFmLDJ#>z}EmMp)us`scfl~F8g)tqWh$dEgVij?_@t$Y4s zz7R>2oJN=E&M#nq_P{wvqGHLj3Y$EJTr#3pai5-xN_GXLp&53?SJJzih z*Z^c-R)6+9>=Ydy`6%r`C~<-CACmZjhrpB>ekmy82l zB6eeyEyOhKxP3A1Mx@tdhOsF?Qp`fK~MF_m$&acZ@4I@KNn<}}T@&2Qj| zvl9E)nWXHEx$~oSaSAIBU}$Avxq`U+{ZUA9x$l}Gwg;bjlV5#I{ns}Wy23TZaKRak zpMBk~m&z%J^8p?J}MRA|$$Isfq{ou&UZcXfrMKN=+t8Ri{ zi)6ob<>-IwptEq3Jmtv1tnM}ia`dUJU6UrkslE|H3>Hw(-x!DvEn97xEsk1fldh^o z_`lVV-24w)%g@iKcQh~EQR4Xh*RSK>IVKHDA8h*gf*|?cjO~yU%Fuprzp5@5oEjzn zoy;eJo)nHf^5f9d9JoGH=r>ovu+o|KzRxi0Qt#ljr7}xhlq+>0J*Q^7Zy({zOUWkBI%5$ zZKcM?Hv^Zf)k6t^Yah?Mxoh4yiG%Oh)Yj4SRHj+VS29iYw5AJm7UCumakvI>DVk6O zC0VZFUOX3!2)kr3_w(Pfi2VE>Bu&j0P&!zg;)*;IsA9U?+2&hKtaZE24i7Pm5c*bg z7UTj?r@c9_HUe^HE^oAMyWUj6%lhOU7Q5Hj)G(p*o3hjN;KdO_fgljA?Q`zOq2m=| z?Uky4AuWb@7BY&iXTxT(eR3w9^57?%AEA7Izt2yGHZ2SGX+@ws24=t+3`ugcx06Aw zDJcJabQDiY<;NjqKduY-5!(al2aRZ`Ycb|%CO;N)V5Y1r&_Et=$a`fVy45uY+X*E% zitwL9!F*yZ>Xdpu;0i`LUom@m7Y5juLH7$gaQuMjqF^uZLQSwd@gYvMosD3UQJ>Gf z0>mtse9AnzFS`1Oo}v4t@Eyl1uk^ks0tw-1yad7oljg-=3l?sW*a;mMtr4A46Wqi>GB-|}mM`QP1d-^Kb*rTHDWF#I{AvmKC@8Y{p{hVN)W4<9Mz# zh#WO3|J8Y71p~%hU3dwP;d!5@ba z`8nmSF^6u9Z9{Z6#cg9uM68}rt*9Gyzp`tXHRClZt=V?gJC(!bKbNHF1y5|%PLHoW z+Iv6xK(JsA1j+2NPwm~WRg#ZivWrg-bDvisRcjpS*IjRce$Vb zS3z;+}PxiREe>$C6w)RLU@6!RIZlh$= zpxxI~-`i6)LQ;EOHR=Jjy0LAIx`iTMdef34p&`Gi(&;*?tB#Yi)xXQJi)>k^vz)Ns zz4SRKFsuO!Z%;xotMvIg3rT^w1ZMq{+D@gfvcQ4>?%bC2?qj|*_?h0z?Ido~q69sd z|3JUJ>^wi251z2j(LKj;(biWFFlS#H=*}nYQ)#OlTV}GcB0n*pGT1$`Aml|A z-DB-h`bRgnhs3BmHI^a;qczY39cDSg%PEcdwZj1KU*m4Y>~YFPHEJ z+QKjq?>6k{d|pjo6$=s=u@+0P<*Tg&PwELi$et)!*$JYFWv}T)b|107^meHKBuwPu z-74mTFS!?}*4O%}@nc1~jAU8j7uI?V?E5@wr*BVXXP@Cbh4X>WdwV@ z;7^;j&IjOK`$Rbiq|{n%ivse@%sy};-ST51HX*=+brz;|o?#<&^00MSVdji?Adh|NsTM2%lIlT=#A)hkx@5s#^auu42J}ac6!u*J{u?%&jeb45v6Z9Qe(B1luycT+H}C zX3d{30bSYihrM!~pT{wKPacH=`PICx4gLjzmmJHI4yc$U^29Bf^uEkweb6ZSmN&() zX9O~yC|Rh;6woYpOh1tZvee?*BN96b-w6yPZ7;v!o*{Zm%fCQ_TC9){nEHN(ujZL2 zH5)Dd!*RawmGREY`&;M=5wSPaqGAYqSlWw2EZ%0l7l6LVADq)0R}5wv|K2(waUkPU zO6SL+zr_DVE)r4Dg@Nwx?HW73gM8 z#(<-%O<+^xd53`xI3u$^b6R^|vnm?5Mt-xL8uv4>(5r8F{x%bP(i52WX219xrx^G( z`PTxZsod{Z&qe|#5<{SOGp8AWmJjWNmS?fCeMd)T-NrLYoy zg6oLsYQ-K3As}>#A~FIBtkHd=iE9Sv-pOEE)9CN8Kl8K@>=RRNBZ?)i`HaY>1*5kb z=oh!&j)(IhpUxyrY)ub$PjC#1ZQCr$gU8B$974LF+dyR}%SDVOJ*jjvj27vhYp7Fg zDVVKjA@5j13M~J|bRB`tmzGF_WggKUPI4!EtNeCo4W`QkA-J^03X+_p3a1BjnQBtM zVUw`JgsC!vECaMP`{+U+T|~#~PesS@*(-BU^~MwJ11A>@{CJxY9!T1e+9S_DYB?sfD7nnLu>r$DC8e8bYjMUf)n{{IGB9DLjndy{m=^nwbgtYrN)E*x4*m9L59QHl}!tc5}AoXkSUW>Xm7BLC>C5`#a)}=71Pk zDx$2g#)($vUUj~uza&6q*jKCgg0*5yxlQqSN#^Gz@;vAUn&}(ht{rh;?{5r&LOIsnV>b3!r_M#>z<~2-ho>_uOzfgry*iKv?!FulvnU0|LC7AP0hW`ShX#F zsPtVd2M;&DOp5XBh+J(m?E$lkc%n!e{l8SZ1;-)WV*uW(RpmABmxTQVp{e>jW{)>} z`Q0`c`WXwqTzL@ewtJ%>FLR!oc^=h#^)>hUg#J4K>3XJiLeJs!g#g7{_S$FicK3}- zot(4d>~GajBF3h*9+oF|F{Wv?l_E)Mj+ySTIM^TTzf)K)6|6A4NZdJR>l_ZI~bv4B4*(PfD?Mmt^ z`_E5vUR|)aS7|X&n5#d4zn+4;;3Z?aV5Z_IBf)VnOgmBpD6-`^*G4tsq&?_?AjOy* zlrH%$PC`7WQ=0XOSdBJglb;y-&8N%R5uTsx>FU%bv6RYaneiGoymY+u(}>Vhs~ooy zS+3>_A>xywhJU1<*MFx)s2G@d+i2z7rF&Yw@Z3gKd>do4|IQGXws&#Y{JXkTMl8fB z?R9=oSce{=fC%C;g44;YY1EM5L<`HP`#7pK2EcQI0A&V&9C&K*OLGewyP%gxO24o8 z*NjF(tN8h!Kfm}R`i{pwQaq>gmW(xW$gPxA_RG+)yPjrI%;*#Dnw=~drTmQL*L8w{ zY?ofAE?AjiS^hXQeU1@+3T$S=h=)_+4f9IFF%4*KHi(6F(ViXXk`uoPQ}2(Wgg8$> z)2+tP@<~0`%yr7C*g`u(Cp$k$F+(fob_&i?+RR;2NGGozOfg}@*7QPdJB@a^RxyZy z^A_^HJ~k#j<&aCG&sNqUjiUT1fR4VvUZ2zX<4~jWJd$s}RB9-Y5IOh`;VT|>;MvgU zGX*&q?VCIUFoH@mMslrD+;w+pb22_s$F zwP8o~i3t0C&}|X9?RRRaV)Lw?(~w-v@cI56{~w1S2s`DbxKGYaJE2c~Lx!rB!Ummc zK)*QDHas2PQFc3GWr?iKeE^!~Uzjdm0{sG}>nHRPc43e2FT`eGihB>Rr*IyO-w$8^ z=ZGMYISscR7UAS|z^^V4N`~w+uYYd0uK04x9C>(3E=l$z`RQ-IGzaC!30+s0u2f8J zt=Q6PzGdvS(cM7&^<>_@$wzxFTSyvpe;t2!b7a$f@$MwQL;U;S;Nv}bN^DFQ1W-qA zShIEq@-)hUY6=t5jTc|@x>cp%?&X3JjT84kTTpd6ERN?Y62}R%%6*Y~UL8d#jh<_N z`_SIbisHR5TpfGIRFv@>(!s`g6{X{qn44dtQC3&|0xi5u1NGV-niWunl>?Sy!RqIc zR-i%d9SpcCMp-DDlg#dC@y@d;8$s+lup@ow*1MgMOvYql+yztz4zI4_Cp%@S8sXbRoASOFr+0P@`Z=u~_}Iy+X2UqjZ_6Zog-S~P z_ZAnQ<`~*E)a*bHeA(NWuJCY>yOp_VBC@fM;EJuu{e*Kk1mFi6P&-_vE;jW}ayvxt zxd_K=HI%2wf|rpN+!P^_o<~J~!A}M3K9qZrIy84KpTH4N=hC914WimQzAqBnWb-6t zE}Fycy%A7m!aAwTW{PB?$7YCsjXi)=Ib^$ zv#HksiHZ2K6RIPc6Gc;E(p<5uz#<;f`l2y)AY-ekwQt`TpVqZIXRrP^J z-=0okG_iO2?%>65tx<=E-ht74X+?BZ*r%K>+|N;n)*c} zAJ>FqN8j#Z_fufsK+qWZVmwD-#nk~e_YJgQhYu9M$fAG9f#2TwAG6y5aDU;r_nlI? zuL-0Sn%?uyE9gKod4U|LGBSbF;seuDR&+AK|2PC??1QwR=g>dU!t9>;?LLu&8g?cF+q-?3 zcO7t}-7BrZXSNG7?I3+~=ixH4bGF5v`7WO|BZMD@mJgh*sr+)38=JPwd3)$G1Y%_oizqCI~*7dbVwaw*S07V~lT=R8M)U zw8mKfY(0*5~8~GVWnic3_T3xNs0@On<0!RCgqw*-2jf1 zXQh-(*p}JK@F*HkKx7`nzL2pgd6Y7}cAjz|gcaBd?!jQ)7z)521wk-EDY|VV!tyy{RX&61| zrss@Z663{G&c$HHx+95LepUH(n3sM>_7qvI&1J;UHXN^8K>KtOj-(&xyU;5xb#&(wtb1x76mX243s}b@*Ui%Sa zU#Z$LmGLy38coG!>jSCPTVZMjEJWV?ap+4^FN}~zZ#H7vG7^FnCPaw70ka%t7`*rvVGwBXSr;Wx_IvZLpJoBxCs*&wK$Z zh06FI5Cahb9J;+smdH$#5Vpqcx2s!8OJLw4AkQqAc&Th-YqAi$?Yw=rY2JBTXedN2O&M7=CgQo^n1 z<#NQ?&26s_wBdbNbgr?v)S!K_xvsE*ZY%^O;Wte;Byz$3xyu6NN{i6A{a&OV$`px{ z!IJF5Tnvnp!S=Q0$M1>Pd9I%ULZ~;Xdo>;R)a;_HK=tTB%FS`YkoSlCog*CU2w^DU zSRPX;z+E`0R6>;(29Ae$uA?M{q_mb+e_Ih(k4QDIx?lkH}~ga&q@`&-0d3gjThN$GtLG-%TySB0zh(a@EidK z!$Amr3}}PI{|O-3%1)%o^3Oa^NP4?QH89!Tu*&vWm3&l$s0F;u#)*Zmu8B@0G!XN+71ni1nUg&sPz98Gu>T=aeg+;g z_43*7eNv0Kc%IC|dA#Imq!cCo+r+r>9|ytSUHG7biek+di10UbAKMs2fJ{|Kt_DTF zv2xAOMl9lN(Jis|me(8OxtySx6;95$uIne&!j!DS$Xj(jMr|PlB`48^@<-zx%+Ms9iEGQY^#KVy}B%~<@GER|PzS4M`;HZ-<}$zL)2&0o<`Ysz8Bv=6jF+@J@U;zDWjv@bf=VeTnmf#rL z5yxpr{(;hJmRaXZ*ECg#o@X0@}&~yUgpDo%Hl@CK7 zxiA;YiitrTCJr;OX`>s|aM%|lr(skl)^xynlt7tsSm?_rtO#oU+hg@0HW%LwmFPhP z`1`{zx=rLYvtFAYX&1FTsa0JTSp8DO^eIx*oD{k4jOdtNwu}wWJ@G+J(WX3WdOlzW zOlXd#VBWWYvAgz|L(BW+eI^U~$&5qi<6iR9 zF!Ky@I+S>X@?;T67V6ptsWS@sT@T=^j3D&yB)Q|^>Eauq>pOvSzu0O0z4m&Uf{^0r zKmYpOb}71nZ*szvu8y-T%r7Z!sf+PKY(~Vkl`gH1a}3hfc6P&D$QqlN2#t+Rvfsg< zpkodONuyr+ytD3{Iu?0@?9WvS#(?8YAPL4n%xep_`1Ht5y_64VxmUN~hKKv4E00Pa?*F1!89i*rJxe`Hm<`o)5QawcqKaZ zCl;z!IzqxB$c<*+KhwM$Mb=tr5AI`x201_YT2|7yMAqfy)`9(;fIdm!XaX8`ELi+j zX6g%?kZJ2^3V-*A;4)@)%r76)>IdzC@O9ZUZ}-Z3#exo` zSE6<~Xtw_{P1(-&-F|+m%w#-Kcvas#6l_JB%oIs9zK*64VN>;wnbDgYo9%YDLrOA) z&o;P#rNqUr2&o$G1dt{03~38)m5tLr$r>+;2w#kLj$N1nmBx2s9cD2AM49&rCOEbY zx^{3R2>&i$wVl_-2a9;B*n{Ze|COr~P2K=+2BB*!u*Rs3I+h#<(ZWxSK*~6THl2w0y=Ome9O6~|-K@^592Qc#skAt> zfroeCHzfpL?M{w3mfPpQ3HzFo&M(J@G=GicQnq3k%9-v=TsJlWDo(XUoHA8Fo3LP+ z&gSs0%I1vD-&k{nOo`Fyo9CJ@@d@n8R5O%%ZQn>D0Rtq2H_E;Xx&5MszGEkH=t0!WjUx`L3E7Fvju z5WzsCuc9IeMQR9$NC_mA@IZ>^v+sM(nctjw=l93=Ju_#{3c}`Bx*>06_~W@(-O!vu;l5S);)NZdkZxOYSPILW@O zPA=$HMQkDMB!mlop2@BmK@AeS)is3%9gMQs@H)GoES8e&gpViWe^Jo=U?s<|v4LLA zLhcN}1pht|Il4fP@_%tU_m?;0FC8+jUYvBCllf@gqKS0N8QMi_(G|3C^Pp3zIxUa< zkf`;r(P73=PPKzinD^of>2V^5C9r|VBj~`>#I1!~Md^SiZ*;c9hG@+mVTnSdEi@%m z^XVrbe|jOlfCd<3LyU|ZRWa*eS3zlApEq}(K*eMmOHMm*(dtUCIOZ1&lcP(okIaOR zxg5WxGwF?Yx>leyKGUulXg^d~QBT`vGCGPXopouksZ?-yJ~G>`Tb7C)E3W*o*j4@@ z`k4RizLcqD(FL%6UlX|q!A1B^46MqZ4-@Nn<8xY?_6p&T7bSamr1)@|285$QKG9Cj zub2Z90;?xfBa$-Y*}>Xn93AA@y$3{=T3MxNhFe2ZLD`JD_G?b)m7|IMvdSlwJ5cm5*NR2=33|>Z3n8(bG~80DIdykC0vTlGsiqwaB+M(X|v?*)G5nJ?6?Ime&{ z$Kv4yZY@^&b+E;D_N~4~nZ|3)dA8LoL!#^}+mYxGZh0?w7!Je_4OxHG;x(ic;*YWq zTzLsv;33*~eUX5=&6PLTzY7%Ak4&8Q=^s}=Q^VmG2?p|Rcq$&6A*%bcIJIElcIPyi z8^UK_y(>emx#)c~M!a5ZatG6iF(9UX8?y4zmS26YX|hi|6f&tpiW+f?lQwe1Zv!*B zr#H(K@ChPCNU!kati$Mql2(EIH6jF z&%5@!mF5i31`bDE_ZaqIo4+rYE_zF!f8TUr!x}ulBGQzq5)g;9N{#{r4H9Sr(n*cq zH;sVklus$m28vb0#=2s!s2c)Vn(UfXe1h~DH_4UNsBlT8 zQhN5-dd2@*xHAh9=Kmtxq5oImjv7heOIz*Y+Pu$rpR2*MRyu&;< z4&OC5re8gfyJr`ZVMF`+0$!mn)XLakJ3LOnJ+DD9^j%DaX}ZX7LWHQB`R z(*o7_u%*l=v*h+)0dREJnIXH&BcF1!Q}0H;di@$3eK7LWGt>3kM{#M{yM%U>t~1_e z=$f^eSssIs{VY*K#lp5R<^2l@milIP>AWnMqKWk9XvF~seRBT(Y^6@Gyn5-zQiZux7V&P$ zdeEkj8c?*a*3FGtIgGowH+0!luy*!_a{kckq+@{Tv-q-@&lXu53`#+Y+WZDcJYf4} zBcvaiR3w+B*(S4&a50P#AUOwthr8{BY=~5?*rFgW@`cvKI^SfcAsT>O>U@3#;z=RQ zNyu$kJnT6bpdvsY+=)^)S1iGU(8@um)mYqodjl(7&0Tx27#hQ1q+PpE(Ow!DNr}E% z78B7>J9nl9`?jRyqe*0wwN^#$LRMo?w!7i>+o9i@9ZRike)lTv&OXVx)U86t_zSp| z3|ud1JdONPmH+Jj+;C!NxB?f%Fs;R7?V;p{e0;Yp)W@r5+WyVOyCUOdmV#Q3Tcm9( zigA`I{XvMjki|#eH!1#<`}eHKQlr89f?aP2=yo`xuKM!zfMIB|uU8M{K>Ul?R&#ZA z8^^mLquE&+-s>aTJs;iB)J3f!SL-oFMU+zf^@f>}(%|y);I{-h-Pspv+R;?yjD;aS zX?%kAnIy`GJjDSLAO?9*O#JAhB;1xPvEZ#jP7|@Jt)cN>GkZ~)YYieDa&U1)* zYeG4Roq26PD+;T47jxb1iDBwJ+oyGDK}wVwbaZCwz%5Q=B~9SQF9HMAEUiL}S8{(c zB7c6!BhMF5&;a$^O}NCfv+D3bwVa!TCs>{oO1mGe?l(VIgf>-AFiKBr0i{lDt_Mkv zLy!GD0MEBm>CqhEhkRZ=7u|CK{^CK2P^n@lA<&TUGASY>CurmK>C9n%)S*>jU)7(^ z$E*!+=Un@mUgRH=`i_ z*9egDwO0sH6N;)cK3c+UEq`&_>za-TEWTC%JThci@O9YxRR+^^%=ltIb~VRBVZbr* zUHRkIi4!t*1z=v%BDCM-v&pZ~njaQDiQWdmy+!96cPiEtvfJFd=jrc`-S`!CIOtG0J!YNLqd>CAOhp zmb-yBlC&Jir)}FvyO{DqOpE1SkY-aA+f_^&49h2T%oJ`;w`Frvl+O1ascTGZ4Z9Hn zta2JgK1s=K+nj}48ZgEgsUu_eruQcVi$ZQ_>YlfE!nmlF>x_nu(%J7ea?jey{VB@0 z{oL26V9UzAn%5bx@1)I9Q|50oFAU0U`fu&f{u^SYO=u!X%=;Oj7h2^2yinq#v^BbY zRrLSXz4QsJ1_Y_u0gMl5O5M&%gek2mKFA`gIZgPtmcxIr${&Peig6zbj4AQ8V0Pv@ ztnOeQo;*RQJWl-Qc>lXkrCHr#hb0MRV?Ib}?$1XSl$tMD#_JKZ0+3wX0b(hYmub(R zpIx6Q2nzDVL`hE8OEZC8o4_sE1TgMmb+DaYri0>8&9ygN$bt0(;ex-B33=~tP&`nQ z!X?L%F`3c2ttD77Wz=B^<3 zRx!JAompp5cBVbCAf9f59ORHN*^(aenlI+w`U3GhsTnABKAGPljTemV7W$-6@QE#B z`U2$qI*+v%BDv8M#MT2L3gI%|xW{%;LU~cN@bL1e7j^N$LgjlC;@;lX9d2)#LR@RkOjc|5NR#gvY9^Vts5E-P z50+p+J-YJCnWBXJVm|-aLN96zl;mXEx=e?D8t=G~cd+J3(?_=q6Y1E8wI|*0x=Uqg zu$N&O#TX#|M}F?Q*k5sc)f;wQ3aBW5tiCIIRUS_>lG&>9>uw{czffSRP4e|82Ht@AGxGY>RfcLF47=G) zfBM6ohu*zdElldgg4u7cZlZZr3fgDd-y)`-=kpw**H9XSMn7|ltCtU-&i_)NDd|Z{ zAD7J`p2-rpf=h~n)(BrPX|<;3X9R24*sN-1@FY$_F`1;qzJBC^lzCU^VMf|({G{yX z<0&POTgwvO_YM1s&*fhrk5TuJJt@yR`$eD2s_lh|qTd0{YQ*UqL!J62Fp7S1@VQ5A zVf{2WJ96$D74}q8MnHVulu->T1?Ims0eoWivCunm3513xL1h#O5jiDGZjxlyf)Q&a z)=xIe_Ek6s#t7sZz)KJmLB^7Z?ss4e-!GmiQrCE`+AV!!nry)ySO zW9I~E?{KOu^(=y@UKJI2sb<3-yeWtHMujVILwru-`2*{tG_OwtH=!9%T1L1fC5OWK zSNH^k@WLC|9*J3@H@Y2x36zymNMN3d@dbec9R@{N3D@)1t zinl+R)>pfpr5{DFY#6)~QCo8mx~{iRH~5U<_2sd>)&Xff%bL}Z0o3sNM)59L2hgH* zN>ms!In5WO=3l>Wx`T=vX!=Q-7lKfRoH`Z~)+dDHc1Z3Mcwa3R~yiuXvVuW}JPOn8qN|MGp)`c?A35cVyk2xKjN zQej{cP1-?|62Qq&Jbr*I1}&={!JJM*++>Y^VL_T3vR>E^EM7HHF~Cl{6XabrtyymB zC#u-k&4H-B#BFG{SK!cx(%m|*8idd=tK@71X zK;RXbmkuOZYk1%ink)!A*qV*>t&_SWids>x(adD3E|tcoE*#0$&9_$ddUuZ!+v@xz zHTGzFRvE=XW`;Os-ms_iahp?CtLeU*(!(~GMNir(9`Z9;WC*njIWjqffF#>N7KTlG zvIK}Xi$iV`*y(ooR*Nsoc;D7Ys|UD{VraEAfPb_L`x|+W5&Y4HV(g04d#|m5&C+!1 zsW(|atrGisd>T#h?i0MA!1TXg7*gLNZj+%y!gkZ{CQ>9YObHnMZ1>MO}U! ztfNV6fKkTG63!sT=Pgd|_q}o>PDF-$l^rf79=dAmB`{b$o7z zNMEi3WqmKGSD7;#0TD*@D^e-Ay|Bna3iaw zClHhWcH+A104P1oO1>qKM0R}+Oe}1wZaBh8a{|67o8lygs7%6K!_hBJ?SSNPy7|D)}nqyh$3sp6+qU!&fd%~0Y9~Nc?Y(&1U2fOMN0)80OxNR6b?wQ>z=Lsvb6AVj5PB3%V5jnw&fa z0-%gaEZD^t34qBdquEsUfrOnTegMX%?k-|ojWhxv-9j?h(wjk6FR&FSE4m^fUF|n~ zIcN52CR?H@cKjB3IKNdrt8}DOHBO=}jA8dVOHv!fgt*ke)yun~~mbU~IOojFw{Q8$CqJraLrdJvgb(w^S^$Cl1Ujax|RnE$;x&O_R5tOSGtD3yhKLMcK_XCCmn8iy$i zOUu25DNjIh0{ORQducpM;YZfdg3fQ`DGh`k@sCFtzj zM*}KuBDZS|wzzPN`AekI@uye*d6RcK8*9YzFzU-*y*g)Sl#Qm8p+}9s^sFa>y{Z{Y z8qdhyMJ)^PVDZU0JD%nT2M<_e~6B38(-YE)XH4mA87StlQineV%{& zsFM{#wSf^wFqpu&3U5FAjUAz1!i6qe6D!8^jRtbobW4$iRyUVqGludKdWM%p)kGlxmf(oq7fd&RQ{|vWc=Z5S(vJ_O*W^$$aPP#cJMDSPk zODD=@r-zM&RR7zY(G_&Q-c7+uAh0})hkV&z^6%bL4TjB>6@ZA(+XtN$ zU_@n5^dvVv&!mA_EucIK$w8>Jmdv?D60@SIKIbr6MZ7LGO}tU#$qnJ7HHV*U!<`NE zkDf4B*L!|w`m)2L@HBd6-QsA%{`bb#I_E3=bOTZy2W(fppKb$XF8bjTrIc}#wiFe@ z5vWn@DzOy6+sHr8>J~zb77uz#l16Wc-DO)d%nH3BN>Rbby@sAUMSpX8?bH$LwCRt( z9(maAobX)dO_oE7AZIlLH$@_He12g-Q35kj z6=X3D!b@FhlL-eXts~N{<#caVc~v{L)~G`R~uwqoaerq9_{-WM2sM~fVX=|YBrT^ zleh>Ko8gHtdUz{tGr>`iN%egJWwk{9BRn|rExWP+?MuR-K?8^(g^rY<4vu3@b_B{{ zw|hkqPV+u5*LNmXai61H;lH=nkXl#X<+*ZpIhjUvAYd^cN} zRQcq^)81HD*8|{VXT|oPADr8EwEoG%r9>Gl1E2>$Z(A@3ffe{*5uj7c$Gpk^w|>K4 zdq6;5mLWn|>q;*KaS|19bVf~bRq&`cW4onQ#Dkc;<3h^gTGS2*b%|ajEDSg8e9W{e z^$gh1$_iSuRCzF{-D|Ahg}IV95%8P4mecX7jsq>3+fo0Pmg@sFWc z+-_*@au4$Y@35|a;>EPf;>+~~__#~J?%iq6cKUV|^wF&M$)~OdE*0@JbWL5;rrG_8 zfyk(D9M2FVeD1e%nlv7T0QLZc@&8?zh&;&@FymjqB5y5sWH#719aZ%)mb}h-AkofmD%Xx z*TuB~Ktlu*IKe-gb&_F*2){)+A_w>lBU6CIywK_o4JeR}@d&FPGZx(0D55=l5 zTIe3I=Fve8&7Tc>>yIh5)0DOsTqsU_s}XZ+ly_neh3|c!j8Nt!a-GVkSP8EyFV4N{ zs;{V*_tqt`^!;R48KI}KzihxYI`mug4??jh9?};ZNKASy;RF(Nzd&*l!WIRZ+NYI3 z4DUEcvOT>ww5#nU8+*%6uhW6ajmFR5_ITd@b>6)5*I;)}kz;MTZu>{<>3l|Y-vZjP zLf0yTR44eSnHesE=q+Ch;1c?45&|VYU1*Jp*+vKub<(kn7q=>xc;qpvNe3K z$6VPGsBFI_D9$oJS=76H?$C~@*YR??zd08aXqy1rAQ%~ z@5qVfR|)(RSmX6vP;K}V)U^C&V}MT)On8U2tk=$!G7&EbmxXb$jx$x%i>2Iv z`M$e9+Ny1P%@A&>d;EtD=kYVImE)`fI?H-WbXs{5h)Af`!-paKDR67e7eFpWFRBY3cQlA^>eXw3&EB;RL()1TbxQG3EplivB69OHvPRaiLyND~-E_Zis_pba-ufceoz41CiSvv=&w#)-04~X-4Lix+hPU9P zw&rf`)1;qZ5*LI{RvPfbU_nRLYnD7^+Xn>OMEj)$2&`g~<#w>E-^b@P=P5(RMG{r$ z;RJ2xtmPS~gS;i=S(DahV26$>4Cr?SeAHg(df>sNynO@a{^maFvQK}F4tsjfqI}cD z8r`_jC#8>z&hKs2HGNX(Rm3qZ_+96^68>hZjd1TLf8+L zfLZ8{5987gas8#ahL$?Ax1R`su7}^DQEt=2jwl3QHwwjD?wRKDM9zzXIR+N_?X_&j zQ$dtWVY>hOCXAv2o(3SrFxk)2V%a_j+0k_7(=+pPV$YM`n)dY>p)L30U%O^@Pb_=j z^&PA@md8lG@|Z$qQ-Yn3nbdO7zgjh{>9%1+c7DIUjnmyk_7kclo)$dj0niHlQ|uN_ zSMDvrhlZDqsr{Alm9A2;K@sj5R3+FfbL|{p%>&sV8Ygvt?ZY%t{;mCsDEhvM^7Gvb zvdfFICXi)v?jfo{>4(3hAWb9#pu4uTjJ0|Rzr-|$i~H4NEjmC;_)lKHzI1pGaQo5& zuj*m%wn+|xgiC7*oYmg{N|8Wwq`%3v*r)?6;qRmgvMl4u(n%T*Xpt19TBVX^;yUB9prQ*Qa{5V67C%TV$ErV?J-K$ZzJw+ zx_#ne7vkyGsbZRCYWJL5jOnKkJI)2)4!cEL%vHKa zSZlGyKg$5GJU)pVV(`NGRpKomdNl!^8XmdL-Q^)4=NUnz5y6FBca=9751B}R9#YO7 zqP&qExt?L38xHV)w@4S>Qo)0bGuTz^neL*%)2dGE?tTY&!ZT$~V<%$B)>hfBsY@7? z0psfGDZNj$xK@`~c6#lcsvn+Zv?2-f2SL@=#~^(T0#^ans7OtkOj>sWQkWn_cT;4ynz?G}(|13tzc4a`GKtd3Us0O&k9 z52d7+92GHSduw#c#4W?XQd@<+R9$WI;f9Vw>*Z`>hic+zQ9!fP*Cxi4V+}DH*{ukA zlQ@8_>ac7KRt?Oe1>|N{EnC*iVj$ycyA`xMfa704oe&kj0#CHmNV|~9X%`)|pd?uy z!)x>8t_L<9$I}&mfXA4-@mNae$g8^fb3O+Kf)+2ofVp@8_cOZtyR80S_)S+h)xW!~ zc}_i|6cY7|bNY;eIYswrHqVc_&93&`sm@s{JaJAw1UgZ zxk&Us*-i|D$*7_r^qt(y*Ba3|*VX>NHUImM-o4)?^j4^wm1AYnW_|sgC##>wx^8)} z{pW`df8FgdICQ=3=W05m=8sdq#P)BePV5}1**@X?>wBWG0~z^)MxE=*@lRXTq^Ioq zZrEa-kk!4^$vn062Qs$&KaO8VC0$XE5+=^>@xT8D?$Hxg|t;S zL%lM+e7*dmF&D4xb8)`m;{2Ol$-nMcJLNY0KfSTe1!J)hIAiJ*Q#FjSy$6X6Rt_Hi zptjQ}_<~;Ty<@u$9Cp7ltE13)Zi`BfhRUaQ+!ot9o!^p=CK$_Rt@b-#n$G`2=SPoC z-SzC+*Inhdb01E(%!-;5uaAxl4tIy%YKt{M-#v~sc&*}c^G1k9iN&v!@XYFhU;Nx*PnO~ zk20|LHR`NUQ3fC6esy@oF&ci$udG}V>z9{n?;RW&@i=ELN;R~3i#4jM{qu~*pTd*B zylwu{6VCm;I;xOgm!n$p-|&t98BeL>gZA(#&@3E^&ACA`cto{GVq}J`Il9{m|H{Ky z<(Xj6K3XSg|4a`{O4leonn)jrZZ719tUs0kG z2l5qrmK>hF+(O=AsU|^kWIG@n5`CNbsg_E*!ln#Zo|W9}WttssFFZJqP>b1b?o{|q zlseWr{mpU@d!-9BYKso`e3doxi$kp9565kjr_Y!sucBW&J&0Bc!+o@yyG0NgI<-%_ z9z0ol%rJdB{eWB-H|;nO@_z-?WPc$HyF)_FSMX`Ffl?(3ry{Jh;6KZ+fLgD zwRE-(1yLvP{6aBIqHVdePOy-h{}y;JSC>cNc=9-fIh8*n?hVhn!MD_{F|U0*A(x*% zY45yPp?rreo39-GzNtNQYPinb{xGLj)7T7sdLc))g2hC-uakF>nyI8ZtM+aMfMdNTyeu#~C5CyHN82a)6~YwGGVDsov12C%h{O=7{Djqm6--L4Optol) zSw#4$qAx|5ap|0BcSs7}xD}EY?;-Xe1Yn;ZI`)Rk7>Fkv;h`R6svm~96WC)8LPq-+ zNVlL%DAzi%_^6h@>mx$ddIG*vK4;L#0@b#B;YG4__L7b^Q+&Jt30Dm=EIyj4^8DpH z`=XiR0>yxJufx(|%Tf&P{bUR0h1)*IGqLFg4#m^|)Tj5+8@`Rjc~=C$wjlfvkm2H+ zlwDw7H?-8S6>jEzBnubEcg69dFSM$|5qpddR9YVK0xCbCC|SEI{F-|=ST&iTYMDlx z%hsZnCfhoA+R95kZ5sOxgF-xWX47X~yUNVH&ic>Knt%>D3!^PTa9#!*?H-s$&yDRf zy}p6jVHi-B&PFf8Bj4S1L@D1H!hIcl-omQ`CcDPtvJYJ;M2%@PNN(&wqA&6a0PCZJM9N-bU7q zOUa{Xw^Q1&D~m6#FM#e}d_>%b3qv@;z1AEoQH@XY-B1EY>|Kc(pbkRJZN+YQHFxk0 z63UV#wv(7~m{ybB+d5&7S(t7pb0)LFdF+sISFwnzqCj~-V_TeRtM)K1g6dx(u&OFy z9Z{iqil_FOe{e``o3X)O_PEwJHWQV%)Ni3^rGPXD%@^<+s+a{-pMKm}^(@H(MJKl` z-e(-9->PxvB_%BoxNzcx>)Q8=E2O3=lQYvh7f(pYZlDZ}BnVR3+YHl9$(5 zjPJa}>ZOICl;_fX@Xshc!|qYJ#^weuW;5%;6iN>);(l;b^4UkEBQvzp5B<%1pG}x) zFUyMo6Gn^kuzfF0^v4=mqGdh;_EiY?8y2A+ZB%9HK`0UooswMH& zlZ)_KZ$O|E*JLQc)MWUw4UY~-=-ibQolwnJY0gRGVHvj3^DK;#ddD#dS}FzD_~*@V}N zzBe}!*N)oXt{uC|-399Aoj4!UCXolAhgV$l7B6vbd;T-;D1y~Q{61o(%qeWj^G~M?X&hSH|+uY z*jGDM)QjYdi+-B*aby{#GWFhCUF7E{%#^M(#3<6cLG`^Li_4eBec!ZtL9(f`46&pI zvc5Lb%)2-X+`1ZVLwo_KX*s7^_09d_}w}O&PSgWnU zDZZOEuMyZvwMXl>5`PwMYwK2?=@}i?qHg=c2&OvxEi$yRjTFH7?Gw|tAB2T{z59CA?emFMy_+ZQwzLnONIw?zy z?luFQlf|TF#5ANGJ`U{Hrzb1P!aoC?40DAHC!uRr2~DC&_E*G3luAq=UaS(d$@U&h z<>$2a8{DAf?ip)04=}!#Etqic&>jjt!wFfW8fC8$io({ZeWR%P;R{t$XNdMLde22{ zEEU||Enqw_%ttvb!(|Guq(#78_&tk(>j2a_rJWi$?IfrjVst1RvlhJ1E=Qq>KR|N= zGnc-!P6ghPd#dkxn4bCgsCHzf$6$qZM9DW(^_O)$S3=!`OqXq(XL&Od;}!g$M(G)* z@%NS^+UYpgCtlSRGdHy#6pIO=t1s>p2~wdmg_u)**LX%^Vv2`XaD0BvIcs`R05x z<+G3XxfzEq8`SL|M`{XeRHAINv%Od%QU6@s{PJ9I^ljz~Vt{M8Stov}7nd{DxPhyZ zB8XgIynxt6YPLppF>0BKK1x9SY?bbayXnge{M z{^V;V)dYgk{*g<*he7fmn+*_yYl5#u77=IeoND7e4 z2s(+AAD?QsK`&H}@sWkFZIy)}^S;6$H_K04$F*e>vVMQ-au!kN+l}!sXAF}EqsW$+ zd*3%j_V*?P;&jQHiysUzxVL;&lXnBGwIHHBso99B3fAktt$Ix)zd|dLx)lEj1;ei` z!&jjDMc$3Cz>*0vygnOx!%1jT>%M=$0Qp*zR*IXyYu3+^A)zWSxrYOARe#m7Du zZSvM-`AoaJ=S6l8_nFPxat~|1w2;)SLK@FW0T(w9xd`F*Kpyd;P&RVU4s7d8@?4YJ{m$qOlae=iN$sUSer;@!6CPZ7y~MMub)$t9EptTwBWr; zzrgbqqCB3f{r#=C__<%iS!?P+yEEr1-J(eGd1KoYRs(D^8>n*0Hm8&Gvm3C+XDRQ& z>iDBTRQ+n#r@w#vkNdtNb^^@fi{ko)HNF{eF=G8e-uQ&tiTU*I`z9_r()nM+=}a(u z&9tc&(D+{zr^&MI01nv#lcpfXUy!S&XndHktCLh~pFFuo=-El!p4R$rBU3-Y@;O1s zhE*)KR-5xRmE!|BOwe{yCA6}S1Hl(2uK%6(?vG2@P3{-R@(?Fzv9$Tpj}Hf;mHg zjKdMtA+fvAusl3EiiT%(G(Z9$N?>TWDxU0;8Exyzyne0IKY)hK|MtmRv-n{VI?Nth z-kx`~Qj4kW>eZdCYf!N7eQkmV{KM*<)yeaj>Pb8s^YTo)#wqQ0tJvA^n>2fltviB{ z>>TL}oj61m*)}PWX5A+mR+m{16+r=8Iuf{NYLWyOmi?!IP1!@)4j|u>$)Uu7lADl{ zaJU_&Owi`Rc1V<<7$MHSm$(<>qx6YsW%3w+B`|ryVYFWqQ1)$smanE=Oal>ZmBokJ zgBEl#cNksWUU~ti&_|sPLMS=yIKNM~#Ky67zp=4a1@CP1vrA(_Z!G59z29DbYIn;u zeS+4pK{ppJP_|1;-g>a3%>qdwtd{_cKP6HChhG%*hF}Mojk8qn-4kC_7#qYiq35J( zJeGL_U`)Hv8%4Es9vO^SgOFU+7MY@8Wv&0z2zns0BaP>Y+U;Z{O<@V#Y7a@E_$E}uC-FR4^HYK&<}RZ95l=ki%-N9Hk=) z7a^_gCt%AY?U40G?z#_V?zcYXDGHH8QetXP!Zv?%jr3;lF&1Mio;Si4pm!M)e2{KL z4w1IHYnb}Ca`^-G4VmxOI}(nsh_mwM-AC8)C0~OQ@r9#0XWnu@2MkXou37M>aCsC; zY^GOPQ7qaeHQlALvTWo-lx(4g^^Yuco_Lm^E6qWSPb1?|YL+HYM<)*iP~0D79CGd9 z?gR;{WN?-t@-R2;Zb3fwImA)N*zIj~?$Z|gFe=d51PuDd?-QQ2;m$F)o?0OMP3y0s zIf?00m&wOn=(Q7LB2TSulcDpOXx)!qFOxm8f;N2i+F}}q5M>~PgURG{#j3I)?n{_N zxu6AUT+=-VfH+Cy;^{QNE z4f5p65n&mjZ<5{W_9DKep?5^NN;wtVK3euPTFoNxuk3vSD8nW{=ZShbT36rD+OQP% zfGofuBsp1a5L~_CvCVK>wd?INdmf1#7Z`$n|;Gfh(vW2 z#&etFs1D10?3G4%Tfa!vsS`_u(2}#I-QgtOuY!&Jk+s5Ko*b29r$=axoeuw(S9$iv^l|gysigYJA?tEonsbGuFRyb201p34*x4-uP%ux6PqA6Dyy8fF_qxgr zivR%SXU9DvHCyJ$6pC=4=f)$Xbu6ATjIQ&E-Uqz~w^8TeL%O4##JrM?$g@=2DmdrM zbNOUb_lM=j8Tx`e%9wNb1Y)RZjMBF_A5@RH&(LFaF5;r!g9C9euY=5(64epbM8nHw z1j~i~&$1ZSI7mtaE~Hpgwd#Dk_>9DnAx*o3z#<0`qFO3*dKMWAjNH_t7Wajru#~| zZqf89Iv+otO0M^)37m7e9eJk0ONU*A@a2E&^JD}J7U_7~oMfHEmKO>6R^#5tmJL|^@$ApwNBcBCzPKlYiGF9HVj>)Afwg-H^y~!OI@Uj&R9l#X|=W7#l>!vYdOHBi^)kSKzuR$>0hOjnfqso11VQK5kOs&gA+{1L6J@}8${QnIq z`2TfS^8fGGvRMML#>;%IG zrXL&WGR=ftJiCF%`L$@Lhu7AH~sd~RRad8uYOBMs?|97#z)2traM zO5}5pW*L5f=hxYeP$&FWFOat7?T3uZ2qyi^v*G>|&-hB>(*qrO`i*(;twZ1xd^9Jm zkKmD%pj7ev>2PYHJ9oq))k|*zfS?OoUbh$O}1QazsdT$YVFf^+T7O##F z20fiXJU-YTlb&o?OWxrbz?o5He{Knxq~ga9!Km zODJC#qeH7%&iAIADS81t{}_!rpzHSng1l7mj6anAiEhdy5(v ziI-zn7yhoo)3@J9n2^tV@1uqHGB8c=J(NR{w>w=i&K*qmUhyVcX{jpiwAU*#ePW~Q zoH5Q0ce3SQwi#-Q6LH0I;4lODxVdog7aVhGY&@=go8+spOUM$LW&LeH$W4N@Wy z`j~m!k6|nvnEE$Bs@g)_*JFJ6a!W+*aPGZ<)`va^z1AB1nkZXiivZjJ?N4e|icis) z+TU8COWCK7{SdCj9vh&q);(U+`Rx}dBDmQGw5Jc^qoOoY?f6kXLnv1g3?cAPgq*%_ z67Fs)2R`ufUq~$=5{ju3?<2Jc#cmP}*lq9`dJD=(M2d|eT4cU^8h_r+n#=tFDL(X4gYM-tymY=++~ssZtP8c|F3k)(WU;D$i4 zoiwx^bR$c{`(I168F*2fGT#2Ae9MrZM3nVuc;rGf#p9oy{o#8|_1lEi^)&kocZYW` zTvfitn3b2)COlmzmm@OJ9d-Vu!K~x6?!#6B)P+RpeM=<*xYq}OOKwJE|HXYF9o3e_ z?f5loaMC`BYfbqPzt}DcR|01y@uYB9Y5pASN22-QjH+oWK60+LNwY5P(n;HiC_6iI zCB+01!~fvz8lHaD;hX;EuA7H=6di_o#AUO0y2g&V{3vP|!> z*gJN3fazZW4Ya`&B$py47nR*59)i4>T~8+s%)A&-&EM$$>?bLIqsLTP0?#r0mC7{B zwBipX=ruNVBzVKP=#NY-V@kr^@=GNprH0NtZT#@lZ=>st{Gj=6%k;ZFt?!b4Su1im zdwO!wGK8wXY>@Fhg#FLPvP{86TCmD`$f_mt;o{8_yV$kX2J#bwAm&{jOJUAN#K_*( z&U(l&A*w+cJSX3&tQ5~aiGiulY~sCHgPV}or{Y1syIN=4HBFtXe(AFs#fCmweblJb zLrNOfE#tXXs(YM`dTW^$o9aWw$u_Ts%XWbnJl*#jLKK3MW3BFiUU)?y#KS;6eo8VP z`jxv-E^BICdbX-6Q3DH82M3bsg>lwuX_JZTS+aPQB#r@9Bj_AI)`Bx>L0gtvLNaF2 z*Cf=ZJh<2t{+aZBlQZIt+$x9-|H%g4mO%1B(Np*PFR&q;)Eq|KEdder10t!}%ktj< z+s^zj&ogBY;gqoRiEIzyT2Ck%OG#^0VJS7K1~hDoleh^eZIMZ?d}&(51b=h$!#0nQ zw3A@;^M39}ozKLi?3|6K9B&8_p3&uL@XvJoj-hD`-_7=p@T!oon`XaSDz*9^i%($s z>DXC5@3FQ~SZQ!u2^uyd4q!-v5Q;>}v1@#!$+AZg?CKLy0j0rcfjTO#AvSFS$zR7V zW!o1`#@h|FMp>McXCH0qpEtKI?>_uzRM%lu$NC+`Z{JiWxgqqwTw@8(rnxQ@2vOB& z%xllwZsXQ_!G_`bB*n~+(&tTT5u+O+2pGUNhFODiAhG2mL9i_cO@hy+P)dGx5#H)j zzvT&x5Q@38aFk7O7fw!&ipt^fMks|3#HFqX3MeyC*Ase+8iN%+^nH95T#k3`Sg=-e zeKxu9L9gY>!Mwe@mICEQeeJVdgN9GDZ5wmz&MdtPE`MB_kXq}M!-~v+hcqgM^Fv3L z79q{1xB_6gv+JC+)ZApkLf?LXX)ysygb5rJ6n#KbdEmHc-5-MWY=iB+V{E7I%vqSs z>=)bj-U-sKX{@PFu#GB57d;3VGx0M?!uo||V~uy7vJ2njVrzAb(sfuj7vlC88 zXU@F_;#KIF44gjVJp_C3;I9)uu~doMB#1uxH_|QAP+g~uFsrpUV_~5-+P@VPYDY8T zE6n99krC7FpvLckOdB!i+CUrf@23dDSjB;Br-o=xLhXz~eyiHu;TU7B$uD6X2)B2r zNtN+0QR}|iMW=rx`0co%XaC$&WQ^4j1sY0d;!lw%qAPhQK=vnVJe5V)dM#D~bFc9v zk#i8<9BnoE1tCv7N^tHYSPSNCgg*=D{LV+liix`U__Q`{C(Hdp{K4=?E2B23J(!XW zjZf`=qlb$4eeFd>&zC7#N%`epiEn$I*C)3W_DQGgXFP;`biYczdgiY37g&Rr)$D%dV*Glrl%SUF^l=kbs3%1h z_qwW;mk$|xTuVk)d?J+Dhj}H4Qkg}%XLN@nOu$tAtC3`BXq+tjt!U&9)J z``6*Af(AQW2;K7kpzTeg+04WL;m*?PuBB)xnJ%g*x>#z>v}!MECn}lND50UK3L=?S z(ORe0sV$@SHEjvCCAAN#N|1^r5=AW`DdMgy^L*#`oafd5-Sc~%<4um^IJet(xvtOk zSwIyMbDa!NqAf8S%+o_ds|N)pOWUx6f%R2U6N>c;T8Yh1pci2=tge?078OYBb(%Fn zPUA^ld(bR>lz(OE-t8+TcAH8C!y8QMX)OvHTO@QaJ1w^-7JX{%q0LK=MQi{)Nas7wL`XZs+$LhQdlRk6kHbTB(Mgi zMDaE}*Erx~LfK2l>99TFuU8nlxrByJ53&uhE;@@BcwymPW45)6ze7%i_3gUkRn7^- zQdx1jr{1T8`a;Cve9MjNuFWlOb+!Sr1xxoo*iQuTtwcnior|sFdh+i<-~`-HXT5?F z-FOHnKrBU7zz)cZTeE_f!H{Co1kO`QAaC%CX&i|OyDI*9qv}b|>%V8T)F5gi1lDgC z^V8aj6lME|t-@B-oY9}+mCt|c;V`~sk)nT}6xv77wY{!%uf47nne-qTe{G<0dBtoDQA#YD zf{1)@|2^@;cM)GB8|P3*@qk^oo4|5j0o=JZ6*FG)qVNJC5w9=)Ow%@OY2j#20z69! z7cr;c1z&A+qdR_Q+?I8d{@$XgoTHsA9SK!JnKFnngTz3S)id`vgeR9M1EKq`B94cv zn4e6sQjMZzj!d#Ms6R>bLE-nrRoqT|1M8MNin}NJ%j9Q5$6F|qJ+#+f{3B1|Ih^Gy z^x>6F3RP;Mc);@m21O3klFXZG@^XCud zr}yXk=W!h!ZPM~EXLIa$Nyrg@dc&)dr=6d2^VM)~(cP4Y{-t_Geew9x!=|01w|lRB z4-=Sya{wUwvpEEEc8~pW@h4cl#45NG_ic9%!3Z6oV%QgyNMHrya3El~QFxjn`$;JC z_rJTk;@eTjg!-&p$=6t*htdVjmeip95C`Qg0G?$!2NGMFc9y)~INy|KQu7vPuseK!j8{W^2y}P$Cof*6Nmn8fgfvuK%Xar-4LF+MaI<_06s` ze&Q2Exdhe^P}3|7vLvvictJuAKVlZYW6u*xaCMSYDcJ6O;l)j|2&psZvpK#l9f%GbIjND z=;7nG6l?R4X}O-dWYqJILQoq&kteikn81aOAV-gwNO-#q#%WSwWo&|=8?VdL5^4@H zRIZ5`^eq)BBonv}V}02($)H#Y{R2NxyyPnDuo=g=)P42d@%{(NS6%0y%DigJSNXl! ztG#jKzSH|V{&r6J>iu@#a9c9WS2;FcQnqJ>q3nYcz0wQC{Zzs-?MV6 zrOgh$7`z#%Rt5UBhI5i~CjE&{5oQxNU$6 zX4@6-`wBk*=h~)zCh^s{i=ctVe_-x`vk=&*x!A1qGMoeL-(9S`LU&%a@GL)4G5*=+ zpeBqg{FTQ{Al0MZeuf&mE=Ck6HI4WX1*RX~MU>XRO=ASyt)f53MC7gIPr)vn38-gw z9xJE_icTnrExcyy7_U~Ima~vY3Mk=OO|qjrLnJ38#QO>bQuy{rW-`u9pdyq3-H}r@ z?#9SwzFdzUk^4rh0WAu=Z+==^Td!{ksuNoA7Lzall6*Uj^0HY(Kk&G1zp(l)%Wp*c zIz^45Z01_=@zrE%%if6=)NE4F+o|&`zdKX;$3yhbmaN;k*#spx3iko(F#xNnt5$+Y zf8_pgg8#p}9!G|E+xoKRvuaAgU1WbkXvtNoDP78$;%6h`a)T>`+Pv(TAaefIX^-wO zU+-G`3Isa*GV?b2&xyebf31hNy6;|`>QA=Vt*)=>Zlz1|MfbQyZjyIapEStFo$4Mh zEuDKv)P6M*t#!hDWt_j%q}QVbsYtGR1MNm2WG^@^^n~=lcJy7{;2IG2+!ks=(IAsX zl3fex(!H%r$yS9L9Gn{iR)+_Rc=GGa)p6=uqcdy`Z}29yq?Y>#{GrC>fT)T|#>{(D z8Dzc(J=VshVsJ>)-EhOo8o82~&|>v9JL|EL&i;%-^9OAPxYid7IgM(;hzeE1bK^DN zmvLSI=mp#NKWOdi5Pah|s(+9;dW_01FcgEse_jnPtnL-)fh)*_@T~+TcE{)21N-eC zs3PJ+$q6@4$b|)$0p|F}Ap%P)mZ8@%q~I|ymn!KA!QMxjzbu3dt(pjOLp95h`Skev z+Fr`_gHg_-T1IAjipm%(D8^uQSL0S6r&6uE^>?9GL`b)?%(_>Lheul=DT=@BVRROuZ}OQFh7FxPz&0*%BiTGq|Fkmx2(njz4|HuVb;yXtC9_$x72iyd^wM1|68sd*L zheee}-rSV!PW(wIo2MTp3iaaApFQl;1}CiW8kZh-IDXH|5-8UuYu~+~B|>IJ5y!|cf^q@wM+R^r+$A`@Fs8@%@^8dc8*je)EER;&W>c%PUVbPA^N@( z1BFIVy8uYD+Yb|F%K;)n^+{F0j~Fm}Q)7{8Jd2LMaOhb9@fgUG;YuW#C<#5sY92;x zwHbDZHCjfMxv(zdJsv@|9Ief4PoUIHyc)E1$hQ-b#CN-Def&QDa9EL*Q=ap8p8=Wk z{rmZWx(kUkeCqGRt-h$A5|UM2!hV_3FM7nD(+ikjX4y2aHd>Ss+6R@Cp;RrQjNxp2 z=g?lEHIMiN{MmBA>UVd2NVCMVt!YF1`Zk_i4?M}haCu}Y@?J$*dzg_WSDR|&IAwu3 zdG6uz9M89G24~uOFtPvvc&L1M{5oA}X%=F+B#6eME4W*J%kAo&)z> z3630BYc31aN`QP6-en78Npur;;jG4tc1LiBdJtixq-vuR?C2|9a(MZ7)D~z1@F>h` zuKmWB3=1yu|MR`dWve?66Yk)xoAT8%DxKUd+doPrq-CJg)4=i7=^0s6n&s)5j|fvz z?z6KRo`=t_KcyVuX;e4RDN=76Xkl$Kt!CwZI|amwWkw2xAtNp-Swfh+L07G0 z|MpcNm)Lc7ZvCn%DdbY@_cCREKJBf4pZY{Y&51b8s>;{(3bx;R0^!F>3=#V_r;&rY z)46ZMAu1atQ~>4kZZAlIJK!iP!NbHO4dScNI;-s%G~~&Z=m>g-lGVU#*&1g)qmJIk zNzd7<*yi@&FVW^w+-tO3R9CgaCaZ$ISruf=^+o&omKptm!^LB&j`O8VwTwB5Lz@dJ zt#6{Y8awt3kjMTCbBXy_NWge`@8@9YO9z*+nRu~8zGvRh~aLa&Y$ z&4%|fW04o3A6}WVlVSWnpgC?3TcYz2oQ>+dwx>|HLhjiXN(S;arG>#y3gPk**-oR? zl9RygDpzpm`cA(W%7PwN<2~5>sk5h8Ikv(sxO{bqmUoY(p%I|x*T17uXJ2F$c~yRF z-Y&TNda{C>K}X!YD^z1KO<$pbIFE+8c@2F6+& zy-mYaq75hA`mQn@(yT?=2wk;z_mR8RKGk4LGx9t~b~OF0dBK=T&*d#kQ7gm)tL8{9 zCYfNiTq;O`eDftzo`%sI}-l1(9jF>ke0YMwptrL z+9mSVsBnp@voe3wTtCW+iqNKcrN0q^T#|MzV4@Bq0}OtVkL5LTcF)2m;}MW+!9l2n zZU6L7tarCTcGuwDXbX4l`eQK+Vi@0EiPTHDBOe|6nYUF?;G#V+S!F@1)f_h@>Z%7X z-Q{Im%=ET%4>R#ooj$LwqG~=K;I_uZm*vN{k9Rv|TGAiP=f>uykC|U?qlvd?@#$cH z1NG!BNycaVXSg(VHlJAU+Xc+Zf9I0oTXlG{_6Pkb8oYCbbG892dNM@{8#ie+Uf(9s zBVTvhe~0+T*1!oJ%U@_Z3QaZIlWm6Avpa{ETLWYt5CUGqOLoY=Of{JZ)-mCD}Q8sRQTc({s$Z$Y%P$A1T@={ z6ZY+>dQuWaYRaEkAI~9xNjtxY1kv0+ZPviwGmi>`D>btZKQD$7Z(`Y5<74+%$7lRl z^*>%beW~1mvFzCSo8Nfm@sFeBrD+M6{!4BxH|Ly}?_MHTm{-Lvj|0Ez>ZKBce$@3o`AxY@Xjq&0gX&fa#2iMI_2sO8m zDmdWE(|ueDJz2NnNygbMUz+gr4@XEQJ;dOL?jIj1khttrw(6{Qp2(k+P2(u(q!(coo3KS&=xiC%`H*UKN zCOHX0D7Bux^+(*xuAT8%F*(9>O=S-q0c_8iBN$&hjKLaz$bxt8c{O?*k?8sP5WzCW zemsSUmMv6l#kpUAzxm*E9c`0#g*@W#5bT&#z21zTENcGx$Xi`-pQ2NU-RPIITF${( zp=^tDs4f-X|HFc3z`x=Y{u6)SM`#41x^3sxXFmRh3hp&1%1@KefX21JJ8CJQc4zoFgaK=}i_*PB{=+Rq9 z$eJ1CLn9(K?#Rc0@74F$gX+tX(bki-*eRn+S_du|;DzX>l078t>L~;ws(*(QrShil zpiBgdQYXJYn=u-6Rx~gjillFQQ9NO-aPEEJ^{g_t&57Z9&r#b`8PeT|#;%%hzF#Z! zn^+RcWqVd7JM|!