From a7a76f362d539a04d43230b5b960ba80cbf306a8 Mon Sep 17 00:00:00 2001 From: "collin.stilwell" Date: Thu, 26 Jan 2023 14:23:33 -0500 Subject: [PATCH 01/19] small buf fix for cookie security --- modules/2-owasp.livemd | 1 - modules/6-cookies.livemd | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/2-owasp.livemd b/modules/2-owasp.livemd index fc90d9f..6f2fc52 100644 --- a/modules/2-owasp.livemd +++ b/modules/2-owasp.livemd @@ -11,7 +11,6 @@ Mix.install([ md5_hash = :crypto.hash(:md5, "users_password") bcrypt_salted_hash = Bcrypt.hash_pwd_salt("users_password") - :ok ``` diff --git a/modules/6-cookies.livemd b/modules/6-cookies.livemd index bd456f4..458fae0 100644 --- a/modules/6-cookies.livemd +++ b/modules/6-cookies.livemd @@ -6,6 +6,7 @@ Mix.install([:phoenix, :plug]) alias Phoenix.ConnTest alias Plug conn = ConnTest.build_conn() +:ok ``` ## Introduction From 5e6c342afc9d4f856ee187c41cbcd500c37ee797 Mon Sep 17 00:00:00 2001 From: Collin Stilwell Date: Tue, 31 Jan 2023 15:49:32 -0500 Subject: [PATCH 02/19] Added 2 modules for cookies --- modules/6-cookies.livemd | 53 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 52 insertions(+), 1 deletion(-) diff --git a/modules/6-cookies.livemd b/modules/6-cookies.livemd index 458fae0..028d3c3 100644 --- a/modules/6-cookies.livemd +++ b/modules/6-cookies.livemd @@ -24,6 +24,7 @@ Cookies are mainly used for three purposes: * [Ingredients of a Cookie](#ingredients-of-a-cookie) * [The Perfect Cookie](#the-perfect-cookie) * [Elixir Phoenix Cookies](#elixir-phoenix-cookies) +* [Data Security For Cookies](#data-security-for-cookies) ## Ingredients of a Cookie @@ -132,6 +133,30 @@ Ooie-gooie and fresh out of the oven, perfectly golden brown. Here are some attr Ideally the cookie is also cryptographically signed or encrypted, but how that is done is typically up to the implementation. +#### Signed Cookies + +Signed cookies are an alternative to signed URLs. Signed cookies protect access when separately signing tens or hundreds of URLs for each user isn't feasible in your application. +Signed cookies let you do the following: + +* Authorize a user and provide them with a time-limited token for accessing your protected content (instead of signing each URL). +* Scope the user's access to a specific URL prefix, such as https://media.example.com/videos/, and grant the authorized user access to protected content within that URL prefix only. +* Keep your URLs and media manifests unchanged, simplifying your packaging pipeline and improving cacheability. + +##### Preventing Misuse of Signed Cookies + +If you specify the Domain parameter in a Set-Cookie header, specify the most precise value possible to reduce the potential for access by someone with the same root domain name. For example, app.example.com is preferable to example.com, especially when you don't control example.com. This helps prevent someone from accessing your content from www.example.com. +To help prevent this type of attack, do the following: + +* Exclude the Expires and Max-Age cookie attributes, so that the Set-Cookie header creates a session cookie. Session cookies are automatically deleted when the user closes the browser, which reduces the possibility of someone getting unauthorized access to your content. +* When possible, use a custom policy and include the IP address of the viewer. +* Specify the shortest reasonable expiration time based on how long you want users to have access to your content. + +#### Encrypted Cookies + +Encrypting your cookies adds a layer of security since the browser client can not decrypt the data. With this, server side encryption makes cookies only meaningful to the intended back end application, and adds protection so that clients can not sniff the cookies. + +The encryption you use can be a one-way lookup of the cookie value. It is possible to use the encrypted value as the key to lookup data on the server. This means there is no need to take the cookie value and assume it is valid on the server. The web server can use the encrypted value to confirm what it knows about the client from the session. This one-way look up of encrypted cookie values adds an extra layer of protection. + For instance, in the next section the Plug library gives you the ability to perform those actions within the `put_resp_cookie/4` function call. But if you store JSON Web Tokens (JWTs) as the value of your cookie, you can achieve similar signature results through the JWTs themselves. ## Elixir Phoenix Cookies @@ -151,7 +176,7 @@ conn |> Plug.Conn.put_resp_cookie( cookie_name, <<42::16>> - # domain: , + domain: , # path: , # secure: , # http_only: , @@ -159,4 +184,30 @@ conn ) ``` +## Data Privacy For Cookies + +### Storing personal information +While cookies by themselves can not dig and research your information, they do store personal information in at least 2 ways: form information and ad tracking. + +Personal information is not generated by the cookies themselves, but are through user input via website registration pages, payments pages, and other online forms. To ensure proper security measures are in place this information should be encoded through limited interaction via SSL (secure socket layer) certified pages. + +### Tracking User Behavior + +For systems that use third party ad serving networks, such as Google's Adsense/ Adword pose additional privacy concerns. When leveraging ad serving platforms there is an impact to user privacy being there is no obvious consent given for such tracking. With the rapid evolution around cookie based ad services and tracking user behavior, it brings up the privacy concern of using default standards for cookies. + +#### Opt Out Cookies +Under an opt out scheme, consumers are notified via an alert or window when they load a website. The user must consent to the notice before they can navigate the site and any cookies are planted. At a minimum, the notice is to contain the following: disclosure of information gathering practices, the uses for this information, and policies for processing and disposing of this data. + +Opt-out cookies are essentially cookies used to avoid cookies. When a website creates an opt-out cookie in your browser folder, it enables you to block that same website from installing future cookies.With this, Opt Out cookies offer safeguards for user information, and help secure systems against potential security concerns regarding “hidden” cookies + +#### Opt In Cookies +Opt-in is the process that describes an affirmative action user takes to offer their consent for companies to use their data. Unticked checkboxes or buttons are the most common way in which you can implement opt-in mechanisms to obtain users’ consent. + +##### Which One To Use? +If you want to be legally compliant, it is safer to have both the options with opt-out as the default. + +ADD PHOTO OF THE DIFFERENCE + + + [**<- Previous Module: Elixir Security**](./5-elixir.livemd) || [**Next Module: Security Anti-Patterns ->**](./7-anti-patterns.livemd) From 2f0ecafb5fb2f2092174dcb214f322579e1df5d2 Mon Sep 17 00:00:00 2001 From: Collin Stilwell Date: Tue, 31 Jan 2023 16:08:20 -0500 Subject: [PATCH 03/19] Add files via upload --- assets/images/OptInvsOptOutCookies.png | Bin 0 -> 120600 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 assets/images/OptInvsOptOutCookies.png diff --git a/assets/images/OptInvsOptOutCookies.png b/assets/images/OptInvsOptOutCookies.png new file mode 100644 index 0000000000000000000000000000000000000000..6248b86c08ef346eb5dceecff059086999dffd26 GIT binary patch literal 120600 zcmeFY1zTNBwk}H0MQ{l24#C~s-Q5BNcXua9aCZpq?(VL^-QC^gtbE=3>^{A_d*2^$ z;elCemW--VL*D_R^0H!ZpRqoJfPlbBhzl!%fI!58fP6XxKmy;)Y-4SJfM9r-2?@zd z2ni9$+uInMSsHUB zCqPt4HfJ){Woxs?rC}imIKUU}5(G}q-Z8HuBLmfU^x~dxbedocF6n>~yXL+1<3lUt z{nPL7AOv(6FHd4|z51T$AhVSABrK31V~{!&ykz!Z7r_insH}(s5ZLUdFlsj6I%!sG zhIe+q0d{mjZ0kBYW(hzJ#lCU+;BWvEg*rb!AQ8V(B7szOWg0pTb$7gj*e-Q*Pj79t zve`0*_v^olW2kkhk6++32D}S(Y~Vk2bO`udChDa@mQ{C$RZ%J6z zx~FlW2&cs=J&XbPPe=ujTGugle#$7pR_|q(ha2xilaNYdRt;D6$=}Fp%O452hC9;k zdpig`z=&=$d`6)|oNJ%Y!hC#Vt`aYXQhWg>gH{}TM24_94FfrV7=7oJSBh?5`Wd(u zg7Ac#9h}C&9BqTm{$^5qR18eRgE}MfuMB+)J=UXmvkc!LVEvFbp{i}~z*+?Wzqr$^ zQh)eZ-6ezQ@k0m@fDBnGc}Ll%Oh$n=LPd1+1P% ztl%JhF8GE6Pc4A)%H`~!+=p*PyNN5E{hH*g*A%Po(Yx95`{SeFqu^cUcQB>uO8nvm z))S_;gF!fhCdO}sYWbWhX`}d0lGusxQliy4?0&G4(DS)b(?3|KdX;;vTG?`XKIoP{ zwz~O@4bu?lg2gtMF5O+Pe4_G_^3>jmjfm$z!Y32Uy?wT=9t#gPp5Z=_ynLGKU)jj7 z>1#ecAudIp3N{d=f$-J9Erp+ot}k`@s4ldQ&)sRI^%n4CSK*BK9NnzVHzN(3Hgh&V z*q3T~F?@n%z{Z}mb=k%HN=m^Vq=(;u3;H-tJXACN`q}>TXAsL(7OlYrwcv3saD%g_ zG*MoF?=d&X<6fuPmfoi(&#) zR0!&qB?bOhzX<`BDV0OAS$HP_uPG^09CrjSzeFT)a2kKi?f^uQQ~n~tTckt)d7rE> zBGKoV5OFaakuSs}Na#orA3)L;NJD%?K$! zsD%@W>4UJAbn0&!R{jnT8B9QQ_L?NO`cGh8*-5l=@ zMkaV)R4SWgYTuO25s?!w!;e;2Eyw29MX!e$a(iI+H+2RB3>8T^l_Qo8(ti;AH+70%@DV0Kz=vpU_Fr575McmCVe{ z{>;bB_sm~X-Q$YHd*UevPgn?spyI z9sL;-m~W%sTgT=n?=v#ObfS2CdBWN=y?nh=0MvQLYjDOqfq362nO|M;?)=niLsLo8(O>M3qa2 zLas#4L_7M`f;5e6h2+I8_!2$}*NqGB{E@Vf8l6my@If+@!iF%5%tz`y%s&rQBU^ck zPJ~kgrTnRvUTTETSYxJ@rH%2#dS-~^3G0`*U+atJ$KE0fZ*=-uFp0^tw z?xI{cN~mpeD02vg2?$G)iWqfKBVO=aU}(g(_E^hoa%fRnP2;J;qs2?W3(FkHB?`4ACOS_>1$7_nOmZh1cqNlZCzahfs(5d8o^Igau=_$7} z)5q`Q1?0^4)%S@1tn0Nah2ZShj=)8LQvghW31v_`@`zxF#!yQ1MRr5BO7@9z8d6`#RLI0yTPuq5gNUSvv2dh_nQ%r(YN4hgRc`iS#_w^4u}dj0monGW?!_zi zjHc-({43fkIB02TB~9HHFyF?6t@7!JFz&~ zjqye;(Pw_gviY>}OONJ{un`Ql4yq-=@?)3U{qrl-8iVMB5?DSs(QNjS+9IlHV8?z^|TkE3_S z_L@->*NN|08oW{*T#ggB+J?=hZd-0+Pfa&UsI;gEbVWKv#k*x=722ggi?B+ai_Xgw z%8QHlD#pu&X8Y&cI}e?zA7X#!?~gJjP0rQMo9KN~GpO`zI(BfnOx>%Ggscx5T@b0r zY7uCOnFFw#o2A=)w#Kq>wmEM#v#Z@n+%Ly&G_p~v2h_!{>o>=(NSeyn=-5bEYPDgz zxis(;dF2?Y4VHRXKfE8;U3fZgT)*c+ks+M(%=#?ei@zvHC5bMK51L1%WfpOpovNO9 zTq!>tMVNe@#PU$~NcEWWu(>n4tG_?FZ{%Zhf8V6L>CA*(guR91M1XI z6A>ubr$tt5Xheum!LpuH zBFmgpgVk+rdIPpjgr;y)poTk4N48@4x9Gh9eX&4bqLe~ zu}5$(x(|o9NZXVKv<#A}5VGhB@nKSSvV2`f)p0itofuZL#8~-i(!PC!P~=?UkdFm&3|xW?awZSFO}{i~Z-990W@IUgP1cp)BHq zngbi^F|WB7XY0`0_Q%56>)N?^J*<E_Ll{VdMQcj^Xh7g^NT)qWp=c7UVE84DciVPCkLH$wn|ls6k6=keUi$G zuypqVZBjX+j8Z>|tSE_zrO3G&bLGxkJYxiFh%|rEK#LmgZJBr?IDCxH!0X8M_$} z+Ts=J3r3Am=frqxnJ#U|E}3_{9VgLpHFR@Pg781?o?b?=RJ4l;`2NVM_7E=nQTxZ4mFQM$&;ha(pZY#LGmc+goWB7 zP)Y|>aZ6}}CY#S&nx*K5+Hc$gU(MzqZ2Q>`-pZE+kjSu*$H< z*D1<6O3|;-6n9jG#S}&1rTZmjrCy43bMy=9v)q+Nm3LCDvV%J4r5-|2WpcBf7Kmm; zHj5VV#%15RtrQK+VLDw_S)*#AYg|n&Gr=r>9}m?D75X-*1MGI0g8qqeCzuRRRk++D|AY7x0S<0D+cDZ>gvz(Fo3Dhj3x z=J!tN+w|Coe7T5>a*UY%buF5kV`2ztu(ET!Gm32gkViH^{)6o0Vy$_Srr)ensKhJv z?NhL0VZb>i7Xkzh{CN0;xRvF`OQtanX6Tb#G`yKv?2 zS(U12Nws3o*Og=go&AMk>V^BJIalK9=}gd(Kkhg$tvzeTTAT7z}(H{tMo^8 zPdITx^{gZ1#%KARXVihNG1VW73`^_ag z{XC;@{o+9<21^cQLY2hF2KT^%hoDPxLCPz~PJDty%KP^M}{ZFQj5daHza0;!e`#BJKRd!b)0Ux)#E%qU54# zY6yi3g&W^&*Q$mO6YWZed1h#9@oogd6h_TTAx==W(s4`Mivm(}6Ht~omhu7+x`H=LFOr0*mx3B-l=H#cLE#4zXR`>0Uy7@4uODBM(v70UWbm?}D& zFT2P^YVGDTo8H7tlu!GiD+}khjWkY|&Z#^hZjSd?wdeJCDIFP;QShs{L~wCpv=I}L z4st~@$1|VYmrd$> zq+FgIiuA$?6d3WEyuvXg+x?}n<5AJx`7ykq?vbl#2ZSW%1$GytC>pxR#sC|>PCpRQ z&Ejv_(UnzYmnGtjrYY+2P1WE@edxo3iU;{h-?@!gT*QZ}M|bwrQ1`!($Lmt?sWz9p zE0hbrMMJ90D2>W%DF!Q;D7dIss&uYzmgom4#9dj%vChcW4(_+3(NS-x%V^OpmMw0b zYT)+a%w?2iyy@JxBsQ%%;@_*^Ag`Kj;ntp%$wlD{t6oI`ilEa!qvZz%YQyQkvqey> z@}T64tYNRAh5fAkNhg^ssVv8t%H2N6p3j-UYc=U-_Q-w2V;S>Azd~L3QY3V)t~+A4 z?%(>uum6@jP3lc9ZUirVO{>EGee_4EN;Qk7Q*szs5}me0$G($JeoTki_Ws=p)cImv z^#<-m(NP}nlzZSAmZ##4qfeAt)`UaMr-E)Vp$R&2J<<+iymr=o<_=B;o+I9I`kA|} z%d$O_fo60Vlg=RO5>K($Lk(ITxaa&Po)2-~PjzYJzU=aTYQES2D5!2sTWr|g7d^xp zUxVz=ricOo^!_g1P{_e`VwnQo0vf+crd*j(-ynCuFPyPYK_bInLg`3~P{_<=r;mR} zPLck;nQ>w0W0GW)rOzOIjv*1>NWrg(uO_Q@t2wa~x2tjZZA;vw=9cKD_T&eG<_)%o zl!*Ep%?S|(d4tYQ@ftGSWpb49Tt3<%VWUt!doi~zhba5FBC&G4a=2`-LMNN4u&~^x zZ!;n$$F5qM%d&RPFH3YRpaCWEg@vuVzKlZR3lp<58mUu z?zrZp9jBs`<5RNX`rb|;=twA(h+;nn`GKU4+!`ecPaIU%+xtN)ovEs-3ez0PysVC6 z+pHp;JL$u*V!*>4R0N~UVCsR*(ng18@D$eK{IcvRplQJs|E}v?|0p+f5Lu35EkSP3 zgWcoo1^!;o=iS+tp5mcLKjiuP(007kgBYx`P!xT=EKTWf2Xu>fo?++Z6-0i!?45UUHqx|$wB|A=jY&8{d&8I z*Rb=2dZ&korzm)3<;6B$0!=WGsoawjJ&{jc`(RaxjU63|9UUFcc(SabAWhf}cNu0k z75dQ^ z31b-N3)thBj8T`rmB~jA&i0 zZ2wFF;dbQ&Hm!^t^$A?9EUg_lU3rN98o>!{|9MSEMDW)TM++Vzbs2dAAsc%m0#;gj zT6!Yh&jbVn-1gs%ITeLP|2`e~iHFG4(b1NZj?Tr!h1P|M*2dn1j)8-NgN~k&j**cD zID*E(&Dv4lmB!kE_-~8+*E+&R4ur-M^aVXlDFxrv2&p+qA#V^*3_de-`7EH*+j zUH>rk&lx!7?9G7W^#3rCmw}t^f4uwqcy78s9R3H6|Lr>edJDWy-p|~0|5rA6KgURk zihzLdgGdMqD7$_-&45V86`2p3l#T}nfV+_MPi>yJG>vYbZnrK@Znq54hSff9pP!#& zQ4>Pr0niA}=Re#m?5)k+TVB>v#z>gr95M@Sw2suK8#_3iO3cTS8HV#D;z%T7Z9^nI z$GtK)C;E|W!Eru`b^XJ`Z{N2oIVP0ba}FbgUQ|gb-!LJsgn586KZ;N~0WUvW`bdy- zT$2Wu>yj~cxYDUE55X{s<-FiA^OQX03vKMCD&5RF8P`mpnJw19E`thXI@ZO0i7ev@ zIQpxcgxayQrQafk)+|`0;f7%R@cb zuG@m!^3du{V@wLC#b-fKM!^X{qv634a(*h@jVg z=DS?GtsV*wL`)@@Z7(hvNNlX!gx{<>sE%H>I!2qnHnD@wVETQ1_lQSYP3CH?sHjLJ z6bceosqEPJ4XN`__w@hX+TTCV}#{^W$F{@&Cl>v^?+ekUustF7`}9Ak%fH)i==Vyn z|CROZpg#cYG1`ErPRD;%!+)_Zkd^=2T>>}y|FiP{8!P#1g}-ff`7yd)Zj#BYyj*nB zRkq)!hGVgOWy{oUcOQ->6tdrV`OiZBO_aYYbQd!_UP~Mg3KoMv496~zy1EaUagzH+ ze4#?8_o-%-HVztvjM<&`{q=xvGzi<8qTS4Xf0Tz1TH2jM@; zz8~hNPvo&Cfr{3j+=NeDMrj)3Eh?HtJD&EjkACNhiL;~*58`>0r8`bb%y6T_(6!ly zI5h7i#vPm6e6{<8*MWX|?=le{nB<4fmjtx)Cr zL>@y2=?;-)EypD_Z}%&sk5@Z;z-8j@=C$OeI#{+i&gaz)BM={eH$fG}_ukY#!Hp7` zZ3KJ&Hd>HojkS() zP+HlcNtK!9{VWm5`+WF~7d&DcNU<`}EK0{^jiqm<)G81e%|)+yCz7it#gPU$6_jI~1#3NeAOI2$ zd0XTLyZY8)fF_UuD*5|xlAbqa$R25ucFlyvYh}Z-xl`r~*uNJN9KXZ}{tNFnqlqQX zpB5yIr}mbp#cWpdPy1<=mfnkwlj6HK6I^mZaM)yQtF}UyE(4e*Lz~?Jy)3C?$-0YH zjcdCLdOit_8{S-qg>rmvb#0eDF!kGR?@tF(B-gc*yx8Kqn($;B{GWx0gxc;eHuQqv zaj}?v-K@Z!mp3#_GEni(>Skp9+fA6=4>CQh-QMmN_Bvk9VJ?p2RJTR7lH1OJpSnNZ z9yahN5V$Y-*=zL)v3e0l#qiv|hhhMAGz}~iHig@MSNsV$2JA{&-7MnVX+eh#aVmNW z@pTAAjvI+N<@ZQ~$wkMD_0+nk)Y89*%>J)S_;vTk5uMPipvBdaCaM$V-2snAm1bP` zLne}AKbim7Ko8R%&5!?w<)0hwecSkWf4H*W~^pG*WYx}e z#B%+H=S>7RP<22BRy({rJXB7?%>dvl;~88o@C)fOOpBJN!RXI%Ns*DbT%VzkS1cb>@NqS%xt4DnaH?%PX~Hn=y2)^80!5fVc}0DE~*FdNOQ1}m!~^luSa2^9{YQk zP=;*4Wxk{T4{uko#z1o2 zkFJNqI!ugiIz?MQt4Ju6Y}iEtfqkxTxODoS9XO~m<%1xbO%qR*2=0I*ea}K$o;hCy=+zp?VLA^l6Jv!Jw!~1 z$4Uy065_$iB1|9V=XLm;T0l?q3bX{!TaQuy!~QYDgF^2=t2;gRA`tO?XunL&{ZK(1 z^m!#TUyv&y@J|akToi{A*%FUepZ}zD7Ep~`0K25F6IC+&lVzOnC=>E;-1i$nvL$M^ zFIzQ2A@V)ja+=p5N6bL1v6NqEwAq+8b`HjMR+mtEy6i6 zu4$SbJ(3&A`8Ci9XeXd4!|}qS%09q{*RA%sHewqzq6UI#!b9$WO$!2AWwO z4eRDTP_y<;f0z;DG%GToTX6-T*J5b&khw)SCa3vQh0+HHov@0q)(*@KR@GFW*fLQKU&F2+6%2mGvQ}o10!eWB zlx%?<$K~Xo0{byj07(fwN{GSQm}bYbWZ#4&o|@N3yK=V1>U7{-SPMCn+Nm2kJy3E zac@SB4^Ec;$5oWiYwq{;oY*>p4q~}6V}_@!ywMecJ-U{|oJ~*QpOB(iN)ShPF3Jpe zLN(d(hvddsImZX|rsMbeE$m`~;*9~IWK933HYWS?=X{Lsom7fIf#zsp5Vd;*JD~2w z4Lp8mtB}Us@;#BvfoJ9!CPXA{T#6swNM{qg*FTuHl{{~BQ|A; zQ)Tf$s<_iGH%$I2W0;T%S2iDTa{N0tUz6>u0*~cudg*OTMC|$;Fq2E@C`~F7bwbsg zE7^>t2JGH z@VR;1%0ckCv5a4aIna`skxD->CU)j%ufTZ*gc`mgrAxEg=$qt>wl?JTUAQF{zG3r4 zRT}bfSE|ySG)R7JoO^AU$t_RaFfD{Su%$3tRUMSGaQ2_W-t>bn$e?8O1O~s7& z&AAXSd1rW~+xG|O272m=$1x{Qz4C{%FP-<26fW`x&Fx>2>eWP&opJcyDXivL9i4>6 zJc_LL17&&%6F6pJbIz%0Ra!J!{+>j4%@S@3U(aqGbo|S>-WUWNRHG!X@O*;idf8&D zs7D%NpI~H2crFvS@TDwV0R_%5NnKEsrXe|e-q7D1x3(v?ii21in*kf8QnYWMCv0PI zArSK=^rCqJMM`LXX&NI7n!F?GZRut)qTj-7FVjNReYy6&WNuXedM^?TGSI=J9(V0M z%_gtiS~F52;-`pOGubFLam~nAmf-U+ux{=A0)Fkk=f_{gfN9N0wSCgR%wU-Spnib< z{fm>zFza2Sme4S8Ce%0?@!f8Eg>m_C4Kq^A@&Yu`VxA2Jb8r1JMzm#x$XyG8B6 zrz(r{+E3!`6#RY5%G*#qDiD5BX(rY9Xs z9%BJr9MZpc+v40?Z;m(kqHE7iYGySoND|_fM7@z#9q<;{)^kCK#UlE z!dFtf8xlWu)f)h@N`O;SrdSc&`qkM=5GVmB2_l8?`qOf$m9cPQx(;A_BvXa!3 zvxQNPucu6Al@C4pA$!8(F(fDDs{MDHS*~!9I zzFv*BXPjj;@8QH{I$H@FJxhDuQ%9~;r1dThX-i41xAPpNJ7El4f-^oik8^n8@-fA7 zz%Nv>jIBgqlV>ETpO>LPWz5by4a)H%u|85!-HfySP+$L!f>iI7K^s@2-}JXcM3drA zoHgZt^PTHoNs)3SKLIV@oAT~?YyNSjhyC!5aOn1L^XYGkkk~_rq|sufW&z2`fy{y7 z%#4fT20)?DV=!^BAt}g+@RiOQPT(o!4yGA3qKKjxcFuBQRZMZgQ3WOoH8CUU@uBTcw7$_#uG8*he7=@T8!>f$%TuFY$b}N?tPVl)F zu;bjqkQOso;AWXe@*qk-U^3nB2uTZAo?