#F=FLwbMNkO*OPQsveVYP^u))h+(TW>;m>rQ*OI5rJ3R$Tg;9^1 zjil)Lxpyi)RoInizpC8WxaMJIeX_axp*={^Ze9xg)X$Sqzh11Sr(%IUN$l#jwo?musWNZ^cQgr^64E@joZIkRS9s9%97X*I_uZpW z=R9Njz=t`WwIkx2`NuxLk+xj4k`Av^ycY%Ti$~zGqOtdS`RSru6BBIJoK{kOw5LsO zw}IqpQ?2kfxSWP&(AN3j^3PavV-pPk zq(0~v6mCwVJ3x=aqtUa2c1(-dhZw!y2Kx5(&Q7u7=w{S;T%Nfsahzpw$Wi8$NAHWC zU}9ZMebKpGJg12~)-zc@WEXetRmaELb9pQStBug>w-(>F-gdI_KxIyvX+GB`TmYRW zP6fOsAVi5t#a{++NOW&c9AqjmfFxWS6TIZtyO63Q;=MwnTql7oJx+LtCHW)tpcf!I zFpJ`~wsE0Dt*NN^!VNtz^?0sbt|PhsYq(PDjHLS0Gppa1`+|O7wjQ^$vu7pq6Gj9o zRYv6(kUsi0#I!sl-Tx?MILWPBJ#eOt(R>4@L^%NNGZ*UYwEZ*KK@)YXDL+1uZU3IB zh)uyLF$H=KJY*d=v1?~Aw#r|QDoIhrUE(1%aE7%|%r)|;)p<&V1ocKVS;I|3j<-ol`n(*e6AoUt-dOO0mM~iWQ<@);dlDv=)2J4a3!xV!h zq!t$=t}67pt_e)16YIU4u8kTs-H?-OzLZ&*oavpKs9CuBW~+SE+U{5>83D)VCZ$EQ zX~>(az`gICyvuJ>&db-nZXs7`i2?QLs5A2C-Z_;_!-@% z9>w!cq`f8mqP*`e^;xeY(LU;B(|sp=beP80(&@N?0=e)pv~q2872LA!D{%em`=*sW3@mZVq5IbNB+c}%AQf;?un03j#1wEjBV^Du@y0` zExDJ|g+_I*au1LO-39jXPMOvl3Bd{c2hGhPk$o#A?CNHr`Ac&6aaxfqEuEiMS2yqG zfYJ*Gbm5{!5_HNf6&J>aL1%-6vg#gmA(}lH>Nbo&fpg0?9}7!8x*}gtQrsuGIyjeD zUQE*>1*tT@#?}_u{53P~{!-<}OUoCghpz1H_I{vhuBzX$bT(bI8t!$IE0x|pr;v^@ ze}rkEua&&{4#3)J_c)dK@Z7JeKG?LHS2axThy=Be6<~Pqs%7HD18<^@-?F z8+ZvN$wO{(91V}oiElxJ>Khx6(#TB&>CH0n-gJQv{xh>qLMUU}1(XKFRMc^u^<<*t zx)8(5X6cMz0drw7wS?_P%^K?Fq1^vcFL@D4(KQQ35=owwbmHH<#bjYiwk>ob&JwK zX)}wE?=xsmC!#*5Ak0#T`u8jBSz9ut<1$vcmFomC` z5#*q{9w6Z7m`1SIk6{zL^|FZddr~n0VQk|dN4h4aCbhF>zf(|W9cfxiX( zpLKo|U1%nm;fz7r7vZ2tTW&AGyRw1}2z9;Mz$^?g@gYRh6a8h0#uBb>vuj9MJ zgLntbo8P$)=3PGYHs@lp+UJ~#kQJE^wHd!Pm8pAdy#>Bm9w}&7$0{31TT0OL@)o2M z?sclIW6R9UH)D12AqUZ$Ry5lZSQxB-CbAcw3C*gpjqS}z@RO|vJw7gphe4W{}r0lwEH7k@y z``4OBO|^ovNGF6n<5MoCTVT0?6rIr_`3{sl`Ukw+HG2i@P=22|R%Oe@dAj#Fm=E0*iZ{0x8371IESwaAgI z#JK{dhGC7015f2C;U4^m5KTzh7g4z^3rZ2>(UCKsI69IE^2Rl*UuS-K8xUaZc567f zn?sKcdia%mwI(di`$?D0giCSZ2`^O_=kFJ?8R6Toz~`dkRbQh$m!C%07^H-_25RSh z-x9k742DlkmM(6}2@LV$DDoml8k|ZGMdTpD{h`Oy6DB|4X|TQUdqE79&dBj5o&-xJ zMSM`Ji(>$PEY=)tRRy?W*37w2M#h27AL0~h47(ffa=zpdBa329^6uK$GHmvZ5e$w| z@8{TiM-*!vrfOGnF2h$oFO^|teRyzbTyNSi;NFmVrvKQ*ur{(jt!lrEbjZ`f4{f>r z{!0NflRDATmSSh>?4RH**-54nxh~Usb2Eiyz)An8$sTZ3BvT*^uz$`{y7K?nKU*4w z8iiP#g~=Gnh|)#r0MvJ?DmquhXL4kG0#I*Xz)8v7j_u887R!mD3a?WL`S$Ow5I3q` zR_}|LPUmicja!B>QBycV)zjO~tQmlaQ(8i)BJsZOa|B2Q{+^^L{Drs3k*UIu{J}h@foYS zZ6R$~Z*?gwIX~eK_jJye;iQsh3kjJ;c66&PVrcK+mr*|t^1AZ`dBixiKlKQq9n2d8 z;c*16y%vyUwBHm;3nH+wH8o-h5Kx_B|Kn$D8M`b-=<_$0(2dYcBzbxI&1jQ(USsu? zGh9wV9R;SzylLygIhQiNFwPFZDzCav8NIRJci}R%K2tN$-CCn`q&4C{1Hv9|*j$`@ zIi2vcf5?o#m3BcIWm)V7_aywrgwFf+rcN4)_ksdrw^B1S!Opkug3A$n?H@ChjAVRx z9)Sfz-6m?>t?leu3UiinX;>3pzu7`M^6N0tzaa}@UQ%wfGq)U>xh;F< zkX@X2tTQ`9ZM00~Kvad`Mvl#QWXiP8l6RxzvkKG?&-uwsv@%B{5rU5?6^>Vm9!5(Zr9cFVigR37MRif2=w z^!(LeYV+;pq21r#UHM*cUkTY~$a`1muJ4rCdA-aao!X+{Q6fyEh%NR=A8?X8(dU+- zFYk&QX#dzEDWTID%OQ3=IoCEpFjQ^00@=EXoUg# zI(FR#3g@o8rygX-yYmRC>mxIB-OVo5^vL{%qF?H1VbSK_wKKeQ*`BFNAs#838EBfb z^Q*r{{H@M!SUZkf@-(h#Ml45i69>3tMJs`8@j^l6n)RimFw9!Z>P!x7Aa!+4pam9! zD|~hqOtpo#pmji^y$<3b&vJ*JWp@TtV(UD3_cFPaLtVVdiRBf*BxLDzr0#wBupW%0 zy)8!{=9}IgT^s-Sn~sL&iYvYK8e8%D+MN}bnwSA+)t+o^M%$}bi?DV&m z-zprt7c|3^T|e2;G36+{`*j1q9L)EshKV)eKKy@_!4U9f68_yqj*n~AViDp2jOEKA z3JkBH5!C0c>fC^ie|H_nU&TrB79R(#2UdqgVa^%CC0A5fa^1%IzqAx|m%bei3y4~Y zR@!iC;8{FbPh+}#3?1NYdWMu-udOghIks%>Ij68w!>u>IY)3c?bk0g4}U8Q3$`(q2tXmg>KfW8)_yNYXUWd-3p0_&9 zVPHt!AhiQ^z+cH=yo{HfXmUb$i>ETNCO$dzH+F4xdSylv^5Wg_k35%Kw6sI!a7tfD zJZse=VZ(&RrJhiX^;lgG%kS<*=Iu^p*`kl5ZfbdFiq{p3u6i_#j1L-q9h>Fpe7$Q@ z@hs44;6Sq6i32DT}cM}tdT;x%K4g_OwCz+fy<5hKofuBl; zmzub<3#lA)jXP7qv+0B%5}s0`1{W^L*A_J1a`#$EtUyjq>a=cG9eh@I_U*ns?+#n~ z%#1tF!F}av;ntjM{jM$c7UF2LL2)Vo9#%E9?>!7zaH11JvcK_iF5)3Si2Y-f<1@E+8{rFJ1N)N=#LRbT%! zt)9V2LjO=s*S#(nUpuhC74C?M!BHiM>7fUGK75#o=X3VPWVTk3JXUCX4mgQOJ1kf& zaZX`&CPS-Wt}Yj^MmG02 z0CI;xb}~+byY0p6?WXPtXwXAEDyv$$xFm}=8qvYr`>5!7E8F_zg>{v;BM-lRX>PPx z5g2+0hfA2<$IE7-KUKsxCuQ8uxT9QYC#=!XS!2E!viadzmAOm>ecWNeAtVpw68QT} za|AARSQ0uVDU?~~7l87+EmXWOQ-JrUoaXs%$>Q zc)5KO=D}V%!Od3ch7%slvLBKvms>SYHCct8??*{xXbtW&X;#&q3|yw8tMFF%G1x)8 zruZ|Qiz24L-^#_q{eqN)N^c+{NNT43O2b)sS73>^M_N^t61fYD-G8^U6eMLKghILI z;iu!*XPBO)nWEWt!OFo+PN91%NfY&3x$dz zd;0@_RK!?2I(=MeeWAz&H1Ml%yp=9=@vUAT%u!%Qc{E{qTHd&63-Uhrf_MStwfP&&6sO}=+ znABK=MlZ*v8W+rseh!S%4=|caGioA2`Zem=>~-JLWdC~fTI%K>4exAP0;0-0tHUpv1C2o;{@vj$ zX2YE2E@3|JsTLvgZE+<1(+~gKx^efe2x2!g2DXo40x38{zC03ZD2Ad6{p8_SJld)} zmn>n=JN(>;8zj(SPb^=&nYGO?_&sju7WrEc=EQVO?df}GrvQsKW2ygE8pGicfje{K zIqw$_=>f(uGoWKr6Eodf0TySHkevn3OV@~vhpL(j)* zAFgpJbv&tUi_r@cqZKrrL@yhgZ~1@AUf=bi%=5#WS|iHDPPvn#U^HmM)%WzkYyaCb zJz~4iU_oBBNRj?RAi)aS524=AoE*l%W=V&>f_R7QxXl&JnNEre&aWAJqN zaU*-)IzLvF2WR~z^x$R4?`{On=>U(8nWM+T>kGNP@tZ^YzoJF4v#ALt^4u}v=ZA_4 zwy&q}6d~G%CMaWAx?H+_u$I?_M`}qj1}+hI6c|Ps)3uY4{f7XtCXf8U-Jcew=D3ho z6F%gC>{Bkjm(}<1viL_rJD8OI1zKCVZsu-bIHV}J0{S+ft7pw~_(h;J1cIFfV6ki? zN{y)S+ewLu(&NJt#p(g#lcPo)71vP>qc$gtwgh;61n+G4B~$IdQn(yKs?3q3t?Z+` zx>Pk$N=}kSl+^9Vp43q7DOL^nsL2Ba#QKJh7-N`oWUA0$k}n0EA^_AA_XQw}fSq%~ z3e-II!gEA!J)CtDAouF9}yjxam0+D79-GBl|!~&-}nhp$d#T#-ll=>{UoP1%H zp8TkM>~xyfU{FA?OkISwL(km@yaz=t9U2=t1N+oDVM8Z8eaKH5q$QEoVdx4gb(O)Z zEkV8m=b89M@RHF%(AnNq3BetIqNEN9n4ZSf@SI#BH}19-@ zVpWTwLSL&M&&e$4sQ<{+j6I069FofS?r#1PcW!)Z@YhMt2)isj>1$Sw<$sr{=p*v= zBH-?Zn!~OMU;nIRUEIp^LIegLy_FbRUL&)l6F%M2I7TdNzL$Ha2;GcNEkRtnQ?lf$ zn-iGpegBDifck;sXUKK+jY+{LWyg6I2Q9B!4m&?kf7vh@{=t#dUNy~$@7XXtLw5vx6x&|FUX>rWv=FOgW8#O zV1xzgz;)Z5^33JMg#w ztB}?+JU!NWf<_S;#10q*|Ba?7a~G#zW6@w6`rzQI|N@Qs$9j5QJALgogaB!aUt8EZ2EhMrgmhm?kg!VQ#*D?SO z&WsKp*lMP)PRERCx#{0tLU(97g0+`)`o;V`(5>EGWEznyb0Fz7NgzjFO-fo)BzVs*9ddEss`}#vdGV-U2|L1=C_)pKpge1o#$F~VqXIs-u)F4}MAvB1dQuc^P#AigW z@v=fN(0GdCC-MRtc|UalEd4pS5%lI{8%2fHLdTZTpw{pRfS_eRqx`Zg-d!)AZXP4= z!w>m@zQgMZM?u?98)C$4FkS&a2H#gdlmPy2<}(&A@Uc%Q@H^>< zEJ!AGdq~SY>(Tv0h8Gv7@?gC>KrTh zGx3!s-p3|^vfmD}iV&q+Sg}Oe4<++L-y>zH?+RG8#Xof*5AzlhSsb;W&irFC#1g?R z|F|*ZmObAq)k`}$pm6+Kfe-Iu1|5D<^`{8_fC_vy1vR6x~{wu`KLF~o^lVd_Z$d`+nYwS+!Gm@@dnNi{q zx+H&suJlr*(@{_WD|blJOnGd)jjg`Ik=?c&sYNJgxH$~hR2N`tl^b;USD)WXmWR7P z$=A2bGyan2t!l=w6UjD4OE-Occn0C(FWC3a?qUTztbYD@A5v`^ndNmKpASmJHc$@H zJ5bR1AWjpoA(ZBKLhC#^Hh`76N*nFe<3?w=8|*!0rHeTNIvy z)!7BoI_i79y;GHD*+JWIN3xY&iHS#fAG2W6s;_|&)7TP#sd6(Lf(#CHQn}gS5#7Z< zLH3-XQbLD=Ko2L$UFT;wM0{HU3M7I&g!~i(q3P2GC#G!^E;F` zv~oo?qJBSkmEVqgu8 z&uicSE7rHxN<}Hwi*Dd9r_T{P3Ca6v2k!)jqye78dJMoI4^Kf<%SOL@xh`agP(?h# z_-hkd$g#D5Pv3b&Y~b%5HkLoS^U-B>iAtF0m!(c7<<3VpWi~FIomiw3+&+j(ZhSW` z_Kk{ut{$o>to?V_)%w&m$vFv*NT7&20!dfmhs8RgLK8V#Zt1`cB4Q+rcn~|(S#Z9E zS9JOx4Q=}$mU2ugg2UK=q!aFttDvZ24u|(x}o0b&>KKxCz;HEcecUX8Kf?o7S#T0k||=zfEgoN zSZZve8-s?hD8UwWo$38{+Z}E2w87V5wDr`vM7iABq2eWaL2ZzE7}}xAR=+1VJuQW@ zI*Q28S_)ZfaHPFx9(q-;Yf)4TcvVlwNbobf|R=R9Ie*qnpXT~VgzH|no_dr#m7(1pj&^qQ!U-@X1Mz9Mu??NI`} zi3PJ!+$9!MUbq*Ej$$7-8Z5s{;rYfISrktRImgZb?A z;0krZtOopLySY?~+w*irNNe=5LIois;0ykm@NlAd|0ym?yzdRLr|;wkiApIKaF<0d zYyREkpO2a?>z0hC?l(CFG20_klIPmoSj0}uUCHM;ACQXgXsd2Fc*-d?Ec;yp)u!cU z72Q=HemOo}_87vwfk~(3u}cm`t{EzBpDX{&m^+~&qhD(lwVV?|uDQoFO(TxqiOckN z@!gLc>u`8lB3nEs_kn{^91V(^`A1v>pQW#Vrt^R24y|ri;-{4M^48w)oaPq0zKr8# zaKB;*H{O1tvMh&+mJ!HCc2K;$ONM+8)ubYftxE4yQg7zf@QX0PZ1|xemRn5cjO>f8 z8k6@c%^$_EPzGU>g4QqrLxX zPeA5KqfpR^chJ9>eBoowbequp-(Bn%J0vhgHy3{<)`^I#9^QfrXeAS_ZxUWlXbQcV z&A$(+|2nSC3HRc{p9+uc6uhYdYA*-$$h71^QQ583n_NnEKxLnIMSwSA?CeMl=|X*U zh^MB}t5^%vLrLMvP46wuNf|g814wqe!(s7*|m`cYM0Z5Hqa4 z9*%kWy^QC^(n`XER=B-_d4SC$*DU0g<8FxlZZ+n4T8(J23l7x4fqes%%2qW}xs(v* z)gV6o>B4>7ow8Q_1dL%9$T0el^{YYQ)uF3I%}VVl1uviD>Y|}(yx&6J$;*FjL{}!D zBdqP1k@VpLUr=d+X-Z5aoi7Hf8z!c$2<~BvW+!;1EpyY#LWxq`X(f$1T5dbYX~(H) z&e4HNW1pymtUZ#pWBD=hhlYq8N!{6BGD&hTMTpjN!EO^5xetp2c)tovp9Tr@Pscpd zy-1!i(XnQec^wq34Z@YEM{q~@>{s}YpjZdT?GpsPhYBD&G7%6HW5amcEWO8sMxT1Y z&&_nThjJz?G)1wFI2xEl5#|MCAGfIRk} zLJPL20hZJfZ-N-TRa0YMj=)E)o_87Pz5fBzk>7P za%NtJn-Bw7se7>!ZlH-vGC74^m;*s=qgca^@#eAmoSK^a`kIR6$m&MdNZtIh>m$?t zmj-n5=@fnT^t72<-@7y;PvJeP;HGy`euQXqhZNfR zIrh(6O*NajkdvuFbXRb_eQ3FV){bqSUL(f1HTt37z)vZimEU3~1($;|ZLRZe*JidY z63oKA)5z{~58UI;ue`NkC)du-=@#8veDfZ zH`HE^3!^~)rRj7tX3|*`_+PN7F6v?2K9*rVyu)cZ+qKARtW_n7yCAqVw(04bCZ^w{ z*N_dP(5p1(f`PKDg|05D<4Hbh{=_rEw%^FA)@zfhs%H!6uB)N*Iu$+n){Yt8dQSPF z+D++6E}7c_nGG$5+lC~_fXMHM4nznpK|k?LxxFbyXXb*EBk3SYT4>6H#R-k8(Tw@+ z&eVNay-vJ(J;t<)IROX@D9Hc=ei_?Vx6^DSXpu&?HMPP7iqFq4<9Mn3?utR?mdL9)WK50b*qXSPXdw9*vQLq}Nb(Qr{q?5>nh?N& z_cV*!kqW%FnuYvYD3PB(j6Y{lGShV@+a6dnsiPQCy%b3Yg-Ywha>xQXtkYHC)2{vYH{k?TT}%eTJ2>Ua04J5*OJD! z6L%A4lVMyJQtXZo&8&KbaH1am++m4pb`U{Lz#kKj!cS-mY80GDZJ#|kAy&mnjs>+I z@(--_Z8bo}gjs3eo>kxK9sTk~=F(^VwoJVPn@&ZC9I2nnGg^=~O&`)bJ9j5OnI5#B zzO6Rs0o;Ca=Qk5qqwG^jTOi^L;_zJ|}00o#~Y4}JdKwT5MK0eov~DXa!Rse|wRzf%C{VtIY|ERjmiB(1i< z9>ZC;w0icug9do%tdj-0_OgVIPf9-r5Fls#VV)=UvG5}0Bo82v&o`SLMm$mWt1mSV zmsIGK-7}!broP=7gkc7U`UK6P^YdR8pf5F1y#X_f)s&kuCvAfQwjyT+veSvoJblv8 z0M~40Jd01>oF7ts7C8d+(x3sOcaE^RnO*xaXY~Y)m`~hFL+dMhn}r#-$bMTduacsuHtG>D)MI|D z58{AZ(HG2{cPj#;Txw6{<|Wj(^Ccj8=>awKN<859oIwz`wxz#+5H}EJ-w?hfrcM@# z2j_ZGJ64L=cd+eNxG4Jh${b-@{oh^m20TDMN^&UKtbccXp5wRC$t?meb@O2pLyzSh zN=5W#&k1xhGMC$Uqm@c+efQ_HS%3=1c_u#3dzx^5`g5#fz^9K+*aTJoX?5l4rvBbN zw?>LQ+N8>Jqtl+i^GWf*JTWL{Csiox+XX(N7@+_@lfwUkGo%4V`&_U1CvN-`ZK~vQ zfwB$ej5(DX|K8YuP3tK*&*c-neP=cHXdPH4T`(wbig)9V{Z(J*T!5F=!L{f-z7l#az(S-47A!-tKc=kavpxyp=JWvb?CgI{w>+ZHG?zRSt>fX&Oj6%+&C zPn~UK_;RS+)15s;NvdyZ0t_}kDn$Q{yFvc+a4^c0tJmu{OEb|W1h`|vZ}ZHbF?{23 zX6ztofOql7bGnFMbF|`HJ4>g{d6Q~?`KP}(GPXG35^HGI!_jvd&#!&8HsTN&7L`(P z`be+ZCM{Wiv^Aq9Og_hskMYp`LjKwS$G~T~_uRNcLTS-(=I|DY;qgBSoHX&znLc;^ z?0^4c@7W_E>M>`T(n~gg`ldMXf3^4J;cTwmyL*2fbl9q`mZIeAfR>UDhN>aE?N^FT zikgS)R+UJ}ZcQPP><+3Zb}70kshWzCBB93A{Gq5>Vu(bs4UvS3mkj$n{axqp^T+vp z=UnGpmp>vdaV2lo`#kGj&sz7oSI;QPjs8*&r2eqIqlp}gC09OHx*P1L9kG)5oR9p< zY#;tMq4kiNfkifh`~gC8$l}uge_Z`o2ST(}G#&<;s0to1EeT2j-JY4-WrKBBBNQD! zHhhF$gdH_zm+hyRIPGjGW;)&E)kd384*mT@I_%J;ysD-k&MB)WXGfWrh|6(>fyrNE z?LkwtR4EvXU#;i{r^QEzLvzqPxDLjU)L?x60FF2}eYltFBe0$R`O!S@&6hbS3e8DW z=*qo{KY7D4Tp>fFbl7gfWPg3r6?MNH-5Xxsa=vLrVRX&1DA5YjaAVY!Ajvl!q*Y6( z-1_QLE=fC;bcgj!3Vhh3AW~y1{cwS#5c|GPk&Wq1U{O&|01H;_v~~fSsM1d~L_7=O zJw+T0*<1TkVbeJp6t*cit4O3rZPtM8m%4MDVhP5fF4}g0ci!o7tIr=o!{nRu`iEV z;<^xW`DvWQgQlDF3WgE)(sKvmE@nqMb!vxJCv&Ya^dbLS_i-*ae|wPPW^Z*cu#0&O z6I?>fdWvu@h-u>Z*w~osEnKTUSt`khaIL4(3&nRyjerpQ2a5l#-ca~#5W&t}qci^g zL3${2y=e@gX%2;f632*G9mW6fPv{}y&mc|l8Q3TJlvhb%8Hq^b470*cRz6G?C=deX);8hl$Ei(9eSC=WFz*H5Sdrai%*- z&}DT9ANd}_G}i#|lkRtu-T4<}g{Sss;}iF=Mi+*+IaJnHt(}s%qrX8sNl8PeNBY$ff&&-f6WmLBe{MJ1eecB%Zj_lSX--)T87}`$DxOnEJdO zg~FN*>^pYG=P_I0y81d1i*Ca-XL`uJtHcg+08ZRUj!0r?U zwb?EcDl4ovd?Lk(+B+U?4*FX&YY6e$r&hh@>9aACqohV_#8j3ST=FL%;bHenJBhM_ ztFOCY7#)H<3|&DbW}Sr6IAgVxeU~Y?ccToP%4NaKasf#%eMWrZ zI{(gQOMW+!!6nq`YUl^)yV>286n(X;?@ueg;l?zay%qWUw~1Es7=RGpZ9Op$cmYwHb`)c0ppS2&-kK`6bI@0=bzMT+$0EvU&5mT9{ za(HXC*&e8%jc5Q-rrlLk+~aZL?R@D&0qi@~E?lqdDws!&GSlq~Ugf;J-jDBA{3Y3* z{EK@WKGNnrZ{qzxdV+gwiJV`~k!xJ8N*p@GI;A$e7L^}ubFW#}oRDDux<;gzo0c4A zCAAVRkS@{rp`>QA5=-naNu>KRg5?gNi9ZP1KVitx=f)Nl%qQoXq!;*earzY1iNDlN z#7^S7Oto8_Bj7D6{}L%Oa}DirSQmFA-tqpxlhFemd53N5ffV%M?7(|ByBg+#V8as? z)ZIO;8=-$@&%Mv0!kQffaCCMvrZDN){kK5w*xBexTpY+K$O5^Iy#+Vedb57J*dr6#-UWEJLjhvoQR@{zD& z+~u57TpeC&hG@LqaG!JTw+mgbt{UiD3>wXQmgn@^-~2brRwK=muT^Q!Q@&w(hx`T* z(O9M&M>Co}l|$w~kZGC-6FSr5+RP4CNU}-3kq9fnaLl3dQ4A3#$xR3~I#RQfwtW#@3X#nFLyWcGacL^P$TxY4QJu5J`10T)Fp54TFk6w);5QMN zfyrhMCbi7k1=GCx)9pPSjg74P9(48=S+1!7(0|7#B@&O38k?A~-^~u=x}`@6Hw5i1 zq|xF=usNm2T7yWwn!k(joB(-tXdEDtD7A;>Y5Rv#*rffF^GuG%eCG&X|5<9cO;g*c zPgdu;juxol%=Kr$R@ZaLco{O_81l|L=k#5zv!JV8>%en*s?B9{H%v~&mkn|=eK%2` zI7H{)r0kS}ysRT-Y}+)|+3Y8%u#})tK0>hI$og_@avQX&Ys#ffUkGyWc*14hd`R9J zVxuuR*Vq&_CW!A+h0{*_JL%*o3YTItnNpm2>7vo?--1swZ#baU<-**nALM_XU&Kwg z^;Zmdywq}PwUCP|ahS+>6i|)nv-p##72)QDZ=3%njYdq(!=t@qp{pS9YLz6J9VQrm z;S%(x5YaGdVl#O=&bV3V-q4)`Ts7=R;@Q784aoA>d(Y7CeyDh4_%ZYA$B%!QtRL*q zOS(Q8XlH~}^m-8Xa^A{5a;$J?uZ4c>Q-$ZpOO6aZxm~Mni-v!cfJ)4xiv$jhcGyQgE=$H`DOCP7e ziKc{Il{I9x54jy1LsufV2x~&tQnI02Q}A62S*imB&qB8j?2hF$nU;8a#6IS=eT4y- zP#|}Dh6{uhKH}dEjFvV~Qt+2j=Y+pSQG_!mnVuVtljN@KnHwY*P?14AX4-~HzdCrZ zgsYVjpF%L{#c=5(y^<_GsxN34{z_7tB%FmQko?F;=1;Vz6Q7z`hO^uH8k9YuLfxq^ zJv5-tzBBXN;W9w0s-&(ed+KqV&h5(WkH_9hbtviT?XZQX3hU>(>NBevKKIbz0k3+} z4B@6u)k*awD%=n-)e{T0^C|jNEQ!AaizUlTHAv0&ivYF(&*%;TK?M`Q70SS9>isw> zq8v&@3S@*-Ll(cB5Fl(%UP5?dkY%oHpVfvz0$p9~aTl@p+Y{5+f(~6w;VR0!g#Rz$ z*;nwQ9(!SFfnNB%>8=2W`i)$Y5|E0r6CuUlxnTXok;z?>1hdorh+POjC&?Q`AZtHP zzBL{BOdq>v!TABm*N_f}NF17+y#CpjQcCTjD9wi|dMQ^{ztYXBSg?z?bvYy3A`q2l zD&v&TQ+8bP>fM){ZsY&v<@@!Si1mT1tv8BILj3y3>PYmn`)KO7pa9Q+&s1({0jPR5 zsx)l-F64;@`&((~7`UE9LMT)skl}!w?S#fatC=!jal6|M5iS=Kd}|e+W^M5^N^8d=e$gHxydmC_<_5)tZM-V?IK10zEVtos-E)qhTso_>Xq40xWiiP77!adNqNN8G5tR};&=RDI;Ece?GhW_nMF(=0 z!i{{Cg7CJOmDaXlAl%n5ml^db(v4aq@&ZL$lZM{Z@qXL&xzypxb`>zDs9}Hr9QdOb z;Qe>(l)NHgsE}eH@r;M~m&7RyvA2UG*%8b;{K*?C=C6s7VBBS6A4tl6^CxQ4Dri)G zR0d>hJ#vq$N4mso-XsF0)x6%QO`5;j!1z~T)PxdlawGj!1b6!iO(%zb^42^qWJv)=89tMC*F_z?s4Mo>9xp!FGV9oShb#Q)} z$w~S@dRtOIVr6l~?P?mR{qScNZOG_ZMrrT!s8<6!mjO~3hrDfi_L50ZMXEf zHO<CV`3~UVTVE0UpczAl8%*Y>j-f+rF zT)y;;Q5qj%oKqzql@}Z9C~u$Gd~yC1tKcr#cclW6X`?9pN%SRKaNC9hAM0`&G})7u zbuT?IPGrLPOM0f}!}*-ZDE(UA^GnN#-nb7+$ECwqxrMXTvb=Vo*2xl#T>ffRSH9}$ zun;V)_5~tkq;U5ApFx;s>x4q4SK1spg0Tr3Y+rI0$rF27AK;Cu@G1DxJR4sk(_~N+ z-$O55RGwH_R68r^jl*)^zh6Tf!3}u0V=k`QL`Vm02bOwAmx3owfM4zfm&jZ7f6LIe zK4KCJ#ePgr$aD2_Dz^rDP$v%eVP=6S-I}TYq0{X7qTr#F<*{M=$gi99Bul>}3&2(t zA4-$Tj!05LZU*%%y|*2)9XH}B`IBgbE8@8GRH3+Lv!hf2<#*{n7bw^n*a2J`du_IY zU9Dr{sP_l6GP?xwZrR+f+#w2)*5@v4O2jq&p|^rAjrtWmh%L4uXxX&cdA@uvnd~SC z(DBJ`kLg0+KDl6Sn_?l*tIpA!Xj??-4XvZ=kx^g^vmm|1Das>4P#%;cOqUc8tOe~& z5srglSbpy(knCdHqnWE?-9MGNLdk6hp}Dqnag93j%oqPlq-Y%i{Jmaayf+80X^*t= zn9Y4Vq-B*s3bdcY^qZ79FHMZRh&uE3K+3{Uko8iVN!nW4h0qmC#Dz^&Nf{_+VfRW0 zVISsNu%o0#<=I5OV&mjlKJp1+2Rp!_St?UG@(mGPBlDPG!H&mT4tz`e2V-$^AMN8n z$r9nhzIb%O*ka8uPQQIl&iS`aL$~3dSNG4~KJhFmL|w^9Z^l>i#=+dSdOK2{s(v%CKu7rMw^qsIm#4{1;W^z$h}cZ8chb(I z-8X0ZcnbBe1GD1sOvIlTO%8$XYR3(>{(I0JTa4D^s^6u#`;(Ip7eVtG0@7EMD$?6~ z7M8s2N9obC;3Qa*B!{so|Vt3Mr}*~X$ew_%l}gVR6PR}KaPl}WOUi})mT zzi@(yJlt}cBT?uAb58||&!{s=XS#B)akwXbp~t6>IMW8H8=4gvml&=7FYf2<>T5{w z7+*!P1FmV#bu#CD3xgk|-$+Wa>@1<#&3ugmIp?|zFK5d&#BI_PNR{)EnV^kLQFMHq z*s+Ohi9`I(bQL&1G`X4&B_pA5x%h9A6G;A!E`7=|9e3TBBO(^hx)oxvIJ84`u?oD28X~I<}vkV2gT@v1t{~aW)p|ZSnt)1 zE?~LGS3)w5MAZY)sbYu!8g4!!bgHR(cHzP26LG@qfBn?XJ9=lG;vhnkzGwmLVo6$7 z>1E8ZLnD$VP$(%_l;I+PE5A$@CIf`U5<5XJZx@-FirU*NIu8|J5tz`GG@!^Whz+`YkB<{;9Om# zz)pNQgx@qAV8Q7ZU zt+jI4OM@+W)Fg|Xrq+oYmP4W=5;6(yum#hW?BaS+vJ+U>sytNYj-D>JgK|=a=t2Tw_(l# zXQYYcsf=gNscCPsK8&{fc+;x$er567B+@}oePrGe@hkxjmg{ALOdhTic*$uPm&PHf zKzsUEjNk-){`ypYCV#G_W+L4<^&!ETLa>Bh+Pcf>E%UL0s zDh|!>y6TFI)K~1{ND&urCAV6wmd>d4MQf7`PrEPsuI2C*rwp4&j6}BPqlTS;$rzeB zg?NgPqgLbr$?XUX^1OSy&gb=!^^vNoq;b?jO&g`q)62i6hw^TGd_g(CAUq^8{QjBM zTC#GU< zQCX~;=J4UQhig^5UWW;CIv}XsKwGq{=Hkr{0i<{?b!DPkmd`jz)I!DFkJSg#KALQNCV90MFswOtaOp~I!{L{3j4}_-2 zF4~tA%|9AMSL`h_r6|Z9Ub8BtXj1Er>U4M2z2y;INxH*})r`32NdKg~-X*TS_R8wL z+>$`Q^+}0=+3gX;)HAgM0%!5T3*eMujg%J$2iSsB2~Zcos^GMRQHktpRCzz3W6^LH z;&JR3`Uqz~LJx_K4$Y(kCYJn_Wo^>4$`Qj<#r25yVZ)f<%_|FKD=rN0!^S~*O7?S; zS_h)4H=JDx3C6|lg~^{38T=uVC2I3%NuI-O@`xtg#zU(zvpg`s%=dLz98DV8S* zUrQbbqY_|aQe8=*eCuO?P$yY?Zuc(-AS$VmhClNsa$)-hIBMBClZjK33&>P!oAan= zXC)O*!y#OA<4mKF6X?CgudGV7QjZN#{l-$$Ooah-d`WBnXyBZ7Yo4&9a;T^IIzZx&$#oMQWunmr*@>!dR9Tq5bA5%Dn+ zpF(1vhESzq0})nyoW-XRKrVc@?YHxSh-?rA;i^S3|X5Jh<8Bp!+G5E|)pbW7&F#FI`{?&M1S zPod<0_i|;x?yT@9tI*NpL=yEW2wHY*qeDR?LG3iEmHhmGpR(`L(EWFlI7{Mb91A6Q z-k_4$BBWEX(X+#f*AqPhG;CahGmrWg29DU|jg~Z0ZdS z)z>G}xOmU8>aRCDUoQ+6l^t#956Vo@9?Pe1v$$!n5N@7RbC zBaq=%l!)Cy4+s+qo5KF+h8u8&E|79TdIUV4T!K9lc=!)b9<7Ji90~;Lx0S$9W>NWN zah`ki$3oA~E7%`MPcD@#NAu z?(~t>i|)y38SZ!s{AyT2yR`_YF6|RLh%}|2$d#}qnypa7FX{z;_^ZIMLJ5WAlsmpo&}bAD}i|jH}2bmVnC_OU?8`)lKK47$r9hn&6Fpf znq`#=FAfEvSFO^WEdAckn3dE{U@N0RifYFVa5-{f74Y*pxDBrd2|rFJ?v{3VX+X|k zJH)3J6hrVSuV_v&T+Po*OZq8m#AY}cjKL%Sw4;9H>6+|8e8~w1%;L(i5&byVfL*DR zn25&N3r(wq*M=Qt%2O;96(~i47bZ*{YmVLK?{8VT*kSkEY;C;WMsj8R>8lt&-q33v zcOC2)BY`t_O>~I}I1bzE0z|jl+2ljg_N<*F1f^mz67~CeTmtg>!G%dx=sx?M$yGc% zoM`x0H(S;YG-8cSF0cufoM$1C4o-E|Rm%T5VByy*`|6Co$F=KUYAEXJa_B&7qgoWB z!H4JS_dd<;_F4D=t0*IOrf(;xQGqz z*AK%!b!CrlnAlS5>x!HB$;Db_6?E+f4`@pi%$N^xV&BL9*c@f~bxvX1>(Y|XFK=Qo zwO%7ETM4qI7ijv6RciA{jmCffa4%k4`0fiGW6X+SYCOylU;Uy-dYVpd+(m#F0`B;T zRbAgV!8_b0i!)h^#pAP?9#=-fZs3%gRQ+*xlC({gG+o|&JLj6w@+H_)&3xQFy)Xn< zTWj$GE7inah?7k_qwnMBG-qjfswOlvsl2Xw5-6LlnDv7NkxptKbZ_ytV5~${tLT?!iZkfp-Ryhm1@Em)Dj_aL_sKr;t|=P6mtszP<6HoUw1F5W%p* zqYS$yW;U`cxIbqIv5^@SRrr9mX);O_fY<;@i%xLJS^0j*Iru*hIp37P=E(%NE&wQ= zG@g}i$BCv&z_}uh!rX&Z5xWmIoT9{G&0yX91se_1tBsRC@n7*5=H&@LL$M<<+i;d^ z$KJ(zb$imxE0yov9i8wD|M=N?c)^_5%UEen8Xq57&*c$a)@daJL48fPvJ_swS-{(( zS5axHOm$3y|UuHAmb<2lM|mpLH0~mqCOd% z2b;k8B?`d&Zn#)uSWU59WC)DMz9YUQZIgmp?-OkIY8}@Z$SN{s+#)jwlF>7OGGVbK zDWKY+VCvQG(ytW!#!;8gu;C$nt||FMGGxT-#`4UEtNy$y1Pr@JdSL$GJMfGp_M$%c z#z?hv<3S>yQP70g9W3`0$m^IO_8lL@-djUOdmS05Q{>3nBBR^ehUMc`+9#DC->4ci z(IxM%i$~ZeUm3~+LeXMa-D_n&do?Vc}a6k7SUgyS)X9Q_f;}=V_oANNPjTia@Xls)pOd z9uSG&%lQS|esWVpVw2oYVoy**F7S7|0H!P{tjCPBZQ90g0=!)WcazbY&+5*FsQ9mM z!i2Ht!n{l!$2RkPtt>6Q@S{GvZPof00%cuUFCJ7TAuY;7>zC(msUu|_WVOZ@>|T58 zT3 zpFaJz_a8q`=S9HA(0~8%87_4KM{-RWp|SgI0EHh>l0oTH(o`B~RnZ3q50Z9)05Tn9 z;G#%q71$915_GPqUTtxkYi^t>w$!65Le`C0hidteb5T6;eSw;)dE+sD?z*C){Nipb zNuf;tb^1-~z*VpCS9Q+A#acyb9c>33R5qC7plA~Q9$FOoLaQ7&BfT9pq#NSSdse*+ z3i$|lhbfGPS!S2e6nx!{@D;*I}-YvJrMu5T-9 zlo|5X&OfIa`QB|lZ8H$}dYFd0^xLDH-5Po5AY03Cvs8OzNy_91jfcBeo}#3coLqdd zw%yi6qmob+Kotgzl~6E5j&u;H02O@d9YajfV;X*xewo};3G#q+d41ZLTSi8vq05&L z?!|v^8phV?l)7~6%g)9no2R>~b={z*-5Fl>Lc3))WWV)y%lZ>P*H>a6bQE zK@A4vx)*4cnQLeVii~Y;_*1;RIion{S-85 z^#$!^2+4bMdKJ-5J7<`?)JML-VkYx*w+yN`(u^nhNK zOAmO;smQNvjRs-(!HywGC)a{nIFYxIcS!n`xC%bz0%9r=QO*;~tC$b1!Jp>1f|k|d z*3Dm(4dWXOp#_y40@c~1q{cABQvxh!)IvfA^G`h%ocIfdmrP%8rj`_qkD=RJvQCV& z#lHn9zVOkykbCY{q45`M+g@Wa>&c`;B_sc$l{@=pM>X0v)PzZXO1Mciq>3(=Dq9VG53;_lqKbOw_r*s&+My%yK zjtJr6GbqTtMst+J1_<{A(IxEzPX|{;G9rtxQGH5zKn*kX*3yThCXrg8pJOytm|8`h z9Z7q^O3Mfg2>8-jx{Y}|Cq`ITSCOY{Yt3S;%y;)x&9Ks}*VMsQEC$w*F;N5;brPE3 zuL`62r1mi~BaTCfs=Jt_A|O4ZlA}rl`%tQ_*{m@XZm;VES^#Hf_C|vtvHZ=vM~j%C z;)w;fJL$6Nss;#IHSuDKrx@*?AvKl5rUlYH+Q7LL2|y27kk9~<5uGR4NQ%ygjRf1+it#4u(-cJl zwhU6ypvbjwvCRlMFf_uts~rl`Y?Fmc54iX4r^f=*4Qj--D|4xe!YTt{>NzH>sU{TX zapyPMf@73Q+x`3ThW6tzo#&xyRW1e|f*!F6Zegp(WZS+hV%~UpX8~`#s;^|ho^z^S zmdr^(%>p4-n$NlXj@d;4hPoVLio9-lV{-H_uw%HT(eK8u98pXdxmgdokgf*!YHQ3` z=JoMj9C>>7`j6(k@UhBQcgSIGi_1dH>P3ZLD5b|}GgiGkVd9GKH$3>RLSTQCw3EfR z!ERfSDnZ-W-S(o^EZu}p0Iq4%ab2Dm4m{o+>A_@p`8%av3e3#Gh4zG|&bBw3sSX6! zAJ>j?6E3Sr?D7VERsMYBt zHO4y*_C8aG*wZcX)B%}Sm2`gMzXQX#icVu;2DrM8+wW?;8XeYibg}5}Dr@{j-U2$R zYf`zWXt5^sc^X_(SAylLS7nb%yI}k)Fz7A`1i0~tsT>%82==|O(1a4m37-gf;?pe1 z4j3XHY-#Y<_2jnmBp*@}$ReD+zc~S>TDD z)Jpdp1Rr^W4E%q6jU?41$S^UO6n6n~W8Daf>{R_+f zJ|iuWw^Oh_x;|zo-_O+z19X$%G^W!q&)pc-|BvN8*_{#OaeN`=P8^xL~^exFHk;rDzB_%Z0wgHNY4 R-UitrJp + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/images/sdlc-registry/governance.svg b/images/sdlc-registry/governance.svg new file mode 100644 index 0000000..0965065 --- /dev/null +++ b/images/sdlc-registry/governance.svg @@ -0,0 +1,13 @@ + + + + + + + + + + + + + diff --git a/images/sdlc-registry/hero-home.svg b/images/sdlc-registry/hero-home.svg new file mode 100644 index 0000000..e8b37e4 --- /dev/null +++ b/images/sdlc-registry/hero-home.svg @@ -0,0 +1,9 @@ + + + + + + + + + diff --git a/images/sdlc-registry/padlock.svg b/images/sdlc-registry/padlock.svg new file mode 100644 index 0000000..fa01adc --- /dev/null +++ b/images/sdlc-registry/padlock.svg @@ -0,0 +1,18 @@ + + + + + + + + + + + + + + + + + + diff --git a/images/sdlc-registry/value-stream.svg b/images/sdlc-registry/value-stream.svg new file mode 100644 index 0000000..6c1b8f8 --- /dev/null +++ b/images/sdlc-registry/value-stream.svg @@ -0,0 +1,70 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/sdlc-registry/background.mdx b/sdlc-registry/background.mdx new file mode 100644 index 0000000..5eef4d8 --- /dev/null +++ b/sdlc-registry/background.mdx @@ -0,0 +1,41 @@ +--- +title: "Background" +description: "Why software delivery governance matters and how this framework addresses it." +icon: "book-open" +--- + + + Software Delivery Governance + + +Software delivery performance directly correlates with business performance. But for organizations in regulated markets, the biggest blocker to delivery isn't engineering capacity — it's **governance**. + +Legacy governance processes slow businesses down, cost them money, and put them at risk. Modern tools and engineering practices have made it possible to ship software at extraordinary speed, but governance has remained static. Most enterprises still rely on IT tickets, human approvers, and Change Advisory Board meetings — governance processes designed for a world where teams deployed monthly, not hourly. + +## The three pillars of software governance + +Effective governance, whether manual or automated, must address three fundamental pillars: + + + Governance Framework + + +**1. Define: have a process for managing risks** + +Every governance framework starts with documented, standardized processes that explicitly address risks in software development and delivery. This typically takes the form of an SDLC Governance Framework that identifies potential risks and prescribes specific controls to mitigate them. Without clear definitions, controls become subject to interpretation, making consistent implementation impossible. + +**2. Implement: follow the process in daily work** + +A framework documented on paper is meaningless unless consistently executed in practice. This pillar focuses on embedding governance activities into the daily workflow of development teams. When controls are automated they're followed every time, not only when someone remembers. + +**3. Prove: demonstrate the process has been followed** + +The final pillar involves demonstrating compliance through verifiable evidence. Auditors and regulators need proof that controls are actually performed, not just policies stating they should be. + +## Scope + +The scope of this framework covers the entire software development value stream — from requirements through build, release, and runtime. + + + Secure Value Stream + diff --git a/sdlc-registry/controls-engineering.mdx b/sdlc-registry/controls-engineering.mdx new file mode 100644 index 0000000..560839e --- /dev/null +++ b/sdlc-registry/controls-engineering.mdx @@ -0,0 +1,76 @@ +--- +title: "Controls Engineering" +description: "Applying modern software engineering practices to governance, risk, and compliance." +icon: "microchip" +--- + +Controls Engineering is the application of modern software engineering practices to the domain of governance, risk, and compliance. Think of it as asking: "What would happen if we applied software engineering to compliance and risk management?" + +This is analogous to how Google created Site Reliability Engineering (SRE) by asking what would happen if software engineers did operations work. Controls Engineering asks the equivalent question for governance. + +## The speed mismatch problem + +Modern software engineering moves fast — teams deploy multiple times per day. Governance moves slowly — frameworks are reviewed annually, policies go through committees. + +This speed mismatch creates friction. The traditional response is to slow engineering down, but this approach fails both business needs and risk management goals. + +Controls Engineering offers a different path. By applying modern software engineering practices to governance itself, organizations can achieve continuous compliance without sacrificing velocity. This approach replaces manual checkpoints with automated controls, transforms governance from costly theatre to a competitive advantage, and proves compliance through verifiable evidence rather than paperwork and promises. + +## Controls Engineering is not "automating the tickets" + +There is a natural response when engineering teams encounter the governance bottleneck: automate the paperwork. If filling out change tickets is slow, write a script that fills them out. If uploading evidence to a change management system is tedious, build an integration that does it automatically. + +This approach feels like progress. It is faster. But it does not fundamentally change the outcome. You are still doing the same process, with the same assumptions, producing the same artifacts. You've just automated the receipts. + +The problem is deeper than that. If your existing manual process doesn't actually improve your risk posture, and in many organizations it doesn't, then automating that process means you are now doing a risky thing more often. You have increased your throughput without improving your controls. + +Controls Engineering takes a different path. Instead of asking "how do we automate this process?", it asks "what risk is this process trying to mitigate, and what is the best way to mitigate that risk?" Sometimes the answer involves automating part of the existing process. Often it means redesigning the control entirely. + +## What do we mean by control? + +A **control** is a check or restraint on an activity to meet one or more software risk objectives. + +Controls should only exist to tackle a given risk. If there is no risk to mitigate or eliminate, then the control has no purpose. There is a good reason for this: every control comes with a cost — typically delays and maintenance overheads. If those costs don't protect against a high-value risk, then why pay the cost? + +When properly designed, controls are guardrails that keep your software delivery lifecycle on track and aligned with your organization's policies, standards, and regulatory requirements. + +## Designing automated controls + +At their most abstract level, every control, whether manual or automated, shares the same fundamental components: + +- **Facts**: The raw data or evidence being evaluated +- **Rules**: The criteria used to assess those facts +- **Evaluation**: The process of applying rules to facts +- **Evaluation Report**: Documentation of the decision and its rationale + +In an automated control system, we can be more precise: + +- **Event**: Something happens (a build completes, a deployment starts, a schedule triggers) +- **Context**: Specific contextual information about the event (git commit, artifact ID, repository, test results, etc.) +- **Query (Optional)**: The system can proactively gather additional facts it needs from a Compliance System of Record (CSOR) +- **Rules**: The same evaluation criteria, but now machine-readable and consistently applied +- **Evaluation Report**: Automatically generated documentation with full traceability + +This structure ensures that automated controls can be both more rigorous and more efficient than manual ones. Every evaluation is documented, every decision is traceable, and the criteria are applied consistently across all events. + +## Why software control design matters + +When you implement automated controls they exhibit all the characteristics of any other software system: + +- **Controls have requirements.** A control should have clear requirements derived from the risk it mitigates. A control consumes inputs and produces outputs. These interfaces can be defined and documented. +- **Controls have a lifecycle.** Evaluation logic can be versioned, reviewed, and rolled out progressively to different parts of the organization. +- **Controls can be tested.** You can write tests for control logic, verify outputs given specific inputs, and regression test controls when you change them. +- **Controls have a design.** The policy enforcement points, decision points, and systems of record that make up a control can be designed with the same care as any software system. Controls can fail. Like any operational system, observability is key. + +The key takeaway is this: controls aren't obstacles to velocity. When properly designed, they can be the foundation that makes rapid, confident delivery possible. + +## Types of software delivery controls + +While there may be controls sprawled across your SDLC, it can be helpful to categorize them into specific lifecycle areas based on the risks they are mitigating. Typically, software controls fall naturally into these categories: + +| Area | Scope | +|---|---| +| Build | Controls which apply to the processes around how software is constructed and qualified | +| Release | Controls which apply to release decisions and change control | +| Runtime | Controls which apply to runtime systems and environments | +| Lifecycle | Controls operating outside of the natural software delivery process but must be evidenced, such as ownership, architecture, and security | diff --git a/sdlc-registry/controls.mdx b/sdlc-registry/controls.mdx new file mode 100644 index 0000000..cfd0839 --- /dev/null +++ b/sdlc-registry/controls.mdx @@ -0,0 +1,73 @@ +--- +title: "Controls" +description: "Security and compliance controls organized across Build, Release, Runtime, and Lifecycle phases." +icon: "shield-halved" +mode: "wide" +--- + +import VersionControlCard from '/snippets/sdlc/controls/build/versioncontrol.mdx'; +import BinaryProvenanceCard from '/snippets/sdlc/controls/build/binary_provenance.mdx'; +import ToolchainCard from '/snippets/sdlc/controls/build/toolchain.mdx'; +import DependenciesCard from '/snippets/sdlc/controls/build/dependencies.mdx'; +import InfraCard from '/snippets/sdlc/controls/build/infrastructure_and_config_management.mdx'; +import SecretsScanningCard from '/snippets/sdlc/controls/build/secrets-scanning.mdx'; +import CodeReviewCard from '/snippets/sdlc/controls/release/code_review.mdx'; +import QualityCard from '/snippets/sdlc/controls/release/quality.mdx'; +import DeploymentApprovalsCard from '/snippets/sdlc/controls/release/deployment_approvals.mdx'; +import VulnSastCard from '/snippets/sdlc/controls/release/vulnerability_scanning_sast.mdx'; +import VulnScaCard from '/snippets/sdlc/controls/release/vulnerability_scanning_sca.mdx'; +import VulnContainersCard from '/snippets/sdlc/controls/release/vulnerability_scanning_containers.mdx'; +import FeatureFlagsCard from '/snippets/sdlc/controls/release/feature_flags.mdx'; +import ChangeRecordsCard from '/snippets/sdlc/controls/runtime/change_records.mdx'; +import DeploymentControlsCard from '/snippets/sdlc/controls/runtime/deployment_controls.mdx'; +import SecretsManagementCard from '/snippets/sdlc/controls/runtime/secrets_managment.mdx'; +import SystemAccessCard from '/snippets/sdlc/controls/runtime/system_access.mdx'; +import WorkloadMonitoringCard from '/snippets/sdlc/controls/runtime/workload_monitoring.mdx'; +import DriftDetectionCard from '/snippets/sdlc/controls/runtime/drift_detection.mdx'; +import ServiceOwnershipCard from '/snippets/sdlc/controls/lifecycle/service_ownership.mdx'; +import TrainingCard from '/snippets/sdlc/controls/lifecycle/training.mdx'; +import PenTestCard from '/snippets/sdlc/controls/lifecycle/penetration_testing.mdx'; + +Controls are the specific practices and technical measures we apply to mitigate identified risks across the software delivery lifecycle. Each control maps to one or more risks, carries a unique identifier, and links to verifiable evidence in Kosli. + +## Build + +
+ + + + + + +
+ +## Release + +
+ + + + + + + +
+ +## Runtime + +
+ + + + + + +
+ +## Lifecycle + +
+ + + +
diff --git a/sdlc-registry/controls/build/binary_provenance.mdx b/sdlc-registry/controls/build/binary_provenance.mdx new file mode 100644 index 0000000..af2fe63 --- /dev/null +++ b/sdlc-registry/controls/build/binary_provenance.mdx @@ -0,0 +1,70 @@ +--- +title: "Artifact Binary Provenance" +description: "Every software artefact running in a production system has known provenance, established through cryptographic content-addressable identities." +icon: "fingerprint" +--- + +import SupplyChainCard from '/snippets/sdlc/risks/supply_chain_compromise.mdx'; +import UnauthorisedDeploymentCard from '/snippets/sdlc/risks/unauthorised_deployment.mdx'; + +**SDLC-CTRL-0002** · Build + +## Description +Software identity is defined using the cryptographic hash of the software itself. Using the SHA256 digest of a software binary means that if a single byte in the software changes, it will have a different identity. This ensures that one software artefact cannot be qualified and a different one deployed in its place. + +Binary provenance creates a provable chain of custody from commit to build to production. It establishes verifiable evidence of what was built, when, and from which source — enabling traceability across the entire software development lifecycle. + +Human-friendly identifiers such as semantic versions or git commit references are useful for navigation but are fallible. Cryptographic hashes provide the tamper-proof identity required for security and compliance purposes. + +## Requirements +* Every software artefact MUST be identified by its cryptographic hash (SHA256 digest) +* The provenance record MUST link the artefact to the specific git commit that produced it +* The following evidence MUST be recorded for each artefact: + * The SHA256 of the artefact (docker image, zip file, etc.) + * A human-readable name + * The git commit that produced it + * The git repository state (clean, unstaged files, etc.) + * A URL to the build log + * The build environment information +* A software bill of materials SHOULD be recorded alongside provenance data +* Human-friendly identifiers (semver, tags) SHOULD NOT be used as the sole means of identifying software for security and compliance purposes + +## How we implement this control + +We use Kosli to record every official build in our CI system. The audit trails for our binary provenance can be found here: https://app.kosli.com/kosli/flows/ + +Binary Provenance + +## Mitigates risks + +
+ + +
+ +## Compliance references + + + + | Control | Note | + |---|---| + | SA-10 | Requires tracking of configuration items including built software artefacts. | + | CM-8 | System component inventory — binary provenance provides a verifiable record of every artefact deployed. | + | SI-7 | Software, firmware, and information integrity — cryptographic hashes detect unauthorised modification of artefacts. | + | SA-12 | Supply chain protection — provenance links artefacts to their source, mitigating substitution attacks. | + | AU-10 | Non-repudiation — content-addressable identities provide tamper-evident proof of what was built and deployed. | + | CM-3 | Change tracking — provenance records tie each artefact to the specific commit and build that produced it. | + + + | Control | Note | + |---|---| + | PI1.3 | Requires processing to be complete, accurate, and timely; binary provenance verifies that deployed artifacts match what was built and tested. | + | CC8.1 | Requires authorised and tested changes; provenance attestations confirm that artifacts originate from the controlled build pipeline. | + | CC7.2 | Requires monitoring for anomalies; provenance verification detects tampered or substituted artifacts before deployment. | + + + +## Links +- [SLSA Provenance](https://slsa.dev/provenance) +- [Kosli — Artifact Provenance](https://docs.kosli.com/getting_started/artifacts/) +- [Content-addressable storage — Wikipedia](https://en.wikipedia.org/wiki/Content-addressable_storage) diff --git a/sdlc-registry/controls/build/dependencies.mdx b/sdlc-registry/controls/build/dependencies.mdx new file mode 100644 index 0000000..64871a8 --- /dev/null +++ b/sdlc-registry/controls/build/dependencies.mdx @@ -0,0 +1,68 @@ +--- +title: "Dependency Management" +description: "Every dependency is defined securely, managed, and auditable as part of the software development lifecycle." +icon: "cubes" +--- + +import SupplyChainCard from '/snippets/sdlc/risks/supply_chain_compromise.mdx'; +import VulnerableSoftwareCard from '/snippets/sdlc/risks/vulnerable_software_in_production.mdx'; + +**SDLC-CTRL-0004** · Build + +## Description +Inputs to the build process — including third-party libraries, container base images, and other source code — can introduce security and quality issues. Dependencies must be explicitly defined, controlled, and transparent to maintain the integrity of the software supply chain. + +During build, these inputs can be recorded as the software bill of materials alongside binary provenance, enabling traceability of all components included in a release. + +## Requirements +* All dependencies MUST be explicitly defined in version-controlled dependency files (e.g. `go.mod`, `requirements.txt`, `package.json`, `Dockerfile`) +* Dependencies MUST comply with licensing requirements agreed by the company +* Lock files MUST be used to ensure reproducible builds and prevent silent dependency changes +* Dependencies SHOULD be recorded as a software bill of materials when recording [binary provenance](/sdlc-registry/controls/build/binary_provenance) +* Container base images MUST be explicitly versioned and pinned + +## How we implement this control + +We define these dependencies in the source code, at the application level and if relevant, at the Docker image level. + +| Application | Dependencies | +| ----------- | ------------ | +| CLI | [Golang Dependencies](https://github.com/kosli-dev/cli/blob/main/go.mod) | +| Server | [Python Dependencies](https://github.com/kosli-dev/server/blob/master/src/requirements.txt)
[Docker Dependencies](https://github.com/kosli-dev/server/blob/master/Dockerfile)
[NPM Dependencies](https://github.com/kosli-dev/server/blob/master/package.json) | +| Slack Application | [Python Dependencies](https://github.com/kosli-dev/slack-auth-app/blob/main/src/requirements.txt)
[Docker Dependencies](https://github.com/kosli-dev/slack-auth-app/blob/main/Dockerfile) | + +Dependency Management + +## Mitigates risks + +
+ + +
+ +## Compliance references + + + + | Control | Note | + |---|---| + | SA-9 | External system services — third-party dependencies are external services/components that must be managed and controlled. | + | SA-12 | Supply chain protection — dependency management controls the inputs to the build process. | + | SA-22 | Unsupported system components — dependencies must be actively maintained and not end-of-life. | + | CM-8 | System component inventory — all dependencies must be catalogued and traceable. | + | SR-4 | Provenance — requires tracking the origin and integrity of software components. | + | CM-7 | Least functionality — only necessary dependencies should be included. | + + + | Control | Note | + |---|---| + | CC8.1 | Requires changes to be authorised and tested; dependency management ensures third-party components are explicitly declared and reviewed. | + | PI1.3 | Requires processing integrity; pinned and verified dependencies prevent unexpected behaviour from upstream changes. | + | CC7.2 | Requires monitoring of system components; maps to tracking dependency versions and known vulnerabilities. | + + + +## Links +- [OWASP Dependency-Check](https://owasp.org/www-project-dependency-check/) +- [CycloneDX SBOM Standard](https://cyclonedx.org/) +- [SPDX SBOM Standard](https://spdx.dev/) diff --git a/sdlc-registry/controls/build/infrastructure_and_config_management.mdx b/sdlc-registry/controls/build/infrastructure_and_config_management.mdx new file mode 100644 index 0000000..b73553b --- /dev/null +++ b/sdlc-registry/controls/build/infrastructure_and_config_management.mdx @@ -0,0 +1,63 @@ +--- +title: "Infrastructure and Configuration as Code" +description: "Infrastructure and configurations are defined as code, stored in version control, and applied through automation to ensure auditability and reproducibility." +icon: "server" +--- + +import ConfigDriftCard from '/snippets/sdlc/risks/configuration_drift.mdx'; +import InsiderThreatCard from '/snippets/sdlc/risks/insider_threat.mdx'; +import AuditCard from '/snippets/sdlc/risks/audit_and_compliance_failure.mdx'; + +**SDLC-CTRL-0005** · Build + +## Description +Infrastructure setup, configuration, and evolution must be auditable, secure, and reproducible. Defining cloud environments as code and using automation tools to roll out changes ensures that infrastructure changes go through the same rigorous processes as application code — including version control, peer review, and automated testing. + +Infrastructure as code eliminates manual configuration steps that are error-prone and difficult to audit. It enables teams to reproduce environments consistently across development, testing, and production, and provides a clear audit trail of what changed, when, and by whom. + +## Requirements +* All production and test infrastructure MUST be defined as code and stored in version control +* Infrastructure changes MUST be rolled out via automated CI pipelines +* The appropriate tooling MUST be used for the type and level of change (e.g. Terraform for infrastructure, Docker for application runtimes) +* Infrastructure documentation MUST be maintained and kept up-to-date +* Infrastructure code MUST go through the same review process as application code + +## How we implement this control + +* We define all our production and test infrastructure using code. Changes are rolled out via CI pipelines in GitHub +* We use the appropriate tooling for the type and level of the change (e.g. Terraform for infrastructure, Docker for application runtimes) +* All documentation around our infrastructure, security approaches and automation is maintained and up-to-date in our [Knowledge Base](https://github.com/kosli-dev/knowledge-base) + +## Mitigates risks + +
+ + + +
+ +## Compliance references + + + + | Control | Note | + |---|---| + | CM-2 | Baseline configuration — infrastructure as code establishes and maintains a documented baseline for all environments. | + | CM-3 | Configuration change control — all infrastructure changes are tracked in version control with full audit trails. | + | CM-6 | Configuration settings — environment configurations are defined as code and enforced through automation. | + | CM-9 | Configuration management plan — infrastructure as code is a core component of the overall configuration management approach. | + | SA-10 | Developer configuration management — infrastructure definitions are subject to the same controls as application source code. | + | SC-28 | Protection of information at rest — infrastructure definitions include security configurations for data protection. | + + + | Control | Note | + |---|---| + | CC8.1 | Requires changes to be authorised and tested; infrastructure as code subjects environment changes to the same review and approval process as application code. | + | CC6.1 | Requires logical access controls; maps to controlling who can modify infrastructure definitions and deploy configuration changes. | + | CC7.1 | Requires infrastructure to be managed to meet objectives; codified infrastructure ensures environments are consistent and reproducible. | + + + +## Links +- [Terraform by HashiCorp](https://www.terraform.io/) +- [Infrastructure as Code — Martin Fowler](https://martinfowler.com/bliki/InfrastructureAsCode.html) diff --git a/sdlc-registry/controls/build/secrets-scanning.mdx b/sdlc-registry/controls/build/secrets-scanning.mdx new file mode 100644 index 0000000..c29b6f0 --- /dev/null +++ b/sdlc-registry/controls/build/secrets-scanning.mdx @@ -0,0 +1,82 @@ +--- +title: "Secrets Scanning" +description: "Source code, built binaries, and configuration files are scanned for secrets at multiple stages of the development lifecycle to prevent credential exposure." +icon: "magnifying-glass" +--- + +import CredentialExposureCard from '/snippets/sdlc/risks/credential_and_secret_exposure.mdx'; +import InsiderThreatCard from '/snippets/sdlc/risks/insider_threat.mdx'; + +**SDLC-CTRL-0006** · Build + +## Description +Secrets — such as API keys, passwords, tokens, and certificates — must never be hardcoded in source code, configuration files, container images, or Infrastructure as Code. Hardcoded secrets in source code or built artefacts pose a significant security risk, potentially enabling unauthorised access and data breaches. + +Automated secrets scanning is implemented at multiple stages of the development lifecycle: pre-commit hooks provide the earliest detection point, CI/CD pipeline scanning catches secrets during build, container image scanning ensures no secrets are baked into images, and IaC scanning verifies secrets are passed via secure parameter injection rather than hardcoded. + +## Requirements +* CI/CD pipelines MUST scan for hardcoded secrets in source code and built artefacts +* Code and configuration files MUST NOT include secrets +* Secrets MUST be injected at runtime via secure secret management systems, not hardcoded or stored in source +* Secrets MUST be scoped per environment (dev, test, prod) +* Secrets MUST be rotated periodically with alerts on staleness +* Secrets access MUST be limited to specific CI/CD jobs or roles +* Container images MUST NOT contain hardcoded secrets; secure runtime secret injection MUST be used +* Infrastructure as Code MUST NOT contain hardcoded secrets; secure parameter injection MUST be used +* When secrets are detected in version control, they MUST be immediately revoked and removed from git history using secure rewrite tools +* Third-party integrations SHOULD be audited for secrets exposure + +## How we implement this control + +We implement secrets scanning through multiple layers of defence: + +### Pre-commit Hooks +Developers use pre-commit hooks to scan for secrets before code enters version control. This provides the earliest detection point and prevents secrets from being committed. + +### CI/CD Pipeline Scanning +Our CI/CD pipelines include automated secrets scanning at multiple stages: + +* Source code scanning during build +* Binary and artefact scanning before deployment +* Container image scanning for embedded secrets + +### Remediation Process +When secrets are detected: + +1. **Immediate revocation** — compromised secrets are immediately rotated +2. **History cleanup** — if secrets entered version control, we use secure rewrite tools to remove them from git history +3. **Root cause analysis** — investigate how the secret bypassed controls +4. **Control enhancement** — update scanning rules and processes to prevent recurrence + +## Mitigates risks + +
+ + +
+ +## Compliance references + + + + | Control | Note | + |---|---| + | IA-5 | Authenticator management — secrets scanning detects credentials that have been improperly stored in source code or artefacts. | + | SC-12 | Cryptographic key establishment and management — scanning ensures cryptographic keys are not hardcoded in code or configuration. | + | SC-28 | Protection of information at rest — secrets must not be stored unprotected in source code repositories. | + | SI-7 | Software and information integrity — detects embedded secrets that could compromise the integrity of the software supply chain. | + | CM-6 | Configuration settings — secrets scanning validates that configuration files do not contain hardcoded credentials. | + + + | Control | Note | + |---|---| + | CC6.1 | Requires protection of credentials and access mechanisms; secrets scanning detects leaked credentials before they can be exploited. | + | CC6.7 | Requires restriction of access credentials to authorised individuals; scanning prevents accidental exposure of secrets in source code. | + | CC7.2 | Requires monitoring for vulnerabilities; secrets scanning identifies credential exposure as a security vulnerability. | + + + +## Links +- [OWASP Secrets Management Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html) +- [GitHub Secret Scanning](https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning) +- [Gitleaks](https://github.com/gitleaks/gitleaks) diff --git a/sdlc-registry/controls/build/toolchain.mdx b/sdlc-registry/controls/build/toolchain.mdx new file mode 100644 index 0000000..9e3aca8 --- /dev/null +++ b/sdlc-registry/controls/build/toolchain.mdx @@ -0,0 +1,65 @@ +--- +title: "Controlled Build Environment" +description: "Build environments are defined as code, ephemeral, and auditable, providing resilience against supply chain attacks." +icon: "hammer" +--- + +import SupplyChainCard from '/snippets/sdlc/risks/supply_chain_compromise.mdx'; + +**SDLC-CTRL-0003** · Build + +## Description +Builds that are scripted and executed in ephemeral, controlled build environments are more resilient against software supply chain attacks. Defining build environments as code protects against interference that can occur during the build and distribution processes. + +Using immutable container images to define the build environment enables auditing of the build toolchain, as well as security scanning and version control of the environment itself. Ephemeral environments ensure that no persistent state from previous builds can influence subsequent builds. + +## Requirements +* Build environments MUST be defined as code and stored in version control +* Build steps MUST be scripted and reproducible +* Build environments SHOULD be ephemeral — created fresh for each build and destroyed afterwards +* Build environment definitions SHOULD use immutable container images where possible +* Build artefact fingerprints MUST be recorded for traceability + +## How we implement this control + +* Our official builds occur in GitHub pipelines defined as code +* Each step runs in an immutable container +* Each build fingerprint is stored using [Binary Provenance](/sdlc-registry/controls/build/binary_provenance) + +Toolchain + + +You can learn more about build security levels defined in the [SLSA specification](https://slsa.dev/spec/v0.1/requirements#scripted-build). + + +## Mitigates risks + +
+ +