`xTZGAy}^Un&&|lFkBK;mV^Fw8 zM~DKu+H#UTjjv*GlDjrs{$)so(+`mh^mb{iq@Fu0b|i!Mk>6Mmg<`HZC_#}$mmH^L z7S1}x5l<5S?XMibPc;Y#*p-*@^KktOt1}h?0PnGTb&VOsLuuYaD|X*ck=AO8GftBU zva0?8yJX3Pxttp;EngL$T&Bv1EC|%wAp`N9WcEnt@5E7r$TPtSesSSJ!bS(ox>xNn zBk@r>4zl>7$c4ju$;$i7=Mn1rW3^XU`-}NWi2`da5_h^D67^(W#%oPBs-%e~?}x;g zrE&1MbrmtJ#Bo%k8LjqzP^Mo-#K1&sl$KAf{eMKT?4V4{pnmdw^H+BZQgbqFp|8&t zxZJU_8Q=Q~(nfv(@f$)@ywb2uxlqF){uxfzX?9){q(Q`?$J$<^-Szw<#E`3qN+Au| z$oUG66(p2VQCjR!%fOn92x(S(j;4jGAnLZNaCJ|+6tgU^?}-}5F%6QOTG}#6h6qc4 z#Si;Gfb1ME<>qGj7wlvQH9`b{XU2M5-_8(yyj3dmyil9>*LzVGbGb*be4hfsCHUqY z2A(hX0ypYQoycxD7C4Oy526GnF@vI5gW$%VI$ZXhX^DWoJw!e1-`H8rK{ySyNTZ?z z*xBj4I}>Dx1xD-Kw13HFDhg1O*b1jF>;9!^0v$J?JBB!5&9Hg7h4Q{QV# zh;AoOezXImQN;14{7hi5Ll}q@yyB^F8UI(XGvx~Sc0AaRlw9!_*0k<^Qa=5=RE=&+ z!*KMX^Me+c&-jJUt-1I-Zb3DN8rh%@si^6Y>UrI%;3nNc=SCj*Lv47!lmmew{A*wy zKicI7X36`)M}T*2AgBN0cRTGt@{l1UdVv8-)dxHlJ)gkd*-7H5Uh2BC?zk zC1{%BC6SyZtf6HEWTF+F9iElD_LbzB(HHRC@U<~oiJ?Mo(E z?T)s5K#)-KU?Rh)AjSAIIH53Mpo27p5C*4N^4EAYcMGFol21ls`l(0K)cnXw=$yqI zU!>LL`HYoXmz^)eA7)W{Z0-Ii#y3&HE{}H1;<_|5UCg%f*7Fwo$F1N|hCv+SlSA2N z&o&^3wnSwZuF~yCDE-8P^4K3Y1B?!*vW<4SCV{Dh#-NT@Ptgv?!6%>SMwM}B@r4ZM z-~z&kGoc0BR106LSCMtWCx%0bTU0BI1cjg<>uZ(kcelsjdeUylu(P@Wfzi);cPUYGD&==V!_OV#qTqrALXZW+hBK0^ z+lzJ48SJ#(t0i>d>ialxqloo)C`d9mB zqRT*YcnGB|IN_CPKPzjo*GYNf=eH3d1fJO<4e5m>QMk5HFscPHX1m)6u#(RBvCNJ4J5WD!2^(c<=PpZ*TX$Aq=-b10yiKv55SzPeCITRZ9Uqm zVX5HObLy8s_Zbi&Lt)mZYu=5Ow!h5@qm7Ml%7tf6+NS>l+-m@#(;uXX=}GDa&`*u# zQpp8h@`iwj5>?>jZ(xIuq+0^*qk%aXaFgP`(2rlHyX;&ZYa1R$SVP579n%-We(|P64P=B|BYo&a3eSc zF>b}WwfqZ|*SByXQua9S4)ooXV;22`ErY88ld2j|MH4`ZUX(E4xFO>3__|ci6xb=S70%kdrtd2u9BHCv? zx0%oV*3?6XQ;D~ZZ3M|>7Q2EWL*Om9GY7A~AnoS}Q7P`!f&%0aP#CZ(j-(8$9ov8a zB%$t118s?1^+($^=gksz=LwpIYOt6{r5kqC~(?RqmhOrA-SDDOuK$OP*_P1ED{cg&f zOU2D}AJ_6qj2Iqf2l1xB>s6pib4UKPJyAtlM`nY|b}0FF9!VYXGOg8c{u2>DALmi+ zq%ihR<;u1iWnhtj2H7oK7Vl0iPCCo16&r{tGpY{4hhtvXMVUFgHhz!AU<+r_zG-?& z^l^~EbfP{ntvI@K{F?{=4!Avj$?z`K!SOo^_J#LPUYD5w!cW3hyJRH-DPuejtD&*^ zgbJLS(yBnetqAH=g|SKnt>kWuE@>a+5_khFACXB)lK^pV$DBax99FqrF5FpC<-= z7&=!axI;u>X`?cWf+PKKlf13p>?8K{`K=RO6R7bey!%6TVOtlK}&fFLsM<-)l zjCg2sQ6DdzA23Z+gvs)HMPl)_@C0Cq@ePKkJ5&`}zquUcCj~uAtSNyKle~?yZAdp2(kQUjrKs18(9%WKjZ#yNFx}Mwv`WFpvjnocAd(SPfC!6-%{twTc@f< zTra-2a~0!h2JW8e#I@O;5QNlN(DfFxuN`Q-$l2Ci4FO#5l))%ZO4DQtL^O2@*ZxJt z8B^9pTsEC=&Rv0RzuEFcLi09N$*GV@Qzflb$Gu4;0pyabKY$@c{b=TWCIz&Txsc=# zX$vPo9(1tXhTx*4E=1$)k+=eGwX*=exQ2qB1cD&XK4uOI(I=^q0B;kZpNDmg#Nnth zNT*cO*@`WK&Y!~Tsstn<+T9AR{F+eIqYU$USYxYGy7pD~QZQi7OJEcj!*?r^OF_bW zONHLRA4#%NLn@esnnr_hin3AEta%Q>wr(Qq%Pkd%1y;~l6_B}CS6n1RcjRTGxUa?S3!6}=T}Jj#3+Uy= zb%n;>{J0xl4RBC!yW%0#o%Ze9*acQ^>1R=|hXj1Q&*~Q-UFOLtDbuDBf%VTMc^B6d z6})bxTctq04dZ3Rw;7=6$D8Kwv~kOMUk9EiyOUIxKD#6FWRiN^+??vS#E)pK(u>tE z`NPLEiCWevQyYsPP^EGrUQ!CJQ3TLQi34RF>&ua{?@4Vj-p@Qq`=KBolVta2Y0}GH z4YB33UlvN?bAm4q2^d*=3>>%za&wHTc}wB5uOZtentAh3Ti3`kTprT z7O5rF;=7SAU38RPoimA>x zq!I@pwA>CH`UydOiW#8)iY}qBd?khhdq2IfB>=(ab{8N3rq9Iitp_CFwj?y#9cfqu zBPpy`O*vF&Rn!f3)!`!GuUGzC}he@BnoNFT8XZjASp%jx$OtQwN z0v-jvAXrS~A=7uT#fSJ7>o)}Jlud#+)rXlqKkPXB#~VE;A`P`~fptqC=%aDKQW~B$ zB|>Jx$)q^bMi3Tf+m_bd`VOw16+ZoTzo1)92K(GN~)eTDrv85;7fi*>E_O zx%*h4W4YL`JJkq<(2zdsTAJ2o1?XdP>i-ogHsEBEj#ZDbENJJi+;Y)30bQBo#i-7g z{Py$>$@PP|D4V$n8rDQgs5lXH9p=S=H|ZoPMYidjfJo`IRS}F@@OBD3+|^*y>to2# zUrv`OiEqaQT+{(3DK#ko@g4l62xRGe>MCer*1EfuSpsYy4L5Ku(o4Z-^+@Y!jKzW* zBYg)ly=2xdWl$&F8AM=Z!iIh=ni#koCV!uFg1jn8QV}3|3x4xyl)5&YA_Yy_L7t6* zY6L6pQ+0G>-66kL{9~~S`C^wMOWTa>$*M`h4N(}i;<3_<7tClNv=+3Df?`>Yv)>Z- z7@x03B85KU@i$8YKj$7Y3!t^v53s91p!G}|LMYIs7xPVlBwg@7%5Y4rK8tEb94o2{ z*Q+P#RXl!NVGTW;kgUFpcUl#B`cpbaz`Vw_XSkyZTIf34qdwH zawCRmUyt4n^ZWbv83a*@C0EJ^ish zeCpyr&fMBOIkioxMz|={_#(L_9GZE;_#^p3-tr~6Yuax9XO~SXD(EZ}y!1w$g(_uQ zHA*fDW44aQ%Kf#O?p^mtu(F%aLfc3IOJTt|U+;Xn)}&ULfNwXI0T}AsF*KN2E!-GC zmlQ@iBY&s}3%5v;;y{$S4wGq+Z>SZ|aZMBb5MwaxHeocu+fVQp3$m-OFur<3`^9Rb zuHkP3mc^+rZA|y#)$IU3aI;|nUMEaF_L2Nf0LqYA2*_nOEmLqR4gz!4DMwEt7}zE`KBOe>?O;hne-rt?m8$w&~Z%Jm-OI7qK=OBi(^U91Uk&-`YR zD07}%??P!nmK|ELhz`yFJYj7qupc8BD?6b#Sl2$#Bi?+Z zeIV|&O|##8`Aod`DPBT}FX*4v52AuUg@S!XarDeHK3LQu)0Ch}v622xc!Kw0)UkGp z=~e}QyLP@AMoeuRjSp``3Q=>bK5A7Sk9=sT%6-Kt%6Hroqu(FjbPVlbNTgognJFl3 zCcI^gPl(McD6IHP&GBkX`b5WmB+&9j06M#4M#eC`35y4UmYmyb$S|#?hSSd(uDb6h z7O&9WM|mMlmDSODsjy!%9tfh&CJVJ3pDtN2OJyXiIyR<=-T%(LXTI4^9kEsc)E%SZ zuG3*{+nX$j=>G82;`9y|+{at$3XU>6XXF4w{*zkSY>L>p#@k4yqa^V)_=hyTy-4)f1Gj#PVsP5ckKt!&*j!54mGHr8WQdAeE^+_S1=;>8df8(65{2{hef zX8=+Nnh+J^L*A@b-tY}gKyy=iOb|I-yik+DZH5&>gOA!fC;7%nV*C{rK_%{m95le^ zvy;ozg9Cpx%DDtm;NI|ynI$8*$+{1uM#mqqxXB_5_(~0*$|Lep02jVJrB6aQzhwN)ELD<>lIj`rn3xSycfK}q^v?ur{<3iw zqcf5+@dYB|w;`Oe6Gu@V6|jYv6>-*d0BODDr8@OhL+`L3{9@h}>h?iU9pY4=P&c`4 zoI3-*`9=7Xl4Km-;tHBk{3hrpu#U7LUEGt}>pApAypEEgUL@Z}RT_wQ%0r4TO?!86mX+%4~5>yKjz72r;mukKu0SYd=#vGKLj%h zk)_llb^xoQfEU>*g^qo`Bcy6fkt7Lc6w^ig#>8X?0q76`-g49_sOgK=vevHbLqe-d zri2a7_4OMIHGyGX_s$aw(~wC%@Et4w4Nn?6x|U%|LsMF?cUGsuFo z^1f|01$ubODD;N`3Dj|LYaBzJ!+*afd+oMfRI#Oa(Oo8)Q^MW}wg9j@7SyB4V5a*Q zL{dG{&$xaI>quM{m*hx`7qBtt@=OC?Uo1qwR<y1m zipq6os>K9}MIP8>*{pPkJj?J^NY5*evPOcuVXOO#b=KvQI^m~u9TtEDFtuYA+nMX2ij{+&lOp&eKazCIB(?( z>{e^v95#yi0G-Z9BB5RUw6fOChpzI|+~_X0MS2THk!Dumz^`UpziNTCV`JZU^{4Fv zX(fKG4XqW@V~~Cpo_xCDg>Um4uIk^cS#GmgiNKDXko89o#WKGhc1vS}SI;GC!3vez zqBEy1G#`K8J8mE*hhM|THtnYLY_d}#saKfv9U44wZcH;`!Zg8!a~A-%iBYdw+>?jX(}W8S3}&H@ve=4RpVk;)r?ySH>$E}T z8;`XcP+0t~P1;KOK)SJyNe1H_%g!S#@1{x~$G(k#vhIh6U4j|)04knbi;=9Or*H1E z*b_r&DU9gdR&4Rj%C(s!3|pJbj8#vV!-UiBy4qh?p&QHfe}KVG!u%ZuteDIqe#b*c z*{>ssgqb-eObAWolW8+DU(>O7n_OVXn@r)w9!eyMKB!RVCJs`-DzmR}`QbdMlt;3- zCcte5Oc><^3SuJTR)RvC6on#Bx4vM#y(>uh4>&McOSKIRvEdQrH+OXt=_C1{?mNT@a!}X#x*?d2=VhEm(BaLBYh$k;25#+E zn$@NwvGaJC<*~m%fSPoE-i;pWgbdLUQQt~<3Y^L#F1*m3jpUu9XCXU+rV++Di=)uw z2-1IK7KV^xI$wu*5$4H0J{AXw6IZMyoz^{HDc9I`9D-5(UII?J)-p6fX|I-~H(fjze*a z=eRw_{pF0M&@XpMn&UTGEqG#&UB2e565T6g$^Zp3;Z6+lSNrR-*dhz5Stn8kE7SzM zOgT6F7q&@NF8P((zc~-yJns?;*l}eL!9fG=dCqz8TRA_c&ht-Mt3(6_i`}(MV{g`y zZXxIwgqu}qpSGLY=MzHdPd#}&ek!(%4WVjd6HZ@0$Tt1F7Yig9SR)4tK8qWE(HzqG zdg?jBGEY&RXgkQ3Jx>n)-2Oqbh~tCi`oK+;<}Gb?-!z>0D6XabxsT^~{A75eJNF&_ zAV`#~RNGs6J6YaFQ!_q|o{s%2fY6l98zH#%lTnDlgZn^lJ{p1HR6ag%+j0ttrn!hD zuIY%>skX5mvjw&SFNUpZs+IzD=itC!a+3*nA4M}2Rz@FZfh}Ully>HqydJu_21woG z5ANmIz|!^%1mhRJoT`v-`5=pVZT?PN#WA`d;!NZG2bnP703a6}`(1@!>I$Q0^9;h7hjsE&@!Fs9X^{@`M_eQ=a75pO3$5APf#`apcCD8Gopi3n~lv z2v)fC>+)23yNUWq`@6l-fv$Pn1wFNoj*Tqd!NCZiL&FvD zu$o->e>v4dA4}TDQ+$N$zx>xSkmWT#BlJLpH%xYj{zlB5GyLq%%~+4?6Zk^c&q)8V zm~sVK9@7YCX6_*l)5vt&TgK!|pB9$rLgN=?=qE*E4AUHpzGJLYh9dRY&s3AATWB15 zUxYR4!ZP>=*AxzE*Nov!4&LuFKrak#VT6?3_&j_<^h8=~<8U?f*E>cgFn09<)FVMJ zv$o2dcR5K_Rt)6uQ$*yIJ-9?S&j65&f>!#Dkn)09=b zDZl?4p&^dblJ`i2;5&msahaF;kO=7?PaFIJkk?t5s{(03wDt3?*&;NiHR8TL6!lt( zr!9z{q3T7a`0PNudSfbS*FbRjOH#hKbpMaO?#cXaA&*y2mVJpOabq4mK_>=RbL2sT znbqL}RzxZybvBunIftps;CS}oK(Dy=e*h*a3%gt^p^|fG^dD?TxJ0Z|2BNN!n?VKu z2}!cBq%kzbM3410A$kGg)Wzk1vZib0SJrJc@+RXxu*RZjHkG^*)oBD$BVzciOaXpG;^KG=3ev>W(cgh0(E>8cC$UfBn zf-8Z`WK3$fI55cAAf1XTRLcDiv4m(_E8e4D7mC1Flsc6TQCf`eGs*7Fil0FK3GcG6^e#D6)E`yM-r zGnA2$6Ws^dR4RBtoiH*h7NmY?kZbCxe)*a=CyKRa~&^mIrv z{Gte3=z1+fv{d0_5mMtEiD8pYIRtwmpK5|}2!1&O{KvdR2B5~~rY}m_DRMs$Ixg15 zq=K8=KmHGq#$~(V+=*TY2MtJ=jjdNxa@S`{M^}KcDJs>jxoCb8>B$8$5PdNrhC0Xy zppJ5^&_Hz!oTr#6*cYL_x5R4PKL8jxXnf&NnMOoZY6}2)QThWizAF7{Fec5A&i6K| z+~GV^@;B}y!In9GmQT#k$Bt0K(_8nRrEY)v&6Jexx*AQB@lzD=ubAoQKRf{x$?$s| zT~gz}5oMUz=K=-8{RHHHB*S9>Okd!t13*x0#e8V5R1jYLq2k=`hnYJD-t22I&P~rP zr|mlZ&X-<#<%EHSp4tcR)`n*(&tJ<*%9~}|9}Y@Bn4SWAfY`%|j&>2R6%|hC{P2+m z`$8*<+c~e}Pyjq&jug^=IIW39TKxEy?CzIO$U%+C`qR1!;eAWdwJdrI%z&JAdX#yzi(t%$e*M>2I z%IL#=jkg4!}X+d+_jv!vj!$($&#I4U7B!&Gf|Grt}Tql;SlZgxzXB zET=aBKRX{ySLnb)qhW&|m)2m}YNV&G?RtaIFM$7Q=a(BGQf^PHD8>U$H|_u0^tJ$7 zH_$xD3OFwOY0Hm&azMeg{euQZ8!Sk3l%H?&;pXYi>Kj=V zsd{yB$4NjfCAY+i;ZN|$W71bUkURwS5jj!rgosq?Wf#$HJ$}vf>qv=ECW+Ab_oar+?`Wj{ZAEirK2T<0Tw#)8JRqm-)G~lbYE-P)>6j z)4mp2E#(z~rfImK1$jx;K>X{;RrVPtqa}@@>A)sB^k|sMeS|u*wX(gmV|#f41^?XA zInb)<7F;rw{M3MYGIhm@xe7n$p4YJ+FV;;);V-8uss;sck$^dKV zpi>Onw$5}WZMgT}?A6;F@(R}-DMFYDI%)vv<*w#f8OIyAFg$3?0H9#AlK7I_M`r(q z2mx}I{^<{9z(1CqZqvM<@9*{RxG4J^OLCK0hab4-77J`jYLxrGT;CuO=g*2vYT>PA z4XeCSi8{7*YW6OGU^awjo`$YoEi4KK+)r$Voxg=c-cSuU5sslt!2F`6|8v9tSD-T> zA;IPB0>dN*urSF3#zP}u6K?!DWx|-vnpJOySnfe9@9wYB^leH!!(SrTw5%D~#hP58 zQh?0(x0GM8#C)GEQ~mrG|36|VcnDw_N&u+|e-gtTFQR7LQT~UWcD&95*UKi(rac6z z&Q4y|6u%gp^Pz0X*FJz~E2J8|yVTa_u@fUFQ)qQrmQ&4+^fTp>7d`bbEDADw`}&@eK#iyGEPh>{H4ya>o+h72HEc z3Dl8I43vn?QuE42CV?Lz*T3ZErfWoQR~U}_67-*%m%exSn;KJ*jF#LEmu!x^JMmN6NU}iL}hn*sWvgjhXU{kkX`d0v(wkc2X zPbs#JVZOSKdfv!GA5t(d(X*RWaaDl80EJsUB}7>*m;TFGGd#S2^8f=ugMFqNP6hsRt~ z;+0R3+*pN=!^VsZwNnw?n?Yw0KVA$?NgB$K9T0Eeff36yrpb0en|=M%Ms+*pLYU*b1VzOBVhkxxDRFS2S8^unK&wEe~)A{Ubk%G zi!fLBqpHBx+f{d}Q-(RgvrZT>LPN3kOG?BGvx|Y zMC{fz{P41bSs%kN#hjAo<@tO3TQJ(I6ZU8@7Qyq=iv^5jc3bw$N8&gFTfbkRm7R>{ zh@C7Mb%C5GX&B20f0sCFQ_JC8D$ZfyH9v6on-Lb{fMNqux6rt%^gYP;36sf`5OL@I zgz}nw53(tMDaGo!EKs!u=(YozDRlpi7u1Ty0RTWEdq#N{gxKe=QG0FXMLb_ufEll` zu&K=-J`MRbOB3&ljqx6q#>BQZD?75>e>2ky8FL-`qPq__*&X;K5^`{m`EpgT9#A{= zT^amu+#YSqpuD4HBY;43wM>!B=81IreLL6H9}u?>)b_ok_g_48p(!$^hR!3-W6#TLJ3NH}9uw{7ppfdBJ1iI_Xv*r*8n;Gq*!c zv*Fd=Bvm3Xu%-5e;GGkL2@?CI-o^CRMv?g`1^pI}Kz%@}jpX^Mn4WH$pas1j7K~^^ z)u8q`=;sS!On#b7q=10uJn0{aYJ*xm|5-VXH?8E24--i1P`y)ZX*SAN8X}vk@~mrh zKeTeZi?~d5(ms3^V@8eZQ$NC(y4&l}h|5!@xM{~3#vE*G$D?ald(tbboElfx&8fL+ z1~Y0IH)&Zl(Kk;jO8P=}3cRAtGafkzbsH#oj=I~chp@j7#4NQJIV(aM+pw8HFK`tv zOo-(#)ywXWxBe$XZOf)xO(vIW*6jsucBo4ZPkY&vBXjnmm1o=YAIDCV zT0%+_+G6ahwu)eEEjm%%l8?XLa~{P+G1}hDEg#YMw=fP=sJg?UM7Cu2lcv~Ere<0t zzMsJ;h289R)`^Ab{o;v}LTl;K`uG+kV#-2N4i!UI59 z{-zE9{5utl;U65M+r_*;xm`J^q9_o5rjR%gPRKRYwdkDe(D;Xv#)WVr!%+QgQmY^DjOA4}Wwas@W*w0w_)+Dryo&+8I$M`u!N%1+1s*-mjP_|p?^KkTmDs5KD*Tl8J=0!us>wX#?q2~@F;zwT zgVlg}B(VU79&tu1FmX|NyxexY`v1^e_#Lb8nNq^k8*XYaTU?RW++HJx)-MmD^0S~< zxD$bET{3B1FAimhxHTSLF0NMwTi3pe*HoO+DuldO#LZz{p$t)3dqrcJ%@7>ez6DTxA2%EoU*&}qTGYFlf6^CA@mAp+bohVY*I*kZjvu>Hv^s&q-t^+OA=DdILPq{kC|%o$UPnC76W?crObI8Hz912|VrS?fs&VA=w|J208O zWhF}RM3sqD_!!qtRvb;7W>(jcb4F);Dff<>KQCf<0I!rSY0vj59onYBWnP5k7fD0DLQ6Mo{>p0yQ&1FZr{Q z9aUMoh~~S{Gdo`~A?eM-d9YXoLL=eJ6WqY(%<|!t_>rdWEfqaM2{#&p#N|h^Z^ywd zcBV=vD_|1*uT}=@O?{Ij??I;%oPBNOniGPIGX3G1as00@StciH`k-=;^}l{E(AlM{ zCmgk^D6IXp@lY^-DaYHmX#H4U11ex$FH7&0&)i3QggCXelwP}dDm=e>F+~WgP`m?| zenbrhwj$GC-S4*1Dxne=6B&5?DFbMI#5aB~o3OltGJ(ORpg&4S=7xuz8aWB=u5Ki= zLw}iIGcyE zbrYFPA70x}Xm7pCP=L`x+`dG6VFSxoewl4ApwxSrowWf;lAbE&A8eMt>Ar?7sr#o7 znCpY=?j*Y%g*NbhP~?_kqzQv?kn|12^U6s{0{>e>fAatkY-Gfe8EFJW1%y2Pa@xZje`m)*r{%kK%HqxljxM;fvwLt0o zG<&(Ff>jJuj0T#Mf9Kw)^GXT1=ssaCN|e2Iv)b10MNw?HNvlhl@NXQrYmE*BM2RRA zukavn-^Sooq-AC}8FUIR?CFZPw2m2>GjpT4(PqSv_jA3>>R^`fEydc3QKL(>Px2_y zKH!S-lLh=iS8}_CCr1X?()-EqPeoHDc&$#3ofQyNyf0vlPM$L}CdX4md-c%yj5VOM zi3Gkw=@NQJ)z-C>*1Cul{IjCH9>KVqC^z<DrEDEA6eNWs6Q z({(%e!jAp{`sBv8!fmr7-20vBm{G62N4=|yUD(}c1mp34zux;a3@}o%QBDwzKd10N zo@5D^+qrs-nyev`AfcR+q8PlISU^W3Eg((Wh+l*rd=Pa>j1@$LU^r}i@Imy}-Fb3)*^x#w zu0(AqwmnNZZmMy-%;ZW+D@S^+%HIh7an0e(63b9uzDyS;CpcfY4BZ&)IJpz-S}A13 zv@(U6!o^tdJ4_I#WVf{6IDW=F6Qy;%sF>mP4ij3>^o(f`B*0%iF5Yh2j~3{;Hef!| z*&FM=yT7d(MCUbn2NnEvoU{TCm4swq0<-*qP0MrbR#dC6moisKl$%RX{n7xu-L{H+ z^6i4VJ>r?`Duw&L-UPi*62iq1ts8gy`gp2A$yzIa@iI(eES9Qe|8FiP$CXC!()mm( z)nqfs(VH~G^*B+CV4DgP&V2RG_TtQ%Lsm1g{Y9txMudcN8thjcLPLzS6^>eQ&phPU zX(lx@jhaemPtGH}D^!LCMG>=fkjacAm8C_R1v9M7J8!B7r`o0KFEH)xwU1dm?qP&L~}l=(3e z@@sy?wky43?z`RY$XVEI9s^^I?ygO+?> zdW^SehXIK%6#=C?^gV$GHQ)kMsI2?zNoAV7sJg>pD6?P*CIMMRjr~lflFNE{+iLwIl9F zG%(7?^+OfZ|0lv1VdtABby-Tk z5j*j-iq0^jTw>AIx@dZ@05#@Na14@>Ol=I7(L%e`wOTC#CV^n}enxQ21l8roY4#!C z8&lDiyjSwIY1SDKYCgB-;_$_z+ip5nl2Z0jJQ{-YyAC(!&!~yA2S1lr89evd%|I5J zR~1RRS<9La-~qBgzZ?7pmrkz?09PWWYWkkZf`!7 zEjs4Es1$&J;Els{G{kf!ah73FpULS7L}5Q|Yxce|;Z zGY85a!8u@(0_2&t8w?wH6|bb3Y$6H>R_dX7@jV4-=j^!jhe~H@EtV%q&GNsU{lD_1 zDF6O`OZgbQWT14H^f`xNp%Pt%@CrHUP!@5`s*+3P-9Gn$%9z$Q)5{pvwRNxDnw*~a z9>v{G{L=3)0lIM>X*JzQu|%sh3R5-8wIo)bJsOwG^2rqV%NknmHVm7d!%V4| z!`wK+wy_UCb+3F`BxHIaS;W(bLe*G2?k%V}22JSv0Y8JIjeT$w%S9)tra3W3SK)xU_19B9xMg zW}H3xe7vYCL$fk}(kumzdDXwKOZlM7`=w=ai+U*Asyw&2Ie!FY-b=9QYK)GW@n%JT zZNG%U)w7)dYt`08QxUK5riP@^`gduyk;eVW(j=Sou-RUf9DPFY@-O38P@#)Ps~RS6 ztNY!Ix8s@1I*|Ao zIygq`C;rQw?`$S}uy_TQJi<$Td5Inii=ji8yYK^_I7hndVe{Fc=QY`lg#D5E;R!Kq zK8Su3g_znZ;5NZ8B$D9qJ)|ko0?U0CwmL};!gFhqsNFPY9uTd z2I$QPiJLq1)Nq%_{MjRqNUcq>A0>?u;c)XY9HVfq5*qj*hEz?4OG=0)?Jz}vh+Al; zE=@6B)no(lSiJd$ed3_0i}|7~$EfyexB zX#AF`DB3qtkEkGy2lEpe;}t@29S*e!scQ{oL?mb7q7{_&QP8){v}#WG60MhEfj=2a z#JQ?T^_!HD|PW+NGY6^@*KsC|9}>2%Q>|E+86 zMBtcQZ{t&DC@nl?BVN+BrK_s(&2>jzp3MI{^6j+H6cicipg}o_LZHT==dx5E_hdP# z&CHS7-fa~Xl0(?UOHsqL2&Ze088c9QIGQrgqc|Z6X^+(MN@nP$W^*w>Pi3ib+|<(D z9rhoGodc9Gyzbmp%>~Q|1ZS%Bj=NO-OvkZe*PC?uxr*qFt5@$k0;_%bOk;kax5{H; zt-(nZa|8>kc!&Sq$1;{^MS+dSTx#}ir^nz&TKCz~u@tYe>74Y60my4GndbwtQqN%y zyIBrNh*>;jCnf1xeUChHg->|(luL9r2!8aCy-|5k&1u z1CsR%zvQjY6iuj4_ZW1Ft>a9W6a4wT(&N0xLd)o!ZVTI8@$PbDMI=F|c1Mr9WM#UT zPANpYBMP(PL6Y-mQlj4AyMmUAE#A1G^^&kj1W%EUv~d#)L%ZzwFs)432)~MRC7yr{ zn^IF~j16G0!g0J-GYGup($`|A>*&L;8D3H>rB`gb3|zjvVs`9${|qVnI~Pxdlhz!* zBT6|6+3l7)J+L{7+is_wv0c}U9MlXSS^Xophn#T8eQ(fevEFa4(~lc=*P(i*kpy@3 zN2a0Krxy|!Vz<>Gkk}MbxV(V4)|ag>@%^i#|K!Jwf_SUYkUN|@t z%V=LMAR;l@mS&3~9$#@GIZC}BRMFC`evu!2O{d;DNQL9fp4x5^k^6egbwJXLcz_n` zkYsV6y?_vm;NA5O8w&9Q#AX%-0PTF$(NfoiV?>oje~SiG%NQm|suC*B)-hqCrUr}L ziAZK`w*Xr!Qy%2~qT00ZFFxW~#4PLLh-!&-W&r{mrry|TDM|Y;aKGqQeN>@a51n05a6($YiC%5<_F{z|HULl;k1pE>n1~?8udK<#5O>ot?%z%8iqT?j zN>N~AB+4L2^VFtjseLu5y7+pDW#r5DWoP~f!!fqn9~5vT>YMP(|95tZGJ^Kdaw2^! zzwUv~-$^esrxJ#2l0PU17k60*5d_^0F7LGdP|J3I$jT*wGLY6Dpb2U%n*4warSL+h z5jnvxL4ffMciB?PO_XGy7)g3bvt)UBu3(f2i0U#@gS#(N)k*#}v}0WRp8A;7o6IwL zPi!giLBo&TbR0qn5yV8X8IaKuVe6+?hWABa7z(&aO?a5bdayo#-rwfyI(WB;mODbxTfAMs_rfw#nMXPt!Iaust_Sj^Feah^&(u2?6}bEF!g_2)iaa`+ zAjiB8r|k!hQ07xznPi-q$5#8~)^9oD^7?+KB%Yk~8cDjM^L}c_9B_p9nVtE+uj)qC zCj@6->m4`zbNoqp-6vVFJD`vMRN#iF#v8On2NX0hZUMyf?z}21U^3)C{s{$@U^R+9zi4^_sp>*_XK7Z72RG3at+b?uFH#!naaqT@Hv+H{DW72nR zm?cg%Ejz`>7@CXMUv|Bs<$sMZJ=*b9cnBqHe&{c#4Xa->7HN|034r%Hy)=T-tFt5; zD@bn!6_RY2U5qQZGvTV^5f)*xs;dtJYrNM(h!{>}`a>PX1TVTh!62`Rb8dQ7>d64|~Se#ts z9r*$tY@xebP)DRWr-ncFm-n%$kKuj?$|4GH#?=Ze8hhP%|tQYH(HO#VMLbFimK} zS3n}M(u2eJ2Ma^RG(!HGx8hJ^7qRJ4UElSC z0YA(wf0(7-SP#-(U%n;3NOK9(?negQpBWl|{~d>qvIetPj2k*pR!+y0!s=iQjV(gi z_Hz>VL2+JI;(;0oYthH5p6w86S61iab#vOj zRHt?wit zyRJ;m6YdomGzQ4PQ@06%axy>M)o#*GNcNV1#g4;o57d39(b@aORZD897W zN}fCRF{0>W2`m4hD?h}u;~AK}lyT?f`>0u6LaL01Bpr5F7CUM!XOkQ-V?D?3TTK$N zTk>t{O)oNAz_j;$?Nu>h8#Aey(>AqzX6`m2fuly81q9qCy7u7xHW(kiBlsGG)P=8o z32X%UdG87OQVEreDexNRd-@bul|S|WR73m4_lo``UXo^V{L6QwzJ)_p>OMnUV-&2XcSK1sZ&AOSwlIzSIC5Td zU)S21QEd_{={I@<6r??Yf^-Ani@YU8lkVyuPJL(@arOQxYa&>wyLfMf{q#lYB5>5n z`j1Vi)X#Z&PNRQ)ZnMAW{6f=>ms{V7WIl& z=7l!-mY)4P&pVy8gFS5JO>)U>AD4Z73-5f33!nJK{ILU&(Q2lfem4E$J?U@Mz+knY zn#19%W#F-q;kC?`?{kqNh-oKp{fx|90{VQeQyyWwi_K2DZ+ec+nKEQSmg8JO885(; zu2rwdCw)uBO}Zw#th!7r=bg|*TP$TkTs@L5SYDMI!^y|tkUb+$V&{@w)BU+y3*jb< zCxw$P3QJ+K#?iU&X{z7SI0=3*CSZ1^wDKaOO53alnF~ofztJcUi5}yw9T(-noY!Mq zGkXG8`Q%ZW&;tBtf9QaC$p6Kc^J}mwh8NYwrx~m#4ehZV&QrcQ+-L2kr?_Fc1n?pT zM(Qw&t0Aa)P^AWICQW^7HD|cr>PzG$M#v!IGgHYZs}j}^q@>*@NMz9-$E#BIHnU&da(~GPNWbUle``HYuAu8ZPtH87J?gxGHK~ie$M0 zx#Yz;e?X}fqL+gW1-brY@08|oDcKh6Mk?VWe_)~ibfaYSI;5|!!si541(u{}cj-H> zeo$agF?C}YE~*J4sic)Pm~4@qQn-tc8Sv9stA=uaQvIwFOY*dX9xt)~8$wGSEyHID zBNL0`)%0{;&|HX;aA^?d^@QzjplXIzD=$wTD|nzORtZy+Bu-u0f48OPhvT41zCA?A z9Omeph5&cuxQnp!i-kT$f_y7*Fru{G&lS=lc#JL-FRd@oT?;EWYs=$KWu&&5AH%65 z!|i6bhuT>z4e%jI;rxsr|17t>4OW$WH%c};d~FTJC)qKNEf$_;OJJ3HS?6pg+AQTOKdShXzTn)sjauj_o)`3~t!EXbGS2H@HhL z9-bch$x~Lf>^U^r&`~<_u8iIbPU597U?hLRX(vcLMePuq$#-y~j+XfYAk=ASw6Ffw z3PsmITpT+s^gOs#jf1lsNFf)#sx;MuB`Rl?$m1F}! zWc__KnIMPY8`jiIk)Z>t*sO(8cSBepO}HErNFod~qy1BqlGnUZG1fkP=N}hW|CKAw0py3k8jO*hv8zAF$nz7`9wy z^KG$kxL4bcu+3wO3dF6yu(VWsOgtfG};62W7X6VT~Q^^HJc|g=3Ds96Ame&9? z9)ABQ-uO;TJ=YBNFU6HKfQh$IXE)b-7e zmZMIb$G%UVTjBV&rW`Pza@+G6Nj(?%W6uQdvN$)8jmiiNXJsQ(B$Qh;b6WIglhzA^ z>vnLUJ+|W|Y^#G$MD;F9gXML4Cm)@MMY4F3>n(T+ITU1dLM%i32W^Lu`s8(LM;xtf zi(LL;mz9YN2(cqUE0B+~NF3w+Uq3=p*l+M->*rd0*oiTT=`nYSZzm%LNBiA~1yKY1 z-{%y5xXFZvE`5*Gn>~G~UlQk{L+80$U!-Kq&U#;FW-e}fIy`4E$E@pm{2#)ek=T1E zJgok%^w$Rfp8tP)BfWh~ihwu7#KmLD+R;6kTTbqn7s#id@=<5$?*Aomakq7ppuO}y z_1d=O_)`s*b%oxefNRuDN%`kyKI`xns)WMB{>=ZxAPSdA0D!-`PHhJ3|2mI_I=mqP z-u*#Iic^z;lljX~Qy`M$2(`ng-pZPaB370B-4P=-8)=OEqt>nbz$bUR6E>oIvHu*# zBK(cI#h078{NLt*QB-fc6>+l^nOwz8eD`kp@}x{j&XFETwr?&`)+ZNW0E6CH@j={a z*%(!l3PvK-TtZG=Ba{5}dZRPy`7oD}+H&RI@jruy&|CejB~V$tg@EyYpz#0OqGzHM zZEsoz5~m`rAfyLr+!ELSNhajhu=;tbra=1kgxvi&{*=k;o)n)Ghg&#k^^fxz_LJI(ZK}7@{-%c-EKva1J(fJj-Rty66Gxl zCcenk-oA#CFnDD~1ItTxm~Pi<(YE#I3*SQN0F1V9=OH&%+-13{{}~9Jcgt+o_HaO7 z&hV@suqp{ov-g2deU2WZFE1oZ=J}h_=YB%xxD`&mWJ^>1`a(`26|(G_IS_=tKOr%4 z^kH!xM~|}lVu(ETyZ&6d(0`>v{?{YrZ5H_E^C*|*7h#0*UYq9Bbti)Tu|Ji^(v-Mz z>&t(4rdU1kEqyyNQ)+l`t$&dCk&z*hq$XGOFSs31tmtUlxZ;_KXsMw{jI!fu5{>7g zQE_|ZUt&CkYet8<;h%nm7JNggE@iG>TmN~&fnhTt4sVFPS=Jy9G!B83 zw}=zF-@%c!ujP)KCUA&U~^G9qO(vVLg#k4uJ^N916 zq_jbwB!uWc-uUP#g(%0b@=ftQu3U0{XHPyFvExkjvhzx{{H}kmDCD%;o-HPUMhrvl z*x{9g`6*(YU&UkuH@ex`_wwlVFA0uTgM!I{YIK*cFYz>5qf$e@ylwG1+C2&(?p1Su zD<^*z9c6)8Z_yW6pe0=UC)%&1qaI@e`p`8(*3_oM2{RL?GRuO=jdUm^f(!sf9dEl- zZ~BdHBn38yLYRz)R{h>zH0?x*cs#lL60cB3FMFO7oULq-UOg7Hgcf5-DGdETA1&=nJ^5MI{1TI{o> z`$EX$KTBu?*NkI(Yg`nob=~!%xuVB(+oF|iG_^WgvzR$FO&e4+#Rlf{{XpwN)t^EO zo>Vd%jLGgRk|g!&8OC>r(I`bLQlrN`fe!BOlkwUN&I*d~sA39-mHz!-A5sl8X{9(v z31_XrR$0T6)p?g$O*^dGhCRt}{6V16!k^nTx^$;jpwrD%DNtw6%eSNvOSk^Y zpx3O5|HXn7Am*y@)KyRe3o?Gm0{Hj$gdQi{9OjEQX`%B+{HnbeTiSfx4K-eA)s?byAji<8ITcqQ}FE0vvVLR29 z+_(~DP(sC$dCUtZxS$sAERk@|qq+8gU8ntlVjFqufe{Y!@VJ|7I>YoTLrh%2wLR#v zXD>|r(>Zy%ZAXLWJcs1}F!z-~d1PDHKp?og^B^I(26uM?NsvHrcMIP9Q!+^sqmJ7&rzh0ISr0&m#G%aHga6SjyavsGgw`%one(ok4vgb|{gk z5M(Wy-GZ}Xf$$8dbE-W|y@Bnfb3KCg^tKV5O&Hqr!B}4z)>vVEVF)}rU=@X~TOb@y zz1 zTxu!zvxEcol-=)=GVny!_gRnTFYo3S09Ov(4#`x2ZeC@7_?gpc)zjX9_d{pHlCJyp zet`=>jt+DMC{6}TFMUC6oA)2`WmEDsr{2ZMrEw*Ft?T7Op&z1)b`yQ8y z`{73!;++Ps67{c}n?*EIDir-M3g4gyq`euOK8iBtgRsc*4tjHFn-f1!mlhyH#NbxZ z6F5jn&pj=(vBHemz;O6bK%mwd=z3w|W;~JIY`4!sNp4lH(j^JwL~93E^W*gt&1KR zvGdoQuQd=%GTg3`?9m7@$a;+k>fG^CN)2ru>St=mB7hdS{ZYWNC7Bhr=aP`sC{i8J z#x+<1+&&aLt7YGo=^JVulhDx{SAmKkK_TddniCMyFzmqg#UTr%TAD+#kov@y6vQ_!Nr@LvL10cHP42%qN+ho_@?1 zP2X;A)7c!rN}jE!6(lA+8cx5ZI!`!^Kg}phfX9n}XRHw6Kvb-&!!xQ<^CAAR_Dc_v zIcaY!4S8+tGRuNewB*Eee`&&AK@uw(3HU#KdGQE(3fZL3hBh{#+Ws0EE1#zh5Yel7 zty5a7>3%C(2Jo)AjlFN!Cr9@UM$-w=qDKMX@#on@?Y3cHKVx7oN+Bv%POkemmiOFO zh05g`Z(02@vkwQh1{3OY=8G=lvQCrVnI>C1QWHCAXl#06D2)A1`!0yd~s#c)9Dx&ub?5SA2@g{FAw{L$#zYSGsj~0qb3hq ziK?PTY7KL&cFu%!02f?p8~F~e+uAUT&>)lIUSUU3KBwSsp$CN$!r6o7%lAN%T&OU} zGaN5SH>Bj8Q73MPqgXQWa0$?%2wGZdP7W_^jy@8&Z(Nsh!;Q@~ATk@Bm}r!q5n;o$ zebrC!6lD`;e=jl+Fephv1o@V{*N61H4+XsI9pL#_yX%M1($X<)+>4*WZW#}7^gnU? zmC*pJRr*uUdUwcHs_h8uFwI(Er+)|$0;O7)gg-P(b22L120-+W|23QAA#~J{D*X1B+g7sRZ}{)?K@--}Sbycga2h4=cEQjsf&MZHox<0EHX zAZ~A49?g}+CHlM8^oTE6gb%!m1-UX#F14Y~t?2^l_VfLp3oPAd!c_?BT$eP8iq_am z;$)JW~tP?l!UO^6k|2j}nV<$s+;#Jc1jq8q!>Q+hd~ z0x_H+dWg~hVrK_wjp7K9Rl;R6OMC$2lk;_(f&SWln11v58q_YnmmM*Toyk|*H!G3D zI@>Y{#RD3dh_<`-JUXFP+|-exlLSW%)j9AgHmn(>u4(lH3h3(to8Zi_?D>wOF}%}I z4xC`-8|_6^tMr0)?T{O%sHOXZO`JgEm7p!@l3R>L*!6C_Acka}3o(p;ea028Zk4?da}G5(L98 z+?^;G1UULe&7P><5U1hy*T_>otpC=rEbOu;|CF$2M+JxBcPt(O_tn}j;N6nnx zNv;8odgSm}w2Wz&Uk~R$aSzFzqRC-6K72zq~*Gd$I(ay$M3i^3RAIKb**hd}luZiD(v9L%(J60LynAJj!F}obYQd7+V;WOyTAoha2ED_y$e& z@@yZyM1OsNxR4krz)v6kk6-?MAmG|d0`F46`0cRKP97ythaH7B;(7iC713>57}3=M+|m@kKabz8Pe`;x^kDksc|go=-^l@D z=Xi4?Bo+f!a6i#cjuc4dBrv~Cnb$)Hl7A*u|L5OqN-fdNPH5y{*HclWZeLCJs4kX~ z$o3EhDS^%}@82V3t-$~e3qWL2^-l8p=Yu8~tcdh#AY3;<@s2k?Zl&RVjT9^J!~4f4 zhvWFJ+uu!;nbrm(2fIWhi7`?*rj6W9u{QqKEML zHQ4MAsl6beyg83n7=n=bX<@(aNoWmVkiB796b-Ft#Df)iIk{m(Ci?!ilm7nDNcLgK z$;l-I5e*d@thA{Va|1D`KT3q}T$}->8*90eRrMMz@Ac8*>0-KQ$}t*uNMRo?v0Gw< z^*DqePAP!oyp<;j|G#&Pe?1F<*RbSo-r#{asi-8S;%SZDyMr-V&h3>-sn5kC;-`F| z2iL~)gefRoFXPCk%Ne}XETYH;6F$60iUKC7D*%}38!J8f|Fy!bNx&@i_M;FiH-V#& zbdh3SZcT6xg;Xpf(LlD)`TQV5LL;#&iP}OvcI6s7u?fHDGwDGn;xLINA5MzNfAY$g6$KoEWp*0(K#FDl(1r>%F!>+WRw4iS0YwVPQE2H>Vo$!uL%IHS87PdNj}G$3P!3+PnUiOd+V!zn#QLsvQe@eiM*&_s?SZIhvlSrukO3_S?(7G> zMGndLsO(ufqOgm0F_6p7(hzF(1{(JYS3bzE{WdZ@u#6`qay>i%<2201JCmsACv;p! zfz5|=(diOc^ZZ1yUn7{iW5Rk5H;GEyQfsh`HKLC6snY)=PDJ{^;*5UAq(mKoSffWW zR)O$s5=ex<7luI?ss}Md*I6c<5xbFZExRehm8m7vecd}H;Mh*htZ?ea1c0!uqMz7W zud%cgE6mlXPIe25a5EpNze(>;lO||T1B$Yzrq9LY!FGq#imlD4m9n@aAJp z%SC=#uV3tr9cGWt-1n_+$2Ek6no=qi z!DEkybUgc|Q=QH2NN!>jqBF|3zmhxq8!y-gf!hRdo0`I>6Xes;XcrE_doRgA-fl&xg zQ_vjaKQHFKdq}f}5UbM|^FDarmbVJozCop-DuV%&EDj$!{i}AO#P!OY+sp8|K3(5$*lP1gh#jQCrAox+`M+bmxZ8K+7|OkM96Y;s5OZyZgZ|BFQl~g zc4nX?aI5JP#g<%c+$KL6<==((%G$?4z5Tx5EUGv8TByYzpNUOR!Yc3?#>IL)NKk%D zG(=?eU3kMlo>Wk(`}aPFmAu@;1?A0YHJ^#&7HoBS;S>?p*Z^j}8Wub=(U;#@&E_M~hN3&Wj7)Gbc3nr+MTj?!hcr67d<~)VhJmK1PGKc}Bvm=EQ=Ji1WeXjv*&l>>+jywa$Z_~9ZYfk2WO!YowYPJD~ zU}Ir$4@zWdBEqOTzBq37nZ;p)WrTBj*$3ps4m`Y^n&AFC03Hc`zRAH*Z(@7Lhgce! zc@D*In(P4vA~2ak^U8#+#7uAdRGd894oe?l*!0-|=@p7dt*)SIt(0Cj994y05QcKZ zdTw`!57F#i7C|YYBDh0&4*`8)wiDTPtD&2284SW-y1F) zlvbiGxVaV}s^KzhH@TxhQ7(r)RE((G^e+Va_jAJ^*JqUAG-f)1856>|-b~H0ptouY zb8rLG(zwP~Mu~ncvMB>%h&hptqr8eTo%peL=kiopZRChf3Mk9P79UPIwMPh09~SfV zNy&x4mMd=vZ9@b72O0StZ`KRe*h9CA;l}ej*?pZW)>$Am13O@fvX*~%D_iKQw zM9;!G5$0K!O$l{Ot#EH4&qU|$B2x0XfZJt{FWamuYH$72=}K;#7Gg@+K6xg(+-jg| zyzQreJ1!{E;|#;8g9xHXC1w6a=KeK}OYql;tG}Tm&*9C6XitPZYFU&+2$mqoX?NT) zK6c|gJ2G{H9hK&H*!lN^KMD;vjXi0u4`wXO3P;E+FMX) zZ9e!oIs=L5F-I>*;}9_zyo7D--1_z5VCqOae{`4l^)qHVY3k;0K4v zOf+yJ2lE4^!YZa{7P(QG0nI>KJKMqTZ-Q?WpN8N9+-}=xRHkx1&BP zFCo_?)|w^^;#{$CW=s9&Q|%csIE}lGQA;e7UC01RJcvZidXBS;BVPDp9ls3m`{OBI z>hEtdCwPZfoW{IlO?gDBxl3oM}CJ&1rVjp#Gincah^1+afIVg|WfNkDMbcFGS5 zNCf-pjjn+CS{+I-W_CCT48j&V97XALZw5MlBp!>z33%6fu8kOBU1(>_ncH#tgIRym z6Rre$>eWqPa9bfI!ex!Q^!TlY&{^{NXo6phi?rZyc|-gMp}}@!qQ#S6Vku_#q(`EL zsUT+k;J(d%(kQM)VJ<{eopo~4lx$|-b5GEPU&2%wA%ggt22xZC7ABCzC}``D{*OuZ zY8C?%dW#@jUl?lKrC8TN#1#c@fo!X^~Xrau!sZN8P20k({1i; zZGu~_VYvYOWT(%T<|5Q%GcXI(QpX?07R+JvncBpW=Q2S&KRLCnFPrN~ZJ01)e?Vq) zp9RjdvidhaRQ0(W2R)ql1oosMnNlwfesO@pHs<+Nh$RJCsLb5RRLGePYwcd>WSKAm7X{6O@5q3EByG$ajY?j;> z0a!U-EDBou>snPTdYSB=Du$eqbd5aTz7o38Fkj$1yeQx436r1(KKXs?{ieX>o}xN$ zM5*V&g@~Mk3cOwk(KxeNqC|llsj>zYvw@6Np#HQ{DO%&2zZOjB`3QRBlXDZfeuI8U zU{4N~VP8mj8&Z$B#W*>R(5s>`V-RgdHzN`o*ZI>2i4mTCTEqieY zAg5CQDwRlrf$UteSSX(8wWLs$ag-=?PWMarCWO-<)Xtlyd(rtiOwN7UsMm-htdIdl zB?cQs&AI`7-Pj?a_}FalV^$>N67;lm^IeMm+ss^DKJU$k{TpufidS8`^jlAa znqoU~UZw<$&bY`ZDE-#d3E&fyS2fALqzx2(*gfyaZuoHSbIeEvn6eOw@k| zEr`oyP2x0P7Llcz`KgY}Mn}gxmj7E#Ed8fNR!CBM+Qpw#B)W~Z^PJ(A3e$XH!e-6U z`%^Kpz(#?GX%$kaa)3QRYJiIC*KyR!{T2fmhlE+zzpuRQ^>(pg%_;NIGVfb7=(w@XVgCG*z)3fCl|{3 zs!Rd`m!iVz)TGE&U6eO&{AE)kv4@~hE=AQC)!FWS_g|0#vsgRKkA78O{9YdJ70X4{ z5HfLyv*W5-#hlL++Xp`#IRtUxOIP=633S+eH`DO$v={2ktHil)h0|7@%sN$Ps_Cz}T*wc|HCjw%)H-Zvk0nXO2`lw|cM^2x<1+FG&OmG3>bRrtk3*>A= zqMMU4s9r$Q4ddC6_{VA{xkj&G*M;5P{lsz2oplSfVt4a+r9%mzO$?uqgzzB(_i!@9(N*GfY3%b8j4G?@r3h7Lv zKD-P`rRIJ4XYA->g+PfKBVz&(BH^J>mLRYzwSClRNl`|%-$JC9s}z_H(-0Dfp4)>H zPCAL1)b>~4GQoDC$yWUUFr1}Y>fsAG<>e~Y?o4*P(x&PCNB|8!l>RP+DE-zdI;K#>=3)hus`$VEKp!Ebm8Ee@*(`b6dyWWxKi)Z~bx^;v1375)AJ_+qJcKJ& zFy-(=6t>^yLuJ~W)XQJ(n}H-DCz~#rIJs5I67qZdhC9oOX8{IS40JfUZQW1O{|A~q zcmu#TP4!@de?pXfXb=`&WsaxoiX|#c=pONw>(zSb6)40Iv;1pr&4#1tABz_6&A<7j z{vM!Tt^s@%7zkdw`p;v9SE?`=sSSX`$jpK*G>VKA5t>G?z_jl>uC%({md=?m{O9r& zpeF@>8{3>#Delk3<_-yGYS|XZ8$!&*k`pChkH+D8Q$dxkV`Fat6)*drImoKGr%)9! zA^l(sq*A#CT^#kN=+p-)Zk`D&+C+x0dy{dz^PpKTALv|}q$(#HmkI^)$S;sqNS>6; zB6@KBbG4W%Wien^y{WF|Hq&t%)})@;FwajkRpu!YOW#Q;qX}D+v6zWDg_Wz5mYDAVc6XsE!0jP8t8 zClsxuHp1sQo}!)g2@7Xa+pK2(I2#`<7mJGz`a63V7Y8H6du=ch+x~DHy_<&LA$|P= z+Na}mls|;kgnYcMtuH4cSlz9*&*LuIsU0lpd=y)?`i&c+bwPSD!=%ej$j<4;l5~}U z^E_)5U|=W5`!0_sZ~zc-eW92EkgvK&OW#IB$i)$zv+bL+IYUyzosf&MoDb7MUk~~z zeGXTuD5eS4n>6H#+MEU*f{NnghHPlE^!T>=?}^z z1BR(m$K2mjZWHRh3$#A0e|Wq*kL>pt%l6B1)gU-6X@500NMay-q0wmLCwbNpXt-JP zy&&<9_q>MhqT!$uc{whMOq0=8A)$C)!(z|MHemn4bk<`Nz=@K$GU=x)4g!c%QA`?W(Ec(&?@Ld$Z-x@G!_y)Ml-ySt(LZ7u< z2Lts_#vz~SA46?x{*3SBdP{(f%92E+^@-~)&VTn2zU$!XFh{eOhQfDqy7WVQHcLO7 zxyaLq)OH5;?WJ-Q`!Y=a@id*=r5qK7{(;9ce4R&cc&yVLXZ*xo zOd72U+g~rgK-mjuJY&J7v?!}Jkso$8m5|ZD5JM^1w#>WLlfso8(4OS+1mb_ZX_0Z? zc0;^X2At5-DRw3ctvB8(rAPPw~pWdk$&mR!rIy!h5I~tH(5@}HDUkF-G7AD9f z-+y#muGDQB(yS3VB7E?)J9bV<;u9C$59+@aD0II{TC>^JS8gb#48eZZ-DAItOV~^* z$cUy{(9riinCWeOLo9nM!}o0SUB=xux(Mjs1PW$@SeN-fUYVy1GQ`KzjmC(EBow1h zsE*ewBXe%W;@JociY{o|Za>krJzo{G8fRw={c*VPgj7VGt#@cMn|sJ8QL9y*E}2a{ zBA)KN>kEi)f>lAqeMBRmR_I`TvzB5>o@K5UWilo5@gpL+rpLzk_;89(HWl;zPR=B0 zFl%;xm0SY2k@j< z{r+)tJp|BQK%@FZefW)#JKvG)`hd!t5k~{-xUOk%?4DueY-yMCx43%i3B32N6;bEX z=W=m^ZFh^fr1B&!&_$`#1rr z!R=XZ;^ivS!&wNK-g&<4*{$K8LeAA#0CAxw&!nC6OpU5-64N=uA$mcq-GNmr!fR}t- zTx)wI?X228n9p>&Brxe{zE-+z+Fkv{o-)vQBTnmZzIM-*LvgxXlenDrT%B*B?kJKD zzkaZF37Qqs+>FVnl4x3-uP*|aH369(Y+mSKOzEjeUrZWu?NtFujwi<`KpK|JdC_oI z__lFdq|O4f@rY}zzNKhD`kmMQ^~u@~Rbc|{idCx6h7RX8(hw{tU3juGM##Add1Pm% zh0wbzOn_gsI_Yu@HIu?KM}J9_%@ce21DeV>^;~1>y;|T#=xmSHbXnStBqc>Dp$|JV z*MV>#QldNPjXW>Ke05PD%P8cw)1!C;yzhem{)#hAA~mo1jJe@_rpB)xl#uV%y5-}F zqsqMyyA$G&3oSCZV=8(-}aW}Mm{B$Cj^6v+U07eQwe9G+984qHqY^x+-USy zFTsZ&xn?s*c(;OpUFc9!DbcWHzbqlQU%yv1F#F6xT0@CU<2A+~iZt8YMJlm`&RXt@ z?lz5lQ*fyL9tz~rs0R}mkV_xOr5TJlCW-Day9<9dFETTK*qCrX?Z!^}{3Wo}#r}vz zKbBfeomz=YiaO0P6jz4}OV}MFMi-P|J6$Ps#^<>1&(d;58A?bKhSHYWY@^%(VG8w;VlEI2-z+~W!NYgjJhlHS)Io8az zSX$+1P6hEPm*Avc-6Ln=>kHh}8f-5CBxXVf$aAqIK!q10)v~cWUj{du=q=0K#6n<4 zAp=h-D*W8&#go`7CQ=FuC5MdsLM2_AzHltxeu);J`}3uKR{E-_SSXBhuJDb&3c~0n zz#(^TJUT{k!7U--Ymy~I9Rfgxz*@c|p5JGm^Cc`0RG_N(9gtZK*Ut3MGL?VBKG`1s z_Q~`^RQVKlqvmtd=AP;NAfOjN)ZEo2!dWj0pTuFEnzY>P6qCBt&|0EaKO*CBXy1g; zT-I)6u7Eu1g^+(Rph zpx0&N-}gm^*TACjlFitmJCB-l#jH8MQ}2f=aBjgRIRPw^1E!ydb-oznJmz^%>L+~3 z*X;Gc_$DgjP<&C3OxiZ`%9MxE+#eLsCQ~@FOg_Q#JXAnl5P`mUpLs+5C|MiB z?kbhO#(=ettatt@<&L7^aYyx4CFG)pkW*ExvWBpObG~??ABQIs z)dyHYox+ZS!Z<+JLlhv;Y42Ug@I6-w6V*-CFj0J0qQtbPq;ADvh8+$h`(I) zLu09_1LxJO?(jJLI~lRH4!>N7m8Y!cLuZ`%v($4&ceR;?t%i;8nB=MAMB<(%`{N|) zq%YW6)Ow zc}g^h_2-}7ngjpk#SQW7o4aE8*K}pUTsIqWl?dY@g(0;}(qVuuouwJduj{XZJ3%-Z zg5)G*XYc$#dd1b8P;5+~@^Dw^u$Hb@{=E@z0mBJUt0%krba$J@MK?8@-!e&tY|f*> ze-D^s+ZBep--Z$MFK-4g5)V&Fqg)!75?X;Upi7d1)dBuv9b6zw$hoO`PKV#c1ctA zW^LG-7>|=Okd>)vW`haHJ#}@)W?wk|jl+4lN@QyBnX#m#Lc^vO5stb&9!3~{R#N9L zTCBX+`gUu|zGIluuOy&*NvGP{BbU6k^y)Z9qvakyf{2D*7raBl^>oT^uF*EYe~1R8 z)ZSh7ZZGJSB61evbiuJFqwQ(4VjobBoJB}PwDr2JTb9#qI8`+q)UKFIZmS9>~JbNb=-AQOtbZ7?OvU$w)opq@* zeRk`L=?#8hJ;!KfGvK%`2Xxr;2vTN|iG?zrE&z57Zso{% z_$aB`+o`tUfLjvsc&QpY;-zz1I&#SUuYfwTHq)}k9$zTITO+dO0%FHiaNdMGM~ED{ zJk;}dBlcS5!JkdKgLf&9`TV!I>p1y#uO;`@_0AneHX4w@y9%Zs={-lEP>;ZbuaRd& zuaOzJ7x{g)+IbKz6C!yq91qtEZn-z7S>wDlzYk>nN-)sQ#od9C(_JN+YfwOo@zc9M zV?X#7$Qz1+ak4C`5-4HN;#!$Lu?ls7!F9;YOB@uuB{o^AJUSxF>&sZ&>yBqS$Bcu` zF$~d*5WCM7xXaiZ;()I4YI*WbkxuVrrDZ`8k+G$H8GSQYQn!)EbCtF?)foU*nZ@*U z+dJ(m{2NG;0PtM42Zu+*#7VWFmaKMv{zzZYaM}{xohq>GE1qlN8L!cFTAQZ(kZ<;F z?!*`GX%e0J0QYe+7AQudC_|v=gC3NW0*NY5Up8SLcNPBq0GNkT_a{Uz&g6#*qUn`7^OUQJPb0ot z0z?_EXFwpl{+1Q7#$j^GrCFz`;G` z@)Sv=CV8h*5LxwO&^WOmG4!S#B^nhCB5mUqw=VATOtg8!2!U|*M|7tR6s7v}r8E>T zsL^1LoNGoH+7|cSq?#s1UeK$sy3U_hMngaZ5&cY=V=jIJt8$iL@B_BjgL~x=bSTlG z@Y}p1zszeu=@6R%m)C2=kytFc(ZLIwX1Li}(}IhpbNWX!b>83?Sj(CMY|J6YnLtPd zkm;*N)l&c}$&NT=c2EZljnmTofRZVihD*+oz7|j}vA)y8;I9ag`cx^JL5~ELO{(+xWh!z>|A9FbipuC^3&D z-3bj(kcgSSCD7GKpE`$3U}DScjkzuI#KzMh;9pu{~TChX8g5_+`;sV zu%jXV6-!5xuFrTaEMh9c=%?N8c}nM1A*mf!OpXLOt+sDePw#@4`gs8QKUA zaFDm*AE`klKdSKwTYj)AIZgUkU{!1~vTAo~wl}G^CHAqVu+hE6sW*!H4zs1t1u+@P zdFL<9nlHb%H9{5krIfN+TEXnABaV(L$Xt0Xm zDta`-05lIdVJe8{gLA~@;I=sU`;olSQ(&6+b`t`pg!EsBJq}ob$TUW6Z&WYr{eo$w zc0bQWAwQr?iJ_Pg(o)|J2RdSj`qQ^WM$8e{3ZjlrBu9+vuY^U!9HDW9K58uiEilOy zs4oph8Y6YDxD5I1n-y)uKkleo`ndPF1EwHzq6UE{_$Yp;wm3SKVcZB&R|uEEU9Mej zVl8W;w}AJE5%Fi)Eg*rCjgx0ZKkY+KA3Hhlzh-rZ@j;cR(cl4i^?@Gh4H8)ughz)f z9whlUeT9@~qf$POu&3wmH+rg+MH@T0h&)kV!&7Q$w;uV3&5viH&K}fQcr3vVAure6 zBpF{;AZodv{S4iILT|6R54gP(7S|WAkm-%kBFc{mFiar=g*?Sjm(%Bp@o{EeG zlNV)nb<>?|yC_Gjh`eQ0C%=Kq(0r*hm&w$9Dg?_Qgc1$M-~3Uq?RDR1nqhMDB)%rU zEXwXAEHodVDGX8?ta53GTDlet0-byZY!M#v7c6=VYyak(yL~O!%{Q_lB@UJ55iIVN z)g?nX0g<5$*s-#B!Z^gd8E|{fQ=hWE#!rKU_VmcaU;7yh`R$b5OHqf^9jZ|A9`?4D zrNtz3?cTnZ52orSRl1Ime_c>{ShCx=oT!0ZL#f2Aym?sP-4!I4giatW@3y#all<>D z*#-uDW=R#P2($RFW)x1(cEE$h%w$Xu>UDtxo8RBb#Hk33dwPVwY7&;ALIf2y~b<6Oe#72 zI5jAo`-o%XG1Ll&klUU$gk(gh-Jg;|hpW@)rl=sDdGK?Mk@i`KZ)r7QG9=$~_V8%` zXd0moeJ4r*uEyvoR&>Z4%qSg-kb(5Hd%g3!=iHBT>jPPZu(n=S0G&NNFNSv#_m=dz zgcYVRU<%(}8Q@7tcZ)d22&>q`6`y{SuW|C1#6XO}~<63P#9Z16dc33Y#*J5J-y z)T-w+fc%OBU8T_^%(p3BkbJ(FNFN5*x|vM9i~5ii_S6~ldQPs2`7=c* zetrujYB2u87!4BEp?mNl6wn4hx&EQ^o+n4B>O<(IsTAvON1pX)^@M#OGm}L@TBlL( z(k`R9$H>DWPYTf>(zgZx9k<}z8{yvCDf+-9J-s`aE&AnqAL#O_UZc+f9JiOV`N6t* zUUxdFyuWXMC6$x()$72aL{OER3nON;<(fXiu~J}{h0puq<*_>|!S@ZWPq*)T{oceg zcbv47%^9O8tZl(t<1G*0QFxbM?or^$@a}MySWkudr5LgZCQHV6Lom&QN8zlwL<>L7 z>J|Bae})rLn}kZ+Q?+!iDOF_|tJfu+UYIGvkzN?91o5=Jvx{Il3fhC|4-8ZCP%c+6uj)pRz?Z^d9T7N13Zk>N&(IFAoowC<;|pc7@Dk43c(~q(r${F zJ+OZql)N5fz`jd17^Xc8`I?UcjUCVtK;HvE`=)b<$9k!~Fuvyq0ZP+LkT%|tsYg<_ zezcSomdEaxh}Q#NEdesF3l~aY-XI-PvQ$wX-lz#OaxyxdyLBj7cbwj4E28$bd2Go8 zg!)C^QBFeRMf!T-$^LL%quxVTZbFNl)NLXMd6zB2ZCx0HRcHl1%W}PbSuYh+(gGW%MPNQ!ZD^j6wA)W!-ZGvJRUY}8}+@&$CPKR2DMA&nwS{!oy zEu_l+p~(bS0E)<^U$kTa(In@<$98sYE@~wVNu)XSI`_&t!X)!0JcL_sE1~agqWX8) zJ$48%$3}tc?)$q>x^>VRkRoW`bW7zw#u@xcW$|i$0UR}!zc=QXD@jaq6aCf^x`_;d z;;}&mW(fT*FyX}4uP_KCqSqxG9-zuJos{5`zEWeGL|8Api96gt$DLfWHqNo#IB2(R z-Y7`0T&ArR|Bdp*{W6iREWKbA{&W_uZ-fzR_VwG|FY&|tUxXc3zVlk;^b73g3yzW% z_+pnL+M;rPoz531NQXI$(g4DDA3Gfp}Z_#xh@l-R<(!KrV-w6$r`X#6(sRP7h- zAl!M-RIxPEWhC9VY#yHQ(nthwT%l_HaMzsS1y!Wpe}{q>{zCmrS$UzJWMBTT0%>G9 zQ2Rx%Y&i`P69|VUQL`v<(zkn584Rl-^3|guSdcq6Q-R0tfiOPt*_yN$F`-QO4}!RW z*h>S;Tfwrw2NZx%m1(Ck;Oebzz-w&fsPGX$_<^%=!q zZ~Yz&ZW|A8&DE+~{w^tUCcglPElw(&|9(UyUPC}{&YXX#rvrOFh+qNKW9ti=uC#|p zWT4}(=hd{ZV*7i`BPjrSuTwwN%kUM?416*@Qw^C@|7#?#gEv~DI=(fYRtVMSiyH=@ z=cvExVJ|3{0N+cgo7nOpb@Bo|ygWAMTjzJ+=bJ(huAn%0cD!O42u@E=%p4AqV@L^`SW5<(vzrvPBKIPKc4@8jW0k?@=_%?BUg(0_YvUl!sXu=RWV?~ zYI>Az|EiNm>O=mFnogao)&~k7Hk*B@R38f?G3eD*;4t2j9O%&uvb};oBSC?I+&o$9 zw0Y?+a6HKbS~aBlqbauDE?NGkQi8lzr$3@%nR=rgcIbAP%CxkDpt=`i)eBX`%yWeF z&jkq}j3SNRQ1E!CI1tRfT!H;KL|k@nO=&vECE9&}-0mP@RU^*;{S9R_gMfh zOtlMqh3lUIQicM|QWwVhgpXdSB#{apf?0&ynbeTl*?{O3c$21(NY7L7Bi22`^%Rbl z4d!1<;SW*?iC4o*qrP(LQ0Skef&x@euz(Xx0Ah_&%#)G?It#~u zGfX--bAK@*57mZBCgw}Wtzq8rWDWQfN(20gts$0C1T`gAImN*0Y<@iOJOM}&YjUp4F2uTvQgEzpB$*mHrvv==9Qaieq5>Yv>MW z8UH1kqysbs>(*4DBVXj1D%vj&g=^ zajvQQkAUBpH}qNRTk?9dImMGfGar(BAnUuu+K}@pM-1ouh0|{Vno~VaeNU+w$V5NX ze{U2jJ78Vhh+A+y+Zi&aQeHd<`%3eofv$QUXd@|rb!UX>SJrf^ohPE4vDRPO$PZv!oy%YapJBjBkls{+r1Ldao7 zQUgZ>38+K3o-;1xN}?w*>H4eI>2$*teJBVQfT^2)QA`0qTiH+p*FDuNA*gfV1_Vc< z&J$Gvky+=X%UF(hiqlQN zs4)m`71ZW*{;NkA=X`r8Np~+q-nkNCi{#L}e#xLYRjt+pQ!3=*B?~u>#6oW0pDFJ( zL)X{xbS5Ew7#f-z2NbDdDr3MVgkkOxK_<7yt!P`*)}7I8vEpv(rFn8PK}s z?nE4n8U^HGEcs&UmiIIkQ*YN;E);Ua{0x4CG|8s08Q@u81M0Y_93*Sx`gIro+6VqPrfjV$xRt3zSlcm~ZQ_2E$6XXB;swLBL;g|i;(fijIZ60J5& z6T~S|uSf=;o6PO?l7nWU9Ix{Q3Xjn(Au#}oO76s*OPHU{kIL#tKYP7ueOvKb-i+oW z_jLp^-%WeX%F*bFQNSGQ)w$UL4ToGMf42MDe86SLA$HUiOLHL*l<<`j9`COMMqVWX zTFkR;fS%BS8f9*`6ZAHIQ~CN<_(I1N175n3ZNqs2v0-yfp;Bq`Tt+4G>J|aQy>!Vo zYB>+tA&bVsTz~Jeia575ea&{)?fG_q5+S>V`i^UmE#wI28p2_Z(+V>#qn4+WYS1}a z_!n0%Z~OM-6n)UAix?F<9WA7496UHrI_IU;xuh&9Ybn*afGW^{Mx%kEQ8(}0Ed zb-a95X&sF^K7A+4&Ua7K1l#8ymFDF?ILc1H0#DmbuP+h= z_!*Y_?s;v%F@#m{{=`aMu`26yLb>ea1mAW)@w!dRkoC5E!soIpqL0 zYu@`#-DxY%fHx(BaQ$=O2I4l`ChX~o8^LOG5U}r3)KQjIU)^mw9BU6+5pmlS`2#Vz zwee`d>E;fhcOL)&yBhhO0J&^fheeP)Lzz8)SAsEz{|irVEVZ+p@S1zpf7Sn9%G4-_ z*T8CV{=UR&2D0s*zI;Dv##PPTf_UE6w!!{}4n86MT!Lf<4QOj`O!qM+k932qKt7sv zV-#*HZ+ir9F@PH3t=HGOFMIW-{Mh5+-TV5ZBHRJ?oXhn)+=a4DarfOhXy$Y0{AFSA zuxIR__+6gPWUnu@$5UA^wb|ZR>Gih*PUQqY1A;yI+LLzy`JLpg7xQZYKSP#Q$5S2K z^l`>l;F#JF*cy)70^K#9?&~-}i<~V4wMeoZM}l$lv}f>_H}Wk(?E8Rb1XZR`sbmfj zA2=q~tGnCps{YQjKzE|2^WH0Wu!%l#UHxR93vkld0KUXzYfNege0B?jLNK%cN8VSs zMYXPP(;*-OC?O3JN`rJsgS03i-5}lF-3=lotufckyJR=%BregjN(X!#hmYmgOcmPHfMrO*`i;{}U z@_#&KwP*)jwSDMi-V_9!y$^t7%>X-iaqvmsgC#H&-TMh{rrI?#9@l2P(qN^)X!32F zd{>uub1(DBT{Y@_AW!B~ov7P3#48?#MUL^=?}5nGH2tDYtxpdezb<+4IP5-a75I?> zN%0U~M^7=BWwMs}lfCCAf#N?iif~NWG|nG`x_=}fTw|6N-~(&#!^hOXru`h^YlEhJH*rK zDX1u(b(}SNU7d2QNV7k|>{0ftcK2t&V6AqVc^wxCr`57~BzxtY1xMPF)txg%(NM?U z?PeFjHg)9=ATfmby_L8YQolE76MWt2N^&$XVU=;TFq|m=ribTTasT19UO=r(3dhjC z$cpDp5%=L5zIa0rI)PrrQ;ac7bCFc_kF=~i(YQ09eR$RLC8w3Ebf?9h7m>32+pkBz zy2>Q8cExX3HMOT9r}m^T3AR_A0o67X6L%ZCV&}uA3mKQ*5sTq<_!;U+f*!3m;Wked z$LPKHUd?