+ +## Compliance references + + + + | Control | Note | + |---|---| + | SA-10 | Requires the development environment to be configured and controlled. | + | SA-11 | Developer testing and evaluation — controlled build environments ensure consistent and reproducible test conditions. | + | SA-15 | Development process, standards, and tools — mandates use of controlled development tools and environments. | + | CM-2 | Baseline configuration — ephemeral build environments defined as code establish a known baseline for every build. | + | CM-6 | Configuration settings — build environment configuration must be defined as code and version-controlled. | + | SI-7 | Software and information integrity — immutable build containers prevent tampering during the build process. | + + + | Control | Note | + |---|---| + | CC8.1 | Requires controlled change management infrastructure; a controlled build environment ensures reproducible, auditable builds. | + | CC6.1 | Requires logical access controls; maps to restricting who can modify build pipelines and CI/CD configuration. | + | CC7.1 | Requires detection of anomalous activity; controlled build environments limit the blast radius of compromised components. | + + + +## Links +- [SLSA Build Requirements](https://slsa.dev/spec/v0.1/requirements#scripted-build) +- [GitHub Actions — Using containers](https://docs.github.com/en/actions/using-jobs/running-jobs-in-a-container) diff --git a/sdlc-registry/controls/build/versioncontrol.mdx b/sdlc-registry/controls/build/versioncontrol.mdx new file mode 100644 index 0000000..451a880 --- /dev/null +++ b/sdlc-registry/controls/build/versioncontrol.mdx @@ -0,0 +1,111 @@ +--- +title: "Version Control" +description: "Software and configuration are stored in an approved version control system, providing traceability of all changes across all releases." +icon: "git-alt" +--- + +import InsiderThreatCard from '/snippets/sdlc/risks/insider_threat.mdx'; +import AuditCard from '/snippets/sdlc/risks/audit_and_compliance_failure.mdx'; + +**SDLC-CTRL-0001** · Build + +## Description +Version control is required to maintain a history of all software and configuration changes across all releases. It provides traceability of who made changes and when, establishing the provenance of software over time. + +The control establishes verifiable evidence of the state of source code or configuration at the time a release was created. This is important not only for identifying who made changes, but also for understanding what functionality existed at a given point in time — enabling diagnosis of software behaviour weeks, months, or even years after it was originally built, tested, and deployed. + +Version control is also integral to ensuring that the software being built and tested is the same software being deployed, by tracking the specific commit or version and providing a reference for traceability. + +## Requirements +* Source code MUST be stored in an approved version control system +* The version control system MUST preserve the integrity of history to prevent tampering and maintain the audit trail +* The version control system MUST record the author of each change +* History MUST be maintained for the lifetime of the software or in alignment with applicable retention requirements +* The version control system MUST support access control and SHOULD be configured with branch protection rules +* Deployment branches MUST be protected with required reviews and passing builds before merge +* Merges to protected branches SHOULD create merge or squash commits to enable atomic rollback + +## How we implement this control + +We use git to manage versioning for software development source code. For repository hosting and user management we use GitHub. + +Our git repositories can be found here: https://github.com/kosli-dev + +### Branching Strategies + +Every service will follow one of the following branching strategies: + +1. Feature Branch + Pull Request, or: +2. Production Branches + +These are described below. + +#### 1. Feature Branch + Pull Request + +This branching strategy uses a combination of feature branches with pull requests. + +Feature Branch Strategy + +* Main branch is protected +* Pull requests must be approved before merge to the main branch. +* We use pull requests to enforce and document our code review process. You can read more about it here: [Code Review Process](/sdlc-registry/controls/release/code_review) +* Pull request merges should create merge or squash commits. (no fast-forward) + +Merges to the main should either be merge commits or squash commits... i.e. no fast-forward merges. This allows us to atomically back out merges should we need to. + +#### 2. Production Deployment Branch + +The Production Deployment branch is an alternative to the feature-branch/pull-request strategy. + +This allows a model similar to trunk-based-development, where code reviews are implemented in the merge to production. + +* Production branch is protected +* Pull requests must be approved before merge to production. +* We use pull requests to enforce and document our code review process. You can read more about it here: [Code Review Process](/sdlc-registry/controls/release/code_review) +* Pull request merges will fast-forward. This means the production branch will always "point" to a commit on the main branch + +#### Protected Deployment Branches + +To ensure compliance to the code review process, we protect the branch we deploy from (main or production) with the following requirements: + +* Merges require at least one approval (two if the strategy is Production Deployment Branch) +* Builds and tests run successfully +* No unresolved merge checks + +## Mitigates risks + +
+ + +
+ +## Compliance references + + + + | Control | Note | + |---|---| + | SA-10 | Core control — requires source code and associated documentation to be placed under configuration management. | + | CM-2 | Version control is the primary mechanism for establishing and maintaining a documented software baseline. | + | CM-3 | Requires changes to be tracked, reviewed, and approved; version control provides the audit trail of what changed, when, and by whom. | + | CM-6 | Configuration files such as infrastructure-as-code and application settings must be managed under version control alongside source code. | + | CM-9 | Requires a formal configuration management plan; use of version control is a core component of that plan. | + | SI-12 | Requires retention of information in accordance with applicable policies; maps to preserving version history for the lifetime of the software. | + | AU-9 | Commit history constitutes an audit trail; this control requires it to be protected from unauthorised modification or deletion. | + | AC-2 | Governs provisioning, review, and revocation of committer access to the version control system. | + | AC-3 | Requires access controls to be consistently enforced; maps to branch protection rules and repository permission models. | + | IA-5 | Covers management of credentials used to authenticate to the version control system, including SSH keys and tokens used for commit signing. | + + + | Control | Note | + |---|---| + | CC8.1 | Requires formal change management processes; version control provides the audit trail of all source code and configuration changes. | + | CC6.1 | Requires logical access controls to information assets; maps to repository permissions and branch protection rules. | + | CC6.3 | Requires role-based access controls; maps to committer access provisioning and review for the version control system. | + + + +## Links +- [About commit signature verification — GitHub](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification) +- [Signing commits — GitHub](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) +- [About protected branches — GitHub](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches) diff --git a/sdlc-registry/controls/lifecycle/penetration_testing.mdx b/sdlc-registry/controls/lifecycle/penetration_testing.mdx new file mode 100644 index 0000000..a62e356 --- /dev/null +++ b/sdlc-registry/controls/lifecycle/penetration_testing.mdx @@ -0,0 +1,60 @@ +--- +title: "Penetration Testing" +description: "Penetration testing is conducted periodically to identify exploitable vulnerabilities in applications and infrastructure that automated scanning may not detect." +icon: "bug" +--- + +import VulnerableSoftwareCard from '/snippets/sdlc/risks/vulnerable_software_in_production.mdx'; +import EnvironmentBreachCard from '/snippets/sdlc/risks/environment_breach.mdx'; + +**SDLC-CTRL-0019** · Lifecycle + +## Description +Penetration testing simulates real-world attack scenarios against applications and infrastructure to identify exploitable vulnerabilities. Unlike automated scanning tools (SAST, SCA), penetration testing assesses the actual exploitability of vulnerabilities in context, tests for business logic flaws, and evaluates the effectiveness of security controls as a whole. + +Penetration testing serves as the organisation's approach to dynamic application security testing (DAST), providing assurance that systems are resilient against attack when viewed from an external perspective. + +## Requirements +* Penetration testing MUST be conducted at least annually against customer-facing applications and critical infrastructure +* Penetration testing scope MUST include both application-layer and infrastructure-layer testing +* Findings MUST be classified by severity and tracked to resolution +* Critical and high severity findings MUST be remediated within defined SLAs +* Penetration test reports and remediation evidence MUST be retained for audit purposes +* Penetration testing SHOULD be conducted by qualified personnel, either internal or external + +## How we implement this control + +* We conduct periodic penetration testing against our production applications and infrastructure +* Findings are tracked and remediated according to severity +* Penetration test reports are retained for compliance and audit purposes + +## Mitigates risks + +
+ + +
+ +## Compliance references + + + + | Control | Note | + |---|---| + | CA-8 | Penetration testing — requires organisations to conduct penetration testing on systems and applications. | + | RA-5 | Vulnerability monitoring and scanning — penetration testing complements automated scanning by testing for exploitable vulnerabilities. | + | SA-11 | Developer testing and evaluation — includes security testing as part of the development process. | + | SI-2 | Flaw remediation — findings from penetration tests must be tracked to resolution. | + + + | Control | Note | + |---|---| + | CC4.1 | Requires ongoing monitoring to ascertain whether controls are functioning; penetration testing provides independent validation of security control effectiveness. | + | CC7.1 | Requires detection of vulnerabilities; penetration testing identifies exploitable weaknesses that automated scanning may miss. | + + + +## Links +- [OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/) +- [NIST SP 800-53r5 CA-8: Penetration Testing](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf) +- [PTES — Penetration Testing Execution Standard](http://www.pentest-standard.org/) diff --git a/sdlc-registry/controls/lifecycle/service_ownership.mdx b/sdlc-registry/controls/lifecycle/service_ownership.mdx new file mode 100644 index 0000000..3d2c724 --- /dev/null +++ b/sdlc-registry/controls/lifecycle/service_ownership.mdx @@ -0,0 +1,60 @@ +--- +title: "Service Ownership" +description: "All services running in production environments have registered ownership, ensuring clear accountability for maintenance, support, and security." +icon: "user-tie" +--- + +import AuditCard from '/snippets/sdlc/risks/audit_and_compliance_failure.mdx'; +import EnvironmentBreachCard from '/snippets/sdlc/risks/environment_breach.mdx'; + +**SDLC-CTRL-0011** · Lifecycle + +## Description +In any governance system, risks are managed by controls, but humans are ultimately responsible. In diverse software landscapes, a register of service ownership is essential for multiple reasons: + +* **Knowledge** — who understands how this service works, and how can I get help? +* **Incident response** — alerts are firing for a service, who do I contact? What has changed lately? +* **Audit** — who is responsible for ensuring the SDLC is followed for this service? + +Service ownership maps live systems to the teams and individuals accountable for them, including links to source code repositories, documentation, and operational metadata. + +## Requirements +* Every service running in production MUST have a registered owner +* Ownership records MUST include the responsible team or individual, source code location, and operational metadata +* Ownership information MUST be kept up-to-date and reviewed periodically +* Ownership records SHOULD be accessible from a single location + +## How we implement this control + +At this stage, as we have a relatively simple system and a single tech team, simply recording the services in [Kosli's environment monitoring](/sdlc-registry/controls/runtime/workload_monitoring) meets this need. + +Service Ownership + +## Mitigates risks + +
+ + +
+ +## Compliance references + + + + | Control | Note | + |---|---| + | PM-10 | Authorisation process — requires clear identification of who is responsible for each system. | + | CM-8 | System component inventory — service ownership provides a registry of live services and their responsible owners. | + | IR-4 | Incident handling — clear ownership enables rapid incident response by identifying the responsible team. | + | PL-2 | Security and privacy plans — ownership assignment ensures accountability for each service's security posture. | + + + | Control | Note | + |---|---| + | CC1.3 | Requires defined accountability and authority for control activities; service ownership establishes who is responsible for each system component. | + | A1.2 | Requires monitoring and maintenance of infrastructure supporting system availability; service owners are accountable for the availability and health of their services. | + + + +## Links +- [Kosli — Environments](https://docs.kosli.com/getting_started/environments/) diff --git a/sdlc-registry/controls/lifecycle/training.mdx b/sdlc-registry/controls/lifecycle/training.mdx new file mode 100644 index 0000000..6924270 --- /dev/null +++ b/sdlc-registry/controls/lifecycle/training.mdx @@ -0,0 +1,59 @@ +--- +title: "Training" +description: "All team members complete annual security awareness training covering the OWASP Top 10, ensuring a security-conscious development workforce." +icon: "graduation-cap" +--- + +import InsiderThreatCard from '/snippets/sdlc/risks/insider_threat.mdx'; +import VulnerableSoftwareCard from '/snippets/sdlc/risks/vulnerable_software_in_production.mdx'; +import CredentialExposureCard from '/snippets/sdlc/risks/credential_and_secret_exposure.mdx'; + +**SDLC-CTRL-0017** · Lifecycle + +## Description +Security awareness reduces the likelihood of negligent or accidental insider threats and ensures every team member understands their responsibilities in the software development lifecycle. Training covers the most common security risks and their implications for software development and operations. + +New employees and members of the tech team receive this training as part of the onboarding process, and all team members refresh their knowledge at least annually. + +## Requirements +* All team members MUST complete security awareness training covering the OWASP Top 10 at least annually +* New employees MUST complete security awareness training as part of onboarding +* Training completion MUST be documented in an audit trail +* Training content SHOULD be reviewed and updated annually to reflect current threats + +## How we implement this control + +* The team study the [OWASP Top 10 security risks](https://owasp.org/www-project-top-ten/) and discuss their implications for our software development and operations, at least annually. +* The activity and participants are logged in a Kosli audit trail. +* For new employees the OWASP Top 10 is done together with one of the other team members. + +## Mitigates risks + +
+ + + +
+ +## Compliance references + + + + | Control | Note | + |---|---| + | AT-2 | Literacy training and awareness — requires security awareness training for all personnel. | + | AT-3 | Role-based training — requires training tailored to the individual's role and responsibilities in the SDLC. | + | AT-4 | Training records — requires documentation and retention of training completion. | + | PM-13 | Security and privacy workforce — requires maintaining a security-aware development workforce. | + + + | Control | Note | + |---|---| + | CC1.4 | Requires the entity to attract, develop, and retain competent individuals; training ensures personnel have the skills to fulfil their security responsibilities. | + | CC2.2 | Requires communication of responsibilities to internal personnel; security awareness training ensures staff understand their role in maintaining controls. | + + + +## Links +- [OWASP Top 10](https://owasp.org/www-project-top-ten/) +- [NIST SP 800-53r5 AT-2: Literacy Training and Awareness](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf) diff --git a/sdlc-registry/controls/release/code_review.mdx b/sdlc-registry/controls/release/code_review.mdx new file mode 100644 index 0000000..bcb6cb1 --- /dev/null +++ b/sdlc-registry/controls/release/code_review.mdx @@ -0,0 +1,72 @@ +--- +title: "Code Review" +description: "Code review is performed on all software changes prior to production deployment, providing peer verification of security, quality, and correctness." +icon: "code-pull-request" +--- + +import InsiderThreatCard from '/snippets/sdlc/risks/insider_threat.mdx'; +import VulnerableSoftwareCard from '/snippets/sdlc/risks/vulnerable_software_in_production.mdx'; + +**SDLC-CTRL-0007** · Release + +## Description +Peer review is an essential mitigation against insider threats, as well as a means of improving knowledge sharing and software quality. At a minimum, code reviews are performed by someone capable of understanding the change and its associated risks. + +Pull requests document the review process, including the rationale for the change and any relevant context. Reviewers consider security concerns, code quality and maintainability, and whether manual testing is required. + +Feature Branch Strategy + + +### Code Review Anti-patterns + +A common anti-pattern when using pull requests is waiting for review. In an ideal situation, the lead time for review should approach zero. If there is any delay on integration, it can lead to people batching larger and larger changes — causing larger pull requests, more delays, poorer code reviews, and ultimately more risks. + +To avoid this, we recommend pair- or ensemble-programming: a practice where more than one person works together to complete tasks. This way, as soon as one developer creates the pull request, another person can sign off immediately. + +Note: the reviewer should not be the person who pushes the last commit on the branch. + + +## Requirements +* All code changes MUST be reviewed by at least one peer before merging to a protected branch +* The reviewer MUST NOT be the author of the change +* Reviews MUST consider security implications, code quality, and verification requirements +* Code review evidence MUST be recorded and linked to the artefact for audit purposes +* Protected branches MUST require approved pull requests before merge + +## How we implement this control + +* We prefer real time reviews with pair or ensemble programming +* We use pull requests to document reviews in GitHub +* We protect the `main` branch in each repository +* We record the pull requests in Kosli and control/monitor that no runtime workload is missing PR attestations + +## Mitigates risks + +
+ + +
+ +## Compliance references + + + + | Control | Note | + |---|---| + | SA-11 | Developer testing and evaluation — code review is a form of peer evaluation applied to all changes before they reach production. | + | SA-15 | Development process, standards, and tools — mandates peer review as part of the development process. | + | CM-3 | Configuration change control — requires changes to be reviewed and approved before implementation. | + | SI-7 | Software and information integrity — peer review helps detect malicious or erroneous changes to code. | + | AC-5 | Separation of duties — the reviewer must be a different person from the author of the change. | + + + | Control | Note | + |---|---| + | CC8.1 | Requires changes to be authorised before implementation; code review provides the peer approval mechanism for all source code changes. | + | CC2.1 | Requires relevant quality information to be communicated; code review is the primary mechanism for knowledge sharing and defect identification during development. | + + + +## Links +- [About pull request reviews — GitHub](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews) +- [About protected branches — GitHub](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches) diff --git a/sdlc-registry/controls/release/deployment_approvals.mdx b/sdlc-registry/controls/release/deployment_approvals.mdx new file mode 100644 index 0000000..af8f8c8 --- /dev/null +++ b/sdlc-registry/controls/release/deployment_approvals.mdx @@ -0,0 +1,60 @@ +--- +title: "Deployment Approvals" +description: "All deployments to production are approved by someone other than the person making the change, meeting segregation of duties requirements." +icon: "user-check" +--- + +import InsiderThreatCard from '/snippets/sdlc/risks/insider_threat.mdx'; +import UnauthorisedDeploymentCard from '/snippets/sdlc/risks/unauthorised_deployment.mdx'; + +**SDLC-CTRL-0010** · Release + +## Description +Segregation of duties is a common requirement in regulated or high-security development environments. It means that a developer cannot deploy their own changes without approval from someone who both understands what is changing and accepts the risk of the change. + +Deployment approval controls form a key role in the secure software development lifecycle. Their purpose is to ensure that risks around change are managed and that change is an active decision. In highly sensitive software systems, more than one approver may be required. + +Deployment Approvals + +## Requirements +* All deployments to production MUST be approved by at least one person other than the author of the change +* The approver MUST understand the nature and scope of the change +* Deployment approvals MUST be recorded in an audit trail +* Approval evidence MUST be linked to the specific artefact being deployed +* For highly sensitive systems, more than one approver SHOULD be required + +## How we implement this control + +* We use git tags to trigger and record deployment approvals +* CI/CD pipelines generate attestations for [Kosli approvals](https://docs.kosli.com/getting_started/approvals/) + +## Mitigates risks + +
+ + +
+ +## Compliance references + + + + | Control | Note | + |---|---| + | CM-3 | Configuration change control — requires formal approval of changes before deployment to production. | + | AC-5 | Separation of duties — the person approving deployment must be different from the person making the change. | + | CM-5 | Access restrictions for change — limits who can authorise and execute deployments to production. | + | AU-12 | Audit record generation — deployment approvals must be recorded as part of the change audit trail. | + | CA-7 | Continuous monitoring — deployment approval is a gate in the continuous assurance process. | + + + | Control | Note | + |---|---| + | CC8.1 | Requires changes to be authorised before migration to production; deployment approvals enforce formal sign-off prior to release. | + | CC3.4 | Requires evaluation of changes for risks; deployment approval gates ensure compliance checks pass before production deployment. | + + + +## Links +- [Kosli — Approvals](https://docs.kosli.com/getting_started/approvals/) +- [NIST SP 800-53r5 AC-5: Separation of Duties](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf) diff --git a/sdlc-registry/controls/release/feature_flags.mdx b/sdlc-registry/controls/release/feature_flags.mdx new file mode 100644 index 0000000..1e78f0f --- /dev/null +++ b/sdlc-registry/controls/release/feature_flags.mdx @@ -0,0 +1,68 @@ +--- +title: "Feature Flags" +description: "Feature flags provide controlled, gradual exposure of new functionality in production, enabling safe releases and rapid rollback without redeployment." +icon: "flag" +--- + +import VulnerableSoftwareCard from '/snippets/sdlc/risks/vulnerable_software_in_production.mdx'; +import UnauthorisedDeploymentCard from '/snippets/sdlc/risks/unauthorised_deployment.mdx'; + +**SDLC-CTRL-0023** · Release + +## Description +Feature flags (also known as feature toggles) decouple deployment from release by allowing new functionality to be toggled on or off in production without deploying new code. This provides a critical safety mechanism: code can be deployed in a disabled state, gradually rolled out to subsets of users, and instantly rolled back if issues are detected. + +In a regulated software development lifecycle, feature flags serve as a preventative control by ensuring that new functionality can be released incrementally and with oversight. They reduce the risk associated with big-bang releases and provide a rapid remediation path that does not require emergency deployments or hotfixes. + +Feature flags also support progressive delivery patterns such as canary releases, percentage-based rollouts, and user-targeted releases, all of which reduce the blast radius of a defective or vulnerable change. + +## Requirements +* Feature flag changes MUST be auditable, with a record of who changed a flag, when, and why +* Feature flags MUST support instant rollback — disabling a flag should take effect immediately without redeployment +* Access to modify feature flags in production MUST be restricted to authorised personnel +* Long-lived feature flags SHOULD be reviewed periodically and retired when the feature is fully released +* Feature flag state SHOULD be monitored, with alerts for unexpected flag changes in production +* Feature flags SHOULD support gradual rollout patterns (percentage-based, user-targeted, or environment-based) + +## How we implement this control + +We use [LaunchDarkly](https://launchdarkly.com/) as our feature flag management platform. + +* **Audit trail** — LaunchDarkly maintains a full audit log of all flag changes including who made the change, what changed, and when. +* **Access control** — Flag modification permissions are managed through LaunchDarkly's role-based access control, integrated with our SSO provider. +* **Gradual rollout** — We use LaunchDarkly's targeting rules and percentage rollouts to control exposure of new features before full release. +* **Instant rollback** — Disabling a flag in LaunchDarkly takes effect immediately across all connected services without redeployment. +* **Flag lifecycle** — We periodically review active flags and retire those associated with fully released features to reduce technical debt. + +## Mitigates risks + +
+ + +
+ +## Compliance references + + + + | Control | Note | + |---|---| + | CM-3 | Configuration change control — feature flags allow changes to be released incrementally and rolled back without deploying new code. | + | CM-4 | Impact analysis — feature flags enable controlled exposure to subsets of users, allowing impact assessment before full rollout. | + | SI-7 | Software and information integrity — feature flags decouple deployment from release, ensuring code is deployed once and toggled safely. | + | SA-11 | Developer testing and evaluation — feature flags support A/B testing and canary releases as part of ongoing validation in production. | + | CP-10 | System recovery — feature flags provide an immediate rollback mechanism without requiring redeployment. | + + + | Control | Note | + |---|---| + | CC8.1 | Requires controlled change management; feature flags provide a mechanism to release and roll back functionality without new deployments. | + | CC7.2 | Requires monitoring for anomalies; feature flags enable incremental rollout with monitoring at each stage, limiting blast radius. | + | CC3.4 | Requires evaluation of changes for risk; feature flags allow gradual exposure to assess risk before full release. | + + + +## Links +- [LaunchDarkly — Feature Flag Best Practices](https://launchdarkly.com/blog/feature-flag-best-practices/) +- [LaunchDarkly — Audit Log](https://docs.launchdarkly.com/home/members/audit-log) +- [NIST SP 800-53r5 CM-3: Configuration Change Control](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf) diff --git a/sdlc-registry/controls/release/quality.mdx b/sdlc-registry/controls/release/quality.mdx new file mode 100644 index 0000000..d349cf1 --- /dev/null +++ b/sdlc-registry/controls/release/quality.mdx @@ -0,0 +1,67 @@ +--- +title: "Quality Assurance" +description: "Functionality of software is assured through systematic testing prior to production deployment." +icon: "circle-check" +--- + +import VulnerableSoftwareCard from '/snippets/sdlc/risks/vulnerable_software_in_production.mdx'; +import AuditCard from '/snippets/sdlc/risks/audit_and_compliance_failure.mdx'; + +**SDLC-CTRL-0008** · Release + +## Description +Every change has the potential to introduce regressions in functionality. Testing and qualifying software prior to deployment manages the risk of production issues. The level of testing and qualification corresponds to the risk appetite for a particular system. + +Testing can be either manual or automated, however automated approaches such as unit testing provide significant advantages: less manual work, more consistent testing, faster lead times, improved knowledge sharing, and automated test results documentation. Regardless of the approach, testing must be systematic and test results documented. + +## Requirements +* All software delivered to customers, or with potential to impact customer data, MUST be tested prior to deployment +* Test results MUST be documented and linked to the artefact under test +* Automated testing SHOULD be preferred over manual testing where feasible +* Test coverage goals SHOULD be defined and enforced via automated ratchets +* Test results MUST be recorded in the compliance audit trail prior to deployment approval + +## How we implement this control + +For any software delivered to customers, or with potential to impact customer data, we test all software prior to deployment/release. Our main testing method favours automated tests, both on the unit and integration level. (As of this time, our server software has over 95% branch coverage). + +* We perform automated testing as part of our CI/CD pipelines +* We record the automated test results against the code and artefacts in our [Kosli Flows](https://app.kosli.com/kosli/flows/) +* We control that tests are passing and test results are stored prior to deployment + +In addition, we perform these controls which are optional but good practice: + +* We have a test coverage ratchet that fails if a coverage goal is not met +* This ratchet fails the pipeline +* A manual intervention is required to lower the coverage goal + +## Mitigates risks + +
+ + +
+ +## Compliance references + + + + | Control | Note | + |---|---| + | SA-11 | Developer testing and evaluation — requires testing and evaluation of software as part of the development process. | + | SA-15 | Development process, standards, and tools — mandates defined testing processes and quality standards. | + | SI-2 | Flaw remediation — testing identifies flaws that must be remediated before deployment. | + | CM-4 | Impact analysis — testing validates that changes do not introduce regressions or unintended side effects. | + + + | Control | Note | + |---|---| + | CC8.1 | Requires changes to be tested before deployment to production; quality assurance provides the automated and manual verification of software correctness. | + | PI1.3 | Requires processing to be complete, accurate, and timely; automated tests verify that software behaves as intended before release. | + | PI1.5 | Requires outputs to be reviewed for completeness and accuracy; quality gates confirm software meets acceptance criteria prior to deployment. | + + + +## Links +- [OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/) +- [Kosli — Attestations](https://docs.kosli.com/getting_started/attestations/) diff --git a/sdlc-registry/controls/release/vulnerability_scanning_containers.mdx b/sdlc-registry/controls/release/vulnerability_scanning_containers.mdx new file mode 100644 index 0000000..00589db --- /dev/null +++ b/sdlc-registry/controls/release/vulnerability_scanning_containers.mdx @@ -0,0 +1,64 @@ +--- +title: "Vulnerability Scanning — Containers" +description: "Container images are scanned for operating system and application-level vulnerabilities as part of the build and deployment process." +icon: "box" +--- + +import VulnerableSoftwareCard from '/snippets/sdlc/risks/vulnerable_software_in_production.mdx'; +import SupplyChainCard from '/snippets/sdlc/risks/supply_chain_compromise.mdx'; +import EnvironmentBreachCard from '/snippets/sdlc/risks/environment_breach.mdx'; + +**SDLC-CTRL-0022** · Release + +## Description +Container images package both application code and its operating system dependencies into a single deployable unit. Vulnerabilities can exist at any layer — from the base OS image through to application-level packages. Container scanning analyses all layers of an image to detect known vulnerabilities before the image is deployed to production. + +Because new vulnerabilities are disclosed daily, container scanning must be performed both at build time and on running images in production to detect newly published CVEs against existing deployments. + +## Requirements +* Container images MUST be scanned for vulnerabilities before deployment to production +* Scanning MUST cover both operating system packages and application-level dependencies within the image +* Container scanning MUST be automated as part of the CI/CD pipeline +* Vulnerability findings MUST be classified by severity and tracked to resolution +* Container scan results MUST be recorded as attestations linked to the artefact +* Running container images in production SHOULD be scanned periodically for newly disclosed vulnerabilities + +## How we implement this control + +* We use [Snyk Container](https://snyk.io/product/container-vulnerability-management/) to scan container images in our CI/CD pipelines +* Container scan results are recorded as attestations in our [Kosli Flows](https://app.kosli.com/kosli/flows/) +* We control that no artefact with missing or failed container scans runs in production +* We run continuous nightly Snyk scans on containers in production in case new vulnerabilities are found in running assets + +## Mitigates risks + +
+ + + +
+ +## Compliance references + + + + | Control | Note | + |---|---| + | RA-5 | Vulnerability monitoring and scanning — container scanning identifies OS-level and application-level vulnerabilities in container images. | + | SI-2 | Flaw remediation — vulnerabilities found in container images must be triaged and remediated. | + | CM-8 | System component inventory — container scanning provides visibility into all components within a container image. | + | SA-10 | Developer configuration management — container image definitions (Dockerfiles) must be controlled and their outputs verified. | + | SI-7 | Software and information integrity — ensures container images are free from known vulnerabilities before deployment. | + + + | Control | Note | + |---|---| + | CC7.1 | Requires detection of vulnerabilities in system components; container scanning identifies vulnerabilities in base images and installed packages. | + | CC8.1 | Requires changes to be tested; container scanning is a required gate before container images are deployed to production. | + + + +## Links +- [Snyk Container](https://snyk.io/product/container-vulnerability-management/) +- [Docker — Security Best Practices](https://docs.docker.com/develop/security-best-practices/) +- [CIS Docker Benchmark](https://www.cisecurity.org/benchmark/docker) diff --git a/sdlc-registry/controls/release/vulnerability_scanning_sast.mdx b/sdlc-registry/controls/release/vulnerability_scanning_sast.mdx new file mode 100644 index 0000000..4a47861 --- /dev/null +++ b/sdlc-registry/controls/release/vulnerability_scanning_sast.mdx @@ -0,0 +1,60 @@ +--- +title: "Vulnerability Scanning — SAST" +description: "Static Application Security Testing (SAST) analyses application source code to identify security vulnerabilities, coding flaws, and insecure patterns before software is deployed." +icon: "shield-halved" +--- + +import VulnerableSoftwareCard from '/snippets/sdlc/risks/vulnerable_software_in_production.mdx'; +import SupplyChainCard from '/snippets/sdlc/risks/supply_chain_compromise.mdx'; + +**SDLC-CTRL-0020** · Release + +## Description +Static Application Security Testing (SAST) examines an application's source code without executing the program. By analysing code paths, data flows, and control flows, SAST tools detect categories of vulnerability such as injection flaws, insecure cryptographic usage, and other coding errors. Because SAST operates on the code itself, it can identify issues very early in the development lifecycle — often at the point a developer opens a pull request — making remediation faster and cheaper than finding defects in later stages. + +Embedding SAST into the CI/CD pipeline provides continuous assurance that code meets secure coding standards and supports audit evidence of proactive security testing. + +## Requirements +* SAST MUST be performed against application source code as part of the CI/CD pipeline +* SAST MUST be automated — manual-only code analysis is not sufficient as a primary control +* Findings MUST be classified by severity and tracked to resolution +* SAST scan results MUST be recorded as attestations linked to the artefact +* SAST MUST cover all languages and frameworks in active use + +## How we implement this control + +* We use [Snyk Code](https://snyk.io/product/snyk-code/) to perform static analysis on our source code in CI/CD pipelines +* SAST scan results are recorded as attestations in our [Kosli Flows](https://app.kosli.com/kosli/flows/) +* We control that no artefact with missing or failed SAST scans runs in production + +## Mitigates risks + +
+ + +
+ +## Compliance references + + + + | Control | Note | + |---|---| + | RA-5 | Vulnerability monitoring and scanning — SAST is a primary method for identifying vulnerabilities in application source code. | + | SA-11 | Developer testing and evaluation — requires security testing as part of the development process. | + | SA-15 | Development process, standards, and tools — mandates use of security analysis tools in the development pipeline. | + | SI-2 | Flaw remediation — findings from SAST scans must be triaged and remediated. | + | SI-7 | Software, firmware, and information integrity — SAST detects coding flaws that could compromise software integrity. | + + + | Control | Note | + |---|---| + | CC7.1 | Requires detection of vulnerabilities in system components; SAST identifies security flaws in source code before deployment. | + | CC8.1 | Requires changes to be tested; SAST is a required gate in the change management pipeline to prevent vulnerable code from reaching production. | + + + +## Links +- [OWASP Source Code Analysis Tools](https://owasp.org/www-community/Source_Code_Analysis_Tools) +- [OWASP Top 10](https://owasp.org/www-project-top-ten/) +- [Snyk Code](https://snyk.io/product/snyk-code/) diff --git a/sdlc-registry/controls/release/vulnerability_scanning_sca.mdx b/sdlc-registry/controls/release/vulnerability_scanning_sca.mdx new file mode 100644 index 0000000..ff706fc --- /dev/null +++ b/sdlc-registry/controls/release/vulnerability_scanning_sca.mdx @@ -0,0 +1,67 @@ +--- +title: "Vulnerability Scanning — SCA" +description: "Software Composition Analysis (SCA) identifies known vulnerabilities (CVEs) in third-party dependencies, libraries, and other software components before they are deployed to production." +icon: "shield-halved" +--- + +import VulnerableSoftwareCard from '/snippets/sdlc/risks/vulnerable_software_in_production.mdx'; +import SupplyChainCard from '/snippets/sdlc/risks/supply_chain_compromise.mdx'; + +**SDLC-CTRL-0021** · Release + +## Description +Modern software relies heavily on open-source and third-party components, which may contain publicly disclosed vulnerabilities (CVEs) or be subject to supply chain compromise. SCA provides automated, continuous analysis of all software dependencies to detect known security flaws, outdated packages, and licence compliance issues. + +Unpatched vulnerabilities in production systems represent a material operational and compliance risk. Dependency scanning maintains visibility into the software supply chain, enabling rapid response when new vulnerabilities are disclosed — even without code changes, as new CVEs are published daily. + +## Requirements +* Application dependencies MUST be scanned for known vulnerabilities as part of the CI/CD pipeline +* Dependency scanning MUST be automated — manual-only review is not sufficient as a primary control +* Scanning MUST cover all relevant ecosystems in use (e.g. npm, PyPI, Go modules, system packages) +* Vulnerability findings MUST be classified by severity and tracked to resolution +* SCA scan results MUST be recorded as attestations linked to the artefact +* A documented exception process MUST exist for vulnerabilities that cannot be immediately remediated + +## How we implement this control + +* We use [Snyk Open Source](https://snyk.io/product/open-source-security-management/) to scan dependencies in our CI/CD pipelines +* SCA scan results are recorded as attestations in our [Kosli Flows](https://app.kosli.com/kosli/flows/) +* We control that no artefact with missing or failed SCA scans runs in production + +Additionally: +* We run continuous nightly Snyk scans on containers in production in case new vulnerabilities are found in running assets + +## Mitigates risks + +
+ + +
+ +## Compliance references + + + + | Control | Note | + |---|---| + | RA-5 | Vulnerability monitoring and scanning — SCA identifies known vulnerabilities (CVEs) in third-party dependencies. | + | SI-2 | Flaw remediation — vulnerabilities found in dependencies must be triaged and remediated. | + | SI-3 | Malicious code protection — SCA detects compromised or malicious packages in the dependency tree. | + | CM-8 | System component inventory — SCA provides visibility into the software composition of each artefact. | + | SA-9 | External system services — third-party libraries are external components that must be assessed for risk. | + | SA-22 | Unsupported system components — SCA identifies end-of-life or unmaintained dependencies. | + + + | Control | Note | + |---|---| + | CC7.1 | Requires detection of vulnerabilities in system components; SCA identifies known vulnerabilities in third-party dependencies. | + | CC8.1 | Requires changes to be tested; SCA scanning is a required gate in the change management pipeline. | + | CC3.2 | Requires identification and assessment of risks; SCA provides visibility into the risk profile of the software supply chain. | + + + +## Links +- [OWASP Dependency-Check](https://owasp.org/www-project-dependency-check/) +- [Snyk Open Source](https://snyk.io/product/open-source-security-management/) +- [CycloneDX SBOM Standard](https://cyclonedx.org/) +- [NIST Cybersecurity Supply Chain Risk Management](https://csrc.nist.gov/projects/cyber-supply-chain-risk-management) diff --git a/sdlc-registry/controls/runtime/change_records.mdx b/sdlc-registry/controls/runtime/change_records.mdx new file mode 100644 index 0000000..a5f3e20 --- /dev/null +++ b/sdlc-registry/controls/runtime/change_records.mdx @@ -0,0 +1,63 @@ +--- +title: "Change Records" +description: "All systems and services maintain a permanent record of changes, providing a forensic history of all deployments to production." +icon: "clock-rotate-left" +--- + +import InsiderThreatCard from '/snippets/sdlc/risks/insider_threat.mdx'; +import UnauthorisedDeploymentCard from '/snippets/sdlc/risks/unauthorised_deployment.mdx'; +import AuditCard from '/snippets/sdlc/risks/audit_and_compliance_failure.mdx'; + +**SDLC-CTRL-0012** · Runtime + +## Description +Change records provide the audit trail required to meet change management obligations. By automatically logging all deployments and changes to production systems, the organisation maintains a permanent, tamper-evident record of what was deployed, when, and by whom. + +This forensic history supports incident investigation, compliance reporting, and ongoing assurance that only approved software reaches production. Combined with deployment controls, change records enable both proactive gating and retrospective analysis of all changes. + +Change records + +## Requirements +* All deployments to production systems MUST be automatically recorded +* Change records MUST capture the artefact identity, deployment time, environment, and the actor who triggered the deployment +* Change records MUST be retained permanently or in accordance with applicable retention policies +* Change records MUST be protected from unauthorised modification or deletion +* Change records SHOULD be linked to the corresponding approval and compliance evidence + +## How we implement this control + +* We monitor production systems and automatically record a forensic history of all changes in Kosli using [environment monitoring](https://docs.kosli.com/getting_started/environments/) + * Environment records can be found here: https://app.kosli.com/kosli/environments/ + +## Mitigates risks + +
+ + + +
+ +## Compliance references + + + + | Control | Note | + |---|---| + | CM-3 | Configuration change control — requires all changes to be recorded, including what changed, when, and by whom. | + | AU-3 | Content of audit records — change records must capture sufficient detail to reconstruct the sequence of events. | + | AU-6 | Audit record review, analysis, and reporting — change records form the basis for ongoing review of deployment activity. | + | AU-12 | Audit record generation — the system must automatically generate change records for all deployments. | + | SI-12 | Information management and retention — change records must be retained in accordance with applicable policies. | + + + | Control | Note | + |---|---| + | CC8.1 | Requires a record of all changes to production; change records provide the audit trail of what was deployed, when, and by whom. | + | CC7.2 | Requires monitoring of system components for anomalies; change records enable detection of unauthorised or unexpected deployments. | + | CC4.1 | Requires monitoring activities to ascertain whether controls are functioning; change records provide evidence for control effectiveness reviews. | + + + +## Links +- [Kosli — Environments](https://docs.kosli.com/getting_started/environments/) +- [NIST SP 800-53r5 CM-3: Configuration Change Control](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf) diff --git a/sdlc-registry/controls/runtime/deployment_controls.mdx b/sdlc-registry/controls/runtime/deployment_controls.mdx new file mode 100644 index 0000000..62cbd52 --- /dev/null +++ b/sdlc-registry/controls/runtime/deployment_controls.mdx @@ -0,0 +1,61 @@ +--- +title: "Deployment Controls" +description: "Deployment controls are enforced in the pipeline and at runtime to ensure only compliant, approved software is deployed to production." +icon: "shield-check" +--- + +import UnauthorisedDeploymentCard from '/snippets/sdlc/risks/unauthorised_deployment.mdx'; +import SupplyChainCard from '/snippets/sdlc/risks/supply_chain_compromise.mdx'; +import VulnerableSoftwareCard from '/snippets/sdlc/risks/vulnerable_software_in_production.mdx'; + +**SDLC-CTRL-0013** · Runtime + +## Description +Deployment controls automatically ensure that only software which has gone through the complete Software Development Lifecycle reaches production. This can be implemented as a gate in the CI/CD pipeline, as an admission controller in the runtime environment, or ideally both. + +Pipeline gates verify that all required attestations (tests, reviews, scans, approvals) are present and passing before allowing deployment. Runtime monitoring provides a second layer of assurance, alerting when non-compliant or unauthorised workloads are detected in production. + +Deployment Controls + +## Requirements +* Deployment pipelines MUST verify that all required compliance attestations are present and passing before deploying to production +* Artefact identity MUST be verified using cryptographic hashes at the point of deployment +* Non-compliant or unauthorised workloads in production MUST generate alerts +* Deployment controls SHOULD be implemented both as pipeline gates and runtime admission controls + +## How we implement this control + +* We use [Kosli's assert artifact command](https://docs.kosli.com/client_reference/kosli_assert_artifact/) prior to deployment +* We use [Kosli's environment monitoring](/sdlc-registry/controls/runtime/workload_monitoring) to alert on non-compliant workloads + +## Mitigates risks + +
+ + + +