`oniVSo0wWk{oH3+{9zYBTiy;qEh#8kz|GH5VrPBcZgxtZ6H$$&s2Q0qW z+tcOQXp$tXTd~s7f(G5$X3iX=>Xw72W6cVGME$OG+NilY(s0JApBZU&W@vHqj7`b$ zT`^{+utTRybB_zg4J}u;#y0CkRjXApzr?Qr#SYXP7W4~l6V6EfmTTPxU-)YHNU#Kn zOK0KXZIB(?<*I52H~yBuQ|l3jaVeT)v&imHAOylZslR~oI1aw+d$7jzchqU|1>b%? z3`)I;Q{grLYTc7Ys?rekol;2We18ts18d!-=w0zog4IvC!sT@%?M+y_k$XNT0%!|( z+o&4G%qt`(=U-Q4_L^x<>eF3@oTeFSBG#8xi6w;vG02}mZ{{i;Nh6Hi*iO`F($5UE zT#{hUg@|xYC8sN1GgyJXuYAjVM*l&wyM={A*6)0OnW4sMkG|(4EzNd~zwwMy<{PGP zXK}d#x6nr#L*r??UFKDW+)bzR8~wC!_YR4F&d^=nq3PuWaoAaQ6M+-)X% zugL>&Q;MR;IJLdVBVMFZPyPH5n~Awd<2KcSp03L9l`}>~A}an<{s*iLr7Yck!2z=uVET9Cpl0N&yRC)LYybsZ4wre7Zx$K`DM%vrxH-Ol zM?8u`lg`pRB8fke1n^M=GCGaFx$0Xf`}GvCPvWq=urL<6hOyvthVB$S!SBviB)yi| zc7S&J%#iW*oo04B69AL5B}j7~hmFS*TGqD3M>z-UC`yj>1mgrb@?b2#fzD3{IZs&H zb0LhVl!~~^Lq(f|9nj_9c+j$?yLt|o-$M)QR(;XJoyyXTgP_D7gh_pT$edVfUtP@Q(j&8=OP;J^aalx|qUPkd+d0 z>BTOT1+X(gQa<^#)il+~Pu_NSXpm}jC}W{V30#}}_*C_CuIGdKlU%=iD!%?wruGh8 z65Uz(7?O1yY8hs&SgjrjT1w(0Gn~j4$s6utUt^;ALcO>hbY!h;NGaWH^Q_m0R**+9 z2T90mQflDci=+59WOpp5r4kR-nL2IJiVWQcMP2C+qntOtfK1Q)oW&XKCqDMEYR%ab z6&m`E{8JOkVZxea*Mje}#wt?m_R~zC(zUjkn1)So`1EZC$z(7abHR$n7&p$YBb1&l z*9UB4=G&4z_05GbdnGN)`y-d{I?JniKx;L64c-mSFDr*+*hEzc?0rKl0#1k;h0FLy zs~;Hz_FM!%7>D&S5PuB_ojgYy#=9Qxj^Fviv@9l^ex{3r@4V_N^R|O&WGm|V!G^hg zdM({a{L|KhdMk8VjkR^@J}seFf!Qmb z#xoKczaDWUv!`p2EC%RWWuP7TuvL@>-d|b(H?`;M*N9O{B_|b{G)*GT{C=3{sOBQ> zLaR=Et_g=u9@f*S3vKC#WhFnO>6P;3*bl02Y--JXR#-Qp^kFY>zw@5!*IZ3ul9bny zwqHZPbvZf^uAu{M45I`=(=J5ctdQJy{BGVn7e`!B3HVfT&7H-XyuqaA7AGQJb4D8u_0Rfbd|Qe05(3Xu)ba6 zgFQ6V$j}`&^Ih>snmHRZYwk;Z017L|=m28sVx&|~Ui-=ea+S1^nTeTmMYIcPxK2)) zZrNgpZ9sk+d#+N$CVb#_*i2axPg~`z?=tqUY=TZ1=mfBwJCzgRfWHq{kCcD+3!&%SmC3mJHciE@~VW^Clc?8#UBY zOG@$+k+1q~vjJ*2zyNbLX~p2OT%8&a8)d6=y?((W%5Od>5>fG$3n15nF`=udW3z#I z-ps+shJ4?_$U+#Lchgx1qDUFuYj#d&tZdu&pufaaef zhM{6-icRXVju1U+v8``1&;|d~0#o350M}~QSe=0DIsnTE^mI!j`a4-~g(0(<#njH( zJGY8)fy{>G!?4B?GNRTeKKm>C)CS*mGg;9Gd0SxsJRUREnZD&GuM$&uNw?2CxU^z_ zJ_JYw;-O71I+X8$bHitjbZ5Foo0=1Hym)M|QIx~WPL`)O^r_r? zcntED+>2KOVQlT#Z_H;$iTpq^M_0{uEuouyYf1TTDO?u>%)ymul*D@=&m!)*Kwb&% zD2awh;x($T?7>{arW*yzzFS>ED=s}Qh2%^c1*K6sUS;jYGw0=oHyBOxq4#h=9%+Na zv$|+E!VV7EcW6r{?RV6|X@hS!eAzwh0XOqf!|T8ifzUqEXee25D-+=6)I`lXuyh^; znjshafFh2LyI&M1)K<4eGv(P7pYRASoQ<=IrYm=LT){IfDFm(@{rcFva@M9sbI}}n z!r!Te-Zs4VX|)FZO5dx^(_4V5Jz4t>B!Vx@6bT>P>s*Fi#2p13fSixA;F%0cH5H5b zw`c9%99LhE;A1-N>oiY*Y!PP=&)#u>^FV9e7G;%`*ed&!Adez3o*;7K_6jn0wBe~$ zox`%$wmOd(+@74xwMOdN3!EG=p23SpZ{Ab?$P;W7A-kptZ=5iyeu;_0rO5vTX^~yw z`fMlWXF`Tt%ImI4CEfPRnW+k9d>ZSm47QDvkvyqKrug%-JT4(pcdz@8`u$UaN@6Rd zIcsIlBQ9^IQ*ch#G&P#9kI~{JnkGg@Z{2=6S11UivJPn|6r^cr=6N2Mp}QU1?6|9| z)Lnl)-- zGk zTz3a$?Ya=A&6B3VrifLrKeBaWw0Ex=?<@N!vBQn6a)M**!d(56(P)`>(@z8>qj+@H zMJ|P0oh5{1I{gY~j==OiC9=@-a7V!)TG$d(=kL0N^%&`ap!Z}D%4PO>KaUj)s9q0C zARYsA%X!^Q#N%_yWz>eghAj$m4sSyv*~WA>s2|d#xi~h-&)(c|x_{C`u$%xAKAo_n zr0rnidtrB&J?wCMe7azqH8;G&J)P!I-UHGiTDwJM>M&W@9qi#I`NN&=3DLK6<7|J{ za8tl+IoRx(Rm0roDh>mUTBmn$<7vySipg?y3{bcez$y~;2sVmg(QveuDhv9}|P{ zGPzdPH>qkfGvGQyy3a--J>X(Q&w*$`QAuaNbu^krd#4nYyH&$5JQ-+W04VG%t*kih z>g}6uX}Fs#gn`r^SV#i296x=J>yS+T%Ssb+Vi2z*^NQ&#r!^_!h|T^Luei` zWStRP#h3s{%A-jx61eczT*GeYoi#eF&2Jj{`b^ssE_~f*a+&ZEA;J~n)0t8qHP9?rkY z97+xA@(l?#r$jAlx zX{Oc}%p**fD~5_I{WO5bwhZ;Aq47uiVnNy8)xm%uvVj@{FZ=^fB84gNQU;F*2p0&C zp`F!bF1!=s0~qOLpq(;IZx(+;Gf)h>K;~7>3y0499#F^Kao{D2yuEdh0$R-5b)yA( zC5)v7l$$3!JtAsQ=tS+xmeBG+oxjYeCEpie`z}u(a-KkROy8^z{Z2l-*;M{sTmQS2V`&gd+ICXxB^FaXgjG>SB}aNd(7ShTA0?*j4vFWPIeXhc_33@H40;~ zwpqCa=$l9Jm$xBjWeG7Bt7SLPYBq1 zy6czZqBZl(zq!>Dk%c4m3}B7glLVRJoTF_^18_NJ1My-{B(GOaM-!1&I+=aML@E7y zUUP29`fyZ%W>4btA#QY2tZ8(IE`Bnt*i}z>m$_)I+L3lv{}%5g_N|7Y!{&iK*Ddyy zG|qegX|v_@K|qi$R-)X*>0DeQnik;1{!(KSkZSE7`u&A8q0#Mq!6KWrw>!YvHae@b zd*HAM+?(eA=y`9E7uulmGibTaR^rf;dS9$0eaWD`v#(pkWxn#qG2}*R5aX9Drv_!3 zpQzBskB#VHPXVb$1 z!WmoLpOB8lXP@xdcTQBUr+&!zz;l8mAG{6;qRj!&^T7@?B0cK)HC&lnuKC7QwIH4V zeT#`%-O5FfBg~EWUFBqP6gi&@xM=fUbeYMDQ19he9-e`AF20|uLlz>bwMmqf$b3XL zO>k)VdU4{clc-EGSyF_IC6X4QJ)V)aiW2^WJ}5CH((*T1b0gzQjz&2VfyS;Q+FTH_ zN&kfreG5PBbk7@^Hw)a4oBKW{lH7RSq({FfjP2pnl4-ks*d~>f?A%nM?7f(_p77hi zT143AOnU7E{YZ8f+^@0$X-@_%NGlGB)-cF-X{#pcE!6+Akhnd08zy)ixX#ZGREJK8 zehsd8cm|$4DaHgBs}G-z^Fkc>>IZ7Bt~E)`U!a$jtX<N$kgM65*1^5>!NcW_G?l^$ATHzA$mS06VXH2|lP|e@t&!3MY52p|cWkCjY=b?K znSK>zV!{h{sQ5CMIu&o%$W;z}OEK84kgGg1sBe^pxmg`E41M>`yS;Hixtg97+uPfH z1Ze#2>uDPKlklf$$V(b>$p&rLg-Vm{$rb`NvSPkUYC2m$`rOQnNHYXgT%i^9)zt#?r=qUbA|ZaS71MAtI7l|977FKkk|NLK8U zd^4ezGR$OEqpCj>VuWI|6c*)ncUsyjnWkWwbGBZVkxiuWaCa`9gK8YJyRAX<^=>d( zfVVpvoVyb$%}?e}yB&h&SK(!EqYc8_{dUFN6Z}kVqDqUbn+-QW$tX=b!a|Wh`LMUKDl^tQIN56e%wF8PkQ6G;^C{3vUFu& zz?0~h6J+*go7wujAZW((dGV4KU(=(H@7Nr20oVz3Q84_mb}JkMcI=Ts61J5Jj{CF4 z%gnjs&QDsE;P4FG9rxZe_AQmzfWjK|blPs#qVHo**<|y{AKvG_UvbwX(W772gBUj* z{wnr$klmRpDA8tR1at_XWYJ3`eI!$B=GeVT2q66z#Fu35Fu;TaGB516vqb(_!r`{T zWl$7x=dePK&L|05{Dp_N^qZ7OeJN!GF=&y9)4rs5!q1fLoA)o0IwGdZvUR z_#0d4?@p{g4*<>qKotp54{-R;nkxUGFc66X^d}%8D17qIR<3{fB;Z@%!+_?lHD%qj zzgZyv;Q*iu0^yn;2U3CXAN-T(8kE5lPWj@d^LcyD-A90bM%#;jY0q%;iF%D?LL!5D zf14lj`ulx#t0pRWfvcRpJz#`HB7neCFkS@?y!_N$pi+_uXp>7l+~0K=#%-Pe+PtqH zA>79YTTRQ+@fp4;ufzVVqS4UT1mcealdOVwr%F2jRP)^8{G zw)%0E7QfV(|9J7O7EP(y3}do@hiiR`TD`rg)Vp`Adw|5g47FV97YHA#TL3)rQVg4kUTQlugO)@F3hkVUZ71^JSsJlnsMT9%~xYn!$++E~*az?Kb*T)#o`iH6H)%BcNr43WV~-mQJOZzNG2=YdpOgtL0g5 z-;GM;!YfPW@#Gk{n;bibkqzjn7chdDFUbz}w`&N4YVatyJtvmF`KKnphBI6ojeMfz zQhl;31duV=ohqPVYJ~bGYgL-WyfGPl`#5X`SXlw;Npy5H*-#2+Qij((_s0dYCm+8n zwB3TJ+XDT(w=IA;H21@g_qLk}D*f|SW<#zbf#@+RS}tNh|Fq@~z-Dm=K%4j3;ur+{ zu9a#6j{B-gc=16B$kT2!bb`i)qmgcqx}M2g;5?53a&h3UAFBf67SNh^#A-fUI{FiU z!s5>l7E5@V-3sndM?_*{d30gOAtQ8CQ6HYo6WKiP^OSi1Nt?0gZxJ8#on_ zC)%}lXj;{(muCKE0PY+O%)IWdND$@=&=H0FRRtS|G6*~nRl zAfUMAzaSvFS0h_`xM(}TV8pww;mfn)xL`r8z29=)=wlIJ&zy=^I&^?}gEd&vG@G&S z8EPS@-;G`oc|$tPiPGe^j(lM2d9|7(!9@aT{JqiOWi;m_8!%-dq3BPG6%6kK+=LfL zjsS2?euP4j$sFA9u|WAbN*c(FtX2rY54s36TF*7QR7fGi;%4EjQHk6FyF(j+#akDX z59*B-9F5#5Oo&I&&MYt&6piRpAQpye)CBNur1F49Y@nSp)@Hr?E~BZ!J8I3O<5Jqj z$;pWU0(oCp+W`Di&+J-SD&i7*qHR;77l2!Xd$pBZ+Oug}Q|B*ji#l@a*#|ke^fEe+ zHD2+M$d`(zjrmZlF;~e)e07D_nFa8no*=N-=6REuqhuv9X(s~nC-$0)G#iv_aEggR z{YgwrSQMh5%bfsBm7EGZpwWdIP@|7Eoyao<<7C+bi`xL$IC{hY6N9cVhB64S8m)0; zChF9k{RVxpeE`GB;Qsb%{D%?^L$5CuJtz5xYF z?<4plz~d-gW4UB-bAC{-5e~oW7mY+-AsT}1s=*=%bf$eD@I}F=kt4FeXaWc+cg(AR zbzlV=)?R)58E-iOB&wB?5tN+@;cN)}r|^8ENiU^he>Iv=j>~>w7RncM!x}|CocD9o zy(JUYmoZ0la63U;W7y)T)g2ao#z~U*D^&17cB zD=l8yH7kWJ!5xjA@YL~s$Q0INdQ3X*r5ph5j@lW;w+;gjcR4{fDyZq$gr%M(GBPq?;A zzRq^D(gY2QKsjO-22;Rw3=`!8u+OJl3cY-AL}wT4?DhsgAo6?R()m(dzkDv$&Gy}^ z)18TFG1Xz+gePe7!InC~Fg{rAjQ;2Guatmc;uvRVz@;>SMZZJEqVP9DCT&3COzUl9 za`Om;hL*RI>LY^}>jjv7yfLW(hS3z2d^(>R;1Z30Ahvq}EVVP^95FTLUT<%17)Ys3 zkU}_%zv}fyAI_37O3HUUa@W&eUo+0A-Jneenr^LlF60{>BW(23Y(|6M2RfO6twRBx z{Go(s`33|fqXe!c9G$au6$Y?(#@i?eajQ^_HuccSzvy{@g(CRDFE9m184INl1_f35 zD8Cd5b^OHNfv$FbO+HH%YRrbAvmF$v#Bmu_9yDG!YIFXSWMvhpQ%p`uA9>^mPx4_^ zz~{&(I{c{SDYzqO1{ds%4+F+C!=?u>cP{e-rJ7NsL2ZOV&Ph|NlXr`L&}jXQ-WWJ9 z2rW)HwA){e;M`fYCVBgJzbusGJ@bI#YpFfQ#z`GbtLx5bNu2W7M2e4cIR*bpHMBhz zcRCjoq#J`qj+})>AFNA70C0W6te+@@+>Um6IHE;LaaXOMnn|bzwI4qda8^VTr9k-r z5c#HDi0*uQ;}|u0v43tz$_Tv?qSWRr9plq0y0)$KHe((dUI8tLU4(au90fG-sPu zhQ&bH0p40$hYm8Di5V8b(R6bHd2@&F5(=o69Jiw!SC4dypc_j$r<8;9+A^nxpJ#$3 zxEIA4LvW*p0Fip%czc-+zEeNn*prxy2!{?h}AD*dO4AtQt2{tf{VkzfK-u zQ96Vvtwrgbkj-wA(}uM}G(^Dn#@nzM3tigXJunO_{CTHpp$AHZbFVI8Dglm&I|neg zRFAZ+HWFE+8Wz(imKM!{&t8~$kI7$WL4apI70Xge2mBOFa)N^?J&Np>S~y_c*-@>v z;0a~>EoynYN(0?2fwr#To&TXI3xu#5axiNoS~r2CaAU~0A*DnCm&nq>wG`g?eltfg zxXK>ZYOn*El&wE;nnTDx2sJ)pypCruD-9q|GMElltZAQW*pl}3kDeXxu^?EH#JtqN z43;tFPG<&^>93$qX|FJ+TR{5Yljmy`yBCaaVFC;}=AQ~-CYF_wRN<|L!s)U5a|Lf& z+rVm%gYs9AaczKkMN@a2^zU?!J~MsOQWY0zl&C9(AWFw0(iy5AwMQVrebGTj_ravt z0%(Ku_x`{D$vCr8qUvHy%;&AdmI%$%e6FXG4Ll}u<++~Ubq+?RLB0oS<_$mjt548y zJHH&3Ds-g=RJ|_zK^)?LzQsX8LZ%wlWVG3yMYxBEy9km!;0L|+926{s4^DGtYeg9@ z6v|;wVJqDVa>EWsCV^4Akq$IuCpm2mbq9=*Yh!e`qq_zRbu~l+2wHNsIq2Il(v9xe z=V4UvY0)6u(A8cofG%H*uU)&wqT%MO5=cp+N*Wl3?RIwbd+Gw*8Gz;tjUspZQ|WIt z2w}AcZ;hGbtB7~79}FxKtS^-YM=Q-Mf0@Rtr)_9@_<(Ok@s@-SlL$8CT1#+Ly#!C$ zUNQxAG1B`-MBFMAlXqtdpnNaY@y~tTNniWgyNa&gj}8@OVL2g)6>Gl6s>FkWlBqD0 z{4=40OAhpQA=nS`9MFEL(!ppMgpyh?wU$3CrXMvrMZ=x8R)I152#h#214WK$of5Cr zQO00zc0?coqiAVyHYr=cYjAM%wKD)w`G&OH0YNoF7$HF6GZX&ZG2^ggkU+LI$`9l>wNIUjyo%G1r$>fYw} zM0M-Y5bm`PZlNz$u7c4?ighf6R5{>84K8T{0|d567OPgtgAOh)4P?SS2^?lgFwk^R zwr07o9mp{uyhe9ogivvWX)=G~;P&pOf$FE1u1HRWq?b@6_(`xPL8SAyqFM=--!nu6 zO}MsUt;VZY9=l8>BuGoe<;IYAtBbkn!ZWxK9v*W%R0I+@YYVK=6=SH9x$3L=*bec} zAXD=tQZnLBp7klm1@}mSj@Nki3gmEeNQeD?xfJtH=*%*ZR4GMX);OB#l!RlF3Yc(W zfC??(*H*{dXgtI-MpZ;~Di|li8yt94(nR>WxZG%vu5$z`uE3hyo?|3~41+kAzpC&` zVTo=rJ2v6xBUfpQ96S&EtK`fMiLS8rizqdm92vRZA(N9@>g^9%shV~iugsqz?^fd7 z>dEX+t$!z#4C8RF>9!#i${;Qht6(*EX}v?8_NSW(Xc9R2Ywup-!QQ6n*JcZ+&4$m? z>zrsKxYvBzW*b;HC$f+8zSr)Vt7g?4ed*1OPZ>HNMQ!33)$~_3{y?)TDJm{KD9Ry0 z5vhhrW6WB50&eMVRZY+vl+h}&QGAK>-@3SOBVZQ!TDzXW|7JmfhLP495pUt+ z8n)^ESO0vY)*psL$bUr->0cTotRClTSQ!`2DgEC!{wzNH^%eRkF5KMSE%VP6{k^om z51C(EYC~fmQ*P9WMrw*yceQpkEUO4dyG=bMGB%iir&m zmo<;Kh6rCNzibI7^z>ZZ7ht!_mSeu@sD4I}kO#)J%n;W066^4EIF zYc;u3kqWwxW|zBxkdiqJv*c#-RXAPlZ}6dq4wx8HI1_?nDEj@S zl&I_y3(GBfv|g$G4Ciw@m$|>cu}aH#8YxcXqZE&f5y#jyJ-Ql7nPI(2Qj6u(_T;wN zEnNI?X0cQ*wcPAM=U_Gy@8cKLH@2R?QHq`FbhvD4N+bW@Pa_RzeQ?Yl(@}2@eS3)l zt{O!v!xJ3#e@fi&Zn4%T*VC`N+;izu8e-3~2lBgkT16`Ddtckz3&EG4Crz$tK73ce zrc*XYCFZHjU*jy)HtvgSc}xC7bqAT-**ZfGhs}uIbTOx{GYn7Ovrth9xWKt5hjUJn zA&Vo1*OPt6k4a9m_J#B7IMV;VL`{@YiSmYUgoUFi1hQG>;`c*J+#pZg=jI5i22$yJ8q!sCs3br3_ zNxFw)1R&cZ;`SFz7belj-T_!J~;V| zNE(}k|Du&m){62n9FM(q*Qo2|YB56dcU{Q5aCI0$v+vs<n}4AP#yjIxGHC7^U;{&s`rmq?fo^pY8!R+=Bp2aWGkJIjxp2nZM=Yk zUI|O1FxGr3r(j_ zP3!L!1q_@P%3`yfipHG>QrN~f3K&<|ZnS%GGFsFip&v~59I)oEDMSd#ZYBR=Z7n5X zR%S{iBXJqN<~m435|yPc@b<;gL;-4}U1;)G`?+U3?7ygs0iTy|p>u7O0<)zPPOIyW z+qZJgcWLB$sDwqJLm?i%p)Vj%)RVvCu}Eh0XAk3l`icj-97Z%OMfqP|gUpBQv2_^y8c&W|MzpD0Su)or=u-L|6d=5(hit)WN@3|%-_HF9}Zfd13%T^OEK`D*8JDU z|NpTpVFYkjAG5yrS9MhsV>mmRY^3Ft$DICFed`&417kbp)sB(&D7?L zXqVa-@`ar)vH$DG0fS?CyO*CTf2G?F-n#@Y);fwIVUp6Vc=Q-|rmrHDW70%EP)lGQ z)GX{$Gt9r6E!92fu3HCYq(KIL8iv_VFf-xM$TAYJ8pVo+#Ce{%T35IDcv#fJiF`V-{tuz=&7dd~ZmpF$kZyFzD)Hqk| z^WXA{83%xEm6|VSj{9T-)4s1hnoQv%+r>@+R{95Hg#_Zn~K36MC5(F zIU={cbq0MZ??3>%^Ru&yb%}D9b)LGSPG?GlgetH$I)-I+58u_3-nMn)9GAVP)ryXS zC2Ca~awLLAA!bX>VMIJO%FQF`6SfgFzsF%dQ9v-+%4uZI@<-t5O^EIMa4$Gl;TH5# zCSG-S+Nw}frZbdSqAmrWhM31G$r{|TqukM7>5@GkOKnQ@L+eMS`9k^FcnTg| z?Xf(vJkljE-dIxmP3DD(NJJ))noW;+CLTq1q-}MXQMq;)A3Loe)>JO+8!T>Q7)&ox z#Zp_iQbD)k`q;K4>%)^1rVg~R*_7!I8aRbJCEwS5lGT*ChZD;&J(&gqI$HTI$YQmc z7YVOvVCBKAY&|Xci#@EpaTJD6HAx)A_5G_c>!-Q!Ef9{Z#a)vj>$~}n^%k?E(EBCc zuc-7zR!)XDNm-Thg@;(<@DSeE8uCQ zBzI@Q#AkiydP)EQIMfsR=AB1>MR$*O7G#a!-m)j(T9wTH50wb-1uSn>xFZDI*gK?% zQ9Y&?sAlVD1xeD$PXtjGwaM_|RK6=@o^5+Q+{iC`IqJgFy+a5VCQksJUr*89&0Qj9 z43uu&X1G3YQ4JaIHXHzaBe6xp)q0VVl%135W zh@iBmGx$owZ}T zPPk%W3GwuE%}Ekoce(2Vp0{go-PU)yeWzEQ<@dsFD1(_IZiOuuhb!u_c`|9r8S6sm z?E`pBr(V-^=&M-Mbn`8SQ}Y_V`^W0? z=L4%b>^7XgqQl3UhZj)noLh;h5dPyupKtGA5<5NWo#OSbDx`;a&Z-1w0#1y~6kS?J z6|c`+PCbrmV~%&b*sdI+f~xevSyWXCI@jm~RZL_4Qn7v6K^L3D2kLNWN_))alcEPT z&n%gBgiIP-KDJR%ofhmTF=@t^KYvY^Q6jiAGh71^FwsOGfq&(59q|>_-{2B6P|PH~ z5s~io))5-!y{O)Xo zA)!h14E(N`lb-Lvn7D-HZ2?Fe_xdRQ2=Pic{L>UkfWlKzEdf3d0LSo${m{Ks;xhqT870l)57&w@<53xQ9Q0Zfj; zy;t#)8p=(?K5k=K&-bXp^*Bo9Ik^ip-d7$@$}W|>xa{YP(ER+|L-B+y&T!>To|WduKdB#>(rK+;U`jWvACRe5?{W< z&!B(2L#qXUWwDNHlVTzG>_1E9&yF|IEJBDV{O?pc%D~S!I{nbl7GNGS$wdOoYg
;j|wcEMYl;9U+9p{YCUc*U2`vn#Cv{sI3HFc(5xk z?3`;Y-52J9w;FbzQap4+YQIWW|L&@2o|#E{{^k2@WzB;qLc)tShCnOdIge4!O%}|5 zIL+EnnC23k?y#R6H+RRxP8-2JDTUJ3MJagw?1>Hn5<4EY#PuNs4>LzncQVp& zU;J3I{9~97pTwg6<#@dZP(*`4W0i%p)Nob&Wj&S5yfL6zT8af&oL;88dgFXYm+_(t zn6O~;h1}IPk=f@sF~geM0sKc3)!N<0eC{mn_=Gd=wxajm*fAdCav6C6g6q*wJDn@s zLgi-{%;K!X4B`zPNh?+G{!jS_fgZNRNC9?%Wcv5%<*VMU*+H0_JzpJiuA{2>bG;j2 zG~}b1WAgWI-@+ABgD6C;`Da*-Ppr$vJUGD`S!v#g-_e03n4J$S{jOvoo}q1y8n&Qk^k;>tC1i_aSNPh~7vPO7(I z2AstB90SG(k)*t@W7>n_D}TgFHqMUa*!NM`LKf9XpR?-E8@zhY9F@v-pAvP<@@Ka3 zFH%W=e2d@!l#%_eQM^R%24dKfG-};}lGvRzP_dKVow^#6Xj%bAgUF=v$-YZ^b(rlg z^WST?LTNy1^G%?AMdxAlD}|Sju*70RR_4e2Zs#A8mWrg2H9hOb zyEadM#LZLixWrzvy8j}3teFk-ny#s~RW;U?_chkF{4$exN*XUmJTDn1erA9F^x#w9 zM83TJ;t(Nc&gac1*RFo9?3?`w1J~DkDkV7|!>F%a%P6ikTYa?89Pa;uHGcPVe;&6y zR^&^1%Qd`cpufhn%gweq)SAu9>_4xF?@ksmaTaTO>g7R^g8yI&ce&Z3T&DXFMc+13rForD#xl*(2gF47Dn(ob*B zZ=nJEX^2&`J(JRBZjO9mffwm5oHTEoS_t=K@0 z(+K2vMjLbUAEn`X2u}WR|4<5N6%^yBPA}m7`y5HdI{UM{jlpDfo@%qAy`ANvxNpmX z!6*`(Mo146bibNy&ZpXPZCr z*zZ$F#ZkqHhTupC$!ShjS!f+2#_3#t+T$R8>3MtEpDS(=Lco@YT}Jq;akF0~{;mZQ z0~8B-yN4DGW{M90gc>fS5Mf&c8S_`8_ zm!E2Ox%;Ho6MvS>S+fzv#slFoPq7;q5{m5!C z__EE{1!WM>(27g?NsrQ$K$noT>~SqMtWjrpl84dX)!o7)pEsyhI4+R{RIq!^41b`P z&7sg@-gy^1Rn?-Ajr|a^Jmzo;AOkNA``?JaC;7AP@y`VG?@Y9H6Tu{A-!_MSGz~=u zz8MHZC6BOkbHs;uYysrN<#>bCD&>oymylYcN#=PzdPaX(!gH45t2g-fG4dJLn#UVM z`3&I`IZ`xuOj^tguPx^7kN4;7=4z~>pZ6zDZX5O|#$ooeBVQ|h)4@_Jb59n1 zpnsi$+b{X=kIO$^fl|SKdU=CQRDt*uPOZW)$+4ebboh{sF6lX#%3-&X)#;uhD1wtd zB!$C@3ZOR%O2x5;$f?)MsF^O8N8H{((mEQAuz;HnFv_U+B5v9P(P+9t-GbYzT?7bO z(KygG8a(6Pn9VC>1S#T<;ZVyaJPOQH%cYZ7ef|)m_Bs2l|2=%5i3(n|;nD9DivMc{ zfkdvf0?*3xT?S8CLBBrt%T;~2ZN{ZoQPhKmFHjrZr>u=$4_eDj9tC%#ypnns$0?jv zrw(SEc#b$cE?Co}06o%+ps=Gdd-6u(%0RNN-nRN1y8Ew~4shPyDuC;2Vg>(;BHnLy;ExhH9q>~{I?(vv z>OTK|U0Ue?1F4k^{hti!EK^ z3hdHj-+E)!dTd*IPYs3sS4-iIFbEW_IJP@fy(k{(U0y#!rhtos@Da|P?D+?Y#Jhj@ zg4W1z_7>o$*{vM^;VS;UfxHO;lx)A-uOsjGT;%uPK;ZKMkrTB{TH)eB8H~{+TOA&u zh)62wfB%zzTzPC1UxfBRjJ;A7Bb%peEWQYE(N<*|7LR@C_zkGd_f7xUEG76 zDA+(A0ze||Li%yPUk_gaA9lK=0idSN=V0GGDWz2`o6e=osNMV${`xe&slmzl-C+_b zqXrif#@^KJ&)0HkeB=cx^d}#>TY#a5*@2jeH6_|^^^ieiX!6O4{P4@Oi8t##;n7`a z+gGN<^ot&-d@jdP@l2W;_cw=vH6|NHK=k36M!E@LkDk*crx$I0H=fF#3XIM(kwxR# zW<4;66p*gC?x^$eNN>vw-k~Csu`DT|f9xgTxZzZAFWb0_$s>Ibnh_r%{{TfJ(%;Vp zj@Sq2MCb(qBZh-}V6e}4frLsjpN;S43;&dR4_7IF6s$*&cMJuKNT(LaTdp*|qDy3` zes*)cDa~!a>b+TEB{zI)^J%(J3;b$tp~lLfvy}Y!e8nlfc;Tkhyid5!Z99_cwQy%J zwtz6gz_vF}$g@}F{ut|*&rS9m=g!-BhKYv(W-8OVIHprj-mHaR!DU@}hBLk`v{gVT z*{ChS;p-F*P+bba<_<*wCO6Y3N3EIHWw%&qw;U-F+^5Y}58Z3FWM4nl4P&M*5$tQ7 z9)LQreV;VjZH34Aw12};(Ran{ch{#oQ~+pqjl5mk{T6QJ$zw>;FIkcC`{VBu`Zlw@ z%U~~Y2$yBIwZx4|>-MtTu7@M63St$6`AYhG%EiKYD zba%s0QbV`Y&@nW_*}V0=@5MQH=LQBAuoknQy`Sg*%P^R7t|xYWQQdx^O7bo1%My+6 z&xt9347QU#t@JXe>MhFeOr)xrj?3~-0q;bgmA?X-r}2qNH#;7}t$` z|Czq+&Q(L7|5wSQ!NfB2oe|B1T8Wt3SPEB;ow>sF4OLeSj}C++^!+hHaanJX5yj=4 zamVCxx!jTS78T82wYy$<>Mb=(QBr_-klz| z33!B>glBK(Z-0;U-uHZhpei-|jGa+abWagS6Fzp=;(Gy6u)7TaxdB6fb0&PU;P;>? z=^GrP8O5!~`9gwCP++0CaD5cL+CH39WiaXfBbq|@j=$QbFqzo9-D*yH>d7Niu=k&r znZCTl+|8DeC(kd)3!3ywEw%Op9rn2Q)gIq5YgdMl@_TkG|AlVI<$P&PYqVoZ;fPM1 zF59gyN`MaBE8N-2a9j0$9mZ4J?!nxcnszez%(Ab=Ik6Q97XfQ=*%S;)FGrH{nbS@1 zJmwz4Mh$10A+nLUX>_(OUQbIFKEL$mUP$#*ykLIIVQf6|YXy99AaiiYKCtX73`48{ zq9nc)aAJ6-BAMW|9C4vXh|70m`^gmF%=$)w0@y+c)_LV*GPCk{JWmo|Ft|Rr@fqSU zd$%X88{k<$zxCFChDq_46GWc_$LGd00KeGfv?%#pLPd3%$bV9%Th-}E-f_)_vXtjX zLVENVeAc69Un|^i#l=;R>xTwqKTtj2{NY0KrWpl` zCYRWKZSEZh&bf8-bmHUQF(tlT@auys4Hdg3uL=V06T@2vmS(5jM5UaK5D!1_l<@uS zey;b((93XE7~cU}0ouB4_)~gbkK3O}h#2XCuEC!9XNs2Wh9I7YgY!MmN;&K6QN{H? zPh$HYkGxnCKd8#$kn{bL9QsVc{csG;RnDb{5}w%V_CnI1LaNp?2HFF{|Vyh3`*htH{X@vf!X{ST~BU+u8$3Y4q7oGj6mJ`na{PH%LMlie6Z zzhy7es1h~m4X2LFANga02{h&c8V`*O0gvBRxO?*|_WL7&ZJ?t+G2_iL;!Hn8Zi8|! zIHwL1idBg!j7g?;)HIBUp8jKUVbh$E zC&9v>GwFd-Y}_~qN=HbA`;{L#=5P`J1^a?(5qutd<13h;@9U4V0)OWi2k(I>9l#O^0}GQ3f|y+6|yA%GSZr}h z1*TTD-p@bZC6z5E<_yHj4Q@u9xdRQml6v&&)KZs#Kd3r2{#z*iU}p~*M7s8HiKR)5oCm?MTSz29UTBv0K)g^#7FEWYQ=K>uc`nqAIxn zG*3Ict+H2Y%UQjaf43{fD>aS%u~MSol<4E{evyV_9Z*f%F01?KW)H?=kl{w9>DHas zXYcLL*FxtI+Mp|_3!6wpM}*b1y{7O_nb`NqX)Vs5eXczqXYi#dh_IX4jWHLOIz%V2 zgXLV0qQy4OL2Yc`{X2@x$h9du*d4+syK<;?$|*4zwokbg_=Hbjv*H zpylsISd!ybRTx>7i)Hm|=_+T~MNu~GJ?+J$Hc9$i&G>BTX;#^6>nL-s?5j!v4L~j5 z+BJ1&3$1<#Wvv^XmFEaZ4-y0jV z8yPOUIRlUMM(;j_SPf0S_580pm6g&qbJIMtgrbB(YO7!#KpqSw%-O;YqWC5ff1?yS zSgOr2CAL;us{K9@&m0hr74HVRgLO31IvTM%6I?!JybGGNo9TAk*%;g+$T~jqzYB0b zdz|$(`9wL(hU*{Aw31jbW+4~fkG0&-pRmSGw^zH^4EM}EfMLA$K&aX`(-AlJ z(HNWOo&*LybDB^cQnkQdiKsxr{<0wmT~j{v0=+ol6QAqtd;io&->4a2{l15-mkwkc zCO`iU-GLaLe~-5DxgOBC3zB9jv;@yd_9O4WE^R~C23)rI`9smoyj7NCjz@o1J-sSK zscu1;f?%n8FNmJzEtx8_Qmti$FnC1g+A(VB?o}6#mNobIEE#3Dbm-dZ4gPxYD1U;+ zc0nX?ckH6QVbbPEWCINjjye&}5EQy6j-R5U(B2xai;64@3FaL7QC2#10k$0LYWWO~ zk;1Dd`jh9EHM@V5psGjZz`K;w;5zJ}#~O;yk|F=~_l|#8pJ2_Pp0JzE@}~WP=pI*R zi}3vD zA+i_O3bTWoF=o^=a;@qmu>7_s`8egwz-91KGPc+Ksp5IavoPz~<^h$f^d^L|omqHN z6RGWqGY+?xND(K&*VbFCd&eCm$)Hj(%AW$;jx7AW`p}yV~kh zQb&IEmFQK!*I2<-`Y(9N{;7X}te5pfWpd@Op?9wno>Gd9EL>H)td3J-<>*{t21G=M zN2}QY{L?n8QGe=as=nx}pba8M)|Y^imd>!tXZAU>YEiWmS7_Eri_huY$?P5~N`&Do z2A1Wey-&Vgme2jNFF^Hb=|;u0ecfTh8yR`#T#mxgZI=@iRP_=GzRwituEpt46|6td z_3PneBsEM36P{v5t)9;a3Fkp45Bfonr0;e(sg}Ty$dWL7N?>I;>siGX0>5Mx z3qTExP+^hY^$L+_y`TK)PB_%d6pq*0S=gpZE&w)|E!e&LesS&pq<0#fL9Hwv1wt&Yti6rY&?H>rZg%6YN*mdu-`(aN8J7(bqu&ey6Z z7RFIm;Pw7^%|b`SZpIqRC&0&lu_E<|(&UKcUJDHu3DWy{%yvQ?@lg&86r0Fo2n5AU zI?Bhqs}brW4SU5KoAW6Kibp6ud|GEGuu!JKT!b&)-peWQCcym1QO$x%KJs0;am1>S z(HW~^h8G@vb)Q!6t$Z{^3}oUwiT#e1ghb%|&E1(tM_`IBzuTw0GrEmGV{x&1nvSVY z>(S}6bvjm7d)K9-5;l+~-ce_^@?L}Eo{?I0SjGn4qg8tOBY9okUDr!z>5XRZR%~7_ zxLFTMr?Dyk!mxNNI1`$He7E?U`IR_cBk*#UTQ`4ADE$GayUK6JDNA?JxwMFE%UR$wP`>V0qykMc<9*VqH(UAD)Po@O!KQJ9ND2O7LTsQthg_Ece}lX0Izu zOF7eKg@{M`jUV#O$MCM5-ci3n9=EB?IeyVEzYY>gR97q9U_k!TwV6efm zo^qih=Z2PHvn$<^$kqE=?2QCf51^ABQM|vRR-=V|*Py&n#8;@e86^lbf^A(bFAy-z zLpz_InryH5Ln|waZJf@`=6yW5FT%wPYLef9WQlUgbVS;_Obs>4q&}{LwDUE!vIR29 zyemBxrXB01xsEyn_j-qSp{k0S)N5vOFPPW@ns&-mo6f!mIg<84mB1D5{51aS! zb&}g%r2-bA?CzBJQ)AZ+C};z2RB3u!hX=3GKh9&y`4Y1>_j|eDtcfOkR{+p711+4R z%jE|X%(dT8y(Ax%DX#5Yj8lhsCoIz@YZa=W<8QD8&byE&Ok_=l`4IyW=Q78 ztP-szQNCKcY;NnK>|4gsjHW+EN^=l#LLyKvJasYZur$BRFO;@T}8(~|@EIR;tp z8i!2-SQxjZ!ii~xN3Uh@dP5=K`W~~HE|@HKKMwqEWwjqafG2w*;gGO>Eww_{sZMIuc37dI{JbRO|bhw4`r*YJZsjft8ct>jA6HIBRrzi}t4~)l2%$hk{%m8Ld^1SseerCCZ zKK8CIaGL(uF~+z^v4JlnJNW^R#r13GTc!Zd%Zsl~H6pD);D(=zxolj>vn8K1wH1ID zBNuN3H0ipip?n)fxuKpKrUKpUb6asf9r?(d(DgI#vQNkbXpoZe#$juQtMB+PCH#Rn z!78MX$MH!JGV&&;71w$ibuDQ$@Fg#J0eNl_qLWVQ2|8{Bdy6<4v+fm zh;xe*W~MG%#BvMduE}LTL;M9yAajCG8NUxEF;RjB6OtT^rR0PV-+TN-#Ssj;_J(7k zHUjp_f=s13j9|~RJz%IOPYFt(hW@O;j|ZJ9w}|>xWIg9@x2Qi7S|yzWzJ0$MldpQzqf+uXuU%#Dnp%=iLr|6t|6z6yK(i~sTeZ%{3xbJzu1PaYP6Mz8;mSaLMwrEym$Qj zL9fVp(u@T|Sl|9D8Y7^0z}eqHcuIqQ>bgzc`cwR52H_=t^hl}w!d*O}m&Wdddu0$o zD&&RAG&0Z7_p+?)vlYwzw2sqjw|OoDpH)4Bkl5Pe)~h{pYXeaD=V$4f`Svw_XwqgQ z`covWM5mzM68$rh*HTShY(7$C%at6!!*G@-B^O+*)3&un$yz=?aL~h> zZ&=Z7%lja_ML3!{-CEayZR>pW2g!nx4^A~I1?GCqfKiW}41(OM|5;7p^G<05b?C6J z?P7BwKzLhbCtIipaCvTzwNw%OV9{xXWXwq=BtyAVUE1SzWbj+}P6UjvU){m=^%0{o z5B&1v&*Mt>9oh7!B&aJ`SG|Z`Xl!=v9Ir<~T9dn~4gG19ys~~y*%TqjYGd90cwE&} zC1%Xh%)sk0`~RW!engMeL;DM!pj7$-pKv?<86-^NpX%3{GIBw*v$?S5OSo6XJW(eP zwX?dFgpN)lj{Ixahk2J#m%~XU+`y0DWdMwm#aqOz9xo8zfTJOzePiwtzudG7Nf9Q2 zLDW(ugOk`=Io6JVC&}F-b?u6wkglt3n|!()9%`qVQmV2mm7FVnzaQG)ALS*adk8~Z z=jgAP+UfqX8HtQ>SrhX~yFgjstx#!jA9@{FAM8eoMDiUFFYL_Fd$m zSqZ8RXK%)sNQT}J;l7R& zF;3{iJn=NqB4h%m1zG)^KtuI70oL8Gv;$@ZV2n#`z+}DJ-iC64OKHt1a_fn{bM` zt_zqc#e;yfiF1#4!L<2IS~W3GPq!>P>TQ~E<|KpiCAi4TZ=BtWr@tSeVfegoEfD_1 zWw-RfYPuvI=?xy7JymaJ8qIU}`M=Ke$9U!91}o94u8?Q9xoS52s9sd9#{|Gwe@sH# zegKxHkf}6bvn=V;E?&w7HD92X56}a&rO2Q6B7n<>7qYBVrjWryb5AF%;YNPTbU}v9 z_MNLeEO32)U%6f__@T*dKU%?3CE9Yzsvp2s_o3lK7ZI+j!06)dx-CoZ(7jN?DcXF#}e z0q;}thFN$3a;Oyn|9ML@kh*VXy81=_Hf$&YQyiq#+X7|-%FVoke+zyC)K2rp1B&s!r0Z#81s{n$5T9eDG zRH~K5k&OrC5Rb#!^(TpE64slB4DZ(YT+3a1m|-8n01w&!{)hkh@;301_xl?(5bR|E z29ORT*{hgFTyWFg`~O-R*FODV%H=%!d67yH4LBID*^o3+De3=Ot^RgV?eN!wCgYc5 z%=`74$%+}bR2y=Hg!R`ahxWU@*oFFA(jMn~g}&-GTA6mq03RWd!cjs6cn#Q?$YThZ z(~^P_mY%62y7&eo0`4mnF*QxKV+s3ORgMkeq+BzDqXX-G-PYa_R-7kDa2pk)M-2FDUz8{>2`rrXGco{ zh@e*l0Y+?z-3aqvZ~MPE)L7Jm#Wn^&LhER;JOq769oty(_eOc#-6jqwpMhiGhq=3- zc5tcGz6i2|)RH_8ufZI%i;>t*HgKJKa|f1<*(>xjV= z@9lOUUeC+uL8z09XiT<5qWkeW7S|0KuUCjr-xhkzyU^L|AOGMB@nJig-!Sl{-W78m zbFKnjUdJ0)X&GJT^2wZbS8K9%?e3s3pFvqVkP4M9p=LK4jPrI*IORyyB~92@flSEj zQWf+Oka75dfy=c=w%)Gxf1A}mIOt1C|9aVwRDh3L6l6>*BuE?*e})~cXc=efhVEv& zoCu7Ma(gol%^X{Mv%)4jMu$uZEhe{8%m7v-8cD{xUE9K>_PZJY)g)bv zz&Y}4Z0CO0d@a=L;)rlDK?X?XxV8Dik^;^eiecqVB`oLz#3n-y}DU#r^t2ek3u=5dJRUiu*S;If%tlFW0W|is`3xZ6S7U#L5t<7LRWv z1nU&N*~vFkrlb$WmazS$!%u00KtG?0gE7fztDz@DL2XFS0^dJ`I?^5mT}m2Fra`8m z9v>|_-^j5^hesO#K)EOK_w9i$pE;I(vyrgx0Vxr`XZ&X1?c2H9c#Ak%b7rZzt$I$wt-OKNsAwqR_i#iwimbs1@o7wE)Oz9_^-D4?lS)HQ+m^g0) z8|x1|fnmFLvQSC#5AM7luU!eh**KN(g2tN*l5qCkF?1k)yw0`8Ae?T2 zTM=UnZB{Bhf{6)#e9;q*KEI$XT&kQa%v;YUCbgs$8iddUbQy2b0tu z5vHGh^#T8}7y`zWy0O?)=Xkw9T{!(K#u@%cO`BxiIN_s%k!HPn&`6W_g%6RCXBxpK z=@f2-!{VH3<^3Pl*-D!zK;hW`4$3o#ii-+Oq^IGunvS`N%9P7zUd&OxV)G=;AGy@j zE*klH6?O*a7pWV(RBhCGy0ci!}mx7 z+<9%F?*}rd@;3!N=Hz!KioX+Bt+M?xML?AsWH|-Z0gWDuE?>p?z|Fo=7qcDOBHh z%ij4UFmaezE(s#|_cnpVaUZVATW%M1wmqc|O(>%PP}ONKgJF-u1Kk>$Ug&lO{>Jw4 z#7U~BK^17?*&-6q&B&G;bo~8q+Ed2}XMed)eXTo!R^4troROf@;GzC@qCYl>3^%tV%=c<77fAb()_0^4 z^rCk=9G7t*F540*WZPi8`0z@3|NF_@RA*2zH)yPKicK=~w72VHNz0VwUDB(d6m!6rR+=Y27`Wstrgi$4||Ahj<+iPFy-}GdYcmc(nAT zGg9H&9%lF8H%q`|}3Gs4>W>bbl7=bQ)%I^K{ zbm^3XHkaLafbn@+!+ZI9`|$>C77yfJLz=1@Xyh9hNQ7)F{`@OAl9XyJyDz$1CJtKu zGCOSmPWL&D$DulEMhZ&rJUX&pX@q$8pvVQNBmJ;Kv(bzg4B0o_UV`NOo|7s*Rk#4z z690zPNVXI(|4^V5%Y#cO-b;nzsS-X_0P0uSO4~dm=GZKt&eRkv(K65zHu>$3fH24P z7$dF=8fAC#iVoQNp5bu;;X0~$&5kZ#WX_9tUs8%mcr!WvEx2B2j5>Py7SJDI5V7R| z-lfk`=`WXa!7RfE($vi28oe}LBO{dYF}!kW{x{$3i*C~zPCo&xPW1{gP}4b^g?j#m z)fgJxakr61j6cL3qLP(Bu2=oUiNbZEzOkh&AxJ=jV%XPG$mqaUtKJh?c8X5Rjk)80OQK#$!S`As8XFsfR3!1H+0g|7juk0OauLn{0)#OK4%i8-|6}?1$6-zb zz5T)lhuV5LLr{gHSru}gjn~#WFv^~fA(8SP$c_YWa8Z1otESggxKk-|CZeu}#MyI^ z*m{?hd@@YdP}3~#q`$n8->I%)p&$I+ElMSF1ik`byvxkWXTj!1sOYTdc43rH#EO|UpT#_$S^wPI-8#5{pR)JwB!lY?utKg+te%R<8@)kA)hLcv^MR#7?2i9GQz; zuc0vROzsO3Kx{Ll#7txm6IJo8z^)D%Y6S5f+MKgHKSNKZz(gNRU+l2B5U*;Cm<40RJd%TRh)1s``m1E>qI6v7vmwuL5 zn8CoI%DE;v!!vWKIaK< z4J0XQSBRDSJv~>PpwS+;S*jPsB0>KCo|9vt{+r6T-6QE@D{I${wj0Z+W#&n`wgULkk@HkgbJ-gxEQ*+j6lv*4}_e@c{e`ZHVaddoNGwuzD3wcKRLKb5(+tpz7V{0?idTrWaJw7hiU7 zuTBY1oZGH+z02CUIT(9~H8he|7q0?5pr1n;S&R?bg}HC*w^Y>zOl>Y8@(&Qhr7$pq zBS+IX{~0O$uMyQx1(l+laz)h#wHYVUK*LK-S;)d_x{#K)$~0QS!T7_)Ba&S0C?UQG zL>Ue|VGRwJ>=VEg<%%qkj#s$}Gu>+BR|u9Bbi>tb=HO>z?}8KcP499R2=^w`te#@N zP6$tCv%*rD)YWK_vSVpyIVl6YG8#%gbz&Ab9{&eOYP4z=8MxG0uR z7c)%Q=2Aef#;Ae73u|)#Qkro5t26n9d_X8sc0F{B81l75(W`1vx)VLKfhJ2=rnWuGM)hULLzyQyTGJa zvK7oG24L(yoqaNV58gbxrW9W{WhyN`b&h0}us0?98IfOwn1dK9MpRt;xh62_E5#O| zy>&2_h~*f-mm_dlW)0ZCW`mGOpP3~&cE$1N$=8IM0Gs<7nr_Cd7iSndv}Y!glwA~$ zu7bD~#_IdResRy|?>3obe3-ES!XC6AJbdjF*sxS@_;z0bWBQ+q*drIJ`WFph`sje% zM!V*V&sLHgG~SY3JPusw24c$q*r9t2RDSUBX8u_r{*CW&NerqG{=Z$T0uN~0f4Nrm z7BkmQk!PywokQ>3rWT&lpMLm&p#HU)r_b8GJ83srjC2p0Wo)10&N;yiQ~!~UUC#Us zk$POz>LOI%fu6l!-rhOM*iOvr5{X0-4$!)@vd{hk^; zrk2fUupb^Qo~#9>c%Nf1>|RH(8M=Jm4d%yKZ**`@#2C+3+$Kk*YQtO_&Z3L!9RTdC zpt+&hM*Wy~lILs(c6u%2Hq~TQ8ojmFi)t%LL|FjBGPlv!PT9qz>o3W?3E3|`Ohi>k z<1zZ?&`uKwJZK$$zq*lWf9ABfL|mTPg;WKHSG2a~EuULmJHEE|9=A0cPhG_SQl+?g zo|O2bcIe#p;dB#lKs8^4X8MnQP z86(WBolib9y+EDZ(Ow#vwBgEVEhV&ZeU)Yrm)&f-@4%t2l&G1O-B?n_ua#+f@x|=K z7aJ?vD?F15V2?;^7W+r30N}sZo)c$vnm6g1e1i6|vJV8@8S03g=*-&rw5t)Iz0!oOW4?RV(k?AvH6B>(;9oT2N~ z+v`bTlQW(YFrSV$JkV{Jh^X6cI(Czx{w#RrRg~U1hb>GjvcTD4y(bA6w%mURyPSLj z;ukLIND2WCn#p2BcFAJBs#x&z9rdYt$%Y4ePN!s;Y>W|g zx@DAaWrNFl@Y(LXc%FPF^~0@NB`Fi5|HGdiz!B2Ud6z!G^Q~wU7h>nB$DTHAq#$|83hgn)j z&E(VH1ITvFoC^t0$#mPhCBW-an!*_iv*G^)JFL2qsWCmhu-Xd9nlFzx0Cb_!Wst@@aukTEPy9?W zJ-DMn+Y;}v88uO9J4{b4&>I6VM9|nCENbb*vr5+~%yd|ZJWG&=li_S^kmJS3TRUae zYb$h8fpW#ARv+WKka=!9=nqhsV2}5pF&>Tlo1_qn48LaqxTY8QZI(a^Cz9c3>I=^R zPaa=nnt<2kpB>w4+SD&uVmpUeW|I1ce5@X8JQfp>z*meqLrpn}?wKbQCeGP$;EO}R zYLVm|_D=E#qhZ%Kgv)NpV5NG+I(C2^}3TV0?TronU+sTlSMoNPsg{);IsBcmdbxTZ~(LU^mnA zgM&p7VMbR}dILM{{npSz!>GrWAPq2GG6VMQq+#hk8wsyzfzu&&t;t^YsJ70G#U_*c zCBclngs=1-;V^_vb^i{fBQrqlKrP9q!8G|#AE^9 zj*`0f@?T4T#SEqVBbQol?>jiM1sp*BbvUJMN5x`iJU?mEu5}}ne>W~Fr-vjWS7L{a zjG;Jsb7x?vlHFn9jZ7+6%X`J-amV zsctvy3~;Z)&$TGH=gCaHVJQIgNnjE%ukmhH;}i9E0!5cJ4^#*9B3P!{d@QX9KH<=0 z_AC>xQQ}94!;0cF=Fh8i0P6b%$RKe1(7{UdFI(of;P!sQKx)Zx!d&NLv6I3|9;ulI z@8W86*awbTUO-(^6p=F;-Jue!+YPjjh^BDc6zr;ew8Kf}Hp`=(yRIqDm54#P)`@}~ zT4ELc0Lk_5OyuV@6j`OWU5zI5>h4|tUBs~gope_yw>Wypyx?y<_qMF*J+b?|=+tG^Y5t@a3vSgpjn+De z5WAyKVxdMmKb*)vSZtuO(dL|9$FZ5O+rpY&&$Q733a75@DxbFMvD(JiWdlb4CTTU- zH}g+!5Q(M{ySq*^MvT%yE8Q<#>Y6ea9;y^L#Z&%zKJUmK2}HwnRvE)BH)lC%6S$6e zs^PuLY1iFz-`dg$W{mW`-jVj!@4Um@F$mgxWskG|+M&r6P60&0PbkIQNBiHMy=mv! zo~TM)P>C}^cXeTPP$K;6bYbfU5@JN(ohr&ZwOjaAtJCJAyS3`9lj(KVXCZH)F3yg` zH(`CoYAVm;dIq$Wy&@&4bGTHvsXP1G_r~T+elRJ&8aPt~F%1dp*HWDmo92 z>yeq)+KiH}nf;R+$J`&75De6O*VJ=Eu<~bl${fW^Q9BmB`d?+_XCz{MuBEvyVR@e9 zc1SbjCb z-|3R9YRT*i8I3CIk^|Xv3lV=*B`ozN6!XpTi-q126~X9(Bz;>x*psc#_Kg>-0uqzA zPm#3Cq?p&6F*1kMl2_XdPA#3fK`I&mi}M}B{WrP1JsiL3kT}2IRA;RTYx)jIEuL~y z*Y@^hy$JPb@$5ghNp;Cw^&}VgRkpRHQmjSITk__o*Iq9-e7ASJ8ttMEn3te4W7%ge zPG?8l*YOjVHIYx7wkYDtT*AyKb+GL51N~S-D%>wdg%M_#ZO@$QZb~ByknI8W@}ZsA z#>fRt1gAOAn+*Mf#p2U8k5jWadHoC64WYt}Ap1)F#2v;~NykA`pDk&9gy7lD&<;5q zOv>{u(Z4WhvFhc>6&ry(*#a=veR~MHC}%gpQHpLSLeQsPQLc}|*Rz&xA03&s4gvXa zD+3gdj#s0EeUj`VGZWS9Y7!!W1{?o#Sn2$UH&1=ohcCZ=>G1e2y(IgV%waJOJ!U8T z+qF}bqaI~@{r&9$$VR&^97jQki)k%bWQyrCK^MIoP9mj-*web!mZxlad zPN$korF^b5nYASPQ&%UlQmB!ea&|DU|AT-b>x%n}56AxX-<0dIr8Y&Dow2GUo%>^M zi^=-XuZ-%-t!<9fVgng~X7(BG9?QJzL0piW`T*KQ9y;VPIxlD{>Hr2Ou0QW88($lS zDYwcybVRKI?JwxJ_Ze-ME!7q`weqCo6uQNR-)$rF(d zJOP#1IUEibo2XW7I;-j8&N#oZ!o9IYAGsRgFYu)Cny&=^e`q<%*{3L@)M3WC*X4LhO>{Cah^6v5_{v-{xr?$aeeEv?%0jmHHUJEY$%mM5Pa{zv^yYyy8nWo0r&ez(+@;X&x#a8`03t;n;S+1M*l_?0A z=0ZqOk0`KN3Bq}=6_WE_9^bEY=(E|JNX(Y|lmcc3v09tO z--J5!+O5rJhtqOP>cZnUXCxn}WfNXs;)Fv8PJxNi|GoU>Z<|(uZE}?KCf6kOiQKq7 zUMCp<6NrCPC%Hnx2_*D+X0abdy<|u<&UA*4>o$3X5b@W#+MraJCwc1fy?f&2+STS3 zmWRD@%9J^vjE-r!cX(rz)E$bi9?7sZ<(d6B~dkMu+~Nks&8qnkjbg8 zKD$$2BS^wsGL6r16)#CXvr@An>~k+3$&mGm(hRboobMwJG*MM>fU|Q;G+Ur40?G&c ztQ-k7O#q~K)F_{F(uxN1umnL05KlR@x7RmhJ#IxN+ag5L)1d2s} z_fCEOqnh=>nTlTSn@!>$xe(rZ{EyRL?5zVxzW-b)P%dq3r?pLQL~tgVGHGED2-#eE zviI1QLQqh10QTpB6?$rIKfE_vGx3$>Pp#ZV1|WOFqju+>2zXl(>}|o#I8};8EB2yT zrL1-Di`~H9Os#5>Y8j=fs&1Vv@@s9eF{dT$BxJ;{)>96tUQm88Kj#7;*c{~woxk`| zSiW_`l0OnAhf+AKD1*XYO(`v0kKWuYGePL=ssdjbErwNEgDJzuK32nM(*^*4hoF>qU(2u#NHE)iEdISK zRH^Q7w(8>&T#W*^aRS@@Po&#*2FFf%D>xwh33;zxpBw)Um<&Rje@LprTxq#bgs8 zptehaS-0`kPRZGk@kVb137nE%t)AWRF)(3_pdP)z_D6jzY)VnN=z9jQbt?Lk-r#+c zsJBoyw)@$d-H#{mOTm|y9>}0AgpUtsBlevneT%Tw!MiK?;GNc&0=?V-q|%wxAncm- z{+qDBd~&5bW=DNTj>snzA5`rp-M`T&U(uHAh*w3Cw|~dUoJ2VXbPm+gu;-O#_o5z` z7veJKj%*+g_4c^^@z=%F;By_V_<*UMa~o}wp2}Rf>h?u^!mi{%F(b}?B$(|Bzd5-N zPpThzHo9qv8Q3H=*!aaO`v{41;0TRyZOj}}J0KRiH7Kgg+s~GmHnMzKDn~X=@G0q? zq@}g9pTSc@c5r0cHT(5@)1jYarem3RhxwgVqf)-{^heJiM6$10-cuzUVK|sikEA=U ziuv_0p43H3hKm>5@8}ZlHkgrV4j7G-i5Z5DgA(c+B((u8Q{^YqA-xs%1ugOXiohUZ z)-i+59=kTqCQqwUZk(T1{o%BH0G=1@I=ZvC2GEfy$(urw@^ zt$8%KD~Yv5x4R>pV{?NOC98_!4J*mGlK?!@x-}vNhU;f70jPPS-l1Wab+&g|%Nhl_ zCACW2%|Yb`NS&*#)n%Ty=3cApa}M`qH#1Wmd;ngtq#pNGp~GURQ;XD2;ae@)htd5d zGkBF^1JehslAl-G6X&bhVDJhnhUm3u^cn8dUw@b96rE0^Pj%*7&oRd9dxGSM!^P#d zHN|N_*2bM-mh$;BalKxX#^iPw?r8bP`&e>^%_W)py=4f2bMX_>ugzaAEKWSVH5<({ zGVJ|1KbEY=<$t2%w3-@g!%jb_TiTfOKHt;?NG2EkPw%ZJ=V?zjhY}Cq*zXsb0##t2DGozfjdw+Xt|6DG(6v2?vK}AS)&I zYs(0y^~^`_=f1E~ZQ6%MH;+2IWxe|k?N10Jvuq2D3zc*K0)>Fe&F&8AKJ9*w$r#M? z&w?;t#{${}cevNtwvsN*NsG&F;x!XxTdo9?!od z`Wu@k@?>r=k85y;ADBrXwp4019h7&NbqzSXs3%B=Of1oxMyY;)DAEUYlCsvrc!zVGA zhz)pnhQ9I=xpRG&a{Hu90h{_VH*q`_xRuvwW)$ zJY4?|dtdz()w{ke4N?OLDBXxOh;*xflz_s}Al=>FAl(82Qqn2ijevl3cXxNa4=4Sc zbJq7Sc-NXA##!58=9y>jec#u8#T`KaBupD!t-@J)_YA?J#FvVzVmeW5YzGDh*?{q` z6&0{A82#cIG@k2?aQGpp0zo;g=FVL1oD`jzG>Pu~u1m-3S8jWfYMC{c!vj|WkDBfs z*%9Na#ykg16q&})Yr#H!p@biurFQu_<+;w=(BJ0tWUXz5k7+DJT`**+dc%glpquc& z_nmIQTqo~e(g^J)z8LolSDoqgM%9;+0Ru=)d=P*aA1>&s+0?g`JQgAgEo`H1r8%Vu zsL}V?#@Tj|wzO*KJw0DvfU5LL7R^=iSb?$OdFtuc;l^Pb$d%sgRxAnmY-T`~c|zH$ zo=}s3e2p>s=`~|QB2`b(e$tmm!j`r3iG06aX{Y0#7C9w#5>=U75!>w!DqKc+h-oHS z)d2(-Oe4u;artKAImQ1e{~t{Wn>}V=`GR52*C6SAYR5G6#O3c z8oocDRA7Asa~MP=if6nH)deSCtvy%R07Qp5|BZuItP4P7eBVPGNKh7^ErzKqtVhcV z3@%v!1H~+01;HZ#zk!HOu)+0(4kW150q9ADjLPGn1t|(RmFbyPNJbzEx-z}+utA2H zCA~CC*O=vJDv4?Q)>tAZ2z@7;!1gA1^kR|C^}_P@x5LJ7@?;FVw(w2Y%cD(evd;sl zf|?+UZY`0dm7@p5zLw*K(n@{#c0659*Q_}XVwVBbA#nBd9!ywY^T8Z1PuA&XFV7wR zS|^$1+3v6{`G#>AvSSxB@CLcZvT3l?#`9wMaJGoeea5i+D^n~7{aygOmm#*6y6XF& z67JFb7NaP7PMG8M4f)-xOsPq0c?IPt+K}UVTf_0UmuhMhfRvB6u7cR#2(-HL)rPFy zDclY9i4?gj{mEi^;{}v-@>x+Gy^6Vh#RMCNS26*wdfa**-9A35+p;sQ7mj8c?S-8$ z<##zBPX9h^6=PU{mQSBwY;WQ4ds8Fi+S~Pr)zxAT?UNgRbzJ0iG>&NYHDXwm*}PnX z#6eA_Gk57oj=Y8}Ja-2vk7>+ng|U)Ng{Jg-QK<3A3OYK1d!)n8g__2@r>bT8QuH;) zD;0hpYmDt$GDmuYmUFK~jJvb0CVhc$kv<+Zh+1?irdAfTzV!RK0u`v1yb)yDuujxQ zA`(}hh&YswlB8}AaAun*--bqS<_TH}67V>BhCJh(Jgjz@lhMfr#@SQYgl5bUyh$-1 z_Sg&3-WE=UjYkkBMTE2&q$AwX>F;I>iw2l@bX8}|e!Mdej(?8363S`fYBFmzlRG=+ zXqi1Ib@?&n+ukOP7A%%x)k8^%179Ll@V>MR&!Ci4&GJg4RB~NXt(xC4qa#WFxu%TU zd|eieKc~$M)j9IM8|DLqUg|vU!3^vdj^6Ri+xZx>a9(GG20`Yy889Ys_)X?e)2U zMIY?Cw~kS$W}SxUDeq1_mE@E0(ZV1JpPS?qAN&0|@@U%7bLc_R%ZX1*NNFP(DDin) z=;-jS7L?Vq7Iwa39xRP6r<=5~J@I3~-OfK)tymWy)35ZayEx8hf3eZuzWueZecQcR zhji&24yV~gGUOizGc<+3N9d=^FtOUA0}4@cTFCCjrsTbTUkuL*U4l3K&Fh8sgx;la zR^hcf70eqdYFV33|~KVdOEI2e{WTs>&F>oN*)CDo4wP?sck;UQi^_Qn$6`LW2iyoH^=X1kjeI-2p z&y!yPw}NzQOtkds34D>e!|1xzlg~RoR4uUL z2R2hc{Ap$ur1a?)S7aCuTK>t4WqkZkW#{^S#>0uX_ zuiuL;gK_=3s|jKN5CyrssnMmsY2tIn8l5_YMWg*yQ(~IjsI+r*Le0b=d?;l~EUG{g z8a>?eNM}ln{lqcgV~*X8w)N>jDZ7ecD?bdAnJc=C&R7x27~ddX_I5MD!1Wx`d>>#O zM&Ra;(@7pY3N{WQ-{03WA+f(U*BK%ZtUlb7O#N~rf<2yjxIUJYC3t-1j^UjpI5W5q z8vYxx>e@{Fs9hxc3p}sg-RI^bE-LcsJ5Hw>H;*JP{q5}uQCAOE7QLjxrY=}u4ow}H zmZIR=J~T zz`rp1dZu1`HkdhYB94^Ok<7<1_>nel>wY4KN%_P>pf)4XG9O+t8;n4FpU-A~&sJyr zqrqna(UA^-UT%8_$y(f^s3|)WZN^(FL4ibK9b`qb8^{buxuw4j8o>;juEj9lB&SF^ zF%*1|owZ|mLge!8`KMtu->rc{=+ui@Z*FGN7_{|YI_{iv0Cm~NeGhJ#@SFl}W=Kb<5^4&Kf>m=2w+U6}Ht!Fysk5M^QQ9wB zjZFPs4xeXB#jG)^`axg6#~!7r(di3N73M2gQn1hHW3tf|SK|$Ek9osZazp<8NUIsCXlI9S2Pz zO8naDrg-@W{nJ;^M7Tu^hn8WGTe)ud2-7ALInRN~-i_#^Vz_|LMASR;`|Le*bV8(h znZ490miX)hp-ncu)lnrl8k$sn3{zepF0z1MASJxdP-$-UGlyk;T{&U3OPfWZs_Jr1 z_;fO_{b~Z@sd@hsa&V2+#6Q3Hn~v>6fE|G79D6`f<=(?{BVon_zYJ<4r`NjWKiqGx zBqdI(GQI~|#-nuSd!JtmH$UoEkZ58wJ3A{cI z*{?*;H)jh5&+yuzrpyvio=T+TZ$*ECW~nml^LS_k>Cz(CmZ$5Y3S4VtF^qe(n}kIn z|v=A#EO*w0l3 zw6NH-*JQt9FMRIbJso>n5Yd@;*eMK-Ln7x@1=Q~(PI(r{?r{>8=A>*pJ-j-d`VqZ`BN zcWx|pQNO<4rGZpM^|u&=L@W2crIdC&nN1*bJ%VqnKy6Qg-R{V7@@5mU#$i1y3|}op zm@QZr3Grl;Zo0}0Lq7jd=j~5#ryo8<4!oWS5n_OvF-jjF?{Rn8#b_KjkcNrhpGx^W z0}T6)`dW(ZNXCmbVoAW+4m4+z?ig0W?lL8|hp^oCE0*8X&fQB@UztIR!?k}Uum-U@ z1HX7#wU9cv>vJc8Ym=^B6%@&5@yr@AU}V}0M$33{rry#nTO$%ibLHA4hZHZo&%cD^ zSc|HL0nVCAX+a~i%JE|(!A~KaISQhHIAz{P^ShBl*5ib<^B`|k5-!#Yvsz=$bPgKF zkVv}nwFz^gRP>pg8Q(<`>M^BPb|{#oWfyi${!=UZKx6Wv^=_`%R$ARjV6QX_!r?4x z55o~-KDd5&wBmigJysNlx<0UZ3&J0_Y(c*klj?CpE=~f34w1m>{oPQe#OivgdmL-V zTk#gynw6D9otCv{RP6C^5VB67aKvuA&z4EyBNx1Zl=mGjb;N&R{p6q1oIG9CLrdyG z1!#@&1}TU8vibjD8rU@+;!s84Yd8vzn_YF0{se$iEI@I=vdY1UU~yLqsFoR~edV#E zc;D}Gz7qw~JU4Zo+MMsrM&oO`%GrY|`)Ivq3oD#;55vQT<-LlBt7V%p`S}fI2*@>pK=R`GCi3k}p7b>&-eI{D{UJm0$qV_H?M80Wk0SMV zeCbj)9>#IhlCg1832fUsbHKW~&8UmiO)=ZttviK1zJ9dGr?OI`RyXa*bLjK0#za@9 zoaRt^;M*7J?H4?ue^i$EE#c;_t8%^dc%j`&hstc~B#KY3+4sF;oL_yz^^A*@zr!VY z-+Yp+<#^@a7LZwReq=N^tFuJ)pnsUr+;Uyu+BQSCFHSw^=eh25+(4%F=vE5Vym}1< zXcXn6-Mdd%_bXi}{6BS#*Hc_OBEK0<0KvG;ex4rLed>>w0NLU%CeruVo_0j=bMU1Z zlEZK9VyQPI)E{ZA`kTOe_($r{`~)KT)g?dFut|5f1<97}fgIV@qb$C-?6bUZOL#2%2@7~tKad+ zBMkrx1GZv(_bc5BIEmxTlX-jUh^KlUs6Ukc7*Wcpu9>nKYSqm@BWP;wfO5;>_Nr1M zm~n;!ZD(AJ?C9H##Xzb;=Vrug>*no*C%E*Ues1#<-=5ypK_B0T?|o63e=W z=?H9}CLlne`aWVHCtiW{R}#B|KROASMU|7nyC-y>IYm}TXWNCduf7Rb&Rbrc(4}5U z84!637S~6qna|hadOx9fI{y?$i^pKiHW_bE>Gvxf78%RCaZQiG02Ue+#K9DACmYA1 z#T940LQI;cl9q(9oYWil|DXcc3W#BPP|l$(;vwp3F(h-@e;^pm&+Vc=qEpJtajm3l zPVNHSj?8lxb-O$LdWz(Va5>BsBz(La$|9T){C&^mjo`JdS}~HRbw80dBRHr0ohiQX zNGGzqJ@!_85^@gop&N%fQ`cRjP1_epO+4SW%{s|CqlWE_JE=OmSAulxoNq4WXDKZ) zg)9kz?a$$on~%B*1*PjOEe`a}y1JarR6if=s9X;g%}c+A;wcpp{eD%VSz{Wcld63D zap#zpzN3{kek&CT(^JE7~*;tyJfaa7%s)|*ic5on8<1=s^BO{0oM zx8LCRI8`Mt**aF&`cm~SkEm5v1UwF1jE2w561dz$GCvgi4X8pEj*ows)#+Yrc-E@Y zqr(_pudC`!pYfO348ZL6=m4Ae`+hqU#nIyNR30!rVb&m5h~awWvB!`+vr9xFG~u)1 zC>+#8DHb|B_FM4AvW=1l<0I_oV1}4(*WT^XWq*UU_$BRw9c+bh)V&8n*0oCm09}qA z2oX^)qzSC(&u?mMjux*K^d3@dOXXvQoXkF&lRDe(GGugxjqkk3InGyPIB(~+S&PB@ z4IHy+AEcWOybh7ECY+zo4XOm1Guyt%wNa~{5wW@KQ7~$8pW-j2hZ~RNFya@fDVaaV z?v6pxaob{-%~H1yBjGPV5JQ$@7r2BPj~A|E^B&M$d?4W~X)>Lzk;P+DrzVw3O7AEa zw792>kEMs;kd=5}f-zhcrrA`r@X;#sw@aCSOx^J!