+ +## Compliance references + + + + | Control | Note | + |---|---| + | CM-3 | Configuration change control — deployment controls enforce that only approved changes reach production. | + | CM-5 | Access restrictions for change — deployment gates restrict which artefacts are permitted in production. | + | SA-10 | Developer configuration management — ensures that the software built and tested is the same software deployed. | + | SI-7 | Software and information integrity — deployment controls verify artefact integrity before allowing deployment. | + | CA-7 | Continuous monitoring — runtime compliance monitoring alerts on non-compliant workloads. | + + + | Control | Note | + |---|---| + | CC8.1 | Requires controlled migration of changes to production; deployment controls enforce that only compliant artifacts are deployed. | + | CC6.1 | Requires logical access controls; deployment controls restrict who and what can deploy to production environments. | + + + +## Links +- [Kosli — Assert Artifact](https://docs.kosli.com/client_reference/kosli_assert_artifact/) +- [Kosli — Environment Monitoring](https://docs.kosli.com/getting_started/environments/) diff --git a/sdlc-registry/controls/runtime/drift_detection.mdx b/sdlc-registry/controls/runtime/drift_detection.mdx new file mode 100644 index 0000000..aab075a --- /dev/null +++ b/sdlc-registry/controls/runtime/drift_detection.mdx @@ -0,0 +1,63 @@ +--- +title: "Drift Detection" +description: "Infrastructure and configuration are continuously monitored for drift from the approved baseline defined as code, detecting unauthorised or unintended changes." +icon: "arrows-left-right" +--- + +import ConfigDriftCard from '/snippets/sdlc/risks/configuration_drift.mdx'; +import InsiderThreatCard from '/snippets/sdlc/risks/insider_threat.mdx'; +import EnvironmentBreachCard from '/snippets/sdlc/risks/environment_breach.mdx'; + +**SDLC-CTRL-0018** · Runtime + +## Description +Even when infrastructure is defined as code and applied through automation, configuration drift can occur through manual interventions, failed deployments, or external changes. Drift detection continuously compares the actual state of infrastructure and configuration against the approved baseline, identifying deviations that may indicate unauthorised access, operational errors, or compliance violations. + +Drift detection complements the preventative control of defining infrastructure as code (SDLC-CTRL-0005) by providing a detective layer that identifies when the actual state diverges from the declared state, regardless of how the change occurred. + +## Requirements +* Production infrastructure MUST be continuously monitored for configuration drift from the approved baseline +* Detected drift MUST generate alerts to the appropriate response channels +* Drift events MUST be recorded with details of what changed, when, and the expected versus actual state +* Drift MUST be remediated by either updating the infrastructure code or reverting the unauthorised change +* Drift detection SHOULD be automated and run at regular intervals + +## How we implement this control + +* We use Kosli environment monitoring to detect drift in our runtime environments +* Drift alerts are delivered to our Slack channels for immediate review +* Detected drift is investigated and resolved by either updating the infrastructure code or reverting the change + +## Mitigates risks + +
+ + + +
+ +## Compliance references + + + + | Control | Note | + |---|---| + | CM-2 | Baseline configuration — drift detection identifies deviations from the documented infrastructure baseline. | + | CM-3 | Configuration change control — detects unauthorised changes that bypass the formal change management process. | + | CM-6 | Configuration settings — ensures runtime configuration matches the approved settings defined as code. | + | SI-4 | System monitoring — continuous monitoring of infrastructure for unauthorised modifications. | + | CA-7 | Continuous monitoring — drift detection is a key component of the continuous compliance monitoring strategy. | + | SI-7 | Software and information integrity — detects tampering or unintended modifications to infrastructure and configuration. | + + + | Control | Note | + |---|---| + | CC7.2 | Requires monitoring for anomalies indicative of security events; drift detection identifies unexpected changes to running environments. | + | CC7.3 | Requires evaluation of detected anomalies; drift detection alerts enable investigation of whether changes are authorised. | + | CC8.1 | Requires only authorised changes in production; drift detection identifies when the running state diverges from the approved configuration. | + + + +## Links +- [Kosli — Environment Monitoring](https://docs.kosli.com/getting_started/environments/) +- [Terraform — Detecting Drift](https://developer.hashicorp.com/terraform/tutorials/state/resource-drift) diff --git a/sdlc-registry/controls/runtime/secrets_managment.mdx b/sdlc-registry/controls/runtime/secrets_managment.mdx new file mode 100644 index 0000000..246576d --- /dev/null +++ b/sdlc-registry/controls/runtime/secrets_managment.mdx @@ -0,0 +1,91 @@ +--- +title: "Secrets Management" +description: "Build and runtime secrets are stored securely in dedicated secrets management systems, with documented ownership, rotation schedules, and access controls." +icon: "key" +--- + +import CredentialExposureCard from '/snippets/sdlc/risks/credential_and_secret_exposure.mdx'; +import InsiderThreatCard from '/snippets/sdlc/risks/insider_threat.mdx'; +import EnvironmentBreachCard from '/snippets/sdlc/risks/environment_breach.mdx'; + +**SDLC-CTRL-0014** · Runtime + +## Description +Secrets — such as API keys, cryptographic keys, and identity tokens — must be stored securely and documented in a central place. [Cryptographic failures are the second highest risk in the OWASP top ten](https://owasp.org/Top10/A02_2021-Cryptographic_Failures/), so rigour and process is essential. + +Effective secrets management requires secure storage, strict access controls, regular rotation with expiry monitoring, and clear documentation of each secret's purpose, ownership, and update procedures. Secrets must be scoped per environment and injected at runtime rather than stored in source code. + +Secrets Management + +## Requirements +* All secrets MUST be stored in a dedicated secrets management system, not in source code or configuration files +* Secrets MUST be scoped per environment (dev, test, prod) +* Secrets MUST be rotated periodically with documented rotation schedules +* Expiring secrets MUST trigger automated alerts before expiry +* Access to secrets MUST be restricted based on role and environment +* Secret access and rotation events MUST be logged for audit purposes +* New secrets MUST be documented with ownership, purpose, and update procedures + +## How we implement this control + +### Infrastructure secrets + +- We use AWS Secrets Manager to store infrastructure secrets. +- Infrastructure secrets are handled with a separate [terraform-server repository](https://github.com/kosli-dev/terraform-server) together with other server information. +- The update, creation and deletion of secrets is described in [secrets/README.md](https://github.com/kosli-dev/terraform-server/blob/master/secrets/README.md). +- We use a set of helper programs to update the secrets for the different servers. In addition to updating the secrets, the helper program also: + - Tracks which server the secret was updated for. + - When and by whom the secret was updated. + - When does the secret expire. +- We have a daily [GitHub job](https://github.com/kosli-dev/terraform-server/actions/workflows/secret-expire-check.yml) that checks if any secret will expire within the next month. +- If a secret is going to expire soon a message is sent to our dedicated [Slack channel](https://kosli-internal.slack.com/archives/C07P4AUQGHH). +- Every 3 months we check if any new infrastructure secrets have been added. In the [server repository](https://github.com/kosli-dev/server) there is a `bin/check_new_secrets.sh` script that will do the check and tell you if any secrets have been added. +- The evidence that we ran the check for new secrets is recorded in the [secrets-updated](https://app.kosli.com/kosli/flows/secrets-updated/trails/) flow. +- We have a daily [GitHub job](https://github.com/kosli-dev/server/actions/workflows/check-new-secrets.yml) that checks if it is more than three months since last time we checked for new secrets. + +### CI workflow secrets + +- We use GitHub Action secrets to store CI workflow secrets. +- CI workflow secrets are either **repository secrets** or **organisation secrets**. +- Organisation and repository secrets are tracked in the [secrets repository](https://github.com/kosli-dev/secrets). +- The secrets repository contains a README.md file with general information and one file per secret. Each file gives detailed information about how to get a new secret and how to update them. It also contains: + - When and by whom the secret was updated. + - When does the secret expire. +- The secrets repository has a daily GitHub job that checks if: + - any secret will expire within the next month + - any new secrets have been added +- If a secret is going to expire soon a message is sent to our dedicated [Slack channel](https://kosli-internal.slack.com/archives/C07P4AUQGHH). + +## Mitigates risks + +
+ + + +
+ +## Compliance references + + + + | Control | Note | + |---|---| + | IA-5 | Authenticator management — covers the lifecycle of credentials including creation, distribution, storage, rotation, and revocation. | + | SC-12 | Cryptographic key establishment and management — requires secure generation, distribution, storage, and destruction of cryptographic keys. | + | SC-28 | Protection of information at rest — secrets must be encrypted at rest in the secrets management system. | + | AC-3 | Access enforcement — access to secrets must be restricted based on role and environment. | + | AU-12 | Audit record generation — secret access and rotation events must be logged. | + + + | Control | Note | + |---|---| + | CC6.1 | Requires protection of credentials and information assets through access controls; secrets management centralises credential storage and access. | + | CC6.7 | Requires restriction of access credentials to authorised individuals; maps to secret rotation, least-privilege access, and audit logging. | + | CC6.3 | Requires role-based access to sensitive resources; secrets management enforces that only authorised services and personnel can retrieve credentials. | + + + +## Links +- [OWASP Secrets Management Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html) +- [OWASP Top 10 — A02:2021 Cryptographic Failures](https://owasp.org/Top10/A02_2021-Cryptographic_Failures/) +- [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/) diff --git a/sdlc-registry/controls/runtime/system_access.mdx b/sdlc-registry/controls/runtime/system_access.mdx new file mode 100644 index 0000000..a899fc4 --- /dev/null +++ b/sdlc-registry/controls/runtime/system_access.mdx @@ -0,0 +1,64 @@ +--- +title: "System Access Controls" +description: "All access to runtime environments requires authentication via SSO and generates full audit trails for review." +icon: "lock" +--- + +import UnauthorisedSystemAccessCard from '/snippets/sdlc/risks/unauthorised_system_access.mdx'; +import InsiderThreatCard from '/snippets/sdlc/risks/insider_threat.mdx'; +import EnvironmentBreachCard from '/snippets/sdlc/risks/environment_breach.mdx'; + +**SDLC-CTRL-0015** · Runtime + +## Description +As part of normal software development, it can be necessary to gain remote access to runtime environments for debugging, running migration scripts, or inspecting the behaviour of running systems. This access must be limited to authorised personnel, and all activities performed must have full audit trails. + +Access controls ensure that only authenticated, authorised individuals can interact with production systems, and that every session is logged for forensic analysis and compliance reporting. + +## Requirements +* All access to production environments MUST require authentication via single sign-on (SSO) or equivalent identity provider +* All access sessions MUST generate audit trails recording who accessed what, when, and what actions were performed +* Access MUST be limited to authorised personnel on a least-privilege basis +* Access audit trails MUST be reviewed regularly +* Remote access to production systems MUST be encrypted + +## How we implement this control + +* Any remote shell session requires SSO authentication and full audit trails are logged in Kosli here: https://app.kosli.com/kosli/audit-trails +* This forms part of our [System Access Control Policy](https://app.drata.com/policy-builder/18) +* All access audit trails are reviewed + +## Mitigates risks + +
+ + + +
+ +## Compliance references + + + + | Control | Note | + |---|---| + | AC-2 | Account management — governs provisioning, review, and revocation of access to production systems. | + | AC-3 | Access enforcement — requires consistent enforcement of access controls on all production environments. | + | AC-6 | Least privilege — access to runtime environments must be limited to the minimum necessary for the task. | + | AC-17 | Remote access — remote access to production systems must be controlled, monitored, and encrypted. | + | AU-3 | Content of audit records — all access activities must be logged with sufficient detail for forensic analysis. | + | AU-12 | Audit record generation — the system must generate audit records for all access to production environments. | + | IA-2 | Identification and authentication — all users must be uniquely identified and authenticated before accessing production systems. | + + + | Control | Note | + |---|---| + | CC6.1 | Requires logical access security over information assets; maps directly to system access control policies and enforcement mechanisms. | + | CC6.2 | Requires authentication of users before granting access; maps to SSO, MFA, and identity provider integration. | + | CC6.3 | Requires authorisation based on roles and responsibilities; maps to RBAC policies and least-privilege access models. | + + + +## Links +- [NIST SP 800-53r5 AC-17: Remote Access](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf) +- [OWASP Access Control Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Access_Control_Cheat_Sheet.html) diff --git a/sdlc-registry/controls/runtime/workload_monitoring.mdx b/sdlc-registry/controls/runtime/workload_monitoring.mdx new file mode 100644 index 0000000..6527a5e --- /dev/null +++ b/sdlc-registry/controls/runtime/workload_monitoring.mdx @@ -0,0 +1,65 @@ +--- +title: "Runtime Workload Monitoring" +description: "Production workloads are continuously monitored to detect and alert on any non-compliant or unauthorised changes in real time." +icon: "eye" +--- + +import UnauthorisedDeploymentCard from '/snippets/sdlc/risks/unauthorised_deployment.mdx'; +import SupplyChainCard from '/snippets/sdlc/risks/supply_chain_compromise.mdx'; +import ConfigDriftCard from '/snippets/sdlc/risks/configuration_drift.mdx'; +import EnvironmentBreachCard from '/snippets/sdlc/risks/environment_breach.mdx'; + +**SDLC-CTRL-0016** · Runtime + +## Description +Ensuring that risks are controlled in the value stream is the first level of software process compliance. Beyond this, it is important to have a monitoring process in place to ensure that unknown or non-compliant workloads are identified in production. + +Runtime workload monitoring provides a forensic history of all changes to production environments, enabling retrospective analysis of what was running at any point in time. Combined with deployment controls, it creates a closed-loop compliance system that both prevents and detects unauthorised changes. + +Workload Monitoring + +## Requirements +* All production workloads MUST be continuously monitored for compliance status +* Non-compliant or unauthorised workloads MUST generate alerts +* A forensic history of all workload changes MUST be maintained +* Monitoring MUST cover all runtime environments including containers, serverless functions, and storage +* Alert notifications MUST be delivered to the appropriate response channels + +## How we implement this control + +- A full forensic history of all container runtimes, lambda functions and S3 buckets are recorded using [Kosli environments](https://www.kosli.com/blog/kosli-a-flight-data-recorder-for-your-runtime-environments/) and can be found here: https://app.kosli.com/kosli/environments/ +- Unauthorised or non-compliant workloads are recorded and create alerts in our Slack channels + +## Mitigates risks + +
+ + + + +
+ +## Compliance references + + + + | Control | Note | + |---|---| + | CA-7 | Continuous monitoring — runtime workload monitoring provides real-time compliance assurance across all environments. | + | SI-4 | System monitoring — requires monitoring of production systems for unauthorised changes and anomalous behaviour. | + | CM-8 | System component inventory — workload monitoring maintains a live inventory of all running components. | + | IR-4 | Incident handling — non-compliant workload alerts feed directly into incident response processes. | + | AU-6 | Audit record review — forensic history of workload changes supports ongoing analysis and reporting. | + + + | Control | Note | + |---|---| + | CC7.2 | Requires monitoring of system components for anomalies; workload monitoring detects abnormal resource usage and service degradation. | + | CC7.3 | Requires evaluation of security events; monitoring and alerting enable timely investigation and response to incidents. | + | A1.2 | Requires environmental protections and monitoring of infrastructure; workload monitoring provides visibility into service availability and health. | + + + +## Links +- [Kosli — Environment Monitoring](https://docs.kosli.com/getting_started/environments/) +- [Kosli — A Flight Data Recorder for Your Runtime Environments](https://www.kosli.com/blog/kosli-a-flight-data-recorder-for-your-runtime-environments/) diff --git a/sdlc-registry/governance-bottleneck.mdx b/sdlc-registry/governance-bottleneck.mdx new file mode 100644 index 0000000..33f6eba --- /dev/null +++ b/sdlc-registry/governance-bottleneck.mdx @@ -0,0 +1,61 @@ +--- +title: "The Governance Bottleneck" +description: "Why software delivery governance matters and the cost of legacy governance processes." +icon: "traffic-cone" +--- + +The modern world runs on mission-critical software. Organizations building this software face a paradox: they need to move fast to stay competitive, but they also need rigorous governance to manage risk. + +Engineering teams have spent over a decade investing in DevOps and cloud technologies, automating their way to multiple deployments per day. Meanwhile, governance processes remain stubbornly manual and slow. A single line of code can require dozens of manual steps, multiple approvals, and weeks of waiting — all while providing little actual risk reduction. + +## The governance bottleneck + +While engineering teams have automated the journey to production, governance processes haven't kept pace. Legacy models relying on manual documentation, change advisory boards, and human approvals introduce friction and delay that modern software delivery cannot sustain. + +Consider the real cost: one engineer at a major financial institution documented 81 individual steps just to create and approve the paperwork needed to deploy a single line of code. Three different tickets. Multiple meetings. All of this happens after the code is written and tested. + +This isn't just a productivity problem — it's a risk problem. Manual processes at scale create opportunities for human error. When you're managing millions of changes, relying on humans to catch every compliance gap is unrealistic, and controls meant to reduce risk often increase it. + + +**The strategic impact** + +These legacy governance processes have several strategic impacts on the business: + +**Speed** — Software can't be released until it has been manually approved. Modern companies deploy changes continuously, but that speed isn't achievable with legacy governance processes. + +**Cost** — Every change takes hours to be manually verified and the costs mount up. Large financial institutions spend hundreds of thousands of hours on manual governance approvals annually. + +**Risk** — Human processes can't stop every non-compliant change due to the volume and speed of modern delivery. + +Organizations that automate governance unlock massive gains in velocity AND massive reductions in cost and risk. + + +## Regulators have raised their expectations + +Regulators also recognize the problem. The UK's Financial Conduct Authority analyzed over 1 million production changes and found that traditional governance practices correlate with worse outcomes. Their research showed: + +- Change Advisory Boards approved over 90% of changes they reviewed, with some firms not rejecting a single change all year, making them ineffective as an assurance mechanism +- Firms' change management processes are ineffective due to heavy reliance on manual review and actions +- Legacy technology and slow release cycles are indicative of high risk changes + +The research is clear: heavyweight approval processes don't reduce risk. In fact, formal change management that requires external approval makes organizations 2.6 times more likely to be low performers, with no corresponding improvement in change failure rates.[^1] + +## What should be in a governance framework? + +An SDLC governance framework should define the risks associated with software delivery and the controls that mitigate them. Specifically: + +- A **risk register** identifying the risks in your software delivery lifecycle +- **Control areas** organized by lifecycle phase (Build, Release, Runtime) + - For each control area: + - A definition of the control + - The risks this control mitigates + - A rationale for why this control exists + - Application rule (Mandatory, Optional) + + +**How should the framework be documented?** + +It should be defined and available on an internal website and stored in a version controlled system such as git — exactly like this one. + + +[^1]: Forsgren PhD, Nicole. *Accelerate: The Science of Lean Software and DevOps: Building and Scaling High Performing Technology Organizations.* IT Revolution Press. diff --git a/sdlc-registry/overview.mdx b/sdlc-registry/overview.mdx new file mode 100644 index 0000000..ac99259 --- /dev/null +++ b/sdlc-registry/overview.mdx @@ -0,0 +1,92 @@ +--- +title: "Overview" +description: "All risks and controls in Kosli's SDLC governance framework at a glance." +icon: "table-cells" +--- + +import SupplyChainCard from '/snippets/sdlc/risks/supply_chain_compromise.mdx'; +import InsiderThreatCard from '/snippets/sdlc/risks/insider_threat.mdx'; +import UnauthorisedDeploymentCard from '/snippets/sdlc/risks/unauthorised_deployment.mdx'; +import CredentialExposureCard from '/snippets/sdlc/risks/credential_and_secret_exposure.mdx'; +import VulnerableSoftwareCard from '/snippets/sdlc/risks/vulnerable_software_in_production.mdx'; +import AuditFailureCard from '/snippets/sdlc/risks/audit_and_compliance_failure.mdx'; +import UnauthorisedSystemAccessCard from '/snippets/sdlc/risks/unauthorised_system_access.mdx'; +import ConfigDriftCard from '/snippets/sdlc/risks/configuration_drift.mdx'; +import EnvironmentBreachCard from '/snippets/sdlc/risks/environment_breach.mdx'; + +import VersionControlCard from '/snippets/sdlc/controls/build/versioncontrol.mdx'; +import BinaryProvenanceCard from '/snippets/sdlc/controls/build/binary_provenance.mdx'; +import ToolchainCard from '/snippets/sdlc/controls/build/toolchain.mdx'; +import DependenciesCard from '/snippets/sdlc/controls/build/dependencies.mdx'; +import InfraCard from '/snippets/sdlc/controls/build/infrastructure_and_config_management.mdx'; +import SecretsScanningCard from '/snippets/sdlc/controls/build/secrets-scanning.mdx'; +import CodeReviewCard from '/snippets/sdlc/controls/release/code_review.mdx'; +import QualityCard from '/snippets/sdlc/controls/release/quality.mdx'; +import DeploymentApprovalsCard from '/snippets/sdlc/controls/release/deployment_approvals.mdx'; +import VulnSastCard from '/snippets/sdlc/controls/release/vulnerability_scanning_sast.mdx'; +import VulnScaCard from '/snippets/sdlc/controls/release/vulnerability_scanning_sca.mdx'; +import VulnContainersCard from '/snippets/sdlc/controls/release/vulnerability_scanning_containers.mdx'; +import FeatureFlagsCard from '/snippets/sdlc/controls/release/feature_flags.mdx'; +import ChangeRecordsCard from '/snippets/sdlc/controls/runtime/change_records.mdx'; +import DeploymentControlsCard from '/snippets/sdlc/controls/runtime/deployment_controls.mdx'; +import SecretsManagementCard from '/snippets/sdlc/controls/runtime/secrets_managment.mdx'; +import SystemAccessCard from '/snippets/sdlc/controls/runtime/system_access.mdx'; +import WorkloadMonitoringCard from '/snippets/sdlc/controls/runtime/workload_monitoring.mdx'; +import DriftDetectionCard from '/snippets/sdlc/controls/runtime/drift_detection.mdx'; +import ServiceOwnershipCard from '/snippets/sdlc/controls/lifecycle/service_ownership.mdx'; +import TrainingCard from '/snippets/sdlc/controls/lifecycle/training.mdx'; +import PenTestCard from '/snippets/sdlc/controls/lifecycle/penetration_testing.mdx'; + +## Risks + +
+ + + + + + + + + +
+ +## Controls + +