$YHC@X60+`U1Via>Tx&=7c-s{WZrOlz;%i&-=hl2rlnCIxmB91}kCLv?yaUF5_?>f1for!`u z;}vc@fz>)h7$$huFpnv4(kXx9}H@z{9xfNO`x^dibKrZE4ic_&Mi@- zt-8QyeDxv$^=R=#8F+_t?jp^MYyI|lK_Htc{G*Op`p*5kQ=g;KI;&e1 zez~C%4aVG$bwx85n+|jzs&i~V;xNjL=RS+hdKVu@hePW~qq5eYLhcvq*EkI=uOo#{ z2f9_=z1%I+`P*sX67MrG=3c(-5KW`MGr{Ju$aaf0?z(Es(Vja{;FNeW5%!c#h)ws` z^K~ZmkJG=(EH#?>dkMN~F;h>z6oBzS%2v`<&znI4H`zB|b4jJ*flWjY5~&+S!xaXk zu97ztJ=39%c5>D4WvW}Pgks?&74Qv?gK=|lp~35Ow5%0~i~|l5fTsg&@?_r%mf`-p z=o5mKC5Nfsn>jfBUb`xtR1xu_2ip=f&#iv&zBP3Y`!6&b&fI;^-AW~c3A$oQ^=>#9 zo9}Lqrc9Jq1Iso{r@v=?029jZ1Bv+vKj2ZYw+taKcGXl1-ou_u97e+z2T?Mp)yk7R zCrx{xk1g%x*(Fh#&p3kdKi}p|R-Ng4Z}rVGT%rLExey3hxn6IIx?G8 z4yIAOG>XTgU6boxuvgUW{cR8!>bEt#@_h3fYyldaMt z;*AwrHJnFNOMbs~t$IK91ZSzB#G%2rDmIGJm^Jv1v}Jh&qrEaGCKQKh*yX4@N$^j1JjN{#73z; z#-2k=Y@a|V`9<8TV+0F3R+2@^oKX~oeG{0f|t0Op`Ol!vNzM-*lp;CWp zC5T4@_)zFhk1@V;M1yRQ6X@)G`CTo+-mSFYai!CMh`u^3O_(X1K~ttIz2SN~>i*yX zdh?wo-LkJWeY9{O7>_w?8}5)_)62U|D0JE)EF~^t4pVAYq^v?GbbG9amg^PsdLh5QaA&b8)Rc|UbwPbJeo!cqASj`b`rc}-6xF5m}O2yFc#nbU4 z)nd(D8g<5g_PoAUzSl}O7bvID7AKSG;+l|9dA%OWTCUmX`mThqg1ZL|qK0(5j7PzT zn$L+F(@U2jK4}dCcK$bjZVsUaU1%8gZ2P;vsE>r+!`8&)XuH)jm z4T}4a1UT1Y=j?wDhPyS%n$2MQnbk{G$_xgw{IsA8W`NMG$e{YdEtX>==m&no59Fg~ zW0_-qzsTm61R093(gm;Q2cETGZx?iABQ*bk91yCMDjdTg`#43z8+aMwx>;kUV3Th>!tWcKduG*eTv7|NTjteYO< zh)~x+R#6nE3Zh+w_fJKCp3+rJcr)Z3d+I6c8)mAoghR)79V;ro3j#??aqY%>mp%(#K#DGfZpxSFGd7n*2` zX*2ju-#nqVT>9lvoc3mrreq3S7b87|#-z>!e^UyNLJ=M++rTpT1C@(N3yhv=v-v0u z5NNd2E@3(?Uv0_CnA09gsL3pVMB3UAqd6g+>Q>~tymz$C-1PIJdtdVI27%fk?3cBu zGH%lsE+JbV@z9R(dN{nu!~%^ZW@t$uUxsfJhM8)&Q`@`|eW} zEnTFI#f8p`pISG+b~jna8q5FCC(c!@sW+W#R4vo(HkR3B>?gfji>SYq!N09h2&kNT zQ38e!UQ5b?7xG2PqZ~)iRg1i>DG$O%3KV3OEes-MV}pIwd8dOVAA{GRQygE?t2^5l|NJ4> z`)d_%iT13@YCv_d=~S(#*2fwR<+M~TD=B4Mr5JDn?JlJZsF=83EbsP;YUA%tjP1>G zF66PkyWviFrB{abOhA5tlglGzr|j^D*-(RlW{vA+6w%EUJtGyZQd|RV80ok<{io;o zOTYcYh^Gwcw}9ul#M{+=vZTaso)NpmWJKqH_^CyW-qd&CVS+E8^^Q?2+?CQPHXkFT z?qzY~3w&lbdg2ks4%mo;23|RJ6LJ(zk1OSPBri5m{}47^Ax+t%g{yk)jPFM(oiDAW z)Vnqm;HwT-Z3Tr?rJiTfkjz{SxBr+{xpb5zo9H+fz>9J}uNZibIFr-tV9&mK2JdZc zs&~ux;gV6zGuC}Ey@L;LfD2Lcx0dDV)j$s{zW|0&72c+N0|PJ)kkg@y7SO-dF{@+N zY1>Tk>1p=%8W4GrQVAc8li!lOw$`z1yqEm!^>x(IjXaMR!kkG0Xq*KzR1;q z1AD~#k$yDFN3jh{(c{Uj9g{ zDSA0IRRLB&I8lZsu7^@hvf*@|pU@-WjofxkN&?}pMIRc=M{<AAG+LBdH2BleNbjb-P+x45Q z&aW1vG89sGKGD296a<_X`Hd5mr|e+J*j!utx;siU%0ht4qCcV9Ty@`_ zvxsPCi0d?gqlk|1(+=`#bc19z#!!`mEC{Sl0TW2&%hAT-TkV0b?935K_|@)4fNCc8 z`fWg2?ZDW!~seI>KsRm_e z?eIKoGwx<AGBk&WD~-;j7Lc5 zLQhGGL#;re6~(o{-)BCJy|8nw$P#WAv$eQ+w&r?5oQLNY#8pR*Ves`RT4*$ie>``pZ8ZhaTo1L(Va~pLlub(~t0a$1MM%%m&Xi7e9eoA=hUJguZ z06Gm2cm5G4e-5`CR1BIl^#k3f z0FKPxEJz}Rsvl64y+CE5*Ekmsws}C&fmt~Lf{VI=2+ljS>)|*3#{)8n4AKZc_NQMGJ0;5!a!myHn8a9l)4mBf@LNM#S# z#cH~{^1Qj)?h{v}R}A>)>MU4+4{%fM;<!g7_YhawaebU|Wt3 z=exWI0J8P^fFOS=rfZEXPs4TPI{O26?OzX9S{9&Ct8qScna6pZ{srRKCG&+sxlHf8 zMlnrd*=8-|j{tQ!Pq0Ow|CT8DbO66M-^6TZ{4u&cDEjB%vcXDgR(_db_q)ptAETo~ zvHfkd{;%AOqj`$R0_>fC`~>163qLsnGM!hCfOVa1u0qD=otef_g&z+(5S5oEnFAbV zACzR0c{aH@0s2GtAh=Td(RsQWKx)2WV>!SAT;{r?SVQmTvkf?F9QIRaiR~XS&5=As ziM9SKs^3=I0sj)4y%5waV({i{g(w!Py{IYE8*!3NWa*4v=_2)rSd%7v_c@dKoiN9w zphdsb0QWXVkAE*pJH1?{r|Z!MH-=Rh$z5j~?5e6VbU00bR4Q4wPjTO+3e}9yb>o}B zy2)*UQD^wGwCSLuwO?OJGWm#_Ye4Y#MkBPsHP`drQ-Gfu$j7ccK=RfpD~`kadx6^B z4bn^(kDk}Wm~JRQjkE*(hPlwG1FA-v#5ER2A;?IXXZCYOhX@puk{Ch>**Q4SKw zv{2gSa@e1XtWx2KR~iYAb>Jz-y&)6ja@Z>vkry1Ztk*~;u-={GaI4ol?qpNF&3Wdu{)f5NBG255{fmy2jG1DmOUd3L|#)bz# z{K}D^V=^G;?<5zFJSa`RJ}6CG`D}_FoV!pvwd86)nRiQ zsLhsM(fDI*6?e7!OHZ#fb9TX7T&mYP4h|zelpFtec#?yFt%!wJ?{Jz$9a}{Fe9Fmf z*2YhKEN7}qN8xThbSKbPxz;+>#T37n=$frtN9_h$9wI(hk%mO4kFN?e=^ZzU6!P;v zIabx*znC)?UsHX=2Op^sij{4x8Ep$mK&Eo ziQX*vsb1!CHD4Ro+D7pkFy#V(1N(W^&x-w~c*>r{ix!_ITepMySc*4~CoAoO!BwFs z-++~G_>_?A^-^ajZ33HK9PreW^zweA3!Ljn@K|*^V;;xCri@lv%ofnz6mA~ejMqpy zOqQ63(t1?cU#bYo>KoH4m+2mT{xl(?tnAUa%C1~XAq1`JWWDzBM^i9+P6cl9aSyOt z0hF~uyH!muHq_ob0L5&oV%$vuNXLV4Xp8D6YeUzR3tk%u*EL>z%BBx~Ys|->T>qX> zZ0DmD)@M9sYIB`Wr+KSG7R_Yp7+2O4miJ6chEtvYzRir#9;l62zyhBlih+DT`Mo*x zTCQI}bN@2sOX;U=Qtko4`}+D5d3j7W=uo*au&p>Q(zr#uLX!5n#~oT?FNikC9e;9v zc}+UmWKpbTCEz>fhA2MxiJH&J@?WL^uk>6O&kguFl>p9wdQFh7~;19k}y};&8#h z>G&ZHvRVvCZ;n^`XeVt}M!K3?%CV4!vIjE5Gwu$Tx)f5`w+1evp@;Pj=PC54ffoRQ zj;+X7dH@GUY|IH~=UYNiwx7Po>`Y;+`NNb!5!Urx$#41IZY{zf1>*og?c#?ADD%_vz zG&9MP{85N_K%T3V``Y&+RKX($G~T_t9`HjbRDG^cSx@xA>c{F&M!jC8A*M!WpDN6|lm1v>!y9irmA9#v+)Y?0$k}!hlqo&rtz}F{d2g^oLw|)S2Mh z+w=Jp9edu~q0GpCH23-Nvpqd3+~FZa0xy5ssJ=T5i4_nUP@;(@+27xXvU*XDs=kY=3*H^LnPHi2>5Mbk^p9U9Tuhils}$ei(LcY8g=sB` z)TyvL0)`C*a(vgFyGR%xisYp+=$poY3EtrS1N3#>g~R=Y_(IrT$7`iewLbUC@hii_ z5UXKMYJKAsO`c+YntEV!;F4FOZ%HlBGcQ@(I=qHIP$}`a94WCyY0Po2Q{|@BN1TResG_Iv6 zG(GIdA}Ru<*+~B2VKiYozNztm0vjS*=XEniGMz%i3#v}5s`nZ8>P`(-3Uq*z`oNX7 zPA-wDZ5kJ&ea7Ngt@4$tR98GnekjXXxu&6-e*biDy&EHa{U<99RV=n0VU8Vz`^6$s zu4;a5dmvUDPS=jDYgK*-DW?isHma$zX}=Dk^sT7p{0gWN#d~yvG9A-g@ItAOsaxTD%xeCaF&@;hr1a>LPiKs8R|L*Tsc7yw zm|)0ZcLbAPTI*!fZ616Y$VWQ@OEM>;_WtZzL7B{7$B-Oc)1pm1uOj!YD~yUy7E|3Hnk8<43XT(B>$; zL3KV_!2qPZ6*9}!y8Na6{U6a=cQG@V=h;7n11lWW;EVD~FEc|jXmc3>$)vf7)s;Me zO6!OS6?M8H0U=&%FeVUXzSmrP*#ET5z3`}_AjR(nOY8LW6?E2QV)goZziHEeg)i6% z3Hrjv@1rh<)yz-=m$@of=OfSj&mK?K7q}8H^i9;tlxJ1G*pN@wmX`E(nMutkSgeve zRw3Z6x17eSEAzd5Xbj{M9;G;81CnE-#hofr^Z40JtsVV`&6%SB^QHZH9`n^hA{0lQ z=BH8xMJT|zTla#y73D%w{1tB3CnrZ-cJ~|jwf8wy7pzO+t|IC%G{BMkAOV<5r^>N@ zg2!=;Y99w*5{nOwuj37ee^(gM7*o@NOZ-2b(Sh9rXrtm%^m*N=wR~5;Dcm%!H9Jy4 zBv2MA1U-V9?s{mW(mz%Ft4k1Xjuo=6NO?em|ELH&ftk7u(VwsU_w#DNlG^zkK>L63 ztvo?}YlHUR|M$;V{{Q>@xf=idyc*lF|CB*CN(dgS`e=3(`9)C2e;@R(SA1hYCl`UO zb7M&!@j~y&vO7NEVJaj9MNwOQtpvqlYoIuw3Vk?F!c8or7MCdotpEH0TSWk>0Nr5y zdzsRVBTFXveMHukaI*P;+Vbd^o|Am%VDw1b!LHrf735)EzDYR(!plCHc=|JmI|`GVNnf!vD4C|MLkHU?Y{y z3rv4GvHtT&Fr<4D<-@j!^?xn|3@We}#CtmPPwM3VJ{b8O`0d`)@QM5ro%o*%q4m&U z!1~nvYx(}?6JZb*kI~~R_TOLr&sP}0@1v?^8UL3xr9kxpYQNrQFF2o@`=efF%KFa$ z0|337s*?NlZWSb!A4q=^I7}1+hkQAXfHsaI>s@RVFhBI=$;Y9U5x>1U6-~agqTU(I z2r!+izbt)%xi(&`8GoQvWi(9Vw4UtH+MwPTqNKTWk)IC4fYBC>mz|oE2tDhIZ2@eC zzscwnzJ~yAi=bEkn=?%Pg2~b0@ltG(<&h$RF&*>M%FZ8q0cUe2eU#~Eq)5Yo#)Q3K zt6qeI?Qsva4FBs_0kT~bY;iC^F8>MFf^>ZW+>YukiqS9ktx_ zC-W|0+H2i+;A=Wg0ZAg->s>47M~`@+60e0n@Za$vwHkHB9~y@)yCq-LseF0a+8(Hi zY(`vZKKlZ&yBbq+oYxX^s8PR^A~K~B)89SKHoyJk(63@qcWmEPzu)j6#iUm%nt0>3 z(?xG9tS$lR&^~aO1qKC3K;CLNZ&K5#l;`-vNXp!tbKHR2C^n9fKNnvH66&fAQWWqQH7fW#(nccD{bzneIB z4?ebDXUH>^5s-&djklerSeU2T1juC1v)=^cS)XowRPXnMfm>CNAmowRV#0hqDgzC=3!0 z)@swfT!6?qe%Oq$E5zIKcsiO^cFShW{mp#3;2wYhxRI)GH)wD6rz-L@I!?if!0(1} zh#S`cA`Zswt}oY9`A^lG+#A*wxepB2frfpk+DfO7-D0ku&1~wW?2~Qol1}&lRiUJ> zTe~9~?OmA&YU1C}LbOM4mmkCE*Z|3?{5K&O^)4XI>j68jXdq3Hl|)+`RYu%`M%Nbp zw5xFbm*X2XsKYWr%S4XykME6$mNV_8buyOjE#3&Q<{O$JRe)H#SVE!-PVeE}W~co} zBu@#~YC8qO5`rC%PL*i;=-ckiaQB`1U<&-!SqF;7CJA1yc>UgVRj`96!oaHd@*ADJR zQ5%NrVOeUn^Dl#zdL*^Q^lWFccHnC#9|chCzx;iRajuBNvNm}CwCX2mi}QX5KhZhr z%svFk&blsOa@C-RZTe%r;^yIJD?bwya~Vs_w|8TQ0WRK`cS22HuKBOJi8!5Fsd0|l zIBLyjd2G0Tj~RvVs5^LJA3sdkbwFVHW$BW^;$JSa5H?sy8QIa^bd~INh9B9~cj+Xu z1R=EN%4L}^&89xo5qYwFEK=i6Mueqy4O*&jyr}T~9dtwHDRkpakDl4V3Z)i(&*gGf zzyz1h0#A;d{G8A|`go-~13@_kMGi9^4OU=z^aiA^7+c}O(zl!FprerID-~;~cnb4D zCr9%>N@iEwc>y270SL>1GuLZmN(~{d5TH12j(&cS9pv=bj z1bjdcTGGg1v-T?zT(yu6S$95&1(rj!Wl{wSdz%H?qvJK*mDzp6^#Y|zE?z1YXdwl+ z^4M+tlohd#2gs*d{paA&W@mG0=(iBg?1hkXsNk1txm1%et_MkeyUmJ9h&VKTmD zvlgzwMP7W0kj0LZ5HxH$|U8O}lNY$dd)Pbu4Ry+F>$uWKOYn$HG+B8O7FTR^4seIMh@4TW(r1F4_F6`WeT5>3yJ*l z`H5_zbn)TsB*cP@#vLGAUPDg@K|CQutQk)+3ArTQ?;EDz5YXsE0(U(_7*xEF=UvE* zkR$>QmO)lgpA}ECH?}^kh6`0NAy^7f`gv`Go3O)QJ z@@R=Ftj+sr2)VoPOIRfnPjS?gHh=VCz525$ld1Gd@koj(*fD1&$v6fc*}BG8PPL=c zxeYnzsLb`>rh^a9XKaKUSiN1q<&xTNYvkx^yLj8mmo0KHR!L*fi1j=9chM(55T%SK zPLnt=&a|yi#%62nhR1Fe4AAYzQ93!=*+lOt+4th{Y; z=Jt$!%{h>m*Z$jf%ZgXwFvp%7DY!Ex3jOknWuaO4Ew+Jlg6?Vnh#mYBCb$-_7aGy_ zCIb8p{ZR4CbI>^PzIe9sBio4xLg9LZQniCms_(gH+sNdR;z{>DmOMwKloHY&$}ycR z8>8^q(V-Y{E!GP0L2+ETGl6Zl9U+d6fW)=*5X^KMT8<}kknRDGZ9WoM;igzpS$^n? zzn0XVnDAt-BFJnl$YyhjnwGbZ23rUq+R?%ZSZEyTXANM7W)rKq8N_(;(X^$~X zAb7PIOBgN*kN9M524Yc`R|hTUpu$TaThIWUjru378zhqaQ5(l222*A_2N-b^jfOMx zfbL!wRI4`RWg12e{D4P6p3Xv2m9>wp@+k{;wL+0tAEX~;R?BbABp$awydhKG_5~m6HrS_h8`iW~KWkNsc-lM`H@PCT`gQ8- zb|Ddv^hgR`iwzkE?hA4WDtXX$GD&MaN=rq@6jI|HTtrpzCW|tBzA26txQQl2AZ|Yu zRk7iR9$VFQ79NsWFPXtg&1jo(z!i6{lF0U0rW|Az!MY#3rwdZ*{Bk|$ga4f?)(%JTK zAwLSw720hGGtz4Iq$VHC_gL}gSfvoH}2$*f`y@F!UcZ&3&06>i}Y?zaF0Bv zr4}F07TFT!5f+wrI!cNDTM|dyXJdvCF*5g-Je=b3wxdB(7z$2}H2+7&Gkj#4^(r0< z%`l7+t!A+8k4FXr8@`(&zYs??F+j#G`7G)=Y6Pl7yIJzi=DyAda?z8Tg*!6Fc7p2m z=IzBAoAt4=*|%R=H)pq?)t1`3h_G=EC9nOy!NTAuI+{&aj<%u|IJ%)gGRc<~?5s{u z3j7uY;9%CMH&=Ps17zz=QjCr1Rjf+>dfazX>c8*bkjU*ew z3_WV~CfXy`x;2F+*_3Rg@Yv-6Tk-xbSNr@bRTuJKY3L;>XB^+|$=9@rTG9#P5;t(_ zw8kyQ91VGWRV`tQL4|0dIXuQSao#ASH5(*>Sw9xeig`|eTq1(Wv{2j05om(Z`rXRJ z+qPt*y*j{S1Gq65ox{-x?(RK zg#LaE@X~>8C2T(1kCDG4i({riK<2TG7HU&Ia>>;jK4?Zu;us^egSMSr@e2*QKwA@y z28fb>(6WenyryKiI8DE!c5obBoCibAxy`fpGcUl#Y}nYHH0N;R-$v>LZ)k zx729_`Y8R>)_cr~u-~P&l80GP=rlEo zi31CE5#)*!B-BBCgf_o-QbXEy#wb47TLH+{!%O zC=3)&Y+esxcfS99oJE5qwF7%}$Nh6gHP#WXviWZ)p5a6+ncXScG%&|Ca?4=4_r;pl;;Yg0me!*BPu;de?m2ztO(DZB%t zf!0Y%d5p2hQJ853_^zJ1Ef8zLgqk4XAS271vuGaqKtsFf)w-&YL>4+SQDD__n)M(I zIpiBjXTsHD2^Sh(o@ku>2a_Soir;yn#XRc6c|!*mig-;@W^5MT9sg+i_*SzOeXcFaP>gMCwnUTl|^u)^cxPtdP&4n1}!YtZrW;V5f>6g z3qwp_lx)w+R)bt8vngJZf=F#FQ@e%*;;v2hcE^}q8pSJlF_XK6$8&RIqhnn5*PRW4 z>O9AvtCQ;xO*FLp1kUXdJl_zGc4=L(pjlXX#|2is=I6(g8OiNf>o^V(Kh(i@i@VCDgL*7aXBe zOL4`;>mqIQz@G!1?4^!2S3RAl#M3IskjV@qa}{g2HA{;wr+}7n__6)%z9I?Nd?WG6Bonn-_g8t>)zLjGV0#5F^X zD=}=PFYWAMqSy{5U4u$t1V2hx=$vW~`ZXPaj4rc8KXuN9pxcJu`Xwna#1W!5JGIE@ z{iWV*ateiKZqqe4gG1V|rZ%YEe7!)=C$=guD_p5`z#g3vy zm5sd46NQ~JYKh!2CiCgHMIOr#x-%OJTaGfdIj#zmXRXulF<&Gh# zT5#!WKTo>bdzq z`%0GzMEG7^qMk*JB$y6y|GXk5J}Su43PnSuM8rl8YX-o>DgE@ABSdU*ouv!`xysRv z#2k*tcH^6ycq?&BPb@vD@4b_tcQ;F}QA|JUAEhDF(RZ7U$4fFLLxBdLTSDcv~|f^

LrHfi zDUu^yiXZ|*cc)Sc2r_h+FqCxjZT0qk@8`Mo-}n9aj^pJA2M2S_6?^Y%t#zJj?QrbZNT*GkyzRw%o%PHxC|D{8qn)Jlij$OYdvoye0;XuD_Rt)SC zuH5w%H2HvQIhY%}haW0n63x)YXVbL%O!M0{`|##mQX9D>?i_>r-E|T#ydVaxh4fp^ z#9l_7r;X>Q%GvE1G8%@-E{JP)Gwv-b2nUI7R$6^Pn%qj07QsX#h|X3_W_(oM=Z&kr zUo96B1a1!5kW&1WYCRfPncW}YMS0MRBF*4}HUE#{K?jWP%!OF(pIbJByfGjc>B648 zQRQ^R@lSiJLA6=fwLvjVW13m=M(1JKrl$|IRIC698g->^;||foRi?RkU&QEcGC;Cj zo*VVqB*{-j$HbpuTJjNp7bIL~Bfu|2Nj&^;Hzd1ADQL<@Ysz?)2Zp>~`?ATcjrJkI zqZt~Ku%t(b#Mt3eMKa(Aw6Uv5hi|moK34 zn-2>O8z-3>qhBu*vvLQ@6Jj?43=KyO6+#=l4o!hvO~uGUZ@Qrs5^=i|&NLK8Ck_F1 zspS;{L8J{HyH=^TV2`+timc!?JIU-3K(=LBoU~$oADFl9VRf6Z?qK;(92f^wS?|7w zwUgse$y{gBB^CNdK^=Is=qT_8$PM2{5dMHGVqfTth-I3YKViF_o`Hw*pgAL-`Otz< zXKqJQ)Kb^ko)Y}H11xyAwelgM@Ss;KWd~_YF+&miv*Dz&MSj74S72iX^&XZi7FB$H zG@m!I3mcAddn)v*9XxQ(v%m<&fXwL#aXcW_d!K|f*nfMrp~N zWDG&{(#OQPCuAz1G^Ux>a`W)YUEFnyRWyUsU}aeZH~v0Jk;)k$-`6s>hSe0N0eFoD z#LQ*AdkIkj&Q`(|FVbx&+tDHjtnWq`Ipb;)Fetq2)2J^xVSD&4>IIFcf$oIBeK+P^#vurD$bWlILBmQ!r%hv zSG(%X++m?5DtkQ}61e?it^J*Dky8D>=q%fdbbcN*dL10E{qo<#mFh zO##sWA#DG}8=f1)#*c~s*{J}U`;{{=8jKWb7N)s!`}kbB+{A;9#>gFQ|bdD47tRCV5@Sb#CEuz*9J}GT2 zf;U1TlYk1vsUS58wWdwloBQ6DMG`d5h$X#i{P@Adfimy6wTci?`)M(6Djkx>ortg! z+8DU&;mQ5~h<2l6#meTg*-w*s)K)rlM3Jc55U`KOOg@&=JwYd_phM~KTQcXPu4kci zaZS+b%FaMx2HFahxV<)_5DJ#*8?L@QJ3v3l?DC8&J*!wT2PrYx_SK@afWcc{V>OrB z{C%~Vnn&2!dZk6sUX#f_vb@CVL&0l(OEH;u5T~b^C&-lpM;McjxPBn8f{nDdh%{&u zRd~UbrfPB;OQ25TF@N8O2~HmUB#UimF$t8n4IAo+t~Ap4Qko^nuY~mYRuTlVF5iwJM;4C}$DV*>xa?;X%vN7Ml1YYnK7J=w-;HKtR_=e!YPg z-L@P7*qx*vHfkp#D_7e9w>y6ok_Y(uJ_&ZsPZYfzz~!IZC>)iTY}=98?Mm;sqSarb z!0CS1;NX}^cyBGe#Q0cwtF_Qq{%mMgzVx~LLbU}tqPL}gKG^r1g)KNeZj`|=Ch0w4 zAOp)=kbc{YzJMTGlQN|bE;KbnI~h}z+6%lsS9PsPtBfc*8Z*Pzz5p`5b#<8^HS2Oy z5p`WOleS7t#I~I-39hT3($oCD9k8dVN`lnEg?qxDdvb6_Mans;w?y`ba5miv?EL<@ zTLaviD}#9sM?03=pV`NNDoz(@4$~W_IK}=Eq^=|T{!yW*P9kH{xhBHW_-EHmRrvWKjk0M|6S9t4a=V2I!G&KiClK3*o_MB@rrpHR} zw(!R9sSrci(a~v=49tovZvXX!(BmSz1>HZNYSGr{#X> z7v~mQF)h8jll7j?qd-1L4!B3*!=`gC*2dzFnHp!5Q2R|{6XT0Z1T=94n~A4LUAtvz z(�Sx>*g4O#L3{NMD;769(-yk3?6trp24K-vg(c2~>X2^7b>N!@5AbIN@cBj|s24 zpQXd*!_PNk!!MD{Ft^MPflg!IxR*8ab+S&K-$ZN@o%f1bnNKjjGSIq3_-)eX*yeDp z(y!A=t9$m|iW;bb8)@`y)N4Q(T1%n3N6y_RQaiCStItYo!3wgPJ+*+K+WMX? z%y>mfDOnBjko!A$wD(fc)6;}Kt)}MXu%-@}l+$+REi0cL?JW<;o=r`rHjU_Q_)?xH zkbSW2FiIeUN_7y=u*>UYvg%*9!6td2dP`r|%#hp@sKZ;kzGPj#a>K!yO}>NErNAu8 zjKhTNY^v8)p#5$SE4Kv@dp??M|9F@>b$Hs)xUq4V>Nx@W!Jo9Wv>?)ZOsuUD!rax> zDkSa0gBEL}sm6iQJ2(hMD4lmSJS_z<2;ty1vr)<_1OOYOw8jf=H_OuP505UGWz;5A3> zGjf3}pNrP?@8y^b@w&c$^4aIPNRgg_mt9^;xbrzqns9>Mk7vV%L@}a)jD-VI z1Q|>WwjF3SoNPhIDjTd+a@hm~Mv>-I)sESCVS-Lyjas$X!uvo7b!;S)U+K9uFHa`w zQwOrGZAf(=Ag5`zyE4f4vN9wrtaPR@uCb5&Bl+`{C*&9~&+SiqHg37Q)4MalI+42F zjE~>t3?X0X6yBhuv~J%%n2Q{PJe1VNw3{*260L2yh{CNz>-%T1Y zeXEQVJ=2m2CpUYhiH97NLRYG%!K>&^6||s{%eh%9GW-DDBL6bN25eVHs?vDmzDCp* z(>J6wM23V!HFzICN7jB3Xg+F!;^pib@T3f?Xo{k~&?r4i9f;j4$wp8vulM(OqhsP0y>9IB?`dy-hPAf4<2S!J8!by+EM6X=Ji(}#G{4Hlk6u5; z0FCRw7d?RhwT5z@V^HV5CKQi{K_GVFA_hT69auk!uIts?QfM=QrOAfIU0tH0qbv** zh?kmEQwrY`}dL0?GEett0lcedY?n0(lXi9&fV~ePnPrbgpd$wB3UK*9fLS*UXJh`jX zp|PEC7ienNq1j3%bBW8GB^iZ#lL4%4>3DwsUFp^u;y828afZ-F!T3In-UDOyHmIhW z?Hi3O$l)T~lfkN&Ke2x2opA84B{t3PAB0EoT|-$K1p)l~SOFz6c*U|WFVAh)QFg#c z1!fHUWP%sRW6!EzQ-;v3R4RKR4Zq{*6J6N%lBPr4GNMDS*D#a zyeBDlO@iuEg7WfpE8`xu26ciYKj`Ttl!5Ospx#kKMNMrBdyjJC9v^%=Q(_?7YNQ{V zcXIo`Wb$4xk&2VEF() zzF+ttUxx>kT>;>N>)C=|Eea*VgT!K9@ka622!l*EMFtZOi9isiS(g?%RqYu|ATWyp z?9nOWrly&=FM?@Awx0RWn#MJeqqezT+@%&N?7jvI-&#zsh=Xd$uhsRXQ!ubBz$beH zM_f_l!5yNC?k~OxcZH<8R~gPo_^U4Wj5CTgJ{IkT4=6ie96>F)CKDa6j>eAKRkAaL zTP-P%vu#}a@gj*q!Y_fs7TWK~0U)66!|f$tRPxk-+%5!co3CV`ce;eYtRUyG!okKa z@_!R2G7J*(Y|eMhKa#qyz7JdUZ&@s5R?i*2v)kY>-|?t&*Gu1~)@fOlf)-|^wOCF_DXxe(*-8ve35xeX5h??DWwn^=`edRu>HVUpnIxEmSzcp&ulnuK07@Xq#GnjAPSx=>OF5CK z%D}Ec440gj@F@-&`A@He4S9uj(un4BmEb^4O!K_qu5J8frPIuOZRt8=1?S_=lXRt! z0?_@=JRiZ$;>Pl_gTeJgJ7P8_$7H-lyhvE7Thxo#U1e05in-?b;q3bW_4f;(z8&pm zYP(b3MPvlr=yFLt%&b0#e=fbMU`Zs_Xr_VY`^bs`mcQscW~@5V?o9P|b1|*9FmO2V zifQRgMOy!=ztPA}x@e|W_{Kt3L8C%@4?|Ybq25@@W%Y%*nHy`lD|-{XazhVt&KbVA zH1YjqAgdTI;`w>*t}w9aloc(|gAN5|Q!tx}mq`T*NDfWO5fED%YI0@(`Sc2F|2Q4F z+~uwzFmS^qWaL^_{FwQuyk_D+d>Cn(%S53@F`PHI=wl!pa zG9KKSr|gZ3o2tnZS7H6nb)cY&;uTBq$8}1zp)p^(Oz_Tu;QO7q58;jm%)oV|^;Di&e>Eh) zCF5*!Pm9~_yD`H3%WjbKk3d!f_XfSMMw7KaYIxAV^` zENIwR_mdzlt#L4(Xr6~Y2+NQiPSC&h{WqLQhLe^Ztu?{d(GK51y9gZlFu zxMg!G$0lXk!rqg%*^9}@0G~ZYHNI-6JBPvU!_yLK&rSNKpd)JgG~uN)TYIO){l|wK zIbOaON6P39W4Usw8QZ^yQXu9K>p}zN4<%SUw&TMMR*!Q&6&pU&cU9cy19c<{vCL*r zh3hODA4U3lo**z^gF=?_EHk zq~L(L#Rt$qlV+ZXpQTup?l)Jb6(X6lGu=?fxP2M05wT=FoL{i5#p_y z^-J?2j;`S^_bfwFM16fIG*Cj1n^11pCg4R~kmf#E2StEXwLRf+=ugV#ad$jwGIWG_ z5Xhtc8Z?7sWQq%0^vu^t&0kYYiKY#9VtJNJjLas^*;YdfuMd}arw0VzIEI?kmi9P= zPWDZ+@4ja8HBwNh+xK~i=eO%!dzHadE?(7PMXwGhb3MpFG6@kBE`-f+9&ewP*c_s( zLhLlO&G#yK@!#Yb6ux35SJPH5w;A3!t#}xS*|lJ`7>}(cF*{i@q=A7FC!e(Pf zQ?xXX-NV@G5g&`hCs8PlwDUca^a!7Pgd(%k(HJU#AYne6BO;w}_B`tdgc(iLP_3?| z`&y!Lf6;LvA$d$|Tz_AWXo{=c5#G4fn$G?hZMR}|MARmwgAw#aKtew$i%8C$Lx-bo z*=_tz`|S(Oq}xUfMOWNStv4JTe6s>L$z7rWKzK82>`U;>^7BEk5l8?= zxzrVlsu?JAdKzci=Qr@VOsO<&?j00S9#vizSRm!X%@+Ck(*tA+SbJvPZs|eD%KkFq zQq1@AK=psfLe)gx3lX6x>73uXTCn^KbN99Tx{gD7wV+6~w@#O2drVTb{hDn1`YrF- z8pBF}8Bmr`>s)*}CpP#a{8oP zBd4_NqbEA#Ks-_FTA63YLqILy^v+u)oleU|IL_wh!mZQxgN!6w1Q$L%3 zY=k9S{~eP3$A{m)VE^WV_*OXMs`&T#|7Yy-pMTk3gUGow8xj5CW3g$Oi%;h%6o-F} z$G@&H4Q6olX*1)mNZ=Pz{dHhdIPe{ONkv$Hx~(H8=gt9{&~MK* z$qX)(&(&IGt6(&g>%r$Nghlt?7yD_|S1#SMiS}TLkowO@{rmAbvo44`yiIYjCI7=c z$<<%TVpFwyAN}JY67RqA0!DE)qFP@W`=Gx!ntdXSX;Fa3+c<%oA>!xAPVZegi4`pb z%&Wa8R`1}o%~uy#VuVAWL%)XMzh=*m{ri$>VRgX&(*anQu>bc2|2qbL{}OK4F7t;svtJV&@c--el-7jqz2!TCL_c3w++U+2)UFh`%F4s7+^Yeq5QC|k)dFaez}5o?_L-M;*jZx3pWCN(+TXSLkzh94)^8ii5{xrt4# z?VCSe%5oA5yt3c1T0NyuZ2a05-)5iz&Z=|IFoIHqe!C%!E-)-W?i4e!N;obRgaih_ zY1ZR-{)J}$IT?k-_pBs7H=qZ1z&|B*hcu%P*dRRgWozwkDk-H4&A27cq9VH+;Ih;( z`dw;kh*{SJTdQmY{DWe0H>l6I=^J}xi}$%OYwC1tFKdC>X|SXK;xjkc^If%TiKnbB z&}Yx!T*QT;#1>^Wm%wEqr3pdtALVYq#xww?F^4B^8q)?uciXyJJuV z@lCmRb0d{J1np5V54^K@IejXf;=i*M#@ZVtn1bXa3iynv%~cpuPEV6(8b zVYZPr;jm}@LTKpivlGvmq5cLnKA`p)BD|4kVaUxA*t&XK@J$7DJFb^sd5A;1G2>0- zXg|?};f77CF5Z*#Qrocmlza+%YZG*HOvUT{cEM~Y^0U~? zKP522v+u+0h`ku>_B_-v>-h8{ah2fl`UU=N(PWbPRhZ?#qWdBU@M{n2Q#VhCHl-q87X7gs}>z*q=OoJP>G`b?XQ^aQZxlWp;({|ma`)#-bkbPga zv|>VanNZ2*2tvDCBYDe~CUs9mEG;GMfz_l3K7AYh8{=v!=D)c)+mBlF?}=vDuj?z2 zK~kNaotfL%5?{W0hkpA$-kdKkC9CA*8jHC2A)s(s2?JF}lSN6D0k^8ByIbYe?Xmgq3uV19>+fE(!@-03w*07}!^pLtrJ4Mb^k)_P^x#SznD4kD;Wp# zH1Bn)f5l&%2tUj>1^FWb`3vw!#^)lqcA%lSYPpW{VPnm%O@~e&MwkBxTGrm_u9W6z z+TARg#S>VKmkG5G38Cu8a*Emvt!LAT18<)F&oR6Ev`VT&P%-TJ*)L+&s znNQv7f(b9g_N-Zlh8dU}K2jr}TUZxfI4FK>snuAa&olmQVZG-pDRFQ>xzbC+VErH? zC6XVuZ*h0VUDL4#=$d58WYwB}AW_T8)HYi!5FV*YeE7~S@=JYTOx;9YZ9pzx@Yim6)DhifM1! z*2c)utGXt79~#iI+F*9B@Sf&97I}wL10a|Z&~mnS(Zyr+OC(dL{sOZcXtBDphNq~> zZ^*qwPn{i?(05}XR8yq=LmFQeuft@YvV&lmbs$nwDd&CSjlK~ybesCe?Zr9{bQV1+ zLu-y+ag&AdpM;_(vML3J9B=fk78t3xT(+O+FbWLzNIoe(#s-*IyoB$g1S5^4O2c@D;V<^@Z`}0r0XCH` zD(Jc`)p0QYVMLl>V94stnMtvKvj)D;)^sX>gp>U2FRuJyQZ~siJ~b^&yn^}k-;?`; zx^v40x9Zx1^G4#IvCBX1r%ncp8SL#-|G${Nf1PLYHb9f9+b!?@Fe?`e0WjW6$}xic zJFNI|GC$WV1oWQ&{|^JftJYCqR9qt>9{ee6#~yd_KgaTvH;Qmk$BeiDe&nT Date: Tue, 31 Jan 2023 16:16:58 -0500 Subject: [PATCH 04/19] Update 6-cookies.livemd --- modules/6-cookies.livemd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/6-cookies.livemd b/modules/6-cookies.livemd index 028d3c3..b6abf21 100644 --- a/modules/6-cookies.livemd +++ b/modules/6-cookies.livemd @@ -206,7 +206,7 @@ Opt-in is the process that describes an affirmative action user takes to offer t ##### Which One To Use? If you want to be legally compliant, it is safer to have both the options with opt-out as the default. -ADD PHOTO OF THE DIFFERENCE +OptInOptOutCookies From 7f38bac8d3bf67e1e4c931d2266d7c74fa5955ad Mon Sep 17 00:00:00 2001 From: Collin Stilwell Date: Tue, 31 Jan 2023 16:18:34 -0500 Subject: [PATCH 05/19] Update 6-cookies.livemd --- modules/6-cookies.livemd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/6-cookies.livemd b/modules/6-cookies.livemd index b6abf21..8d8bdaa 100644 --- a/modules/6-cookies.livemd +++ b/modules/6-cookies.livemd @@ -206,7 +206,7 @@ Opt-in is the process that describes an affirmative action user takes to offer t ##### Which One To Use? If you want to be legally compliant, it is safer to have both the options with opt-out as the default. -OptInOptOutCookies +OptInOptOutCookies From 079e0be115042eb60b40ae28d8e1afd6bc32494c Mon Sep 17 00:00:00 2001 From: Collin Stilwell Date: Tue, 31 Jan 2023 16:21:42 -0500 Subject: [PATCH 06/19] Update 6-cookies.livemd --- modules/6-cookies.livemd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/6-cookies.livemd b/modules/6-cookies.livemd index 8d8bdaa..3e80262 100644 --- a/modules/6-cookies.livemd +++ b/modules/6-cookies.livemd @@ -206,7 +206,7 @@ Opt-in is the process that describes an affirmative action user takes to offer t ##### Which One To Use? If you want to be legally compliant, it is safer to have both the options with opt-out as the default. -OptInOptOutCookies +OptInOptOutCookies From 84f860c71e2375d8b9f952ab0f041c6a3a78b821 Mon Sep 17 00:00:00 2001 From: Collin Stilwell Date: Tue, 31 Jan 2023 16:22:02 -0500 Subject: [PATCH 07/19] Update 6-cookies.livemd --- modules/6-cookies.livemd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/6-cookies.livemd b/modules/6-cookies.livemd index 3e80262..073530d 100644 --- a/modules/6-cookies.livemd +++ b/modules/6-cookies.livemd @@ -206,7 +206,7 @@ Opt-in is the process that describes an affirmative action user takes to offer t ##### Which One To Use? If you want to be legally compliant, it is safer to have both the options with opt-out as the default. -OptInOptOutCookies +OptInOptOutCookies From a80df673d540b270948ee76c87cd93b0c0fd6d06 Mon Sep 17 00:00:00 2001 From: Collin Stilwell Date: Tue, 31 Jan 2023 16:22:22 -0500 Subject: [PATCH 08/19] Update 6-cookies.livemd --- modules/6-cookies.livemd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/6-cookies.livemd b/modules/6-cookies.livemd index 073530d..867396b 100644 --- a/modules/6-cookies.livemd +++ b/modules/6-cookies.livemd @@ -206,7 +206,7 @@ Opt-in is the process that describes an affirmative action user takes to offer t ##### Which One To Use? If you want to be legally compliant, it is safer to have both the options with opt-out as the default. -OptInOptOutCookies +OptInOptOutCookies From 2c076e8bf2fe73a672ac0f67057f1d91194fabde Mon Sep 17 00:00:00 2001 From: Collin Stilwell Date: Wed, 1 Feb 2023 10:27:25 -0500 Subject: [PATCH 09/19] Update modules/6-cookies.livemd Co-authored-by: Holden Oullette <6202965+houllette@users.noreply.github.com> --- modules/6-cookies.livemd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/6-cookies.livemd b/modules/6-cookies.livemd index 867396b..0be9822 100644 --- a/modules/6-cookies.livemd +++ b/modules/6-cookies.livemd @@ -176,7 +176,7 @@ conn |> Plug.Conn.put_resp_cookie( cookie_name, <<42::16>> - domain: , + # domain: , # path: , # secure: , # http_only: , From 4e3dcd914dee02464846ac91a34e341eb76c4d21 Mon Sep 17 00:00:00 2001 From: Collin Stilwell Date: Wed, 1 Feb 2023 11:34:57 -0500 Subject: [PATCH 10/19] Update 6-cookies.livemd Added in references --- modules/6-cookies.livemd | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/modules/6-cookies.livemd b/modules/6-cookies.livemd index 0be9822..0cdd6e9 100644 --- a/modules/6-cookies.livemd +++ b/modules/6-cookies.livemd @@ -159,6 +159,12 @@ The encryption you use can be a one-way lookup of the cookie value. It is possib For instance, in the next section the Plug library gives you the ability to perform those actions within the `put_resp_cookie/4` function call. But if you store JSON Web Tokens (JWTs) as the value of your cookie, you can achieve similar signature results through the JWTs themselves. + +### Resources + +1. https://cloud.google.com/cdn/docs/using-signed-cookies#:~:text=Signed%20cookies%20give%20time%2Dlimited,t%20feasible%20in%20your%20application +2. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-cookies.html + ## Elixir Phoenix Cookies In the Phoenix Framework, you would use functionality found within the [Plug library](https://hexdocs.pm/plug/Plug.Conn.html#put_resp_cookie/4) to set a cookie. @@ -203,9 +209,14 @@ Opt-out cookies are essentially cookies used to avoid cookies. When a website cr #### Opt In Cookies Opt-in is the process that describes an affirmative action user takes to offer their consent for companies to use their data. Unticked checkboxes or buttons are the most common way in which you can implement opt-in mechanisms to obtain users’ consent. -##### Which One To Use? +#### Which One To Use? If you want to be legally compliant, it is safer to have both the options with opt-out as the default. +### Resources + +1. https://allaboutcookies.org/privacy-issues-cookies +2. https://www.cookielawinfo.com/opt-in-vs-opt-out/ + OptInOptOutCookies From 7952a9ddfb135a56aed1333099aaddbf2a7b0bb1 Mon Sep 17 00:00:00 2001 From: Collin Stilwell Date: Wed, 1 Feb 2023 11:37:22 -0500 Subject: [PATCH 11/19] Update modules/6-cookies.livemd Co-authored-by: Holden Oullette <6202965+houllette@users.noreply.github.com> --- modules/6-cookies.livemd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/6-cookies.livemd b/modules/6-cookies.livemd index 0cdd6e9..f426d9e 100644 --- a/modules/6-cookies.livemd +++ b/modules/6-cookies.livemd @@ -199,7 +199,7 @@ Personal information is not generated by the cookies themselves, but are through ### Tracking User Behavior -For systems that use third party ad serving networks, such as Google's Adsense/ Adword pose additional privacy concerns. When leveraging ad serving platforms there is an impact to user privacy being there is no obvious consent given for such tracking. With the rapid evolution around cookie based ad services and tracking user behavior, it brings up the privacy concern of using default standards for cookies. +For systems that use third party ad serving networks, such as Google's AdSense / AdWord pose additional privacy concerns. When leveraging ad serving platforms there is an impact to user privacy being there is no obvious consent given for such tracking. With the rapid evolution around cookie based ad services and tracking user behavior, it brings up the privacy concern of using default standards for cookies. #### Opt Out Cookies Under an opt out scheme, consumers are notified via an alert or window when they load a website. The user must consent to the notice before they can navigate the site and any cookies are planted. At a minimum, the notice is to contain the following: disclosure of information gathering practices, the uses for this information, and policies for processing and disposing of this data. From a9859a0f2990638126b6562bbc223d3c9f4e51be Mon Sep 17 00:00:00 2001 From: Collin Stilwell Date: Wed, 1 Feb 2023 11:38:09 -0500 Subject: [PATCH 12/19] Update 6-cookies.livemd formatting --- modules/6-cookies.livemd | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/6-cookies.livemd b/modules/6-cookies.livemd index f426d9e..7a0904a 100644 --- a/modules/6-cookies.livemd +++ b/modules/6-cookies.livemd @@ -212,13 +212,12 @@ Opt-in is the process that describes an affirmative action user takes to offer t #### Which One To Use? If you want to be legally compliant, it is safer to have both the options with opt-out as the default. +OptInOptOutCookies + ### Resources 1. https://allaboutcookies.org/privacy-issues-cookies 2. https://www.cookielawinfo.com/opt-in-vs-opt-out/ -OptInOptOutCookies - - [**<- Previous Module: Elixir Security**](./5-elixir.livemd) || [**Next Module: Security Anti-Patterns ->**](./7-anti-patterns.livemd) From 407fa6ef97e7e7426de1b4aa56ee208932b14ffd Mon Sep 17 00:00:00 2001 From: Collin Stilwell Date: Thu, 2 Feb 2023 12:40:08 -0500 Subject: [PATCH 13/19] Updates to Defense in Depth and Zero Trust Added sections for Defense in Depth and Zero Trust --- modules/3-ssdlc.livemd | 69 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 65 insertions(+), 4 deletions(-) diff --git a/modules/3-ssdlc.livemd b/modules/3-ssdlc.livemd index 5ce692b..7a4fddb 100644 --- a/modules/3-ssdlc.livemd +++ b/modules/3-ssdlc.livemd @@ -9,7 +9,8 @@ Welcome to Part 3! This section is dedicated to discussing some of the more abst * [No Secrets In Code](#no-secrets-in-code) * [Making Secret Rotation Easy](#making-secret-rotation-easy) * [Rate Limiting](#rate-limiting) -* [Principle of Least Privilege](#principle-of-least-privlege) +* [Zero Trust Model](#zero-trust-model) +* [Defense In Depth](#defense-in-depth) ## No Secrets In Code @@ -75,7 +76,9 @@ If the answer to one or more of those questions is yes, consider putting a limit More often than not, rate limiting should be as specific as possible. For instance, it is better to add rate limiting on a single GraphQL type than to add a generic limit to the entire /GraphQL endpoint. -## Principle of Least Privilege +## Zero Trust Model + +### Principle of Least Privilege Sometimes known as the Principle of Minimal Privilege or the Principle of Least Authority, the Principle of Least Privilege (PoLP) means that every entity* is only strictly given the essential privileges needed to perform its requirement. @@ -83,10 +86,68 @@ E.g. A script that executes on a cron schedule that monitors the output of a log **Entity: generic term for an arbitrary process, user, program, etc. found within a Data System* -### Benefits of the Principle +#### Benefits of the Principle * **Better Data System Stability** - When an entity is limited in the scope of changes it can make to a system, it is easier to test its possible actions and interactions in the context of the Data System. * **Better Data System Security** - When an entity is limited in the system-wide actions it may perform, vulnerabilities / compromises in one application cannot be used to exploit the rest of the business or adjacent Data Systems. * **Ease of Deployment** - In general, the fewer privileges an entity requires, the easier it is to deploy within a larger environment.

- [**<- Previous Module: OWASP**](./2-owasp.livemd) || [**Next Module: GraphQL Security ->**](./4-graphql.livemd) + +### Device Access Control + +Zero Trust is not only about controlling user access, but requires strict controls on device access as well. With this, Zero Trust systems need to monitor how many different devices are trying to access their network, ensure that every device is authorized, and assess all devices to make sure they have not been compromised. This further minimizes the attack surface of the network. + +### Microsegmentation + +Microsegmentation is the practice of breaking up security perimeters into small zones to maintain separate access for separate parts of the network. Some of the benefits of doing so are: +* Granular Access Policies- we can create super specific policies for access to each segment! +* Targeted Security Controls - we can develop each micro-perimeter to specifically target the security risks and vulnerabilities of the resources in that micro-segment! +* Establishing Identities and Trust - we can implement, monitor, and control the “never trust, always verify” principle much easier! + +### Preventing Lateral Movement + +Zero Trust is designed to contain attackers so that they can not move laterally. You may be asking what does that even mean? In network security, “lateral movement” is when an attacker moves within a network after gaining access to it, which can be very difficult to detect. + +Zero Trust helps contain attackers because the access is segmented and has to be reestablished periodically, limiting them from moving across to other microsegments within the network. + +### Multi Factor Authentication (MFA) + +It's no surprise that MFA is a core part of the Zero Trust Model. Systems using MFA require more than one piece of evidence to authenticate a user, with the most common form being a one time password (OTP). + +### Reference +- https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/ + +## Defense In Depth + +Defense in depth is a security approach of having defense mechanisms in a layered approach to protect valuable assets. Castles take a similar approach, where they have a moat, ramparts, towers, and drawbridges instead of just one wall as protection. Using more than one of the following layers constitutes an example of defense in depth: + +### System and Application + +* Authentication and password security + * Hashing passwords + * Multi factor authentication (MFA) +* Encryption + * [Cloak](https://github.com/danielberkompas/cloak) is an Elixir encryption library that implements several best practices and conveniences making it easy for developers +* Security Tooling + * Vulnerability Scanners + * SAST supporting Elixir: [Semgrep](https://semgrep.dev/docs/supported-languages/) or [Sobelow](https://github.com/nccgroup/sobelow) + * Dependence Scanners + * Dependabot is an option +* Security Awareness Training + * Like the Elixir Secure Coding Training 😉 +* Logging and Monitoring + +### Network + +* Firewalls (hardware and software) +* Demilitarized zones (DMZ) +* Virtual Private Networks (VPN) + +### Physical + +* Biometrics +* Data-centric security +* Physical Security (such as locked server rooms) + +### Reference +- https://www.forcepoint.com/cyber-edu/defense-depth From 84f0c63dbff67f905dadb7cec367043105f2e9ab Mon Sep 17 00:00:00 2001 From: Collin Stilwell Date: Thu, 2 Feb 2023 12:52:48 -0500 Subject: [PATCH 14/19] Update modules/3-ssdlc.livemd Co-authored-by: Holden Oullette <6202965+houllette@users.noreply.github.com> --- modules/3-ssdlc.livemd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/3-ssdlc.livemd b/modules/3-ssdlc.livemd index 7a4fddb..c48f415 100644 --- a/modules/3-ssdlc.livemd +++ b/modules/3-ssdlc.livemd @@ -150,4 +150,4 @@ Defense in depth is a security approach of having defense mechanisms in a layere * Physical Security (such as locked server