Build

+
+ + + + + + +
+ +

Release

+
+ + + + + + + +
+ +

Runtime

+
+ + + + + + +
+ +

Lifecycle

+
+ + + +
diff --git a/sdlc-registry/risks.mdx b/sdlc-registry/risks.mdx new file mode 100644 index 0000000..6f5ba93 --- /dev/null +++ b/sdlc-registry/risks.mdx @@ -0,0 +1,29 @@ +--- +title: "Risks" +description: "Risks identified in our software development process and the controls that mitigate them." +icon: "triangle-exclamation" +--- + +import SupplyChainCard from '/snippets/sdlc/risks/supply_chain_compromise.mdx'; +import InsiderThreatCard from '/snippets/sdlc/risks/insider_threat.mdx'; +import UnauthorisedDeploymentCard from '/snippets/sdlc/risks/unauthorised_deployment.mdx'; +import CredentialExposureCard from '/snippets/sdlc/risks/credential_and_secret_exposure.mdx'; +import VulnerableSoftwareCard from '/snippets/sdlc/risks/vulnerable_software_in_production.mdx'; +import AuditFailureCard from '/snippets/sdlc/risks/audit_and_compliance_failure.mdx'; +import UnauthorisedSystemAccessCard from '/snippets/sdlc/risks/unauthorised_system_access.mdx'; +import ConfigDriftCard from '/snippets/sdlc/risks/configuration_drift.mdx'; +import EnvironmentBreachCard from '/snippets/sdlc/risks/environment_breach.mdx'; + +This section lists the risks identified in our software process. Each risk is assigned a unique identifier and links to the controls that mitigate it. + +
+ + + + + + + + + +
diff --git a/sdlc-registry/risks/audit_and_compliance_failure.mdx b/sdlc-registry/risks/audit_and_compliance_failure.mdx new file mode 100644 index 0000000..bd40585 --- /dev/null +++ b/sdlc-registry/risks/audit_and_compliance_failure.mdx @@ -0,0 +1,49 @@ +--- +title: "Audit and Compliance Failure" +description: "Inability to provide evidence of controls to regulators, auditors, or enterprise customers, resulting in reputational or commercial damage." +icon: "file-circle-xmark" +--- + +import VersionControlCard from '/snippets/sdlc/controls/build/versioncontrol.mdx'; +import InfraCard from '/snippets/sdlc/controls/build/infrastructure_and_config_management.mdx'; +import QualityCard from '/snippets/sdlc/controls/release/quality.mdx'; +import ChangeRecordsCard from '/snippets/sdlc/controls/runtime/change_records.mdx'; +import ServiceOwnershipCard from '/snippets/sdlc/controls/lifecycle/service_ownership.mdx'; + +**SDLC-RISK-0006** + +## Description +Audit and Compliance Failure occurs when an organisation cannot produce sufficient evidence that its software development and operational controls are functioning as intended. This risk is not about the absence of controls themselves, but about the inability to demonstrate their existence and effectiveness to regulators, auditors, or enterprise customers. It arises from gaps in record-keeping, inconsistent control enforcement, lack of traceability between changes and approvals, or reliance on manual processes that leave insufficient audit trails. In regulated industries, the burden of proof lies with the organisation—controls that cannot be evidenced are treated as controls that do not exist. + +- **Gaps in change records** - Missing or incomplete records linking code changes to reviews, approvals, and deployments, making it impossible to reconstruct the history of what was deployed and why +- **Inconsistent control enforcement** - Controls that are sometimes applied and sometimes bypassed, producing an unreliable evidence trail that fails to satisfy audit requirements +- **Manual and undocumented processes** - Reliance on informal approvals, verbal sign-offs, or manual steps that leave no verifiable record of compliance +- **Fragmented tooling and evidence** - Compliance evidence scattered across disconnected systems (ticketing tools, CI/CD logs, email threads) with no unified view or correlation +- **Inability to demonstrate continuous compliance** - Point-in-time evidence that does not show ongoing adherence to controls between audit periods + +## Consequences +The consequences of audit and compliance failure materializing for a financial institution can be severe: + +- **Regulatory Enforcement Actions:** Failure to demonstrate effective controls to banking regulators can result in formal enforcement actions, restrictions on business activities, increased supervisory scrutiny, and mandated remediation programs. + +- **Financial Penalties:** Regulators can impose significant fines for non-compliance with SOX, PCI DSS, DORA, and other applicable frameworks, with penalties scaling based on the severity and duration of compliance gaps. + +- **Loss of Licences and Certifications:** Sustained inability to evidence controls can jeopardise banking licences, payment processing certifications (PCI DSS), and other authorisations essential to operating in financial services. + +- **Failed Customer and Partner Audits:** Enterprise customers and partners increasingly require evidence of SDLC controls as part of vendor due diligence. Audit failures can result in lost contracts, exclusion from procurement processes, and damage to commercial relationships. + +- **Increased Audit Costs:** Organisations that cannot efficiently produce compliance evidence face prolonged audit cycles, higher audit fees, and the need for expensive remediation efforts to reconstruct missing evidence. + +- **Reputational Damage:** Public disclosure of regulatory enforcement actions or compliance failures signals poor governance to customers, partners, and the market, potentially impacting share price and customer confidence. + +- **Operational Burden:** Reactive compliance—scrambling to produce evidence in response to audit requests—diverts engineering and management resources from productive work and creates a cycle of perpetual catch-up. + +## Mitigating controls + +
+ + + + + +
diff --git a/sdlc-registry/risks/configuration_drift.mdx b/sdlc-registry/risks/configuration_drift.mdx new file mode 100644 index 0000000..a9cb60a --- /dev/null +++ b/sdlc-registry/risks/configuration_drift.mdx @@ -0,0 +1,45 @@ +--- +title: "Configuration Drift" +description: "Infrastructure or application configuration diverges from its known, approved state, causing undetected changes in security posture or behaviour." +icon: "arrows-split-up-and-left" +--- + +import InfraCard from '/snippets/sdlc/controls/build/infrastructure_and_config_management.mdx'; +import WorkloadMonitoringCard from '/snippets/sdlc/controls/runtime/workload_monitoring.mdx'; +import DriftDetectionCard from '/snippets/sdlc/controls/runtime/drift_detection.mdx'; + +**SDLC-RISK-0008** + +## Description +Configuration Drift occurs when the actual state of infrastructure, application configuration, or deployment environments diverges from the known, approved, and version-controlled state. This divergence can result from manual changes applied directly to production systems, emergency fixes that are never reconciled with the source of truth, inconsistent configuration management practices, or failures in infrastructure-as-code pipelines. Configuration drift is particularly insidious because changes accumulate silently over time, creating a growing gap between what the organisation believes is running and what is actually deployed. This gap undermines security controls, complicates incident response, and erodes confidence in the environment's integrity. + +- **Manual production changes** - Ad hoc modifications applied directly to production infrastructure or application configuration outside the standard change management process +- **Unreconstructed emergency fixes** - Hotfixes or emergency changes applied during incidents that are never backported to the source of truth in version control +- **Infrastructure-as-code divergence** - Drift between declared infrastructure definitions and the actual state of cloud resources, network configurations, or security groups +- **Environment inconsistency** - Development, staging, and production environments falling out of alignment, leading to untested configuration combinations reaching production +- **Untracked configuration drift** - Changes to feature flags, runtime parameters, database schemas, or third-party integrations that are not captured in version control or change records + +## Consequences +The consequences of configuration drift materializing for a financial institution can be severe: + +- **Silent Security Degradation:** Drifted configurations can inadvertently weaken security controls—opening firewall rules, disabling encryption, relaxing authentication policies, or exposing services to unauthorised networks—without any alert or record. + +- **Unpredictable System Behaviour:** Applications running with configuration that differs from the tested and approved state may exhibit unexpected behaviour, data processing errors, or transaction failures that are difficult to diagnose. + +- **Failed Disaster Recovery:** Recovery procedures based on version-controlled configuration will restore systems to a state that differs from what was actually running, potentially causing data loss, service failures, or incomplete recovery. + +- **Regulatory Non-Compliance:** Regulators expect that organisations can demonstrate the current state of their systems and that changes are controlled and auditable. Configuration drift directly undermines this expectation and can trigger findings in regulatory examinations. + +- **Complicated Incident Response:** When the actual state of systems is unknown or differs from documentation, incident responders cannot reliably assess the scope of a compromise or determine whether specific controls were in place at the time of an incident. + +- **Increased Operational Risk:** Teams making changes based on stale documentation or incorrect assumptions about the current environment are more likely to cause outages, introduce conflicts, or break dependent services. + +- **Erosion of Trust in Automation:** When manual changes routinely override automated configuration management, teams lose confidence in infrastructure-as-code processes, leading to a cycle of increasing manual intervention and further drift. + +## Mitigating controls + +
+ + + +
diff --git a/sdlc-registry/risks/credential_and_secret_exposure.mdx b/sdlc-registry/risks/credential_and_secret_exposure.mdx new file mode 100644 index 0000000..6b6a0c6 --- /dev/null +++ b/sdlc-registry/risks/credential_and_secret_exposure.mdx @@ -0,0 +1,43 @@ +--- +title: "Credential and Secret Exposure" +description: "Leaked or poorly managed secrets enable unauthorised access to production systems, customer data, or CI/CD pipelines." +icon: "key" +--- + +import SecretsScanningCard from '/snippets/sdlc/controls/build/secrets-scanning.mdx'; +import SecretsManagementCard from '/snippets/sdlc/controls/runtime/secrets_managment.mdx'; +import TrainingCard from '/snippets/sdlc/controls/lifecycle/training.mdx'; + +**SDLC-RISK-0004** + +## Description +Credential and Secret Exposure occurs when sensitive authentication material—such as API keys, database passwords, service account tokens, encryption keys, or certificates—is inadvertently or deliberately exposed in locations where it can be accessed by unauthorised parties. This commonly happens through secrets committed to version control repositories, hardcoded credentials in application code, secrets leaked in CI/CD logs and artifacts, or credentials stored in insufficiently protected configuration management systems. Once exposed, credentials can be harvested by attackers and used to gain unauthorised access to production systems, customer data, and internal infrastructure. + +- **Secrets committed to source control** - API keys, passwords, or tokens checked into Git repositories where they persist in history even after removal from the working tree +- **Hardcoded credentials in application code** - Database connection strings, service account passwords, or encryption keys embedded directly in source files rather than injected at runtime +- **CI/CD log leakage** - Build and deployment pipelines inadvertently printing secrets to log output, making them visible to anyone with access to pipeline logs +- **Insecure secret storage** - Credentials stored in plaintext configuration files, environment variables without encryption, shared documents, or messaging platforms +- **Overprivileged service credentials** - Service accounts or API keys granted excessive permissions, amplifying the blast radius if the credential is compromised + +## Consequences +The consequences of credential and secret exposure materializing for a financial institution can be severe: + +- **Unauthorised Access to Production Systems:** Exposed credentials provide attackers with direct access to databases, APIs, cloud infrastructure, and internal services, enabling data theft, transaction manipulation, or system compromise. + +- **Customer Data Breach:** Compromised database credentials or API keys can be used to exfiltrate customer PII, account details, and financial records, triggering breach notification obligations under GDPR, CCPA, and GLBA. + +- **CI/CD Pipeline Compromise:** Leaked pipeline credentials enable attackers to tamper with build and deployment processes, injecting malicious code into artefacts destined for production. + +- **Regulatory Penalties:** Inadequate secrets management violates requirements under PCI DSS, SOX, and banking supervisory standards, exposing the institution to fines, enforcement actions, and mandated remediation programs. + +- **Reputational Damage:** Public disclosure that customer-facing systems were compromised through leaked credentials—particularly if customer funds or data were affected—severely damages institutional trust. + +- **Costly Remediation:** Responding to credential exposure requires emergency rotation of all potentially affected secrets, forensic investigation to determine the scope of compromise, and potential rebuilding of affected systems—all under significant time pressure. + +## Mitigating controls + +
+ + + +
diff --git a/sdlc-registry/risks/environment_breach.mdx b/sdlc-registry/risks/environment_breach.mdx new file mode 100644 index 0000000..68e3e97 --- /dev/null +++ b/sdlc-registry/risks/environment_breach.mdx @@ -0,0 +1,53 @@ +--- +title: "Environment Breach" +description: "External attacker running workloads in our system." +icon: "explosion" +--- + +import VulnContainersCard from '/snippets/sdlc/controls/release/vulnerability_scanning_containers.mdx'; +import SecretsManagementCard from '/snippets/sdlc/controls/runtime/secrets_managment.mdx'; +import SystemAccessCard from '/snippets/sdlc/controls/runtime/system_access.mdx'; +import WorkloadMonitoringCard from '/snippets/sdlc/controls/runtime/workload_monitoring.mdx'; +import DriftDetectionCard from '/snippets/sdlc/controls/runtime/drift_detection.mdx'; +import ServiceOwnershipCard from '/snippets/sdlc/controls/lifecycle/service_ownership.mdx'; +import PenTestCard from '/snippets/sdlc/controls/lifecycle/penetration_testing.mdx'; + +**SDLC-RISK-0009** + +## Description +Environment Breach occurs when an external attacker gains the ability to run unauthorised workloads within an organisation's production infrastructure. This goes beyond simple data access—the attacker establishes a persistent operational presence, executing their own code, deploying containers or processes, and using the organisation's compute resources for malicious purposes. This can result from exploitation of vulnerabilities in exposed services, compromised container orchestration platforms, misconfigured cloud IAM policies, or abuse of legitimate deployment mechanisms. An environment breach represents a severe compromise because the attacker operates within the organisation's own infrastructure, making detection significantly harder and the potential impact far greater. + +- **Unauthorised container or workload deployment** - Attackers deploying their own containers, serverless functions, or processes within the organisation's orchestration platform (e.g., Kubernetes, ECS) +- **Compromised orchestration plane** - Exploitation of container orchestration APIs or management interfaces to schedule and run attacker-controlled workloads alongside legitimate services +- **Cryptojacking and resource abuse** - Attackers deploying cryptocurrency mining workloads or using compromised infrastructure for computational tasks, consuming resources and increasing costs +- **Staging ground for further attacks** - Using the breached environment as a launch point for lateral movement into other internal systems, data stores, or connected partner networks +- **Persistent backdoor deployment** - Installing persistent access mechanisms such as reverse shells, web shells, or rogue services that survive routine maintenance and restarts + +## Consequences +The consequences of an environment breach materializing for a financial institution can be severe: + +- **Complete Infrastructure Compromise:** An attacker running workloads in production has deep access to the environment, potentially including network access to databases, internal APIs, secret stores, and adjacent systems that are not directly exposed to the internet. + +- **Customer Data Theft at Scale:** With operational presence in the production environment, attackers can systematically exfiltrate customer data, transaction records, and financial information over extended periods while evading perimeter-based detection. + +- **Financial Losses from Resource Abuse:** Unauthorised workloads—particularly cryptomining operations—can generate significant unexpected cloud computing costs before detection, directly impacting operational budgets. + +- **Regulatory Escalation:** An environment breach represents a fundamental control failure. Regulators will treat the ability of an external attacker to run workloads in a financial institution's production environment as a critical finding requiring immediate remediation and likely triggering formal enforcement proceedings. + +- **Supply Chain Risk to Customers:** Attacker-controlled workloads running within the institution's infrastructure can potentially intercept, modify, or inject data into legitimate business processes, affecting downstream customers and partners. + +- **Prolonged and Costly Incident Response:** Detecting and eradicating an attacker with operational presence requires thorough forensic investigation of all running workloads, comprehensive review of deployment history, and potentially rebuilding affected infrastructure from known-good state. + +- **Reputational Catastrophe:** Disclosure that an external attacker was running their own workloads inside a financial institution's production environment represents a severe breach of trust that can permanently damage the institution's standing with customers, partners, and regulators. + +## Mitigating controls + +
+ + + + + + + +
diff --git a/sdlc-registry/risks/insider_threat.mdx b/sdlc-registry/risks/insider_threat.mdx new file mode 100644 index 0000000..3e0f4e0 --- /dev/null +++ b/sdlc-registry/risks/insider_threat.mdx @@ -0,0 +1,59 @@ +--- +title: "Insider Threat" +description: "Authorized personnel (developers, contractors, administrators, or other trusted users) with legitimate access to source code repositories, development environments, production systems, or sensitive data may intentionally or unintentionally compromise the confidentiality, integrity, or availability of software assets." +icon: "user-secret" +--- + +import VersionControlCard from '/snippets/sdlc/controls/build/versioncontrol.mdx'; +import InfraCard from '/snippets/sdlc/controls/build/infrastructure_and_config_management.mdx'; +import SecretsScanningCard from '/snippets/sdlc/controls/build/secrets-scanning.mdx'; +import CodeReviewCard from '/snippets/sdlc/controls/release/code_review.mdx'; +import DeploymentApprovalsCard from '/snippets/sdlc/controls/release/deployment_approvals.mdx'; +import ChangeRecordsCard from '/snippets/sdlc/controls/runtime/change_records.mdx'; +import SecretsManagementCard from '/snippets/sdlc/controls/runtime/secrets_managment.mdx'; +import SystemAccessCard from '/snippets/sdlc/controls/runtime/system_access.mdx'; +import DriftDetectionCard from '/snippets/sdlc/controls/runtime/drift_detection.mdx'; +import TrainingCard from '/snippets/sdlc/controls/lifecycle/training.mdx'; + +**SDLC-RISK-0002** + +## Description +Insider Threat includes risks of malicious code injection, unauthorized data exfiltration, credential misuse, sabotage of build/deployment pipelines, or negligent security practices that expose systems to exploitation. Additionally, insider threat encompasses scenarios where external attackers have compromised the credentials of legitimate users, enabling them to conduct attacks while masquerading as trusted personnel with valid access. The trusted position and technical knowledge of insiders—or attackers leveraging insider credentials—makes detection difficult and potential impact significant. + +- **Malicious code injection** - Inserting backdoors, vulnerabilities, or malicious logic into applications or infrastructure +- **Compromised credentials** - Attackers using stolen or phished developer/admin credentials to access systems and data +- **Data exfiltration** - Stealing source code, intellectual property, customer data, or sensitive business information +- **CI/CD pipeline manipulation** - Tampering with build processes, deployment pipelines, or supply chain components to inject malicious code +- **Cloud/infrastructure misconfiguration** - Accidentally or intentionally exposing databases, storage, or services to unauthorized access + +## Consequences +The consequences of an insider threat materializing for a financial institution can be severe: + +- **Direct Financial Losses:** Fraudulent transactions, theft of funds, unauthorized wire transfers, or manipulation of accounts can result in immediate monetary losses to the institution and its customers. + +- **Breach of Data Privacy Regulations:** Unauthorized access to or exfiltration of customer PII can lead to significant fines under regulations like GDPR, CCPA, and GLBA, alongside mandated breach notifications and regulatory scrutiny. + +- **Violation of Financial Regulations:** Insider actions compromising system integrity, audit trails, or customer data can breach banking regulations (e.g., SOX, PCI DSS, Basel III) and trigger enforcement actions from regulatory bodies. + +- **Reputational Damage:** Public disclosure of insider attacks—particularly those involving customer funds or data—can severely erode customer trust, leading to account closures, deposit flight, and long-term brand damage. + +- **Operational Disruption:** Sabotage of critical banking systems, payment processing infrastructure, or core applications can halt operations, impacting customer service and transaction processing capabilities. + +- **Loss of Competitive Advantage:** Theft of proprietary trading algorithms, risk models, customer insights, or strategic plans can benefit competitors and undermine market position. + +- **Legal Liabilities:** The institution may face lawsuits from affected customers, shareholders, or partners, as well as potential criminal investigations if insider actions involve fraud or data breaches. + +## Mitigating controls + +
+ + + + + + + + + + +
diff --git a/sdlc-registry/risks/supply_chain_compromise.mdx b/sdlc-registry/risks/supply_chain_compromise.mdx new file mode 100644 index 0000000..5f8a71b --- /dev/null +++ b/sdlc-registry/risks/supply_chain_compromise.mdx @@ -0,0 +1,55 @@ +--- +title: "Supply Chain Compromise" +description: "Malicious or tampered software components—including open source libraries, base container images, build tools, or third-party services—are introduced into the software development lifecycle, resulting in compromised applications being built, tested, and deployed to production environments." +icon: "link-slash" +--- + +import BinaryProvenanceCard from '/snippets/sdlc/controls/build/binary_provenance.mdx'; +import ToolchainCard from '/snippets/sdlc/controls/build/toolchain.mdx'; +import DependenciesCard from '/snippets/sdlc/controls/build/dependencies.mdx'; +import VulnSastCard from '/snippets/sdlc/controls/release/vulnerability_scanning_sast.mdx'; +import VulnScaCard from '/snippets/sdlc/controls/release/vulnerability_scanning_sca.mdx'; +import VulnContainersCard from '/snippets/sdlc/controls/release/vulnerability_scanning_containers.mdx'; +import DeploymentControlsCard from '/snippets/sdlc/controls/runtime/deployment_controls.mdx'; +import WorkloadMonitoringCard from '/snippets/sdlc/controls/runtime/workload_monitoring.mdx'; + +**SDLC-RISK-0001** + +## Description +Supply Chain Compromise encompasses attacks where malicious code or vulnerabilities are introduced through external components that an organisation trusts and uses in its software delivery pipeline. Unlike direct attacks on an organisation's own systems, supply chain attacks exploit the inherent trust placed in third-party software, making them particularly difficult to detect. A single compromised upstream component can propagate malicious code to thousands of downstream consumers before the compromise is discovered. + +- **Compromised open source dependencies** - Malicious code injected into widely-used libraries via maintainer account takeover, typosquatting, or dependency confusion attacks +- **Tampered base images** - Container base images or VM images modified to include backdoors, credential harvesters, or persistent malware +- **Build toolchain compromise** - Compilers, build systems, or CI/CD tools altered to inject malicious code during the build process without modifying source +- **Third-party service compromise** - SaaS tools, package registries, or external APIs used in the pipeline becoming vectors for malicious payloads +- **Malicious package substitution** - Attackers publishing packages that mimic legitimate internal or popular public packages to exploit misconfigured dependency resolution + +## Consequences +The consequences of a supply chain compromise materializing for a financial institution can be severe: + +- **Undetected Backdoors in Production:** Malicious code embedded in trusted components can persist in production systems for extended periods, providing attackers with persistent access to sensitive systems, transaction data, and customer information. + +- **Breach of Data Privacy Regulations:** Exfiltration of customer PII or financial data through a compromised dependency can trigger GDPR, CCPA, and GLBA breach notification obligations, significant fines, and regulatory investigations. + +- **Violation of Financial Regulations:** Compromised software integrity undermines audit trails and system controls required by SOX, PCI DSS, and banking regulators, potentially resulting in enforcement actions and mandatory remediation programs. + +- **Reputational Damage:** Disclosure that customer-facing systems were built on compromised components—particularly if customer funds or data were affected—can severely damage institutional trust and trigger customer attrition. + +- **Operational Disruption:** Discovery of a supply chain compromise may require emergency takedown of affected systems, emergency patching across the estate, or full rebuilds of the software delivery pipeline, causing significant service disruption. + +- **Widespread Blast Radius:** Because supply chain compromises affect the build process itself, all applications built using the affected component or toolchain may be impacted simultaneously, amplifying the scope of incident response. + +- **Legal Liabilities:** Customers, partners, or regulators may pursue legal action if compromised software led to financial losses, data breaches, or failure to meet contractual security obligations. + +## Mitigating controls + +
+ + + + + + + + +
diff --git a/sdlc-registry/risks/unauthorised_deployment.mdx b/sdlc-registry/risks/unauthorised_deployment.mdx new file mode 100644 index 0000000..7aba834 --- /dev/null +++ b/sdlc-registry/risks/unauthorised_deployment.mdx @@ -0,0 +1,49 @@ +--- +title: "Unauthorised Deployment" +description: "Software is deployed to production without passing required quality gates, security scans, or approval checks." +icon: "circle-xmark" +--- + +import BinaryProvenanceCard from '/snippets/sdlc/controls/build/binary_provenance.mdx'; +import DeploymentApprovalsCard from '/snippets/sdlc/controls/release/deployment_approvals.mdx'; +import FeatureFlagsCard from '/snippets/sdlc/controls/release/feature_flags.mdx'; +import ChangeRecordsCard from '/snippets/sdlc/controls/runtime/change_records.mdx'; +import DeploymentControlsCard from '/snippets/sdlc/controls/runtime/deployment_controls.mdx'; +import WorkloadMonitoringCard from '/snippets/sdlc/controls/runtime/workload_monitoring.mdx'; + +**SDLC-RISK-0003** + +## Description +Unauthorised Deployment occurs when software artefacts reach production environments without completing the required quality gates, security validations, or approval workflows. This can happen through misconfigured CI/CD pipelines, direct manual deployments that bypass automated controls, or exploitation of overly permissive deployment credentials. The risk is compounded in environments where deployment tooling lacks sufficient access controls or where emergency "break-glass" procedures are poorly governed and frequently abused. + +- **Pipeline bypass** - Developers or operators deploying directly to production outside the sanctioned CI/CD pipeline, circumventing automated checks and approval gates +- **Incomplete quality gates** - Artefacts promoted to production despite failing tests, security scans, or compliance checks due to misconfigured or overridden pipeline stages +- **Unverified artefact provenance** - Deploying binaries or container images whose origin cannot be traced back to a verified source repository and build process +- **Abuse of emergency deployment procedures** - Overuse or misuse of break-glass mechanisms intended for critical incidents, resulting in unreviewed code reaching production +- **Credential and role misconfiguration** - Deployment service accounts or roles granting broader access than necessary, allowing unauthorised personnel to trigger production deployments + +## Consequences +The consequences of an unauthorised deployment materializing for a financial institution can be severe: + +- **Introduction of Untested Code into Production:** Software that has not passed security scans, functional tests, or compliance checks may contain vulnerabilities, logic errors, or regressions that directly impact transaction processing, account management, or customer-facing services. + +- **Regulatory Non-Compliance:** Financial regulators require demonstrable change management controls. Deployments that bypass approval workflows violate requirements under SOX, PCI DSS, and banking supervisory standards, potentially triggering enforcement actions and mandatory remediation. + +- **Loss of Audit Trail Integrity:** Unauthorised deployments create gaps in change records, making it impossible to reconstruct what was deployed, when, and by whom—undermining incident investigation and regulatory audit readiness. + +- **Service Outages and Operational Disruption:** Unvalidated deployments increase the likelihood of production incidents, including service degradation, data corruption, or complete system outages affecting customers and downstream systems. + +- **Security Exposure:** Code that has not undergone security review or vulnerability scanning may introduce exploitable weaknesses, creating entry points for attackers to access sensitive financial data or critical infrastructure. + +- **Reputational Damage:** Customer-visible incidents caused by uncontrolled deployments—particularly those affecting account balances, payment processing, or data privacy—erode trust and can lead to customer attrition. + +## Mitigating controls + +
+ + + + + + +
diff --git a/sdlc-registry/risks/unauthorised_system_access.mdx b/sdlc-registry/risks/unauthorised_system_access.mdx new file mode 100644 index 0000000..f202608 --- /dev/null +++ b/sdlc-registry/risks/unauthorised_system_access.mdx @@ -0,0 +1,41 @@ +--- +title: "Unauthorised System Access" +description: "Production environments are accessed by personnel without appropriate authorisation or without full audit trails." +icon: "door-open" +--- + +import SystemAccessCard from '/snippets/sdlc/controls/runtime/system_access.mdx'; + +**SDLC-RISK-0007** + +## Description +Unauthorised System Access occurs when individuals gain access to production environments, infrastructure, or sensitive systems without appropriate authorisation or without their access being fully recorded and auditable. This includes scenarios where access controls are too broad, where former employees or contractors retain active credentials, where shared accounts obscure individual accountability, or where privileged access is granted without time-bound restrictions or proper justification. The risk extends to both external attackers who exploit weak access controls and internal personnel whose access exceeds their legitimate operational needs. + +- **Overprivileged access** - Users or service accounts granted broader permissions than required for their role, providing unnecessary access to sensitive systems, data, or infrastructure +- **Stale access credentials** - Former employees, contractors, or rotated team members retaining active access to production systems after their need for access has ended +- **Shared and generic accounts** - Use of shared credentials or service accounts that obscure which individual performed a given action, undermining accountability and audit trails +- **Insufficient access logging** - Systems that do not record who accessed what, when, and from where, making it impossible to detect or investigate unauthorised access +- **Lack of time-bound or just-in-time access** - Persistent privileged access that remains active indefinitely rather than being granted on-demand for specific, justified operational needs + +## Consequences +The consequences of unauthorised system access materializing for a financial institution can be severe: + +- **Data Breach and Exfiltration:** Unauthorised access to production databases, customer records, or internal systems enables theft of sensitive financial data, PII, and intellectual property. + +- **Fraudulent Transactions:** Access to transaction processing systems, payment infrastructure, or account management tools can be exploited to initiate unauthorised transfers, manipulate account balances, or conduct fraudulent activities. + +- **Regulatory Violations:** Financial regulators require strict access controls and audit trails for production systems. Inadequate access governance violates requirements under SOX, PCI DSS, and banking supervisory standards, triggering enforcement actions. + +- **Loss of Accountability:** Shared accounts and insufficient logging make it impossible to attribute actions to specific individuals, undermining incident investigation, forensic analysis, and regulatory reporting obligations. + +- **Lateral Movement by Attackers:** Overly broad access permissions enable attackers who compromise a single account to move laterally across the environment, escalating from low-value systems to critical infrastructure. + +- **Reputational Damage:** Disclosure that customer data or financial systems were accessed by unauthorised individuals—particularly through preventable access control failures—severely erodes customer trust and market confidence. + +- **Prolonged Undetected Compromise:** Without comprehensive access logging and monitoring, unauthorised access can persist undetected for extended periods, increasing the scope and severity of potential damage. + +## Mitigating controls + +
+ +
diff --git a/sdlc-registry/risks/vulnerable_software_in_production.mdx b/sdlc-registry/risks/vulnerable_software_in_production.mdx new file mode 100644 index 0000000..bdb176c --- /dev/null +++ b/sdlc-registry/risks/vulnerable_software_in_production.mdx @@ -0,0 +1,55 @@ +--- +title: "Vulnerable Software in Production" +description: "Known vulnerabilities in code or dependencies are exploited in the production environment." +icon: "bug" +--- + +import DependenciesCard from '/snippets/sdlc/controls/build/dependencies.mdx'; +import CodeReviewCard from '/snippets/sdlc/controls/release/code_review.mdx'; +import QualityCard from '/snippets/sdlc/controls/release/quality.mdx'; +import VulnSastCard from '/snippets/sdlc/controls/release/vulnerability_scanning_sast.mdx'; +import VulnScaCard from '/snippets/sdlc/controls/release/vulnerability_scanning_sca.mdx'; +import VulnContainersCard from '/snippets/sdlc/controls/release/vulnerability_scanning_containers.mdx'; +import FeatureFlagsCard from '/snippets/sdlc/controls/release/feature_flags.mdx'; +import DeploymentControlsCard from '/snippets/sdlc/controls/runtime/deployment_controls.mdx'; +import PenTestCard from '/snippets/sdlc/controls/lifecycle/penetration_testing.mdx'; +import TrainingCard from '/snippets/sdlc/controls/lifecycle/training.mdx'; + +**SDLC-RISK-0005** + +## Description +Vulnerable Software in Production occurs when applications or their dependencies containing known security vulnerabilities are deployed to and remain running in production environments. This risk arises from inadequate vulnerability scanning during the build and release process, failure to keep dependencies up to date, delayed patching of known CVEs, or insufficient visibility into the software composition of running workloads. Attackers actively scan for known vulnerabilities and can exploit them rapidly once public disclosures are made, making timely detection and remediation critical. + +- **Unpatched known vulnerabilities (CVEs)** - Production systems running software with publicly disclosed vulnerabilities for which patches or mitigations are available but have not been applied +- **Outdated or end-of-life dependencies** - Libraries, frameworks, or runtime components that no longer receive security updates, leaving known vulnerabilities permanently unaddressed +- **Incomplete vulnerability scanning** - Security scans that do not cover the full software stack—including transitive dependencies, container base images, and runtime libraries—leaving blind spots in vulnerability detection +- **Delayed remediation cycles** - Organisational processes that are too slow to triage, prioritise, and deploy fixes for critical vulnerabilities before they can be exploited +- **Shadow dependencies** - Components pulled in through indirect or undocumented dependency chains that are not tracked or scanned as part of the standard build process + +## Consequences +The consequences of vulnerable software in production materializing for a financial institution can be severe: + +- **Active Exploitation by Attackers:** Known vulnerabilities with public exploit code can be weaponised rapidly. Attackers target financial institutions specifically because of the value of the data and systems they protect. + +- **Customer Data Breach:** Exploited vulnerabilities in web-facing applications or APIs can expose customer PII, account credentials, and transaction histories, triggering regulatory breach notification requirements. + +- **Regulatory Non-Compliance:** Financial regulators expect timely vulnerability management as a core security control. Running known-vulnerable software violates requirements under PCI DSS, banking supervisory standards, and enterprise risk management frameworks. + +- **Service Disruption:** Exploitation of vulnerabilities can lead to denial of service, data corruption, or system compromise that forces emergency shutdowns of customer-facing services. + +- **Reputational Damage:** Public disclosure that a breach resulted from a known, unpatched vulnerability is particularly damaging, as it signals failure of basic security hygiene to customers, partners, and regulators. + +## Mitigating controls + +
+ + + + + + + + + + +
diff --git a/snippets/sdlc/controls/build/binary_provenance.mdx b/snippets/sdlc/controls/build/binary_provenance.mdx new file mode 100644 index 0000000..7dd7ad1 --- /dev/null +++ b/snippets/sdlc/controls/build/binary_provenance.mdx @@ -0,0 +1 @@ +