rooms) ### Reference -- https://www.forcepoint.com/cyber-edu/defense-depth +1. https://www.forcepoint.com/cyber-edu/defense-depth From 27c74ec6783dd7df2e52ba70952d819832ae78c0 Mon Sep 17 00:00:00 2001 From: Collin Stilwell Date: Thu, 2 Feb 2023 12:53:39 -0500 Subject: [PATCH 15/19] Update 3-ssdlc.livemd --- modules/3-ssdlc.livemd | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/3-ssdlc.livemd b/modules/3-ssdlc.livemd index c48f415..ff1bfc4 100644 --- a/modules/3-ssdlc.livemd +++ b/modules/3-ssdlc.livemd @@ -151,3 +151,6 @@ Defense in depth is a security approach of having defense mechanisms in a layere ### Reference 1. https://www.forcepoint.com/cyber-edu/defense-depth + + +[**<- Previous Module: OWASP**](./2-owasp.livemd) || [**Next Module: GraphQL Security ->**](./4-graphql.livemd) From d1a11bc19e4f6027807a557a9a56f8a7a7c31092 Mon Sep 17 00:00:00 2001 From: Collin Stilwell Date: Thu, 2 Feb 2023 14:15:25 -0500 Subject: [PATCH 16/19] Update 3-ssdlc.livemd --- modules/3-ssdlc.livemd | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/modules/3-ssdlc.livemd b/modules/3-ssdlc.livemd index ff1bfc4..be96051 100644 --- a/modules/3-ssdlc.livemd +++ b/modules/3-ssdlc.livemd @@ -10,6 +10,11 @@ Welcome to Part 3! This section is dedicated to discussing some of the more abst * [Making Secret Rotation Easy](#making-secret-rotation-easy) * [Rate Limiting](#rate-limiting) * [Zero Trust Model](#zero-trust-model) + * [Principle of Least Privilege](principle-of-least-privlege) + * [Device Access Control](device-access-control) + * [Microsegmentation](microsegmentation) + * [Preventing Lateral Movement](preventing-lateral-movement) + * [Multi Factor Authentication](multi-factor-authentication) * [Defense In Depth](#defense-in-depth) ## No Secrets In Code @@ -110,7 +115,7 @@ Zero Trust is designed to contain attackers so that they can not move laterally. Zero Trust helps contain attackers because the access is segmented and has to be reestablished periodically, limiting them from moving across to other microsegments within the network. -### Multi Factor Authentication (MFA) +### Multi Factor Authentication It's no surprise that MFA is a core part of the Zero Trust Model. Systems using MFA require more than one piece of evidence to authenticate a user, with the most common form being a one time password (OTP). @@ -119,7 +124,18 @@ It's no surprise that MFA is a core part of the Zero Trust Model. Systems using ## Defense In Depth -Defense in depth is a security approach of having defense mechanisms in a layered approach to protect valuable assets. Castles take a similar approach, where they have a moat, ramparts, towers, and drawbridges instead of just one wall as protection. Using more than one of the following layers constitutes an example of defense in depth: +Defense in depth is a security approach of having defense mechanisms in a layered approach to protect valuable assets. Castles take a similar approach, where they have a moat, ramparts, towers, and drawbridges instead of just one wall as protection. + +An example of developing a web application using defense in depth could be: +* The developers (like yourself) receive secure coding training +* The codebase is checked automatically for vulnerabilities using Semgrep +* The codebase is also checked for outdated dependencies using Dependabot +* The application is regularly tested by the internal security team +* Multiple development environments are used such as Develpoment, Staging, and Production + +

+ +Using more than one of the following layers constitutes an example of defense in depth: ### System and Application @@ -127,14 +143,8 @@ Defense in depth is a security approach of having defense mechanisms in a layere * Hashing passwords * Multi factor authentication (MFA) * Encryption - * [Cloak](https://github.com/danielberkompas/cloak) is an Elixir encryption library that implements several best practices and conveniences making it easy for developers * Security Tooling - * Vulnerability Scanners - * SAST supporting Elixir: [Semgrep](https://semgrep.dev/docs/supported-languages/) or [Sobelow](https://github.com/nccgroup/sobelow) - * Dependence Scanners - * Dependabot is an option -* Security Awareness Training - * Like the Elixir Secure Coding Training 😉 +* Security Awareness Training (sounds familiar 😉) * Logging and Monitoring ### Network From eaff63e776a9ac9a3b442571f0e6de63520ed5a9 Mon Sep 17 00:00:00 2001 From: Collin Stilwell Date: Thu, 2 Feb 2023 14:16:01 -0500 Subject: [PATCH 17/19] Update 3-ssdlc.livemd --- modules/3-ssdlc.livemd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/3-ssdlc.livemd b/modules/3-ssdlc.livemd index be96051..4756fd1 100644 --- a/modules/3-ssdlc.livemd +++ b/modules/3-ssdlc.livemd @@ -120,7 +120,7 @@ Zero Trust helps contain attackers because the access is segmented and has to be It's no surprise that MFA is a core part of the Zero Trust Model. Systems using MFA require more than one piece of evidence to authenticate a user, with the most common form being a one time password (OTP). ### Reference -- https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/ +1. https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/ ## Defense In Depth From e2ad53193ce0e11ddb146977ccac787a05af6a52 Mon Sep 17 00:00:00 2001 From: Collin Stilwell Date: Fri, 10 Feb 2023 14:19:35 -0500 Subject: [PATCH 18/19] Structure for Deserialization --- modules/5-elixir.livemd | 60 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 59 insertions(+), 1 deletion(-) diff --git a/modules/5-elixir.livemd b/modules/5-elixir.livemd index 9482e1d..fa1012a 100644 --- a/modules/5-elixir.livemd +++ b/modules/5-elixir.livemd @@ -13,10 +13,11 @@ But even the dullest blades can hurt someone! This module goes over Elixir speci ## Table of Contents * [Atom Exhaustion](#atom-exhaustion) -* [Protecting Sensitive Data](#protecting-sensitive-data) +* [Serialization and Deserialization](#serialization-and-deserialization) * [Untrusted Code](#untrusted-code) * [Timing Attacks](#timing-attacks) * [Boolean Coercion](#boolean-coercion) +* [Protecting Sensitive Data](#protecting-sensitive-data) ## Atom Exhaustion @@ -61,6 +62,22 @@ IO.puts("Are you protected against Atom Exhaustion?") IO.puts(:erlang.system_info(:atom_count) == prev_count) ``` +## Serialization and Deserialization + +### Description + +Deserialization of untrusted input can result in atom creation, which can lead to your application being vulnerable to denial of service (DOS) attacks. When you do use a deserialization library, make sure that the library does not create arbitrary atoms: either configure the library to return strings/binaries or enable schema validation to constrain the input + +### Prevention + +* Use the :safe option when calling :erlang.binary_to_term/2 on untrusted input (should be familiar from atom exhaustion 😀) +* Prevent function deserialisation from untrusted input, e.g. using Plug.Crypto.non_executable_binary_to_term/1,2 + +### Resources + +1. https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/serialisation + + ## Untrusted Code ### Description @@ -204,4 +221,45 @@ user_input = "some_string_which_obviously_isnt_the_same_as_the_password" # if SecurityCheck.validate(user_input, password) || raise(SecurityCheck) do :you_let_a_baddie_in end ``` +## Protecting Sensitive Data + +### Description + +Sensitive data is any information that should be out of reach from all outsiders unless they have permission to access it, which in most cases would be considered "confidential data". Some examples of sensitive data are PHI (Protected Health Information) or PII (Personally Identifiable Information). + +### Prevention + +I think we can all agree that making sure this information is secure is important, but let's dive into how to actually protect it: + +## Wrapping + +Exceptions may result in console or log output that includes a stack trace. Mostly a stack trace shows the module/function/arity and the filename/line where the exception occurred, but for the function at the top of the stack the actual list of arguments may be included instead of the function arity. +To prevent sensitive data from leaking in a stack trace, the value may be wrapped in a closure: a zero-arity anonymous function. The inner value can be easily unwrapped where it is needed by invoking the function. If an error occurs and function arguments are written to the console or a log, it is shown as #Fun<...> or #Function<...>. Secrets wrapped in a closure are also safe from introspection using Observer and from being written to crash dumps. + +### Example + +```elixir +wrapped_secret = fn -> System.get_env("SECRET") end +``` + +## Stacktrace Pruning + +Another approach, useful in functions that call the standard library (e.g. crypto) or other functions that do not support wrapping secrets in a closure, is stripping argument values from the stack trace when an exception occurs. This can be done by wrapping the function call(s) in a try … catch expression (Erlang) or adding a rescue clause to a function body (Elixir), and stripping the function arguments before re-raising the exception: + +## ETS Tables + +ETS tables can be declared as ‘private’ (:private option), preventing the table from being read by other processes, such as remote shell sessions. Private tables are also not visible in ‘observer’. + +### Quiz + +** We have decided that we do not want this ETS table to be read from other processes, so try making it private: + +```elixir +cool_table = :ets.new(:cool_table, []) +``` + +## Reference + +1. https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/sensitive_data.html + [**<- Previous Module: GraphQL Security**](./4-graphql.livemd) || [**Next Module: Cookie Security ->**](./6-cookies.livemd) From 52e0b01049bb3c812185aa1cd6748b5463b633cb Mon Sep 17 00:00:00 2001 From: Holden Oullette <6202965+houllette@users.noreply.github.com> Date: Thu, 16 Feb 2023 17:01:41 -0800 Subject: [PATCH 19/19] Apply suggestions from code review --- modules/3-ssdlc.livemd | 6 ++--- modules/5-elixir.livemd | 49 +++-------------------------------------- 2 files changed, 6 insertions(+), 49 deletions(-) diff --git a/modules/3-ssdlc.livemd b/modules/3-ssdlc.livemd index 4756fd1..98bf580 100644 --- a/modules/3-ssdlc.livemd +++ b/modules/3-ssdlc.livemd @@ -105,7 +105,7 @@ Zero Trust is not only about controlling user access, but requires strict contro ### Microsegmentation Microsegmentation is the practice of breaking up security perimeters into small zones to maintain separate access for separate parts of the network. Some of the benefits of doing so are: -* Granular Access Policies- we can create super specific policies for access to each segment! +* Granular Access Policies - we can create super specific policies for access to each segment! * Targeted Security Controls - we can develop each micro-perimeter to specifically target the security risks and vulnerabilities of the resources in that micro-segment! * Establishing Identities and Trust - we can implement, monitor, and control the “never trust, always verify” principle much easier! @@ -119,7 +119,7 @@ Zero Trust helps contain attackers because the access is segmented and has to be It's no surprise that MFA is a core part of the Zero Trust Model. Systems using MFA require more than one piece of evidence to authenticate a user, with the most common form being a one time password (OTP). -### Reference +### Resource 1. https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/ ## Defense In Depth @@ -159,7 +159,7 @@ Using more than one of the following layers constitutes an example of defense in * Data-centric security * Physical Security (such as locked server rooms) -### Reference +### Resource 1. https://www.forcepoint.com/cyber-edu/defense-depth diff --git a/modules/5-elixir.livemd b/modules/5-elixir.livemd index fa1012a..dd5ffa3 100644 --- a/modules/5-elixir.livemd +++ b/modules/5-elixir.livemd @@ -17,7 +17,6 @@ But even the dullest blades can hurt someone! This module goes over Elixir speci * [Untrusted Code](#untrusted-code) * [Timing Attacks](#timing-attacks) * [Boolean Coercion](#boolean-coercion) -* [Protecting Sensitive Data](#protecting-sensitive-data) ## Atom Exhaustion @@ -70,11 +69,10 @@ Deserialization of untrusted input can result in atom creation, which can lead t ### Prevention -* Use the :safe option when calling :erlang.binary_to_term/2 on untrusted input (should be familiar from atom exhaustion 😀) -* Prevent function deserialisation from untrusted input, e.g. using Plug.Crypto.non_executable_binary_to_term/1,2 - -### Resources +* Use the :safe option when calling `:erlang.binary_to_term/2` on untrusted input (should be familiar from atom exhaustion 😀) +* Prevent function deserialisation from untrusted input, e.g. using `Plug.Crypto.non_executable_binary_to_term/1,2` +### Resource 1. https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/serialisation @@ -221,45 +219,4 @@ user_input = "some_string_which_obviously_isnt_the_same_as_the_password" # if SecurityCheck.validate(user_input, password) || raise(SecurityCheck) do :you_let_a_baddie_in end ``` -## Protecting Sensitive Data - -### Description - -Sensitive data is any information that should be out of reach from all outsiders unless they have permission to access it, which in most cases would be considered "confidential data". Some examples of sensitive data are PHI (Protected Health Information) or PII (Personally Identifiable Information). - -### Prevention - -I think we can all agree that making sure this information is secure is important, but let's dive into how to actually protect it: - -## Wrapping - -Exceptions may result in console or log output that includes a stack trace. Mostly a stack trace shows the module/function/arity and the filename/line where the exception occurred, but for the function at the top of the stack the actual list of arguments may be included instead of the function arity. -To prevent sensitive data from leaking in a stack trace, the value may be wrapped in a closure: a zero-arity anonymous function. The inner value can be easily unwrapped where it is needed by invoking the function. If an error occurs and function arguments are written to the console or a log, it is shown as #Fun<...> or #Function<...>. Secrets wrapped in a closure are also safe from introspection using Observer and from being written to crash dumps. - -### Example - -```elixir -wrapped_secret = fn -> System.get_env("SECRET") end -``` - -## Stacktrace Pruning - -Another approach, useful in functions that call the standard library (e.g. crypto) or other functions that do not support wrapping secrets in a closure, is stripping argument values from the stack trace when an exception occurs. This can be done by wrapping the function call(s) in a try … catch expression (Erlang) or adding a rescue clause to a function body (Elixir), and stripping the function arguments before re-raising the exception: - -## ETS Tables - -ETS tables can be declared as ‘private’ (:private option), preventing the table from being read by other processes, such as remote shell sessions. Private tables are also not visible in ‘observer’. - -### Quiz - -** We have decided that we do not want this ETS table to be read from other processes, so try making it private: - -```elixir -cool_table = :ets.new(:cool_table, []) -``` - -## Reference - -1. https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/sensitive_data.html - [**<- Previous Module: GraphQL Security**](./4-graphql.livemd) || [**Next Module: Cookie Security ->**](./6-cookies.livemd)