SDLC-CTRL-0002

Artifact Binary Provenance

 diff --git a/snippets/sdlc/controls/build/dependencies.mdx b/snippets/sdlc/controls/build/dependencies.mdx new file mode 100644 index 0000000..d759818 --- /dev/null +++ b/snippets/sdlc/controls/build/dependencies.mdx @@ -0,0 +1 @@ +

SDLC-CTRL-0004

Dependency Management

 diff --git a/snippets/sdlc/controls/build/infrastructure_and_config_management.mdx b/snippets/sdlc/controls/build/infrastructure_and_config_management.mdx new file mode 100644 index 0000000..fad8ab6 --- /dev/null +++ b/snippets/sdlc/controls/build/infrastructure_and_config_management.mdx @@ -0,0 +1 @@ +

SDLC-CTRL-0005

Infrastructure and Configuration as Code

 diff --git a/snippets/sdlc/controls/build/secrets-scanning.mdx b/snippets/sdlc/controls/build/secrets-scanning.mdx new file mode 100644 index 0000000..29abecb --- /dev/null +++ b/snippets/sdlc/controls/build/secrets-scanning.mdx @@ -0,0 +1 @@ +

SDLC-CTRL-0006

Secrets Scanning

 diff --git a/snippets/sdlc/controls/build/toolchain.mdx b/snippets/sdlc/controls/build/toolchain.mdx new file mode 100644 index 0000000..496a8d0 --- /dev/null +++ b/snippets/sdlc/controls/build/toolchain.mdx @@ -0,0 +1 @@ +

SDLC-CTRL-0003

Controlled Build Environment

 diff --git a/snippets/sdlc/controls/build/versioncontrol.mdx b/snippets/sdlc/controls/build/versioncontrol.mdx new file mode 100644 index 0000000..558d664 --- /dev/null +++ b/snippets/sdlc/controls/build/versioncontrol.mdx @@ -0,0 +1 @@ +

SDLC-CTRL-0001

Version Control

 diff --git a/snippets/sdlc/controls/lifecycle/penetration_testing.mdx b/snippets/sdlc/controls/lifecycle/penetration_testing.mdx new file mode 100644 index 0000000..8c61f86 --- /dev/null +++ b/snippets/sdlc/controls/lifecycle/penetration_testing.mdx @@ -0,0 +1 @@ +

SDLC-CTRL-0019

Penetration Testing

 diff --git a/snippets/sdlc/controls/lifecycle/service_ownership.mdx b/snippets/sdlc/controls/lifecycle/service_ownership.mdx new file mode 100644 index 0000000..ffe39ce --- /dev/null +++ b/snippets/sdlc/controls/lifecycle/service_ownership.mdx @@ -0,0 +1 @@ +

SDLC-CTRL-0011

Service Ownership

 diff --git a/snippets/sdlc/controls/lifecycle/training.mdx b/snippets/sdlc/controls/lifecycle/training.mdx new file mode 100644 index 0000000..ee98cc3 --- /dev/null +++ b/snippets/sdlc/controls/lifecycle/training.mdx @@ -0,0 +1 @@ +

SDLC-CTRL-0017

Training

 diff --git a/snippets/sdlc/controls/release/code_review.mdx b/snippets/sdlc/controls/release/code_review.mdx new file mode 100644 index 0000000..c4ffb6f --- /dev/null +++ b/snippets/sdlc/controls/release/code_review.mdx @@ -0,0 +1 @@ +

SDLC-CTRL-0007

Code Review

 diff --git a/snippets/sdlc/controls/release/deployment_approvals.mdx b/snippets/sdlc/controls/release/deployment_approvals.mdx new file mode 100644 index 0000000..c85c73f --- /dev/null +++ b/snippets/sdlc/controls/release/deployment_approvals.mdx @@ -0,0 +1 @@ +

SDLC-CTRL-0010

Deployment Approvals

 diff --git a/snippets/sdlc/controls/release/feature_flags.mdx b/snippets/sdlc/controls/release/feature_flags.mdx new file mode 100644 index 0000000..be77c1c --- /dev/null +++ b/snippets/sdlc/controls/release/feature_flags.mdx @@ -0,0 +1 @@ +

SDLC-CTRL-0023

Feature Flags

 diff --git a/snippets/sdlc/controls/release/quality.mdx b/snippets/sdlc/controls/release/quality.mdx new file mode 100644 index 0000000..d8fb864 --- /dev/null +++ b/snippets/sdlc/controls/release/quality.mdx @@ -0,0 +1 @@ +

SDLC-CTRL-0008

Quality Assurance

 diff --git a/snippets/sdlc/controls/release/vulnerability_scanning_containers.mdx b/snippets/sdlc/controls/release/vulnerability_scanning_containers.mdx new file mode 100644 index 0000000..8687024 --- /dev/null +++ b/snippets/sdlc/controls/release/vulnerability_scanning_containers.mdx @@ -0,0 +1 @@ +

SDLC-CTRL-0022

Vulnerability Scanning — Containers

 diff --git a/snippets/sdlc/controls/release/vulnerability_scanning_sast.mdx b/snippets/sdlc/controls/release/vulnerability_scanning_sast.mdx new file mode 100644 index 0000000..25aa06c --- /dev/null +++ b/snippets/sdlc/controls/release/vulnerability_scanning_sast.mdx @@ -0,0 +1 @@ +

SDLC-CTRL-0020

Vulnerability Scanning — SAST

 diff --git a/snippets/sdlc/controls/release/vulnerability_scanning_sca.mdx b/snippets/sdlc/controls/release/vulnerability_scanning_sca.mdx new file mode 100644 index 0000000..b4a7dcb --- /dev/null +++ b/snippets/sdlc/controls/release/vulnerability_scanning_sca.mdx @@ -0,0 +1 @@ +

SDLC-CTRL-0021

Vulnerability Scanning — SCA

 diff --git a/snippets/sdlc/controls/runtime/change_records.mdx b/snippets/sdlc/controls/runtime/change_records.mdx new file mode 100644 index 0000000..663b2c2 --- /dev/null +++ b/snippets/sdlc/controls/runtime/change_records.mdx @@ -0,0 +1 @@ +

SDLC-CTRL-0012

Change Records

 diff --git a/snippets/sdlc/controls/runtime/deployment_controls.mdx b/snippets/sdlc/controls/runtime/deployment_controls.mdx new file mode 100644 index 0000000..9966804 --- /dev/null +++ b/snippets/sdlc/controls/runtime/deployment_controls.mdx @@ -0,0 +1 @@ +

SDLC-CTRL-0013

Deployment Controls

 diff --git a/snippets/sdlc/controls/runtime/drift_detection.mdx b/snippets/sdlc/controls/runtime/drift_detection.mdx new file mode 100644 index 0000000..afcc9db --- /dev/null +++ b/snippets/sdlc/controls/runtime/drift_detection.mdx @@ -0,0 +1 @@ +

SDLC-CTRL-0018

Drift Detection

 diff --git a/snippets/sdlc/controls/runtime/secrets_managment.mdx b/snippets/sdlc/controls/runtime/secrets_managment.mdx new file mode 100644 index 0000000..027c928 --- /dev/null +++ b/snippets/sdlc/controls/runtime/secrets_managment.mdx @@ -0,0 +1 @@ +

SDLC-CTRL-0014

Secrets Management

 diff --git a/snippets/sdlc/controls/runtime/system_access.mdx b/snippets/sdlc/controls/runtime/system_access.mdx new file mode 100644 index 0000000..a6a1bc1 --- /dev/null +++ b/snippets/sdlc/controls/runtime/system_access.mdx @@ -0,0 +1 @@ +

SDLC-CTRL-0015

System Access Controls

 diff --git a/snippets/sdlc/controls/runtime/workload_monitoring.mdx b/snippets/sdlc/controls/runtime/workload_monitoring.mdx new file mode 100644 index 0000000..b7c9d84 --- /dev/null +++ b/snippets/sdlc/controls/runtime/workload_monitoring.mdx @@ -0,0 +1 @@ +

SDLC-CTRL-0016

Runtime Workload Monitoring

 diff --git a/snippets/sdlc/risks/audit_and_compliance_failure.mdx b/snippets/sdlc/risks/audit_and_compliance_failure.mdx new file mode 100644 index 0000000..4e54809 --- /dev/null +++ b/snippets/sdlc/risks/audit_and_compliance_failure.mdx @@ -0,0 +1 @@ +

SDLC-RISK-0006

Audit and Compliance Failure

 diff --git a/snippets/sdlc/risks/configuration_drift.mdx b/snippets/sdlc/risks/configuration_drift.mdx new file mode 100644 index 0000000..2127630 --- /dev/null +++ b/snippets/sdlc/risks/configuration_drift.mdx @@ -0,0 +1 @@ +

SDLC-RISK-0008

Configuration Drift

 diff --git a/snippets/sdlc/risks/credential_and_secret_exposure.mdx b/snippets/sdlc/risks/credential_and_secret_exposure.mdx new file mode 100644 index 0000000..2f3828e --- /dev/null +++ b/snippets/sdlc/risks/credential_and_secret_exposure.mdx @@ -0,0 +1 @@ +

SDLC-RISK-0004

Credential and Secret Exposure

 diff --git a/snippets/sdlc/risks/environment_breach.mdx b/snippets/sdlc/risks/environment_breach.mdx new file mode 100644 index 0000000..0b9956c --- /dev/null +++ b/snippets/sdlc/risks/environment_breach.mdx @@ -0,0 +1 @@ +

SDLC-RISK-0009

Environment Breach

 diff --git a/snippets/sdlc/risks/insider_threat.mdx b/snippets/sdlc/risks/insider_threat.mdx new file mode 100644 index 0000000..d9f50f1 --- /dev/null +++ b/snippets/sdlc/risks/insider_threat.mdx @@ -0,0 +1 @@ +

SDLC-RISK-0002

Insider Threat

 diff --git a/snippets/sdlc/risks/supply_chain_compromise.mdx b/snippets/sdlc/risks/supply_chain_compromise.mdx new file mode 100644 index 0000000..975e316 --- /dev/null +++ b/snippets/sdlc/risks/supply_chain_compromise.mdx @@ -0,0 +1 @@ +

SDLC-RISK-0001

Supply Chain Compromise

 diff --git a/snippets/sdlc/risks/unauthorised_deployment.mdx b/snippets/sdlc/risks/unauthorised_deployment.mdx new file mode 100644 index 0000000..bbc8b04 --- /dev/null +++ b/snippets/sdlc/risks/unauthorised_deployment.mdx @@ -0,0 +1 @@ +

SDLC-RISK-0003

Unauthorised Deployment

 diff --git a/snippets/sdlc/risks/unauthorised_system_access.mdx b/snippets/sdlc/risks/unauthorised_system_access.mdx new file mode 100644 index 0000000..6a22a9b --- /dev/null +++ b/snippets/sdlc/risks/unauthorised_system_access.mdx @@ -0,0 +1 @@ +

SDLC-RISK-0007

Unauthorised System Access

 diff --git a/snippets/sdlc/risks/vulnerable_software_in_production.mdx b/snippets/sdlc/risks/vulnerable_software_in_production.mdx new file mode 100644 index 0000000..1f63918 --- /dev/null +++ b/snippets/sdlc/risks/vulnerable_software_in_production.mdx @@ -0,0 +1 @@ +

SDLC-RISK-0005

Vulnerable Software in Production

 diff --git a/style.css b/style.css index f8bd7fe..61e31c6 100644 --- a/style.css +++ b/style.css @@ -5,6 +5,145 @@ +/* ─── SDLC Registry cards ──────────────────────────────────────────────────── */ + +.sdlc-grid { + display: grid; + gap: 10px; + margin: 12px 0 24px; +} + +.sdlc-grid--4 { grid-template-columns: repeat(4, 1fr); } +.sdlc-grid--5 { grid-template-columns: repeat(5, 1fr); } + +.sdlc-card { + border-radius: 8px; + padding: 12px 14px; + color: #2a3040; + border: 1px solid; +} + +.sdlc-card__id { + font-size: 11px; + font-weight: 400; + opacity: 0.65; + margin: 0 0 6px; +} + +.sdlc-card__name { + font-size: 14px; + font-weight: 600; + margin: 0; + line-height: 1.3; +} + +/* Linked card hover */ +a.sdlc-card { + text-decoration: none; + display: block; + transition: opacity 0.15s ease; +} + +a.sdlc-card:hover { + opacity: 0.75; + text-decoration: none; +} + +/* Phase area labels */ +.sdlc-area-label { + font-size: 13px; + font-weight: 600; + margin: 16px 0 4px; + letter-spacing: 0.02em; + text-transform: uppercase; +} + +.sdlc-area-label--build { color: #0a8a50; } +.sdlc-area-label--release { color: #2459D1; } +.sdlc-area-label--runtime { color: #b89000; } +.sdlc-area-label--lifecycle { color: #c0405a; } + +/* Controls — color by column position (nth-child in 4-col grid) */ +/* Light mode: col 0 = lightest → col 3 = darkest */ + +/* Build — green */ +.sdlc-grid--4 > .sdlc-card--build:nth-child(4n+1) { background: #d0eedc; border-color: #b0e4c8; } +.sdlc-grid--4 > .sdlc-card--build:nth-child(4n+2) { background: #b0e4c8; border-color: #8cd8b0; } +.sdlc-grid--4 > .sdlc-card--build:nth-child(4n+3) { background: #8cd8b0; border-color: #6cc894; } +.sdlc-grid--4 > .sdlc-card--build:nth-child(4n+4) { background: #6cc894; border-color: #50b878; } + +/* Release — blue */ +.sdlc-grid--4 > .sdlc-card--release:nth-child(4n+1) { background: #d4e8f6; border-color: #bcd8f0; } +.sdlc-grid--4 > .sdlc-card--release:nth-child(4n+2) { background: #bcd8f0; border-color: #a0c4e8; } +.sdlc-grid--4 > .sdlc-card--release:nth-child(4n+3) { background: #a0c4e8; border-color: #84aee0; } +.sdlc-grid--4 > .sdlc-card--release:nth-child(4n+4) { background: #84aee0; border-color: #6898d8; } + +/* Runtime — amber */ +.sdlc-grid--4 > .sdlc-card--runtime:nth-child(4n+1) { background: #f4e8b0; border-color: #ecd888; } +.sdlc-grid--4 > .sdlc-card--runtime:nth-child(4n+2) { background: #ecd888; border-color: #e4c868; } +.sdlc-grid--4 > .sdlc-card--runtime:nth-child(4n+3) { background: #e4c868; border-color: #dab848; } +.sdlc-grid--4 > .sdlc-card--runtime:nth-child(4n+4) { background: #dab848; border-color: #d0a830; } + +/* Lifecycle — red/rose */ +.sdlc-grid--4 > .sdlc-card--lifecycle:nth-child(4n+1) { background: #f6e0e4; border-color: #f0ccd4; } +.sdlc-grid--4 > .sdlc-card--lifecycle:nth-child(4n+2) { background: #f0ccd4; border-color: #e8b4c0; } +.sdlc-grid--4 > .sdlc-card--lifecycle:nth-child(4n+3) { background: #e8b4c0; border-color: #e0a0ae; } +.sdlc-grid--4 > .sdlc-card--lifecycle:nth-child(4n+4) { background: #e0a0ae; border-color: #d88898; } + +/* Risks — red/rose */ +.sdlc-card--risk-0 { background: #f6e0e4; border-color: #f0ccd4; } +.sdlc-card--risk-1 { background: #f0ccd4; border-color: #e8b4c0; } +.sdlc-card--risk-2 { background: #e8b4c0; border-color: #e0a0ae; } +.sdlc-card--risk-3 { background: #e0a0ae; border-color: #d88898; } +.sdlc-card--risk-4 { background: #d88898; border-color: #e0a0ae; } +.sdlc-card--risk-5 { background: #f6e0e4; border-color: #f0ccd4; } +.sdlc-card--risk-6 { background: #f0ccd4; border-color: #e8b4c0; } +.sdlc-card--risk-7 { background: #e8b4c0; border-color: #e0a0ae; } +.sdlc-card--risk-8 { background: #e0a0ae; border-color: #d88898; } + +/* ─── SDLC cards — dark mode ───────────────────────────────────────────────── */ + +.dark .sdlc-card { + color: #ffffff; +} + +/* Controls — dark mode: col 0 = darkest → col 3 = lightest */ + +/* Build — dark green */ +.dark .sdlc-grid--4 > .sdlc-card--build:nth-child(4n+1) { background: #1a3828; border-color: #142a1e; } +.dark .sdlc-grid--4 > .sdlc-card--build:nth-child(4n+2) { background: #155038; border-color: #1a3828; } +.dark .sdlc-grid--4 > .sdlc-card--build:nth-child(4n+3) { background: #106848; border-color: #155038; } +.dark .sdlc-grid--4 > .sdlc-card--build:nth-child(4n+4) { background: #0a8058; border-color: #106848; } + +/* Release — dark blue */ +.dark .sdlc-grid--4 > .sdlc-card--release:nth-child(4n+1) { background: #1a2845; border-color: #141e38; } +.dark .sdlc-grid--4 > .sdlc-card--release:nth-child(4n+2) { background: #153a68; border-color: #1a2845; } +.dark .sdlc-grid--4 > .sdlc-card--release:nth-child(4n+3) { background: #105088; border-color: #153a68; } +.dark .sdlc-grid--4 > .sdlc-card--release:nth-child(4n+4) { background: #0a68a8; border-color: #105088; } + +/* Runtime — dark amber */ +.dark .sdlc-grid--4 > .sdlc-card--runtime:nth-child(4n+1) { background: #38301a; border-color: #2a2010; } +.dark .sdlc-grid--4 > .sdlc-card--runtime:nth-child(4n+2) { background: #584818; border-color: #38301a; } +.dark .sdlc-grid--4 > .sdlc-card--runtime:nth-child(4n+3) { background: #786015; border-color: #584818; } +.dark .sdlc-grid--4 > .sdlc-card--runtime:nth-child(4n+4) { background: #987a10; border-color: #786015; } + +/* Lifecycle — dark red/rose */ +.dark .sdlc-grid--4 > .sdlc-card--lifecycle:nth-child(4n+1) { background: #381820; border-color: #2a1018; } +.dark .sdlc-grid--4 > .sdlc-card--lifecycle:nth-child(4n+2) { background: #582030; border-color: #381820; } +.dark .sdlc-grid--4 > .sdlc-card--lifecycle:nth-child(4n+3) { background: #782838; border-color: #582030; } +.dark .sdlc-grid--4 > .sdlc-card--lifecycle:nth-child(4n+4) { background: #983040; border-color: #782838; } + +/* Risks — dark red/rose */ +.dark .sdlc-card--risk-0 { background: #381820; border-color: #2a1018; } +.dark .sdlc-card--risk-1 { background: #582030; border-color: #381820; } +.dark .sdlc-card--risk-2 { background: #782838; border-color: #582030; } +.dark .sdlc-card--risk-3 { background: #983040; border-color: #782838; } +.dark .sdlc-card--risk-4 { background: #983040; border-color: #782838; } +.dark .sdlc-card--risk-5 { background: #381820; border-color: #2a1018; } +.dark .sdlc-card--risk-6 { background: #582030; border-color: #381820; } +.dark .sdlc-card--risk-7 { background: #782838; border-color: #582030; } +.dark .sdlc-card--risk-8 { background: #983040; border-color: #782838; } + /* ─── Steps component ─────────────────────────────────────────────────────── */ /* * Step number circles use Tailwind's bg-gray-50 (#F9FAFB) which is nearly